diff --git a/.ci-operator.yaml b/.ci-operator.yaml
new file mode 100644
index 000000000000..278c2d04f89b
--- /dev/null
+++ b/.ci-operator.yaml
@@ -0,0 +1,4 @@
+build_root_image:
+  namespace: openshift
+  name: release
+  tag: golang-1.15
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 3782609582a1..708ff272becf 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,24 +1,15 @@
 {
-  "name": "ruby 2",
-
-  "image": "mcr.microsoft.com/vscode/devcontainers/ruby:2.7",
-  //"image": "quay.io/rhn_support_gmcgoldr/vscode-ruby27-asciibinder",
-
-  "postCreateCommand": "gem install asciidoctor asciidoctor-diagram ascii_binder && asciibinder build --distro=openshift-enterprise && BR=\"$(git branch --show-current)\" && cd _preview/openshift-enterprise/$BR &&  ln -s welcome/index.html index.html && ruby -run -ehttpd . -p8000"
-  //"postCreateCommand": "asciibinder build --distro=openshift-enterprise && cd _preview/openshift-enterprise/main &&  ln -s welcome/index.html index.html && ruby -run -ehttpd . -p8000"
-
-  // Features to add to the dev container. More info: https://containers.dev/features.a
-  // "features": {},
-
-  // Use 'forwardPorts' to make a list of ports inside the container available locally.
-  // "forwardPorts": [],
-
-  // Use 'postCreateCommand' to run commands after the container is created.
-  // "postCreateCommand": "pip3 install --user -r requirements.txt",
-
-  // Configure tool-specific properties.
-  // "customizations": {},
-
-  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-  // "remoteUser": "root"
-}
+  "image":"mcr.microsoft.com/devcontainers/universal:2",
+  "postCreateCommand": "sleep 30 && docker run --rm -it -v `pwd`:/docs:Z quay.io/openshift-cs/asciibinder sh -c \"git config --global --add safe.directory /docs && asciibinder build --distro openshift-rosa && asciibinder build --distro openshift-enterprise\" && python3 -m http.server -d ./_preview",
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "search.followSymlinks": false,
+        "workbench.editor.enablePreview": false
+      },
+      "extensions": [
+        "asciidoctor.asciidoctor-vscode"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 99a577fa8a4d..57237e585093 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-@kalexand-rh @JoeAldinger @bergerhoffer @adellape @sjhala-ccs @apinnick @ousleyp
+ @abhatt-rh @abrennan89 @adellape @aireilly @apinnick @bburt-rh @bergerhoffer @bscott-rh @gabriel-rh @jab-rh @jeana-redhat @JoeAldinger @kalexand-rh @kcarmichael08 @kelbrown20 @michaelryanpeter @mjpytlak @opayne1 @ousleyp @rolfedh @sjhala-ccs @snarayan-redhat @Srivaralakshmi
diff --git a/.s2i/httpd-cfg/01-commercial.conf b/.s2i/httpd-cfg/01-commercial.conf
index c04ae42d4dd2..322239074da1 100644
--- a/.s2i/httpd-cfg/01-commercial.conf
+++ b/.s2i/httpd-cfg/01-commercial.conf
@@ -138,25 +138,22 @@ AddType text/vtt                            vtt
     # ACS Redirects to go to the latest version - change here when a new version drops
     # it should probably be best to combine the next few lines in one reg exp but for clarity keeping them separate
     # the first one redirects
-    RewriteRule ^acs/?$ /acs/4.1/welcome/index.html [R=301]
+    RewriteRule ^acs/?$ /acs/4.3/welcome/index.html [R=301]
     # redirect to the latest release notes
-    RewriteRule ^acs/release_notes/?$ /acs/4.1/release_notes/41-release-notes.html [R=301,NE]
+    RewriteRule ^acs/release_notes/?$ /acs/4.3/release_notes/43-release-notes.html [R=301,NE]
     # redirect from ACS CLoud Service page
-    RewriteRule ^acs/installing/install-ocp-operator.html /acs/4.1/installing/installing_ocp/init-bundle-ocp.html [NE,R=301]
-    RewriteRule ^acs/(\D.*)$ /acs/4.1/$1 [NE,R=301]
-    RewriteRule ^acs/(3\.65|3\.66|3\.67|3\.68|3\.69|3\.70|3\.71|3\.72|3\.73|3\.74|4\.0|4\.1)/?$ /acs/$1/welcome/index.html [L,R=301]
+    RewriteRule ^acs/installing/install-ocp-operator.html /acs/4.3/installing/installing_ocp/init-bundle-ocp.html [NE,R=301]
+    RewriteRule ^acs/(\D.*)$ /acs/4.3/$1 [NE,R=301]
+    RewriteRule ^acs/(3\.65|3\.66|3\.67|3\.68|3\.69|3\.70|3\.71|3\.72|3\.73|3\.74|4\.0|4\.1|4\.2|4\.3)/?$ /acs/$1/welcome/index.html [L,R=301]
     #redirect for 4.0 Manage vulneribility page
     RewriteRule ^(acs/(?:4\.0/)?)?operating/manage-vulnerabilities\.html$ /acs/4.0/operating/manage-vulnerabilities/vulnerability-management.html [NE,R=301]
 
-    # this pipeline redirect has to come before the latest kicks in generically
-    RewriteRule ^container-platform/latest/pipelines/creating-applications-with-cicd-pipelines.html /container-platform/4.7/cicd/pipelines/creating-applications-with-cicd-pipelines.html [NE,R=301]
-
-    # remove aro docs to just the welcome page
+      # remove aro docs to just the welcome page
     RewriteRule aro/4/(?!welcome)(.*)?$ /container-platform/latest/$1 [L,R=301]
 
     # Redirects for "latest" version
     RewriteRule ^(container-platform|enterprise)/?$ /container-platform/latest [R=301]
-    RewriteRule ^(container-platform|enterprise)/latest/?(.*)$ /container-platform/4\.13/$2 [NE,R=301]
+    RewriteRule ^(container-platform|enterprise)/latest/?(.*)$ /container-platform/4\.14/$2 [NE,R=301]
     RewriteRule ^(online)/(3\.0|3\.1|3\.2|3\.3|3\.4|3\.5|3\.6|3\.7|3\.9|3\.10|3\.11|latest)/?(.*)$ /$1/pro/$3 [NE,R=301]
 
     # Release notes redirects
@@ -170,6 +167,23 @@ AddType text/vtt                            vtt
     # Redirect for renamed external DNS page
     RewriteRule ^container-platform/4\.10/networking/external_dns_operator/nw-installing-external-dns-operator.html /container-platform/4.10/networking/external_dns_operator/nw-installing-external-dns-operator-on-cloud-providers.html [NE,R=301]
 
+    # Redirect for cluster logging per Ashleigh Brennan
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/logging/troubleshooting/cluster-logging-must-gather.html /container-platform/$1/logging/cluster-logging-support.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/logging/config/cluster-logging-maintenance-support.html /container-platform/$1/logging/cluster-logging-support.html [NE,R=302]
+
+    # Redirect for log collection forwarding per https://github.com/openshift/openshift-docs/pull/64406
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/logging/config/cluster-logging-collector.html /container-platform/$1/logging/log_collection_forwarding/cluster-logging-collector.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/logging/cluster-logging-eventrouter.html /container-platform/$1/logging/log_collection_forwarding/cluster-logging-eventrouter.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/logging/cluster-logging-enabling-json-logging.html /container-platform/$1/logging/log_collection_forwarding/cluster-logging-enabling-json-logging.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/logging/cluster-logging-external.html /container-platform/$1/logging/log_collection_forwarding/log-forwarding.html [NE,R=302]
+
+    # Redirect for network observability per https://github.com/openshift/openshift-docs/pull/65770
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/network_observability/network-observability-operator-release-notes.html /container-platform/$1/network_observability/network-observability-operator-release-notes.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/network_observability/installing-operators.html /container-platform/$1/network_observability/installing-operators.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/network_observability/observing-network-traffic.html /container-platform/$1/network_observability/observing-network-traffic.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/network_observability/understanding-network-observability-operator.html /container-platform/$1/network_observability/understanding-network-observability-operator.html [NE,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/network_observability/configuring-operator.html /container-platform/$1/network_observability/configuring-operator.html [NE,R=302]
+
     # Redirects for Telco ZTP changes delivered in https://github.com/openshift/openshift-docs/pull/35889
     RewriteRule ^container-platform/(4\.10|4\.11)/scalability_and_performance/ztp-deploying-disconnected.html /container-platform/$1/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.html [NE,R=302]
     RewriteRule ^container-platform/(4\.10|4\.11)/scalability_and_performance/ztp-configuring-single-node-cluster-deployment-during-installation.html /container-platform/$1/scalability_and_performance/ztp_far_edge/ztp-manual-install.html [NE,R=302]
@@ -179,6 +193,9 @@ AddType text/vtt                            vtt
 
     RewriteRule ^container-platform/(4\.11|4\.12)/scalability_and_performance/cnf-performance-addon-operator-for-low-latency-nodes.html /container-platform/$1/scalability_and_performance/cnf-low-latency-tuning.html [NE,R=302]
 
+    # redirect for scalability and performance per Shane Lovern 7/19
+    RewriteRule ^container-platform/4\.13/scalability_and_performance/sno-du-enabling-workload-partitioning-on-single-node-openshift.html /container-platform/4.13/scalability_and_performance/enabling-workload-partitioning.html [NE,R=302]
+
     # CNV scenarios based redirect
     RewriteRule ^container-platform/4\.8/virt/learn_more_about_ov.html /container-platform/4.8/virt/virt-learn-more-about-openshift-virtualization.html [NE,R=301]
 
@@ -202,22 +219,98 @@ AddType text/vtt                            vtt
     RewriteRule ^container-platform/(4\.9|4\.10|4\.11|4\.12)/serverless/develop/serverless-traffic-management.html /container-platform/$1/serverless/knative-serving/traffic-splitting/traffic-splitting-overview.html [NE,R=302]
 
 
-    # redirect latest to 1.29
+    # redirect latest to 1.31
     RewriteRule ^serverless/?$ /serverless/latest [R=302]
-    RewriteRule ^serverless/latest/?(.*)$ /serverless/1\.29/$1 [NE,R=302]
+    RewriteRule ^serverless/latest/?(.*)$ /serverless/1\.31/$1 [NE,R=302]
 
     # redirect top-level without filespec to the about file
-    RewriteRule ^serverless/(1\.28|1\.29)/?$ /serverless/$1/about/about-serverless.html [L,R=302]
+    RewriteRule ^serverless/(1\.28|1\.29|1\.30|1\.31)/?$ /serverless/$1/about/about-serverless.html [L,R=302]
 
     # redirect rel notes
-    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13)/serverless/serverless-release-notes.html$ /serverless/1.29/about/serverless-release-notes.html [L,R=302]
-    RewriteRule ^(rosa|dedicated)/serverless/serverless-release-notes.html$ /serverless/1.29/about/serverless-release-notes.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/serverless/serverless-release-notes.html$ /serverless/1.31/about/serverless-release-notes.html [L,R=302]
+    RewriteRule ^(rosa|dedicated)/serverless/serverless-release-notes.html$ /serverless/1.31/about/serverless-release-notes.html [L,R=302]
 
     # redirect any links to existing OCP embedded content to standalone equivalent
-    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13)/serverless/?(.*)$ /serverless/1.29/$2  [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/serverless/?(.*)$ /serverless/1.31/$2  [L,R=302]
 
     # redirect any links to existing ROSA/Dedicated embedded content to standalone equivalent
-    RewriteRule ^(rosa|dedicated)/serverless/?(.*)$ /serverless/1.29/$2  [L,R=302]
+    RewriteRule ^(rosa|dedicated)/serverless/?(.*)$ /serverless/1.31/$2  [L,R=302]
+
+    # redirect builds latest to 1.0
+    RewriteRule ^builds/?$ /builds/latest [R=302]
+    RewriteRule ^builds/latest/?(.*)$ /builds/1.0/$1 [NE,R=302]
+
+    # redirect top-level without filespec to the about file
+    RewriteRule ^builds/(1\.0)/?$ /builds/$1/about/overview-openshift-builds.html  [L,R=302]
+
+    # Builds using Shipwright landing page
+    RewriteRule ^container-platform/(4\.14|4\.15)/cicd/builds_using_shipwright/overview-openshift-builds.html /builds/latest/about/overview-openshift-builds.html  [L,R=302]
+
+    # redirect gitops latest to 1.11
+    RewriteRule ^gitops/?$ /gitops/latest [R=302]
+    RewriteRule ^gitops/latest/?(.*)$ /gitops/1\.11/$1 [NE,R=302]
+
+    # redirect top-level without filespec to the about file
+    RewriteRule ^gitops/(1\.8|1\.9|1\.10|1\.11)/?$ /gitops/$1/understanding_openshift_gitops/about-redhat-openshift-gitops.html  [L,R=302]
+
+    # GitOps landing page
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/about-redhat-openshift-gitops.html /gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html  [L,R=302]
+
+    # redirect any links to existing OCP embedded content to standalone equivalent for each assembly
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/gitops-release-notes.html/ /gitops/latest/release_notes/gitops-release-notes.html  [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/understanding-openshift-gitops.html /gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/installing-openshift-gitops.html /gitops/latest/installing_gitops/installing-openshift-gitops.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/uninstalling-openshift-gitops.html /gitops/latest/removing_gitops/uninstalling-openshift-gitops.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/setting-up-argocd-instance.html /gitops/latest/argocd_instance/setting-up-argocd-instance.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/monitoring-argo-cd-instances.html /gitops/latest/observability/monitoring/monitoring-argo-cd-instances.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.html /gitops/latest/argo_rollouts/using-argo-rollouts-for-progressive-deployment-delivery.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.html /gitops/latest/declarative_clusterconfig/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/deploying-a-spring-boot-application-with-argo-cd.html /gitops/latest/argocd_applications/deploying-a-spring-boot-application-with-argo-cd.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/argo-cd-custom-resource-properties.html /gitops/latest/argocd_instance/argo-cd-cr-component-properties.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/configuring-secure-communication-with-redis.html /gitops/latest/securing_openshift_gitops/configuring-secure-communication-with-redis.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/health-information-for-resources-deployment.html /gitops/latest/observability/monitoring/health-information-for-resources-deployment.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/configuring-sso-on-argo-cd-using-dex.html /gitops/latest/accesscontrol_usermanagement/configuring-sso-on-argo-cd-using-dex.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/configuring-sso-for-argo-cd-using-keycloak.html /gitops/latest/accesscontrol_usermanagement/configuring-sso-for-argo-cd-using-keycloak.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/configuring-argo-cd-rbac.html /gitops/latest/accesscontrol_usermanagement/configuring-argo-cd-rbac.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/configuring-resource-quota.html /gitops/latest/managing_resource/configuring-resource-quota.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/monitoring-argo-cd-custom-resource-workloads.html /gitops/latest/observability/monitoring/monitoring-argo-cd-custom-resource-workloads.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/viewing-argo-cd-logs.html /gitops/latest/observability/logging/viewing-argo-cd-logs.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/run-gitops-control-plane-workload-on-infra-nodes.html /gitops/latest/gitops_workloads_infranodes/run-gitops-control-plane-workload-on-infra-nodes.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/about-sizing-requirements-gitops.html /gitops/latest/installing_gitops/preparing-gitops-install.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/collecting-debugging-data-for-support.html /gitops/latest/understanding_openshift_gitops/gathering-gitops-diagnostic-information-for-support.html [L,R=302]
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13|4\.14)/cicd/gitops/troubleshooting-issues-in-GitOps.html /gitops/latest/troubleshooting_gitops_issues/auto-reboot-during-argo-cd-sync-with-machine-configurations.html [L,R=302]
+
+    # Pipelines handling unversioned and latest links
+    RewriteRule ^pipelines/?$ /pipelines/latest [R=302]
+    RewriteRule ^pipelines/latest/?(.*)$ /pipelines/1\.13/$1 [NE,R=302]
+
+    # Pipelines landing page
+
+    RewriteRule ^container-platform/(4\.9|4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/about-pipelines.html /pipelines/latest/about/about-pipelines.html [NE,R=302]
+
+    # redirect links to existing OCP embedded Pipelines content to standalone equivalent for each assembly
+    # except the one recently renamed for now
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/op-release-notes.html /pipelines/latest/about/op-release-notes.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/understanding-openshift-pipelines.html /pipelines/latest/about/understanding-openshift-pipelines.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/installing-pipelines.html /pipelines/latest/install_config/installing-pipelines.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/creating-applications-with-cicd-pipelines.html /pipelines/latest/create/creating-applications-with-cicd-pipelines.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/customizing-configurations-in-the-tektonconfig-cr.html /pipelines/latest/install_config/customizing-configurations-in-the-tektonconfig-cr.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.html /pipelines/latest/create/managing-nonversioned-and-versioned-cluster-tasks.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/using-tekton-hub-with-openshift-pipelines.html /pipelines/latest/hub/using-tekton-hub-with-openshift-pipelines.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/remote-pipelines-tasks-resolvers.html /pipelines/latest/create/remote-pipelines-tasks-resolvers.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/using-pipelines-as-code.html /pipelines/latest/pac/about-pipelines-as-code.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/working-with-pipelines-web-console.html /pipelines/latest/create/working-with-pipelines-web-console.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/reducing-pipelines-resource-consumption.html /pipelines/latest/resource/reducing-pipelines-resource-consumption.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/setting-compute-resource-quota-for-openshift-pipelines.html /pipelines/latest/resource/setting-compute-resource-quota-for-openshift-pipelines.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/using-pods-in-a-privileged-security-context.html /pipelines/1\.11/secure/using-pods-in-a-privileged-security-context.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/authenticating-pipelines-using-git-secret.html /pipelines/latest/secure/authenticating-pipelines-using-git-secret.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/using-tekton-chains-for-openshift-pipelines-supply-chain-security.html /pipelines/latest/secure/using-tekton-chains-for-openshift-pipelines-supply-chain-security.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/viewing-pipeline-logs-using-the-openshift-logging-operator.html /pipelines/latest/records/viewing-pipeline-logs-using-the-openshift-logging-operator.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/unprivileged-building-of-container-images-using-buildah.html /pipelines/latest/secure/unprivileged-building-of-container-images-using-buildah.html [L,R=302]
+    RewriteRule ^container-platform/(4\.10|4\.11|4\.12|4\.13|4\.14)/cicd/pipelines/securing-webhooks-with-event-listeners.html /pipelines/latest/secure/securing-webhooks-with-event-listeners.html [L,R=302]
+
+    # redirect top-level without filespec to the about file
+    RewriteRule ^pipelines/(1\.10|1\.11|1\.12|1\.13)/?$ /pipelines/$1/about/understanding-openshift-pipelines.html [L,R=302]
 
 
     # OSD redirects for new content
@@ -292,8 +385,8 @@ AddType text/vtt                            vtt
 
     # 4.7 redirects
 
-    # builds and pipelines books moved to be under the cicd table from 4.7
-    RewriteRule ^container-platform/4\.7/(builds|pipelines)/?(.*)$ /container-platform/4.7/cicd/$1/$2 [NE,R=301]
+    # builds books moved to be under the cicd table from 4.7
+    RewriteRule ^container-platform/4\.7/(builds)/?(.*)$ /container-platform/4.7/cicd/$1/$2 [NE,R=301]
 
     # some straight up install guide moves
     RewriteRule ^container-platform/4\.7/installing/install_config/installation-types.html /container-platform/4.7/installing/installing-preparing.html#supported-installation-methods-for-different-platforms [NE,R=301]
@@ -332,10 +425,23 @@ AddType text/vtt                            vtt
     RewriteRule ^container-platform/(4\.4|4\.5)/authentication/certificates/(.*)$ /container-platform/$1/security/certificates/$2 [NE,R=301]
     RewriteRule ^container-platform/(4\.4|4\.5)/authentication/(allowing-javascript-access-api-server|encrypting-etcd|certificate-types-descriptions)\.html$ /container-platform/$1/security/$2\.html [NE,R=301]
 
+
+    # The following rule prevents an infinite redirect loop when browsing to /container-platform/4.14/virt/about_virt/about-virt.html
+    # RewriteRule ^container-platform/4\.14/virt/about_virt/about-virt.html$ - [L]
+
     # OpenShift Virtualization (CNV) catchall redirect; use when CNV releases asynchronously from OCP. Do not change the 302 to a 301.
     # When uncommented, this redirects all `virt` directory traffic to the about-virt page.
+    # Pay mind to the redirect directly above this which prevents redirect loops.
+    # To activate the redirects, uncomment the next and previous lines and update the version number to the pending release.
+
+    # RewriteRule container-platform/4\.14/virt/(?!about-virt\.html)(.+)$ /container-platform/4.14/virt/about_virt/about-virt.html [NE,R=302]
+
+
+    # Red Hat OpenShift support for Windows Containers (WMCO) catchall redirect; use when WMCO releases asynchronously from OCP. Do not change the 302 to a 301.
+    # When uncommented, this redirects all `windows_containers` directory traffic to the /windows_containers/index.html page.
     # To activate the redirects, uncomment the next line and update the version number to the pending release.
-    # RewriteRule container-platform/4\.12/virt/(?!about-virt\.html)(.+)$ /container-platform/4.12/virt/about-virt.html [NE,R=302]
+    # RewriteRule container-platform/4\.14/windows_containers/(?!index\.html)(.+)$ /container-platform/4.14/windows_containers/index.html [NE,R=302]
+    # RewriteRule ^container-platform/4\.14/support/troubleshooting/troubleshooting-windows-container-workload-issues\.html(.*)$ /container-platform/4.14/windows_containers/index.html [NE,R=302]
 
     # Serverless Redirects
     RewriteRule container-platform/(4\.5|4\.6)/serverless/knative_eventing/(serverless-subscriptions\.html|serverless-channels\.html|serverless-subscriptions\.html) /container-platform/$1/serverless/event_workflows/serverless-channels.html [NE,R=301]
@@ -477,7 +583,7 @@ AddType text/vtt                            vtt
     RewriteRule ^rosa/?$ /rosa/welcome/index.html [L,R=301]
     RewriteRule ^enterprise/(3\.0|3\.1|3\.2)/?$ /enterprise/$1/welcome/index.html [L,R=301]
     RewriteRule ^enterprise/3\.3/?$ /container-platform/3.3/welcome/index.html [L,R=301]
-    RewriteRule ^container-platform/(3\.3|3\.4|3\.5|3\.6|3\.7|3\.9|3\.10|3\.11|4\.1|4\.2|4\.3|4\.4|4\.5|4\.6|4\.7|4\.8|4\.9|4\.10|4\.11|4\.12|4\.13)/?$ /container-platform/$1/welcome/index.html [L,R=301]
+    RewriteRule ^container-platform/(3\.3|3\.4|3\.5|3\.6|3\.7|3\.9|3\.10|3\.11|4\.1|4\.2|4\.3|4\.4|4\.5|4\.6|4\.7|4\.8|4\.9|4\.10|4\.11|4\.12|4\.13|4\.14)/?$ /container-platform/$1/welcome/index.html [L,R=301]
     RewriteRule ^container-platform-ocp/(4\.3|4\.4|4\.8)/?$ /container-platform-ocp/$1/welcome/index.html [L,R=301]
 
 
@@ -585,10 +691,7 @@ AddType text/vtt                            vtt
     RewriteRule ^(online|dedicated)/using_images/xpaas_images/sso\.html(.*)$ https://access.redhat.com/documentation/en/red-hat-xpaas/version-0/red-hat-xpaas-sso-image/ [L,R=301]
 
     # Online specific redirects
-    RewriteRule ^online/creating_images/custom\.html(.*)$ /online/welcome/index.html [L,R=301]
-    RewriteRule ^online/getting_started/devpreview_faq\.html(.*)$ https://www.openshift.com/pricing/index.html [L,R=301]
-    RewriteRule ^online/dev_guide/daemonsets\.html(.*)$ /online/welcome/index.html [L,R=301]
-    RewriteRule ^online/dev_guide/event_notifications\.html(.*)$ /online/dev_guide/notifications.html$1 [NE,L,R=301]
+    RewriteRule ^online/(.*)$ https://access.redhat.com/support/policy/updates/openshift/online [NE,L,R=301]
 
     # Dedicated specific redirects
     RewriteRule ^dedicated/admin_guide/osd_imagestreams_templates\.html(.*) /dedicated/admin_guide/index.html$1 [NE,L,R=301]
@@ -613,19 +716,31 @@ AddType text/vtt                            vtt
     RewriteRule ^dedicated/osd_private_connections/?(.*)$ /dedicated/osd_cluster_admin/osd_private_connections/$1 [NE,R=301]
 
     RewriteRule ^dedicated/nodes/rosa-managing-worker-nodes.html /dedicated/osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.html [NE,R=301]
-    RewriteRule ^dedicated/nodes/?(.*)$ /dedicated/osd_cluster_admin/osd_nodes/osd-$1 [NE,R=301]
+
+    # Redirect to get Custom Metrics Autoscaler into OSD
+    RewriteRule ^dedicated/nodes/cma/?(.*)$ - [L,R=302]
 
     RewriteRule ^dedicated/osd_notifications/notifications.html /dedicated/osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.html [NE,R=301]
 
     RewriteRule ^dedicated/osd_policy/?(.*)$ /dedicated/osd_architecture/osd_policy/$1 [NE,R=301]
 
-    RewriteRule ^dedicated/support/getting-support.html /dedicated/osd_architecture/osd-support.html [NE,R=301]
-    RewriteRule ^dedicated/support/summarizing-cluster-specifications.html /dedicated/osd_support/osd-summarizing-cluster-specifications.html [NE,R=301]
-    RewriteRule ^dedicated/support/?(.*)$ /dedicated/osd_support/$1 [NE,R=301]
-
     # Redirects for PTP changes delivered in https://github.com/openshift/openshift-docs/pull/35889
     RewriteRule ^container-platform/(4\.9|4\.10|4\.11)/networking/configuring-ptp.html /container-platform/$1/networking/using-ptp.html [NE,R=302]
 
+    # Redirects for PTP changes delivered in https://github.com/openshift/openshift-docs/pull/62621
+
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/ptp/about-ptp.html /container-platform/$1/networking/using-ptp.html [NE,R=302]
+
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/ptp/configuring-ptp.html /container-platform/$1/networking/using-ptp.html [NE,R=302]
+
+    RewriteRule ^container-platform/(4\.11|4\.12|4\.13)/networking/ptp/using-ptp-events.html /container-platform/$1/networking/using-ptp.html [NE,R=302]
+
+    RewriteRule ^container-platform/(4\.13)/networking/ptp/ptp-cloud-events-consumer-dev-reference.html /container-platform/$1/networking/ptp-cloud-events-consumer-dev-reference.html [NE,R=302]
+
+    RewriteRule ^container-platform/(4\.14|4\.15)/networking/ptp-cloud-events-consumer-dev-reference.html /container-platform/$1/networking/ptp/ptp-cloud-events-consumer-dev-reference.html [NE,R=302]
+
+    RewriteRule ^container-platform/(4\.14|4\.15)/networking/using-ptp.html /container-platform/$1/networking/ptp/about-ptp.html [NE,R=302]
+
     # OCP specific redirects
     RewriteRule ^(container-platform|enterprise)/(3\.2|3\.3|3\.4|3\.5|3\.6|3\.7)/architecture/additional_concepts/throttling\.html(.*)$ /$1/$2/admin_guide/overcommit.html$3 [NE,L,R=301]
     RewriteRule ^(container-platform|enterprise)/(.[^/])/admin_guide/install/(advanced_install|deploy_router|docker_registry|first_steps|overview|prerequisites|quick_install|upgrades)\.html(.*)$ /$1/$2/install/$3.html$4 [NE,R=301]
@@ -641,7 +756,6 @@ AddType text/vtt                            vtt
     # OCP 4.1 redirects
     RewriteRule ^container-platform/4\.1/installing/installing_aws_upi/installing-aws-upi\.html /container-platform/4\.1/installing/installing_aws/installing-aws-user-infra.html [NE,R=301]
 
-
   </Directory>
 </IfModule>
 
diff --git a/.s2i/httpd-cfg/01-community.conf b/.s2i/httpd-cfg/01-community.conf
index 850af11fef21..4b93947e6f1d 100644
--- a/.s2i/httpd-cfg/01-community.conf
+++ b/.s2i/httpd-cfg/01-community.conf
@@ -159,10 +159,20 @@ AddType text/vtt                            vtt
     RewriteRule ^latest/install_config/upgrades\.html(.*)$ /latest/install_config/upgrading/index.html$1 [NE,R=301]
     RewriteRule ^latest/install_config/upgrading/(.*)$ /latest/upgrading/$1 [NE,R=301]
 
+    # The following rule prevents an infinite redirect loop when browsing to /(latest|4\.14)/virt/about_virt/about-virt.html
+    # RewriteRule ^(latest|4\.14)/virt/about_virt/about-virt.html$ - [L]
+
     # OpenShift Virtualization (CNV) catchall redirect; use when CNV releases asynchronously from OCP. Do not change the 302 to a 301.
     # When uncommented, this redirects all `virt` directory traffic to the about-virt page.
+    # Pay mind to the redirect directly above this which prevents redirect loops.
+    # To activate the redirects, uncomment the next and previous lines and update the version number to the pending release.
+    # RewriteRule ^(latest|4\.14)/virt/(?!about-virt\.html)(.+)$ /$1/virt/about_virt/about-virt.html [NE,R=302]
+
+    # Red Hat OpenShift support for Windows Containers (WMCO) catchall redirect; use when WMCO releases asynchronously from OCP. Do not change the 302 to a 301.
+    # When uncommented, this redirects all `windows_containers` directory traffic to the /windows_containers/index.html page.
     # To activate the redirects, uncomment the next line and update the version number to the pending release.
-    # RewriteRule ^(latest|4\.12)/virt/(?!about-virt\.html)(.+)$ /$1/virt/about-virt.html [NE,R=302]
+    # RewriteRule ^(latest|4\.14)/windows_containers/(?!index\.html)(.+)$ /$1/windows_containers/index.html [NE,R=302]
+    # RewriteRule ^(latest|4\.14)/support/troubleshooting/troubleshooting-windows-container-workload-issues\.html(.*)$ /$1/windows_containers/index.html [NE,R=302]
 
   </Directory>
 </IfModule>
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index c7a7571c1d53..000000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,98 +0,0 @@
-language: python
-cache: pip
-# env:
-#   - PR_AUTHOR=${TRAVIS_PULL_REQUEST_SLUG::-15}
-git:
-  depth: 2
-jobs:
-  allow_failures:
-    env:
-      - CAN_FAIL=true
-  include:
-    # fail if asciidoctor encounters errors
-    - stage: validate
-      name: "Validate updated assemblies with Asciidoctor"
-      install:
-        - gem install asciidoctor
-        - gem install asciidoctor-diagram
-        - gem install rouge
-      script:
-        - chmod +x ./scripts/check-asciidoctor-build.sh
-        - ./scripts/check-asciidoctor-build.sh
-    - stage: build
-      name: "Build openshift-enterprise distro"
-      before_install:
-        - gem install asciidoctor
-        - gem install asciidoctor-diagram
-      install:
-        - pip3 install pyyaml
-        - pip3 install aura.tar.gz
-      script:
-        - python3 build.py --distro openshift-enterprise --product "OpenShift Container Platform" --version 4.14 --no-upstream-fetch && python3 makeBuild.py
-    - # stage name not required, will continue to use `build`
-      if: branch IN (main, enterprise-4.13, enterprise-4.14)
-      name: "Build openshift-dedicated distro"
-      before_install:
-        - gem install asciidoctor
-        - gem install asciidoctor-diagram
-      install:
-        - pip3 install pyyaml
-        - pip3 install aura.tar.gz
-      script:
-        - python3 build.py --distro openshift-dedicated --product "OpenShift Dedicated" --version 4 --no-upstream-fetch && python3 makeBuild.py
-    - # stage name not required, will continue to use `build`
-      if: branch IN (main, enterprise-4.13, enterprise-4.14)
-      name: "Build openshift-rosa distro"
-      before_install:
-        - gem install asciidoctor
-        - gem install asciidoctor-diagram
-      install:
-        - pip3 install pyyaml
-        - pip3 install aura.tar.gz
-      script:
-        - python3 build.py --distro openshift-rosa --product "Red Hat OpenShift Service on AWS" --version 4 --no-upstream-fetch && python3 makeBuild.py
-    - # stage name not required, will continue to use `build`
-      if: branch IN (main, enterprise-4.13, enterprise-4.14)
-      name: "Build microshift distro"
-      before_install:
-        - gem install asciidoctor
-        - gem install asciidoctor-diagram
-      install:
-        - pip3 install pyyaml
-        - pip3 install aura.tar.gz
-      script:
-        - python3 build.py --distro microshift --product "MicroShift" --version 4 --no-upstream-fetch && python3 makeBuild.py
-    # Remove Vale stage until PR commenting feature is ready
-    # - stage: check-with-vale
-    #   env:
-    #     - CAN_FAIL=true
-    #   if: type IN (pull_request) AND sender != "openshift-cherrypick-robot"
-    #   name: "Run Vale against PR asciidoc files"
-    #   language: minimal
-    #   before_script:
-    #     - gem install asciidoctor
-    #   script:
-    #     - travis_retry wget https://github.com/errata-ai/vale/releases/download/v2.15.4/vale_2.15.4_Linux_64-bit.tar.gz --retry-connrefused
-    #     - mkdir bin && tar -xvzf vale_2.15.4_Linux_64-bit.tar.gz -C bin
-    #     - export PATH=./bin:"$PATH"
-    #     - travis_retry vale sync # pull down VRH rules package
-    #     - chmod +x ./scripts/check-with-vale.sh
-    #     - ./scripts/check-with-vale.sh
-    # Commenting out to disable auto-merging of PRs
-    # - stage: automerge
-    #   if: env(PR_AUTHOR)=openshift-cherrypick-robot
-    #   script: bash ./automerge.sh
-    - stage: netlify
-      env:
-        - CAN_FAIL=true
-      language: minimal
-      if: type IN (pull_request) AND branch IN (main, enterprise-4.13, enterprise-4.14) AND sender != "openshift-cherrypick-robot"
-      script:
-        - chmod +x autopreview.sh && ./autopreview.sh
-
-stages:
-  - validate
-  - build
-  - netlify
-  #- check-with-vale
-  #- automerge
diff --git a/.travis.yml.old b/.travis.yml.old
new file mode 100644
index 000000000000..2730dafb7450
--- /dev/null
+++ b/.travis.yml.old
@@ -0,0 +1,36 @@
+language: python
+cache:
+  pip: true
+
+git:
+  depth: 10
+jobs:
+  include:
+    - name: "Preview, validate, and build"
+      before_install:
+      - if [ "$TRAVIS_BRANCH" != "main" ]; then chmod +x autopreview.sh && ./autopreview.sh; fi
+      install:
+        - gem install --local _gemfiles/asciidoctor-2.0.20.gem _gemfiles/asciidoctor-diagram-plantuml-1.2023.10.gem _gemfiles/asciidoctor-diagram-ditaamini-1.0.3.gem _gemfiles/rexml-3.2.6.gem _gemfiles/asciidoctor-diagram-2.2.14.gem _gemfiles/rouge-4.1.3.gem
+        - pip3 install pyyaml aura.tar.gz
+      script:
+        # Fail if Asciidoctor encounters errors. Or if release notes has links to internal bugs. Pass otherwise. Then, build updated distros
+        - chmod +x ./scripts/check-rn-link-perms.sh
+        - ./scripts/check-rn-link-perms.sh || travis_terminate 1
+        - chmod +x ./scripts/check-asciidoctor-build.sh
+        - chmod +x ./scripts/get-updated-distros.sh
+        - ./scripts/check-asciidoctor-build.sh || travis_terminate 1
+        - |
+          ./scripts/get-updated-distros.sh |
+            while read -r filename; do
+              if [ "$filename" == "_topic_maps/_topic_map.yml" ]; then python3 build.py --distro openshift-enterprise --product "OpenShift Container Platform" --version 4.15 --no-upstream-fetch || travis_terminate 1
+
+              elif [ "$filename" == "_topic_maps/_topic_map_osd.yml" ]; then python3 build.py --distro openshift-dedicated --product "OpenShift Dedicated" --version 4 --no-upstream-fetch || travis_terminate 1
+
+              elif [ "$filename" == "_topic_maps/_topic_map_ms.yml" ]; then python3 build.py --distro microshift --product "Microshift" --version 4 --no-upstream-fetch || travis_terminate 1
+
+              elif [ "$filename" == "_topic_maps/_topic_map_rosa.yml" ]; then python3 build.py --distro openshift-rosa --product "Red Hat OpenShift Service on AWS" --version 4 --no-upstream-fetch || travis_terminate 1
+
+              elif [ "$filename" == "_distro_map.yml" ]; then python3 build.py --distro openshift-enterprise --product "OpenShift Container Platform" --version 4.15 --no-upstream-fetch || travis_terminate 1
+              fi
+            done
+        - if [ -d "drupal-build" ]; then python3 makeBuild.py || travis_terminate 1; fi
diff --git a/.vale.ini b/.vale.ini
index 7af1876715ce..d74dd390e0b9 100644
--- a/.vale.ini
+++ b/.vale.ini
@@ -2,7 +2,7 @@ StylesPath = .vale/styles
 
 MinAlertLevel = suggestion
 
-Packages = RedHat, https://github.com/redhat-documentation/vale-at-red-hat/releases/latest/download/AsciiDoc.zip, https://github.com/redhat-documentation/vale-at-red-hat/releases/latest/download/OpenShiftAsciiDoc.zip
+Packages = RedHat, AsciiDoc, OpenShiftAsciiDoc
 
 Vocab = OpenShiftDocs
 
@@ -25,3 +25,5 @@ Vale.Avoid = YES
 OpenShiftAsciiDoc.ModuleContainsParentAssemblyComment = NO
 OpenShiftAsciiDoc.NoNestingInModules = NO
 OpenShiftAsciiDoc.NoXrefInModules = NO
+OpenShiftAsciiDoc.IdHasContextVariable = NO
+OpenShiftAsciiDoc.NoTocInModules = NO
diff --git a/.vale/styles/Vocab/OpenShiftDocs/accept.txt b/.vale/styles/Vocab/OpenShiftDocs/accept.txt
deleted file mode 100644
index d79ca1ba7024..000000000000
--- a/.vale/styles/Vocab/OpenShiftDocs/accept.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-# Regex terms added to accept.txt are ignored by the Vale linter and override RedHat Vale rules.
-# Add terms that have a corresponding incorrectly capitalized form to reject.txt.
-
-[Pp]assthrough
-Assisted Installer
-Control Plane Machine Set Operator
-custom resource
-custom resources
-MetalLB
-Operator
-Operators
\ No newline at end of file
diff --git a/.vale/styles/config/vocabularies/OpenShiftDocs/accept.txt b/.vale/styles/config/vocabularies/OpenShiftDocs/accept.txt
new file mode 100644
index 000000000000..8cacb99a54ff
--- /dev/null
+++ b/.vale/styles/config/vocabularies/OpenShiftDocs/accept.txt
@@ -0,0 +1,32 @@
+# Regex terms added to accept.txt are ignored by the Vale linter and override RedHat Vale rules.
+# Add terms that have a corresponding incorrectly capitalized form to reject.txt.
+# URL slugs
+(.*/)+
+(?<!.*-)operator
+[Ff]ronthaul
+[Mm]idhaul
+[Pp]assthrough
+[Pp]ostinstall
+[Pp]recaching
+[Pp]reinstall
+[Rr]ealtime
+[Tt]elco
+Assisted Installer
+Control Plane Machine Set Operator
+custom resources?
+GHz
+gpsd
+gpspipe
+hyperthreads?
+KPIs?
+linuxptp
+Mbps
+MBps
+Mellanox
+MetalLB
+NICs?
+Operators?
+pmc
+ubxtool
+VFs?
+Westport
diff --git a/.vale/styles/Vocab/OpenShiftDocs/reject.txt b/.vale/styles/config/vocabularies/OpenShiftDocs/reject.txt
similarity index 94%
rename from .vale/styles/Vocab/OpenShiftDocs/reject.txt
rename to .vale/styles/config/vocabularies/OpenShiftDocs/reject.txt
index 5a9d2b4c2a87..5003c3c46dfb 100644
--- a/.vale/styles/Vocab/OpenShiftDocs/reject.txt
+++ b/.vale/styles/config/vocabularies/OpenShiftDocs/reject.txt
@@ -1,6 +1,7 @@
 # Regex terms added to reject.txt are highlighted as errors by the Vale linter and override RedHat Vale rules.
 # Add terms that have a corresponding correctly capitalized form to accept.txt.
 
+(?<!.*-)operators
 [Dd]eployment [Cc]onfigs?
 [Dd]eployment [Cc]onfigurations?
 [Oo]peratorize
@@ -11,5 +12,4 @@ configuration maps?
 MachineSets
 machinesets?
 minions?
-operators?
-SNO
\ No newline at end of file
+SNO
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 000000000000..db8d47ebf1ea
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,11 @@
+---
+extends: relaxed
+rules:
+  indentation: { spaces: 2, indent-sequences: false }
+  line-length: disable
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  empty-lines: disable
+  trailing-spaces: enable
+  new-line-at-end-of-file: enable
diff --git a/Dockerfile b/Dockerfile
index b5c503067e67..8921efc0d141 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
-# Dockerfile
-FROM centos:8
-RUN dnf install git python3 python3-devel ruby rubygems -y
-RUN gem install asciidoctor asciidoctor-diagram
-COPY . $HOME/src/
-RUN pip3 install pyyaml /src/aura.tar.gz
+FROM registry.access.redhat.com/ubi8-minimal:latest
+
+ENV LANG=en_US.UTF-8
+
+WORKDIR /go/src/github.com/openshift/openshift-docs
+
+CMD ["/bin/bash"]
diff --git a/LICENSE b/LICENSE
index 261eeb9e9f8b..064ff4069ca7 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2024 Red Hat, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 000000000000..2cc000206740
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+# This file just uses aliases defined in OWNERS_ALIASES.
+# Do not change indents. Incorrect indents break the Prow CI
+
+reviewers:
+- merge-rights
+approvers:
+- merge-rights
diff --git a/OWNERS-ALIASES b/OWNERS-ALIASES
new file mode 100644
index 000000000000..741710f4b2f0
--- /dev/null
+++ b/OWNERS-ALIASES
@@ -0,0 +1,28 @@
+# See the OWNERS_ALIASES docs: https://git.k8s.io/community/contributors/guide/owners.md#OWNERS_ALIASES
+# Do not change indents. Incorrect indents break the Prow CI
+
+aliases:
+  merge-rights:
+  - abhatt-rh
+  - abrennan89
+  - adellape
+  - aireilly
+  - apinnick
+  - bburt-rh
+  - bergerhoffer
+  - bscott-rh
+  - gabriel-rh
+  - jab-rh
+  - jeana-redhat
+  - JoeAldinger
+  - kalexand-rh
+  - kcarmichael08
+  - kelbrown20
+  - michaelryanpeter
+  - mjpytlak
+  - opayne1
+  - ousleyp
+  - rolfedh
+  - sjhala-ccs
+  - snarayan-redhat
+  - Srivaralakshmi
diff --git a/_attributes/attributes-microshift.adoc b/_attributes/attributes-microshift.adoc
index fa6197dbd83c..6371e04872fc 100644
--- a/_attributes/attributes-microshift.adoc
+++ b/_attributes/attributes-microshift.adoc
@@ -4,16 +4,21 @@
 :experimental:
 :imagesdir: images
 :OCP: OpenShift Container Platform
-:ocp-version: 4.13
+:ocp-version: 4.15
 :oc-first: pass:quotes[OpenShift CLI (`oc`)]
+:product-title-first: Red Hat build of MicroShift (MicroShift)
+:microshift-short: MicroShift
 :product-registry: OpenShift image registry
+:product-version: 4.15
 :rhel-major: rhel-9
 :op-system-base-full: Red Hat Enterprise Linux (RHEL)
 :op-system: RHEL
-:op-system-ostree-first: Red Hat Enterprise Linux (RHEL) for Edge
+:op-system-base: RHEL
+:op-system-ostree-first: Red Hat Enterprise Linux for Edge (RHEL for Edge)
 :op-system-ostree: RHEL for Edge
 :op-system-version: 9.2
 :op-system-version-major: 9
 :op-system-bundle: Red Hat Device Edge
-:op-system-bundle-short: RHDE
+:rhde-version: 4
+:rpm-repo-version: rhocp-4.15
 :VirtProductName: OpenShift Virtualization
diff --git a/_attributes/attributes-openshift-dedicated.adoc b/_attributes/attributes-openshift-dedicated.adoc
index e1f1750a5f71..9ad5f7d07ec1 100644
--- a/_attributes/attributes-openshift-dedicated.adoc
+++ b/_attributes/attributes-openshift-dedicated.adoc
@@ -5,6 +5,7 @@
 :experimental:
 :imagesdir: images
 :OCP: OpenShift Container Platform
+:ocp-version: 4.14
 :op-system-first: Red Hat Enterprise Linux CoreOS (RHCOS)
 :cluster-manager-first: Red Hat OpenShift Cluster Manager
 :cluster-manager: OpenShift Cluster Manager
@@ -19,12 +20,25 @@
 :rhq-short: Red Hat Quay
 :SMProductName: Red Hat OpenShift Service Mesh
 :pipelines-title: Red Hat OpenShift Pipelines
+//logging
+:logging-title: logging for Red Hat OpenShift
+:logging-title-uc: Logging for Red Hat OpenShift
+:logging: logging
+:logging-uc: Logging
+:clo: Red Hat OpenShift Logging Operator
+:loki-op: Loki Operator
+:es-op: OpenShift Elasticsearch Operator
 :logging-sd: Red Hat OpenShift Logging
+:log-plug: logging Console Plugin
+//
 :ServerlessProductName: OpenShift Serverless
+:rh-openstack-first: Red Hat OpenStack Platform (RHOSP)
+:rh-openstack: RHOSP
 :rhoda: Red Hat OpenShift Database Access
 :rhoda-short: RHODA
 :rhods: Red Hat OpenShift Data Science
 :osd: OpenShift Dedicated
+:VirtProductName: OpenShift Virtualization
 //Formerly known as CodeReady Containers and CodeReady Workspaces
 :openshift-local-productname: Red Hat OpenShift Local
 :openshift-dev-spaces-productname: Red Hat OpenShift Dev Spaces
@@ -32,4 +46,4 @@
 :hcp-title: ROSA with HCP
 :hcp-title-first: {product-title} (ROSA) with {hcp} (HCP)
 //ROSA CLI variables
-:word: Testing this variable let's go www.google.com
\ No newline at end of file
+:word: Testing this variable let's go www.google.com
diff --git a/_attributes/common-attributes.adoc b/_attributes/common-attributes.adoc
index b3d4c4073856..a34f09563914 100644
--- a/_attributes/common-attributes.adoc
+++ b/_attributes/common-attributes.adoc
@@ -14,7 +14,7 @@
 :op-system-lowercase: rhcos
 :op-system-base: RHEL
 :op-system-base-full: Red Hat Enterprise Linux (RHEL)
-:op-system-version: 8.x
+:op-system-version: 9.x
 ifdef::openshift-origin[]
 :op-system-first: Fedora CoreOS (FCOS)
 :op-system: FCOS
@@ -34,7 +34,6 @@ ifdef::openshift-origin[]
 :rh-openstack: OpenStack
 endif::openshift-origin[]
 :ai-full: Assisted Installer
-:ai-version: 2.3
 :cluster-manager-first: Red Hat OpenShift Cluster Manager
 :cluster-manager: OpenShift Cluster Manager
 :cluster-manager-url: link:https://console.redhat.com/openshift[OpenShift Cluster Manager Hybrid Cloud Console]
@@ -42,38 +41,34 @@ endif::openshift-origin[]
 :insights-advisor-url: link:https://console.redhat.com/openshift/insights/advisor/[Insights Advisor]
 :hybrid-console: Red Hat Hybrid Cloud Console
 :hybrid-console-second: Hybrid Cloud Console
+// OADP attributes
 :oadp-first: OpenShift API for Data Protection (OADP)
+:oadp-full: OpenShift API for Data Protection
+:oadp-short: OADP
 :oc-first: pass:quotes[OpenShift CLI (`oc`)]
 :product-registry: OpenShift image registry
 :rh-storage-first: Red Hat OpenShift Data Foundation
 :rh-storage: OpenShift Data Foundation
 :rh-rhacm-first: Red Hat Advanced Cluster Management (RHACM)
 :rh-rhacm: RHACM
-:rh-rhacm-version: 2.8
+:rh-rhacm-version: 2.9
 :sandboxed-containers-first: OpenShift sandboxed containers
 :sandboxed-containers-operator: OpenShift sandboxed containers Operator
-:sandboxed-containers-version: 1.3
-:sandboxed-containers-version-z: 1.3.3
-:sandboxed-containers-legacy-version: 1.3.2
+:sandboxed-containers-version: 1.5
+:sandboxed-containers-version-z: 1.5.0
+:sandboxed-containers-legacy-version: 1.4.1
 :cert-manager-operator: cert-manager Operator for Red Hat OpenShift
 :secondary-scheduler-operator-full: Secondary Scheduler Operator for Red Hat OpenShift
 :secondary-scheduler-operator: Secondary Scheduler Operator
-:rh-virtualization-first: Red Hat Virtualization (RHV)
-:rh-virtualization: RHV
-:rh-virtualization-engine-name: Manager
-ifdef::openshift-origin[]
-:rh-virtualization-first: oVirt
-:rh-virtualization: oVirt
-:rh-virtualization-engine-name: Engine
-endif::[]
+:descheduler-operator: Kube Descheduler Operator
 // Backup and restore
 :velero-domain: velero.io
-:velero-version: 1.9
+:velero-version: 1.12
 :launch: image:app-launcher.png[title="Application Launcher"]
 :mtc-short: MTC
 :mtc-full: Migration Toolkit for Containers
-:mtc-version: 1.7
-:mtc-version-z: 1.7.10
+:mtc-version: 1.8
+:mtc-version-z: 1.8.2
 // builds (Valid only in 4.11 and later)
 :builds-v2title: Builds for Red Hat OpenShift
 :builds-v2shortname: OpenShift Builds v2
@@ -91,46 +86,74 @@ endif::[]
 //pipelines
 :pipelines-title: Red Hat OpenShift Pipelines
 :pipelines-shortname: OpenShift Pipelines
-:pipelines-ver: pipelines-1.9
+:pipelines-ver: pipelines-1.13
+:pipelines-version-number: 1.13
 :tekton-chains: Tekton Chains
 :tekton-hub: Tekton Hub
 :artifact-hub: Artifact Hub
 :pac: Pipelines as Code
 //odo
 :odo-title: odo
-//alibaba cloud
-:alibaba: Alibaba Cloud
 //OpenShift Kubernetes Engine
 :oke: OpenShift Kubernetes Engine
 //OpenShift Platform Plus
 :opp: OpenShift Platform Plus
 //openshift virtualization (cnv)
 :VirtProductName: OpenShift Virtualization
-:VirtVersion: 4.13
-:KubeVirtVersion: v0.59.0
-:HCOVersion: 4.13.0
+:VirtVersion: 4.15
+:HCOVersion: 4.15.0
+:CNVNamespace: openshift-cnv
+:CNVOperatorDisplayName: OpenShift Virtualization Operator
+:CNVSubscriptionSpecSource: redhat-operators
+:CNVSubscriptionSpecName: kubevirt-hyperconverged
 :delete: image:delete.png[title="Delete"]
 ifdef::openshift-origin[]
 :VirtProductName: OKD Virtualization
+:CNVNamespace: kubevirt-hyperconverged
+:CNVOperatorDisplayName: KubeVirt HyperConverged Cluster Operator
+:CNVSubscriptionSpecSource: community-operators
+:CNVSubscriptionSpecName: community-kubevirt-hyperconverged
 endif::[]
 //distributed tracing
-:DTProductName: Red Hat OpenShift distributed tracing
-:DTShortName: distributed tracing
-:DTProductVersion: 2.8
-:JaegerName: Red Hat OpenShift distributed tracing platform
-:JaegerShortName: distributed tracing platform
-:JaegerVersion: 1.42.0
-:OTELName: Red Hat OpenShift distributed tracing data collection
-:OTELShortName: distributed tracing data collection
-:OTELVersion: 0.74.0
-:TempoName: Tempo Operator
-:TempoShortName: Tempo
-:TempoVersion: 0.1.0
+:DTProductName: Red Hat OpenShift distributed tracing platform
+:DTShortName: distributed tracing platform
+:DTProductVersion: 3.0
+:JaegerName: Red Hat OpenShift distributed tracing platform (Jaeger)
+:JaegerShortName: distributed tracing platform (Jaeger)
+:JaegerVersion: 1.51.0
+:OTELName: Red Hat build of OpenTelemetry
+:OTELShortName: Red Hat build of OpenTelemetry
+:OTELOperator: Red Hat build of OpenTelemetry Operator
+:OTELVersion: 0.89.0
+:TempoName: Red Hat OpenShift distributed tracing platform (Tempo)
+:TempoShortName: distributed tracing platform (Tempo)
+:TempoOperator: Tempo Operator
+:TempoVersion: 2.3.0
+//telco
+ifdef::telco-ran[]
+:rds: telco RAN DU
+:rds-caps: Telco RAN DU
+:rds-first: Telco RAN distributed unit (DU)
+endif::[]
+ifdef::telco-core[]
+:rds: telco core
+:rds-caps: Telco core
+endif::[]
 //logging
-:logging-title: logging subsystem for Red Hat OpenShift
-:logging-title-uc: Logging subsystem for Red Hat OpenShift
-:logging: logging subsystem
-:logging-uc: Logging subsystem
+:logging: logging
+:logging-uc: Logging
+:for: for Red Hat OpenShift
+:clo: Red Hat OpenShift Logging Operator
+:loki-op: Loki Operator
+:es-op: OpenShift Elasticsearch Operator
+:log-plug: logging Console plugin
+//power monitoring
+:PM-title-c: Power monitoring for Red Hat OpenShift
+:PM-title: power monitoring for Red Hat OpenShift
+:PM-shortname: power monitoring
+:PM-shortname-c: Power monitoring
+:PM-operator: Power monitoring Operator
+:PM-kepler: Kepler
 //serverless
 :ServerlessProductName: OpenShift Serverless
 :ServerlessProductShortName: Serverless
@@ -138,21 +161,19 @@ endif::[]
 :FunctionsProductName: OpenShift Serverless Functions
 //service mesh v2
 :product-dedicated: Red Hat OpenShift Dedicated
+:product-rosa: Red Hat OpenShift Service on AWS
 :SMProductName: Red Hat OpenShift Service Mesh
 :SMProductShortName: Service Mesh
-:SMProductVersion: 2.4
+:SMProductVersion: 2.4.5
 :MaistraVersion: 2.4
 //Service Mesh v1
 :SMProductVersion1x: 1.1.18.2
 //Windows containers
 :productwinc: Red Hat OpenShift support for Windows Containers
-// IBM Power
-:ibmpowerProductName: IBM Power
-// IBM zSystems
-:ibmzProductName: IBM Z
-:linuxoneProductName: IBM(R) LinuxONE
 // Red Hat Quay Container Security Operator
 :rhq-cso: Red Hat Quay Container Security Operator
+// Red Hat Quay
+:quay: Red Hat Quay
 :sno: single-node OpenShift
 :sno-caps: Single-node OpenShift
 //TALO and Redfish events Operators
@@ -174,9 +195,12 @@ endif::[]
 :lvms-first: Logical volume manager storage (LVM Storage)
 :lvms: LVM Storage
 //Operator SDK version
-:osdk_ver: 1.28.0
+:osdk_ver: 1.31.0
 //Operator SDK version that shipped with the previous OCP 4.x release
-:osdk_ver_n1: 1.25.4
+:osdk_ver_n1: 1.28.0
+//Next-gen (OCP 4.14+) Operator Lifecycle Manager, aka "v1"
+:olmv1: OLM 1.0
+:olmv1-first: Operator Lifecycle Manager (OLM) 1.0
 :ztp-first: GitOps Zero Touch Provisioning (ZTP)
 :ztp: GitOps ZTP
 :3no: three-node OpenShift
@@ -185,3 +209,58 @@ endif::[]
 // Web terminal
 :web-terminal-op: Web Terminal Operator
 :devworkspace-op: DevWorkspace Operator
+:secrets-store-driver: Secrets Store CSI driver
+:secrets-store-operator: Secrets Store CSI Driver Operator
+//AWS STS
+:sts-first: Security Token Service
+:sts-full: Security Token Service (STS)
+:sts-short: STS
+//Cloud provider names
+//AWS
+:aws-first: Amazon Web Services
+:aws-full: Amazon Web Services (AWS)
+:aws-short: AWS
+//GCP
+:gcp-first: Google Cloud Platform (GCP)
+:gcp-full: Google Cloud Platform
+:gcp-short: GCP
+//alibaba cloud
+:alibaba: Alibaba Cloud
+// IBM general
+:ibm-name: IBM(R)
+:ibm-title: IBM
+// IBM Cloud
+:ibm-cloud-name: IBM Cloud(R)
+:ibm-cloud-title: IBM Cloud
+// IBM Cloud Bare Metal (Classic)
+:ibm-cloud-bm: IBM Cloud(R) Bare Metal (Classic)
+:ibm-cloud-bm-title: IBM Cloud Bare Metal (Classic)
+// IBM Power
+:ibm-power-name: IBM Power(R)
+:ibm-power-title: IBM Power
+:ibm-power-server-name: IBM Power(R) Virtual Server
+:ibm-power-server-title: IBM Power Virtual Server
+// IBM zSystems
+:ibm-z-name: IBM Z(R)
+:ibm-z-title: IBM Z
+:ibm-linuxone-name: IBM(R) LinuxONE
+:ibm-linuxone-title: IBM LinuxONE
+//Azure
+:azure-full: Microsoft Azure
+:azure-short: Azure
+//vSphere
+:vmw-full: VMware vSphere
+:vmw-short: vSphere
+//Oracle
+:oci-first: Oracle(R) Cloud Infrastructure
+:oci: OCI
+:ocvs-first: Oracle(R) Cloud VMware Solution (OCVS)
+:ocvs: OCVS
+// Cluster Observability Operator
+:coo-first: Cluster Observability Operator (COO)
+:coo-full: Cluster Observability Operator
+:coo-short: COO
+//ODF
+:odf-first: Red Hat OpenShift Data Foundation (ODF)
+:odf-full: Red Hat OpenShift Data Foundation
+:odf-short: ODF
diff --git a/_converters/custom-html5-converter.rb b/_converters/custom-html5-converter.rb
new file mode 100644
index 000000000000..ca31f84787e5
--- /dev/null
+++ b/_converters/custom-html5-converter.rb
@@ -0,0 +1,76 @@
+require 'asciidoctor'
+require 'ascii_binder/distro_map'
+require 'ascii_binder/helpers'
+
+include AsciiBinder::Helpers
+
+Asciidoctor::Document.prepend (Module.new do
+  attr_writer :sourcemap
+end) unless Asciidoctor::Document.method_defined? :sourcemap=
+
+# A preprocessor that enables the sourcemap feature if not already enabled via the API.
+Asciidoctor::Extensions.register do
+  preprocessor do
+    process do |doc, reader|
+      doc.sourcemap = true
+      nil
+    end
+  end
+end
+
+class CustomHtml5Converter < (Asciidoctor::Converter.for 'html5')
+  register_for 'html5'
+
+  def initialize backend, opts = {}
+    # A new converter is initialized for every new assembly file
+    # Create a new set to prevent showing multiple edit buttons for the
+    # same module file
+    @seen_files = Set.new
+    @branch_name = ENV.fetch("GIT_BRANCH", "main")
+    @github_repo = ENV.fetch("GIT_REPO", "openshift/openshift-docs")
+    distro_edit_enabled = ENV.fetch("DISTRO_EDIT_ENABLED", "").split(",")
+    distro_map = AsciiBinder::DistroMap.new(File.join(docs_root_dir, DISTRO_MAP_FILENAME))
+    # current_distro will be `nil` if not intersect is found
+    current_distro = (distro_map.distro_keys & opts[:document].attributes.keys).first
+    @show_edit_button = distro_edit_enabled.include? current_distro
+    super
+  end
+
+  # "embedded" seems to capture a fully complete document,
+  # so placing an edit button at the top encompasses a whole-page
+  # edit
+  def convert_embedded node
+    parent_output = super
+    if @show_edit_button && node.source_location.nil?
+      %(<div class="edit-page-button edit-button">
+    <a href="https://github.com/#{ @github_repo }/edit/#{ @branch_name }/#{ node.attributes["repo_path"] }" target="_blank">
+      <span class="material-icons-outlined" title="Suggest a page edit">edit</span>
+    </a>
+  </div>
+  #{ parent_output })
+    else
+      parent_output
+    end
+  end
+
+  # Focusing on "section" conversions prevent including modules
+  # for content such as "snippets", etc. and focuses primarily
+  # on modules
+  def convert_section node
+    parent_output = super
+    if @show_edit_button && node.source_location
+      file_path = node.source_location.path.include?("modules") ? node.source_location.path : node.source_location.file.sub(node.source_location.dir + "/", "")
+
+      if @seen_files.empty? || !@seen_files.include?(file_path)
+        @seen_files << file_path
+        return %(<div class="edit-section-button edit-button">
+    <a href="https://github.com/#{ @github_repo }/edit/#{ @branch_name }/#{ file_path }" target="_blank">
+      <span class="material-icons-outlined" title="Suggest a section edit">edit</span>
+    </a>
+  </div>
+  #{ parent_output })
+      end
+    end
+    parent_output
+  end
+end
diff --git a/_distro_map.yml b/_distro_map.yml
index eef18bd20374..4e6330cb86d8 100644
--- a/_distro_map.yml
+++ b/_distro_map.yml
@@ -33,6 +33,9 @@ openshift-origin:
     enterprise-4.13:
       name: '4.13'
       dir: '4.13'
+    enterprise-4.14:
+      name: '4.14'
+      dir: '4.14'
     enterprise-3.6:
       name: '3.6'
       dir: '3.6'
@@ -146,6 +149,9 @@ openshift-enterprise:
     enterprise-4.14:
       name: '4.14'
       dir: container-platform/4.14
+    enterprise-4.15:
+      name: '4.15'
+      dir: container-platform/4.15
 openshift-dedicated:
   name: OpenShift Dedicated
   author: OpenShift Documentation Project <openshift-docs@redhat.com>
@@ -156,7 +162,7 @@ openshift-dedicated:
     enterprise-3.11:
       name: '3'
       dir: dedicated/3
-    enterprise-4.13:
+    enterprise-4.14:
       name: ''
       dir: dedicated/
 openshift-aro:
@@ -179,7 +185,7 @@ openshift-rosa:
   site_name: Documentation
   site_url: https://docs.openshift.com/
   branches:
-    enterprise-4.13:
+    enterprise-4.14:
       name: ''
       dir: rosa/
     rosa-preview:
@@ -192,19 +198,9 @@ openshift-rosa-portal:
   site_name: Documentation
   site_url: https://docs.openshift.com/
   branches:
-    enterprise-4.13:
+    enterprise-4.14:
       name: ''
       dir: rosa-portal/
-partner-roks:
-  name: Red Hat OpenShift on IBM Cloud
-  author: OpenShift Documentation Project <openshift-docs@redhat.com>
-  site: commercial
-  site_name: Documentation
-  site_url: https://docs.openshift.com/
-  branches:
-    enterprise-4.3:
-      name: '4'
-      dir: roks/4
 openshift-webscale:
   name: OpenShift Container Platform
   author: OpenShift Documentation Project <openshift-docs@redhat.com>
@@ -234,6 +230,16 @@ openshift-dpu:
     enterprise-4.10:
       name: '4.10'
       dir: container-platform-dpu/4.10
+openshift-telco:
+  name: OpenShift Container Platform
+  author: OpenShift Documentation Project <openshift-docs@redhat.com>
+  site: commercial
+  site_name: Documentation
+  site_url: https://docs.openshift.com/
+  branches:
+    enterprise-4.14:
+      name: '4.14'
+      dir: container-platform-telco/4.14
 openshift-acs:
   name: Red Hat Advanced Cluster Security for Kubernetes
   author: OpenShift documentation team <openshift-docs@redhat.com>
@@ -277,8 +283,14 @@ openshift-acs:
     rhacs-docs-4.1:
       name: '4.1'
       dir: acs/4.1
+    rhacs-docs-4.2:
+      name: '4.2'
+      dir: acs/4.2
+    rhacs-docs-4.3:
+      name: '4.3'
+      dir: acs/4.3
 microshift:
-  name: MicroShift
+  name: Red Hat build of MicroShift
   author: OpenShift Documentation Project <openshift-docs@redhat.com>
   site: commercial
   site_name: Documentation
@@ -303,3 +315,57 @@ openshift-serverless:
     serverless-docs-1.29:
       name: '1.29'
       dir: serverless/1.29
+    serverless-docs-1.30:
+      name: '1.30'
+      dir: serverless/1.30
+    serverless-docs-1.31:
+      name: '1.31'
+      dir: serverless/1.31
+openshift-gitops:
+  name: Red Hat OpenShift GitOps
+  author: OpenShift documentation team <openshift-docs@redhat.com>
+  site: commercial
+  site_name: Documentation
+  site_url: https://docs.openshift.com/
+  branches:
+    gitops-docs-1.8:
+      name: '1.8'
+      dir: gitops/1.8
+    gitops-docs-1.9:
+      name: '1.9'
+      dir: gitops/1.9
+    gitops-docs-1.10:
+      name: '1.10'
+      dir: gitops/1.10
+    gitops-docs-1.11:
+      name: '1.11'
+      dir: gitops/1.11
+openshift-pipelines:
+  name: Red Hat OpenShift Pipelines
+  author: OpenShift documentation team <openshift-docs@redhat.com>
+  site: commercial
+  site_name: Documentation
+  site_url: https://docs.openshift.com/
+  branches:
+    pipelines-docs-1.10:
+      name: '1.10'
+      dir: pipelines/1.10
+    pipelines-docs-1.11:
+      name: '1.11'
+      dir: pipelines/1.11
+    pipelines-docs-1.12:
+      name: '1.12'
+      dir: pipelines/1.12
+    pipelines-docs-1.13:
+      name: '1.13'
+      dir: pipelines/1.13
+openshift-builds:
+  name: builds for Red Hat OpenShift
+  author: OpenShift documentation team <openshift-docs@redhat.com>
+  site: commercial
+  site_name: Documentation
+  site_url: https://docs.openshift.com/
+  branches:
+    build-docs-1.0:
+      name: '1.0'
+      dir: builds/1.0
diff --git a/_gemfiles/asciidoctor-2.0.20.gem b/_gemfiles/asciidoctor-2.0.20.gem
new file mode 100644
index 000000000000..988934b5a391
Binary files /dev/null and b/_gemfiles/asciidoctor-2.0.20.gem differ
diff --git a/_gemfiles/asciidoctor-diagram-2.2.14.gem b/_gemfiles/asciidoctor-diagram-2.2.14.gem
new file mode 100644
index 000000000000..51dd7af03316
Binary files /dev/null and b/_gemfiles/asciidoctor-diagram-2.2.14.gem differ
diff --git a/_gemfiles/asciidoctor-diagram-ditaamini-1.0.3.gem b/_gemfiles/asciidoctor-diagram-ditaamini-1.0.3.gem
new file mode 100644
index 000000000000..52bf6a8cf92b
Binary files /dev/null and b/_gemfiles/asciidoctor-diagram-ditaamini-1.0.3.gem differ
diff --git a/_gemfiles/asciidoctor-diagram-plantuml-1.2023.10.gem b/_gemfiles/asciidoctor-diagram-plantuml-1.2023.10.gem
new file mode 100644
index 000000000000..4ca138cd2eaa
Binary files /dev/null and b/_gemfiles/asciidoctor-diagram-plantuml-1.2023.10.gem differ
diff --git a/_gemfiles/rexml-3.2.6.gem b/_gemfiles/rexml-3.2.6.gem
new file mode 100644
index 000000000000..71a4946a1b8b
Binary files /dev/null and b/_gemfiles/rexml-3.2.6.gem differ
diff --git a/_gemfiles/rouge-4.1.3.gem b/_gemfiles/rouge-4.1.3.gem
new file mode 100644
index 000000000000..36468432964d
Binary files /dev/null and b/_gemfiles/rouge-4.1.3.gem differ
diff --git a/_javascripts/page-loader.js b/_javascripts/page-loader.js
index 40321fb5abbf..d3733357f55c 100644
--- a/_javascripts/page-loader.js
+++ b/_javascripts/page-loader.js
@@ -1,71 +1,44 @@
-// the new final link to load
-newLink = "";
-newVersion = "";
-currentVersion = "";
-
-// the fileRequested
-fileRequested = "";
-
-//Array prototype to check if an element is in an array
-Array.prototype.contains = function(obj) {
-  return this.indexOf(obj) > -1;
-}
+let newLink = "";
+let newVersion = "";
+let currentVersion = "";
+let fileRequested = "";
+
+const urlMappings = {
+  "openshift-acs": "https://docs.openshift.com/acs/",
+  "openshift-builds": "https://docs.openshift.com/builds/",
+  "openshift-enterprise": "https://docs.openshift.com/container-platform/",
+  "openshift-gitops": "https://docs.openshift.com/gitops/",
+  "openshift-origin": "https://docs.okd.io/",
+  "openshift-pipelines": "https://docs.openshift.com/pipelines/",
+  "openshift-serverless": "https://docs.openshift.com/serverless/",
+};
 
 function versionSelector(list) {
+  "use strict";
 
-  // the version we want
   newVersion = list[list.selectedIndex].value;
+  if (dk === "openshift-enterprise") {
+    currentVersion = window.location.pathname.split("/")[2];
+  } else if (dk === "openshift-origin") {
+    currentVersion = window.location.pathname.split("/")[1];
+  }
 
-  // spilt the current path
-  var pathArray = window.location.pathname.split( '/' );
-
-  // so we can get the current version
-  currentVersion = pathArray[2];
-
-  // if switching major versions, just take the user to the main landing page
-  // as files change a lot between major versions.
+  let baseUrl = urlMappings[dk];
 
-  if(currentVersion.charAt(0) === newVersion.charAt(0)) {
-    // the file path is just the version number + the end of the path
-    fileRequested =
-      window.location.pathname.substring(
-        window.location.pathname.lastIndexOf(currentVersion) +
-        currentVersion.length);
-  } else {
-    fileRequested = "/welcome/index.html";
+  //Handle special OCP case
+  if (["3.0", "3.1", "3.2"].includes(newVersion) && dk === "openshift-enterprise") {
+    baseUrl = "https://docs.openshift.com/enterprise/";
   }
 
-  // alert(fileRequested);
-
-  // in 3.3 and above, we changed to container-platform
-  if(['3.0', '3.1', '3.2'].contains(newVersion)) {
-    newLink = "https://docs.openshift.com/enterprise/" +
-      newVersion +
-      fileRequested;
-  } else if (['3.65', '3.66', '3.67', '3.68', '3.69', '3.70', '3.71', '3.72', '3.73', '3.74', '4.0'].contains(newVersion)) {
-    // check and handle links for RHACS versions
-    newLink = "https://docs.openshift.com/acs/" +
-      newVersion +
-      fileRequested;
-  } else if (['1.28', '1.29'].contains(newVersion)) {
-    // check and handle links for Serverless versions
-    newLink = "https://docs.openshift.com/serverless/" +
-      newVersion +
-      fileRequested;
+  if ((dk === "openshift-enterprise" || dk === "openshift-origin") && currentVersion.charAt(0) !== newVersion.charAt(0)){
+    fileRequested = "/welcome/index.html";
   } else {
-    //if distro key is openshift enterprise
-    if (dk == "openshift-enterprise") {
-    newLink = "https://docs.openshift.com/container-platform/" +
-      newVersion +
-      fileRequested;
-    }
-    else if (dk == "openshift-origin"){
-      newLink = "https://docs.okd.io/" +
-      newVersion +
-      fileRequested;
-    }
+    const versionIndex = window.location.pathname.lastIndexOf(currentVersion) + currentVersion.length;
+    fileRequested = window.location.pathname.substring(versionIndex);
   }
 
+  newLink = `${baseUrl}${newVersion}${fileRequested}`;
+
   // without doing async loads, there is no way to know if the path actually
   // exists - so we will just have to load
   // window.location = newLink;
@@ -74,34 +47,28 @@ function versionSelector(list) {
     type: 'HEAD',
     url: newLink,
     success: function() {
-      window.location = newLink;
+      window.location.href = newLink;
     },
     error: function(jqXHR, exception) {
       if(jqXHR.status == 404) {
         list.value = currentVersion;
-        if(confirm("This page doesn't exist in version " + newVersion + ". Click OK to search the " + newVersion + " docs OR Cancel to stay on this page.")) {
-          if (['3.65', '3.66', '3.67', '3.68', '3.69', '3.70', '3.71', '3.72', '3.73', '3.74', '4.0'].contains(newVersion)) {
-            window.location = "https://google.com/search?q=site:https://docs.openshift.com/acs/" + newVersion + " " + document.title;}
-          else if (['1.28', '1.29'].contains(newVersion)) {
-            window.location = "https://google.com/search?q=site:https://docs.openshift.com/serverless/" + newVersion + " " + document.title;}
-          else {
-            if (dk == "openshift-enterprise"){
-              window.location = "https://google.com/search?q=site:https://docs.openshift.com/enterprise/" + newVersion + " " + document.title;
-            } else {
-              if (dk == "openshift-origin"){
-                window.location = "https://google.com/search?q=site:https://docs.okd.io/" + newVersion + " " + document.title;
-              }
-            }
+        const confirmMessage = `This page doesn't exist in version ${newVersion}. Click OK to search the ${newVersion} docs OR Cancel to stay on this page.`;
+        if(confirm(confirmMessage)) {
+          let searchUrl;
+          if (["3.0", "3.1", "3.2"].includes(newVersion) && dk === "openshift-enterprise") {
+            searchUrl = `https://google.com/search?q=site:${baseUrl}${newVersion} ${document.title}`;
+          } else {
+          searchUrl = `https://google.com/search?q=site:${urlMappings[dk]}${newVersion} ${document.title}`;
           }
+          window.location.href = searchUrl;
         } else {
           // do nothing, user doesn't want to search
         }
       } else {
-        window.location = newLink; // assumption here is that we can follow through with a redirect
+        window.location.href = newLink; // assumption here is that we can follow through with a redirect
       }
     }
   });
-
 }
 
 // checks what language was selected and then sends the user to the portal for their localized version
@@ -282,4 +249,4 @@ function addReferrer() {
   }
 
 
-}
\ No newline at end of file
+}
diff --git a/_stylesheets/docs.css b/_stylesheets/docs.css
index 69cd654f3f74..3ae1715af067 100644
--- a/_stylesheets/docs.css
+++ b/_stylesheets/docs.css
@@ -36,6 +36,23 @@ nav#main {
   margin-left: 20px;
 }
 
+/* Styling for new page/section edit buttons */
+.edit-page-button {
+  z-index: 1;
+  /* Absolutely aligns element with next "relative" parent */
+  position: absolute;
+  top: 15px;
+  /* 25px to match parent padding */
+  right: 25px;
+}
+.edit-section-button {
+  z-index: 1;
+  float: right;
+  position: relative;
+  top: 5px;
+  right: 10px;
+}
+
 /* Tweaks for the Google-generated search widget */
 .cse .gsc-control-cse, .gsc-control-cse, table.gsc-search-box td.gsc-input {
   padding: 0;
@@ -339,6 +356,7 @@ h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6 {
   position: relative;
   text-transform: none;
   overflow-wrap: break-word;
+  padding-right: 35px !important;
 }
 
 h2>a.anchor, h3>a.anchor, h4>a.anchor, h5>a.anchor, h6>a.anchor {
diff --git a/_templates/_page_openshift.html.erb b/_templates/_page_openshift.html.erb
index ec97ca63a773..196c541be3ff 100644
--- a/_templates/_page_openshift.html.erb
+++ b/_templates/_page_openshift.html.erb
@@ -11,6 +11,7 @@
   <meta content="width=device-width, initial-scale=1.0" name="viewport">
   <%= (distro_key == "openshift-webscale") ? '<meta name="robots" content="noindex,nofollow">' : '' %>
   <%= (distro_key == "openshift-dpu") ? '<meta name="robots" content="noindex,nofollow">' : '' %>
+  <%= (distro_key == "openshift-telco") ? '<meta name="robots" content="noindex,nofollow">' : '' %>
   <%= ((["3.0", "3.1", "3.2", "3.3", "3.4", "3.5", "3.6", "3.7", "3.9", "3.10", "4.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7"].include?(version)) && distro_key == "openshift-enterprise") ? '<meta name="googlebot" content="noindex">' : '' %>
   <title><%= [topic_title, subgroup_title].compact.join(' - ') %> | <%= group_title %> | <%= distro %> <%= version %></title>
   <link href="https://assets.openshift.net/content/subdomain.css" rel="stylesheet" type="text/css"/>
@@ -41,12 +42,18 @@
 <body onload="selectVersion('<%= version %>');">
   <%= render("_templates/_topnav.html.erb", :distro_key => distro_key) %>
   <%
-    unsupported_versions = ["3.0", "3.1", "3.2", "3.3", "3.4", "3.5", "3.6", "3.7", "3.9", "3.10", "4.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9"];
+    unsupported_versions = ["3.0", "3.1", "3.2", "3.3", "3.4", "3.5", "3.6", "3.7", "3.9", "3.10", "4.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9", "4.10"];
 
-    unsupported_versions_acs = ["3.65", "3.66", "3.67", "3.68", "3.69", "3.70", "3.71", "3.72", "3.73"];
+    unsupported_versions_acs = ["3.65", "3.66", "3.67", "3.68", "3.69", "3.70", "3.71", "3.72", "3.73", "3.74", "4.0"];
 
     unsupported_versions_serverless = [];
 
+    unsupported_versions_pipelines = [];
+
+    unsupported_versions_gitops = [];
+
+    unsupported_versions_builds = [];
+
     unsupported_versions_origin = ["3.0", "3.1", "3.2", "3.3", "3.4", "3.5", "3.6", "3.7", "3.9", "3.10", "3.11", "4.1", "4.2", "4.3", "4.4", "4.5", "4.6", "4.7", "4.8", "4.9", "4.10", "4.11", "4.12"];
 
   %>
@@ -61,7 +68,7 @@
       </span>
       <% end %>
 
-      <% if (version == "4.14") && (distro_key != "openshift-webscale" && distro_key != "openshift-dpu") %>
+      <% if (version == "4.15") && (distro_key != "openshift-webscale" && distro_key != "openshift-dpu") %>
       <span>
         <div class="alert alert-danger" role="alert" id="support-alert">
           <strong>This documentation is a work in progress that aligns to preview releases of the next pending OpenShift Container Platform version 4 minor release. It might not be complete or fully tested, and some features and content might be removed before the next release. </strong>For the most recent released and supported version, see <a href="https://docs.openshift.com/container-platform/latest/welcome/index.html" style="color: #545454 !important" class="link-primary">[4]</a>.
@@ -99,11 +106,43 @@
 
       <% end %>
 
+
+      <% if ((unsupported_versions_pipelines.include? version) && (distro_key == "openshift-pipelines")) %>
+
+        <span>
+          <div class="alert alert-danger" role="alert" id="support-alert">
+            <strong>You are viewing documentation for a release that is no longer maintained.</strong> To view the documentation for the most recent version, see the <a href="https://docs.openshift.com/pipelines/latest/about/understanding-openshift-pipelines.html" style="color: #545454 !important" class="link-primary">latest Pipelines docs</a>.
+          </div>
+        </span>
+
+      <% end %>
+
+      <% if ((unsupported_versions_builds.include? version) && (distro_key == "openshift-builds")) %>
+
+        <span>
+          <div class="alert alert-danger" role="alert" id="support-alert">
+            <strong>You are viewing documentation for a release that is no longer maintained.</strong> To view the documentation for the most recent version, see the <a href="https://docs.openshift.com/builds/latest/about/overview-openshift-builds.html" style="color: #545454 !important" class="link-primary">latest Builds docs</a>.
+          </div>
+        </span>
+
+      <% end %>
+
+
+      <% if ((unsupported_versions_gitops.include? version) && (distro_key == "openshift-gitops")) %>
+
+        <span>
+          <div class="alert alert-danger" role="alert" id="support-alert">
+            <strong>You are viewing documentation for a release that is no longer maintained.</strong> To view the documentation for the most recent version, see the <a href="https://docs.openshift.com/gitops/latest/release_notes/gitops-release-notes.html" style="color: #545454 !important" class="link-primary">latest GitOps docs</a>.
+          </div>
+        </span>
+
+      <% end %>
+
       <% if ((unsupported_versions_origin.include? version) && (distro_key == "openshift-origin")) %>
 
         <span>
           <div class="alert alert-danger" role="alert" id="support-alert">
-            <strong>You are viewing documentation for a release that is no longer maintained.</strong> To view the documentation for the most recent version, see the <a href="https://docs.okd.io/4.11/welcome/index.html" style="color: #545454 !important" class="link-primary">latest OKD docs</a>.
+            <strong>You are viewing documentation for a release that is no longer maintained.</strong> To view the documentation for the most recent version, see the <a href="https://docs.okd.io/4.14/welcome/index.html" style="color: #545454 !important" class="link-primary">latest OKD docs</a>.
           </div>
         </span>
 
@@ -125,6 +164,7 @@
             </a>
           <% end %>
           <select id="version-selector" onchange="versionSelector(this);">
+              <option value="4.14">4.14</option>
               <option value="4.13">4.13</option>
               <option value="4.12">4.12</option>
               <option value="4.11">4.11</option>
@@ -155,6 +195,8 @@
               <%= distro %>
             </a>
             <select id="version-selector" onchange="versionSelector(this);">
+              <option value="4.3">4.3</option>
+              <option value="4.2">4.2</option>
               <option value="4.1">4.1</option>
               <option value="4.0">4.0</option>
               <option value="3.74">3.74</option>
@@ -173,15 +215,52 @@
               <%= distro %>
             </a>
             <select id="version-selector" onchange="versionSelector(this);">
+              <option value="1.31">1.31</option>
+              <option value="1.30">1.30</option>
               <option value="1.29">1.29</option>
               <option value="1.28">1.28</option>
             </select>
+        <% elsif (distro_key == "openshift-pipelines") %>
+            <a href="https://docs.openshift.com/pipelines/<%= version %>/about/op-release-notes.html">
+              <%= distro %>
+            </a>
+            <select id="version-selector" onchange="versionSelector(this);">
+              <option value="1.13">1.13</option>
+              <option value="1.12">1.12</option>
+              <option value="1.11">1.11</option>
+              <option value="1.10">1.10</option>
+            </select>
+         <% elsif (distro_key == "openshift-builds") %>
+            <a href="https://docs.openshift.com/builds/<%= version %>/about/overview-openshift-builds.html">
+              <%= distro %>
+            </a>
+            <select id="version-selector" onchange="versionSelector(this);">
+              <option value="1.0">1.0</option>
+            </select>
+        <% elsif (distro_key == "openshift-gitops") %>
+            <a href="https://docs.openshift.com/gitops/<%= version %>/release_notes/gitops-release-notes.html">
+              <%= distro %>
+            </a>
+            <select id="version-selector" onchange="versionSelector(this);">
+              <option value="1.11">1.11</option>
+              <option value="1.10">1.10</option>
+              <option value="1.9">1.9</option>
+              <option value="1.8">1.8</option>
+            </select>
+        <% elsif (distro_key == "openshift-telco") %>
+            <a href="https://docs.openshift.com/container-platform-telco/<%= version %>/welcome/index.html">
+              <%= distro %>
+            </a>
+            <select id="version-selector" onchange="versionSelector(this);">
+              <option value="4.14">4.14</option>
+            </select>
         <% elsif (distro_key == "openshift-origin") %>
               <a href="https://docs.okd.io/<%= version %>/welcome/index.html">
             <%= distro %>
             </a>
             <select id="version-selector" onchange="versionSelector(this);">
               <option value="latest">latest</option>
+              <option value="4.14">4.14</option>
               <option value="4.13">4.13</option>
               <option value="4.12">4.12</option>
               <option value="4.11">4.11</option>
@@ -208,12 +287,13 @@
       <li class="hidden-xs active">
         <%= breadcrumb_topic %>
       </li>
-      <% if (distro_key != "openshift-origin" && distro_key != "openshift-aro" && distro_key != "openshift-acs"  && distro_key != "openshift-serverless") %>
+      <% if (distro_key != "openshift-origin" && distro_key != "openshift-aro" && distro_key != "openshift-acs"  && distro_key != "openshift-serverless"  && distro_key != "openshift-gitops" && distro_key != "openshift-pipelines" && distro_key != "openshift-builds") %>
       <span text-align="right" style="float: right !important">
         <a href="https://github.com/openshift/openshift-docs/commits/<%=
         ((distro_key == "openshift-enterprise") ? "enterprise-#{version}"
           : (distro_key == "openshift-aro") ? "aro-work"
           : (distro_key=="openshift-dedicated" ) ? "dedicated-4"
+          : (distro_key == "openshift-telco") ? "enterprise-#{version}"
           : "main" ) %>/<%= repo_path %>"><span class="material-icons-outlined" title="Page history">history</span></a>
         <%
           unless (unsupported_versions.include? version)
@@ -225,6 +305,7 @@
           : (distro_key=="openshift-aro" ) ? "[aro-#{version}]+Issue+in+file+#{repo_path}"
           : (distro_key=="openshift-online" ) ? "[online-#{version}]+Issue+in+file+#{repo_path}"
           : (distro_key=="openshift-rosa" ) ? "[rosa-#{version}]+Issue+in+file+#{repo_path}"
+          : (distro_key=="openshift-telco" ) ? "[enterprise-#{version}]+Issue+in+file+#{repo_path}"
           : "Issue+in+file+#{repo_path}" ) %>">
           <span class="material-icons-outlined" title="Open an issue">bug_report</span>
         </a>
@@ -271,6 +352,54 @@
             </a>
           <% end %>
         </span>
+      <% elsif (distro_key == "openshift-pipelines") %>
+        <span text-align="right" style="float: right !important">
+          <a href="https://github.com/openshift/openshift-docs/commits/<%= (distro_key == "openshift-pipelines") ? "pipelines-docs-#{version}" : "pipelines-docs" %>/<%= repo_path %>">
+            <span class="material-icons-outlined" title="Page history">history
+            </span>
+          </a>
+          <% unless (unsupported_versions_pipelines.include? version) %>
+            <a href="https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12317820&issuetype=1&components=12332358&priority=4&summary=<%= "[pipelines-docs-#{version}]+Issue+in+file+#{repo_path}"%>">
+              <span class="material-icons-outlined" title="Open an issue">bug_report
+              </span>
+            </a>
+            <a href="javascript: void(0);" onclick="window.print()">
+              <span class="material-icons-outlined" title="Print page (Save as PDF)">picture_as_pdf</span>
+            </a>
+          <% end %>
+        </span>
+      <% elsif (distro_key == "openshift-builds") %>
+        <span text-align="right" style="float: right !important">
+          <a href="https://github.com/openshift/openshift-docs/commits/<%= (distro_key == "openshift-builds") ? "build-docs-#{version}" : "build-docs" %>/<%= repo_path %>">
+            <span class="material-icons-outlined" title="Page history">history
+            </span>
+          </a>
+          <% unless (unsupported_versions_builds.include? version) %>
+            <a href="https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12317820&issuetype=1&components=12393741&priority=4&summary=<%= "[build-docs-#{version}]+Issue+in+file+#{repo_path}"%>">
+              <span class="material-icons-outlined" title="Open an issue">bug_report
+              </span>
+            </a>
+            <a href="javascript: void(0);" onclick="window.print()">
+              <span class="material-icons-outlined" title="Print page (Save as PDF)">picture_as_pdf</span>
+            </a>
+          <% end %>
+        </span>
+      <% elsif (distro_key == "openshift-gitops") %>
+        <span text-align="right" style="float: right !important">
+          <a href="https://github.com/openshift/openshift-docs/commits/<%= (distro_key == "openshift-gitops") ? "gitops-docs-#{version}" : "gitops-docs" %>/<%= repo_path %>">
+            <span class="material-icons-outlined" title="Page history">history
+            </span>
+          </a>
+          <% unless (unsupported_versions_gitops.include? version) %>
+            <a href="https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12317820&issuetype=1&components=12342156&priority=4&summary=<%= "[gitops-docs-#{version}]+Issue+in+file+#{repo_path}"%>">
+              <span class="material-icons-outlined" title="Open an issue">bug_report
+              </span>
+            </a>
+            <a href="javascript: void(0);" onclick="window.print()">
+              <span class="material-icons-outlined" title="Print page (Save as PDF)">picture_as_pdf</span>
+            </a>
+          <% end %>
+        </span>
       <% end %>
     </ol>
     <div class="row row-offcanvas row-offcanvas-left">
@@ -348,10 +477,14 @@
     'openshift-dedicated': ['docs_dedicated_v4'],
     'openshift-online': ['docs_online', version],
     'openshift-enterprise': ['docs_cp', version],
+    'openshift-telco': ['docs_telco', version],
     'openshift-aro' : ['docs_aro', version],
     'openshift-rosa' : ['docs_rosa'],
     'openshift-acs' : ['docs_acs', version],
-    'openshift-serverless' : ['docs_serverless', version]
+    'openshift-serverless' : ['docs_serverless', version],
+    'openshift-pipelines' : ['docs_pipelines', version],
+    'openshift-builds' : ['docs_builds', version],
+    'openshift-gitops' : ['docs_gitops', version]
   };
 
   // only OSD v3 docs have the version variable specified
diff --git a/_templates/_search.html.erb b/_templates/_search.html.erb
index 0b81539b01a4..53a2428338c7 100644
--- a/_templates/_search.html.erb
+++ b/_templates/_search.html.erb
@@ -6,6 +6,10 @@
 <%= render("_templates/_search_online.html") %>
 <% elsif distro_key == 'openshift-enterprise' %>
 <%= render("_templates/_search_enterprise.html.erb", :version => version) %>
+<% elsif distro_key == 'openshift-telco' %>
+<%= render("_templates/_search_telco.html.erb", :version => version) %>
+<% elsif distro_key == 'openshift-serverless' %>
+<%= render("_templates/_search_serverless.html.erb", :version => version) %>
 <% else %>
 <%= render("_templates/_search_other.html") %>
 <% end %>
diff --git a/_templates/_search_serverless.html.erb b/_templates/_search_serverless.html.erb
new file mode 100644
index 000000000000..a0977d514304
--- /dev/null
+++ b/_templates/_search_serverless.html.erb
@@ -0,0 +1,21 @@
+<div id="hc-search">
+  <input id="hc-search-input" type="text">
+  <button id="hc-search-btn">Search</button>
+</div>
+
+<div id="hc-search-modal">
+  <div id="hc-modal-content">
+    <span id="hc-modal-close">&times;</span>
+    <div id="hc-search-results-wrapper">
+      <div id="hc-search-results"></div>
+      <div id="hc-search-progress-indicator" class="text-center search-progress-indicator"><i class="fa fa-circle-o-notch fa-spin" style="font-size:42px"></i></div>
+      <div class="text-center">
+        <button id="hc-search-more-btn">Show more results</button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script>
+  hcSearchCategory("docs_serverless", "<%= version %>");
+</script>
diff --git a/_templates/_search_telco.html.erb b/_templates/_search_telco.html.erb
new file mode 100644
index 000000000000..31720005f650
--- /dev/null
+++ b/_templates/_search_telco.html.erb
@@ -0,0 +1,21 @@
+<div id="hc-search">
+  <input id="hc-search-input" type="text">
+  <button id="hc-search-btn">Search</button>
+</div>
+
+<div id="hc-search-modal">
+  <div id="hc-modal-content">
+    <span id="hc-modal-close">&times;</span>
+    <div id="hc-search-results-wrapper">
+      <div id="hc-search-results"></div>
+      <div id="hc-search-progress-indicator" class="text-center search-progress-indicator"><i class="fa fa-circle-o-notch fa-spin" style="font-size:42px"></i></div>
+      <div class="text-center">
+        <button id="hc-search-more-btn">Show more results</button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script>
+  hcSearchCategory("docs_telco", "<%= version %>");
+</script>
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
index 32d779227cc5..2303f354ce14 100644
--- a/_topic_maps/_topic_map.yml
+++ b/_topic_maps/_topic_map.yml
@@ -24,7 +24,7 @@
 ---
 Name: About
 Dir: welcome
-Distros: openshift-enterprise,openshift-webscale,openshift-origin,openshift-online,openshift-dpu
+Distros: openshift-enterprise,openshift-webscale,openshift-origin,openshift-online,openshift-dpu,openshift-telco
 Topics:
 - Name: Welcome
   File: index
@@ -51,21 +51,21 @@ Name: Release notes
 Dir: release_notes
 Distros: openshift-enterprise
 Topics:
-- Name: OpenShift Container Platform 4.14 release notes
-  File: ocp-4-14-release-notes
+- Name: OpenShift Container Platform 4.15 release notes
+  File: ocp-4-15-release-notes
 ---
- Name: Getting started
- Dir: getting_started
- Distros: openshift-enterprise
- Topics:
- - Name: Kubernetes overview
-   File: kubernetes-overview
- - Name: OpenShift Container Platform overview
-   File: openshift-overview
- - Name: Web console walkthrough
-   File: openshift-web-console
- - Name: Command-line walkthrough
-   File: openshift-cli
+Name: Getting started
+Dir: getting_started
+Distros: openshift-enterprise
+Topics:
+- Name: Kubernetes overview
+  File: kubernetes-overview
+- Name: OpenShift Container Platform overview
+  File: openshift-overview
+- Name: Web console walkthrough
+  File: openshift-web-console
+- Name: Command-line walkthrough
+  File: openshift-cli
 ---
 Name: Architecture
 Dir: architecture
@@ -87,6 +87,9 @@ Topics:
 - Name: Control plane architecture
   File: control-plane
   Distros: openshift-enterprise,openshift-origin,openshift-online
+- Name: NVIDIA GPU architecture overview
+  File: nvidia-gpu-architecture-overview
+  Distros: openshift-enterprise
 - Name: Understanding OpenShift development
   File: understanding-development
   Distros: openshift-enterprise
@@ -132,20 +135,22 @@ Topics:
   Dir: installing_alibaba
   Distros: openshift-origin,openshift-enterprise
   Topics:
-    - Name: Preparing to install on Alibaba Cloud
-      File: preparing-to-install-on-alibaba
-    - Name: Creating the required Alibaba Cloud resources
-      File: manually-creating-alibaba-ram
-    - Name: Installing a cluster quickly on Alibaba Cloud
-      File: installing-alibaba-default
-    - Name: Installing a cluster on Alibaba Cloud with customizations
-      File: installing-alibaba-customizations
-    - Name: Installing a cluster on Alibaba Cloud with network customizations
-      File: installing-alibaba-network-customizations
-    - Name: Installing a cluster on Alibaba Cloud into an existing VPC
-      File: installing-alibaba-vpc
-    - Name: Uninstalling a cluster on Alibaba Cloud
-      File: uninstall-cluster-alibaba
+  - Name: Preparing to install on Alibaba Cloud
+    File: preparing-to-install-on-alibaba
+  - Name: Creating the required Alibaba Cloud resources
+    File: manually-creating-alibaba-ram
+  - Name: Installing a cluster quickly on Alibaba Cloud
+    File: installing-alibaba-default
+  - Name: Installing a cluster on Alibaba Cloud with customizations
+    File: installing-alibaba-customizations
+  - Name: Installing a cluster on Alibaba Cloud with network customizations
+    File: installing-alibaba-network-customizations
+  - Name: Installing a cluster on Alibaba Cloud into an existing VPC
+    File: installing-alibaba-vpc
+  - Name: Installation configuration parameters for Alibaba Cloud
+    File: installation-config-parameters-alibaba
+  - Name: Uninstalling a cluster on Alibaba Cloud
+    File: uninstall-cluster-alibaba
 - Name: Installing on AWS
   Dir: installing_aws
   Distros: openshift-origin,openshift-enterprise
@@ -154,8 +159,6 @@ Topics:
     File: preparing-to-install-on-aws
   - Name: Configuring an AWS account
     File: installing-aws-account
-  - Name: Manually creating IAM
-    File: manually-creating-iam
   - Name: Installing a cluster quickly on AWS
     File: installing-aws-default
   - Name: Installing a cluster on AWS with customizations
@@ -176,7 +179,7 @@ Topics:
     File: installing-aws-china
   - Name: Installing a cluster on AWS using CloudFormation templates
     File: installing-aws-user-infra
-  - Name: Installing a cluster using AWS Local Zones
+  - Name: Installing a cluster on AWS with worker nodes on AWS Local Zones
     File: installing-aws-localzone
   - Name: Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
     File: installing-restricted-networks-aws
@@ -184,10 +187,10 @@ Topics:
     File: installing-aws-outposts-remote-workers
   - Name: Installing a three-node cluster on AWS
     File: installing-aws-three-node
-  - Name: Expanding a cluster with on-premise bare metal nodes
-    File: installing-aws-expanding-a-cluster-with-on-premise-bare-metal-nodes
   - Name: Uninstalling a cluster on AWS
     File: uninstalling-cluster-aws
+  - Name: Installation configuration parameters for AWS
+    File: installation-config-parameters-aws
 - Name: Installing on Azure
   Dir: installing_azure
   Distros: openshift-origin,openshift-enterprise
@@ -196,8 +199,6 @@ Topics:
     File: preparing-to-install-on-azure
   - Name: Configuring an Azure account
     File: installing-azure-account
-  - Name: Manually creating IAM
-    File: manually-creating-iam-azure
   - Name: Enabling user-managed encryption on Azure
     File: enabling-user-managed-encryption-azure
   - Name: Installing a cluster quickly on Azure
@@ -212,12 +213,18 @@ Topics:
     File: installing-azure-private
   - Name: Installing a cluster on Azure into a government region
     File: installing-azure-government-region
+  - Name: Installing a cluster on Azure in a restricted network with user-provisioned infrastructure
+    File: installing-restricted-networks-azure-user-provisioned
   - Name: Installing a cluster on Azure using ARM templates
     File: installing-azure-user-infra
+  - Name: Installing a cluster on Azure in a restricted network
+    File: installing-restricted-networks-azure-installer-provisioned
   - Name: Installing a three-node cluster on Azure
     File: installing-azure-three-node
   - Name: Uninstalling a cluster on Azure
     File: uninstalling-cluster-azure
+  - Name: Installation configuration parameters for Azure
+    File: installation-config-parameters-azure
 - Name: Installing on Azure Stack Hub
   Dir: installing_azure_stack_hub
   Distros: openshift-origin,openshift-enterprise
@@ -232,6 +239,8 @@ Topics:
     File: installing-azure-stack-hub-network-customizations
   - Name: Installing a cluster on Azure Stack Hub using ARM templates
     File: installing-azure-stack-hub-user-infra
+  - Name: Installation configuration parameters for Azure Stack Hub
+    File: installation-config-parameters-ash
   - Name: Uninstalling a cluster on Azure Stack Hub
     File: uninstalling-cluster-azure-stack-hub
 - Name: Installing on GCP
@@ -242,8 +251,6 @@ Topics:
     File: preparing-to-install-on-gcp
   - Name: Configuring a GCP project
     File: installing-gcp-account
-  - Name: Manually creating IAM
-    File: manually-creating-iam-gcp
   - Name: Installing a cluster quickly on GCP
     File: installing-gcp-default
   - Name: Installing a cluster on GCP with customizations
@@ -266,27 +273,35 @@ Topics:
     File: installing-restricted-networks-gcp
   - Name: Installing a three-node cluster on GCP
     File: installing-gcp-three-node
+  - Name: Installation configuration parameters for GCP
+    File: installation-config-parameters-gcp
   - Name: Uninstalling a cluster on GCP
     File: uninstalling-cluster-gcp
-- Name: Installing on IBM Cloud VPC
+- Name: Installing on IBM Cloud
   Dir: installing_ibm_cloud_public
   Distros: openshift-origin,openshift-enterprise
   Topics:
-  - Name: Preparing to install on IBM Cloud VPC
+  - Name: Preparing to install on IBM Cloud
     File: preparing-to-install-on-ibm-cloud
   - Name: Configuring an IBM Cloud account
     File: installing-ibm-cloud-account
-  - Name: Configuring IAM for IBM Cloud VPC
+  - Name: Configuring IAM for IBM Cloud
     File: configuring-iam-ibm-cloud
-  - Name: Installing a cluster on IBM Cloud VPC with customizations
+  - Name: User-managed encryption
+    File: user-managed-encryption-ibm-cloud
+  - Name: Installing a cluster on IBM Cloud with customizations
     File: installing-ibm-cloud-customizations
-  - Name: Installing a cluster on IBM Cloud VPC with network customizations
+  - Name: Installing a cluster on IBM Cloud with network customizations
     File: installing-ibm-cloud-network-customizations
-  - Name: Installing a cluster on IBM Cloud VPC into an existing VPC
+  - Name: Installing a cluster on IBM Cloud into an existing VPC
     File: installing-ibm-cloud-vpc
-  - Name: Installing a private cluster on IBM Cloud VPC
+  - Name: Installing a private cluster on IBM Cloud
     File: installing-ibm-cloud-private
-  - Name: Uninstalling a cluster on IBM Cloud VPC
+  - Name: Installing a cluster on IBM Cloud in a restricted network
+    File: installing-ibm-cloud-restricted
+  - Name: Installation configuration parameters for IBM Cloud
+    File: installation-config-parameters-ibm-cloud-vpc
+  - Name: Uninstalling a cluster on IBM Cloud
     File: uninstalling-cluster-ibm-cloud
 - Name: Installing on Nutanix
   Dir: installing_nutanix
@@ -294,6 +309,8 @@ Topics:
   Topics:
   - Name: Preparing to install on Nutanix
     File: preparing-to-install-on-nutanix
+  - Name: Fault tolerant deployments
+    File: nutanix-failure-domains
   - Name: Installing a cluster on Nutanix
     File: installing-nutanix-installer-provisioned
   - Name: Installing a cluster on Nutanix in a restricted network
@@ -302,6 +319,8 @@ Topics:
     File: installing-nutanix-three-node
   - Name: Uninstalling a cluster on Nutanix
     File: uninstalling-cluster-nutanix
+  - Name: Installation configuration parameters for Nutanix
+    File: installation-config-parameters-nutanix
 - Name: Installing on bare metal
   Dir: installing_bare_metal
   Distros: openshift-origin,openshift-enterprise
@@ -316,6 +335,8 @@ Topics:
     File: installing-restricted-networks-bare-metal
   - Name: Scaling a user-provisioned installation with the bare metal operator
     File: scaling-a-user-provisioned-cluster-with-the-bare-metal-operator
+  - Name: Installation configuration parameters for bare metal
+    File: installation-config-parameters-bare-metal
 - Name: Installing on-premise with Assisted Installer
   Dir: installing_on_prem_assisted
   Distros: openshift-enterprise
@@ -332,8 +353,12 @@ Topics:
     File: understanding-disconnected-installation-mirroring
   - Name: Installing a cluster with Agent-based Installer
     File: installing-with-agent-based-installer
+  - Name: Preparing PXE assets for OCP
+    File: prepare-pxe-assets-agent
   - Name: Preparing an Agent-based installed cluster for the multicluster engine for Kubernetes
     File: preparing-an-agent-based-installed-cluster-for-mce
+  - Name: Installation configuration parameters for the Agent-based Installer
+    File: installation-config-parameters-agent
 - Name: Installing on a single node
   Dir: installing_sno
   Distros: openshift-enterprise
@@ -352,13 +377,13 @@ Topics:
     File: ipi-install-prerequisites
   - Name: Setting up the environment for an OpenShift installation
     File: ipi-install-installation-workflow
-  - Name: Post-installation configuration
+  - Name: Postinstallation configuration
     File: ipi-install-post-installation-configuration
   - Name: Expanding the cluster
     File: ipi-install-expanding-the-cluster
   - Name: Troubleshooting
     File: ipi-install-troubleshooting
-- Name: Installing bare metal clusters on IBM Cloud
+- Name: Installing IBM Cloud Bare Metal (Classic)
   Dir: installing_ibm_cloud
   Distros: openshift-origin,openshift-enterprise
   Topics:
@@ -366,26 +391,22 @@ Topics:
     File: install-ibm-cloud-prerequisites
   - Name: Installation workflow
     File: install-ibm-cloud-installation-workflow
-- Name: Installing with z/VM on IBM Z and IBM LinuxONE
+- Name: Installing on IBM Z and IBM LinuxONE
   Dir: installing_ibm_z
   Distros: openshift-enterprise
   Topics:
-  - Name: Preparing to install with z/VM on IBM Z and IBM LinuxONE
+  - Name: Preparing to install on IBM Z and IBM LinuxONE
     File: preparing-to-install-on-ibm-z
   - Name: Installing a cluster with z/VM on IBM Z and IBM LinuxONE
     File: installing-ibm-z
   - Name: Restricted network IBM Z installation with z/VM
     File: installing-restricted-networks-ibm-z
-- Name: Installing with RHEL KVM on IBM Z and IBM LinuxONE
-  Dir: installing_ibm_z
-  Distros: openshift-enterprise
-  Topics:
-  - Name: Preparing to install with RHEL KVM on IBM Z and IBM LinuxONE
-    File: preparing-to-install-on-ibm-z-kvm
   - Name: Installing a cluster with RHEL KVM on IBM Z and IBM LinuxONE
     File: installing-ibm-z-kvm
   - Name: Restricted network IBM Z installation with RHEL KVM
     File: installing-restricted-networks-ibm-z-kvm
+  - Name: Installation configuration parameters for IBM Z and IBM LinuxONE
+    File: installation-config-parameters-ibm-z
 - Name: Installing on IBM Power
   Dir: installing_ibm_power
   Distros: openshift-enterprise
@@ -396,6 +417,8 @@ Topics:
     File: installing-ibm-power
   - Name: Restricted network IBM Power installation
     File: installing-restricted-networks-ibm-power
+  - Name: Installation configuration parameters for IBM Power
+    File: installation-config-parameters-ibm-power
 - Name: Installing on IBM Power Virtual Server
   Dir: installing_ibm_powervs
   Distros: openshift-enterprise
@@ -416,6 +439,8 @@ Topics:
     File: installing-restricted-networks-ibm-power-vs
   - Name: Uninstalling a cluster on IBM Power Virtual Server
     File: uninstalling-cluster-ibm-power-vs
+  - Name: Installation configuration parameters for IBM Power Virtual Server
+    File: installation-config-parameters-ibm-power-vs
 - Name: Installing on OpenStack
   Dir: installing_openstack
   Distros: openshift-origin,openshift-enterprise
@@ -428,12 +453,8 @@ Topics:
 #    File: installing-openstack-installer
   - Name: Installing a cluster on OpenStack with customizations
     File: installing-openstack-installer-custom
-  - Name: Installing a cluster on OpenStack with Kuryr
-    File: installing-openstack-installer-kuryr
   - Name: Installing a cluster on OpenStack on your own infrastructure
     File: installing-openstack-user
-  - Name: Installing a cluster on OpenStack with Kuryr on your own infrastructure
-    File: installing-openstack-user-kuryr
   - Name: Installing a cluster on OpenStack in a restricted network
     File: installing-openstack-installer-restricted
   - Name: OpenStack Cloud Controller Manager reference guide
@@ -444,67 +465,57 @@ Topics:
     File: uninstalling-cluster-openstack
   - Name: Uninstalling a cluster on OpenStack from your own infrastructure
     File: uninstalling-openstack-user
-- Name: Installing on RHV
-  Dir: installing_rhv
-  Distros: openshift-enterprise
-  Topics:
-  - Name: Preparing to install on RHV
-    File: preparing-to-install-on-rhv
-  - Name: Installing a cluster quickly on RHV
-    File: installing-rhv-default
-  - Name: Installing a cluster on RHV with customizations
-    File: installing-rhv-customizations
-  - Name: Installing a cluster on RHV with user-provisioned infrastructure
-    File: installing-rhv-user-infra
-  - Name: Installing a cluster on RHV in a restricted network
-    File: installing-rhv-restricted-network
-  - Name: Uninstalling a cluster on RHV
-    File: uninstalling-cluster-rhv
-- Name: Installing on oVirt
-  Dir: installing_rhv
-  Distros: openshift-origin
-  Topics:
-  - Name: Preparing to install on RHV
-    File: preparing-to-install-on-rhv
-  - Name: Installing a cluster quickly on oVirt
-    File: installing-rhv-default
-  - Name: Installing a cluster on oVirt with customizations
-    File: installing-rhv-customizations
-  - Name: Installing a cluster on oVirt with user-provisioned infrastructure
-    File: installing-rhv-user-infra
-  - Name: Installing a cluster on RHV in a restricted network
-    File: installing-rhv-restricted-network
-  - Name: Uninstalling a cluster on oVirt
-    File: uninstalling-cluster-rhv
+  - Name: Installation configuration parameters for OpenStack
+    File: installation-config-parameters-openstack
 - Name: Installing on vSphere
   Dir: installing_vsphere
   Distros: openshift-origin,openshift-enterprise
   Topics:
-  - Name: Preparing to install on vSphere
+  - Name: Installation methods
     File: preparing-to-install-on-vsphere
-  - Name: Installing a cluster on vSphere
-    File: installing-vsphere-installer-provisioned
-  - Name: Installing a cluster on vSphere with customizations
-    File: installing-vsphere-installer-provisioned-customizations
-  - Name: Installing a cluster on vSphere with network customizations
-    File: installing-vsphere-installer-provisioned-network-customizations
-  - Name: Installing a cluster on vSphere with user-provisioned infrastructure
-    File: installing-vsphere
-  - Name: Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
-    File: installing-vsphere-network-customizations
-  - Name: Installing a cluster on vSphere in a restricted network
-    File: installing-restricted-networks-installer-provisioned-vsphere
-  - Name: Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
-    File: installing-restricted-networks-vsphere
-  - Name: Installing a three-node cluster on vSphere
+  - Name: Installer-provisioned infrastructure
+    Dir: ipi
+    Distros: openshift-origin,openshift-enterprise
+    Topics:
+    - Name: vSphere installation requirements
+      File: ipi-vsphere-installation-reqs
+    - Name: Preparing to install a cluster
+      File: ipi-vsphere-preparing-to-install
+    - Name: Installing a cluster
+      File: installing-vsphere-installer-provisioned
+    - Name: Installing a cluster with customizations
+      File: installing-vsphere-installer-provisioned-customizations
+    - Name: Installing a cluster with network customizations
+      File: installing-vsphere-installer-provisioned-network-customizations
+    - Name: Installing a cluster in a restricted network
+      File: installing-restricted-networks-installer-provisioned-vsphere
+  - Name: User-provisioned infrastructure
+    Dir: upi
+    Distros: openshift-origin,openshift-enterprise
+    Topics:
+    - Name: vSphere installation requirements
+      File: upi-vsphere-installation-reqs
+    - Name: Preparing to install a cluster
+      File: upi-vsphere-preparing-to-install
+    - Name: Installing a cluster
+      File: installing-vsphere
+    - Name: Installing a cluster with network customizations
+      File: installing-vsphere-network-customizations
+    - Name: Installing a cluster in a restricted network
+      File: installing-restricted-networks-vsphere
+  - Name: Assisted Installer
+    Distros: openshift-enterprise
+    File: installing-vsphere-assisted-installer
+  - Name: Agent-based Installer
+    Distros: openshift-enterprise
+    File: installing-vsphere-agent-based-installer
+  - Name: Installing a three-node cluster
     File: installing-vsphere-three-node
-  - Name: Configuring the vSphere connection settings after an installation
-    File: installing-vsphere-post-installation-configuration
-  - Name: Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
+  - Name: Uninstalling a cluster
     File: uninstalling-cluster-vsphere-installer-provisioned
   - Name: Using the vSphere Problem Detector Operator
     File: using-vsphere-problem-detector-operator
-  - Name: Installation configuration parameters for vSphere
+  - Name: Installation configuration parameters
     File: installation-config-parameters-vsphere
 - Name: Installing on any platform
   Dir: installing_platform_agnostic
@@ -520,8 +531,8 @@ Topics:
     File: installing-customizing
   - Name: Configuring your firewall
     File: configuring-firewall
-  - Name: Enabling Linux control group version 2 (cgroup v2)
-    File: enabling-cgroup-v2
+  - Name: Enabling Linux control group version 1 (cgroup v1)
+    File: enabling-cgroup-v1
     Distros: openshift-enterprise
 - Name: Validating an installation
   File: validating-an-installation
@@ -529,12 +540,15 @@ Topics:
 - Name: Troubleshooting installation issues
   File: installing-troubleshooting
   Distros: openshift-origin,openshift-enterprise
+- Name: Support for FIPS cryptography
+  File: installing-fips
+  Distros: openshift-enterprise,openshift-online
 ---
-Name: Post-installation configuration
+Name: Postinstallation configuration
 Dir: post_installation_configuration
 Distros: openshift-origin,openshift-enterprise
 Topics:
-- Name: Post-installation configuration overview
+- Name: Postinstallation configuration overview
   Distros: openshift-enterprise
   File: index
 - Name: Configuring a private cluster
@@ -543,10 +557,31 @@ Topics:
 - Name: Bare metal configuration
   File: bare-metal-configuration
 - Name: Configuring multi-architecture compute machines on an OpenShift cluster
+  Dir: configuring-multi-arch-compute-machines
   Distros: openshift-enterprise
-  File: multi-architecture-configuration
+  Topics:
+  - Name: About clusters with multi-architecture compute machines
+    File: multi-architecture-configuration
+  - Name: Creating a cluster with multi-architecture compute machines on Azure
+    File: creating-multi-arch-compute-nodes-azure
+  - Name: Creating a cluster with multi-architecture compute machines on AWS
+    File: creating-multi-arch-compute-nodes-aws
+  - Name: Creating a cluster with multi-architecture compute machines on GCP
+    File: creating-multi-arch-compute-nodes-gcp
+  - Name: Creating a cluster with multi-architecture compute machines on bare metal
+    File: creating-multi-arch-compute-nodes-bare-metal
+  - Name: Creating a cluster with multi-architecture compute machines on IBM Z and IBM LinuxONE with z/VM
+    File: creating-multi-arch-compute-nodes-ibm-z
+  - Name: Creating a cluster with multi-architecture compute machines on IBM Z and IBM LinuxONE with RHEL KVM
+    File: creating-multi-arch-compute-nodes-ibm-z-kvm
+  - Name: Creating a cluster with multi-architecture compute machines on IBM Power
+    File: creating-multi-arch-compute-nodes-ibm-power
+  - Name: Managing your cluster with multi-architecture compute machines
+    File: multi-architecture-compute-managing
 - Name: Enabling encryption on a vSphere cluster
   File: vsphere-post-installation-encryption
+- Name: Configuring the vSphere connection settings after an installation
+  File: installing-vsphere-post-installation-configuration
 - Name: Machine configuration tasks
   File: machine-configuration-tasks
 - Name: Cluster tasks
@@ -576,6 +611,12 @@ Topics:
 - Name: Fedora CoreOS (FCOS) image layering
   File: coreos-layering
   Distros: openshift-origin
+- Name: AWS Local Zone tasks
+  File: aws-compute-edge-tasks
+  Distros: openshift-enterprise
+- Name: Adding failure domains to an existing Nutanix cluster
+  File: adding-nutanix-failure-domains
+  Distros: openshift-origin,openshift-enterprise
 ---
 Name: Updating clusters
 Dir: updating
@@ -583,25 +624,33 @@ Distros: openshift-origin,openshift-enterprise
 Topics:
 - Name: Updating clusters overview
   File: index
+  Distros: openshift-origin
 - Name: Understanding OpenShift updates
   Dir: understanding_updates
-  Distros: openshift-enterprise
   Topics:
-    - Name: Introduction to OpenShift updates
-      File: intro-to-updates
-    - Name: How cluster updates work
-      File: how-updates-work
-- Name: Understanding update channels and releases
-  File: understanding-upgrade-channels-release
-  Distros: openshift-enterprise
-- Name: Understanding OpenShift update duration
-  File: understanding-openshift-update-duration
-- Name: Preparing to update to OpenShift Container Platform 4.13
-  File: updating-cluster-prepare
-  Distros: openshift-enterprise
-- Name: Preparing to update to OKD 4.13
-  File: updating-cluster-prepare
-  Distros: openshift-origin
+  - Name: Introduction to OpenShift updates
+    File: intro-to-updates
+  - Name: How cluster updates work
+    File: how-updates-work
+    Distros: openshift-enterprise
+  - Name: Understanding update channels and releases
+    File: understanding-update-channels-release
+    Distros: openshift-enterprise
+  - Name: Understanding OpenShift update duration
+    File: understanding-openshift-update-duration
+- Name: Preparing to update a cluster
+  Dir: preparing_for_updates
+  Topics:
+  - Name: Preparing to update to OpenShift Container Platform 4.15
+    File: updating-cluster-prepare
+    Distros: openshift-enterprise
+  - Name: Preparing to update to OKD 4.15
+    File: updating-cluster-prepare
+    Distros: openshift-origin
+  - Name: Preparing to update a cluster with manually maintained credentials
+    File: preparing-manual-creds-update
+  - Name: Preflight validation for Kernel Module Management (KMM) Modules
+    File: kmm-preflight-validation
 - Name: Performing a cluster update
   Dir: updating_a_cluster
   Topics:
@@ -642,12 +691,14 @@ Topics:
     File: migrating-to-multi-payload
   - Name: Updating hosted control planes
     File: updating-hosted-control-planes
-- Name: Preparing to update a cluster with manually maintained credentials
-  File: preparing-manual-creds-update
-- Name: Preflight validation for Kernel Module Management (KMM) Modules
-  File: kmm-preflight-validation
-# - Name: Troubleshooting an update
-#  File: updating-troubleshooting
+- Name: Troubleshooting a cluster update
+  Dir: troubleshooting_updates
+  Distros: openshift-enterprise,openshift-origin
+  Topics:
+  #- Name: Recovering when an update fails before it is applied
+   # File: recovering-update-before-applied
+  - Name: Gathering data about your cluster update
+    File: gathering-data-cluster-update
 ---
 Name: Support
 Dir: support
@@ -674,7 +725,7 @@ Topics:
     File: enabling-remote-health-reporting
   - Name: Using Insights to identify issues with your cluster
     File: using-insights-to-identify-issues-with-your-cluster
-  - Name: Using Insights Operator
+  - Name: Using the Insights Operator
     File: using-insights-operator
   - Name: Using remote health reporting in a restricted network
     File: remote-health-reporting-from-restricted-network
@@ -725,7 +776,7 @@ Topics:
   File: web-console-overview
 - Name: Accessing the web console
   File: web-console
-- Name: Viewing cluster information
+- Name: Using the OpenShift Container Platform dashboard to get cluster information
   File: using-dashboard-to-get-cluster-information
 - Name: Adding user preferences
   File: adding-user-preferences
@@ -927,37 +978,47 @@ Topics:
 - Name: Compliance Operator
   Dir: compliance_operator
   Topics:
+  - Name: Compliance Operator overview
+    File: co-overview
   - Name: Compliance Operator release notes
     File: compliance-operator-release-notes
-  - Name: Supported compliance profiles
-    File: compliance-operator-supported-profiles
-  - Name: Installing the Compliance Operator
-    File: compliance-operator-installation
-  - Name: Updating the Compliance Operator
-    File: compliance-operator-updating
-  - Name: Compliance Operator scans
-    File: compliance-scans
-  - Name: Understanding the Compliance Operator
-    File: compliance-operator-understanding
-  - Name: Managing the Compliance Operator
-    File: compliance-operator-manage
-  - Name: Tailoring the Compliance Operator
-    File: compliance-operator-tailor
-  - Name: Retrieving Compliance Operator raw results
-    File: compliance-operator-raw-results
-  - Name: Managing Compliance Operator remediation
-    File: compliance-operator-remediation
-  - Name: Performing advanced Compliance Operator tasks
-    File: compliance-operator-advanced
-  - Name: Troubleshooting the Compliance Operator
-    File: compliance-operator-troubleshooting
-  - Name: Uninstalling the Compliance Operator
-    File: compliance-operator-uninstallation
-  - Name: Using the oc-compliance plugin
-    File: oc-compliance-plug-in-using
-  - Name: Understanding the Custom Resource Definitions
-    File: compliance-operator-crd
-
+  - Name: Compliance Operator concepts
+    Dir: co-concepts
+    Topics:
+    - Name: Understanding the Compliance Operator
+      File: compliance-operator-understanding
+    - Name: Understanding the Custom Resource Definitions
+      File: compliance-operator-crd
+  - Name: Compliance Operator management
+    Dir: co-management
+    Topics:
+    - Name: Installing the Compliance Operator
+      File: compliance-operator-installation
+    - Name: Updating the Compliance Operator
+      File: compliance-operator-updating
+    - Name: Managing the Compliance Operator
+      File: compliance-operator-manage
+    - Name: Uninstalling the Compliance Operator
+      File: compliance-operator-uninstallation
+  - Name: Compliance Operator scan management
+    Dir: co-scans
+    Topics:
+    - Name: Supported compliance profiles
+      File: compliance-operator-supported-profiles
+    - Name: Compliance Operator scans
+      File: compliance-scans
+    - Name: Tailoring the Compliance Operator
+      File: compliance-operator-tailor
+    - Name: Retrieving Compliance Operator raw results
+      File: compliance-operator-raw-results
+    - Name: Managing Compliance Operator remediation
+      File: compliance-operator-remediation
+    - Name: Performing advanced Compliance Operator tasks
+      File: compliance-operator-advanced
+    - Name: Troubleshooting the Compliance Operator
+      File: compliance-operator-troubleshooting
+    - Name: Using the oc-compliance plugin
+      File: oc-compliance-plug-in-using
 - Name: File Integrity Operator
   Dir: file_integrity_operator
   Topics:
@@ -996,6 +1057,22 @@ Topics:
     File: spo-troubleshooting
   - Name: Uninstalling the Security Profiles Operator
     File: spo-uninstalling
+- Name: NBDE Tang Server Operator
+  Dir: nbde_tang_server_operator
+  Distros: openshift-enterprise
+  Topics:
+  - Name: NBDE Tang Server Operator overview
+    File: nbde-tang-server-operator-overview
+  - Name: NBDE Tang Server Operator release notes
+    File: nbde-tang-server-operator-release-notes
+  - Name: Understanding the NBDE Tang Server Operator
+    File: nbde-tang-server-operator-understanding
+  - Name: Installing the NBDE Tang Server Operator
+    File: nbde-tang-server-operator-installing
+  - Name: Configuring and managing Tang servers using the NBDE Tang Server Operator
+    File: nbde-tang-server-operator-configuring-managing
+  - Name: Identifying URL of a Tang server deployed with the NBDE Tang Server Operator
+    File: nbde-tang-server-operator-identifying-url
 - Name: cert-manager Operator for Red Hat OpenShift
   Dir: cert_manager_operator
   Distros: openshift-enterprise
@@ -1006,8 +1083,10 @@ Topics:
     File: cert-manager-operator-release-notes
   - Name: Installing the cert-manager Operator for Red Hat OpenShift
     File: cert-manager-operator-install
-  - Name: Managing certificates with an ACME issuer
+  - Name: Configuring an ACME issuer
     File: cert-manager-operator-issuer-acme
+  - Name: Configuring certificates with an issuer
+    File: cert-manager-creating-certificate
   - Name: Enabling monitoring for the cert-manager Operator for Red Hat OpenShift
     File: cert-manager-monitoring
   - Name: Configuring the egress proxy for the cert-manager Operator for Red Hat OpenShift
@@ -1135,16 +1214,14 @@ Topics:
   Topics:
   - Name: About the Cloud Credential Operator
     File: about-cloud-credential-operator
-  - Name: Using mint mode
+  - Name: Mint mode
     File: cco-mode-mint
-  - Name: Using passthrough mode
+  - Name: Passthrough mode
     File: cco-mode-passthrough
-  - Name: Using manual mode
+  - Name: Manual mode with long-term credentials for components
     File: cco-mode-manual
-  - Name: Using manual mode with AWS Security Token Service
-    File: cco-mode-sts
-  - Name: Using manual mode with GCP Workload Identity
-    File: cco-mode-gcp-workload-identity
+  - Name: Manual mode with short-term credentials for components
+    File: cco-short-term-creds
 ---
 Name: Networking
 Dir: networking
@@ -1158,6 +1235,8 @@ Topics:
   File: accessing-hosts
 - Name: Networking Operators overview
   File: networking-operators-overview
+- Name: Networking dashboards
+  File: networking-dashboards
 - Name: Understanding the Cluster Network Operator
   File: cluster-network-operator
   Distros: openshift-enterprise,openshift-origin
@@ -1188,18 +1267,27 @@ Topics:
   File: configuring-cluster-network-range
 - Name: Configuring IP failover
   File: configuring-ipfailover
-- Name: Configuring interface-level network sysctls
-  File: setting-interface-level-network-sysctls
+- Name: Configuring system controls and interface attributes using the tuning plugin
+  File: configure-syscontrols-interface-tuning-cni
 - Name: Using SCTP
   File: using-sctp
   Distros: openshift-enterprise,openshift-origin
 - Name: Using PTP hardware
-  File: using-ptp
-- Name: Developing PTP events consumer applications
-  File: ptp-cloud-events-consumer-dev-reference
+  Dir: ptp
+  Topics:
+  - Name: About PTP in OpenShift clusters
+    File: about-ptp
+  - Name: Configuring PTP hardware
+    File: configuring-ptp
+  - Name: Using PTP events
+    File: using-ptp-events
+  - Name: Developing PTP events consumer applications
+    File: ptp-cloud-events-consumer-dev-reference
 - Name: External DNS Operator
   Dir: external_dns_operator
   Topics:
+  - Name: External DNS Operator release notes
+    File: external-dns-operator-release-notes
   - Name: Understanding the External DNS Operator
     File: understanding-external-dns-operator
   - Name: Installing the External DNS Operator
@@ -1233,6 +1321,8 @@ Topics:
     File: default-network-policy
   - Name: Configuring multitenant isolation with network policy
     File: multitenant-network-policy
+- Name: CIDR range definitions
+  File: cidr-range-definitions
 - Name: AWS Load Balancer Operator
   Dir: aws_load_balancer_operator
   Distros: openshift-enterprise,openshift-origin
@@ -1243,7 +1333,7 @@ Topics:
     File: understanding-aws-load-balancer-operator
   - Name: Installing the AWS Load Balancer Operator
     File: install-aws-load-balancer-operator
-  - Name: Installing the AWS Load Balancer Operator on Security Token Service cluster
+  - Name: Installing the AWS Load Balancer Operator on a Security Token Service cluster
     File: installing-albo-sts-cluster
   - Name: Creating an instance of the AWS Load Balancer Controller
     File: create-instance-aws-load-balancer-controller
@@ -1293,7 +1383,7 @@ Topics:
     File: configuring-sriov-ib-attach
   - Name: Adding a pod to an SR-IOV network
     File: add-pod
-  - Name: Tuning sysctl settings on an SR-IOV network
+  - Name: Configuring interface-level network sysctl settings and all-multicast mode for SR-IOV networks
     File: configuring-interface-sysctl-sriov-device
   - Name: Using high performance multicast
     File: using-sriov-multicast
@@ -1323,14 +1413,14 @@ Topics:
     File: migrate-from-openshift-sdn
   - Name: Rolling back to the OpenShift SDN network plugin
     File: rollback-to-openshift-sdn
-  - Name: Migrating from Kuryr
-    File: migrate-from-kuryr-sdn
   - Name: Converting to IPv4/IPv6 dual stack networking
     File: converting-to-dual-stack
   - Name: Logging for egress firewall and network policy rules
     File: logging-network-policy
   - Name: Configuring IPsec encryption
     File: configuring-ipsec-ovn
+  - Name: Configure an external gateway through a secondary network interface
+    File: configuring-secondary-external-gateway
   - Name: Configuring an egress firewall for a project
     File: configuring-egress-firewall-ovn
   - Name: Viewing an egress firewall for a project
@@ -1343,6 +1433,8 @@ Topics:
     File: configuring-egress-ips-ovn
   - Name: Assigning an egress IP address
     File: assigning-egress-ips-ovn
+  - Name: Configuring an egress service
+    File: configuring-egress-traffic-for-vrf-loadbalancer-services
   - Name: Considerations for the use of an egress router pod
     File: using-an-egress-router-ovn
   - Name: Deploying an egress router pod in redirect mode
@@ -1362,7 +1454,7 @@ Topics:
     File: about-openshift-sdn
   - Name: Migrating to the OpenShift SDN network plugin
     File: migrate-to-openshift-sdn
-  - Name: Rolling back to the OpenShift SDN network plugin
+  - Name: Rolling back to the OVN-Kubernetes network plugin
     File: rollback-to-ovn-kubernetes
   - Name: Configuring egress IPs for a project
     File: assigning-egress-ips
@@ -1436,9 +1528,7 @@ Topics:
   Topics:
   - Name: About the Kubernetes NMState Operator
     File: k8s-nmstate-about-the-k8s-nmstate-operator
-  - Name: Observing node network state
-    File: k8s-nmstate-observing-node-network-state
-  - Name: Updating node network configuration
+  - Name: Observing and updating node network state and configuration
     File: k8s-nmstate-updating-node-network-config
   - Name: Troubleshooting node network configuration
     File: k8s-nmstate-troubleshooting-node-network
@@ -1471,33 +1561,12 @@ Topics:
     File: metallb-configure-bfd-profiles
   - Name: Configuring services to use MetalLB
     File: metallb-configure-services
+  - Name: Managing symmetric routing with MetalLB
+    File: metallb-configure-return-traffic
   - Name: MetalLB logging, troubleshooting, and support
     File: metallb-troubleshoot-support
 - Name: Associating secondary interfaces metrics to network attachments
   File: associating-secondary-interfaces-metrics-to-network-attachments
-- Name: Network Observability
-  Dir: network_observability
-  Topics:
-  - Name: Network Observability release notes
-    File: network-observability-operator-release-notes
-  - Name: Network Observability overview
-    File: network-observability-overview
-  - Name: Installing the Network Observability Operator
-    File: installing-operators
-  - Name: Understanding Network Observability Operator
-    File: understanding-network-observability-operator
-  - Name: Configuring the Network Observability Operator
-    File: configuring-operator
-  - Name: Observing the network traffic
-    File: observing-network-traffic
-  - Name: Monitoring the Network Observability Operator
-    File: network-observability-operator-monitoring
-  - Name: API reference
-    File: flowcollector-api
-  - Name: JSON flows format reference
-    File: json-flows-format-reference
-  - Name: Troubleshooting Network Observability
-    File: troubleshooting-network-observability
 ---
 Name: Storage
 Dir: storage
@@ -1548,6 +1617,8 @@ Topics:
       File: persistent-storage-hostpath
     - Name: Persistent storage using LVM Storage
       File: persistent-storage-using-lvms
+    - Name: Troubleshooting local persistent storage using LVMS
+      File: troubleshooting-local-persistent-storage-using-lvms
 - Name: Using Container Storage Interface (CSI)
   Dir: container_storage_interface
   Distros: openshift-enterprise,openshift-origin
@@ -1592,8 +1663,8 @@ Topics:
     File: persistent-storage-csi-cinder
   - Name: OpenStack Manila CSI Driver Operator
     File: persistent-storage-csi-manila
-  - Name: Red Hat Virtualization CSI Driver Operator
-    File: persistent-storage-csi-ovirt
+  - Name: Secrets Store CSI Driver Operator
+    File: persistent-storage-csi-secrets-store
   - Name: VMware vSphere CSI Driver Operator
     File: persistent-storage-csi-vsphere
 - Name: Generic ephemeral volumes
@@ -1639,6 +1710,9 @@ Topics:
   - Name: Configuring the registry for OpenShift Data Foundation
     File: configuring-registry-storage-rhodf
     Distros: openshift-enterprise,openshift-origin
+  - Name: Configuring the registry for Nutanix
+    File: configuring-registry-storage-nutanix
+    Distros: openshift-enterprise,openshift-origin
 - Name: Accessing the registry
   File: accessing-the-registry
 - Name: Exposing the registry
@@ -1748,6 +1822,9 @@ Topics:
   - Name: Managing platform Operators
     File: olm-managing-po
     Distros: openshift-enterprise,openshift-origin
+  - Name: Troubleshooting Operator issues
+    File: olm-troubleshooting-operator-issues
+    Distros: openshift-enterprise,openshift-origin
 - Name: Developing Operators
   Dir: operator_sdk
   Distros: openshift-origin,openshift-enterprise
@@ -1820,6 +1897,8 @@ Topics:
     File: osdk-working-bundle-images
   - Name: Complying with pod security admission
     File: osdk-complying-with-psa
+  - Name: Token authentication for Operators on cloud providers
+    File: osdk-token-auth
   - Name: Validating Operators using the scorecard
     File: osdk-scorecard
   - Name: Validating Operator bundles
@@ -1830,6 +1909,8 @@ Topics:
     File: osdk-monitoring-prometheus
   - Name: Configuring leader election
     File: osdk-leader-election
+  - Name: Configuring support for multiple platforms
+    File: osdk-multi-arch-support
   - Name: Object pruning utility
     File: osdk-pruning-utility
   - Name: Migrating package manifest projects to bundle format
@@ -1841,6 +1922,29 @@ Topics:
     Distros: openshift-origin
 - Name: Cluster Operators reference
   File: operator-reference
+- Name: OLM 1.0 (Technology Preview)
+  Dir: olm_v1
+  Distros: openshift-origin,openshift-enterprise
+  Topics:
+  - Name: About OLM 1.0
+    File: index
+  - Name: Components and architecture
+    Dir: arch
+    Topics:
+    - Name: Components overview
+      File: olmv1-components
+    - Name: Operator Controller
+      File: olmv1-operator-controller
+    - Name: RukPak
+      File: olmv1-rukpak
+    - Name: Dependency resolution
+      File: olmv1-dependency
+    - Name: Catalogd
+      File: olmv1-catalogd
+  - Name: Installing an Operator from a catalog
+    File: olmv1-installing-an-operator-from-a-catalog
+  - Name: Managing plain bundles
+    File: olmv1-managing-plain-bundles
 ---
 Name: CI/CD
 Dir: cicd
@@ -1848,7 +1952,13 @@ Distros: openshift-enterprise,openshift-origin,openshift-online
 Topics:
 - Name: CI/CD overview
   File: index
-- Name: Builds
+- Name: Builds using Shipwright
+  Dir: builds_using_shipwright
+  Distros: openshift-enterprise
+  Topics:
+  - Name: Overview of Builds
+    File: overview-openshift-builds
+- Name: Builds using BuildConfig
   Dir: builds
   Distros: openshift-enterprise,openshift-origin,openshift-online
   Topics:
@@ -1893,84 +2003,14 @@ Topics:
   Dir: pipelines
   Distros: openshift-enterprise
   Topics:
-  - Name: OpenShift Pipelines release notes
-    File: op-release-notes
-  - Name: Understanding OpenShift Pipelines
-    File: understanding-openshift-pipelines
-  - Name: Installing OpenShift Pipelines
-    File: installing-pipelines
-  - Name: Uninstalling OpenShift Pipelines
-    File: uninstalling-pipelines
-  - Name: Creating CI/CD solutions for applications using OpenShift Pipelines
-    File: creating-applications-with-cicd-pipelines
-  - Name: Managing non-versioned and versioned cluster tasks
-    File: managing-nonversioned-and-versioned-cluster-tasks
-  - Name: Using Tekton Hub with OpenShift Pipelines
-    File: using-tekton-hub-with-openshift-pipelines
-  - Name: Specifying remote pipelines and tasks using resolvers
-    File: remote-pipelines-tasks-resolvers
-  - Name: Using Pipelines as Code
-    File: using-pipelines-as-code
-  - Name: Working with OpenShift Pipelines using the Developer perspective
-    File: working-with-pipelines-using-the-developer-perspective
-  - Name: Customizing configurations in the TektonConfig custom resource
-    File: customizing-configurations-in-the-tektonconfig-cr
-  - Name: Reducing resource consumption of OpenShift Pipelines
-    File: reducing-pipelines-resource-consumption
-  - Name: Setting compute resource quota for OpenShift Pipelines
-    File: setting-compute-resource-quota-for-openshift-pipelines
-  - Name: Using pods in a privileged security context
-    File: using-pods-in-a-privileged-security-context
-  - Name: Securing webhooks with event listeners
-    File: securing-webhooks-with-event-listeners
-  - Name: Authenticating pipelines using git secret
-    File: authenticating-pipelines-using-git-secret
-  - Name: Using Tekton Chains for OpenShift Pipelines supply chain security
-    File: using-tekton-chains-for-openshift-pipelines-supply-chain-security
-  - Name: Viewing pipeline logs using the OpenShift Logging Operator
-    File: viewing-pipeline-logs-using-the-openshift-logging-operator
-  - Name: Unprivileged building of container images using Buildah
-    File: unprivileged-building-of-container-images-using-buildah
+  - Name: About OpenShift Pipelines
+    File: about-pipelines
 - Name: GitOps
   Dir: gitops
   Distros: openshift-enterprise
   Topics:
-  - Name: OpenShift GitOps release notes
-    File: gitops-release-notes
-  - Name: Understanding OpenShift GitOps
-    File: understanding-openshift-gitops
-  - Name: Installing OpenShift GitOps
-    File: installing-openshift-gitops
-  - Name: Uninstalling OpenShift GitOps
-    File: uninstalling-openshift-gitops
-  - Name: Setting up a new Argo CD instance
-    File: setting-up-argocd-instance
-  - Name: Configuring an OpenShift cluster by deploying an application with cluster configurations
-    File: configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations
-  - Name: Deploying a Spring Boot application with Argo CD
-    File: deploying-a-spring-boot-application-with-argo-cd
-  - Name: Argo CD custom resource properties
-    File: argo-cd-custom-resource-properties
-  - Name: Monitoring application health status
-    File: health-information-for-resources-deployment
-  - Name: Configuring SSO for Argo CD using Dex
-    File: configuring-sso-on-argo-cd-using-dex
-  - Name: Configuring SSO for Argo CD using Keycloak
-    File: configuring-sso-for-argo-cd-using-keycloak
-  - Name: Configuring Argo CD RBAC
-    File: configuring-argo-cd-rbac
-  - Name: Configuring Resource Quota
-    File: configuring-resource-quota
-  - Name: Monitoring Argo CD custom resource workloads
-    File: monitoring-argo-cd-custom-resource-workloads
-  - Name: Running Control Plane Workloads on Infra nodes
-    File: run-gitops-control-plane-workload-on-infra-nodes
-  - Name: Sizing requirements for GitOps Operator
-    File: about-sizing-requirements-gitops
-  - Name: Collecting debugging data for a support case
-    File: collecting-debugging-data-for-support
-  - Name: Troubleshooting issues in GitOps
-    File: troubleshooting-issues-in-GitOps
+  - Name: About OpenShift GitOps
+    File: about-redhat-openshift-gitops
 - Name: Jenkins
   Dir: jenkins
   Distros: openshift-enterprise
@@ -2101,7 +2141,7 @@ Topics:
 - Name: Deployments
   Dir: deployments
   Topics:
-  - Name: Understanding Deployments and DeploymentConfigs
+  - Name: Understanding deployments
     File: what-deployments-are
   - Name: Managing deployment processes
     File: managing-deployment-processes
@@ -2141,6 +2181,16 @@ Topics:
   File: red-hat-marketplace
   Distros: openshift-origin,openshift-enterprise
 ---
+Name: Serverless
+Dir: serverless
+Distros: openshift-enterprise
+Topics:
+- Name: About Serverless
+  Dir: about
+  Topics:
+  - Name: Serverless overview
+    File: about-serverless
+---
 Name: Machine management
 Dir: machine_management
 Distros: openshift-origin,openshift-enterprise
@@ -2169,12 +2219,6 @@ Topics:
     File: creating-machineset-nutanix
   - Name: Creating a compute machine set on OpenStack
     File: creating-machineset-osp
-  - Name: Creating a compute machine set on RHV
-    File: creating-machineset-rhv
-    Distros: openshift-enterprise
-  - Name: Creating a compute machine set on oVirt
-    File: creating-machineset-rhv
-    Distros: openshift-origin
   - Name: Creating a compute machine set on vSphere
     File: creating-machineset-vsphere
   - Name: Creating a compute machine set on bare metal
@@ -2183,6 +2227,8 @@ Topics:
   File: manually-scaling-machineset
 - Name: Modifying a compute machine set
   File: modifying-machineset
+- Name: Machine phases and lifecycle
+  File: machine-phases-lifecycle
 - Name: Deleting a machine
   File: deleting-machine
 - Name: Applying autoscaling to a cluster
@@ -2204,8 +2250,6 @@ Topics:
     File: adding-aws-compute-user-infra
   - Name: Adding compute machines to vSphere manually
     File: adding-vsphere-compute-user-infra
-  - Name: Adding compute machines to a cluster on RHV
-    File: adding-rhv-compute-user-infra
   - Name: Adding compute machines to bare metal
     File: adding-bare-metal-compute-user-infra
 - Name: Managing machines with the Cluster API
@@ -2242,6 +2286,8 @@ Topics:
   File: hcp-managing
 - Name: Backup, restore, and disaster recovery for hosted control planes
   File: hcp-backup-restore-dr
+- Name: Troubleshooting hosted control planes
+  File: hcp-troubleshooting
 ---
 Name: Nodes
 Dir: nodes
@@ -2263,8 +2309,10 @@ Topics:
     File: nodes-pods-autoscaling
   - Name: Automatically adjust pod resource levels with the vertical pod autoscaler
     File: nodes-pods-vertical-autoscaler
-  - Name: Providing sensitive data to pods
+  - Name: Providing sensitive data to pods by using secrets
     File: nodes-pods-secrets
+  - Name: Providing sensitive data to pods by using an external secrets store
+    File: nodes-pods-secrets-store
   - Name: Creating and using config maps
     File: nodes-pods-configmaps
   - Name: Using Device Manager to make devices available to nodes
@@ -2300,7 +2348,7 @@ Topics:
     File: nodes-cma-autoscaling-custom-install
   - Name: Understanding the custom metrics autoscaler triggers
     File: nodes-cma-autoscaling-custom-trigger
-  - Name: Understanding the custom metrics autoscaler trigger authentications
+  - Name: Understanding custom metrics autoscaler trigger authentications
     File: nodes-cma-autoscaling-custom-trigger-auth
   - Name: Pausing the custom metrics autoscaler
     File: nodes-cma-autoscaling-custom-pausing
@@ -2340,8 +2388,18 @@ Topics:
 #   File: nodes-scheduler-node-projects
 # - Name: Keeping your cluster balanced using the descheduler
 #   File: nodes-scheduler-descheduler
-  - Name: Evicting pods using the descheduler
-    File: nodes-descheduler
+  - Name: Descheduler
+    Dir: descheduler
+    Distros: openshift-enterprise
+    Topics:
+    - Name: Descheduler overview
+      File: index
+    - Name: Descheduler release notes
+      File: nodes-descheduler-release-notes
+    - Name: Evicting pods using the descheduler
+      File: nodes-descheduler-configuring
+    - Name: Uninstalling the descheduler
+      File: nodes-descheduler-uninstalling
   - Name: Secondary scheduler
     Dir: secondary_scheduler
     Distros: openshift-enterprise
@@ -2372,8 +2430,9 @@ Topics:
     File: nodes-nodes-working
   - Name: Managing nodes
     File: nodes-nodes-managing
-  - Name: Managing graceful node shutdown
-    File: nodes-nodes-graceful-shutdown
+# Hiding this assembly per @rphillips: "We are trying to enable the feature, but there are cases we are running into where networking does not get enabled at boot."
+#  - Name: Managing graceful node shutdown
+#    File: nodes-nodes-graceful-shutdown
   - Name: Managing the maximum number of pods per node
     File: nodes-nodes-managing-max-pods
   - Name: Using the Node Tuning Operator
@@ -2388,7 +2447,7 @@ Topics:
     File: nodes-nodes-resources-configuring
   - Name: Allocating specific CPUs for nodes in a cluster
     File: nodes-nodes-resources-cpus
-  - Name: Configuring the TLS security profile for the kubelet
+  - Name: Enabling TLS security profiles for the kubelet
     File: nodes-nodes-tls
     Distros: openshift-enterprise,openshift-origin
 #  - Name: Monitoring for problems in your nodes
@@ -2434,13 +2493,9 @@ Topics:
     Distros: openshift-enterprise,openshift-origin
   - Name: Configuring your cluster to place pods on overcommited nodes
     File: nodes-cluster-overcommit
-    Distros: openshift-enterprise,openshift-origin
-  - Name: Configuring the Linux cgroup version on your nodes
-    File: nodes-cluster-cgroups-2
     Distros: openshift-enterprise
   - Name: Configuring the Linux cgroup version on your nodes
-    File: nodes-cluster-cgroups-okd
-    Distros: openshift-origin
+    File: nodes-cluster-cgroups-2
   - Name: Enabling features using FeatureGates
     File: nodes-cluster-enabling-features
     Distros: openshift-enterprise,openshift-origin
@@ -2459,6 +2514,8 @@ Topics:
   Topics:
   - Name: Adding worker nodes to single-node OpenShift clusters
     File: nodes-sno-worker-nodes
+- Name: Node metrics dashboard
+  File: nodes-dashboard-using
 ---
 Name: Windows Container Support for OpenShift
 Dir: windows_containers
@@ -2479,10 +2536,12 @@ Topics:
     File: creating-windows-machineset-aws
   - Name: Creating a Windows machine set on Azure
     File: creating-windows-machineset-azure
-  - Name: Creating a Windows machine set on vSphere
-    File: creating-windows-machineset-vsphere
   - Name: Creating a Windows machine set on GCP
     File: creating-windows-machineset-gcp
+  - Name: Creating a Windows machine set on Nutanix
+    File: creating-windows-machineset-nutanix
+  - Name: Creating a Windows machine set on vSphere
+    File: creating-windows-machineset-vsphere
 - Name: Scheduling Windows container workloads
   File: scheduling-windows-workloads
 - Name: Windows node upgrades
@@ -2506,125 +2565,112 @@ Dir: logging
 Distros: openshift-enterprise,openshift-origin
 Topics:
 - Name: Release notes
-  File: cluster-logging-release-notes
-- Name: Logging 5.7
-  Dir: v5_7
-  Distros: openshift-enterprise,openshift-origin
+  Dir: logging_release_notes
   Topics:
-  - Name: Logging 5.7 Release Notes
+  - Name: Logging 5.8
+    File: logging-5-8-release-notes
+  - Name: Logging 5.7
     File: logging-5-7-release-notes
-  - Name: Getting started with logging
-    File: logging-5-7-getting-started
-  - Name: Understanding Logging
-    File: logging-5-7-architecture
-  - Name: Configuring Logging
-    File: logging-5-7-configuration
-  - Name: Administering Logging
-    File: logging-5-7-administration
-#  Name: Logging Reference
-#  File: logging-5-7-reference
-- Name: Logging 5.6
-  Dir: v5_6
-  Distros: openshift-enterprise,openshift-origin
-  Topics:
-  - Name: Logging 5.6 Release Notes
-    File: logging-5-6-release-notes
-  - Name: Getting started with logging
-    File: logging-5-6-getting-started
-  - Name: Understanding Logging
-    File: logging-5-6-architecture
-  - Name: Configuring Logging
-    File: logging-5-6-configuration
-  - Name: Administering Logging
-    File: logging-5-6-administration
-  - Name: Logging Reference
-    File: logging-5-6-reference
-- Name: Logging 5.5
-  Dir: v5_5
-  Distros: openshift-enterprise,openshift-origin
+- Name: Support
+  File: cluster-logging-support
+- Name: Troubleshooting logging
+  Dir: troubleshooting
   Topics:
-  - Name: Logging 5.5 Release Notes
-    File: logging-5-5-release-notes
-  - Name: Getting started with logging
-    File: logging-5-5-getting-started
-  - Name: Understanding Logging
-    File: logging-5-5-architecture
-  - Name: Administering Logging
-    File: logging-5-5-administration
-#  - Name: Configuring Logging
-#    File: logging-5-5-configuration
-# - Name: Logging Reference
-#    File: logging-5-5-reference
+  - Name: Viewing Logging status
+    File: cluster-logging-cluster-status
+  - Name: Troubleshooting log forwarding
+    File: log-forwarding-troubleshooting
+  - Name: Troubleshooting logging alerts
+    File: troubleshooting-logging-alerts
+  - Name: Viewing the status of the Elasticsearch log store
+    File: cluster-logging-log-store-status
 - Name: About Logging
   File: cluster-logging
 - Name: Installing Logging
   File: cluster-logging-deploying
+- Name: Updating Logging
+  File: cluster-logging-upgrading
   Distros: openshift-enterprise,openshift-origin
+- Name: Visualizing logs
+  Dir: log_visualization
+  Topics:
+  - Name: About log visualization
+    File: log-visualization
+  - Name: Log visualization with the web console
+    File: log-visualization-ocp-console
+  - Name: Viewing cluster dashboards
+    File: cluster-logging-dashboards
+  - Name: Log visualization with Kibana
+    File: logging-kibana
 - Name: Configuring your Logging deployment
   Dir: config
   Distros: openshift-enterprise,openshift-origin
   Topics:
-  - Name: About the Cluster Logging custom resource
-    File: cluster-logging-configuring-cr
-  - Name: Configuring the logging collector
-    File: cluster-logging-collector
-  - Name: Configuring the log store
-    File: cluster-logging-log-store
-  - Name: Configuring the log visualizer
-    File: cluster-logging-visualizer
-  - Name: Configuring Logging storage
-    File: cluster-logging-storage-considerations
   - Name: Configuring CPU and memory limits for Logging components
     File: cluster-logging-memory
-  - Name: Using tolerations to control Logging pod placement
-    File: cluster-logging-tolerations
-  - Name: Moving the Logging resources with node selectors
-    File: cluster-logging-moving-nodes
   - Name: Configuring systemd-journald for Logging
     File: cluster-logging-systemd
-  - Name: Maintenance and support
-    File: cluster-logging-maintenance-support
-- Name: Logging with the LokiStack
-  File: cluster-logging-loki
-- Name: Viewing logs for a specific resource
-  File: viewing-resource-logs
-- Name: Viewing cluster logs in Kibana
-  File: cluster-logging-visualizer
-  Distros: openshift-enterprise,openshift-origin
-- Name: Forwarding logs to third party systems
-  File: cluster-logging-external
-  Distros: openshift-enterprise,openshift-origin
-- Name: Enabling JSON logging
-  File: cluster-logging-enabling-json-logging
-- Name: Collecting and storing Kubernetes events
-  File: cluster-logging-eventrouter
-  Distros: openshift-enterprise,openshift-origin
-# - Name: Forwarding logs using ConfigMaps
-#  File: cluster-logging-external-configmap
-#  Distros: openshift-enterprise,openshift-origin
-- Name: Updating Logging
-  File: cluster-logging-upgrading
-- Name: Viewing cluster dashboards
-  File: cluster-logging-dashboards
-- Name: Troubleshooting Logging
-  Dir: troubleshooting
-  Distros: openshift-enterprise,openshift-origin
-  Topics:
-  - Name: Viewing Logging status
-    File: cluster-logging-cluster-status
-  - Name: Viewing the status of the log store
-    File: cluster-logging-log-store-status
-  - Name: Understanding Logging alerts
-    File: cluster-logging-alerts
-  - Name: Collecting logging data for Red Hat Support
-    File: cluster-logging-must-gather
-  - Name: Troubleshooting for Critical Alerts
-    File: cluster-logging-troubleshooting-for-critical-alerts
+- Name: Log collection and forwarding
+  Dir: log_collection_forwarding
+  Topics:
+  - Name: About log collection and forwarding
+    File: log-forwarding
+  - Name: Log output types
+    File: logging-output-types
+  - Name: Enabling JSON log forwarding
+    File: cluster-logging-enabling-json-logging
+  - Name: Configuring log forwarding
+    File: configuring-log-forwarding
+  - Name: Configuring the logging collector
+    File: cluster-logging-collector
+  - Name: Collecting and storing Kubernetes events
+    File: cluster-logging-eventrouter
+- Name: Log storage
+  Dir: log_storage
+  Topics:
+  - Name: About log storage
+    File: about-log-storage
+  - Name: Installing log storage
+    File: installing-log-storage
+  - Name: Configuring the LokiStack log store
+    File: cluster-logging-loki
+  - Name: Configuring the Elasticsearch log store
+    File: logging-config-es-store
+- Name: Logging alerts
+  Dir: logging_alerts
+  Topics:
+  - Name: Default logging alerts
+    File: default-logging-alerts
+  - Name: Custom logging alerts
+    File: custom-logging-alerts
+- Name: Performance and reliability tuning
+  Dir: performance_reliability
+  Topics:
+  - Name: Flow control mechanisms
+    File: logging-flow-control-mechanisms
+- Name: Scheduling resources
+  Dir: scheduling_resources
+  Topics:
+  - Name: Using node selectors to move logging resources
+    File: logging-node-selectors
+  - Name: Using tolerations to control logging pod placement
+    File: logging-taints-tolerations
 - Name: Uninstalling Logging
   File: cluster-logging-uninstall
 - Name: Exported fields
   File: cluster-logging-exported-fields
   Distros: openshift-enterprise,openshift-origin
+- Name: API reference
+  Dir: api_reference
+  Topics:
+#  - Name: 5.8 Logging API reference
+#    File: logging-5-8-reference
+#  - Name: 5.7 Logging API reference
+#    File: logging-5-7-reference
+  - Name: 5.6 Logging API reference
+    File: logging-5-6-reference
+- Name: Glossary
+  File: logging-common-terms
 ---
 Name: Monitoring
 Dir: monitoring
@@ -2640,24 +2686,155 @@ Topics:
   File: enabling-alert-routing-for-user-defined-projects
 - Name: Managing metrics
   File: managing-metrics
-- Name: Querying metrics
-  File: querying-metrics
-- Name: Managing metrics targets
-  File: managing-metrics-targets
 - Name: Managing alerts
   File: managing-alerts
 - Name: Reviewing monitoring dashboards
   File: reviewing-monitoring-dashboards
-- Name: The NVIDIA GPU administration dashboard
-  File: nvidia-gpu-admin-dashboard
-- Name: Monitoring bare-metal events
-  File: using-rfhe
 - Name: Accessing third-party monitoring APIs
   File: accessing-third-party-monitoring-apis
 - Name: Troubleshooting monitoring issues
   File: troubleshooting-monitoring-issues
 - Name: Config map reference for the Cluster Monitoring Operator
   File: config-map-reference-for-the-cluster-monitoring-operator
+- Name: Cluster Observability Operator
+  Dir: cluster_observability_operator
+  Topics:
+  - Name: Cluster Observability Operator release notes
+    File: cluster-observability-operator-release-notes
+  - Name: Cluster Observability Operator overview
+    File: cluster-observability-operator-overview
+  - Name: Installing the Cluster Observability Operator
+    File: installing-the-cluster-observability-operator
+  - Name: Configuring the Cluster Observability Operator to monitor a service
+    File: configuring-the-cluster-observability-operator-to-monitor-a-service
+---
+Name: Power monitoring
+Dir: power_monitoring
+Distros: openshift-enterprise,openshift-origin
+Topics:
+- Name: Power monitoring release notes
+  File: power-monitoring-release-notes
+- Name: Power monitoring overview
+  File: power-monitoring-overview
+- Name: Installing power monitoring
+  File: installing-power-monitoring
+- Name: Configuring power monitoring
+  File: configuring-power-monitoring
+- Name: Visualizing power monitoring metrics
+  File: visualizing-power-monitoring-metrics
+- Name: Uninstalling power monitoring
+  File: uninstalling-power-monitoring
+---
+Name: Distributed tracing
+Dir: distr_tracing
+Distros: openshift-enterprise
+Topics:
+- Name: Distributed tracing release notes
+  Dir: distr_tracing_rn
+  Topics:
+  - Name: Distributed tracing 3.0
+    File: distr-tracing-rn-3-0
+  - Name: Distributed tracing 2.9.2
+    File: distr-tracing-rn-2-9-2
+  - Name: Distributed tracing 2.9.1
+    File: distr-tracing-rn-2-9-1
+  - Name: Distributed tracing 2.9
+    File: distr-tracing-rn-2-9
+  - Name: Distributed tracing 2.8
+    File: distr-tracing-rn-2-8
+  - Name: Distributed tracing 2.7
+    File: distr-tracing-rn-2-7
+  - Name: Distributed tracing 2.6
+    File: distr-tracing-rn-2-6
+  - Name: Distributed tracing 2.5
+    File: distr-tracing-rn-2-5
+  - Name: Distributed tracing 2.4
+    File: distr-tracing-rn-2-4
+  - Name: Distributed tracing 2.3
+    File: distr-tracing-rn-2-3
+  - Name: Distributed tracing 2.2
+    File: distr-tracing-rn-2-2
+  - Name: Distributed tracing 2.1
+    File: distr-tracing-rn-2-1
+  - Name: Distributed tracing 2.0
+    File: distr-tracing-rn-2-0
+- Name: Distributed tracing architecture
+  Dir: distr_tracing_arch
+  Topics:
+  - Name: Distributed tracing architecture
+    File: distr-tracing-architecture
+- Name: Distributed tracing platform (Jaeger)
+  Dir: distr_tracing_jaeger
+  Topics:
+    - Name: Installation
+      File: distr-tracing-jaeger-installing
+    - Name: Configuration
+      File: distr-tracing-jaeger-configuring
+    - Name: Updating
+      File: distr-tracing-jaeger-updating
+    - Name: Removal
+      File: distr-tracing-jaeger-removing
+- Name: Distributed tracing platform (Tempo)
+  Dir: distr_tracing_tempo
+  Topics:
+    - Name: Installation
+      File: distr-tracing-tempo-installing
+    - Name: Configuration
+      File: distr-tracing-tempo-configuring
+    - Name: Updating
+      File: distr-tracing-tempo-updating
+    - Name: Removal
+      File: distr-tracing-tempo-removing
+---
+Name: Red Hat build of OpenTelemetry
+Dir: otel
+Distros: openshift-enterprise
+Topics:
+- Name: Release notes
+  File: otel-release-notes
+- Name: Installation
+  File: otel-installing
+- Name: Collector configuration
+  File: otel-configuring
+- Name: Instrumentation
+  File: otel-instrumentation
+- Name: Use
+  File: otel-using
+- Name: Troubleshooting
+  File: otel-troubleshooting
+- Name: Migration
+  File: otel-migrating
+- Name: Updating
+  File: otel-updating
+- Name: Removal
+  File: otel-removing
+---
+Name: Network Observability
+Dir: network_observability
+Distros: openshift-enterprise,openshift-origin
+Topics:
+- Name: Network Observability release notes
+  File: network-observability-operator-release-notes
+- Name: Network Observability overview
+  File: network-observability-overview
+- Name: Installing the Network Observability Operator
+  File: installing-operators
+- Name: Understanding Network Observability Operator
+  File: understanding-network-observability-operator
+- Name: Configuring the Network Observability Operator
+  File: configuring-operator
+- Name: Network Policy
+  File: network-observability-network-policy
+- Name: Observing the network traffic
+  File: observing-network-traffic
+- Name: Monitoring the Network Observability Operator
+  File: network-observability-operator-monitoring
+- Name: API reference
+  File: flowcollector-api
+- Name: JSON flows format reference
+  File: json-flows-format-reference
+- Name: Troubleshooting Network Observability
+  File: troubleshooting-network-observability
 ---
 Name: Scalability and performance
 Dir: scalability_and_performance
@@ -2692,17 +2869,19 @@ Topics:
   Dir: optimization
   Distros: openshift-origin,openshift-enterprise
   Topics:
-    - Name: Optimizing storage
-      File: optimizing-storage
-    - Name: Optimizing routing
-      File: routing-optimization
-    - Name: Optimizing networking
-      File: optimizing-networking
-    - Name: Optimizing CPU usage
-      File: optimizing-cpu-usage
+  - Name: Optimizing storage
+    File: optimizing-storage
+  - Name: Optimizing routing
+    File: routing-optimization
+  - Name: Optimizing networking
+    File: optimizing-networking
+  - Name: Optimizing CPU usage
+    File: optimizing-cpu-usage
 - Name: Managing bare metal hosts
   File: managing-bare-metal-hosts
   Distros: openshift-origin,openshift-enterprise
+- Name: Monitoring bare-metal events
+  File: using-rfhe
 - Name: What huge pages do and how they are consumed by apps
   File: what-huge-pages-do-and-how-they-are-consumed-by-apps
   Distros: openshift-origin,openshift-enterprise
@@ -2713,48 +2892,79 @@ Topics:
   File: cnf-performing-platform-verification-latency-tests
 - Name: Improving cluster stability in high latency environments using worker latency profiles
   File: scaling-worker-latency-profiles
-- Name: Topology Aware Lifecycle Manager for cluster updates
-  File: cnf-talm-for-cluster-upgrades
-  Distros: openshift-origin,openshift-enterprise
 - Name: Creating a performance profile
   File: cnf-create-performance-profiles
   Distros: openshift-origin,openshift-enterprise
 - Name: Workload partitioning
   File: enabling-workload-partitioning
   Distros: openshift-origin,openshift-enterprise
-- Name: Requesting CRI-O and Kubelet profiling data by using the Node Observability Operator
+- Name: Using the Node Observability Operator
   File: node-observability-operator
   Distros: openshift-origin,openshift-enterprise
 - Name: Clusters at the network far edge
   Dir: ztp_far_edge
   Distros: openshift-origin,openshift-enterprise
   Topics:
-    - Name: Challenges of the network far edge
-      File: ztp-deploying-far-edge-clusters-at-scale
-    - Name: Preparing the hub cluster for ZTP
-      File: ztp-preparing-the-hub-cluster
-    - Name: Installing managed clusters with RHACM and SiteConfig resources
-      File: ztp-deploying-far-edge-sites
-    - Name: Configuring managed clusters with policies and PolicyGenTemplate resources
-      File: ztp-configuring-managed-clusters-policies
-    - Name: Manually installing a single-node OpenShift cluster with ZTP
-      File: ztp-manual-install
-    - Name: Recommended single-node OpenShift cluster configuration for vDU application workloads
-      File: ztp-reference-cluster-configuration-for-vdu
-    - Name: Validating cluster tuning for vDU application workloads
-      File: ztp-vdu-validating-cluster-tuning
-    - Name: Advanced managed cluster configuration with SiteConfig resources
-      File: ztp-advanced-install-ztp
-    - Name: Advanced managed cluster configuration with PolicyGenTemplate resources
-      File: ztp-advanced-policy-config
-    - Name: Updating managed clusters with the Topology Aware Lifecycle Manager
-      File: ztp-talm-updating-managed-policies
-    - Name: Updating GitOps ZTP
-      File: ztp-updating-gitops
-    - Name: Expanding single-node OpenShift clusters with GitOps ZTP
-      File: ztp-sno-additional-worker-node
-    - Name: Pre-caching images for single-node OpenShift deployments
-      File: ztp-precaching-tool
+  - Name: Challenges of the network far edge
+    File: ztp-deploying-far-edge-clusters-at-scale
+  - Name: Preparing the hub cluster for ZTP
+    File: ztp-preparing-the-hub-cluster
+  - Name: Installing managed clusters with RHACM and SiteConfig resources
+    File: ztp-deploying-far-edge-sites
+  - Name: Configuring managed clusters with policies and PolicyGenTemplate resources
+    File: ztp-configuring-managed-clusters-policies
+  - Name: Manually installing a single-node OpenShift cluster with ZTP
+    File: ztp-manual-install
+  - Name: Recommended single-node OpenShift cluster configuration for vDU application workloads
+    File: ztp-reference-cluster-configuration-for-vdu
+  - Name: Validating cluster tuning for vDU application workloads
+    File: ztp-vdu-validating-cluster-tuning
+  - Name: Advanced managed cluster configuration with SiteConfig resources
+    File: ztp-advanced-install-ztp
+  - Name: Advanced managed cluster configuration with PolicyGenTemplate resources
+    File: ztp-advanced-policy-config
+  - Name: Updating managed clusters with the Topology Aware Lifecycle Manager
+    File: cnf-talm-for-cluster-upgrades
+    Distros: openshift-origin,openshift-enterprise
+  - Name: Updating managed clusters in a disconnected environment with the Topology Aware Lifecycle Manager
+    File: ztp-talm-updating-managed-policies
+  - Name: Updating GitOps ZTP
+    File: ztp-updating-gitops
+  - Name: Expanding single-node OpenShift clusters with GitOps ZTP
+    File: ztp-sno-additional-worker-node
+  - Name: Pre-caching images for single-node OpenShift deployments
+    File: ztp-precaching-tool
+---
+Name: Reference design specifications
+Dir: telco_ref_design_specs
+Distros: openshift-telco
+Topics:
+- Name: Telco reference design specifications
+  File: telco-ref-design-specs-overview
+- Name: Telco RAN DU reference design specification
+  Dir: ran
+  Topics:
+  - Name: Telco RAN DU reference design overview
+    File: telco-ran-ref-design-spec
+  - Name: Telco RAN DU use model overview
+    File: telco-ran-du-overview
+  - Name: RAN DU reference design components
+    File: telco-ran-ref-du-components
+  - Name: RAN DU reference design configuration CRs
+    File: telco-ran-ref-du-crs
+  - Name: Telco RAN DU software specifications
+    File: telco-ran-ref-software-artifacts
+- Name: Telco core reference design specification
+  Dir: core
+  Topics:
+  - Name: Telco core reference design overview
+    File: telco-core-rds-overview
+  - Name: Telco core use model overview
+    File: telco-core-rds-use-cases
+  - Name: Core reference design components
+    File: telco-core-ref-design-components
+  - Name: Core reference design configuration CRs
+    File: telco-core-ref-crs
 ---
 Name: Specialized hardware and driver enablement
 Dir: hardware_enablement
@@ -2779,11 +2989,20 @@ Topics:
   File: graceful-cluster-shutdown
 - Name: Restarting a cluster gracefully
   File: graceful-cluster-restart
-- Name: Application backup and restore
+- Name: OADP Application backup and restore
   Dir: application_backup_and_restore
   Topics:
+  - Name: Introduction to OpenShift API for Data Protection
+    File: oadp-intro
   - Name: OADP release notes
-    File: oadp-release-notes
+    Dir: release-notes
+    Topics:
+    - Name: OADP 1.3 release notes
+      File: oadp-release-notes-1-3
+    - Name: OADP 1.2 release notes
+      File: oadp-release-notes-1-2
+    - Name: OADP 1.1 release notes
+      File: oadp-release-notes-1-1
   - Name: OADP features and plugins
     File: oadp-features-plugins
   - Name: Installing and configuring OADP
@@ -2791,25 +3010,70 @@ Topics:
     Topics:
     - Name: About installing OADP
       File: about-installing-oadp
-    - Name: Installing and configuring OADP with AWS
+    - Name: Installing the OADP Operator
+      File: oadp-installing-operator
+    - Name: Configuring OADP with AWS
       File: installing-oadp-aws
-    - Name: Installing and configuring OADP with Azure
+    - Name: Configuring OADP with Azure
       File: installing-oadp-azure
-    - Name: Installing and configuring OADP with GCP
+    - Name: Configuring OADP with GCP
       File: installing-oadp-gcp
-    - Name: Installing and configuring OADP with MCG
+    - Name: Configuring OADP with MCG
       File: installing-oadp-mcg
-    - Name: Installing and configuring OADP with ODF
+    - Name: Configuring OADP with ODF
       File: installing-oadp-ocs
+  - Name: Uninstalling OADP
+    Dir: installing
+    Topics:
     - Name: Uninstalling OADP
       File: uninstalling-oadp
-  - Name: Backing up and restoring
+  - Name: OADP backing up
     Dir: backing_up_and_restoring
     Topics:
     - Name: Backing up applications
       File: backing-up-applications
+    - Name: Creating a Backup CR
+      File: oadp-creating-backup-cr
+    - Name: Backing up persistent volumes with CSI snapshots
+      File: oadp-backing-up-pvs-csi-doc
+    - Name: Backing up applications with File System Backup
+      File: oadp-backing-up-applications-restic-doc
+    - Name: Creating backup hooks
+      File: oadp-creating-backup-hooks-doc
+    - Name: Scheduling backups using Schedule CR
+      File: oadp-scheduling-backups-doc
+    - Name: Deleting backups
+      File: oadp-deleting-backups-doc
+    - Name: About Kopia
+      File: oadp-about-kopia
+  - Name: OADP restoring
+    Dir: backing_up_and_restoring
+    Topics:
     - Name: Restoring applications
       File: restoring-applications
+  - Name: OADP and ROSA
+    Dir: oadp-rosa
+    Topics:
+    - Name: Backing up applications on ROSA STS using OADP
+      File: oadp-rosa-backing-up-applications
+  - Name: OADP Data Mover
+    Dir: installing
+    Topics:
+    - Name: Introduction to OADP Data Mover
+      File: data-mover-intro
+    - Name: Using Data Mover for CSI snapshots
+      File: oadp-using-data-mover-for-csi-snapshots-doc
+    - Name: Using OADP 1.2 Data Mover with Ceph storage
+      File: oadp-12-data-mover-ceph-doc
+    - Name: Cleaning up after a backup using OADP 1.1 Data Mover
+      File: oadp-cleaning-up-after-data-mover-1-1-backup-doc
+  - Name: OADP 1.3 Data Mover
+    Dir: installing
+    Topics:
+    - Name: About the OADP 1.3 Data Mover
+      File: about-oadp-1-3-data-mover
+    - Name: Backing up and restoring volumes by using CSI snapshots
+      File: oadp-backup-restore-csi-snapshots
   - Name: Troubleshooting
     File: troubleshooting
   - Name: OADP API
@@ -2929,6 +3193,8 @@ Topics:
     File: subjectaccessreview-authorization-openshift-io-v1
   - Name: 'SubjectRulesReview [authorization.openshift.io/v1]'
     File: subjectrulesreview-authorization-openshift-io-v1
+  - Name: 'SelfSubjectReview [authentication.k8s.io/v1]'
+    File: selfsubjectreview-authentication-k8s-io-v1
   - Name: 'TokenRequest [authentication.k8s.io/v1]'
     File: tokenrequest-authentication-k8s-io-v1
   - Name: 'TokenReview [authentication.k8s.io/v1]'
@@ -3022,6 +3288,8 @@ Topics:
     File: consoleplugin-console-openshift-io-v1
   - Name: 'ConsoleQuickStart [console.openshift.io/v1]'
     File: consolequickstart-console-openshift-io-v1
+  - Name: 'ConsoleSample [console.openshift.io/v1]'
+    File: consolesample-console-openshift-io-v1
   - Name: 'ConsoleYAMLSample [console.openshift.io/v1]'
     File: consoleyamlsample-console-openshift-io-v1
 - Name: Extension APIs
@@ -3075,10 +3343,12 @@ Topics:
     File: controlplanemachineset-machine-openshift-io-v1
   - Name: 'KubeletConfig [machineconfiguration.openshift.io/v1]'
     File: kubeletconfig-machineconfiguration-openshift-io-v1
-  - Name: 'MachineConfigPool [machineconfiguration.openshift.io/v1]'
-    File: machineconfigpool-machineconfiguration-openshift-io-v1
   - Name: 'MachineConfig [machineconfiguration.openshift.io/v1]'
     File: machineconfig-machineconfiguration-openshift-io-v1
+  - Name: 'MachineConfigNode [machineconfiguration.openshift.io/v1alpha1]'
+    File: machineconfignode-machineconfiguration-openshift-io-v1alpha1
+  - Name: 'MachineConfigPool [machineconfiguration.openshift.io/v1]'
+    File: machineconfigpool-machineconfiguration-openshift-io-v1
   - Name: 'MachineHealthCheck [machine.openshift.io/v1beta1]'
     File: machinehealthcheck-machine-openshift-io-v1beta1
   - Name: 'Machine [machine.openshift.io/v1beta1]'
@@ -3117,6 +3387,10 @@ Topics:
     File: alertmanager-monitoring-coreos-com-v1
   - Name: 'AlertmanagerConfig [monitoring.coreos.com/v1beta1]'
     File: alertmanagerconfig-monitoring-coreos-com-v1beta1
+  - Name: 'AlertRelabelConfig [monitoring.openshift.io/v1]'
+    File: alertrelabelconfig-monitoring-openshift-io-v1
+  - Name: 'AlertingRule [monitoring.openshift.io/v1]'
+    File: alertingrule-monitoring-openshift-io-v1
   - Name: 'PodMonitor [monitoring.coreos.com/v1]'
     File: podmonitor-monitoring-coreos-com-v1
   - Name: 'Probe [monitoring.coreos.com/v1]'
@@ -3134,6 +3408,8 @@ Topics:
   Topics:
   - Name: About Network APIs
     File: network-apis-index
+  - Name: 'AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]'
+    File: adminpolicybasedexternalroute-k8s-ovn-org-v1
   - Name: 'CloudPrivateIPConfig [cloud.network.openshift.io/v1]'
     File: cloudprivateipconfig-cloud-network-openshift-io-v1
   - Name: 'EgressFirewall [k8s.ovn.org/v1]'
@@ -3142,6 +3418,8 @@ Topics:
     File: egressip-k8s-ovn-org-v1
   - Name: 'EgressQoS [k8s.ovn.org/v1]'
     File: egressqos-k8s-ovn-org-v1
+  - Name: 'EgressService [k8s.ovn.org/v1]'
+    File: egressservice-k8s-ovn-org-v1
   - Name: 'Endpoints [undefined/v1]'
     File: endpoints-v1
   - Name: 'EndpointSlice [discovery.k8s.io/v1]'
@@ -3239,6 +3517,8 @@ Topics:
     File: kubescheduler-operator-openshift-io-v1
   - Name: 'KubeStorageVersionMigrator [operator.openshift.io/v1]'
     File: kubestorageversionmigrator-operator-openshift-io-v1
+  - Name: 'MachineConfiguration [operator.openshift.io/v1]'
+    File: machineconfiguration-operator-openshift-io-v1
   - Name: 'Network [operator.openshift.io/v1]'
     File: network-operator-openshift-io-v1
   - Name: 'OpenShiftAPIServer [operator.openshift.io/v1]'
@@ -3352,14 +3632,14 @@ Topics:
     File: appliedclusterresourcequota-quota-openshift-io-v1
   - Name: 'ClusterResourceQuota [quota.openshift.io/v1]'
     File: clusterresourcequota-quota-openshift-io-v1
-  - Name: 'FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]'
-    File: flowschema-flowcontrol-apiserver-k8s-io-v1beta1
+  - Name: 'FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]'
+    File: flowschema-flowcontrol-apiserver-k8s-io-v1beta3
   - Name: 'LimitRange [undefined/v1]'
     File: limitrange-v1
   - Name: 'PriorityClass [scheduling.k8s.io/v1]'
     File: priorityclass-scheduling-k8s-io-v1
-  - Name: 'PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]'
-    File: prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1
+  - Name: 'PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta3]'
+    File: prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3
   - Name: 'ResourceQuota [undefined/v1]'
     File: resourcequota-v1
 - Name: Security APIs
@@ -3501,7 +3781,7 @@ Topics:
     File: installing-ossm
   - Name: Creating the ServiceMeshControlPlane
     File: ossm-create-smcp
-  - Name: Adding workloads to a service mesh
+  - Name: Adding services to a service mesh
     File: ossm-create-mesh
   - Name: Enabling sidecar injection
     File: prepare-to-deploy-applications-ossm
@@ -3565,31 +3845,6 @@ Topics:
   - Name: Removing Service Mesh
     File: removing-ossm
 ---
-Name: Distributed tracing
-Dir: distr_tracing
-Distros: openshift-enterprise
-Topics:
-- Name: Distributed tracing release notes
-  File: distributed-tracing-release-notes
-- Name: Distributed tracing architecture
-  Dir: distr_tracing_arch
-  Topics:
-  - Name: Distributed tracing architecture
-    File: distr-tracing-architecture
-- Name: Distributed tracing installation
-  Dir: distr_tracing_install
-  Topics:
-  - Name: Installing distributed tracing
-    File: distr-tracing-installing
-  - Name: Configuring the distributed tracing platform
-    File: distr-tracing-deploying-jaeger
-  - Name: Configuring distributed tracing data collection
-    File: distr-tracing-deploying-otel
-  - Name: Upgrading distributed tracing
-    File: distr-tracing-updating
-  - Name: Removing distributed tracing
-    File: distr-tracing-removing
----
 Name: Virtualization
 Dir: virt
 Distros: openshift-enterprise,openshift-origin
@@ -3626,7 +3881,7 @@ Topics:
   - Name: Getting started with OKD Virtualization
     File: virt-getting-started
     Distros: openshift-origin
-  - Name: Using the virtctl and libguestfs CLI tools
+  - Name: virtctl and libguestfs
     File: virt-using-the-cli-tools
   - Name: Web console overview
     File: virt-web-console-overview
@@ -3642,18 +3897,23 @@ Topics:
   - Name: Installing OKD Virtualization
     File: installing-virt
     Distros: openshift-origin
-  - Name: Specifying nodes for OpenShift Virtualization components
-    File: virt-specifying-nodes-for-virtualization-components
-    Distros: openshift-enterprise
-  - Name: Specifying nodes for OKD Virtualization components
-    File: virt-specifying-nodes-for-virtualization-components
-    Distros: openshift-origin
   - Name: Uninstalling OpenShift Virtualization
     File: uninstalling-virt
     Distros: openshift-enterprise
   - Name: Uninstalling OKD Virtualization
     File: uninstalling-virt
     Distros: openshift-origin
+- Name: Postinstallation configuration
+  Dir: post_installation_configuration
+  Topics:
+  - Name: Postinstallation configuration
+    File: virt-post-install-config
+  - Name: Node placement rules
+    File: virt-node-placement-virt-components
+  - Name: Network configuration
+    File: virt-post-install-network-config
+  - Name: Storage configuration
+    File: virt-post-install-storage-config
 - Name: Updating
   Dir: updating
   Topics:
@@ -3666,9 +3926,36 @@ Topics:
 - Name: Virtual machines
   Dir: virtual_machines
   Topics:
-###VIRTUAL MACHINE CHESS SALAD (silly name to highlight that the commented out assemblies need to be checked against merged filenams)
-  - Name: Creating virtual machines
-    File: virt-create-vms
+  - Name: Creating VMs from Red Hat images
+    Dir: creating_vms_rh
+    Topics:
+    - Name: Creating VMs from Red Hat images overview
+      File: virt-creating-vms-from-rh-images-overview
+    - Name: Creating VMs from instance types
+      File: virt-creating-vms-from-instance-types
+    - Name: Creating VMs from templates
+      File: virt-creating-vms-from-templates
+    - Name: Creating VMs from the CLI
+      File: virt-creating-vms-from-cli
+  - Name: Creating VMs from custom images
+    Dir: creating_vms_custom
+    Topics:
+    - Name: Creating VMs from custom images overview
+      File: virt-creating-vms-from-custom-images-overview
+    - Name: Creating VMs by using container disks
+      File: virt-creating-vms-from-container-disks
+    - Name: Creating VMs by importing images from web pages
+      File: virt-creating-vms-from-web-images
+    - Name: Creating VMs by uploading images
+      File: virt-creating-vms-uploading-images
+    - Name: Creating VMs by cloning PVCs
+      File: virt-creating-vms-by-cloning-pvcs
+    - Name: Installing the QEMU guest agent and VirtIO drivers
+      File: virt-installing-qemu-guest-agent
+  - Name: Connecting to VM consoles
+    File: virt-accessing-vm-consoles
+  - Name: Configuring SSH access to VMs
+    File: virt-accessing-vm-ssh
   - Name: Editing virtual machines
     File: virt-edit-vms
   - Name: Editing boot order
@@ -3681,16 +3968,6 @@ Topics:
     File: virt-manage-vmis
   - Name: Controlling virtual machine states
     File: virt-controlling-vm-states
-  - Name: Accessing virtual machine consoles
-    File: virt-accessing-vm-consoles
-  - Name: Automating Windows installation with sysprep
-    File: virt-automating-windows-sysprep
-  - Name: Triggering virtual machine failover by resolving a failed node
-    File: virt-triggering-vm-failover-resolving-failed-node
-  - Name: Installing the QEMU guest agent and VirtIO drivers
-    File: virt-installing-qemu-guest-agent
-  - Name: Viewing the QEMU guest agent information for virtual machines
-    File: virt-viewing-qemu-guest-agent-web
   - Name: Using virtual Trusted Platform Module devices
     File: virt-using-vtpm-devices
   - Name: Managing virtual machines with OpenShift Pipelines
@@ -3719,153 +3996,103 @@ Topics:
       File: virt-schedule-vms
     - Name: Configuring PCI passthrough
       File: virt-configuring-pci-passthrough
-    - Name: Configuring vGPU passthrough
-      File: virt-configuring-vgpu-passthrough
-    - Name: Configuring mediated devices
-      File: virt-configuring-mediated-devices
+    - Name: Configuring virtual GPUs
+      File: virt-configuring-virtual-gpus
     - Name: Enabling descheduler evictions on virtual machines
       File: virt-enabling-descheduler-evictions
-# Importing virtual machines
-  - Name: Importing virtual machines
-    Dir: importing_vms
-    Topics:
-    - Name: TLS certificates for data volume imports
-      File: virt-tls-certificates-for-dv-imports
-    - Name: Importing virtual machine images with data volumes
-      File: virt-importing-virtual-machine-images-datavolumes
-# Cloning virtual machines
-  - Name: Cloning virtual machines
-    Dir: cloning_vms
-    Topics:
-    - Name: Enabling user permissions to clone data volumes across namespaces
-      File: virt-enabling-user-permissions-to-clone-datavolumes
-    - Name: Cloning a virtual machine disk into a new data volume
-      File: virt-cloning-vm-disk-into-new-datavolume
-    - Name: Cloning a virtual machine by using a data volume template
-      File: virt-cloning-vm-using-datavolumetemplate
-    - Name: Cloning a virtual machine disk into a new block storage persistent volume claim
-      File: virt-cloning-vm-disk-into-new-block-storage-pvc
-# Virtual machine networking
-  - Name: Virtual machine networking
-    Dir: vm_networking
-    Topics:
-    - Name: Configuring a virtual machine for the default pod network
-      File: virt-using-the-default-pod-network-with-virt
-      Distros: openshift-enterprise
-    - Name: Configuring a virtual machine for the default pod network with OKD Virtualization
-      File: virt-using-the-default-pod-network-with-virt
-      Distros: openshift-origin
-    - Name: Creating a service to expose a virtual machine
-      File: virt-creating-service-vm
-    - Name: Connecting a virtual machine to a Linux bridge network
-      File: virt-attaching-vm-multiple-networks
-    - Name: Connecting a virtual machine to an SR-IOV network
-      File: virt-attaching-vm-to-sriov-network
-    - Name: Connecting a virtual machine to a service mesh
-      File: virt-connecting-vm-to-service-mesh
-    - Name: Configuring IP addresses for virtual machines
-      File: virt-configuring-ip-for-vms
-    - Name: Viewing the IP address of NICs on a virtual machine
-      File: virt-viewing-ip-of-vm-nic
-    - Name: Accessing a virtual machine on a secondary network by using the cluster domain name
-      File: virt-accessing-vm-secondary-network-fqdn
-    - Name: Using a MAC address pool for virtual machines
-      File: virt-using-mac-address-pool-for-vms
-#A BETTER NAME THAN 'STORAGE 4 U'
-  - Name: Virtual machine disks
+    - Name: About high availability for virtual machines
+      File: virt-high-availability-for-vms
+    - Name: Control plane tuning
+      File: virt-vm-control-plane-tuning
+  - Name: VM disks
     Dir: virtual_disks
     Topics:
-    - Name: Configuring local storage for virtual machines
-      File: virt-configuring-local-storage-for-vms
-    - Name: Creating data volumes
-      File: virt-creating-data-volumes
-    - Name: Reserving PVC space for file system overhead
-      File: virt-reserving-pvc-space-fs-overhead
-    - Name: Configuring CDI to work with namespaces that have a compute resource quota
-      File: virt-configuring-cdi-for-namespace-resourcequota
-    - Name: Managing data volume annotations
-      File: virt-managing-data-volume-annotations
-    - Name: Using preallocation for data volumes
-      File: virt-using-preallocation-for-datavolumes
-    - Name: Uploading local disk images by using the web console
-      File: virt-uploading-local-disk-images-web
-    - Name: Uploading local disk images by using the virtctl tool
-      File: virt-uploading-local-disk-images-virtctl
-    - Name: Uploading a local disk image to a block storage persistent volume claim
-      File: virt-uploading-local-disk-images-block
-    - Name: Managing virtual machine snapshots
-      File: virt-managing-vm-snapshots
-    - Name: Moving a local virtual machine disk to a different node
-      File: virt-moving-local-vm-disk-to-different-node
-    - Name: Expanding virtual storage by adding blank disk images
-      File: virt-expanding-virtual-storage-with-blank-disk-images
-    - Name: Cloning a data volume using smart-cloning
-      File: virt-cloning-a-datavolume-using-smart-cloning
-    - Name: Hot plugging virtual disks
+    - Name: Hot-plugging VM disks
       File: virt-hot-plugging-virtual-disks
-    - Name: Using container disks with virtual machines
-      File: virt-using-container-disks-with-vms
-    - Name: Preparing CDI scratch space
-      File: virt-preparing-cdi-scratch-space
-    - Name: Re-using statically provisioned persistent volumes
-      File: virt-reusing-statically-provisioned-persistent-volumes
-    - Name: Expanding a virtual machine disk
-      File: virt-expanding-vm-disk
-# Templates
-- Name: Virtual machine templates
-  Dir: vm_templates
-  Topics:
-  - Name: Creating virtual machine templates
-    File: virt-creating-vm-template
-  - Name: Editing virtual machine templates
-    File: virt-editing-vm-template
-  - Name: Enabling dedicated resources for a virtual machine template
-    File: virt-dedicated-resources-vm-template
-  - Name: Deploying a virtual machine template to a custom namespace
-    File: virt-deploying-vm-template-to-custom-namespace
-  - Name: Deleting a virtual machine template
-    File: virt-deleting-vm-template
-  - Name: Creating and using boot sources
-    File: virt-creating-and-using-boot-sources
+    - Name: Expanding VM disks
+      File: virt-expanding-vm-disks
+    - Name: Configuring shared volumes
+      File: virt-configuring-shared-volumes-for-vms
+- Name: Networking
+  Dir: vm_networking
+  Topics:
+  - Name: Networking configuration overview
+    File: virt-networking-overview
+  - Name: Connecting a VM to the default pod network
+    File: virt-connecting-vm-to-default-pod-network
+  - Name: Exposing a VM by using a service
+    File: virt-exposing-vm-with-service
+  - Name: Connecting a VM to a Linux bridge network
+    File: virt-connecting-vm-to-linux-bridge
+  - Name: Connecting a VM to an SR-IOV network
+    File: virt-connecting-vm-to-sriov
+  - Name: Using DPDK with SR-IOV
+    File: virt-using-dpdk-with-sriov
+  - Name: Connecting a VM to an OVN-Kubernetes secondary network
+    File: virt-connecting-vm-to-ovn-secondary-network
+  - Name: Hot plugging secondary network interfaces
+    File: virt-hot-plugging-network-interfaces
+  - Name: Connecting a VM to a service mesh
+    File: virt-connecting-vm-to-service-mesh
+  - Name: Configuring a dedicated network for live migration
+    File: virt-dedicated-network-live-migration
+  - Name: Configuring and viewing IP addresses
+    File: virt-configuring-viewing-ips-for-vms
+  - Name: Accessing a VM by using the cluster FQDN
+    File: virt-accessing-vm-secondary-network-fqdn
+  - Name: Managing MAC address pools for network interfaces
+    File: virt-using-mac-address-pool-for-vms
+- Name: Storage
+  Dir: storage
+  Topics:
+  - Name: Storage configuration overview
+    File: virt-storage-config-overview
+  - Name: Configuring storage profiles
+    File: virt-configuring-storage-profile
   - Name: Managing automatic boot source updates
     File: virt-automatic-bootsource-updates
-    Distros: openshift-enterprise
+  - Name: Reserving PVC space for file system overhead
+    File: virt-reserving-pvc-space-fs-overhead
+  - Name: Configuring local storage by using HPP
+    File: virt-configuring-local-storage-with-hpp
+  - Name: Enabling user permissions to clone data volumes across namespaces
+    File: virt-enabling-user-permissions-to-clone-datavolumes
+  - Name: Configuring CDI to override CPU and memory quotas
+    File: virt-configuring-cdi-for-namespace-resourcequota
+  - Name: Preparing CDI scratch space
+    File: virt-preparing-cdi-scratch-space
+  - Name: Using preallocation for data volumes
+    File: virt-using-preallocation-for-datavolumes
+  - Name: Managing data volume annotations
+    File: virt-managing-data-volume-annotations
 # Virtual machine live migration
 - Name: Live migration
   Dir: live_migration
   Topics:
-  - Name: Virtual machine live migration
-    File: virt-live-migration
-  - Name: Live migration limits and timeouts
-    File: virt-live-migration-limits
-  - Name: Migrating a virtual machine instance to another node
-    File: virt-migrate-vmi
-  - Name: Migrating a virtual machine over a dedicated additional network
-    File: virt-migrating-vm-on-secondary-network
-  - Name: Cancelling the live migration of a virtual machine instance
-    File: virt-cancel-vmi-migration
-  - Name: Configuring virtual machine eviction strategy
-    File: virt-configuring-vmi-eviction-strategy
-  - Name: Configuring live migration policies
-    File: virt-configuring-live-migration-policies
+  - Name: About live migration
+    File: virt-about-live-migration
+  - Name: Configuring live migration
+    File: virt-configuring-live-migration
+  - Name: Initiating and canceling live migration
+    File: virt-initiating-live-migration
 # Node maintenance mode
-- Name: Node maintenance
-  Dir: node_maintenance
+- Name: Nodes
+  Dir: nodes
   Topics:
-  - Name: About node maintenance
-    File: virt-about-node-maintenance
-  - Name: Automatic renewal of TLS certificates
-    File: virt-automatic-certificates
+  - Name: Node maintenance
+    File: virt-node-maintenance
   - Name: Managing node labeling for obsolete CPU models
     File: virt-managing-node-labeling-obsolete-cpu-models
   - Name: Preventing node reconciliation
     File: virt-preventing-node-reconciliation
+  - Name: Deleting a failed node to trigger VM failover
+    File: virt-triggering-vm-failover-resolving-failed-node
 - Name: Monitoring
   Dir: monitoring
   Topics:
   - Name: Monitoring overview
     File: virt-monitoring-overview
-  - Name: OpenShift cluster checkup framework
+  - Name: Cluster checkup framework
     File: virt-running-cluster-checkups
   - Name: Prometheus queries for virtual resources
     File: virt-prometheus-queries
@@ -3888,6 +4115,8 @@ Topics:
 - Name: Backup and restore
   Dir: backup_restore
   Topics:
+  - Name: Backup and restore by using VM snapshots
+    File: virt-backup-restore-snapshots
   - Name: Installing and configuring OADP
     File: virt-installing-configuring-oadp
   - Name: Backing up and restoring virtual machines
@@ -3899,13 +4128,3 @@ Topics:
 #  - Name: Collecting OKD Virtualization data for community report
 #    File: virt-collecting-virt-data
 #    Distros: openshift-origin
----
-Name: Serverless
-Dir: serverless
-Distros: openshift-enterprise
-Topics:
-- Name: About Serverless
-  Dir: about
-  Topics:
-  - Name: Serverless overview
-    File: about-serverless
diff --git a/_topic_maps/_topic_map_ms.yml b/_topic_maps/_topic_map_ms.yml
index 89ecb5beec1d..23c25eff3588 100644
--- a/_topic_maps/_topic_map_ms.yml
+++ b/_topic_maps/_topic_map_ms.yml
@@ -23,26 +23,24 @@
 
 ---
 Name: About
-Dir: welcome
+Dir: microshift_welcome
 Distros: microshift
 Topics:
 - Name: Welcome
   File: index
-- Name: Legal notice
-  File: legal-notice
 ---
 Name: Release notes
 Dir: microshift_release_notes
 Distros: microshift
 Topics:
-- Name: MicroShift 4.14 release notes
-  File: microshift-4-14-release-notes
+- Name: Red Hat build of MicroShift 4.15 release notes
+  File: microshift-4-15-release-notes
 ---
 Name: Getting started
 Dir: microshift_getting_started
 Distros: microshift
 Topics:
-- Name: Understanding MicroShift
+- Name: Understanding Red Hat build of MicroShift
   File: microshift-understanding
 - Name: Architecture
   File: microshift-architecture
@@ -51,28 +49,44 @@ Name: Installing
 Dir: microshift_install
 Distros: microshift
 Topics:
-- Name: Installing from RPM
+- Name: Installing from an RPM package
   File: microshift-install-rpm
+- Name: Using FIPS mode
+  File: microshift-fips
+- Name: Mirroring container images for disconnected installations
+  File: microshift-deploy-with-mirror-registry
 - Name: Embedding in a RHEL for Edge image
   File: microshift-embed-in-rpm-ostree
-- Name: Greenboot health check
+- Name: Embedding in a RHEL for Edge image for offline use
+  File: microshift-embed-in-rpm-ostree-offline-use
+- Name: Understanding system health checks
   File: microshift-greenboot
+- Name: Troubleshooting installation issues
+  File: microshift-installing-troubleshooting
 ---
-Name: Updating clusters
+Name: Updating
 Dir: microshift_updating
 Distros: microshift
 Topics:
-- Name: About MicroShift updates
+- Name: About updates
   File: microshift-about-updates
+- Name: Update options
+  File: microshift-update-options
+- Name: Updates with rpm-ostree systems
+  File: microshift-update-rpms-ostree
+- Name: Manual updates with RPMs
+  File: microshift-update-rpms-manually
 ---
 Name: Support
 Dir: microshift_support
 Distros: microshift
 Topics:
-- Name: MicroShift etcd
+- Name: The etcd service
   File: microshift-etcd
-- Name: MicroShift sos report
+- Name: The sos report tool
   File: microshift-sos-report
+- Name: Getting support
+  File: microshift-getting-support
 ---
 Name: API reference
 Dir: microshift_rest_api
@@ -82,16 +96,275 @@ Topics:
   File: understanding-api-support-tiers
 - Name: API compatibility guidelines
   File: understanding-compatibility-guidelines
+- Name: API index
+  File: index
+- Name: API object reference
+  Dir: objects
+  Topics:
+  - Name: API objects reference
+    File: index
+- Name: Extension APIs
+  Dir: api_extensions_apis
+  Topics:
+  - Name: Extension APIs
+    File: api-extensions-apis-index
+  - Name: CustomResourceDefinition [apiextensions.k8s.io/v1]
+    File: customresourcedefinition-apiextensions-k8s-io-v1
+- Name: Registration APIs
+  Dir: api_registration_apis
+  Topics:
+  - Name: Registration APIs
+    File: api-registration-apis-index
+  - Name: APIService [apiregistration.k8s.io/v1]
+    File: apiservice-apiregistration-k8s-io-v1
+- Name: Apps APIs
+  Dir: apps_apis
+  Topics:
+  - Name: Apps APIs
+    File: apps-apis-index
+  - Name: ControllerRevision [apps/v1]
+    File: controllerrevision-apps-v1
+  - Name: DaemonSet [apps/v1]
+    File: daemonset-apps-v1
+  - Name: Deployment [apps/v1]
+    File: deployment-apps-v1
+  - Name: ReplicaSet [apps/v1]
+    File: replicaset-apps-v1
+  - Name: StatefulSet [apps/v1]
+    File: statefulset-apps-v1
+- Name: Authentication APIs
+  Dir: authentication_apis
+  Topics:
+  - Name: Authentication APIs
+    File: authentication-apis-index
+  - Name: TokenRequest [authentication.k8s.io/v1]
+    File: tokenrequest-authentication-k8s-io-v1
+  - Name: TokenReview [authentication.k8s.io/v1]
+    File: tokenreview-authentication-k8s-io-v1
+- Name: Authorization APIs
+  Dir: authorization_apis
+  Topics:
+  - Name: Authorization APIs
+    File: authorization-apis-index
+  - Name: LocalSubjectAccessReview [authorization.k8s.io/v1]
+    File: localsubjectaccessreview-authorization-k8s-io-v1
+  - Name: SelfSubjectAccessReview [authorization.k8s.io/v1]
+    File: selfsubjectaccessreview-authorization-k8s-io-v1
+  - Name: SelfSubjectRulesReview [authorization.k8s.io/v1]
+    File: selfsubjectrulesreview-authorization-k8s-io-v1
+  - Name: SubjectAccessReview [authorization.k8s.io/v1]
+    File: subjectaccessreview-authorization-k8s-io-v1
+- Name: Autoscaling APIs
+  Dir: autoscaling_apis
+  Topics:
+  - Name: Autoscaling APIs
+    File: autoscaling-apis-index
+  - Name: HorizontalPodAutoscaler [autoscaling/v2]
+    File: horizontalpodautoscaler-autoscaling-v2
+  - Name: Scale [autoscaling/v1]
+    File: scale-autoscaling-v1
+- Name: Batch APIs
+  Dir: batch_apis
+  Topics:
+  - Name: Batch APIs
+    File: batch-apis-index
+  - Name: CronJob [batch/v1]
+    File: cronjob-batch-v1
+  - Name: Job [batch/v1]
+    File: job-batch-v1
+- Name: Certificates APIs
+  Dir: certificates_apis
+  Topics:
+  - Name: Certificates APIs
+    File: certificates-apis-index
+  - Name: CertificateSigningRequest [certificates.k8s.io/v1]
+    File: certificatesigningrequest-certificates-k8s-io-v1
+- Name: Coordination APIs
+  Dir: coordination_apis
+  Topics:
+  - Name: Coordination APIs
+    File: coordination-apis-index
+  - Name: Lease [coordination.k8s.io/v1]
+    File: lease-coordination-k8s-io-v1
+- Name: Core APIs
+  Dir: core_apis
+  Topics:
+  - Name: Core APIs
+    File: core-apis-index
+  - Name: Binding [v1]
+    File: binding-v1
+  - Name: ComponentStatus [v1]
+    File: componentstatus-v1
+  - Name: ConfigMap [v1]
+    File: configmap-v1
+  - Name: Endpoints [v1]
+    File: endpoints-v1
+  - Name: Event [v1]
+    File: event-v1
+  - Name: LimitRange [v1]
+    File: limitrange-v1
+  - Name: Namespace [v1]
+    File: namespace-v1
+  - Name: Node [v1]
+    File: node-v1
+  - Name: PersistentVolume [v1]
+    File: persistentvolume-v1
+  - Name: PersistentVolumeClaim [v1]
+    File: persistentvolumeclaim-v1
+  - Name: Pod [v1]
+    File: pod-v1
+  - Name: PodTemplate [v1]
+    File: podtemplate-v1
+  - Name: ReplicationController [v1]
+    File: replicationcontroller-v1
+  - Name: ResourceQuota [v1]
+    File: resourcequota-v1
+  - Name: Secret [v1]
+    File: secret-v1
+  - Name: Service [v1]
+    File: service-v1
+  - Name: ServiceAccount [v1]
+    File: serviceaccount-v1
+- Name: Discovery APIs
+  Dir: discovery_apis
+  Topics:
+  - Name: Discovery APIs
+    File: discovery-apis-index
+  - Name: EndpointSlice [discovery.k8s.io/v1]
+    File: endpointslice-discovery-k8s-io-v1
+- Name: Events APIs
+  Dir: events_apis
+  Topics:
+  - Name: Events APIs
+    File: events-apis-index
+  - Name: Event [events.k8s.io/v1]
+    File: event-events-k8s-io-v1
+- Name: Flow Control APIs
+  Dir: flow_control_apis
+  Topics:
+  - Name: Flow Control APIs
+    File: flow-control-apis-index
+  - Name: FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
+    File: flowschema-flowcontrol-apiserver-k8s-io-v1beta3
+  - Name: PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta3]
+    File: prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3
+- Name: Networking APIs
+  Dir: networking_apis
+  Topics:
+  - Name: Networking APIs
+    File: networking-apis-index
+  - Name: Ingress [networking.k8s.io/v1]
+    File: ingress-networking-k8s-io-v1
+  - Name: IngressClass [networking.k8s.io/v1]
+    File: ingressclass-networking-k8s-io-v1
+  - Name: NetworkPolicy [networking.k8s.io/v1]
+    File: networkpolicy-networking-k8s-io-v1
+- Name: Node APIs
+  Dir: node_apis
+  Topics:
+  - Name: Node APIs
+    File: node-apis-index
+  - Name: RuntimeClass [node.k8s.io/v1]
+    File: runtimeclass-node-k8s-io-v1
+- Name: Policy APIs
+  Dir: policy_apis
+  Topics:
+  - Name: Policy APIs
+    File: policy-apis-index
+  - Name: Eviction [policy/v1]
+    File: eviction-policy-v1
+  - Name: PodDisruptionBudget [policy/v1]
+    File: poddisruptionbudget-policy-v1
+- Name: RBAC APIs
+  Dir: rbac_apis
+  Topics:
+  - Name: RBAC APIs
+    File: rbac-apis-index
+  - Name: ClusterRole [rbac.authorization.k8s.io/v1]
+    File: clusterrole-rbac-authorization-k8s-io-v1
+  - Name: ClusterRoleBinding [rbac.authorization.k8s.io/v1]
+    File: clusterrolebinding-rbac-authorization-k8s-io-v1
+  - Name: Role [rbac.authorization.k8s.io/v1]
+    File: role-rbac-authorization-k8s-io-v1
+  - Name: RoleBinding [rbac.authorization.k8s.io/v1]
+    File: rolebinding-rbac-authorization-k8s-io-v1
 - Name: Network APIs
   Dir: network_apis
   Topics:
+  - Name: Network APIs
+    File: network-apis-index
   - Name: Route [route.openshift.io/v1]
     File: route-route-openshift-io-v1
+- Name: Scheduling APIs
+  Dir: scheduling_apis
+  Topics:
+  - Name: Scheduling APIs
+    File: scheduling-apis-index
+  - Name: PriorityClass [scheduling.k8s.io/v1]
+    File: priorityclass-scheduling-k8s-io-v1
 - Name: Security APIs
   Dir: security_apis
   Topics:
+  - Name: Security APIs
+    File: security-apis-index
   - Name: SecurityContextConstraints [security.openshift.io/v1]
     File: securitycontextconstraints-security-openshift-io-v1
+- Name: Security-Internal APIs
+  Dir: security_internal_apis
+  Topics:
+  - Name: Security Internal APIs
+    File: security-internal-apis-index
+  - Name: RangeAllocation [security.internal.openshift.io/v1]
+    File: rangeallocation-security-internal-openshift-io-v1
+- Name: Snapshot APIs
+  Dir: snapshot_apis
+  Topics:
+  - Name: CSI Snapshot APIs
+    File: snapshot-apis-index
+  - Name: VolumeSnapshot [snapshot.storage.k8s.io/v1]
+    File: volumesnapshot-snapshot-storage-k8s-io-v1
+  - Name: VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
+    File: volumesnapshotclass-snapshot-storage-k8s-io-v1
+  - Name: VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
+    File: volumesnapshotcontent-snapshot-storage-k8s-io-v1
+- Name: Storage APIs
+  Dir: storage_apis
+  Topics:
+  - Name: Storage APIs
+    File: storage-apis-index
+  - Name: CSIDriver [storage.k8s.io/v1]
+    File: csidriver-storage-k8s-io-v1
+  - Name: CSINode [storage.k8s.io/v1]
+    File: csinode-storage-k8s-io-v1
+  - Name: CSIStorageCapacity [storage.k8s.io/v1]
+    File: csistoragecapacity-storage-k8s-io-v1
+  - Name: StorageClass [storage.k8s.io/v1]
+    File: storageclass-storage-k8s-io-v1
+  - Name: VolumeAttachment [storage.k8s.io/v1]
+    File: volumeattachment-storage-k8s-io-v1
+- Name: Storage Version Migration APIs
+  Dir: storage_version_migration_apis
+  Topics:
+  - Name: Storage Version Migration APIs
+    File: storage-version-migration-apis-index
+  - Name: StorageVersionMigration [migration.k8s.io/v1alpha1]
+    File: storageversionmigration-migration-k8s-io-v1alpha1
+- Name: TopoLVM APIs
+  Dir: topolvm_apis
+  Topics:
+  - Name: TopoLVM APIs
+    File: topolvm-apis-index
+  - Name: LogicalVolume [topolvm.io/v1]
+    File: logicalvolume-topolvm-io-v1
+- Name: Webhook APIs
+  Dir: webhook_apis
+  Topics:
+  - Name: Webhook APIs
+    File: webhook-apis-index
+  - Name: MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
+    File: mutatingwebhookconfiguration-admissionregistration-k8s-io-v1
+  - Name: ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
+    File: validatingwebhookconfiguration-admissionregistration-k8s-io-v1
 ---
 Name: CLI tools
 Dir: microshift_cli_ref
@@ -118,47 +391,82 @@ Topics:
   File: microshift-using-config-tools
 - Name: Cluster access with kubeconfig
   File: microshift-cluster-access-kubeconfig
+- Name: Checking the status of Greenboot health checks
+  File: microshift-greenboot-checking-status
 ---
 Name: Networking
 Dir: microshift_networking
 Distros: microshift
 Topics:
-- Name: Networking settings
-  File: microshift-networking
+- Name: About the networking plugin
+  File: microshift-cni
+- Name: Using networking settings
+  File: microshift-networking-settings
 - Name: Firewall configuration
   File: microshift-firewall
+- Name: Networking settings for fully disconnected hosts
+  File: microshift-disconnected-network-config
 ---
 Name: Storage
 Dir: microshift_storage
 Distros: microshift
 Topics:
-- Name: MicroShift storage overview
+- Name: About storage
   File: index
-- Name: Understanding ephemeral storage for MicroShift
+- Name: Understanding ephemeral storage
   File: understanding-ephemeral-storage-microshift
-- Name: Generic ephemeral volumes for MicroShift
+- Name: Generic ephemeral volumes
   File: generic-ephemeral-volumes-microshift
-- Name: Understanding persistent storage for MicroShift
+- Name: Understanding persistent storage
   File: understanding-persistent-storage-microshift
-- Name: Expanding persistent volumes for MicroShift
+- Name: Expanding persistent volumes
   File: expanding-persistent-volumes-microshift
 - Name: Dynamic storage using the LVMS plugin
   File: microshift-storage-plugin-overview
+- Name: Working with volume snapshots
+  File: volume-snapshots-microshift
+- Name: Understanding storage migration
+  File: microshift-storage-migration
 ---
 Name: Running applications
 Dir: microshift_running_apps
 Distros: microshift
 Topics:
-- Name: Application deployment
+- Name: Using Kustomize to deploy applications
   File: microshift-applications
-- Name: Operators
+- Name: Embedding applications on RHEL for Edge
+  File: microshift-embedded-apps-on-rhel-edge
+- Name: Embedding applications for offline use
+  File: microshift-embed-apps-offline-use
+- Name: Embedding applications tutorial
+  File: microshift-embedding-apps-tutorial
+- Name: Creating application or workload health check scripts
+  File: microshift-greenboot-workload-scripts
+- Name: Pod security authentication and authorization
+  File: microshift-authentication
+- Name: Using Operators
   File: microshift-operators
 ---
+Name: Backup and restore
+Dir: microshift_backup_and_restore
+Distros: microshift
+Topics:
+- Name: Backing up and restoring data
+  File: microshift-backup-and-restore
+---
 Name: Troubleshooting
 Dir: microshift_troubleshooting
 Distros: microshift
 Topics:
 - Name: Checking your version
   File: microshift-version
+- Name: Troubleshooting backup and restore
+  File: microshift-troubleshoot-backup-restore
+- Name: Troubleshoot the cluster
+  File: microshift-troubleshoot-cluster
+- Name: Troubleshoot updates
+  File: microshift-troubleshoot-updates
+- Name: Checking audit logs
+  File: microshift-audit-logs
 - Name: Additional information
   File: microshift-things-to-know
diff --git a/_topic_maps/_topic_map_osd.yml b/_topic_maps/_topic_map_osd.yml
index d780de27de5e..4fcdf01dea29 100644
--- a/_topic_maps/_topic_map_osd.yml
+++ b/_topic_maps/_topic_map_osd.yml
@@ -44,20 +44,28 @@ Topics:
   Dir: osd_policy
   Distros: openshift-dedicated
   Topics:
-    - Name: OpenShift Dedicated service definition
-      File: osd-service-definition
-    - Name: Responsibility assignment matrix
-      File: policy-responsibility-matrix
-    - Name: Understanding process and security for OpenShift Dedicated
-      File: policy-process-security
-    - Name: About availability for OpenShift Dedicated
-      File: policy-understand-availability
-    - Name: Update life cycle
-      File: osd-life-cycle
-- Name: Support for OpenShift Dedicated
-  File: osd-support
+  - Name: OpenShift Dedicated service definition
+    File: osd-service-definition
+  - Name: Responsibility assignment matrix
+    File: policy-responsibility-matrix
+  - Name: Understanding process and security for OpenShift Dedicated
+    File: policy-process-security
+  - Name: SRE and service account access
+    File: osd-sre-access
+  - Name: About availability for OpenShift Dedicated
+    File: policy-understand-availability
+  - Name: Update life cycle
+    File: osd-life-cycle
+# Created a new assembly in ROSA/OSD. In OCP, the assembly is in a book that is not in ROSA/OSD
+- Name: About admission plugins
+  File: osd-admission-plug-ins
   Distros: openshift-dedicated
 ---
+#Name: Tutorials
+#Dir: cloud_experts_tutorials
+#Distros: openshift-dedicated
+#Topics:
+#---
 Name: Red Hat OpenShift Cluster Manager
 Dir: ocm
 Distros: openshift-dedicated
@@ -100,30 +108,239 @@ Topics:
 - Name: Deleting an OpenShift Dedicated cluster
   File: osd-deleting-a-cluster
 ---
+Name: Support
+Dir: support
+Distros: openshift-dedicated
+Topics:
+- Name: Support overview
+  File: index
+- Name: Managing your cluster resources
+  File: managing-cluster-resources
+- Name: Getting support
+  File: getting-support
+  Distros: openshift-dedicated
+- Name: Remote health monitoring with connected clusters
+  Dir: remote_health_monitoring
+  Distros: openshift-dedicated
+  Topics:
+  - Name: About remote health monitoring
+    File: about-remote-health-monitoring
+  - Name: Showing data collected by remote health monitoring
+    File: showing-data-collected-by-remote-health-monitoring
+# cannot get resource "secrets" in API group "" in the namespace "openshift-config"
+#  - Name: Opting out of remote health reporting
+#    File: opting-out-of-remote-health-reporting
+# cannot get resource "secrets" in API group "" in the namespace "openshift-config"
+#  - Name: Enabling remote health reporting
+#    File: enabling-remote-health-reporting
+  - Name: Using Insights to identify issues with your cluster
+    File: using-insights-to-identify-issues-with-your-cluster
+  - Name: Using Insights Operator
+    File: using-insights-operator
+# Not supported per Michael McNeill
+# - Name: Using remote health reporting in a restricted network
+#   File: remote-health-reporting-from-restricted-network
+# cannot list resource "secrets" in API group "" in the namespace "openshift-config"
+#  - Name: Importing simple content access entitlements with Insights Operator
+#    File: insights-operator-simple-access
+# must-gather not supported for customers, per Dustin Row, cannot create resource "namespaces"
+# - Name: Gathering data about your cluster
+#   File: gathering-cluster-data
+#   Distros: openshift-dedicated
+- Name: Summarizing cluster specifications
+  File: summarizing-cluster-specifications
+  Distros: openshift-dedicated
+- Name: Troubleshooting
+  Dir: troubleshooting
+  Distros: openshift-dedicated
+  Topics:
+#  - Name: Troubleshooting installations
+#    File: troubleshooting-installations
+  - Name: Verifying node health
+    File: verifying-node-health
+#  cannot create resource "namespaces", cannot patch resource "nodes"
+#  - Name: Troubleshooting CRI-O container runtime issues
+#    File: troubleshooting-crio-issues
+# requires ostree, butane, and other plug-ins
+#  - Name: Troubleshooting operating system issues
+#    File: troubleshooting-operating-system-issues
+#    Distros: openshift-dedicated
+# cannot patch resource "nodes", "nodes/proxy", "namespaces"
+#  - Name: Troubleshooting network issues
+#    File: troubleshooting-network-issues
+#    Distros: openshift-dedicated
+  - Name: Troubleshooting Operator issues
+    File: troubleshooting-operator-issues
+  - Name: Investigating pod issues
+    File: investigating-pod-issues
+# Hiding from ROSA and OSD until it is decided who should port the Build book
+#  - Name: Troubleshooting the Source-to-Image process
+#    File: troubleshooting-s2i
+  - Name: Troubleshooting storage issues
+    File: troubleshooting-storage-issues
+# Not supported per WINC team
+#  - Name: Troubleshooting Windows container workload issues
+#    File: troubleshooting-windows-container-workload-issues
+  - Name: Investigating monitoring issues
+    File: investigating-monitoring-issues
+  - Name: Diagnosing OpenShift CLI (oc) issues
+    File: diagnosing-oc-issues
+  - Name: OpenShift Dedicated managed resources
+    File: osd-managed-resources
+    Distros: openshift-dedicated
+---
+Name: Web console
+Dir: web_console
+Distros: openshift-dedicated
+Topics:
+- Name: Web console overview
+  File: web-console-overview
+- Name: Accessing the web console
+  File: web-console
+- Name: Viewing cluster information
+  File: using-dashboard-to-get-cluster-information
+- Name: Adding user preferences
+  File: adding-user-preferences
+  Distros: openshift-enterprise,openshift-origin
+# cannot patch resource "consoles", insufficient permissions to read any Cluster configuration
+#- Name: Configuring the web console
+#  File: configuring-web-console
+#  Distros: openshift-rosa
+- Name: Customizing the web console
+  File: customizing-the-web-console
+  Distros: openshift-dedicated
+- Name: Dynamic plugins
+  Dir: dynamic-plugin
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Overview of dynamic plugins
+    File: overview-dynamic-plugin
+  - Name: Getting started with dynamic plugins
+    File: dynamic-plugins-get-started
+  - Name: Deploy your plugin on a cluster
+    File: deploy-plugin-cluster
+  - Name: Dynamic plugin example
+    File: dynamic-plugin-example
+  - Name: Dynamic plugin reference
+    File: dynamic-plugins-reference
+- Name: Web terminal
+  Dir: web_terminal
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Installing the web terminal
+    File: installing-web-terminal
+  # Do not have sufficient permissions to read any cluster configuration.
+  #  - Name: Configuring the web terminal
+  #    File: configuring-web-terminal
+  - Name: Using the web terminal
+    File: odc-using-web-terminal
+  - Name: Troubleshooting the web terminal
+    File: troubleshooting-web-terminal
+  - Name: Uninstalling the web terminal
+    File: uninstalling-web-terminal
+- Name: Disabling the web console
+  File: disabling-web-console
+  Distros: openshift-dedicated
+- Name: About quick start tutorials
+  File: creating-quick-start-tutorials
+  Distros: openshift-dedicated
+---
+Name: CLI tools
+Dir: cli_reference
+Distros: openshift-dedicated
+Topics:
+- Name: CLI tools overview
+  File: index
+- Name: OpenShift CLI (oc)
+  Dir: openshift_cli
+  Topics:
+  - Name: Getting started with the OpenShift CLI
+    File: getting-started-cli
+  - Name: Configuring the OpenShift CLI
+    File: configuring-cli
+  - Name: Usage of oc and kubectl commands
+    File: usage-oc-kubectl
+  - Name: Managing CLI profiles
+    File: managing-cli-profiles
+  - Name: Extending the OpenShift CLI with plugins
+    File: extending-cli-plugins
+  # - Name: Managing CLI plugins with Krew
+  # File: managing-cli-plugins-krew
+  #  Distros: openshift-dedicated
+  - Name: OpenShift CLI developer command reference
+    File: developer-cli-commands
+  - Name: OpenShift CLI administrator command reference
+    File: administrator-cli-commands
+    Distros: openshift-dedicated
+- Name: Developer CLI (odo)
+  File: odo-important-update
+  # Dir: developer_cli_odo
+  Distros: openshift-dedicated
+  # Topics:
+  # - Name: odo release notes
+  #  File: odo-release-notes
+  # - Name: Understanding odo
+  #  File: understanding-odo
+  # - Name: Installing odo
+  #  File: installing-odo
+  # - Name: Configuring the odo CLI
+  #  File: configuring-the-odo-cli
+  # - Name: odo CLI reference
+  #  File: odo-cli-reference
+- Name: Knative CLI (kn) for use with OpenShift Serverless
+  File: kn-cli-tools
+  Distros: openshift-dedicated
+- Name: Pipelines CLI (tkn)
+  Dir: tkn_cli
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Installing tkn
+    File: installing-tkn
+  - Name: Configuring tkn
+    File: op-configuring-tkn
+  - Name: Basic tkn commands
+    File: op-tkn-reference
+- Name: opm CLI
+  Dir: opm
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Installing the opm CLI
+    File: cli-opm-install
+  - Name: opm CLI reference
+    File: cli-opm-ref
+- Name: Operator SDK
+  Dir: osdk
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Installing the Operator SDK CLI
+    File: cli-osdk-install
+  - Name: Operator SDK CLI reference
+    File: cli-osdk-ref
+---
 Name: Cluster administration
 Dir: osd_cluster_admin
 Distros: openshift-dedicated
 Topics:
-- Name: Managing administration roles and users
-  File: osd-admin-roles
 - Name: Configuring private connections
   Dir: osd_private_connections
   Distros: openshift-dedicated
   Topics:
-    - Name: Configuring private connections for AWS
-      File: aws-private-connections
-    - Name: Configuring a private cluster
-      File: private-cluster
+  - Name: Configuring private connections for AWS
+    File: aws-private-connections
+  - Name: Configuring a private cluster
+    File: private-cluster
+- Name: Cluster autoscaling
+  File: osd-cluster-autoscaling
 - Name: Nodes
   Dir: osd_nodes
   Distros: openshift-dedicated
   Topics:
-    - Name: About machine pools
-      File: osd-nodes-machinepools-about
-    - Name: Managing compute nodes
-      File: osd-managing-worker-nodes
-    - Name: About autoscaling nodes on a cluster
-      File: osd-nodes-about-autoscaling-nodes
+  - Name: About machine pools
+    File: osd-nodes-machinepools-about
+  - Name: Managing compute nodes
+    File: osd-managing-worker-nodes
+  - Name: About autoscaling nodes on a cluster
+    File: osd-nodes-about-autoscaling-nodes
 - Name: Logging
   Dir: osd_logging
   Distros: openshift-dedicated
@@ -131,19 +348,91 @@ Topics:
   - Name: Accessing the service logs
     File: osd-accessing-the-service-logs
 ---
-# Name: Security and compliance
-# Dir: security
-# Distros: openshift-dedicated
-# Topics:
-# - Name: Viewing audit logs
-#   File: audit-log-view
-# ---
+Name: Security and compliance
+Dir: security
+Distros: openshift-dedicated
+Topics:
+- Name: Audit logs
+  File: audit-log-view
+---
 Name: Authentication and authorization
 Dir: authentication
 Distros: openshift-dedicated
 Topics:
+- Name: Authentication and authorization overview
+  File: index
+- Name: Understanding authentication
+  File: understanding-authentication
+# - Name: Configuring the internal OAuth server
+#   File: configuring-internal-oauth
+# - Name: Configuring OAuth clients
+#   File: configuring-oauth-clients
+- Name: Managing user-owned OAuth access tokens
+  File: managing-oauth-access-tokens
+# - Name: Understanding identity provider configuration
+#   File: understanding-identity-provider
+- Name: Configuring identity providers
+  File: sd-configuring-identity-providers
+# - Name: Configuring identity providers
+#   Dir: identity_providers
+#   Topics:
+#   - Name: Configuring an htpasswd identity provider
+#     File: configuring-htpasswd-identity-provider
+#   - Name: Configuring a Keystone identity provider
+#     File: configuring-keystone-identity-provider
+#   - Name: Configuring an LDAP identity provider
+#     File: configuring-ldap-identity-provider
+#   - Name: Configuring a basic authentication identity provider
+#     File: configuring-basic-authentication-identity-provider
+#   - Name: Configuring a request header identity provider
+#     File: configuring-request-header-identity-provider
+#   - Name: Configuring a GitHub or GitHub Enterprise identity provider
+#     File: configuring-github-identity-provider
+#   - Name: Configuring a GitLab identity provider
+#     File: configuring-gitlab-identity-provider
+#   - Name: Configuring a Google identity provider
+#     File: configuring-google-identity-provider
+#   - Name: Configuring an OpenID Connect identity provider
+#     File: configuring-oidc-identity-provider
+- Name: Managing administration roles and users
+  File: osd-admin-roles
+- Name: Using RBAC to define and apply permissions
+  File: using-rbac
+# - Name: Removing the kubeadmin user
+#   File: remove-kubeadmin
+#- Name: Configuring LDAP failover
+#  File: configuring-ldap-failover
+- Name: Understanding and creating service accounts
+  File: understanding-and-creating-service-accounts
+- Name: Using service accounts in applications
+  File: using-service-accounts-in-applications
+- Name: Using a service account as an OAuth client
+  File: using-service-accounts-as-oauth-client
+- Name: Scoping tokens
+  File: tokens-scoping
+- Name: Using bound service account tokens
+  File: bound-service-account-tokens
 - Name: Managing security context constraints
   File: managing-security-context-constraints
+- Name: Understanding and managing pod security admission
+  File: understanding-and-managing-pod-security-admission
+# - Name: Impersonating the system:admin user
+#   File: impersonating-system-admin
+- Name: Syncing LDAP groups
+  File: ldap-syncing
+# - Name: Managing cloud provider credentials
+#   Dir: managing_cloud_provider_credentials
+#   Topics:
+#   - Name: About the Cloud Credential Operator
+#     File: about-cloud-credential-operator
+#   - Name: Mint mode
+#     File: cco-mode-mint
+#   - Name: Passthrough mode
+#     File: cco-mode-passthrough
+#   - Name: Manual mode with long-term credentials for components
+#     File: cco-mode-manual
+#   - Name: Manual mode with short-term credentials for components
+#     File: cco-short-term-creds
 ---
 Name: Upgrading
 Dir: upgrading
@@ -168,6 +457,59 @@ Topics:
     File: setting-up-trusted-ca
     Distros: openshift-dedicated
 ---
+Name: Images
+Dir: openshift_images
+Distros: openshift-dedicated
+Topics:
+- Name: Overview of images
+  File: index
+# replaced Configuring the Cluster Samples Operator name, cannot configure the operator
+- Name: Overview of the Cluster Samples Operator
+  File: configuring-samples-operator
+  Distros: openshift-dedicated
+- Name: Using the Cluster Samples Operator with an alternate registry
+  File: samples-operator-alt-registry
+  Distros: openshift-dedicated
+- Name: Creating images
+  File: create-images
+- Name: Managing images
+  Dir: managing_images
+  Topics:
+  - Name: Managing images overview
+    File: managing-images-overview
+  - Name: Tagging images
+    File: tagging-images
+  - Name: Image pull policy
+    File: image-pull-policy
+  - Name: Using image pull secrets
+    File: using-image-pull-secrets
+- Name: Managing image streams
+  File: image-streams-manage
+  Distros: openshift-dedicated
+- Name: Using image streams with Kubernetes resources
+  File: using-imagestreams-with-kube-resources
+  Distros: openshift-dedicated
+- Name: Triggering updates on image stream changes
+  File: triggering-updates-on-imagestream-changes
+  Distros: openshift-dedicated
+- Name: Image configuration resources
+  File: image-configuration
+  Distros: openshift-dedicated
+- Name: Using templates
+  File: using-templates
+- Name: Using Ruby on Rails
+  File: templates-using-ruby-on-rails
+- Name: Using images
+  Dir: using_images
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Using images overview
+    File: using-images-overview
+  - Name: Source-to-image
+    File: using-s21-images
+  - Name: Customizing source-to-image images
+    File: customizing-s2i-images
+---
 Name: Add-on services
 Dir: adding_service_cluster
 Distros: openshift-dedicated
@@ -225,8 +567,179 @@ Topics:
   File: configuring-registry-operator
 - Name: Accessing the registry
   File: accessing-the-registry
-- Name: Exposing the registry
-  File: securing-exposing-registry
+# - Name: Exposing the registry
+#   File: securing-exposing-registry
+---
+Name: Operators
+Dir: operators
+Distros: openshift-dedicated
+Topics:
+- Name: Operators overview
+  File: index
+- Name: Understanding Operators
+  Dir: understanding
+  Topics:
+  - Name: What are Operators?
+    File: olm-what-operators-are
+  - Name: Packaging format
+    File: olm-packaging-format
+  - Name: Common terms
+    File: olm-common-terms
+  - Name: Operator Lifecycle Manager (OLM)
+    Dir: olm
+    Topics:
+    - Name: Concepts and resources
+      File: olm-understanding-olm
+    - Name: Architecture
+      File: olm-arch
+    - Name: Workflow
+      File: olm-workflow
+    - Name: Dependency resolution
+      File: olm-understanding-dependency-resolution
+    - Name: Operator groups
+      File: olm-understanding-operatorgroups
+    - Name: Multitenancy and Operator colocation
+      File: olm-colocation
+    - Name: Operator conditions
+      File: olm-operatorconditions
+    - Name: Metrics
+      File: olm-understanding-metrics
+    - Name: Webhooks
+      File: olm-webhooks
+  - Name: OperatorHub
+    File: olm-understanding-operatorhub
+  - Name: Red Hat-provided Operator catalogs
+    File: olm-rh-catalogs
+  - Name: Operators in multitenant clusters
+    File: olm-multitenancy
+  - Name: CRDs
+    Dir: crds
+    Topics:
+    - Name: Managing resources from CRDs
+      File: crd-managing-resources-from-crds
+- Name: User tasks
+  Dir: user
+  Topics:
+  - Name: Creating applications from installed Operators
+    File: olm-creating-apps-from-installed-operators
+- Name: Administrator tasks
+  Dir: admin
+  Topics:
+  - Name: Adding Operators to a cluster
+    File: olm-adding-operators-to-cluster
+  - Name: Updating installed Operators
+    File: olm-upgrading-operators
+  - Name: Deleting Operators from a cluster
+    File: olm-deleting-operators-from-cluster
+  - Name: Configuring proxy support
+    File: olm-configuring-proxy-support
+  - Name: Viewing Operator status
+    File: olm-status
+  - Name: Managing Operator conditions
+    File: olm-managing-operatorconditions
+  - Name: Managing custom catalogs
+    File: olm-managing-custom-catalogs
+  - Name: Catalog source pod scheduling
+    File: olm-cs-podsched
+# - Name: Managing platform Operators  <= Tech Preview
+#   File: olm-managing-po
+  - Name: Troubleshooting Operator issues
+    File: olm-troubleshooting-operator-issues
+- Name: Developing Operators
+  Dir: operator_sdk
+  Topics:
+  - Name: About the Operator SDK
+    File: osdk-about
+  - Name: Installing the Operator SDK CLI
+    File: osdk-installing-cli
+  - Name: Go-based Operators
+    Dir: golang
+    Topics:
+# Quick start excluded, because it requires cluster-admin permissions.
+#   - Name: Getting started
+#     File: osdk-golang-quickstart
+    - Name: Tutorial
+      File: osdk-golang-tutorial
+    - Name: Project layout
+      File: osdk-golang-project-layout
+    - Name: Updating Go-based projects
+      File: osdk-golang-updating-projects
+  - Name: Ansible-based Operators
+    Dir: ansible
+    Topics:
+# Quick start excluded, because it requires cluster-admin permissions.
+#   - Name: Getting started
+#     File: osdk-ansible-quickstart
+    - Name: Tutorial
+      File: osdk-ansible-tutorial
+    - Name: Project layout
+      File: osdk-ansible-project-layout
+    - Name: Updating Ansible-based projects
+      File: osdk-ansible-updating-projects
+    - Name: Ansible support
+      File: osdk-ansible-support
+    - Name: Kubernetes Collection for Ansible
+      File: osdk-ansible-k8s-collection
+    - Name: Using Ansible inside an Operator
+      File: osdk-ansible-inside-operator
+    - Name: Custom resource status management
+      File: osdk-ansible-cr-status
+  - Name: Helm-based Operators
+    Dir: helm
+    Topics:
+# Quick start excluded, because it requires cluster-admin permissions.
+#   - Name: Getting started
+#     File: osdk-helm-quickstart
+    - Name: Tutorial
+      File: osdk-helm-tutorial
+    - Name: Project layout
+      File: osdk-helm-project-layout
+    - Name: Updating Helm-based projects
+      File: osdk-helm-updating-projects
+    - Name: Helm support
+      File: osdk-helm-support
+#   - Name: Hybrid Helm Operator  <= Tech Preview
+#     File: osdk-hybrid-helm
+#   - Name: Updating Hybrid Helm-based projects  <= Tech Preview
+#     File: osdk-hybrid-helm-updating-projects
+# - Name: Java-based Operators  <= Tech Preview
+#   Dir: java
+#   Topics:
+#   - Name: Getting started
+#     File: osdk-java-quickstart
+#   - Name: Tutorial
+#     File: osdk-java-tutorial
+#   - Name: Project layout
+#     File: osdk-java-project-layout
+#   - Name: Updating Java-based projects
+#     File: osdk-java-updating-projects
+  - Name: Defining cluster service versions (CSVs)
+    File: osdk-generating-csvs
+  - Name: Working with bundle images
+    File: osdk-working-bundle-images
+  - Name: Complying with pod security admission
+    File: osdk-complying-with-psa
+  - Name: Validating Operators using the scorecard
+    File: osdk-scorecard
+  - Name: Validating Operator bundles
+    File: osdk-bundle-validate
+  - Name: High-availability or single-node cluster detection and support
+    File: osdk-ha-sno
+  - Name: Configuring built-in monitoring with Prometheus
+    File: osdk-monitoring-prometheus
+  - Name: Configuring leader election
+    File: osdk-leader-election
+  - Name: Object pruning utility
+    File: osdk-pruning-utility
+  - Name: Migrating package manifest projects to bundle format
+    File: osdk-pkgman-to-bundle
+  - Name: Operator SDK CLI reference
+    File: osdk-cli-ref
+  - Name: Migrating to Operator SDK v0.1.0
+    File: osdk-migrating-to-v0-1-0
+# ROSA customers can't configure/edit the cluster Operators
+# - Name: Cluster Operators reference
+#   File: operator-reference
 ---
 Name: Networking
 Dir: networking
@@ -276,102 +789,383 @@ Topics:
   Dir: deployments
   Distros: openshift-dedicated
   Topics:
-    - Name: Custom domains for applications
-      File: osd-config-custom-domains-applications
+  - Name: Custom domains for applications
+    File: osd-config-custom-domains-applications
+---
+Name: Nodes
+Dir: nodes
+Distros: openshift-dedicated
+Topics:
+- Name: Overview of nodes
+  File: index
+- Name: Working with pods
+  Dir: pods
+  Topics:
+  - Name: About pods
+    File: nodes-pods-using
+  - Name: Viewing pods
+    File: nodes-pods-viewing
+  - Name: Configuring a cluster for pods
+    File: nodes-pods-configuring
+    Distros: openshift-dedicated
+# Cannot create namespace to install VPA; revisit after Operator book converted
+#  - Name: Automatically adjust pod resource levels with the vertical pod autoscaler
+#   File: nodes-pods-vertical-autoscaler
+  - Name: Providing sensitive data to pods
+    File: nodes-pods-secrets
+  - Name: Creating and using config maps
+    File: nodes-pods-configmaps
+# Cannot create required "kubeletconfigs"
+# - Name: Using Device Manager to make devices available to nodes
+#   File: nodes-pods-plugins
+#    Distros: openshift-dedicated
+  - Name: Including pod priority in pod scheduling decisions
+    File: nodes-pods-priority
+    Distros: openshift-dedicated
+  - Name: Placing pods on specific nodes using node selectors
+    File: nodes-pods-node-selectors
+    Distros: openshift-dedicated
+# Cannot create namespace to install Run Once; revisit after Operator book converted
+#  - Name: Run Once Duration Override Operator
+#    Dir: run_once_duration_override
+#    Distros: openshift-dedicated
+#    Topics:
+#    - Name: Run Once Duration Override Operator overview
+#      File: index
+#    - Name: Run Once Duration Override Operator release notes
+#      File: run-once-duration-override-release-notes
+#    - Name: Overriding the active deadline for run-once pods
+#      File: run-once-duration-override-install
+#    - Name: Uninstalling the Run Once Duration Override Operator
+#      File: run-once-duration-override-uninstall
+- Name: Automatically scaling pods with the Custom Metrics Autoscaler Operator
+  Dir: cma
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Custom Metrics Autoscaler Operator overview
+    File: nodes-cma-autoscaling-custom
+  - Name: Custom Metrics Autoscaler Operator release notes
+    File: nodes-cma-autoscaling-custom-rn
+  - Name: Installing the custom metrics autoscaler
+    File: nodes-cma-autoscaling-custom-install
+  - Name: Understanding the custom metrics autoscaler triggers
+    File: nodes-cma-autoscaling-custom-trigger
+  - Name: Understanding the custom metrics autoscaler trigger authentications
+    File: nodes-cma-autoscaling-custom-trigger-auth
+  - Name: Pausing the custom metrics autoscaler
+    File: nodes-cma-autoscaling-custom-pausing
+  - Name: Gathering audit logs
+    File: nodes-cma-autoscaling-custom-audit-log
+  - Name: Gathering debugging data
+    File: nodes-cma-autoscaling-custom-debugging
+  - Name: Viewing Operator metrics
+    File: nodes-cma-autoscaling-custom-metrics
+  - Name: Understanding how to add custom metrics autoscalers
+    File: nodes-cma-autoscaling-custom-adding
+  - Name: Removing the Custom Metrics Autoscaler Operator
+    File: nodes-cma-autoscaling-custom-removing
+- Name: Controlling pod placement onto nodes (scheduling)
+  Dir: scheduling
+  Distros: openshift-dedicated
+  Topics:
+  - Name: About pod placement using the scheduler
+    File: nodes-scheduler-about
+  - Name: Placing pods relative to other pods using pod affinity and anti-affinity rules
+    File: nodes-scheduler-pod-affinity
+  - Name: Controlling pod placement on nodes using node affinity rules
+    File: nodes-scheduler-node-affinity
+  - Name: Placing pods onto overcommited nodes
+    File: nodes-scheduler-overcommit
+  - Name: Controlling pod placement using node taints
+    File: nodes-scheduler-taints-tolerations
+  - Name: Placing pods on specific nodes using node selectors
+    File: nodes-scheduler-node-selectors
+  - Name: Controlling pod placement using pod topology spread constraints
+    File: nodes-scheduler-pod-topology-spread-constraints
+# - Name: Placing a pod on a specific node by name
+#   File: nodes-scheduler-node-names
+# - Name: Placing a pod in a specific project
+#   File: nodes-scheduler-node-projects
+# - Name: Keeping your cluster balanced using the descheduler
+#   File: nodes-scheduler-descheduler
+  - Name: Descheduler
+    Dir: descheduler
+    Topics:
+    - Name: Descheduler overview
+      File: index
+    - Name: Descheduler release notes
+      File: nodes-descheduler-release-notes
+    - Name: Evicting pods using the descheduler
+      File: nodes-descheduler-configuring
+    - Name: Uninstalling the descheduler
+      File: nodes-descheduler-uninstalling
+  - Name: Secondary scheduler
+    Dir: secondary_scheduler
+    Distros: openshift-enterprise
+    Topics:
+    - Name: Secondary scheduler overview
+      File: index
+    - Name: Secondary Scheduler Operator release notes
+      File: nodes-secondary-scheduler-release-notes
+    - Name: Scheduling pods using a secondary scheduler
+      File: nodes-secondary-scheduler-configuring
+    - Name: Uninstalling the Secondary Scheduler Operator
+      File: nodes-secondary-scheduler-uninstalling
+- Name: Using Jobs and DaemonSets
+  Dir: jobs
+  Topics:
+  - Name: Running background tasks on nodes automatically with daemonsets
+    File: nodes-pods-daemonsets
+    Distros: openshift-dedicated
+  - Name: Running tasks in pods using jobs
+    File: nodes-nodes-jobs
+- Name: Working with nodes
+  Dir: nodes
+  Distros: openshift-dedicated
+  Topics:
+  - Name: Viewing and listing the nodes in your cluster
+    File: nodes-nodes-viewing
+# cannot use oc adm cordon; cannot patch resource "machinesets"; cannot patch resource "nodes"
+#  - Name: Working with nodes
+#    File: nodes-nodes-working
+# cannot create resource "kubeletconfigs", "schedulers", "machineconfigs", "kubeletconfigs"
+#  - Name: Managing nodes
+#    File: nodes-nodes-managing
+# cannot create resource "kubeletconfigs"
+#  - Name: Managing graceful node shutdown
+#    File: nodes-nodes-graceful-shutdown
+# cannot create resource "kubeletconfigs"
+#  - Name: Managing the maximum number of pods per node
+#    File: nodes-nodes-managing-max-pods
+  - Name: Using the Node Tuning Operator
+    File: nodes-node-tuning-operator
+  - Name: Remediating, fencing, and maintaining nodes
+    File: nodes-remediating-fencing-maintaining-rhwa
+# Cannot create namespace needed to oc debug and reboot; revisit after Operator book converted
+#  - Name: Understanding node rebooting
+#    File: nodes-nodes-rebooting
+# cannot create resource "kubeletconfigs"
+#  - Name: Freeing node resources using garbage collection
+#    File: nodes-nodes-garbage-collection
+# cannot create resource "kubeletconfigs"
+#  - Name: Allocating resources for nodes
+#    File: nodes-nodes-resources-configuring
+# cannot create resource "kubeletconfigs"
+#  - Name: Allocating specific CPUs for nodes in a cluster
+#    File: nodes-nodes-resources-cpus
+# cannot create resource "kubeletconfigs"
+#  - Name: Configuring the TLS security profile for the kubelet
+#    File: nodes-nodes-tls
+#    Distros: openshift-dedicated
+#  - Name: Monitoring for problems in your nodes
+#    File: nodes-nodes-problem-detector
+  - Name: Machine Config Daemon metrics
+    File: nodes-nodes-machine-config-daemon-metrics
+# cannot patch resource "nodes"
+#  - Name: Creating infrastructure nodes
+#    File: nodes-nodes-creating-infrastructure-nodes
+- Name: Working with containers
+  Dir: containers
+  Topics:
+  - Name: Understanding containers
+    File: nodes-containers-using
+  - Name: Using Init Containers to perform tasks before a pod is deployed
+    File: nodes-containers-init
+    Distros: openshift-dedicated
+  - Name: Using volumes to persist container data
+    File: nodes-containers-volumes
+  - Name: Mapping volumes using projected volumes
+    File: nodes-containers-projected-volumes
+  - Name: Allowing containers to consume API objects
+    File: nodes-containers-downward-api
+  - Name: Copying files to or from a container
+    File: nodes-containers-copying-files
+  - Name: Executing remote commands in a container
+    File: nodes-containers-remote-commands
+  - Name: Using port forwarding to access applications in a container
+    File: nodes-containers-port-forwarding
+# cannot patch resource "configmaps"
+#  - Name: Using sysctls in containers
+#    File: nodes-containers-sysctls
+- Name: Working with clusters
+  Dir: clusters
+  Topics:
+  - Name: Viewing system event information in a cluster
+    File: nodes-containers-events
+  - Name: Analyzing cluster resource levels
+    File: nodes-cluster-resource-levels
+    Distros: openshift-dedicated
+  - Name: Setting limit ranges
+    File: nodes-cluster-limit-ranges
+  - Name: Configuring cluster memory to meet container memory and risk requirements
+    File: nodes-cluster-resource-configure
+    Distros: openshift-dedicated
+  - Name: Configuring your cluster to place pods on overcommited nodes
+    File: nodes-cluster-overcommit
+    Distros: openshift-dedicated
+  - Name: Configuring the Linux cgroup version on your nodes
+    File: nodes-cluster-cgroups-2
+    Distros: openshift-enterprise
+  - Name: Configuring the Linux cgroup version on your nodes
+    File: nodes-cluster-cgroups-okd
+    Distros: openshift-origin
+#  The TechPreviewNoUpgrade Feature Gate is not allowed
+#  - Name: Enabling features using FeatureGates
+#    File: nodes-cluster-enabling-features
+#    Distros: openshift-rosa
+# Error: nodes.config.openshift.io "cluster" could not be patched
+#  - Name: Improving cluster stability in high latency environments using worker latency profiles
+#    File: nodes-cluster-worker-latency-profiles
+# Not supported per Michael McNeill
+#- Name: Remote worker nodes on the network edge
+#  Dir: edge
+#  Topics:
+#  - Name: Using remote worker node at the network edge
+#    File: nodes-edge-remote-workers
+# Not supported per Michael McNeill
+#- Name: Worker nodes for single-node OpenShift clusters
+#  Dir: nodes
+#  Topics:
+#  - Name: Adding worker nodes to single-node OpenShift clusters
+#    File: nodes-sno-worker-nodes
 ---
 Name: Logging
 Dir: logging
 Distros: openshift-dedicated
 Topics:
 - Name: Release notes
-  File: cluster-logging-release-notes
+  Dir: logging_release_notes
+  Topics:
+  - Name: Logging 5.8
+    File: logging-5-8-release-notes
+  - Name: Logging 5.7
+    File: logging-5-7-release-notes
+- Name: Support
+  File: cluster-logging-support
+- Name: Troubleshooting logging
+  Dir: troubleshooting
+  Topics:
+  - Name: Viewing Logging status
+    File: cluster-logging-cluster-status
+  - Name: Troubleshooting log forwarding
+    File: log-forwarding-troubleshooting
+  - Name: Troubleshooting logging alerts
+    File: troubleshooting-logging-alerts
+  - Name: Viewing the status of the Elasticsearch log store
+    File: cluster-logging-log-store-status
 - Name: About Logging
   File: cluster-logging
 - Name: Installing Logging
   File: cluster-logging-deploying
+- Name: Updating Logging
+  File: cluster-logging-upgrading
+- Name: Visualizing logs
+  Dir: log_visualization
+  Topics:
+  - Name: About log visualization
+    File: log-visualization
+  - Name: Log visualization with the web console
+    File: log-visualization-ocp-console
+  - Name: Viewing cluster dashboards
+    File: cluster-logging-dashboards
+  - Name: Log visualization with Kibana
+    File: logging-kibana
 - Name: Accessing the service logs
   File: sd-accessing-the-service-logs
 - Name: Configuring your Logging deployment
   Dir: config
   Topics:
-  - Name: About the Cluster Logging custom resource
-    File: cluster-logging-configuring-cr
-  - Name: Configuring the logging collector
-    File: cluster-logging-collector
-  - Name: Configuring the log store
-    File: cluster-logging-log-store
-  - Name: Configuring the log visualizer
-    File: cluster-logging-visualizer
-  - Name: Configuring Logging storage
-    File: cluster-logging-storage-considerations
   - Name: Configuring CPU and memory limits for Logging components
     File: cluster-logging-memory
-  - Name: Using tolerations to control Logging pod placement
-    File: cluster-logging-tolerations
-  - Name: Moving the Logging resources with node selectors
-    File: cluster-logging-moving-nodes
   #- Name: Configuring systemd-journald and Fluentd
   #  File: cluster-logging-systemd
-  - Name: Maintenance and support
-    File: cluster-logging-maintenance-support
-- Name: Logging with the LokiStack
-  File: cluster-logging-loki
-- Name: Viewing logs for a specific resource
-  File: viewing-resource-logs
-- Name: Viewing cluster logs in Kibana
-  File: cluster-logging-visualizer
-  Distros: openshift-dedicated
-- Name: Forwarding logs to third party systems
-  File: cluster-logging-external
-- Name: Enabling JSON logging
-  File: cluster-logging-enabling-json-logging
-- Name: Collecting and storing Kubernetes events
-  File: cluster-logging-eventrouter
-# - Name: Forwarding logs using ConfigMaps
-#  File: cluster-logging-external-configmap
-#  Distros: openshift-dedicated
-- Name: Updating Logging
-  File: cluster-logging-upgrading
-- Name: Viewing cluster dashboards
-  File: cluster-logging-dashboards
-- Name: Troubleshooting Logging
-  Dir: troubleshooting
+- Name: Log collection and forwarding
+  Dir: log_collection_forwarding
   Topics:
-  - Name: Viewing Logging status
-    File: cluster-logging-cluster-status
-  - Name: Viewing the status of the log store
-    File: cluster-logging-log-store-status
-  - Name: Understanding Logging alerts
-    File: cluster-logging-alerts
-  - Name: Collecting logging data for Red Hat Support
-    File: cluster-logging-must-gather
-  - Name: Troubleshooting for Critical Alerts
-    File: cluster-logging-troubleshooting-for-critical-alerts
+  - Name: About log collection and forwarding
+    File: log-forwarding
+  - Name: Log output types
+    File: logging-output-types
+  - Name: Enabling JSON log forwarding
+    File: cluster-logging-enabling-json-logging
+  - Name: Configuring log forwarding
+    File: configuring-log-forwarding
+  - Name: Configuring the logging collector
+    File: cluster-logging-collector
+  - Name: Collecting and storing Kubernetes events
+    File: cluster-logging-eventrouter
+- Name: Log storage
+  Dir: log_storage
+  Topics:
+  - Name: About log storage
+    File: about-log-storage
+  - Name: Installing log storage
+    File: installing-log-storage
+  - Name: Configuring the LokiStack log store
+    File: cluster-logging-loki
+  - Name: Configuring the Elasticsearch log store
+    File: logging-config-es-store
+- Name: Logging alerts
+  Dir: logging_alerts
+  Topics:
+  - Name: Default logging alerts
+    File: default-logging-alerts
+  - Name: Custom logging alerts
+    File: custom-logging-alerts
+- Name: Performance and reliability tuning
+  Dir: performance_reliability
+  Topics:
+  - Name: Flow control mechanisms
+    File: logging-flow-control-mechanisms
+- Name: Scheduling resources
+  Dir: scheduling_resources
+  Topics:
+  - Name: Using node selectors to move logging resources
+    File: logging-node-selectors
+  - Name: Using tolerations to control logging pod placement
+    File: logging-taints-tolerations
 - Name: Uninstalling Logging
   File: cluster-logging-uninstall
 - Name: Exported fields
   File: cluster-logging-exported-fields
+- Name: API reference
+  Dir: api_reference
+  Topics:
+#  - Name: 5.8 Logging API reference
+#    File: logging-5-8-reference
+#  - Name: 5.7 Logging API reference
+#    File: logging-5-7-reference
+  - Name: 5.6 Logging API reference
+    File: logging-5-6-reference
+- Name: Glossary
+  File: logging-common-terms
 ---
-Name: Monitoring user-defined projects
+Name: Monitoring
 Dir: monitoring
 Distros: openshift-dedicated
 Topics:
-- Name: Understanding the monitoring stack
-  File: osd-understanding-the-monitoring-stack
+- Name: Monitoring overview
+  File: monitoring-overview
 - Name: Accessing monitoring for user-defined projects
-  File: osd-accessing-monitoring-for-user-defined-projects
+  File: sd-accessing-monitoring-for-user-defined-projects
 - Name: Configuring the monitoring stack
-  File: osd-configuring-the-monitoring-stack
+  File: configuring-the-monitoring-stack
+- Name: Disabling monitoring for user-defined projects
+  File: sd-disabling-monitoring-for-user-defined-projects
 - Name: Enabling alert routing for user-defined projects
-  File: osd-enabling-alert-routing-for-user-defined-projects
+  File: enabling-alert-routing-for-user-defined-projects
 - Name: Managing metrics
-  File: osd-managing-metrics
+  File: managing-metrics
 - Name: Managing alerts
   File: managing-alerts
 - Name: Reviewing monitoring dashboards
-  File: osd-reviewing-monitoring-dashboards
+  File: reviewing-monitoring-dashboards
+- Name: Accessing third-party monitoring APIs
+  File: accessing-third-party-monitoring-apis
 - Name: Troubleshooting monitoring issues
-  File: osd-troubleshooting-monitoring-issues
+  File: troubleshooting-monitoring-issues
+- Name: Config map reference for the Cluster Monitoring Operator
+  File: config-map-reference-for-the-cluster-monitoring-operator
 ---
 Name: Serverless
 Dir: serverless
@@ -382,24 +1176,3 @@ Topics:
   Topics:
   - Name: Serverless overview
     File: about-serverless
----
-Name: Troubleshooting
-Dir: sd_support
-Distros: openshift-dedicated
-Topics:
-- Name: Remote health monitoring with connected clusters
-  Dir: remote_health_monitoring
-  Distros: openshift-dedicated
-  Topics:
-  - Name: About remote health monitoring
-    File: about-remote-health-monitoring
-  - Name: Showing data collected by remote health monitoring
-    File: showing-data-collected-by-remote-health-monitoring
-  - Name: Using Insights to identify issues with your cluster
-    File: using-insights-to-identify-issues-with-your-cluster
-- Name: Summarizing cluster specifications
-  File: osd-summarizing-cluster-specifications
-  Distros: openshift-dedicated
-- Name: OpenShift Dedicated managed resources
-  File: osd-managed-resources
-  Distros: openshift-dedicated
diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml
index 39aa73cfd331..9120756b6281 100644
--- a/_topic_maps/_topic_map_rosa.yml
+++ b/_topic_maps/_topic_map_rosa.yml
@@ -36,7 +36,7 @@ Name: What's new
 Dir: rosa_release_notes
 Distros: openshift-rosa
 Topics:
-- Name: What's new with ROSA
+- Name: What's new with Red Hat OpenShift Service on AWS
   File: rosa-release-notes
 ---
 Name: Introduction to ROSA
@@ -65,17 +65,111 @@ Topics:
     File: rosa-service-definition
   - Name: ROSA update life cycle
     File: rosa-life-cycle
-  - Name: Understanding process and security for ROSA
+  - Name: ROSA with HCP service definition
+    File: rosa-hcp-service-definition
+  - Name: ROSA with HCP update life cycle
+    File: rosa-hcp-life-cycle
+  - Name: Understanding security for ROSA
     File: rosa-policy-process-security
+  - Name: SRE and service account access
+    File: rosa-sre-access
+# Created a new assembly in ROSA/OSD. In OCP, the assembly is in a book that is not in ROSA/OSD
+- Name: About admission plugins
+  File: rosa-admission-plug-ins
+  Distros: openshift-rosa
 - Name: About IAM resources for ROSA with STS
   File: rosa-sts-about-iam-resources
 - Name: OpenID Connect Overview
   File: rosa-oidc-overview
-- Name: Support for ROSA
-  File: rosa-getting-support
 # - Name: Training for ROSA
 #   File: rosa-training
 ---
+Name: Tutorials
+Dir: cloud_experts_tutorials
+Distros: openshift-rosa
+Topics:
+- Name: Tutorials overview
+  File: index
+#- Name: ROSA prerequisites
+#  File: rosa-mobb-prerequisites-tutorial
+- Name: Verifying Permissions for a ROSA STS Deployment
+  File: rosa-mobb-verify-permissions-sts-deployment
+- Name: Configuring log forwarding for CloudWatch logs and STS
+  File: cloud-experts-rosa-cloudwatch-sts
+- Name: Using AWS WAF and Amazon CloudFront to protect ROSA workloads
+  File: cloud-experts-using-cloudfront-and-waf
+- Name: Using AWS WAF and AWS ALBs to protect ROSA workloads
+  File: cloud-experts-using-alb-and-waf
+- Name: Deploying OpenShift API for Data Protection on a ROSA cluster
+  File: cloud-experts-deploy-api-data-protection
+- Name: AWS Load Balancer Operator on ROSA
+  File: cloud-experts-aws-load-balancer-operator
+- Name: Configuring ROSA/OSD to use custom TLS ciphers on the ingress controllers
+  File: cloud-experts-configure-custom-tls-ciphers
+- Name: Configuring Microsoft Entra ID (formerly Azure Active Directory) as an identity provider
+  File: cloud-experts-entra-id-idp
+- Name: Using AWS Secrets Manager CSI on ROSA with STS
+  File: cloud-experts-aws-secret-manager
+- Name: Using AWS Controllers for Kubernetes on ROSA
+  File: cloud-experts-using-aws-ack
+- Name: Deploying the External DNS Operator on ROSA
+  File: cloud-experts-external-dns
+- Name: Dynamically issuing certificates using the cert-manager Operator on ROSA
+  File: cloud-experts-dynamic-certificate-custom-domain
+- Name: Changing the Console, OAuth, and Downloads domains and TLS certificate
+  File: cloud-experts-rosa-osd-change-default-domain
+- Name: Assigning consistent egress IP for external traffic
+  File: cloud-experts-consistent-egress-ip
+- Name: Getting started with ROSA
+  Dir: cloud-experts-getting-started
+  Distros: openshift-rosa
+  Topics:
+  - Name: What is ROSA
+    File: cloud-experts-getting-started-what-is-rosa
+  - Name: Deploying a cluster
+    Dir: cloud-experts-getting-started-deploying
+    Topics:
+    - Name: Choosing a deployment method
+      File: cloud-experts-getting-started-choose-deployment-method
+    - Name: Simple CLI guide
+      File: cloud-experts-getting-started-simple-cli-guide
+    - Name: Detailed CLI guide
+      File: cloud-experts-getting-started-detailed-cli-guide
+    - Name: Hosted Control Planes guide
+      File: cloud-experts-getting-started-hcp
+    - Name: Simple UI guide
+      File: cloud-experts-getting-started-simple-ui-guide
+    - Name: Detailed UI guide
+      File: cloud-experts-getting-started-detailed-ui
+  - Name: Creating an admin user
+    File: cloud-experts-getting-started-admin
+  - Name: Setting up an identity provider
+    File: cloud-experts-getting-started-idp
+  - Name: Granting admin rights
+    File: cloud-experts-getting-started-admin-rights
+  - Name: Accessing your cluster
+    File: cloud-experts-getting-started-accessing
+  - Name: Managing worker nodes
+    File: cloud-experts-getting-started-managing-worker-nodes
+  - Name: Autoscaling
+    File: cloud-experts-getting-started-autoscaling
+  - Name: Upgrading your cluster
+    File: cloud-experts-getting-started-upgrading
+  - Name: Deleting your cluster
+    File: cloud-experts-getting-started-deleting
+  - Name: Obtaining support
+    File: cloud-experts-getting-started-support
+- Name: Deploying an application
+  Dir: cloud-experts-deploying-application
+  Distros: openshift-rosa
+  Topics:
+  - Name: Introduction
+    File: cloud-experts-deploying-application-intro
+  - Name: Prerequisites
+    File: cloud-experts-deploying-application-prerequisites
+  - Name: Lab Overview
+    File: cloud-experts-deploying-application-lab-overview
+---
 Name: Getting started
 Dir: rosa_getting_started
 Distros: openshift-rosa
@@ -91,7 +185,9 @@ Name: Prepare your environment
 Dir: rosa_planning
 Distros: openshift-rosa
 Topics:
-- Name: AWS prerequisites for ROSA with STS
+- Name: Prerequisites checklist for deploying ROSA using STS
+  File: rosa-cloud-expert-prereq-checklist
+- Name: Detailed requirements for deploying ROSA using STS
   File: rosa-sts-aws-prereqs
 - Name: ROSA IAM role resources
   File: rosa-sts-ocm-role
@@ -103,6 +199,8 @@ Topics:
   File: rosa-sts-required-aws-service-quotas
 - Name: Setting up your environment
   File: rosa-sts-setting-up-environment
+- Name: Preparing Terraform to install ROSA clusters
+  File: rosa-understanding-terraform
 ---
 Name: Install ROSA with HCP clusters
 Dir: rosa_hcp
@@ -110,6 +208,8 @@ Distros: openshift-rosa
 Topics:
 - Name: Creating ROSA with HCP clusters using the default options
   File: rosa-hcp-sts-creating-a-cluster-quickly
+- Name: Creating ROSA with HCP clusters using a custom AWS KMS encryption key
+  File: rosa-hcp-creating-cluster-with-aws-kms-key
 - Name: Using the Node Tuning Operator on ROSA with HCP
   File: rosa-tuning-config
 ---
@@ -121,10 +221,20 @@ Topics:
   File: rosa-sts-creating-a-cluster-quickly
 - Name: Creating a ROSA cluster with STS using customizations
   File: rosa-sts-creating-a-cluster-with-customizations
+- Name: Creating a ROSA cluster with STS using Terraform
+  Dir: terraform
+  Distros: openshift-rosa
+  Topics:
+  - Name: Creating a default ROSA Classic cluster using Terraform
+    File: rosa-sts-creating-a-cluster-quickly-terraform
+#  - Name: Customizing a ROSA cluster with Terraform
+#    File: rosa-sts-creating-a-cluster-with-customizations-terraform
 - Name: Interactive cluster creation mode reference
   File: rosa-sts-interactive-mode-reference
 - Name: Creating an AWS PrivateLink cluster on ROSA
   File: rosa-aws-privatelink-creating-cluster
+- Name: Configuring a shared virtual private cloud for ROSA clusters
+  File: rosa-shared-vpc-config
 - Name: Accessing a ROSA cluster
   File: rosa-sts-accessing-cluster
 - Name: Configuring identity providers using Red Hat OpenShift Cluster Manager
@@ -164,20 +274,242 @@ Topics:
   - Name: Command quick reference for creating clusters and users
     File: rosa-quickstart
 ---
-Name: ROSA CLI
-Dir: rosa_cli
+Name: Support
+Dir: support
 Distros: openshift-rosa
 Topics:
-# - Name: CLI and web console
-#   File: rosa-cli-openshift-console
-- Name: Getting started with the ROSA CLI
-  File: rosa-get-started-cli
-- Name: Managing objects with the ROSA CLI
-  File: rosa-manage-objects-cli
-- Name: Checking account and version information with the ROSA CLI
-  File: rosa-checking-acct-version-cli
-- Name: Checking logs with the ROSA CLI
-  File: rosa-checking-logs-cli
+- Name: Support overview
+  File: index
+- Name: Managing your cluster resources
+  File: managing-cluster-resources
+- Name: Getting support
+  File: getting-support
+  Distros: openshift-rosa
+- Name: Remote health monitoring with connected clusters
+  Dir: remote_health_monitoring
+  Distros: openshift-rosa
+  Topics:
+  - Name: About remote health monitoring
+    File: about-remote-health-monitoring
+  - Name: Showing data collected by remote health monitoring
+    File: showing-data-collected-by-remote-health-monitoring
+# cannot get resource "secrets" in API group "" in the namespace "openshift-config"
+#  - Name: Opting out of remote health reporting
+#    File: opting-out-of-remote-health-reporting
+# cannot get resource "secrets" in API group "" in the namespace "openshift-config"
+#  - Name: Enabling remote health reporting
+#    File: enabling-remote-health-reporting
+  - Name: Using Insights to identify issues with your cluster
+    File: using-insights-to-identify-issues-with-your-cluster
+  - Name: Using Insights Operator
+    File: using-insights-operator
+# Not supported per Michael McNeill
+# - Name: Using remote health reporting in a restricted network
+#   File: remote-health-reporting-from-restricted-network
+# cannot list resource "secrets" in API group "" in the namespace "openshift-config"
+#  - Name: Importing simple content access entitlements with Insights Operator
+#    File: insights-operator-simple-access
+# must-gather not supported for customers, per Dustin Row, cannot create resource "namespaces"
+# - Name: Gathering data about your cluster
+#   File: gathering-cluster-data
+#   Distros: openshift-rosa
+- Name: Summarizing cluster specifications
+  File: summarizing-cluster-specifications
+  Distros: openshift-rosa
+- Name: Troubleshooting
+  Dir: troubleshooting
+  Distros: openshift-rosa
+  Topics:
+# rosa has own troubleshooting installations
+#  - Name: Troubleshooting installations
+#    File: troubleshooting-installations
+  - Name: Troubleshooting ROSA installations
+    File: rosa-troubleshooting-installations
+  - Name: Troubleshooting networking
+    File: rosa-troubleshooting-networking
+  - Name: Verifying node health
+    File: verifying-node-health
+#  cannot create resource "namespaces", cannot patch resource "nodes"
+#  - Name: Troubleshooting CRI-O container runtime issues
+#    File: troubleshooting-crio-issues
+# requires ostree, butane, and other plug-ins
+#  - Name: Troubleshooting operating system issues
+#    File: troubleshooting-operating-system-issues
+#    Distros: openshift-rosa
+# cannot patch resource "nodes", "nodes/proxy", "namespaces"
+#  - Name: Troubleshooting network issues
+#    File: troubleshooting-network-issues
+#    Distros: openshift-rosa
+  - Name: Troubleshooting Operator issues
+    File: troubleshooting-operator-issues
+  - Name: Investigating pod issues
+    File: investigating-pod-issues
+# Hiding from ROSA and OSD until it is decided who should port the Build book
+#  - Name: Troubleshooting the Source-to-Image process
+#    File: troubleshooting-s2i
+  - Name: Troubleshooting storage issues
+    File: troubleshooting-storage-issues
+# Not supported per WINC team
+#  - Name: Troubleshooting Windows container workload issues
+#    File: troubleshooting-windows-container-workload-issues
+  - Name: Investigating monitoring issues
+    File: investigating-monitoring-issues
+  - Name: Diagnosing OpenShift CLI (oc) issues
+    File: diagnosing-oc-issues
+  - Name: Troubleshooting expired offline access tokens
+    File: rosa-troubleshooting-expired-tokens
+    Distros: openshift-rosa
+  - Name: Troubleshooting IAM roles
+    File: rosa-troubleshooting-iam-resources
+    Distros: openshift-rosa
+  - Name: Troubleshooting cluster deployments
+    File: rosa-troubleshooting-deployments
+    Distros: openshift-rosa
+  - Name: Red Hat OpenShift Service on AWS managed resources
+    File: rosa-managed-resources
+    Distros: openshift-rosa
+---
+Name: Web console
+Dir: web_console
+Distros: openshift-rosa
+Topics:
+- Name: Web console overview
+  File: web-console-overview
+- Name: Accessing the web console
+  File: web-console
+- Name: Viewing cluster information
+  File: using-dashboard-to-get-cluster-information
+- Name: Adding user preferences
+  File: adding-user-preferences
+  Distros: openshift-enterprise,openshift-origin
+# cannot patch resource "consoles", insufficient permissions to read any Cluster configuration
+#- Name: Configuring the web console
+#  File: configuring-web-console
+#  Distros: openshift-rosa
+- Name: Customizing the web console
+  File: customizing-the-web-console
+  Distros: openshift-rosa
+- Name: Dynamic plugins
+  Dir: dynamic-plugin
+  Distros: openshift-rosa
+  Topics:
+  - Name: Overview of dynamic plugins
+    File: overview-dynamic-plugin
+  - Name: Getting started with dynamic plugins
+    File: dynamic-plugins-get-started
+  - Name: Deploy your plugin on a cluster
+    File: deploy-plugin-cluster
+  - Name: Dynamic plugin example
+    File: dynamic-plugin-example
+  - Name: Dynamic plugin reference
+    File: dynamic-plugins-reference
+- Name: Web terminal
+  Dir: web_terminal
+  Distros: openshift-rosa
+  Topics:
+  - Name: Installing the web terminal
+    File: installing-web-terminal
+# Do not have sufficient permissions to read any cluster configuration.
+#  - Name: Configuring the web terminal
+#    File: configuring-web-terminal
+  - Name: Using the web terminal
+    File: odc-using-web-terminal
+  - Name: Troubleshooting the web terminal
+    File: troubleshooting-web-terminal
+  - Name: Uninstalling the web terminal
+    File: uninstalling-web-terminal
+- Name: Disabling the web console
+  File: disabling-web-console
+  Distros: openshift-rosa
+- Name: About quick start tutorials
+  File: creating-quick-start-tutorials
+  Distros: openshift-rosa
+---
+Name: CLI tools
+Dir: cli_reference
+Distros: openshift-rosa
+Topics:
+- Name: CLI tools overview
+  File: index
+- Name: OpenShift CLI (oc)
+  Dir: openshift_cli
+  Topics:
+  - Name: Getting started with the OpenShift CLI
+    File: getting-started-cli
+  - Name: Configuring the OpenShift CLI
+    File: configuring-cli
+  - Name: Usage of oc and kubectl commands
+    File: usage-oc-kubectl
+  - Name: Managing CLI profiles
+    File: managing-cli-profiles
+  - Name: Extending the OpenShift CLI with plugins
+    File: extending-cli-plugins
+ # - Name: Managing CLI plugins with Krew
+  #  File: managing-cli-plugins-krew
+  #  Distros: openshift-rosa
+  - Name: OpenShift CLI developer command reference
+    File: developer-cli-commands
+  - Name: OpenShift CLI administrator command reference
+    File: administrator-cli-commands
+    Distros: openshift-rosa
+- Name: Developer CLI (odo)
+  File: odo-important-update
+  # Dir: developer_cli_odo
+  Distros: openshift-rosa
+  # Topics:
+  # - Name: odo release notes
+  #  File: odo-release-notes
+  # - Name: Understanding odo
+  #  File: understanding-odo
+  # - Name: Installing odo
+  #  File: installing-odo
+  # - Name: Configuring the odo CLI
+  #  File: configuring-the-odo-cli
+  # - Name: odo CLI reference
+  #  File: odo-cli-reference
+- Name: Knative CLI (kn) for use with OpenShift Serverless
+  File: kn-cli-tools
+  Distros: openshift-rosa
+- Name: Pipelines CLI (tkn)
+  Dir: tkn_cli
+  Distros: openshift-rosa
+  Topics:
+  - Name: Installing tkn
+    File: installing-tkn
+  - Name: Configuring tkn
+    File: op-configuring-tkn
+  - Name: Basic tkn commands
+    File: op-tkn-reference
+- Name: opm CLI
+  Dir: opm
+  Distros: openshift-rosa
+  Topics:
+  - Name: Installing the opm CLI
+    File: cli-opm-install
+  - Name: opm CLI reference
+    File: cli-opm-ref
+- Name: Operator SDK
+  Dir: osdk
+  Distros: openshift-rosa
+  Topics:
+  - Name: Installing the Operator SDK CLI
+    File: cli-osdk-install
+  - Name: Operator SDK CLI reference
+    File: cli-osdk-ref
+- Name: ROSA CLI
+  Dir: rosa_cli
+  Distros: openshift-rosa
+  Topics:
+  # - Name: CLI and web console
+  #   File: rosa-cli-openshift-console
+  - Name: Getting started with the ROSA CLI
+    File: rosa-get-started-cli
+  - Name: Managing objects with the ROSA CLI
+    File: rosa-manage-objects-cli
+  - Name: Checking account and version information with the ROSA CLI
+    File: rosa-checking-acct-version-cli
+  - Name: Checking logs with the ROSA CLI
+    File: rosa-checking-logs-cli
 ---
 Name: Red Hat OpenShift Cluster Manager
 Dir: ocm
@@ -212,7 +544,9 @@ Topics:
     File: dedicated-aws-vpn
   - Name: Configuring AWS Direct Connect
     File: dedicated-aws-dc
-- Name: Nodes
+- Name: Cluster autoscaling
+  File: rosa-cluster-autoscaling
+- Name: Manage nodes using machine pools
   Dir: rosa_nodes
   Distros: openshift-rosa
   Topics:
@@ -225,26 +559,102 @@ Topics:
     Distros: openshift-rosa
   - Name: About autoscaling nodes on a cluster
     File: rosa-nodes-about-autoscaling-nodes
+  - Name: Configuring cluster memory to meet container memory and risk requirements
+    File: nodes-cluster-resource-configure
+- Name: Configuring PID limits
+  File: rosa-configuring-pid-limits
+---
+Name: Security and compliance
+Dir: security
+Distros: openshift-rosa
+Topics:
+- Name: Audit logs
+  File: audit-log-view
+- Name: Adding additional constraints for IP-based AWS role assumption
+  File: rosa-adding-additional-constraints-for-ip-based-aws-role-assumption
+#- Name: Security
+#  File: rosa-security
+#- Name: Application and cluster compliance
+#  File: rosa-app-security-compliance
 ---
-# Name: Security and compliance
-# Dir: security
-# Distros: openshift-rosa
-# Topics:
-# - Name: Viewing audit logs
-#   File: audit-log-view
-# # - Name: Security
-# #   File: rosa-security
-# # - Name: Application and cluster compliance
-# #   File: rosa-app-security-compliance
-# ---
 Name: Authentication and authorization
 Dir: authentication
 Distros: openshift-rosa
 Topics:
+- Name: Authentication and authorization overview
+  File: index
+- Name: Understanding authentication
+  File: understanding-authentication
+# - Name: Configuring the internal OAuth server
+#   File: configuring-internal-oauth
+# - Name: Configuring OAuth clients
+#   File: configuring-oauth-clients
+- Name: Managing user-owned OAuth access tokens
+  File: managing-oauth-access-tokens
+# - Name: Understanding identity provider configuration
+#   File: understanding-identity-provider
+- Name: Configuring identity providers
+  File: sd-configuring-identity-providers
+# - Name: Configuring identity providers
+#   Dir: identity_providers
+#   Topics:
+#   - Name: Configuring an htpasswd identity provider
+#     File: configuring-htpasswd-identity-provider
+#   - Name: Configuring a Keystone identity provider
+#     File: configuring-keystone-identity-provider
+#   - Name: Configuring an LDAP identity provider
+#     File: configuring-ldap-identity-provider
+#   - Name: Configuring a basic authentication identity provider
+#     File: configuring-basic-authentication-identity-provider
+#   - Name: Configuring a request header identity provider
+#     File: configuring-request-header-identity-provider
+#   - Name: Configuring a GitHub or GitHub Enterprise identity provider
+#     File: configuring-github-identity-provider
+#   - Name: Configuring a GitLab identity provider
+#     File: configuring-gitlab-identity-provider
+#   - Name: Configuring a Google identity provider
+#     File: configuring-google-identity-provider
+#   - Name: Configuring an OpenID Connect identity provider
+#     File: configuring-oidc-identity-provider
+- Name: Using RBAC to define and apply permissions
+  File: using-rbac
+# - Name: Removing the kubeadmin user
+#   File: remove-kubeadmin
+#- Name: Configuring LDAP failover
+#  File: configuring-ldap-failover
+- Name: Understanding and creating service accounts
+  File: understanding-and-creating-service-accounts
+- Name: Using service accounts in applications
+  File: using-service-accounts-in-applications
+- Name: Using a service account as an OAuth client
+  File: using-service-accounts-as-oauth-client
 - Name: Assuming an AWS IAM role for a service account
   File: assuming-an-aws-iam-role-for-a-service-account
+- Name: Scoping tokens
+  File: tokens-scoping
+- Name: Using bound service account tokens
+  File: bound-service-account-tokens
 - Name: Managing security context constraints
   File: managing-security-context-constraints
+- Name: Understanding and managing pod security admission
+  File: understanding-and-managing-pod-security-admission
+# - Name: Impersonating the system:admin user
+#   File: impersonating-system-admin
+- Name: Syncing LDAP groups
+  File: ldap-syncing
+# - Name: Managing cloud provider credentials
+#   Dir: managing_cloud_provider_credentials
+#   Topics:
+#   - Name: About the Cloud Credential Operator
+#     File: about-cloud-credential-operator
+#   - Name: Mint mode
+#     File: cco-mode-mint
+#   - Name: Passthrough mode
+#     File: cco-mode-passthrough
+#   - Name: Manual mode with long-term credentials for components
+#     File: cco-mode-manual
+#   - Name: Manual mode with short-term credentials for components
+#     File: cco-short-term-creds
 ---
 Name: Upgrading
 Dir: upgrading
@@ -272,14 +682,67 @@ Topics:
     File: setting-up-trusted-ca
     Distros: openshift-rosa
 ---
-  Name: Add-on services
-  Dir: adding_service_cluster
+Name: Images
+Dir: openshift_images
+Distros: openshift-rosa
+Topics:
+- Name: Overview of images
+  File: index
+# replaced Configuring the Cluster Samples Operator name, cannot configure the operator
+- Name: Overview of the Cluster Samples Operator
+  File: configuring-samples-operator
   Distros: openshift-rosa
+- Name: Using the Cluster Samples Operator with an alternate registry
+  File: samples-operator-alt-registry
+  Distros: openshift-rosa
+- Name: Creating images
+  File: create-images
+- Name: Managing images
+  Dir: managing_images
   Topics:
-  - Name: Adding services to a cluster
-    File: adding-service
-  - Name: Available services
-    File: rosa-available-services
+  - Name: Managing images overview
+    File: managing-images-overview
+  - Name: Tagging images
+    File: tagging-images
+  - Name: Image pull policy
+    File: image-pull-policy
+  - Name: Using image pull secrets
+    File: using-image-pull-secrets
+- Name: Managing image streams
+  File: image-streams-manage
+  Distros: openshift-rosa
+- Name: Using image streams with Kubernetes resources
+  File: using-imagestreams-with-kube-resources
+  Distros: openshift-rosa
+- Name: Triggering updates on image stream changes
+  File: triggering-updates-on-imagestream-changes
+  Distros: openshift-rosa
+- Name: Image configuration resources
+  File: image-configuration
+  Distros: openshift-rosa
+- Name: Using templates
+  File: using-templates
+- Name: Using Ruby on Rails
+  File: templates-using-ruby-on-rails
+- Name: Using images
+  Dir: using_images
+  Distros: openshift-rosa
+  Topics:
+  - Name: Using images overview
+    File: using-images-overview
+  - Name: Source-to-image
+    File: using-s21-images
+  - Name: Customizing source-to-image images
+    File: customizing-s2i-images
+---
+Name: Add-on services
+Dir: adding_service_cluster
+Distros: openshift-rosa
+Topics:
+- Name: Adding services to a cluster
+  File: adding-service
+- Name: Available services
+  File: rosa-available-services
 ---
 Name: Storage
 Dir: storage
@@ -322,8 +785,179 @@ Topics:
   File: configuring-registry-operator
 - Name: Accessing the registry
   File: accessing-the-registry
-- Name: Exposing the registry
-  File: securing-exposing-registry
+# - Name: Exposing the registry
+#   File: securing-exposing-registry
+---
+Name: Operators
+Dir: operators
+Distros: openshift-rosa
+Topics:
+- Name: Operators overview
+  File: index
+- Name: Understanding Operators
+  Dir: understanding
+  Topics:
+  - Name: What are Operators?
+    File: olm-what-operators-are
+  - Name: Packaging format
+    File: olm-packaging-format
+  - Name: Common terms
+    File: olm-common-terms
+  - Name: Operator Lifecycle Manager (OLM)
+    Dir: olm
+    Topics:
+    - Name: Concepts and resources
+      File: olm-understanding-olm
+    - Name: Architecture
+      File: olm-arch
+    - Name: Workflow
+      File: olm-workflow
+    - Name: Dependency resolution
+      File: olm-understanding-dependency-resolution
+    - Name: Operator groups
+      File: olm-understanding-operatorgroups
+    - Name: Multitenancy and Operator colocation
+      File: olm-colocation
+    - Name: Operator conditions
+      File: olm-operatorconditions
+    - Name: Metrics
+      File: olm-understanding-metrics
+    - Name: Webhooks
+      File: olm-webhooks
+  - Name: OperatorHub
+    File: olm-understanding-operatorhub
+  - Name: Red Hat-provided Operator catalogs
+    File: olm-rh-catalogs
+  - Name: Operators in multitenant clusters
+    File: olm-multitenancy
+  - Name: CRDs
+    Dir: crds
+    Topics:
+    - Name: Managing resources from CRDs
+      File: crd-managing-resources-from-crds
+- Name: User tasks
+  Dir: user
+  Topics:
+  - Name: Creating applications from installed Operators
+    File: olm-creating-apps-from-installed-operators
+- Name: Administrator tasks
+  Dir: admin
+  Topics:
+  - Name: Adding Operators to a cluster
+    File: olm-adding-operators-to-cluster
+  - Name: Updating installed Operators
+    File: olm-upgrading-operators
+  - Name: Deleting Operators from a cluster
+    File: olm-deleting-operators-from-cluster
+  - Name: Configuring proxy support
+    File: olm-configuring-proxy-support
+  - Name: Viewing Operator status
+    File: olm-status
+  - Name: Managing Operator conditions
+    File: olm-managing-operatorconditions
+  - Name: Managing custom catalogs
+    File: olm-managing-custom-catalogs
+  - Name: Catalog source pod scheduling
+    File: olm-cs-podsched
+# - Name: Managing platform Operators  <= Tech Preview
+#   File: olm-managing-po
+  - Name: Troubleshooting Operator issues
+    File: olm-troubleshooting-operator-issues
+- Name: Developing Operators
+  Dir: operator_sdk
+  Topics:
+  - Name: About the Operator SDK
+    File: osdk-about
+  - Name: Installing the Operator SDK CLI
+    File: osdk-installing-cli
+  - Name: Go-based Operators
+    Dir: golang
+    Topics:
+# Quick start excluded, because it requires cluster-admin permissions.
+#   - Name: Getting started
+#     File: osdk-golang-quickstart
+    - Name: Tutorial
+      File: osdk-golang-tutorial
+    - Name: Project layout
+      File: osdk-golang-project-layout
+    - Name: Updating Go-based projects
+      File: osdk-golang-updating-projects
+  - Name: Ansible-based Operators
+    Dir: ansible
+    Topics:
+# Quick start excluded, because it requires cluster-admin permissions.
+#   - Name: Getting started
+#     File: osdk-ansible-quickstart
+    - Name: Tutorial
+      File: osdk-ansible-tutorial
+    - Name: Project layout
+      File: osdk-ansible-project-layout
+    - Name: Updating Ansible-based projects
+      File: osdk-ansible-updating-projects
+    - Name: Ansible support
+      File: osdk-ansible-support
+    - Name: Kubernetes Collection for Ansible
+      File: osdk-ansible-k8s-collection
+    - Name: Using Ansible inside an Operator
+      File: osdk-ansible-inside-operator
+    - Name: Custom resource status management
+      File: osdk-ansible-cr-status
+  - Name: Helm-based Operators
+    Dir: helm
+    Topics:
+# Quick start excluded, because it requires cluster-admin permissions.
+#   - Name: Getting started
+#     File: osdk-helm-quickstart
+    - Name: Tutorial
+      File: osdk-helm-tutorial
+    - Name: Project layout
+      File: osdk-helm-project-layout
+    - Name: Updating Helm-based projects
+      File: osdk-helm-updating-projects
+    - Name: Helm support
+      File: osdk-helm-support
+#   - Name: Hybrid Helm Operator  <= Tech Preview
+#     File: osdk-hybrid-helm
+#   - Name: Updating Hybrid Helm-based projects  <= Tech Preview
+#     File: osdk-hybrid-helm-updating-projects
+# - Name: Java-based Operators  <= Tech Preview
+#   Dir: java
+#   Topics:
+#   - Name: Getting started
+#     File: osdk-java-quickstart
+#   - Name: Tutorial
+#     File: osdk-java-tutorial
+#   - Name: Project layout
+#     File: osdk-java-project-layout
+#   - Name: Updating Java-based projects
+#     File: osdk-java-updating-projects
+  - Name: Defining cluster service versions (CSVs)
+    File: osdk-generating-csvs
+  - Name: Working with bundle images
+    File: osdk-working-bundle-images
+  - Name: Complying with pod security admission
+    File: osdk-complying-with-psa
+  - Name: Validating Operators using the scorecard
+    File: osdk-scorecard
+  - Name: Validating Operator bundles
+    File: osdk-bundle-validate
+  - Name: High-availability or single-node cluster detection and support
+    File: osdk-ha-sno
+  - Name: Configuring built-in monitoring with Prometheus
+    File: osdk-monitoring-prometheus
+  - Name: Configuring leader election
+    File: osdk-leader-election
+  - Name: Object pruning utility
+    File: osdk-pruning-utility
+  - Name: Migrating package manifest projects to bundle format
+    File: osdk-pkgman-to-bundle
+  - Name: Operator SDK CLI reference
+    File: osdk-cli-ref
+  - Name: Migrating to Operator SDK v0.1.0
+    File: osdk-migrating-to-v0-1-0
+# ROSA customers can't configure/edit the cluster Operators
+# - Name: Cluster Operators reference
+#   File: operator-reference
 ---
 Name: Networking
 Dir: networking
@@ -333,6 +967,8 @@ Topics:
   File: dns-operator
 - Name: Understanding the Ingress Operator
   File: ingress-operator
+- Name: AWS Load Balancer Operator
+  File: aws-load-balancer-operator
 - Name: OpenShift SDN default CNI network provider
   Dir: openshift_sdn
   Topics:
@@ -373,8 +1009,8 @@ Topics:
   Dir: deployments
   Distros: openshift-rosa
   Topics:
-    - Name: Custom domains for applications
-      File: osd-config-custom-domains-applications
+  - Name: Custom domains for applications
+    File: osd-config-custom-domains-applications
 # - Name: Application GitOps workflows
 #   File: rosa-app-gitops-workflows
 # - Name: Application logging
@@ -395,16 +1031,278 @@ Topics:
 - Name: Installing OADP on ROSA with STS
   File: backing-up-applications
 ---
+Name: Nodes
+Dir: nodes
+Distros: openshift-rosa
+Topics:
+- Name: Overview of nodes
+  File: index
+- Name: Working with pods
+  Dir: pods
+  Topics:
+  - Name: About pods
+    File: nodes-pods-using
+  - Name: Viewing pods
+    File: nodes-pods-viewing
+  - Name: Configuring a cluster for pods
+    File: nodes-pods-configuring
+    Distros: openshift-rosa
+# Cannot create namespace to install VPA; revisit after Operator book converted
+#  - Name: Automatically adjust pod resource levels with the vertical pod autoscaler
+#   File: nodes-pods-vertical-autoscaler
+  - Name: Providing sensitive data to pods
+    File: nodes-pods-secrets
+  - Name: Creating and using config maps
+    File: nodes-pods-configmaps
+# Cannot create required kubeletconfigs
+# - Name: Using Device Manager to make devices available to nodes
+#   File: nodes-pods-plugins
+#   Distros: openshift-rosa
+  - Name: Including pod priority in pod scheduling decisions
+    File: nodes-pods-priority
+    Distros: openshift-rosa
+  - Name: Placing pods on specific nodes using node selectors
+    File: nodes-pods-node-selectors
+    Distros: openshift-rosa
+# Cannot create namespace to install Run Once; revisit after Operator book converted
+#  - Name: Run Once Duration Override Operator
+#    Dir: run_once_duration_override
+#    Distros: openshift-rosa
+#    Topics:
+#    - Name: Run Once Duration Override Operator overview
+#      File: index
+#    - Name: Run Once Duration Override Operator release notes
+#      File: run-once-duration-override-release-notes
+#    - Name: Overriding the active deadline for run-once pods
+#      File: run-once-duration-override-install
+#    - Name: Uninstalling the Run Once Duration Override Operator
+#      File: run-once-duration-override-uninstall
+- Name: Automatically scaling pods with the Custom Metrics Autoscaler Operator
+  Dir: cma
+  Distros: openshift-rosa
+  Topics:
+  - Name: Custom Metrics Autoscaler Operator overview
+    File: nodes-cma-autoscaling-custom
+  - Name: Custom Metrics Autoscaler Operator release notes
+    File: nodes-cma-autoscaling-custom-rn
+  - Name: Installing the custom metrics autoscaler
+    File: nodes-cma-autoscaling-custom-install
+  - Name: Understanding the custom metrics autoscaler triggers
+    File: nodes-cma-autoscaling-custom-trigger
+  - Name: Understanding the custom metrics autoscaler trigger authentications
+    File: nodes-cma-autoscaling-custom-trigger-auth
+  - Name: Pausing the custom metrics autoscaler
+    File: nodes-cma-autoscaling-custom-pausing
+  - Name: Gathering audit logs
+    File: nodes-cma-autoscaling-custom-audit-log
+  - Name: Gathering debugging data
+    File: nodes-cma-autoscaling-custom-debugging
+  - Name: Viewing Operator metrics
+    File: nodes-cma-autoscaling-custom-metrics
+  - Name: Understanding how to add custom metrics autoscalers
+    File: nodes-cma-autoscaling-custom-adding
+  - Name: Removing the Custom Metrics Autoscaler Operator
+    File: nodes-cma-autoscaling-custom-removing
+- Name: Controlling pod placement onto nodes (scheduling)
+  Dir: scheduling
+  Distros: openshift-rosa
+  Topics:
+  - Name: About pod placement using the scheduler
+    File: nodes-scheduler-about
+  - Name: Placing pods relative to other pods using pod affinity and anti-affinity rules
+    File: nodes-scheduler-pod-affinity
+  - Name: Controlling pod placement on nodes using node affinity rules
+    File: nodes-scheduler-node-affinity
+  - Name: Placing pods onto overcommited nodes
+    File: nodes-scheduler-overcommit
+  - Name: Controlling pod placement using node taints
+    File: nodes-scheduler-taints-tolerations
+  - Name: Placing pods on specific nodes using node selectors
+    File: nodes-scheduler-node-selectors
+  - Name: Controlling pod placement using pod topology spread constraints
+    File: nodes-scheduler-pod-topology-spread-constraints
+# - Name: Placing a pod on a specific node by name
+#   File: nodes-scheduler-node-names
+# - Name: Placing a pod in a specific project
+#   File: nodes-scheduler-node-projects
+# - Name: Keeping your cluster balanced using the descheduler
+#   File: nodes-scheduler-descheduler
+# Cannot create namespace to install Desceduler Operator; revisit after Operator book converted
+#  - Name: Evicting pods using the descheduler
+#   File: nodes-descheduler
+# Cannot create namespace to install Secondary Scheduler Operator; revisit after Operator book converted
+# - Name: Secondary scheduler
+#   Dir: secondary_scheduler
+#   Distros: openshift-enterprise
+#   Topics:
+#   - Name: Secondary scheduler overview
+#     File: index
+#   - Name: Secondary Scheduler Operator release notes
+#     File: nodes-secondary-scheduler-release-notes
+#   - Name: Scheduling pods using a secondary scheduler
+#     File: nodes-secondary-scheduler-configuring
+#   - Name: Uninstalling the Secondary Scheduler Operator
+#     File: nodes-secondary-scheduler-uninstalling
+- Name: Using Jobs and DaemonSets
+  Dir: jobs
+  Topics:
+  - Name: Running background tasks on nodes automatically with daemonsets
+    File: nodes-pods-daemonsets
+    Distros: openshift-rosa
+  - Name: Running tasks in pods using jobs
+    File: nodes-nodes-jobs
+- Name: Working with nodes
+  Dir: nodes
+  Distros: openshift-rosa
+  Topics:
+  - Name: Viewing and listing the nodes in your cluster
+    File: nodes-nodes-viewing
+# cannot use oc adm cordon; cannot patch resource "machinesets"; cannot patch resource "nodes"
+#  - Name: Working with nodes
+#    File: nodes-nodes-working
+# cannot create resource "kubeletconfigs", "schedulers", "machineconfigs", "kubeletconfigs"
+#  - Name: Managing nodes
+#    File: nodes-nodes-managing
+# cannot create resource "kubeletconfigs"
+#  - Name: Managing graceful node shutdown
+#    File: nodes-nodes-graceful-shutdown
+# cannot create resource "kubeletconfigs"
+#  - Name: Managing the maximum number of pods per node
+#    File: nodes-nodes-managing-max-pods
+  - Name: Using the Node Tuning Operator
+    File: nodes-node-tuning-operator
+  - Name: Remediating, fencing, and maintaining nodes
+    File: nodes-remediating-fencing-maintaining-rhwa
+# Cannot create namespace needed to oc debug and reboot; revisit after Operator book converted
+#  - Name: Understanding node rebooting
+#    File: nodes-nodes-rebooting
+# cannot create resource "kubeletconfigs"
+#  - Name: Freeing node resources using garbage collection
+#    File: nodes-nodes-garbage-collection
+# cannot create resource "kubeletconfigs"
+#  - Name: Allocating resources for nodes
+#    File: nodes-nodes-resources-configuring
+# cannot create resource "kubeletconfigs"
+#  - Name: Allocating specific CPUs for nodes in a cluster
+#    File: nodes-nodes-resources-cpus
+# cannot create resource "kubeletconfigs"
+#  - Name: Configuring the TLS security profile for the kubelet
+#    File: nodes-nodes-tls
+#    Distros: openshift-rosa
+#  - Name: Monitoring for problems in your nodes
+#    File: nodes-nodes-problem-detector
+  - Name: Machine Config Daemon metrics
+    File: nodes-nodes-machine-config-daemon-metrics
+# cannot patch resource "nodes"
+#  - Name: Creating infrastructure nodes
+#    File: nodes-nodes-creating-infrastructure-nodes
+- Name: Working with containers
+  Dir: containers
+  Topics:
+  - Name: Understanding containers
+    File: nodes-containers-using
+  - Name: Using Init Containers to perform tasks before a pod is deployed
+    File: nodes-containers-init
+    Distros: openshift-rosa
+  - Name: Using volumes to persist container data
+    File: nodes-containers-volumes
+  - Name: Mapping volumes using projected volumes
+    File: nodes-containers-projected-volumes
+  - Name: Allowing containers to consume API objects
+    File: nodes-containers-downward-api
+  - Name: Copying files to or from a container
+    File: nodes-containers-copying-files
+  - Name: Executing remote commands in a container
+    File: nodes-containers-remote-commands
+  - Name: Using port forwarding to access applications in a container
+    File: nodes-containers-port-forwarding
+# cannot patch resource "configmaps"
+#  - Name: Using sysctls in containers
+#    File: nodes-containers-sysctls
+- Name: Working with clusters
+  Dir: clusters
+  Topics:
+  - Name: Viewing system event information in a cluster
+    File: nodes-containers-events
+  - Name: Analyzing cluster resource levels
+    File: nodes-cluster-resource-levels
+    Distros: openshift-rosa
+  - Name: Setting limit ranges
+    File: nodes-cluster-limit-ranges
+  - Name: Configuring cluster memory to meet container memory and risk requirements
+    File: nodes-cluster-resource-configure
+    Distros: openshift-rosa
+  - Name: Configuring your cluster to place pods on overcommited nodes
+    File: nodes-cluster-overcommit
+    Distros: openshift-rosa
+  - Name: Configuring the Linux cgroup version on your nodes
+    File: nodes-cluster-cgroups-2
+    Distros: openshift-enterprise
+  - Name: Configuring the Linux cgroup version on your nodes
+    File: nodes-cluster-cgroups-okd
+    Distros: openshift-origin
+#  The TechPreviewNoUpgrade Feature Gate is not allowed
+#  - Name: Enabling features using FeatureGates
+#    File: nodes-cluster-enabling-features
+#    Distros: openshift-rosa
+# Error: nodes.config.openshift.io "cluster" could not be patched
+#  - Name: Improving cluster stability in high latency environments using worker latency profiles
+#    File: nodes-cluster-worker-latency-profiles
+# Not supported per Michael McNeill
+#- Name: Remote worker nodes on the network edge
+#  Dir: edge
+#  Topics:
+#  - Name: Using remote worker node at the network edge
+#    File: nodes-edge-remote-workers
+# Not supported per Michael McNeill
+#- Name: Worker nodes for single-node OpenShift clusters
+#  Dir: nodes
+#  Distros: openshift-rosa
+#  Topics:
+#  - Name: Adding worker nodes to single-node OpenShift clusters
+#    File: nodes-sno-worker-nodes
+---
 Name: Logging
 Dir: logging
 Distros: openshift-rosa
 Topics:
 - Name: Release notes
-  File: cluster-logging-release-notes
+  Dir: logging_release_notes
+  Topics:
+  - Name: Logging 5.8
+    File: logging-5-8-release-notes
+  - Name: Logging 5.7
+    File: logging-5-7-release-notes
+- Name: Support
+  File: cluster-logging-support
+- Name: Troubleshooting logging
+  Dir: troubleshooting
+  Topics:
+  - Name: Viewing Logging status
+    File: cluster-logging-cluster-status
+  - Name: Troubleshooting log forwarding
+    File: log-forwarding-troubleshooting
+  - Name: Troubleshooting logging alerts
+    File: troubleshooting-logging-alerts
+  - Name: Viewing the status of the Elasticsearch log store
+    File: cluster-logging-log-store-status
 - Name: About Logging
   File: cluster-logging
 - Name: Installing Logging
   File: cluster-logging-deploying
+- Name: Updating Logging
+  File: cluster-logging-upgrading
+- Name: Visualizing logs
+  Dir: log_visualization
+  Topics:
+  - Name: About log visualization
+    File: log-visualization
+  - Name: Log visualization with the web console
+    File: log-visualization-ocp-console
+  - Name: Viewing cluster dashboards
+    File: cluster-logging-dashboards
+  - Name: Log visualization with Kibana
+    File: logging-kibana
 - Name: Accessing the service logs
   File: sd-accessing-the-service-logs
 - Name: Viewing cluster logs in the AWS Console
@@ -412,82 +1310,97 @@ Topics:
 - Name: Configuring your Logging deployment
   Dir: config
   Topics:
-  - Name: About the Cluster Logging custom resource
-    File: cluster-logging-configuring-cr
-  - Name: Configuring the logging collector
-    File: cluster-logging-collector
-  - Name: Configuring the log store
-    File: cluster-logging-log-store
-  - Name: Configuring the log visualizer
-    File: cluster-logging-visualizer
-  - Name: Configuring Logging storage
-    File: cluster-logging-storage-considerations
   - Name: Configuring CPU and memory limits for Logging components
     File: cluster-logging-memory
-  - Name: Using tolerations to control Logging pod placement
-    File: cluster-logging-tolerations
-  - Name: Moving the Logging resources with node selectors
-    File: cluster-logging-moving-nodes
   #- Name: Configuring systemd-journald and Fluentd
   #  File: cluster-logging-systemd
-  - Name: Maintenance and support
-    File: cluster-logging-maintenance-support
-- Name: Logging with the LokiStack
-  File: cluster-logging-loki
-- Name: Viewing logs for a specific resource
-  File: viewing-resource-logs
-- Name: Viewing cluster logs in Kibana
-  File: cluster-logging-visualizer
-- Name: Forwarding logs to third party systems
-  File: cluster-logging-external
-- Name: Enabling JSON logging
-  File: cluster-logging-enabling-json-logging
-- Name: Collecting and storing Kubernetes events
-  File: cluster-logging-eventrouter
-# - Name: Forwarding logs using ConfigMaps
-#  File: cluster-logging-external-configmap
-- Name: Updating Logging
-  File: cluster-logging-upgrading
-- Name: Viewing cluster dashboards
-  File: cluster-logging-dashboards
-- Name: Troubleshooting Logging
-  Dir: troubleshooting
+- Name: Log collection and forwarding
+  Dir: log_collection_forwarding
   Topics:
-  - Name: Viewing Logging status
-    File: cluster-logging-cluster-status
-  - Name: Viewing the status of the log store
-    File: cluster-logging-log-store-status
-  - Name: Understanding Logging alerts
-    File: cluster-logging-alerts
-  - Name: Collecting logging data for Red Hat Support
-    File: cluster-logging-must-gather
-  - Name: Troubleshooting for Critical Alerts
-    File: cluster-logging-troubleshooting-for-critical-alerts
+  - Name: About log collection and forwarding
+    File: log-forwarding
+  - Name: Log output types
+    File: logging-output-types
+  - Name: Enabling JSON log forwarding
+    File: cluster-logging-enabling-json-logging
+  - Name: Configuring log forwarding
+    File: configuring-log-forwarding
+  - Name: Configuring the logging collector
+    File: cluster-logging-collector
+  - Name: Collecting and storing Kubernetes events
+    File: cluster-logging-eventrouter
+- Name: Log storage
+  Dir: log_storage
+  Topics:
+  - Name: About log storage
+    File: about-log-storage
+  - Name: Installing log storage
+    File: installing-log-storage
+  - Name: Configuring the LokiStack log store
+    File: cluster-logging-loki
+  - Name: Configuring the Elasticsearch log store
+    File: logging-config-es-store
+- Name: Logging alerts
+  Dir: logging_alerts
+  Topics:
+  - Name: Default logging alerts
+    File: default-logging-alerts
+  - Name: Custom logging alerts
+    File: custom-logging-alerts
+- Name: Performance and reliability tuning
+  Dir: performance_reliability
+  Topics:
+  - Name: Flow control mechanisms
+    File: logging-flow-control-mechanisms
+- Name: Scheduling resources
+  Dir: scheduling_resources
+  Topics:
+  - Name: Using node selectors to move logging resources
+    File: logging-node-selectors
+  - Name: Using tolerations to control logging pod placement
+    File: logging-taints-tolerations
 - Name: Uninstalling Logging
   File: cluster-logging-uninstall
 - Name: Exported fields
   File: cluster-logging-exported-fields
+- Name: API reference
+  Dir: api_reference
+  Topics:
+#  - Name: 5.8 Logging API reference
+#    File: logging-5-8-reference
+#  - Name: 5.7 Logging API reference
+#    File: logging-5-7-reference
+  - Name: 5.6 Logging API reference
+    File: logging-5-6-reference
+- Name: Glossary
+  File: logging-common-terms
 ---
-Name: Monitoring user-defined projects
+Name: Monitoring
 Dir: monitoring
 Distros: openshift-rosa
 Topics:
-- Name: Understanding the monitoring stack
-  File: rosa-understanding-the-monitoring-stack
+- Name: Monitoring overview
+  File: monitoring-overview
 - Name: Accessing monitoring for user-defined projects
-  File: rosa-accessing-monitoring-for-user-defined-projects
+  File: sd-accessing-monitoring-for-user-defined-projects
 - Name: Configuring the monitoring stack
-  File: rosa-configuring-the-monitoring-stack
+  File: configuring-the-monitoring-stack
+- Name: Disabling monitoring for user-defined projects
+  File: sd-disabling-monitoring-for-user-defined-projects
 - Name: Enabling alert routing for user-defined projects
-  File: rosa-enabling-alert-routing-for-user-defined-projects
+  File: enabling-alert-routing-for-user-defined-projects
 - Name: Managing metrics
-  File: rosa-managing-metrics
+  File: managing-metrics
 - Name: Managing alerts
   File: managing-alerts
 - Name: Reviewing monitoring dashboards
-  File: rosa-reviewing-monitoring-dashboards
+  File: reviewing-monitoring-dashboards
+- Name: Accessing third-party monitoring APIs
+  File: accessing-third-party-monitoring-apis
 - Name: Troubleshooting monitoring issues
-  File: rosa-troubleshooting-monitoring-issues
+  File: troubleshooting-monitoring-issues
+- Name: Config map reference for the Cluster Monitoring Operator
+  File: config-map-reference-for-the-cluster-monitoring-operator
 ---
 Name: Service Mesh
 Dir: service_mesh
@@ -585,27 +1498,3 @@ Topics:
   Topics:
   - Name: Serverless overview
     File: about-serverless
----
-Name: Troubleshooting
-Dir: sd_support
-Distros: openshift-rosa
-Topics:
-- Name: Remote health monitoring with connected clusters
-  Dir: remote_health_monitoring
-  Topics:
-  - Name: About remote health monitoring
-    File: about-remote-health-monitoring
-  - Name: Showing data collected by remote health monitoring
-    File: showing-data-collected-by-remote-health-monitoring
-  - Name: Using Insights to identify issues with your cluster
-    File: using-insights-to-identify-issues-with-your-cluster
-- Name: Troubleshooting expired offline access tokens
-  File: rosa-troubleshooting-expired-tokens
-- Name: Troubleshooting installations
-  File: rosa-troubleshooting-installations
-- Name: Troubleshooting IAM roles
-  File: rosa-troubleshooting-iam-resources
-- Name: Troubleshooting cluster deployments
-  File: rosa-troubleshooting-deployments
-- Name: Red Hat OpenShift Service on AWS managed resources
-  File: rosa-managed-resources
diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc b/_unused_topics/cco-mode-gcp-workload-identity.adoc
similarity index 93%
rename from authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
rename to _unused_topics/cco-mode-gcp-workload-identity.adoc
index ced6e811400a..0df5ff50ee20 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
+++ b/_unused_topics/cco-mode-gcp-workload-identity.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cco-mode-gcp-workload-identity"]
 = Using manual mode with GCP Workload Identity
 include::_attributes/common-attributes.adoc[]
@@ -103,7 +103,7 @@ Because the cluster is operating in manual mode when using GCP Workload Identity
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
 
 //Task part 1: Configuring the Cloud Credential Operator utility
 include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
@@ -121,4 +121,4 @@ include::modules/sts-mode-installing-verifying.adoc[leveloffset=+2]
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc b/_unused_topics/cco-mode-sts.adoc
similarity index 93%
rename from authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
rename to _unused_topics/cco-mode-sts.adoc
index ad0c756d57f8..7fd809f7702d 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
+++ b/_unused_topics/cco-mode-sts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cco-mode-sts"]
 = Using manual mode with Amazon Web Services Security Token Service
 include::_attributes/common-attributes.adoc[]
@@ -82,7 +82,7 @@ Because the cluster is operating in manual mode when using STS, it is not able t
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
 
 //[pre-4.8]Task part 1: Creating AWS resources manually
 //include::modules/sts-mode-installing-manual-config.adoc[leveloffset=+2]
@@ -111,4 +111,4 @@ include::modules/sts-mode-installing-verifying.adoc[leveloffset=+2]
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
diff --git a/_unused_topics/cco-short-term-creds-auth-flows.adoc b/_unused_topics/cco-short-term-creds-auth-flows.adoc
new file mode 100644
index 000000000000..52a1dca7cb54
--- /dev/null
+++ b/_unused_topics/cco-short-term-creds-auth-flows.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-auth-flows_{context}"]
+= Provider authentication details
+
+The authentication flow for this authentication method has similarities across the supported cloud providers.
+
+[id="cco-short-term-creds-auth-flow-aws_{context}"]
+== AWS Security Token Service
+
+In manual mode with STS, the individual {product-title} cluster components use the AWS Security Token Service (STS) to assign components IAM roles that provide short-term, limited-privilege security credentials. These credentials are associated with IAM roles that are specific to each component that makes AWS API calls.
+
+.AWS Security Token Service authentication flow
+image::347_OpenShift_credentials_with_STS_updates_0623_AWS.png[Detailed authentication flow between AWS and the cluster when using AWS STS]
+
+[id="cco-short-term-creds-auth-flow-gcp_{context}"]
+== GCP Workload Identity
+
+In manual mode with GCP Workload Identity, the individual {product-title} cluster components use the GCP workload identity provider to allow components to impersonate GCP service accounts using short-term, limited-privilege credentials.
+
+.GCP Workload Identity authentication flow
+image::347_OpenShift_credentials_with_STS_updates_0623_GCP.png[Detailed authentication flow between GCP and the cluster when using GCP Workload Identity]
+
+////
+[id="cco-short-term-creds-auth-flow-azure_{context}"]
+== Azure AD Workload Identity
+
+//todo: work with dev and diagrams team to get a diagram for Azure
+.Azure AD Workload Identity authentication flow
+image::Azure_diagram.png[Detailed authentication flow between Azure and the cluster when using Azure AD Workload Identity]
+////
+
+[id="cco-short-term-creds-auth-flow-refresh_{context}"]
+== Automated credential refreshing
+
+Requests for new and refreshed credentials are automated by using an appropriately configured OpenID Connect (OIDC) identity provider combined with provider-specific service accounts or roles. {product-title} signs Kubernetes service account tokens that are trusted by the cloud provider. These tokens can be mounted into a pod and used for authentication. By default, tokens are refreshed after one hour.
\ No newline at end of file
diff --git a/_unused_topics/cluster-logging-collector-envvar.adoc b/_unused_topics/cluster-logging-collector-envvar.adoc
deleted file mode 100644
index d1a96e696399..000000000000
--- a/_unused_topics/cluster-logging-collector-envvar.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-collector.adoc
-
-[id="cluster-logging-collector-envvar_{context}"]
-= Configuring the logging collector using environment variables
-
-You can use environment variables to modify the configuration of the Fluentd log
-collector.
-
-See the link:https://github.com/openshift/origin-aggregated-logging/blob/master/fluentd/README.md[Fluentd README] in Github for lists of the
-available environment variables.
-
-.Prerequisites
-
-* Set OpenShift Logging to the unmanaged state. Operators in an unmanaged state are unsupported and the cluster administrator assumes full control of the individual component configurations and upgrades.
-
-.Procedure
-
-Set any of the Fluentd environment variables as needed:
-
-----
-$ oc set env ds/fluentd <env-var>=<value>
-----
-
-For example:
-
-----
-$ oc set env ds/fluentd BUFFER_SIZE_LIMIT=24
-----
diff --git a/_unused_topics/cluster-logging-configuring-node-selector.adoc b/_unused_topics/cluster-logging-configuring-node-selector.adoc
deleted file mode 100644
index 05a470114490..000000000000
--- a/_unused_topics/cluster-logging-configuring-node-selector.adoc
+++ /dev/null
@@ -1,65 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-elasticsearch.adoc
-
-[id="cluster-logging-configuring-node-selector_{context}"]
-= Specifying a node for cluster logging components using node selectors
-
-Each component specification allows the component to target a specific node. 
-
-.Procedure
-
-Edit the Cluster Logging Custom Resource (CR) in the `openshift-logging` project:
-
-[source,yaml]
-----
-$ oc edit ClusterLogging instance
-
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
-metadata:
-  name: "nodeselector"
-spec:
-  managementState: "Managed"
-  logStore:
-    type: "elasticsearch"
-    elasticsearch:
-      nodeSelector:  <1>
-        logging: es
-      nodeCount: 3
-      resources:
-        limits:
-          memory: 16Gi
-        requests:
-          cpu: 500m
-          memory: 16Gi
-      storage:
-        size: "20G"
-        storageClassName: "gp2"
-      redundancyPolicy: "ZeroRedundancy"
-  visualization:
-    type: "kibana"
-    kibana:
-      nodeSelector:  <2>
-        logging: kibana
-      replicas: 1
-  curation:
-    type: "curator"
-    curator:
-      nodeSelector:  <3>
-        logging: curator
-      schedule: "*/10 * * * *"
-  collection:
-    logs:
-      type: "fluentd"
-      fluentd:
-        nodeSelector:  <4>
-        logging: fluentd
-----
-
-<1> Node selector for Elasticsearch.
-<2> Node selector for Kibana.
-<3> Node selector for Curator.
-<4> Node selector for Fluentd.
-
-
diff --git a/_unused_topics/cluster-logging-elasticsearch-admin.adoc b/_unused_topics/cluster-logging-elasticsearch-admin.adoc
deleted file mode 100644
index b1b3843deb19..000000000000
--- a/_unused_topics/cluster-logging-elasticsearch-admin.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-elasticsearch.adoc
-
-[id="cluster-logging-elasticsearch-admin_{context}"]
-= Performing administrative Elasticsearch operations
-
-An administrator certificate, key, and CA that can be used to communicate with and perform administrative operations on Elasticsearch are provided within the *elasticsearch* secret in the `openshift-logging` project.
-
-[NOTE]
-====
-To confirm whether your OpenShift Logging installation provides these, run:
-----
-$ oc describe secret elasticsearch -n openshift-logging
-----
-====
-
-. Connect to an Elasticsearch pod that is in the cluster on which you are attempting to perform maintenance.
-
-. To find a pod in a cluster use:
-+
-----
-$ oc get pods -l component=elasticsearch -o name -n openshift-logging  | head -1
-----
-
-. Connect to a pod:
-+
-----
-$ oc rsh <your_Elasticsearch_pod>
-----
-
-. Once connected to an Elasticsearch container, you can use the certificates mounted from the secret to communicate with Elasticsearch per its link:https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices.html[Indices APIs documentation].
-+
-Fluentd sends its logs to Elasticsearch using the index format *infra-00000x* or *app-00000x*.
-+
-For example, to delete all logs for the openshift-logging index, *app-000001*, we can run:
-+
-----
-$ curl --key /etc/elasticsearch/secret/admin-key \
---cert /etc/elasticsearch/secret/admin-cert \
---cacert /etc/elasticsearch/secret/admin-ca -XDELETE \
-"https://localhost:9200/app-000001"
-----
diff --git a/_unused_topics/cluster-logging-exported-fields-aushape.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-aushape.2021-06-04.adoc
deleted file mode 100644
index 3223ed28b26e..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-aushape.2021-06-04.adoc
+++ /dev/null
@@ -1,63 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-aushape_{context}"]
-= Aushape exported fields
-
-These are the Aushape fields exported by OpenShift Logging available for searching
-from Elasticsearch and Kibana.
-
-Audit events converted with Aushape. For more information, see
-link:https://github.com/Scribery/aushape[Aushape].
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `aushape.serial`
-|Audit event serial number.
-
-| `aushape.node`
-|Name of the host where the audit event occurred.
-
-| `aushape.error`
-|The error aushape encountered while converting the event.
-
-| `aushape.trimmed`
-|An array of JSONPath expressions relative to the event object, specifying
-objects or arrays with the content removed as the result of event size limiting.
-An empty string means the event removed the content, and an empty array means
-the trimming occurred by unspecified objects and arrays.
-
-| `aushape.text`
-|An array log record strings representing the original audit event.
-|===
-
-[discrete]
-[id="exported-fields-aushape.data_{context}"]
-=== `aushape.data` Fields
-
-Parsed audit event data related to Aushape.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `aushape.data.avc`
-|type: nested
-
-| `aushape.data.execve`
-|type: string
-
-| `aushape.data.netfilter_cfg`
-|type: nested
-
-| `aushape.data.obj_pid`
-|type: nested
-
-| `aushape.data.path`
-|type: nested
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-collectd.adoc b/_unused_topics/cluster-logging-exported-fields-collectd.adoc
deleted file mode 100644
index 75dfb4c71428..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-collectd.adoc
+++ /dev/null
@@ -1,993 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-collectd_{context}"]
-= `collectd` exported fields
-
-These are the `collectd` and `collectd-*` fields exported by the logging system and available for searching
-from Elasticsearch and Kibana.
-
-[discrete]
-[id="exported-fields-collectd_{context}"]
-=== `collectd` Fields
-
-The following fields represent namespace metrics metadata.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interval`
-|type: float
-
-The `collectd` interval.
-
-| `collectd.plugin`
-|type: string
-
-The `collectd` plug-in.
-
-| `collectd.plugin_instance`
-|type: string
-
-The `collectd` plugin_instance.
-
-| `collectd.type_instance`
-|type: string
-
-The `collectd` `type_instance`.
-
-| `collectd.type`
-|type: string
-
-The `collectd` type.
-
-| `collectd.dstypes`
-|type: string
-
-The `collectd` dstypes.
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes_{context}"]
-=== `collectd.processes` Fields
-
-The following field corresponds to the `collectd` processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_state`
-|type: integer
-The `collectd ps_state` type of processes plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_disk_ops_{context}"]
-=== `collectd.processes.ps_disk_ops` Fields
-
-The `collectd` `ps_disk_ops` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_disk_ops.read`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_disk_ops.write`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_vm`
-|type: integer
-
-The `collectd` `ps_vm` type of processes plug-in.
-
-| `collectd.processes.ps_rss`
-|type: integer
-
-The `collectd` `ps_rss` type of processes plug-in.
-
-| `collectd.processes.ps_data`
-|type: integer
-
-The `collectd` `ps_data` type of processes plug-in.
-
-| `collectd.processes.ps_code`
-|type: integer
-
-The `collectd` `ps_code` type of processes plug-in.
-
-| `collectd.processes.ps_stacksize`
-| type: integer
-
-The `collectd` `ps_stacksize` type of processes plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_cputime_{context}"]
-=== `collectd.processes.ps_cputime` Fields
-
-The `collectd` `ps_cputime` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_cputime.user`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_cputime.syst`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_count_{context}"]
-=== `collectd.processes.ps_count` Fields
-
-The `collectd` `ps_count` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_count.processes`
-|type: integer
-
-`TODO`
-
-| `collectd.processes.ps_count.threads`
-|type: integer
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_pagefaults_{context}"]
-=== `collectd.processes.ps_pagefaults` Fields
-
-The `collectd` `ps_pagefaults` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_pagefaults.majflt`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_pagefaults.minflt`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_disk_octets_{context}"]
-=== `collectd.processes.ps_disk_octets` Fields
-
-The `collectd ps_disk_octets` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_disk_octets.read`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_disk_octets.write`
-|type: float
-
-`TODO`
-
-| `collectd.processes.fork_rate`
-|type: float
-
-The `collectd` `fork_rate` type of processes plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk_{context}"]
-=== `collectd.disk` Fields
-
-Corresponds to `collectd` disk plug-in.
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_merged_{context}"]
-=== `collectd.disk.disk_merged` Fields
-
-The `collectd` `disk_merged` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_merged.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_merged.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_octets_{context}"]
-=== `collectd.disk.disk_octets` Fields
-
-The `collectd` `disk_octets` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_octets.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_octets.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_time_{context}"]
-=== `collectd.disk.disk_time` Fields
-
-The `collectd` `disk_time` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_time.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_time.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_ops_{context}"]
-=== `collectd.disk.disk_ops` Fields
-
-The `collectd` `disk_ops` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_ops.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_ops.write`
-|type: float
-
-`TODO`
-
-| `collectd.disk.pending_operations`
-|type: integer
-
-The `collectd` `pending_operations` type of disk plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_io_time_{context}"]
-=== `collectd.disk.disk_io_time` Fields
-
-The `collectd disk_io_time` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_io_time.io_time`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_io_time.weighted_io_time`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface_{context}"]
-=== `collectd.interface` Fields
-
-Corresponds to the `collectd` interface plug-in.
-
-[discrete]
-[id="exported-fields-collectd.interface.if_octets_{context}"]
-=== `collectd.interface.if_octets` Fields
-
-The `collectd` `if_octets` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_octets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_octets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface.if_packets_{context}"]
-=== `collectd.interface.if_packets` Fields
-
-The `collectd` `if_packets` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_packets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_packets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface.if_errors_{context}"]
-=== `collectd.interface.if_errors` Fields
-
-The `collectd` `if_errors` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_errors.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_errors.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface.if_dropped_{context}"]
-=== collectd.interface.if_dropped Fields
-
-The `collectd` `if_dropped` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_dropped.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_dropped.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt_{context}"]
-=== `collectd.virt` Fields
-
-Corresponds to `collectd` virt plug-in.
-
-[discrete]
-[id="exported-fields-collectd.virt.if_octets_{context}"]
-=== `collectd.virt.if_octets` Fields
-
-The `collectd if_octets` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_octets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_octets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.if_packets_{context}"]
-=== `collectd.virt.if_packets` Fields
-
-The `collectd` `if_packets` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_packets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_packets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.if_errors_{context}"]
-=== `collectd.virt.if_errors` Fields
-
-The `collectd` `if_errors` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_errors.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_errors.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.if_dropped_{context}"]
-=== `collectd.virt.if_dropped` Fields
-
-The `collectd` `if_dropped` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_dropped.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_dropped.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.disk_ops_{context}"]
-=== `collectd.virt.disk_ops` Fields
-
-The `collectd` `disk_ops` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| collectd.virt.disk_ops.read
-|type: float
-
-`TODO`
-
-| `collectd.virt.disk_ops.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.disk_octets_{context}"]
-=== `collectd.virt.disk_octets` Fields
-
-The `collectd` `disk_octets` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.disk_octets.read`
-|type: float
-
-`TODO`
-
-| `collectd.virt.disk_octets.write`
-|type: float
-
-`TODO`
-
-| `collectd.virt.memory`
-|type: float
-
-The `collectd` memory type of virt plug-in.
-
-| `collectd.virt.virt_vcpu`
-|type: float
-
-The `collectd` `virt_vcpu` type of virt plug-in.
-
-| `collectd.virt.virt_cpu_total`
-|type: float
-
-The `collectd` `virt_cpu_total` type of virt plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.CPU_{context}"]
-=== `collectd.CPU` Fields
-
-Corresponds to the `collectd` CPU plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.CPU.percent`
-|type: float
-
-The `collectd` type percent of plug-in CPU.
-|===
-
-[discrete]
-[id="exported-fields-collectd.df_{context}"]
-=== collectd.df Fields
-
-Corresponds to the `collectd` `df` plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.df.df_complex`
-|type: float
-
-The `collectd` type `df_complex` of plug-in `df`.
-
-| `collectd.df.percent_bytes`
-|type: float
-
-The `collectd` type `percent_bytes` of plug-in `df`.
-|===
-
-[discrete]
-[id="exported-fields-collectd.entropy_{context}"]
-=== `collectd.entropy` Fields
-
-Corresponds to the `collectd` entropy plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.entropy.entropy`
-|type: integer
-
-The `collectd` entropy type of entropy plug-in.
-|===
-
-////
-[discrete]
-[id="exported-fields-collectd.nfs_{context}"]
-=== `collectd.nfs` Fields
-
-Corresponds to the `collectd` NFS plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.nfs.nfs_procedure`
-|type: integer
-
-The `collectd` `nfs_procedure` type of nfs plug-in.
-|===
-////
-
-[discrete]
-[id="exported-fields-collectd.memory_{context}"]
-=== `collectd.memory` Fields
-
-Corresponds to the `collectd` memory plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.memory.memory`
-|type: float
-
-The `collectd` memory type of memory plug-in.
-
-| `collectd.memory.percent`
-|type: float
-
-The `collectd` percent type of memory plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.swap_{context}"]
-=== `collectd.swap` Fields
-
-Corresponds to the `collectd` swap plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.swap.swap`
-|type: integer
-
-The `collectd` swap type of swap plug-in.
-
-| `collectd.swap.swap_io`
-|type: integer
-
-The `collectd swap_io` type of swap plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.load_{context}"]
-=== `collectd.load` Fields
-
-Corresponds to the `collectd` load plug-in.
-
-[discrete]
-[id="exported-fields-collectd.load.load_{context}"]
-=== `collectd.load.load` Fields
-
-The `collectd` load type of load plug-in
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.load.load.shortterm`
-|type: float
-
-`TODO`
-
-| `collectd.load.load.midterm`
-|type: float
-
-`TODO`
-
-| `collectd.load.load.longterm`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.aggregation_{context}"]
-=== `collectd.aggregation` Fields
-
-Corresponds to `collectd` aggregation plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.aggregation.percent`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.statsd_{context}"]
-=== `collectd.statsd` Fields
-
-Corresponds to `collectd` `statsd` plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.statsd.host_cpu`
-|type: integer
-
-The `collectd` CPU type of `statsd` plug-in.
-
-| `collectd.statsd.host_elapsed_time`
-|type: integer
-
-The `collectd` `elapsed_time` type of `statsd` plug-in.
-
-| `collectd.statsd.host_memory`
-|type: integer
-
-The `collectd` memory type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_speed`
-|type: integer
-
-The `collectd` `nic_speed` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_rx`
-|type: integer
-
-The `collectd` `nic_rx` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_tx`
-|type: integer
-
-The `collectd` `nic_tx` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_rx_dropped`
-|type: integer
-
-The `collectd` `nic_rx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_tx_dropped`
-|type: integer
-
-The `collectd` `nic_tx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_rx_errors`
-|type: integer
-
-The `collectd` `nic_rx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_tx_errors`
-|type: integer
-
-The `collectd` `nic_tx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.host_storage`
-|type: integer
-
-The `collectd` storage type of `statsd` plug-in.
-
-| `collectd.statsd.host_swap`
-|type: integer
-
-The `collectd` swap type of `statsd` plug-in.
-
-| `collectd.statsd.host_vdsm`
-|type: integer
-
-The `collectd` VDSM type of `statsd` plug-in.
-
-| `collectd.statsd.host_vms`
-|type: integer
-
-The `collectd` VMS type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_tx_dropped`
-|type: integer
-
-The `collectd` `nic_tx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_rx_bytes`
-|type: integer
-
-The `collectd` `nic_rx_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_tx_bytes`
-|type: integer
-
-The `collectd` `nic_tx_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_min`
-|type: integer
-
-The `collectd` `balloon_min` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_max`
-|type: integer
-
-The `collectd` `balloon_max` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_target`
-|type: integer
-
-The `collectd` `balloon_target` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_cur`
-| type: integer
-
-The `collectd` `balloon_cur` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_cpu_sys`
-|type: integer
-
-The `collectd` `cpu_sys` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_cpu_usage`
-|type: integer
-
-The `collectd` `cpu_usage` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_ops`
-|type: integer
-
-The `collectd` `disk_read_ops` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_ops`
-|type: integer
-
-The collectd` `disk_write_ops` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_flush_latency`
-|type: integer
-
-The `collectd` `disk_flush_latency` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_apparent_size`
-|type: integer
-
-The `collectd` `disk_apparent_size` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_bytes`
-|type: integer
-
-The `collectd` `disk_write_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_rate`
-|type: integer
-
-The `collectd` `disk_write_rate` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_true_size`
-|type: integer
-
-The `collectd` `disk_true_size` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_rate`
-|type: integer
-
-The `collectd` `disk_read_rate` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_latency`
-|type: integer
-
-The `collectd` `disk_write_latency` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_latency`
-|type: integer
-
-The `collectd` `disk_read_latency` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_bytes`
-|type: integer
-
-The `collectd` `disk_read_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_rx_dropped`
-|type: integer
-
-The `collectd` `nic_rx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_cpu_user`
-|type: integer
-
-The `collectd` `cpu_user` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_rx_errors`
-|type: integer
-
-The `collectd` `nic_rx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_tx_errors`
-|type: integer
-
-The `collectd` `nic_tx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_speed`
-|type: integer
-
-The `collectd` `nic_speed` type of `statsd` plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.postgresql_{context}"]
-=== `collectd.postgresql Fields`
-
-Corresponds to `collectd` `postgresql` plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.postgresql.pg_n_tup_g`
-|type: integer
-
-The `collectd` type `pg_n_tup_g` of plug-in postgresql.
-
-| `collectd.postgresql.pg_n_tup_c`
-|type: integer
-
-The `collectd` type `pg_n_tup_c` of plug-in postgresql.
-
-| `collectd.postgresql.pg_numbackends`
-|type: integer
-
-The `collectd` type `pg_numbackends` of plug-in postgresql.
-
-| `collectd.postgresql.pg_xact`
-|type: integer
-
-The `collectd` type `pg_xact` of plug-in postgresql.
-
-| `collectd.postgresql.pg_db_size`
-|type: integer
-
-The `collectd` type `pg_db_size` of plug-in postgresql.
-
-| `collectd.postgresql.pg_blks`
-|type: integer
-
-The `collectd` type `pg_blks` of plug-in postgresql.
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-container.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-container.2021-06-04.adoc
deleted file mode 100644
index d893b804f0cc..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-container.2021-06-04.adoc
+++ /dev/null
@@ -1,89 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-container_{context}"]
-= Container exported fields
-
-These are the Docker fields exported by OpenShift Logging available for searching from Elasticsearch and Kibana.
-Namespace for docker container-specific metadata. The docker.container_id is the Docker container ID.
-
-
-[discrete]
-[id="exported-fields-pipeline_metadata.collector_{context}"]
-=== `pipeline_metadata.collector` Fields
-
-This section contains metadata specific to the collector.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `pipeline_metadata.collector.hostname`
-|FQDN of the collector. It might be different from the FQDN of the actual emitter
-of the logs.
-
-| `pipeline_metadata.collector.name`
-|Name of the collector.
-
-| `pipeline_metadata.collector.version`
-|Version of the collector.
-
-| `pipeline_metadata.collector.ipaddr4`
-|IP address v4 of the collector server, can be an array.
-
-| `pipeline_metadata.collector.ipaddr6`
-|IP address v6 of the collector server, can be an array.
-
-| `pipeline_metadata.collector.inputname`
-|How the log message was received by the collector whether it was TCP/UDP, or
-imjournal/imfile.
-
-| `pipeline_metadata.collector.received_at`
-|Time when the message was received by the collector.
-
-| `pipeline_metadata.collector.original_raw_message`
-|The original non-parsed log message, collected by the collector or as close to the
-source as possible.
-|===
-
-[discrete]
-[id="exported-fields-pipeline_metadata.normalizer_{context}"]
-=== `pipeline_metadata.normalizer` Fields
-
-This section contains metadata specific to the normalizer.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `pipeline_metadata.normalizer.hostname`
-|FQDN of the normalizer.
-
-| `pipeline_metadata.normalizer.name`
-|Name of the normalizer.
-
-| `pipeline_metadata.normalizer.version`
-|Version of the normalizer.
-
-| `pipeline_metadata.normalizer.ipaddr4`
-|IP address v4 of the normalizer server, can be an array.
-
-| `pipeline_metadata.normalizer.ipaddr6`
-|IP address v6 of the normalizer server, can be an array.
-
-| `pipeline_metadata.normalizer.inputname`
-|how the log message was received by the normalizer whether it was TCP/UDP.
-
-| `pipeline_metadata.normalizer.received_at`
-|Time when the message was received by the normalizer.
-
-| `pipeline_metadata.normalizer.original_raw_message`
-|The original non-parsed log message as it is received by the normalizer.
-
-| `pipeline_metadata.trace`
-|The field records the trace of the message. Each collector and normalizer appends
-information about itself and the date and time when the message was processed.
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-default.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-default.2021-06-04.adoc
deleted file mode 100644
index e26b60808513..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-default.2021-06-04.adoc
+++ /dev/null
@@ -1,1100 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-default_{context}"]
-= Default exported fields
-
-These are the default fields exported by the logging system and available for searching
-from Elasticsearch and Kibana. The default fields are Top Level and `collectd*`
-
-[discrete]
-=== Top Level Fields
-
-The top level fields are common to every application and can be present in
-every record. For the Elasticsearch template, top level fields populate the actual
-mappings of `default` in the template's mapping section.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `@timestamp`
-| The UTC value marking when the log payload was created, or when the log payload
-was first collected if the creation time is not known. This is the log
-processing pipeline's best effort determination of when the log payload was
-generated. Add the `@` prefix convention to note a field as being reserved for a
-particular use. With Elasticsearch, most tools look for `@timestamp` by default.
-For example, the format would be 2015-01-24 14:06:05.071000.
-
-| `geoip`
-|This is geo-ip of the machine.
-
-| `hostname`
-|The `hostname` is the fully qualified domain name (FQDN) of the entity
-generating the original payload. This field is an attempt to derive this
-context. Sometimes the entity generating it knows the context. While other times
-that entity has a restricted namespace itself, which is known by the collector
-or normalizer.
-
-| `ipaddr4`
-|The IP address V4 of the source server, which can be an array.
-
-| `ipaddr6`
-|The IP address V6 of the source server, if available.
-
-| `level`
-|The logging level as provided by rsyslog (severitytext property), python's
-logging module. Possible values are as listed at
-link:http://sourceware.org/git/?p=glibc.git;a=blob;f=misc/sys/syslog.h;h=ee01478c4b19a954426a96448577c5a76e6647c0;hb=HEAD#l74[`misc/sys/syslog.h`]
-plus `trace` and `unknown`. For example, _alert crit debug emerg err info notice
-trace unknown warning_. Note that `trace` is not in the `syslog.h` list but many
-applications use it.
-
-* You should only use `unknown` when the logging system gets a value it does not
-understand, and note that it is the highest level.
-
-* Consider `trace` as higher or more verbose, than `debug`.
-
-* `error` is deprecated, use `err`.
-
-* Convert `panic` to `emerg`.
-
-* Convert `warn` to `warning`.
-
-Numeric values from `syslog/journal PRIORITY` can usually be mapped using the
-priority values as listed at
-link:http://sourceware.org/git/?p=glibc.git;a=blob;f=misc/sys/syslog.h;h=ee01478c4b19a954426a96448577c5a76e6647c0;hb=HEAD#l51[misc/sys/syslog.h].
-
-Log levels and priorities from other logging systems should be mapped to the
-nearest match. See
-link:https://docs.python.org/2.7/library/logging.html#logging-levels[python
-logging] for an example.
-
-| `message`
-|A typical log entry message, or payload. It can be stripped of metadata pulled
-out of it by the collector or normalizer, that is UTF-8 encoded.
-
-| `pid`
-|This is the process ID of the logging entity, if available.
-
-| `service`
-|The name of the service associated with the logging entity, if available. For
-example, the `syslog APP-NAME` property is mapped to
-the service field.
-
-| `tags`
-|Optionally provided operator defined list of tags placed on each log by the
-collector or normalizer. The payload can be a string with whitespace-delimited
-string tokens, or a JSON list of string tokens.
-
-| `file`
-|Optional path to the file containing the log entry local to the collector `TODO`
-analyzer for file paths.
-
-| `offset`
-|The offset value can represent bytes to the start of the log line in the file
-(zero or one based), or log line numbers (zero or one based), as long as the
-values are strictly monotonically increasing in the context of a single log
-file. The values are allowed to wrap, representing a new version of the log file
-(rotation).
-
-| `namespace_name`
-|Associate this record with the `namespace` that shares it's name. This value
-will not be stored, but it is used to associate the record with the appropriate
-`namespace` for access control and visualization. Normally this value will be
-given in the tag, but if the protocol does not support sending a tag, this field
-can be used. If this field is present, it will override the `namespace` given in
-the tag or in `kubernetes.namespace_name`.
-
-| `namespace_uuid`
-|This is the `uuid` associated with the `namespace_name`. This value will not be
-stored, but is used to associate the record with the appropriate namespace for
-access control and visualization. If this field is present, it will override the
-`uuid` given in `kubernetes.namespace_uuid`. This will also cause the Kubernetes
-metadata lookup to be skipped for this log record.
-|===
-
-[discrete]
-=== `collectd` Fields
-
-The following fields represent namespace metrics metadata.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interval`
-|type: float
-
-The `collectd` interval.
-
-| `collectd.plugin`
-|type: string
-
-The `collectd` plug-in.
-
-| `collectd.plugin_instance`
-|type: string
-
-The `collectd` plugin_instance.
-
-| `collectd.type_instance`
-|type: string
-
-The `collectd` `type_instance`.
-
-| `collectd.type`
-|type: string
-
-The `collectd` type.
-
-| `collectd.dstypes`
-|type: string
-
-The `collectd` dstypes.
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes_{context}"]
-=== `collectd.processes` Fields
-
-The following field corresponds to the `collectd` processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_state`
-|type: integer
-The `collectd ps_state` type of processes plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_disk_ops_{context}"]
-=== `collectd.processes.ps_disk_ops` Fields
-
-The `collectd` `ps_disk_ops` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_disk_ops.read`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_disk_ops.write`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_vm`
-|type: integer
-
-The `collectd` `ps_vm` type of processes plug-in.
-
-| `collectd.processes.ps_rss`
-|type: integer
-
-The `collectd` `ps_rss` type of processes plug-in.
-
-| `collectd.processes.ps_data`
-|type: integer
-
-The `collectd` `ps_data` type of processes plug-in.
-
-| `collectd.processes.ps_code`
-|type: integer
-
-The `collectd` `ps_code` type of processes plug-in.
-
-| `collectd.processes.ps_stacksize`
-| type: integer
-
-The `collectd` `ps_stacksize` type of processes plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_cputime_{context}"]
-=== `collectd.processes.ps_cputime` Fields
-
-The `collectd` `ps_cputime` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_cputime.user`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_cputime.syst`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_count_{context}"]
-=== `collectd.processes.ps_count` Fields
-
-The `collectd` `ps_count` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_count.processes`
-|type: integer
-
-`TODO`
-
-| `collectd.processes.ps_count.threads`
-|type: integer
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_pagefaults_{context}"]
-=== `collectd.processes.ps_pagefaults` Fields
-
-The `collectd` `ps_pagefaults` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_pagefaults.majflt`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_pagefaults.minflt`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.processes.ps_disk_octets_{context}"]
-=== `collectd.processes.ps_disk_octets` Fields
-
-The `collectd ps_disk_octets` type of processes plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.processes.ps_disk_octets.read`
-|type: float
-
-`TODO`
-
-| `collectd.processes.ps_disk_octets.write`
-|type: float
-
-`TODO`
-
-| `collectd.processes.fork_rate`
-|type: float
-
-The `collectd` `fork_rate` type of processes plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk_{context}"]
-=== `collectd.disk` Fields
-
-Corresponds to `collectd` disk plug-in.
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_merged_{context}"]
-=== `collectd.disk.disk_merged` Fields
-
-The `collectd` `disk_merged` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_merged.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_merged.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_octets_{context}"]
-=== `collectd.disk.disk_octets` Fields
-
-The `collectd` `disk_octets` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_octets.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_octets.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_time_{context}"]
-=== `collectd.disk.disk_time` Fields
-
-The `collectd` `disk_time` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_time.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_time.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_ops_{context}"]
-=== `collectd.disk.disk_ops` Fields
-
-The `collectd` `disk_ops` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_ops.read`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_ops.write`
-|type: float
-
-`TODO`
-
-| `collectd.disk.pending_operations`
-|type: integer
-
-The `collectd` `pending_operations` type of disk plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.disk.disk_io_time_{context}"]
-=== `collectd.disk.disk_io_time` Fields
-
-The `collectd disk_io_time` type of disk plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.disk.disk_io_time.io_time`
-|type: float
-
-`TODO`
-
-| `collectd.disk.disk_io_time.weighted_io_time`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface_{context}"]
-=== `collectd.interface` Fields
-
-Corresponds to the `collectd` interface plug-in.
-
-[discrete]
-[id="exported-fields-collectd.interface.if_octets_{context}"]
-=== `collectd.interface.if_octets` Fields
-
-The `collectd` `if_octets` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_octets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_octets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface.if_packets_{context}"]
-=== `collectd.interface.if_packets` Fields
-
-The `collectd` `if_packets` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_packets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_packets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface.if_errors_{context}"]
-=== `collectd.interface.if_errors` Fields
-
-The `collectd` `if_errors` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_errors.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_errors.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.interface.if_dropped_{context}"]
-=== collectd.interface.if_dropped Fields
-
-The `collectd` `if_dropped` type of interface plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.interface.if_dropped.rx`
-|type: float
-
-`TODO`
-
-| `collectd.interface.if_dropped.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt_{context}"]
-=== `collectd.virt` Fields
-
-Corresponds to `collectd` virt plug-in.
-
-[discrete]
-[id="exported-fields-collectd.virt.if_octets_{context}"]
-=== `collectd.virt.if_octets` Fields
-
-The `collectd if_octets` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_octets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_octets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.if_packets_{context}"]
-=== `collectd.virt.if_packets` Fields
-
-The `collectd` `if_packets` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_packets.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_packets.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.if_errors_{context}"]
-=== `collectd.virt.if_errors` Fields
-
-The `collectd` `if_errors` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_errors.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_errors.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.if_dropped_{context}"]
-=== `collectd.virt.if_dropped` Fields
-
-The `collectd` `if_dropped` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.if_dropped.rx`
-|type: float
-
-`TODO`
-
-| `collectd.virt.if_dropped.tx`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.disk_ops_{context}"]
-=== `collectd.virt.disk_ops` Fields
-
-The `collectd` `disk_ops` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.disk_ops.read`
-|type: float
-
-`TODO`
-
-| `collectd.virt.disk_ops.write`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.virt.disk_octets_{context}"]
-=== `collectd.virt.disk_octets` Fields
-
-The `collectd` `disk_octets` type of virt plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.virt.disk_octets.read`
-|type: float
-
-`TODO`
-
-| `collectd.virt.disk_octets.write`
-|type: float
-
-`TODO`
-
-| `collectd.virt.memory`
-|type: float
-
-The `collectd` memory type of virt plug-in.
-
-| `collectd.virt.virt_vcpu`
-|type: float
-
-The `collectd` `virt_vcpu` type of virt plug-in.
-
-| `collectd.virt.virt_cpu_total`
-|type: float
-
-The `collectd` `virt_cpu_total` type of virt plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.CPU_{context}"]
-=== `collectd.CPU` Fields
-
-Corresponds to the `collectd` CPU plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.CPU.percent`
-|type: float
-
-The `collectd` type percent of plug-in CPU.
-|===
-
-[discrete]
-[id="exported-fields-collectd.df_{context}"]
-=== collectd.df Fields
-
-Corresponds to the `collectd` `df` plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.df.df_complex`
-|type: float
-
-The `collectd` type `df_complex` of plug-in `df`.
-
-| `collectd.df.percent_bytes`
-|type: float
-
-The `collectd` type `percent_bytes` of plug-in `df`.
-|===
-
-[discrete]
-[id="exported-fields-collectd.entropy_{context}"]
-=== `collectd.entropy` Fields
-
-Corresponds to the `collectd` entropy plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.entropy.entropy`
-|type: integer
-
-The `collectd` entropy type of entropy plug-in.
-|===
-
-////
-[discrete]
-[id="exported-fields-collectd.nfs_{context}"]
-=== `collectd.nfs` Fields
-
-Corresponds to the `collectd` NFS plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.nfs.nfs_procedure`
-|type: integer
-
-The `collectd` `nfs_procedure` type of nfs plug-in.
-|===
-////
-
-[discrete]
-[id="exported-fields-collectd.memory_{context}"]
-=== `collectd.memory` Fields
-
-Corresponds to the `collectd` memory plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.memory.memory`
-|type: float
-
-The `collectd` memory type of memory plug-in.
-
-| `collectd.memory.percent`
-|type: float
-
-The `collectd` percent type of memory plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.swap_{context}"]
-=== `collectd.swap` Fields
-
-Corresponds to the `collectd` swap plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.swap.swap`
-|type: integer
-
-The `collectd` swap type of swap plug-in.
-
-| `collectd.swap.swap_io`
-|type: integer
-
-The `collectd swap_io` type of swap plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.load_{context}"]
-=== `collectd.load` Fields
-
-Corresponds to the `collectd` load plug-in.
-
-[discrete]
-[id="exported-fields-collectd.load.load_{context}"]
-=== `collectd.load.load` Fields
-
-The `collectd` load type of load plug-in
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.load.load.shortterm`
-|type: float
-
-`TODO`
-
-| `collectd.load.load.midterm`
-|type: float
-
-`TODO`
-
-| `collectd.load.load.longterm`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.aggregation_{context}"]
-=== `collectd.aggregation` Fields
-
-Corresponds to `collectd` aggregation plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.aggregation.percent`
-|type: float
-
-`TODO`
-|===
-
-[discrete]
-[id="exported-fields-collectd.statsd_{context}"]
-=== `collectd.statsd` Fields
-
-Corresponds to `collectd` `statsd` plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.statsd.host_cpu`
-|type: integer
-
-The `collectd` CPU type of `statsd` plug-in.
-
-| `collectd.statsd.host_elapsed_time`
-|type: integer
-
-The `collectd` `elapsed_time` type of `statsd` plug-in.
-
-| `collectd.statsd.host_memory`
-|type: integer
-
-The `collectd` memory type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_speed`
-|type: integer
-
-The `collectd` `nic_speed` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_rx`
-|type: integer
-
-The `collectd` `nic_rx` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_tx`
-|type: integer
-
-The `collectd` `nic_tx` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_rx_dropped`
-|type: integer
-
-The `collectd` `nic_rx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_tx_dropped`
-|type: integer
-
-The `collectd` `nic_tx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_rx_errors`
-|type: integer
-
-The `collectd` `nic_rx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.host_nic_tx_errors`
-|type: integer
-
-The `collectd` `nic_tx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.host_storage`
-|type: integer
-
-The `collectd` storage type of `statsd` plug-in.
-
-| `collectd.statsd.host_swap`
-|type: integer
-
-The `collectd` swap type of `statsd` plug-in.
-
-| `collectd.statsd.host_vdsm`
-|type: integer
-
-The `collectd` VDSM type of `statsd` plug-in.
-
-| `collectd.statsd.host_vms`
-|type: integer
-
-The `collectd` VMS type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_tx_dropped`
-|type: integer
-
-The `collectd` `nic_tx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_rx_bytes`
-|type: integer
-
-The `collectd` `nic_rx_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_tx_bytes`
-|type: integer
-
-The `collectd` `nic_tx_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_min`
-|type: integer
-
-The `collectd` `balloon_min` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_max`
-|type: integer
-
-The `collectd` `balloon_max` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_target`
-|type: integer
-
-The `collectd` `balloon_target` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_balloon_cur`
-| type: integer
-
-The `collectd` `balloon_cur` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_cpu_sys`
-|type: integer
-
-The `collectd` `cpu_sys` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_cpu_usage`
-|type: integer
-
-The `collectd` `cpu_usage` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_ops`
-|type: integer
-
-The `collectd` `disk_read_ops` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_ops`
-|type: integer
-
-The `collectd` `disk_write_ops` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_flush_latency`
-|type: integer
-
-The `collectd` `disk_flush_latency` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_apparent_size`
-|type: integer
-
-The `collectd` `disk_apparent_size` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_bytes`
-|type: integer
-
-The `collectd` `disk_write_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_rate`
-|type: integer
-
-The `collectd` `disk_write_rate` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_true_size`
-|type: integer
-
-The `collectd` `disk_true_size` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_rate`
-|type: integer
-
-The `collectd` `disk_read_rate` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_write_latency`
-|type: integer
-
-The `collectd` `disk_write_latency` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_latency`
-|type: integer
-
-The `collectd` `disk_read_latency` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_disk_read_bytes`
-|type: integer
-
-The `collectd` `disk_read_bytes` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_rx_dropped`
-|type: integer
-
-The `collectd` `nic_rx_dropped` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_cpu_user`
-|type: integer
-
-The `collectd` `cpu_user` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_rx_errors`
-|type: integer
-
-The `collectd` `nic_rx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_tx_errors`
-|type: integer
-
-The `collectd` `nic_tx_errors` type of `statsd` plug-in.
-
-| `collectd.statsd.vm_nic_speed`
-|type: integer
-
-The `collectd` `nic_speed` type of `statsd` plug-in.
-|===
-
-[discrete]
-[id="exported-fields-collectd.postgresql_{context}"]
-=== `collectd.postgresql Fields`
-
-Corresponds to `collectd` `postgresql` plug-in.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `collectd.postgresql.pg_n_tup_g`
-|type: integer
-
-The `collectd` type `pg_n_tup_g` of plug-in postgresql.
-
-| `collectd.postgresql.pg_n_tup_c`
-|type: integer
-
-The `collectd` type `pg_n_tup_c` of plug-in postgresql.
-
-| `collectd.postgresql.pg_numbackends`
-|type: integer
-
-The `collectd` type `pg_numbackends` of plug-in postgresql.
-
-| `collectd.postgresql.pg_xact`
-|type: integer
-
-The `collectd` type `pg_xact` of plug-in postgresql.
-
-| `collectd.postgresql.pg_db_size`
-|type: integer
-
-The `collectd` type `pg_db_size` of plug-in postgresql.
-
-| `collectd.postgresql.pg_blks`
-|type: integer
-
-The `collectd` type `pg_blks` of plug-in postgresql.
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-docker.adoc b/_unused_topics/cluster-logging-exported-fields-docker.adoc
deleted file mode 100644
index 26d77f062ca0..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-docker.adoc
+++ /dev/null
@@ -1,89 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-container_{context}"]
-= Container exported fields
-
-These are the Docker fields exported by OpenShift Logging available for searching from Elasticsearch and Kibana.
-Namespace for docker container-specific metadata. The docker.container_id is the Docker container ID.
-
-
-[discrete]
-[id="pipeline_metadata.collector_{context}"]
-=== `pipeline_metadata.collector` Fields
-
-This section contains metadata specific to the collector.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `pipeline_metadata.collector.hostname`
-|FQDN of the collector. It might be different from the FQDN of the actual emitter
-of the logs.
-
-| `pipeline_metadata.collector.name`
-|Name of the collector.
-
-| `pipeline_metadata.collector.version`
-|Version of the collector.
-
-| `pipeline_metadata.collector.ipaddr4`
-|IP address v4 of the collector server, can be an array.
-
-| `pipeline_metadata.collector.ipaddr6`
-|IP address v6 of the collector server, can be an array.
-
-| `pipeline_metadata.collector.inputname`
-|How the log message was received by the collector whether it was TCP/UDP, or
-imjournal/imfile.
-
-| `pipeline_metadata.collector.received_at`
-|Time when the message was received by the collector.
-
-| `pipeline_metadata.collector.original_raw_message`
-|The original non-parsed log message, collected by the collector or as close to the
-source as possible.
-|===
-
-[discrete]
-[id="exported-fields-pipeline_metadata.normalizer_{context}"]
-=== `pipeline_metadata.normalizer` Fields
-
-This section contains metadata specific to the normalizer.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `pipeline_metadata.normalizer.hostname`
-|FQDN of the normalizer.
-
-| `pipeline_metadata.normalizer.name`
-|Name of the normalizer.
-
-| `pipeline_metadata.normalizer.version`
-|Version of the normalizer.
-
-| `pipeline_metadata.normalizer.ipaddr4`
-|IP address v4 of the normalizer server, can be an array.
-
-| `pipeline_metadata.normalizer.ipaddr6`
-|IP address v6 of the normalizer server, can be an array.
-
-| `pipeline_metadata.normalizer.inputname`
-|how the log message was received by the normalizer whether it was TCP/UDP.
-
-| `pipeline_metadata.normalizer.received_at`
-|Time when the message was received by the normalizer.
-
-| `pipeline_metadata.normalizer.original_raw_message`
-|The original non-parsed log message as it is received by the normalizer.
-
-| `pipeline_metadata.trace`
-|The field records the trace of the message. Each collector and normalizer appends
-information about itself and the date and time when the message was processed.
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-kubernetes.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-kubernetes.2021-06-04.adoc
deleted file mode 100644
index d40a3ddd446e..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-kubernetes.2021-06-04.adoc
+++ /dev/null
@@ -1,83 +0,0 @@
-[id="cluster-logging-exported-fields-kubernetes_{context}"]
-= Kubernetes
-
-The following fields can be present in the namespace for kubernetes-specific metadata.
-
-== kubernetes.pod_name
-
-The name of the pod
-
-[horizontal]
-Data type:: keyword
-
-
-== kubernetes.pod_id
-
-Kubernetes ID of the pod.
-
-[horizontal]
-Data type:: keyword
-
-
-== kubernetes.namespace_name
-
-The name of the namespace in Kubernetes.
-
-[horizontal]
-Data type:: keyword
-
-
-== kubernetes.namespace_id
-
-ID of the namespace in Kubernetes.
-
-[horizontal]
-Data type:: keyword
-
-
-== kubernetes.host
-
-Kubernetes node name
-
-[horizontal]
-Data type:: keyword
-
-
-== kubernetes.master_url
-
-Kubernetes Master URL
-
-[horizontal]
-Data type:: keyword
-
-
-== kubernetes.container_name
-
-The name of the container in Kubernetes.
-
-[horizontal]
-Data type:: text
-
-
-== kubernetes.annotations
-
-Annotations associated with the Kubernetes object
-
-[horizontal]
-Data type:: group
-
-
-== kubernetes.labels
-
-Labels attached to the Kubernetes object Each label name is a subfield of labels field. Each label name is de-dotted: dots in the name are replaced with underscores.
-
-[horizontal]
-Data type:: group
-
-
-== kubernetes.event
-
-The kubernetes event obtained from kubernetes master API The event is already JSON object and as whole nested under kubernetes field This description should loosely follow 'type Event' in https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#event-v1-core
-
-[horizontal]
-Data type:: group
diff --git a/_unused_topics/cluster-logging-exported-fields-ovirt.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-ovirt.2021-06-04.adoc
deleted file mode 100644
index 6c5dcd5b4470..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-ovirt.2021-06-04.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-ovirt_{context}"]
-= oVirt exported fields
-
-These are the oVirt fields exported by OpenShift Logging available for searching
-from Elasticsearch and Kibana.
-
-Namespace for oVirt metadata.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `ovirt.entity`
-|The type of the data source, hosts, VMS, and engine.
-
-| `ovirt.host_id`
-|The oVirt host UUID.
-|===
-
-[discrete]
-[id="exported-fields-ovirt.engine_{context}"]
-=== `ovirt.engine` Fields
-
-Namespace for metadata related to the {rh-virtualization-engine-name}. The FQDN of the {rh-virtualization-engine-name} is
-`ovirt.engine.fqdn`
diff --git a/_unused_topics/cluster-logging-exported-fields-rsyslog.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-rsyslog.2021-06-04.adoc
deleted file mode 100644
index fec43d97ad1a..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-rsyslog.2021-06-04.adoc
+++ /dev/null
@@ -1,34 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-rsyslog_{context}"]
-= `rsyslog` exported fields
-
-These are the `rsyslog` fields exported by the logging system and available for searching
-from Elasticsearch and Kibana.
-
-The following fields are RFC5424 based metadata.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `rsyslog.facility`
-|See `syslog` specification for more information on `rsyslog`.
-
-| `rsyslog.protocol-version`
-|This is the `rsyslog` protocol version.
-
-| `rsyslog.structured-data`
-|See `syslog` specification for more information on `syslog` structured-data.
-
-| `rsyslog.msgid`
-|This is the `syslog` msgid field.
-
-| `rsyslog.appname`
-|If `app-name` is the same as `programname`, then only fill top-level field `service`.
-If `app-name` is not equal to `programname`, this field will hold `app-name`.
-See syslog specifications for more information.
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-systemd.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-systemd.2021-06-04.adoc
deleted file mode 100644
index 19e1d6a4cdca..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-systemd.2021-06-04.adoc
+++ /dev/null
@@ -1,195 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-systemd_{context}"]
-= systemd exported fields
-
-These are the `systemd` fields exported by OpenShift Logging available for searching
-from Elasticsearch and Kibana.
-
-Contains common fields specific to `systemd` journal.
-link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html[Applications]
-can write their own fields to the journal. These will be available under the
-`systemd.u` namespace. `RESULT` and `UNIT` are two such fields.
-
-[discrete]
-[id="exported-fields-systemd.k_{context}"]
-=== `systemd.k` Fields
-
-The following table contains `systemd` kernel-specific metadata.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `systemd.k.KERNEL_DEVICE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_KERNEL_DEVICE=[`systemd.k.KERNEL_DEVICE`]
-is the kernel device name.
-
-| `systemd.k.KERNEL_SUBSYSTEM`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_KERNEL_SUBSYSTEM=[`systemd.k.KERNEL_SUBSYSTEM`]
-is the kernel subsystem name.
-
-| `systemd.k.UDEV_DEVLINK`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_UDEV_DEVLINK=[`systemd.k.UDEV_DEVLINK`]
-includes additional symlink names that point to the node.
-
-| `systemd.k.UDEV_DEVNODE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_UDEV_DEVNODE=[`systemd.k.UDEV_DEVNODE`]
-is the node path of the device.
-
-| `systemd.k.UDEV_SYSNAME`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_UDEV_SYSNAME=[ `systemd.k.UDEV_SYSNAME`]
-is the kernel device name.
-
-|===
-
-[discrete]
-[id="exported-fields-systemd.t_{context}"]
-=== `systemd.t` Fields
-
-`systemd.t Fields` are trusted journal fields, fields that are implicitly added
-by the journal, and cannot be altered by client code.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `systemd.t.AUDIT_LOGINUID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_AUDIT_SESSION=[`systemd.t.AUDIT_LOGINUID`]
-is the user ID for the journal entry process.
-
-| `systemd.t.BOOT_ID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_BOOT_ID=[`systemd.t.BOOT_ID`]
-is the kernel boot ID.
-
-| `systemd.t.AUDIT_SESSION`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_AUDIT_SESSION=[`systemd.t.AUDIT_SESSION`]
-is the session for the journal entry process.
-
-| `systemd.t.CAP_EFFECTIVE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_CAP_EFFECTIVE=[`systemd.t.CAP_EFFECTIVE`]
-represents the capabilities of the journal entry process.
-
-| `systemd.t.CMDLINE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_COMM=[`systemd.t.CMDLINE`]
-is the command line of the journal entry process.
-
-| `systemd.t.COMM`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_COMM=[`systemd.t.COMM`]
-is the name of the journal entry process.
-
-| `systemd.t.EXE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_COMM=[`systemd.t.EXE`]
-is the executable path of the journal entry process.
-
-| `systemd.t.GID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_PID=[`systemd.t.GID`]
-is the group ID for the journal entry process.
-
-| `systemd.t.HOSTNAME`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_HOSTNAME=[`systemd.t.HOSTNAME`]
-is the name of the host.
-
-| `systemd.t.MACHINE_ID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_MACHINE_ID=[`systemd.t.MACHINE_ID`]
-is the machine ID of the host.
-
-| `systemd.t.PID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_PID=[`systemd.t.PID`]
-is the process ID for the journal entry process.
-
-| `systemd.t.SELINUX_CONTEXT`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SELINUX_CONTEXT=[`systemd.t.SELINUX_CONTEXT`]
-is the security context, or label, for the journal entry process.
-
-| `systemd.t.SOURCE_REALTIME_TIMESTAMP`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SOURCE_REALTIME_TIMESTAMP=[`systemd.t.SOURCE_REALTIME_TIMESTAMP`]
-is the earliest and most reliable timestamp of the message. This is converted to RFC 3339 NS format.
-
-| `systemd.t.SYSTEMD_CGROUP`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SYSTEMD_CGROUP=[`systemd.t.SYSTEMD_CGROUP`]
-is the `systemd` control group path.
-
-| `systemd.t.SYSTEMD_OWNER_UID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SYSTEMD_CGROUP=[`systemd.t.SYSTEMD_OWNER_UID`]
-is the owner ID of the session.
-
-| `systemd.t.SYSTEMD_SESSION`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SYSTEMD_CGROUP=[`systemd.t.SYSTEMD_SESSION`],
-if applicable, is the `systemd` session ID.
-
-| `systemd.t.SYSTEMD_SLICE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SYSTEMD_CGROUP=[`systemd.t.SYSTEMD_SLICE`]
-is the slice unit of the journal entry process.
-
-| `systemd.t.SYSTEMD_UNIT`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SYSTEMD_CGROUP=[`systemd.t.SYSTEMD_UNIT`]
-is the unit name for a session.
-
-| `systemd.t.SYSTEMD_USER_UNIT`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_SYSTEMD_CGROUP=[`systemd.t.SYSTEMD_USER_UNIT`],
-if applicable, is the user unit name for a session.
-
-| `systemd.t.TRANSPORT`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_TRANSPORT=[`systemd.t.TRANSPORT`]
-is the method of entry by the journal service. This includes, `audit`, `driver`,
-`syslog`, `journal`, `stdout`, and `kernel`.
-
-| `systemd.t.UID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#_PID=[`systemd.t.UID`]
-is the user ID for the journal entry process.
-
-| `systemd.t.SYSLOG_FACILITY`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#SYSLOG_FACILITY=[`systemd.t.SYSLOG_FACILITY`]
-is the field containing the facility, formatted as a decimal string, for `syslog`.
-
-| `systemd.t.SYSLOG_IDENTIFIER`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#SYSLOG_FACILITY=[`systemd.t.systemd.t.SYSLOG_IDENTIFIER`]
-is the identifier for `syslog`.
-
-| `systemd.t.SYSLOG_PID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#SYSLOG_FACILITY=[`SYSLOG_PID`]
-is the client process ID for `syslog`.
-|===
-
-[discrete]
-[id="exported-fields-systemd.u_{context}"]
-=== `systemd.u` Fields
-
-`systemd.u Fields` are directly passed from clients and stored in the journal.
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `systemd.u.CODE_FILE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#CODE_FILE=[`systemd.u.CODE_FILE`]
-is the code location containing the filename of the source.
-
-| `systemd.u.CODE_FUNCTION`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#CODE_FILE=[`systemd.u.CODE_FUNCTION`]
-is the code location containing the function of the source.
-
-| `systemd.u.CODE_LINE`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#CODE_FILE=[`systemd.u.CODE_LINE`]
-is the code location containing the line number of the source.
-
-| `systemd.u.ERRNO`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#ERRNO=[`systemd.u.ERRNO`],
-if present, is the low-level error number formatted in numeric value, as a decimal string.
-
-| `systemd.u.MESSAGE_ID`
-|link:https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#MESSAGE_ID=[`systemd.u.MESSAGE_ID`]
-is the message identifier ID for recognizing message types.
-
-| `systemd.u.RESULT`
-|For private use only.
-
-| `systemd.u.UNIT`
-|For private use only.
-|===
diff --git a/_unused_topics/cluster-logging-exported-fields-tlog.2021-06-04.adoc b/_unused_topics/cluster-logging-exported-fields-tlog.2021-06-04.adoc
deleted file mode 100644
index 82724afc1591..000000000000
--- a/_unused_topics/cluster-logging-exported-fields-tlog.2021-06-04.adoc
+++ /dev/null
@@ -1,51 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-exported-fields.adoc
-
-[id="cluster-logging-exported-fields-tlog_{context}"]
-= Tlog exported fields
-
-These are the Tlog fields exported by the OpenShift Logging system and available for searching
-from Elasticsearch and Kibana.
-
-Tlog terminal I/O recording messages. For more information see
-link:https://github.com/Scribery/tlog[Tlog].
-
-[cols="3,7",options="header"]
-|===
-|Parameter
-|Description
-
-| `tlog.ver`
-|Message format version number.
-
-| `tlog.user`
-|Recorded user name.
-
-| `tlog.term`
-|Terminal type name.
-
-| `tlog.session`
-|Audit session ID of the recorded session.
-
-| `tlog.id`
-|ID of the message within the session.
-
-| `tlog.pos`
-|Message position in the session, milliseconds.
-
-| `tlog.timing`
-|Distribution of this message's events in time.
-
-| `tlog.in_txt`
-|Input text with invalid characters scrubbed.
-
-| `tlog.in_bin`
-|Scrubbed invalid input characters as bytes.
-
-| `tlog.out_txt`
-|Output text with invalid characters scrubbed.
-
-| `tlog.out_bin`
-|Scrubbed invalid output characters as bytes.
-|===
diff --git a/_unused_topics/cluster-logging-kibana-console-launch.adoc b/_unused_topics/cluster-logging-kibana-console-launch.adoc
deleted file mode 100644
index 44b23c483030..000000000000
--- a/_unused_topics/cluster-logging-kibana-console-launch.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-kibana-console.adoc
-// * logging/cluster-logging-visualizer.adoc
-
-[id="cluster-logging-kibana-visualize_{context}"]
-= Launching the Kibana interface
-
-The Kibana interface is a browser-based console
-to query, discover, and visualize your Elasticsearch data through histograms, line graphs,
-pie charts, heat maps, built-in geospatial support, and other visualizations.
-
-.Procedure
-
-To launch the Kibana interface:
-
-. In the {product-title} console, click *Observe* -> *Logging*.
-
-. Log in using the same credentials you use to log in to the {product-title} console.
-+
-The Kibana interface launches. You can now:
-+
-* Search and browse your data using the Discover page.
-* Chart and map your data using the Visualize page.
-* Create and view custom dashboards using the Dashboard page.
-+
-Use and configuration of the Kibana interface is beyond the scope of this documentation. For more information,
-on using the interface, see the link:https://www.elastic.co/guide/en/kibana/5.6/connect-to-elasticsearch.html[Kibana documentation].
diff --git a/_unused_topics/cluster-logging-log-forwarding-disable.adoc b/_unused_topics/cluster-logging-log-forwarding-disable.adoc
deleted file mode 100644
index 680ea9b95686..000000000000
--- a/_unused_topics/cluster-logging-log-forwarding-disable.adoc
+++ /dev/null
@@ -1,47 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-external.adoc
-
-[id="cluster-logging-log-forwarding-disable_{context}"]
-= Disabling the Log Forwarding feature
-
-To disable the Log Forwarding feature, remove the `clusterlogging.openshift.io/logforwardingtechpreview:enabled` parameter from the Cluster Logging custom resource (CR) and delete the `ClusterLogForwarder` CR. The container and node logs will be forwarded to the internal {product-title} Elasticsearch instance.
-
-[IMPORTANT]
-====
-You cannot disable Log Forwarding by setting the `disableDefaultForwarding` to `false` in the `ClusterLogForwarder` CR. This prevents OpenShift Logging from sending logs to the specified endpoints *and* to default internal {product-title} Elasticsearch instance. 
-====
-
-.Procedure
-
-To disable the Log Forwarding feature:
-
-. Edit the OpenShift Logging CR in the `openshift-logging` project:
-+
-[source,terminal]
-----
-$ oc edit ClusterLogging instance
-----
-
-. Remove the `clusterlogging.openshift.io/logforwardingtechpreview` annotation:
-+
-[source,yaml]
-----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
-metadata:
-  annotations:
-    clusterlogging.openshift.io/logforwardingtechpreview: enabled <1>
-  name: "instance"
-  namespace: "openshift-logging"
-...
-----
-<1> Remove this annotation.
-
-. Delete the `ClusterLogForwarder` CR:
-+
-[source,terminal]
-----
-$ oc delete LogForwarding instance -n openshift-logging 
-----
-
diff --git a/_unused_topics/cluster-logging-uninstall-cluster-ops.adoc b/_unused_topics/cluster-logging-uninstall-cluster-ops.adoc
deleted file mode 100644
index ec4c0d37eac0..000000000000
--- a/_unused_topics/cluster-logging-uninstall-cluster-ops.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-uninstall.adoc
-
-[id="cluster-logging-uninstall-ops_{context}"]
-= Uninstall the infra cluster
-
-You can uninstall the infra cluster from OpenShift Logging. 
-After uninstalling, Fluentd no longer splits logs.
-
-.Procedure
-
-To uninstall the infra cluster:
-
-.
-
-.
-
-.
diff --git a/_unused_topics/completing-installation.adoc b/_unused_topics/completing-installation.adoc
index 911997c61e1a..a3d3235f7312 100644
--- a/_unused_topics/completing-installation.adoc
+++ b/_unused_topics/completing-installation.adoc
@@ -12,14 +12,14 @@ INFO Install complete!                                
 
 INFO Run 'export KUBECONFIG=/home/joe/ocp/auth/kubeconfig' to manage the cluster with 'oc', the {product-title} CLI.
 
-INFO The cluster is ready when 'oc login -u kubeadmin -p 39RPg-y4c7V-n4bbn-vAF3M' succeeds (wait a few minutes).
+INFO The cluster is ready when 'oc login -u kubeadmin -p <password>' succeeds (wait a few minutes).
 
 INFO Access the {product-title} web-console here: https://console-openshift-console.apps.mycluster.devel.example.com
 
-INFO Login to the console with user: kubeadmin, password: 39RPg-y4c7V-n4bbn-vAF3M
+INFO Login to the console with user: kubeadmin, password: "password"
 ----
 
-To access the {product-title} cluster from your web browser, log in as kubeadmin with the password (for example, 39RPg-y4c7V-n4bbn-vAF3M), using the URL shown:
+To access the {product-title} cluster from your web browser, log in as kubeadmin with the password, using the URL shown:
 
      https://console-openshift-console.apps.mycluster.devel.example.com
 
@@ -27,7 +27,7 @@ To access the {product-title} cluster from the command line, identify the locati
 ----
 $ export KUBECONFIG=/home/joe/ocp/auth/kubeconfig
 
-$ oc login -u kubeadmin -p 39RPg-y4c7V-n4bbn-vAF3M
+$ oc login -u kubeadmin -p <password>
 ----
 
 At this point, you can begin using the {product-title} cluster. To understand the management of your {product-title} cluster going forward, you should explore the {product-title} control plane.
diff --git a/distr_tracing/distr_tracing_config/_attributes b/_unused_topics/container_storage_interface_microshift/_attributes
similarity index 100%
rename from distr_tracing/distr_tracing_config/_attributes
rename to _unused_topics/container_storage_interface_microshift/_attributes
diff --git a/microshift_storage/container_storage_interface_microshift/images b/_unused_topics/container_storage_interface_microshift/images
similarity index 100%
rename from microshift_storage/container_storage_interface_microshift/images
rename to _unused_topics/container_storage_interface_microshift/images
diff --git a/microshift_storage/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc b/_unused_topics/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
similarity index 96%
rename from microshift_storage/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
rename to _unused_topics/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
index a30265734821..4275a8ecbbdd 100644
--- a/microshift_storage/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
+++ b/_unused_topics/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-microshift"]
 = Configuring CSI volumes for {product-title}
 include::_attributes/attributes-microshift.adoc[]
diff --git a/logging/v5_5/modules b/_unused_topics/container_storage_interface_microshift/modules
similarity index 100%
rename from logging/v5_5/modules
rename to _unused_topics/container_storage_interface_microshift/modules
diff --git a/microshift_storage/container_storage_interface_microshift/snippets b/_unused_topics/container_storage_interface_microshift/snippets
similarity index 100%
rename from microshift_storage/container_storage_interface_microshift/snippets
rename to _unused_topics/container_storage_interface_microshift/snippets
diff --git a/_unused_topics/distr-tracing-deploy-otel-collector.adoc b/_unused_topics/distr-tracing-deploy-otel-collector.adoc
deleted file mode 100644
index d628b2501f73..000000000000
--- a/_unused_topics/distr-tracing-deploy-otel-collector.adoc
+++ /dev/null
@@ -1,128 +0,0 @@
-////
-This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying.adoc
-////
-
-:_content-type: PROCEDURE
-[id="distr-tracing-deploy-otel-collector_{context}"]
-= Deploying distributed tracing data collection
-
-The custom resource definition (CRD) defines the configuration used when you deploy an instance of {OTELName}.
-
-.Prerequisites
-
-* The {OTELName} Operator has been installed.
-//* You have reviewed the instructions for how to customize the deployment.
-* You have access to the cluster as a user with the `cluster-admin` role.
-
-.Procedure
-
-. Log in to the OpenShift web console as a user with the `cluster-admin` role.
-
-. Create a new project, for example `tracing-system`.
-+
-[NOTE]
-====
-If you are installing distributed tracing as part of Service Mesh, the {DTShortName} resources must be installed in the same namespace as the `ServiceMeshControlPlane` resource, for example `istio-system`.
-====
-+
-.. Navigate to *Home* -> *Projects*.
-
-.. Click *Create Project*.
-
-.. Enter `tracing-system` in the *Name* field.
-
-.. Click *Create*.
-
-. Navigate to *Operators* -> *Installed Operators*.
-
-. If necessary, select `tracing-system` from the *Project* menu. You might have to wait a few moments for the Operators to be copied to the new project.
-
-. Click the *{OTELName} Operator*. On the *Details* tab, under *Provided APIs*, the Operator provides a single link.
-
-. Under *OpenTelemetryCollector*, click *Create Instance*.
-
-. On the *Create OpenTelemetry Collector* page, to install using the defaults, click *Create* to create the {OTELShortName} instance.
-
-. On the *OpenTelemetryCollectors* page, click the name of the {OTELShortName} instance, for example, `opentelemetrycollector-sample`.
-
-. On the *Details* page, click the *Resources* tab. Wait until the pod has a status of "Running" before continuing.
-
-[id="distr-tracing-deploy-otel-collector-cli_{context}"]
-= Deploying {OTELShortName} from the CLI
-
-Follow this procedure to create an instance of {OTELShortName} from the command line.
-
-.Prerequisites
-
-* The {OTELName} Operator has been installed and verified.
-+
-//* You have reviewed the instructions for how to customize the deployment.
-+
-* You have access to the OpenShift CLI (`oc`) that matches your {product-title} version.
-* You have access to the cluster as a user with the `cluster-admin` role.
-
-.Procedure
-
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role.
-+
-[source,terminal]
-----
-$ oc login https://<HOSTNAME>:8443
-----
-
-. Create a new project named `tracing-system`.
-+
-[source,terminal]
-----
-$ oc new-project tracing-system
-----
-
-. Create a custom resource file named `jopentelemetrycollector-sample.yaml` that contains the following text:
-+
-.Example opentelemetrycollector.yaml
-[source,yaml]
-----
-  apiVersion: opentelemetry.io/v1alpha1
-  kind: OpenTelemetryCollector
-  metadata:
-    name: opentelemetrycollector-sample
-    namespace: openshift-operators
-  spec:
-    image: >-
-      registry.redhat.io/rhosdt/opentelemetry-collector-rhel8@sha256:61934ea5793c55900d09893e8f8b1f2dbd2e712faba8e97684e744691b29f25e
-    config: |
-      receivers:
-        jaeger:
-          protocols:
-            grpc:
-      exporters:
-        logging:
-      service:
-        pipelines:
-          traces:
-            receivers: [jaeger]
-            exporters: [logging]
-----
-
-. Run the following command to deploy {JaegerShortName}:
-+
-[source,terminal]
-----
-$ oc create -n tracing-system -f opentelemetrycollector.yaml
-----
-
-. Run the following command to watch the progress of the pods during the installation process:
-+
-[source,terminal]
-----
-$ oc get pods -n tracing-system -w
-----
-+
-After the installation process has completed, you should see output similar to the following example:
-+
-[source,terminal]
-----
-NAME                                         READY   STATUS    RESTARTS   AGE
-opentelemetrycollector-cdff7897b-qhfdx       2/2     Running   0          24s
-----
diff --git a/installing/installing_azure/manually-creating-iam-azure.adoc b/_unused_topics/manually-creating-iam-azure.adoc
similarity index 86%
rename from installing/installing_azure/manually-creating-iam-azure.adoc
rename to _unused_topics/manually-creating-iam-azure.adoc
index 879beea678f3..fe736063c6b3 100644
--- a/installing/installing_azure/manually-creating-iam-azure.adoc
+++ b/_unused_topics/manually-creating-iam-azure.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="manually-creating-iam-azure"]
-= Manually creating IAM for Azure
+= Manually creating long-term credentials for Azure
 include::_attributes/common-attributes.adoc[]
 :context: manually-creating-iam-azure
 
@@ -18,7 +18,7 @@ include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
 
 [id="manually-creating-iam-azure-next-steps"]
 == Next steps
diff --git a/installing/installing_gcp/manually-creating-iam-gcp.adoc b/_unused_topics/manually-creating-iam-gcp.adoc
similarity index 91%
rename from installing/installing_gcp/manually-creating-iam-gcp.adoc
rename to _unused_topics/manually-creating-iam-gcp.adoc
index de4865932e9c..2d315023f0fc 100644
--- a/installing/installing_gcp/manually-creating-iam-gcp.adoc
+++ b/_unused_topics/manually-creating-iam-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="manually-creating-iam-gcp"]
 = Manually creating IAM for GCP
 include::_attributes/common-attributes.adoc[]
@@ -22,7 +22,7 @@ include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
 
 include::modules/mint-mode.adoc[leveloffset=+1]
 
diff --git a/installing/installing_aws/manually-creating-iam.adoc b/_unused_topics/manually-creating-iam.adoc
similarity index 92%
rename from installing/installing_aws/manually-creating-iam.adoc
rename to _unused_topics/manually-creating-iam.adoc
index 11eaf4d626dc..03690cb0214d 100644
--- a/installing/installing_aws/manually-creating-iam.adoc
+++ b/_unused_topics/manually-creating-iam.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="manually-creating-iam-aws"]
 = Manually creating IAM for AWS
 include::_attributes/common-attributes.adoc[]
@@ -27,7 +27,7 @@ include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
 
 include::modules/mint-mode.adoc[leveloffset=+1]
 
diff --git a/_unused_topics/microshift-adding-containers-to-blueprint.adoc b/_unused_topics/microshift-adding-containers-to-blueprint.adoc
index d4eb48d33d08..bb4e24116315 100644
--- a/_unused_topics/microshift-adding-containers-to-blueprint.adoc
+++ b/_unused_topics/microshift-adding-containers-to-blueprint.adoc
@@ -2,7 +2,7 @@
 //
 // microshift/microshift-embed-into-rpm-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-microshift-container-images_{context}"]
 = Adding the {product-title} container images
 
@@ -51,7 +51,7 @@ $ rpm2cpio microshift-release-info-${VERSION}.noarch.rpm | cpio -idmv
 +
 [source,terminal]
 ----
-$ jq -r '.images | .[] | ("[[containers]]\nsource = \"" + . + "\"\n")' ./usr/share/microshift/release/release-$(uname -i).json
+$ jq -r '.images | .[] | ("[[containers]]\nsource = \"" + . + "\"\n")' ./usr/share/microshift/release/release-$(uname -m).json
 ----
 +
 .Brief output sample
diff --git a/_unused_topics/microshift-man-config-ovs-bridge.adoc b/_unused_topics/microshift-man-config-ovs-bridge.adoc
index bf6226f997ae..5cd9ef845376 100644
--- a/_unused_topics/microshift-man-config-ovs-bridge.adoc
+++ b/_unused_topics/microshift-man-config-ovs-bridge.adoc
@@ -7,31 +7,31 @@
 
 //* Initiate OVS:
 //+
-//[source, terminal]
+//[source,terminal]
 //----
 //$ sudo systemctl enable openvswitch --now
 //----
 //* Add the network bridge:
 //+
-//[source, terminal]
+//[source,terminal]
 //----
 //$ sudo ovs-vsctl add-br br-ex
 //----
 //* Add the interface to the network bridge:
 //+
-//[source, terminal]
+//[source,terminal]
 //----
 //$ sudo ovs-vsctl add-port br-ex <physical-interface-name>
 //----
 //The `<physical-interface-name>` is the network interface name where the node IP address is assigned.
 //* Get the bridge up and running:
 //+
-//[source, terminal]
+//[source,terminal]
 //----
 //$ sudo ip link set br-ex up
 //----
 //* After `br-ex up` is running, assign the node IP address to `br-ex` bridge:
-//[source, terminal]
+//[source,terminal]
 //----
 //$ sudo ...
 //----
diff --git a/_unused_topics/microshift-nodeport-unreachable-workaround.adoc b/_unused_topics/microshift-nodeport-unreachable-workaround.adoc
index 4bef2a62fce3..39fc6c0db6f4 100644
--- a/_unused_topics/microshift-nodeport-unreachable-workaround.adoc
+++ b/_unused_topics/microshift-nodeport-unreachable-workaround.adoc
@@ -2,7 +2,7 @@
 //
 // * module may be unused in 4.13
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-nodeport-unreachable-workaround_{context}"]
 = Manually restarting the `ovnkube-master` pod to resume node port traffic
 
@@ -21,21 +21,21 @@ Run the commands listed in each step that follows to restore the `NodePort` serv
 
 . Find the name of the ovn-master pod that you want to restart by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ pod=$(oc get pods -n openshift-ovn-kubernetes | grep ovnkube-master | awk -F " " '{print $1}')
 ----
 
 . Force a restart of the of the ovnkube-master pod by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ovn-kubernetes delete pod $pod
 ----
 
 . Optional: To confirm that the ovnkube-master pod restarted, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n openshift-ovn-kubernetes
 ----
diff --git a/modules/mint-mode-with-removal-of-admin-credential.adoc b/_unused_topics/mint-mode-with-removal-of-admin-credential.adoc
similarity index 100%
rename from modules/mint-mode-with-removal-of-admin-credential.adoc
rename to _unused_topics/mint-mode-with-removal-of-admin-credential.adoc
diff --git a/modules/mint-mode.adoc b/_unused_topics/mint-mode.adoc
similarity index 96%
rename from modules/mint-mode.adoc
rename to _unused_topics/mint-mode.adoc
index 336407749062..fbcc9675fd92 100644
--- a/modules/mint-mode.adoc
+++ b/_unused_topics/mint-mode.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/manually-creating-iam.adoc
 // * installing/installing_gcp/manually-creating-iam-gcp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="mint-mode_{context}"]
 = Mint mode
 
diff --git a/_unused_topics/nodes-containers-using-about.adoc b/_unused_topics/nodes-containers-using-about.adoc
index 0213c6acecc1..2f25d0cc342d 100644
--- a/_unused_topics/nodes-containers-using-about.adoc
+++ b/_unused_topics/nodes-containers-using-about.adoc
@@ -6,7 +6,7 @@
 = Understanding Containers 
 
 The basic units of {product-title} applications are called _containers_.
-link:https://access.redhat.com/articles/1353593[Linux container technologies]
+link:https://www.redhat.com/en/topics/containers#overview[Linux container technologies]
 are lightweight mechanisms for isolating running processes so that they are
 limited to interacting with only their designated resources.
 
diff --git a/_unused_topics/osdk-updating-projects.adoc b/_unused_topics/osdk-updating-projects.adoc
index ee2cf2600ae0..ce6dc366fc2a 100644
--- a/_unused_topics/osdk-updating-projects.adoc
+++ b/_unused_topics/osdk-updating-projects.adoc
@@ -25,7 +25,7 @@ endif::[]
 :osdk_ver: v1.25.0
 :osdk_ver_n1: v1.22.0
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-upgrading-projects_{context}"]
 = Updating {type}-based Operator projects for Operator SDK {osdk_ver}
 
diff --git a/_unused_topics/osdk-updating-v1101-to-v1160.adoc b/_unused_topics/osdk-updating-v1101-to-v1160.adoc
index 11450144ef89..61484e0e9430 100644
--- a/_unused_topics/osdk-updating-v1101-to-v1160.adoc
+++ b/_unused_topics/osdk-updating-v1101-to-v1160.adoc
@@ -5,7 +5,7 @@
 :osdk_ver: v1.16.0
 :osdk_ver_n1: v1.10.1
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-upgrading-v1101-to-v1160_{context}"]
 = Updating projects for Operator SDK {osdk_ver}
 
diff --git a/modules/osdk-updating-v125-to-v128.adoc b/_unused_topics/osdk-updating-v125-to-v128.adoc
similarity index 93%
rename from modules/osdk-updating-v125-to-v128.adoc
rename to _unused_topics/osdk-updating-v125-to-v128.adoc
index 66d354173470..1ee8e317e20e 100644
--- a/modules/osdk-updating-v125-to-v128.adoc
+++ b/_unused_topics/osdk-updating-v125-to-v128.adoc
@@ -27,7 +27,7 @@ ifeval::["{context}" == "osdk-java-updating-projects"]
 :type: Java
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-upgrading-projects_{context}"]
 = Updating {type}-based Operator projects for Operator SDK {osdk_ver}
 
@@ -41,10 +41,10 @@ The following procedure updates an existing {type}-based Operator project for co
 .Procedure
 
 ifdef::helm,hybrid,java[]
-* Find the `ose-kube-rbac-proxy` pull spec in the following files, and update the image tag to `v4.13`:
+* Find the `ose-kube-rbac-proxy` pull spec in the following files, and update the image tag to `v4.14`:
 endif::[]
 ifdef::ansible,golang[]
-. Find the `ose-kube-rbac-proxy` pull spec in the following files, and update the image tag to `v4.13`:
+. Find the `ose-kube-rbac-proxy` pull spec in the following files, and update the image tag to `v4.14`:
 endif::[]
 +
 --
@@ -57,10 +57,10 @@ endif::[]
 …
       containers:
       - name: kube-rbac-proxy
-        image: registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.13 <1>
+        image: registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.14 <1>
 …
 ----
-<1> Update the tag version from `v4.12` to `v4.13`.
+<1> Update the tag version from `v4.13` to `v4.14`.
 
 ifdef::ansible[]
 . Update your Makefile's `run` target to the following:
@@ -115,7 +115,7 @@ $ go mod tidy
 
 . Modify your Makefile with the following changes:
 
-.. Change the `ENVTEST_K8S_VERSION` field from `1.25` to `1.26`.
+.. Change the `ENVTEST_K8S_VERSION` field from `1.26` to `1.27`.
 .. Change the `build` target from `generate fmt vet` to `manifests generate fmt vet`:
 +
 [source,diff]
diff --git a/_unused_topics/osdk-upgrading-v180-to-v1101.adoc b/_unused_topics/osdk-upgrading-v180-to-v1101.adoc
index 91a7d73f2957..89e8643443de 100644
--- a/_unused_topics/osdk-upgrading-v180-to-v1101.adoc
+++ b/_unused_topics/osdk-upgrading-v180-to-v1101.adoc
@@ -5,7 +5,7 @@
 :osdk_ver: v1.10.1
 :osdk_ver_n1: v1.8.0
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-upgrading-v180-to-v1101_{context}"]
 = Upgrading projects for Operator SDK {osdk_ver}
 
diff --git a/modules/rosa-aws-understand.adoc b/_unused_topics/rosa-aws-understand.adoc
similarity index 94%
rename from modules/rosa-aws-understand.adoc
rename to _unused_topics/rosa-aws-understand.adoc
index e2c3a5270edb..851979c5507b 100644
--- a/modules/rosa-aws-understand.adoc
+++ b/_unused_topics/rosa-aws-understand.adoc
@@ -10,3 +10,5 @@ To deploy {product-title} (ROSA) into your existing Amazon Web Services (AWS) ac
 Red Hat recommends the use of AWS Organizations to manage multiple AWS accounts. The AWS Organizations, managed by the customer, host multiple AWS accounts. There is a root account in the organization that all accounts will refer to in the account hierarchy.
 
 It is a best practice for the ROSA cluster to be hosted in an AWS account within an AWS Organizational Unit. A service control policy (SCP) is created and applied to the AWS Organizational Unit that manages what services the AWS sub-accounts are permitted to access. The SCP applies only to available permissions within a single AWS account for all AWS sub-accounts within the Organizational Unit. It is also possible to apply a SCP to a single AWS account. All other accounts in the customer’s AWS Organizations are managed in whatever manner the customer requires. Red Hat Site Reliability Engineers (SRE) will not have any control over SCPs within AWS Organizations.
+
+//2023-09-22: this module is not applicable to the prerequisites content. 
\ No newline at end of file
diff --git a/_unused_topics/serverless-rn-template-module.adoc b/_unused_topics/serverless-rn-template-module.adoc
index 2b373d05d109..4c8ff63b2eda 100644
--- a/_unused_topics/serverless-rn-template-module.adoc
+++ b/_unused_topics/serverless-rn-template-module.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-<version>_{context}"]
 = Release notes for Red Hat {ServerlessProductName} <version>
 // add a version, e.g. 1.20.0
diff --git a/modules/sts-mode-installing-manual-config.adoc b/_unused_topics/sts-mode-installing-manual-config.adoc
similarity index 100%
rename from modules/sts-mode-installing-manual-config.adoc
rename to _unused_topics/sts-mode-installing-manual-config.adoc
diff --git a/modules/sts-mode-installing-verifying.adoc b/_unused_topics/sts-mode-installing-verifying.adoc
similarity index 100%
rename from modules/sts-mode-installing-verifying.adoc
rename to _unused_topics/sts-mode-installing-verifying.adoc
diff --git a/_unused_topics/virt-creating-data-volumes-using-storage-api.adoc b/_unused_topics/virt-creating-data-volumes-using-storage-api.adoc
new file mode 100644
index 000000000000..b386a6828065
--- /dev/null
+++ b/_unused_topics/virt-creating-data-volumes-using-storage-api.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * virt/storage/virt-creating-data-volumes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-data-volumes-using-storage-api_{context}"]
+= Creating data volumes by using the storage API
+
+When you create a data volume by using the storage API, the Containerized Data Interface (CDI) optimizes your persistent volume claim (PVC) allocation based on the type of storage supported by your selected storage class. You only have to specify the data volume name, namespace, and the amount of storage that you want to allocate.
+
+For example:
+
+* When using Ceph RBD, `accessModes` is automatically set to `ReadWriteMany`, which enables live migration. `volumeMode` is set to `Block` to maximize performance.
+* When you are using `volumeMode: Filesystem`, more space will automatically be requested by CDI, if required to accommodate file system overhead.
+
+In the following YAML, using the storage API requests a data volume with two gigabytes of usable space. The user does not need to know the `volumeMode` in order to correctly estimate the required persistent volume claim (PVC) size. CDI chooses the optimal combination of `accessModes` and `volumeMode` attributes automatically.  These optimal values are based on the type of storage or the defaults that you define in your storage profile. If you want to provide custom values, they override the system-calculated values.
+
+.Procedure
+
+. Create a YAML file for a `DataVolume` object as shown in the following example:
++
+[source,yaml]
+----
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+  name: <datavolume> <1>
+spec:
+  source:
+    pvc:
+      name: "<my_vm_disk>" <2>
+      namespace: "<source_namespace>" <3>
+  storage:
+    storageClassName: <storage_class> <4>
+----
+<1> Specify the name of the new data volume.
+<2> Specify the namespace of the source PVC.
+<3> Specify the name of the source PVC.
+<4> Optional: If the storage class is not specified, the default storage class is used.
+
+. Create the data volume by running the following command:
++
+[source,terminal]
+----
+$ oc create -f <datavolume>.yaml
+----
\ No newline at end of file
diff --git a/adding_service_cluster/adding-service.adoc b/adding_service_cluster/adding-service.adoc
index bceea84dd308..b5684aa30682 100644
--- a/adding_service_cluster/adding-service.adoc
+++ b/adding_service_cluster/adding-service.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="adding-service"]
 = Adding services to a cluster using {cluster-manager-first} console
@@ -6,9 +6,9 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-You can add, access, and remove add-on services for your {product-title} 
+You can add, access, and remove add-on services for your {product-title}
 ifdef::openshift-rosa[]
-(ROSA) 
+(ROSA)
 endif::openshift-rosa[]
 cluster by using {cluster-manager-first}.
 
@@ -25,5 +25,5 @@ include::modules/deleting-service.adoc[leveloffset=+1]
 ifdef::openshift-rosa[]
 [role="_additional-resources"]
 == Additional resources
-* For information about the `cluster-logging-operator` and the AWS CloudWatch log forwarding service, see xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-cloudwatch_cluster-logging-external[Forwarding logs to Amazon CloudWatch]
+* xref:../logging/log_collection_forwarding/configuring-log-forwarding.adoc#cluster-logging-collector-log-forward-cloudwatch_configuring-log-forwarding[Forwarding logs to Amazon CloudWatch]
 endif::[]
diff --git a/adding_service_cluster/available-services.adoc b/adding_service_cluster/available-services.adoc
index e1404beb62ea..382b72492a2d 100644
--- a/adding_service_cluster/available-services.adoc
+++ b/adding_service_cluster/available-services.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="available-services"]
 = Add-on services available for {product-title}
diff --git a/adding_service_cluster/rosa-available-services.adoc b/adding_service_cluster/rosa-available-services.adoc
index bc7325278d6f..feec8febc42b 100644
--- a/adding_service_cluster/rosa-available-services.adoc
+++ b/adding_service_cluster/rosa-available-services.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-available-services"]
 = Add-on services available for {product-title}
@@ -7,7 +7,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 You can add services to your existing {product-title} (ROSA) cluster using the xref:../adding_service_cluster/adding-service.adoc#adding-service[{cluster-manager-first} console].
 
-These services can also be installed xref:../rosa_cli/rosa-manage-objects-cli.adoc#rosa-managing-objects-cli[using the ROSA CLI (`rosa`)].
+These services can also be installed xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-managing-objects-cli[using the `rosa` CLI].
 
 
 include::modules/aws-cloudwatch.adoc[leveloffset=+1]
@@ -16,7 +16,7 @@ include::modules/aws-cloudwatch.adoc[leveloffset=+1]
 .Additional resources
 
 * link:https://aws.amazon.com/cloudwatch/[Amazon CloudWatch product information]
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-cloudwatch_cluster-logging-external[Forwarding logs to Amazon CloudWatch]
+* xref:../logging/log_collection_forwarding/configuring-log-forwarding.adoc#cluster-logging-collector-log-forward-cloudwatch_configuring-log-forwarding[Forwarding logs to Amazon CloudWatch]
 
 include::modules/osd-rhoam.adoc[leveloffset=+1]
 
diff --git a/api-config.yaml b/api-config.yaml
index 56fa5e8d8319..5c253f8c9d5f 100644
--- a/api-config.yaml
+++ b/api-config.yaml
@@ -22,6 +22,9 @@ apiMap:
   - kind: SubjectRulesReview
     group: authorization.openshift.io
     version: v1
+  - kind: SelfSubjectReview
+    group: authentication.k8s.io
+    version: v1
   - kind: TokenRequest
     group: authentication.k8s.io
     version: v1
@@ -145,6 +148,9 @@ apiMap:
   - kind: ConsoleQuickStart
     group: console.openshift.io
     version: v1
+  - kind: ConsoleSample
+    group: console.openshift.io
+    version: v1
   - kind: ConsoleYAMLSample
     group: console.openshift.io
     version: v1
@@ -208,10 +214,13 @@ apiMap:
   - kind: KubeletConfig
     group: machineconfiguration.openshift.io
     version: v1
-  - kind: MachineConfigPool
+  - kind: MachineConfig
     group: machineconfiguration.openshift.io
     version: v1
-  - kind: MachineConfig
+  - kind: MachineConfigNode
+    group: machineconfiguration.openshift.io
+    version: v1alpha1
+  - kind: MachineConfigPool
     group: machineconfiguration.openshift.io
     version: v1
   - kind: MachineHealthCheck
@@ -255,6 +264,12 @@ apiMap:
   - kind: AlertmanagerConfig
     group: monitoring.coreos.com
     version: v1beta1
+  - kind: AlertRelabelConfig
+    group: monitoring.openshift.io
+    version: v1
+  - kind: AlertingRule
+    group: monitoring.openshift.io
+    version: v1
   - kind: PodMonitor
     group: monitoring.coreos.com
     version: v1
@@ -279,6 +294,9 @@ apiMap:
 #  - kind: ClusterNetwork
 #    group: network.openshift.io
 #    version: v1
+  - kind: AdminPolicyBasedExternalRoute
+    group: k8s.ovn.org
+    version: v1
   - kind: CloudPrivateIPConfig
     group: cloud.network.openshift.io
     version: v1
@@ -291,6 +309,9 @@ apiMap:
   - kind: EgressQoS
     group: k8s.ovn.org
     version: v1
+  - kind: EgressService
+    group: k8s.ovn.org
+    version: v1
   - kind: Endpoints
     version: v1
   - kind: EndpointSlice
@@ -435,6 +456,9 @@ apiMap:
   - kind: KubeStorageVersionMigrator
     group: operator.openshift.io
     version: v1
+  - kind: MachineConfiguration
+    group: operator.openshift.io
+    version: v1
   - kind: Network
     group: operator.openshift.io
     version: v1
@@ -574,7 +598,7 @@ apiMap:
     version: v1
   - kind: FlowSchema
     group: flowcontrol.apiserver.k8s.io
-    version: v1beta1
+    version: v1beta3
   - kind: LimitRange
     version: v1
   - kind: PriorityClass
@@ -582,7 +606,7 @@ apiMap:
     version: v1
   - kind: PriorityLevelConfiguration
     group: flowcontrol.apiserver.k8s.io
-    version: v1beta1
+    version: v1beta3
   - kind: ResourceQuota
     version: v1
 - name: Security APIs
diff --git a/applications/application-health.adoc b/applications/application-health.adoc
index de694b2f8e2c..2df7f7029049 100644
--- a/applications/application-health.adoc
+++ b/applications/application-health.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: application-health
 [id="application-health"]
 = Monitoring application health by using health checks
diff --git a/applications/config-maps.adoc b/applications/config-maps.adoc
index 39f675a19c14..8d86092a9062 100644
--- a/applications/config-maps.adoc
+++ b/applications/config-maps.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="config-maps"]
 = Using config maps with applications
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc b/applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
index 3a22f233cb3d..850f5c9d7be8 100644
--- a/applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
+++ b/applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="binding-workloads-using-sbo"]
 = Binding workloads using Service Binding Operator
 include::_attributes/common-attributes.adoc[]
@@ -47,5 +47,5 @@ include::modules/sbo-unbinding-workloads-from-a-backing-service.adoc[leveloffset
 * xref:../../applications/connecting_applications_to_services/understanding-service-binding-operator.adoc#binding-a-workload-together-with-a-backing-service_understanding-service-binding-operator[Binding a workload together with a backing service].
 * xref:../../applications/connecting_applications_to_services/getting-started-with-service-binding.adoc#connecting-the-spring-petclinic-sample-application-to-the-postgresql-database-service[Connecting the Spring PetClinic sample application to the PostgreSQL database service].
 * xref:../../operators/understanding/crds/crd-managing-resources-from-crds.adoc#crd-creating-custom-resources-from-file_crd-managing-resources-from-crds[Creating custom resources from a file]
-* link:https://redhat-developer.github.io/service-binding-operator/userguide/binding-workloads-using-sbo/custom-path-injection.html#_workload_resource_mapping[Example schema of the ClusterWorkloadResourceMapping resource]. 
+* link:https://redhat-developer.github.io/service-binding-operator/userguide/binding-workloads-using-sbo/custom-path-injection.html#_workload_resource_mapping[Example schema of the ClusterWorkloadResourceMapping resource].
 
diff --git a/applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc b/applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
index 50c305d5f699..c323c805a63c 100644
--- a/applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
+++ b/applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="exposing-binding-data-from-a-service"]
 = Exposing binding data from a service
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/connecting_applications_to_services/getting-started-with-service-binding-ibm-power-ibm-z.adoc b/applications/connecting_applications_to_services/getting-started-with-service-binding-ibm-power-ibm-z.adoc
index 001b8a622b0e..bd200f551a1d 100644
--- a/applications/connecting_applications_to_services/getting-started-with-service-binding-ibm-power-ibm-z.adoc
+++ b/applications/connecting_applications_to_services/getting-started-with-service-binding-ibm-power-ibm-z.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="getting-started-with-service-binding-ibm-power-ibm-z"]
-= Getting started with service binding on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}
+= Getting started with service binding on {ibm-power-title}, {ibm-z-title}, and {ibm-linuxone-title}
 include::_attributes/common-attributes.adoc[]
 include::_attributes/servicebinding-document-attributes.adoc[]
 :context: getting-started-with-service-binding-ibm-power-ibm-z
diff --git a/applications/connecting_applications_to_services/getting-started-with-service-binding.adoc b/applications/connecting_applications_to_services/getting-started-with-service-binding.adoc
index 6fb5ac0f69ab..6c216bdcf7b6 100644
--- a/applications/connecting_applications_to_services/getting-started-with-service-binding.adoc
+++ b/applications/connecting_applications_to_services/getting-started-with-service-binding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="getting-started-with-service-binding"]
 = Getting started with service binding
 include::_attributes/common-attributes.adoc[]
@@ -39,4 +39,4 @@ include::modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-databa
 * xref:../../applications/connecting_applications_to_services/installing-sbo.adoc#installing-sbo[Installing Service Binding Operator].
 * xref:../../applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc#odc-creating-applications-using-developer-perspective[Creating applications using the Developer perspective].
 * xref:../../operators/understanding/crds/crd-managing-resources-from-crds.adoc[Managing resources from custom resource definitions].
-* link:https://github.com/redhat-developer/service-binding-operator#known-bindable-operators[Known bindable Operators]. 
\ No newline at end of file
+* link:https://github.com/redhat-developer/service-binding-operator#known-bindable-operators[Known bindable Operators].
\ No newline at end of file
diff --git a/applications/connecting_applications_to_services/installing-sbo.adoc b/applications/connecting_applications_to_services/installing-sbo.adoc
index afd97908dad6..7f16790a6f4c 100644
--- a/applications/connecting_applications_to_services/installing-sbo.adoc
+++ b/applications/connecting_applications_to_services/installing-sbo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-sbo"]
 = Installing Service Binding Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc b/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
index 5ea513d917dd..2708e054fbed 100644
--- a/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
+++ b/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-connecting-an-application-to-a-service-using-the-developer-perspective"]
 = Connecting an application to a service using the Developer perspective
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/connecting_applications_to_services/projecting-binding-data.adoc b/applications/connecting_applications_to_services/projecting-binding-data.adoc
index c27b55566bc1..dc23b0b2b071 100644
--- a/applications/connecting_applications_to_services/projecting-binding-data.adoc
+++ b/applications/connecting_applications_to_services/projecting-binding-data.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="projecting-binding-data"]
 = Projecting binding data
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/connecting_applications_to_services/sbo-release-notes.adoc b/applications/connecting_applications_to_services/sbo-release-notes.adoc
index c4a67d04d8c8..87e63866765a 100644
--- a/applications/connecting_applications_to_services/sbo-release-notes.adoc
+++ b/applications/connecting_applications_to_services/sbo-release-notes.adoc
@@ -1,5 +1,5 @@
 //OpenShift Service Binding Release Notes
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="servicebinding-release-notes"]
 = Release notes for {servicebinding-title}
 :context: servicebinding-release-notes
diff --git a/applications/connecting_applications_to_services/understanding-service-binding-operator.adoc b/applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
index 5a6c5500fe95..c403bcb70570 100644
--- a/applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
+++ b/applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-service-binding-operator"]
 = Understanding Service Binding Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/creating_applications/creating-applications-using-cli.adoc b/applications/creating_applications/creating-applications-using-cli.adoc
index 10357412a63d..df6c0d346573 100644
--- a/applications/creating_applications/creating-applications-using-cli.adoc
+++ b/applications/creating_applications/creating-applications-using-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-applications-using-cli"]
 = Creating applications using the CLI
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/creating_applications/creating-apps-from-installed-operators.adoc b/applications/creating_applications/creating-apps-from-installed-operators.adoc
index 728bb3c441d3..a36c46f237b8 100644
--- a/applications/creating_applications/creating-apps-from-installed-operators.adoc
+++ b/applications/creating_applications/creating-apps-from-installed-operators.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-apps-from-installed-operators"]
 = Creating applications from installed Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc b/applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
index 4d93abbdfb4d..1340efce30c9 100644
--- a/applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
+++ b/applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-creating-applications-using-developer-perspective"]
 = Creating applications using the Developer perspective
 include::_attributes/common-attributes.adoc[]
@@ -50,7 +50,7 @@ The Managed services option is also available if the RHOAS Operator is installed
 * *Re-ordering of resources*: Use these resources to re-order pinned resources added to your navigation pane. The drag-and-drop icon is displayed on the left side of the pinned resource when you hover over it in the navigation pane. The dragged resource can be dropped only in the section where it resides.
 
 ifdef::openshift-enterprise,openshift-webscale[]
-Note that certain options, such as *Pipelines*, *Event Source*, and *Import Virtual Machines*, are displayed only when the xref:../../cicd/pipelines/installing-pipelines.adoc#op-installing-pipelines-operator-in-web-console_installing-pipelines[OpenShift Pipelines Operator], link:https://docs.openshift.com/serverless/1.28/install/install-serverless-operator.html#serverless-install-web-console_install-serverless-operator[{ServerlessOperatorName}], and xref:../../virt/install/installing-virt.adoc#virt-subscribing-cli_installing-virt[OpenShift Virtualization Operator] are installed, respectively.
+Note that certain options, such as *Pipelines*, *Event Source*, and *Import Virtual Machines*, are displayed only when the link:https://docs.openshift.com/pipelines/latest/install_config/installing-pipelines.html#op-installing-pipelines-operator-in-web-console_installing-pipelines[OpenShift Pipelines Operator], link:https://docs.openshift.com/serverless/1.28/install/install-serverless-operator.html#serverless-install-web-console_install-serverless-operator[{ServerlessOperatorName}], and xref:../../virt/install/installing-virt.adoc#virt-subscribing-cli_installing-virt[OpenShift Virtualization Operator] are installed, respectively.
 endif::[]
 
 [id="prerequisites_odc-creating-applications-using-developer-perspective"]
@@ -91,5 +91,5 @@ include::modules/odc-using-the-developer-catalog-to-add-services-or-components.a
 * For more information about Knative routing settings for {ServerlessProductName}, see link:https://docs.openshift.com/serverless/1.28/knative-serving/external-ingress-routing/routing-overview.html#routing-overview[Routing].
 * For more information about domain mapping settings for {ServerlessProductName}, see link:https://docs.openshift.com/serverless/1.28/knative-serving/config-custom-domains/serverless-custom-domains.html#serverless-custom-domains[Configuring a custom domain for a Knative service].
 * For more information about Knative autoscaling settings for {ServerlessProductName}, see link:https://docs.openshift.com/serverless/1.28/knative-serving/autoscaling/serverless-autoscaling-developer.html#serverless-autoscaling-developer[Autoscaling].
-* For more information about adding a new user to a project, see xref:../projects/working-with-projects.adoc#odc-providing-project-permissions-using-developer-perspective_projects[Working with projects].
-* For more information about creating a Helm Chart repository, see xref:../working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc#odc-creating-helm-releases-using-developer-perspective_configuring-custom-helm-chart-repositories[Creating Helm Chart repositories].
+* For more information about adding a new user to a project, see xref:../../applications/projects/working-with-projects.adoc#odc-providing-project-permissions-using-developer-perspective_projects[Working with projects].
+* For more information about creating a Helm Chart repository, see xref:../../applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc#odc-creating-helm-releases-using-developer-perspective_configuring-custom-helm-chart-repositories[Creating Helm Chart repositories].
diff --git a/applications/deployments/deployment-strategies.adoc b/applications/deployments/deployment-strategies.adoc
index 5d18c9f72dba..0af104aa2bb0 100644
--- a/applications/deployments/deployment-strategies.adoc
+++ b/applications/deployments/deployment-strategies.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deployment-strategies"]
 = Using deployment strategies
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/deployments/managing-deployment-processes.adoc b/applications/deployments/managing-deployment-processes.adoc
index 5226f871c93a..334d9b9e252f 100644
--- a/applications/deployments/managing-deployment-processes.adoc
+++ b/applications/deployments/managing-deployment-processes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deployment-operations"]
 = Managing deployment processes
 include::_attributes/common-attributes.adoc[]
@@ -9,6 +9,8 @@ toc::[]
 [id="deploymentconfig-operations"]
 == Managing DeploymentConfig objects
 
+include::snippets/deployment-config-deprecated.adoc[]
+
 `DeploymentConfig` objects can be managed from the {product-title} web console's *Workloads* page or using the `oc` CLI. The following procedures show CLI usage unless otherwise stated.
 
 include::modules/deployments-starting-deployment.adoc[leveloffset=+2]
diff --git a/applications/deployments/osd-config-custom-domains-applications.adoc b/applications/deployments/osd-config-custom-domains-applications.adoc
index e652e9b7e075..07d36f16b6ad 100644
--- a/applications/deployments/osd-config-custom-domains-applications.adoc
+++ b/applications/deployments/osd-config-custom-domains-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-config-custom-domains-applications"]
 = Custom domains for applications
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -6,6 +6,11 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
+[NOTE]
+====
+Starting with {product-title} 4.14, the Custom Domain Operator is deprecated. To manage Ingress in {product-title} 4.14, use the Ingress Operator. The functionality is unchanged for {product-title} 4.13 and earlier versions.
+====
+
 You can configure a custom domain for your applications. Custom domains are specific wildcard domains that can be used with {product-title} applications. 
 
 include::modules/osd-applications-config-custom-domains.adoc[leveloffset=+1]
diff --git a/applications/deployments/route-based-deployment-strategies.adoc b/applications/deployments/route-based-deployment-strategies.adoc
index 87df7e2548e8..cc1e6b5a577c 100644
--- a/applications/deployments/route-based-deployment-strategies.adoc
+++ b/applications/deployments/route-based-deployment-strategies.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="route-based-deployment-strategies"]
 = Using route-based deployment strategies
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/deployments/what-deployments-are.adoc b/applications/deployments/what-deployments-are.adoc
index 09654a5d92f6..a8a935138714 100644
--- a/applications/deployments/what-deployments-are.adoc
+++ b/applications/deployments/what-deployments-are.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="what-deployments-are"]
-= Understanding Deployment and DeploymentConfig objects
+= Understanding deployments
 include::_attributes/common-attributes.adoc[]
 :context: what-deployments-are
 
@@ -8,10 +8,14 @@ toc::[]
 
 The `Deployment` and `DeploymentConfig` API objects in {product-title} provide two similar but different methods for fine-grained management over common user applications. They are composed of the following separate API objects:
 
-* A `DeploymentConfig` or `Deployment` object, either of which describes the desired state of a particular component of the application as a pod template.
-* `DeploymentConfig` objects involve one or more _replication controllers_, which contain a point-in-time record of the state of a deployment as a pod template. Similarly, `Deployment` objects involve one or more _replica sets_, a successor of replication controllers.
+* A `Deployment` or `DeploymentConfig` object, either of which describes the desired state of a particular component of the application as a pod template.
+* `Deployment` objects involve one or more _replica sets_, which contain a point-in-time record of the state of a deployment as a pod template. Similarly, `DeploymentConfig` objects involve one or more _replication controllers_, which preceded replica sets.
 * One or more pods, which represent an instance of a particular version of an application.
 
+Use `Deployment` objects unless you need a specific feature or behavior provided by `DeploymentConfig` objects.
+
+include::snippets/deployment-config-deprecated.adoc[]
+
 ////
 Update when converted:
 [role="_additional-resources"]
@@ -31,7 +35,7 @@ xref:../../dev_guide/pod_autoscaling.adoc#dev-guide-pod-autoscaling[autoscaling]
 
 Deployments and deployment configs are enabled by the use of native Kubernetes API objects `ReplicaSet` and `ReplicationController`, respectively, as their building blocks.
 
-Users do not have to manipulate replication controllers, replica sets, or pods owned by `DeploymentConfig` objects or deployments. The deployment systems ensure changes are propagated appropriately.
+Users do not have to manipulate replica sets, replication controllers, or pods owned by `Deployment` or `DeploymentConfig` objects. The deployment systems ensure changes are propagated appropriately.
 
 [TIP]
 ====
@@ -40,11 +44,12 @@ If the existing deployment strategies are not suited for your use case and you m
 
 The following sections provide further details on these objects.
 
-include::modules/deployments-replicationcontrollers.adoc[leveloffset=+2]
 include::modules/deployments-replicasets.adoc[leveloffset=+2]
+include::modules/deployments-replicationcontrollers.adoc[leveloffset=+2]
 
-include::modules/deployments-deploymentconfigs.adoc[leveloffset=+1]
 include::modules/deployments-kube-deployments.adoc[leveloffset=+1]
+include::modules/deployments-deploymentconfigs.adoc[leveloffset=+1]
+
 include::modules/deployments-comparing-deploymentconfigs.adoc[leveloffset=+1]
 ////
 Update when converted:
diff --git a/applications/idling-applications.adoc b/applications/idling-applications.adoc
index 179701df2a45..8f163c4463f5 100644
--- a/applications/idling-applications.adoc
+++ b/applications/idling-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="idling-applications"]
 = Idling applications
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/index.adoc b/applications/index.adoc
index 7f3a761b6feb..ac102b5f6eb2 100644
--- a/applications/index.adoc
+++ b/applications/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="building-applications-overview"]
 = Building applications overview
 include::_attributes/common-attributes.adoc[]
@@ -36,7 +36,7 @@ When the application is running, not all applications resources are used. As a c
 [id="connecting-application"]
 === Connecting an application to services
 
-An application uses backing services to build and connect workloads, which vary according to the service provider. Using the xref:../applications/connecting_applications_to_services/understanding-service-binding-operator.adoc#understanding-service-binding-operator[Service Binding Operator], as a developer, you can bind workloads together with Operator-managed backing services, without any manual procedures to configure the binding connection. You can apply service binding also on xref:../applications/connecting_applications_to_services/getting-started-with-service-binding-ibm-power-ibm-z.adoc#getting-started-with-service-binding-ibm-power-ibm-z[{ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName} environments].
+An application uses backing services to build and connect workloads, which vary according to the service provider. Using the xref:../applications/connecting_applications_to_services/understanding-service-binding-operator.adoc#understanding-service-binding-operator[Service Binding Operator], as a developer, you can bind workloads together with Operator-managed backing services, without any manual procedures to configure the binding connection. You can apply service binding also on xref:../applications/connecting_applications_to_services/getting-started-with-service-binding-ibm-power-ibm-z.adoc#getting-started-with-service-binding-ibm-power-ibm-z[{ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name} environments].
 
 [id="deploying-application"]
 === Deploying an application
diff --git a/applications/odc-deleting-applications.adoc b/applications/odc-deleting-applications.adoc
index 6082134feb51..125ba1aa0fe9 100644
--- a/applications/odc-deleting-applications.adoc
+++ b/applications/odc-deleting-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-deleting-applications"]
 = Deleting applications
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/odc-editing-applications.adoc b/applications/odc-editing-applications.adoc
index 6c27e73f4e89..99fb9e7e067f 100644
--- a/applications/odc-editing-applications.adoc
+++ b/applications/odc-editing-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-editing-applications"]
 = Editing applications
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/odc-exporting-applications.adoc b/applications/odc-exporting-applications.adoc
index ebef502465a4..f89cdf7e56ce 100644
--- a/applications/odc-exporting-applications.adoc
+++ b/applications/odc-exporting-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-exporting-applications"]
 = Exporting applications
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc b/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
index b70a8da2de8b..079b1646b6fc 100644
--- a/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
+++ b/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-monitoring-project-and-application-metrics-using-developer-perspective"]
 = Monitoring project and application metrics using the Developer perspective
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/odc-viewing-application-composition-using-topology-view.adoc b/applications/odc-viewing-application-composition-using-topology-view.adoc
index 576a2d56f718..9375b3705049 100644
--- a/applications/odc-viewing-application-composition-using-topology-view.adoc
+++ b/applications/odc-viewing-application-composition-using-topology-view.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-viewing-application-composition-using-topology-view"]
 = Viewing application composition using the Topology view
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/projects/configuring-project-creation.adoc b/applications/projects/configuring-project-creation.adoc
index 1d9aa09de82f..9b4242361304 100644
--- a/applications/projects/configuring-project-creation.adoc
+++ b/applications/projects/configuring-project-creation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-project-creation"]
 = Configuring project creation
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/projects/creating-project-other-user.adoc b/applications/projects/creating-project-other-user.adoc
index 49c9844f7e0a..304ceebb8d1e 100644
--- a/applications/projects/creating-project-other-user.adoc
+++ b/applications/projects/creating-project-other-user.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-project-other-user"]
 = Creating a project as another user
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/projects/working-with-projects.adoc b/applications/projects/working-with-projects.adoc
index a155c0139e4a..3e3d00c7c12d 100644
--- a/applications/projects/working-with-projects.adoc
+++ b/applications/projects/working-with-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="working-with-projects"]
 = Working with projects
 include::_attributes/common-attributes.adoc[]
@@ -14,10 +14,7 @@ isolation from other communities.
 Projects starting with `openshift-` and `kube-` are  xref:../../authentication/using-rbac.adoc#rbac-default-projects_using-rbac[default projects]. These projects host cluster components that run as pods and other infrastructure components. As such, {product-title} does not allow you to create projects starting with `openshift-` or `kube-` using the `oc new-project` command. Cluster administrators can create these projects using the `oc adm new-project` command.
 ====
 
-[NOTE]
-====
-You cannot assign an SCC to pods created in one of the default namespaces: `default`, `kube-system`, `kube-public`, `openshift-node`, `openshift-infra`, and `openshift`. You cannot use these namespaces for running pods or services.
-====
+include::snippets/default-projects.adoc[]
 
 include::modules/creating-a-project-using-the-web-console.adoc[leveloffset=+1]
 
diff --git a/applications/pruning-objects.adoc b/applications/pruning-objects.adoc
index 0b42fd73b34e..7f80ee11e446 100644
--- a/applications/pruning-objects.adoc
+++ b/applications/pruning-objects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="pruning-objects"]
 = Pruning objects to reclaim resources
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/quotas/quotas-setting-across-multiple-projects.adoc b/applications/quotas/quotas-setting-across-multiple-projects.adoc
index 471a0343a6ec..a4a4330ca134 100644
--- a/applications/quotas/quotas-setting-across-multiple-projects.adoc
+++ b/applications/quotas/quotas-setting-across-multiple-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="setting-quotas-across-multiple-projects"]
 = Resource quotas across multiple projects
 include::_attributes/common-attributes.adoc[]
@@ -10,6 +10,8 @@ A multi-project quota, defined by a `ClusterResourceQuota` object, allows quotas
 
 This guide describes how cluster administrators can set and manage resource quotas across multiple projects.
 
+include::snippets/default-projects.adoc[]
+
 include::modules/quotas-selecting-projects.adoc[leveloffset=+1]
 include::modules/quotas-viewing-clusterresourcequotas.adoc[leveloffset=+1]
 include::modules/quotas-selection-granularity.adoc[leveloffset=+1]
diff --git a/applications/quotas/quotas-setting-per-project.adoc b/applications/quotas/quotas-setting-per-project.adoc
index daf75d747225..472879c2fede 100644
--- a/applications/quotas/quotas-setting-per-project.adoc
+++ b/applications/quotas/quotas-setting-per-project.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="quotas-setting-per-project"]
 = Resource quotas per project
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/red-hat-marketplace.adoc b/applications/red-hat-marketplace.adoc
index d875e3eeaac7..99f239b589af 100644
--- a/applications/red-hat-marketplace.adoc
+++ b/applications/red-hat-marketplace.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="red-hat-marketplace"]
 = Using the Red Hat Marketplace
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/working-with-quotas.adoc b/applications/working-with-quotas.adoc
index dfa5dfd6b866..85715c12eb2b 100644
--- a/applications/working-with-quotas.adoc
+++ b/applications/working-with-quotas.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="working-with-quotas"]
 = Working with quotas
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc b/applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc
index 933193d52908..6836d07cbfbb 100644
--- a/applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc
+++ b/applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-custom-helm-chart-repositories"]
 = Configuring custom Helm chart repositories
 include::_attributes/common-attributes.adoc[]
@@ -18,7 +18,7 @@ As a cluster administrator, you can add multiple cluster-scoped and namespace-sc
 
 As a regular user or project member with the appropriate role-based access control (RBAC) permissions, you can add multiple namespace-scoped Helm chart repositories, apart from the default cluster-scoped Helm repository, and display the Helm charts from these repositories in the *Developer Catalog*.
 
-In the *Developer* perspective of the web console, you can use the *Helm* page to: 
+In the *Developer* perspective of the web console, you can use the *Helm* page to:
 
 * Create Helm Releases and Repositories using the *Create* button.
 
diff --git a/applications/working_with_helm_charts/installing-helm.adoc b/applications/working_with_helm_charts/installing-helm.adoc
index 59a50498563a..10a0bcd71471 100644
--- a/applications/working_with_helm_charts/installing-helm.adoc
+++ b/applications/working_with_helm_charts/installing-helm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-helm"]
 = Installing Helm
 include::_attributes/common-attributes.adoc[]
@@ -24,14 +24,14 @@ You can also find the URL to the latest binaries from the {product-title} web co
 # curl -L https://mirror.openshift.com/pub/openshift-v4/clients/helm/latest/helm-linux-amd64 -o /usr/local/bin/helm
 ----
 
-* Linux on {ibmzProductName} and {linuxoneProductName} (s390x)
+* Linux on {ibm-z-name} and {ibm-linuxone-name} (s390x)
 +
 [source,terminal]
 ----
 # curl -L https://mirror.openshift.com/pub/openshift-v4/clients/helm/latest/helm-linux-s390x -o /usr/local/bin/helm
 ----
 
-* Linux on {ibmpowerProductName} (ppc64le)
+* Linux on {ibm-power-name} (ppc64le)
 +
 [source,terminal]
 ----
diff --git a/applications/working_with_helm_charts/odc-working-with-helm-releases.adoc b/applications/working_with_helm_charts/odc-working-with-helm-releases.adoc
index cfecb6b7e9b3..10fe4f158b37 100644
--- a/applications/working_with_helm_charts/odc-working-with-helm-releases.adoc
+++ b/applications/working_with_helm_charts/odc-working-with-helm-releases.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-working-with-helm-releases"]
 = Working with Helm releases
 include::_attributes/common-attributes.adoc[]
diff --git a/applications/working_with_helm_charts/understanding-helm.adoc b/applications/working_with_helm_charts/understanding-helm.adoc
index 83aead71501f..549b2571859c 100644
--- a/applications/working_with_helm_charts/understanding-helm.adoc
+++ b/applications/working_with_helm_charts/understanding-helm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-helm"]
 = Understanding Helm
 include::_attributes/common-attributes.adoc[]
diff --git a/architecture/admission-plug-ins.adoc b/architecture/admission-plug-ins.adoc
index c20f406a8c97..417c58ef7dec 100644
--- a/architecture/admission-plug-ins.adoc
+++ b/architecture/admission-plug-ins.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="admission-plug-ins"]
 = Admission plugins
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,9 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+// Sentence taken from Architecture -> Index.
+Admission plugins are used to help regulate how {product-title} functions.
+
 // Concept modules
 include::modules/admission-plug-ins-about.adoc[leveloffset=+1]
 
diff --git a/architecture/architecture-installation.adoc b/architecture/architecture-installation.adoc
index 39786a08a45d..22e164dad62c 100644
--- a/architecture/architecture-installation.adoc
+++ b/architecture/architecture-installation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="architecture-installation"]
 = Installation and update
 include::_attributes/common-attributes.adoc[]
diff --git a/architecture/architecture-rhcos.adoc b/architecture/architecture-rhcos.adoc
index 50eacc440e5a..1954f535e300 100644
--- a/architecture/architecture-rhcos.adoc
+++ b/architecture/architecture-rhcos.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="architecture-rhcos"]
 = {op-system-first}
 include::_attributes/common-attributes.adoc[]
diff --git a/architecture/architecture.adoc b/architecture/architecture.adoc
index 9ab4f4fa36cc..711cf3f4c12b 100644
--- a/architecture/architecture.adoc
+++ b/architecture/architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="architecture"]
 = {product-title} architecture
 include::_attributes/common-attributes.adoc[]
diff --git a/architecture/argocd.adoc b/architecture/argocd.adoc
index a8b4c5d1f258..ede48546c22b 100644
--- a/architecture/argocd.adoc
+++ b/architecture/argocd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="argocd"]
 = Using ArgoCD with {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/architecture/cicd_gitops.adoc b/architecture/cicd_gitops.adoc
index 09bee1d19c1b..d99084f9ae1e 100644
--- a/architecture/cicd_gitops.adoc
+++ b/architecture/cicd_gitops.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cicd_gitops"]
 = The CI/CD methodology and practice
 include::_attributes/common-attributes.adoc[]
diff --git a/architecture/control-plane.adoc b/architecture/control-plane.adoc
index ea482bd64c3f..2c2b64e0d4f5 100644
--- a/architecture/control-plane.adoc
+++ b/architecture/control-plane.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="control-plane"]
 = Control plane architecture
 include::_attributes/common-attributes.adoc[]
@@ -63,9 +63,7 @@ include::modules/hosted-control-planes-overview.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hypershift-addon-intro[HyperShift add-on (Technology Preview)]
-
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosted-control-planes-intro[Hosted control planes (Technology Preview)]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-control-planes-intro[Hosted control planes]
 
 include::modules/hosted-control-planes-concepts-personas.adoc[leveloffset=+2]
 include::modules/hosted-control-planes-version-support.adoc[leveloffset=+2]
diff --git a/architecture/index.adoc b/architecture/index.adoc
index 08892de20d31..3fce1f22d015 100644
--- a/architecture/index.adoc
+++ b/architecture/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="architecture-overview"]
 = Architecture overview
 include::_attributes/common-attributes.adoc[]
@@ -19,8 +19,8 @@ include::modules/openshift-architecture-common-terms.adoc[leveloffset=+1]
 * For more information on storage, see xref:../storage/index.adoc#index[{product-title} storage].
 * For more information on authentication, see xref:../authentication/index.adoc#index[{product-title} authentication].
 * For more information on Operator Lifecycle Manager (OLM), see xref:../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[OLM].
-* For more information on logging, see xref:../logging/viewing-resource-logs.adoc#viewing-resource-logs[{product-title} Logging].
-* For more information on over-the-air (OTA) updates, see xref:../updating/index.adoc#index[Updating {product-title} clusters].
+* For more information on logging, see xref:../logging/cluster-logging.adoc#cluster-logging[About Logging].
+* For more information on over-the-air (OTA) updates, see xref:../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Introduction to OpenShift updates].
 
 [id="about-installation-and-updates"]
 == About installation and updates
diff --git a/architecture/mce-overview-ocp.adoc b/architecture/mce-overview-ocp.adoc
index 869f970703e4..beec551aa22d 100644
--- a/architecture/mce-overview-ocp.adoc
+++ b/architecture/mce-overview-ocp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="mce-overview-ocp"]
 = About multicluster engine for Kubernetes operator
 include::_attributes/common-attributes.adoc[]
@@ -22,7 +22,7 @@ When you enable multicluster engine on {product-title}, you gain the following c
 * Infrastructure Operator, which manages the deployment of the Assisted Service to orchestrate on-premise bare metal and vSphere installations of {product-title}, such as SNO on bare metal. The Infrastructure Operator includes xref:../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc#ztp-challenges-of-far-edge-deployments_ztp-deploying-far-edge-clusters-at-scale[{ztp-first}], which fully automates cluster creation on bare metal and vSphere provisioning with GitOps workflows to manage deployments and configuration changes.
 * Open cluster management, which provides resources to manage Kubernetes clusters.
 
-The multicluster engine is included with your {product-title} support subscription and is delivered separately from the core payload. To start to use multicluster engine, you deploy the {product-title} cluster and then install the operator. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#mce-install-intro[Installing and upgrading multicluster engine operator].
+The multicluster engine is included with your {product-title} support subscription and is delivered separately from the core payload. To start to use multicluster engine, you deploy the {product-title} cluster and then install the operator. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#mce-install-intro[Installing and upgrading multicluster engine operator].
 
 [id="mce-on-rhacm"]
 == Cluster management with Red Hat Advanced Cluster Management
@@ -32,4 +32,4 @@ If you need cluster management capabilities beyond what {product-title} with mul
 [id="mce-additional-resources-ocp"]
 == Additional resources
 
-For the complete documentation for multicluster engine, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#doc-wrapper[Cluster lifecycle with multicluster engine documentation], which is part of the product documentation for Red Hat Advanced Cluster Management.
+For the complete documentation for multicluster engine, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#doc-wrapper[Cluster lifecycle with multicluster engine documentation], which is part of the product documentation for Red Hat Advanced Cluster Management.
diff --git a/architecture/nvidia-gpu-architecture-overview.adoc b/architecture/nvidia-gpu-architecture-overview.adoc
new file mode 100644
index 000000000000..181dc0c6b75f
--- /dev/null
+++ b/architecture/nvidia-gpu-architecture-overview.adoc
@@ -0,0 +1,88 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nvidia-gpu-architecture-overview"]
+= NVIDIA GPU architecture overview
+include::_attributes/common-attributes.adoc[]
+:context: nvidia-gpu-architecture-overview
+
+toc::[]
+
+NVIDIA supports the use of graphics processing unit (GPU) resources on {product-title}. {product-title} is a security-focused and hardened Kubernetes platform developed and supported by Red Hat for deploying and managing Kubernetes clusters at scale. {product-title} includes enhancements to Kubernetes so that users can easily configure and use NVIDIA GPU resources to accelerate workloads.
+
+The NVIDIA GPU Operator leverages the Operator framework within {product-title} to manage the full lifecycle of NVIDIA software components required to run GPU-accelerated workloads.
+
+These components include the NVIDIA drivers (to enable CUDA), the Kubernetes device plugin for GPUs, the NVIDIA Container Toolkit, automatic node tagging using GPU feature discovery (GFD), DCGM-based monitoring, and others.
+
+[NOTE]
+====
+The NVIDIA GPU Operator is only supported by NVIDIA. For more information about obtaining support from NVIDIA, see link:https://access.redhat.com/solutions/5174941[Obtaining Support from NVIDIA].
+====
+
+include::modules/nvidia-gpu-prerequisites.adoc[leveloffset=+1]
+// New enablement modules
+include::modules/nvidia-gpu-enablement.adoc[leveloffset=+1]
+
+include::modules/nvidia-gpu-bare-metal.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.nvidia.com/ai-enterprise/deployment-guide-openshift-on-bare-metal/0.1.0/on-bare-metal.html[Red Hat OpenShift on Bare Metal Stack]
+
+include::modules/nvidia-gpu-virtualization.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/openshift/openshift-virtualization.html[NVIDIA GPU Operator with OpenShift Virtualization]
+
+include::modules/nvidia-gpu-vsphere.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/openshift/nvaie-with-ocp.html#openshift-container-platform-on-vmware-vsphere-with-nvidia-vgpus[OpenShift Container Platform on VMware vSphere with NVIDIA vGPUs]
+
+include::modules/nvidia-gpu-kvm.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://computingforgeeks.com/how-to-deploy-openshift-container-platform-on-kvm/[How To Deploy OpenShift Container Platform 4.13 on KVM]
+
+include::modules/nvidia-gpu-csps.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.nvidia.com/ai-enterprise/deployment-guide-cloud/0.1.0/aws-redhat-openshift.html[Red Hat Openshift in the Cloud]
+
+include::modules/nvidia-gpu-red-hat-device-edge.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://cloud.redhat.com/blog/how-to-accelerate-workloads-with-nvidia-gpus-on-red-hat-device-edge[How to accelerate workloads with NVIDIA GPUs on Red Hat Device Edge]
+
+// TELCODOCS-1092 GPU sharing methods
+include::modules/nvidia-gpu-sharing-methods.adoc[leveloffset=+1]
+.Additional resources
+* link:https://developer.nvidia.com/blog/improving-gpu-utilization-in-kubernetes/[Improving GPU Utilization]
+
+include::modules/nvidia-gpu-cuda-streams.adoc[leveloffset=+2]
+.Additional resources
+* link:https://docs.nvidia.com/cuda/cuda-c-programming-guide/index.html#asynchronous-concurrent-execution[Asynchronous Concurrent Execution]
+
+include::modules/nvidia-gpu-time-slicing.adoc[leveloffset=+2]
+
+include::modules/nvidia-gpu-cuda-mps.adoc[leveloffset=+2]
+.Additional resources
+* link:https://docs.nvidia.com/deploy/mps/index.html[CUDA MPS]
+
+include::modules/nvidia-gpu-mig-gpu.adoc[leveloffset=+2]
+.Additional resources
+* link:https://docs.nvidia.com/datacenter/tesla/mig-user-guide/[NVIDIA Multi-Instance GPU User Guide]
+
+include::modules/nvidia-gpu-virtualization-with-gpu.adoc[leveloffset=+2]
+.Additional resources
+* link:https://www.nvidia.com/en-us/data-center/virtual-solutions/[Virtual GPUs]
+
+include::modules/nvidia-gpu-features.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.nvidia.com/ngc/ngc-deploy-on-premises/nvidia-certified-systems/index.html[NVIDIA-Certified Systems]
+* link:https://docs.nvidia.com/ai-enterprise/index.html#deployment-guides[NVIDIA AI Enterprise]
+* link:https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html#[NVIDIA Container Toolkit]
+* link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/enable-gpu-monitoring-dashboard.html[Enabling the GPU Monitoring Dashboard]
+* link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/mig-ocp.html[MIG Support in OpenShift Container Platform]
+* link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/time-slicing-gpus-in-openshift.html[Time-slicing NVIDIA GPUs in OpenShift]
+* link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/mirror-gpu-ocp-disconnected.html[Deploy GPU Operators in a disconnected or airgapped environment]
+* xref:../hardware_enablement/psap-node-feature-discovery-operator.html[Node Feature Discovery Operator]
diff --git a/architecture/ocm-overview-ocp.adoc b/architecture/ocm-overview-ocp.adoc
index d1eaf4095dd4..8ad963fc5d45 100644
--- a/architecture/ocm-overview-ocp.adoc
+++ b/architecture/ocm-overview-ocp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ocm-overview-ocp"]
 = Red Hat OpenShift Cluster Manager
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -54,4 +54,4 @@ include::modules/ocm-settings-tab.adoc[leveloffset=+2]
 [id="ocm-additional-resources-ocp"]
 == Additional resources
 
-* For the complete documentation for {cluster-manager}, see link:https://access.redhat.com/documentation/en-us/openshift_cluster_manager/2022/html-single/managing_clusters/index[{cluster-manager} documentation]. 
+* For the complete documentation for {cluster-manager}, see link:https://access.redhat.com/documentation/en-us/openshift_cluster_manager/2022/html-single/managing_clusters/index[{cluster-manager} documentation].
diff --git a/architecture/understanding-development.adoc b/architecture/understanding-development.adoc
index 0d7313848322..80d8f6d4d7c9 100644
--- a/architecture/understanding-development.adoc
+++ b/architecture/understanding-development.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-development"]
 = Understanding {product-title} development
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/assuming-an-aws-iam-role-for-a-service-account.adoc b/authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
index 80c43b7cb1c8..54484e2e03a9 100644
--- a/authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
+++ b/authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="assuming-an-aws-iam-role-for-a-service-account"]
 = Assuming an AWS IAM role for a service account
 include::_attributes/common-attributes.adoc[]
@@ -11,11 +11,12 @@ toc::[]
 
 [role="_abstract"]
 ifdef::openshift-rosa[]
-{product-title} clusters that use the AWS Security Token Service (STS) include a pod identity webhook for use with pods that run in user-defined projects.
+In {product-title} clusters that use the AWS Security Token Service (STS), the OpenShift API server can be enabled to project signed service account tokens that can be used to assume an AWS Identity and Access Management (IAM) role in a pod. If the assumed IAM role has the required AWS permissions, the pods can authenticate against the AWS API using temporary STS credentials to perform AWS operations.
 endif::openshift-rosa[]
 
-You can use the pod identity webhook to enable a service account to automatically assume an AWS Identity and Access Management (IAM) role in your own pods. If the assumed IAM role has the required AWS permissions, the pods can run AWS SDK operations by using temporary STS credentials.
+You can use the pod identity webhook to project service account tokens to assume an AWS Identity and Access Management (IAM) role for your own workloads. If the assumed IAM role has the required AWS permissions, the pods can run AWS SDK operations by using temporary STS credentials.
 
+include::modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects.adoc[leveloffset=+1]
 include::modules/understanding-pod-identity-webhook-workflow-in-user-defined-projects.adoc[leveloffset=+1]
 include::modules/assuming-an-aws-iam-role-in-your-own-pods.adoc[leveloffset=+1]
 include::modules/setting-up-an-aws-iam-role-a-service-account.adoc[leveloffset=+2]
@@ -37,5 +38,5 @@ include::modules/verifying-the-assumed-iam-role-in-your-pod.adoc[leveloffset=+2]
 * For more information about installing and using the AWS Boto3 SDK for Python, see the link:https://boto3.amazonaws.com/v1/documentation/api/latest/index.html[AWS Boto3 documentation].
 
 ifdef::openshift-rosa,openshift-dedicated[]
-* For general information about webhook admission plugins for OpenShift, see link:https://docs.openshift.com/container-platform/4.13/architecture/admission-plug-ins.html#admission-webhooks-about_admission-plug-ins[Webhook admission plugins] in the OpenShift Container Platform documentation.
+* For general information about webhook admission plugins for OpenShift, see link:https://docs.openshift.com/container-platform/4.15/architecture/admission-plug-ins.html#admission-webhooks-about_admission-plug-ins[Webhook admission plugins] in the OpenShift Container Platform documentation.
 endif::openshift-rosa,openshift-dedicated[]
diff --git a/authentication/bound-service-account-tokens.adoc b/authentication/bound-service-account-tokens.adoc
index c16fda7a3f0d..783913260f46 100644
--- a/authentication/bound-service-account-tokens.adoc
+++ b/authentication/bound-service-account-tokens.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="bound-service-account-tokens"]
 = Using bound service account tokens
 include::_attributes/common-attributes.adoc[]
@@ -20,7 +20,10 @@ include::modules/bound-sa-tokens-configuring-externally.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
+// This xref target does not exist in the OSD/ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../nodes/nodes/nodes-nodes-rebooting.adoc#nodes-nodes-rebooting-gracefully_nodes-nodes-rebooting[Rebooting a node gracefully]
+endif::openshift-dedicated,openshift-rosa[]
 
 * xref:../authentication/understanding-and-creating-service-accounts.adoc#service-accounts-managing_understanding-service-accounts[Creating service accounts]
 
diff --git a/authentication/configuring-internal-oauth.adoc b/authentication/configuring-internal-oauth.adoc
index 7e3f86c9e602..2d37dfb0e118 100644
--- a/authentication/configuring-internal-oauth.adoc
+++ b/authentication/configuring-internal-oauth.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-internal-oauth"]
 = Configuring the internal OAuth server
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/configuring-ldap-failover.adoc b/authentication/configuring-ldap-failover.adoc
index ede202898a53..5558ccb42d60 100644
--- a/authentication/configuring-ldap-failover.adoc
+++ b/authentication/configuring-ldap-failover.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ldap-failover"]
 = Configuring LDAP failover
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/configuring-oauth-clients.adoc b/authentication/configuring-oauth-clients.adoc
index 2059ef4293b6..f41836a8276b 100644
--- a/authentication/configuring-oauth-clients.adoc
+++ b/authentication/configuring-oauth-clients.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-oauth-clients"]
 = Configuring OAuth clients
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/dedicated-understanding-authentication.adoc b/authentication/dedicated-understanding-authentication.adoc
index 7d27e9512e64..23927ffdaa5f 100644
--- a/authentication/dedicated-understanding-authentication.adoc
+++ b/authentication/dedicated-understanding-authentication.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-identity-provider"]
 = Understanding identity provider configuration
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc b/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc
index bad3240b4239..70691f0be455 100644
--- a/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-basic-authentication-identity-provider"]
 = Configuring a basic authentication identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-github-identity-provider.adoc b/authentication/identity_providers/configuring-github-identity-provider.adoc
index 76a1b23f4c54..e170b8ff627b 100644
--- a/authentication/identity_providers/configuring-github-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-github-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-github-identity-provider"]
 = Configuring a GitHub or GitHub Enterprise identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-gitlab-identity-provider.adoc b/authentication/identity_providers/configuring-gitlab-identity-provider.adoc
index 023dd8dec0fb..75f8dc914a08 100644
--- a/authentication/identity_providers/configuring-gitlab-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-gitlab-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-gitlab-identity-provider"]
 = Configuring a GitLab identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-google-identity-provider.adoc b/authentication/identity_providers/configuring-google-identity-provider.adoc
index 90faa932bff9..b447062ec2b5 100644
--- a/authentication/identity_providers/configuring-google-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-google-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-google-identity-provider"]
 = Configuring a Google identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc b/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
index f13cfb919b85..2a7a2882f7c8 100644
--- a/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-htpasswd-identity-provider"]
 = Configuring an htpasswd identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-keystone-identity-provider.adoc b/authentication/identity_providers/configuring-keystone-identity-provider.adoc
index 1bac30ad85a5..a53b1779cf06 100644
--- a/authentication/identity_providers/configuring-keystone-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-keystone-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-keystone-identity-provider"]
 = Configuring a Keystone identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-ldap-identity-provider.adoc b/authentication/identity_providers/configuring-ldap-identity-provider.adoc
index b659386195b6..dce6d697af01 100644
--- a/authentication/identity_providers/configuring-ldap-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-ldap-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ldap-identity-provider"]
 = Configuring an LDAP identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-oidc-identity-provider.adoc b/authentication/identity_providers/configuring-oidc-identity-provider.adoc
index 2c3e74fba472..9482be8b009f 100644
--- a/authentication/identity_providers/configuring-oidc-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-oidc-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-oidc-identity-provider"]
 = Configuring an OpenID Connect identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/identity_providers/configuring-request-header-identity-provider.adoc b/authentication/identity_providers/configuring-request-header-identity-provider.adoc
index ee20455070b4..2cea646b461b 100644
--- a/authentication/identity_providers/configuring-request-header-identity-provider.adoc
+++ b/authentication/identity_providers/configuring-request-header-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-request-header-identity-provider"]
 = Configuring a request header identity provider
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/impersonating-system-admin.adoc b/authentication/impersonating-system-admin.adoc
index 32843c9f3a2d..69f0c8625e21 100644
--- a/authentication/impersonating-system-admin.adoc
+++ b/authentication/impersonating-system-admin.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="impersonating-system-admin"]
 = Impersonating the system:admin user
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/index.adoc b/authentication/index.adoc
index 691ea227852a..7004a1417235 100644
--- a/authentication/index.adoc
+++ b/authentication/index.adoc
@@ -9,7 +9,14 @@ include::modules/authentication-authorization-common-terms.adoc[leveloffset=+1]
 
 [id="authentication-overview"]
 == About authentication in {product-title}
-To control access to an {product-title} cluster, a cluster administrator can configure xref:../authentication/understanding-authentication.adoc#understanding-authentication[user authentication] and ensure only approved users access the cluster.
+To control access to an {product-title} cluster,
+ifndef::openshift-dedicated,openshift-rosa[]
+a cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+an administrator with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can configure xref:../authentication/understanding-authentication.adoc#understanding-authentication[user authentication] and ensure only approved users access the cluster.
 
 To interact with an {product-title} cluster, users must first authenticate to the {product-title} API in some way. You can authenticate by providing an xref:../authentication/understanding-authentication.adoc#rbac-api-authentication_understanding-authentication[OAuth access token or an X.509 client certificate] in your requests to the {product-title} API.
 
@@ -17,15 +24,23 @@ To interact with an {product-title} cluster, users must first authenticate to th
 ====
 If you do not present a valid access token or certificate, your request is unauthenticated and you receive an HTTP 401 error.
 ====
+
+ifdef::openshift-dedicated,openshift-rosa[]
+An administrator can configure authentication by configuring an identity provider. You can define any xref:../authentication/sd-configuring-identity-providers.adoc#understanding-idp-supported_sd-configuring-identity-providers[supported identity provider in {product-title}] and add it to your cluster.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
 An administrator can configure authentication through the following tasks:
 
 * Configuring an identity provider: You can define any xref:../authentication/understanding-identity-provider.adoc#supported-identity-providers[supported identity provider in {product-title}] and add it to your cluster.
-* xref:../authentication/configuring-internal-oauth.adoc#configuring-internal-oauth[Configuring the internal OAuth server]: The {product-title} control plane includes a built-in OAuth server that determines the user’s identity from the configured identity provider and creates an access token. You can configure the token duration and inactivity timeout, and customize the internal OAuth server URL.
+
+* xref:../authentication/configuring-internal-oauth.adoc#configuring-internal-oauth[Configuring the internal OAuth server]: The {product-title} control plane includes a built-in OAuth server that determines the user's identity from the configured identity provider and creates an access token. You can configure the token duration and inactivity timeout, and customize the internal OAuth server URL.
 +
 [NOTE]
 ====
 Users can xref:../authentication/managing-oauth-access-tokens.adoc#managing-oauth-access-tokens[view and manage OAuth tokens owned by them].
 ====
+
 * Registering an OAuth client: {product-title} includes several xref:../authentication/configuring-oauth-clients.adoc#oauth-default-clients_configuring-oauth-clients[default OAuth clients]. You can xref:../authentication/configuring-oauth-clients.adoc#oauth-register-additional-client_configuring-oauth-clients[register and configure additional OAuth clients].
 +
 [NOTE]
@@ -35,6 +50,7 @@ When users send a request for an OAuth token, they must specify either a default
 
 * Managing cloud provider credentials using the xref:../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[Cloud Credentials Operator]: Cluster components use cloud provider credentials to get permissions required to perform cluster-related tasks.
 * Impersonating a system admin user: You can grant cluster administrator permissions to a user by xref:../authentication/impersonating-system-admin.adoc#impersonating-system-admin[impersonating a system admin user].
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="authorization-overview"]
 == About authorization in {product-title}
@@ -49,14 +65,35 @@ Along with controlling user access to a cluster, you can also control the action
 You can manage authorization for {product-title} through the following tasks:
 
 * Viewing xref:../authentication/using-rbac.adoc#viewing-local-roles_using-rbac[local] and xref:../authentication/using-rbac.adoc#viewing-cluster-roles_using-rbac[cluster] roles and bindings.
+
 * Creating a xref:../authentication/using-rbac.adoc#creating-local-role_using-rbac[local role] and assigning it to a user or group.
+
+ifndef::openshift-dedicated,openshift-rosa[]
 * Creating a cluster role and assigning it to a user or group: {product-title} includes a set of xref:../authentication/using-rbac.adoc#default-roles_using-rbac[default cluster roles]. You can create additional xref:../authentication/using-rbac.adoc#creating-cluster-role_using-rbac[cluster roles] and xref:../authentication/using-rbac.adoc#adding-roles_using-rbac[add them to a user or group].
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Assigning a cluster role to a user or group: {product-title} includes a set of xref:../authentication/using-rbac.adoc#default-roles_using-rbac[default cluster roles]. You can xref:../authentication/using-rbac.adoc#adding-roles_using-rbac[add them to a user or group].
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
 * Creating a cluster-admin user: By default, your cluster has only one cluster administrator called `kubeadmin`. You can xref:../authentication/using-rbac.adoc#creating-cluster-admin_using-rbac[create another cluster administrator]. Before creating a cluster administrator, ensure that you have configured an identity provider.
 +
 [NOTE]
 ====
 After creating the cluster admin user, xref:../authentication/remove-kubeadmin.adoc#removing-kubeadmin_removing-kubeadmin[delete the existing kubeadmin user] to improve cluster security.
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-rosa[]
+* Creating cluster-admin and dedicated-admin users: The user who created the {product-title} cluster can grant access to other xref:../authentication/using-rbac.adoc#rosa-create-cluster-admins_using-rbac[`cluster-admin`] and xref:../authentication/using-rbac.adoc#rosa-create-dedicated-cluster-admins_using-rbac[`dedicated-admin`] users.
+endif::openshift-rosa[]
+
+ifdef::openshift-dedicated[]
+* Granting administrator privileges to users: You can xref:../authentication/using-rbac.adoc#osd-grant-admin-privileges_using-rbac[grant `dedicated-admin` privileges to users].
+endif::openshift-dedicated[]
+
 * Creating service accounts: xref:../authentication/understanding-and-creating-service-accounts.adoc#service-accounts-overview_understanding-service-accounts[Service accounts] provide a flexible way to control API access without sharing a regular user’s credentials. A user can xref:../authentication/understanding-and-creating-service-accounts.adoc#service-accounts-managing_understanding-service-accounts[create and use a service account in applications] and also as xref:../authentication/using-service-accounts-as-oauth-client.adoc#using-service-accounts-as-oauth-client[an OAuth client].
+
 * xref:../authentication/tokens-scoping.adoc#tokens-scoping[Scoping tokens]: A scoped token is a token that identifies as a specific user who can perform only specific operations. You can create scoped tokens to delegate some of your permissions to another user or a service account.
+
 * Syncing LDAP groups: You can manage user groups in one place by xref:../authentication/ldap-syncing.adoc#ldap-syncing[syncing the groups stored in an LDAP server] with the {product-title} user groups.
diff --git a/authentication/ldap-syncing.adoc b/authentication/ldap-syncing.adoc
index 9d788b1540e9..802f055b0f45 100644
--- a/authentication/ldap-syncing.adoc
+++ b/authentication/ldap-syncing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ldap-syncing"]
 = Syncing LDAP groups
 include::_attributes/common-attributes.adoc[]
@@ -9,6 +9,9 @@ toc::[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 As an administrator,
 endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role,
+endif::openshift-dedicated,openshift-rosa[]
 you can use groups to manage users, change
 their permissions, and enhance collaboration. Your organization may have already
 created user groups and stored them in an LDAP server. {product-title} can sync
@@ -17,8 +20,15 @@ your groups in one place. {product-title} currently supports group sync with
 LDAP servers using three common schemas for defining group membership: RFC 2307,
 Active Directory, and augmented Active Directory.
 
+ifndef::openshift-dedicated,openshift-rosa[]
 For more information on configuring LDAP, see
 xref:../authentication/identity_providers/configuring-ldap-identity-provider.adoc#configuring-ldap-identity-provider[Configuring an LDAP identity provider].
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+For more information on configuring LDAP, see
+xref:../authentication/sd-configuring-identity-providers.adoc#config-ldap-idp_sd-configuring-identity-providers[Configuring an LDAP identity provider].
+endif::openshift-dedicated,openshift-rosa[]
 
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 [NOTE]
@@ -26,6 +36,12 @@ ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 You must have `cluster-admin` privileges to sync groups.
 ====
 endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+You must have `dedicated-admin` privileges to sync groups.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/ldap-syncing-about.adoc[leveloffset=+1]
 include::modules/ldap-syncing-config-rfc2307.adoc[leveloffset=+2]
@@ -37,6 +53,8 @@ include::modules/ldap-syncing-running-openshift.adoc[leveloffset=+2]
 include::modules/ldap-syncing-running-subset.adoc[leveloffset=+2]
 include::modules/ldap-syncing-pruning.adoc[leveloffset=+1]
 
+// OSD and ROSA dedicated-admins cannot create the cluster roles and cluster role bindings required for this procedure.
+ifndef::openshift-dedicated,openshift-rosa[]
 // Automatically syncing LDAP groups
 include::modules/ldap-auto-syncing.adoc[leveloffset=+1]
 
@@ -45,6 +63,7 @@ include::modules/ldap-auto-syncing.adoc[leveloffset=+1]
 
 * xref:../authentication/identity_providers/configuring-ldap-identity-provider.adoc#configuring-ldap-identity-provider[Configuring an LDAP identity provider]
 * xref:../nodes/jobs/nodes-nodes-jobs.adoc#nodes-nodes-jobs-creating-cron_nodes-nodes-jobs[Creating cron jobs]
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/ldap-syncing-examples.adoc[leveloffset=+1]
 include::modules/ldap-syncing-rfc2307.adoc[leveloffset=+2]
diff --git a/authentication/managing-oauth-access-tokens.adoc b/authentication/managing-oauth-access-tokens.adoc
index 10867b018e6f..7995ff4dd33d 100644
--- a/authentication/managing-oauth-access-tokens.adoc
+++ b/authentication/managing-oauth-access-tokens.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-oauth-access-tokens"]
 = Managing user-owned OAuth access tokens
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/managing-security-context-constraints.adoc b/authentication/managing-security-context-constraints.adoc
index 638cbba748b4..0a67c077b59f 100644
--- a/authentication/managing-security-context-constraints.adoc
+++ b/authentication/managing-security-context-constraints.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-pod-security-policies"]
 = Managing security context constraints
 include::_attributes/common-attributes.adoc[]
@@ -12,12 +12,12 @@ Default SCCs are created during installation and when you install some Operators
 
 [IMPORTANT]
 ====
-Do not modify the default SCCs. Customizing the default SCCs can lead to issues when some of the platform pods deploy or 
+Do not modify the default SCCs. Customizing the default SCCs can lead to issues when some of the platform pods deploy or
 ifndef::openshift-rosa[]
-{product-title} 
+{product-title}
 endif::[]
 ifdef::openshift-rosa[]
-ROSA 
+ROSA
 endif::openshift-rosa[]
 is upgraded. Additionally, the default SCC values are reset to the defaults during some cluster upgrades, which discards all customizations to those SCCs.
 ifdef::openshift-origin,openshift-enterprise,openshift-webscale,openshift-dedicated,openshift-rosa[]
@@ -37,6 +37,9 @@ include::modules/security-context-constraints-about.adoc[leveloffset=+1]
 include::modules/security-context-constraints-pre-allocated-values.adoc[leveloffset=+1]
 include::modules/security-context-constraints-example.adoc[leveloffset=+1]
 include::modules/security-context-constraints-creating.adoc[leveloffset=+1]
+
+//  Configuring a workload to require a specific SCC
+include::modules/security-context-constraints-requiring.adoc[leveloffset=+1]
 include::modules/security-context-constraints-rbac.adoc[leveloffset=+1]
 include::modules/security-context-constraints-command-reference.adoc[leveloffset=+1]
 
@@ -44,12 +47,4 @@ include::modules/security-context-constraints-command-reference.adoc[leveloffset
 [id="additional-resources_configuring-internal-oauth"]
 == Additional resources
 
-ifndef::openshift-dedicated,openshift-rosa[]
-* xref:../support/getting-support.adoc#getting-support[Getting support]
-endif::[]
-ifdef::openshift-dedicated[]
-* xref:../osd_architecture/osd-support.adoc#osd-getting-support[Getting support]
-endif::[]
-ifdef::openshift-rosa[]
-* xref:../rosa_architecture/rosa-getting-support.adoc#rosa-getting-support[Getting support]
-endif::[]
+* xref:../support/getting-support.adoc#getting-support[Getting support]
\ No newline at end of file
diff --git a/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc b/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc
index 5a608835d7c3..f2ab1c4f1308 100644
--- a/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc
+++ b/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-cloud-credential-operator"]
 = About the Cloud Credential Operator
 include::_attributes/common-attributes.adoc[]
@@ -19,67 +19,73 @@ By setting different values for the `credentialsMode` parameter in the `install-
 
 * **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc#cco-mode-passthrough[Passthrough]**: In passthrough mode, the CCO passes the provided cloud credential to the components that request cloud credentials.
 
-* **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc#cco-mode-manual[Manual]**: In manual mode, a user manages cloud credentials instead of the CCO.
+* **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc#cco-mode-manual[Manual mode with long-term credentials for components]**: In manual mode, you can manage long-term cloud credentials instead of the CCO.
 
-** **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-mode-sts[Manual with AWS Security Token Service]**: In manual mode, you can configure an AWS cluster to use Amazon Web Services Security Token Service (AWS STS). With this configuration, the CCO uses temporary credentials for different components.
-
-** **xref:../../authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc#cco-mode-gcp-workload-identity[Manual with GCP Workload Identity]**: In manual mode, you can configure a GCP cluster to use GCP Workload Identity. With this configuration, the CCO uses temporary credentials for different components.
+* **xref:../../authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc#cco-short-term-creds[Manual mode with short-term credentials for components]**: For some providers, you can use the CCO utility (`ccoctl`) during installation to implement short-term credentials for individual components. These credentials are created and managed outside the {product-title} cluster.
 
 .CCO mode support matrix
-[cols="<.^2,^.^1,^.^1,^.^1"]
+[cols="<.^2,^.^1,^.^1,^.^1,^.^1"]
 |====
-|Cloud provider |Mint |Passthrough |Manual
+|Cloud provider |Mint |Passthrough |Manual with long-term credentials |Manual with short-term credentials
 
 |{alibaba}
 |
 |
-|X
+|X ^[1]^
+|
 
 |Amazon Web Services (AWS)
 |X
 |X
 |X
+|X
 
+|Global Microsoft Azure
+|
+|X
+|X
+|X
 
-|Microsoft Azure
+|Microsoft Azure Stack Hub
+|
 |
-|X ^[1]^
 |X
+|
 
 |Google Cloud Platform (GCP)
 |X
 |X
 |X
+|X
 
-|IBM Cloud
+|{ibm-cloud-name}
 |
 |
-|X
+|X ^[1]^
+|
 
 |Nutanix
 |
 |
-|X
+|X ^[1]^
+|
 
 |{rh-openstack-first}
 |
 |X
 |
-
-|{rh-virtualization-first}
-|
-|X
 |
 
 |VMware vSphere
 |
 |X
 |
+|
 
 |====
 [.small]
 --
-1. Manual mode is the only supported CCO configuration for Microsoft Azure Stack Hub.
+1. This platform uses the `ccoctl` utility during installation to configure long-term credentials.
 --
 
 [id="cco-determine-mode_{context}"]
@@ -88,7 +94,7 @@ By setting different values for the `credentialsMode` parameter in the `install-
 For platforms that support using the CCO in multiple modes, you can determine what mode the CCO is configured to use by using the web console or the CLI.
 
 .Determining the CCO configuration
-image::334_OpenShift_cluster_updating_and_CCO_workflows_0523_4.11_A.png[Decision tree showing how to determine the configured CCO credentials mode for your cluster.]
+image::334_OpenShift_cluster_updating_and_CCO_workflows_0923_4.11_A.png[Decision tree showing how to determine the configured CCO credentials mode for your cluster.]
 
 //Determining the Cloud Credential Operator mode by using the web console
 include::modules/cco-determine-mode-gui.adoc[leveloffset=+2]
@@ -102,11 +108,11 @@ For platforms on which multiple modes are supported (AWS, Azure, and GCP), when
 
 By default, the CCO determines whether the credentials are sufficient for mint mode, which is the preferred mode of operation, and uses those credentials to create appropriate credentials for components in the cluster. If the credentials are not sufficient for mint mode, it determines whether they are sufficient for passthrough mode. If the credentials are not sufficient for passthrough mode, the CCO cannot adequately process `CredentialsRequest` CRs.
 
-If the provided credentials are determined to be insufficient during installation, the installation fails. For AWS, the installer fails early in the process and indicates which required permissions are missing. Other providers might not provide specific information about the cause of the error until errors are encountered.
+If the provided credentials are determined to be insufficient during installation, the installation fails. For AWS, the installation program fails early in the process and indicates which required permissions are missing. Other providers might not provide specific information about the cause of the error until errors are encountered.
 
 If the credentials are changed after a successful installation and the CCO determines that the new credentials are insufficient, the CCO puts conditions on any new `CredentialsRequest` CRs to indicate that it cannot process them because of the insufficient credentials.
 
-To resolve insufficient credentials issues, provide a credential with sufficient permissions. If an error occurred during installation, try installing again. For issues with new `CredentialsRequest` CRs, wait for the CCO to try to process the CR again. As an alternative, you can manually create IAM for xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], and xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
+To resolve insufficient credentials issues, provide a credential with sufficient permissions. If an error occurred during installation, try installing again. For issues with new `CredentialsRequest` CRs, wait for the CCO to try to process the CR again. As an alternative, you can configure your cluster to use a different CCO mode that is supported for your cloud provider.
 
 [role="_additional-resources"]
 [id="additional-resources_about-cloud-credential-operator_{context}"]
diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc b/authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc
index 5b403c38979a..20e42f123603 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc
+++ b/authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc
@@ -1,48 +1,36 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cco-mode-manual"]
-= Using manual mode
+= Manual mode with long-term credentials for components
 include::_attributes/common-attributes.adoc[]
 :context: cco-mode-manual
 
 toc::[]
 
-Manual mode is supported for Alibaba Cloud, Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, and Google Cloud Platform (GCP).
+Manual mode is supported for Alibaba Cloud, Amazon Web Services (AWS), global Microsoft Azure, Microsoft Azure Stack Hub, Google Cloud Platform (GCP), {ibm-cloud-name}, and Nutanix.
 
-In manual mode, a user manages cloud credentials instead of the Cloud Credential Operator (CCO). To use this mode, you must examine the `CredentialsRequest` CRs in the release image for the version of {product-title} that you are running or installing, create corresponding credentials in the underlying cloud provider, and create Kubernetes Secrets in the correct namespaces to satisfy all `CredentialsRequest` CRs for the cluster's cloud provider.
+[id="manual-mode-classic_{context}"]
+== User-managed credentials
 
-Using manual mode allows each cluster component to have only the permissions it requires, without storing an administrator-level credential in the cluster. This mode also does not require connectivity to the AWS public IAM endpoint. However, you must manually reconcile permissions with new release images for every upgrade.
+In manual mode, a user manages cloud credentials instead of the Cloud Credential Operator (CCO). To use this mode, you must examine the `CredentialsRequest` CRs in the release image for the version of {product-title} that you are running or installing, create corresponding credentials in the underlying cloud provider, and create Kubernetes Secrets in the correct namespaces to satisfy all `CredentialsRequest` CRs for the cluster's cloud provider. Some platforms use the CCO utility (`ccoctl`) to facilitate this process during installation and updates.
 
-For information about configuring your cloud provider to use manual mode, see the manual credentials management options for your cloud provider:
+Using manual mode with long-term credentials allows each cluster component to have only the permissions it requires, without storing an administrator-level credential in the cluster. This mode also does not require connectivity to services such as the AWS public IAM endpoint. However, you must manually reconcile permissions with new release images for every upgrade.
 
-* xref:../../installing/installing_alibaba/manually-creating-alibaba-ram.adoc#manually-creating-alibaba-ram[Manually creating RAM resources for Alibaba Cloud]
-* xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS]
-* xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure]
-* xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[Manually creating IAM for GCP]
-* xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud]
-* xref:../../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#manually-create-iam-nutanix_installing-nutanix-installer-provisioned[Configuring IAM for Nutanix]
-
-[id="manual-mode-sts-blurb"]
-== Manual mode with cloud credentials created and managed outside of the cluster
-
-An AWS or GCP cluster that uses manual mode might be configured to create and manage cloud credentials from outside of the cluster using the AWS Security Token Service (STS) or GCP Workload Identity. With this configuration, the CCO uses temporary credentials for different components.
-
-For more information, see xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service] or xref:../../authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc#cco-mode-gcp-workload-identity[Using manual mode with GCP Workload Identity].
-
-//Updating cloud provider resources with manually maintained credentials
-include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
+For information about configuring your cloud provider to use manual mode, see the manual credentials management options for your cloud provider.
 
-//Indicating that the cluster is ready to upgrade
-include::modules/cco-manual-upgrade-annotation.adoc[leveloffset=+2]
+[NOTE]
+====
+An AWS, global Azure, or GCP cluster that uses manual mode might be configured to use short-term credentials for different components. For more information, see xref:../../authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc#cco-short-term-creds[Manual mode with short-term credentials for components].
+====
 
 [role="_additional-resources"]
 [id="additional-resources_cco-mode-manual"]
 == Additional resources
 
 * xref:../../installing/installing_alibaba/manually-creating-alibaba-ram.adoc#manually-creating-alibaba-ram[Manually creating RAM resources for Alibaba Cloud]
-* xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS]
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service]
-* xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure]
-* xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[Manually creating IAM for GCP]
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc#cco-mode-gcp-workload-identity[Using manual mode with GCP Workload Identity]
-* xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
+* xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials for Azure]
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP]
+* xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}]
 * xref:../../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#manually-create-iam-nutanix_installing-nutanix-installer-provisioned[Configuring IAM for Nutanix]
+* xref:../../authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc#cco-short-term-creds[Manual mode with short-term credentials for components]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
\ No newline at end of file
diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc b/authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc
index fd756d2e74d6..8b8486703abe 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc
+++ b/authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc
@@ -1,27 +1,34 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cco-mode-mint"]
-= Using mint mode
+= The Cloud Credential Operator in mint mode
 include::_attributes/common-attributes.adoc[]
 :context: cco-mode-mint
 
 toc::[]
 
-Mint mode is supported for Amazon Web Services (AWS) and Google Cloud Platform (GCP).
+Mint mode is the default Cloud Credential Operator (CCO) credentials mode for {product-title} on platforms that support it. Mint mode supports Amazon Web Services (AWS) and Google Cloud Platform (GCP) clusters.
 
-Mint mode is the default mode on the platforms for which it is supported. In this mode, the Cloud Credential Operator (CCO) uses the provided administrator-level cloud credential to create new credentials for components in the cluster with only the specific permissions that are required.
+[id="mint-mode-about"]
+== Mint mode credentials management
 
-If the credential is not removed after installation, it is stored and used by the CCO to process `CredentialsRequest` CRs for components in the cluster and create new credentials for each with only the specific permissions that are required. The continuous reconciliation of cloud credentials in mint mode allows actions that require additional credentials or permissions, such as upgrading, to proceed.
+For clusters that use the CCO in mint mode, the administrator-level credential is stored in the `kube-system` namespace. The CCO uses the `admin` credential to process the `CredentialsRequest` objects in the cluster and create users for components with limited permissions.
 
-Mint mode stores the administrator-level credential in the cluster `kube-system` namespace. If this approach does not meet the security requirements of your organization, see _Alternatives to storing administrator-level secrets in the kube-system project_ for xref:../../installing/installing_aws/manually-creating-iam.adoc#alternatives-to-storing-admin-secrets-in-kube-system_manually-creating-iam-aws[AWS] or xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#alternatives-to-storing-admin-secrets-in-kube-system_manually-creating-iam-gcp[GCP].
+With mint mode, each cluster component has only the specific permissions it requires. The automatic, continuous reconciliation of cloud credentials in mint mode allows actions that require additional credentials or permissions, such as upgrading, to proceed.
+
+[NOTE]
+====
+By default, mint mode requires storing the `admin` credential in the cluster `kube-system` namespace. If this approach does not meet the security requirements of your organization, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove the credential after installing the cluster].
+====
 
 [id="mint-mode-permissions"]
-== Mint mode permissions requirements
+=== Mint mode permissions requirements
 When using the CCO in mint mode, ensure that the credential you provide meets the requirements of the cloud on which you are running or installing {product-title}. If the provided credentials are not sufficient for mint mode, the CCO cannot create an IAM user.
 
-[id="mint-mode-permissions-aws"]
-=== Amazon Web Services (AWS) permissions
-The credential you provide for mint mode in AWS must have the following permissions:
+The credential you provide for mint mode in Amazon Web Services (AWS) must have the following permissions:
 
+.Required AWS permissions
+[%collapsible]
+====
 * `iam:CreateAccessKey`
 * `iam:CreateUser`
 * `iam:DeleteAccessKey`
@@ -33,37 +40,36 @@ The credential you provide for mint mode in AWS must have the following permissi
 * `iam:PutUserPolicy`
 * `iam:TagUser`
 * `iam:SimulatePrincipalPolicy`
+====
 
-[id="mint-mode-permissions-gcp"]
-=== Google Cloud Platform (GCP) permissions
-The credential you provide for mint mode in GCP must have the following permissions:
+The credential you provide for mint mode in Google Cloud Platform (GCP) must have the following permissions:
 
+.Required GCP permissions
+[%collapsible]
+====
 * `resourcemanager.projects.get`
 * `serviceusage.services.list`
 * `iam.serviceAccountKeys.create`
 * `iam.serviceAccountKeys.delete`
+* `iam.serviceAccountKeys.list`
 * `iam.serviceAccounts.create`
 * `iam.serviceAccounts.delete`
 * `iam.serviceAccounts.get`
+* `iam.roles.create`
 * `iam.roles.get`
+* `iam.roles.list`
+* `iam.roles.undelete`
+* `iam.roles.update`
 * `resourcemanager.projects.getIamPolicy`
 * `resourcemanager.projects.setIamPolicy`
+====
 
 //Admin credentials root secret format
-include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
-
-//Mint Mode with removal or rotation of the admin credential
-include::modules/mint-mode-with-removal-of-admin-credential.adoc[leveloffset=+1]
+include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+2]
 
 //Rotating cloud provider credentials manually
-include::modules/manually-rotating-cloud-creds.adoc[leveloffset=+2]
-
-//Removing cloud provider credentials
-include::modules/manually-removing-cloud-creds.adoc[leveloffset=+2]
-
+include::modules/manually-rotating-cloud-creds.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 == Additional resources
-
-* xref:../../installing/installing_aws/manually-creating-iam.adoc#alternatives-to-storing-admin-secrets-in-kube-system_manually-creating-iam-aws[Alternatives to storing administrator-level secrets in the kube-system project] for AWS
-* xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#alternatives-to-storing-admin-secrets-in-kube-system_manually-creating-iam-gcp[Alternatives to storing administrator-level secrets in the kube-system project] for GCP
+* xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[Removing cloud provider credentials]
\ No newline at end of file
diff --git a/authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc b/authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc
index f0d19bfa73d4..c8302db17af6 100644
--- a/authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc
+++ b/authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cco-mode-passthrough"]
-= Using passthrough mode
+= The Cloud Credential Operator in passthrough mode
 include::_attributes/common-attributes.adoc[]
 :context: cco-mode-passthrough
 
 toc::[]
 
-Passthrough mode is supported for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), {rh-openstack-first}, {rh-virtualization-first}, and VMware vSphere.
+Passthrough mode is supported for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), {rh-openstack-first}, and VMware vSphere.
 
 In passthrough mode, the Cloud Credential Operator (CCO) passes the provided cloud credential to the components that request cloud credentials. The credential must have permissions to perform the installation and complete the operations that are required by components in the cluster, but does not need to be able to create new credentials. The CCO does not attempt to create additional limited-scoped credentials in passthrough mode.
 
@@ -23,35 +23,24 @@ When using the CCO in passthrough mode, ensure that the credential you provide m
 === Amazon Web Services (AWS) permissions
 The credential you provide for passthrough mode in AWS must have all the requested permissions for all `CredentialsRequest` CRs that are required by the version of {product-title} you are running or installing.
 
-To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS].
+To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS].
 
 [id="passthrough-mode-permissions-azure"]
 === Microsoft Azure permissions
 The credential you provide for passthrough mode in Azure must have all the requested permissions for all `CredentialsRequest` CRs that are required by the version of {product-title} you are running or installing.
 
-To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure].
+To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials for Azure].
 
 [id="passthrough-mode-permissions-gcp"]
 === Google Cloud Platform (GCP) permissions
 The credential you provide for passthrough mode in GCP must have all the requested permissions for all `CredentialsRequest` CRs that are required by the version of {product-title} you are running or installing.
 
-To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[Manually creating IAM for GCP].
+To locate the `CredentialsRequest` CRs that are required, see xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP].
 
 [id="passthrough-mode-permissions-rhosp"]
 === {rh-openstack-first} permissions
 To install an {product-title} cluster on {rh-openstack}, the CCO requires a credential with the permissions of a `member` user role.
 
-[id="passthrough-mode-permissions-rhv"]
-=== {rh-virtualization-first} permissions
-To install an {product-title} cluster on {rh-virtualization}, the CCO requires a credential with the following privileges:
-
-* `DiskOperator`
-* `DiskCreator`
-* `UserTemplateBasedVm`
-* `TemplateOwner`
-* `TemplateCreator`
-* `ClusterAdmin` on the specific cluster that is targeted for {product-title} deployment
-
 [id="passthrough-mode-permissions-vsware"]
 === VMware vSphere permissions
 To install an {product-title} cluster on VMware vSphere, the CCO requires a credential with the following vSphere privileges:
@@ -92,7 +81,7 @@ include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
 
 [id="passthrough-mode-maintenance"]
 == Passthrough mode credential maintenance
-If `CredentialsRequest` CRs change over time as the cluster is upgraded, you must manually update the passthrough mode credential to meet the requirements. To avoid credentials issues during an upgrade, check the `CredentialsRequest` CRs in the release image for the new version of {product-title} before upgrading. To locate the `CredentialsRequest` CRs that are required for your cloud provider, see _Manually creating IAM_ for xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], or xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
+If `CredentialsRequest` CRs change over time as the cluster is upgraded, you must manually update the passthrough mode credential to meet the requirements. To avoid credentials issues during an upgrade, check the `CredentialsRequest` CRs in the release image for the new version of {product-title} before upgrading. To locate the `CredentialsRequest` CRs that are required for your cloud provider, see _Manually creating long-term credentials_ for xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[AWS], xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Azure], or xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[GCP].
 
 //Rotating cloud provider credentials manually
 include::modules/manually-rotating-cloud-creds.adoc[leveloffset=+2]
@@ -107,11 +96,11 @@ When using passthrough mode, each component has the same permissions used by all
 
 After installation, you can reduce the permissions on your credential to only those that are required to run the cluster, as defined by the `CredentialsRequest` CRs in the release image for the version of {product-title} that you are using.
 
-To locate the `CredentialsRequest` CRs that are required for AWS, Azure, or GCP and learn how to change the permissions the CCO uses, see _Manually creating IAM_ for xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], or xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
+To locate the `CredentialsRequest` CRs that are required for AWS, Azure, or GCP and learn how to change the permissions the CCO uses, see _Manually creating long-term credentials_ for xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[AWS], xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Azure], or xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[GCP].
 
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS]
-* xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure]
-* xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[Manually creating IAM for GCP]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
+* xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials for Azure]
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP]
diff --git a/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc b/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
new file mode 100644
index 000000000000..0b9f184277a1
--- /dev/null
+++ b/authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
@@ -0,0 +1,113 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cco-short-term-creds"]
+= Manual mode with short-term credentials for components
+include::_attributes/common-attributes.adoc[]
+:context: cco-short-term-creds
+
+toc::[]
+
+During installation, you can configure the Cloud Credential Operator (CCO) to operate in manual mode and use the CCO utility (`ccoctl`) to implement short-term security credentials for individual components that are created and managed outside the {product-title} cluster.
+
+[NOTE]
+====
+This credentials strategy is supported for Amazon Web Services (AWS), Google Cloud Platform (GCP), and global Microsoft Azure only. The strategy must be configured during installation of a new {product-title} cluster. You cannot configure an existing cluster that uses a different credentials strategy to use this feature.
+====
+
+//todo: Should provide some more info about the benefits of this here as well. Note: Azure is not yet limited-priv, but still gets the benefit of not storing root creds on the cluster and some sort of time-based rotation
+
+Cloud providers use different terms for their implementation of this authentication method.
+
+.Short-term credentials provider terminology
+|====
+|Cloud provider |Provider nomenclature
+
+|Amazon Web Services (AWS)
+|AWS Security Token Service (STS)
+
+|Google Cloud Platform (GCP)
+|GCP Workload Identity
+
+|Global Microsoft Azure
+|Azure AD Workload Identity
+
+|====
+
+[id="cco-short-term-creds-aws_{context}"]
+== AWS Security Token Service
+
+In manual mode with STS, the individual {product-title} cluster components use the AWS Security Token Service (STS) to assign components IAM roles that provide short-term, limited-privilege security credentials. These credentials are associated with IAM roles that are specific to each component that makes AWS API calls.
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials]
+
+//AWS Security Token Service authentication process
+include::modules/cco-short-term-creds-auth-flow-aws.adoc[leveloffset=+2]
+
+//AWS component secret formats
+include::modules/cco-short-term-creds-format-aws.adoc[leveloffset=+2]
+
+//AWS component secret permissions requirements
+include::modules/cco-short-term-creds-component-permissions-aws.adoc[leveloffset=+2]
+
+//OLM-managed Operator support for authentication with AWS STS
+include::modules/cco-short-term-creds-aws-olm.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/operator_sdk/osdk-token-auth.adoc#osdk-cco-aws-sts_osdk-token-auth[CCO-based workflow for OLM-managed Operators with AWS STS]
+
+[id="cco-short-term-creds-gcp_{context}"]
+== GCP Workload Identity
+
+In manual mode with GCP Workload Identity, the individual {product-title} cluster components use the GCP workload identity provider to allow components to impersonate GCP service accounts using short-term, limited-privilege credentials.
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-customizations[Configuring a GCP cluster to use short-term credentials]
+
+//GCP Workload Identity authentication process
+include::modules/cco-short-term-creds-auth-flow-gcp.adoc[leveloffset=+2]
+
+//GCP component secret formats
+include::modules/cco-short-term-creds-format-gcp.adoc[leveloffset=+2]
+
+//GCP component secret permissions requirements (placeholder)
+//include::modules/cco-short-term-creds-component-permissions-gcp.adoc[leveloffset=+2]
+
+[id="cco-short-term-creds-azure_{context}"]
+== Azure AD Workload Identity
+
+In manual mode with Azure AD Workload Identity, the individual {product-title} cluster components use the Azure AD workload identity provider to assign components short-term security credentials.
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-with-short-term-creds_installing-azure-customizations[Configuring a global Microsoft Azure cluster to use short-term credentials]
+
+//Azure AD Workload Identity authentication process
+include::modules/cco-short-term-creds-auth-flow-azure.adoc[leveloffset=+2]
+
+//Azure component secret formats
+include::modules/cco-short-term-creds-format-azure.adoc[leveloffset=+2]
+
+//Azure component secret permissions requirements
+include::modules/cco-short-term-creds-component-permissions-azure.adoc[leveloffset=+2]
+
+//OLM-managed Operator support for authentication with Azure AD Workload Identity
+include::modules/cco-short-term-creds-azure-olm.adoc[leveloffset=+2]
+
+////
+// Azure will need a link off to OLM docs like AWS when ready.
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/operator_sdk/osdk-token-auth.adoc#osdk-cco-aws-sts_osdk-token-auth[CCO-based workflow for OLM-managed Operators with AWS STS]
+////
+
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials]
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-customizations[Configuring a GCP cluster to use short-term credentials]
+* xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-with-short-term-creds_installing-azure-customizations[Configuring a global Microsoft Azure cluster to use short-term credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
\ No newline at end of file
diff --git a/osd_cluster_admin/osd-admin-roles.adoc b/authentication/osd-admin-roles.adoc
similarity index 90%
rename from osd_cluster_admin/osd-admin-roles.adoc
rename to authentication/osd-admin-roles.adoc
index 12184ce21acb..f600adf8ea16 100644
--- a/osd_cluster_admin/osd-admin-roles.adoc
+++ b/authentication/osd-admin-roles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-admin-roles"]
 = Managing administration roles and users
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/authentication/remove-kubeadmin.adoc b/authentication/remove-kubeadmin.adoc
index 7557e91e4820..19addc10ca9d 100644
--- a/authentication/remove-kubeadmin.adoc
+++ b/authentication/remove-kubeadmin.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-kubeadmin"]
 = Removing the kubeadmin user
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/sd-configuring-identity-providers.adoc b/authentication/sd-configuring-identity-providers.adoc
new file mode 100644
index 000000000000..1a55e98fd52e
--- /dev/null
+++ b/authentication/sd-configuring-identity-providers.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="sd-configuring-identity-providers"]
+= Configuring identity providers
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: sd-configuring-identity-providers
+
+toc::[]
+
+After your {product-title} cluster is created, you must configure identity providers to determine how users log in to access the cluster.
+
+ifdef::openshift-rosa[]
+The following topics describe how to configure an identity provider using {cluster-manager} console. Alternatively, you can use the ROSA CLI (`rosa`) to configure an identity provider and access the cluster.
+endif::openshift-rosa[]
+
+include::modules/understanding-idp.adoc[leveloffset=+1]
+include::modules/identity-provider-parameters.adoc[leveloffset=+2]
+include::modules/config-github-idp.adoc[leveloffset=+1]
+include::modules/config-gitlab-idp.adoc[leveloffset=+1]
+include::modules/config-google-idp.adoc[leveloffset=+1]
+include::modules/config-ldap-idp.adoc[leveloffset=+1]
+include::modules/config-openid-idp.adoc[leveloffset=+1]
+include::modules/config-htpasswd-idp.adoc[leveloffset=+1]
+ifdef::openshift-dedicated[]
+include::modules/access-cluster.adoc[leveloffset=+1]
+endif::openshift-dedicated[]
+
+ifdef::openshift-rosa[]
+[id="additional-resources-cluster-access-sts"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a cluster]
+* xref:../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-understanding-the-deployment-workflow[Understanding the ROSA with STS deployment workflow]
+endif::openshift-rosa[]
diff --git a/authentication/tokens-scoping.adoc b/authentication/tokens-scoping.adoc
index 126481d224da..291b44877b99 100644
--- a/authentication/tokens-scoping.adoc
+++ b/authentication/tokens-scoping.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tokens-scoping"]
 = Scoping tokens
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/understanding-and-creating-service-accounts.adoc b/authentication/understanding-and-creating-service-accounts.adoc
index 86fb149c7c2e..ed1854708470 100644
--- a/authentication/understanding-and-creating-service-accounts.adoc
+++ b/authentication/understanding-and-creating-service-accounts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-and-creating-service-accounts"]
 = Understanding and creating service accounts
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/understanding-and-managing-pod-security-admission.adoc b/authentication/understanding-and-managing-pod-security-admission.adoc
index 4bf7dcd953c2..a64a065175bc 100644
--- a/authentication/understanding-and-managing-pod-security-admission.adoc
+++ b/authentication/understanding-and-managing-pod-security-admission.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-and-managing-pod-security-admission"]
 = Understanding and managing pod security admission
 include::_attributes/common-attributes.adoc[]
@@ -8,17 +8,33 @@ toc::[]
 
 Pod security admission is an implementation of the link:https://kubernetes.io/docs/concepts/security/pod-security-standards/[Kubernetes pod security standards]. Use pod security admission to restrict the behavior of pods.
 
-// Security context constraint synchronization with pod security standards
+// About pod security admission
+include::modules/security-context-constraints-psa-about.adoc[leveloffset=+1]
+
+// About pod security admission synchronization
 include::modules/security-context-constraints-psa-synchronization.adoc[leveloffset=+1]
 
+// Pod security admission synchronization namespace exclusions
+include::modules/security-context-constraints-psa-sync-exclusions.adoc[leveloffset=+2]
+
 // Controlling pod security admission synchronization
 include::modules/security-context-constraints-psa-opting.adoc[leveloffset=+1]
 
+.Additional resources
+
+* xref:../authentication/understanding-and-managing-pod-security-admission.adoc#security-context-constraints-psa-sync-exclusions_understanding-and-managing-pod-security-admission[Pod security admission synchronization namespace exclusions]
+
+// Configuring pod security admission for a namespace
+include::modules/security-context-constraints-psa-label.adoc[leveloffset=+1]
+
 // About pod security admission alerts
 include::modules/security-context-constraints-psa-rectifying.adoc[leveloffset=+1]
 
+// OSD and ROSA dedicated-admin users cannot use the must-gather tool.
+ifndef::openshift-dedicated,openshift-rosa[]
 // Identifying pod security violations
 include::modules/security-context-constraints-psa-alert-eval.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 
 [role="_additional-resources"]
 [id="additional-resources_managing-pod-security-admission"]
diff --git a/authentication/understanding-authentication.adoc b/authentication/understanding-authentication.adoc
index 6f438338cc28..975a771f0169 100644
--- a/authentication/understanding-authentication.adoc
+++ b/authentication/understanding-authentication.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-authentication"]
 = Understanding authentication
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/understanding-identity-provider.adoc b/authentication/understanding-identity-provider.adoc
index 1c3ee54695a3..018ae85bc88e 100644
--- a/authentication/understanding-identity-provider.adoc
+++ b/authentication/understanding-identity-provider.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-identity-provider"]
 = Understanding identity provider configuration
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/using-rbac.adoc b/authentication/using-rbac.adoc
index 83d9ee01c65d..3f3145986574 100644
--- a/authentication/using-rbac.adoc
+++ b/authentication/using-rbac.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-rbac"]
 = Using RBAC to define and apply permissions
 include::_attributes/common-attributes.adoc[]
@@ -18,16 +18,27 @@ include::modules/rbac-viewing-local-roles.adoc[leveloffset=+1]
 
 include::modules/rbac-adding-roles.adoc[leveloffset=+1]
 
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 include::modules/rbac-creating-local-role.adoc[leveloffset=+1]
 
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 include::modules/rbac-creating-cluster-role.adoc[leveloffset=+1]
 endif::[]
 
 include::modules/rbac-local-role-binding-commands.adoc[leveloffset=+1]
 
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 include::modules/rbac-cluster-role-binding-commands.adoc[leveloffset=+1]
+endif::[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/rbac-creating-cluster-admin.adoc[leveloffset=+1]
-endif::[]
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-rosa[]
+include::modules/rosa-create-cluster-admins.adoc[leveloffset=+1]
+include::modules/rosa-create-dedicated-cluster-admins.adoc[leveloffset=+1]
+endif::openshift-rosa[]
+
+ifdef::openshift-dedicated[]
+include::modules/osd-grant-admin-privileges.adoc[leveloffset=+1]
+endif::openshift-dedicated[]
diff --git a/authentication/using-service-accounts-as-oauth-client.adoc b/authentication/using-service-accounts-as-oauth-client.adoc
index e6f0834fd958..c8fadd1ca416 100644
--- a/authentication/using-service-accounts-as-oauth-client.adoc
+++ b/authentication/using-service-accounts-as-oauth-client.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-service-accounts-as-oauth-client"]
 = Using a service account as an OAuth client
 include::_attributes/common-attributes.adoc[]
diff --git a/authentication/using-service-accounts-in-applications.adoc b/authentication/using-service-accounts-in-applications.adoc
index 73527664f998..153777c25491 100644
--- a/authentication/using-service-accounts-in-applications.adoc
+++ b/authentication/using-service-accounts-in-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-service-accounts"]
 = Using service accounts in applications
 include::_attributes/common-attributes.adoc[]
@@ -10,13 +10,13 @@ include::modules/service-accounts-overview.adoc[leveloffset=+1]
 
 include::modules/service-accounts-default.adoc[leveloffset=+1]
 
-// remove these links for 4.12+
+include::modules/service-account-auto-secret-removed.adoc[leveloffset=+2]
 
 .Additional resources
 
-* For information about requesting bound service account tokens, see xref:../authentication/bound-service-account-tokens.html#bound-sa-tokens-configuring_bound-service-account-tokens[Configuring bound service account tokens using volume projection]
+* For information about requesting bound service account tokens, see xref:../authentication/bound-service-account-tokens.adoc#bound-sa-tokens-configuring_bound-service-account-tokens[Configuring bound service account tokens using volume projection].
 
-* For information about creating a service account token secret, see xref:../nodes/pods/nodes-pods-secrets.html#nodes-pods-secrets-creating-sa_nodes-pods-secrets[Creating a service account token secret].
+* For information about creating a service account token secret, see xref:../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets-creating-sa_nodes-pods-secrets[Creating a service account token secret].
 
 include::modules/service-accounts-creating.adoc[leveloffset=+1]
 
diff --git a/autopreview.sh b/autopreview.sh
index 724e19385b24..428c712821f4 100755
--- a/autopreview.sh
+++ b/autopreview.sh
@@ -8,61 +8,69 @@ GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 
-USERNAME=${TRAVIS_PULL_REQUEST_SLUG::-15}
+# Check if it is a PR
+if [[ "$TRAVIS_PULL_REQUEST" == "false" ]]; then
+    echo -e "${YELLOW}❗🙅‍♀️ Not a Pull request. Skipping the preview.${NC}"
+    exit 0
+fi
 
-if [[ "$USERNAME" == "openshift-cherrypick-robot" ]]; then
+# Check if slug is empty
+if [[ -z "$TRAVIS_PULL_REQUEST_SLUG" ]]; then
+    echo -e "${YELLOW}🤖 Slug is empty this is a push build. Skipping the preview.${NC}"
+    exit 0
+fi
+
+# Check if the slug is "openshift-cherrypick-robot"
+if [[ "${TRAVIS_PULL_REQUEST_SLUG::-15}" == "openshift-cherrypick-robot" ]]; then
     echo -e "${YELLOW}🤖 PR by openshift-cherrypick-robot. Skipping the preview.${NC}"
     exit 0
 fi
 
-if [[ "$TRAVIS_PULL_REQUEST" ]]; then
-    # Check if modified files meet the conditions
-    COMMIT_HASH="$(git rev-parse @~)"
-    modified_files=$(git diff --name-only "$COMMIT_HASH")
-    send_request=false
+# Check if modified files meet the conditions
+COMMIT_HASH="$(git rev-parse @~)"
+modified_files=$(git diff --name-only "$COMMIT_HASH")
 
+should_send_request() {
     for file in $modified_files; do
-        if [[ $file == *.adoc || $file == "_topic_map.yml" || $file == "_distro_map.yml" ]]; then
-            send_request=true
-            break
+        if [[ $file == *.adoc || $file == "_topic_map.yml" || $file == "_distro_map.yml" || $file == "_topic_maps/"* ]]; then
+            return 0
         fi
     done
+    return 1
+}
 
-    if [ "$send_request" = true ]; then
-        # Build the JSON
-        json_data=$(
-            cat <<EOF
+if should_send_request; then
+    # Build the JSON
+    json_data=$(
+        cat <<EOF
 {
 "PR_BRANCH": "${TRAVIS_PULL_REQUEST_BRANCH}",
 "BASE_REPO": "${TRAVIS_REPO_SLUG}",
 "PR_NUMBER": "${TRAVIS_PULL_REQUEST}",
-"USER_NAME": "${USERNAME}",
+"USER_NAME": "${TRAVIS_PULL_REQUEST_SLUG::-15}",
 "BASE_REF": "${TRAVIS_BRANCH}",
 "REPO_NAME": "${TRAVIS_PULL_REQUEST_SLUG}",
 "SHA": "${TRAVIS_PULL_REQUEST_SHA}"
 }
 EOF
-        )
+    )
 
-        # Send the curl request
-        if response=$(curl -s -X POST -H "Content-Type: application/json" --data "$json_data" https://ocpdocs-preview-receiver.vercel.app/api/buildPreview); then
-            if echo "$response" | jq -e '.message == "Invalid data!"' >/dev/null; then
-                echo -e "${RED}❌😔 Curl request failed: Invalid data!${NC}"
-                echo -e "${YELLOW}$json_data${NC}"
-                exit 1
-            else
-                echo -e "${GREEN}✅🥳 $response${NC}"
-            fi
-        else
-            echo -e "${RED}❌😬 Curl request failed: $response${NC}"
+    # Send the curl request
+    if response=$(curl -s -X POST -H "Content-Type: application/json" --data "$json_data" https://ocpdocs-preview-receiver.vercel.app/api/buildPreview); then
+        if echo "$response" | jq -e '.message == "Invalid data!"' >/dev/null; then
+            echo -e "${RED}❌😔 Curl request failed: Invalid data!${NC}"
             echo -e "${YELLOW}$json_data${NC}"
             exit 1
+        else
+            echo -e "${GREEN}✅🥳 $response${NC}"
         fi
-
-        echo -e "${GREEN}🚀🎉 Request sent successfully!${NC}"
     else
-        echo -e "${YELLOW}⚠️🤔 No .adoc files, _topic_map.yml, or _distro_map.yml modified. Skipping the preview.${NC}"
+        echo -e "${RED}❌😬 Curl request failed: $response${NC}"
+        echo -e "${YELLOW}$json_data${NC}"
+        exit 1
     fi
+
+    echo -e "${GREEN}🚀🎉 Request sent successfully!${NC}"
 else
-    echo -e "${YELLOW}❗🙅‍♀️ Not a Pull request. Skipping the preview.${NC}"
-fi
+    echo -e "${YELLOW}⚠️🤔 No .adoc files, _topic_map.yml, or _distro_map.yml modified. Skipping the preview.${NC}"
+fi
\ No newline at end of file
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
index 64f83e388436..0d70f3b70b3a 100644
--- a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
@@ -1,129 +1,57 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="backing-up-applications"]
 = Backing up applications
 include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: backing-up-applications
 
 toc::[]
 
-You back up applications by creating a `Backup` custom resource (CR). See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-cr_backing-up-applications[Creating a Backup CR].
+You back up applications by creating a `Backup` custom resource (CR). See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc#oadp-creating-backup-cr-doc[Creating a Backup CR].
 
-The `Backup` CR creates backup files for Kubernetes resources and internal images, on S3 object storage, and snapshots for persistent volumes (PVs), if the cloud provider uses a native snapshot API or the Container Storage Interface (CSI) to create snapshots, such as {rh-storage} 4.
+* The `Backup` CR creates backup files for Kubernetes resources and internal images on S3 object storage.
+* If your cloud provider has a native snapshot API or supports CSI snapshots, the `Backup` CR backs up persistent volumes (PVs) by creating snapshots. For more information about working with CSI snapshots, see xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-pvs-csi-doc.adoc#oadp-backing-up-pvs-csi-doc[Backing up persistent volumes with CSI snapshots].
 
 For more information about CSI volume snapshots, see xref:../../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots[CSI volume snapshots].
 
-:FeatureName: The `CloudStorage` API for S3 storage
+:FeatureName: The `CloudStorage` API, which automates the creation of a bucket for object storage,
 include::snippets/technology-preview.adoc[]
 
-* If your cloud provider has a native snapshot API or supports CSI snapshots, the `Backup` CR backs up persistent volumes (PVs) by creating snapshots. For more information about working with CSI snapshots, see xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-pvs-csi_backing-up-applications[Backing up persistent volumes with CSI snapshots].
-
-* If your cloud provider does not support snapshots or if your applications are on NFS data volumes, you can create backups by using Restic. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Backing up applications with Restic].
-
-[IMPORTANT]
-====
-The {oadp-first} does not support backing up volume snapshots that were created by other software.
+[NOTE]
 ====
+The `CloudStorage` API is a Technology Preview feature when you use a `CloudStorage` object and want OADP to use the `CloudStorage` API to automatically create an S3 bucket for use as a `BackupStorageLocation`.
 
-You can create backup hooks to run commands before or after the backup operation. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-hooks_backing-up-applications[Creating backup hooks].
-
-You can schedule backups by creating a `Schedule` CR instead of a `Backup` CR. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-scheduling-backups_backing-up-applications[Scheduling backups].
-
-include::modules/oadp-creating-backup-cr.adoc[leveloffset=+1]
-include::modules/oadp-backing-up-pvs-csi.adoc[leveloffset=+1]
-include::modules/oadp-backing-up-applications-restic.adoc[leveloffset=+1]
-include::modules/oadp-using-data-mover-for-csi-snapshots.adoc[leveloffset=+1]
-
-[id="oadp-12-data-mover-ceph"]
-== Using OADP 1.2 Data Mover with Ceph storage
-
-You can use OADP 1.2 Data Mover to backup and restore application data for clusters that use CephFS, CephRBD, or both.
+The `CloudStorage` API supports manually creating a `BackupStorageLocation` object by specifying an existing S3 bucket. The `CloudStorage` API that creates an S3 bucket automatically is currently only enabled for AWS S3 storage.
+====
 
-OADP 1.2 Data Mover leverages Ceph features that support large-scale environments. One of these is the shallow copy method, which is available for {product-title} 4.12 and later. This feature supports backing up and restoring `StorageClass` and `AccessMode` resources other than what is found on the source persistent volume claim (PVC).
+* If your cloud provider does not support snapshots or if your applications are on NFS data volumes, you can create backups by using Kopia or Restic. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc#oadp-backing-up-applications-restic-doc[Backing up applications with File System Backup: Kopia or Restic].
 
 [IMPORTANT]
 ====
-The CephFS shallow copy feature is a back up feature. It is not part of restore operations.
+The {oadp-first} does not support backing up volume snapshots that were created by other software.
 ====
 
-include::modules/oadp-ceph-prerequisites.adoc[leveloffset=+2]
-
-[id="defining-crs-for-12-data-mover"]
-=== Defining custom resources for use with OADP 1.2 Data Mover
-
-When you install {rh-storage-first}, it automatically creates default CephFS and a CephRBD `StorageClass` and `VolumeSnapshotClass` custom resources (CRs). You must define these CRs for use with OpenShift API for Data Protection (OADP) 1.2 Data Mover.
-
-After you define the CRs, you must make several other changes to your environment before you can perform your back up and restore operations.
-
-include::modules/oadp-ceph-preparing-cephfs-crs.adoc[leveloffset=+2]
-include::modules/oadp-ceph-preparing-cephrbd-crs.adoc[leveloffset=+2]
-include::modules/oadp-ceph-preparing-crs-additional.adoc[leveloffset=+2]
-
-[id="oadp-ceph-back-up-restore-cephfs"]
-=== Backing up and restoring data using OADP 1.2 Data Mover and CephFS storage
-
-You can use OpenShift API for Data Protection (OADP) 1.2 Data Mover to back up and restore data using CephFS storage by enabling the shallow copy feature of CephFS.
-
-include::snippets/oadp-ceph-cr-prerequisites.adoc[]
+You can create backup hooks to run commands before or after the backup operation. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-hooks-doc.adoc#oadp-creating-backup-hooks-doc[Creating backup hooks].
 
-:context: !backing-up-applications
+You can schedule backups by creating a `Schedule` CR instead of a `Backup` CR. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc#oadp-scheduling-backups-doc[Scheduling backups using Schedule CR]].
 
-:context: cephfs
+// include::modules/oadp-creating-backup-cr.adoc[leveloffset=+1]
+// include::modules/oadp-backing-up-pvs-csi.adoc[leveloffset=+1]
+// include::modules/oadp-backing-up-applications-restic.adoc[leveloffset=+1]
 
-include::modules/oadp-ceph-cephfs-back-up-dba.adoc[leveloffset=+2]
-include::modules/oadp-ceph-cephfs-back-up.adoc[leveloffset=+2]
-include::modules/oadp-ceph-cephfs-restore.adoc[leveloffset=+2]
+[id="known-issues-backing-up-applications"]
+== Known issues
 
-[id="oadp-ceph-split"]
-=== Backing up and restoring data using OADP 1.2 Data Mover and split volumes (CephFS and Ceph RBD)
+{ocp} {product-version} enforces a pod security admission (PSA) policy that can hinder the readiness of pods during a Restic restore process. 
 
-You can use OpenShift API for Data Protection (OADP) 1.2 Data Mover to back up and restore data in an environment that has _split volumes_, that is, an environment that uses both CephFS and CephRBD.
+This issue has been resolved in the OADP 1.1.6 and OADP 1.2.2 releases, therefore it is recommended that users upgrade to these releases.
 
-include::snippets/oadp-ceph-cr-prerequisites.adoc[]
-
-:context: !cephfs
-
-:context: split
-
-include::modules/oadp-ceph-split-back-up-dba.adoc[leveloffset=+2]
-include::modules/oadp-ceph-cephfs-back-up.adoc[leveloffset=+2]
-include::modules/oadp-ceph-cephfs-restore.adoc[leveloffset=+2]
-
-:context: !split
-
-:context: backing-up-applications
-
-[id="oadp-cleaning-up-after-data-mover-1-1-backup"]
-== Cleaning up after a backup using OADP 1.1 Data Mover
-
-For OADP 1.1 Data Mover, you must perform a data cleanup after you perform a backup.
-
-The cleanup consists of deleting the following resources:
-
-* Snapshots in a bucket
-* Cluster resources
-* Volume snapshot backups (VSBs) after a backup procedure that is either run by a schedule or is run repetitively
-
-include::modules/oadp-cleaning-up-after-data-mover-snapshots.adoc[leveloffset=+2]
-
-[id="deleting-cluster-resources"]
-=== Deleting cluster resources
-
-OADP 1.1 Data Mover might leave cluster resources whether or not it successfully backs up your container storage interface (CSI) volume snapshots to a remote object store.
-
-include::modules/oadp-deleting-cluster-resources-following-success.adoc[leveloffset=+3]
-include::modules/oadp-deleting-cluster-resources-following-failure.adoc[leveloffset=+3]
-
-include::modules/oadp-vsb-cleanup-after-scheduler.adoc[leveloffset=+2]
+For more information, see xref:../../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#oadp-restic-restore-failing-psa-policy_oadp-troubleshooting[Restic restore partially failing on OCP 4.15 due to changed PSA policy].
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-operators-from-operatorhub_olm-adding-operators-to-a-cluster[Installing Operators on clusters for administrators]
 * xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Installing Operators in namespaces for non-administrators]
 
-include::modules/oadp-creating-backup-hooks.adoc[leveloffset=+1]
-include::modules/oadp-scheduling-backups.adoc[leveloffset=+1]
-include::modules/oadp-deleting-backups.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
-* xref:../../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#velero-obtaining-by-downloading_oadp-troubleshooting[Downloading the Velero CLI tool]
+
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-about-kopia.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-about-kopia.adoc
new file mode 100644
index 000000000000..61b3e0947f5b
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-about-kopia.adoc
@@ -0,0 +1,43 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-about-kopia"]
+= About Kopia
+include::_attributes/common-attributes.adoc[]
+:context: oadp-about-kopia
+
+toc::[]
+
+Kopia is a fast and secure open-source backup and restore tool that allows you to create encrypted snapshots of your data and save the snapshots to remote or cloud storage of your choice.
+
+Kopia supports network and local storage locations, and many cloud or remote storage locations, including:
+
+* Amazon S3 and any cloud storage that is compatible with S3
+* Azure Blob Storage
+* Google Cloud Storage platform
+
+Kopia uses content-addressable storage for snapshots:
+
+* Snapshots are always incremental; data that is already included in previous snapshots is not re-uploaded to the repository. A file is only uploaded to the repository again if it is modified.
+* Stored data is deduplicated; if multiple copies of the same file exist, only one of them is stored.
+* If files are moved or renamed, Kopia can recognize that they have the same content and does not upload them again.
+
+
+[id="oadp-kopia-integration"]
+== OADP integration with Kopia
+
+OADP 1.3 supports Kopia as the backup mechanism for pod volume backup in addition to Restic. You must choose one or the other at installation by setting the `uploaderType` field in the `DataProtectionApplication` custom resource (CR). The possible values are `restic` or `kopia`. If you do not specify an  `uploaderType`, OADP 1.3 defaults to using Kopia as the backup mechanism. The data is written to and read from a unified repository.
+
+The following example shows a `DataProtectionApplication` CR configured for using Kopia:
+
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: dpa-sample
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: kopia
+# ...
+----
\ No newline at end of file
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc
new file mode 100644
index 000000000000..8451f1d4fddf
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc
@@ -0,0 +1,63 @@
+
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-backing-up-applications-restic-doc"]
+= Backing up applications with File System Backup: Kopia or Restic
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+You can use OADP to back up and restore Kubernetes volumes attached to pods from the file system of the volumes. This process is called File System Backup (FSB) or Pod Volume Backup (PVB). It is accomplished by using modules from the open source backup tools Restic or Kopia.
+
+If your cloud provider does not support snapshots or if your applications are on NFS data volumes, you can create backups by using FSB.
+
+[NOTE]
+====
+link:https://restic.net/[Restic] is installed by the OADP Operator by default. If you prefer, you can install link:https://kopia.io/[Kopia] instead.
+====
+
+FSB integration with OADP provides a solution for backing up and restoring almost any type of Kubernetes volumes. This integration is an additional capability of OADP and is not a replacement for existing functionality.
+
+You back up Kubernetes resources, internal images, and persistent volumes with Kopia or Restic by editing the `Backup` custom resource (CR).
+
+You do not need to specify a snapshot location in the `DataProtectionApplication` CR.
+
+[NOTE]
+====
+In OADP version 1.3 and later, you can use either Kopia or Restic for backing up applications.
+
+For the Built-in DataMover, you must use Kopia.
+
+In OADP version 1.2 and earlier, you can only use Restic for backing up applications.
+====
+
+[IMPORTANT]
+====
+FSB does not support backing up `hostPath` volumes. For more information, see link:https://velero.io/docs/v1.12/file-system-backup/#limitations[FSB limitations].
+====
+
+.Prerequisites
+
+* You must install the OpenShift API for Data Protection (OADP) Operator.
+* You must not disable the default `nodeAgent` installation by setting `spec.configuration.nodeAgent.enable` to `false` in the `DataProtectionApplication` CR.
+* You must select Kopia or Restic as the uploader by setting `spec.configuration.nodeAgent.uploaderType` to `kopia` or `restic` in the `DataProtectionApplication` CR.
+* The `DataProtectionApplication` CR must be in a `Ready` state.
+
+.Procedure
+
+* Create the `Backup` CR, as in the following example:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: <backup>
+  labels:
+    velero.io/storage-location: default
+  namespace: openshift-adp
+spec:
+  defaultVolumesToFsBackup: true <1>
+...
+----
+<1> In OADP version 1.2 and later, add the `defaultVolumesToFsBackup: true` setting within the `spec` block. In OADP  version 1.1, add `defaultVolumesToRestic: true`.
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-pvs-csi-doc.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-pvs-csi-doc.adoc
new file mode 100644
index 000000000000..fdb6f025518d
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-pvs-csi-doc.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-backing-up-pvs-csi-doc"]
+= Backing up persistent volumes with CSI snapshots
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+You back up persistent volumes with Container Storage Interface (CSI) snapshots by editing the `VolumeSnapshotClass` custom resource (CR) of the cloud storage before you create the `Backup` CR, see xref:../../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots-overview_persistent-storage-csi-snapshots[CSI volume snapshots].
+
+For more information, see xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc#oadp-creating-backup-cr-doc[Creating a Backup CR].
+
+.Prerequisites
+
+* The cloud provider must support CSI snapshots.
+* You must enable CSI in the `DataProtectionApplication` CR.
+
+.Procedure
+
+* Add the `metadata.labels.velero.io/csi-volumesnapshot-class: "true"` key-value pair to the `VolumeSnapshotClass` CR:
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: <volume_snapshot_class_name>
+  labels:
+    velero.io/csi-volumesnapshot-class: "true"
+driver: <csi_driver>
+deletionPolicy: Retain
+----
+
+You can now create a `Backup` CR.
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc
new file mode 100644
index 000000000000..13a15aad3068
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc
@@ -0,0 +1,88 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-creating-backup-cr-doc"]
+= Creating a Backup CR
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+You back up Kubernetes images, internal images, and persistent volumes (PVs) by creating a `Backup` custom resource (CR).
+
+.Prerequisites
+
+* You must install the OpenShift API for Data Protection (OADP) Operator.
+* The `DataProtectionApplication` CR must be in a `Ready` state.
+* Backup location prerequisites:
+** You must have S3 object storage configured for Velero.
+** You must have a backup location configured in the `DataProtectionApplication` CR.
+* Snapshot location prerequisites:
+** Your cloud provider must have a native snapshot API or support Container Storage Interface (CSI) snapshots.
+** For CSI snapshots, you must create a `VolumeSnapshotClass` CR to register the CSI driver.
+** You must have a volume location configured in the `DataProtectionApplication` CR.
+
+.Procedure
+
+. Retrieve the `backupStorageLocations` CRs by entering the following command:
+
++
+[source,terminal]
+----
+$ oc get backupStorageLocations -n openshift-adp
+----
++
+.Example output
++
+[source,terminal]
+----
+NAMESPACE       NAME              PHASE       LAST VALIDATED   AGE   DEFAULT
+openshift-adp   velero-sample-1   Available   11s              31m
+----
+
+. Create a `Backup` CR, as in the following example:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: <backup>
+  labels:
+    velero.io/storage-location: default
+  namespace: openshift-adp
+spec:
+  hooks: {}
+  includedNamespaces:
+  - <namespace> <1>
+  includedResources: [] <2>
+  excludedResources: [] <3>
+  storageLocation: <velero-sample-1> <4>
+  ttl: 720h0m0s
+  labelSelector: <5>
+    matchLabels:
+      app=<label_1>
+      app=<label_2>
+      app=<label_3>
+  orLabelSelectors: <6>
+  - matchLabels:
+      app=<label_1>
+      app=<label_2>
+      app=<label_3>
+----
+<1> Specify an array of namespaces to back up.
+<2> Optional: Specify an array of resources to include in the backup. Resources might be shortcuts (for example, 'po' for 'pods') or fully-qualified. If unspecified, all resources are included.
+<3> Optional: Specify an array of resources to exclude from the backup. Resources might be shortcuts (for example, 'po' for 'pods') or fully-qualified.
+<4> Specify the name of the `backupStorageLocations` CR.
+<5> Map of {key,value} pairs of backup resources that have *all* the specified labels.
+<6> Map of {key,value} pairs of backup resources that have *one or more* of the specified labels.
+
+. Verify that the status of the `Backup` CR is `Completed`:
++
+[source,terminal]
+----
+$ oc get backup -n openshift-adp <backup> -o jsonpath='{.status.phase}'
+----
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-hooks-doc.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-hooks-doc.adoc
new file mode 100644
index 000000000000..dd98c51f3bfd
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-hooks-doc.adoc
@@ -0,0 +1,62 @@
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-creating-backup-hooks-doc"]
+= Creating backup hooks
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+When performing a backup, it is possible to specify one or more commands to execute in a container within a pod, based on the pod being backed up.
+
+The commands can be configured to performed before any custom action processing (_Pre_ hooks), or after all custom actions have been completed and any additional items specified by the custom action have been backed up (_Post_ hooks).
+
+You create backup hooks to run commands in a container in a pod by editing the `Backup` custom resource (CR).
+
+.Procedure
+
+* Add a hook to the `spec.hooks` block of the `Backup` CR, as in the following example:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: <backup>
+  namespace: openshift-adp
+spec:
+  hooks:
+    resources:
+      - name: <hook_name>
+        includedNamespaces:
+        - <namespace> <1>
+        excludedNamespaces: <2>
+        - <namespace>
+        includedResources: []
+        - pods <3>
+        excludedResources: [] <4>
+        labelSelector: <5>
+          matchLabels:
+            app: velero
+            component: server
+        pre: <6>
+          - exec:
+              container: <container> <7>
+              command:
+              - /bin/uname <8>
+              - -a
+              onError: Fail <9>
+              timeout: 30s <10>
+        post: <11>
+...
+----
+<1> Optional: You can specify namespaces to which the hook applies. If this value is not specified, the hook applies to all namespaces.
+<2> Optional: You can specify namespaces to which the hook does not apply.
+<3> Currently, pods are the only supported resource that hooks can apply to.
+<4> Optional: You can specify resources to which the hook does not apply.
+<5> Optional: This hook only applies to objects matching the label. If this value is not specified, the hook applies to all objects.
+<6> Array of hooks to run before the backup.
+<7> Optional: If the container is not specified, the command runs in the first container in the pod.
+<8> This is the entry point for the `init` container being added.
+<9> Allowed values for error handling are `Fail` and `Continue`. The default is `Fail`.
+<10> Optional: How long to wait for the commands to run. The default is `30s`.
+<11> This block defines an array of hooks to run after the backup, with the same parameters as the pre-backup hooks.
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-deleting-backups-doc.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-deleting-backups-doc.adoc
new file mode 100644
index 000000000000..c5e5abfefab4
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-deleting-backups-doc.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-deleting-backups-doc"]
+= Deleting backups
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+You can remove backup files by deleting the `Backup` custom resource (CR).
+
+[WARNING]
+====
+After you delete the `Backup` CR and the associated object storage data, you cannot recover the deleted data.
+====
+
+.Prerequisites
+
+* You created a `Backup` CR.
+* You know the name of the `Backup` CR and the namespace that contains it.
+* You downloaded the Velero CLI tool.
+* You can access the Velero binary in your cluster.
+
+.Procedure
+
+* Choose one of the following actions to delete the `Backup` CR:
+
+** To delete the `Backup` CR and keep the associated object storage data, run the following command:
++
+[source,terminal]
+----
+$ oc delete backup <backup_CR_name> -n <velero_namespace>
+----
+
+** To delete the `Backup` CR and delete the associated object storage data, run the following command:
++
+[source,terminal]
+----
+$ velero backup delete <backup_CR_name> -n <velero_namespace>
+----
++
+Where:
++
+<backup_CR_name>:: The name of the `Backup` custom resource.
+<velero_namespace>:: The namespace that contains the `Backup` custom resource.
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc
new file mode 100644
index 000000000000..f37336ee6a4e
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc
@@ -0,0 +1,86 @@
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-scheduling-backups-doc"]
+= Scheduling backups using Schedule CR
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+The schedule operation allows you to create a backup of your data at a particular time, specified by a Cron expression.
+
+You schedule backups by creating a `Schedule` custom resource (CR) instead of a `Backup` CR.
+
+[WARNING]
+====
+Leave enough time in your backup schedule for a backup to finish before another backup is created.
+
+For example, if a backup of a namespace typically takes 10 minutes, do not schedule backups more frequently than every 15 minutes.
+====
+
+.Prerequisites
+
+* You must install the OpenShift API for Data Protection (OADP) Operator.
+* The `DataProtectionApplication` CR must be in a `Ready` state.
+
+.Procedure
+
+. Retrieve the `backupStorageLocations` CRs:
++
+[source,terminal]
+----
+$ oc get backupStorageLocations -n openshift-adp
+----
++
+.Example output
++
+[source,terminal]
+----
+NAMESPACE       NAME              PHASE       LAST VALIDATED   AGE   DEFAULT
+openshift-adp   velero-sample-1   Available   11s              31m
+----
+
+. Create a `Schedule` CR, as in the following example:
++
+[source,yaml]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: <schedule>
+  namespace: openshift-adp
+spec:
+  schedule: 0 7 * * * <1>
+  template:
+    hooks: {}
+    includedNamespaces:
+    - <namespace> <2>
+    storageLocation: <velero-sample-1> <3>
+    defaultVolumesToFsBackup: true <4>
+    ttl: 720h0m0s
+EOF
+----
+
+<1> `cron` expression to schedule the backup, for example, `0 7 * * *` to perform a backup every day at 7:00.
++
+[NOTE]
+====
+To schedule a backup at specific intervals, enter the `<duration_in_minutes>` in the following format:
+[source,terminal]
+----
+  schedule: "*/10 * * * *"
+----
+Enter the minutes value between quotation marks (`" "`).
+====
+
+<2> Array of namespaces to back up.
+<3> Name of the `backupStorageLocations` CR.
+<4> Optional: In OADP version 1.2 and later, add the `defaultVolumesToFsBackup: true` key-value pair to your configuration when performing backups of volumes with Restic. In OADP version 1.1, add the `defaultVolumesToRestic: true` key-value pair when you back up volumes with Restic.
+
+. Verify that the status of the `Schedule` CR is `Completed` after the scheduled backup runs:
++
+[source,terminal]
+----
+$ oc get schedule -n openshift-adp <schedule> -o jsonpath='{.status.phase}'
+----
diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc
index ab3ec37d6077..c761c938460e 100644
--- a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc
+++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="restoring-applications"]
 = Restoring applications
 include::_attributes/common-attributes.adoc[]
@@ -8,7 +8,7 @@ toc::[]
 
 You restore application backups by creating a `Restore` custom resource (CR). See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-cr_restoring-applications[Creating a Restore CR].
 
-You can create restore hooks to run commands in a container in a pod while restoring your application by editing the `Restore` (CR). See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-hooks_restoring-applications[Creating restore hooks]
+You can create restore hooks to run commands in a container in a pod by editing the `Restore` CR. See xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-hooks_restoring-applications[Creating restore hooks].
 
 include::modules/oadp-creating-restore-cr.adoc[leveloffset=+1]
 include::modules/oadp-creating-restore-hooks.adoc[leveloffset=+1]
diff --git a/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc b/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc
index 0292eafc004c..ec81a26d1af3 100644
--- a/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-installing-oadp"]
 = About installing OADP
 include::_attributes/common-attributes.adoc[]
@@ -16,12 +16,19 @@ To back up Kubernetes resources and internal images, you must have object storag
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc#installing-oadp-azure[Microsoft Azure]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc#installing-oadp-gcp[Google Cloud Platform]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway]
-* AWS S3 compatible object storage, such as Noobaa or Minio
+* AWS S3 compatible object storage, such as Multicloud Object Gateway or MinIO
 
 :FeatureName: The `CloudStorage` API, which automates the creation of a bucket for object storage,
 include::snippets/technology-preview.adoc[]
 
-You can back up persistent volumes (PVs) by using snapshots or Restic.
+[NOTE]
+====
+The `CloudStorage` API is a Technology Preview feature when you use a `CloudStorage` object and want OADP to use the `CloudStorage` API to automatically create an S3 bucket for use as a `BackupStorageLocation`.
+
+The `CloudStorage` API supports manually creating a `BackupStorageLocation` object by specifying an existing S3 bucket. The `CloudStorage` API that creates an S3 bucket automatically is currently only enabled for AWS S3 storage.
+====
+
+You can back up persistent volumes (PVs) by using snapshots or a File System Backup (FSB).
 
 To back up PVs with snapshots, you must have a cloud provider that supports either a native snapshot API or Container Storage Interface (CSI) snapshots, such as one of the following cloud providers:
 
@@ -32,7 +39,7 @@ To back up PVs with snapshots, you must have a cloud provider that supports eith
 
 include::snippets/oadp-ocp-compat.adoc[]
 
-If your cloud provider does not support snapshots or if your storage is NFS, you can back up applications with xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic backups] on object storage.
+If your cloud provider does not support snapshots or if your storage is NFS, you can back up applications with xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc#backing-up-applications[Backing up applications with File System Backup: Kopia or Restic] on object storage.
 
 You create a default `Secret` and then you install the Data Protection Application.
 
@@ -53,3 +60,6 @@ include::modules/about-installing-oadp-on-multiple-namespaces.adoc[leveloffset=+
 .Additional resources
 
 * xref:../../../operators/understanding/olm/olm-understanding-olm.adoc#olm-csv_olm-understanding-olm[Cluster service version]
+
+include::modules/oadp-velero-cpu-memory-requirements.adoc[leveloffset=+1]
+include::modules/oadp-backup-restore-for-large-usage.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/backup_and_restore/application_backup_and_restore/installing/about-oadp-1-3-data-mover.adoc b/backup_and_restore/application_backup_and_restore/installing/about-oadp-1-3-data-mover.adoc
new file mode 100644
index 000000000000..b7e628121bcf
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/about-oadp-1-3-data-mover.adoc
@@ -0,0 +1,58 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="about-oadp-1-3-data-mover"]
+= About the OADP 1.3 Data Mover
+include::_attributes/common-attributes.adoc[]
+:context: about-oadp-1-3-data-mover
+
+toc::[]
+
+OADP 1.3 includes a built-in Data Mover that you can use to move Container Storage Interface (CSI) volume snapshots to a remote object store. The built-in Data Mover allows you to restore stateful applications from the remote object store if a failure, accidental deletion, or corruption of the cluster occurs. It uses xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-about-kopia.adoc#oadp-about-kopia[Kopia] as the uploader mechanism to read the snapshot data and write to the unified repository.
+
+OADP supports CSI snapshots on the following:
+
+* Red Hat OpenShift Data Foundation
+* Any other cloud storage provider with the Container Storage Interface (CSI) driver that supports the Kubernetes Volume Snapshot API
+
+:FeatureName: The OADP built-in Data Mover
+include::snippets/technology-preview.adoc[]
+
+[id="enabling-oadp-1-3-data-mover"]
+== Enabling the built-in Data Mover
+
+To enable the built-in Data Mover, you must include the CSI plugin and enable the node agent in the `DataProtectionApplication` custom resource (CR). The node agent is a Kubernetes daemonset that hosts data movement modules. These include the Data Mover controller, uploader, and the repository. 
+
+.Example `DataProtectionApplication` manifest
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: dpa-sample
+spec:
+  configuration:
+    nodeAgent:
+      enable: true <1>
+      uploaderType: kopia <2>
+    velero:
+      defaultPlugins:
+      - openshift
+      - aws
+      - csi <3>
+# ...
+----
+<1> The flag to enable the node agent.
+<2> The type of uploader. The possible values are `restic` or `kopia`. The built-in Data Mover uses Kopia as the default uploader mechanism regardless of the value of the `uploaderType` field.
+<3> The CSI plugin included in the list of default plugins.
+
+[id="built-in-data-mover-crs"]
+== Built-in Data Mover controller and custom resource definitions (CRDs)
+
+The built-in Data Mover feature introduces three new API objects defined as CRDs for managing backup and restore:
+
+* `DataDownload`: Represents a data download of a volume snapshot. The CSI plugin creates one `DataDownload` object per volume to be restored. The `DataDownload` CR includes information about the target volume, the specified Data Mover, the progress of the current data download, the specified backup repository, and the result of the current data download after the process is complete.
+
+* `DataUpload`: Represents a data upload of a volume snapshot. The CSI plugin creates one `DataUpload` object per CSI snapshot. The `DataUpload` CR includes information about the specified snapshot, the specified Data Mover, the specified backup repository, the progress of the current data upload, and the result of the current data upload after the process is complete.
+
+* `BackupRepository`: Represents and manages the lifecycle of the backup repositories. OADP creates a backup repository per namespace when the first CSI snapshot backup or restore for a namespace is requested. 
+
+
diff --git a/backup_and_restore/application_backup_and_restore/installing/data-mover-intro.adoc b/backup_and_restore/application_backup_and_restore/installing/data-mover-intro.adoc
new file mode 100644
index 000000000000..ae9d2fd42853
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/data-mover-intro.adoc
@@ -0,0 +1,37 @@
+:_mod-docs-content-type: CONCEPT
+[id="oadp-data-mover-intro"]
+= OADP Data Mover Introduction
+include::_attributes/common-attributes.adoc[]
+:context: data-mover
+
+toc::[]
+
+OADP Data Mover allows you to restore stateful applications from the store if a failure, accidental deletion, or corruption of the cluster occurs.
+
+[NOTE]
+====
+The OADP 1.1 Data Mover is a Technology Preview feature.
+
+The OADP 1.2 Data Mover has significantly improved features and performances, but is still a Technology Preview feature.
+====
+:FeatureName: The OADP Data Mover
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+* You can use OADP Data Mover to back up Container Storage Interface (CSI) volume snapshots to a remote object store. See xref:../../../backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc#oadp-using-data-mover-for-csi-snapshots-doc[Using Data Mover for CSI snapshots].
+
+* You can use OADP 1.2 Data Mover to backup and restore application data for clusters that use CephFS, CephRBD, or both. See xref:../../../backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc#oadp-using-data-mover-for-csi-snapshots-doc[Using OADP 1.2 Data Mover with Ceph storage].
+
+* You must perform a data cleanup after you perform a backup, if you are using OADP 1.1 Data Mover. See xref:../../../backup_and_restore/application_backup_and_restore/installing/oadp-cleaning-up-after-data-mover-1-1-backup-doc.adoc#oadp-cleaning-up-after-data-mover-1-1-backup-doc[Cleaning up after a backup using OADP 1.1 Data Mover].
+
+include::snippets/snip-post-mig-hook[]
+
+[id="oadp-data-mover-prerequisites"]
+== OADP Data Mover prerequisites
+
+* You have a stateful application running in a separate namespace.
+
+* You have installed the OADP Operator by using Operator Lifecycle Manager (OLM).
+
+* You have created an appropriate `VolumeSnapshotClass` and `StorageClass`.
+
+* You have installed the VolSync operator using OLM.
diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
index 64b8b58df482..ebd66485d057 100644
--- a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-oadp-aws"]
-= Installing and configuring the OpenShift API for Data Protection with Amazon Web Services
+= Configuring the OpenShift API for Data Protection with Amazon Web Services
 include::_attributes/common-attributes.adoc[]
 :context: installing-oadp-aws
 :installing-oadp-aws:
@@ -13,11 +13,11 @@ You install the OpenShift API for Data Protection (OADP) with Amazon Web Service
 
 include::snippets/oadp-mtc-operator.adoc[]
 
-You configure AWS for Velero, create a default `Secret`, and then install the Data Protection Application.
+You configure AWS for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
-include::modules/oadp-installing-operator.adoc[leveloffset=+1]
+//include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-aws-s3.adoc[leveloffset=+1]
 include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
 include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
@@ -31,7 +31,8 @@ You can configure the Data Protection Application by setting Velero resource all
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
-include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-2-and-earlier.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
 include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :!installing-oadp-aws:
diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
index 3077b98b3b71..87cdb9445c87 100644
--- a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-oadp-azure"]
-= Installing and configuring the OpenShift API for Data Protection with Microsoft Azure
+= Configuring the OpenShift API for Data Protection with Microsoft Azure
 include::_attributes/common-attributes.adoc[]
 :context: installing-oadp-azure
 :installing-oadp-azure:
@@ -13,11 +13,11 @@ You install the OpenShift API for Data Protection (OADP) with Microsoft Azure by
 
 include::snippets/oadp-mtc-operator.adoc[]
 
-You configure Azure for Velero, create a default `Secret`, and then install the Data Protection Application.
+You configure Azure for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
-include::modules/oadp-installing-operator.adoc[leveloffset=+1]
+// include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-azure.adoc[leveloffset=+1]
 include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
 include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
@@ -31,7 +31,8 @@ You can configure the Data Protection Application by setting Velero resource all
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
-include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-2-and-earlier.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
 include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-azure!:
diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
index 6b688c72a17a..ce7af5d6f74b 100644
--- a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-oadp-gcp"]
-= Installing and configuring the OpenShift API for Data Protection with Google Cloud Platform
+= Configuring the OpenShift API for Data Protection with Google Cloud Platform
 include::_attributes/common-attributes.adoc[]
 :context: installing-oadp-gcp
 :installing-oadp-gcp:
@@ -13,11 +13,11 @@ You install the OpenShift API for Data Protection (OADP) with Google Cloud Platf
 
 include::snippets/oadp-mtc-operator.adoc[]
 
-You configure GCP for Velero, create a default `Secret`, and then install the Data Protection Application.
+You configure GCP for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
-include::modules/oadp-installing-operator.adoc[leveloffset=+1]
+//include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-gcp.adoc[leveloffset=+1]
 include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
 include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
@@ -31,7 +31,9 @@ You can configure the Data Protection Application by setting Velero resource all
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
-include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-2-and-earlier.adoc[leveloffset=+1]
+include::modules/oadp-gcp-wif-cloud-authentication.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
 include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-gcp!:
diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
index ff7180e2410e..750cf600250f 100644
--- a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-oadp-mcg"]
-= Installing and configuring the OpenShift API for Data Protection with Multicloud Object Gateway
+= Configuring the OpenShift API for Data Protection with Multicloud Object Gateway
 include::_attributes/common-attributes.adoc[]
 :context: installing-oadp-mcg
 :installing-oadp-mcg:
@@ -19,11 +19,11 @@ MCG is a component of {rh-storage}. You configure MCG as a backup location in th
 :FeatureName: The `CloudStorage` API, which automates the creation of a bucket for object storage,
 include::snippets/technology-preview.adoc[]
 
-You create a `Secret` for the backup location and then you install the Data Protection Application.
+You create a `Secret` for the backup location and then you install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
 
-include::modules/oadp-installing-operator.adoc[leveloffset=+1]
+//include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-mcg.adoc[leveloffset=+1]
 include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
 include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
@@ -37,7 +37,8 @@ You can configure the Data Protection Application by setting Velero resource all
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
-include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-2-and-earlier.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
 include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-mcg!:
diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
index 651717695045..5fcf863b741f 100644
--- a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-oadp-ocs"]
-= Installing and configuring the OpenShift API for Data Protection with OpenShift Data Foundation
+= Configuring the OpenShift API for Data Protection with OpenShift Data Foundation
 include::_attributes/common-attributes.adoc[]
 :context: installing-oadp-ocs
 :credentials: cloud-credentials
@@ -12,17 +12,22 @@ You install the OpenShift API for Data Protection (OADP) with {rh-storage} by in
 
 include::snippets/oadp-mtc-operator.adoc[]
 
-You can configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] or any S3-compatible object storage as a backup location.
+You can configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] or any AWS S3-compatible object storage as a backup location.
 
 :FeatureName: The `CloudStorage` API, which automates the creation of a bucket for object storage,
 include::snippets/technology-preview.adoc[]
 
-You create a `Secret` for the backup location and then you install the Data Protection Application.
+You create a `Secret` for the backup location and then you install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
 
-include::modules/oadp-installing-operator.adoc[leveloffset=+1]
+//include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/managing_hybrid_and_multicloud_resources/object-bucket-claim#creating-an-object-bucket-claim-using-the-openshift-web-console_rhodf[Creating an Object Bucket Claim using the OpenShift Web Console].
+
 include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
 include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 
@@ -32,9 +37,11 @@ include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.
 
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
+include::modules/oadp-odf-cpu-memory-requirements.adoc[leveloffset=+3]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
-include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
-include::modules/oadp-configuring-noobaa-for-dr.adoc[leveloffset=+2]
+include::modules/oadp-installing-dpa-1-2-and-earlier.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
+include::modules/oadp-creating-object-bucket-claim.adoc[leveloffset=+2]
 include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
diff --git a/backup_and_restore/application_backup_and_restore/installing/oadp-12-data-mover-ceph-doc.adoc b/backup_and_restore/application_backup_and_restore/installing/oadp-12-data-mover-ceph-doc.adoc
new file mode 100644
index 000000000000..8b2078fa19c3
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/oadp-12-data-mover-ceph-doc.adoc
@@ -0,0 +1,62 @@
+[id="oadp-12-data-mover-ceph-doc"]
+= Using OADP 1.2 Data Mover with Ceph storage
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+You can use OADP 1.2 Data Mover to backup and restore application data for clusters that use CephFS, CephRBD, or both.
+
+OADP 1.2 Data Mover leverages Ceph features that support large-scale environments. One of these is the shallow copy method, which is available for {product-title} 4.12 and later. This feature supports backing up and restoring `StorageClass` and `AccessMode` resources other than what is found on the source persistent volume claim (PVC).
+
+[IMPORTANT]
+====
+The CephFS shallow copy feature is a back up feature. It is not part of restore operations.
+====
+
+include::modules/oadp-ceph-prerequisites.adoc[leveloffset=+1]
+
+[id="defining-crs-for-12-data-mover"]
+== Defining custom resources for use with OADP 1.2 Data Mover
+
+When you install {rh-storage-first}, it automatically creates default CephFS and a CephRBD `StorageClass` and `VolumeSnapshotClass` custom resources (CRs). You must define these CRs for use with OpenShift API for Data Protection (OADP) 1.2 Data Mover.
+
+After you define the CRs, you must make several other changes to your environment before you can perform your back up and restore operations.
+
+include::modules/oadp-ceph-preparing-cephfs-crs.adoc[leveloffset=+2]
+include::modules/oadp-ceph-preparing-cephrbd-crs.adoc[leveloffset=+2]
+include::modules/oadp-ceph-preparing-crs-additional.adoc[leveloffset=+2]
+
+[id="oadp-ceph-back-up-restore-cephfs"]
+== Backing up and restoring data using OADP 1.2 Data Mover and CephFS storage
+
+You can use OpenShift API for Data Protection (OADP) 1.2 Data Mover to back up and restore data using CephFS storage by enabling the shallow copy feature of CephFS.
+
+include::snippets/oadp-ceph-cr-prerequisites.adoc[]
+
+:context: !backing-up-applications
+
+:context: cephfs
+
+include::modules/oadp-ceph-cephfs-back-up-dba.adoc[leveloffset=+2]
+include::modules/oadp-ceph-cephfs-back-up.adoc[leveloffset=+2]
+include::modules/oadp-ceph-cephfs-restore.adoc[leveloffset=+2]
+
+[id="oadp-ceph-split"]
+== Backing up and restoring data using OADP 1.2 Data Mover and split volumes (CephFS and Ceph RBD)
+
+You can use OpenShift API for Data Protection (OADP) 1.2 Data Mover to back up and restore data in an environment that has _split volumes_, that is, an environment that uses both CephFS and CephRBD.
+
+include::snippets/oadp-ceph-cr-prerequisites.adoc[]
+
+:context: !cephfs
+
+:context: split
+
+include::modules/oadp-ceph-split-back-up-dba.adoc[leveloffset=+2]
+include::modules/oadp-ceph-cephfs-back-up.adoc[leveloffset=+2]
+include::modules/oadp-ceph-cephfs-restore.adoc[leveloffset=+2]
+
+:context: !split
+
+:context: backing-up-applications
diff --git a/backup_and_restore/application_backup_and_restore/installing/oadp-backup-restore-csi-snapshots.adoc b/backup_and_restore/application_backup_and_restore/installing/oadp-backup-restore-csi-snapshots.adoc
new file mode 100644
index 000000000000..0c3462723f59
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/oadp-backup-restore-csi-snapshots.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-backup-restore-csi-snapshots"]
+= Backing up and restoring CSI snapshots
+include::_attributes/common-attributes.adoc[]
+:context: oadp-backup-restore-csi-snapshots
+
+toc::[]
+
+You can back up and restore persistent volumes by using the OADP 1.3 Data Mover. 
+
+include::modules/oadp-1-3-backing-csi-snapshots.adoc[leveloffset=+1]
+
+include::modules/oadp-1-3-restoring-csi-snapshots.adoc[leveloffset=+1]
+
+
+
diff --git a/backup_and_restore/application_backup_and_restore/installing/oadp-cleaning-up-after-data-mover-1-1-backup-doc.adoc b/backup_and_restore/application_backup_and_restore/installing/oadp-cleaning-up-after-data-mover-1-1-backup-doc.adoc
new file mode 100644
index 000000000000..83535e5f3a5b
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/oadp-cleaning-up-after-data-mover-1-1-backup-doc.adoc
@@ -0,0 +1,26 @@
+[id="oadp-cleaning-up-after-data-mover-1-1-backup-doc"]
+= Cleaning up after a backup using OADP 1.1 Data Mover
+include::_attributes/common-attributes.adoc[]
+:context: datamover11
+
+toc::[]
+
+For OADP 1.1 Data Mover, you must perform a data cleanup after you perform a backup.
+
+The cleanup consists of deleting the following resources:
+
+* Snapshots in a bucket
+* Cluster resources
+* Volume snapshot backups (VSBs) after a backup procedure that is either run by a schedule or is run repetitively
+
+include::modules/oadp-cleaning-up-after-data-mover-snapshots.adoc[leveloffset=+1]
+
+[id="deleting-cluster-resources-data-mover"]
+== Deleting cluster resources
+
+OADP 1.1 Data Mover might leave cluster resources whether or not it successfully backs up your container storage interface (CSI) volume snapshots to a remote object store.
+
+include::modules/oadp-deleting-cluster-resources-following-success.adoc[leveloffset=+2]
+include::modules/oadp-deleting-cluster-resources-following-failure.adoc[leveloffset=+2]
+
+include::modules/oadp-vsb-cleanup-after-scheduler.adoc[leveloffset=+1]
diff --git a/backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc b/backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc
new file mode 100644
index 000000000000..ba6d54403d8e
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-installing-operator-doc"]
+= Installing the OADP Operator
+include::_attributes/common-attributes.adoc[]
+:context: installing-oadp-operator
+
+toc::[]
+
+You can install the OpenShift API for Data Protection (OADP) Operator on {product-title} {product-version} by using Operator Lifecycle Manager (OLM).
+
+The OADP Operator installs link:https://{velero-domain}/docs/v{velero-version}/[Velero {velero-version}].
+
+.Prerequisites
+
+* You must be logged in as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+. Use the *Filter by keyword* field to find the *OADP Operator*.
+. Select the *OADP Operator* and click *Install*.
+. Click *Install* to install the Operator in the `openshift-adp` project.
+. Click *Operators* -> *Installed Operators* to verify the installation.
+
+include::modules/velero-oadp-version-relationship.adoc[leveloffset=+1]
diff --git a/backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc b/backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc
new file mode 100644
index 000000000000..a39a0419065d
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc
@@ -0,0 +1,281 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-using-data-mover-for-csi-snapshots-doc"]
+= Using Data Mover for CSI snapshots
+include::_attributes/common-attributes.adoc[]
+:context: backing-up-applications
+
+toc::[]
+
+:FeatureName: Data Mover for CSI snapshots
+
+The OADP Data Mover enables customers to back up Container Storage Interface (CSI) volume snapshots to a remote object store. When Data Mover is enabled, you can restore stateful applications, using CSI volume snapshots pulled from the object store if a failure, accidental deletion, or corruption of the cluster occurs.
+
+The Data Mover solution uses the Restic option of VolSync.
+
+Data Mover supports backup and restore of CSI volume snapshots only.
+
+In OADP 1.2 Data Mover `VolumeSnapshotBackups` (VSBs) and `VolumeSnapshotRestores` (VSRs) are queued using the VolumeSnapshotMover (VSM). The VSM's performance is improved by specifying a concurrent number of VSBs and VSRs simultaneously `InProgress`. After all async plugin operations are complete, the backup is marked as complete.
+
+
+[NOTE]
+====
+The OADP 1.1 Data Mover is a Technology Preview feature.
+
+The OADP 1.2 Data Mover has significantly improved features and performances, but is still a Technology Preview feature.
+====
+:FeatureName: The OADP Data Mover
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[NOTE]
+====
+Red Hat recommends that customers who use OADP 1.2 Data Mover in order to back up and restore ODF CephFS volumes, upgrade or install {product-title} version 4.12 or later for improved performance. OADP Data Mover can leverage CephFS shallow volumes in {product-title} version 4.12 or later, which based on our testing, can improve the performance of backup times.
+
+* https://issues.redhat.com/browse/RHSTOR-4287[CephFS ROX details]
+//* https://github.com/ceph/ceph-csi/blob/devel/docs/cephfs-snapshot-backed-volumes.md[Provisioning and mounting CephFS snapshot-backed volumes]
+
+
+//For more information about OADP 1.2 with CephS [name of topic], see ___.
+
+====
+
+.Prerequisites
+
+* You have verified that the `StorageClass` and `VolumeSnapshotClass` custom resources (CRs) support CSI.
+
+* You have verified that only one `VolumeSnapshotClass` CR has the annotation `snapshot.storage.kubernetes.io/is-default-class: "true"`.
++
+[NOTE]
+====
+In {product-title} version 4.12 or later, verify that this is the only default `VolumeSnapshotClass`.
+====
+
+* You have verified that `deletionPolicy` of the `VolumeSnapshotClass` CR is set to `Retain`.
+
+* You have verified that only one `StorageClass` CR has the annotation `storageclass.kubernetes.io/is-default-class: "true"`.
+
+* You have included the label `{velero-domain}/csi-volumesnapshot-class: "true"` in your `VolumeSnapshotClass` CR.
+
+* You have verified that the `OADP namespace` has the annotation `oc annotate --overwrite namespace/openshift-adp volsync.backube/privileged-movers="true"`.
++
+[NOTE]
+====
+In OADP 1.1 the above setting is mandatory.
+
+In OADP 1.2 the `privileged-movers` setting is not required in most scenarios. The restoring container permissions should be adequate for the Volsync copy. In some user scenarios, there may be permission errors that the `privileged-mover`= `true` setting should resolve.
+====
+
+* You have installed the VolSync Operator by using the Operator Lifecycle Manager (OLM).
++
+[NOTE]
+====
+The VolSync Operator is required for using OADP Data Mover.
+====
+
+* You have installed the OADP operator by using OLM.
+
+.Procedure
+
+. Configure a Restic secret by creating a `.yaml` file as following:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <secret_name>
+  namespace: openshift-adp
+type: Opaque
+stringData:
+  RESTIC_PASSWORD: <secure_restic_password>
+----
++
+[NOTE]
+====
+By default, the Operator looks for a secret named `dm-credential`. If you are using a different name, you need to specify the name through a Data Protection Application (DPA) CR using `dpa.spec.features.dataMover.credentialName`.
+====
+
+. Create a DPA CR similar to the following example. The default plugins include CSI.
++
+.Example Data Protection Application (DPA) CR
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: velero-sample
+  namespace: openshift-adp
+spec:
+  backupLocations:
+    - velero:
+        config:
+          profile: default
+          region: us-east-1
+        credential:
+          key: cloud
+          name: cloud-credentials
+        default: true
+        objectStorage:
+          bucket: <bucket_name>
+          prefix: <bucket-prefix>
+        provider: aws
+  configuration:
+    restic:
+      enable: <true_or_false>
+    velero:
+       itemOperationSyncFrequency: "10s"
+       defaultPlugins:
+        - openshift
+        - aws
+        - csi
+        - vsm <1>
+  features:
+    dataMover:
+      credentialName: restic-secret
+      enable: true
+      maxConcurrentBackupVolumes: "3" <2>
+      maxConcurrentRestoreVolumes: "3" <3>
+      pruneInterval: "14" <4>
+      volumeOptions: <5>
+      sourceVolumeOptions:
+          accessMode: ReadOnlyMany
+          cacheAccessMode: ReadWriteOnce
+          cacheCapacity: 2Gi
+      destinationVolumeOptions:
+          storageClass: other-storageclass-name
+          cacheAccessMode: ReadWriteMany
+  snapshotLocations:
+    - velero:
+        config:
+          profile: default
+          region: us-west-2
+        provider: aws
+
+----
+<1> OADP 1.2 only.
+<2> OADP 1.2 only. Optional: Specify the upper limit of the number of snapshots allowed to be queued for backup. The default value is 10.
+<3> OADP 1.2 only. Optional: Specify the upper limit of the number of snapshots allowed to be queued for restore. The default value is 10.
+<4> OADP 1.2 only. Optional: Specify the number of days, between running Restic pruning on the repository. The prune operation repacks the data to free space, but it can also generate significant I/O traffic as a part of the process. Setting this option allows a trade-off between storage consumption, from no longer referenced data, and access costs.
+<5> OADP 1.2 only. Optional: Specify VolumeSync volume options for backup and restore.
+
++
+The OADP Operator installs two custom resource definitions (CRDs), `VolumeSnapshotBackup` and `VolumeSnapshotRestore`.
++
+.Example `VolumeSnapshotBackup` CRD
+[source,yaml]
+----
+apiVersion: datamover.oadp.openshift.io/v1alpha1
+kind: VolumeSnapshotBackup
+metadata:
+  name: <vsb_name>
+  namespace: <namespace_name> <1>
+spec:
+  volumeSnapshotContent:
+    name: <snapcontent_name>
+  protectedNamespace: <adp_namespace> <2>
+  resticSecretRef:
+    name: <restic_secret_name>
+----
+<1> Specify the namespace where the volume snapshot exists.
+<2> Specify the namespace where the OADP Operator is installed. The default is `openshift-adp`.
++
+.Example `VolumeSnapshotRestore` CRD
+[source,yaml]
+----
+apiVersion: datamover.oadp.openshift.io/v1alpha1
+kind: VolumeSnapshotRestore
+metadata:
+  name: <vsr_name>
+  namespace: <namespace_name> <1>
+spec:
+  protectedNamespace: <protected_ns> <2>
+  resticSecretRef:
+    name: <restic_secret_name>
+  volumeSnapshotMoverBackupRef:
+    sourcePVCData:
+      name: <source_pvc_name>
+      size: <source_pvc_size>
+    resticrepository: <your_restic_repo>
+    volumeSnapshotClassName: <vsclass_name>
+----
+<1> Specify the namespace where the volume snapshot exists.
+<2> Specify the namespace where the OADP Operator is installed. The default is `openshift-adp`.
+
+. You can back up a volume snapshot by performing the following steps:
+
+.. Create a backup CR:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: <backup_name>
+  namespace: <protected_ns> <1>
+spec:
+  includedNamespaces:
+  - <app_ns> <2>
+  storageLocation: velero-sample-1
+----
+<1> Specify the namespace where the Operator is installed. The default namespace is `openshift-adp`.
+<2> Specify the application namespace or namespaces to be backed up.
+
+.. Wait up to 10 minutes and check whether the `VolumeSnapshotBackup` CR status is `Completed` by entering the following commands:
++
+[source,terminal]
+----
+$ oc get vsb -n <app_ns>
+----
++
+[source,terminal]
+----
+$ oc get vsb <vsb_name> -n <app_ns> -o jsonpath="{.status.phase}"
+----
++
+A snapshot is created in the object store was configured in the DPA.
++
+[NOTE]
+====
+If the status of the `VolumeSnapshotBackup` CR becomes `Failed`, refer to the Velero logs for troubleshooting.
+====
+
+. You can restore a volume snapshot by performing the following steps:
+
+.. Delete the application namespace and the `VolumeSnapshotContent` that was created by the Velero CSI plugin.
+
+.. Create a `Restore` CR and set `restorePVs` to `true`.
++
+.Example `Restore` CR
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: <restore_name>
+  namespace: <protected_ns>
+spec:
+  backupName: <previous_backup_name>
+  restorePVs: true
+----
+
+.. Wait up to 10 minutes and check whether the `VolumeSnapshotRestore` CR status is `Completed` by entering the following command:
++
+[source,terminal]
+----
+$ oc get vsr -n <app_ns>
+----
++
+[source,terminal]
+----
+$ oc get vsr <vsr_name> -n <app_ns> -o jsonpath="{.status.phase}"
+----
+
+.. Check whether your application data and resources have been restored.
++
+[NOTE]
+====
+If the status of the `VolumeSnapshotRestore` CR becomes 'Failed', refer to the Velero logs for troubleshooting.
+====
diff --git a/backup_and_restore/application_backup_and_restore/installing/uninstalling-oadp.adoc b/backup_and_restore/application_backup_and_restore/installing/uninstalling-oadp.adoc
index 49f3c9b02f2e..7cf49e56d54e 100644
--- a/backup_and_restore/application_backup_and_restore/installing/uninstalling-oadp.adoc
+++ b/backup_and_restore/application_backup_and_restore/installing/uninstalling-oadp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-oadp"]
 = Uninstalling the OpenShift API for Data Protection
 include::_attributes/common-attributes.adoc[]
diff --git a/backup_and_restore/application_backup_and_restore/oadp-advanced-topics.adoc b/backup_and_restore/application_backup_and_restore/oadp-advanced-topics.adoc
index 26d17d149167..fcd0124642c4 100644
--- a/backup_and_restore/application_backup_and_restore/oadp-advanced-topics.adoc
+++ b/backup_and_restore/application_backup_and_restore/oadp-advanced-topics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oadp-advanced-topics"]
 = Advanced OADP features and functionalities
 include::_attributes/common-attributes.adoc[]
@@ -19,6 +19,10 @@ include::modules/oadp-using-enable-api-group-versions.adoc[leveloffset=+2]
 == Backing up data from one cluster and restoring it to another cluster
 
 include::modules/oadp-about-backing-and-restoring-from-cluster-to-cluster.adoc[leveloffset=+2]
+include::modules/oadp-pod-volume-backup.adoc[leveloffset=+2]
+include::modules/oadp-backing-up-opt-in.adoc[leveloffset=+3]
+include::modules/oadp-backing-up-opt-out.adoc[leveloffset=+3]
+include::modules/oadp-cluster-to-cluster-uid-and-gid-ranges.adoc[leveloffset=+2]
 include::modules/oadp-backing-and-restoring-from-cluster-to-cluster.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -27,8 +31,8 @@ include::modules/oadp-backing-and-restoring-from-cluster-to-cluster.adoc[levelof
 
 For more information about API group versions, see xref:../../backup_and_restore/application_backup_and_restore/oadp-advanced-topics.adoc#oadp-different-kubernetes-api-versions[Working with different Kubernetes API versions on the same cluster].
 
-For more information about OADP Data Mover, see xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-using-data-mover-for-csi-snapshots_backing-up-applications[Using Data Mover for CSI snapshots].
+For more information about OADP Data Mover, see xref:../../backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc#backing-up-applications[Using Data Mover for CSI snapshots].
 
-For more information about using Restic with OADP, see xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Backing up applications with Restic].
+For more information about using Restic with OADP, see xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc#backing-up-applications[Backing up applications with File System Backup: Kopia or Restic].
 
 :!oadp-advanced-topics:
diff --git a/backup_and_restore/application_backup_and_restore/oadp-api.adoc b/backup_and_restore/application_backup_and_restore/oadp-api.adoc
index 6ac2bd278c3f..ceb99eeef8c7 100644
--- a/backup_and_restore/application_backup_and_restore/oadp-api.adoc
+++ b/backup_and_restore/application_backup_and_restore/oadp-api.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oadp-api"]
 = APIs used with OADP
 include::_attributes/common-attributes.adoc[]
diff --git a/backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc b/backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
index 417275375f02..97b2dc77984c 100644
--- a/backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
+++ b/backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oadp-features-plugins"]
 = OADP features and plugins
 include::_attributes/common-attributes.adoc[]
@@ -13,15 +13,19 @@ The default plugins enable Velero to integrate with certain cloud providers and
 include::modules/oadp-features.adoc[leveloffset=+1]
 include::modules/oadp-plugins.adoc[leveloffset=+1]
 include::modules/oadp-configuring-velero-plugins.adoc[leveloffset=+1]
+include::modules/oadp-plugins-receiving-eof-message.adoc[leveloffset=+2]
+include::modules/oadp-supported-architecture.adoc[leveloffset=+1]
 
 [id="oadp-support-for-ibm-power-and-ibm-z"]
-== OADP support for IBM Power and {ibmzProductName}
+== OADP support for {ibm-power-title} and {ibm-z-title}
 
-OpenShift API for Data Protection (OADP) is platform neutral. The information that follows relates only to IBM Power and to {ibmzProductName}.
+OpenShift API for Data Protection (OADP) is platform neutral. The information that follows relates only to {ibm-power-name} and to {ibm-z-name}.
 
-OADP 1.1.0 was tested successfully against {product-title} 4.11 for both IBM Power and {ibmzProductName}. The sections that follow give testing and support information for OADP 1.1.0 in terms of backup locations for these systems.
+OADP 1.1.0 was tested successfully against {product-title} 4.11 for both {ibm-power-name} and {ibm-z-name}. The sections that follow give testing and support information for OADP 1.1.0 in terms of backup locations for these systems.
 
 include::modules/oadp-ibm-power-test-support.adoc[leveloffset=+2]
 include::modules/oadp-ibm-z-test-support.adoc[leveloffset=+2]
 
+include::modules/oadp-fips.adoc[leveloffset=+1]
+
 :!oadp-features-plugins:
diff --git a/backup_and_restore/application_backup_and_restore/oadp-intro.adoc b/backup_and_restore/application_backup_and_restore/oadp-intro.adoc
new file mode 100644
index 000000000000..ab17fc13ff62
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/oadp-intro.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-introduction"]
+= Introduction to {oadp-full}
+include::_attributes/common-attributes.adoc[]
+:context: oadp-api
+:namespace: openshift-adp
+:local-product: OADP
+
+toc::[]
+
+The {oadp-first} product safeguards customer applications on {product-title}. It offers comprehensive disaster recovery protection, covering {product-title} applications, application-related cluster resources, persistent volumes, and internal images. OADP is also capable of backing up both containerized applications and virtual machines (VMs).
+
+However, OADP does not serve as a disaster recovery solution for xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[etcd] or OpenShift Operators.
+
+
+[id="oadp-apis_{context}"]
+== {oadp-full} APIs
+
+{oadp-first} provides APIs that enable multiple approaches to customizing backups and preventing the inclusion of unnecessary or inappropriate resources.
+
+OADP provides the following APIs:
+
+* xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#backing-up-applications[Backup]
+* xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#restoring-applications[Restore]
+* xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc#oadp-scheduling-backups-doc[Schedule]
+* xref:../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#oadp-about-backup-snapshot-locations_installing-oadp-aws[BackupStorageLocation]
+* xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-pvs-csi-doc.adoc#oadp-backing-up-pvs-csi-doc[VolumeSnapshotLocation]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[Backing up etcd]
+// once finished re-work come back and add doc links to the APIs
+
diff --git a/backup_and_restore/application_backup_and_restore/oadp-release-notes.adoc b/backup_and_restore/application_backup_and_restore/oadp-release-notes.adoc
deleted file mode 100644
index 50fff6ad65a5..000000000000
--- a/backup_and_restore/application_backup_and_restore/oadp-release-notes.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="oadp-release-notes"]
-= OADP release notes
-include::_attributes/common-attributes.adoc[]
-:context: oadp-release-notes
-
-toc::[]
-
-The release notes for OpenShift API for Data Protection (OADP) describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
-
-
-include::modules/oadp-release-notes-1-2-0.adoc[leveloffset=+1]
-
-include::modules/oadp-release-notes-1-1-4.adoc[leveloffset=+1]
-
-include::modules/oadp-release-notes-1-1-2.adoc[leveloffset=+1]
-
-include::modules/oadp-release-notes-1-1-1.adoc[leveloffset=+1]
-
-:!oadp-release-notes:
diff --git a/virt/virtual_machines/cloning_vms/_attributes b/backup_and_restore/application_backup_and_restore/oadp-rosa/_attributes
similarity index 100%
rename from virt/virtual_machines/cloning_vms/_attributes
rename to backup_and_restore/application_backup_and_restore/oadp-rosa/_attributes
diff --git a/backup_and_restore/application_backup_and_restore/oadp-rosa/images b/backup_and_restore/application_backup_and_restore/oadp-rosa/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/oadp-rosa/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/virt/virtual_machines/cloning_vms/modules b/backup_and_restore/application_backup_and_restore/oadp-rosa/modules
similarity index 100%
rename from virt/virtual_machines/cloning_vms/modules
rename to backup_and_restore/application_backup_and_restore/oadp-rosa/modules
diff --git a/backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc b/backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc
new file mode 100644
index 000000000000..0508483d774c
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc
@@ -0,0 +1,42 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-rosa-backing-up-applications"]
+= Backing up applications on ROSA clusters using OADP
+include::_attributes/common-attributes.adoc[]
+:context: oadp-rosa-backing-up-applications
+
+toc::[]
+
+You can use {oadp-first} with {product-rosa} (ROSA) clusters to back up and restore application data.
+
+ROSA is a fully-managed, turnkey application platform that allows you to deliver value to your customers by building and deploying applications.
+
+ROSA provides seamless integration with a wide range of {aws-first} compute, database, analytics, machine learning, networking, mobile, and other services to speed up the building and delivery of differentiating experiences to your customers.
+
+You can subscribe to the service directly from your {aws-short} account.
+
+After you create your clusters, you can operate your clusters with the {product-title} web console or through link:https://docs.openshift.com/dedicated/ocm/ocm-overview.html[{cluster-manager-first}]. You can also use ROSA with OpenShift APIs and command-line interface (CLI) tools.
+
+For additional information about ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat Openshift Service on AWS (ROSA) interactive walkthrough].
+
+Before installing {oadp-first}, you must set up role and policy credentials for OADP so that it can use the {aws-full} API.
+
+This process is performed in the following two stages:
+
+. Prepare {aws-short} credentials
+. Install the OADP Operator and give it an IAM role
+
+include::modules/preparing-aws-credentials-for-oadp.adoc[leveloffset=+1]
+
+include::modules/installing-oadp-rosa-sts.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/operators/user-tasks#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console].
+* link:https://docs.openshift.com/container-platform/4.14/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.html[Backing up applications]
+
+[id="oadp-rosa-backing-up-and-cleaning"]
+== Example: Backing up workload on OADP ROSA STS, with an optional cleanup
+
+include::modules/performing-a-backup-oadp-rosa-sts.adoc[leveloffset=+2]
+include::modules/cleanup-a-backup-oadp-rosa-sts.adoc[leveloffset=+2]
+
diff --git a/virt/virtual_machines/cloning_vms/snippets b/backup_and_restore/application_backup_and_restore/oadp-rosa/snippets
similarity index 100%
rename from virt/virtual_machines/cloning_vms/snippets
rename to backup_and_restore/application_backup_and_restore/oadp-rosa/snippets
diff --git a/virt/virtual_machines/importing_vms/_attributes b/backup_and_restore/application_backup_and_restore/release-notes/_attributes
similarity index 100%
rename from virt/virtual_machines/importing_vms/_attributes
rename to backup_and_restore/application_backup_and_restore/release-notes/_attributes
diff --git a/backup_and_restore/application_backup_and_restore/release-notes/images b/backup_and_restore/application_backup_and_restore/release-notes/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/release-notes/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/virt/virtual_machines/importing_vms/modules b/backup_and_restore/application_backup_and_restore/release-notes/modules
similarity index 100%
rename from virt/virtual_machines/importing_vms/modules
rename to backup_and_restore/application_backup_and_restore/release-notes/modules
diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc
new file mode 100644
index 000000000000..ec1f49954abb
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-release-notes-1-1"]
+= OADP 1.1 release notes
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: oadp-release-notes
+
+toc::[]
+
+The release notes for OpenShift API for Data Protection (OADP) 1.1 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
+
+
+include::modules/oadp-release-notes-1-1-7.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-1-6.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-1-5.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-1-4.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-1-3.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-1-2.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-1-1.adoc[leveloffset=+1]
diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc
new file mode 100644
index 000000000000..4bba009be9b8
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-release-notes-1-2"]
+= OADP 1.2 release notes
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: oadp-release-notes
+
+toc::[]
+
+The release notes for OpenShift API for Data Protection (OADP) 1.2 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
+
+include::modules/oadp-release-notes-1-2-3.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-2-2.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-2-1.adoc[leveloffset=+1]
+
+include::modules/oadp-release-notes-1-2-0.adoc[leveloffset=+1]
+include::modules/oadp-backing-up-dpa-configuration-1-2-0.adoc[leveloffset=+3]
+include::modules/oadp-upgrading-oadp-operator-1-2-0.adoc[leveloffset=+3]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#migration-configuring-aws-s3_installing-oadp-aws[Configuring Amazon Web Services]
+* xref:../../../backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc#oadp-using-data-mover-for-csi-snapshots-doc[Using Data Mover for CSI snapshots]
+* xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators]
+
+include::modules/oadp-converting-to-new-dpa-1-2-0.adoc[leveloffset=+3]
+include::modules/oadp-verifying-upgrade-1-2-0.adoc[leveloffset=+3]
diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-3.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-3.adoc
new file mode 100644
index 000000000000..0f48f8ba3b96
--- /dev/null
+++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-3.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-release-notes"]
+= OADP 1.3 release notes
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: oadp-release-notes
+
+toc::[]
+
+The release notes for OpenShift API for Data Protection (OADP) 1.3 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
+
+include::modules/oadp-release-notes-1-3-0.adoc[leveloffset=+1]
+include::modules/oadp-upgrade-from-oadp-data-mover-1-2-0.adoc[leveloffset=+3]
+include::modules/oadp-backing-up-dpa-configuration-1-3-0.adoc[leveloffset=+3]
+include::modules/oadp-upgrading-oadp-operator-1-3-0.adoc[leveloffset=+3]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators]
+
+include::modules/oadp-converting-dpa-to-new-version-1-3-0.adoc[leveloffset=+3]
+include::modules/oadp-verifying-upgrade-1-3-0.adoc[leveloffset=+3]
diff --git a/virt/virtual_machines/importing_vms/snippets b/backup_and_restore/application_backup_and_restore/release-notes/snippets
similarity index 100%
rename from virt/virtual_machines/importing_vms/snippets
rename to backup_and_restore/application_backup_and_restore/release-notes/snippets
diff --git a/backup_and_restore/application_backup_and_restore/troubleshooting.adoc b/backup_and_restore/application_backup_and_restore/troubleshooting.adoc
index 41b79da4646a..5b533fc03215 100644
--- a/backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+++ b/backup_and_restore/application_backup_and_restore/troubleshooting.adoc
@@ -1,7 +1,8 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting"]
 = Troubleshooting
 include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: oadp-troubleshooting
 :namespace: openshift-adp
 :local-product: OADP
@@ -13,7 +14,7 @@ You can debug Velero custom resources (CRs) by using the xref:../../backup_and_r
 
 You can check xref:../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#oadp-installation-issues_oadp-troubleshooting[installation issues], xref:../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#oadp-backup-restore-cr-issues_oadp-troubleshooting[backup and restore CR issues], and xref:../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#oadp-restic-issues_oadp-troubleshooting[Restic issues].
 
-You can collect logs, CR information, and Prometheus metric data by using the xref:../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#migration-using-must-gather_oadp-troubleshooting[`must-gather` tool].
+You can collect logs and CR information by using the xref:../../backup_and_restore/application_backup_and_restore/troubleshooting.adoc#migration-using-must-gather_oadp-troubleshooting[`must-gather` tool].
 
 You can obtain the Velero CLI tool by:
 
@@ -21,6 +22,7 @@ You can obtain the Velero CLI tool by:
 * Accessing the Velero binary in the Velero deployment in the cluster
 
 include::modules/velero-obtaining-by-downloading.adoc[leveloffset=+1]
+include::modules/velero-oadp-version-relationship.adoc[leveloffset=+2]
 include::modules/velero-obtaining-by-accessing-binary.adoc[leveloffset=+1]
 
 include::modules/oadp-debugging-oc-cli.adoc[leveloffset=+1]
@@ -32,6 +34,9 @@ include::modules/migration-debugging-velero-resources.adoc[leveloffset=+1]
 == Pods crash or restart due to lack of memory or CPU
 
 If a Velero or Restic pod crashes due to a lack of memory or CPU, you can set specific resource requests for either of those resources.
+[role="_additional-resources"]
+.Additional resources
+* xref:../../backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc#oadp-velero-cpu-memory-requirements_about-installing-oadp[CPU and memory requirements]
 
 include::modules/oadp-pod-crash-set-resource-request-velero.adoc[leveloffset=+2]
 include::modules/oadp-pod-crash-set-resource-request-restic.adoc[leveloffset=+2]
@@ -65,6 +70,7 @@ This section describes the additional steps required to restore resources for se
 
 include::modules/migration-debugging-velero-admission-webhooks-knative.adoc[leveloffset=+3]
 include::modules/migration-debugging-velero-admission-webhooks-ibm-appconnect.adoc[leveloffset=+3]
+include::modules/oadp-plugins-receiving-eof-message.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
@@ -74,9 +80,34 @@ include::modules/migration-debugging-velero-admission-webhooks-ibm-appconnect.ad
 * xref:../../architecture/admission-plug-ins.adoc#admission-webhook-types_admission-plug-ins[Types of webhook admission plugins]
 
 include::modules/oadp-installation-issues.adoc[leveloffset=+1]
+include::modules/oadp-operator-issues.adoc[leveloffset=+1]
+include::modules/oadp-timeouts.adoc[leveloffset=+1]
+include::modules/oadp-restic-timeouts.adoc[leveloffset=+2]
+include::modules/oadp-velero-timeouts.adoc[leveloffset=+2]
+include::modules/oadp-datamover-timeouts.adoc[leveloffset=+2]
+include::modules/oadp-csi-snapshot-timeouts.adoc[leveloffset=+2]
+include::modules/oadp-velero-default-timeouts.adoc[leveloffset=+2]
+include::modules/oadp-item-restore-timeouts.adoc[leveloffset=+2]
+include::modules/oadp-item-backup-timeouts.adoc[leveloffset=+2]
 include::modules/oadp-backup-restore-cr-issues.adoc[leveloffset=+1]
 include::modules/oadp-restic-issues.adoc[leveloffset=+1]
+include::modules/oadp-restic-restore-failing-psa-policy.adoc[leveloffset=+2]
 
 include::modules/migration-using-must-gather.adoc[leveloffset=+1]
+include::modules/migration-combining-must-gather.adoc[leveloffset=+2]
+include::modules/oadp-monitoring.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../monitoring/monitoring-overview.adoc#about-openshift-monitoring[Monitoring stack]
+
+include::modules/oadp-monitoring-setup.adoc[leveloffset=+2]
+include::modules/oadp-creating-service-monitor.adoc[leveloffset=+2]
+include::modules/oadp-creating-alerting-rule.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../monitoring/managing-alerts.adoc#managing-alerts[Managing alerts]
+
+include::modules/oadp-list-of-metrics.adoc[leveloffset=+2]
+include::modules/oadp-viewing-metrics-ui.adoc[leveloffset=+2]
 
 :!oadp-troubleshooting:
diff --git a/backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc b/backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc
index a8bc6819d7a5..09754659df3e 100644
--- a/backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc
+++ b/backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="backup-etcd"]
 = Backing up etcd
 include::_attributes/common-attributes.adoc[]
@@ -26,3 +26,6 @@ include::modules/backup-etcd.adoc[leveloffset=+1]
 [id="additional-resources_backup-etcd"]
 == Additional resources
 * xref:../../hosted_control_planes/hcp-backup-restore-dr.adoc#hcp-backup-restore[Backing up and restoring etcd on a hosted cluster]
+
+// Creating automated etcd backups
+include::modules/etcd-creating-automated-backups.adoc[leveloffset=+1]
diff --git a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/about-disaster-recovery.adoc b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/about-disaster-recovery.adoc
index 38baebe6e0c6..28136968142d 100644
--- a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/about-disaster-recovery.adoc
+++ b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/about-disaster-recovery.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-dr"]
 = About disaster recovery
 include::_attributes/common-attributes.adoc[]
diff --git a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc
index 4400fc6492a2..32bca8c77fd6 100644
--- a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc
+++ b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dr-restoring-cluster-state"]
 = Restoring to a previous cluster state
 include::_attributes/common-attributes.adoc[]
@@ -20,7 +20,7 @@ include::modules/dr-restoring-cluster-state.adoc[leveloffset=+1]
 
 * xref:../../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Installing a user-provisioned cluster on bare metal]
 * xref:../../../networking/accessing-hosts.adoc#accessing-hosts[Creating a bastion host to access {product-title} instances and the control plane nodes with SSH]
-* xref:../../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#replacing-a-bare-metal-control-plane-node_ipi-install-expanding[Replacing a bare-metal control plane node] 
+* xref:../../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#replacing-a-bare-metal-control-plane-node_ipi-install-expanding[Replacing a bare-metal control plane node]
 
 include::modules/dr-scenario-cluster-state-issues.adoc[leveloffset=+1]
 
diff --git a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-3-expired-certs.adoc b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-3-expired-certs.adoc
index a15d6765d198..907c61922af3 100644
--- a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-3-expired-certs.adoc
+++ b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-3-expired-certs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dr-recovering-expired-certs"]
 = Recovering from expired control plane certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/backup_and_restore/control_plane_backup_and_restore/replacing-unhealthy-etcd-member.adoc b/backup_and_restore/control_plane_backup_and_restore/replacing-unhealthy-etcd-member.adoc
index 5ad22219dc1b..95c74001add0 100644
--- a/backup_and_restore/control_plane_backup_and_restore/replacing-unhealthy-etcd-member.adoc
+++ b/backup_and_restore/control_plane_backup_and_restore/replacing-unhealthy-etcd-member.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="replacing-unhealthy-etcd-member"]
 = Replacing an unhealthy etcd member
 include::_attributes/common-attributes.adoc[]
diff --git a/backup_and_restore/graceful-cluster-restart.adoc b/backup_and_restore/graceful-cluster-restart.adoc
index da115c5bf6e8..e11d5f5e93ee 100644
--- a/backup_and_restore/graceful-cluster-restart.adoc
+++ b/backup_and_restore/graceful-cluster-restart.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="graceful-restart-cluster"]
 = Restarting the cluster gracefully
 include::_attributes/common-attributes.adoc[]
diff --git a/backup_and_restore/graceful-cluster-shutdown.adoc b/backup_and_restore/graceful-cluster-shutdown.adoc
index d5fc8860f78d..9425a2270607 100644
--- a/backup_and_restore/graceful-cluster-shutdown.adoc
+++ b/backup_and_restore/graceful-cluster-shutdown.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="graceful-shutdown-cluster"]
 = Shutting down the cluster gracefully
 include::_attributes/common-attributes.adoc[]
@@ -11,6 +11,19 @@ This document describes the process to gracefully shut down your cluster. You mi
 == Prerequisites
 
 * Take an xref:../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backing-up-etcd-data_backup-etcd[etcd backup] prior to shutting down the cluster.
++
+[IMPORTANT]
+====
+It is important to take an etcd backup before performing this procedure so that your cluster can be restored if you encounter any issues when restarting the cluster.
+
+For example, the following conditions can cause the restarted cluster to malfunction:
+
+* etcd data corruption during shutdown
+* Node failure due to hardware
+* Network connectivity issues
+
+If your cluster fails to recover, follow the steps to xref:../backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc#dr-restoring-cluster-state[restore to a previous cluster state].
+====
 
 // Shutting down the cluster
 include::modules/graceful-shutdown.adoc[leveloffset=+1]
@@ -20,5 +33,3 @@ include::modules/graceful-shutdown.adoc[leveloffset=+1]
 == Additional resources
 
 * xref:../backup_and_restore/graceful-cluster-restart.adoc#graceful-restart-cluster[Restarting the cluster gracefully]
-
-* xref:../backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc#dr-restoring-cluster-state[Restore to a previous cluster state]
\ No newline at end of file
diff --git a/backup_and_restore/index.adoc b/backup_and_restore/index.adoc
index 4784c633da6d..5bd4be21a632 100644
--- a/backup_and_restore/index.adoc
+++ b/backup_and_restore/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="backup-restore-overview"]
 = Backup and restore
 include::_attributes/common-attributes.adoc[]
@@ -23,7 +23,7 @@ A cluster's certificates expire one year after the installation date. You can sh
 
 You might run into several situations where {product-title}  does not work as expected, such as:
 
-* You have a cluster that is not functional after the restart because of unexpected conditions, such as node failure, or network connectivity issues.
+* You have a cluster that is not functional after the restart because of unexpected conditions, such as node failure or network connectivity issues.
 * You have deleted something critical in the cluster by mistake.
 * You have lost the majority of your control plane hosts, leading to etcd quorum loss.
 
@@ -74,12 +74,15 @@ If you do not want to back up PVs by using snapshots, you can use link:https://r
 [id="backing-up-and-restoring-applications"]
 === Backing up and restoring applications
 
-You back up applications by creating a `Backup` custom resource (CR). See xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-cr_backing-up-applications[Creating a Backup CR].You can configure the following backup options:
+You back up applications by creating a `Backup` custom resource (CR). See xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc#backing-up-applications[Creating a Backup CR]. You can configure the following backup options:
 
-* xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-hooks_backing-up-applications[Backup hooks] to run commands before or after the backup operation
-* xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-scheduling-backups_backing-up-applications[Scheduled backups]
-* xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic backups]
+* xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-hooks-doc.adoc#backing-up-applications[Creating backup hooks] to run commands before or after the backup operation
 
-You restore application backups by creating a `Restore` (CR). See xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-cr_restoring-applications[Creating a Restore CR].  You can configure xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-hooks_restoring-applications[restore hooks] to run commands in init containers or in the application container during the restore operation.
+* xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc#backing-up-applications[Scheduling backups]
+
+* xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc#backing-up-applications[Backing up applications with File System Backup: Kopia or Restic]
+
+* You restore application backups by creating a `Restore` (CR). See xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#oadp-creating-restore-cr_restoring-applications[Creating a Restore CR].
+* You can configure xref:../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications#oadp-creating-restore-hooks_restoring-applications[restore hooks] to run commands in init containers or in the application container during the restore operation.
 
 :backup-restore-overview!:
diff --git a/build_for_portal.py b/build_for_portal.py
index e33a6b58fe71..d4a2f5359098 100644
--- a/build_for_portal.py
+++ b/build_for_portal.py
@@ -46,7 +46,6 @@
 )
 CMP_IGNORE_FILES = [".git", ".gitignore", "README.md", "build.cfg"]
 DEVNULL = open(os.devnull, "wb")
-LIST_OF_HUGE_BOOKS: list = ["Installing", "API reference"]
 
 MASTER_FILE_BASE = "= {title}\n\
 :product-author: {product-author}\n\
@@ -269,7 +268,37 @@ def ensure_directory(directory):
     Creates DIRECTORY if it does not exist.
     """
     if not os.path.exists(directory):
-        os.mkdir(directory)
+        os.makedirs(directory)
+
+def expand_huge_books(info):
+    """
+    Finds nodes for huge books, creates new nodes for books from their top-level topics,
+    and then removes the nodes for huge books
+    """
+
+    # find all the huge books, sa defined by nodes
+    huge_book_nodes = [book for book in info["book_nodes"]
+        if os.path.exists(os.path.join(info["src_dir"],book["Dir"],"hugeBook.flag")) ]
+
+
+    for book in huge_book_nodes:
+            # save the directory in info
+            huge_book_dir = book["Dir"]
+            info["huge_book_dirs"].append(huge_book_dir)
+            # create the flag file in the book destination directory
+            book_dest_dir = os.path.join(info["dest_dir"], book["Dir"])
+            ensure_directory(book_dest_dir)
+            with open(os.path.join(book_dest_dir,"hugeBook.flag"),"w") as fi:
+                fi.write("hugebook")
+            # make new book nodes for the second-level headings
+            for topic in book["Topics"]:
+                if "Dir" in topic.keys():
+                    info["book_nodes"].append(topic)
+                    topic["Dir"] = huge_book_dir + "/" + topic["Dir"]
+
+    # remove book nodes for huge books
+    for node_to_remove in huge_book_nodes:
+        info["book_nodes"].remove(node_to_remove)
 
 
 def build_master_files(info):
@@ -277,11 +306,15 @@ def build_master_files(info):
     Builds the master.adoc and docinfo.xml files for each guide specified in the config.
     """
 
+    # change the huge books into sub-books
+    expand_huge_books(info)
+
     # TODO: Refactor. This does too much.
 
     dest_dir = info["dest_dir"]
     all_in_one = info["all_in_one"]
     all_in_one_text = ""
+
     for book in info["book_nodes"]:
 
         book_dest_dir = os.path.join(dest_dir, book["Dir"])
@@ -328,40 +361,6 @@ def build_master_files(info):
                     info["preface-title"] = ":preface-title: " + preface_title
             all_in_one_text += master
 
-        if book["Name"] in LIST_OF_HUGE_BOOKS:
-            huge_book_topics = book["Topics"]
-
-            for topic in huge_book_topics:
-                if "Dir" in topic.keys():
-                    topic_master_file = os.path.join(
-                        book_dest_dir, topic["Dir"], "master.adoc"
-                    )
-                    topic_docinfo_file = os.path.join(
-                        book_dest_dir, topic["Dir"], "docinfo.xml"
-                    )
-
-                    # TODO: Make less hacky.
-                    book_info["title"] = topic["Name"]
-                    info["title"] = topic["Name"]
-
-                    master_base = MASTER_FILE_BASE.format(**book_info)
-                    docinfo_node = topic["Name"]
-
-                    ensure_directory(os.path.join(book_dest_dir, topic["Dir"]))
-                    sub_master = generate_master_entry(
-                        topic,
-                        topic["Dir"],
-                        info["distro"],
-                        all_in_one,
-                        all_in_one=all_in_one,
-                    )
-
-                    log.debug("Writing " + topic_master_file)
-                    with open(topic_master_file, "w") as f:
-                        f.write(master_base + sub_master)
-                    log.debug("Writing " + topic_docinfo_file)
-                    with open(topic_docinfo_file, "w") as f:
-                        f.write(DOCINFO_BASE.format(**info))
     # TODO: And is this ever used?
     if all_in_one:
         master_file = os.path.join(dest_dir, "master.adoc")
@@ -515,6 +514,7 @@ def copy_file(
     Copies a source file to destination, making sure to scrub the content, add id's where the content is referenced elsewhere and fix any
     links that should be cross references. Also copies any includes that are referenced, since they aren't included in _build_cfg.yml.
     """
+
     # It's possible that the file might have been created by another include, if so then just return
     if os.path.isfile(dest_file):
         return
@@ -544,15 +544,17 @@ def copy_file(
                     key, value = re.split("\s*=\s*", meta, 2)
                     include_vars[key] = value
 
+
             # Determine the include src/dest paths
             include_file = os.path.join(os.path.dirname(book_src_dir), include_path)
             relative_path = os.path.relpath(include_file, os.path.dirname(src_file))
 
             # If the path is in another book, copy it into this one
             relative_book_path = os.path.relpath(include_file, book_src_dir)
+
             if relative_book_path.startswith("../"):
-                path, src_book_name = os.path.split(book_src_dir)
-                dest_include_dir = os.path.join(dest_dir, src_book_name, "includes")
+                src_book_relative_dir = os.path.relpath(book_src_dir,info["src_dir"])
+                dest_include_dir = os.path.join(dest_dir, src_book_relative_dir, "includes")
                 relative_path = os.path.join(
                     os.path.relpath(dest_include_dir, parent_dir),
                     os.path.basename(include_file),
@@ -720,7 +722,7 @@ def fix_links(content, info, book_src_dir, src_file, tag=None, cwd=None):
     Fix any links that were done incorrectly and reference the output instead of the source content.
     """
     if info["all_in_one"]:
-        content = fix_links(content, info["src_dir"], src_file, info)
+        content = _fix_links(content, info["src_dir"], src_file, info)
     else:
         # Determine if the tag should be passed when fixing the links. If it's in the same book, then process the entire file. If it's
         # outside the book then don't process it.
@@ -733,11 +735,27 @@ def fix_links(content, info, book_src_dir, src_file, tag=None, cwd=None):
 
     return content
 
+def dir_to_book_name(dir,src_file,info):
+    # find a book name by the directory
+    for book in info["book_nodes"]:
+        if book["Dir"] == dir:
+            return(book["Name"])
+            break
+
+    has_errors = True
+    log.error(
+        'ERROR (%s): book not found for the directory %s',
+        src_file,
+        dir)
+    return(dir)
+
 
 def _fix_links(content, book_dir, src_file, info, tag=None, cwd=None):
     """
     Fix any links that were done incorrectly and reference the output instead of the source content.
     """
+    current_book_name = dir_to_book_name(os.path.relpath(book_dir,info["src_dir"]),src_file,info)
+
     # TODO Deal with xref so that they keep the proper path. Atm it'll just strip the path and leave only the id
     file_to_id_map = info["file_to_id_map"]
     current_dir = cwd or os.path.dirname(src_file)
@@ -750,6 +768,14 @@ def _fix_links(content, book_dir, src_file, info, tag=None, cwd=None):
         link_anchor = link.group(2)
         link_title = link.group(3)
 
+        # sanity check - is this a link to an external site?
+        # apparently the link macro CAN be used for internal links too, so just testing for http
+        # NOTE: a docs.openshift.com link would not process here corectly, anyway, so let it pass through
+        if ("http:" in link_text) or ("https:" in link_text):
+            continue
+
+        fixed_link = "" # setting the scope of fixed_link outside the if statements
+
         if link_file is not None:
             fixed_link_file = link_file.replace(".html", ".adoc")
             fixed_link_file_abs = os.path.abspath(
@@ -757,32 +783,41 @@ def _fix_links(content, book_dir, src_file, info, tag=None, cwd=None):
             )
             if fixed_link_file_abs in file_to_id_map:
 
-                # We are dealing with a cross reference to another book here
-                external_link = EXTERNAL_LINK_RE.search(link_file)
-                book_dir_name = external_link.group(1)
+                # We are dealing with a cross reference to a book here
+                full_relative_path = os.path.relpath(fixed_link_file_abs,info["src_dir"])
+
+                if full_relative_path[:2]=="..":
+                    log.error(
+                        'ERROR (%s): link pointing outside source directory? %s',
+                        src_file,
+                        link_file)
+                    continue
+                split_relative_path = full_relative_path.split("/")
+                book_dir_name = split_relative_path[0]
+                if book_dir_name in info["huge_book_dirs"]:
+                    book_dir_name = split_relative_path[0]+"/"+split_relative_path[1]
 
                 # Find the book name
-                book_name = book_dir_name
-                for book in info["data"]:
-                    if (
-                        check_node_distro_matches(book, info["distro"])
-                        and book["Dir"] == book_dir_name
-                    ):
-                        book_name = book["Name"]
-                        break
-
-                fixed_link_file = BASE_PORTAL_URL + build_portal_url(info, book_name)
-
-                if link_anchor is None:
-                    fixed_link = (
-                        "link:"
-                        + fixed_link_file
-                        + "#"
-                        + file_to_id_map[fixed_link_file_abs]
-                        + link_title
-                    )
+                book_name = dir_to_book_name(book_dir_name,src_file,info)
+
+
+                if book_name==current_book_name:
+                    if link_anchor is None:
+                        fixed_link = "xref:" + file_to_id_map[fixed_link_file_abs] + link_title
+                    else:
+                        fixed_link = "xref:" + link_anchor.replace("#", "") + link_title
                 else:
-                    fixed_link = "link:" + fixed_link_file + link_anchor + link_title
+                    fixed_link_file = BASE_PORTAL_URL + build_portal_url(info, book_name)
+                    if link_anchor is None:
+                        fixed_link = (
+                            "link:"
+                            + fixed_link_file
+                            + "#"
+                            + file_to_id_map[fixed_link_file_abs]
+                            + link_title
+                        )
+                    else:
+                        fixed_link = "link:" + fixed_link_file + link_anchor + link_title
             else:
                 # Cross reference or link that isn't in the docs suite
                 fixed_link = link_text
@@ -1132,6 +1167,7 @@ def main():
         "all_in_one": args.all_in_one,
         "preface-title": "",
         "upstream_branch": args.upstream_branch,
+        "huge_book_dirs": []
     }
 
     # Build the master files
diff --git a/cicd/builds/advanced-build-operations.adoc b/cicd/builds/advanced-build-operations.adoc
index c8a9279320d0..3a26aedd3944 100644
--- a/cicd/builds/advanced-build-operations.adoc
+++ b/cicd/builds/advanced-build-operations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="advanced-build-operations"]
 = Performing advanced builds
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/basic-build-operations.adoc b/cicd/builds/basic-build-operations.adoc
index 5e63cd49638b..ebdb8b93538a 100644
--- a/cicd/builds/basic-build-operations.adoc
+++ b/cicd/builds/basic-build-operations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="basic-build-operations"]
 = Performing and configuring basic builds
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/build-configuration.adoc b/cicd/builds/build-configuration.adoc
index a73773137d95..5ffc4ae73652 100644
--- a/cicd/builds/build-configuration.adoc
+++ b/cicd/builds/build-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="build-configuration"]
 = Build configuration resources
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/build-strategies.adoc b/cicd/builds/build-strategies.adoc
index 3bc1fd41cb51..2b66d1fd45ce 100644
--- a/cicd/builds/build-strategies.adoc
+++ b/cicd/builds/build-strategies.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="build-strategies"]
 = Using build strategies
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/creating-build-inputs.adoc b/cicd/builds/creating-build-inputs.adoc
index 32354cd232c9..14a54d93b055 100644
--- a/cicd/builds/creating-build-inputs.adoc
+++ b/cicd/builds/creating-build-inputs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-build-inputs"]
 = Creating build inputs
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/custom-builds-buildah.adoc b/cicd/builds/custom-builds-buildah.adoc
index 9ea928151cb0..56eb739a0908 100644
--- a/cicd/builds/custom-builds-buildah.adoc
+++ b/cicd/builds/custom-builds-buildah.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="custom-builds-buildah"]
 = Custom image builds with Buildah
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/managing-build-output.adoc b/cicd/builds/managing-build-output.adoc
index 1378cd27f6e5..486a103c3dc9 100644
--- a/cicd/builds/managing-build-output.adoc
+++ b/cicd/builds/managing-build-output.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-build-output"]
 = Managing build output
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/running-entitled-builds.adoc b/cicd/builds/running-entitled-builds.adoc
index 4eef8f5985dc..6b38fed5181e 100644
--- a/cicd/builds/running-entitled-builds.adoc
+++ b/cicd/builds/running-entitled-builds.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="running-entitled-builds"]
 = Using Red Hat subscriptions in builds
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/securing-builds-by-strategy.adoc b/cicd/builds/securing-builds-by-strategy.adoc
index 9809d2327602..74cb3602327c 100644
--- a/cicd/builds/securing-builds-by-strategy.adoc
+++ b/cicd/builds/securing-builds-by-strategy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="securing-builds-by-strategy"]
 = Securing builds by strategy
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/setting-up-trusted-ca.adoc b/cicd/builds/setting-up-trusted-ca.adoc
index 6adc4e59cb6e..de6612efd9a8 100644
--- a/cicd/builds/setting-up-trusted-ca.adoc
+++ b/cicd/builds/setting-up-trusted-ca.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="setting-up-trusted-ca"]
 = Setting up additional trusted certificate authorities for builds
 ifndef::openshift-dedicated,openshift-rosa[]
diff --git a/cicd/builds/triggering-builds-build-hooks.adoc b/cicd/builds/triggering-builds-build-hooks.adoc
index adca76892240..123549e06b44 100644
--- a/cicd/builds/triggering-builds-build-hooks.adoc
+++ b/cicd/builds/triggering-builds-build-hooks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="triggering-builds-build-hooks"]
 = Triggering and modifying builds
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/troubleshooting-builds.adoc b/cicd/builds/troubleshooting-builds.adoc
index 92cd14bfd15d..ba5bbfc23a38 100644
--- a/cicd/builds/troubleshooting-builds.adoc
+++ b/cicd/builds/troubleshooting-builds.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-builds_{context}"]
 = Troubleshooting builds
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/understanding-buildconfigs.adoc b/cicd/builds/understanding-buildconfigs.adoc
index bf87540e52ac..498c74fb9f15 100644
--- a/cicd/builds/understanding-buildconfigs.adoc
+++ b/cicd/builds/understanding-buildconfigs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-buildconfigs"]
 = Understanding build configurations
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/builds/understanding-image-builds.adoc b/cicd/builds/understanding-image-builds.adoc
index 6483bac9c0b7..b2875d6937d3 100644
--- a/cicd/builds/understanding-image-builds.adoc
+++ b/cicd/builds/understanding-image-builds.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-image-builds"]
 = Understanding image builds
 include::_attributes/common-attributes.adoc[]
diff --git a/distr_tracing/distr_tracing_install/_attributes b/cicd/builds_using_shipwright/_attributes
similarity index 100%
rename from distr_tracing/distr_tracing_install/_attributes
rename to cicd/builds_using_shipwright/_attributes
diff --git a/logging/v5_5/images b/cicd/builds_using_shipwright/images
similarity index 100%
rename from logging/v5_5/images
rename to cicd/builds_using_shipwright/images
diff --git a/logging/v5_6/modules b/cicd/builds_using_shipwright/modules
similarity index 100%
rename from logging/v5_6/modules
rename to cicd/builds_using_shipwright/modules
diff --git a/cicd/builds_using_shipwright/overview-openshift-builds.adoc b/cicd/builds_using_shipwright/overview-openshift-builds.adoc
new file mode 100644
index 000000000000..a874af3d3952
--- /dev/null
+++ b/cicd/builds_using_shipwright/overview-openshift-builds.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="overview-openshift-builds"]
+= Overview of Builds
+:context: overview-openshift-builds
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+
+Builds is an extensible build framework based on the link:https://shipwright.io/[Shipwright project], which you can use to build container images on an {product-title} cluster. You can build container images from source code and Dockerfiles by using image build tools, such as Source-to-Image (S2I) and Buildah. You can create and apply build resources, view logs of build runs, and manage builds in your {product-title} namespaces.
+
+Builds includes the following capabilities:
+
+* Standard Kubernetes-native API for building container images from source code and Dockerfiles
+* Support for Source-to-Image (S2I) and Buildah build strategies
+* Extensibility with your own custom build strategies
+* Execution of builds from source code in a local directory
+* Shipwright CLI for creating and viewing logs, and managing builds on the cluster
+* Integrated user experience with the *Developer* perspective of the {product-title} web console
+
+
+Builds consists of the following custom resources (CRs):
+
+* `Build`
+* `BuildStrategy` and `ClusterBuildStrategy`
+* `BuildRun`
diff --git a/distr_tracing/distr_tracing_config/snippets b/cicd/builds_using_shipwright/snippets
similarity index 100%
rename from distr_tracing/distr_tracing_config/snippets
rename to cicd/builds_using_shipwright/snippets
diff --git a/cicd/gitops/about-redhat-openshift-gitops.adoc b/cicd/gitops/about-redhat-openshift-gitops.adoc
new file mode 100644
index 000000000000..799de0f2d9c3
--- /dev/null
+++ b/cicd/gitops/about-redhat-openshift-gitops.adoc
@@ -0,0 +1,54 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="about-redhat-openshift-gitops"]
+= About {gitops-title}
+:context: about-redhat-openshift-gitops
+
+toc::[]
+
+{gitops-title} is an Operator that uses Argo CD as the declarative GitOps engine. It enables GitOps workflows across multicluster OpenShift and Kubernetes infrastructure. Using {gitops-title}, administrators can consistently configure and deploy Kubernetes-based infrastructure and applications across clusters and development lifecycles. {gitops-title} is based on the open source project link:https://argoproj.github.io/cd/[Argo CD] and provides a similar set of features to what the upstream offers, with additional automation, integration into Red Hat {OCP} and the benefits of Red Hat’s enterprise support, quality assurance and focus on enterprise security.
+
+[NOTE]
+====
+Because {gitops-title} releases on a different cadence from {OCP}, the {gitops-title} documentation is now available as separate documentation sets for each minor version of the product.
+
+The {gitops-title} documentation is available at link:https://docs.openshift.com/gitops/[].
+
+Documentation for specific versions is available using the version selector dropdown, or directly by adding the version to the URL, for example, link:https://docs.openshift.com/gitops/1.8[].
+
+In addition, the {gitops-title} documentation is also available on the Red Hat Portal at https://access.redhat.com/documentation/en-us/red_hat_openshift_gitops/[].
+
+For additional information about the {gitops-title} life cycle and supported platforms, refer to the link:https://access.redhat.com/support/policy/updates/openshift#gitops[Platform Life Cycle Policy].
+====
+
+{gitops-title} ensures consistency in applications when you deploy them to different clusters in different environments, such as: development, staging, and production. {gitops-title} organizes the deployment process around the configuration repositories and makes them the central element. It always has at least two repositories:
+
+  . Application repository with the source code
+  . Environment configuration repository that defines the desired state of the application
+
+These repositories contain a declarative description of the infrastructure you need in your specified environment. They also contain an automated process to make your environment match the described state.
+
+{gitops-title} uses Argo CD to maintain cluster resources. Argo CD is an open-source declarative tool for the continuous integration and continuous deployment (CI/CD) of applications. {gitops-title} implements Argo CD as a controller so that it continuously monitors application definitions and configurations defined in a Git repository. Then, Argo CD compares the specified state of these configurations with their live state on the cluster.
+
+Argo CD reports any configurations that deviate from their specified state. These reports allow administrators to automatically or manually resync configurations to the defined state. Therefore, Argo CD enables you to deliver global custom resources, like the resources that are used to configure {OCP} clusters.
+
+[id="key-features"]
+== Key features
+
+{gitops-title} helps you automate the following tasks:
+
+* Ensure that the clusters have similar states for configuration, monitoring, and storage
+* Apply or revert configuration changes to multiple {OCP} clusters
+* Associate templated configuration with different environments
+* Promote applications across clusters, from staging to production
+
+// add something about CLI tools?
+
+
+[id="additional-resources_about-op-gitops"]
+[role="_additional-resources"]
+== Additional resources
+
+* link:https://docs.openshift.com/container-platform/latest/operators/understanding/crds/crd-extending-api-with-crds.html#crd-extending-api-with-crds[Extending the Kubernetes API with custom resource definitions]
+* link:https://docs.openshift.com/container-platform/latest/operators/understanding/crds/crd-managing-resources-from-crds.html#crd-managing-resources-from-crds[Managing resources from custom resource definitions]
+* link:https://docs.openshift.com/gitops/latest/understanding_openshift_gitops/what-is-gitops.html#what-is-gitops[What is GitOps?]
diff --git a/cicd/gitops/about-sizing-requirements-gitops.adoc b/cicd/gitops/about-sizing-requirements-gitops.adoc
index 1907bf67f9b4..97833df23946 100644
--- a/cicd/gitops/about-sizing-requirements-gitops.adoc
+++ b/cicd/gitops/about-sizing-requirements-gitops.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-sizing-requirements-gitops"]
 = Sizing requirements for GitOps Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/argo-cd-custom-resource-properties.adoc b/cicd/gitops/argo-cd-custom-resource-properties.adoc
index ad6e49faa176..bb0a41497c79 100644
--- a/cicd/gitops/argo-cd-custom-resource-properties.adoc
+++ b/cicd/gitops/argo-cd-custom-resource-properties.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="argo-cd-custom-resource-properties"]
 = Argo CD Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/collecting-debugging-data-for-support.adoc b/cicd/gitops/collecting-debugging-data-for-support.adoc
index c2db643ed117..b9c38514d0bf 100644
--- a/cicd/gitops/collecting-debugging-data-for-support.adoc
+++ b/cicd/gitops/collecting-debugging-data-for-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="collecting-debugging-data-for-support"]
 = Collecting debugging data for a support case
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc b/cicd/gitops/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
index 05240fc23661..85a435274af4 100644
--- a/cicd/gitops/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
+++ b/cicd/gitops/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations"]
 = Configuring an OpenShift cluster by deploying an application with cluster configurations
 include::_attributes/common-attributes.adoc[]
@@ -10,8 +10,8 @@ With {gitops-title}, you can configure Argo CD to recursively sync the content o
 
 .Prerequisites
 
-* You have logged in to the `product-title` cluster as an administrator.
-* You have installed the `gitops-title` Operator in your cluster.
+* You have logged in to the {product-title} cluster as an administrator.
+* You have installed the {gitops-title} Operator in your cluster.
 * You have logged into Argo CD instance.
 
 include::modules/gitops-using-argo-cd-instance-to-manage-cluster-scoped-resources.adoc[leveloffset=+1]
diff --git a/cicd/gitops/configuring-argo-cd-rbac.adoc b/cicd/gitops/configuring-argo-cd-rbac.adoc
index 00b6c827d7b5..87df5230a0cc 100644
--- a/cicd/gitops/configuring-argo-cd-rbac.adoc
+++ b/cicd/gitops/configuring-argo-cd-rbac.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-argo-cd-rbac"]
 = Configuring Argo CD RBAC
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/configuring-resource-quota.adoc b/cicd/gitops/configuring-resource-quota.adoc
index 937f1fb3c44a..af2b02ac2226 100644
--- a/cicd/gitops/configuring-resource-quota.adoc
+++ b/cicd/gitops/configuring-resource-quota.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-resource-quota"]
 = Configuring resource quota or requests
 include::_attributes/common-attributes.adoc[]
@@ -7,7 +7,7 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 [role="_abstract"]
-With the Argo CD Custom Resource, you can create, update, and delete resource requests and limits for Argo CD workloads. 
+With the Argo CD Custom Resource, you can create, update, and delete resource requests and limits for Argo CD workloads.
 
 include::modules/configure-workloads.adoc[leveloffset=+1]
 include::modules/patch-argocd-instance.adoc[leveloffset=+1]
diff --git a/cicd/gitops/configuring-secure-communication-with-redis.adoc b/cicd/gitops/configuring-secure-communication-with-redis.adoc
new file mode 100644
index 000000000000..192d71b7ece5
--- /dev/null
+++ b/cicd/gitops/configuring-secure-communication-with-redis.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-secure-communication-with-redis"]
+= Configuring secure communication with Redis
+include::_attributes/common-attributes.adoc[]
+:context: configuring-secure-communication-with-redis
+
+toc::[]
+
+Using the Transport Layer Security (TLS) encryption with {gitops-title}, you can secure the communication between the Argo CD components and Redis cache and protect the possibly sensitive data in transit.
+
+You can secure communication with Redis by using one of the following configurations:
+
+* Enable the `autotls` setting to issue an appropriate certificate for TLS encryption.
+* Manually configure the TLS encryption by creating the `argocd-operator-redis-tls` secret with a key and certificate pair.
+
+Both configurations are possible with or without the High Availability (HA) enabled.
+
+.Prerequisites
+* You have access to the cluster with `cluster-admin` privileges.
+* You have access to the {product-title} web console.
+* {gitops-title} Operator is installed on your cluster.
+
+include::modules/gitops-configuring-tls-for-redis-with-autotls-enabled.adoc[leveloffset=+1]
+
+include::modules/gitops-configuring-tls-for-redis-with-autotls-disabled.adoc[leveloffset=+1]
+
+
diff --git a/cicd/gitops/configuring-sso-for-argo-cd-on-openshift.adoc b/cicd/gitops/configuring-sso-for-argo-cd-on-openshift.adoc
index f293b6f82222..3d0df978cec5 100644
--- a/cicd/gitops/configuring-sso-for-argo-cd-on-openshift.adoc
+++ b/cicd/gitops/configuring-sso-for-argo-cd-on-openshift.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sso-for-argo-cd-on-openshift"]
 = Configuring SSO for Argo CD on OpenShift
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/configuring-sso-for-argo-cd-using-keycloak.adoc b/cicd/gitops/configuring-sso-for-argo-cd-using-keycloak.adoc
index dbd0d8683a97..9b34a6eb5fca 100644
--- a/cicd/gitops/configuring-sso-for-argo-cd-using-keycloak.adoc
+++ b/cicd/gitops/configuring-sso-for-argo-cd-using-keycloak.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sso-for-argo-cd-using-keycloak"]
 = Configuring SSO for Argo CD using Keycloak
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/configuring-sso-on-argo-cd-using-dex.adoc b/cicd/gitops/configuring-sso-on-argo-cd-using-dex.adoc
index 28fbb2790c70..c1eab3e39433 100644
--- a/cicd/gitops/configuring-sso-on-argo-cd-using-dex.adoc
+++ b/cicd/gitops/configuring-sso-on-argo-cd-using-dex.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sso-for-argo-cd-using-dex"]
 = Configuring SSO for Argo CD using Dex
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/deploying-a-spring-boot-application-with-argo-cd.adoc b/cicd/gitops/deploying-a-spring-boot-application-with-argo-cd.adoc
index 53a9fc1dacbd..5bbdbed55137 100644
--- a/cicd/gitops/deploying-a-spring-boot-application-with-argo-cd.adoc
+++ b/cicd/gitops/deploying-a-spring-boot-application-with-argo-cd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-a-spring-boot-application-with-argo-cd"]
 = Deploying a Spring Boot application with Argo CD
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/gitops-release-notes.adoc b/cicd/gitops/gitops-release-notes.adoc
index e5dffe5ab484..01ba924070c3 100644
--- a/cicd/gitops/gitops-release-notes.adoc
+++ b/cicd/gitops/gitops-release-notes.adoc
@@ -1,5 +1,5 @@
 //OpenShift GitOps Release Notes
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="gitops-release-notes"]
 = {gitops-title} release notes
 :context: gitops-release-notes
@@ -23,7 +23,12 @@ include::modules/go-compatibility-and-support-matrix.adoc[leveloffset=+1]
 include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
 
 // Modules included, most to least recent
+include::modules/gitops-release-notes-1-9-2.adoc[leveloffset=+1]
+
+include::modules/gitops-release-notes-1-9-1.adoc[leveloffset=+1]
+
 include::modules/gitops-release-notes-1-9-0.adoc[leveloffset=+1]
+
 // 1.25.0 additional resources, OCP docs
 ifdef::openshift-enterprise[]
 [role="_additional-resources"]
@@ -31,6 +36,10 @@ ifdef::openshift-enterprise[]
 * xref:../../operators/admin/olm-configuring-proxy-support.adoc#olm-inject-custom-ca_olm-configuring-proxy-support[Injecting a custom CA certificate]
 endif::[]
 
+include::modules/gitops-release-notes-1-8-5.adoc[leveloffset=+1]
+
+include::modules/gitops-release-notes-1-8-4.adoc[leveloffset=+1]
+
 include::modules/gitops-release-notes-1-8-3.adoc[leveloffset=+1]
 
 include::modules/gitops-release-notes-1-8-2.adoc[leveloffset=+1]
diff --git a/cicd/gitops/health-information-for-resources-deployment.adoc b/cicd/gitops/health-information-for-resources-deployment.adoc
index 0eb5a6be00b2..a97c16664fee 100644
--- a/cicd/gitops/health-information-for-resources-deployment.adoc
+++ b/cicd/gitops/health-information-for-resources-deployment.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="health-information-for-resources-deployment"]
 = Monitoring health information for application resources and deployments
 :context: health-information-for-resources-deployment
@@ -12,4 +12,5 @@ The *Application environments* page in the *Developer* perspective of the {produ
 
 The environments pages in the *Developer* perspective of the {product-title} web console are decoupled from the {gitops-title} Application Manager command-line interface (CLI), `kam`. You do not have to use `kam` to generate Application Environment manifests for the environments to show up in the *Developer* perspective of the {product-title} web console. You can use your own manifests, but the environments must still be represented by namespaces. In addition, specific labels and annotations are still needed.
 
+include::modules/go-settings-for-environment-labels-and-annotations.adoc[leveloffset=+1]
 include::modules/go-health-monitoring.adoc[leveloffset=+1]
diff --git a/cicd/gitops/installing-openshift-gitops.adoc b/cicd/gitops/installing-openshift-gitops.adoc
index 2435189f3b21..ae9a07411e95 100644
--- a/cicd/gitops/installing-openshift-gitops.adoc
+++ b/cicd/gitops/installing-openshift-gitops.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="getting-started-with-openshift-gitops"]
 = Installing {gitops-title}
 include::_attributes/common-attributes.adoc[]
@@ -24,6 +24,13 @@ If you have already installed the Community version of the Argo CD Operator, rem
 
 This guide explains how to install the {gitops-title} Operator to an {product-title} cluster and log in to the Argo CD instance.
 
+[IMPORTANT]
+====
+The `latest` channel enables installation of the most recent stable version of the {gitops-title} Operator. Currently, it is the default channel for installing the {gitops-title} Operator.
+
+To install a specific version of the {gitops-title} Operator, cluster administrators can use the corresponding `gitops-<version>` channel. For example, to install the {gitops-title} Operator version 1.8.x, you can use the `gitops-1.8` channel.
+====
+
 include::modules/installing-gitops-operator-in-web-console.adoc[leveloffset=+1]
 
 include::modules/installing-gitops-operator-using-cli.adoc[leveloffset=+1]
diff --git a/cicd/gitops/monitoring-argo-cd-custom-resource-workloads.adoc b/cicd/gitops/monitoring-argo-cd-custom-resource-workloads.adoc
index 800b71dc6de3..71f743215737 100644
--- a/cicd/gitops/monitoring-argo-cd-custom-resource-workloads.adoc
+++ b/cicd/gitops/monitoring-argo-cd-custom-resource-workloads.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="monitoring-argo-cd-custom-resource-workloads"]
 = Monitoring Argo CD custom resource workloads
 include::_attributes/common-attributes.adoc[]
@@ -9,17 +9,17 @@ toc::[]
 [role="_abstract"]
 With {gitops-title}, you can monitor the availability of Argo CD custom resource workloads for specific Argo CD instances. By monitoring Argo CD custom resource workloads, you have the latest information about the state of your Argo CD instances by enabling alerts for them. When the component workload pods such as application-controller, repo-server, or server of the corresponding Argo CD instance are unable to come up for certain reasons and there is a drift between the number of ready replicas and the number of desired replicas for a certain period of time, the Operator then triggers the alerts.
 
-You can enable and disable the setting for monitoring Argo CD custom resource workloads. 
+You can enable and disable the setting for monitoring Argo CD custom resource workloads.
 
 // Prerequisites for monitoring Argo CD custom resource workloads
 [discrete]
 == Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role. 
+* You have access to the cluster as a user with the `cluster-admin` role.
 * {gitops-title} is installed in your cluster.
 * The monitoring stack is configured in your cluster in the `openshift-monitoring` project. In addition, the Argo CD instance is in a namespace that you can monitor through Prometheus.
 * The `kube-state-metrics` service is running in your cluster.
-* Optional: If you are enabling monitoring for an Argo CD instance already present in a user-defined project, ensure that the monitoring is xref:../../monitoring/enabling-monitoring-for-user-defined-projects.html#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[enabled for user-defined projects] in your cluster.
+* Optional: If you are enabling monitoring for an Argo CD instance already present in a user-defined project, ensure that the monitoring is xref:../../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[enabled for user-defined projects] in your cluster.
 +
 [NOTE]
 ====
diff --git a/cicd/gitops/monitoring-argo-cd-instances.adoc b/cicd/gitops/monitoring-argo-cd-instances.adoc
new file mode 100644
index 000000000000..4fb0a6b567bd
--- /dev/null
+++ b/cicd/gitops/monitoring-argo-cd-instances.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="monitoring-argo-cd-instances"]
+= Monitoring Argo CD instances
+include::_attributes/common-attributes.adoc[]
+:context: monitoring-argo-cd-instances
+
+toc::[]
+
+By default, the {gitops-title} Operator automatically detects an installed Argo CD instance in your defined namespace, for example, `openshift-gitops`, and connects it to the monitoring stack of the cluster to provide alerts for out-of-sync applications.
+
+.Prerequisites
+* You have access to the cluster with `cluster-admin` privileges.
+* You have access to the {product-title} web console.
+* You have installed the {gitops-title} Operator in your cluster.
+* You have installed an Argo CD application in your defined namespace, for example, `openshift-gitops`.
+
+include::modules/gitops-monitoring-argo-cd-health-using-prometheus-metrics.adoc[leveloffset=+1]
diff --git a/cicd/gitops/run-gitops-control-plane-workload-on-infra-nodes.adoc b/cicd/gitops/run-gitops-control-plane-workload-on-infra-nodes.adoc
index 21122fe29469..cf97208bdb4c 100644
--- a/cicd/gitops/run-gitops-control-plane-workload-on-infra-nodes.adoc
+++ b/cicd/gitops/run-gitops-control-plane-workload-on-infra-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="run-gitops-control-plane-workload-on-infra-nodes"]
 = Running {gitops-shortname} control plane workloads on infrastructure nodes
 :context: run-gitops-control-plane-workload-on-infra-nodes
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can use infrastructure nodes to prevent additional billing cost against subscription counts. 
+You can use infrastructure nodes to prevent additional billing cost against subscription counts.
 
 You can use the {product-title} to run certain workloads on infrastructure nodes installed by the {gitops-title} Operator. This comprises the workloads that are installed by the {gitops-title} Operator by default in the `openshift-gitops` namespace, including the default Argo CD instance in that namespace.
 
diff --git a/cicd/gitops/setting-up-argocd-instance.adoc b/cicd/gitops/setting-up-argocd-instance.adoc
index 55756aa831fe..7a9b6205a6d7 100644
--- a/cicd/gitops/setting-up-argocd-instance.adoc
+++ b/cicd/gitops/setting-up-argocd-instance.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="setting-up-argocd-instance"]
 = Setting up an Argo CD instance
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/troubleshooting-issues-in-GitOps.adoc b/cicd/gitops/troubleshooting-issues-in-GitOps.adoc
index 6eb4cefc9d4a..c5557ad88905 100644
--- a/cicd/gitops/troubleshooting-issues-in-GitOps.adoc
+++ b/cicd/gitops/troubleshooting-issues-in-GitOps.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-issues-in-GitOps"]
 
 = Troubleshooting issues in {gitops-title}
diff --git a/cicd/gitops/understanding-openshift-gitops.adoc b/cicd/gitops/understanding-openshift-gitops.adoc
index 7ab0f91ad813..e9d438996c3a 100644
--- a/cicd/gitops/understanding-openshift-gitops.adoc
+++ b/cicd/gitops/understanding-openshift-gitops.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-openshift-gitops"]
 = Understanding OpenShift GitOps
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/uninstalling-openshift-gitops.adoc b/cicd/gitops/uninstalling-openshift-gitops.adoc
index 17e3ecadfa01..af1f482b8b26 100644
--- a/cicd/gitops/uninstalling-openshift-gitops.adoc
+++ b/cicd/gitops/uninstalling-openshift-gitops.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-openshift-gitops"]
 = Uninstalling OpenShift GitOps
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc b/cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc
new file mode 100644
index 000000000000..e1cb3a88a856
--- /dev/null
+++ b/cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="using-argo-rollouts-for-progressive-deployment-delivery"]
+= Using Argo Rollouts for progressive deployment delivery
+include::_attributes/common-attributes.adoc[]
+:context: using-argo-rollouts-for-progressive-deployment-delivery
+
+toc::[]
+
+:FeatureName: Argo Rollouts
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+Progressive delivery is the process of releasing product updates in a controlled and gradual manner.
+Progressive delivery reduces the risk of a release by exposing the new version of a product update only to a subset of users initially. The process involves continuously observing and analyzing this new version to verify whether its behavior matches the requirements and expectations set. The verifications continue as the process gradually exposes the product update to a broader and wider audience.
+
+{product-title} provides some progressive delivery capability by using routes to split traffic between different services, but this typically requires manual intervention and management.
+
+With Argo Rollouts, you can use automation and metric analysis to support progressive deployment delivery and drive the automated rollout or rollback of a new version of an application.
+Argo Rollouts provide advanced deployment capabilities and enable integration with ingress controllers and service meshes.
+You can use Argo Rollouts to manage multiple replica sets that represent different versions of the deployed application. Depending on your deployment strategy, you can handle traffic to these versions during an update by optimizing their existing traffic shaping abilities and gradually shifting traffic to the new version. You can combine Argo Rollouts with a metric provider like Prometheus to do metric-based and policy-driven rollouts and rollbacks based on the parameters set.
+
+[id="prerequisites_using-argo-rollouts-for-progressive-deployment-delivery"]
+== Prerequisites
+* You have access to the cluster with `cluster-admin` privileges.
+* You have access to the {product-title} web console.
+* {gitops-title} 1.9.0 or a newer version is installed in your cluster.
+
+include::modules/gitops-benefits-of-argo-rollouts.adoc[leveloffset=+1]
+
+include::modules/gitops-about-argo-rollout-manager-custom-resources-and-spec.adoc[leveloffset=+1]
+
+include::modules/gitops-creating-rolloutmanager-custom-resource.adoc[leveloffset=+1]
+
+include::modules/gitops-deleting-rolloutmanager-custom-resource.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_argo-rollouts-in-gitops"]
+== Additional resources
+* xref:../../cicd/gitops/installing-openshift-gitops.adoc#installing-gitops-operator-in-web-console_installing-openshift-gitops[Installing {gitops-title}]
+* xref:../../cicd/gitops/uninstalling-openshift-gitops.adoc#go-uninstalling-gitops-operator_uninstalling-openshift-gitops[Uninstalling {gitops-title}]
+* xref:../../applications/deployments/deployment-strategies.adoc#deployments-canary-deployments_deployment-strategies[Canary deployments]
+* xref:../../applications/deployments/route-based-deployment-strategies.adoc#deployments-blue-green_route-based-deployment-strategies[Blue-green deployments]
+* link:https://argo-rollouts-manager.readthedocs.io/en/latest/crd_reference/[`RolloutManager` Custom Resource specification]
+* link:https://www.redhat.com/architect/blue-green-canary-argo-rollouts[Blue-green and canary deployments with Argo Rollouts]
+* link:https://cloud.redhat.com/blog/trying-out-argo-rollouts-in-openshift-gitops-1.9/[Argo Rollouts tech preview limitations]
diff --git a/cicd/gitops/viewing-argo-cd-logs.adoc b/cicd/gitops/viewing-argo-cd-logs.adoc
new file mode 100644
index 000000000000..af11fee67677
--- /dev/null
+++ b/cicd/gitops/viewing-argo-cd-logs.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="viewing-argo-cd-logs"]
+= Viewing Argo CD logs
+include::_attributes/common-attributes.adoc[]
+:context: viewing-argo-cd-logs
+
+toc::[]
+
+You can view the Argo CD logs with {logging}. {logging-uc} visualizes the logs on a Kibana dashboard. The {clo} enables logging with Argo CD by default.
+
+include::modules/gitops-storing-and-retrieving-argo-cd-logs.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_viewing-argo-cd-logs"]
+== Additional resources
+* xref:../../logging/cluster-logging-deploying.adoc#cluster-logging-deploy-console_cluster-logging-deploying[Installing {logging} using the web console]
diff --git a/cicd/hugeBook.flag b/cicd/hugeBook.flag
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/cicd/index.adoc b/cicd/index.adoc
index e9ed1f0b7af2..550df0bca4e7 100644
--- a/cicd/index.adoc
+++ b/cicd/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ci-cd-overview"]
 = {product-title} CI/CD overview
 include::_attributes/common-attributes.adoc[]
@@ -15,27 +15,27 @@ toc::[]
 
 [id="openshift-builds"]
 == OpenShift Builds
-With OpenShift Builds, you can create cloud-native apps by using a declarative build process. You can define the build process in a YAML file that you use to create a BuildConfig object. This definition includes attributes such as build triggers, input parameters, and source code. When deployed, the BuildConfig object typically builds a runnable image and pushes it to a container image registry.
+OpenShift Builds provides you the following options to configure and run a build:
 
-OpenShift Builds provides the following extensible support for build strategies:
+* Builds using Shipwright is an extensible build framework based on the Shipwright project. You can use it to build container images on an {product-title} cluster. You can build container images from source code and Dockerfile by using image build tools, such as Source-to-Image (S2I) and Buildah.
++
+For more information, see link:https://docs.openshift.com/builds/latest/about/overview-openshift-builds.html[Overview of Builds].
 
-* Docker build
-* Source-to-image (S2I) build
-* Custom build
-
-For more information, see xref:../cicd/builds/understanding-image-builds.adoc#understanding-image-builds[Understanding image builds]
+* Builds using `BuildConfig` objects is a declarative build process to create cloud-native apps. You can define the build process in a YAML file that you use to create a `BuildConfig` object. This definition includes attributes such as build triggers, input parameters, and source code. When deployed, the `BuildConfig` object builds a runnable image and pushes the image to a container image registry. With the `BuildConfig` object, you can create a Docker, Source-to-image (S2I), or custom build.
++
+For more information, see xref:../cicd/builds/understanding-image-builds.adoc#understanding-image-builds[Understanding image builds].
 
 [id="openshift-pipelines"]
 == {pipelines-shortname}
 {pipelines-shortname} provides a Kubernetes-native CI/CD framework to design and run each step of the CI/CD pipeline in its own container. It can scale independently to meet the on-demand pipelines with predictable outcomes.
 
-For more information, see xref:../cicd/pipelines/understanding-openshift-pipelines.adoc#understanding-openshift-pipelines[Understanding {pipelines-shortname}]
+For more information, see link:https://docs.openshift.com/pipelines/latest/about/understanding-openshift-pipelines.html[Understanding {pipelines-shortname}].
 
 [id="openshift-gitops"]
 == OpenShift GitOps
 OpenShift GitOps is an Operator that uses Argo CD as the declarative GitOps engine. It enables GitOps workflows across multicluster OpenShift and Kubernetes infrastructure. Using OpenShift GitOps, administrators can consistently configure and deploy Kubernetes-based infrastructure and applications across clusters and development lifecycles.
 
-For more information, see xref:../cicd/gitops/understanding-openshift-gitops.adoc#understanding-openshift-gitops[Understanding OpenShift GitOps]
+For more information, see xref:../cicd/gitops/about-redhat-openshift-gitops.adoc#about-redhat-openshift-gitops[About {gitops-title}].
 
 [id="jenkins-ci-cd"]
 == Jenkins
diff --git a/cicd/jenkins/images-other-jenkins-agent.adoc b/cicd/jenkins/images-other-jenkins-agent.adoc
index 68f0628b5bf8..ac056380a912 100644
--- a/cicd/jenkins/images-other-jenkins-agent.adoc
+++ b/cicd/jenkins/images-other-jenkins-agent.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="images-other-jenkins-agent"]
 = Jenkins agent
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/jenkins/images-other-jenkins.adoc b/cicd/jenkins/images-other-jenkins.adoc
index 87aeeabeb003..9019f4665a99 100644
--- a/cicd/jenkins/images-other-jenkins.adoc
+++ b/cicd/jenkins/images-other-jenkins.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="images-other-jenkins"]
 = Configuring Jenkins images
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/jenkins/important-changes-to-openshift-jenkins-images.adoc b/cicd/jenkins/important-changes-to-openshift-jenkins-images.adoc
index 6590c40201fd..ef82dd6c2188 100644
--- a/cicd/jenkins/important-changes-to-openshift-jenkins-images.adoc
+++ b/cicd/jenkins/important-changes-to-openshift-jenkins-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="important-changes-to-openshift-jenkins-images"]
 = Important changes to OpenShift Jenkins images
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc b/cicd/jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
index 7f8242f2ddbc..1bd3cd4e3118 100644
--- a/cicd/jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
+++ b/cicd/jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 //Jenkins-Tekton-Migration
 [id="migrating-from-jenkins-to-openshift-pipelines_{context}"]
 = Migrating from Jenkins to {pipelines-shortname} or Tekton
@@ -7,7 +7,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can migrate your CI/CD workflows from Jenkins to xref:../../cicd/pipelines/understanding-openshift-pipelines.adoc#understanding-openshift-pipelines[{pipelines-title}], a cloud-native CI/CD experience based on the Tekton project.
+You can migrate your CI/CD workflows from Jenkins to link:https://docs.openshift.com/pipelines/latest/about/understanding-openshift-pipelines.html[{pipelines-title}], a cloud-native CI/CD experience based on the Tekton project.
 
 include::modules/jt-comparison-of-jenkins-and-openshift-pipelines-concepts.adoc[leveloffset=+1]
 
@@ -23,5 +23,5 @@ include::modules/jt-examples-of-common-use-cases.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 == Additional resources
-* xref:../../cicd/pipelines/understanding-openshift-pipelines.adoc#understanding-openshift-pipelines[Understanding {pipelines-shortname}]
+* link:https://docs.openshift.com/pipelines/latest/about/understanding-openshift-pipelines.html[Understanding {pipelines-shortname}]
 * xref:../../authentication/using-rbac.adoc#using-rbac[Role-based Access Control]
diff --git a/cicd/pipelines/about-pipelines.adoc b/cicd/pipelines/about-pipelines.adoc
new file mode 100644
index 000000000000..2ae03ee625a1
--- /dev/null
+++ b/cicd/pipelines/about-pipelines.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="about-pipelines"]
+= About {pipelines-title}
+:context: about-pipelines
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+{pipelines-title} is a cloud-native, continuous integration and continuous delivery (CI/CD) solution based on Kubernetes resources. It uses Tekton building blocks to automate deployments across multiple platforms by abstracting away the underlying implementation details. Tekton introduces a number of standard custom resource definitions (CRDs) for defining CI/CD pipelines that are portable across Kubernetes distributions.
+
+[NOTE]
+====
+Because {pipelines-title} releases on a different cadence from {product-title}, the {pipelines-title} documentation is now available as separate documentation sets for each minor version of the product.
+
+The {pipelines-title} documentation is available at link:https://docs.openshift.com/pipelines/[].
+
+Documentation for specific versions is available using the version selector drop-down list, or directly by adding the version to the URL, for example, link:https://docs.openshift.com/pipelines/1.11[].
+
+In addition, the {pipelines-title} documentation is also available on the Red Hat Customer Portal at https://access.redhat.com/documentation/en-us/red_hat_openshift_pipelines/[].
+
+
+For additional information about the {pipelines-title} life cycle and supported platforms, refer to the link:https://access.redhat.com/support/policy/updates/openshift#pipelines[Platform Life Cycle Policy].
+====
+
+// add something about CLI tools?
+
diff --git a/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc b/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
index 4f575e125149..1f894d99e6df 100644
--- a/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
+++ b/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="authenticating-pipelines-using-git-secret"]
 = Authenticating pipelines using git secret
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/creating-applications-with-cicd-pipelines.adoc b/cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
index 732c493b8662..211013bd6e70 100644
--- a/cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
+++ b/cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-applications-with-cicd-pipelines"]
 = Creating CI/CD solutions for applications using {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
@@ -81,7 +81,7 @@ include::modules/op-validating-pull-requests-using-GitHub-interceptors.adoc[leve
 == Additional resources
 
 * To include {pac} along with the application source code in the same repository, see xref:../../cicd/pipelines/using-pipelines-as-code.adoc#using-pipelines-as-code[Using {pac}].
-* For more details on pipelines in the *Developer* perspective, see the xref:../../cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc#working-with-pipelines-using-the-developer-perspective[working with pipelines in the *Developer* perspective] section.
+* For more details on pipelines in the *Developer* perspective, see the xref:../../cicd/pipelines/working-with-pipelines-web-console.adoc#working-with-pipelines-web-console[working with pipelines in the web console] section.
 * To learn more about Security Context Constraints (SCCs), see the xref:../../authentication/managing-security-context-constraints.adoc#managing-pod-security-policies[Managing Security Context Constraints] section.
 * For more examples of reusable tasks, see the link:https://github.com/openshift/pipelines-catalog[OpenShift Catalog] repository. Additionally, you can also see the Tekton Catalog in the Tekton project.
 * To install and deploy a custom instance of Tekton Hub for reusable tasks and pipelines, see xref:../../cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc#using-tekton-hub-with-openshift-pipelines[Using {tekton-hub} with {pipelines-title}].
diff --git a/cicd/pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc b/cicd/pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
index ed728694b569..b6ebea428388 100644
--- a/cicd/pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
+++ b/cicd/pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="customizing-configurations-in-the-tektonconfig-cr"]
 = Customizing configurations in the TektonConfig custom resource
 include::_attributes/common-attributes.adoc[]
@@ -52,5 +52,5 @@ include::modules/op-annotations-for-automatic-pruning-taskruns-pipelineruns.adoc
 
 * xref:../../cicd/pipelines/authenticating-pipelines-using-git-secret.adoc#op-configuring-ssh-authentication-for-git_authenticating-pipelines-using-git-secret[Configuring SSH authentication for Git]
 * xref:../../cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc#managing-nonversioned-and-versioned-cluster-tasks[Managing non-versioned and versioned cluster tasks]
-* xref:../../cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc#using-custom-pipeline-template-for-git-import_working-with-pipelines-using-the-developer-perspective[Using a custom pipeline template for creating and deploying an application from a Git repository]
 * xref:../../applications/pruning-objects.adoc#pruning-objects[Pruning objects to reclaim resources]
+* xref:../../cicd/pipelines/working-with-pipelines-web-console.adoc#op-creating-pipeline-templates-admin-console_working-with-pipelines-web-console[Creating pipeline templates in the Administrator perspective]
diff --git a/cicd/pipelines/installing-pipelines.adoc b/cicd/pipelines/installing-pipelines.adoc
index 03ed8d7b277e..1bcf8a8c472b 100644
--- a/cicd/pipelines/installing-pipelines.adoc
+++ b/cicd/pipelines/installing-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-pipelines"]
 = Installing {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
@@ -46,11 +46,11 @@ include::modules/op-performance-tuning-using-tektonconfig-cr.adoc[leveloffset=+1
 
 * To install {tekton-chains} using the {pipelines-title} Operator, see xref:../../cicd/pipelines/using-tekton-chains-for-openshift-pipelines-supply-chain-security.adoc#using-tekton-chains-for-openshift-pipelines-supply-chain-security[Using {tekton-chains} for {pipelines-title} supply chain security].
 
-* To install and deploy in-cluster {tekton-hub}, see xref:../../cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc#using-tekton-hub-with-openshift-pipelines[Using {tekton-hub} with {pipelines-title}]. 
+* To install and deploy in-cluster {tekton-hub}, see xref:../../cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc#using-tekton-hub-with-openshift-pipelines[Using {tekton-hub} with {pipelines-title}].
 
 * For more information on using pipelines in a restricted environment, see:
 
-** xref:../../cicd/pipelines/creating-applications-with-cicd-pipelines.html#op-mirroring-images-to-run-pipelines-in-restricted-environment_creating-applications-with-cicd-pipelines[Mirroring images to run pipelines in a restricted environment]
+** xref:../../cicd/pipelines/creating-applications-with-cicd-pipelines.adoc#op-mirroring-images-to-run-pipelines-in-restricted-environment_creating-applications-with-cicd-pipelines[Mirroring images to run pipelines in a restricted environment]
 
 ** xref:../../openshift_images/configuring-samples-operator.adoc#samples-operator-restricted-network-install[Configuring Samples Operator for a restricted cluster]
 
diff --git a/cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc b/cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc
index ed9a3f96c984..46e8b3d29c11 100644
--- a/cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc
+++ b/cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-nonversioned-and-versioned-cluster-tasks"]
 = Managing non-versioned and versioned cluster tasks
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/op-release-notes.adoc b/cicd/pipelines/op-release-notes.adoc
index 3784aff18fc5..670dd54577be 100644
--- a/cicd/pipelines/op-release-notes.adoc
+++ b/cicd/pipelines/op-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 //OpenShift Pipelines Release Notes
 include::_attributes/common-attributes.adoc[]
 [id="op-release-notes"]
diff --git a/cicd/pipelines/reducing-pipelines-resource-consumption.adoc b/cicd/pipelines/reducing-pipelines-resource-consumption.adoc
index 764f7790ac1a..444c40586fc8 100644
--- a/cicd/pipelines/reducing-pipelines-resource-consumption.adoc
+++ b/cicd/pipelines/reducing-pipelines-resource-consumption.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="reducing-pipelines-resource-consumption"]
 = Reducing resource consumption of {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
@@ -12,8 +12,8 @@ To define the final resource limits that are set on the resulting pods, {pipelin
 
 To restrict resource consumption in your project, you can:
 
-* xref:../../applications/quotas/quotas-setting-per-project.html[Set and manage resource quotas] to limit the aggregate resource consumption.
-* Use xref:../../nodes/clusters/nodes-cluster-limit-ranges.html[limit ranges to restrict resource consumption] for specific objects, such as pods, images, image streams, and persistent volume claims.
+* xref:../../applications/quotas/quotas-setting-per-project.adoc[Set and manage resource quotas] to limit the aggregate resource consumption.
+* Use xref:../../nodes/clusters/nodes-cluster-limit-ranges.adoc[limit ranges to restrict resource consumption] for specific objects, such as pods, images, image streams, and persistent volume claims.
 
 include::modules/op-understanding-pipelines-resource-consumption.adoc[leveloffset=+1]
 
diff --git a/cicd/pipelines/remote-pipelines-tasks-resolvers.adoc b/cicd/pipelines/remote-pipelines-tasks-resolvers.adoc
index 80ca525603ed..74bb0f07b9d5 100644
--- a/cicd/pipelines/remote-pipelines-tasks-resolvers.adoc
+++ b/cicd/pipelines/remote-pipelines-tasks-resolvers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="remote-pipelines-tasks-resolvers"]
 = Specifying remote pipelines and tasks using resolvers
 include::_attributes/common-attributes.adoc[]
@@ -21,7 +21,12 @@ Git resolver:: Retrieves a task or pipeline binding from a Git repository. You m
 
 [id="resolver-hub_{context}"]
 == Specifying a remote pipeline or task from a Tekton catalog
-You can specify a remote pipeline or task that is defined in a public Tekton catalog, either link:https://artifacthub.io/[{artifact-hub}] or link:https://hub.tekton.dev/[{tekton-hub}], by using the hub resolver.
+You can use the hub resolver to specify a remote pipeline or task that is defined either in a public Tekton catalog of link:https://artifacthub.io/[{artifact-hub}] or in an instance of {tekton-hub}.
+
+[IMPORTANT]
+====
+The {artifact-hub} project is not supported with {pipelines-title}. Only the configuration of {artifact-hub} is supported.
+====
 
 include::modules/op-resolver-hub-config.adoc[leveloffset=+2]
 include::modules/op-resolver-hub.adoc[leveloffset=+2]
@@ -29,7 +34,7 @@ include::modules/op-resolver-hub.adoc[leveloffset=+2]
 [id="resolver-bundles_{context}"]
 == Specifying a remote pipeline or task from a Tekton bundle
 
-You can specify a remote pipeline or task from a Tekton bundle by using the bundles resolver. A Tekton bundle is an OCI image available from any OCI repository, such as an OpenShift container repository.
+You can use the bundles resolver to specify a remote pipeline or task from a Tekton bundle. A Tekton bundle is an OCI image available from any OCI repository, such as an OpenShift container repository.
 
 include::modules/op-resolver-bundle-config.adoc[leveloffset=+2]
 include::modules/op-resolver-bundle.adoc[leveloffset=+2]
@@ -37,7 +42,7 @@ include::modules/op-resolver-bundle.adoc[leveloffset=+2]
 [id="resolver-cluster_{context}"]
 == Specifying a remote pipeline or task from the same cluster
 
-You can specify a remote pipeline or task that is defined in a namespace on the {product-title} cluster where {pipelines-title} is running by using the cluster resolver.
+You can use the cluster resolver to specify a remote pipeline or task that is defined in a namespace on the {product-title} cluster where {pipelines-title} is running.
 
 include::modules/op-resolver-cluster-config.adoc[leveloffset=+2]
 include::modules/op-resolver-cluster.adoc[leveloffset=+2]
@@ -45,8 +50,14 @@ include::modules/op-resolver-cluster.adoc[leveloffset=+2]
 [id="resolver-git_{context}"]
 == Specifying a remote pipeline or task from a Git repository
 
-You can specify a remote pipeline or task from a Git repostory by using the Git resolver. The repository must contain a YAML file that defines the pipeline or task. The Git resolver can access a repository either by cloning it anonymously or else by using the authenticated SCM API.
+You can use the Git resolver to specify a remote pipeline or task from a Git repostory. The repository must contain a YAML file that defines the pipeline or task. The Git resolver can access a repository either by cloning it anonymously or else by using the authenticated SCM API.
 
 include::modules/op-resolver-git-config-anon.adoc[leveloffset=+2]
 include::modules/op-resolver-git-config-scm.adoc[leveloffset=+2]
 include::modules/op-resolver-git.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+
+* xref:../../cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc#using-tekton-hub-with-openshift-pipelines[Using Tekton Hub with {pipelines-shortname}]
diff --git a/cicd/pipelines/securing-webhooks-with-event-listeners.adoc b/cicd/pipelines/securing-webhooks-with-event-listeners.adoc
index 338c5d82c53f..c07c74ca48fd 100644
--- a/cicd/pipelines/securing-webhooks-with-event-listeners.adoc
+++ b/cicd/pipelines/securing-webhooks-with-event-listeners.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="securing-webhooks-with-event-listeners"]
 = Securing webhooks with event listeners
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/setting-compute-resource-quota-for-openshift-pipelines.adoc b/cicd/pipelines/setting-compute-resource-quota-for-openshift-pipelines.adoc
index 293db99e61cf..e21ded700449 100644
--- a/cicd/pipelines/setting-compute-resource-quota-for-openshift-pipelines.adoc
+++ b/cicd/pipelines/setting-compute-resource-quota-for-openshift-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="setting-compute-resource-quota-for-openshift-pipelines"]
 = Setting compute resource quota for {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/understanding-openshift-pipelines.adoc b/cicd/pipelines/understanding-openshift-pipelines.adoc
index 7aa1be6a3f91..93b66781be31 100644
--- a/cicd/pipelines/understanding-openshift-pipelines.adoc
+++ b/cicd/pipelines/understanding-openshift-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-openshift-pipelines"]
 = Understanding {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/uninstalling-pipelines.adoc b/cicd/pipelines/uninstalling-pipelines.adoc
index c3489bd15c38..286ebc310bdc 100644
--- a/cicd/pipelines/uninstalling-pipelines.adoc
+++ b/cicd/pipelines/uninstalling-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-pipelines"]
 = Uninstalling {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
@@ -9,7 +9,7 @@ toc::[]
 Cluster administrators can uninstall the {pipelines-title} Operator by performing the following steps:
 
 . Delete the Custom Resources (CRs) that were added by default when you installed the {pipelines-title} Operator.
-. Delete the CRs of the optional components, such as {tekton-chains}, that are dependent on the Operator.
+. Delete the CRs of the optional components such as {tekton-hub} that depend on the Operator.
 +
 [CAUTION]
 ====
diff --git a/cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc b/cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
index 48734d9ea68c..90a4aa50f109 100644
--- a/cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
+++ b/cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="unprivileged-building-of-container-images-using-buildah"]
 = Building of container images using Buildah as a non-root user
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/using-pipelines-as-code.adoc b/cicd/pipelines/using-pipelines-as-code.adoc
index ddf4f6948ee9..3c37b05c3c30 100644
--- a/cicd/pipelines/using-pipelines-as-code.adoc
+++ b/cicd/pipelines/using-pipelines-as-code.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-pipelines-as-code"]
 = Using {pac}
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/using-pods-in-a-privileged-security-context.adoc b/cicd/pipelines/using-pods-in-a-privileged-security-context.adoc
index 323b4b627d52..f8dcf2ba63be 100644
--- a/cicd/pipelines/using-pods-in-a-privileged-security-context.adoc
+++ b/cicd/pipelines/using-pods-in-a-privileged-security-context.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-pods-in-a-privileged-security-context"]
 = Using pods in a privileged security context
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/using-tekton-chains-for-openshift-pipelines-supply-chain-security.adoc b/cicd/pipelines/using-tekton-chains-for-openshift-pipelines-supply-chain-security.adoc
index a1c864d12d04..d377b8225ddb 100644
--- a/cicd/pipelines/using-tekton-chains-for-openshift-pipelines-supply-chain-security.adoc
+++ b/cicd/pipelines/using-tekton-chains-for-openshift-pipelines-supply-chain-security.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-tekton-chains-for-openshift-pipelines-supply-chain-security"]
 = Using Tekton Chains for {pipelines-shortname} supply chain security
 include::_attributes/common-attributes.adoc[]
diff --git a/cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc b/cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
index c4b1c5f07da0..fdff8d224ca0 100644
--- a/cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
+++ b/cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-tekton-hub-with-openshift-pipelines"]
 = Using Tekton Hub with {pipelines-shortname}
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ toc::[]
 include::snippets/technology-preview.adoc[]
 
 [role="_abstract"]
-{tekton-hub} helps you discover, search, and share reusable tasks and pipelines for your CI/CD workflows. A public instance of {tekton-hub} is available at link:https://hub.tekton.dev/[hub.tekton.dev]. Cluster administrators can also install and deploy a custom instance of {tekton-hub} by modifying the configurations in the `TektonHub` custom resource (CR). 
+{tekton-hub} helps you discover, search, and share reusable tasks and pipelines for your CI/CD workflows. A public instance of {tekton-hub} is available at link:https://hub.tekton.dev/[hub.tekton.dev]. Cluster administrators can also install and deploy a custom instance of {tekton-hub} by modifying the configurations in the `TektonHub` custom resource (CR).
 
 include::modules/op-installing-and-deploying-tekton-hub-on-an-openshift-cluster.adoc[leveloffset=+1]
 
diff --git a/cicd/pipelines/viewing-pipeline-logs-using-the-openshift-logging-operator.adoc b/cicd/pipelines/viewing-pipeline-logs-using-the-openshift-logging-operator.adoc
index 0a4b75bc2866..8fe4700773fc 100644
--- a/cicd/pipelines/viewing-pipeline-logs-using-the-openshift-logging-operator.adoc
+++ b/cicd/pipelines/viewing-pipeline-logs-using-the-openshift-logging-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="viewing-pipeline-logs-using-the-openshift-logging-operator"]
 = Viewing pipeline logs using the OpenShift Logging Operator
 include::_attributes/common-attributes.adoc[]
@@ -26,7 +26,6 @@ include::modules/op-viewing-pipeline-logs-in-kibana.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="additional-resources_viewing-pipeline-logs-using-the-openshift-logging-operator"]
 == Additional resources
-
 * xref:../../logging/cluster-logging-deploying.adoc[Installing OpenShift Logging]
-* xref:../../logging/viewing-resource-logs.adoc[Viewing logs for a resource]
-* xref:../../logging/cluster-logging-visualizer.adoc[Viewing cluster logs by using Kibana]
+* xref:../../logging/log_visualization/log-visualization.adoc#log-visualization-resource-logs_log-visualization[Viewing logs for a resource]
+* xref:../../logging/log_visualization/logging-kibana.adoc#logging-kibana[Log visualization with Kibana]
diff --git a/cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc b/cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc
deleted file mode 100644
index f81e5c6f689b..000000000000
--- a/cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-:_content-type: ASSEMBLY
-[id="working-with-pipelines-using-the-developer-perspective"]
-= Working with {pipelines-title} using the Developer perspective
-include::_attributes/common-attributes.adoc[]
-:context: working-with-pipelines-using-the-developer-perspective
-
-toc::[]
-
-[role="_abstract"]
-You can use the *Developer* perspective of the {product-title} web console to create CI/CD pipelines for your software delivery process.
-
-In the *Developer* perspective:
-
-* Use the *Add* -> *Pipeline* -> *Pipeline builder* option to create customized pipelines for your application.
-* Use the *Add* -> *From Git* option to create pipelines using operator-installed pipeline templates and resources while creating an application on {product-title}.
-
-After you create the pipelines for your application, you can view and visually interact with the deployed pipelines in the *Pipelines* view. You can also use the *Topology* view to interact with the pipelines created using the *From Git* option. You must apply custom labels to pipelines created using the *Pipeline builder* to see them in the *Topology* view.
-
-[discrete]
-== Prerequisites
-
-* You have access to an {product-title} cluster and have switched to xref:../../web_console/web-console-overview.adoc#about-developer-perspective_web-console-overview[the *Developer* perspective].
-* You have the xref:../../cicd/pipelines/installing-pipelines.adoc#installing-pipelines[{pipelines-shortname} Operator installed] in your cluster.
-* You are a cluster administrator or a user with create and edit permissions.
-* You have created a project.
-
-
-include::modules/op-constructing-pipelines-using-pipeline-builder.adoc[leveloffset=+1]
-
-include::modules/op-creating-pipelines-along-with-applications.adoc[leveloffset=+1]
-
-include::modules/odc-adding-a-GitHub-repository-containing-pipelines.adoc[leveloffset=+1]
-
-include::modules/op-interacting-with-pipelines-using-the-developer-perspective.adoc[leveloffset=+1]
-
-include::modules/op-using-custom-pipeline-template-for-git-import.adoc[leveloffset=+1]
-
-include::modules/op-starting-pipelines-from-pipelines-view.adoc[leveloffset=+1]
-
-include::modules/op-starting-pipelines-from-topology-view.adoc[leveloffset=+1]
-
-include::modules/op-interacting-pipelines-from-topology-view.adoc[leveloffset=+1]
-
-include::modules/op-editing-pipelines.adoc[leveloffset=+1]
-
-include::modules/op-deleting-pipelines.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources-working-with-pipelines-using-the-developer-perspective"]
-== Additional resources
-
-* xref:../../cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc#using-tekton-hub-with-openshift-pipelines[Using Tekton Hub with {pipelines-shortname}]
diff --git a/cicd/pipelines/working-with-pipelines-web-console.adoc b/cicd/pipelines/working-with-pipelines-web-console.adoc
new file mode 100644
index 000000000000..2a182a12f1f7
--- /dev/null
+++ b/cicd/pipelines/working-with-pipelines-web-console.adoc
@@ -0,0 +1,49 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="working-with-pipelines-web-console"]
+= Working with {pipelines-title} in the web console
+include::_attributes/common-attributes.adoc[]
+:context: working-with-pipelines-web-console
+
+toc::[]
+
+You can use the *Administrator* or *Developer* perspective to create and modify `Pipeline`, `PipelineRun`, and `Repository` objects from the *Pipelines* page in the {product-title} web console.
+You can also use the *+Add* page in the *Developer* perspective of the web console to create CI/CD pipelines for your software delivery process.
+
+// Dev console
+include::modules/op-odc-pipelines-abstract.adoc[leveloffset=+1]
+
+[discrete]
+[id="prerequisites_working-with-pipelines-web-console"]
+== Prerequisites
+
+* You have access to an {product-title} cluster, and have xref:../../web_console/web-console-overview.adoc#about-developer-perspective_web-console-overview[switched to the *Developer* perspective].
+* You have the xref:../../cicd/pipelines/installing-pipelines.adoc#installing-pipelines[{pipelines-shortname} Operator installed] in your cluster.
+* You are a cluster administrator or a user with create and edit permissions.
+* You have created a project.
+
+include::modules/op-constructing-pipelines-using-pipeline-builder.adoc[leveloffset=+2]
+
+include::modules/op-creating-pipelines-along-with-applications.adoc[leveloffset=+2]
+
+include::modules/odc-adding-a-GitHub-repository-containing-pipelines.adoc[leveloffset=+2]
+
+include::modules/op-interacting-with-pipelines-using-the-developer-perspective.adoc[leveloffset=+2]
+
+include::modules/op-starting-pipelines-from-pipelines-view.adoc[leveloffset=+2]
+
+include::modules/op-starting-pipelines-from-topology-view.adoc[leveloffset=+2]
+
+include::modules/op-interacting-pipelines-from-topology-view.adoc[leveloffset=+2]
+
+include::modules/op-editing-pipelines.adoc[leveloffset=+2]
+
+include::modules/op-deleting-pipelines.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_working-with-pipelines-web-console"]
+=== Additional resources
+
+* xref:../../cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc#using-tekton-hub-with-openshift-pipelines[Using Tekton Hub with {pipelines-shortname}]
+
+// Admin console
+include::modules/op-creating-pipeline-templates-admin-console.adoc[leveloffset=+1]
diff --git a/cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc b/cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
index db390d2e31ca..21019b3b87a5 100644
--- a/cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
+++ b/cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
@@ -1,5 +1,5 @@
 ////
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='configuring-the-odo-cli']
 = Configuring the odo CLI
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating-instances-of-services-managed-by-operators.adoc b/cli_reference/developer_cli_odo/creating-instances-of-services-managed-by-operators.adoc
index cfa8616d9b80..c36f7fa3c8e4 100644
--- a/cli_reference/developer_cli_odo/creating-instances-of-services-managed-by-operators.adoc
+++ b/cli_reference/developer_cli_odo/creating-instances-of-services-managed-by-operators.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id=creating-instances-of-services-managed-by-operators]
 = Creating instances of services managed by Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-java-application-with-a-database.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-java-application-with-a-database.adoc
index e30e041083b7..edfee771d9da 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-java-application-with-a-database.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-java-application-with-a-database.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id=creating-a-java-application-with-a-database]
 = Creating a Java application with a database
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-multicomponent-application-with-odo.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-multicomponent-application-with-odo.adoc
index 6904fe98e44d..12680a720b6b 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-multicomponent-application-with-odo.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-multicomponent-application-with-odo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id='creating-a-multicomponent-application-with-odo']
 = Creating a multicomponent application with `{odo-title}`
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-single-component-application-with-odo.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-single-component-application-with-odo.adoc
index a5cbc0653c55..18d92631f06a 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-single-component-application-with-odo.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-single-component-application-with-odo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id='creating-a-single-component-application-with-odo']
 = Creating a single-component application with {odo-title}
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc
index af8e2d948469..1449367714b6 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id=creating-an-application-with-a-database]
 = Creating an application with a database
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/debugging-applications-in-odo.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/debugging-applications-in-odo.adoc
index 67d9f4478a59..1031a675671b 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/debugging-applications-in-odo.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/debugging-applications-in-odo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id='debugging-applications-in-odo']
 = Debugging applications in `{odo-title}`
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/deleting-applications.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/deleting-applications.adoc
index fba30e7d3f48..562c5978a065 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/deleting-applications.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/deleting-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='deleting-applications']
 = Deleting applications
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/sample-applications.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/sample-applications.adoc
index 962f39a629ad..156a44efb7f4 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/sample-applications.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/sample-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="sample-applications"]
 = Sample applications
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/using-devfiles-in-odo.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/using-devfiles-in-odo.adoc
index fec5f98f977a..bb1da638d524 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/using-devfiles-in-odo.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/using-devfiles-in-odo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-devfiles-in-odo"]
 = Using devfiles in {odo-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-projects.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-projects.adoc
index bc36206cd0d9..27d1053fa461 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-projects.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="working-with-projects"]
 = Working with projects
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-storage.adoc b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-storage.adoc
index 87ecdf93ac03..5080b4b1d109 100644
--- a/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-storage.adoc
+++ b/cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='working-with-storage']
 = Working with storage
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/installing-odo.adoc b/cli_reference/developer_cli_odo/installing-odo.adoc
index 813a0f156199..6d23d7b9e190 100644
--- a/cli_reference/developer_cli_odo/installing-odo.adoc
+++ b/cli_reference/developer_cli_odo/installing-odo.adoc
@@ -1,5 +1,5 @@
 ////
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='installing-odo']
 = Installing odo
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/managing-environment-variables-in-odo.adoc b/cli_reference/developer_cli_odo/managing-environment-variables-in-odo.adoc
index 1b37feceb671..e46c1fc6f5b0 100644
--- a/cli_reference/developer_cli_odo/managing-environment-variables-in-odo.adoc
+++ b/cli_reference/developer_cli_odo/managing-environment-variables-in-odo.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='managing-environment-variables']
 = Managing environment variables
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/odo-architecture.adoc b/cli_reference/developer_cli_odo/odo-architecture.adoc
index 9a68934dc11e..6a66ea3994d7 100644
--- a/cli_reference/developer_cli_odo/odo-architecture.adoc
+++ b/cli_reference/developer_cli_odo/odo-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odo-architecture"]
 = odo architecture
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/odo-cli-reference.adoc b/cli_reference/developer_cli_odo/odo-cli-reference.adoc
index faa2e5650493..54e107acd36e 100644
--- a/cli_reference/developer_cli_odo/odo-cli-reference.adoc
+++ b/cli_reference/developer_cli_odo/odo-cli-reference.adoc
@@ -1,5 +1,5 @@
 ////
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='odo-cli-reference']
 = odo CLI reference
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/odo-release-notes.adoc b/cli_reference/developer_cli_odo/odo-release-notes.adoc
index 645fca7f25c9..d751b99c46ed 100644
--- a/cli_reference/developer_cli_odo/odo-release-notes.adoc
+++ b/cli_reference/developer_cli_odo/odo-release-notes.adoc
@@ -1,5 +1,5 @@
 ////
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='odo-release-notes']
 = `{odo-title}` release notes
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/understanding-odo.adoc b/cli_reference/developer_cli_odo/understanding-odo.adoc
index c9901902f1df..a155e5908f2a 100644
--- a/cli_reference/developer_cli_odo/understanding-odo.adoc
+++ b/cli_reference/developer_cli_odo/understanding-odo.adoc
@@ -1,5 +1,5 @@
 ////
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-odo"]
 = Understanding odo
 include::_attributes/common-attributes.adoc[]
@@ -16,5 +16,5 @@ Red Hat OpenShift Developer CLI (`odo`) is a tool for creating applications on {
 include::modules/odo-key-features.adoc[leveloffset=+1]
 include::modules/odo-core-concepts.adoc[leveloffset=+1]
 include::modules/odo-listing-components.adoc[leveloffset=+1]
-include::modules/odo-telemetry.adoc[leveloffset=+1]   
+include::modules/odo-telemetry.adoc[leveloffset=+1]
 ////
\ No newline at end of file
diff --git a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/about-odo-in-a-restricted-environment.adoc b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/about-odo-in-a-restricted-environment.adoc
index 594c44db70b1..9e1cd9f03ffe 100644
--- a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/about-odo-in-a-restricted-environment.adoc
+++ b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/about-odo-in-a-restricted-environment.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="about-odo-in-a-restricted-environment"]
 = About {odo-title} in a restricted environment
diff --git a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-a-component-to-the-disconnected-cluster.adoc b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-a-component-to-the-disconnected-cluster.adoc
index 5904d648335f..590353c08776 100644
--- a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-a-component-to-the-disconnected-cluster.adoc
+++ b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-a-component-to-the-disconnected-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-and-deploying-a-component-to-the-disconnected-cluster"]
 = Creating and deploying a component to the disconnected cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-devfile-components-to-the-disconnected-cluster.adoc b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-devfile-components-to-the-disconnected-cluster.adoc
index c4c0e7da0e0f..b34911fdbcb9 100644
--- a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-devfile-components-to-the-disconnected-cluster.adoc
+++ b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-devfile-components-to-the-disconnected-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-and-deploying-devfile-components-to-the-disconnected-cluster"]
 = Creating and deploying devfile components to the disconnected cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc
index 30cecbd5d8e5..569806f5d034 100644
--- a/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc
+++ b/cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="pushing-the-odo-init-image-to-the-restricted-cluster-registry"]
 include::_attributes/common-attributes.adoc[]
 = Pushing the {odo-title} init image to the restricted cluster registry
diff --git a/cli_reference/index.adoc b/cli_reference/index.adoc
index 6b4bbc18d69a..89c6fb66bac6 100644
--- a/cli_reference/index.adoc
+++ b/cli_reference/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-tools-overview"]
 = {product-title} CLI tools overview
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,11 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-A user performs a range of operations while working on {product-title} such as the following:
+A user performs a range of operations while working on {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+such as the following:
 
 * Managing clusters
 * Building, deploying, and managing applications
@@ -14,15 +18,41 @@ A user performs a range of operations while working on {product-title} such as t
 * Developing Operators
 * Creating and maintaining Operator catalogs
 
-{product-title} offers a set of command-line interface (CLI) tools that simplify these tasks by enabling users to perform various administration and development operations from the terminal.
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+offers a set of command-line interface (CLI) tools that simplify these tasks by enabling users to perform various administration and development operations from the terminal.
 These tools expose simple commands to manage the applications, as well as interact with each component of the system.
 
 [id="cli-tools-list"]
 == List of CLI tools
 
-The following set of CLI tools are available in {product-title}:
+The following set of CLI tools are available in
+ifndef::openshift-rosa[]
+{product-title}:
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA:
+endif::openshift-rosa[]
 
-* xref:../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[OpenShift CLI (oc)]: This is the most commonly used CLI tool by {product-title} users. It helps both cluster administrators and developers to perform end-to-end operations across {product-title} using the terminal. Unlike the web console, it allows the user to work directly with the project source code using command scripts.
+* xref:../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[OpenShift CLI (`oc`)]:
+ifndef::openshift-rosa[]
+This is the most commonly used CLI tool by {product-title} users.
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+This is one of the more commonly used developer CLI tools.
+endif::openshift-rosa[]
+It helps both cluster administrators and developers to perform end-to-end operations across
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+using the terminal. Unlike the web console, it allows the user to work directly with the project source code using command scripts.
 
 * xref:../cli_reference/kn-cli-tools.adoc#kn-cli-tools[Knative CLI (kn)]: The Knative (`kn`) CLI tool provides simple and intuitive terminal commands that can be used to interact with OpenShift Serverless components, such as Knative Serving and Eventing.
 
@@ -31,3 +61,8 @@ The following set of CLI tools are available in {product-title}:
 * xref:../cli_reference/opm/cli-opm-install.adoc#cli-opm-install[opm CLI]: The `opm` CLI tool helps the Operator developers and cluster administrators to create and maintain the catalogs of Operators from the terminal.
 
 * xref:../cli_reference/osdk/cli-osdk-install.adoc#cli-osdk-install[Operator SDK]: The Operator SDK, a component of the Operator Framework, provides a CLI tool that Operator developers can use to build, test, and deploy an Operator from the terminal. It simplifies the process of building Kubernetes-native applications, which can require deep, application-specific operational knowledge.
+
+
+ifdef::openshift-rosa[]
+* xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-get-started-cli[ROSA CLI (`rosa`)]: Use the `rosa` CLI to create, update, manage, and delete ROSA clusters and resources.
+endif::openshift-rosa[]
\ No newline at end of file
diff --git a/cli_reference/kn-cli-tools.adoc b/cli_reference/kn-cli-tools.adoc
index e5d4c358d7ff..cd42febc0678 100644
--- a/cli_reference/kn-cli-tools.adoc
+++ b/cli_reference/kn-cli-tools.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-cli-tools"]
 = Knative CLI for use with {ServerlessProductName}
diff --git a/cli_reference/odo-important-update.adoc b/cli_reference/odo-important-update.adoc
index bbb939cd21f1..c89230948f7f 100644
--- a/cli_reference/odo-important-update.adoc
+++ b/cli_reference/odo-important-update.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
-// 
+//
 // * cli_reference/developer_cli_odo/odo-important-update.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odo-important_update_{context}"]
 include::_attributes/attributes-openshift-dedicated.adoc[]
 include::_attributes/common-attributes.adoc[]
@@ -11,10 +11,10 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Red Hat does not provide information about `{odo-title}` on the {OCP} documentation site. See the link:https://odo.dev/docs/introduction[documentation] maintained by Red Hat and the upstream community for documentation information related to `{odo-title}`.
+Red Hat does not provide information about `{odo-title}` on the {product-title} documentation site. See the link:https://odo.dev/docs/introduction[documentation] maintained by Red Hat and the upstream community for documentation information related to `{odo-title}`.
 
 [IMPORTANT]
 ====
-For the materials maintained by the upstream community, Red Hat provides support under link:https://access.redhat.com/solutions/5893251[Cooperative Community Support]. 
+For the materials maintained by the upstream community, Red Hat provides support under link:https://access.redhat.com/solutions/5893251[Cooperative Community Support].
 ====
 
diff --git a/cli_reference/openshift_cli/administrator-cli-commands.adoc b/cli_reference/openshift_cli/administrator-cli-commands.adoc
index 3b5c3da2e911..45dddfd10f03 100644
--- a/cli_reference/openshift_cli/administrator-cli-commands.adoc
+++ b/cli_reference/openshift_cli/administrator-cli-commands.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-administrator-commands"]
 = OpenShift CLI administrator command reference
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/openshift_cli/configuring-cli.adoc b/cli_reference/openshift_cli/configuring-cli.adoc
index 0eace0d03e61..7b91e26c250f 100644
--- a/cli_reference/openshift_cli/configuring-cli.adoc
+++ b/cli_reference/openshift_cli/configuring-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-configuring-cli"]
 = Configuring the OpenShift CLI
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/openshift_cli/developer-cli-commands.adoc b/cli_reference/openshift_cli/developer-cli-commands.adoc
index 517e2cb7a777..4d9a991d2674 100644
--- a/cli_reference/openshift_cli/developer-cli-commands.adoc
+++ b/cli_reference/openshift_cli/developer-cli-commands.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-developer-commands"]
 = OpenShift CLI developer command reference
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/openshift_cli/extending-cli-plugins.adoc b/cli_reference/openshift_cli/extending-cli-plugins.adoc
index 549e986f667f..8206dec93d30 100644
--- a/cli_reference/openshift_cli/extending-cli-plugins.adoc
+++ b/cli_reference/openshift_cli/extending-cli-plugins.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-extend-plugins"]
 = Extending the OpenShift CLI with plugins
 include::_attributes/common-attributes.adoc[]
@@ -7,7 +7,14 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 You can write and install plugins to build on the default `oc` commands,
-allowing you to perform new and more complex tasks with the {product-title} CLI.
+allowing you to perform new and more complex tasks with the
+ifndef::openshift-dedicated,openshift-rosa[]
+{product-title}
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-rosa,openshift-dedicated[]
+OpenShift
+endif::openshift-rosa,openshift-dedicated[]
+CLI.
 
 // Writing CLI plugins
 include::modules/cli-extending-plugins-writing.adoc[leveloffset=+1]
diff --git a/cli_reference/openshift_cli/getting-started-cli.adoc b/cli_reference/openshift_cli/getting-started-cli.adoc
index bff334b936e1..1faa3b9da961 100644
--- a/cli_reference/openshift_cli/getting-started-cli.adoc
+++ b/cli_reference/openshift_cli/getting-started-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-getting-started"]
 = Getting started with the OpenShift CLI
 include::_attributes/common-attributes.adoc[]
@@ -40,6 +40,9 @@ include::modules/cli-installing-cli-brew.adoc[leveloffset=+2]
 // Logging in to the CLI
 include::modules/cli-logging-in.adoc[leveloffset=+1]
 
+// Logging in to the CLI by using the web
+include::modules/cli-logging-in-web.adoc[leveloffset=+1]
+
 // Using the CLI
 include::modules/cli-using-cli.adoc[leveloffset=+1]
 
diff --git a/cli_reference/openshift_cli/managing-cli-plugins-krew.adoc b/cli_reference/openshift_cli/managing-cli-plugins-krew.adoc
index 25d0e4420b04..e5effd419063 100644
--- a/cli_reference/openshift_cli/managing-cli-plugins-krew.adoc
+++ b/cli_reference/openshift_cli/managing-cli-plugins-krew.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-cli-plugin-krew"]
 = Managing CLI plugins with Krew
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/openshift_cli/managing-cli-profiles.adoc b/cli_reference/openshift_cli/managing-cli-profiles.adoc
index 8978acebfc22..f35d40ec2c1e 100644
--- a/cli_reference/openshift_cli/managing-cli-profiles.adoc
+++ b/cli_reference/openshift_cli/managing-cli-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-cli-profiles"]
 = Managing CLI profiles
 include::_attributes/common-attributes.adoc[]
@@ -7,13 +7,19 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 A CLI configuration file allows you to configure different profiles, or contexts, for use with the xref:../../cli_reference/index.adoc#cli-tools-overview[CLI tools overview]. A context consists of
-ifndef::microshift[]
+ifndef::microshift,openshift-dedicated,openshift-rosa[]
 xref:../../authentication/understanding-authentication.adoc#understanding-authentication[user authentication]
-endif::[]
+endif::microshift,openshift-dedicated,openshift-rosa[]
 ifdef::microshift[]
 user authentication
 endif::[]
-and {product-title} server information associated with a _nickname_.
+ifndef::openshift-rosa[]
+an {product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+the {product-title} (ROSA)
+endif::openshift-rosa[]
+server information associated with a _nickname_.
 
 include::modules/about-cli-profiles-switch.adoc[leveloffset=+1]
 
diff --git a/cli_reference/openshift_cli/usage-oc-kubectl.adoc b/cli_reference/openshift_cli/usage-oc-kubectl.adoc
index a6c2cf909381..0e841348376c 100644
--- a/cli_reference/openshift_cli/usage-oc-kubectl.adoc
+++ b/cli_reference/openshift_cli/usage-oc-kubectl.adoc
@@ -1,25 +1,57 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="usage-oc-kubectl"]
 = Usage of oc and kubectl commands
 include::_attributes/common-attributes.adoc[]
 :context: usage-oc-kubectl
 
-The Kubernetes command-line interface (CLI), `kubectl`, can be used to run commands against a Kubernetes cluster. Because {product-title} is a certified Kubernetes distribution, you can use the supported `kubectl` binaries that ship with {product-title}, or you can gain extended functionality by using the `oc` binary.
+The Kubernetes command-line interface (CLI), `kubectl`, can be used to run commands against a Kubernetes cluster. Because {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+is a certified Kubernetes distribution, you can use the supported `kubectl` binaries that ship with
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+, or you can gain extended functionality by using the `oc` binary.
 
 == The oc binary
 
-The `oc` binary offers the same capabilities as the `kubectl` binary, but it extends to natively support additional {product-title} features, including:
-
-* **Full support for {product-title} resources**
+The `oc` binary offers the same capabilities as the `kubectl` binary, but it extends to natively support additional
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+features, including:
+
+* **Full support for
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+resources**
 +
-Resources such as `DeploymentConfig`, `BuildConfig`, `Route`, `ImageStream`, and `ImageStreamTag` objects are specific to {product-title} distributions, and build upon standard Kubernetes primitives.
+Resources such as `DeploymentConfig`, `BuildConfig`, `Route`, `ImageStream`, and `ImageStreamTag` objects are specific to
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+distributions, and build upon standard Kubernetes primitives.
 +
 * **Authentication**
 +
-ifndef::microshift[]
-The `oc` binary offers a built-in `login` command for authentication and lets you work with {product-title} projects, which map Kubernetes namespaces to authenticated users.
+ifndef::microshift,openshift-rosa,openshift-dedicated[]
+The `oc` binary offers a built-in `login` command for authentication and lets you work with projects, which map Kubernetes namespaces to authenticated users.
 Read xref:../../authentication/understanding-authentication.adoc#understanding-authentication[Understanding authentication] for more information.
-endif::[]
+endif::microshift,openshift-rosa,openshift-dedicated[]
 +
 ifdef::microshift[]
 The `oc` binary offers a built-in `login` command for authentication to {product-title}.
@@ -31,7 +63,21 @@ The additional command `oc new-app`, for example, makes it easier to get new app
 
 [IMPORTANT]
 ====
-If you installed an earlier version of the `oc` binary, you cannot use it to complete all of the commands in {product-title} {product-version}.  If you want the latest features, you must download and install the latest version of the `oc` binary corresponding to your {product-title} server version.
+If you installed an earlier version of the `oc` binary, you cannot use it to complete all of the commands in
+ifndef::openshift-rosa[]
+{product-title} {product-version}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+. If you want the latest features, you must download and install the latest version of the `oc` binary corresponding to your
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+server version.
 ====
 
 Non-security API changes will involve, at minimum, two minor releases (4.1 to 4.2 to 4.3, for example) to allow older `oc` binaries to update. Using new capabilities might require newer `oc` binaries. A 4.3 server might have additional capabilities that a 4.2 `oc` binary cannot use and a 4.3 `oc` binary might have additional capabilities that are unsupported by a 4.2 server.
@@ -62,7 +108,21 @@ image:redcircle-3.png[] `oc` client might provide options and features that migh
 
 == The kubectl binary
 
-The `kubectl` binary is provided as a means to support existing workflows and scripts for new {product-title} users coming from a standard Kubernetes environment, or for those who prefer to use the `kubectl` CLI. Existing users of `kubectl` can continue to use the binary to interact with Kubernetes primitives, with no changes required to the {product-title} cluster.
+The `kubectl` binary is provided as a means to support existing workflows and scripts for new
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+users coming from a standard Kubernetes environment, or for those who prefer to use the `kubectl` CLI. Existing users of `kubectl` can continue to use the binary to interact with Kubernetes primitives, with no changes required to the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster.
 
 You can install the supported `kubectl` binary by following the steps to xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#cli-installing-cli_cli-developer-commands[Install the OpenShift CLI]. The `kubectl` binary is included in the archive if you download the binary, or is installed when you install the CLI by using an RPM.
 
diff --git a/cli_reference/opm/cli-opm-install.adoc b/cli_reference/opm/cli-opm-install.adoc
index 70d2c01c01bf..ba076db5f5a3 100644
--- a/cli_reference/opm/cli-opm-install.adoc
+++ b/cli_reference/opm/cli-opm-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-opm-install"]
 = Installing the opm CLI
 include::_attributes/common-attributes.adoc[]
@@ -8,17 +8,20 @@ toc::[]
 
 include::modules/olm-about-opm.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../operators/understanding/olm-packaging-format.adoc#olm-bundle-format_olm-packaging-format[Operator Framework packaging format] for more information about the bundle format.
 * To create a bundle image using the Operator SDK, see
 xref:../../operators/operator_sdk/osdk-working-bundle-images.adoc#osdk-working-bundle-images[Working with bundle images].
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/olm-installing-opm.adoc[leveloffset=+1]
-
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 [id="opm-addtl-resources"]
 == Additional resources
 
 * See xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Managing custom catalogs] for `opm` procedures including creating, updating, and pruning catalogs.
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/cli_reference/opm/cli-opm-ref.adoc b/cli_reference/opm/cli-opm-ref.adoc
index ae7d744ef70f..a45b57f1fe1c 100644
--- a/cli_reference/opm/cli-opm-ref.adoc
+++ b/cli_reference/opm/cli-opm-ref.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-opm-ref"]
 = opm CLI reference
 include::_attributes/common-attributes.adoc[]
@@ -32,12 +32,15 @@ include::snippets/deprecated-feature.adoc[]
 
 include::modules/opm-cli-ref-generate.adoc[leveloffset=+1]
 include::modules/opm-cli-ref-index.adoc[leveloffset=+1]
+
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format]
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs-fb[Managing custom catalogs]
 * xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/opm-cli-ref-init.adoc[leveloffset=+1]
 include::modules/opm-cli-ref-migrate.adoc[leveloffset=+1]
diff --git a/cli_reference/osdk/cli-osdk-install.adoc b/cli_reference/osdk/cli-osdk-install.adoc
index 085ad64eb12b..15afdc6bd957 100644
--- a/cli_reference/osdk/cli-osdk-install.adoc
+++ b/cli_reference/osdk/cli-osdk-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-osdk-install"]
 = Installing the Operator SDK CLI
 include::_attributes/common-attributes.adoc[]
@@ -9,13 +9,14 @@ toc::[]
 The Operator SDK provides a command-line interface (CLI) tool that Operator developers can use to build, test, and deploy an Operator. You can install the Operator SDK CLI on your workstation so that you are prepared to start authoring your own Operators.
 
 Operator authors with cluster administrator access to a Kubernetes-based cluster, such as {product-title}, can use the Operator SDK CLI to develop their own Operators based on Go, Ansible, Java, or Helm. link:https://kubebuilder.io/[Kubebuilder] is embedded into the Operator SDK as the scaffolding solution for Go-based Operators, which means existing Kubebuilder projects can be used as is with the Operator SDK and continue to work.
-
+ifndef::openshift-rosa,openshift-dedicated[]
 See xref:../../operators/operator_sdk/osdk-about.adoc#osdk-about[Developing Operators] for full documentation on the Operator SDK.
 
 [NOTE]
 ====
 {product-title} {product-version} supports Operator SDK {osdk_ver}.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/osdk-installing-cli-linux-macos.adoc[leveloffset=+1]
 
diff --git a/cli_reference/osdk/cli-osdk-ref.adoc b/cli_reference/osdk/cli-osdk-ref.adoc
index 10b97dfa8c90..fda321995c57 100644
--- a/cli_reference/osdk/cli-osdk-ref.adoc
+++ b/cli_reference/osdk/cli-osdk-ref.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-osdk-ref"]
 = Operator SDK CLI reference
 include::_attributes/common-attributes.adoc[]
@@ -13,8 +13,9 @@ The Operator SDK command-line interface (CLI) is a development kit designed to m
 ----
 $ operator-sdk <command> [<subcommand>] [<argument>] [<flags>]
 ----
-
+ifndef::openshift-rosa,openshift-dedicated[]
 See xref:../../operators/operator_sdk/osdk-about.adoc#osdk-about[Developing Operators] for full documentation on the Operator SDK.
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/osdk-cli-ref-bundle.adoc[leveloffset=+1]
 include::modules/osdk-cli-ref-cleanup.adoc[leveloffset=+1]
@@ -23,26 +24,31 @@ include::modules/osdk-cli-ref-create.adoc[leveloffset=+1]
 include::modules/osdk-cli-ref-generate.adoc[leveloffset=+1]
 include::modules/osdk-cli-ref-generate-bundle.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../operators/operator_sdk/osdk-working-bundle-images.adoc#osdk-bundle-deploy-olm_osdk-working-bundle-images[Bundling an Operator and deploying with Operator Lifecycle Manager] for a full procedure that includes using the `make bundle` command to call the `generate bundle` subcommand.
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/osdk-cli-ref-generate-kustomize.adoc[leveloffset=+2]
 
 include::modules/osdk-cli-ref-init.adoc[leveloffset=+1]
 include::modules/osdk-cli-ref-run.adoc[leveloffset=+1]
 include::modules/osdk-cli-ref-run-bundle.adoc[leveloffset=+2]
-
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../operators/understanding/olm/olm-understanding-operatorgroups.adoc#olm-operatorgroups-membership_olm-understanding-operatorgroups[Operator group membership] for details on possible install modes.
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/osdk-cli-ref-run-bundle-upgrade.adoc[leveloffset=+2]
 include::modules/osdk-cli-ref-scorecard.adoc[leveloffset=+1]
+ifndef::openshift-rosa,openshift-dedicated[]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../operators/operator_sdk/osdk-scorecard.adoc#osdk-scorecard[Validating Operators using the scorecard tool] for details about running the scorecard tool.
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/rosa_cli/_attributes b/cli_reference/rosa_cli/_attributes
similarity index 100%
rename from rosa_cli/_attributes
rename to cli_reference/rosa_cli/_attributes
diff --git a/networking/network_observability/images b/cli_reference/rosa_cli/images
similarity index 100%
rename from networking/network_observability/images
rename to cli_reference/rosa_cli/images
diff --git a/networking/network_observability/modules b/cli_reference/rosa_cli/modules
similarity index 100%
rename from networking/network_observability/modules
rename to cli_reference/rosa_cli/modules
diff --git a/cli_reference/rosa_cli/rosa-checking-acct-version-cli.adoc b/cli_reference/rosa_cli/rosa-checking-acct-version-cli.adoc
new file mode 100644
index 000000000000..ee95a6d7745d
--- /dev/null
+++ b/cli_reference/rosa_cli/rosa-checking-acct-version-cli.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-acct-version-cli"]
+= Checking account and version information with the ROSA CLI
+:context: rosa-checking-acct-version-cli
+
+toc::[]
+
+Use the following commands to check your account and version information.
+
+include::modules/rosa-checking-account-version-cli-whoami.adoc[leveloffset=+1]
+include::modules/rosa-checking-account-version-cli-version.adoc[leveloffset=+1]
diff --git a/cli_reference/rosa_cli/rosa-checking-logs-cli.adoc b/cli_reference/rosa_cli/rosa-checking-logs-cli.adoc
new file mode 100644
index 000000000000..efcefdbf9062
--- /dev/null
+++ b/cli_reference/rosa_cli/rosa-checking-logs-cli.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-checking-logs-cli"]
+= Checking logs with the ROSA CLI
+:context: rosa-checking-logs-cli
+
+toc::[]
+
+Use the following commands to check your install and uninstall logs.
+
+include::modules/rosa-logs-install.adoc[leveloffset=+1]
+include::modules/rosa-logs-uninstall.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/cli_reference/rosa_cli/rosa-get-started-cli.adoc b/cli_reference/rosa_cli/rosa-get-started-cli.adoc
new file mode 100644
index 000000000000..ff1d1a365b24
--- /dev/null
+++ b/cli_reference/rosa_cli/rosa-get-started-cli.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-get-started-cli"]
+= Getting started with the ROSA CLI
+:context: rosa-getting-started-cli
+toc::[]
+
+include::modules/rosa-about.adoc[leveloffset=+1]
+include::modules/rosa-setting-up-cli.adoc[leveloffset=+1]
+include::modules/rosa-configure.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-setting-up-cli_rosa-getting-started-cli[Setting up the ROSA CLI]
+
+* xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[Getting started with the OpenShift CLI]
+
+include::modules/rosa-initialize.adoc[leveloffset=+1]
+include::modules/rosa-using-bash-script.adoc[leveloffset=+1]
+include::modules/rosa-updating-rosa-cli.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/cli_reference/rosa_cli/rosa-manage-objects-cli.adoc b/cli_reference/rosa_cli/rosa-manage-objects-cli.adoc
new file mode 100644
index 000000000000..7fbc5ec0f0df
--- /dev/null
+++ b/cli_reference/rosa_cli/rosa-manage-objects-cli.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-managing-objects-cli"]
+= Managing objects with the ROSA CLI
+
+:context: rosa-managing-objects-cli
+
+toc::[]
+
+Managing objects with the {product-title} (ROSA) CLI, `rosa`, such as adding `dedicated-admin` users, managing clusters, and scheduling cluster upgrades.
+
+include::modules/rosa-common-commands.adoc[leveloffset=+1]
+include::modules/rosa-parent-commands.adoc[leveloffset=+1]
+include::modules/rosa-create-objects.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+* See xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-aws-instance-types_rosa-service-definition[AWS Instance types] for a list of supported instance types.
+* See xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies_rosa-sts-about-iam-resources[Account-wide IAM role and policy reference] for a list of IAM roles needed for cluster creation.
+* See xref:../../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-understanding-aws-account-association_rosa-sts-creating-a-cluster-with-customizations[Understanding AWS account association] for more information about the OCM role and user role.
+* See xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups] for information about security group requirements.
+
+include::modules/rosa-edit-objects.adoc[leveloffset=+1]
+include::modules/rosa-delete-objects.adoc[leveloffset=+1]
+include::modules/rosa-install-uninstall-addon.adoc[leveloffset=+1]
+include::modules/rosa-list-objects.adoc[leveloffset=+1]
+include::modules/rosa-upgrade-cluster-cli.adoc[leveloffset=+1]
diff --git a/networking/network_observability/snippets b/cli_reference/rosa_cli/snippets
similarity index 100%
rename from networking/network_observability/snippets
rename to cli_reference/rosa_cli/snippets
diff --git a/cli_reference/tkn_cli/installing-tkn.adoc b/cli_reference/tkn_cli/installing-tkn.adoc
index 5ea19aa0ff94..2d69b96261e7 100644
--- a/cli_reference/tkn_cli/installing-tkn.adoc
+++ b/cli_reference/tkn_cli/installing-tkn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='installing-tkn']
 = Installing tkn
 include::_attributes/common-attributes.adoc[]
@@ -8,8 +8,9 @@ toc::[]
 
 Use the CLI tool to manage {pipelines-title} from a terminal. The following section describes how to install the CLI tool on different platforms.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 You can also find the URL to the latest binaries from the {product-title} web console by clicking the *?* icon in the upper-right corner and selecting *Command Line Tools*.
-
+endif::openshift-rosa,openshift-dedicated[]
 :FeatureName: Running {pipelines-title} on ARM hardware
 include::snippets/technology-preview.adoc[]
 
@@ -19,12 +20,14 @@ Both the archives and the RPMs contain the following executables:
 
 * tkn
 * tkn-pac
+ifndef::openshift-rosa,openshift-dedicated[]
 * opc
+endif::openshift-rosa,openshift-dedicated[]
 ====
-
+ifndef::openshift-rosa,openshift-dedicated[]
 :FeatureName: Running {pipelines-title} with the `opc` CLI tool
 include::snippets/technology-preview.adoc[]
-
+endif::openshift-rosa,openshift-dedicated[]
 // Install tkn on Linux
 include::modules/op-installing-tkn-on-linux.adoc[leveloffset=+1]
 
diff --git a/cli_reference/tkn_cli/op-configuring-tkn.adoc b/cli_reference/tkn_cli/op-configuring-tkn.adoc
index 675db608c42c..1685dfd487e4 100644
--- a/cli_reference/tkn_cli/op-configuring-tkn.adoc
+++ b/cli_reference/tkn_cli/op-configuring-tkn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="op-configuring-tkn"]
 = Configuring the OpenShift Pipelines tkn CLI
 include::_attributes/common-attributes.adoc[]
diff --git a/cli_reference/tkn_cli/op-tkn-reference.adoc b/cli_reference/tkn_cli/op-tkn-reference.adoc
index 66e36f075552..dac51aac96dd 100644
--- a/cli_reference/tkn_cli/op-tkn-reference.adoc
+++ b/cli_reference/tkn_cli/op-tkn-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='op-tkn-reference']
 = OpenShift Pipelines tkn reference
 include::_attributes/common-attributes.adoc[]
diff --git a/rosa_support/_attributes b/cloud_experts_tutorials/_attributes
similarity index 100%
rename from rosa_support/_attributes
rename to cloud_experts_tutorials/_attributes
diff --git a/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc b/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc
new file mode 100644
index 000000000000..67d5930661e1
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc
@@ -0,0 +1,418 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-aws-load-balancer-operator"]
+= Tutorial: AWS Load Balancer Operator on ROSA
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-aws-load-balancer-operator
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-12
+//---
+//date: '2023-01-03T22:07:08.574151'
+//title: AWS Load Balancer Operator On ROSA
+//aliases: ['/docs/rosa/alb-sts']
+//tags: ["AWS", "ROSA"]
+//authors:
+//  - Shaozhen Ding
+//  - Paul Czarkowski
+//---
+
+include::snippets/mobb-support-statement.adoc[leveloffset=+1]
+
+[TIP]
+====
+Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
+====
+
+The link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] manages AWS Elastic Load Balancers for a {product-title} (ROSA) cluster. The controller provisions link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[AWS Application Load Balancers (ALB)] when you create Kubernetes Ingress resources and link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[AWS Network Load Balancers (NLB)] when implementing Kubernetes Service resources with a type of LoadBalancer.
+
+Compared with the default AWS in-tree load balancer provider, this controller is developed with advanced annotations for both ALBs and NLBs. Some advanced use cases are:
+
+* Using native Kubernetes Ingress objects with ALBs
+* Integrate ALBs with the AWS Web Application Firewall (WAF) service
+* Specify custom NLB source IP ranges
+* Specify custom NLB internal IP addresses
+
+The link:https://github.com/openshift/aws-load-balancer-operator[AWS Load Balancer Operator] is used to used to install, manage and configure an instance of `aws-load-balancer-controller` in a ROSA cluster.
+
+[id="prerequisites_{context}"]
+== Prerequisites
+
+[NOTE]
+====
+AWS ALBs require a multi-AZ cluster, as well as three public subnets split across three AZs in the same VPC as the cluster. This makes ALBs unsuitable for many PrivateLink clusters. AWS NLBs do not have this restriction.
+====
+
+* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[A multi-AZ ROSA classic cluster]
+* BYO VPC cluster
+* AWS CLI
+* OC CLI
+
+[id="environment_{context}"]
+=== Environment
+
+* Prepare the environment variables:
++
+[source,terminal]
+----
+$ export AWS_PAGER=""
+$ export ROSA_CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export REGION=$(oc get infrastructure cluster -o=jsonpath="{.status.platformStatus.aws.region}")
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed  's|^https://||')
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+$ export SCRATCH="/tmp/${ROSA_CLUSTER_NAME}/alb-operator"
+$ mkdir -p ${SCRATCH}
+$ echo "Cluster: ${ROSA_CLUSTER_NAME}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="aws-vpc-subnets_{context}"]
+=== AWS VPC and subnets
+
+[NOTE]
+====
+This section only applies to clusters that were deployed into existing VPCs. If you did not deploy your cluster into an existing VPC, skip this section and proceed to the installation section below.
+====
+
+. Set the below variables to the proper values for your ROSA deployment:
++
+[source,terminal]
+----
+$ export VPC_ID=<vpc-id>
+$ export PUBLIC_SUBNET_IDS=<public-subnets>
+$ export PRIVATE_SUBNET_IDS=<private-subnets>
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}")
+----
++
+. Add a tag to your cluster's VPC with the cluster name:
++
+[source,terminal]
+----
+$ aws ec2 create-tags --resources ${VPC_ID} --tags Key=kubernetes.io/cluster/${CLUSTER_NAME},Value=owned --region ${REGION}
+----
++
+. Add a tag to your public subnets:
++
+[source,terminal]
+----
+$ aws ec2 create-tags \
+     --resources ${PUBLIC_SUBNET_IDS} \
+     --tags Key=kubernetes.io/role/elb,Value='' \
+     --region ${REGION}
+----
++
+. Add a tag to your private subnets:
++
+[source,terminal]
+----
+$ aws ec2 create-tags \
+     --resources "${PRIVATE_SUBNET_IDS}" \
+     --tags Key=kubernetes.io/role/internal-elb,Value='' \
+     --region ${REGION}
+----
+
+[id="installation_{context}"]
+== Installation
+
+. Create an AWS IAM policy for the AWS Load Balancer Controller:
++
+[NOTE]
+====
+The policy is sourced from link:https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json[the upstream AWS Load Balancer Controller policy] plus permission to create tags on subnets. This is required by the operator to function.
+====
++
+[source,terminal]
+----
+$ oc new-project aws-load-balancer-operator
+$ POLICY_ARN=$(aws iam list-policies --query \
+     "Policies[?PolicyName=='aws-load-balancer-operator-policy'].{ARN:Arn}" \
+     --output text)
+$ if [[ -z "${POLICY_ARN}" ]]; then
+    wget -O "${SCRATCH}/load-balancer-operator-policy.json" \
+       https://raw.githubusercontent.com/rh-mobb/documentation/main/content/docs/rosa/aws-load-balancer-operator/load-balancer-operator-policy.json
+     POLICY_ARN=$(aws --region "$REGION" --query Policy.Arn \
+     --output text iam create-policy \
+     --policy-name aws-load-balancer-operator-policy \
+     --policy-document "file://${SCRATCH}/load-balancer-operator-policy.json")
+fi
+$ echo $POLICY_ARN
+----
++
+. Create an AWS IAM trust policy for AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ cat <<EOF > "${SCRATCH}/trust-policy.json"
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Condition": {
+   "StringEquals" : {
+     "${OIDC_ENDPOINT}:sub": ["system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager", "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster"]
+   }
+ },
+ "Principal": {
+   "Federated": "arn:aws:iam::$AWS_ACCOUNT_ID:oidc-provider/${OIDC_ENDPOINT}"
+ },
+ "Action": "sts:AssumeRoleWithWebIdentity"
+ }
+ ]
+}
+EOF
+----
++
+. Create an AWS IAM role for the AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name "${ROSA_CLUSTER_NAME}-alb-operator" \
+   --assume-role-policy-document "file://${SCRATCH}/trust-policy.json" \
+   --query Role.Arn --output text)
+$ echo $ROLE_ARN
+
+$ aws iam attach-role-policy --role-name "${ROSA_CLUSTER_NAME}-alb-operator" \
+     --policy-arn $POLICY_ARN
+----
++
+. Create a secret for the AWS Load Balancer Operator to assume our newly created AWS IAM role:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+stringData:
+  credentials: |
+    [default]
+    role_arn = $ROLE_ARN
+    web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+EOF
+----
++
+. Install the Red Hat AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  upgradeStrategy: Default
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  channel: stable-v1.0
+  installPlanApproval: Automatic
+  name: aws-load-balancer-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: aws-load-balancer-operator.v1.0.0
+EOF
+----
++
+. Deploy an instance of the AWS Load Balancer Controller using the operator:
++
+[NOTE]
+====
+If you get an error here wait a minute and try again, it means the Operator has not completed installing yet.
+====
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: networking.olm.openshift.io/v1
+kind: AWSLoadBalancerController
+metadata:
+  name: cluster
+spec:
+  credentials:
+    name: aws-load-balancer-operator
+EOF
+----
++
+. Check the that the operator and controller pods are both running:
++
+[source,terminal]
+----
+$ oc -n aws-load-balancer-operator get pods
+----
++
+You should see the following, if not wait a moment and retry:
++
+[source,terminal]
+----
+NAME                                                             READY   STATUS    RESTARTS   AGE
+aws-load-balancer-controller-cluster-6ddf658785-pdp5d            1/1     Running   0          99s
+aws-load-balancer-operator-controller-manager-577d9ffcb9-w6zqn   2/2     Running   0          2m4s
+----
+
+[id="validating-the-deployment_{context}"]
+== Validating the deployment
+
+. Create a new project:
++
+[source,terminal]
+----
+$ oc new-project hello-world
+----
++
+. Deploy a hello world application:
++
+[source,terminal]
+----
+$ oc new-app -n hello-world --image=docker.io/openshift/hello-openshift
+----
++
+. Configure a NodePort service for the AWS ALB to connect to:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: v1
+kind: Service
+metadata:
+  name: hello-openshift-nodeport
+  namespace: hello-world
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+      protocol: TCP
+  type: NodePort
+  selector:
+    deployment: hello-openshift
+EOF
+----
++
+. Deploy an AWS ALB using the AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hello-openshift-alb
+  namespace: hello-world
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+spec:
+  ingressClassName: alb
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Exact
+            backend:
+              service:
+                name: hello-openshift-nodeport
+                port:
+                  number: 80
+EOF
+----
++
+. Curl the AWS ALB Ingress endpoint to verify the hello world application is accessible:
++
+[NOTE]
+====
+AWS ALB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host`, please wait and try again.
+====
++
+[source,termnial]
+----
+$ INGRESS=$(oc -n hello-world get ingress hello-openshift-alb \
+    -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+$ curl "http://${INGRESS}"
+----
++
+.Example output
+[source,text]
+----
+Hello OpenShift!
+----
+
+. Deploy an AWS NLB for your hello world application:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: v1
+kind: Service
+metadata:
+  name: hello-openshift-nlb
+  namespace: hello-world
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+      protocol: TCP
+  type: LoadBalancer
+  selector:
+    deployment: hello-openshift
+EOF
+----
++
+. Test the AWS NLB endpoint:
++
+[NOTE]
+====
+NLB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host`, please wait and try again.
+====
++
+[source,terminal]
+----
+$ NLB=$(oc -n hello-world get service hello-openshift-nlb \
+  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+$ curl "http://${NLB}"
+----
++
+.Example output
+[source,text]
+----
+Hello OpenShift!
+----
+
+[id="cleaning-up_{context}"]
+== Cleaning up
+
+. Delete the hello world application namespace (and all the resources in the namespace):
++
+[source,terminal]
+----
+$ oc delete project hello-world
+----
++
+. Delete the AWS Load Balancer Operator and the AWS IAM roles:
++
+[source,terminal]
+----
+$ oc delete subscription aws-load-balancer-operator -n aws-load-balancer-operator
+$ aws iam detach-role-policy \
+  --role-name "${ROSA_CLUSTER_NAME}-alb-operator" \
+  --policy-arn $POLICY_ARN
+$ aws iam delete-role \
+  --role-name "${ROSA_CLUSTER_NAME}-alb-operator"
+----
++
+. Delete the AWS IAM policy:
++
+[source,terminal]
+----
+$ aws iam delete-policy --policy-arn $POLICY_ARN
+----
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-aws-secret-manager.adoc b/cloud_experts_tutorials/cloud-experts-aws-secret-manager.adoc
new file mode 100644
index 000000000000..1f2ff9b47fc6
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-aws-secret-manager.adoc
@@ -0,0 +1,352 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-aws-secret-manager"]
+= Tutorial: Using AWS Secrets Manager CSI on ROSA with STS
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-aws-secret-manager
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-18
+// ---
+// date: '2023-05-25'
+// title: Using AWS Secrets Manager CSI on Red Hat OpenShift on AWS with STS
+// tags: ["AWS", "ROSA"]
+// authors:
+//   - Paul Czarkowski
+//   - Chris Kang
+// ---
+
+The AWS Secrets and Configuration Provider (ASCP) provides a way to expose AWS Secrets as Kubernetes storage volumes. With the ASCP, you can store and manage your secrets in Secrets Manager and then retrieve them through your workloads running on {product-title} (ROSA).
+
+[id="cloud-experts-aws-secret-manager-prerequisites"]
+== Prerequisites
+
+Ensure that you have the following resources and tools before starting this process:
+
+* A ROSA cluster deployed with STS
+* Helm 3
+* `aws` CLI
+* `oc` CLI
+* `jq` CLI
+
+[discrete]
+[id="cloud-experts-aws-secret-manager-preparing-environment"]
+=== Additional environment requirements
+
+. Log in to your ROSA cluster by running the following command:
++
+[source,terminal]
+----
+$ oc login --token=<your-token> --server=<your-server-url>
+----
++
+You can find your login token by accessing your cluster in {cluster-manager-url-pull}.
+
+. Validate that your cluster has STS by running the following command:
++
+[source,terminal]
+----
+$ oc get authentication.config.openshift.io cluster -o json \
+  | jq .spec.serviceAccountIssuer
+----
++
+.Example output
++
+[source,terminal]
+----
+"https://xxxxx.cloudfront.net/xxxxx"
+----
++
+If your output is different, do not proceed. See xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Red Hat documentation on creating an STS cluster] before continuing this process.
+
+. Set the `SecurityContextConstraints` permission to allow the CSI driver to run by running the following command:
++
+[source,terminal]
+----
+$ oc new-project csi-secrets-store
+$ oc adm policy add-scc-to-user privileged \
+    system:serviceaccount:csi-secrets-store:secrets-store-csi-driver
+$ oc adm policy add-scc-to-user privileged \
+    system:serviceaccount:csi-secrets-store:csi-secrets-store-provider-aws
+----
+
+. Create environment variables to use later in this process by running the following command:
++
+[source,terminal]
+----
+$ export REGION=$(oc get infrastructure cluster -o=jsonpath="{.status.platformStatus.aws.region}")
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster \
+   -o jsonpath='{.spec.serviceAccountIssuer}' | sed  's|^https://||')
+$ export AWS_ACCOUNT_ID=`aws sts get-caller-identity --query Account --output text`
+$ export AWS_PAGER=""
+----
+
+[id="cloud-experts-aws-secret-manager-deply-aws-secrets"]
+== Deploying the AWS Secrets and Configuration Provider
+
+. Use Helm to register the secrets store CSI driver by running the following command:
++
+[source,terminal]
+----
+$ helm repo add secrets-store-csi-driver \
+    https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
+----
+
+. Update your Helm repositories by running the following command:
++
+[source,terminal]
+----
+$ helm repo update
+----
+
+. Install the secrets store CSI driver by running the following command:
++
+[source,terminal]
+----
+$ helm upgrade --install -n csi-secrets-store \
+    csi-secrets-store-driver secrets-store-csi-driver/secrets-store-csi-driver
+----
+
+. Deploy the AWS provider by running the following command:
++
+[source,terminal]
+----
+$ oc -n csi-secrets-store apply -f \
+    https://raw.githubusercontent.com/rh-mobb/documentation/main/content/misc/secrets-store-csi/aws-provider-installer.yaml
+----
+
+. Check that both Daemonsets are running by running the following command:
++
+[source,terminal]
+----
+$ oc -n csi-secrets-store get ds \
+    csi-secrets-store-provider-aws \
+    csi-secrets-store-driver-secrets-store-csi-driver
+----
+
+. Label the Secrets Store CSI Driver to allow use with the restricted pod security profile by running the following command:
++
+[source,terminal]
+----
+$ oc label csidriver.storage.k8s.io/secrets-store.csi.k8s.io security.openshift.io/csi-ephemeral-volume-profile=restricted
+----
+
+[id="cloud-experts-aws-secret-manager-create-iam-polices"]
+== Creating a Secret and IAM Access Policies
+
+. Create a secret in Secrets Manager by running the following command:
++
+[source,terminal]
+----
+$ SECRET_ARN=$(aws --region "$REGION" secretsmanager create-secret \
+    --name MySecret --secret-string \
+    '{"username":"shadowman", "password":"hunter2"}' \
+    --query ARN --output text)
+$ echo $SECRET_ARN
+----
+
+. Create an IAM Access Policy document by running the following command:
++
+[source,terminal]
+----
+$ cat << EOF > policy.json
+{
+   "Version": "2012-10-17",
+   "Statement": [{
+      "Effect": "Allow",
+      "Action": [
+        "secretsmanager:GetSecretValue",
+        "secretsmanager:DescribeSecret"
+      ],
+      "Resource": ["$SECRET_ARN"]
+      }]
+}
+EOF
+----
+
+. Create an IAM Access Policy by running the following command:
++
+[source,terminal]
+----
+$ POLICY_ARN=$(aws --region "$REGION" --query Policy.Arn \
+--output text iam create-policy \
+--policy-name openshift-access-to-mysecret-policy \
+--policy-document file://policy.json)
+$ echo $POLICY_ARN
+----
+
+. Create an IAM Role trust policy document by running the following command:
++
+[NOTE]
+====
+The trust policy is locked down to the default service account of a namespace you create later in this process.
+====
++
+[source,terminal]
+----
+$ cat <<EOF > trust-policy.json
+{
+   "Version": "2012-10-17",
+   "Statement": [
+   {
+   "Effect": "Allow",
+   "Condition": {
+     "StringEquals" : {
+       "${OIDC_ENDPOINT}:sub": ["system:serviceaccount:my-application:default"]
+      }
+    },
+    "Principal": {
+       "Federated": "arn:aws:iam::$AWS_ACCOUNT_ID:oidc-provider/${OIDC_ENDPOINT}"
+    },
+    "Action": "sts:AssumeRoleWithWebIdentity"
+    }
+    ]
+}
+EOF
+----
+
+. Create an IAM role by running the following command:
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name openshift-access-to-mysecret \
+--assume-role-policy-document file://trust-policy.json \
+--query Role.Arn --output text)
+$ echo $ROLE_ARN
+----
+
+. Attach the role to the policy by running the following command:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy --role-name openshift-access-to-mysecret \
+    --policy-arn $POLICY_ARN
+----
+
+[id="cloud-experts-aws-secret-manager-creating-application"]
+== Create an Application to use this secret
+
+. Create an OpenShift project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project my-application
+----
+
+. Annotate the default service account to use the STS Role by running the following command:
++
+[source,terminal]
+----
+$ oc annotate -n my-application serviceaccount default \
+    eks.amazonaws.com/role-arn=$ROLE_ARN
+----
+
+. Create a secret provider class to access our secret by running the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: my-application-aws-secrets
+spec:
+  provider: aws
+  parameters:
+    objects: |
+      - objectName: "MySecret"
+        objectType: "secretsmanager"
+EOF
+----
+
+. Create a Deployment by using our secret in the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-application
+  labels:
+    app: my-application
+spec:
+  volumes:
+  - name: secrets-store-inline
+    csi:
+      driver: secrets-store.csi.k8s.io
+      readOnly: true
+      volumeAttributes:
+        secretProviderClass: "my-application-aws-secrets"
+  containers:
+  - name: my-application-deployment
+    image: k8s.gcr.io/e2e-test-images/busybox:1.29
+    command:
+      - "/bin/sleep"
+      - "10000"
+    volumeMounts:
+    - name: secrets-store-inline
+      mountPath: "/mnt/secrets-store"
+      readOnly: true
+EOF
+----
+
+. Verify the Pod has the secret mounted by running the following commandv:
++
+[source,terminal]
+----
+$ oc exec -it my-application -- cat /mnt/secrets-store/MySecret
+----
+
+[id="cloud-experts-aws-secret-manager-cleanup"]
+== Clean up
+
+. Delete the application by running the following command:
++
+[source,terminal]
+----
+$ oc delete project my-application
+----
+
+. Delete the secrets store csi driver by running the following command:
++
+[source,terminal]
+----
+$ helm delete -n csi-secrets-store csi-secrets-store-driver
+----
+
+. Delete Security Context Constraints by running the following command:
++
+[source,terminal]
+----
+$ oc adm policy remove-scc-from-user privileged \
+    system:serviceaccount:csi-secrets-store:secrets-store-csi-driver
+$ oc adm policy remove-scc-from-user privileged \
+    system:serviceaccount:csi-secrets-store:csi-secrets-store-provider-aws
+----
+
+. Delete the AWS provider by running the following command:
++
+[source,terminal]
+----
+$ oc -n csi-secrets-store delete -f \
+https://raw.githubusercontent.com/rh-mobb/documentation/main/content/misc/secrets-store-csi/aws-provider-installer.yaml
+----
+
+. Delete AWS Roles and Policies by running the following command:
++
+[source,terminal]
+----
+$ aws iam detach-role-policy --role-name openshift-access-to-mysecret \
+    --policy-arn $POLICY_ARN
+$ aws iam delete-role --role-name openshift-access-to-mysecret
+$ aws iam delete-policy --policy-arn $POLICY_ARN
+----
+
+. Delete the Secrets Manager secret by running the following command:
++
+[source,terminal]
+----
+$ aws secretsmanager --region $REGION delete-secret --secret-id $SECRET_ARN
+----
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-configure-custom-tls-ciphers.adoc b/cloud_experts_tutorials/cloud-experts-configure-custom-tls-ciphers.adoc
new file mode 100644
index 000000000000..7d017da7d2a5
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-configure-custom-tls-ciphers.adoc
@@ -0,0 +1,223 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-configure-custom-tls-ciphers"]
+= Tutorial: Configuring ROSA/OSD to use custom TLS ciphers on the Ingress Controller
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-configure-custom-tls-ciphers
+
+toc::[]
+
+// ---
+// date: '2022-08-24'
+// title: Configure ROSA/OSD to use custom TLS ciphers on the Ingress Controller
+// aliases: ['/docs/ingress/tls-cipher-customization']
+// tags: ["ROSA", "AWS", "OSD"]
+// authors:
+//   - Michael McNeill
+//   - Connor Wooley
+// ---
+
+include::snippets/mobb-support-statement.adoc[leveloffset=+1]
+//Adding the support statement based on a conversation with Michael McNeill
+
+This guide demonstrates how to properly patch the cluster Ingress Controllers, as well as Ingress Controllers created by the Custom Domain Operator.
+This functionality allows customers to modify the `tlsSecurityProfile` value on cluster Ingress Controllers.
+This guide demonstrates how to apply a custom `tlsSecurityProfile`, a scoped service account with the associated role and role binding, and a CronJob that the cipher changes are reapplied with 60 minutes in the event that an Ingress Controller is recreated or modified.
+
+.Prerequisites
+
+* Review the link:https://docs.openshift.com/container-platform/4.13/networking/ingress-operator.html#configuring-ingress-controller-tls[OpenShift Documentation that explains the options for the `tlsSecurityProfile`]. By default, Ingress Controllers are configured to use the `Intermediate` profile, which corresponds to the link:https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29[Intermediate Mozilla profile].
+
+.Procedure
+
+. Create a service account for the CronJob to use.
++
+A service account allows our CronJob to directly access the cluster API, without using a regular user's credentials.
+To create a service account, run the following command:
++
+[source,terminal]
+----
+$ oc create sa cron-ingress-patch-sa -n openshift-ingress-operator
+----
+
+. Create a role and role binding that allows limited access to patch the Ingress Controllers.
++
+Role-based access control (RBAC) is critical to ensuring security inside your cluster.
+Creating a role allows us to provide scoped access to only the API resources needed within the cluster. To create the role, run the following command:
++
+[source,terminal]
+----
+$ oc create role cron-ingress-patch-role --verb=get,patch,update --resource=ingresscontroller.operator.openshift.io -n openshift-ingress-operator
+----
++
+Once the role has been created, you must bind the role to the service account using a role binding.
+To create the role binding, run the following command:
++
+[source,terminal]
+----
+$ oc create rolebinding cron-ingress-patch-rolebinding --role=cron-ingress-patch-role --serviceaccount=openshift-ingress-operator:cron-ingress-patch-sa -n openshift-ingress-operator
+----
+
+. Patch the Ingress Controllers.
++
+[IMPORTANT]
+====
+The examples provided below add an additional cipher to the Ingress Controller's `tlsSecurityProfile` to allow IE 11 access from Windows Server 2008 R2.
+Modify this command to meet your specific business requirements.
+====
++
+Before creating the CronJob, apply the `tlsSecurityProfile` configuration to validate changes.
+This process depends on if you are using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator].
++
+.. Clusters not using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator]:
++
+If you are only using the default Ingress Controller, and not using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator], run the following command to patch the Ingress Controller:
++
+[source,terminal]
+----
+$ oc patch ingresscontroller/default -n openshift-ingress-operator --type=merge -p '{"spec":{"tlsSecurityProfile":{"type":"Custom","custom":{"ciphers":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-RSA-CHACHA20-POLY1305","DHE-RSA-AES128-GCM-SHA256","DHE-RSA-AES256-GCM-SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"],"minTLSVersion":"VersionTLS12"}}}}'
+----
++
+This patch adds the `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` cipher which allows access from IE 11 on Windows Server 2008 R2 when using RSA certificates.
++
+Once you run the command, you will receive a response that looks like this:
++
+.Example output
+[source,terminal]
+----
+ingresscontroller.operator.openshift.io/default patched
+----
++
+.. Clusters using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator]:
++
+Customers who are using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator] need to loop through each of their Ingress Controllers to patch each one.
+To patch all of your cluster's Ingress Controllers, run the following command:
++
+[source,terminal]
+----
+$ for ic in $(oc get ingresscontroller -o name -n openshift-ingress-operator); do oc patch ${ic} -n openshift-ingress-operator --type=merge -p '{"spec":{"tlsSecurityProfile":{"type":"Custom","custom":{"ciphers":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-RSA-CHACHA20-POLY1305","DHE-RSA-AES128-GCM-SHA256","DHE-RSA-AES256-GCM-SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"],"minTLSVersion":"VersionTLS12"}}}}'; done
+----
++
+Once you run the command, you will receive a response that looks like this:
++
+.Example output
+[source,terminal]
+----
+ingresscontroller.operator.openshift.io/default patched
+ingresscontroller.operator.openshift.io/custom1 patched
+ingresscontroller.operator.openshift.io/custom2 patched
+----
+
+. Create the CronJob to ensure that the TLS configuration is not overwritten.
++
+Occasionally, the cluster's Ingress Controllers can get recreated. In these cases, the Ingress Controller will likely not retain the `tlsSecurityProfile` changes that were applied.
+To ensure this does not happen, create a CronJob that goes through and updates the cluster's Ingress Controllers.
+This process depends on if you are using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator].
++
+.. Clusters not using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator]:
++
+If you are not using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator], create the CronJob by running the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: tls-patch
+  namespace: openshift-ingress-operator
+spec:
+  schedule: '@hourly'
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: tls-patch
+              image: registry.redhat.io/openshift4/ose-tools-rhel8:latest
+              args:
+                - /bin/sh
+                - '-c'
+                - oc patch ingresscontroller/default -n openshift-ingress-operator --type=merge -p '{"spec":{"tlsSecurityProfile":{"type":"Custom","custom":{"ciphers":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-RSA-CHACHA20-POLY1305","DHE-RSA-AES128-GCM-SHA256","DHE-RSA-AES256-GCM-SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"],"minTLSVersion":"VersionTLS12"}}}}'
+          restartPolicy: Never
+          serviceAccountName: cron-ingress-patch-sa
+EOF
+----
++
+[NOTE]
+====
+This CronJob runs every hour and patches the Ingress Controllers, if necessary.
+It is important that this CronJob does not run constantly, as it can trigger reconciles that could overload the OpenShift Ingress Operator.
+Most of the time, the logs of the CronJob pod looks like the following example, as it will not be changing anything:
+
+.Example output
+[source,terminal]
+----
+ingresscontroller.operator.openshift.io/default patched (no change)
+----
+====
++
+.. Clusters using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator]:
++
+If you are using the xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-config-custom-domains-applications[Custom Domain Operator], the CronJob needs to loop through and patch each Ingress Controller.
+To create this CronJob, run the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: tls-patch
+  namespace: openshift-ingress-operator
+spec:
+  schedule: '@hourly'
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: tls-patch
+              image: registry.redhat.io/openshift4/ose-tools-rhel8:latest
+              args:
+                - /bin/sh
+                - '-c'
+                - for ic in $(oc get ingresscontroller -o name -n openshift-ingress-operator); do oc patch ${ic} -n openshift-ingress-operator --type=merge -p '{"spec":{"tlsSecurityProfile":{"type":"Custom","custom":{"ciphers":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-CHACHA20-POLY1305","ECDHE-RSA-CHACHA20-POLY1305","DHE-RSA-AES128-GCM-SHA256","DHE-RSA-AES256-GCM-SHA384","TLS_CHACHA20_POLY1305_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"],"minTLSVersion":"VersionTLS12"}}}}'; done
+          restartPolicy: Never
+          serviceAccountName: cron-ingress-patch-sa
+EOF
+----
++
+[NOTE]
+====
+This CronJob runs every hour and patches the Ingress Controllers, if necessary. It is important that this CronJob does not run constantly, as it can trigger reconciles that could overload the OpenShift Ingress Operator. Most of the time, the logs of the CronJob pod will look something like this, as it will not be changing anything:
+
+.Example output
+[source,terminal]
+----
+ingresscontroller.operator.openshift.io/default patched (no change)
+ingresscontroller.operator.openshift.io/custom1 patched (no change)
+ingresscontroller.operator.openshift.io/custom2 patched (no change)
+----
+====
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/cloud_experts_tutorials/cloud-experts-consistent-egress-ip.adoc b/cloud_experts_tutorials/cloud-experts-consistent-egress-ip.adoc
new file mode 100644
index 000000000000..ab764e04fbd5
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-consistent-egress-ip.adoc
@@ -0,0 +1,416 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-consistent-egress-ip"]
+= Tutorial: Assigning consistent egress IP for external traffic
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-consistent-egress-ip
+
+toc::[]
+
+// Mobb content metadata
+// Brought into ROSA product docs 2023-09-19
+// ---
+// date: '2023-02-28'
+// title: Assign Consistent Egress IP for External Traffic
+// tags: ["OSD", "ROSA", "ARO"]
+// authors:
+//  - 'Dustin Scott'
+// ---
+
+It might be desirable to assign a consistent IP address for traffic that leaves the cluster when configuring items such as security groups or other sorts of security controls which require an IP-based configuration. By default, {product-title} (ROSA) (using the OVN-Kubernetes CNI) assigns random IP addresses from a pool which makes configuring security lockdowns unpredictable or unnecessarily open. This guide shows you how to configure a set of predictable IP addresses for egress cluster traffic to meet common security standards and guidance and other potential use cases.
+
+See the link:https://docs.openshift.com/container-platform/latest/networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.html[OpenShift documentation on this topic] for more information.
+
+== Prerequisites
+
+* ROSA cluster deployed with OVN-Kubernetes
+* OpenShift CLI (`oc`)
+* ROSA CLI (`rosa`)
+* `jq`
+
+=== Environment
+
+This sets environment variables for the tutorial so that you do not need to copy/paste in your own. Be sure to replace the `ROSA_MACHINE_POOL_NAME` variable if you wish to target a different Machine Pool.:
+
+[source,terminal]
+----
+$ export ROSA_CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export ROSA_MACHINE_POOL_NAME=Default
+----
+
+== Ensure capacity
+
+For each public cloud provider, there is a limit on the number of IP addresses that may be assigned per node. This can affect the ability to assign an egress IP address. To verify sufficient capacity, you can run the following command to print out the currently assigned IP addresses versus the total capacity in order to identify any nodes which may affected:
+
+[source,terminal]
+----
+$ oc get node -o json | \
+    jq '.items[] |
+        {
+            "name": .metadata.name,
+            "ips": (.status.addresses | map(select(.type == "InternalIP") | .address)),
+            "capacity": (.metadata.annotations."cloud.network.openshift.io/egress-ipconfig" | fromjson[] | .capacity.ipv4)
+        }'
+----
+
+.Example output
+[source,terminal]
+---
+{
+  "name": "ip-10-10-145-88.ec2.internal",
+  "ips": [
+    "10.10.145.88"
+  ],
+  "capacity": 14
+}
+{
+  "name": "ip-10-10-154-175.ec2.internal",
+  "ips": [
+    "10.10.154.175"
+  ],
+  "capacity": 14
+}
+---
+
+[NOTE]
+====
+The above example uses `jq` as a friendly filter. If you do not have `jq` installed, you can review the `metadata.annotations['cloud.network.openshift.io/egress-ipconfig']` field of each node manually to verify node capacity.
+====
+
+== Create the egress IP rule(s)
+
+[NOTE]
+====
+Generally speaking, it would be ideal to label the nodes prior to assigning the egress IP addresses, however there is a bug that exists which needs to be fixed first. Once this is fixed, the process and documentation will be re-ordered to address this. See link:https://issues.redhat.com/browse/OCPBUGS-4969[OCPBUGS-4969].
+====
+
+=== Identify the egress IPs
+
+Before creating the rules, we should identify which egress IPs that we will use. It should be noted that the egress IPs that you select should exist as a part of the subnets in which the worker nodes are provisioned into.
+
+=== Reserve the egress IPs
+
+It is recommended, but not required, to reserve the egress IPs that you have requested to avoid conflicts with the AWS VPC DHCP service. To do so, you can request explicit IP reservations by link:https://docs.aws.amazon.com/vpc/latest/userguide/subnet-cidr-reservation.html[following the AWS documentation for CIDR reservations].
+
+== Deploy an egress IP to a namespace
+
+Create a project to demonstrate assigning egress IP addresses based on a namespace selection:
+
+[source,terminal]
+----
+$ oc new-project demo-egress-ns
+----
+
+Create the egress rule. This rule will ensure that egress traffic will be applied to all pods within the namespace that we just created using the `spec.namespaceSelector` field:
+
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: k8s.ovn.org/v1
+kind: EgressIP
+metadata:
+  name: demo-egress-ns
+spec:
+  # NOTE: these egress IPs are within the subnet range(s) in which my worker nodes
+  #       are deployed.
+  egressIPs:
+    - 10.10.100.253
+    - 10.10.150.253
+    - 10.10.200.253
+  namespaceSelector:
+    matchLabels:
+      kubernetes.io/metadata.name: demo-egress-ns
+EOF
+----
+
+=== Assign an egress IP to a pod
+
+Create a project to demonstrate assigning egress IP addresses based on a pod selection:
+
+[source,terminal]
+----
+$ oc new-project demo-egress-pod
+----
+
+Create the egress rule. This rule will ensure that egress traffic will be applied to the pod which we just created using the `spec.podSelector` field. It should be noted that `spec.namespaceSelector` is a mandatory field:
+
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: k8s.ovn.org/v1
+kind: EgressIP
+metadata:
+  name: demo-egress-pod
+spec:
+  # NOTE: these egress IPs are within the subnet range(s) in which my worker nodes
+  #       are deployed.
+  egressIPs:
+    - 10.10.100.254
+    - 10.10.150.254
+    - 10.10.200.254
+  namespaceSelector:
+    matchLabels:
+      kubernetes.io/metadata.name: demo-egress-pod
+  podSelector:
+    matchLabels:
+      run: demo-egress-pod
+EOF
+----
+
+=== Label the nodes
+
+You can run `oc get egressips` and see that the egress IP assignments are pending.
+
+.Example output
+[source,terminal]
+----
+NAME              EGRESSIPS       ASSIGNED NODE   ASSIGNED EGRESSIPS
+demo-egress-ns    10.10.100.253
+demo-egress-pod   10.10.100.254
+----
+
+To complete the egress IP assignment, we need to assign a specific label to the nodes. The egress IP rule that you created in a previous step only applies to nodes with the `k8s.ovn.org/egress-assignable` label. We want to ensure that label exists on only a specific machinepool as set using an environment variable in the set environment variables step.
+
+Assign the necessary label to your machine pool using the following command:
+
+[WARNING]
+====
+If you are reliant upon any node labels for your machinepool, this command will replace those labels. Be sure to input your desired labels into the `--labels` field to ensure your node labels persist.
+====
+
+[source,terminal]
+----
+$ rosa update machinepool ${ROSA_MACHINE_POOL_NAME} \
+  --cluster="${ROSA_CLUSTER_NAME}" \
+  --labels "k8s.ovn.org/egress-assignable="
+----
+
+=== Review the egress IPs
+
+You can review the egress IP assignments by running `oc get egressips` which will produce output as follows:
+
+.Example output
+[source,terminal]
+----
+NAME              EGRESSIPS       ASSIGNED NODE                   ASSIGNED EGRESSIPS
+demo-egress-ns    10.10.100.253   ip-10-10-156-122.ec2.internal   10.10.150.253
+demo-egress-pod   10.10.100.254   ip-10-10-156-122.ec2.internal   10.10.150.254
+----
+
+== Test the egress IP rule
+
+=== Deploy a sample application
+
+To test the rule, we will create a service which is locked down only to the egress IP addresses in which we have specified. This will simulate an external service which is expecting a small subset of IP addresses.
+
+Run the echoserver which gives us some helpful information:
+
+[source,terminal]
+----
+$ oc -n default run demo-service --image=gcr.io/google_containers/echoserver:1.4
+----
+
+Expose the pod as a service, limiting the ingress (via the `.spec.loadBalancerSourceRanges` field) to the service to only the egress IP addresses in which we specified our pods should be using:
+
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: v1
+kind: Service
+metadata:
+  name: demo-service
+  namespace: default
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
+    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+spec:
+  selector:
+    run: demo-service
+  ports:
+    - port: 80
+      targetPort: 8080
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  # NOTE: this limits the source IPs that are allowed to connect to our service.  It
+  #       is being used as part of this demo, restricting connectivity to our egress
+  #       IP addresses only.
+  # NOTE: these egress IPs are within the subnet range(s) in which my worker nodes
+  #       are deployed.
+  loadBalancerSourceRanges:
+    - 10.10.100.254/32
+    - 10.10.150.254/32
+    - 10.10.200.254/32
+    - 10.10.100.253/32
+    - 10.10.150.253/32
+    - 10.10.200.253/32
+EOF
+----
+
+Retrieve the load balancer hostname as the `LOAD_BALANCER_HOSTNAME` environment variable which you can copy and use for following steps:
+
+[source,terminal]
+----
+$ export LOAD_BALANCER_HOSTNAME=$(oc get svc -n default demo-service -o json | jq -r '.status.loadBalancer.ingress[].hostname')
+----
+
+=== Test namespace egress
+
+Test the namespace egress rule which was created previously. The following starts an interactive shell which allows you to run curl against the demo service:
+
+[source,terminal]
+----
+$ oc run \
+  demo-egress-ns \
+  -it \
+  --namespace=demo-egress-ns \
+  --env=LOAD_BALANCER_HOSTNAME=$LOAD_BALANCER_HOSTNAME \
+  --image=registry.access.redhat.com/ubi9/ubi -- \
+  bash
+----
+
+Once inside the pod, you can send a request to the load balancer, ensuring that you can successfully connect:
+
+[source,terminal]
+----
+$ curl -s http://$LOAD_BALANCER_HOSTNAME
+----
+
+You should see output similar to the following, indicating a successful connection. It should be noted that the `client_address` below is the internal IP address of the load balancer rather than our egress IP. Successful connectivity (by limiting the service to `.spec.loadBalancerSourceRanges`) is what provides a successful demonstration:
+
+.Example output
+[source,terminal]
+----
+CLIENT VALUES:
+client_address=10.10.207.247
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://internal-a3e61de18bfca4a53a94a208752b7263-148284314.us-east-1.elb.amazonaws.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.10.0 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+host=internal-a3e61de18bfca4a53a94a208752b7263-148284314.us-east-1.elb.amazonaws.com
+user-agent=curl/7.76.1
+BODY:
+-no body in request-
+----
+
+You can safely exit the pod once you are done:
+
+[source,terminal]
+----
+$ exit
+----
+
+=== Test pod egress
+
+Test the pod egress rule which was created previously. The following starts an interactive shell which allows you to run curl against the demo service:
+
+[source,terminal]
+----
+$ oc run \
+  demo-egress-pod \
+  -it \
+  --namespace=demo-egress-pod \
+  --env=LOAD_BALANCER_HOSTNAME=$LOAD_BALANCER_HOSTNAME \
+  --image=registry.access.redhat.com/ubi9/ubi -- \
+  bash
+----
+
+Once inside the pod, you can send a request to the load balancer, ensuring that you can successfully connect:
+
+[source,terminal]
+----
+$ curl -s http://$LOAD_BALANCER_HOSTNAME
+----
+
+You should see output similar to the following, indicating a successful connection. It should be noted that the `client_address` below is the internal IP address of the load balancer rather than our egress IP. Successful connectivity (by limiting the service to `.spec.loadBalancerSourceRanges`) is what provides a successful demonstration:
+
+.Example output
+[source,terminal]
+----
+CLIENT VALUES:
+client_address=10.10.207.247
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://internal-a3e61de18bfca4a53a94a208752b7263-148284314.us-east-1.elb.amazonaws.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.10.0 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+host=internal-a3e61de18bfca4a53a94a208752b7263-148284314.us-east-1.elb.amazonaws.com
+user-agent=curl/7.76.1
+BODY:
+-no body in request-
+----
+
+You can safely exit the pod once you are done:
+
+[source,terminal]
+----
+$ exit
+----
+
+=== Test blocked egress
+
+Alternatively to a successful connection, you can see that the traffic is successfully blocked when the egress rules do not apply. Unsuccessful connectivity (by limiting the service to `.spec.loadBalancerSourceRanges`) is what provides a successful demonstration in this scenario:
+
+[source,terminal]
+----
+$ oc run \
+  demo-egress-pod-fail \
+  -it \
+  --namespace=demo-egress-pod \
+  --env=LOAD_BALANCER_HOSTNAME=$LOAD_BALANCER_HOSTNAME \
+  --image=registry.access.redhat.com/ubi9/ubi -- \
+  bash
+----
+
+Once inside the pod, you can send a request to the load balancer:
+
+[source,terminal]
+----
+$ curl -s http://$LOAD_BALANCER_HOSTNAME
+----
+
+The above command should hang. You can safely exit the pod once you are done:
+
+[source,terminal]
+----
+$ exit
+----
+
+== Clean up
+
+You can cleanup your cluster by running the following commands:
+
+[source,terminal]
+----
+$ oc delete svc demo-service -n default; \
+$ oc delete pod demo-service -n default; \
+$ oc delete project demo-egress-ns; \
+$ oc delete project demo-egress-pod; \
+$ oc delete egressip demo-egress-ns; \
+$ oc delete egressip demo-egress-pod
+----
+
+You can cleanup the assigned node labels by running the following commands:
+
+[WARNING]
+====
+If you are reliant upon any node labels for your machinepool, this command will replace those labels. Be sure to input your desired labels into the `--labels` field to ensure your node labels persist.
+====
+
+[source,terminal]
+----
+$ rosa update machinepool ${ROSA_MACHINE_POOL_NAME} \
+  --cluster="${ROSA_CLUSTER_NAME}" \
+  --labels ""
+----
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-deploy-api-data-protection.adoc b/cloud_experts_tutorials/cloud-experts-deploy-api-data-protection.adoc
new file mode 100644
index 000000000000..f578c9f1881b
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-deploy-api-data-protection.adoc
@@ -0,0 +1,610 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-deploy-api-data-protection"]
+= Tutorial: Deploying OpenShift API for Data Protection on a ROSA cluster
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-deploy-api-data-protection
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-12
+//---
+//date: '2022-09-14'
+//title: Deploying OpenShift API for Data Protection on a ROSA cluster
+//tags: ["ROSA", "AWS", "STS", "OADP", "Velero", "Backup", "Restore", "Storage"]
+//authors:
+//  - Paul Czarkowski
+//  - Dustin Scott
+//---
+
+include::snippets/mobb-support-statement.adoc[leveloffset=+1]
+
+.Prerequisites
+
+* A xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[ROSA classic cluster]
+
+.Environment
+
+* Prepare the environment variables:
++
+[NOTE]
+====
+Change the cluster name to match your ROSA cluster and ensure you are logged into the cluster as an Administrator.
+Ensure all fields are outputted correctly before moving on.
+====
++
+[source,terminal]
+----
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
+$ export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed  's|^https://||')
+$ export AWS_ACCOUNT_ID=`aws sts get-caller-identity --query Account --output text`
+$ export CLUSTER_VERSION=`rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.'`
+$ export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
+$ export AWS_PAGER=""
+$ export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
+$ mkdir -p ${SCRATCH}
+$ echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="prepare-aws-account_{context}"]
+== Prepare AWS Account
+
+. Create an IAM Policy to allow for S3 Access:
++
+[source,terminal]
+----
+$ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='RosaOadpVer1'].{ARN:Arn}" --output text)
+if [[ -z "${POLICY_ARN}" ]]; then
+$ cat << EOF > ${SCRATCH}/policy.json
+{
+"Version": "2012-10-17",
+"Statement": [
+ {
+   "Effect": "Allow",
+   "Action": [
+     "s3:CreateBucket",
+     "s3:DeleteBucket",
+     "s3:PutBucketTagging",
+     "s3:GetBucketTagging",
+     "s3:PutEncryptionConfiguration",
+     "s3:GetEncryptionConfiguration",
+     "s3:PutLifecycleConfiguration",
+     "s3:GetLifecycleConfiguration",
+     "s3:GetBucketLocation",
+     "s3:ListBucket",
+     "s3:GetObject",
+     "s3:PutObject",
+     "s3:DeleteObject",
+     "s3:ListBucketMultipartUploads",
+     "s3:AbortMultipartUpload",
+     "s3:ListMultipartUploadParts",
+     "ec2:DescribeSnapshots",
+     "ec2:DescribeVolumes",
+     "ec2:DescribeVolumeAttribute",
+     "ec2:DescribeVolumesModifications",
+     "ec2:DescribeVolumeStatus",
+     "ec2:CreateTags",
+     "ec2:CreateVolume",
+     "ec2:CreateSnapshot",
+     "ec2:DeleteSnapshot"
+   ],
+   "Resource": "*"
+ }
+]}
+EOF
+$ POLICY_ARN=$(aws iam create-policy --policy-name "RosaOadpVer1" \
+--policy-document file:///${SCRATCH}/policy.json --query Policy.Arn \
+--tags Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-oadp Key=operator_name,Value=openshift-oadp \
+--output text)
+fi
+$ echo ${POLICY_ARN}
+----
+
+. Create an IAM Role trust policy for the cluster:
++
+[source,terminal]
+----
+$ cat <<EOF > ${SCRATCH}/trust-policy.json
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Principal": {
+      "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT}"
+    },
+    "Action": "sts:AssumeRoleWithWebIdentity",
+    "Condition": {
+      "StringEquals": {
+         "${OIDC_ENDPOINT}:sub": [
+           "system:serviceaccount:openshift-adp:openshift-adp-controller-manager",
+           "system:serviceaccount:openshift-adp:velero"]
+      }
+    }
+  }]
+}
+EOF
+$ ROLE_ARN=$(aws iam create-role --role-name \
+ "${ROLE_NAME}" \
+  --assume-role-policy-document file://${SCRATCH}/trust-policy.json \
+  --tags Key=rosa_cluster_id,Value=${ROSA_CLUSTER_ID} Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-adp Key=operator_name,Value=openshift-oadp \
+  --query Role.Arn --output text)
+
+$ echo ${ROLE_ARN}
+----
+
+. Attach the IAM Policy to the IAM Role:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy --role-name "${ROLE_NAME}" \
+ --policy-arn ${POLICY_ARN}
+----
+
+[id="deploy-oadp-on-cluster_{context}"]
+== Deploy OADP on the cluster
+
+. Create a namespace for OADP:
++
+[source,terminal]
+----
+$ oc create namespace openshift-adp
+----
+
+. Create a credentials secret:
++
+[source,terminal]
+----
+$ cat <<EOF > ${SCRATCH}/credentials
+[default]
+role_arn = ${ROLE_ARN}
+web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+EOF
+$ oc -n openshift-adp create secret generic cloud-credentials \
+ --from-file=${SCRATCH}/credentials
+----
+
+. Deploy the OADP Operator:
++
+[NOTE]
+====
+There is currently an issue with version 1.1 of the Operator with backups that have a `PartiallyFailed` status. This does not seem to affect the backup and restore process, but it should be noted as there are issues with it.
+====
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+ generateName: openshift-adp-
+ namespace: openshift-adp
+ name: oadp
+spec:
+ targetNamespaces:
+ - openshift-adp
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+ name: redhat-oadp-operator
+ namespace: openshift-adp
+spec:
+ channel: stable-1.2
+ installPlanApproval: Automatic
+ name: redhat-oadp-operator
+ source: redhat-operators
+ sourceNamespace: openshift-marketplace
+EOF
+----
+
+. Wait for the Operator to be ready:
++
+[source,terminal]
+----
+$ watch oc -n openshift-adp get pods
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                                READY   STATUS    RESTARTS   AGE
+openshift-adp-controller-manager-546684844f-qqjhn   1/1     Running   0          22s
+----
+
+. Create Cloud Storage:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+apiVersion: oadp.openshift.io/v1alpha1
+kind: CloudStorage
+metadata:
+ name: ${CLUSTER_NAME}-oadp
+ namespace: openshift-adp
+spec:
+ creationSecret:
+   key: credentials
+   name: cloud-credentials
+ enableSharedConfig: true
+ name: ${CLUSTER_NAME}-oadp
+ provider: aws
+ region: $REGION
+EOF
+----
+
+. Check your application's storage default storage class:
++
+[source,terminal]
+----
+$ oc get pvc -n <namespace> <1>
+----
+<1> Enter your application's namespace.
++
+.Example output
+[source,terminal]
+----
+NAME     STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+applog   Bound    pvc-351791ae-b6ab-4e8b-88a4-30f73caf5ef8   1Gi        RWO            gp3-csi        4d19h
+mysql    Bound    pvc-16b8e009-a20a-4379-accc-bc81fedd0621   1Gi        RWO            gp3-csi        4d19h
+----
++
+[source,terminal]
+----
+$ oc get storageclass
+----
++
+.Example output
+[source,terminal]
+----
+NAME                PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+gp2                 kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   true                   4d21h
+gp2-csi             ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   4d21h
+gp3                 ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   4d21h
+gp3-csi (default)   ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   4d21h
+----
++
+Using either gp3-csi, gp2-csi, gp3 or gp2 will work.
+If the application(s) that are being backed up are all using PV's with CSI, include the CSI plugin in the OADP DPA configuration.
+
+. CSI only: Deploy a Data Protection Application:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+ name: ${CLUSTER_NAME}-dpa
+ namespace: openshift-adp
+spec:
+ backupImages: false
+ features:
+   dataMover:
+     enable: false
+ backupLocations:
+ - bucket:
+     cloudStorageRef:
+       name: ${CLUSTER_NAME}-oadp
+     credential:
+       key: credentials
+       name: cloud-credentials
+     prefix: velero
+     default: true
+     config:
+       region: ${REGION}
+ configuration:
+   velero:
+     defaultPlugins:
+     - openshift
+     - aws
+     - csi
+   restic:
+     enable: false
+EOF
+----
++
+[NOTE]
+====
+If you run this command for CSI volumes, you can skip the next step.
+====
+
+. Non-CSI volumes: Deploy a Data Protection Application:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+ name: ${CLUSTER_NAME}-dpa
+ namespace: openshift-adp
+spec:
+ backupImages: false
+ features:
+   dataMover:
+     enable: false
+ backupLocations:
+ - bucket:
+     cloudStorageRef:
+       name: ${CLUSTER_NAME}-oadp
+     credential:
+       key: credentials
+       name: cloud-credentials
+     prefix: velero
+     default: true
+     config:
+       region: ${REGION}
+ configuration:
+   velero:
+     defaultPlugins:
+     - openshift
+     - aws
+   restic:
+     enable: false
+ snapshotLocations:
+   - velero:
+       config:
+         credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials
+         enableSharedConfig: 'true'
+         profile: default
+         region: ${REGION}
+       provider: aws
+EOF
+----
+
+[NOTE]
+====
+* Container image backup and restore (`spec.backupImages=false`) is disabled and not supported in OADP 1.1.x
+or OADP 1.2.0 ROSA STS environments.
+* The Restic feature (`restic.enable=false`) is disabled and not supported in ROSA STS environments.
+* The DataMover feature (`dataMover.enable=false`) is disabled and not supported in ROSA STS environments.
+====
+
+[id="perform-a-backup_{context}"]
+== Perform a backup
+
+[NOTE]
+====
+The following sample hello-world application has no attached PV's.
+Either DPA configuration will work.
+====
+
+. Create a workload to back up:
++
+[source,terminal]
+----
+$ oc create namespace hello-world
+$ oc new-app -n hello-world --image=docker.io/openshift/hello-openshift
+----
+
+. Expose the route:
++
+[source,terminal]
+----
+$ oc expose service/hello-openshift -n hello-world
+----
+
+. Check that the application is working:
++
+[source,terminal]
+----
+$ curl `oc get route/hello-openshift -n hello-world -o jsonpath='{.spec.host}'`
+----
++
+.Example output
++
+[source,terminal]
+----
+Hello OpenShift!
+----
+
+. Back up the workload:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+ name: hello-world
+ namespace: openshift-adp
+spec:
+ includedNamespaces:
+ - hello-world
+ storageLocation: ${CLUSTER_NAME}-dpa-1
+ ttl: 720h0m0s
+EOF
+----
+
+. Wait until the backup is done:
++
+[source,terminal]
+----
+$ watch "oc -n openshift-adp get backup hello-world -o json | jq .status"
+----
++
+.Example output
+[source,JSON]
+----
+{
+ "completionTimestamp": "2022-09-07T22:20:44Z",
+ "expiration": "2022-10-07T22:20:22Z",
+ "formatVersion": "1.1.0",
+ "phase": "Completed",
+ "progress": {
+   "itemsBackedUp": 58,
+   "totalItems": 58
+ },
+ "startTimestamp": "2022-09-07T22:20:22Z",
+ "version": 1
+}
+----
+
+. Delete the demo workload:
++
+[source,terminal]
+----
+$ oc delete ns hello-world
+----
+
+. Restore from the backup:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+ name: hello-world
+ namespace: openshift-adp
+spec:
+ backupName: hello-world
+EOF
+----
+
+. Wait for the Restore to finish:
++
+[source,terminal]
+----
+$ watch "oc -n openshift-adp get restore hello-world -o json | jq .status"
+----
++
+.Example output
+[source,JSON]
+----
+{
+ "completionTimestamp": "2022-09-07T22:25:47Z",
+ "phase": "Completed",
+ "progress": {
+   "itemsRestored": 38,
+   "totalItems": 38
+ },
+ "startTimestamp": "2022-09-07T22:25:28Z",
+ "warnings": 9
+}
+----
+
+. Check that the workload is restored:
++
+[source,terminal]
+----
+$ oc -n hello-world get pods
+----
++
+.Example output
+[source,terminal]
+----
+NAME                              READY   STATUS    RESTARTS   AGE
+hello-openshift-9f885f7c6-kdjpj   1/1     Running   0          90s
+----
++
+[source,terminal]
+----
+$ curl `oc get route/hello-openshift -n hello-world -o jsonpath='{.spec.host}'`
+----
++
+.Example output
+[source,terminal]
+----
+Hello OpenShift!
+----
+
+. For troubleshooting tips please refer to the OADP team's link:https://github.com/openshift/oadp-operator/blob/master/docs/TROUBLESHOOTING.md[troubleshooting documentation]
+
+. Additional sample applications can be found in the OADP team's link:https://github.com/openshift/oadp-operator/tree/master/tests/e2e/sample-applications[sample applications directory]
+
+[id="cleanup_{context}"]
+== Cleanup
+
+. Delete the workload:
++
+[source,terminal]
+----
+$ oc delete ns hello-world
+----
+
+. Remove the backup and restore resources from the cluster if they are no longer required:
++
+[source,terminal]
+----
+$ oc delete backup hello-world
+$ oc delete restore hello-world
+----
+
+. To delete the backup/restore and remote objects in s3:
++
+[source,terminal]
+----
+$ velero backup delete hello-world
+$ velero restore delete hello-world
+----
+
+. Delete the Data Protection Application:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete dpa ${CLUSTER_NAME}-dpa
+----
+
+. Delete the Cloud Storage:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete cloudstorage ${CLUSTER_NAME}-oadp
+----
++
+[WARNING]
+====
+If this command hangs, you might need to delete the finalizer:
+[source,terminal]
+----
+$ oc -n openshift-adp patch cloudstorage ${CLUSTER_NAME}-oadp -p '{"metadata":{"finalizers":null}}' --type=merge
+----
+====
+
+. Remove the Operator if it is no longer required:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete subscription oadp-operator
+----
+
+. Remove the namespace for the Operator:
++
+[source,terminal]
+----
+$ oc delete ns redhat-openshift-adp
+----
+
+. Remove the Custom Resource Definitions from the cluster if you no longer wish to have them:
++
+[source,terminal]
+----
+$ for CRD in `oc get crds | grep velero | awk '{print $1}'`; do oc delete crd $CRD; done
+$ for CRD in `oc get crds | grep -i oadp | awk '{print $1}'`; do oc delete crd $CRD; done
+----
+
+. Delete the AWS S3 Bucket:
++
+[source,terminal]
+----
+$ aws s3 rm s3://${CLUSTER_NAME}-oadp --recursive
+$ aws s3api delete-bucket --bucket ${CLUSTER_NAME}-oadp
+----
+
+. Detach the Policy from the role:
++
+[source,terminal]
+----
+$ aws iam detach-role-policy --role-name "${ROLE_NAME}" \
+ --policy-arn "${POLICY_ARN}"
+----
+
+. Delete the role:
++
+[source,terminal]
+----
+$ aws iam delete-role --role-name "${ROLE_NAME}"
+----
\ No newline at end of file
diff --git a/sd_support/_attributes b/cloud_experts_tutorials/cloud-experts-deploying-application/_attributes
similarity index 100%
rename from sd_support/_attributes
rename to cloud_experts_tutorials/cloud-experts-deploying-application/_attributes
diff --git a/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-intro.adoc b/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-intro.adoc
new file mode 100644
index 000000000000..8a8f7628259e
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-intro.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-deploying-application-intro"]
+= Tutorial: Deploying an application
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-deploying-application-intro
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-12-14
+
+== Introduction
+
+After successfully provisioning your cluster, you can deploy an application on it. This application allows you to become more familiar with some of the features of {product-title} (ROSA) and Kubernetes.
+
+=== Lab overview
+In this lab, you will complete the following set of tasks designed to help you understand the concepts of deploying and operating container-based applications:
+
+* Deploy a Node.js based app by using S2I and Kubernetes Deployment objects.
+* Set up a continuous delivery (CD) pipeline to automatically push source code changes.
+* Explore logging.
+* Experience self healing of applications.
+* Explore configuration management through configmaps, secrets, and environment variables.
+* Use persistent storage to share data across pod restarts.
+* Explore networking within Kubernetes and applications.
+* Familiarize yourself with ROSA and Kubernetes functionality.
+* Automatically scale pods based on loads from the Horizontal Pod Autoscaler.
+* Use AWS Controllers for Kubernetes (ACK) to deploy and use an S3 bucket.
+
+This lab uses either the ROSA CLI or ROSA web user interface (UI). 
diff --git a/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-lab-overview.adoc b/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-lab-overview.adoc
new file mode 100644
index 000000000000..c85afbf7ad6d
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-lab-overview.adoc
@@ -0,0 +1,279 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-deploying-application-lab-overview"]
+= Tutorial: Deploying an application
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-deploying-application-intro
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 22-JAN-2024
+
+== Lab overview
+
+=== Lab resources
+
+* link:https://github.com/openshift-cs/ostoy[Source code for the OSToy application]
+* link:https://quay.io/ostoylab/ostoy-frontend[OSToy front-end container image]
+* link:https://quay.io/ostoylab/ostoy-microservice[OSToy microservice container image]
+* Deployment Definition YAML files:
++
+.`ostoy-frontend-deployment.yaml`
++
+[source,yaml]
+----
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ostoy-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ostoy-frontend
+  labels:
+    app: ostoy
+spec:
+  selector:
+    matchLabels:
+      app: ostoy-frontend
+  strategy:
+    type: Recreate
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: ostoy-frontend
+    spec:
+      # Uncomment to use with ACK portion of the workshop
+      # If you chose a different service account name please replace it.
+      # serviceAccount: ostoy-sa
+      containers:
+      - name: ostoy-frontend
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
+        image: quay.io/ostoylab/ostoy-frontend:1.6.0
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: ostoy-port
+          containerPort: 8080
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "200m"
+        volumeMounts:
+        - name: configvol
+          mountPath: /var/config
+        - name: secretvol
+          mountPath: /var/secret
+        - name: datavol
+          mountPath: /var/demo_files
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 5
+        env:
+        - name: ENV_TOY_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: ostoy-secret-env
+              key: ENV_TOY_SECRET
+        - name: MICROSERVICE_NAME
+          value: OSTOY_MICROSERVICE_SVC
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+      volumes:
+        - name: configvol
+          configMap:
+            name: ostoy-configmap-files
+        - name: secretvol
+          secret:
+            defaultMode: 420
+            secretName: ostoy-secret
+        - name: datavol
+          persistentVolumeClaim:
+            claimName: ostoy-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ostoy-frontend-svc
+  labels:
+    app: ostoy-frontend
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: ostoy-port
+      protocol: TCP
+      name: ostoy
+  selector:
+    app: ostoy-frontend
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: ostoy-route
+spec:
+  to:
+    kind: Service
+    name: ostoy-frontend-svc
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ostoy-secret-env
+type: Opaque
+data:
+  ENV_TOY_SECRET: VGhpcyBpcyBhIHRlc3Q=
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: ostoy-configmap-files
+data:
+  config.json:  '{ "default": "123" }'
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ostoy-secret
+data:
+  secret.txt: VVNFUk5BTUU9bXlfdXNlcgpQQVNTV09SRD1AT3RCbCVYQXAhIzYzMlk1RndDQE1UUWsKU01UUD1sb2NhbGhvc3QKU01UUF9QT1JUPTI1
+type: Opaque
+----
++
+.`ostoy-microservice-deployment.yaml`
++
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ostoy-microservice
+  labels:
+    app: ostoy
+spec:
+  selector:
+    matchLabels:
+      app: ostoy-microservice
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: ostoy-microservice
+    spec:
+      containers:
+      - name: ostoy-microservice
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
+        image: quay.io/ostoylab/ostoy-microservice:1.5.0
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "50m"
+          limits:
+            memory: "256Mi"
+            cpu: "100m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ostoy-microservice-svc
+  labels:
+    app: ostoy-microservice
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 8080
+      protocol: TCP
+  selector:
+    app: ostoy-microservice
+----
+* S3 bucket manifest for ACK S3
++
+.`s3-bucket.yaml`
++
+[source,yaml]
+----
+apiVersion: s3.services.k8s.aws/v1alpha1
+kind: Bucket
+metadata:
+  name: ostoy-bucket
+  namespace: ostoy
+spec:
+  name: ostoy-bucket
+----
+
+[NOTE]
+====
+To simplify deployment of the OSToy application, all of the objects required in the above deployment manifests are grouped together. For a typical enterprise deployment, a separate manifest file for each Kubernetes object is recommended.
+====
+
+=== About the OSToy application
+
+OSToy is a simple Node.js application that you will deploy to a ROSA cluster to help explore the functionality of Kubernetes. This application has a user interface where you can:
+
+* Write messages to the log (stdout / stderr).
+* Intentionally crash the application to view self-healing.
+* Toggle a liveness probe and monitor OpenShift behavior.
+* Read config maps, secrets, and env variables.
+* If connected to shared storage, read and write files.
+* Check network connectivity, intra-cluster DNS, and intra-communication with the included microservice.
+* Increase the load to view automatic scaling of the pods to handle the load using the Horizontal Pod Autoscaler.
+* Optional: Connect to an AWS S3 bucket to read and write objects.
+
+=== OSToy Application Diagram
+
+image::ostoy-arch.png[OSToy architecture diagram]
+
+=== Understanding the OSToy UI
+
+image::ostoy-homepage.png[Preview of the OSToy homepage]
+
+1. Shows the pod name that served your browser the page.
+2. *Home:* The main page of the application where you can perform some of the functions listed which we will explore.
+3. *Persistent Storage:* Allows you to write data to the persistent volume bound to this application.
+4. *Config Maps:*  Shows the contents of configmaps available to the application and the key:value pairs.
+5. *Secrets:* Shows the contents of secrets available to the application and the key:value pairs.
+6. *ENV Variables:* Shows the environment variables available to the application.
+7. *Networking:* Tools to illustrate networking within the application.
+8. *Pod Auto Scaling:* Tool to increase the load of the pods and test the HPA.
+9. *ACK S3:* Optional: Integrate with AWS S3 to read and write objects to a bucket. 
++
+[NOTE]
+====
+In order see the "ACK S3" section of OSToy, you must complete the ACK section of this workshop. If you decide not to complete that section, the OSToy application will still function.
+====
++
+10. *About:* Displays more information about the application.
diff --git a/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-prerequisites.adoc b/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-prerequisites.adoc
new file mode 100644
index 000000000000..a8b663d98d5e
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-prerequisites.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-deploying-application-prerequisites"]
+= Tutorial: Deploying an application
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-deploying-application-prerequisites
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 22-JAN-2024
+
+== Prerequisites
+
+. A Provisioned ROSA cluster
++
+This lab assumes you have access to a successfully provisioned a ROSA cluster. If you have not yet created a ROSA cluster, see xref:../../rosa_getting_started/rosa-quickstart-guide-ui.html#rosa-getting-started-prerequisites_rosa-quickstart-guide-ui[Red Hat OpenShift Service on AWS quickstart guide] for more information.
+
+. The OpenShift Command Line Interface (CLI)
++
+For more information, see xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[Getting started with the OpenShift CLI].
+
+. A GitHub Account
++
+Use your existing GitHub account or register at link:https://github.com/signup[https://github.com/signup].
diff --git a/distr_tracing/distr_tracing_config/images b/cloud_experts_tutorials/cloud-experts-deploying-application/images
similarity index 100%
rename from distr_tracing/distr_tracing_config/images
rename to cloud_experts_tutorials/cloud-experts-deploying-application/images
diff --git a/rosa_cli/modules b/cloud_experts_tutorials/cloud-experts-deploying-application/modules
similarity index 100%
rename from rosa_cli/modules
rename to cloud_experts_tutorials/cloud-experts-deploying-application/modules
diff --git a/cloud_experts_tutorials/cloud-experts-deploying-application/snippets b/cloud_experts_tutorials/cloud-experts-deploying-application/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-deploying-application/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-dynamic-certificate-custom-domain.adoc b/cloud_experts_tutorials/cloud-experts-dynamic-certificate-custom-domain.adoc
new file mode 100644
index 000000000000..42ac22737fb6
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-dynamic-certificate-custom-domain.adoc
@@ -0,0 +1,544 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-dynamic-certificate-custom-domain"]
+= Tutorial: Dynamically issuing certificates using the cert-manager Operator on ROSA
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-dynamic-certificate-custom-domain
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-20
+//---
+//date: '2022-10-11'
+//title: Dynamic Certificates for ROSA Custom Domain
+//weight: 1
+//tags: ["AWS", "ROSA"]
+//authors:
+//   Kevin Collins
+//---
+
+While wildcard certificates provide simplicity by securing all first-level subdomains of a given domain with a single certificate, other use cases can require the use of individual certificates per domain.
+
+Learn how to use the link:https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html[cert-manager Operator for Red Hat OpenShift] and link:https://letsencrypt.org/[Let's Encrypt] to dynamically issue certificates for routes created using a custom domain.
+
+[id="cloud-experts-dynamic-certificate-custom-domain-prerequisites"]
+== Prerequisites
+
+* A ROSA cluster
+* A user account with `cluster-admin` privileges
+* The OpenShift CLI (`oc`)
+* The Amazon Web Services (AWS) CLI (`aws`)
+* A unique domain, such as `*.apps.<company_name>.io`
+* An Amazon Route 53 public hosted zone for the above domain
+
+[id="cloud-experts-dynamic-certificate-custom-domain-environment-setup"]
+== Setting up your environment
+
+. Configure the following environment variables:
++
+[source,terminal]
+----
+$ export DOMAIN=apps.<company_name>.io <1>
+$ export EMAIL=<youremail@company_name.io> <2>
+$ export AWS_PAGER=""
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o json | jq -r .spec.serviceAccountIssuer | sed  's|^https://||')
+$ export REGION=$(oc get infrastructure cluster -o=jsonpath="{.status.platformStatus.aws.region}")
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+$ export SCRATCH="/tmp/${CLUSTER_NAME}/dynamic-certs"
+$ mkdir -p ${SCRATCH}
+----
+<1> The custom domain.
+<2> The e-mail Let's Encrypt will use to send notifications about your certificates.
+. Ensure all fields output correctly before moving to the next section:
++
+[source,terminal]
+----
+$ echo "Cluster: ${CLUSTER_NAME}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="cloud-experts-dynamic-certificate-prep-aws"]
+== Preparing your AWS account
+
+When cert-manager requests a certificate from Let’s Encrypt (or another ACME certificate issuer), Let's Encrypt servers validate that you control the domain name in that certificate using _challenges_. For this tutorial, you are using a link:https://letsencrypt.org/docs/challenge-types/#dns-01-challenge[DNS-01 challenge] that proves that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name. This is all done automatically by cert-manager. To allow cert-manager permission to modify the Amazon Route 53 public hosted zone for your domain, you need to create an Identity Access Management (IAM) role with specific policy permissions and a trust relationship to allow access to the pod.
+
+The public hosted zone that is used in this tutorial is in the same AWS account as the ROSA cluster. If your public hosted zone is in a different account, a few additional steps for link:https://cert-manager.io/docs/configuration/acme/dns01/route53/#cross-account-access[Cross Account Access] are required.
+
+. Retrieve the Amazon Route 53 public hosted zone ID:
++
+[NOTE]
+====
+This command looks for a public hosted zone that matches the custom domain you specified earlier as the `DOMAIN` environment variable. You can manually specify the Amazon Route 53 public hosted zone by running `export ZONE_ID=<zone_ID>`, replacing `<zone_ID>` with your specific Amazon Route 53 public hosted zone ID.
+====
++
+[source,terminal]
+----
+$ export ZONE_ID=$(aws route53 list-hosted-zones-by-name --output json \
+  --dns-name "${DOMAIN}." --query 'HostedZones[0]'.Id --out text | sed 's/\/hostedzone\///')
+----
++
+. Create an AWS IAM policy document for the `cert-manager` Operator that provides the ability to update _only_ the specified public hosted zone:
++
+[source,terminal]
+----
+$ cat <<EOF > "${SCRATCH}/cert-manager-policy.json"
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "route53:GetChange",
+      "Resource": "arn:aws:route53:::change/*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "route53:ChangeResourceRecordSets",
+        "route53:ListResourceRecordSets"
+      ],
+      "Resource": "arn:aws:route53:::hostedzone/${ZONE_ID}"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "route53:ListHostedZonesByName",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+----
++
+. Create the IAM policy using the file you created in the previous step:
++
+[source,terminal]
+----
+$ POLICY_ARN=$(aws iam create-policy --policy-name "${CLUSTER_NAME}-cert-manager-policy" \
+  --policy-document file://${SCRATCH}/cert-manager-policy.json \
+  --query 'Policy.Arn' --output text)
+----
+. Create an AWS IAM trust policy for the `cert-manager` Operator:
++
+[source,terminal]
+----
+$ cat <<EOF > "${SCRATCH}/trust-policy.json"
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Condition": {
+   "StringEquals" : {
+     "${OIDC_ENDPOINT}:sub": "system:serviceaccount:cert-manager:cert-manager"
+   }
+ },
+ "Principal": {
+   "Federated": "arn:aws:iam::$AWS_ACCOUNT_ID:oidc-provider/${OIDC_ENDPOINT}"
+ },
+ "Action": "sts:AssumeRoleWithWebIdentity"
+ }
+ ]
+}
+EOF
+----
++
+. Create an IAM role for the `cert-manager` Operator using the trust policy you created in the previous step:
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name "${CLUSTER_NAME}-cert-manager-operator" \
+   --assume-role-policy-document "file://${SCRATCH}/trust-policy.json" \
+   --query Role.Arn --output text)
+----
++
+. Attach the permissions policy to the role:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy --role-name "${CLUSTER_NAME}-cert-manager-operator" \
+  --policy-arn ${POLICY_ARN}
+----
+
+[id="cloud-experts-dynamic-certificate-custom-domain-install-cert-man-op"]
+== Installing the cert-manager Operator
+
+. Create a project to install the `cert-manager` Operator into:
++
+[source,terminal]
+----
+$ oc new-project cert-manager-operator
+----
++
+[IMPORTANT]
+====
+Do not attempt to use more than one `cert-manager` Operator in your cluster. If you have a community `cert-manager` Operator installed in your cluster, you must uninstall it before installing the `cert-manager` Operator for Red Hat OpenShift.
+====
++
+. Install the `cert-manager` Operator for Red Hat OpenShift:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-cert-manager-operator-group
+  namespace: cert-manager-operator
+spec:
+  targetNamespaces:
+  - cert-manager-operator
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: openshift-cert-manager-operator
+  namespace: cert-manager-operator
+spec:
+  channel: stable-v1
+  installPlanApproval: Automatic
+  name: openshift-cert-manager-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+EOF
+----
++
+[NOTE]
+====
+It takes a few minutes for this Operator to install and complete its set up.
+====
++
+. Verify that the `cert-manager` Operator is running:
++
+[source,terminal]
+----
+$ oc -n cert-manager-operator get pods
+----
+.Example output
++
+[source,text]
+----
+NAME                                                        READY   STATUS    RESTARTS   AGE
+cert-manager-operator-controller-manager-84b8799db5-gv8mx   2/2     Running   0          12s
+----
++
+. Annotate the service account used by the `cert-manager` pods with the AWS IAM role you created earlier:
++
+[source,terminal]
+----
+$ oc -n cert-manager annotate serviceaccount cert-manager eks.amazonaws.com/role-arn=${ROLE_ARN}
+----
++
+. Restart the existing `cert-manager` controller pod by running the following command:
++
+[source,terminal]
+----
+$ oc -n cert-manager delete pods -l app.kubernetes.io/name=cert-manager
+----
++
+. Patch the Operator's configuration to use external nameservers to prevent DNS-01 challenge resolution issues:
++
+[source,terminal]
+----
+$ oc patch certmanager.operator.openshift.io/cluster --type merge \
+  -p '{"spec":{"controllerConfig":{"overrideArgs":["--dns01-recursive-nameservers-only","--dns01-recursive-nameservers=1.1.1.1:53"]}}}'
+----
++
+. Create a `ClusterIssuer` resource to use Let's Encrypt by running the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: ${EMAIL}
+    # This key doesn't exist, cert-manager creates it
+    privateKeySecretRef:
+      name: prod-letsencrypt-issuer-account-key
+    solvers:
+    - dns01:
+        route53:
+         hostedZoneID: ${ZONE_ID}
+         region: ${REGION}
+         secretAccessKeySecretRef:
+           name: ''
+EOF
+----
++
+. Verify the `ClusterIssuer` resource is ready:
++
+[source,terminal]
+----
+$ oc get clusterissuer.cert-manager.io/letsencrypt-production
+----
++
+.Example output
++
+[source,text]
+----
+NAME                     READY   AGE
+letsencrypt-production   True    47s
+----
+
+[id="cloud-experts-dynamic-certificate-custom-domain-create-cd-ingress-con"]
+== Creating a custom domain Ingress Controller
+
+. Create a new project:
++
+[source,terminal]
+----
+$ oc new-project custom-domain-ingress
+----
++
+. Create and configure a certificate resource to provision a certificate for the custom domain Ingress Controller:
++
+[NOTE]
+====
+The following example uses a single domain certificate. SAN and wildcard certificates are also supported.
+====
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: custom-domain-ingress-cert
+  namespace: custom-domain-ingress
+spec:
+  secretName: custom-domain-ingress-cert-tls
+  issuerRef:
+     name: letsencrypt-production
+     kind: ClusterIssuer
+  commonName: "${DOMAIN}"
+  dnsNames:
+  - "${DOMAIN}"
+EOF
+----
++
+. Verify the certificate has been issued:
++
+[NOTE]
+====
+It takes a few minutes for this certificate to be issued by Let's Encrypt. If it takes longer than 5 minutes, run `oc -n custom-domain-ingress describe certificate.cert-manager.io/custom-domain-ingress-cert` to see any issues reported by cert-manager.
+====
++
+[source,terminal]
+----
+$ oc -n custom-domain-ingress get certificate.cert-manager.io/custom-domain-ingress-cert
+----
++
+.Example output
++
+[source,text]
+----
+NAME                         READY   SECRET                           AGE
+custom-domain-ingress-cert   True    custom-domain-ingress-cert-tls   9m53s
+----
++
+. Create a new `CustomDomain` custom resource (CR):
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: managed.openshift.io/v1alpha1
+kind: CustomDomain
+metadata:
+  name: custom-domain-ingress
+spec:
+  domain: ${DOMAIN}
+  scope: External
+  loadBalancerType: NLB
+  certificate:
+    name: custom-domain-ingress-cert-tls
+    namespace: custom-domain-ingress
+EOF
+----
+. Verify that your custom domain Ingress Controller has been deployed and has a `Ready` status:
++
+[source,terminal]
+----
+$ oc get customdomains
+----
++
+.Example output
+[source,terminal]
+----
+NAME                    ENDPOINT                                                               DOMAIN            STATUS
+custom-domain-ingress   tfoxdx.custom-domain-ingress.cluster.1234.p1.openshiftapps.com         example.com       Ready
+----
++
+. Prepare a document with the necessary DNS changes to enable DNS resolution for your custom domain Ingress Controller:
++
+[source,terminal]
+----
+$ INGRESS=$(oc get customdomain.managed.openshift.io/custom-domain-ingress --template={{.status.endpoint}})
+$ cat << EOF > "${SCRATCH}/create-cname.json"
+{
+  "Comment":"Add CNAME to custom domain endpoint",
+  "Changes":[{
+      "Action":"CREATE",
+      "ResourceRecordSet":{
+        "Name": "*.${DOMAIN}",
+      "Type":"CNAME",
+      "TTL":30,
+      "ResourceRecords":[{
+        "Value": "${INGRESS}"
+      }]
+    }
+  }]
+}
+EOF
+----
++
+. Submit your changes to Amazon Route 53 for propagation:
++
+[source,terminal]
+----
+$ aws route53 change-resource-record-sets \
+  --hosted-zone-id ${ZONE_ID} \
+  --change-batch file://${SCRATCH}/create-cname.json
+----
++
+[NOTE]
+====
+While the wildcard CNAME record avoids the need to create a new record for every new application you deploy using the custom domain Ingress Controller, the certificate that each of these applications use *is not* a wildcard certificate.
+====
+
+[id="cloud-experts-dynamic-certificate-custom-domain-config-dynamic-cert"]
+== Configuring dynamic certificates for custom domain routes
+
+Now you can expose cluster applications on any first-level subdomains of the specified domain, but the connection will not be secured with a TLS certificate that matches the domain of the application. To ensure these cluster applications have valid certificates for each domain name, configure cert-manager to dynamically issue a certificate to every new route created under this domain.
+
+. Create the necessary OpenShift resources cert-manager requires to manage certificates for OpenShift routes.
++
+This step creates a new deployment (and therefore a pod) that specifically monitors annotated routes in the cluster. If the `issuer-kind` and `issuer-name` annotations are found in a new route, it requests the Issuer (ClusterIssuer in this case) for a new certificate that is unique to this route and which will honor the hostname that was specified while creating the route.
++
+[NOTE]
+====
+If the cluster does not have access to GitHub, you can save the raw contents locally and run `oc apply -f localfilename.yaml -n cert-manager`.
+====
++
+[source,terminal]
+----
+$ oc -n cert-manager apply -f https://github.com/cert-manager/openshift-routes/releases/latest/download/cert-manager-openshift-routes.yaml
+----
++
+The following additional OpenShift resources are also created in this step:
++
+* `ClusterRole` - grants permissions to watch and update the routes across the cluster
+* `ServiceAccount` - uses permissions to run the newly created pod
+* `ClusterRoleBinding` -  binds these two resources
++
+. Ensure that the new `cert-manager-openshift-routes` pod is running successfully:
++
+[source,terminal]
+----
+$ oc -n cert-manager get pods
+----
++
+.Example result
++
+[source,terminal]
+----
+NAME                                             READY   STATUS    RESTARTS   AGE
+cert-manager-866d8f788c-9kspc                    1/1     Running   0          4h21m
+cert-manager-cainjector-6885c585bd-znws8         1/1     Running   0          4h41m
+cert-manager-openshift-routes-75b6bb44cd-f8kd5   1/1     Running   0          6s
+cert-manager-webhook-8498785dd9-bvfdf            1/1     Running   0          4h41m
+----
+
+[id="cloud-experts-dynamic-certificate-custom-domain-config-deploy-sample-app"]
+== Deploying a sample application
+
+Now that dynamic certificates are configured, you can deploy a sample application to confirm that certificates are provisioned and trusted when you expose a new route.
+
+. Create a new project for your sample application:
++
+[source,terminal]
+----
+$ oc new-project hello-world
+----
++
+. Deploy a hello world application:
++
+[source,terminal]
+----
+$ oc -n hello-world new-app --image=docker.io/openshift/hello-openshift
+----
++
+. Create a route to expose the application from outside the cluster:
++
+[source,terminal]
+----
+$ oc -n hello-world create route edge --service=hello-openshift hello-openshift-tls --hostname hello.${DOMAIN}
+----
++
+. Verify the certificate for the route is untrusted:
++
+[source,terminal]
+----
+$ curl -I https://hello.${DOMAIN}
+----
+.Example output
++
+[source,text]
+----
+curl: (60) SSL: no alternative certificate subject name matches target host name 'hello.example.com'
+More details here: https://curl.se/docs/sslcerts.html
+
+curl failed to verify the legitimacy of the server and therefore could not
+establish a secure connection to it. To learn more about this situation and
+how to fix it, please visit the web page mentioned above.
+----
++
+. Annotate the route to trigger cert-manager to provision a certificate for the custom domain:
++
+[source,terminal]
+----
+$ oc -n hello-world annotate route hello-openshift-tls cert-manager.io/issuer-kind=ClusterIssuer cert-manager.io/issuer-name=letsencrypt-production
+----
++
+[NOTE]
+====
+It takes 2-3 minutes for the certificate to be created. The renewal of the certificate will automatically be managed by the `cert-manager` Operator as it approaches expiration.
+====
+. Verify the certificate for the route is now trusted:
++
+[source,terminal]
+----
+$ curl -I https://hello.${DOMAIN}
+----
++
+.Example output
++
+[source,terminal]
+----
+HTTP/2 200
+date: Thu, 05 Oct 2023 23:45:33 GMT
+content-length: 17
+content-type: text/plain; charset=utf-8
+set-cookie: 52e4465485b6fb4f8a1b1bed128d0f3b=68676068bb32d24f0f558f094ed8e4d7; path=/; HttpOnly; Secure; SameSite=None
+cache-control: private
+----
+
+[id="cloud-experts-dynamic-certificate-custom-domain-troubleshoot"]
+== Troubleshooting dynamic certificate provisioning
+[NOTE]
+====
+The validation process usually takes 2-3 minutes to complete while creating certificates.
+====
+
+If annotating your route does not trigger certificate creation during the certificate create step, run `oc describe` against each of the `certificate`,`certificaterequest`,`order`, and `challenge` resources to view the events or reasons that can help identify the cause of the issue.
+
+[source,terminal]
+----
+$ oc get certificate,certificaterequest,order,challenge
+----
+
+For troubleshooting, you can refer to this link:https://cert-manager.io/docs/faq/acme/[helpful guide in debugging certificates].
+
+You can also use the link:https://cert-manager.io/docs/reference/cmctl/[cmctl] CLI tool for various certificate management activities, such as checking the status of certificates and testing renewals.
diff --git a/cloud_experts_tutorials/cloud-experts-entra-id-idp.adoc b/cloud_experts_tutorials/cloud-experts-entra-id-idp.adoc
new file mode 100644
index 000000000000..ed250313f800
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-entra-id-idp.adoc
@@ -0,0 +1,259 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-entra-id-idp"]
+= Tutorial: Configuring Microsoft Entra ID (formerly Azure Active Directory) as an identity provider
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-entra-id-idp
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-18
+// ---
+// date: '2022-09-23'
+// title: Configure Azure AD as an OIDC identity provider for ROSA/OSD
+// tags: ["Azure", "ROSA", "OSD"]
+// authors:
+//   - Michael McNeill
+//   - Andrea Bozzoni
+//   - Steve Mirman
+//   - Thatcher Hubbard
+// ---
+
+You can configure Microsoft Entra ID (formerly Azure Active Directory) as the cluster identity provider in {product-title} (ROSA).
+
+This tutorial guides you to complete the following tasks:
+
+. Register a new application in Entra ID for authentication.
+. Configure the application registration in Entra ID to include optional and group claims in tokens.
+. Configure the {product-title} cluster to use Entra ID as the identity provider.
+. Grant additional permissions to individual groups.
+
+[id="cloud-experts-entra-id-idp-prerequisites"]
+== Prerequisites
+
+* You created a set of security groups and assigned users by following link:https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/how-to-manage-groups[the Microsoft documentation].
+
+[id="cloud-experts-entra-id-idp-register-application"]
+== Registering a new application in Entra ID for authentication
+
+To register your application in Entra ID, first create the OAuth callback URL, then register your application.
+
+.Procedure
+
+. Create the cluster's OAuth callback URL by changing the specified variables and running the following command:
++
+[NOTE]
+====
+Remember to save this callback URL; it will be required later in the process.
+====
++
+[source,terminal]
+----
+$ domain=$(rosa describe cluster -c <cluster_name> | grep "DNS" | grep -oE '\S+.openshiftapps.com')
+$ echo "OAuth callback URL: https://oauth-openshift.apps.$domain/oauth2callback/AAD"
+----
++
+The "AAD" directory at the end of the OAuth callback URL must match the OAuth identity provider name that you will set up later in this process.
+
+. Create the Entra ID application by logging in to the Azure portal, and select the link:https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade[App registrations blade]. Then, select *New registration* to create a new application.
++
+image:azure-portal_app-registrations-blade.png[Azure Portal - App registrations blade]
+
+. Name the application, for example `openshift-auth`.
+. Select *Web* from the _Redirect URI_ dropdown and enter the value of the OAuth callback URL you retrieved in the previous step.
+. After providing the required information, click *Register* to create the application.
++
+image:azure-portal_register-an-application-page.png[Azure Portal - Register an application page]
++
+. Select the *Certificates & secrets* sub-blade and select *New client secret*.
++
+image:azure-portal_certificates-secrets-page.png[Azure Portal - Certificates and secrets page]
+
+. Complete the requested details and store the generated client secret value. This secret is required later in this process.
++
+[IMPORTANT]
+====
+After initial setup, you cannot see the client secret. If you did not record the client secret, you must generate a new one.
+====
++
+image:azure-portal_add-a-client-secret-page.png[Azure Portal - Add a Client Secret page]
+
+. Select the *Overview* sub-blade and note the `Application (client) ID` and `Directory (tenant) ID`. You will need these values in a future step.
++
+image:azure-portal_copy-client-secret-page.png[Azure Portal - Copy Client Secret page]
+
+[id="rosa-mobb-entra-id-configure-claims"]
+== Configuring the application registration in Entra ID to include optional and group claims
+
+So that {product-title} has enough information to create the user's account, you must configure Entra ID to give two optional claims: `email` and `preferred_username`. For more information about optional claims in Entra ID, see link:https://learn.microsoft.com/en-us/azure/active-directory/develop/optional-claims[the Microsoft documentation].
+
+In addition to individual user authentication, {product-title} provides group claim functionality. This functionality allows an OpenID Connect (OIDC) identity provider, such as Entra ID, to offer a user's group membership for use within {product-title}.
+
+[discrete]
+[id="rosa-mobb-entra-id-configure-optional-claims"]
+=== Configuring optional claims
+
+You can configure the optional claims in Entra ID.
+
+. Click the *Token configuration* sub-blade and select the *Add optional claim* button.
++
+image:azure-portal_optional-claims-page.png[Azure Portal - Add Optional Claims Page]
+
+. Select the *ID* radio button.
++
+image:azure-portal_add-optional-claims-page.png[Azure Portal - Add Optional Claims - Token Type]
+
+. Select the *email* claim checkbox.
++
+image:azure-portal_add-optional-email-claims-page.png[Azure Portal - Add Optional Claims - email]
+
+. Select the `preferred_username` claim checkbox. Then, click *Add* to configure the *email* and *preferred_username* claims your Entra ID application.
++
+image:azure-portal_add-optional-preferred_username-claims-page.png[Azure Portal - Add Optional Claims - preferred_username]
+
+. A dialog box appears at the top of the page. Follow the prompt to enable the necessary Microsoft Graph permissions.
++
+image:azure-portal_add-optional-claims-graph-permissions-prompt.png[Azure Portal - Add Optional Claims - Graph Permissions Prompt]
+
+[discrete]
+[id="rosa-mobb-entra-id-configure-group-claims"]
+=== Configuring group claims (optional)
+
+Configure Entra ID to offer a groups claim.
+
+.Procedure
+. From the *Token configuration* sub-blade, click *Add groups claim*.
++
+image:azure-portal_optional-group-claims-page.png[Azure Portal - Add Groups Claim Page]
+
+. To configure group claims for your Entra ID application, select *Security groups* and then click the *Add*.
++
+[NOTE]
+====
+In this example, the group claim includes all of the security groups that a user is a member of. In a real production environment, ensure that the groups that the group claim only includes groups that apply to {product-title}.
+====
++
+image:azure-portal_edit-group-claims-page.png[Azure Portal - Edit Groups Claim Page]
+
+[id="cloud-experts-entra-id-idp-configure-cluster"]
+== Configuring the {product-title} cluster to use Entra ID as the identity provider
+
+You must configure {product-title} to use Entra ID as its identity provider.
+
+Although ROSA offers the ability to configure identity providers by using {cluster-manager}, use the ROSA CLI to configure the cluster's OAuth provider to use Entra ID as its identity provider. Before configuring the identity provider, set the necessary variables for the identity provider configuration.
+
+.Procedure
+
+. Create the variables by running the following command:
++
+[source,terminal]
+----
+$ CLUSTER_NAME=example-cluster <1>
+$ IDP_NAME=AAD <2>
+$ APP_ID=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy <3>
+$ CLIENT_SECRET=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx <4>
+$ TENANT_ID=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz <5>
+----
++
+--
+<1> Replace this with the name of your ROSA cluster.
+<2> Replace this value with the name you used in the OAuth callback URL that you generated earlier in this process.
+<3> Replace this with the Application (client) ID.
+<4> Replace this with the Client Secret.
+<5> Replace this with the Directory (tenant) ID.
+--
+
+. Configure the cluster's OAuth provider by running the following command. If you enabled group claims, ensure that you use the `--group-claims groups` argument.
+** If you enabled group claims, run the following command:
++
+[source,terminal]
+----
+$ rosa create idp \
+--cluster ${CLUSTER_NAME} \
+--type openid \
+--name ${IDP_NAME} \
+--client-id ${APP_ID} \
+--client-secret ${CLIENT_SECRET} \
+--issuer-url https://login.microsoftonline.com/${TENANT_ID}/v2.0 \
+--email-claims email \
+--name-claims name \
+--username-claims preferred_username \
+--extra-scopes email,profile \
+--groups-claims groups
+----
+
+** If you did not enable group claims, run the following command:
++
+[source,terminal]
+----
+$ rosa create idp \
+--cluster ${CLUSTER_NAME} \
+--type openid \
+--name ${IDP_NAME} \
+--client-id ${APP_ID} \
+--client-secret ${CLIENT_SECRET} \
+--issuer-url https://login.microsoftonline.com/${TENANT_ID}/v2.0 \
+--email-claims email \
+--name-claims name \
+--username-claims preferred_username \
+--extra-scopes email,profile
+----
+
+After a few minutes, the cluster authentication Operator reconciles your changes, and you can log in to the cluster by using Entra ID.
+
+[id="rosa-mobb-azure-oidc-grant-permissions"]
+== Granting additional permissions to individual users and groups
+
+When your first log in, you might notice that you have very limited permissions. By default, {product-title} only grants you the ability to create new projects, or namespaces, in the cluster. Other projects are restricted from view.
+
+You must grant these additional abilities to individual users and groups.
+
+[discrete]
+[id="rosa-mobb-azure-oidc-grant-permissions-users"]
+=== Granting additional permissions to individual users
+
+{product-title} includes a significant number of preconfigured roles, including the `cluster-admin` role that grants full access and control over the cluster.
+
+.Procedure
+* Grant a user access to the `cluster-admin` role by running the following command:
++
+[source,terminal]
+----
+$ rosa grant user cluster-admin \
+    --user=<USERNAME> <1>
+    --cluster=${CLUSTER_NAME}
+----
++
+--
+<1> Provide the Entra ID username that you want to have cluster admin permissions.
+--
+
+[discrete]
+[id="cloud-experts-entra-id-idp-additional-permissions-groups"]
+=== Granting additional permissions to individual groups
+
+If you opted to enable group claims, the cluster OAuth provider automatically creates or updates the user's group memberships by using the group ID. The cluster OAuth provider does not automatically create `RoleBindings` and `ClusterRoleBindings` for the groups that are created; you are responsible for creating those bindings by using your own processes.
+
+To grant an automatically generated group access to the `cluster-admin` role, you must create a `ClusterRoleBinding` to the group ID.
+
+.Procedure
+* Create the `ClusterRoleBinding` by running the following command:
++
+[source,terminal]
+----
+$ oc create clusterrolebinding cluster-admin-group \
+--clusterrole=cluster-admin \
+--group=<GROUP_ID> <1>
+----
++
+--
+<1> Provide the Entra ID group ID that you want to have cluster admin permissions.
+--
++
+Now, any user in the specified group automatically receives `cluster-admin` access.
+
+[id="cloud-experts-entra-id-idp-additional-resources"]
+[role="_additional-resources"]
+== Additional resources
+
+For more information about how to use RBAC to define and apply permissions in {product-title}, see link:https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html[the {product-title} documentation].
diff --git a/cloud_experts_tutorials/cloud-experts-external-dns.adoc b/cloud_experts_tutorials/cloud-experts-external-dns.adoc
new file mode 100644
index 000000000000..39820fb86c97
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-external-dns.adoc
@@ -0,0 +1,349 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-external-dns"]
+= Tutorial: Deploying the External DNS Operator on ROSA
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-external-dns
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-20
+//---
+//date: '2021-06-10'
+//title: External DNS for ROSA custom domain
+//weight: 1
+//tags: ["AWS", "ROSA"]
+//authors:
+//  - Chris Kang
+//  - Dustin Scott
+//---
+
+[NOTE]
+====
+Starting with {product-title} 4.14, the Custom Domain Operator is deprecated. To manage Ingress in {product-title} 4.14, use the Ingress Operator. The functionality is unchanged for {product-title} 4.13 and earlier versions.
+====
+
+Configuring the xref:../applications/deployments/osd-config-custom-domains-applications.adoc[Custom Domain Operator] requires a wildcard CNAME DNS record in your Amazon Route 53 hosted zone. If you do not want to use a wildcard record, you can use the `External DNS` Operator to create individual entries for routes.
+
+Use this tutorial to deploy and configure the `External DNS` Operator with a custom domain in {product-title} (ROSA).
+
+[IMPORTANT]
+====
+The `External DNS` Operator does not support STS using IAM Roles for Service Accounts (IRSA) and uses long-lived Identity Access Management (IAM) credentials instead. This tutorial will be updated when the Operator supports STS.
+====
+
+[id="cloud-experts-external-dns-prerequisites"]
+== Prerequisites
+
+* A ROSA cluster
+* A user account with `dedicated-admin` privileges
+* The OpenShift CLI (`oc`)
+* The Amazon Web Services (AWS) CLI (`aws`)
+* A unique domain, such as `*.apps.<company_name>.io`
+* An Amazon Route 53 public hosted zone for the above domain
+
+[id="cloud-experts-external-dns-environment-setup"]
+== Setting up your environment
+
+. Configure the following environment variables, replacing `CLUSTER_NAME` with the name of your cluster:
++
+[source,terminal]
+----
+$ export DOMAIN=apps.<company_name>.io <1>
+$ export AWS_PAGER=""
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export REGION=$(oc get infrastructure cluster -o=jsonpath="{.status.platformStatus.aws.region}")
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+$ export SCRATCH="/tmp/${CLUSTER_NAME}/external-dns"
+$ mkdir -p ${SCRATCH}
+----
+<1> The custom domain.
+. Ensure all fields output correctly before moving to the next section:
++
+[source,terminal]
+----
+$ echo "Cluster: ${CLUSTER_NAME}, Region: ${REGION}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="cloud-experts-external-dns-custom-domain-setup"]
+== Setting up your custom domain
+
+ROSA manages secondary Ingress Controllers using the `Custom Domain` Operator. Use the following procedure to deploy a secondary Ingress Controller using a custom domain.
+
+.Prerequisites
+
+* A unique domain, such as `*.apps.<company_name>.io`
+* A custom SAN or wildcard certificate, such as `CN=*.apps.<company_name>.io`
+
+.Procedure
+
+. Create a new project:
++
+[source,terminal]
+----
+$ oc new-project external-dns-operator
+----
+
+. Create a new TLS secret from a private key and a public certificate, where `fullchain.pem` is your full wildcard certificate chain (including any intermediaries) and `privkey.pem` is your wildcard certificate's private key:
++
+[source,terminal]
+----
+$ oc -n external-dns-operator create secret tls external-dns-tls --cert=fullchain.pem --key=privkey.pem
+----
+
+. Create a new `CustomDomain` custom resource (CR):
++
+.Example `external-dns-custom-domain.yaml`
+[source,yaml]
+----
+apiVersion: managed.openshift.io/v1alpha1
+kind: CustomDomain
+metadata:
+  name: external-dns
+spec:
+  domain: apps.<company_name>.io <1>
+  scope: External
+  loadBalancerType: NLB
+  certificate:
+    name: external-dns-tls
+    namespace: external-dns-operator
+----
+<1> The custom domain.
+
+. Apply the CR:
++
+[source,terminal]
+----
+$ oc apply -f external-dns-custom-domain.yaml
+----
+
+. Verify that your custom domain Ingress Controller has been deployed and has a `Ready` status:
++
+[source,terminal]
+----
+$ oc get customdomains
+----
++
+.Example output
+[source,terminal]
+----
+NAME               ENDPOINT                                                    DOMAIN                       STATUS
+external-dns       xxrywp.<company_name>.cluster-01.opln.s1.openshiftapps.com  *.apps.<company_name>.io     Ready
+----
+
+[id="cloud-experts-external-dns-prepare-aws-account"]
+== Preparing your AWS account
+
+. Retrieve the Amazon Route 53 public hosted zone ID:
++
+[source,terminal]
+----
+$ export ZONE_ID=$(aws route53 list-hosted-zones-by-name --output json \
+  --dns-name "${DOMAIN}." --query 'HostedZones[0]'.Id --out text | sed 's/\/hostedzone\///')
+----
++
+. Create an AWS IAM Policy document that allows the `External DNS` Operator to update _only_ the custom domain public hosted zone:
++
+[source,terminal]
+----
+$ cat << EOF > "${SCRATCH}/external-dns-policy.json"
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "route53:ChangeResourceRecordSets"
+      ],
+      "Resource": [
+        "arn:aws:route53:::hostedzone/${ZONE_ID}"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "route53:ListHostedZones",
+        "route53:ListResourceRecordSets"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+----
++
+. Create an AWS IAM policy:
++
+[source,terminal]
+----
+$ export POLICY_ARN=$(aws iam create-policy --policy-name "${CLUSTER_NAME}-AllowExternalDNSUpdates" \
+  --policy-document file://${SCRATCH}/external-dns-policy.json \
+  --query 'Policy.Arn' --output text)
+----
++
+. Create an AWS IAM user:
++
+[source,terminal]
+----
+$ aws iam create-user --user-name "${CLUSTER_NAME}-external-dns-operator"
+----
+. Attach the policy:
++
+[source,terminal]
+----
+$ aws iam attach-user-policy --user-name "${CLUSTER_NAME}-external-dns-operator" --policy-arn $POLICY_ARN
+----
++
+[NOTE]
+====
+This will be changed to STS using IRSA in the future.
+====
+. Create AWS keys for the IAM user:
++
+[source,terminal]
+----
+$ SECRET_ACCESS_KEY=$(aws iam create-access-key --user-name "${CLUSTER_NAME}-external-dns-operator")
+----
+. Create static credentials:
++
+[source,terminal]
+----
+$ cat << EOF > "${SCRATCH}/credentials"
+[default]
+aws_access_key_id = $(echo $SECRET_ACCESS_KEY | jq -r '.AccessKey.AccessKeyId')
+aws_secret_access_key = $(echo $SECRET_ACCESS_KEY | jq -r '.AccessKey.SecretAccessKey')
+EOF
+----
+
+[id="cloud-experts-external-dns-install-external-dns-operator"]
+== Installing the External DNS Operator
+
+. Install the `External DNS` Operator from OperatorHub:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: external-dns-group
+  namespace: external-dns-operator
+spec:
+  targetNamespaces:
+  - external-dns-operator
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: external-dns-operator
+  namespace: external-dns-operator
+spec:
+  channel: stable-v1.1
+  installPlanApproval: Automatic
+  name: external-dns-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+EOF
+----
++
+. Wait until the `External DNS` Operator is running:
++
+[source,terminal]
+----
+$ oc rollout status deploy external-dns-operator --timeout=300s
+----
++
+. Create a secret from the AWS IAM user credentials:
++
+[source,terminal]
+----
+$ oc -n external-dns-operator create secret generic external-dns \
+  --from-file "${SCRATCH}/credentials"
+----
+. Deploy the `ExternalDNS` controller:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: externaldns.olm.openshift.io/v1beta1
+kind: ExternalDNS
+metadata:
+  name: ${DOMAIN}
+spec:
+  domains:
+    - filterType: Include
+      matchType: Exact
+      name: ${DOMAIN}
+  provider:
+    aws:
+      credentials:
+        name: external-dns
+    type: AWS
+  source:
+    openshiftRouteOptions:
+      routerName: external-dns
+    type: OpenShiftRoute
+  zones:
+    - ${ZONE_ID}
+EOF
+----
+. Wait until the controller is running:
++
+[source,terminal]
+----
+$ oc rollout status deploy external-dns-${DOMAIN} --timeout=300s
+----
+
+[id="cloud-experts-external-dns-deploy-a-sample-application"]
+== Deploying a sample application
+
+Now that the `ExternalDNS` controller is running, you can deploy a sample application to confirm that the custom domain is configured and trusted when you expose a new route.
+
+. Create a new project for your sample application:
++
+[source,terminal]
+----
+$ oc new-project hello-world
+----
++
+. Deploy a hello world application:
++
+[source,terminal]
+----
+$ oc new-app -n hello-world --image=docker.io/openshift/hello-openshift
+----
++
+. Create a route for the application specifying your custom domain name:
++
+[source,terminal]
+----
+$ oc -n hello-world create route edge --service=hello-openshift hello-openshift-tls \
+--hostname hello-openshift.${DOMAIN}
+----
+. Check if the DNS record was created automatically by ExternalDNS:
++
+[NOTE]
+====
+It can take a few minutes for the record to appear in Amazon Route 53.
+====
++
+[source,terminal]
+----
+$ aws route53 list-resource-record-sets --hosted-zone-id ${ZONE_ID} \
+   --query "ResourceRecordSets[?Type == 'CNAME']" | grep hello-openshift
+----
+. Optional: You can also view the TXT records that indicate they were created by ExternalDNS:
++
+[source,terminal]
+----
+$ aws route53 list-resource-record-sets --hosted-zone-id ${ZONE_ID} \
+   --query "ResourceRecordSets[?Type == 'TXT']" | grep ${DOMAIN}
+----
+. Navigate to your custom console domain in the browser where you see the OpenShift login:
++
+[source,terminal]
+----
+$ echo console.${DOMAIN}
+----
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/_attributes b/cloud_experts_tutorials/cloud-experts-getting-started/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-accessing.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-accessing.adoc
new file mode 100644
index 000000000000..8bc000512c85
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-accessing.adoc
@@ -0,0 +1,80 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-accessing"]
+= Tutorial: Accessing your cluster
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-accessing
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-30
+
+You can connect to your cluster using the command line interface (CLI) or the console user interface (UI).
+
+== Accessing your cluster using the CLI
+
+To access the cluster using the CLI, you must have the `oc` CLI installed. If you are following the tutorials, you already installed the `oc` CLI.
+
+. Log in to the link:https://console.redhat.com/openshift[Red Hat console].
+. Click your username in the top right corner.
+. Click *Copy Login Command*.
++
+image::cloud-experts-getting-started-accessing-copy-login.png[]
+
+. This opens a new tab with a choice of identity providers (IDPs). Click the IDP you want to use. For example, "rosa-github".
++
+image::cloud-experts-getting-started-accessing-copy-token.png[]
+
+. A new tab opens. Click *Display token*.
+
+. Run the following command in your terminal:
++
+[source,terminal]
+----
+$ oc login --token=sha256~GBAfS4JQ0t1UTKYHbWAK6OUWGUkdMGz000000000000 --server=https://api.my-rosa-cluster.abcd.p1.openshiftapps.com:6443
+----
++
+.Example output
++
+[source,terminal]
+----
+Logged into "https://api.my-rosa-cluster.abcd.p1.openshiftapps.com:6443" as "rosa-user" using the token provided.
+
+You have access to 79 projects, the list has been suppressed. You can list all projects with ' projects'
+
+Using project "default".
+----
+
+. Confirm that you are logged in by running the following command:
++
+[source,terminal]
+----
+$ oc whoami
+----
++
+.Example output
++
+[source,terminal]
+----
+rosa-user
+----
+
+. You can now access your cluster.
+
+== Accessing the cluster via the web console
+. Log in to the link:https://console.redhat.com/openshift/[Red Hat console].
+.. To retrieve the console URL run:
++
+[source,terminal]
+----
+rosa describe cluster -c <cluster-name> | grep Console
+----
+
+. Click your IDP. For example, "rosa-github".
++
+image::cloud-experts-getting-started-accessing-copy-token.png[]
+
+. Enter your user credentials.
+. You should be logged in. If you are following the tutorials, you will be a cluster-admin and should see a web console with the *Administrator* panel visible.
++
+image::cloud-experts-getting-started-accessing-logged.png[]
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin-rights.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin-rights.adoc
new file mode 100644
index 000000000000..89d68e5125be
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin-rights.adoc
@@ -0,0 +1,80 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-admin-rights"]
+= Tutorial: Granting admin privileges
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-admin-rights
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-30
+
+Administration (admin) privileges are not automatically granted to users that you add to your cluster. If you want to grant admin-level privileges to certain users, you will need to manually grant them to each user. You can grant admin privileges from either the ROSA command line interface (CLI) or the Red Hat OpenShift Cluster Manager web user interface (UI).
+
+Red Hat offers two types of admin privileges:
+
+* `cluster-admin`: `cluster-admin` privileges give the admin user full privileges within the cluster.
+
+* `dedicated-admin`: `dedicated-admin` privileges allow the admin user to complete most administrative tasks with certain limitations to prevent cluster damage. It is best practice to use `dedicated-admin` when elevated privileges are needed.
+
+For more information on admin privileges, see the xref:../../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-create-cluster-admins_rosa-sts-accessing-cluster[administering a cluster] documentation.
+
+== Using the ROSA CLI
+
+. Assuming you are the user who created the cluster, run one of the following commands to grant admin privileges:
++
+* For `cluster-admin`:
++
+[source,terminal]
+----
+$ rosa grant user cluster-admin --user <idp_user_name> --cluster=<cluster-name>
+----
++
+* For `dedicated-admin`:
++
+[source,terminal]
+----
+$ rosa grant user dedicated-admin --user <idp_user_name> --cluster=<cluster-name>
+----
+
+. Verify that the admin privileges were added by running the following command:
++
+[source,terminal]
+----
+$ rosa list users --cluster=<cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+$ rosa list users --cluster=my-rosa-cluster
+ID                 GROUPS
+<idp_user_name>    cluster-admins
+----
+
+. If you are currently logged into the Red Hat console, log out of the console and log back in to the cluster to see a new perspective with the "Administrator Panel". You might need an incognito or private window.
++
+image:cloud-experts-getting-started-admin-rights-admin-panel.png[]
+
+. You can also test that admin privileges were added to your account by running the following command. Only a `cluster-admin` users can run this command without errors.
++
+[source,terminal]
+----
+$ oc get all -n openshift-apiserver
+----
+
+== Using the Red Hat OpenShift Cluster Manager UI
+
+. Log in to the link:https://console.redhat.com/openshift[Red Hat OpenShift Cluster Manager console].
+. Select your cluster.
+. Click the *Access Control* tab.
+. Click the *Cluster roles and Access* tab in the sidebar.
+. Click *Add user*.
++
+image::cloud-experts-getting-started-admin-rights-access-control.png[]
+
+. On the pop-up screen, enter the user ID.
+. Select whether you want to grant the user `cluster-admins` or `dedicated-admins` privileges.
++
+image::cloud-experts-getting-started-admin-rights-add-user2.png[]
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin.adoc
new file mode 100644
index 000000000000..4291e29b29d6
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-admin.adoc
@@ -0,0 +1,83 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-admin"]
+= Tutorial: Creating an admin user
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-admin
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-27
+
+Creating an administration (admin) user allows you to access your cluster quickly. Follow these steps to create an admin user. 
+
+[NOTE]
+====
+An admin user works well in this tutorial setting. For actual deployment, use a xref:../../authentication/sd-configuring-identity-providers.adoc#sd-configuring-identity-providers[formal identity provider] to access the cluster and grant the user admin privileges.
+====
+
+. Run the following command to create the admin user:
++
+[source,terminal]
+----
+rosa create admin --cluster=<cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+W: It is recommended to add an identity provider to login to this cluster. See 'rosa create idp --help' for more information.
+I: Admin account has been added to cluster 'my-rosa-cluster'. It may take up to a minute for the account to become active.
+I: To login, run the following command:
+oc login https://api.my-rosa-cluster.abcd.p1.openshiftapps.com:6443 \
+--username cluster-admin \
+--password FWGYL-2mkJI-00000-00000
+----
+
+. Copy the log in command returned to you in the previous step and paste it into your terminal. This will log you in to the cluster using the CLI so you can start using the cluster.
++
+[source,terminal]
+----
+$ oc login https://api.my-rosa-cluster.abcd.p1.openshiftapps.com:6443 \
+>    --username cluster-admin \
+>    --password FWGYL-2mkJI-00000-00000
+----
++
+.Example output
++
+[source,terminal]
+----
+Login successful.
+
+You have access to 79 projects, the list has been suppressed. You can list all projects with ' projects'
+
+Using project "default".
+----
+
+. To check that you are logged in as the admin user, run one of the following commands:
++
+* Option 1:
++
+[source,terminal]
+----
+$ oc whoami
+----
++
+.Example output
++
+[source,terminal]
+----
+cluster-admin
+----
++
+* Option 2:
++
+[source,terminal]
+----
+oc get all -n openshift-apiserver
+----
++
+Only an admin user can run this command without errors.
+
+. You can now use the cluster as an admin user, which will suffice for this tutorial. For actual deployment, it is highly recommended to set up an identity provider, which is explained in the xref:../../cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-idp.adoc#cloud-experts-getting-started-idp[next tutorial].
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-autoscaling.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-autoscaling.adoc
new file mode 100644
index 000000000000..850d1a546234
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-autoscaling.adoc
@@ -0,0 +1,85 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-autoscaling"]
+= Tutorial: Autoscaling
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-autoscaling
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2024-01-04
+
+The xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[cluster autoscaler] adds or removes worker nodes from a cluster based on pod resources.
+
+The cluster autoscaler increases the size of the cluster when:
+
+* Pods fail to schedule on the current nodes due to insufficient resources.
+* Another node is necessary to meet deployment needs.
+
+The cluster autoscaler does not increase the cluster resources beyond the limits that you specify. 
+
+The cluster autoscaler decreases the size of the cluster when:
+
+* Some nodes are consistently not needed for a significant period. For example, when a node has low resource use and all of its important pods can fit on other nodes.
+
+== Enabling autoscaling for an existing machine pool using the CLI
+
+[NOTE]
+====
+Cluster autoscaling can be enabled at cluster creation and when creating a new machine pool by using the `--enable-autoscaling` option.
+====
+
+. Autoscaling is set based on machine pool availability. To find out which machine pools are available for autoscaling, run the following command:
++
+[source,terminal]
+----
+$ rosa list machinepools -c <cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+ID         AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS     TAINTS    AVAILABILITY ZONES
+Default    No           2         m5.xlarge                           us-east-1a
+----
+
+. Run the following command to add autoscaling to an available machine pool:
++
+[source,terminal]
+----
+$ rosa edit machinepool -c <cluster-name> --enable-autoscaling <machinepool-name> --min-replicas=<num> --max-replicas=<num>
+----
++
+.Example input
++
+[source,terminal]
+----
+$ rosa edit machinepool -c my-rosa-cluster --enable-autoscaling Default --min-replicas=2 --max-replicas=4
+----
++
+The above command creates an autoscaler for the worker nodes that scales between 2 and 4 nodes depending on the resources.
+
+== Enabling autoscaling for an existing machine pool using the UI
+
+[NOTE]
+====
+Cluster autoscaling can be enabled at cluster creation by checking the *Enable autoscaling* checkbox when creating machine pools.
+====
+
+. Go to the *Machine pools* tab and click the three dots in the right..
+. Click *Scale*, then *Enable autoscaling*.
+. Run the following command to confirm that autoscaling was added:
++
+[source,terminal]
+----
+$ rosa list machinepools -c <cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+ID         AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS     TAINTS    AVAILABILITY ZONES
+Default    Yes          2-4       m5.xlarge                           us-east-1a
+----
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deleting.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deleting.adoc
new file mode 100644
index 000000000000..5d224f59dce5
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deleting.adoc
@@ -0,0 +1,91 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-deleting"]
+= Tutorial: Deleting your cluster
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-deleting
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2024-01-11
+
+You can delete your {product-title} (ROSA) cluster using either the command line interface (CLI) or the user interface (UI). 
+
+== Deleting a ROSA cluster using the CLI
+
+. *Optional:* List your clusters to make sure you are deleting the correct one by running the following command:
++
+[source,terminal]
+----
+$ rosa list clusters
+----
+
+. Delete a cluster by running the following command:
++
+[source,terminal]
+----
+$ rosa delete cluster --cluster <cluster-name>
+----
++
+[WARNING]
+====
+This command is non-recoverable.
+====
+
+. The CLI prompts you to confirm that you want to delete the cluster. Press *y* and then *Enter*. The cluster and all its associated infrastructure will be deleted.
++
+[NOTE]
+====
+All AWS STS and IAM roles and policies will remain and must be deleted manually once the cluster deletion is complete by following the steps below.
+====
+
+. The CLI outputs the commands to delete the OpenID Connect (OIDC) provider and Operator IAM roles resources that were created. Wait until the cluster finishes deleting before deleting these resources. Perform a quick status check by running the following command:
++
+[source,terminal]
+----
+$ rosa list clusters
+----
+
+. Once the cluster is deleted, delete the OIDC provider by running the following command:
++
+[source,terminal]
+----
+$ rosa delete oidc-provider -c <clusterID> --mode auto --yes
+----
+
+. Delete the Operator IAM roles by running the following command:
++
+[source,terminal]
+----
+$ rosa delete operator-roles -c <clusterID> --mode auto --yes
+----
++
+[NOTE]
+====
+This command requires the cluster ID and not the cluster name.
+====
+
+. Only remove the remaining account roles if they are no longer needed by other clusters in the same account. If you want to create other ROSA clusters in this account, do not perform this step.
++
+To delete the account roles, you need to know the prefix used when creating them. The default is "ManagedOpenShift" unless you specified otherwise.
++
+Delete the account roles by running the following command:
++
+[source,terminal]
+----
+$ rosa delete account-roles --prefix <prefix> --mode auto --yes
+----
+
+== Deleting a ROSA cluster using the UI
+
+. Log in to the Red Hat OpenShift Cluster Manager, and locate the cluster you want to delete.
+
+. Click the three dots to the right of the cluster.
++
+image::cloud-experts-getting-started-deleting1.png[]
+
+. In the dropdown menu, click *Delete cluster*.
++
+image::cloud-experts-getting-started-deleting2.png[]
+
+. Enter the name of the cluster to confirm deletion, and click *Delete*.
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/_attributes b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-choose-deployment-method.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-choose-deployment-method.adoc
new file mode 100644
index 000000000000..07f038e7d22f
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-choose-deployment-method.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-choose-deployment-method"]
+= Tutorial: Choosing a deployment method
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-choose-deployment-method
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-16
+
+There are a few different ways to deploy a cluster, and this tutorial outlines each method. You only need to choose one based on your preferences and needs. Use the decision tree below to find the deployment method that best fits your situation.
+
+== Deployment options
+
+For those who are thinking:
+
+* "Just tell me the commands I need to run!" - xref:../../cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-cli-guide.adoc#cloud-experts-getting-started-simple-cli-guide[Simple CLI guide]
+* "I do not like CLI tools. Give me a user interface!" - xref:../../cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-ui-guide.adoc#cloud-experts-getting-started-simple-ui-guide[Simple UI guide]
+* "I need details and want to use a CLI!" - xref:../../cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-cli-guide.adoc#cloud-experts-getting-started-detailed-cli-guide[Detailed CLI guide]
+* "I need details and want to use a user interface!" xref:../../cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-ui.adoc#cloud-experts-getting-started-detailed-ui[Detailed UI guide]
+* "I want to experiment with the newest technologies." - xref:../../cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-hcp.adoc#cloud-experts-getting-started-detailed-ui-guide[ROSA with HCP]
+
+All of the above deployment options work well for this workshop. If you are doing this workshop for the first time, the xref:../../cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-cli-guide.adoc#cloud-experts-getting-started-simple-cli-guide[Simple CLI guide] is the simplest and recommended method.
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-cli-guide.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-cli-guide.adoc
new file mode 100644
index 000000000000..eb903c3868ec
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-cli-guide.adoc
@@ -0,0 +1,428 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-detailed-cli-guide"]
+= Tutorial: Detailed CLI guide
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-detailed-cli-guide
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-17
+
+This tutorial outlines the detailed steps to deploy a ROSA cluster using the ROSA CLI. 
+
+//For a guide to deploying with a user interface, see the *xref needed*[Detailed user interface] page.
+
+== CLI deployment modes
+There are two modes with which to deploy a ROSA cluster. One is automatic, which is quicker and performs the manual work for you. The other is manual, requires you to run extra commands, and allows you to inspect the roles and policies being created. This tutorial documents both options. 
+
+If you want to create a cluster quickly, use the automatic option. If you prefer exploring the roles and policies being created, use the manual option. 
+
+Choose the deployment mode by using the `--mode` flag in the relevant commands.  
+
+Valid options for `--mode` are:
+
+* *`manual`:* Role and policies are created and saved in the current directory. You must manually run the provided commands as the next step. This option allows you to review the policy and roles before creating them.
+* *`auto`:* Roles and policies are created and applied automatically using the current AWS account.
+
+[TIP]
+====
+You can use either deployment method for this tutorial. The `auto` mode is faster and has less steps.
+====
+
+== Deployment workflow
+The overall deployment workflow follows these steps:
+
+. `rosa create account-roles` - This is executed only _once_ for each account. Once created, the account roles do *not* need to be created again for more clusters of the same y-stream version.
+. `rosa create cluster`
+. `rosa create operator-roles` - For manual mode only.
+. `rosa create oidc-provider` - For manual mode only.
+
+For each additional cluster in the same account for the same y-stream version, only step 2 is needed for automatic mode. Steps 2 through 4 are needed for manual mode.
+
+== Automatic mode
+Use this method if you want the ROSA CLI to automate the creation of the roles and policies to create your cluster quickly.
+
+=== Creating account roles
+If this is the _first time_ you are deploying ROSA in this account and you have _not_ yet created the account roles, then create the account-wide roles and policies, including Operator policies.
+
+Run the following command to create the account-wide roles:
+[source,terminal]
+----
+rosa create account-roles --mode auto --yes
+----
+
+.Example output
+[source,terminal]
+----
+I: Creating roles using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-ControlPlane-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-ControlPlane-Role'
+I: Created role 'ManagedOpenShift-Worker-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Worker-Role'
+I: Created role 'ManagedOpenShift-Support-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Support-Role'
+I: Created role 'ManagedOpenShift-Installer-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Installer-Role'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-machine-api-aws-cloud-credentials'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-cloud-credential-operator-cloud-crede'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-image-registry-installer-cloud-creden'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-ingress-operator-cloud-credentials'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credent'
+I: To create a cluster with these roles, run the following command:
+    rosa create cluster --sts
+----
+
+=== Creating a cluster
+Run the following command to create a cluster with all the default options:
+[source,terminal]
+----
+rosa create cluster --cluster-name <cluster-name> --sts --mode auto --yes
+----
+
+[NOTE]
+====
+This will also create the required Operator roles and OIDC provider. If you want to see all available options for your cluster use the `--help` flag or `--interactive` for interactive mode.
+====
+
+.Example input
+[source,terminal]
+----
+$ rosa create cluster --cluster-name my-rosa-cluster --sts --mode auto --yes
+----
+
+.Example output
+[source,terminal]
+----
+I: Creating cluster 'my-rosa-cluster'
+I: To view a list of clusters and their status, run 'rosa list clusters'
+I: Cluster 'my-rosa-cluster' has been created.
+I: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information.
+I: To determine when your cluster is Ready, run 'rosa describe cluster -c my-rosa-cluster'.
+I: To watch your cluster installation logs, run 'rosa logs install -c my-rosa-cluster --watch'.
+Name:                       my-rosa-cluster
+ID:                         1mlhulb3bo0l54ojd0ji000000000000
+External ID:                
+OpenShift Version:          
+Channel Group:              stable
+DNS:                        my-rosa-cluster.ibhp.p1.openshiftapps.com
+AWS Account:                000000000000
+API URL:                    
+Console URL:                
+Region:                     us-west-2
+Multi-AZ:                   false
+Nodes:
+- Master:                  3
+- Infra:                   2
+- Compute:                 2
+Network:
+- Service CIDR:            172.30.0.0/16
+- Machine CIDR:            10.0.0.0/16
+- Pod CIDR:                10.128.0.0/14
+- Host Prefix:             /23
+STS Role ARN:               arn:aws:iam::000000000000:role/ManagedOpenShift-Installer-Role
+Support Role ARN:           arn:aws:iam::000000000000:role/ManagedOpenShift-Support-Role
+Instance IAM Roles:
+- Master:                  arn:aws:iam::000000000000:role/ManagedOpenShift-ControlPlane-Role
+- Worker:                  arn:aws:iam::000000000000:role/ManagedOpenShift-Worker-Role
+Operator IAM Roles:
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-image-registry-installer-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-ingress-operator-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-cluster-csi-drivers-ebs-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-machine-api-aws-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-cloud-credential-operator-cloud-credential-oper
+State:                      waiting (Waiting for OIDC configuration)
+Private:                    No
+Created:                    Oct 28 2021 20:28:09 UTC
+Details Page:               https://console.redhat.com/openshift/details/s/1wupmiQy45xr1nN000000000000
+OIDC Endpoint URL:          https://rh-oidc.s3.us-east-1.amazonaws.com/1mlhulb3bo0l54ojd0ji000000000000
+----
+
+==== Default configuration
+The default settings are as follows:
+
+* Nodes:
+** 3 control plane nodes
+** 2 infrastructure nodes
+** 2 worker nodes
+** No autoscaling
+** See the documentation on xref:../../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-ec2-instances_rosa-sts-aws-prereqs[ec2 instances] for more details.  
+* Region: As configured for the `aws` CLI
+* Networking IP ranges:
+** Machine CIDR: 10.0.0.0/16
+** Service CIDR: 172.30.0.0/16
+** Pod CIDR: 10.128.0.0/14
+* New VPC
+* Default AWS KMS key for encryption
+* The most recent version of OpenShift available to `rosa`
+* A single availability zone
+* Public cluster
+
+=== Checking the installation status
+. Run one of the following commands to check the status of your cluster:
++
+* For a detailed view of the status, run:
++
+[source,terminal]
+----
+rosa describe cluster --cluster <cluster-name>
+----
+* For an abridged view of the status, run:
++
+[source,terminal]
+----
+rosa list clusters
+----
+
+. The cluster state will change from “waiting” to “installing” to "ready". This will take about 40 minutes.
+
+. Once the state changes to “ready” your cluster is installed.
+
+== Manual Mode
+If you want to review the roles and policies before applying them to a cluster, use the manual method. This method requires running a few extra commands to create the roles and policies.
+
+This section uses the `--interactive` mode. See the documentation on xref:../../../rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc#rosa-sts-interactive-mode-reference[interactive mode] for a description of the fields in this section.
+
+=== Creating account roles
+. If this is the _first time_ you are deploying ROSA in this account and you have _not_ yet created the account roles, create the account-wide roles and policies, including the Operator policies. The command creates the needed JSON files for the required roles and policies for your account in the current directory. It also outputs the `aws` CLI commands that you need to run to create these objects.
++
+Run the following command to create the needed files and output the additional commands:
++
+[source,terminal]
+----
+rosa create account-roles --mode manual
+----
++
+.Example output
+[source,terminal]
+----
+I: All policy files saved to the current directory
+I: Run the following commands to create the account roles and policies:
+aws iam create-role \
+--role-name ManagedOpenShift-Worker-Role \
+--assume-role-policy-document file://sts_instance_worker_trust_policy.json \
+--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_worker
+aws iam put-role-policy \
+--role-name ManagedOpenShift-Worker-Role \
+--policy-name ManagedOpenShift-Worker-Role-Policy \
+--policy-document file://sts_instance_worker_permission_policy.json
+----
+
+. Check the contents of your current directory to see the new files. Use the `aws` CLI to create each of these objects.
++
+.Example output
+[source,terminal]
+----
+$ ls
+openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json
+sts_instance_controlplane_permission_policy.json
+openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json        sts_instance_controlplane_trust_policy.json
+openshift_image_registry_installer_cloud_credentials_policy.json          sts_instance_worker_permission_policy.json
+openshift_ingress_operator_cloud_credentials_policy.json                 sts_instance_worker_trust_policy.json
+openshift_machine_api_aws_cloud_credentials_policy.json                   sts_support_permission_policy.json
+sts_installer_permission_policy.json                                      sts_support_trust_policy.json
+sts_installer_trust_policy.json
+----
+
+. *Optional:* Open the files to review what you will create. For example, opening the `sts_installer_permission_policy.json` shows:
++
+.Example output
++
+[source,terminal]
+----
+$ cat sts_installer_permission_policy.json
+        {
+        "Version": "2012-10-17",
+        "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeAutoScalingGroups",
+                "ec2:AllocateAddress",
+                "ec2:AssociateAddress",
+                "ec2:AssociateDhcpOptions",
+                "ec2:AssociateRouteTable",
+                "ec2:AttachInternetGateway",
+                "ec2:AttachNetworkInterface",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:AuthorizeSecurityGroupIngress",
+                [...]
+----
++
+You can also see the contents in the xref:../../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[About IAM resources for ROSA clusters] documentation.
+
+. Run the `aws` commands listed in step 1. You can copy and paste if you are in the same directory as the JSON files you created.
+
+=== Creating a cluster
+. After the `aws` commands are executed successfully, run the following command to begin ROSA cluster creation in interactive mode:
++
+[source,terminal]
+----
+rosa create cluster --interactive --sts
+----
++
+See the xref:../../../rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc#rosa-sts-interactive-mode-reference[ROSA documentation] for a description of the fields.
+
+. For the purpose of this tutorial, copy and then input the following values:
++
+[source,terminal]
+----
+Cluster name: **my-rosa-cluster** <br>
+OpenShift version: **&lt;choose version&gt;** <br>
+External ID (optional): **&lt;leave blank&gt;**<br>
+Operator roles prefix: **&lt;accept default&gt;** <br>
+Multiple availability zones: **No** <br>
+AWS region: **&lt;choose region&gt;** <br>
+PrivateLink cluster: **No** <br>
+Install into an existing VPC: **No** <br>
+Enable Customer Managed key: **No** <br>
+Compute nodes instance type: **m5.xlarge** <br>
+Enable autoscaling: **No** <br>
+Compute nodes: **2** <br>
+Machine CIDR: **&lt;accept default&gt;** <br>
+Service CIDR: **&lt;accept default&gt;** <br>
+Pod CIDR: **&lt;accept default&gt;** <br>
+Host prefix: **&lt;accept default&gt;** <br>
+Encrypt etcd data (optional): **No** <br>
+Disable Workload monitoring: **No** <br>
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating cluster 'my-rosa-cluster'
+I: To create this cluster again in the future, you can run:
+rosa create cluster --cluster-name my-rosa-cluster --role-arn arn:aws:iam::000000000000:role/ManagedOpenShift-Installer-Role --support-role-arn arn:aws:iam::000000000000:role/ManagedOpenShift-Support-Role --master-iam-role arn:aws:iam::000000000000:role/ManagedOpenShift-ControlPlane-Role --worker-iam-role arn:aws:iam::000000000000:role/ManagedOpenShift-Worker-Role --operator-roles-prefix my-rosa-cluster --region us-west-2 --version 4.8.13 --compute-nodes 2 --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 --pod-cidr 10.128.0.0/14 --host-prefix 23
+I: To view a list of clusters and their status, run 'rosa list clusters'
+I: Cluster 'my-rosa-cluster' has been created.
+I: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information.
+Name:                       my-rosa-cluster
+ID:                         1t6i760dbum4mqltqh6o000000000000
+External ID:                
+OpenShift Version:          
+Channel Group:              stable
+DNS:                        my-rosa-cluster.abcd.p1.openshiftapps.com
+AWS Account:                000000000000
+API URL:                    
+Console URL:                
+Region:                     us-west-2
+Multi-AZ:                   false
+Nodes:
+- Control plane:           3
+- Infra:                   2
+- Compute:                 2
+Network:
+- Service CIDR:            172.30.0.0/16
+- Machine CIDR:            10.0.0.0/16
+- Pod CIDR:                10.128.0.0/14
+- Host Prefix:             /23
+STS Role ARN:               arn:aws:iam::000000000000:role/ManagedOpenShift-Installer-Role
+Support Role ARN:           arn:aws:iam::000000000000:role/ManagedOpenShift-Support-Role
+Instance IAM Roles:
+- Control plane:           arn:aws:iam::000000000000:role/ManagedOpenShift-ControlPlane-Role
+- Worker:                  arn:aws:iam::000000000000:role/ManagedOpenShift-Worker-Role
+Operator IAM Roles:
+- arn:aws:iam::000000000000:role/my-rosa-cluster-w7i6-openshift-ingress-operator-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-w7i6-openshift-cluster-csi-drivers-ebs-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-w7i6-openshift-cloud-network-config-controller-cloud-cre
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-machine-api-aws-cloud-credentials
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-cloud-credential-operator-cloud-credentia
+- arn:aws:iam::000000000000:role/my-rosa-cluster-openshift-image-registry-installer-cloud-credential
+State:                      waiting (Waiting for OIDC configuration)
+Private:                    No
+Created:                    Jul  1 2022 22:13:50 UTC
+Details Page:               https://console.redhat.com/openshift/details/s/2BMQm8xz8Hq5yEN000000000000
+OIDC Endpoint URL:          https://rh-oidc.s3.us-east-1.amazonaws.com/1t6i760dbum4mqltqh6o000000000000
+I: Run the following commands to continue the cluster creation:
+rosa create operator-roles --cluster my-rosa-cluster
+rosa create oidc-provider --cluster my-rosa-cluster
+I: To determine when your cluster is Ready, run 'rosa describe cluster -c my-rosa-cluster'.
+I: To watch your cluster installation logs, run 'rosa logs install -c my-rosa-cluster --watch'.
+----
++
+[NOTE]
+====
+The cluster state will remain as “waiting” until the next two steps are completed.
+====
+
+=== Creating Operator roles
+
+. The above step outputs the next commands to run. These roles need to be created _once_ for _each_ cluster. To create the roles run the following command:
++
+[source,terminal]
+----
+rosa create operator-roles --mode manual --cluster <cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Run the following commands to create the operator roles:
+    aws iam create-role \
+        --role-name my-rosa-cluster-openshift-image-registry-installer-cloud-credentials \
+        --assume-role-policy-document file://operator_image_registry_installer_cloud_credentials_policy.json \
+        --tags Key=rosa_cluster_id,Value=1mkesci269png3tck000000000000000 Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
+
+    aws iam attach-role-policy \
+        --role-name my-rosa-cluster-openshift-image-registry-installer-cloud-credentials \
+        --policy-arn arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-image-registry-installer-cloud-creden
+    [...]
+----
+
+. Run each of the `aws` commands.
+
+=== Creating the OIDC provider
+. Run the following command to create the OIDC provider:
++
+[source,terminal]
+----
+rosa create oidc-provider --mode manual --cluster <cluster-name>
+----
+
+. This displays the `aws` commands that you need to run.
++
+.Example output
++
+[source,terminal]
+----
+I: Run the following commands to create the OIDC provider:
+$ aws iam create-open-id-connect-provider \
+--url https://rh-oidc.s3.us-east-1.amazonaws.com/1mkesci269png3tckknhh0rfs2da5fj9 \
+--client-id-list openshift sts.amazonaws.com \
+--thumbprint-list a9d53002e97e00e043244f3d170d000000000000
+
+$ aws iam create-open-id-connect-provider \
+--url https://rh-oidc.s3.us-east-1.amazonaws.com/1mkesci269png3tckknhh0rfs2da5fj9 \
+--client-id-list openshift sts.amazonaws.com \
+--thumbprint-list a9d53002e97e00e043244f3d170d000000000000
+----
+
+. Your cluster will now continue the installation process.  
+
+=== Checking the installation status
+. Run one of the following commands to check the status of your cluster:
++
+* For a detailed view of the status, run:
++
+[source,terminal]
+----
+rosa describe cluster --cluster <cluster-name>
+----
+* For an abridged view of the status, run:
++
+[source,terminal]
+----
+rosa list clusters
+----
+
+. The cluster state will change from “waiting” to “installing” to "ready". This will take about 40 minutes.
+
+. Once the state changes to “ready” your cluster is installed.
+
+== Obtaining the console URL
+* To obtain the console URL, run the following command:
++
+[source,terminal]
+----
+rosa describe cluster -c <cluster-name> | grep Console
+----
+
+The cluster has now been successfully deployed. The next tutorial shows how to create an admin user to be able to use the cluster immediately.
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-ui.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-ui.adoc
new file mode 100644
index 000000000000..fbaaa08b6aef
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-ui.adoc
@@ -0,0 +1,318 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-detailed-ui"]
+= Tutorial: Detailed UI guide
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-detailed-ui
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-20
+
+This tutorial outlines the detailed steps to deploy a {product-title} (ROSA) cluster using the Red Hat OpenShift Cluster Manager user interface (UI).
+
+== Deployment workflow
+The overall deployment workflow follows these steps:
+
+. Create the account wide roles and policies.
+. Associate your AWS account with your Red Hat account.
+.. Create and link the Red Hat OpenShift Cluster Manager role.
+.. Create and link the user role.
+. Create the cluster.
+
+Step 1 only needs to be performed the *first time* you are deploying into an AWS account. Step 2 only needs to be performed the *first time* you are using the UI. For successive clusters of the same y-stream version, you only need to create the cluster.
+
+== Creating account wide roles
+
+[NOTE]
+====
+If you already have account roles from an earlier deployment, skip this step. The UI will detect your existing roles after you select an associated AWS account.
+====
+
+If this is the _first time_ you are deploying ROSA in this account and you have _not_ yet created the account roles, create the account-wide roles and policies, including the Operator policies.
+
+* In your terminal, run the following command to create the account-wide roles:
++
+[source,terminal]
+----
+$ rosa create account-roles --mode auto --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating roles using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-ControlPlane-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-ControlPlane-Role'
+I: Created role 'ManagedOpenShift-Worker-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Worker-Role'
+I: Created role 'ManagedOpenShift-Support-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Support-Role'
+I: Created role 'ManagedOpenShift-Installer-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Installer-Role'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-machine-api-aws-cloud-credentials'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-cloud-credential-operator-cloud-crede'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-image-registry-installer-cloud-creden'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-ingress-operator-cloud-credentials'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credent'
+I: To create a cluster with these roles, run the following command:
+rosa create cluster --sts
+----
+
+== Associating your AWS account with your Red Hat account
+This step tells the OpenShift Cluster Manager what AWS account you want to use when deploying ROSA.
+
+[NOTE]
+====
+If you have already associated your AWS accounts, skip this step.
+====
+
+. Open the OpenShift Cluster Manager by visiting the Red Hat link:https://console.redhat.com/openshift[console] and logging in to your Red Hat account.
+
+. Click *Create Cluster*.
+
+. Scroll down to the {product-title} (ROSA) row and click *Create Cluster*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-create.png[]
+
+. A dropdown menu appears. Click *With web interface*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-web-interface.png[]
+
+. Under "Select an AWS control plane type," choose *Classic*. Then click *Next*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-classic.png[]
+
+. Click the dropbox under *Associated AWS infrastructure account*. If you have not yet associated any AWS accounts, the dropbox may be empty.
+
+. Click *How to associate a new AWS account*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-associate.png[]
+
+. A sidebar appears with instructions for associating a new AWS account.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-associate2.png[]
+
+== Creating and associating an OpenShift Cluster Manager role
+
+. Run the following command to see if an OpenShift Cluster Manager role exists:
++
+[source,terminal]
+----
+$ rosa list ocm-role
+----
+
+. The UI displays the commands to create an OpenShift Cluster Manager role with two different levels of permissions:
++
+* *Basic OpenShift Cluster Manager role:* Allows the OpenShift Cluster Manager to have read-only access to the account to check if the roles and policies that are required by ROSA are present before creating a cluster. You will need to manually create the required roles, policies, and OIDC provider using the CLI.
+* *Admin OpenShift Cluster Manager role:* Grants the OpenShift Cluster Manager additional permissions to create the required roles, policies, and OIDC provider for ROSA. Using this makes the deployment of a ROSA cluster quicker since the OpenShift Cluster Manager will be able to create the required resources for you.
++
+To read more about these roles, see the xref:../../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-ocm-roles-and-permissions_rosa-sts-about-iam-resources[OpenShift Cluster Manager roles and permissions] section of the documentation.
++
+For the purposes of this tutorial, use the *Admin OpenShift Cluster Manager role* for the simplest and quickest approach.
+
+. Copy the command to create the Admin OpenShift Cluster Manager role from the sidebar or switch to your terminal and enter the following command:
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode auto --admin --yes
+----
++
+This command creates the OpenShift Cluster Manager role and associates it with your Red Hat account.
++
+.Example output
++
+[source,terminal]
+----
+I: Creating ocm role
+I: Creating role using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-OCM-Role-12561000' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-OCM-Role-12561000'
+I: Linking OCM role
+I: Successfully linked role-arn 'arn:aws:iam::000000000000:role/ManagedOpenShift-OCM-Role-12561000' with organization account '1MpZfntsZeUdjWHg7XRgP000000'
+----
+
+. Click *Step 2: User role*.
+
+=== Other OpenShift Cluster Manager role creation options
+* *Manual mode:* If you prefer to run the AWS CLI commands yourself, you can define the mode as `manual` rather than `auto`. The CLI will output the AWS commands and the relevant JSON files are created in the current directory.
++
+Use the following command to create the OpenShift Cluster Manager role in manual mode:
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode manual --admin --yes
+----
+* *Basic OpenShift Cluster Manager role:* If you prefer that the OpenShift Cluster Manager has read only access to the account, create a basic OpenShift Cluster Manager role. You will then need to manually create the required roles, policies, and OIDC provider using the CLI.
++
+Use the following command to create a Basic OpenShift Cluster Manager role:
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode auto --yes
+----
+
+== Creating an OpenShift Cluster Manager user role
+
+As defined in the xref:../../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-understanding-user-role_rosa-sts-about-iam-resources[user role documentation], the user role needs to be created so that ROSA can verify your AWS identity. This role has no permissions, and it is only used to create a trust relationship between the installation program account and your OpenShift Cluster Manager role resources.
+
+. Check if a user role already exists by running the following command:
++
+[source,terminal]
+----
+$ rosa list user-role
+----
+
+. Run the following command to create the user role and to link it to your Red Hat account:
++
+[source,terminal]
+----
+$ rosa create user-role --mode auto --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating User role
+I: Creating ocm user role using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-User-rosa-user-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-User-rosa-user-Role'
+I: Linking User role
+I: Successfully linked role ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-User-rosa-user-Role' with account '1rbOQez0z5j1YolInhcXY000000'
+----
++
+[NOTE]
+====
+As before, you can define `--mode manual` if you'd prefer to run the AWS CLI commands yourself. The CLI outputs the AWS commands and the relevant JSON files are created in the current directory. Make sure to link the role.
+====
+
+. Click *Step 3: Account roles*.
+
+== Creating account roles
+. Create your account roles by running the following command:
++
+[source,terminal]
+----
+$ rosa create account-roles --mode auto
+----
+
+. Click *OK* to close the sidebar.
+
+== Confirming successful account association
+
+. You should now see your AWS account in the *Associated AWS infrastructure account* dropdown menu. If you see your account, account association was successful.
+
+. Select the account.
+
+. You will see the account role ARNs populated below.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-account-roles.png[]
+
+. Click *Next*.
+
+== Creating the cluster
+
+. For the purposes of this tutorial make the following selections:
++
+.Cluster settings
++
+* Cluster name: **<pick a name\>**
+* Version: **<select latest version\>**
+* Region: **<select region\>**
+* Availability: **Single zone**
+* Enable user workload monitoring: **leave checked**
+* Enable additional etcd encryption: **leave unchecked**
+* Encrypt persistent volumes with customer keys: **leave unchecked**
+
+. Click *Next*.
+
+. Leave the default settings on for the machine pool:
++
+.Default machine pool settings
++
+* Compute node instance type: **m5.xlarge - 4 vCPU 16 GiB RAM**
+* Enable autoscaling: **unchecked**
+* Compute node count: **2**
+* Leave node labels blank
+
+. Click *Next*.
+
+=== Networking
+
+. Leave all the default values for configuration.
+
+. Click *Next*.
+
+. Leave all the default values for CIDR ranges.
+
+. Click *Next*.
+
+=== Cluster roles and policies
+For this tutorial, leave *Auto* selected. It will make the cluster deployment process simpler and quicker.
+
+[NOTE]
+====
+If you selected a *Basic OpenShift Cluster Manager role* earlier, you can only use manual mode. You must manually create the operator roles and OIDC provider. See the "Basic OpenShift Cluster Manager role" section below after you have completed the "Cluster updates" section and started cluster creation.
+====
+
+=== Cluster updates
+* Leave all the options at default in this section.
+
+=== Reviewing and creating your cluster
+. Review the content for the cluster configuration.
+. Click *Create cluster*.
+
+=== Monitoring the installation progress
+* Stay on the current page to monitor the installation progress. It should take about 40 minutes.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-cluster-create.png[]
+
+== Basic OpenShift Cluster Manager Role
+
+[NOTE]
+If you created an *Admin OpenShift Cluster Manager role* as directed above *ignore* this entire section. The OpenShift Cluster Manager will create the resources for you.
+
+If you created a *Basic OpenShift Cluster Manager role* earlier, you will need to manually create two more elements before cluster installation can continue:
+
+* Operator roles
+* OIDC provider
+
+//To understand what these do, please see the ROSA with AWS STS Explained tutorial section. xref needed
+
+=== Creating Operator roles
+. A pop up window will show you the commands to run.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-create-cmds.png[]
+
+. Run the commands from the window in your terminal to launch interactive mode. Or, for simplicity, run the following command to create the Operator roles:
++
+[source,terminal]
+----
+$ rosa create operator-roles --mode auto --cluster <cluster-name> --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating roles using 'arn:aws:iam::000000000000:user/rosauser'
+I: Created role 'rosacluster-b736-openshift-ingress-operator-cloud-credentials' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-ingress-operator-cloud-credentials'
+I: Created role 'rosacluster-b736-openshift-cluster-csi-drivers-ebs-cloud-credent' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-cluster-csi-drivers-ebs-cloud-credent'
+I: Created role 'rosacluster-b736-openshift-cloud-network-config-controller-cloud' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-cloud-network-config-controller-cloud'
+I: Created role 'rosacluster-b736-openshift-machine-api-aws-cloud-credentials' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-machine-api-aws-cloud-credentials'
+I: Created role 'rosacluster-b736-openshift-cloud-credential-operator-cloud-crede' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-cloud-credential-operator-cloud-crede'
+I: Created role 'rosacluster-b736-openshift-image-registry-installer-cloud-creden' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-image-registry-installer-cloud-creden'
+----
+
+=== Creating the OIDC provider
+
+* In your terminal, run the following command to create the OIDC provider:
++
+[source,terminal]
+----
+$ rosa create oidc-provider --mode auto --cluster <cluster-name> --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating OIDC provider using 'arn:aws:iam::000000000000:user/rosauser'
+I: Created OIDC provider with ARN 'arn:aws:iam::000000000000:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/1tt4kvrr2kha2rgs8gjfvf0000000000'
+----
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-hcp.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-hcp.adoc
new file mode 100644
index 000000000000..b73acfbfb992
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-hcp.adoc
@@ -0,0 +1,140 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-detailed-ui-guide"]
+= Tutorial: Hosted Control Planes guide
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-hcp
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-21
+
+This tutorial outlines deploying a {hcp-title-first} cluster.  
+
+With {hcp-title}, you can decouple the control plane from the data plane. This is a new deployment model for ROSA in which the control plane is hosted in a Red Hat-owned AWS account. The control plane is no longer hosted in your AWS account, reducing your AWS infrastructure expenses. The control plane is dedicated to a single cluster and is highly available. For more information, see the xref:../../../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[{hcp-title} documentation].
+
+== Prerequisites
+
+Before deploying a {hcp-title} cluster, you must have the following resources:
+
+* VPC - This is a bring-your-own VPC model, also referred to as BYO-VPC.
+* OIDC - OIDC configuration and an OIDC provider with that specific configuration.
+* ROSA version 1.2.31 or higher
+
+In this tutorial, we will create these resources first. We will also set up some environment variables so that it is easier to run the command to create the {hcp-title} cluster.
+
+=== Creating a VPC
+. First, ensure that your AWS CLI (`aws`) is configured to use a region where {hcp-title} is available. To find out which regions are supported run the following command:
++
+[source,terminal]
+----
+rosa list regions --hosted-cp
+----
+    
+. Create the VPC. For this tutorial, the following script will create the VPC and its required components for you. It will use the region configured for the `aws` CLI.
++
+[source,terminal]
+----
+curl https://raw.githubusercontent.com/openshift-cs/rosaworkshop/master/rosa-workshop/rosa/resources/setup-vpc.sh | bash
+----
++
+For more about VPC requirements, see the xref:../../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-vpc_rosa-sts-aws-prereqs[VPC documentation].
+
+. The above script outputs two commands. Set the commands as environment variables to make running the `create cluster` command easier. Copy them from the output and run them as shown:
++
+[source,terminal]
+----
+export PUBLIC_SUBNET_ID=<public subnet id here>
+export PRIVATE_SUBNET_ID=<private subnet id here>
+----
+
+. Confirm that the environment variables are set by running the following command:
++
+[source,terminal]
+----
+echo "Public Subnet: $PUBLIC_SUBNET_ID"; echo "Private Subnet: $PRIVATE_SUBNET_ID"
+----
++
+.Example output
++
+[source,terminal]
+----
+Public Subnet: subnet-0faeeeb0000000000
+Private Subnet: subnet-011fe340000000000
+----
+
+=== Creating your OIDC configuration
+
+In this tutorial, we will use the automatic mode when creating the OIDC configuration. We will also store the OIDC ID as an environment variable for later use. The command uses the ROSA CLI to create your cluster's unique OIDC configuration. 
+
+* To create the OIDC configuration for this tutorial, run the following command:
++
+[source,terminal]
+----
+export OIDC_ID=$(rosa create oidc-config --mode auto --managed --yes -o json | jq -r '.id')
+----
+
+=== Creating additional environment variables
+
+* Run the following command to set up some environment variables so that it is easier to run the command to create the {hcp-title} cluster:
++
+[source,terminal]
+----
+export CLUSTER_NAME=<enter cluster name>
+export REGION=<region VPC was created in>
+----
++
+[TIP]
+====
+Run `rosa whoami` to find the VPC region.
+====
+
+== Creating the cluster
+If this is the _first time_ you are deploying ROSA in this account and you have _not_ yet created the account roles, create the account-wide roles and policies, including the Operator policies. Since ROSA uses AWS Security Token Service (STS), this step creates the AWS IAM roles and policies that are needed for ROSA to interact with your account.
+
+. Run the following command to create the account-wide roles:
++
+[source,terminal]
+----
+rosa create account-roles --mode auto --yes
+----
+
+. Run the following command to create the cluster:
++
+[source,terminal]
+----
+rosa create cluster --cluster-name $CLUSTER_NAME \
+    --subnet-ids ${PUBLIC_SUBNET_ID},${PRIVATE_SUBNET_ID} \
+    --hosted-cp \
+    --region $REGION \
+    --oidc-config-id $OIDC_ID \
+    --sts --mode auto --yes
+----
+
+The cluster is ready and completely usable after about 10 minutes. The cluster will have a control plane across three AWS availability zones in your selected region and create two worker nodes in your AWS account.  
+
+== Checking the installation status
+. Run one of the following commands to check the status of the cluster:
++
+* For a detailed view of the cluster status, run:
++
+[source,terminal]
+----
+rosa describe cluster --cluster $CLUSTER_NAME
+----
++
+* For an abridged view of the cluster status, run:
++
+[source,terminal]
+----
+rosa list clusters
+----
++
+* To watch the log as it progresses, run:
++
+[source,terminal]
+----
+rosa logs install --cluster $CLUSTER_NAME --watch
+----
+
+. Once the state changes to “ready” your cluster is installed. It might take a few more minutes for the worker nodes to come online.
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-cli-guide.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-cli-guide.adoc
new file mode 100644
index 000000000000..d54db7a21cf0
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-cli-guide.adoc
@@ -0,0 +1,45 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-simple-cli-guide"]
+= Tutorial: Simple CLI guide
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-simple-cli-guide
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-16
+
+This page outlines the minimum list of commands to deploy a {product-title} (ROSA) cluster using the command line interface (CLI). 
+
+[NOTE]
+====
+While this simple deployment works well for a tutorial setting, clusters used in production should be deployed with a more detailed method.
+====
+
+== Prerequisites
+
+* You have completed the prerequisites in the Setup tutorial.
+
+== Creating account roles
+Run the following command _once_ for each AWS account and y-stream OpenShift version:
+
+[source,terminal]
+----
+rosa create account-roles --mode auto --yes
+----
+
+== Deploying the cluster
+
+. Create the cluster with the default configuration by running the following command substituting your own cluster name:
++
+[source,terminal]
+----
+rosa create cluster --cluster-name <cluster-name> --sts --mode auto --yes
+----
+
+. Check the status of your cluster by running the following command:
++
+[source,terminal]
+----
+rosa list clusters
+----
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-ui-guide.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-ui-guide.adoc
new file mode 100644
index 000000000000..004207e645e0
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-ui-guide.adoc
@@ -0,0 +1,50 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-simple-ui-guide"]
+= Tutorial: Simple UI guide
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-simple-ui-guide
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-17
+
+This page outlines the minimum list of commands to deploy a ROSA cluster using the user interface (UI). 
+
+[NOTE]
+====
+While this simple deployment works well for a workshop setting, clusters used in production should be deployed with a more detailed method.
+====
+
+== Prerequisites
+
+* You have completed the prerequisites in the Setup tutorial.
+
+== Creating account roles
+Run the following command _once_ for each AWS account and y-stream OpenShift version:
+
+[source,terminal]
+----
+rosa create account-roles --mode auto --yes
+----
+
+== Creating Red Hat OpenShift Cluster Manager roles
+. Create one OpenShift Cluster Manager role for each AWS account by running the following command:
++
+[source,terminal]
+----
+rosa create ocm-role --mode auto --admin --yes
+----
+
+. Create one OpenShift Cluster Manager user role for each AWS account by running the following command:
++
+[source,terminal]
+----
+rosa create user-role --mode auto --yes
+----
+
+. Use the link:https://console.redhat.com/openshift/create/rosa/wizard[Red Hat OpenShift Cluster Manager UI] to select your AWS account, cluster options, and begin deployment.
+
+. OpenShift Cluster Manager UI displays cluster status.
++
+image:cloud-experts-getting-started-deployment-ui-cluster-create.png[]
\ No newline at end of file
diff --git a/distr_tracing/distr_tracing_install/images b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/images
similarity index 100%
rename from distr_tracing/distr_tracing_install/images
rename to cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/images
diff --git a/rosa_support/modules b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/modules
similarity index 100%
rename from rosa_support/modules
rename to cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/modules
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/snippets b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-idp.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-idp.adoc
new file mode 100644
index 000000000000..81add39fc415
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-idp.adoc
@@ -0,0 +1,107 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-idp"]
+= Tutorial: Setting up an identity provider
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-idp
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-28
+
+To log in to your cluster, set up an identity provider (IDP). This tutorial uses GitHub as an example IDP. See the full list of xref:../../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#understanding-idp-supported_rosa-sts-config-identity-providers[IDPs supported by ROSA].
+
+* To view all IDP options, run the following command:
++
+[source,terminal]
+----
+rosa create idp --help
+----
+
+== Setting up an IDP with GitHub
+. Log in to your GitHub account.
+. Create a new GitHub organization where you are an administrator.
++
+[TIP]
+====
+If you are already an administrator in an existing organization and you want to use that organization, skip to step 9.
+====
++
+Click the *+* icon, then click *New Organization*.
++
+image::cloud-experts-getting-started-idp-new-org.png[]
+
+. Choose the most applicable plan for your situation or click *Join for free*.
+
+. Enter an organization account name, an email, and whether it is a personal or business account. Then, click *Next*.
++
+image::cloud-experts-getting-started-idp-team.png[]
+
+. *Optional:* Add the GitHub IDs of other users to grant additional access to your ROSA cluster. You can also add them later.
+. Click *Complete Setup*.
+. *Optional:* Enter the requested information on the following page.
+. Click *Submit*.
+. Go back to the terminal and enter the following command to set up the GitHub IDP:
++
+[source,terminal]
+----
+rosa create idp --cluster=<cluster name> --interactive
+----
+
+. Enter the following values:
++
+[source,terminal]
+----
+Type of identity provider: github
+Identity Provider Name: <IDP-name>
+Restrict to members of: organizations
+GitHub organizations: <organization-account-name>
+----
+
+. The CLI will provide you with a link. Copy and paste the link into a browser and press *Enter*. This will fill the required information to register this application for OAuth. You do not need to modify any of the information.
++
+image::cloud-experts-getting-started-idp-link.png[]
+
+. Click *Register application*.
++
+image::cloud-experts-getting-started-idp-register.png[]
+
+. The next page displays a *Client ID*.  Copy the ID and paste it in the terminal where it asks for *Client ID*.
++
+[NOTE]
+====
+Do not close the tab.
+====
+
+. The CLI will ask for a *Client Secret*. Go back in your browser and click *Generate a new client secret*.
++
+image::cloud-experts-getting-started-idp-secret.png[]
+
+. A secret is generated for you. Copy your secret because it will never be visible again.
+
+. Paste your secret into the terminal and press *Enter*.
+. Leave *GitHub Enterprise Hostname* blank.
+. Select *claim*.
+. Wait approximately 1 minute for the IDP to be created and the configuration to land on your cluster.
++
+image::cloud-experts-getting-started-idp-inputs.png[]
+
+. Copy the returned link and paste it into your browser. The new IDP should be available under your chosen name. Click your IDP and use your GitHub credentials to access the cluster.
++
+image::cloud-experts-getting-started-idp-login.png[]
+
+== Granting other users access to the cluster
+To grant access to other cluster user you will need to add their GitHub user ID to the GitHub organization used for this cluster.
+
+. In GitHub, go to the *Your organizations* page.
+
+. Click your *profile icon*, then *Your organizations*. Then click *<your-organization-name>*.  In our example, it is `my-rosa-cluster`.
++
+image::cloud-experts-getting-started-idp-org.png[]
+
+. Click *Invite someone*.
++
+image::cloud-experts-getting-started-idp-invite.png[]
+
+. Enter the GitHub ID of the new user, select the correct user, and click *Invite*.
+. Once the new user accepts the invitation, they will be able to log in to the ROSA cluster using the console link and their GitHub credentials.
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-managing-worker-nodes.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-managing-worker-nodes.adoc
new file mode 100644
index 000000000000..1918ba6b6acf
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-managing-worker-nodes.adoc
@@ -0,0 +1,233 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-managing-worker-nodes"]
+= Tutorial: Managing worker nodes
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-managing-worker-nodes
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-30
+
+In {product-title} (ROSA), changing aspects of your worker nodes is performed through the use of machine pools. A machine pool allows users to manage many machines as a single entity. Every ROSA cluster has a default machine pool that is created when the cluster is created. For more information, see the xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc#rosa-nodes-machinepools-about[machine pool] documentation.
+
+
+== Creating a machine pool
+You can create a machine pool with either the command line interface (CLI) or the user interface (UI). 
+
+=== Creating a machine pool with the CLI
+. Run the following command:
++
+[source,terminal]
+----
+rosa create machinepool --cluster=<cluster-name> --name=<machinepool-name> --replicas=<number-nodes>
+----
++
+.Example input
++
+[source,terminal]
+----
+ $ rosa create machinepool --cluster=my-rosa-cluster --name=new-mp
+ --replicas=2
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Machine pool 'new-mp' created successfully on cluster 'my-rosa-cluster'
+I: To view all machine pools, run 'rosa list machinepools -c my-rosa-cluster'
+----
+
+. *Optional:* Add node labels or taints to specific nodes in a new machine pool by running the following command:
++
+[source,terminal]
+---- 
+rosa create machinepool --cluster=<cluster-name> --name=<machinepool-name> --replicas=<number-nodes> --labels=`<key=pair>`
+----
++
+.Example input
++
+[source,terminal]
+----
+$ rosa create machinepool --cluster=my-rosa-cluster --name=db-nodes-mp --replicas=2 --labels='app=db','tier=backend'
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Machine pool 'db-nodes-mp' created successfully on cluster 'my-rosa-cluster'
+----
++
+This creates an additional 2 nodes that can be managed as a unit and also assigns them the labels shown.  
+
+. Run the following command to confirm machine pool creation and the assigned labels:
++
+[source,terminal]
+----
+rosa list machinepools --cluster=<cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+ID          AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS            TAINTS    AVAILABILITY ZONES
+Default     No           2         m5.xlarge                                  us-east-1a
+----
+
+=== Creating a machine pool with the UI
+. Log in to the link:https://console.redhat.com/openshift[Red Hat console] and click your cluster.
++
+image::cloud-experts-getting-started-managing-ocm-cluster.png[]
+
+. Click *Machine pools*.
++
+image:cloud-experts-getting-started-managing-mp-ocm.png[]
+
+. Click *Add machine pool*.
+
+. Enter the desired configuration.
++
+[TIP]
+====
+You can also and expand the *Edit node labels and taints* section to add node labels and taints to the nodes in the machine pool.
+====
++
+image::cloud-experts-getting-started-managing-mp-nlt.png[]
+
+. You will see the new machine pool you created.
++
+image::cloud-experts-getting-started-managing-mp-fromui.png[]
+
+== Scaling worker nodes
+
+Edit a machine pool to scale the number of worker nodes in that specific machine pool. You can use either the CLI or the UI to scale worker nodes.
+
+=== Scaling worker nodes using the CLI
+
+. Run the following command to see the default machine pool that is created with each cluster:
++
+[source,terminal]
+----
+rosa list machinepools --cluster=<cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+ID          AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS            TAINTS    AVAILABILITY ZONES
+Default     No           2         m5.xlarge                                  us-east-1a
+----
+
+. To scale the default machine pool out to a different number of nodes, run the following command:
++
+[source,terminal]
+----
+rosa edit machinepool --cluster=<cluster-name> --replicas=<number-nodes> <machinepool-name>
+----
++
+.Example input
++
+[source,terminal]
+----
+rosa edit machinepool --cluster=my-rosa-cluster --replicas 3 Default
+----
+
+. Run the following command to confirm that the machine pool has scaled:
++
+[source,terminal]
+----
+rosa describe cluster --cluster=<cluster-name> | grep Compute
+----
++
+.Example input
++
+[source,terminal]
+----
+$ rosa describe cluster --cluster=my-rosa-cluster | grep Compute
+----
++
+.Example output
++
+[source,terminal]
+----
+- Compute:                 3 (m5.xlarge)
+----
+
+=== Scaling worker nodes using the UI
+
+. Click the three dots to the right of the machine pool you want to edit.
+. Click *Edit*.
+. Enter the desired number of nodes, and click *Save*.
+. Confirm that the cluster has scaled by selecting the cluster, clicking the *Overview* tab, and scrolling to *Compute listing*. The compute listing should equal the scaled nodes. For example, 3/3.
++
+image::cloud-experts-getting-started-managing-ocm-nodes.png[]
+
+=== Adding node labels
+
+. Use the following command to add node labels:
++
+[source,terminal]
+----
+rosa edit machinepool --cluster=<cluster-name> --replicas=<number-nodes> --labels='key=value' <machinepool-name>
+----
++
+.Example input
++
+[source,terminal]
+----
+rosa edit machinepool --cluster=my-rosa-cluster --replicas=2 --labels 'foo=bar','baz=one' new-mp
+----
++
+This adds 2 labels to the new machine pool.
+
+[IMPORTANT]
+====
+This command replaces all machine pool configurations with the newly defined configuration. If you want to add another label *and* keep the old label, you must state both the new and preexisting the label. Otherwise the command will replace all preexisting labels with the one you wanted to add. Similarly, if you want to delete a label, run the command and state the ones you want, excluding the one you want to delete.
+====
+
+== Mixing node types
+
+You can also mix different worker node machine types in the same cluster by using new machine pools. You cannot change the node type of a machine pool once it is created, but you can create a new machine pool with different nodes by adding the `--instance-type` flag.
+
+. For example, to change the database nodes to a different node type, run the following command:
++
+[source,terminal]
+----
+rosa create machinepool --cluster=<cluster-name> --name=<mp-name> --replicas=<number-nodes> --labels='<key=pair>' --instance-type=<type>
+----
++
+.Example input
++
+[source,terminal]
+----
+rosa create machinepool --cluster=my-rosa-cluster --name=db-nodes-large-mp --replicas=2 --labels='app=db','tier=backend' --instance-type=m5.2xlarge
+----
+
+. To see all the xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-aws-instance-types_rosa-service-definition[instance types available], run the following command:
++
+[source,terminal]
+----
+rosa list instance-types
+----
+
+. To make step-by-step changes, use the `--interactive` flag:
++
+[source,terminal]
+----
+rosa create machinepool -c <cluster-name> --interactive
+----
++
+image::cloud-experts-getting-started-managing-mp-interactive.png[]
+
+. Run the following command to list the machine pools and see the new, larger instance type:
++
+[source,terminal]
+----
+rosa list machinepools -c <cluster-name>
+----
++
+image::cloud-experts-getting-started-managing-large-mp.png[]
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-setup.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-setup.adoc
new file mode 100644
index 000000000000..cfa61246c059
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-setup.adoc
@@ -0,0 +1,232 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-setup"]
+= Tutorial: Setup
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-setup
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-13
+
+There are currently two supported credential methods when creating a {product-title} (ROSA) cluster. One method uses an IAM user with the `AdministratorAccess` policy. The second and *recommended* method uses Amazon Web Services (AWS) Security Token Service (STS). 
+//To be added when the ROSA with STS Explained tutorial is published:
+//For more information, see the xref../cloud_experts_tutorials/cloud_experts_rosa_with_sts_explained.adoc#id[ROSA with STS Explained] tutorial. This workshop uses the STS method.
+
+== Prerequisites
+
+Review the prerequisites listed in the xref:../../rosa_planning/rosa-cloud-expert-prereq-checklist.adoc#rosa-cloud-expert-prereq-checklist[Prerequisites for ROSA with STS] checklist.
+
+You will need the following information from your AWS account:
+
+* AWS IAM user
+* AWS access key ID
+* AWS secret access key
+
+== Setting up a Red Hat account
+. If you do not have a Red Hat account, create one on the link:https://console.redhat.com/[Red Hat console].
+. Accept the required terms and conditions.
+. Then check your email for a verification link.
+
+== Installing the AWS CLI
+* Install the link:https://aws.amazon.com/cli/[AWS CLI] for your operating system.
+
+== Enabling ROSA
+
+[NOTE]
+====
+Only complete this step if you have *not* enabled ROSA in your AWS account.
+====
+
+. Visit the link:https://console.aws.amazon.com/rosa[AWS console] to enable your account to use ROSA.
+. Click the orange *Enable OpenShift* button.
++
+image::cloud-experts-getting-started-setup-enable.png[]
+
+. After about a minute, a green *service enabled* bar should appear.
++
+image::cloud-experts-getting-started-setup-enabled.png[]
+
+== Installing the ROSA CLI
+. Install the link:https://console.redhat.com/openshift/downloads[ROSA CLI] for your operating system.
+. Download and extract the relevant file for your operating system by using the following command:
++
+[source,terminal]
+----
+tar -xvf rosa-linux.tar.gz
+----
+. Save the file to a location within your `PATH` by using the following command:
++
+[source,terminal]
+----
+sudo mv rosa /usr/local/bin/rosa
+----
+. Run `rosa version` to verify a successful installation.
+
+== Installing the OpenShift CLI
+There are a few ways to install the OpenShift CLI (`oc`):
+
+* *Option 1: Using the ROSA CLI:*
+.. Run `rosa download oc`.
+.. Once downloaded, unzip the file and move the executables into a directory in your `PATH`.
+* *Option 2: Using the Openshift documentation:*
+.. Follow the directions on the xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#installing-openshift-cli[documentation page]
+* *Option 3: Using your OpenShift cluster:*
+.. If you already have an OpenShift cluster, you can access the CLI tools page by clicking the *Question mark*, then *Command Line Tools*.
++
+image::cloud_experts_getting_started_setup_cli_tools.png[]
+
+.. Then, download the relevant tool for your operating system.
+
+=== Using `oc` instead of `kubectl`
+While `kubectl` can be used with an OpenShift cluster, `oc` is specific to OpenShift. It includes the standard set of features from `kubectl` as well as additional support for OpenShift functionality. For more information, see xref:../../cli_reference/openshift_cli/usage-oc-kubectl.adoc#usage-oc-kubectl[Usage of oc and kubectl commands].
+
+== Configuring the AWS CLI
+To configure the AWS CLI, follow these steps:
+
+. Enter `aws configure` in the terminal.
+. Enter your AWS access key ID and press enter.
+. Enter your AWS secret access key and press enter.
+. Enter the default region in which you want to deploy.
+. Enter the desired output format, specifying either `table` or `json`.
+
+.Example output
+[source, terminal]
+----
+$ aws configure
+AWS Access Key ID: AKIA0000000000000000
+AWS Secret Access Key: NGvmP0000000000000000000000000
+Default region name: us-east-1
+Default output format: table
+----
+
+== Verifying the configuration
+Verify that the configuration is correct by following these steps:
+
+. Run the following command to query the AWS API:
++
+[source,terminal]
+----      
+aws sts get-caller-identity
+----
+. You should see a table or JSON file. Verify that the account information is correct.
++
+.Example output
++
+[source, terminal]
+----
+$ aws sts get-caller-identity
+------------------------------------------------------------------------------
+|                                GetCallerIdentity                           |
++--------------+----------------------------------------+--------------------+
+|    Account   |                   Arn                  |        UserId      |
++--------------+----------------------------------------+--------------------+
+|  000000000000|  arn:aws:iam::00000000000:user/myuser  |  AIDA00000000000000|
++--------------+----------------------------------------+--------------------+
+----
+
+== Ensuring the ELB service role exists
+[TIP]
+====
+Make sure that the service role for the ELB already exists, otherwise cluster deployment could fail.
+====
+
+* Run the following command to check for the ELB service role and create it if it is missing:
++
+[source,terminal]
+----
+aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing" || aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"
+----
+
+=== Fixing ELB service role errors
+
+. The following error during cluster creation means that an ELB service role does not exist:
++
+.Example output
++
+[source,terminal]
+----
+Error: Error creating network Load Balancer: AccessDenied: User: arn:aws:sts::970xxxxxxxxx:assumed-role/ManagedOpenShift-Installer-Role/163xxxxxxxxxxxxxxxx is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::970xxxxxxxxx:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing"
+----
+
+. If you receive the above error during cluster creation, run the following command:
++
+[source,terminal]
+----
+aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing" || aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"
+----
+
+== Logging in to your Red Hat account
+. Enter `rosa login` in a terminal.
+. It will prompt you to open a web browser and go to the link:https://console.redhat.com/openshift/token/rosa[Red Hat console].
+. Log in, if necessary.
+. Click *Load token*.
+. Copy the token, paste it into the CLI prompt, and press enter.  Alternatively, you can copy the full `rosa login --token=abc...` command and paste it in the terminal.
++
+image::cloud-experts-getting-started-setup-token.png[]
+
+== Verifying credentials
+Verify that all the credentials are correct.
+
+. Run `rosa whoami` in the terminal.
++
+.Example output
+[source,terminal]
+----
+AWS Account ID:               000000000000
+AWS Default Region:           us-east-2
+AWS ARN:                      arn:aws:iam::000000000000:user/myuser
+OCM API:                      https://api.openshift.com
+OCM Account ID:               1DzGIdIhqEWy000000000000000
+OCM Account Name:             Your Name
+OCM Account Username:         you@domain.com
+OCM Account Email:            you@domain.com
+OCM Organization ID:          1HopHfA20000000000000000000
+OCM Organization Name:        Red Hat
+OCM Organization External ID: 0000000
+----
+. Check the information for accuracy before proceeding.
+
+== Verifying quota
+Verify that your AWS account has ample quota in the region in which you will be deploying your cluster.  
+
+* Run the following command:
++
+[source,terminal]
+----
+rosa verify quota
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Validating AWS quota...
+I: AWS quota ok.
+----
+
+* If cluster installation fails, validate the actual AWS resource usage against the xref:../../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[AWS service quotas].
+
+== Verifying the `oc` CLI
+Verify that the `oc` CLI is installed correctly:
+
+[source,terminal]
+----
+rosa verify openshift-client
+----
+
+You have now successfully set up you account and environment. You are ready to deploy your cluster.
+
+//== Deploying a cluster
+//In the next section you will deploy your cluster.  There are two mechanisms to do so:
+
+//- Using the ROSA CLI
+//- Using the OCM Web User Interface
+
+//Either way is perfectly fine for the purposes of this workshop. Though keep in mind that if you are using the OCM UI, there will be a few extra steps to set it up in order to deploy into your AWS account for the first time.  This will not need to be repeated for subsequent deployments using the OCM UI for the same AWS account.
+
+//Please select the desired mechanism in the left menu under "Deploy the cluster".
+
+//*[ROSA]: Red Hat OpenShift Service on AWS
+//*[STS]: AWS Security Token Service
+//*[OCM]: OpenShift Cluster Manager
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-support.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-support.adoc
new file mode 100644
index 000000000000..2820a0e45148
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-support.adoc
@@ -0,0 +1,69 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-support"]
+= Tutorial: Obtaining support
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-support
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2024-01-17
+
+Finding the right help when you need it is important. These are some of the resources at your disposal when you need assistance.
+
+== Adding support contacts
+You can add additional email addresses for communications about your cluster. 
+
+. On the {cluster-manager-first} user interface (UI), click *select cluster*.
+. Click the *Support* tab.
+. Click *Add notification contact*, and enter the additional email addresses.
+
+== Contacting Red Hat for support using the UI
+
+. On the {cluster-manager} UI, click the *Support* tab.
+. Click *Open support case*.
+
+== Contacting Red Hat for support using the support page
+
+. Go to the link:https://support.redhat.com[Red Hat support page].
+. Click *Open a new Case*.
++
+image::obtain-support-case.png[]
+
+. Log in to your Red Hat account.
+. Select the reason for contacting support.
++
+image::obtain-support-reason.png[]
+
+. Select *Red Hat OpenShift Service on AWS*.
+
+image::obtain-support-select-rosa.png[]
+
+. Click *continue*.
+. Enter a summary of the issue and the details of your request. Upload any files, logs, and screenshots. The more details you provide, the better Red Hat support can help your case.
++
+[NOTE]
+====
+Relevant suggestions that might help with your issue will appear at the bottom of this page.
+====
++
+image::obtain-support-summary.png[]
+
+. Click *Continue*. 
+. Answer the questions in the new fields.
+. Click *Continue*.
+. Enter the following information about your case:
+.. *Support level:* Premium
+.. *Severity:* Review the Red Hat Support Severity Level Definitions to choose the correct one.
+.. *Group:* If this is related to a few other cases you can select the corresponding group.
+.. *Language*
+.. *Send notifications:* Add any additional email addresses to keep notified of activity.
+.. *Red Hat associates:* If you are working with anyone from Red Hat and want to keep them in the loop you can enter their email address here.
+.. *Alternate Case ID:* If you want to attach your own ID to it you can enter it here.
+. Click *Continue*.
+. On the review screen make sure you select the correct cluster ID that you are contacting support about.
++
+image::obtain-support-cluster-id.png[]
+
+. Click *Submit*.
+. You will be contacted based on the response time committed to for the link:https://access.redhat.com/support/offerings/openshift/sla[indicated severity level].
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-upgrading.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-upgrading.adoc
new file mode 100644
index 000000000000..7f08181e10c6
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-upgrading.adoc
@@ -0,0 +1,78 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-upgrading"]
+= Tutorial: Upgrading your cluster
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-upgrading
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2024-01-08
+
+{product-title} (ROSA) executes all cluster upgrades as part of the managed service. You do not need to run any commands or make changes to the cluster. You can schedule the upgrades at a convenient time.
+
+Ways to schedule a cluster upgrade include:
+
+* *Manually using the command line interface (CLI)*: Start a one-time immediate upgrade or schedule a one-time upgrade for a future date and time.
+* *Manually using the Red Hat OpenShift Cluster Manager user interface (UI)*: Start a one-time immediate upgrade or schedule a one-time upgrade for a future date and time.
+* *Automated upgrades*: Set an upgrade window for recurring y-stream upgrades whenever a new version is available without needing to manually schedule it. Minor versions have to be manually scheduled.
+
+For more details about cluster upgrades, run the following command:
+
+[source,terminal]
+----
+$ rosa upgrade cluster --help
+----
+
+== Manually upgrading your cluster using the CLI
+. Check if there is an upgrade available by running the following command:
++
+[source,terminal]
+----
+$ rosa list upgrade -c <cluster-name>
+----
++
+.Example output
++
+[source,terminal]
+----
+$ rosa list upgrade -c <cluster-name>
+VERSION  NOTES
+4.14.7   recommended
+4.14.6
+...
+----
++
+In the above example, versions 4.14.7 and 4.14.6 are both available.
+
+. Schedule the cluster to upgrade within the hour by running the following command:
++
+[source,terminal]
+----
+$ rosa upgrade cluster -c <cluster-name> --version <desired-version>
+----
+
+. *Optional:* Schedule the cluster to upgrade at a later date and time by running the following command:
++
+[source,terminal]
+----
+$ rosa upgrade cluster -c <cluster-name> --version <desired-version> --schedule-date <future-date-for-update> --schedule-time <future-time-for-update>
+----
+
+== Manually upgrading your cluster using the UI
+. Log in to the OpenShift Cluster Manager, and select the cluster you want to upgrade.
+. Click *Settings*.
+. If an upgrade is available, click *Update*.
++
+image::cloud-experts-getting-started-cluster-upgrade.png[]
+
+. Select the version to which you want to upgrade in the new window.
+. Schedule a time for the upgrade or begin it immediately.
+
+== Setting up automatic recurring upgrades
+. Log in to the OpenShift Cluster Manager, and select the cluster you want to upgrade.
+. Click *Settings*.
+1. Under *Update Strategy*, click *Recurring updates*.
+. Set the day and time for the upgrade to occur.
+. Under *Node draining*, select a grace period to allow the nodes to drain before pod eviction.
+. Click *Save*.
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-what-is-rosa.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-what-is-rosa.adoc
new file mode 100644
index 000000000000..1e7f43672e36
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-what-is-rosa.adoc
@@ -0,0 +1,47 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-what-is-rosa"]
+= Tutorial: What is ROSA
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-what-is-rosa
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2024-01-18
+
+Red Hat OpenShift Service on AWS (ROSA) is a fully-managed turnkey application platform that allows you to focus on what matters most, delivering value to your customers by building and deploying applications. Red Hat and AWS SRE experts manage the underlying platform so you do not have to worry about infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers.
+
+ROSA makes use of AWS Security Token Service (STS) to obtain credentials to manage infrastructure in your AWS account. AWS STS is a global web service that creates temporary credentials for IAM users or federated users. ROSA uses this to assign short-term, limited-privilege, security credentials. These credentials are associated with IAM roles that are specific to each component that makes AWS API calls. This method aligns with the principals of least privilege and secure practices in cloud service resource management. The ROSA command line interface (CLI) tool manages the STS credentials that are assigned for unique tasks and takes action on AWS resources as part of OpenShift functionality.
+//For a detailed explanation, see "ROSA with STS Explained" (add xref when page is migrated).
+
+A list of the account-wide and per-cluster roles is provided in the xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[ROSA documentation].
+
+//== Creating your first ROSA cluster
+
+//Watch this demo for a short preview of the cluster deployment process:
+//link:https://youtu.be/KbzUbXWs6Ck
+
+//If you want an easy guide for creating your first ROSA cluster:
+
+//. Review the xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[prerequisites]. 
+//. Visit the quickstart guide.
+
+.Additional Resources
+
+* ROSA product pages:
+** link:https://www.openshift.com/products/amazon-openshift[Red Hat product page]
+** link:https://aws.amazon.com/rosa/[AWS product page]
+** link:https://access.redhat.com/products/red-hat-openshift-service-aws[Red Hat customer portal]
+* ROSA specific resources
+** link:https://docs.aws.amazon.com/ROSA/latest/userguide/getting-started.html[AWS ROSA getting started guide]
+** xref:../../welcome/index.adoc#welcome-index[ROSA documentation]
+** xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA service definition]
+** xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibility-matrix[ROSA responsibility assignment matrix]
+** xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding Process and Security]
+** xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc#rosa-policy-understand-availability[About Availability]
+** xref:../../rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[Updates Lifecycle]
+** xref:../../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and Scalability]
+** link:https://red.ht/rosa-roadmap[ROSA roadmap]
+* link:https://learn.openshift.com[Learn about OpenShift]
+* link:https://console.redhat.com/OpenShift[OpenShift Cluster Manager]
+* link:https://support.redhat.com[Red Hat Support]
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/images b/cloud_experts_tutorials/cloud-experts-getting-started/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/sd_support/modules b/cloud_experts_tutorials/cloud-experts-getting-started/modules
similarity index 100%
rename from sd_support/modules
rename to cloud_experts_tutorials/cloud-experts-getting-started/modules
diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/snippets b/cloud_experts_tutorials/cloud-experts-getting-started/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-getting-started/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-rosa-cloudwatch-sts.adoc b/cloud_experts_tutorials/cloud-experts-rosa-cloudwatch-sts.adoc
new file mode 100644
index 000000000000..c4d731d360d8
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-rosa-cloudwatch-sts.adoc
@@ -0,0 +1,308 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-rosa-cloudwatch-sts"]
+= Configuring log forwarding for CloudWatch logs and STS
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-rosa-cloudwatch-sts
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-18
+//---
+// date: '2022-08-19'
+// date:
+// title: Configuring the Cluster Log Forwarder for CloudWatch Logs and STS
+// tags: ["AWS", "ROSA"]
+// authors:
+//   - Paul Czarkowski
+//   - Connor Wooley
+// ---
+
+Use this tutorial to deploy the {clo} and configure it to use Security Token Services (STS) authentication to forward logs to CloudWatch.
+
+[id="cloud-experts-rosa-cloudwatch-sts-prerequisites"]
+.Prerequisites
+
+* A {product-title} (ROSA) Classic cluster
+* The `jq` command-line interface (CLI)
+* The Amazon Web Services (AWS) CLI (`aws`)
+
+[id="cloud-experts-rosa-cloudwatch-sts-environment-setup"]
+== Setting up your environment
+
+. Configure the following environment variables, changing the cluster name to suit your cluster:
++
+[NOTE]
+====
+You must be logged in as an administrator.
+====
++
+[source,terminal]
+----
+$ export ROSA_CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export REGION=$(rosa describe cluster -c ${ROSA_CLUSTER_NAME} --output json | jq -r .region.id)
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o json | jq -r .spec.serviceAccountIssuer | sed  's|^https://||')
+$ export AWS_ACCOUNT_ID=`aws sts get-caller-identity --query Account --output text`
+$ export AWS_PAGER=""
+$ export SCRATCH="/tmp/${ROSA_CLUSTER_NAME}/clf-cloudwatch-sts"
+$ mkdir -p ${SCRATCH}
+----
+
+. Ensure all fields output correctly before moving to the next section:
++
+[source,terminal]
+----
+$ echo "Cluster: ${ROSA_CLUSTER_NAME}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="cloud-experts-rosa-cloudwatch-sts-prep-aws"]
+== Preparing your AWS account
+
+. Create an Identity Access Management (IAM) policy for {logging}:
++
+[source,terminal]
+----
+$ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='RosaCloudWatch'].{ARN:Arn}" --output text)
+$ if [[ -z "${POLICY_ARN}" ]]; then
+cat << EOF > ${SCRATCH}/policy.json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+     {
+           "Effect": "Allow",
+           "Action": [
+              "logs:CreateLogGroup",
+              "logs:CreateLogStream",
+              "logs:DescribeLogGroups",
+              "logs:DescribeLogStreams",
+              "logs:PutLogEvents",
+              "logs:PutRetentionPolicy"
+           ],
+           "Resource": "arn:aws:logs:*:*:*"
+     }
+]
+}
+EOF
+POLICY_ARN=$(aws iam create-policy --policy-name "RosaCloudWatch" \
+--policy-document file:///${SCRATCH}/policy.json --query Policy.Arn --output text)
+fi
+$ echo ${POLICY_ARN}
+----
+
+. Create an IAM role trust policy for the cluster:
++
+[source,terminal]
+----
+$ cat <<EOF > ${SCRATCH}/trust-policy.json
+{
+   "Version": "2012-10-17",
+   "Statement": [{
+     "Effect": "Allow",
+     "Principal": {
+       "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT}"
+     },
+     "Action": "sts:AssumeRoleWithWebIdentity",
+     "Condition": {
+       "StringEquals": {
+         "${OIDC_ENDPOINT}:sub": "system:serviceaccount:openshift-logging:logcollector"
+       }
+     }
+   }]
+}
+EOF
+$ ROLE_ARN=$(aws iam create-role --role-name "${ROSA_CLUSTER_NAME}-RosaCloudWatch" \
+      --assume-role-policy-document file://${SCRATCH}/trust-policy.json \
+      --query Role.Arn --output text)
+$ echo ${ROLE_ARN}
+----
+
+. Attach the IAM policy to the IAM role:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy --role-name "${ROSA_CLUSTER_NAME}-RosaCloudWatch" \
+   --policy-arn ${POLICY_ARN}
+----
+
+[id="cloud-experts-rosa-cloudwatch-sts-deploy-Os"]
+== Deploying Operators
+
+. Deploy the {clo}:
++
+[source,terminal]
+----
+$  cat << EOF | oc apply -f -
+   apiVersion: operators.coreos.com/v1alpha1
+   kind: Subscription
+   metadata:
+     labels:
+      operators.coreos.com/cluster-logging.openshift-logging: ""
+     name: cluster-logging
+     namespace: openshift-logging
+   spec:
+     channel: stable
+     installPlanApproval: Automatic
+     name: cluster-logging
+     source: redhat-operators
+     sourceNamespace: openshift-marketplace
+EOF
+----
+
+. Create a secret:
++
+[source,terminal]
+----
+$  cat << EOF | oc apply -f -
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: cloudwatch-credentials
+    namespace: openshift-logging
+  stringData:
+    role_arn: $ROLE_ARN
+EOF
+----
+
+[id="cloud-experts-rosa-cloudwatch-sts-configure-cluster-logging"]
+== Configuring cluster logging
+
+. Create a `ClusterLogForwarder` custom resource (CR):
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+  apiVersion: "logging.openshift.io/v1"
+  kind: ClusterLogForwarder
+  metadata:
+    name: instance
+    namespace: openshift-logging
+  spec:
+    outputs:
+      - name: cw
+        type: cloudwatch
+        cloudwatch:
+          groupBy: namespaceName
+          groupPrefix: rosa-${ROSA_CLUSTER_NAME}
+          region: ${REGION}
+        secret:
+          name: cloudwatch-credentials
+    pipelines:
+      - name: to-cloudwatch
+        inputRefs:
+          - infrastructure
+          - audit
+          - application
+        outputRefs:
+          - cw
+EOF
+----
+
+. Create a `ClusterLogging` CR:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+  apiVersion: logging.openshift.io/v1
+  kind: ClusterLogging
+  metadata:
+    name: instance
+    namespace: openshift-logging
+  spec:
+    collection:
+      logs:
+         type: vector
+    managementState: Managed
+EOF
+----
+
+[id="cloud-experts-rosa-cloudwatch-sts-check-aws"]
+== Checking CloudWatch for logs
+
+* Use either the AWS console or the AWS CLI to validate that there are log streams from the cluster.
+** To validate the logs in the AWS CLI, run the following command:
++
+[source,terminal]
+----
+$ aws logs describe-log-groups --log-group-name-prefix rosa-${ROSA_CLUSTER_NAME}
+----
++
+.Sample output
++
+[source,c]
+----
+{
+  "logGroups": [
+      {
+        "logGroupName": "rosa-xxxx.audit",
+        "creationTime": 1661286368369,
+        "metricFilterCount": 0,
+        "arn": "arn:aws:logs:us-east-2:xxxx:log-group:rosa-xxxx.audit:*",
+        "storedBytes": 0
+      },
+      {
+        "logGroupName": "rosa-xxxx.infrastructure",
+        "creationTime": 1661286369821,
+        "metricFilterCount": 0,
+        "arn": "arn:aws:logs:us-east-2:xxxx:log-group:rosa-xxxx.infrastructure:*",
+        "storedBytes": 0
+      }
+  ]
+}
+----
++
+[NOTE]
+====
+If this is a new cluster, you might not see a log group for `application` logs as applications are not yet running.
+====
+
+[id="cloud-experts-rosa-cloudwatch-sts-clean-up"]
+== Cleaning up your resources
+
+. Delete the `ClusterLogForwarder` CR:
++
+[source,terminal]
+----
+$ oc delete -n openshift-logging clusterlogforwarder instance
+----
+
+. Delete the `ClusterLogging` CR:
++
+[source,terminal]
+----
+$ oc delete -n openshift-logging clusterlogging instance
+----
+
+. Detach the IAM policy to the IAM role:
++
+[source,terminal]
+----
+$ aws iam detach-role-policy --role-name "${ROSA_CLUSTER_NAME}-RosaCloudWatch" \
+   --policy-arn "${POLICY_ARN}"
+----
+
+. Delete the IAM role:
++
+[source,terminal]
+----
+$ aws iam delete-role --role-name "${ROSA_CLUSTER_NAME}-RosaCloudWatch"
+----
+
+. Delete the IAM policy:
++
+[IMPORTANT]
+====
+Only delete the IAM policy if there are no other resources using the policy.
+====
++
+[source,terminal]
+----
+$ aws iam delete-policy --policy-arn "${POLICY_ARN}"
+----
+
+. Delete the CloudWatch log groups:
++
+[source,terminal]
+----
+$ aws logs delete-log-group --log-group-name "rosa-${ROSA_CLUSTER_NAME}.audit"
+$ aws logs delete-log-group --log-group-name "rosa-${ROSA_CLUSTER_NAME}.infrastructure"
+----
diff --git a/cloud_experts_tutorials/cloud-experts-rosa-osd-change-default-domain.adoc b/cloud_experts_tutorials/cloud-experts-rosa-osd-change-default-domain.adoc
new file mode 100644
index 000000000000..a2633cf45335
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-rosa-osd-change-default-domain.adoc
@@ -0,0 +1,199 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-rosa-osd-change-default-domain"]
+= Tutorial: Changing the Console, OAuth, and Downloads domains and TLS certificate on ROSA and OSD
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-rosa-osd-change-default-domain
+
+toc::[]
+
+//Content metadata
+//Brought into ROSA product docs 2023-12-14
+//---
+//date: '2022-12-07'
+//title: Changing the Console, OAuth, and Downloads Domain and TLS Certificate on ROSA and OSD
+//weight: 1
+//tags: ["AWS", "ROSA", "OSD"]
+//authors:
+//   Hector Kemp
+//---
+
+//Footnote definitions
+:fn-supported-cli: footnote:[The example commands in this guide use the ROSA CLI, but similar commands with the same function are available in the OCM CLI version 0.1.68 and higher for OpenShift Dedicated clusters that run on Google Cloud Platform.]
+:fn-supported-versions: footnote:[Modifying these routes on ROSA and OSD versions prior to 4.14 is not typically supported. However, if you have a cluster using version 4.13, you can request for Red Hat Support to enable support for this feature on your version 4.13 cluster.]
+:fn-term-component-routes: footnote:[We use the term `component routes` to refer to the `OAuth`, `Console`, and `Downloads` routes that are provided when ROSA and OSD are first installed. The ROSA CLI also uses the term `cluster routes` to refer to these resources.]
+
+//Article text
+This guide demonstrates how to modify the Console, Downloads, OAuth domain, and TLS certificate keypair on Red Hat Openshift on AWS (ROSA) and Red Hat Openshift Dedicated (OSD) versions 4.14 and above. {fn-supported-versions}
+
+//// 
+The changes that we make to the component routes {fn-term-component-routes} in this guide are described in greater detail in the following documentation:
+
+* link:https://docs.openshift.com/container-platform/latest/authentication/configuring-internal-oauth.html#customizing-the-oauth-server-url_configuring-internal-oauth[Customizing the internal OAuth server URL]
+* link:https://docs.openshift.com/container-platform/latest/web_console/customizing-the-web-console.html#customizing-the-console-route_customizing-web-console[Customizing the console route]
+* link:https://docs.openshift.com/container-platform/latest/web_console/customizing-the-web-console.html#customizing-the-download-route_customizing-web-console[Customizing the download route]
+//// 
+
+[id="prerequisites_{context}"]
+== Prerequisites
+
+* ROSA CLI (`rosa`) version 1.2.27 or higher {fn-supported-cli}
+* AWS CLI (`aws`)
+* OpenShift CLI (`oc`)
+* A ROSA or OSD cluster (STS, non-STS, or PrivateLink)
+* OpenSSL (for generating the demonstration SSL certificate), which can be downloaded and installed from link:https://www.openssl.org/source/[OpenSSL.org]
+* Access to the cluster as a user with the `cluster-admin` role.
+
+[id="find-current-routes_{context}"]
+== Find the current routes
+
+Before we make any configuration changes, we need to know the current routes in the cluster.
+
+* Verify that you can reach the component routes on their default hostnames.
++
+You can find the hostnames by querying the lists of routes in `openshift-console` and `openshift-authentication`.
++
+[source,bash]
+----
+$ oc get routes -n openshift-console
+NAME        HOST/PORT                                                                          PATH       SERVICES    PORT    TERMINATION          WILDCARD
+console     console-openshift-console.apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com    ... 1 more  console    https   reencrypt/Redirect   None
+downloads   downloads-openshift-console.apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com  ... 1 more  downloads  http    edge/Redirect        None
+----
++
+[source,bash]
+----
+$ oc get routes -n openshift-authentication
+NAME              HOST/PORT                                                             PATH        SERVICES          PORT   TERMINATION            WILDCARD
+oauth-openshift   oauth-openshift.apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com ... 1 more  oauth-openshift   6443   passthrough/Redirect   None
+----
++
+From these commands you can see that our base hostname is `z9a9.p1.openshiftapps.com`.
+
+* Verify that the default ingress exists, and ensure that the base hostname matches that of the component routes.
++
+[source,bash]
+----
+$ rosa list ingress -c <my-example-cluster-aws>
+ID    API ENDPOINT                                                   PRIVATE
+r3l6  https://apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com  external  true
+----
++
+Our ingress route shares the base hostname of `z9a9.p1.openshiftapps.com`.
++
+Note the ID of the default ingress: `r316`. We will need this to set up new DNS records later.
+
+By running these commands you can see that the default component routes for our cluster are:
+
+* `console-openshift-console.apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com` for Console
+* `downloads-openshift-console.apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com` for Downloads
+* `oauth-openshift.apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com` for OAuth
+
+We can use the `rosa edit ingress` command to change this base hostname and add a TLS certificate for all of our component routes. The relevant parameters are shown in this excerpt of the command line help for the `rosa edit ingress` command:
+
+[source,bash]
+----
+$ rosa edit ingress -h
+Edit a cluster ingress for a cluster. Usage:
+  rosa edit ingress ID [flags]
+  [...]
+  --cluster-routes-hostname string         Components route hostname for oauth, console, download.
+  --cluster-routes-tls-secret-ref string   Components route TLS secret reference for oauth, console, download.
+----
+
+Note that when we use this command to change the component routes, it will change the base domain for all three routes at the same time.
+
+If we choose a new base domain of `my-new-domain.dev`, our new component routes for our cluster will be:
+
+* `console-openshift-console.my-new-domain.dev` for Console
+* `downloads-openshift-console.my-new-domain.dev` for Downloads
+* `oauth-openshift.my-new-domain.dev` for OAuth
+
+[id="create-tls-certificate-for-routes_{context}"]
+== Create a valid TLS certificate for each component route
+
+In this section, we create a self-signed certificate key pair and then trust it to verify that we can access our new component routes using a real web browser. This is for demonstration purposes only, and is not recommended as a solution for production workloads. Consult your certificate authority to understand how to create a certificate with similar attributes for your production workloads.
+
+To work correctly, the certificate we create needs the following:
+
+* a Common Name (CN) that matches the **wildcard** DNS of the `--cluster-routes-hostname` parameter
+* a Subject Alternative Name (SAN) for each component route that **matches** the routes generated by our new hostname
+
+For a base domain of `my-new-domain.dev`, our certificate's subject (`-subj`) looks like this:
+
+----
+/CN=*.my-new-domain.dev
+----
+
+We also need a SAN for each of our component routes:
+
+----
+subjectAltName = DNS:console-openshift-console.my-new-domain.dev
+subjectAltName = DNS:downloads-openshift-console.my-new-domain.dev
+subjectAltName = DNS:oauth-openshift.my-new-domain.dev
+----
+
+We can generate our certificate by running the following `openssl` command:
+
+[source,bash]
+----
+$ openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout key-my-new-domain.pem -out cert-my-new-domain.pem -subj "/CN=*.my-new-domain.dev" -addext "subjectAltName = DNS:console-openshift-console.my-new-domain.dev, DNS:oauth-openshift.my-new-domain.dev, DNS:downloads-openshift-console.my-new-domain.dev"
+----
+
+This generates two `.pem` files, `key-my-new-domain.pem` and `cert-my-new-domain.pem`.
+
+[id="add-certificate-as-cluster-secret_{context}"]
+== Add the certificate to the cluster as a secret
+
+. Log in to the cluster as a user with the `cluster-admin` role.
+
+. Generate a TLS secret in the `openshift-config` namespace.
++
+This becomes your secret reference when you update the component routes later in this guide.
++
+[source,bash]
+----
+$ oc create secret tls component-tls --cert=cert-my-new-domain.pem --key=key-my-new-domain.pem -n openshift-config
+----
+
+[id="find-lb-hostname_{context}"]
+== Find the hostname of the load balancer in your cluster
+
+When you create a cluster, ROSA and OSD create a load balancer and generate a hostname for that load balancer. We need to know the load balancer hostname in order to create DNS records for our cluster.
+
+You can find the hostname by running the `oc get svc` command against the `openshift-ingress` namespace. The hostname of the load balancer is the `EXTERNAL-IP` associated with the `router-default` service in the `openshift-ingress` namespace.
+
+[source,bash]
+----
+$ oc get svc -n openshift-ingress
+NAME            TYPE          CLUSTER-IP     EXTERNAL-IP                                             PORT(S)                     AGE
+router-default  LoadBalancer  172.30.237.88  a234gsr3242rsfsfs-1342r624.us-east-1.elb.amazonaws.com  80:31175/TCP,443:31554/TCP  76d
+----
+
+In our case, the hostname is `a234gsr3242rsfsfs-1342r624.us-east-1.elb.amazonaws.com`.
+
+Save this value for later, as we will need it to configure DNS records for our new component route hostnames.
+
+[id="add-routes-to-dns_{context}"]
+== Add component route DNS records to your hosting provider
+
+In your hosting provider, add DNS records that map the `CNAME` of your new component route hostnames to the load balancer hostname we found in the previous step.
+
+//.Need an image for this
+//image::[Picture goes here]
+
+[id="update-routes-tls-using-rosa-cli_{context}"]
+== Update the component routes and TLS secret using the ROSA CLI
+
+When your DNS records have been updated, you can use the ROSA CLI to change the component routes.
+
+Use the `rosa edit ingress` command to update your default ingress route with the new base domain and the secret reference associated with it.
+
+[source,bash]
+----
+$ rosa edit ingress -c <my-example-cluster-aws> r3l6 --cluster-routes-hostname="my-new-domain.dev" --cluster-routes-tls-secret-ref="component-tls"
+
+ID    APPLICATION ROUTER                                             PRIVATE  DEFAULT  [...]  LB-TYPE  [...]  WILDCARD POLICY      NAMESPACE OWNERSHIP  HOSTNAME           TLS SECRET REF
+r3l6  https://apps.my-example-cluster-aws.z9a9.p1.openshiftapps.com  yes      yes      [...]  nlb      [...]  WildcardsDisallowed  Strict               my-new-domain.dev  component-tls
+----
+
+Add your certificate to the trust store on your local system, then confirm that you can access your components at their new routes using your local web browser.
diff --git a/cloud_experts_tutorials/cloud-experts-template-tutorial.adoc b/cloud_experts_tutorials/cloud-experts-template-tutorial.adoc
new file mode 100644
index 000000000000..316475cf7ec0
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-template-tutorial.adoc
@@ -0,0 +1,295 @@
+//Duplicate this file and use it as a template to write your content.
+//Look for TODO statements and angle brackets to identify content to add or replace.
+
+// Basic document metadata
+// TODO: replace anything in angle brackets in this metadata block
+:_mod-docs-content-type: ASSEMBLY
+[id=“cloud-experts-<topic>-tutorial”]
+= Tutorial: <Topic>
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-<topic>-tutorial
+
+//This automatically adds a table of contents so readers can jump to a specific heading.
+toc::[]
+
+//TODO: The following block must remain commented out, but add your name to the authors list in whatever format you want to be publicly visible in the openshift-docs repo.
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-18
+//---
+//date: '2021-06-10'
+//title: ROSA Prerequisites
+//weight: 1
+//tags: ["AWS", "ROSA", "Quickstarts"]
+//authors:
+//  - <author>
+//---
+
+// Docs will remove this support statement once this content has gone through regular QE validation.
+// TODO: IF YOU UPDATED THIS DOCUMENT AND THIS STATEMENT IS COMMENTED OUT, make sure you uncomment it again so QE can review your updates.
+include::snippets/mobb-support-statement.adoc[leveloffset=+1]
+
+//TODO: Write a few sentences about what the people who use this doc want to accomplish and what that might let them do.
+Introductory sentence or two about this whole file and why a customer might want to follow these steps.
+
+//TODO: Write up the information you want to publish for customers.
+//This documentation uses basic asciidoc syntax.
+
+//TODO: replace anything in angle brackets and add your content below
+[id='cloud-experts-<topic>-tutorial-<subsection1>']
+== <Subsection 1>
+
+Introductory sentence about the purpose of this section.
+
+Steps or information that the customer should follow.
+
+Check out the syntax guide below for examples of what you can add here.
+
+//TODO: replace anything in angle brackets and add your content below
+[id='cloud-experts-<topic>-tutorial-<subsection2>']
+== <Subsection 2>
+
+Introductory sentence about the purpose of this section.
+
+Steps or information that a customer should follow.
+
+Check out the syntax guide below for examples of what you can add here.
+
+//TODO: Provide links to any next steps or additional information the user is likely to want at this point.
+//TODO: If no other resources are likely to be needed, just delete this block.
+[id='cloud-experts-<topic>-tutorial-additional-resources']
+== Additional resources
+* link:https://cloud.redhat.com/experts/rosa/verify-permissions[Verify required permissions for a ROSA STS deployment]
+* link:https://cloud.redhat.com/experts/rosa/ecr[Configure a ROSA cluster to pull images from AWS Elastic Container Registry]
+
+//TODO: When you are finished writing your tutorial, delete everything below this line.
+// These are just some basic syntax examples so you can copy and paste easily.
+== AsciiDoc Syntax Basics
+
+For more information, refer to link:https://asciidoctor.org/docs/asciidoc-writers-guide/[AsciiDoc Writer's Guide]
+
+=== Headings
+
+To add a heading, use equals signs at the beginning of the line:
+
+[source]
+----
+== Second level heading text
+=== Third level heading text
+----
+
+Up to 5 levels of heading are available, but this usually won't be required.
+
+.Block element heading
+You can also add a small header to a block element by adding a full-stop at the start of the line. Do not add a space or this will become an ordered list item.
+
+[source]
+----
+.Block element heading
+----
+
+=== Paragraphs, links, and inline elements
+
+A paragraph is just a plain line of text like this.
+A single line break will be rendered as part of the same paragraph.
+
+A double line break will be rendered as a separate paragraph.
+
+You can _emphasize_ or *strengthen* text in a paragraph, or add a link to a link:http://www.redhat.com[Red Hat website].
+
+[source]
+----
+You can _emphasize_ or *strengthen* text in a paragraph, or add a link to a link:http://www.redhat.com[Red Hat website].
+----
+
+Link to non-Red Hat websites if necessary, but remember they won't necessarily open in a new tab, and might lead users away from your document.
+
+=== Lists
+
+Unordered lists use asterisks followed by a space:
+
+.My unordered list
+* First level list item
+** Use multiple asterisks to indent second level list items
+* Another first level list item
+
+[source]
+----
+.My unordered list
+* First level list item
+** Use multiple asterisks to indent second level list items
+* Another first level list item
+----
+
+Ordered lists use full stops followed by a space:
+
+.My ordered list
+. Step one
+.. Step 1.a.
+. Step two
+
+[source]
+----
+.My ordered list
+. Step one
+.. Step 1.a.
+. Step two
+----
+
+You can also use two colons to get a term and definition list:
+
+.Important definitions
+term:: definition goes here
+cat:: A cute and cuddly carnivorous companion animal with hidden foot knives.
+dog:: A cute and cuddly omnivorous companion animal with clearly visible foot knives.
+
+[source]
+----
+.Important definitions
+term:: definition goes here
+cat:: A cute and cuddly carnivorous companion animal with hidden foot knives.
+dog:: A cute and cuddly omnivorous companion animal with clearly visible foot knives.
+----
+
+=== Code
+
+You can use `backticks` to indicate a literal value inline, but for commands, code, and terminal output you want a code block:
+
+[source,terminal]
+----
+$ rosa version
+1.2.23
+I: There is a newer release version '1.2.26', please consider updating: https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/
+----
+
+[source]
+------
+[source,terminal]
+----
+$ rosa version
+1.2.23
+I: There is a newer release version '1.2.26', please consider updating: https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/
+----
+------
+
+The `[source]` part ahead of the code block specifies the kind of code in the block, and enables syntax highlighting based on the language provided after the comma.
+
+
+=== Tables
+
+Tables use a combination of pipes and equals signs for their basic structure. If you want to include more complex content, you can add an `a` before the pipe indicating the start of the complex cell, and use other kinds of asciidoc syntax in that cell as required.
+
+.Tables need a title
+|===
+|Left column |Right column
+
+| Row 1 left column cell
+| Row 1 right column cell
+
+a| Row 2 left column cell
+
+[NOTE]
+====
+With a note!
+====
+
+| Row 2 right column cell
+
+|===
+
+[source]
+------
+.Tables need a title
+|===
+|Left column |Right column
+
+| Row 1 left column cell
+| Row 1 right column cell
+
+a| Row 2 left column cell
+
+[NOTE]
+=====
+With a note!
+====
+
+| Row 2 right column cell
+
+|===
+------
+
+=== Images
+
+Place the image you want to use in the `cloud_experts_tutorials/images` sub-directory, and use only the file name in the `image::` block (not the relative path). For accessibility support, add a title for the image and describe the contents of the image. We recommend using PNG and SVG image formats.
+
+.The perspectives menu in OpenShift Web Console
+image::web_console_perspectives.png[The perspectives menu in OpenShift Web Console showing the Developer and Administrator persoectives]
+
+[source]
+----
+.The perspectives menu in OpenShift Web Console
+image::web_console_perspectives.png[The perspectives menu in OpenShift Web Console showing the Developer and Administrator persoectives]
+----
+
+=== Warnings and admonition blocks
+
+If you want to highlight some information you can place it in a callout block.
+Only do this for important things a user might miss, or our users will start ignoring them.
+
+[NOTE]
+====
+You can use other elements inside an admonition, but don't go overboard.
+We typically use three kinds:
+
+* NOTE is for information that is useful, and can often be just a regular sentence instead.
+* IMPORTANT is for information that a customer should be aware of but won't cause serious problems if it's ignored.
+* WARNING is for information that a customer needs to obey to avoid data loss or other critical failures.
+====
+
+[source]
+----
+
+[NOTE]
+====
+You can use other elements inside an admonition, but don't go overboard.
+We typically use three kinds:
+
+* NOTE is for information that is useful to know, and can often be just a regular sentence instead.
+* IMPORTANT is for information that a customer should be aware of but won't cause serious problems if it's ignored.
+* WARNING is for information that a customer needs to obey to avoid data loss or other critical failures.
+====
+----
+
+=== Combining block level elements
+
+You can chain multiple block-level asciidoc elements together with the plus sign. You'll most often do this with steps and code blocks, so that the code block stays at the same indent level as the instruction text, for example:
+
+. Open a terminal and log in to the ROSA CLI using your personal token:
++
+[source,terminal]
+----
+$ rosa login --token=<your_token>
+----
+
+. Check your ROSA CLI version:
++
+[source,terminal]
+----
+$ rosa version
+----
+
+[source]
+------
+
+. Open a terminal and log in to the ROSA CLI using your personal token:
++
+[source,terminal]
+----
+$ rosa login --token=<your_token>
+----
+. Check your ROSA CLI version:
++
+[source,terminal]
+----
+$ rosa version
+----
+------
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-using-alb-and-waf.adoc b/cloud_experts_tutorials/cloud-experts-using-alb-and-waf.adoc
new file mode 100644
index 000000000000..4227ab842be8
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-using-alb-and-waf.adoc
@@ -0,0 +1,443 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-using-alb-and-waf"]
+= Tutorial: Using AWS WAF and AWS ALBs to protect ROSA workloads
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-using-alb-and-waf
+
+toc::[]
+
+// Mobb content metadata
+// Brought into ROSA product docs 2023-09-21
+// ---
+// date: '2021-06-17'
+// title: AWS ALB
+// aliases: ['/docs/aws/waf/cloud-front.md']
+// tags: ["AWS", "ROSA", "OSD"]
+// authors:
+//  - 'Connor Wooley'
+// ---
+
+AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to your protected web application resources.
+
+You can use an AWS Application Load Balancer (ALB) to add a Web Application Firewall (WAF) to your {product-title} (ROSA) workloads. Using an external solution protects ROSA resources from experiencing denial of service due to handling the WAF.
+
+[NOTE]
+====
+It is recommended that you use the xref:../cloud_experts_tutorials/cloud-experts-using-cloudfront-and-waf.adoc#cloud-experts-using-cloudfront-and-waf[CloudFront method] unless you absolutely must use an ALB based solution.
+====
+
+//[Here](https://iamondemand.com/blog/elb-vs-alb-vs-nlb-choosing-the-best-aws-load-balancer-for-your-needs/)'s a good overview of AWS LB types and what they support
+
+// Loosely based off EKS instructions here - https://aws.amazon.com/premiumsupport/knowledge-center/eks-alb-ingress-aws-waf/
+
+[id="prerequisites_{context}"]
+== Prerequisites
+
+[NOTE]
+====
+AWS ALBs require a multi-AZ cluster, as well as three public subnets split across three AZs in the same VPC as the cluster.
+====
+
+* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[A multi-AZ ROSA Classic cluster].
+* You have access to the OpenShift CLI (`oc`).
+* You have access to the AWS CLI (`aws`).
+
+[id="environment-setup_{context}"]
+=== Environment setup
+
+* Prepare the environment variables:
++
+[source,terminal]
+----
+$ export AWS_PAGER=""
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export REGION=$(oc get infrastructure cluster -o=jsonpath="{.status.platformStatus.aws.region}")
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed  's|^https://||')
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+$ export SCRATCH="/tmp/${CLUSTER_NAME}/alb-waf"
+$ mkdir -p ${SCRATCH}
+$ echo "Cluster: ${CLUSTER_NAME}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="aws-vpc-and-subnets_{context}"]
+=== AWS VPC and subnets
+
+[NOTE]
+====
+This section only applies to clusters that were deployed into existing VPCs. If you did not deploy your cluster into an existing VPC, skip this section and proceed to the installation section below.
+====
+
+. Set the below variables to the proper values for your ROSA deployment:
++
+[source,terminal]
+----
+$ export VPC_ID=<vpc-id>
+$ export PUBLIC_SUBNET_IDS=<public-subnets>
+$ export PRIVATE_SUBNET_IDS=<private-subnets>
+----
++
+. Add a tag to your cluster's VPC with the cluster name:
++
+[source,terminal]
+----
+$ aws ec2 create-tags --resources ${VPC_ID} --tags Key=kubernetes.io/cluster/${CLUSTER_NAME},Value=owned --region ${REGION}
+----
++
+. Add a tag to your public subnets:
++
+[source,terminal]
+----
+$ aws ec2 create-tags \
+     --resources ${PUBLIC_SUBNET_IDS} \
+     --tags Key=kubernetes.io/role/elb,Value='' \
+     --region ${REGION}
+----
++
+. Add a tag to your private subnets:
++
+[source,terminal]
+----
+$ aws ec2 create-tags \
+     --resources "${PRIVATE_SUBNET_IDS}" \
+     --tags Key=kubernetes.io/role/internal-elb,Value='' \
+     --region ${REGION}
+----
+
+[id="deploy-aws-load-balancer-operator_{context}"]
+== Deploy the AWS Load Balancer Operator
+
+The link:https://github.com/openshift/aws-load-balancer-operator[AWS Load Balancer Operator] is used to used to install, manage and configure an instance of `aws-load-balancer-controller` in a ROSA cluster. To deploy ALBs in ROSA, we need to first deploy the AWS Load Balancer Operator.
+
+. Create an AWS IAM policy for the AWS Load Balancer Controller:
++
+[NOTE]
+====
+The policy is sourced from link:https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json[the upstream AWS Load Balancer Controller policy] plus permission to create tags on subnets. This is required by the operator to function.
+====
++
+[source,terminal]
+----
+$ oc new-project aws-load-balancer-operator
+$ POLICY_ARN=$(aws iam list-policies --query \
+     "Policies[?PolicyName=='aws-load-balancer-operator-policy'].{ARN:Arn}" \
+     --output text)
+$ if [[ -z "${POLICY_ARN}" ]]; then
+    wget -O "${SCRATCH}/load-balancer-operator-policy.json" \
+       https://raw.githubusercontent.com/rh-mobb/documentation/main/content/docs/rosa/aws-load-balancer-operator/load-balancer-operator-policy.json
+     POLICY_ARN=$(aws --region "$REGION" --query Policy.Arn \
+     --output text iam create-policy \
+     --policy-name aws-load-balancer-operator-policy \
+     --policy-document "file://${SCRATCH}/load-balancer-operator-policy.json")
+fi
+$ echo $POLICY_ARN
+----
++
+. Create an AWS IAM trust policy for AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ cat <<EOF > "${SCRATCH}/trust-policy.json"
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Condition": {
+   "StringEquals" : {
+     "${OIDC_ENDPOINT}:sub": ["system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager", "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster"]
+   }
+ },
+ "Principal": {
+   "Federated": "arn:aws:iam::$AWS_ACCOUNT_ID:oidc-provider/${OIDC_ENDPOINT}"
+ },
+ "Action": "sts:AssumeRoleWithWebIdentity"
+ }
+ ]
+}
+EOF
+----
++
+. Create an AWS IAM role for the AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name "${CLUSTER_NAME}-alb-operator" \
+   --assume-role-policy-document "file://${SCRATCH}/trust-policy.json" \
+   --query Role.Arn --output text)
+$ echo $ROLE_ARN
+
+$ aws iam attach-role-policy --role-name "${CLUSTER_NAME}-alb-operator" \
+     --policy-arn $POLICY_ARN
+----
++
+. Create a secret for the AWS Load Balancer Operator to assume our newly created AWS IAM role:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+stringData:
+  credentials: |
+    [default]
+    role_arn = $ROLE_ARN
+    web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+EOF
+----
++
+. Install the Red Hat AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  upgradeStrategy: Default
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  channel: stable-v1.0
+  installPlanApproval: Automatic
+  name: aws-load-balancer-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: aws-load-balancer-operator.v1.0.0
+EOF
+----
++
+. Deploy an instance of the AWS Load Balancer Controller using the operator:
++
+[NOTE]
+====
+If you get an error here wait a minute and try again, it means the Operator has not completed installing yet.
+====
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: networking.olm.openshift.io/v1
+kind: AWSLoadBalancerController
+metadata:
+  name: cluster
+spec:
+  credentials:
+    name: aws-load-balancer-operator
+  enabledAddons:
+    - AWSWAFv2
+EOF
+----
++
+. Check the that the operator and controller pods are both running:
++
+[source,terminal]
+----
+$ oc -n aws-load-balancer-operator get pods
+----
++
+You should see the following, if not wait a moment and retry:
++
+[source,terminal]
+----
+NAME                                                             READY   STATUS    RESTARTS   AGE
+aws-load-balancer-controller-cluster-6ddf658785-pdp5d            1/1     Running   0          99s
+aws-load-balancer-operator-controller-manager-577d9ffcb9-w6zqn   2/2     Running   0          2m4s
+----
+
+[id="deploy-sample-application_{context}"]
+== Deploy a sample application
+
+. Create a new project for our sample application:
++
+[source,terminal]
+----
+$ oc new-project hello-world
+----
++
+. Deploy a hello world application:
++
+[source,terminal]
+----
+$ oc new-app -n hello-world --image=docker.io/openshift/hello-openshift
+----
++
+. Convert the pre-created service resource to a NodePort service type:
++
+[source,terminal]
+----
+$ oc -n hello-world patch service hello-openshift -p '{"spec":{"type":"NodePort"}}'
+----
++
+. Deploy an AWS ALB using the AWS Load Balancer Operator:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hello-openshift-alb
+  namespace: hello-world
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+spec:
+  ingressClassName: alb
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Exact
+            backend:
+              service:
+                name: hello-openshift
+                port:
+                  number: 8080
+EOF
+----
++
+. Curl the AWS ALB Ingress endpoint to verify the hello world application is accessible:
++
+[NOTE]
+====
+AWS ALB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host`, please wait and try again.
+====
++
+[source,terminal]
+----
+$ INGRESS=$(oc -n hello-world get ingress hello-openshift-alb -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+$ curl "http://${INGRESS}"
+----
++
+.Example output
+[source,text]
+----
+Hello OpenShift!
+----
+
+[id="configure-aws-waf_{context}"]
+=== Configure the AWS WAF
+
+The link:https://aws.amazon.com/waf/[AWS WAF] service is a web application firewall that lets you monitor, protect, and control the HTTP and HTTPS requests that are forwarded to your protected web application resources, like ROSA.
+
+. Create a AWS WAF rules file to apply to our web ACL:
++
+[source,terminal]
+----
+$ cat << EOF > ${SCRATCH}/waf-rules.json
+[
+    {
+      "Name": "AWS-AWSManagedRulesCommonRuleSet",
+      "Priority": 0,
+      "Statement": {
+        "ManagedRuleGroupStatement": {
+          "VendorName": "AWS",
+          "Name": "AWSManagedRulesCommonRuleSet"
+        }
+      },
+      "OverrideAction": {
+        "None": {}
+      },
+      "VisibilityConfig": {
+        "SampledRequestsEnabled": true,
+        "CloudWatchMetricsEnabled": true,
+        "MetricName": "AWS-AWSManagedRulesCommonRuleSet"
+      }
+    },
+    {
+      "Name": "AWS-AWSManagedRulesSQLiRuleSet",
+      "Priority": 1,
+      "Statement": {
+        "ManagedRuleGroupStatement": {
+          "VendorName": "AWS",
+          "Name": "AWSManagedRulesSQLiRuleSet"
+        }
+      },
+      "OverrideAction": {
+        "None": {}
+      },
+      "VisibilityConfig": {
+        "SampledRequestsEnabled": true,
+        "CloudWatchMetricsEnabled": true,
+        "MetricName": "AWS-AWSManagedRulesSQLiRuleSet"
+      }
+    }
+]
+EOF
+----
++
+This will enable the Core (Common) and SQL AWS Managed Rule Sets.
++
+. Create an AWS WAF Web ACL using the rules we specified above:
++
+[source,terminal]
+----
+$ WAF_ARN=$(aws wafv2 create-web-acl \
+  --name ${CLUSTER_NAME}-waf \
+  --region ${REGION} \
+  --default-action Allow={} \
+  --scope REGIONAL \
+  --visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=${CLUSTER_NAME}-waf-metrics \
+  --rules file://${SCRATCH}/waf-rules.json \
+  --query 'Summary.ARN' \
+  --output text)
+----
++
+. Annotate the Ingress resource with the AWS WAF Web ACL ARN:
++
+[source,terminal]
+----
+$ oc annotate -n hello-world ingress.networking.k8s.io/hello-openshift-alb \
+  alb.ingress.kubernetes.io/wafv2-acl-arn=${WAF_ARN}
+----
+
+. Wait for 10 seconds for the rules to propagate and test that the app still works:
++
+[source,terminal]
+----
+$ curl "http://${INGRESS}"
+----
++
+.Example output
+[source,text]
+----
+Hello OpenShift!
+----
+
+. Test that the WAF denies a bad request:
++
+[source,terminal]
+----
+$ curl -X POST "http://${INGRESS}" \
+  -F "user='<script><alert>Hello></alert></script>'"
+----
++
+.Example output
++
+[source,text]
+----
+<html>
+<head><title>403 Forbidden</title></head>
+<body>
+<center><h1>403 Forbidden</h1></center>
+</body>
+</html
+----
++
+The expected result is a `403 Forbidden` error, which means the AWS WAF is protecting your application.
+
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+
+* link:https://docs.openshift.com/rosa/applications/deployments/osd-config-custom-domains-applications.html[Custom domains for applications] in the Red Hat documentation
+* link:https://youtu.be/-HorEsl2ho4[Adding Extra Security with AWS WAF, CloudFront and ROSA | Amazon Web Services] on YouTube
\ No newline at end of file
diff --git a/cloud_experts_tutorials/cloud-experts-using-aws-ack.adoc b/cloud_experts_tutorials/cloud-experts-using-aws-ack.adoc
new file mode 100644
index 000000000000..d889e0c6afa2
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-using-aws-ack.adoc
@@ -0,0 +1,253 @@
+:_mod-docs-content-type: ASSEMBLY
+[id=“cloud-experts-using-aws-ack]
+= Tutorial: Using AWS Controllers for Kubernetes on ROSA
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-using-aws-ack
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-21
+//---
+//date: '2022-06-02'
+//title: Using AWS Controllers for Kubernetes (ACK) on ROSA
+//weight: 1
+//tags: ["AWS", "ROSA"]
+//authors:
+//  - Paul Czarkowski
+//  - Connor Wooley
+//---
+
+link:https://aws-controllers-k8s.github.io/community/[AWS Controllers for Kubernetes] (ACK) lets you define and use AWS service resources directly from {product-title} (ROSA). With ACK, you can take advantage of AWS-managed services for your applications without needing to define resources outside of the cluster or run services that provide supporting capabilities such as databases or message queues within the cluster.
+
+You can install various ACK Operators directly from OperatorHub. This makes it easy to get started and use the Operators with your applications. This controller is a component of the AWS Controller for Kubernetes project, which is currently in developer preview.
+
+Use this tutorial to deploy the ACK S3 Operator. You can also adapt it for any other ACK Operator in the OperatorHub of your cluster.
+
+[id="cloud-experts-using-aws-ack-prerequisites"]
+== Prerequisites
+
+* A ROSA cluster
+* A user account with `cluster-admin` privileges
+* The OpenShift CLI (`oc`)
+* The Amazon Web Services (AWS) CLI (`aws`)
+
+[id="cloud-experts-using-aws-ack-environment-setup"]
+== Setting up your environment
+
+. Configure the following environment variables, changing the cluster name to suit your cluster:
++
+[source,terminal]
+----
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export REGION=$(rosa describe cluster -c ${ROSA_CLUSTER_NAME} --output json | jq -r .region.id)
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o json | jq -r .spec.serviceAccountIssuer | sed  's|^https://||')
+$ export AWS_ACCOUNT_ID=`aws sts get-caller-identity --query Account --output text`
+$ export ACK_SERVICE=s3
+$ export ACK_SERVICE_ACCOUNT=ack-${ACK_SERVICE}-controller
+$ export POLICY_ARN=arn:aws:iam::aws:policy/AmazonS3FullAccess
+$ export AWS_PAGER=""
+$ export SCRATCH="/tmp/${ROSA_CLUSTER_NAME}/ack"
+$ mkdir -p ${SCRATCH}
+----
+. Ensure all fields output correctly before moving to the next section:
++
+[source,terminal]
+----
+$ echo "Cluster: ${ROSA_CLUSTER_NAME}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="cloud-experts-using-aws-ack-prep-aws"]
+== Preparing your AWS Account
+
+. Create an AWS Identity Access Management (IAM) trust policy for the ACK Operator:
++
+[source,terminal]
+----
+$ cat <<EOF > "${SCRATCH}/trust-policy.json"
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Condition": {
+   "StringEquals" : {
+     "${OIDC_ENDPOINT}:sub": "system:serviceaccount:ack-system:${ACK_SERVICE_ACCOUNT}"
+   }
+ },
+ "Principal": {
+   "Federated": "arn:aws:iam::$AWS_ACCOUNT_ID:oidc-provider/${OIDC_ENDPOINT}"
+ },
+ "Action": "sts:AssumeRoleWithWebIdentity"
+ }
+ ]
+}
+EOF
+----
++
+. Create an AWS IAM role for the ACK Operator to assume with the `AmazonS3FullAccess` policy attached:
++
+[NOTE]
+====
+You can find the recommended policy in each project's GitHub repository, for example https://github.com/aws-controllers-k8s/s3-controller/blob/main/config/iam/recommended-policy-arn.
+====
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name "ack-${ACK_SERVICE}-controller" \
+   --assume-role-policy-document "file://${SCRATCH}/trust-policy.json" \
+   --query Role.Arn --output text)
+$ echo $ROLE_ARN
+
+$ aws iam attach-role-policy --role-name "ack-${ACK_SERVICE}-controller" \
+     --policy-arn ${POLICY_ARN}
+----
+
+[id="cloud-experts-using-aws-ack-install-ack"]
+== Installing the ACK S3 Controller
+
+. Create a project to install the ACK S3 Operator into:
++
+[source,terminal]
+----
+$ oc new-project ack-system
+----
++
+. Create a file with the ACK S3 Operator configuration:
++
+[NOTE]
+====
+`ACK_WATCH_NAMESPACE` is purposefully left blank so the controller can properly watch all namespaces in the cluster.
+====
++
+[source,terminal]
+----
+$ cat <<EOF > "${SCRATCH}/config.txt"
+ACK_ENABLE_DEVELOPMENT_LOGGING=true
+ACK_LOG_LEVEL=debug
+ACK_WATCH_NAMESPACE=
+AWS_REGION=${REGION}
+AWS_ENDPOINT_URL=
+ACK_RESOURCE_TAGS=${CLUSTER_NAME}
+ENABLE_LEADER_ELECTION=true
+LEADER_ELECTION_NAMESPACE=
+EOF
+----
++
+. Use the file from the previous step to create a ConfigMap:
++
+[source,terminal]
+----
+$ oc -n ack-system create configmap \
+  --from-env-file=${SCRATCH}/config.txt ack-${ACK_SERVICE}-user-config
+----
++
+. Install the ACK S3 Operator from OperatorHub:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: ack-${ACK_SERVICE}-controller
+  namespace: ack-system
+spec:
+  upgradeStrategy: Default
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: ack-${ACK_SERVICE}-controller
+  namespace: ack-system
+spec:
+  channel: alpha
+  installPlanApproval: Automatic
+  name: ack-${ACK_SERVICE}-controller
+  source: community-operators
+  sourceNamespace: openshift-marketplace
+EOF
+----
++
+. Annotate the ACK S3 Operator service account with the AWS IAM role to assume and restart the deployment:
++
+[source,terminal]
+----
+$ oc -n ack-system annotate serviceaccount ${ACK_SERVICE_ACCOUNT} \
+  eks.amazonaws.com/role-arn=${ROLE_ARN} && \
+  oc -n ack-system rollout restart deployment ack-${ACK_SERVICE}-controller
+----
++
+. Verify that the ACK S3 Operator is running:
++
+[source,terminal]
+----
+$ oc -n ack-system get pods
+----
+.Example output
++
+[source,text]
+----
+NAME                                 READY   STATUS    RESTARTS   AGE
+ack-s3-controller-585f6775db-s4lfz   1/1     Running   0          51s
+----
+
+[id="cloud-experts-using-aws-ack-valid-deploy"]
+== Validating the deployment
+
+. Deploy an S3 bucket resource:
++
+[source,terminal]
+----
+$ cat << EOF | oc apply -f -
+apiVersion: s3.services.k8s.aws/v1alpha1
+kind: Bucket
+metadata:
+   name: ${CLUSTER-NAME}-bucket
+   namespace: ack-system
+spec:
+   name: ${CLUSTER-NAME}-bucket
+EOF
+----
++
+. Verify the S3 bucket was created in AWS:
++
+[source,terminal]
+----
+$ aws s3 ls | grep ${CLUSTER_NAME}-bucket
+----
++
+.Example output
+[source,text]
+----
+2023-10-04 14:51:45 mrmc-test-maz-bucket
+----
+
+[id="cloud-experts-using-aws-ack-clean-up"]
+== Cleaning up
+
+. Delete the S3 bucket resource:
++
+[source,terminal]
+----
+$ oc -n ack-system delete bucket.s3.services.k8s.aws/${CLUSTER-NAME}-bucket
+----
++
+. Delete the ACK S3 Operator and the AWS IAM roles:
++
+[source,terminal]
+----
+$ oc -n ack-system delete subscription ack-${ACK_SERVICE}-controller
+$ aws iam detach-role-policy \
+  --role-name "ack-${ACK_SERVICE}-controller" \
+  --policy-arn ${POLICY_ARN}
+$ aws iam delete-role \
+  --role-name "ack-${ACK_SERVICE}-controller"
+----
++
+. Delete the `ack-system` project:
++
+[source,terminal]
+----
+$ oc delete project ack-system
+----
diff --git a/cloud_experts_tutorials/cloud-experts-using-cloudfront-and-waf.adoc b/cloud_experts_tutorials/cloud-experts-using-cloudfront-and-waf.adoc
new file mode 100644
index 000000000000..ab876415ad50
--- /dev/null
+++ b/cloud_experts_tutorials/cloud-experts-using-cloudfront-and-waf.adoc
@@ -0,0 +1,359 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-using-cloudfront-and-waf"]
+= Tutorial: Using AWS WAF and Amazon CloudFront to protect ROSA workloads
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-using-cloudfront-and-waf
+
+toc::[]
+
+// Mobb content metadata
+// Brought into ROSA product docs 2023-09-21
+// ---
+// date: '2021-06-17'
+// title: Using CloudFront + WAF
+// aliases: ['/docs/aws/waf/cloud-front.md']
+// tags: ["AWS", "ROSA"]
+// authors:
+//  - 'Connor Wooley'
+// ---
+
+AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to your protected web application resources.
+
+You can use an Amazon CloudFront to add a Web Application Firewall (WAF) to your {product-title} (ROSA) workloads. Using an external solution protects ROSA resources from experiencing denial of service due to handling the WAF.
+
+[id="prerequisites_{context}"]
+== Prerequisites
+
+* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[A ROSA Classic cluster].
+* You have access to the OpenShift CLI (`oc`).
+* You have access to the AWS CLI (`aws`).
+
+[id="environment-setup_{context}"]
+=== Environment setup
+
+* Prepare the environment variables:
++
+[source,terminal]
+----
+$ export AWS_PAGER=""
+$ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"  | sed 's/-[a-z0-9]\{5\}$//')
+$ export REGION=$(oc get infrastructure cluster -o=jsonpath="{.status.platformStatus.aws.region}")
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+$ export SCRATCH="/tmp/${CLUSTER_NAME}/cloudfront-waf"
+$ mkdir -p ${SCRATCH}
+$ echo "Cluster: ${CLUSTER_NAME}, Region: ${REGION}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
+
+[id="custom_domain_setup{context}"]
+== Custom domain setup
+
+It is necessary to configure a secondary ingress controller to segment your external WAF-protected traffic from your standard (and default) cluster ingress controller. In ROSA, we do this using the Custom Domain Operator.
+
+.Prerequisites
+
+* A unique domain, such as `*.apps.<company_name>.io`
+* A custom SAN or wildcard certificate, such as `CN=*.apps.<company_name>.io`
+
+.Procedure
+
+. Create a new project
++
+[source,terminal]
+----
+$ oc new-project waf-demo
+----
+
+. Create a new TLS secret from a private key and a public certificate, where `fullchain.pem` is your full wildcard certificate chain (including any intermediaries) and `privkey.pem` is your wildcard certificate's private key.
++
+.Example
+[source,terminal]
+----
+$ oc -n waf-demo create secret tls waf-tls --cert=fullchain.pem --key=privkey.pem
+----
+
+. Create a new `CustomDomain` custom resource (CR):
++
+.Example `waf-custom-domain.yaml`
+[source,yaml]
+----
+apiVersion: managed.openshift.io/v1alpha1
+kind: CustomDomain
+metadata:
+  name: cloudfront-waf
+spec:
+  domain: apps.<company_name>.io <1>
+  scope: External
+  loadBalancerType: NLB
+  certificate:
+    name: waf-tls
+    namespace: waf-demo
+  routeSelector: <2>
+    matchLabels:
+     route: waf
+----
+<1> The custom domain.
+<2> Filters the set of routes serviced by the CustomDomain ingress. In this tutorial, we will use the `waf` route selector, but if no value was to be provided, no filtering would occur.
+
+. Apply the CR:
++
+.Example
+[source,terminal]
+----
+$ oc apply -f waf-custom-domain.yaml
+----
+
+. Verify that your custom domain ingress controller has been deployed and is `Ready`:
++
+[source,terminal]
+----
+$ oc get customdomains
+----
++
+.Example output
+[source,terminal]
+----
+NAME               ENDPOINT                                                    DOMAIN                       STATUS
+cloudfront-waf     xxrywp.<company_name>.cluster-01.opln.s1.openshiftapps.com  *.apps.<company_name>.io     Ready
+----
+
+[id="configure-aws-waf_{context}"]
+=== Configure the AWS WAF
+
+The link:https://aws.amazon.com/waf/[AWS WAF] service is a web application firewall that lets you monitor, protect, and control the HTTP and HTTPS requests that are forwarded to your protected web application resources, like ROSA.
+
+. Create a AWS WAF rules file to apply to our web ACL:
++
+[source,terminal]
+----
+$ cat << EOF > ${SCRATCH}/waf-rules.json
+[
+    {
+      "Name": "AWS-AWSManagedRulesCommonRuleSet",
+      "Priority": 0,
+      "Statement": {
+        "ManagedRuleGroupStatement": {
+          "VendorName": "AWS",
+          "Name": "AWSManagedRulesCommonRuleSet"
+        }
+      },
+      "OverrideAction": {
+        "None": {}
+      },
+      "VisibilityConfig": {
+        "SampledRequestsEnabled": true,
+        "CloudWatchMetricsEnabled": true,
+        "MetricName": "AWS-AWSManagedRulesCommonRuleSet"
+      }
+    },
+    {
+      "Name": "AWS-AWSManagedRulesSQLiRuleSet",
+      "Priority": 1,
+      "Statement": {
+        "ManagedRuleGroupStatement": {
+          "VendorName": "AWS",
+          "Name": "AWSManagedRulesSQLiRuleSet"
+        }
+      },
+      "OverrideAction": {
+        "None": {}
+      },
+      "VisibilityConfig": {
+        "SampledRequestsEnabled": true,
+        "CloudWatchMetricsEnabled": true,
+        "MetricName": "AWS-AWSManagedRulesSQLiRuleSet"
+      }
+    }
+]
+EOF
+----
++
+This will enable the Core (Common) and SQL AWS Managed Rule Sets.
++
+. Create an AWS WAF Web ACL using the rules we specified above:
++
+[source,terminal]
+----
+$ WAF_WACL=$(aws wafv2 create-web-acl \
+  --name cloudfront-waf \
+  --region ${REGION} \
+  --default-action Allow={} \
+  --scope CLOUDFRONT \
+  --visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=${CLUSTER_NAME}-waf-metrics \
+  --rules file://${SCRATCH}/waf-rules.json \
+  --query 'Summary.Name' \
+  --output text)
+----
+
+[id="configure_amazon_cloudfront_{context}"]
+== Configure Amazon CloudFront
+
+. Retrieve the newly created custom domain ingress controller's NLB hostname:
++
+[source,terminal]
+----
+$ NLB=$(oc -n openshift-ingress get service router-cloudfront-waf \
+  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+$ echo "Origin domain: ${NLB}"
+----
+
+. Import your certificate into Amazon Certificate Manager, where `cert.pem` is your wildcard certificate, `fullchain.pem` is your wildcard certificate's chain and `privkey.pem` is your wildcard certificate’s private key.
++
+[NOTE]
+====
+Regardless of what region your cluster is deployed, you must import this certificate to `us-east-1` as Amazon CloudFront is a global AWS service.
+====
++
+.Example
+[source,terminal]
+----
+$ aws acm import-certificate --certificate file://cert.pem \
+  --certificate-chain file://fullchain.pem \
+  --private-key file://privkey.pem \
+  --region us-east-1
+----
+
+. Log into the link:https://us-east-1.console.aws.amazon.com/cloudfront/v3/home#/distributions/create[AWS console] to create a CloudFront distribution.
++
+. Configure the CloudFront distribution by using the following information:
++
+[NOTE]
+====
+If an option is not specified in the table below, leave them the default (which may be blank).
+====
++
+[cols="2",options="header"]
+|===
+|Option
+|Value
+
+|Origin domain
+|Output from the command above ^[1]^
+
+|Name
+|rosa-waf-ingress ^[2]^
+
+|Viewer protocol policy
+|Redirect HTTP to HTTPS
+
+|Allowed HTTP methods
+|GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
+
+|Cache policy
+|CachingDisabled
+
+|Origin request policy
+|AllViewer
+
+|Web Application Firewall (WAF)
+|Enable security protections
+
+|Use existing WAF configuration
+|true
+
+|Choose a web ACL
+|`cloudfront-waf`
+
+|Alternate domain name (CNAME)
+|*.apps.<company_name>.io ^[3]^
+
+|Custom SSL certificate
+|Select the certificate you imported from the step above ^[4]^
+|===
++
+[.small]
+--
+1. Run `echo ${NLB}` to get the origin domain.
+2. If you have multiple clusters, ensure the origin name is unique.
+3. This should match the wildcard domain you used to create the custom domain ingress controller.
+4. This should match the alternate domain name entered above.
+--
++
+. Retrieve the Amazon CloudFront Distribution endpoint:
++
+[source,terminal]
+----
+$ aws cloudfront list-distributions --query "DistributionList.Items[?Origins.Items[?DomainName=='${NLB}']].DomainName" --output text
+----
+
+. Update the DNS of your custom wildcard domain with a CNAME to the Amazon CloudFront Distribution endpoint from the step above.
++
+.Example
+[source,text]
+----
+*.apps.<company_name>.io CNAME d1b2c3d4e5f6g7.cloudfront.net
+----
+
+[id="deploy-sample-application_{context}"]
+== Deploy a sample application
+
+. Deploy a hello world application:
++
+[source,terminal]
+----
+$ oc -n waf-demo new-app --image=docker.io/openshift/hello-openshift
+----
++
+. Create a route for the application specifying your custom domain name:
++
+.Example
+[source,terminal]
+----
+$ oc -n waf-demo create route edge --service=hello-openshift hello-openshift-tls \
+--hostname hello-openshift.apps.<company_name>.io
+----
++
+. Label the route to admit it to your custom domain ingress controller:
++
+[source,terminal]
+----
+$ oc -n waf-demo label route.route.openshift.io/hello-openshift-tls route=waf
+----
+
+[id="test-waf_{context}"]
+== Test the WAF
+
+. Test that the app is accessible behind Amazon CloudFront:
++
+.Example
++
+[source,terminal]
+----
+$ curl "https://hello-openshift.apps.<company_name>.io"
+----
++
+.Example output
+[source,text]
+----
+Hello OpenShift!
+----
+
+. Test that the WAF denies a bad request:
++
+.Example
++
+[source,terminal]
+----
+$ curl -X POST "https://hello-openshift.apps.<company_name>.io" \
+  -F "user='<script><alert>Hello></alert></script>'"
+----
++
+.Example output
++
+[source,text]
+----
+<html>
+<head><title>403 Forbidden</title></head>
+<body>
+<center><h1>403 Forbidden</h1></center>
+</body>
+</html
+----
++
+The expected result is a `403 Forbidden` error, which means the AWS WAF is protecting your application.
+
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+
+* link:https://docs.openshift.com/rosa/applications/deployments/osd-config-custom-domains-applications.html[Custom domains for applications] in the Red Hat documentation
+* link:https://youtu.be/-HorEsl2ho4[Adding Extra Security with AWS WAF, CloudFront and ROSA | Amazon Web Services] on YouTube
\ No newline at end of file
diff --git a/cloud_experts_tutorials/images b/cloud_experts_tutorials/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/cloud_experts_tutorials/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/cloud_experts_tutorials/index.adoc b/cloud_experts_tutorials/index.adoc
new file mode 100644
index 000000000000..e70e1207ee41
--- /dev/null
+++ b/cloud_experts_tutorials/index.adoc
@@ -0,0 +1,9 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="tutorials-overview"]
+= Tutorials overview
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: tutorials-overview
+
+Step-by-step tutorials from Red Hat experts to help you get the most out of your Managed OpenShift cluster.
+
+In an effort to make this Cloud Expert tutorial content available quickly, it may not yet be tested on every supported configuration.
diff --git a/cloud_experts_tutorials/modules b/cloud_experts_tutorials/modules
new file mode 120000
index 000000000000..464b823aca16
--- /dev/null
+++ b/cloud_experts_tutorials/modules
@@ -0,0 +1 @@
+../modules
\ No newline at end of file
diff --git a/cloud_experts_tutorials/rosa-mobb-cli-quickstart.adoc b/cloud_experts_tutorials/rosa-mobb-cli-quickstart.adoc
new file mode 100644
index 000000000000..fae9856decbf
--- /dev/null
+++ b/cloud_experts_tutorials/rosa-mobb-cli-quickstart.adoc
@@ -0,0 +1,272 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-mobb-cli-quickstart"]
+= Create a {product-title} cluster using the CLI
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-mobb-cli-quickstart
+
+toc::[]
+
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-12
+//---
+//date: '2021-06-10'
+//title: ROSA Quickstart
+//weight: 1
+//aliases: [/docs/quickstart-rosa.md]
+//Tags: ["AWS", "ROSA", "Quickstarts"]
+//authors:
+//  - Steve Mirman
+//  - Paul Czarkowski
+//---
+
+A Quickstart guide to deploying a Red Hat OpenShift cluster on AWS using the CLI.
+
+== Video Walkthrough
+
+////
+ Introduction to ROSA by Charlotte Fung on [AWS YouTube channel](https://youtu.be/KRqXxek4GvQ)
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/KRqXxek4GvQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+
+
+If you prefer a more visual medium, you can watch [Steve Mirman](https://twitter.com/stevemirman) walk through this quickstart on [YouTube](https://www.youtube.com/watch?v=IFNig_Z_p2Y).
+<iframe width="560" height="315" src="https://www.youtube.com/embed/IFNig_Z_p2Y" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+////
+
+== Prerequisites
+
+=== AWS
+
+You must have an AWS account with the link:https://console.aws.amazon.com/rosa/home?#/get-started[AWS ROSA Prerequisites] met.
+
+image::rosa-aws-pre.png[AWS console rosa requisites]
+
+**MacOS**
+
+//See [AWS Docs](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html) for alternative install options.
+
+* Install AWS CLI using the macOS command line:
+
+[source,bash]
+----
+$ curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
+sudo installer -pkg AWSCLIV2.pkg -target /
+----
+
+**Linux**
+
+// See [AWS Docs](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html) for alternative install options.
+
+* Install AWS CLI using the Linux command line:
+
+[source,bash]
+----
+$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+sudo ./aws/install
+----
+
+**Windows**
+
+// See [AWS Docs](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html) for alternative install options.
+
+* Install AWS CLI using the Windows command line
+
+[source,bash]
+----
+$ C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
+----
+
+////
+**Docker**
+
+> See [AWS Docs](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-docker.html) for alternative install options.
+
+1. To run the AWS CLI version 2 Docker image, use the docker run command.
+
+    ```bash
+    docker run --rm -it amazon/aws-cli command
+   ```
+////
+
+=== Prepare AWS Account for OpenShift
+
+* Configure the AWS CLI by running the following command:
+
+[source,bash]
+----
+$ aws configure
+----
+
+2. You will be required to enter an `AWS Access Key ID` and an `AWS Secret Access Key` along with a default region name and output format
+
+    ```bash
+    % aws configure
+    AWS Access Key ID []:
+    AWS Secret Access Key []:
+    Default region name [us-east-2]:
+    Default output format [json]:
+    ```
+    The `AWS Access Key ID` and `AWS Secret Access Key` values can be obtained by logging in to the AWS console and creating an **Access Key** in the **Security Credentials** section of the IAM dashboard for your user
+
+3. Validate your credentials
+
+    ```bash
+    aws sts get-caller-identity
+    ```
+
+    You should receive output similar to the following
+    ```
+    {
+      "UserId": <your ID>,
+      "Account": <your account>,
+      "Arn": <your arn>
+    }
+    ```
+
+4. If this is a brand new AWS account that has never had a AWS Load Balancer installed in it, you should run the following
+
+    ```bash
+    aws iam create-service-linked-role --aws-service-name \
+    "elasticloadbalancing.amazonaws.com"
+    ```
+
+### Get a Red Hat Offline Access Token
+
+1. Log into cloud.redhat.com
+
+2. Browse to https://cloud.redhat.com/openshift/token/rosa
+
+3. Copy the **Offline Access Token** and save it for the next step
+
+
+### Set up the OpenShift CLI (oc)
+
+1. Download the OS specific OpenShift CLI from [Red Hat](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/)
+
+2. Unzip the downloaded file on your local machine
+
+3. Place the extracted `oc` executable in your OS path or local directory
+
+
+### Set up the ROSA CLI
+
+1. Download the OS specific ROSA CLI from [Red Hat](https://www.openshift.com/products/amazon-openshift/download)
+
+2. Unzip the downloaded file on your local machine
+
+3. Place the extracted `rosa` and `kubectl` executables in your OS path or local directory
+
+4. Log in to ROSA
+
+  ```bash
+  rosa login
+  ```
+
+  You will be prompted to enter in the **Red Hat Offline Access Token** you retrieved earlier and should receive the following message
+
+  ```
+  Logged in as <email address> on 'https://api.openshift.com'
+  ```
+
+### Verify ROSA privileges
+
+Verify that ROSA has the minimal permissions
+
+  ```bash
+  rosa verify permissions
+  ```
+>Expected output: `AWS SCP policies ok`
+
+
+Verify that ROSA has the minimal quota
+
+  ```bash
+  rosa verify quota
+  ```
+>Expected output: `AWS quota ok`
+
+
+### Initialize ROSA
+
+Initialize the ROSA CLI to complete the remaining validation checks and configurations
+
+  ```bash
+  rosa init
+  ```
+
+## Deploy Red Hat OpenShift on AWS (ROSA)
+
+### Interactive Installation
+
+ROSA can be installed using command line parameters or in interactive mode.  For an interactive installation run the following command
+
+  ```bash
+  rosa create cluster --interactive --mode auto
+  ```
+
+  As part of the interactive install you will be required to enter the following parameters or accept the default values (if applicable)
+
+  ```
+  Cluster name:
+  Multiple availability zones (y/N):
+  AWS region: (select)
+  OpenShift version: (select)
+  Install into an existing VPC (y/N):
+  Compute nodes instance type (optional): (select)
+  Enable autoscaling (y/N):
+  Compute nodes [2]:
+  Additional Security Group IDs (optional): (select)
+  Machine CIDR [10.0.0.0/16]:
+  Service CIDR [172.30.0.0/16]:
+  Pod CIDR [10.128.0.0/14]:
+  Host prefix [23]:
+  Private cluster (y/N):
+  ```
+  >Note: the installation process should take between 30 - 45 minutes
+
+### Get the web console link to the ROSA cluster
+
+To get the web console link run the following command.
+
+>Substitute your actual cluster name for `<cluster-name>`
+
+  ```bash
+  rosa describe cluster --cluster=<cluster-name>
+  ```
+
+### Create cluster-admin user
+
+By default, only the OpenShift SRE team will have access to the ROSA cluster.  To add a local admin user, run the following command to create the `cluster-admin` account in your cluster.
+
+>Substitute your actual cluster name for `<cluster-name>`
+
+  ```bash
+  rosa create admin --cluster=<cluster-name>
+  ```
+>Refresh your web browser and you should see the `cluster-admin` option to log in
+
+## Delete Red Hat OpenShift on AWS (ROSA)
+
+Deleting a ROSA cluster consists of two parts
+
+1. Delete the cluster instance, including the removal of AWS resources.
+
+>Substitute your actual cluster name for `<cluster-name>`
+
+  ```bash
+  rosa delete cluster --cluster=<cluster-name>
+  ```
+  Delete Cluster's operator-roles and oidc-provider as shown in the above delete cluster command's output. For e.g.
+
+  ```bash
+  rosa delete operator-roles -c <cluster-name>
+  rosa delete oidc-provider -c <cluster-name>
+  ```
+
+2. Delete the CloudFormation stack, including the removal of the `osdCcsAdmin` user
+
+  ```bash
+  rosa init --delete-stack
+  ```
\ No newline at end of file
diff --git a/cloud_experts_tutorials/rosa-mobb-prerequisites-tutorial.adoc b/cloud_experts_tutorials/rosa-mobb-prerequisites-tutorial.adoc
new file mode 100644
index 000000000000..a1474b9faf81
--- /dev/null
+++ b/cloud_experts_tutorials/rosa-mobb-prerequisites-tutorial.adoc
@@ -0,0 +1,231 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-mobb-prerequisites-tutorial"]
+= Tutorial: ROSA prerequisites
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-mobb-prerequisites-tutorial
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-18
+//---
+//date: '2021-06-10'
+//title: ROSA Prerequisites
+//weight: 1
+//tags: ["AWS", "ROSA", "Quickstarts"]
+//authors:
+//  - Steve Mirman
+//  - Paul Czarkowski
+//---
+//This file is not being built as of 2023-09-22 based on a conversation with Michael McNeill.
+
+This document contains a set of prerequisites that must be run once before you can create your first ROSA cluster.
+
+== AWS
+
+An AWS account with the link:https://console.aws.amazon.com/rosa/home?#/get-started[AWS ROSA prerequisites] met.
+
+
+image::rosa-aws-pre.png[AWS console ROSA prequisites]
+
+== AWS CLI
+
+.MacOS
+
+* Install AWS CLI using the MacOS command line:
++
+[source,terminal]
+----
+$ curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
+$ sudo installer -pkg AWSCLIV2.pkg -target /
+----
++
+[NOTE]
+====
+See link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html[AWS Documentation] for alternative install options.
+====
+
+.Linux
+
+* Install AWS CLI using the Linux command line:
++
+[source,terminal]
+----
+$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+$ unzip awscliv2.zip
+$ sudo ./aws/install
+----
++
+[NOTE]
+====
+See link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html[AWS Documentation] for alternative install options.
+====
+
+.Windows
+
+* Install AWS CLI using the Windows command line:
++
+[source,terminal]
+----
+$ C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
+----
++
+[NOTE]
+====
+See link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html[AWS Documentation] for alternative install options.
+====
+
+////
+.Docker
+
+* To run the AWS CLI version 2 Docker image, use the docker run command:
++
+[source,terminal]
+----
+$ docker run --rm -it amazon/aws-cli command
+----
++
+[NOTE]
+====
+See link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-docker.html[AWS Documentation] for alternative install options.
+====
+////
+
+== Prepare AWS Account for OpenShift
+
+. Configure the AWS CLI by running:
++
+[source,terminal]
+----
+$ aws configure
+----
++
+. You will be required to enter an `AWS Access Key ID` and an `AWS Secret Access Key` along with a default region name and output format:
++
+[source,terminal]
+----
+$ aws configure
+----
++
+.Sample output
+[source,terminal]
+----
+AWS Access Key ID []:
+AWS Secret Access Key []:
+Default region name [us-east-2]:
+Default output format [json]:
+----
++
+The `AWS Access Key ID` and `AWS Secret Access Key` values can be obtained by logging in to the AWS console and creating an *Access Key* in the *Security Credentials* section of the IAM dashboard for your user.
++
+. Validate your credentials:
++
+[source,terminal]
+----
+$ aws sts get-caller-identity
+----
++
+You should receive output similar to the following:
++
+.Sample output
+[source,terminal]
+----
+{
+    "UserId": <your ID>,
+    "Account": <your account>,
+    "Arn": <your arn>
+}
+----
++
+. If this is a new AWS account that has never had a AWS Load Balancer (ALB) installed in it, run the following:
++
+[source,terminal]
+----
+$ aws iam create-service-linked-role --aws-service-name \
+    "elasticloadbalancing.amazonaws.com"
+----
+
+== Get a Red Hat Offline Access Token
+
+. Log into {cluster-manager-url}.
+. Navigate to link:https://cloud.redhat.com/openshift/token/rosa[OpenShift Cluster Manager API Token].
+. Copy the *Offline Access Token* and save it for the next step.
+
+
+== Set up the OpenShift CLI (oc)
+
+. Download the operating system specific OpenShift CLI from link:https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/[Red Hat].
+. Extract the downloaded file on your local machine.
+. Place the extracted `oc` executable in your operating system path or local directory.
+
+== Set up the ROSA CLI (rosa)
+
+. Download the operating system specific ROSA CLI from link:https://www.openshift.com/products/amazon-openshift/download[Red Hat].
+. Extract the downloaded file on your local machine.
+. Place the extracted `rosa` and `kubectl` executables in your operating system path or local directory.
+. Log in to ROSA:
++
+[source,terminal]
+----
+$ rosa login
+----
++
+You will be prompted to enter in the *Red Hat Offline Access Token* you retrieved earlier and should receive the following message:
++
+[source,terminal]
+----
+Logged in as <email address> on 'https://api.openshift.com'
+----
++
+. Verify that ROSA has the minimal quota:
++
+[source,terminal]
+----
+$ rosa verify quota
+----
++
+Expected output:
++
+[source,terminal]
+----
+AWS quota ok
+----
+
+== Associate your AWS account with your Red Hat account
+
+To perform ROSA cluster provisioning tasks, you must create `ocm-role` and `user-role` IAM resources in your AWS account and link them to your Red Hat organization.
+
+. Create the `ocm-role` which the OpenShift Cluster Manager will use to be able to administer and Create ROSA clusters. If this has already been done for your OpenShift Cluster Manager Organization, you can skip to creating the user-role:
++
+[TIP]
+====
+If you have multiple AWS accounts that you want to associate with your Red Hat Organization, you can use the `--profile` option to specify the AWS profile you want to associate.
+====
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode auto --yes
+----
++
+. Create the User Role that allows OpenShift Cluster Manager to verify that users creating a cluster have access to the current AWS account:
++
+[TIP]
+====
+If you have multiple AWS accounts that you want to associate with your Red Hat Organization, you can use the `--profile` option to specify the AWS profile you want to associate.
+====
++
+[source,terminal]
+----
+$ rosa create user-role --mode auto --yes
+----
++
+. Create the ROSA Account Roles which give the ROSA installer and machines permissions to perform actions in your account:
++
+[source,terminal]
+----
+$ rosa create account-roles --mode auto --yes
+----
+
+== Conclusion
+
+You are now ready to create your first cluster.
diff --git a/cloud_experts_tutorials/rosa-mobb-verify-permissions-sts-deployment.adoc b/cloud_experts_tutorials/rosa-mobb-verify-permissions-sts-deployment.adoc
new file mode 100644
index 000000000000..80d543002c0f
--- /dev/null
+++ b/cloud_experts_tutorials/rosa-mobb-verify-permissions-sts-deployment.adoc
@@ -0,0 +1,112 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-mobb-verify-permissions-sts-deployment"]
+= Tutorial: Verifying Permissions for a ROSA STS Deployment
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-mobb-verify-permissions-sts-deployment
+
+toc::[]
+
+// ---
+// date: '2022-10-04'
+// title: "Verify Permissions for ROSA STS Deployment"
+// authors:
+//   - Tyler Stacey
+//   - Kumudu Herath
+// tags: ["AWS", "ROSA", "STS"]
+// ---
+
+To proceed with the deployment of a ROSA cluster, an account must support the required roles and permissions.
+AWS Service Control Policies (SCPs) cannot block the API calls made by the installer or operator roles.
+
+Details about the IAM resources required for an STS-enabled installation of ROSA can be found here: xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for ROSA clusters that use STS]
+
+This guide is validated for ROSA v4.11.X.
+
+== Prerequisites
+
+* link:https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html[AWS CLI]
+* xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-get-started-cli[ROSA CLI] v1.2.6
+* link:https://stedolan.github.io/jq/[jq CLI]
+* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html[AWS role with required permissions]
+
+[id="verify-ROSA-permissions_{context}"]
+== Verifying ROSA permissions
+To verify the permissions required for ROSA, we can run the script included in the following section without ever creating any AWS resources.
+
+The script uses the `rosa`, `aws`, and `jq` CLI commands to create files in the working directory that will be used to verify permissions in the account connected to the current AWS configuration.
+
+The AWS Policy Simulator is used to verify the permissions of each role policy against the API calls extracted by `jq`; results are then stored in a text file appended with `.results`.
+
+This script is designed to verify the permissions for the current account and region.
+
+[id="usage-instructions_{context}"]
+== Usage Instructions
+
+. To use the script, run the following commands in a `bash` terminal (the -p option defines a prefix for the roles):
++
+[source,terminal]
+----
+$ mkdir scratch
+$ cd scratch
+$ cat << 'EOF' > verify-permissions.sh
+#!/bin/bash
+while getopts 'p:' OPTION; do
+  case "$OPTION" in
+    p)
+      PREFIX="$OPTARG"
+      ;;
+    ?)
+      echo "script usage: $(basename \$0) [-p PREFIX]" >&2
+      exit 1
+      ;;
+  esac
+done
+shift "$(($OPTIND -1))"
+rosa create account-roles --mode manual --prefix $PREFIX
+INSTALLER_POLICY=$(cat sts_installer_permission_policy.json | jq )
+CONTROL_PLANE_POLICY=$(cat sts_instance_controlplane_permission_policy.json | jq)
+WORKER_POLICY=$(cat sts_instance_worker_permission_policy.json | jq)
+SUPPORT_POLICY=$(cat sts_support_permission_policy.json | jq)
+simulatePolicy () {
+    outputFile="${2}.results"
+    echo $2
+    aws iam simulate-custom-policy --policy-input-list "$1" --action-names $(jq '.Statement | map(select(.Effect == "Allow"))[].Action | if type == "string" then . else .[] end' "$2" -r) --output text > $outputFile
+}
+simulatePolicy "$INSTALLER_POLICY" "sts_installer_permission_policy.json"
+simulatePolicy "$CONTROL_PLANE_POLICY" "sts_instance_controlplane_permission_policy.json"
+simulatePolicy "$WORKER_POLICY" "sts_instance_worker_permission_policy.json"
+simulatePolicy "$SUPPORT_POLICY" "sts_support_permission_policy.json"
+EOF
+$ chmod +x verify-permissions.sh
+$ ./verify-permissions.sh -p SimPolTest
+----
+
+. After the script completes, review each results file to ensure that none of the required API calls are blocked:
++
+[source,terminal]
+----
+$ for file in $(ls *.results); do echo $file; cat $file; done
+----
++
+The output will look similar to the following:
++
+[source,terminal]
+----
+sts_installer_permission_policy.json.results
+EVALUATIONRESULTS       autoscaling:DescribeAutoScalingGroups   allowed *
+MATCHEDSTATEMENTS       PolicyInputList.1       IAM Policy
+ENDPOSITION     6       195
+STARTPOSITION   17      3
+EVALUATIONRESULTS       ec2:AllocateAddress     allowed *
+MATCHEDSTATEMENTS       PolicyInputList.1       IAM Policy
+ENDPOSITION     6       195
+STARTPOSITION   17      3
+EVALUATIONRESULTS       ec2:AssociateAddress    allowed *
+MATCHEDSTATEMENTS       PolicyInputList.1       IAM Policy
+...
+----
++
+[NOTE]
+====
+If any actions are blocked, review the error provided by AWS and consult with your Administrator to determine if SCPs are blocking the required API calls.
+====
\ No newline at end of file
diff --git a/cloud_experts_tutorials/snippets b/cloud_experts_tutorials/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/cloud_experts_tutorials/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/contributing_to_docs/doc_guidelines.adoc b/contributing_to_docs/doc_guidelines.adoc
index 337cd36370e1..fac0b326a28c 100644
--- a/contributing_to_docs/doc_guidelines.adoc
+++ b/contributing_to_docs/doc_guidelines.adoc
@@ -1,6 +1,7 @@
 [id="contributing-to-docs-doc-guidelines"]
 = Documentation guidelines
 include::_attributes/common-attributes.adoc
+
 :toc: macro
 
 The documentation guidelines for OpenShift 4 build on top of the
@@ -35,7 +36,7 @@ In the Atom editor, you can use `Ctrl`+`J` to undo hard wrapping on a paragraph.
 Every assembly file should contain the following metadata at the top, with no line spacing in between, except where noted:
 
 ----
-:_content-type: ASSEMBLY                                        <1>
+:_mod-docs-content-type: ASSEMBLY                                        <1>
 [id="<unique-heading-for-assembly>"]                            <2>
 = Assembly title                                                <3>
 include::_attributes/common-attributes.adoc[]                   <4>
@@ -43,21 +44,26 @@ include::_attributes/common-attributes.adoc[]                   <4>
                                                                 <6>
 toc::[]                                                         <7>
 ----
-
-<1> The content type for the file. For assemblies, always use `:_content-type: ASSEMBLY`. Place this attribute before the anchor ID or, if present, the conditional that contains the anchor ID.
+<1> The content type for the file. For assemblies, always use `:_mod-docs-content-type: ASSEMBLY`. Place this attribute before the anchor ID or, if present, the conditional that contains the anchor ID.
 <2> A unique (within OpenShift docs) anchor ID for this assembly. Use lowercase. Example: cli-developer-commands
 <3> Human readable title (notice the `=` top-level header)
 <4> Includes attributes common to OpenShift docs.
 +
 [NOTE]
 ====
-The `{product-title}` and `{product-version}` common attributes are not defined in the `_attributes/common-attributes.adoc` file. Those attributes are pulled by AsciiBinder from the distro mapping definitions in the https://github.com/openshift/openshift-docs/blob/main/_distro_map.yml[_distro_map.yml] file. See xref:product-name-and-version[Product title and version] and xref:attribute-files[attribute files] for more information on this topic.
+* The `{product-title}` and `{product-version}` common attributes are not defined in the `_attributes/common-attributes.adoc` file. Those attributes are pulled by AsciiBinder from the distro mapping definitions in the https://github.com/openshift/openshift-docs/blob/main/_distro_map.yml[_distro_map.yml] file. See xref:product-name-and-version[Product title and version] and xref:attribute-files[attribute files] for more information on this topic.
+* If you use a variable in the title of the first assembly in a section, move the include attributes directive above the title in this assembly. Otherwise, the variable will not render correctly on access.redhat.com.
 ====
 +
 <5> Context used for identifying headers in modules that is the same as the anchor ID. Example: cli-developer-commands.
 <6> A blank line. You *must* have a blank line here before the toc.
 <7> The table of contents for the current assembly.
 
+[NOTE]
+====
+Do not use backticks or other markup in assembly or module headings. You can use backticks or other markup in the title for a block, such as a code block `.Example` or a table `.Description` title.
+====
+
 After the heading block and a single whitespace line, you can include any content for this assembly.
 
 [NOTE]
@@ -76,13 +82,13 @@ Every module should be placed in the modules folder and should contain the follo
 //
 // * list of assemblies where this module is included              <1>
 
-:_content-type: <TYPE>                                             <2>
+:_mod-docs-content-type: <TYPE>                                    <2>
 [id="<module-anchor>_{context}"]                                   <3>
 = Module title                                                     <4>
 ----
 
-<1> The content type for the file. Replace `<TYPE>` with the actual type of the module, `CONCEPT`, `REFERENCE`, or `PROCEDURE`. Place this attribute before the anchor ID or, if present, the conditional that contains the anchor ID.
-<2> List of assemblies in which this module is included.
+<1> List of assemblies in which this module is included.
+<2> The content type for the file. Replace `<TYPE>` with the actual type of the module, `CONCEPT`, `REFERENCE`, or `PROCEDURE`. Place this attribute before the anchor ID or, if present, the conditional that contains the anchor ID.
 <3> A module anchor with {context} that must be lowercase and must match the module's file name.
 <4> Human readable title. To ensure consistency in the results of the
 leveloffset values in include statements, you must use a level one heading
@@ -95,11 +101,16 @@ Example:
 //
 // * cli_reference/openshift_cli/developer-cli-commands.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cli-basic-commands_{context}"]
 = Basic CLI commands
 ----
 
+[NOTE]
+====
+Do not use backticks or other markup in assembly or module headings. You can use backticks or other markup in the title for a block, such as a code block `.Example` or a table `.Description` title.
+====
+
 [id="snippet-file-metadata"]
 == Text snippet file metadata
 Every text snippet should be placed in the `snippets/` folder and should contain the following metadata at the top:
@@ -113,11 +124,11 @@ Every text snippet should be placed in the `snippets/` folder and should contain
 //
 // * list of modules where this text snippet is included
 
-:_content-type: SNIPPET                               <3>
+:_mod-docs-content-type: SNIPPET                               <3>
 ----
 <1> List of assemblies in which this text snippet is included.
 <2> List of modules in which this text snippet is included.
-<3> The content type for the file. For snippets, always use `:_content-type: SNIPPET`. Place this attribute before the anchor ID, the conditional that contains the anchor ID, or the first line of body text.
+<3> The content type for the file. For snippets, always use `:_mod-docs-content-type: SNIPPET`. Place this attribute before the anchor ID, the conditional that contains the anchor ID, or the first line of body text.
 
 [NOTE]
 ====
@@ -133,21 +144,21 @@ Example:
 // * installing/installing_azure/installing-azure-default.adoc
 // * installing/installing_gcp/installing-gcp-default.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 In {product-title} version {product-version}, you can install a cluster on {cloud-provider-first} ({cloud-provider}) that uses the default configuration options.
 ----
 
 == Content type attributes
 
-Each `.adoc` file must contain a `:_content-type:` attribute in its metadata that indicates its file type. This information is used by some publication processes to sort and label files.
+Each `.adoc` file must contain a `:_mod-docs-content-type:` attribute in its metadata that indicates its file type. This information is used by some publication processes to sort and label files.
 
 Add the attribute from the following list that corresponds to your file type:
 
-* `:_content-type: ASSEMBLY`
-* `:_content-type: CONCEPT`
-* `:_content-type: PROCEDURE`
-* `:_content-type: REFERENCE`
-* `:_content-type: SNIPPET`
+* `:_mod-docs-content-type: ASSEMBLY`
+* `:_mod-docs-content-type: CONCEPT`
+* `:_mod-docs-content-type: PROCEDURE`
+* `:_mod-docs-content-type: REFERENCE`
+* `:_mod-docs-content-type: SNIPPET`
 
 Place the attribute in the file metadata. The following list describes the best attribute placement options:
 
@@ -184,6 +195,11 @@ ifdef::openshift-origin[]
 endif::[]
 ----
 
+[NOTE]
+====
+When backporting content that contains IBM-related attributes to `enterprise-4.13` and earlier branches, you might need to create manual cherry picks because IBM-related attributes names are not consistent with later release branches.
+====
+
 == Assembly/module file names
 
 Try to shorten the file name as much as possible _without_ abbreviating important terms that may cause confusion. For example, the `managing-authorization-policies.adoc` file name would be appropriate for an assembly titled "Managing Authorization Policies".
@@ -192,11 +208,6 @@ Try to shorten the file name as much as possible _without_ abbreviating importan
 
 If you create a directory with a multiple-word name, separate each word with an underscore, for example `backup_and_restore`.
 
-[NOTE]
-====
-Do not italicize user-replaced values. This guideline is an exception to the link:https://redhat-documentation.github.io/supplementary-style-guide/#user-replaced-values[_Red Hat supplementary style guide for product documentation_].
-====
-
 Do not create or rename a top-level directory in the repository and topic map without checking with the docs program manager first.
 
 Avoid creating two levels of subdirectories because the link:https://github.com/openshift/openshift-docs/issues/52149[breadcrumb bar on docs.openshift.com breaks]. If you have a valid use case for two levels of subdirectories, talk with your DPM/CS (and, for aligned teams, the OpenShift DPM) for approval before creating it.
@@ -251,6 +262,8 @@ Do not use "Overview" as a heading.
 
 Do not use backticks or other markup in assembly or module headings.
 
+Do not use special characters or symbols in titles. Symbols and special characters in titles can cause rendering errors in the HTML output.
+
 Use only one level 1 heading (`=`) in any file.
 
 === Discrete headings
@@ -371,12 +384,12 @@ For more information about creating concept modules, see the
 link:https://redhat-documentation.github.io/modular-docs/#creating-concept-modules[_Red Hat modular docs reference guide_] and the link:https://raw.githubusercontent.com/redhat-documentation/modular-docs/master/modular-docs-manual/files/TEMPLATE_CONCEPT_concept-explanation.adoc[concept template].
 
 == Writing procedures
-A _procedure_ contains the steps that users follow to complete a process or task. Procedures contain ordered steps and explicit commands. In most cases, create your procedures as individual modules and include them in appropriate assemblies.
+A _procedure_ contains the steps that users follow to complete a single process or task. Procedures contain ordered steps and explicit commands. In most cases, create your procedures as individual modules and include them in appropriate assemblies.
 
 Use a gerund in the procedure title, such as "Creating".
 
 For more information about writing procedures, see the
-link:https://redhat-documentation.github.io/modular-docs/#creating-procedure-modules[_Red Hat modular docs reference guide_] and the link:https://raw.githubusercontent.com/redhat-documentation/modular-docs/master/modular-docs-manual/files/TEMPLATE_PROCEDURE_doing-one-procedure.adoc[procedure template].
+link:https://redhat-documentation.github.io/modular-docs/#con-creating-procedure-modules_writing-mod-docs[_Red Hat modular docs reference guide_] and the link:https://raw.githubusercontent.com/redhat-documentation/modular-docs/master/modular-docs-manual/files/TEMPLATE_PROCEDURE_doing-one-procedure.adoc[procedure template].
 
 [NOTE]
 ====
@@ -387,6 +400,11 @@ When needed, use `.Prerequisites`, `.Next steps`, or `.Additional resources` syn
 == Writing text snippets
 A _text snippet_ is an optional component that lets you reuse content in multiple modules and assemblies. Text snippets are not a substitute for modules but instead are a more granular form of content reuse. While a module is content that a reader can understand on its own (like an article) or as part of a larger body of work (like an assembly), a text snippet is not self-contained and is not intended to be published or cross referenced on its own.
 
+[IMPORTANT]
+====
+Only include entire snippets in an assembly or module. Including link:https://docs.asciidoctor.org/asciidoc/latest/directives/include-lines/[lines by content ranges] can lead to content errors when the included file is subsequently updated and is not permitted.
+====
+
 In the context of modules and assemblies, text snippets do not include headings or anchor IDs. Text snippets also cannot contain xrefs. This type of component is text only. Examples include the following:
 
 * Admonitions that appear in multiple modules.
@@ -488,22 +506,22 @@ possible values for `{product-title}` and `{product-version}`, depending on the
 |`openshift-origin`
 |OKD
 a|* 3.6, 3.7, 3.9, 3.10, 3.11
-* 4.8, 4.9, 4.10, 4.11, 4.12, 4.13
+* 4.8, 4.9, 4.10, 4.11, 4.12, 4.13, 4.14
 * 4 for the `latest/` build from the `main` branch
 
 |`openshift-enterprise`
 |OpenShift Container Platform
 a|* 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7, 3.9, 3.10, 3.11
-* 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, 4.13, 4.14
+* 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, 4.13, 4.14, 4.15
 
 |`openshift-dedicated`
 |OpenShift Dedicated
-a|* No value set for the latest `dedicated/` build from the `enterprise-4.13` branch
+a|* No value set for the latest `dedicated/` build from the `enterprise-4.14` branch
 * 3 for the `dedicated/3` build from the `enterprise-3.11` branch
 
 |`openshift-rosa`
 |Red Hat OpenShift Service on AWS
-|No value set for the `rosa/` build from the `enterprise-4.13` branch
+|No value set for the `rosa/` build from the `enterprise-4.14` branch
 
 |`openshift-online`
 |OpenShift Online
@@ -537,6 +555,28 @@ If it makes more sense in context to refer to the major version of the product i
 Other common attribute values are defined in the `_attributes/common-attributes.adoc` file. Where possible, generalize references to those values by using the common attributes. For example, use `{cluster-manager-first}` to refer to Red Hat OpenShift Cluster Manager. If you need to add an attribute to the `_attributes/common-attributes.adoc` file, open a pull request to add it to the attribute list. Do not create a separate attributes file without first consulting the docs team.
 ====
 
+[id="third-party-vendor-product-names"]
+== Third-party vendor product names
+
+Red Hat integrates with many third-party vendor products. For certain integrated products, third-party vendor staff might have access to certain Red Hat resources and be contactable within Red Hat. On other occasions, common open-source products might be widely used across IT infrastructure providers, so Red Hat might not have direct contacts to organizations that own these products.
+
+Depending on the third-party vendor's requirements, you might need to add a registered trademark symbol to all of the vendor's product names or only on the first occurence of referencing the product name in an assembly, a module, or a document.
+
+Choose any of the following sources for clarification on using the symbol for a specific third-party vendor product name:
+
+* Visit the third-party vendor's website and contact them directly.
+* Contact internal Red Hat product teams or integrated third-party vendor teams.
+* Contact the Red Hat Legal team. Only consider this option when the other two options did not provide clear context for your query.
+
+[IMPORTANT]
+====
+Do not use Asciidoctor character replacement substitutions, which rely on a Unicode code point such as _&#174;_, to set the registered symbol in an Asciidoc file. Instead use _(R)_ beside the product name. For example, `IBM(R) LinuxONE`.
+
+Do not apply any superscript, such as `(R)`, or subscript formatting to module or assembly headings.
+====
+
+For more information about contacting the Red Hat's Legal team, see link:https://source.redhat.com/departments/legal/redhatintellectualproperty/trademarks/trademarks_and_domain_names_wiki/copyright_notices_and_trademark_legends[Copyright Notices and Trademark Legends] on the The Source.
+
 //CANARY
 [id="conditional-content"]
 == Conditional content
@@ -691,6 +731,7 @@ In OpenShift docs:
 * All links to internal content is created using `xref` and **must have an anchor ID**.
 * Only use `xref` in assemblies, not in modules.
 * All links to external websites are created using `link`.
+* Links between different distros, such as from ROSA to OpenShift Container Platform, are external links and not cross-references. These external links use `link` instead of `xref` and need to be in distro-specific files or conditionalized to apply to the relevant distros.
 
 [IMPORTANT]
 ====
@@ -863,10 +904,7 @@ Comment out the callout in the YAML file to ensure that file can still be parsed
 Asciidoctor recognises the commented callout and renders it correctly in the output.
 For example:
 
-[source,yaml]
-----
-apiVersion: v1 # <1>
-----
+`apiVersion: v1 # <1>`
 
 [discrete]
 === Version and upgrade implications
@@ -910,7 +948,7 @@ To indicate that a feature is deprecated, include the `modules/deprecated-featur
 For more information on how this is applied, see link:https://github.com/openshift/openshift-docs/pull/31776/files[this example PR].
 
 == Verification of your content
-All documentation changes must be verified by a QE team associate before merging. This includes executing all "Procedure" changes and confirming expected results. There are exceptions for typo-level changes, formatting-only changes, and other negotiated documentation sets and distributions.
+All documentation changes that update or add technical content must be verified by a QE team associate before merging. This QE verification process includes executing all procedures, confirming expected results, and confirming the accuracy of conceptual and reference content. The only exceptions are for typo-level changes, formatting-only changes, and other negotiated documentation sets and distributions.
 
 If a documentation change is due to a Bugzilla bug or Jira issue, the bug/issue should be put on ON_QA when you have a PR ready. After QE approval is given (either in the bug/issue or in the PR), the QE associate should move the bug/issue status to VERIFIED, at which point the associated PR can be merged. It is also ok for the assigned writer to change the status of the bug/issue to VERIFIED if approval for the changes has been provided in another forum (slack, PR, or email). The writer should indicate that the QE team approved the change as a comment in the bug/issue.
 
@@ -998,16 +1036,17 @@ You can use backticks or other markup in the title for a block, such as a code b
 
 === Code blocks, command syntax, and example output
 
-Code blocks are generally used to show examples of command syntax, example
-screen output, and configuration files.
+Code blocks are generally used to show examples of command syntax, example screen output, and configuration files.
 
-The main distinction between showing command syntax and a command example is
-that a command syntax shows readers how to use the command without real values.
-An example command, however, shows the command with actual values with an
-example output of that command, where applicable.
+//redundant with 1080
+The main distinction between showing command syntax and a command example is that a command syntax shows readers how to use the command without real values. An example command, however, shows the command with actual values with an example output of that command, where applicable.
 
+[[use-source-terminal]]
+==== Source tags for terminal commands and output
+* Use `[source,terminal]` for `oc` commands or any terminal commands to enable syntax highlighting. If you are also showing a code block for the output of the command, use `[source,terminal]` for that code block as well. Separate a command and its related example output into individual code blocks. See <<single-command-per-code-block>>.
++
 For example:
-
++
 ....
 In the following example, the `oc get` operation returns a complete list of services that are currently defined:
 
@@ -1025,7 +1064,7 @@ kubernetes-ro       component=apiserver,provider=kubernetes   <none>
 docker-registry     <none>                                    name=registrypod    172.30.17.158       5001
 ----
 ....
-
++
 This renders as:
 
 > In the following example, the `oc get` operation returns a complete list of services that are currently defined:
@@ -1042,26 +1081,86 @@ This renders as:
 > docker-registry     <none>                                    name=registrypod    172.30.17.158       5001
 > ----
 
-The following guidelines go into more detail about specific requirements and
-recommendations when using code blocks:
+* Any `[source]` metadata must go on the line directly before the code block. Also, do not insert a space in between the `[source]` tag and the metadata.
+//Context: https://github.com/openshift/openshift-docs/pull/64373
++
+For example:
++
+....
 
-* If a step in a procedure is to run a command, make sure that the step
-text includes an explicit instruction to "run" or "enter" the command. In most cases,
-use one of the following patterns to introduce the code block:
+[source,terminal]
+----
+$ oc get se
+----
+
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Scheduler
+metadata:
+  name: cluster
+# ...
+spec:
+  defaultNodeSelector: node-role.kubernetes.io/app=
+# ...
+----
+....
+
+* For Bash "here" documents use `[source,terminal]`, such as the following example:
++
+....
+[source,terminal]
+----
+$ cat <<EOF| oc create -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mlistener
+  labels:
+    app: multicast-verify
+EOF
+----
+....
++
+[NOTE]
+====
+For bash scripts, use `[source,bash]`. For example:
+[source,bash]
+----
+#!/bin/bash
+
+# optional argument handling
+if [[ "$1" == "config" ]]
+then
+    echo $KUBECONFIG
+    exit 0
+fi
+
+echo "I am a plugin named kubectl-test"
+----
+====
+
+The following guidelines go into more detail about specific requirements and recommendations when using code blocks:
+
+[[step-with-command]]
+==== Procedure step that introduces a command
+If a step in a procedure is to run a command, make sure that the step text includes an explicit instruction to "run" or "enter" the command. In most cases, use one of the following patterns to introduce the code block:
 
 ** <Step description> by running the following command:
 ** <Step description> by entering the following command:
 ** <Step description>, run the following command:
 ** <Step description>, enter the following command:
 
-* Do NOT use any markup in code blocks; code blocks generally do not accept any markup.
+[[no-markup-codeblock]]
+==== No markup in code blocks
+Do NOT use any markup in code blocks; code blocks generally do not accept any markup.
+
+[[empty-line-before-codeblock]]
+==== Empty line before code blocks
+For all code blocks, you must include an empty line above a code block (unless that line is introducing block metadata, such as `[source,terminal]` for syntax highlighting).
 
-* For all code blocks, you must include an empty line above a code block (unless
-that line is introducing block metadata, such as `[source,terminal]` for syntax
-highlighting).
-+
 Acceptable:
-+
+
 ....
 Lorem ipsum
 
@@ -1069,43 +1168,36 @@ Lorem ipsum
 $ lorem.sh
 ----
 ....
-+
+
 Not acceptable:
-+
+
 ....
 Lorem ipsum
 ----
 $ lorem.sh
 ----
 ....
-+
-Without the line spaces, the content is likely to be not parsed correctly.
 
-* Use `[source,terminal]` for `oc` commands or any terminal commands to enable
-syntax highlighting. Any `[source]` metadata must go on the line directly before
-the code block. For example:
-+
-....
-[source,terminal]
-----
-$ oc get nodes
-----
-....
-+
-If you are also showing a code block for the output of the command, use
-`[source,terminal]` for that code block as well.
+Without the line spaces, the content is likely to be not parsed correctly.
 
-* Use source tags for the programming language used in the code block to enable
-syntax highlighting. For example:
+[[source-tags-for-programming-language]]
+==== Source tags for programming languages
+Use source tags for the programming language used in the code block to enable syntax highlighting. For example:
 
 ** `[source,yaml]`
 ** `[source,go]`
 ** `[source,javascript]`
 ** `[source,jsx]`
+** `[source,bash]`
+
+[[single-command-per-code-block]]
+==== Single command per code block
+Do not use more than one command per code block.
+
+When commands are bunched together, the copy to clipboard functionality might not break the lines up correctly. Using single command per code block makes it copy-and-paste friendly.
+
+For example, the following must be split up into three separate code blocks:
 
-* Do not use more than one command per code block. For example, the following must
-be split up into three separate code blocks:
-+
 ....
 To create templates you can modify, run the following commands:
 
@@ -1125,51 +1217,17 @@ $ oc adm create-error-template > errors.html
 ----
 ....
 
-* If your command contains multiple lines and uses callout annotations, you must comment out the callout(s) in the codeblock, as shown in the following example:
-+
-....
-To scale based on the percent of CPU utilization, create a `HorizontalPodAutoscaler` object for an existing object:
+[[command-syntax-replaceable-values]]
+==== Command syntax for replaceable values
+To mark up command syntax, use the code block and wrap any replaceable values in angle brackets (`<>`) with the required command parameter, using underscores (`_`) between words as necessary for legibility.
 
-[source,terminal]
-----
-$ oc autoscale <object_type>/<name> \// <1>
-  --min <number> \// <2>
-  --max <number> \// <3>
-  --cpu-percent=<percent> <4>
-----
-<1> Specify the type and name of the object to autoscale.
-<2> Optional: Specify the minimum number of replicas when scaling down.
-<3> Specify the maximum number of replicas when scaling up.
-<4> Specify the target average CPU utilization over all the pods, represented as a percent of requested CPU.
-....
-
-* Separate a command and its related example output into individual code blocks.
-This allows the command to be easily copied using the button on
-+++docs.openshift.com+++.
-+
-In addition, prepend the code block for the output with the title `.Example output`
-to make it consistently clear across the docs when this is being represented. A
-lead-in sentence explaining the example output is optional. For example:
-+
-....
-Use the `oc new-project` command to create a new project:
-
-[source,terminal]
-----
-$ oc new-project my-project
-----
-
-The output verifies that a new project was created:
+[IMPORTANT]
+====
+Do not italicize user-replaced values. This guideline is an exception to the link:https://redhat-documentation.github.io/supplementary-style-guide/#user-replaced-values[_Red Hat supplementary style guide for product documentation_].
+====
 
-.Example output
-[source,terminal]
-----
-Now using project "my-project" on server "https://openshift.example.com:6443".
-----
-....
+For example:
 
-* To mark up command syntax, use the code block and wrap any replaceable values in angle brackets (`<>`) with the required command parameter, using underscores (`_`) between words as necessary for legibility. Do not italicize user-replaced values. For example:
-+
 ....
 To view a list of objects for the specified object type, enter the following command:
 
@@ -1178,9 +1236,9 @@ To view a list of objects for the specified object type, enter the following com
 $ oc get <object_type> <object_id>
 ----
 ....
-+
+
 This renders as:
-+
+
 --
 > To view a list of objects for the specified object type, enter the following command:
 >
@@ -1188,9 +1246,11 @@ This renders as:
 > $ oc get <object_type> <object_id>
 > ----
 --
-+
+
 NOTE: Avoid using full command syntax inline with sentences.
 
+[[resource-names-oc-commands]]
+==== Resource names in oc commands
 * When you specify link:https://kubernetes.io/docs/reference/kubectl/#resource-types[resource names] in `oc` commands, use the full name of the resource type by default. You can use the abbreviation of the resource type name if it improves readability, such as with very long commands, or to be consistent with existing content in the same assembly.
 +
 For example, use `namespaces` instead of `ns` and `poddisruptionbudgets` instead of `pdb`.
@@ -1222,8 +1282,20 @@ The following example shows a more complex use of user-chosen elements and presc
 <resource_group_name>/providers/Microsoft.Compute/diskEncryptionSets/<disk_encryption_set_name>
 ....
 
-* If you must provide additional information on what a line of a code block
-represents, use callouts (`<1>`, `<2>`, etc.) to provide that information.
+[[backslash-for-long-code-line]]
+==== Backslash for long lines of code
+For long lines of code that you want to break up among multiple lines, use a backslash to show the line break. For example:
+
+----
+$ oc get endpoints --all-namespaces --template \
+    '{{ range .items }}{{ .metadata.namespace }}:{{ .metadata.name }} \
+    {{ range .subsets }}{{ range .addresses }}{{ .ip }} \
+    {{ end }}{{ end }}{{ "\n" }}{{ end }}' | awk '/ 172\.30\./ { print $1 }'
+----
+
+[[callouts-in-codeblocks]]
+==== Callouts in code blocks
+* If you must provide additional information on what a line of a code block represents, use callouts (`<1>`, `<2>`, etc.) to provide that information.
 +
 Use this format when embedding callouts into the code block:
 +
@@ -1237,11 +1309,29 @@ code example 2 <2>
 <2> A note about the second example value.
 ....
 
-* If you must provide additional information on what a line of a code block
-represents and the use of callouts is impractical, you can use a description list
-to provide information about the variables in the code block. Using callouts
-might be impractical if a code block contains too many conditional statements to
-easily use numbered callouts or if the same note applies to multiple lines of the codeblock.
+* If your command contains multiple lines and uses callout annotations, you must comment out the callout(s) in the codeblock, as shown in the following example:
++
+
+To scale based on the percent of CPU utilization, create a `HorizontalPodAutoscaler` object for an existing object:
++
+[subs=-callouts]
+....
+[source,terminal]
+----
+$ oc autoscale <object_type>/<name> \// <1>
+  --min <number> \// <2>
+  --max <number> \// <3>
+  --cpu-percent=<percent> <4>
+----
+<1> Specify the type and name of the object to autoscale.
+<2> Optional: Specify the minimum number of replicas when scaling down.
+<3> Specify the maximum number of replicas when scaling up.
+<4> Specify the target average CPU utilization over all the pods, represented as a percent of requested CPU.
+....
+
+* If you must provide additional information on what a line of a code block represents and the use of callouts is impractical, you can use a description list to provide information about the variables in the code block. Using callouts might be impractical if a code block contains too many conditional statements to easily use numbered callouts or if the same note applies to multiple lines of the codeblock.
++
+Be sure to introduce the description list with "where:" and start each variable description with "Specifies."
 +
 ....
 ----
@@ -1255,26 +1345,29 @@ where:
 <variable_2>:: Specifies the explanation of the first variable.
 ....
 +
-Be sure to introduce the description list with "where:" and start each variable
-description with "Specifies."
-
-* For long lines of code that you want to break up among multiple lines, use a
-backslash to show the line break. For example:
+For example:
 +
+....
+[source,terminal]
 ----
-$ oc get endpoints --all-namespaces --template \
-    '{{ range .items }}{{ .metadata.namespace }}:{{ .metadata.name }} \
-    {{ range .subsets }}{{ range .addresses }}{{ .ip }} \
-    {{ end }}{{ end }}{{ "\n" }}{{ end }}' | awk '/ 172\.30\./ { print $1 }'
+$ oc annotate route <route_name> router.openshift.io/cookie_name="<cookie_name>"
 ----
++
+where:
+
+`<route_name>`:: Specifies the name of the route.
+`<cookie_name>`:: Specifies the name for the cookie.
+....
 
+[[signs-symbols-in-codeblocks]]
+==== Signs and symbols in code blocks
 * If the user must run a command as root, use a number sign (`#`) at the start of the command instead of a dollar sign (`$`). For example:
 +
 ----
 # subscription-manager list
 ----
 
-* For snippets or sections of a file, use an ellipsis (`...` or `# ...` for YAML) to show that the file continues before or after the quoted block.
+* For snippets or sections of a file, use an ellipsis (`...`) to show that the file continues before or after the quoted block. For YAML, use ('#...') instead.
 +
 ----
 apiVersion: v1
@@ -1297,50 +1390,21 @@ Taints:             node-role.kubernetes.io/infra:NoSchedule
 +
 Do not use `[...]`, `<snip>`, or any other variant.
 
-* Do not use `jq` in commands (unless it is truly required), because this requires users to install the `jq` tool. Oftentimes, the same or similar result can be accomplished using `jsonpath` for `oc` commands.
-+
+[[jq-commands]]
+==== Commands with jq
+Do not use `jq` in commands (unless it is truly required), because this requires users to install the `jq` tool. Oftentimes, the same or similar result can be accomplished using `jsonpath` for `oc` commands.
+
 For example, this command that uses `jq`:
-+
+
 ----
 $ oc get clusterversion -o json|jq ".items[0].spec"
 ----
-+
-can be updated to use `jsonpath` instead:
-+
-----
-$ oc get clusterversion -o jsonpath='{.items[0].spec}{"\n"}'
-----
 
-* For Bash "here" documents use `[source,terminal]`, such as the following example:
-+
-....
-[source,terminal]
-----
-$ cat <<EOF| oc create -f -
-apiVersion: v1
-kind: Pod
-metadata:
-  name: mlistener
-  labels:
-    app: multicast-verify
-EOF
-----
-....
+can be updated to use `jsonpath` instead:
 
-* For the output of commands use `[source,text]`, such as with the following example output from the `oc describe <pural> <object>` command:
-+
-....
-[source,text]
 ----
-Name:               node1.example.com
-Roles:              worker
-Labels:             kubernetes.io/arch=amd64
-...
-Annotations:        cluster.k8s.io/machine: openshift-machine-api/ahardin-worker-us-east-2a-q5dzc
-...
-CreationTimestamp:  Wed, 13 Feb 2019 11:05:57 -0500
+$ oc get clusterversion -o jsonpath='{.items[0].spec}{"\n"}'
 ----
-....
 
 === YAML formatting for Kubernetes and OpenShift API objects
 The following formatting guidelines apply to YAML manifests, but do not apply to the installation configuration YAML specified by `install-config.yaml`.
@@ -1386,7 +1450,7 @@ spec:
       protocol: TCP
 ----
 
-==== Formatting
+==== YAML formatting
 The following conventions govern the layout of YAML for API objects:
 
 - Begin YAML at the beginning of the left margin.
@@ -1677,6 +1741,14 @@ Nest admonitions when using the `collapsible` option.
 |password
 |===
 
+[IMPORTANT]
+====
+Do not use a password format that matches the format of a real password. Documenting such a password format can cause the following issues:
+
+* Indicates that Red Hat publicly exposes sensitive data in their documentation.
+* Leads to additional security incidents that the Information Security, InfoSec, team must investigate. Such security incidents, although minor, can impact the InfoSec team's resources and potentially delay them from focusing on actual security incidents.
+====
+
 .Projects and applications
 [option="header"]
 |===
@@ -1697,8 +1769,8 @@ The following guidelines apply to all "Additional resources" sections:
 
 * You must include the `[role="_additional-resources"]` attribute declaration before the section heading.
 * You must not include paragraphs in the section. Use an unordered list.
-* The links and xrefs in the unordered list must contain human-readable text between the square brackets.
-* Each item in the unordered list must contain a minimum of text besides the link or xref.
+* The links and xrefs in the unordered list must contain minimal-length, human-readable text between the square brackets. This text is often the title of the linked page.
+* You must not include text outside of the square brackets.
 
 Additionally, in an assembly, use `==` formatting for the section heading (`== Additional resources`). Use of this heading syntax at the assembly level indicates that the sections relate to the whole assembly. For example:
 
@@ -1706,9 +1778,9 @@ Additionally, in an assembly, use `==` formatting for the section heading (`== A
 [role="_additional-resources"]
 [id="additional-resources_configuring-alert-notifications"]
 == Additional resources
-* link:some-url.com[Human readable label]
-* xref:some_xref[Human readable label]
-* xref:some_other_xref[Human readable label]
+* link:example.com[IANA example domain for documentation]
+* xref:../installation/installing-the-product.adoc#installing-the-product[Installing the product]
+* xref:../configuration/product-settings.adoc#installation-parameters_product-settings[Product installation configuration parameters]
 ----
 
 Only use `.` formatting (`.Additional resources`) in a module or to follow a module in an assembly. Because you cannot use the xrefs in modules, this functions as a _trailing include_ at the assembly level, where the `.` formatting of the `include` statement indicates that the resource applies specifically to the module and not to the assembly. For example:
@@ -1716,9 +1788,9 @@ Only use `.` formatting (`.Additional resources`) in a module or to follow a mod
 ----
 [role="_additional-resources"]
 .Additional resources
-* link:some-url.com[Human readable label]
-* xref:some_xref[Human readable label]
-* xref:some_other_xref[Human readable label]
+* link:example.com[IANA example domain for documentation]
+* xref:../installation/installing-the-product.adoc#installing-the-product[Installing the product]
+* xref:../configuration/product-settings.adoc#installation-parameters_product-settings[Product installation configuration parameters]
 ----
 
 == Admonitions
diff --git a/distr_tracing/distr_tracing_arch/distr-tracing-architecture.adoc b/distr_tracing/distr_tracing_arch/distr-tracing-architecture.adoc
index ff905a8f4c22..50862cf9a1f1 100644
--- a/distr_tracing/distr_tracing_arch/distr-tracing-architecture.adoc
+++ b/distr_tracing/distr_tracing_arch/distr-tracing-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="distr-tracing-architecture"]
 = Distributed tracing architecture
 include::_attributes/common-attributes.adoc[]
@@ -22,3 +22,9 @@ include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
 include::modules/distr-tracing-features.adoc[leveloffset=+1]
 
 include::modules/distr-tracing-architecture.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_distributed-tracing-architecture"]
+== Additional resources
+
+* xref:../../otel/otel-release-notes.adoc[{OTELName}]
diff --git a/distr_tracing/distr_tracing_arch/images b/distr_tracing/distr_tracing_arch/images
index e4c5bd02a10a..847b03ed0541 120000
--- a/distr_tracing/distr_tracing_arch/images
+++ b/distr_tracing/distr_tracing_arch/images
@@ -1 +1 @@
-../images/
\ No newline at end of file
+../../images/
\ No newline at end of file
diff --git a/distr_tracing/distr_tracing_arch/modules b/distr_tracing/distr_tracing_arch/modules
index 43aab75b53c9..36719b9de743 120000
--- a/distr_tracing/distr_tracing_arch/modules
+++ b/distr_tracing/distr_tracing_arch/modules
@@ -1 +1 @@
-../modules/
\ No newline at end of file
+../../modules/
\ No newline at end of file
diff --git a/distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc b/distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc
deleted file mode 100644
index dd2a9dfb445f..000000000000
--- a/distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+++ /dev/null
@@ -1,94 +0,0 @@
-:_content-type: ASSEMBLY
-[id="distr-tracing-deploying"]
-= Configuring and deploying distributed tracing
-include::_attributes/common-attributes.adoc[]
-:context: deploying-distr-tracing-platform
-
-toc::[]
-
-The {JaegerName} Operator uses a custom resource definition (CRD) file that defines the architecture and configuration settings to be used when creating and deploying the {JaegerShortName} resources. You can either install the default configuration or modify the file to better suit your business requirements.
-
-{JaegerName} has predefined deployment strategies. You specify a deployment strategy in the custom resource file. When you create a {JaegerShortName} instance the Operator uses this configuration file to create the objects necessary for the deployment.
-
-.Jaeger custom resource file showing deployment strategy
-[source,yaml]
-----
-apiVersion: jaegertracing.io/v1
-kind: Jaeger
-metadata:
-  name: MyConfigFile
-spec:
-  strategy: production <1>
-----
-
-<1> The {JaegerName} Operator currently supports the following deployment strategies:
-
-* *allInOne* (Default) - This strategy is intended for development, testing, and demo purposes; it is not intended for production use. The main backend components, Agent, Collector, and Query service, are all packaged into a single executable which is configured, by default. to use in-memory storage.
-+
-[NOTE]
-====
-In-memory storage is not persistent, which means that if the {JaegerShortName} instance shuts down, restarts, or is replaced, that your trace data will be lost. And in-memory storage cannot be scaled, since each pod has its own memory. For persistent storage, you must use the `production` or `streaming` strategies, which use Elasticsearch as the default storage.
-====
-
-* *production* - The production strategy is intended for production environments, where long term storage of trace data is important, as well as a more scalable and highly available architecture is required. Each of the backend components is therefore deployed separately. The Agent can be injected as a sidecar on the instrumented application. The Query and Collector services are configured with a supported storage type - currently Elasticsearch. Multiple instances of each of these components can be provisioned as required for performance and resilience purposes.
-
-* *streaming* - The streaming strategy is designed to augment the production strategy by providing a streaming capability that effectively sits between the Collector and the Elasticsearch backend storage. This provides the benefit of reducing the pressure on the backend storage, under high load situations, and enables other trace post-processing capabilities to tap into the real time span data directly from the streaming platform (https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/html/using_amq_streams_on_openshift/index[AMQ Streams]/ https://kafka.apache.org/documentation/[Kafka]).
-+
-[NOTE]
-====
-The streaming strategy requires an additional Red Hat subscription for AMQ Streams.
-====
-
-[NOTE]
-====
-The streaming deployment strategy is currently unsupported on {ibmzProductName}.
-====
-
-[NOTE]
-====
-There are two ways to install and use {DTProductName}, as part of a service mesh or as a stand alone component. If you have installed {DTShortName} as part of {SMProductName}, you can perform basic configuration as part of the xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[ServiceMeshControlPlane] but for completely control you should configure a Jaeger CR and then xref:../../service_mesh/v2x/ossm-observability.html#ossm-config-external-jaeger_observability[reference your distributed tracing configuration file in the ServiceMeshControlPlane].
-
-====
-
-include::modules/distr-tracing-deploy-default.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-deploy-production-es.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-deploy-streaming.adoc[leveloffset=+1]
-
-[id="validating-your-jaeger-deployment"]
-== Validating your deployment
-
-include::modules/distr-tracing-accessing-jaeger-console.adoc[leveloffset=+2]
-
-[id="customizing-your-deployment"]
-== Customizing your deployment
-
-include::modules/distr-tracing-deployment-best-practices.adoc[leveloffset=+2]
-
-ifdef::openshift-enterprise,openshift-dedicated[]
-For information about configuring persistent storage, see xref:../../storage/understanding-persistent-storage.adoc[Understanding persistent storage] and the appropriate configuration topic for your chosen storage option.
-endif::[]
-
-include::modules/distr-tracing-config-default.adoc[leveloffset=+2]
-
-include::modules/distr-tracing-config-jaeger-collector.adoc[leveloffset=+2]
-
-//include::modules/distr-tracing-config-otel-collector.adoc[leveloffset=+2]
-
-include::modules/distr-tracing-config-sampling.adoc[leveloffset=+2]
-
-include::modules/distr-tracing-config-storage.adoc[leveloffset=+2]
-
-include::modules/distr-tracing-config-query.adoc[leveloffset=+2]
-
-include::modules/distr-tracing-config-ingester.adoc[leveloffset=+2]
-
-[id="injecting-sidecars"]
-== Injecting sidecars
-
-{JaegerName} relies on a proxy sidecar within the application's pod to provide the agent. The {JaegerName} Operator can inject Agent sidecars into Deployment workloads. You can enable automatic sidecar injection or manage it manually.
-
-include::modules/distr-tracing-sidecar-automatic.adoc[leveloffset=+2]
-
-include::modules/distr-tracing-sidecar-manual.adoc[leveloffset=+2]
diff --git a/distr_tracing/distr_tracing_install/distr-tracing-deploying-otel.adoc b/distr_tracing/distr_tracing_install/distr-tracing-deploying-otel.adoc
deleted file mode 100644
index e1e19f61dc1e..000000000000
--- a/distr_tracing/distr_tracing_install/distr-tracing-deploying-otel.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: ASSEMBLY
-[id="distr-tracing-deploying-otel"]
-= Configuring and deploying distributed tracing data collection
-include::_attributes/common-attributes.adoc[]
-:context: deploying-distr-tracing-data-collection
-
-toc::[]
-
-The {OTELName} Operator uses a custom resource definition (CRD) file that defines the architecture and configuration settings to be used when creating and deploying the {OTELName} resources. You can either install the default configuration or modify the file to better suit your business requirements. 
-
-include::modules/distr-tracing-config-otel-collector.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_install/distr-tracing-installing.adoc b/distr_tracing/distr_tracing_install/distr-tracing-installing.adoc
deleted file mode 100644
index 9a64b8c418e9..000000000000
--- a/distr_tracing/distr_tracing_install/distr-tracing-installing.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-distributed-tracing"]
-= Installing distributed tracing
-include::_attributes/common-attributes.adoc[]
-:context: install-distributed-tracing
-
-toc::[]
-
-You can install {DTProductName} on {product-title} in either of two ways:
-
-* You can install {DTProductName} as part of {SMProductName}. Distributed tracing is included by default in the Service Mesh installation. To install {DTProductName} as part of a service mesh, follow the xref:../../service_mesh/v2x/preparing-ossm-installation.adoc#preparing-ossm-installation[Red Hat Service Mesh Installation] instructions. You must install {DTProductName} in the same namespace as your service mesh, that is, the `ServiceMeshControlPlane` and the {DTProductName} resources must be in the same namespace.
-
-* If you do not want to install a service mesh, you can use the {DTProductName} Operators to install {DTShortName} by itself. To install {DTProductName} without a service mesh, use the following instructions.
-
-== Prerequisites
-
-Before you can install {DTProductName}, review the installation activities, and ensure that you meet the prerequisites:
-
-* Possess an active {product-title} subscription on your Red Hat account. If you do not have a subscription, contact your sales representative for more information.
-
-* Review the xref:../../architecture/architecture-installation.adoc#installation-overview_architecture-installation[{product-title} {product-version} overview].
-* Install {product-title} {product-version}.
-
-** xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Install {product-title} {product-version} on AWS]
-** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Install {product-title} {product-version} on user-provisioned AWS]
-** xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Install {product-title} {product-version} on bare metal]
-** xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[Install {product-title} {product-version} on vSphere]
-* Install the version of the OpenShift CLI (`oc`) that matches your {product-title} version and add it to your path.
-
-* An account with the `cluster-admin` role.
-
-include::modules/distr-tracing-install-overview.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-install-elasticsearch.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-install-jaeger-operator.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-install-otel-operator.adoc[leveloffset=+1]
-
-////
-== Next steps
-* xref:../../distr_tracing/distr_tracing_install/distr-tracing-deploying.adoc#deploying-distributed-tracing[Deploy {DTProductName}].
-////
diff --git a/distr_tracing/distr_tracing_install/distr-tracing-removing.adoc b/distr_tracing/distr_tracing_install/distr-tracing-removing.adoc
deleted file mode 100644
index f4d9b3d26524..000000000000
--- a/distr_tracing/distr_tracing_install/distr-tracing-removing.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-:_content-type: ASSEMBLY
-[id="removing-distributed-tracing"]
-= Removing distributed tracing
-include::_attributes/common-attributes.adoc[]
-:context: removing-distributed-tracing
-
-toc::[]
-
-The steps for removing {DTProductName} from an {product-title} cluster are as follows:
-
-. Shut down any {DTProductName} pods.
-. Remove any {DTProductName} instances.
-. Remove the {JaegerName} Operator.
-. Remove the {OTELName} Operator.
-
-include::modules/distr-tracing-removing-instance.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-removing-instance-cli.adoc[leveloffset=+1]
-
-
-== Removing the {DTProductName} Operators
-
-.Procedure
-
-. Follow the instructions for xref:../../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster].
-
-* Remove the {JaegerName} Operator.
-
-//* Remove the {OTELName} Operator.
-
-* After the {JaegerName} Operator has been removed, if appropriate, remove the OpenShift Elasticsearch Operator.
diff --git a/distr_tracing/distr_tracing_install/distr-tracing-updating.adoc b/distr_tracing/distr_tracing_install/distr-tracing-updating.adoc
deleted file mode 100644
index 9de6057bcebf..000000000000
--- a/distr_tracing/distr_tracing_install/distr-tracing-updating.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-:_content-type: ASSEMBLY
-[id="upgrading-distributed-tracing"]
-= Upgrading distributed tracing
-include::_attributes/common-attributes.adoc[]
-:context: upgrading-distributed-tracing
-
-toc::[]
-
-Operator Lifecycle Manager (OLM) controls the installation, upgrade, and role-based access control (RBAC) of Operators in a cluster. The OLM runs by default in {product-title}.
-OLM queries for available Operators as well as upgrades for installed Operators.
-For more information about how {product-title} handles upgrades, see the xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[Operator Lifecycle Manager] documentation.
-
-During an update, the {DTProductName} Operators upgrade the managed {DTShortName} instances to the version associated with the Operator. Whenever a new version of the {JaegerName} Operator is installed, all the {JaegerShortName} application instances managed by the Operator are upgraded to the Operator's version. For example, after upgrading the Operator from 1.10 installed to 1.11, the Operator scans for running {JaegerShortName} instances and upgrades them to 1.11 as well.
-
-For specific instructions on how to update the OpenShift Elasticsearch Operator, see xref:../../logging/cluster-logging-upgrading.adoc#cluster-logging-upgrading_cluster-logging-upgrading[Updating OpenShift Logging].
-
-include::modules/distr-tracing-change-operator-20.adoc[leveloffset=+1]
-
-[IMPORTANT]
-====
-If you have not already updated your OpenShift Elasticsearch Operator as described in xref:../../logging/cluster-logging-upgrading.adoc[Updating OpenShift Logging] complete that update before updating your {JaegerName} Operator.
-====
-
-For instructions on how to update the Operator channel, see xref:../../operators/admin/olm-upgrading-operators.adoc[Updating installed Operators].
diff --git a/logging/v5_5/_attributes b/distr_tracing/distr_tracing_jaeger/_attributes
similarity index 100%
rename from logging/v5_5/_attributes
rename to distr_tracing/distr_tracing_jaeger/_attributes
diff --git a/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
new file mode 100644
index 000000000000..704019cdd933
--- /dev/null
+++ b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
@@ -0,0 +1,91 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distr-tracing-jaeger-configuring"]
+= Configuring and deploying the distributed tracing platform Jaeger
+include::_attributes/common-attributes.adoc[]
+:context: distr-tracing-jaeger-configuring
+
+toc::[]
+
+The {JaegerName} Operator uses a custom resource definition (CRD) file that defines the architecture and configuration settings to be used when creating and deploying the {JaegerShortName} resources. You can install the default configuration or modify the file.
+
+If you have installed {DTShortName} as part of {SMProductName}, you can perform basic configuration as part of the xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[ServiceMeshControlPlane], but for complete control, you must configure a Jaeger CR and then xref:../../service_mesh/v2x/ossm-observability.adoc#ossm-config-external-jaeger_observability[reference your distributed tracing configuration file in the ServiceMeshControlPlane].
+
+The {JaegerName} has predefined deployment strategies. You specify a deployment strategy in the custom resource file. When you create a {JaegerShortName} instance, the Operator uses this configuration file to create the objects necessary for the deployment.
+
+.Jaeger custom resource file showing deployment strategy
+[source,yaml]
+----
+apiVersion: jaegertracing.io/v1
+kind: Jaeger
+metadata:
+  name: MyConfigFile
+spec:
+  strategy: production <1>
+----
+<1> Deployment strategy.
+
+[id="supported-deployment-strategies"]
+== Supported deployment strategies
+
+The {JaegerName} Operator currently supports the following deployment strategies:
+
+`allInOne`:: - This strategy is intended for development, testing, and demo purposes; it is not intended for production use. The main backend components, Agent, Collector, and Query service, are all packaged into a single executable which is configured, by default. to use in-memory storage.
++
+[NOTE]
+====
+In-memory storage is not persistent, which means that if the {JaegerShortName} instance shuts down, restarts, or is replaced, that your trace data will be lost. And in-memory storage cannot be scaled, since each pod has its own memory. For persistent storage, you must use the `production` or `streaming` strategies, which use Elasticsearch as the default storage.
+====
+
+`production`:: The production strategy is intended for production environments, where long term storage of trace data is important, as well as a more scalable and highly available architecture is required. Each of the backend components is therefore deployed separately. The Agent can be injected as a sidecar on the instrumented application. The Query and Collector services are configured with a supported storage type - currently Elasticsearch. Multiple instances of each of these components can be provisioned as required for performance and resilience purposes.
+
+`streaming`:: The streaming strategy is designed to augment the production strategy by providing a streaming capability that effectively sits between the Collector and the Elasticsearch backend storage. This provides the benefit of reducing the pressure on the backend storage, under high load situations, and enables other trace post-processing capabilities to tap into the real time span data directly from the streaming platform (https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/html/using_amq_streams_on_openshift/index[AMQ Streams]/ https://kafka.apache.org/documentation/[Kafka]).
++
+[NOTE]
+====
+
+* The streaming strategy requires an additional Red Hat subscription for AMQ Streams.
+
+* The streaming deployment strategy is currently unsupported on {ibm-z-name}.
+
+====
+
+include::modules/distr-tracing-deploy-default.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-deploy-production-es.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-deploy-streaming.adoc[leveloffset=+1]
+
+[id="validating-your-jaeger-deployment"]
+== Validating your deployment
+
+include::modules/distr-tracing-accessing-jaeger-console.adoc[leveloffset=+2]
+
+[id="customizing-your-deployment"]
+== Customizing your deployment
+
+include::modules/distr-tracing-deployment-best-practices.adoc[leveloffset=+2]
+
+ifdef::openshift-enterprise,openshift-dedicated[]
+For information about configuring persistent storage, see xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[Understanding persistent storage] and the appropriate configuration topic for your chosen storage option.
+endif::[]
+
+include::modules/distr-tracing-config-default.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-config-jaeger-collector.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-config-sampling.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-config-storage.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-config-query.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-config-ingester.adoc[leveloffset=+2]
+
+[id="injecting-sidecars"]
+== Injecting sidecars
+
+The {JaegerName} relies on a proxy sidecar within the application's pod to provide the Agent. The {JaegerName} Operator can inject Agent sidecars into deployment workloads. You can enable automatic sidecar injection or manage it manually.
+
+include::modules/distr-tracing-sidecar-automatic.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-sidecar-manual.adoc[leveloffset=+2]
diff --git a/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-installing.adoc b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-installing.adoc
new file mode 100644
index 000000000000..22fa9b182e40
--- /dev/null
+++ b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-installing.adoc
@@ -0,0 +1,42 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-jaeger-installing"]
+= Installing the distributed tracing platform Jaeger
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-jaeger-installing
+
+toc::[]
+
+[WARNING]
+====
+Jaeger is deprecated in Red Hat OpenShift distributed tracing 3.0.
+====
+
+You can install {DTProductName} on {product-title} in either of two ways:
+
+* You can install {DTProductName} as part of {SMProductName}. Distributed tracing is included by default in the Service Mesh installation. To install {DTProductName} as part of a service mesh, follow the xref:../../service_mesh/v2x/preparing-ossm-installation.adoc#preparing-ossm-installation[Red Hat Service Mesh Installation] instructions. You must install {DTProductName} in the same namespace as your service mesh, that is, the `ServiceMeshControlPlane` and the {DTProductName} resources must be in the same namespace.
+
+* If you do not want to install a service mesh, you can use the {DTProductName} Operators to install {DTShortName} by itself. To install {DTProductName} without a service mesh, use the following instructions.
+
+[id="prerequisites"]
+== Prerequisites
+
+Before you can install {DTProductName}, review the installation activities, and ensure that you meet the prerequisites:
+
+* Possess an active {product-title} subscription on your Red Hat account. If you do not have a subscription, contact your sales representative for more information.
+
+* Review the xref:../../architecture/architecture-installation.adoc#installation-overview_architecture-installation[{product-title} {product-version} overview].
+* Install {product-title} {product-version}.
+
+** xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Install {product-title} {product-version} on AWS]
+** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Install {product-title} {product-version} on user-provisioned AWS]
+** xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Install {product-title} {product-version} on bare metal]
+** xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[Install {product-title} {product-version} on vSphere]
+* Install the version of the `oc` CLI tool that matches your {product-title} version and add it to your path.
+
+* An account with the `cluster-admin` role.
+
+include::modules/distr-tracing-install-overview.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-install-elasticsearch.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-install-jaeger-operator.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-removing.adoc b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-removing.adoc
new file mode 100644
index 000000000000..aa2b8356b60c
--- /dev/null
+++ b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-removing.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-jaeger-removing"]
+= Removing the distributed tracing platform Jaeger
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-jaeger-removing
+
+toc::[]
+
+The steps for removing {DTProductName} from an {product-title} cluster are as follows:
+
+. Shut down any {DTProductName} pods.
+. Remove any {DTProductName} instances.
+. Remove the {JaegerName} Operator.
+. Remove the {OTELName} Operator.
+
+include::modules/distr-tracing-removing-instance.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-removing-instance-cli.adoc[leveloffset=+1]
+
+[id="removing-distributed-tracing-operators"]
+== Removing the {DTProductName} Operators
+
+.Procedure
+
+. Follow the instructions in xref:../../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster] to remove the {JaegerName} Operator.
+
+. Optional: After the {JaegerName} Operator has been removed, remove the OpenShift Elasticsearch Operator.
diff --git a/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-updating.adoc b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-updating.adoc
new file mode 100644
index 000000000000..cbd6a29cbf80
--- /dev/null
+++ b/distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-updating.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-jaeger-updating"]
+= Updating the distributed tracing platform Jaeger
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-jaeger-updating
+
+toc::[]
+
+[WARNING]
+====
+Jaeger is deprecated in Red Hat OpenShift distributed tracing 3.0.
+====
+
+Operator Lifecycle Manager (OLM) controls the installation, upgrade, and role-based access control (RBAC) of Operators in a cluster. The OLM runs by default in {product-title}.
+OLM queries for available Operators as well as upgrades for installed Operators.
+
+During an update, the {DTProductName} Operators upgrade the managed {DTShortName} instances to the version associated with the Operator. Whenever a new version of the {JaegerName} Operator is installed, all the {JaegerShortName} application instances managed by the Operator are upgraded to the Operator's version. For example, after upgrading the Operator from 1.10 installed to 1.11, the Operator scans for running {JaegerShortName} instances and upgrades them to 1.11 as well.
+
+[IMPORTANT]
+====
+If you have not already updated your OpenShift Elasticsearch Operator as described in xref:../../logging/cluster-logging-upgrading.adoc#cluster-logging-upgrading_cluster-logging-upgrading[Updating OpenShift Logging], complete that update before updating your {JaegerName} Operator.
+====
+
+[role="_additional-resources"]
+[id="additional-resources_dist-tracing-jaeger-updating"]
+== Additional resources
+
+* xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[Operator Lifecycle Manager concepts and resources]
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
+* xref:../../logging/cluster-logging-upgrading.adoc#cluster-logging-upgrading_cluster-logging-upgrading[Updating OpenShift Logging]
diff --git a/logging/v5_6/images b/distr_tracing/distr_tracing_jaeger/images
similarity index 100%
rename from logging/v5_6/images
rename to distr_tracing/distr_tracing_jaeger/images
diff --git a/logging/v5_7/modules b/distr_tracing/distr_tracing_jaeger/modules
similarity index 100%
rename from logging/v5_7/modules
rename to distr_tracing/distr_tracing_jaeger/modules
diff --git a/distr_tracing/distr_tracing_install/snippets b/distr_tracing/distr_tracing_jaeger/snippets
similarity index 100%
rename from distr_tracing/distr_tracing_install/snippets
rename to distr_tracing/distr_tracing_jaeger/snippets
diff --git a/logging/v5_6/_attributes b/distr_tracing/distr_tracing_rn/_attributes
similarity index 100%
rename from logging/v5_6/_attributes
rename to distr_tracing/distr_tracing_rn/_attributes
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-0.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-0.adoc
new file mode 100644
index 000000000000..3c73f8517305
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-0.adoc
@@ -0,0 +1,57 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-0"]
+= Release notes for {DTProductName} 2.0
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-0
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-0"]
+== Component versions in the {DTProductName} 2.0.0
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.28.0
+
+|{OTELName}
+|OpenTelemetry
+|0.33.0
+|===
+
+[id="new-features-and-enhancements_distributed-tracing-rn-2-0"]
+== New features and enhancements
+
+This release introduces the following new features and enhancements:
+
+* Rebrands Red Hat OpenShift Jaeger as the {DTProductName}.
+
+* Updates {JaegerName} Operator to Jaeger 1.28. Going forward, the {DTProductName} will only support the `stable` Operator channel.
+Channels for individual releases are no longer supported.
+
+* Adds support for OpenTelemetry protocol (OTLP) to the Query service.
+
+* Introduces a new distributed tracing icon that appears in the OperatorHub.
+
+* Includes rolling updates to the documentation to support the name change and new features.
+
+[id="technology-preview-features_distributed-tracing-rn-2-0"]
+== Technology Preview features
+
+* This release adds the {OTELName} as a link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview], which you install using the {OTELName} Operator. {OTELName} is based on the link:https://opentelemetry.io/[OpenTelemetry] APIs and instrumentation. The {OTELName} includes the OpenTelemetry Operator and Collector. You can use the Collector to receive traces in the OpenTelemetry or Jaeger protocol and send the trace data to the {DTProductName}. Other capabilities of the Collector are not supported at this time. The OpenTelemetry Collector allows developers to instrument their code with vendor agnostic APIs, avoiding vendor lock-in and enabling a growing ecosystem of observability tooling.
+
+[id="bug-fixes_distributed-tracing-rn-2-0"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+//[id="known-issues_distributed-tracing-rn-2-0"]
+//== Known issues
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-1.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-1.adoc
new file mode 100644
index 000000000000..a856cfa02a52
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-1.adoc
@@ -0,0 +1,68 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-1"]
+= Release notes for {DTProductName} 2.1
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-1
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-1"]
+== Component versions in the {DTProductName} 2.1.0
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.29.1
+
+|{OTELName}
+|OpenTelemetry
+|0.41.1
+|===
+
+[id="technology-preview-features_distributed-tracing-rn-2-1"]
+== Technology Preview features
+
+* This release introduces a breaking change to how to configure certificates in the OpenTelemetry custom resource file. With this update, the `ca_file` moves under `tls` in the custom resource, as shown in the following examples.
++
+.CA file configuration for OpenTelemetry version 0.33
++
+[source,yaml]
+----
+spec:
+  mode: deployment
+  config: |
+    exporters:
+      jaeger:
+        endpoint: jaeger-production-collector-headless.tracing-system.svc:14250
+        ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+----
++
+.CA file configuration for OpenTelemetry version 0.41.1
++
+[source,yaml]
+----
+spec:
+  mode: deployment
+  config: |
+    exporters:
+      jaeger:
+        endpoint: jaeger-production-collector-headless.tracing-system.svc:14250
+        tls:
+          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+----
+
+[id="bug-fixes_distributed-tracing-rn-2-1"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+//[id="known-issues_distributed-tracing-rn-2-1"]
+//== Known issues
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-2.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-2.adoc
new file mode 100644
index 000000000000..b88726c233d9
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-2.adoc
@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-2"]
+= Release notes for {DTProductName} 2.2
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-2
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="technology-preview-features_distributed-tracing-rn-2-2"]
+== Technology Preview features
+
+* The unsupported OpenTelemetry Collector components included in the 2.1 release are removed.
+
+[id="bug-fixes_distributed-tracing-rn-2-2"]
+== Bug fixes
+
+This release of the {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-3.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-3.adoc
new file mode 100644
index 000000000000..54d7ad9d8f27
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-3.adoc
@@ -0,0 +1,56 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-3"]
+= Release notes for {DTProductName} 2.3
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-3
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions-2-3-0_distributed-tracing-rn-2-3"]
+== Component versions in the {DTProductName} 2.3.0
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.30.1
+
+|{OTELName}
+|OpenTelemetry
+|0.44.0
+|===
+
+[id="component-versions-2-3-1_distributed-tracing-rn-2-3"]
+== Component versions in the {DTProductName} 2.3.1
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.30.2
+
+|{OTELName}
+|OpenTelemetry
+|0.44.1-1
+|===
+
+[id="new-features-and-enhancements_distributed-tracing-rn-2-3"]
+== New features and enhancements
+
+With this release, the {JaegerName} Operator is now installed to the `openshift-distributed-tracing` namespace by default. Before this update, the default installation had been in the `openshift-operators` namespace.
+
+[id="bug-fixes_distributed-tracing-rn-2-3"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+//[id="known-issues_distributed-tracing-rn-2-3"]
+//== Known issues
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-4.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-4.adoc
new file mode 100644
index 000000000000..ca95e0fddc47
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-4.adoc
@@ -0,0 +1,53 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-4"]
+= Release notes for {DTProductName} 2.4
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-4
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-4"]
+== Component versions in the {DTProductName} 2.4
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.34.1
+
+|{OTELName}
+|OpenTelemetry
+|0.49
+|===
+
+[id="new-features-and-enhancements_distributed-tracing-rn-2-4"]
+== New features and enhancements
+
+This release adds support for auto-provisioning certificates using the Red Hat Elasticsearch Operator.
+
+* Self-provisioning by using the {JaegerName} Operator to call the Red Hat Elasticsearch Operator during installation.
++
+[IMPORTANT]
+====
+When upgrading to the {DTProductName} 2.4, the operator recreates the Elasticsearch instance, which might take five to ten minutes. Distributed tracing will be down and unavailable for that period.
+====
+
+[id="technology-preview-features_distributed-tracing-rn-2-4"]
+== Technology Preview features
+
+* Creating the Elasticsearch instance and certificates first and then configuring the {JaegerShortName} to use the certificate is a link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview] for this release.
+
+[id="bug-fixes_distributed-tracing-rn-2-4"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+//[id="known-issues_distributed-tracing-rn-2-4"]
+//== Known issues
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-5.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-5.adoc
new file mode 100644
index 000000000000..518dee14538f
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-5.adoc
@@ -0,0 +1,45 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-5"]
+= Release notes for {DTProductName} 2.5
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-5
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-5"]
+== Component versions in the {DTProductName} 2.5
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.36
+
+|{OTELName}
+|OpenTelemetry
+|0.56
+|===
+
+[id="new-features-and-enhancements_distributed-tracing-rn-2-5"]
+== New features and enhancements
+
+This release introduces support for ingesting OpenTelemetry protocol (OTLP) to the {JaegerName} Operator.
+The Operator now automatically enables the OTLP ports:
+
+* Port 4317 for the OTLP gRPC protocol.
+* Port 4318 for the OTLP HTTP protocol.
+
+This release also adds support for collecting Kubernetes resource attributes to the {OTELName} Operator.
+
+[id="bug-fixes_distributed-tracing-rn-2-5"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
+
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-6.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-6.adoc
new file mode 100644
index 000000000000..02e7d8e94262
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-6.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-6"]
+= Release notes for {DTProductName} 2.6
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-6
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-6"]
+== Component versions in the {DTProductName} 2.6
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.38
+
+|{OTELName}
+|OpenTelemetry
+|0.60
+|===
+
+[id="bug-fixes_distributed-tracing-rn-2-6"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
+
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-7.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-7.adoc
new file mode 100644
index 000000000000..9cd28c934485
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-7.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-7"]
+= Release notes for {DTProductName} 2.7
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-7
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-7"]
+== Component versions in the {DTProductName} 2.7
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.39
+
+|{OTELName}
+|OpenTelemetry
+|0.63.1
+|===
+
+[id="bug-fixes_distributed-tracing-rn-2-7"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-8.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-8.adoc
new file mode 100644
index 000000000000..1dddf2ee0f77
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-8.adoc
@@ -0,0 +1,63 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-8"]
+= Release notes for {DTProductName} 2.8
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-8
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-8"]
+== Component versions in the {DTProductName} 2.8
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.42
+
+|{OTELName}
+|OpenTelemetry
+|0.74.0
+
+|{TempoName}
+|Tempo
+|0.1.0
+|===
+
+[id="technology-preview-features_distributed-tracing-rn-2-8"]
+== Technology Preview features
+
+This release introduces support for the {TempoName} as a link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview] feature for {DTProductName}.
+
+:FeatureName: The {TempoName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+The feature uses version 0.1.0 of the {TempoName} and version 2.0.1 of the upstream {TempoShortName} components.
+
+You can use the {TempoShortName} to replace Jaeger so that you can use S3-compatible storage instead of ElasticSearch.
+Most users who use the {TempoShortName} instead of Jaeger will not notice any difference in functionality because the {TempoShortName} supports the same ingestion and query protocols as Jaeger and uses the same user interface.
+
+If you enable this Technology Preview feature, note the following limitations of the current implementation:
+
+* The {TempoShortName} currently does not support disconnected installations. (link:https://issues.redhat.com/browse/TRACING-3145[TRACING-3145])
+
+* When you use the Jaeger user interface (UI) with the {TempoShortName}, the Jaeger UI lists only services that have sent traces within the last 15 minutes. For services that have not sent traces within the last 15 minutes, those traces are still stored even though they are not visible in the Jaeger UI. (link:https://issues.redhat.com/browse/TRACING-3139[TRACING-3139])
+
+Expanded support for the {TempoOperator} is planned for future releases of the {DTProductName}.
+Possible additional features might include support for TLS authentication, multitenancy, and multiple clusters.
+For more information about the {TempoOperator}, see the link:https://tempo-operator.netlify.app[Tempo community documentation].
+
+[id="bug-fixes_distributed-tracing-rn-2-8"]
+== Bug fixes
+
+This release addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+//[id="known-issues_distributed-tracing-rn-2-8"]
+//== Known issues
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9-1.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9-1.adoc
new file mode 100644
index 000000000000..6fed09c6ee2a
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9-1.adoc
@@ -0,0 +1,138 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distributed-tracing-rn-2-9-1"]
+= Release notes for {DTProductName} 2.9.1
+include::_attributes/common-attributes.adoc[]
+:context: distributed-tracing-rn-2-9-1
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-9-1"]
+== Component versions in the {DTProductName} 2.9.1
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.47.0
+
+|{OTELName}
+|OpenTelemetry
+|0.81.0
+
+|{TempoName}
+|Tempo
+|2.1.1
+|===
+
+== CVEs
+
+This release fixes link:https://access.redhat.com/security/cve/cve-2023-44487[CVE-2023-44487].
+
+
+[id="jaeger-release-notes_distributed-tracing-rn-2-9-1"]
+== {JaegerName}
+
+[id="known-issues_jaeger-release-notes_distributed-tracing-rn-2-9-1"]
+=== Known issues
+
+* Apache Spark is not supported.
+ifndef::openshift-rosa[]
+
+* The streaming deployment via AMQ/Kafka is unsupported on IBM Z and IBM Power Systems.
+endif::openshift-rosa[]
+
+[id="tempo-release-notes_distributed-tracing-rn-2-9-1"]
+== {TempoName}
+
+:FeatureName: The {TempoName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="known-issues_tempo-release-notes_distributed-tracing-rn-2-9-1"]
+=== Known issues
+
+* Currently, the custom TLS CA option is not implemented for connecting to object storage. (link:https://issues.redhat.com/browse/TRACING-3462[TRACING-3462])
+
+* Currently, when used with the {TempoOperator}, the Jaeger UI only displays services that have sent traces in the last 15 minutes. For services that did not send traces in the last 15 minutes, traces are still stored but not displayed in the Jaeger UI. (link:https://issues.redhat.com/browse/TRACING-3139[TRACING-3139])
+
+* Currently, the {TempoShortName} fails on the IBM Z (`s390x`) architecture. (link:https://issues.redhat.com/browse/TRACING-3545[TRACING-3545])
+
+* Currently, the Tempo query frontend service must not use internal mTLS when Gateway is not deployed. This issue does not affect the Jaeger Query API. The workaround is to disable mTLS. (link:https://issues.redhat.com/browse/TRACING-3510[TRACING-3510])
++
+.Workaround
++
+Disable mTLS as follows:
++
+. Open the {TempoOperator} ConfigMap for editing by running the following command:
++
+[source,terminal]
+----
+$ oc edit configmap tempo-operator-manager-config -n openshift-tempo-operator <1>
+----
+<1> The project where the {TempoOperator} is installed.
+
+. Disable the mTLS in the operator configuration by updating the YAML file:
++
+[source,yaml]
+----
+data:
+  controller_manager_config.yaml: |
+    featureGates:
+      httpEncryption: false
+      grpcEncryption: false
+      builtInCertManagement:
+        enabled: false
+----
+
+. Restart the {TempoOperator} pod by running the following command:
++
+[source,terminal]
+----
+$ oc rollout restart deployment.apps/tempo-operator-controller -n openshift-tempo-operator
+----
+
+
+* Missing images for running the {TempoOperator} in restricted environments. The {TempoName} CSV is missing references to the operand images. (link:https://issues.redhat.com/browse/TRACING-3523[TRACING-3523])
++
+.Workaround
++
+Add the {TempoOperator} related images in the mirroring tool to mirror the images to the registry:
++
+[source,yaml]
+----
+kind: ImageSetConfiguration
+apiVersion: mirror.openshift.io/v1alpha2
+archiveSize: 20
+storageConfig:
+  local:
+    path: /home/user/images
+mirror:
+  operators:
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+    packages:
+    - name: tempo-product
+      channels:
+      - name: stable
+  additionalImages:
+  - name: registry.redhat.io/rhosdt/tempo-rhel8@sha256:e4295f837066efb05bcc5897f31eb2bdbd81684a8c59d6f9498dd3590c62c12a
+  - name: registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b62f5cedfeb5907b638f14ca6aaeea50f41642980a8a6f87b7061e88d90fac23
+  - name: registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:8cd134deca47d6817b26566e272e6c3f75367653d589f5c90855c59b2fab01e9
+  - name: registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0da43034f440b8258a48a0697ba643b5643d48b615cdb882ac7f4f1f80aad08e
+----
+
+[id="otel-release-notes_distributed-tracing-rn-2-9-1"]
+== {OTELName}
+
+:FeatureName: The {OTELName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="known-issues_otel-release-notes_distributed-tracing-rn-2-9-1"]
+=== Known issues
+
+* Currently, you must manually set link:https://operatorframework.io/operator-capabilities/[operator maturity] to Level IV, Deep Insights. (link:https://issues.redhat.com/browse/TRACING-3431[TRACING-3431])
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9-2.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9-2.adoc
new file mode 100644
index 000000000000..e22fa34b09a5
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9-2.adoc
@@ -0,0 +1,137 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="distributed-tracing-rn-2-9-2"]
+= Release notes for {DTProductName} 2.9.2
+:context: distributed-tracing-rn-2-9-2
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-9-2"]
+== Component versions in the {DTProductName} 2.9.2
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.47.0
+
+|{OTELName}
+|OpenTelemetry
+|0.81.0
+
+|{TempoName}
+|Tempo
+|2.1.1
+|===
+
+== CVEs
+
+This release fixes link:https://bugzilla.redhat.com/show_bug.cgi?id=2246470[CVE-2023-46234].
+
+[id="jaeger-release-notes_distributed-tracing-rn-2-9-2"]
+== {JaegerName}
+
+[id="known-issues_jaeger-release-notes_distributed-tracing-rn-2-9-2"]
+=== Known issues
+
+* Apache Spark is not supported.
+ifndef::openshift-rosa[]
+
+* The streaming deployment via AMQ/Kafka is unsupported on IBM Z and IBM Power Systems.
+endif::openshift-rosa[]
+
+[id="tempo-release-notes_distributed-tracing-rn-2-9-2"]
+== {TempoName}
+
+:FeatureName: The {TempoName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="known-issues_tempo-release-notes_distributed-tracing-rn-2-9-2"]
+=== Known issues
+
+* Currently, the custom TLS CA option is not implemented for connecting to object storage. (link:https://issues.redhat.com/browse/TRACING-3462[TRACING-3462])
+
+* Currently, when used with the {TempoOperator}, the Jaeger UI only displays services that have sent traces in the last 15 minutes. For services that did not send traces in the last 15 minutes, traces are still stored but not displayed in the Jaeger UI. (link:https://issues.redhat.com/browse/TRACING-3139[TRACING-3139])
+
+* Currently, the {TempoShortName} fails on the IBM Z (`s390x`) architecture. (link:https://issues.redhat.com/browse/TRACING-3545[TRACING-3545])
+
+* Currently, the Tempo query frontend service must not use internal mTLS when Gateway is not deployed. This issue does not affect the Jaeger Query API. The workaround is to disable mTLS. (link:https://issues.redhat.com/browse/TRACING-3510[TRACING-3510])
++
+.Workaround
++
+Disable mTLS as follows:
++
+. Open the {TempoOperator} ConfigMap for editing by running the following command:
++
+[source,terminal]
+----
+$ oc edit configmap tempo-operator-manager-config -n openshift-tempo-operator <1>
+----
+<1> The project where the {TempoOperator} is installed.
+
+. Disable the mTLS in the operator configuration by updating the YAML file:
++
+[source,yaml]
+----
+data:
+  controller_manager_config.yaml: |
+    featureGates:
+      httpEncryption: false
+      grpcEncryption: false
+      builtInCertManagement:
+        enabled: false
+----
+
+. Restart the {TempoOperator} pod by running the following command:
++
+[source,terminal]
+----
+$ oc rollout restart deployment.apps/tempo-operator-controller -n openshift-tempo-operator
+----
+
+
+* Missing images for running the {TempoOperator} in restricted environments. The {TempoName} CSV is missing references to the operand images. (link:https://issues.redhat.com/browse/TRACING-3523[TRACING-3523])
++
+.Workaround
++
+Add the {TempoOperator} related images in the mirroring tool to mirror the images to the registry:
++
+[source,yaml]
+----
+kind: ImageSetConfiguration
+apiVersion: mirror.openshift.io/v1alpha2
+archiveSize: 20
+storageConfig:
+  local:
+    path: /home/user/images
+mirror:
+  operators:
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+    packages:
+    - name: tempo-product
+      channels:
+      - name: stable
+  additionalImages:
+  - name: registry.redhat.io/rhosdt/tempo-rhel8@sha256:e4295f837066efb05bcc5897f31eb2bdbd81684a8c59d6f9498dd3590c62c12a
+  - name: registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b62f5cedfeb5907b638f14ca6aaeea50f41642980a8a6f87b7061e88d90fac23
+  - name: registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:8cd134deca47d6817b26566e272e6c3f75367653d589f5c90855c59b2fab01e9
+  - name: registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0da43034f440b8258a48a0697ba643b5643d48b615cdb882ac7f4f1f80aad08e
+----
+
+[id="otel-release-notes_distributed-tracing-rn-2-9-2"]
+== {OTELName}
+
+:FeatureName: The {OTELName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="known-issues_otel-release-notes_distributed-tracing-rn-2-9-2"]
+=== Known issues
+
+* Currently, you must manually set link:https://operatorframework.io/operator-capabilities/[operator maturity] to Level IV, Deep Insights. (link:https://issues.redhat.com/browse/TRACING-3431[TRACING-3431])
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9.adoc
new file mode 100644
index 000000000000..5f66c28db987
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9.adoc
@@ -0,0 +1,207 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="distributed-tracing-rn-2-9"]
+= Release notes for {DTProductName} 2.9
+:context: distributed-tracing-rn-2-9
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-2-9"]
+== Component versions in the {DTProductName} 2.9
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.47.0
+
+|{OTELName}
+|OpenTelemetry
+|0.81.0
+
+|{TempoName}
+|Tempo
+|2.1.1
+|===
+
+[id="jaeger-release-notes_distributed-tracing-rn-2-9"]
+== {JaegerName}
+
+[id="new-features-and-enhancements_jaeger-release-notes_distributed-tracing-rn-2-9"]
+=== New features and enhancements
+
+* None.
+
+//[id="technology-preview-features_jaeger-release-notes_distributed-tracing-rn-2-9"]
+//=== Technology Preview features
+//not for 2.9
+
+[id="bug-fixes_jaeger-release-notes_distributed-tracing-rn-2-9"]
+=== Bug fixes
+
+* Before this update, connection was refused due to a missing gRPC port on the `jaeger-query` deployment. This issue resulted in `transport: Error while dialing: dial tcp :16685: connect: connection refused` error message. With this update, the Jaeger Query gRPC port (16685) is successfully exposed on the Jaeger Query service. (link:https://issues.redhat.com/browse/TRACING-3322[TRACING-3322])
+
+* Before this update, the wrong port was exposed for `jaeger-production-query`, resulting in refused connection. With this update, the issue is fixed by exposing the Jaeger Query gRPC port (16685) on the Jaeger Query deployment. (link:https://issues.redhat.com/browse/TRACING-2968[TRACING-2968])
+
+* Before this update, when deploying {SMProductShortName} on {sno} clusters in disconnected environments, the Jaeger pod frequently went into the `Pending` state. With this update, the issue is fixed. (link:https://issues.redhat.com/browse/TRACING-3312[TRACING-3312])
+
+* Before this update, the Jaeger Operator pod restarted with the default memory value due to the `reason: OOMKilled` error message. With this update, this issue is fixed by removing the resource limits. (link:https://issues.redhat.com/browse/TRACING-3173[TRACING-3173])
+
+[id="known-issues_jaeger-release-notes_distributed-tracing-rn-2-9"]
+=== Known issues
+
+* Apache Spark is not supported.
+ifndef::openshift-rosa[]
+
+* The streaming deployment via AMQ/Kafka is unsupported on IBM Z and IBM Power Systems.
+endif::openshift-rosa[]
+
+[id="tempo-release-notes_distributed-tracing-rn-2-9"]
+== {TempoName}
+
+:FeatureName: The {TempoName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="new-features-and-enhancements_tempo-release-notes_distributed-tracing-rn-2-9"]
+=== New features and enhancements
+
+This release introduces the following enhancements for the {TempoShortName}:
+
+* Support the link:https://operatorframework.io/operator-capabilities/[operator maturity] Level IV, Deep Insights, which enables upgrading, monitoring, and alerting of `TempoStack` instances and the {TempoOperator}.
+
+* Add Ingress and Route configuration for the Gateway.
+
+* Support the `managed` and `unmanaged` states in the `TempoStack` custom resource.
+
+* Expose the following additional ingestion protocols in the Distributor service: Jaeger Thrift binary, Jaeger Thrift compact, Jaeger gRPC, and Zipkin. When the Gateway is enabled, only the OpenTelemetry protocol (OTLP) gRPC is enabled.
+
+* Expose the Jaeger Query gRPC endpoint on the Query Frontend service.
+
+* Support multitenancy without Gateway authentication and authorization.
+
+//[id="technology-preview-features_tempo-release-notes_distributed-tracing-rn-2-9"]
+//=== Technology Preview features
+//not for 2.9
+
+[id="bug-fixes_tempo-release-notes_distributed-tracing-rn-2-9"]
+=== Bug fixes
+
+* Before this update, the {TempoOperator} was not compatible with disconnected environments. With this update, the {TempoOperator} supports disconnected environments. (link:https://issues.redhat.com/browse/TRACING-3145[TRACING-3145])
+
+* Before this update, the {TempoOperator} with TLS failed to start on {product-title}. With this update, the mTLS communication is enabled between Tempo components, the Operand starts successfully, and the Jaeger UI is accessible. (link:https://issues.redhat.com/browse/TRACING-3091[TRACING-3091])
+
+* Before this update, the resource limits from the {TempoOperator} caused error messages such as `reason: OOMKilled`. With this update, the resource limits for the {TempoOperator} are removed to avoid such errors. (link:https://issues.redhat.com/browse/TRACING-3204[TRACING-3204])
+
+[id="known-issues_tempo-release-notes_distributed-tracing-rn-2-9"]
+=== Known issues
+
+* Currently, the custom TLS CA option is not implemented for connecting to object storage. (link:https://issues.redhat.com/browse/TRACING-3462[TRACING-3462])
+
+* Currently, when used with the {TempoOperator}, the Jaeger UI only displays services that have sent traces in the last 15 minutes. For services that did not send traces in the last 15 minutes, traces are still stored but not displayed in the Jaeger UI. (link:https://issues.redhat.com/browse/TRACING-3139[TRACING-3139])
+
+* Currently, the {TempoShortName} fails on the IBM Z (`s390x`) architecture. (link:https://issues.redhat.com/browse/TRACING-3545[TRACING-3545])
+
+* Currently, the Tempo query frontend service must not use internal mTLS when Gateway is not deployed. This issue does not affect the Jaeger Query API. The workaround is to disable mTLS. (link:https://issues.redhat.com/browse/TRACING-3510[TRACING-3510])
++
+.Workaround
++
+Disable mTLS as follows:
++
+. Open the {TempoOperator} ConfigMap for editing by running the following command:
++
+[source,terminal]
+----
+$ oc edit configmap tempo-operator-manager-config -n openshift-tempo-operator <1>
+----
+<1> The project where the {TempoOperator} is installed.
+
+. Disable the mTLS in the operator configuration by updating the YAML file:
++
+[source,yaml]
+----
+data:
+  controller_manager_config.yaml: |
+    featureGates:
+      httpEncryption: false
+      grpcEncryption: false
+      builtInCertManagement:
+        enabled: false
+----
+
+. Restart the {TempoOperator} pod by running the following command:
++
+[source,terminal]
+----
+$ oc rollout restart deployment.apps/tempo-operator-controller -n openshift-tempo-operator
+----
+
+
+* Missing images for running the {TempoOperator} in restricted environments. The {TempoName} CSV is missing references to the operand images. (link:https://issues.redhat.com/browse/TRACING-3523[TRACING-3523])
++
+.Workaround
++
+Add the {TempoOperator} related images in the mirroring tool to mirror the images to the registry:
++
+[source,yaml]
+----
+kind: ImageSetConfiguration
+apiVersion: mirror.openshift.io/v1alpha2
+archiveSize: 20
+storageConfig:
+  local:
+    path: /home/user/images
+mirror:
+  operators:
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+    packages:
+    - name: tempo-product
+      channels:
+      - name: stable
+  additionalImages:
+  - name: registry.redhat.io/rhosdt/tempo-rhel8@sha256:e4295f837066efb05bcc5897f31eb2bdbd81684a8c59d6f9498dd3590c62c12a
+  - name: registry.redhat.io/rhosdt/tempo-gateway-rhel8@sha256:b62f5cedfeb5907b638f14ca6aaeea50f41642980a8a6f87b7061e88d90fac23
+  - name: registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8@sha256:8cd134deca47d6817b26566e272e6c3f75367653d589f5c90855c59b2fab01e9
+  - name: registry.redhat.io/rhosdt/tempo-query-rhel8@sha256:0da43034f440b8258a48a0697ba643b5643d48b615cdb882ac7f4f1f80aad08e
+----
+
+[id="otel-release-notes_distributed-tracing-rn-2-9"]
+== {OTELName}
+
+:FeatureName: The {OTELName}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+[id="new-features-and-enhancements_otel-release-notes_distributed-tracing-rn-2-9"]
+=== New features and enhancements
+
+This release introduces the following enhancements for the {OTELShortName}:
+
+* Support OTLP metrics ingestion. The metrics can be forwarded and stored in the `user-workload-monitoring` via the Prometheus exporter.
+
+* Support the link:https://operatorframework.io/operator-capabilities/[operator maturity] Level IV, Deep Insights, which enables upgrading and monitoring of `OpenTelemetry Collector` instances and the {OTELOperator}.
+
+* Report traces and metrics from remote clusters using OTLP or HTTP and HTTPS.
+
+* Collect {product-title} resource attributes via the `resourcedetection` processor.
+
+* Support the `managed` and `unmanaged` states in the `OpenTelemetryCollector` custom resouce.
+
+//[id="technology-preview-features_otel-release-notes_distributed-tracing-rn-2-9"]
+//=== Technology Preview features
+//not for 2.9
+
+[id="bug-fixes_otel-release-notes_distributed-tracing-rn-2-9"]
+=== Bug fixes
+
+None.
+
+[id="known-issues_otel-release-notes_distributed-tracing-rn-2-9"]
+=== Known issues
+
+* Currently, you must manually set link:https://operatorframework.io/operator-capabilities/[operator maturity] to Level IV, Deep Insights. (link:https://issues.redhat.com/browse/TRACING-3431[TRACING-3431])
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_rn/distr-tracing-rn-3-0.adoc b/distr_tracing/distr_tracing_rn/distr-tracing-rn-3-0.adoc
new file mode 100644
index 000000000000..63d903536b1f
--- /dev/null
+++ b/distr_tracing/distr_tracing_rn/distr-tracing-rn-3-0.adoc
@@ -0,0 +1,95 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="distributed-tracing-rn-3-0"]
+= Release notes for {DTProductName} 3.0
+:context: distributed-tracing-rn-3-0
+
+toc::[]
+
+include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
+
+[id="component-versions_distributed-tracing-rn-3-0"]
+== Component versions in the {DTProductName} 3.0
+
+[options="header"]
+|===
+|Operator |Component |Version
+|{JaegerName}
+|Jaeger
+|1.51.0
+
+|xref:../../otel/otel-release-notes.adoc[{OTELName}]
+|OpenTelemetry
+|0.89.0
+
+|{TempoName}
+|Tempo
+|2.3.0
+|===
+
+// Jaeger section
+[id="jaeger-release-notes_distributed-tracing-rn-3-0"]
+== {JaegerName}
+
+[id="deprecated-functionality_jaeger-release-notes_distributed-tracing-rn-3-0"]
+=== Deprecated functionality
+
+In Red Hat OpenShift distributed tracing 3.0, Jaeger and Elasticsearch are deprecated, and both are planned to be removed in a future release. Red Hat will provide critical and above CVE bug fixes and support for these components during the current release lifecycle, but these components will no longer receive feature enhancements.
+
+In Red Hat OpenShift distributed tracing 3.0, Tempo provided by the {TempoOperator} and the OpenTelemetry collector provided by the Red Hat build of OpenTelemetry are the preferred Operators for distributed tracing collection and storage. The OpenTelemetry and Tempo distributed tracing stack is to be adopted by all users because this will be the stack that will be enhanced going forward.
+
+[id="new-features-and-enhancements_jaeger-release-notes_distributed-tracing-rn-3-0"]
+=== New features and enhancements
+
+This update introduces the following enhancements for the {JaegerShortName}:
+
+* Support for the ARM architecture.
+* Support for cluster-wide proxy environments.
+
+[id="bug-fixes_jaeger-release-notes_distributed-tracing-rn-3-0"]
+=== Bug fixes
+
+This update introduces the following bug fixes for the {JaegerShortName}:
+
+* Fixed support for disconnected environments when using the `oc adm catalog mirror` CLI command. (link:https://issues.redhat.com/browse/TRACING-3546[TRACING-3546])
+
+[id="known-issues_jaeger-release-notes_distributed-tracing-rn-3-0"]
+=== Known issues
+
+* Currently, Apache Spark is not supported.
+
+ifndef::openshift-rosa[]
+
+* Currently, the streaming deployment via AMQ/Kafka is not supported on the IBM Z and IBM Power Systems architectures.
+endif::openshift-rosa[]
+
+// Tempo section
+[id="tempo-release-notes_distributed-tracing-rn-3-0"]
+== {TempoName}
+
+[id="new-features-and-enhancements_tempo-release-notes_distributed-tracing-rn-3-0"]
+=== New features and enhancements
+
+This update introduces the following enhancements for the {TempoShortName}:
+
+* Support for the ARM architecture.
+* Support for span request count, duration, and error count (RED) metrics. The metrics can be visualized in the Jaeger console deployed as part of Tempo or in the web console in the *Observe* menu.
+
+[id="bug-fixes_tempo-release-notes_distributed-tracing-rn-3-0"]
+=== Bug fixes
+
+This update introduces the following bug fixes for the {TempoShortName}:
+
+* Fixed support for the custom TLS CA option for connecting to object storage. (link:https://issues.redhat.com/browse/TRACING-3462[TRACING-3462])
+* Fixed support for disconnected environments when using the `oc adm catalog mirror` CLI command. (link:https://issues.redhat.com/browse/TRACING-3523[TRACING-3523])
+* Fixed mTLS when Gateway is not deployed. (link:https://issues.redhat.com/browse/TRACING-3510[TRACING-3510])
+
+[id="known-issues_tempo-release-notes_distributed-tracing-rn-3-0"]
+=== Known issues
+
+* Currently, when used with the {TempoOperator}, the Jaeger UI only displays services that have sent traces in the last 15 minutes. For services that did not send traces in the last 15 minutes, traces are still stored but not displayed in the Jaeger UI. (link:https://issues.redhat.com/browse/TRACING-3139[TRACING-3139])
+* Currently, the {TempoShortName} fails on the IBM Z (`s390x`) architecture. (link:https://issues.redhat.com/browse/TRACING-3545[TRACING-3545])
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/logging/v5_7/images b/distr_tracing/distr_tracing_rn/images
similarity index 100%
rename from logging/v5_7/images
rename to distr_tracing/distr_tracing_rn/images
diff --git a/microshift_storage/container_storage_interface_microshift/modules b/distr_tracing/distr_tracing_rn/modules
similarity index 100%
rename from microshift_storage/container_storage_interface_microshift/modules
rename to distr_tracing/distr_tracing_rn/modules
diff --git a/logging/v5_5/snippets b/distr_tracing/distr_tracing_rn/snippets
similarity index 100%
rename from logging/v5_5/snippets
rename to distr_tracing/distr_tracing_rn/snippets
diff --git a/logging/v5_7/_attributes b/distr_tracing/distr_tracing_tempo/_attributes
similarity index 100%
rename from logging/v5_7/_attributes
rename to distr_tracing/distr_tracing_tempo/_attributes
diff --git a/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-configuring.adoc b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
new file mode 100644
index 000000000000..841663f9be21
--- /dev/null
+++ b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
@@ -0,0 +1,35 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="distr-tracing-tempo-configuring"]
+= Configuring and deploying the {TempoShortName}
+include::_attributes/common-attributes.adoc[]
+:context: distr-tracing-tempo-configuring
+
+toc::[]
+
+The {TempoOperator} uses a custom resource definition (CRD) file that defines the architecture and configuration settings to be used when creating and deploying the {TempoShortName} resources. You can install the default configuration or modify the file.
+
+[id="customizing-your-tempo-deployment"]
+== Customizing your deployment
+
+ifdef::openshift-enterprise,openshift-dedicated[]
+For information about configuring the back-end storage, see xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[Understanding persistent storage] and the appropriate configuration topic for your chosen storage option.
+endif::[]
+
+include::modules/distr-tracing-tempo-config-default.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-tempo-config-storage.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-tempo-config-query-frontend.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-tempo-config-spanmetrics.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-tempo-config-multitenancy.adoc[leveloffset=+2]
+
+[id="setting-up-monitoring-for-tempo"]
+== Setting up monitoring for the {TempoShortName}
+
+The {TempoOperator} supports monitoring and alerting of each TempoStack component such as distributor, ingester, and so on, and exposes upgrade and operational metrics about the Operator itself.
+
+include::modules/distr-tracing-tempo-configuring-tempostack-metrics-and-alerts.adoc[leveloffset=+2]
+
+include::modules/distr-tracing-tempo-configuring-tempooperator-metrics-and-alerts.adoc[leveloffset=+2]
diff --git a/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-installing.adoc b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-installing.adoc
new file mode 100644
index 000000000000..03c7bcf37c22
--- /dev/null
+++ b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-installing.adoc
@@ -0,0 +1,31 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-tempo-installing"]
+= Installing the {TempoShortName}
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-tempo-installing
+
+toc::[]
+
+Installing the {TempoShortName} involves the following steps:
+
+. Setting up supported object storage.
+. Installing the {TempoOperator}.
+. Creating a secret for the object storage credentials.
+. Creating a namespace for a TempoStack instance.
+. Creating a `TempoStack` custom resource to deploy at least one TempoStack instance.
+
+include::modules/distr-tracing-tempo-storage-ref.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-tempo-install-web-console.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-tempo-install-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_dist-tracing-tempo-installing"]
+== Additional resources
+* xref:../../post_installation_configuration/preparing-for-users.adoc#creating-cluster-admin_post-install-preparing-for-users[Creating a cluster admin]
+* link:https://operatorhub.io/[OperatorHub.io]
+* xref:../../web_console/web-console.adoc#web-console[Accessing the web console]
+* xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-from-operatorhub-using-web-console_olm-adding-operators-to-a-cluster[Installing from OperatorHub using the web console]
+* xref:../../operators/user/olm-creating-apps-from-installed-operators.adoc#olm-creating-apps-from-installed-operators[Creating applications from installed Operators]
+* xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#getting-started-cli[Getting started with the OpenShift CLI]
diff --git a/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-removing.adoc b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-removing.adoc
new file mode 100644
index 000000000000..8b19fa766987
--- /dev/null
+++ b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-removing.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-tempo-removing"]
+= Removing the {TempoName}
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-tempo-removing
+
+toc::[]
+
+The steps for removing the {TempoName} from an {product-title} cluster are as follows:
+
+. Shut down all {TempoShortName} pods.
+. Remove any TempoStack instances.
+. Remove the {TempoOperator}.
+
+include::modules/distr-tracing-tempo-remove-web-console.adoc[leveloffset=+1]
+
+include::modules/distr-tracing-tempo-remove-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_dist-tracing-tempo-removing"]
+== Additional resources
+
+* xref:../../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster]
+* xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#getting-started-cli[Getting started with the OpenShift CLI]
\ No newline at end of file
diff --git a/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-updating.adoc b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-updating.adoc
new file mode 100644
index 000000000000..05a7b4dd24b8
--- /dev/null
+++ b/distr_tracing/distr_tracing_tempo/distr-tracing-tempo-updating.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-tempo-updating"]
+= Updating the {TempoShortName}
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-tempo-updating
+
+toc::[]
+
+For version upgrades, the {TempoOperator} uses the Operator Lifecycle Manager (OLM), which controls installation, upgrade, and role-based access control (RBAC) of Operators in a cluster.
+
+The OLM runs in the {product-title} by default. The OLM queries for available Operators as well as upgrades for installed Operators.
+
+When the {TempoOperator} is upgraded to the new version, it scans for running TempoStack instances that it manages and upgrades them to the version corresponding to the Operator's new version.
+[role="_additional-resources"]
+[id="additional-resources_dist-tracing-tempo-updating"]
+== Additional resources
+
+* xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[Operator Lifecycle Manager concepts and resources]
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
diff --git a/rosa_support/remote_health_monitoring/images b/distr_tracing/distr_tracing_tempo/images
similarity index 100%
rename from rosa_support/remote_health_monitoring/images
rename to distr_tracing/distr_tracing_tempo/images
diff --git a/rosa_support/remote_health_monitoring/modules b/distr_tracing/distr_tracing_tempo/modules
similarity index 100%
rename from rosa_support/remote_health_monitoring/modules
rename to distr_tracing/distr_tracing_tempo/modules
diff --git a/logging/v5_6/snippets b/distr_tracing/distr_tracing_tempo/snippets
similarity index 100%
rename from logging/v5_6/snippets
rename to distr_tracing/distr_tracing_tempo/snippets
diff --git a/distr_tracing/distributed-tracing-release-notes.adoc b/distr_tracing/distributed-tracing-release-notes.adoc
deleted file mode 100644
index fcac0d5f7275..000000000000
--- a/distr_tracing/distributed-tracing-release-notes.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-:_content-type: ASSEMBLY
-[id="distr-tracing-release-notes"]
-= Distributed tracing release notes
-include::_attributes/common-attributes.adoc[]
-:context: distributed-tracing-release-notes
-
-toc::[]
-
-include::modules/distr-tracing-product-overview.adoc[leveloffset=+1]
-
-include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
-
-include::modules/support.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-rn-new-features.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-rn-technology-preview.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-rn-known-issues.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-rn-fixed-issues.adoc[leveloffset=+1]
diff --git a/getting_started/accessing-your-services.adoc b/getting_started/accessing-your-services.adoc
index 93c9fb6080fb..b3eaef5daff2 100644
--- a/getting_started/accessing-your-services.adoc
+++ b/getting_started/accessing-your-services.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="accessing-your-services"]
 = Accessing your services
 include::_attributes/common-attributes.adoc[]
diff --git a/getting_started/dedicated-networking.adoc b/getting_started/dedicated-networking.adoc
index 5f3e4a324521..11e2c788ec20 100644
--- a/getting_started/dedicated-networking.adoc
+++ b/getting_started/dedicated-networking.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-networking"]
 = Neworking
 include::_attributes/common-attributes.adoc[]
diff --git a/getting_started/deleting-your-cluster.adoc b/getting_started/deleting-your-cluster.adoc
index f06749fd3a62..a9de4d412acf 100644
--- a/getting_started/deleting-your-cluster.adoc
+++ b/getting_started/deleting-your-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deleting-your-cluster"]
 = Deleting your cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/getting_started/kubernetes-overview.adoc b/getting_started/kubernetes-overview.adoc
index 54d4654afabd..4853629266a9 100644
--- a/getting_started/kubernetes-overview.adoc
+++ b/getting_started/kubernetes-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kubernetes-overview"]
 = Kubernetes overview
 include::_attributes/common-attributes.adoc[]
diff --git a/getting_started/openshift-cli.adoc b/getting_started/openshift-cli.adoc
index 3852a6598f34..5575701977fb 100644
--- a/getting_started/openshift-cli.adoc
+++ b/getting_started/openshift-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="openshift-cli"]
 = Creating and building an application using the CLI
 include::_attributes/common-attributes.adoc[]
diff --git a/getting_started/openshift-overview.adoc b/getting_started/openshift-overview.adoc
index 82aebc6bbe42..4daa5fd7fab1 100644
--- a/getting_started/openshift-overview.adoc
+++ b/getting_started/openshift-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="openshift-overview"]
 = {product-title} overview
 include::_attributes/common-attributes.adoc[]
@@ -56,7 +56,7 @@ to see your applications, monitor status, connect and group components, and modi
 * ** xref:../cli_reference/odo-important-update.adoc#odo-important_update[Use the developer CLI tool (`odo`)]**:
 The `odo` CLI tool lets developers create single or multi-component applications and automates deployment, build, and service route configurations. It abstracts complex Kubernetes and {product-title} concepts, allowing you to focus on developing your applications.
 
-* **xref:../cicd/pipelines/understanding-openshift-pipelines.adoc#op-key-features[Create CI/CD Pipelines]**: Pipelines are serverless, cloud-native, continuous integration, and continuous deployment systems that run in isolated containers.
+* **link:https://docs.openshift.com/pipelines/latest/about/understanding-openshift-pipelines.html#op-key-features[Create CI/CD Pipelines]**: Pipelines are serverless, cloud-native, continuous integration, and continuous deployment systems that run in isolated containers.
 They use standard Tekton custom resources to automate deployments and are designed for decentralized teams working on microservices-based architecture.
 
 * **Deploy Helm charts**:
diff --git a/getting_started/openshift-web-console.adoc b/getting_started/openshift-web-console.adoc
index f34f48e3b1c9..f0ac763318cf 100644
--- a/getting_started/openshift-web-console.adoc
+++ b/getting_started/openshift-web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="openshift-web-console"]
 = Creating and building an application using the web console
 include::_attributes/common-attributes.adoc[]
diff --git a/getting_started/scaling-your-cluster.adoc b/getting_started/scaling-your-cluster.adoc
index 0468c0c63a78..0075df9bbc5f 100644
--- a/getting_started/scaling-your-cluster.adoc
+++ b/getting_started/scaling-your-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="scaling-your-cluster"]
 = Scaling your cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/hardware_enablement/about-hardware-enablement.adoc b/hardware_enablement/about-hardware-enablement.adoc
index 36cef34b0431..eed8ee483f92 100644
--- a/hardware_enablement/about-hardware-enablement.adoc
+++ b/hardware_enablement/about-hardware-enablement.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-hardware-enablement"]
 = About specialized hardware and driver enablement
 include::_attributes/common-attributes.adoc[]
@@ -8,4 +8,4 @@ toc::[]
 
 The Driver Toolkit (DTK) is a container image in the {product-title} payload which is meant to be used as a base image on which to build driver containers. The Driver Toolkit image contains the kernel packages commonly required as dependencies to build or install kernel modules as well as a few tools needed in driver containers. The version of these packages will match the kernel version running on the RHCOS nodes in the corresponding {product-title} release.
 
-Driver containers are container images used for building and deploying out-of-tree kernel modules and drivers on container operating systems such as :op-system-first:. Kernel modules and drivers are software libraries running with a high level of privilege in the operating system kernel. They extend the kernel functionalities or provide the hardware-specific code required to control new devices. Examples include hardware devices like field-programmable gate arrays (FPGA) or graphics processing units (GPU), and software-defined storage solutions, which all require kernel modules on client machines. Driver containers are the first layer of the software stack used to enable these technologies on {product-title} deployments.
\ No newline at end of file
+Driver containers are container images used for building and deploying out-of-tree kernel modules and drivers on container operating systems such as {op-system-first}. Kernel modules and drivers are software libraries running with a high level of privilege in the operating system kernel. They extend the kernel functionalities or provide the hardware-specific code required to control new devices. Examples include hardware devices like field-programmable gate arrays (FPGA) or graphics processing units (GPU), and software-defined storage solutions, which all require kernel modules on client machines. Driver containers are the first layer of the software stack used to enable these technologies on {product-title} deployments.
\ No newline at end of file
diff --git a/hardware_enablement/kmm-kernel-module-management.adoc b/hardware_enablement/kmm-kernel-module-management.adoc
index 6db1495f3d79..5cb6ce5fe892 100644
--- a/hardware_enablement/kmm-kernel-module-management.adoc
+++ b/hardware_enablement/kmm-kernel-module-management.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kernel-module-management-operator"]
 = Kernel Module Management Operator
 include::_attributes/common-attributes.adoc[]
@@ -15,8 +15,17 @@ include::modules/kmm-installation.adoc[leveloffset=+1]
 include::modules/kmm-installing-using-web-console.adoc[leveloffset=+2]
 include::modules/kmm-installing-using-cli.adoc[leveloffset=+2]
 include::modules/kmm-installing-older-versions.adoc[leveloffset=+2]
+// Added for TELCODOCS-1309
+include::modules/kmm-uninstalling-kmm.adoc[leveloffset=+1]
+include::modules/kmm-uninstalling-kmmo-red-hat-catalog.adoc[leveloffset=+2]
+include::modules/kmm-uninstalling-kmmo-cli.adoc[leveloffset=+2]
+
 include::modules/kmm-deploying-modules.adoc[leveloffset=+1]
 include::modules/kmm-creating-module-cr.adoc[leveloffset=+2]
+
+// Added for TELCODOCS-1280
+include::modules/kmm-setting-soft-dependencies-between-kernel-modules.adoc[leveloffset=+2]
+
 include::modules/kmm-security.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -24,6 +33,14 @@ include::modules/kmm-security.adoc[leveloffset=+2]
 
 * xref:../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission].
 
+// Added for TELCODOCS-1279
+include::modules/kmm-replacing-in-tree-modules-with-out-of-tree-modules.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://fastbitlab.com/building-a-linux-kernel-module/[Building a linux kernel module]
+
 include::modules/kmm-example-module-cr.adoc[leveloffset=+2]
 include::modules/kmm-creating-moduleloader-image.adoc[leveloffset=+1]
 include::modules/kmm-running-depmod.adoc[leveloffset=+2]
@@ -62,8 +79,56 @@ include::modules/kmm-adding-the-keys-for-secureboot.adoc[leveloffset=+1]
 include::modules/kmm-checking-the-keys.adoc[leveloffset=+2]
 include::modules/kmm-signing-a-prebuilt-driver-container.adoc[leveloffset=+1]
 include::modules/kmm-building-and-signing-a-moduleloader-container-image.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+For information on creating a service account, see link:https://docs.openshift.com/container-platform/4.12/authentication/understanding-and-creating-service-accounts.html#service-accounts-managing_understanding-service-accounts[Creating service accounts].
+
+// Added for TELCODOCS-1109
+include::modules/kmm-hub-hub-and-spoke.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* link:https://www.redhat.com/en/technologies/management/advanced-cluster-management[Red{nbsp}Hat Advanced Cluster Management (RHACM)]
+
+include::modules/kmm-hub-kmm-hub.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://openshift-kmm.netlify.app/documentation/install/[Installing KMM]
+
+include::modules/kmm-hub-installing-kmm-hub.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://catalog.redhat.com/software/containers/kmm/kernel-module-management-hub-operator-bundle/63d84cc33862da54bb19b8c6?architecture=amd64&image=654273ac86f7e537ae452f6ehttps://catalog.redhat.com/software/containers/kmm/kernel-module-management-hub-operator-bundle/63d84cc33862da54bb19b8c6?architecture=amd64&image=654273ac86f7e537ae452f6e[KMM Operator bundle]
+
+include::modules/kmm-hub-installing-kmm-hub-olm.adoc[leveloffset=+3]
+include::modules/kmm-hub-installing-kmm-hub-creating-resources.adoc[leveloffset=+3]
+
+include::modules/kmm-hub-using-the-managedclustermodule.adoc[leveloffset=+2]
+include::modules/kmm-hub-running-kmm-on-the-spoke.adoc[leveloffset=+2]
+
+
+// Added for TELCODOCS-1277
+include::modules/kmm-customizing-upgrades-for-kernel-modules.adoc[leveloffset=+1]
+
+// Added for TELCODOCS-1278
+include::modules/kmm-day1-kernel-module-loading.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.openshift.com/container-platform/4.13/post_installation_configuration/machine-configuration-tasks.html#machine-config-operator_post-install-machine-configuration-tasks[Machine Config Operator]
+
+include::modules/kmm-day1-supported-use-cases.adoc[leveloffset=+2]
+include::modules/kmm-day1-oot-kernel-module-loading-flow.adoc[leveloffset=+2]
+include::modules/kmm-day1-kernel-module-image.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.openshift.com/container-platform/4.13/hardware_enablement/psap-driver-toolkit.html[Driver Toolkit]
+
+include::modules/kmm-day1-in-tree-module-replacement.adoc[leveloffset=+2]
+include::modules/kmm-day1-mco-yaml-creation.adoc[leveloffset=+2]
+include::modules/kmm-day1-machineconfigpool.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
 .Additional resources
-For information on creating a service account, see xref:https://docs.openshift.com/container-platform/4.12/authentication/understanding-and-creating-service-accounts.html#service-accounts-managing_understanding-service-accounts[Creating service accounts].
+* link:https://www.redhat.com/en/blog/openshift-container-platform-4-how-does-machine-config-pool-work[About MachineConfigPool]
 
 include::modules/kmm-debugging-and-troubleshooting.adoc[leveloffset=+1]
 
diff --git a/hardware_enablement/psap-driver-toolkit.adoc b/hardware_enablement/psap-driver-toolkit.adoc
index 9817ddbde47f..747944c9b86a 100644
--- a/hardware_enablement/psap-driver-toolkit.adoc
+++ b/hardware_enablement/psap-driver-toolkit.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="driver-toolkit"]
 = Driver Toolkit
 include::_attributes/common-attributes.adoc[]
diff --git a/hardware_enablement/psap-node-feature-discovery-operator.adoc b/hardware_enablement/psap-node-feature-discovery-operator.adoc
index e35b19794cf8..31d920039587 100644
--- a/hardware_enablement/psap-node-feature-discovery-operator.adoc
+++ b/hardware_enablement/psap-node-feature-discovery-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="node-feature-discovery-operator"]
 = Node Feature Discovery Operator
 include::_attributes/common-attributes.adoc[]
@@ -16,6 +16,10 @@ include::modules/psap-using-node-feature-discovery-operator.adoc[leveloffset=+1]
 
 include::modules/psap-configuring-node-feature-discovery.adoc[leveloffset=+1]
 
+include::modules/nfd-rules-about.adoc[leveloffset=+1]
+
+include::modules/nfd-rules-using.adoc[leveloffset=+1]
+
 include::modules/psap-node-feature-discovery-using-topology-updater.adoc[leveloffset=+1]
 
 include::modules/psap-node-feature-discovery-topology-updater-command-reference.adoc[leveloffset=+2]
diff --git a/hosted_control_planes/hcp-backup-restore-dr.adoc b/hosted_control_planes/hcp-backup-restore-dr.adoc
index 4464b822f02c..85093cdd0184 100644
--- a/hosted_control_planes/hcp-backup-restore-dr.adoc
+++ b/hosted_control_planes/hcp-backup-restore-dr.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="hcp-backup-restore-dr"]
 = Backup, restore, and disaster recovery for hosted control planes
 include::_attributes/common-attributes.adoc[]
@@ -8,13 +8,24 @@ toc::[]
 
 If you need to back up and restore etcd on a hosted cluster or provide disaster recovery for a hosted cluster, see the following procedures.
 
-:FeatureName: Hosted control planes
-include::snippets/technology-preview.adoc[]
+[id="hosted-etcd-non-disruptive-recovery"]
+== Recovering etcd pods for hosted clusters
+
+In hosted clusters, etcd pods run as part of a stateful set. The stateful set relies on persistent storage to store etcd data for each member. In a highly available control plane, the size of the stateful set is three pods, and each member has its own persistent volume claim.
+
+include::modules/hosted-cluster-etcd-status.adoc[leveloffset=+2]
+include::modules/hosted-cluster-single-node-recovery.adoc[leveloffset=+2]
+include::modules/hosted-cluster-etcd-quorum-loss-recovery.adoc[leveloffset=+2]
 
 [id="hcp-backup-restore"]
-== Backing up and restoring etcd on a hosted cluster
+== Backing up and restoring etcd on a hosted cluster on {aws-short}
 
-If you use hosted control planes on {product-title}, the process to back up and restore etcd is different from xref:../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backing-up-etcd-data_backup-etcd[the usual etcd backup process].
+If you use hosted control planes for {product-title}, the process to back up and restore etcd is different from xref:../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backing-up-etcd-data_backup-etcd[the usual etcd backup process].
+
+The following procedures are specific to hosted control planes on {aws-short}.
+
+:FeatureName: Hosted control planes on the {aws-short} platform
+include::snippets/technology-preview.adoc[]
 
 // Backing up etcd on a hosted cluster
 include::modules/backup-etcd-hosted-cluster.adoc[leveloffset=+2]
@@ -23,9 +34,9 @@ include::modules/backup-etcd-hosted-cluster.adoc[leveloffset=+2]
 include::modules/restoring-etcd-snapshot-hosted-cluster.adoc[leveloffset=+2]
 
 [id="hcp-dr-aws"]
-== Disaster recovery for a hosted cluster within an AWS region
+== Disaster recovery for a hosted cluster within an {aws-short} region
 
-In a situation where you need disaster recovery (DR) for a hosted cluster, you can recover a hosted cluster to the same region within AWS. For example, you need DR when the upgrade of a management cluster fails and the hosted cluster is in a read-only state.
+In a situation where you need disaster recovery (DR) for a hosted cluster, you can recover a hosted cluster to the same region within {aws-short}. For example, you need DR when the upgrade of a management cluster fails and the hosted cluster is in a read-only state.
 
 :FeatureName: Hosted control planes
 include::snippets/technology-preview.adoc[]
@@ -67,10 +78,10 @@ Consider an scenario where you have three clusters to restore. Two are managemen
 * HC Kubeconfig: The hosted cluster `kubeconfig` file
 * SSH key file: The SSH public key
 * Pull secret: The pull secret file to access the release images
-* AWS credentials
-* AWS region
+* {aws-short} credentials
+* {aws-short} region
 * Base domain: The DNS base domain to use as an external DNS
-* S3 bucket name: The bucket in the AWS region where you plan to upload the etcd backup
+* S3 bucket name: The bucket in the {aws-short} region where you plan to upload the etcd backup
 
 This information is shown in the following example environment variables.
 
@@ -155,5 +166,4 @@ include::modules/dr-hosted-cluster-within-aws-region-restore.adoc[leveloffset=+2
 include::modules/dr-hosted-cluster-within-aws-region-delete.adoc[leveloffset=+2]
 
 //Helper script
-include::modules/dr-hosted-cluster-within-aws-region-script.adoc[leveloffset=+2]
-
+include::modules/dr-hosted-cluster-within-aws-region-script.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/hosted_control_planes/hcp-configuring.adoc b/hosted_control_planes/hcp-configuring.adoc
index 5dfa05a5fe1e..25af5cc09bfb 100644
--- a/hosted_control_planes/hcp-configuring.adoc
+++ b/hosted_control_planes/hcp-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="hcp-configuring"]
 = Configuring hosted control planes
 include::_attributes/common-attributes.adoc[]
@@ -6,34 +6,59 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-To get started with hosted control planes for {product-title}, you first configure your hosted cluster on the provider that you want to use. Then, you complete a few management tasks. 
-
-:FeatureName: Hosted control planes
-include::snippets/technology-preview.adoc[]
+To get started with hosted control planes for {product-title}, you first configure your hosted cluster on the provider that you want to use. Then, you complete a few management tasks.
 
 You can view the procedures by selecting from one of the following providers:
 
-[id="hcp-configuring-aws"]
-== Amazon Web Services (AWS)
-
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[Configuring the hosting cluster on AWS (Technology Preview)]: The tasks to configure a hosted cluster on AWS include creating the AWS S3 OIDC secret, creating a routable public zone, enabling external DNS, enabling AWS PrivateLink, enabling the hosted control planes feature, and installing the hosted control planes CLI.
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosted-control-planes-manage-aws[Managing hosted control plane clusters on AWS (Technology Preview)]: Management tasks include creating, importing, accessing, or deleting a hosted cluster on AWS.
-
 [id="hcp-configuring-bm"]
 == Bare metal
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-configure-bm[Configuring the hosting cluster on bare metal (Technology Preview)]: Configure DNS before you create a hosted cluster. 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosted-control-planes-manage-bm[Managing hosted control plane clusters on bare metal (Technology Preview)]: Create a hosted cluster, create an `InfraEnv` resource, add agents, access the hosted cluster, scale the `NodePool` object, handle Ingress, enable node auto-scaling, or delete a hosted cluster.
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-sizing-guidance[Hosted control plane sizing guidance]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-install-cli[Installing the hosted control plane command line interface]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-cluster-workload-distributing[Distributing hosted cluster workloads]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#firewall-port-reqs-bare-metal[Bare metal firewall and port requirements]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#infrastructure-reqs-bare-metal[Bare metal infrastructure requirements]: Review the infrastructure requirements to create a hosted cluster on bare metal.
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-configure-bm[Configuring hosted control plane clusters on bare metal]:
+** Configure DNS
+** Create a hosted cluster and verify cluster creation
+** Scale the `NodePool` object for the hosted cluster
+** Handle ingress traffic for the hosted cluster
+** Enable node auto-scaling for the hosted cluster
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#configure-hosted-disconnected[Configuring hosted control planes in a disconnected environment]
 
 [id="hcp-configuring-virt"]
 == {VirtProductName}
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosted-control-planes-manage-kubevirt[Managing hosted control plane clusters on OpenShift Virtualization (Technology Preview)]: Create {product-title} clusters with worker nodes that are hosted by KubeVirt virtual machines. 
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-sizing-guidance[Hosted control plane sizing guidance]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-install-cli[Installing the hosted control plane command line interface]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-cluster-workload-distributing[Distributing hosted cluster workloads]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-control-planes-manage-kubevirt[Managing hosted control plane clusters on OpenShift Virtualization]: Create {product-title} clusters with worker nodes that are hosted by KubeVirt virtual machines.
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#configure-hosted-disconnected[Configuring hosted control planes in a disconnected environment]
+
+[id="hcp-configuring-aws"]
+== {aws-first}
+
+:FeatureName: Hosted control planes on the {aws-short} platform
+include::snippets/technology-preview.adoc[]
 
-// To be added after ACM 2.9 goes live:
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosting-cluster-aws-infra-reqs[AWS infrastructure requirements]: Review the infrastructure requirements to create a hosted cluster on {aws-short}.
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[Configuring hosted control plane clusters on AWS]: The tasks to configure hosted control plane clusters on {aws-short} include creating the {aws-short} S3 OIDC secret, creating a routable public zone, enabling external DNS, enabling {aws-short} PrivateLink, and deploying a hosted cluster.
+* xref:../networking/hardware_networks/configuring-sriov-operator.adoc#sriov-operator-hosted-control-planes_configuring-sriov-operator[Deploying the SR-IOV Operator for hosted control planes]: After you configure and deploy your hosting service cluster, you can create a subscription to the Single Root I/O Virtualization (SR-IOV) Operator on a hosted cluster. The SR-IOV pod runs on worker machines rather than the control plane.
 
-//{ibmpowerProductName}
+[id="hcp-configuring-ibmz"]
+== {ibm-z-title}
 
+:FeatureName: Hosted control planes on the {ibm-z-title} platform
+include::snippets/technology-preview.adoc[]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-install-cli[Installing the hosted control plane command line interface]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-ibmz[Configuring the hosting cluster on x86 bare metal for IBM Z compute nodes (Technology Preview)]
 
+[id="hcp-configuring-ibmpower"]
+== {ibm-power-title}
 
+:FeatureName: Hosted control planes on the {ibm-power-title} platform
+include::snippets/technology-preview.adoc[]
 
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-install-cli[Installing the hosted control plane command line interface]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#config-hosted-service-ibmpower[Configuring the hosting cluster on a 64-bit x86 OpenShift Container Platform cluster to create hosted control planes for IBM Power compute nodes (Technology Preview)]
\ No newline at end of file
diff --git a/hosted_control_planes/hcp-managing.adoc b/hosted_control_planes/hcp-managing.adoc
index 8b02751060d2..1e3618306b71 100644
--- a/hosted_control_planes/hcp-managing.adoc
+++ b/hosted_control_planes/hcp-managing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="hcp-managing"]
 = Managing hosted control planes
 include::_attributes/common-attributes.adoc[]
@@ -8,19 +8,13 @@ toc::[]
 
 After you configure your environment for hosted control planes and create a hosted cluster, you can further manage your clusters and nodes.
 
-:FeatureName: Hosted control planes
-include::snippets/technology-preview.adoc[]
-
 include::modules/updates-for-hosted-control-planes.adoc[leveloffset=+1]
 include::modules/updating-node-pools-for-hcp.adoc[leveloffset=+1]
-include::modules/configuring-node-pools-for-hcp.adoc[leveloffset=+1]
 //restarting hosted control plane components
-//pausing reconciliation
-//debugging why nodes have not joined the cluster
+include::modules/hosted-control-planes-pause-reconciliation.adoc[leveloffset=+1]
 //using service-level DNS for control plane services
-//configuring metrics sets
-include::modules/node-tuning-hosted-cluster.adoc[leveloffset=+1]
-include::modules/sriov-operator-hosted-control-planes.adoc[leveloffset=+1]
+include::modules/hosted-control-planes-metrics-sets.adoc[leveloffset=+1]
+include::modules/hosted-control-planes-monitoring-dashboard.adoc[leveloffset=+1]
 //automated machine management
+include::modules/scale-down-data-plane.adoc[leveloffset=+1]
 include::modules/delete-hosted-cluster.adoc[leveloffset=+1]
-
diff --git a/hosted_control_planes/hcp-troubleshooting.adoc b/hosted_control_planes/hcp-troubleshooting.adoc
new file mode 100644
index 000000000000..6bf744fa62a4
--- /dev/null
+++ b/hosted_control_planes/hcp-troubleshooting.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="hcp-troubleshooting"]
+= Troubleshooting hosted control planes
+include::_attributes/common-attributes.adoc[]
+:context: hcp-troubleshooting
+
+toc::[]
+
+If you encounter issues with hosted control planes, see the following information to guide you through troubleshooting.
+
+:FeatureName: Hosted control planes
+include::snippets/technology-preview.adoc[]
+
+include::modules/hosted-control-planes-troubleshooting.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#trouble-hosted-cluster-backplane[Must-gather for a hosted cluster]
\ No newline at end of file
diff --git a/hosted_control_planes/index.adoc b/hosted_control_planes/index.adoc
index c045590ad6aa..adba4f90744f 100644
--- a/hosted_control_planes/index.adoc
+++ b/hosted_control_planes/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="hcp-overview"]
 = Hosted control planes overview
 include::_attributes/common-attributes.adoc[]
@@ -12,9 +12,14 @@ include::modules/hosted-control-planes-overview.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hypershift-addon-intro[HyperShift add-on (Technology Preview)]
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosted-control-planes-intro[Hosted control planes (Technology Preview)]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-control-planes-intro[Hosted control planes]
 
 include::modules/hosted-control-planes-concepts-personas.adoc[leveloffset=+1]
 include::modules/hosted-control-planes-version-support.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../scalability_and_performance/using-node-tuning-operator.adoc#node-tuning-hosted-cluster_node-tuning-operator[Configuring node tuning in a hosted cluster]
+* xref:../scalability_and_performance/using-node-tuning-operator.adoc#advanced-node-tuning-hosted-cluster_node-tuning-operator[Advanced node tuning for hosted clusters by setting kernel boot parameters]
\ No newline at end of file
diff --git a/images/156_OpenShift_ROSA_Arch_0621_private_public_classic.png b/images/156_OpenShift_ROSA_Arch_0621_private_public_classic.png
new file mode 100644
index 000000000000..320424a1514e
Binary files /dev/null and b/images/156_OpenShift_ROSA_Arch_0621_private_public_classic.png differ
diff --git a/images/156_OpenShift_ROSA_Arch_0621_privatelink.svg b/images/156_OpenShift_ROSA_Arch_0621_privatelink.svg
deleted file mode 100644
index 37f9712650fb..000000000000
--- a/images/156_OpenShift_ROSA_Arch_0621_privatelink.svg
+++ /dev/null
@@ -1,258 +0,0 @@
-<svg id="a7fa9573-abe2-4a40-ae64-fae5bf205cc4" data-name="artwork" xmlns="http://www.w3.org/2000/svg" width="760" height="519.507" viewBox="0 0 760 519.507">
-  <defs>
-    <style>
-      .b1b4035f-3ce4-42a7-bc3e-b94360fb930d {
-        fill: #c4c4c4;
-      }
-
-      .b7c84ee7-c086-42d9-93ee-26d53bfb781f, .e7efa073-ee49-4805-a810-fbb8987e49b0 {
-        font-size: 11px;
-      }
-
-      .b7c84ee7-c086-42d9-93ee-26d53bfb781f, .b85634e9-8401-4824-b3f9-43f8b7f4c31d, .e3f0e370-4c82-46bf-ba70-3fba369fa8db, .e7efa073-ee49-4805-a810-fbb8987e49b0 {
-        fill: #151515;
-      }
-
-      .b7c84ee7-c086-42d9-93ee-26d53bfb781f {
-        font-family: RedHatText-Medium, Red Hat Text;
-        font-weight: 500;
-      }
-
-      .b1f7e056-e611-4777-80a2-a65a28cb0821, .b3fb0424-c963-40cb-9f46-075ec073efa1, .b418bf25-9744-4ab9-b65b-f320f7318127, .b7f18908-c244-4e26-81e8-4de98e875cf5, .bd0843c9-21b4-4b81-9c52-8a9f27180b8d, .f2a6a062-2134-43e7-8296-436a2fa25740, .f3fdb182-0969-4fc9-953e-d5263db0d50f, .f69dd7fb-6bbf-4ca0-aca9-665a506b8919 {
-        fill: none;
-      }
-
-      .bd0843c9-21b4-4b81-9c52-8a9f27180b8d {
-        stroke: #06c;
-      }
-
-      .b3fb0424-c963-40cb-9f46-075ec073efa1, .b418bf25-9744-4ab9-b65b-f320f7318127, .b7f18908-c244-4e26-81e8-4de98e875cf5, .bd0843c9-21b4-4b81-9c52-8a9f27180b8d, .f2a6a062-2134-43e7-8296-436a2fa25740, .f3fdb182-0969-4fc9-953e-d5263db0d50f, .f69dd7fb-6bbf-4ca0-aca9-665a506b8919, .fbc04b7e-7692-4d2e-8e80-0337122aab34 {
-        stroke-linecap: round;
-        stroke-linejoin: round;
-      }
-
-      .b418bf25-9744-4ab9-b65b-f320f7318127, .bd0843c9-21b4-4b81-9c52-8a9f27180b8d {
-        stroke-width: 2px;
-      }
-
-      .b9a814cc-2dba-4cfb-885b-03db17853ad3 {
-        fill: #06c;
-      }
-
-      .ac1a4e9a-8a92-46a2-91ec-3546765ddb62, .fbc04b7e-7692-4d2e-8e80-0337122aab34 {
-        fill: #fff;
-      }
-
-      .b418bf25-9744-4ab9-b65b-f320f7318127, .f2a6a062-2134-43e7-8296-436a2fa25740, .fbc04b7e-7692-4d2e-8e80-0337122aab34 {
-        stroke: #5b5b5b;
-      }
-
-      .f2a6a062-2134-43e7-8296-436a2fa25740, .fbc04b7e-7692-4d2e-8e80-0337122aab34 {
-        stroke-width: 1.5px;
-      }
-
-      .b7f18908-c244-4e26-81e8-4de98e875cf5 {
-        stroke: #151515;
-      }
-
-      .af5f7c8b-59be-4f9c-9020-57fe5f2aacc6 {
-        fill: #5b5b5b;
-      }
-
-      .b3fb0424-c963-40cb-9f46-075ec073efa1, .f3fdb182-0969-4fc9-953e-d5263db0d50f, .f69dd7fb-6bbf-4ca0-aca9-665a506b8919 {
-        stroke: #c4c4c4;
-      }
-
-      .f3fdb182-0969-4fc9-953e-d5263db0d50f {
-        stroke-dasharray: 2.981 2.981;
-      }
-
-      .b3fb0424-c963-40cb-9f46-075ec073efa1 {
-        stroke-dasharray: 3 3;
-      }
-
-      .fdb956ea-1dce-4b0b-a7c0-7a46fd063796 {
-        fill: #e8e8e8;
-      }
-
-      .b85634e9-8401-4824-b3f9-43f8b7f4c31d, .e7efa073-ee49-4805-a810-fbb8987e49b0 {
-        font-family: RedHatText-Bold, Red Hat Text;
-        font-weight: 700;
-      }
-
-      .b85634e9-8401-4824-b3f9-43f8b7f4c31d {
-        font-size: 12px;
-      }
-
-      .a2005cac-254a-463a-9c1a-e3f760590dca {
-        font-size: 10px;
-        fill: #ececec;
-        font-family: RedHatText-Regular, Red Hat Text;
-      }
-    </style>
-  </defs>
-  <path class="b1b4035f-3ce4-42a7-bc3e-b94360fb930d" d="M759,178.732V478.507H227.5V178.732H759m1-1H226.5V479.507H760V177.732Z"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(0 207.113)">Private network</text>
-  <line class="bd0843c9-21b4-4b81-9c52-8a9f27180b8d" x1="740" y1="192.352" x2="1" y2="193.852"/>
-  <g>
-    <line class="bd0843c9-21b4-4b81-9c52-8a9f27180b8d" x1="104.094" y1="159.356" x2="104.094" y2="183.18"/>
-    <polygon class="b9a814cc-2dba-4cfb-885b-03db17853ad3" points="99.107 181.721 104.094 190.356 109.08 181.721 99.107 181.721"/>
-  </g>
-  <g>
-    <line class="bd0843c9-21b4-4b81-9c52-8a9f27180b8d" x1="184.258" y1="171.356" x2="184.258" y2="183.18"/>
-    <polygon class="b9a814cc-2dba-4cfb-885b-03db17853ad3" points="179.272 181.721 184.258 190.356 189.245 181.721 179.272 181.721"/>
-  </g>
-  <g>
-    <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(162.055 154.659)">Route53<tspan x="10.433" y="12">DNS</tspan></text>
-    <g>
-      <rect class="fbc04b7e-7692-4d2e-8e80-0337122aab34" x="156.758" y="124.314" width="55" height="13.75"/>
-      <line class="b418bf25-9744-4ab9-b65b-f320f7318127" x1="205.879" y1="130.211" x2="205.879" y2="130.211"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="162.651" y1="129.176" x2="162.651" y2="133.141"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="168.544" y1="129.176" x2="168.544" y2="133.141"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="174.437" y1="129.176" x2="174.437" y2="133.141"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="180.33" y1="129.176" x2="180.33" y2="133.141"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="186.223" y1="129.176" x2="186.223" y2="133.141"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="192.115" y1="129.176" x2="192.115" y2="133.141"/>
-    </g>
-  </g>
-  <g>
-    <line class="b7f18908-c244-4e26-81e8-4de98e875cf5" x1="104.094" y1="101.864" x2="104.094" y2="82.54"/>
-    <polygon class="e3f0e370-4c82-46bf-ba70-3fba369fa8db" points="109.08 100.405 104.094 109.04 99.107 100.405 109.08 100.405"/>
-  </g>
-  <g>
-    <line class="b7f18908-c244-4e26-81e8-4de98e875cf5" x1="26.713" y1="183.18" x2="26.713" y2="69.41"/>
-    <polygon class="e3f0e370-4c82-46bf-ba70-3fba369fa8db" points="31.699 181.721 26.713 190.357 21.726 181.721 31.699 181.721"/>
-  </g>
-  <g>
-    <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(0 64.096)">Developer</text>
-    <g>
-      <path class="fbc04b7e-7692-4d2e-8e80-0337122aab34" d="M45.162,47.529a18.451,18.451,0,0,0-36.9,0Z"/>
-      <ellipse class="fbc04b7e-7692-4d2e-8e80-0337122aab34" cx="26.713" cy="20.175" rx="9.262" ry="9.148"/>
-    </g>
-  </g>
-  <g>
-    <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(83.249 64.097)">Red Hat<tspan x="-13.25" y="12">Management</tspan></text>
-    <g>
-      <path class="fbc04b7e-7692-4d2e-8e80-0337122aab34" d="M122.544,47.529a18.451,18.451,0,0,0-36.9,0Z"/>
-      <ellipse class="fbc04b7e-7692-4d2e-8e80-0337122aab34" cx="104.095" cy="20.175" rx="9.262" ry="9.148"/>
-    </g>
-  </g>
-  <g>
-    <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(74.378 154.659)">PrivateLink</text>
-    <g>
-      <path class="fbc04b7e-7692-4d2e-8e80-0337122aab34" d="M125.361,128.967a6.694,6.694,0,0,0-6.207-4.156A13.4,13.4,0,0,0,94.119,118.3a10.22,10.22,0,0,0-1.726-.157,9.968,9.968,0,1,0,0,19.936h19.486"/>
-      <path class="af5f7c8b-59be-4f9c-9020-57fe5f2aacc6" d="M125.625,131.975,121.031,131a.949.949,0,0,0-.4,0l-4.594.976a.959.959,0,0,0-.758.937V138.2a5.551,5.551,0,1,0,11.1,0v-5.287A.959.959,0,0,0,125.625,131.975Z"/>
-    </g>
-  </g>
-  <g>
-    <polyline class="b7f18908-c244-4e26-81e8-4de98e875cf5" points="485.25 271.834 485.25 220.477 445.426 220.477"/>
-    <polygon class="e3f0e370-4c82-46bf-ba70-3fba369fa8db" points="446.885 215.49 438.25 220.477 446.885 225.463 446.885 215.49"/>
-  </g>
-  <g>
-    <polyline class="b7f18908-c244-4e26-81e8-4de98e875cf5" points="614 271.834 614 220.477 500.25 220.477 500.25 262.158"/>
-    <polygon class="e3f0e370-4c82-46bf-ba70-3fba369fa8db" points="495.263 260.699 500.25 269.334 505.236 260.699 495.263 260.699"/>
-  </g>
-  <g>
-    <line class="b7f18908-c244-4e26-81e8-4de98e875cf5" x1="664.5" y1="249.372" x2="664.5" y2="262.158"/>
-    <polygon class="e3f0e370-4c82-46bf-ba70-3fba369fa8db" points="659.514 260.699 664.5 269.334 669.486 260.699 659.514 260.699"/>
-  </g>
-  <g>
-    <polyline class="b7f18908-c244-4e26-81e8-4de98e875cf5" points="329.568 262.158 329.568 220.477 385.125 220.477"/>
-    <polygon class="e3f0e370-4c82-46bf-ba70-3fba369fa8db" points="334.554 260.699 329.568 269.334 324.581 260.699 334.554 260.699"/>
-  </g>
-  <g>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="402.5 450.334 402.5 451.834 401 451.834"/>
-    <line class="f3fdb182-0969-4fc9-953e-d5263db0d50f" x1="398.019" y1="451.834" x2="244.491" y2="451.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="243 451.834 241.5 451.834 241.5 450.334"/>
-    <line class="b3fb0424-c963-40cb-9f46-075ec073efa1" x1="241.5" y1="447.334" x2="241.5" y2="274.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="241.5 273.334 241.5 271.834 243 271.834"/>
-    <line class="f3fdb182-0969-4fc9-953e-d5263db0d50f" x1="245.981" y1="271.834" x2="399.509" y2="271.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="401 271.834 402.5 271.834 402.5 273.334"/>
-    <line class="b3fb0424-c963-40cb-9f46-075ec073efa1" x1="402.5" y1="276.334" x2="402.5" y2="448.834"/>
-  </g>
-  <rect class="fdb956ea-1dce-4b0b-a7c0-7a46fd063796" x="251.5" y="281.834" width="141" height="155"/>
-  <text class="e7efa073-ee49-4805-a810-fbb8987e49b0" transform="translate(261.5 301.938)">Control plane nodes <tspan x="0" y="12">(x3)</tspan></text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="261.5" y="326.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(297.487 344.881)">apiserver</text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="261.5" y="361.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(309.839 379.881)">etcd</text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="261.5" y="396.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(296.321 414.881)">controller</text>
-  <g>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="573.75 450.334 573.75 451.834 572.25 451.834"/>
-    <line class="f3fdb182-0969-4fc9-953e-d5263db0d50f" x1="569.269" y1="451.834" x2="415.741" y2="451.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="414.25 451.834 412.75 451.834 412.75 450.334"/>
-    <line class="b3fb0424-c963-40cb-9f46-075ec073efa1" x1="412.75" y1="447.334" x2="412.75" y2="274.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="412.75 273.334 412.75 271.834 414.25 271.834"/>
-    <line class="f3fdb182-0969-4fc9-953e-d5263db0d50f" x1="417.231" y1="271.834" x2="570.759" y2="271.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="572.25 271.834 573.75 271.834 573.75 273.334"/>
-    <line class="b3fb0424-c963-40cb-9f46-075ec073efa1" x1="573.75" y1="276.334" x2="573.75" y2="448.834"/>
-  </g>
-  <rect class="fdb956ea-1dce-4b0b-a7c0-7a46fd063796" x="422.75" y="281.834" width="141" height="155"/>
-  <text class="e7efa073-ee49-4805-a810-fbb8987e49b0" transform="translate(432.75 301.938)">Worker nodes <tspan x="0" y="12">(xN)</tspan></text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="432.75" y="326.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(455.762 344.881)">Compute (xN)</text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="432.75" y="361.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(445.016 379.881)">Persistent storage</text>
-  <g>
-    <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(385.845 243.945)">API NLB</text>
-    <g>
-      <rect class="fbc04b7e-7692-4d2e-8e80-0337122aab34" x="380.125" y="213.602" width="55" height="13.75"/>
-      <line class="b418bf25-9744-4ab9-b65b-f320f7318127" x1="429.246" y1="219.498" x2="429.246" y2="219.498"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="386.018" y1="218.464" x2="386.018" y2="222.429"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="391.911" y1="218.464" x2="391.911" y2="222.429"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="397.804" y1="218.464" x2="397.804" y2="222.429"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="403.696" y1="218.464" x2="403.696" y2="222.429"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="409.589" y1="218.464" x2="409.589" y2="222.429"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="415.482" y1="218.464" x2="415.482" y2="222.429"/>
-    </g>
-  </g>
-  <g>
-    <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(641.917 243.947)">App ELB</text>
-    <g>
-      <rect class="fbc04b7e-7692-4d2e-8e80-0337122aab34" x="637" y="213.602" width="55" height="13.75"/>
-      <line class="b418bf25-9744-4ab9-b65b-f320f7318127" x1="686.121" y1="219.498" x2="686.121" y2="219.498"/>
-      <line class="f2a6a062-2134-43e7-8296-436a2fa25740" x1="643.735" y1="221.459" x2="651.985" y2="221.459"/>
-    </g>
-  </g>
-  <g>
-    <line class="bd0843c9-21b4-4b81-9c52-8a9f27180b8d" x1="407.625" y1="193.019" x2="407.625" y2="203.16"/>
-    <polygon class="b9a814cc-2dba-4cfb-885b-03db17853ad3" points="402.638 201.701 407.625 210.336 412.611 201.701 402.638 201.701"/>
-  </g>
-  <g>
-    <line class="bd0843c9-21b4-4b81-9c52-8a9f27180b8d" x1="664.5" y1="193.019" x2="664.5" y2="203.16"/>
-    <polygon class="b9a814cc-2dba-4cfb-885b-03db17853ad3" points="659.514 201.701 664.5 210.336 669.486 201.701 659.514 201.701"/>
-  </g>
-  <g>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="745 450.334 745 451.834 743.5 451.834"/>
-    <line class="f3fdb182-0969-4fc9-953e-d5263db0d50f" x1="740.519" y1="451.834" x2="586.991" y2="451.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="585.5 451.834 584 451.834 584 450.334"/>
-    <line class="b3fb0424-c963-40cb-9f46-075ec073efa1" x1="584" y1="447.334" x2="584" y2="274.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="584 273.334 584 271.834 585.5 271.834"/>
-    <line class="f3fdb182-0969-4fc9-953e-d5263db0d50f" x1="588.481" y1="271.834" x2="742.009" y2="271.834"/>
-    <polyline class="f69dd7fb-6bbf-4ca0-aca9-665a506b8919" points="743.5 271.834 745 271.834 745 273.334"/>
-    <line class="b3fb0424-c963-40cb-9f46-075ec073efa1" x1="745" y1="276.334" x2="745" y2="448.834"/>
-  </g>
-  <rect class="fdb956ea-1dce-4b0b-a7c0-7a46fd063796" x="594" y="281.834" width="141" height="155"/>
-  <text class="e7efa073-ee49-4805-a810-fbb8987e49b0" transform="translate(604 301.938)">Infra nodes <tspan x="0" y="12">(x2, x3)</tspan></text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="604" y="326.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(643.925 344.881)">registry</text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="604" y="361.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(647.758 379.881)">router</text>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="604" y="396.834" width="120" height="30"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(635.642 414.881)">monitoring</text>
-  <g>
-    <text class="b85634e9-8401-4824-b3f9-43f8b7f4c31d" transform="translate(702.797 162.732)">AWS VPC</text>
-    <line class="b7f18908-c244-4e26-81e8-4de98e875cf5" x1="699.599" y1="158.204" x2="676.735" y2="177.732"/>
-  </g>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="274.429" y="444.078" width="95.143" height="14.513"/>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="445.679" y="444.078" width="95.143" height="14.513"/>
-  <rect class="ac1a4e9a-8a92-46a2-91ec-3546765ddb62" x="616.929" y="444.078" width="95.143" height="14.513"/>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(280.085 454.381)">Availability zone<tspan x="23.683" y="12">(x1, x3)</tspan></text>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(451.336 454.381)">Availability zone<tspan x="23.683" y="12">(x1, x3)</tspan></text>
-  <text class="b7c84ee7-c086-42d9-93ee-26d53bfb781f" transform="translate(622.585 454.381)">Availability zone<tspan x="23.683" y="12">(x1, x3)</tspan></text>
-  <g>
-    <text class="a2005cac-254a-463a-9c1a-e3f760590dca" transform="translate(672.322 502.524)">156_OpenShift_1221</text>
-    <rect class="b1f7e056-e611-4777-80a2-a65a28cb0821" y="479.507" width="760" height="40"/>
-  </g>
-</svg>
diff --git a/images/156_OpenShift_ROSA_Arch_1221_privatelink.png b/images/156_OpenShift_ROSA_Arch_1221_privatelink.png
new file mode 100644
index 000000000000..8828ac12281d
Binary files /dev/null and b/images/156_OpenShift_ROSA_Arch_1221_privatelink.png differ
diff --git a/images/299_OpenShift_OVN-Kubernetes_arch_1023_1.png b/images/299_OpenShift_OVN-Kubernetes_arch_1023_1.png
new file mode 100644
index 000000000000..3e5945145109
Binary files /dev/null and b/images/299_OpenShift_OVN-Kubernetes_arch_1023_1.png differ
diff --git a/images/299_OpenShift_OVN-Kubernetes_arch_1023_2.png b/images/299_OpenShift_OVN-Kubernetes_arch_1023_2.png
new file mode 100644
index 000000000000..00bf0dbe4368
Binary files /dev/null and b/images/299_OpenShift_OVN-Kubernetes_arch_1023_2.png differ
diff --git a/images/317_RHbM_OVN_topology_0923.png b/images/317_RHbM_OVN_topology_0923.png
new file mode 100644
index 000000000000..eaac49635f94
Binary files /dev/null and b/images/317_RHbM_OVN_topology_0923.png differ
diff --git a/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1023_PTP.png b/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1023_PTP.png
new file mode 100644
index 000000000000..04e146639eff
Binary files /dev/null and b/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1023_PTP.png differ
diff --git a/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1023_RAN_DU.png b/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1023_RAN_DU.png
new file mode 100644
index 000000000000..8df60ee4b739
Binary files /dev/null and b/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1023_RAN_DU.png differ
diff --git a/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1123_PTP_network.png b/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1123_PTP_network.png
new file mode 100644
index 000000000000..ed3654b072a5
Binary files /dev/null and b/images/319_OpenShift_PTP_bare-metal_OCP_nodes_1123_PTP_network.png differ
diff --git a/images/334_OpenShift_cluster_updating_and_CCO_workflows_0523_4.11_A.png b/images/334_OpenShift_cluster_updating_and_CCO_workflows_0523_4.11_A.png
deleted file mode 100644
index ac969c08eb96..000000000000
Binary files a/images/334_OpenShift_cluster_updating_and_CCO_workflows_0523_4.11_A.png and /dev/null differ
diff --git a/images/334_OpenShift_cluster_updating_and_CCO_workflows_0923_4.11_A.png b/images/334_OpenShift_cluster_updating_and_CCO_workflows_0923_4.11_A.png
new file mode 100644
index 000000000000..c91bdc20187e
Binary files /dev/null and b/images/334_OpenShift_cluster_updating_and_CCO_workflows_0923_4.11_A.png differ
diff --git a/images/345_OpenShift_config_additional_network_0823.png b/images/345_OpenShift_config_additional_network_0823.png
new file mode 100644
index 000000000000..b061459996eb
Binary files /dev/null and b/images/345_OpenShift_config_additional_network_0823.png differ
diff --git a/images/347_OpenShift_credentials_with_STS_updates_1023_Azure.png b/images/347_OpenShift_credentials_with_STS_updates_1023_Azure.png
new file mode 100644
index 000000000000..b38d4e9b50eb
Binary files /dev/null and b/images/347_OpenShift_credentials_with_STS_updates_1023_Azure.png differ
diff --git a/images/348_OpenShift_rootless_DPDK_0923.png b/images/348_OpenShift_rootless_DPDK_0923.png
new file mode 100644
index 000000000000..9b5a43f3aef0
Binary files /dev/null and b/images/348_OpenShift_rootless_DPDK_0923.png differ
diff --git a/images/349_OpenShift_NVIDIA_GPU_arch_0723.png b/images/349_OpenShift_NVIDIA_GPU_arch_0723.png
new file mode 100644
index 000000000000..9bb74606d64e
Binary files /dev/null and b/images/349_OpenShift_NVIDIA_GPU_arch_0723.png differ
diff --git a/images/354_OpenShift_ROSA_Local_Zones_0923_1.png b/images/354_OpenShift_ROSA_Local_Zones_0923_1.png
new file mode 100644
index 000000000000..766566c02f4a
Binary files /dev/null and b/images/354_OpenShift_ROSA_Local_Zones_0923_1.png differ
diff --git a/images/354_OpenShift_ROSA_Local_Zones_0923_2.png b/images/354_OpenShift_ROSA_Local_Zones_0923_2.png
new file mode 100644
index 000000000000..882f2ab8c1a5
Binary files /dev/null and b/images/354_OpenShift_ROSA_Local_Zones_0923_2.png differ
diff --git a/images/357_OpenShift_MetalLB_VRF_0823.png b/images/357_OpenShift_MetalLB_VRF_0823.png
new file mode 100644
index 000000000000..3bc4b38fca98
Binary files /dev/null and b/images/357_OpenShift_MetalLB_VRF_0823.png differ
diff --git a/images/372_OpenShift_on_AWS_persona_worflows_0923_1.png b/images/372_OpenShift_on_AWS_persona_worflows_0923_1.png
new file mode 100644
index 000000000000..bdef88f2aa10
Binary files /dev/null and b/images/372_OpenShift_on_AWS_persona_worflows_0923_1.png differ
diff --git a/images/372_OpenShift_on_AWS_persona_worflows_0923_2.png b/images/372_OpenShift_on_AWS_persona_worflows_0923_2.png
new file mode 100644
index 000000000000..57f217445b3b
Binary files /dev/null and b/images/372_OpenShift_on_AWS_persona_worflows_0923_2.png differ
diff --git a/images/372_OpenShift_on_AWS_persona_worflows_0923_3.png b/images/372_OpenShift_on_AWS_persona_worflows_0923_3.png
new file mode 100644
index 000000000000..4564a295f664
Binary files /dev/null and b/images/372_OpenShift_on_AWS_persona_worflows_0923_3.png differ
diff --git a/images/372_OpenShift_on_AWS_persona_worflows_0923_4.png b/images/372_OpenShift_on_AWS_persona_worflows_0923_4.png
new file mode 100644
index 000000000000..a17842479bfe
Binary files /dev/null and b/images/372_OpenShift_on_AWS_persona_worflows_0923_4.png differ
diff --git a/images/372_OpenShift_on_AWS_persona_worflows_0923_all.png b/images/372_OpenShift_on_AWS_persona_worflows_0923_all.png
new file mode 100644
index 000000000000..e8e3bc0d277b
Binary files /dev/null and b/images/372_OpenShift_on_AWS_persona_worflows_0923_all.png differ
diff --git a/images/468_RHbM_install_workflow_1023_1.png b/images/468_RHbM_install_workflow_1023_1.png
new file mode 100644
index 000000000000..b9466108a6d9
Binary files /dev/null and b/images/468_RHbM_install_workflow_1023_1.png differ
diff --git a/images/468_RHbM_install_workflow_1023_2.png b/images/468_RHbM_install_workflow_1023_2.png
new file mode 100644
index 000000000000..d8e80d2f8d85
Binary files /dev/null and b/images/468_RHbM_install_workflow_1023_2.png differ
diff --git a/images/473_OpenShift_Telco_Core_Reference_arch_1123.png b/images/473_OpenShift_Telco_Core_Reference_arch_1123.png
new file mode 100644
index 000000000000..62823b825035
Binary files /dev/null and b/images/473_OpenShift_Telco_Core_Reference_arch_1123.png differ
diff --git a/images/474_OpenShift_OpenShift_RAN_RDS_arch_updates_1023.png b/images/474_OpenShift_OpenShift_RAN_RDS_arch_updates_1023.png
new file mode 100644
index 000000000000..1f0e3b411a07
Binary files /dev/null and b/images/474_OpenShift_OpenShift_RAN_RDS_arch_updates_1023.png differ
diff --git a/images/512_OpenShift_NVIDIA_GPU_enablement_1223.png b/images/512_OpenShift_NVIDIA_GPU_enablement_1223.png
new file mode 100644
index 000000000000..323c40d748d6
Binary files /dev/null and b/images/512_OpenShift_NVIDIA_GPU_enablement_1223.png differ
diff --git a/images/ROSA-HCP-and-ROSA-Classic-private.png b/images/ROSA-HCP-and-ROSA-Classic-private.png
new file mode 100644
index 000000000000..5b0ef606508c
Binary files /dev/null and b/images/ROSA-HCP-and-ROSA-Classic-private.png differ
diff --git a/images/ROSA-HCP-and-ROSA-Classic-public.png b/images/ROSA-HCP-and-ROSA-Classic-public.png
new file mode 100644
index 000000000000..f8e4908942bd
Binary files /dev/null and b/images/ROSA-HCP-and-ROSA-Classic-public.png differ
diff --git a/images/arrow-down-long-solid.png b/images/arrow-down-long-solid.png
new file mode 100644
index 000000000000..da0faaa7e599
Binary files /dev/null and b/images/arrow-down-long-solid.png differ
diff --git a/images/arrow-up-long-solid.png b/images/arrow-up-long-solid.png
new file mode 100644
index 000000000000..d9c054fd05d0
Binary files /dev/null and b/images/arrow-up-long-solid.png differ
diff --git a/images/azure-portal_add-a-client-secret-page.png b/images/azure-portal_add-a-client-secret-page.png
new file mode 100644
index 000000000000..e25922f779cc
Binary files /dev/null and b/images/azure-portal_add-a-client-secret-page.png differ
diff --git a/images/azure-portal_add-optional-claims-graph-permissions-prompt.png b/images/azure-portal_add-optional-claims-graph-permissions-prompt.png
new file mode 100644
index 000000000000..440aa79dd330
Binary files /dev/null and b/images/azure-portal_add-optional-claims-graph-permissions-prompt.png differ
diff --git a/images/azure-portal_add-optional-claims-page.png b/images/azure-portal_add-optional-claims-page.png
new file mode 100644
index 000000000000..aedf3eb8889e
Binary files /dev/null and b/images/azure-portal_add-optional-claims-page.png differ
diff --git a/images/azure-portal_add-optional-claims-page.xcf b/images/azure-portal_add-optional-claims-page.xcf
new file mode 100644
index 000000000000..28268975d912
Binary files /dev/null and b/images/azure-portal_add-optional-claims-page.xcf differ
diff --git a/images/azure-portal_add-optional-email-claims-page.png b/images/azure-portal_add-optional-email-claims-page.png
new file mode 100644
index 000000000000..3ef489492c7f
Binary files /dev/null and b/images/azure-portal_add-optional-email-claims-page.png differ
diff --git a/images/azure-portal_add-optional-preferred_username-claims-page.png b/images/azure-portal_add-optional-preferred_username-claims-page.png
new file mode 100644
index 000000000000..206ecd8f595e
Binary files /dev/null and b/images/azure-portal_add-optional-preferred_username-claims-page.png differ
diff --git a/images/azure-portal_app-registrations-blade.png b/images/azure-portal_app-registrations-blade.png
new file mode 100644
index 000000000000..1690266b941d
Binary files /dev/null and b/images/azure-portal_app-registrations-blade.png differ
diff --git a/images/azure-portal_certificates-secrets-page.png b/images/azure-portal_certificates-secrets-page.png
new file mode 100644
index 000000000000..7b179818006a
Binary files /dev/null and b/images/azure-portal_certificates-secrets-page.png differ
diff --git a/images/azure-portal_copy-client-secret-page.png b/images/azure-portal_copy-client-secret-page.png
new file mode 100644
index 000000000000..0911d50b3be2
Binary files /dev/null and b/images/azure-portal_copy-client-secret-page.png differ
diff --git a/images/azure-portal_edit-group-claims-page.png b/images/azure-portal_edit-group-claims-page.png
new file mode 100644
index 000000000000..7f887f17b05f
Binary files /dev/null and b/images/azure-portal_edit-group-claims-page.png differ
diff --git a/images/azure-portal_optional-claims-page.png b/images/azure-portal_optional-claims-page.png
new file mode 100644
index 000000000000..e01c51c40c33
Binary files /dev/null and b/images/azure-portal_optional-claims-page.png differ
diff --git a/images/azure-portal_optional-group-claims-page.png b/images/azure-portal_optional-group-claims-page.png
new file mode 100644
index 000000000000..96a395c8bde3
Binary files /dev/null and b/images/azure-portal_optional-group-claims-page.png differ
diff --git a/images/azure-portal_register-an-application-page.png b/images/azure-portal_register-an-application-page.png
new file mode 100644
index 000000000000..e5c5c2aea17e
Binary files /dev/null and b/images/azure-portal_register-an-application-page.png differ
diff --git a/images/check-solid.png b/images/check-solid.png
new file mode 100644
index 000000000000..9ceae77b5e7d
Binary files /dev/null and b/images/check-solid.png differ
diff --git a/images/cloud-experts-getting-started-accessing-copy-login.png b/images/cloud-experts-getting-started-accessing-copy-login.png
new file mode 100644
index 000000000000..ce1c7fbdc017
Binary files /dev/null and b/images/cloud-experts-getting-started-accessing-copy-login.png differ
diff --git a/images/cloud-experts-getting-started-accessing-copy-token.png b/images/cloud-experts-getting-started-accessing-copy-token.png
new file mode 100644
index 000000000000..3dbae5f60c04
Binary files /dev/null and b/images/cloud-experts-getting-started-accessing-copy-token.png differ
diff --git a/images/cloud-experts-getting-started-accessing-logged.png b/images/cloud-experts-getting-started-accessing-logged.png
new file mode 100644
index 000000000000..9506ec6bced4
Binary files /dev/null and b/images/cloud-experts-getting-started-accessing-logged.png differ
diff --git a/images/cloud-experts-getting-started-accessing-login.png b/images/cloud-experts-getting-started-accessing-login.png
new file mode 100644
index 000000000000..3b85df91dfde
Binary files /dev/null and b/images/cloud-experts-getting-started-accessing-login.png differ
diff --git a/images/cloud-experts-getting-started-admin-rights-access-control.png b/images/cloud-experts-getting-started-admin-rights-access-control.png
new file mode 100644
index 000000000000..4aca8e052421
Binary files /dev/null and b/images/cloud-experts-getting-started-admin-rights-access-control.png differ
diff --git a/images/cloud-experts-getting-started-admin-rights-add-user2.png b/images/cloud-experts-getting-started-admin-rights-add-user2.png
new file mode 100644
index 000000000000..ebfb657570bf
Binary files /dev/null and b/images/cloud-experts-getting-started-admin-rights-add-user2.png differ
diff --git a/images/cloud-experts-getting-started-admin-rights-admin-panel.png b/images/cloud-experts-getting-started-admin-rights-admin-panel.png
new file mode 100644
index 000000000000..43349cf94ffb
Binary files /dev/null and b/images/cloud-experts-getting-started-admin-rights-admin-panel.png differ
diff --git a/images/cloud-experts-getting-started-cluster-upgrade.png b/images/cloud-experts-getting-started-cluster-upgrade.png
new file mode 100644
index 000000000000..b4f83dfa3ddf
Binary files /dev/null and b/images/cloud-experts-getting-started-cluster-upgrade.png differ
diff --git a/images/cloud-experts-getting-started-deleting1.png b/images/cloud-experts-getting-started-deleting1.png
new file mode 100644
index 000000000000..5d83c61c31f3
Binary files /dev/null and b/images/cloud-experts-getting-started-deleting1.png differ
diff --git a/images/cloud-experts-getting-started-deleting2.png b/images/cloud-experts-getting-started-deleting2.png
new file mode 100644
index 000000000000..7c52bc595c56
Binary files /dev/null and b/images/cloud-experts-getting-started-deleting2.png differ
diff --git a/images/cloud-experts-getting-started-deployment-ui-cluster-create.png b/images/cloud-experts-getting-started-deployment-ui-cluster-create.png
new file mode 100644
index 000000000000..566ef9f6a13d
Binary files /dev/null and b/images/cloud-experts-getting-started-deployment-ui-cluster-create.png differ
diff --git a/images/cloud-experts-getting-started-idp-inputs.png b/images/cloud-experts-getting-started-idp-inputs.png
new file mode 100644
index 000000000000..4081a2e5c865
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-inputs.png differ
diff --git a/images/cloud-experts-getting-started-idp-invite.png b/images/cloud-experts-getting-started-idp-invite.png
new file mode 100644
index 000000000000..266d4f6f5f75
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-invite.png differ
diff --git a/images/cloud-experts-getting-started-idp-link.png b/images/cloud-experts-getting-started-idp-link.png
new file mode 100644
index 000000000000..5afd574ddec6
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-link.png differ
diff --git a/images/cloud-experts-getting-started-idp-login.png b/images/cloud-experts-getting-started-idp-login.png
new file mode 100644
index 000000000000..3b85df91dfde
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-login.png differ
diff --git a/images/cloud-experts-getting-started-idp-new-org.png b/images/cloud-experts-getting-started-idp-new-org.png
new file mode 100644
index 000000000000..4941918ef778
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-new-org.png differ
diff --git a/images/cloud-experts-getting-started-idp-org.png b/images/cloud-experts-getting-started-idp-org.png
new file mode 100644
index 000000000000..734b6af89d88
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-org.png differ
diff --git a/images/cloud-experts-getting-started-idp-register.png b/images/cloud-experts-getting-started-idp-register.png
new file mode 100644
index 000000000000..e19eacae746d
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-register.png differ
diff --git a/images/cloud-experts-getting-started-idp-secret.png b/images/cloud-experts-getting-started-idp-secret.png
new file mode 100644
index 000000000000..349e9119c3c0
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-secret.png differ
diff --git a/images/cloud-experts-getting-started-idp-team.png b/images/cloud-experts-getting-started-idp-team.png
new file mode 100644
index 000000000000..4b68f118d41b
Binary files /dev/null and b/images/cloud-experts-getting-started-idp-team.png differ
diff --git a/images/cloud-experts-getting-started-managing-describe.png b/images/cloud-experts-getting-started-managing-describe.png
new file mode 100644
index 000000000000..d8045cca912b
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-describe.png differ
diff --git a/images/cloud-experts-getting-started-managing-large-mp.png b/images/cloud-experts-getting-started-managing-large-mp.png
new file mode 100644
index 000000000000..7db0253da959
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-large-mp.png differ
diff --git a/images/cloud-experts-getting-started-managing-mp-fromui.png b/images/cloud-experts-getting-started-managing-mp-fromui.png
new file mode 100644
index 000000000000..b96c10f24819
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-mp-fromui.png differ
diff --git a/images/cloud-experts-getting-started-managing-mp-interactive.png b/images/cloud-experts-getting-started-managing-mp-interactive.png
new file mode 100644
index 000000000000..d87bbffbb332
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-mp-interactive.png differ
diff --git a/images/cloud-experts-getting-started-managing-mp-nlt.png b/images/cloud-experts-getting-started-managing-mp-nlt.png
new file mode 100644
index 000000000000..8a6a6c3f25f2
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-mp-nlt.png differ
diff --git a/images/cloud-experts-getting-started-managing-mp-ocm.png b/images/cloud-experts-getting-started-managing-mp-ocm.png
new file mode 100644
index 000000000000..b7aaf50dd534
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-mp-ocm.png differ
diff --git a/images/cloud-experts-getting-started-managing-mp-scale.png b/images/cloud-experts-getting-started-managing-mp-scale.png
new file mode 100644
index 000000000000..42a93455884a
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-mp-scale.png differ
diff --git a/images/cloud-experts-getting-started-managing-mp.png b/images/cloud-experts-getting-started-managing-mp.png
new file mode 100644
index 000000000000..aba20c1bec90
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-mp.png differ
diff --git a/images/cloud-experts-getting-started-managing-new-mp.png b/images/cloud-experts-getting-started-managing-new-mp.png
new file mode 100644
index 000000000000..74c15903d7e5
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-new-mp.png differ
diff --git a/images/cloud-experts-getting-started-managing-ocm-cluster.png b/images/cloud-experts-getting-started-managing-ocm-cluster.png
new file mode 100644
index 000000000000..7cd2447171cf
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-ocm-cluster.png differ
diff --git a/images/cloud-experts-getting-started-managing-ocm-nodes.png b/images/cloud-experts-getting-started-managing-ocm-nodes.png
new file mode 100644
index 000000000000..2797ace2675b
Binary files /dev/null and b/images/cloud-experts-getting-started-managing-ocm-nodes.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-account-roles.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-account-roles.png
new file mode 100644
index 000000000000..8a2f854eae93
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-account-roles.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate.png
new file mode 100644
index 000000000000..0bb160e87388
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate2.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate2.png
new file mode 100644
index 000000000000..5035a5cb1af5
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate2.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate3.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate3.png
new file mode 100644
index 000000000000..465d50e3d3f7
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-associate3.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-classic.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-classic.png
new file mode 100644
index 000000000000..80e687b6f90f
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-classic.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-cluster-create.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-cluster-create.png
new file mode 100644
index 000000000000..ec7bc466930e
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-cluster-create.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-create-cmds.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-create-cmds.png
new file mode 100644
index 000000000000..2a6be11a8bd2
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-create-cmds.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-create.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-create.png
new file mode 100644
index 000000000000..ce9464009dae
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-create.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-rolesmissing.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-rolesmissing.png
new file mode 100644
index 000000000000..6a9772c21f9c
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-rolesmissing.png differ
diff --git a/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-web-interface.png b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-web-interface.png
new file mode 100644
index 000000000000..890f600d0504
Binary files /dev/null and b/images/cloud-experts-getting-started-rosa-deployment-detailed-ui-web-interface.png differ
diff --git a/images/cloud-experts-getting-started-setup-enable.png b/images/cloud-experts-getting-started-setup-enable.png
new file mode 100644
index 000000000000..15a097c9fbc2
Binary files /dev/null and b/images/cloud-experts-getting-started-setup-enable.png differ
diff --git a/images/cloud-experts-getting-started-setup-enabled.png b/images/cloud-experts-getting-started-setup-enabled.png
new file mode 100644
index 000000000000..e27e8f2debf8
Binary files /dev/null and b/images/cloud-experts-getting-started-setup-enabled.png differ
diff --git a/images/cloud-experts-getting-started-setup-token.png b/images/cloud-experts-getting-started-setup-token.png
new file mode 100644
index 000000000000..2205755285c0
Binary files /dev/null and b/images/cloud-experts-getting-started-setup-token.png differ
diff --git a/images/cloud_experts_getting_started_setup_cli_tools.png b/images/cloud_experts_getting_started_setup_cli_tools.png
new file mode 100644
index 000000000000..9e3f0ab83201
Binary files /dev/null and b/images/cloud_experts_getting_started_setup_cli_tools.png differ
diff --git a/images/cloud_experts_rosa_getting_started_setup_token.png b/images/cloud_experts_rosa_getting_started_setup_token.png
new file mode 100644
index 000000000000..2205755285c0
Binary files /dev/null and b/images/cloud_experts_rosa_getting_started_setup_token.png differ
diff --git a/images/cnv_components_ssp-operator.png b/images/cnv_components_ssp-operator.png
index 68166b451d7d..a57f9e3cc4a6 100644
Binary files a/images/cnv_components_ssp-operator.png and b/images/cnv_components_ssp-operator.png differ
diff --git a/images/external-load-balancer-default.png b/images/external-load-balancer-default.png
new file mode 100644
index 000000000000..11d4becf3c65
Binary files /dev/null and b/images/external-load-balancer-default.png differ
diff --git a/images/external-load-balancer-machine-config-api.png b/images/external-load-balancer-machine-config-api.png
new file mode 100644
index 000000000000..3989918f3cd2
Binary files /dev/null and b/images/external-load-balancer-machine-config-api.png differ
diff --git a/images/external-load-balancer-openshift-api.png b/images/external-load-balancer-openshift-api.png
new file mode 100644
index 000000000000..32c72afb7010
Binary files /dev/null and b/images/external-load-balancer-openshift-api.png differ
diff --git a/images/fa-minus-circle.svg b/images/fa-minus-circle.svg
new file mode 100644
index 000000000000..f821ce7aff3a
--- /dev/null
+++ b/images/fa-minus-circle.svg
@@ -0,0 +1,2 @@
+<?xml version="1.0" standalone="no"?>
+<svg style="vertical-align:-0.125em" fill="currentColor" height="15" width="15" viewBox="0 0 512 512" aria-hidden="true" role="img" aria-describedby="pf-tooltip-382" xmlns="http://www.w3.org/2000/svg"><path d="M256 8C119 8 8 119 8 256s111 248 248 248 248-111 248-248S393 8 256 8zM124 296c-6.6 0-12-5.4-12-12v-56c0-6.6 5.4-12 12-12h264c6.6 0 12 5.4 12 12v56c0 6.6-5.4 12-12 12H124z"></path></svg>
\ No newline at end of file
diff --git a/images/import-icon.png b/images/import-icon.png
new file mode 100644
index 000000000000..097c258effbe
Binary files /dev/null and b/images/import-icon.png differ
diff --git a/images/nbde-tang-server-operator-01-operatorhub.png b/images/nbde-tang-server-operator-01-operatorhub.png
new file mode 100644
index 000000000000..46b0335bcde0
Binary files /dev/null and b/images/nbde-tang-server-operator-01-operatorhub.png differ
diff --git a/images/nbde-tang-server-operator-03-confirmation.png b/images/nbde-tang-server-operator-03-confirmation.png
new file mode 100644
index 000000000000..0e784d68dd88
Binary files /dev/null and b/images/nbde-tang-server-operator-03-confirmation.png differ
diff --git a/images/nbde-tang-server-operator-05-succeeded.png b/images/nbde-tang-server-operator-05-succeeded.png
new file mode 100644
index 000000000000..dfac1bd4c98b
Binary files /dev/null and b/images/nbde-tang-server-operator-05-succeeded.png differ
diff --git a/images/nbde-tang-server-operator-07-create-project.png b/images/nbde-tang-server-operator-07-create-project.png
new file mode 100644
index 000000000000..450911937484
Binary files /dev/null and b/images/nbde-tang-server-operator-07-create-project.png differ
diff --git a/images/nbde-tang-server-operator-09-project-values.png b/images/nbde-tang-server-operator-09-project-values.png
new file mode 100644
index 000000000000..342bdf5d62e0
Binary files /dev/null and b/images/nbde-tang-server-operator-09-project-values.png differ
diff --git a/images/nbde-tang-server-operator-11-pvc.png b/images/nbde-tang-server-operator-11-pvc.png
new file mode 100644
index 000000000000..aac1d4a9c2c2
Binary files /dev/null and b/images/nbde-tang-server-operator-11-pvc.png differ
diff --git a/images/nbde-tang-server-operator-13-create-pvc.png b/images/nbde-tang-server-operator-13-create-pvc.png
new file mode 100644
index 000000000000..4c5f1b5abd46
Binary files /dev/null and b/images/nbde-tang-server-operator-13-create-pvc.png differ
diff --git a/images/nbde-tang-server-operator-15-create-instance.png b/images/nbde-tang-server-operator-15-create-instance.png
new file mode 100644
index 000000000000..84d0da26c248
Binary files /dev/null and b/images/nbde-tang-server-operator-15-create-instance.png differ
diff --git a/images/nbde-tang-server-operator-17-create-tangserver.png b/images/nbde-tang-server-operator-17-create-tangserver.png
new file mode 100644
index 000000000000..6837c2c622db
Binary files /dev/null and b/images/nbde-tang-server-operator-17-create-tangserver.png differ
diff --git a/images/nbde-tang-server-operator-19-tangserver-details.png b/images/nbde-tang-server-operator-19-tangserver-details.png
new file mode 100644
index 000000000000..1b454aa32119
Binary files /dev/null and b/images/nbde-tang-server-operator-19-tangserver-details.png differ
diff --git a/images/nbde-tang-server-operator-21-tangserver-overview.png b/images/nbde-tang-server-operator-21-tangserver-overview.png
new file mode 100644
index 000000000000..6d889b0d4ca7
Binary files /dev/null and b/images/nbde-tang-server-operator-21-tangserver-overview.png differ
diff --git a/images/network-observability-arch-kafka-FLP.png b/images/network-observability-arch-kafka-FLP.png
new file mode 100644
index 000000000000..7451e6111ad8
Binary files /dev/null and b/images/network-observability-arch-kafka-FLP.png differ
diff --git a/images/network-observability-architecture.png b/images/network-observability-architecture.png
new file mode 100644
index 000000000000..f1f89e31d1e0
Binary files /dev/null and b/images/network-observability-architecture.png differ
diff --git a/images/oadp-backup-failing-alert.png b/images/oadp-backup-failing-alert.png
new file mode 100644
index 000000000000..97b1d256e4e2
Binary files /dev/null and b/images/oadp-backup-failing-alert.png differ
diff --git a/images/oadp-install-operator-role-arn.png b/images/oadp-install-operator-role-arn.png
new file mode 100644
index 000000000000..b93c55c35875
Binary files /dev/null and b/images/oadp-install-operator-role-arn.png differ
diff --git a/images/oadp-metrics-query.png b/images/oadp-metrics-query.png
new file mode 100644
index 000000000000..ca3f58993e16
Binary files /dev/null and b/images/oadp-metrics-query.png differ
diff --git a/images/oadp-metrics-targets.png b/images/oadp-metrics-targets.png
new file mode 100644
index 000000000000..758afccbd5f1
Binary files /dev/null and b/images/oadp-metrics-targets.png differ
diff --git a/images/obtain-support-case.png b/images/obtain-support-case.png
new file mode 100644
index 000000000000..415933c3dbb3
Binary files /dev/null and b/images/obtain-support-case.png differ
diff --git a/images/obtain-support-cluster-id.png b/images/obtain-support-cluster-id.png
new file mode 100644
index 000000000000..4ebd90b110d9
Binary files /dev/null and b/images/obtain-support-cluster-id.png differ
diff --git a/images/obtain-support-reason.png b/images/obtain-support-reason.png
new file mode 100644
index 000000000000..05b6746e1919
Binary files /dev/null and b/images/obtain-support-reason.png differ
diff --git a/images/obtain-support-select-rosa.png b/images/obtain-support-select-rosa.png
new file mode 100644
index 000000000000..495d34107a2a
Binary files /dev/null and b/images/obtain-support-select-rosa.png differ
diff --git a/images/obtain-support-summary.png b/images/obtain-support-summary.png
new file mode 100644
index 000000000000..9709886498f6
Binary files /dev/null and b/images/obtain-support-summary.png differ
diff --git a/images/ossm-node-badge-missing-sidecar.png b/images/ossm-node-badge-missing-sidecar.png
new file mode 100644
index 000000000000..67349ab01b91
Binary files /dev/null and b/images/ossm-node-badge-missing-sidecar.png differ
diff --git a/images/ossm-node-badge-missing-sidecar.svg b/images/ossm-node-badge-missing-sidecar.svg
deleted file mode 100644
index f8005984ad1e..000000000000
--- a/images/ossm-node-badge-missing-sidecar.svg
+++ /dev/null
@@ -1,119 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="27px"
-   height="27px"
-   viewBox="0 0 27 27"
-   version="1.1"
-   id="SVGRoot"
-   inkscape:version="0.92.4 (unknown)"
-   sodipodi:docname="node-badge-missing-sidecar.svg">
-  <defs
-     id="defs5188" />
-  <sodipodi:namedview
-     id="base"
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1.0"
-     inkscape:pageopacity="0.0"
-     inkscape:pageshadow="2"
-     inkscape:zoom="26.817679"
-     inkscape:cx="12.121616"
-     inkscape:cy="13.350845"
-     inkscape:document-units="px"
-     inkscape:current-layer="layer1"
-     showgrid="true"
-     inkscape:window-width="1918"
-     inkscape:window-height="1038"
-     inkscape:window-x="1920"
-     inkscape:window-y="540"
-     inkscape:window-maximized="1"
-     inkscape:grid-bbox="true">
-    <inkscape:grid
-       type="xygrid"
-       id="grid5221" />
-  </sodipodi:namedview>
-  <metadata
-     id="metadata5191">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title />
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <g
-     inkscape:groupmode="layer"
-     id="layer2"
-     inkscape:label="Background">
-    <rect
-       style="fill:#703fec;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.46799019;stroke-miterlimit:4;stroke-dasharray:1.4039706, 1.4039706;stroke-dashoffset:0;stroke-opacity:1"
-       id="rect822"
-       width="26.443897"
-       height="26.736095"
-       x="0.27805138"
-       y="0.13195229"
-       ry="3.066787" />
-  </g>
-  <g
-     inkscape:label="Layer 1"
-     inkscape:groupmode="layer"
-     id="layer1">
-    <g
-       id="g836"
-       transform="matrix(1.4071473,0,0,1.4071473,-7.6072095,-6.5490342)"
-       style="fill:#ffffff;fill-opacity:1">
-      <path
-         inkscape:connector-curvature="0"
-         d="M 9.072,17.175 C 9.022,17.125 8.997,17.066 8.997,17 v -0.753 h -1 V 17 c 0,0.344 0.122,0.638 0.369,0.884 0.244,0.244 0.541,0.369 0.884,0.369 h 1.25 v -1 H 9.247 C 9.178,17.247 9.122,17.222 9.072,17.175 Z"
-         id="path2-3"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="M 21.631,10.612 C 21.387,10.368 21.09,10.243 20.747,10.243 h -8.5 c -0.344,0 -0.638,0.122 -0.884,0.369 -0.244,0.244 -0.369,0.541 -0.369,0.884 v 8.503 c 0,0.344 0.122,0.638 0.369,0.884 0.244,0.244 0.541,0.369 0.884,0.369 h 8.503 c 0.344,0 0.638,-0.122 0.884,-0.369 0.244,-0.244 0.369,-0.541 0.369,-0.884 V 11.496 C 22,11.152 21.878,10.858 21.631,10.612 Z M 21,20 c 0,0.069 -0.025,0.125 -0.075,0.175 -0.05,0.05 -0.109,0.075 -0.175,0.075 h -8.503 c -0.069,0 -0.125,-0.025 -0.175,-0.075 -0.05,-0.05 -0.075,-0.109 -0.075,-0.175 v -8.503 c 0,-0.069 0.025,-0.125 0.075,-0.175 0.05,-0.05 0.109,-0.075 0.175,-0.075 h 8.503 c 0.069,0 0.125,0.025 0.175,0.075 0.05,0.05 0.075,0.109 0.075,0.175 z"
-         id="path4-5"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="m 7.997,13.244 h 1 v 2.016 h -1 z"
-         id="path6-6"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="m 7.997,10.244 h 1 v 2.016 h -1 z"
-         id="path8-2"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="m 8.997,8.4969992 c 0,-0.069 0.025,-0.125 0.075,-0.175 0.05,-0.05 0.109,-0.075 0.175,-0.075 h 0.756 v -1 H 9.247 c -0.344,0 -0.638,0.122 -0.884,0.369 -0.244,0.244 -0.366,0.537 -0.366,0.881 v 0.7620004 h 1 z"
-         id="path10"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="m 10.991,7.2469992 h 2.016 v 1 h -2.016 z"
-         id="path12"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="m 17.925,8.3219992 c 0.05,0.05 0.075,0.109 0.075,0.175 v 1.2500004 h 1 V 8.4969992 c 0,-0.344 -0.122,-0.638 -0.369,-0.884 -0.244,-0.244 -0.541,-0.369 -0.884,-0.369 h -0.759 v 1 h 0.759 c 0.069,0.003 0.128,0.028 0.178,0.078 z"
-         id="path14"
-         style="fill:#ffffff;fill-opacity:1" />
-      <path
-         inkscape:connector-curvature="0"
-         d="m 13.991,7.2469992 h 2.016 v 1 h -2.016 z"
-         id="path16"
-         style="fill:#ffffff;fill-opacity:1" />
-    </g>
-  </g>
-</svg>
diff --git a/images/ostoy-arch.png b/images/ostoy-arch.png
new file mode 100644
index 000000000000..31bd0393efda
Binary files /dev/null and b/images/ostoy-arch.png differ
diff --git a/images/ostoy-homepage.png b/images/ostoy-homepage.png
new file mode 100644
index 000000000000..0f122193a89a
Binary files /dev/null and b/images/ostoy-homepage.png differ
diff --git a/images/power-monitoring-component-power-source.png b/images/power-monitoring-component-power-source.png
new file mode 100644
index 000000000000..0ef54b96e971
Binary files /dev/null and b/images/power-monitoring-component-power-source.png differ
diff --git a/images/rbac.png b/images/rbac.png
index 63312ea53f2f..f1fa211e7716 100644
Binary files a/images/rbac.png and b/images/rbac.png differ
diff --git a/images/rosa-aws-pre.png b/images/rosa-aws-pre.png
new file mode 100644
index 000000000000..bd866be6582f
Binary files /dev/null and b/images/rosa-aws-pre.png differ
diff --git a/images/telmetry-and-insights-operator-data-flow.png b/images/telmetry-and-insights-operator-data-flow.png
new file mode 100644
index 000000000000..cfffa5681835
Binary files /dev/null and b/images/telmetry-and-insights-operator-data-flow.png differ
diff --git a/images/telmetry-and-insights-operator-data-flow.svg b/images/telmetry-and-insights-operator-data-flow.svg
deleted file mode 100644
index 4d0820cdd731..000000000000
--- a/images/telmetry-and-insights-operator-data-flow.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg id="be0b1e41-0cc0-4885-b600-64d8eb985748" data-name="artwork" xmlns="http://www.w3.org/2000/svg" width="760" height="371"><defs><style>.abd8117f-3ab2-4bf2-a584-7e81104f0fb9{fill:none}.b88151b3-06e7-48d5-ac2b-702a38b11f74{fill:#e8e8e8}.abd8117f-3ab2-4bf2-a584-7e81104f0fb9{stroke:#151515;stroke-linecap:round;stroke-linejoin:round}.bc20439c-1d70-4739-865f-cd8c4815b55f,.bf04637f-4250-4ec4-9a01-f2796cc9edbd,.bfe6d3d1-0958-43ef-9260-064fa368b5b4,.ed3b8446-2254-44b1-bc88-ef97a8bd2359{fill:#151515}.e9183669-4eca-4c74-9ffa-68cfdfd29e54,.efe767cc-f685-42ba-8267-e45e1c2fce03{fill:#fff}.fae72ab9-d4d2-4a45-be16-8e536463664e{fill:#06c}.bfe6d3d1-0958-43ef-9260-064fa368b5b4,.e9183669-4eca-4c74-9ffa-68cfdfd29e54,.ed3b8446-2254-44b1-bc88-ef97a8bd2359{font-size:11px}.e9183669-4eca-4c74-9ffa-68cfdfd29e54,.ed3b8446-2254-44b1-bc88-ef97a8bd2359{font-family:RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif;font-weight:500}.b8b0efa3-14e5-4242-9911-bf3da28696e2{letter-spacing:.011em}.b12fccbf-5c5a-4e3f-afbe-43b42b5328ee{letter-spacing:.007em}.bafa8fcc-02f0-403f-a130-1bdc1dc6182d{letter-spacing:.008em}.bc3bccdf-d30e-45b3-a992-729a15197eca{letter-spacing:.004em}.aac142c2-d331-436f-bca9-3bee574d2988{letter-spacing:-.006em}.a9d92240-8912-4ca9-a1ae-ca66f5ce05ac{letter-spacing:.01em}.eba77bb4-0089-4ff1-a944-281a710cf3a2{letter-spacing:-.005em}.ef2acf76-fc08-416e-b931-e7db19c8a8f6{letter-spacing:.009em}.b9810075-1ba3-44bb-9ce1-5a0cc1eb9083{letter-spacing:.007em}.bfe6d3d1-0958-43ef-9260-064fa368b5b4{font-family:RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif;font-style:italic}.b466a780-b791-476f-b19d-27041b77cd07{letter-spacing:.006em}.a56754ed-18fe-4faf-9851-68db07a27be1{letter-spacing:.034em}.b3f4f3be-06ec-4e35-91a7-4b513b4be9da{letter-spacing:.004em}.b7afa9f9-549e-4a06-83db-fd9d2e583d35{letter-spacing:.014em}.bb2f68b3-746b-4334-99aa-8934d2bbb434{letter-spacing:-.075em}.a4679af0-0eac-42f7-b824-ff55eb9b28ea{letter-spacing:.027em}.b9f5a00a-e38d-4e35-912f-45adf2736ed7{letter-spacing:.012em}.f026f4c7-3dae-4ac8-a24f-ded8318b062c{letter-spacing:-.041em}.b3094086-12db-4364-99d0-57eeb934f946{letter-spacing:0}.a25d49ff-26c8-4e34-8603-c6ac16c5fdb4{letter-spacing:.008em}.b89434c6-fa79-4f2e-9acc-0b57a4bd402c{letter-spacing:.01em}.fb397d10-c655-4b79-8ab8-55931851f9c5{letter-spacing:.004em}.b4f1d1fa-8101-43ed-af93-ae6256bda5c7{letter-spacing:-.003em}.bf04637f-4250-4ec4-9a01-f2796cc9edbd{font-size:14px;font-family:RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif;font-weight:700}.ab813449-8bcf-44ac-a6d3-9f607c79e4bf{letter-spacing:.012em}.b1150773-7c45-4d64-8598-3034c9623fce{letter-spacing:.003em}.fc0eeafa-17ea-4f7b-9c29-7651ca657d63{letter-spacing:-.008em}.f3ff8332-6be1-43ba-8fc7-be9242a900d3{letter-spacing:.005em}.b8f53da7-2368-4e44-9718-f91b0a24cb4b{letter-spacing:.014em}.a0a7f024-fcc9-4dd5-bd2a-987e80431c5c{letter-spacing:.004em}.b9543da0-0a47-4c94-9449-f0ad2f82f872{letter-spacing:.009em}.f188c751-58bf-42b6-a115-23c8a05a0d05{letter-spacing:.011em}.f3c1e948-5e1a-4abd-b39f-748fcbfc7dbb{letter-spacing:.006em}.e125dc00-afb2-45cf-9a9c-65a5d87522c6{letter-spacing:.008em}.b8598041-ffac-4c2a-a990-8dc864390082{letter-spacing:.014em}.ad9eb416-3a97-4774-a525-abf205fb31da{letter-spacing:.001em}.add1f3ec-5217-4075-b7cb-9a5225c288be{letter-spacing:.01em}.ab3be15a-311b-4b24-a630-db02a9b27cbe{letter-spacing:.013em}.efd0bc69-fd43-4b0d-ba79-ccc4eec56b86{letter-spacing:.014em}.b491f6d9-0ee4-4d0e-938a-975c64565974{letter-spacing:.011em}.a7f58725-9640-45c3-9d82-7d43f7a2748a{letter-spacing:-.003em}.a168b056-6de6-414f-87f2-948c27c24070{letter-spacing:.023em}.b8b02ad7-0381-4e8a-ba47-c12968a4e0f5{letter-spacing:0}.bb88bc8e-eb26-4f11-873e-005c0530df42{letter-spacing:.026em}.b17a6c46-502d-4633-b063-dd844e59ef04{letter-spacing:-.005em}.f5fae57e-d335-45f2-8ca4-86b74c989eb2{letter-spacing:-.006em}</style></defs><text transform="translate(669.342 354.017)" font-size="10" fill="#f3f3f3" font-family="RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif">132_OpenShift_1220</text><path fill="none" d="M0 331h760v40H0z"/><path class="b88151b3-06e7-48d5-ac2b-702a38b11f74" d="M0 16h314v315H0z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M147 143.5h30.324"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M175.865 148.486l8.635-4.986-8.635-4.986v9.972z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M240.5 105.676V121"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M235.514 107.135L240.5 98.5l4.986 8.635h-9.972z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M147 223.5h30.324"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M175.865 228.486l8.635-4.986-8.635-4.986v9.972z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M147 208.5h17.5v-50h12.824"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M175.865 163.486l8.635-4.986-8.635-4.986v9.972z"/><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M20.5 121.5h126v59h-126z"/><path class="fae72ab9-d4d2-4a45-be16-8e536463664e" d="M146 122v58H21v-58h125m1-1H20v60h127v-60z"/><text class="ed3b8446-2254-44b1-bc88-ef97a8bd2359" transform="translate(53.425 148.047)"><tspan letter-spacing="-.014em">K</tspan><tspan class="b8b0efa3-14e5-4242-9911-bf3da28696e2" x="7.194" y="0">u</tspan><tspan class="b12fccbf-5c5a-4e3f-afbe-43b42b5328ee" x="13.711" y="0">b</tspan><tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="20.505" y="0">e</tspan><tspan class="bc3bccdf-d30e-45b3-a992-729a15197eca" x="26.897" y="0">r</tspan><tspan x="31.267" y="0" letter-spacing=".007em">n</tspan><tspan class="aac142c2-d331-436f-bca9-3bee574d2988" x="37.745" y="0">et</tspan><tspan x="48.484" y="0" letter-spacing=".009em">e</tspan><tspan x="54.88" y="0">s</tspan><tspan class="a9d92240-8912-4ca9-a1ae-ca66f5ce05ac" x="20.954" y="12">A</tspan><tspan class="eba77bb4-0089-4ff1-a944-281a710cf3a2" x="28.734" y="12">P</tspan><tspan x="36.148" y="12">I</tspan></text><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M20.5 186.5h126v59h-126z"/><path class="fae72ab9-d4d2-4a45-be16-8e536463664e" d="M146 187v58H21v-58h125m1-1H20v60h127v-60z"/><text class="ed3b8446-2254-44b1-bc88-ef97a8bd2359" transform="translate(51.655 213.047)"><tspan letter-spacing="-.005em">P</tspan><tspan x="7.412" y="0" letter-spacing="-.002em">r</tspan><tspan class="ef2acf76-fc08-416e-b931-e7db19c8a8f6" x="11.711" y="0">o</tspan><tspan x="18.385" y="0" letter-spacing=".008em">m</tspan><tspan x="28.107" y="0" letter-spacing="-.006em">e</tspan><tspan x="34.348" y="0" letter-spacing=".008em">t</tspan><tspan class="b9810075-1ba3-44bb-9ce1-5a0cc1eb9083" x="38.989" y="0">h</tspan><tspan x="45.467" y="0" letter-spacing=".006em">e</tspan><tspan x="51.835" y="0" letter-spacing=".017em">u</tspan><tspan x="58.421" y="0">s</tspan><tspan class="a9d92240-8912-4ca9-a1ae-ca66f5ce05ac" x="22.725" y="12">A</tspan><tspan class="eba77bb4-0089-4ff1-a944-281a710cf3a2" x="30.505" y="12">P</tspan><tspan x="37.918" y="12">I</tspan></text><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M436.324 216H323.676"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M434.865 211.014L443.5 216l-8.635 4.986v-9.972zM325.135 211.014L316.5 216l8.635 4.986v-9.972z"/><text class="bfe6d3d1-0958-43ef-9260-064fa368b5b4" transform="translate(347.188 230.624)"><tspan class="b466a780-b791-476f-b19d-27041b77cd07">H</tspan><tspan class="a56754ed-18fe-4faf-9851-68db07a27be1" x="7.954" y="0">T</tspan><tspan class="b3f4f3be-06ec-4e35-91a7-4b513b4be9da" x="14.979" y="0">T</tspan><tspan class="b7afa9f9-549e-4a06-83db-fd9d2e583d35" x="21.675" y="0">P</tspan><tspan x="28.88" y="0">S </tspan><tspan class="bb2f68b3-746b-4334-99aa-8934d2bbb434" x="38.175" y="0">(</tspan><tspan class="a4679af0-0eac-42f7-b824-ff55eb9b28ea" x="41.677" y="0">4</tspan><tspan class="b9f5a00a-e38d-4e35-912f-45adf2736ed7" x="48.638" y="0">4</tspan><tspan class="f026f4c7-3dae-4ac8-a24f-ded8318b062c" x="55.435" y="0">3</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="61.3" y="0">)</tspan></text><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M436.324 151H323.676"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M434.865 146.014L443.5 151l-8.635 4.986v-9.972zM325.135 146.014L316.5 151l8.635 4.986v-9.972z"/><text class="bfe6d3d1-0958-43ef-9260-064fa368b5b4" transform="translate(347.188 144.124)"><tspan class="b466a780-b791-476f-b19d-27041b77cd07">H</tspan><tspan class="a56754ed-18fe-4faf-9851-68db07a27be1" x="7.954" y="0">T</tspan><tspan class="b3f4f3be-06ec-4e35-91a7-4b513b4be9da" x="14.979" y="0">T</tspan><tspan class="b7afa9f9-549e-4a06-83db-fd9d2e583d35" x="21.675" y="0">P</tspan><tspan x="28.88" y="0">S </tspan><tspan class="bb2f68b3-746b-4334-99aa-8934d2bbb434" x="38.175" y="0">(</tspan><tspan class="a4679af0-0eac-42f7-b824-ff55eb9b28ea" x="41.677" y="0">4</tspan><tspan class="b9f5a00a-e38d-4e35-912f-45adf2736ed7" x="48.638" y="0">4</tspan><tspan class="f026f4c7-3dae-4ac8-a24f-ded8318b062c" x="55.435" y="0">3</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="61.3" y="0">)</tspan></text><path class="fae72ab9-d4d2-4a45-be16-8e536463664e" d="M187 121h127v60H187zM187 186h127v60H187z"/><text class="e9183669-4eca-4c74-9ffa-68cfdfd29e54" transform="translate(224.029 213.047)"><tspan letter-spacing="-.081em">T</tspan><tspan class="a25d49ff-26c8-4e34-8603-c6ac16c5fdb4" x="6.135" y="0">e</tspan><tspan x="12.527" y="0" letter-spacing=".007em">l</tspan><tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="15.371" y="0">em</tspan><tspan class="aac142c2-d331-436f-bca9-3bee574d2988" x="31.488" y="0">et</tspan><tspan class="a25d49ff-26c8-4e34-8603-c6ac16c5fdb4" x="42.228" y="0">e</tspan><tspan x="48.62" y="0">r</tspan><tspan x="10.987" y="12">C</tspan><tspan class="b89434c6-fa79-4f2e-9acc-0b57a4bd402c" x="18.94" y="12">l</tspan><tspan class="fb397d10-c655-4b79-8ab8-55931851f9c5" x="21.827" y="12">i</tspan><tspan class="a25d49ff-26c8-4e34-8603-c6ac16c5fdb4" x="24.642" y="12">e</tspan><tspan class="b4f1d1fa-8101-43ed-af93-ae6256bda5c7" x="31.034" y="12">n</tspan><tspan x="37.402" y="12">t</tspan></text><text class="bf04637f-4250-4ec4-9a01-f2796cc9edbd" transform="translate(20.001 47.788)"><tspan class="ab813449-8bcf-44ac-a6d3-9f607c79e4bf">O</tspan><tspan x="11.546" y="0" letter-spacing="-.001em">p</tspan><tspan x="20.552" y="0" letter-spacing=".005em">e</tspan><tspan x="28.912" y="0" letter-spacing=".011em">nS</tspan><tspan x="47.051" y="0" letter-spacing=".007em">h</tspan><tspan x="55.8" y="0" letter-spacing="-.007em">i</tspan><tspan x="59.736" y="0" letter-spacing=".009em">f</tspan><tspan x="66.301" y="0">t</tspan><tspan x="0" y="16" letter-spacing="-.005em">C</tspan><tspan class="b1150773-7c45-4d64-8598-3034c9623fce" x="10.01" y="16">o</tspan><tspan x="18.716" y="16" letter-spacing="-.007em">n</tspan><tspan x="27.268" y="16" letter-spacing=".011em">t</tspan><tspan x="33.828" y="16" letter-spacing=".006em">a</tspan><tspan x="42.014" y="16" letter-spacing=".007em">i</tspan><tspan x="46.138" y="16" letter-spacing=".002em">n</tspan><tspan x="54.824" y="16" letter-spacing=".005em">e</tspan><tspan x="63.186" y="16">r </tspan><tspan x="72.383" y="16" letter-spacing="-.011em">P</tspan><tspan x="82.162" y="16" letter-spacing=".004em">l</tspan><tspan class="fc0eeafa-17ea-4f7b-9c29-7651ca657d63" x="86.246" y="16">a</tspan><tspan x="94.237" y="16" letter-spacing=".009em">t</tspan><tspan x="100.78" y="16" letter-spacing="-.009em">f</tspan><tspan class="b1150773-7c45-4d64-8598-3034c9623fce" x="107.092" y="16">o</tspan><tspan x="115.798" y="16" letter-spacing="-.005em">r</tspan><tspan x="121.92" y="16">m</tspan></text><path class="b88151b3-06e7-48d5-ac2b-702a38b11f74" d="M446 16h314v315H446z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M603.324 151H588"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M601.865 146.014L610.5 151l-8.635 4.986v-9.972z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M603.324 216H588"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M601.865 211.014L610.5 216l-8.635 4.986v-9.972z"/><path class="abd8117f-3ab2-4bf2-a584-7e81104f0fb9" d="M588 151h-15M588 216h-15M603.324 281H588V86h15.324"/><path class="bc20439c-1d70-4739-865f-cd8c4815b55f" d="M601.865 276.014L610.5 281l-8.635 4.986v-9.972zM601.865 90.986L610.5 86l-8.635-4.986v9.972z"/><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M613 121h127v60H613z"/><text class="ed3b8446-2254-44b1-bc88-ef97a8bd2359" transform="translate(655.572 148.047)"><tspan letter-spacing="0">R</tspan><tspan class="f3ff8332-6be1-43ba-8fc7-be9242a900d3" x="7.397" y="0">e</tspan><tspan x="13.759" y="0">d </tspan><tspan x="22.943" y="0" letter-spacing=".012em">H</tspan><tspan class="b4f1d1fa-8101-43ed-af93-ae6256bda5c7" x="31.286" y="0">a</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="37.301" y="0">t</tspan><tspan class="b8f53da7-2368-4e44-9718-f91b0a24cb4b" x="-.61" y="12">S</tspan><tspan class="b8b0efa3-14e5-4242-9911-bf3da28696e2" x="6.554" y="12">u</tspan><tspan class="ef2acf76-fc08-416e-b931-e7db19c8a8f6" x="13.072" y="12">p</tspan><tspan class="a0a7f024-fcc9-4dd5-bd2a-987e80431c5c" x="19.888" y="12">p</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="26.657" y="12">o</tspan><tspan x="33.33" y="12" letter-spacing=".024em">r</tspan><tspan x="37.912" y="12">t</tspan></text><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M613 186h127v60H613z"/><text class="ed3b8446-2254-44b1-bc88-ef97a8bd2359" transform="translate(643.479 213.047)"><tspan class="b8f53da7-2368-4e44-9718-f91b0a24cb4b">S</tspan><tspan class="b8b0efa3-14e5-4242-9911-bf3da28696e2" x="7.164" y="0">u</tspan><tspan x="13.682" y="0" letter-spacing=".008em">bsc</tspan><tspan class="bc3bccdf-d30e-45b3-a992-729a15197eca" x="31.672" y="0">r</tspan><tspan class="b8b0efa3-14e5-4242-9911-bf3da28696e2" x="36.042" y="0">i</tspan><tspan x="38.93" y="0" letter-spacing="-.008em">p</tspan><tspan x="45.563" y="0" letter-spacing=".003em">t</tspan><tspan class="fb397d10-c655-4b79-8ab8-55931851f9c5" x="50.151" y="0">i</tspan><tspan class="ef2acf76-fc08-416e-b931-e7db19c8a8f6" x="52.966" y="0">o</tspan><tspan x="59.64" y="0">n</tspan><tspan x="-1.322" y="12" letter-spacing=".007em">m</tspan><tspan class="f188c751-58bf-42b6-a115-23c8a05a0d05" x="8.391" y="12">a</tspan><tspan class="f3c1e948-5e1a-4abd-b39f-748fcbfc7dbb" x="14.557" y="12">n</tspan><tspan class="b9810075-1ba3-44bb-9ce1-5a0cc1eb9083" x="21.025" y="12">a</tspan><tspan class="e125dc00-afb2-45cf-9a9c-65a5d87522c6" x="27.151" y="12">g</tspan><tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="33.933" y="12">eme</tspan><tspan class="b4f1d1fa-8101-43ed-af93-ae6256bda5c7" x="56.442" y="12">n</tspan><tspan x="62.81" y="12">t</tspan></text><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M613 251h127v60H613z"/><text class="ed3b8446-2254-44b1-bc88-ef97a8bd2359" transform="translate(649.217 278.047)"><tspan class="b8598041-ffac-4c2a-a990-8dc864390082">O<tspan class="b12fccbf-5c5a-4e3f-afbe-43b42b5328ee" x="9.079" y="0">p</tspan><tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="15.873" y="0">e</tspan><tspan class="ab813449-8bcf-44ac-a6d3-9f607c79e4bf" x="22.265" y="0">n</tspan><tspan x="28.795" y="0" letter-spacing=".015em">S</tspan><tspan class="ef2acf76-fc08-416e-b931-e7db19c8a8f6" x="35.965" y="0">h</tspan><tspan class="ad9eb416-3a97-4774-a525-abf205fb31da" x="42.463" y="0">i</tspan><tspan x="45.244" y="0" letter-spacing=".022em">f</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="50.012" y="0">t</tspan></tspan><tspan x="-16.039" y="12">C</tspan><tspan x="-8.086" y="12" letter-spacing=".01em">l</tspan><tspan x="-5.207" y="12" letter-spacing=".017em">u</tspan><tspan x="1.379" y="12" letter-spacing=".01em">s</tspan><tspan x="6.759" y="12" letter-spacing="-.005em">t</tspan><tspan class="a25d49ff-26c8-4e34-8603-c6ac16c5fdb4" x="11.257" y="12">e</tspan><tspan x="17.649" y="12">r </tspan><tspan class="add1f3ec-5217-4075-b7cb-9a5225c288be" x="24.447" y="12">M</tspan><tspan class="f188c751-58bf-42b6-a115-23c8a05a0d05" x="34.347" y="12">a</tspan><tspan class="f3c1e948-5e1a-4abd-b39f-748fcbfc7dbb" x="40.513" y="12">n</tspan><tspan class="b9810075-1ba3-44bb-9ce1-5a0cc1eb9083" x="46.981" y="12">a</tspan><tspan class="e125dc00-afb2-45cf-9a9c-65a5d87522c6" x="53.107" y="12">g</tspan><tspan class="a25d49ff-26c8-4e34-8603-c6ac16c5fdb4" x="59.889" y="12">e</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="66.281" y="12">r</tspan></text><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M613 56h127v60H613z"/><text class="ed3b8446-2254-44b1-bc88-ef97a8bd2359" transform="translate(655.891 83.047)"><tspan class="ab3be15a-311b-4b24-a630-db02a9b27cbe">I<tspan class="efd0bc69-fd43-4b0d-ba79-ccc4eec56b86" x="3.186" y="0">n</tspan><tspan class="b491f6d9-0ee4-4d0e-938a-975c64565974" x="9.741" y="0">s</tspan><tspan class="f3c1e948-5e1a-4abd-b39f-748fcbfc7dbb" x="15.129" y="0">i</tspan><tspan class="b8b0efa3-14e5-4242-9911-bf3da28696e2" x="17.967" y="0">g</tspan><tspan class="a7f58725-9640-45c3-9d82-7d43f7a2748a" x="24.781" y="0">h</tspan><tspan class="a168b056-6de6-414f-87f2-948c27c24070" x="31.149" y="0">t</tspan><tspan class="b8b02ad7-0381-4e8a-ba47-c12968a4e0f5" x="35.951" y="0">s</tspan></tspan><tspan class="f188c751-58bf-42b6-a115-23c8a05a0d05" x="-18.945" y="12">a</tspan><tspan class="f3c1e948-5e1a-4abd-b39f-748fcbfc7dbb" x="-12.778" y="12">n</tspan><tspan class="f188c751-58bf-42b6-a115-23c8a05a0d05" x="-6.311" y="12">a</tspan><tspan x="-.144" y="12" letter-spacing=".011em">l</tspan><tspan x="2.751" y="12" letter-spacing=".007em">y</tspan><tspan class="b491f6d9-0ee4-4d0e-938a-975c64565974" x="8.737" y="12">s</tspan><tspan x="14.125" y="12" letter-spacing=".015em">i</tspan><tspan x="17.059" y="12">s </tspan><tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="24.802" y="12">e</tspan><tspan class="b9810075-1ba3-44bb-9ce1-5a0cc1eb9083" x="31.194" y="12">n</tspan><tspan x="37.672" y="12" letter-spacing=".011em">g</tspan><tspan class="b89434c6-fa79-4f2e-9acc-0b57a4bd402c" x="44.497" y="12">i</tspan><tspan class="b9810075-1ba3-44bb-9ce1-5a0cc1eb9083" x="47.384" y="12">n</tspan><tspan x="53.862" y="12">e</tspan></text><path class="fae72ab9-d4d2-4a45-be16-8e536463664e" d="M446 121h127v60H446z"/><text class="e9183669-4eca-4c74-9ffa-68cfdfd29e54" transform="translate(464.003 154.047)"><tspan letter-spacing=".007em">c</tspan><tspan class="b12fccbf-5c5a-4e3f-afbe-43b42b5328ee" x="5.831" y="0">lo</tspan><tspan x="15.326" y="0" letter-spacing=".009em">u</tspan><tspan x="21.829" y="0" letter-spacing=".016em">d</tspan><tspan x="28.712" y="0" letter-spacing=".013em">.</tspan><tspan x="31.552" y="0" letter-spacing="-.002em">r</tspan><tspan class="f3ff8332-6be1-43ba-8fc7-be9242a900d3" x="35.857" y="0">e</tspan><tspan class="add1f3ec-5217-4075-b7cb-9a5225c288be" x="42.218" y="0">d</tspan><tspan x="49.038" y="0" letter-spacing=".006em">h</tspan><tspan class="b4f1d1fa-8101-43ed-af93-ae6256bda5c7" x="55.506" y="0">a</tspan><tspan class="bb88bc8e-eb26-4f11-873e-005c0530df42" x="61.522" y="0">t</tspan><tspan class="b17a6c46-502d-4633-b063-dd844e59ef04" x="66.363" y="0">.</tspan><tspan class="f5fae57e-d335-45f2-8ca4-86b74c989eb2" x="68.999" y="0">c</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="74.686" y="0">o</tspan><tspan x="81.359" y="0">m</tspan></text><path class="fae72ab9-d4d2-4a45-be16-8e536463664e" d="M446 186h127v60H446z"/><text transform="translate(462.58 219.047)" letter-spacing=".011em" font-family="RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif" font-weight="500" font-size="11" fill="#fff">a<tspan x="6.167" y="0" letter-spacing=".007em">p</tspan><tspan x="12.959" y="0" letter-spacing=".013em">i</tspan><tspan class="b17a6c46-502d-4633-b063-dd844e59ef04" x="15.872" y="0">.</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="18.507" y="0">o</tspan><tspan class="b12fccbf-5c5a-4e3f-afbe-43b42b5328ee" x="25.181" y="0">p</tspan><tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="31.974" y="0">e</tspan><tspan class="b7afa9f9-549e-4a06-83db-fd9d2e583d35" x="38.366" y="0">n</tspan><tspan x="44.922" y="0" letter-spacing=".012em">s</tspan><tspan class="ef2acf76-fc08-416e-b931-e7db19c8a8f6" x="50.321" y="0">h</tspan><tspan class="ad9eb416-3a97-4774-a525-abf205fb31da" x="56.818" y="0">i</tspan><tspan class="a168b056-6de6-414f-87f2-948c27c24070" x="59.599" y="0">f</tspan><tspan class="bb88bc8e-eb26-4f11-873e-005c0530df42" x="64.368" y="0">t</tspan><tspan class="b17a6c46-502d-4633-b063-dd844e59ef04" x="69.208" y="0">.</tspan><tspan class="f5fae57e-d335-45f2-8ca4-86b74c989eb2" x="71.844" y="0">c</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="77.531" y="0">o</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="84.205" y="0">m</tspan></text><text class="bf04637f-4250-4ec4-9a01-f2796cc9edbd" transform="translate(466.001 47.788)"><tspan letter-spacing=".001em">R</tspan><tspan x="9.857" y="0" letter-spacing=".002em">e</tspan><tspan x="18.178" y="0">d </tspan><tspan class="ab813449-8bcf-44ac-a6d3-9f607c79e4bf" x="30.189" y="0">H</tspan><tspan class="fc0eeafa-17ea-4f7b-9c29-7651ca657d63" x="41.035" y="0">a</tspan><tspan x="49.026" y="0" letter-spacing="0">t</tspan></text><path class="efe767cc-f685-42ba-8267-e45e1c2fce03" d="M187 36h107v60H187z"/><text transform="translate(228.886 63.047)" letter-spacing="-.017em" font-family="RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif" font-weight="500" font-size="11" fill="#151515">W<tspan class="bafa8fcc-02f0-403f-a130-1bdc1dc6182d" x="10.114" y="0">e</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="16.506" y="0">b</tspan><tspan class="f5fae57e-d335-45f2-8ca4-86b74c989eb2"><tspan x="-8.432" y="12">c</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="-2.745" y="12">o</tspan><tspan class="b7afa9f9-549e-4a06-83db-fd9d2e583d35" x="3.929" y="12">n</tspan><tspan x="10.485" y="12" letter-spacing=".008em">s</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="15.838" y="12">o</tspan><tspan class="b12fccbf-5c5a-4e3f-afbe-43b42b5328ee" x="22.512" y="12">l</tspan><tspan class="b3094086-12db-4364-99d0-57eeb934f946" x="25.356" y="12">e</tspan></tspan></text><text class="e9183669-4eca-4c74-9ffa-68cfdfd29e54" transform="translate(229.89 148.047)"><tspan class="ab3be15a-311b-4b24-a630-db02a9b27cbe">I<tspan class="efd0bc69-fd43-4b0d-ba79-ccc4eec56b86" x="3.186" y="0">n</tspan><tspan class="b491f6d9-0ee4-4d0e-938a-975c64565974" x="9.741" y="0">s</tspan><tspan class="f3c1e948-5e1a-4abd-b39f-748fcbfc7dbb" x="15.129" y="0">i</tspan><tspan class="b8b0efa3-14e5-4242-9911-bf3da28696e2" x="17.967" y="0">g</tspan><tspan class="a7f58725-9640-45c3-9d82-7d43f7a2748a" x="24.781" y="0">h</tspan><tspan class="a168b056-6de6-414f-87f2-948c27c24070" x="31.149" y="0">t</tspan><tspan class="b8b02ad7-0381-4e8a-ba47-c12968a4e0f5" x="35.951" y="0">s</tspan></tspan><tspan class="b8598041-ffac-4c2a-a990-8dc864390082" x="-3.465" y="12">O</tspan><tspan class="b12fccbf-5c5a-4e3f-afbe-43b42b5328ee" x="5.614" y="12">p</tspan><tspan class="a25d49ff-26c8-4e34-8603-c6ac16c5fdb4" x="12.407" y="12">e</tspan><tspan class="a0a7f024-fcc9-4dd5-bd2a-987e80431c5c" x="18.799" y="12">r</tspan><tspan class="b4f1d1fa-8101-43ed-af93-ae6256bda5c7" x="23.17" y="12">a</tspan><tspan x="29.186" y="12" letter-spacing="-.005em">t</tspan><tspan class="b9543da0-0a47-4c94-9449-f0ad2f82f872" x="33.689" y="12">o</tspan><tspan x="40.362" y="12">r</tspan></text></svg>
\ No newline at end of file
diff --git a/images/update-duration.png b/images/update-duration.png
new file mode 100644
index 000000000000..f4c5105f6a79
Binary files /dev/null and b/images/update-duration.png differ
diff --git a/images/workflow-assuming-aws-iam-roles-sre-owned-projects.png b/images/workflow-assuming-aws-iam-roles-sre-owned-projects.png
new file mode 100644
index 000000000000..d4e498d3157b
Binary files /dev/null and b/images/workflow-assuming-aws-iam-roles-sre-owned-projects.png differ
diff --git a/images/x-solid.png b/images/x-solid.png
new file mode 100644
index 000000000000..2bb5e3094671
Binary files /dev/null and b/images/x-solid.png differ
diff --git a/index-commercial.html b/index-commercial.html
index 812eb025b887..b85ffd7d30d9 100644
--- a/index-commercial.html
+++ b/index-commercial.html
@@ -65,11 +65,6 @@ <h3>Featured Products</h3>
                         <p class="d-none d-md-block">Single-tenant, high-availability Kubernetes clusters in the public cloud</p>
                       </li>
 
-                      <li>
-                        <a target="_blank" href="https://www.openshift.com/products/online/">Red Hat OpenShift Online</a>
-                        <p class="d-none d-md-block">The fastest way for developers to build, host and scale applications in the public cloud</p>
-                      </li>
-
                       <li class="nav-item">
                         <a target="_blank" href="https://www.openshift.com/products/">All products <span class="fa fa-angle-right"></span></a>
                       </li>
@@ -178,6 +173,7 @@ <h2>OpenShift Container Platform</h2>
               <div class="btn-group">
                 <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">Select Version<span class="caret"></span></button>
                 <ul class="dropdown-menu" role="menu">
+                  <li><a href="container-platform/4.14/"><i class="fa fa-arrow-circle-o-right"></i> Container Platform 4.14</a></li>
                   <li><a href="container-platform/4.13/"><i class="fa fa-arrow-circle-o-right"></i> Container Platform 4.13</a></li>
                   <li><a href="container-platform/4.12/"><i class="fa fa-arrow-circle-o-right"></i> Container Platform 4.12</a></li>
                   <li><a href="container-platform/4.11/"><i class="fa fa-arrow-circle-o-right"></i> Container Platform 4.11</a></li>
@@ -223,16 +219,6 @@ <h2>Red Hat OpenShift Service on AWS</h2>
               <p><a role="button" class="btn btn-primary" href="rosa/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> ROSA Docs</a></p>
             </div>
           </div>
-          <div class="col-sm-3 text-center">
-
-            <h2>OpenShift on IBM Cloud</h2>
-            <div class="list-group">
-              <p class="list-group-item-text">With Red Hat OpenShift on IBM Cloud, you can deploy apps on highly available OpenShift clusters.</p>
-              <p><a role="button" class="btn btn-primary" href="roks/4/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> Docs</a></p>
-            </div>
-
-
-          </div>
         </div>
         <div class="row">
           <div class="col-sm-3 text-center">
@@ -256,6 +242,8 @@ <h2>Red Hat Advanced Cluster Security for Kubernetes</h2>
               <div class="btn-group">
                 <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">Select version<span class="caret"></span></button>
                 <ul class="dropdown-menu" role="menu">
+                  <li><a href="acs/4.3/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> RHACS 4.3</a></li>
+                  <li><a href="acs/4.2/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> RHACS 4.2</a></li>
                   <li><a href="acs/4.1/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> RHACS 4.1</a></li>
                   <li><a href="acs/4.0/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> RHACS 4.0</a></li>
                   <li><a href="acs/3.74/welcome/index.html"><i class="fa fa-arrow-circle-o-right"></i> RHACS 3.74</a></li>
@@ -297,7 +285,7 @@ <h2>OpenShift Online</h2>
           <h2>OpenShift Kubernetes Engine</h2>
           <div class="list-group">
             <p class="list-group-item-text">The OpenShift Kubernetes Engine is the core of the OpenShift Container Platform. Use OpenShift Container Platform docs links for OpenShift Kubernetes Engine documentation.</p>
-            Read more about <a href="/container-platform/4.13/welcome/oke_about.html">OKE</a>.
+            Read more about <a href="/container-platform/4.14/welcome/oke_about.html">OKE</a>.
           </div>
 
         </div>
@@ -312,6 +300,7 @@ <h2>OpenShift Container Platform <font size="-1">(日本語翻訳)</font></h2>
             <div class="btn-group">
               <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">バージョンを選択する<span class="caret"></span></button>
               <ul class="dropdown-menu" role="menu">
+                <li><a href="https://access.redhat.com/documentation/ja-jp/openshift_container_platform/4.14/"><i class="fa fa-arrow-circle-o-right"></i> 4.14</a></li>
                 <li><a href="https://access.redhat.com/documentation/ja-jp/openshift_container_platform/4.13/"><i class="fa fa-arrow-circle-o-right"></i> 4.13</a></li>
                 <li><a href="https://access.redhat.com/documentation/ja-jp/openshift_container_platform/4.12/"><i class="fa fa-arrow-circle-o-right"></i> 4.12</a></li>
                 <li><a href="https://access.redhat.com/documentation/ja-jp/openshift_container_platform/4.11/"><i class="fa fa-arrow-circle-o-right"></i> 4.11</a></li>
@@ -333,6 +322,7 @@ <h2>OpenShift Container Platform <font size="-1">(中文文档)</font></h2>
             <div class="btn-group">
               <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">选择版本<span class="caret"></span></button>
               <ul class="dropdown-menu" role="menu">
+                <li><a href="https://access.redhat.com/documentation/zh-cn/openshift_container_platform/4.14/"><i class="fa fa-arrow-circle-o-right"></i> 4.14</a></li>
                 <li><a href="https://access.redhat.com/documentation/zh-cn/openshift_container_platform/4.13/"><i class="fa fa-arrow-circle-o-right"></i> 4.13</a></li>
                 <li><a href="https://access.redhat.com/documentation/zh-cn/openshift_container_platform/4.12/"><i class="fa fa-arrow-circle-o-right"></i> 4.12</a></li>
                 <li><a href="https://access.redhat.com/documentation/zh-cn/openshift_container_platform/4.11/"><i class="fa fa-arrow-circle-o-right"></i> 4.11</a></li>
@@ -354,6 +344,7 @@ <h2>OpenShift Container Platform <font size="-1">(한국어 문서)</font></h2>
             <div class="btn-group">
               <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">버전 선택<span class="caret"></span></button>
               <ul class="dropdown-menu" role="menu">
+                <li><a href="https://access.redhat.com/documentation/ko-kr/openshift_container_platform/4.14/"><i class="fa fa-arrow-circle-o-right"></i> 4.14</a></li>
                 <li><a href="https://access.redhat.com/documentation/ko-kr/openshift_container_platform/4.13/"><i class="fa fa-arrow-circle-o-right"></i> 4.13</a></li>
                 <li><a href="https://access.redhat.com/documentation/ko-kr/openshift_container_platform/4.12/"><i class="fa fa-arrow-circle-o-right"></i> 4.12</a></li>
                 <li><a href="https://access.redhat.com/documentation/ko-kr/openshift_container_platform/4.11/"><i class="fa fa-arrow-circle-o-right"></i> 4.11</a></li>
diff --git a/index-community.html b/index-community.html
index 7ae1846238e7..da2a514db6c4 100644
--- a/index-community.html
+++ b/index-community.html
@@ -50,6 +50,7 @@ <h1 class="cover-heading">Documentation</h1>
              <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">Select Version<span class="caret"></span></button>
              <ul class="dropdown-menu" role="menu">
                <li><a href="latest/"><i class="fa fa-arrow-circle-o-right"></i> OKD Latest</a></li>
+               <li><a href="4.14/"><i class="fa fa-arrow-circle-o-right"></i> OKD 4.14</a></li>
                <li><a href="4.13/"><i class="fa fa-arrow-circle-o-right"></i> OKD 4.13</a></li>
                <li><a href="4.12/"><i class="fa fa-arrow-circle-o-right"></i> OKD 4.12</a></li>
                <li><a href="4.11/"><i class="fa fa-arrow-circle-o-right"></i> OKD 4.11</a></li>
diff --git a/installing/cluster-capabilities.adoc b/installing/cluster-capabilities.adoc
index b59bb330d228..ffdfdf132c15 100644
--- a/installing/cluster-capabilities.adoc
+++ b/installing/cluster-capabilities.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cluster-capabilities"]
 = Cluster capabilities
 include::_attributes/common-attributes.adoc[]
@@ -28,6 +28,7 @@ include::modules/explanation-of-capabilities.adoc[leveloffset=+1]
 .Additional resources
 * xref:../operators/operator-reference.adoc#cluster-operator-reference[Cluster Operators reference]
 
+// Bare-metal capability
 include::modules/cluster-bare-metal-operator.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -36,45 +37,82 @@ include::modules/cluster-bare-metal-operator.adoc[leveloffset=+2]
 * xref:../installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc#preparing-to-install-on-bare-metal[Preparing for bare metal cluster installation]
 * xref:../post_installation_configuration/bare-metal-configuration.adoc#post-install-bare-metal-configuration[Bare metal configuration]
 
+// Build capability
+include::modules/build-config-capability.adoc[leveloffset=+2]
+
+// Cloud credential capability
+include::modules/cloud-credential-operator.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator]
+
+// Cluster storage capability
 include::modules/cluster-storage-operator.adoc[leveloffset=+2]
 
+// Console capability
 include::modules/console-operator.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../web_console/web-console-overview.adoc#web-console-overview[Web console overview]
 
+// CSI snapshot controller capability
 include::modules/cluster-csi-snapshot-controller-operator.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots[CSI volume snapshots]
 
+// DeploymentConfig capability
+include::modules/deployment-config-capability.adoc[leveloffset=+2]
+
+// Insights capability
 include::modules/insights-operator.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../support/remote_health_monitoring/using-insights-operator.adoc#using-insights-operator[Using Insights Operator]
 
+// Machine API capability
+include::modules/machine-api-capability.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../machine_management/index.html#index[Overview of machine management]
+* xref:../operators/operator-reference.html#machine-api-operator_cluster-operators-ref[Machine API Operator]
+* xref:../operators/operator-reference.html#cluster-autoscaler-operator_cluster-operators-ref[Cluster Autoscaler Operator]
+* xref:../operators/operator-reference.html#control-plane-machine-set-operator_cluster-operators-ref[Control Plane Machine Set Operator]
+
+// Marketplace capability
 include::modules/operator-marketplace.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../operators/understanding/olm-rh-catalogs.adoc#olm-rh-catalogs[Red Hat-provided Operator catalogs]
 
+// Node Tuning capability
 include::modules/node-tuning-operator.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../scalability_and_performance/using-node-tuning-operator.adoc#using-node-tuning-operator[Using the Node Tuning Operator]
 
+// OpenShift samples capability
 include::modules/cluster-samples-operator.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../openshift_images/configuring-samples-operator.adoc#configuring-samples-operator[Configuring the Cluster Samples Operator]
 
+// Cluster Image Registry capability
+include::modules/cluster-image-registry-operator.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../registry/configuring-registry-operator.adoc#configuring-registry-operator[Image Registry Operator in {product-title}]
+
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
 == Additional resources
-* xref:../post_installation_configuration/enabling-cluster-capabilities.adoc#enabling-cluster-capabilities[Enabling cluster capabilities after installation]
\ No newline at end of file
+* xref:../post_installation_configuration/enabling-cluster-capabilities.adoc#enabling-cluster-capabilities[Enabling cluster capabilities after installation]
diff --git a/installing/disconnected_install/index.adoc b/installing/disconnected_install/index.adoc
index b00aa205c287..30d0f4964769 100644
--- a/installing/disconnected_install/index.adoc
+++ b/installing/disconnected_install/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-mirroring-disconnected-about"]
 = About disconnected installation mirroring
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/disconnected_install/installing-mirroring-creating-registry.adoc b/installing/disconnected_install/installing-mirroring-creating-registry.adoc
index 94c454d0a942..6a66f1bc5b93 100644
--- a/installing/disconnected_install/installing-mirroring-creating-registry.adoc
+++ b/installing/disconnected_install/installing-mirroring-creating-registry.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-mirroring-creating-registry"]
 = Creating a mirror registry with mirror registry for Red Hat OpenShift
 include::_attributes/common-attributes.adoc[]
@@ -23,7 +23,7 @@ If you already have a container image registry, such as Red Hat Quay, you can sk
 +
 [IMPORTANT]
 ====
-These requirements are based on local testing results with only release images and Operator images. Storage requirements can vary based on your organization's needs. You might require more space, for example, when you mirror multiple z-streams. You can use standard link:https://access.redhat.com/documentation/en-us/red_hat_quay/3[Red Hat Quay functionality] or the proper link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_api_guide/index#deletefulltag[API callout] to remove unnecessary images and free up space.
+These requirements are based on local testing results with only release images and Operator images. Storage requirements can vary based on your organization's needs. You might require more space, for example, when you mirror multiple z-streams. You can use standard link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/use_red_hat_quay/index[Red Hat Quay functionality] or the proper link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_api_guide/index#deletefulltag[API callout] to remove unnecessary images and free up space.
 ====
 
 include::modules/mirror-registry-introduction.adoc[leveloffset=+1]
@@ -31,15 +31,18 @@ include::modules/mirror-registry-localhost.adoc[leveloffset=+1]
 include::modules/mirror-registry-localhost-update.adoc[leveloffset=+1]
 include::modules/mirror-registry-remote.adoc[leveloffset=+1]
 include::modules/mirror-registry-remote-host-update.adoc[leveloffset=+1]
+include::modules/mirror-registry-ssl-cert-replace.adoc[leveloffset=+1]
 include::modules/mirror-registry-uninstall.adoc[leveloffset=+1]
 include::modules/mirror-registry-flags.adoc[leveloffset=+1]
 include::modules/mirror-registry-release-notes.adoc[leveloffset=+1]
 include::modules/mirror-registry-troubleshooting.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
+[id="additional-resources_installing-mirroring-creating-registry"]
+== Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/using-ssl-to-protect-quay[Using SSL to protect connections to Red Hat Quay]
+* link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/garbage-collection#doc-wrapper[{quay} garbage collection]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/using-ssl-to-protect-quay[Using SSL to protect connections to {quay}]
 
 * link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/using-ssl-to-protect-quay#configuring_the_system_to_trust_the_certificate_authority[Configuring the system to trust the certificate authority]
 
diff --git a/installing/disconnected_install/installing-mirroring-disconnected.adoc b/installing/disconnected_install/installing-mirroring-disconnected.adoc
index 69d9298a3a57..f85db7bab8ec 100644
--- a/installing/disconnected_install/installing-mirroring-disconnected.adoc
+++ b/installing/disconnected_install/installing-mirroring-disconnected.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-mirroring-disconnected"]
 = Mirroring images for a disconnected installation using the oc-mirror plugin
 include::_attributes/common-attributes.adoc[]
@@ -40,7 +40,7 @@ include::modules/installation-about-mirror-registry.adoc[leveloffset=+1]
 +
 [NOTE]
 ====
-If you use Red Hat Quay, you must use version 3.6 or later with the oc-mirror plugin. If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.6/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.6/html/deploy_red_hat_quay_on_openshift_with_the_quay_operator/[by using the Quay Operator]. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat Support.
+If you use Red Hat Quay, you must use version 3.6 or later with the oc-mirror plugin. If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploying_the_red_hat_quay_operator_on_openshift_container_platform/index[by using the Red Hat Quay Operator]. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat Support.
 ====
 +
 If you do not already have an existing solution for a container image registry, subscribers of {product-title} are provided a xref:../../installing/disconnected_install/installing-mirroring-creating-registry.adoc#installing-mirroring-creating-registry[mirror registry for Red Hat OpenShift]. The _mirror registry for Red Hat OpenShift_ is included with your subscription and is a small-scale container registry that can be used to mirror the required container images of {product-title} in disconnected installations.
@@ -131,7 +131,7 @@ include::modules/oc-mirror-oci-format.adoc[leveloffset=+1]
 .Additional resources
 
 // TODO: This title might need to update per sebastian's PR
-* xref:../../installing/disconnected_install/installing-mirroring-disconnected.html#oc-mirror-updating-cluster-manifests_installing-mirroring-disconnected[Configuring your cluster to use the resources generated by oc-mirror]
+* xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#oc-mirror-updating-cluster-manifests_installing-mirroring-disconnected[Configuring your cluster to use the resources generated by oc-mirror]
 
 // Image set configuration parameters
 include::modules/oc-mirror-imageset-config-params.adoc[leveloffset=+1]
diff --git a/installing/disconnected_install/installing-mirroring-installation-images.adoc b/installing/disconnected_install/installing-mirroring-installation-images.adoc
index ac4512cd355e..2b71663e99db 100644
--- a/installing/disconnected_install/installing-mirroring-installation-images.adoc
+++ b/installing/disconnected_install/installing-mirroring-installation-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-mirroring-installation-images"]
 = Mirroring images for a disconnected installation
 include::_attributes/common-attributes.adoc[]
@@ -32,7 +32,7 @@ to a mirror host, use the xref:../../installing/disconnected_install/installing-
 ** link:https://goharbor.io/[Harbor]
 --
 +
-If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.5/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.5/html/deploy_red_hat_quay_on_openshift_with_the_quay_operator/[by using the Quay Operator]. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat support.
+If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploying_the_red_hat_quay_operator_on_openshift_container_platform/index[by using the Red Hat Quay Operator]. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat support.
 
 * If you do not already have an existing solution for a container image registry, subscribers of {product-title} are provided a xref:../../installing/disconnected_install/installing-mirroring-creating-registry.adoc#installing-mirroring-creating-registry[mirror registry for Red Hat OpenShift]. The _mirror registry for Red Hat OpenShift_ is included with your subscription and is a small-scale container registry that can be used to mirror the required container images of {product-title} in disconnected installations.
 
@@ -144,7 +144,7 @@ include::modules/olm-mirroring-catalog-post.adoc[leveloffset=+2]
 //* TODO need to add the registry secret to the machines, which is different
 
 * Install a cluster on infrastructure that you provision in your restricted network, such as on
-xref:../../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[VMware vSphere],
+xref:../../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[VMware vSphere],
 xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal], or xref:../../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[Amazon Web Services].
 
 [role="_additional-resources"]
diff --git a/installing/index.adoc b/installing/index.adoc
index 79643bc8a691..7f9fc7edb91a 100644
--- a/installing/index.adoc
+++ b/installing/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ocp-installation-overview"]
 = {product-title} installation overview
 include::_attributes/common-attributes.adoc[]
@@ -26,7 +26,7 @@ include::modules/ipi-verifying-nodes-after-installation.adoc[leveloffset=+2]
 
 * xref:../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#preparing-to-install-with-agent-based-installer[Agent-based Installer]
 
-* link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[Assisted Installer for OpenShift Container Platform]
+* link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[Assisted Installer for OpenShift Container Platform]
 
 [discrete]
 === Installation scope
diff --git a/installing/install_config/configuring-custom-ca.adoc b/installing/install_config/configuring-custom-ca.adoc
index 290bfc593a76..3824929858ab 100644
--- a/installing/install_config/configuring-custom-ca.adoc
+++ b/installing/install_config/configuring-custom-ca.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-custom-ca"]
 = Configuring a custom certificate authority
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/install_config/configuring-firewall.adoc b/installing/install_config/configuring-firewall.adoc
index 5a55a7b1e345..58af26a008ed 100644
--- a/installing/install_config/configuring-firewall.adoc
+++ b/installing/install_config/configuring-firewall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-firewall"]
 = Configuring your firewall
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/install_config/enabling-cgroup-v1.adoc b/installing/install_config/enabling-cgroup-v1.adoc
new file mode 100644
index 000000000000..573fb8989bb5
--- /dev/null
+++ b/installing/install_config/enabling-cgroup-v1.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: nodes-cluster-cgroups-1
+[id="enabling-cgroup-v1"]
+= Enabling Linux control group version 1 (cgroup v1)
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+
+As of {product-title} 4.14, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. If you are using cgroup v1 on {product-title} 4.13 or earlier, migrating to {product-title} 4.15 will not automatically update your cgroup configuration to version 2. A fresh installation of {product-title} 4.14 or later will use cgroup v2 by default. However, you can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/index.html[Linux control group version 1] (cgroup v1) upon installation. Enabling cgroup v1 in {product-title} disables all cgroup v2 controllers and hierarchies in your cluster.
+
+include::snippets/cgroupv2-vs-cgroupv1.adoc[]
+
+ifndef::openshift-origin[]
+You can switch between cgroup v1 and cgroup v2, as needed, by editing the `node.config` object. For more information, see "Configuring the Linux cgroup on your nodes" in the "Additional resources" of this section.
+endif::openshift-origin[]
+
+// The following include statements pull in the module files that comprise
+// the assembly. Include any combination of concept, procedure, or reference
+// modules required to cover the user story. You can also include other
+// assemblies.
+
+ifndef::openshift-origin[]
+include::modules/nodes-clusters-cgroups-2-install.adoc[leveloffset=+1]
+endif::openshift-origin[]
+
+ifdef::openshift-origin[]
+include::modules/nodes-clusters-cgroups-okd-configure.adoc[leveloffset=+1]
+endif::openshift-origin[]
+
+.Additional resources
+
+* xref:../../installing/index.adoc#ocp-installation-overview[OpenShift Container Platform installation overview]
+* xref:../../nodes/clusters/nodes-cluster-cgroups-2.adoc#nodes-clusters-cgroups-2_nodes-cluster-cgroups-2[Configuring the Linux cgroup on your nodes]
diff --git a/installing/install_config/enabling-cgroup-v2.adoc b/installing/install_config/enabling-cgroup-v2.adoc
deleted file mode 100644
index 84b1f5bc8e41..000000000000
--- a/installing/install_config/enabling-cgroup-v2.adoc
+++ /dev/null
@@ -1,40 +0,0 @@
-:_content-type: ASSEMBLY
-:context: nodes-cluster-cgroups-2
-[id="enabling-cgroup-v2"]
-= Enabling Linux control group version 2 (cgroup v2)
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-
-ifndef::openshift-origin[]
-By default, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1.html[Linux control group version 1] (cgroup v1) in your cluster. You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) upon installation. Enabling cgroup v2 in {product-title} disables all cgroup version 1 controllers and hierarchies in your cluster.
-
-cgroup v2 is the next version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation.
-
-You can switch between cgroup v1 and cgroup v2, as needed, by editing the `node.config` object. For more information, see "Configuring the Linux cgroup on your nodes" in the "Additional resources" of this section.
-endif::openshift-origin[]
-
-ifdef::openshift-origin[]
-By default, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. You can switch to link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1.html[Linux control group version 1] (cgroup v1), if needed.
-
-cgroup v2 is the next version of the kernel link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/resource_management_guide/ch01[control group] and offers multiple improvements. However, it can have some unwanted effects on your nodes.
-endif::openshift-origin[]
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-ifndef::openshift-origin[]
-include::modules/nodes-clusters-cgroups-2-install.adoc[leveloffset=+1]
-endif::openshift-origin[]
-
-ifdef::openshift-origin[]
-include::modules/nodes-clusters-cgroups-okd-configure.adoc[leveloffset=+1]
-endif::openshift-origin[]
-
-.Additional resources
-
-* xref:../../installing/index.adoc#ocp-installation-overview[OpenShift Container Platform installation overview]
-* xref:../../nodes/clusters/nodes-cluster-cgroups-2.adoc#nodes-clusters-cgroups-2_nodes-cluster-cgroups-2[Configuring the Linux cgroup on your nodes]
diff --git a/installing/install_config/installing-customizing.adoc b/installing/install_config/installing-customizing.adoc
index f83ad75f6289..45d5d8cf1ba2 100644
--- a/installing/install_config/installing-customizing.adoc
+++ b/installing/install_config/installing-customizing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-customizing"]
 = Customizing nodes
 include::_attributes/common-attributes.adoc[]
@@ -6,10 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Although directly making changes to {product-title} nodes is discouraged,
-there are times when it is necessary to implement a
-required low-level security, redundancy, networking, or performance feature.
-Direct changes to {product-title} nodes can be done by:
+{product-title} supports both cluster-wide and per-machine configuration via Ignition,
+which allows arbitrary partitioning and file content changes to the operating system.
+In general, if a configuration file is documented in {op-system-base-full}, then modifying
+it via Ignition is supported.
+
+There are two ways to deploy machine config changes:
 
 * Creating machine configs that are included in manifest files
 to start up a cluster during `openshift-install`.
@@ -17,8 +19,10 @@ to start up a cluster during `openshift-install`.
 * Creating machine configs that are passed to running
 {product-title} nodes via the Machine Config Operator.
 
-* Creating an Ignition config that is passed to `coreos-installer`
-when installing bare-metal nodes.
+Additionally, modifying the reference config, such as
+the Ignition config that is passed to `coreos-installer` when installing bare-metal nodes
+allows per-machine configuration. These changes are currently not visible
+to the Machine Config Operator.
 
 The following sections describe features that you might want to
 configure on your nodes in this way.
@@ -48,9 +52,6 @@ include::modules/installation-special-config-chrony.adoc[leveloffset=+1]
 
 * For information on Butane, see xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-butane_installing-customizing[Creating machine configs with Butane].
 
-////
 ifndef::openshift-origin[]
 * For information on FIPS support, see xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography].
 endif::[]
-
-////
diff --git a/installing/installing-fips.adoc b/installing/installing-fips.adoc
index 2ba5b1770fbf..fa157590e86e 100644
--- a/installing/installing-fips.adoc
+++ b/installing/installing-fips.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-fips"]
 = Support for FIPS cryptography
 include::_attributes/common-attributes.adoc[]
@@ -6,16 +6,27 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can install an {product-title} cluster that uses FIPS Validated / Modules in Process cryptographic libraries on `x86_64`, `ppc64le`, and `s390x` architectures.
+You can install an {product-title} cluster in FIPS mode.
 
-For the {op-system-first} machines in your cluster, this change is applied when the machines are deployed based on the status of an option in the `install-config.yaml` file, which governs the cluster options that a user can change during cluster deployment. With {op-system-base-full} machines, you must enable FIPS mode when you install the operating system on the machines that you plan to use as worker machines. These configuration methods ensure that your cluster meet the requirements of a FIPS compliance audit: only FIPS Validated / Modules in Process cryptography packages are enabled before the initial system boot.
+{product-title} is designed for FIPS. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
+
+For more information about the NIST validation program, see link:https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules[Cryptographic Module Validation Program]. For the latest NIST status for the individual versions of {op-system-base} cryptographic libraries that have been submitted for validation, see link:https://access.redhat.com/articles/2918071#fips-140-2-and-fips-140-3-2[Compliance Activities and Government Standards].
+
+[IMPORTANT]
+====
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base} 8 computer that is configured to operate in FIPS mode. Running {op-system-base} 9 with FIPS mode enabled to install an {product-title} cluster is not possible.
+
+For more information about configuring FIPS mode on {op-system-base}, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/assembly_installing-a-rhel-8-system-with-fips-mode-enabled_security-hardening[Installing the system in FIPS mode].
+====
+
+For the {op-system-first} machines in your cluster, this change is applied when the machines are deployed based on the status of an option in the `install-config.yaml` file, which governs the cluster options that a user can change during cluster deployment. With {op-system-base-full} machines, you must enable FIPS mode when you install the operating system on the machines that you plan to use as worker machines.
 
 Because FIPS must be enabled before the operating system that your cluster uses boots for the first time, you cannot enable FIPS after you deploy a cluster.
 
 [id="installation-about-fips-validation_{context}"]
 == FIPS validation in {product-title}
 
-{product-title} uses certain FIPS Validated / Modules in Process modules within {op-system-base} and {op-system} for the operating system components that it uses. See link:https://access.redhat.com/articles/3655361[RHEL8 core crypto components]. For example, when users SSH into {product-title} clusters and containers, those connections are properly encrypted.
+{product-title} uses certain FIPS validated or Modules In Process modules within {op-system-base} and {op-system} for the operating system components that it uses. See link:https://access.redhat.com/articles/3655361[RHEL8 core crypto components]. For example, when users use SSH to connect to {product-title} clusters and containers, those connections are properly encrypted.
 
 {product-title} components are written in Go and built with Red Hat's golang compiler. When you enable FIPS mode for your cluster, all {product-title} components that require cryptographic signing call {op-system-base} and {op-system} cryptographic libraries.
 
@@ -32,7 +43,7 @@ Because FIPS must be enabled before the operating system that your cluster uses
 |FIPS support in CRI-O runtimes.
 |FIPS support in {product-title} services.
 
-|FIPS Validated / Modules in Process cryptographic module and algorithms that are obtained from {op-system-base} 8 and {op-system} binaries and images.
+|FIPS validated or Modules In Process cryptographic module and algorithms that are obtained from {op-system-base} 8 and {op-system} binaries and images.
 |
 
 |Use of FIPS compatible golang compiler.
@@ -46,41 +57,46 @@ Because FIPS must be enabled before the operating system that your cluster uses
 [id="installation-about-fips-components_{context}"]
 ==  FIPS support in components that the cluster uses
 
-Although the {product-title} cluster itself uses FIPS Validated / Modules in Process modules, ensure that the systems that support your {product-title} cluster use FIPS Validated / Modules in Process modules for cryptography.
+Although the {product-title} cluster itself uses FIPS validated or Modules In Process modules, ensure that the systems that support your {product-title} cluster use FIPS validated or Modules In Process modules for cryptography.
 
 [id="installation-about-fips-components-etcd_{context}"]
 === etcd
 
-To ensure that the secrets that are stored in etcd use FIPS Validated / Modules in Process encryption, boot the node in FIPS mode. After you install the cluster in FIPS mode, you can xref:../security/encrypting-etcd.adoc#encrypting-etcd[encrypt the etcd data] by using the FIPS-approved `aes cbc` cryptographic algorithm.
+To ensure that the secrets that are stored in etcd use FIPS validated or Modules In Process encryption, boot the node in FIPS mode. After you install the cluster in FIPS mode, you can xref:../security/encrypting-etcd.adoc#encrypting-etcd[encrypt the etcd data] by using the FIPS-approved `aes cbc` cryptographic algorithm.
 
 [id="installation-about-fips-components-storage_{context}"]
 === Storage
 
-For local storage, use {op-system-base}-provided disk encryption or Container Native Storage that uses {op-system-base}-provided disk encryption. By storing all data in volumes that use {op-system-base}-provided disk encryption and enabling FIPS mode for your cluster, both data at rest and data in motion, or network data, are protected by FIPS Validated / Modules in Process encryption.
+For local storage, use {op-system-base}-provided disk encryption or Container Native Storage that uses {op-system-base}-provided disk encryption. By storing all data in volumes that use {op-system-base}-provided disk encryption and enabling FIPS mode for your cluster, both data at rest and data in motion, or network data, are protected by FIPS validated or Modules In Process encryption.
 You can configure your cluster to encrypt the root filesystem of each node, as described
 in xref:../installing/install_config/installing-customizing.adoc#installing-customizing[Customizing nodes].
 
 [id="installation-about-fips-components-runtimes_{context}"]
 === Runtimes
 
-To ensure that containers know that they are running on a host that is using FIPS Validated / Modules in Process cryptography modules, use CRI-O to manage your runtimes. CRI-O supports FIPS mode, in that it configures the containers to know that they are running in FIPS mode.
+To ensure that containers know that they are running on a host that is using FIPS validated or Modules In Process cryptography modules, use CRI-O to manage your runtimes.
 
 [id="installing-fips-mode_{context}"]
 ==  Installing a cluster in FIPS mode
 
 To install a cluster in FIPS mode, follow the instructions to install a customized cluster on your preferred infrastructure. Ensure that you set `fips: true` in the `install-config.yaml` file before you deploy your cluster.
 
+[IMPORTANT]
+====
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode].
+====
+
 * xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Amazon Web Services]
 * xref:../installing/installing_alibaba/installing-alibaba-customizations.adoc#installing-alibaba-customizations[Alibaba Cloud]
 * xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Microsoft Azure]
 * xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Bare metal]
 * xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[Google Cloud Platform]
-* xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[IBM Cloud VPC]
-* xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[{ibmpowerProductName}]
-* xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[{ibmzProductName} and {linuxoneProductName}]
-* xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[{ibmzProductName} and {linuxoneProductName} with {op-system-base} KVM]
+* xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[{ibm-cloud-name}]
+* xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[{ibm-power-name}]
+* xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[{ibm-z-name} and {ibm-linuxone-name}]
+* xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[{ibm-z-name} and {ibm-linuxone-name} with {op-system-base} KVM]
 * xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[{rh-openstack-first}]
-* xref:../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[VMware vSphere]
+* xref:../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[VMware vSphere]
 
 [NOTE]
 ====
diff --git a/installing/installing-preparing.adoc b/installing/installing-preparing.adoc
index 577c06e79be9..40eb85c04917 100644
--- a/installing/installing-preparing.adoc
+++ b/installing/installing-preparing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-preparing"]
 = Selecting a cluster installation method and preparing it for users
 include::_attributes/common-attributes.adoc[]
@@ -25,14 +25,14 @@ endif::openshift-origin[]
 * Microsoft Azure on 64-bit x86 instances
 * Microsoft Azure on 64-bit ARM instances
 * Microsoft Azure Stack Hub
-* Google Cloud Platform (GCP)
+* Google Cloud Platform (GCP) on 64-bit x86 instances
+* Google Cloud Platform (GCP) on 64-bit ARM instances
 * {rh-openstack-first}
-* {rh-virtualization-first}
-* IBM Cloud VPC
-* {ibmzProductName} or {linuxoneProductName}
-* {ibmzProductName} or {linuxoneProductName} for {op-system-base-full} KVM
-* {ibmpowerProductName}
-* {ibmpowerProductName} Virtual Server
+* {ibm-cloud-name}
+* {ibm-z-name} or {ibm-linuxone-name}
+* {ibm-z-name} or {ibm-linuxone-name} for {op-system-base-full} KVM
+* {ibm-power-name}
+* {ibm-power-server-name}
 * Nutanix
 * VMware vSphere
 * Bare metal or other platform agnostic infrastructure
@@ -40,12 +40,12 @@ endif::openshift-origin[]
 
 You can deploy an {product-title} 4 cluster to both on-premise hardware and to cloud hosting services, but all of the machines in a cluster must be in the same data center or cloud hosting service.
 
-If you want to use {product-title} but do not want to manage the cluster yourself, you have several managed service options. If you want a cluster that is fully managed by Red Hat, you can use link:https://www.openshift.com/products/dedicated/[OpenShift Dedicated] or link:https://www.openshift.com/products/online/[OpenShift Online]. You can also use OpenShift as a managed service on Azure, AWS, IBM Cloud VPC, or Google Cloud. For more information about managed services, see the link:https://www.openshift.com/products[OpenShift Products] page. If you install an {product-title} cluster with a cloud virtual machine as a virtual bare metal, the corresponding cloud-based storage is not supported.
+If you want to use {product-title} but do not want to manage the cluster yourself, you have several managed service options. If you want a cluster that is fully managed by Red Hat, you can use link:https://www.openshift.com/products/dedicated/[OpenShift Dedicated] or link:https://www.openshift.com/products/online/[OpenShift Online]. You can also use OpenShift as a managed service on Azure, AWS, {ibm-cloud-name}, or Google Cloud. For more information about managed services, see the link:https://www.openshift.com/products[OpenShift Products] page. If you install an {product-title} cluster with a cloud virtual machine as a virtual bare metal, the corresponding cloud-based storage is not supported.
 
 [id="installing-preparing-migrate"]
 === Have you used {product-title} 3 and want to use {product-title} 4?
 
-If you used {product-title} 3 and want to try {product-title} 4, you need to understand how different {product-title} 4 is. {product-title} 4 weaves the Operators that package, deploy, and manage Kubernetes applications and the operating system that the platform runs on, {op-system-first}, together seamlessly. Instead of deploying machines and configuring their operating systems so that you can install {product-title} on them, the {op-system} operating system is an integral part of the {product-title} cluster. Deploying the operating system for the cluster machines as part of the installation process for {product-title}. See xref:../migrating_from_ocp_3_to_4/planning-migration-3-4.adoc#migration-comparing-ocp-3-4[Differences between {product-title} 3 and 4].
+If you used {product-title} 3 and want to try {product-title} 4, you need to understand how different {product-title} 4 is. {product-title} 4 weaves the Operators that package, deploy, and manage Kubernetes applications and the operating system that the platform runs on, {op-system-first}, together seamlessly. Instead of deploying machines and configuring their operating systems so that you can install {product-title} on them, the {op-system} operating system is an integral part of the {product-title} cluster. Deploying the operating system for the cluster machines is part of the installation process for {product-title}. See xref:../migrating_from_ocp_3_to_4/planning-migration-3-4.adoc#migration-comparing-ocp-3-4[Differences between {product-title} 3 and 4].
 
 Because you need to provision machines as part of the {product-title} cluster installation process, you cannot upgrade an {product-title} 3 cluster to {product-title} 4. Instead, you must create a new {product-title} 4 cluster and migrate your {product-title} 3 workloads to them. For more information about migrating, see xref:../migrating_from_ocp_3_to_4/index.adoc#migration-from-version-3-to-4-overview[Migrating from {product-title} 3 to 4 overview]. Because you must migrate to {product-title} 4, you can use any type of production cluster installation process to create your new cluster.
 
@@ -60,12 +60,15 @@ If you need to perform basic configuration for your installer-provisioned infras
 
 For installer-provisioned infrastructure installations, you can use an existing xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[VPC in AWS], xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[vNet in Azure], or xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[VPC in GCP]. You can also reuse part of your networking infrastructure so that your cluster in xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[AWS], xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[GCP] can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. If you have existing accounts and credentials on these clouds, you can re-use them, but you might need to modify the accounts to have the required permissions to install {product-title} clusters on them.
 
-You can use the installer-provisioned infrastructure method to create appropriate machine instances on your hardware for xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[{rh-openstack}], xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[{rh-openstack} with Kuryr], xref:../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[{rh-virtualization}], xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[vSphere], and xref:../installing/installing_bare_metal_ipi/ipi-install-overview#ipi-install-overview[bare metal]. Additionally, for xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[vSphere], you can also customize additional network parameters during installation.
+
+You can use the installer-provisioned infrastructure method to create appropriate machine instances on your hardware for xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[vSphere], and xref:../installing/installing_bare_metal_ipi/ipi-install-overview#ipi-install-overview[bare metal]. Additionally, for xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[vSphere], you can also customize additional network parameters during installation.
+
 
 If you want to reuse extensive cloud infrastructure, you can complete a _user-provisioned infrastructure_ installation. With these installations, you manually deploy the machines that your cluster requires during the installation process. If you perform a user-provisioned infrastructure installation on xref:../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[AWS], xref:../installing/installing_azure/installing-azure-user-infra.adoc#installing-azure-user-infra[Azure], xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Azure Stack Hub], you can use the provided templates to help you stand up all of the required components. You can also reuse a shared xref:../installing/installing_gcp/installing-gcp-user-infra-vpc.adoc#installing-gcp-user-infra-vpc[VPC on GCP]. Otherwise, you can use the xref:../installing/installing_platform_agnostic/installing-platform-agnostic.adoc#installing-platform-agnostic[provider-agnostic] installation method to deploy a cluster into other clouds.
 
 
-You can also complete a user-provisioned infrastructure installation on your existing hardware. If you use xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[{rh-openstack}], xref:../installing/installing_rhv/installing-rhv-user-infra.adoc#installing-rhv-user-infra[{rh-virtualization}], xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[{ibmzProductName} or {linuxoneProductName}], xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[{ibmzProductName} and {linuxoneProductName} with {op-system-base} KVM], xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[IBM Power], or xref:../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[vSphere], use the specific installation instructions to deploy your cluster. If you use other supported hardware, follow the xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[bare metal installation] procedure. For some of these platforms, such as xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[{rh-openstack}], xref:../installing/installing_vsphere/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[vSphere], and xref:../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installing-bare-metal-network-customizations[bare metal], you can also customize additional network parameters during installation.
+You can also complete a user-provisioned infrastructure installation on your existing hardware. If you use xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[{rh-openstack}], xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[{ibm-z-name} or {ibm-linuxone-name}], xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[{ibm-z-name} and {ibm-linuxone-name} with {op-system-base} KVM], xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[{ibm-power-title}], or xref:../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[vSphere], use the specific installation instructions to deploy your cluster. If you use other supported hardware, follow the xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[bare metal installation] procedure. For some of these platforms, such as xref:../installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[vSphere], and xref:../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installing-bare-metal-network-customizations[bare metal], you can also customize additional network parameters during installation.
+
 
 [id="installing-preparing-security"]
 === Do you need extra security for your cluster?
@@ -74,21 +77,20 @@ If you use a user-provisioned installation method, you can configure a proxy for
 
 If you want to prevent your cluster on a public cloud from exposing endpoints externally, you can deploy a private cluster with installer-provisioned infrastructure on xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[AWS], xref:../installing/installing_azure/installing-azure-private.adoc#installing-azure-private[Azure], or xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[GCP].
 
-If you need to install your cluster that has limited access to the internet, such as a disconnected or restricted network cluster, you can xref:../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[mirror the installation packages] and install the cluster from them. Follow detailed instructions for user provisioned infrastructure installations into restricted networks for xref:../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[GCP], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[{ibmzProductName} or {linuxoneProductName}], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[{ibmzProductName} or {linuxoneProductName} with {op-system-base} KVM], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[IBM Power], xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[vSphere], or xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal]. You can also install a cluster into a restricted network using installer-provisioned infrastructure by following detailed instructions for xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[GCP], xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[Nutanix], xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[{rh-openstack}], xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[{rh-virtualization}], and xref:../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[vSphere].
+If you need to install your cluster that has limited access to the internet, such as a disconnected or restricted network cluster, you can xref:../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[mirror the installation packages] and install the cluster from them. Follow detailed instructions for user provisioned infrastructure installations into restricted networks for xref:../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[GCP], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[{ibm-z-name} or {ibm-linuxone-name}], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[{ibm-z-name} or {ibm-linuxone-name} with {op-system-base} KVM], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[{ibm-power-name}], xref:../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[vSphere], or xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal]. You can also install a cluster into a restricted network using installer-provisioned infrastructure by following detailed instructions for xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[GCP], xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc#installing-ibm-cloud-restricted[{ibm-cloud-name}], xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[Nutanix], xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[{rh-openstack}], and xref:../installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[vSphere].
+
 
 If you need to deploy your cluster to an xref:../installing/installing_aws/installing-aws-government-region.adoc#installing-aws-government-region[AWS GovCloud region], xref:../installing/installing_aws/installing-aws-china.adoc#installing-aws-china-region[AWS China region], or xref:../installing/installing_azure/installing-azure-government-region.adoc#installing-azure-government-region[Azure government region], you can configure those custom regions during an installer-provisioned infrastructure installation.
 
-////
 ifndef::openshift-origin[]
-You can also configure the cluster machines to use xref:../installing/installing-fips.adoc#installing-fips[FIPS Validated / Modules in Process cryptographic libraries] during installation.
+You can also configure the cluster machines to use the {op-system-base} cryptographic libraries that have been submitted to NIST for xref:../installing/installing-fips.adoc#installing-fips[FIPS 140-2/140-3 Validation] during installation.
 
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 
 endif::[]
-////
 
 ////
 [id="installing-preparing-single-node"]
@@ -101,7 +103,7 @@ You can use the assisted installer to deploy xref:../installing/installing_sno/i
 == Preparing your cluster for users after installation
 
 Some configuration is not required to install the cluster but recommended before your users access the cluster. You can customize the cluster itself by xref:../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[customizing] the Operators that make up your cluster and integrate you cluster with other required systems, such as an identity provider.
-//This link will change when we consolidate the customizations page with the post-installation activities.
+//This link will change when we consolidate the customizations page with the postinstallation activities.
 
 For a production cluster, you must configure the following integrations:
 
@@ -129,7 +131,7 @@ Not all installation options are supported for all platforms, as shown in the fo
 //This table is for all flavors of OpenShift, except OKD. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors.
 ifndef::openshift-origin[]
 |===
-||Alibaba |AWS (64-bit x86) |AWS (64-bit ARM) |Azure (64-bit x86) |Azure (64-bit ARM)|Azure Stack Hub |GCP |Nutanix |{rh-openstack} |RHV |Bare metal (64-bit x86) |Bare metal (64-bit ARM) |vSphere |IBM Cloud VPC |{ibmzProductName} |{ibmpowerProductName} |{ibmpowerProductName} Virtual Server
+||Alibaba |AWS (64-bit x86) |AWS (64-bit ARM) |Azure (64-bit x86) |Azure (64-bit ARM)|Azure Stack Hub |GCP (64-bit x86) |GCP (64-bit ARM) |Nutanix |{rh-openstack} |Bare metal (64-bit x86) |Bare metal (64-bit ARM) |vSphere |{ibm-cloud-name} |{ibm-z-name} |{ibm-power-name} |{ibm-power-server-name}
 
 |Default
 |xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[&#10003;]
@@ -139,12 +141,12 @@ ifndef::openshift-origin[]
 |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[&#10003;]
 |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[&#10003;]
 |xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[&#10003;]
+|xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[&#10003;]
 |xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[&#10003;]
 |
-|xref:../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[&#10003;]
 |xref:../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[&#10003;]
 |xref:../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[&#10003;]
-|xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[&#10003;]
+|xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[&#10003;]
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[&#10003;]
 |
 |
@@ -158,12 +160,12 @@ ifndef::openshift-origin[]
 |xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[&#10003;]
 |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[&#10003;]
 |xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[&#10003;]
+|xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[&#10003;]
 |xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[&#10003;]
 |xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[&#10003;]
-|xref:../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[&#10003;]
 |
 |
-|xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[&#10003;]
+|xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[&#10003;]
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[&#10003;]
 |
 |
@@ -178,12 +180,12 @@ ifndef::openshift-origin[]
 |xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[&#10003;]
 |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc#installing-azure-stack-hub-network-customizations[&#10003;]
 |xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[&#10003;]
+|xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[&#10003;]
 |
-|xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[&#10003;]
 |
 |
 |
-|xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[&#10003;]
+|xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[&#10003;]
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc#installing-ibm-cloud-network-customizations[&#10003;]
 |
 |
@@ -193,17 +195,17 @@ ifndef::openshift-origin[]
 |
 |xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[&#10003;]
 |xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[&#10003;]
+|xref:../installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc#installing-restricted-networks-azure-installer-provisioned[&#10003;]
+|xref:../installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc#installing-restricted-networks-azure-installer-provisioned[&#10003;]
 |
-|
-|
+|xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[&#10003;]
 |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[&#10003;]
 |xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[&#10003;]
 |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[&#10003;]
-|xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[&#10003;]
 |xref:../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#ipi-install-installation-workflow[&#10003;]
 |xref:../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#ipi-install-installation-workflow[&#10003;]
-|xref:../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[&#10003;]
-|
+|xref:../installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[&#10003;]
+|xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc#installing-ibm-cloud-restricted[&#10003;]
 |
 |
 |xref:../installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc#installing-restricted-networks-ibm-power-vs[&#10003;]
@@ -216,8 +218,7 @@ ifndef::openshift-origin[]
 |xref:../installing/installing_azure/installing-azure-private.adoc#installing-azure-private[&#10003;]
 |
 |xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[&#10003;]
-|
-|
+|xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[&#10003;]
 |
 |
 |
@@ -236,8 +237,7 @@ ifndef::openshift-origin[]
 |xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[&#10003;]
 |
 |xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[&#10003;]
-|
-|
+|xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[&#10003;]
 |
 |
 |
@@ -266,7 +266,6 @@ ifndef::openshift-origin[]
 |
 |
 |
-|
 
 |Secret regions
 |
@@ -286,7 +285,6 @@ ifndef::openshift-origin[]
 |
 |
 |
-|
 
 |China regions
 |
@@ -306,14 +304,14 @@ ifndef::openshift-origin[]
 |
 |
 |
-|
 |===
 endif::openshift-origin[]
 
 //This table is for OKD only. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors.
 ifdef::openshift-origin[]
 |===
-||Alibaba |AWS |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |oVirt |Bare metal |vSphere |IBM Cloud VPC |{ibmzProductName} |{ibmpowerProductName}
+||Alibaba |AWS |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |Bare metal |vSphere |{ibm-cloud-name} |{ibm-z-name} |{ibm-power-name}
+
 
 |Default
 |xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[&#10003;]
@@ -323,9 +321,8 @@ ifdef::openshift-origin[]
 |xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[&#10003;]
 |xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[&#10003;]
 |
-|xref:../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[&#10003;]
 |xref:../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[&#10003;]
-|xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[&#10003;]
+|xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[&#10003;]
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[&#10003;]
 |
 |
@@ -338,9 +335,8 @@ ifdef::openshift-origin[]
 |xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[&#10003;]
 |xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[&#10003;]
 |xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[&#10003;]
-|xref:../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[&#10003;]
 |
-|xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[&#10003;]
+|xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[&#10003;]
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[&#10003;]
 |
 |
@@ -352,10 +348,9 @@ ifdef::openshift-origin[]
 |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc#installing-azure-stack-hub-network-customizations[&#10003;]
 |xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[&#10003;]
 |
-|xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[&#10003;]
 |
 |
-|xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[&#10003;]
+|xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[&#10003;]
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc#installing-ibm-cloud-network-customizations[&#10003;]
 |
 |
@@ -368,10 +363,9 @@ ifdef::openshift-origin[]
 |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[&#10003;]
 |xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[&#10003;]
 |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[&#10003;]
-|xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[&#10003;]
-|
-|xref:../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[&#10003;]
 |
+|xref:../installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[&#10003;]
+|xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc#installing-ibm-cloud-restricted[&#10003;]
 |
 |
 
@@ -385,8 +379,6 @@ ifdef::openshift-origin[]
 |
 |
 |
-|
-|
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc#installing-ibm-cloud-private[&#10003;]
 |
 |
@@ -401,8 +393,6 @@ ifdef::openshift-origin[]
 |
 |
 |
-|
-|
 |xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc#installing-ibm-cloud-vpc[&#10003;]
 |
 |
@@ -420,8 +410,6 @@ ifdef::openshift-origin[]
 |
 |
 |
-|
-|
 
 |Secret regions
 |
@@ -436,8 +424,6 @@ ifdef::openshift-origin[]
 |
 |
 |
-|
-|
 
 |China regions
 |
@@ -452,8 +438,6 @@ ifdef::openshift-origin[]
 |
 |
 |
-|
-|
 |===
 endif::openshift-origin[]
 
@@ -461,7 +445,8 @@ endif::openshift-origin[]
 //This table is for all flavors of OpenShift, except OKD. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors.
 ifndef::openshift-origin[]
 |===
-||Alibaba |AWS (64-bit x86) |AWS (64-bit ARM) |Azure (64-bit x86) |Azure (64-bit ARM) |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |RHV |Bare metal (64-bit x86) |Bare metal (64-bit ARM) |vSphere |IBM Cloud VPC |{ibmzProductName} |{ibmzProductName} with {op-system-base} KVM |{ibmpowerProductName} |Platform agnostic
+||Alibaba |AWS (64-bit x86) |AWS (64-bit ARM) |Azure (64-bit x86) |Azure (64-bit ARM) |Azure Stack Hub |GCP (64-bit x86) |GCP (64-bit ARM) |Nutanix |{rh-openstack} |Bare metal (64-bit x86) |Bare metal (64-bit ARM) |vSphere |{ibm-cloud-name} |{ibm-z-name} |{ibm-z-name} with {op-system-base} KVM |{ibm-power-name} |Platform agnostic
+
 
 |Custom
 |
@@ -471,20 +456,18 @@ ifndef::openshift-origin[]
 |xref:../installing/installing_azure/installing-azure-user-infra.adoc#installing-azure-user-infra[&#10003;]
 |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[&#10003;]
 |xref:../installing/installing_gcp/installing-gcp-user-infra.adoc#installing-gcp-user-infra[&#10003;]
+|xref:../installing/installing_gcp/installing-gcp-user-infra.adoc#installing-gcp-user-infra[&#10003;]
 |
 |xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[&#10003;]
-|xref:../installing/installing_rhv/installing-rhv-user-infra.adoc#installing-rhv-user-infra[&#10003;]
 |xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[&#10003;]
 |xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[&#10003;]
-|xref:../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[&#10003;]
+|xref:../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[&#10003;]
 |
 |xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[&#10003;]
 |xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[&#10003;]
 |xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[&#10003;]
 |xref:../installing/installing_platform_agnostic/installing-platform-agnostic.adoc#installing-platform-agnostic[&#10003;]
 
-// Add RHV UPI link when docs are available: https://github.com/openshift/openshift-docs/pull/26484
-
 
 |Network customization
 |
@@ -495,11 +478,11 @@ ifndef::openshift-origin[]
 |
 |
 |
-|xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[&#10003;]
+|
 |
 |xref:../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installing-bare-metal-network-customizations[&#10003;]
 |xref:../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installing-bare-metal-network-customizations[&#10003;]
-|xref:../installing/installing_vsphere/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[&#10003;]
+|xref:../installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[&#10003;]
 |
 |
 |
@@ -514,12 +497,12 @@ ifndef::openshift-origin[]
 |
 |
 |xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[&#10003;]
+|xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[&#10003;]
 |
 |
-|xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[&#10003;]
 |xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[&#10003;]
 |xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[&#10003;]
-|xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[&#10003;]
+|xref:../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[&#10003;]
 |
 |xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[&#10003;]
 |xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[&#10003;]
@@ -534,7 +517,7 @@ ifndef::openshift-origin[]
 |
 |
 |xref:../installing/installing_gcp/installing-gcp-user-infra-vpc.adoc#installing-gcp-user-infra-vpc[&#10003;]
-|
+|xref:../installing/installing_gcp/installing-gcp-user-infra-vpc.adoc#installing-gcp-user-infra-vpc[&#10003;]
 |
 |
 |
@@ -552,7 +535,8 @@ endif::openshift-origin[]
 //This table is for OKD only. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors.
 ifdef::openshift-origin[]
 |===
-||Alibaba |AWS |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |oVirt |Bare metal |vSphere |IBM Cloud VPC |{ibmzProductName} |{ibmzProductName} with {op-system-base} KVM |{ibmpowerProductName} |Platform agnostic
+||Alibaba |AWS |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack}|Bare metal |vSphere |{ibm-cloud-name} |{ibm-z-name} |{ibm-z-name} with {op-system-base} KVM |{ibm-power-name} |Platform agnostic
+
 
 |Custom
 |
@@ -562,16 +546,14 @@ ifdef::openshift-origin[]
 |xref:../installing/installing_gcp/installing-gcp-user-infra.adoc#installing-gcp-user-infra[&#10003;]
 |
 |xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[&#10003;]
-|xref:../installing/installing_rhv/installing-rhv-user-infra.adoc#installing-rhv-user-infra[&#10003;]
 |xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[&#10003;]
-|xref:../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[&#10003;]
+|xref:../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[&#10003;]
 |
 |xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[&#10003;]
 |xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[&#10003;]
 |xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[&#10003;]
 |xref:../installing/installing_platform_agnostic/installing-platform-agnostic.adoc#installing-platform-agnostic[&#10003;]
 
-// Add RHV UPI link when docs are available: https://github.com/openshift/openshift-docs/pull/26484
 
 |Network customization
 |
@@ -580,10 +562,9 @@ ifdef::openshift-origin[]
 |
 |
 |
-|xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[&#10003;]
 |
 |xref:../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installing-bare-metal-network-customizations[&#10003;]
-|xref:../installing/installing_vsphere/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[&#10003;]
+|xref:../installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[&#10003;]
 |
 |
 |
@@ -598,9 +579,8 @@ ifdef::openshift-origin[]
 |xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[&#10003;]
 |
 |
-|
 |xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[&#10003;]
-|xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[&#10003;]
+|xref:../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[&#10003;]
 |
 |xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[&#10003;]
 |xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[&#10003;]
@@ -622,8 +602,6 @@ ifdef::openshift-origin[]
 |
 |
 |
-|
-|
 |===
 endif::openshift-origin[]
 
diff --git a/installing/installing-troubleshooting.adoc b/installing/installing-troubleshooting.adoc
index f2330d138a3b..58d96243cad2 100644
--- a/installing/installing-troubleshooting.adoc
+++ b/installing/installing-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-troubleshooting"]
 = Troubleshooting installation issues
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_alibaba/installation-config-parameters-alibaba.adoc b/installing/installing_alibaba/installation-config-parameters-alibaba.adoc
new file mode 100644
index 000000000000..98d3191343fc
--- /dev/null
+++ b/installing/installing_alibaba/installation-config-parameters-alibaba.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-alibaba"]
+= Installation configuration parameters for Alibaba Cloud
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-alibaba
+:platform: Alibaba Cloud
+
+toc::[]
+
+Before you deploy an {product-title} cluster on Alibaba Cloud, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_alibaba/installing-alibaba-customizations.adoc b/installing/installing_alibaba/installing-alibaba-customizations.adoc
index 3fc08a24a635..2fa910eb7a9c 100644
--- a/installing/installing_alibaba/installing-alibaba-customizations.adoc
+++ b/installing/installing_alibaba/installing-alibaba-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-alibaba-customizations"]
 = Installing a cluster on Alibaba Cloud with customizations
 include::_attributes/common-attributes.adoc[]
@@ -33,12 +33,14 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_alibaba/installation-config-parameters-alibaba.adoc#installation-config-parameters-alibaba[Installation configuration parameters for Alibaba Cloud]
+
 include::modules/manually-creating-alibaba-manifests.adoc[leveloffset=+2]
 
 include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
-
 include::modules/installation-alibaba-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -67,4 +69,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 //Given that manual mode is required to install on Alibaba Cloud, I do not believe this xref is necessary.
-//* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+//* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_alibaba/installing-alibaba-default.adoc b/installing/installing_alibaba/installing-alibaba-default.adoc
index 2655c5bb74d2..37cd45b2c858 100644
--- a/installing/installing_alibaba/installing-alibaba-default.adoc
+++ b/installing/installing_alibaba/installing-alibaba-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-alibaba-default"]
 = Installing a cluster quickly on Alibaba Cloud
 include::_attributes/common-attributes.adoc[]
@@ -57,4 +57,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 //Given that manual mode is required to install on Alibaba Cloud, I do not believe this xref is necessary.
-//* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials]
+//* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials]
diff --git a/installing/installing_alibaba/installing-alibaba-network-customizations.adoc b/installing/installing_alibaba/installing-alibaba-network-customizations.adoc
index 16a4be1ef188..d0e2fc1358a8 100644
--- a/installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+++ b/installing/installing_alibaba/installing-alibaba-network-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-alibaba-network-customizations"]
 = Installing a cluster on Alibaba Cloud with network customizations
 include::_attributes/common-attributes.adoc[]
@@ -34,12 +34,14 @@ include::modules/nw-network-config.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_alibaba/installation-config-parameters-alibaba.adoc#installation-config-parameters-alibaba[Installation configuration parameters for Alibaba Cloud]
+
 include::modules/manually-creating-alibaba-manifests.adoc[leveloffset=+2]
 
 include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
-
 include::modules/installation-alibaba-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -77,4 +79,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 //Given that manual mode is required to install on Alibaba Cloud, I do not believe this xref is necessary.
-//* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
\ No newline at end of file
+//* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_alibaba/installing-alibaba-vpc.adoc b/installing/installing_alibaba/installing-alibaba-vpc.adoc
index ab7e6baa1500..08696b1d51ff 100644
--- a/installing/installing_alibaba/installing-alibaba-vpc.adoc
+++ b/installing/installing_alibaba/installing-alibaba-vpc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-alibaba-vpc"]
 = Installing a cluster on Alibaba Cloud into an existing VPC
 include::_attributes/common-attributes.adoc[]
@@ -35,7 +35,9 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+2]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_alibaba/installation-config-parameters-alibaba.adoc#installation-config-parameters-alibaba[Installation configuration parameters for Alibaba Cloud]
 
 include::modules/installation-alibaba-config-yaml.adoc[leveloffset=+2]
 
@@ -68,5 +70,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 //Given that manual mode is required to install on Alibaba Cloud, I do not believe this xref is necessary.
-//* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
-
+//* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_alibaba/manually-creating-alibaba-ram.adoc b/installing/installing_alibaba/manually-creating-alibaba-ram.adoc
index 8c4caa5e92d1..a2c28e3f6bc8 100644
--- a/installing/installing_alibaba/manually-creating-alibaba-ram.adoc
+++ b/installing/installing_alibaba/manually-creating-alibaba-ram.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="manually-creating-alibaba-ram"]
 = Creating the required Alibaba Cloud resources
 include::_attributes/common-attributes.adoc[]
@@ -18,7 +18,7 @@ include::modules/manually-creating-alibaba-ram-user.adoc[leveloffset=+1]
 include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
 
 //Task part 3: Creating Alibaba resources with a single command
 // modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+1]
diff --git a/installing/installing_alibaba/preparing-to-install-on-alibaba.adoc b/installing/installing_alibaba/preparing-to-install-on-alibaba.adoc
index 1df21d71d2fc..f38489249b90 100644
--- a/installing/installing_alibaba/preparing-to-install-on-alibaba.adoc
+++ b/installing/installing_alibaba/preparing-to-install-on-alibaba.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-alibaba"]
 = Preparing to install on Alibaba Cloud
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_alibaba/uninstall-cluster-alibaba.adoc b/installing/installing_alibaba/uninstall-cluster-alibaba.adoc
index 9b4fbbb22346..84a9b2665bd4 100644
--- a/installing/installing_alibaba/uninstall-cluster-alibaba.adoc
+++ b/installing/installing_alibaba/uninstall-cluster-alibaba.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-alibaba"]
 = Uninstalling a cluster on Alibaba Cloud
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_aws/installation-config-parameters-aws.adoc b/installing/installing_aws/installation-config-parameters-aws.adoc
new file mode 100644
index 000000000000..cc54edc7232f
--- /dev/null
+++ b/installing/installing_aws/installation-config-parameters-aws.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-aws"]
+= Installation configuration parameters for AWS
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-aws
+:platform: AWS
+
+toc::[]
+
+Before you deploy an {product-title} cluster on AWS, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_aws/installing-aws-account.adoc b/installing/installing_aws/installing-aws-account.adoc
index cda3cd0adcc9..8a5569419248 100644
--- a/installing/installing_aws/installing-aws-account.adoc
+++ b/installing/installing_aws/installing-aws-account.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-account"]
 = Configuring an AWS account
 include::_attributes/common-attributes.adoc[]
@@ -19,11 +19,6 @@ include::modules/installation-aws-permissions.adoc[leveloffset=+1]
 
 include::modules/installation-aws-iam-user.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS] for steps to set the Cloud Credential Operator (CCO) to manual mode prior to installation. Use this mode in environments where the cloud identity and access management (IAM) APIs are not reachable, or if you prefer not to store an administrator-level credential secret in the cluster `kube-system` project.
-
 include::modules/installation-aws-iam-policies-about.adoc[leveloffset=+1]
 
 include::modules/installation-aws-permissions-iam-roles.adoc[leveloffset=+2]
diff --git a/installing/installing_aws/installing-aws-china.adoc b/installing/installing_aws/installing-aws-china.adoc
index bda46256d655..af2857959a76 100644
--- a/installing/installing_aws/installing-aws-china.adoc
+++ b/installing/installing_aws/installing-aws-china.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-china-region"]
 = Installing a cluster on AWS China
 include::_attributes/common-attributes.adoc[]
@@ -18,11 +18,10 @@ In {product-title} version {product-version}, you can install a cluster to the f
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 
 include::modules/installation-aws-regions-with-no-ami.adoc[leveloffset=+1]
@@ -33,6 +32,7 @@ include::modules/private-clusters-default.adoc[leveloffset=+1]
 include::modules/private-clusters-about-aws.adoc[leveloffset=+2]
 
 include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
 
 include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
@@ -41,19 +41,71 @@ include::modules/installation-aws-upload-custom-rhcos-ami.adoc[leveloffset=+1]
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
+
 include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
 
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-china.adoc#manually-create-iam_installing-aws-china-region[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-china.adoc#installing-aws-with-short-term-creds_installing-aws-china-region[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-creating-at-once_installing-aws-china-region[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-creating-individually_installing-aws-china-region[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -71,4 +123,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-customizations.adoc b/installing/installing_aws/installing-aws-customizations.adoc
index 365b0b5c2b0d..201177336123 100644
--- a/installing/installing_aws/installing-aws-customizations.adoc
+++ b/installing/installing_aws/installing-aws-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-customizations"]
 = Installing a cluster on AWS with customizations
 include::_attributes/common-attributes.adoc[]
@@ -25,10 +25,9 @@ The scope of the {product-title} installation configurations is intentionally na
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -40,10 +39,17 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
@@ -52,10 +58,51 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-creating-at-once_installing-aws-customizations[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-creating-individually_installing-aws-customizations[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -77,4 +124,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-default.adoc b/installing/installing_aws/installing-aws-default.adoc
index 30daa9bf5e18..0c59c1260854 100644
--- a/installing/installing_aws/installing-aws-default.adoc
+++ b/installing/installing_aws/installing-aws-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-default"]
 = Installing a cluster quickly on AWS
 include::_attributes/common-attributes.adoc[]
@@ -17,10 +17,9 @@ Amazon Web Services (AWS) that uses the default configuration options.
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials]. Manual mode can also be used in environments where the cloud IAM APIs are not reachable.
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -58,4 +57,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-expanding-a-cluster-with-on-premise-bare-metal-nodes.adoc b/installing/installing_aws/installing-aws-expanding-a-cluster-with-on-premise-bare-metal-nodes.adoc
deleted file mode 100644
index eb3cea8854fd..000000000000
--- a/installing/installing_aws/installing-aws-expanding-a-cluster-with-on-premise-bare-metal-nodes.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-:_content-type: ASSEMBLY
-[id="expanding-a-cluster-with-on-premise-bare-metal-nodes"]
-= Expanding a cluster with on-premise bare metal nodes
-include::_attributes/common-attributes.adoc[]
-:context: expanding-a-cluster-with-on-premise-bare-metal-nodes
-
-toc::[]
-
-You can expand an {product-title} cluster deployed on AWS by adding bare-metal nodes to the cluster. By default, a cluster deployed on AWS with {product-title} 4.11 or earlier has the Baremetal Operator (BMO) disabled. In {product-title} 4.12 and later releases, the BMO is enabled to support a hybrid cloud consisting of AWS control plane nodes and worker nodes with additional on-premise bare-metal worker nodes.
-
-Expanding an {product-title} cluster deployed on AWS requires using virtual media with bare-metal nodes that meet the xref:../installing_bare_metal_ipi/ipi-install-prerequisites.adoc#node-requirements_ipi-install-prerequisites[node requirements] and xref:../installing_bare_metal_ipi/ipi-install-prerequisites.adoc#ipi-install-firmware-requirements-for-installing-with-virtual-media_ipi-install-prerequisites[firmware requirements] for installing with virtual media. A `provisioning` network is not required, and if present, should be xref:../installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#modifying-install-config-for-no-provisioning-network_ipi-install-installation-workflow[disabled].
-
-include::modules/installation-aws_con_connecting-the-vpc-to-the-on-premise-network.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources-aws-vpc"]
-.Additional resources
-
-* link:https://docs.aws.amazon.com/vpc/?icmpid=docs_homepage_featuredsvcs[Amazon VPC]
-* link:https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[VPC peering]
-
-include::modules/installation-aws_proc_creating-firewall-rules-for-port-6183.adoc[leveloffset=+1]
-
-After you have the networking configured, you can proceed with xref:../installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#ipi-install-expanding-the-cluster[expanding the cluster].
\ No newline at end of file
diff --git a/installing/installing_aws/installing-aws-government-region.adoc b/installing/installing_aws/installing-aws-government-region.adoc
index fe35c5e19120..11bdcbb9fb7b 100644
--- a/installing/installing_aws/installing-aws-government-region.adoc
+++ b/installing/installing_aws/installing-aws-government-region.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-government-region"]
 = Installing a cluster on AWS into a government region
 include::_attributes/common-attributes.adoc[]
@@ -19,10 +19,9 @@ install the cluster.
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/installation-aws-about-government-region.adoc[leveloffset=+1]
 
@@ -32,6 +31,7 @@ include::modules/private-clusters-default.adoc[leveloffset=+1]
 include::modules/private-clusters-about-aws.adoc[leveloffset=+2]
 
 include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -42,19 +42,71 @@ include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+1]
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
 
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-government-region.adoc#manually-create-iam_installing-aws-government-region[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-government-region.adoc#installing-aws-with-short-term-creds_installing-aws-government-region[Incorporating the Cloud Credential Operator utility manifests].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-creating-at-once_installing-aws-government-region[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-creating-individually_installing-aws-government-region[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -76,4 +128,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-localzone.adoc b/installing/installing_aws/installing-aws-localzone.adoc
index 2e6120ddaeeb..d8b548391d35 100644
--- a/installing/installing_aws/installing-aws-localzone.adoc
+++ b/installing/installing_aws/installing-aws-localzone.adoc
@@ -1,24 +1,18 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-localzone"]
-= Installing a cluster using AWS Local Zones
+= Installing a cluster on AWS with worker nodes on AWS Local Zones
 include::_attributes/common-attributes.adoc[]
 :context: installing-aws-localzone
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a cluster on Amazon Web Services (AWS) into an existing VPC, extending workers to the edge of the Cloud Infrastructure using AWS Local Zones.
+You can quickly install an {product-title} cluster in Amazon Web Services (AWS) Local Zones by setting the zone names in the edge compute pool of the `install-config.yaml` file, or install a cluster in an existing VPC that lists Local Zone subnets.
 
-After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets.
-
-AWS Local Zones are a type of infrastructure that place Cloud Resources close to the metropolitan regions. For more information, see the link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-local-zones[AWS Local Zones Documentation].
-
-{product-title} can be installed in existing VPCs with Local Zone subnets. The Local Zone subnets can be used to extend the regular workers' nodes to the edge networks. The edge worker nodes are dedicated to running user workloads.
-
-One way to create the VPC and subnets is to use the provided CloudFormation templates. You can modify the templates to customize your infrastructure or use the information that they contain to create AWS objects according to your company's policies.
+AWS Local Zones are a type of infrastructure that place Cloud Resources close to metropolitan regions. For more information, see the link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-local-zones[AWS Local Zones Documentation].
 
 [IMPORTANT]
 ====
-The steps for performing an installer-provisioned infrastructure installation are provided as an example only. Installing a cluster with VPC you provide requires knowledge of the cloud provider and the installation process of {product-title}. The CloudFormation templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods; the templates are just an example.
+The steps for performing an installer-provisioned infrastructure installation are provided for example purposes only. Installing a cluster in an existing VPC requires that you have knowledge of the cloud provider and the installation process of {product-title}. You can use a CloudFormation template to assist you with completing these steps or to help model your own cluster installation. Instead of using the CloudFormation template to create resources, you can decide to use other methods for generating these resources.
 ====
 
 == Prerequisites
@@ -29,7 +23,7 @@ The steps for performing an installer-provisioned infrastructure installation ar
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * You noted the region and supported link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/locations[AWS Local Zones locations] to create the network resources in.
 * You read the link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[Features] for each AWS Local Zones location.
@@ -40,7 +34,6 @@ If you have an AWS profile stored on your computer, it must not use a temporary
 ====
 Be sure to also review this site list if you are configuring a proxy.
 ====
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 * Add permission for the user who creates the cluster to modify the Local Zone group with `ec2:ModifyAvailabilityZoneGroup`. For example:
 +
 .An example of a permissive IAM policy to attach to a user or role
@@ -60,61 +53,163 @@ Be sure to also review this site list if you are configuring a proxy.
 }
 ----
 
+// Cluster limitations in AWS Local Zones
 include::modules/cluster-limitations-local-zone.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../storage/understanding-persistent-storage.html#pvc-storage-class_understanding-persistent-storage[Storage classes]
+* xref:../../storage/understanding-persistent-storage.adoc#pvc-storage-class_understanding-persistent-storage[Storage classes]
 
+* xref:../../networking/ingress-sharding.html#nw-ingress-sharding_ingress-sharding[Ingress Controller sharding]
+
+// Internet access for OpenShift Container Platform
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
+// Obtaining an AWS Marketplace image
 include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+1]
 
-include::modules/installation-creating-aws-vpc-localzone.adoc[leveloffset=+1]
-
-include::modules/installation-cloudformation-vpc-localzone.adoc[leveloffset=+2]
-
-include::modules/installation-aws-add-local-zone-locations.adoc[leveloffset=+1]
-
-include::modules/installation-creating-aws-subnet-localzone.adoc[leveloffset=+1]
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
-include::modules/installation-cloudformation-subnet-localzone.adoc[leveloffset=+2]
+== Preparing for the installation
 
-[role="_additional-resources"]
-.Additional resources
+Before you extend nodes to local zones, you must prepare certain resources for the cluster installation environment.
 
-* You can view details about the CloudFormation stacks that you create by navigating to the link:https://console.aws.amazon.com/cloudformation/[AWS CloudFormation console].
+// Obtaining the installation program
+include::modules/installation-obtaining-installer.adoc[leveloffset=+2]
 
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+// Generating a key pair for cluster node SSH access
+include::modules/ssh-agent-using.adoc[leveloffset=+2]
 
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
+// Creating the installation files for AWS
+include::modules/installation-user-infra-generate.adoc[leveloffset=+2]
 
-include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
+// Minimum resource requirements for cluster installation
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+// Tested instance types for AWS
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-* See link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Local Zones features] in the AWS documentation for more information about AWS Local Zones and the supported instances types and services. 
+* See link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Local Zones features] in the AWS documentation for more information about AWS Local Zones and the supported instances types and services.
 
+// Creating the installation configuration file
 include::modules/installation-generate-aws-user-infra-install-config.adoc[leveloffset=+2]
 // Suggest to standarize edge-pool's specific files with same prefixes, like: machine-edge-pool-[...] or compute-edge-pool-[...] (which is more compatible with install-config.yaml/compute)
-include::modules/machines-edge-machine-pool.adoc[leveloffset=+2]
-include::modules/edge-machine-pools-aws-local-zones.adoc[leveloffset=+3]
+
+// Edge compute pools and AWS Local Zones
+include::modules/edge-machine-pools-aws-local-zones.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../networking/changing-cluster-network-mtu.adoc#mtu-value-selection_changing-cluster-network-mtu[Changing the MTU for the cluster network]
 * xref:../../networking/changing-cluster-network-mtu.adoc#nw-ovn-ipsec-enable_configuring-ipsec-ovn[Enabling IPsec encryption]
+* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-about_nodes-scheduler-taints-tolerations[Understanding taints and tolerations]
+
+////
+// Revisit the need for the link to this section based on testing outcome of 4.15 Wavelenght Zone testing work that also assesses Manual STS, Manual long-term, and Mint routes.
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+== Optional: Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+[NOTE]
+====
+To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
+====
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+=== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-localzone.adoc#cco-ccoctl-creating-at-once_installing-aws-localzone[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-localzone.adoc#cco-ccoctl-creating-individually_installing-aws-localzone[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
+////
+
+// Opting in to AWS Local Zones
+include::modules/installation-aws-add-local-zone-locations.adoc[leveloffset=+1]
+
+// Cluster installation options for an AWS Local Zone environment
+include::modules/aws-cluster-installation-options-aws-lzs.adoc[leveloffset=+1]
+
+.Next steps
+
+Choose one of the following options to install an {product-title} cluster in an AWS Local Zones environment:
 
+* xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-cluster-quickly-extend-workers_installing-aws-localzone[Installing a cluster quickly in AWS Local Zones]
+* xref:../../installing/installing_aws/installing-aws-localzone.adoc#creating-aws-local-zone-environment-existing_installing-aws-localzone[Installing a cluster in an existing VPC with defined Local Zone subnets]
+
+// Installing a cluster quickly in AWS Local Zones
+include::modules/installation-cluster-quickly-extend-workers.adoc[leveloffset=+1]
+
+// Modifying an installation configuration to use AWS Local Zones
 include::modules/install-creating-install-config-aws-local-zones.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
+* xref:../../installing/installing_aws/installing-aws-localzone.adoc#cluster-limitations-local-zone_installing-aws-localzone[Creating the installation configuration file]
+
+* xref:../../installing/installing_aws/installing-aws-localzone.adoc#cluster-limitations-local-zone_installing-aws-localzone[Cluster limitations in AWS Local Zones]
+
+.Next steps
+* xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-launching-installer_installing-aws-localzone[Deploying the cluster]
+
+[id="creating-aws-local-zone-environment-existing_{context}"]
+== Installing a cluster in an existing VPC that has Local Zone subnets
+
+You can install a cluster into an existing Amazon Virtual Private Cloud (VPC) on Amazon Web Services (AWS). The installation program provisions the rest of the required infrastructure, which you can further customize. To customize the installation, modify parameters in the `install-config.yaml` file before you install the cluster.
+
+Installing a cluster on AWS into an existing VPC requires extending workers to the edge of the Cloud Infrastructure by using AWS Local Zones.
+
+Local Zone subnets extend regular workers' nodes to edge networks. Each edge worker nodes runs a user workload. After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets.
+
+You can use a provided CloudFormation template to create the VPC and public subnets. Additionally, you can modify a template to customize your infrastructure or use the information that they contain to create AWS objects according to your company's policies.
+
+[NOTE]
+====
+If you want to create private subnets, you must either modify the provided CloudFormation template or create your own template.
+====
+
+// Creating a VPC in AWS
+include::modules/installation-creating-aws-vpc-localzone.adoc[leveloffset=+2]
+// Creating a subnet in AWS Local Zones
+include::modules/installation-creating-aws-subnet-localzone.adoc[leveloffset=+2]
+// CloudFormation template for the VPC
+include::modules/installation-cloudformation-vpc-localzone.adoc[leveloffset=+2]
+// AWS security groups
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
+// CloududFormation template for the subnet that uses AWS Local Zones
+include::modules/installation-cloudformation-subnet-localzone.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* You can view details about the CloudFormation stacks that you create by navigating to the link:https://console.aws.amazon.com/cloudformation/[AWS CloudFormation console].
+
+// Modifying an installation configuration file to use AWS Local Zones subnets
+include::modules/install-creating-install-config-aws-local-zones-subnets.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
 * See link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[Configuration and credential file settings] in the AWS documentation for more information about AWS profile and credential configuration.
 
 //include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -123,16 +218,34 @@ include::modules/install-creating-install-config-aws-local-zones.adoc[leveloffse
 // Verify removal due to automation.
 // include::modules/installation-localzone-generate-k8s-manifest.adoc[leveloffset=+2]
 
+////
+// Revisit the need for the link to this section based on testing outcome of 4.15 Wavelenght Zone testing work that also assesses Manual STS, Manual long-term, and Mint routes.
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-localzone.adoc#cco-ccoctl-install-creating-manifests_installing-aws-localzone[Incorporating the Cloud Credential Operator utility manifests].
+
+* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-localzone.adoc#manually-create-iam_installing-aws-localzone[Manually creating long-term credentials].
 
+// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
+
+//Manually creating IAM
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+////
+
+// Deploying the cluster
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
 .Next steps
 * xref:../../post_installation_configuration/cluster-tasks.adoc#installation-extend-edge-nodes-aws-local-zones_post-install-cluster-tasks[Creating user workloads in AWS Local Zones]
 
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
+// Logging in to the cluster by using the CLI
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
+// Logging in to the cluster by using the web console
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -140,8 +253,10 @@ include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
 
 * See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
 
+// Verifying nodes that were created with edge compute pool
 include::modules/machine-edge-pool-review-nodes.adoc[leveloffset=+1]
 
+// Telemetry access for OpenShift Container Platform
 include::modules/cluster-telemetry.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -156,4 +271,7 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+////
+// Revisit the need for the link to this section based on testing outcome of 4.15 Wavelenght Zone testing work that also assesses Manual STS, Manual long-term, and Mint routes.
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
+////
diff --git a/installing/installing_aws/installing-aws-network-customizations.adoc b/installing/installing_aws/installing-aws-network-customizations.adoc
index 9e7874e03cfa..cb8ca11d1458 100644
--- a/installing/installing_aws/installing-aws-network-customizations.adoc
+++ b/installing/installing_aws/installing-aws-network-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-network-customizations"]
 = Installing a cluster on AWS with network customizations
 include::_attributes/common-attributes.adoc[]
@@ -24,10 +24,9 @@ cluster.
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 // TODO
 // Concept that describes networking
 
@@ -41,10 +40,17 @@ include::modules/nw-network-config.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 
@@ -52,6 +58,49 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#manually-create-iam_installing-aws-network-customizations[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-network-customizations[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-creating-at-once_installing-aws-network-customizations[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-creating-individually_installing-aws-network-customizations[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
 // Network Operator specific configuration
 include::modules/nw-operator-cr.adoc[leveloffset=+1]
 include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
@@ -74,8 +123,6 @@ For more information on using Linux and Windows nodes in the same cluster, see x
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -97,4 +144,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-outposts-remote-workers.adoc b/installing/installing_aws/installing-aws-outposts-remote-workers.adoc
index 9655931e0278..7fb7ab1ef017 100644
--- a/installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+++ b/installing/installing_aws/installing-aws-outposts-remote-workers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-outposts-remote-workers"]
 = Installing a cluster on AWS with remote workers on AWS Outposts
 include::_attributes/common-attributes.adoc[]
@@ -27,13 +27,13 @@ In order to install a cluster with remote workers in AWS Outposts, all worker in
 +
 [IMPORTANT]
 ====
-Since the cluster uses the provided AWS credentials to create AWS resources for its entire life cycle, the credentials must be key-based and long-lived. So, If you have an AWS profile stored on your computer, it must not use a temporary session token, generated while using a multi-factor authentication device. For more information about generating the appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You may supply the keys when you run the installation program.
+Since the cluster uses the provided AWS credentials to create AWS resources for its entire life cycle, the credentials must be key-based and long-term. So, If you have an AWS profile stored on your computer, it must not use a temporary session token, generated while using a multi-factor authentication device. For more information about generating the appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You may supply the keys when you run the installation program.
 ====
 * You have access to an existing Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS). See the section "About using a custom VPC" for more information.
 * If a firewall is used, it was xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -43,20 +43,69 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-identify-supported-aws-outposts-instance-types.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
+include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
 
 include::modules/installation-aws-editing-manifests.adoc[leveloffset=+1]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#manually-create-iam_installing-aws-outposts-remote-workers[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#installing-aws-with-short-term-creds_installing-aws-outposts-remote-workers[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-at-once_installing-aws-outposts-remote-workers[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-individually_installing-aws-outposts-remote-workers[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -99,4 +148,4 @@ $ oc annotate --overwrite storageclass gp2-csi storageclass.kubernetes.io/is-def
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-private.adoc b/installing/installing_aws/installing-aws-private.adoc
index 5dfe06670e8f..76705a4ef34a 100644
--- a/installing/installing_aws/installing-aws-private.adoc
+++ b/installing/installing_aws/installing-aws-private.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-private"]
 = Installing a private cluster on AWS
 include::_attributes/common-attributes.adoc[]
@@ -17,16 +17,16 @@ parameters in the `install-config.yaml` file before you install the cluster.
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/private-clusters-default.adoc[leveloffset=+1]
 
 include::modules/private-clusters-about-aws.adoc[leveloffset=+2]
 
 include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -36,10 +36,17 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 
@@ -47,10 +54,53 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
 
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-private.adoc#manually-create-iam_installing-aws-private[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-private.adoc#installing-aws-with-short-term-creds_installing-aws-private[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-creating-at-once_installing-aws-private[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-creating-individually_installing-aws-private[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -72,4 +122,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-secret-region.adoc b/installing/installing_aws/installing-aws-secret-region.adoc
index 0247f5f4f9bb..926609adc0c5 100644
--- a/installing/installing_aws/installing-aws-secret-region.adoc
+++ b/installing/installing_aws/installing-aws-secret-region.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-secret-region"]
 = Installing a cluster on AWS into a Secret or Top Secret Region
 include::_attributes/common-attributes.adoc[]
@@ -22,10 +22,9 @@ To configure a cluster in either region, you change parameters in the `install c
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multifactor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multifactor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/installation-aws-about-government-region.adoc[leveloffset=+1]
 
@@ -35,6 +34,7 @@ include::modules/private-clusters-default.adoc[leveloffset=+1]
 include::modules/private-clusters-about-aws.adoc[leveloffset=+2]
 
 include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -45,15 +45,61 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
-include::modules/installation-supported-aws-machine-types.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
+
+include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-secret-region.adoc#manually-create-iam_installing-aws-secret-region[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-secret-region.adoc#installing-aws-with-short-term-creds_installing-aws-secret-region[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-creating-at-once_installing-aws-secret-region[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-creating-individually_installing-aws-secret-region[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -75,4 +121,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-three-node.adoc b/installing/installing_aws/installing-aws-three-node.adoc
index 4bc6d680896c..c681ed042a2a 100644
--- a/installing/installing_aws/installing-aws-three-node.adoc
+++ b/installing/installing_aws/installing-aws-three-node.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-three-node"]
 = Installing a three-node cluster on AWS
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_aws/installing-aws-user-infra.adoc b/installing/installing_aws/installing-aws-user-infra.adoc
index 3969e2298acf..735a49a64b0f 100644
--- a/installing/installing_aws/installing-aws-user-infra.adoc
+++ b/installing/installing_aws/installing-aws-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-user-infra"]
 = Installing a cluster on user-provisioned infrastructure in AWS by using CloudFormation templates
 include::_attributes/common-attributes.adoc[]
@@ -24,7 +24,7 @@ The steps for performing a user-provisioned infrastructure installation are prov
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * You downloaded the AWS CLI and installed it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or UNIX)] in the AWS documentation.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
@@ -33,7 +33,7 @@ If you have an AWS profile stored on your computer, it must not use a temporary
 ====
 Be sure to also review this site list if you are configuring a proxy.
 ====
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[manually create and maintain long-term credentials].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -47,12 +47,16 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 include::modules/csr-management.adoc[leveloffset=+2]
 
-include::modules/installation-supported-aws-machine-types.adoc[leveloffset=+2]
-
 include::modules/installation-aws-user-infra-requirements.adoc[leveloffset=+1]
 
 include::modules/installation-aws-permissions.adoc[leveloffset=+2]
@@ -165,7 +169,7 @@ include::modules/installation-aws-user-infra-bootstrap.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* See xref:../../support/troubleshooting/troubleshooting-installations.html#monitoring-installation-progress_troubleshooting-installations[Monitoring installation progress] for details about monitoring the installation, bootstrap, and control plane logs as an {product-title} installation progresses.
+* See xref:../../support/troubleshooting/troubleshooting-installations.adoc#monitoring-installation-progress_troubleshooting-installations[Monitoring installation progress] for details about monitoring the installation, bootstrap, and control plane logs as an {product-title} installation progresses.
 
 * See xref:../../support/troubleshooting/troubleshooting-installations.adoc#gathering-bootstrap-diagnostic-data_troubleshooting-installations[Gathering bootstrap node diagnostic data] for information about troubleshooting issues related to the bootstrap process.
 
@@ -219,4 +223,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-aws-vpc.adoc b/installing/installing_aws/installing-aws-vpc.adoc
index 53f1a4e4259f..fbea0d32863b 100644
--- a/installing/installing_aws/installing-aws-vpc.adoc
+++ b/installing/installing_aws/installing-aws-vpc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-aws-vpc"]
 = Installing a cluster on AWS into an existing VPC
 include::_attributes/common-attributes.adoc[]
@@ -14,15 +14,17 @@ parameters in the `install-config.yaml` file before you install the cluster.
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster.
+* If the existing VPC is owned by a different account than the cluster, you link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[shared the VPC] between accounts.
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
+include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
+include::modules/installation-aws-permissions-iam-shared-vpc.adoc[leveloffset=+2]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -32,10 +34,17 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 
@@ -43,10 +52,53 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
 
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-vpc.adoc#manually-create-iam_installing-aws-vpc[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-with-short-term-creds_installing-aws-vpc[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-creating-at-once_installing-aws-vpc[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-creating-individually_installing-aws-vpc[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
@@ -68,4 +120,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc b/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
index 5aea22557e62..59c02c75c061 100644
--- a/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
+++ b/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-aws-installer-provisioned"]
 = Installing a cluster on AWS in a restricted network
 include::_attributes/common-attributes.adoc[]
@@ -26,7 +26,7 @@ Because the installation media is on the mirror host, you can use that computer
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * You downloaded the AWS CLI and installed it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)] in the AWS documentation.
 * If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
@@ -35,7 +35,6 @@ If you have an AWS profile stored on your computer, it must not use a temporary
 ====
 If you are configuring a proxy, be sure to also review this site list.
 ====
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
 
 include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
 
@@ -47,18 +46,66 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-aws-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-aws-installer-provisioned[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-aws-with-short-term-creds_installing-restricted-networks-aws-installer-provisioned[Configuring an AWS cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an AWS cluster to use short-term credentials
+[id="installing-aws-with-short-term-creds_{context}"]
+=== Configuring an AWS cluster to use short-term credentials
+
+To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required AWS resources
+[id="sts-mode-create-aws-resources-ccoctl_{context}"]
+==== Creating AWS resources with the Cloud Credential Operator utility
+
+You have the following options when creating AWS resources:
+
+* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-creating-at-once_installing-restricted-networks-aws-installer-provisioned[Creating AWS resources with a single command].
+
+* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-creating-individually_installing-restricted-networks-aws-installer-provisioned[Creating AWS resources individually].
+
+//Task part 2a: Creating the required AWS resources all at once
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
+
+//Task part 2b: Creating the required AWS resources individually
+include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
diff --git a/installing/installing_aws/installing-restricted-networks-aws.adoc b/installing/installing_aws/installing-restricted-networks-aws.adoc
index 79133000e7fd..4903ec0e652e 100644
--- a/installing/installing_aws/installing-restricted-networks-aws.adoc
+++ b/installing/installing_aws/installing-restricted-networks-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-aws"]
 = Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
@@ -40,7 +40,7 @@ Because the installation media is on the mirror host, you can use that computer
 +
 [IMPORTANT]
 ====
-If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
+If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
 ====
 * You downloaded the AWS CLI and installed it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)] in the AWS documentation.
 * If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
@@ -49,7 +49,7 @@ If you have an AWS profile stored on your computer, it must not use a temporary
 ====
 Be sure to also review this site list if you are configuring a proxy.
 ====
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[manually create and maintain long-term credentials].
 
 include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
 
@@ -65,12 +65,16 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
 include::modules/csr-management.adoc[leveloffset=+2]
 
-include::modules/installation-supported-aws-machine-types.adoc[leveloffset=+2]
-
 include::modules/installation-aws-user-infra-requirements.adoc[leveloffset=+1]
 
 include::modules/installation-aws-permissions.adoc[leveloffset=+2]
@@ -94,8 +98,13 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 //include::modules/installation-three-node-cluster.adoc[leveloffset=+2]
 
+// Creating the Kubernetes manifest and Ignition config files
 include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-aws-installer-provisioned[Manually creating long-term credentials]
+
 include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
 
 include::modules/installation-creating-aws-vpc.adoc[leveloffset=+1]
@@ -148,7 +157,7 @@ include::modules/installation-aws-user-infra-bootstrap.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* See xref:../../support/troubleshooting/troubleshooting-installations.html#monitoring-installation-progress_troubleshooting-installations[Monitoring installation progress] for details about monitoring the installation, bootstrap, and control plane logs as an {product-title} installation progresses.
+* See xref:../../support/troubleshooting/troubleshooting-installations.adoc#monitoring-installation-progress_troubleshooting-installations[Monitoring installation progress] for details about monitoring the installation, bootstrap, and control plane logs as an {product-title} installation progresses.
 
 * See xref:../../support/troubleshooting/troubleshooting-installations.adoc#gathering-bootstrap-diagnostic-data_troubleshooting-installations[Gathering bootstrap node diagnostic data] for information about troubleshooting issues related to the bootstrap process.
 
@@ -203,4 +212,5 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks].
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_aws/preparing-to-install-on-aws.adoc b/installing/installing_aws/preparing-to-install-on-aws.adoc
index 18a9a35bd265..ec149250abc5 100644
--- a/installing/installing_aws/preparing-to-install-on-aws.adoc
+++ b/installing/installing_aws/preparing-to-install-on-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-aws"]
 = Preparing to install on AWS
 include::_attributes/common-attributes.adoc[]
@@ -17,7 +17,7 @@ toc::[]
 
 Before installing {product-title} on Amazon Web Services (AWS), you must create an AWS account. See xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configuring an AWS account] for details about configuring an account, account limits, account permissions, IAM user setup, and supported AWS regions.
 
-If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS] for other options, including xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-mode-sts[configuring the Cloud Credential Operator (CCO) to use the Amazon Web Services Security Token Service (AWS STS)].
+If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS] or xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[configuring an AWS cluster to use short-term credentials] with Amazon Web Services Security Token Service (AWS STS).
 
 [id="choosing-an-method-to-install-ocp-on-aws"]
 == Choosing a method to install {product-title} on AWS
@@ -29,7 +29,7 @@ See xref:../../architecture/architecture-installation.adoc#installation-process_
 [id="choosing-an-method-to-install-ocp-on-aws-single-node"]
 === Installing a cluster on a single node
 
-Installing {product-title} on a single node alleviates some of the requirements for high availability and large scale clusters. However, you must address the xref:../../installing/installing_sno/install-sno-preparing-to-install-sno.adoc#install-sno-requirements-for-installing-on-a-single-node_install-sno-preparing[requirements for installing on a single node], and the xref:../../installing/installing_sno/install-sno-installing-sno.adoc#additional-requirements-for-installing-on-a-single-node-on-aws_install-sno-installing-sno-with-the-assisted-installer[additional requirements for installing on a single node on AWS]. After addressing the requirements for single node installation, use the xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Installing a customized cluster on AWS] procedure to install the cluster. The xref:../../installing/installing_sno/install-sno-installing-sno.adoc#install-sno-installing-sno-manually[installing single-node OpenShift manually] section contains an exemplary `install-config.yaml` file when installing an {product-title} cluster on a single node.
+Installing {product-title} on a single node alleviates some of the requirements for high availability and large scale clusters. However, you must address the xref:../../installing/installing_sno/install-sno-preparing-to-install-sno.adoc#install-sno-requirements-for-installing-on-a-single-node_install-sno-preparing[requirements for installing on a single node], and the xref:../../installing/installing_sno/install-sno-installing-sno.adoc#additional-requirements-for-installing-sno-on-a-cloud-provider_install-sno-installing-sno-with-the-assisted-installer[additional requirements for installing {sno} on a cloud provider]. After addressing the requirements for single node installation, use the xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Installing a customized cluster on AWS] procedure to install the cluster. The xref:../../installing/installing_sno/install-sno-installing-sno.adoc#install-sno-installing-sno-manually[installing single-node OpenShift manually] section contains an exemplary `install-config.yaml` file when installing an {product-title} cluster on a single node.
 
 [id="choosing-an-method-to-install-ocp-on-aws-installer-provisioned"]
 === Installing a cluster on installer-provisioned infrastructure
diff --git a/installing/installing_aws/uninstalling-cluster-aws.adoc b/installing/installing_aws/uninstalling-cluster-aws.adoc
index 1a856732afb2..904a0c030620 100644
--- a/installing/installing_aws/uninstalling-cluster-aws.adoc
+++ b/installing/installing_aws/uninstalling-cluster-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-aws"]
 = Uninstalling a cluster on AWS
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_azure/enabling-user-managed-encryption-azure.adoc b/installing/installing_azure/enabling-user-managed-encryption-azure.adoc
index efa301c928c7..617db1dc2de5 100644
--- a/installing/installing_azure/enabling-user-managed-encryption-azure.adoc
+++ b/installing/installing_azure/enabling-user-managed-encryption-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-user-managed-encryption-azure"]
 = Enabling user-managed encryption for Azure
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_azure/installation-config-parameters-azure.adoc b/installing/installing_azure/installation-config-parameters-azure.adoc
new file mode 100644
index 000000000000..44c10ebe1e93
--- /dev/null
+++ b/installing/installing_azure/installation-config-parameters-azure.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-azure"]
+= Installation configuration parameters for Azure
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-azure
+:platform: Azure
+
+toc::[]
+
+Before you deploy an {product-title} cluster on Microsoft Azure, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_azure/installing-azure-account.adoc b/installing/installing_azure/installing-azure-account.adoc
index 95f2c8420bfb..9b9eab147833 100644
--- a/installing/installing_azure/installing-azure-account.adoc
+++ b/installing/installing_azure/installing-azure-account.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-account"]
 = Configuring an Azure account
 include::_attributes/common-attributes.adoc[]
@@ -6,8 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Before you can install {product-title}, you must configure a Microsoft Azure
-account.
+Before you can install {product-title}, you must configure a Microsoft Azure account to meet installation requirements.
 
 [IMPORTANT]
 ====
@@ -29,16 +28,19 @@ include::modules/installation-azure-network-config.adoc[leveloffset=+1]
 
 include::modules/installation-azure-increasing-limits.adoc[leveloffset=+1]
 
-include::modules/installation-azure-permissions.adoc[leveloffset=+1]
+include::modules/installation-azure-subscription-tenant-id.adoc[leveloffset=+1]
 
-include::modules/minimum-required-permissions-ipi-azure.adoc[leveloffset=+1]
+include::modules/installation-azure-identities.adoc[leveloffset=+1]
 
-include::modules/installation-azure-service-principal.adoc[leveloffset=+1]
+include::modules/installation-azure-permissions.adoc[leveloffset=+2]
+include::modules/minimum-required-permissions-ipi-azure.adoc[leveloffset=+2]
+include::modules/installation-using-azure-managed-identities.adoc[leveloffset=+2]
+include::modules/installation-creating-azure-service-principal.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-* For more information about CCO modes, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator-modes[About the Cloud Credential Operator].
+* xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator-modes[About the Cloud Credential Operator]
 
 include::modules/installation-azure-marketplace.adoc[leveloffset=+1]
 
diff --git a/installing/installing_azure/installing-azure-customizations.adoc b/installing/installing_azure/installing-azure-customizations.adoc
index 13967aa1cd82..64ef42189111 100644
--- a/installing/installing_azure/installing-azure-customizations.adoc
+++ b/installing/installing_azure/installing-azure-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-customizations"]
 = Installing a cluster on Azure with customizations
 include::_attributes/common-attributes.adoc[]
@@ -18,7 +18,6 @@ parameters in the `install-config.yaml` file before you install the cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials].
 * If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
@@ -29,20 +28,26 @@ include::modules/installation-azure-marketplace-subscribe.adoc[leveloffset=+1]
 
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
-include::modules/installation-user-defined-tags-azure.adoc[leveloffset=+1]
-
-include::modules/querying-user-defined-tags-azure.adoc[leveloffset=+1]
-
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-azure[Installation configuration parameters for Azure]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2]
+include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2]
+
 include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -52,10 +57,42 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 * For more details about Accelerated Networking, see xref:../../machine_management/creating_machinesets/creating-machineset-azure.adoc#machineset-azure-accelerated-networking_creating-machineset-azure[Accelerated Networking for Microsoft Azure VMs].
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+include::modules/installation-user-defined-tags-azure.adoc[leveloffset=+1]
 
+include::modules/querying-user-defined-tags-azure.adoc[leveloffset=+1]
+
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede manual cred (short and long) steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-azure-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-with-short-term-creds_installing-azure-customizations[Configuring an Azure cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an Azure cluster to use short-term credentials
+[id="installing-azure-with-short-term-creds_{context}"]
+=== Configuring an Azure cluster to use short-term credentials
+
+To install a cluster that uses Azure AD Workload Identity, you must configure the Cloud Credential Operator utility and create the required Azure resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required Azure resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_azure/installing-azure-default.adoc b/installing/installing_azure/installing-azure-default.adoc
index 39dd5e3ea0da..b184f29cf1ad 100644
--- a/installing/installing_azure/installing-azure-default.adoc
+++ b/installing/installing_azure/installing-azure-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-default"]
 = Installing a cluster quickly on Azure
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,6 @@ Microsoft Azure that uses the default configuration options.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
diff --git a/installing/installing_azure/installing-azure-government-region.adoc b/installing/installing_azure/installing-azure-government-region.adoc
index 6bed17ab0878..e8b496a0ba56 100644
--- a/installing/installing_azure/installing-azure-government-region.adoc
+++ b/installing/installing_azure/installing-azure-government-region.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-government-region"]
 = Installing a cluster on Azure into a government region
 include::_attributes/common-attributes.adoc[]
@@ -17,7 +17,7 @@ cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated government region to deploy the cluster to.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials].
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[manually create and maintain long-term credentials].
 * If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
 
 include::modules/installation-azure-about-government-region.adoc[leveloffset=+1]
@@ -38,12 +38,22 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-azure[Installation configuration parameters for Azure]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2]
+include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2]
+
 include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_azure/installing-azure-network-customizations.adoc b/installing/installing_azure/installing-azure-network-customizations.adoc
index b16643bce98c..db44efce53b8 100644
--- a/installing/installing_azure/installing-azure-network-customizations.adoc
+++ b/installing/installing_azure/installing-azure-network-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-network-customizations"]
 = Installing a cluster on Azure with network customizations
 include::_attributes/common-attributes.adoc[]
@@ -22,7 +22,6 @@ cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials]. Manual mode can also be used in environments where the cloud IAM APIs are not reachable.
 * If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
@@ -33,14 +32,24 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-azure[Installation configuration parameters for Azure]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2]
+include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2]
+
 include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -62,10 +71,38 @@ For more information on using Linux and Windows nodes in the same cluster, see x
 
 * For more details about Accelerated Networking, see xref:../../machine_management/creating_machinesets/creating-machineset-azure.adoc#machineset-azure-accelerated-networking_creating-machineset-azure[Accelerated Networking for Microsoft Azure VMs].
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede manual cred (short and long) steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-azure-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_azure/installing-azure-network-customizations.adoc#manually-create-iam_installing-azure-network-customizations[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-with-short-term-creds_installing-azure-network-customizations[Configuring an Azure cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an Azure cluster to use short-term credentials
+[id="installing-azure-with-short-term-creds_{context}"]
+=== Configuring an Azure cluster to use short-term credentials
+
+To install a cluster that uses Azure AD Workload Identity, you must configure the Cloud Credential Operator utility and create the required Azure resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required Azure resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_azure/installing-azure-private.adoc b/installing/installing_azure/installing-azure-private.adoc
index 6e67fcf4d30a..9129418a0b30 100644
--- a/installing/installing_azure/installing-azure-private.adoc
+++ b/installing/installing_azure/installing-azure-private.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-private"]
 = Installing a private cluster on Azure
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,6 @@ In {product-title} version {product-version}, you can install a private cluster
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials].
 * If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
 
 include::modules/private-clusters-default.adoc[leveloffset=+1]
@@ -33,14 +32,24 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-azure[Installation configuration parameters for Azure]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2]
+include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2]
+
 include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -50,10 +59,45 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 * For more details about Accelerated Networking, see xref:../../machine_management/creating_machinesets/creating-machineset-azure.adoc#machineset-azure-accelerated-networking_creating-machineset-azure[Accelerated Networking for Microsoft Azure VMs].
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede manual cred (short and long) steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-azure-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_azure/installing-azure-private.adoc#manually-create-iam_installing-azure-private[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_azure/installing-azure-private.adoc#installing-azure-with-short-term-creds_installing-azure-private[Configuring an Azure cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an Azure cluster to use short-term credentials
+[id="installing-azure-with-short-term-creds_{context}"]
+=== Configuring an Azure cluster to use short-term credentials
+
+To install a cluster that uses Azure AD Workload Identity, you must configure the Cloud Credential Operator utility and create the required Azure resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required Azure resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installing-private-image-registry-private-azure.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For the list of permissions needed to create a private storage endpoint, see xref:../../installing/installing_azure/installing-azure-account.adoc#minimum-required-permissions-ipi-azure_installing-azure-account[Required Azure permissions for installer-provisioned infrastructure].
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_azure/installing-azure-three-node.adoc b/installing/installing_azure/installing-azure-three-node.adoc
index d7c5e24d8bc4..789860bd8a0a 100644
--- a/installing/installing_azure/installing-azure-three-node.adoc
+++ b/installing/installing_azure/installing-azure-three-node.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-three-node"]
 = Installing a three-node cluster on Azure
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_azure/installing-azure-user-infra.adoc b/installing/installing_azure/installing-azure-user-infra.adoc
index c54858c8f497..a94fafdedcb8 100644
--- a/installing/installing_azure/installing-azure-user-infra.adoc
+++ b/installing/installing_azure/installing-azure-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-user-infra"]
 = Installing a cluster on Azure using ARM templates
 include::_attributes/common-attributes.adoc[]
@@ -22,8 +22,8 @@ The steps for performing a user-provisioned infrastructure installation are prov
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster.
 * You downloaded the Azure CLI and installed it on your computer. See link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Install the Azure CLI] in the Azure documentation. The documentation below was last tested using version `2.38.0` of the Azure CLI. Azure CLI commands might perform differently based on the version you use.
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-manual-modes_installing-azure-customizations[Alternatives to storing administrator-level secrets in the kube-system project].
 * If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials].
 +
 [NOTE]
 ====
@@ -57,9 +57,15 @@ include::modules/installation-azure-increasing-limits.adoc[leveloffset=+2]
 
 include::modules/csr-management.adoc[leveloffset=+2]
 
-include::modules/installation-azure-permissions.adoc[leveloffset=+2]
+include::modules/installation-azure-subscription-tenant-id.adoc[leveloffset=+2]
+
+include::modules/installation-azure-identities.adoc[leveloffset=+2]
+
 include::modules/minimum-required-permissions-upi-azure.adoc[leveloffset=+2]
-include::modules/installation-azure-service-principal.adoc[leveloffset=+2]
+
+include::modules/installation-using-azure-managed-identities.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-service-principal.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
@@ -78,6 +84,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
 
diff --git a/installing/installing_azure/installing-azure-vnet.adoc b/installing/installing_azure/installing-azure-vnet.adoc
index 0cc586737a1e..922483b3ee5a 100644
--- a/installing/installing_azure/installing-azure-vnet.adoc
+++ b/installing/installing_azure/installing-azure-vnet.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-vnet"]
 = Installing a cluster on Azure into an existing VNet
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,6 @@ In {product-title} version {product-version}, you can install a cluster into an
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually create and maintain IAM credentials].
 * If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
 
 include::modules/installation-about-custom-azure-vnet.adoc[leveloffset=+1]
@@ -27,13 +26,23 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-azure[Installation configuration parameters for Azure]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
 
-include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2] 
+include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2]
+include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2]
 
 include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
 
@@ -44,11 +53,37 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 * For more details about Accelerated Networking, see xref:../../machine_management/creating_machinesets/creating-machineset-azure.adoc#machineset-azure-accelerated-networking_creating-machineset-azure[Accelerated Networking for Microsoft Azure VMs].
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede manual cred (short and long) steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+[id="installing-azure-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_azure/installing-azure-vnet.adoc#manually-create-iam_installing-azure-vnet[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-with-short-term-creds_installing-azure-vnet[Configuring an Azure cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an Azure cluster to use short-term credentials
+[id="installing-azure-with-short-term-creds_{context}"]
+=== Configuring an Azure cluster to use short-term credentials
+
+To install a cluster that uses Azure AD Workload Identity, you must configure the Cloud Credential Operator utility and create the required Azure resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required Azure resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
diff --git a/installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc b/installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
new file mode 100644
index 000000000000..712aefbec0df
--- /dev/null
+++ b/installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
@@ -0,0 +1,108 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-restricted-networks-azure-installer-provisioned"]
+= Installing a cluster on Azure in a restricted network
+include::_attributes/common-attributes.adoc[]
+:context: installing-restricted-networks-azure-installer-provisioned
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on Microsoft Azure in a restricted network by creating an internal mirror of the installation release content on an existing Azure Virtual Network (VNet).
+
+[IMPORTANT]
+====
+You can install an {product-title} cluster by using mirrored installation release content, but your cluster requires internet access to use the Azure APIs.
+====
+
+[id="prerequisites_installing-restricted-networks-azure-installer-provisioned"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster.
+* You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installation-about-mirror-registry_installing-mirroring-installation-images[mirrored the images for a disconnected installation] to your registry and obtained the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
+====
+* You have an existing VNet in Azure. While installing a cluster in a restricted network that uses installer-provisioned infrastructure, you cannot use the installer-provisioned VNet. You must use a user-provisioned VNet that satisfies one of the following requirements:
+** The VNet contains the mirror registry
+** The VNet has firewall rules or a peering connection to access the mirror registry hosted elsewhere
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-defined-routing.adoc[leveloffset=+2]
+
+include::modules/installation-about-custom-azure-vnet.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-initializing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-azure[Installation configuration parameters for Azure]
+
+include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2]
+include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2]
+
+include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede manual cred (short and long) steps, which require the use of `oc`
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+[id="installing-azure-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-azure-installer-provisioned[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc#installing-azure-with-short-term-creds_installing-restricted-networks-azure-installer-provisioned[Configuring an Azure cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring an Azure cluster to use short-term credentials
+[id="installing-azure-with-short-term-creds_{context}"]
+=== Configuring an Azure cluster to use short-term credentials
+
+To install a cluster that uses Azure AD Workload Identity, you must configure the Cloud Credential Operator utility and create the required Azure resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required Azure resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+== Next steps
+
+* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can
+xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
diff --git a/installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc b/installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
new file mode 100644
index 000000000000..429ec52e2321
--- /dev/null
+++ b/installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
@@ -0,0 +1,149 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-restricted-networks-azure-user-provisioned"]
+= Installing a cluster on Azure in a restricted network with user-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: installing-restricted-networks-azure-user-provisioned
+
+toc::[]
+
+In {product-title}, you can install a cluster on Microsoft Azure by using infrastructure that you provide.
+
+Several link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview[Azure Resource Manager] (ARM) templates are provided to assist in completing these steps or to help model your own.
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several ARM templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods.
+====
+
+.Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
+* You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installation-about-mirror-registry_installing-mirroring-installation-images[mirrored the images for a disconnected installation] to your registry and obtained the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you must use that computer to complete all installation steps.
+====
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you have xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[manually created long-term credentials].
+* If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+2]
+
+[id="installation-azure-restricted-user-infra-config-project"]
+== Configuring your Azure project
+
+Before you can install {product-title}, you must configure an Azure project to host it.
+
+[IMPORTANT]
+====
+All Azure resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation.
+====
+
+include::modules/installation-azure-limits.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
+include::modules/installation-azure-network-config.adoc[leveloffset=+2]
+
+You can view Azure's DNS solution by visiting this xref:installation-azure-create-dns-zones_{context}[example for creating DNS zones].
+
+include::modules/installation-azure-increasing-limits.adoc[leveloffset=+2]
+
+include::modules/csr-management.adoc[leveloffset=+2]
+
+include::modules/installation-azure-permissions.adoc[leveloffset=+2]
+
+include::modules/minimum-required-permissions-upi-azure.adoc[leveloffset=+2]
+
+include::modules/installation-azure-service-principal.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about CCO modes, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator-modes[About the Cloud Credential Operator].
+
+include::modules/installation-azure-regions.adoc[leveloffset=+2]
+
+[id="installation-requirements-azure-user-infra_{context}"]
+== Requirements for a cluster with user-provisioned infrastructure
+
+For a cluster that contains user-provisioned infrastructure, you must deploy all
+of the required machines.
+
+This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.
+
+include::modules/installation-machine-requirements.adoc[leveloffset=+2]
+
+include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-marketplace-subscribe.adoc[leveloffset=+1]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+2]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+2]
+
+include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
+include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
+include::modules/installation-initializing.adoc[leveloffset=+2]
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+include::modules/installation-user-infra-exporting-common-variables-arm-templates.adoc[leveloffset=+2]
+include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2]
+
+include::modules/installation-azure-create-resource-group-and-identity.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=+1]
+
+include::modules/installation-azure-create-dns-zones.adoc[leveloffset=+1]
+
+You can learn more about xref:installation-azure-network-config_{context}[configuring a public DNS zone in Azure] by visiting that section.
+
+include::modules/installation-creating-azure-vnet.adoc[leveloffset=+1]
+include::modules/installation-arm-vnet.adoc[leveloffset=+2]
+
+include::modules/installation-azure-user-infra-deploying-rhcos.adoc[leveloffset=+1]
+include::modules/installation-arm-image-storage.adoc[leveloffset=+2]
+
+include::modules/installation-network-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-creating-azure-dns.adoc[leveloffset=+1]
+include::modules/installation-arm-dns.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-bootstrap.adoc[leveloffset=+1]
+include::modules/installation-arm-bootstrap.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-control-plane.adoc[leveloffset=+1]
+include::modules/installation-arm-control-plane.adoc[leveloffset=+2]
+
+include::modules/installation-azure-user-infra-wait-for-bootstrap.adoc[leveloffset=+1]
+
+include::modules/installation-creating-azure-worker.adoc[leveloffset=+1]
+include::modules/installation-arm-worker.adoc[leveloffset=+2]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-azure-create-ingress-dns-records.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-completing.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
diff --git a/installing/installing_azure/preparing-to-install-on-azure.adoc b/installing/installing_azure/preparing-to-install-on-azure.adoc
index 0fdcaa209b57..15acfc717bd5 100644
--- a/installing/installing_azure/preparing-to-install-on-azure.adoc
+++ b/installing/installing_azure/preparing-to-install-on-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-azure"]
 = Preparing to install on Azure
 include::_attributes/common-attributes.adoc[]
@@ -17,7 +17,7 @@ toc::[]
 
 Before installing {product-title} on Microsoft Azure, you must configure an Azure account. See xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[Configuring an Azure account] for details about account configuration, account limits, public DNS zone configuration, required roles, creating service principals, and supported Azure regions.
 
-If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure] for other options.
+If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-manual-modes_installing-azure-customizations[Alternatives to storing administrator-level secrets in the kube-system project] for other options.
 
 [id="choosing-an-method-to-install-ocp-on-azure"]
 == Choosing a method to install {product-title} on Azure
@@ -33,7 +33,7 @@ You can install a cluster on Azure infrastructure that is provisioned by the {pr
 
 * **xref:../../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Installing a cluster quickly on Azure]**: You can install {product-title} on Azure infrastructure that is provisioned by the {product-title} installation program. You can install a cluster quickly by using the default configuration options.
 
-* **xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Installing a customized cluster on Azure]**: You can install a customized cluster on Azure infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation]. 
+* **xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Installing a customized cluster on Azure]**: You can install a customized cluster on Azure infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
 
 * **xref:../../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[Installing a cluster on Azure with network customizations]**: You can customize your {product-title} network configuration during installation, so that your cluster can coexist with your existing IP address allocations and adhere to your network requirements.
 
diff --git a/installing/installing_azure/uninstalling-cluster-azure.adoc b/installing/installing_azure/uninstalling-cluster-azure.adoc
index 2b0264be291c..0caf49b94fca 100644
--- a/installing/installing_azure/uninstalling-cluster-azure.adoc
+++ b/installing/installing_azure/uninstalling-cluster-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-azure"]
 = Uninstalling a cluster on Azure
 include::_attributes/common-attributes.adoc[]
@@ -9,3 +9,5 @@ toc::[]
 You can remove a cluster that you deployed to Microsoft Azure.
 
 include::modules/installation-uninstall-clouds.adoc[leveloffset=+1]
+
+include::modules/cco-ccoctl-deleting-sts-resources.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc b/installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc
new file mode 100644
index 000000000000..ba7f42d9f6ea
--- /dev/null
+++ b/installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-ash"]
+= Installation configuration parameters for Azure Stack Hub
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-ash
+:platform: Azure Stack Hub
+
+toc::[]
+
+Before you deploy an {product-title} cluster on Azure Stack Hub, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc b/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
index 222d71807560..3b6333023ec7 100644
--- a/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
+++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-stack-hub-account"]
 = Configuring an Azure Stack Hub account
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc b/installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
index 299e756de4d7..cee27a3c7559 100644
--- a/installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
+++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-stack-hub-default"]
 = Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
@@ -31,7 +31,11 @@ include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc#installation-config-parameters-ash[Installation configuration parameters for Azure Stack Hub]
+
 include::modules/installation-azure-stack-hub-config-yaml.adoc[leveloffset=+2]
 
 include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
@@ -39,7 +43,7 @@ include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="additional-resources_installing-azure-stack-hub-default-cco"]
 .Additional resources
-* xref:../../updating/preparing-manual-creds-update.adoc#manually-maintained-credentials-upgrade_preparing-manual-creds-update[Updating cloud provider resources with manually maintained credentials]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#manually-maintained-credentials-upgrade_preparing-manual-creds-update[Updating cloud provider resources with manually maintained credentials]
 
 include::modules/azure-stack-hub-internal-ca.adoc[leveloffset=+1]
 
@@ -69,4 +73,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc b/installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
index 393738d4fb93..559ede047a71 100644
--- a/installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
+++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
@@ -30,7 +30,11 @@ include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc#installation-config-parameters-ash[Installation configuration parameters for Azure Stack Hub]
+
 include::modules/installation-azure-stack-hub-config-yaml.adoc[leveloffset=+2]
 
 include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
@@ -85,4 +89,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
diff --git a/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc b/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
index f96cdaca9dee..ce0182888284 100644
--- a/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-azure-stack-hub-user-infra"]
 = Installing a cluster on Azure Stack Hub using ARM templates
 include::_attributes/common-attributes.adoc[]
@@ -68,11 +68,23 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
 include::modules/installation-initializing-manual.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc#installation-config-parameters-ash[Installation configuration parameters for Azure Stack Hub]
+
 include::modules/installation-azure-stack-hub-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 include::modules/installation-user-infra-exporting-common-variables-arm-templates.adoc[leveloffset=+2]
+
+// Creating the Kubernetes manifest and Ignition config files
 include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#manually-create-iam_installing-azure-stack-hub-default[Manually manage cloud credentials]
+
 include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
 
 include::modules/installation-azure-create-resource-group-and-identity.adoc[leveloffset=+1]
diff --git a/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc b/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc
index 9beb6096fff2..71e0e9d4ca3a 100644
--- a/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc
+++ b/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="manually-creating-iam-azure-stack-hub"]
 = Manually creating IAM for Azure Stack Hub
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc b/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc
index 2ca66634c32b..b837665289fb 100644
--- a/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc
+++ b/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-azure-stack-hub"]
 = Preparing to install on Azure Stack Hub
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_azure_stack_hub/uninstalling-cluster-azure-stack-hub.adoc b/installing/installing_azure_stack_hub/uninstalling-cluster-azure-stack-hub.adoc
index 72ede5bd654f..123c970700cc 100644
--- a/installing/installing_azure_stack_hub/uninstalling-cluster-azure-stack-hub.adoc
+++ b/installing/installing_azure_stack_hub/uninstalling-cluster-azure-stack-hub.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-azure-stack-hub"]
 = Uninstalling a cluster on Azure Stack Hub
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc b/installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc
new file mode 100644
index 000000000000..1b774dda1643
--- /dev/null
+++ b/installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-bare-metal"]
+= Installation configuration parameters for bare metal
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-bare-metal
+:platform: bare metal
+
+toc::[]
+
+Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc b/installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
index 5ba1910e9cb2..ab4a01b0f6da 100644
--- a/installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
+++ b/installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-bare-metal-network-customizations"]
 = Installing a user-provisioned bare metal cluster with network customizations
 include::_attributes/common-attributes.adoc[]
@@ -38,6 +38,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/csr-management.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -64,22 +70,22 @@ include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-requirements-user-infra_installing-bare-metal[Requirements for a cluster with user-provisioned infrastructure]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#creating-machines-bare-metal_installing-bare-metal[Installing {op-system} and starting the {product-title} bootstrap process]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-host-names-dhcp-user-infra_installing-bare-metal[Setting the cluster node hostnames through DHCP]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-user-infra-machines-advanced_installing-bare-metal[Advanced RHCOS installation configuration]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-network-user-infra_installing-bare-metal[Networking requirements for user-provisioned infrastructure]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-dns-user-infra_installing-bare-metal[User-provisioned DNS requirements]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-user-provisioned-validating-dns_installing-bare-metal[Validating DNS resolution for user-provisioned infrastructure]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-requirements-user-infra_installing-bare-metal-network-customizations[Requirements for a cluster with user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#creating-machines-bare-metal_installing-bare-metal-network-customizations[Installing {op-system} and starting the {product-title} bootstrap process]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-host-names-dhcp-user-infra_installing-bare-metal-network-customizations[Setting the cluster node hostnames through DHCP]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-user-infra-machines-advanced_installing-bare-metal-network-customizations[Advanced RHCOS installation configuration]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-network-user-infra_installing-bare-metal-network-customizations[Networking requirements for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-dns-user-infra_installing-bare-metal-network-customizations[User-provisioned DNS requirements]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-user-provisioned-validating-dns_installing-bare-metal-network-customizations[Validating DNS resolution for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-load-balancing-user-infra_installing-bare-metal-network-customizations[Load balancing requirements for user-provisioned infrastructure]
 
 include::modules/installation-user-provisioned-validating-dns.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-dns-user-infra_installing-bare-metal[User-provisioned DNS requirements]
-* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-dns-user-infra_installing-bare-metal-network-customizations[User-provisioned DNS requirements]
+* xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-load-balancing-user-infra_installing-bare-metal-network-customizations[Load balancing requirements for user-provisioned infrastructure]
 
 include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
@@ -94,14 +100,16 @@ include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc#installation-config-parameters-bare-metal[Installation configuration parameters for bare metal]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-* See xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure] for more information on the API and application ingress load balancing requirements.
+* See xref:../../installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc#installation-load-balancing-user-infra_installing-bare-metal-network-customizations[Load balancing requirements for user-provisioned infrastructure] for more information on the API and application ingress load balancing requirements.
 
 // Network Operator specific configuration
 include::modules/nw-network-config.adoc[leveloffset=+1]
diff --git a/installing/installing_bare_metal/installing-bare-metal.adoc b/installing/installing_bare_metal/installing-bare-metal.adoc
index bc2b6acc29eb..eea9ad3feab5 100644
--- a/installing/installing_bare_metal/installing-bare-metal.adoc
+++ b/installing/installing_bare_metal/installing-bare-metal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-bare-metal"]
 = Installing a user-provisioned cluster on bare metal
 include::_attributes/common-attributes.adoc[]
@@ -46,6 +46,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/csr-management.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -54,6 +60,16 @@ include::modules/csr-management.adoc[leveloffset=+2]
 * See xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installation-three-node-cluster_installing-bare-metal[Configuring a three-node cluster] for details about deploying three-node clusters in bare metal environments.
 * See xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installation-approve-csrs_installing-bare-metal[Approving the certificate signing requests for your machines] for more information about approving cluster certificate signing requests after installation.
 
+[id="installation-requirements-baremetal-vsphere_{context}"]
+== Requirements for baremetal clusters on vSphere
+
+Ensure you enable the `disk.EnableUUID` parameter on all virtual machines in your cluster.
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installation-vsphere-machines_installing-vsphere[Installing RHCOS and starting the OpenShift Container Platform bootstrap process] for details on setting the `disk.EnableUUID` parameter's value to `TRUE` on VMware vSphere for user-provisioned infrastructure.
+
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -105,7 +121,9 @@ include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc#installation-config-parameters-bare-metal[Installation configuration parameters for bare metal]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
@@ -114,7 +132,7 @@ include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
 * See xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure] for more information on the API and application ingress load balancing requirements.
 * See xref:../../post_installation_configuration/enabling-cluster-capabilities.adoc[Enabling cluster capabilities] for more information on enabling cluster capabilities that were disabled prior to installation.
-* See xref:../../installing/cluster-capabilities.html#explanation_of_capabilities_cluster-capabilities[Optional cluster capabilities in {product-title} {product-version}] for more information about the features provided by each capability.
+* See xref:../../installing/cluster-capabilities.adoc#explanation_of_capabilities_cluster-capabilities[Optional cluster capabilities in {product-title} {product-version}] for more information about the features provided by each capability.
 
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc b/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
index 6887619c59b3..dc39abca66f2 100644
--- a/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
+++ b/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-bare-metal"]
 = Installing a user-provisioned bare metal cluster on a restricted network
 include::_attributes/common-attributes.adoc[]
@@ -50,13 +50,19 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/csr-management.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-three-node-cluster_installing-restricted-networks-bare-metal[Configuring a three-node cluster] for details about deploying three-node clusters in bare metal environments.
-* See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-approve-csrs_installing-bare-metal[Approving the certificate signing requests for your machines] for more information about approving cluster certificate signing requests after installation.
+* See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-approve-csrs_installing-restricted-networks-bare-metal[Approving the certificate signing requests for your machines] for more information about approving cluster certificate signing requests after installation.
 
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]
 
@@ -70,7 +76,7 @@ include::modules/installation-dns-user-infra.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-user-provisioned-validating-dns_installing-bare-metal[Validating DNS resolution for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-user-provisioned-validating-dns_installing-restricted-networks-bare-metal[Validating DNS resolution for user-provisioned infrastructure]
 
 include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
 
@@ -79,22 +85,22 @@ include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-requirements-user-infra_installing-bare-metal[Requirements for a cluster with user-provisioned infrastructure]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#creating-machines-bare-metal_installing-bare-metal[Installing {op-system} and starting the {product-title} bootstrap process]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-host-names-dhcp-user-infra_installing-bare-metal[Setting the cluster node hostnames through DHCP]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-user-infra-machines-advanced_installing-bare-metal[Advanced RHCOS installation configuration]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-network-user-infra_installing-bare-metal[Networking requirements for user-provisioned infrastructure]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-dns-user-infra_installing-bare-metal[User-provisioned DNS requirements]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-user-provisioned-validating-dns_installing-bare-metal[Validating DNS resolution for user-provisioned infrastructure]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-requirements-user-infra_installing-restricted-networks-bare-metal[Requirements for a cluster with user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#creating-machines-bare-metal_installing-restricted-networks-bare-metal[Installing {op-system} and starting the {product-title} bootstrap process]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-host-names-dhcp-user-infra_installing-restricted-networks-bare-metal[Setting the cluster node hostnames through DHCP]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-user-infra-machines-advanced_installing-restricted-networks-bare-metal[Advanced RHCOS installation configuration]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-network-user-infra_installing-restricted-networks-bare-metal[Networking requirements for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-dns-user-infra_installing-restricted-networks-bare-metal[User-provisioned DNS requirements]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-user-provisioned-validating-dns_installing-restricted-networks-bare-metal[Validating DNS resolution for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-load-balancing-user-infra_installing-restricted-networks-bare-metal[Load balancing requirements for user-provisioned infrastructure]
 
 include::modules/installation-user-provisioned-validating-dns.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-dns-user-infra_installing-bare-metal[User-provisioned DNS requirements]
-* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-dns-user-infra_installing-restricted-networks-bare-metal[User-provisioned DNS requirements]
+* xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-load-balancing-user-infra_installing-restricted-networks-bare-metal[Load balancing requirements for user-provisioned infrastructure]
 
 include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
@@ -109,14 +115,16 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc#installation-config-parameters-bare-metal[Installation configuration parameters for bare metal]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-* See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-load-balancing-user-infra_installing-bare-metal[Load balancing requirements for user-provisioned infrastructure] for more information on the API and application ingress load balancing requirements.
+* See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-load-balancing-user-infra_installing-restricted-networks-bare-metal[Load balancing requirements for user-provisioned infrastructure] for more information on the API and application ingress load balancing requirements.
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
@@ -224,3 +232,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc b/installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc
index f828cc638052..5a2895980cff 100644
--- a/installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc
+++ b/installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-bare-metal"]
 = Preparing for bare metal cluster installation
 include::_attributes/common-attributes.adoc[]
@@ -20,7 +20,7 @@ include::modules/virt-planning-bare-metal-cluster-for-ocp-virt.adoc[leveloffset=
 * xref:../../virt/getting_started/virt-getting-started.adoc#virt-getting-started[Getting started with {VirtProductName}]
 * xref:../../virt/install/preparing-cluster-for-virt.adoc#preparing-cluster-for-virt[Preparing your cluster for {VirtProductName}]
 * xref:../../networking/hardware_networks/about-sriov.adoc#about-sriov[About Single Root I/O Virtualization (SR-IOV) hardware networks]
-* xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc#virt-attaching-vm-to-sriov-network[Connecting a virtual machine to an SR-IOV network]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-connecting-vm-to-sriov[Connecting a virtual machine to an SR-IOV network]
 
 include::modules/nw-sriov-dual-nic-con.adoc[leveloffset=+1]
 
@@ -38,7 +38,7 @@ include::modules/nw-sriov-dual-nic-con.adoc[leveloffset=+1]
 
 The {product-title} installation program offers four methods for deploying a cluster:
 
-* *Interactive*: You can deploy a cluster with the web-based link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[{ai-full}]. This is the recommended approach for clusters with networks connected to the internet. The {ai-full} is the easiest way to install {product-title}, it provides smart defaults, and it performs pre-flight validations before installing the cluster. It also provides a RESTful API for automation and advanced configuration scenarios.
+* *Interactive*: You can deploy a cluster with the web-based link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}]. This is the recommended approach for clusters with networks connected to the internet. The {ai-full} is the easiest way to install {product-title}, it provides smart defaults, and it performs pre-flight validations before installing the cluster. It also provides a RESTful API for automation and advanced configuration scenarios.
 
 * *Local Agent-based*: You can deploy a cluster locally with the xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#preparing-to-install-with-agent-based-installer[agent-based installer] for air-gapped or restricted networks. It provides many of the benefits of the {ai-full}, but you must download and configure the link:https://console.redhat.com/openshift/install/metal/agent-based[agent-based installer] first. Configuration is done with a commandline interface. This approach is ideal for air-gapped or restricted networks.
 
diff --git a/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc b/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
index 907fdb418584..e97960b49dcc 100644
--- a/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
+++ b/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="scaling-a-user-provisioned-cluster-with-the-bare-metal-operator"]
 = Scaling a user-provisioned cluster with the Bare Metal Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc b/installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc
index 7d9217fd1f34..34e0a60aaaea 100644
--- a/installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc
+++ b/installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ipi-install-expanding-the-cluster"]
 = Expanding the cluster
 include::_attributes/common-attributes.adoc[]
@@ -32,7 +32,7 @@ include::modules/ipi-install-replacing-a-bare-metal-control-plane-node.adoc[leve
 
 * xref:../../post_installation_configuration/bare-metal-configuration.adoc#post-install-bare-metal-configuration[Bare metal configuration]
 
-* xref:../installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#bmc-addressing_ipi-install-installation-workflow[BMC addressing]
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#bmc-addressing_ipi-install-installation-workflow[BMC addressing]
 
 include::modules/ipi-install-preparing-to-deploy-with-virtual-media-on-the-baremetal-network.adoc[leveloffset=+1]
 
diff --git a/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc b/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
index 8ad6e40b0335..baea1ef17219 100644
--- a/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
+++ b/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ipi-install-installation-workflow"]
 = Setting up the environment for an OpenShift installation
 include::_attributes/common-attributes.adoc[]
@@ -10,8 +10,19 @@ include::modules/ipi-install-installing-rhel-on-the-provisioner-node.adoc[levelo
 
 include::modules/ipi-install-preparing-the-provisioner-node-for-openshift-install.adoc[leveloffset=+1]
 
+include::modules/ipi-install-checking-ntp-sync.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#configuring-ntp-for-disconnected-clusters_ipi-install-installation-workflow[Optional: Configuring NTP for disconnected clusters]
+
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc#network-requirements-ntp_ipi-install-prerequisites[Network Time Protocol (NTP)]
+
 include::modules/ipi-install-configuring-networking.adoc[leveloffset=+1]
 
+include::modules/ipi-install-establishing-communication-between-subnets.adoc[leveloffset=+1]
+
 include::modules/ipi-install-retrieving-the-openshift-installer.adoc[leveloffset=+1]
 
 include::modules/ipi-install-extracting-the-openshift-installer.adoc[leveloffset=+1]
@@ -44,6 +55,10 @@ include::modules/ipi-install-modifying-install-config-for-dual-stack-network.ado
 
 include::modules/ipi-install-configuring-host-network-interfaces-in-the-install-config.yaml-file.adoc[leveloffset=+2]
 
+include::modules/ipi-install-configuring-host-network-interfaces-for-subnets.adoc[leveloffset=+2]
+
+include::modules/ipi-install-modifying-install-config-for-slaac-dual-stack-network.adoc[leveloffset=+2]
+
 include::modules/ipi-install-configuring-host-dual-network-interfaces-in-the-install-config.yaml-file.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -114,4 +129,4 @@ include::modules/ipi-preparing-reinstall-cluster-bare-metal.adoc[leveloffset=+1]
 [id="additional-resources_creating_manifest_ignition"]
 == Additional resources
 * xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installation-user-infra-generate-k8s-manifest-ignition_installing-bare-metal[{product-title} Creating the Kubernetes manifest and Ignition config files]
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
diff --git a/installing/installing_bare_metal_ipi/ipi-install-overview.adoc b/installing/installing_bare_metal_ipi/ipi-install-overview.adoc
index 734d0349e999..1fbb1ae5e679 100644
--- a/installing/installing_bare_metal_ipi/ipi-install-overview.adoc
+++ b/installing/installing_bare_metal_ipi/ipi-install-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ipi-install-overview"]
 = Overview
 include::_attributes/common-attributes.adoc[]
@@ -6,23 +6,28 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Installer-provisioned installation on bare metal nodes deploys and configures the infrastructure that a {product-title} cluster runs on. This guide provides a methodology to achieving a successful installer-provisioned bare-metal installation. The following diagram illustrates the installation environment in phase 1 of deployment:
+Installer-provisioned installation on bare metal nodes deploys and configures the infrastructure that an {product-title} cluster runs on. This guide provides a methodology to achieving a successful installer-provisioned bare-metal installation. The following diagram illustrates the installation environment in phase 1 of deployment:
 
 image::210_OpenShift_Baremetal_IPI_Deployment_updates_0122_1.png[Deployment phase one]
 
 For the installation, the key elements in the previous diagram are:
 
-- **Provisioner**: A physical machine that runs the installation program and hosts the bootstrap VM that deploys the controller of a new {product-title} cluster.
+- **Provisioner**: A physical machine that runs the installation program and hosts the bootstrap VM that deploys the control plane of a new {product-title} cluster.
 - **Bootstrap VM**: A virtual machine used in the process of deploying an {product-title} cluster.
 - **Network bridges**: The bootstrap VM connects to the bare metal network and to the provisioning network, if present, via network bridges, `eno1` and `eno2`.
+- **API VIP**: An API virtual IP address (VIP) is used to provide failover of the API server across the control plane nodes. The API VIP first resides on the bootstrap VM. A script generates the `keepalived.conf` configuration file before launching the service. The VIP moves to one of the control plane nodes after the bootstrap process has completed and the bootstrap VM stops.
 
-In phase 2 of the deployment, the provisioner destroys the bootstrap VM automatically and moves the virtual IP addresses (VIPs) to the appropriate nodes. The API VIP moves to the control plane nodes and the Ingress VIP moves to the worker nodes.
+In phase 2 of the deployment, the provisioner destroys the bootstrap VM automatically and moves the virtual IP addresses (VIPs) to the appropriate nodes.
+
+The `keepalived.conf` file sets the control plane machines with a lower Virtual Router Redundancy Protocol (VRRP) priority than the bootstrap VM, which ensures that the API on the control plane machines is fully functional before the API VIP moves from the bootstrap VM to the control plane. Once the API VIP moves to one of the control plane nodes, traffic sent from external clients to the API VIP routes to an `haproxy` load balancer running on that control plane node. This instance of `haproxy` load balances the API VIP traffic across the control plane nodes.
+
+The Ingress VIP moves to the worker nodes. The `keepalived` instance also manages the Ingress VIP.
 
 The following diagram illustrates phase 2 of deployment:
 
 image::210_OpenShift_Baremetal_IPI_Deployment_updates_0122_2.png[Deployment phase two]
 
-After this point, the node used by the provisioner can be removed or repurposed. From here, all additional provisioning tasks are carried out by controllers.
+After this point, the node used by the provisioner can be removed or repurposed. From here, all additional provisioning tasks are carried out by the control plane.
 
 [IMPORTANT]
 ====
diff --git a/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc b/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
index ae35096b1bfe..41280e549172 100644
--- a/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
+++ b/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
@@ -1,15 +1,15 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ipi-install-post-installation-configuration"]
-= Installer-provisioned post-installation configuration
+= Installer-provisioned postinstallation configuration
 include::_attributes/common-attributes.adoc[]
 :context: ipi-install-post-installation-configuration
 
 toc::[]
 
-After successfully deploying an installer-provisioned cluster, consider the following post-installation procedures.
+After successfully deploying an installer-provisioned cluster, consider the following postinstallation procedures.
 
 include::modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc[leveloffset=+1]
 
 include::modules/nw-enabling-a-provisioning-network-after-installation.adoc[leveloffset=+1]
 
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
\ No newline at end of file
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
diff --git a/installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc b/installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
index 1c4c9c5a7a85..b06b5f1f49d2 100644
--- a/installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
+++ b/installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ipi-install-prerequisites"]
 = Prerequisites
 include::_attributes/common-attributes.adoc[]
@@ -9,7 +9,7 @@ toc::[]
 Installer-provisioned installation of {product-title} requires:
 
 ifdef::openshift-origin[. One provisioner node with {op-system-first} installed. The provisioner can be removed after installation.]
-ifndef::openshift-origin[. One provisioner node with {op-system-base-full} 8.x installed. The provisioner can be removed after installation.]
+ifndef::openshift-origin[. One provisioner node with {op-system-base-full} {op-system-version} installed. The provisioner can be removed after installation.]
 . Three control plane nodes
 . Baseboard management controller (BMC) access to each node
 . At least one network:
@@ -28,7 +28,7 @@ include::modules/virt-planning-bare-metal-cluster-for-ocp-virt.adoc[leveloffset=
 
 * xref:../../virt/install/preparing-cluster-for-virt.adoc#preparing-cluster-for-virt[Preparing your cluster for {VirtProductName}]
 * xref:../../networking/hardware_networks/about-sriov.adoc#about-sriov[About Single Root I/O Virtualization (SR-IOV) hardware networks]
-* xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc#virt-attaching-vm-to-sriov-network[Connecting a virtual machine to an SR-IOV network]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-connecting-vm-to-sriov[Connecting a virtual machine to an SR-IOV network]
 
 include::modules/ipi-install-firmware-requirements-for-installing-with-virtual-media.adoc[leveloffset=+1]
 
diff --git a/installing/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc b/installing/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
index 7f5548f1e1b7..0eb9be4df699 100644
--- a/installing/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
+++ b/installing/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ipi-install-troubleshooting"]
 = Troubleshooting
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_gcp/installation-config-parameters-gcp.adoc b/installing/installing_gcp/installation-config-parameters-gcp.adoc
new file mode 100644
index 000000000000..ecd4e7a38a09
--- /dev/null
+++ b/installing/installing_gcp/installation-config-parameters-gcp.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-gcp"]
+= Installation configuration parameters for GCP
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-gcp
+:platform: GCP
+
+toc::[]
+
+Before you deploy an {product-title} cluster on Google Cloud Platform (GCP), you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_gcp/installing-gcp-account.adoc b/installing/installing_gcp/installing-gcp-account.adoc
index d8344c97ab56..1e8ea5808cbb 100644
--- a/installing/installing_gcp/installing-gcp-account.adoc
+++ b/installing/installing_gcp/installing-gcp-account.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-account"]
 = Configuring a GCP project
 include::_attributes/common-attributes.adoc[]
@@ -19,11 +19,6 @@ include::modules/installation-gcp-limits.adoc[leveloffset=+1]
 
 include::modules/installation-gcp-service-account.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-create-iam_manually-creating-iam-gcp[Manually creating IAM] for more details about using manual credentials mode.
-
 include::modules/installation-gcp-permissions.adoc[leveloffset=+2]
 
 include::modules/minimum-required-permissions-ipi-gcp.adoc[leveloffset=+2]
diff --git a/installing/installing_gcp/installing-gcp-customizations.adoc b/installing/installing_gcp/installing-gcp-customizations.adoc
index 782a9759fb8e..640eba6bf03f 100644
--- a/installing/installing_gcp/installing-gcp-customizations.adoc
+++ b/installing/installing_gcp/installing-gcp-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-customizations"]
 = Installing a cluster on GCP with customizations
 include::_attributes/common-attributes.adoc[]
@@ -18,7 +18,6 @@ parameters in the `install-config.yaml` file before you install the cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a GCP project] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -28,12 +27,21 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-tested-machine-types-arm.adoc[leveloffset=+2]
+
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
@@ -49,12 +57,48 @@ include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-gcp-marketplace.adoc[leveloffset=+1]
+include::modules/installing-gcp-user-defined-labels-and-tags.adoc[leveloffset=+1]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+//Configuring user-defined labels and tags for GCP
+include::modules/installing-gcp-cluster-creation.adoc[leveloffset=+2]
 
+//Querying user-defined labels and tags for GCP
+include::modules/installing-gcp-querying-labels-tags-gcp.adoc[leveloffset=+2]
+
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-gcp-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-customizations[Configuring a GCP cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring a GCP cluster to use short-term credentials
+[id="installing-gcp-with-short-term-creds_{context}"]
+=== Configuring a GCP cluster to use short-term credentials
+
+To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required GCP resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-gcp-marketplace.adoc[leveloffset=+1]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_gcp/installing-gcp-default.adoc b/installing/installing_gcp/installing-gcp-default.adoc
index ba1b623354c8..4c0a03e5f20f 100644
--- a/installing/installing_gcp/installing-gcp-default.adoc
+++ b/installing/installing_gcp/installing-gcp-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-default"]
 = Installing a cluster quickly on GCP
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,6 @@ Google Cloud Platform (GCP) that uses the default configuration options.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a GCP project] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
diff --git a/installing/installing_gcp/installing-gcp-network-customizations.adoc b/installing/installing_gcp/installing-gcp-network-customizations.adoc
index 6b01f8625928..77d58b5671ad 100644
--- a/installing/installing_gcp/installing-gcp-network-customizations.adoc
+++ b/installing/installing_gcp/installing-gcp-network-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-network-customizations"]
 = Installing a cluster on GCP with network customizations
 include::_attributes/common-attributes.adoc[]
@@ -24,7 +24,6 @@ cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a GCP project] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -34,12 +33,21 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-tested-machine-types-arm.adoc[leveloffset=+2]
+
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
@@ -55,6 +63,36 @@ include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+[id="installing-gcp-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-network-customizations.adoc#manually-create-iam_installing-gcp-network-customizations[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-network-customizations[Configuring a GCP cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring a GCP cluster to use short-term credentials
+[id="installing-gcp-with-short-term-creds_{context}"]
+=== Configuring a GCP cluster to use short-term credentials
+
+To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required GCP resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
 // Network Operator specific configuration
 include::modules/nw-network-config.adoc[leveloffset=+1]
 include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
@@ -62,8 +100,6 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_gcp/installing-gcp-private.adoc b/installing/installing_gcp/installing-gcp-private.adoc
index 9620370b0bdb..5edf9bb23e2e 100644
--- a/installing/installing_gcp/installing-gcp-private.adoc
+++ b/installing/installing_gcp/installing-gcp-private.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-private"]
 = Installing a private cluster on GCP
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,6 @@ parameters in the `install-config.yaml` file before you install the cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a GCP project] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 
 include::modules/private-clusters-default.adoc[leveloffset=+1]
 
@@ -31,12 +30,21 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-tested-machine-types-arm.adoc[leveloffset=+2]
+
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
@@ -55,10 +63,38 @@ include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-gcp-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-private.adoc#manually-create-iam_installing-gcp-private[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-with-short-term-creds_installing-gcp-private[Configuring a GCP cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring a GCP cluster to use short-term credentials
+[id="installing-gcp-with-short-term-creds_{context}"]
+=== Configuring a GCP cluster to use short-term credentials
+
+To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required GCP resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_gcp/installing-gcp-shared-vpc.adoc b/installing/installing_gcp/installing-gcp-shared-vpc.adoc
index a05b11fb1b5f..7868edffabd6 100644
--- a/installing/installing_gcp/installing-gcp-shared-vpc.adoc
+++ b/installing/installing_gcp/installing-gcp-shared-vpc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-shared-vpc"]
 = Installing a cluster on GCP into a shared VPC
 include::_attributes/common-attributes.adoc[]
@@ -7,7 +7,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a cluster into a shared Virtual Private Cloud (VPC) on Google Cloud Platform (GCP). In this installation method, the cluster is configured to use a VPC from a different GCP project. A shared VPC enables an organization to connect resources from multiple projects to a common VPC network. You can communicate within the organization securely and efficiently by using internal IP addresses from that network. For more information about shared VPC, see link:https://cloud.google.com/vpc/docs/shared-vpc[Shared VPC overview in the GCP documentation]. 
+In {product-title} version {product-version}, you can install a cluster into a shared Virtual Private Cloud (VPC) on Google Cloud Platform (GCP). In this installation method, the cluster is configured to use a VPC from a different GCP project. A shared VPC enables an organization to connect resources from multiple projects to a common VPC network. You can communicate within the organization securely and efficiently by using internal IP addresses from that network. For more information about shared VPC, see link:https://cloud.google.com/vpc/docs/shared-vpc[Shared VPC overview in the GCP documentation].
 
 The installation program provisions the rest of the required infrastructure, which you can further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
@@ -17,7 +17,6 @@ The installation program provisions the rest of the required infrastructure, whi
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 * You have a GCP host project which contains a shared VPC network.
 * You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a GCP project] to host the cluster. This project, known as the service project, must be attached to the host project. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#create-shared[Attaching service projects in the GCP documentation].
 * You have a GCP service account that has the xref:../../installing/installing_gcp/installing-gcp-account.adoc#minimum-required-permissions-ipi-gcp-xpn[required GCP permissions] in both the host and service projects.
@@ -32,20 +31,50 @@ include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
+
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-shared-vpc-config.adoc[leveloffset=+2]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
-
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-gcp-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-shared-vpc.adoc#manually-create-iam_installing-gcp-shared-vpc[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-shared-vpc.adoc#installing-gcp-with-short-term-creds_installing-gcp-shared-vpc[Configuring a GCP cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring a GCP cluster to use short-term credentials
+[id="installing-gcp-with-short-term-creds_{context}"]
+=== Configuring a GCP cluster to use short-term credentials
+
+To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required GCP resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -65,4 +94,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
\ No newline at end of file
+xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
diff --git a/installing/installing_gcp/installing-gcp-three-node.adoc b/installing/installing_gcp/installing-gcp-three-node.adoc
index 63d7298e7ed6..aa7c4dfc3535 100644
--- a/installing/installing_gcp/installing-gcp-three-node.adoc
+++ b/installing/installing_gcp/installing-gcp-three-node.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-three-node"]
 = Installing a three-node cluster on GCP
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_gcp/installing-gcp-user-infra-vpc.adoc b/installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
index 97fadb727e5c..d09b03b8f5a4 100644
--- a/installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
+++ b/installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-user-infra-vpc"]
 = Installing a cluster into a shared VPC on GCP using Deployment Manager templates
 include::_attributes/common-attributes.adoc[]
@@ -25,7 +25,7 @@ The steps for performing a user-provisioned infrastructure installation are prov
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[manually create and maintain long-term credentials].
 +
 [NOTE]
 ====
@@ -60,6 +60,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
@@ -71,6 +77,11 @@ include::modules/installation-deployment-manager-vpc.adoc[leveloffset=+3]
 include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
+
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 include::modules/installation-gcp-user-infra-shared-vpc-config-yaml.adoc[leveloffset=+2]
diff --git a/installing/installing_gcp/installing-gcp-user-infra.adoc b/installing/installing_gcp/installing-gcp-user-infra.adoc
index c4293fa39835..e57dd8b423ad 100644
--- a/installing/installing_gcp/installing-gcp-user-infra.adoc
+++ b/installing/installing_gcp/installing-gcp-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-user-infra"]
 = Installing a cluster on user-provisioned infrastructure in GCP by using Deployment Manager templates
 include::_attributes/common-attributes.adoc[]
@@ -21,7 +21,7 @@ The steps for performing a user-provisioned infrastructure installation are prov
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[manually create and maintain long-term credentials].
 +
 [NOTE]
 ====
@@ -44,6 +44,12 @@ include::modules/installation-gcp-limits.adoc[leveloffset=+2]
 include::modules/installation-gcp-service-account.adoc[leveloffset=+2]
 include::modules/installation-gcp-permissions.adoc[leveloffset=+2]
 include::modules/minimum-required-permissions-upi-gcp.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-regions.adoc[leveloffset=+2]
 include::modules/installation-gcp-install-cli.adoc[leveloffset=+2]
 
@@ -57,12 +63,23 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
 include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
 include::modules/installation-initializing.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
+
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_gcp/installing-gcp-vpc.adoc b/installing/installing_gcp/installing-gcp-vpc.adoc
index 9d63c3642a84..d59bb5317891 100644
--- a/installing/installing_gcp/installing-gcp-vpc.adoc
+++ b/installing/installing_gcp/installing-gcp-vpc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-gcp-vpc"]
 = Installing a cluster on GCP into an existing VPC
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,6 @@ parameters in the `install-config.yaml` file before you install the cluster.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 * You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a GCP project] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 
 include::modules/installation-custom-gcp-vpc.adoc[leveloffset=+1]
 
@@ -27,12 +26,21 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-tested-machine-types-arm.adoc[leveloffset=+2]
+
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
@@ -51,10 +59,38 @@ include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-gcp-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-vpc.adoc#manually-create-iam_installing-gcp-vpc[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-with-short-term-creds_installing-gcp-vpc[Configuring a GCP cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring a GCP cluster to use short-term credentials
+[id="installing-gcp-with-short-term-creds_{context}"]
+=== Configuring a GCP cluster to use short-term credentials
+
+To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required GCP resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc b/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
index 4aeea86ef656..c5d66766df21 100644
--- a/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
+++ b/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-gcp-installer-provisioned"]
 = Installing a cluster on GCP in a restricted network
 include::_attributes/common-attributes.adoc[]
@@ -29,7 +29,6 @@ Because the installation media is on the mirror host, you can use that computer
 ** Contains the mirror registry
 ** Has firewall rules or a peering connection to access the mirror registry hosted elsewhere
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to. While you might need to grant access to more sites, you must grant access to `*.googleapis.com` and `accounts.google.com`.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
 
 include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
 
@@ -39,12 +38,21 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-tested-machine-types-arm.adoc[leveloffset=+2]
+
 include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
@@ -57,10 +65,38 @@ include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
+//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
+[id="installing-gcp-manual-modes_{context}"]
+== Alternatives to storing administrator-level secrets in the kube-system project
+
+By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
+
+* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-gcp-installer-provisioned[Manually creating long-term credentials].
+
+* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-gcp-with-short-term-creds_installing-restricted-networks-gcp-installer-provisioned[Configuring a GCP cluster to use short-term credentials].
+
+//Manually creating long-term credentials
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
+
+//Supertask: Configuring a GCP cluster to use short-term credentials
+[id="installing-gcp-with-short-term-creds_{context}"]
+=== Configuring a GCP cluster to use short-term credentials
+
+To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
+
+//Task part 1: Configuring the Cloud Credential Operator utility
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
+
+//Task part 2: Creating the required GCP resources
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
+
+//Task part 3: Incorporating the Cloud Credential Operator utility manifests
+include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
@@ -81,3 +117,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks].
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_gcp/installing-restricted-networks-gcp.adoc b/installing/installing_gcp/installing-restricted-networks-gcp.adoc
index 4cc8a767501e..204857898c57 100644
--- a/installing/installing_gcp/installing-restricted-networks-gcp.adoc
+++ b/installing/installing_gcp/installing-restricted-networks-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-gcp"]
 = Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
@@ -32,7 +32,7 @@ The steps for performing a user-provisioned infrastructure installation are prov
 Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
 ====
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to. While you might need to grant access to more sites, you must grant access to `*.googleapis.com` and `accounts.google.com`.
-* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials].
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[manually create and maintain long-term credentials].
 
 include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
 
@@ -50,6 +50,12 @@ include::modules/installation-gcp-limits.adoc[leveloffset=+2]
 include::modules/installation-gcp-service-account.adoc[leveloffset=+2]
 include::modules/installation-gcp-permissions.adoc[leveloffset=+2]
 include::modules/minimum-required-permissions-upi-gcp.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-gcp-regions.adoc[leveloffset=+2]
 include::modules/installation-gcp-install-cli.adoc[leveloffset=+2]
 
@@ -69,6 +75,11 @@ include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2
 include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
 include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
 include::modules/installation-initializing.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
+
 include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -142,3 +153,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks].
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_gcp/preparing-to-install-on-gcp.adoc b/installing/installing_gcp/preparing-to-install-on-gcp.adoc
index 3f92abef99df..6d849b0d3a88 100644
--- a/installing/installing_gcp/preparing-to-install-on-gcp.adoc
+++ b/installing/installing_gcp/preparing-to-install-on-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-gcp"]
 = Preparing to install on GCP
 include::_attributes/common-attributes.adoc[]
@@ -18,7 +18,7 @@ toc::[]
 
 Before installing {product-title} on Google Cloud Platform (GCP), you must create a service account and configure a GCP project. See xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[Configuring a GCP project] for details about creating a project, enabling API services, configuring DNS, GCP account limits, and supported GCP regions.
 
-If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[Manually creating IAM for GCP] for other options.
+If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, see xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP] for other options.
 
 [id="choosing-an-method-to-install-ocp-on-gcp"]
 == Choosing a method to install {product-title} on GCP
diff --git a/installing/installing_gcp/uninstalling-cluster-gcp.adoc b/installing/installing_gcp/uninstalling-cluster-gcp.adoc
index b8bcb4feaaeb..834a705cf3ac 100644
--- a/installing/installing_gcp/uninstalling-cluster-gcp.adoc
+++ b/installing/installing_gcp/uninstalling-cluster-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-gcp"]
 = Uninstalling a cluster on GCP
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_ibm_cloud/install-ibm-cloud-installation-workflow.adoc b/installing/installing_ibm_cloud/install-ibm-cloud-installation-workflow.adoc
index 56652129d615..e8449a597ef2 100644
--- a/installing/installing_ibm_cloud/install-ibm-cloud-installation-workflow.adoc
+++ b/installing/installing_ibm_cloud/install-ibm-cloud-installation-workflow.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="install-ibm-cloud-installation-workflow"]
 = Setting up the environment for an {product-title} installation
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_ibm_cloud/install-ibm-cloud-prerequisites.adoc b/installing/installing_ibm_cloud/install-ibm-cloud-prerequisites.adoc
index 77bb83f89424..f798066e41f7 100644
--- a/installing/installing_ibm_cloud/install-ibm-cloud-prerequisites.adoc
+++ b/installing/installing_ibm_cloud/install-ibm-cloud-prerequisites.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="install-ibm-cloud-prerequisites"]
 = Prerequisites
 include::_attributes/common-attributes.adoc[]
@@ -6,11 +6,11 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can use installer-provisioned installation to install {product-title} on IBM Cloud&#174; nodes. This document describes the prerequisites and procedures when installing {product-title} on IBM Cloud nodes.
+You can use installer-provisioned installation to install {product-title} on {ibm-cloud-bm} nodes. This document describes the prerequisites and procedures when installing {product-title} on {ibm-cloud-name} nodes.
 
 [IMPORTANT]
 ====
-Red Hat supports IPMI and PXE on the provisioning network only. Red Hat has not tested Red Fish, virtual media, or other complementary technologies such as Secure Boot on IBM Cloud deployments. A provisioning network is required.
+Red Hat supports IPMI and PXE on the provisioning network only. Red Hat has not tested Red Fish, virtual media, or other complementary technologies such as Secure Boot on {ibm-cloud-name} deployments. A provisioning network is required.
 ====
 
 Installer-provisioned installation of {product-title} requires:
@@ -20,6 +20,6 @@ Installer-provisioned installation of {product-title} requires:
 * One routable network
 * One provisioning network
 
-Before starting an installer-provisioned installation of {product-title} on IBM Cloud, address the following prerequisites and requirements.
+Before starting an installer-provisioned installation of {product-title} on {ibm-cloud-bm}, address the following prerequisites and requirements.
 
 include::modules/install-ibm-cloud-setting-up-ibm-cloud-infrastructure.adoc[leveloffset=+1]
diff --git a/installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc b/installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc
index d39411d07672..2ca65d416867 100644
--- a/installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc
+++ b/installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-iam-ibm-cloud"]
-= Configuring IAM for IBM Cloud VPC
+= Configuring IAM for {ibm-cloud-title}
 include::_attributes/common-attributes.adoc[]
 :context: configuring-iam-ibm-cloud
 
@@ -20,14 +20,14 @@ include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="additional-resources_configuring-iam-ibm-cloud-refreshing-ids"]
 .Additional resources
-* xref:../../post_installation_configuration/cluster-tasks.adoc#refreshing-service-ids-ibm-cloud_post-install-cluster-tasks[Rotating API keys for IBM Cloud VPC]
+* xref:../../post_installation_configuration/cluster-tasks.adoc#refreshing-service-ids-ibm-cloud_post-install-cluster-tasks[Rotating API keys for {ibm-cloud-name}]
 
 [id="next-steps_configuring-iam-ibm-cloud"]
 == Next steps
-* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a cluster on IBM Cloud VPC with customizations]
+* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a cluster on {ibm-cloud-name} with customizations]
 
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
 == Additional resources
 
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
\ No newline at end of file
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
\ No newline at end of file
diff --git a/installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc b/installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc
new file mode 100644
index 000000000000..ac86eda84ec4
--- /dev/null
+++ b/installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-ibm-cloud-vpc"]
+= Installation configuration parameters for {ibm-cloud-title}
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-ibm-cloud-vpc
+:platform: {ibm-cloud-title}
+
+toc::[]
+
+Before you deploy an {product-title} cluster on {ibm-cloud-name}, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc b/installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
index 3af38d584212..b1aed4489e54 100644
--- a/installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
+++ b/installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
@@ -1,17 +1,17 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-cloud-account"]
-= Configuring an IBM Cloud account
+= Configuring an {ibm-cloud-title} account
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-cloud-account
 
 toc::[]
 
-Before you can install {product-title}, you must configure an IBM Cloud account.
+Before you can install {product-title}, you must configure an {ibm-cloud-name} account.
 
 [id="prerequisites_installing-ibm-cloud-account"]
 == Prerequisites
 
-* You have an IBM Cloud account with a subscription. You cannot install {product-title} on a free or trial IBM Cloud account.
+* You have an {ibm-cloud-name} account with a subscription. You cannot install {product-title} on a free or trial {ibm-cloud-name} account.
 
 include::modules/quotas-and-limits-ibm-cloud.adoc[leveloffset=+1]
 
@@ -20,8 +20,8 @@ include::modules/quotas-and-limits-ibm-cloud.adoc[leveloffset=+1]
 
 How you configure DNS resolution depends on the type of {product-title} cluster you are installing:
 
-* If you are installing a public cluster, you use IBM Cloud Internet Services (CIS).
-* If you are installing a private cluster, you use IBM Cloud DNS Services (DNS Services)
+* If you are installing a public cluster, you use {ibm-cloud-title} Internet Services (CIS).
+* If you are installing a private cluster, you use {ibm-cloud-name} DNS Services (DNS Services)
 
 include::modules/installation-cis-ibm-cloud.adoc[leveloffset=+2]
 include::modules/installation-dns-ibm-cloud.adoc[leveloffset=+2]
@@ -33,4 +33,4 @@ include::modules/installation-ibm-cloud-regions.adoc[leveloffset=+1]
 
 [id="next-steps_installing-ibm-cloud-account"]
 == Next steps
-* xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC]
+* xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}]
diff --git a/installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc b/installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc
index fd1d36d2e204..82d95a8c3962 100644
--- a/installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc
+++ b/installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc
@@ -1,21 +1,21 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-cloud-customizations"]
-= Installing a cluster on IBM Cloud VPC with customizations
+= Installing a cluster on {ibm-cloud-title} with customizations
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-cloud-customizations
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a customized cluster on infrastructure that the installation program provisions on IBM Cloud VPC. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+In {product-title} version {product-version}, you can install a customized cluster on infrastructure that the installation program provisions on {ibm-cloud-name}. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
 [id="prerequisites_installing-ibm-cloud-customizations"]
 == Prerequisites
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC].
+* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -27,10 +27,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-config-parameters-ibm-cloud-vpc[Installation configuration parameters for {ibm-cloud-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2]
 
 //.Additional resources
diff --git a/installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc b/installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
index c71411a8717c..f85869ff265c 100644
--- a/installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
+++ b/installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
@@ -1,13 +1,13 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-cloud-network-customizations"]
-= Installing a cluster on IBM Cloud VPC with network customizations
+= Installing a cluster on {ibm-cloud-title} with network customizations
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-cloud-network-customizations
 
 toc::[]
 
 In {product-title} version {product-version}, you can install a cluster with a
-customized network configuration on infrastructure that the installation program provisions on IBM Cloud VPC. By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+customized network configuration on infrastructure that the installation program provisions on {ibm-cloud-name}. By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
 You must set most of the network configuration parameters during installation, and you can modify only `kubeProxy` configuration parameters in a running cluster.
 
@@ -16,9 +16,9 @@ You must set most of the network configuration parameters during installation, a
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC].
+* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}].
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
@@ -30,10 +30,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-config-parameters-ibm-cloud-vpc[Installation configuration parameters for {ibm-cloud-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2]
 
 //.Additional resources
diff --git a/installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc b/installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
index 00f4a1b208a2..65bf644a4c0e 100644
--- a/installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+++ b/installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-cloud-private"]
-= Installing a private cluster on IBM Cloud VPC
+= Installing a private cluster on {ibm-cloud-title}
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-cloud-private
 
@@ -13,9 +13,9 @@ In {product-title} version {product-version}, you can install a private cluster
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC].
+* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}].
 
 include::modules/private-clusters-default.adoc[leveloffset=+1]
 
@@ -33,10 +33,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-config-parameters-ibm-cloud-vpc[Installation configuration parameters for {ibm-cloud-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc b/installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
new file mode 100644
index 000000000000..24d58c4699ef
--- /dev/null
+++ b/installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
@@ -0,0 +1,84 @@
+:_content-type: ASSEMBLY
+[id="installing-ibm-cloud-restricted"]
+= Installing a cluster on IBM Cloud in a restricted network
+include::_attributes/common-attributes.adoc[]
+:context: installing-ibm-cloud-restricted
+
+toc::[]
+
+In {product-title} {product-version}, you can install a cluster in a restricted network by creating an internal mirror of the installation release content that is accessible to an existing Virtual Private Cloud (VPC) on {ibm-cloud-name}.
+
+[id="prerequisites_installing-ibm-cloud-restricted"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud account] to host the cluster.
+* You have a container image registry that is accessible to the internet and your restricted network. The container image registry should mirror the contents of the {product-registry} and contain the installation media. For more information, see xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+* You have an existing VPC on {ibm-cloud-name} that meets the following requirements:
+** The VPC contains the mirror registry or has firewall rules or a peering connection to access the mirror registry that is hosted elsewhere.
+** The VPC can access {ibm-cloud-name} service endpoints using a public endpoint. If network restrictions limit access to public service endpoints, evaluate those services for alternate endpoints that might be available. For more information see xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc#access-to-ibm-service-endpoints_installing-ibm-cloud-restricted[Access to IBM service endpoints].
+
++
+You cannot use the VPC that the installation program provisions by default.
+* If you plan on configuring endpoint gateways to use {ibm-cloud-name} Virtual Private Endpoints, consider the following requirements:
+** Endpoint gateway support is currently limited to the `us-east` and `us-south` regions.
+** The VPC must allow traffic to and from the endpoint gateways. You can use the VPC’s default security group, or a new security group, to allow traffic on port 443. For more information, see xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc#installation-ibm-cloud-configure-vpc-for-endpoint-gateways_installing-ibm-cloud-restricted[Allowing endpoint gateway traffic].
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC].
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin]
+* xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-configuration-parameters-additional-ibm-cloud_installation-config-parameters-ibm-cloud-vpc[Additional IBM Cloud configuration parameters]
+
+include::modules/installation-custom-ibm-cloud-vpc.adoc[leveloffset=+1]
+include::modules/installation-ibm-cloud-configure-vpc-for-endpoint-gateways.adoc[leveloffset=+2]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
+
+include::modules/installation-ibm-cloud-download-rhcos.adoc[leveloffset=+1]
+
+include::modules/installation-initializing-manual.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-config-parameters-ibm-cloud-vpc[Installation configuration parameters for {ibm-cloud-name}]
+
+include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2]
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/manually-create-iam-ibm-cloud.adoc[leveloffset=+1]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_installing-ibm-cloud-restricted-console"]
+.Additional resources
+* xref:../../web_console/web-console.adoc#web-console[Accessing the web console]
+
+== Post installation
+Complete the following steps to complete the configuration of your cluster.
+
+include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+2]
+include::modules/oc-mirror-updating-restricted-cluster-manifests.adoc[leveloffset=+2]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_installing-ibm-cloud-restricted-telemetry"]
+.Additional resources
+* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+
+[id="next-steps_installing-ibm-cloud-restricted"]
+== Next steps
+* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* Optional: xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting].
diff --git a/installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc b/installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
index f4acc0477718..9a613a856587 100644
--- a/installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
+++ b/installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
@@ -1,21 +1,21 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-cloud-vpc"]
-= Installing a cluster on IBM Cloud VPC into an existing VPC
+= Installing a cluster on {ibm-cloud-title} into an existing VPC
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-cloud-vpc
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a cluster into an existing Virtual Private Cloud (VPC) on IBM Cloud VPC. The installation program provisions the rest of the required infrastructure, which you can then further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+In {product-title} version {product-version}, you can install a cluster into an existing Virtual Private Cloud (VPC) on {ibm-cloud-name}. The installation program provisions the rest of the required infrastructure, which you can then further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
 [id="prerequisites_installing-ibm-cloud-vpc"]
 == Prerequisites
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC].
+* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}].
 
 include::modules/installation-custom-ibm-cloud-vpc.adoc[leveloffset=+1]
 
@@ -29,10 +29,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-config-parameters-ibm-cloud-vpc[Installation configuration parameters for {ibm-cloud-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc b/installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc
index 1907b825a6f8..b069380cf6ed 100644
--- a/installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc
+++ b/installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-ibm-cloud"]
-= Preparing to install on IBM Cloud VPC
+= Preparing to install on {ibm-cloud-title}
 include::_attributes/common-attributes.adoc[]
 :context: preparing-to-install-on-ibm-cloud
 
 toc::[]
 
-The installation workflows documented in this section are for IBM Cloud VPC infrastructure environments. IBM Cloud Classic is not supported at this time. For more information about the difference between Classic and VPC infrastructures, see the IBM link:https://cloud.ibm.com/docs/cloud-infrastructure?topic=cloud-infrastructure-compare-infrastructure[documentation].
+The installation workflows documented in this section are for {ibm-cloud-name} infrastructure environments. {ibm-cloud-name} classic is not supported at this time. For more information about the difference between classic and VPC infrastructures, see the {ibm-name} link:https://cloud.ibm.com/docs/cloud-infrastructure?topic=cloud-infrastructure-compare-infrastructure[documentation].
 
 [id="prerequisites_preparing-to-install-on-ibm-cloud"]
 == Prerequisites
@@ -16,32 +16,34 @@ The installation workflows documented in this section are for IBM Cloud VPC infr
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 
 [id="requirements-for-installing-ocp-on-ibm-cloud"]
-== Requirements for installing {product-title} on IBM Cloud VPC
+== Requirements for installing {product-title} on {ibm-cloud-title}
 
-Before installing {product-title} on IBM Cloud VPC, you must create a service account and configure an IBM Cloud account. See xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[Configuring an IBM Cloud account] for details about creating an account, enabling API services, configuring DNS, IBM Cloud account limits, and supported IBM Cloud VPC regions.
+Before installing {product-title} on {ibm-cloud-name}, you must create a service account and configure an {ibm-cloud-name} account. See xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[Configuring an {ibm-cloud-name} account] for details about creating an account, enabling API services, configuring DNS, {ibm-cloud-name} account limits, and supported {ibm-cloud-name} regions.
 
-You must manually manage your cloud credentials when installing a cluster to IBM Cloud VPC. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC].
+You must manually manage your cloud credentials when installing a cluster to {ibm-cloud-name}. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for {ibm-cloud-name}].
 
 [id="choosing-a-method-to-install-ocp-on-ibm-cloud"]
-== Choosing a method to install {product-title} on IBM Cloud VPC
+== Choosing a method to install {product-title} on {ibm-cloud-title}
 
-You can install {product-title} on IBM Cloud VPC using installer-provisioned infrastructure. This process involves using an installation program to provision the underlying infrastructure for your cluster. Installing {product-title} on IBM Cloud VPC using user-provisioned infrastructure is not supported at this time.
+You can install {product-title} on {ibm-cloud-name} using installer-provisioned infrastructure. This process involves using an installation program to provision the underlying infrastructure for your cluster. Installing {product-title} on {ibm-cloud-name} using user-provisioned infrastructure is not supported at this time.
 
 See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned installation processes.
 
 [id="choosing-an-method-to-install-ocp-on-ibm-cloud-installer-provisioned"]
 === Installing a cluster on installer-provisioned infrastructure
 
-You can install a cluster on IBM Cloud VPC infrastructure that is provisioned by the {product-title} installation program by using one of the following methods:
+You can install a cluster on {ibm-cloud-name} infrastructure that is provisioned by the {product-title} installation program by using one of the following methods:
 
-* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a customized cluster on IBM Cloud VPC]**: You can install a customized cluster on IBM Cloud VPC infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
+* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a customized cluster on {ibm-cloud-name}]**: You can install a customized cluster on {ibm-cloud-name} infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
 
-* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc#installing-ibm-cloud-network-customizations[Installing a cluster on IBM Cloud VPC with network customizations]**: You can customize your {product-title} network configuration during installation, so that your cluster can coexist with your existing IP address allocations and adhere to your network requirements.
+* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc#installing-ibm-cloud-network-customizations[Installing a cluster on {ibm-cloud-name} with network customizations]**: You can customize your {product-title} network configuration during installation, so that your cluster can coexist with your existing IP address allocations and adhere to your network requirements.
 
-* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc#installing-ibm-cloud-vpc[Installing a cluster on IBM Cloud VPC into an existing VPC]**: You can install {product-title} on an existing IBM  Virtual Private Cloud (VPC). You can use this installation method if you have constraints set by the guidelines of your company, such as limits when creating new accounts or infrastructure.
+* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc#installing-ibm-cloud-vpc[Installing a cluster on {ibm-cloud-name} into an existing VPC]**: You can install {product-title} on an existing {ibm-cloud-name}. You can use this installation method if you have constraints set by the guidelines of your company, such as limits when creating new accounts or infrastructure.
 
 * **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc#installing-ibm-cloud-private[Installing a private cluster on an existing VPC]**: You can install a private cluster on an existing Virtual Private Cloud (VPC). You can use this method to deploy {product-title} on an internal network that is not visible to the internet.
 
+* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc#installing-ibm-cloud-restricted[Installing a cluster on IBM Cloud VPC in a restricted network]**: You can install {product-title} on IBM Cloud VPC on installer-provisioned infrastructure by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components.
+
 [id="next-steps_preparing-to-install-on-ibm-cloud"]
 == Next steps
-* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[Configuring an IBM Cloud account]
+* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[Configuring an {ibm-cloud-name} account]
diff --git a/installing/installing_ibm_cloud_public/uninstalling-cluster-ibm-cloud.adoc b/installing/installing_ibm_cloud_public/uninstalling-cluster-ibm-cloud.adoc
index 3cec6a033333..c34c9f7c835b 100644
--- a/installing/installing_ibm_cloud_public/uninstalling-cluster-ibm-cloud.adoc
+++ b/installing/installing_ibm_cloud_public/uninstalling-cluster-ibm-cloud.adoc
@@ -1,11 +1,11 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-ibm-cloud"]
-= Uninstalling a cluster on IBM Cloud VPC
+= Uninstalling a cluster on {ibm-cloud-title}
 include::_attributes/common-attributes.adoc[]
 :context: uninstalling-cluster-ibm-cloud
 
 toc::[]
 
-You can remove a cluster that you deployed to IBM Cloud VPC.
+You can remove a cluster that you deployed to {ibm-cloud-name}.
 
 include::modules/installation-uninstall-clouds.adoc[leveloffset=+1]
diff --git a/installing/installing_ibm_cloud_public/user-managed-encryption-ibm-cloud.adoc b/installing/installing_ibm_cloud_public/user-managed-encryption-ibm-cloud.adoc
new file mode 100644
index 000000000000..a40bea8e9f69
--- /dev/null
+++ b/installing/installing_ibm_cloud_public/user-managed-encryption-ibm-cloud.adoc
@@ -0,0 +1,42 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="user-managed-encryption-ibm-cloud"]
+= User-managed encryption for {ibm-cloud-title}
+include::_attributes/common-attributes.adoc[]
+:context: user-managed-encryption-ibm-cloud
+
+toc::[]
+
+By default, provider-managed encryption is used to secure the following when you deploy an {product-title} cluster:
+
+* The root (boot) volume of control plane and compute machines
+* Persistent volumes (data volumes) that are provisioned after the cluster is deployed
+
+You can override the default behavior by specifying an {ibm-name} Key Protect for {ibm-cloud-name} (Key Protect) root key as part of the installation process.
+
+When you bring our own root key, you modify the installation configuration file (`install-config.yaml`) to specify the Cloud Resource Name (CRN) of the root key by using the `encryptionKey` parameter.
+
+You can specify that:
+
+* The same root key be used be used for all cluster machines. You do so by specifying the key as part of the cluster's default machine configuration.
++
+When specified as part of the default machine configuration, all managed storage classes are updated with this key. As such, data volumes that are provisioned after the installation are also encrypted using this key.
+
+* Separate root keys be used for the control plane and compute machine pools.
+
+For more information about the `encryptionKey` parameter, see xref:../../installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vpc.adoc#installation-configuration-parameters-additional-ibm-cloud_installation-config-parameters-ibm-cloud-vpc[Additional IBM Cloud configuration parameters].
+
+[NOTE]
+====
+Make sure you have integrated Key Protect with your IBM Cloud Block Storage service. For more information, see the Key Protect link:https://cloud.ibm.com/docs/key-protect?topic=key-protect-integrate-services#grant-access[documentation].
+====
+
+
+[id="user-managed-encryption-ibm-cloud-next-steps"]
+== Next steps
+
+Install an {product-title} cluster:
+
+* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a cluster on {ibm-cloud-title} with customizations]
+* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc#installing-ibm-cloud-network-customizations[Installing a cluster on {ibm-cloud-title} with network customizations]
+* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc#installing-ibm-cloud-vpc[Installing a cluster on {ibm-cloud-title} into an existing VPC]
+* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc#installing-ibm-cloud-private[Installing a private cluster on {ibm-cloud-title}]
diff --git a/installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc b/installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc
new file mode 100644
index 000000000000..ca440681c1dd
--- /dev/null
+++ b/installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-ibm-power"]
+= Installation configuration parameters for {ibm-power-title}
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-ibm-power
+:platform: IBM Power
+
+toc::[]
+
+Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_ibm_power/installing-ibm-power.adoc b/installing/installing_ibm_power/installing-ibm-power.adoc
index 35256a6de020..933c59c45e3e 100644
--- a/installing/installing_ibm_power/installing-ibm-power.adoc
+++ b/installing/installing_ibm_power/installing-ibm-power.adoc
@@ -1,13 +1,13 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-power"]
-= Installing a cluster on IBM Power
+= Installing a cluster on {ibm-power-title}
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-power
 
 toc::[]
 
 In {product-title} version {product-version}, you can install a cluster on
-IBM Power infrastructure that you provision.
+{ibm-power-name} infrastructure that you provision.
 
 [IMPORTANT]
 ====
@@ -40,6 +40,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/minimum-ibm-power-system-requirements.adoc[leveloffset=+2]
 include::modules/recommended-ibm-power-system-requirements.adoc[leveloffset=+2]
 include::modules/csr-management.adoc[leveloffset=+2]
@@ -67,7 +73,9 @@ include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc#installation-config-parameters-ibm-power[Installation configuration parameters for {ibm-power-name}]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
@@ -82,7 +90,7 @@ include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[lev
 [id="creating-machines-bare-metal-power"]
 == Installing {op-system} and starting the {product-title} bootstrap process
 
-To install {product-title} on IBM Power infrastructure that you provision, you must install {op-system-first} on the machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} machines have rebooted.
+To install {product-title} on {ibm-power-name} infrastructure that you provision, you must install {op-system-first} on the machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} machines have rebooted.
 
 Follow either the steps to use an ISO image or network PXE booting to install {op-system} on the machines.
 
diff --git a/installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc b/installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
index 99d092efd7a0..1558d6a334de 100644
--- a/installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
+++ b/installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
@@ -1,13 +1,13 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-ibm-power"]
-= Installing a cluster on IBM Power in a restricted network
+= Installing a cluster on {ibm-power-title} in a restricted network
 include::_attributes/common-attributes.adoc[]
 :context: installing-restricted-networks-ibm-power
 
 toc::[]
 
 In {product-title} version {product-version}, you can install a cluster on
-IBM Power infrastructure that you provision in a restricted network.
+{ibm-power-name} infrastructure that you provision in a restricted network.
 
 [IMPORTANT]
 ====
@@ -48,6 +48,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/minimum-ibm-power-system-requirements.adoc[leveloffset=+2]
 include::modules/recommended-ibm-power-system-requirements.adoc[leveloffset=+2]
 include::modules/csr-management.adoc[leveloffset=+2]
@@ -75,7 +81,9 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc#installation-config-parameters-ibm-power[Installation configuration parameters for {ibm-power-name}]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
@@ -90,7 +98,7 @@ include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[lev
 [id="creating-machines-ibm-power-restricted-network"]
 == Installing {op-system} and starting the {product-title} bootstrap process
 
-To install {product-title} on IBM Power infrastructure that you provision, you must install {op-system-first} on the machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} machines have rebooted.
+To install {product-title} on {ibm-power-name} infrastructure that you provision, you must install {op-system-first} on the machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} machines have rebooted.
 
 Follow either the steps to use an ISO image or network PXE booting to install {op-system} on the machines.
 
@@ -127,3 +135,5 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/machine-configuration-tasks.adoc#rhcos-enabling-multipath_post-install-machine-configuration-tasks[Enabling multipathing with kernel arguments on {op-system}].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_ibm_power/preparing-to-install-on-ibm-power.adoc b/installing/installing_ibm_power/preparing-to-install-on-ibm-power.adoc
index fbc5222b7c09..870b057adcb7 100644
--- a/installing/installing_ibm_power/preparing-to-install-on-ibm-power.adoc
+++ b/installing/installing_ibm_power/preparing-to-install-on-ibm-power.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-ibm-power"]
-= Preparing to install on IBM Power
+= Preparing to install on {ibm-power-title}
 include::_attributes/common-attributes.adoc[]
 :context: preparing-to-install-on-ibm-power
 
@@ -13,10 +13,10 @@ toc::[]
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 
 [id="choosing-an-method-to-install-ocp-on-ibm-power"]
-== Choosing a method to install {product-title} on IBM Power
+== Choosing a method to install {product-title} on {ibm-power-title}
 
-You can install a cluster on IBM Power infrastructure that you provision, by using one of the following methods:
+You can install a cluster on {ibm-power-name} infrastructure that you provision, by using one of the following methods:
 
-* **xref:../../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Installing a cluster on IBM Power]**: You can install {product-title} on IBM Power infrastructure that you provision.
+* **xref:../../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Installing a cluster on {ibm-power-name}]**: You can install {product-title} on {ibm-power-name} infrastructure that you provision.
 
-* **xref:../../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[Installing a cluster on IBM Power in a restricted network]**: You can install {product-title} on IBM Power infrastructure that you provision in a restricted or disconnected network, by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
+* **xref:../../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[Installing a cluster on {ibm-power-name} in a restricted network]**: You can install {product-title} on {ibm-power-name} infrastructure that you provision in a restricted or disconnected network, by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
diff --git a/installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc b/installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc
index 9c21524a0e22..ef60786a0ca4 100644
--- a/installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc
+++ b/installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc
@@ -1,10 +1,10 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-ibm-power-vs-workspace"]
-= Creating an {ibmpowerProductName} Virtual Server workspace
+= Creating an {ibm-power-server-title} workspace
 include::_attributes/common-attributes.adoc[]
 :context: creating-ibm-power-vs-workspace
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-name} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 include::modules/creating-ibm-power-vs-workspace-procedure.adoc[leveloffset=+1]
@@ -12,4 +12,4 @@ include::modules/creating-ibm-power-vs-workspace-procedure.adoc[leveloffset=+1]
 
 [id="next-steps_creating-ibm-power-vs-workspace"]
 == Next steps
-* xref:../../installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc#installing-ibm-power-vs-customizations[Installing a cluster on {ibmpowerProductName} Virtual Server with customizations]
+* xref:../../installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc#installing-ibm-power-vs-customizations[Installing a cluster on {ibm-power-server-name} with customizations]
diff --git a/installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs.adoc b/installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs.adoc
new file mode 100644
index 000000000000..a7025b7f3a2c
--- /dev/null
+++ b/installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-ibm-power-vs"]
+= Installation configuration parameters for {ibm-power-server-title}
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-ibm-power-vs
+:platform: {ibm-power-server-title}
+
+toc::[]
+
+Before you deploy an {product-title} on {ibm-power-server-name}, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc b/installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc
index 3aaa32c147b6..69c7bbc361b2 100644
--- a/installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc
+++ b/installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc
@@ -1,20 +1,20 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-cloud-account-power-vs"]
-= Configuring an IBM Cloud account
+= Configuring an {ibm-cloud-title} account
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-cloud-account-power-vs
 
 toc::[]
 
-Before you can install {product-title}, you must configure an IBM Cloud account.
+Before you can install {product-title}, you must configure an {ibm-cloud-name} account.
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-title} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 [id="prerequisites_installing-ibm-cloud-account-power-vs"]
 == Prerequisites
 
-* You have an IBM Cloud account with a subscription. You cannot install {product-title} on a free or on a trial IBM Cloud account.
+* You have an {ibm-cloud-name} account with a subscription. You cannot install {product-title} on a free or on a trial {ibm-cloud-name} account.
 
 include::modules/quotas-and-limits-ibm-power-vs.adoc[leveloffset=+1]
 
@@ -23,8 +23,8 @@ include::modules/quotas-and-limits-ibm-power-vs.adoc[leveloffset=+1]
 
 How you configure DNS resolution depends on the type of {product-title} cluster you are installing:
 
-* If you are installing a public cluster, you use IBM Cloud Internet Services (CIS).
-* If you are installing a private cluster, you use IBM Cloud DNS Services (DNS Services).
+* If you are installing a public cluster, you use {ibm-cloud-name} Internet Services (CIS).
+* If you are installing a private cluster, you use {ibm-cloud-name} DNS Services (DNS Services).
 
 include::modules/installation-cis-ibm-cloud.adoc[leveloffset=+1]
 
@@ -36,4 +36,4 @@ include::modules/installation-ibm-cloud-regions.adoc[leveloffset=+1]
 
 [id="next-steps_installing-ibm-cloud-account-power-vs"]
 == Next steps
-* xref:../../installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc#creating-ibm-power-vs-workspace[Creating an {ibmpowerProductName} Virtual Server workspace]
+* xref:../../installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc#creating-ibm-power-vs-workspace[Creating an {ibm-power-server-name} workspace]
diff --git a/installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc b/installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc
index 0fb0e4bcedd8..4e2a84a82ba5 100644
--- a/installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc
+++ b/installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc
@@ -1,14 +1,14 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-power-vs-customizations"]
-= Installing a cluster on {ibmpowerProductName} Virtual Server with customizations
+= Installing a cluster on {ibm-power-server-title} with customizations
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-power-vs-customizations
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a customized cluster on infrastructure that the installation program provisions on {ibmpowerProductName} Virtual Server. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+In {product-title} version {product-version}, you can install a customized cluster on infrastructure that the installation program provisions on {ibm-power-server-title}. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-title} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 [id="prerequisites_installing-ibm-powervs-customizations"]
@@ -16,7 +16,7 @@ include::snippets/technology-preview.adoc[]
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
 * You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc#cco-ccoctl-configuring_preparing-to-install-on-ibm-power-vs[Configuring the Cloud Credential Operator utility].
 
@@ -30,7 +30,9 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs#installation-config-parameters-ibm-power-vs[Installation configuration parameters for {ibm-power-server-name}]
 
 include::modules/installation-ibm-power-vs-config-yaml.adoc[leveloffset=+2]
 
diff --git a/installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc b/installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
index b06b4d76a556..243f5af4843d 100644
--- a/installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
+++ b/installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
@@ -1,14 +1,14 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-power-vs-private-cluster"]
-= Installing a private cluster on {ibmpowerProductName} Virtual Server
+= Installing a private cluster on {ibm-power-server-title}
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-power-vs-private-cluster
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a private cluster into an existing VPC and {ibmpowerProductName} Virtual Server Workspace. The installation program provisions the rest of the required infrastructure, which you can further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+In {product-title} version {product-version}, you can install a private cluster into an existing VPC and {ibm-power-server-name} Workspace. The installation program provisions the rest of the required infrastructure, which you can further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-name} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 [id="prerequisites_installing-ibm-power-vs-private-cluster"]
@@ -16,7 +16,7 @@ include::snippets/technology-preview.adoc[]
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
 * You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc#cco-ccoctl-configuring_preparing-to-install-on-ibm-power-vs[Configuring the Cloud Credential Operator utility].
 
@@ -36,10 +36,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs#installation-config-parameters-ibm-power-vs[Installation configuration parameters for {ibm-power-server-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-power-vs-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc b/installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
index 31daad2354b2..d159640e2920 100644
--- a/installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+++ b/installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
@@ -1,14 +1,14 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-powervs-vpc"]
-= Installing a cluster on {ibmpowerProductName} Virtual Server into an existing VPC
+= Installing a cluster on {ibm-power-server-title} into an existing VPC
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-powervs-vpc
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a cluster into an existing Virtual Private Cloud (VPC) on IBM Cloud VPC. The installation program provisions the rest of the required infrastructure, which you can then further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+In {product-title} version {product-version}, you can install a cluster into an existing Virtual Private Cloud (VPC) on {ibm-cloud-name}. The installation program provisions the rest of the required infrastructure, which you can then further customize. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-name} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 [id="prerequisites_installing-ibm-powervs-vpc"]
@@ -16,7 +16,7 @@ include::snippets/technology-preview.adoc[]
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an {ibm-cloud-name} account] to host the cluster.
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
 * You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc#cco-ccoctl-configuring_preparing-to-install-on-ibm-power-vs[Configuring the Cloud Credential Operator utility].
 
@@ -32,10 +32,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs#installation-config-parameters-ibm-power-vs[Installation configuration parameters for {ibm-power-server-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-power-vs-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
diff --git a/installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc b/installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
index d603c9e2c5cd..7603c661a219 100644
--- a/installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
+++ b/installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
@@ -1,14 +1,14 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-ibm-power-vs"]
-= Installing a cluster on {ibmpowerProductName} Virtual Server in a restricted network
+= Installing a cluster on {ibm-power-server-title} in a restricted network
 include::_attributes/common-attributes.adoc[]
 :context: installing-restricted-networks-ibm-power-vs
 
 toc::[]
 
-In {product-title} {product-version}, you can install a cluster on IBM Cloud VPC in a restricted network by creating an internal mirror of the installation release content on an existing Virtual Private Cloud (VPC) on IBM Cloud VPC.
+In {product-title} {product-version}, you can install a cluster on {ibm-cloud-name} in a restricted network by creating an internal mirror of the installation release content on an existing Virtual Private Cloud (VPC) on {ibm-cloud-name}.
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-name} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 [id="prerequisites_installing-ibm-power-vs-restricted"]
@@ -16,14 +16,14 @@ include::snippets/technology-preview.adoc[]
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an IBM Cloud account] to host the cluster.
+* You xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[configured an {ibm-cloud-name} account] to host the cluster.
 * You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installation-about-mirror-registry_installing-mirroring-installation-images[mirrored the images for a disconnected installation] to your registry and obtained the `imageContentSources` data for your version of {product-title}.
 +
 [IMPORTANT]
 ====
 Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
 ====
-* You have an existing VPC in IBM Cloud VPC. When installing a cluster in a restricted network, you cannot use the installer-provisioned VPC. You must use a user-provisioned VPC that satisfies one of the following requirements:
+* You have an existing VPC in {ibm-cloud-name}. When installing a cluster in a restricted network, you cannot use the installer-provisioned VPC. You must use a user-provisioned VPC that satisfies one of the following requirements:
 ** Contains the mirror registry
 ** Has firewall rules or a peering connection to access the mirror registry hosted elsewhere
 * If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
@@ -41,10 +41,17 @@ include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs#installation-config-parameters-ibm-power-vs[Installation configuration parameters for {ibm-power-server-name}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/installation-ibm-power-vs-config-yaml.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -74,4 +81,5 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 [id="next-steps_installing-ibm-power-vs-restricted"]
 == Next steps
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]
-* Optional: xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting]
\ No newline at end of file
+* Optional: xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting]
+* Optional: xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc b/installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc
index 75542226e3ac..cebbb9076bb7 100644
--- a/installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc
+++ b/installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-ibm-power-vs"]
-= Preparing to install on {ibmpowerProductName} Virtual Server
+= Preparing to install on {ibm-power-server-title}
 include::_attributes/common-attributes.adoc[]
 :context: preparing-to-install-on-ibm-power-vs
 
 toc::[]
 
-The installation workflows documented in this section are for {ibmpowerProductName} Virtual Server infrastructure environments.
+The installation workflows documented in this section are for {ibm-power-server-name} infrastructure environments.
 
 [id="prerequisites_preparing-to-install-on-ibm-power-vs"]
 == Prerequisites
@@ -15,35 +15,35 @@ The installation workflows documented in this section are for {ibmpowerProductNa
 
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
 
-:FeatureName: {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure
+:FeatureName: {ibm-power-server-name} using installer-provisioned infrastructure
 include::snippets/technology-preview.adoc[]
 
 [id="requirements-for-installing-ocp-on-ibm-power-vs"]
-== Requirements for installing {product-title} on {ibmpowerProductName} Virtual Server
+== Requirements for installing {product-title} on {ibm-power-server-title}
 
-Before installing {product-title} on {ibmpowerProductName} Virtual Server, you must create a service account and configure an IBM Cloud account. See xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[Configuring an IBM Cloud account] for details about creating an account, configuring DNS and supported {ibmpowerProductName} Virtual Server regions.
+Before installing {product-title} on {ibm-power-server-name} you must create a service account and configure an {ibm-cloud-name} account. See xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[Configuring an {ibm-cloud-name} account] for details about creating an account, configuring DNS and supported {ibm-power-server-name} regions.
 
-You must manually manage your cloud credentials when installing a cluster to {ibmpowerProductName} Virtual Server. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster.
+You must manually manage your cloud credentials when installing a cluster to {ibm-power-server-name}. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster.
 
 [id="choosing-a-method-to-install-ocp-on-ibm-power-vs"]
-== Choosing a method to install {product-title} on {ibmpowerProductName} Virtual Server
+== Choosing a method to install {product-title} on {ibm-power-server-title}
 
-You can install {product-title} on {ibmpowerProductName} Virtual Server using installer-provisioned infrastructure. This process involves using an installation program to provision the underlying infrastructure for your cluster. Installing {product-title} on {ibmpowerProductName} Virtual Server using user-provisioned infrastructure is not supported at this time.
+You can install {product-title} on {ibm-power-server-name} using installer-provisioned infrastructure. This process involves using an installation program to provision the underlying infrastructure for your cluster. Installing {product-title} on {ibm-power-server-name} using user-provisioned infrastructure is not supported at this time.
 
 See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned installation processes.
 
 [id="choosing-an-method-to-install-ocp-on-power-vs-installer-provisioned"]
 === Installing a cluster on installer-provisioned infrastructure
 
-You can install a cluster on {ibmpowerProductName} Virtual Server infrastructure that is provisioned by the {product-title} installation program by using one of the following methods:
+You can install a cluster on {ibm-power-server-name} infrastructure that is provisioned by the {product-title} installation program by using one of the following methods:
 
-* **xref:../../installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc#installing-ibm-power-vs-customizations[Installing a customized cluster on {ibmpowerProductName} Virtual Server]**: You can install a customized cluster on {ibmpowerProductName} Virtual Server infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
+* **xref:../../installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc#installing-ibm-power-vs-customizations[Installing a customized cluster on {ibm-power-server-name}]**: You can install a customized cluster on {ibm-power-server-name} infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
 
-* **xref:../../installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc#installing-ibm-powervs-vpc[Installing a cluster on {ibmpowerProductName} Virtual Server into an existing VPC]**: You can install {product-title} on {ibmpowerProductName} Virtual Server into an existing Virtual Private Cloud (VPC). You can use this installation method if you have constraints set by the guidelines of your company, such as limits when creating new accounts or infrastructure.
+* **xref:../../installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc#installing-ibm-powervs-vpc[Installing a cluster on {ibm-power-server-name} into an existing VPC]**: You can install {product-title} on {ibm-power-server-name} into an existing Virtual Private Cloud (VPC). You can use this installation method if you have constraints set by the guidelines of your company, such as limits when creating new accounts or infrastructure.
 
-* **xref:../../installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc#installing-ibm-power-vs-private-cluster[Installing a private cluster on {ibmpowerProductName} Virtual Server]**: You can install a private cluster on {ibmpowerProductName} Virtual Server. You can use this method to deploy {product-title} on an internal network that is not visible to the internet.
+* **xref:../../installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc#installing-ibm-power-vs-private-cluster[Installing a private cluster on {ibm-power-server-name}]**: You can install a private cluster on {ibm-power-server-name}. You can use this method to deploy {product-title} on an internal network that is not visible to the internet.
 
-* **xref:../../installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc#installing-restricted-networks-ibm-power-vs[Installing a cluster on {ibmpowerProductName} Virtual Server in a restricted network]**: You can install {product-title} on {ibmpowerProductName} Virtual Server on installer-provisioned infrastructure by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components.
+* **xref:../../installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc#installing-restricted-networks-ibm-power-vs[Installing a cluster on {ibm-power-server-name} in a restricted network]**: You can install {product-title} on {ibm-power-server-name} on installer-provisioned infrastructure by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components.
 
 include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
 
@@ -55,4 +55,4 @@ include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
 
 [id="next-steps_preparing-to-install-on-ibm-power-vs"]
 == Next steps
-* xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[Configuring an IBM Cloud account]
\ No newline at end of file
+* xref:../../installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc#installing-ibm-cloud-account-power-vs[Configuring an {ibm-cloud-name} account]
\ No newline at end of file
diff --git a/installing/installing_ibm_powervs/uninstalling-cluster-ibm-power-vs.adoc b/installing/installing_ibm_powervs/uninstalling-cluster-ibm-power-vs.adoc
index ffcbdb93a46a..b0f52f7b210d 100644
--- a/installing/installing_ibm_powervs/uninstalling-cluster-ibm-power-vs.adoc
+++ b/installing/installing_ibm_powervs/uninstalling-cluster-ibm-power-vs.adoc
@@ -1,11 +1,11 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-ibm-power-vs"]
-= Uninstalling a cluster on {ibmpowerProductName} Virtual Server
+= Uninstalling a cluster on {ibm-power-server-title}
 include::_attributes/common-attributes.adoc[]
 :context: uninstalling-cluster-ibm-power-vs
 
 toc::[]
 
-You can remove a cluster that you deployed to {ibmpowerProductName} Virtual Server.
+You can remove a cluster that you deployed to {ibm-power-server-name}.
 
 include::modules/installation-uninstall-clouds.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc b/installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc
new file mode 100644
index 000000000000..c1d4c0e2df9a
--- /dev/null
+++ b/installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-ibm-z"]
+= Installation configuration parameters for {ibm-z-title} and {ibm-linuxone-title}
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-ibm-z
+:platform: IBM Z
+
+toc::[]
+
+Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
+
+[NOTE]
+====
+While this document refers only to {ibm-z-name}, all information in it also applies to {ibm-linuxone-name}.
+====
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_ibm_z/installing-ibm-z-kvm.adoc b/installing/installing_ibm_z/installing-ibm-z-kvm.adoc
index 46e24611c254..d474e15a571f 100644
--- a/installing/installing_ibm_z/installing-ibm-z-kvm.adoc
+++ b/installing/installing_ibm_z/installing-ibm-z-kvm.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-z-kvm"]
-= Installing a cluster  with {op-system-base} KVM on {ibmzProductName} and {linuxoneProductName}
+= Installing a cluster with {op-system-base} KVM on {ibm-z-title} and {ibm-linuxone-title}
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-z-kvm
 
@@ -8,11 +8,11 @@ toc::[]
 
 [role="_abstract"]
 In {product-title} version {product-version}, you can install a cluster on
-{ibmzProductName} or {linuxoneProductName} infrastructure that you provision.
+{ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision.
 
 [NOTE]
 ====
-While this document refers only to {ibmzProductName}, all information in it also applies to {linuxoneProductName}.
+While this document refers only to {ibm-z-name}, all information in it also applies to {ibm-linuxone-name}.
 ====
 
 [IMPORTANT]
@@ -45,7 +45,7 @@ include::modules/csr-management.adoc[leveloffset=+2]
 [id="additional-resources_ibmz-kvm-recommended-host-practices"]
 .Additional resources
 
-* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibmzProductName} & {linuxoneProductName} environments]
+* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibm-z-name} & {ibm-linuxone-name} environments]
 
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]
 
@@ -71,7 +71,9 @@ include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc#installation-config-parameters-ibm-z[Installation configuration parameters for {ibm-z-name}]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
@@ -91,9 +93,11 @@ include::modules/ibm-z-secure-execution.adoc[leveloffset=+2]
 [id="additional-resources_Linux-as-an-IBM-Secure-Execution-host-or-guest"]
 .Additional resources
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=virtualization-secure-execution[Introducing IBM Secure Execution for Linux]
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=virtualization-secure-execution[Introducing {ibm-name} Secure Execution for Linux]
+
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=ibmz-secure-execution[Linux as an {ibm-name} Secure Execution host or guest]
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=ibmz-secure-execution[Linux as an IBM Secure Execution host or guest]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/securing-virtual-machines-in-rhel_configuring-and-managing-virtualization#setting-up-secure-execution-on-ibm-z_securing-virtual-machines-in-rhel[Setting up {ibm-name} Secure Execution on {ibm-z-title}]
 
 include::modules/ibmz-configure-nbde-with-static-ip.adoc[leveloffset=+2]
 
diff --git a/installing/installing_ibm_z/installing-ibm-z.adoc b/installing/installing_ibm_z/installing-ibm-z.adoc
index efef77e3ae95..4751af1ee208 100644
--- a/installing/installing_ibm_z/installing-ibm-z.adoc
+++ b/installing/installing_ibm_z/installing-ibm-z.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ibm-z"]
-= Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName}
+= Installing a cluster with z/VM on {ibm-z-title} and {ibm-linuxone-title}
 include::_attributes/common-attributes.adoc[]
 :context: installing-ibm-z
 
@@ -8,11 +8,11 @@ toc::[]
 
 [role="_abstract"]
 In {product-title} version {product-version}, you can install a cluster on
-{ibmzProductName} or {linuxoneProductName} infrastructure that you provision.
+{ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision.
 
 [NOTE]
 ====
-While this document refers only to {ibmzProductName}, all information in it also applies to {linuxoneProductName}.
+While this document refers only to {ibm-z-name}, all information in it also applies to {ibm-linuxone-name}.
 ====
 
 [IMPORTANT]
@@ -46,6 +46,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/minimum-ibm-z-system-requirements.adoc[leveloffset=+2]
 include::modules/preferred-ibm-z-system-requirements.adoc[leveloffset=+2]
 include::modules/csr-management.adoc[leveloffset=+2]
@@ -54,13 +60,13 @@ include::modules/csr-management.adoc[leveloffset=+2]
 [id="additional-resources_ibmz-requirements"]
 .Additional resources
 
-* See link:https://www.ibm.com/docs/en/zvm/7.1?topic=networks-bridging-hipersockets-lan-zvm-virtual-switch[Bridging a HiperSockets LAN with a z/VM Virtual Switch] in IBM Documentation.
+* See link:https://www.ibm.com/docs/en/zvm/latest?topic=networks-bridging-hipersockets-lan-zvm-virtual-switch[Bridging a HiperSockets LAN with a z/VM Virtual Switch] in {ibm-name} Documentation.
 
-* See link:http://public.dhe.ibm.com/software/dw/linux390/perf/zvm_hpav00.pdf[Scaling HyperPAV alias devices on Linux guests on z/VM] for performance optimization.
+* See link:https://public.dhe.ibm.com/software/dw/linux390/perf/zvm_hpav00.pdf[Scaling HyperPAV alias devices on Linux guests on z/VM] for performance optimization.
 
 * See link:https://www.vm.ibm.com/library/presentations/lparperf.pdf[Topics in LPAR performance] for LPAR weight management and entitlements.
 
-* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibmzProductName} & {linuxoneProductName} environments]
+* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibm-z-name} & {ibm-linuxone-name} environments]
 
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]
 
@@ -86,7 +92,9 @@ include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc#installation-config-parameters-ibm-z[Installation configuration parameters for {ibm-z-name}]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
diff --git a/installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc b/installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
index 69529ec1d7ab..e32f47d993e4 100644
--- a/installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
+++ b/installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-ibm-z-kvm"]
-= Installing a cluster with {op-system-base} KVM on {ibmzProductName} and {linuxoneProductName} in a restricted network
+= Installing a cluster with {op-system-base} KVM on {ibm-z-title} and {ibm-linuxone-title} in a restricted network
 include::_attributes/common-attributes.adoc[]
 :context: installing-restricted-networks-ibm-z-kvm
 
@@ -8,11 +8,11 @@ toc::[]
 
 [role="_abstract"]
 In {product-title} version {product-version}, you can install a cluster on
-{ibmzProductName} or {linuxoneProductName} infrastructure that you provision in a restricted network.
+{ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision in a restricted network.
 
 [NOTE]
 ====
-While this document refers to only {ibmzProductName}, all information in it also applies to {linuxoneProductName}.
+While this document refers to only {ibm-z-name}, all information in it also applies to {ibm-linuxone-name}.
 ====
 
 [IMPORTANT]
@@ -52,7 +52,7 @@ include::modules/csr-management.adoc[leveloffset=+2]
 [id="additional-resources_ibmz-kvm-restricted-recommended-host-practices"]
 .Additional resources
 
-* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibmzProductName} & {linuxoneProductName} environments]
+* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibm-z-name} & {ibm-linuxone-name} environments]
 
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]
 
@@ -78,7 +78,9 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc#installation-config-parameters-ibm-z[Installation configuration parameters for {ibm-z-name}]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
@@ -98,9 +100,11 @@ include::modules/ibm-z-secure-execution.adoc[leveloffset=+2]
 [id="additional-resources_Linux-as-an-IBM-Secure-Execution-host-or-guest-restricted"]
 .Additional resources
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=virtualization-secure-execution[Introducing IBM Secure Execution for Linux]
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=virtualization-secure-execution[Introducing {ibm-name} Secure Execution for Linux]
+
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=ibmz-secure-execution[Linux as an {ibm-name} Secure Execution host or guest]
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=ibmz-secure-execution[Linux as an IBM Secure Execution host or guest]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/securing-virtual-machines-in-rhel_configuring-and-managing-virtualization#setting-up-secure-execution-on-ibm-z_securing-virtual-machines-in-rhel[Setting up {ibm-name} Secure Execution on {ibm-z-title}]
 
 include::modules/ibmz-configure-nbde-with-static-ip.adoc[leveloffset=+2]
 
@@ -145,3 +149,5 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
 
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc b/installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
index 68550f8a3746..48e4ca3f570f 100644
--- a/installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
+++ b/installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-ibm-z"]
-= Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName} in a restricted network
+= Installing a cluster with z/VM on {ibm-z-title} and {ibm-linuxone-title} in a restricted network
 include::_attributes/common-attributes.adoc[]
 :context: installing-restricted-networks-ibm-z
 
@@ -8,11 +8,11 @@ toc::[]
 
 [role="_abstract"]
 In {product-title} version {product-version}, you can install a cluster on
-{ibmzProductName} or {linuxoneProductName} infrastructure that you provision in a restricted network.
+{ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision in a restricted network.
 
 [NOTE]
 ====
-While this document refers to only {ibmzProductName}, all information in it also applies to {linuxoneProductName}.
+While this document refers to only {ibm-z-name}, all information in it also applies to {ibm-linuxone-name}.
 ====
 
 [IMPORTANT]
@@ -54,6 +54,12 @@ This section describes the requirements for deploying {product-title} on user-pr
 
 include::modules/installation-machine-requirements.adoc[leveloffset=+2]
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
 include::modules/minimum-ibm-z-system-requirements.adoc[leveloffset=+2]
 include::modules/preferred-ibm-z-system-requirements.adoc[leveloffset=+2]
 include::modules/csr-management.adoc[leveloffset=+2]
@@ -61,13 +67,13 @@ include::modules/csr-management.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* See link:https://www.ibm.com/docs/en/zvm/7.1?topic=networks-bridging-hipersockets-lan-zvm-virtual-switch[Bridging a HiperSockets LAN with a z/VM Virtual Switch] in IBM Documentation.
+* See link:https://www.ibm.com/docs/en/zvm/latest?topic=networks-bridging-hipersockets-lan-zvm-virtual-switch[Bridging a HiperSockets LAN with a z/VM Virtual Switch] in {ibm-name} Documentation.
 
-* See link:http://public.dhe.ibm.com/software/dw/linux390/perf/zvm_hpav00.pdf[Scaling HyperPAV alias devices on Linux guests on z/VM] for performance optimization.
+* See link:https://public.dhe.ibm.com/software/dw/linux390/perf/zvm_hpav00.pdf[Scaling HyperPAV alias devices on Linux guests on z/VM] for performance optimization.
 
 * See link:https://www.vm.ibm.com/library/presentations/lparperf.pdf[Topics in LPAR performance] for LPAR weight management and entitlements.
 
-* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibmzProductName} & {linuxoneProductName} environments]
+* xref:../../scalability_and_performance/ibm-z-recommended-host-practices.adoc#ibm-z-recommended-host-practices[Recommended host practices for {ibm-z-name} & {ibm-linuxone-name} environments]
 
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]
 
@@ -92,7 +98,9 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
 
 include::modules/installation-initializing-manual.adoc[leveloffset=+1]
 
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc#installation-config-parameters-ibm-z[Installation configuration parameters for {ibm-z-name}]
 
 include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
 
@@ -144,3 +152,5 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
 
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
diff --git a/installing/installing_ibm_z/preparing-to-install-on-ibm-z-kvm.adoc b/installing/installing_ibm_z/preparing-to-install-on-ibm-z-kvm.adoc
deleted file mode 100644
index b06398172c81..000000000000
--- a/installing/installing_ibm_z/preparing-to-install-on-ibm-z-kvm.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: ASSEMBLY
-[id="preparing-to-install-on-ibm-z-kvm"]
-= Preparing to install with {op-system-base} KVM on {ibmzProductName} and {linuxoneProductName}
-include::_attributes/common-attributes.adoc[]
-:context: preparing-to-install-on-ibm-z-kvm
-
-toc::[]
-
-[id="preparing-to-install-on-ibm-z-kvm-prerequisites"]
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-
-[id="choosing-an-method-to-install-ocp-on-ibm-z-kvm"]
-== Choosing a method to install {product-title} with {op-system-base} KVM on {ibmzProductName} or {linuxoneProductName}
-
-You can install a cluster with {op-system-base} KVM on {ibmzProductName} or {linuxoneProductName} infrastructure that you provision, by using one of the following methods:
-
-* **xref:../../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[Installing a cluster with RHEL KVM on {ibmzProductName} and {linuxoneProductName}]**: You can install {product-title} with KVM on {ibmzProductName} or {linuxoneProductName} infrastructure that you provision.
-
-* **xref:../../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[Installing a cluster with {op-system-base} KVM on {ibmzProductName} and {linuxoneProductName} in a restricted network]**: You can install {product-title} with {op-system-base} KVM on {ibmzProductName} or {linuxoneProductName} infrastructure that you provision in a restricted or disconnected network, by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
diff --git a/installing/installing_ibm_z/preparing-to-install-on-ibm-z.adoc b/installing/installing_ibm_z/preparing-to-install-on-ibm-z.adoc
index 336a00f1fe74..6eba03b76111 100644
--- a/installing/installing_ibm_z/preparing-to-install-on-ibm-z.adoc
+++ b/installing/installing_ibm_z/preparing-to-install-on-ibm-z.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-ibm-z"]
-= Preparing to install with z/VM on {ibmzProductName} and {linuxoneProductName}
+= Preparing to install on {ibm-z-title} and {ibm-linuxone-title}
 include::_attributes/common-attributes.adoc[]
 :context: preparing-to-install-on-ibm-z
 
@@ -11,12 +11,38 @@ toc::[]
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* Before you begin the installation process, you must clean the installation directory. This ensures that the required installation files are created and updated during the installation process.
+* You provisioned xref:../../storage/persistent_storage/persistent-storage-ocs.adoc#persistent-storage-ocs[persistent storage using {rh-storage}] or other supported storage protocols for your cluster. To deploy a private image registry, you must set up persistent storage with `ReadWriteMany` access.
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+
+[NOTE]
+====
+While this document refers only to {ibm-z-name}, all information in it also applies to {ibm-linuxone-name}.
+====
 
 [id="choosing-an-method-to-install-ocp-on-ibm-z"]
-== Choosing a method to install {product-title} with z/VM on {ibmzProductName} or {linuxoneProductName}
+== Choosing a method to install {product-title} on {ibm-z-title} or {ibm-linuxone-title}
+
+You can install {product-title} with the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}]. This method requires no setup for the installer, and is ideal for connected environments like {ibm-z-name}.
+See xref:../../installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc#installing-on-prem-assisted[Installing an on-premise cluster using the {ai-full}] for additional details.
+
+You can also install {product-title} on infrastructure that you provide. If you do not use infrastructure that the installation program provisions, you must manage and maintain the cluster resources yourself.
+
+See the xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about Assisted Installer and user-provisioned installation processes.
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the {ibm-z-name} platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
+====
+
+=== User-provisioned infrastructure installation of {product-title} on {ibm-z-title}
+
+User-provisioned infrastructure requires the user to provision all resources required by {product-title}.
+
+* **xref:../../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}]**: You can install {product-title} with z/VM on {ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision.
 
-You can install a cluster with z/VM on {ibmzProductName} or {linuxoneProductName} infrastructure that you provision, by using one of the following methods:
+* **xref:../../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name} in a restricted network]**: You can install {product-title} with z/VM on {ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision in a restricted or disconnected network, by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
 
-* **xref:../../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName}]**: You can install {product-title} with z/VM on {ibmzProductName} or {linuxoneProductName} infrastructure that you provision.
+* **xref:../../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[Installing a cluster with RHEL KVM on {ibm-z-name} and {ibm-linuxone-name}]**: You can install {product-title} with KVM on {ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision.
 
-* **xref:../../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName} in a restricted network]**: You can install {product-title} with z/VM on {ibmzProductName} or {linuxoneProductName} infrastructure that you provision in a restricted or disconnected network, by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
+* **xref:../../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[Installing a cluster with {op-system-base} KVM on {ibm-z-name} and {ibm-linuxone-name} in a restricted network]**: You can install {product-title} with {op-system-base} KVM on {ibm-z-name} or {ibm-linuxone-name} infrastructure that you provision in a restricted or disconnected network, by using an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
diff --git a/installing/installing_nutanix/installation-config-parameters-nutanix.adoc b/installing/installing_nutanix/installation-config-parameters-nutanix.adoc
new file mode 100644
index 000000000000..2acd108defa3
--- /dev/null
+++ b/installing/installing_nutanix/installation-config-parameters-nutanix.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-nutanix"]
+= Installation configuration parameters for Nutanix
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-nutanix
+:platform: Nutanix
+
+toc::[]
+
+Before you deploy an {product-title} cluster on Nutanix, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc b/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
index 06c5269109e6..a378b0d9e1ad 100644
--- a/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
+++ b/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-nutanix-installer-provisioned"]
 = Installing a cluster on Nutanix
 include::_attributes/common-attributes.adoc[]
@@ -7,18 +7,25 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-In {product-title} version {product-version}, you can install a cluster on your Nutanix instance with two methods:
+In {product-title} version {product-version}, you can choose one of the following options to install a cluster on your Nutanix instance:
 
-* Using the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[{ai-full}] hosted at link:http://console.redhat.com[console.redhat.com]. This method requires no setup for the installer, and is ideal for connected environments like Nutanix. Installing with the {ai-full} also provides integration with Nutanix, enabling autoscaling. See xref:../../installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc#installing-on-prem-assisted[Installing an on-premise cluster using the {ai-full}] for additional details.
+**Using installer-provisioned infrastructure**: Use the procedures in the following sections to use installer-provisioned infrastructure. Installer-provisioned infrastructure is ideal for installing in connected or disconnected network environments. The installer-provisioned infrastructure includes an installation program that provisions the underlying infrastructure for the cluster.
 
-* Using installer-provisioned infrastructure. Use the procedures in the following sections to use installer-provisioned infrastructure. Installer-provisioned infrastructure is ideal for installing in environments with air-gapped/restricted networks.
+**Using the Assisted Installer**: The link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}] hosted at link:http://console.redhat.com[console.redhat.com]. The {ai-full} cannot be used in disconnected environments. The {ai-full} does not provision the underlying infrastructure for the cluster, so you must provision the infrastructure before the running the {ai-full}. Installing with the {ai-full} also provides integration with Nutanix, enabling autoscaling. See xref:../../installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc#installing-on-prem-assisted[Installing an on-premise cluster using the {ai-full}] for additional details.
+
+**Using user-provisioned infrastructure**: Complete the relevant steps outlined in the xref:../../installing/installing_platform_agnostic/installing-platform-agnostic.adoc#installing-platform-agnostic[Installing a cluster on any platform] documentation.
 
 == Prerequisites
 
 * You have reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* If you use a firewall, you have configured it to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
+* The installation program requires access to port 9440 on Prism Central and Prism Element. You verified that port 9440 is accessible.
+* If you use a firewall, you have met these prerequisites:
+** You confirmed that port 9440 is accessible. Control plane nodes must be able to reach Prism Central and Prism Element on port 9440 for the installation to succeed.
+** You configured the firewall to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
 * If your Nutanix environment is using the default self-signed SSL certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the  https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].
 +
+If your Nutanix environment uses an internal CA to issue certificates, you must configure a cluster-wide proxy as part of the installation process. For more information, see xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI].
++
 [IMPORTANT]
 ====
 Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x.
@@ -34,20 +41,24 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 include::modules/installation-adding-nutanix-root-certificates.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_nutanix/installation-config-parameters-nutanix.adoc#installation-config-parameters-nutanix[Installation configuration parameters for Nutanix]
+
 include::modules/installation-nutanix-config-yaml.adoc[leveloffset=+2]
+include::modules/installation-configuring-nutanix-failure-domains.adoc[leveloffset=+2]
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/manually-configure-iam-nutanix.adoc[leveloffset=+1]
 
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
+include::modules/installation-nutanix-ccm.adoc[leveloffset=+1]
 
-== Configuring the default storage container
-After you install the cluster, you must install the Nutanix CSI Operator and configure the default storage container for the cluster.
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
-For more information, see the Nutanix documentation for link:https://opendocs.nutanix.com/openshift/operators/csi/[installing the CSI Operator] and link:https://opendocs.nutanix.com/openshift/install/ipi/#openshift-image-registry-configuration[configuring registry storage].
+include::modules/registry-configuring-storage-nutanix.adoc[leveloffset=+1]
 
 include::modules/cluster-telemetry.adoc[leveloffset=+1]
 
diff --git a/installing/installing_nutanix/installing-nutanix-three-node.adoc b/installing/installing_nutanix/installing-nutanix-three-node.adoc
index 611d2d75be0b..77fb9e4116c9 100644
--- a/installing/installing_nutanix/installing-nutanix-three-node.adoc
+++ b/installing/installing_nutanix/installing-nutanix-three-node.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-nutanix-three-node"]
 = Installing a three-node cluster on Nutanix
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc b/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc
index 8dfa556dfd93..1a911424edce 100644
--- a/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc
+++ b/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-nutanix-installer-provisioned"]
 = Installing a cluster on Nutanix in a restricted network
 include::_attributes/common-attributes.adoc[]
@@ -11,9 +11,14 @@ In {product-title} {product-version}, you can install a cluster on Nutanix infra
 == Prerequisites
 
 * You have reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* If you use a firewall, you have configured it to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
+* The installation program requires access to port 9440 on Prism Central and Prism Element. You verified that port 9440 is accessible.
+* If you use a firewall, you have met these prerequisites:
+** You confirmed that port 9440 is accessible. Control plane nodes must be able to reach Prism Central and Prism Element on port 9440 for the installation to succeed.
+** You configured the firewall to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
 * If your Nutanix environment is using the default self-signed SSL/TLS certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the  https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].
 +
+If your Nutanix environment uses an internal CA to issue certificates, you must configure a cluster-wide proxy as part of the installation process. For more information, see xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI].
++
 [IMPORTANT]
 ====
 Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x.
@@ -35,8 +40,13 @@ include::modules/installation-adding-nutanix-root-certificates.adoc[leveloffset=
 include::modules/installation-nutanix-download-rhcos.adoc[leveloffset=+1]
 
 include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_nutanix/installation-config-parameters-nutanix.adoc#installation-config-parameters-nutanix[Installation configuration parameters for Nutanix]
+
 include::modules/installation-nutanix-config-yaml.adoc[leveloffset=+2]
+include::modules/installation-configuring-nutanix-failure-domains.adoc[leveloffset=+2]
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
@@ -60,5 +70,6 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
 
 == Next steps
-* xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting]
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting]
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]
diff --git a/installing/installing_nutanix/nutanix-failure-domains.adoc b/installing/installing_nutanix/nutanix-failure-domains.adoc
new file mode 100644
index 000000000000..b8efccd386c1
--- /dev/null
+++ b/installing/installing_nutanix/nutanix-failure-domains.adoc
@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nutanix-failure-domains"]
+= Fault tolerant deployments using multiple Prism Elements
+include::_attributes/common-attributes.adoc[]
+:context: nutanix-failure-domains
+
+toc::[]
+
+By default, the installation program installs control plane and compute machines into a single Nutanix Prism Element (cluster). To improve the fault tolerance of your {product-title} cluster, you can specify that these machines be distributed across multiple Nutanix clusters by configuring failure domains.
+
+A failure domain represents an additional Prism Element instance that is available to {product-title} machine pools during and after installation.
+
+include::modules/installation-nutanix-failure-domains-req.adoc[leveloffset=+1]
+
+== Installation method and failure domain configuration
+
+The {product-title} installation method determines how and when you configure failure domains:
+
+* If you deploy using installer-provisioned infrastructure, you can configure failure domains in the installation configuration file before deploying the cluster. For more information, see xref:../../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installation-configuring-nutanix-failure-domains_installing-nutanix-installer-provisioned[Configuring failure domains].
++
+You can also configure failure domains after the cluster is deployed. For more information about configuring failure domains post-installation, see xref:../../post_installation_configuration/adding-nutanix-failure-domains.adoc#adding-failure-domains-to-an-existing-nutanix-cluster[Adding failure domains to an existing Nutanix cluster].
+
+* If you deploy using infrastructure that you manage (user-provisioned infrastructure) no additional configuration is required. After the cluster is deployed, you can manually distribute control plane and compute machines across failure domains.
diff --git a/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc b/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc
index 94c3aebe6ebe..776e01cdeb10 100644
--- a/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc
+++ b/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-nutanix"]
 = Preparing to install on Nutanix
 include::_attributes/common-attributes.adoc[]
@@ -13,4 +13,4 @@ include::modules/installation-nutanix-installer-infra-reqs.adoc[leveloffset=+1]
 include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
-* xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
\ No newline at end of file
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials]
\ No newline at end of file
diff --git a/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc b/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc
index c06ce809a46b..bda3171f1057 100644
--- a/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc
+++ b/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-nutanix"]
 = Uninstalling a cluster on Nutanix
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_on_prem_assisted/assisted-installer-installing.adoc b/installing/installing_on_prem_assisted/assisted-installer-installing.adoc
index bd6b65dcf992..d04370a13312 100644
--- a/installing/installing_on_prem_assisted/assisted-installer-installing.adoc
+++ b/installing/installing_on_prem_assisted/assisted-installer-installing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-with-ai"]
 = Installing with the Assisted Installer
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_on_prem_assisted/assisted-installer-preparing-to-install.adoc b/installing/installing_on_prem_assisted/assisted-installer-preparing-to-install.adoc
index e3e20a19b38b..19242e82a7ce 100644
--- a/installing/installing_on_prem_assisted/assisted-installer-preparing-to-install.adoc
+++ b/installing/installing_on_prem_assisted/assisted-installer-preparing-to-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-with-ai"]
 = Preparing to install with the Assisted Installer
 include::_attributes/common-attributes.adoc[]
@@ -23,4 +23,4 @@ include::modules/assisted-installer-assisted-installer-prerequisites.adoc[levelo
 
 * xref:../installing_bare_metal_ipi/ipi-install-prerequisites.adoc#ipi-install-firmware-requirements-for-installing-with-virtual-media_ipi-install-prerequisites[Firmware requirements for installing with virtual media]
 
-* xref:../installing_bare_metal_ipi/ipi-install-prerequisites.html#network-requirements-increase-mtu_ipi-install-prerequisites[Increase the network MTU]
+* xref:../installing_bare_metal_ipi/ipi-install-prerequisites.adoc#network-requirements-increase-mtu_ipi-install-prerequisites[Increase the network MTU]
diff --git a/installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc b/installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc
index 336ca53b4041..62be05689c76 100644
--- a/installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc
+++ b/installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-on-prem-assisted"]
 = Installing an on-premise cluster using the {ai-full}
 include::_attributes/common-attributes.adoc[]
@@ -6,12 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can install {product-title} on on-premise hardware or on-premise VMs using the {ai-full}. Installing {product-title} using the {ai-full} supports x86_64, AArch64, ppc64le, and s390x CPU architectures.
-
-[NOTE]
-====
-Installing {product-title} on {ibmzProductName} (s390x) is supported only with RHEL KVM installations.
-====
+You can install {product-title} on on-premise hardware or on-premise VMs by using the {ai-full}. Installing {product-title} by using the {ai-full} supports `x86_64`, `AArch64`, `ppc64le`, and `s390x` CPU architectures.
 
 include::modules/assisted-installer-using-the-assisted-installer.adoc[leveloffset=+1]
 
diff --git a/installing/installing_openstack/installation-config-parameters-openstack.adoc b/installing/installing_openstack/installation-config-parameters-openstack.adoc
new file mode 100644
index 000000000000..13f473df2832
--- /dev/null
+++ b/installing/installing_openstack/installation-config-parameters-openstack.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-openstack"]
+= Installation configuration parameters for OpenStack
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-openstack
+:platform: OpenStack
+
+toc::[]
+
+Before you deploy an {product-title} cluster on {rh-openstack-first}, you provide parameters to customize your cluster and the platform that hosts it. When you create the `install-config.yaml` file, you provide values for the required parameters through the command line. You can then modify the `install-config.yaml` file to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
diff --git a/installing/installing_openstack/installing-openstack-cloud-config-reference.adoc b/installing/installing_openstack/installing-openstack-cloud-config-reference.adoc
index 83cb9f26fe91..cf3b448b9612 100644
--- a/installing/installing_openstack/installing-openstack-cloud-config-reference.adoc
+++ b/installing/installing_openstack/installing-openstack-cloud-config-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-cloud-config-reference"]
 = OpenStack Cloud Controller Manager reference guide
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_openstack/installing-openstack-installer-custom.adoc b/installing/installing_openstack/installing-openstack-installer-custom.adoc
index 48c5ae2c18cb..08e4cd4c7809 100644
--- a/installing/installing_openstack/installing-openstack-installer-custom.adoc
+++ b/installing/installing_openstack/installing-openstack-installer-custom.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-installer-custom"]
 = Installing a cluster on OpenStack with customizations
 include::_attributes/common-attributes.adoc[]
@@ -33,11 +33,9 @@ include::modules/installation-initializing.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-
-See xref:../installing_openstack/installing-openstack-installer-custom.adoc#installation-configuration-parameters_installing-openstack-installer-custom[*Installation configuration parameters* section] for more information about the available parameters.
+* xref:../../installing/installing_openstack/installation-config-parameters-openstack.adoc#installation-config-parameters-openstack[Installation configuration parameters for OpenStack]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
 include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
 include::modules/installation-osp-deploying-bare-metal-machines.adoc[leveloffset=+2]
 include::modules/installation-osp-provider-networks.adoc[leveloffset=+2]
@@ -52,7 +50,12 @@ After you deploy your cluster, you can attach pods to additional networks. For m
 ====
 
 include::modules/installation-osp-config-yaml.adoc[leveloffset=+2]
-include::modules/installation-osp-failure-domains-config.adoc[leveloffset=+2]
+
+
+//Dual-stack networking
+include::modules/install-osp-dualstack.adoc[leveloffset=+2]
+include::modules/install-osp-deploy-dualstack.adoc[leveloffset=+3]
+
 include::modules/installation-osp-external-lb-config.adoc[leveloffset=+2]
 // include::modules/installation-osp-setting-worker-affinity.adoc[leveloffset=+1]
 include::modules/ssh-agent-using.adoc[leveloffset=+1]
diff --git a/installing/installing_openstack/installing-openstack-installer-kuryr.adoc b/installing/installing_openstack/installing-openstack-installer-kuryr.adoc
deleted file mode 100644
index c8e26373a009..000000000000
--- a/installing/installing_openstack/installing-openstack-installer-kuryr.adoc
+++ /dev/null
@@ -1,88 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-openstack-installer-kuryr"]
-= Installing a cluster on OpenStack with Kuryr
-include::_attributes/common-attributes.adoc[]
-:context: installing-openstack-installer-kuryr
-
-toc::[]
-
-:FeatureName: Kuryr
-include::modules/deprecated-feature.adoc[leveloffset=+1]
-
-In {product-title} version {product-version}, you can install a customized cluster on
-{rh-openstack-first} that uses Kuryr SDN. To customize the installation, modify parameters in the `install-config.yaml` before you install the cluster.
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You verified that {product-title} {product-version} is compatible with your {rh-openstack} version by using the xref:../../architecture/architecture-installation.adoc#supported-platforms-for-openshift-clusters_architecture-installation[Supported platforms for OpenShift clusters] section. You can also compare platform support across different versions by viewing the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
-* You have a storage service installed in {rh-openstack}, such as block storage (Cinder) or object storage (Swift). Object storage is the recommended storage technology for {product-title} registry cluster deployment. For more information, see xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage].
-* You understand performance and scalability practices for cluster scaling, control plane sizing, and etcd. For more information, see xref:../../scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc#recommended-host-practices[Recommended practices for scaling the cluster].
-
-include::modules/installation-osp-about-kuryr.adoc[leveloffset=+1]
-include::modules/installation-osp-default-kuryr-deployment.adoc[leveloffset=+1]
-include::modules/installation-osp-kuryr-increase-quota.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-neutron-configuration.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-octavia-configuration.adoc[leveloffset=+2]
-
-You can xref:../../networking/load-balancing-openstack.adoc#installation-osp-kuryr-octavia-configure[configure your cluster to use the Octavia OVN driver] after your {rh-openstack} cloud is upgraded from version 13 to version 16.
-
-include::modules/installation-osp-kuryr-known-limitations.adoc[leveloffset=+2]
-include::modules/installation-osp-control-compute-machines.adoc[leveloffset=+2]
-include::modules/installation-osp-bootstrap-machine.adoc[leveloffset=+2]
-include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-include::modules/installation-osp-enabling-swift.adoc[leveloffset=+1]
-include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1]
-include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
-include::modules/installation-osp-setting-cloud-provider-options.adoc[leveloffset=+1]
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
-include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-config-yaml.adoc[leveloffset=+2]
-include::modules/installation-osp-failure-domains-config.adoc[leveloffset=+2]
-include::modules/installation-osp-external-lb-config.adoc[leveloffset=+2]
-include::modules/installation-osp-provider-networks.adoc[leveloffset=+2]
-include::modules/installation-osp-provider-network-preparation.adoc[leveloffset=+3]
-include::modules/installation-osp-deploying-provider-networks-installer.adoc[leveloffset=+3]
-
-[TIP]
-====
-You can add additional networks, including provider networks, to the `platform.openstack.additionalNetworkIDs` list.
-
-After you deploy your cluster, you can attach pods to additional networks. For more information, see xref:../../networking/multiple_networks/understanding-multiple-networks.adoc#understanding-multiple-networks[Understanding multiple networks].
-====
-
-include::modules/installation-osp-kuryr-port-pools.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-settings-installing.adoc[leveloffset=+2]
-// include::modules/installation-osp-setting-worker-affinity.adoc[leveloffset=+1]
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-include::modules/installation-osp-accessing-api.adoc[leveloffset=+1]
-include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
-include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a node port].
-* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
diff --git a/installing/installing_openstack/installing-openstack-installer-ovs-dpdk.adoc b/installing/installing_openstack/installing-openstack-installer-ovs-dpdk.adoc
index 702d8369c8b4..cef6702d4151 100644
--- a/installing/installing_openstack/installing-openstack-installer-ovs-dpdk.adoc
+++ b/installing/installing_openstack/installing-openstack-installer-ovs-dpdk.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-installer-ovs-dpdk"]
 = Installing a cluster on OpenStack that supports OVS-DPDK-connected compute machines
 include::_attributes/common-attributes.adoc[]
@@ -34,8 +34,12 @@ include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
 include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_openstack/installation-config-parameters-openstack.adoc#installation-config-parameters-openstack[Installation configuration parameters for OpenStack]
+
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
 include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
 include::modules/installation-osp-deploying-bare-metal-machines.adoc[leveloffset=+2]
 include::modules/installation-osp-config-yaml.adoc[leveloffset=+2]
diff --git a/installing/installing_openstack/installing-openstack-installer-restricted.adoc b/installing/installing_openstack/installing-openstack-installer-restricted.adoc
index 2fb483d74035..2ed42bbeebc2 100644
--- a/installing/installing_openstack/installing-openstack-installer-restricted.adoc
+++ b/installing/installing_openstack/installing-openstack-installer-restricted.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-installer-restricted"]
 = Installing a cluster on OpenStack in a restricted network
 include::_attributes/common-attributes.adoc[]
@@ -30,12 +30,15 @@ include::modules/installation-osp-bootstrap-machine.adoc[leveloffset=+2]
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 include::modules/installation-osp-enabling-swift.adoc[leveloffset=+1]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
-include::modules/installation-osp-failure-domains-config.adoc[leveloffset=+2]
 include::modules/installation-osp-setting-cloud-provider-options.adoc[leveloffset=+1]
 include::modules/installation-creating-image-restricted.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_openstack/installation-config-parameters-openstack.adoc#installation-config-parameters-openstack[Installation configuration parameters for OpenStack]
+
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
 include::modules/installation-osp-restricted-config-yaml.adoc[leveloffset=+2]
 // include::modules/installation-osp-setting-worker-affinity.adoc[leveloffset=+1]
 include::modules/ssh-agent-using.adoc[leveloffset=+1]
@@ -66,6 +69,7 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool.
 * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks].
 * If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
diff --git a/installing/installing_openstack/installing-openstack-installer.adoc b/installing/installing_openstack/installing-openstack-installer.adoc
index 3dbb132d0a41..edda546c12fa 100644
--- a/installing/installing_openstack/installing-openstack-installer.adoc
+++ b/installing/installing_openstack/installing-openstack-installer.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-installer"]
 = Installing a cluster on OpenStack
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_openstack/installing-openstack-load-balancing.adoc b/installing/installing_openstack/installing-openstack-load-balancing.adoc
index 6b1b879a9508..b161ca7b1650 100644
--- a/installing/installing_openstack/installing-openstack-load-balancing.adoc
+++ b/installing/installing_openstack/installing-openstack-load-balancing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-load-balancing"]
 = Load balancing deployments on OpenStack
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_openstack/installing-openstack-nfv-preparing.adoc b/installing/installing_openstack/installing-openstack-nfv-preparing.adoc
index 25179b2de16a..71a1417c86c4 100644
--- a/installing/installing_openstack/installing-openstack-nfv-preparing.adoc
+++ b/installing/installing_openstack/installing-openstack-nfv-preparing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-nfv-preparing"]
 = Preparing to install a cluster that uses SR-IOV or OVS-DPDK on OpenStack
 include::_attributes/common-attributes.adoc[]
@@ -17,6 +17,8 @@ include::modules/installation-openstack-ovs-dpdk-requirements.adoc[leveloffset=+
 
 You must configure {rh-openstack} before you install a cluster that uses SR-IOV on it.
 
+When installing a cluster using SR-IOV, you must deploy clusters using cgroup v1. For more information, xref:../../installing/install_config/enabling-cgroup-v1.adoc#enabling-cgroup-v1[Enabling Linux control group version 1 (cgroup v1)].
+
 include::modules/installation-osp-configuring-sr-iov.adoc[leveloffset=+2]
 
 [id="installing-openstack-nfv-preparing-tasks-ovs-dpdk"]
@@ -26,16 +28,16 @@ You must configure {rh-openstack} before you install a cluster that uses SR-IOV
 
 * Complete link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/network_functions_virtualization_planning_and_configuration_guide/part-dpdk-configure#p-ovs-dpdk-flavor-deploy-instance[Creating a flavor and deploying an instance for OVS-DPDK] before you install a cluster on {rh-openstack}.
 
-After you perform pre-installation tasks, install your cluster by following the most relevant {product-title} on {rh-openstack} installation instructions. Then, perform the tasks under "Next steps" on this page.
+After you perform preinstallation tasks, install your cluster by following the most relevant {product-title} on {rh-openstack} installation instructions. Then, perform the tasks under "Next steps" on this page.
 
 [id="next-steps_installing-openstack-nfv-preparing"]
 == Next steps
 
 * For either type of deployment:
-** xref:../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.html#what-huge-pages-do_huge-pages[Configure the Node Tuning Operator with huge pages support].
+** xref:../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc#what-huge-pages-do_huge-pages[Configure the Node Tuning Operator with huge pages support].
 * To complete SR-IOV configuration after you deploy your cluster:
-** xref:../../networking/hardware_networks/installing-sriov-operator.html#installing-sr-iov-operator_installing-sriov-operator[Install the SR-IOV Operator].
-** xref:../../networking/hardware_networks/configuring-sriov-device.html#nw-sriov-networknodepolicy-object_configuring-sriov-device[Configure your SR-IOV network device].
+** xref:../../networking/hardware_networks/installing-sriov-operator.adoc#installing-sr-iov-operator_installing-sriov-operator[Install the SR-IOV Operator].
+** xref:../../networking/hardware_networks/configuring-sriov-device.adoc#nw-sriov-networknodepolicy-object_configuring-sriov-device[Configure your SR-IOV network device].
 ** xref:../../machine_management/creating_machinesets/creating-machineset-osp.adoc#machineset-yaml-osp-sr-iov_creating-machineset-osp[Create SR-IOV compute machines].
 * Consult the following references after you deploy your cluster to improve its performance:
 ** xref:../../networking/hardware_networks/using-dpdk-and-rdma.adoc#nw-openstack-ovs-dpdk-testpmd-pod_using-dpdk-and-rdma[A test pod template for clusters that use OVS-DPDK on OpenStack].
diff --git a/installing/installing_openstack/installing-openstack-troubleshooting.adoc b/installing/installing_openstack/installing-openstack-troubleshooting.adoc
index ed463008ca06..03fc4fe1ea44 100644
--- a/installing/installing_openstack/installing-openstack-troubleshooting.adoc
+++ b/installing/installing_openstack/installing-openstack-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-troubleshooting"]
 = Troubleshooting
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_openstack/installing-openstack-user-kuryr.adoc b/installing/installing_openstack/installing-openstack-user-kuryr.adoc
deleted file mode 100644
index 00838b18c266..000000000000
--- a/installing/installing_openstack/installing-openstack-user-kuryr.adoc
+++ /dev/null
@@ -1,93 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-openstack-user-kuryr"]
-= Installing a cluster on OpenStack with Kuryr on your own infrastructure
-include::_attributes/common-attributes.adoc[]
-:context: installing-openstack-user-kuryr
-
-toc::[]
-
-:FeatureName: Kuryr
-include::modules/deprecated-feature.adoc[leveloffset=+1]
-
-In {product-title} version {product-version}, you can install a cluster on
-{rh-openstack-first} that runs on user-provisioned infrastructure.
-
-Using your own infrastructure allows you to integrate your cluster with existing infrastructure and modifications. The process requires more labor on your part than installer-provisioned installations, because you must create all {rh-openstack} resources, like Nova servers, Neutron ports, and security groups. However, Red Hat provides Ansible playbooks to help you in the deployment process.
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You verified that {product-title} {product-version} is compatible with your {rh-openstack} version by using the xref:../../architecture/architecture-installation.adoc#supported-platforms-for-openshift-clusters_architecture-installation[Supported platforms for OpenShift clusters] section. You can also compare platform support across different versions by viewing the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
-* You have an {rh-openstack} account where you want to install {product-title}.
-* You understand performance and scalability practices for cluster scaling, control plane sizing, and etcd. For more information, see xref:../../scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc#recommended-host-practices[Recommended practices for scaling the cluster].
-* On the machine from which you run the installation program, you have:
-** A single directory in which you can keep the files you create during the installation process
-** Python 3
-
-include::modules/installation-osp-about-kuryr.adoc[leveloffset=+1]
-include::modules/installation-osp-default-kuryr-deployment.adoc[leveloffset=+1]
-include::modules/installation-osp-kuryr-increase-quota.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-neutron-configuration.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-octavia-configuration.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-known-limitations.adoc[leveloffset=+2]
-include::modules/installation-osp-control-compute-machines.adoc[leveloffset=+2]
-include::modules/installation-osp-bootstrap-machine.adoc[leveloffset=+2]
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-include::modules/installation-osp-downloading-modules.adoc[leveloffset=+1]
-include::modules/installation-osp-downloading-playbooks.adoc[leveloffset=+1]
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-// include::modules/installation-osp-enabling-swift.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-image.adoc[leveloffset=+1]
-include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1]
-include::modules/installation-osp-accessing-api.adoc[leveloffset=+1]
-include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
-include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
-include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
-include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
-include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-config-yaml.adoc[leveloffset=+2]
-include::modules/installation-osp-failure-domains-config.adoc[leveloffset=+2]
-include::modules/installation-osp-provider-networks.adoc[leveloffset=+2]
-include::modules/installation-osp-provider-network-preparation.adoc[leveloffset=+3]
-include::modules/installation-osp-deploying-provider-networks-installer.adoc[leveloffset=+3]
-
-[TIP]
-====
-You can add additional networks, including provider networks, to the `platform.openstack.additionalNetworkIDs` list.
-
-After you deploy your cluster, you can attach pods to additional networks. For more information, see xref:../../networking/multiple_networks/understanding-multiple-networks.adoc#understanding-multiple-networks[Understanding multiple networks].
-====
-
-include::modules/installation-osp-kuryr-port-pools.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-settings-installing.adoc[leveloffset=+2]
-include::modules/installation-osp-fixing-subnet.adoc[leveloffset=+2]
-include::modules/installation-osp-emptying-worker-pools.adoc[leveloffset=+2]
-include::modules/installation-osp-modifying-networktype.adoc[leveloffset=+2]
-include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1]
-include::modules/installation-osp-converting-ignition-resources.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-control-plane-ignition.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-network-resources.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-bootstrap-machine.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-control-plane.adoc[leveloffset=+1]
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-include::modules/installation-osp-deleting-bootstrap-resources.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-compute-machines.adoc[leveloffset=+1]
-include::modules/installation-approve-csrs.adoc[leveloffset=+1]
-include::modules/installation-osp-verifying-installation.adoc[leveloffset=+1]
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a node port].
-* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
diff --git a/installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc b/installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
deleted file mode 100644
index 5659175b96cf..000000000000
--- a/installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
+++ /dev/null
@@ -1,85 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-openstack-user-sr-iov-kuryr"]
-= Installing a cluster on OpenStack with Kuryr on your own SR-IOV infrastructure
-include::_attributes/common-attributes.adoc[]
-:context: installing-openstack-user-sr-iov-kuryr
-
-toc::[]
-
-In {product-title} {product-version}, you can install a cluster on
-{rh-openstack-first} that runs on user-provisioned infrastructure and uses SR-IOV networks to run compute machines.
-
-Using your own infrastructure allows you to integrate your cluster with existing infrastructure and modifications. The process requires more labor on your part than installer-provisioned installations, because you must create all {rh-openstack} resources, such as Nova servers, Neutron ports, and security groups. However, Red Hat provides Ansible playbooks to help you in the deployment process.
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You verified that {product-title} {product-version} is compatible with your {rh-openstack} version by using the xref:../../architecture/architecture-installation.adoc#supported-platforms-for-openshift-clusters_architecture-installation[Supported platforms for OpenShift clusters] section. You can also compare platform support across different versions by viewing the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
-* Your network configuration does not rely on a provider network. Provider networks are not supported.
-* You have a {rh-openstack} account where you want to install {product-title}.
-* You understand performance and scalability practices for cluster scaling, control plane sizing, and etcd. For more information, see xref:../../scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc#recommended-host-practices[Recommended practices for scaling the cluster].
-* On the machine where you run the installation program, you have:
-** A single directory in which you can keep the files you create during the installation process
-** Python 3
-
-include::modules/installation-osp-about-kuryr.adoc[leveloffset=+1]
-include::modules/installation-osp-default-kuryr-deployment.adoc[leveloffset=+1]
-include::modules/installation-osp-kuryr-increase-quota.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-neutron-configuration.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-octavia-configuration.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-known-limitations.adoc[leveloffset=+2]
-include::modules/installation-osp-control-compute-machines.adoc[leveloffset=+2]
-include::modules/installation-osp-bootstrap-machine.adoc[leveloffset=+2]
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-include::modules/installation-osp-downloading-modules.adoc[leveloffset=+1]
-include::modules/installation-osp-downloading-playbooks.adoc[leveloffset=+1]
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-// include::modules/installation-osp-enabling-swift.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-image.adoc[leveloffset=+1]
-include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1]
-include::modules/installation-osp-accessing-api.adoc[leveloffset=+1]
-include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
-include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
-include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
-include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
-include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-config-yaml.adoc[leveloffset=+2]
-include::modules/installation-osp-fixing-subnet.adoc[leveloffset=+2]
-include::modules/installation-osp-emptying-worker-pools.adoc[leveloffset=+2]
-include::modules/installation-osp-modifying-networktype.adoc[leveloffset=+2]
-include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1]
-include::modules/installation-osp-converting-ignition-resources.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-control-plane-ignition.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-network-resources.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-bootstrap-machine.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-control-plane.adoc[leveloffset=+1]
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-include::modules/installation-osp-deleting-bootstrap-resources.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-sr-iov.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-sr-iov-compute-machines.adoc[leveloffset=+1]
-
-To finish configuring SR-IOV for your cluster, complete the SR-IOV-related "Next steps" that follow the installation process.
-
-include::modules/installation-approve-csrs.adoc[leveloffset=+1]
-include::modules/installation-osp-verifying-installation.adoc[leveloffset=+1]
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-== Next steps
-
-* To complete SR-IOV configuration for your cluster:
-** xref:../../post_installation_configuration/network-configuration.html#networking-osp-preparing-for-sr-iov_post-install-network-configuration[Prepare the cluster for SR-IOV].
-** xref:../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.html#what-huge-pages-do_huge-pages[Install the performance operator with huge pages support].
-** xref:../../networking/hardware_networks/installing-sriov-operator.html#installing-sr-iov-operator_installing-sriov-operator[Install the SR-IOV Operator].
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a node port].
-* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
diff --git a/installing/installing_openstack/installing-openstack-user-sr-iov.adoc b/installing/installing_openstack/installing-openstack-user-sr-iov.adoc
index af03deba0932..d733a56552d8 100644
--- a/installing/installing_openstack/installing-openstack-user-sr-iov.adoc
+++ b/installing/installing_openstack/installing-openstack-user-sr-iov.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-user-sr-iov"]
 = Installing a cluster on OpenStack on your own SR-IOV infrastructure
 include::_attributes/common-attributes.adoc[]
@@ -38,7 +38,11 @@ include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
 include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_openstack/installation-config-parameters-openstack.adoc#installation-config-parameters-openstack[Installation configuration parameters for OpenStack]
+
 include::modules/installation-osp-config-yaml.adoc[leveloffset=+2]
 include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
 include::modules/installation-osp-fixing-subnet.adoc[leveloffset=+2]
@@ -66,7 +70,7 @@ include::modules/networking-osp-enabling-vfio-noiommu.adoc[leveloffset=+2]
 
 [NOTE]
 ====
-After you apply the machine config to the machine pool, you can xref:../../post_installation_configuration/machine-configuration-tasks.html#checking-mco-status_post-install-machine-configuration-tasks[watch the machine config pool status] to see when the machines are available.
+After you apply the machine config to the machine pool, you can xref:../../post_installation_configuration/machine-configuration-tasks.adoc#checking-mco-status_post-install-machine-configuration-tasks[watch the machine config pool status] to see when the machines are available.
 ====
 
 // TODO: If bullet one of Next steps is truly required for this flow, these topics (in full or in part) could be added here rather than linked to.
@@ -85,15 +89,15 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="additional-resources_installing-openstack-user-sr-iov"]
 == Additional resources
-* xref:../../scalability_and_performance/cnf-low-latency-tuning.html#cnf-understanding-low-latency_cnf-master[Low latency tuning of OpenShift Container Platform nodes]
+* xref:../../scalability_and_performance/cnf-low-latency-tuning.adoc#cnf-understanding-low-latency_cnf-master[Low latency tuning of OpenShift Container Platform nodes]
 
 [id="next-steps_installing-user-sr-iov"]
 == Next steps
 
 * To complete SR-IOV configuration for your cluster:
-** xref:../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.html#what-huge-pages-do_huge-pages[Configure huge pages support].
-** xref:../../networking/hardware_networks/installing-sriov-operator.html#installing-sr-iov-operator_installing-sriov-operator[Install the SR-IOV Operator].
-** xref:../../networking/hardware_networks/configuring-sriov-device.html#nw-sriov-networknodepolicy-object_configuring-sriov-device[Configure your SR-IOV network device].
+** xref:../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc#what-huge-pages-do_huge-pages[Configure huge pages support].
+** xref:../../networking/hardware_networks/installing-sriov-operator.adoc#installing-sr-iov-operator_installing-sriov-operator[Install the SR-IOV Operator].
+** xref:../../networking/hardware_networks/configuring-sriov-device.adoc#nw-sriov-networknodepolicy-object_configuring-sriov-device[Configure your SR-IOV network device].
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
diff --git a/installing/installing_openstack/installing-openstack-user.adoc b/installing/installing_openstack/installing-openstack-user.adoc
index 141336fa1b3f..49ce900f1ef9 100644
--- a/installing/installing_openstack/installing-openstack-user.adoc
+++ b/installing/installing_openstack/installing-openstack-user.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-openstack-user"]
 = Installing a cluster on OpenStack on your own infrastructure
 include::_attributes/common-attributes.adoc[]
@@ -38,10 +38,13 @@ include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
 include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
-include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_openstack/installation-config-parameters-openstack.adoc#installation-config-parameters-openstack[Installation configuration parameters for OpenStack]
+
 include::modules/installation-osp-custom-subnet.adoc[leveloffset=+2]
 include::modules/installation-osp-config-yaml.adoc[leveloffset=+2]
-include::modules/installation-osp-failure-domains-config.adoc[leveloffset=+2]
 include::modules/installation-osp-fixing-subnet.adoc[leveloffset=+2]
 include::modules/installation-osp-emptying-worker-pools.adoc[leveloffset=+2]
 include::modules/installation-osp-provider-networks.adoc[leveloffset=+2]
diff --git a/installing/installing_openstack/preparing-to-install-on-openstack.adoc b/installing/installing_openstack/preparing-to-install-on-openstack.adoc
index 8ecf10b5b272..a85401a7307e 100644
--- a/installing/installing_openstack/preparing-to-install-on-openstack.adoc
+++ b/installing/installing_openstack/preparing-to-install-on-openstack.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-openstack"]
 = Preparing to install on OpenStack
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can install {product-title} on {rh-openstack-first}. 
+You can install {product-title} on {rh-openstack-first}.
 ifdef::openshift-origin[{product-title} version {product-version} supports OpenStack Train.]
 
 [id="preparing-to-install-on-openstack-prerequisites"]
@@ -29,8 +29,6 @@ You can install a cluster on {rh-openstack-first} infrastructure that is provisi
 
 * **xref:../../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[Installing a cluster on OpenStack with customizations]**: You can install a customized cluster on {rh-openstack}. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
 
-* **xref:../../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[Installing a cluster on OpenStack with Kuryr]**: You can install a customized {product-title} cluster on {rh-openstack} that uses Kuryr SDN. Kuryr and {product-title} integration is primarily designed for {product-title} clusters running on {rh-openstack} VMs. Kuryr improves the network performance by plugging {product-title} pods into {rh-openstack} SDN. In addition, it provides interconnectivity between pods and {rh-openstack} virtual instances.
-
 * **xref:../../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[Installing a cluster on OpenStack in a restricted network]**: You can install {product-title} on {rh-openstack} in a restricted or disconnected network by creating an internal mirror of the installation release content. You can use this method to install a cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
 
 [id="choosing-an-method-to-install-ocp-on-openstack-user-provisioned"]
@@ -40,8 +38,6 @@ You can install a cluster on {rh-openstack} infrastructure that you provision, b
 
 * **xref:../../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[Installing a cluster on OpenStack on your own infrastructure]**: You can install {product-title} on user-provisioned {rh-openstack} infrastructure. By using this installation method, you can integrate your cluster with existing infrastructure and modifications. For installations on user-provisioned infrastructure, you must create all {rh-openstack} resources, like Nova servers, Neutron ports, and security groups. You can use the provided Ansible playbooks to assist with the deployment process.
 
-* **xref:../../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[Installing a cluster on OpenStack with Kuryr on your own infrastructure]**: You can install {product-title} on user-provisioned {rh-openstack} infrastructure that uses Kuryr SDN.
-
 include::modules/security-osp-validating-certificates.adoc[leveloffset=+1]
 
 include::modules/security-osp-validating-certificates-manually.adoc[leveloffset=+2]
diff --git a/installing/installing_openstack/uninstalling-cluster-openstack.adoc b/installing/installing_openstack/uninstalling-cluster-openstack.adoc
index 05b70252f927..96b57d279118 100644
--- a/installing/installing_openstack/uninstalling-cluster-openstack.adoc
+++ b/installing/installing_openstack/uninstalling-cluster-openstack.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-openstack"]
 = Uninstalling a cluster on OpenStack
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_openstack/uninstalling-openstack-user.adoc b/installing/installing_openstack/uninstalling-openstack-user.adoc
index e018cc6b1bf3..f5d3ed4dd34f 100644
--- a/installing/installing_openstack/uninstalling-openstack-user.adoc
+++ b/installing/installing_openstack/uninstalling-openstack-user.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-openstack-user"]
 = Uninstalling a cluster on {rh-openstack} from your own infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_platform_agnostic/installing-platform-agnostic.adoc b/installing/installing_platform_agnostic/installing-platform-agnostic.adoc
index 1a2386a03a63..3730258ebccb 100644
--- a/installing/installing_platform_agnostic/installing-platform-agnostic.adoc
+++ b/installing/installing_platform_agnostic/installing-platform-agnostic.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-platform-agnostic"]
 = Installing a cluster on any platform
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_rhv/installing-rhv-customizations.adoc b/installing/installing_rhv/installing-rhv-customizations.adoc
deleted file mode 100644
index ef10d50a20b1..000000000000
--- a/installing/installing_rhv/installing-rhv-customizations.adoc
+++ /dev/null
@@ -1,106 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-rhv-customizations"]
-= Installing a cluster on {rh-virtualization} with customizations
-include::_attributes/common-attributes.adoc[]
-:context: installing-rhv-customizations
-
-toc::[]
-
-You can customize and install an {product-title} cluster on {rh-virtualization-first}, similar to the one shown in the following diagram.
-
-ifndef::openshift-origin[]
-image::92_OpenShift_Cluster_Install_RHV_0520.png[Diagram of an {product-title} cluster on a {rh-virtualization} cluster]
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-image::193_OpenShift_Cluster_Install_updates_1021_oVirt.png[Diagram of an {product-title} cluster on a {rh-virtualization} cluster]
-endif::openshift-origin[]
-
-The installation program uses installer-provisioned infrastructure to automate creating and deploying the cluster.
-
-To install a customized cluster, you prepare the environment and perform the following steps:
-
-. Create an installation configuration file, the `install-config.yaml` file, by running the installation program and answering its prompts.
-. Inspect and modify parameters in the `install-config.yaml` file.
-. Make a working copy of the `install-config.yaml` file.
-. Run the installation program with a copy of the `install-config.yaml` file.
-
-Then, the installation program creates the {product-title} cluster.
-
-For an alternative to installing a customized cluster, see xref:../../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[Installing a default cluster].
-
-[NOTE]
-====
-This installation program is available for Linux and macOS only.
-====
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You have a supported combination of versions in the link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization-first}].
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-requirements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-verifying-rhv-environment.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-preparing-network-environment.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-insecure-mode.adoc[leveloffset=+1]
-
-// include::modules/installing-rhv-setting-up-ca-certificate.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-initializing.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-example-install-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
-
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
-[IMPORTANT]
-====
-You have completed the steps required to install the cluster. The remaining steps show you how to verify the cluster and troubleshoot the installation.
-====
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-To learn more, see xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#getting-started-cli[Getting started with the OpenShift CLI].
-
-include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
-
-.Troubleshooting
-If the installation fails, the installation program times out and displays an error message. To learn more, see
-xref:../../installing/installing-troubleshooting.adoc#installing-troubleshooting[Troubleshooting installation issues].
-
-include::modules/installing-rhv-accessing-ocp-web-console.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/installation-common-issues.adoc[leveloffset=+1]
-
-== Post-installation tasks
-
-After the {product-title} cluster initializes, you can perform the following tasks.
-
-* Optional: After deployment, add or replace SSH keys using the Machine Config Operator (MCO) in {product-title}.
-* Optional: Remove the `kubeadmin` user. Instead, use the authentication provider to create a user with cluster-admin privileges.
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
diff --git a/installing/installing_rhv/installing-rhv-default.adoc b/installing/installing_rhv/installing-rhv-default.adoc
deleted file mode 100644
index 1e76882bfc4a..000000000000
--- a/installing/installing_rhv/installing-rhv-default.adoc
+++ /dev/null
@@ -1,96 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-rhv-default"]
-= Installing a cluster quickly on {rh-virtualization}
-include::_attributes/common-attributes.adoc[]
-:context: installing-rhv-default
-
-toc::[]
-
-You can quickly install a default, non-customized, {product-title} cluster on a {rh-virtualization-first} cluster, similar to the one shown in the following diagram.
-
-ifndef::openshift-origin[]
-image::92_OpenShift_Cluster_Install_RHV_0520.png[Diagram of an {product-title} cluster on a {rh-virtualization} cluster]
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-image::193_OpenShift_Cluster_Install_updates_1021_oVirt.png[Diagram of an {product-title} cluster on a {rh-virtualization} cluster]
-endif::openshift-origin[]
-
-The installation program uses installer-provisioned infrastructure to automate creating and deploying the cluster.
-
-To install a default cluster, you prepare the environment, run the installation program and answer its prompts. Then, the installation program creates the {product-title} cluster.
-
-For an alternative to installing a default cluster, see xref:../../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[Installing a cluster with customizations].
-
-[NOTE]
-====
-This installation program is available for Linux and macOS only.
-====
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You have a supported combination of versions in the link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization-first}].
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-requirements.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-example-install-config-yaml_installing-rhv-customizations[Example: Removing all affinity groups for a non-production lab setup].
-
-include::modules/installing-rhv-verifying-rhv-environment.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-preparing-network-environment.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-insecure-mode.adoc[leveloffset=+1]
-
-// include::modules/installing-rhv-setting-up-ca-certificate.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
-[IMPORTANT]
-====
-You have completed the steps required to install the cluster. The remaining steps show you how to verify the cluster and troubleshoot the installation.
-====
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-To learn more, see xref:../../cli_reference/openshift_cli/getting-started-cli.adoc#getting-started-cli[Getting started with the OpenShift CLI].
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
-
-include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
-
-.Troubleshooting
-If the installation fails, the installation program times out and displays an error message. To learn more, see
-xref:../../installing/installing-troubleshooting.adoc#installing-troubleshooting[Troubleshooting installation issues].
-
-include::modules/installing-rhv-accessing-ocp-web-console.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/installation-common-issues.adoc[leveloffset=+1]
-
-== Post-installation tasks
-After the {product-title} cluster initializes, you can perform the following tasks.
-
-* Optional: After deployment, add or replace SSH keys using the Machine Config Operator (MCO) in {product-title}.
-* Optional: Remove the `kubeadmin` user. Instead, use the authentication provider to create a user with cluster-admin privileges.
diff --git a/installing/installing_rhv/installing-rhv-restricted-network.adoc b/installing/installing_rhv/installing-rhv-restricted-network.adoc
deleted file mode 100644
index 1ba8012fbb5f..000000000000
--- a/installing/installing_rhv/installing-rhv-restricted-network.adoc
+++ /dev/null
@@ -1,93 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-rhv-restricted-network"]
-= Installing a cluster on {rh-virtualization} in a restricted network
-include::_attributes/common-attributes.adoc[]
-:context: installing-rhv-restricted-network
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a
-customized {product-title} cluster on {rh-virtualization-first} in a restricted network by creating an internal mirror of the installation release content.
-
-== Prerequisites
-
-The following items are required to install an {product-title} cluster on a {rh-virtualization} environment.
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You have a supported combination of versions in the link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization}].
-* You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[created a registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}.
-+
-[IMPORTANT]
-====
-Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
-====
-+
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide ReadWriteMany access modes.
-* If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-Be sure to also review this site list if you are configuring a proxy.
-====
-
-include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-requirements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-verifying-rhv-environment.adoc[leveloffset=+1]
-
-include::modules/installation-network-user-infra.adoc[leveloffset=+1]
-
-include::modules/installation-dns-user-infra.adoc[leveloffset=+1]
-
-include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
-
-include::modules/installing-rhv-setting-up-installation-machine.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-setting-up-ca-certificate.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-downloading-ansible-playbooks.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-about-inventory-yml.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-specifying-rhcos-image-settings.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-install-config-file.adoc[leveloffset=+1]
-
-include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+1]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-include::modules/installation-rhv-customizing-install-config-yaml.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-editing-manifests.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-making-control-plane-nodes-non-schedulable.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-building-ignition-files.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-templates-virtual-machines.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-bootstrap-machine.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-control-plane-nodes.adoc[leveloffset=+1]
-
-include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-removing-bootstrap-machine.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-worker-nodes-completing-installation.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
diff --git a/installing/installing_rhv/installing-rhv-user-infra.adoc b/installing/installing_rhv/installing-rhv-user-infra.adoc
deleted file mode 100644
index 19df54e4f3a8..000000000000
--- a/installing/installing_rhv/installing-rhv-user-infra.adoc
+++ /dev/null
@@ -1,84 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-rhv-user-infra"]
-= Installing a cluster on {rh-virtualization} with user-provisioned infrastructure
-include::_attributes/common-attributes.adoc[]
-:context: installing-rhv-user-infra
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a
-customized {product-title} cluster on {rh-virtualization-first} and other infrastructure that you provide. The {product-title} documentation uses the term _user-provisioned infrastructure_ to refer to this infrastructure type.
-
-The following diagram shows an example of a potential {product-title} cluster running on a {rh-virtualization} cluster.
-
-ifndef::openshift-origin[]
-image::92_OpenShift_Cluster_Install_RHV_0520.png[Diagram of an {product-title} cluster on a {rh-virtualization} cluster]
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-image::193_OpenShift_Cluster_Install_updates_1021_oVirt.png[Diagram of an {product-title} cluster on a {rh-virtualization} cluster]
-endif::openshift-origin[]
-
-The {rh-virtualization} hosts run virtual machines that contain both control plane and compute pods. One of the hosts also runs a {rh-virtualization-engine-name} virtual machine and a bootstrap virtual machine that contains a temporary control plane pod.]
-
-== Prerequisites
-
-The following items are required to install an {product-title} cluster on a {rh-virtualization} environment.
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You have a supported combination of versions in the link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization-first}].
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-requirements.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-verifying-rhv-environment.adoc[leveloffset=+1]
-
-//include::modules/installing-rhv-network-infrastructure-configuration-upi.adoc[leveloffset=+1]
-
-include::modules/installation-network-user-infra.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-setting-up-installation-machine.adoc[leveloffset=+1]
-
-include::modules/installing-rhv-insecure-mode.adoc[leveloffset=+1]
-
-// include::modules/installing-rhv-setting-up-ca-certificate.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-downloading-ansible-playbooks.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-about-inventory-yml.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-specifying-rhcos-image-settings.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-install-config-file.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-customizing-install-config-yaml.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-editing-manifests.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-making-control-plane-nodes-non-schedulable.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-building-ignition-files.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-templates-virtual-machines.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-bootstrap-machine.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-control-plane-nodes.adoc[leveloffset=+1]
-
-include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-removing-bootstrap-machine.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-creating-worker-nodes-completing-installation.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
diff --git a/installing/installing_rhv/preparing-to-install-on-rhv.adoc b/installing/installing_rhv/preparing-to-install-on-rhv.adoc
deleted file mode 100644
index ab511c7c3809..000000000000
--- a/installing/installing_rhv/preparing-to-install-on-rhv.adoc
+++ /dev/null
@@ -1,39 +0,0 @@
-:_content-type: ASSEMBLY
-[id="preparing-to-install-on-rhv"]
-= Preparing to install on {rh-virtualization-first}
-include::_attributes/common-attributes.adoc[]
-:context: preparing-to-install-on-rhv
-
-toc::[]
-
-[id="preparing-to-install-on-rhv-prerequisites"]
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You have a supported combination of versions in the link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization-first}].
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-
-[id="choosing-an-method-to-install-ocp-on-rhv"]
-== Choosing a method to install {product-title} on {rh-virtualization}
-
-You can install {product-title} on installer-provisioned or user-provisioned infrastructure. The default installation type uses installer-provisioned infrastructure, where the installation program provisions the underlying infrastructure for the cluster. You can also install {product-title} on infrastructure that you provision. If you do not use infrastructure that the installation program provisions, you must manage and maintain the cluster resources yourself.
-
-See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned and user-provisioned installation processes.
-
-[id="choosing-an-method-to-install-ocp-on-rhv-installer-provisioned"]
-=== Installing a cluster on installer-provisioned infrastructure
-
-You can install a cluster on {rh-virtualization-first} virtual machines that are provisioned by the {product-title} installation program, by using one of the following methods:
-
-* **xref:../../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[Installing a cluster quickly on {rh-virtualization}]**: You can quickly install {product-title} on {rh-virtualization} virtual machines that the {product-title} installation program provisions.
-
-* **xref:../../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[Installing a cluster on {rh-virtualization} with customizations]**: You can install a customized {product-title} cluster on installer-provisioned guests on {rh-virtualization}. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation].
-
-[id="choosing-an-method-to-install-ocp-on-rhv-user-provisioned"]
-=== Installing a cluster on user-provisioned infrastructure
-
-You can install a cluster on {rh-virtualization} virtual machines that you provision, by using one of the following methods:
-
-* **xref:../../installing/installing_rhv/installing-rhv-user-infra.adoc#installing-rhv-user-infra[Installing a cluster on {rh-virtualization} with user-provisioned infrastructure]**: You can install {product-title} on {rh-virtualization} virtual machines that you provision. You can use the provided Ansible playbooks to assist with the installation.
-
-* **xref:../../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[Installing a cluster on {rh-virtualization} in a restricted network]**: You can install {product-title} on {rh-virtualization} in a restricted or disconnected network by creating an internal mirror of the installation release content. You can use this method to install a user-provisioned cluster that does not require an active internet connection to obtain the software components. You can also use this installation method to ensure that your clusters only use container images that satisfy your organizational controls on external content.
diff --git a/installing/installing_rhv/uninstalling-cluster-rhv.adoc b/installing/installing_rhv/uninstalling-cluster-rhv.adoc
deleted file mode 100644
index f1d2e0d29023..000000000000
--- a/installing/installing_rhv/uninstalling-cluster-rhv.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="uninstalling-cluster-rhv"]
-= Uninstalling a cluster on {rh-virtualization}
-include::_attributes/common-attributes.adoc[]
-:context: uninstalling-cluster-rhv
-
-toc::[]
-
-You can remove an {product-title} cluster from {rh-virtualization-first}.
-
-include::modules/installation-uninstall-clouds.adoc[leveloffset=+1]
-
-include::modules/installation-rhv-removing-cluster-upi.adoc[leveloffset=+1]
diff --git a/installing/installing_sno/install-sno-installing-sno.adoc b/installing/installing_sno/install-sno-installing-sno.adoc
index 8ba9c17c304c..9e5111fd4f25 100644
--- a/installing/installing_sno/install-sno-installing-sno.adoc
+++ b/installing/installing_sno/install-sno-installing-sno.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="install-sno-installing-sno"]
 = Installing OpenShift on a single node
 :context: install-sno-installing-sno-with-the-assisted-installer
@@ -10,6 +10,7 @@ You can install {sno} using the web-based Assisted Installer and a discovery ISO
 
 ifndef::openshift-origin[]
 
+[id="installing-sno-assisted-installer"]
 == Installing {sno} using the Assisted Installer
 
 To install {product-title} on a single node, use the web-based Assisted Installer wizard to guide you through the process and manage the installation.
@@ -46,7 +47,7 @@ include::modules/install-sno-generating-the-install-iso-manually.adoc[leveloffse
 .Additional resources
 
 * See xref:../../post_installation_configuration/enabling-cluster-capabilities.adoc[Enabling cluster capabilities] for more information about enabling cluster capabilities that were disabled prior to installation.
-* See xref:../../installing/cluster-capabilities.html#explanation_of_capabilities_cluster-capabilities[Optional cluster capabilities in OpenShift Container Platform {product-title} {product-version}] for more information about the features provided by each capability.
+* See xref:../../installing/cluster-capabilities.adoc#explanation_of_capabilities_cluster-capabilities[Optional cluster capabilities in {product-title} {product-version}] for more information about the features provided by each capability.
 
 include::modules/install-sno-monitoring-the-installation-manually.adoc[leveloffset=+2]
 
@@ -59,9 +60,12 @@ include::modules/install-sno-monitoring-the-installation-manually.adoc[leveloffs
 
 * xref:../../nodes/nodes/nodes-sno-worker-nodes.adoc#nodes-sno-worker-nodes[Adding worker nodes to {sno} clusters]
 
-== Installing {sno} on AWS
+[id="install-sno-installing-sno-on-cloud-providers"]
+== Installing {sno} on cloud providers
 
-include::modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-aws.adoc[leveloffset=+2]
+include::modules/install-sno-additional-requirements-for-installing-sno-on-a-cloud-provider.adoc[leveloffset=+2]
+
+include::modules/install-sno-supported-cloud-providers-for-single-node-openshift.adoc[leveloffset=+2]
 
 include::modules/installation-aws_con_installing-sno-on-aws.adoc[leveloffset=+2]
 
@@ -70,8 +74,87 @@ include::modules/installation-aws_con_installing-sno-on-aws.adoc[leveloffset=+2]
 
 * xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Installing a cluster on AWS with customizations]
 
+
+include::modules/install-sno-installing-sno-on-azure.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Installing a cluster on Azure with customizations]
+
+
+include::modules/install-sno-installing-sno-on-gcp.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[Installing a cluster on GCP with customizations]
+
+
 include::modules/install-sno-installing-with-usb-media.adoc[leveloffset=+1]
 
 include::modules/install-booting-from-an-iso-over-http-redfish.adoc[leveloffset=+1]
 
 include::modules/creating-custom-live-rhcos-iso.adoc[leveloffset=+1]
+
+[id="install-sno-with-ibmz"]
+== Installing {sno} with {ibm-z-title} and {ibm-linuxone-title}
+
+Installing a single-node cluster on {ibm-z-name} and {ibm-linuxone-name} requires user-provisioned installation using either the "Installing a cluster with {op-system-base} KVM on {ibm-z-name} and {ibm-linuxone-name}" or the "Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}" procedure.
+
+[NOTE]
+====
+Installing a single-node cluster on {ibm-z-name} simplifies installation for development and test environments and requires less resource requirements at entry level.
+====
+
+[discrete]
+=== Hardware requirements
+
+* The equivalent of two Integrated Facilities for Linux (IFL), which are SMT2 enabled, for each cluster.
+* At least one network connection to both connect to the `LoadBalancer` service and to serve data for traffic outside the cluster.
+
+[NOTE]
+====
+You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of {ibm-z-name}. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every {product-title} cluster.
+====
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}]
+
+* xref:../../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[Installing a cluster with {op-system-base} KVM on {ibm-z-name} and{ibm-linuxone-name}]
+
+include::modules/install-sno-ibm-z.adoc[leveloffset=+2]
+
+include::modules/install-sno-ibm-z-kvm.adoc[leveloffset=+2]
+
+[id="installing-sno-with-ibmpower"]
+== Installing {sno} with {ibm-power-title}
+
+Installing a single-node cluster on {ibm-power-name} requires user-provisioned installation using the "Installing a cluster with {ibm-power-name}" procedure.
+
+[NOTE]
+====
+Installing a single-node cluster on {ibm-power-name} simplifies installation for development and test environments and requires less resource requirements at entry level.
+====
+
+[discrete]
+=== Hardware requirements
+
+* The equivalent of two Integrated Facilities for Linux (IFL), which are SMT2 enabled, for each cluster.
+* At least one network connection to connect to the `LoadBalancer` service and to serve data for traffic outside of the cluster.
+
+[NOTE]
+====
+You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of {ibm-power-name}. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every {product-title} cluster.
+====
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Installing a cluster on {ibm-power-name}]
+
+include::modules/setting-up-bastion-for-sno.adoc[leveloffset=+2]
+
+include::modules/install-sno-ibm-power.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/installing/installing_sno/install-sno-preparing-to-install-sno.adoc b/installing/installing_sno/install-sno-preparing-to-install-sno.adoc
index e878cc67f6a7..8a80793a3b75 100644
--- a/installing/installing_sno/install-sno-preparing-to-install-sno.adoc
+++ b/installing/installing_sno/install-sno-preparing-to-install-sno.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-sno"]
 = Preparing to install on a single node
 :context: install-sno-preparing
diff --git a/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc b/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
index 3e0c90912326..f94ee051865a 100644
--- a/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
+++ b/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-networks-vmc-user-infra"]
 = Installing a cluster on VMC in a restricted network with user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc b/installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc
index f707a1b2453d..b4c72d4b5079 100644
--- a/installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc
+++ b/installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-vmc-network-customizations-user-infra"]
 = Installing a cluster on VMC with user-provisioned infrastructure and network customizations
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_vmc/installing-vmc-user-infra.adoc b/installing/installing_vmc/installing-vmc-user-infra.adoc
index 39e12390e130..9ee93fa64979 100644
--- a/installing/installing_vmc/installing-vmc-user-infra.adoc
+++ b/installing/installing_vmc/installing-vmc-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-vmc-user-infra"]
 = Installing a cluster on VMC with user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_vsphere/installation-config-parameters-vsphere.adoc b/installing/installing_vsphere/installation-config-parameters-vsphere.adoc
index 349eaddb50bd..000fdb6f64e5 100644
--- a/installing/installing_vsphere/installation-config-parameters-vsphere.adoc
+++ b/installing/installing_vsphere/installation-config-parameters-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installation-config-parameters-vsphere"]
 = Installation configuration parameters for vSphere
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc b/installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
deleted file mode 100644
index 3a65dc5ecb5d..000000000000
--- a/installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
+++ /dev/null
@@ -1,116 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-restricted-networks-installer-provisioned-vsphere"]
-= Installing a cluster on vSphere in a restricted network
-include::_attributes/common-attributes.adoc[]
-:context: installing-restricted-networks-installer-provisioned-vsphere
-
-toc::[]
-
-In {product-title} {product-version}, you can install a cluster on VMware vSphere infrastructure in a restricted network by creating an internal mirror of the installation release content.
-
-include::snippets/vcenter-support.adoc[]
-
-[id="prerequisites_installing-restricted-networks-installer-provisioned-vsphere"]
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[created a registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}.
-+
-[IMPORTANT]
-====
-Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
-====
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide the ReadWriteMany access mode.
-* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
-* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-If you are configuring a proxy, be sure to also review this site list.
-====
-
-include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-installer-network-requirements.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-adding-vcenter-root-certificates.adoc[leveloffset=+1]
-
-include::modules/installation-creating-image-restricted.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.html#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
-
-include::modules/installation-initializing.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
-
-include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
-
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
-
-[id="installing-vsphere-restricted-networks-installer-provisioned-customizations-registry"]
-== Creating registry storage
-
-After you install the cluster, you must create storage for the Registry Operator.
-
-include::modules/registry-removed.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
-
-[id="next-steps_installing-restricted-networks-installer-provisioned-vsphere"]
-== Next steps
-
-* xref:../../installing/install_config/installing-customizing.adoc#installing-customizing[Customize your cluster].
-* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
diff --git a/installing/installing_vsphere/installing-restricted-networks-vsphere.adoc b/installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
deleted file mode 100644
index a12d4c7c77a6..000000000000
--- a/installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
+++ /dev/null
@@ -1,181 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-restricted-networks-vsphere"]
-= Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
-include::_attributes/common-attributes.adoc[]
-:context: installing-restricted-networks-vsphere
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a cluster on
-VMware vSphere infrastructure that you provision in a restricted network.
-
-include::snippets/vcenter-support.adoc[]
-
-[IMPORTANT]
-====
-The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
-====
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[created a registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}.
-+
-[IMPORTANT]
-====
-Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
-====
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide
-`ReadWriteMany` access modes.
-* Completing the installation requires that you upload the {op-system-first} OVA on vSphere hosts. The machine from which you complete this process requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
-* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-Be sure to also review this site list if you are configuring a proxy.
-====
-
-include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-[id="installation-requirements-user-infra_{context}"]
-== Requirements for a cluster with user-provisioned infrastructure
-
-For a cluster that contains user-provisioned infrastructure, you must deploy all
-of the required machines.
-
-This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../machine_management/creating_machinesets/creating-machineset-vsphere.adoc#creating-machineset-vsphere_creating-machineset-vsphere[Creating a compute machine set on vSphere]
-
-include::modules/installation-machine-requirements.adoc[leveloffset=+2]
-include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
-include::modules/installation-vsphere-encrypted-vms.adoc[leveloffset=+2]
-[role="_additional-resources"]
-.Additional resources
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-encryption[Creating an encrypted storage class]
-
-include::modules/csr-management.adoc[leveloffset=+2]
-
-include::modules/installation-network-user-infra.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-chrony_installing-customizing[Configuring chrony time service]
-
-include::modules/installation-dns-user-infra.adoc[leveloffset=+2]
-
-include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
-
-include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
-
-include::modules/installation-user-provisioned-validating-dns.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-//You extract the installation program from the mirrored content.
-
-//You can install the CLI on the mirror host.
-
-include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.html#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
-
-include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
-
-include::modules/installation-vsphere-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-//include::modules/installation-three-node-cluster.adoc[leveloffset=+2]
-
-include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
-
-include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1]
-
-include::modules/installation-special-config-chrony.adoc[leveloffset=+1]
-
-include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-machines.adoc[leveloffset=+1]
-
-include::modules/machine-vsphere-machines.adoc[leveloffset=+1]
-
-include::modules/installation-disk-partitioning.adoc[leveloffset=+1]
-
-include::modules/architecture-rhcos-updating-bootloader.adoc[leveloffset=+1]
-
-include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-include::modules/installation-approve-csrs.adoc[leveloffset=+1]
-
-include::modules/installation-operators-config.adoc[leveloffset=+1]
-
-include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
-
-For instructions about configuring registry storage so that it references the correct PVC, see xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
-
-include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
-
-You can add extra compute machines after the cluster installation is completed by following xref:../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere].
-
-include::modules/vsphere-anti-affinity.adoc[leveloffset=+1]
-
-include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* Optional: xref:../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
-* Optional: if you created encrypted virtual machines, xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[create an encrypted storage class].
diff --git a/installing/installing_vsphere/installing-vsphere-agent-based-installer.adoc b/installing/installing_vsphere/installing-vsphere-agent-based-installer.adoc
new file mode 100644
index 000000000000..aa94e533e5c6
--- /dev/null
+++ b/installing/installing_vsphere/installing-vsphere-agent-based-installer.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere-agent-based-installer"]
+= Installing a cluster on vSphere using the Agent-based Installer
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere-agent-based-installer
+
+toc::[]
+
+The Agent-based installation method provides the flexibility to boot your on-premises servers in any way that you choose. It combines the ease of use of the Assisted Installation service with the ability to run offline, including in air-gapped environments.
+
+Agent-based installation is a subcommand of the {product-title} installer. It generates a bootable ISO image containing all of the information required to deploy an {product-title} cluster with an available release image.
+
+[role="_additional-resources"]
+[id="additional-resources_installing-vsphere-agent-based-installer"]
+== Additional resources
+
+* xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#preparing-to-install-with-agent-based-installer[Preparing to install with the Agent-based Installer]
diff --git a/installing/installing_vsphere/installing-vsphere-assisted-installer.adoc b/installing/installing_vsphere/installing-vsphere-assisted-installer.adoc
new file mode 100644
index 000000000000..09bcc9c374cd
--- /dev/null
+++ b/installing/installing_vsphere/installing-vsphere-assisted-installer.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere-assisted-installer"]
+= Installing a cluster on vSphere using the Assisted Installer
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere-assisted-installer
+
+toc::[]
+
+You can install {product-title} on on-premise hardware or on-premise VMs by using the {ai-full}. Installing {product-title} by using the {ai-full} supports `x86_64`, `AArch64`, `ppc64le`, and `s390x` CPU architectures.
+
+The {ai-full} is a user-friendly installation solution offered on the Red{nbsp}Hat Hybrid Cloud Console. The {ai-full} supports the various deployment platforms with a focus on the following infrastructures:
+
+* Bare metal
+* Nutanix
+* vSphere
+
+[role="_additional-resources"]
+[id="additional-resources_installing-vsphere-assisted-installer"]
+== Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2024/html/installing_openshift_container_platform_with_the_assisted_installer/index[Installing {product-title} with the {ai-full}]
diff --git a/installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc b/installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
deleted file mode 100644
index bc9ad19e0fac..000000000000
--- a/installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
+++ /dev/null
@@ -1,113 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-vsphere-installer-provisioned-customizations"]
-= Installing a cluster on vSphere with customizations
-include::_attributes/common-attributes.adoc[]
-:context: installing-vsphere-installer-provisioned-customizations
-:platform: vSphere
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a cluster on your
-VMware vSphere instance by using installer-provisioned infrastructure. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
-
-include::snippets/vcenter-support.adoc[]
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide `ReadWriteMany` access modes.
-* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
-* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-Be sure to also review this site list if you are configuring a proxy.
-====
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-installer-network-requirements.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-adding-vcenter-root-certificates.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.html#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
-
-include::modules/installation-initializing.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
-
-include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
-
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-[id="installing-vsphere-installer-provisioned-customizations-registry"]
-== Creating registry storage
-After you install the cluster, you must create storage for the registry Operator.
-
-include::modules/registry-removed.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
-
-For instructions about configuring registry storage so that it references the correct PVC, see xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
-
-include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
-* Optional: xref:../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
diff --git a/installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc b/installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
deleted file mode 100644
index 73dcae9de0b7..000000000000
--- a/installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+++ /dev/null
@@ -1,124 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-vsphere-installer-provisioned-network-customizations"]
-= Installing a cluster on vSphere with network customizations
-include::_attributes/common-attributes.adoc[]
-:context: installing-vsphere-installer-provisioned-network-customizations
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a cluster on your
-VMware vSphere instance by using installer-provisioned infrastructure with customized network configuration options. By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
-
-You must set most of the network configuration parameters during installation, and you can modify only `kubeProxy` configuration parameters in a running cluster.
-
-include::snippets/vcenter-support.adoc[]
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide
-`ReadWriteMany` access modes.
-* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
-* If you use a firewall, confirm with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-Be sure to also review this site list if you are configuring a proxy.
-====
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-installer-network-requirements.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-adding-vcenter-root-certificates.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.html#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
-
-include::modules/installation-initializing.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
-
-include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-include::modules/ipi-install-modifying-install-config-for-dual-stack-network.adoc[leveloffset=+2]
-
-include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
-
-// begin network customization
-include::modules/nw-network-config.adoc[leveloffset=+1]
-include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
-include::modules/nw-operator-cr.adoc[leveloffset=+1]
-// end network customization
-
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-[id="installing-vsphere-installer-provisioned-network-customizations-registry"]
-== Creating registry storage
-After you install the cluster, you must create storage for the registry Operator.
-
-include::modules/registry-removed.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
-
-For instructions about configuring registry storage so that it references the correct PVC, see xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
-
-include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
-include::modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc[leveloffset=+1]
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
-* Optional: xref:../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
diff --git a/installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc b/installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
deleted file mode 100644
index f8f677432d59..000000000000
--- a/installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
+++ /dev/null
@@ -1,88 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-vsphere-installer-provisioned"]
-= Installing a cluster on vSphere
-include::_attributes/common-attributes.adoc[]
-:context: installing-vsphere-installer-provisioned
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a cluster on your
-VMware vSphere instance by using installer-provisioned infrastructure.
-
-include::snippets/vcenter-support.adoc[]
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide
-`ReadWriteMany` access modes.
-* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
-* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-Be sure to also review this site list if you are configuring a proxy.
-====
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-installer-network-requirements.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-adding-vcenter-root-certificates.adoc[leveloffset=+1]
-
-include::modules/installation-launching-installer.adoc[leveloffset=+1]
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-[id="installing-vsphere-installer-provisioned-registry"]
-== Creating registry storage
-After you install the cluster, you must create storage for the registry Operator.
-
-include::modules/registry-removed.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
-
-For instructions about configuring registry storage so that it references the correct PVC, see xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
-
-include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
-* Optional: xref:../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
diff --git a/installing/installing_vsphere/installing-vsphere-network-customizations.adoc b/installing/installing_vsphere/installing-vsphere-network-customizations.adoc
deleted file mode 100644
index cb6384439845..000000000000
--- a/installing/installing_vsphere/installing-vsphere-network-customizations.adoc
+++ /dev/null
@@ -1,168 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-vsphere-network-customizations"]
-= Installing a cluster on vSphere with network customizations
-include::_attributes/common-attributes.adoc[]
-:context: installing-vsphere-network-customizations
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a cluster on
-VMware vSphere infrastructure that you provision with customized network
-configuration options. By customizing your network configuration, your cluster
-can coexist with existing IP address allocations in your environment and
-integrate with existing MTU and VXLAN configurations.
-
-You must set most of the network configuration parameters during installation,
-and you can modify only `kubeProxy` configuration parameters in a running
-cluster.
-
-include::snippets/vcenter-support.adoc[]
-
-[IMPORTANT]
-====
-The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
-====
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* Completing the installation requires that you upload the {op-system-first} OVA on vSphere hosts. The machine from which you complete this process requires access to port 443 on the vCenter and ESXi hosts. Verify that port 443 is accessible.
-* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-[id="installation-requirements-user-infra_{context}"]
-== Requirements for a cluster with user-provisioned infrastructure
-
-For a cluster that contains user-provisioned infrastructure, you must deploy all
-of the required machines.
-
-This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../machine_management/creating_machinesets/creating-machineset-vsphere.adoc#creating-machineset-vsphere_creating-machineset-vsphere[Creating a compute machine set on vSphere]
-
-include::modules/installation-machine-requirements.adoc[leveloffset=+2]
-include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
-include::modules/installation-vsphere-encrypted-vms.adoc[leveloffset=+2]
-[role="_additional-resources"]
-.Additional resources
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[Creating an encrypted storage class]
-
-include::modules/csr-management.adoc[leveloffset=+2]
-
-include::modules/installation-network-user-infra.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-chrony_installing-customizing[Configuring chrony time service]
-
-include::modules/installation-dns-user-infra.adoc[leveloffset=+2]
-
-include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
-
-include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
-
-include::modules/installation-user-provisioned-validating-dns.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.html#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
-
-include::modules/installation-vsphere-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
-
-// Network Operator specific configuration
-include::modules/nw-network-config.adoc[leveloffset=+1]
-include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
-include::modules/nw-operator-cr.adoc[leveloffset=+1]
-
-include::modules/installation-generate-ignition-configs.adoc[leveloffset=+1]
-
-include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-machines.adoc[leveloffset=+1]
-
-include::modules/machine-vsphere-machines.adoc[leveloffset=+1]
-
-include::modules/installation-disk-partitioning.adoc[leveloffset=+1]
-
-include::modules/architecture-rhcos-updating-bootloader.adoc[leveloffset=+1]
-
-include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-include::modules/installation-approve-csrs.adoc[leveloffset=+1]
-
-include::modules/installation-operators-config.adoc[leveloffset=+2]
-
-include::modules/registry-removed.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
-
-For instructions about configuring registry storage so that it references the correct PVC, see xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
-
-include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
-
-You can add extra compute machines after the cluster installation is completed by following xref:../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere].
-
-include::modules/vsphere-anti-affinity.adoc[leveloffset=+1]
-
-include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
-* Optional: xref:../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
-* Optional: if you created encrypted virtual machines, xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[create an encrypted storage class].
diff --git a/installing/installing_vsphere/installing-vsphere-three-node.adoc b/installing/installing_vsphere/installing-vsphere-three-node.adoc
index 67378f814fff..c3d7d904c1c4 100644
--- a/installing/installing_vsphere/installing-vsphere-three-node.adoc
+++ b/installing/installing_vsphere/installing-vsphere-three-node.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-vsphere-three-node"]
 = Installing a three-node cluster on vSphere
 include::_attributes/common-attributes.adoc[]
@@ -13,5 +13,5 @@ You can install a three-node cluster using either installer-provisioned or user-
 include::modules/installation-three-node-cluster-cloud-provider.adoc[leveloffset=+1]
 
 == Next steps
-* xref:../../installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[Installing a cluster on vSphere with customizations]
-* xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[Installing a cluster on vSphere with user-provisioned infrastructure]
+* xref:../../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[Installing a cluster on vSphere with customizations]
+* xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[Installing a cluster on vSphere with user-provisioned infrastructure]
diff --git a/installing/installing_vsphere/installing-vsphere.adoc b/installing/installing_vsphere/installing-vsphere.adoc
deleted file mode 100644
index a3809c51185f..000000000000
--- a/installing/installing_vsphere/installing-vsphere.adoc
+++ /dev/null
@@ -1,171 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-vsphere"]
-= Installing a cluster on vSphere with user-provisioned infrastructure
-include::_attributes/common-attributes.adoc[]
-:context: installing-vsphere
-:platform: vSphere
-
-toc::[]
-
-In {product-title} version {product-version}, you can install a cluster on
-VMware vSphere infrastructure that you provision.
-
-include::snippets/vcenter-support.adoc[]
-
-[IMPORTANT]
-====
-The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
-====
-
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-* You provisioned xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide `ReadWriteMany` access modes.
-* Completing the installation requires that you upload the {op-system-first} OVA on vSphere hosts. The machine from which you complete this process requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
-* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
-* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
-+
-[NOTE]
-====
-Be sure to also review this site list if you are configuring a proxy.
-====
-
-include::modules/cluster-entitlements.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-* To update the hardware version for your vSphere nodes, see xref:../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
-
-[id="installation-requirements-user-infra_{context}"]
-== Requirements for a cluster with user-provisioned infrastructure
-
-For a cluster that contains user-provisioned infrastructure, you must deploy all
-of the required machines.
-
-This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.
-
-include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../machine_management/creating_machinesets/creating-machineset-vsphere.adoc#creating-machineset-vsphere_creating-machineset-vsphere[Creating a compute machine set on vSphere]
-
-include::modules/installation-machine-requirements.adoc[leveloffset=+2]
-include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
-include::modules/installation-vsphere-encrypted-vms.adoc[leveloffset=+2]
-[role="_additional-resources"]
-.Additional resources
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[Creating an encrypted storage class]
-
-include::modules/csr-management.adoc[leveloffset=+2]
-
-include::modules/installation-network-user-infra.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-chrony_installing-customizing[Configuring chrony time service]
-
-include::modules/installation-dns-user-infra.adoc[leveloffset=+2]
-
-include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
-
-include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
-
-include::modules/installation-user-provisioned-validating-dns.adoc[leveloffset=+1]
-
-include::modules/ssh-agent-using.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
-
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
-
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.html#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
-
-include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
-
-include::modules/installation-initializing-manual.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
-
-include::modules/installation-vsphere-config-yaml.adoc[leveloffset=+2]
-
-include::modules/installation-configure-proxy.adoc[leveloffset=+2]
-
-//include::modules/installation-three-node-cluster.adoc[leveloffset=+2]
-
-include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
-
-include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1]
-
-include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
-
-include::modules/installation-vsphere-machines.adoc[leveloffset=+1]
-
-include::modules/machine-vsphere-machines.adoc[leveloffset=+1]
-
-include::modules/installation-disk-partitioning.adoc[leveloffset=+1]
-
-include::modules/architecture-rhcos-updating-bootloader.adoc[leveloffset=+1]
-
-include::modules/cli-installing-cli.adoc[leveloffset=+1]
-
-include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
-
-include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-
-include::modules/installation-approve-csrs.adoc[leveloffset=+1]
-
-include::modules/installation-operators-config.adoc[leveloffset=+1]
-
-include::modules/registry-removed.adoc[leveloffset=+2]
-
-include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
-
-include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
-
-include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
-
-For instructions about configuring registry storage so that it references the correct PVC, see xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
-
-include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
-
-You can add extra compute machines after the cluster installation is completed by following xref:../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere].
-
-include::modules/vsphere-anti-affinity.adoc[leveloffset=+1]
-
-include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1]
-
-include::modules/cluster-telemetry.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
-
-== Next steps
-
-* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
-* If necessary, you can
-xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
-* Optional: xref:../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
-* Optional: if you created encrypted virtual machines, xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[create an encrypted storage class].
diff --git a/virt/virtual_machines/vm_networking/_attributes b/installing/installing_vsphere/ipi/_attributes
similarity index 100%
rename from virt/virtual_machines/vm_networking/_attributes
rename to installing/installing_vsphere/ipi/_attributes
diff --git a/installing/installing_vsphere/ipi/images b/installing/installing_vsphere/ipi/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/installing/installing_vsphere/ipi/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc b/installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc
new file mode 100644
index 000000000000..54e5e45274e8
--- /dev/null
+++ b/installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc
@@ -0,0 +1,99 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-restricted-networks-installer-provisioned-vsphere"]
+= Installing a cluster on vSphere in a restricted network
+include::_attributes/common-attributes.adoc[]
+:context: installing-restricted-networks-installer-provisioned-vsphere
+
+toc::[]
+
+In {product-title} {product-version}, you can install a cluster on VMware vSphere infrastructure in a restricted network by creating an internal mirror of the installation release content.
+
+include::snippets/vcenter-support.adoc[]
+
+[id="prerequisites_installing-restricted-networks-installer-provisioned-vsphere"]
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc#ipi-vsphere-preparing-to-install[Preparing to install a cluster using installer-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[created a registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
+====
+* You provisioned xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide the ReadWriteMany access mode.
+* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
+* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall and plan to use the Telemetry service, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+If you are configuring a proxy, be sure to also review this site list.
+====
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-creating-image-restricted.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
+
+include::modules/installation-initializing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
+
+include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
+
+[id="installing-vsphere-restricted-networks-installer-provisioned-customizations-registry"]
+== Creating registry storage
+
+After you install the cluster, you must create storage for the Registry Operator.
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
+
+[id="next-steps_installing-restricted-networks-installer-provisioned-vsphere"]
+== Next steps
+
+* xref:../../../installing/install_config/installing-customizing.adoc#installing-customizing[Customize your cluster].
+* If necessary, you can xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, see xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster]
+* xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
diff --git a/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc b/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc
new file mode 100644
index 000000000000..aca58831bc33
--- /dev/null
+++ b/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc
@@ -0,0 +1,91 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere-installer-provisioned-customizations"]
+= Installing a cluster on vSphere with customizations
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere-installer-provisioned-customizations
+:platform: vSphere
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on your
+VMware vSphere instance by using installer-provisioned infrastructure. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+
+include::snippets/vcenter-support.adoc[]
+
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc#ipi-vsphere-preparing-to-install[Preparing to install a cluster using installer-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You provisioned xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide `ReadWriteMany` access modes.
+* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
+* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
+
+include::modules/installation-initializing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
+
+include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+[id="installing-vsphere-installer-provisioned-customizations-registry"]
+== Creating registry storage
+After you install the cluster, you must create storage for the registry Operator.
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
+
+For instructions about configuring registry storage so that it references the correct PVC, see xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
+
+== Next steps
+
+* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can
+xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
+* Optional: xref:../../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
diff --git a/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc b/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc
new file mode 100644
index 000000000000..1b791775a029
--- /dev/null
+++ b/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc
@@ -0,0 +1,102 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere-installer-provisioned-network-customizations"]
+= Installing a cluster on vSphere with network customizations
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere-installer-provisioned-network-customizations
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on your
+VMware vSphere instance by using installer-provisioned infrastructure with customized network configuration options. By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+
+You must set most of the network configuration parameters during installation, and you can modify only `kubeProxy` configuration parameters in a running cluster.
+
+include::snippets/vcenter-support.adoc[]
+
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc#ipi-vsphere-preparing-to-install[Preparing to install a cluster using installer-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You provisioned xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide
+`ReadWriteMany` access modes.
+* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
+* If you use a firewall, confirm with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
+
+include::modules/installation-initializing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
+
+include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/ipi-install-modifying-install-config-for-dual-stack-network.adoc[leveloffset=+2]
+
+include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
+
+// begin network customization
+include::modules/nw-network-config.adoc[leveloffset=+1]
+include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
+include::modules/nw-operator-cr.adoc[leveloffset=+1]
+// end network customization
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+[id="installing-vsphere-installer-provisioned-network-customizations-registry"]
+== Creating registry storage
+After you install the cluster, you must create storage for the registry Operator.
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
+
+For instructions about configuring registry storage so that it references the correct PVC, see xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
+include::modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc[leveloffset=+1]
+
+== Next steps
+
+* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can
+xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
+* Optional: xref:../../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
diff --git a/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc b/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc
new file mode 100644
index 000000000000..0beb7ef1c6d5
--- /dev/null
+++ b/installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc
@@ -0,0 +1,66 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere-installer-provisioned"]
+= Installing a cluster on vSphere
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere-installer-provisioned
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on your
+VMware vSphere instance by using installer-provisioned infrastructure.
+
+include::snippets/vcenter-support.adoc[]
+
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc#ipi-vsphere-preparing-to-install[Preparing to install a cluster using installer-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You provisioned xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide
+`ReadWriteMany` access modes.
+* The {product-title} installer requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
+* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+[id="installing-vsphere-installer-provisioned-registry"]
+== Creating registry storage
+After you install the cluster, you must create storage for the registry Operator.
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
+
+For instructions about configuring registry storage so that it references the correct PVC, see xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
+
+== Next steps
+
+* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can
+xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
+* Optional: xref:../../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
diff --git a/installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc b/installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
new file mode 100644
index 000000000000..3b6a50b01d32
--- /dev/null
+++ b/installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="ipi-vsphere-installation-reqs"]
+= vSphere installation requirements
+include::_attributes/common-attributes.adoc[]
+:context: ipi-vsphere-installation-reqs
+
+toc::[]
+
+Before you begin an installation using installer-provisioned infrastructure, be sure that your vSphere environment meets the following installation requirements.
+
+include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
+include::modules/installation-vsphere-installer-network-requirements.adoc[leveloffset=+1]
+include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* To remove a third-party vSphere CSI driver, see xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
+* To update the hardware version for your vSphere nodes, see xref:../../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
+* xref:../../../installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc#installation-vsphere-minimum-permissions-storage_ipi-vsphere-installation-reqs[Minimum permissions for the storage components]
+
+include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+1]
+include::modules/installation-vsphere-installer-infra-static-ip-nodes.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../post_installation_configuration/node-tasks.html#nodes-vsphere-scaling-machines-static-ip_post-install-node-tasks[Scaling machines to use static IP addresses]
+* xref:../../../post_installation_configuration/node-tasks.html#nodes-vsphere-machine-set-scaling-static-ip_post-install-node-tasks[Using a machine set to scale machines with configured static IP addresses]
diff --git a/installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc b/installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc
new file mode 100644
index 000000000000..6adf0f1c0dbb
--- /dev/null
+++ b/installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc
@@ -0,0 +1,32 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="ipi-vsphere-preparing-to-install"]
+= Preparing to install a cluster using installer-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: ipi-vsphere-preparing-to-install
+
+toc::[]
+
+You prepare to install an {product-title} cluster on vSphere by completing the following steps:
+
+* Downloading the installation program.
++
+[NOTE]
+====
+If you are installing in a disconnected environment, you extract the installation program from the mirrored content. For more information, see xref:../../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[Mirroring images for a disconnected installation].
+====
+* Installing the {oc-first}.
++
+[NOTE]
+====
+If you are installing in a disconnected environment, install `oc` to the mirror host.
+====
+* Generating an SSH key pair. You can use this key pair to authenticate into the {product-title} cluster's nodes after it is deployed.
+* Adding your vCenter’s trusted root CA certificates to your system trust.
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-adding-vcenter-root-certificates.adoc[leveloffset=+1]
diff --git a/installing/installing_vsphere/ipi/modules b/installing/installing_vsphere/ipi/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/installing/installing_vsphere/ipi/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/virt/virtual_machines/vm_networking/snippets b/installing/installing_vsphere/ipi/snippets
similarity index 100%
rename from virt/virtual_machines/vm_networking/snippets
rename to installing/installing_vsphere/ipi/snippets
diff --git a/installing/installing_vsphere/preparing-to-install-on-vsphere.adoc b/installing/installing_vsphere/preparing-to-install-on-vsphere.adoc
index 2a90758bfed1..0c251eac8047 100644
--- a/installing/installing_vsphere/preparing-to-install-on-vsphere.adoc
+++ b/installing/installing_vsphere/preparing-to-install-on-vsphere.adoc
@@ -1,75 +1,41 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-on-vsphere"]
-= Preparing to install on vSphere
+= Installation methods
 include::_attributes/common-attributes.adoc[]
 :context: preparing-to-install-on-vsphere
 
 toc::[]
 
-
-[id="preparing-to-install-on-vsphere-prerequisites"]
-== Prerequisites
-
-* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
-
-* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
-
-* If you use a firewall and plan to use Telemetry, you
-xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] required by your cluster.
-
-* You reviewed your VMware platform licenses. Red Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
-
-[id="choosing-a-method-to-install-ocp-on-vsphere"]
-== Choosing a method to install {product-title} on vSphere
-
-You can install {product-title} with the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[{ai-full}]. This method requires no setup for the installer, and is ideal for connected environments like vSphere. Installing with the {ai-full} also provides integration with vSphere, enabling autoscaling. See xref:../../installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc#installing-on-prem-assisted[Installing an on-premise cluster using the {ai-full}] for additional details.
+You can install {product-title} with the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}]. This method requires no setup for the installer, and is ideal for connected environments like vSphere. Installing with the {ai-full} also provides integration with vSphere, enabling autoscaling. See xref:../../installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc#installing-on-prem-assisted[Installing an on-premise cluster using the {ai-full}] for additional details.
 
 You can also install {product-title} on vSphere by using installer-provisioned or user-provisioned infrastructure. Installer-provisioned infrastructure is ideal for installing in environments with air-gapped/restricted networks, where the installation program provisions the underlying infrastructure for the cluster. You can also install {product-title} on infrastructure that you provide. If you do not use infrastructure that the installation program provisions, you must manage and maintain the cluster resources yourself.
 
-See the xref:../../architecture/architecture-installation.html#installation-process_architecture-installation[Installation process] for more information about installer-provisioned and user-provisioned installation processes.
+See the xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned and user-provisioned installation processes.
 
 [IMPORTANT]
 ====
 The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
 ====
 
+== Installer-provisioned infrastructure installation of {product-title} on vSphere
 
-=== Installer-provisioned infrastructure installation of {product-title} on vSphere
-
-Installer-provisioned infrastructure allows the installation program to pre-configure and automate the provisioning of resources required by {product-title}.
+Installer-provisioned infrastructure allows the installation program to preconfigure and automate the provisioning of resources required by {product-title}.
 
-* **xref:../../installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[Installing a cluster on vSphere]**: You can install {product-title} on vSphere by using installer-provisioned infrastructure installation with no customization.
+* **xref:../../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[Installing a cluster on vSphere]**: You can install {product-title} on vSphere by using installer-provisioned infrastructure installation with no customization.
 
-* **xref:../../installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[Installing a cluster on vSphere with customizations]**: You can install {product-title} on vSphere by using installer-provisioned infrastructure installation with the default customization options.
+* **xref:../../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc#installing-vsphere-installer-provisioned-customizations[Installing a cluster on vSphere with customizations]**: You can install {product-title} on vSphere by using installer-provisioned infrastructure installation with the default customization options.
 
-* **xref:../../installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[Installing a cluster on vSphere with network customizations]**: You can install {product-title} on installer-provisioned vSphere infrastructure, with network customizations. You can customize your {product-title} network configuration during installation, so that your cluster can coexist with your existing IP address allocations and adhere to your network requirements.
+* **xref:../../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc#installing-vsphere-installer-provisioned-network-customizations[Installing a cluster on vSphere with network customizations]**: You can install {product-title} on installer-provisioned vSphere infrastructure, with network customizations. You can customize your {product-title} network configuration during installation, so that your cluster can coexist with your existing IP address allocations and adhere to your network requirements.
 
-* **xref:../../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[Installing a cluster on vSphere in a restricted network]**: You can install a cluster on VMware vSphere infrastructure in a restricted network by creating an internal mirror of the installation release content.
+* **xref:../../installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[Installing a cluster on vSphere in a restricted network]**: You can install a cluster on VMware vSphere infrastructure in a restricted network by creating an internal mirror of the installation release content.
  You can use this method to deploy {product-title} on an internal network that is not visible to the internet.
 
-=== User-provisioned infrastructure installation of {product-title} on vSphere
+== User-provisioned infrastructure installation of {product-title} on vSphere
 
 User-provisioned infrastructure requires the user to provision all resources required by {product-title}.
 
-* **xref:../../installing/installing_vsphere/installing-vsphere.adoc#[Installing a cluster on vSphere with user-provisioned infrastructure]**: You can install {product-title} on VMware vSphere infrastructure that you provision.
-
-* **xref:../../installing/installing_vsphere/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[Installing a cluster on vSphere with network customizations with user-provisioned infrastructure]**: You can install {product-title} on VMware vSphere infrastructure that you provision with customized network configuration options.
-
-* **xref:../../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure]**: {product-title} can be installed on VMware vSphere infrastructure that you provision in a restricted network.
-
-include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
-
-include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* To remove a third-party vSphere CSI driver, see xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
-
-== Configuring the vSphere connection settings
-
-* **xref:../../installing/installing_vsphere/installing-vsphere-post-installation-configuration.adoc#installing-vsphere-post-installation-configuration[Updating the vSphere connection settings following an installation]**: For installations on vSphere using the Assisted Installer, you must manually update the vSphere connection settings to complete the installation. For installer-provisioned or user-provisioned infrastructure installations on vSphere, you can optionally validate or modify the vSphere connection settings at any time.
+* **xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#[Installing a cluster on vSphere with user-provisioned infrastructure]**: You can install {product-title} on VMware vSphere infrastructure that you provision.
 
-== Uninstalling an installer-provisioned infrastructure installation of {product-title} on vSphere
+* **xref:../../installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc#installing-vsphere-network-customizations[Installing a cluster on vSphere with network customizations with user-provisioned infrastructure]**: You can install {product-title} on VMware vSphere infrastructure that you provision with customized network configuration options.
 
-* **xref:../../installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc#uninstalling-cluster-vsphere-installer-provisioned[Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure]**: You can remove a cluster that you deployed on VMware vSphere infrastructure that used installer-provisioned infrastructure.
+* **xref:../../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure]**: {product-title} can be installed on VMware vSphere infrastructure that you provision in a restricted network.
diff --git a/installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc b/installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc
index 92ef5ed520cf..3c9a6f8d775e 100644
--- a/installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc
+++ b/installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-cluster-vsphere-installer-provisioned"]
 = Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_vsphere/upi/_attributes b/installing/installing_vsphere/upi/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/installing/installing_vsphere/upi/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/installing/installing_vsphere/upi/images b/installing/installing_vsphere/upi/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/installing/installing_vsphere/upi/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc b/installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc
new file mode 100644
index 000000000000..c6a1a5646ab0
--- /dev/null
+++ b/installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc
@@ -0,0 +1,131 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-restricted-networks-vsphere"]
+= Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: installing-restricted-networks-vsphere
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on
+VMware vSphere infrastructure that you provision in a restricted network.
+
+include::snippets/vcenter-support.adoc[]
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
+====
+
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc#upi-vsphere-preparing-to-install[Preparing to install a cluster using user-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[created a registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
+====
+* You provisioned xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide
+`ReadWriteMany` access modes.
+* Completing the installation requires that you upload the {op-system-first} OVA on vSphere hosts. The machine from which you complete this process requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
+* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall and plan to use the Telemetry service, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+//You extract the installation program from the mirrored content.
+
+//You can install the CLI on the mirror host.
+
+include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
+
+include::modules/installation-initializing-manual.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
+
+include::modules/installation-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+//include::modules/installation-three-node-cluster.adoc[leveloffset=+2]
+
+include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
+
+include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1]
+
+include::modules/installation-special-config-chrony.adoc[leveloffset=+1]
+
+include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-machines.adoc[leveloffset=+1]
+
+include::modules/machine-vsphere-machines.adoc[leveloffset=+1]
+
+include::modules/installation-disk-partitioning.adoc[leveloffset=+1]
+
+include::modules/architecture-rhcos-updating-bootloader.adoc[leveloffset=+1]
+
+include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-operators-config.adoc[leveloffset=+1]
+
+include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
+
+For instructions about configuring registry storage so that it references the correct PVC, see xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
+
+include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
+
+You can add extra compute machines after the cluster installation is completed by following xref:../../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere].
+
+include::modules/vsphere-anti-affinity.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+== Next steps
+
+* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
+* If necessary, you can
+xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* Optional: xref:../../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
+* Optional: if you created encrypted virtual machines, xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[create an encrypted storage class].
diff --git a/installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc b/installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc
new file mode 100644
index 000000000000..5765802cfb07
--- /dev/null
+++ b/installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc
@@ -0,0 +1,116 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere-network-customizations"]
+= Installing a cluster on vSphere with network customizations
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere-network-customizations
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on
+VMware vSphere infrastructure that you provision with customized network
+configuration options. By customizing your network configuration, your cluster
+can coexist with existing IP address allocations in your environment and
+integrate with existing MTU and VXLAN configurations.
+
+include::snippets/vcenter-support.adoc[]
+
+You must set most of the network configuration parameters during installation,
+and you can modify only `kubeProxy` configuration parameters in a running
+cluster.
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
+====
+
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc#upi-vsphere-preparing-to-install[Preparing to install a cluster using user-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* Completing the installation requires that you upload the {op-system-first} OVA on vSphere hosts. The machine from which you complete this process requires access to port 443 on the vCenter and ESXi hosts. Verify that port 443 is accessible.
+* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
+
+include::modules/installation-initializing-manual.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
+
+include::modules/installation-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
+
+// Network Operator specific configuration
+include::modules/nw-network-config.adoc[leveloffset=+1]
+include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
+include::modules/nw-operator-cr.adoc[leveloffset=+1]
+
+include::modules/installation-generate-ignition-configs.adoc[leveloffset=+1]
+
+include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-machines.adoc[leveloffset=+1]
+
+include::modules/machine-vsphere-machines.adoc[leveloffset=+1]
+
+include::modules/installation-disk-partitioning.adoc[leveloffset=+1]
+
+include::modules/architecture-rhcos-updating-bootloader.adoc[leveloffset=+1]
+
+include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-operators-config.adoc[leveloffset=+2]
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
+
+For instructions about configuring registry storage so that it references the correct PVC, see xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
+
+include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
+
+You can add extra compute machines after the cluster installation is completed by following xref:../../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere].
+
+include::modules/vsphere-anti-affinity.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+== Next steps
+
+* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can
+xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
+* Optional: xref:../../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
+* Optional: if you created encrypted virtual machines, xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[create an encrypted storage class].
diff --git a/installing/installing_vsphere/upi/installing-vsphere.adoc b/installing/installing_vsphere/upi/installing-vsphere.adoc
new file mode 100644
index 000000000000..c2d42c582c85
--- /dev/null
+++ b/installing/installing_vsphere/upi/installing-vsphere.adoc
@@ -0,0 +1,117 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-vsphere"]
+= Installing a cluster on vSphere with user-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: installing-vsphere
+:platform: vSphere
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on
+VMware vSphere infrastructure that you provision.
+
+include::snippets/vcenter-support.adoc[]
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the vSphere platform and the installation process of {product-title}. Use the user-provisioned infrastructure installation instructions as a guide; you are free to create the required resources through other methods.
+====
+
+== Prerequisites
+
+* You have completed the tasks in xref:../../../installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc#upi-vsphere-preparing-to-install[Preparing to install a cluster using user-provisioned infrastructure].
+* You reviewed your VMware platform licenses. Red{nbsp}Hat does not place any restrictions on your VMware licenses, but some VMware infrastructure components require licensing.
+* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You provisioned xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide `ReadWriteMany` access modes.
+* Completing the installation requires that you upload the {op-system-first} OVA on vSphere hosts. The machine from which you complete this process requires access to port 443 on the vCenter and ESXi hosts. You verified that port 443 is accessible.
+* If you use a firewall, you confirmed with the administrator that port 443 is accessible. Control plane nodes must be able to reach vCenter and ESXi hosts on port 443 for the installation to succeed.
+* If you use a firewall, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-regions-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-configuration-parameters-additional-vsphere_installation-config-parameters-vsphere[Additional VMware vSphere configuration parameters]
+
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#deprecated-parameters-vsphere_installation-config-parameters-vsphere[Deprecated VMware vSphere configuration parameters]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration-sc-vsphere_persistent-storage-csi-migration[vSphere automatic migration]
+
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-top-aware_persistent-storage-csi-vsphere[VMware vSphere CSI Driver Operator]
+
+include::modules/installation-initializing-manual.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../installing/installing_vsphere/installation-config-parameters-vsphere.adoc#installation-config-parameters-vsphere[Installation configuration parameters]
+
+include::modules/installation-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+//include::modules/installation-three-node-cluster.adoc[leveloffset=+2]
+
+include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
+
+include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1]
+
+include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-machines.adoc[leveloffset=+1]
+
+include::modules/machine-vsphere-machines.adoc[leveloffset=+1]
+
+include::modules/installation-disk-partitioning.adoc[leveloffset=+1]
+
+include::modules/architecture-rhcos-updating-bootloader.adoc[leveloffset=+1]
+
+include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-operators-config.adoc[leveloffset=+1]
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+3]
+
+For instructions about configuring registry storage so that it references the correct PVC, see xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#registry-configuring-storage-vsphere_configuring-registry-storage-vsphere[Configuring the registry for vSphere].
+
+include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
+
+You can add extra compute machines after the cluster installation is completed by following xref:../../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere].
+
+include::modules/vsphere-anti-affinity.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
+
+== Next steps
+
+* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can
+xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* xref:../../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].
+* Optional: xref:../../../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#vsphere-problem-detector-viewing-events_vsphere-problem-detector[View the events from the vSphere Problem Detector Operator] to determine if the cluster has permission or storage configuration issues.
+* Optional: if you created encrypted virtual machines, xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[create an encrypted storage class].
diff --git a/installing/installing_vsphere/upi/modules b/installing/installing_vsphere/upi/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/installing/installing_vsphere/upi/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/installing/installing_vsphere/upi/snippets b/installing/installing_vsphere/upi/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/installing/installing_vsphere/upi/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc b/installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
new file mode 100644
index 000000000000..5018771167b2
--- /dev/null
+++ b/installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
@@ -0,0 +1,56 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="upi-vsphere-installation-reqs"]
+= vSphere installation requirements for user-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: upi-vsphere-installation-reqs
+
+toc::[]
+
+Before you begin an installation on infrastructure that you provision, be sure that your vSphere environment meets the following installation requirements.
+
+include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
+include::modules/vmware-csi-driver-reqs.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* To remove a third-party vSphere CSI driver, see xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-install-issues_persistent-storage-csi-vsphere[Removing a third-party vSphere CSI Driver].
+* To update the hardware version for your vSphere nodes, see xref:../../../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on nodes running in vSphere].
+* xref:../../../installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc#installation-vsphere-minimum-permissions-storage_upi-vsphere-installation-reqs[Minimum permissions for the storage components]
+
+[id="reqs-for-a-cluster-with-user-provisioned-infrastructure_upi-vsphere-installation-reqs"]
+== Requirements for a cluster with user-provisioned infrastructure
+
+For a cluster that contains user-provisioned infrastructure, you must deploy all of the required machines.
+
+This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.
+
+include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../machine_management/creating_machinesets/creating-machineset-vsphere.adoc#creating-machineset-vsphere_creating-machineset-vsphere[Creating a compute machine set on vSphere]
+
+include::modules/installation-machine-requirements.adoc[leveloffset=+2]
+include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
+include::modules/installation-vsphere-encrypted-vms.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[Creating an encrypted storage class]
+
+include::modules/csr-management.adoc[leveloffset=+2]
+include::modules/installation-network-user-infra.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/install_config/installing-customizing.adoc#installation-special-config-chrony_installing-customizing[Configuring chrony time service]
+
+include::modules/installation-dns-user-infra.adoc[leveloffset=+2]
+include::modules/installation-load-balancing-user-infra.adoc[leveloffset=+2]
diff --git a/installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc b/installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
new file mode 100644
index 000000000000..4dced0f3f238
--- /dev/null
+++ b/installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
@@ -0,0 +1,35 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="upi-vsphere-preparing-to-install"]
+= Preparing to install a cluster using user-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: upi-vsphere-preparing-to-install
+
+toc::[]
+
+You prepare to install an {product-title} cluster on vSphere by completing the following steps:
+
+* Downloading the installation program.
++
+[NOTE]
+====
+If you are installing in a disconnected environment, you extract the installation program from the mirrored content. For more information, see xref:../../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[Mirroring images for a disconnected installation].
+====
+* Installing the {oc-first}.
++
+[NOTE]
+====
+If you are installing in a disconnected environment, install `oc` to the mirror host.
+====
+* Generating an SSH key pair. You can use this key pair to authenticate into the {product-title} cluster's nodes after it is deployed.
+* Preparing the user-provisioned infrastructure.
+* Validating DNS resolution.
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-user-provisioned-validating-dns.adoc[leveloffset=+1]
diff --git a/installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc b/installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc
index 2d89bc05a81f..4785571c7753 100644
--- a/installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc
+++ b/installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-vsphere-problem-detector-operator"]
 = Using the vSphere Problem Detector Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/installing_with_agent_based_installer/installation-config-parameters-agent.adoc b/installing/installing_with_agent_based_installer/installation-config-parameters-agent.adoc
new file mode 100644
index 000000000000..1655c558c411
--- /dev/null
+++ b/installing/installing_with_agent_based_installer/installation-config-parameters-agent.adoc
@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installation-config-parameters-agent"]
+= Installation configuration parameters for the Agent-based Installer
+include::_attributes/common-attributes.adoc[]
+:context: installation-config-parameters-agent
+
+toc::[]
+
+Before you deploy an {product-title} cluster using the Agent-based Installer, you provide parameters to customize your cluster and the platform that hosts it.
+When you create the `install-config.yaml` and `agent-config.yaml` files, you must provide values for the required parameters, and you can use the optional parameters to customize your cluster further.
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#bmc-addressing_ipi-install-installation-workflow[BMC addressing]
+
+include::modules/agent-configuration-parameters.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_with_agent_based_installer/prepare-pxe-assets-agent.adoc#prepare-pxe-assets-agent[Preparing PXE assets for {product-title}]
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#root-device-hints_ipi-install-installation-workflow[Root device hints]
\ No newline at end of file
diff --git a/installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc b/installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc
index d7cbe43b7e40..d01b9c1596ed 100644
--- a/installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc
+++ b/installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-with-agent-based-installer"]
-= Installing a {product-title} cluster with the Agent-based Installer
+= Installing an {product-title} cluster with the Agent-based Installer
 include::_attributes/common-attributes.adoc[]
 :context: installing-with-agent-based-installer
 
@@ -13,6 +13,8 @@ Use the following procedures to install an {product-title} cluster using the Age
 
 * You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
 * You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* If you use a firewall or proxy, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+
 
 // This anchor ID is extracted/replicated from the former installing-ocp-agent.adoc module to preserve links.
 [id="installing-ocp-agent_installing-with-agent-based-installer"]
@@ -20,12 +22,44 @@ Use the following procedures to install an {product-title} cluster using the Age
 
 The following procedures deploy a single-node {product-title} in a disconnected environment. You can use these procedures as a basis and modify according to your requirements.
 
+// Downloading the Agent-based Installer
 include::modules/installing-ocp-agent-download.adoc[leveloffset=+2]
 
+// Creating the preferred configuration inputs
+include::modules/installing-ocp-agent-inputs.adoc[leveloffset=+2]
+
+[id="installing-ocp-agent-opt-manifests_{context}"]
+=== Optional: Creating additional manifest files
+
+You can create additional manifests to further configure your cluster beyond the configurations available in the `install-config.yaml` and `agent-config.yaml` files.
+
+// Partitioning the disk
+include::modules/installation-user-infra-machines-advanced.adoc[leveloffset=+3]
+
+// Optional: Using ZTP manifests
+include::modules/installing-ocp-agent-ZTP.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc#sample-ztp-custom-resources_installing-with-agent-based-installer[Sample {ztp} custom resources].
+
+* See xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc#ztp-deploying-far-edge-clusters-at-scale[Challenges of the network far edge] to learn more about {ztp-first}.
+
+// Optional: Encrypting the disk
+include::modules/installing-ocp-agent-encrypt.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-encrypt-disk_installing-customizing[About disk encryption]
+
+// Creating and booting the agent image
 include::modules/installing-ocp-agent-boot.adoc[leveloffset=+2]
 
+// Verifying that the current installation host can pull release images
 include::modules/installing-ocp-agent-tui.adoc[leveloffset=+2]
 
+// Tracking and verifying installation progress
 include::modules/installing-ocp-agent-verify.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -42,3 +76,7 @@ include::modules/sample-ztp-custom-resources.adoc[leveloffset=+1]
 .Additional resources
 
 * See xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc#ztp-deploying-far-edge-clusters-at-scale[Challenges of the network far edge] to learn more about {ztp-first}.
+
+
+// Gathering log data from a failed Agent-based installation
+include::modules/installing-ocp-agent-gather-log.adoc[leveloffset=+1]
diff --git a/installing/installing_with_agent_based_installer/prepare-pxe-assets-agent.adoc b/installing/installing_with_agent_based_installer/prepare-pxe-assets-agent.adoc
new file mode 100644
index 000000000000..7d0af3d73a0a
--- /dev/null
+++ b/installing/installing_with_agent_based_installer/prepare-pxe-assets-agent.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="prepare-pxe-assets-agent"]
+= Preparing PXE assets for {product-title}
+include::_attributes/common-attributes.adoc[]
+:context: prepare-pxe-assets-agent
+
+toc::[]
+
+Use the following procedures to create the assets needed to PXE boot an {product-title} cluster using the Agent-based Installer.
+
+The assets you create in these procedures will deploy a single-node {product-title} installation. You can use these procedures as a basis and modify configurations according to your requirements.
+
+[id="prerequisites_prepare-pxe-assets-agent"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+
+// Downloading the Agent-based Installer
+include::modules/installing-ocp-agent-download.adoc[leveloffset=+1]
+
+// Creating the preferred configuration inputs
+include::modules/installing-ocp-agent-inputs.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#modifying-install-config-for-dual-stack-network_ipi-install-installation-workflow[Deploying with dual-stack networking].
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#configuring-the-install-config-file_ipi-install-installation-workflow[Configuring the install-config yaml file].
+* See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installation-three-node-cluster_installing-restricted-networks-bare-metal[Configuring a three-node cluster] to deploy three-node clusters in bare metal environments.
+* xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#root-device-hints_preparing-to-install-with-agent-based-installer[About root device hints].
+* link:https://nmstate.io/examples.html[NMState state examples].
+
+// Creating the PXE assets
+include::modules/pxe-assets-ocp-agent.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_prepare-pxe-assets-agent"]
+== Additional resources
+* See xref:../../installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc#installing-with-agent-based-installer[Installing an {product-title} cluster with the Agent-based Installer] to learn about more configurations available with the Agent-based Installer.
diff --git a/installing/installing_with_agent_based_installer/preparing-an-agent-based-installed-cluster-for-mce.adoc b/installing/installing_with_agent_based_installer/preparing-an-agent-based-installed-cluster-for-mce.adoc
index b41a0cda5e35..1f27c334ba86 100644
--- a/installing/installing_with_agent_based_installer/preparing-an-agent-based-installed-cluster-for-mce.adoc
+++ b/installing/installing_with_agent_based_installer/preparing-an-agent-based-installed-cluster-for-mce.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-an-agent-based-installed-cluster-for-mce"]
 = Preparing an Agent-based installed cluster for the multicluster engine for Kubernetes Operator
 include::_attributes/common-attributes.adoc[]
@@ -11,7 +11,7 @@ The following procedure is partially automated and requires manual steps after t
 
 == Prerequisites
 * You have read the following documentation:
-** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview[Cluster lifecycle with multicluster engine operator overview].
+** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview[Cluster lifecycle with multicluster engine operator overview].
 ** xref:../../storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc#persistent-storage-using-local-volume[Persistent storage using local volumes].
 ** xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc#about-ztp_ztp-deploying-far-edge-clusters-at-scale[Using ZTP to provision clusters at the network far edge].
 ** xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#preparing-to-install-with-agent-based-installer[Preparing to install with the Agent-based Installer].
@@ -20,8 +20,10 @@ The following procedure is partially automated and requires manual steps after t
 * You have installed the OpenShift CLI (`oc`).
 * If you are installing in a disconnected environment, you must have a configured local mirror registry for disconnected installation mirroring.
 
+// Preparing an Agent-based cluster deployment for the multicluster engine for Kubernetes Operator while disconnected
 include::modules/preparing-an-inital-cluster-deployment-for-mce-disconnected.adoc[leveloffset=+1]
 
+// Preparing an Agent-based cluster deployment for the multicluster engine for Kubernetes Operator while connected
 include::modules/preparing-an-inital-cluster-deployment-for-mce-connected.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc b/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc
index 3b9160d331a6..22194725d3e4 100644
--- a/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc
+++ b/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-to-install-with-agent-based-installer"]
-= Preparing to install with the Agent-based installer
+= Preparing to install with the Agent-based Installer
 include::_attributes/common-attributes.adoc[]
 :context: preparing-to-install-with-agent-based-installer
 
@@ -16,10 +16,22 @@ It generates a bootable ISO image containing all of the information required to
 The configuration is in the same format as for the installer-provisioned infrastructure and user-provisioned infrastructure installation methods.
 The Agent-based Installer can also optionally generate or accept Zero Touch Provisioning (ZTP) custom resources. ZTP allows you to provision new edge sites with declarative configurations of bare-metal equipment.
 
+//Understanding Agent-based Installer
 include::modules/understanding-agent-install.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#installation-requirements-platform-none_preparing-to-install-with-agent-based-installer[Requirements for a cluster using the platform "none" option]
+
+* xref:../installing_bare_metal_ipi/ipi-install-prerequisites.adoc#network-requirements-increase-mtu_ipi-install-prerequisites[Increase the network MTU]
+
+* xref:../../nodes/nodes/nodes-sno-worker-nodes.adoc#nodes-sno-worker-nodes[Adding worker nodes to {sno} clusters]
+
+//About FIPS compliance
 include::modules/agent-installer-fips-compliance.adoc[leveloffset=+1]
 
+//Configuring FIPS through the Agent-based Installer
 include::modules/agent-installer-configuring-fips-compliance.adoc[leveloffset=+1]
 
 [discrete]
@@ -28,14 +40,26 @@ include::modules/agent-installer-configuring-fips-compliance.adoc[leveloffset=+1
 
 * link:https://access.redhat.com/articles/5059881[OpenShift Security Guide Book]
 
-////
 * xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography]
-////
 
+//About networking
 include::modules/agent-install-networking.adoc[leveloffset=+1]
 
+[id="installation-requirements-platform-none_{context}"]
+== Requirements for a cluster using the platform "none" option
+
+This section describes the requirements for an Agent-based {product-title} installation that is configured to use the platform `none` option.
+
+//Platform "none" DNS requirements
+include::modules/agent-install-dns-none.adoc[leveloffset=+2]
+
+//Platform "none" Load balancing requirements
+include::modules/agent-install-load-balancing-none.adoc[leveloffset=+2]
+
+//Example: Bonds and VLAN interface node network configuration
 include::modules/agent-install-sample-config-bonds-vlans.adoc[leveloffset=+1]
 
+//Example: Bonds and SR-IOV dual-nic node network configuration
 include::modules/agent-install-sample-config-bond-sriov.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -43,10 +67,13 @@ include::modules/agent-install-sample-config-bond-sriov.adoc[leveloffset=+1]
 
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/configuring-network-bonding_configuring-and-managing-networking[Configuring network bonding]
 
+//Sample install-config.yaml file for bare metal
 include::modules/installation-bare-metal-agent-installer-config-yaml.adoc[leveloffset=+1]
 
+//Validation checks before agent ISO creation
 include::modules/validations-before-agent-iso-creation.adoc[leveloffset=+1]
 
+//About root device hints
 include::modules/agent-install-ipi-install-root-device-hints.adoc[leveloffset=+1]
 
 [id="agent-based-installation-next-steps"]
diff --git a/installing/installing_with_agent_based_installer/understanding-disconnected-installation-mirroring.adoc b/installing/installing_with_agent_based_installer/understanding-disconnected-installation-mirroring.adoc
index 83ab77c427f8..986de3596304 100644
--- a/installing/installing_with_agent_based_installer/understanding-disconnected-installation-mirroring.adoc
+++ b/installing/installing_with_agent_based_installer/understanding-disconnected-installation-mirroring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-disconnected-installation-mirroring"]
 = Understanding disconnected installation mirroring
 include::_attributes/common-attributes.adoc[]
diff --git a/installing/validating-an-installation.adoc b/installing/validating-an-installation.adoc
index 63a0d6b575ec..adfca6747a6d 100644
--- a/installing/validating-an-installation.adoc
+++ b/installing/validating-an-installation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="validating-an-installation"]
 = Validating an installation
 include::_attributes/common-attributes.adoc[]
@@ -26,7 +26,10 @@ include::modules/getting-cluster-version-status-and-update-details.adoc[leveloff
 
 * See xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[Updating a cluster using the web console] for more information on updating your cluster.
 
-* See xref:../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases] for an overview about update release channels.
+* See xref:../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases] for an overview about update release channels.
+
+// Verification steps for the Cloud Credential Operator utility (`ccoctl`)
+include::modules/cco-ccoctl-install-verifying.adoc[leveloffset=+1]
 
 //Querying the status of the cluster nodes by using the CLI
 include::modules/querying-the-status-of-cluster-nodes-using-the-cli.adoc[leveloffset=+1]
diff --git a/logging/.meta-logging-quickref.adoc b/logging/.meta-logging-quickref.adoc
deleted file mode 100644
index 1f902314ffd8..000000000000
--- a/logging/.meta-logging-quickref.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-= Logging Meta Reference for Writers
-
-This hidden file contains meta content for writers and is not for inclusion in published docs. For Logging 5.5+ documentation has shifted to a per version of Logging approach. Files created for logging after this change follow the naming convention 'logging-description', while files created prior to this change use 'cluster-logging-description'.
-
-== Logging Files
-Files referenced only apply to versions 5.5+ of logging.
-
-* Assemblies
-** logging-5-5-administration.adoc
-** logging-5-5-architecture.adoc
-** logging-5-5-configuration.adoc
-** logging-5-5-reference.adoc
-** logging-5-5-release-notes.adoc
-** logging-5-6-administration.adoc
-** logging-5-6-architecture.adoc
-** logging-5-6-configuration.adoc
-** logging-5-6-reference.adoc
-** logging-5-6-release-notes.adoc
-
-.Include syntax:
-----
-\include::target[leveloffset=offset,lines=ranges]
-\include::modules/logging-module-name.adoc[leveloffset=+1,lines=5..10]
-\include::snippets/
-----
-
-* Modules
-** logging-rn-5.5.5.adoc
-** logging-rn-5.5.4.adoc
-** logging-rn-5.5.3.adoc
-** logging-rn-5.5.2.adoc
-** logging-rn-5.5.1.adoc
-** logging-rn-5.5.0.adoc
-** logging-loki-retention.adoc
-
-
-* Snippets
-** logging-stable-updates-snip.adoc[]
-** logging-log-types-snip.adoc[]
-** logging-compatibility-snip.adoc[]
-** logging-loki-vs-lokistack-snip.adoc[]
-** logging-create-secret-snip.adoc[]
-** logging-supported-config-snip.adoc[]
-** logging-approval-strategy-snip.adoc[]
-** logging-subscription-object-snip.adoc[
-** logging-create-apply-cr-snip.adoc[]
diff --git a/microshift_storage/container_storage_interface_microshift/_attributes b/logging/api_reference/_attributes
similarity index 100%
rename from microshift_storage/container_storage_interface_microshift/_attributes
rename to logging/api_reference/_attributes
diff --git a/logging/api_reference/images b/logging/api_reference/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/api_reference/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/api_reference/logging-5-6-reference.adoc b/logging/api_reference/logging-5-6-reference.adoc
new file mode 100644
index 000000000000..b28f99945c7c
--- /dev/null
+++ b/logging/api_reference/logging-5-6-reference.adoc
@@ -0,0 +1,9 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="logging-5-6-reference"]
+= 5.6 Logging API reference
+include::_attributes/common-attributes.adoc[]
+:context: logging-5-6-reference
+
+toc::[]
+
+include::modules/logging-5.6-api-ref.adoc[leveloffset=+1]
diff --git a/logging/api_reference/logging-5-7-reference.adoc b/logging/api_reference/logging-5-7-reference.adoc
new file mode 100644
index 000000000000..2c1be2346c72
--- /dev/null
+++ b/logging/api_reference/logging-5-7-reference.adoc
@@ -0,0 +1,7 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="logging-5-7-reference"]
+= 5.7 Logging API reference
+include::_attributes/common-attributes.adoc[]
+:context: logging-5-7-reference
+
+toc::[]
diff --git a/logging/api_reference/logging-5-8-reference.adoc b/logging/api_reference/logging-5-8-reference.adoc
new file mode 100644
index 000000000000..8fb45f49a6c9
--- /dev/null
+++ b/logging/api_reference/logging-5-8-reference.adoc
@@ -0,0 +1,7 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="logging-5-8-reference"]
+= 5.8 Logging API reference
+include::_attributes/common-attributes.adoc[]
+:context: logging-5-8-reference
+
+toc::[]
diff --git a/virt/node_maintenance/modules b/logging/api_reference/modules
similarity index 100%
rename from virt/node_maintenance/modules
rename to logging/api_reference/modules
diff --git a/logging/v5_7/snippets b/logging/api_reference/snippets
similarity index 100%
rename from logging/v5_7/snippets
rename to logging/api_reference/snippets
diff --git a/logging/cluster-logging-dashboards.adoc b/logging/cluster-logging-dashboards.adoc
deleted file mode 100644
index 72a885c2f3d4..000000000000
--- a/logging/cluster-logging-dashboards.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="cluster-logging-dashboards"]
-= Viewing cluster dashboards
-:context: cluster-logging-dashboards
-
-toc::[]
-
-The *Logging/Elasticsearch Nodes* and *Openshift Logging* dashboards in the 
-ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} web console 
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-{cluster-manager-url} 
-endif::[]
-contain in-depth details about your Elasticsearch instance and the individual Elasticsearch nodes that you can use to prevent and diagnose problems.
-
-The *OpenShift Logging* dashboard contains charts that show details about your Elasticsearch instance at a cluster level, including cluster resources, garbage collection, shards in the cluster, and Fluentd statistics.
-
-The *Logging/Elasticsearch Nodes* dashboard contains charts that show details about your Elasticsearch instance, many at node level, including details on indexing, shards, resources, and so forth.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-dashboards-access.adoc[leveloffset=+1]
-
-For information on the dashboard charts, see xref:../logging/cluster-logging-dashboards.html#cluster-logging-dashboards-logging_cluster-logging-dashboards[About the OpenShift Logging dashboard] and xref:../logging/cluster-logging-dashboards.html#cluster-logging-dashboards-es_cluster-logging-dashboards[About the Logging/Elastisearch Nodes dashboard].
-
-include::modules/cluster-logging-dashboards-logging.adoc[leveloffset=+1]
-include::modules/cluster-logging-dashboards-es.adoc[leveloffset=+1]
diff --git a/logging/cluster-logging-deploying.adoc b/logging/cluster-logging-deploying.adoc
index d0826a689af3..80b591d37639 100644
--- a/logging/cluster-logging-deploying.adoc
+++ b/logging/cluster-logging-deploying.adoc
@@ -1,60 +1,51 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-deploying
 [id="cluster-logging-deploying"]
-= Installing the {logging-title}
+= Installing Logging
 include::_attributes/common-attributes.adoc[]
 include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-You can install the {logging-title} by deploying the OpenShift Elasticsearch and Red Hat OpenShift Logging Operators. The OpenShift Elasticsearch Operator creates and manages the Elasticsearch cluster used by OpenShift Logging. The {logging} Operator creates and manages the components of the logging stack.
+You can deploy {logging} by installing the {clo}. The {clo} creates and manages the components of the logging stack.
 
-The process for deploying the {logging} to {product-title} 
-ifdef::openshift-rosa[]
-(ROSA)
-endif::[]
- involves:
-
-* Reviewing the xref:../logging/config/cluster-logging-storage-considerations#cluster-logging-storage[{logging-uc} storage considerations].
-
-* Installing the logging subsystem for {product-title} using xref:../logging/cluster-logging-deploying.adoc#cluster-logging-deploy-console_cluster-logging-deploying[the web console] or xref:../logging/cluster-logging-deploying.adoc#cluster-logging-deploy-cli_cluster-logging-deploying[the CLI].
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-deploy-console.adoc[leveloffset=+1]
+include::snippets/logging-compatibility-snip.adoc[]
 
-[role="_additional-resources"]
-.Additional resources
+[IMPORTANT]
+====
+For new installations, use Vector and LokiStack. Elasticsearch and Fluentd are deprecated and are planned to be removed in a future release.
+====
 
-ifdef::openshift-enterprise,openshift-origin[]
-* xref:../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-operators-from-operatorhub_olm-adding-operators-to-a-cluster[Installing Operators from the OperatorHub]
-* xref:../logging/config/cluster-logging-collector.adoc#cluster-logging-removing-unused-components-if-no-elasticsearch_cluster-logging-collector[Removing unused components if you do not use the default Elasticsearch log store]
+ifdef::openshift-origin[]
+[id="prerequisites_cluster-logging-deploying"]
+== Prerequisites
+* Ensure that you have downloaded the {cluster-manager-url-pull} as shown in _Obtaining the installation program_ in the installation documentation for your platform.
++
+If you have the pull secret, add the `redhat-operators` catalog to the OperatorHub custom resource (CR) as shown in _Configuring {product-title} to use Red Hat Operators_.
 endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-* link:https://docs.openshift.com/container-platform/latest/operators/admin/olm-adding-operators-to-cluster.html[Installing Operators from OperatorHub]
-* link:https://docs.openshift.com/container-platform/latest/logging/config/cluster-logging-collector.html#cluster-logging-removing-unused-components-if-no-elasticsearch_cluster-logging-collector[Removing unused components if you do not use the default Elasticsearch log store]
-endif::[]
-
-== Post-installation tasks
-
-If you plan to use Kibana, you must xref:#cluster-logging-visualizer-indices_cluster-logging-deploying[manually create your Kibana index patterns and visualizations] to explore and visualize data in Kibana.
-
-If your network plugin enforces network isolation, xref:#cluster-logging-deploy-multitenant_cluster-logging-deploying[allow network traffic between the projects that contain the {logging} Operators].
 
+//Installing the CLO via webconsole
+include::modules/cluster-logging-deploy-console.adoc[leveloffset=+1]
+include::modules/create-cluster-logging-cr-console.adoc[leveloffset=+1]
 
+// Install using CLI
 include::modules/cluster-logging-deploy-cli.adoc[leveloffset=+1]
+include::modules/create-cluster-logging-cli.adoc[leveloffset=+1]
 
-== Post-installation tasks
+[id="cluster-logging-deploying-postinstallation"]
+== Postinstallation tasks
 
-If you plan to use Kibana, you must xref:#cluster-logging-visualizer-indices_cluster-logging-deploying[manually create your Kibana index patterns and visualizations] to explore and visualize data in Kibana.
+After you have installed the {clo}, you can configure your deployment by creating and modifying a `ClusterLogging` custom resource (CR).
 
-If your network plugin enforces network isolation, xref:#cluster-logging-deploy-multitenant_cluster-logging-deploying[allow network traffic between the projects that contain the {logging} Operators].
-
-include::modules/cluster-logging-visualizer-indices.adoc[leveloffset=+2]
+[TIP]
+====
+If you are not using the Elasticsearch log store, you can remove the internal Elasticsearch `logStore` and Kibana `visualization` components from the `ClusterLogging` custom resource (CR). Removing these components is optional but saves resources. See xref:../logging/log_storage/logging-config-es-store.adoc#cluster-logging-removing-unused-components-if-no-elasticsearch_logging-config-es-store[Removing unused components if you do not use the Elasticsearch log store].
+====
 
+include::modules/cluster-logging-about-crd.adoc[leveloffset=+2]
+include::modules/configuring-log-storage-cr.adoc[leveloffset=+2]
+include::modules/configuring-logging-collector.adoc[leveloffset=+2]
+include::modules/configuring-log-visualizer.adoc[leveloffset=+2]
 include::modules/cluster-logging-deploy-multitenant.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -70,9 +61,3 @@ ifdef::openshift-rosa,openshift-dedicated[]
 * link:https://docs.openshift.com/container-platform/latest/networking/openshift_sdn/about-openshift-sdn.html[About the OpenShift SDN default CNI network provider]
 * link:https://docs.openshift.com/container-platform/latest/networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.html[About the OVN-Kubernetes default Container Network Interface (CNI) network provider]
 endif::[]
-
-// include::modules/cluster-logging-deploy-memory.adoc[leveloffset=+1]
-
-// include::modules/cluster-logging-deploy-certificates.adoc[leveloffset=+1]
-
-// include::modules/cluster-logging-deploy-label.adoc[leveloffset=+1]
diff --git a/logging/cluster-logging-enabling-json-logging.adoc b/logging/cluster-logging-enabling-json-logging.adoc
deleted file mode 100644
index daca7c1d0c28..000000000000
--- a/logging/cluster-logging-enabling-json-logging.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-enabling-json-logging
-[id="cluster-logging-enabling-json-logging"]
-= Enabling JSON logging
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-You can configure the Log Forwarding API to parse JSON strings into a structured object.
-
-include::modules/cluster-logging-json-log-forwarding.adoc[leveloffset=+1]
-include::modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc[leveloffset=+1]
-include::modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-external[Forwarding logs to third-party systems]
diff --git a/logging/cluster-logging-eventrouter.adoc b/logging/cluster-logging-eventrouter.adoc
deleted file mode 100644
index c0397eee4000..000000000000
--- a/logging/cluster-logging-eventrouter.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-eventrouter
-[id="cluster-logging-eventrouter"]
-= Collecting and storing Kubernetes events
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-The {product-title} Event Router is a pod that watches Kubernetes events and logs them for collection by the {logging}. You must manually deploy the Event Router.
-
-The Event Router collects events from all projects and writes them to `STDOUT`. The collector then forwards those events to the store defined in the `ClusterLogForwarder` custom resource (CR).
-
-[IMPORTANT]
-====
-The Event Router adds additional load to Fluentd and can impact the number of other log messages that can be processed.
-====
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-eventrouter-deploy.adoc[leveloffset=+1]
diff --git a/logging/cluster-logging-exported-fields.adoc b/logging/cluster-logging-exported-fields.adoc
index 1a92d4622819..62eb8b902338 100644
--- a/logging/cluster-logging-exported-fields.adoc
+++ b/logging/cluster-logging-exported-fields.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cluster-logging-exported-fields"]
 = Log Record Fields
 include::_attributes/common-attributes.adoc[]
diff --git a/logging/cluster-logging-external.adoc b/logging/cluster-logging-external.adoc
deleted file mode 100644
index 465c610fa00d..000000000000
--- a/logging/cluster-logging-external.adoc
+++ /dev/null
@@ -1,211 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-external
-[id="cluster-logging-external"]
-= Forwarding logs to external third-party logging systems
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-
-toc::[]
-
-By default, the {logging} sends container and infrastructure logs to the default internal log store defined in the `ClusterLogging` custom resource. However, it does not send audit logs to the internal store because it does not provide secure storage. If this default configuration meets your needs, you do not need to configure the Cluster Log Forwarder.
-
-To send logs to other log aggregators, you use the {product-title} Cluster Log Forwarder. This API enables you to send container, infrastructure, and audit logs to specific endpoints within or outside your cluster. In addition, you can send different types of logs to various systems so that various individuals can access each type. You can also enable Transport Layer Security (TLS) support to send logs securely, as required by your organization.
-
-[NOTE]
-====
-To send audit logs to the default internal Elasticsearch log store, use the Cluster Log Forwarder as described in xref:../logging/config/cluster-logging-log-store.adoc#cluster-logging-elasticsearch-audit_cluster-logging-store[Forward audit logs to the log store].
-====
-
-When you forward logs externally, the {logging} creates or modifies a Fluentd config map to send logs using your desired protocols. You are responsible for configuring the protocol on the external log aggregator.
-
-[IMPORTANT]
-====
-You cannot use the config map methods and the Cluster Log Forwarder in the same cluster.
-====
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-collector-log-forwarding-about.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-forwarding-separate-indices.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forwarding-supported-plugins-5-1.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forwarding-supported-plugins-5-2.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forwarding-supported-plugins-5-3.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forwarding-supported-plugins-5-4.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forwarding-supported-plugins-5-5.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forwarding-supported-plugins-5-6.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forward-es.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forward-fluentd.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forward-syslog.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forward-cloudwatch.adoc[leveloffset=+1]
-
-[id="cluster-logging-collector-log-forward-sts-cloudwatch_{context}"]
-=== Forwarding logs to Amazon CloudWatch from STS enabled clusters
-
-For clusters with AWS Security Token Service (STS) enabled, you can create an AWS service account manually or create a credentials request by using the
-ifdef::openshift-enterprise,openshift-origin[]
-xref:../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc[Cloud Credential Operator(CCO)]
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-link:https://docs.openshift.com/container-platform/latest/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.html[Cloud Credential Operator(CCO)]
-endif::[]
- utility `ccoctl`.
-
-[NOTE]
-====
-This feature is not supported by the vector collector.
-====
-
-.Prerequisites
-
-* {logging-title-uc}: 5.5 and later
-
-
-.Procedure
-. Create a `CredentialsRequest` custom resource YAML by using the template below:
-+
-.CloudWatch credentials request template
-[source,yaml]
-----
-apiVersion: cloudcredential.openshift.io/v1
-kind: CredentialsRequest
-metadata:
-  name: <your_role_name>-credrequest
-  namespace: openshift-cloud-credential-operator
-spec:
-  providerSpec:
-    apiVersion: cloudcredential.openshift.io/v1
-    kind: AWSProviderSpec
-    statementEntries:
-      - action:
-          - logs:PutLogEvents
-          - logs:CreateLogGroup
-          - logs:PutRetentionPolicy
-          - logs:CreateLogStream
-          - logs:DescribeLogGroups
-          - logs:DescribeLogStreams
-        effect: Allow
-        resource: arn:aws:logs:*:*:*
-  secretRef:
-    name: <your_role_name>
-    namespace: openshift-logging
-  serviceAccountNames:
-    - logcollector
-----
-+
-. Use the `ccoctl` command to create a role for AWS using your `CredentialsRequest` CR. With the `CredentialsRequest` object, this `ccoctl` command creates an IAM role with a trust policy that is tied to the specified OIDC identity provider, and a permissions policy that grants permissions to perform operations on CloudWatch resources. This command also creates a YAML configuration file in `/<path_to_ccoctl_output_dir>/manifests/openshift-logging-<your_role_name>-credentials.yaml`. This secret file contains the `role_arn` key/value used during authentication with the AWS IAM identity provider.
-+
-[source,terminal]
-----
-$ ccoctl aws create-iam-roles \
---name=<name> \
---region=<aws_region> \
---credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \
---identity-provider-arn=arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com <1>
-----
-<1> <name> is the name used to tag your cloud resources and should match the name used during your STS cluster install
-+
-. Apply the secret created:
-[source,terminal]
-+
-----
-$ oc apply -f output/manifests/openshift-logging-<your_role_name>-credentials.yaml
-----
-+
-. Create or edit a `ClusterLogForwarder` custom resource:
-+
-[source,yaml]
-----
-apiVersion: "logging.openshift.io/v1"
-kind: ClusterLogForwarder
-metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
-spec:
-  outputs:
-   - name: cw <3>
-     type: cloudwatch <4>
-     cloudwatch:
-       groupBy: logType <5>
-       groupPrefix: <group prefix> <6>
-       region: us-east-2 <7>
-     secret:
-        name: <your_role_name> <8>
-  pipelines:
-    - name: to-cloudwatch <9>
-      inputRefs: <10>
-        - infrastructure
-        - audit
-        - application
-      outputRefs:
-        - cw <11>
-----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `cloudwatch` type.
-<5> Optional: Specify how to group the logs:
-+
-* `logType` creates log groups for each log type
-* `namespaceName` creates a log group for each application name space. Infrastructure and audit logs are unaffected, remaining grouped by `logType`.
-* `namespaceUUID` creates a new log groups for each application namespace UUID. It also creates separate log groups for infrastructure and audit logs.
-<6> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
-<7> Specify the AWS region.
-<8> Specify the name of the secret that contains your AWS credentials.
-<9> Optional: Specify a name for the pipeline.
-<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<11> Specify the name of the output to use when forwarding logs with this pipeline.
-
-[role="_additional-resources"]
-.Additional resources
-* link:https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html[AWS STS API Reference]
-
-include::modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc[leveloffset=+2]
-
-include::modules/cluster-logging-collector-log-forward-loki.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-troubleshooting-loki-entry-out-of-order-errors.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../logging/cluster-logging-exported-fields.adoc#cluster-logging-exported-fields-kubernetes_cluster-logging-exported-fields[Log Record Fields].
-
-* link:https://grafana.com/docs/loki/latest/configuration/[Configuring Loki server]
-
-ifndef::openshift-rosa[]
-include::modules/cluster-logging-collector-log-forward-gcp.adoc[leveloffset=+1]
-endif::openshift-rosa[]
-
-include::modules/logging-forward-splunk.adoc[leveloffset=+1]
-
-include::modules/logging-http-forward.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forward-project.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-ifdef::openshift-enterprise,openshift-origin[]
-* xref:../networking/ovn_kubernetes_network_provider/logging-network-policy.adoc#logging-network-policy[Logging for egress firewall and network policy rules]
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-* link:https://docs.openshift.com/container-platform/latest/networking/ovn_kubernetes_network_provider/logging-network-policy.html#logging-network-policy[Logging for egress firewall and network policy rules]
-endif::[]
-
-include::modules/cluster-logging-troubleshooting-log-forwarding.adoc[leveloffset=+1]
diff --git a/logging/cluster-logging-loki.adoc b/logging/cluster-logging-loki.adoc
deleted file mode 100644
index 7fc2561b7074..000000000000
--- a/logging/cluster-logging-loki.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-loki
-[id="cluster-logging-loki"]
-= Loki
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-include::modules/cluster-logging-loki-about.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-loki-deploy.adoc[leveloffset=+1]
-
-include::modules/logging-loki-retention.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-forwarding-lokistack.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-troubleshooting-loki-entry-out-of-order-errors.adoc[leveloffset=+2]
-
-== Additional Resources
-* link:https://grafana.com/docs/loki/latest/logql/[Loki Query Language (LogQL) Documentation]
-* link:https://loki-operator.dev/docs/howto_connect_grafana.md/[Grafana Dashboard Documentation]
-* link:https://loki-operator.dev/docs/object_storage.md/[Loki Object Storage Documentation]
-* link:https://grafana.com/docs/loki/latest/operations/storage/schema/#changing-the-schema[Loki Storage Schema Documentation]
diff --git a/logging/cluster-logging-release-notes.adoc b/logging/cluster-logging-release-notes.adoc
deleted file mode 100644
index edcebf2448c5..000000000000
--- a/logging/cluster-logging-release-notes.adoc
+++ /dev/null
@@ -1,1082 +0,0 @@
-:_content-type: ASSEMBLY
-[id="cluster-logging-release-notes"]
-include::_attributes/common-attributes.adoc[]
-= Release notes for Logging
-
-:context: cluster-logging-release-notes-v5x
-
-toc::[]
-
-include::snippets/logging-compatibility-snip.adoc[]
-
-include::snippets/logging-stable-updates-snip.adoc[]
-
-include::modules/logging-rn-5.7.2.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.7.1.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.7.0.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.6.5.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.6.4.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.6.3.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.6.2.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.6.1.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.6.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.10.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.9.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.8.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.7.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.6.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.5.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.4.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.3.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.5.2.adoc[leveloffset=+1]
-
-[id="cluster-logging-release-notes-5-5-1"]
-== Logging 5.5.1
-This release includes link:https://access.redhat.com/errata/RHSA-2022:6344[OpenShift Logging Bug Fix Release 5.5.1].
-
-[id="openshift-logging-5-5-1-enhancements_{context}"]
-=== Enhancements
-* This enhancement adds an *Aggregated Logs* tab to the *Pod Details* page of the {product-title} web console when the Logging Console Plugin is in use. This enhancement is only available on {product-title} 4.10 and later. (link:https://issues.redhat.com/browse/LOG-2647[LOG-2647])
-
-* This enhancement adds Google Cloud Logging as an output option for log forwarding. (link:https://issues.redhat.com/browse/LOG-1482[LOG-1482])
-//xref:cluster-logging-collector-log-forward-gcp.adoc
-
-[id="openshift-logging-5-5-1-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, the Operator did not ensure that the pod was ready, which caused the cluster to reach an inoperable state during a cluster restart. With this update, the Operator marks new pods as ready before continuing to a new pod during a restart, which resolves the issue. (link:https://issues.redhat.com/browse/LOG-2745[LOG-2745])
-
-* Before this update, Fluentd would sometimes not recognize that the Kubernetes platform rotated the log file and would no longer read log messages. This update corrects that by setting the configuration parameter suggested by the upstream development team. (link:https://issues.redhat.com/browse/LOG-2995[LOG-2995])
-
-* Before this update, the addition of multi-line error detection caused internal routing to change and forward records to the wrong destination. With this update, the internal routing is correct. (link:https://issues.redhat.com/browse/LOG-2801[LOG-2801])
-
-* Before this update, changing the {product-title} web console's refresh interval created an error when the *Query* field was empty. With this update, changing the interval is not an available option when the *Query* field is empty. (link:https://issues.redhat.com/browse/LOG-2917[LOG-2917])
-
-[id="openshift-logging-5-5-1-cves_{context}"]
-=== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-1705[CVE-2022-1705]
-* link:https://access.redhat.com/security/cve/CVE-2022-2526[CVE-2022-2526]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-30631[CVE-2022-30631]
-* link:https://access.redhat.com/security/cve/CVE-2022-32148[CVE-2022-32148]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-
-include::modules/cluster-logging-rn-5.5.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.14.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.13.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.12.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.11.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.10.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.9.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.8.adoc[leveloffset=+1]
-
-//include::modules/cluster-logging-rn-5.4.7.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.6.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.5.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.4.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.3.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.4.2.adoc[leveloffset=+1]
-
-[id="cluster-logging-release-notes-5-4-1_{context}"]
-== Logging 5.4.1
-This release includes link:https://access.redhat.com/errata/RHSA-2022:2216[RHSA-2022:2216-OpenShift Logging Bug Fix Release 5.4.1].
-
-[id="openshift-logging-5-4-1-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, the log file metric exporter only reported logs created while the exporter was running, which resulted in inaccurate log growth data. This update resolves this issue by monitoring `/var/log/pods`. (https://issues.redhat.com/browse/LOG-2442[LOG-2442])
-
-* Before this update, the collector would be blocked because it continually tried to use a stale connection when forwarding logs to fluentd forward receivers. With this release, the `keepalive_timeout` value has been set to 30 seconds (`30s`) so that the collector recycles the connection and re-attempts to send failed messages within a reasonable amount of time. (https://issues.redhat.com/browse/LOG-2534[LOG-2534])
-
-* Before this update, an error in the gateway component enforcing tenancy for reading logs limited access to logs with a Kubernetes namespace causing "audit" and some "infrastructure" logs to be unreadable. With this update, the proxy correctly detects users with admin access and allows access to logs without a namespace. (https://issues.redhat.com/browse/LOG-2448[LOG-2448])
-
-* Before this update, the `system:serviceaccount:openshift-monitoring:prometheus-k8s` service account had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the service account` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2437[LOG-2437])
-
-* Before this update, Linux audit log time parsing relied on an ordinal position of a key/value pair. This update changes the parsing to use a regular expression to find the time entry.  (https://issues.redhat.com/browse/LOG-2321[LOG-2321])
-
-
-[id="openshift-logging-5-4-1-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
-* https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
-* https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
-* https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
-* https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
-* https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
-* https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
-* https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
-* https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
-* https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
-* https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
-* https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
-====
-
-
-[id="cluster-logging-release-notes-5-4-0_{context}"]
-== Logging 5.4
-The following advisories are available for logging 5.4:
-link:https://access.redhat.com/errata/RHSA-2022:1461[{logging-title-uc} Release 5.4]
-
-[id="openshift-logging-5-4-0-tech-prev_{context}"]
-=== Technology Previews
-
-include::modules/cluster-logging-vector-tech-preview.adoc[leveloffset=+2]
-include::modules/cluster-logging-loki-tech-preview.adoc[leveloffset=+2]
-
-[id="openshift-logging-5-4-0-bug-fixes_{context}"]
-=== Bug fixes
-
-*	Before this update, the `cluster-logging-operator` used cluster scoped roles and bindings to establish permissions for the Prometheus service account to scrape metrics. These permissions were created when deploying the Operator using the console interface but were missing when deploying from the command line. This update fixes the issue by making the roles and bindings namespace-scoped. (link:https://issues.redhat.com/browse/LOG-2286[LOG-2286])
-
-* Before this update, a prior change to fix dashboard reconciliation introduced a `ownerReferences` field to the resource across namespaces. As a result, both the config map and dashboard were not created in the namespace. With this update, the removal of the `ownerReferences` field resolves the issue, and the OpenShift Logging dashboard is available in the console. (link:https://issues.redhat.com/browse/LOG-2163[LOG-2163])
-
-* Before this update, changes to the metrics dashboards did not deploy because the `cluster-logging-operator` did not correctly compare existing and modified config maps that contain the dashboard. With this update, the addition of a unique hash value to object labels resolves the issue.	(link:https://issues.redhat.com/browse/LOG-2071[LOG-2071])
-
-*	Before this update, the OpenShift Logging dashboard did not correctly display the pods and namespaces in the table, which displays the top producing containers collected over the last 24 hours. With this update, the pods and namespaces are displayed correctly.	(link:https://issues.redhat.com/browse/LOG-2069[LOG-2069])
-
-*	Before this update, when the `ClusterLogForwarder` was set up with `Elasticsearch OutputDefault` and Elasticsearch outputs did not have structured keys, the generated configuration contained the incorrect values for authentication. This update corrects the secret and certificates used.	(link:https://issues.redhat.com/browse/LOG-2056[LOG-2056])
-
-*	Before this update, the OpenShift Logging dashboard displayed an empty CPU graph because of a reference to an invalid metric. With this update, the correct data point has been selected, resolving the issue.	(link:https://issues.redhat.com/browse/LOG-2026[LOG-2026])
-
-*	Before this update, the Fluentd container image included builder tools that were unnecessary at run time. This update removes those tools from the image.(link:https://issues.redhat.com/browse/LOG-1927[LOG-1927])
-
-*	Before this update, a name change of the deployed collector in the 5.3 release caused the logging collector to generate the `FluentdNodeDown` alert. This update resolves the issue by fixing the job name for the Prometheus alert. (link:https://issues.redhat.com/browse/LOG-1918[LOG-1918])
-
-*	Before this update, the log collector was collecting its own logs due to a refactoring of the component name change. This lead to a potential feedback loop of the collector processing its own log that might result in memory and log message size issues. This update resolves the issue by excluding the collector logs from the collection. (link:https://issues.redhat.com/browse/LOG-1774[LOG-1774])
-
-* Before this update, Elasticsearch generated the error `Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota.` if the PVC already existed. With this update, Elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2131[LOG-2131])
-
-* Before this update, Elasticsearch was unable to return to the ready state when the `elasticsearch-signing` secret was removed. With this update, Elasticsearch is able to go back to the ready state after that secret is removed. (link:https://issues.redhat.com/browse/LOG-2171[LOG-2171])
-
-* Before this update, the change of the path from which the collector reads container logs caused the collector to forward some records to the wrong indices. With this update, the collector now uses the correct configuration to resolve the issue. (link:https://issues.redhat.com/browse/LOG-2160[LOG-2160])
-
-* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1899[LOG-1899])
-
-* Before this update, the *{product-title} Logging* dashboard showed the number of shards 'x' times larger than the actual value when Elasticsearch had 'x' nodes. This issue occurred because it was printing all primary shards for each Elasticsearch pod and calculating a sum on it, although the output was always for the whole Elasticsearch cluster. With this update, the number of shards is now correctly calculated. (link:https://issues.redhat.com/browse/LOG-2156[LOG-2156])
-
-* Before this update, the secrets `kibana` and `kibana-proxy` were not recreated if they were deleted manually. With this update, the `elasticsearch-operator` will watch the resources and automatically recreate them if deleted.	(link:https://issues.redhat.com/browse/LOG-2250[LOG-2250])
-
-* Before this update, tuning the buffer chunk size could cause the collector to generate a warning about the chunk size exceeding the byte limit for the event stream. With this update, you can also tune the read line limit, resolving the issue.	(link:https://issues.redhat.com/browse/LOG-2379[LOG-2379])
-
-* Before this update, the logging console link in OpenShift web console was not removed with the ClusterLogging CR. With this update, deleting the CR or uninstalling the Cluster Logging Operator removes the link. (link:https://issues.redhat.com/browse/LOG-2373[LOG-2373])
-
-* Before this update, a change to the container logs path caused the collection metric to always be zero with older releases configured with the original path. With this update, the plugin which exposes metrics about collected logs supports reading from either path to resolve the issue. (link:https://issues.redhat.com/browse/LOG-2462[LOG-2462])
-
-=== CVEs
-[id="openshift-logging-5-4-0-CVEs_{context}"]
-* link:https://access.redhat.com/security/cve/CVE-2022-0759[CVE-2022-0759]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2058404[BZ-2058404]
-* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2045880[BZ-2045880]
-
-include::modules/cluster-logging-rn-5.3.14.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.3.13.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.3.12.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.3.11.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.3.10.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.3.9.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.3.8.adoc[leveloffset=+1]
-
-[id="cluster-logging-release-notes-5-3-7_{context}"]
-== OpenShift Logging 5.3.7
-This release includes link:https://access.redhat.com/errata/RHSA-2022:2217[RHSA-2022:2217 OpenShift Logging Bug Fix Release 5.3.7]
-
-[id="openshift-logging-5-3-7-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, Linux audit log time parsing relied on an ordinal position of key/value pair. This update changes the parsing to utilize a regex to find the time entry. (https://issues.redhat.com/browse/LOG-2322[LOG-2322])
-
-* Before this update, some log forwarder outputs could re-order logs with the same time-stamp. With this update, a sequence number has been added to the log record to order entries that have matching timestamps. (https://issues.redhat.com/browse/LOG-2334[LOG-2334])
-
-* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (https://issues.redhat.com/browse/LOG-2450[LOG-2450])
-
-* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2481[LOG-2481)])
-
-=== CVEs
-[id="openshift-logging-5-3-7-CVEs_{context}"]
-.Click to expand CVEs
-[%collapsible]
-====
-* https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
-* https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
-* https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
-* https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
-* https://access.redhat.com/security/cve/CVE-2022-0759[CVE-2022-0759]
-* https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
-* https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
-* https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
-* https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
-* https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
-* https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
-* https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
-* https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
-====
-
-[id="cluster-logging-release-notes-5-3-6_{context}"]
-== OpenShift Logging 5.3.6
-This release includes link:https://access.redhat.com/errata/RHBA-2022:1377[RHBA-2022:1377 OpenShift Logging Bug Fix Release 5.3.6]
-
-[id="openshift-logging-5-3-6-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, defining a toleration with no key and the existing Operator caused the Operator to be unable to complete an upgrade. With this update, this toleration no longer blocks the upgrade from completing. (link:https://issues.redhat.com/browse/LOG-2126[LOG-2126])
-
-* Before this change, it was possible for the collector to generate a warning where the chunk byte limit was exceeding an emitted event. With this change, you can tune the readline limit to resolve the issue as advised by the upstream documentation. (link:https://issues.redhat.com/browse/LOG-2380[LOG-2380])
-
-[id="cluster-logging-release-notes-5-3-5_{context}"]
-== OpenShift Logging 5.3.5
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0721[RHSA-2022:0721 OpenShift Logging Bug Fix Release 5.3.5]
-
-[id="openshift-logging-5-3-5-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, if you removed OpenShift Logging from {product-title}, the web console continued displaying a link to the *Logging* page. With this update, removing or uninstalling OpenShift Logging also removes that link. (link:https://issues.redhat.com/browse/LOG-2182[LOG-2182])
-
-=== CVEs
-[id="openshift-logging-5-3-5-CVEs_{context}"]
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28491[CVE-2020-28491]
-* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
-* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
-* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
-* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
-* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
-* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
-* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
-* link:https://access.redhat.com/security/cve/CVE-2022-0552[CVE-2022-0552]
-====
-
-[id="cluster-logging-release-notes-5-3-4_{context}"]
-== OpenShift Logging 5.3.4
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/RHBA-2022:0411[RHBA-2022:0411 OpenShift Logging Bug Fix Release 5.3.4]
-
-[id="openshift-logging-5-3-4-bug-fixes_{context}"]
-=== Bug fixes
-*  Before this update, changes to the metrics dashboards had not yet been deployed because the `cluster-logging-operator` did not correctly compare existing and desired config maps that contained the dashboard.  This update fixes the logic by adding a unique hash value to the object labels. (link:https://issues.redhat.com/browse/LOG-2066[LOG-2066])
-
-* Before this update, Elasticsearch pods failed to start after updating with FIPS enabled. With this update, Elasticsearch pods start successfully. (link:https://issues.redhat.com/browse/LOG-1974[LOG-1974])
-
-* Before this update, elasticsearch generated the error "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." if the PVC already existed. With this update, elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2127[LOG-2127])
-
-=== CVEs
-[id="openshift-logging-5-3-4-CVEs_{context}"]
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
-* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
-* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
-* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
-* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
-* link:https://access.redhat.com/security/cve/CVE-2021-4155[CVE-2021-4155]
-* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
-* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
-* link:https://access.redhat.com/security/cve/CVE-2022-0185[CVE-2022-0185]
-* link:https://access.redhat.com/security/cve/CVE-2022-21248[CVE-2022-21248]
-* link:https://access.redhat.com/security/cve/CVE-2022-21277[CVE-2022-21277]
-* link:https://access.redhat.com/security/cve/CVE-2022-21282[CVE-2022-21282]
-* link:https://access.redhat.com/security/cve/CVE-2022-21283[CVE-2022-21283]
-* link:https://access.redhat.com/security/cve/CVE-2022-21291[CVE-2022-21291]
-* link:https://access.redhat.com/security/cve/CVE-2022-21293[CVE-2022-21293]
-* link:https://access.redhat.com/security/cve/CVE-2022-21294[CVE-2022-21294]
-* link:https://access.redhat.com/security/cve/CVE-2022-21296[CVE-2022-21296]
-* link:https://access.redhat.com/security/cve/CVE-2022-21299[CVE-2022-21299]
-* link:https://access.redhat.com/security/cve/CVE-2022-21305[CVE-2022-21305]
-* link:https://access.redhat.com/security/cve/CVE-2022-21340[CVE-2022-21340]
-* link:https://access.redhat.com/security/cve/CVE-2022-21341[CVE-2022-21341]
-* link:https://access.redhat.com/security/cve/CVE-2022-21360[CVE-2022-21360]
-* link:https://access.redhat.com/security/cve/CVE-2022-21365[CVE-2022-21365]
-* link:https://access.redhat.com/security/cve/CVE-2022-21366[CVE-2022-21366]
-====
-
-[id="cluster-logging-release-notes-5-3-3_{context}"]
-== OpenShift Logging 5.3.3
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0227[RHSA-2022:0227 OpenShift Logging Bug Fix Release 5.3.3]
-
-[id="openshift-logging-5-3-3-bug-fixes"]
-=== Bug fixes
-* Before this update, changes to the metrics dashboards had not yet been deployed because the cluster-logging-operator did not correctly compare existing and desired configmaps containing the dashboard. This update fixes the logic by adding a dashboard unique hash value to the object labels.(link:https://issues.redhat.com/browse/LOG-2066[LOG-2066])
-
-* This update changes the log4j dependency to 2.17.1 to resolve link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832].(link:https://issues.redhat.com/browse/LOG-2102[LOG-2102])
-
-=== CVEs
-[id="openshift-logging-5-3-3-CVEs_{context}"]
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-27292[CVE-2021-27292]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1940613[BZ-1940613]
-* link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2035951[BZ-2035951]
-====
-
-[id="cluster-logging-release-notes-5-3-2_{context}"]
-== OpenShift Logging 5.3.2
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0044[RHSA-2022:0044 OpenShift Logging Bug Fix Release 5.3.2]
-
-[id="openshift-logging-5-3-2-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, Elasticsearch rejected logs from the Event Router due to a parsing error. This update changes the data model to resolve the parsing error. However, as a result, previous indices might cause warnings or errors within Kibana. The `kubernetes.event.metadata.resourceVersion` field causes errors until existing indices are removed or reindexed. If this field is not used in Kibana, you can ignore the error messages. If you have a retention policy that deletes old indices, the policy eventually removes the old indices and stops the error messages. Otherwise, manually reindex to stop the error messages. (link:https://issues.redhat.com/browse/LOG-2087[LOG-2087])
-
-* Before this update, the OpenShift Logging Dashboard displayed the wrong pod namespace in the table that displays top producing and collected containers over the last 24 hours. With this update, the OpenShift Logging Dashboard displays the correct pod namespace. (link:https://issues.redhat.com/browse/LOG-2051[LOG-2051])
-
-* Before this update, if `outputDefaults.elasticsearch.structuredTypeKey` in the `ClusterLogForwarder` custom resource (CR) instance did not have a structured key, the CR replaced the output secret with the default secret used to communicate to the default log store. With this update, the defined output secret is correctly used. (link:https://issues.redhat.com/browse/LOG-2046[LOG-2046])
-
-[id="openshift-logging-5-3-2-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* https://access.redhat.com/security/cve/CVE-2020-36327[CVE-2020-36327]
-** https://bugzilla.redhat.com/show_bug.cgi?id=1958999[BZ-1958999]
-* https://access.redhat.com/security/cve/CVE-2021-45105[CVE-2021-45105]
-** https://bugzilla.redhat.com/show_bug.cgi?id=2034067[BZ-2034067]
-* https://access.redhat.com/security/cve/CVE-2021-3712[CVE-2021-3712]
-* https://access.redhat.com/security/cve/CVE-2021-20321[CVE-2021-20321]
-* https://access.redhat.com/security/cve/CVE-2021-42574[CVE-2021-42574]
-====
-
-[id="cluster-logging-release-notes-5-3-1_{context}"]
-== OpenShift Logging 5.3.1
-This release includes link:https://access.redhat.com/errata/RHSA-2021:5129[RHSA-2021:5129 OpenShift Logging Bug Fix Release 5.3.1]
-
-[id="openshift-logging-5-3-1-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, the Fluentd container image included builder tools that were unnecessary at run time. This update removes those tools from the image. (link:https://issues.redhat.com/browse/LOG-1998[LOG-1998])
-
-* Before this update, the Logging dashboard displayed an empty CPU graph because of a reference to an invalid metric. With this update, the Logging dashboard displays CPU graphs correctly. (link:https://issues.redhat.com/browse/LOG-1925[LOG-1925])
-
-* Before this update, the Elasticsearch Prometheus exporter plugin compiled index-level metrics using a high-cost query that impacted the Elasticsearch node performance. This update implements a lower-cost query that improves performance. (link:https://issues.redhat.com/browse/LOG-1897[LOG-1897])
-
-
-[id="openshift-logging-5-3-1-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2021-21409.html[CVE-2021-21409]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1944888[BZ-1944888]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37136.html[CVE-2021-37136]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2004133[BZ-2004133]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37137.html[CVE-2021-37137]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2004135[BZ-2004135]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-44228.html[CVE-2021-44228]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2030932[BZ-2030932]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3712.html[CVE-2021-3712]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20317.html[CVE-2021-20317]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43267.html[CVE-2021-43267]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43527.html[CVE-2021-43527]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-45046.html[CVE-2021-45046]
-====
-
-
-[id="cluster-logging-release-notes-5-3-0_{context}"]
-== OpenShift Logging 5.3.0
-This release includes link:https://access.redhat.com/errata/RHSA-2021:4627[RHSA-2021:4627 OpenShift Logging Bug Fix Release 5.3.0]
-
-[id="openshift-logging-5-3-0-new-features-and-enhancements_{context}"]
-=== New features and enhancements
-* With this update, authorization options for Log Forwarding have been expanded. Outputs may now be configured with SASL, username/password, or TLS.
-
-[id="openshift-logging-5-3-0-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, if you forwarded logs using the syslog protocol, serializing a ruby hash encoded key/value pairs to contain a '=>' character and replaced tabs with "#11". This update fixes the issue so that log messages are correctly serialized as valid JSON. (link:https://issues.redhat.com/browse/LOG-1494[LOG-1494])
-
-* Before this update, application logs were not correctly configured to forward to the proper Cloudwatch stream with multi-line error detection enabled. (link:https://issues.redhat.com/browse/LOG-1939[LOG-1939])
-
-* Before this update, a name change of the deployed collector in the 5.3 release caused the alert 'fluentnodedown' to generate. (link:https://issues.redhat.com/browse/LOG-1918[LOG-1918])
-
-* Before this update, a regression introduced in a prior release configuration caused the collector to flush its buffered messages before shutdown, creating a delay the termination and restart of collector Pods. With this update, fluentd no longer flushes buffers at shutdown, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1735[LOG-1735])
-
-* Before this update, a regression introduced in a prior release intentionally disabled JSON message parsing. This update re-enables JSON parsing. It also sets the log entry "level" based on the "level" field in parsed JSON message or by using regex to extract a match from a message field. (link:https://issues.redhat.com/browse/LOG-1199[LOG-1199])
-
-* Before this update, the `ClusterLogging` custom resource (CR) applied the value of the `totalLimitSize` field to the Fluentd `total_limit_size` field, even if the required buffer space was not available. With this update, the CR applies the lesser of the two `totalLimitSize` or 'default' values to the Fluentd `total_limit_size` field, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1776[LOG-1776])
-
-[id="openshift-logging-5-3-0-known-issues_{context}"]
-=== Known issues
-* If you forward logs to an external Elasticsearch server and then change a configured value in the pipeline secret, such as the username and password, the Fluentd forwarder loads the new secret but uses the old value to connect to an external Elasticsearch server. This issue happens because the Red Hat OpenShift Logging Operator does not currently monitor secrets for content changes. (link:https://issues.redhat.com/browse/LOG-1652[LOG-1652])
-+
-As a workaround, if you change the secret, you can force the Fluentd pods to redeploy by entering:
-+
-[source,terminal]
-----
-$ oc delete pod -l component=collector
-----
-
-[id="openshift-logging-5-3-0-deprecated-removed-features_{context}"]
-=== Deprecated and removed features
-Some features available in previous releases have been deprecated or removed.
-
-Deprecated functionality is still included in OpenShift Logging and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
-
-[id="openshift-logging-5-3-0-legacy-forwarding_{context}"]
-==== Forwarding logs using the legacy Fluentd and legacy syslog methods have been removed
-
-In OpenShift Logging 5.3, the legacy methods of forwarding logs to Syslog and Fluentd are removed. Bug fixes and support are provided through the end of the OpenShift Logging 5.2 life cycle. After which, no new feature enhancements are made.
-
-Instead, use the following non-legacy methods:
-
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-syslog_cluster-logging-external[Forwarding logs using the syslog protocol]
-
-[id="openshift-logging-5-3-0-legacy-forwarding-config_{context}"]
-==== Configuration mechanisms for legacy forwarding methods have been removed
-
-In OpenShift Logging 5.3, the legacy configuration mechanism for log forwarding is removed: You cannot forward logs using the legacy Fluentd method and legacy Syslog method. Use the standard log forwarding methods instead.
-
-[id="openshift-logging-5-3-0-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2018-20673.html[CVE-2018-20673]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-14615.html[CVE-2019-14615]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-0427.html[CVE-2020-0427]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-10001.html[CVE-2020-10001]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24502.html[CVE-2020-24502]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24503.html[CVE-2020-24503]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24504.html[CVE-2020-24504]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24586.html[CVE-2020-24586]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24587.html[CVE-2020-24587]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24588.html[CVE-2020-24588]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26139.html[CVE-2020-26139]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26140.html[CVE-2020-26140]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26141.html[CVE-2020-26141]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26143.html[CVE-2020-26143]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26144.html[CVE-2020-26144]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26145.html[CVE-2020-26145]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26146.html[CVE-2020-26146]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-26147.html[CVE-2020-26147]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-27777.html[CVE-2020-27777]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-29368.html[CVE-2020-29368]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-29660.html[CVE-2020-29660]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35448.html[CVE-2020-35448]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36158.html[CVE-2020-36158]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36312.html[CVE-2020-36312]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36386.html[CVE-2020-36386]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-0129.html[CVE-2021-0129]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3348.html[CVE-2021-3348]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3487.html[CVE-2021-3487]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3489.html[CVE-2021-3489]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3564.html[CVE-2021-3564]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3573.html[CVE-2021-3573]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3600.html[CVE-2021-3600]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3635.html[CVE-2021-3635]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3659.html[CVE-2021-3659]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3679.html[CVE-2021-3679]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3732.html[CVE-2021-3732]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3778.html[CVE-2021-3778]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3796.html[CVE-2021-3796]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20194.html[CVE-2021-20194]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20197.html[CVE-2021-20197]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20239.html[CVE-2021-20239]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20284.html[CVE-2021-20284]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-23133.html[CVE-2021-23133]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-23840.html[CVE-2021-23840]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-23841.html[CVE-2021-23841]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28950.html[CVE-2021-28950]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28971.html[CVE-2021-28971]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-29155.html[CVE-2021-29155]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-29646.htm[lCVE-2021-29646]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-29650.html[CVE-2021-29650]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31440.html[CVE-2021-31440]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31829.html[CVE-2021-31829]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31916.html[CVE-2021-31916]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33033.html[CVE-2021-33033]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33194.html[CVE-2021-33194]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33200.html[CVE-2021-33200]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
-====
-
-include::modules/cluster-logging-rn-5.2.13.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.2.12.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-rn-5.2.11.adoc[leveloffset=+1]
-
-[id="cluster-logging-release-notes-5-2-10_{context}"]
-== OpenShift Logging 5.2.10
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/[ OpenShift Logging Bug Fix Release 5.2.10]]
-
-[id="openshift-logging-5-2-10-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update some log forwarder outputs could re-order logs with the same time-stamp. With this update, a sequence number has been added to the log record to order entries that have matching timestamps.(https://issues.redhat.com/browse/LOG-2335[LOG-2335])
-
-* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (https://issues.redhat.com/browse/LOG-2475[LOG-2475])
-
-* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2480[LOG-2480])
-
-* Before this update, the `cluster-logging-operator` utilized cluster scoped roles and bindings to establish permissions for the Prometheus service account to scrape metrics. These permissions were only created when deploying the Operator using the console interface and were missing when the Operator was deployed from the command line. This fixes the issue by making this role and binding namespace scoped. (https://issues.redhat.com/browse/LOG-1972[LOG-1972])
-
-[id="openshift-logging-5-2-10-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* link:https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
-* link:https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
-* link:https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
-* link:https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
-* link:https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
-* link:https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
-* link:https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
-* link:https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
-* link:https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
-* link:https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
-* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* link:https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
-====
-
-[id="cluster-logging-release-notes-5-2-9_{context}"]
-== OpenShift Logging 5.2.9
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/RHBA-2022:1375[RHBA-2022:1375 OpenShift Logging Bug Fix Release 5.2.9]]
-
-[id="openshift-logging-5-2-9-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, defining a toleration with no key and the existing Operator caused the Operator to be unable to complete an upgrade. With this update, this toleration no longer blocks the upgrade from completing. (link:https://issues.redhat.com/browse/LOG-2304[LOG-2304])
-
-[id="cluster-logging-release-notes-5-2-8_{context}"]
-== OpenShift Logging 5.2.8
-
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0728[RHSA-2022:0728 OpenShift Logging Bug Fix Release 5.2.8]
-
-[id="openshift-logging-5-2-8-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, if you removed OpenShift Logging from {product-title}, the web console continued displaying a link to the *Logging* page. With this update, removing or uninstalling OpenShift Logging also removes that link. (link:https://issues.redhat.com/browse/LOG-2180[LOG-2180])
-
-[id="openshift-logging-5-2-8-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28491[CVE-2020-28491]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1930423[BZ-1930423]
-* link:https://access.redhat.com/security/cve/CVE-2022-0552[CVE-2022-0552]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2052539[BG-2052539]
-====
-
-[id="cluster-logging-release-notes-5-2-7_{context}"]
-== OpenShift Logging 5.2.7
-
-This release includes link:https://access.redhat.com/errata/RHBA-2022:0478[RHBA-2022:0478 OpenShift Logging Bug Fix Release 5.2.7]
-
-[id="openshift-logging-5-2-7-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, Elasticsearch pods with FIPS enabled failed to start after updating. With this update, Elasticsearch pods start successfully. (link:https://issues.redhat.com/browse/LOG-2000[LOG-2000])
-
-* Before this update, if a persistent volume claim (PVC) already existed, Elasticsearch generated an error, "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." With this update, Elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2118[LOG-2118])
-
-[id="openshift-logging-5-2-7-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
-* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
-* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
-* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
-* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
-* link:https://access.redhat.com/security/cve/CVE-2021-4155[CVE-2021-4155]
-* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
-* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
-* link:https://access.redhat.com/security/cve/CVE-2022-0185[CVE-2022-0185]
-====
-
-[id="cluster-logging-release-notes-5-2-6_{context}"]
-== OpenShift Logging 5.2.6
-
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0230[RHSA-2022:0230 OpenShift Logging Bug Fix Release 5.2.6]
-
-[id="openshift-logging-5-2-6-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, the release did not include a filter change which caused Fluentd to crash. With this update, the missing filter has been corrected. (link:https://issues.redhat.com/browse/LOG-2104[LOG-2104])
-
-* This update changes the log4j dependency to 2.17.1 to resolve link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832].(link:https://issues.redhat.com/browse/LOG-2101[LOG-2101])
-
-[id="openshift-logging-5-2-6-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-27292[CVE-2021-27292]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1940613[BZ-1940613]
-* link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2035951[BZ-2035951]
-====
-
-[id="cluster-logging-release-notes-5-2-5_{context}"]
-== OpenShift Logging 5.2.5
-
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0043[RHSA-2022:0043 OpenShift Logging Bug Fix Release 5.2.5]
-
-[id="openshift-logging-5-2-5-bug-fixes_{context}"]
-=== Bug fixes
-* Before this update, Elasticsearch rejected logs from the Event Router due to a parsing error. This update changes the data model to resolve the parsing error. However, as a result, previous indices might cause warnings or errors within Kibana. The `kubernetes.event.metadata.resourceVersion` field causes errors until existing indices are removed or reindexed. If this field is not used in Kibana, you can ignore the error messages. If you have a retention policy that deletes old indices, the policy eventually removes the old indices and stops the error messages. Otherwise, manually reindex to stop the error messages. link:https://issues.redhat.com/browse/LOG-2087[LOG-2087])
-
-
-[id="openshift-logging-5-2-5-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-3712[CVE-2021-3712]
-* link:https://access.redhat.com/security/cve/CVE-2021-20321[CVE-2021-20321]
-* link:https://access.redhat.com/security/cve/CVE-2021-42574[CVE-2021-42574]
-* link:https://access.redhat.com/security/cve/CVE-2021-45105[CVE-2021-45105]
-====
-
-[id="cluster-logging-release-notes-5-2-4_{context}"]
-== OpenShift Logging 5.2.4
-
-This release includes link:https://access.redhat.com/errata/RHSA-2021:5127[RHSA-2021:5127 OpenShift Logging Bug Fix Release 5.2.4]
-
-[id="openshift-logging-5-2-4-bug-fixes_{context}"]
-=== Bug fixes
-
-* Before this update, records shipped via syslog would serialize a ruby hash encoding key/value pairs to contain a '=>' character, as well as replace tabs with "#11".  This update serializes the message correctly as proper JSON. (link:https://issues.redhat.com/browse/LOG-1775[LOG-1775])
-
-* Before this update, the Elasticsearch Prometheus exporter plugin compiled index-level metrics using a high-cost query that impacted the Elasticsearch node performance. This update implements a lower-cost query that improves performance. (link:https://issues.redhat.com/browse/LOG-1970[LOG-1970])
-
-* Before this update, Elasticsearch sometimes rejected messages when Log Forwarding was configured with multiple outputs. This happened because configuring one of the outputs modified message content to be a single message. With this update, Log Forwarding duplicates the messages for each output so that output-specific processing does not affect the other outputs. (link:https://issues.redhat.com/browse/LOG-1824[LOG-1824])
-
-
-[id="openshift-logging-5-2-4-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3712.html[CVE-2021-3712]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20317.html[CVE-2021-20317]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-21409.html[CVE-2021-21409]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37136.html[CVE-2021-37136]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37137.html[CVE-2021-37137]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43267.html[CVE-2021-43267]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43527.html[CVE-2021-43527]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-44228.html[CVE-2021-44228]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-45046.html[CVE-2021-45046]
-====
-
-[id="cluster-logging-release-notes-5-2-3_{context}"]
-== OpenShift Logging 5.2.3
-
-This release includes link:https://access.redhat.com/errata/RHSA-2021:4032[RHSA-2021:4032 OpenShift Logging Bug Fix Release 5.2.3]
-
-[id="openshift-logging-5-2-3-bug-fixes_{context}"]
-=== Bug fixes
-
-* Before this update, some alerts did not include a namespace label. This omission does not comply with the OpenShift Monitoring Team's guidelines for writing alerting rules in {product-title}. With this update, all the alerts in Elasticsearch Operator include a namespace label and follow all the guidelines for writing alerting rules in {product-title}. (link:https://issues.redhat.com/browse/LOG-1857[LOG-1857])
-
-* Before this update, a regression introduced in a prior release intentionally disabled JSON message parsing. This update re-enables JSON parsing. It also sets the log entry `level` based on the `level` field in parsed JSON message or by using regex to extract a match from a message field. (link:https://issues.redhat.com/browse/LOG-1759[LOG-1759])
-
-[id="openshift-logging-5-2-3-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-23369[CVE-2021-23369]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1948761[BZ-1948761]
-* link:https://access.redhat.com/security/cve/CVE-2021-23383[CVE-2021-23383]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1956688[BZ-1956688]
-* link:https://access.redhat.com/security/cve/CVE-2018-20673[CVE-2018-20673]
-* link:https://access.redhat.com/security/cve/CVE-2019-5827[CVE-2019-5827]
-* link:https://access.redhat.com/security/cve/CVE-2019-13750[CVE-2019-13750]
-* link:https://access.redhat.com/security/cve/CVE-2019-13751[CVE-2019-13751]
-* link:https://access.redhat.com/security/cve/CVE-2019-17594[CVE-2019-17594]
-* link:https://access.redhat.com/security/cve/CVE-2019-17595[CVE-2019-17595]
-* link:https://access.redhat.com/security/cve/CVE-2019-18218[CVE-2019-18218]
-* link:https://access.redhat.com/security/cve/CVE-2019-19603[CVE-2019-19603]
-* link:https://access.redhat.com/security/cve/CVE-2019-20838[CVE-2019-20838]
-* link:https://access.redhat.com/security/cve/CVE-2020-12762[CVE-2020-12762]
-* link:https://access.redhat.com/security/cve/CVE-2020-13435[CVE-2020-13435]
-* link:https://access.redhat.com/security/cve/CVE-2020-14155[CVE-2020-14155]
-* link:https://access.redhat.com/security/cve/CVE-2020-16135[CVE-2020-16135]
-* link:https://access.redhat.com/security/cve/CVE-2020-24370[CVE-2020-24370]
-* link:https://access.redhat.com/security/cve/CVE-2021-3200[CVE-2021-3200]
-* link:https://access.redhat.com/security/cve/CVE-2021-3426[CVE-2021-3426]
-* link:https://access.redhat.com/security/cve/CVE-2021-3445[CVE-2021-3445]
-* link:https://access.redhat.com/security/cve/CVE-2021-3572[CVE-2021-3572]
-* link:https://access.redhat.com/security/cve/CVE-2021-3580[CVE-2021-3580]
-* link:https://access.redhat.com/security/cve/CVE-2021-3778[CVE-2021-3778]
-* link:https://access.redhat.com/security/cve/CVE-2021-3796[CVE-2021-3796]
-* link:https://access.redhat.com/security/cve/CVE-2021-3800[CVE-2021-3800]
-* link:https://access.redhat.com/security/cve/CVE-2021-20231[CVE-2021-20231]
-* link:https://access.redhat.com/security/cve/CVE-2021-20232[CVE-2021-20232]
-* link:https://access.redhat.com/security/cve/CVE-2021-20266[CVE-2021-20266]
-* link:https://access.redhat.com/security/cve/CVE-2021-22876[CVE-2021-22876]
-* link:https://access.redhat.com/security/cve/CVE-2021-22898[CVE-2021-22898]
-* link:https://access.redhat.com/security/cve/CVE-2021-22925[CVE-2021-22925]
-* link:https://access.redhat.com/security/cve/CVE-2021-23840[CVE-2021-23840]
-* link:https://access.redhat.com/security/cve/CVE-2021-23841[CVE-2021-23841]
-* link:https://access.redhat.com/security/cve/CVE-2021-27645[CVE-2021-27645]
-* link:https://access.redhat.com/security/cve/CVE-2021-28153[CVE-2021-28153]
-* link:https://access.redhat.com/security/cve/CVE-2021-33560[CVE-2021-33560]
-* link:https://access.redhat.com/security/cve/CVE-2021-33574[CVE-2021-33574]
-* link:https://access.redhat.com/security/cve/CVE-2021-35942[CVE-2021-35942]
-* link:https://access.redhat.com/security/cve/CVE-2021-36084[CVE-2021-36084]
-* link:https://access.redhat.com/security/cve/CVE-2021-36085[CVE-2021-36085]
-* link:https://access.redhat.com/security/cve/CVE-2021-36086[CVE-2021-36086]
-* link:https://access.redhat.com/security/cve/CVE-2021-36087[CVE-2021-36087]
-====
-
-[id="cluster-logging-release-notes-5-2-2_{context}"]
-== OpenShift Logging 5.2.2
-
-This release includes link:https://access.redhat.com/errata/RHBA-2021:3747[RHBA-2021:3747 OpenShift Logging Bug Fix Release 5.2.2]
-
-[id="openshift-logging-5-2-2-bug-fixes_{context}"]
-=== Bug fixes
-
-* Before this update, the `ClusterLogging` custom resource (CR) applied the value of the `totalLimitSize` field to the Fluentd `total_limit_size` field, even if the required buffer space was not available. With this update, the CR applies the lesser of the two `totalLimitSize` or 'default' values to the Fluentd `total_limit_size` field, resolving the issue.(link:https://issues.redhat.com/browse/LOG-1738[LOG-1738])
-
-* Before this update, a regression introduced in a prior release configuration caused the collector to flush its buffered messages before shutdown, creating a delay to the termination and restart of collector pods. With this update, Fluentd no longer flushes buffers at shutdown, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1739[LOG-1739])
-
-* Before this update, an issue in the bundle manifests prevented installation of the Elasticsearch Operator through OLM on {product-title} 4.9. With this update, a correction to bundle manifests re-enables installation and upgrade in 4.9.(link:https://issues.redhat.com/browse/LOG-1780[LOG-1780])
-
-[id="openshift-logging-5-2-2-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2020-25648.html[CVE-2020-25648]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22922.html[CVE-2021-22922]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22923.html[CVE-2021-22923]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22924.html[CVE-2021-22924]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36222.html[CVE-2021-36222]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37576.html[CVE-2021-37576]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37750.html[CVE-2021-37750]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-38201.html[CVE-2021-38201]
-====
-
-[id="cluster-logging-release-notes-5-2-1_{context}"]
-== OpenShift Logging 5.2.1
-
-This release includes link:https://access.redhat.com/errata/RHBA-2021:3550[RHBA-2021:3550 OpenShift Logging Bug Fix Release 5.2.1]
-
-[id="openshift-logging-5-2-1-bug-fixes_{context}"]
-=== Bug fixes
-
-* Before this update, due to an issue in the release pipeline scripts, the value of the `olm.skipRange` field remained unchanged at `5.2.0` instead of reflecting the current release number. This update fixes the pipeline scripts to update the value of this field when the release numbers change. (link:https://issues.redhat.com/browse/LOG-1743[LOG-1743])
-
-[id="openshift-logging-5-2-1-CVEs_{context}"]
-=== CVEs
-
-(None)
-
-
-[id="cluster-logging-release-notes-5-2-0_{context}"]
-== OpenShift Logging 5.2.0
-
-This release includes link:https://access.redhat.com/errata/RHBA-2021:3393[RHBA-2021:3393 OpenShift Logging Bug Fix Release 5.2.0]
-
-[id="openshift-logging-5-2-0-new-features-and-enhancements_{context}"]
-=== New features and enhancements
-
-* With this update, you can forward log data to Amazon CloudWatch, which provides application and infrastructure monitoring. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-cloudwatch_cluster-logging-external[Forwarding logs to Amazon CloudWatch]. (link:https://issues.redhat.com/browse/LOG-1173[LOG-1173])
-
-* With this update, you can forward log data to Loki, a horizontally scalable, highly available, multi-tenant log aggregation system. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-loki_cluster-logging-external[Forwarding logs to Loki]. (link:https://issues.redhat.com/browse/LOG-684[LOG-684])
-
-* With this update, if you use the Fluentd forward protocol to forward log data over a TLS-encrypted connection, now you can use a password-encrypted private key file and specify the passphrase in the Cluster Log Forwarder configuration. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]. (link:https://issues.redhat.com/browse/LOG-1525[LOG-1525])
-
-* This enhancement enables you to use a username and password to authenticate a log forwarding connection to an external Elasticsearch instance. For example, if you cannot use mutual TLS (mTLS) because a third-party operates the Elasticsearch instance, you can use HTTP or HTTPS and set a secret that contains the username and password. For more information, see xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-es_cluster-logging-external[Forwarding logs to an external Elasticsearch instance]. (link:https://issues.redhat.com/browse/LOG-1022[LOG-1022])
-
-* With this update, you can collect OVN network policy audit logs for forwarding to a logging server. (link:https://issues.redhat.com/browse/LOG-1526[LOG-1526])
-
-* By default, the data model introduced in {product-title} 4.5 gave logs from different namespaces a single index in common. This change made it harder to see which namespaces produced the most logs.
-+
-The current release adds namespace metrics to the *Logging* dashboard in the {product-title} console. With these metrics, you can see which namespaces produce logs and how many logs each namespace produces for a given timestamp.
-+
-To see these metrics, open the *Administrator* perspective in the {product-title} web console, and navigate to *Observe* -> *Dashboards* -> *Logging/Elasticsearch*. (link:https://issues.redhat.com/browse/LOG-1680[LOG-1680])
-
-* The current release, OpenShift Logging 5.2, enables two new metrics: For a given timestamp or duration, you can see the total logs produced or logged by individual containers, and the total logs collected by the collector. These metrics are labeled by namespace, pod, and container name so that you can see how many logs each namespace and pod collects and produces. (link:https://issues.redhat.com/browse/LOG-1213[LOG-1213])
-
-[id="openshift-logging-5-2-0-bug-fixes_{context}"]
-=== Bug fixes
-
-* Before this update, when the OpenShift Elasticsearch Operator created index management cronjobs, it added the `POLICY_MAPPING` environment variable twice, which caused the apiserver to report the duplication. This update fixes the issue so that the `POLICY_MAPPING` environment variable is set only once per cronjob, and there is no duplication for the apiserver to report. (link:https://issues.redhat.com/browse/LOG-1130[LOG-1130])
-
-* Before this update, suspending an Elasticsearch cluster to zero nodes did not suspend the index-management cronjobs, which put these cronjobs into maximum backoff. Then, after unsuspending the Elasticsearch cluster, these cronjobs stayed halted due to maximum backoff reached. This update resolves the issue by suspending the cronjobs and the cluster. (link:https://issues.redhat.com/browse/LOG-1268[LOG-1268])
-
-* Before this update, in the *Logging* dashboard in the {product-title} console, the list of top 10 log-producing containers was missing the "chart namespace" label and provided the incorrect metric name, `fluentd_input_status_total_bytes_logged`. With this update, the chart shows the namespace label and the correct metric name, `log_logged_bytes_total`. (link:https://issues.redhat.com/browse/LOG-1271[LOG-1271])
-
-* Before this update, if an index management cronjob terminated with an error, it did not report the error exit code: instead, its job status was "complete." This update resolves the issue by reporting the error exit codes of index management cronjobs that terminate with errors. (link:https://issues.redhat.com/browse/LOG-1273[LOG-1273])
-
-* The `priorityclasses.v1beta1.scheduling.k8s.io` was removed in 1.22 and replaced by `priorityclasses.v1.scheduling.k8s.io` (`v1beta1` was replaced by `v1`). Before this update, `APIRemovedInNextReleaseInUse` alerts were generated for `priorityclasses` because `v1beta1` was still present . This update resolves the issue by replacing `v1beta1` with `v1`. The alert is no longer generated. (link:https://issues.redhat.com/browse/LOG-1385[LOG-1385])
-
-* Previously, the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator did not have the annotation that was required for them to appear in the {product-title} web console list of Operators that can run in a disconnected environment. This update adds the `operators.openshift.io/infrastructure-features: '["Disconnected"]'` annotation to these two Operators so that they appear in the list of Operators that run in disconnected environments. (link:https://issues.redhat.com/browse/LOG-1420[LOG-1420])
-
-* Before this update, Red Hat OpenShift Logging Operator pods were scheduled on CPU cores that were reserved for customer workloads on performance-optimized single-node clusters. With this update, cluster logging Operator pods are scheduled on the correct CPU cores. (link:https://issues.redhat.com/browse/LOG-1440[LOG-1440])
-
-* Before this update, some log entries had unrecognized UTF-8 bytes, which caused Elasticsearch to reject the messages and block the entire buffered payload. With this update, rejected payloads drop the invalid log entries and resubmit the remaining entries to resolve the issue. (link:https://issues.redhat.com/browse/LOG-1499[LOG-1499])
-
-* Before this update, the `kibana-proxy` pod sometimes entered the `CrashLoopBackoff` state and logged the following message `Invalid configuration: cookie_secret must be 16, 24, or 32 bytes to create an AES cipher when pass_access_token == true or cookie_refresh != 0, but is 29 bytes.` The exact actual number of bytes could vary. With this update, the generation of the Kibana session secret has been corrected, and the kibana-proxy pod no longer enters a `CrashLoopBackoff` state due to this error. (link:https://issues.redhat.com/browse/LOG-1446[LOG-1446])
-
-* Before this update, the AWS CloudWatch Fluentd plugin logged its AWS API calls to the Fluentd log at all log levels, consuming additional {product-title} node resources. With this update, the AWS CloudWatch Fluentd plugin logs AWS API calls only at the "debug" and "trace" log levels. This way, at the default "warn" log level, Fluentd does not consume extra node resources. (link:https://issues.redhat.com/browse/LOG-1071[LOG-1071])
-
-* Before this update, the Elasticsearch OpenDistro security plugin caused user index migrations to fail. This update resolves the issue by providing a newer version of the plugin. Now, index migrations proceed without errors. (link:https://issues.redhat.com/browse/LOG-1276[LOG-1276])
-
-* Before this update, in the *Logging* dashboard in the {product-title} console, the list of top 10 log-producing containers lacked data points. This update resolves the issue, and the dashboard displays all data points. (link:https://issues.redhat.com/browse/LOG-1353[LOG-1353])
-
-* Before this update, if you were tuning the performance of the Fluentd log forwarder by adjusting the `chunkLimitSize` and `totalLimitSize` values, the `Setting queued_chunks_limit_size for each buffer to` message reported values that were too low. The current update fixes this issue so that this message reports the correct values. (link:https://issues.redhat.com/browse/LOG-1411[LOG-1411])
-
-* Before this update, the Kibana OpenDistro security plugin caused user index migrations to fail. This update resolves the issue by providing a newer version of the plugin. Now, index migrations proceed without errors. (link:https://issues.redhat.com/browse/LOG-1558[LOG-1558])
-
-* Before this update, using a namespace input filter prevented logs in that namespace from appearing in other inputs. With this update, logs are sent to all inputs that can accept them. (link:https://issues.redhat.com/browse/LOG-1570[LOG-1570])
-
-* Before this update, a missing license file for the `viaq/logerr` dependency caused license scanners to abort without success. With this update, the `viaq/logerr` dependency is licensed under Apache 2.0 and the license scanners run successfully. (link:https://issues.redhat.com/browse/LOG-1590[LOG-1590])
-
-* Before this update, an incorrect brew tag for `curator5` within the `elasticsearch-operator-bundle` build pipeline caused the pull of an image pinned to a dummy SHA1. With this update, the build pipeline uses the `logging-curator5-rhel8` reference for `curator5`, enabling index management cronjobs to pull the correct image from `registry.redhat.io`. (link:https://issues.redhat.com/browse/LOG-1624[LOG-1624])
-
-* Before this update, an issue with the `ServiceAccount` permissions caused errors such as `no permissions for [indices:admin/aliases/get]`. With this update, a permission fix resolves the issue. (link:https://issues.redhat.com/browse/LOG-1657[LOG-1657])
-
-* Before this update, the Custom Resource Definition (CRD) for the Red Hat OpenShift Logging Operator was missing the Loki output type, which caused the admission controller to reject the `ClusterLogForwarder` custom resource object. With this update, the CRD includes Loki as an output type so that administrators can configure `ClusterLogForwarder` to send logs to a Loki server. (link:https://issues.redhat.com/browse/LOG-1683[LOG-1683])
-
-* Before this update, OpenShift Elasticsearch Operator reconciliation of the `ServiceAccounts` overwrote third-party-owned fields that contained secrets. This issue caused memory and CPU spikes due to frequent recreation of secrets. This update resolves the issue. Now, the OpenShift Elasticsearch Operator does not overwrite third-party-owned fields. (link:https://issues.redhat.com/browse/LOG-1714[LOG-1714])
-
-* Before this update, in the `ClusterLogging` custom resource (CR) definition, if you specified a `flush_interval` value but did not set `flush_mode` to `interval`, the Red Hat OpenShift Logging Operator generated a Fluentd configuration. However, the Fluentd collector generated an error at runtime. With this update, the Red Hat OpenShift Logging Operator validates the `ClusterLogging` CR definition and only generates the Fluentd configuration if both fields are specified. (link:https://issues.redhat.com/browse/LOG-1723[LOG-1723])
-
-[id="openshift-logging-5-2-0-known-issues_{context}"]
-=== Known issues
-
-* If you forward logs to an external Elasticsearch server and then change a configured value in the pipeline secret, such as the username and password, the Fluentd forwarder loads the new secret but uses the old value to connect to an external Elasticsearch server. This issue happens because the Red Hat OpenShift Logging Operator does not currently monitor secrets for content changes. (link:https://issues.redhat.com/browse/LOG-1652[LOG-1652])
-+
-As a workaround, if you change the secret, you can force the Fluentd pods to redeploy by entering:
-+
-[source,terminal]
-----
-$ oc delete pod -l component=collector
-----
-
-[id="openshift-logging-5-2-0-deprecated-removed-features_{context}"]
-=== Deprecated and removed features
-
-Some features available in previous releases have been deprecated or removed.
-
-Deprecated functionality is still included in OpenShift Logging and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
-
-[id="openshift-logging-5-2-0-legacy-forwarding_{context}"]
-=== Forwarding logs using the legacy Fluentd and legacy syslog methods have been deprecated
-
-From {product-title} 4.6 to the present, forwarding logs by using the following legacy methods have been deprecated and will be removed in a future release:
-
-* Forwarding logs using the legacy Fluentd method
-* Forwarding logs using the legacy syslog method
-
-Instead, use the following non-legacy methods:
-
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]
-
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-collector-log-forward-syslog_cluster-logging-external[Forwarding logs using the syslog protocol]
-
-[id="openshift-logging-5-2-0-CVEs_{context}"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22922.html[CVE-2021-22922]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22923.html[CVE-2021-22923]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22924.html[CVE-2021-22924]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-32740.html[CVE-2021-32740]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36222.html[CVE-2021-36222]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37750.html[CVE-2021-37750]
-====
diff --git a/logging/cluster-logging-support.adoc b/logging/cluster-logging-support.adoc
new file mode 100644
index 000000000000..dc03238d1d7e
--- /dev/null
+++ b/logging/cluster-logging-support.adoc
@@ -0,0 +1,76 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cluster-logging-support"]
+include::_attributes/common-attributes.adoc[]
+= Support
+:context: cluster-logging-support
+
+toc::[]
+
+include::snippets/logging-supported-config-snip.adoc[]
+include::snippets/logging-compatibility-snip.adoc[]
+
+{logging-uc} {for} is an opinionated collector and normalizer of application, infrastructure, and audit logs. It is intended to be used for forwarding logs to various supported systems.
+
+{logging-uc} is not:
+
+* A high scale log collection system
+* Security Information and Event Monitoring (SIEM) compliant
+* Historical or long term log retention or storage
+* A guaranteed log sink
+* Secure storage - audit logs are not stored by default
+
+[id="cluster-logging-support-CRDs"]
+== Supported API custom resource definitions
+
+LokiStack development is ongoing. Not all APIs are currently supported.
+
+.Loki API support states
+[cols="3",options="header"]
+|===
+|CustomResourceDefinition (CRD)
+|ApiVersion
+|Support state
+
+|LokiStack
+|lokistack.loki.grafana.com/v1
+|Supported in 5.5
+
+|RulerConfig
+|rulerconfig.loki.grafana/v1
+|Supported in 5.7
+
+|AlertingRule
+|alertingrule.loki.grafana/v1
+|Supported in 5.7
+
+|RecordingRule
+|recordingrule.loki.grafana/v1
+|Supported in 5.7
+|===
+
+include::modules/cluster-logging-maintenance-support-list.adoc[leveloffset=+1]
+include::modules/unmanaged-operators.adoc[leveloffset=+1]
+
+[id="cluster-logging-support-must-gather"]
+== Collecting logging data for Red Hat Support
+
+When opening a support case, it is helpful to provide debugging information about your cluster to Red{nbsp}Hat Support.
+
+You can use the
+ifdef::openshift-enterprise,openshift-origin[]
+xref:../support/gathering-cluster-data.adoc#gathering-cluster-data[`must-gather` tool]
+endif::[]
+ifdef::openshift-rosa,openshift-dedicated[]
+link:https://docs.openshift.com/container-platform/latest/support/gathering-cluster-data.html#gathering-cluster-data[`must-gather` tool]
+endif::[]
+to collect diagnostic information for project-level resources, cluster-level resources, and each of the {logging} components.
+
+For prompt support, supply diagnostic information for both {product-title} and {logging}.
+
+[NOTE]
+====
+Do not use the `hack/logging-dump.sh` script. The script is no longer supported and does not collect data.
+====
+
+include::modules/cluster-logging-must-gather-about.adoc[leveloffset=+2]
+include::modules/cluster-logging-must-gather-collecting.adoc[leveloffset=+2]
diff --git a/logging/cluster-logging-uninstall.adoc b/logging/cluster-logging-uninstall.adoc
index 531a1ccff50f..7485e21465aa 100644
--- a/logging/cluster-logging-uninstall.adoc
+++ b/logging/cluster-logging-uninstall.adoc
@@ -1,19 +1,20 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-uninstall
 [id="cluster-logging-uninstall"]
-= Uninstalling OpenShift Logging
+= Uninstalling Logging
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can remove the {logging} from your {product-title} cluster.
+You can remove {logging} from your {product-title} cluster by removing installed Operators and related custom resources (CRs).
 
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
+include::modules/uninstall-cluster-logging-operator.adoc[leveloffset=+1]
+include::modules/uninstall-logging-delete-pvcs.adoc[leveloffset=+1]
+include::modules/uninstall-loki-operator.adoc[leveloffset=+1]
+include::modules/uninstall-es-operator.adoc[leveloffset=+1]
 
-include::modules/cluster-logging-uninstall.adoc[leveloffset=+1]
+//Generic deleting operators from a cluster using CLI
+include::modules/olm-deleting-operators-from-a-cluster-using-cli.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
@@ -22,4 +23,4 @@ ifdef::openshift-enterprise,openshift-origin[]
 endif::[]
 ifdef::openshift-rosa,openshift-dedicated[]
 * link:https://docs.openshift.com/container-platform/latest/storage/understanding-persistent-storage.html#reclaim-manual_understanding-persistent-storage[Reclaiming a persistent volume manually]
-endif::[]
\ No newline at end of file
+endif::[]
diff --git a/logging/cluster-logging-upgrading.adoc b/logging/cluster-logging-upgrading.adoc
index 9b6bee0ea1cc..ac2536b88589 100644
--- a/logging/cluster-logging-upgrading.adoc
+++ b/logging/cluster-logging-upgrading.adoc
@@ -1,20 +1,31 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-upgrading
-[id="cluster-logging-upgrading"]
-= Updating OpenShift Logging
 include::_attributes/common-attributes.adoc[]
+[id="cluster-logging-upgrading"]
+= Updating Logging
 
 toc::[]
 
-[id="cluster-logging-supported-versions"]
-== Supported Versions
-For version compatibility and support information, see link:https://access.redhat.com/support/policy/updates/openshift#logging[Red Hat OpenShift Container Platform Life Cycle Policy]
+There are two types of {logging} updates: minor release updates (5.y.z) and major release updates (5.y).
+
+[id="cluster-logging-upgrading-minor"]
+== Minor release updates
+
+If you installed the {logging} Operators using the *Automatic* update approval option, your Operators receive minor version updates automatically. You do not need to complete any manual update steps.
+
+If you installed the {logging} Operators using the *Manual* update approval option, you must manually approve minor version updates. For more information, see xref:../operators/admin/olm-upgrading-operators.adoc#olm-approving-pending-upgrade_olm-upgrading-operators[Manually approving a pending Operator update].
+
+[id="cluster-logging-upgrading-major"]
+== Major release updates
+
+For major version updates you must complete some manual steps.
+
+For major release version compatibility and support information, see link:https://access.redhat.com/support/policy/updates/openshift_operators#platform-agnostic[OpenShift Operator Life Cycles].
 
-To upgrade from cluster logging in {product-title} version 4.6 and earlier to OpenShift Logging 5.x, you update the {product-title} cluster to version 4.7 or 4.8. Then, you update the following operators:
+include::modules/logging-operator-upgrading-all-ns.adoc[leveloffset=+1]
 
-* From Elasticsearch Operator 4.x to OpenShift Elasticsearch Operator 5.x
-* From Cluster Logging Operator 4.x to Red Hat OpenShift Logging Operator 5.x
+include::modules/logging-upgrading-clo.adoc[leveloffset=+1]
 
-To upgrade from a previous version of OpenShift Logging to the current version, you update OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator to their current versions.
+include::modules/logging-upgrading-loki.adoc[leveloffset=+1]
 
-include::modules/cluster-logging-updating-logging-to-current.adoc[leveloffset=+1]
+include::modules/cluster-logging-upgrading-elasticsearch.adoc[leveloffset=+1]
diff --git a/logging/cluster-logging-visualizer.adoc b/logging/cluster-logging-visualizer.adoc
deleted file mode 100644
index 6ded5d71ff00..000000000000
--- a/logging/cluster-logging-visualizer.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-visualizer
-[id="cluster-logging-visualizer-using"]
-= Viewing cluster logs by using Kibana
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-The {logging} includes a web console for visualizing collected log data. Currently, {product-title} deploys the Kibana console for visualization.
-
-Using the log visualizer, you can do the following with your data:
-
-* search and browse the data using the *Discover* tab.
-* chart and map the data using the *Visualize* tab.
-* create and view custom dashboards using the *Dashboard* tab.
-
-Use and configuration of the Kibana interface is beyond the scope of this documentation. For more information,
-on using the interface, see the link:https://www.elastic.co/guide/en/kibana/6.8/connect-to-elasticsearch.html[Kibana documentation].
-
-[NOTE]
-====
-The audit logs are not stored in the internal {product-title} Elasticsearch instance by default. To view the audit logs in Kibana, you must use the xref:../logging/config/cluster-logging-log-store.adoc#cluster-logging-elasticsearch-audit_cluster-logging-store[Log Forwarding API] to configure a pipeline that uses the `default` output for audit logs.
-====
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-visualizer-indices.adoc[leveloffset=+1]
-include::modules/cluster-logging-visualizer-kibana.adoc[leveloffset=+1]
diff --git a/logging/cluster-logging.adoc b/logging/cluster-logging.adoc
index 3ee017345a73..66fd659dc53b 100644
--- a/logging/cluster-logging.adoc
+++ b/logging/cluster-logging.adoc
@@ -1,89 +1,51 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="cluster-logging"]
-= Understanding the {logging-title}
+= About Logging
 :context: cluster-logging
 
 toc::[]
 
-ifdef::openshift-enterprise,openshift-rosa,openshift-dedicated,openshift-webscale,openshift-origin[]
-As a cluster administrator, you can deploy the {logging} to aggregate all the logs from your {product-title} cluster, such as node system audit logs, application container logs, and infrastructure logs. The {logging} aggregates these logs from throughout your cluster and stores them in a default log store. You can xref:../logging/cluster-logging-visualizer.adoc#cluster-logging-visualizer[use the Kibana web console to visualize log data].
+As a cluster administrator, you can deploy {logging} on an {product-title} cluster, and use it to collect and aggregate node system audit logs, application container logs, and infrastructure logs. You can forward logs to your chosen log outputs, including on-cluster, Red{nbsp}Hat managed log storage. You can also visualize your log data in the {product-title} web console, or the Kibana web console, depending on your deployed log storage solution.
 
-The {logging} aggregates the following types of logs:
+include::snippets/logging-kibana-dep-snip.adoc[]
 
-* `application` - Container logs generated by user applications running in the cluster, except infrastructure container applications.
-* `infrastructure` - Logs generated by infrastructure components running in the cluster and {product-title} nodes, such as journal logs. Infrastructure components are pods that run in the `openshift*`, `kube*`, or `default` projects.
-* `audit` - Logs generated by auditd, the node audit system, which are stored in the */var/log/audit/audit.log* file, and the audit logs from the Kubernetes apiserver and the OpenShift apiserver.
+{product-title} cluster administrators can deploy {logging} by using Operators. For information, see xref:../logging/cluster-logging-deploying.adoc#cluster-logging-deploying[Installing {logging}].
+
+The Operators are responsible for deploying, upgrading, and maintaining {logging}. After the Operators are installed, you can create a `ClusterLogging` custom resource (CR) to schedule {logging} pods and other resources necessary to support {logging}. You can also create a `ClusterLogForwarder` CR to specify which logs are collected, how they are transformed, and where they are forwarded to.
 
 [NOTE]
 ====
-Because the internal {product-title} Elasticsearch log store does not provide secure storage for audit logs, audit logs are not stored in the internal Elasticsearch instance by default. If you want to send the audit logs to the default internal Elasticsearch log store, for example to view the audit logs in Kibana, you must use the Log Forwarding API as described in xref:../logging/config/cluster-logging-log-store.adoc#cluster-logging-elasticsearch-audit_cluster-logging-store[Forward audit logs to the log store].
+Because the internal {product-title} Elasticsearch log store does not provide secure storage for audit logs, audit logs are not stored in the internal Elasticsearch instance by default. If you want to send the audit logs to the default internal Elasticsearch log store, for example to view the audit logs in Kibana, you must use the Log Forwarding API as described in xref:../logging/log_storage/logging-config-es-store.adoc#cluster-logging-elasticsearch-audit_logging-config-es-store[Forward audit logs to the log store].
 ====
-endif::[]
 
-include::modules/logging-support-considerations.adoc[leveloffset=+1]
+include::modules/logging-architecture-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../logging/log_visualization/log-visualization-ocp-console.adoc#log-visualization-ocp-console[Log visualization with the web console]
 
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
+include::modules/cluster-logging-about.adoc[leveloffset=+1]
 
 ifdef::openshift-rosa,openshift-dedicated[]
 include::modules/cluster-logging-cloudwatch.adoc[leveloffset=+1]
 .Next steps
-* See xref:../logging/cluster-logging-external.html#cluster-logging-collector-log-forward-cloudwatch_cluster-logging-external[Forwarding logs to Amazon CloudWatch] for instructions.
+* See xref:../logging/log_collection_forwarding/configuring-log-forwarding.adoc#cluster-logging-collector-log-forward-cloudwatch_configuring-log-forwarding[Forwarding logs to Amazon CloudWatch] for instructions.
 endif::[]
 
-include::modules/logging-common-terms.adoc[leveloffset=+1]
-include::modules/cluster-logging-about.adoc[leveloffset=+1]
-
-For information, see xref:../logging/cluster-logging-deploying.adoc#cluster-logging-deploying[Installing the {logging-title}].
-
 include::modules/cluster-logging-json-logging-about.adoc[leveloffset=+2]
 
 include::modules/cluster-logging-collecting-storing-kubernetes-events.adoc[leveloffset=+2]
 
-For information, see xref:../logging/cluster-logging-eventrouter.adoc#cluster-logging-eventrouter[About collecting and storing Kubernetes events].
-
-include::modules/cluster-logging-update-logging.adoc[leveloffset=+2]
-
-For information, see xref:../logging/cluster-logging-upgrading.adoc#cluster-logging-upgrading[Updating OpenShift Logging].
-
-include::modules/cluster-logging-view-cluster-dashboards.adoc[leveloffset=+2]
-
-For information, see xref:../logging/cluster-logging-dashboards.adoc#cluster-logging-dashboards[About viewing the cluster dashboard].
+For information, see xref:../logging/log_collection_forwarding/cluster-logging-eventrouter.adoc#cluster-logging-eventrouter[About collecting and storing Kubernetes events].
 
 include::modules/cluster-logging-troubleshoot-logging.adoc[leveloffset=+2]
 
-include::modules/cluster-logging-Uninstall-logging.adoc[leveloffset=+2]
-
-For information, see xref:../logging/cluster-logging-uninstall.adoc#cluster-logging-uninstall_cluster-logging-uninstall[Uninstalling OpenShift Logging].
-
 include::modules/cluster-logging-export-fields.adoc[leveloffset=+2]
 
 For information, see xref:../logging/cluster-logging-exported-fields.adoc#cluster-logging-exported-fields[About exporting fields].
 
-include::modules/cluster-logging-about-components.adoc[leveloffset=+2]
-
-include::modules/cluster-logging-about-collector.adoc[leveloffset=+2]
-
-For information, see xref:../logging/config/cluster-logging-collector.adoc#cluster-logging-collector[Configuring the logging collector].
-
-include::modules/cluster-logging-about-logstore.adoc[leveloffset=+2]
-
-For information, see xref:../logging/config/cluster-logging-log-store.adoc#cluster-logging-store[Configuring the log store].
-
-include::modules/cluster-logging-about-visualizer.adoc[leveloffset=+2]
-
-For information, see xref:../logging/config/cluster-logging-visualizer.adoc#cluster-logging-visualizer[Configuring the log visualizer].
-
 include::modules/cluster-logging-eventrouter-about.adoc[leveloffset=+2]
 
-For information, see xref:../logging/cluster-logging-eventrouter.adoc#cluster-logging-eventrouter[Collecting and storing Kubernetes events].
-
-include::modules/cluster-logging-forwarding-about.adoc[leveloffset=+2]
-
-For information, see xref:../logging/cluster-logging-external.adoc#cluster-logging-external[Forwarding logs to third-party systems].
-
-include::modules/cluster-logging-feature-reference.adoc[leveloffset=+1]
+For information, see xref:../logging/log_collection_forwarding/cluster-logging-eventrouter.adoc#cluster-logging-eventrouter[Collecting and storing Kubernetes events].
diff --git a/logging/config/cluster-logging-collector.adoc b/logging/config/cluster-logging-collector.adoc
deleted file mode 100644
index d19b0ce8a72a..000000000000
--- a/logging/config/cluster-logging-collector.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-collector
-[id="cluster-logging-collector"]
-= Configuring the logging collector
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-
-toc::[]
-
-{logging-title-uc} collects operations and application logs from your cluster and enriches the data with Kubernetes pod and project metadata.
-
-You can configure the CPU and memory limits for the log collector and xref:../../logging/config/cluster-logging-moving-nodes.adoc#cluster-logging-moving[move the log collector pods to specific nodes]. All supported modifications to the log collector can be performed though the `spec.collection.log.fluentd` stanza in the `ClusterLogging` custom resource (CR).
-
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-maintenance-support-about.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-pod-location.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-limits.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-tuning.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-removing-unused-components-if-no-elasticsearch.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../logging/cluster-logging-external.adoc#cluster-logging-external[Forwarding logs to third-party systems]
diff --git a/logging/config/cluster-logging-configuring-cr.adoc b/logging/config/cluster-logging-configuring-cr.adoc
deleted file mode 100644
index 4cb8c3f1d142..000000000000
--- a/logging/config/cluster-logging-configuring-cr.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-configuring-cr
-[id="cluster-logging-configuring-cr"]
-= About the Cluster Logging custom resource
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-To configure {logging-title} you customize the `ClusterLogging` custom resource (CR).
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-about-crd.adoc[leveloffset=+1]
diff --git a/logging/config/cluster-logging-configuring.adoc b/logging/config/cluster-logging-configuring.adoc
index 251f7e03d361..a19b38c7f7af 100644
--- a/logging/config/cluster-logging-configuring.adoc
+++ b/logging/config/cluster-logging-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-configuring
 [id="cluster-logging-configuring"]
 = Configuring OpenShift Logging
@@ -9,7 +9,7 @@ toc::[]
 {logging-title-uc} is configurable using a `ClusterLogging` custom resource (CR) deployed
 in the `openshift-logging` project.
 
-The {logging} operator watches for changes to `ClusterLogging` CR,
+The {clo} watches for changes to `ClusterLogging` CR,
 creates any missing logging components, and adjusts the logging environment accordingly.
 
 The `ClusterLogging` CR is based on the `ClusterLogging` custom resource definition (CRD), which defines a complete {logging} environment and includes all the components of the logging stack to collect, store and visualize logs.
@@ -52,7 +52,7 @@ spec:
       resources: null
     type: kibana
 ----
-You can configure the following for the {logging}:
+You can configure the following for {logging}:
 
 * You can overwrite the image for each {logging} component by modifying the appropriate
 environment variable in the `cluster-logging-operator` Deployment.
@@ -77,5 +77,5 @@ The Rsyslog log collector is currently a Technology Preview feature.
 
 [IMPORTANT]
 ====
-The logging routes are managed by the {logging-title} Operator and cannot be modified by the user.
+The logging routes are managed by the {clo} and cannot be modified by the user.
 ====
diff --git a/logging/config/cluster-logging-log-store.adoc b/logging/config/cluster-logging-log-store.adoc
deleted file mode 100644
index 0292b0ffe999..000000000000
--- a/logging/config/cluster-logging-log-store.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-:_content-type: ASSEMBLY
-[id="cluster-logging-store"]
-= Configuring the log store
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: cluster-logging-store
-
-toc::[]
-
-{logging-title-uc} uses Elasticsearch 6 (ES) to store and organize the log data.
-
-You can make modifications to your log store, including:
-
-* storage for your Elasticsearch cluster
-* shard replication across data nodes in the cluster, from full replication to no replication
-* external access to Elasticsearch data
-
-//Following paragraph also in modules/cluster-logging-deploy-storage-considerations.adoc
-
-Elasticsearch is a memory-intensive application. Each Elasticsearch node needs at least 16G of memory for both memory requests and limits, unless you specify otherwise in the `ClusterLogging` custom resource. The initial set of {product-title} nodes might not be large enough to support the Elasticsearch cluster. You must add additional nodes to the {product-title} cluster to run with the recommended
-or higher memory, up to a maximum of 64G for each Elasticsearch node.
-
-Each Elasticsearch node can operate with a lower memory setting, though this is not recommended for production environments.
-
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-elasticsearch-audit.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For more information on the Log Forwarding API, see xref:../../logging/cluster-logging-external.adoc#cluster-logging-external[Forwarding logs using the Log Forwarding API].
-
-include::modules/cluster-logging-elasticsearch-retention.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-logstore-limits.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-elasticsearch-ha.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-elasticsearch-scaledown.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-elasticsearch-storage.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-elasticsearch-persistent-storage-empty.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-manual-rollout-rolling.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-elasticsearch-exposing.adoc[leveloffset=+1]
diff --git a/logging/config/cluster-logging-maintenance-support.adoc b/logging/config/cluster-logging-maintenance-support.adoc
deleted file mode 100644
index fba711d9d4be..000000000000
--- a/logging/config/cluster-logging-maintenance-support.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-unsupported
-[id="cluster-logging-maintenance-and-support"]
-= Maintenance and support
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-include::modules/cluster-logging-maintenance-support-about.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-maintenance-support-list.adoc[leveloffset=+1]
-
-include::modules/unmanaged-operators.adoc[leveloffset=+1]
diff --git a/logging/config/cluster-logging-memory.adoc b/logging/config/cluster-logging-memory.adoc
index 154fd68985c4..b563f23c4b25 100644
--- a/logging/config/cluster-logging-memory.adoc
+++ b/logging/config/cluster-logging-memory.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-memory
 [id="cluster-logging-memory"]
 = Configuring CPU and memory limits for {logging} components
diff --git a/logging/config/cluster-logging-moving-nodes.adoc b/logging/config/cluster-logging-moving-nodes.adoc
deleted file mode 100644
index 89ca4a5032be..000000000000
--- a/logging/config/cluster-logging-moving-nodes.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-moving
-[id="cluster-logging-moving"]
-= Moving {logging} resources with node selectors
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-
-
-
-
-You can use node selectors to deploy the Elasticsearch and Kibana pods to different nodes.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/infrastructure-moving-logging.adoc[leveloffset=+1]
diff --git a/logging/config/cluster-logging-storage-considerations.adoc b/logging/config/cluster-logging-storage-considerations.adoc
deleted file mode 100644
index 83d432692e54..000000000000
--- a/logging/config/cluster-logging-storage-considerations.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-storage
-[id="cluster-logging-storage"]
-= Configuring {logging} storage
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-
-Elasticsearch is a memory-intensive application. The default {logging} installation deploys 16G of memory for both memory requests and memory limits.
-The initial set of {product-title} nodes might not be large enough to support the Elasticsearch cluster. You must add additional nodes to the {product-title} cluster to run with the recommended or higher memory. Each Elasticsearch node can operate with a lower memory setting, though this is not recommended for production environments.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-
-include::modules/cluster-logging-deploy-storage-considerations.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="cluster-logging-storage-considerations-addtl-resources"]
-== Additional resources
-
-* xref:../../logging/config/cluster-logging-log-store.adoc#cluster-logging-elasticsearch-storage_cluster-logging-store[Configuring persistent storage for the log store]
diff --git a/logging/config/cluster-logging-systemd.adoc b/logging/config/cluster-logging-systemd.adoc
index aa6fb1228fc8..d04520fa6022 100644
--- a/logging/config/cluster-logging-systemd.adoc
+++ b/logging/config/cluster-logging-systemd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-systemd
 [id="cluster-logging-systemd"]
 = Configuring systemd-journald and Fluentd
diff --git a/logging/config/cluster-logging-tolerations.adoc b/logging/config/cluster-logging-tolerations.adoc
deleted file mode 100644
index aeb9ce64e70b..000000000000
--- a/logging/config/cluster-logging-tolerations.adoc
+++ /dev/null
@@ -1,104 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-tolerations
-[id="cluster-logging-tolerations"]
-= Using tolerations to control OpenShift Logging pod placement
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-You can use taints and tolerations to ensure that {logging} pods run
-on specific nodes and that no other workload can run on those nodes.
-
-Taints and tolerations are simple `key:value` pair. A taint on a node
-instructs the node to repel all pods that do not tolerate the taint.
-
-The `key` is any string, up to 253 characters and the `value` is any string up to 63 characters.
-The string must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores.
-
-.Sample {logging} CR with tolerations
-[source,yaml]
-----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
-metadata:
-  name: "instance"
-  namespace: openshift-logging
-
-...
-
-spec:
-  managementState: "Managed"
-  logStore:
-    type: "elasticsearch"
-    elasticsearch:
-      nodeCount: 3
-      tolerations: <1>
-      - key: "logging"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 6000
-      resources:
-        limits:
-          memory: 16Gi
-        requests:
-          cpu: 200m
-          memory: 16Gi
-      storage: {}
-      redundancyPolicy: "ZeroRedundancy"
-  visualization:
-    type: "kibana"
-    kibana:
-      tolerations: <2>
-      - key: "logging"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 6000
-      resources:
-        limits:
-          memory: 2Gi
-        requests:
-          cpu: 100m
-          memory: 1Gi
-      replicas: 1
-  collection:
-    logs:
-      type: "fluentd"
-      fluentd:
-        tolerations: <3>
-        - key: "logging"
-          operator: "Exists"
-          effect: "NoExecute"
-          tolerationSeconds: 6000
-        resources:
-          limits:
-            memory: 2Gi
-          requests:
-            cpu: 100m
-            memory: 1Gi
-----
-
-<1> This toleration is added to the Elasticsearch pods.
-<2> This toleration is added to the Kibana pod.
-<3> This toleration is added to the logging collector pods.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-elasticsearch-tolerations.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-kibana-tolerations.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-collector-tolerations.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="cluster-logging-tolerations-addtl-resources"]
-== Additional resources
-
-ifdef::openshift-enterprise,openshift-origin[]
-* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints].
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-* link:https://docs.openshift.com/container-platform/latest/nodes/scheduling/nodes-scheduler-taints-tolerations.html#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints].
-endif::[]
\ No newline at end of file
diff --git a/logging/config/cluster-logging-visualizer.adoc b/logging/config/cluster-logging-visualizer.adoc
deleted file mode 100644
index f1d0670fe26f..000000000000
--- a/logging/config/cluster-logging-visualizer.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-visualizer
-[id="cluster-logging-visualizer"]
-= Configuring the log visualizer
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-{product-title} uses Kibana to display the log data collected by the {logging}.
-
-You can scale Kibana for redundancy and configure the CPU and memory for your Kibana nodes.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/cluster-logging-cpu-memory.adoc[leveloffset=+1]
-
-include::modules/cluster-logging-kibana-scaling.adoc[leveloffset=+1]
diff --git a/logging/dedicated-cluster-deploying.adoc b/logging/dedicated-cluster-deploying.adoc
index 3c618d182d34..7ead3ad9a37e 100644
--- a/logging/dedicated-cluster-deploying.adoc
+++ b/logging/dedicated-cluster-deploying.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: dedicated-cluster-deploying
 [id="dedicated-cluster-deploying"]
 = Installing the Red Hat OpenShift Logging Operator and OpenShift Elasticsearch Operator
diff --git a/logging/dedicated-cluster-logging.adoc b/logging/dedicated-cluster-logging.adoc
index 9da78a1e6091..4fb9aa183de7 100644
--- a/logging/dedicated-cluster-logging.adoc
+++ b/logging/dedicated-cluster-logging.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: dedicated-cluster-logging
 [id="dedicated-cluster-logging"]
-= Configuring the {logging-title}
+= Configuring {logging}
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
diff --git a/rosa_support/remote_health_monitoring/_attributes b/logging/log_collection_forwarding/_attributes
similarity index 100%
rename from rosa_support/remote_health_monitoring/_attributes
rename to logging/log_collection_forwarding/_attributes
diff --git a/logging/log_collection_forwarding/cluster-logging-collector.adoc b/logging/log_collection_forwarding/cluster-logging-collector.adoc
new file mode 100644
index 000000000000..827641f88c2f
--- /dev/null
+++ b/logging/log_collection_forwarding/cluster-logging-collector.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-collector
+[id="cluster-logging-collector"]
+= Configuring the logging collector
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+
+toc::[]
+
+{logging-title-uc} collects operations and application logs from your cluster and enriches the data with Kubernetes pod and project metadata.
+All supported modifications to the log collector can be performed though the `spec.collection` stanza in the `ClusterLogging` custom resource (CR).
+
+include::modules/configuring-logging-collector.adoc[leveloffset=+1]
+
+include::modules/log-collector-resources-scheduling.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-pod-location.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-limits.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-tuning.adoc[leveloffset=+1]
diff --git a/logging/log_collection_forwarding/cluster-logging-enabling-json-logging.adoc b/logging/log_collection_forwarding/cluster-logging-enabling-json-logging.adoc
new file mode 100644
index 000000000000..52f93e1e6418
--- /dev/null
+++ b/logging/log_collection_forwarding/cluster-logging-enabling-json-logging.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-enabling-json-logging
+[id="cluster-logging-enabling-json-logging"]
+= Enabling JSON log forwarding
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+You can configure the Log Forwarding API to parse JSON strings into a structured object.
+
+include::modules/cluster-logging-json-log-forwarding.adoc[leveloffset=+1]
+include::modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc[leveloffset=+1]
+include::modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc[leveloffset=+1]
+include::modules/cluster-logging-forwarding-separate-indices.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../logging/log_collection_forwarding/log-forwarding.adoc#log-forwarding[About log forwarding]
diff --git a/logging/log_collection_forwarding/cluster-logging-eventrouter.adoc b/logging/log_collection_forwarding/cluster-logging-eventrouter.adoc
new file mode 100644
index 000000000000..29074d707f53
--- /dev/null
+++ b/logging/log_collection_forwarding/cluster-logging-eventrouter.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-eventrouter
+[id="cluster-logging-eventrouter"]
+= Collecting and storing Kubernetes events
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The {product-title} Event Router is a pod that watches Kubernetes events and logs them for collection by the {logging}. You must manually deploy the Event Router.
+
+The Event Router collects events from all projects and writes them to `STDOUT`. The collector then forwards those events to the store defined in the `ClusterLogForwarder` custom resource (CR).
+
+[IMPORTANT]
+====
+The Event Router adds additional load to Fluentd and can impact the number of other log messages that can be processed.
+====
+
+include::modules/cluster-logging-eventrouter-deploy.adoc[leveloffset=+1]
diff --git a/logging/log_collection_forwarding/configuring-log-forwarding.adoc b/logging/log_collection_forwarding/configuring-log-forwarding.adoc
new file mode 100644
index 000000000000..048ffcb2efd4
--- /dev/null
+++ b/logging/log_collection_forwarding/configuring-log-forwarding.adoc
@@ -0,0 +1,75 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="configuring-log-forwarding"]
+= Configuring log forwarding
+:context: configuring-log-forwarding
+
+toc::[]
+
+By default, the {logging} sends container and infrastructure logs to the default internal log store defined in the `ClusterLogging` custom resource. However, it does not send audit logs to the internal store because it does not provide secure storage. If this default configuration meets your needs, you do not need to configure the Cluster Log Forwarder.
+
+[NOTE]
+====
+To send audit logs to the internal Elasticsearch log store, use the Cluster Log Forwarder as described in xref:../../logging/log_storage/logging-config-es-store.adoc#cluster-logging-elasticsearch-audit_logging-config-es-store[Forwarding audit logs to the log store].
+====
+
+include::modules/cluster-logging-collector-log-forwarding-about.adoc[leveloffset=+1]
+
+include::modules/logging-create-clf.adoc[leveloffset=+1]
+
+include::modules/logging-multiline-except.adoc[leveloffset=+1]
+
+ifndef::openshift-rosa[]
+include::modules/cluster-logging-collector-log-forward-gcp.adoc[leveloffset=+1]
+endif::openshift-rosa[]
+
+include::modules/logging-forward-splunk.adoc[leveloffset=+1]
+
+include::modules/logging-http-forward.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-project.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc[leveloffset=+1]
+
+include::modules/logging-audit-log-filtering.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+ifdef::openshift-enterprise,openshift-origin[]
+* xref:../../networking/ovn_kubernetes_network_provider/logging-network-policy.adoc#logging-network-policy[Logging for egress firewall and network policy rules]
+endif::[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* link:https://docs.openshift.com/container-platform/latest/networking/ovn_kubernetes_network_provider/logging-network-policy.html#logging-network-policy[Logging for egress firewall and network policy rules]
+endif::[]
+
+include::modules/cluster-logging-collector-log-forward-loki.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://grafana.com/docs/loki/latest/configuration/[Configuring Loki server]
+
+include::modules/cluster-logging-collector-log-forward-es.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-fluentd.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-syslog.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-collector-log-forward-kafka.adoc[leveloffset=+1]
+
+// Cloudwatch docs
+include::modules/cluster-logging-collector-log-forward-cloudwatch.adoc[leveloffset=+1]
+include::modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc[leveloffset=+1]
+
+ifdef::openshift-rosa[]
+include::modules/rosa-cluster-logging-collector-log-forward-sts-cloudwatch.adoc[leveloffset=+1]
+endif::[]
+
+ifdef::openshift-enterprise,openshift-origin,openshift-dedicated[]
+include::modules/cluster-logging-collector-log-forward-sts-cloudwatch.adoc[leveloffset=+1]
+endif::[]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html[AWS STS API Reference]
diff --git a/logging/log_collection_forwarding/images b/logging/log_collection_forwarding/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/log_collection_forwarding/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/log_collection_forwarding/log-forwarding.adoc b/logging/log_collection_forwarding/log-forwarding.adoc
new file mode 100644
index 000000000000..47ec3d4d0cc0
--- /dev/null
+++ b/logging/log_collection_forwarding/log-forwarding.adoc
@@ -0,0 +1,49 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="log-forwarding"]
+= About log collection and forwarding
+:context: log-forwarding
+
+toc::[]
+
+The {clo} deploys a collector based on the `ClusterLogForwarder` resource specification. There are two collector options supported by this Operator: the legacy Fluentd collector, and the Vector collector.
+
+include::snippets/logging-fluentd-dep-snip.adoc[]
+
+include::modules/about-log-collection.adoc[leveloffset=+1]
+
+include::modules/logging-vector-fluentd-feature-comparison.adoc[leveloffset=+2]
+
+include::modules/log-forwarding-collector-outputs.adoc[leveloffset=+2]
+
+[id="log-forwarding-about-clf"]
+== Log forwarding
+
+Administrators can create `ClusterLogForwarder` resources that specify which logs are collected, how they are transformed, and where they are forwarded to.
+
+`ClusterLogForwarder` resources can be used up to forward container, infrastructure, and audit logs to specific endpoints within or outside of a cluster. Transport Layer Security (TLS) is supported so that log forwarders can be configured to send logs securely.
+
+Administrators can also authorize RBAC permissions that define which service accounts and users can access and forward which types of logs.
+
+include::modules/log-forwarding-implementations.adoc[leveloffset=+2]
+
+[id="log-forwarding-enabling-multi-clf-feature"]
+=== Enabling the multi log forwarder feature for a cluster
+
+To use the multi log forwarder feature, you must create a service account and cluster role bindings for that service account. You can then reference the service account in the `ClusterLogForwarder` resource to control access permissions.
+
+[IMPORTANT]
+====
+In order to support multi log forwarding in additional namespaces other than the `openshift-logging` namespace, you must xref:../../logging/cluster-logging-upgrading.adoc#logging-operator-upgrading-all-ns_cluster-logging-upgrading[update the {clo} to watch all namespaces]. This functionality is supported by default in new {clo} version 5.8 installations.
+====
+
+include::modules/log-collection-rbac-permissions.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+ifdef::openshift-enterprise[]
+* xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions]
+* xref:../../authentication/using-service-accounts-in-applications.adoc#using-service-accounts-in-applications[Using service accounts in applications]
+endif::[]
+* link:https://kubernetes.io/docs/reference/access-authn-authz/rbac/[Using RBAC Authorization Kubernetes documentation]
diff --git a/logging/log_collection_forwarding/logging-output-types.adoc b/logging/log_collection_forwarding/logging-output-types.adoc
new file mode 100644
index 000000000000..b09edc411acf
--- /dev/null
+++ b/logging/log_collection_forwarding/logging-output-types.adoc
@@ -0,0 +1,32 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="logging-output-types"]
+= Log output types
+:context: logging-output-types
+
+toc::[]
+
+Outputs define the destination where logs are sent to from a log forwarder. You can configure multiple types of outputs in the `ClusterLogForwarder` custom resource (CR) to send logs to servers that support different protocols.
+
+include::modules/supported-log-outputs.adoc[leveloffset=+1]
+
+[id="logging-output-types-descriptions"]
+== Output type descriptions
+
+`default`:: The on-cluster, Red{nbsp}Hat managed log store. You are not required to configure the default output.
++
+[NOTE]
+====
+If you configure a `default` output, you receive an error message, because the `default` output name is reserved for referencing the on-cluster, Red{nbsp}Hat managed log store.
+====
+`loki`:: Loki, a horizontally scalable, highly available, multi-tenant log aggregation system.
+`kafka`:: A Kafka broker. The `kafka` output can use a TCP or TLS connection.
+`elasticsearch`:: An external Elasticsearch instance. The `elasticsearch` output can use a TLS connection.
+`fluentdForward`:: An external log aggregation solution that supports Fluentd. This option uses the Fluentd `forward` protocols. The `fluentForward` output can use a TCP or TLS connection and supports shared-key authentication by providing a `shared_key` field in a secret. Shared-key authentication can be used with or without TLS.
++
+[IMPORTANT]
+====
+The `fluentdForward` output is only supported if you are using the Fluentd collector. It is not supported if you are using the Vector collector. If you are using the Vector collector, you can forward logs to Fluentd by using the `http` output.
+====
+`syslog`:: An external log aggregation solution that supports the syslog link:https://tools.ietf.org/html/rfc3164[RFC3164] or link:https://tools.ietf.org/html/rfc5424[RFC5424] protocols. The `syslog` output can use a UDP, TCP, or TLS connection.
+`cloudwatch`:: Amazon CloudWatch, a monitoring and log storage service hosted by Amazon Web Services (AWS).
diff --git a/virt/vm_templates/modules b/logging/log_collection_forwarding/modules
similarity index 100%
rename from virt/vm_templates/modules
rename to logging/log_collection_forwarding/modules
diff --git a/rosa_support/remote_health_monitoring/snippets b/logging/log_collection_forwarding/snippets
similarity index 100%
rename from rosa_support/remote_health_monitoring/snippets
rename to logging/log_collection_forwarding/snippets
diff --git a/sd_support/remote_health_monitoring/_attributes b/logging/log_storage/_attributes
similarity index 100%
rename from sd_support/remote_health_monitoring/_attributes
rename to logging/log_storage/_attributes
diff --git a/logging/log_storage/about-log-storage.adoc b/logging/log_storage/about-log-storage.adoc
new file mode 100644
index 000000000000..c09b3c8c8464
--- /dev/null
+++ b/logging/log_storage/about-log-storage.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="about-log-storage"]
+= About log storage
+:context: about-log-storage
+
+toc::[]
+
+You can use an internal Loki or Elasticsearch log store on your cluster for storing logs, or you can use a xref:../../logging/log_collection_forwarding/configuring-log-forwarding.adoc#logging-create-clf_configuring-log-forwarding[`ClusterLogForwarder` custom resource (CR)] to forward logs to an external store.
+
+[id="log-storage-overview-types"]
+== Log storage types
+
+Loki is a horizontally scalable, highly available, multi-tenant log aggregation system offered as an alternative to Elasticsearch as a log store for the {logging}.
+
+Elasticsearch indexes incoming log records completely during ingestion. Loki only indexes a few fixed labels during ingestion and defers more complex parsing until after the logs have been stored. This means Loki can collect logs more quickly.
+
+include::modules/cluster-logging-about-es-logstore.adoc[leveloffset=+2]
+
+[id="log-storage-overview-querying"]
+== Querying log stores
+
+You can query Loki by using the link:https://grafana.com/docs/loki/latest/logql/[LogQL log query language].
+
+[role="_additional-resources"]
+[id="additional-resources_log-storage-overview"]
+== Additional resources
+* link:https://grafana.com/docs/loki/latest/get-started/components/[Loki components documentation]
+* link:https://loki-operator.dev/docs/object_storage.md/[Loki Object Storage documentation]
diff --git a/logging/log_storage/cluster-logging-loki.adoc b/logging/log_storage/cluster-logging-loki.adoc
new file mode 100644
index 000000000000..14442e92c08e
--- /dev/null
+++ b/logging/log_storage/cluster-logging-loki.adoc
@@ -0,0 +1,62 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: cluster-logging-loki
+[id="cluster-logging-loki"]
+= Configuring the LokiStack log store
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+In {logging} documentation, _LokiStack_ refers to the {logging} supported combination of Loki and web proxy with {product-title} authentication integration. LokiStack's proxy uses {product-title} authentication to enforce multi-tenancy. _Loki_ refers to the log store as either the individual component or an external store.
+
+include::modules/logging-creating-new-group-cluster-admin-user-role.adoc[leveloffset=+1]
+
+include::modules/logging-loki-restart-hardening.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets[Pod disruption budgets Kubernetes documentation]
+
+include::modules/logging-loki-reliability-hardening.adoc[leveloffset=+1]
+
+include::modules/logging-loki-pod-placement.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podantiaffinity-v1-core[`PodAntiAffinity` v1 core Kubernetes documentation]
+* link:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity[Assigning Pods to Nodes Kubernetes documentation]
+* xref:../../nodes/scheduling/nodes-scheduler-pod-affinity.adoc#nodes-scheduler-pod-affinity[Placing pods relative to other pods using affinity and anti-affinity rules]
+
+include::modules/logging-loki-zone-aware-rep.adoc[leveloffset=+1]
+
+include::modules/logging-loki-zone-fail-recovery.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#spread-constraint-definition[Topology spread constraints Kubernetes documentation]
+* link:https://kubernetes.io/docs/setup/best-practices/multiple-zones/#storage-access-for-zones[Kubernetes storage documentation].
+
+ifdef::openshift-enterprise[]
+* xref:../../nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc#nodes-scheduler-pod-topology-spread-constraints-configuring[Controlling pod placement by using pod topology spread constraints]
+endif::[]
+
+include::modules/logging-loki-log-access.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+ifdef::openshift-enterprise[]
+* xref:../../authentication/using-rbac.adoc[Using RBAC to define and apply permissions]
+endif::[]
+
+include::modules/logging-loki-retention.adoc[leveloffset=+1]
+include::modules/loki-rate-limit-errors.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_cluster-logging-loki"]
+== Additional Resources
+* link:https://grafana.com/docs/loki/latest/get-started/components/[Loki components documentation]
+* link:https://grafana.com/docs/loki/latest/logql/[Loki Query Language (LogQL) documentation]
+* link:https://loki-operator.dev/docs/howto_connect_grafana.md/[Grafana Dashboard documentation]
+* link:https://loki-operator.dev/docs/object_storage.md/[Loki Object Storage documentation]
+* link:https://loki-operator.dev/docs/api.md/#loki-grafana-com-v1-IngestionLimitSpec[{loki-op} `IngestionLimitSpec` documentation]
+* link:https://grafana.com/docs/loki/latest/operations/storage/schema/#changing-the-schema[Loki Storage Schema documentation]
diff --git a/logging/log_storage/images b/logging/log_storage/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/log_storage/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/log_storage/installing-log-storage.adoc b/logging/log_storage/installing-log-storage.adoc
new file mode 100644
index 000000000000..025daa189080
--- /dev/null
+++ b/logging/log_storage/installing-log-storage.adoc
@@ -0,0 +1,62 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="installing-log-storage"]
+= Installing log storage
+:context: installing-log-storage
+
+toc::[]
+
+You can use the {oc-first} or the {product-title} web console to deploy a log store on your {product-title} cluster.
+
+include::snippets/logging-elastic-dep-snip.adoc[]
+
+[id="installing-log-storage-loki"]
+== Deploying a Loki log store
+
+You can use the {loki-op} to deploy an internal Loki log store on your {product-title} cluster.
+After install the {loki-op}, you must configure Loki object storage by creating a secret, and create a `LokiStack` custom resource (CR).
+
+include::modules/loki-deployment-sizing.adoc[leveloffset=+2]
+
+// Loki console install
+include::modules/logging-loki-gui-install.adoc[leveloffset=+2]
+include::modules/loki-create-object-storage-secret-console.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../logging/log_storage/installing-log-storage.adoc#logging-loki-storage_installing-log-storage[Loki object storage]
+
+include::modules/create-lokistack-cr-console.adoc[leveloffset=+2]
+
+// Loki CLI install
+include::modules/logging-loki-cli-install.adoc[leveloffset=+2]
+include::modules/loki-create-object-storage-secret-cli.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../logging/log_storage/installing-log-storage.adoc#logging-loki-storage_installing-log-storage[Loki object storage]
+
+include::modules/create-lokistack-cr-cli.adoc[leveloffset=+2]
+
+// Loki object storage
+include::modules/logging-loki-storage.adoc[leveloffset=+1]
+// create object storage
+include::modules/logging-loki-storage-aws.adoc[leveloffset=+2]
+include::modules/logging-loki-storage-azure.adoc[leveloffset=+2]
+include::modules/logging-loki-storage-gcp.adoc[leveloffset=+2]
+include::modules/logging-loki-storage-minio.adoc[leveloffset=+2]
+include::modules/logging-loki-storage-odf.adoc[leveloffset=+2]
+include::modules/logging-loki-storage-swift.adoc[leveloffset=+2]
+
+[id="installing-log-storage-es"]
+== Deploying an Elasticsearch log store
+
+You can use the {es-op} to deploy an internal Elasticsearch log store on your {product-title} cluster.
+
+include::snippets/logging-elastic-dep-snip.adoc[]
+include::modules/logging-es-storage-considerations.adoc[leveloffset=+2]
+include::modules/logging-install-es-operator.adoc[leveloffset=+2]
+include::modules/cluster-logging-deploy-es-cli.adoc[leveloffset=+2]
+
+// configuring log store in the clusterlogging CR
+include::modules/configuring-log-storage-cr.adoc[leveloffset=+1]
diff --git a/logging/log_storage/logging-config-es-store.adoc b/logging/log_storage/logging-config-es-store.adoc
new file mode 100644
index 000000000000..c87995133e15
--- /dev/null
+++ b/logging/log_storage/logging-config-es-store.adoc
@@ -0,0 +1,42 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="logging-config-es-store"]
+= Configuring the Elasticsearch log store
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: logging-config-es-store
+
+toc::[]
+
+You can use Elasticsearch 6 to store and organize log data.
+
+You can make modifications to your log store, including:
+
+* Storage for your Elasticsearch cluster
+* Shard replication across data nodes in the cluster, from full replication to no replication
+* External access to Elasticsearch data
+
+include::modules/configuring-log-storage-cr.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-elasticsearch-audit.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../logging/log_collection_forwarding/log-forwarding.adoc#log-forwarding[About log collection and forwarding]
+
+include::modules/cluster-logging-elasticsearch-retention.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-logstore-limits.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-elasticsearch-ha.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-elasticsearch-scaledown.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-elasticsearch-storage.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-elasticsearch-persistent-storage-empty.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-manual-rollout-rolling.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-elasticsearch-exposing.adoc[leveloffset=+1]
+
+include::modules/cluster-logging-removing-unused-components-if-no-elasticsearch.adoc[leveloffset=+1]
diff --git a/logging/log_storage/modules b/logging/log_storage/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/logging/log_storage/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/virt/node_maintenance/snippets b/logging/log_storage/snippets
similarity index 100%
rename from virt/node_maintenance/snippets
rename to logging/log_storage/snippets
diff --git a/virt/node_maintenance/_attributes b/logging/log_visualization/_attributes
similarity index 100%
rename from virt/node_maintenance/_attributes
rename to logging/log_visualization/_attributes
diff --git a/logging/log_visualization/cluster-logging-dashboards.adoc b/logging/log_visualization/cluster-logging-dashboards.adoc
new file mode 100644
index 000000000000..0cf36304b28a
--- /dev/null
+++ b/logging/log_visualization/cluster-logging-dashboards.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="cluster-logging-dashboards"]
+= Viewing cluster dashboards
+:context: cluster-logging-dashboards
+
+toc::[]
+
+The *Logging/Elasticsearch Nodes* and *Openshift Logging* dashboards in the
+ifndef::openshift-rosa,openshift-dedicated[]
+{product-title} web console
+endif::[]
+ifdef::openshift-rosa,openshift-dedicated[]
+{cluster-manager-url}
+endif::[]
+contain in-depth details about your Elasticsearch instance and the individual Elasticsearch nodes that you can use to prevent and diagnose problems.
+
+The *OpenShift Logging* dashboard contains charts that show details about your Elasticsearch instance at a cluster level, including cluster resources, garbage collection, shards in the cluster, and Fluentd statistics.
+
+The *Logging/Elasticsearch Nodes* dashboard contains charts that show details about your Elasticsearch instance, many at node level, including details on indexing, shards, resources, and so forth.
+
+include::modules/cluster-logging-dashboards-access.adoc[leveloffset=+1]
+
+For information on the dashboard charts, see xref:../../logging/log_visualization/cluster-logging-dashboards.adoc#cluster-logging-dashboards-logging_cluster-logging-dashboards[About the OpenShift Logging dashboard] and xref:../../logging/log_visualization/cluster-logging-dashboards.adoc#cluster-logging-dashboards-es_cluster-logging-dashboards[About the Logging/Elastisearch Nodes dashboard].
+
+include::modules/cluster-logging-dashboards-logging.adoc[leveloffset=+1]
+include::modules/cluster-logging-dashboards-es.adoc[leveloffset=+1]
diff --git a/logging/log_visualization/images b/logging/log_visualization/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/log_visualization/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/log_visualization/log-visualization-ocp-console.adoc b/logging/log_visualization/log-visualization-ocp-console.adoc
new file mode 100644
index 000000000000..5b2d991e178f
--- /dev/null
+++ b/logging/log_visualization/log-visualization-ocp-console.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="log-visualization-ocp-console"]
+= Log visualization with the web console
+:context: log-visualization-ocp-console
+
+toc::[]
+
+You can use the {product-title} web console to visualize log data by configuring the {log-plug}.
+
+For information about configuring the plugin during the {logging} installation, see xref:../../logging/cluster-logging-deploying.adoc#cluster-logging-deploy-console_cluster-logging-deploying[Installing the {logging} using the web console].
+
+If you have already installed the {logging} and want to configure the plugin, use one of the following procedures.
+
+include::modules/enabling-log-console-plugin.adoc[leveloffset=+1]
+include::modules/logging-plugin-es-loki.adoc[leveloffset=+1]
diff --git a/logging/log_visualization/log-visualization.adoc b/logging/log_visualization/log-visualization.adoc
new file mode 100644
index 000000000000..22513bbbe56c
--- /dev/null
+++ b/logging/log_visualization/log-visualization.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="log-visualization"]
+= About log visualization
+:context: log-visualization
+
+toc::[]
+
+You can visualize your log data in the {product-title} web console, or the Kibana web console, depending on your deployed log storage solution. The Kibana console can be used with ElasticSearch log stores, and the {product-title} web console can be used with the ElasticSearch log store or the LokiStack.
+
+include::snippets/logging-kibana-dep-snip.adoc[]
+
+include::modules/configuring-log-visualizer.adoc[leveloffset=+1]
+
+[id="log-visualization-resource-logs"]
+== Viewing logs for a resource
+
+Resource logs are a default feature that provides limited log viewing capability. You can view the logs for various resources, such as builds, deployments, and pods by using the {oc-first} and the web console.
+
+[TIP]
+====
+To enhance your log retrieving and viewing experience, install the {logging}. The {logging} aggregates all the logs from your {product-title} cluster, such as node system audit logs, application container logs, and infrastructure logs, into a dedicated log store. You can then query, discover, and visualize your log data through the Kibana console or the {product-title} web console. Resource logs do not access the {logging} log store.
+====
+
+include::modules/viewing-resource-logs-cli-console.adoc[leveloffset=+2]
diff --git a/logging/log_visualization/logging-kibana.adoc b/logging/log_visualization/logging-kibana.adoc
new file mode 100644
index 000000000000..6cffbc9fe45b
--- /dev/null
+++ b/logging/log_visualization/logging-kibana.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="logging-kibana"]
+= Log visualization with Kibana
+:context: logging-kibana
+
+toc::[]
+
+If you are using the ElasticSearch log store, you can use the Kibana console to visualize collected log data.
+
+Using Kibana, you can do the following with your data:
+
+* Search and browse the data using the *Discover* tab.
+* Chart and map the data using the *Visualize* tab.
+* Create and view custom dashboards using the *Dashboard* tab.
+
+Use and configuration of the Kibana interface is beyond the scope of this documentation. For more information about using the interface, see the link:https://www.elastic.co/guide/en/kibana/6.8/connect-to-elasticsearch.html[Kibana documentation].
+
+[NOTE]
+====
+The audit logs are not stored in the internal {product-title} Elasticsearch instance by default. To view the audit logs in Kibana, you must use the xref:../../logging/log_storage/logging-config-es-store.adoc#cluster-logging-elasticsearch-audit_logging-config-es-store[Log Forwarding API] to configure a pipeline that uses the `default` output for audit logs.
+====
+
+include::modules/cluster-logging-visualizer-indices.adoc[leveloffset=+1]
+include::modules/cluster-logging-visualizer-kibana.adoc[leveloffset=+1]
+
+[id="logging-kibana-configuring"]
+== Configuring Kibana
+
+You can configure using the Kibana console by modifying the `ClusterLogging` custom resource (CR).
+
+include::modules/cluster-logging-cpu-memory.adoc[leveloffset=+2]
+include::modules/cluster-logging-kibana-scaling.adoc[leveloffset=+2]
diff --git a/logging/log_visualization/modules b/logging/log_visualization/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/logging/log_visualization/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/logging/log_visualization/snippets b/logging/log_visualization/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/logging/log_visualization/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/logging/logging-common-terms.adoc b/logging/logging-common-terms.adoc
new file mode 100644
index 000000000000..4be23e219d67
--- /dev/null
+++ b/logging/logging-common-terms.adoc
@@ -0,0 +1,88 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="openshift-logging-common-terms"]
+= Glossary
+:context: openshift-logging-common-terms
+
+toc::[]
+
+This glossary defines common terms that are used in the {logging} documentation.
+
+Annotation::
+You can use annotations to attach metadata to objects.
+
+{clo}::
+The {clo} provides a set of APIs to control the collection and forwarding of application, infrastructure, and audit logs.
+
+Custom resource (CR)::
+A CR is an extension of the Kubernetes API. To configure the {logging} and log forwarding, you can customize the `ClusterLogging` and the `ClusterLogForwarder` custom resources.
+
+Event router::
+The event router is a pod that watches {product-title} events. It collects logs by using the {logging}.
+
+Fluentd::
+Fluentd is a log collector that resides on each {product-title} node. It gathers application, infrastructure, and audit logs and forwards them to different outputs.
+
+Garbage collection::
+Garbage collection is the process of cleaning up cluster resources, such as terminated containers and images that are not referenced by any running pods.
+
+Elasticsearch::
+Elasticsearch is a distributed search and analytics engine. {product-title} uses Elasticsearch as a default log store for the {logging}.
+
+{es-op}::
+The {es-op} is used to run an Elasticsearch cluster on {product-title}. The {es-op} provides self-service for the Elasticsearch cluster operations and is used by the {logging}.
+
+Indexing::
+Indexing is a data structure technique that is used to quickly locate and access data. Indexing optimizes the performance by minimizing the amount of disk access required when a query is processed.
+
+JSON logging::
+The Log Forwarding API enables you to parse JSON logs into a structured object and forward them to either the {Logging} managed Elasticsearch or any other third-party system supported by the Log Forwarding API.
+
+Kibana::
+Kibana is a browser-based console interface to query, discover, and visualize your Elasticsearch data through histograms, line graphs, and pie charts.
+
+Kubernetes API server::
+Kubernetes API server validates and configures data for the API objects.
+
+Labels::
+Labels are key-value pairs that you can use to organize and select subsets of objects, such as a pod.
+
+Logging::
+With the {logging}, you can aggregate application, infrastructure, and audit logs throughout your cluster. You can also store them to a default log store, forward them to third party systems, and query and visualize the stored logs in the default log store.
+
+Logging collector::
+A logging collector collects logs from the cluster, formats them, and forwards them to the log store or third party systems.
+
+Log store::
+A log store is used to store aggregated logs. You can use an internal log store or forward logs to external log stores.
+
+Log visualizer::
+Log visualizer is the user interface (UI) component you can use to view information such as logs, graphs, charts, and other metrics.
+
+Node::
+A node is a worker machine in the {product-title} cluster. A node is either a virtual machine (VM) or a physical machine.
+
+Operators::
+Operators are the preferred method of packaging, deploying, and managing a Kubernetes application in an {product-title} cluster. An Operator takes human operational knowledge and encodes it into software that is packaged and shared with customers.
+
+Pod::
+A pod is the smallest logical unit in Kubernetes. A pod consists of one or more containers and runs on a worker node.
+
+Role-based access control (RBAC)::
+RBAC is a key security control to ensure that cluster users and workloads have access only to resources required to execute their roles.
+
+Shards::
+Elasticsearch organizes log data from Fluentd into datastores, or indices, then subdivides each index into multiple pieces called shards.
+
+Taint::
+Taints ensure that pods are scheduled onto appropriate nodes. You can apply one or more taints on a node.
+
+Toleration::
+You can apply tolerations to pods. Tolerations allow the scheduler to schedule pods with matching taints.
+
+Web console::
+A user interface (UI) to manage {product-title}.
+ifdef::openshift-rosa,openshift-dedicated[]
+The web console for {product-title} can be found at link:https://console.redhat.com/openshift[https://console.redhat.com/openshift].
+endif::[]
diff --git a/virt/vm_templates/_attributes b/logging/logging_alerts/_attributes
similarity index 100%
rename from virt/vm_templates/_attributes
rename to logging/logging_alerts/_attributes
diff --git a/logging/logging_alerts/custom-logging-alerts.adoc b/logging/logging_alerts/custom-logging-alerts.adoc
new file mode 100644
index 000000000000..9c179d797ede
--- /dev/null
+++ b/logging/logging_alerts/custom-logging-alerts.adoc
@@ -0,0 +1,37 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="custom-logging-alerts"]
+include::_attributes/common-attributes.adoc[]
+= Custom logging alerts
+:context: custom-logging-alerts
+
+toc::[]
+
+In logging 5.7 and later versions, users can configure the LokiStack deployment to produce customized alerts and recorded metrics. If you want to use customized link:https://grafana.com/docs/loki/latest/alert/[alerting and recording rules], you must enable the LokiStack ruler component.
+
+LokiStack log-based alerts and recorded metrics are triggered by providing link:https://grafana.com/docs/loki/latest/query/[LogQL] expressions to the ruler component. The {loki-op} manages a ruler that is optimized for the selected LokiStack size, which can be `1x.extra-small`, `1x.small`, or `1x.medium`.
+
+To provide these expressions, you must create an `AlertingRule` custom resource (CR) containing Prometheus-compatible link:https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/[alerting rules], or a `RecordingRule` CR containing Prometheus-compatible link:https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/[recording rules].
+
+Administrators can configure log-based alerts or recorded metrics for `application`, `audit`, or `infrastructure` tenants. Users without administrator permissions can configure log-based alerts or recorded metrics for `application` tenants of the applications that they have access to.
+
+Application, audit, and infrastructure alerts are sent by default to the {product-title} monitoring stack Alertmanager in the `openshift-monitoring` namespace, unless you have disabled the local Alertmanager instance. If the Alertmanager that is used to monitor user-defined projects in the `openshift-user-workload-monitoring` namespace is enabled, application alerts are sent to the Alertmanager in this namespace by default.
+
+include::modules/configuring-logging-loki-ruler.adoc[leveloffset=+1]
+include::modules/loki-rbac-permissions.adoc[leveloffset=+1]
+
+ifdef::openshift-enterprise[]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions]
+endif::[]
+
+include::modules/logging-enabling-loki-alerts.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_custom-logging-alerts"]
+== Additional resources
+* xref:../../monitoring/monitoring-overview.adoc#about-openshift-monitoring_monitoring-overview[About {product-title} monitoring]
+ifdef::openshift-enterprise[]
+* xref:../../post_installation_configuration/configuring-alert-notifications.adoc#configuring-alert-notifications[Configuring alert notifications]
+endif::[]
+// maybe need an update to https://docs.openshift.com/container-platform/4.13/monitoring/monitoring-overview.html#default-monitoring-targets_monitoring-overview to talk about Loki and Vector now? Are these part of default monitoring?
diff --git a/logging/logging_alerts/default-logging-alerts.adoc b/logging/logging_alerts/default-logging-alerts.adoc
new file mode 100644
index 000000000000..ff29dbcca2c2
--- /dev/null
+++ b/logging/logging_alerts/default-logging-alerts.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="default-logging-alerts"]
+include::_attributes/common-attributes.adoc[]
+= Default logging alerts
+:context: default-logging-alerts
+
+toc::[]
+
+Logging alerts are installed as part of the {clo} installation. Alerts depend on metrics exported by the log collection and log storage backends. These metrics are enabled if you selected the option to *Enable operator recommended cluster monitoring on this namespace* when installing the {clo}. For more information about installing logging Operators, see xref:../../logging/cluster-logging-deploying#cluster-logging-deploy-console_cluster-logging-deploying[Installing {logging} using the web console].
+
+Default logging alerts are sent to the {product-title} monitoring stack Alertmanager in the `openshift-monitoring` namespace, unless you have disabled the local Alertmanager instance.
+
+include::modules/monitoring-accessing-the-alerting-ui.adoc[leveloffset=+1]
+include::modules/logging-vector-collector-alerts.adoc[leveloffset=+1]
+include::modules/logging-fluentd-collector-alerts.adoc[leveloffset=+1]
+include::modules/cluster-logging-elasticsearch-rules.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_default-logging-alerts"]
+== Additional resources
+* xref:../../monitoring/managing-alerts.adoc#modifying-core-platform-alerting-rules_managing-alerts[Modifying core platform alerting rules]
diff --git a/logging/logging_alerts/images b/logging/logging_alerts/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/logging_alerts/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/logging_alerts/modules b/logging/logging_alerts/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/logging/logging_alerts/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/logging/logging_alerts/snippets b/logging/logging_alerts/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/logging/logging_alerts/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/logging/logging_release_notes/_attributes b/logging/logging_release_notes/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/logging/logging_release_notes/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/logging/logging_release_notes/images b/logging/logging_release_notes/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/logging_release_notes/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/logging_release_notes/logging-5-7-release-notes.adoc b/logging/logging_release_notes/logging-5-7-release-notes.adoc
new file mode 100644
index 000000000000..f5834035ec2e
--- /dev/null
+++ b/logging/logging_release_notes/logging-5-7-release-notes.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="logging-5-7-release-notes"]
+include::_attributes/common-attributes.adoc[]
+= Logging 5.7
+:context: logging-5-7-release-notes
+
+toc::[]
+
+include::snippets/logging-compatibility-snip.adoc[]
+
+include::snippets/logging-stable-updates-snip.adoc[]
+
+include::modules/logging-release-notes-5-7-8.adoc[leveloffset=+1]
+
+include::modules/logging-rn-5.7.7.adoc[leveloffset=+1]
+
+include::modules/logging-rn-5.7.6.adoc[leveloffset=+1]
+
+// No release notes for 5.7.5 since this was a CVE only releases. In the future, add a link to the CVE.
+
+include::modules/logging-rn-5.7.4.adoc[leveloffset=+1]
+
+include::modules/logging-rn-5.7.3.adoc[leveloffset=+1]
+
+include::modules/logging-rn-5.7.2.adoc[leveloffset=+1]
+
+include::modules/logging-rn-5.7.1.adoc[leveloffset=+1]
+
+include::modules/logging-rn-5.7.0.adoc[leveloffset=+1]
diff --git a/logging/logging_release_notes/logging-5-8-release-notes.adoc b/logging/logging_release_notes/logging-5-8-release-notes.adoc
new file mode 100644
index 000000000000..7ac9f528e953
--- /dev/null
+++ b/logging/logging_release_notes/logging-5-8-release-notes.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="logging-5-8-release-notes"]
+include::_attributes/common-attributes.adoc[]
+= Logging 5.8
+:context: logging-5-8-release-notes
+
+toc::[]
+
+include::snippets/logging-compatibility-snip.adoc[]
+
+include::snippets/logging-stable-updates-snip.adoc[]
+
+include::modules/logging-release-notes-5-8-2.adoc[leveloffset=+1]
+
+include::modules/logging-release-notes-5-8-1.adoc[leveloffset=+1]
+
+include::modules/logging-release-notes-5-8-0.adoc[leveloffset=+1]
diff --git a/logging/logging_release_notes/modules b/logging/logging_release_notes/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/logging/logging_release_notes/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/logging/logging_release_notes/snippets b/logging/logging_release_notes/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/logging/logging_release_notes/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/logging/performance_reliability/_attributes b/logging/performance_reliability/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/logging/performance_reliability/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/logging/performance_reliability/images b/logging/performance_reliability/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/performance_reliability/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/performance_reliability/logging-flow-control-mechanisms.adoc b/logging/performance_reliability/logging-flow-control-mechanisms.adoc
new file mode 100644
index 000000000000..74f9b542f7ff
--- /dev/null
+++ b/logging/performance_reliability/logging-flow-control-mechanisms.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="logging-flow-control-mechanisms"]
+= Flow control mechanisms
+:context: logging-flow-control-mechanisms
+
+toc::[]
+
+If logs are produced faster than they can be collected, it can be difficult to predict or control the volume of logs being sent to an output.
+Not being able to predict or control the volume of logs being sent to an output can result in logs being lost. If there is a system outage and log buffers are accumulated without user control, this can also cause long recovery times and high latency when the connection is restored.
+
+As an administrator, you can limit logging rates by configuring flow control mechanisms for your {logging}.
+
+[id="logging-configuring-flow-control-benefits"]
+== Benefits of flow control mechanisms
+
+* The cost and volume of logging can be predicted more accurately in advance.
+* Noisy containers cannot produce unbounded log traffic that drowns out other containers.
+* Ignoring low-value logs reduces the load on the logging infrastructure.
+* High-value logs can be preferred over low-value logs by assigning higher rate limits.
+
+[id="logging-configuring-flow-control-about-rate-limits"]
+== Configuring rate limits
+
+Rate limits are configured per collector, which means that the maximum rate of log collection is the number of collector instances multiplied by the rate limit.
+
+Because logs are collected from each node's file system, a collector is deployed on each cluster node. For example, in a 3-node cluster, with a maximum rate limit of 10 records per second per collector, the maximum rate of log collection is 30 records per second.
+
+Because the exact byte size of a record as written to an output can vary due to transformations, different encodings, or other factors, rate limits are set in number of records instead of bytes.
+
+You can configure rate limits in the `ClusterLogForwarder` custom resource (CR) in two ways:
+
+Output rate limit:: Limit the rate of outbound logs to selected outputs, for example, to match the network or storage capacity of an output. The output rate limit controls the aggregated per-output rate.
+
+Input rate limit:: Limit the per-container rate of log collection for selected containers.
+
+include::modules/logging-set-output-rate-limit.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../logging/log_collection_forwarding/logging-output-types.adoc#logging-output-types[Log output types]
+
+include::modules/logging-set-input-rate-limit.adoc[leveloffset=+1]
diff --git a/logging/performance_reliability/modules b/logging/performance_reliability/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/logging/performance_reliability/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/logging/performance_reliability/snippets b/logging/performance_reliability/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/logging/performance_reliability/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/logging/rosa-viewing-logs.adoc b/logging/rosa-viewing-logs.adoc
index 17f65bafe2ae..9196877625fa 100644
--- a/logging/rosa-viewing-logs.adoc
+++ b/logging/rosa-viewing-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-viewing-logs"]
 = Viewing cluster logs in the AWS Console
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/logging/scheduling_resources/_attributes b/logging/scheduling_resources/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/logging/scheduling_resources/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/logging/scheduling_resources/images b/logging/scheduling_resources/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/logging/scheduling_resources/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/logging/scheduling_resources/logging-node-selectors.adoc b/logging/scheduling_resources/logging-node-selectors.adoc
new file mode 100644
index 000000000000..e39331d54223
--- /dev/null
+++ b/logging/scheduling_resources/logging-node-selectors.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="logging-node-selectors"]
+= Using node selectors to move logging resources
+:context: logging-node-selectors
+
+toc::[]
+
+include::snippets/about-node-selectors.adoc[]
+
+include::modules/nodes-scheduler-node-selectors-about.adoc[leveloffset=+1]
+include::modules/infrastructure-moving-logging.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_logging-node-selection"]
+== Additional resources
+* xref:../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
diff --git a/logging/scheduling_resources/logging-taints-tolerations.adoc b/logging/scheduling_resources/logging-taints-tolerations.adoc
new file mode 100644
index 000000000000..221f7d950390
--- /dev/null
+++ b/logging/scheduling_resources/logging-taints-tolerations.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="logging-taints-tolerations"]
+= Using taints and tolerations to control logging pod placement
+:context: logging-taints-tolerations
+
+toc::[]
+
+Taints and tolerations allow the node to control which pods should (or should not) be scheduled on them.
+
+include::modules/nodes-scheduler-taints-tolerations-about.adoc[leveloffset=+1]
+include::modules/cluster-logging-logstore-tolerations.adoc[leveloffset=+1]
+include::modules/cluster-logging-kibana-tolerations.adoc[leveloffset=+1]
+include::modules/cluster-logging-collector-tolerations.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_cluster-logging-tolerations"]
+== Additional resources
+ifdef::openshift-enterprise,openshift-origin[]
+* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints]
+endif::[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* link:https://docs.openshift.com/container-platform/latest/nodes/scheduling/nodes-scheduler-taints-tolerations.html#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints]
+endif::[]
diff --git a/logging/scheduling_resources/modules b/logging/scheduling_resources/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/logging/scheduling_resources/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/logging/scheduling_resources/snippets b/logging/scheduling_resources/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/logging/scheduling_resources/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/logging/sd-accessing-the-service-logs.adoc b/logging/sd-accessing-the-service-logs.adoc
index f1ac7ad2e886..37c28d013121 100644
--- a/logging/sd-accessing-the-service-logs.adoc
+++ b/logging/sd-accessing-the-service-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="sd-accessing-the-service-logs"]
 = Accessing the service logs for {product-title} clusters
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -16,7 +16,7 @@ endif::[]
 // Commented out while the OpenShift Cluster Manager CLI is in Developer Preview:
 //You can view the service logs for your {product-title} (ROSA) clusters by using {cluster-manager-first} or the {cluster-manager} CLI (`ocm`). The service logs detail cluster events such as load balancer quota updates and scheduled maintenance upgrades. The logs also show cluster resource changes such as the addition or deletion of users, groups, and identity providers.
 
-Additionally, you can add notification contacts for 
+Additionally, you can add notification contacts for
 ifdef::openshift-rosa[]
  a ROSA
 endif::[]
diff --git a/logging/troubleshooting/cluster-logging-alerts.adoc b/logging/troubleshooting/cluster-logging-alerts.adoc
deleted file mode 100644
index 63079a60893e..000000000000
--- a/logging/troubleshooting/cluster-logging-alerts.adoc
+++ /dev/null
@@ -1,37 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-alerts
-[id="cluster-logging-alerts"]
-= Understanding {logging} alerts
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-
-toc::[]
-
-All of the logging collector alerts are listed on the Alerting UI of the  
-ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} web console. 
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-{cluster-manager-url}. 
-endif::[]
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-
-include::modules/cluster-logging-collector-alerts-viewing.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* For more information on the Alerting UI, see 
-ifdef::openshift-enterprise,openshift-origin[]
-xref:../../monitoring/managing-alerts.adoc#managing-alerts[Managing alerts].
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-link:https://docs.openshift.com/container-platform/latest/monitoring/managing-alerts.html#managing-alerts[Managing alerts].
-endif::[]
-
-include::modules/cluster-logging-collector-alerts.adoc[leveloffset=+1]
-include::modules/cluster-logging-elasticsearch-rules.adoc[leveloffset=+1]
diff --git a/logging/troubleshooting/cluster-logging-cluster-status.adoc b/logging/troubleshooting/cluster-logging-cluster-status.adoc
index 22b4c854a6a3..9f469f1e6831 100644
--- a/logging/troubleshooting/cluster-logging-cluster-status.adoc
+++ b/logging/troubleshooting/cluster-logging-cluster-status.adoc
@@ -1,18 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-cluster-status
 [id="cluster-logging-cluster-status"]
-= Viewing OpenShift Logging status
+= Viewing Logging status
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can view the status of the Red Hat OpenShift Logging Operator and for a number of {logging} components.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
+You can view the status of the {clo} and other {logging} components.
 
 include::modules/cluster-logging-clo-status.adoc[leveloffset=+1]
 
diff --git a/logging/troubleshooting/cluster-logging-log-store-status.adoc b/logging/troubleshooting/cluster-logging-log-store-status.adoc
index 49644546fbd8..44db6c6b4aa8 100644
--- a/logging/troubleshooting/cluster-logging-log-store-status.adoc
+++ b/logging/troubleshooting/cluster-logging-log-store-status.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: cluster-logging-elasticsearch
 [id="cluster-logging-log-store-status"]
 = Viewing the status of the Elasticsearch log store
@@ -6,13 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can view the status of the OpenShift Elasticsearch Operator and for a number of Elasticsearch components.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
+You can view the status of the {es-op} and for a number of Elasticsearch components.
 
 include::modules/cluster-logging-log-store-status-viewing.adoc[leveloffset=+1]
 
diff --git a/logging/troubleshooting/cluster-logging-must-gather.adoc b/logging/troubleshooting/cluster-logging-must-gather.adoc
deleted file mode 100644
index 57f44d87f1b9..000000000000
--- a/logging/troubleshooting/cluster-logging-must-gather.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-:_content-type: ASSEMBLY
-:context: cluster-logging-must-gather
-[id="cluster-logging-must-gather"]
-= Collecting logging data for Red Hat Support
-include::_attributes/common-attributes.adoc[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-
-toc::[]
-
-When opening a support case, it is helpful to provide debugging information about your cluster to Red Hat Support.
-
-The 
-ifdef::openshift-enterprise,openshift-origin[]
-xref:../../support/gathering-cluster-data.adoc#gathering-cluster-data[`must-gather` tool] 
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-link:https://docs.openshift.com/container-platform/latest/support/gathering-cluster-data.html#gathering-cluster-data[`must-gather` tool]
-endif::[]
-enables you to collect diagnostic information for project-level resources, cluster-level resources, and each of the {logging} components.
-
-For prompt support, supply diagnostic information for both {product-title} and OpenShift Logging.
-
-[NOTE]
-====
-Do not use the `hack/logging-dump.sh` script. The script is no longer supported and does not collect data.
-====
-
-include::modules/cluster-logging-must-gather-about.adoc[leveloffset=+1]
-
-[id="cluster-logging-must-gather-prereqs"]
-== Prerequisites
-
-* The {logging} and Elasticsearch must be installed.
-
-include::modules/cluster-logging-must-gather-collecting.adoc[leveloffset=+1]
diff --git a/logging/troubleshooting/cluster-logging-troubleshooting-for-critical-alerts.adoc b/logging/troubleshooting/cluster-logging-troubleshooting-for-critical-alerts.adoc
deleted file mode 100644
index f58cef1f008c..000000000000
--- a/logging/troubleshooting/cluster-logging-troubleshooting-for-critical-alerts.adoc
+++ /dev/null
@@ -1,554 +0,0 @@
-:_content-type: ASSEMBLY
-[id="cluster-logging-troubleshooting-for-critical-alerts"]
-= Troubleshooting for Critical Alerts
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-:toclevels: 2
-
-// WARNING - DO NOT ALTER THE URL PATH OF THIS CONTENT, OR YOU WILL BREAK LINKS FROM ALERT MESSAGES THAT LINK TO THIS CONTENT.
-// However, if you must make such changes, consult with the logging team beforehand.
-
-
-[id="elasticsearch-cluster-health-is-red"]
-== Elasticsearch Cluster Health is Red
-
-At least one primary shard and its replicas are not allocated to a node.
-
-.Troubleshooting
-
-. Check the Elasticsearch cluster health and verify that the cluster `status` is red.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- health
-----
-
-. List the nodes that have joined the cluster.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cat/nodes?v
-----
-
-. List the Elasticsearch pods and compare them with the nodes in the command output from the previous step.
-+
-[source,terminal]
-----
-oc -n openshift-logging get pods -l component=elasticsearch
-----
-
-. If some of the Elasticsearch nodes have not joined the cluster, perform the following steps.
-
-.. Confirm that Elasticsearch has an elected control plane node.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cat/master?v
-----
-
-.. Review the pod logs of the elected control plane node for issues.
-+
-[source,terminal]
-----
-oc logs <elasticsearch_master_pod_name> -c elasticsearch -n openshift-logging
-----
-
-.. Review the logs of nodes that have not joined the cluster for issues.
-+
-[source,terminal]
-----
-oc logs <elasticsearch_node_name> -c elasticsearch -n openshift-logging
-----
-
-. If all the nodes have joined the cluster, perform the following steps, check if the cluster is in the process of recovering.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cat/recovery?active_only=true
-----
-+
-If there is no command output, the recovery process might be delayed or stalled by pending tasks.
-
-. Check if there are pending tasks.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- health |grep  number_of_pending_tasks
-----
-
-. If there are pending tasks, monitor their status.
-+
-If their status changes and indicates that the cluster is recovering, continue waiting. The recovery time varies according to the size of the cluster and other factors.
-+
-Otherwise, if the status of the pending tasks does not change, this indicates that the recovery has stalled.
-
-. If it seems like the recovery has stalled, check if `cluster.routing.allocation.enable` is set to `none`.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cluster/settings?pretty
-----
-
-. If `cluster.routing.allocation.enable` is set to `none`, set it to `all`.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cluster/settings?pretty -X PUT -d '{"persistent": {"cluster.routing.allocation.enable":"all"}}'
-----
-
-. Check which indices are still red.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cat/indices?v
-----
-
-. If any indices are still red, try to clear them by performing the following steps.
-
-.. Clear the cache.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name>/_cache/clear?pretty
-----
-
-.. Increase the max allocation retries.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name>/_settings?pretty -X PUT -d '{"index.allocation.max_retries":10}'
-----
-
-.. Delete all the scroll items.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_search/scroll/_all -X DELETE
-----
-
-.. Increase the timeout.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name>/_settings?pretty -X PUT -d '{"index.unassigned.node_left.delayed_timeout":"10m"}'
-----
-
-. If the preceding steps do not clear the red indices, delete the indices individually.
-
-.. Identify the red index name.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cat/indices?v
-----
-
-.. Delete the red index.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_red_index_name> -X DELETE
-----
-
-. If there are no red indices and the cluster status is red, check for a continuous heavy processing load on a data node.
-
-.. Check if the Elasticsearch JVM Heap usage is high.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_nodes/stats?pretty
-----
-+
-In the command output, review the `node_name.jvm.mem.heap_used_percent` field to determine the JVM Heap usage.
-
-.. Check for high CPU utilization.
-
-[role="_additional-resources"]
-.Additional resources
-
-* Search for "Free up or increase disk space" in the Elasticsearch topic, link:https://www.elastic.co/guide/en/elasticsearch/reference/7.13/fix-common-cluster-issues.html#fix-red-yellow-cluster-status[Fix a red or yellow cluster status].
-
-[id="elasticsearch-cluster-health-is-yellow"]
-== Elasticsearch Cluster Health is Yellow
-
-Replica shards for at least one primary shard are not allocated to nodes.
-
-.Troubleshooting
-
-. Increase the node count by adjusting `nodeCount` in the `ClusterLogging` CR.
-
-[role="_additional-resources"]
-.Additional resources
-
-//* Search for "Elasticsearch Disk Usage" in xref:../../logging/cluster-logging-dashboards.adoc#cluster-logging-dashboards-logging_cluster-logging-dashboards[OpenShift Logging dashboards].
-* xref:../../logging/config/cluster-logging-configuring-cr.adoc#cluster-logging-configuring-crd_cluster-logging-configuring-cr[About the Cluster Logging custom resource]
-* xref:../../logging/config/cluster-logging-log-store.adoc#cluster-logging-elasticsearch-storage_cluster-logging-store[Configuring persistent storage for the log store]
-
-* Search for "Free up or increase disk space" in the Elasticsearch topic, link:https://www.elastic.co/guide/en/elasticsearch/reference/7.13/fix-common-cluster-issues.html#fix-red-yellow-cluster-status[Fix a red or yellow cluster status].
-
-
-// [id="elasticsearch-write-requests-rejection-jumps"]
-// == Elasticsearch Write Requests Rejection Jumps
-//
-// .Troubleshooting
-// TBD
-// Note for writer: This is a warning alert and we haven't documented troubleshooting steps for warning alerts yet. I guess you can skip this in current release.
-
-[id="elasticsearch-node-disk-low-watermark-reached"]
-== Elasticsearch Node Disk Low Watermark Reached
-
-Elasticsearch does not allocate shards to nodes that https://www.elastic.co/guide/en/elasticsearch/reference/6.8/disk-allocator.html[reach the low watermark].
-
-.Troubleshooting
-
-. Identify the node on which Elasticsearch is deployed.
-+
-[source,terminal]
-----
-oc -n openshift-logging get po -o wide
-----
-
-. Check if there are `unassigned shards`.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cluster/health?pretty | grep unassigned_shards
-----
-
-. If there are unassigned shards, check the disk space on each node.
-+
-[source,terminal]
-----
-for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod -- df -h /elasticsearch/persistent; done
-----
-
-. Check the `nodes.node_name.fs` field to determine the free disk space on that node.
-+
-If the used disk percentage is above 85%, the node has exceeded the low watermark, and shards can no longer be allocated to this node.
-
-. Try to increase the disk space on all nodes.
-
-. If increasing the disk space is not possible, try adding a new data node to the cluster.
-
-. If adding a new data node is problematic, decrease the total cluster redundancy policy.
-
-.. Check the current `redundancyPolicy`.
-+
-[source,terminal]
-----
-oc -n openshift-logging get es elasticsearch -o jsonpath='{.spec.redundancyPolicy}'
-----
-+
-[NOTE]
-====
-If you are using a `ClusterLogging` CR, enter:
-
-[source,terminal]
-----
-oc -n openshift-logging get cl -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
-----
-====
-
-.. If the cluster `redundancyPolicy` is higher than `SingleRedundancy`, set it to `SingleRedundancy` and save this change.
-
-. If the preceding steps do not fix the issue, delete the old indices.
-
-.. Check the status of all indices on Elasticsearch.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- indices
-----
-
-.. Identify an old index that can be deleted.
-
-.. Delete the index.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name> -X DELETE
-----
-
-[role="_additional-resources"]
-.Additional resources
-
-* Search for "redundancyPolicy" in the "Sample `ClusterLogging` custom resource (CR)" in xref:../../logging/config/cluster-logging-configuring-cr.adoc#cluster-logging-configuring-crd_cluster-logging-configuring-cr[About the Cluster Logging custom resource]
-
-
-[id="elasticsearch-node-disk-high-watermark-reached"]
-== Elasticsearch Node Disk High Watermark Reached
-
-Elasticsearch attempts to relocate shards away from a node link:https://www.elastic.co/guide/en/elasticsearch/reference/6.8/disk-allocator.html[that has reached the high watermark].
-
-.Troubleshooting
-
-. Identify the node on which Elasticsearch is deployed.
-+
-[source,terminal]
-----
-oc -n openshift-logging get po -o wide
-----
-
-. Check the disk space on each node.
-+
-[source,terminal]
-----
-for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod -- df -h /elasticsearch/persistent; done
-----
-
-. Check if the cluster is rebalancing.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_cluster/health?pretty | grep relocating_shards
-----
-+
-If the command output shows relocating shards, the High Watermark has been exceeded. The default value of the High Watermark is 90%.
-+
-The shards relocate to a node with low disk usage that has not crossed any watermark threshold limits.
-
-. To allocate shards to a particular node, free up some space.
-
-. Try to increase the disk space on all nodes.
-
-. If increasing the disk space is not possible, try adding a new data node to the cluster.
-
-. If adding a new data node is problematic, decrease the total cluster redundancy policy.
-
-.. Check the current `redundancyPolicy`.
-+
-[source,terminal]
-----
-oc -n openshift-logging get es elasticsearch -o jsonpath='{.spec.redundancyPolicy}'
-----
-+
-[NOTE]
-====
-If you are using a `ClusterLogging` CR, enter:
-
-[source,terminal]
-----
-oc -n openshift-logging get cl -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
-----
-====
-
-.. If the cluster `redundancyPolicy` is higher than `SingleRedundancy`, set it to `SingleRedundancy` and save this change.
-
-. If the preceding steps do not fix the issue, delete the old indices.
-
-.. Check the status of all indices on Elasticsearch.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- indices
-----
-
-.. Identify an old index that can be deleted.
-
-.. Delete the index.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name> -X DELETE
-----
-
-[role="_additional-resources"]
-.Additional resources
-
-* Search for "redundancyPolicy" in the "Sample `ClusterLogging` custom resource (CR)" in xref:../../logging/config/cluster-logging-configuring-cr.adoc#cluster-logging-configuring-crd_cluster-logging-configuring-cr[About the Cluster Logging custom resource]
-
-
-[id="elasticsearch-node-disk-flood-watermark-reached"]
-== Elasticsearch Node Disk Flood Watermark Reached
-
-Elasticsearch enforces a read-only index block on every index that has both of these conditions:
-
-* One or more shards are allocated to the node.
-* One or more disks exceed the https://www.elastic.co/guide/en/elasticsearch/reference/6.8/disk-allocator.html[flood stage].
-
-.Troubleshooting
-
-. Check the disk space of the Elasticsearch node.
-+
-[source,terminal]
-----
-for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod -- df -h /elasticsearch/persistent; done
-----
-+
-Check the `nodes.node_name.fs` field to determine the free disk space on that node.
-
-. If the used disk percentage is above 95%, it signifies that the node has crossed the flood watermark. Writing is blocked for shards allocated on this particular node.
-
-. Try to increase the disk space on all nodes.
-
-. If increasing the disk space is not possible, try adding a new data node to the cluster.
-
-. If adding a new data node is problematic, decrease the total cluster redundancy policy.
-
-.. Check the current `redundancyPolicy`.
-+
-[source,terminal]
-----
-oc -n openshift-logging get es elasticsearch -o jsonpath='{.spec.redundancyPolicy}'
-----
-+
-[NOTE]
-====
-If you are using a `ClusterLogging` CR, enter:
-
-[source,terminal]
-----
-oc -n openshift-logging get cl -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
-----
-====
-
-.. If the cluster `redundancyPolicy` is higher than `SingleRedundancy`, set it to `SingleRedundancy` and save this change.
-
-. If the preceding steps do not fix the issue, delete the old indices.
-
-.. Check the status of all indices on Elasticsearch.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- indices
-----
-
-.. Identify an old index that can be deleted.
-
-.. Delete the index.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name> -X DELETE
-----
-
- . Continue freeing up and monitoring the disk space until the used disk space drops below 90%. Then, unblock write to this particular node.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=_all/_settings?pretty -X PUT -d '{"index.blocks.read_only_allow_delete": null}'
-----
-
-[role="_additional-resources"]
-.Additional resources
-
-* Search for "redundancyPolicy" in the "Sample `ClusterLogging` custom resource (CR)" in xref:../../logging/config/cluster-logging-configuring-cr.adoc#cluster-logging-configuring-crd_cluster-logging-configuring-cr[About the Cluster Logging custom resource]
-
-
-[id="elasticsearch-jvm-heap-use-is-high"]
-== Elasticsearch JVM Heap Use is High
-
-The Elasticsearch node JVM Heap memory used is above 75%.
-
-.Troubleshooting
-
-Consider https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings[increasing the heap size].
-
-[id="aggregated-logging-system-cpu-is-high"]
-== Aggregated Logging System CPU is High
-
-System CPU usage on the node is high.
-
-.Troubleshooting
-
-Check the CPU of the cluster node. Consider allocating more CPU resources to the node.
-
-[id="elasticsearch-process-cpu-is-high"]
-== Elasticsearch Process CPU is High
-
-Elasticsearch process CPU usage on the node is high.
-
-.Troubleshooting
-
-Check the CPU of the cluster node. Consider allocating more CPU resources to the node.
-
-[id="elasticsearch-disk-space-is-running-low"]
-== Elasticsearch Disk Space is Running Low
-
-The Elasticsearch Cluster is predicted to be out of disk space within the next 6 hours based on current disk usage.
-
-.Troubleshooting
-
-. Get the disk space of the Elasticsearch node.
-+
-[source,terminal]
-----
-for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod -- df -h /elasticsearch/persistent; done
-----
-
-. In the command output, check the `nodes.node_name.fs` field to determine the free disk space on that node.
-
-. Try to increase the disk space on all nodes.
-
-. If increasing the disk space is not possible, try adding a new data node to the cluster.
-
-. If adding a new data node is problematic, decrease the total cluster redundancy policy.
-
-.. Check the current `redundancyPolicy`.
-+
-[source,terminal]
-----
-oc -n openshift-logging get es elasticsearch -o jsonpath='{.spec.redundancyPolicy}'
-----
-+
-[NOTE]
-====
-If you are using a `ClusterLogging` CR, enter:
-
-[source,terminal]
-----
-oc -n openshift-logging get cl -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
-----
-====
-
-.. If the cluster `redundancyPolicy` is higher than `SingleRedundancy`, set it to `SingleRedundancy` and save this change.
-
-. If the preceding steps do not fix the issue, delete the old indices.
-
-.. Check the status of all indices on Elasticsearch.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- indices
-----
-
-.. Identify an old index that can be deleted.
-
-.. Delete the index.
-+
-[source,terminal]
-----
-oc exec -n openshift-logging -c elasticsearch <elasticsearch_pod_name> -- es_util --query=<elasticsearch_index_name> -X DELETE
-----
-
-[role="_additional-resources"]
-.Additional resources
-
-* Search for "redundancyPolicy" in the "Sample `ClusterLogging` custom resource (CR)" in xref:../../logging/config/cluster-logging-configuring-cr.adoc#cluster-logging-configuring-crd_cluster-logging-configuring-cr[About the Cluster Logging custom resource]
-
-* Search for "ElasticsearchDiskSpaceRunningLow" in xref:../../logging/troubleshooting/cluster-logging-alerts.adoc#cluster-logging-elasticsearch-rules_cluster-logging-alerts[About Elasticsearch alerting rules].
-
-* Search for "Free up or increase disk space" in the Elasticsearch topic, link:https://www.elastic.co/guide/en/elasticsearch/reference/7.13/fix-common-cluster-issues.html#fix-red-yellow-cluster-status[Fix a red or yellow cluster status].
-
-
-
-[id="elasticsearch-filedescriptor-usage-is-high"]
-== Elasticsearch FileDescriptor Usage is high
-
-Based on current usage trends, the predicted number of file descriptors on the node is insufficient.
-
-.Troubleshooting
-
-Check and, if needed, configure the value of `max_file_descriptors` for each node, as described in the Elasticsearch link:https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html[File descriptors] topic.
-
-[role="_additional-resources"]
-.Additional resources
-
-* Search for "ElasticsearchHighFileDescriptorUsage" in xref:../../logging/troubleshooting/cluster-logging-alerts.adoc#cluster-logging-elasticsearch-rules_cluster-logging-alerts[About Elasticsearch alerting rules].
-* Search for "File Descriptors In Use" in xref:../../logging/cluster-logging-dashboards.adoc#cluster-logging-dashboards-logging_cluster-logging-dashboards[OpenShift Logging dashboards].
-
-
-
-// Follow up items:
-
-// `oc edit es elasticsearch` is not documented anywhere outside this topic.
diff --git a/logging/troubleshooting/log-forwarding-troubleshooting.adoc b/logging/troubleshooting/log-forwarding-troubleshooting.adoc
new file mode 100644
index 000000000000..2e345a01f197
--- /dev/null
+++ b/logging/troubleshooting/log-forwarding-troubleshooting.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="log-forwarding-troubleshooting"]
+= Troubleshooting log forwarding
+:context: log-forwarding-troubleshooting
+
+toc::[]
+
+include::modules/redeploying-fluentd-pods.adoc[leveloffset=+1]
+include::modules/loki-rate-limit-errors.adoc[leveloffset=+1]
diff --git a/logging/troubleshooting/troubleshooting-logging-alerts.adoc b/logging/troubleshooting/troubleshooting-logging-alerts.adoc
new file mode 100644
index 000000000000..50412257753c
--- /dev/null
+++ b/logging/troubleshooting/troubleshooting-logging-alerts.adoc
@@ -0,0 +1,55 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="troubleshooting-logging-alerts"]
+include::_attributes/common-attributes.adoc[]
+= Troubleshooting logging alerts
+:context: troubleshooting-logging-alerts
+
+toc::[]
+
+You can use the following procedures to troubleshoot logging alerts on your cluster.
+
+include::modules/es-cluster-health-is-red.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../monitoring/reviewing-monitoring-dashboards.adoc#reviewing-monitoring-dashboards[Reviewing monitoring dashboards]
+* link:https://www.elastic.co/guide/en/elasticsearch/reference/7.13/fix-common-cluster-issues.html#fix-red-yellow-cluster-status[Fix a red or yellow cluster status]
+
+[id="elasticsearch-cluster-health-is-yellow"]
+== Elasticsearch cluster health status is yellow
+
+Replica shards for at least one primary shard are not allocated to nodes. Increase the node count by adjusting the `nodeCount` value in the `ClusterLogging` custom resource (CR).
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://www.elastic.co/guide/en/elasticsearch/reference/7.13/fix-common-cluster-issues.html#fix-red-yellow-cluster-status[Fix a red or yellow cluster status]
+
+include::modules/es-node-disk-low-watermark-reached.adoc[leveloffset=+1]
+include::modules/es-node-disk-high-watermark-reached.adoc[leveloffset=+1]
+include::modules/es-node-disk-flood-watermark-reached.adoc[leveloffset=+1]
+
+[id="troubleshooting-logging-alerts-es-jvm-heap-use-is-high"]
+== Elasticsearch JVM heap usage is high
+
+The Elasticsearch node Java virtual machine (JVM) heap memory used is above 75%. Consider https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html#set-jvm-heap-size[increasing the heap size].
+
+[id="troubleshooting-logging-alerts-aggregated-logging-system-cpu-is-high"]
+== Aggregated logging system CPU is high
+
+System CPU usage on the node is high. Check the CPU of the cluster node. Consider allocating more CPU resources to the node.
+
+[id="troubleshooting-logging-alerts-es-process-cpu-is-high"]
+== Elasticsearch process CPU is high
+
+Elasticsearch process CPU usage on the node is high. Check the CPU of the cluster node. Consider allocating more CPU resources to the node.
+
+include::modules/es-disk-space-low.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://www.elastic.co/guide/en/elasticsearch/reference/7.13/fix-common-cluster-issues.html#fix-red-yellow-cluster-status[Fix a red or yellow cluster status]
+
+[id="troubleshooting-logging-alerts-es-filedescriptor-usage-is-high"]
+== Elasticsearch FileDescriptor usage is high
+
+Based on current usage trends, the predicted number of file descriptors on the node is insufficient. Check the value of `max_file_descriptors` for each node as described in the Elasticsearch link:https://www.elastic.co/guide/en/elasticsearch/reference/6.8/file-descriptors.html[File Descriptors] documentation.
diff --git a/logging/v5_5/logging-5-5-administration.adoc b/logging/v5_5/logging-5-5-administration.adoc
deleted file mode 100644
index 338243b3df90..000000000000
--- a/logging/v5_5/logging-5-5-administration.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-administration-5-5"]
-= Administering your logging deployment
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.5-administration
-
-toc::[]
-
-//Installing the Red Hat OpenShift Logging Operator via webconsole
-include::modules/logging-deploy-RHOL-console.adoc[leveloffset=+1]
-
-//Installing the Loki Operator via webconsole
-include::modules/logging-deploy-loki-console.adoc[leveloffset=+1]
-
-//Generic installing operators from operator hub using CLI
-include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+1]
-
-//Generic deleting operators from cluster using web console
-include::modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc[leveloffset=+1]
-
-//Generic deleting operators from a cluster using CLI
-include::modules/olm-deleting-operators-from-a-cluster-using-cli.adoc[leveloffset=+1]
diff --git a/logging/v5_5/logging-5-5-architecture.adoc b/logging/v5_5/logging-5-5-architecture.adoc
deleted file mode 100644
index d6ea69fcb56d..000000000000
--- a/logging/v5_5/logging-5-5-architecture.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-architecture-5-5"]
-= Understanding logging architecture
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.5-architecture
-
-toc::[]
-
-:context: logging-5-5-architecture
-include::modules/logging-architecture-overview.adoc[leveloffset=+1,lines=9..31]
-
-include::modules/logging-support-considerations.adoc[leveloffset=+1]
diff --git a/logging/v5_5/logging-5-5-configuration.adoc b/logging/v5_5/logging-5-5-configuration.adoc
deleted file mode 100644
index e78d97a6c6ed..000000000000
--- a/logging/v5_5/logging-5-5-configuration.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-configuration-5-5"]
-= Configuring your logging deployment
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.5-configuration
-
-toc::[]
-
-include::snippets/logging-crs-by-operator-snip.adoc[]
-
-include::snippets/logging-supported-config-snip.adoc[]
-
-include::modules/logging-multiline-except.adoc[leveloffset=+1]
diff --git a/logging/v5_5/logging-5-5-getting-started.adoc b/logging/v5_5/logging-5-5-getting-started.adoc
deleted file mode 100644
index bc2831906ad7..000000000000
--- a/logging/v5_5/logging-5-5-getting-started.adoc
+++ /dev/null
@@ -1,7 +0,0 @@
-:_content-type: ASSEMBLY
-
-[id="logging-5-5-getting-started"]
-= Getting started with logging 5.5
-
-:context: logging-5-5-getting-started
-include::modules/logging-getting-started.adoc[lines=5..38]
diff --git a/logging/v5_5/logging-5-5-reference.adoc b/logging/v5_5/logging-5-5-reference.adoc
deleted file mode 100644
index a67d4f9013c4..000000000000
--- a/logging/v5_5/logging-5-5-reference.adoc
+++ /dev/null
@@ -1,7 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-reference-5-5"]
-= Logging References
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.5-reference
-
-toc::[]
diff --git a/logging/v5_5/logging-5-5-release-notes.adoc b/logging/v5_5/logging-5-5-release-notes.adoc
deleted file mode 100644
index 284b8b5f8cc9..000000000000
--- a/logging/v5_5/logging-5-5-release-notes.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-release-notes-5-5"]
-= Logging 5.5 Release Notes
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.5-release-notes
-
-toc::[]
-
-include::snippets/logging-compatibility-snip.adoc[]
-
-include::modules/logging-rn-5.5.10.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.9.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.8.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.7.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.6.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.5.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.4.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.3.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.2.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.1.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.5.0.adoc[leveloffset=+1]
diff --git a/logging/v5_6/logging-5-6-administration.adoc b/logging/v5_6/logging-5-6-administration.adoc
deleted file mode 100644
index 14b7b31be3e3..000000000000
--- a/logging/v5_6/logging-5-6-administration.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-administration-5-6"]
-= Administering your logging deployment
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.6-administration
-
-toc::[]
-
-//Installing the Red Hat OpenShift Logging Operator via webconsole
-include::modules/logging-deploy-RHOL-console.adoc[leveloffset=+1]
-
-//Installing the Loki Operator via webconsole
-include::modules/logging-deploy-loki-console.adoc[leveloffset=+1]
-
-//Generic installing operators from operator hub using CLI
-include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+1]
-
-//Generic deleting operators from cluster using web console
-include::modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc[leveloffset=+1]
-
-//Generic deleting operators from a cluster using CLI
-include::modules/olm-deleting-operators-from-a-cluster-using-cli.adoc[leveloffset=+1]
diff --git a/logging/v5_6/logging-5-6-architecture.adoc b/logging/v5_6/logging-5-6-architecture.adoc
deleted file mode 100644
index 08c96effd8bc..000000000000
--- a/logging/v5_6/logging-5-6-architecture.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-architecture-5-6"]
-= Understanding logging architecture
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.6-architecture
-
-toc::[]
-
-
-include::modules/logging-architecture-overview.adoc[leveloffset=+1,lines=9..31]
-
-include::modules/logging-support-considerations.adoc[leveloffset=+1]
diff --git a/logging/v5_6/logging-5-6-configuration.adoc b/logging/v5_6/logging-5-6-configuration.adoc
deleted file mode 100644
index 35b9787a8d47..000000000000
--- a/logging/v5_6/logging-5-6-configuration.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-configuration-5-6"]
-= Configuring your logging deployment
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.6-configuration
-
-toc::[]
-
-include::snippets/logging-crs-by-operator-snip.adoc[]
-
-include::snippets/logging-supported-config-snip.adoc[]
-
-include::modules/logging-loki-retention.adoc[leveloffset=+1]
-
-include::modules/logging-multiline-except.adoc[leveloffset=+1]
diff --git a/logging/v5_6/logging-5-6-getting-started.adoc b/logging/v5_6/logging-5-6-getting-started.adoc
deleted file mode 100644
index c4cb0a606a71..000000000000
--- a/logging/v5_6/logging-5-6-getting-started.adoc
+++ /dev/null
@@ -1,7 +0,0 @@
-:_content-type: ASSEMBLY
-
-[id="logging-getting-started-5-6"]
-= Getting started with logging 5.6
-
-:context: logging-5-6-getting-started
-include::modules/logging-getting-started.adoc[lines=5..38]
diff --git a/logging/v5_6/logging-5-6-reference.adoc b/logging/v5_6/logging-5-6-reference.adoc
deleted file mode 100644
index 704514dbc3ce..000000000000
--- a/logging/v5_6/logging-5-6-reference.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-reference-5-6"]
-= Logging References
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.6-reference
-
-toc::[]
-
-:leveloffset: +1
-
-include::modules/logging-feature-reference-5.6.adoc[]
-
-include::modules/logging-5.6-api-ref.adoc[]
-
-:leveloffset: -1
diff --git a/logging/v5_6/logging-5-6-release-notes.adoc b/logging/v5_6/logging-5-6-release-notes.adoc
deleted file mode 100644
index cb94df782bb0..000000000000
--- a/logging/v5_6/logging-5-6-release-notes.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-release-notes-5-6"]
-= Logging 5.6 Release Notes
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.6-release-notes
-
-toc::[]
-
-include::snippets/logging-compatibility-snip.adoc[]
-
-include::snippets/logging-stable-updates-snip.adoc[]
-
-include::modules/logging-rn-5.6.5.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.6.4.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.6.3.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.6.2.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.6.1.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.6.0.adoc[leveloffset=+1]
diff --git a/logging/v5_7/logging-5-7-administration.adoc b/logging/v5_7/logging-5-7-administration.adoc
deleted file mode 100644
index 1f54801bdf44..000000000000
--- a/logging/v5_7/logging-5-7-administration.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-administration-5-7"]
-= Administering your logging deployment
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.7-administration
-
-toc::[]
-
-//Installing the Red Hat OpenShift Logging Operator via webconsole
-include::modules/logging-deploy-RHOL-console.adoc[leveloffset=+1]
-
-//Installing the Loki Operator via webconsole
-include::modules/logging-deploy-loki-console.adoc[leveloffset=+1]
-
-//Generic installing operators from operator hub using CLI
-include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+1]
-
-//Generic deleting operators from cluster using web console
-include::modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc[leveloffset=+1]
-
-//Generic deleting operators from a cluster using CLI
-include::modules/olm-deleting-operators-from-a-cluster-using-cli.adoc[leveloffset=+1]
diff --git a/logging/v5_7/logging-5-7-architecture.adoc b/logging/v5_7/logging-5-7-architecture.adoc
deleted file mode 100644
index 86b1c12c5a04..000000000000
--- a/logging/v5_7/logging-5-7-architecture.adoc
+++ /dev/null
@@ -1,14 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-architecture-5-7"]
-= Understanding logging architecture
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.7-architecture
-
-toc::[]
-
-:context: logging-5-7-architecture-overview
-include::modules/logging-architecture-overview.adoc[lines=9..31]
-
-include::modules/logging-support-considerations.adoc[leveloffset=+1]
-
-include::snippets/logging-5.7-outputs-snip.adoc[]
diff --git a/logging/v5_7/logging-5-7-configuration.adoc b/logging/v5_7/logging-5-7-configuration.adoc
deleted file mode 100644
index beeaef734e50..000000000000
--- a/logging/v5_7/logging-5-7-configuration.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-configuration-5-7"]
-= Configuring your logging deployment
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.7-configuration
-
-toc::[]
-
-include::snippets/logging-crs-by-operator-snip.adoc[]
-
-include::snippets/logging-supported-config-snip.adoc[]
-
-include::modules/logging-loki-retention.adoc[leveloffset=+1]
-
-include::modules/logging-multiline-except.adoc[leveloffset=+1]
diff --git a/logging/v5_7/logging-5-7-getting-started.adoc b/logging/v5_7/logging-5-7-getting-started.adoc
deleted file mode 100644
index 50fa6948a13d..000000000000
--- a/logging/v5_7/logging-5-7-getting-started.adoc
+++ /dev/null
@@ -1,7 +0,0 @@
-:_content-type: ASSEMBLY
-
-[id="logging-getting-started-5-7"]
-= Getting started with logging 5.7
-
-:context: logging-5-7-getting-started
-include::modules/logging-getting-started.adoc[lines=5..38]
diff --git a/logging/v5_7/logging-5-7-reference.adoc b/logging/v5_7/logging-5-7-reference.adoc
deleted file mode 100644
index 0d9019e2fb4f..000000000000
--- a/logging/v5_7/logging-5-7-reference.adoc
+++ /dev/null
@@ -1,7 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-reference-5-7"]
-= Logging References
-include::_attributes/common-attributes.adoc[]
-:context: logging-5.7-reference
-
-toc::[]
diff --git a/logging/v5_7/logging-5-7-release-notes.adoc b/logging/v5_7/logging-5-7-release-notes.adoc
deleted file mode 100644
index b713014f2c61..000000000000
--- a/logging/v5_7/logging-5-7-release-notes.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="logging-release-notes-5-7"]
-= Logging 5.7 Release Notes
-:context: logging-5.7-release-notes
-
-toc::[]
-
-include::snippets/logging-compatibility-snip.adoc[]
-
-include::snippets/logging-stable-updates-snip.adoc[]
-
-include::modules/logging-rn-5.7.2.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.7.1.adoc[leveloffset=+1]
-
-include::modules/logging-rn-5.7.0.adoc[leveloffset=+1]
diff --git a/logging/viewing-resource-logs.adoc b/logging/viewing-resource-logs.adoc
deleted file mode 100644
index d0d19b48b600..000000000000
--- a/logging/viewing-resource-logs.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="vewing-resource-logs"]
-= Viewing logs for a resource
-include::_attributes/common-attributes.adoc[]
-:context: viewing-resource-logs
-
-toc::[]
-
-You can view the logs for various resources, such as builds, deployments, and pods by using the OpenShift CLI (oc) and the web console.
-
-[NOTE]
-====
-Resource logs are a default feature that provides limited log viewing capability. To enhance your log retrieving and viewing experience, it is recommended that you install xref:../logging/cluster-logging.adoc#cluster-logging[OpenShift Logging]. The {logging} aggregates all the logs from your {product-title} cluster, such as node system audit logs, application container logs, and infrastructure logs, into a dedicated log store.  You can then query, discover, and visualize your log data through the xref:../logging/cluster-logging-visualizer.adoc#cluster-logging-visualizer-using[Kibana interface]. Resource logs do not access the {logging} log store. 
-====
-
-include::modules/viewing-resource-logs-cli-console.adoc[leveloffset=+1]
diff --git a/machine_management/adding-rhel-compute.adoc b/machine_management/adding-rhel-compute.adoc
index 0f0d484458e1..bdf5a9f43b0c 100644
--- a/machine_management/adding-rhel-compute.adoc
+++ b/machine_management/adding-rhel-compute.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="adding-rhel-compute"]
 = Adding RHEL compute machines to an {product-title} cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/applying-autoscaling.adoc b/machine_management/applying-autoscaling.adoc
index afcb53b8b76e..8a4165fb8bef 100644
--- a/machine_management/applying-autoscaling.adoc
+++ b/machine_management/applying-autoscaling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="applying-autoscaling"]
 = Applying autoscaling to an {product-title} cluster
 include::_attributes/common-attributes.adoc[]
@@ -10,12 +10,12 @@ Applying autoscaling to an {product-title} cluster involves deploying a cluster
 
 [IMPORTANT]
 ====
-You can configure the cluster autoscaler only in clusters where the machine API is operational.
+You can configure the cluster autoscaler only in clusters where the Machine API Operator is operational.
 ====
 
 include::modules/cluster-autoscaler-about.adoc[leveloffset=+1]
 
-[id="configuring-clusterautoscaler"]
+[id="configuring-clusterautoscaler_{context}"]
 == Configuring the cluster autoscaler
 
 First, deploy the cluster autoscaler to manage automatic resource scaling in your {product-title} cluster.
@@ -30,15 +30,13 @@ include::modules/cluster-autoscaler-cr.adoc[leveloffset=+2]
 :FeatureName: cluster autoscaler
 :FeatureResourceName: ClusterAutoscaler
 include::modules/deploying-resource.adoc[leveloffset=+2]
-
-== Next steps
-
-* After you configure the cluster autoscaler, you must configure at least one machine autoscaler.
+.Next steps
+* After you configure the cluster autoscaler, you must xref:../machine_management/applying-autoscaling.adoc#configuring-machineautoscaler_applying-autoscaling[configure at least one machine autoscaler].
 
 include::modules/machine-autoscaler-about.adoc[leveloffset=+1]
 
-[id="configuring-machineautoscaler"]
-== Configuring the machine autoscalers
+[id="configuring-machineautoscaler_{context}"]
+== Configuring machine autoscalers
 
 After you deploy the cluster autoscaler, deploy `MachineAutoscaler` resources that reference the compute machine sets that are used to scale the cluster.
 
@@ -58,7 +56,24 @@ include::modules/machine-autoscaler-cr.adoc[leveloffset=+2]
 :FeatureResourceName: MachineAutoscaler
 include::modules/deploying-resource.adoc[leveloffset=+2]
 
+[id="disabling-autoscaling_{context}"]
+== Disabling autoscaling
+
+You can disable an individual machine autoscaler in your cluster or disable autoscaling on the cluster entirely.
+
+include::modules/deleting-machine-autoscaler.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../machine_management/applying-autoscaling.adoc#deleting-cluster-autoscaler_applying-autoscaling[Disabling the cluster autoscaler]
+* xref:../machine_management/applying-autoscaling.adoc#MachineAutoscaler-deploying_applying-autoscaling[Deploying a machine autoscaler]
+
+include::modules/deleting-cluster-autoscaler.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../machine_management/applying-autoscaling.adoc#deleting-machine-autoscaler_applying-autoscaling[Disabling the machine autoscaler]
+* xref:../machine_management/applying-autoscaling.adoc#ClusterAutoscaler-deploying_applying-autoscaling[Deploying a cluster autoscaler]
+
 [role="_additional-resources"]
 == Additional resources
 
-* For more information about pod priority, see xref:../nodes/pods/nodes-pods-priority.adoc#nodes-pods-priority[Including pod priority in pod scheduling decisions in {product-title}].
+* xref:../nodes/pods/nodes-pods-priority.adoc#nodes-pods-priority[Including pod priority in pod scheduling decisions in {product-title}]
diff --git a/machine_management/capi-machine-management.adoc b/machine_management/capi-machine-management.adoc
index 828aa46563d7..087519d92b29 100644
--- a/machine_management/capi-machine-management.adoc
+++ b/machine_management/capi-machine-management.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="capi-machine-management"]
 = Managing machines with the Cluster API
 include::_attributes/common-attributes.adoc[]
@@ -9,7 +9,7 @@ toc::[]
 :FeatureName: Managing machines with the Cluster API
 include::snippets/technology-preview.adoc[]
 
-The link:https://cluster-api.sigs.k8s.io/[Cluster API] is an upstream project that is integrated into {product-title} as a Technology Preview for Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure clusters. You can use the Cluster API to create and manage compute machine sets and compute machines in your {product-title} cluster. This capability is in addition or an alternative to managing machines with the Machine API.
+The link:https://cluster-api.sigs.k8s.io/[Cluster API] is an upstream project that is integrated into {product-title} as a Technology Preview for Amazon Web Services (AWS) and Google Cloud Platform (GCP). You can use the Cluster API to create and manage compute machine sets and compute machines in your {product-title} cluster. This capability is in addition or an alternative to managing machines with the Machine API.
 
 For {product-title} {product-version} clusters, you can use the Cluster API to perform node host provisioning management actions after the cluster installation finishes. This system enables an elastic, dynamic provisioning method on top of public or private cloud infrastructure.
 
@@ -35,7 +35,7 @@ By using the Cluster API, {product-title} users and developers are able to reali
 
 Using the Cluster API to manage machines is a Technology Preview feature and has the following limitations:
 
-* Only AWS, GCP, and Azure clusters are supported.
+* Only AWS and GCP clusters are supported.
 
 * To use this feature, you must enable the `TechPreviewNoUpgrade` xref:../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling-features-about_nodes-cluster-enabling[feature set]. Enabling this feature set cannot be undone and prevents minor version updates.
 
diff --git a/machine_management/control_plane_machine_management/cpmso-about.adoc b/machine_management/control_plane_machine_management/cpmso-about.adoc
index cd2368cff6ac..43b3eb85286b 100644
--- a/machine_management/control_plane_machine_management/cpmso-about.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-about"]
 = About control plane machine sets
 include::_attributes/common-attributes.adoc[]
@@ -25,7 +25,7 @@ The Control Plane Machine Set Operator has the following limitations:
 
 * The Operator requires the Machine API Operator to be operational and is therefore not supported on clusters with manually provisioned machines. When installing a {product-title} cluster with manually provisioned machines for a platform that creates an active generated `ControlPlaneMachineSet` custom resource (CR), you must remove the Kubernetes manifest files that define the control plane machine set as instructed in the installation process.
 
-* Only Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Nutanix, and VMware vSphere clusters are supported.
+* Only Amazon Web Services (AWS), Google Cloud Platform (GCP), {ibm-power-server-name}, Microsoft Azure, Nutanix, VMware vSphere, and {rh-openstack-first} clusters are supported.
 
 * Only clusters with three control plane machines are supported.
 
diff --git a/machine_management/control_plane_machine_management/cpmso-configuration.adoc b/machine_management/control_plane_machine_management/cpmso-configuration.adoc
index 1030ebec5bc1..fe484d47d554 100644
--- a/machine_management/control_plane_machine_management/cpmso-configuration.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-configuration"]
 = Control plane machine set configuration
 include::_attributes/common-attributes.adoc[]
@@ -33,6 +33,8 @@ The `<platform_provider_spec>` and `<platform_failure_domains>` sections of the
 
 * xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-vsphere_cpmso-configuration[Sample YAML snippets for configuring VMware vSphere clusters]
 
+* xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-openstack_cpmso-configuration[Sample YAML snippets for configuring {rh-openstack-first} clusters]
+
 [id="cpmso-sample-yaml-aws_{context}"]
 == Sample YAML for configuring Amazon Web Services clusters
 
@@ -94,3 +96,21 @@ Some sections of the control plane machine set CR are provider-specific. The fol
 
 //Sample VMware vSphere provider specification
 include::modules/cpmso-yaml-provider-spec-vsphere.adoc[leveloffset=+2]
+
+//Sample VMware vSphere failure domain configuration
+include::modules/cpmso-yaml-failure-domain-vsphere.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* For an example of a cluster-wide infrastructure CRD that defines resources for each failure domain, see xref:../../post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc#specifying-regions-zones-infrastructure-vsphere_post-install-vsphere-zones-regions-configuration[Specifying multiple regions and zones for your cluster on vSphere]
+
+[id="cpmso-sample-yaml-openstack_{context}"]
+== Sample YAML for configuring {rh-openstack-first} clusters
+
+Some sections of the control plane machine set CR are provider-specific. The following example YAML snippets show provider specification and failure domain configurations for an {rh-openstack} cluster.
+
+//Sample OpenStack provider specification
+include::modules/cpmso-yaml-provider-spec-openstack.adoc[leveloffset=+2]
+
+//Sample OpenStack failure domain configuration
+include::modules/cpmso-yaml-failure-domain-openstack.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/machine_management/control_plane_machine_management/cpmso-disabling.adoc b/machine_management/control_plane_machine_management/cpmso-disabling.adoc
index 0dfdf337985d..3828079132a3 100644
--- a/machine_management/control_plane_machine_management/cpmso-disabling.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-disabling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-disabling"]
 = Disabling the control plane machine set
 include::_attributes/common-attributes.adoc[]
@@ -8,7 +8,7 @@ toc::[]
 
 The `.spec.state` field in an activated `ControlPlaneMachineSet` custom resource (CR) cannot be changed from `Active` to `Inactive`. To disable the control plane machine set, you must delete the CR so that it is removed from the cluster.
 
-When you delete the CR, the Control Plane Machine Set Operator performs cleanup operations and disables the control plane machine set. The Operator then removes the CR from the cluster and creates an inactive control plane machine set with default settings. 
+When you delete the CR, the Control Plane Machine Set Operator performs cleanup operations and disables the control plane machine set. The Operator then removes the CR from the cluster and creates an inactive control plane machine set with default settings.
 
 //Deleting the control plane machine set
 include::modules/cpmso-deleting.adoc[leveloffset=+1]
diff --git a/machine_management/control_plane_machine_management/cpmso-getting-started.adoc b/machine_management/control_plane_machine_management/cpmso-getting-started.adoc
index 7e52420a13d3..d7e3b251fecb 100644
--- a/machine_management/control_plane_machine_management/cpmso-getting-started.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-getting-started.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-getting-started"]
 = Getting started with control plane machine sets
 include::_attributes/common-attributes.adoc[]
@@ -44,19 +44,26 @@ The status of the control plane machine set after installation depends on your c
 |
 
 |Nutanix
-|X
+|X ^[3]^
 |X
 |
 
 |VMware vSphere
-|
-|
+|X ^[4]^
+|X ^[4]^
 |X
+
+|{rh-openstack-first}
+|X ^[3]^
+|X
+|
 |====
 [.small]
 --
 1. AWS clusters that are upgraded from version 4.11 or earlier require xref:../../machine_management/control_plane_machine_management/cpmso-getting-started.adoc#cpmso-activating_cpmso-getting-started[CR activation].
 2. GCP and Azure clusters that are upgraded from version 4.12 or earlier require xref:../../machine_management/control_plane_machine_management/cpmso-getting-started.adoc#cpmso-activating_cpmso-getting-started[CR activation].
+3. Nutanix and {rh-openstack} clusters that are upgraded from version 4.13 or earlier require xref:../../machine_management/control_plane_machine_management/cpmso-getting-started.adoc#cpmso-activating_cpmso-getting-started[CR activation].
+4. In {product-title} {product-version}, installing a cluster with an active generated CR on VWware vSphere is available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. To enable the feature, set the `featureSet` parameter to `TechPreviewNoUpgrade` in the `install-config.yaml file`.
 --
 
 //Checking the control plane machine set custom resource state
@@ -79,4 +86,6 @@ include::modules/cpmso-creating-cr.adoc[leveloffset=+1]
 * xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-aws_cpmso-configuration[Sample YAML for configuring Amazon Web Services clusters]
 * xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-gcp_cpmso-configuration[Sample YAML for configuring Google Cloud Platform clusters]
 * xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-azure_cpmso-configuration[Sample YAML for configuring Microsoft Azure clusters]
+* xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-nutanix_cpmso-configuration[Sample YAML for configuring Nutanix clusters]
 * xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-vsphere_cpmso-configuration[Sample YAML for configuring VMware vSphere clusters]
+* xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-sample-yaml-openstack_cpmso-configuration[Sample YAML for configuring {rh-openStack-first} clusters]
diff --git a/machine_management/control_plane_machine_management/cpmso-resiliency.adoc b/machine_management/control_plane_machine_management/cpmso-resiliency.adoc
index edf92eb33e7d..d18978ed04fc 100644
--- a/machine_management/control_plane_machine_management/cpmso-resiliency.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-resiliency.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-resiliency"]
 = Control plane resiliency and recovery
 include::_attributes/common-attributes.adoc[]
@@ -23,6 +23,8 @@ include::modules/cpmso-failure-domains-provider.adoc[leveloffset=+2]
 
 * xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-yaml-failure-domain-azure_cpmso-configuration[Sample Microsoft Azure failure domain configuration]
 
+* xref:../../machine_management/control_plane_machine_management/cpmso-configuration.adoc#cpmso-yaml-failure-domain-openstack_cpmso-configuration[Sample {rh-openstack-first} failure domain configuration]
+
 //Balancing control plane machines
 include::modules/cpmso-failure-domains-balancing.adoc[leveloffset=+2]
 
diff --git a/machine_management/control_plane_machine_management/cpmso-troubleshooting.adoc b/machine_management/control_plane_machine_management/cpmso-troubleshooting.adoc
index 0a04b3553105..f8e59c75bde6 100644
--- a/machine_management/control_plane_machine_management/cpmso-troubleshooting.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-troubleshooting"]
 = Troubleshooting the control plane machine set
 include::_attributes/common-attributes.adoc[]
@@ -28,4 +28,16 @@ include::modules/cpmso-ts-mhc-etcd-degraded.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc#dr-restoring-cluster-state[Restoring to a previous cluster state]
\ No newline at end of file
+* xref:../../backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc#dr-restoring-cluster-state[Restoring to a previous cluster state]
+
+[id="cpmso-troubleshooting-shiftstack-upgrade_{context}"]
+== Upgrading clusters that run on {rh-openstack}
+
+For clusters that run on {rh-openstack-first} that were created with {product-title} 4.13 or earlier, you might have to perform post-upgrade tasks before you can use control plane machine sets.
+
+// TODO: Rejigger
+// Post-upgrade config for ShiftStack with machine AZs explicitly defined and rootVolumes w/out AZs
+include::modules/cpmso-openstack-ts-root-volume-azs.adoc[leveloffset=+2]
+
+// Post-upgrade config for ShiftStack with control plane AZs explicitly defined
+include::modules/cpmso-openstack-with-az-config.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/machine_management/control_plane_machine_management/cpmso-using.adoc b/machine_management/control_plane_machine_management/cpmso-using.adoc
index 52128df5138a..f51efbf73437 100644
--- a/machine_management/control_plane_machine_management/cpmso-using.adoc
+++ b/machine_management/control_plane_machine_management/cpmso-using.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cpmso-using"]
 = Managing control plane machines with control plane machine sets
 include::_attributes/common-attributes.adoc[]
@@ -8,17 +8,20 @@ toc::[]
 
 Control plane machine sets automate several essential aspects of control plane management.
 
+//Replacing a control plane machine
+include::modules/cpmso-feat-replace.adoc[leveloffset=+1]
+
 //Vertical resizing of the control plane
 //include::modules/cpmso-feat-vertical-resize.adoc[leveloffset=+1]
 
 //Updating the control plane configuration
 include::modules/cpmso-feat-config-update.adoc[leveloffset=+1]
 
-//Automatically updating the control plane configuration
+//Automatic updates to the control plane configuration
 include::modules/cpmso-feat-auto-update.adoc[leveloffset=+2]
 
-//Testing changes to the control plane configuration
-include::modules/cpmso-feat-test-changes.adoc[leveloffset=+2]
+//Manual updates to the control plane configuration
+include::modules/cpmso-feat-ondelete-update.adoc[leveloffset=+2]
 
 [id="cpmso-supported-features-aws_{context}"]
 == Enabling Amazon Web Services features for control plane machines
@@ -33,6 +36,9 @@ include::modules/private-clusters-setting-api-private.adoc[leveloffset=+2]
 //Selecting a larger Amazon Web Services instance type for control plane machines
 include::modules/cpms-changing-aws-instance-type.adoc[leveloffset=+2]
 
+//Assigning machines to placement groups by using machine sets
+include::modules/machineset-aws-existing-placement-group.adoc[leveloffset=+2]
+
 //Machine sets that enable the Amazon EC2 Instance Metadata Service
 include::modules/machineset-imds-options.adoc[leveloffset=+2]
 
@@ -77,6 +83,12 @@ include::modules/machineset-troubleshooting-azure-ultra-disk.adoc[leveloffset=+3
 //Enabling customer-managed encryption keys for a machine set
 include::modules/machineset-customer-managed-encryption-azure.adoc[leveloffset=+2]
 
+//Configuring trusted launch for Azure virtual machines by using machine sets
+include::modules/machineset-azure-trusted-launch.adoc[leveloffset=+2]
+
+//Configuring Azure confidential virtual machines by using machine sets
+include::modules/machineset-azure-confidential-vms.adoc[leveloffset=+2]
+
 // Accelerated Networking for Microsoft Azure VMs
 include::modules/machineset-azure-accelerated-networking.adoc[leveloffset=+2]
 
@@ -103,6 +115,7 @@ include::modules/machineset-gcp-confidential-vm.adoc[leveloffset=+2]
 
 //Configuring Shielded VM options by using machine sets
 include::modules/machineset-gcp-shielded-vms.adoc[leveloffset=+2]
+
 [role="_additional-resources"]
 .Additional resources
 * link:https://cloud.google.com/compute/shielded-vm/docs/shielded-vm[What is Shielded VM?]
@@ -111,4 +124,12 @@ include::modules/machineset-gcp-shielded-vms.adoc[leveloffset=+2]
 ** link:https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#integrity-monitoring[Integrity monitoring]
 
 //Enabling customer-managed encryption keys for a machine set
-include::modules/machineset-gcp-enabling-customer-managed-encryption.adoc[leveloffset=+2]
\ No newline at end of file
+include::modules/machineset-gcp-enabling-customer-managed-encryption.adoc[leveloffset=+2]
+
+[id="cpmso-supported-features-openstack_{context}"]
+== Updating the configuration for {rh-openstack} control plane machines
+
+You can configure {rh-openstack-first} control plane machines by changing the configuration of your control plane machine set. When you save an update to the control plane machine set, the Control Plane Machine Set Operator updates the control plane machines according to your configured update strategy.
+
+//Changing the OpenStack Nova flavor by using a control plane machine set
+include::modules/cpms-changing-openstack-flavor-type.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/machine_management/creating-infrastructure-machinesets.adoc b/machine_management/creating-infrastructure-machinesets.adoc
index 06e9b71f5ca4..00a760c8de38 100644
--- a/machine_management/creating-infrastructure-machinesets.adoc
+++ b/machine_management/creating-infrastructure-machinesets.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-infrastructure-machinesets"]
 = Creating infrastructure machine sets
 include::_attributes/common-attributes.adoc[]
@@ -17,7 +17,7 @@ include::modules/infrastructure-components.adoc[leveloffset=+1]
 
 For information about infrastructure nodes and which components can run on infrastructure nodes, see the "Red Hat OpenShift control plane and infrastructure nodes" section in the link:https://www.redhat.com/en/resources/openshift-subscription-sizing-guide[OpenShift sizing and subscription guide for enterprise Kubernetes] document.
 
-To create an infrastructure node, you can xref:../machine_management/creating-infrastructure-machinesets.adoc#machineset-creating_creating-infrastructure-machinesets[use a machine set], xref:../machine_management/creating-infrastructure-machinesets.adoc#creating-an-infra-node_creating-infrastructure-machinesets[label the node], or xref:../machine_management/creating-infrastructure-machinesets.adoc#creating-infra-machines_creating-infrastructure-machinesets[use a machine config pool].    
+To create an infrastructure node, you can xref:../machine_management/creating-infrastructure-machinesets.adoc#machineset-creating_creating-infrastructure-machinesets[use a machine set], xref:../machine_management/creating-infrastructure-machinesets.adoc#creating-an-infra-node_creating-infrastructure-machinesets[label the node], or xref:../machine_management/creating-infrastructure-machinesets.adoc#creating-infra-machines_creating-infrastructure-machinesets[use a machine config pool].
 
 [id="creating-infrastructure-machinesets-production"]
 == Creating infrastructure machine sets for production environments
@@ -66,8 +66,6 @@ include::modules/machineset-yaml-nutanix.adoc[leveloffset=+3]
 
 include::modules/machineset-yaml-osp.adoc[leveloffset=+3]
 
-include::modules/machineset-yaml-rhv.adoc[leveloffset=+3]
-
 include::modules/machineset-yaml-vsphere.adoc[leveloffset=+3]
 
 include::modules/machineset-creating.adoc[leveloffset=+2]
@@ -104,7 +102,7 @@ include::modules/binding-infra-node-workloads-using-taints-tolerations.adoc[leve
 [id="moving-resources-to-infrastructure-machinesets"]
 == Moving resources to infrastructure machine sets
 
-Some of the infrastructure resources are deployed in your cluster by default. You can move them to the infrastructure machine sets that you created by adding the infrastructure node selector, as shown: 
+Some of the infrastructure resources are deployed in your cluster by default. You can move them to the infrastructure machine sets that you created by adding the infrastructure node selector, as shown:
 
 [source,yaml]
 ----
diff --git a/machine_management/creating_machinesets/creating-machineset-alibaba.adoc b/machine_management/creating_machinesets/creating-machineset-alibaba.adoc
index 391471881e89..2d21cfd3bd2f 100644
--- a/machine_management/creating_machinesets/creating-machineset-alibaba.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-alibaba.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-alibaba"]
 = Creating a compute machine set on Alibaba Cloud
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/creating_machinesets/creating-machineset-aws.adoc b/machine_management/creating_machinesets/creating-machineset-aws.adoc
index 912e18199775..b066a33ea38f 100644
--- a/machine_management/creating_machinesets/creating-machineset-aws.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-aws"]
 = Creating a compute machine set on AWS
 include::_attributes/common-attributes.adoc[]
@@ -17,6 +17,9 @@ include::modules/machineset-yaml-aws.adoc[leveloffset=+1]
 //Creating a compute machine set
 include::modules/machineset-creating.adoc[leveloffset=+1]
 
+//Assigning machines to placement groups by using machine sets
+include::modules/machineset-aws-existing-placement-group.adoc[leveloffset=+1]
+
 //Machine sets that enable the Amazon EC2 Instance Metadata Service
 include::modules/machineset-imds-options.adoc[leveloffset=+1]
 
diff --git a/machine_management/creating_machinesets/creating-machineset-azure-stack-hub.adoc b/machine_management/creating_machinesets/creating-machineset-azure-stack-hub.adoc
index bd14868eb8bf..20884178cb1b 100644
--- a/machine_management/creating_machinesets/creating-machineset-azure-stack-hub.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-azure-stack-hub.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-azure-stack-hub"]
 = Creating a compute machine set on Azure Stack Hub
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/creating_machinesets/creating-machineset-azure.adoc b/machine_management/creating_machinesets/creating-machineset-azure.adoc
index e3f30f1f0ad3..b868e0d534fb 100644
--- a/machine_management/creating_machinesets/creating-machineset-azure.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-azure"]
 = Creating a compute machine set on Azure
 include::_attributes/common-attributes.adoc[]
@@ -53,6 +53,12 @@ include::modules/machineset-troubleshooting-azure-ultra-disk.adoc[leveloffset=+2
 //Enabling customer-managed encryption keys for a machine set
 include::modules/machineset-customer-managed-encryption-azure.adoc[leveloffset=+1]
 
+//Configuring trusted launch for Azure virtual machines by using machine sets
+include::modules/machineset-azure-trusted-launch.adoc[leveloffset=+1]
+
+//Configuring Azure confidential virtual machines by using machine sets
+include::modules/machineset-azure-confidential-vms.adoc[leveloffset=+1]
+
 // Accelerated Networking for Microsoft Azure VMs
 include::modules/machineset-azure-accelerated-networking.adoc[leveloffset=+1]
 
diff --git a/machine_management/creating_machinesets/creating-machineset-bare-metal.adoc b/machine_management/creating_machinesets/creating-machineset-bare-metal.adoc
index cca9c7f268d1..e68bdbfecc68 100644
--- a/machine_management/creating_machinesets/creating-machineset-bare-metal.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-bare-metal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-bare-metal"]
 = Creating a compute machine set on bare metal
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/creating_machinesets/creating-machineset-gcp.adoc b/machine_management/creating_machinesets/creating-machineset-gcp.adoc
index 9857240d32be..0aaf38c6f4bf 100644
--- a/machine_management/creating_machinesets/creating-machineset-gcp.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-gcp"]
 = Creating a compute machine set on GCP
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/creating_machinesets/creating-machineset-ibm-cloud.adoc b/machine_management/creating_machinesets/creating-machineset-ibm-cloud.adoc
index fc58ff72de4f..20ebffdeb214 100644
--- a/machine_management/creating_machinesets/creating-machineset-ibm-cloud.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-ibm-cloud.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-ibm-cloud"]
-= Creating a compute machine set on IBM Cloud
+= Creating a compute machine set on {ibm-cloud-title}
 include::_attributes/common-attributes.adoc[]
 :context: creating-machineset-ibm-cloud
 
 toc::[]
 
-You can create a different compute machine set to serve a specific purpose in your {product-title} cluster on IBM Cloud. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.
+You can create a different compute machine set to serve a specific purpose in your {product-title} cluster on {ibm-cloud-name}. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.
 
 //[IMPORTANT] admonition for UPI
 include::modules/machine-user-provisioned-limitations.adoc[leveloffset=+1]
diff --git a/machine_management/creating_machinesets/creating-machineset-ibm-power-vs.adoc b/machine_management/creating_machinesets/creating-machineset-ibm-power-vs.adoc
index 0ee790376372..c4773e4b911b 100644
--- a/machine_management/creating_machinesets/creating-machineset-ibm-power-vs.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-ibm-power-vs.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-ibm-power-vs"]
-= Creating a compute machine set on {ibmpowerProductName} Virtual Server
+= Creating a compute machine set on {ibm-power-server-title}
 include::_attributes/common-attributes.adoc[]
 :context: creating-machineset-ibm-power-vs
 
 toc::[]
 
-You can create a different compute machine set to serve a specific purpose in your {product-title} cluster on {ibmpowerProductName} Virtual Server. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.
+You can create a different compute machine set to serve a specific purpose in your {product-title} cluster on {ibm-power-server-name}. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.
 
 //[IMPORTANT] admonition for UPI
 include::modules/machine-user-provisioned-limitations.adoc[leveloffset=+1]
diff --git a/machine_management/creating_machinesets/creating-machineset-nutanix.adoc b/machine_management/creating_machinesets/creating-machineset-nutanix.adoc
index 41e16fc9f03b..ff0e80909f75 100644
--- a/machine_management/creating_machinesets/creating-machineset-nutanix.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-nutanix.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-nutanix"]
 = Creating a compute machine set on Nutanix
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/creating_machinesets/creating-machineset-osp.adoc b/machine_management/creating_machinesets/creating-machineset-osp.adoc
index 57e30a54a9ee..eecd1c5db492 100644
--- a/machine_management/creating_machinesets/creating-machineset-osp.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-osp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-osp"]
 = Creating a compute machine set on OpenStack
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/creating_machinesets/creating-machineset-rhv.adoc b/machine_management/creating_machinesets/creating-machineset-rhv.adoc
deleted file mode 100644
index a98622b2a337..000000000000
--- a/machine_management/creating_machinesets/creating-machineset-rhv.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: ASSEMBLY
-[id="creating-machineset-rhv"]
-= Creating a compute machine set on {rh-virtualization}
-include::_attributes/common-attributes.adoc[]
-:context: creating-machineset-rhv
-
-toc::[]
-
-You can create a different compute machine set to serve a specific purpose in your {product-title} cluster on {rh-virtualization-first}. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.
-
-include::modules/machine-user-provisioned-limitations.adoc[leveloffset=+1]
-
-include::modules/machineset-yaml-rhv.adoc[leveloffset=+1]
-
-include::modules/machineset-creating.adoc[leveloffset=+1]
diff --git a/machine_management/creating_machinesets/creating-machineset-vsphere.adoc b/machine_management/creating_machinesets/creating-machineset-vsphere.adoc
index 9965cbd3ba96..c08f91b5e180 100644
--- a/machine_management/creating_machinesets/creating-machineset-vsphere.adoc
+++ b/machine_management/creating_machinesets/creating-machineset-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-machineset-vsphere"]
 = Creating a compute machine set on vSphere
 include::_attributes/common-attributes.adoc[]
@@ -33,7 +33,7 @@ include::modules/machineset-upi-reqs-ignition-config.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../post_installation_configuration/machine-configuration-tasks.adoc#understanding-the-machine-config-operator[Understanding the Machine Config Operator]
-* xref:../../installing/installing_vsphere/installing-vsphere.adoc#installation-vsphere-machines_installing-vsphere[Installing {op-system} and starting the {product-title} bootstrap process]
+* xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installation-vsphere-machines_installing-vsphere[Installing {op-system} and starting the {product-title} bootstrap process]
 
 //Creating a compute machine set
 include::modules/machineset-creating.adoc[leveloffset=+1]
diff --git a/machine_management/deleting-machine.adoc b/machine_management/deleting-machine.adoc
index 9f7d9dd1c3c7..2aab54802937 100644
--- a/machine_management/deleting-machine.adoc
+++ b/machine_management/deleting-machine.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deleting-machine"]
 = Deleting a machine
 include::_attributes/common-attributes.adoc[]
@@ -28,5 +28,6 @@ include::modules/machine-lifecycle-hook-deletion-etcd.adoc[leveloffset=+2]
 [id="additional-resources_unhealthy-etcd-member"]
 == Additional resources
 
+* xref:../machine_management/machine-phases-lifecycle.adoc#machine-phases-lifecycle[Machine phases and lifecycle]
 * xref:../backup_and_restore/control_plane_backup_and_restore/replacing-unhealthy-etcd-member.adoc#replacing-unhealthy-etcd-member[Replacing an unhealthy etcd member]
 * xref:../machine_management/control_plane_machine_management/cpmso-using.adoc#cpmso-using[Managing control plane machines with control plane machine sets]
\ No newline at end of file
diff --git a/machine_management/deploying-machine-health-checks.adoc b/machine_management/deploying-machine-health-checks.adoc
index 6f7bcb0feb70..c1c61553e681 100644
--- a/machine_management/deploying-machine-health-checks.adoc
+++ b/machine_management/deploying-machine-health-checks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-machine-health-checks"]
 = Deploying machine health checks
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/index.adoc b/machine_management/index.adoc
index ec56da0b86c7..472b5283e943 100644
--- a/machine_management/index.adoc
+++ b/machine_management/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overview-of-machine-management"]
 = Overview of machine management
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can use machine management to flexibly work with underlying infrastructure such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), {rh-openstack-first}, {rh-virtualization-first}, and VMware vSphere to manage the {product-title} cluster.
+You can use machine management to flexibly work with underlying infrastructure such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), {rh-openstack-first}, and VMware vSphere to manage the {product-title} cluster.
 You can control the cluster and perform auto-scaling, such as scaling up and down the cluster based on specific workload policies.
 
 It is important to have a cluster that adapts to changing workloads. The {product-title} cluster can horizontally scale up and down when the load increases or decreases.
@@ -24,6 +24,10 @@ The Machine API Operator provisions the following resources:
 
 include::modules/machine-api-overview.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../machine_management/machine-phases-lifecycle.adoc#machine-phases-lifecycle[Machine phases and lifecycle]
+
 [id="machine-mgmt-intro-managing-compute_{context}"]
 == Managing compute machines
 
@@ -39,8 +43,6 @@ As a cluster administrator, you can perform the following actions:
 
 ** xref:../machine_management/creating_machinesets/creating-machineset-osp.adoc#creating-machineset-osp[{rh-openstack}]
 
-** xref:../machine_management/creating_machinesets/creating-machineset-rhv.adoc#creating-machineset-rhv[{rh-virtualization}]
-
 ** xref:../machine_management/creating_machinesets/creating-machineset-vsphere.adoc#creating-machineset-vsphere[vSphere]
 
 * Create a machine set for a bare metal deployment: xref:../machine_management/creating_machinesets/creating-machineset-bare-metal.adoc#creating-machineset-bare-metal[Creating a compute machine set on bare metal]
diff --git a/machine_management/machine-phases-lifecycle.adoc b/machine_management/machine-phases-lifecycle.adoc
new file mode 100644
index 000000000000..67e4a9a2e73c
--- /dev/null
+++ b/machine_management/machine-phases-lifecycle.adoc
@@ -0,0 +1,31 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="machine-phases-lifecycle"]
+= Machine phases and lifecycle
+include::_attributes/common-attributes.adoc[]
+:context: machine-phases-lifecycle
+
+toc::[]
+
+Machines move through a _lifecycle_ that has several defined phases. Understanding the machine lifecycle and its phases can help you verify whether a procedure is complete or troubleshoot undesired behavior. In {product-title}, the machine lifecycle is consistent across all supported cloud providers.
+
+//Machine phases
+include::modules/machine-about-phases.adoc[leveloffset=+1]
+
+//The machine lifecycle
+include::modules/machine-about-lifecycle.adoc[leveloffset=+1]
+
+[id="machine-determine-phase_{context}"]
+== Determining the phase of a machine
+
+You can find the phase of a machine by using the {oc-first} or by using the web console. You can use this information to verify whether a procedure is complete or to troubleshoot undesired behavior.
+
+//Determining the phase of a machine by using the CLI
+include::modules/machine-determine-phase-cli.adoc[leveloffset=+2]
+
+//Determining the phase of a machine by using the web console
+include::modules/machine-determine-phase-gui.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../machine_management/deleting-machine.adoc#machine-lifecycle-hook-deletion_deleting-machine[Lifecycle hooks for the machine deletion phase]
\ No newline at end of file
diff --git a/machine_management/manually-scaling-machineset.adoc b/machine_management/manually-scaling-machineset.adoc
index 08994f3dfcc6..aad837de207c 100644
--- a/machine_management/manually-scaling-machineset.adoc
+++ b/machine_management/manually-scaling-machineset.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="manually-scaling-machineset"]
 = Manually scaling a compute machine set
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/modifying-machineset.adoc b/machine_management/modifying-machineset.adoc
index 32dc7de23b7b..74a4f32ba783 100644
--- a/machine_management/modifying-machineset.adoc
+++ b/machine_management/modifying-machineset.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="modifying-machineset"]
 = Modifying a compute machine set
 include::_attributes/common-attributes.adoc[]
@@ -8,8 +8,6 @@ toc::[]
 
 You can modify a compute machine set, such as adding labels, changing the instance type, or changing block storage.
 
-On {rh-virtualization-first}, you can also change a compute machine set to provision new nodes on a different storage domain.
-
 [NOTE]
 ====
 If you need to scale a compute machine set without making other changes, see xref:../machine_management/manually-scaling-machineset.adoc#manually-scaling-machineset[Manually scaling a compute machine set].
@@ -20,18 +18,5 @@ include::modules/machineset-modifying.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 * xref:../machine_management/deleting-machine.adoc#machine-lifecycle-hook-deletion_deleting-machine[Lifecycle hooks for the machine deletion phase]
-
-[id="migrating-nodes-to-a-different-storage-domain-rhv_{context}"]
-== Migrating nodes to a different storage domain on {rh-virtualization}
-
-You can migrate the {product-title} control plane and compute nodes to a different storage domain in a {rh-virtualization-first} cluster.
-
-include::modules/machineset-migrating-compute-nodes-to-diff-sd-rhv.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../machine_management/creating_machinesets/creating-machineset-rhv.adoc#machineset-creating_creating-machineset-rhv[Creating a compute machine set]
 * xref:../machine_management/manually-scaling-machineset.adoc#machineset-manually-scaling_manually-scaling-machineset[Scaling a compute machine set manually]
 * xref:../nodes/scheduling/nodes-scheduler-about.adoc#nodes-scheduler-about[Controlling pod placement using the scheduler]
-
-include::modules/machineset-migrating-control-plane-nodes-to-diff-sd-rhv.adoc[leveloffset=+2]
diff --git a/machine_management/more-rhel-compute.adoc b/machine_management/more-rhel-compute.adoc
index b3860d5f32b8..1b07ecb834e4 100644
--- a/machine_management/more-rhel-compute.adoc
+++ b/machine_management/more-rhel-compute.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="more-rhel-compute"]
 = Adding more RHEL compute machines to an {product-title} cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/user_infra/adding-aws-compute-user-infra.adoc b/machine_management/user_infra/adding-aws-compute-user-infra.adoc
index 7f8b9c5a2838..6e564efc19ba 100644
--- a/machine_management/user_infra/adding-aws-compute-user-infra.adoc
+++ b/machine_management/user_infra/adding-aws-compute-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="adding-aws-compute-user-infra"]
 = Adding compute machines to AWS by using CloudFormation templates
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/user_infra/adding-bare-metal-compute-user-infra.adoc b/machine_management/user_infra/adding-bare-metal-compute-user-infra.adoc
index f1fa52de60fe..a41991a0773a 100644
--- a/machine_management/user_infra/adding-bare-metal-compute-user-infra.adoc
+++ b/machine_management/user_infra/adding-bare-metal-compute-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="adding-bare-metal-compute-user-infra"]
 = Adding compute machines to bare metal
 include::_attributes/common-attributes.adoc[]
diff --git a/machine_management/user_infra/adding-compute-user-infra-general.adoc b/machine_management/user_infra/adding-compute-user-infra-general.adoc
index 7f782dac844d..4c71ff1b15fd 100644
--- a/machine_management/user_infra/adding-compute-user-infra-general.adoc
+++ b/machine_management/user_infra/adding-compute-user-infra-general.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="adding-compute-user-infra-general"]
 = Adding compute machines to clusters with user-provisioned infrastructure manually
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can add compute machines to a cluster on user-provisioned infrastructure either as part of the installation process or after installation. The post-installation process requires some of the same configuration files and parameters that were used during installation.
+You can add compute machines to a cluster on user-provisioned infrastructure either as part of the installation process or after installation. The postinstallation process requires some of the same configuration files and parameters that were used during installation.
 
 [id="upi-adding-compute-aws"]
 == Adding compute machines to Amazon Web Services
@@ -35,10 +35,6 @@ You can xref:../../machine_management/creating_machinesets/creating-machineset-v
 
 To manually add more compute machines to your cluster, see xref:../../machine_management/user_infra/adding-vsphere-compute-user-infra.adoc#adding-vsphere-compute-user-infra[Adding compute machines to vSphere manually].
 
-[id="upi-adding-compute-rhv"]
-== Adding compute machines to {rh-virtualization}
-
-To add more compute machines to your {product-title} cluster on {rh-virtualization}, see xref:../../machine_management/user_infra/adding-rhv-compute-user-infra.adoc#adding-rhv-compute-user-infra[Adding compute machines to {rh-virtualization}].
 
 [id="upi-adding-compute-bare-metal"]
 == Adding compute machines to bare metal
diff --git a/machine_management/user_infra/adding-rhv-compute-user-infra.adoc b/machine_management/user_infra/adding-rhv-compute-user-infra.adoc
deleted file mode 100644
index fa5ca34fcc7f..000000000000
--- a/machine_management/user_infra/adding-rhv-compute-user-infra.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-// Assembly included in the following assemblies:
-// * machine_management/user_infra/adding-compute-user-infra-general.adoc
-
-:_content-type: ASSEMBLY
-[id="adding-rhv-compute-user-infra"]
-= Adding compute machines to a cluster on {rh-virtualization}
-include::_attributes/common-attributes.adoc[]
-:context: adding-rhv-compute-user-infra
-
-toc::[]
-
-In {product-title} version {product-version}, you can add more compute machines to a user-provisioned {product-title} cluster on {rh-virtualization}.
-
-.Prerequisites
-
-* You installed a cluster on {rh-virtualization} with user-provisioned infrastructure.
-
-include::modules/machine-user-provisioned-rhv.adoc[leveloffset=+1]
diff --git a/machine_management/user_infra/adding-vsphere-compute-user-infra.adoc b/machine_management/user_infra/adding-vsphere-compute-user-infra.adoc
index ab5b6dd86d57..c82b747042d5 100644
--- a/machine_management/user_infra/adding-vsphere-compute-user-infra.adoc
+++ b/machine_management/user_infra/adding-vsphere-compute-user-infra.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="adding-vsphere-compute-user-infra"]
 = Adding compute machines to vSphere manually
 include::_attributes/common-attributes.adoc[]
@@ -15,9 +15,9 @@ You can also xref:../../machine_management/creating_machinesets/creating-machine
 
 == Prerequisites
 
-* You xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[installed a cluster on vSphere].
+* You xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[installed a cluster on vSphere].
 
-* You have installation media and {op-system-first} images that you used to create your cluster. If you do not have these files, you must obtain them by following the instructions in the xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[installation procedure].
+* You have installation media and {op-system-first} images that you used to create your cluster. If you do not have these files, you must obtain them by following the instructions in the xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[installation procedure].
 
 [IMPORTANT]
 ====
diff --git a/makeBuild.py b/makeBuild.py
index b11d6c13232c..9abe8bc9ee44 100755
--- a/makeBuild.py
+++ b/makeBuild.py
@@ -75,6 +75,46 @@ def _fix_ids_for_html4(tree):
                 if old_endterm.get("endterm") == id_val:
                     old_endterm.set('endterm', new_id)
 
+def build_book(book):
+    validated = True
+    starting_dir=os.getcwd()
+    os.chdir(os.path.join("drupal-build", distro, book))
+    #print(os.getcwd() + "\n")
+
+    # Create the transformer instance
+    transformer = AsciiDocPublicanTransformer()
+
+    try:
+        # Transform the AsciiDoc to DocBook XML
+        print((">>> Working on " + book + " book in " + distro + " <<<"))
+        if not transformer._build_docbook_src("master.adoc", "build"):
+            logging.error(">>> Validation of book " + book + " in " + distro + " failed: master.adoc not found <<<")
+            return False
+
+        # Parse the transformed XML
+        transformer._before_xml_parse("build/master.xml")
+
+        # Parse the XML content
+        tree = utils.parse_xml("build/master.xml")
+
+        # Apply XML updates from aura/ccutil
+        transformer._fix_uncoverted_xrefs_with_file_paths(tree)
+        _fix_ids_for_html4(tree)
+
+        # Validate the transformed XML
+        if not transformer._validate_docbook_idrefs(tree):
+            logging.error(">>> Validation of book " + book + " in " + distro + " failed <<<")
+            validated = False
+    except (XMLSyntaxError, XIncludeError, InvalidInputException) as e:
+        logging.error(e)
+        validated = False
+    finally:
+        print((">>> Finished with " + book + " book in " + distro + " <<<"))
+        print("---------------------------------------")
+        os.chdir(starting_dir)
+        return validated
+
+
 
 # all validated?
 all_validated = True
@@ -91,53 +131,19 @@ def _fix_ids_for_html4(tree):
     for book in os.listdir(os.path.join("drupal-build", distro)):
 
         #print(os.getcwd() + "\n")
-        #if not os.path.isdir("drupal-build/" + distro + "/" + book):
-            #print("---------------------------------------")
-            #print(">>> No Book " + book + " in this repo. Skipping <<<")
-            #print("---------------------------------------")
-
-            #continue
-
+        # skip any non-directory entries
+        if not os.path.isdir("drupal-build/" + distro + "/" + book):
+            continue
         # rest api book is a pain and doesn't convert well
         if book == "rest_api":
-          continue
-
-        os.chdir("drupal-build/" + distro + "/" + book)
-        #print(os.getcwd() + "\n")
-
-        # Create the transformer instance
-        transformer = AsciiDocPublicanTransformer()
-
-        try:
-            # Transform the AsciiDoc to DocBook XML
-            print((">>> Working on " + book + " book in " + distro + " <<<"))
-            if not transformer._build_docbook_src("master.adoc", "build"):
-                print(("Could not transform book " + book))
-                all_validated = False
-                continue
-
-            # Parse the transformed XML
-            transformer._before_xml_parse("build/master.xml")
-
-            # Parse the XML content
-            tree = utils.parse_xml("build/master.xml")
-
-            # Apply XML updates from aura/ccutil
-            transformer._fix_uncoverted_xrefs_with_file_paths(tree)
-            _fix_ids_for_html4(tree)
-
-            # Validate the transformed XML
-            if not transformer._validate_docbook_idrefs(tree):
-                logging.error(">>> Validation of book " + book + " in " + distro + " failed <<<")
-                all_validated = False
-        except (XMLSyntaxError, XIncludeError, InvalidInputException) as e:
-            logging.error(e)
-            all_validated = False
-        finally:
-            print((">>> Finished with " + book + " book in " + distro + " <<<"))
-            print("---------------------------------------")
-            os.chdir("../../../")
+            continue
 
+        if os.path.exists(os.path.join("drupal-build", distro, book,"hugeBook.flag")):
+            for secondary_book in os.listdir(os.path.join("drupal-build", distro, book)):
+                if os.path.isdir("drupal-build/" + distro + "/" + book + "/" + secondary_book):
+                    all_validated = all_validated and build_book(book+"/"+secondary_book)
+        else:
+            all_validated = all_validated and build_book(book)
 if not all_validated:
     sys.exit(-1)
 else:
diff --git a/metering/configuring_metering/metering-about-configuring.adoc b/metering/configuring_metering/metering-about-configuring.adoc
index e13b9bbe28f3..fb0dddd51d36 100644
--- a/metering/configuring_metering/metering-about-configuring.adoc
+++ b/metering/configuring_metering/metering-about-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-about-configuring"]
 = About configuring metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/configuring_metering/metering-common-config-options.adoc b/metering/configuring_metering/metering-common-config-options.adoc
index d526bc0fc855..6342672396f5 100644
--- a/metering/configuring_metering/metering-common-config-options.adoc
+++ b/metering/configuring_metering/metering-common-config-options.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-common-config-options"]
 = Common configuration options
 include::_attributes/common-attributes.adoc[]
@@ -156,12 +156,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                         STATUS   ROLES    AGE   VERSION
-ip-10-0-147-106.us-east-2.compute.internal   Ready    master   14h   v1.26.0
-ip-10-0-150-175.us-east-2.compute.internal   Ready    worker   14h   v1.26.0
-ip-10-0-175-23.us-east-2.compute.internal    Ready    master   14h   v1.26.0
-ip-10-0-189-6.us-east-2.compute.internal     Ready    worker   14h   v1.26.0
-ip-10-0-205-158.us-east-2.compute.internal   Ready    master   14h   v1.26.0
-ip-10-0-210-167.us-east-2.compute.internal   Ready    worker   14h   v1.26.0
+ip-10-0-147-106.us-east-2.compute.internal   Ready    master   14h   v1.28.5
+ip-10-0-150-175.us-east-2.compute.internal   Ready    worker   14h   v1.28.5
+ip-10-0-175-23.us-east-2.compute.internal    Ready    master   14h   v1.28.5
+ip-10-0-189-6.us-east-2.compute.internal     Ready    worker   14h   v1.28.5
+ip-10-0-205-158.us-east-2.compute.internal   Ready    master   14h   v1.28.5
+ip-10-0-210-167.us-east-2.compute.internal   Ready    worker   14h   v1.28.5
 ----
 --
 
diff --git a/metering/configuring_metering/metering-configure-aws-billing-correlation.adoc b/metering/configuring_metering/metering-configure-aws-billing-correlation.adoc
index db22749f27e3..703e8be13d54 100644
--- a/metering/configuring_metering/metering-configure-aws-billing-correlation.adoc
+++ b/metering/configuring_metering/metering-configure-aws-billing-correlation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-configure-aws-billing-correlation"]
 = Configure AWS billing correlation
 include::_attributes/common-attributes.adoc[]
@@ -113,4 +113,4 @@ To store data in S3, the `aws-access-key-id` and `aws-secret-access-key` credent
 ----
 <1> Replace `operator-metering-data` with the name of your bucket.
 
-This can be done either pre-installation or post-installation. Disabling it post-installation can cause errors in the Reporting Operator.
+This can be done either preinstallation or postinstallation. Disabling it postinstallation can cause errors in the Reporting Operator.
diff --git a/metering/configuring_metering/metering-configure-hive-metastore.adoc b/metering/configuring_metering/metering-configure-hive-metastore.adoc
index b9aba58f910a..f36dd78a5cb1 100644
--- a/metering/configuring_metering/metering-configure-hive-metastore.adoc
+++ b/metering/configuring_metering/metering-configure-hive-metastore.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-configure-hive-metastore"]
 = Configuring the Hive metastore
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/configuring_metering/metering-configure-persistent-storage.adoc b/metering/configuring_metering/metering-configure-persistent-storage.adoc
index 6e9930cd4e45..e67ab29b3265 100644
--- a/metering/configuring_metering/metering-configure-persistent-storage.adoc
+++ b/metering/configuring_metering/metering-configure-persistent-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-configure-persistent-storage"]
 = Configuring persistent storage
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/configuring_metering/metering-configure-reporting-operator.adoc b/metering/configuring_metering/metering-configure-reporting-operator.adoc
index dc6b53385854..db379aad2754 100644
--- a/metering/configuring_metering/metering-configure-reporting-operator.adoc
+++ b/metering/configuring_metering/metering-configure-reporting-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-configure-reporting-operator"]
 = Configuring the Reporting Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/metering-about-metering.adoc b/metering/metering-about-metering.adoc
index 84814aedd33d..2af4a51b40e3 100644
--- a/metering/metering-about-metering.adoc
+++ b/metering/metering-about-metering.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-metering"]
 = About Metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/metering-installing-metering.adoc b/metering/metering-installing-metering.adoc
index 566797b48389..c31ae259dd3c 100644
--- a/metering/metering-installing-metering.adoc
+++ b/metering/metering-installing-metering.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-metering"]
 = Installing metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/metering-troubleshooting-debugging.adoc b/metering/metering-troubleshooting-debugging.adoc
index 53333e6f390d..bb2c710146ec 100644
--- a/metering/metering-troubleshooting-debugging.adoc
+++ b/metering/metering-troubleshooting-debugging.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-troubleshooting-debugging"]
 = Troubleshooting and debugging metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/metering-uninstall.adoc b/metering/metering-uninstall.adoc
index 256c69f27b39..8237458f7776 100644
--- a/metering/metering-uninstall.adoc
+++ b/metering/metering-uninstall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: metering-uninstall
 [id="metering-uninstall"]
 = Uninstalling metering
diff --git a/metering/metering-upgrading-metering.adoc b/metering/metering-upgrading-metering.adoc
index b74273887552..15c1703ba24e 100644
--- a/metering/metering-upgrading-metering.adoc
+++ b/metering/metering-upgrading-metering.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="upgrading-metering"]
 = Upgrading metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/metering-usage-examples.adoc b/metering/metering-usage-examples.adoc
index c522b516c96e..29df37d8afba 100644
--- a/metering/metering-usage-examples.adoc
+++ b/metering/metering-usage-examples.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-usage-examples"]
 = Examples of using metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/metering-using-metering.adoc b/metering/metering-using-metering.adoc
index 163b41c09a11..55246522f4ef 100644
--- a/metering/metering-using-metering.adoc
+++ b/metering/metering-using-metering.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-metering"]
 = Using Metering
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/reports/metering-about-reports.adoc b/metering/reports/metering-about-reports.adoc
index c909f6fd0ee4..f5bde2f08382 100644
--- a/metering/reports/metering-about-reports.adoc
+++ b/metering/reports/metering-about-reports.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-about-reports"]
 = About Reports
 include::_attributes/common-attributes.adoc[]
diff --git a/metering/reports/metering-storage-locations.adoc b/metering/reports/metering-storage-locations.adoc
index ab06b989cfa3..dccfe8e6a580 100644
--- a/metering/reports/metering-storage-locations.adoc
+++ b/metering/reports/metering-storage-locations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metering-storage-locations"]
 = Storage locations
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_observability/_attributes b/microshift_backup_and_restore/_attributes
similarity index 100%
rename from networking/network_observability/_attributes
rename to microshift_backup_and_restore/_attributes
diff --git a/rosa_cli/images b/microshift_backup_and_restore/images
similarity index 100%
rename from rosa_cli/images
rename to microshift_backup_and_restore/images
diff --git a/microshift_backup_and_restore/microshift-backup-and-restore.adoc b/microshift_backup_and_restore/microshift-backup-and-restore.adoc
new file mode 100644
index 000000000000..9494c3ba3d14
--- /dev/null
+++ b/microshift_backup_and_restore/microshift-backup-and-restore.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-backup-and-restore"]
+include::_attributes/attributes-microshift.adoc[]
+= Backing up and restoring {microshift-short} data
+:context: microshift-backup-and-restore
+
+toc::[]
+
+You can manually back up and restore the {microshift-short} database on all supported systems. Greenboot health checks must be completed and you must stop the {microshift-short} service prior to any backups.
+
+[NOTE]
+====
+Only {microshift-short} data is backed up with the following procedures. Application data is not included.
+====
+
+* On `rpm-ostree` systems, {microshift-short} automatically creates a backup on every start. These automatic backups are deleted and replaced with the latest backup each time the system restarts.
+* If you are using an `rpm-ostree` system, the data is automatically restored after Greenboot rolls the system back. This data restoration ensures that the database matches the software running on the host after the rollback is completed.
+* On other system types, you must back up and restore data manually.
+
+include::modules/microshift-service-stopping.adoc[leveloffset=+1]
+
+include::modules/microshift-backing-up-manually.adoc[leveloffset=+1]
+
+//additional resources for backing-up module
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-service-stopping_microshift-install-rpm[Stopping the MicroShift service]
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-service-starting_microshift-install-rpm[Starting the MicroShift service]
+
+include::modules/microshift-restoring-data-backups.adoc[leveloffset=+1]
+
+include::modules/microshift-service-starting.adoc[leveloffset=+1]
+
+//additional resources for restoring-data module
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-service-stopping_microshift-install-rpm[Stopping the MicroShift service]
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-service-starting_microshift-install-rpm[Starting the MicroShift service]
\ No newline at end of file
diff --git a/microshift_backup_and_restore/modules b/microshift_backup_and_restore/modules
new file mode 120000
index 000000000000..464b823aca16
--- /dev/null
+++ b/microshift_backup_and_restore/modules
@@ -0,0 +1 @@
+../modules
\ No newline at end of file
diff --git a/microshift_backup_and_restore/snippets b/microshift_backup_and_restore/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/microshift_backup_and_restore/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/microshift_cli_ref/microshift-cli-tools-introduction.adoc b/microshift_cli_ref/microshift-cli-tools-introduction.adoc
index f2cbdf7c6100..892df03d33b5 100644
--- a/microshift_cli_ref/microshift-cli-tools-introduction.adoc
+++ b/microshift_cli_ref/microshift-cli-tools-introduction.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-cli-tools"]
 = {product-title} CLI tools introduction
 include::_attributes/attributes-microshift.adoc[]
@@ -10,10 +10,9 @@ You can use different command-line interface (CLI) tools to build, deploy, and m
 
 CLI tools available for use with {product-title} are the following:
 
-* Built-in `microshift` command types
-* Linux CLI tools
 * Kubernetes CLI (`kubectl`)
 * The {oc-first} tool with an enabled subset of commands
+* Built-in `microshift` command types
 
 [NOTE]
 ====
@@ -22,10 +21,9 @@ Commands for multi-node deployments, projects, and developer tooling are not sup
 
 [role="_additional-resources"]
 [id="additional-resources_microshift-cli-tools"]
-.Additional resources
+== Additional resources
 
 * xref:..//microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Installing the OpenShift CLI tool for MicroShift].
-
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cli_tools/openshift-cli-oc[Detailed description of the OpenShift CLI (oc)].
-
-* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9[Red Hat Enterprise Linux (RHEL) documentation for specific use cases].
\ No newline at end of file
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html/cli_tools/openshift-cli-oc[Detailed description of the OpenShift CLI (oc)].
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9[Red Hat Enterprise Linux (RHEL) documentation for specific use cases].
+* xref:../microshift_configuring/microshift-cluster-access-kubeconfig.adoc#microshift-kubeconfig[Cluster access with kubeconfig]
\ No newline at end of file
diff --git a/microshift_cli_ref/microshift-cli-using-oc.adoc b/microshift_cli_ref/microshift-cli-using-oc.adoc
index 68b8a08ae508..d470e5c3999b 100644
--- a/microshift_cli_ref/microshift-cli-using-oc.adoc
+++ b/microshift_cli_ref/microshift-cli-using-oc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-cli-using-oc"]
 = Using the oc tool
 include::_attributes/attributes-microshift.adoc[]
diff --git a/microshift_cli_ref/microshift-oc-cli-commands-list.adoc b/microshift_cli_ref/microshift-oc-cli-commands-list.adoc
index 65b735b52e61..33107b8db699 100644
--- a/microshift_cli_ref/microshift-oc-cli-commands-list.adoc
+++ b/microshift_cli_ref/microshift-oc-cli-commands-list.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-oc-cli-commands"]
 = OpenShift CLI command reference
 include::_attributes/attributes-microshift.adoc[]
diff --git a/microshift_cli_ref/microshift-oc-cli-install.adoc b/microshift_cli_ref/microshift-oc-cli-install.adoc
index 51047052db69..1133a03b507b 100644
--- a/microshift_cli_ref/microshift-oc-cli-install.adoc
+++ b/microshift_cli_ref/microshift-oc-cli-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-oc-cli-install"]
 = Getting started with the OpenShift CLI
 include::_attributes/attributes-microshift.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-To use the OpenShift CLI (`oc`) tool, you must download and install it separately from your {product-title} installation.
+To use the OpenShift CLI (`oc`) tool, you must download and install it separately from your {microshift-short} installation.
 
 [id="installing-the-openshift-cli"]
 == Installing the OpenShift CLI
diff --git a/microshift_cli_ref/microshift-oc-config.adoc b/microshift_cli_ref/microshift-oc-config.adoc
index 166c16641d11..3681eb8b4fcd 100644
--- a/microshift_cli_ref/microshift-oc-config.adoc
+++ b/microshift_cli_ref/microshift-oc-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cli-configuring-cli"]
 = Configuring the OpenShift CLI
 include::_attributes/attributes-microshift.adoc[]
diff --git a/microshift_cli_ref/microshift-usage-oc-kubectl.adoc b/microshift_cli_ref/microshift-usage-oc-kubectl.adoc
index a1016ff3ab97..35eb94699eac 100644
--- a/microshift_cli_ref/microshift-usage-oc-kubectl.adoc
+++ b/microshift_cli_ref/microshift-usage-oc-kubectl.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-usage-oc-kubectl"]
 = Using oc and kubectl commands
 include::_attributes/attributes-microshift.adoc[]
diff --git a/microshift_configuring/microshift-cluster-access-kubeconfig.adoc b/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
index 78b503705d15..e1979879dded 100644
--- a/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
+++ b/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-kubeconfig"]
 = Cluster access with kubeconfig
 include::_attributes/attributes-microshift.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-Learn about how `kubeconfig` files are used with {product-title} deployments. CLI tools use `kubeconfig` files to communicate with the API server of a cluster. These files provide cluster details, IP addresses, and other information needed for authentication.
+Learn about how `kubeconfig` files are used with {microshift-short} deployments. CLI tools use `kubeconfig` files to communicate with the API server of a cluster. These files provide cluster details, IP addresses, and other information needed for authentication.
 
 include::modules/microshift-kubeconfig-overview.adoc[leveloffset=+1]
 
diff --git a/microshift_configuring/microshift-greenboot-checking-status.adoc b/microshift_configuring/microshift-greenboot-checking-status.adoc
new file mode 100644
index 000000000000..fca460877abc
--- /dev/null
+++ b/microshift_configuring/microshift-greenboot-checking-status.adoc
@@ -0,0 +1,13 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-greenboot-checking-status"]
+= Checking Greenboot scripts status
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-greenboot-script-status
+
+toc::[]
+
+To deploy applications or make other changes through the {microshift-short} API with tools other than `kustomize` manifests, you must wait until the Greenboot health checks have finished. This ensures that your changes are not lost if Greenboot rolls your `rpm-ostree` system back to an earlier state.
+
+The `greenboot-healthcheck` service runs one time and then exits. After Greenboot has exited and the system is in a healthy state, you can proceed with configuration changes and deployments.
+
+include::modules/microshift-greenboot-check-status.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_configuring/microshift-using-config-tools.adoc b/microshift_configuring/microshift-using-config-tools.adoc
index c8f77a24a629..6392c8b0aa7d 100644
--- a/microshift_configuring/microshift-using-config-tools.adoc
+++ b/microshift_configuring/microshift-using-config-tools.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-using-config-tools"]
 = How configuration tools work
 include::_attributes/attributes-microshift.adoc[]
@@ -6,8 +6,20 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-A YAML file customizes {product-title} instances with your preferences, settings, and parameters.
+A YAML file customizes {microshift-short} instances with your preferences, settings, and parameters.
+
+include::snippets/microshift-greenboot-status-snip.adoc[leveloffset=+2]
+
+include::modules/microshift-default-settings.adoc[leveloffset=+1]
 
 include::modules/microshift-config-yaml.adoc[leveloffset=+1]
 
-include::modules/microshift-config-nodeport-limits.adoc[leveloffset=+1]
\ No newline at end of file
+include::modules/microshift-nw-advertise-address.adoc[leveloffset=+2]
+
+include::modules/microshift-config-nodeport-limits.adoc[leveloffset=+2]
+
+[id="additional-resources_microshift-using-config-tools_{context}"]
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../microshift-greenboot-checking-status.adoc#microshift-greenboot-checking-status[Checking Greenboot status]
diff --git a/microshift_getting_started/microshift-architecture.adoc b/microshift_getting_started/microshift-architecture.adoc
index 038212cde83f..17e34e6cedae 100644
--- a/microshift_getting_started/microshift-architecture.adoc
+++ b/microshift_getting_started/microshift-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-architecture"]
 = Architecture
 include::_attributes/attributes-microshift.adoc[]
@@ -11,38 +11,38 @@ Learn the specifics of {product-title} architecture including design intent, how
 
 [id="microshift-architectural-design_{context}"]
 == Architectural design
-{product-title} is a single-node container orchestration runtime designed to extend the benefits of using containers for running applications to low-resource edge environments. Because {product-title} is primarily a platform for deploying applications, only the APIs and features essential to operating in edge and small form factor computing environments are included.
+{microshift-short} is a single-node container orchestration runtime designed to extend the benefits of using containers for running applications to low-resource edge environments. Because {microshift-short} is primarily a platform for deploying applications, only the APIs and features essential to operating in edge and small form factor computing environments are included.
 
-For example, {product-title} contains only the following Kubernetes cluster capabilities:
+For example, {microshift-short} contains only the following Kubernetes cluster capabilities:
 
 * Networking
 * Ingress
 * Storage
 * Helm
 
-{product-title} also provides the following Kubernetes functions:
+{microshift-short} also provides the following Kubernetes functions:
 
 * Orchestration
 * Security
 
-To optimize your deployments, use {product-title} with a compatible operating system, such as {op-system-ostree-first}. Using {product-title} and {op-system-ostree-first} together forms {op-system-bundle}. Virtual machines are handled by the operating system in {product-title} deployments.
+To optimize your deployments, use {microshift-short} with a compatible operating system, such as {op-system-ostree-first}. Using {microshift-short} and {op-system-ostree-first} together forms {op-system-bundle}. Virtual machines are handled by the operating system in {microshift-short} deployments.
 
 .{product-title} as part of {op-system-bundle}.
 image::311_RHDevice_Edge_Overview_0223_1.png[<{product-title} is tasked with only the Kubernetes cluster services networking, ingress, storage, helm, with additional Kubernetes functions of orchestration and security, as the following diagram illustrates.>]
 
-The following operational differences from {oke} can help you understand where {product-title} can be deployed:
+The following operational differences from {oke} can help you understand where {microshift-short} can be deployed:
 
 [id="microshift-differences-oke_{context}"]
 == Key differences from {oke}
 
-* Devices with {product-title} installed are self-managing
+* Devices with {microshift-short} installed are self-managing
 * Compatible with RPM-OStree-based systems
 * Uses only the APIs needed for essential functions, such as security and runtime controls
 * Enables a subset of commands from the OpenShift CLI (`oc`) tool
 * Does not support workload high availability (HA) or horizontal scalability with the addition of worker nodes
 
 .{product-title} differences from {oke}.
-image::311_RHDevice_Edge_Overview_0223_2.png[<{product-title} is tasked with only the Kubernetes cluster capabilities of networking, ingress, storage, helm, with the additional Kubernetes functions of orchestration and security, as the following diagram illustrates.>]
+image::311_RHDevice_Edge_Overview_0223_2.png[<{microshift-short} is tasked with only the Kubernetes cluster capabilities of networking, ingress, storage, helm, with the additional Kubernetes functions of orchestration and security, as the following diagram illustrates.>]
 
 Figure 2 shows that {oke} has the same cluster capabilities as {product-title}, and adds the following:
 
@@ -58,12 +58,12 @@ Figure 2 shows that {oke} has the same cluster capabilities as {product-title},
 * Cloud Integration
 * Virtual Machines (VMs) through {VirtProductName}
 
-In {oke} and other {OCP} deployments, all of the components from the operating system through the cluster capabilities work as one comprehensive unit, with full cluster services for a multi-node Kubernetes workload. With {product-title}, functions such as over-the-air-updates, monitoring, and logging, are performed by the operating system.
+In {oke} and other {OCP} deployments, all of the components from the operating system through the cluster capabilities work as one comprehensive unit, with full cluster services for a multi-node Kubernetes workload. With {microshift-short}, functions such as over-the-air-updates, monitoring, and logging, are performed by the operating system.
 
 [id="microshift-openshift-apis_{context}"]
-== {product-title} OpenShift APIs
+== {microshift-short} OpenShift APIs
 
-In addition to standard Kubernetes APIs, {product-title} includes a small subset of the APIs supported by {OCP}.
+In addition to standard Kubernetes APIs, {microshift-short} includes a small subset of the APIs supported by {OCP}.
 
 [cols="1,1",options="header"]
 |===
@@ -74,4 +74,8 @@ In addition to standard Kubernetes APIs, {product-title} includes a small subset
 | security.openshift.io/v1
 |===
 
-include::modules/microshift-k8s-apis.adoc[leveloffset=+1]
\ No newline at end of file
+include::modules/microshift-k8s-apis.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_rest_api/index.adoc#api-index[API index]
\ No newline at end of file
diff --git a/microshift_getting_started/microshift-understanding.adoc b/microshift_getting_started/microshift-understanding.adoc
index 1cd5f1b01264..7e7c3b6b6632 100644
--- a/microshift_getting_started/microshift-understanding.adoc
+++ b/microshift_getting_started/microshift-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="con-microshift-understanding"]
 = Understanding {product-title}
 include::_attributes/attributes-microshift.adoc[]
@@ -6,6 +6,6 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-Get an overview of what you can do with {product-title}, a Kubernetes distribution derived from {OCP} that is designed for optimizing small form factor devices and edge computing.
+Get an overview of what you can do with {microshift-short}, a Kubernetes distribution derived from {OCP} that is designed for optimizing small form factor devices and edge computing.
 
 include::modules/microshift-about.adoc[leveloffset=+1]
diff --git a/microshift_install/microshift-deploy-with-mirror-registry.adoc b/microshift_install/microshift-deploy-with-mirror-registry.adoc
new file mode 100644
index 000000000000..8651c78615cd
--- /dev/null
+++ b/microshift_install/microshift-deploy-with-mirror-registry.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-deploy-with-mirror-registry"]
+= Mirroring container images for disconnected installations
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-deployment-mirror
+
+toc::[]
+
+You can use a custom container registry when you deploy {microshift-short} in an air-gapped network. Running your cluster in a restricted network without direct internet connectivity is possible by installing the cluster from a mirrored set of container images in a private registry.
+
+include::modules/microshift-mirror-container-images.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.openshift.com/container-platform/{ocp-version}/installing/disconnected_install/installing-mirroring-creating-registry.html[Creating a mirror registry with mirror registry for Red Hat OpenShift]
+
+include::modules/microshift-get-mirror-reg-container-image-list.adoc[leveloffset=+1]
+
+include::modules/microshift-mirroring-prereqs.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/installing/disconnected-installation-mirroring#installation-adding-registry-pull-secret_installing-mirroring-disconnected[Configuring credentials that allow images to be mirrored]
+
+include::modules/microshift-downloading-container-images.adoc[leveloffset=+1]
+
+include::modules/microshift-uploading-images-to-mirror.adoc[leveloffset=+1]
+
+include::modules/microshift-configuring-hosts-for-mirror.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc b/microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc
new file mode 100644
index 000000000000..4021be46ced5
--- /dev/null
+++ b/microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc
@@ -0,0 +1,36 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-embed-in-rpm-ostree-for-offline-use"]
+= Embedding in a {op-system-ostree} image for offline use
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-embed-rpm-ostree-offline-use
+
+toc::[]
+
+Embedding {microshift-short} containers in an `rpm-ostree` commit means that you can run a cluster in air-gapped, disconnected, or offline environments. You can embed {product-title} containers in a {op-system-ostree-first} image so that container engines do not need to pull images over a network from a container registry. Workloads can start up immediately without network connectivity.
+
+include::modules/microshift-install-system-requirements.adoc[leveloffset=+1]
+
+[id="embed-offline-rhde-compatibility-table"]
+== Compatibility table
+
+Plan to pair a supported version of {op-system-ostree} with the {microshift-short} version you are using as described in the following compatibility table:
+
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
+
+include::modules/microshift-embed-microshift-image-offline-deploy.adoc[leveloffset=+1]
+
+include::modules/microshift-embed-microshift-update-osbuilder-worker.adoc[leveloffset=+1]
+
+include::modules/microshift-embed-microshift-build-image.adoc[leveloffset=+1]
+
+include::modules/microshift-adding-service-to-blueprint.adoc[leveloffset=+2]
+
+include::modules/microshift-creating-ostree-iso.adoc[leveloffset=+2]
+
+[id="additional-resources_microshift-embed-microshift-offline-deployments_{context}"]
+[role="_additional-resources"]
+== Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_a_customized_rhel_system_image/assembly_pushing-a-container-to-a-register-and-embedding-it-into-a-image_composing-a-customized-rhel-system-image#con_the-container-registry-credentials_assembly_pushing-a-container-to-a-register-and-embedding-it-into-a-image[Pushing a container to a registry and embedding it into an image]
+* link:https://www.osbuild.org/guides/image-builder-on-premises/container-auth.html[Container registry credentials]
+* xref:../microshift_networking/microshift-disconnected-network-config.adoc#microshift-disconnected-network-config[Configuring network settings for fully disconnected hosts]
diff --git a/microshift_install/microshift-embed-in-rpm-ostree.adoc b/microshift_install/microshift-embed-in-rpm-ostree.adoc
index 202e38dc9bd3..6bcce58cb6e5 100644
--- a/microshift_install/microshift-embed-in-rpm-ostree.adoc
+++ b/microshift_install/microshift-embed-in-rpm-ostree.adoc
@@ -1,14 +1,23 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-embed-in-rpm-ostree"]
-= Embedding {product-title} in a {op-system-ostree} image
+= Embedding in a {op-system-ostree} image
 include::_attributes/attributes-microshift.adoc[]
 :context: microshift-embed-in-rpm-ostree
 
 toc::[]
 
-You can embed {product-title} into a {op-system-ostree-first} {op-system-version} image. Use this guide to build a {op-system} image containing {product-title}.
+You can embed {microshift-short} into a {op-system-ostree-first} image. Use this guide to build a {op-system} image containing {microshift-short}.
 
-include::snippets/microshift-tech-preview-snip.adoc[leveloffset=+1]
+include::modules/microshift-install-system-requirements.adoc[leveloffset=+1]
+
+Plan to use a supported version of {op-system} paired with your version of {microshift-short} as described in the following table.
+
+[id="embed-ostree-rhde-compatibility-table"]
+== Compatibility table
+
+Plan to pair a supported version of {op-system-ostree} with the {microshift-short} version you are using as described in the following compatibility table:
+
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
 
 include::modules/microshift-preparing-for-image-building.adoc[leveloffset=+1]
 
@@ -23,6 +32,23 @@ include::modules/microshift-adding-repos-to-image-builder.adoc[leveloffset=+1]
 
 include::modules/microshift-adding-service-to-blueprint.adoc[leveloffset=+1]
 
+include::modules/microshift-adding-olm-to-blueprint.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_updating/microshift-update-rpms-ostree.adoc[Applying updates on an OSTree system]
+
+include::modules/microshift-ca-adding-bundle.adoc[leveloffset=+1]
+
+include::modules/microshift-ca-adding-bundle-ostree.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#microshift-creating-ostree-iso_microshift-embed-in-rpm-ostree[Creating the {op-system-ostree} image]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/securing_networks/using-shared-system-certificates_securing-networks[Using Shared System Certificates ({op-system-base} 9)]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_a_customized_rhel_system_image/creating-system-images-with-composer-command-line-interface_composing-a-customized-rhel-system-image#image-customizations_creating-system-images-with-composer-command-line-interface[Supported image customizations ({op-system-base} 9)]
+
 include::modules/microshift-creating-ostree-iso.adoc[leveloffset=+1]
 
 include::modules/microshift-add-blueprint-build-iso.adoc[leveloffset=+1]
@@ -32,7 +58,7 @@ include::modules/microshift-download-iso-prep-for-use.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images[Creating a RHEL for Edge Container blueprint using image builder CLI]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images[Creating a {op-system-ostree} Container blueprint using image builder CLI]
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images#image-customizations_composing-a-rhel-for-edge-image-using-image-builder-command-line[Supported image customizations]
 * link:https://www.osbuild.org/guides/image-builder-on-premises/building-ostree-images.html#building-ostree-image[Building ostree images]
 * link:https://www.osbuild.org/guides/image-builder-on-premises/blueprint-reference.html[Blueprint reference]
@@ -57,3 +83,7 @@ include::modules/microshift-accessing-cluster-locally.adoc[leveloffset=+2]
 include::modules/microshift-accessing-cluster-open-firewall.adoc[leveloffset=+2]
 
 include::modules/microshift-accessing-cluster-remotely.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_configuring/microshift-cluster-access-kubeconfig.adoc#microshift-kubeconfig-generating-remote-kcfiles_microshift-cluster-access-kubeconfig[Generating additional kubeconfig files for remote access]
\ No newline at end of file
diff --git a/microshift_install/microshift-fips.adoc b/microshift_install/microshift-fips.adoc
new file mode 100644
index 000000000000..1b36bb9c328c
--- /dev/null
+++ b/microshift_install/microshift-fips.adoc
@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-fips"]
+= Using FIPS mode with {microshift-short}
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-fips
+
+toc::[]
+
+You can use FIPS mode with RPM-based installations of {microshift-short} on {op-system-base-full} {op-system-version-major}.
+
+* To enable FIPS mode in {microshift-short} containers, the worker machine kernel must be enabled to run in FIPS mode before the machine starts.
+* Using FIPS with {op-system-ostree-first} images is not supported.
+
+include::modules/microshift-fips-rpm-system.adoc[leveloffset=+1]
+
+[id="additional-resources_microshift-fips_{context}"]
+[role="_additional-resources"]
+== Additional resources
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#enabling-fips-mode-in-a-container_using-the-system-wide-cryptographic-policies[Enabling FIPS mode in a container]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening#federal-information-processing-standards-140-and-fips-mode_assembly_installing-the-system-in-fips-mode[Federal Information Processing Standards 140 and FIPS mode]
\ No newline at end of file
diff --git a/microshift_install/microshift-greenboot.adoc b/microshift_install/microshift-greenboot.adoc
index 58070df51102..946413ec50a3 100644
--- a/microshift_install/microshift-greenboot.adoc
+++ b/microshift_install/microshift-greenboot.adoc
@@ -1,22 +1,25 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-greenboot"]
-= The greenboot health check
+= The Greenboot health check framework
 include::_attributes/attributes-microshift.adoc[]
 :context: microshift-greenboot
 
 toc::[]
 
-Greenboot is the generic health check framework for the `systemd` service on RPM-OSTree-based systems. The `microshift-greenboot` RPM and `greenboot-default-health-check` are optional RPM packages you can install. Greenboot is used to assess system health and automate a rollback to the last healthy state in the event of software trouble.
+Greenboot is the generic health check framework for the `systemd` service on `rpm-ostree` systems such as {op-system-ostree-first}. This framework is included in {microshift-short} installations with the `microshift-greenboot` and `greenboot-default-health-checks` RPM packages.
 
-This health check framework is especially useful when you need to check for software problems and perform system rollbacks on edge devices where direct serviceability is either limited or non-existent. When health check scripts are installed and configured, health checks run every time the system starts.
+Greenboot health checks run at various times to assess system health and automate a rollback to the last healthy state in the event of software trouble, for example:
 
-Using greenboot can reduce your risk of being locked out of edge devices during updates and prevent a significant interruption of service if an update fails. When a failure is detected, the system boots into the last known working configuration using the `rpm-ostree` rollback capability.
+* Default health check scripts run each time the system starts.
+* In addition the to the default health checks, you can write, install, and configure application health check scripts to also run every time the system starts.
+* Greenboot can reduce your risk of being locked out of edge devices during updates and prevent a significant interruption of service if an update fails.
+* When a failure is detected, the system boots into the last known working configuration using the `rpm-ostree` rollback capability. This feature is especially useful automation for edge devices where direct serviceability is either limited or non-existent.
 
-A {product-title} health check script is included in the `microshift-greenboot` RPM. The `greenboot-default-health-check` RPM includes health check scripts verifying that DNS and `ostree` services are accessible. You can also create your own health check scripts based on the workloads you are running. You can write one that verifies that an application has started, for example.
+A {microshift-short} application health check script is included in the `microshift-greenboot` RPM. The `greenboot-default-health-checks` RPM includes health check scripts verifying that DNS and `ostree` services are accessible. You can create your own health check scripts for the workloads you are running. You can write one that verifies that an application has started, for example.
 
 [NOTE]
 ====
-Rollback is not possible in the case of an update failure on a system not using OSTree. This is true even though health checks might run.
+Rollback is not possible in the case of an update failure on a system not using `rpm-ostree`. This is true even though health checks might run.
 ====
 
 include::modules/microshift-greenboot-dir-structure.adoc[leveloffset=+1]
@@ -39,6 +42,7 @@ include::modules/microshift-greenboot-prerollback-log.adoc[leveloffset=+1]
 
 include::modules/microshift-greenboot-check-update.adoc[leveloffset=+1]
 
-//[role="_additional-resources_microshift-greenboot"]
-//.Additional resources
-//once the greenboot application health check is merged, an assembly-level xref can go here
\ No newline at end of file
+[id="additional-resources_microshift-greenboot_{context}"]
+[role="_additional-resources_microshift-greenboot"]
+== Additional resources
+* xref:../microshift_running_apps/microshift-greenboot-workload-scripts.adoc#microshift-greenboot-workload-scripts[Greenboot workload health check scripts]
\ No newline at end of file
diff --git a/microshift_install/microshift-install-rpm.adoc b/microshift_install/microshift-install-rpm.adoc
index abd5e837642f..2bb714d890ed 100644
--- a/microshift_install/microshift-install-rpm.adoc
+++ b/microshift_install/microshift-install-rpm.adoc
@@ -1,21 +1,32 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-install-rpm"]
-= Installing {product-title} from an RPM package
+= Installing from an RPM package
 include::_attributes/attributes-microshift.adoc[]
 :context: microshift-install-rpm
 
 toc::[]
 
-You can install {product-title} from an RPM package on a machine with {op-system-base-full} {op-system-version}.
-
-include::snippets/microshift-tech-preview-snip.adoc[leveloffset=+1]
+You can install {microshift-short} from an RPM package on a machine with a supported version of {op-system-base-full}.
 
 include::modules/microshift-install-system-requirements.adoc[leveloffset=+1]
 
+[id="install-rpm-rhde-compatibility-table"]
+== Compatibility table
+
+Plan to pair a supported version of {op-system-ostree} with the {microshift-short} version you are using as described in the following compatibility table:
+
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
+
 include::modules/microshift-install-rpm-before.adoc[leveloffset=+1]
 
+//additional resources for install rpm before module
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_install/microshift-fips.adoc#microshift-fips[Using FIPS mode with {microshift-short}]
+
 include::modules/microshift-install-rpm-preparing.adoc[leveloffset=+1]
 
+//additional resources for install rpm prep module
 [role="_additional-resources"]
 .Additional resources
 * Download the link:https://console.redhat.com/openshift/install/pull-secret[pull secret] from the Red Hat Hybrid Cloud Console.
@@ -26,6 +37,11 @@ include::modules/microshift-install-rpm-preparing.adoc[leveloffset=+1]
 
 include::modules/microshift-install-rpms.adoc[leveloffset=+1]
 
+include::modules/microshift-install-rpms-olm.adoc[leveloffset=+1]
+
+//TODO: Additional resources section that includes OLM resources when docs are complete
+
+//additional resources for install rpms module
 [role="_additional-resources"]
 .Additional resources
 * xref:../microshift_install/microshift-install-rpm.adoc#microshift-install-system-requirements_microshift-install-rpm[System requirements for installing MicroShift].
@@ -37,6 +53,7 @@ include::modules/microshift-service-stopping.adoc[leveloffset=+1]
 
 include::modules/microshift-accessing.adoc[leveloffset=+1]
 
+//additional resources for accessing module
 [role="_additional-resources"]
 .Additional resources
 * xref:../microshift_cli_ref/microshift-oc-cli-install.adoc#microshift-oc-cli-install[Installing the OpenShift CLI tool].
@@ -45,6 +62,4 @@ include::modules/microshift-accessing-cluster-locally.adoc[leveloffset=+2]
 
 include::modules/microshift-accessing-cluster-open-firewall.adoc[leveloffset=+2]
 
-include::modules/microshift-accessing-cluster-remotely.adoc[leveloffset=+2]
-
-//note: additional resources are deliberately set without ID and context so that they trail modules; these are not intended to appear as assembly-level additional resources
\ No newline at end of file
+include::modules/microshift-accessing-cluster-remotely.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/microshift_install/microshift-installing-troubleshooting.adoc b/microshift_install/microshift-installing-troubleshooting.adoc
new file mode 100644
index 000000000000..32f291e28d8d
--- /dev/null
+++ b/microshift_install/microshift-installing-troubleshooting.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-installing-troubleshooting"]
+= Troubleshooting installation issues
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-installing-troubleshooting
+
+toc::[]
+
+To troubleshoot a failed {microshift-short} installation, you can run an sos report. Use the `sos report` command to generate a detailed report that shows all of the enabled plugins and data from the different components and applications in a system.
+
+include::modules/microshift-gathering-sos-report.adoc[leveloffset=+1]
+
+[id="additional-resources_microshift-installing-troubleshooting_{context}"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../microshift_support/microshift-sos-report.adoc#microshift-sos-report[About {microshift-short} sos reports]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/getting_the_most_from_your_support_experience/generating-an-sos-report-for-technical-support_getting-the-most-from-your-support-experience[Generating an sos report for technical support]
\ No newline at end of file
diff --git a/microshift_networking/microshift-cni.adoc b/microshift_networking/microshift-cni.adoc
new file mode 100644
index 000000000000..8fb16783cf12
--- /dev/null
+++ b/microshift_networking/microshift-cni.adoc
@@ -0,0 +1,72 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-cni"]
+= About the OVN-Kubernetes network plugin
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-about-ovn-k-plugin
+
+toc::[]
+
+The OVN-Kubernetes Container Network Interface (CNI) plugin is the default networking solution for {microshift-short} clusters. OVN-Kubernetes is a virtualized network for pods and services that is based on Open Virtual Network (OVN).
+
+* Default network configuration and connections are applied automatically in {microshift-short} with the `microshift-networking` RPM during installation.
+* A cluster that uses the OVN-Kubernetes network plugin also runs Open vSwitch (OVS) on the node.
+* OVN-K configures OVS on the node to implement the declared network configuration.
+* Host physical interfaces are not bound by default to the OVN-K gateway bridge, `br-ex`. You can use standard tools on the host for managing the default gateway, such as the Network Manager CLI (`nmcli`).
+* Changing the CNI is not supported on {microshift-short}.
+
+Using configuration files or custom scripts, you can configure the following networking settings:
+
+* You can use subnet CIDR ranges to allocate IP addresses to pods.
+* You can change the maximum transmission unit (MTU) value.
+* You can configure firewall ingress and egress.
+* You can define network policies in the {microshift-short} cluster, including ingress and egress rules.
+
+include::modules/microshift-cni-customization-matrix.adoc[leveloffset=+1]
+
+include::modules/microshift-default-settings.adoc[leveloffset=+2]
+
+[id="microshift-network-features_{context}"]
+== Network features
+Networking features available with {microshift-short} {product-version} include:
+
+* Kubernetes network policy
+* Dynamic node IP
+* Custom gateway interface
+* Second gateway interface
+* Cluster network on specified host interface
+* Blocking external access to NodePort service on specific host interfaces
+
+Networking features not available with {microshift-short} {product-version}:
+
+* Egress IP/firewall/QoS: disabled
+* Hybrid networking: not supported
+* IPsec: not supported
+* Hardware offload: not supported
+
+[id="_additional-resources_microshift-cni_{context}"]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../microshift_configuring/microshift-using-config-tools.adoc#microshift-using-config-tools_microshift-config-yaml[Using a YAML configuration file]
+
+* xref:../microshift_networking/microshift-networking-settings.adoc#microshift-config-OVN-K_microshift-networking[Understanding networking settings]
+
+[id="microshift-ip-forward_{context}"]
+== IP forward
+The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a cluster fails if `ip_forward` is disabled.
+
+[id="microshift-network-performance_{context}"]
+== Network performance optimizations
+By default, three performance optimizations are applied to OVS services to minimize resource consumption:
+
+* CPU affinity to `ovs-vswitchd.service` and `ovsdb-server.service`
+* `no-mlockall` to `openvswitch.service`
+* Limit handler and `revalidator` threads to `ovs-vswitchd.service`
+
+include::modules/microshift-nw-components-svcs.adoc[leveloffset=+1]
+
+[id="microshift-bridge-mapping_{context}"]
+== Bridge mappings
+Bridge mappings allow provider network traffic to reach the physical network. Traffic leaves the provider network and arrives at the `br-int` bridge. A patch port between `br-int` and `br-ex` then allows the traffic to traverse to and from the provider network and the edge network. Kubernetes pods are connected to the `br-int` bridge through virtual ethernet pair: one end of the virtual ethernet pair is attached to the pod namespace, and the other end is attached to the `br-int` bridge.
+
+include::modules/microshift-nw-topology.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_networking/microshift-disconnected-network-config.adoc b/microshift_networking/microshift-disconnected-network-config.adoc
new file mode 100644
index 000000000000..11b7d7883a05
--- /dev/null
+++ b/microshift_networking/microshift-disconnected-network-config.adoc
@@ -0,0 +1,14 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-disconnected-network-config"]
+= Configuring network settings for fully disconnected hosts
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-networking-disconnected-hosts
+toc::[]
+
+Learn how to apply networking customization and settings to run {microshift-short} on fully disconnected hosts. A disconnected host should be the {op-system-base-full} operating system, versions 9.0+, whether real or virtual, that runs without network connectivity.
+
+include::modules/microshift-disconnected-host-con.adoc[leveloffset=+1]
+
+include::modules/microshift-undo-network-config.adoc[leveloffset=+1]
+
+include::modules/microshift-disconnected-host-procedure.adoc[leveloffset=+1]
diff --git a/microshift_networking/microshift-firewall.adoc b/microshift_networking/microshift-firewall.adoc
index ccd6d7bba098..2b0b32ba0ffb 100644
--- a/microshift_networking/microshift-firewall.adoc
+++ b/microshift_networking/microshift-firewall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-using-a-firewall"]
 = Using a firewall
 include::_attributes/attributes-microshift.adoc[]
@@ -6,27 +6,33 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-Firewalls are not required in {product-title}, but using a firewall can prevent undesired access to the {product-title} API.
+Firewalls are not required in {microshift-short}, but using a firewall can prevent undesired access to the {microshift-short} API.
 
 include::modules/microshift-firewall-about.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
-[id="additional-resources"]
 .Additional resources
 
 * xref:../microshift_networking/microshift-firewall.adoc#microshift-firewall-req-settings_microshift-firewall[Required firewall settings]
 * xref:..//microshift_networking/microshift-firewall.adoc#microshift-firewall-allow-traffic_microshift-firewall[Allowing network traffic through the firewall]
 
 include::modules/microshift-firewalld-install.adoc[leveloffset=+1]
+
 include::modules/microshift-firewall-req-settings.adoc[leveloffset=+1]
+
 include::modules/microshift-firewall-opt-settings.adoc[leveloffset=+1]
+
 include::modules/microshift-firewall-allow-traffic.adoc[leveloffset=+1]
+
 include::modules/microshift-firewall-apply-settings.adoc[leveloffset=+1]
+
 include::modules/microshift-firewall-verify-settings.adoc[leveloffset=+1]
 
+include::modules/microshift-firewall-update-for-service.adoc[leveloffset=+1]
+
+[id="additional-resources_microshift-using-a-firewall_{context}"]
 [role="_additional-resources"]
-[id="additional-resources_microshift-using-a-firewall"]
-.Additional resources
+== Additional resources
 
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_firewalls_and_packet_filters/using-and-configuring-firewalld_firewall-packet-filters[RHEL: Using and configuring firewalld]
 
diff --git a/microshift_networking/microshift-networking-settings.adoc b/microshift_networking/microshift-networking-settings.adoc
new file mode 100644
index 000000000000..a83f61ec4fcf
--- /dev/null
+++ b/microshift_networking/microshift-networking-settings.adoc
@@ -0,0 +1,48 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-understanding-networking-settings"]
+= Understanding networking settings
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-networking
+
+toc::[]
+
+Learn how to apply networking customization and default settings to {microshift-short} deployments. Each node is contained to a single machine and single {microshift-short}, so each deployment requires individual configuration, pods, and settings.
+
+Cluster Administrators have several options for exposing applications that run inside a cluster to external traffic and securing network connections:
+
+* A service such as NodePort
+
+* API resources, such as `Ingress` and `Route`
+
+By default, Kubernetes allocates each pod an internal IP address for applications running within the pod. Pods and their containers can have traffic between them, but clients outside the cluster do not have direct network access to pods except when exposed with a service such as NodePort.
+
+[NOTE]
+====
+To troubleshoot connection problems with the NodePort service, read about the known issue in the Release Notes.
+====
+
+include::modules/microshift-configuring-ovn.adoc[leveloffset=+1]
+
+include::modules/microshift-restart-ovnkube-master.adoc[leveloffset=+1]
+
+include::modules/microshift-http-proxy.adoc[leveloffset=+1]
+
+include::modules/microshift-rpm-ostree-https.adoc[leveloffset=+1]
+
+include::modules/microshift-cri-o-container-runtime.adoc[leveloffset=+1]
+
+include::modules/microshift-ovs-snapshot.adoc[leveloffset=+1]
+
+include::modules/microshift-deploying-a-load-balancer.adoc[leveloffset=+1]
+
+include::modules/microshift-blocking-nodeport-access.adoc[leveloffset=+1]
+
+include::modules/microshift-mDNS.adoc[leveloffset=+1]
+
+include::modules/microshift-exposed-audit-ports.adoc[leveloffset=+1]
+
+include::modules/microshift-exposed-audit-ports-hostnetwork.adoc[leveloffset=+1]
+
+include::modules/microshift-exposed-audit-ports-hostport.adoc[leveloffset=+1]
+
+include::modules/microshift-exposed-audit-ports-loadbalancer.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_networking/microshift-networking.adoc b/microshift_networking/microshift-networking.adoc
deleted file mode 100644
index ba1bdbd99cbd..000000000000
--- a/microshift_networking/microshift-networking.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-:_content-type: ASSEMBLY
-[id="microshift-applying-networking-settings"]
-= Understanding networking settings
-include::_attributes/attributes-microshift.adoc[]
-:context: microshift-networking
-
-toc::[]
-
-Learn how to apply networking customization and default settings to {product-title} deployments. Each node is contained to a single machine and single {product-title}, so each deployment requires individual configuration, pods, and settings.
-
-Cluster Administrators have several options for exposing applications that run inside a cluster to external traffic and securing network connections:
-
-* A service such as NodePort
-
-* API resources, such as `Ingress` and `Route`
-
-By default, Kubernetes allocates each pod an internal IP address for applications running within the pod. Pods and their containers can have traffic between them, but clients outside the cluster do not have direct network access to pods except when exposed with a service such as NodePort.
-
-[NOTE]
-====
-To troubleshoot connection problems with the NodePort service, read about the known issue in the Release Notes.
-====
-
-include::modules/microshift-cni.adoc[leveloffset=+1]
-
-include::modules/microshift-configuring-ovn.adoc[leveloffset=+1]
-
-include::modules/microshift-restart-ovnkube-master.adoc[leveloffset=+1]
-
-include::modules/microshift-http-proxy.adoc[leveloffset=+1]
-
-include::modules/microshift-rpm-ostree-https.adoc[leveloffset=+1]
-
-include::modules/microshift-cri-o-container-runtime.adoc[leveloffset=+1]
-
-include::modules/microshift-ovs-snapshot.adoc[leveloffset=+1]
-
-include::modules/microshift-deploying-a-load-balancer.adoc[leveloffset=+1]
-
-include::modules/microshift-blocking-nodeport-access.adoc[leveloffset=+1]
-
-include::modules/microshift-mDNS.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources_microshift-understanding-networking-settings"]
-.Additional resources
-
-* xref:../microshift_release_notes/microshift-4-14-release-notes.adoc#microshift-4-14-known-issues[{product-title} {product-version} release notes --> Known issues]
diff --git a/microshift_release_notes/microshift-4-15-release-notes.adoc b/microshift_release_notes/microshift-4-15-release-notes.adoc
new file mode 100644
index 000000000000..f6260d29b8ff
--- /dev/null
+++ b/microshift_release_notes/microshift-4-15-release-notes.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-4-15-release-notes"]
+= {product-title} {product-version} release notes
+include::_attributes/attributes-microshift.adoc[]
+:context: release-notes
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+Release note changes should be added/edited in their own PR.
+
+This file is here to allow builds to work.
diff --git a/microshift_rest_api/_attributes b/microshift_rest_api/_attributes
new file mode 120000
index 000000000000..93957f02273f
--- /dev/null
+++ b/microshift_rest_api/_attributes
@@ -0,0 +1 @@
+../_attributes
\ No newline at end of file
diff --git a/microshift_rest_api/api_extensions_apis/api-extensions-apis-index.adoc b/microshift_rest_api/api_extensions_apis/api-extensions-apis-index.adoc
new file mode 100644
index 000000000000..c7e49b6017b1
--- /dev/null
+++ b/microshift_rest_api/api_extensions_apis/api-extensions-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="api-extensions-apis"]
+= API Extensions APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== CustomResourceDefinition [apiextensions.k8s.io/v1]
+
+Description::
++
+--
+CustomResourceDefinition represents a resource that should be exposed on the API server.  Its name MUST be in the format <.spec.name>.<.spec.group>.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc b/microshift_rest_api/api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc
new file mode 100644
index 000000000000..2eb0604a8be0
--- /dev/null
+++ b/microshift_rest_api/api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc
@@ -0,0 +1,1349 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="customresourcedefinition-apiextensions-k8s-io-v1"]
+= CustomResourceDefinition [apiextensions.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+CustomResourceDefinition represents a resource that should be exposed on the API server.  Its name MUST be in the format <.spec.name>.<.spec.group>.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| CustomResourceDefinitionSpec describes how a user wants their resource to appear
+
+| `status`
+| `object`
+| CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition
+
+|===
+=== .spec
+Description::
++
+--
+CustomResourceDefinitionSpec describes how a user wants their resource to appear
+--
+
+Type::
+  `object`
+
+Required::
+  - `group`
+  - `names`
+  - `scope`
+  - `versions`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conversion`
+| `object`
+| CustomResourceConversion describes how to convert different versions of a CR.
+
+| `group`
+| `string`
+| group is the API group of the defined custom resource. The custom resources are served under `/apis/<group>/...`. Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
+
+| `names`
+| `object`
+| CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
+
+| `preserveUnknownFields`
+| `boolean`
+| preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details.
+
+| `scope`
+| `string`
+| scope indicates whether the defined custom resource is cluster- or namespace-scoped. Allowed values are `Cluster` and `Namespaced`.
+
+| `versions`
+| `array`
+| versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+
+| `versions[]`
+| `object`
+| CustomResourceDefinitionVersion describes a version for CRD.
+
+|===
+=== .spec.conversion
+Description::
++
+--
+CustomResourceConversion describes how to convert different versions of a CR.
+--
+
+Type::
+  `object`
+
+Required::
+  - `strategy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `strategy`
+| `string`
+| strategy specifies how custom resources are converted between versions. Allowed values are: - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
+  is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
+
+| `webhook`
+| `object`
+| WebhookConversion describes how to call a conversion webhook
+
+|===
+=== .spec.conversion.webhook
+Description::
++
+--
+WebhookConversion describes how to call a conversion webhook
+--
+
+Type::
+  `object`
+
+Required::
+  - `conversionReviewVersions`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientConfig`
+| `object`
+| WebhookClientConfig contains the information to make a TLS connection with the webhook.
+
+| `conversionReviewVersions`
+| `array (string)`
+| conversionReviewVersions is an ordered list of preferred `ConversionReview` versions the Webhook expects. The API server will use the first version in the list which it supports. If none of the versions specified in this list are supported by API server, conversion will fail for the custom resource. If a persisted Webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail.
+
+|===
+=== .spec.conversion.webhook.clientConfig
+Description::
++
+--
+WebhookClientConfig contains the information to make a TLS connection with the webhook.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `caBundle`
+| `string`
+| caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+
+| `service`
+| `object`
+| ServiceReference holds a reference to Service.legacy.k8s.io
+
+| `url`
+| `string`
+| url gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
+
+The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
+
+Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
+
+The scheme must be "https"; the URL must begin with "https://".
+
+A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
+
+Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+|===
+=== .spec.conversion.webhook.clientConfig.service
+Description::
++
+--
+ServiceReference holds a reference to Service.legacy.k8s.io
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the service. Required
+
+| `namespace`
+| `string`
+| namespace is the namespace of the service. Required
+
+| `path`
+| `string`
+| path is an optional URL path at which the webhook will be contacted.
+
+| `port`
+| `integer`
+| port is an optional service port at which the webhook will be contacted. `port` should be a valid port number (1-65535, inclusive). Defaults to 443 for backward compatibility.
+
+|===
+=== .spec.names
+Description::
++
+--
+CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
+--
+
+Type::
+  `object`
+
+Required::
+  - `plural`
+  - `kind`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `categories`
+| `array (string)`
+| categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.
+
+| `kind`
+| `string`
+| kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls.
+
+| `listKind`
+| `string`
+| listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".
+
+| `plural`
+| `string`
+| plural is the plural name of the resource to serve. The custom resources are served under `/apis/<group>/<version>/.../<plural>`. Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`). Must be all lowercase.
+
+| `shortNames`
+| `array (string)`
+| shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get <shortname>`. It must be all lowercase.
+
+| `singular`
+| `string`
+| singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.
+
+|===
+=== .spec.versions
+Description::
++
+--
+versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.versions[]
+Description::
++
+--
+CustomResourceDefinitionVersion describes a version for CRD.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `served`
+  - `storage`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `additionalPrinterColumns`
+| `array`
+| additionalPrinterColumns specifies additional columns returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. If no columns are specified, a single column displaying the age of the custom resource is used.
+
+| `additionalPrinterColumns[]`
+| `object`
+| CustomResourceColumnDefinition specifies a column for server side printing.
+
+| `deprecated`
+| `boolean`
+| deprecated indicates this version of the custom resource API is deprecated. When set to true, API requests to this version receive a warning header in the server response. Defaults to false.
+
+| `deprecationWarning`
+| `string`
+| deprecationWarning overrides the default warning returned to API clients. May only be set when `deprecated` is true. The default warning indicates this version is deprecated and recommends use of the newest served version of equal or greater stability, if one exists.
+
+| `name`
+| `string`
+| name is the version name, e.g. “v1”, “v2beta1”, etc. The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
+
+| `schema`
+| `object`
+| CustomResourceValidation is a list of validation methods for CustomResources.
+
+| `served`
+| `boolean`
+| served is a flag enabling/disabling this version from being served via REST APIs
+
+| `storage`
+| `boolean`
+| storage indicates this version should be used when persisting custom resources to storage. There must be exactly one version with storage=true.
+
+| `subresources`
+| `object`
+| CustomResourceSubresources defines the status and scale subresources for CustomResources.
+
+|===
+=== .spec.versions[].additionalPrinterColumns
+Description::
++
+--
+additionalPrinterColumns specifies additional columns returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. If no columns are specified, a single column displaying the age of the custom resource is used.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.versions[].additionalPrinterColumns[]
+Description::
++
+--
+CustomResourceColumnDefinition specifies a column for server side printing.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `type`
+  - `jsonPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `description`
+| `string`
+| description is a human readable description of this column.
+
+| `format`
+| `string`
+| format is an optional OpenAPI type definition for this column. The 'name' format is applied to the primary identifier column to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+
+| `jsonPath`
+| `string`
+| jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against each custom resource to produce the value for this column.
+
+| `name`
+| `string`
+| name is a human readable name for the column.
+
+| `priority`
+| `integer`
+| priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a priority greater than 0.
+
+| `type`
+| `string`
+| type is an OpenAPI type definition for this column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+
+|===
+=== .spec.versions[].schema
+Description::
++
+--
+CustomResourceValidation is a list of validation methods for CustomResources.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `openAPIV3Schema`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`JSONSchemaProps`]
+| openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.
+
+|===
+=== .spec.versions[].subresources
+Description::
++
+--
+CustomResourceSubresources defines the status and scale subresources for CustomResources.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `scale`
+| `object`
+| CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.
+
+| `status`
+| `object`
+| CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. Status is represented by the `.status` JSON path inside of a CustomResource. When set, * exposes a /status subresource for the custom resource * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza
+
+|===
+=== .spec.versions[].subresources.scale
+Description::
++
+--
+CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.
+--
+
+Type::
+  `object`
+
+Required::
+  - `specReplicasPath`
+  - `statusReplicasPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelectorPath`
+| `string`
+| labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status` or `.spec`. Must be set to work with HorizontalPodAutoscaler. The field pointed by this JSON path must be a string field (not a complex selector struct) which contains a serialized label selector in string form. More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` subresource will default to the empty string.
+
+| `specReplicasPath`
+| `string`
+| specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.spec`. If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.
+
+| `statusReplicasPath`
+| `string`
+| statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status`. If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource will default to 0.
+
+|===
+=== .spec.versions[].subresources.status
+Description::
++
+--
+CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. Status is represented by the `.status` JSON path inside of a CustomResource. When set, * exposes a /status subresource for the custom resource * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza
+--
+
+Type::
+  `object`
+
+
+
+
+=== .status
+Description::
++
+--
+CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `acceptedNames`
+| `object`
+| CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
+
+| `conditions`
+| `array`
+| conditions indicate state for particular aspects of a CustomResourceDefinition
+
+| `conditions[]`
+| `object`
+| CustomResourceDefinitionCondition contains details for the current condition of this pod.
+
+| `storedVersions`
+| `array (string)`
+| storedVersions lists all versions of CustomResources that were ever persisted. Tracking these versions allows a migration path for stored versions in etcd. The field is mutable so a migration controller can finish a migration to another version (ensuring no old objects are left in storage), and then remove the rest of the versions from this list. Versions may not be removed from `spec.versions` while they exist in this list.
+
+|===
+=== .status.acceptedNames
+Description::
++
+--
+CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition
+--
+
+Type::
+  `object`
+
+Required::
+  - `plural`
+  - `kind`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `categories`
+| `array (string)`
+| categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.
+
+| `kind`
+| `string`
+| kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls.
+
+| `listKind`
+| `string`
+| listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".
+
+| `plural`
+| `string`
+| plural is the plural name of the resource to serve. The custom resources are served under `/apis/<group>/<version>/.../<plural>`. Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`). Must be all lowercase.
+
+| `shortNames`
+| `array (string)`
+| shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get <shortname>`. It must be all lowercase.
+
+| `singular`
+| `string`
+| singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions indicate state for particular aspects of a CustomResourceDefinition
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+CustomResourceDefinitionCondition contains details for the current condition of this pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastTransitionTime last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| message is a human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| reason is a unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| status is the status of the condition. Can be True, False, Unknown.
+
+| `type`
+| `string`
+| type is the type of the condition. Types include Established, NamesAccepted and Terminating.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apiextensions.k8s.io/v1/customresourcedefinitions`
+- `DELETE`: delete collection of CustomResourceDefinition
+- `GET`: list or watch objects of kind CustomResourceDefinition
+- `POST`: create a CustomResourceDefinition
+* `/apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions`
+- `GET`: watch individual changes to a list of CustomResourceDefinition. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}`
+- `DELETE`: delete a CustomResourceDefinition
+- `GET`: read the specified CustomResourceDefinition
+- `PATCH`: partially update the specified CustomResourceDefinition
+- `PUT`: replace the specified CustomResourceDefinition
+* `/apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions/{name}`
+- `GET`: watch changes to an object of kind CustomResourceDefinition. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status`
+- `GET`: read status of the specified CustomResourceDefinition
+- `PATCH`: partially update status of the specified CustomResourceDefinition
+- `PUT`: replace status of the specified CustomResourceDefinition
+
+
+=== /apis/apiextensions.k8s.io/v1/customresourcedefinitions
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionList[`CustomResourceDefinitionList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 201 - Created
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 202 - Accepted
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CustomResourceDefinition. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CustomResourceDefinition
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified CustomResourceDefinition
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 201 - Created
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 201 - Created
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CustomResourceDefinition
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind CustomResourceDefinition. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CustomResourceDefinition
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified CustomResourceDefinition
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 201 - Created
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified CustomResourceDefinition
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 201 - Created
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`CustomResourceDefinition`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/api_registration_apis/api-registration-apis-index.adoc b/microshift_rest_api/api_registration_apis/api-registration-apis-index.adoc
new file mode 100644
index 000000000000..588dbc4f625f
--- /dev/null
+++ b/microshift_rest_api/api_registration_apis/api-registration-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="api-registration-apis"]
+= API Registration APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== APIService [apiregistration.k8s.io/v1]
+
+Description::
++
+--
+APIService represents a server for a particular GroupVersion. Name must be "version.group".
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc b/microshift_rest_api/api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc
new file mode 100644
index 000000000000..fb7cb0a27459
--- /dev/null
+++ b/microshift_rest_api/api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc
@@ -0,0 +1,919 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="apiservice-apiregistration-k8s-io-v1"]
+= APIService [apiregistration.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+APIService represents a server for a particular GroupVersion. Name must be "version.group".
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| APIServiceSpec contains information for locating and communicating with a server. Only https is supported, though you are able to disable certificate verification.
+
+| `status`
+| `object`
+| APIServiceStatus contains derived information about an API server
+
+|===
+=== .spec
+Description::
++
+--
+APIServiceSpec contains information for locating and communicating with a server. Only https is supported, though you are able to disable certificate verification.
+--
+
+Type::
+  `object`
+
+Required::
+  - `groupPriorityMinimum`
+  - `versionPriority`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `caBundle`
+| `string`
+| CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.
+
+| `group`
+| `string`
+| Group is the API group name this server hosts
+
+| `groupPriorityMinimum`
+| `integer`
+| GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object.  (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s
+
+| `insecureSkipTLSVerify`
+| `boolean`
+| InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged.  You should use the CABundle instead.
+
+| `service`
+| `object`
+| ServiceReference holds a reference to Service.legacy.k8s.io
+
+| `version`
+| `string`
+| Version is the API version this server hosts.  For example, "v1"
+
+| `versionPriority`
+| `integer`
+| VersionPriority controls the ordering of this API version inside of its group.  Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it's inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+
+|===
+=== .spec.service
+Description::
++
+--
+ServiceReference holds a reference to Service.legacy.k8s.io
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is the name of the service
+
+| `namespace`
+| `string`
+| Namespace is the namespace of the service
+
+| `port`
+| `integer`
+| If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+|===
+=== .status
+Description::
++
+--
+APIServiceStatus contains derived information about an API server
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| Current service state of apiService.
+
+| `conditions[]`
+| `object`
+| APIServiceCondition describes the state of an APIService at a particular point
+
+|===
+=== .status.conditions
+Description::
++
+--
+Current service state of apiService.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+APIServiceCondition describes the state of an APIService at a particular point
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| Human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| Unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status is the status of the condition. Can be True, False, Unknown.
+
+| `type`
+| `string`
+| Type is the type of the condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apiregistration.k8s.io/v1/apiservices`
+- `DELETE`: delete collection of APIService
+- `GET`: list or watch objects of kind APIService
+- `POST`: create an APIService
+* `/apis/apiregistration.k8s.io/v1/watch/apiservices`
+- `GET`: watch individual changes to a list of APIService. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apiregistration.k8s.io/v1/apiservices/{name}`
+- `DELETE`: delete an APIService
+- `GET`: read the specified APIService
+- `PATCH`: partially update the specified APIService
+- `PUT`: replace the specified APIService
+* `/apis/apiregistration.k8s.io/v1/watch/apiservices/{name}`
+- `GET`: watch changes to an object of kind APIService. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/apiregistration.k8s.io/v1/apiservices/{name}/status`
+- `GET`: read status of the specified APIService
+- `PATCH`: partially update status of the specified APIService
+- `PUT`: replace status of the specified APIService
+
+
+=== /apis/apiregistration.k8s.io/v1/apiservices
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceList[`APIServiceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 201 - Created
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 202 - Accepted
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiregistration.k8s.io/v1/watch/apiservices
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of APIService. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiregistration.k8s.io/v1/apiservices/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the APIService
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified APIService
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 201 - Created
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 201 - Created
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiregistration.k8s.io/v1/watch/apiservices/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the APIService
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind APIService. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apiregistration.k8s.io/v1/apiservices/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the APIService
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified APIService
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 201 - Created
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified APIService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 201 - Created
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`APIService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/apps_apis/apps-apis-index.adoc b/microshift_rest_api/apps_apis/apps-apis-index.adoc
new file mode 100644
index 000000000000..929e873fad4e
--- /dev/null
+++ b/microshift_rest_api/apps_apis/apps-apis-index.adoc
@@ -0,0 +1,68 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="apps-apis"]
+= Apps APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== ControllerRevision [apps/v1]
+
+Description::
++
+--
+ControllerRevision implements an immutable snapshot of state data. Clients are responsible for serializing and deserializing the objects that contain their internal state. Once a ControllerRevision has been successfully created, it can not be updated. The API Server will fail validation of all requests that attempt to mutate the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, it may be subject to name and representation changes in future releases, and clients should not depend on its stability. It is primarily for internal use by controllers.
+--
+
+Type::
+  `object`
+
+== DaemonSet [apps/v1]
+
+Description::
++
+--
+DaemonSet represents the configuration of a daemon set.
+--
+
+Type::
+  `object`
+
+== Deployment [apps/v1]
+
+Description::
++
+--
+Deployment enables declarative updates for Pods and ReplicaSets.
+--
+
+Type::
+  `object`
+
+== ReplicaSet [apps/v1]
+
+Description::
++
+--
+ReplicaSet ensures that a specified number of pod replicas are running at any given time.
+--
+
+Type::
+  `object`
+
+== StatefulSet [apps/v1]
+
+Description::
++
+--
+StatefulSet represents a set of pods with consistent identities. Identities are defined as:
+  - Network: A single stable DNS and hostname.
+  - Storage: As many VolumeClaims as requested.
+
+The StatefulSet guarantees that a given network identity will always map to the same storage identity.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/apps_apis/controllerrevision-apps-v1.adoc b/microshift_rest_api/apps_apis/controllerrevision-apps-v1.adoc
new file mode 100644
index 000000000000..8e39d025022d
--- /dev/null
+++ b/microshift_rest_api/apps_apis/controllerrevision-apps-v1.adoc
@@ -0,0 +1,817 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="controllerrevision-apps-v1"]
+= ControllerRevision [apps/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ControllerRevision implements an immutable snapshot of state data. Clients are responsible for serializing and deserializing the objects that contain their internal state. Once a ControllerRevision has been successfully created, it can not be updated. The API Server will fail validation of all requests that attempt to mutate the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, it may be subject to name and representation changes in future releases, and clients should not depend on its stability. It is primarily for internal use by controllers.
+--
+
+Type::
+  `object`
+
+Required::
+  - `revision`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `data`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`]
+| Data is the serialized representation of the state.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `revision`
+| `integer`
+| Revision indicates the revision of the state represented by Data.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apps/v1/controllerrevisions`
+- `GET`: list or watch objects of kind ControllerRevision
+* `/apis/apps/v1/watch/controllerrevisions`
+- `GET`: watch individual changes to a list of ControllerRevision. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/controllerrevisions`
+- `DELETE`: delete collection of ControllerRevision
+- `GET`: list or watch objects of kind ControllerRevision
+- `POST`: create a ControllerRevision
+* `/apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions`
+- `GET`: watch individual changes to a list of ControllerRevision. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}`
+- `DELETE`: delete a ControllerRevision
+- `GET`: read the specified ControllerRevision
+- `PATCH`: partially update the specified ControllerRevision
+- `PUT`: replace the specified ControllerRevision
+* `/apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions/{name}`
+- `GET`: watch changes to an object of kind ControllerRevision. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/apps/v1/controllerrevisions
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ControllerRevision
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.ControllerRevisionList[`ControllerRevisionList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/controllerrevisions
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ControllerRevision. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/controllerrevisions
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ControllerRevision
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ControllerRevision
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.ControllerRevisionList[`ControllerRevisionList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ControllerRevision
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 201 - Created
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 202 - Accepted
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ControllerRevision. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ControllerRevision
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ControllerRevision
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ControllerRevision
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ControllerRevision
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 201 - Created
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ControllerRevision
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 201 - Created
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`ControllerRevision`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ControllerRevision
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ControllerRevision. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/apps_apis/daemonset-apps-v1.adoc b/microshift_rest_api/apps_apis/daemonset-apps-v1.adoc
new file mode 100644
index 000000000000..0a9361e321d4
--- /dev/null
+++ b/microshift_rest_api/apps_apis/daemonset-apps-v1.adoc
@@ -0,0 +1,1167 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="daemonset-apps-v1"]
+= DaemonSet [apps/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+DaemonSet represents the configuration of a daemon set.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| DaemonSetSpec is the specification of a daemon set.
+
+| `status`
+| `object`
+| DaemonSetStatus represents the current status of a daemon set.
+
+|===
+=== .spec
+Description::
++
+--
+DaemonSetSpec is the specification of a daemon set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `selector`
+  - `template`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `minReadySeconds`
+| `integer`
+| The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
+
+| `revisionHistoryLimit`
+| `integer`
+| The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over pods that are managed by the daemon set. Must match in order to be controlled. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
+| `template`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
+| An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). The only allowed template.spec.restartPolicy value is "Always". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
+
+| `updateStrategy`
+| `object`
+| DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
+
+|===
+=== .spec.updateStrategy
+Description::
++
+--
+DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rollingUpdate`
+| `object`
+| Spec to control the desired behavior of daemon set rolling update.
+
+| `type`
+| `string`
+| Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+
+Possible enum values:
+ - `"OnDelete"` Replace the old daemons only when it's killed
+ - `"RollingUpdate"` Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
+
+|===
+=== .spec.updateStrategy.rollingUpdate
+Description::
++
+--
+Spec to control the desired behavior of daemon set rolling update.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `maxSurge`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.
+
+| `maxUnavailable`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
+
+|===
+=== .status
+Description::
++
+--
+DaemonSetStatus represents the current status of a daemon set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `currentNumberScheduled`
+  - `numberMisscheduled`
+  - `desiredNumberScheduled`
+  - `numberReady`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `collisionCount`
+| `integer`
+| Count of hash collisions for the DaemonSet. The DaemonSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
+
+| `conditions`
+| `array`
+| Represents the latest available observations of a DaemonSet's current state.
+
+| `conditions[]`
+| `object`
+| DaemonSetCondition describes the state of a DaemonSet at a certain point.
+
+| `currentNumberScheduled`
+| `integer`
+| The number of nodes that are running at least 1 daemon pod and are supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+
+| `desiredNumberScheduled`
+| `integer`
+| The total number of nodes that should be running the daemon pod (including nodes correctly running the daemon pod). More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+
+| `numberAvailable`
+| `integer`
+| The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and available (ready for at least spec.minReadySeconds)
+
+| `numberMisscheduled`
+| `integer`
+| The number of nodes that are running the daemon pod, but are not supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+
+| `numberReady`
+| `integer`
+| numberReady is the number of nodes that should be running the daemon pod and have one or more of the daemon pod running with a Ready Condition.
+
+| `numberUnavailable`
+| `integer`
+| The number of nodes that should be running the daemon pod and have none of the daemon pod running and available (ready for at least spec.minReadySeconds)
+
+| `observedGeneration`
+| `integer`
+| The most recent generation observed by the daemon set controller.
+
+| `updatedNumberScheduled`
+| `integer`
+| The total number of nodes that are running updated daemon pod
+
+|===
+=== .status.conditions
+Description::
++
+--
+Represents the latest available observations of a DaemonSet's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+DaemonSetCondition describes the state of a DaemonSet at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| A human readable message indicating details about the transition.
+
+| `reason`
+| `string`
+| The reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of DaemonSet condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apps/v1/daemonsets`
+- `GET`: list or watch objects of kind DaemonSet
+* `/apis/apps/v1/watch/daemonsets`
+- `GET`: watch individual changes to a list of DaemonSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/daemonsets`
+- `DELETE`: delete collection of DaemonSet
+- `GET`: list or watch objects of kind DaemonSet
+- `POST`: create a DaemonSet
+* `/apis/apps/v1/watch/namespaces/{namespace}/daemonsets`
+- `GET`: watch individual changes to a list of DaemonSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/daemonsets/{name}`
+- `DELETE`: delete a DaemonSet
+- `GET`: read the specified DaemonSet
+- `PATCH`: partially update the specified DaemonSet
+- `PUT`: replace the specified DaemonSet
+* `/apis/apps/v1/watch/namespaces/{namespace}/daemonsets/{name}`
+- `GET`: watch changes to an object of kind DaemonSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status`
+- `GET`: read status of the specified DaemonSet
+- `PATCH`: partially update status of the specified DaemonSet
+- `PUT`: replace status of the specified DaemonSet
+
+
+=== /apis/apps/v1/daemonsets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind DaemonSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.DaemonSetList[`DaemonSetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/daemonsets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of DaemonSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/daemonsets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.DaemonSetList[`DaemonSetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 201 - Created
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 202 - Accepted
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/daemonsets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of DaemonSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the DaemonSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified DaemonSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 201 - Created
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 201 - Created
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/daemonsets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the DaemonSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind DaemonSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the DaemonSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified DaemonSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 201 - Created
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified DaemonSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 201 - Created
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`DaemonSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/apps_apis/deployment-apps-v1.adoc b/microshift_rest_api/apps_apis/deployment-apps-v1.adoc
new file mode 100644
index 000000000000..0c9cc8f0146e
--- /dev/null
+++ b/microshift_rest_api/apps_apis/deployment-apps-v1.adoc
@@ -0,0 +1,1170 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="deployment-apps-v1"]
+= Deployment [apps/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Deployment enables declarative updates for Pods and ReplicaSets.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| DeploymentSpec is the specification of the desired behavior of the Deployment.
+
+| `status`
+| `object`
+| DeploymentStatus is the most recently observed status of the Deployment.
+
+|===
+=== .spec
+Description::
++
+--
+DeploymentSpec is the specification of the desired behavior of the Deployment.
+--
+
+Type::
+  `object`
+
+Required::
+  - `selector`
+  - `template`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `minReadySeconds`
+| `integer`
+| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
+| `paused`
+| `boolean`
+| Indicates that the deployment is paused.
+
+| `progressDeadlineSeconds`
+| `integer`
+| The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.
+
+| `replicas`
+| `integer`
+| Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.
+
+| `revisionHistoryLimit`
+| `integer`
+| The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels.
+
+| `strategy`
+| `object`
+| DeploymentStrategy describes how to replace existing pods with new ones.
+
+| `template`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
+| Template describes the pods that will be created. The only allowed template.spec.restartPolicy value is "Always".
+
+|===
+=== .spec.strategy
+Description::
++
+--
+DeploymentStrategy describes how to replace existing pods with new ones.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rollingUpdate`
+| `object`
+| Spec to control the desired behavior of rolling update.
+
+| `type`
+| `string`
+| Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
+
+Possible enum values:
+ - `"Recreate"` Kill all existing pods before creating new ones.
+ - `"RollingUpdate"` Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
+
+|===
+=== .spec.strategy.rollingUpdate
+Description::
++
+--
+Spec to control the desired behavior of rolling update.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `maxSurge`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.
+
+| `maxUnavailable`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.
+
+|===
+=== .status
+Description::
++
+--
+DeploymentStatus is the most recently observed status of the Deployment.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `availableReplicas`
+| `integer`
+| Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
+
+| `collisionCount`
+| `integer`
+| Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.
+
+| `conditions`
+| `array`
+| Represents the latest available observations of a deployment's current state.
+
+| `conditions[]`
+| `object`
+| DeploymentCondition describes the state of a deployment at a certain point.
+
+| `observedGeneration`
+| `integer`
+| The generation observed by the deployment controller.
+
+| `readyReplicas`
+| `integer`
+| readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
+
+| `replicas`
+| `integer`
+| Total number of non-terminated pods targeted by this deployment (their labels match the selector).
+
+| `unavailableReplicas`
+| `integer`
+| Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created.
+
+| `updatedReplicas`
+| `integer`
+| Total number of non-terminated pods targeted by this deployment that have the desired template spec.
+
+|===
+=== .status.conditions
+Description::
++
+--
+Represents the latest available observations of a deployment's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+DeploymentCondition describes the state of a deployment at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transitioned from one status to another.
+
+| `lastUpdateTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| The last time this condition was updated.
+
+| `message`
+| `string`
+| A human readable message indicating details about the transition.
+
+| `reason`
+| `string`
+| The reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of deployment condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apps/v1/deployments`
+- `GET`: list or watch objects of kind Deployment
+* `/apis/apps/v1/watch/deployments`
+- `GET`: watch individual changes to a list of Deployment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/deployments`
+- `DELETE`: delete collection of Deployment
+- `GET`: list or watch objects of kind Deployment
+- `POST`: create a Deployment
+* `/apis/apps/v1/watch/namespaces/{namespace}/deployments`
+- `GET`: watch individual changes to a list of Deployment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/deployments/{name}`
+- `DELETE`: delete a Deployment
+- `GET`: read the specified Deployment
+- `PATCH`: partially update the specified Deployment
+- `PUT`: replace the specified Deployment
+* `/apis/apps/v1/watch/namespaces/{namespace}/deployments/{name}`
+- `GET`: watch changes to an object of kind Deployment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/apps/v1/namespaces/{namespace}/deployments/{name}/status`
+- `GET`: read status of the specified Deployment
+- `PATCH`: partially update status of the specified Deployment
+- `PUT`: replace status of the specified Deployment
+
+
+=== /apis/apps/v1/deployments
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Deployment
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.DeploymentList[`DeploymentList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/deployments
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Deployment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/deployments
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.DeploymentList[`DeploymentList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 201 - Created
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 202 - Accepted
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/deployments
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Deployment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/deployments/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Deployment
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Deployment
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 201 - Created
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 201 - Created
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/deployments/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Deployment
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Deployment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Deployment
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Deployment
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 201 - Created
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 201 - Created
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`Deployment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/apps_apis/replicaset-apps-v1.adoc b/microshift_rest_api/apps_apis/replicaset-apps-v1.adoc
new file mode 100644
index 000000000000..003e1ad6a739
--- /dev/null
+++ b/microshift_rest_api/apps_apis/replicaset-apps-v1.adoc
@@ -0,0 +1,1087 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="replicaset-apps-v1"]
+= ReplicaSet [apps/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ReplicaSet ensures that a specified number of pod replicas are running at any given time.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| ReplicaSetSpec is the specification of a ReplicaSet.
+
+| `status`
+| `object`
+| ReplicaSetStatus represents the current status of a ReplicaSet.
+
+|===
+=== .spec
+Description::
++
+--
+ReplicaSetSpec is the specification of a ReplicaSet.
+--
+
+Type::
+  `object`
+
+Required::
+  - `selector`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `minReadySeconds`
+| `integer`
+| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
+| `replicas`
+| `integer`
+| Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| Selector is a label query over pods that should match the replica count. Label keys and values that must match in order to be controlled by this replica set. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
+| `template`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
+| Template is the object that describes the pod that will be created if insufficient replicas are detected. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
+
+|===
+=== .status
+Description::
++
+--
+ReplicaSetStatus represents the current status of a ReplicaSet.
+--
+
+Type::
+  `object`
+
+Required::
+  - `replicas`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `availableReplicas`
+| `integer`
+| The number of available replicas (ready for at least minReadySeconds) for this replica set.
+
+| `conditions`
+| `array`
+| Represents the latest available observations of a replica set's current state.
+
+| `conditions[]`
+| `object`
+| ReplicaSetCondition describes the state of a replica set at a certain point.
+
+| `fullyLabeledReplicas`
+| `integer`
+| The number of pods that have labels matching the labels of the pod template of the replicaset.
+
+| `observedGeneration`
+| `integer`
+| ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
+
+| `readyReplicas`
+| `integer`
+| readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
+
+| `replicas`
+| `integer`
+| Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
+
+|===
+=== .status.conditions
+Description::
++
+--
+Represents the latest available observations of a replica set's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+ReplicaSetCondition describes the state of a replica set at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| The last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| A human readable message indicating details about the transition.
+
+| `reason`
+| `string`
+| The reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of replica set condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apps/v1/replicasets`
+- `GET`: list or watch objects of kind ReplicaSet
+* `/apis/apps/v1/watch/replicasets`
+- `GET`: watch individual changes to a list of ReplicaSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/replicasets`
+- `DELETE`: delete collection of ReplicaSet
+- `GET`: list or watch objects of kind ReplicaSet
+- `POST`: create a ReplicaSet
+* `/apis/apps/v1/watch/namespaces/{namespace}/replicasets`
+- `GET`: watch individual changes to a list of ReplicaSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/replicasets/{name}`
+- `DELETE`: delete a ReplicaSet
+- `GET`: read the specified ReplicaSet
+- `PATCH`: partially update the specified ReplicaSet
+- `PUT`: replace the specified ReplicaSet
+* `/apis/apps/v1/watch/namespaces/{namespace}/replicasets/{name}`
+- `GET`: watch changes to an object of kind ReplicaSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status`
+- `GET`: read status of the specified ReplicaSet
+- `PATCH`: partially update status of the specified ReplicaSet
+- `PUT`: replace status of the specified ReplicaSet
+
+
+=== /apis/apps/v1/replicasets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ReplicaSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.ReplicaSetList[`ReplicaSetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/replicasets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ReplicaSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/replicasets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.ReplicaSetList[`ReplicaSetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 201 - Created
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 202 - Accepted
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/replicasets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ReplicaSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/replicasets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ReplicaSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ReplicaSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 201 - Created
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 201 - Created
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/replicasets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ReplicaSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ReplicaSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ReplicaSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified ReplicaSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 201 - Created
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 201 - Created
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`ReplicaSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/apps_apis/statefulset-apps-v1.adoc b/microshift_rest_api/apps_apis/statefulset-apps-v1.adoc
new file mode 100644
index 000000000000..91b5c6f63e0d
--- /dev/null
+++ b/microshift_rest_api/apps_apis/statefulset-apps-v1.adoc
@@ -0,0 +1,1248 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="statefulset-apps-v1"]
+= StatefulSet [apps/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+StatefulSet represents a set of pods with consistent identities. Identities are defined as:
+  - Network: A single stable DNS and hostname.
+  - Storage: As many VolumeClaims as requested.
+
+The StatefulSet guarantees that a given network identity will always map to the same storage identity.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| A StatefulSetSpec is the specification of a StatefulSet.
+
+| `status`
+| `object`
+| StatefulSetStatus represents the current state of a StatefulSet.
+
+|===
+=== .spec
+Description::
++
+--
+A StatefulSetSpec is the specification of a StatefulSet.
+--
+
+Type::
+  `object`
+
+Required::
+  - `selector`
+  - `template`
+  - `serviceName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `minReadySeconds`
+| `integer`
+| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
+| `ordinals`
+| `object`
+| StatefulSetOrdinals describes the policy used for replica ordinal assignment in this StatefulSet.
+
+| `persistentVolumeClaimRetentionPolicy`
+| `object`
+| StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from the StatefulSet VolumeClaimTemplates.
+
+| `podManagementPolicy`
+| `string`
+| podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
+
+Possible enum values:
+ - `"OrderedReady"` will create pods in strictly increasing order on scale up and strictly decreasing order on scale down, progressing only when the previous pod is ready or terminated. At most one pod will be changed at any time.
+ - `"Parallel"` will create and delete pods as soon as the stateful set replica count is changed, and will not wait for pods to be ready or complete termination.
+
+| `replicas`
+| `integer`
+| replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1.
+
+| `revisionHistoryLimit`
+| `integer`
+| revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over pods that should match the replica count. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
+| `serviceName`
+| `string`
+| serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.
+
+| `template`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
+| template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3". The only allowed template.spec.restartPolicy value is "Always".
+
+| `updateStrategy`
+| `object`
+| StatefulSetUpdateStrategy indicates the strategy that the StatefulSet controller will use to perform updates. It includes any additional parameters necessary to perform the update for the indicated strategy.
+
+| `volumeClaimTemplates`
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`array (PersistentVolumeClaim)`]
+| volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name.
+
+|===
+=== .spec.ordinals
+Description::
++
+--
+StatefulSetOrdinals describes the policy used for replica ordinal assignment in this StatefulSet.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `start`
+| `integer`
+| start is the number representing the first replica's index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range:
+  [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
+If unset, defaults to 0. Replica indices will be in the range:
+  [0, .spec.replicas).
+
+|===
+=== .spec.persistentVolumeClaimRetentionPolicy
+Description::
++
+--
+StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from the StatefulSet VolumeClaimTemplates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `whenDeleted`
+| `string`
+| WhenDeleted specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is deleted. The default policy of `Retain` causes PVCs to not be affected by StatefulSet deletion. The `Delete` policy causes those PVCs to be deleted.
+
+| `whenScaled`
+| `string`
+| WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. The default policy of `Retain` causes PVCs to not be affected by a scaledown. The `Delete` policy causes the associated PVCs for any excess pods above the replica count to be deleted.
+
+|===
+=== .spec.updateStrategy
+Description::
++
+--
+StatefulSetUpdateStrategy indicates the strategy that the StatefulSet controller will use to perform updates. It includes any additional parameters necessary to perform the update for the indicated strategy.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rollingUpdate`
+| `object`
+| RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
+
+| `type`
+| `string`
+| Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
+
+Possible enum values:
+ - `"OnDelete"` triggers the legacy behavior. Version tracking and ordered rolling restarts are disabled. Pods are recreated from the StatefulSetSpec when they are manually deleted. When a scale operation is performed with this strategy,specification version indicated by the StatefulSet's currentRevision.
+ - `"RollingUpdate"` indicates that update will be applied to all Pods in the StatefulSet with respect to the StatefulSet ordering constraints. When a scale operation is performed with this strategy, new Pods will be created from the specification version indicated by the StatefulSet's updateRevision.
+
+|===
+=== .spec.updateStrategy.rollingUpdate
+Description::
++
+--
+RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `maxUnavailable`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+
+| `partition`
+| `integer`
+| Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
+
+|===
+=== .status
+Description::
++
+--
+StatefulSetStatus represents the current state of a StatefulSet.
+--
+
+Type::
+  `object`
+
+Required::
+  - `replicas`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `availableReplicas`
+| `integer`
+| Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
+
+| `collisionCount`
+| `integer`
+| collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
+
+| `conditions`
+| `array`
+| Represents the latest available observations of a statefulset's current state.
+
+| `conditions[]`
+| `object`
+| StatefulSetCondition describes the state of a statefulset at a certain point.
+
+| `currentReplicas`
+| `integer`
+| currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.
+
+| `currentRevision`
+| `string`
+| currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).
+
+| `observedGeneration`
+| `integer`
+| observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet's generation, which is updated on mutation by the API Server.
+
+| `readyReplicas`
+| `integer`
+| readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
+
+| `replicas`
+| `integer`
+| replicas is the number of Pods created by the StatefulSet controller.
+
+| `updateRevision`
+| `string`
+| updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)
+
+| `updatedReplicas`
+| `integer`
+| updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
+
+|===
+=== .status.conditions
+Description::
++
+--
+Represents the latest available observations of a statefulset's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+StatefulSetCondition describes the state of a statefulset at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| A human readable message indicating details about the transition.
+
+| `reason`
+| `string`
+| The reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of statefulset condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apps/v1/statefulsets`
+- `GET`: list or watch objects of kind StatefulSet
+* `/apis/apps/v1/watch/statefulsets`
+- `GET`: watch individual changes to a list of StatefulSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/statefulsets`
+- `DELETE`: delete collection of StatefulSet
+- `GET`: list or watch objects of kind StatefulSet
+- `POST`: create a StatefulSet
+* `/apis/apps/v1/watch/namespaces/{namespace}/statefulsets`
+- `GET`: watch individual changes to a list of StatefulSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/apps/v1/namespaces/{namespace}/statefulsets/{name}`
+- `DELETE`: delete a StatefulSet
+- `GET`: read the specified StatefulSet
+- `PATCH`: partially update the specified StatefulSet
+- `PUT`: replace the specified StatefulSet
+* `/apis/apps/v1/watch/namespaces/{namespace}/statefulsets/{name}`
+- `GET`: watch changes to an object of kind StatefulSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status`
+- `GET`: read status of the specified StatefulSet
+- `PATCH`: partially update status of the specified StatefulSet
+- `PUT`: replace status of the specified StatefulSet
+
+
+=== /apis/apps/v1/statefulsets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind StatefulSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.StatefulSetList[`StatefulSetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/statefulsets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of StatefulSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/statefulsets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.apps.v1.StatefulSetList[`StatefulSetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 201 - Created
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 202 - Accepted
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/statefulsets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of StatefulSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StatefulSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified StatefulSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 201 - Created
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 201 - Created
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/watch/namespaces/{namespace}/statefulsets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StatefulSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind StatefulSet. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StatefulSet
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified StatefulSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 201 - Created
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 201 - Created
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`StatefulSet`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/authentication_apis/authentication-apis-index.adoc b/microshift_rest_api/authentication_apis/authentication-apis-index.adoc
new file mode 100644
index 000000000000..9e77b3369307
--- /dev/null
+++ b/microshift_rest_api/authentication_apis/authentication-apis-index.adoc
@@ -0,0 +1,31 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="authentication-apis"]
+= Authentication APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== TokenRequest [authentication.k8s.io/v1]
+
+Description::
++
+--
+TokenRequest requests a token for a given service account.
+--
+
+Type::
+  `object`
+
+== TokenReview [authentication.k8s.io/v1]
+
+Description::
++
+--
+TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc b/microshift_rest_api/authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc
new file mode 100644
index 000000000000..1101e33d9555
--- /dev/null
+++ b/microshift_rest_api/authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc
@@ -0,0 +1,218 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="tokenrequest-authentication-k8s-io-v1"]
+= TokenRequest [authentication.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+TokenRequest requests a token for a given service account.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| TokenRequestSpec contains client provided parameters of a token request.
+
+| `status`
+| `object`
+| TokenRequestStatus is the result of a token request.
+
+|===
+=== .spec
+Description::
++
+--
+TokenRequestSpec contains client provided parameters of a token request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `audiences`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audiences`
+| `array (string)`
+| Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
+
+| `boundObjectRef`
+| `object`
+| BoundObjectReference is a reference to an object that a token is bound to.
+
+| `expirationSeconds`
+| `integer`
+| ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
+
+|===
+=== .spec.boundObjectRef
+Description::
++
+--
+BoundObjectReference is a reference to an object that a token is bound to.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `kind`
+| `string`
+| Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
+
+| `name`
+| `string`
+| Name of the referent.
+
+| `uid`
+| `string`
+| UID of the referent.
+
+|===
+=== .status
+Description::
++
+--
+TokenRequestStatus is the result of a token request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `token`
+  - `expirationTimestamp`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `expirationTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| ExpirationTimestamp is the time of expiration of the returned token.
+
+| `token`
+| `string`
+| Token is the opaque bearer token.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/namespaces/{namespace}/serviceaccounts/{name}/token`
+- `POST`: create token of a ServiceAccount
+
+
+=== /api/v1/namespaces/{namespace}/serviceaccounts/{name}/token
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the TokenRequest
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create token of a ServiceAccount
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc#tokenrequest-authentication-k8s-io-v1[`TokenRequest`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc#tokenrequest-authentication-k8s-io-v1[`TokenRequest`] schema
+| 201 - Created
+| xref:../authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc#tokenrequest-authentication-k8s-io-v1[`TokenRequest`] schema
+| 202 - Accepted
+| xref:../authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc#tokenrequest-authentication-k8s-io-v1[`TokenRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/authentication_apis/tokenreview-authentication-k8s-io-v1.adoc b/microshift_rest_api/authentication_apis/tokenreview-authentication-k8s-io-v1.adoc
new file mode 100644
index 000000000000..67086e2a8068
--- /dev/null
+++ b/microshift_rest_api/authentication_apis/tokenreview-authentication-k8s-io-v1.adoc
@@ -0,0 +1,223 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="tokenreview-authentication-k8s-io-v1"]
+= TokenReview [authentication.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| TokenReviewSpec is a description of the token authentication request.
+
+| `status`
+| `object`
+| TokenReviewStatus is the result of the token authentication request.
+
+|===
+=== .spec
+Description::
++
+--
+TokenReviewSpec is a description of the token authentication request.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audiences`
+| `array (string)`
+| Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.
+
+| `token`
+| `string`
+| Token is the opaque bearer token.
+
+|===
+=== .status
+Description::
++
+--
+TokenReviewStatus is the result of the token authentication request.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audiences`
+| `array (string)`
+| Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.
+
+| `authenticated`
+| `boolean`
+| Authenticated indicates that the token was associated with a known user.
+
+| `error`
+| `string`
+| Error indicates that the token couldn't be checked
+
+| `user`
+| `object`
+| UserInfo holds the information about the user needed to implement the user.Info interface.
+
+|===
+=== .status.user
+Description::
++
+--
+UserInfo holds the information about the user needed to implement the user.Info interface.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `extra`
+| `object`
+| Any additional information provided by the authenticator.
+
+| `extra{}`
+| `array (string)`
+|
+
+| `groups`
+| `array (string)`
+| The names of groups this user is a part of.
+
+| `uid`
+| `string`
+| A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
+
+| `username`
+| `string`
+| The name that uniquely identifies this user among all active users.
+
+|===
+=== .status.user.extra
+Description::
++
+--
+Any additional information provided by the authenticator.
+--
+
+Type::
+  `object`
+
+
+
+
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/authentication.k8s.io/v1/tokenreviews`
+- `POST`: create a TokenReview
+
+
+=== /apis/authentication.k8s.io/v1/tokenreviews
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a TokenReview
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authentication_apis/tokenreview-authentication-k8s-io-v1.adoc#tokenreview-authentication-k8s-io-v1[`TokenReview`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authentication_apis/tokenreview-authentication-k8s-io-v1.adoc#tokenreview-authentication-k8s-io-v1[`TokenReview`] schema
+| 201 - Created
+| xref:../authentication_apis/tokenreview-authentication-k8s-io-v1.adoc#tokenreview-authentication-k8s-io-v1[`TokenReview`] schema
+| 202 - Accepted
+| xref:../authentication_apis/tokenreview-authentication-k8s-io-v1.adoc#tokenreview-authentication-k8s-io-v1[`TokenReview`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/authorization_apis/authorization-apis-index.adoc b/microshift_rest_api/authorization_apis/authorization-apis-index.adoc
new file mode 100644
index 000000000000..7a52d34fe600
--- /dev/null
+++ b/microshift_rest_api/authorization_apis/authorization-apis-index.adoc
@@ -0,0 +1,53 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="authorization-apis"]
+= Authorization APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== LocalSubjectAccessReview [authorization.k8s.io/v1]
+
+Description::
++
+--
+LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
+--
+
+Type::
+  `object`
+
+== SelfSubjectAccessReview [authorization.k8s.io/v1]
+
+Description::
++
+--
+SelfSubjectAccessReview checks whether or the current user can perform an action.  Not filling in a spec.namespace means "in all namespaces".  Self is a special case, because users should always be able to check whether they can perform an action
+--
+
+Type::
+  `object`
+
+== SelfSubjectRulesReview [authorization.k8s.io/v1]
+
+Description::
++
+--
+SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.
+--
+
+Type::
+  `object`
+
+== SubjectAccessReview [authorization.k8s.io/v1]
+
+Description::
++
+--
+SubjectAccessReview checks whether or not a user or group can perform an action.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc b/microshift_rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..3d1afdcbcebb
--- /dev/null
+++ b/microshift_rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
@@ -0,0 +1,287 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="localsubjectaccessreview-authorization-k8s-io-v1"]
+= LocalSubjectAccessReview [authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| SubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
+
+| `status`
+| `object`
+| SubjectAccessReviewStatus
+
+|===
+=== .spec
+Description::
++
+--
+SubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `extra`
+| `object`
+| Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer it needs a reflection here.
+
+| `extra{}`
+| `array (string)`
+|
+
+| `groups`
+| `array (string)`
+| Groups is the groups you're testing for.
+
+| `nonResourceAttributes`
+| `object`
+| NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
+
+| `resourceAttributes`
+| `object`
+| ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
+
+| `uid`
+| `string`
+| UID information about the requesting user.
+
+| `user`
+| `string`
+| User is the user you're testing for. If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
+
+|===
+=== .spec.extra
+Description::
++
+--
+Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer it needs a reflection here.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.nonResourceAttributes
+Description::
++
+--
+NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| Path is the URL path of the request
+
+| `verb`
+| `string`
+| Verb is the standard HTTP verb
+
+|===
+=== .spec.resourceAttributes
+Description::
++
+--
+ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| Group is the API Group of the Resource.  "*" means all.
+
+| `name`
+| `string`
+| Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
+
+| `namespace`
+| `string`
+| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+
+| `resource`
+| `string`
+| Resource is one of the existing resource types.  "*" means all.
+
+| `subresource`
+| `string`
+| Subresource is one of the existing resource types.  "" means none.
+
+| `verb`
+| `string`
+| Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
+
+| `version`
+| `string`
+| Version is the API Version of the Resource.  "*" means all.
+
+|===
+=== .status
+Description::
++
+--
+SubjectAccessReviewStatus
+--
+
+Type::
+  `object`
+
+Required::
+  - `allowed`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowed`
+| `boolean`
+| Allowed is required. True if the action would be allowed, false otherwise.
+
+| `denied`
+| `boolean`
+| Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.
+
+| `evaluationError`
+| `string`
+| EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
+
+| `reason`
+| `string`
+| Reason is optional.  It indicates why a request was allowed or denied.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/authorization.k8s.io/v1/namespaces/{namespace}/localsubjectaccessreviews`
+- `POST`: create a LocalSubjectAccessReview
+
+
+=== /apis/authorization.k8s.io/v1/namespaces/{namespace}/localsubjectaccessreviews
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a LocalSubjectAccessReview
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc#localsubjectaccessreview-authorization-k8s-io-v1[`LocalSubjectAccessReview`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc#localsubjectaccessreview-authorization-k8s-io-v1[`LocalSubjectAccessReview`] schema
+| 201 - Created
+| xref:../authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc#localsubjectaccessreview-authorization-k8s-io-v1[`LocalSubjectAccessReview`] schema
+| 202 - Accepted
+| xref:../authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc#localsubjectaccessreview-authorization-k8s-io-v1[`LocalSubjectAccessReview`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc b/microshift_rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..c5deae60f5f8
--- /dev/null
+++ b/microshift_rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
@@ -0,0 +1,246 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="selfsubjectaccessreview-authorization-k8s-io-v1"]
+= SelfSubjectAccessReview [authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+SelfSubjectAccessReview checks whether or the current user can perform an action.  Not filling in a spec.namespace means "in all namespaces".  Self is a special case, because users should always be able to check whether they can perform an action
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| SelfSubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
+
+| `status`
+| `object`
+| SubjectAccessReviewStatus
+
+|===
+=== .spec
+Description::
++
+--
+SelfSubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nonResourceAttributes`
+| `object`
+| NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
+
+| `resourceAttributes`
+| `object`
+| ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
+
+|===
+=== .spec.nonResourceAttributes
+Description::
++
+--
+NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| Path is the URL path of the request
+
+| `verb`
+| `string`
+| Verb is the standard HTTP verb
+
+|===
+=== .spec.resourceAttributes
+Description::
++
+--
+ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| Group is the API Group of the Resource.  "*" means all.
+
+| `name`
+| `string`
+| Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
+
+| `namespace`
+| `string`
+| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+
+| `resource`
+| `string`
+| Resource is one of the existing resource types.  "*" means all.
+
+| `subresource`
+| `string`
+| Subresource is one of the existing resource types.  "" means none.
+
+| `verb`
+| `string`
+| Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
+
+| `version`
+| `string`
+| Version is the API Version of the Resource.  "*" means all.
+
+|===
+=== .status
+Description::
++
+--
+SubjectAccessReviewStatus
+--
+
+Type::
+  `object`
+
+Required::
+  - `allowed`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowed`
+| `boolean`
+| Allowed is required. True if the action would be allowed, false otherwise.
+
+| `denied`
+| `boolean`
+| Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.
+
+| `evaluationError`
+| `string`
+| EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
+
+| `reason`
+| `string`
+| Reason is optional.  It indicates why a request was allowed or denied.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/authorization.k8s.io/v1/selfsubjectaccessreviews`
+- `POST`: create a SelfSubjectAccessReview
+
+
+=== /apis/authorization.k8s.io/v1/selfsubjectaccessreviews
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a SelfSubjectAccessReview
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc#selfsubjectaccessreview-authorization-k8s-io-v1[`SelfSubjectAccessReview`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc#selfsubjectaccessreview-authorization-k8s-io-v1[`SelfSubjectAccessReview`] schema
+| 201 - Created
+| xref:../authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc#selfsubjectaccessreview-authorization-k8s-io-v1[`SelfSubjectAccessReview`] schema
+| 202 - Accepted
+| xref:../authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc#selfsubjectaccessreview-authorization-k8s-io-v1[`SelfSubjectAccessReview`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc b/microshift_rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..d155da6f40cf
--- /dev/null
+++ b/microshift_rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc
@@ -0,0 +1,271 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="selfsubjectrulesreview-authorization-k8s-io-v1"]
+= SelfSubjectRulesReview [authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.
+
+| `status`
+| `object`
+| SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.
+
+|===
+=== .spec
+Description::
++
+--
+SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `namespace`
+| `string`
+| Namespace to evaluate rules for. Required.
+
+|===
+=== .status
+Description::
++
+--
+SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceRules`
+  - `nonResourceRules`
+  - `incomplete`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `evaluationError`
+| `string`
+| EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
+
+| `incomplete`
+| `boolean`
+| Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
+
+| `nonResourceRules`
+| `array`
+| NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+
+| `nonResourceRules[]`
+| `object`
+| NonResourceRule holds information that describes a rule for the non-resource
+
+| `resourceRules`
+| `array`
+| ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+
+| `resourceRules[]`
+| `object`
+| ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+
+|===
+=== .status.nonResourceRules
+Description::
++
+--
+NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.nonResourceRules[]
+Description::
++
+--
+NonResourceRule holds information that describes a rule for the non-resource
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nonResourceURLs`
+| `array (string)`
+| NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path.  "*" means all.
+
+| `verbs`
+| `array (string)`
+| Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options.  "*" means all.
+
+|===
+=== .status.resourceRules
+Description::
++
+--
+ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.resourceRules[]
+Description::
++
+--
+ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.  "*" means all.
+
+| `resourceNames`
+| `array (string)`
+| ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.  "*" means all.
+
+| `resources`
+| `array (string)`
+| Resources is a list of resources this rule applies to.  "*" means all in the specified apiGroups.
+ "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
+
+| `verbs`
+| `array (string)`
+| Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy.  "*" means all.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/authorization.k8s.io/v1/selfsubjectrulesreviews`
+- `POST`: create a SelfSubjectRulesReview
+
+
+=== /apis/authorization.k8s.io/v1/selfsubjectrulesreviews
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a SelfSubjectRulesReview
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc#selfsubjectrulesreview-authorization-k8s-io-v1[`SelfSubjectRulesReview`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc#selfsubjectrulesreview-authorization-k8s-io-v1[`SelfSubjectRulesReview`] schema
+| 201 - Created
+| xref:../authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc#selfsubjectrulesreview-authorization-k8s-io-v1[`SelfSubjectRulesReview`] schema
+| 202 - Accepted
+| xref:../authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc#selfsubjectrulesreview-authorization-k8s-io-v1[`SelfSubjectRulesReview`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc b/microshift_rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..beb05a420348
--- /dev/null
+++ b/microshift_rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
@@ -0,0 +1,279 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="subjectaccessreview-authorization-k8s-io-v1"]
+= SubjectAccessReview [authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+SubjectAccessReview checks whether or not a user or group can perform an action.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| SubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
+
+| `status`
+| `object`
+| SubjectAccessReviewStatus
+
+|===
+=== .spec
+Description::
++
+--
+SubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `extra`
+| `object`
+| Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer it needs a reflection here.
+
+| `extra{}`
+| `array (string)`
+|
+
+| `groups`
+| `array (string)`
+| Groups is the groups you're testing for.
+
+| `nonResourceAttributes`
+| `object`
+| NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
+
+| `resourceAttributes`
+| `object`
+| ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
+
+| `uid`
+| `string`
+| UID information about the requesting user.
+
+| `user`
+| `string`
+| User is the user you're testing for. If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
+
+|===
+=== .spec.extra
+Description::
++
+--
+Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer it needs a reflection here.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .spec.nonResourceAttributes
+Description::
++
+--
+NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| Path is the URL path of the request
+
+| `verb`
+| `string`
+| Verb is the standard HTTP verb
+
+|===
+=== .spec.resourceAttributes
+Description::
++
+--
+ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| Group is the API Group of the Resource.  "*" means all.
+
+| `name`
+| `string`
+| Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
+
+| `namespace`
+| `string`
+| Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+
+| `resource`
+| `string`
+| Resource is one of the existing resource types.  "*" means all.
+
+| `subresource`
+| `string`
+| Subresource is one of the existing resource types.  "" means none.
+
+| `verb`
+| `string`
+| Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
+
+| `version`
+| `string`
+| Version is the API Version of the Resource.  "*" means all.
+
+|===
+=== .status
+Description::
++
+--
+SubjectAccessReviewStatus
+--
+
+Type::
+  `object`
+
+Required::
+  - `allowed`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowed`
+| `boolean`
+| Allowed is required. True if the action would be allowed, false otherwise.
+
+| `denied`
+| `boolean`
+| Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.
+
+| `evaluationError`
+| `string`
+| EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
+
+| `reason`
+| `string`
+| Reason is optional.  It indicates why a request was allowed or denied.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/authorization.k8s.io/v1/subjectaccessreviews`
+- `POST`: create a SubjectAccessReview
+
+
+=== /apis/authorization.k8s.io/v1/subjectaccessreviews
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a SubjectAccessReview
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc#subjectaccessreview-authorization-k8s-io-v1[`SubjectAccessReview`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc#subjectaccessreview-authorization-k8s-io-v1[`SubjectAccessReview`] schema
+| 201 - Created
+| xref:../authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc#subjectaccessreview-authorization-k8s-io-v1[`SubjectAccessReview`] schema
+| 202 - Accepted
+| xref:../authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc#subjectaccessreview-authorization-k8s-io-v1[`SubjectAccessReview`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/autoscaling_apis/autoscaling-apis-index.adoc b/microshift_rest_api/autoscaling_apis/autoscaling-apis-index.adoc
new file mode 100644
index 000000000000..8118d9f440d5
--- /dev/null
+++ b/microshift_rest_api/autoscaling_apis/autoscaling-apis-index.adoc
@@ -0,0 +1,31 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="autoscaling-apis"]
+= Autoscaling APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Scale [autoscaling/v1]
+
+Description::
++
+--
+Scale represents a scaling request for a resource.
+--
+
+Type::
+  `object`
+
+== HorizontalPodAutoscaler [autoscaling/v2]
+
+Description::
++
+--
+HorizontalPodAutoscaler is the configuration for a horizontal pod autoscaler, which automatically manages the replica count of any resource implementing the scale subresource based on the metrics specified.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc b/microshift_rest_api/autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc
new file mode 100644
index 000000000000..de92887386a7
--- /dev/null
+++ b/microshift_rest_api/autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc
@@ -0,0 +1,2309 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="horizontalpodautoscaler-autoscaling-v2"]
+= HorizontalPodAutoscaler [autoscaling/v2]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+HorizontalPodAutoscaler is the configuration for a horizontal pod autoscaler, which automatically manages the replica count of any resource implementing the scale subresource based on the metrics specified.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.
+
+| `status`
+| `object`
+| HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler.
+
+|===
+=== .spec
+Description::
++
+--
+HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.
+--
+
+Type::
+  `object`
+
+Required::
+  - `scaleTargetRef`
+  - `maxReplicas`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `behavior`
+| `object`
+| HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
+
+| `maxReplicas`
+| `integer`
+| maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas.
+
+| `metrics`
+| `array`
+| metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used).  The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods.  Ergo, metrics used must decrease as the pod count is increased, and vice-versa.  See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization.
+
+| `metrics[]`
+| `object`
+| MetricSpec specifies how to scale based on a single metric (only `type` and one other matching field should be set at once).
+
+| `minReplicas`
+| `integer`
+| minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down.  It defaults to 1 pod.  minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured.  Scaling is active as long as at least one metric value is available.
+
+| `scaleTargetRef`
+| `object`
+| CrossVersionObjectReference contains enough information to let you identify the referred resource.
+
+|===
+=== .spec.behavior
+Description::
++
+--
+HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `scaleDown`
+| `object`
+| HPAScalingRules configures the scaling behavior for one direction. These Rules are applied after calculating DesiredReplicas from metrics for the HPA. They can limit the scaling velocity by specifying scaling policies. They can prevent flapping by specifying the stabilization window, so that the number of replicas is not set instantly, instead, the safest value from the stabilization window is chosen.
+
+| `scaleUp`
+| `object`
+| HPAScalingRules configures the scaling behavior for one direction. These Rules are applied after calculating DesiredReplicas from metrics for the HPA. They can limit the scaling velocity by specifying scaling policies. They can prevent flapping by specifying the stabilization window, so that the number of replicas is not set instantly, instead, the safest value from the stabilization window is chosen.
+
+|===
+=== .spec.behavior.scaleDown
+Description::
++
+--
+HPAScalingRules configures the scaling behavior for one direction. These Rules are applied after calculating DesiredReplicas from metrics for the HPA. They can limit the scaling velocity by specifying scaling policies. They can prevent flapping by specifying the stabilization window, so that the number of replicas is not set instantly, instead, the safest value from the stabilization window is chosen.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `policies`
+| `array`
+| policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+
+| `policies[]`
+| `object`
+| HPAScalingPolicy is a single policy which must hold true for a specified past interval.
+
+| `selectPolicy`
+| `string`
+| selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
+
+| `stabilizationWindowSeconds`
+| `integer`
+| stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+
+|===
+=== .spec.behavior.scaleDown.policies
+Description::
++
+--
+policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.behavior.scaleDown.policies[]
+Description::
++
+--
+HPAScalingPolicy is a single policy which must hold true for a specified past interval.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `value`
+  - `periodSeconds`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `periodSeconds`
+| `integer`
+| periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+
+| `type`
+| `string`
+| type is used to specify the scaling policy.
+
+| `value`
+| `integer`
+| value contains the amount of change which is permitted by the policy. It must be greater than zero
+
+|===
+=== .spec.behavior.scaleUp
+Description::
++
+--
+HPAScalingRules configures the scaling behavior for one direction. These Rules are applied after calculating DesiredReplicas from metrics for the HPA. They can limit the scaling velocity by specifying scaling policies. They can prevent flapping by specifying the stabilization window, so that the number of replicas is not set instantly, instead, the safest value from the stabilization window is chosen.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `policies`
+| `array`
+| policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+
+| `policies[]`
+| `object`
+| HPAScalingPolicy is a single policy which must hold true for a specified past interval.
+
+| `selectPolicy`
+| `string`
+| selectPolicy is used to specify which policy should be used. If not set, the default value Max is used.
+
+| `stabilizationWindowSeconds`
+| `integer`
+| stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+
+|===
+=== .spec.behavior.scaleUp.policies
+Description::
++
+--
+policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.behavior.scaleUp.policies[]
+Description::
++
+--
+HPAScalingPolicy is a single policy which must hold true for a specified past interval.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `value`
+  - `periodSeconds`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `periodSeconds`
+| `integer`
+| periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+
+| `type`
+| `string`
+| type is used to specify the scaling policy.
+
+| `value`
+| `integer`
+| value contains the amount of change which is permitted by the policy. It must be greater than zero
+
+|===
+=== .spec.metrics
+Description::
++
+--
+metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used).  The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods.  Ergo, metrics used must decrease as the pod count is increased, and vice-versa.  See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.metrics[]
+Description::
++
+--
+MetricSpec specifies how to scale based on a single metric (only `type` and one other matching field should be set at once).
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerResource`
+| `object`
+| ContainerResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory).  The values will be averaged together before being compared to the target.  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.  Only one "target" type should be set.
+
+| `external`
+| `object`
+| ExternalMetricSource indicates how to scale on a metric not associated with any Kubernetes object (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
+
+| `object`
+| `object`
+| ObjectMetricSource indicates how to scale on a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).
+
+| `pods`
+| `object`
+| PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+
+| `resource`
+| `object`
+| ResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory).  The values will be averaged together before being compared to the target.  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.  Only one "target" type should be set.
+
+| `type`
+| `string`
+| type is the type of metric source.  It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
+
+|===
+=== .spec.metrics[].containerResource
+Description::
++
+--
+ContainerResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory).  The values will be averaged together before being compared to the target.  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.  Only one "target" type should be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `target`
+  - `container`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `container`
+| `string`
+| container is the name of the container in the pods of the scaling target
+
+| `name`
+| `string`
+| name is the name of the resource in question.
+
+| `target`
+| `object`
+| MetricTarget defines the target value, average value, or average utilization of a specific metric
+
+|===
+=== .spec.metrics[].containerResource.target
+Description::
++
+--
+MetricTarget defines the target value, average value, or average utilization of a specific metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+
+| `type`
+| `string`
+| type represents whether the metric type is Utilization, Value, or AverageValue
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the target value of the metric (as a quantity).
+
+|===
+=== .spec.metrics[].external
+Description::
++
+--
+ExternalMetricSource indicates how to scale on a metric not associated with any Kubernetes object (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
+--
+
+Type::
+  `object`
+
+Required::
+  - `metric`
+  - `target`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metric`
+| `object`
+| MetricIdentifier defines the name and optionally selector for a metric
+
+| `target`
+| `object`
+| MetricTarget defines the target value, average value, or average utilization of a specific metric
+
+|===
+=== .spec.metrics[].external.metric
+Description::
++
+--
+MetricIdentifier defines the name and optionally selector for a metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the given metric
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+|===
+=== .spec.metrics[].external.target
+Description::
++
+--
+MetricTarget defines the target value, average value, or average utilization of a specific metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+
+| `type`
+| `string`
+| type represents whether the metric type is Utilization, Value, or AverageValue
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the target value of the metric (as a quantity).
+
+|===
+=== .spec.metrics[].object
+Description::
++
+--
+ObjectMetricSource indicates how to scale on a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).
+--
+
+Type::
+  `object`
+
+Required::
+  - `describedObject`
+  - `target`
+  - `metric`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `describedObject`
+| `object`
+| CrossVersionObjectReference contains enough information to let you identify the referred resource.
+
+| `metric`
+| `object`
+| MetricIdentifier defines the name and optionally selector for a metric
+
+| `target`
+| `object`
+| MetricTarget defines the target value, average value, or average utilization of a specific metric
+
+|===
+=== .spec.metrics[].object.describedObject
+Description::
++
+--
+CrossVersionObjectReference contains enough information to let you identify the referred resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| apiVersion is the API version of the referent
+
+| `kind`
+| `string`
+| kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.metrics[].object.metric
+Description::
++
+--
+MetricIdentifier defines the name and optionally selector for a metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the given metric
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+|===
+=== .spec.metrics[].object.target
+Description::
++
+--
+MetricTarget defines the target value, average value, or average utilization of a specific metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+
+| `type`
+| `string`
+| type represents whether the metric type is Utilization, Value, or AverageValue
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the target value of the metric (as a quantity).
+
+|===
+=== .spec.metrics[].pods
+Description::
++
+--
+PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+--
+
+Type::
+  `object`
+
+Required::
+  - `metric`
+  - `target`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metric`
+| `object`
+| MetricIdentifier defines the name and optionally selector for a metric
+
+| `target`
+| `object`
+| MetricTarget defines the target value, average value, or average utilization of a specific metric
+
+|===
+=== .spec.metrics[].pods.metric
+Description::
++
+--
+MetricIdentifier defines the name and optionally selector for a metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the given metric
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+|===
+=== .spec.metrics[].pods.target
+Description::
++
+--
+MetricTarget defines the target value, average value, or average utilization of a specific metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+
+| `type`
+| `string`
+| type represents whether the metric type is Utilization, Value, or AverageValue
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the target value of the metric (as a quantity).
+
+|===
+=== .spec.metrics[].resource
+Description::
++
+--
+ResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory).  The values will be averaged together before being compared to the target.  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.  Only one "target" type should be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `target`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the resource in question.
+
+| `target`
+| `object`
+| MetricTarget defines the target value, average value, or average utilization of a specific metric
+
+|===
+=== .spec.metrics[].resource.target
+Description::
++
+--
+MetricTarget defines the target value, average value, or average utilization of a specific metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the target value of the average of the metric across all relevant pods (as a quantity)
+
+| `type`
+| `string`
+| type represents whether the metric type is Utilization, Value, or AverageValue
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the target value of the metric (as a quantity).
+
+|===
+=== .spec.scaleTargetRef
+Description::
++
+--
+CrossVersionObjectReference contains enough information to let you identify the referred resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| apiVersion is the API version of the referent
+
+| `kind`
+| `string`
+| kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .status
+Description::
++
+--
+HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler.
+--
+
+Type::
+  `object`
+
+Required::
+  - `desiredReplicas`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| conditions is the set of conditions required for this autoscaler to scale its target, and indicates whether or not those conditions are met.
+
+| `conditions[]`
+| `object`
+| HorizontalPodAutoscalerCondition describes the state of a HorizontalPodAutoscaler at a certain point.
+
+| `currentMetrics`
+| `array`
+| currentMetrics is the last read state of the metrics used by this autoscaler.
+
+| `currentMetrics[]`
+| `object`
+| MetricStatus describes the last-read state of a single metric.
+
+| `currentReplicas`
+| `integer`
+| currentReplicas is current number of replicas of pods managed by this autoscaler, as last seen by the autoscaler.
+
+| `desiredReplicas`
+| `integer`
+| desiredReplicas is the desired number of replicas of pods managed by this autoscaler, as last calculated by the autoscaler.
+
+| `lastScaleTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, used by the autoscaler to control how often the number of pods is changed.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration is the most recent generation observed by this autoscaler.
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions is the set of conditions required for this autoscaler to scale its target, and indicates whether or not those conditions are met.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+HorizontalPodAutoscalerCondition describes the state of a HorizontalPodAutoscaler at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastTransitionTime is the last time the condition transitioned from one status to another
+
+| `message`
+| `string`
+| message is a human-readable explanation containing details about the transition
+
+| `reason`
+| `string`
+| reason is the reason for the condition's last transition.
+
+| `status`
+| `string`
+| status is the status of the condition (True, False, Unknown)
+
+| `type`
+| `string`
+| type describes the current condition
+
+|===
+=== .status.currentMetrics
+Description::
++
+--
+currentMetrics is the last read state of the metrics used by this autoscaler.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.currentMetrics[]
+Description::
++
+--
+MetricStatus describes the last-read state of a single metric.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerResource`
+| `object`
+| ContainerResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing a single container in each pod in the current scale target (e.g. CPU or memory).  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
+| `external`
+| `object`
+| ExternalMetricStatus indicates the current value of a global metric not associated with any Kubernetes object.
+
+| `object`
+| `object`
+| ObjectMetricStatus indicates the current value of a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).
+
+| `pods`
+| `object`
+| PodsMetricStatus indicates the current value of a metric describing each pod in the current scale target (for example, transactions-processed-per-second).
+
+| `resource`
+| `object`
+| ResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory).  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
+| `type`
+| `string`
+| type is the type of metric source.  It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
+
+|===
+=== .status.currentMetrics[].containerResource
+Description::
++
+--
+ContainerResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing a single container in each pod in the current scale target (e.g. CPU or memory).  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `current`
+  - `container`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `container`
+| `string`
+| container is the name of the container in the pods of the scaling target
+
+| `current`
+| `object`
+| MetricValueStatus holds the current value for a metric
+
+| `name`
+| `string`
+| name is the name of the resource in question.
+
+|===
+=== .status.currentMetrics[].containerResource.current
+Description::
++
+--
+MetricValueStatus holds the current value for a metric
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the current value of the average of the metric across all relevant pods (as a quantity)
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the current value of the metric (as a quantity).
+
+|===
+=== .status.currentMetrics[].external
+Description::
++
+--
+ExternalMetricStatus indicates the current value of a global metric not associated with any Kubernetes object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `metric`
+  - `current`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `current`
+| `object`
+| MetricValueStatus holds the current value for a metric
+
+| `metric`
+| `object`
+| MetricIdentifier defines the name and optionally selector for a metric
+
+|===
+=== .status.currentMetrics[].external.current
+Description::
++
+--
+MetricValueStatus holds the current value for a metric
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the current value of the average of the metric across all relevant pods (as a quantity)
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the current value of the metric (as a quantity).
+
+|===
+=== .status.currentMetrics[].external.metric
+Description::
++
+--
+MetricIdentifier defines the name and optionally selector for a metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the given metric
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+|===
+=== .status.currentMetrics[].object
+Description::
++
+--
+ObjectMetricStatus indicates the current value of a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).
+--
+
+Type::
+  `object`
+
+Required::
+  - `metric`
+  - `current`
+  - `describedObject`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `current`
+| `object`
+| MetricValueStatus holds the current value for a metric
+
+| `describedObject`
+| `object`
+| CrossVersionObjectReference contains enough information to let you identify the referred resource.
+
+| `metric`
+| `object`
+| MetricIdentifier defines the name and optionally selector for a metric
+
+|===
+=== .status.currentMetrics[].object.current
+Description::
++
+--
+MetricValueStatus holds the current value for a metric
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the current value of the average of the metric across all relevant pods (as a quantity)
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the current value of the metric (as a quantity).
+
+|===
+=== .status.currentMetrics[].object.describedObject
+Description::
++
+--
+CrossVersionObjectReference contains enough information to let you identify the referred resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| apiVersion is the API version of the referent
+
+| `kind`
+| `string`
+| kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .status.currentMetrics[].object.metric
+Description::
++
+--
+MetricIdentifier defines the name and optionally selector for a metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the given metric
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+|===
+=== .status.currentMetrics[].pods
+Description::
++
+--
+PodsMetricStatus indicates the current value of a metric describing each pod in the current scale target (for example, transactions-processed-per-second).
+--
+
+Type::
+  `object`
+
+Required::
+  - `metric`
+  - `current`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `current`
+| `object`
+| MetricValueStatus holds the current value for a metric
+
+| `metric`
+| `object`
+| MetricIdentifier defines the name and optionally selector for a metric
+
+|===
+=== .status.currentMetrics[].pods.current
+Description::
++
+--
+MetricValueStatus holds the current value for a metric
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the current value of the average of the metric across all relevant pods (as a quantity)
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the current value of the metric (as a quantity).
+
+|===
+=== .status.currentMetrics[].pods.metric
+Description::
++
+--
+MetricIdentifier defines the name and optionally selector for a metric
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the given metric
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+|===
+=== .status.currentMetrics[].resource
+Description::
++
+--
+ResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory).  Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `current`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `current`
+| `object`
+| MetricValueStatus holds the current value for a metric
+
+| `name`
+| `string`
+| name is the name of the resource in question.
+
+|===
+=== .status.currentMetrics[].resource.current
+Description::
++
+--
+MetricValueStatus holds the current value for a metric
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `averageUtilization`
+| `integer`
+| currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
+
+| `averageValue`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| averageValue is the current value of the average of the metric across all relevant pods (as a quantity)
+
+| `value`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| value is the current value of the metric (as a quantity).
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/autoscaling/v2/horizontalpodautoscalers`
+- `GET`: list or watch objects of kind HorizontalPodAutoscaler
+* `/apis/autoscaling/v2/watch/horizontalpodautoscalers`
+- `GET`: watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers`
+- `DELETE`: delete collection of HorizontalPodAutoscaler
+- `GET`: list or watch objects of kind HorizontalPodAutoscaler
+- `POST`: create a HorizontalPodAutoscaler
+* `/apis/autoscaling/v2/watch/namespaces/{namespace}/horizontalpodautoscalers`
+- `GET`: watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers/{name}`
+- `DELETE`: delete a HorizontalPodAutoscaler
+- `GET`: read the specified HorizontalPodAutoscaler
+- `PATCH`: partially update the specified HorizontalPodAutoscaler
+- `PUT`: replace the specified HorizontalPodAutoscaler
+* `/apis/autoscaling/v2/watch/namespaces/{namespace}/horizontalpodautoscalers/{name}`
+- `GET`: watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers/{name}/status`
+- `GET`: read status of the specified HorizontalPodAutoscaler
+- `PATCH`: partially update status of the specified HorizontalPodAutoscaler
+- `PUT`: replace status of the specified HorizontalPodAutoscaler
+
+
+=== /apis/autoscaling/v2/horizontalpodautoscalers
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind HorizontalPodAutoscaler
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerList[`HorizontalPodAutoscalerList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/autoscaling/v2/watch/horizontalpodautoscalers
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerList[`HorizontalPodAutoscalerList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 201 - Created
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 202 - Accepted
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/autoscaling/v2/watch/namespaces/{namespace}/horizontalpodautoscalers
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the HorizontalPodAutoscaler
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified HorizontalPodAutoscaler
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 201 - Created
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 201 - Created
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/autoscaling/v2/watch/namespaces/{namespace}/horizontalpodautoscalers/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the HorizontalPodAutoscaler
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the HorizontalPodAutoscaler
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified HorizontalPodAutoscaler
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 201 - Created
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified HorizontalPodAutoscaler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 201 - Created
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`HorizontalPodAutoscaler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/autoscaling_apis/scale-autoscaling-v1.adoc b/microshift_rest_api/autoscaling_apis/scale-autoscaling-v1.adoc
new file mode 100644
index 000000000000..302199cca001
--- /dev/null
+++ b/microshift_rest_api/autoscaling_apis/scale-autoscaling-v1.adoc
@@ -0,0 +1,641 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="scale-autoscaling-v1"]
+= Scale [autoscaling/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Scale represents a scaling request for a resource.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+
+| `spec`
+| `object`
+| ScaleSpec describes the attributes of a scale subresource.
+
+| `status`
+| `object`
+| ScaleStatus represents the current status of a scale subresource.
+
+|===
+=== .spec
+Description::
++
+--
+ScaleSpec describes the attributes of a scale subresource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `replicas`
+| `integer`
+| replicas is the desired number of instances for the scaled object.
+
+|===
+=== .status
+Description::
++
+--
+ScaleStatus represents the current status of a scale subresource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `replicas`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `replicas`
+| `integer`
+| replicas is the actual number of observed instances of the scaled object.
+
+| `selector`
+| `string`
+| selector is the label query over pods that should match the replicas count. This is same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale`
+- `GET`: read scale of the specified Deployment
+- `PATCH`: partially update scale of the specified Deployment
+- `PUT`: replace scale of the specified Deployment
+* `/apis/apps/v1/namespaces/{namespace}/replicasets/{name}/scale`
+- `GET`: read scale of the specified ReplicaSet
+- `PATCH`: partially update scale of the specified ReplicaSet
+- `PUT`: replace scale of the specified ReplicaSet
+* `/apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale`
+- `GET`: read scale of the specified StatefulSet
+- `PATCH`: partially update scale of the specified StatefulSet
+- `PUT`: replace scale of the specified StatefulSet
+* `/api/v1/namespaces/{namespace}/replicationcontrollers/{name}/scale`
+- `GET`: read scale of the specified ReplicationController
+- `PATCH`: partially update scale of the specified ReplicationController
+- `PUT`: replace scale of the specified ReplicationController
+
+
+=== /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Scale
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read scale of the specified Deployment
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update scale of the specified Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace scale of the specified Deployment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/scale
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Scale
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read scale of the specified ReplicaSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update scale of the specified ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace scale of the specified ReplicaSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Scale
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read scale of the specified StatefulSet
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update scale of the specified StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace scale of the specified StatefulSet
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/scale
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Scale
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read scale of the specified ReplicationController
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update scale of the specified ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace scale of the specified ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 201 - Created
+| xref:../autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[`Scale`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/batch_apis/batch-apis-index.adoc b/microshift_rest_api/batch_apis/batch-apis-index.adoc
new file mode 100644
index 000000000000..350352f04186
--- /dev/null
+++ b/microshift_rest_api/batch_apis/batch-apis-index.adoc
@@ -0,0 +1,31 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="batch-apis"]
+= Batch APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== CronJob [batch/v1]
+
+Description::
++
+--
+CronJob represents the configuration of a single cron job.
+--
+
+Type::
+  `object`
+
+== Job [batch/v1]
+
+Description::
++
+--
+Job represents the configuration of a single job.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/batch_apis/cronjob-batch-v1.adoc b/microshift_rest_api/batch_apis/cronjob-batch-v1.adoc
new file mode 100644
index 000000000000..6d2934ea9177
--- /dev/null
+++ b/microshift_rest_api/batch_apis/cronjob-batch-v1.adoc
@@ -0,0 +1,1317 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="cronjob-batch-v1"]
+= CronJob [batch/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+CronJob represents the configuration of a single cron job.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| CronJobSpec describes how the job execution will look like and when it will actually run.
+
+| `status`
+| `object`
+| CronJobStatus represents the current state of a cron job.
+
+|===
+=== .spec
+Description::
++
+--
+CronJobSpec describes how the job execution will look like and when it will actually run.
+--
+
+Type::
+  `object`
+
+Required::
+  - `schedule`
+  - `jobTemplate`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `concurrencyPolicy`
+| `string`
+| Specifies how to treat concurrent executions of a Job. Valid values are:
+
+- "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
+
+Possible enum values:
+ - `"Allow"` allows CronJobs to run concurrently.
+ - `"Forbid"` forbids concurrent runs, skipping next run if previous hasn't finished yet.
+ - `"Replace"` cancels currently running job and replaces it with a new one.
+
+| `failedJobsHistoryLimit`
+| `integer`
+| The number of failed finished jobs to retain. Value must be non-negative integer. Defaults to 1.
+
+| `jobTemplate`
+| `object`
+| JobTemplateSpec describes the data a Job should have when created from a template
+
+| `schedule`
+| `string`
+| The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
+
+| `startingDeadlineSeconds`
+| `integer`
+| Optional deadline in seconds for starting the job if it misses scheduled time for any reason.  Missed jobs executions will be counted as failed ones.
+
+| `successfulJobsHistoryLimit`
+| `integer`
+| The number of successful finished jobs to retain. Value must be non-negative integer. Defaults to 3.
+
+| `suspend`
+| `boolean`
+| This flag tells the controller to suspend subsequent executions, it does not apply to already started executions.  Defaults to false.
+
+| `timeZone`
+| `string`
+| The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones
+
+|===
+=== .spec.jobTemplate
+Description::
++
+--
+JobTemplateSpec describes the data a Job should have when created from a template
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| JobSpec describes how the job execution will look like.
+
+|===
+=== .spec.jobTemplate.spec
+Description::
++
+--
+JobSpec describes how the job execution will look like.
+--
+
+Type::
+  `object`
+
+Required::
+  - `template`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `activeDeadlineSeconds`
+| `integer`
+| Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.
+
+| `backoffLimit`
+| `integer`
+| Specifies the number of retries before marking this job failed. Defaults to 6
+
+| `completionMode`
+| `string`
+| completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.
+
+`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.
+
+`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.
+
+More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.
+
+Possible enum values:
+ - `"Indexed"` is a Job completion mode. In this mode, the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1). The Job is considered complete when a Pod completes for each completion index.
+ - `"NonIndexed"` is a Job completion mode. In this mode, the Job is considered complete when there have been .spec.completions successfully completed Pods. Pod completions are homologous to each other.
+
+| `completions`
+| `integer`
+| Specifies the desired number of successfully finished pods the job should be run with.  Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value.  Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `manualSelector`
+| `boolean`
+| manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template.  When true, the user is responsible for picking unique labels and specifying the selector.  Failure to pick a unique label may cause this and other jobs to not function correctly.  However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+
+| `parallelism`
+| `integer`
+| Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `podFailurePolicy`
+| `object`
+| PodFailurePolicy describes how failed pods influence the backoffLimit.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
+| `suspend`
+| `boolean`
+| suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+
+| `template`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
+| Describes the pod that will be created when executing a job. The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `ttlSecondsAfterFinished`
+| `integer`
+| ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.
+
+|===
+=== .spec.jobTemplate.spec.podFailurePolicy
+Description::
++
+--
+PodFailurePolicy describes how failed pods influence the backoffLimit.
+--
+
+Type::
+  `object`
+
+Required::
+  - `rules`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rules`
+| `array`
+| A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.
+
+| `rules[]`
+| `object`
+| PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
+
+|===
+=== .spec.jobTemplate.spec.podFailurePolicy.rules
+Description::
++
+--
+A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.jobTemplate.spec.podFailurePolicy.rules[]
+Description::
++
+--
+PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
+--
+
+Type::
+  `object`
+
+Required::
+  - `action`
+  - `onPodConditions`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `string`
+| Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:
+
+- FailJob: indicates that the pod's job is marked as Failed and all
+  running pods are terminated.
+- Ignore: indicates that the counter towards the .backoffLimit is not
+  incremented and a replacement pod is created.
+- Count: indicates that the pod is handled in the default way - the
+  counter towards the .backoffLimit is incremented.
+Additional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.
+
+Possible enum values:
+ - `"Count"` This is an action which might be taken on a pod failure - the pod failure is handled in the default way - the counter towards .backoffLimit, represented by the job's .status.failed field, is incremented.
+ - `"FailJob"` This is an action which might be taken on a pod failure - mark the pod's job as Failed and terminate all running pods.
+ - `"Ignore"` This is an action which might be taken on a pod failure - the counter towards .backoffLimit, represented by the job's .status.failed field, is not incremented and a replacement pod is created.
+
+| `onExitCodes`
+| `object`
+| PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.
+
+| `onPodConditions`
+| `array`
+| Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.
+
+| `onPodConditions[]`
+| `object`
+| PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.
+
+|===
+=== .spec.jobTemplate.spec.podFailurePolicy.rules[].onExitCodes
+Description::
++
+--
+PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.
+--
+
+Type::
+  `object`
+
+Required::
+  - `operator`
+  - `values`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.
+
+| `operator`
+| `string`
+| Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are:
+
+- In: the requirement is satisfied if at least one container exit code
+  (might be multiple if there are multiple containers not restricted
+  by the 'containerName' field) is in the set of specified values.
+- NotIn: the requirement is satisfied if at least one container exit code
+  (might be multiple if there are multiple containers not restricted
+  by the 'containerName' field) is not in the set of specified values.
+Additional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.
+
+Possible enum values:
+ - `"In"`
+ - `"NotIn"`
+
+| `values`
+| `array (integer)`
+| Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.
+
+|===
+=== .spec.jobTemplate.spec.podFailurePolicy.rules[].onPodConditions
+Description::
++
+--
+Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.jobTemplate.spec.podFailurePolicy.rules[].onPodConditions[]
+Description::
++
+--
+PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `status`
+| `string`
+| Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.
+
+| `type`
+| `string`
+| Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.
+
+|===
+=== .status
+Description::
++
+--
+CronJobStatus represents the current state of a cron job.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `active`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`array (ObjectReference)`]
+| A list of pointers to currently running jobs.
+
+| `lastScheduleTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Information when was the last time the job was successfully scheduled.
+
+| `lastSuccessfulTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Information when was the last time the job successfully completed.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/batch/v1/cronjobs`
+- `GET`: list or watch objects of kind CronJob
+* `/apis/batch/v1/watch/cronjobs`
+- `GET`: watch individual changes to a list of CronJob. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/batch/v1/namespaces/{namespace}/cronjobs`
+- `DELETE`: delete collection of CronJob
+- `GET`: list or watch objects of kind CronJob
+- `POST`: create a CronJob
+* `/apis/batch/v1/watch/namespaces/{namespace}/cronjobs`
+- `GET`: watch individual changes to a list of CronJob. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/batch/v1/namespaces/{namespace}/cronjobs/{name}`
+- `DELETE`: delete a CronJob
+- `GET`: read the specified CronJob
+- `PATCH`: partially update the specified CronJob
+- `PUT`: replace the specified CronJob
+* `/apis/batch/v1/watch/namespaces/{namespace}/cronjobs/{name}`
+- `GET`: watch changes to an object of kind CronJob. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/batch/v1/namespaces/{namespace}/cronjobs/{name}/status`
+- `GET`: read status of the specified CronJob
+- `PATCH`: partially update status of the specified CronJob
+- `PUT`: replace status of the specified CronJob
+
+
+=== /apis/batch/v1/cronjobs
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CronJob
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.batch.v1.CronJobList[`CronJobList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/watch/cronjobs
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CronJob. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/namespaces/{namespace}/cronjobs
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.batch.v1.CronJobList[`CronJobList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 201 - Created
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 202 - Accepted
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/watch/namespaces/{namespace}/cronjobs
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CronJob. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/namespaces/{namespace}/cronjobs/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CronJob
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified CronJob
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 201 - Created
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 201 - Created
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/watch/namespaces/{namespace}/cronjobs/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CronJob
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind CronJob. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/namespaces/{namespace}/cronjobs/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CronJob
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified CronJob
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 201 - Created
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified CronJob
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 201 - Created
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`CronJob`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/batch_apis/job-batch-v1.adoc b/microshift_rest_api/batch_apis/job-batch-v1.adoc
new file mode 100644
index 000000000000..038f2af0fc10
--- /dev/null
+++ b/microshift_rest_api/batch_apis/job-batch-v1.adoc
@@ -0,0 +1,1345 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="job-batch-v1"]
+= Job [batch/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Job represents the configuration of a single job.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| JobSpec describes how the job execution will look like.
+
+| `status`
+| `object`
+| JobStatus represents the current state of a Job.
+
+|===
+=== .spec
+Description::
++
+--
+JobSpec describes how the job execution will look like.
+--
+
+Type::
+  `object`
+
+Required::
+  - `template`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `activeDeadlineSeconds`
+| `integer`
+| Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.
+
+| `backoffLimit`
+| `integer`
+| Specifies the number of retries before marking this job failed. Defaults to 6
+
+| `completionMode`
+| `string`
+| completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.
+
+`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.
+
+`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.
+
+More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.
+
+Possible enum values:
+ - `"Indexed"` is a Job completion mode. In this mode, the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1). The Job is considered complete when a Pod completes for each completion index.
+ - `"NonIndexed"` is a Job completion mode. In this mode, the Job is considered complete when there have been .spec.completions successfully completed Pods. Pod completions are homologous to each other.
+
+| `completions`
+| `integer`
+| Specifies the desired number of successfully finished pods the job should be run with.  Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value.  Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `manualSelector`
+| `boolean`
+| manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template.  When true, the user is responsible for picking unique labels and specifying the selector.  Failure to pick a unique label may cause this and other jobs to not function correctly.  However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+
+| `parallelism`
+| `integer`
+| Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `podFailurePolicy`
+| `object`
+| PodFailurePolicy describes how failed pods influence the backoffLimit.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
+| `suspend`
+| `boolean`
+| suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+
+| `template`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
+| Describes the pod that will be created when executing a job. The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `ttlSecondsAfterFinished`
+| `integer`
+| ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.
+
+|===
+=== .spec.podFailurePolicy
+Description::
++
+--
+PodFailurePolicy describes how failed pods influence the backoffLimit.
+--
+
+Type::
+  `object`
+
+Required::
+  - `rules`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `rules`
+| `array`
+| A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.
+
+| `rules[]`
+| `object`
+| PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
+
+|===
+=== .spec.podFailurePolicy.rules
+Description::
++
+--
+A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.podFailurePolicy.rules[]
+Description::
++
+--
+PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
+--
+
+Type::
+  `object`
+
+Required::
+  - `action`
+  - `onPodConditions`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `string`
+| Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:
+
+- FailJob: indicates that the pod's job is marked as Failed and all
+  running pods are terminated.
+- Ignore: indicates that the counter towards the .backoffLimit is not
+  incremented and a replacement pod is created.
+- Count: indicates that the pod is handled in the default way - the
+  counter towards the .backoffLimit is incremented.
+Additional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.
+
+Possible enum values:
+ - `"Count"` This is an action which might be taken on a pod failure - the pod failure is handled in the default way - the counter towards .backoffLimit, represented by the job's .status.failed field, is incremented.
+ - `"FailJob"` This is an action which might be taken on a pod failure - mark the pod's job as Failed and terminate all running pods.
+ - `"Ignore"` This is an action which might be taken on a pod failure - the counter towards .backoffLimit, represented by the job's .status.failed field, is not incremented and a replacement pod is created.
+
+| `onExitCodes`
+| `object`
+| PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.
+
+| `onPodConditions`
+| `array`
+| Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.
+
+| `onPodConditions[]`
+| `object`
+| PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.
+
+|===
+=== .spec.podFailurePolicy.rules[].onExitCodes
+Description::
++
+--
+PodFailurePolicyOnExitCodesRequirement describes the requirement for handling a failed pod based on its container exit codes. In particular, it lookups the .state.terminated.exitCode for each app container and init container status, represented by the .status.containerStatuses and .status.initContainerStatuses fields in the Pod status, respectively. Containers completed with success (exit code 0) are excluded from the requirement check.
+--
+
+Type::
+  `object`
+
+Required::
+  - `operator`
+  - `values`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.
+
+| `operator`
+| `string`
+| Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are:
+
+- In: the requirement is satisfied if at least one container exit code
+  (might be multiple if there are multiple containers not restricted
+  by the 'containerName' field) is in the set of specified values.
+- NotIn: the requirement is satisfied if at least one container exit code
+  (might be multiple if there are multiple containers not restricted
+  by the 'containerName' field) is not in the set of specified values.
+Additional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.
+
+Possible enum values:
+ - `"In"`
+ - `"NotIn"`
+
+| `values`
+| `array (integer)`
+| Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.
+
+|===
+=== .spec.podFailurePolicy.rules[].onPodConditions
+Description::
++
+--
+Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.podFailurePolicy.rules[].onPodConditions[]
+Description::
++
+--
+PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `status`
+| `string`
+| Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.
+
+| `type`
+| `string`
+| Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.
+
+|===
+=== .status
+Description::
++
+--
+JobStatus represents the current state of a Job.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `active`
+| `integer`
+| The number of pending and running pods.
+
+| `completedIndexes`
+| `string`
+| completedIndexes holds the completed indexes when .spec.completionMode = "Indexed" in a text format. The indexes are represented as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the completed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7".
+
+| `completionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC. The completion time is only set when the job finishes successfully.
+
+| `conditions`
+| `array`
+| The latest available observations of an object's current state. When a Job fails, one of the conditions will have type "Failed" and status true. When a Job is suspended, one of the conditions will have type "Suspended" and status true; when the Job is resumed, the status of this condition will become false. When a Job is completed, one of the conditions will have type "Complete" and status true. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+| `conditions[]`
+| `object`
+| JobCondition describes current state of a job.
+
+| `failed`
+| `integer`
+| The number of pods which reached phase Failed.
+
+| `ready`
+| `integer`
+| The number of pods which have a Ready condition.
+
+This field is beta-level. The job controller populates the field when the feature gate JobReadyPods is enabled (enabled by default).
+
+| `startTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Represents time when the job controller started processing a job. When a Job is created in the suspended state, this field is not set until the first time it is resumed. This field is reset every time a Job is resumed from suspension. It is represented in RFC3339 form and is in UTC.
+
+| `succeeded`
+| `integer`
+| The number of pods which reached phase Succeeded.
+
+| `uncountedTerminatedPods`
+| `object`
+| UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.
+
+|===
+=== .status.conditions
+Description::
++
+--
+The latest available observations of an object's current state. When a Job fails, one of the conditions will have type "Failed" and status true. When a Job is suspended, one of the conditions will have type "Suspended" and status true; when the Job is resumed, the status of this condition will become false. When a Job is completed, one of the conditions will have type "Complete" and status true. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+JobCondition describes current state of a job.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastProbeTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition was checked.
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transit from one status to another.
+
+| `message`
+| `string`
+| Human readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| (brief) reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of job condition, Complete or Failed.
+
+|===
+=== .status.uncountedTerminatedPods
+Description::
++
+--
+UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `failed`
+| `array (string)`
+| failed holds UIDs of failed Pods.
+
+| `succeeded`
+| `array (string)`
+| succeeded holds UIDs of succeeded Pods.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/batch/v1/jobs`
+- `GET`: list or watch objects of kind Job
+* `/apis/batch/v1/watch/jobs`
+- `GET`: watch individual changes to a list of Job. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/batch/v1/namespaces/{namespace}/jobs`
+- `DELETE`: delete collection of Job
+- `GET`: list or watch objects of kind Job
+- `POST`: create a Job
+* `/apis/batch/v1/watch/namespaces/{namespace}/jobs`
+- `GET`: watch individual changes to a list of Job. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/batch/v1/namespaces/{namespace}/jobs/{name}`
+- `DELETE`: delete a Job
+- `GET`: read the specified Job
+- `PATCH`: partially update the specified Job
+- `PUT`: replace the specified Job
+* `/apis/batch/v1/watch/namespaces/{namespace}/jobs/{name}`
+- `GET`: watch changes to an object of kind Job. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/batch/v1/namespaces/{namespace}/jobs/{name}/status`
+- `GET`: read status of the specified Job
+- `PATCH`: partially update status of the specified Job
+- `PUT`: replace status of the specified Job
+
+
+=== /apis/batch/v1/jobs
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Job
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.batch.v1.JobList[`JobList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/watch/jobs
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Job. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/namespaces/{namespace}/jobs
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.batch.v1.JobList[`JobList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 201 - Created
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 202 - Accepted
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/watch/namespaces/{namespace}/jobs
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Job. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/namespaces/{namespace}/jobs/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Job
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Job
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 201 - Created
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 201 - Created
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/watch/namespaces/{namespace}/jobs/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Job
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Job. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Job
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Job
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 201 - Created
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Job
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 201 - Created
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`Job`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/certificates_apis/certificates-apis-index.adoc b/microshift_rest_api/certificates_apis/certificates-apis-index.adoc
new file mode 100644
index 000000000000..62c7fabaecf6
--- /dev/null
+++ b/microshift_rest_api/certificates_apis/certificates-apis-index.adoc
@@ -0,0 +1,26 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="certificates-apis"]
+= Certificates APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== CertificateSigningRequest [certificates.k8s.io/v1]
+
+Description::
++
+--
+CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.
+
+Kubelets use this API to obtain:
+ 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
+ 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
+
+This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc b/microshift_rest_api/certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc
new file mode 100644
index 000000000000..260e238516d4
--- /dev/null
+++ b/microshift_rest_api/certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc
@@ -0,0 +1,1132 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="certificatesigningrequest-certificates-k8s-io-v1"]
+= CertificateSigningRequest [certificates.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.
+
+Kubelets use this API to obtain:
+ 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
+ 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
+
+This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+|
+
+| `spec`
+| `object`
+| CertificateSigningRequestSpec contains the certificate request.
+
+| `status`
+| `object`
+| CertificateSigningRequestStatus contains conditions used to indicate approved/denied/failed status of the request, and the issued certificate.
+
+|===
+=== .spec
+Description::
++
+--
+CertificateSigningRequestSpec contains the certificate request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `request`
+  - `signerName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `expirationSeconds`
+| `integer`
+| expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.
+
+The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
+
+Certificate signers may not honor this field for various reasons:
+
+  1. Old signer that is unaware of the field (such as the in-tree
+     implementations prior to v1.22)
+  2. Signer whose configured maximum is shorter than the requested duration
+  3. Signer whose configured minimum is longer than the requested duration
+
+The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
+
+| `extra`
+| `object`
+| extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
+| `extra{}`
+| `array (string)`
+|
+
+| `groups`
+| `array (string)`
+| groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
+| `request`
+| `string`
+| request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.
+
+| `signerName`
+| `string`
+| signerName indicates the requested signer, and is a qualified name.
+
+List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
+
+Well-known Kubernetes signers are:
+ 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
+  Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
+ 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
+  Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
+ 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
+  Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
+
+More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
+
+Custom signerNames can also be specified. The signer defines:
+ 1. Trust distribution: how trust (CA bundles) are distributed.
+ 2. Permitted subjects: and behavior when a disallowed subject is requested.
+ 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
+ 4. Required, permitted, or forbidden key usages / extended key usages.
+ 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
+ 6. Whether or not requests for CA certificates are allowed.
+
+| `uid`
+| `string`
+| uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
+| `usages`
+| `array (string)`
+| usages specifies a set of key usages requested in the issued certificate.
+
+Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
+
+Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
+
+Valid values are:
+ "signing", "digital signature", "content commitment",
+ "key encipherment", "key agreement", "data encipherment",
+ "cert sign", "crl sign", "encipher only", "decipher only", "any",
+ "server auth", "client auth",
+ "code signing", "email protection", "s/mime",
+ "ipsec end system", "ipsec tunnel", "ipsec user",
+ "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
+
+| `username`
+| `string`
+| username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
+|===
+=== .spec.extra
+Description::
++
+--
+extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+--
+
+Type::
+  `object`
+
+
+
+
+=== .status
+Description::
++
+--
+CertificateSigningRequestStatus contains conditions used to indicate approved/denied/failed status of the request, and the issued certificate.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `certificate`
+| `string`
+| certificate is populated with an issued certificate by the signer after an Approved condition is present. This field is set via the /status subresource. Once populated, this field is immutable.
+
+If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
+
+Validation requirements:
+ 1. certificate must contain one or more PEM blocks.
+ 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data
+  must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280.
+ 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
+  to allow for explanatory text as described in section 5.2 of RFC7468.
+
+If more than one PEM block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
+
+The certificate is encoded in PEM format.
+
+When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of:
+
+    base64(
+    -----BEGIN CERTIFICATE-----
+    ...
+    -----END CERTIFICATE-----
+    )
+
+| `conditions`
+| `array`
+| conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
+
+| `conditions[]`
+| `object`
+| CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastTransitionTime is the time the condition last transitioned from one status to another. If unset, when a new condition type is added or an existing condition's status is changed, the server defaults this to the current time.
+
+| `lastUpdateTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastUpdateTime is the time of the last update to this condition
+
+| `message`
+| `string`
+| message contains a human readable message with details about the request state
+
+| `reason`
+| `string`
+| reason indicates a brief reason for the request state
+
+| `status`
+| `string`
+| status of the condition, one of True, False, Unknown. Approved, Denied, and Failed conditions may not be "False" or "Unknown".
+
+| `type`
+| `string`
+| type of the condition. Known conditions are "Approved", "Denied", and "Failed".
+
+An "Approved" condition is added via the /approval subresource, indicating the request was approved and should be issued by the signer.
+
+A "Denied" condition is added via the /approval subresource, indicating the request was denied and should not be issued by the signer.
+
+A "Failed" condition is added via the /status subresource, indicating the signer failed to issue the certificate.
+
+Approved and Denied conditions are mutually exclusive. Approved, Denied, and Failed conditions cannot be removed once added.
+
+Only one condition of a given type is allowed.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/certificates.k8s.io/v1/certificatesigningrequests`
+- `DELETE`: delete collection of CertificateSigningRequest
+- `GET`: list or watch objects of kind CertificateSigningRequest
+- `POST`: create a CertificateSigningRequest
+* `/apis/certificates.k8s.io/v1/watch/certificatesigningrequests`
+- `GET`: watch individual changes to a list of CertificateSigningRequest. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}`
+- `DELETE`: delete a CertificateSigningRequest
+- `GET`: read the specified CertificateSigningRequest
+- `PATCH`: partially update the specified CertificateSigningRequest
+- `PUT`: replace the specified CertificateSigningRequest
+* `/apis/certificates.k8s.io/v1/watch/certificatesigningrequests/{name}`
+- `GET`: watch changes to an object of kind CertificateSigningRequest. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/status`
+- `GET`: read status of the specified CertificateSigningRequest
+- `PATCH`: partially update status of the specified CertificateSigningRequest
+- `PUT`: replace status of the specified CertificateSigningRequest
+* `/apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/approval`
+- `GET`: read approval of the specified CertificateSigningRequest
+- `PATCH`: partially update approval of the specified CertificateSigningRequest
+- `PUT`: replace approval of the specified CertificateSigningRequest
+
+
+=== /apis/certificates.k8s.io/v1/certificatesigningrequests
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.certificates.v1.CertificateSigningRequestList[`CertificateSigningRequestList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 202 - Accepted
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/certificates.k8s.io/v1/watch/certificatesigningrequests
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CertificateSigningRequest. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CertificateSigningRequest
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified CertificateSigningRequest
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/certificates.k8s.io/v1/watch/certificatesigningrequests/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CertificateSigningRequest
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind CertificateSigningRequest. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CertificateSigningRequest
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified CertificateSigningRequest
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/approval
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CertificateSigningRequest
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read approval of the specified CertificateSigningRequest
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update approval of the specified CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace approval of the specified CertificateSigningRequest
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 201 - Created
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`CertificateSigningRequest`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/coordination_apis/coordination-apis-index.adoc b/microshift_rest_api/coordination_apis/coordination-apis-index.adoc
new file mode 100644
index 000000000000..32b7ab673b8b
--- /dev/null
+++ b/microshift_rest_api/coordination_apis/coordination-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="coordination-apis"]
+= Coordination APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Lease [coordination.k8s.io/v1]
+
+Description::
++
+--
+Lease defines a lease concept.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/coordination_apis/lease-coordination-k8s-io-v1.adoc b/microshift_rest_api/coordination_apis/lease-coordination-k8s-io-v1.adoc
new file mode 100644
index 000000000000..5fdee06fb8bb
--- /dev/null
+++ b/microshift_rest_api/coordination_apis/lease-coordination-k8s-io-v1.adoc
@@ -0,0 +1,849 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="lease-coordination-k8s-io-v1"]
+= Lease [coordination.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Lease defines a lease concept.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| LeaseSpec is a specification of a Lease.
+
+|===
+=== .spec
+Description::
++
+--
+LeaseSpec is a specification of a Lease.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `acquireTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime[`MicroTime`]
+| acquireTime is a time when the current lease was acquired.
+
+| `holderIdentity`
+| `string`
+| holderIdentity contains the identity of the holder of a current lease.
+
+| `leaseDurationSeconds`
+| `integer`
+| leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed renewTime.
+
+| `leaseTransitions`
+| `integer`
+| leaseTransitions is the number of transitions of a lease between holders.
+
+| `renewTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime[`MicroTime`]
+| renewTime is a time when the current holder of a lease has last updated the lease.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/coordination.k8s.io/v1/leases`
+- `GET`: list or watch objects of kind Lease
+* `/apis/coordination.k8s.io/v1/watch/leases`
+- `GET`: watch individual changes to a list of Lease. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/coordination.k8s.io/v1/namespaces/{namespace}/leases`
+- `DELETE`: delete collection of Lease
+- `GET`: list or watch objects of kind Lease
+- `POST`: create a Lease
+* `/apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases`
+- `GET`: watch individual changes to a list of Lease. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}`
+- `DELETE`: delete a Lease
+- `GET`: read the specified Lease
+- `PATCH`: partially update the specified Lease
+- `PUT`: replace the specified Lease
+* `/apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases/{name}`
+- `GET`: watch changes to an object of kind Lease. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/coordination.k8s.io/v1/leases
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Lease
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.coordination.v1.LeaseList[`LeaseList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/coordination.k8s.io/v1/watch/leases
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Lease. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Lease
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Lease
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.coordination.v1.LeaseList[`LeaseList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Lease
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 201 - Created
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 202 - Accepted
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Lease. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Lease
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Lease
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Lease
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Lease
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 201 - Created
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Lease
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 201 - Created
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`Lease`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Lease
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Lease. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/binding-v1.adoc b/microshift_rest_api/core_apis/binding-v1.adoc
new file mode 100644
index 000000000000..974ffd1cfb67
--- /dev/null
+++ b/microshift_rest_api/core_apis/binding-v1.adoc
@@ -0,0 +1,228 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="binding-v1"]
+= Binding [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Binding ties one object to another; for example, a pod is bound to a node by a scheduler. Deprecated in 1.7, please use the bindings subresource of pods instead.
+--
+
+Type::
+  `object`
+
+Required::
+  - `target`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `target`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+|===
+=== .target
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/namespaces/{namespace}/bindings`
+- `POST`: create a Binding
+* `/api/v1/namespaces/{namespace}/pods/{name}/binding`
+- `POST`: create binding of a Pod
+
+
+=== /api/v1/namespaces/{namespace}/bindings
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Binding
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+| 201 - Created
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+| 202 - Accepted
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/pods/{name}/binding
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Binding
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create binding of a Pod
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+| 201 - Created
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+| 202 - Accepted
+| xref:../core_apis/binding-v1.adoc#binding-v1[`Binding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/componentstatus-v1.adoc b/microshift_rest_api/core_apis/componentstatus-v1.adoc
new file mode 100644
index 000000000000..303082e01bd7
--- /dev/null
+++ b/microshift_rest_api/core_apis/componentstatus-v1.adoc
@@ -0,0 +1,227 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="componentstatus-v1"]
+= ComponentStatus [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `conditions`
+| `array`
+| List of component conditions observed
+
+| `conditions[]`
+| `object`
+| Information about the condition of a component.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+=== .conditions
+Description::
++
+--
+List of component conditions observed
+--
+
+Type::
+  `array`
+
+
+
+
+=== .conditions[]
+Description::
++
+--
+Information about the condition of a component.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `error`
+| `string`
+| Condition error code for a component. For example, a health check error code.
+
+| `message`
+| `string`
+| Message about the condition for a component. For example, information about a health check.
+
+| `status`
+| `string`
+| Status of the condition for a component. Valid values for "Healthy": "True", "False", or "Unknown".
+
+| `type`
+| `string`
+| Type of condition for a component. Valid value: "Healthy"
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/componentstatuses`
+- `GET`: list objects of kind ComponentStatus
+* `/api/v1/componentstatuses/{name}`
+- `GET`: read the specified ComponentStatus
+
+
+=== /api/v1/componentstatuses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind ComponentStatus
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ComponentStatusList[`ComponentStatusList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/componentstatuses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ComponentStatus
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ComponentStatus
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/componentstatus-v1.adoc#componentstatus-v1[`ComponentStatus`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/configmap-v1.adoc b/microshift_rest_api/core_apis/configmap-v1.adoc
new file mode 100644
index 000000000000..027ca682f883
--- /dev/null
+++ b/microshift_rest_api/core_apis/configmap-v1.adoc
@@ -0,0 +1,819 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="configmap-v1"]
+= ConfigMap [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ConfigMap holds configuration data for pods to consume.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `binaryData`
+| `object (string)`
+| BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.
+
+| `data`
+| `object (string)`
+| Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
+
+| `immutable`
+| `boolean`
+| Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/configmaps`
+- `GET`: list or watch objects of kind ConfigMap
+* `/api/v1/watch/configmaps`
+- `GET`: watch individual changes to a list of ConfigMap. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/configmaps`
+- `DELETE`: delete collection of ConfigMap
+- `GET`: list or watch objects of kind ConfigMap
+- `POST`: create a ConfigMap
+* `/api/v1/watch/namespaces/{namespace}/configmaps`
+- `GET`: watch individual changes to a list of ConfigMap. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/configmaps/{name}`
+- `DELETE`: delete a ConfigMap
+- `GET`: read the specified ConfigMap
+- `PATCH`: partially update the specified ConfigMap
+- `PUT`: replace the specified ConfigMap
+* `/api/v1/watch/namespaces/{namespace}/configmaps/{name}`
+- `GET`: watch changes to an object of kind ConfigMap. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/configmaps
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ConfigMap
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapList[`ConfigMapList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/configmaps
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ConfigMap. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/configmaps
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ConfigMap
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ConfigMap
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapList[`ConfigMapList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ConfigMap
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 201 - Created
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 202 - Accepted
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/configmaps
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ConfigMap. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/configmaps/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ConfigMap
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ConfigMap
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ConfigMap
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ConfigMap
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 201 - Created
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ConfigMap
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 201 - Created
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`ConfigMap`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/configmaps/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ConfigMap
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ConfigMap. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/core-apis-index.adoc b/microshift_rest_api/core_apis/core-apis-index.adoc
new file mode 100644
index 000000000000..0ce0912157cf
--- /dev/null
+++ b/microshift_rest_api/core_apis/core-apis-index.adoc
@@ -0,0 +1,208 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="core-apis"]
+= Core APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Binding [v1]
+
+Description::
++
+--
+Binding ties one object to another; for example, a pod is bound to a node by a scheduler. Deprecated in 1.7, please use the bindings subresource of pods instead.
+--
+
+Type::
+  `object`
+
+== ComponentStatus [v1]
+
+Description::
++
+--
+ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+
+--
+
+Type::
+  `object`
+
+== ConfigMap [v1]
+
+Description::
++
+--
+ConfigMap holds configuration data for pods to consume.
+--
+
+Type::
+  `object`
+
+== Endpoints [v1]
+
+Description::
++
+--
+Endpoints is a collection of endpoints that implement the actual service. Example:
+
+	 Name: "mysvc",
+	 Subsets: [
+	   {
+	     Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
+	     Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
+	   },
+	   {
+	     Addresses: [{"ip": "10.10.3.3"}],
+	     Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
+	   },
+	]
+--
+
+Type::
+  `object`
+
+== Event [v1]
+
+Description::
++
+--
+Event is a report of an event somewhere in the cluster.  Events have a limited retention time and triggers and messages may evolve with time.  Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason.  Events should be treated as informative, best-effort, supplemental data.
+--
+
+Type::
+  `object`
+
+== LimitRange [v1]
+
+Description::
++
+--
+LimitRange sets resource usage limits for each kind of resource in a Namespace.
+--
+
+Type::
+  `object`
+
+== Namespace [v1]
+
+Description::
++
+--
+Namespace provides a scope for Names. Use of multiple namespaces is optional.
+--
+
+Type::
+  `object`
+
+== Node [v1]
+
+Description::
++
+--
+Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).
+--
+
+Type::
+  `object`
+
+== PersistentVolume [v1]
+
+Description::
++
+--
+PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
+--
+
+Type::
+  `object`
+
+== PersistentVolumeClaim [v1]
+
+Description::
++
+--
+PersistentVolumeClaim is a user's request for and claim to a persistent volume
+--
+
+Type::
+  `object`
+
+== Pod [v1]
+
+Description::
++
+--
+Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.
+--
+
+Type::
+  `object`
+
+== PodTemplate [v1]
+
+Description::
++
+--
+PodTemplate describes a template for creating copies of a predefined pod.
+--
+
+Type::
+  `object`
+
+== ReplicationController [v1]
+
+Description::
++
+--
+ReplicationController represents the configuration of a replication controller.
+--
+
+Type::
+  `object`
+
+== ResourceQuota [v1]
+
+Description::
++
+--
+ResourceQuota sets aggregate quota restrictions enforced per namespace
+--
+
+Type::
+  `object`
+
+== Secret [v1]
+
+Description::
++
+--
+Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.
+--
+
+Type::
+  `object`
+
+== Service [v1]
+
+Description::
++
+--
+Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.
+--
+
+Type::
+  `object`
+
+== ServiceAccount [v1]
+
+Description::
++
+--
+ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/core_apis/endpoints-v1.adoc b/microshift_rest_api/core_apis/endpoints-v1.adoc
new file mode 100644
index 000000000000..0a7601363d9f
--- /dev/null
+++ b/microshift_rest_api/core_apis/endpoints-v1.adoc
@@ -0,0 +1,1153 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="endpoints-v1"]
+= Endpoints [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Endpoints is a collection of endpoints that implement the actual service. Example:
+
+	 Name: "mysvc",
+	 Subsets: [
+	   {
+	     Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
+	     Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
+	   },
+	   {
+	     Addresses: [{"ip": "10.10.3.3"}],
+	     Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
+	   },
+	]
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `subsets`
+| `array`
+| The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.
+
+| `subsets[]`
+| `object`
+| EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:
+
+	{
+	  Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
+	  Ports:     [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
+	}
+
+The resulting set of endpoints can be viewed as:
+
+	a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
+	b: [ 10.10.1.1:309, 10.10.2.2:309 ]
+
+|===
+=== .subsets
+Description::
++
+--
+The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .subsets[]
+Description::
++
+--
+EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:
+
+	{
+	  Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
+	  Ports:     [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
+	}
+
+The resulting set of endpoints can be viewed as:
+
+	a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
+	b: [ 10.10.1.1:309, 10.10.2.2:309 ]
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `addresses`
+| `array`
+| IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.
+
+| `addresses[]`
+| `object`
+| EndpointAddress is a tuple that describes single IP address.
+
+| `notReadyAddresses`
+| `array`
+| IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.
+
+| `notReadyAddresses[]`
+| `object`
+| EndpointAddress is a tuple that describes single IP address.
+
+| `ports`
+| `array`
+| Port numbers available on the related IP addresses.
+
+| `ports[]`
+| `object`
+| EndpointPort is a tuple that describes a single port.
+
+|===
+=== .subsets[].addresses
+Description::
++
+--
+IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .subsets[].addresses[]
+Description::
++
+--
+EndpointAddress is a tuple that describes single IP address.
+--
+
+Type::
+  `object`
+
+Required::
+  - `ip`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostname`
+| `string`
+| The Hostname of this endpoint
+
+| `ip`
+| `string`
+| The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).
+
+| `nodeName`
+| `string`
+| Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
+
+| `targetRef`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+|===
+=== .subsets[].addresses[].targetRef
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .subsets[].notReadyAddresses
+Description::
++
+--
+IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .subsets[].notReadyAddresses[]
+Description::
++
+--
+EndpointAddress is a tuple that describes single IP address.
+--
+
+Type::
+  `object`
+
+Required::
+  - `ip`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostname`
+| `string`
+| The Hostname of this endpoint
+
+| `ip`
+| `string`
+| The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).
+
+| `nodeName`
+| `string`
+| Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
+
+| `targetRef`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+|===
+=== .subsets[].notReadyAddresses[].targetRef
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .subsets[].ports
+Description::
++
+--
+Port numbers available on the related IP addresses.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .subsets[].ports[]
+Description::
++
+--
+EndpointPort is a tuple that describes a single port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `appProtocol`
+| `string`
+| The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
+
+* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
+
+* Kubernetes-defined prefixed names:
+  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+
+* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+
+| `name`
+| `string`
+| The name of this port.  This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.
+
+| `port`
+| `integer`
+| The port number of the endpoint.
+
+| `protocol`
+| `string`
+| The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/endpoints`
+- `GET`: list or watch objects of kind Endpoints
+* `/api/v1/watch/endpoints`
+- `GET`: watch individual changes to a list of Endpoints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/endpoints`
+- `DELETE`: delete collection of Endpoints
+- `GET`: list or watch objects of kind Endpoints
+- `POST`: create Endpoints
+* `/api/v1/watch/namespaces/{namespace}/endpoints`
+- `GET`: watch individual changes to a list of Endpoints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/endpoints/{name}`
+- `DELETE`: delete Endpoints
+- `GET`: read the specified Endpoints
+- `PATCH`: partially update the specified Endpoints
+- `PUT`: replace the specified Endpoints
+* `/api/v1/watch/namespaces/{namespace}/endpoints/{name}`
+- `GET`: watch changes to an object of kind Endpoints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/endpoints
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Endpoints
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EndpointsList[`EndpointsList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/endpoints
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Endpoints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/endpoints
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Endpoints
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Endpoints
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EndpointsList[`EndpointsList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create Endpoints
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 201 - Created
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 202 - Accepted
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/endpoints
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Endpoints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/endpoints/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Endpoints
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete Endpoints
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Endpoints
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Endpoints
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 201 - Created
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Endpoints
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 201 - Created
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`Endpoints`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/endpoints/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Endpoints
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Endpoints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/event-v1.adoc b/microshift_rest_api/core_apis/event-v1.adoc
new file mode 100644
index 000000000000..fb2ee8b30c3d
--- /dev/null
+++ b/microshift_rest_api/core_apis/event-v1.adoc
@@ -0,0 +1,1010 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="event-v1"]
+= Event [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Event is a report of an event somewhere in the cluster.  Events have a limited retention time and triggers and messages may evolve with time.  Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason.  Events should be treated as informative, best-effort, supplemental data.
+--
+
+Type::
+  `object`
+
+Required::
+  - `metadata`
+  - `involvedObject`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `string`
+| What action was taken/failed regarding to the Regarding object.
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `count`
+| `integer`
+| The number of times this event has occurred.
+
+| `eventTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime[`MicroTime`]
+| Time when this Event was first observed.
+
+| `firstTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
+
+| `involvedObject`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `lastTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| The time at which the most recent occurrence of this event was recorded.
+
+| `message`
+| `string`
+| A human-readable description of the status of this operation.
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `reason`
+| `string`
+| This should be a short, machine understandable string that gives the reason for the transition into the object's current status.
+
+| `related`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+| `reportingComponent`
+| `string`
+| Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
+
+| `reportingInstance`
+| `string`
+| ID of the controller instance, e.g. `kubelet-xyzf`.
+
+| `series`
+| `object`
+| EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.
+
+| `source`
+| `object`
+| EventSource contains information for an event.
+
+| `type`
+| `string`
+| Type of this event (Normal, Warning), new types could be added in the future
+
+|===
+=== .involvedObject
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .related
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .series
+Description::
++
+--
+EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `count`
+| `integer`
+| Number of occurrences in this series up to the last heartbeat time
+
+| `lastObservedTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime[`MicroTime`]
+| Time of the last occurrence observed
+
+|===
+=== .source
+Description::
++
+--
+EventSource contains information for an event.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `component`
+| `string`
+| Component from which the event is generated.
+
+| `host`
+| `string`
+| Node name on which the event is generated.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/events`
+- `GET`: list or watch objects of kind Event
+* `/api/v1/watch/events`
+- `GET`: watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/events`
+- `DELETE`: delete collection of Event
+- `GET`: list or watch objects of kind Event
+- `POST`: create an Event
+* `/api/v1/watch/namespaces/{namespace}/events`
+- `GET`: watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/events/{name}`
+- `DELETE`: delete an Event
+- `GET`: read the specified Event
+- `PATCH`: partially update the specified Event
+- `PUT`: replace the specified Event
+* `/api/v1/watch/namespaces/{namespace}/events/{name}`
+- `GET`: watch changes to an object of kind Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/events
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Event
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EventList[`EventList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/events
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/events
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EventList[`EventList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 201 - Created
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 202 - Accepted
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/events
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/events/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Event
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Event
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 201 - Created
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 201 - Created
+| xref:../core_apis/event-v1.adoc#event-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/events/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Event
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/limitrange-v1.adoc b/microshift_rest_api/core_apis/limitrange-v1.adoc
new file mode 100644
index 000000000000..10dde3007590
--- /dev/null
+++ b/microshift_rest_api/core_apis/limitrange-v1.adoc
@@ -0,0 +1,896 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="limitrange-v1"]
+= LimitRange [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+LimitRange sets resource usage limits for each kind of resource in a Namespace.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| LimitRangeSpec defines a min/max usage limit for resources that match on kind.
+
+|===
+=== .spec
+Description::
++
+--
+LimitRangeSpec defines a min/max usage limit for resources that match on kind.
+--
+
+Type::
+  `object`
+
+Required::
+  - `limits`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `limits`
+| `array`
+| Limits is the list of LimitRangeItem objects that are enforced.
+
+| `limits[]`
+| `object`
+| LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
+
+|===
+=== .spec.limits
+Description::
++
+--
+Limits is the list of LimitRangeItem objects that are enforced.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.limits[]
+Description::
++
+--
+LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `default`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Default resource requirement limit value by resource name if resource limit is omitted.
+
+| `defaultRequest`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
+
+| `max`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Max usage constraints on this kind by resource name.
+
+| `maxLimitRequestRatio`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
+
+| `min`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Min usage constraints on this kind by resource name.
+
+| `type`
+| `string`
+| Type of resource that this limit applies to.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/limitranges`
+- `GET`: list or watch objects of kind LimitRange
+* `/api/v1/watch/limitranges`
+- `GET`: watch individual changes to a list of LimitRange. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/limitranges`
+- `DELETE`: delete collection of LimitRange
+- `GET`: list or watch objects of kind LimitRange
+- `POST`: create a LimitRange
+* `/api/v1/watch/namespaces/{namespace}/limitranges`
+- `GET`: watch individual changes to a list of LimitRange. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/limitranges/{name}`
+- `DELETE`: delete a LimitRange
+- `GET`: read the specified LimitRange
+- `PATCH`: partially update the specified LimitRange
+- `PUT`: replace the specified LimitRange
+* `/api/v1/watch/namespaces/{namespace}/limitranges/{name}`
+- `GET`: watch changes to an object of kind LimitRange. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/limitranges
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind LimitRange
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LimitRangeList[`LimitRangeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/limitranges
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of LimitRange. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/limitranges
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of LimitRange
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind LimitRange
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LimitRangeList[`LimitRangeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a LimitRange
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 201 - Created
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 202 - Accepted
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/limitranges
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of LimitRange. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/limitranges/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the LimitRange
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a LimitRange
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified LimitRange
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified LimitRange
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 201 - Created
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified LimitRange
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 201 - Created
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`LimitRange`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/limitranges/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the LimitRange
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind LimitRange. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/namespace-v1.adoc b/microshift_rest_api/core_apis/namespace-v1.adoc
new file mode 100644
index 000000000000..fbabe4ae861b
--- /dev/null
+++ b/microshift_rest_api/core_apis/namespace-v1.adoc
@@ -0,0 +1,842 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="namespace-v1"]
+= Namespace [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Namespace provides a scope for Names. Use of multiple namespaces is optional.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| NamespaceSpec describes the attributes on a Namespace.
+
+| `status`
+| `object`
+| NamespaceStatus is information about the current status of a Namespace.
+
+|===
+=== .spec
+Description::
++
+--
+NamespaceSpec describes the attributes on a Namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `finalizers`
+| `array (string)`
+| Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
+
+|===
+=== .status
+Description::
++
+--
+NamespaceStatus is information about the current status of a Namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| Represents the latest available observations of a namespace's current state.
+
+| `conditions[]`
+| `object`
+| NamespaceCondition contains details about state of namespace.
+
+| `phase`
+| `string`
+| Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
+
+Possible enum values:
+ - `"Active"` means the namespace is available for use in the system
+ - `"Terminating"` means the namespace is undergoing graceful termination
+
+|===
+=== .status.conditions
+Description::
++
+--
+Represents the latest available observations of a namespace's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+NamespaceCondition contains details about state of namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+|
+
+| `message`
+| `string`
+|
+
+| `reason`
+| `string`
+|
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of namespace controller condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/namespaces`
+- `GET`: list or watch objects of kind Namespace
+- `POST`: create a Namespace
+* `/api/v1/watch/namespaces`
+- `GET`: watch individual changes to a list of Namespace. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{name}`
+- `DELETE`: delete a Namespace
+- `GET`: read the specified Namespace
+- `PATCH`: partially update the specified Namespace
+- `PUT`: replace the specified Namespace
+* `/api/v1/watch/namespaces/{name}`
+- `GET`: watch changes to an object of kind Namespace. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/namespaces/{name}/status`
+- `GET`: read status of the specified Namespace
+- `PATCH`: partially update status of the specified Namespace
+- `PUT`: replace status of the specified Namespace
+* `/api/v1/namespaces/{name}/finalize`
+- `PUT`: replace finalize of the specified Namespace
+
+
+=== /api/v1/namespaces
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NamespaceList[`NamespaceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 201 - Created
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 202 - Accepted
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Namespace. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Namespace
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Namespace
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 201 - Created
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 201 - Created
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Namespace
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Namespace. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Namespace
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Namespace
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 201 - Created
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Namespace
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 201 - Created
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{name}/finalize
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Namespace
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace finalize of the specified Namespace
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 201 - Created
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`Namespace`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/node-v1.adoc b/microshift_rest_api/core_apis/node-v1.adoc
new file mode 100644
index 000000000000..4f61ec643bdb
--- /dev/null
+++ b/microshift_rest_api/core_apis/node-v1.adoc
@@ -0,0 +1,1534 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="node-v1"]
+= Node [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| NodeSpec describes the attributes that a node is created with.
+
+| `status`
+| `object`
+| NodeStatus is information about the current status of a node.
+
+|===
+=== .spec
+Description::
++
+--
+NodeSpec describes the attributes that a node is created with.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configSource`
+| `object`
+| NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+
+| `externalID`
+| `string`
+| Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966
+
+| `podCIDR`
+| `string`
+| PodCIDR represents the pod IP range assigned to the node.
+
+| `podCIDRs`
+| `array (string)`
+| podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.
+
+| `providerID`
+| `string`
+| ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
+
+| `taints`
+| `array`
+| If specified, the node's taints.
+
+| `taints[]`
+| `object`
+| The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+
+| `unschedulable`
+| `boolean`
+| Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
+
+|===
+=== .spec.configSource
+Description::
++
+--
+NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+
+|===
+=== .spec.configSource.configMap
+Description::
++
+--
+ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+  - `kubeletConfigKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `kubeletConfigKey`
+| `string`
+| KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.
+
+| `name`
+| `string`
+| Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.
+
+| `namespace`
+| `string`
+| Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.
+
+| `resourceVersion`
+| `string`
+| ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+| `uid`
+| `string`
+| UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+|===
+=== .spec.taints
+Description::
++
+--
+If specified, the node's taints.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.taints[]
+Description::
++
+--
+The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `effect`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `effect`
+| `string`
+| Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+
+Possible enum values:
+ - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.
+ - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.
+ - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.
+
+| `key`
+| `string`
+| Required. The taint key to be applied to a node.
+
+| `timeAdded`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.
+
+| `value`
+| `string`
+| The taint value corresponding to the taint key.
+
+|===
+=== .status
+Description::
++
+--
+NodeStatus is information about the current status of a node.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `addresses`
+| `array`
+| List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).
+
+| `addresses[]`
+| `object`
+| NodeAddress contains information for the node's address.
+
+| `allocatable`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.
+
+| `capacity`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
+
+| `conditions`
+| `array`
+| Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
+
+| `conditions[]`
+| `object`
+| NodeCondition contains condition information for a node.
+
+| `config`
+| `object`
+| NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
+
+| `daemonEndpoints`
+| `object`
+| NodeDaemonEndpoints lists ports opened by daemons running on the Node.
+
+| `images`
+| `array`
+| List of container images on this node
+
+| `images[]`
+| `object`
+| Describe a container image
+
+| `nodeInfo`
+| `object`
+| NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
+
+| `phase`
+| `string`
+| NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.
+
+Possible enum values:
+ - `"Pending"` means the node has been created/added by the system, but not configured.
+ - `"Running"` means the node has been configured and has Kubernetes components running.
+ - `"Terminated"` means the node has been removed from the cluster.
+
+| `volumesAttached`
+| `array`
+| List of volumes that are attached to the node.
+
+| `volumesAttached[]`
+| `object`
+| AttachedVolume describes a volume attached to a node
+
+| `volumesInUse`
+| `array (string)`
+| List of attachable volumes in use (mounted) by the node.
+
+|===
+=== .status.addresses
+Description::
++
+--
+List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.addresses[]
+Description::
++
+--
+NodeAddress contains information for the node's address.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `address`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `address`
+| `string`
+| The node address.
+
+| `type`
+| `string`
+| Node address type, one of Hostname, ExternalIP or InternalIP.
+
+|===
+=== .status.conditions
+Description::
++
+--
+Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+NodeCondition contains condition information for a node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastHeartbeatTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time we got an update on a given condition.
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transit from one status to another.
+
+| `message`
+| `string`
+| Human readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| (brief) reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of node condition.
+
+|===
+=== .status.config
+Description::
++
+--
+NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `active`
+| `object`
+| NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+
+| `assigned`
+| `object`
+| NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+
+| `error`
+| `string`
+| Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.
+
+| `lastKnownGood`
+| `object`
+| NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+
+|===
+=== .status.config.active
+Description::
++
+--
+NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+
+|===
+=== .status.config.active.configMap
+Description::
++
+--
+ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+  - `kubeletConfigKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `kubeletConfigKey`
+| `string`
+| KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.
+
+| `name`
+| `string`
+| Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.
+
+| `namespace`
+| `string`
+| Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.
+
+| `resourceVersion`
+| `string`
+| ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+| `uid`
+| `string`
+| UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+|===
+=== .status.config.assigned
+Description::
++
+--
+NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+
+|===
+=== .status.config.assigned.configMap
+Description::
++
+--
+ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+  - `kubeletConfigKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `kubeletConfigKey`
+| `string`
+| KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.
+
+| `name`
+| `string`
+| Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.
+
+| `namespace`
+| `string`
+| Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.
+
+| `resourceVersion`
+| `string`
+| ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+| `uid`
+| `string`
+| UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+|===
+=== .status.config.lastKnownGood
+Description::
++
+--
+NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+
+|===
+=== .status.config.lastKnownGood.configMap
+Description::
++
+--
+ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+  - `kubeletConfigKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `kubeletConfigKey`
+| `string`
+| KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.
+
+| `name`
+| `string`
+| Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.
+
+| `namespace`
+| `string`
+| Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.
+
+| `resourceVersion`
+| `string`
+| ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+| `uid`
+| `string`
+| UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+|===
+=== .status.daemonEndpoints
+Description::
++
+--
+NodeDaemonEndpoints lists ports opened by daemons running on the Node.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `kubeletEndpoint`
+| `object`
+| DaemonEndpoint contains information about a single Daemon endpoint.
+
+|===
+=== .status.daemonEndpoints.kubeletEndpoint
+Description::
++
+--
+DaemonEndpoint contains information about a single Daemon endpoint.
+--
+
+Type::
+  `object`
+
+Required::
+  - `Port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `Port`
+| `integer`
+| Port number of the given endpoint.
+
+|===
+=== .status.images
+Description::
++
+--
+List of container images on this node
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.images[]
+Description::
++
+--
+Describe a container image
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `names`
+| `array (string)`
+| Names by which this image is known. e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
+
+| `sizeBytes`
+| `integer`
+| The size of the image in bytes.
+
+|===
+=== .status.nodeInfo
+Description::
++
+--
+NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `machineID`
+  - `systemUUID`
+  - `bootID`
+  - `kernelVersion`
+  - `osImage`
+  - `containerRuntimeVersion`
+  - `kubeletVersion`
+  - `kubeProxyVersion`
+  - `operatingSystem`
+  - `architecture`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `architecture`
+| `string`
+| The Architecture reported by the node
+
+| `bootID`
+| `string`
+| Boot ID reported by the node.
+
+| `containerRuntimeVersion`
+| `string`
+| ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).
+
+| `kernelVersion`
+| `string`
+| Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
+
+| `kubeProxyVersion`
+| `string`
+| KubeProxy Version reported by the node.
+
+| `kubeletVersion`
+| `string`
+| Kubelet Version reported by the node.
+
+| `machineID`
+| `string`
+| MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
+
+| `operatingSystem`
+| `string`
+| The Operating System reported by the node
+
+| `osImage`
+| `string`
+| OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
+
+| `systemUUID`
+| `string`
+| SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+
+|===
+=== .status.volumesAttached
+Description::
++
+--
+List of volumes that are attached to the node.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.volumesAttached[]
+Description::
++
+--
+AttachedVolume describes a volume attached to a node
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| DevicePath represents the device path where the volume should be available
+
+| `name`
+| `string`
+| Name of the attached volume
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/nodes`
+- `DELETE`: delete collection of Node
+- `GET`: list or watch objects of kind Node
+- `POST`: create a Node
+* `/api/v1/watch/nodes`
+- `GET`: watch individual changes to a list of Node. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/nodes/{name}`
+- `DELETE`: delete a Node
+- `GET`: read the specified Node
+- `PATCH`: partially update the specified Node
+- `PUT`: replace the specified Node
+* `/api/v1/watch/nodes/{name}`
+- `GET`: watch changes to an object of kind Node. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/nodes/{name}/status`
+- `GET`: read status of the specified Node
+- `PATCH`: partially update status of the specified Node
+- `PUT`: replace status of the specified Node
+
+
+=== /api/v1/nodes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeList[`NodeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 201 - Created
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 202 - Accepted
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/nodes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Node. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/nodes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Node
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Node
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 201 - Created
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 201 - Created
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/nodes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Node
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Node. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/nodes/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Node
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Node
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 201 - Created
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Node
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 201 - Created
+| xref:../core_apis/node-v1.adoc#node-v1[`Node`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/persistentvolume-v1.adoc b/microshift_rest_api/core_apis/persistentvolume-v1.adoc
new file mode 100644
index 000000000000..c40cde1a9f14
--- /dev/null
+++ b/microshift_rest_api/core_apis/persistentvolume-v1.adoc
@@ -0,0 +1,2440 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="persistentvolume-v1"]
+= PersistentVolume [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PersistentVolumeSpec is the specification of a persistent volume.
+
+| `status`
+| `object`
+| PersistentVolumeStatus is the current status of a persistent volume.
+
+|===
+=== .spec
+Description::
++
+--
+PersistentVolumeSpec is the specification of a persistent volume.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
+
+| `awsElasticBlockStore`
+| `object`
+| Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+
+| `azureDisk`
+| `object`
+| AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+
+| `azureFile`
+| `object`
+| AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+
+| `capacity`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
+
+| `cephfs`
+| `object`
+| Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+
+| `cinder`
+| `object`
+| Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+
+| `claimRef`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+| `csi`
+| `object`
+| Represents storage that is managed by an external CSI volume driver (Beta feature)
+
+| `fc`
+| `object`
+| Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+
+| `flexVolume`
+| `object`
+| FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.
+
+| `flocker`
+| `object`
+| Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+
+| `gcePersistentDisk`
+| `object`
+| Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+
+| `glusterfs`
+| `object`
+| Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+
+| `hostPath`
+| `object`
+| Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+
+| `iscsi`
+| `object`
+| ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+
+| `local`
+| `object`
+| Local represents directly-attached storage with node affinity (Beta feature)
+
+| `mountOptions`
+| `array (string)`
+| mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
+
+| `nfs`
+| `object`
+| Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+
+| `nodeAffinity`
+| `object`
+| VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
+
+| `persistentVolumeReclaimPolicy`
+| `string`
+| persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
+
+Possible enum values:
+ - `"Delete"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.
+ - `"Recycle"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.
+ - `"Retain"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.
+
+| `photonPersistentDisk`
+| `object`
+| Represents a Photon Controller persistent disk resource.
+
+| `portworxVolume`
+| `object`
+| PortworxVolumeSource represents a Portworx volume resource.
+
+| `quobyte`
+| `object`
+| Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+
+| `rbd`
+| `object`
+| Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+
+| `scaleIO`
+| `object`
+| ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.
+
+| `storageos`
+| `object`
+| Represents a StorageOS persistent volume resource.
+
+| `volumeMode`
+| `string`
+| volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `vsphereVolume`
+| `object`
+| Represents a vSphere volume resource.
+
+|===
+=== .spec.awsElasticBlockStore
+Description::
++
+--
+Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+| `readOnly`
+| `boolean`
+| readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `volumeID`
+| `string`
+| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+|===
+=== .spec.azureDisk
+Description::
++
+--
+AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `diskName`
+  - `diskURI`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cachingMode`
+| `string`
+| cachingMode is the Host Caching mode: None, Read Only, Read Write.
+
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
+| `diskName`
+| `string`
+| diskName is the Name of the data disk in the blob storage
+
+| `diskURI`
+| `string`
+| diskURI is the URI of data disk in the blob storage
+
+| `fsType`
+| `string`
+| fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `kind`
+| `string`
+| kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
+
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+|===
+=== .spec.azureFile
+Description::
++
+--
+AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `secretName`
+  - `shareName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretName`
+| `string`
+| secretName is the name of secret that contains Azure Storage Account Name and Key
+
+| `secretNamespace`
+| `string`
+| secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod
+
+| `shareName`
+| `string`
+| shareName is the azure Share Name
+
+|===
+=== .spec.cephfs
+Description::
++
+--
+Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `monitors`
+| `array (string)`
+| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `path`
+| `string`
+| path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretFile`
+| `string`
+| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `user`
+| `string`
+| user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+|===
+=== .spec.cephfs.secretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.cinder
+Description::
++
+--
+Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `secretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `volumeID`
+| `string`
+| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+|===
+=== .spec.cinder.secretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.claimRef
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .spec.csi
+Description::
++
+--
+Represents storage that is managed by an external CSI volume driver (Beta feature)
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+  - `volumeHandle`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `controllerExpandSecretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `controllerPublishSecretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume. Required.
+
+| `fsType`
+| `string`
+| fsType to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs".
+
+| `nodeExpandSecretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `nodePublishSecretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `nodeStageSecretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `readOnly`
+| `boolean`
+| readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).
+
+| `volumeAttributes`
+| `object (string)`
+| volumeAttributes of the volume to publish.
+
+| `volumeHandle`
+| `string`
+| volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.
+
+|===
+=== .spec.csi.controllerExpandSecretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.csi.controllerPublishSecretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.csi.nodeExpandSecretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.csi.nodePublishSecretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.csi.nodeStageSecretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.fc
+Description::
++
+--
+Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `lun`
+| `integer`
+| lun is Optional: FC target lun number
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `targetWWNs`
+| `array (string)`
+| targetWWNs is Optional: FC target worldwide names (WWNs)
+
+| `wwids`
+| `array (string)`
+| wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+
+|===
+=== .spec.flexVolume
+Description::
++
+--
+FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume.
+
+| `fsType`
+| `string`
+| fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
+| `options`
+| `object (string)`
+| options is Optional: this field holds extra command options if any.
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+|===
+=== .spec.flexVolume.secretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.flocker
+Description::
++
+--
+Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `datasetName`
+| `string`
+| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+
+| `datasetUUID`
+| `string`
+| datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+
+|===
+=== .spec.gcePersistentDisk
+Description::
++
+--
+Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `pdName`
+| `string`
+| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+|===
+=== .spec.glusterfs
+Description::
++
+--
+Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoints`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endpoints`
+| `string`
+| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `endpointsNamespace`
+| `string`
+| endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `path`
+| `string`
+| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+|===
+=== .spec.hostPath
+Description::
++
+--
+Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `type`
+| `string`
+| type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
+|===
+=== .spec.iscsi
+Description::
++
+--
+ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `targetPortal`
+  - `iqn`
+  - `lun`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `chapAuthDiscovery`
+| `boolean`
+| chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+
+| `chapAuthSession`
+| `boolean`
+| chapAuthSession defines whether support iSCSI Session CHAP authentication
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
+| `initiatorName`
+| `string`
+| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
+| `iqn`
+| `string`
+| iqn is Target iSCSI Qualified Name.
+
+| `iscsiInterface`
+| `string`
+| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+| `lun`
+| `integer`
+| lun is iSCSI Target Lun number.
+
+| `portals`
+| `array (string)`
+| portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+
+| `secretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `targetPortal`
+| `string`
+| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+|===
+=== .spec.iscsi.secretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.local
+Description::
++
+--
+Local represents directly-attached storage with node affinity (Beta feature)
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
+
+| `path`
+| `string`
+| path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).
+
+|===
+=== .spec.nfs
+Description::
++
+--
+Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `server`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `server`
+| `string`
+| server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+|===
+=== .spec.nodeAffinity
+Description::
++
+--
+VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `required`
+| `object`
+| A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+
+|===
+=== .spec.nodeAffinity.required
+Description::
++
+--
+A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+--
+
+Type::
+  `object`
+
+Required::
+  - `nodeSelectorTerms`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelectorTerms`
+| `array`
+| Required. A list of node selector terms. The terms are ORed.
+
+| `nodeSelectorTerms[]`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+|===
+=== .spec.nodeAffinity.required.nodeSelectorTerms
+Description::
++
+--
+Required. A list of node selector terms. The terms are ORed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nodeAffinity.required.nodeSelectorTerms[]
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.nodeAffinity.required.nodeSelectorTerms[].matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nodeAffinity.required.nodeSelectorTerms[].matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.nodeAffinity.required.nodeSelectorTerms[].matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nodeAffinity.required.nodeSelectorTerms[].matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.photonPersistentDisk
+Description::
++
+--
+Represents a Photon Controller persistent disk resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `pdID`
+| `string`
+| pdID is the ID that identifies Photon Controller persistent disk
+
+|===
+=== .spec.portworxVolume
+Description::
++
+--
+PortworxVolumeSource represents a Portworx volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `volumeID`
+| `string`
+| volumeID uniquely identifies a Portworx volume
+
+|===
+=== .spec.quobyte
+Description::
++
+--
+Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `registry`
+  - `volume`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| group to map volume access to Default is no group
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+
+| `registry`
+| `string`
+| registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+
+| `tenant`
+| `string`
+| tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+
+| `user`
+| `string`
+| user to map volume access to Defaults to serivceaccount user
+
+| `volume`
+| `string`
+| volume is a string that references an already created Quobyte volume by name.
+
+|===
+=== .spec.rbd
+Description::
++
+--
+Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+  - `image`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
+| `image`
+| `string`
+| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `keyring`
+| `string`
+| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `monitors`
+| `array (string)`
+| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `pool`
+| `string`
+| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `user`
+| `string`
+| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+|===
+=== .spec.rbd.secretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.scaleIO
+Description::
++
+--
+ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
+--
+
+Type::
+  `object`
+
+Required::
+  - `gateway`
+  - `system`
+  - `secretRef`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"
+
+| `gateway`
+| `string`
+| gateway is the host address of the ScaleIO API Gateway.
+
+| `protectionDomain`
+| `string`
+| protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+
+| `sslEnabled`
+| `boolean`
+| sslEnabled is the flag to enable/disable SSL communication with Gateway, default false
+
+| `storageMode`
+| `string`
+| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+| `storagePool`
+| `string`
+| storagePool is the ScaleIO Storage Pool associated with the protection domain.
+
+| `system`
+| `string`
+| system is the name of the storage system as configured in ScaleIO.
+
+| `volumeName`
+| `string`
+| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+
+|===
+=== .spec.scaleIO.secretRef
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+=== .spec.storageos
+Description::
++
+--
+Represents a StorageOS persistent volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+| `volumeName`
+| `string`
+| volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
+
+| `volumeNamespace`
+| `string`
+| volumeNamespace specifies the scope of the volume within StorageOS.  If no namespace is specified then the Pod's namespace will be used.  This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+|===
+=== .spec.storageos.secretRef
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .spec.vsphereVolume
+Description::
++
+--
+Represents a vSphere volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `storagePolicyID`
+| `string`
+| storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+
+| `storagePolicyName`
+| `string`
+| storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+
+| `volumePath`
+| `string`
+| volumePath is the path that identifies vSphere volume vmdk
+
+|===
+=== .status
+Description::
++
+--
+PersistentVolumeStatus is the current status of a persistent volume.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| message is a human-readable message indicating details about why the volume is in this state.
+
+| `phase`
+| `string`
+| phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
+
+Possible enum values:
+ - `"Available"` used for PersistentVolumes that are not yet bound Available volumes are held by the binder and matched to PersistentVolumeClaims
+ - `"Bound"` used for PersistentVolumes that are bound
+ - `"Failed"` used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim
+ - `"Pending"` used for PersistentVolumes that are not available
+ - `"Released"` used for PersistentVolumes where the bound PersistentVolumeClaim was deleted released volumes must be recycled before becoming available again this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource
+
+| `reason`
+| `string`
+| reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/persistentvolumes`
+- `DELETE`: delete collection of PersistentVolume
+- `GET`: list or watch objects of kind PersistentVolume
+- `POST`: create a PersistentVolume
+* `/api/v1/watch/persistentvolumes`
+- `GET`: watch individual changes to a list of PersistentVolume. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/persistentvolumes/{name}`
+- `DELETE`: delete a PersistentVolume
+- `GET`: read the specified PersistentVolume
+- `PATCH`: partially update the specified PersistentVolume
+- `PUT`: replace the specified PersistentVolume
+* `/api/v1/watch/persistentvolumes/{name}`
+- `GET`: watch changes to an object of kind PersistentVolume. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/persistentvolumes/{name}/status`
+- `GET`: read status of the specified PersistentVolume
+- `PATCH`: partially update status of the specified PersistentVolume
+- `PUT`: replace status of the specified PersistentVolume
+
+
+=== /api/v1/persistentvolumes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeList[`PersistentVolumeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 202 - Accepted
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/persistentvolumes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PersistentVolume. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/persistentvolumes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PersistentVolume
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 202 - Accepted
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PersistentVolume
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/persistentvolumes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PersistentVolume
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PersistentVolume. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/persistentvolumes/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PersistentVolume
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified PersistentVolume
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified PersistentVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`PersistentVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/persistentvolumeclaim-v1.adoc b/microshift_rest_api/core_apis/persistentvolumeclaim-v1.adoc
new file mode 100644
index 000000000000..48b0e11b5d37
--- /dev/null
+++ b/microshift_rest_api/core_apis/persistentvolumeclaim-v1.adoc
@@ -0,0 +1,1283 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="persistentvolumeclaim-v1"]
+= PersistentVolumeClaim [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PersistentVolumeClaim is a user's request for and claim to a persistent volume
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+
+| `status`
+| `object`
+| PersistentVolumeClaimStatus is the current status of a persistent volume claim.
+
+|===
+=== .spec
+Description::
++
+--
+PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `dataSource`
+| `object`
+| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+
+| `dataSourceRef`
+| `object`
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over volumes to consider for binding.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+
+| `volumeMode`
+| `string`
+| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `volumeName`
+| `string`
+| volumeName is the binding reference to the PersistentVolume backing this claim.
+
+|===
+=== .spec.dataSource
+Description::
++
+--
+TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+=== .spec.dataSourceRef
+Description::
++
+--
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+|===
+=== .spec.resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .status
+Description::
++
+--
+PersistentVolumeClaimStatus is the current status of a persistent volume claim.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
+| `capacity`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| capacity represents the actual resources of the underlying volume.
+
+| `conditions`
+| `array`
+| conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+
+| `conditions[]`
+| `object`
+| PersistentVolumeClaimCondition contains details about state of pvc
+
+| `phase`
+| `string`
+| phase represents the current phase of PersistentVolumeClaim.
+
+Possible enum values:
+ - `"Bound"` used for PersistentVolumeClaims that are bound
+ - `"Lost"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.
+ - `"Pending"` used for PersistentVolumeClaims that are not yet bound
+
+| `resizeStatus`
+| `string`
+| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
+Possible enum values:
+ - `""` When expansion is complete, the empty string is set by resize controller or kubelet.
+ - `"ControllerExpansionFailed"` State set when expansion has failed in resize controller with a terminal error. Transient errors such as timeout should not set this status and should leave ResizeStatus unmodified, so as resize controller can resume the volume expansion.
+ - `"ControllerExpansionInProgress"` State set when resize controller starts expanding the volume in control-plane
+ - `"NodeExpansionFailed"` State set when expansion has failed in kubelet with a terminal error. Transient errors don't set NodeExpansionFailed.
+ - `"NodeExpansionInProgress"` State set when kubelet starts expanding the volume.
+ - `"NodeExpansionPending"` State set when resize controller has finished expanding the volume but further expansion is needed on the node.
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+PersistentVolumeClaimCondition contains details about state of pvc
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastProbeTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastProbeTime is the time we probed the condition.
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastTransitionTime is the time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| message is the human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+
+| `status`
+| `string`
+|
+
+| `type`
+| `string`
+|
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/persistentvolumeclaims`
+- `GET`: list or watch objects of kind PersistentVolumeClaim
+* `/api/v1/watch/persistentvolumeclaims`
+- `GET`: watch individual changes to a list of PersistentVolumeClaim. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/persistentvolumeclaims`
+- `DELETE`: delete collection of PersistentVolumeClaim
+- `GET`: list or watch objects of kind PersistentVolumeClaim
+- `POST`: create a PersistentVolumeClaim
+* `/api/v1/watch/namespaces/{namespace}/persistentvolumeclaims`
+- `GET`: watch individual changes to a list of PersistentVolumeClaim. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}`
+- `DELETE`: delete a PersistentVolumeClaim
+- `GET`: read the specified PersistentVolumeClaim
+- `PATCH`: partially update the specified PersistentVolumeClaim
+- `PUT`: replace the specified PersistentVolumeClaim
+* `/api/v1/watch/namespaces/{namespace}/persistentvolumeclaims/{name}`
+- `GET`: watch changes to an object of kind PersistentVolumeClaim. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status`
+- `GET`: read status of the specified PersistentVolumeClaim
+- `PATCH`: partially update status of the specified PersistentVolumeClaim
+- `PUT`: replace status of the specified PersistentVolumeClaim
+
+
+=== /api/v1/persistentvolumeclaims
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PersistentVolumeClaim
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeClaimList[`PersistentVolumeClaimList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/persistentvolumeclaims
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PersistentVolumeClaim. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/persistentvolumeclaims
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeClaimList[`PersistentVolumeClaimList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 202 - Accepted
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/persistentvolumeclaims
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PersistentVolumeClaim. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PersistentVolumeClaim
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 202 - Accepted
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PersistentVolumeClaim
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/persistentvolumeclaims/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PersistentVolumeClaim
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PersistentVolumeClaim. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PersistentVolumeClaim
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified PersistentVolumeClaim
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified PersistentVolumeClaim
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 201 - Created
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`PersistentVolumeClaim`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/pod-v1.adoc b/microshift_rest_api/core_apis/pod-v1.adoc
new file mode 100644
index 000000000000..ec4802ac9a48
--- /dev/null
+++ b/microshift_rest_api/core_apis/pod-v1.adoc
@@ -0,0 +1,12546 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="pod-v1"]
+= Pod [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PodSpec is a description of a pod.
+
+| `status`
+| `object`
+| PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.
+
+|===
+=== .spec
+Description::
++
+--
+PodSpec is a description of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containers`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `activeDeadlineSeconds`
+| `integer`
+| Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+
+| `affinity`
+| `object`
+| Affinity is a group of affinity scheduling rules.
+
+| `automountServiceAccountToken`
+| `boolean`
+| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+
+| `containers`
+| `array`
+| List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+
+| `containers[]`
+| `object`
+| A single application container that you want to run within a pod.
+
+| `dnsConfig`
+| `object`
+| PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+
+| `dnsPolicy`
+| `string`
+| Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+
+Possible enum values:
+ - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings.
+ - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.
+
+| `enableServiceLinks`
+| `boolean`
+| EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.
+
+| `ephemeralContainers`
+| `array`
+| List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+
+| `ephemeralContainers[]`
+| `object`
+| An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+
+| `hostAliases`
+| `array`
+| HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+
+| `hostAliases[]`
+| `object`
+| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+
+| `hostIPC`
+| `boolean`
+| Use the host's ipc namespace. Optional: Default to false.
+
+| `hostNetwork`
+| `boolean`
+| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
+
+| `hostPID`
+| `boolean`
+| Use the host's pid namespace. Optional: Default to false.
+
+| `hostUsers`
+| `boolean`
+| Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+
+| `hostname`
+| `string`
+| Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+
+| `imagePullSecrets`
+| `array`
+| ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+
+| `imagePullSecrets[]`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `initContainers`
+| `array`
+| List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+
+| `initContainers[]`
+| `object`
+| A single application container that you want to run within a pod.
+
+| `nodeName`
+| `string`
+| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+
+| `nodeSelector`
+| `object (string)`
+| NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+
+| `os`
+| `object`
+| PodOS defines the OS parameters of a pod.
+
+| `overhead`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+
+| `preemptionPolicy`
+| `string`
+| PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
+| `priority`
+| `integer`
+| The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
+
+| `priorityClassName`
+| `string`
+| If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+
+| `readinessGates`
+| `array`
+| If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+
+| `readinessGates[]`
+| `object`
+| PodReadinessGate contains the reference to a pod condition
+
+| `resourceClaims`
+| `array`
+| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+
+| `resourceClaims[]`
+| `object`
+| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+
+| `restartPolicy`
+| `string`
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+
+Possible enum values:
+ - `"Always"`
+ - `"Never"`
+ - `"OnFailure"`
+
+| `runtimeClassName`
+| `string`
+| RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+
+| `schedulerName`
+| `string`
+| If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+
+| `schedulingGates`
+| `array`
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+
+| `schedulingGates[]`
+| `object`
+| PodSchedulingGate is associated to a Pod to guard its scheduling.
+
+| `securityContext`
+| `object`
+| PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+
+| `serviceAccount`
+| `string`
+| DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
+
+| `serviceAccountName`
+| `string`
+| ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
+| `setHostnameAsFQDN`
+| `boolean`
+| If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.
+
+| `shareProcessNamespace`
+| `boolean`
+| Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.
+
+| `subdomain`
+| `string`
+| If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
+
+| `tolerations`
+| `array`
+| If specified, the pod's tolerations.
+
+| `tolerations[]`
+| `object`
+| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+
+| `topologySpreadConstraints`
+| `array`
+| TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+
+| `topologySpreadConstraints[]`
+| `object`
+| TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+
+| `volumes`
+| `array`
+| List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+
+| `volumes[]`
+| `object`
+| Volume represents a named volume in a pod that may be accessed by any container in the pod.
+
+|===
+=== .spec.affinity
+Description::
++
+--
+Affinity is a group of affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeAffinity`
+| `object`
+| Node affinity is a group of node affinity scheduling rules.
+
+| `podAffinity`
+| `object`
+| Pod affinity is a group of inter pod affinity scheduling rules.
+
+| `podAntiAffinity`
+| `object`
+| Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+
+|===
+=== .spec.affinity.nodeAffinity
+Description::
++
+--
+Node affinity is a group of node affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `object`
+| A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+
+|===
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `preference`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preference`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+| `weight`
+| `integer`
+| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+|===
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+--
+
+Type::
+  `object`
+
+Required::
+  - `nodeSelectorTerms`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelectorTerms`
+| `array`
+| Required. A list of node selector terms. The terms are ORed.
+
+| `nodeSelectorTerms[]`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+|===
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
+Description::
++
+--
+Required. A list of node selector terms. The terms are ORed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.affinity.podAffinity
+Description::
++
+--
+Pod affinity is a group of inter pod affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.affinity.podAntiAffinity
+Description::
++
+--
+Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.containers
+Description::
++
+--
+List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[]
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| `array`
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .spec.containers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .spec.containers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .spec.containers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.containers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.containers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.containers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.containers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .spec.containers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .spec.containers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .spec.containers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .spec.containers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.containers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.containers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.containers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.containers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.containers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.containers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.containers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.containers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.containers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.containers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.containers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.containers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.containers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.containers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.containers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.containers[].ports
+Description::
++
+--
+List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.containers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.containers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.containers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.containers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.containers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.containers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .spec.containers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.containers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.containers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.containers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .spec.containers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.containers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.containers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.containers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.containers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.containers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.containers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.containers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.containers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.containers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .spec.containers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .spec.dnsConfig
+Description::
++
+--
+PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
+
+| `options`
+| `array`
+| A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+
+| `options[]`
+| `object`
+| PodDNSConfigOption defines DNS resolver options of a pod.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+
+|===
+=== .spec.dnsConfig.options
+Description::
++
+--
+A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.dnsConfig.options[]
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Required.
+
+| `value`
+| `string`
+|
+
+|===
+=== .spec.ephemeralContainers
+Description::
++
+--
+List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[]
+Description::
++
+--
+An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
+
+| `ports`
+| `array`
+| Ports are not allowed for ephemeral containers.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `targetContainerName`
+| `string`
+| If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .spec.ephemeralContainers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .spec.ephemeralContainers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .spec.ephemeralContainers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.ephemeralContainers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.ephemeralContainers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.ephemeralContainers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .spec.ephemeralContainers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .spec.ephemeralContainers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .spec.ephemeralContainers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.ephemeralContainers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.ephemeralContainers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.ephemeralContainers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.ephemeralContainers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.ephemeralContainers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.ephemeralContainers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.ephemeralContainers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.ephemeralContainers[].ports
+Description::
++
+--
+Ports are not allowed for ephemeral containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.ephemeralContainers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.ephemeralContainers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.ephemeralContainers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.ephemeralContainers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.ephemeralContainers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.ephemeralContainers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .spec.ephemeralContainers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.ephemeralContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.ephemeralContainers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.ephemeralContainers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .spec.ephemeralContainers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.ephemeralContainers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.ephemeralContainers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.ephemeralContainers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.ephemeralContainers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.ephemeralContainers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.ephemeralContainers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.ephemeralContainers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.ephemeralContainers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.ephemeralContainers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .spec.ephemeralContainers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .spec.hostAliases
+Description::
++
+--
+HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.hostAliases[]
+Description::
++
+--
+HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostnames`
+| `array (string)`
+| Hostnames for the above IP address.
+
+| `ip`
+| `string`
+| IP address of the host file entry.
+
+|===
+=== .spec.imagePullSecrets
+Description::
++
+--
+ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.imagePullSecrets[]
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.initContainers
+Description::
++
+--
+List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[]
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| `array`
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .spec.initContainers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .spec.initContainers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .spec.initContainers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.initContainers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.initContainers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.initContainers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.initContainers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .spec.initContainers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .spec.initContainers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .spec.initContainers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .spec.initContainers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.initContainers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.initContainers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.initContainers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.initContainers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.initContainers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.initContainers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.initContainers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.initContainers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.initContainers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.initContainers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.initContainers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.initContainers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.initContainers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.initContainers[].ports
+Description::
++
+--
+List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.initContainers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.initContainers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.initContainers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.initContainers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.initContainers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.initContainers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .spec.initContainers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.initContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.initContainers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.initContainers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .spec.initContainers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.initContainers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.initContainers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.initContainers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.initContainers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.initContainers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.initContainers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.initContainers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.initContainers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.initContainers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .spec.initContainers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .spec.os
+Description::
++
+--
+PodOS defines the OS parameters of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+
+|===
+=== .spec.readinessGates
+Description::
++
+--
+If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.readinessGates[]
+Description::
++
+--
+PodReadinessGate contains the reference to a pod condition
+--
+
+Type::
+  `object`
+
+Required::
+  - `conditionType`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditionType`
+| `string`
+| ConditionType refers to a condition in the pod's condition list with matching type.
+
+|===
+=== .spec.resourceClaims
+Description::
++
+--
+ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.resourceClaims[]
+Description::
++
+--
+PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
+
+| `source`
+| `object`
+| ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+
+|===
+=== .spec.resourceClaims[].source
+Description::
++
+--
+ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceClaimName`
+| `string`
+| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
+
+| `resourceClaimTemplateName`
+| `string`
+| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
+
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
+
+An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+
+This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
+
+|===
+=== .spec.schedulingGates
+Description::
++
+--
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.schedulingGates[]
+Description::
++
+--
+PodSchedulingGate is associated to a Pod to guard its scheduling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the scheduling gate. Each scheduling gate must have a unique name field.
+
+|===
+=== .spec.securityContext
+Description::
++
+--
+PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsGroup`
+| `integer`
+| A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
+
+1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
+
+If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+
+| `fsGroupChangePolicy`
+| `string`
+| fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `supplementalGroups`
+| `array (integer)`
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls`
+| `array`
+| Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls[]`
+| `object`
+| Sysctl defines a kernel parameter to be set
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.securityContext.sysctls
+Description::
++
+--
+Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.securityContext.sysctls[]
+Description::
++
+--
+Sysctl defines a kernel parameter to be set
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of a property to set
+
+| `value`
+| `string`
+| Value of a property to set
+
+|===
+=== .spec.securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.tolerations
+Description::
++
+--
+If specified, the pod's tolerations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.tolerations[]
+Description::
++
+--
+The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `effect`
+| `string`
+| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+
+Possible enum values:
+ - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.
+ - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.
+ - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.
+
+| `key`
+| `string`
+| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+
+| `operator`
+| `string`
+| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+
+Possible enum values:
+ - `"Equal"`
+ - `"Exists"`
+
+| `tolerationSeconds`
+| `integer`
+| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
+| `value`
+| `string`
+| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+|===
+=== .spec.topologySpreadConstraints
+Description::
++
+--
+TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.topologySpreadConstraints[]
+Description::
++
+--
+TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+--
+
+Type::
+  `object`
+
+Required::
+  - `maxSkew`
+  - `topologyKey`
+  - `whenUnsatisfiable`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+
+| `matchLabelKeys`
+| `array (string)`
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `maxSkew`
+| `integer`
+| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|   P   \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
+| `minDomains`
+| `integer`
+| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|  P P  \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
+
+This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `nodeAffinityPolicy`
+| `string`
+| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `nodeTaintsPolicy`
+| `string`
+| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
+
+If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `topologyKey`
+| `string`
+| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+
+| `whenUnsatisfiable`
+| `string`
+| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+  but giving higher precedence to topologies that would help reduce the
+  skew.
+A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \|   P   \|   P   \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+
+Possible enum values:
+ - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied.
+ - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied.
+
+|===
+=== .spec.volumes
+Description::
++
+--
+List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[]
+Description::
++
+--
+Volume represents a named volume in a pod that may be accessed by any container in the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `awsElasticBlockStore`
+| `object`
+| Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+
+| `azureDisk`
+| `object`
+| AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+
+| `azureFile`
+| `object`
+| AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+
+| `cephfs`
+| `object`
+| Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+
+| `cinder`
+| `object`
+| Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+
+| `configMap`
+| `object`
+| Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+
+| `csi`
+| `object`
+| Represents a source location of a volume to mount, managed by an external CSI driver
+
+| `downwardAPI`
+| `object`
+| DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+
+| `emptyDir`
+| `object`
+| Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+
+| `ephemeral`
+| `object`
+| Represents an ephemeral volume that is handled by a normal storage driver.
+
+| `fc`
+| `object`
+| Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+
+| `flexVolume`
+| `object`
+| FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+
+| `flocker`
+| `object`
+| Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+
+| `gcePersistentDisk`
+| `object`
+| Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+
+| `gitRepo`
+| `object`
+| Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+
+| `glusterfs`
+| `object`
+| Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+
+| `hostPath`
+| `object`
+| Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+
+| `iscsi`
+| `object`
+| Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+
+| `name`
+| `string`
+| name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `nfs`
+| `object`
+| Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+
+| `persistentVolumeClaim`
+| `object`
+| PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+
+| `photonPersistentDisk`
+| `object`
+| Represents a Photon Controller persistent disk resource.
+
+| `portworxVolume`
+| `object`
+| PortworxVolumeSource represents a Portworx volume resource.
+
+| `projected`
+| `object`
+| Represents a projected volume source
+
+| `quobyte`
+| `object`
+| Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+
+| `rbd`
+| `object`
+| Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+
+| `scaleIO`
+| `object`
+| ScaleIOVolumeSource represents a persistent ScaleIO volume
+
+| `secret`
+| `object`
+| Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+
+| `storageos`
+| `object`
+| Represents a StorageOS persistent volume resource.
+
+| `vsphereVolume`
+| `object`
+| Represents a vSphere volume resource.
+
+|===
+=== .spec.volumes[].awsElasticBlockStore
+Description::
++
+--
+Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+| `readOnly`
+| `boolean`
+| readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `volumeID`
+| `string`
+| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+|===
+=== .spec.volumes[].azureDisk
+Description::
++
+--
+AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `diskName`
+  - `diskURI`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cachingMode`
+| `string`
+| cachingMode is the Host Caching mode: None, Read Only, Read Write.
+
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
+| `diskName`
+| `string`
+| diskName is the Name of the data disk in the blob storage
+
+| `diskURI`
+| `string`
+| diskURI is the URI of data disk in the blob storage
+
+| `fsType`
+| `string`
+| fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `kind`
+| `string`
+| kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
+
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+|===
+=== .spec.volumes[].azureFile
+Description::
++
+--
+AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `secretName`
+  - `shareName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretName`
+| `string`
+| secretName is the  name of secret that contains Azure Storage Account Name and Key
+
+| `shareName`
+| `string`
+| shareName is the azure share Name
+
+|===
+=== .spec.volumes[].cephfs
+Description::
++
+--
+Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `monitors`
+| `array (string)`
+| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `path`
+| `string`
+| path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretFile`
+| `string`
+| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `user`
+| `string`
+| user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+|===
+=== .spec.volumes[].cephfs.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].cinder
+Description::
++
+--
+Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `volumeID`
+| `string`
+| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+|===
+=== .spec.volumes[].cinder.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].configMap
+Description::
++
+--
+Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+=== .spec.volumes[].configMap.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].configMap.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.volumes[].csi
+Description::
++
+--
+Represents a source location of a volume to mount, managed by an external CSI driver
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+
+| `fsType`
+| `string`
+| fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+
+| `nodePublishSecretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `readOnly`
+| `boolean`
+| readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+
+| `volumeAttributes`
+| `object (string)`
+| volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+
+|===
+=== .spec.volumes[].csi.nodePublishSecretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].downwardAPI
+Description::
++
+--
+DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| Items is a list of downward API volume file
+
+| `items[]`
+| `object`
+| DownwardAPIVolumeFile represents information to create the file containing the pod field
+
+|===
+=== .spec.volumes[].downwardAPI.items
+Description::
++
+--
+Items is a list of downward API volume file
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].downwardAPI.items[]
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+|===
+=== .spec.volumes[].downwardAPI.items[].fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.volumes[].downwardAPI.items[].resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.volumes[].emptyDir
+Description::
++
+--
+Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `medium`
+| `string`
+| medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+| `sizeLimit`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+|===
+=== .spec.volumes[].ephemeral
+Description::
++
+--
+Represents an ephemeral volume that is handled by a normal storage driver.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `volumeClaimTemplate`
+| `object`
+| PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+
+|===
+=== .spec.volumes[].ephemeral.volumeClaimTemplate
+Description::
++
+--
+PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+
+| `spec`
+| `object`
+| PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+
+|===
+=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec
+Description::
++
+--
+PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `dataSource`
+| `object`
+| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+
+| `dataSourceRef`
+| `object`
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over volumes to consider for binding.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+
+| `volumeMode`
+| `string`
+| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `volumeName`
+| `string`
+| volumeName is the binding reference to the PersistentVolume backing this claim.
+
+|===
+=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.dataSource
+Description::
++
+--
+TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.dataSourceRef
+Description::
++
+--
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+|===
+=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.volumes[].fc
+Description::
++
+--
+Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `lun`
+| `integer`
+| lun is Optional: FC target lun number
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `targetWWNs`
+| `array (string)`
+| targetWWNs is Optional: FC target worldwide names (WWNs)
+
+| `wwids`
+| `array (string)`
+| wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+
+|===
+=== .spec.volumes[].flexVolume
+Description::
++
+--
+FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume.
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
+| `options`
+| `object (string)`
+| options is Optional: this field holds extra command options if any.
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+|===
+=== .spec.volumes[].flexVolume.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].flocker
+Description::
++
+--
+Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `datasetName`
+| `string`
+| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+
+| `datasetUUID`
+| `string`
+| datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+
+|===
+=== .spec.volumes[].gcePersistentDisk
+Description::
++
+--
+Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `pdName`
+| `string`
+| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+|===
+=== .spec.volumes[].gitRepo
+Description::
++
+--
+Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `repository`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `directory`
+| `string`
+| directory is the target directory name. Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the git repository.  Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+
+| `repository`
+| `string`
+| repository is the URL
+
+| `revision`
+| `string`
+| revision is the commit hash for the specified revision.
+
+|===
+=== .spec.volumes[].glusterfs
+Description::
++
+--
+Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoints`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endpoints`
+| `string`
+| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `path`
+| `string`
+| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+|===
+=== .spec.volumes[].hostPath
+Description::
++
+--
+Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `type`
+| `string`
+| type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
+|===
+=== .spec.volumes[].iscsi
+Description::
++
+--
+Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `targetPortal`
+  - `iqn`
+  - `lun`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `chapAuthDiscovery`
+| `boolean`
+| chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+
+| `chapAuthSession`
+| `boolean`
+| chapAuthSession defines whether support iSCSI Session CHAP authentication
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
+| `initiatorName`
+| `string`
+| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
+| `iqn`
+| `string`
+| iqn is the target iSCSI Qualified Name.
+
+| `iscsiInterface`
+| `string`
+| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+| `lun`
+| `integer`
+| lun represents iSCSI Target Lun number.
+
+| `portals`
+| `array (string)`
+| portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `targetPortal`
+| `string`
+| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+|===
+=== .spec.volumes[].iscsi.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].nfs
+Description::
++
+--
+Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `server`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `server`
+| `string`
+| server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+|===
+=== .spec.volumes[].persistentVolumeClaim
+Description::
++
+--
+PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+--
+
+Type::
+  `object`
+
+Required::
+  - `claimName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claimName`
+| `string`
+| claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
+| `readOnly`
+| `boolean`
+| readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+
+|===
+=== .spec.volumes[].photonPersistentDisk
+Description::
++
+--
+Represents a Photon Controller persistent disk resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `pdID`
+| `string`
+| pdID is the ID that identifies Photon Controller persistent disk
+
+|===
+=== .spec.volumes[].portworxVolume
+Description::
++
+--
+PortworxVolumeSource represents a Portworx volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `volumeID`
+| `string`
+| volumeID uniquely identifies a Portworx volume
+
+|===
+=== .spec.volumes[].projected
+Description::
++
+--
+Represents a projected volume source
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `sources`
+| `array`
+| sources is the list of volume projections
+
+| `sources[]`
+| `object`
+| Projection that may be projected along with other supported volume types
+
+|===
+=== .spec.volumes[].projected.sources
+Description::
++
+--
+sources is the list of volume projections
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].projected.sources[]
+Description::
++
+--
+Projection that may be projected along with other supported volume types
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+
+| `downwardAPI`
+| `object`
+| Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+
+| `secret`
+| `object`
+| Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+
+| `serviceAccountToken`
+| `object`
+| ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+|===
+=== .spec.volumes[].projected.sources[].configMap
+Description::
++
+--
+Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+=== .spec.volumes[].projected.sources[].configMap.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].projected.sources[].configMap.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.volumes[].projected.sources[].downwardAPI
+Description::
++
+--
+Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| Items is a list of DownwardAPIVolume file
+
+| `items[]`
+| `object`
+| DownwardAPIVolumeFile represents information to create the file containing the pod field
+
+|===
+=== .spec.volumes[].projected.sources[].downwardAPI.items
+Description::
++
+--
+Items is a list of DownwardAPIVolume file
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].projected.sources[].downwardAPI.items[]
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+|===
+=== .spec.volumes[].projected.sources[].downwardAPI.items[].fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.volumes[].projected.sources[].downwardAPI.items[].resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.volumes[].projected.sources[].secret
+Description::
++
+--
+Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its key must be defined
+
+|===
+=== .spec.volumes[].projected.sources[].secret.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].projected.sources[].secret.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.volumes[].projected.sources[].serviceAccountToken
+Description::
++
+--
+ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audience`
+| `string`
+| audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+
+| `expirationSeconds`
+| `integer`
+| expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+
+| `path`
+| `string`
+| path is the path relative to the mount point of the file to project the token into.
+
+|===
+=== .spec.volumes[].quobyte
+Description::
++
+--
+Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `registry`
+  - `volume`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| group to map volume access to Default is no group
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+
+| `registry`
+| `string`
+| registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+
+| `tenant`
+| `string`
+| tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+
+| `user`
+| `string`
+| user to map volume access to Defaults to serivceaccount user
+
+| `volume`
+| `string`
+| volume is a string that references an already created Quobyte volume by name.
+
+|===
+=== .spec.volumes[].rbd
+Description::
++
+--
+Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+  - `image`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
+| `image`
+| `string`
+| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `keyring`
+| `string`
+| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `monitors`
+| `array (string)`
+| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `pool`
+| `string`
+| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `user`
+| `string`
+| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+|===
+=== .spec.volumes[].rbd.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].scaleIO
+Description::
++
+--
+ScaleIOVolumeSource represents a persistent ScaleIO volume
+--
+
+Type::
+  `object`
+
+Required::
+  - `gateway`
+  - `system`
+  - `secretRef`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+| `gateway`
+| `string`
+| gateway is the host address of the ScaleIO API Gateway.
+
+| `protectionDomain`
+| `string`
+| protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `sslEnabled`
+| `boolean`
+| sslEnabled Flag enable/disable SSL communication with Gateway, default false
+
+| `storageMode`
+| `string`
+| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+| `storagePool`
+| `string`
+| storagePool is the ScaleIO Storage Pool associated with the protection domain.
+
+| `system`
+| `string`
+| system is the name of the storage system as configured in ScaleIO.
+
+| `volumeName`
+| `string`
+| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+
+|===
+=== .spec.volumes[].scaleIO.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].secret
+Description::
++
+--
+Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its keys must be defined
+
+| `secretName`
+| `string`
+| secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+
+|===
+=== .spec.volumes[].secret.items
+Description::
++
+--
+items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumes[].secret.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.volumes[].storageos
+Description::
++
+--
+Represents a StorageOS persistent volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `volumeName`
+| `string`
+| volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
+
+| `volumeNamespace`
+| `string`
+| volumeNamespace specifies the scope of the volume within StorageOS.  If no namespace is specified then the Pod's namespace will be used.  This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+|===
+=== .spec.volumes[].storageos.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.volumes[].vsphereVolume
+Description::
++
+--
+Represents a vSphere volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `storagePolicyID`
+| `string`
+| storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+
+| `storagePolicyName`
+| `string`
+| storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+
+| `volumePath`
+| `string`
+| volumePath is the path that identifies vSphere volume vmdk
+
+|===
+=== .status
+Description::
++
+--
+PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
+
+| `conditions[]`
+| `object`
+| PodCondition contains details for the current condition of this pod.
+
+| `containerStatuses`
+| `array`
+| The list has one entry per container in the manifest. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
+
+| `containerStatuses[]`
+| `object`
+| ContainerStatus contains details for the current status of this container.
+
+| `ephemeralContainerStatuses`
+| `array`
+| Status for any ephemeral containers that have run in this pod.
+
+| `ephemeralContainerStatuses[]`
+| `object`
+| ContainerStatus contains details for the current status of this container.
+
+| `hostIP`
+| `string`
+| IP address of the host to which the pod is assigned. Empty if not yet scheduled.
+
+| `initContainerStatuses`
+| `array`
+| The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
+
+| `initContainerStatuses[]`
+| `object`
+| ContainerStatus contains details for the current status of this container.
+
+| `message`
+| `string`
+| A human readable message indicating details about why the pod is in this condition.
+
+| `nominatedNodeName`
+| `string`
+| nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.
+
+| `phase`
+| `string`
+| The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:
+
+Pending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.
+
+More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
+
+Possible enum values:
+ - `"Failed"` means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system).
+ - `"Pending"` means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host.
+ - `"Running"` means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted.
+ - `"Succeeded"` means that all containers in the pod have voluntarily terminated with a container exit code of 0, and the system is not going to restart any of these containers.
+ - `"Unknown"` means that for some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)
+
+| `podIP`
+| `string`
+| IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.
+
+| `podIPs`
+| `array`
+| podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.
+
+| `podIPs[]`
+| `object`
+| IP address information for entries in the (plural) PodIPs field. Each entry includes:
+
+	IP: An IP address allocated to the pod. Routable at least within the cluster.
+
+| `qosClass`
+| `string`
+| The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
+
+Possible enum values:
+ - `"BestEffort"` is the BestEffort qos class.
+ - `"Burstable"` is the Burstable qos class.
+ - `"Guaranteed"` is the Guaranteed qos class.
+
+| `reason`
+| `string`
+| A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'
+
+| `resize`
+| `string`
+| Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to "Proposed"
+
+| `startTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.
+
+|===
+=== .status.conditions
+Description::
++
+--
+Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+PodCondition contains details for the current condition of this pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastProbeTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time we probed the condition.
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| Human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| Unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
+
+| `type`
+| `string`
+| Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
+
+|===
+=== .status.containerStatuses
+Description::
++
+--
+The list has one entry per container in the manifest. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.containerStatuses[]
+Description::
++
+--
+ContainerStatus contains details for the current status of this container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `ready`
+  - `restartCount`
+  - `image`
+  - `imageID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
+
+| `containerID`
+| `string`
+| ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
+
+| `image`
+| `string`
+| Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.
+
+| `imageID`
+| `string`
+| ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.
+
+| `lastState`
+| `object`
+| ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+
+| `name`
+| `string`
+| Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.
+
+| `ready`
+| `boolean`
+| Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
+
+The value is typically used to determine whether a container is ready to accept traffic.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `restartCount`
+| `integer`
+| RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.
+
+| `started`
+| `boolean`
+| Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.
+
+| `state`
+| `object`
+| ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+
+|===
+=== .status.containerStatuses[].lastState
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
+| `object`
+| ContainerStateRunning is a running state of a container.
+
+| `terminated`
+| `object`
+| ContainerStateTerminated is a terminated state of a container.
+
+| `waiting`
+| `object`
+| ContainerStateWaiting is a waiting state of a container.
+
+|===
+=== .status.containerStatuses[].lastState.running
+Description::
++
+--
+ContainerStateRunning is a running state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container was last (re-)started
+
+|===
+=== .status.containerStatuses[].lastState.terminated
+Description::
++
+--
+ContainerStateTerminated is a terminated state of a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `exitCode`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerID`
+| `string`
+| Container's ID in the format '<type>://<container_id>'
+
+| `exitCode`
+| `integer`
+| Exit status from the last termination of the container
+
+| `finishedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container last terminated
+
+| `message`
+| `string`
+| Message regarding the last termination of the container
+
+| `reason`
+| `string`
+| (brief) reason from the last termination of the container
+
+| `signal`
+| `integer`
+| Signal from the last termination of the container
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which previous execution of the container started
+
+|===
+=== .status.containerStatuses[].lastState.waiting
+Description::
++
+--
+ContainerStateWaiting is a waiting state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message regarding why the container is not yet running.
+
+| `reason`
+| `string`
+| (brief) reason the container is not yet running.
+
+|===
+=== .status.containerStatuses[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .status.containerStatuses[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.containerStatuses[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .status.containerStatuses[].state
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
+| `object`
+| ContainerStateRunning is a running state of a container.
+
+| `terminated`
+| `object`
+| ContainerStateTerminated is a terminated state of a container.
+
+| `waiting`
+| `object`
+| ContainerStateWaiting is a waiting state of a container.
+
+|===
+=== .status.containerStatuses[].state.running
+Description::
++
+--
+ContainerStateRunning is a running state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container was last (re-)started
+
+|===
+=== .status.containerStatuses[].state.terminated
+Description::
++
+--
+ContainerStateTerminated is a terminated state of a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `exitCode`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerID`
+| `string`
+| Container's ID in the format '<type>://<container_id>'
+
+| `exitCode`
+| `integer`
+| Exit status from the last termination of the container
+
+| `finishedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container last terminated
+
+| `message`
+| `string`
+| Message regarding the last termination of the container
+
+| `reason`
+| `string`
+| (brief) reason from the last termination of the container
+
+| `signal`
+| `integer`
+| Signal from the last termination of the container
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which previous execution of the container started
+
+|===
+=== .status.containerStatuses[].state.waiting
+Description::
++
+--
+ContainerStateWaiting is a waiting state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message regarding why the container is not yet running.
+
+| `reason`
+| `string`
+| (brief) reason the container is not yet running.
+
+|===
+=== .status.ephemeralContainerStatuses
+Description::
++
+--
+Status for any ephemeral containers that have run in this pod.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.ephemeralContainerStatuses[]
+Description::
++
+--
+ContainerStatus contains details for the current status of this container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `ready`
+  - `restartCount`
+  - `image`
+  - `imageID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
+
+| `containerID`
+| `string`
+| ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
+
+| `image`
+| `string`
+| Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.
+
+| `imageID`
+| `string`
+| ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.
+
+| `lastState`
+| `object`
+| ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+
+| `name`
+| `string`
+| Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.
+
+| `ready`
+| `boolean`
+| Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
+
+The value is typically used to determine whether a container is ready to accept traffic.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `restartCount`
+| `integer`
+| RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.
+
+| `started`
+| `boolean`
+| Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.
+
+| `state`
+| `object`
+| ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+
+|===
+=== .status.ephemeralContainerStatuses[].lastState
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
+| `object`
+| ContainerStateRunning is a running state of a container.
+
+| `terminated`
+| `object`
+| ContainerStateTerminated is a terminated state of a container.
+
+| `waiting`
+| `object`
+| ContainerStateWaiting is a waiting state of a container.
+
+|===
+=== .status.ephemeralContainerStatuses[].lastState.running
+Description::
++
+--
+ContainerStateRunning is a running state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container was last (re-)started
+
+|===
+=== .status.ephemeralContainerStatuses[].lastState.terminated
+Description::
++
+--
+ContainerStateTerminated is a terminated state of a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `exitCode`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerID`
+| `string`
+| Container's ID in the format '<type>://<container_id>'
+
+| `exitCode`
+| `integer`
+| Exit status from the last termination of the container
+
+| `finishedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container last terminated
+
+| `message`
+| `string`
+| Message regarding the last termination of the container
+
+| `reason`
+| `string`
+| (brief) reason from the last termination of the container
+
+| `signal`
+| `integer`
+| Signal from the last termination of the container
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which previous execution of the container started
+
+|===
+=== .status.ephemeralContainerStatuses[].lastState.waiting
+Description::
++
+--
+ContainerStateWaiting is a waiting state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message regarding why the container is not yet running.
+
+| `reason`
+| `string`
+| (brief) reason the container is not yet running.
+
+|===
+=== .status.ephemeralContainerStatuses[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .status.ephemeralContainerStatuses[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.ephemeralContainerStatuses[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .status.ephemeralContainerStatuses[].state
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
+| `object`
+| ContainerStateRunning is a running state of a container.
+
+| `terminated`
+| `object`
+| ContainerStateTerminated is a terminated state of a container.
+
+| `waiting`
+| `object`
+| ContainerStateWaiting is a waiting state of a container.
+
+|===
+=== .status.ephemeralContainerStatuses[].state.running
+Description::
++
+--
+ContainerStateRunning is a running state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container was last (re-)started
+
+|===
+=== .status.ephemeralContainerStatuses[].state.terminated
+Description::
++
+--
+ContainerStateTerminated is a terminated state of a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `exitCode`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerID`
+| `string`
+| Container's ID in the format '<type>://<container_id>'
+
+| `exitCode`
+| `integer`
+| Exit status from the last termination of the container
+
+| `finishedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container last terminated
+
+| `message`
+| `string`
+| Message regarding the last termination of the container
+
+| `reason`
+| `string`
+| (brief) reason from the last termination of the container
+
+| `signal`
+| `integer`
+| Signal from the last termination of the container
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which previous execution of the container started
+
+|===
+=== .status.ephemeralContainerStatuses[].state.waiting
+Description::
++
+--
+ContainerStateWaiting is a waiting state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message regarding why the container is not yet running.
+
+| `reason`
+| `string`
+| (brief) reason the container is not yet running.
+
+|===
+=== .status.initContainerStatuses
+Description::
++
+--
+The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.initContainerStatuses[]
+Description::
++
+--
+ContainerStatus contains details for the current status of this container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `ready`
+  - `restartCount`
+  - `image`
+  - `imageID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
+
+| `containerID`
+| `string`
+| ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
+
+| `image`
+| `string`
+| Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.
+
+| `imageID`
+| `string`
+| ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.
+
+| `lastState`
+| `object`
+| ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+
+| `name`
+| `string`
+| Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.
+
+| `ready`
+| `boolean`
+| Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
+
+The value is typically used to determine whether a container is ready to accept traffic.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `restartCount`
+| `integer`
+| RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.
+
+| `started`
+| `boolean`
+| Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.
+
+| `state`
+| `object`
+| ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+
+|===
+=== .status.initContainerStatuses[].lastState
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
+| `object`
+| ContainerStateRunning is a running state of a container.
+
+| `terminated`
+| `object`
+| ContainerStateTerminated is a terminated state of a container.
+
+| `waiting`
+| `object`
+| ContainerStateWaiting is a waiting state of a container.
+
+|===
+=== .status.initContainerStatuses[].lastState.running
+Description::
++
+--
+ContainerStateRunning is a running state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container was last (re-)started
+
+|===
+=== .status.initContainerStatuses[].lastState.terminated
+Description::
++
+--
+ContainerStateTerminated is a terminated state of a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `exitCode`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerID`
+| `string`
+| Container's ID in the format '<type>://<container_id>'
+
+| `exitCode`
+| `integer`
+| Exit status from the last termination of the container
+
+| `finishedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container last terminated
+
+| `message`
+| `string`
+| Message regarding the last termination of the container
+
+| `reason`
+| `string`
+| (brief) reason from the last termination of the container
+
+| `signal`
+| `integer`
+| Signal from the last termination of the container
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which previous execution of the container started
+
+|===
+=== .status.initContainerStatuses[].lastState.waiting
+Description::
++
+--
+ContainerStateWaiting is a waiting state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message regarding why the container is not yet running.
+
+| `reason`
+| `string`
+| (brief) reason the container is not yet running.
+
+|===
+=== .status.initContainerStatuses[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .status.initContainerStatuses[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.initContainerStatuses[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .status.initContainerStatuses[].state
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
+| `object`
+| ContainerStateRunning is a running state of a container.
+
+| `terminated`
+| `object`
+| ContainerStateTerminated is a terminated state of a container.
+
+| `waiting`
+| `object`
+| ContainerStateWaiting is a waiting state of a container.
+
+|===
+=== .status.initContainerStatuses[].state.running
+Description::
++
+--
+ContainerStateRunning is a running state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container was last (re-)started
+
+|===
+=== .status.initContainerStatuses[].state.terminated
+Description::
++
+--
+ContainerStateTerminated is a terminated state of a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `exitCode`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerID`
+| `string`
+| Container's ID in the format '<type>://<container_id>'
+
+| `exitCode`
+| `integer`
+| Exit status from the last termination of the container
+
+| `finishedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which the container last terminated
+
+| `message`
+| `string`
+| Message regarding the last termination of the container
+
+| `reason`
+| `string`
+| (brief) reason from the last termination of the container
+
+| `signal`
+| `integer`
+| Signal from the last termination of the container
+
+| `startedAt`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time at which previous execution of the container started
+
+|===
+=== .status.initContainerStatuses[].state.waiting
+Description::
++
+--
+ContainerStateWaiting is a waiting state of a container.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message regarding why the container is not yet running.
+
+| `reason`
+| `string`
+| (brief) reason the container is not yet running.
+
+|===
+=== .status.podIPs
+Description::
++
+--
+podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.podIPs[]
+Description::
++
+--
+IP address information for entries in the (plural) PodIPs field. Each entry includes:
+
+	IP: An IP address allocated to the pod. Routable at least within the cluster.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ip`
+| `string`
+| ip is an IP address (IPv4 or IPv6) assigned to the pod
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/pods`
+- `GET`: list or watch objects of kind Pod
+* `/api/v1/watch/pods`
+- `GET`: watch individual changes to a list of Pod. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/pods`
+- `DELETE`: delete collection of Pod
+- `GET`: list or watch objects of kind Pod
+- `POST`: create a Pod
+* `/api/v1/watch/namespaces/{namespace}/pods`
+- `GET`: watch individual changes to a list of Pod. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/pods/{name}`
+- `DELETE`: delete a Pod
+- `GET`: read the specified Pod
+- `PATCH`: partially update the specified Pod
+- `PUT`: replace the specified Pod
+* `/api/v1/namespaces/{namespace}/pods/{name}/log`
+- `GET`: read log of the specified Pod
+* `/api/v1/watch/namespaces/{namespace}/pods/{name}`
+- `GET`: watch changes to an object of kind Pod. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/namespaces/{namespace}/pods/{name}/status`
+- `GET`: read status of the specified Pod
+- `PATCH`: partially update status of the specified Pod
+- `PUT`: replace status of the specified Pod
+* `/api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers`
+- `GET`: read ephemeralcontainers of the specified Pod
+- `PATCH`: partially update ephemeralcontainers of the specified Pod
+- `PUT`: replace ephemeralcontainers of the specified Pod
+
+
+=== /api/v1/pods
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Pod
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodList[`PodList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/pods
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Pod. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/pods
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodList[`PodList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 202 - Accepted
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/pods
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Pod. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/pods/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Pod
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 202 - Accepted
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Pod
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/pods/{name}/log
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Pod
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `container`
+| `string`
+| The container for which to stream logs. Defaults to only container if there is one container in the pod.
+| `follow`
+| `boolean`
+| Follow the log stream of the pod. Defaults to false.
+| `insecureSkipTLSVerifyBackend`
+| `boolean`
+| insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to.  This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet.  If the kubelet is configured to verify the apiserver&#x27;s TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).
+| `limitBytes`
+| `integer`
+| If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `previous`
+| `boolean`
+| Return previous terminated container logs. Defaults to false.
+| `sinceSeconds`
+| `integer`
+| A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.
+| `tailLines`
+| `integer`
+| If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime
+| `timestamps`
+| `boolean`
+| If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read log of the specified Pod
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| `string`
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/pods/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Pod
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Pod. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/pods/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Pod
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Pod
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Pod
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read ephemeralcontainers of the specified Pod
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update ephemeralcontainers of the specified Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace ephemeralcontainers of the specified Pod
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 201 - Created
+| xref:../core_apis/pod-v1.adoc#pod-v1[`Pod`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/podtemplate-v1.adoc b/microshift_rest_api/core_apis/podtemplate-v1.adoc
new file mode 100644
index 000000000000..806efa2f8aa1
--- /dev/null
+++ b/microshift_rest_api/core_apis/podtemplate-v1.adoc
@@ -0,0 +1,10784 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="podtemplate-v1"]
+= PodTemplate [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PodTemplate describes a template for creating copies of a predefined pod.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `template`
+| `object`
+| PodTemplateSpec describes the data a pod should have when created from a template
+
+|===
+=== .template
+Description::
++
+--
+PodTemplateSpec describes the data a pod should have when created from a template
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PodSpec is a description of a pod.
+
+|===
+=== .template.spec
+Description::
++
+--
+PodSpec is a description of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containers`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `activeDeadlineSeconds`
+| `integer`
+| Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+
+| `affinity`
+| `object`
+| Affinity is a group of affinity scheduling rules.
+
+| `automountServiceAccountToken`
+| `boolean`
+| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+
+| `containers`
+| `array`
+| List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+
+| `containers[]`
+| `object`
+| A single application container that you want to run within a pod.
+
+| `dnsConfig`
+| `object`
+| PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+
+| `dnsPolicy`
+| `string`
+| Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+
+Possible enum values:
+ - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings.
+ - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.
+
+| `enableServiceLinks`
+| `boolean`
+| EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.
+
+| `ephemeralContainers`
+| `array`
+| List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+
+| `ephemeralContainers[]`
+| `object`
+| An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+
+| `hostAliases`
+| `array`
+| HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+
+| `hostAliases[]`
+| `object`
+| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+
+| `hostIPC`
+| `boolean`
+| Use the host's ipc namespace. Optional: Default to false.
+
+| `hostNetwork`
+| `boolean`
+| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
+
+| `hostPID`
+| `boolean`
+| Use the host's pid namespace. Optional: Default to false.
+
+| `hostUsers`
+| `boolean`
+| Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+
+| `hostname`
+| `string`
+| Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+
+| `imagePullSecrets`
+| `array`
+| ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+
+| `imagePullSecrets[]`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `initContainers`
+| `array`
+| List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+
+| `initContainers[]`
+| `object`
+| A single application container that you want to run within a pod.
+
+| `nodeName`
+| `string`
+| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+
+| `nodeSelector`
+| `object (string)`
+| NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+
+| `os`
+| `object`
+| PodOS defines the OS parameters of a pod.
+
+| `overhead`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+
+| `preemptionPolicy`
+| `string`
+| PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
+| `priority`
+| `integer`
+| The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
+
+| `priorityClassName`
+| `string`
+| If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+
+| `readinessGates`
+| `array`
+| If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+
+| `readinessGates[]`
+| `object`
+| PodReadinessGate contains the reference to a pod condition
+
+| `resourceClaims`
+| `array`
+| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+
+| `resourceClaims[]`
+| `object`
+| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+
+| `restartPolicy`
+| `string`
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+
+Possible enum values:
+ - `"Always"`
+ - `"Never"`
+ - `"OnFailure"`
+
+| `runtimeClassName`
+| `string`
+| RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+
+| `schedulerName`
+| `string`
+| If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+
+| `schedulingGates`
+| `array`
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+
+| `schedulingGates[]`
+| `object`
+| PodSchedulingGate is associated to a Pod to guard its scheduling.
+
+| `securityContext`
+| `object`
+| PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+
+| `serviceAccount`
+| `string`
+| DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
+
+| `serviceAccountName`
+| `string`
+| ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
+| `setHostnameAsFQDN`
+| `boolean`
+| If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.
+
+| `shareProcessNamespace`
+| `boolean`
+| Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.
+
+| `subdomain`
+| `string`
+| If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
+
+| `tolerations`
+| `array`
+| If specified, the pod's tolerations.
+
+| `tolerations[]`
+| `object`
+| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+
+| `topologySpreadConstraints`
+| `array`
+| TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+
+| `topologySpreadConstraints[]`
+| `object`
+| TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+
+| `volumes`
+| `array`
+| List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+
+| `volumes[]`
+| `object`
+| Volume represents a named volume in a pod that may be accessed by any container in the pod.
+
+|===
+=== .template.spec.affinity
+Description::
++
+--
+Affinity is a group of affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeAffinity`
+| `object`
+| Node affinity is a group of node affinity scheduling rules.
+
+| `podAffinity`
+| `object`
+| Pod affinity is a group of inter pod affinity scheduling rules.
+
+| `podAntiAffinity`
+| `object`
+| Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+
+|===
+=== .template.spec.affinity.nodeAffinity
+Description::
++
+--
+Node affinity is a group of node affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `object`
+| A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+
+|===
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `preference`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preference`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+| `weight`
+| `integer`
+| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+|===
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+--
+
+Type::
+  `object`
+
+Required::
+  - `nodeSelectorTerms`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelectorTerms`
+| `array`
+| Required. A list of node selector terms. The terms are ORed.
+
+| `nodeSelectorTerms[]`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+|===
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
+Description::
++
+--
+Required. A list of node selector terms. The terms are ORed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .template.spec.affinity.podAffinity
+Description::
++
+--
+Pod affinity is a group of inter pod affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .template.spec.affinity.podAntiAffinity
+Description::
++
+--
+Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .template.spec.containers
+Description::
++
+--
+List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[]
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| `array`
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .template.spec.containers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .template.spec.containers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .template.spec.containers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .template.spec.containers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .template.spec.containers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .template.spec.containers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .template.spec.containers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .template.spec.containers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .template.spec.containers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .template.spec.containers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .template.spec.containers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .template.spec.containers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.containers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.containers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.containers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.containers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .template.spec.containers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.containers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.containers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.containers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.containers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.containers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.containers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.containers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.containers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.containers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.containers[].ports
+Description::
++
+--
+List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .template.spec.containers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.containers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.containers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.containers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.containers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.containers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .template.spec.containers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .template.spec.containers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .template.spec.containers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .template.spec.containers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .template.spec.containers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .template.spec.containers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .template.spec.containers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .template.spec.containers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.containers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.containers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.containers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.containers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.containers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.containers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .template.spec.containers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .template.spec.dnsConfig
+Description::
++
+--
+PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
+
+| `options`
+| `array`
+| A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+
+| `options[]`
+| `object`
+| PodDNSConfigOption defines DNS resolver options of a pod.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+
+|===
+=== .template.spec.dnsConfig.options
+Description::
++
+--
+A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.dnsConfig.options[]
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Required.
+
+| `value`
+| `string`
+|
+
+|===
+=== .template.spec.ephemeralContainers
+Description::
++
+--
+List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[]
+Description::
++
+--
+An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
+
+| `ports`
+| `array`
+| Ports are not allowed for ephemeral containers.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `targetContainerName`
+| `string`
+| If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .template.spec.ephemeralContainers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .template.spec.ephemeralContainers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .template.spec.ephemeralContainers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .template.spec.ephemeralContainers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .template.spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .template.spec.ephemeralContainers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .template.spec.ephemeralContainers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .template.spec.ephemeralContainers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .template.spec.ephemeralContainers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.ephemeralContainers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.ephemeralContainers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.ephemeralContainers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.ephemeralContainers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.ephemeralContainers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.ephemeralContainers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.ephemeralContainers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.ephemeralContainers[].ports
+Description::
++
+--
+Ports are not allowed for ephemeral containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .template.spec.ephemeralContainers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.ephemeralContainers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.ephemeralContainers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.ephemeralContainers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.ephemeralContainers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.ephemeralContainers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .template.spec.ephemeralContainers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .template.spec.ephemeralContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .template.spec.ephemeralContainers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .template.spec.ephemeralContainers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .template.spec.ephemeralContainers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .template.spec.ephemeralContainers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .template.spec.ephemeralContainers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .template.spec.ephemeralContainers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.ephemeralContainers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.ephemeralContainers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.ephemeralContainers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.ephemeralContainers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.ephemeralContainers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.ephemeralContainers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .template.spec.ephemeralContainers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .template.spec.hostAliases
+Description::
++
+--
+HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.hostAliases[]
+Description::
++
+--
+HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostnames`
+| `array (string)`
+| Hostnames for the above IP address.
+
+| `ip`
+| `string`
+| IP address of the host file entry.
+
+|===
+=== .template.spec.imagePullSecrets
+Description::
++
+--
+ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.imagePullSecrets[]
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.initContainers
+Description::
++
+--
+List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[]
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| `array`
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .template.spec.initContainers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .template.spec.initContainers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .template.spec.initContainers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .template.spec.initContainers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .template.spec.initContainers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .template.spec.initContainers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .template.spec.initContainers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .template.spec.initContainers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .template.spec.initContainers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .template.spec.initContainers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .template.spec.initContainers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .template.spec.initContainers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.initContainers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.initContainers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.initContainers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .template.spec.initContainers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.initContainers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.initContainers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.initContainers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.initContainers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.initContainers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.initContainers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.initContainers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.initContainers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.initContainers[].ports
+Description::
++
+--
+List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .template.spec.initContainers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.initContainers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.initContainers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.initContainers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.initContainers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.initContainers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .template.spec.initContainers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .template.spec.initContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .template.spec.initContainers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .template.spec.initContainers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .template.spec.initContainers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .template.spec.initContainers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .template.spec.initContainers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .template.spec.initContainers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .template.spec.initContainers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .template.spec.initContainers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .template.spec.initContainers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .template.spec.initContainers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .template.spec.initContainers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .template.spec.initContainers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .template.spec.initContainers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .template.spec.os
+Description::
++
+--
+PodOS defines the OS parameters of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+
+|===
+=== .template.spec.readinessGates
+Description::
++
+--
+If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.readinessGates[]
+Description::
++
+--
+PodReadinessGate contains the reference to a pod condition
+--
+
+Type::
+  `object`
+
+Required::
+  - `conditionType`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditionType`
+| `string`
+| ConditionType refers to a condition in the pod's condition list with matching type.
+
+|===
+=== .template.spec.resourceClaims
+Description::
++
+--
+ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.resourceClaims[]
+Description::
++
+--
+PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
+
+| `source`
+| `object`
+| ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+
+|===
+=== .template.spec.resourceClaims[].source
+Description::
++
+--
+ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceClaimName`
+| `string`
+| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
+
+| `resourceClaimTemplateName`
+| `string`
+| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
+
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
+
+An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+
+This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
+
+|===
+=== .template.spec.schedulingGates
+Description::
++
+--
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.schedulingGates[]
+Description::
++
+--
+PodSchedulingGate is associated to a Pod to guard its scheduling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the scheduling gate. Each scheduling gate must have a unique name field.
+
+|===
+=== .template.spec.securityContext
+Description::
++
+--
+PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsGroup`
+| `integer`
+| A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
+
+1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
+
+If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+
+| `fsGroupChangePolicy`
+| `string`
+| fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `supplementalGroups`
+| `array (integer)`
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls`
+| `array`
+| Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls[]`
+| `object`
+| Sysctl defines a kernel parameter to be set
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .template.spec.securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .template.spec.securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .template.spec.securityContext.sysctls
+Description::
++
+--
+Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.securityContext.sysctls[]
+Description::
++
+--
+Sysctl defines a kernel parameter to be set
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of a property to set
+
+| `value`
+| `string`
+| Value of a property to set
+
+|===
+=== .template.spec.securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .template.spec.tolerations
+Description::
++
+--
+If specified, the pod's tolerations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.tolerations[]
+Description::
++
+--
+The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `effect`
+| `string`
+| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+
+Possible enum values:
+ - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.
+ - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.
+ - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.
+
+| `key`
+| `string`
+| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+
+| `operator`
+| `string`
+| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+
+Possible enum values:
+ - `"Equal"`
+ - `"Exists"`
+
+| `tolerationSeconds`
+| `integer`
+| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
+| `value`
+| `string`
+| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+|===
+=== .template.spec.topologySpreadConstraints
+Description::
++
+--
+TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.topologySpreadConstraints[]
+Description::
++
+--
+TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+--
+
+Type::
+  `object`
+
+Required::
+  - `maxSkew`
+  - `topologyKey`
+  - `whenUnsatisfiable`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+
+| `matchLabelKeys`
+| `array (string)`
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `maxSkew`
+| `integer`
+| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|   P   \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
+| `minDomains`
+| `integer`
+| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|  P P  \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
+
+This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `nodeAffinityPolicy`
+| `string`
+| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `nodeTaintsPolicy`
+| `string`
+| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
+
+If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `topologyKey`
+| `string`
+| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+
+| `whenUnsatisfiable`
+| `string`
+| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+  but giving higher precedence to topologies that would help reduce the
+  skew.
+A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \|   P   \|   P   \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+
+Possible enum values:
+ - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied.
+ - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied.
+
+|===
+=== .template.spec.volumes
+Description::
++
+--
+List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[]
+Description::
++
+--
+Volume represents a named volume in a pod that may be accessed by any container in the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `awsElasticBlockStore`
+| `object`
+| Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+
+| `azureDisk`
+| `object`
+| AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+
+| `azureFile`
+| `object`
+| AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+
+| `cephfs`
+| `object`
+| Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+
+| `cinder`
+| `object`
+| Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+
+| `configMap`
+| `object`
+| Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+
+| `csi`
+| `object`
+| Represents a source location of a volume to mount, managed by an external CSI driver
+
+| `downwardAPI`
+| `object`
+| DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+
+| `emptyDir`
+| `object`
+| Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+
+| `ephemeral`
+| `object`
+| Represents an ephemeral volume that is handled by a normal storage driver.
+
+| `fc`
+| `object`
+| Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+
+| `flexVolume`
+| `object`
+| FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+
+| `flocker`
+| `object`
+| Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+
+| `gcePersistentDisk`
+| `object`
+| Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+
+| `gitRepo`
+| `object`
+| Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+
+| `glusterfs`
+| `object`
+| Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+
+| `hostPath`
+| `object`
+| Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+
+| `iscsi`
+| `object`
+| Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+
+| `name`
+| `string`
+| name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `nfs`
+| `object`
+| Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+
+| `persistentVolumeClaim`
+| `object`
+| PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+
+| `photonPersistentDisk`
+| `object`
+| Represents a Photon Controller persistent disk resource.
+
+| `portworxVolume`
+| `object`
+| PortworxVolumeSource represents a Portworx volume resource.
+
+| `projected`
+| `object`
+| Represents a projected volume source
+
+| `quobyte`
+| `object`
+| Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+
+| `rbd`
+| `object`
+| Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+
+| `scaleIO`
+| `object`
+| ScaleIOVolumeSource represents a persistent ScaleIO volume
+
+| `secret`
+| `object`
+| Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+
+| `storageos`
+| `object`
+| Represents a StorageOS persistent volume resource.
+
+| `vsphereVolume`
+| `object`
+| Represents a vSphere volume resource.
+
+|===
+=== .template.spec.volumes[].awsElasticBlockStore
+Description::
++
+--
+Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+| `readOnly`
+| `boolean`
+| readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `volumeID`
+| `string`
+| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+|===
+=== .template.spec.volumes[].azureDisk
+Description::
++
+--
+AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `diskName`
+  - `diskURI`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cachingMode`
+| `string`
+| cachingMode is the Host Caching mode: None, Read Only, Read Write.
+
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
+| `diskName`
+| `string`
+| diskName is the Name of the data disk in the blob storage
+
+| `diskURI`
+| `string`
+| diskURI is the URI of data disk in the blob storage
+
+| `fsType`
+| `string`
+| fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `kind`
+| `string`
+| kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
+
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+|===
+=== .template.spec.volumes[].azureFile
+Description::
++
+--
+AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `secretName`
+  - `shareName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretName`
+| `string`
+| secretName is the  name of secret that contains Azure Storage Account Name and Key
+
+| `shareName`
+| `string`
+| shareName is the azure share Name
+
+|===
+=== .template.spec.volumes[].cephfs
+Description::
++
+--
+Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `monitors`
+| `array (string)`
+| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `path`
+| `string`
+| path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretFile`
+| `string`
+| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `user`
+| `string`
+| user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+|===
+=== .template.spec.volumes[].cephfs.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].cinder
+Description::
++
+--
+Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `volumeID`
+| `string`
+| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+|===
+=== .template.spec.volumes[].cinder.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].configMap
+Description::
++
+--
+Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+=== .template.spec.volumes[].configMap.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].configMap.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .template.spec.volumes[].csi
+Description::
++
+--
+Represents a source location of a volume to mount, managed by an external CSI driver
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+
+| `fsType`
+| `string`
+| fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+
+| `nodePublishSecretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `readOnly`
+| `boolean`
+| readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+
+| `volumeAttributes`
+| `object (string)`
+| volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+
+|===
+=== .template.spec.volumes[].csi.nodePublishSecretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].downwardAPI
+Description::
++
+--
+DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| Items is a list of downward API volume file
+
+| `items[]`
+| `object`
+| DownwardAPIVolumeFile represents information to create the file containing the pod field
+
+|===
+=== .template.spec.volumes[].downwardAPI.items
+Description::
++
+--
+Items is a list of downward API volume file
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].downwardAPI.items[]
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+|===
+=== .template.spec.volumes[].downwardAPI.items[].fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .template.spec.volumes[].downwardAPI.items[].resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .template.spec.volumes[].emptyDir
+Description::
++
+--
+Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `medium`
+| `string`
+| medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+| `sizeLimit`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+|===
+=== .template.spec.volumes[].ephemeral
+Description::
++
+--
+Represents an ephemeral volume that is handled by a normal storage driver.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `volumeClaimTemplate`
+| `object`
+| PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+
+|===
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate
+Description::
++
+--
+PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+
+| `spec`
+| `object`
+| PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+
+|===
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec
+Description::
++
+--
+PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `dataSource`
+| `object`
+| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+
+| `dataSourceRef`
+| `object`
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over volumes to consider for binding.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+
+| `volumeMode`
+| `string`
+| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `volumeName`
+| `string`
+| volumeName is the binding reference to the PersistentVolume backing this claim.
+
+|===
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.dataSource
+Description::
++
+--
+TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.dataSourceRef
+Description::
++
+--
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+|===
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .template.spec.volumes[].fc
+Description::
++
+--
+Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `lun`
+| `integer`
+| lun is Optional: FC target lun number
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `targetWWNs`
+| `array (string)`
+| targetWWNs is Optional: FC target worldwide names (WWNs)
+
+| `wwids`
+| `array (string)`
+| wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+
+|===
+=== .template.spec.volumes[].flexVolume
+Description::
++
+--
+FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume.
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
+| `options`
+| `object (string)`
+| options is Optional: this field holds extra command options if any.
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+|===
+=== .template.spec.volumes[].flexVolume.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].flocker
+Description::
++
+--
+Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `datasetName`
+| `string`
+| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+
+| `datasetUUID`
+| `string`
+| datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+
+|===
+=== .template.spec.volumes[].gcePersistentDisk
+Description::
++
+--
+Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `pdName`
+| `string`
+| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+|===
+=== .template.spec.volumes[].gitRepo
+Description::
++
+--
+Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `repository`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `directory`
+| `string`
+| directory is the target directory name. Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the git repository.  Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+
+| `repository`
+| `string`
+| repository is the URL
+
+| `revision`
+| `string`
+| revision is the commit hash for the specified revision.
+
+|===
+=== .template.spec.volumes[].glusterfs
+Description::
++
+--
+Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoints`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endpoints`
+| `string`
+| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `path`
+| `string`
+| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+|===
+=== .template.spec.volumes[].hostPath
+Description::
++
+--
+Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `type`
+| `string`
+| type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
+|===
+=== .template.spec.volumes[].iscsi
+Description::
++
+--
+Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `targetPortal`
+  - `iqn`
+  - `lun`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `chapAuthDiscovery`
+| `boolean`
+| chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+
+| `chapAuthSession`
+| `boolean`
+| chapAuthSession defines whether support iSCSI Session CHAP authentication
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
+| `initiatorName`
+| `string`
+| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
+| `iqn`
+| `string`
+| iqn is the target iSCSI Qualified Name.
+
+| `iscsiInterface`
+| `string`
+| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+| `lun`
+| `integer`
+| lun represents iSCSI Target Lun number.
+
+| `portals`
+| `array (string)`
+| portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `targetPortal`
+| `string`
+| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+|===
+=== .template.spec.volumes[].iscsi.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].nfs
+Description::
++
+--
+Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `server`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `server`
+| `string`
+| server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+|===
+=== .template.spec.volumes[].persistentVolumeClaim
+Description::
++
+--
+PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+--
+
+Type::
+  `object`
+
+Required::
+  - `claimName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claimName`
+| `string`
+| claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
+| `readOnly`
+| `boolean`
+| readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+
+|===
+=== .template.spec.volumes[].photonPersistentDisk
+Description::
++
+--
+Represents a Photon Controller persistent disk resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `pdID`
+| `string`
+| pdID is the ID that identifies Photon Controller persistent disk
+
+|===
+=== .template.spec.volumes[].portworxVolume
+Description::
++
+--
+PortworxVolumeSource represents a Portworx volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `volumeID`
+| `string`
+| volumeID uniquely identifies a Portworx volume
+
+|===
+=== .template.spec.volumes[].projected
+Description::
++
+--
+Represents a projected volume source
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `sources`
+| `array`
+| sources is the list of volume projections
+
+| `sources[]`
+| `object`
+| Projection that may be projected along with other supported volume types
+
+|===
+=== .template.spec.volumes[].projected.sources
+Description::
++
+--
+sources is the list of volume projections
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].projected.sources[]
+Description::
++
+--
+Projection that may be projected along with other supported volume types
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+
+| `downwardAPI`
+| `object`
+| Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+
+| `secret`
+| `object`
+| Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+
+| `serviceAccountToken`
+| `object`
+| ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+|===
+=== .template.spec.volumes[].projected.sources[].configMap
+Description::
++
+--
+Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+=== .template.spec.volumes[].projected.sources[].configMap.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].projected.sources[].configMap.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .template.spec.volumes[].projected.sources[].downwardAPI
+Description::
++
+--
+Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| Items is a list of DownwardAPIVolume file
+
+| `items[]`
+| `object`
+| DownwardAPIVolumeFile represents information to create the file containing the pod field
+
+|===
+=== .template.spec.volumes[].projected.sources[].downwardAPI.items
+Description::
++
+--
+Items is a list of DownwardAPIVolume file
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].projected.sources[].downwardAPI.items[]
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+|===
+=== .template.spec.volumes[].projected.sources[].downwardAPI.items[].fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .template.spec.volumes[].projected.sources[].downwardAPI.items[].resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .template.spec.volumes[].projected.sources[].secret
+Description::
++
+--
+Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its key must be defined
+
+|===
+=== .template.spec.volumes[].projected.sources[].secret.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].projected.sources[].secret.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .template.spec.volumes[].projected.sources[].serviceAccountToken
+Description::
++
+--
+ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audience`
+| `string`
+| audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+
+| `expirationSeconds`
+| `integer`
+| expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+
+| `path`
+| `string`
+| path is the path relative to the mount point of the file to project the token into.
+
+|===
+=== .template.spec.volumes[].quobyte
+Description::
++
+--
+Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `registry`
+  - `volume`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| group to map volume access to Default is no group
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+
+| `registry`
+| `string`
+| registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+
+| `tenant`
+| `string`
+| tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+
+| `user`
+| `string`
+| user to map volume access to Defaults to serivceaccount user
+
+| `volume`
+| `string`
+| volume is a string that references an already created Quobyte volume by name.
+
+|===
+=== .template.spec.volumes[].rbd
+Description::
++
+--
+Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+  - `image`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
+| `image`
+| `string`
+| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `keyring`
+| `string`
+| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `monitors`
+| `array (string)`
+| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `pool`
+| `string`
+| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `user`
+| `string`
+| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+|===
+=== .template.spec.volumes[].rbd.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].scaleIO
+Description::
++
+--
+ScaleIOVolumeSource represents a persistent ScaleIO volume
+--
+
+Type::
+  `object`
+
+Required::
+  - `gateway`
+  - `system`
+  - `secretRef`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+| `gateway`
+| `string`
+| gateway is the host address of the ScaleIO API Gateway.
+
+| `protectionDomain`
+| `string`
+| protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `sslEnabled`
+| `boolean`
+| sslEnabled Flag enable/disable SSL communication with Gateway, default false
+
+| `storageMode`
+| `string`
+| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+| `storagePool`
+| `string`
+| storagePool is the ScaleIO Storage Pool associated with the protection domain.
+
+| `system`
+| `string`
+| system is the name of the storage system as configured in ScaleIO.
+
+| `volumeName`
+| `string`
+| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+
+|===
+=== .template.spec.volumes[].scaleIO.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].secret
+Description::
++
+--
+Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its keys must be defined
+
+| `secretName`
+| `string`
+| secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+
+|===
+=== .template.spec.volumes[].secret.items
+Description::
++
+--
+items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.volumes[].secret.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .template.spec.volumes[].storageos
+Description::
++
+--
+Represents a StorageOS persistent volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `volumeName`
+| `string`
+| volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
+
+| `volumeNamespace`
+| `string`
+| volumeNamespace specifies the scope of the volume within StorageOS.  If no namespace is specified then the Pod's namespace will be used.  This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+|===
+=== .template.spec.volumes[].storageos.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .template.spec.volumes[].vsphereVolume
+Description::
++
+--
+Represents a vSphere volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `storagePolicyID`
+| `string`
+| storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+
+| `storagePolicyName`
+| `string`
+| storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+
+| `volumePath`
+| `string`
+| volumePath is the path that identifies vSphere volume vmdk
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/podtemplates`
+- `GET`: list or watch objects of kind PodTemplate
+* `/api/v1/watch/podtemplates`
+- `GET`: watch individual changes to a list of PodTemplate. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/podtemplates`
+- `DELETE`: delete collection of PodTemplate
+- `GET`: list or watch objects of kind PodTemplate
+- `POST`: create a PodTemplate
+* `/api/v1/watch/namespaces/{namespace}/podtemplates`
+- `GET`: watch individual changes to a list of PodTemplate. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/podtemplates/{name}`
+- `DELETE`: delete a PodTemplate
+- `GET`: read the specified PodTemplate
+- `PATCH`: partially update the specified PodTemplate
+- `PUT`: replace the specified PodTemplate
+* `/api/v1/watch/namespaces/{namespace}/podtemplates/{name}`
+- `GET`: watch changes to an object of kind PodTemplate. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/podtemplates
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PodTemplate
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateList[`PodTemplateList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/podtemplates
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PodTemplate. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/podtemplates
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PodTemplate
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PodTemplate
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateList[`PodTemplateList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PodTemplate
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 201 - Created
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 202 - Accepted
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/podtemplates
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PodTemplate. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/podtemplates/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PodTemplate
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PodTemplate
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 202 - Accepted
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PodTemplate
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PodTemplate
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 201 - Created
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PodTemplate
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 201 - Created
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`PodTemplate`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/podtemplates/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PodTemplate
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PodTemplate. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/replicationcontroller-v1.adoc b/microshift_rest_api/core_apis/replicationcontroller-v1.adoc
new file mode 100644
index 000000000000..6aa0937d149d
--- /dev/null
+++ b/microshift_rest_api/core_apis/replicationcontroller-v1.adoc
@@ -0,0 +1,11058 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="replicationcontroller-v1"]
+= ReplicationController [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ReplicationController represents the configuration of a replication controller.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| ReplicationControllerSpec is the specification of a replication controller.
+
+| `status`
+| `object`
+| ReplicationControllerStatus represents the current status of a replication controller.
+
+|===
+=== .spec
+Description::
++
+--
+ReplicationControllerSpec is the specification of a replication controller.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `minReadySeconds`
+| `integer`
+| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
+| `replicas`
+| `integer`
+| Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
+
+| `selector`
+| `object (string)`
+| Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
+| `template`
+| `object`
+| PodTemplateSpec describes the data a pod should have when created from a template
+
+|===
+=== .spec.template
+Description::
++
+--
+PodTemplateSpec describes the data a pod should have when created from a template
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PodSpec is a description of a pod.
+
+|===
+=== .spec.template.spec
+Description::
++
+--
+PodSpec is a description of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containers`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `activeDeadlineSeconds`
+| `integer`
+| Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+
+| `affinity`
+| `object`
+| Affinity is a group of affinity scheduling rules.
+
+| `automountServiceAccountToken`
+| `boolean`
+| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+
+| `containers`
+| `array`
+| List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+
+| `containers[]`
+| `object`
+| A single application container that you want to run within a pod.
+
+| `dnsConfig`
+| `object`
+| PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+
+| `dnsPolicy`
+| `string`
+| Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+
+Possible enum values:
+ - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings.
+ - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.
+
+| `enableServiceLinks`
+| `boolean`
+| EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.
+
+| `ephemeralContainers`
+| `array`
+| List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+
+| `ephemeralContainers[]`
+| `object`
+| An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+
+| `hostAliases`
+| `array`
+| HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+
+| `hostAliases[]`
+| `object`
+| HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+
+| `hostIPC`
+| `boolean`
+| Use the host's ipc namespace. Optional: Default to false.
+
+| `hostNetwork`
+| `boolean`
+| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
+
+| `hostPID`
+| `boolean`
+| Use the host's pid namespace. Optional: Default to false.
+
+| `hostUsers`
+| `boolean`
+| Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+
+| `hostname`
+| `string`
+| Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+
+| `imagePullSecrets`
+| `array`
+| ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+
+| `imagePullSecrets[]`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `initContainers`
+| `array`
+| List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+
+| `initContainers[]`
+| `object`
+| A single application container that you want to run within a pod.
+
+| `nodeName`
+| `string`
+| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+
+| `nodeSelector`
+| `object (string)`
+| NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+
+| `os`
+| `object`
+| PodOS defines the OS parameters of a pod.
+
+| `overhead`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+
+| `preemptionPolicy`
+| `string`
+| PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
+| `priority`
+| `integer`
+| The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
+
+| `priorityClassName`
+| `string`
+| If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+
+| `readinessGates`
+| `array`
+| If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+
+| `readinessGates[]`
+| `object`
+| PodReadinessGate contains the reference to a pod condition
+
+| `resourceClaims`
+| `array`
+| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+
+| `resourceClaims[]`
+| `object`
+| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+
+| `restartPolicy`
+| `string`
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+
+Possible enum values:
+ - `"Always"`
+ - `"Never"`
+ - `"OnFailure"`
+
+| `runtimeClassName`
+| `string`
+| RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+
+| `schedulerName`
+| `string`
+| If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+
+| `schedulingGates`
+| `array`
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+
+| `schedulingGates[]`
+| `object`
+| PodSchedulingGate is associated to a Pod to guard its scheduling.
+
+| `securityContext`
+| `object`
+| PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+
+| `serviceAccount`
+| `string`
+| DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
+
+| `serviceAccountName`
+| `string`
+| ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
+| `setHostnameAsFQDN`
+| `boolean`
+| If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.
+
+| `shareProcessNamespace`
+| `boolean`
+| Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.
+
+| `subdomain`
+| `string`
+| If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
+
+| `tolerations`
+| `array`
+| If specified, the pod's tolerations.
+
+| `tolerations[]`
+| `object`
+| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+
+| `topologySpreadConstraints`
+| `array`
+| TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+
+| `topologySpreadConstraints[]`
+| `object`
+| TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+
+| `volumes`
+| `array`
+| List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+
+| `volumes[]`
+| `object`
+| Volume represents a named volume in a pod that may be accessed by any container in the pod.
+
+|===
+=== .spec.template.spec.affinity
+Description::
++
+--
+Affinity is a group of affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeAffinity`
+| `object`
+| Node affinity is a group of node affinity scheduling rules.
+
+| `podAffinity`
+| `object`
+| Pod affinity is a group of inter pod affinity scheduling rules.
+
+| `podAntiAffinity`
+| `object`
+| Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity
+Description::
++
+--
+Node affinity is a group of node affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `object`
+| A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `preference`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preference`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+| `weight`
+| `integer`
+| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+--
+
+Type::
+  `object`
+
+Required::
+  - `nodeSelectorTerms`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelectorTerms`
+| `array`
+| Required. A list of node selector terms. The terms are ORed.
+
+| `nodeSelectorTerms[]`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
+Description::
++
+--
+Required. A list of node selector terms. The terms are ORed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.template.spec.affinity.podAffinity
+Description::
++
+--
+Pod affinity is a group of inter pod affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.template.spec.affinity.podAntiAffinity
+Description::
++
+--
+Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.template.spec.containers
+Description::
++
+--
+List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[]
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| `array`
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .spec.template.spec.containers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .spec.template.spec.containers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .spec.template.spec.containers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.template.spec.containers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.template.spec.containers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.template.spec.containers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.template.spec.containers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .spec.template.spec.containers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .spec.template.spec.containers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .spec.template.spec.containers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .spec.template.spec.containers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.template.spec.containers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.containers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.containers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.containers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.containers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.template.spec.containers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.containers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.containers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.containers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.containers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.containers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.containers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.containers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.containers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.containers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.containers[].ports
+Description::
++
+--
+List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.template.spec.containers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.containers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.containers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.containers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.containers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.containers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .spec.template.spec.containers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.template.spec.containers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.template.spec.containers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.template.spec.containers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .spec.template.spec.containers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.template.spec.containers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.template.spec.containers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.template.spec.containers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.containers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.containers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.containers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.containers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.containers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.containers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .spec.template.spec.containers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .spec.template.spec.dnsConfig
+Description::
++
+--
+PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
+
+| `options`
+| `array`
+| A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+
+| `options[]`
+| `object`
+| PodDNSConfigOption defines DNS resolver options of a pod.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+
+|===
+=== .spec.template.spec.dnsConfig.options
+Description::
++
+--
+A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.dnsConfig.options[]
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Required.
+
+| `value`
+| `string`
+|
+
+|===
+=== .spec.template.spec.ephemeralContainers
+Description::
++
+--
+List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[]
+Description::
++
+--
+An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
+
+| `ports`
+| `array`
+| Ports are not allowed for ephemeral containers.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `targetContainerName`
+| `string`
+| If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.template.spec.ephemeralContainers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.template.spec.ephemeralContainers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.template.spec.ephemeralContainers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .spec.template.spec.ephemeralContainers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.ephemeralContainers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.ephemeralContainers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.ephemeralContainers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.ephemeralContainers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].ports
+Description::
++
+--
+Ports are not allowed for ephemeral containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.ephemeralContainers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.ephemeralContainers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.ephemeralContainers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.template.spec.ephemeralContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .spec.template.spec.ephemeralContainers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.template.spec.ephemeralContainers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.ephemeralContainers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.ephemeralContainers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.ephemeralContainers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.ephemeralContainers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .spec.template.spec.ephemeralContainers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .spec.template.spec.hostAliases
+Description::
++
+--
+HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.hostAliases[]
+Description::
++
+--
+HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostnames`
+| `array (string)`
+| Hostnames for the above IP address.
+
+| `ip`
+| `string`
+| IP address of the host file entry.
+
+|===
+=== .spec.template.spec.imagePullSecrets
+Description::
++
+--
+ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.imagePullSecrets[]
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.initContainers
+Description::
++
+--
+List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[]
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| `array`
+| List of environment variables to set in the container. Cannot be updated.
+
+| `env[]`
+| `object`
+| EnvVar represents an environment variable present in a Container.
+
+| `envFrom`
+| `array`
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `envFrom[]`
+| `object`
+| EnvFromSource represents the source of a set of ConfigMaps
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| `object`
+| Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+
+| `livenessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| `array`
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `ports[]`
+| `object`
+| ContainerPort represents a network port in a single container.
+
+| `readinessProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `securityContext`
+| `object`
+| SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+
+| `startupProbe`
+| `object`
+| Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| `array`
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeDevices[]`
+| `object`
+| volumeDevice describes a mapping of a raw block device within a container.
+
+| `volumeMounts`
+| `array`
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+=== .spec.template.spec.initContainers[].env
+Description::
++
+--
+List of environment variables to set in the container. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].env[]
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| `object`
+| EnvVarSource represents a source for the value of an EnvVar.
+
+|===
+=== .spec.template.spec.initContainers[].env[].valueFrom
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| `object`
+| Selects a key from a ConfigMap.
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+| `secretKeyRef`
+| `object`
+| SecretKeySelector selects a key of a Secret.
+
+|===
+=== .spec.template.spec.initContainers[].env[].valueFrom.configMapKeyRef
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.template.spec.initContainers[].env[].valueFrom.fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.template.spec.initContainers[].env[].valueFrom.resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.template.spec.initContainers[].env[].valueFrom.secretKeyRef
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.template.spec.initContainers[].envFrom
+Description::
++
+--
+List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].envFrom[]
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| `object`
+| ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| `object`
+| SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+
+|===
+=== .spec.template.spec.initContainers[].envFrom[].configMapRef
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+=== .spec.template.spec.initContainers[].envFrom[].secretRef
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+| `preStop`
+| `object`
+| LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.postStart
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.postStart.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.postStart.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].lifecycle.postStart.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.postStart.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.preStop
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.preStop.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.preStop.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].lifecycle.preStop.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.initContainers[].lifecycle.preStop.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.initContainers[].livenessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.initContainers[].livenessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.initContainers[].livenessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.initContainers[].livenessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.initContainers[].livenessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].livenessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.initContainers[].livenessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.initContainers[].ports
+Description::
++
+--
+List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].ports[]
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.template.spec.initContainers[].readinessProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.initContainers[].readinessProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.initContainers[].readinessProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.initContainers[].readinessProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.initContainers[].readinessProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].readinessProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.initContainers[].readinessProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+=== .spec.template.spec.initContainers[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.template.spec.initContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.template.spec.initContainers[].securityContext
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| `object`
+| Adds and removes POSIX capabilities from running containers.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.template.spec.initContainers[].securityContext.capabilities
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+=== .spec.template.spec.initContainers[].securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.template.spec.initContainers[].securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.template.spec.initContainers[].securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.template.spec.initContainers[].startupProbe
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| `object`
+| ExecAction describes a "run in container" action.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| `object`
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| `object`
+| HTTPGetAction describes an action based on HTTP Get requests.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| `object`
+| TCPSocketAction describes an action based on opening a socket
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+=== .spec.template.spec.initContainers[].startupProbe.exec
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+=== .spec.template.spec.initContainers[].startupProbe.grpc
+Description::
++
+--
+GRPC specifies an action involving a GRPC port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+=== .spec.template.spec.initContainers[].startupProbe.httpGet
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| `array`
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `httpHeaders[]`
+| `object`
+| HTTPHeader describes a custom header to be used in HTTP probes
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+=== .spec.template.spec.initContainers[].startupProbe.httpGet.httpHeaders
+Description::
++
+--
+Custom headers to set in the request. HTTP allows repeated headers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].startupProbe.httpGet.httpHeaders[]
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+=== .spec.template.spec.initContainers[].startupProbe.tcpSocket
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+=== .spec.template.spec.initContainers[].volumeDevices
+Description::
++
+--
+volumeDevices is the list of block devices to be used by the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].volumeDevices[]
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+=== .spec.template.spec.initContainers[].volumeMounts
+Description::
++
+--
+Pod volumes to mount into the container's filesystem. Cannot be updated.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+=== .spec.template.spec.os
+Description::
++
+--
+PodOS defines the OS parameters of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+
+|===
+=== .spec.template.spec.readinessGates
+Description::
++
+--
+If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.readinessGates[]
+Description::
++
+--
+PodReadinessGate contains the reference to a pod condition
+--
+
+Type::
+  `object`
+
+Required::
+  - `conditionType`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditionType`
+| `string`
+| ConditionType refers to a condition in the pod's condition list with matching type.
+
+|===
+=== .spec.template.spec.resourceClaims
+Description::
++
+--
+ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.resourceClaims[]
+Description::
++
+--
+PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
+
+| `source`
+| `object`
+| ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+
+|===
+=== .spec.template.spec.resourceClaims[].source
+Description::
++
+--
+ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceClaimName`
+| `string`
+| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
+
+| `resourceClaimTemplateName`
+| `string`
+| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
+
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
+
+An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+
+This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
+
+|===
+=== .spec.template.spec.schedulingGates
+Description::
++
+--
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.schedulingGates[]
+Description::
++
+--
+PodSchedulingGate is associated to a Pod to guard its scheduling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the scheduling gate. Each scheduling gate must have a unique name field.
+
+|===
+=== .spec.template.spec.securityContext
+Description::
++
+--
+PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsGroup`
+| `integer`
+| A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
+
+1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
+
+If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+
+| `fsGroupChangePolicy`
+| `string`
+| fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| `object`
+| SELinuxOptions are the labels to be applied to the container
+
+| `seccompProfile`
+| `object`
+| SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+
+| `supplementalGroups`
+| `array (integer)`
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls`
+| `array`
+| Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls[]`
+| `object`
+| Sysctl defines a kernel parameter to be set
+
+| `windowsOptions`
+| `object`
+| WindowsSecurityContextOptions contain Windows-specific options and credentials.
+
+|===
+=== .spec.template.spec.securityContext.seLinuxOptions
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+=== .spec.template.spec.securityContext.seccompProfile
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+=== .spec.template.spec.securityContext.sysctls
+Description::
++
+--
+Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.securityContext.sysctls[]
+Description::
++
+--
+Sysctl defines a kernel parameter to be set
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of a property to set
+
+| `value`
+| `string`
+| Value of a property to set
+
+|===
+=== .spec.template.spec.securityContext.windowsOptions
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+=== .spec.template.spec.tolerations
+Description::
++
+--
+If specified, the pod's tolerations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.tolerations[]
+Description::
++
+--
+The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `effect`
+| `string`
+| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+
+Possible enum values:
+ - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.
+ - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.
+ - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.
+
+| `key`
+| `string`
+| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+
+| `operator`
+| `string`
+| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+
+Possible enum values:
+ - `"Equal"`
+ - `"Exists"`
+
+| `tolerationSeconds`
+| `integer`
+| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
+| `value`
+| `string`
+| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+|===
+=== .spec.template.spec.topologySpreadConstraints
+Description::
++
+--
+TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.topologySpreadConstraints[]
+Description::
++
+--
+TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+--
+
+Type::
+  `object`
+
+Required::
+  - `maxSkew`
+  - `topologyKey`
+  - `whenUnsatisfiable`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+
+| `matchLabelKeys`
+| `array (string)`
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `maxSkew`
+| `integer`
+| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|   P   \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
+| `minDomains`
+| `integer`
+| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|  P P  \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
+
+This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `nodeAffinityPolicy`
+| `string`
+| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `nodeTaintsPolicy`
+| `string`
+| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
+
+If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `topologyKey`
+| `string`
+| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+
+| `whenUnsatisfiable`
+| `string`
+| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+  but giving higher precedence to topologies that would help reduce the
+  skew.
+A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \|   P   \|   P   \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+
+Possible enum values:
+ - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied.
+ - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied.
+
+|===
+=== .spec.template.spec.volumes
+Description::
++
+--
+List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[]
+Description::
++
+--
+Volume represents a named volume in a pod that may be accessed by any container in the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `awsElasticBlockStore`
+| `object`
+| Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+
+| `azureDisk`
+| `object`
+| AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+
+| `azureFile`
+| `object`
+| AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+
+| `cephfs`
+| `object`
+| Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+
+| `cinder`
+| `object`
+| Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+
+| `configMap`
+| `object`
+| Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+
+| `csi`
+| `object`
+| Represents a source location of a volume to mount, managed by an external CSI driver
+
+| `downwardAPI`
+| `object`
+| DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+
+| `emptyDir`
+| `object`
+| Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+
+| `ephemeral`
+| `object`
+| Represents an ephemeral volume that is handled by a normal storage driver.
+
+| `fc`
+| `object`
+| Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+
+| `flexVolume`
+| `object`
+| FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+
+| `flocker`
+| `object`
+| Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+
+| `gcePersistentDisk`
+| `object`
+| Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+
+| `gitRepo`
+| `object`
+| Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+
+| `glusterfs`
+| `object`
+| Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+
+| `hostPath`
+| `object`
+| Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+
+| `iscsi`
+| `object`
+| Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+
+| `name`
+| `string`
+| name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `nfs`
+| `object`
+| Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+
+| `persistentVolumeClaim`
+| `object`
+| PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+
+| `photonPersistentDisk`
+| `object`
+| Represents a Photon Controller persistent disk resource.
+
+| `portworxVolume`
+| `object`
+| PortworxVolumeSource represents a Portworx volume resource.
+
+| `projected`
+| `object`
+| Represents a projected volume source
+
+| `quobyte`
+| `object`
+| Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+
+| `rbd`
+| `object`
+| Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+
+| `scaleIO`
+| `object`
+| ScaleIOVolumeSource represents a persistent ScaleIO volume
+
+| `secret`
+| `object`
+| Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+
+| `storageos`
+| `object`
+| Represents a StorageOS persistent volume resource.
+
+| `vsphereVolume`
+| `object`
+| Represents a vSphere volume resource.
+
+|===
+=== .spec.template.spec.volumes[].awsElasticBlockStore
+Description::
++
+--
+Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+| `readOnly`
+| `boolean`
+| readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `volumeID`
+| `string`
+| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+|===
+=== .spec.template.spec.volumes[].azureDisk
+Description::
++
+--
+AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `diskName`
+  - `diskURI`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cachingMode`
+| `string`
+| cachingMode is the Host Caching mode: None, Read Only, Read Write.
+
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
+| `diskName`
+| `string`
+| diskName is the Name of the data disk in the blob storage
+
+| `diskURI`
+| `string`
+| diskURI is the URI of data disk in the blob storage
+
+| `fsType`
+| `string`
+| fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `kind`
+| `string`
+| kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
+
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+|===
+=== .spec.template.spec.volumes[].azureFile
+Description::
++
+--
+AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `secretName`
+  - `shareName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretName`
+| `string`
+| secretName is the  name of secret that contains Azure Storage Account Name and Key
+
+| `shareName`
+| `string`
+| shareName is the azure share Name
+
+|===
+=== .spec.template.spec.volumes[].cephfs
+Description::
++
+--
+Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `monitors`
+| `array (string)`
+| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `path`
+| `string`
+| path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretFile`
+| `string`
+| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `user`
+| `string`
+| user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+|===
+=== .spec.template.spec.volumes[].cephfs.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].cinder
+Description::
++
+--
+Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `volumeID`
+| `string`
+| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+|===
+=== .spec.template.spec.volumes[].cinder.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].configMap
+Description::
++
+--
+Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+=== .spec.template.spec.volumes[].configMap.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].configMap.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.template.spec.volumes[].csi
+Description::
++
+--
+Represents a source location of a volume to mount, managed by an external CSI driver
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+
+| `fsType`
+| `string`
+| fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+
+| `nodePublishSecretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `readOnly`
+| `boolean`
+| readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+
+| `volumeAttributes`
+| `object (string)`
+| volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+
+|===
+=== .spec.template.spec.volumes[].csi.nodePublishSecretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].downwardAPI
+Description::
++
+--
+DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| Items is a list of downward API volume file
+
+| `items[]`
+| `object`
+| DownwardAPIVolumeFile represents information to create the file containing the pod field
+
+|===
+=== .spec.template.spec.volumes[].downwardAPI.items
+Description::
++
+--
+Items is a list of downward API volume file
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].downwardAPI.items[]
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+|===
+=== .spec.template.spec.volumes[].downwardAPI.items[].fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.template.spec.volumes[].downwardAPI.items[].resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.template.spec.volumes[].emptyDir
+Description::
++
+--
+Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `medium`
+| `string`
+| medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+| `sizeLimit`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+|===
+=== .spec.template.spec.volumes[].ephemeral
+Description::
++
+--
+Represents an ephemeral volume that is handled by a normal storage driver.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `volumeClaimTemplate`
+| `object`
+| PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+
+|===
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate
+Description::
++
+--
+PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+
+| `spec`
+| `object`
+| PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+
+|===
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec
+Description::
++
+--
+PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `dataSource`
+| `object`
+| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+
+| `dataSourceRef`
+| `object`
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over volumes to consider for binding.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+
+| `volumeMode`
+| `string`
+| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `volumeName`
+| `string`
+| volumeName is the binding reference to the PersistentVolume backing this claim.
+
+|===
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.dataSource
+Description::
++
+--
+TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.dataSourceRef
+Description::
++
+--
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+|===
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .spec.template.spec.volumes[].fc
+Description::
++
+--
+Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `lun`
+| `integer`
+| lun is Optional: FC target lun number
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `targetWWNs`
+| `array (string)`
+| targetWWNs is Optional: FC target worldwide names (WWNs)
+
+| `wwids`
+| `array (string)`
+| wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+
+|===
+=== .spec.template.spec.volumes[].flexVolume
+Description::
++
+--
+FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume.
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
+| `options`
+| `object (string)`
+| options is Optional: this field holds extra command options if any.
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+|===
+=== .spec.template.spec.volumes[].flexVolume.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].flocker
+Description::
++
+--
+Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `datasetName`
+| `string`
+| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+
+| `datasetUUID`
+| `string`
+| datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+
+|===
+=== .spec.template.spec.volumes[].gcePersistentDisk
+Description::
++
+--
+Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `pdName`
+| `string`
+| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+|===
+=== .spec.template.spec.volumes[].gitRepo
+Description::
++
+--
+Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `repository`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `directory`
+| `string`
+| directory is the target directory name. Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the git repository.  Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+
+| `repository`
+| `string`
+| repository is the URL
+
+| `revision`
+| `string`
+| revision is the commit hash for the specified revision.
+
+|===
+=== .spec.template.spec.volumes[].glusterfs
+Description::
++
+--
+Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoints`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endpoints`
+| `string`
+| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `path`
+| `string`
+| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+|===
+=== .spec.template.spec.volumes[].hostPath
+Description::
++
+--
+Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `type`
+| `string`
+| type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
+|===
+=== .spec.template.spec.volumes[].iscsi
+Description::
++
+--
+Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `targetPortal`
+  - `iqn`
+  - `lun`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `chapAuthDiscovery`
+| `boolean`
+| chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+
+| `chapAuthSession`
+| `boolean`
+| chapAuthSession defines whether support iSCSI Session CHAP authentication
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
+| `initiatorName`
+| `string`
+| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
+| `iqn`
+| `string`
+| iqn is the target iSCSI Qualified Name.
+
+| `iscsiInterface`
+| `string`
+| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+| `lun`
+| `integer`
+| lun represents iSCSI Target Lun number.
+
+| `portals`
+| `array (string)`
+| portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `targetPortal`
+| `string`
+| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+|===
+=== .spec.template.spec.volumes[].iscsi.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].nfs
+Description::
++
+--
+Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `server`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `server`
+| `string`
+| server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+|===
+=== .spec.template.spec.volumes[].persistentVolumeClaim
+Description::
++
+--
+PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+--
+
+Type::
+  `object`
+
+Required::
+  - `claimName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claimName`
+| `string`
+| claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
+| `readOnly`
+| `boolean`
+| readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+
+|===
+=== .spec.template.spec.volumes[].photonPersistentDisk
+Description::
++
+--
+Represents a Photon Controller persistent disk resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `pdID`
+| `string`
+| pdID is the ID that identifies Photon Controller persistent disk
+
+|===
+=== .spec.template.spec.volumes[].portworxVolume
+Description::
++
+--
+PortworxVolumeSource represents a Portworx volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `volumeID`
+| `string`
+| volumeID uniquely identifies a Portworx volume
+
+|===
+=== .spec.template.spec.volumes[].projected
+Description::
++
+--
+Represents a projected volume source
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `sources`
+| `array`
+| sources is the list of volume projections
+
+| `sources[]`
+| `object`
+| Projection that may be projected along with other supported volume types
+
+|===
+=== .spec.template.spec.volumes[].projected.sources
+Description::
++
+--
+sources is the list of volume projections
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].projected.sources[]
+Description::
++
+--
+Projection that may be projected along with other supported volume types
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+
+| `downwardAPI`
+| `object`
+| Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+
+| `secret`
+| `object`
+| Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+
+| `serviceAccountToken`
+| `object`
+| ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].configMap
+Description::
++
+--
+Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].configMap.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].projected.sources[].configMap.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].downwardAPI
+Description::
++
+--
+Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| Items is a list of DownwardAPIVolume file
+
+| `items[]`
+| `object`
+| DownwardAPIVolumeFile represents information to create the file containing the pod field
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].downwardAPI.items
+Description::
++
+--
+Items is a list of DownwardAPIVolume file
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].projected.sources[].downwardAPI.items[]
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| `object`
+| ObjectFieldSelector selects an APIVersioned field of an object.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| `object`
+| ResourceFieldSelector represents container resources (cpu, memory) and their output format
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].downwardAPI.items[].fieldRef
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].downwardAPI.items[].resourceFieldRef
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].secret
+Description::
++
+--
+Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| `array`
+| items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its key must be defined
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].secret.items
+Description::
++
+--
+items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].projected.sources[].secret.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.template.spec.volumes[].projected.sources[].serviceAccountToken
+Description::
++
+--
+ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audience`
+| `string`
+| audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+
+| `expirationSeconds`
+| `integer`
+| expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+
+| `path`
+| `string`
+| path is the path relative to the mount point of the file to project the token into.
+
+|===
+=== .spec.template.spec.volumes[].quobyte
+Description::
++
+--
+Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `registry`
+  - `volume`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| group to map volume access to Default is no group
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+
+| `registry`
+| `string`
+| registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+
+| `tenant`
+| `string`
+| tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+
+| `user`
+| `string`
+| user to map volume access to Defaults to serivceaccount user
+
+| `volume`
+| `string`
+| volume is a string that references an already created Quobyte volume by name.
+
+|===
+=== .spec.template.spec.volumes[].rbd
+Description::
++
+--
+Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+  - `image`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
+| `image`
+| `string`
+| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `keyring`
+| `string`
+| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `monitors`
+| `array (string)`
+| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `pool`
+| `string`
+| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `user`
+| `string`
+| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+|===
+=== .spec.template.spec.volumes[].rbd.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].scaleIO
+Description::
++
+--
+ScaleIOVolumeSource represents a persistent ScaleIO volume
+--
+
+Type::
+  `object`
+
+Required::
+  - `gateway`
+  - `system`
+  - `secretRef`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+| `gateway`
+| `string`
+| gateway is the host address of the ScaleIO API Gateway.
+
+| `protectionDomain`
+| `string`
+| protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `sslEnabled`
+| `boolean`
+| sslEnabled Flag enable/disable SSL communication with Gateway, default false
+
+| `storageMode`
+| `string`
+| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+| `storagePool`
+| `string`
+| storagePool is the ScaleIO Storage Pool associated with the protection domain.
+
+| `system`
+| `string`
+| system is the name of the storage system as configured in ScaleIO.
+
+| `volumeName`
+| `string`
+| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+
+|===
+=== .spec.template.spec.volumes[].scaleIO.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].secret
+Description::
++
+--
+Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| `array`
+| items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `items[]`
+| `object`
+| Maps a string key to a path within a volume.
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its keys must be defined
+
+| `secretName`
+| `string`
+| secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+
+|===
+=== .spec.template.spec.volumes[].secret.items
+Description::
++
+--
+items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.volumes[].secret.items[]
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+=== .spec.template.spec.volumes[].storageos
+Description::
++
+--
+Represents a StorageOS persistent volume resource.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `volumeName`
+| `string`
+| volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
+
+| `volumeNamespace`
+| `string`
+| volumeNamespace specifies the scope of the volume within StorageOS.  If no namespace is specified then the Pod's namespace will be used.  This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+|===
+=== .spec.template.spec.volumes[].storageos.secretRef
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .spec.template.spec.volumes[].vsphereVolume
+Description::
++
+--
+Represents a vSphere volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumePath`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `storagePolicyID`
+| `string`
+| storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+
+| `storagePolicyName`
+| `string`
+| storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+
+| `volumePath`
+| `string`
+| volumePath is the path that identifies vSphere volume vmdk
+
+|===
+=== .status
+Description::
++
+--
+ReplicationControllerStatus represents the current status of a replication controller.
+--
+
+Type::
+  `object`
+
+Required::
+  - `replicas`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `availableReplicas`
+| `integer`
+| The number of available replicas (ready for at least minReadySeconds) for this replication controller.
+
+| `conditions`
+| `array`
+| Represents the latest available observations of a replication controller's current state.
+
+| `conditions[]`
+| `object`
+| ReplicationControllerCondition describes the state of a replication controller at a certain point.
+
+| `fullyLabeledReplicas`
+| `integer`
+| The number of pods that have labels matching the labels of the pod template of the replication controller.
+
+| `observedGeneration`
+| `integer`
+| ObservedGeneration reflects the generation of the most recently observed replication controller.
+
+| `readyReplicas`
+| `integer`
+| The number of ready replicas for this replication controller.
+
+| `replicas`
+| `integer`
+| Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
+
+|===
+=== .status.conditions
+Description::
++
+--
+Represents the latest available observations of a replication controller's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+ReplicationControllerCondition describes the state of a replication controller at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| The last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| A human readable message indicating details about the transition.
+
+| `reason`
+| `string`
+| The reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of replication controller condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/replicationcontrollers`
+- `GET`: list or watch objects of kind ReplicationController
+* `/api/v1/watch/replicationcontrollers`
+- `GET`: watch individual changes to a list of ReplicationController. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/replicationcontrollers`
+- `DELETE`: delete collection of ReplicationController
+- `GET`: list or watch objects of kind ReplicationController
+- `POST`: create a ReplicationController
+* `/api/v1/watch/namespaces/{namespace}/replicationcontrollers`
+- `GET`: watch individual changes to a list of ReplicationController. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/replicationcontrollers/{name}`
+- `DELETE`: delete a ReplicationController
+- `GET`: read the specified ReplicationController
+- `PATCH`: partially update the specified ReplicationController
+- `PUT`: replace the specified ReplicationController
+* `/api/v1/watch/namespaces/{namespace}/replicationcontrollers/{name}`
+- `GET`: watch changes to an object of kind ReplicationController. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status`
+- `GET`: read status of the specified ReplicationController
+- `PATCH`: partially update status of the specified ReplicationController
+- `PUT`: replace status of the specified ReplicationController
+
+
+=== /api/v1/replicationcontrollers
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ReplicationController
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ReplicationControllerList[`ReplicationControllerList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/replicationcontrollers
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ReplicationController. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/replicationcontrollers
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ReplicationControllerList[`ReplicationControllerList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 201 - Created
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 202 - Accepted
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/replicationcontrollers
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ReplicationController. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/replicationcontrollers/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ReplicationController
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ReplicationController
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 201 - Created
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 201 - Created
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/replicationcontrollers/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ReplicationController
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ReplicationController. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ReplicationController
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified ReplicationController
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 201 - Created
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified ReplicationController
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 201 - Created
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`ReplicationController`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/resourcequota-v1.adoc b/microshift_rest_api/core_apis/resourcequota-v1.adoc
new file mode 100644
index 000000000000..af6d730e1060
--- /dev/null
+++ b/microshift_rest_api/core_apis/resourcequota-v1.adoc
@@ -0,0 +1,1091 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="resourcequota-v1"]
+= ResourceQuota [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ResourceQuota sets aggregate quota restrictions enforced per namespace
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
+
+| `status`
+| `object`
+| ResourceQuotaStatus defines the enforced hard limits and observed use.
+
+|===
+=== .spec
+Description::
++
+--
+ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hard`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+
+| `scopeSelector`
+| `object`
+| A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.
+
+| `scopes`
+| `array (string)`
+| A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
+
+|===
+=== .spec.scopeSelector
+Description::
++
+--
+A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of scope selector requirements by scope of the resources.
+
+| `matchExpressions[]`
+| `object`
+| A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
+
+|===
+=== .spec.scopeSelector.matchExpressions
+Description::
++
+--
+A list of scope selector requirements by scope of the resources.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.scopeSelector.matchExpressions[]
+Description::
++
+--
+A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `scopeName`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `operator`
+| `string`
+| Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"In"`
+ - `"NotIn"`
+
+| `scopeName`
+| `string`
+| The name of the scope that the selector applies to.
+
+Possible enum values:
+ - `"BestEffort"` Match all pod objects that have best effort quality of service
+ - `"CrossNamespacePodAffinity"` Match all pod objects that have cross-namespace pod (anti)affinity mentioned.
+ - `"NotBestEffort"` Match all pod objects that do not have best effort quality of service
+ - `"NotTerminating"` Match all pod objects where spec.activeDeadlineSeconds is nil
+ - `"PriorityClass"` Match all pod objects that have priority class mentioned
+ - `"Terminating"` Match all pod objects where spec.activeDeadlineSeconds >=0
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .status
+Description::
++
+--
+ResourceQuotaStatus defines the enforced hard limits and observed use.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hard`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+
+| `used`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Used is the current observed total usage of the resource in the namespace.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/resourcequotas`
+- `GET`: list or watch objects of kind ResourceQuota
+* `/api/v1/watch/resourcequotas`
+- `GET`: watch individual changes to a list of ResourceQuota. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/resourcequotas`
+- `DELETE`: delete collection of ResourceQuota
+- `GET`: list or watch objects of kind ResourceQuota
+- `POST`: create a ResourceQuota
+* `/api/v1/watch/namespaces/{namespace}/resourcequotas`
+- `GET`: watch individual changes to a list of ResourceQuota. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/resourcequotas/{name}`
+- `DELETE`: delete a ResourceQuota
+- `GET`: read the specified ResourceQuota
+- `PATCH`: partially update the specified ResourceQuota
+- `PUT`: replace the specified ResourceQuota
+* `/api/v1/watch/namespaces/{namespace}/resourcequotas/{name}`
+- `GET`: watch changes to an object of kind ResourceQuota. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/namespaces/{namespace}/resourcequotas/{name}/status`
+- `GET`: read status of the specified ResourceQuota
+- `PATCH`: partially update status of the specified ResourceQuota
+- `PUT`: replace status of the specified ResourceQuota
+
+
+=== /api/v1/resourcequotas
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ResourceQuota
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceQuotaList[`ResourceQuotaList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/resourcequotas
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ResourceQuota. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/resourcequotas
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceQuotaList[`ResourceQuotaList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 201 - Created
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 202 - Accepted
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/resourcequotas
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ResourceQuota. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/resourcequotas/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ResourceQuota
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 202 - Accepted
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ResourceQuota
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 201 - Created
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 201 - Created
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/resourcequotas/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ResourceQuota
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ResourceQuota. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/resourcequotas/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ResourceQuota
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified ResourceQuota
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 201 - Created
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified ResourceQuota
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 201 - Created
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`ResourceQuota`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/secret-v1.adoc b/microshift_rest_api/core_apis/secret-v1.adoc
new file mode 100644
index 000000000000..590ad37c5ffa
--- /dev/null
+++ b/microshift_rest_api/core_apis/secret-v1.adoc
@@ -0,0 +1,823 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="secret-v1"]
+= Secret [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `data`
+| `object (string)`
+| Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
+
+| `immutable`
+| `boolean`
+| Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `stringData`
+| `object (string)`
+| stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.
+
+| `type`
+| `string`
+| Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/secrets`
+- `GET`: list or watch objects of kind Secret
+* `/api/v1/watch/secrets`
+- `GET`: watch individual changes to a list of Secret. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/secrets`
+- `DELETE`: delete collection of Secret
+- `GET`: list or watch objects of kind Secret
+- `POST`: create a Secret
+* `/api/v1/watch/namespaces/{namespace}/secrets`
+- `GET`: watch individual changes to a list of Secret. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/secrets/{name}`
+- `DELETE`: delete a Secret
+- `GET`: read the specified Secret
+- `PATCH`: partially update the specified Secret
+- `PUT`: replace the specified Secret
+* `/api/v1/watch/namespaces/{namespace}/secrets/{name}`
+- `GET`: watch changes to an object of kind Secret. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/secrets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Secret
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretList[`SecretList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/secrets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Secret. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/secrets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Secret
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Secret
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretList[`SecretList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Secret
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 201 - Created
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 202 - Accepted
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/secrets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Secret. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/secrets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Secret
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Secret
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Secret
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Secret
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 201 - Created
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Secret
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 201 - Created
+| xref:../core_apis/secret-v1.adoc#secret-v1[`Secret`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/secrets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Secret
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Secret. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/service-v1.adoc b/microshift_rest_api/core_apis/service-v1.adoc
new file mode 100644
index 000000000000..e6699ed05b59
--- /dev/null
+++ b/microshift_rest_api/core_apis/service-v1.adoc
@@ -0,0 +1,1335 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="service-v1"]
+= Service [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| ServiceSpec describes the attributes that a user creates on a service.
+
+| `status`
+| `object`
+| ServiceStatus represents the current status of a service.
+
+|===
+=== .spec
+Description::
++
+--
+ServiceSpec describes the attributes that a user creates on a service.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allocateLoadBalancerNodePorts`
+| `boolean`
+| allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer.  Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts.  If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+
+| `clusterIP`
+| `string`
+| clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above).  Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required.  Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
+| `clusterIPs`
+| `array (string)`
+| ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly.  If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above).  Valid values are "None", empty string (""), or a valid IP address.  Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required.  Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName.  If this field is not specified, it will be initialized from the clusterIP field.  If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.
+
+This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
+| `externalIPs`
+| `array (string)`
+| externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service.  These IPs are not managed by Kubernetes.  The user is responsible for ensuring that traffic arrives at a node with this IP.  A common example is external load-balancers that are not part of the Kubernetes system.
+
+| `externalName`
+| `string`
+| externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved.  Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+
+| `externalTrafficPolicy`
+| `string`
+| externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+
+Possible enum values:
+ - `"Cluster"`
+ - `"Cluster"` routes traffic to all endpoints.
+ - `"Local"`
+ - `"Local"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).
+
+| `healthCheckNodePort`
+| `integer`
+| healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used.  If not specified, a value will be automatically allocated.  External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not.  If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+
+| `internalTrafficPolicy`
+| `string`
+| InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+
+Possible enum values:
+ - `"Cluster"` routes traffic to all endpoints.
+ - `"Local"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).
+
+| `ipFamilies`
+| `array (string)`
+| IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6".  This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName.
+
+This field may hold a maximum of two entries (dual-stack families, in either order).  These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+
+| `ipFamilyPolicy`
+| `string`
+| IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+
+Possible enum values:
+ - `"PreferDualStack"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster
+ - `"RequireDualStack"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver
+ - `"SingleStack"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field
+
+| `loadBalancerClass`
+| `string`
+| loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+
+| `loadBalancerIP`
+| `string`
+| Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.
+
+| `loadBalancerSourceRanges`
+| `array (string)`
+| If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+
+| `ports`
+| `array`
+| The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
+| `ports[]`
+| `object`
+| ServicePort contains information on service's port.
+
+| `publishNotReadyAddresses`
+| `boolean`
+| publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+
+| `selector`
+| `object (string)`
+| Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/
+
+| `sessionAffinity`
+| `string`
+| Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
+Possible enum values:
+ - `"ClientIP"` is the Client IP based.
+ - `"None"` - no session affinity.
+
+| `sessionAffinityConfig`
+| `object`
+| SessionAffinityConfig represents the configurations of session affinity.
+
+| `type`
+| `string`
+| type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+
+Possible enum values:
+ - `"ClusterIP"` means a service will only be accessible inside the cluster, via the cluster IP.
+ - `"ExternalName"` means a service consists of only a reference to an external name that kubedns or equivalent will return as a CNAME record, with no exposing or proxying of any pods involved.
+ - `"LoadBalancer"` means a service will be exposed via an external load balancer (if the cloud provider supports it), in addition to 'NodePort' type.
+ - `"NodePort"` means a service will be exposed on one port of every node, in addition to 'ClusterIP' type.
+
+|===
+=== .spec.ports
+Description::
++
+--
+The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ports[]
+Description::
++
+--
+ServicePort contains information on service's port.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `appProtocol`
+| `string`
+| The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+
+| `name`
+| `string`
+| The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+
+| `nodePort`
+| `integer`
+| The port on each node on which this service is exposed when type is NodePort or LoadBalancer.  Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail.  If not specified, a port will be allocated if this Service requires one.  If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+
+| `port`
+| `integer`
+| The port that will be exposed by this service.
+
+| `protocol`
+| `string`
+| The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+| `targetPort`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+
+|===
+=== .spec.sessionAffinityConfig
+Description::
++
+--
+SessionAffinityConfig represents the configurations of session affinity.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientIP`
+| `object`
+| ClientIPConfig represents the configurations of Client IP based session affinity.
+
+|===
+=== .spec.sessionAffinityConfig.clientIP
+Description::
++
+--
+ClientIPConfig represents the configurations of Client IP based session affinity.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `timeoutSeconds`
+| `integer`
+| timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+
+|===
+=== .status
+Description::
++
+--
+ServiceStatus represents the current status of a service.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Condition[`array (Condition)`]
+| Current service state
+
+| `loadBalancer`
+| `object`
+| LoadBalancerStatus represents the status of a load-balancer.
+
+|===
+=== .status.loadBalancer
+Description::
++
+--
+LoadBalancerStatus represents the status of a load-balancer.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ingress`
+| `array`
+| Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+
+| `ingress[]`
+| `object`
+| LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.
+
+|===
+=== .status.loadBalancer.ingress
+Description::
++
+--
+Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.loadBalancer.ingress[]
+Description::
++
+--
+LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostname`
+| `string`
+| Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)
+
+| `ip`
+| `string`
+| IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)
+
+| `ports`
+| `array`
+| Ports is a list of records of service ports If used, every port defined in the service should have an entry in it
+
+| `ports[]`
+| `object`
+|
+
+|===
+=== .status.loadBalancer.ingress[].ports
+Description::
++
+--
+Ports is a list of records of service ports If used, every port defined in the service should have an entry in it
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.loadBalancer.ingress[].ports[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+  - `protocol`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `error`
+| `string`
+| Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use
+  CamelCase names
+- cloud provider specific error values must have names that comply with the
+  format foo.example.com/CamelCase.
+
+| `port`
+| `integer`
+| Port is the port number of the service port of which status is recorded here
+
+| `protocol`
+| `string`
+| Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/services`
+- `GET`: list or watch objects of kind Service
+* `/api/v1/watch/services`
+- `GET`: watch individual changes to a list of Service. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/services`
+- `DELETE`: delete collection of Service
+- `GET`: list or watch objects of kind Service
+- `POST`: create a Service
+* `/api/v1/watch/namespaces/{namespace}/services`
+- `GET`: watch individual changes to a list of Service. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/services/{name}`
+- `DELETE`: delete a Service
+- `GET`: read the specified Service
+- `PATCH`: partially update the specified Service
+- `PUT`: replace the specified Service
+* `/api/v1/watch/namespaces/{namespace}/services/{name}`
+- `GET`: watch changes to an object of kind Service. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/api/v1/namespaces/{namespace}/services/{name}/status`
+- `GET`: read status of the specified Service
+- `PATCH`: partially update status of the specified Service
+- `PUT`: replace status of the specified Service
+
+
+=== /api/v1/services
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Service
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ServiceList[`ServiceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/services
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Service. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/services
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ServiceList[`ServiceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 201 - Created
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 202 - Accepted
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/services
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Service. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/services/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Service
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 202 - Accepted
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Service
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 201 - Created
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 201 - Created
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/services/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Service
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Service. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/services/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Service
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Service
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 201 - Created
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Service
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 201 - Created
+| xref:../core_apis/service-v1.adoc#service-v1[`Service`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/core_apis/serviceaccount-v1.adoc b/microshift_rest_api/core_apis/serviceaccount-v1.adoc
new file mode 100644
index 000000000000..1c5298871bbb
--- /dev/null
+++ b/microshift_rest_api/core_apis/serviceaccount-v1.adoc
@@ -0,0 +1,921 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="serviceaccount-v1"]
+= ServiceAccount [v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `automountServiceAccountToken`
+| `boolean`
+| AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.
+
+| `imagePullSecrets`
+| `array`
+| ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+
+| `imagePullSecrets[]`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `secrets`
+| `array`
+| Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret
+
+| `secrets[]`
+| `object`
+| ObjectReference contains enough information to let you inspect or modify the referred object.
+
+|===
+=== .imagePullSecrets
+Description::
++
+--
+ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+--
+
+Type::
+  `array`
+
+
+
+
+=== .imagePullSecrets[]
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+=== .secrets
+Description::
++
+--
+Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret
+--
+
+Type::
+  `array`
+
+
+
+
+=== .secrets[]
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/serviceaccounts`
+- `GET`: list or watch objects of kind ServiceAccount
+* `/api/v1/watch/serviceaccounts`
+- `GET`: watch individual changes to a list of ServiceAccount. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/serviceaccounts`
+- `DELETE`: delete collection of ServiceAccount
+- `GET`: list or watch objects of kind ServiceAccount
+- `POST`: create a ServiceAccount
+* `/api/v1/watch/namespaces/{namespace}/serviceaccounts`
+- `GET`: watch individual changes to a list of ServiceAccount. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/api/v1/namespaces/{namespace}/serviceaccounts/{name}`
+- `DELETE`: delete a ServiceAccount
+- `GET`: read the specified ServiceAccount
+- `PATCH`: partially update the specified ServiceAccount
+- `PUT`: replace the specified ServiceAccount
+* `/api/v1/watch/namespaces/{namespace}/serviceaccounts/{name}`
+- `GET`: watch changes to an object of kind ServiceAccount. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /api/v1/serviceaccounts
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ServiceAccount
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ServiceAccountList[`ServiceAccountList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/serviceaccounts
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ServiceAccount. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/serviceaccounts
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ServiceAccount
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ServiceAccount
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ServiceAccountList[`ServiceAccountList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ServiceAccount
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 201 - Created
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 202 - Accepted
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/serviceaccounts
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ServiceAccount. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/namespaces/{namespace}/serviceaccounts/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ServiceAccount
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ServiceAccount
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 202 - Accepted
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ServiceAccount
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ServiceAccount
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 201 - Created
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ServiceAccount
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 201 - Created
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`ServiceAccount`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /api/v1/watch/namespaces/{namespace}/serviceaccounts/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ServiceAccount
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ServiceAccount. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/discovery_apis/discovery-apis-index.adoc b/microshift_rest_api/discovery_apis/discovery-apis-index.adoc
new file mode 100644
index 000000000000..fe9a238042a9
--- /dev/null
+++ b/microshift_rest_api/discovery_apis/discovery-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="discovery-apis"]
+= Discovery APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== EndpointSlice [discovery.k8s.io/v1]
+
+Description::
++
+--
+EndpointSlice represents a subset of the endpoints that implement a service. For a given service there may be multiple EndpointSlice objects, selected by labels, which must be joined to produce the full set of endpoints.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/discovery_apis/endpointslice-discovery-k8s-io-v1.adoc b/microshift_rest_api/discovery_apis/endpointslice-discovery-k8s-io-v1.adoc
new file mode 100644
index 000000000000..ec07943bb1e8
--- /dev/null
+++ b/microshift_rest_api/discovery_apis/endpointslice-discovery-k8s-io-v1.adoc
@@ -0,0 +1,1052 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="endpointslice-discovery-k8s-io-v1"]
+= EndpointSlice [discovery.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+EndpointSlice represents a subset of the endpoints that implement a service. For a given service there may be multiple EndpointSlice objects, selected by labels, which must be joined to produce the full set of endpoints.
+--
+
+Type::
+  `object`
+
+Required::
+  - `addressType`
+  - `endpoints`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `addressType`
+| `string`
+| addressType specifies the type of address carried by this EndpointSlice. All addresses in this slice must be the same type. This field is immutable after creation. The following address types are currently supported: * IPv4: Represents an IPv4 Address. * IPv6: Represents an IPv6 Address. * FQDN: Represents a Fully Qualified Domain Name.
+
+Possible enum values:
+ - `"FQDN"` represents a FQDN.
+ - `"IPv4"` represents an IPv4 Address.
+ - `"IPv6"` represents an IPv6 Address.
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `endpoints`
+| `array`
+| endpoints is a list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints.
+
+| `endpoints[]`
+| `object`
+| Endpoint represents a single logical "backend" implementing a service.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata.
+
+| `ports`
+| `array`
+| ports specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates "all ports". Each slice may include a maximum of 100 ports.
+
+| `ports[]`
+| `object`
+| EndpointPort represents a Port used by an EndpointSlice
+
+|===
+=== .endpoints
+Description::
++
+--
+endpoints is a list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .endpoints[]
+Description::
++
+--
+Endpoint represents a single logical "backend" implementing a service.
+--
+
+Type::
+  `object`
+
+Required::
+  - `addresses`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `addresses`
+| `array (string)`
+| addresses of this endpoint. The contents of this field are interpreted according to the corresponding EndpointSlice addressType field. Consumers must handle different types of addresses in the context of their own capabilities. This must contain at least one address but no more than 100. These are all assumed to be fungible and clients may choose to only use the first element. Refer to: https://issue.k8s.io/106267
+
+| `conditions`
+| `object`
+| EndpointConditions represents the current condition of an endpoint.
+
+| `deprecatedTopology`
+| `object (string)`
+| deprecatedTopology contains topology information part of the v1beta1 API. This field is deprecated, and will be removed when the v1beta1 API is removed (no sooner than kubernetes v1.24).  While this field can hold values, it is not writable through the v1 API, and any attempts to write to it will be silently ignored. Topology information can be found in the zone and nodeName fields instead.
+
+| `hints`
+| `object`
+| EndpointHints provides hints describing how an endpoint should be consumed.
+
+| `hostname`
+| `string`
+| hostname of this endpoint. This field may be used by consumers of endpoints to distinguish endpoints from each other (e.g. in DNS names). Multiple endpoints which use the same hostname should be considered fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123) validation.
+
+| `nodeName`
+| `string`
+| nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node.
+
+| `targetRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
+| targetRef is a reference to a Kubernetes object that represents this endpoint.
+
+| `zone`
+| `string`
+| zone is the name of the Zone this endpoint exists in.
+
+|===
+=== .endpoints[].conditions
+Description::
++
+--
+EndpointConditions represents the current condition of an endpoint.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ready`
+| `boolean`
+| ready indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint. A nil value indicates an unknown state. In most cases consumers should interpret this unknown state as ready. For compatibility reasons, ready should never be "true" for terminating endpoints, except when the normal readiness behavior is being explicitly overridden, for example when the associated Service has set the publishNotReadyAddresses flag.
+
+| `serving`
+| `boolean`
+| serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition.
+
+| `terminating`
+| `boolean`
+| terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating.
+
+|===
+=== .endpoints[].hints
+Description::
++
+--
+EndpointHints provides hints describing how an endpoint should be consumed.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `forZones`
+| `array`
+| forZones indicates the zone(s) this endpoint should be consumed by to enable topology aware routing.
+
+| `forZones[]`
+| `object`
+| ForZone provides information about which zones should consume this endpoint.
+
+|===
+=== .endpoints[].hints.forZones
+Description::
++
+--
+forZones indicates the zone(s) this endpoint should be consumed by to enable topology aware routing.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .endpoints[].hints.forZones[]
+Description::
++
+--
+ForZone provides information about which zones should consume this endpoint.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name represents the name of the zone.
+
+|===
+=== .ports
+Description::
++
+--
+ports specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates "all ports". Each slice may include a maximum of 100 ports.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .ports[]
+Description::
++
+--
+EndpointPort represents a Port used by an EndpointSlice
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `appProtocol`
+| `string`
+| The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
+
+* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
+
+* Kubernetes-defined prefixed names:
+  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+
+* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
+
+| `name`
+| `string`
+| name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.
+
+| `port`
+| `integer`
+| port represents the port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.
+
+| `protocol`
+| `string`
+| protocol represents the IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/discovery.k8s.io/v1/endpointslices`
+- `GET`: list or watch objects of kind EndpointSlice
+* `/apis/discovery.k8s.io/v1/watch/endpointslices`
+- `GET`: watch individual changes to a list of EndpointSlice. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices`
+- `DELETE`: delete collection of EndpointSlice
+- `GET`: list or watch objects of kind EndpointSlice
+- `POST`: create an EndpointSlice
+* `/apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices`
+- `GET`: watch individual changes to a list of EndpointSlice. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices/{name}`
+- `DELETE`: delete an EndpointSlice
+- `GET`: read the specified EndpointSlice
+- `PATCH`: partially update the specified EndpointSlice
+- `PUT`: replace the specified EndpointSlice
+* `/apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices/{name}`
+- `GET`: watch changes to an object of kind EndpointSlice. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/discovery.k8s.io/v1/endpointslices
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind EndpointSlice
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.discovery.v1.EndpointSliceList[`EndpointSliceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/discovery.k8s.io/v1/watch/endpointslices
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of EndpointSlice. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of EndpointSlice
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind EndpointSlice
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.discovery.v1.EndpointSliceList[`EndpointSliceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an EndpointSlice
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 201 - Created
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 202 - Accepted
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of EndpointSlice. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the EndpointSlice
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an EndpointSlice
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified EndpointSlice
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified EndpointSlice
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 201 - Created
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified EndpointSlice
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 201 - Created
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`EndpointSlice`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the EndpointSlice
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind EndpointSlice. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/events_apis/event-events-k8s-io-v1.adoc b/microshift_rest_api/events_apis/event-events-k8s-io-v1.adoc
new file mode 100644
index 000000000000..c07b4d774ab9
--- /dev/null
+++ b/microshift_rest_api/events_apis/event-events-k8s-io-v1.adoc
@@ -0,0 +1,894 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="event-events-k8s-io-v1"]
+= Event [events.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. Events have a limited retention time and triggers and messages may evolve with time.  Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason.  Events should be treated as informative, best-effort, supplemental data.
+--
+
+Type::
+  `object`
+
+Required::
+  - `eventTime`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `string`
+| action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `deprecatedCount`
+| `integer`
+| deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.
+
+| `deprecatedFirstTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type.
+
+| `deprecatedLastTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type.
+
+| `deprecatedSource`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EventSource[`EventSource`]
+| deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type.
+
+| `eventTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime[`MicroTime`]
+| eventTime is the time when this Event was first observed. It is required.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `note`
+| `string`
+| note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
+
+| `reason`
+| `string`
+| reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters.
+
+| `regarding`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
+| regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
+
+| `related`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
+| related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
+
+| `reportingController`
+| `string`
+| reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
+
+| `reportingInstance`
+| `string`
+| reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
+
+| `series`
+| `object`
+| EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time. How often to update the EventSeries is up to the event reporters. The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows how this struct is updated on heartbeats and can guide customized reporter implementations.
+
+| `type`
+| `string`
+| type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.
+
+|===
+=== .series
+Description::
++
+--
+EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time. How often to update the EventSeries is up to the event reporters. The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows how this struct is updated on heartbeats and can guide customized reporter implementations.
+--
+
+Type::
+  `object`
+
+Required::
+  - `count`
+  - `lastObservedTime`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `count`
+| `integer`
+| count is the number of occurrences in this series up to the last heartbeat time.
+
+| `lastObservedTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime[`MicroTime`]
+| lastObservedTime is the time when last Event from the series was seen before last heartbeat.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/events.k8s.io/v1/events`
+- `GET`: list or watch objects of kind Event
+* `/apis/events.k8s.io/v1/watch/events`
+- `GET`: watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/events.k8s.io/v1/namespaces/{namespace}/events`
+- `DELETE`: delete collection of Event
+- `GET`: list or watch objects of kind Event
+- `POST`: create an Event
+* `/apis/events.k8s.io/v1/watch/namespaces/{namespace}/events`
+- `GET`: watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/events.k8s.io/v1/namespaces/{namespace}/events/{name}`
+- `DELETE`: delete an Event
+- `GET`: read the specified Event
+- `PATCH`: partially update the specified Event
+- `PUT`: replace the specified Event
+* `/apis/events.k8s.io/v1/watch/namespaces/{namespace}/events/{name}`
+- `GET`: watch changes to an object of kind Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/events.k8s.io/v1/events
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Event
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.events.v1.EventList[`EventList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/events.k8s.io/v1/watch/events
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/events.k8s.io/v1/namespaces/{namespace}/events
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.events.v1.EventList[`EventList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 201 - Created
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 202 - Accepted
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/events.k8s.io/v1/watch/namespaces/{namespace}/events
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/events.k8s.io/v1/namespaces/{namespace}/events/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Event
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Event
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 201 - Created
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Event
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 201 - Created
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`Event`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/events.k8s.io/v1/watch/namespaces/{namespace}/events/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Event
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Event. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/events_apis/events-apis-index.adoc b/microshift_rest_api/events_apis/events-apis-index.adoc
new file mode 100644
index 000000000000..52d63603410c
--- /dev/null
+++ b/microshift_rest_api/events_apis/events-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="events-apis"]
+= Events APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Event [events.k8s.io/v1]
+
+Description::
++
+--
+Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. Events have a limited retention time and triggers and messages may evolve with time.  Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason.  Events should be treated as informative, best-effort, supplemental data.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/flow_control_apis/flow-control-apis-index.adoc b/microshift_rest_api/flow_control_apis/flow-control-apis-index.adoc
new file mode 100644
index 000000000000..ff88c13d6b96
--- /dev/null
+++ b/microshift_rest_api/flow_control_apis/flow-control-apis-index.adoc
@@ -0,0 +1,31 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="flow-control-apis"]
+= Flow Control APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
+
+Description::
++
+--
+FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
+--
+
+Type::
+  `object`
+
+== PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta3]
+
+Description::
++
+--
+PriorityLevelConfiguration represents the configuration of a priority level.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc b/microshift_rest_api/flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc
new file mode 100644
index 000000000000..7d74decdedcb
--- /dev/null
+++ b/microshift_rest_api/flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc
@@ -0,0 +1,1211 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="flowschema-flowcontrol-apiserver-k8s-io-v1beta3"]
+= FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| FlowSchemaSpec describes how the FlowSchema's specification looks like.
+
+| `status`
+| `object`
+| FlowSchemaStatus represents the current state of a FlowSchema.
+
+|===
+=== .spec
+Description::
++
+--
+FlowSchemaSpec describes how the FlowSchema's specification looks like.
+--
+
+Type::
+  `object`
+
+Required::
+  - `priorityLevelConfiguration`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `distinguisherMethod`
+| `object`
+| FlowDistinguisherMethod specifies the method of a flow distinguisher.
+
+| `matchingPrecedence`
+| `integer`
+| `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence.  Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default.
+
+| `priorityLevelConfiguration`
+| `object`
+| PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
+
+| `rules`
+| `array`
+| `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
+
+| `rules[]`
+| `object`
+| PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
+
+|===
+=== .spec.distinguisherMethod
+Description::
++
+--
+FlowDistinguisherMethod specifies the method of a flow distinguisher.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `type`
+| `string`
+| `type` is the type of flow distinguisher method The supported types are "ByUser" and "ByNamespace". Required.
+
+|===
+=== .spec.priorityLevelConfiguration
+Description::
++
+--
+PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the name of the priority level configuration being referenced Required.
+
+|===
+=== .spec.rules
+Description::
++
+--
+`rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[]
+Description::
++
+--
+PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `subjects`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nonResourceRules`
+| `array`
+| `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
+
+| `nonResourceRules[]`
+| `object`
+| NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
+
+| `resourceRules`
+| `array`
+| `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty.
+
+| `resourceRules[]`
+| `object`
+| ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace.
+
+| `subjects`
+| `array`
+| subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
+
+| `subjects[]`
+| `object`
+| Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
+
+|===
+=== .spec.rules[].nonResourceRules
+Description::
++
+--
+`nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].nonResourceRules[]
+Description::
++
+--
+NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+  - `nonResourceURLs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nonResourceURLs`
+| `array (string)`
+| `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. For example:
+  - "/healthz" is legal
+  - "/hea*" is illegal
+  - "/hea" is legal but matches nothing
+  - "/hea/*" also matches nothing
+  - "/healthz/*" matches all per-component health checks.
+"*" matches all non-resource urls. if it is present, it must be the only entry. Required.
+
+| `verbs`
+| `array (string)`
+| `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required.
+
+|===
+=== .spec.rules[].resourceRules
+Description::
++
+--
+`resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].resourceRules[]
+Description::
++
+--
+ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+  - `apiGroups`
+  - `resources`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| `apiGroups` is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. Required.
+
+| `clusterScope`
+| `boolean`
+| `clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list.
+
+| `namespaces`
+| `array (string)`
+| `namespaces` is a list of target namespaces that restricts matches.  A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*".  Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true.
+
+| `resources`
+| `array (string)`
+| `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource.  For example, [ "services", "nodes/status" ].  This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required.
+
+| `verbs`
+| `array (string)`
+| `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required.
+
+|===
+=== .spec.rules[].subjects
+Description::
++
+--
+subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].subjects[]
+Description::
++
+--
+Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `object`
+| GroupSubject holds detailed information for group-kind subject.
+
+| `kind`
+| `string`
+| `kind` indicates which one of the other fields is non-empty. Required
+
+| `serviceAccount`
+| `object`
+| ServiceAccountSubject holds detailed information for service-account-kind subject.
+
+| `user`
+| `object`
+| UserSubject holds detailed information for user-kind subject.
+
+|===
+=== .spec.rules[].subjects[].group
+Description::
++
+--
+GroupSubject holds detailed information for group-kind subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.
+
+|===
+=== .spec.rules[].subjects[].serviceAccount
+Description::
++
+--
+ServiceAccountSubject holds detailed information for service-account-kind subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.
+
+| `namespace`
+| `string`
+| `namespace` is the namespace of matching ServiceAccount objects. Required.
+
+|===
+=== .spec.rules[].subjects[].user
+Description::
++
+--
+UserSubject holds detailed information for user-kind subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the username that matches, or "*" to match all usernames. Required.
+
+|===
+=== .status
+Description::
++
+--
+FlowSchemaStatus represents the current state of a FlowSchema.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| `conditions` is a list of the current states of FlowSchema.
+
+| `conditions[]`
+| `object`
+| FlowSchemaCondition describes conditions for a FlowSchema.
+
+|===
+=== .status.conditions
+Description::
++
+--
+`conditions` is a list of the current states of FlowSchema.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+FlowSchemaCondition describes conditions for a FlowSchema.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| `lastTransitionTime` is the last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| `message` is a human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| `reason` is a unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| `status` is the status of the condition. Can be True, False, Unknown. Required.
+
+| `type`
+| `string`
+| `type` is the type of the condition. Required.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas`
+- `DELETE`: delete collection of FlowSchema
+- `GET`: list or watch objects of kind FlowSchema
+- `POST`: create a FlowSchema
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas`
+- `GET`: watch individual changes to a list of FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}`
+- `DELETE`: delete a FlowSchema
+- `GET`: read the specified FlowSchema
+- `PATCH`: partially update the specified FlowSchema
+- `PUT`: replace the specified FlowSchema
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}`
+- `GET`: watch changes to an object of kind FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status`
+- `GET`: read status of the specified FlowSchema
+- `PATCH`: partially update status of the specified FlowSchema
+- `PUT`: replace status of the specified FlowSchema
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.flowcontrol.v1beta3.FlowSchemaList[`FlowSchemaList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 202 - Accepted
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the FlowSchema
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified FlowSchema
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the FlowSchema
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the FlowSchema
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified FlowSchema
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc b/microshift_rest_api/flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc
new file mode 100644
index 000000000000..bb1d30e9affe
--- /dev/null
+++ b/microshift_rest_api/flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc
@@ -0,0 +1,971 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3"]
+= PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta3]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PriorityLevelConfiguration represents the configuration of a priority level.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PriorityLevelConfigurationSpec specifies the configuration of a priority level.
+
+| `status`
+| `object`
+| PriorityLevelConfigurationStatus represents the current state of a "request-priority".
+
+|===
+=== .spec
+Description::
++
+--
+PriorityLevelConfigurationSpec specifies the configuration of a priority level.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `limited`
+| `object`
+| LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:
+  - How are requests for this priority level limited?
+  - What should be done with requests that exceed the limit?
+
+| `type`
+| `string`
+| `type` indicates whether this priority level is subject to limitation on request execution.  A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.
+
+|===
+=== .spec.limited
+Description::
++
+--
+LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:
+  - How are requests for this priority level limited?
+  - What should be done with requests that exceed the limit?
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `borrowingLimitPercent`
+| `integer`
+| `borrowingLimitPercent`, if present, configures a limit on how many seats this priority level can borrow from other priority levels. The limit is known as this level's BorrowingConcurrencyLimit (BorrowingCL) and is a limit on the total number of seats that this level may borrow at any one time. This field holds the ratio of that limit to the level's nominal concurrency limit. When this field is non-nil, it must hold a non-negative integer and the limit is calculated as follows.
+
+BorrowingCL(i) = round( NominalCL(i) * borrowingLimitPercent(i)/100.0 )
+
+The value of this field can be more than 100, implying that this priority level can borrow a number of seats that is greater than its own nominal concurrency limit (NominalCL). When this field is left `nil`, the limit is effectively infinite.
+
+| `lendablePercent`
+| `integer`
+| `lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels. The value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+
+LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+
+| `limitResponse`
+| `object`
+| LimitResponse defines how to handle requests that can not be executed right now.
+
+| `nominalConcurrencyShares`
+| `integer`
+| `nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:
+
+NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[limited priority level k] NCS(k)
+
+Bigger numbers mean a larger nominal concurrency limit, at the expense of every other Limited priority level. This field has a default value of 30.
+
+|===
+=== .spec.limited.limitResponse
+Description::
++
+--
+LimitResponse defines how to handle requests that can not be executed right now.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `queuing`
+| `object`
+| QueuingConfiguration holds the configuration parameters for queuing
+
+| `type`
+| `string`
+| `type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required.
+
+|===
+=== .spec.limited.limitResponse.queuing
+Description::
++
+--
+QueuingConfiguration holds the configuration parameters for queuing
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `handSize`
+| `integer`
+| `handSize` is a small positive number that configures the shuffle sharding of requests into queues.  When enqueuing a request at this priority level the request's flow identifier (a string pair) is hashed and the hash value is used to shuffle the list of queues and deal a hand of the size specified here.  The request is put into one of the shortest queues in that hand. `handSize` must be no larger than `queues`, and should be significantly smaller (so that a few heavy flows do not saturate most of the queues).  See the user-facing documentation for more extensive guidance on setting this field.  This field has a default value of 8.
+
+| `queueLengthLimit`
+| `integer`
+| `queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected.  This value must be positive.  If not specified, it will be defaulted to 50.
+
+| `queues`
+| `integer`
+| `queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive.  Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant.  This field has a default value of 64.
+
+|===
+=== .status
+Description::
++
+--
+PriorityLevelConfigurationStatus represents the current state of a "request-priority".
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| `conditions` is the current state of "request-priority".
+
+| `conditions[]`
+| `object`
+| PriorityLevelConfigurationCondition defines the condition of priority level.
+
+|===
+=== .status.conditions
+Description::
++
+--
+`conditions` is the current state of "request-priority".
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+PriorityLevelConfigurationCondition defines the condition of priority level.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| `lastTransitionTime` is the last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| `message` is a human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| `reason` is a unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| `status` is the status of the condition. Can be True, False, Unknown. Required.
+
+| `type`
+| `string`
+| `type` is the type of the condition. Required.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations`
+- `DELETE`: delete collection of PriorityLevelConfiguration
+- `GET`: list or watch objects of kind PriorityLevelConfiguration
+- `POST`: create a PriorityLevelConfiguration
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations`
+- `GET`: watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}`
+- `DELETE`: delete a PriorityLevelConfiguration
+- `GET`: read the specified PriorityLevelConfiguration
+- `PATCH`: partially update the specified PriorityLevelConfiguration
+- `PUT`: replace the specified PriorityLevelConfiguration
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations/{name}`
+- `GET`: watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}/status`
+- `GET`: read status of the specified PriorityLevelConfiguration
+- `PATCH`: partially update status of the specified PriorityLevelConfiguration
+- `PUT`: replace status of the specified PriorityLevelConfiguration
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationList[`PriorityLevelConfigurationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 202 - Accepted
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityLevelConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PriorityLevelConfiguration
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityLevelConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityLevelConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified PriorityLevelConfiguration
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rosa_support/images b/microshift_rest_api/images
similarity index 100%
rename from rosa_support/images
rename to microshift_rest_api/images
diff --git a/microshift_rest_api/index.adoc b/microshift_rest_api/index.adoc
new file mode 100644
index 000000000000..a7e1d7853285
--- /dev/null
+++ b/microshift_rest_api/index.adoc
@@ -0,0 +1,141 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="api-index"]
+= API index
+
+[cols="1,1",options="header"]
+|===
+^| API ^| API group
+| xref:./api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[APIService]
+| apiregistration.k8s.io/v1
+| xref:./core_apis/binding-v1.adoc#binding-v1[Binding]
+| v1
+| xref:./certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[CertificateSigningRequest]
+| certificates.k8s.io/v1
+| xref:./rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[ClusterRole]
+| rbac.authorization.k8s.io/v1
+| xref:./rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[ClusterRoleBinding]
+| rbac.authorization.k8s.io/v1
+| xref:./core_apis/componentstatus-v1.adoc#componentstatus-v1[ComponentStatus]
+| v1
+| xref:./core_apis/configmap-v1.adoc#configmap-v1[ConfigMap]
+| v1
+| xref:./apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[ControllerRevision]
+| apps/v1
+| xref:./batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[CronJob]
+| batch/v1
+| xref:./storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[CSIDriver]
+| storage.k8s.io/v1
+| xref:./storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[CSINode]
+| storage.k8s.io/v1
+| xref:./storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[CSIStorageCapacity]
+| storage.k8s.io/v1
+| xref:./api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[CustomResourceDefinition]
+| apiextensions.k8s.io/v1
+| xref:./apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[DaemonSet]
+| apps/v1
+| xref:./apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[Deployment]
+| apps/v1
+| xref:./core_apis/endpoints-v1.adoc#endpoints-v1[Endpoints]
+| v1
+| xref:./discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[EndpointSlice]
+| discovery.k8s.io/v1
+| xref:./core_apis/event-v1.adoc#event-v1[Event]
+| v1
+| xref:./events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[Event]
+| events.k8s.io/v1
+| xref:./policy_apis/eviction-policy-v1.adoc#eviction-policy-v1[Eviction]
+| policy/v1
+| xref:./flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[FlowSchema]
+| flowcontrol.apiserver.k8s.io/v1beta3
+| xref:./autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[HorizontalPodAutoscaler]
+| autoscaling/v2
+| xref:./networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[Ingress]
+| networking.k8s.io/v1
+| xref:./networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[IngressClass]
+| networking.k8s.io/v1
+| xref:./batch_apis/job-batch-v1.adoc#job-batch-v1[Job]
+| batch/v1
+| xref:./coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[Lease]
+| coordination.k8s.io/v1
+| xref:./core_apis/limitrange-v1.adoc#limitrange-v1[LimitRange]
+| v1
+| xref:./authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc#localsubjectaccessreview-authorization-k8s-io-v1[LocalSubjectAccessReview]
+| authorization.k8s.io/v1
+| xref:./topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[LogicalVolume]
+| topolvm.io/v1
+| xref:./webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[MutatingWebhookConfiguration]
+| admissionregistration.k8s.io/v1
+| xref:./core_apis/namespace-v1.adoc#namespace-v1[Namespace]
+| v1
+| xref:./networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[NetworkPolicy]
+| networking.k8s.io/v1
+| xref:./core_apis/node-v1.adoc#node-v1[Node]
+| v1
+| xref:./core_apis/persistentvolume-v1.adoc#persistentvolume-v1[PersistentVolume]
+| v1
+| xref:./core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[PersistentVolumeClaim]
+| v1
+| xref:./core_apis/pod-v1.adoc#pod-v1[Pod]
+| v1
+| xref:./policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[PodDisruptionBudget]
+| policy/v1
+| xref:./core_apis/podtemplate-v1.adoc#podtemplate-v1[PodTemplate]
+| v1
+| xref:./scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[PriorityClass]
+| scheduling.k8s.io/v1
+| xref:./flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[PriorityLevelConfiguration]
+| flowcontrol.apiserver.k8s.io/v1beta3
+| xref:./security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[RangeAllocation]
+| security.internal.openshift.io/v1
+| xref:./apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[ReplicaSet]
+| apps/v1
+| xref:./core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[ReplicationController]
+| v1
+| xref:./core_apis/resourcequota-v1.adoc#resourcequota-v1[ResourceQuota]
+| v1
+| xref:./rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[Role]
+| rbac.authorization.k8s.io/v1
+| xref:./rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[RoleBinding]
+| rbac.authorization.k8s.io/v1
+| xref:./network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[Route]
+| route.openshift.io/v1
+| xref:./node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[RuntimeClass]
+| node.k8s.io/v1
+| xref:./autoscaling_apis/scale-autoscaling-v1.adoc#scale-autoscaling-v1[Scale]
+| autoscaling/v1
+| xref:./core_apis/secret-v1.adoc#secret-v1[Secret]
+| v1
+| xref:./security_apis/securitycontextconstraints-security-openshift-io-v1.adoc#securitycontextconstraints-security-openshift-io-v1[SecurityContextConstraints]
+| security.openshift.io/v1
+| xref:./authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc#selfsubjectaccessreview-authorization-k8s-io-v1[SelfSubjectAccessReview]
+| authorization.k8s.io/v1
+| xref:./authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc#selfsubjectrulesreview-authorization-k8s-io-v1[SelfSubjectRulesReview]
+| authorization.k8s.io/v1
+| xref:./core_apis/service-v1.adoc#service-v1[Service]
+| v1
+| xref:./core_apis/serviceaccount-v1.adoc#serviceaccount-v1[ServiceAccount]
+| v1
+| xref:./apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[StatefulSet]
+| apps/v1
+| xref:./storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[StorageClass]
+| storage.k8s.io/v1
+| xref:./storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[StorageVersionMigration]
+| migration.k8s.io/v1alpha1
+| xref:./authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc#subjectaccessreview-authorization-k8s-io-v1[SubjectAccessReview]
+| authorization.k8s.io/v1
+| xref:./authentication_apis/tokenrequest-authentication-k8s-io-v1.adoc#tokenrequest-authentication-k8s-io-v1[TokenRequest]
+| authentication.k8s.io/v1
+| xref:./authentication_apis/tokenreview-authentication-k8s-io-v1.adoc#tokenreview-authentication-k8s-io-v1[TokenReview]
+| authentication.k8s.io/v1
+| xref:./webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[ValidatingWebhookConfiguration]
+| admissionregistration.k8s.io/v1
+| xref:./storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[VolumeAttachment]
+| storage.k8s.io/v1
+| xref:./snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[VolumeSnapshot]
+| snapshot.storage.k8s.io/v1
+| xref:./snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[VolumeSnapshotClass]
+| snapshot.storage.k8s.io/v1
+| xref:./snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[VolumeSnapshotContent]
+| snapshot.storage.k8s.io/v1
+|===
diff --git a/microshift_rest_api/network_apis/network-apis-index.adoc b/microshift_rest_api/network_apis/network-apis-index.adoc
new file mode 100644
index 000000000000..ba287b9dd28b
--- /dev/null
+++ b/microshift_rest_api/network_apis/network-apis-index.adoc
@@ -0,0 +1,25 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="network-apis"]
+= Network APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Route [route.openshift.io/v1]
+
+Description::
++
+--
+A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.
+ Once a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.
+ Routers are subject to additional customization and may support additional controls via the annotations field.
+ Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.
+ To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/network_apis/route-route-openshift-io-v1.adoc b/microshift_rest_api/network_apis/route-route-openshift-io-v1.adoc
index a3165a17636c..d50b9df5715b 100644
--- a/microshift_rest_api/network_apis/route-route-openshift-io-v1.adoc
+++ b/microshift_rest_api/network_apis/route-route-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="route-route-openshift-io-v1"]
 = Route [route.openshift.io/v1]
 :toc: macro
@@ -12,16 +12,11 @@ Description::
 +
 --
 A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.
-
-Once a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.
-
-Routers are subject to additional customization and may support additional controls via the annotations field.
-
-Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.
-
-To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.
-
-Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ Once a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.
+ Routers are subject to additional customization and may support additional controls via the annotations field.
+ Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.
+ To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -46,27 +41,23 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| `ObjectMeta_v2`
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
-| RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.
-
-The `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.
+| spec is the desired state of the route
 
 | `status`
 | `object`
-| RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.
+| status is the current state of the route
 
 |===
 === .spec
 Description::
 +
 --
-RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.
-
-The `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.
+spec is the desired state of the route
 --
 
 Type::
@@ -99,21 +90,20 @@ Required::
 
 | `port`
 | `object`
-| RoutePort defines a port mapping from a router to an endpoint in the service endpoints.
+| If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.
 
 | `subdomain`
 | `string`
 | subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.
-
-Example: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.
+ Example: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.
 
 | `tls`
 | `object`
-| TLSConfig defines config used to secure a route and provide termination
+| The tls field provides the ability to configure certificates and termination for the route.
 
 | `to`
 | `object`
-| RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.
+| to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.
 
 | `wildcardPolicy`
 | `string`
@@ -170,7 +160,7 @@ Required::
 Description::
 +
 --
-RoutePort defines a port mapping from a router to an endpoint in the service endpoints.
+If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.
 --
 
 Type::
@@ -186,15 +176,15 @@ Required::
 | Property | Type | Description
 
 | `targetPort`
-| `IntOrString`
-| The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required
+| `integer-or-string`
+|
 
 |===
 === .spec.tls
 Description::
 +
 --
-TLSConfig defines config used to secure a route and provide termination
+The tls field provides the ability to configure certificates and termination for the route.
 --
 
 Type::
@@ -224,8 +214,7 @@ Required::
 | `insecureEdgeTerminationPolicy`
 | `string`
 | insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.
-
-* Allow - traffic is sent to the server on the insecure port (default) * Disable - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.
+ * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). * None - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.
 
 | `key`
 | `string`
@@ -234,15 +223,14 @@ Required::
 | `termination`
 | `string`
 | termination indicates termination type.
-
-* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend
+ * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend
 
 |===
 === .spec.to
 Description::
 +
 --
-RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.
+to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.
 --
 
 Type::
@@ -275,7 +263,7 @@ Required::
 Description::
 +
 --
-RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.
+status is the current state of the route
 --
 
 Type::
@@ -376,8 +364,8 @@ Type::
   `object`
 
 Required::
-  - `type`
   - `status`
+  - `type`
 
 
 
@@ -386,7 +374,7 @@ Required::
 | Property | Type | Description
 
 | `lastTransitionTime`
-| `Time`
+| `string`
 | RFC 3339 date and time when this condition last transitioned
 
 | `message`
@@ -412,22 +400,16 @@ Required::
 The following API endpoints are available:
 
 * `/apis/route.openshift.io/v1/routes`
-- `GET`: list or watch objects of kind Route
-* `/apis/route.openshift.io/v1/watch/routes`
-- `GET`: watch individual changes to a list of Route. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+- `GET`: list objects of kind Route
 * `/apis/route.openshift.io/v1/namespaces/{namespace}/routes`
 - `DELETE`: delete collection of Route
-- `GET`: list or watch objects of kind Route
+- `GET`: list objects of kind Route
 - `POST`: create a Route
-* `/apis/route.openshift.io/v1/watch/namespaces/{namespace}/routes`
-- `GET`: watch individual changes to a list of Route. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
 * `/apis/route.openshift.io/v1/namespaces/{namespace}/routes/{name}`
 - `DELETE`: delete a Route
 - `GET`: read the specified Route
 - `PATCH`: partially update the specified Route
 - `PUT`: replace the specified Route
-* `/apis/route.openshift.io/v1/watch/namespaces/{namespace}/routes/{name}`
-- `GET`: watch changes to an object of kind Route. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
 * `/apis/route.openshift.io/v1/namespaces/{namespace}/routes/{name}/status`
 - `GET`: read status of the specified Route
 - `PATCH`: partially update status of the specified Route
@@ -473,71 +455,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
+| `sendInitialEvents`
 | `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
-
-HTTP method::
-  `GET`
-
-Description::
-  list or watch objects of kind Route
-
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| `RouteList` schema
-| 401 - Unauthorized
-| Empty
-|===
-
-
-=== /apis/route.openshift.io/v1/watch/routes
-
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -550,7 +482,7 @@ HTTP method::
   `GET`
 
 Description::
-  watch individual changes to a list of Route. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+  list objects of kind Route
 
 
 .HTTP responses
@@ -558,7 +490,7 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `WatchEvent` schema
+| xref:../objects/index.adoc#io.openshift.route.v1.RouteList[`RouteList`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -595,20 +527,17 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
 | The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `dryRun`
-| `string`
-| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
 | `fieldSelector`
 | `string`
 | A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `labelSelector`
 | `string`
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
@@ -617,12 +546,6 @@ This field is not supported when watch is true. Clients may start a watch from t
 | limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -633,26 +556,36 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| `DeleteOptions` schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `Status` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -661,7 +594,7 @@ HTTP method::
   `GET`
 
 Description::
-  list or watch objects of kind Route
+  list objects of kind Route
 
 
 .Query parameters
@@ -697,6 +630,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -711,7 +659,7 @@ Defaults to unset
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `RouteList` schema
+| xref:../objects/index.adoc#io.openshift.route.v1.RouteList[`RouteList`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -733,6 +681,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -741,7 +692,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
-| 
+|
 |===
 
 .HTTP responses
@@ -759,79 +710,6 @@ Description::
 |===
 
 
-=== /apis/route.openshift.io/v1/watch/namespaces/{namespace}/routes
-
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
-
-HTTP method::
-  `GET`
-
-Description::
-  watch individual changes to a list of Route. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
-
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| `WatchEvent` schema
-| 401 - Unauthorized
-| Empty
-|===
-
-
 === /apis/route.openshift.io/v1/namespaces/{namespace}/routes/{name}
 
 .Global path parameters
@@ -885,8 +763,8 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| `DeleteOptions` schema
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
 |===
 
 .HTTP responses
@@ -894,9 +772,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `Status` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
 | 202 - Accepted
-| `Status` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -908,6 +786,18 @@ Description::
   read the specified Route
 
 
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
 .HTTP responses
 [cols="1,1",options="header"]
 |===
@@ -935,6 +825,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
 | Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
@@ -945,8 +838,8 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| `Patch` schema
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
 |===
 
 .HTTP responses
@@ -955,8 +848,6 @@ Description::
 | HTTP code | Reponse body
 | 200 - OK
 | xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
-| 201 - Created
-| xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -978,6 +869,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -986,7 +880,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
-| 
+|
 |===
 
 .HTTP responses
@@ -1002,7 +896,7 @@ Description::
 |===
 
 
-=== /apis/route.openshift.io/v1/watch/namespaces/{namespace}/routes/{name}
+=== /apis/route.openshift.io/v1/namespaces/{namespace}/routes/{name}/status
 
 .Global path parameters
 [cols="1,1,2",options="header"]
@@ -1020,93 +914,29 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
 | If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
 |===
 
 HTTP method::
   `GET`
 
 Description::
-  watch changes to an object of kind Route. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
-
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| `WatchEvent` schema
-| 401 - Unauthorized
-| Empty
-|===
-
+  read status of the specified Route
 
-=== /apis/route.openshift.io/v1/namespaces/{namespace}/routes/{name}/status
 
-.Global path parameters
+.Query parameters
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `name`
-| `string`
-| name of the Route
-| `namespace`
+| `resourceVersion`
 | `string`
-| object name and auth scope, such as for teams and projects
-|===
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+Defaults to unset
 |===
 
-HTTP method::
-  `GET`
-
-Description::
-  read status of the specified Route
-
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1135,6 +965,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
 | Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
@@ -1145,8 +978,8 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| `Patch` schema
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
 |===
 
 .HTTP responses
@@ -1155,8 +988,6 @@ Description::
 | HTTP code | Reponse body
 | 200 - OK
 | xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
-| 201 - Created
-| xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -1178,6 +1009,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1186,7 +1020,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`Route`] schema
-| 
+|
 |===
 
 .HTTP responses
diff --git a/microshift_rest_api/networking_apis/ingress-networking-k8s-io-v1.adoc b/microshift_rest_api/networking_apis/ingress-networking-k8s-io-v1.adoc
new file mode 100644
index 000000000000..3e2663bba156
--- /dev/null
+++ b/microshift_rest_api/networking_apis/ingress-networking-k8s-io-v1.adoc
@@ -0,0 +1,1474 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="ingress-networking-k8s-io-v1"]
+= Ingress [networking.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| IngressSpec describes the Ingress the user wishes to exist.
+
+| `status`
+| `object`
+| IngressStatus describe the current state of the Ingress.
+
+|===
+=== .spec
+Description::
++
+--
+IngressSpec describes the Ingress the user wishes to exist.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultBackend`
+| `object`
+| IngressBackend describes all endpoints for a given service and port.
+
+| `ingressClassName`
+| `string`
+| ingressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present.
+
+| `rules`
+| `array`
+| rules is a list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
+
+| `rules[]`
+| `object`
+| IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
+
+| `tls`
+| `array`
+| tls represents the TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
+
+| `tls[]`
+| `object`
+| IngressTLS describes the transport layer security associated with an ingress.
+
+|===
+=== .spec.defaultBackend
+Description::
++
+--
+IngressBackend describes all endpoints for a given service and port.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resource`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TypedLocalObjectReference[`TypedLocalObjectReference`]
+| resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
+
+| `service`
+| `object`
+| IngressServiceBackend references a Kubernetes Service as a Backend.
+
+|===
+=== .spec.defaultBackend.service
+Description::
++
+--
+IngressServiceBackend references a Kubernetes Service as a Backend.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the referenced service. The service must exist in the same namespace as the Ingress object.
+
+| `port`
+| `object`
+| ServiceBackendPort is the service port being referenced.
+
+|===
+=== .spec.defaultBackend.service.port
+Description::
++
+--
+ServiceBackendPort is the service port being referenced.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the port on the Service. This is a mutually exclusive setting with "Number".
+
+| `number`
+| `integer`
+| number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name".
+
+|===
+=== .spec.rules
+Description::
++
+--
+rules is a list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[]
+Description::
++
+--
+IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
+   the IP in the Spec of the parent Ingress.
+2. The `:` delimiter is not respected because ports are not allowed.
+	  Currently the port of an Ingress is implicitly :80 for http and
+	  :443 for https.
+Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.
+
+host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If host is precise, the request matches this rule if the http host header is equal to Host. 2. If host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule.
+
+| `http`
+| `object`
+| HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.
+
+|===
+=== .spec.rules[].http
+Description::
++
+--
+HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.
+--
+
+Type::
+  `object`
+
+Required::
+  - `paths`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `paths`
+| `array`
+| paths is a collection of paths that map requests to backends.
+
+| `paths[]`
+| `object`
+| HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend.
+
+|===
+=== .spec.rules[].http.paths
+Description::
++
+--
+paths is a collection of paths that map requests to backends.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].http.paths[]
+Description::
++
+--
+HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pathType`
+  - `backend`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `backend`
+| `object`
+| IngressBackend describes all endpoints for a given service and port.
+
+| `path`
+| `string`
+| path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
+
+| `pathType`
+| `string`
+| pathType determines the interpretation of the path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
+  done on a path element by element basis. A path element refers is the
+  list of labels in the path split by the '/' separator. A request is a
+  match for path p if every p is an element-wise prefix of p of the
+  request path. Note that if the last element of the path is a substring
+  of the last element in request path, it is not a match (e.g. /foo/bar
+  matches /foo/bar/baz, but does not match /foo/barbaz).
+* ImplementationSpecific: Interpretation of the Path matching is up to
+  the IngressClass. Implementations can treat this as a separate PathType
+  or treat it identically to Prefix or Exact path types.
+Implementations are required to support all path types.
+
+Possible enum values:
+ - `"Exact"` matches the URL path exactly and with case sensitivity.
+ - `"ImplementationSpecific"` matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types.
+ - `"Prefix"` matches based on a URL path prefix split by '/'. Matching is case sensitive and done on a path element by element basis. A path element refers to the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). If multiple matching paths exist in an Ingress spec, the longest matching path is given priority. Examples: - /foo/bar does not match requests to /foo/barbaz - /foo/bar matches request to /foo/bar and /foo/bar/baz - /foo and /foo/ both match requests to /foo and /foo/. If both paths are present in an Ingress spec, the longest matching path (/foo/) is given priority.
+
+|===
+=== .spec.rules[].http.paths[].backend
+Description::
++
+--
+IngressBackend describes all endpoints for a given service and port.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resource`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TypedLocalObjectReference[`TypedLocalObjectReference`]
+| resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
+
+| `service`
+| `object`
+| IngressServiceBackend references a Kubernetes Service as a Backend.
+
+|===
+=== .spec.rules[].http.paths[].backend.service
+Description::
++
+--
+IngressServiceBackend references a Kubernetes Service as a Backend.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the referenced service. The service must exist in the same namespace as the Ingress object.
+
+| `port`
+| `object`
+| ServiceBackendPort is the service port being referenced.
+
+|===
+=== .spec.rules[].http.paths[].backend.service.port
+Description::
++
+--
+ServiceBackendPort is the service port being referenced.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the port on the Service. This is a mutually exclusive setting with "Number".
+
+| `number`
+| `integer`
+| number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name".
+
+|===
+=== .spec.tls
+Description::
++
+--
+tls represents the TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.tls[]
+Description::
++
+--
+IngressTLS describes the transport layer security associated with an ingress.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hosts`
+| `array (string)`
+| hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+
+| `secretName`
+| `string`
+| secretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the "Host" header is used for routing.
+
+|===
+=== .status
+Description::
++
+--
+IngressStatus describe the current state of the Ingress.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `loadBalancer`
+| `object`
+| IngressLoadBalancerStatus represents the status of a load-balancer.
+
+|===
+=== .status.loadBalancer
+Description::
++
+--
+IngressLoadBalancerStatus represents the status of a load-balancer.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ingress`
+| `array`
+| ingress is a list containing ingress points for the load-balancer.
+
+| `ingress[]`
+| `object`
+| IngressLoadBalancerIngress represents the status of a load-balancer ingress point.
+
+|===
+=== .status.loadBalancer.ingress
+Description::
++
+--
+ingress is a list containing ingress points for the load-balancer.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.loadBalancer.ingress[]
+Description::
++
+--
+IngressLoadBalancerIngress represents the status of a load-balancer ingress point.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostname`
+| `string`
+| hostname is set for load-balancer ingress points that are DNS based.
+
+| `ip`
+| `string`
+| ip is set for load-balancer ingress points that are IP based.
+
+| `ports`
+| `array`
+| ports provides information about the ports exposed by this LoadBalancer.
+
+| `ports[]`
+| `object`
+| IngressPortStatus represents the error condition of a service port
+
+|===
+=== .status.loadBalancer.ingress[].ports
+Description::
++
+--
+ports provides information about the ports exposed by this LoadBalancer.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.loadBalancer.ingress[].ports[]
+Description::
++
+--
+IngressPortStatus represents the error condition of a service port
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+  - `protocol`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `error`
+| `string`
+| error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use
+  CamelCase names
+- cloud provider specific error values must have names that comply with the
+  format foo.example.com/CamelCase.
+
+| `port`
+| `integer`
+| port is the port number of the ingress port.
+
+| `protocol`
+| `string`
+| protocol is the protocol of the ingress port. The supported values are: "TCP", "UDP", "SCTP"
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/networking.k8s.io/v1/ingresses`
+- `GET`: list or watch objects of kind Ingress
+* `/apis/networking.k8s.io/v1/watch/ingresses`
+- `GET`: watch individual changes to a list of Ingress. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses`
+- `DELETE`: delete collection of Ingress
+- `GET`: list or watch objects of kind Ingress
+- `POST`: create an Ingress
+* `/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses`
+- `GET`: watch individual changes to a list of Ingress. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}`
+- `DELETE`: delete an Ingress
+- `GET`: read the specified Ingress
+- `PATCH`: partially update the specified Ingress
+- `PUT`: replace the specified Ingress
+* `/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses/{name}`
+- `GET`: watch changes to an object of kind Ingress. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}/status`
+- `GET`: read status of the specified Ingress
+- `PATCH`: partially update status of the specified Ingress
+- `PUT`: replace status of the specified Ingress
+
+
+=== /apis/networking.k8s.io/v1/ingresses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Ingress
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.networking.v1.IngressList[`IngressList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/ingresses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Ingress. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.networking.v1.IngressList[`IngressList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 201 - Created
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 202 - Accepted
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Ingress. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Ingress
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Ingress
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 201 - Created
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 201 - Created
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Ingress
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Ingress. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Ingress
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified Ingress
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 201 - Created
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Ingress
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 201 - Created
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`Ingress`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/networking_apis/ingressclass-networking-k8s-io-v1.adoc b/microshift_rest_api/networking_apis/ingressclass-networking-k8s-io-v1.adoc
new file mode 100644
index 000000000000..3d84037c365c
--- /dev/null
+++ b/microshift_rest_api/networking_apis/ingressclass-networking-k8s-io-v1.adoc
@@ -0,0 +1,692 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="ingressclass-networking-k8s-io-v1"]
+= IngressClass [networking.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| IngressClassSpec provides information about the class of an Ingress.
+
+|===
+=== .spec
+Description::
++
+--
+IngressClassSpec provides information about the class of an Ingress.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `controller`
+| `string`
+| controller refers to the name of the controller that should handle this class. This allows for different "flavors" that are controlled by the same controller. For example, you may have different parameters for the same implementing controller. This should be specified as a domain-prefixed path no more than 250 characters in length, e.g. "acme.io/ingress-controller". This field is immutable.
+
+| `parameters`
+| `object`
+| IngressClassParametersReference identifies an API object. This can be used to specify a cluster or namespace-scoped resource.
+
+|===
+=== .spec.parameters
+Description::
++
+--
+IngressClassParametersReference identifies an API object. This can be used to specify a cluster or namespace-scoped resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| apiGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| kind is the type of resource being referenced.
+
+| `name`
+| `string`
+| name is the name of resource being referenced.
+
+| `namespace`
+| `string`
+| namespace is the namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".
+
+| `scope`
+| `string`
+| scope represents if this refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace".
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/networking.k8s.io/v1/ingressclasses`
+- `DELETE`: delete collection of IngressClass
+- `GET`: list or watch objects of kind IngressClass
+- `POST`: create an IngressClass
+* `/apis/networking.k8s.io/v1/watch/ingressclasses`
+- `GET`: watch individual changes to a list of IngressClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/networking.k8s.io/v1/ingressclasses/{name}`
+- `DELETE`: delete an IngressClass
+- `GET`: read the specified IngressClass
+- `PATCH`: partially update the specified IngressClass
+- `PUT`: replace the specified IngressClass
+* `/apis/networking.k8s.io/v1/watch/ingressclasses/{name}`
+- `GET`: watch changes to an object of kind IngressClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/networking.k8s.io/v1/ingressclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of IngressClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind IngressClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.networking.v1.IngressClassList[`IngressClassList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an IngressClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 201 - Created
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 202 - Accepted
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/ingressclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of IngressClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/ingressclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the IngressClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an IngressClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified IngressClass
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified IngressClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 201 - Created
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified IngressClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 201 - Created
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`IngressClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/ingressclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the IngressClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind IngressClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/networking_apis/networking-apis-index.adoc b/microshift_rest_api/networking_apis/networking-apis-index.adoc
new file mode 100644
index 000000000000..a3ae667cb7f1
--- /dev/null
+++ b/microshift_rest_api/networking_apis/networking-apis-index.adoc
@@ -0,0 +1,42 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="networking-apis"]
+= Networking APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Ingress [networking.k8s.io/v1]
+
+Description::
++
+--
+Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.
+--
+
+Type::
+  `object`
+
+== IngressClass [networking.k8s.io/v1]
+
+Description::
++
+--
+IngressClass represents the class of the Ingress, referenced by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be used to indicate that an IngressClass should be considered default. When a single IngressClass resource has this annotation set to true, new Ingress resources without a class specified will be assigned this default class.
+--
+
+Type::
+  `object`
+
+== NetworkPolicy [networking.k8s.io/v1]
+
+Description::
++
+--
+NetworkPolicy describes what network traffic is allowed for a set of Pods
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/networking_apis/networkpolicy-networking-k8s-io-v1.adoc b/microshift_rest_api/networking_apis/networkpolicy-networking-k8s-io-v1.adoc
new file mode 100644
index 000000000000..d6372bd8e7b0
--- /dev/null
+++ b/microshift_rest_api/networking_apis/networkpolicy-networking-k8s-io-v1.adoc
@@ -0,0 +1,1355 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="networkpolicy-networking-k8s-io-v1"]
+= NetworkPolicy [networking.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+NetworkPolicy describes what network traffic is allowed for a set of Pods
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| NetworkPolicySpec provides the specification of a NetworkPolicy
+
+| `status`
+| `object`
+| NetworkPolicyStatus describes the current state of the NetworkPolicy.
+
+|===
+=== .spec
+Description::
++
+--
+NetworkPolicySpec provides the specification of a NetworkPolicy
+--
+
+Type::
+  `object`
+
+Required::
+  - `podSelector`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `egress`
+| `array`
+| egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
+
+| `egress[]`
+| `object`
+| NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
+
+| `ingress`
+| `array`
+| ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
+
+| `ingress[]`
+| `object`
+| NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
+
+| `podSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.
+
+| `policyTypes`
+| `array (string)`
+| policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8
+
+|===
+=== .spec.egress
+Description::
++
+--
+egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.egress[]
+Description::
++
+--
+NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ports`
+| `array`
+| ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+| `ports[]`
+| `object`
+| NetworkPolicyPort describes a port to allow traffic on
+
+| `to`
+| `array`
+| to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+
+| `to[]`
+| `object`
+| NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed
+
+|===
+=== .spec.egress[].ports
+Description::
++
+--
+ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.egress[].ports[]
+Description::
++
+--
+NetworkPolicyPort describes a port to allow traffic on
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endPort`
+| `integer`
+| endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
+
+| `protocol`
+| `string`
+| protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .spec.egress[].to
+Description::
++
+--
+to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.egress[].to[]
+Description::
++
+--
+NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ipBlock`
+| `object`
+| IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.
+
+If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.
+
+| `podSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods.
+
+If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.
+
+|===
+=== .spec.egress[].to[].ipBlock
+Description::
++
+--
+IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.
+--
+
+Type::
+  `object`
+
+Required::
+  - `cidr`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cidr`
+| `string`
+| cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"
+
+| `except`
+| `array (string)`
+| except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range
+
+|===
+=== .spec.ingress
+Description::
++
+--
+ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ingress[]
+Description::
++
+--
+NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `from`
+| `array`
+| from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
+
+| `from[]`
+| `object`
+| NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed
+
+| `ports`
+| `array`
+| ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+| `ports[]`
+| `object`
+| NetworkPolicyPort describes a port to allow traffic on
+
+|===
+=== .spec.ingress[].from
+Description::
++
+--
+from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ingress[].from[]
+Description::
++
+--
+NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ipBlock`
+| `object`
+| IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.
+
+If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.
+
+| `podSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods.
+
+If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.
+
+|===
+=== .spec.ingress[].from[].ipBlock
+Description::
++
+--
+IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.
+--
+
+Type::
+  `object`
+
+Required::
+  - `cidr`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cidr`
+| `string`
+| cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"
+
+| `except`
+| `array (string)`
+| except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range
+
+|===
+=== .spec.ingress[].ports
+Description::
++
+--
+ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ingress[].ports[]
+Description::
++
+--
+NetworkPolicyPort describes a port to allow traffic on
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endPort`
+| `integer`
+| endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
+
+| `protocol`
+| `string`
+| protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+=== .status
+Description::
++
+--
+NetworkPolicyStatus describes the current state of the NetworkPolicy.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Condition[`array (Condition)`]
+| conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/networking.k8s.io/v1/networkpolicies`
+- `GET`: list or watch objects of kind NetworkPolicy
+* `/apis/networking.k8s.io/v1/watch/networkpolicies`
+- `GET`: watch individual changes to a list of NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies`
+- `DELETE`: delete collection of NetworkPolicy
+- `GET`: list or watch objects of kind NetworkPolicy
+- `POST`: create a NetworkPolicy
+* `/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies`
+- `GET`: watch individual changes to a list of NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}`
+- `DELETE`: delete a NetworkPolicy
+- `GET`: read the specified NetworkPolicy
+- `PATCH`: partially update the specified NetworkPolicy
+- `PUT`: replace the specified NetworkPolicy
+* `/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies/{name}`
+- `GET`: watch changes to an object of kind NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status`
+- `GET`: read status of the specified NetworkPolicy
+- `PATCH`: partially update status of the specified NetworkPolicy
+- `PUT`: replace status of the specified NetworkPolicy
+
+
+=== /apis/networking.k8s.io/v1/networkpolicies
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind NetworkPolicy
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.networking.v1.NetworkPolicyList[`NetworkPolicyList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/networkpolicies
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.networking.v1.NetworkPolicyList[`NetworkPolicyList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 201 - Created
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 202 - Accepted
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the NetworkPolicy
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified NetworkPolicy
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 201 - Created
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 201 - Created
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the NetworkPolicy
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the NetworkPolicy
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified NetworkPolicy
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 201 - Created
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified NetworkPolicy
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 201 - Created
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/node_apis/node-apis-index.adoc b/microshift_rest_api/node_apis/node-apis-index.adoc
new file mode 100644
index 000000000000..1d5852b184e8
--- /dev/null
+++ b/microshift_rest_api/node_apis/node-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="node-apis"]
+= Node APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== RuntimeClass [node.k8s.io/v1]
+
+Description::
++
+--
+RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod.  For more details, see https://kubernetes.io/docs/concepts/containers/runtime-class/
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc b/microshift_rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc
new file mode 100644
index 000000000000..71a55fdcb7f6
--- /dev/null
+++ b/microshift_rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc
@@ -0,0 +1,683 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="runtimeclass-node-k8s-io-v1"]
+= RuntimeClass [node.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+RuntimeClass defines a class of container runtime supported in the cluster. The RuntimeClass is used to determine which container runtime is used to run all containers in a pod. RuntimeClasses are manually defined by a user or cluster provisioner, and referenced in the PodSpec. The Kubelet is responsible for resolving the RuntimeClassName reference before running the pod.  For more details, see https://kubernetes.io/docs/concepts/containers/runtime-class/
+--
+
+Type::
+  `object`
+
+Required::
+  - `handler`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `handler`
+| `string`
+| handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration.  It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `overhead`
+| `object`
+| Overhead structure represents the resource overhead associated with running a pod.
+
+| `scheduling`
+| `object`
+| Scheduling specifies the scheduling constraints for nodes supporting a RuntimeClass.
+
+|===
+=== .overhead
+Description::
++
+--
+Overhead structure represents the resource overhead associated with running a pod.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podFixed`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| podFixed represents the fixed resource overhead associated with running a pod.
+
+|===
+=== .scheduling
+Description::
++
+--
+Scheduling specifies the scheduling constraints for nodes supporting a RuntimeClass.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelector`
+| `object (string)`
+| nodeSelector lists labels that must be present on nodes that support this RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node matched by this selector. The RuntimeClass nodeSelector is merged with a pod's existing nodeSelector. Any conflicts will cause the pod to be rejected in admission.
+
+| `tolerations`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Toleration[`array (Toleration)`]
+| tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/node.k8s.io/v1/runtimeclasses`
+- `DELETE`: delete collection of RuntimeClass
+- `GET`: list or watch objects of kind RuntimeClass
+- `POST`: create a RuntimeClass
+* `/apis/node.k8s.io/v1/watch/runtimeclasses`
+- `GET`: watch individual changes to a list of RuntimeClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/node.k8s.io/v1/runtimeclasses/{name}`
+- `DELETE`: delete a RuntimeClass
+- `GET`: read the specified RuntimeClass
+- `PATCH`: partially update the specified RuntimeClass
+- `PUT`: replace the specified RuntimeClass
+* `/apis/node.k8s.io/v1/watch/runtimeclasses/{name}`
+- `GET`: watch changes to an object of kind RuntimeClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/node.k8s.io/v1/runtimeclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of RuntimeClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind RuntimeClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.node.v1.RuntimeClassList[`RuntimeClassList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a RuntimeClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 201 - Created
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 202 - Accepted
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/node.k8s.io/v1/watch/runtimeclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of RuntimeClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/node.k8s.io/v1/runtimeclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the RuntimeClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a RuntimeClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified RuntimeClass
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified RuntimeClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 201 - Created
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified RuntimeClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 201 - Created
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`RuntimeClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/node.k8s.io/v1/watch/runtimeclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the RuntimeClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind RuntimeClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/objects/index.adoc b/microshift_rest_api/objects/index.adoc
new file mode 100644
index 000000000000..5390e4728f8e
--- /dev/null
+++ b/microshift_rest_api/objects/index.adoc
@@ -0,0 +1,9097 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="api-object-reference"]
+= Common object reference
+:toc: macro
+:toc-title:
+
+toc::[]
+
+[id="io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList"]
+== io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList schema
+
+
+Description::
++
+--
+MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`array (MutatingWebhookConfiguration)`]
+| List of MutatingWebhookConfiguration.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList"]
+== io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList schema
+
+
+Description::
++
+--
+ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`array (ValidatingWebhookConfiguration)`]
+| List of ValidatingWebhookConfiguration.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.apps.v1.ControllerRevisionList"]
+== io.k8s.api.apps.v1.ControllerRevisionList schema
+
+
+Description::
++
+--
+ControllerRevisionList is a resource containing a list of ControllerRevision objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../apps_apis/controllerrevision-apps-v1.adoc#controllerrevision-apps-v1[`array (ControllerRevision)`]
+| Items is the list of ControllerRevisions
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.apps.v1.DaemonSetList"]
+== io.k8s.api.apps.v1.DaemonSetList schema
+
+
+Description::
++
+--
+DaemonSetList is a collection of daemon sets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../apps_apis/daemonset-apps-v1.adoc#daemonset-apps-v1[`array (DaemonSet)`]
+| A list of daemon sets.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.apps.v1.DeploymentList"]
+== io.k8s.api.apps.v1.DeploymentList schema
+
+
+Description::
++
+--
+DeploymentList is a list of Deployments.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../apps_apis/deployment-apps-v1.adoc#deployment-apps-v1[`array (Deployment)`]
+| Items is the list of Deployments.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata.
+
+|===
+
+[id="io.k8s.api.apps.v1.ReplicaSetList"]
+== io.k8s.api.apps.v1.ReplicaSetList schema
+
+
+Description::
++
+--
+ReplicaSetList is a collection of ReplicaSets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../apps_apis/replicaset-apps-v1.adoc#replicaset-apps-v1[`array (ReplicaSet)`]
+| List of ReplicaSets. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.apps.v1.StatefulSetList"]
+== io.k8s.api.apps.v1.StatefulSetList schema
+
+
+Description::
++
+--
+StatefulSetList is a collection of StatefulSets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../apps_apis/statefulset-apps-v1.adoc#statefulset-apps-v1[`array (StatefulSet)`]
+| Items is the list of stateful sets.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerList"]
+== io.k8s.api.autoscaling.v2.HorizontalPodAutoscalerList schema
+
+
+Description::
++
+--
+HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../autoscaling_apis/horizontalpodautoscaler-autoscaling-v2.adoc#horizontalpodautoscaler-autoscaling-v2[`array (HorizontalPodAutoscaler)`]
+| items is the list of horizontal pod autoscaler objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| metadata is the standard list metadata.
+
+|===
+
+[id="io.k8s.api.batch.v1.CronJobList"]
+== io.k8s.api.batch.v1.CronJobList schema
+
+
+Description::
++
+--
+CronJobList is a collection of cron jobs.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../batch_apis/cronjob-batch-v1.adoc#cronjob-batch-v1[`array (CronJob)`]
+| items is the list of CronJobs.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.batch.v1.JobList"]
+== io.k8s.api.batch.v1.JobList schema
+
+
+Description::
++
+--
+JobList is a collection of jobs.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../batch_apis/job-batch-v1.adoc#job-batch-v1[`array (Job)`]
+| items is the list of Jobs.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.certificates.v1.CertificateSigningRequestList"]
+== io.k8s.api.certificates.v1.CertificateSigningRequestList schema
+
+
+Description::
++
+--
+CertificateSigningRequestList is a collection of CertificateSigningRequest objects
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../certificates_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc#certificatesigningrequest-certificates-k8s-io-v1[`array (CertificateSigningRequest)`]
+| items is a collection of CertificateSigningRequest objects
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+|
+
+|===
+
+[id="io.k8s.api.coordination.v1.LeaseList"]
+== io.k8s.api.coordination.v1.LeaseList schema
+
+
+Description::
++
+--
+LeaseList is a list of Lease objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../coordination_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`array (Lease)`]
+| items is a list of schema objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.core.v1.Affinity"]
+== io.k8s.api.core.v1.Affinity schema
+
+
+Description::
++
+--
+Affinity is a group of affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeAffinity`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeAffinity[`NodeAffinity`]
+| Describes node affinity scheduling rules for the pod.
+
+| `podAffinity`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodAffinity[`PodAffinity`]
+| Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+
+| `podAntiAffinity`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodAntiAffinity[`PodAntiAffinity`]
+| Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+
+|===
+
+[id="io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource"]
+== io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource schema
+
+
+Description::
++
+--
+Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+| `readOnly`
+| `boolean`
+| readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `volumeID`
+| `string`
+| volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+|===
+
+[id="io.k8s.api.core.v1.AzureDiskVolumeSource"]
+== io.k8s.api.core.v1.AzureDiskVolumeSource schema
+
+
+Description::
++
+--
+AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `diskName`
+  - `diskURI`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cachingMode`
+| `string`
+| cachingMode is the Host Caching mode: None, Read Only, Read Write.
+
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
+| `diskName`
+| `string`
+| diskName is the Name of the data disk in the blob storage
+
+| `diskURI`
+| `string`
+| diskURI is the URI of data disk in the blob storage
+
+| `fsType`
+| `string`
+| fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `kind`
+| `string`
+| kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
+
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+|===
+
+[id="io.k8s.api.core.v1.AzureFilePersistentVolumeSource"]
+== io.k8s.api.core.v1.AzureFilePersistentVolumeSource schema
+
+
+Description::
++
+--
+AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `secretName`
+  - `shareName`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretName`
+| `string`
+| secretName is the name of secret that contains Azure Storage Account Name and Key
+
+| `secretNamespace`
+| `string`
+| secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod
+
+| `shareName`
+| `string`
+| shareName is the azure Share Name
+
+|===
+
+[id="io.k8s.api.core.v1.AzureFileVolumeSource"]
+== io.k8s.api.core.v1.AzureFileVolumeSource schema
+
+
+Description::
++
+--
+AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `secretName`
+  - `shareName`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretName`
+| `string`
+| secretName is the  name of secret that contains Azure Storage Account Name and Key
+
+| `shareName`
+| `string`
+| shareName is the azure share Name
+
+|===
+
+[id="io.k8s.api.core.v1.Capabilities"]
+== io.k8s.api.core.v1.Capabilities schema
+
+
+Description::
++
+--
+Adds and removes POSIX capabilities from running containers.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `add`
+| `array (string)`
+| Added capabilities
+
+| `drop`
+| `array (string)`
+| Removed capabilities
+
+|===
+
+[id="io.k8s.api.core.v1.CephFSPersistentVolumeSource"]
+== io.k8s.api.core.v1.CephFSPersistentVolumeSource schema
+
+
+Description::
++
+--
+Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `monitors`
+| `array (string)`
+| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `path`
+| `string`
+| path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretFile`
+| `string`
+| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `user`
+| `string`
+| user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+|===
+
+[id="io.k8s.api.core.v1.CephFSVolumeSource"]
+== io.k8s.api.core.v1.CephFSVolumeSource schema
+
+
+Description::
++
+--
+Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `monitors`
+| `array (string)`
+| monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `path`
+| `string`
+| path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretFile`
+| `string`
+| secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+| `user`
+| `string`
+| user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+|===
+
+[id="io.k8s.api.core.v1.CinderPersistentVolumeSource"]
+== io.k8s.api.core.v1.CinderPersistentVolumeSource schema
+
+
+Description::
++
+--
+Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.
+
+| `volumeID`
+| `string`
+| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+|===
+
+[id="io.k8s.api.core.v1.CinderVolumeSource"]
+== io.k8s.api.core.v1.CinderVolumeSource schema
+
+
+Description::
++
+--
+Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.
+
+| `volumeID`
+| `string`
+| volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+|===
+
+[id="io.k8s.api.core.v1.ClaimSource"]
+== io.k8s.api.core.v1.ClaimSource schema
+
+
+Description::
++
+--
+ClaimSource describes a reference to a ResourceClaim.
+
+Exactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceClaimName`
+| `string`
+| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
+
+| `resourceClaimTemplateName`
+| `string`
+| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
+
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
+
+An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+
+This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
+
+|===
+
+[id="io.k8s.api.core.v1.ComponentStatusList"]
+== io.k8s.api.core.v1.ComponentStatusList schema
+
+
+Description::
++
+--
+Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/componentstatus-v1.adoc#componentstatus-v1[`array (ComponentStatus)`]
+| List of ComponentStatus objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.ConfigMapEnvSource"]
+== io.k8s.api.core.v1.ConfigMapEnvSource schema
+
+
+Description::
++
+--
+ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.ConfigMapKeySelector"]
+== io.k8s.api.core.v1.ConfigMapKeySelector schema
+
+
+Description::
++
+--
+Selects a key from a ConfigMap.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.ConfigMapList"]
+== io.k8s.api.core.v1.ConfigMapList schema
+
+
+Description::
++
+--
+ConfigMapList is a resource containing a list of ConfigMap objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/configmap-v1.adoc#configmap-v1[`array (ConfigMap)`]
+| Items is the list of ConfigMaps.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.core.v1.ConfigMapProjection"]
+== io.k8s.api.core.v1.ConfigMapProjection schema
+
+
+Description::
++
+--
+Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath[`array (KeyToPath)`]
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.ConfigMapVolumeSource"]
+== io.k8s.api.core.v1.ConfigMapVolumeSource schema
+
+
+Description::
++
+--
+Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath[`array (KeyToPath)`]
+| items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional specify whether the ConfigMap or its keys must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.Container"]
+== io.k8s.api.core.v1.Container schema
+
+
+Description::
++
+--
+A single application container that you want to run within a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EnvVar[`array (EnvVar)`]
+| List of environment variables to set in the container. Cannot be updated.
+
+| `envFrom`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EnvFromSource[`array (EnvFromSource)`]
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Lifecycle[`Lifecycle`]
+| Actions that the management system should take in response to container lifecycle events. Cannot be updated.
+
+| `livenessProbe`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Probe[`Probe`]
+| Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `name`
+| `string`
+| Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
+
+| `ports`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ContainerPort[`array (ContainerPort)`]
+| List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
+
+| `readinessProbe`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Probe[`Probe`]
+| Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `resizePolicy`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ContainerResizePolicy[`array (ContainerResizePolicy)`]
+| Resources resize policy for the container.
+
+| `resources`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`]
+| Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `securityContext`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecurityContext[`SecurityContext`]
+| SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+
+| `startupProbe`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Probe[`Probe`]
+| StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VolumeDevice[`array (VolumeDevice)`]
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeMounts`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VolumeMount[`array (VolumeMount)`]
+| Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+
+[id="io.k8s.api.core.v1.ContainerPort"]
+== io.k8s.api.core.v1.ContainerPort schema
+
+
+Description::
++
+--
+ContainerPort represents a network port in a single container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containerPort`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerPort`
+| `integer`
+| Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
+| `hostIP`
+| `string`
+| What host IP to bind the external port to.
+
+| `hostPort`
+| `integer`
+| Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+| `name`
+| `string`
+| If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+| `protocol`
+| `string`
+| Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
+
+|===
+
+[id="io.k8s.api.core.v1.ContainerResizePolicy"]
+== io.k8s.api.core.v1.ContainerResizePolicy schema
+
+
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
+|===
+
+[id="io.k8s.api.core.v1.CSIPersistentVolumeSource"]
+== io.k8s.api.core.v1.CSIPersistentVolumeSource schema
+
+
+Description::
++
+--
+Represents storage that is managed by an external CSI volume driver (Beta feature)
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+  - `volumeHandle`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `controllerExpandSecretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
+| `controllerPublishSecretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume. Required.
+
+| `fsType`
+| `string`
+| fsType to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs".
+
+| `nodeExpandSecretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This is a beta field which is enabled default by CSINodeExpandSecret feature gate. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
+| `nodePublishSecretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
+| `nodeStageSecretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
+| `readOnly`
+| `boolean`
+| readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).
+
+| `volumeAttributes`
+| `object (string)`
+| volumeAttributes of the volume to publish.
+
+| `volumeHandle`
+| `string`
+| volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.
+
+|===
+
+[id="io.k8s.api.core.v1.CSIVolumeSource"]
+== io.k8s.api.core.v1.CSIVolumeSource schema
+
+
+Description::
++
+--
+Represents a source location of a volume to mount, managed by an external CSI driver
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+
+| `fsType`
+| `string`
+| fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
+
+| `nodePublishSecretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and  may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+
+| `readOnly`
+| `boolean`
+| readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
+
+| `volumeAttributes`
+| `object (string)`
+| volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+
+|===
+
+[id="io.k8s.api.core.v1.DownwardAPIProjection"]
+== io.k8s.api.core.v1.DownwardAPIProjection schema
+
+
+Description::
++
+--
+Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.DownwardAPIVolumeFile[`array (DownwardAPIVolumeFile)`]
+| Items is a list of DownwardAPIVolume file
+
+|===
+
+[id="io.k8s.api.core.v1.DownwardAPIVolumeFile"]
+== io.k8s.api.core.v1.DownwardAPIVolumeFile schema
+
+
+Description::
++
+--
+DownwardAPIVolumeFile represents information to create the file containing the pod field
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fieldRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectFieldSelector[`ObjectFieldSelector`]
+| Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+
+| `mode`
+| `integer`
+| Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| Required: Path is  the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+| `resourceFieldRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceFieldSelector[`ResourceFieldSelector`]
+| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+
+|===
+
+[id="io.k8s.api.core.v1.DownwardAPIVolumeSource"]
+== io.k8s.api.core.v1.DownwardAPIVolumeSource schema
+
+
+Description::
++
+--
+DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.DownwardAPIVolumeFile[`array (DownwardAPIVolumeFile)`]
+| Items is a list of downward API volume file
+
+|===
+
+[id="io.k8s.api.core.v1.EmptyDirVolumeSource"]
+== io.k8s.api.core.v1.EmptyDirVolumeSource schema
+
+
+Description::
++
+--
+Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `medium`
+| `string`
+| medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+| `sizeLimit`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+|===
+
+[id="io.k8s.api.core.v1.EndpointsList"]
+== io.k8s.api.core.v1.EndpointsList schema
+
+
+Description::
++
+--
+EndpointsList is a list of endpoints.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/endpoints-v1.adoc#endpoints-v1[`array (Endpoints)`]
+| List of endpoints.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.EnvFromSource"]
+== io.k8s.api.core.v1.EnvFromSource schema
+
+
+Description::
++
+--
+EnvFromSource represents the source of a set of ConfigMaps
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapEnvSource[`ConfigMapEnvSource`]
+| The ConfigMap to select from
+
+| `prefix`
+| `string`
+| An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretEnvSource[`SecretEnvSource`]
+| The Secret to select from
+
+|===
+
+[id="io.k8s.api.core.v1.EnvVar"]
+== io.k8s.api.core.v1.EnvVar schema
+
+
+Description::
++
+--
+EnvVar represents an environment variable present in a Container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the environment variable. Must be a C_IDENTIFIER.
+
+| `value`
+| `string`
+| Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+| `valueFrom`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EnvVarSource[`EnvVarSource`]
+| Source for the environment variable's value. Cannot be used if value is not empty.
+
+|===
+
+[id="io.k8s.api.core.v1.EnvVarSource"]
+== io.k8s.api.core.v1.EnvVarSource schema
+
+
+Description::
++
+--
+EnvVarSource represents a source for the value of an EnvVar.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMapKeyRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapKeySelector[`ConfigMapKeySelector`]
+| Selects a key of a ConfigMap.
+
+| `fieldRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectFieldSelector[`ObjectFieldSelector`]
+| Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+
+| `resourceFieldRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceFieldSelector[`ResourceFieldSelector`]
+| Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+
+| `secretKeyRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretKeySelector[`SecretKeySelector`]
+| Selects a key of a secret in the pod's namespace
+
+|===
+
+[id="io.k8s.api.core.v1.EphemeralContainer"]
+== io.k8s.api.core.v1.EphemeralContainer schema
+
+
+Description::
++
+--
+An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
+
+To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `args`
+| `array (string)`
+| Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `command`
+| `array (string)`
+| Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+| `env`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EnvVar[`array (EnvVar)`]
+| List of environment variables to set in the container. Cannot be updated.
+
+| `envFrom`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EnvFromSource[`array (EnvFromSource)`]
+| List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+| `image`
+| `string`
+| Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+
+| `imagePullPolicy`
+| `string`
+| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+Possible enum values:
+ - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.
+ - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
+ - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present
+
+| `lifecycle`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Lifecycle[`Lifecycle`]
+| Lifecycle is not allowed for ephemeral containers.
+
+| `livenessProbe`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Probe[`Probe`]
+| Probes are not allowed for ephemeral containers.
+
+| `name`
+| `string`
+| Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
+
+| `ports`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ContainerPort[`array (ContainerPort)`]
+| Ports are not allowed for ephemeral containers.
+
+| `readinessProbe`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Probe[`Probe`]
+| Probes are not allowed for ephemeral containers.
+
+| `resizePolicy`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ContainerResizePolicy[`array (ContainerResizePolicy)`]
+| Resources resize policy for the container.
+
+| `resources`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`]
+| Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
+
+| `securityContext`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecurityContext[`SecurityContext`]
+| Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+
+| `startupProbe`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Probe[`Probe`]
+| Probes are not allowed for ephemeral containers.
+
+| `stdin`
+| `boolean`
+| Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+| `stdinOnce`
+| `boolean`
+| Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+| `targetContainerName`
+| `string`
+| If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.
+
+| `terminationMessagePath`
+| `string`
+| Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+| `terminationMessagePolicy`
+| `string`
+| Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+Possible enum values:
+ - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.
+ - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.
+
+| `tty`
+| `boolean`
+| Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+| `volumeDevices`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VolumeDevice[`array (VolumeDevice)`]
+| volumeDevices is the list of block devices to be used by the container.
+
+| `volumeMounts`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VolumeMount[`array (VolumeMount)`]
+| Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
+
+| `workingDir`
+| `string`
+| Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+|===
+
+[id="io.k8s.api.core.v1.EphemeralVolumeSource"]
+== io.k8s.api.core.v1.EphemeralVolumeSource schema
+
+
+Description::
++
+--
+Represents an ephemeral volume that is handled by a normal storage driver.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `volumeClaimTemplate`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeClaimTemplate[`PersistentVolumeClaimTemplate`]
+| Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod.  The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).
+
+An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.
+
+This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.
+
+Required, must not be nil.
+
+|===
+
+[id="io.k8s.api.core.v1.EventList"]
+== io.k8s.api.core.v1.EventList schema
+
+
+Description::
++
+--
+EventList is a list of events.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/event-v1.adoc#event-v1[`array (Event)`]
+| List of events
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.EventSource"]
+== io.k8s.api.core.v1.EventSource schema
+
+
+Description::
++
+--
+EventSource contains information for an event.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `component`
+| `string`
+| Component from which the event is generated.
+
+| `host`
+| `string`
+| Node name on which the event is generated.
+
+|===
+
+[id="io.k8s.api.core.v1.ExecAction"]
+== io.k8s.api.core.v1.ExecAction schema
+
+
+Description::
++
+--
+ExecAction describes a "run in container" action.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `command`
+| `array (string)`
+| Command is the command line to execute inside the container, the working directory for the command  is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('\|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+|===
+
+[id="io.k8s.api.core.v1.FCVolumeSource"]
+== io.k8s.api.core.v1.FCVolumeSource schema
+
+
+Description::
++
+--
+Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `lun`
+| `integer`
+| lun is Optional: FC target lun number
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `targetWWNs`
+| `array (string)`
+| targetWWNs is Optional: FC target worldwide names (WWNs)
+
+| `wwids`
+| `array (string)`
+| wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+
+|===
+
+[id="io.k8s.api.core.v1.FlexPersistentVolumeSource"]
+== io.k8s.api.core.v1.FlexPersistentVolumeSource schema
+
+
+Description::
++
+--
+FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume.
+
+| `fsType`
+| `string`
+| fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
+| `options`
+| `object (string)`
+| options is Optional: this field holds extra command options if any.
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+|===
+
+[id="io.k8s.api.core.v1.FlexVolumeSource"]
+== io.k8s.api.core.v1.FlexVolumeSource schema
+
+
+Description::
++
+--
+FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+--
+
+Type::
+  `object`
+
+Required::
+  - `driver`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `driver`
+| `string`
+| driver is the name of the driver to use for this volume.
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
+| `options`
+| `object (string)`
+| options is Optional: this field holds extra command options if any.
+
+| `readOnly`
+| `boolean`
+| readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+|===
+
+[id="io.k8s.api.core.v1.FlockerVolumeSource"]
+== io.k8s.api.core.v1.FlockerVolumeSource schema
+
+
+Description::
++
+--
+Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `datasetName`
+| `string`
+| datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
+
+| `datasetUUID`
+| `string`
+| datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+
+|===
+
+[id="io.k8s.api.core.v1.GCEPersistentDiskVolumeSource"]
+== io.k8s.api.core.v1.GCEPersistentDiskVolumeSource schema
+
+
+Description::
++
+--
+Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdName`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `partition`
+| `integer`
+| partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `pdName`
+| `string`
+| pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+|===
+
+[id="io.k8s.api.core.v1.GitRepoVolumeSource"]
+== io.k8s.api.core.v1.GitRepoVolumeSource schema
+
+
+Description::
++
+--
+Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `repository`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `directory`
+| `string`
+| directory is the target directory name. Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the git repository.  Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+
+| `repository`
+| `string`
+| repository is the URL
+
+| `revision`
+| `string`
+| revision is the commit hash for the specified revision.
+
+|===
+
+[id="io.k8s.api.core.v1.GlusterfsPersistentVolumeSource"]
+== io.k8s.api.core.v1.GlusterfsPersistentVolumeSource schema
+
+
+Description::
++
+--
+Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoints`
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endpoints`
+| `string`
+| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `endpointsNamespace`
+| `string`
+| endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `path`
+| `string`
+| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+|===
+
+[id="io.k8s.api.core.v1.GlusterfsVolumeSource"]
+== io.k8s.api.core.v1.GlusterfsVolumeSource schema
+
+
+Description::
++
+--
+Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoints`
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `endpoints`
+| `string`
+| endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `path`
+| `string`
+| path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+|===
+
+[id="io.k8s.api.core.v1.GRPCAction"]
+== io.k8s.api.core.v1.GRPCAction schema
+
+
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `port`
+| `integer`
+| Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+| `service`
+| `string`
+| Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+If this is not specified, the default behavior is defined by gRPC.
+
+|===
+
+[id="io.k8s.api.core.v1.HostAlias"]
+== io.k8s.api.core.v1.HostAlias schema
+
+
+Description::
++
+--
+HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `hostnames`
+| `array (string)`
+| Hostnames for the above IP address.
+
+| `ip`
+| `string`
+| IP address of the host file entry.
+
+|===
+
+[id="io.k8s.api.core.v1.HostPathVolumeSource"]
+== io.k8s.api.core.v1.HostPathVolumeSource schema
+
+
+Description::
++
+--
+Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `type`
+| `string`
+| type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
+|===
+
+[id="io.k8s.api.core.v1.HTTPGetAction"]
+== io.k8s.api.core.v1.HTTPGetAction schema
+
+
+Description::
++
+--
+HTTPGetAction describes an action based on HTTP Get requests.
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
+
+| `httpHeaders`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.HTTPHeader[`array (HTTPHeader)`]
+| Custom headers to set in the request. HTTP allows repeated headers.
+
+| `path`
+| `string`
+| Path to access on the HTTP server.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+| `scheme`
+| `string`
+| Scheme to use for connecting to the host. Defaults to HTTP.
+
+Possible enum values:
+ - `"HTTP"` means that the scheme used will be http://
+ - `"HTTPS"` means that the scheme used will be https://
+
+|===
+
+[id="io.k8s.api.core.v1.HTTPHeader"]
+== io.k8s.api.core.v1.HTTPHeader schema
+
+
+Description::
++
+--
+HTTPHeader describes a custom header to be used in HTTP probes
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
+
+| `value`
+| `string`
+| The header field value
+
+|===
+
+[id="io.k8s.api.core.v1.ISCSIPersistentVolumeSource"]
+== io.k8s.api.core.v1.ISCSIPersistentVolumeSource schema
+
+
+Description::
++
+--
+ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `targetPortal`
+  - `iqn`
+  - `lun`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `chapAuthDiscovery`
+| `boolean`
+| chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+
+| `chapAuthSession`
+| `boolean`
+| chapAuthSession defines whether support iSCSI Session CHAP authentication
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
+| `initiatorName`
+| `string`
+| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
+| `iqn`
+| `string`
+| iqn is Target iSCSI Qualified Name.
+
+| `iscsiInterface`
+| `string`
+| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+| `lun`
+| `integer`
+| lun is iSCSI Target Lun number.
+
+| `portals`
+| `array (string)`
+| portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| secretRef is the CHAP Secret for iSCSI target and initiator authentication
+
+| `targetPortal`
+| `string`
+| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+|===
+
+[id="io.k8s.api.core.v1.ISCSIVolumeSource"]
+== io.k8s.api.core.v1.ISCSIVolumeSource schema
+
+
+Description::
++
+--
+Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `targetPortal`
+  - `iqn`
+  - `lun`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `chapAuthDiscovery`
+| `boolean`
+| chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+
+| `chapAuthSession`
+| `boolean`
+| chapAuthSession defines whether support iSCSI Session CHAP authentication
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
+| `initiatorName`
+| `string`
+| initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
+| `iqn`
+| `string`
+| iqn is the target iSCSI Qualified Name.
+
+| `iscsiInterface`
+| `string`
+| iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+| `lun`
+| `integer`
+| lun represents iSCSI Target Lun number.
+
+| `portals`
+| `array (string)`
+| portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef is the CHAP Secret for iSCSI target and initiator authentication
+
+| `targetPortal`
+| `string`
+| targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
+|===
+
+[id="io.k8s.api.core.v1.KeyToPath"]
+== io.k8s.api.core.v1.KeyToPath schema
+
+
+Description::
++
+--
+Maps a string key to a path within a volume.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the key to project.
+
+| `mode`
+| `integer`
+| mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `path`
+| `string`
+| path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+|===
+
+[id="io.k8s.api.core.v1.Lifecycle"]
+== io.k8s.api.core.v1.Lifecycle schema
+
+
+Description::
++
+--
+Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `postStart`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LifecycleHandler[`LifecycleHandler`]
+| PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+
+| `preStop`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LifecycleHandler[`LifecycleHandler`]
+| PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+
+|===
+
+[id="io.k8s.api.core.v1.LifecycleHandler"]
+== io.k8s.api.core.v1.LifecycleHandler schema
+
+
+Description::
++
+--
+LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ExecAction[`ExecAction`]
+| Exec specifies the action to take.
+
+| `httpGet`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.HTTPGetAction[`HTTPGetAction`]
+| HTTPGet specifies the http request to perform.
+
+| `tcpSocket`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TCPSocketAction[`TCPSocketAction`]
+| Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
+
+|===
+
+[id="io.k8s.api.core.v1.LimitRangeList"]
+== io.k8s.api.core.v1.LimitRangeList schema
+
+
+Description::
++
+--
+LimitRangeList is a list of LimitRange items.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/limitrange-v1.adoc#limitrange-v1[`array (LimitRange)`]
+| Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.LocalObjectReference"]
+== io.k8s.api.core.v1.LocalObjectReference schema
+
+
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+|===
+
+[id="io.k8s.api.core.v1.LocalVolumeSource"]
+== io.k8s.api.core.v1.LocalVolumeSource schema
+
+
+Description::
++
+--
+Local represents directly-attached storage with node affinity (Beta feature)
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
+
+| `path`
+| `string`
+| path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).
+
+|===
+
+[id="io.k8s.api.core.v1.NamespaceList"]
+== io.k8s.api.core.v1.NamespaceList schema
+
+
+Description::
++
+--
+NamespaceList is a list of Namespaces.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/namespace-v1.adoc#namespace-v1[`array (Namespace)`]
+| Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.NFSVolumeSource"]
+== io.k8s.api.core.v1.NFSVolumeSource schema
+
+
+Description::
++
+--
+Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `server`
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `path`
+| `string`
+| path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `server`
+| `string`
+| server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+|===
+
+[id="io.k8s.api.core.v1.NodeAffinity"]
+== io.k8s.api.core.v1.NodeAffinity schema
+
+
+Description::
++
+--
+Node affinity is a group of node affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PreferredSchedulingTerm[`array (PreferredSchedulingTerm)`]
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeSelector[`NodeSelector`]
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+|===
+
+[id="io.k8s.api.core.v1.NodeList"]
+== io.k8s.api.core.v1.NodeList schema
+
+
+Description::
++
+--
+NodeList is the whole list of all Nodes which have been registered with master.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/node-v1.adoc#node-v1[`array (Node)`]
+| List of nodes
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.NodeSelector"]
+== io.k8s.api.core.v1.NodeSelector schema
+
+
+Description::
++
+--
+A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
+--
+
+Type::
+  `object`
+
+Required::
+  - `nodeSelectorTerms`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelectorTerms`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeSelectorTerm[`array (NodeSelectorTerm)`]
+| Required. A list of node selector terms. The terms are ORed.
+
+|===
+
+[id="io.k8s.api.core.v1.NodeSelectorRequirement"]
+== io.k8s.api.core.v1.NodeSelectorRequirement schema
+
+
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+Possible enum values:
+ - `"DoesNotExist"`
+ - `"Exists"`
+ - `"Gt"`
+ - `"In"`
+ - `"Lt"`
+ - `"NotIn"`
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+
+[id="io.k8s.api.core.v1.NodeSelectorTerm"]
+== io.k8s.api.core.v1.NodeSelectorTerm schema
+
+
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeSelectorRequirement[`array (NodeSelectorRequirement)`]
+| A list of node selector requirements by node's labels.
+
+| `matchFields`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeSelectorRequirement[`array (NodeSelectorRequirement)`]
+| A list of node selector requirements by node's fields.
+
+|===
+
+[id="io.k8s.api.core.v1.ObjectFieldSelector"]
+== io.k8s.api.core.v1.ObjectFieldSelector schema
+
+
+Description::
++
+--
+ObjectFieldSelector selects an APIVersioned field of an object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `fieldPath`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| Version of the schema the FieldPath is written in terms of, defaults to "v1".
+
+| `fieldPath`
+| `string`
+| Path of the field to select in the specified API version.
+
+|===
+
+[id="io.k8s.api.core.v1.ObjectReference"]
+== io.k8s.api.core.v1.ObjectReference schema
+
+
+Description::
++
+--
+ObjectReference contains enough information to let you inspect or modify the referred object.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeClaim"]
+== io.k8s.api.core.v1.PersistentVolumeClaim schema
+
+
+Description::
++
+--
+PersistentVolumeClaim is a user's request for and claim to a persistent volume
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+
+| `status`
+| `object`
+| PersistentVolumeClaimStatus is the current status of a persistent volume claim.
+
+|===
+..spec
+Description::
++
+--
+PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+--
+
+Type::
+  `object`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `dataSource`
+| `object`
+| TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+
+| `dataSourceRef`
+| `object`
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over volumes to consider for binding.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+
+| `volumeMode`
+| `string`
+| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `volumeName`
+| `string`
+| volumeName is the binding reference to the PersistentVolume backing this claim.
+
+|===
+..spec.dataSource
+Description::
++
+--
+TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+..spec.dataSourceRef
+Description::
++
+--
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+|===
+..spec.resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+..spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+..spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+..status
+Description::
++
+--
+PersistentVolumeClaimStatus is the current status of a persistent volume claim.
+--
+
+Type::
+  `object`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
+| `capacity`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| capacity represents the actual resources of the underlying volume.
+
+| `conditions`
+| `array`
+| conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+
+| `conditions[]`
+| `object`
+| PersistentVolumeClaimCondition contains details about state of pvc
+
+| `phase`
+| `string`
+| phase represents the current phase of PersistentVolumeClaim.
+
+Possible enum values:
+ - `"Bound"` used for PersistentVolumeClaims that are bound
+ - `"Lost"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.
+ - `"Pending"` used for PersistentVolumeClaims that are not yet bound
+
+| `resizeStatus`
+| `string`
+| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
+Possible enum values:
+ - `""` When expansion is complete, the empty string is set by resize controller or kubelet.
+ - `"ControllerExpansionFailed"` State set when expansion has failed in resize controller with a terminal error. Transient errors such as timeout should not set this status and should leave ResizeStatus unmodified, so as resize controller can resume the volume expansion.
+ - `"ControllerExpansionInProgress"` State set when resize controller starts expanding the volume in control-plane
+ - `"NodeExpansionFailed"` State set when expansion has failed in kubelet with a terminal error. Transient errors don't set NodeExpansionFailed.
+ - `"NodeExpansionInProgress"` State set when kubelet starts expanding the volume.
+ - `"NodeExpansionPending"` State set when resize controller has finished expanding the volume but further expansion is needed on the node.
+
+|===
+..status.conditions
+Description::
++
+--
+conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+--
+
+Type::
+  `array`
+
+
+..status.conditions[]
+Description::
++
+--
+PersistentVolumeClaimCondition contains details about state of pvc
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastProbeTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastProbeTime is the time we probed the condition.
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastTransitionTime is the time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| message is the human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+
+| `status`
+| `string`
+|
+
+| `type`
+| `string`
+|
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeClaimList"]
+== io.k8s.api.core.v1.PersistentVolumeClaimList schema
+
+
+Description::
++
+--
+PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/persistentvolumeclaim-v1.adoc#persistentvolumeclaim-v1[`array (PersistentVolumeClaim)`]
+| items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeClaimSpec"]
+== io.k8s.api.core.v1.PersistentVolumeClaimSpec schema
+
+
+Description::
++
+--
+PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
+| `dataSource`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TypedLocalObjectReference[`TypedLocalObjectReference`]
+| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+
+| `dataSourceRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TypedObjectReference[`TypedObjectReference`]
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef
+  allows any non-core object, as well as PersistentVolumeClaim objects.
+* While dataSource ignores disallowed values (dropping them), dataSourceRef
+  preserves all values, and generates an error if a disallowed value is
+  specified.
+* While dataSource only allows local objects, dataSourceRef allows objects
+  in any namespaces.
+(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+| `resources`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`]
+| resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| selector is a label query over volumes to consider for binding.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+
+| `volumeMode`
+| `string`
+| volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `volumeName`
+| `string`
+| volumeName is the binding reference to the PersistentVolume backing this claim.
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeClaimTemplate"]
+== io.k8s.api.core.v1.PersistentVolumeClaimTemplate schema
+
+
+Description::
++
+--
+PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
+
+| `spec`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeClaimSpec[`PersistentVolumeClaimSpec`]
+| The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource"]
+== io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource schema
+
+
+Description::
++
+--
+PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
+--
+
+Type::
+  `object`
+
+Required::
+  - `claimName`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claimName`
+| `string`
+| claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
+| `readOnly`
+| `boolean`
+| readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeList"]
+== io.k8s.api.core.v1.PersistentVolumeList schema
+
+
+Description::
++
+--
+PersistentVolumeList is a list of PersistentVolume items.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/persistentvolume-v1.adoc#persistentvolume-v1[`array (PersistentVolume)`]
+| items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.PersistentVolumeSpec"]
+== io.k8s.api.core.v1.PersistentVolumeSpec schema
+
+
+Description::
++
+--
+PersistentVolumeSpec is the specification of a persistent volume.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessModes`
+| `array (string)`
+| accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
+
+| `awsElasticBlockStore`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource[`AWSElasticBlockStoreVolumeSource`]
+| awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `azureDisk`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.AzureDiskVolumeSource[`AzureDiskVolumeSource`]
+| azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+
+| `azureFile`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.AzureFilePersistentVolumeSource[`AzureFilePersistentVolumeSource`]
+| azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+
+| `capacity`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
+
+| `cephfs`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.CephFSPersistentVolumeSource[`CephFSPersistentVolumeSource`]
+| cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+
+| `cinder`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.CinderPersistentVolumeSource[`CinderPersistentVolumeSource`]
+| cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `claimRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
+| claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
+
+| `csi`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIPersistentVolumeSource[`CSIPersistentVolumeSource`]
+| csi represents storage that is handled by an external CSI driver (Beta feature).
+
+| `fc`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.FCVolumeSource[`FCVolumeSource`]
+| fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+
+| `flexVolume`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.FlexPersistentVolumeSource[`FlexPersistentVolumeSource`]
+| flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+
+| `flocker`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.FlockerVolumeSource[`FlockerVolumeSource`]
+| flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
+
+| `gcePersistentDisk`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.GCEPersistentDiskVolumeSource[`GCEPersistentDiskVolumeSource`]
+| gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `glusterfs`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.GlusterfsPersistentVolumeSource[`GlusterfsPersistentVolumeSource`]
+| glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+
+| `hostPath`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.HostPathVolumeSource[`HostPathVolumeSource`]
+| hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `iscsi`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ISCSIPersistentVolumeSource[`ISCSIPersistentVolumeSource`]
+| iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.
+
+| `local`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalVolumeSource[`LocalVolumeSource`]
+| local represents directly-attached storage with node affinity
+
+| `mountOptions`
+| `array (string)`
+| mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
+
+| `nfs`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NFSVolumeSource[`NFSVolumeSource`]
+| nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `nodeAffinity`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VolumeNodeAffinity[`VolumeNodeAffinity`]
+| nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.
+
+| `persistentVolumeReclaimPolicy`
+| `string`
+| persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
+
+Possible enum values:
+ - `"Delete"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.
+ - `"Recycle"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.
+ - `"Retain"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.
+
+| `photonPersistentDisk`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource[`PhotonPersistentDiskVolumeSource`]
+| photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+
+| `portworxVolume`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PortworxVolumeSource[`PortworxVolumeSource`]
+| portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+
+| `quobyte`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.QuobyteVolumeSource[`QuobyteVolumeSource`]
+| quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+
+| `rbd`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.RBDPersistentVolumeSource[`RBDPersistentVolumeSource`]
+| rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+
+| `scaleIO`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ScaleIOPersistentVolumeSource[`ScaleIOPersistentVolumeSource`]
+| scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+
+| `storageClassName`
+| `string`
+| storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.
+
+| `storageos`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.StorageOSPersistentVolumeSource[`StorageOSPersistentVolumeSource`]
+| storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod More info: https://examples.k8s.io/volumes/storageos/README.md
+
+| `volumeMode`
+| `string`
+| volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.
+
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
+| `vsphereVolume`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource[`VsphereVirtualDiskVolumeSource`]
+| vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+
+|===
+
+[id="io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource"]
+== io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource schema
+
+
+Description::
++
+--
+Represents a Photon Controller persistent disk resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `pdID`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `pdID`
+| `string`
+| pdID is the ID that identifies Photon Controller persistent disk
+
+|===
+
+[id="io.k8s.api.core.v1.PodAffinity"]
+== io.k8s.api.core.v1.PodAffinity schema
+
+
+Description::
++
+--
+Pod affinity is a group of inter pod affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.WeightedPodAffinityTerm[`array (WeightedPodAffinityTerm)`]
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodAffinityTerm[`array (PodAffinityTerm)`]
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+|===
+
+[id="io.k8s.api.core.v1.PodAffinityTerm"]
+== io.k8s.api.core.v1.PodAffinityTerm schema
+
+
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+
+[id="io.k8s.api.core.v1.PodAntiAffinity"]
+== io.k8s.api.core.v1.PodAntiAffinity schema
+
+
+Description::
++
+--
+Pod anti affinity is a group of inter pod anti affinity scheduling rules.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.WeightedPodAffinityTerm[`array (WeightedPodAffinityTerm)`]
+| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodAffinityTerm[`array (PodAffinityTerm)`]
+| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+|===
+
+[id="io.k8s.api.core.v1.PodDNSConfig"]
+== io.k8s.api.core.v1.PodDNSConfig schema
+
+
+Description::
++
+--
+PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nameservers`
+| `array (string)`
+| A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
+
+| `options`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodDNSConfigOption[`array (PodDNSConfigOption)`]
+| A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+
+| `searches`
+| `array (string)`
+| A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+
+|===
+
+[id="io.k8s.api.core.v1.PodDNSConfigOption"]
+== io.k8s.api.core.v1.PodDNSConfigOption schema
+
+
+Description::
++
+--
+PodDNSConfigOption defines DNS resolver options of a pod.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Required.
+
+| `value`
+| `string`
+|
+
+|===
+
+[id="io.k8s.api.core.v1.PodList"]
+== io.k8s.api.core.v1.PodList schema
+
+
+Description::
++
+--
+PodList is a list of Pods.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/pod-v1.adoc#pod-v1[`array (Pod)`]
+| List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.PodOS"]
+== io.k8s.api.core.v1.PodOS schema
+
+
+Description::
++
+--
+PodOS defines the OS parameters of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+
+|===
+
+[id="io.k8s.api.core.v1.PodReadinessGate"]
+== io.k8s.api.core.v1.PodReadinessGate schema
+
+
+Description::
++
+--
+PodReadinessGate contains the reference to a pod condition
+--
+
+Type::
+  `object`
+
+Required::
+  - `conditionType`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditionType`
+| `string`
+| ConditionType refers to a condition in the pod's condition list with matching type.
+
+|===
+
+[id="io.k8s.api.core.v1.PodResourceClaim"]
+== io.k8s.api.core.v1.PodResourceClaim schema
+
+
+Description::
++
+--
+PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
+
+| `source`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ClaimSource[`ClaimSource`]
+| Source describes where to find the ResourceClaim.
+
+|===
+
+[id="io.k8s.api.core.v1.PodSchedulingGate"]
+== io.k8s.api.core.v1.PodSchedulingGate schema
+
+
+Description::
++
+--
+PodSchedulingGate is associated to a Pod to guard its scheduling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the scheduling gate. Each scheduling gate must have a unique name field.
+
+|===
+
+[id="io.k8s.api.core.v1.PodSecurityContext"]
+== io.k8s.api.core.v1.PodSecurityContext schema
+
+
+Description::
++
+--
+PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext.  Field values of container.securityContext take precedence over field values of PodSecurityContext.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsGroup`
+| `integer`
+| A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
+
+1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
+
+If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
+
+| `fsGroupChangePolicy`
+| `string`
+| fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SELinuxOptions[`SELinuxOptions`]
+| The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container.  May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
+
+| `seccompProfile`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SeccompProfile[`SeccompProfile`]
+| The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
+
+| `supplementalGroups`
+| `array (integer)`
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
+
+| `sysctls`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Sysctl[`array (Sysctl)`]
+| Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
+
+| `windowsOptions`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.WindowsSecurityContextOptions[`WindowsSecurityContextOptions`]
+| The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+
+|===
+
+[id="io.k8s.api.core.v1.PodSpec"]
+== io.k8s.api.core.v1.PodSpec schema
+
+
+Description::
++
+--
+PodSpec is a description of a pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `containers`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `activeDeadlineSeconds`
+| `integer`
+| Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
+
+| `affinity`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Affinity[`Affinity`]
+| If specified, the pod's scheduling constraints
+
+| `automountServiceAccountToken`
+| `boolean`
+| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+
+| `containers`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Container[`array (Container)`]
+| List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
+
+| `dnsConfig`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodDNSConfig[`PodDNSConfig`]
+| Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
+
+| `dnsPolicy`
+| `string`
+| Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+
+Possible enum values:
+ - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.
+ - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings.
+ - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.
+
+| `enableServiceLinks`
+| `boolean`
+| EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.
+
+| `ephemeralContainers`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EphemeralContainer[`array (EphemeralContainer)`]
+| List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+
+| `hostAliases`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.HostAlias[`array (HostAlias)`]
+| HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+
+| `hostIPC`
+| `boolean`
+| Use the host's ipc namespace. Optional: Default to false.
+
+| `hostNetwork`
+| `boolean`
+| Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
+
+| `hostPID`
+| `boolean`
+| Use the host's pid namespace. Optional: Default to false.
+
+| `hostUsers`
+| `boolean`
+| Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+
+| `hostname`
+| `string`
+| Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+
+| `imagePullSecrets`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`array (LocalObjectReference)`]
+| ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+
+| `initContainers`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Container[`array (Container)`]
+| List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+
+| `nodeName`
+| `string`
+| NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+
+| `nodeSelector`
+| `object (string)`
+| NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+
+| `os`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodOS[`PodOS`]
+| Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.
+
+If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions
+
+If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup
+
+| `overhead`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+
+| `preemptionPolicy`
+| `string`
+| PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
+| `priority`
+| `integer`
+| The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
+
+| `priorityClassName`
+| `string`
+| If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
+
+| `readinessGates`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodReadinessGate[`array (PodReadinessGate)`]
+| If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+
+| `resourceClaims`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodResourceClaim[`array (PodResourceClaim)`]
+| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable.
+
+| `restartPolicy`
+| `string`
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+
+Possible enum values:
+ - `"Always"`
+ - `"Never"`
+ - `"OnFailure"`
+
+| `runtimeClassName`
+| `string`
+| RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+
+| `schedulerName`
+| `string`
+| If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
+
+| `schedulingGates`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodSchedulingGate[`array (PodSchedulingGate)`]
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+
+| `securityContext`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodSecurityContext[`PodSecurityContext`]
+| SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty.  See type description for default values of each field.
+
+| `serviceAccount`
+| `string`
+| DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
+
+| `serviceAccountName`
+| `string`
+| ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
+| `setHostnameAsFQDN`
+| `boolean`
+| If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.
+
+| `shareProcessNamespace`
+| `boolean`
+| Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.
+
+| `subdomain`
+| `string`
+| If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
+
+| `tolerations`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Toleration[`array (Toleration)`]
+| If specified, the pod's tolerations.
+
+| `topologySpreadConstraints`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TopologySpreadConstraint[`array (TopologySpreadConstraint)`]
+| TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+
+| `volumes`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Volume[`array (Volume)`]
+| List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
+
+|===
+
+[id="io.k8s.api.core.v1.PodTemplateList"]
+== io.k8s.api.core.v1.PodTemplateList schema
+
+
+Description::
++
+--
+PodTemplateList is a list of PodTemplates.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/podtemplate-v1.adoc#podtemplate-v1[`array (PodTemplate)`]
+| List of pod templates
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.PodTemplateSpec"]
+== io.k8s.api.core.v1.PodTemplateSpec schema
+
+
+Description::
++
+--
+PodTemplateSpec describes the data a pod should have when created from a template
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodSpec[`PodSpec`]
+| Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+|===
+
+[id="io.k8s.api.core.v1.PortworxVolumeSource"]
+== io.k8s.api.core.v1.PortworxVolumeSource schema
+
+
+Description::
++
+--
+PortworxVolumeSource represents a Portworx volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeID`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `volumeID`
+| `string`
+| volumeID uniquely identifies a Portworx volume
+
+|===
+
+[id="io.k8s.api.core.v1.PreferredSchedulingTerm"]
+== io.k8s.api.core.v1.PreferredSchedulingTerm schema
+
+
+Description::
++
+--
+An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `preference`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preference`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeSelectorTerm[`NodeSelectorTerm`]
+| A node selector term, associated with the corresponding weight.
+
+| `weight`
+| `integer`
+| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+|===
+
+[id="io.k8s.api.core.v1.Probe"]
+== io.k8s.api.core.v1.Probe schema
+
+
+Description::
++
+--
+Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exec`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ExecAction[`ExecAction`]
+| Exec specifies the action to take.
+
+| `failureThreshold`
+| `integer`
+| Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
+
+| `grpc`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.GRPCAction[`GRPCAction`]
+| GRPC specifies an action involving a GRPC port.
+
+| `httpGet`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.HTTPGetAction[`HTTPGetAction`]
+| HTTPGet specifies the http request to perform.
+
+| `initialDelaySeconds`
+| `integer`
+| Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+| `periodSeconds`
+| `integer`
+| How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
+| `successThreshold`
+| `integer`
+| Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+| `tcpSocket`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TCPSocketAction[`TCPSocketAction`]
+| TCPSocket specifies an action involving a TCP port.
+
+| `terminationGracePeriodSeconds`
+| `integer`
+| Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+| `timeoutSeconds`
+| `integer`
+| Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+|===
+
+[id="io.k8s.api.core.v1.ProjectedVolumeSource"]
+== io.k8s.api.core.v1.ProjectedVolumeSource schema
+
+
+Description::
++
+--
+Represents a projected volume source
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `sources`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VolumeProjection[`array (VolumeProjection)`]
+| sources is the list of volume projections
+
+|===
+
+[id="io.k8s.api.core.v1.QuobyteVolumeSource"]
+== io.k8s.api.core.v1.QuobyteVolumeSource schema
+
+
+Description::
++
+--
+Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `registry`
+  - `volume`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| group to map volume access to Default is no group
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+
+| `registry`
+| `string`
+| registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+
+| `tenant`
+| `string`
+| tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+
+| `user`
+| `string`
+| user to map volume access to Defaults to serivceaccount user
+
+| `volume`
+| `string`
+| volume is a string that references an already created Quobyte volume by name.
+
+|===
+
+[id="io.k8s.api.core.v1.RBDPersistentVolumeSource"]
+== io.k8s.api.core.v1.RBDPersistentVolumeSource schema
+
+
+Description::
++
+--
+Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+  - `image`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
+| `image`
+| `string`
+| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `keyring`
+| `string`
+| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `monitors`
+| `array (string)`
+| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `pool`
+| `string`
+| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `user`
+| `string`
+| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+|===
+
+[id="io.k8s.api.core.v1.RBDVolumeSource"]
+== io.k8s.api.core.v1.RBDVolumeSource schema
+
+
+Description::
++
+--
+Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `monitors`
+  - `image`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
+| `image`
+| `string`
+| image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `keyring`
+| `string`
+| keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `monitors`
+| `array (string)`
+| monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `pool`
+| `string`
+| pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `readOnly`
+| `boolean`
+| readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+| `user`
+| `string`
+| user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+|===
+
+[id="io.k8s.api.core.v1.ReplicationControllerList"]
+== io.k8s.api.core.v1.ReplicationControllerList schema
+
+
+Description::
++
+--
+ReplicationControllerList is a collection of replication controllers.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/replicationcontroller-v1.adoc#replicationcontroller-v1[`array (ReplicationController)`]
+| List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.ResourceClaim"]
+== io.k8s.api.core.v1.ResourceClaim schema
+
+
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+
+[id="io.k8s.api.core.v1.ResourceFieldSelector"]
+== io.k8s.api.core.v1.ResourceFieldSelector schema
+
+
+Description::
++
+--
+ResourceFieldSelector represents container resources (cpu, memory) and their output format
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerName`
+| `string`
+| Container name: required for volumes, optional for env vars
+
+| `divisor`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| Specifies the output format of the exposed resources, defaults to "1"
+
+| `resource`
+| `string`
+| Required: resource to select
+
+|===
+
+[id="io.k8s.api.core.v1.ResourceQuotaList"]
+== io.k8s.api.core.v1.ResourceQuotaList schema
+
+
+Description::
++
+--
+ResourceQuotaList is a list of ResourceQuota items.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/resourcequota-v1.adoc#resourcequota-v1[`array (ResourceQuota)`]
+| Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.ResourceRequirements"]
+== io.k8s.api.core.v1.ResourceRequirements schema
+
+
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceClaim[`array (ResourceClaim)`]
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+
+[id="io.k8s.api.core.v1.ScaleIOPersistentVolumeSource"]
+== io.k8s.api.core.v1.ScaleIOPersistentVolumeSource schema
+
+
+Description::
++
+--
+ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
+--
+
+Type::
+  `object`
+
+Required::
+  - `gateway`
+  - `system`
+  - `secretRef`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"
+
+| `gateway`
+| `string`
+| gateway is the host address of the ScaleIO API Gateway.
+
+| `protectionDomain`
+| `string`
+| protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretReference[`SecretReference`]
+| secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+
+| `sslEnabled`
+| `boolean`
+| sslEnabled is the flag to enable/disable SSL communication with Gateway, default false
+
+| `storageMode`
+| `string`
+| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+| `storagePool`
+| `string`
+| storagePool is the ScaleIO Storage Pool associated with the protection domain.
+
+| `system`
+| `string`
+| system is the name of the storage system as configured in ScaleIO.
+
+| `volumeName`
+| `string`
+| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+
+|===
+
+[id="io.k8s.api.core.v1.ScaleIOVolumeSource"]
+== io.k8s.api.core.v1.ScaleIOVolumeSource schema
+
+
+Description::
++
+--
+ScaleIOVolumeSource represents a persistent ScaleIO volume
+--
+
+Type::
+  `object`
+
+Required::
+  - `gateway`
+  - `system`
+  - `secretRef`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+| `gateway`
+| `string`
+| gateway is the host address of the ScaleIO API Gateway.
+
+| `protectionDomain`
+| `string`
+| protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+
+| `readOnly`
+| `boolean`
+| readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
+
+| `sslEnabled`
+| `boolean`
+| sslEnabled Flag enable/disable SSL communication with Gateway, default false
+
+| `storageMode`
+| `string`
+| storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+| `storagePool`
+| `string`
+| storagePool is the ScaleIO Storage Pool associated with the protection domain.
+
+| `system`
+| `string`
+| system is the name of the storage system as configured in ScaleIO.
+
+| `volumeName`
+| `string`
+| volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
+
+|===
+
+[id="io.k8s.api.core.v1.SeccompProfile"]
+== io.k8s.api.core.v1.SeccompProfile schema
+
+
+Description::
++
+--
+SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `localhostProfile`
+| `string`
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+| `type`
+| `string`
+| type indicates which kind of seccomp profile will be applied. Valid options are:
+
+Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+Possible enum values:
+ - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp.
+ - `"RuntimeDefault"` represents the default container runtime seccomp profile.
+ - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined).
+
+|===
+
+[id="io.k8s.api.core.v1.SecretEnvSource"]
+== io.k8s.api.core.v1.SecretEnvSource schema
+
+
+Description::
++
+--
+SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.SecretKeySelector"]
+== io.k8s.api.core.v1.SecretKeySelector schema
+
+
+Description::
++
+--
+SecretKeySelector selects a key of a Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.SecretList"]
+== io.k8s.api.core.v1.SecretList schema
+
+
+Description::
++
+--
+SecretList is a list of Secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/secret-v1.adoc#secret-v1[`array (Secret)`]
+| Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.SecretProjection"]
+== io.k8s.api.core.v1.SecretProjection schema
+
+
+Description::
++
+--
+Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath[`array (KeyToPath)`]
+| items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its key must be defined
+
+|===
+
+[id="io.k8s.api.core.v1.SecretReference"]
+== io.k8s.api.core.v1.SecretReference schema
+
+
+Description::
++
+--
+SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is unique within a namespace to reference a secret resource.
+
+| `namespace`
+| `string`
+| namespace defines the space within which the secret name must be unique.
+
+|===
+
+[id="io.k8s.api.core.v1.SecretVolumeSource"]
+== io.k8s.api.core.v1.SecretVolumeSource schema
+
+
+Description::
++
+--
+Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `defaultMode`
+| `integer`
+| defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.KeyToPath[`array (KeyToPath)`]
+| items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
+| `optional`
+| `boolean`
+| optional field specify whether the Secret or its keys must be defined
+
+| `secretName`
+| `string`
+| secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+
+|===
+
+[id="io.k8s.api.core.v1.SecurityContext"]
+== io.k8s.api.core.v1.SecurityContext schema
+
+
+Description::
++
+--
+SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowPrivilegeEscalation`
+| `boolean`
+| AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
+
+| `capabilities`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.Capabilities[`Capabilities`]
+| The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
+
+| `privileged`
+| `boolean`
+| Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
+
+| `procMount`
+| `string`
+| procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
+
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
+| `readOnlyRootFilesystem`
+| `boolean`
+| Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsGroup`
+| `integer`
+| The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `runAsNonRoot`
+| `boolean`
+| Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+| `runAsUser`
+| `integer`
+| The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seLinuxOptions`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SELinuxOptions[`SELinuxOptions`]
+| The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container.  May also be set in PodSecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
+
+| `seccompProfile`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SeccompProfile[`SeccompProfile`]
+| The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
+
+| `windowsOptions`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.WindowsSecurityContextOptions[`WindowsSecurityContextOptions`]
+| The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
+
+|===
+
+[id="io.k8s.api.core.v1.SELinuxOptions"]
+== io.k8s.api.core.v1.SELinuxOptions schema
+
+
+Description::
++
+--
+SELinuxOptions are the labels to be applied to the container
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `level`
+| `string`
+| Level is SELinux level label that applies to the container.
+
+| `role`
+| `string`
+| Role is a SELinux role label that applies to the container.
+
+| `type`
+| `string`
+| Type is a SELinux type label that applies to the container.
+
+| `user`
+| `string`
+| User is a SELinux user label that applies to the container.
+
+|===
+
+[id="io.k8s.api.core.v1.ServiceAccountList"]
+== io.k8s.api.core.v1.ServiceAccountList schema
+
+
+Description::
++
+--
+ServiceAccountList is a list of ServiceAccount objects
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/serviceaccount-v1.adoc#serviceaccount-v1[`array (ServiceAccount)`]
+| List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.ServiceAccountTokenProjection"]
+== io.k8s.api.core.v1.ServiceAccountTokenProjection schema
+
+
+Description::
++
+--
+ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
+--
+
+Type::
+  `object`
+
+Required::
+  - `path`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audience`
+| `string`
+| audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+
+| `expirationSeconds`
+| `integer`
+| expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+
+| `path`
+| `string`
+| path is the path relative to the mount point of the file to project the token into.
+
+|===
+
+[id="io.k8s.api.core.v1.ServiceList"]
+== io.k8s.api.core.v1.ServiceList schema
+
+
+Description::
++
+--
+ServiceList holds a list of services.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../core_apis/service-v1.adoc#service-v1[`array (Service)`]
+| List of services
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.api.core.v1.StorageOSPersistentVolumeSource"]
+== io.k8s.api.core.v1.StorageOSPersistentVolumeSource schema
+
+
+Description::
++
+--
+Represents a StorageOS persistent volume resource.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
+| secretRef specifies the secret to use for obtaining the StorageOS API credentials.  If not specified, default values will be attempted.
+
+| `volumeName`
+| `string`
+| volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
+
+| `volumeNamespace`
+| `string`
+| volumeNamespace specifies the scope of the volume within StorageOS.  If no namespace is specified then the Pod's namespace will be used.  This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+|===
+
+[id="io.k8s.api.core.v1.StorageOSVolumeSource"]
+== io.k8s.api.core.v1.StorageOSVolumeSource schema
+
+
+Description::
++
+--
+Represents a StorageOS persistent volume resource.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `readOnly`
+| `boolean`
+| readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+| `secretRef`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.LocalObjectReference[`LocalObjectReference`]
+| secretRef specifies the secret to use for obtaining the StorageOS API credentials.  If not specified, default values will be attempted.
+
+| `volumeName`
+| `string`
+| volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
+
+| `volumeNamespace`
+| `string`
+| volumeNamespace specifies the scope of the volume within StorageOS.  If no namespace is specified then the Pod's namespace will be used.  This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+|===
+
+[id="io.k8s.api.core.v1.Sysctl"]
+== io.k8s.api.core.v1.Sysctl schema
+
+
+Description::
++
+--
+Sysctl defines a kernel parameter to be set
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `value`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of a property to set
+
+| `value`
+| `string`
+| Value of a property to set
+
+|===
+
+[id="io.k8s.api.core.v1.TCPSocketAction"]
+== io.k8s.api.core.v1.TCPSocketAction schema
+
+
+Description::
++
+--
+TCPSocketAction describes an action based on opening a socket
+--
+
+Type::
+  `object`
+
+Required::
+  - `port`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Optional: Host name to connect to, defaults to the pod IP.
+
+| `port`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
+
+|===
+
+[id="io.k8s.api.core.v1.Toleration"]
+== io.k8s.api.core.v1.Toleration schema
+
+
+Description::
++
+--
+The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `effect`
+| `string`
+| Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+
+Possible enum values:
+ - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.
+ - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.
+ - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.
+
+| `key`
+| `string`
+| Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+
+| `operator`
+| `string`
+| Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+
+Possible enum values:
+ - `"Equal"`
+ - `"Exists"`
+
+| `tolerationSeconds`
+| `integer`
+| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
+| `value`
+| `string`
+| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+|===
+
+[id="io.k8s.api.core.v1.TopologySelectorLabelRequirement"]
+== io.k8s.api.core.v1.TopologySelectorLabelRequirement schema
+
+
+Description::
++
+--
+A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `values`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `values`
+| `array (string)`
+| An array of string values. One value must match the label to be selected. Each entry in Values is ORed.
+
+|===
+
+[id="io.k8s.api.core.v1.TopologySelectorTerm"]
+== io.k8s.api.core.v1.TopologySelectorTerm schema
+
+
+Description::
++
+--
+A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchLabelExpressions`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TopologySelectorLabelRequirement[`array (TopologySelectorLabelRequirement)`]
+| A list of topology selector requirements by labels.
+
+|===
+
+[id="io.k8s.api.core.v1.TopologySpreadConstraint"]
+== io.k8s.api.core.v1.TopologySpreadConstraint schema
+
+
+Description::
++
+--
+TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+--
+
+Type::
+  `object`
+
+Required::
+  - `maxSkew`
+  - `topologyKey`
+  - `whenUnsatisfiable`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+
+| `matchLabelKeys`
+| `array (string)`
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `maxSkew`
+| `integer`
+| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|   P   \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
+| `minDomains`
+| `integer`
+| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|  P P  \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
+
+This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `nodeAffinityPolicy`
+| `string`
+| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `nodeTaintsPolicy`
+| `string`
+| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
+
+If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
+| `topologyKey`
+| `string`
+| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+
+| `whenUnsatisfiable`
+| `string`
+| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+  but giving higher precedence to topologies that would help reduce the
+  skew.
+A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \|   P   \|   P   \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+
+Possible enum values:
+ - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied.
+ - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied.
+
+|===
+
+[id="io.k8s.api.core.v1.TypedLocalObjectReference"]
+== io.k8s.api.core.v1.TypedLocalObjectReference schema
+
+
+Description::
++
+--
+TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+
+[id="io.k8s.api.core.v1.TypedObjectReference"]
+== io.k8s.api.core.v1.TypedObjectReference schema
+
+
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
+|===
+
+[id="io.k8s.api.core.v1.Volume"]
+== io.k8s.api.core.v1.Volume schema
+
+
+Description::
++
+--
+Volume represents a named volume in a pod that may be accessed by any container in the pod.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `awsElasticBlockStore`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource[`AWSElasticBlockStoreVolumeSource`]
+| awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
+| `azureDisk`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.AzureDiskVolumeSource[`AzureDiskVolumeSource`]
+| azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+
+| `azureFile`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.AzureFileVolumeSource[`AzureFileVolumeSource`]
+| azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+
+| `cephfs`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.CephFSVolumeSource[`CephFSVolumeSource`]
+| cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+
+| `cinder`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.CinderVolumeSource[`CinderVolumeSource`]
+| cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+| `configMap`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapVolumeSource[`ConfigMapVolumeSource`]
+| configMap represents a configMap that should populate this volume
+
+| `csi`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.CSIVolumeSource[`CSIVolumeSource`]
+| csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+
+| `downwardAPI`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.DownwardAPIVolumeSource[`DownwardAPIVolumeSource`]
+| downwardAPI represents downward API about the pod that should populate this volume
+
+| `emptyDir`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EmptyDirVolumeSource[`EmptyDirVolumeSource`]
+| emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+
+| `ephemeral`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.EphemeralVolumeSource[`EphemeralVolumeSource`]
+| ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.
+
+Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity
+   tracking are needed,
+c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through
+   a PersistentVolumeClaim (see EphemeralVolumeSource for more
+   information on the connection between this volume type
+   and PersistentVolumeClaim).
+
+Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.
+
+Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.
+
+A pod can use both types of ephemeral volumes and persistent volumes at the same time.
+
+| `fc`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.FCVolumeSource[`FCVolumeSource`]
+| fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+
+| `flexVolume`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.FlexVolumeSource[`FlexVolumeSource`]
+| flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
+
+| `flocker`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.FlockerVolumeSource[`FlockerVolumeSource`]
+| flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+
+| `gcePersistentDisk`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.GCEPersistentDiskVolumeSource[`GCEPersistentDiskVolumeSource`]
+| gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+| `gitRepo`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.GitRepoVolumeSource[`GitRepoVolumeSource`]
+| gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
+
+| `glusterfs`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.GlusterfsVolumeSource[`GlusterfsVolumeSource`]
+| glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md
+
+| `hostPath`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.HostPathVolumeSource[`HostPathVolumeSource`]
+| hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+| `iscsi`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ISCSIVolumeSource[`ISCSIVolumeSource`]
+| iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+
+| `name`
+| `string`
+| name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `nfs`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NFSVolumeSource[`NFSVolumeSource`]
+| nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+| `persistentVolumeClaim`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource[`PersistentVolumeClaimVolumeSource`]
+| persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
+| `photonPersistentDisk`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource[`PhotonPersistentDiskVolumeSource`]
+| photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+
+| `portworxVolume`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PortworxVolumeSource[`PortworxVolumeSource`]
+| portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+
+| `projected`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ProjectedVolumeSource[`ProjectedVolumeSource`]
+| projected items for all in one resources secrets, configmaps, and downward API
+
+| `quobyte`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.QuobyteVolumeSource[`QuobyteVolumeSource`]
+| quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+
+| `rbd`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.RBDVolumeSource[`RBDVolumeSource`]
+| rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md
+
+| `scaleIO`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ScaleIOVolumeSource[`ScaleIOVolumeSource`]
+| scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+
+| `secret`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretVolumeSource[`SecretVolumeSource`]
+| secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+
+| `storageos`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.StorageOSVolumeSource[`StorageOSVolumeSource`]
+| storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+
+| `vsphereVolume`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource[`VsphereVirtualDiskVolumeSource`]
+| vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+
+|===
+
+[id="io.k8s.api.core.v1.VolumeDevice"]
+== io.k8s.api.core.v1.VolumeDevice schema
+
+
+Description::
++
+--
+volumeDevice describes a mapping of a raw block device within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `devicePath`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `devicePath`
+| `string`
+| devicePath is the path inside of the container that the device will be mapped to.
+
+| `name`
+| `string`
+| name must match the name of a persistentVolumeClaim in the pod
+
+|===
+
+[id="io.k8s.api.core.v1.VolumeMount"]
+== io.k8s.api.core.v1.VolumeMount schema
+
+
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `mountPath`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+|===
+
+[id="io.k8s.api.core.v1.VolumeNodeAffinity"]
+== io.k8s.api.core.v1.VolumeNodeAffinity schema
+
+
+Description::
++
+--
+VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `required`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.NodeSelector[`NodeSelector`]
+| required specifies hard node constraints that must be met.
+
+|===
+
+[id="io.k8s.api.core.v1.VolumeProjection"]
+== io.k8s.api.core.v1.VolumeProjection schema
+
+
+Description::
++
+--
+Projection that may be projected along with other supported volume types
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ConfigMapProjection[`ConfigMapProjection`]
+| configMap information about the configMap data to project
+
+| `downwardAPI`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.DownwardAPIProjection[`DownwardAPIProjection`]
+| downwardAPI information about the downwardAPI data to project
+
+| `secret`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.SecretProjection[`SecretProjection`]
+| secret information about the secret data to project
+
+| `serviceAccountToken`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ServiceAccountTokenProjection[`ServiceAccountTokenProjection`]
+| serviceAccountToken is information about the serviceAccountToken data to project
+
+|===
+
+[id="io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource"]
+== io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource schema
+
+
+Description::
++
+--
+Represents a vSphere volume resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumePath`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `fsType`
+| `string`
+| fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+| `storagePolicyID`
+| `string`
+| storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+
+| `storagePolicyName`
+| `string`
+| storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+
+| `volumePath`
+| `string`
+| volumePath is the path that identifies vSphere volume vmdk
+
+|===
+
+[id="io.k8s.api.core.v1.WeightedPodAffinityTerm"]
+== io.k8s.api.core.v1.WeightedPodAffinityTerm schema
+
+
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `weight`
+  - `podAffinityTerm`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PodAffinityTerm[`PodAffinityTerm`]
+| Required. A pod affinity term, associated with the corresponding weight.
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+
+[id="io.k8s.api.core.v1.WindowsSecurityContextOptions"]
+== io.k8s.api.core.v1.WindowsSecurityContextOptions schema
+
+
+Description::
++
+--
+WindowsSecurityContextOptions contain Windows-specific options and credentials.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `gmsaCredentialSpec`
+| `string`
+| GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+| `gmsaCredentialSpecName`
+| `string`
+| GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+| `hostProcess`
+| `boolean`
+| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+| `runAsUserName`
+| `string`
+| The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+|===
+
+[id="io.k8s.api.discovery.v1.EndpointSliceList"]
+== io.k8s.api.discovery.v1.EndpointSliceList schema
+
+
+Description::
++
+--
+EndpointSliceList represents a list of endpoint slices
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../discovery_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`array (EndpointSlice)`]
+| items is the list of endpoint slices
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata.
+
+|===
+
+[id="io.k8s.api.events.v1.EventList"]
+== io.k8s.api.events.v1.EventList schema
+
+
+Description::
++
+--
+EventList is a list of Event objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../events_apis/event-events-k8s-io-v1.adoc#event-events-k8s-io-v1[`array (Event)`]
+| items is a list of schema objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.flowcontrol.v1beta3.FlowSchemaList"]
+== io.k8s.api.flowcontrol.v1beta3.FlowSchemaList schema
+
+
+Description::
++
+--
+FlowSchemaList is a list of FlowSchema objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../flow_control_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`array (FlowSchema)`]
+| `items` is a list of FlowSchemas.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| `metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationList"]
+== io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationList schema
+
+
+Description::
++
+--
+PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../flow_control_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`array (PriorityLevelConfiguration)`]
+| `items` is a list of request-priorities.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.networking.v1.IngressClassList"]
+== io.k8s.api.networking.v1.IngressClassList schema
+
+
+Description::
++
+--
+IngressClassList is a collection of IngressClasses.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../networking_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`array (IngressClass)`]
+| items is the list of IngressClasses.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata.
+
+|===
+
+[id="io.k8s.api.networking.v1.IngressList"]
+== io.k8s.api.networking.v1.IngressList schema
+
+
+Description::
++
+--
+IngressList is a collection of Ingress.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../networking_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`array (Ingress)`]
+| items is the list of Ingress.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.networking.v1.NetworkPolicyList"]
+== io.k8s.api.networking.v1.NetworkPolicyList schema
+
+
+Description::
++
+--
+NetworkPolicyList is a list of NetworkPolicy objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../networking_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`array (NetworkPolicy)`]
+| items is a list of schema objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.node.v1.RuntimeClassList"]
+== io.k8s.api.node.v1.RuntimeClassList schema
+
+
+Description::
++
+--
+RuntimeClassList is a list of RuntimeClass objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`array (RuntimeClass)`]
+| items is a list of schema objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.policy.v1.PodDisruptionBudgetList"]
+== io.k8s.api.policy.v1.PodDisruptionBudgetList schema
+
+
+Description::
++
+--
+PodDisruptionBudgetList is a collection of PodDisruptionBudgets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`array (PodDisruptionBudget)`]
+| Items is a list of PodDisruptionBudgets
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.rbac.v1.ClusterRoleBindingList"]
+== io.k8s.api.rbac.v1.ClusterRoleBindingList schema
+
+
+Description::
++
+--
+ClusterRoleBindingList is a collection of ClusterRoleBindings
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`array (ClusterRoleBinding)`]
+| Items is a list of ClusterRoleBindings
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata.
+
+|===
+
+[id="io.k8s.api.rbac.v1.ClusterRoleList"]
+== io.k8s.api.rbac.v1.ClusterRoleList schema
+
+
+Description::
++
+--
+ClusterRoleList is a collection of ClusterRoles
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`array (ClusterRole)`]
+| Items is a list of ClusterRoles
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata.
+
+|===
+
+[id="io.k8s.api.rbac.v1.RoleBindingList"]
+== io.k8s.api.rbac.v1.RoleBindingList schema
+
+
+Description::
++
+--
+RoleBindingList is a collection of RoleBindings
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`array (RoleBinding)`]
+| Items is a list of RoleBindings
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata.
+
+|===
+
+[id="io.k8s.api.rbac.v1.RoleList"]
+== io.k8s.api.rbac.v1.RoleList schema
+
+
+Description::
++
+--
+RoleList is a collection of Roles
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`array (Role)`]
+| Items is a list of Roles
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata.
+
+|===
+
+[id="io.k8s.api.scheduling.v1.PriorityClassList"]
+== io.k8s.api.scheduling.v1.PriorityClassList schema
+
+
+Description::
++
+--
+PriorityClassList is a collection of priority classes.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`array (PriorityClass)`]
+| items is the list of PriorityClasses
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.storage.v1.CSIDriverList"]
+== io.k8s.api.storage.v1.CSIDriverList schema
+
+
+Description::
++
+--
+CSIDriverList is a collection of CSIDriver objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`array (CSIDriver)`]
+| items is the list of CSIDriver
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.storage.v1.CSINodeList"]
+== io.k8s.api.storage.v1.CSINodeList schema
+
+
+Description::
++
+--
+CSINodeList is a collection of CSINode objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`array (CSINode)`]
+| items is the list of CSINode
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.storage.v1.CSIStorageCapacityList"]
+== io.k8s.api.storage.v1.CSIStorageCapacityList schema
+
+
+Description::
++
+--
+CSIStorageCapacityList is a collection of CSIStorageCapacity objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`array (CSIStorageCapacity)`]
+| items is the list of CSIStorageCapacity objects.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.storage.v1.StorageClassList"]
+== io.k8s.api.storage.v1.StorageClassList schema
+
+
+Description::
++
+--
+StorageClassList is a collection of storage classes.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`array (StorageClass)`]
+| items is the list of StorageClasses
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.storage.v1.VolumeAttachmentList"]
+== io.k8s.api.storage.v1.VolumeAttachmentList schema
+
+
+Description::
++
+--
+VolumeAttachmentList is a collection of VolumeAttachment objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`array (VolumeAttachment)`]
+| items is the list of VolumeAttachments
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionList"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionList schema
+
+
+Description::
++
+--
+CustomResourceDefinitionList is a list of CustomResourceDefinition objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../api_extensions_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc#customresourcedefinition-apiextensions-k8s-io-v1[`array (CustomResourceDefinition)`]
+| items list individual CustomResourceDefinition objects
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation schema
+
+
+Description::
++
+--
+ExternalDocumentation allows referencing an external resource for extended documentation.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `description`
+| `string`
+|
+
+| `url`
+| `string`
+|
+
+|===
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON schema
+
+
+Description::
++
+--
+JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
+--
+
+Type::
+  ``
+
+
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps schema
+
+
+Description::
++
+--
+JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/).
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `$ref`
+| `string`
+|
+
+| `$schema`
+| `string`
+|
+
+| `additionalItems`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool[`JSONSchemaPropsOrBool`]
+|
+
+| `additionalProperties`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool[`JSONSchemaPropsOrBool`]
+|
+
+| `allOf`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`]
+|
+
+| `anyOf`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`]
+|
+
+| `default`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`JSON`]
+| default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false.
+
+| `definitions`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`]
+|
+
+| `dependencies`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray[`object (undefined)`]
+|
+
+| `description`
+| `string`
+|
+
+| `enum`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`array (JSON)`]
+|
+
+| `example`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`JSON`]
+|
+
+| `exclusiveMaximum`
+| `boolean`
+|
+
+| `exclusiveMinimum`
+| `boolean`
+|
+
+| `externalDocs`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation[`ExternalDocumentation`]
+|
+
+| `format`
+| `string`
+| format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:
+
+- bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an URI as parsed by Golang net/url.ParseRequestURI - email: an email address as parsed by Golang net/mail.ParseAddress - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" - isbn10: an ISBN10 number string like "0321751043" - isbn13: an ISBN13 number string like "978-0321751041" - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?\|5[1-5][0-9]{14}\|6(?:011\|5[0-9][0-9])[0-9]{12}\|3[47][0-9]{13}\|3(?:0[0-5]\|[68][0-9])[0-9]{11}\|(?:2131\|1800\|35\d{3})\d{11})$ with any non digit characters mixed in - ssn: a U.S. social security number following the regex ^\d{3}[- ]?\d{2}[- ]?\d{4}$ - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}\|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" - byte: base64 encoded binary data - password: any kind of string - date: a date string like "2006-01-02" as defined by full-date in RFC3339 - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
+
+| `id`
+| `string`
+|
+
+| `items`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray[`JSONSchemaPropsOrArray`]
+|
+
+| `maxItems`
+| `integer`
+|
+
+| `maxLength`
+| `integer`
+|
+
+| `maxProperties`
+| `integer`
+|
+
+| `maximum`
+| `number`
+|
+
+| `minItems`
+| `integer`
+|
+
+| `minLength`
+| `integer`
+|
+
+| `minProperties`
+| `integer`
+|
+
+| `minimum`
+| `number`
+|
+
+| `multipleOf`
+| `number`
+|
+
+| `not`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`JSONSchemaProps`]
+|
+
+| `nullable`
+| `boolean`
+|
+
+| `oneOf`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`]
+|
+
+| `pattern`
+| `string`
+|
+
+| `patternProperties`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`]
+|
+
+| `properties`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`]
+|
+
+| `required`
+| `array (string)`
+|
+
+| `title`
+| `string`
+|
+
+| `type`
+| `string`
+|
+
+| `uniqueItems`
+| `boolean`
+|
+
+| `x-kubernetes-embedded-resource`
+| `boolean`
+| x-kubernetes-embedded-resource defines that the value is an embedded Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be object. It is allowed to further restrict the embedded object. kind, apiVersion and metadata are validated automatically. x-kubernetes-preserve-unknown-fields is allowed to be true, but does not have to be if the object is fully specified (up to kind, apiVersion, metadata).
+
+| `x-kubernetes-int-or-string`
+| `boolean`
+| x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns:
+
+1) anyOf:
+   - type: integer
+   - type: string
+2) allOf:
+   - anyOf:
+     - type: integer
+     - type: string
+   - ... zero or more
+
+| `x-kubernetes-list-map-keys`
+| `array (string)`
+| x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used as the index of the map.
+
+This tag MUST only be used on lists that have the "x-kubernetes-list-type" extension set to "map". Also, the values specified for this attribute must be a scalar typed field of the child structure (no nesting is supported).
+
+The properties specified must either be required or have a default value, to ensure those properties are present for all list items.
+
+| `x-kubernetes-list-type`
+| `string`
+| x-kubernetes-list-type annotates an array to further describe its topology. This extension must only be used on lists and may have 3 possible values:
+
+1) `atomic`: the list is treated as a single entity, like a scalar.
+     Atomic lists will be entirely replaced when updated. This extension
+     may be used on any type of list (struct, scalar, ...).
+2) `set`:
+     Sets are lists that must not have multiple items with the same value. Each
+     value must be a scalar, an object with x-kubernetes-map-type `atomic` or an
+     array with x-kubernetes-list-type `atomic`.
+3) `map`:
+     These lists are like maps in that their elements have a non-index key
+     used to identify them. Order is preserved upon merge. The map tag
+     must only be used on a list with elements of type object.
+Defaults to atomic for arrays.
+
+| `x-kubernetes-map-type`
+| `string`
+| x-kubernetes-map-type annotates an object to further describe its topology. This extension must only be used when type is object and may have 2 possible values:
+
+1) `granular`:
+     These maps are actual maps (key-value pairs) and each fields are independent
+     from each other (they can each be manipulated by separate actors). This is
+     the default behaviour for all maps.
+2) `atomic`: the list is treated as a single entity, like a scalar.
+     Atomic maps will be entirely replaced when updated.
+
+| `x-kubernetes-preserve-unknown-fields`
+| `boolean`
+| x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden.
+
+| `x-kubernetes-validations`
+| xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule[`array (ValidationRule)`]
+| x-kubernetes-validations describes a list of validation rules written in the CEL expression language. This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled.
+
+|===
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray schema
+
+
+Description::
++
+--
+JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes.
+--
+
+Type::
+  ``
+
+
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool schema
+
+
+Description::
++
+--
+JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. Defaults to true for the boolean property.
+--
+
+Type::
+  ``
+
+
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray schema
+
+
+Description::
++
+--
+JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array.
+--
+
+Type::
+  ``
+
+
+
+[id="io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule"]
+== io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ValidationRule schema
+
+
+Description::
++
+--
+ValidationRule describes a validation rule written in the CEL expression language.
+--
+
+Type::
+  `object`
+
+Required::
+  - `rule`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message represents the message displayed when validation fails. The message is required if the Rule contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host"
+
+| `messageExpression`
+| `string`
+| MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a rule, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the rule; the only difference is the return type. Example: "x must be less than max ("+string(self.max)+")"
+
+| `rule`
+| `string`
+| Rule represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. The `self` variable in the CEL expression is bound to the scoped value. Example: - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"}
+
+If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as absent fields in CEL expressions. If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map are accessible via CEL macros and functions such as `self.all(...)`. If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and functions. If the Rule is scoped to a scalar, `self` is bound to the scalar value. Examples: - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"} - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"} - Rule scoped to a string value: {"rule": "self.startsWith('kube')"}
+
+The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible.
+
+Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL expressions. This includes: - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as:
+  - A schema with no type and x-kubernetes-preserve-unknown-fields set to true
+  - An array where the items schema is of an "unknown type"
+  - An object where the additionalProperties schema is of an "unknown type"
+
+Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to 'pass:[__underscores__]' - '.' escapes to 'pass:[__dot__]' - '-' escapes to 'pass:[__dash__]' - '/' escapes to 'pass:[__slash__]' - Property names that exactly match a CEL RESERVED keyword escape to 'pass:[__{keyword}__]'. The keywords are:
+	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
+	  "import", "let", "loop", "package", "namespace", "return".
+Examples:
+  - Rule accessing a property named "namespace": {"rule": "self.pass:[__namespace__] > 0"}
+  - Rule accessing a property named "x-prop": {"rule": "self.xpass:[__dash__]prop > 0"}
+  - Rule accessing a property named "redact__d": {"rule": "self.redactpass:[__underscores__]d > 0"}
+
+Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
+  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
+    non-intersecting elements in `Y` are appended, retaining their partial order.
+  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
+    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
+    non-intersecting keys are appended, retaining their partial order.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.api.resource.Quantity"]
+== io.k8s.apimachinery.pkg.api.resource.Quantity schema
+
+
+Description::
++
+--
+Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
+
+The serialization format is:
+
+<quantity>        ::= <signedNumber><suffix>
+
+	(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
+
+<digit>           ::= 0 | 1 | ... | 9 <digits>          ::= <digit> | <digit><digits> <number>          ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign>            ::= "+" | "-" <signedNumber>    ::= <number> | <sign><number> <suffix>          ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI>        ::= Ki | Mi | Gi | Ti | Pi | Ei
+
+	(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
+
+<decimalSI>       ::= m | "" | k | M | G | T | P | E
+
+	(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
+
+<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber>
+
+No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
+
+When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
+
+Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
+
+- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
+
+The sign will be omitted unless the number is negative.
+
+Examples:
+
+- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
+
+Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
+
+Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
+
+This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.
+--
+
+Type::
+  `string`
+
+
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.Condition"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.Condition schema
+
+
+Description::
++
+--
+Condition contains details for one aspect of the current state of this API Resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `status`
+  - `lastTransitionTime`
+  - `reason`
+  - `message`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+
+| `message`
+| `string`
+| message is a human readable message indicating details about the transition. This may be an empty string.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+
+| `reason`
+| `string`
+| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+
+| `status`
+| `string`
+| status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| type of condition in CamelCase or in foo.example.com/CamelCase.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions schema
+
+
+Description::
++
+--
+DeleteOptions may be provided when deleting an API object.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `dryRun`
+| `array (string)`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
+| `preconditions`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions[`Preconditions`]
+| Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.
+
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 schema
+
+
+Description::
++
+--
+FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
+
+Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:<name>', where <name> is the name of a field in a struct, or key in a map 'v:<value>', where <value> is the exact json formatted value of a list item 'i:<index>', where <index> is position of a item in a list 'k:<keys>', where <keys> is a map of  a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.
+
+The exact format is defined in sigs.k8s.io/structured-merge-diff
+--
+
+Type::
+  `object`
+
+
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector schema
+
+
+Description::
++
+--
+A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement schema
+
+
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta schema
+
+
+Description::
++
+--
+ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `continue`
+| `string`
+| continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
+
+| `remainingItemCount`
+| `integer`
+| remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
+
+| `resourceVersion`
+| `string`
+| String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `selfLink`
+| `string`
+| Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry schema
+
+
+Description::
++
+--
+ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.
+
+| `fieldsType`
+| `string`
+| FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"
+
+| `fieldsV1`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1[`FieldsV1`]
+| FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
+
+| `manager`
+| `string`
+| Manager is an identifier of the workflow managing these fields.
+
+| `operation`
+| `string`
+| Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
+
+| `subresource`
+| `string`
+| Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.
+
+| `time`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime schema
+
+
+Description::
++
+--
+MicroTime is version of Time with microsecond level precision.
+--
+
+Type::
+  `string`
+
+
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta schema
+
+
+Description::
++
+--
+ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `annotations`
+| `object (string)`
+| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
+
+| `creationTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+
+Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `deletionGracePeriodSeconds`
+| `integer`
+| Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
+
+| `deletionTimestamp`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
+
+Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `finalizers`
+| `array (string)`
+| Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+
+| `generateName`
+| `string`
+| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
+
+If this field is specified and the generated name exists, the server will return a 409.
+
+Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+
+| `generation`
+| `integer`
+| A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+
+| `labels`
+| `object (string)`
+| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
+
+| `managedFields`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry[`array (ManagedFieldsEntry)`]
+| ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+
+| `name`
+| `string`
+| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+
+| `namespace`
+| `string`
+| Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
+
+Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
+
+| `ownerReferences`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference[`array (OwnerReference)`]
+| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+
+| `resourceVersion`
+| `string`
+| An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
+
+Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `selfLink`
+| `string`
+| Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
+
+| `uid`
+| `string`
+| UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
+
+Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference schema
+
+
+Description::
++
+--
+OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
+--
+
+Type::
+  `object`
+
+Required::
+  - `apiVersion`
+  - `kind`
+  - `name`
+  - `uid`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `blockOwnerDeletion`
+| `boolean`
+| If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
+
+| `controller`
+| `boolean`
+| If true, this reference points to the managing controller.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.Patch"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.Patch schema
+
+
+Description::
++
+--
+Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
+--
+
+Type::
+  `object`
+
+
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions schema
+
+
+Description::
++
+--
+Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceVersion`
+| `string`
+| Specifies the target ResourceVersion
+
+| `uid`
+| `string`
+| Specifies the target UID.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.Status"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.Status schema
+
+
+Description::
++
+--
+Status is a return value for calls that don't return other objects.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `code`
+| `integer`
+| Suggested HTTP return code for this status, 0 if not set.
+
+| `details`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails[`StatusDetails`]
+| Extended data associated with the reason.  Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `message`
+| `string`
+| A human-readable description of the status of this operation.
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `reason`
+| `string`
+| A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.
+
+| `status`
+| `string`
+| Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause schema
+
+
+Description::
++
+--
+StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `field`
+| `string`
+| The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed.  Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.
+
+Examples:
+  "name" - the field "name" on the current resource
+  "items[0].name" - the field "name" on the first array entry in "items"
+
+| `message`
+| `string`
+| A human-readable description of the cause of the error.  This field may be presented as-is to a reader.
+
+| `reason`
+| `string`
+| A machine-readable description of the cause of the error. If this value is empty there is no information available.
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails schema
+
+
+Description::
++
+--
+StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.
+--
+
+Type::
+  `object`
+
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `causes`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause[`array (StatusCause)`]
+| The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.
+
+| `group`
+| `string`
+| The group attribute of the resource associated with the status StatusReason.
+
+| `kind`
+| `string`
+| The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).
+
+| `retryAfterSeconds`
+| `integer`
+| If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.
+
+| `uid`
+| `string`
+| UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+
+|===
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.Time"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.Time schema
+
+
+Description::
++
+--
+Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON.  Wrappers are provided for many of the factory methods that the time package offers.
+--
+
+Type::
+  `string`
+
+
+
+[id="io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"]
+== io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent schema
+
+
+Description::
++
+--
+Event represents a single event to a watched resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+  - `object`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `object`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`RawExtension`]
+| Object is:
+ * If Type is Added or Modified: the new state of the object.
+ * If Type is Deleted: the state of the object immediately before deletion.
+ * If Type is Error: *Status is recommended; other types may make sense
+   depending on context.
+
+| `type`
+| `string`
+|
+
+|===
+
+[id="io.k8s.apimachinery.pkg.runtime.RawExtension"]
+== io.k8s.apimachinery.pkg.runtime.RawExtension schema
+
+
+Description::
++
+--
+RawExtension is used to hold extensions in external versions.
+
+To use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.
+
+// Internal package:
+
+	type MyAPIObject struct {
+		runtime.TypeMeta `json:",inline"`
+		MyPlugin runtime.Object `json:"myPlugin"`
+	}
+
+	type PluginA struct {
+		AOption string `json:"aOption"`
+	}
+
+// External package:
+
+	type MyAPIObject struct {
+		runtime.TypeMeta `json:",inline"`
+		MyPlugin runtime.RawExtension `json:"myPlugin"`
+	}
+
+	type PluginA struct {
+		AOption string `json:"aOption"`
+	}
+
+// On the wire, the JSON will look something like this:
+
+	{
+		"kind":"MyAPIObject",
+		"apiVersion":"v1",
+		"myPlugin": {
+			"kind":"PluginA",
+			"aOption":"foo",
+		},
+	}
+
+So what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)
+--
+
+Type::
+  `object`
+
+
+
+[id="io.k8s.apimachinery.pkg.util.intstr.IntOrString"]
+== io.k8s.apimachinery.pkg.util.intstr.IntOrString schema
+
+
+Description::
++
+--
+IntOrString is a type that can hold an int32 or a string.  When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type.  This allows you to have, for example, a JSON field that can accept a name or number.
+--
+
+Type::
+  `string`
+
+
+
+[id="io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceList"]
+== io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceList schema
+
+
+Description::
++
+--
+APIServiceList is a list of APIService objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../api_registration_apis/apiservice-apiregistration-k8s-io-v1.adoc#apiservice-apiregistration-k8s-io-v1[`array (APIService)`]
+| Items is the list of APIService
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.migration.v1alpha1.StorageVersionMigrationList"]
+== io.k8s.migration.v1alpha1.StorageVersionMigrationList schema
+
+
+Description::
++
+--
+StorageVersionMigrationList is a list of StorageVersionMigration
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`array (StorageVersionMigration)`]
+| List of storageversionmigrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.storage.snapshot.v1.VolumeSnapshotClassList"]
+== io.k8s.storage.snapshot.v1.VolumeSnapshotClassList schema
+
+
+Description::
++
+--
+VolumeSnapshotClassList is a list of VolumeSnapshotClass
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`array (VolumeSnapshotClass)`]
+| List of volumesnapshotclasses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.storage.snapshot.v1.VolumeSnapshotContentList"]
+== io.k8s.storage.snapshot.v1.VolumeSnapshotContentList schema
+
+
+Description::
++
+--
+VolumeSnapshotContentList is a list of VolumeSnapshotContent
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`array (VolumeSnapshotContent)`]
+| List of volumesnapshotcontents. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.k8s.storage.snapshot.v1.VolumeSnapshotList"]
+== io.k8s.storage.snapshot.v1.VolumeSnapshotList schema
+
+
+Description::
++
+--
+VolumeSnapshotList is a list of VolumeSnapshot
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`array (VolumeSnapshot)`]
+| List of volumesnapshots. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.openshift.internal.security.v1.RangeAllocationList"]
+== io.openshift.internal.security.v1.RangeAllocationList schema
+
+
+Description::
++
+--
+RangeAllocationList is a list of RangeAllocation
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`array (RangeAllocation)`]
+| List of rangeallocations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.openshift.route.v1.RouteList"]
+== io.openshift.route.v1.RouteList schema
+
+
+Description::
++
+--
+RouteList is a list of Route
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../network_apis/route-route-openshift-io-v1.adoc#route-route-openshift-io-v1[`array (Route)`]
+| List of routes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.openshift.security.v1.SecurityContextConstraintsList"]
+== io.openshift.security.v1.SecurityContextConstraintsList schema
+
+
+Description::
++
+--
+SecurityContextConstraintsList is a list of SecurityContextConstraints
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../security_apis/securitycontextconstraints-security-openshift-io-v1.adoc#securitycontextconstraints-security-openshift-io-v1[`array (SecurityContextConstraints)`]
+| List of securitycontextconstraints. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.topolvm.v1.LogicalVolumeList"]
+== io.topolvm.v1.LogicalVolumeList schema
+
+
+Description::
++
+--
+LogicalVolumeList is a list of LogicalVolume
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`array (LogicalVolume)`]
+| List of logicalvolumes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
diff --git a/microshift_rest_api/policy_apis/eviction-policy-v1.adoc b/microshift_rest_api/policy_apis/eviction-policy-v1.adoc
new file mode 100644
index 000000000000..1d9e08ed1349
--- /dev/null
+++ b/microshift_rest_api/policy_apis/eviction-policy-v1.adoc
@@ -0,0 +1,117 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="eviction-policy-v1"]
+= Eviction [policy/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod.  A request to cause such an eviction is created by POSTing to .../pods/<pod name>/evictions.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `deleteOptions`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`]
+| DeleteOptions may be provided
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| ObjectMeta describes the pod that is being evicted.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/api/v1/namespaces/{namespace}/pods/{name}/eviction`
+- `POST`: create eviction of a Pod
+
+
+=== /api/v1/namespaces/{namespace}/pods/{name}/eviction
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Eviction
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create eviction of a Pod
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../policy_apis/eviction-policy-v1.adoc#eviction-policy-v1[`Eviction`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/eviction-policy-v1.adoc#eviction-policy-v1[`Eviction`] schema
+| 201 - Created
+| xref:../policy_apis/eviction-policy-v1.adoc#eviction-policy-v1[`Eviction`] schema
+| 202 - Accepted
+| xref:../policy_apis/eviction-policy-v1.adoc#eviction-policy-v1[`Eviction`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc b/microshift_rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc
new file mode 100644
index 000000000000..24f0af5393bc
--- /dev/null
+++ b/microshift_rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc
@@ -0,0 +1,1056 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="poddisruptionbudget-policy-v1"]
+= PodDisruptionBudget [policy/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
+
+| `status`
+| `object`
+| PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
+
+|===
+=== .spec
+Description::
++
+--
+PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `maxUnavailable`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+
+| `minAvailable`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
+| An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
+
+| `selector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| Label query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace.
+
+| `unhealthyPodEvictionPolicy`
+| `string`
+| UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
+
+Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
+
+IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
+
+AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
+
+Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
+
+This field is beta-level. The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default).
+
+Possible enum values:
+ - `"AlwaysAllow"` policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
+ - `"IfHealthyBudget"` policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
+
+|===
+=== .status
+Description::
++
+--
+PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
+--
+
+Type::
+  `object`
+
+Required::
+  - `disruptionsAllowed`
+  - `currentHealthy`
+  - `desiredHealthy`
+  - `expectedPods`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Condition[`array (Condition)`]
+| Conditions contain conditions for PDB. The disruption controller sets the DisruptionAllowed condition. The following are known values for the reason field (additional reasons could be added in the future): - SyncFailed: The controller encountered an error and wasn't able to compute
+              the number of allowed disruptions. Therefore no disruptions are
+              allowed and the status of the condition will be False.
+- InsufficientPods: The number of pods are either at or below the number
+                    required by the PodDisruptionBudget. No disruptions are
+                    allowed and the status of the condition will be False.
+- SufficientPods: There are more pods than required by the PodDisruptionBudget.
+                  The condition will be True, and the number of allowed
+                  disruptions are provided by the disruptionsAllowed property.
+
+| `currentHealthy`
+| `integer`
+| current number of healthy pods
+
+| `desiredHealthy`
+| `integer`
+| minimum desired number of healthy pods
+
+| `disruptedPods`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`object (Time)`]
+| DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+
+| `disruptionsAllowed`
+| `integer`
+| Number of pod disruptions that are currently allowed.
+
+| `expectedPods`
+| `integer`
+| total number of pods counted by this disruption budget
+
+| `observedGeneration`
+| `integer`
+| Most recent generation observed when updating this PDB status. DisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/policy/v1/poddisruptionbudgets`
+- `GET`: list or watch objects of kind PodDisruptionBudget
+* `/apis/policy/v1/watch/poddisruptionbudgets`
+- `GET`: watch individual changes to a list of PodDisruptionBudget. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets`
+- `DELETE`: delete collection of PodDisruptionBudget
+- `GET`: list or watch objects of kind PodDisruptionBudget
+- `POST`: create a PodDisruptionBudget
+* `/apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets`
+- `GET`: watch individual changes to a list of PodDisruptionBudget. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}`
+- `DELETE`: delete a PodDisruptionBudget
+- `GET`: read the specified PodDisruptionBudget
+- `PATCH`: partially update the specified PodDisruptionBudget
+- `PUT`: replace the specified PodDisruptionBudget
+* `/apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets/{name}`
+- `GET`: watch changes to an object of kind PodDisruptionBudget. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}/status`
+- `GET`: read status of the specified PodDisruptionBudget
+- `PATCH`: partially update status of the specified PodDisruptionBudget
+- `PUT`: replace status of the specified PodDisruptionBudget
+
+
+=== /apis/policy/v1/poddisruptionbudgets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PodDisruptionBudget
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.policy.v1.PodDisruptionBudgetList[`PodDisruptionBudgetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/policy/v1/watch/poddisruptionbudgets
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PodDisruptionBudget. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.policy.v1.PodDisruptionBudgetList[`PodDisruptionBudgetList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 201 - Created
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 202 - Accepted
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PodDisruptionBudget. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PodDisruptionBudget
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PodDisruptionBudget
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 201 - Created
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 201 - Created
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PodDisruptionBudget
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PodDisruptionBudget. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PodDisruptionBudget
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified PodDisruptionBudget
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 201 - Created
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified PodDisruptionBudget
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 201 - Created
+| xref:../policy_apis/poddisruptionbudget-policy-v1.adoc#poddisruptionbudget-policy-v1[`PodDisruptionBudget`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/policy_apis/policy-apis-index.adoc b/microshift_rest_api/policy_apis/policy-apis-index.adoc
new file mode 100644
index 000000000000..70c4d9354e68
--- /dev/null
+++ b/microshift_rest_api/policy_apis/policy-apis-index.adoc
@@ -0,0 +1,31 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="policy-apis"]
+= Policy APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== Eviction [policy/v1]
+
+Description::
++
+--
+Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod.  A request to cause such an eviction is created by POSTing to .../pods/<pod name>/evictions.
+--
+
+Type::
+  `object`
+
+== PodDisruptionBudget [policy/v1]
+
+Description::
++
+--
+PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc b/microshift_rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..989e9cea6a65
--- /dev/null
+++ b/microshift_rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc
@@ -0,0 +1,708 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="clusterrole-rbac-authorization-k8s-io-v1"]
+= ClusterRole [rbac.authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `aggregationRule`
+| `object`
+| AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata.
+
+| `rules`
+| `array`
+| Rules holds all the PolicyRules for this ClusterRole
+
+| `rules[]`
+| `object`
+| PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+
+|===
+=== .aggregationRule
+Description::
++
+--
+AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clusterRoleSelectors`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`array (LabelSelector)`]
+| ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added
+
+|===
+=== .rules
+Description::
++
+--
+Rules holds all the PolicyRules for this ClusterRole
+--
+
+Type::
+  `array`
+
+
+
+
+=== .rules[]
+Description::
++
+--
+PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
+
+| `nonResourceURLs`
+| `array (string)`
+| NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
+
+| `resourceNames`
+| `array (string)`
+| ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+
+| `resources`
+| `array (string)`
+| Resources is a list of resources this rule applies to. '*' represents all resources.
+
+| `verbs`
+| `array (string)`
+| Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/rbac.authorization.k8s.io/v1/clusterroles`
+- `DELETE`: delete collection of ClusterRole
+- `GET`: list or watch objects of kind ClusterRole
+- `POST`: create a ClusterRole
+* `/apis/rbac.authorization.k8s.io/v1/watch/clusterroles`
+- `GET`: watch individual changes to a list of ClusterRole. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/rbac.authorization.k8s.io/v1/clusterroles/{name}`
+- `DELETE`: delete a ClusterRole
+- `GET`: read the specified ClusterRole
+- `PATCH`: partially update the specified ClusterRole
+- `PUT`: replace the specified ClusterRole
+* `/apis/rbac.authorization.k8s.io/v1/watch/clusterroles/{name}`
+- `GET`: watch changes to an object of kind ClusterRole. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/rbac.authorization.k8s.io/v1/clusterroles
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ClusterRole
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ClusterRole
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.rbac.v1.ClusterRoleList[`ClusterRoleList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ClusterRole
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 201 - Created
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 202 - Accepted
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/clusterroles
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ClusterRole. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ClusterRole
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ClusterRole
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ClusterRole
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ClusterRole
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 201 - Created
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ClusterRole
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 201 - Created
+| xref:../rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc#clusterrole-rbac-authorization-k8s-io-v1[`ClusterRole`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/clusterroles/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ClusterRole
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ClusterRole. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc b/microshift_rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..41efb96ea881
--- /dev/null
+++ b/microshift_rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc
@@ -0,0 +1,719 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="clusterrolebinding-rbac-authorization-k8s-io-v1"]
+= ClusterRoleBinding [rbac.authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `roleRef`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata.
+
+| `roleRef`
+| `object`
+| RoleRef contains information that points to the role being used
+
+| `subjects`
+| `array`
+| Subjects holds references to the objects the role applies to.
+
+| `subjects[]`
+| `object`
+| Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+
+|===
+=== .roleRef
+Description::
++
+--
+RoleRef contains information that points to the role being used
+--
+
+Type::
+  `object`
+
+Required::
+  - `apiGroup`
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+=== .subjects
+Description::
++
+--
+Subjects holds references to the objects the role applies to.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .subjects[]
+Description::
++
+--
+Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+
+| `kind`
+| `string`
+| Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+
+| `name`
+| `string`
+| Name of the object being referenced.
+
+| `namespace`
+| `string`
+| Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/rbac.authorization.k8s.io/v1/clusterrolebindings`
+- `DELETE`: delete collection of ClusterRoleBinding
+- `GET`: list or watch objects of kind ClusterRoleBinding
+- `POST`: create a ClusterRoleBinding
+* `/apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings`
+- `GET`: watch individual changes to a list of ClusterRoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}`
+- `DELETE`: delete a ClusterRoleBinding
+- `GET`: read the specified ClusterRoleBinding
+- `PATCH`: partially update the specified ClusterRoleBinding
+- `PUT`: replace the specified ClusterRoleBinding
+* `/apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings/{name}`
+- `GET`: watch changes to an object of kind ClusterRoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/rbac.authorization.k8s.io/v1/clusterrolebindings
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ClusterRoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ClusterRoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.rbac.v1.ClusterRoleBindingList[`ClusterRoleBindingList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ClusterRoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 201 - Created
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 202 - Accepted
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ClusterRoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ClusterRoleBinding
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ClusterRoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ClusterRoleBinding
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ClusterRoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 201 - Created
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ClusterRoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 201 - Created
+| xref:../rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc#clusterrolebinding-rbac-authorization-k8s-io-v1[`ClusterRoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ClusterRoleBinding
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ClusterRoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/rbac_apis/rbac-apis-index.adoc b/microshift_rest_api/rbac_apis/rbac-apis-index.adoc
new file mode 100644
index 000000000000..3d18b73bc7ab
--- /dev/null
+++ b/microshift_rest_api/rbac_apis/rbac-apis-index.adoc
@@ -0,0 +1,53 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="rbac-apis"]
+= Rbac APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== ClusterRole [rbac.authorization.k8s.io/v1]
+
+Description::
++
+--
+ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
+--
+
+Type::
+  `object`
+
+== ClusterRoleBinding [rbac.authorization.k8s.io/v1]
+
+Description::
++
+--
+ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.
+--
+
+Type::
+  `object`
+
+== Role [rbac.authorization.k8s.io/v1]
+
+Description::
++
+--
+Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
+--
+
+Type::
+  `object`
+
+== RoleBinding [rbac.authorization.k8s.io/v1]
+
+Description::
++
+--
+RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc b/microshift_rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..1e66c18328e9
--- /dev/null
+++ b/microshift_rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc
@@ -0,0 +1,868 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="role-rbac-authorization-k8s-io-v1"]
+= Role [rbac.authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata.
+
+| `rules`
+| `array`
+| Rules holds all the PolicyRules for this Role
+
+| `rules[]`
+| `object`
+| PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+
+|===
+=== .rules
+Description::
++
+--
+Rules holds all the PolicyRules for this Role
+--
+
+Type::
+  `array`
+
+
+
+
+=== .rules[]
+Description::
++
+--
+PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
+
+| `nonResourceURLs`
+| `array (string)`
+| NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
+
+| `resourceNames`
+| `array (string)`
+| ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+
+| `resources`
+| `array (string)`
+| Resources is a list of resources this rule applies to. '*' represents all resources.
+
+| `verbs`
+| `array (string)`
+| Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/rbac.authorization.k8s.io/v1/roles`
+- `GET`: list or watch objects of kind Role
+* `/apis/rbac.authorization.k8s.io/v1/watch/roles`
+- `GET`: watch individual changes to a list of Role. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles`
+- `DELETE`: delete collection of Role
+- `GET`: list or watch objects of kind Role
+- `POST`: create a Role
+* `/apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles`
+- `GET`: watch individual changes to a list of Role. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}`
+- `DELETE`: delete a Role
+- `GET`: read the specified Role
+- `PATCH`: partially update the specified Role
+- `PUT`: replace the specified Role
+* `/apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles/{name}`
+- `GET`: watch changes to an object of kind Role. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/rbac.authorization.k8s.io/v1/roles
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Role
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.rbac.v1.RoleList[`RoleList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/roles
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Role. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of Role
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind Role
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.rbac.v1.RoleList[`RoleList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a Role
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 201 - Created
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 202 - Accepted
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of Role. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Role
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a Role
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified Role
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Role
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 201 - Created
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified Role
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 201 - Created
+| xref:../rbac_apis/role-rbac-authorization-k8s-io-v1.adoc#role-rbac-authorization-k8s-io-v1[`Role`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Role
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind Role. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc b/microshift_rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc
new file mode 100644
index 000000000000..0f79e0559634
--- /dev/null
+++ b/microshift_rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc
@@ -0,0 +1,905 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="rolebinding-rbac-authorization-k8s-io-v1"]
+= RoleBinding [rbac.authorization.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `roleRef`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata.
+
+| `roleRef`
+| `object`
+| RoleRef contains information that points to the role being used
+
+| `subjects`
+| `array`
+| Subjects holds references to the objects the role applies to.
+
+| `subjects[]`
+| `object`
+| Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+
+|===
+=== .roleRef
+Description::
++
+--
+RoleRef contains information that points to the role being used
+--
+
+Type::
+  `object`
+
+Required::
+  - `apiGroup`
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup is the group for the resource being referenced
+
+| `kind`
+| `string`
+| Kind is the type of resource being referenced
+
+| `name`
+| `string`
+| Name is the name of resource being referenced
+
+|===
+=== .subjects
+Description::
++
+--
+Subjects holds references to the objects the role applies to.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .subjects[]
+Description::
++
+--
+Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroup`
+| `string`
+| APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+
+| `kind`
+| `string`
+| Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+
+| `name`
+| `string`
+| Name of the object being referenced.
+
+| `namespace`
+| `string`
+| Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/rbac.authorization.k8s.io/v1/rolebindings`
+- `GET`: list or watch objects of kind RoleBinding
+* `/apis/rbac.authorization.k8s.io/v1/watch/rolebindings`
+- `GET`: watch individual changes to a list of RoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings`
+- `DELETE`: delete collection of RoleBinding
+- `GET`: list or watch objects of kind RoleBinding
+- `POST`: create a RoleBinding
+* `/apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings`
+- `GET`: watch individual changes to a list of RoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}`
+- `DELETE`: delete a RoleBinding
+- `GET`: read the specified RoleBinding
+- `PATCH`: partially update the specified RoleBinding
+- `PUT`: replace the specified RoleBinding
+* `/apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings/{name}`
+- `GET`: watch changes to an object of kind RoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/rbac.authorization.k8s.io/v1/rolebindings
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind RoleBinding
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.rbac.v1.RoleBindingList[`RoleBindingList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/rolebindings
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of RoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of RoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind RoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.rbac.v1.RoleBindingList[`RoleBindingList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a RoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 201 - Created
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 202 - Accepted
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of RoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the RoleBinding
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a RoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified RoleBinding
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified RoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 201 - Created
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified RoleBinding
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 201 - Created
+| xref:../rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc#rolebinding-rbac-authorization-k8s-io-v1[`RoleBinding`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the RoleBinding
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind RoleBinding. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc b/microshift_rest_api/scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc
new file mode 100644
index 000000000000..648ec2b9d782
--- /dev/null
+++ b/microshift_rest_api/scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc
@@ -0,0 +1,643 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="priorityclass-scheduling-k8s-io-v1"]
+= PriorityClass [scheduling.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PriorityClass defines mapping from a priority class name to the priority integer value. The value can be any valid integer.
+--
+
+Type::
+  `object`
+
+Required::
+  - `value`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `description`
+| `string`
+| description is an arbitrary string that usually provides guidelines on when this priority class should be used.
+
+| `globalDefault`
+| `boolean`
+| globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `preemptionPolicy`
+| `string`
+| preemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
+| `value`
+| `integer`
+| value represents the integer value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/scheduling.k8s.io/v1/priorityclasses`
+- `DELETE`: delete collection of PriorityClass
+- `GET`: list or watch objects of kind PriorityClass
+- `POST`: create a PriorityClass
+* `/apis/scheduling.k8s.io/v1/watch/priorityclasses`
+- `GET`: watch individual changes to a list of PriorityClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/scheduling.k8s.io/v1/priorityclasses/{name}`
+- `DELETE`: delete a PriorityClass
+- `GET`: read the specified PriorityClass
+- `PATCH`: partially update the specified PriorityClass
+- `PUT`: replace the specified PriorityClass
+* `/apis/scheduling.k8s.io/v1/watch/priorityclasses/{name}`
+- `GET`: watch changes to an object of kind PriorityClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/scheduling.k8s.io/v1/priorityclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PriorityClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PriorityClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.scheduling.v1.PriorityClassList[`PriorityClassList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PriorityClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 201 - Created
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 202 - Accepted
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/scheduling.k8s.io/v1/watch/priorityclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PriorityClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/scheduling.k8s.io/v1/priorityclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PriorityClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PriorityClass
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PriorityClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 201 - Created
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PriorityClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 201 - Created
+| xref:../scheduling_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[`PriorityClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/scheduling.k8s.io/v1/watch/priorityclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PriorityClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/scheduling_apis/scheduling-apis-index.adoc b/microshift_rest_api/scheduling_apis/scheduling-apis-index.adoc
new file mode 100644
index 000000000000..7c46e32108db
--- /dev/null
+++ b/microshift_rest_api/scheduling_apis/scheduling-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="scheduling-apis"]
+= Scheduling APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== PriorityClass [scheduling.k8s.io/v1]
+
+Description::
++
+--
+PriorityClass defines mapping from a priority class name to the priority integer value. The value can be any valid integer.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/security_apis/security-apis-index.adoc b/microshift_rest_api/security_apis/security-apis-index.adoc
new file mode 100644
index 000000000000..f9d6f6853cd8
--- /dev/null
+++ b/microshift_rest_api/security_apis/security-apis-index.adoc
@@ -0,0 +1,21 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="security-apis"]
+= Security APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== SecurityContextConstraints [security.openshift.io/v1]
+
+Description::
++
+--
+SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc b/microshift_rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
index 3b17cbb183a4..5c0bdd26a417 100644
--- a/microshift_rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
+++ b/microshift_rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="securitycontextconstraints-security-openshift-io-v1"]
 = SecurityContextConstraints [security.openshift.io/v1]
 :toc: macro
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-SecurityContextConstraints (SCC) governs the ability to make requests that affect the SecurityContext that applies to a container. Use the security.openshift.io group to manage SecurityContextConstraints. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -104,7 +105,7 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| `ObjectMeta`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
 | Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `priority`
@@ -153,15 +154,11 @@ The following API endpoints are available:
 - `DELETE`: delete collection of SecurityContextConstraints
 - `GET`: list objects of kind SecurityContextConstraints
 - `POST`: create SecurityContextConstraints
-* `/apis/security.openshift.io/v1/watch/securitycontextconstraints`
-- `GET`: watch individual changes to a list of SecurityContextConstraints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
 * `/apis/security.openshift.io/v1/securitycontextconstraints/{name}`
 - `DELETE`: delete SecurityContextConstraints
 - `GET`: read the specified SecurityContextConstraints
 - `PATCH`: partially update the specified SecurityContextConstraints
 - `PUT`: replace the specified SecurityContextConstraints
-* `/apis/security.openshift.io/v1/watch/securitycontextconstraints/{name}`
-- `GET`: watch changes to an object of kind SecurityContextConstraints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
 
 
 === /apis/security.openshift.io/v1/securitycontextconstraints
@@ -216,6 +213,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -230,7 +242,7 @@ Defaults to unset
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `Status` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -275,6 +287,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -289,7 +316,7 @@ Defaults to unset
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `SecurityContextConstraintsList` schema
+| xref:../objects/index.adoc#io.openshift.security.v1.SecurityContextConstraintsList[`SecurityContextConstraintsList`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -313,7 +340,7 @@ Description::
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -340,71 +367,6 @@ Description::
 |===
 
 
-=== /apis/security.openshift.io/v1/watch/securitycontextconstraints
-
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
-
-HTTP method::
-  `GET`
-
-Description::
-  watch individual changes to a list of SecurityContextConstraints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
-
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| `WatchEvent` schema
-| 401 - Unauthorized
-| Empty
-|===
-
-
 === /apis/security.openshift.io/v1/securitycontextconstraints/{name}
 
 .Global path parameters
@@ -455,7 +417,7 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| `DeleteOptions` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
 |
 |===
 
@@ -464,9 +426,9 @@ Description::
 |===
 | HTTP code | Reponse body
 | 200 - OK
-| `Status` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
 | 202 - Accepted
-| `Status` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
 | 401 - Unauthorized
 | Empty
 |===
@@ -516,10 +478,13 @@ Description::
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
 | `fieldManager`
 | `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -527,7 +492,7 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| `Patch` schema
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
 |
 |===
 
@@ -560,7 +525,7 @@ Description::
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -585,76 +550,3 @@ Description::
 |===
 
 
-=== /apis/security.openshift.io/v1/watch/securitycontextconstraints/{name}
-
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `name`
-| `string`
-| name of the SecurityContextConstraints
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
-
-HTTP method::
-  `GET`
-
-Description::
-  watch changes to an object of kind SecurityContextConstraints. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
-
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| `WatchEvent` schema
-| 401 - Unauthorized
-| Empty
-|===
-
-
diff --git a/microshift_rest_api/security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc b/microshift_rest_api/security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc
new file mode 100644
index 000000000000..fd9a173772d0
--- /dev/null
+++ b/microshift_rest_api/security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc
@@ -0,0 +1,454 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="rangeallocation-security-internal-openshift-io-v1"]
+= RangeAllocation [security.internal.openshift.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+RangeAllocation is used so we can easily expose a RangeAllocation typed for security group This is an internal API, not intended for external consumption.
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `data`
+| `string`
+| data is a byte array representing the serialized state of a range allocation.  It is a bitmap with each bit set to one to represent a range is taken.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `range`
+| `string`
+| range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000".
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/security.internal.openshift.io/v1/rangeallocations`
+- `DELETE`: delete collection of RangeAllocation
+- `GET`: list objects of kind RangeAllocation
+- `POST`: create a RangeAllocation
+* `/apis/security.internal.openshift.io/v1/rangeallocations/{name}`
+- `DELETE`: delete a RangeAllocation
+- `GET`: read the specified RangeAllocation
+- `PATCH`: partially update the specified RangeAllocation
+- `PUT`: replace the specified RangeAllocation
+
+
+=== /apis/security.internal.openshift.io/v1/rangeallocations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.internal.security.v1.RangeAllocationList[`RangeAllocationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 201 - Created
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 202 - Accepted
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/security.internal.openshift.io/v1/rangeallocations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the RangeAllocation
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified RangeAllocation
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 201 - Created
+| xref:../security_internal_apis/rangeallocation-security-internal-openshift-io-v1.adoc#rangeallocation-security-internal-openshift-io-v1[`RangeAllocation`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/security_internal_apis/security-internal-apis-index.adoc b/microshift_rest_api/security_internal_apis/security-internal-apis-index.adoc
new file mode 100644
index 000000000000..ce0e0dcc2e64
--- /dev/null
+++ b/microshift_rest_api/security_internal_apis/security-internal-apis-index.adoc
@@ -0,0 +1,21 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="security-internal-apis"]
+= Security Internal APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== RangeAllocation [security.internal.openshift.io/v1]
+
+Description::
++
+--
+RangeAllocation is used so we can easily expose a RangeAllocation typed for security group This is an internal API, not intended for external consumption.
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/snapshot_apis/snapshot-apis-index.adoc b/microshift_rest_api/snapshot_apis/snapshot-apis-index.adoc
new file mode 100644
index 000000000000..9f695c28f21a
--- /dev/null
+++ b/microshift_rest_api/snapshot_apis/snapshot-apis-index.adoc
@@ -0,0 +1,42 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="snapshot-apis"]
+= Snapshot APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== VolumeSnapshot [snapshot.storage.k8s.io/v1]
+
+Description::
++
+--
+VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot.
+--
+
+Type::
+  `object`
+
+== VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
+
+Description::
++
+--
+VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced
+--
+
+Type::
+  `object`
+
+== VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
+
+Description::
++
+--
+VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc b/microshift_rest_api/snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..7af45157a937
--- /dev/null
+++ b/microshift_rest_api/snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc
@@ -0,0 +1,810 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="volumesnapshot-snapshot-storage-k8s-io-v1"]
+= VolumeSnapshot [snapshot.storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.
+
+| `status`
+| `object`
+| status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.
+
+|===
+=== .spec
+Description::
++
+--
+spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.
+--
+
+Type::
+  `object`
+
+Required::
+  - `source`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `source`
+| `object`
+| source specifies where a snapshot will be created from. This field is immutable after creation. Required.
+
+| `volumeSnapshotClassName`
+| `string`
+| VolumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. VolumeSnapshotClassName may be left nil to indicate that the default SnapshotClass should be used. A given cluster may have multiple default Volume SnapshotClasses: one default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, VolumeSnapshotSource will be checked to figure out what the associated CSI Driver is, and the default VolumeSnapshotClass associated with that CSI Driver will be used. If more than one VolumeSnapshotClass exist for a given CSI Driver and more than one have been marked as default, CreateSnapshot will fail and generate an event. Empty string is not allowed for this field.
+
+|===
+=== .spec.source
+Description::
++
+--
+source specifies where a snapshot will be created from. This field is immutable after creation. Required.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `persistentVolumeClaimName`
+| `string`
+| persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object representing the volume from which a snapshot should be created. This PVC is assumed to be in the same namespace as the VolumeSnapshot object. This field should be set if the snapshot does not exists, and needs to be created. This field is immutable.
+
+| `volumeSnapshotContentName`
+| `string`
+| volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object representing an existing volume snapshot. This field should be set if the snapshot already exists and only needs a representation in Kubernetes. This field is immutable.
+
+|===
+=== .status
+Description::
++
+--
+status represents the current information of a snapshot. Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `boundVolumeSnapshotContentName`
+| `string`
+| boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent object to which this VolumeSnapshot object intends to bind to. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: To avoid possible security issues, consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent point at each other) before using this object.
+
+| `creationTime`
+| `string`
+| creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it may indicate that the creation time of the snapshot is unknown.
+
+| `error`
+| `object`
+| error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared.
+
+| `readyToUse`
+| `boolean`
+| readyToUse indicates if the snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown.
+
+| `restoreSize`
+| `integer-or-string`
+| restoreSize represents the minimum size of volume required to create a volume from this snapshot. In dynamic snapshot creation case, this field will be filled in by the snapshot controller with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown.
+
+|===
+=== .status.error
+Description::
++
+--
+error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. The snapshot controller will keep retrying when an error occurs during the snapshot creation. Upon success, this error field will be cleared.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.
+
+| `time`
+| `string`
+| time is the timestamp when the error was encountered.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/snapshot.storage.k8s.io/v1/volumesnapshots`
+- `GET`: list objects of kind VolumeSnapshot
+* `/apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots`
+- `DELETE`: delete collection of VolumeSnapshot
+- `GET`: list objects of kind VolumeSnapshot
+- `POST`: create a VolumeSnapshot
+* `/apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots/{name}`
+- `DELETE`: delete a VolumeSnapshot
+- `GET`: read the specified VolumeSnapshot
+- `PATCH`: partially update the specified VolumeSnapshot
+- `PUT`: replace the specified VolumeSnapshot
+* `/apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots/{name}/status`
+- `GET`: read status of the specified VolumeSnapshot
+- `PATCH`: partially update status of the specified VolumeSnapshot
+- `PUT`: replace status of the specified VolumeSnapshot
+
+
+=== /apis/snapshot.storage.k8s.io/v1/volumesnapshots
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind VolumeSnapshot
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.storage.snapshot.v1.VolumeSnapshotList[`VolumeSnapshotList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.storage.snapshot.v1.VolumeSnapshotList[`VolumeSnapshotList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 202 - Accepted
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeSnapshot
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeSnapshot
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified VolumeSnapshot
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc#volumesnapshot-snapshot-storage-k8s-io-v1[`VolumeSnapshot`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc b/microshift_rest_api/snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..53a9f8c711a8
--- /dev/null
+++ b/microshift_rest_api/snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc
@@ -0,0 +1,460 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="volumesnapshotclass-snapshot-storage-k8s-io-v1"]
+= VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced
+--
+
+Type::
+  `object`
+
+Required::
+  - `deletionPolicy`
+  - `driver`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `deletionPolicy`
+| `string`
+| deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required.
+
+| `driver`
+| `string`
+| driver is the name of the storage driver that handles this VolumeSnapshotClass. Required.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `parameters`
+| `object (string)`
+| parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses`
+- `DELETE`: delete collection of VolumeSnapshotClass
+- `GET`: list objects of kind VolumeSnapshotClass
+- `POST`: create a VolumeSnapshotClass
+* `/apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses/{name}`
+- `DELETE`: delete a VolumeSnapshotClass
+- `GET`: read the specified VolumeSnapshotClass
+- `PATCH`: partially update the specified VolumeSnapshotClass
+- `PUT`: replace the specified VolumeSnapshotClass
+
+
+=== /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.storage.snapshot.v1.VolumeSnapshotClassList[`VolumeSnapshotClassList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 202 - Accepted
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeSnapshotClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified VolumeSnapshotClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc#volumesnapshotclass-snapshot-storage-k8s-io-v1[`VolumeSnapshotClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc b/microshift_rest_api/snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..4a3bf7c1ca6c
--- /dev/null
+++ b/microshift_rest_api/snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc
@@ -0,0 +1,779 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="volumesnapshotcontent-snapshot-storage-k8s-io-v1"]
+= VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required.
+
+| `status`
+| `object`
+| status represents the current information of a snapshot.
+
+|===
+=== .spec
+Description::
++
+--
+spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required.
+--
+
+Type::
+  `object`
+
+Required::
+  - `deletionPolicy`
+  - `driver`
+  - `source`
+  - `volumeSnapshotRef`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `deletionPolicy`
+| `string`
+| deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. For dynamically provisioned snapshots, this field will automatically be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding VolumeSnapshotClass. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required.
+
+| `driver`
+| `string`
+| driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required.
+
+| `source`
+| `object`
+| source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required.
+
+| `sourceVolumeMode`
+| `string`
+| SourceVolumeMode is the mode of the volume whose snapshot is taken. Can be either “Filesystem” or “Block”. If not specified, it indicates the source volume's mode is unknown. This field is immutable. This field is an alpha field.
+
+| `volumeSnapshotClassName`
+| `string`
+| name of the VolumeSnapshotClass from which this snapshot was (or will be) created. Note that after provisioning, the VolumeSnapshotClass may be deleted or recreated with different set of values, and as such, should not be referenced post-snapshot creation.
+
+| `volumeSnapshotRef`
+| `object`
+| volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required.
+
+|===
+=== .spec.source
+Description::
++
+--
+source specifies whether the snapshot is (or should be) dynamically provisioned or already exists, and just requires a Kubernetes object representation. This field is immutable after creation. Required.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `snapshotHandle`
+| `string`
+| snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system for which a Kubernetes object representation was (or should be) created. This field is immutable.
+
+| `volumeHandle`
+| `string`
+| volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable.
+
+|===
+=== .spec.volumeSnapshotRef
+Description::
++
+--
+volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| API version of the referent.
+
+| `fieldPath`
+| `string`
+| If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.
+
+| `kind`
+| `string`
+| Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+| `namespace`
+| `string`
+| Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+| `resourceVersion`
+| `string`
+| Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
+| `uid`
+| `string`
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+|===
+=== .status
+Description::
++
+--
+status represents the current information of a snapshot.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `creationTime`
+| `integer`
+| creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "creation_time" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC.
+
+| `error`
+| `object`
+| error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared.
+
+| `readyToUse`
+| `boolean`
+| readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "ready_to_use" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown.
+
+| `restoreSize`
+| `integer`
+| restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in by the CSI snapshotter sidecar with the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown.
+
+| `snapshotHandle`
+| `string`
+| snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress.
+
+|===
+=== .status.error
+Description::
++
+--
+error is the last observed error during snapshot creation, if any. Upon success after retry, this error field will be cleared.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.
+
+| `time`
+| `string`
+| time is the timestamp when the error was encountered.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents`
+- `DELETE`: delete collection of VolumeSnapshotContent
+- `GET`: list objects of kind VolumeSnapshotContent
+- `POST`: create a VolumeSnapshotContent
+* `/apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents/{name}`
+- `DELETE`: delete a VolumeSnapshotContent
+- `GET`: read the specified VolumeSnapshotContent
+- `PATCH`: partially update the specified VolumeSnapshotContent
+- `PUT`: replace the specified VolumeSnapshotContent
+* `/apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents/{name}/status`
+- `GET`: read status of the specified VolumeSnapshotContent
+- `PATCH`: partially update status of the specified VolumeSnapshotContent
+- `PUT`: replace status of the specified VolumeSnapshotContent
+
+
+=== /apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.storage.snapshot.v1.VolumeSnapshotContentList[`VolumeSnapshotContentList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 202 - Accepted
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeSnapshotContent
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeSnapshotContent
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified VolumeSnapshotContent
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 201 - Created
+| xref:../snapshot_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc#volumesnapshotcontent-snapshot-storage-k8s-io-v1[`VolumeSnapshotContent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rosa_cli/snippets b/microshift_rest_api/snippets
similarity index 100%
rename from rosa_cli/snippets
rename to microshift_rest_api/snippets
diff --git a/microshift_rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc b/microshift_rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..0f30a79c7d18
--- /dev/null
+++ b/microshift_rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc
@@ -0,0 +1,773 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="csidriver-storage-k8s-io-v1"]
+= CSIDriver [storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+CSIDriver captures information about a Container Storage Interface (CSI) volume driver deployed on the cluster. Kubernetes attach detach controller uses this object to determine whether attach is required. Kubelet uses this object to determine whether pod information needs to be passed on mount. CSIDriver objects are non-namespaced.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object metadata. metadata.Name indicates the name of the CSI driver that this object refers to; it MUST be the same name returned by the CSI GetPluginName() call for that driver. The driver name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and alphanumerics between. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| CSIDriverSpec is the specification of a CSIDriver.
+
+|===
+=== .spec
+Description::
++
+--
+CSIDriverSpec is the specification of a CSIDriver.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `attachRequired`
+| `boolean`
+| attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called.
+
+This field is immutable.
+
+| `fsGroupPolicy`
+| `string`
+| fsGroupPolicy defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details.
+
+This field is immutable.
+
+Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce.
+
+| `podInfoOnMount`
+| `boolean`
+| podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations, if set to true. If set to false, pod information will not be passed on mount. Default is false.
+
+The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext.
+
+The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume
+                                defined by a CSIVolumeSource, otherwise "false"
+
+"csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.
+
+This field is immutable.
+
+| `requiresRepublish`
+| `boolean`
+| requiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
+
+Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
+
+| `seLinuxMount`
+| `boolean`
+| seLinuxMount specifies if the CSI driver supports "-o context" mount option.
+
+When "true", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context.
+
+When "false", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem.
+
+Default is "false".
+
+| `storageCapacity`
+| `boolean`
+| storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information, if set to true.
+
+The check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.
+
+Alternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.
+
+This field was immutable in Kubernetes <= 1.22 and now is mutable.
+
+| `tokenRequests`
+| `array`
+| tokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": {
+  "<audience>": {
+    "token": <token>,
+    "expirationTimestamp": <expiration timestamp in RFC3339>,
+  },
+  ...
+}
+
+Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
+
+| `tokenRequests[]`
+| `object`
+| TokenRequest contains parameters of a service account token.
+
+| `volumeLifecycleModes`
+| `array (string)`
+| volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism.
+
+The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume.
+
+For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future.
+
+This field is beta. This field is immutable.
+
+|===
+=== .spec.tokenRequests
+Description::
++
+--
+tokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": {
+  "<audience>": {
+    "token": <token>,
+    "expirationTimestamp": <expiration timestamp in RFC3339>,
+  },
+  ...
+}
+
+Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.tokenRequests[]
+Description::
++
+--
+TokenRequest contains parameters of a service account token.
+--
+
+Type::
+  `object`
+
+Required::
+  - `audience`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `audience`
+| `string`
+| audience is the intended audience of the token in "TokenRequestSpec". It will default to the audiences of kube apiserver.
+
+| `expirationSeconds`
+| `integer`
+| expirationSeconds is the duration of validity of the token in "TokenRequestSpec". It has the same default value of "ExpirationSeconds" in "TokenRequestSpec".
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/storage.k8s.io/v1/csidrivers`
+- `DELETE`: delete collection of CSIDriver
+- `GET`: list or watch objects of kind CSIDriver
+- `POST`: create a CSIDriver
+* `/apis/storage.k8s.io/v1/watch/csidrivers`
+- `GET`: watch individual changes to a list of CSIDriver. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/storage.k8s.io/v1/csidrivers/{name}`
+- `DELETE`: delete a CSIDriver
+- `GET`: read the specified CSIDriver
+- `PATCH`: partially update the specified CSIDriver
+- `PUT`: replace the specified CSIDriver
+* `/apis/storage.k8s.io/v1/watch/csidrivers/{name}`
+- `GET`: watch changes to an object of kind CSIDriver. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/storage.k8s.io/v1/csidrivers
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of CSIDriver
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CSIDriver
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.storage.v1.CSIDriverList[`CSIDriverList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a CSIDriver
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 201 - Created
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 202 - Accepted
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/csidrivers
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CSIDriver. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/csidrivers/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CSIDriver
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a CSIDriver
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 202 - Accepted
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified CSIDriver
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified CSIDriver
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 201 - Created
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified CSIDriver
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 201 - Created
+| xref:../storage_apis/csidriver-storage-k8s-io-v1.adoc#csidriver-storage-k8s-io-v1[`CSIDriver`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/csidrivers/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CSIDriver
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind CSIDriver. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc b/microshift_rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..76a0eacb1885
--- /dev/null
+++ b/microshift_rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc
@@ -0,0 +1,727 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="csinode-storage-k8s-io-v1"]
+= CSINode [storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+CSINode holds information about all CSI drivers installed on a node. CSI drivers do not need to create the CSINode object directly. As long as they use the node-driver-registrar sidecar container, the kubelet will automatically populate the CSINode object for the CSI driver as part of kubelet plugin registration. CSINode has the same name as a node. If the object is missing, it means either there are no CSI Drivers available on the node, or the Kubelet version is low enough that it doesn't create this object. CSINode has an OwnerReference that points to the corresponding node object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. metadata.name must be the Kubernetes node name.
+
+| `spec`
+| `object`
+| CSINodeSpec holds information about the specification of all CSI drivers installed on a node
+
+|===
+=== .spec
+Description::
++
+--
+CSINodeSpec holds information about the specification of all CSI drivers installed on a node
+--
+
+Type::
+  `object`
+
+Required::
+  - `drivers`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `drivers`
+| `array`
+| drivers is a list of information of all CSI Drivers existing on a node. If all drivers in the list are uninstalled, this can become empty.
+
+| `drivers[]`
+| `object`
+| CSINodeDriver holds information about the specification of one CSI driver installed on a node
+
+|===
+=== .spec.drivers
+Description::
++
+--
+drivers is a list of information of all CSI Drivers existing on a node. If all drivers in the list are uninstalled, this can become empty.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.drivers[]
+Description::
++
+--
+CSINodeDriver holds information about the specification of one CSI driver installed on a node
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `nodeID`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allocatable`
+| `object`
+| VolumeNodeResources is a set of resource limits for scheduling of volumes.
+
+| `name`
+| `string`
+| name represents the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver.
+
+| `nodeID`
+| `string`
+| nodeID of the node from the driver point of view. This field enables Kubernetes to communicate with storage systems that do not share the same nomenclature for nodes. For example, Kubernetes may refer to a given node as "node1", but the storage system may refer to the same node as "nodeA". When Kubernetes issues a command to the storage system to attach a volume to a specific node, it can use this field to refer to the node name using the ID that the storage system will understand, e.g. "nodeA" instead of "node1". This field is required.
+
+| `topologyKeys`
+| `array (string)`
+| topologyKeys is the list of keys supported by the driver. When a driver is initialized on a cluster, it provides a set of topology keys that it understands (e.g. "company.com/zone", "company.com/region"). When a driver is initialized on a node, it provides the same topology keys along with values. Kubelet will expose these topology keys as labels on its own node object. When Kubernetes does topology aware provisioning, it can use this list to determine which labels it should retrieve from the node object and pass back to the driver. It is possible for different nodes to use different topology keys. This can be empty if driver does not support topology.
+
+|===
+=== .spec.drivers[].allocatable
+Description::
++
+--
+VolumeNodeResources is a set of resource limits for scheduling of volumes.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `count`
+| `integer`
+| count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node. A volume that is both attached and mounted on a node is considered to be used once, not twice. The same rule applies for a unique volume that is shared among multiple pods on the same node. If this field is not specified, then the supported number of volumes on this node is unbounded.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/storage.k8s.io/v1/csinodes`
+- `DELETE`: delete collection of CSINode
+- `GET`: list or watch objects of kind CSINode
+- `POST`: create a CSINode
+* `/apis/storage.k8s.io/v1/watch/csinodes`
+- `GET`: watch individual changes to a list of CSINode. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/storage.k8s.io/v1/csinodes/{name}`
+- `DELETE`: delete a CSINode
+- `GET`: read the specified CSINode
+- `PATCH`: partially update the specified CSINode
+- `PUT`: replace the specified CSINode
+* `/apis/storage.k8s.io/v1/watch/csinodes/{name}`
+- `GET`: watch changes to an object of kind CSINode. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/storage.k8s.io/v1/csinodes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of CSINode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CSINode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.storage.v1.CSINodeList[`CSINodeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a CSINode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 201 - Created
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 202 - Accepted
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/csinodes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CSINode. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/csinodes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CSINode
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a CSINode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 202 - Accepted
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified CSINode
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified CSINode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 201 - Created
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified CSINode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 201 - Created
+| xref:../storage_apis/csinode-storage-k8s-io-v1.adoc#csinode-storage-k8s-io-v1[`CSINode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/csinodes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CSINode
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind CSINode. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc b/microshift_rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..23bca9b06390
--- /dev/null
+++ b/microshift_rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc
@@ -0,0 +1,841 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="csistoragecapacity-storage-k8s-io-v1"]
+= CSIStorageCapacity [storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+CSIStorageCapacity stores the result of one CSI GetCapacity call. For a given StorageClass, this describes the available capacity in a particular topology segment.  This can be used when considering where to instantiate new PersistentVolumes.
+
+For example this can express things like: - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123"
+
+The following three cases all imply that no capacity is available for a certain combination: - no object exists with suitable topology and storage class name - such an object exists, but the capacity is unset - such an object exists, but the capacity is zero
+
+The producer of these objects can decide which approach is more suitable.
+
+They are consumed by the kube-scheduler when a CSI driver opts into capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler compares the MaximumVolumeSize against the requested size of pending volumes to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back to a comparison against the less precise Capacity. If that is also unset, the scheduler assumes that capacity is insufficient and tries some other node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `storageClassName`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `capacity`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.
+
+The semantic is currently (CSI spec 1.2) defined as: The available capacity, in bytes, of the storage that can be used to provision volumes. If not set, that information is currently unavailable.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `maximumVolumeSize`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
+| maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.
+
+This is defined since CSI spec 1.4.0 as the largest size that may be used in a CreateVolumeRequest.capacity_range.required_bytes field to create a volume with the same parameters as those in GetCapacityRequest. The corresponding value in the Kubernetes API is ResourceRequirements.Requests in a volume claim.
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-<uuid>, a generated name, or a reverse-domain name which ends with the unique CSI driver name.
+
+Objects are namespaced.
+
+More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `nodeTopology`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| nodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable.
+
+| `storageClassName`
+| `string`
+| storageClassName represents the name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/storage.k8s.io/v1/csistoragecapacities`
+- `GET`: list or watch objects of kind CSIStorageCapacity
+* `/apis/storage.k8s.io/v1/watch/csistoragecapacities`
+- `GET`: watch individual changes to a list of CSIStorageCapacity. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/storage.k8s.io/v1/namespaces/{namespace}/csistoragecapacities`
+- `DELETE`: delete collection of CSIStorageCapacity
+- `GET`: list or watch objects of kind CSIStorageCapacity
+- `POST`: create a CSIStorageCapacity
+* `/apis/storage.k8s.io/v1/watch/namespaces/{namespace}/csistoragecapacities`
+- `GET`: watch individual changes to a list of CSIStorageCapacity. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/storage.k8s.io/v1/namespaces/{namespace}/csistoragecapacities/{name}`
+- `DELETE`: delete a CSIStorageCapacity
+- `GET`: read the specified CSIStorageCapacity
+- `PATCH`: partially update the specified CSIStorageCapacity
+- `PUT`: replace the specified CSIStorageCapacity
+* `/apis/storage.k8s.io/v1/watch/namespaces/{namespace}/csistoragecapacities/{name}`
+- `GET`: watch changes to an object of kind CSIStorageCapacity. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/storage.k8s.io/v1/csistoragecapacities
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CSIStorageCapacity
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.storage.v1.CSIStorageCapacityList[`CSIStorageCapacityList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/csistoragecapacities
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CSIStorageCapacity. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/namespaces/{namespace}/csistoragecapacities
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of CSIStorageCapacity
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind CSIStorageCapacity
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.storage.v1.CSIStorageCapacityList[`CSIStorageCapacityList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a CSIStorageCapacity
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 201 - Created
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 202 - Accepted
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/namespaces/{namespace}/csistoragecapacities
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of CSIStorageCapacity. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/namespaces/{namespace}/csistoragecapacities/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CSIStorageCapacity
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a CSIStorageCapacity
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified CSIStorageCapacity
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified CSIStorageCapacity
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 201 - Created
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified CSIStorageCapacity
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 201 - Created
+| xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`CSIStorageCapacity`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/namespaces/{namespace}/csistoragecapacities/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the CSIStorageCapacity
+| `namespace`
+| `string`
+| object name and auth scope, such as for teams and projects
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind CSIStorageCapacity. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/storage_apis/storage-apis-index.adoc b/microshift_rest_api/storage_apis/storage-apis-index.adoc
new file mode 100644
index 000000000000..6d64d3d0be15
--- /dev/null
+++ b/microshift_rest_api/storage_apis/storage-apis-index.adoc
@@ -0,0 +1,76 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="storage-apis"]
+= Storage APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== CSIDriver [storage.k8s.io/v1]
+
+Description::
++
+--
+CSIDriver captures information about a Container Storage Interface (CSI) volume driver deployed on the cluster. Kubernetes attach detach controller uses this object to determine whether attach is required. Kubelet uses this object to determine whether pod information needs to be passed on mount. CSIDriver objects are non-namespaced.
+--
+
+Type::
+  `object`
+
+== CSINode [storage.k8s.io/v1]
+
+Description::
++
+--
+CSINode holds information about all CSI drivers installed on a node. CSI drivers do not need to create the CSINode object directly. As long as they use the node-driver-registrar sidecar container, the kubelet will automatically populate the CSINode object for the CSI driver as part of kubelet plugin registration. CSINode has the same name as a node. If the object is missing, it means either there are no CSI Drivers available on the node, or the Kubelet version is low enough that it doesn't create this object. CSINode has an OwnerReference that points to the corresponding node object.
+--
+
+Type::
+  `object`
+
+== CSIStorageCapacity [storage.k8s.io/v1]
+
+Description::
++
+--
+CSIStorageCapacity stores the result of one CSI GetCapacity call. For a given StorageClass, this describes the available capacity in a particular topology segment.  This can be used when considering where to instantiate new PersistentVolumes.
+
+For example this can express things like: - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123"
+
+The following three cases all imply that no capacity is available for a certain combination: - no object exists with suitable topology and storage class name - such an object exists, but the capacity is unset - such an object exists, but the capacity is zero
+
+The producer of these objects can decide which approach is more suitable.
+
+They are consumed by the kube-scheduler when a CSI driver opts into capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler compares the MaximumVolumeSize against the requested size of pending volumes to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back to a comparison against the less precise Capacity. If that is also unset, the scheduler assumes that capacity is insufficient and tries some other node.
+--
+
+Type::
+  `object`
+
+== StorageClass [storage.k8s.io/v1]
+
+Description::
++
+--
+StorageClass describes the parameters for a class of storage for which PersistentVolumes can be dynamically provisioned.
+
+StorageClasses are non-namespaced; the name of the storage class according to etcd is in ObjectMeta.Name.
+--
+
+Type::
+  `object`
+
+== VolumeAttachment [storage.k8s.io/v1]
+
+Description::
++
+--
+VolumeAttachment captures the intent to attach or detach the specified volume to/from the specified node.
+
+VolumeAttachment objects are non-namespaced.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc b/microshift_rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..27934ca3ab7d
--- /dev/null
+++ b/microshift_rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc
@@ -0,0 +1,662 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="storageclass-storage-k8s-io-v1"]
+= StorageClass [storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+StorageClass describes the parameters for a class of storage for which PersistentVolumes can be dynamically provisioned.
+
+StorageClasses are non-namespaced; the name of the storage class according to etcd is in ObjectMeta.Name.
+--
+
+Type::
+  `object`
+
+Required::
+  - `provisioner`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `allowVolumeExpansion`
+| `boolean`
+| allowVolumeExpansion shows whether the storage class allow volume expand.
+
+| `allowedTopologies`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.TopologySelectorTerm[`array (TopologySelectorTerm)`]
+| allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `mountOptions`
+| `array (string)`
+| mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. e.g. ["ro", "soft"]. Not validated - mount of the PVs will simply fail if one is invalid.
+
+| `parameters`
+| `object (string)`
+| parameters holds the parameters for the provisioner that should create volumes of this storage class.
+
+| `provisioner`
+| `string`
+| provisioner indicates the type of the provisioner.
+
+| `reclaimPolicy`
+| `string`
+| reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. Defaults to Delete.
+
+Possible enum values:
+ - `"Delete"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.
+ - `"Recycle"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.
+ - `"Retain"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.
+
+| `volumeBindingMode`
+| `string`
+| volumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound.  When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.
+
+Possible enum values:
+ - `"Immediate"` indicates that PersistentVolumeClaims should be immediately provisioned and bound. This is the default mode.
+ - `"WaitForFirstConsumer"` indicates that PersistentVolumeClaims should not be provisioned and bound until the first Pod is created that references the PeristentVolumeClaim. The volume provisioning and binding will occur during Pod scheduing.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/storage.k8s.io/v1/storageclasses`
+- `DELETE`: delete collection of StorageClass
+- `GET`: list or watch objects of kind StorageClass
+- `POST`: create a StorageClass
+* `/apis/storage.k8s.io/v1/watch/storageclasses`
+- `GET`: watch individual changes to a list of StorageClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/storage.k8s.io/v1/storageclasses/{name}`
+- `DELETE`: delete a StorageClass
+- `GET`: read the specified StorageClass
+- `PATCH`: partially update the specified StorageClass
+- `PUT`: replace the specified StorageClass
+* `/apis/storage.k8s.io/v1/watch/storageclasses/{name}`
+- `GET`: watch changes to an object of kind StorageClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/storage.k8s.io/v1/storageclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of StorageClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind StorageClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.storage.v1.StorageClassList[`StorageClassList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a StorageClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 201 - Created
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 202 - Accepted
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/storageclasses
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of StorageClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/storageclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StorageClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a StorageClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 202 - Accepted
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified StorageClass
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified StorageClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 201 - Created
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified StorageClass
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 201 - Created
+| xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`StorageClass`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/storageclasses/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StorageClass
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind StorageClass. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc b/microshift_rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc
new file mode 100644
index 000000000000..469ffe57b84b
--- /dev/null
+++ b/microshift_rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc
@@ -0,0 +1,912 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="volumeattachment-storage-k8s-io-v1"]
+= VolumeAttachment [storage.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+VolumeAttachment captures the intent to attach or detach the specified volume to/from the specified node.
+
+VolumeAttachment objects are non-namespaced.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| VolumeAttachmentSpec is the specification of a VolumeAttachment request.
+
+| `status`
+| `object`
+| VolumeAttachmentStatus is the status of a VolumeAttachment request.
+
+|===
+=== .spec
+Description::
++
+--
+VolumeAttachmentSpec is the specification of a VolumeAttachment request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `attacher`
+  - `source`
+  - `nodeName`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `attacher`
+| `string`
+| attacher indicates the name of the volume driver that MUST handle this request. This is the name returned by GetPluginName().
+
+| `nodeName`
+| `string`
+| nodeName represents the node that the volume should be attached to.
+
+| `source`
+| `object`
+| VolumeAttachmentSource represents a volume that should be attached. Right now only PersistenVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.
+
+|===
+=== .spec.source
+Description::
++
+--
+VolumeAttachmentSource represents a volume that should be attached. Right now only PersistenVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `inlineVolumeSpec`
+| xref:../objects/index.adoc#io.k8s.api.core.v1.PersistentVolumeSpec[`PersistentVolumeSpec`]
+| inlineVolumeSpec contains all the information necessary to attach a persistent volume defined by a pod's inline VolumeSource. This field is populated only for the CSIMigration feature. It contains translated fields from a pod's inline VolumeSource to a PersistentVolumeSpec. This field is beta-level and is only honored by servers that enabled the CSIMigration feature.
+
+| `persistentVolumeName`
+| `string`
+| persistentVolumeName represents the name of the persistent volume to attach.
+
+|===
+=== .status
+Description::
++
+--
+VolumeAttachmentStatus is the status of a VolumeAttachment request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `attached`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `attachError`
+| `object`
+| VolumeError captures an error encountered during a volume operation.
+
+| `attached`
+| `boolean`
+| attached indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+
+| `attachmentMetadata`
+| `object (string)`
+| attachmentMetadata is populated with any information returned by the attach operation, upon successful attach, that must be passed into subsequent WaitForAttach or Mount calls. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+
+| `detachError`
+| `object`
+| VolumeError captures an error encountered during a volume operation.
+
+|===
+=== .status.attachError
+Description::
++
+--
+VolumeError captures an error encountered during a volume operation.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| message represents the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.
+
+| `time`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| time represents the time the error was encountered.
+
+|===
+=== .status.detachError
+Description::
++
+--
+VolumeError captures an error encountered during a volume operation.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| message represents the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.
+
+| `time`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| time represents the time the error was encountered.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/storage.k8s.io/v1/volumeattachments`
+- `DELETE`: delete collection of VolumeAttachment
+- `GET`: list or watch objects of kind VolumeAttachment
+- `POST`: create a VolumeAttachment
+* `/apis/storage.k8s.io/v1/watch/volumeattachments`
+- `GET`: watch individual changes to a list of VolumeAttachment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/storage.k8s.io/v1/volumeattachments/{name}`
+- `DELETE`: delete a VolumeAttachment
+- `GET`: read the specified VolumeAttachment
+- `PATCH`: partially update the specified VolumeAttachment
+- `PUT`: replace the specified VolumeAttachment
+* `/apis/storage.k8s.io/v1/watch/volumeattachments/{name}`
+- `GET`: watch changes to an object of kind VolumeAttachment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/storage.k8s.io/v1/volumeattachments/{name}/status`
+- `GET`: read status of the specified VolumeAttachment
+- `PATCH`: partially update status of the specified VolumeAttachment
+- `PUT`: replace status of the specified VolumeAttachment
+
+
+=== /apis/storage.k8s.io/v1/volumeattachments
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.storage.v1.VolumeAttachmentList[`VolumeAttachmentList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 201 - Created
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 202 - Accepted
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/volumeattachments
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of VolumeAttachment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/volumeattachments/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeAttachment
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 202 - Accepted
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified VolumeAttachment
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 201 - Created
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 201 - Created
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/watch/volumeattachments/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeAttachment
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind VolumeAttachment. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/storage.k8s.io/v1/volumeattachments/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the VolumeAttachment
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified VolumeAttachment
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 201 - Created
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified VolumeAttachment
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 201 - Created
+| xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`VolumeAttachment`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/storage_version_migration_apis/storage-version-migration-apis-index.adoc b/microshift_rest_api/storage_version_migration_apis/storage-version-migration-apis-index.adoc
new file mode 100644
index 000000000000..ffc53ca0b145
--- /dev/null
+++ b/microshift_rest_api/storage_version_migration_apis/storage-version-migration-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="storage-version-migration-apis"]
+= Storage Version Migration APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== StorageVersionMigration [migration.k8s.io/v1alpha1]
+
+Description::
++
+--
+StorageVersionMigration represents a migration of stored data to the latest storage version.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc b/microshift_rest_api/storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc
new file mode 100644
index 000000000000..7f103ef9bb3a
--- /dev/null
+++ b/microshift_rest_api/storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc
@@ -0,0 +1,732 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="storageversionmigration-migration-k8s-io-v1alpha1"]
+= StorageVersionMigration [migration.k8s.io/v1alpha1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+StorageVersionMigration represents a migration of stored data to the latest storage version.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| Specification of the migration.
+
+| `status`
+| `object`
+| Status of the migration.
+
+|===
+=== .spec
+Description::
++
+--
+Specification of the migration.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resource`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `continueToken`
+| `string`
+| The token used in the list options to get the next chunk of objects to migrate. When the .status.conditions indicates the migration is "Running", users can use this token to check the progress of the migration.
+
+| `resource`
+| `object`
+| The resource that is being migrated. The migrator sends requests to the endpoint serving the resource. Immutable.
+
+|===
+=== .spec.resource
+Description::
++
+--
+The resource that is being migrated. The migrator sends requests to the endpoint serving the resource. Immutable.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| The name of the group.
+
+| `resource`
+| `string`
+| The name of the resource.
+
+| `version`
+| `string`
+| The name of the version.
+
+|===
+=== .status
+Description::
++
+--
+Status of the migration.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| The latest available observations of the migration's current state.
+
+| `conditions[]`
+| `object`
+| Describes the state of a migration at a certain point.
+
+|===
+=== .status.conditions
+Description::
++
+--
+The latest available observations of the migration's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+Describes the state of a migration at a certain point.
+--
+
+Type::
+  `object`
+
+Required::
+  - `status`
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastUpdateTime`
+| `string`
+| The last time this condition was updated.
+
+| `message`
+| `string`
+| A human readable message indicating details about the transition.
+
+| `reason`
+| `string`
+| The reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| Type of the condition.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/migration.k8s.io/v1alpha1/storageversionmigrations`
+- `DELETE`: delete collection of StorageVersionMigration
+- `GET`: list objects of kind StorageVersionMigration
+- `POST`: create a StorageVersionMigration
+* `/apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}`
+- `DELETE`: delete a StorageVersionMigration
+- `GET`: read the specified StorageVersionMigration
+- `PATCH`: partially update the specified StorageVersionMigration
+- `PUT`: replace the specified StorageVersionMigration
+* `/apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}/status`
+- `GET`: read status of the specified StorageVersionMigration
+- `PATCH`: partially update status of the specified StorageVersionMigration
+- `PUT`: replace status of the specified StorageVersionMigration
+
+
+=== /apis/migration.k8s.io/v1alpha1/storageversionmigrations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.migration.v1alpha1.StorageVersionMigrationList[`StorageVersionMigrationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 201 - Created
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 202 - Accepted
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StorageVersionMigration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 201 - Created
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the StorageVersionMigration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified StorageVersionMigration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 201 - Created
+| xref:../storage_version_migration_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc#storageversionmigration-migration-k8s-io-v1alpha1[`StorageVersionMigration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/topolvm_apis/logicalvolume-topolvm-io-v1.adoc b/microshift_rest_api/topolvm_apis/logicalvolume-topolvm-io-v1.adoc
new file mode 100644
index 000000000000..2feca0d5798a
--- /dev/null
+++ b/microshift_rest_api/topolvm_apis/logicalvolume-topolvm-io-v1.adoc
@@ -0,0 +1,674 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="logicalvolume-topolvm-io-v1"]
+= LogicalVolume [topolvm.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+LogicalVolume is the Schema for the logicalvolumes API
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| LogicalVolumeSpec defines the desired state of LogicalVolume
+
+| `status`
+| `object`
+| LogicalVolumeStatus defines the observed state of LogicalVolume
+
+|===
+=== .spec
+Description::
++
+--
+LogicalVolumeSpec defines the desired state of LogicalVolume
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `nodeName`
+  - `size`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessType`
+| `string`
+| 'accessType' specifies how the user intends to consume the snapshot logical volume. Set to "ro" when creating a snapshot and to "rw" when restoring a snapshot or creating a clone. This field is populated only when LogicalVolume has a source.
+
+| `deviceClass`
+| `string`
+|
+
+| `name`
+| `string`
+|
+
+| `nodeName`
+| `string`
+|
+
+| `size`
+| `integer-or-string`
+|
+
+| `source`
+| `string`
+| 'source' specifies the logicalvolume name of the source; if present. This field is populated only when LogicalVolume has a source.
+
+|===
+=== .status
+Description::
++
+--
+LogicalVolumeStatus defines the observed state of LogicalVolume
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `code`
+| `integer`
+| A Code is an unsigned 32-bit error code as defined in the gRPC spec.
+
+| `currentSize`
+| `integer-or-string`
+|
+
+| `message`
+| `string`
+|
+
+| `volumeID`
+| `string`
+| INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/topolvm.io/v1/logicalvolumes`
+- `DELETE`: delete collection of LogicalVolume
+- `GET`: list objects of kind LogicalVolume
+- `POST`: create a LogicalVolume
+* `/apis/topolvm.io/v1/logicalvolumes/{name}`
+- `DELETE`: delete a LogicalVolume
+- `GET`: read the specified LogicalVolume
+- `PATCH`: partially update the specified LogicalVolume
+- `PUT`: replace the specified LogicalVolume
+* `/apis/topolvm.io/v1/logicalvolumes/{name}/status`
+- `GET`: read status of the specified LogicalVolume
+- `PATCH`: partially update status of the specified LogicalVolume
+- `PUT`: replace status of the specified LogicalVolume
+
+
+=== /apis/topolvm.io/v1/logicalvolumes
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.topolvm.v1.LogicalVolumeList[`LogicalVolumeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 201 - Created
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 202 - Accepted
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/topolvm.io/v1/logicalvolumes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the LogicalVolume
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 201 - Created
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/topolvm.io/v1/logicalvolumes/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the LogicalVolume
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified LogicalVolume
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 201 - Created
+| xref:../topolvm_apis/logicalvolume-topolvm-io-v1.adoc#logicalvolume-topolvm-io-v1[`LogicalVolume`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/topolvm_apis/topolvm-apis-index.adoc b/microshift_rest_api/topolvm_apis/topolvm-apis-index.adoc
new file mode 100644
index 000000000000..9dcdf5aba246
--- /dev/null
+++ b/microshift_rest_api/topolvm_apis/topolvm-apis-index.adoc
@@ -0,0 +1,20 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="topolvm-apis"]
+= TopoLVM APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== LogicalVolume [topolvm.io/v1]
+
+Description::
++
+--
+LogicalVolume is the Schema for the logicalvolumes API
+--
+
+Type::
+  `object`
+
diff --git a/microshift_rest_api/understanding-api-support-tiers.adoc b/microshift_rest_api/understanding-api-support-tiers.adoc
index 73a078930fbe..803a83de71b7 100644
--- a/microshift_rest_api/understanding-api-support-tiers.adoc
+++ b/microshift_rest_api/understanding-api-support-tiers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-api-support-tiers"]
 = Understanding API tiers
 include::_attributes/common-attributes.adoc[]
@@ -11,7 +11,7 @@ toc::[]
 This guidance does not cover layered {product-title} offerings.
 ====
 
-Red Hat requests that application developers validate that any behavior they depend on is explicitly defined in the formal API documentation to prevent introducing dependencies on unspecified implementation-specific behavior or dependencies on bugs in a particular implementation of an API.  For example, new releases of an ingress router may not be compatible with older releases if an application uses an undocumented API or relies on undefined behavior.
+Red Hat requests that application developers validate that any behavior they depend on is explicitly defined in the formal API documentation to prevent introducing dependencies on unspecified implementation-specific behavior or dependencies on bugs in a particular implementation of an API. For example, new releases of an ingress router may not be compatible with older releases if an application uses an undocumented API or relies on undefined behavior.
 
 include::modules/api-support-tiers.adoc[leveloffset=+1]
 
diff --git a/microshift_rest_api/understanding-compatibility-guidelines.adoc b/microshift_rest_api/understanding-compatibility-guidelines.adoc
index b2153251d9e2..f6840c333368 100644
--- a/microshift_rest_api/understanding-compatibility-guidelines.adoc
+++ b/microshift_rest_api/understanding-compatibility-guidelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compatibility-guidelines"]
 = Understanding API compatibility guidelines
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+Follow the compatibility guidelines to understand the APIs enabled for {product-title}.
+
 [IMPORTANT]
 ====
 This guidance does not cover layered {product-title} offerings.
diff --git a/microshift_rest_api/webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/microshift_rest_api/webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
new file mode 100644
index 000000000000..39689bc499ca
--- /dev/null
+++ b/microshift_rest_api/webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
@@ -0,0 +1,985 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="mutatingwebhookconfiguration-admissionregistration-k8s-io-v1"]
+= MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+
+| `webhooks`
+| `array`
+| Webhooks is a list of webhooks and the affected resources and operations.
+
+| `webhooks[]`
+| `object`
+| MutatingWebhook describes an admission webhook and the resources and operations it applies to.
+
+|===
+=== .webhooks
+Description::
++
+--
+Webhooks is a list of webhooks and the affected resources and operations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[]
+Description::
++
+--
+MutatingWebhook describes an admission webhook and the resources and operations it applies to.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `clientConfig`
+  - `sideEffects`
+  - `admissionReviewVersions`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `admissionReviewVersions`
+| `array (string)`
+| AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
+
+| `clientConfig`
+| `object`
+| WebhookClientConfig contains the information to make a TLS connection with the webhook
+
+| `failurePolicy`
+| `string`
+| FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
+
+Possible enum values:
+ - `"Fail"` means that an error calling the webhook causes the admission to fail.
+ - `"Ignore"` means that an error calling the webhook is ignored.
+
+| `matchConditions`
+| `array`
+| MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+
+| `matchConditions[]`
+| `object`
+| MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+
+| `matchPolicy`
+| `string`
+| matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
+
+- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
+
+- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
+
+Defaults to "Equivalent"
+
+Possible enum values:
+ - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
+ - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule.
+
+| `name`
+| `string`
+| The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
+
+For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
+  "matchExpressions": [
+    {
+      "key": "runlevel",
+      "operator": "NotIn",
+      "values": [
+        "0",
+        "1"
+      ]
+    }
+  ]
+}
+
+If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
+  "matchExpressions": [
+    {
+      "key": "environment",
+      "operator": "In",
+      "values": [
+        "prod",
+        "staging"
+      ]
+    }
+  ]
+}
+
+See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
+
+Default to the empty LabelSelector, which matches everything.
+
+| `objectSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+
+| `reinvocationPolicy`
+| `string`
+| reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
+
+Never: the webhook will not be called more than once in a single admission evaluation.
+
+IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
+
+Defaults to "Never".
+
+Possible enum values:
+ - `"IfNeeded"` indicates that the webhook may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.
+ - `"Never"` indicates that the webhook must not be called more than once in a single admission evaluation.
+
+| `rules`
+| `array`
+| Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+
+| `rules[]`
+| `object`
+| RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.
+
+| `sideEffects`
+| `string`
+| SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+
+Possible enum values:
+ - `"None"` means that calling the webhook will have no side effects.
+ - `"NoneOnDryRun"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.
+ - `"Some"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+ - `"Unknown"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+
+| `timeoutSeconds`
+| `integer`
+| TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+|===
+=== .webhooks[].clientConfig
+Description::
++
+--
+WebhookClientConfig contains the information to make a TLS connection with the webhook
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `caBundle`
+| `string`
+| `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+
+| `service`
+| `object`
+| ServiceReference holds a reference to Service.legacy.k8s.io
+
+| `url`
+| `string`
+| `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
+
+The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
+
+Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
+
+The scheme must be "https"; the URL must begin with "https://".
+
+A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
+
+Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+|===
+=== .webhooks[].clientConfig.service
+Description::
++
+--
+ServiceReference holds a reference to Service.legacy.k8s.io
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the name of the service. Required
+
+| `namespace`
+| `string`
+| `namespace` is the namespace of the service. Required
+
+| `path`
+| `string`
+| `path` is an optional URL path which will be sent in any request to this service.
+
+| `port`
+| `integer`
+| If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+|===
+=== .webhooks[].matchConditions
+Description::
++
+--
+MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[].matchConditions[]
+Description::
++
+--
+MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `expression`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `expression`
+| `string`
+| Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
+
+'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+  request resource.
+Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
+
+Required.
+
+| `name`
+| `string`
+| Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
+
+Required.
+
+|===
+=== .webhooks[].rules
+Description::
++
+--
+Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[].rules[]
+Description::
++
+--
+RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+
+| `apiVersions`
+| `array (string)`
+| APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
+
+| `operations`
+| `array (string)`
+| Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
+
+| `resources`
+| `array (string)`
+| Resources is a list of resources this rule applies to.
+
+For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
+
+If wildcard is present, the validation rule will ensure resources do not overlap with each other.
+
+Depending on the enclosing object, subresources might not be allowed. Required.
+
+| `scope`
+| `string`
+| scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations`
+- `DELETE`: delete collection of MutatingWebhookConfiguration
+- `GET`: list or watch objects of kind MutatingWebhookConfiguration
+- `POST`: create a MutatingWebhookConfiguration
+* `/apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations`
+- `GET`: watch individual changes to a list of MutatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}`
+- `DELETE`: delete a MutatingWebhookConfiguration
+- `GET`: read the specified MutatingWebhookConfiguration
+- `PATCH`: partially update the specified MutatingWebhookConfiguration
+- `PUT`: replace the specified MutatingWebhookConfiguration
+* `/apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations/{name}`
+- `GET`: watch changes to an object of kind MutatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of MutatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind MutatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList[`MutatingWebhookConfigurationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a MutatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 201 - Created
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 202 - Accepted
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of MutatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the MutatingWebhookConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a MutatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified MutatingWebhookConfiguration
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified MutatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 201 - Created
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified MutatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 201 - Created
+| xref:../webhook_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#mutatingwebhookconfiguration-admissionregistration-k8s-io-v1[`MutatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the MutatingWebhookConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind MutatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/microshift_rest_api/webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
new file mode 100644
index 000000000000..e572ad6c475d
--- /dev/null
+++ b/microshift_rest_api/webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
@@ -0,0 +1,971 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="validatingwebhookconfiguration-admissionregistration-k8s-io-v1"]
+= ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+
+| `webhooks`
+| `array`
+| Webhooks is a list of webhooks and the affected resources and operations.
+
+| `webhooks[]`
+| `object`
+| ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
+
+|===
+=== .webhooks
+Description::
++
+--
+Webhooks is a list of webhooks and the affected resources and operations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[]
+Description::
++
+--
+ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `clientConfig`
+  - `sideEffects`
+  - `admissionReviewVersions`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `admissionReviewVersions`
+| `array (string)`
+| AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
+
+| `clientConfig`
+| `object`
+| WebhookClientConfig contains the information to make a TLS connection with the webhook
+
+| `failurePolicy`
+| `string`
+| FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
+
+Possible enum values:
+ - `"Fail"` means that an error calling the webhook causes the admission to fail.
+ - `"Ignore"` means that an error calling the webhook is ignored.
+
+| `matchConditions`
+| `array`
+| MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+
+| `matchConditions[]`
+| `object`
+| MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+
+| `matchPolicy`
+| `string`
+| matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
+
+- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
+
+- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
+
+Defaults to "Equivalent"
+
+Possible enum values:
+ - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
+ - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule.
+
+| `name`
+| `string`
+| The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
+
+| `namespaceSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
+
+For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
+  "matchExpressions": [
+    {
+      "key": "runlevel",
+      "operator": "NotIn",
+      "values": [
+        "0",
+        "1"
+      ]
+    }
+  ]
+}
+
+If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
+  "matchExpressions": [
+    {
+      "key": "environment",
+      "operator": "In",
+      "values": [
+        "prod",
+        "staging"
+      ]
+    }
+  ]
+}
+
+See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
+
+Default to the empty LabelSelector, which matches everything.
+
+| `objectSelector`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
+| ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+
+| `rules`
+| `array`
+| Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+
+| `rules[]`
+| `object`
+| RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.
+
+| `sideEffects`
+| `string`
+| SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+
+Possible enum values:
+ - `"None"` means that calling the webhook will have no side effects.
+ - `"NoneOnDryRun"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.
+ - `"Some"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+ - `"Unknown"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+
+| `timeoutSeconds`
+| `integer`
+| TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+|===
+=== .webhooks[].clientConfig
+Description::
++
+--
+WebhookClientConfig contains the information to make a TLS connection with the webhook
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `caBundle`
+| `string`
+| `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
+
+| `service`
+| `object`
+| ServiceReference holds a reference to Service.legacy.k8s.io
+
+| `url`
+| `string`
+| `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
+
+The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
+
+Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
+
+The scheme must be "https"; the URL must begin with "https://".
+
+A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
+
+Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+|===
+=== .webhooks[].clientConfig.service
+Description::
++
+--
+ServiceReference holds a reference to Service.legacy.k8s.io
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the name of the service. Required
+
+| `namespace`
+| `string`
+| `namespace` is the namespace of the service. Required
+
+| `path`
+| `string`
+| `path` is an optional URL path which will be sent in any request to this service.
+
+| `port`
+| `integer`
+| If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+|===
+=== .webhooks[].matchConditions
+Description::
++
+--
+MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[].matchConditions[]
+Description::
++
+--
+MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `expression`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `expression`
+| `string`
+| Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
+
+'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+  request resource.
+Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
+
+Required.
+
+| `name`
+| `string`
+| Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
+
+Required.
+
+|===
+=== .webhooks[].rules
+Description::
++
+--
+Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[].rules[]
+Description::
++
+--
+RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+
+| `apiVersions`
+| `array (string)`
+| APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
+
+| `operations`
+| `array (string)`
+| Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
+
+| `resources`
+| `array (string)`
+| Resources is a list of resources this rule applies to.
+
+For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
+
+If wildcard is present, the validation rule will ensure resources do not overlap with each other.
+
+Depending on the enclosing object, subresources might not be allowed. Required.
+
+| `scope`
+| `string`
+| scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations`
+- `DELETE`: delete collection of ValidatingWebhookConfiguration
+- `GET`: list or watch objects of kind ValidatingWebhookConfiguration
+- `POST`: create a ValidatingWebhookConfiguration
+* `/apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations`
+- `GET`: watch individual changes to a list of ValidatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}`
+- `DELETE`: delete a ValidatingWebhookConfiguration
+- `GET`: read the specified ValidatingWebhookConfiguration
+- `PATCH`: partially update the specified ValidatingWebhookConfiguration
+- `PUT`: replace the specified ValidatingWebhookConfiguration
+* `/apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations/{name}`
+- `GET`: watch changes to an object of kind ValidatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+=== /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ValidatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind ValidatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList[`ValidatingWebhookConfigurationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ValidatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 201 - Created
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 202 - Accepted
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of ValidatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ValidatingWebhookConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+|===
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ValidatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `gracePeriodSeconds`
+| `integer`
+| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+| `orphanDependents`
+| `boolean`
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| `propagationPolicy`
+| `string`
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ValidatingWebhookConfiguration
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ValidatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| `force`
+| `boolean`
+| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 201 - Created
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ValidatingWebhookConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldManager`
+| `string`
+| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+|
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 201 - Created
+| xref:../webhook_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc#validatingwebhookconfiguration-admissionregistration-k8s-io-v1[`ValidatingWebhookConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ValidatingWebhookConfiguration
+|===
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `allowWatchBookmarks`
+| `boolean`
+| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| `continue`
+| `string`
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+
+This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+| `fieldSelector`
+| `string`
+| A selector to restrict the list of returned objects by their fields. Defaults to everything.
+| `labelSelector`
+| `string`
+| A selector to restrict the list of returned objects by their labels. Defaults to everything.
+| `limit`
+| `integer`
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+
+The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+| `pretty`
+| `string`
+| If &#x27;true&#x27;, then the output is pretty printed.
+| `resourceVersion`
+| `string`
+| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `resourceVersionMatch`
+| `string`
+| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
+
+Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| &#x60;sendInitialEvents&#x3D;true&#x60; may be set together with &#x60;watch&#x3D;true&#x60;. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic &quot;Bookmark&quot; event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with &#x60;&quot;k8s.io/initial-events-end&quot;: &quot;true&quot;&#x60; annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When &#x60;sendInitialEvents&#x60; option is set, we require &#x60;resourceVersionMatch&#x60; option to also be set. The semantic of the watch request is as following: - &#x60;resourceVersionMatch&#x60; &#x3D; NotOlderThan
+  is interpreted as &quot;data at least as new as the provided &#x60;resourceVersion&#x60;&quot;
+  and the bookmark event is send when the state is synced
+  to a &#x60;resourceVersion&#x60; at least as fresh as the one provided by the ListOptions.
+  If &#x60;resourceVersion&#x60; is unset, this is interpreted as &quot;consistent read&quot; and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- &#x60;resourceVersionMatch&#x60; set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if &#x60;resourceVersion&#x3D;&quot;&quot;&#x60; or &#x60;resourceVersion&#x3D;&quot;0&quot;&#x60; (for backward compatibility reasons) and to false otherwise.
+| `timeoutSeconds`
+| `integer`
+| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+| `watch`
+| `boolean`
+| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind ValidatingWebhookConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/microshift_rest_api/webhook_apis/webhook-apis-index.adoc b/microshift_rest_api/webhook_apis/webhook-apis-index.adoc
new file mode 100644
index 000000000000..d7bb32d36c63
--- /dev/null
+++ b/microshift_rest_api/webhook_apis/webhook-apis-index.adoc
@@ -0,0 +1,31 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="webhook-apis"]
+= Webhook APIs
+:toc: macro
+:toc-title:
+
+toc::[]
+
+== MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
+
+Description::
++
+--
+MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
+--
+
+Type::
+  `object`
+
+== ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
+
+Description::
++
+--
+ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
+--
+
+Type::
+  `object`
+
diff --git a/microshift_running_apps/microshift-applications.adoc b/microshift_running_apps/microshift-applications.adoc
index aa25d0c15308..9f574cc3e38f 100644
--- a/microshift_running_apps/microshift-applications.adoc
+++ b/microshift_running_apps/microshift-applications.adoc
@@ -1,12 +1,15 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="applications-with-microshift"]
-= Application deployment with {product-title}
+= Using Kustomize manifests to deploy applications
 include::_attributes/attributes-microshift.adoc[]
 :context: applications-microshift
 
 toc::[]
 
-You can use the `kustomize` configuration management tool to deploy applications. Read through the following procedure for an example of how this tool works in {product-title}.
+You can use the `kustomize` configuration management tool with application manifests to deploy applications. Read through the following procedures for an example of how Kustomize works in {microshift-short}.
 
 include::modules/microshift-manifests-overview.adoc[leveloffset=+1]
+
+include::modules/microshift-manifests-override-paths.adoc[leveloffset=+1]
+
 include::modules/microshift-applying-manifests-example.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_running_apps/microshift-authentication.adoc b/microshift_running_apps/microshift-authentication.adoc
new file mode 100644
index 000000000000..12434ac7a815
--- /dev/null
+++ b/microshift_running_apps/microshift-authentication.adoc
@@ -0,0 +1,15 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="authentication-with-microshift"]
+= Pod security authentication and authorization
+include::_attributes/attributes-microshift.adoc[]
+:context: authentication-microshift
+
+== Understanding and managing pod security admission
+
+Pod security admission is an implementation of the link:https://kubernetes.io/docs/concepts/security/pod-security-standards/[Kubernetes pod security standards]. Use pod security admission to restrict the behavior of pods.
+
+include::modules/microshift-security-context-constraints.adoc[leveloffset=+1]
+
+include::modules/microshift-viewing-security-context.adoc[leveloffset=+2]
+
+include::modules/microshift-security-context-constraints-opting.adoc[leveloffset=+1]
diff --git a/microshift_running_apps/microshift-embed-apps-offline-use.adoc b/microshift_running_apps/microshift-embed-apps-offline-use.adoc
new file mode 100644
index 000000000000..bd55bde7b3af
--- /dev/null
+++ b/microshift_running_apps/microshift-embed-apps-offline-use.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-embed-apps-offline-use"]
+= Embedding applications for offline use
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-embed-apps-offline-use
+
+toc::[]
+
+You can embed microservices-based workloads and applications in a {op-system-ostree-first} image. Embedding means you can run a {product-title} cluster in air-gapped, disconnected, or offline environments.
+
+include::modules/microshift-embed-images-offline-use.adoc[leveloffset=+1]
+
+//additional resources for embedding images for offline use
+[id="Additional-resources_microshift-embed-apps-offline-use_{context}"]
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../microshift_running_apps/microshift-embedded-apps-on-rhel-edge.adoc#microshift-embedded-apps-on-rhel-edge[Options for embedding {product-title} applications in a {op-system-ostree} image]
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#microshift-creating-ostree-iso_microshift-embed-in-rpm-ostree[Creating the {op-system-ostree} image]
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#microshift-add-blueprint-build-iso_microshift-embed-in-rpm-ostree[Add the blueprint to Image Builder and build the ISO]
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#microshift-download-iso-prep-for-use_microshift-embed-in-rpm-ostree[Download the ISO and prepare it for use]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#upgrading_rhel_for_edge_systems[Upgrading {op-system-ostree} systems]
diff --git a/microshift_running_apps/microshift-embedded-apps-on-rhel-edge.adoc b/microshift_running_apps/microshift-embedded-apps-on-rhel-edge.adoc
new file mode 100644
index 000000000000..f68f89db9db7
--- /dev/null
+++ b/microshift_running_apps/microshift-embedded-apps-on-rhel-edge.adoc
@@ -0,0 +1,56 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-embedded-apps-on-rhel-edge"]
+= Options for embedding {microshift-short} applications in a RHEL for Edge image
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-embedded-apps-on-rhel-edge
+
+toc::[]
+
+You can embed microservices-based workloads and applications in a {op-system-ostree-first} image to run in a {microshift-short} cluster. Embedded applications can be installed directly on edge devices to run in air-gapped, disconnected, or offline environments.
+
+[id="microshift-add-app-RPMs-to-rpm-ostree-image_{context}"]
+== Adding application RPMs to an rpm-ostree image
+If you have an application that includes APIs, container images, and configuration files for deployment such as manifests, you can build application RPMs. You can then add the RPMs to your {op-system-ostree} system image.
+
+The following is an outline of the procedures to embed applications or workloads in an fully self-contained operating system image:
+
+* Build your own RPM that includes your application manifest.
+* Add the RPM to the blueprint you used to install {product-title}.
+* Add the workload container images to the same blueprint.
+* Create a bootable ISO.
+
+For a step-by-step tutorial about preparing and embedding applications in a {op-system-ostree} image, use the following tutorial:
+
+* xref:../microshift_running_apps/microshift-embedding-apps-tutorial.adoc#microshift-embedding-apps-tutorial[Embedding applications tutorial]
+
+[id="microshift-add-app-manifests-to-image_{context}"]
+== Adding application manifests to an image for offline use
+If you have a simple application that includes a few files for deployment such as manifests, you can add those manifests directly to a {op-system-ostree} system image.
+
+See the "Create a custom file blueprint customization" section of the following {op-system-ostree} documentation for an example:
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images#image-customizations_composing-a-rhel-for-edge-image-using-image-builder-command-line[Create a custom file blueprint customization]
+
+[id="microshift-embed-apps-for-offline-use_{context}"]
+== Embedding applications for offline use
+If you have an application that includes more than a few files, you can embed the application for offline use. See the following procedure:
+
+* xref:../microshift_running_apps/microshift-embed-apps-offline-use.adoc#microshift-embed-apps-offline-use[Embedding applications for offline use]
+
+//additional resources for assembly
+[id="additional-resources_microshift-embed-apps-on-rhel-edge_{context}"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#microshift-embed-in-rpm-ostree[Embedding {product-title} in an RPM-OSTree image]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html/composing_installing_and_managing_rhel_for_edge_images/index[Composing, installing, and managing {op-system-ostree} images]
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#preparing-for-image-building_microshift-embed-in-rpm-ostree[Preparing for image building]
+
+* link:https://cloud.redhat.com/blog/meet-red-hat-device-edge-with-microshift[Meet Red Hat Device Edge]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html-single/composing_installing_and_managing_rhel_for_edge_images/index#composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images[Composing a RHEL for Edge image using image builder command-line]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html-single/composing_installing_and_managing_rhel_for_edge_images/index#edge-image-builder-system-requirements_setting-up-image-builder[Image Builder system requirements]
+
+//* link:https://www.redhat.com/sysadmin/create-rpm-package[How to create a Linux RPM package]
diff --git a/microshift_running_apps/microshift-embedding-apps-tutorial.adoc b/microshift_running_apps/microshift-embedding-apps-tutorial.adoc
new file mode 100644
index 000000000000..ec64e42bc7d3
--- /dev/null
+++ b/microshift_running_apps/microshift-embedding-apps-tutorial.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-embedding-apps-tutorial"]
+= Embedding {product-title} applications tutorial
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-embedding-apps-tutorial
+
+toc::[]
+
+The following tutorial gives a detailed example of how to embed applications in a {op-system-ostree} image for use in a {microshift-short} cluster in various environments.
+
+include::modules/microshift-embed-app-rpms-tutorial.adoc[leveloffset=+1]
+
+include::modules/microshift-preparing-to-make-app-rpms.adoc[leveloffset=+2]
+
+include::modules/microshift-building-apps-rpms.adoc[leveloffset=+2]
+
+include::modules/microshift-adding-app-rpms-to-blueprint.adoc[leveloffset=+2]
+
+//additional resources for adding app rpms to blueprint
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images#doc-wrapper[Composing a {op-system-ostree} image using the Image Builder CLI]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images#network_based_deployments_workflow[Network-based deployments workflow]
+
+//additional resources for assembly
+[id="additional-resources_microshift-embedding-apps-tutorial_{context}"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../microshift_running_apps/microshift-embed-apps-offline-use.adoc#microshift-embed-apps-offline-use[Embedding applications for offline use]
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#microshift-embed-in-rpm-ostree[Embedding {product-title} in an RPM-OSTree image]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html/composing_installing_and_managing_rhel_for_edge_images/index[Composing, installing, and managing {op-system-ostree} images]
+
+* xref:../microshift_install/microshift-embed-in-rpm-ostree.adoc#preparing-for-image-building_microshift-embed-in-rpm-ostree[Preparing for image building]
+
+* link:https://cloud.redhat.com/blog/meet-red-hat-device-edge-with-microshift[Meet Red Hat Device Edge with {product-title}]
+
+* link:https://www.redhat.com/sysadmin/create-rpm-package[How to create a Linux RPM package]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html-single/composing_installing_and_managing_rhel_for_edge_images/index#composing-a-rhel-for-edge-image-using-image-builder-command-line_composing-installing-managing-rhel-for-edge-images[Composing a {op-system-ostree} image using image builder command-line]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html-single/composing_installing_and_managing_rhel_for_edge_images/index#edge-image-builder-system-requirements_setting-up-image-builder[Image Builder system requirements]
diff --git a/microshift_running_apps/microshift-greenboot-workload-scripts.adoc b/microshift_running_apps/microshift-greenboot-workload-scripts.adoc
new file mode 100644
index 000000000000..c28f47f66626
--- /dev/null
+++ b/microshift_running_apps/microshift-greenboot-workload-scripts.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-greenboot-workload-scripts"]
+= Greenboot workload health check scripts
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-greenboot-workload-scripts
+
+toc::[]
+
+Greenboot health check scripts are helpful on edge devices where direct serviceability is either limited or non-existent. You can create health check scripts to assess the health of your workloads and applications. These additional health check scripts are useful components of software problem checks and automatic system rollbacks.
+
+A {microshift-short} health check script is included in the `microshift-greenboot` RPM. You can also create your own health check scripts based on the workloads you are running. For example, you can write one that verifies that a service has started.
+
+include::modules/microshift-greenboot-how-workload-health-check-scripts-work.adoc[leveloffset=+1]
+
+include::modules/microshift-greenboot-included-health-checks.adoc[leveloffset=+1]
+
+include::modules/microshift-greenboot-create-health-check-script.adoc[leveloffset=+1]
+
+include::modules/microshift-greenboot-testing-workload-script.adoc[leveloffset=+1]
+
+[id="additional-resources_microshift-greenboot-workload-scripts_{context}"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../microshift_install/microshift-greenboot.adoc#microshift-greenboot[The Greenboot health check]
+* xref:../microshift_running_apps/microshift-applications.adoc#microshift-applying-manifests-example_applications-microshift[Auto applying manifests]
diff --git a/microshift_running_apps/microshift-operators.adoc b/microshift_running_apps/microshift-operators.adoc
index bfee1f5a18c4..570a5b3c05d0 100644
--- a/microshift_running_apps/microshift-operators.adoc
+++ b/microshift_running_apps/microshift-operators.adoc
@@ -1,22 +1,18 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operators-with-microshift"]
-= How Operators work with {product-title}
+= How Operators work with {microshift-short}
 include::_attributes/attributes-microshift.adoc[]
 :context: operators-microshift
 
 toc::[]
 
-You can use Operators with {product-title} to create applications that monitor the running services in your cluster. Operators can manage applications and their resources, such as deploying a database or message bus. As customized software running inside your cluster, Operators can be used to implement and automate common operations.
+You can use Operators with {microshift-short} to create applications that monitor the running services in your cluster. Operators can manage applications and their resources, such as deploying a database or message bus. As customized software running inside your cluster, Operators can be used to implement and automate common operations.
 
 Operators offer a more localized configuration experience and integrate with Kubernetes APIs and CLI tools such as `kubectl` and `oc`. Operators are designed specifically for your applications. Operators enable you to configure components instead of modifying a global configuration file.
 
-{product-title} applications are generally expected to be deployed in static environments. However, Operators are available if helpful in your use case. To determine an Operator's compatibility with {product-title}, check the Operator's documentation.
+{microshift-short} applications are generally expected to be deployed in static environments. However, Operators are available if helpful in your use case. To determine an Operator's compatibility with {microshift-short}, check the Operator's documentation.
 
 [id="how-to-install-operators_{context}"]
-== How to install Operators in {product-title}
+== How to install Operators in {microshift-short}
 
-To minimize the footprint of {product-title}, Operators are installed directly with manifests instead of using the Operator Lifecycle Manager (OLM). The following examples provide instructions on how you can use the `kustomize` configuration management tool with {product-title} to deploy an application. Use the same steps to install Operators with manifests.
-
-include::modules/microshift-manifests-overview.adoc[leveloffset=+2]
-
-include::modules/microshift-applying-manifests-example.adoc[leveloffset=+2]
\ No newline at end of file
+To minimize the footprint of {microshift-short}, Operators are installed directly with manifests instead of using the Operator Lifecycle Manager (OLM). You can use the `kustomize` configuration management tool with {microshift-short} to deploy an application. Use the same steps to install Operators with manifests. Read xref:../microshift_running_apps/microshift-applications.adoc#microshift-manifests-overview_applications-microshift[Using Kustomize manifests to deploy applications] for more information about manifests.
\ No newline at end of file
diff --git a/microshift_storage/dynamic-provisioning-microshift.adoc b/microshift_storage/dynamic-provisioning-microshift.adoc
index 62b80e93cf2a..946603039d87 100644
--- a/microshift_storage/dynamic-provisioning-microshift.adoc
+++ b/microshift_storage/dynamic-provisioning-microshift.adoc
@@ -1,11 +1,13 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dynamic-provisioning-microshift"]
-= Dynamic provisioning for {product-title}
+= Dynamic provisioning
 include::_attributes/attributes-microshift.adoc[]
 :context: dynamic-provisioning-microshift
 
 toc::[]
 
+Learn about dynamic provisioning for {microshift-short}, including setting storage classes and other configuration options.
+
 include::modules/dynamic-provisioning-about.adoc[leveloffset=+1]
 
 include::modules/dynamic-provisioning-defining-storage-class.adoc[leveloffset=+1]
diff --git a/microshift_storage/expanding-persistent-volumes-microshift.adoc b/microshift_storage/expanding-persistent-volumes-microshift.adoc
index e583b0ab31d3..3f599de4331a 100644
--- a/microshift_storage/expanding-persistent-volumes-microshift.adoc
+++ b/microshift_storage/expanding-persistent-volumes-microshift.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="expanding-persistent-volumes-microshift"]
-= Expanding persistent volumes for {product-title}
+= Expanding persistent volumes
 include::_attributes/attributes-microshift.adoc[]
 :context: expanding-persistent-volumes-microshift
 
 toc::[]
 
-Learn how to expand persistent volumes in {product-title}.
+Learn how to expand persistent volumes in {microshift-short}.
 
 include::modules/storage-expanding-csi-volumes.adoc[leveloffset=+1]
 
diff --git a/microshift_storage/generic-ephemeral-volumes-microshift.adoc b/microshift_storage/generic-ephemeral-volumes-microshift.adoc
index c28401c95259..2fc719e4cfd2 100644
--- a/microshift_storage/generic-ephemeral-volumes-microshift.adoc
+++ b/microshift_storage/generic-ephemeral-volumes-microshift.adoc
@@ -1,11 +1,13 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="generic-ephemeral-volumes-microshift"]
-= Generic ephemeral volumes for {product-title}
-include::_attributes/common-attributes.adoc[]
+= Generic ephemeral volumes
+include::_attributes/attributes-microshift.adoc[]
 :context: generic-ephemeral-volumes-microshift
 
 toc::[]
 
+Learn about ephemeral volumes for {microshift-short}, including their lifecycles, security, and naming.
+
 include::modules/storage-ephemeral-vols-overview.adoc[leveloffset=+1]
 
 include::modules/storage-ephemeral-vols-lifecycle.adoc[leveloffset=+1]
diff --git a/microshift_storage/index.adoc b/microshift_storage/index.adoc
index 15eb5282f21e..2401089449e7 100644
--- a/microshift_storage/index.adoc
+++ b/microshift_storage/index.adoc
@@ -1,17 +1,17 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storage-overview-microshift"]
-= {product-title} storage overview
+= Storage overview
 include::_attributes/attributes-microshift.adoc[]
 :context: storage-overview-microshift
 
 toc::[]
 
-{product-title} supports multiple types of storage, both for on-premise and cloud providers. You can manage container storage for persistent and non-persistent data in a {product-title} cluster.
+{microshift-short} supports multiple types of storage, both for on-premise and cloud providers. You can manage container storage for persistent and non-persistent data in a {product-title} cluster.
 
 [id="microshift-storage-types"]
 == Storage types
 
-{product-title} storage is broadly classified into two categories, namely ephemeral storage and persistent storage.
+{microshift-short} storage is broadly classified into two categories, namely ephemeral storage and persistent storage.
 
 [id="microshift-ephemeral-storage"]
 === Ephemeral storage
@@ -21,7 +21,7 @@ Pods and containers are ephemeral or transient in nature and designed for statel
 [id="microshift-persistent-storage"]
 === Persistent storage
 
-Stateful applications deployed in containers require persistent storage. {product-title} uses a pre-provisioned storage framework called persistent volumes (PV) to allow cluster administrators to provision persistent storage. The data inside these volumes can exist beyond the lifecycle of an individual pod. Developers can use persistent volume claims (PVCs) to request storage requirements. For persistent storage details, read xref:../microshift_storage/understanding-persistent-storage-microshift.adoc#understanding-persistent-storage-microshift[Understanding persistent storage].
+Stateful applications deployed in containers require persistent storage. {microshift-short} uses a pre-provisioned storage framework called persistent volumes (PV) to allow cluster administrators to provision persistent storage. The data inside these volumes can exist beyond the lifecycle of an individual pod. Developers can use persistent volume claims (PVCs) to request storage requirements. For persistent storage details, read xref:../microshift_storage/understanding-persistent-storage-microshift.adoc#understanding-persistent-storage-microshift[Understanding persistent storage].
 
 [id="microshift-dynamic-provisioning-overview"]
 === Dynamic storage provisioning
diff --git a/microshift_storage/microshift-storage-migration.adoc b/microshift_storage/microshift-storage-migration.adoc
new file mode 100644
index 000000000000..d93b6d9ec638
--- /dev/null
+++ b/microshift_storage/microshift-storage-migration.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-storage-migration"]
+= Storage migration using the Kube Storage Version Migrator
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-storage-plugin-overview
+
+toc::[]
+
+Storage version migration is used to update existing objects in the cluster from their current version to the latest version. The Kube Storage Version Migrator embedded controller is used in {microshift-short} to migrate resources without having to recreate those resources. Either you or a controller can create a `StorageVersionMigration` custom resource (CR) that will request a migration through the Migrator Controller.
+
+include::modules/microshift-making-storage-migration-request.adoc[leveloffset=+1]
diff --git a/microshift_storage/microshift-storage-plugin-overview.adoc b/microshift_storage/microshift-storage-plugin-overview.adoc
index 40cf9b624d2c..c956da231d99 100644
--- a/microshift_storage/microshift-storage-plugin-overview.adoc
+++ b/microshift_storage/microshift-storage-plugin-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-storage-plugin-overview"]
 = Dynamic storage using the LVMS plugin
 include::_attributes/attributes-microshift.adoc[]
@@ -6,12 +6,18 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-{product-title} enables dynamic storage provisioning that is ready for immediate use with the logical volume manager storage (LVMS) Container Storage Interface (CSI) provider. The LVMS plugin is the Red Hat downstream version of TopoLVM, a CSI plugin for managing LVM volumes for Kubernetes.
+{microshift-short} enables dynamic storage provisioning that is ready for immediate use with the logical volume manager storage (LVMS) Container Storage Interface (CSI) provider. The LVMS plugin is the Red Hat downstream version of TopoLVM, a CSI plugin for managing logical volume management (LVM) logical volumes (LVs) for Kubernetes.
 
-LVMS provisions new logical volume management (LVM) logical volumes (LVs) for container workloads with appropriately configured persistent volume claims (PVC). Each PVC references a storage class that represents an LVM Volume Group (VG) on the host node. LVs are only provisioned for scheduled pods.
+LVMS provisions new LVM logical volumes for container workloads with appropriately configured persistent volume claims (PVCs). Each PVC references a storage class that represents an LVM Volume Group (VG) on the host node. LVs are only provisioned for scheduled pods.
 
 include::modules/microshift-lvms-system-requirements.adoc[leveloffset=+1]
+
 include::modules/microshift-lvms-deployment.adoc[leveloffset=+1]
+
 include::modules/microshift-lvmd-yaml-creating.adoc[leveloffset=+1]
+
 include::modules/microshift-lvms-config-example-basic.adoc[leveloffset=+1]
-include::modules/microshift-lvms-using.adoc[leveloffset=+1]
\ No newline at end of file
+
+include::modules/microshift-lvms-using.adoc[leveloffset=+1]
+
+include::modules/microshift-storage-device-classes.adoc[leveloffset=+2]
diff --git a/microshift_storage/understanding-ephemeral-storage-microshift.adoc b/microshift_storage/understanding-ephemeral-storage-microshift.adoc
index 562e2c31ff70..675f46153aed 100644
--- a/microshift_storage/understanding-ephemeral-storage-microshift.adoc
+++ b/microshift_storage/understanding-ephemeral-storage-microshift.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-ephemeral-storage-microshift"]
-= Understanding ephemeral storage for {product-title}
+= Understanding ephemeral storage
 include::_attributes/attributes-microshift.adoc[]
 :context: understanding-ephemeral-storage-microshift
 
 toc::[]
 
-Ephemeral storage is unstructured and temporary. It is often used with immutable applications. This guide discusses how ephemeral storage works for {product-title}.
+Ephemeral storage is unstructured and temporary. It is often used with immutable applications. This guide discusses how ephemeral storage works for {microshift-short}.
 
 include::modules/storage-ephemeral-storage-overview.adoc[leveloffset=+1]
 
diff --git a/microshift_storage/understanding-persistent-storage-microshift.adoc b/microshift_storage/understanding-persistent-storage-microshift.adoc
index 136e25ba85f5..977bedc420a5 100644
--- a/microshift_storage/understanding-persistent-storage-microshift.adoc
+++ b/microshift_storage/understanding-persistent-storage-microshift.adoc
@@ -1,19 +1,19 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-persistent-storage-microshift"]
-= Understanding persistent storage for {product-title}
+= Understanding persistent storage
 include::_attributes/attributes-microshift.adoc[]
 :context: understanding-persistent-storage-microshift
 
 toc::[]
 
-Managing storage is a distinct problem from managing compute resources. {product-title} uses the Kubernetes persistent volume (PV) framework to allow cluster administrators to provision persistent storage for a cluster. Developers can use persistent volume claims (PVCs) to request PV resources without having specific knowledge of the underlying storage infrastructure.
+Managing storage is a distinct problem from managing compute resources. {microshift-short} uses the Kubernetes persistent volume (PV) framework to allow cluster administrators to provision persistent storage for a cluster. Developers can use persistent volume claims (PVCs) to request PV resources without having specific knowledge of the underlying storage infrastructure.
 
 include::modules/storage-persistent-storage-overview.adoc[leveloffset=+1]
 
-[id="additional-resources_understanding-persistent-storage-microshift"]
+[id="additional-resources_understanding-persistent-storage-microshift_{context}"]
 [role="_additional-resources"]
-.Additional resources
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/storage/understanding-persistent-storage#pv-access-modes_understanding-persistent-storage[Access modes for persistent storage]
+== Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/storage/understanding-persistent-storage#pv-access-modes_understanding-persistent-storage[Access modes for persistent storage]
 
 include::modules/storage-persistent-storage-lifecycle.adoc[leveloffset=+1]
 
@@ -23,6 +23,10 @@ include::modules/storage-persistent-storage-reclaim.adoc[leveloffset=+2]
 
 include::modules/storage-persistent-storage-pv.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_file_systems/mounting-file-systems_managing-file-systems#common-mount-options_mounting-file-systems[Common mount options]
+
 include::modules/storage-persistent-storage-pvc.adoc[leveloffset=+1]
 
 include::modules/storage-persistent-storage-fsGroup.adoc[leveloffset=+1]
diff --git a/microshift_storage/volume-snapshots-microshift.adoc b/microshift_storage/volume-snapshots-microshift.adoc
new file mode 100644
index 000000000000..1af7b634d502
--- /dev/null
+++ b/microshift_storage/volume-snapshots-microshift.adoc
@@ -0,0 +1,98 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="working-with-volume-snapshots-microshift"]
+= Working with volume snapshots
+include::_attributes/attributes-microshift.adoc[]
+:context: volume-snapshots-microshift
+
+toc::[]
+
+Cluster administrators can use volume snapshots to help protect against data loss by using the supported {microshift-short} logical volume manager storage (LVMS) Container Storage Interface (CSI) provider. Familiarity with xref:../microshift_storage/understanding-persistent-storage-microshift.adoc#persistent-volumes_understanding-persistent-storage-microshift[persistent volumes] is required.
+
+A snapshot represents the state of the storage volume in a cluster at a particular point in time. Volume snapshots can also be used to provision new volumes. Snapshots are created as read-only logical volumes (LVs) located on the same device as the original data.
+
+A cluster administrator can complete the following tasks using CSI volume snapshots:
+
+* Create a snapshot of an existing persistent volume claim (PVC).
+* Back up a volume snapshot to a secure location.
+* Restore a volume snapshot as a different PVC.
+* Delete an existing volume snapshot.
+
+[IMPORTANT]
+====
+Only the logical volume manager storage (LVMS) plugin CSI driver is supported by {microshift-short}.
+====
+
+//additional resources for assembly intro; trailing because 1) relevant here, 2) TOC levels, and 2) last called module has addt'l resources
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../microshift_storage/understanding-persistent-storage-microshift.adoc#persistent-volumes_understanding-persistent-storage-microshift[Understanding persistent volumes]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html/configuring_and_managing_logical_volumes/creating-and-managing-thin-provisioned-volumes_configuring-and-managing-logical-volumes[Configuring and managing logical volumes]
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/storage/using-container-storage-interface-csi#persistent-storage-csi-snapshots[CSI snapshots: `VolumeSnapshot` APIs]
+
+* link:https://docs.openshift.com/container-platform/{ocp-version}/rest_api/storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.html[VolumeSnapshot API specification]
+
+include::modules/microshift-lvm-thin-volumes.adoc[leveloffset=+1]
+
+//additional resources for thin volumes module
+[role="_additional-resources"]
+.Additional resources
+
+* To create a thin pool on the host, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html/configuring_and_managing_logical_volumes/creating-and-managing-thin-provisioned-volumes_configuring-and-managing-logical-volumes[Creating and managing thin provisioned volumes]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html/configuring_and_managing_logical_volumes/creating-and-managing-thin-provisioned-volumes_configuring-and-managing-logical-volumes#creating-thinly-provisioned-logical-volumes_creating-and-managing-thin-provisioned-volumes[Creating thinly provisioned logical volumes]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/{op-system-version-major}/html/configuring_and_managing_logical_volumes/creating-and-managing-thin-provisioned-volumes_configuring-and-managing-logical-volumes[Configuring and managing thin provisioned volumes]
+
+* xref:../microshift_storage/volume-snapshots-microshift.adoc#microshift-storage-classes_volume-snapshots-microshift[Storage classes]
+
+* xref:../microshift_storage/microshift-storage-plugin-overview.adoc#microshift-storage-device-classes_microshift-storage-plugin-overview[Storage device classes]
+
+include::modules/microshift-storage-classes.adoc[leveloffset=+2]
+
+//additional resources for storage classes module
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/storage/dynamic-provisioning#defining-storage-classes_dynamic-provisioning[Defining storage classes]
+
+* xref:../microshift_storage/microshift-storage-plugin-overview.adoc#microshift-storage-device-classes_microshift-storage-plugin-overview[Storage device classes]
+
+include::modules/microshift-storage-vol-snapshot-class.adoc[leveloffset=+1]
+
+//additional resources for volume snapshot classes module
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/{ocp-version}/storage/container_storage_interface/persistent-storage-csi-snapshots.html#volume-snapshot-crds[OpenShift CSI volume snapshots]
+
+include::modules/microshift-storage-about-vol-snapshots.adoc[leveloffset=+1]
+
+include::modules/microshift-storage-creating-vol-snapshot.adoc[leveloffset=+2]
+
+include::modules/microshift-storage-backup-volume-snapshots.adoc[leveloffset=+2]
+
+include::modules/microshift-storage-vol-snapshot-restore.adoc[leveloffset=+2]
+
+//additional resources for volume snapshot restore module
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/storage/using-container-storage-interface-csi#persistent-storage-csi-snapshots-provision_persistent-storage-csi-snapshots[Restoring a volume snapshot]
+
+//this module is reused from OCP; take care in editing for MicroShift
+include::modules/persistent-storage-csi-snapshots-delete.adoc[leveloffset=+2]
+
+include::modules/microshift-storage-volume-cloning.adoc[leveloffset=+1]
+
+//additional resources for volume cloning module
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.openshift.com/container-platform/{ocp-version}/storage/container_storage_interface/persistent-storage-csi-cloning.html[CSI volume cloning]
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/storage/configuring-persistent-storage#lvms-creating-volume-clones-in-single-node-openshift_logical-volume-manager-storage[LVMS volume cloning for Single-Node OpenShift]
+
+* To configure the host to enable cloning, see xref:../microshift_storage/volume-snapshots-microshift.adoc#microshift-lvm-thin-volumes_volume-snapshots-microshift[About LVM thin volumes]
diff --git a/microshift_support/microshift-etcd.adoc b/microshift_support/microshift-etcd.adoc
index f8edbb6b6956..4f67708944ef 100644
--- a/microshift_support/microshift-etcd.adoc
+++ b/microshift_support/microshift-etcd.adoc
@@ -1,16 +1,16 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-etcd"]
-= MicroShift etcd
+= The etcd service
 include::_attributes/attributes-microshift.adoc[]
 :context: microshift-etcd
 
 toc::[]
 
 [role="_abstract"]
-{product-title} etcd is delivered as part of the {product-title} RPM. The etcd service is run as a separate process and the lifecycle is managed automatically by {product-title}.
-
-:FeatureName: MicroShift
-include::snippets/microshift-tech-preview-snip.adoc[leveloffset=+1]
+The etcd service is delivered as part of the {product-title} RPM. The etcd service is run as a separate process and the etcd lifecycle is managed automatically by {microshift-short}.
 
 include::modules/microshift-observe-debug-etcd-server.adoc[leveloffset=+1]
-include::modules/microshift-config-etcd.adoc[leveloffset=+1]
\ No newline at end of file
+
+include::modules/microshift-config-etcd.adoc[leveloffset=+1]
+
+include::modules/microshift-etcd-version.adoc[leveloffset=+1]
diff --git a/microshift_support/microshift-getting-support.adoc b/microshift_support/microshift-getting-support.adoc
new file mode 100644
index 000000000000..fc7bc0b92a23
--- /dev/null
+++ b/microshift_support/microshift-getting-support.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-getting-support"]
+= Getting support
+include::_attributes/attributes-microshift.adoc[]
+:context: getting-support
+
+toc::[]
+
+Use the following information to get more help with {op-system-bundle}, including {product-title} or {op-system-ostree-first}.
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/microshift-provide-feedback-jira-link.adoc[leveloffset=+1]
+
+include::modules/support-knowledgebase-about.adoc[leveloffset=+1]
+
+include::modules/support-knowledgebase-search.adoc[leveloffset=+1]
+
+include::modules/microshift-submitting-a-case.adoc[leveloffset=+1]
diff --git a/microshift_support/microshift-sos-report.adoc b/microshift_support/microshift-sos-report.adoc
index 003f451db34b..b95e40f72e84 100644
--- a/microshift_support/microshift-sos-report.adoc
+++ b/microshift_support/microshift-sos-report.adoc
@@ -1,22 +1,20 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-sos-report"]
-= MicroShift sos report
+= Using sos reports
 include::_attributes/attributes-microshift.adoc[]
 :context: microshift-sos-report
 
 toc::[]
 
 [role="_abstract"]
-`sos` is a tool you can use to collect troubleshooting information about a host. An `sos report` will generate a detailed report with all the enabled plugins and data from the different components and applications in a system.
-
-:FeatureName: MicroShift
-include::snippets/microshift-tech-preview-snip.adoc[leveloffset=+1]
+You can use the `sos` tool to collect troubleshooting information about a host. The `sos report` command generates a detailed report that shows all of the enabled plugins and data from the different components and applications in a system.
 
 include::modules/microshift-about-sos-reports.adoc[leveloffset=+1]
+
 include::modules/microshift-gathering-sos-report.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
-[id="additional-resources_microshift-sos-report"]
+[id="additional-resources_microshift-sos-report_{context}"]
 == Additional resources
 * link:https://access.redhat.com/solutions/2112[How to provide files to Red Hat Support (vmcore, rhev logcollector, sosreports, heap dumps, log files, etc.]
 * link:https://access.redhat.com/solutions/3592[What is an sos report and how to create one in {op-system-base-full}?]
\ No newline at end of file
diff --git a/microshift_troubleshooting/microshift-audit-logs.adoc b/microshift_troubleshooting/microshift-audit-logs.adoc
new file mode 100644
index 000000000000..10900f385ca9
--- /dev/null
+++ b/microshift_troubleshooting/microshift-audit-logs.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="audit-logs-with-microshift"]
+= Checking audit logs
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-audit-logs
+
+toc::[]
+
+You can use audit logs to identify pod security violations.
+
+include::modules/microshift-viewing-audit-logs.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_troubleshooting/microshift-things-to-know.adoc b/microshift_troubleshooting/microshift-things-to-know.adoc
index bcc13a898716..e52483cedb1f 100644
--- a/microshift_troubleshooting/microshift-things-to-know.adoc
+++ b/microshift_troubleshooting/microshift-things-to-know.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-things-to-know"]
 = Responsive restarts and security certificates
 include::_attributes/attributes-microshift.adoc[]
@@ -11,9 +11,9 @@ toc::[]
 [id="microshift-ip-address-clock-changes_{context}"]
 == IP address changes or clock adjustments
 
-{product-title} depends on device IP addresses and system-wide clock settings to remain consistent during its runtime. However, these settings may occasionally change on edge devices, such as DHCP or Network Time Protocol (NTP) updates.
+{microshift-short} depends on device IP addresses and system-wide clock settings to remain consistent during its runtime. However, these settings may occasionally change on edge devices, such as DHCP or Network Time Protocol (NTP) updates.
 
-When such changes occur, some {product-title} components may stop functioning properly. To mitigate this situation, {product-title} monitors the IP address and system time and restarts if either setting change is detected.
+When such changes occur, some {microshift-short} components may stop functioning properly. To mitigate this situation, {microshift-short} monitors the IP address and system time and restarts if either setting change is detected.
 
 The threshold for clock changes is a time adjustment of greater than 10 seconds in either direction. Smaller drifts on regular time adjustments performed by the Network Time Protocol (NTP) service do not cause a restart.
 
diff --git a/microshift_troubleshooting/microshift-troubleshoot-backup-restore.adoc b/microshift_troubleshooting/microshift-troubleshoot-backup-restore.adoc
new file mode 100644
index 000000000000..ee361512c7d7
--- /dev/null
+++ b/microshift_troubleshooting/microshift-troubleshoot-backup-restore.adoc
@@ -0,0 +1,65 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-troubleshoot-backup-restore"]
+= Troubleshooting data backup and restore
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-troubleshoot-data-backup-and-restore
+
+toc::[]
+
+To troubleshoot failed data backups and restorations, check the basics first, such as data paths, storage configuration, and storage capacity.
+
+[id="troubleshoot-backup-restore-microshift-backup-data-failed_{context}"]
+== Backing up data failed
+Data backups are automatic on `rpm-ostree` systems. If you are not using an `rpm-ostree` system and attempted to create a manual backup, the following reasons can cause the backup to fail:
+
+* Not waiting several minutes after a system start to successfully stop {microshift-short}. The system must complete health checks and any other background processes before a back up can succeed.
+* If {microshift-short} stopped running because of an error, you cannot perform a backup of the data.
+** Make sure the system is healthy.
+** Stop it in a healthy state before attempting a backup.
+* If you do not have sufficient storage for the data, the backup fails. Ensure that you have enough storage for the {microshift-short} data.
+* If you do not have sufficient permissions, a backup can fail. Ensure you have the correct user permissions to create a backup and perform the required configurations.
+
+[id="troubleshoot-backup-restore-microshift-backup-logs_{context}"]
+== Backup logs
+* Logs print to the console during manual backups.
+* Logs are automatically generated for `rpm-ostree` system automated backups as part of the {microshift-short} journal logs. You can check the logs by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -u microshift
+----
+
+[id="troubleshoot-backup-restore-microshift-restore-data-failed_{context}"]
+== Restoring data failed
+The restoration of data can fail for many reasons, including storage and permission issues. Mismatched data versions can cause failures when {microshift-short} restarts.
+
+[id="troubleshoot-backup-restore-microshift-RPM-OSTree-data-restore-failed_{context}"]
+=== RPM-OSTree-based systems data restore failed
+Data restorations are automatic on `rpm-ostree` systems, but can fail, for example:
+
+* The only backups that are restored on `rpm-ostree` systems are backups from the current deployment or a rollback deployment. Backups are not taken on an unhealthy system.
+
+** Only the latest backups that have corresponding deployments are retained. Outdated backups that do not have a matching deployment are automatically removed.
+
+** Data is usually not restored from a newer version of {microshift-short}.
+
+** Ensure that the data you are restoring follows same versioning pattern as the update path. For example, if the destination version of {microshift-short} is an older version than the version of the {microshift-short} data you are currently using, the restoration can fail.
+
+[id="troubleshoot-backup-restore-microshift-rpm-manual-restore-data-failed_{context}"]
+=== RPM-based manual data restore failed
+If you are using an RPM system that is not `rpm-ostree` and tried to restore a manual backup, the following reasons can cause the restoration to fail:
+
+* If {microshift-short} stopped running because of an error, you cannot restore data.
+** Make sure the system is healthy.
+** Start it in a healthy state before attempting to restore data.
+
+* If you do not have enough storage space allocated for the incoming data, the restoration fails.
+** Make sure that your current system storage is configured to accept the restored data.
+
+* You are attempting to restore data from a newer version of {microshift-short}.
+** Ensure that the data you are restoring follows same versioning pattern as the update path. For example, if the destination version of {microshift-short} is an older version than the version of the {microshift-short} data you are attempting to use, the restoration can fail.
+
+[id="troubleshoot-backup-restore-microshift-storage-migration-failed_{context}"]
+== Storage migration failed
+Storage migration failures are typically caused by substantial changes in custom resources (CRs) from one {microshift-short} to the next. If a storage migration fails, there is usually an unresolvable discrepancy between versions that requires manual review.
+
diff --git a/microshift_troubleshooting/microshift-troubleshoot-cluster.adoc b/microshift_troubleshooting/microshift-troubleshoot-cluster.adoc
new file mode 100644
index 000000000000..172785ac1bc0
--- /dev/null
+++ b/microshift_troubleshooting/microshift-troubleshoot-cluster.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-troubleshoot-cluster"]
+= Troubleshooting a cluster
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-troubleshoot-cluster
+
+toc::[]
+
+To begin troubleshooting a {product-title} cluster, first access the cluster status.
+
+include::modules/microshift-check-cluster-status.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_troubleshooting/microshift-troubleshoot-updates.adoc b/microshift_troubleshooting/microshift-troubleshoot-updates.adoc
new file mode 100644
index 000000000000..e162f659deea
--- /dev/null
+++ b/microshift_troubleshooting/microshift-troubleshoot-updates.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-troubleshoot-updates"]
+= Troubleshoot updates
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-troubleshoot-updates
+
+toc::[]
+
+To troubleshoot {microshift-short} updates, use the following guide.
+
+[IMPORTANT]
+====
+You can only update {microshift-short} from one minor version to the next in sequence. For example, you must update 4.14 to 4.15.
+====
+
+include::modules/microshift-updates-troubleshooting.adoc[leveloffset=+1]
+
+//additional resources for troubleshooting module
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_install/microshift-greenboot.adoc#microshift-greenboot-systemd-journal-data_microshift-greenboot[Enabling `systemd` journal service data persistency]
+* xref:../microshift_troubleshooting/microshift-version.adoc#microshift-version[Checking the MicroShift version]
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-service-stopping_microshift-install-rpm[Stopping the MicroShift service]
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-service-starting_microshift-install-rpm[Starting the MicroShift service]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/index[Composing, installing, and managing RHEL for Edge images]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#rolling_back_rhel_for_edge_images[Rolling back RHEL for Edge images]
+
+include::modules/microshift-check-journal-logs-updates.adoc[leveloffset=+1]
+
+include::modules/microshift-greenboot-check-status.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_troubleshooting/microshift-version.adoc b/microshift_troubleshooting/microshift-version.adoc
index 9d3e8d83ce99..9cd1cbadef89 100644
--- a/microshift_troubleshooting/microshift-version.adoc
+++ b/microshift_troubleshooting/microshift-version.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-version"]
 = Checking which version you have installed
 include::_attributes/attributes-microshift.adoc[]
@@ -11,3 +11,5 @@ To begin troubleshooting, determine which version of {product-title} you have in
 include::modules/microshift-version-cli.adoc[leveloffset=+1]
 
 include::modules/microshift-version-api.adoc[leveloffset=+1]
+
+include::modules/microshift-etcd-version.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/microshift_updating/microshift-about-updates.adoc b/microshift_updating/microshift-about-updates.adoc
index 8f8c152235e4..5497c27114d5 100644
--- a/microshift_updating/microshift-about-updates.adoc
+++ b/microshift_updating/microshift-about-updates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="microshift-about-updates"]
 =  About {product-title} updates
 include::_attributes/attributes-microshift.adoc[]
@@ -6,43 +6,30 @@ include::_attributes/attributes-microshift.adoc[]
 
 toc::[]
 
-You can update a {product-title} cluster by using the OpenShift CLI (`oc`).
-// This PR is for the book build. Note that the OCP structure consists of a landing page of xrefs to other major sections within the book. MicroShift likely does not require that depth of structure, so starting simply with one page.
+Updates are supported on {product-title} beginning with the General Availability version 4.14. Supported updates include those from one minor version to the next in sequence, for example, from 4.14 to 4.15. Patch updates are also supported from z-stream to z-stream, for example 4.14.1 to 4.14.2.
 
-[id="microshift-about-updates-understanding-microshift-updates"]
-== Understanding {product-title} updates
-{product-title} updates are available as either RPMs or by embedding the {product-title} image in an RPM OSTree blueprint.
-You can update an {product-title} cluster by using the OpenShift CLI (`oc`).
-//Platform administrators can view new update options by looking at the output of the `oc adm upgrade` command.
-//An update begins when...
+[id="microshift-about-updates-understanding-microshift-updates_{context}"]
+== Understanding {microshift-short} updates
+{product-title} updates are supported on both `rpm-ostree` edge-deployed hosts and non-OSTree hosts. You can complete updates using the following methods:
+
+* Embed the latest version of {microshift-short} in a new `rpm-ostree` system image such as {op-system-ostree-first}. See * xref:../microshift_updating/microshift-update-rpms-ostree.adoc#microshift-update-rpms-ostree[Applying updates on an OSTree system]
+* Manually update the RPMs on a non-OSTree system such as {op-system-base-full}. See * xref:../microshift_updating/microshift-update-rpms-manually.adoc#microshift-update-rpms-manually[Applying updates manually with RPMs]
 
 [NOTE]
 ====
-Operators previously installed must be reinstalled using manifests.
+Only `rpm-ostree` updates include automatic rollbacks.
 ====
 
-[id="microshift-about-updates-rpm-updates"]
-=== RPM updates
-Using the RPM update method replaces your existing version. No rollback is possible with this update type.
-//we can call a module here or xref out; not sure the best method for our use case until we have the content
-
-[id="microshift-about-updates-rpm-ostree-updates"]
+[id="microshift-about-updates-rpm-ostree-updates_{context}"]
 === RPM OSTree updates
-Using the RPM OSTree update path allows for system rollback.
-//we can call a module here or xref out; not sure the best method for our use case until we have the content
+Using the {op-system-ostree} `rpm-ostree` update path allows for automated backup and system rollback in case any part of the update fails. You must build a new `rpm-ostree` image and embed the new {microshift-short} version in that image. The `rpm-ostree` image can be the same version or an updated version, but the versions of {op-system-ostree} and {microshift-short} must be compatible.
 
-[id="microshift-about-updates-checking-version-update-compatibility"]
-== Checking version update compatibility
-Before attempting an update, determine which version of {product-title} you have installed. Only the following update paths are supported:
+Check following compatibility table for details:
 
-* Version 4.13 to 4.14
-//replace with matrix including RHEL versions?
-//place xref here to version-check assembly
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
 
-[id="microshift-about-updates-update-disconnected-environment"]
-== Updating a cluster in a disconnected environment
-//sample topic only
+[id="microshift-about-updates-rpm-updates_{context}"]
+=== Manual RPM updates
+You can use the manual RPM update path to replace your existing version of {microshift-short}. The versions of {op-system} and {microshift-short} must be compatible. Ensuring system health and completing additional system backups are manual processes.
 
-[id="microshift-about-updates-troubleshooting-updates"]
-== Troubleshooting updates
-//sample topic only
\ No newline at end of file
+include::snippets/microshift-update-paths-snip.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/microshift_updating/microshift-update-options.adoc b/microshift_updating/microshift-update-options.adoc
new file mode 100644
index 000000000000..e05075c3b618
--- /dev/null
+++ b/microshift_updating/microshift-update-options.adoc
@@ -0,0 +1,74 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-update-options"]
+= Update options with {product-title} and {op-system-bundle}
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-update-options
+
+toc::[]
+
+You can update {op-system-ostree-first} images or {op-system-base-full} with or without updating the {product-title} version if the version combination is supported. See the following table for details:
+
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
+
+include::snippets/microshift-update-paths-snip.adoc[leveloffset=+1]
+
+[IMPORTANT]
+====
+Updates of {microshift-short} from one minor version to the next must be in sequence. For example, you cannot update from 4.14 to 4.16. You must update 4.14 to 4.15 and so on.
+====
+
+[id="microshift-update-options-standalone-updates_{context}"]
+== Standalone {microshift-short} updates
+
+You can update {microshift-short} without reinstalling your applications. {op-system} or {op-system-ostree} updates are also not required to update {microshift-short}, as long as the existing operating system is compatible with the new version of {microshift-short} that you want to use.
+
+{microshift-short} operates as an in-place update and does not require removal of the previous version. Data backups beyond those required for the usual functioning of your applications are also not required.
+
+[id="microshift-update-options-rpm-ostree-updates_{context}"]
+=== RPM-OSTree updates
+You can update {microshift-short} on an `rpm-ostree` system such as {op-system-ostree} by building a new image containing the new version of {microshift-short}. Ensure that the version of the operating system you want to use is compatible with the new version of {microshift-short} that you update to.
+
+The following features are available in the {op-system-ostree} update path:
+
+* The system automatically rolls back to a previous healthy system state if the update fails.
+* Applications do not need to be reinstalled.
+* You can update an application without updating {microshift-short} using this update type.
+* The image you build can contain other updates as needed.
+
+To begin a {microshift-short} update by embedding in a {op-system-ostree} image, use the procedures in the following documentation:
+
+* xref:../microshift_updating/microshift-update-rpms-ostree.adoc#microshift-update-rpms-ostree[Applying updates on an OSTree system]
+
+To understand more about Greenboot, see the following documentation:
+
+* xref:../microshift_install/microshift-greenboot.adoc#microshift-greenboot[The Greenboot health check]
+* xref:../microshift_running_apps/microshift-greenboot-workload-scripts.adoc#microshift-greenboot-workload-scripts[Greenboot workload health check scripts]
+
+[id="microshift-update-options-manual-rpm-updates_{context}"]
+=== Manual RPM updates
+You can update {microshift-short} manually on a non-OSTree system such as {op-system-base-full} by downloading and updating the RPMs. To complete this update type, use the subscription manager to access the repository containing the new RPMs. To begin a manual RPM update, use the procedures in the following documentation:
+
+* xref:../microshift_updating/microshift-update-rpms-manually.adoc#microshift-update-rpms-manually[About updating MicroShift RPMs manually]
+
+[id="microshift-update-options-standalone-rhel-updates_{context}"]
+== Standalone {op-system-ostree} updates
+You can update {op-system-ostree} or {op-system} without updating {microshift-short}, on the condition that the two versions are compatible. Check compatibilities before beginning an update. Use the {op-system-ostree} documentation specific to your update path.
+
+//additional resources for updating RHEL alone
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/index[Managing RHEL for Edge images]
+
+[id="microshift-update-options-simultaneous-microshift-rhel-updates_{context}"]
+== Simultaneous {microshift-short} and operating system updates
+You can update {op-system-ostree} or {op-system} and update {microshift-short} at the same time, on the condition that the versions are compatible. Check for compatibility before beginning an update. First use the {op-system-ostree} and {op-system} documentation specific to your update path to plan and update the operating system. Then use the {microshift-short} update type specific to your update path.
+
+//additional resources for updating RHEL and MicroShift
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/index[Managing RHEL for Edge images]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_a_customized_rhel_system_image/index[Composing a customized RHEL system image]
+* xref:../microshift_updating/microshift-update-rpms-ostree.adoc#microshift-update-rpms-ostree[Applying updates on an OSTree system]
+* xref:../microshift_updating/microshift-update-rpms-manually.adoc#microshift-update-rpms-manually[Applying updates manually with RPMs]
+* xref:../microshift_install/microshift-greenboot.adoc#microshift-greenboot[The Greenboot system health check]
+* xref:../microshift_running_apps/microshift-greenboot-workload-scripts.adoc#microshift-greenboot-workload-scripts[Greenboot workload scripts]
diff --git a/microshift_updating/microshift-update-rpms-manually.adoc b/microshift_updating/microshift-update-rpms-manually.adoc
new file mode 100644
index 000000000000..83d189392d4f
--- /dev/null
+++ b/microshift_updating/microshift-update-rpms-manually.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-update-rpms-manually"]
+= About updating {product-title} RPMs manually
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-update-rpms-manually
+
+toc::[]
+
+Updating {product-title} for non-OSTree systems such as {op-system-base-full} requires downloading then updating the RPMs. For patch releases, such as 4.15.1 to 4.15.2, download and update the RPMs. For minor-version release updates, add the step of enabling the update repository using your subscription manager.
+
+[IMPORTANT]
+====
+{microshift-short} updates are supported from one minor version to the next in sequence. For example, you must update 4.14 to 4.15.
+====
+
+For either upgrading with patch updates or a minor-version update, you can back up application data as needed and move the data copy to a secure location.
+
+include::modules/microshift-updating-rpms-z.adoc[leveloffset=+1]
+
+include::modules/microshift-updating-rpms-y.adoc[leveloffset=+1]
+
+//additional resources for backup and restore
+[role="_additional-resources"]
+.Additional resources
+* xref:../microshift_backup_and_restore/microshift-backup-and-restore.adoc#microshift-backup-and-restore[Backup and restore]
\ No newline at end of file
diff --git a/microshift_updating/microshift-update-rpms-ostree.adoc b/microshift_updating/microshift-update-rpms-ostree.adoc
new file mode 100644
index 000000000000..bd1f2ab01836
--- /dev/null
+++ b/microshift_updating/microshift-update-rpms-ostree.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-update-rpms-ostree"]
+= About updating {product-title} RPMs on an OSTree system
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-update-rpms-ostree
+
+toc::[]
+
+Updating {product-title} on an `rpm-ostree` system such as {op-system-ostree-first} requires building a new operating system image containing the new version of {product-title}. After you have the `rpm-ostree` image with {product-title} embedded, direct your system to boot into that operating system image.
+
+The procedures are the same for minor-version and patch updates. For example, use the same steps to upgrade from 4.14 to 4.15 or from 4.15.0 to 4.15.1.
+
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+1]
+
+[NOTE]
+====
+Downgrades are not supported. The following procedure is for upgrades only.
+====
+
+include::modules/microshift-updating-rpms-ostree.adoc[leveloffset=+1]
diff --git a/microshift_welcome/_attributes b/microshift_welcome/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/microshift_welcome/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/microshift_welcome/images b/microshift_welcome/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/microshift_welcome/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/microshift_welcome/index.adoc b/microshift_welcome/index.adoc
new file mode 100644
index 000000000000..344995901956
--- /dev/null
+++ b/microshift_welcome/index.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-welcome-index"]
+= {product-title} {product-version} Documentation
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-welcome-index
+
+[.lead]
+Welcome to the official {product-title} {product-version} documentation, where you can learn about {microshift-short} and start exploring its features.
+
+To browse the {microshift-short} {product-version} documentation, use one of the following methods:
+
+* Use the navigation bars and links to browse.
+* Select the task that interests you from the contents of this Welcome page.
+
+To get started with {microshift-short}, use the following links:
+
+* xref:../microshift_getting_started/microshift-understanding.adoc#microshift-understanding[Understanding {product-title}]
+* xref:../microshift_install/microshift-install-rpm.adoc#microshift-install-rpm[Installing {product-title}]
+* xref:../microshift_release_notes/microshift-4-15-release-notes.adoc#microshift-4-15-release-notes[{product-title} release notes]
+
+For related information, use the following links:
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_device_edge/4/html/overview/device-edge-overview[Red Hat Device Edge overview]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/index[RHEL for Edge documentation]
+* link:https://docs.openshift.com/container-platform/latest/welcome/index.html[OpenShift Container Platform documentation]
\ No newline at end of file
diff --git a/distr_tracing/distr_tracing_config/modules b/microshift_welcome/modules
similarity index 100%
rename from distr_tracing/distr_tracing_config/modules
rename to microshift_welcome/modules
diff --git a/rosa_support/snippets b/microshift_welcome/snippets
similarity index 100%
rename from rosa_support/snippets
rename to microshift_welcome/snippets
diff --git a/migrating_from_ocp_3_to_4/about-migrating-from-3-to-4.adoc b/migrating_from_ocp_3_to_4/about-migrating-from-3-to-4.adoc
index 3114c50dd278..750cf35a307f 100644
--- a/migrating_from_ocp_3_to_4/about-migrating-from-3-to-4.adoc
+++ b/migrating_from_ocp_3_to_4/about-migrating-from-3-to-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-migrating-from-3-to-4"]
 = About migrating from {product-title} 3 to 4
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/about-mtc-3-4.adoc b/migrating_from_ocp_3_to_4/about-mtc-3-4.adoc
index 26bce76859f7..0ca3447c0ef0 100644
--- a/migrating_from_ocp_3_to_4/about-mtc-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/about-mtc-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-mtc-3-4"]
 = About the Migration Toolkit for Containers
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc b/migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
index e7962ab751c8..4119e132a929 100644
--- a/migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="advanced-migration-options-3-4"]
 = Advanced migration options
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/index.adoc b/migrating_from_ocp_3_to_4/index.adoc
index 349b4d9779eb..d18158abfec5 100644
--- a/migrating_from_ocp_3_to_4/index.adoc
+++ b/migrating_from_ocp_3_to_4/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="migration-from-version-3-to-4-overview"]
 = Migration from OpenShift Container Platform 3 to 4 overview
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/installing-3-4.adoc b/migrating_from_ocp_3_to_4/installing-3-4.adoc
index f22b2e7ce4d7..b11188789180 100644
--- a/migrating_from_ocp_3_to_4/installing-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/installing-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-3-4"]
 = Installing the Migration Toolkit for Containers
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/installing-restricted-3-4.adoc b/migrating_from_ocp_3_to_4/installing-restricted-3-4.adoc
index 2f26cd542668..ffc9f7e5aa65 100644
--- a/migrating_from_ocp_3_to_4/installing-restricted-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/installing-restricted-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-restricted-3-4"]
 = Installing the Migration Toolkit for Containers in a restricted network environment
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc b/migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
index 613fe5bb3b6f..0dea91aec646 100644
--- a/migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="migrating-applications-3-4"]
 = Migrating your applications
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/planning-considerations-3-4.adoc b/migrating_from_ocp_3_to_4/planning-considerations-3-4.adoc
index 869067e5371f..56e27f3aeb8a 100644
--- a/migrating_from_ocp_3_to_4/planning-considerations-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/planning-considerations-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="planning-considerations-3-4"]
 = Network considerations
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/planning-migration-3-4.adoc b/migrating_from_ocp_3_to_4/planning-migration-3-4.adoc
index eb8636c56569..bde974faedc7 100644
--- a/migrating_from_ocp_3_to_4/planning-migration-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/planning-migration-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="planning-migration-3-4"]
 = Differences between {product-title} 3 and 4
 include::_attributes/common-attributes.adoc[]
@@ -9,7 +9,7 @@ toc::[]
 {product-title} {product-version} introduces architectural changes and enhancements. The procedures that you used to manage your {product-title} 3 cluster might not apply to {product-title} 4.
 
 ifndef::openshift-origin[]
-For information about configuring your {product-title} 4 cluster, review the appropriate sections of the {product-title} documentation. For information about new features and other notable technical changes, review the xref:../release_notes/ocp-4-14-release-notes.adoc#ocp-4-14-release-notes[OpenShift Container Platform 4.14 release notes].
+For information about configuring your {product-title} 4 cluster, review the appropriate sections of the {product-title} documentation. For information about new features and other notable technical changes, review the xref:../release_notes/ocp-4-15-release-notes.adoc#ocp-4-15-release-notes[OpenShift Container Platform 4.15 release notes].
 endif::[]
 
 It is not possible to upgrade your existing {product-title} 3 cluster to {product-title} 4. You must start with a new {product-title} 4 installation. Tools are available to assist in migrating your control plane settings and application workloads.
@@ -190,7 +190,7 @@ For more information, see xref:../logging/cluster-logging.adoc#cluster-logging-a
 
 Some logging configurations that were available in {product-title} 3.11 are no longer supported in {product-title} {product-version}.
 
-For more information on the explicitly unsupported logging cases, see xref:../logging/config/cluster-logging-maintenance-support.adoc#cluster-logging-maintenance-and-support[Maintenance and support].
+For more information on the explicitly unsupported logging cases, see the xref:../logging/cluster-logging-support.adoc#cluster-logging-support[logging support documentation].
 
 [id="migration-preparing-security"]
 === Security considerations
diff --git a/migrating_from_ocp_3_to_4/premigration-checklists-3-4.adoc b/migrating_from_ocp_3_to_4/premigration-checklists-3-4.adoc
index 8db3285d6cc1..bbb660b30b5f 100644
--- a/migrating_from_ocp_3_to_4/premigration-checklists-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/premigration-checklists-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="premigration-checklists-3-4"]
 = Premigration checklists
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc b/migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
index 951cf515fd72..84b05358c1d2 100644
--- a/migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-3-4"]
 = Troubleshooting
 include::_attributes/common-attributes.adoc[]
diff --git a/migrating_from_ocp_3_to_4/upgrading-3-4.adoc b/migrating_from_ocp_3_to_4/upgrading-3-4.adoc
index 2b5567c7de14..96874f53c03d 100644
--- a/migrating_from_ocp_3_to_4/upgrading-3-4.adoc
+++ b/migrating_from_ocp_3_to_4/upgrading-3-4.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="upgrading-3-4"]
 = Upgrading the Migration Toolkit for Containers
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/about-mtc.adoc b/migration_toolkit_for_containers/about-mtc.adoc
index ada85b70b63e..2d948ee98afe 100644
--- a/migration_toolkit_for_containers/about-mtc.adoc
+++ b/migration_toolkit_for_containers/about-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-mtc"]
 = About the Migration Toolkit for Containers
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/advanced-migration-options-mtc.adoc b/migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
index 65b150a366ba..ffa2794c93a4 100644
--- a/migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
+++ b/migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="advanced-migration-options-mtc"]
 = Advanced migration options
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/installing-mtc-restricted.adoc b/migration_toolkit_for_containers/installing-mtc-restricted.adoc
index 219633728254..b2fff1734c76 100644
--- a/migration_toolkit_for_containers/installing-mtc-restricted.adoc
+++ b/migration_toolkit_for_containers/installing-mtc-restricted.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-mtc-restricted"]
 = Installing the Migration Toolkit for Containers in a restricted network environment
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/installing-mtc.adoc b/migration_toolkit_for_containers/installing-mtc.adoc
index b9d233b2a2b2..95eb1cac538b 100644
--- a/migration_toolkit_for_containers/installing-mtc.adoc
+++ b/migration_toolkit_for_containers/installing-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-mtc"]
 = Installing the Migration Toolkit for Containers
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/migrating-applications-with-mtc.adoc b/migration_toolkit_for_containers/migrating-applications-with-mtc.adoc
index 27bb37cfbe5d..f1f6851e9085 100644
--- a/migration_toolkit_for_containers/migrating-applications-with-mtc.adoc
+++ b/migration_toolkit_for_containers/migrating-applications-with-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="migrating-applications-with-mtc"]
 = Migrating your applications
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/mtc-release-notes.adoc b/migration_toolkit_for_containers/mtc-release-notes.adoc
index 27843cd26105..67faf74ba54e 100644
--- a/migration_toolkit_for_containers/mtc-release-notes.adoc
+++ b/migration_toolkit_for_containers/mtc-release-notes.adoc
@@ -1,7 +1,8 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="mtc-release-notes"]
 = Migration Toolkit for Containers release notes
 include::_attributes/common-attributes.adoc[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: mtc-release-notes
 
 toc::[]
@@ -16,7 +17,23 @@ You can migrate from xref:../migrating_from_ocp_3_to_4/about-migrating-from-3-to
 
 For information on the support policy for {mtc-short}, see link:https://access.redhat.com/support/policy/updates/openshift#app_migration[OpenShift Application and Cluster Migration Solutions], part of the _Red Hat {product-title} Life Cycle Policy_.
 
+include::modules/migration-mtc-release-notes-1-8-2.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-8-1.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-8.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-14.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-13.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-12.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-11.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-7-10.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-09.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-08.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-07.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-06.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-05.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-04.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-03.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-02.adoc[leveloffset=+1]
+include::modules/migration-mtc-release-notes-1-7-01.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-7.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-6.adoc[leveloffset=+1]
 include::modules/migration-mtc-release-notes-1-5.adoc[leveloffset=+1]
diff --git a/migration_toolkit_for_containers/network-considerations-mtc.adoc b/migration_toolkit_for_containers/network-considerations-mtc.adoc
index 14dc958da62b..45ec6950e58d 100644
--- a/migration_toolkit_for_containers/network-considerations-mtc.adoc
+++ b/migration_toolkit_for_containers/network-considerations-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="network-considerations-mtc"]
 = Network considerations
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/premigration-checklists-mtc.adoc b/migration_toolkit_for_containers/premigration-checklists-mtc.adoc
index f56524d9775c..661367a4bd3d 100644
--- a/migration_toolkit_for_containers/premigration-checklists-mtc.adoc
+++ b/migration_toolkit_for_containers/premigration-checklists-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="premigration-checklists-mtc"]
 = Premigration checklists
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/troubleshooting-mtc.adoc b/migration_toolkit_for_containers/troubleshooting-mtc.adoc
index 611c367a20f1..1e3d30d589ba 100644
--- a/migration_toolkit_for_containers/troubleshooting-mtc.adoc
+++ b/migration_toolkit_for_containers/troubleshooting-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-mtc"]
 = Troubleshooting
 include::_attributes/common-attributes.adoc[]
diff --git a/migration_toolkit_for_containers/upgrading-mtc.adoc b/migration_toolkit_for_containers/upgrading-mtc.adoc
index 3d95d8f4981b..7f556e8eae9d 100644
--- a/migration_toolkit_for_containers/upgrading-mtc.adoc
+++ b/migration_toolkit_for_containers/upgrading-mtc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="upgrading-mtc"]
 = Upgrading the Migration Toolkit for Containers
 include::_attributes/common-attributes.adoc[]
@@ -17,6 +17,8 @@ If you are upgrading from {mtc-short} version 1.3, you must perform an additiona
 ====
 
 include::modules/migration-upgrading-mtc-on-ocp-4.adoc[leveloffset=+1]
+include::modules/upgrading-mtc-1-8-0.adoc[leveloffset=+1]
+include::modules/upgrading-oadp10-to12-in-mtc.adoc[leveloffset=+2]
 include::modules/migration-upgrading-mtc-with-legacy-operator.adoc[leveloffset=+1]
 include::modules/migration-upgrading-from-mtc-1-3.adoc[leveloffset=+1]
 :upgrading-mtc!:
diff --git a/modules/about-administrator-perspective.adoc b/modules/about-administrator-perspective.adoc
index f2a4c30e6501..9cad69baf850 100644
--- a/modules/about-administrator-perspective.adoc
+++ b/modules/about-administrator-perspective.adoc
@@ -2,7 +2,7 @@
 //
 // web_console/web-console-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-administrator-perspective_{context}"]
 = About the Administrator perspective in the web console
 
diff --git a/modules/about-bare-metal-hosts-and-nodes.adoc b/modules/about-bare-metal-hosts-and-nodes.adoc
index abfa0610db47..ae5eee5fd6f1 100644
--- a/modules/about-bare-metal-hosts-and-nodes.adoc
+++ b/modules/about-bare-metal-hosts-and-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/managing-bare-metal-hosts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-bare-metal-hosts-and-nodes_{context}"]
 = About bare metal hosts and nodes
 
diff --git a/modules/about-cli-profiles-switch.adoc b/modules/about-cli-profiles-switch.adoc
index 9dad337a6cf1..8c8d014ced6b 100644
--- a/modules/about-cli-profiles-switch.adoc
+++ b/modules/about-cli-profiles-switch.adoc
@@ -2,12 +2,26 @@
 //
 // * cli_reference/openshift_cli/managing-cli-profiles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-switches-between-cli-profiles_{context}"]
 = About switches between CLI profiles
 
-Contexts allow you to easily switch between multiple users across multiple {product-title} servers, or clusters, when using CLI operations. Nicknames make managing CLI configurations easier by providing short-hand references to contexts, user credentials, and cluster details.
-After logging in with the CLI for the first time, {product-title} creates a `~/.kube/config` file if one does not already exist. As more authentication and connection details are provided to the CLI, either automatically during an `oc login` operation or by manually configuring CLI profiles, the updated information is stored in the configuration file:
+Contexts allow you to easily switch between multiple users across multiple
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+servers, or clusters, when using CLI operations. Nicknames make managing CLI configurations easier by providing short-hand references to contexts, user credentials, and cluster details.
+After a user logs in with the `oc` CLI for the first time,
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+creates a `~/.kube/config` file if one does not already exist. As more authentication and connection details are provided to the CLI, either automatically during an `oc login` operation or by manually configuring CLI profiles, the updated information is stored in the configuration file:
 
 .CLI config file
 
@@ -43,7 +57,14 @@ users: <4>
     token: xZHd2piv5_9vQrg-SKXRJ2Dsl9SceNJdhNTljEKTb8k
 ----
 
-<1> The `clusters` section defines connection details for {product-title} clusters, including the address for their master server. In this example, one cluster is nicknamed `openshift1.example.com:8443` and another is nicknamed `openshift2.example.com:8443`.
+<1> The `clusters` section defines connection details for
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+clusters, including the address for their master server. In this example, one cluster is nicknamed `openshift1.example.com:8443` and another is nicknamed `openshift2.example.com:8443`.
 <2> This `contexts` section defines two contexts: one nicknamed `alice-project/openshift1.example.com:8443/alice`, using the `alice-project` project, `openshift1.example.com:8443` cluster, and `alice` user, and another nicknamed `joe-project/openshift1.example.com:8443/alice`, using the `joe-project` project, `openshift1.example.com:8443` cluster and `alice` user.
 <3> The `current-context` parameter shows that the `joe-project/openshift1.example.com:8443/alice` context is currently in use, allowing the `alice` user to work in the `joe-project` project on the `openshift1.example.com:8443` cluster.
 <4> The `users` section defines user credentials. In this example, the user nickname `alice/openshift1.example.com:8443` uses an access token.
diff --git a/modules/about-crio.adoc b/modules/about-crio.adoc
index 221569317b1c..10a3b5616d99 100644
--- a/modules/about-crio.adoc
+++ b/modules/about-crio.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-crio-issues.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-crio_{context}"]
 = About CRI-O container runtime engine
 
diff --git a/modules/about-developer-perspective.adoc b/modules/about-developer-perspective.adoc
index 6566e4d23db1..b063e37d76a9 100644
--- a/modules/about-developer-perspective.adoc
+++ b/modules/about-developer-perspective.adoc
@@ -2,7 +2,7 @@
 //
 // web_console/web-console-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-developer-perspective_{context}"]
 = About the Developer perspective in the web console
 
@@ -31,4 +31,4 @@ The *Developer* perspective provides workflows specific to developer use cases,
 You can use the *Topology* view to display applications, components, and workloads of your project. If you have no workloads in the project, the *Topology* view will show some links to create or import them. You can also use the *Quick Search* to import components directly.
 
 .Additional Resources
-See link:https://docs.openshift.com/container-platform/4.13/applications/odc-viewing-application-composition-using-topology-view.html[Viewing application composition using the Topology] view for more information on using the *Topology* view in *Developer* perspective.
+See link:https://docs.openshift.com/container-platform/4.15/applications/odc-viewing-application-composition-using-topology-view.html[Viewing application composition using the Topology] view for more information on using the *Topology* view in *Developer* perspective.
diff --git a/modules/about-etcd-encryption.adoc b/modules/about-etcd-encryption.adoc
index bd7cd292fb4e..b7f29121360e 100644
--- a/modules/about-etcd-encryption.adoc
+++ b/modules/about-etcd-encryption.adoc
@@ -3,7 +3,7 @@
 // * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-etcd_{context}"]
 = About etcd encryption
 
diff --git a/modules/about-gitops.adoc b/modules/about-gitops.adoc
index 2eadd8ce7d4f..e6298db973fa 100644
--- a/modules/about-gitops.adoc
+++ b/modules/about-gitops.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift-docs/cicd/gitops/understanding-openshift-gitops.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-gitops_{context}"]
 = About GitOps
 
diff --git a/modules/about-installing-oadp-on-multiple-namespaces.adoc b/modules/about-installing-oadp-on-multiple-namespaces.adoc
index a45f74871bd9..3e9d1bfc034b 100644
--- a/modules/about-installing-oadp-on-multiple-namespaces.adoc
+++ b/modules/about-installing-oadp-on-multiple-namespaces.adoc
@@ -3,11 +3,11 @@
 // * backup_and_restore/installing/about-installing-oadp.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-installing-oadp-on-multiple-namespaces_{context}"]
 = Installation of OADP on multiple namespaces
 
-You can install OADP into multiple namespaces on the same cluster so that multiple project owners can manage their own OADP instance. This use case has been validated with Restic and CSI.
+You can install OpenShift API for Data Protection (OADP) into multiple namespaces on the same cluster so that multiple project owners can manage their own OADP instance. This use case has been validated with File System Backup (FSB) and Container Storage Interface (CSI).
 
 You install each instance of OADP as specified by the per-platform procedures contained in this document with the following additional requirements:
 
diff --git a/modules/about-log-collection.adoc b/modules/about-log-collection.adoc
new file mode 100644
index 000000000000..dc3ccbb5e7a0
--- /dev/null
+++ b/modules/about-log-collection.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="about-log-collection_{context}"]
+= Log collection
+
+The log collector is a daemon set that deploys pods to each {product-title} node to collect container and node logs.
+
+By default, the log collector uses the following sources:
+
+* System and infrastructure logs generated by journald log messages from the operating system, the container runtime, and {product-title}.
+* `/var/log/containers/*.log` for all container logs.
+
+If you configure the log collector to collect audit logs, it collects them from `/var/log/audit/audit.log`.
+
+The log collector collects the logs from these sources and forwards them internally or externally depending on your {logging} configuration.
+
+[id="about-log-collectors-types_{context}"]
+== Log collector types
+
+link:https://vector.dev/docs/about/what-is-vector/[Vector] is a log collector offered as an alternative to Fluentd for the {logging}.
+
+You can configure which logging collector type your cluster uses by modifying the `ClusterLogging` custom resource (CR) `collection` spec:
+
+.Example ClusterLogging CR that configures Vector as the collector
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  collection:
+    logs:
+      type: vector
+      vector: {}
+# ...
+----
+
+[id="about-log-collectors-limitations_{context}"]
+== Log collection limitations
+
+The container runtimes provide minimal information to identify the source of log messages: project, pod name, and container ID. This information is not sufficient to uniquely identify the source of the logs. If a pod with a given name and project is deleted before the log collector begins processing its logs, information from the API server, such as labels and annotations, might not be available. There might not be a way to distinguish the log messages from a similarly named pod and project or trace the logs to their source. This limitation means that log collection and normalization are considered _best effort_.
+
+[IMPORTANT]
+====
+The available container runtimes provide minimal information to identify the source of log messages and do not guarantee unique individual log messages or that these messages can be traced to their source.
+====
diff --git a/modules/about-manually-maintained-credentials-upgrade.adoc b/modules/about-manually-maintained-credentials-upgrade.adoc
index 3abd90f3a528..06435d5a5c65 100644
--- a/modules/about-manually-maintained-credentials-upgrade.adoc
+++ b/modules/about-manually-maintained-credentials-upgrade.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-manual-creds-update.adoc
-// * authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="about-manually-maintained-credentials-upgrade_{context}"]
 = Update requirements for clusters with manually maintained credentials
@@ -29,25 +28,26 @@ For platforms that support using the CCO in multiple modes, you must determine w
 .Credentials update requirements by platform type
 image::334_OpenShift_cluster_updating_and_CCO_workflows_0523_4.11_B.png[Decision tree showing the possible update paths for your cluster depending on the configured CCO credentials mode.]
 
-{rh-openstack-first}, {rh-virtualization-first}, and VMware vSphere::
+{rh-openstack-first} and VMware vSphere::
 These platforms do not support using the CCO in manual mode. Clusters on these platforms handle changes in cloud provider resources automatically and do not require an update to the `upgradeable-to` annotation.
 +
 Administrators of clusters on these platforms should skip the manually maintained credentials section of the update process.
 
-{alibaba}, IBM Cloud, and Nutanix::
+{alibaba}, {ibm-cloud-title}, and Nutanix::
 Clusters installed on these platforms are configured using the `ccoctl` utility.
 +
 Administrators of clusters on these platforms must take the following actions:
 +
-. Configure the `ccoctl` utility for the new release.
-. Use the `ccoctl` utility to update the cloud provider resources.
+. Extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
+. Configure the `ccoctl` utility for the new release and use it to update the cloud provider resources.
 . Indicate that the cluster is ready to update with the `upgradeable-to` annotation.
 
 Microsoft Azure Stack Hub::
-These clusters use manual mode with long-lived credentials and do not use the `ccoctl` utility.
+These clusters use manual mode with long-term credentials and do not use the `ccoctl` utility.
 +
 Administrators of clusters on these platforms must take the following actions:
 +
+. Extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
 . Manually update the cloud provider resources for the new release.
 . Indicate that the cluster is ready to update with the `upgradeable-to` annotation.
 
diff --git a/modules/about-must-gather.adoc b/modules/about-must-gather.adoc
index c6e31b347f20..d8db6532040e 100644
--- a/modules/about-must-gather.adoc
+++ b/modules/about-must-gather.adoc
@@ -7,7 +7,7 @@
 // * service_mesh/v1x/servicemesh-release-notes.adoc
 // * serverless/serverless-support.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-must-gather_{context}"]
 = About the must-gather tool
 
@@ -44,7 +44,13 @@ $ oc adm must-gather -- /usr/bin/gather_audit_logs
 Audit logs are not collected as part of the default set of information to reduce the size of the files.
 ====
 
-When you run `oc adm must-gather`, a new pod with a random name is created in a new project on the cluster. The data is collected on that pod and saved in a new directory that starts with `must-gather.local`. This directory is created in the current working directory.
+ifndef::openshift-rosa,openshift-dedicated[]
+When you run `oc adm must-gather`, a new pod with a random name is created in a new project on the cluster. The data is collected on that pod and saved in a new directory that starts with `must-gather.local` in the current working directory.
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+When you run `oc adm must-gather`, the data is collected and saved in a new directory that starts with `must-gather.local` in the current working directory.
+endif::openshift-rosa,openshift-dedicated[]
 
 For example:
 
@@ -65,4 +71,4 @@ For example:
 ----
 $ oc adm must-gather --run-namespace <namespace> \
   --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion}
-----
\ No newline at end of file
+----
diff --git a/modules/about-oadp-update-channels.adoc b/modules/about-oadp-update-channels.adoc
index 1a46ba12cfe3..a99878241db3 100644
--- a/modules/about-oadp-update-channels.adoc
+++ b/modules/about-oadp-update-channels.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/installing/about-installing-oadp.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-oadp-update-channels_{context}"]
 = About OADP update channels
 
@@ -19,6 +19,8 @@ The following update channels are available:
 
 * The *stable-1.2* channel contains `oadp.v1.2._z_`, the most recent OADP 1.2 `ClusterServiceVersion`.
 
+* The *stable-1.3* channel contains `oadp.v1.3._z_`, the most recent OADP 1.3 `ClusterServiceVersion`.
+
 *Which update channel is right for you?*
 
 * The *stable* channel is now deprecated.  If you are already using the stable channel, you will continue to get updates from `oadp.v1.1._z_`.
diff --git a/modules/about-project-creation.adoc b/modules/about-project-creation.adoc
index f8fcbae54cc7..0d4ff0d96edb 100644
--- a/modules/about-project-creation.adoc
+++ b/modules/about-project-creation.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/projects/configuring-project-creation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-project-creation_{context}"]
 = About project creation
 
diff --git a/modules/about-redhat-openshift-gitops.adoc b/modules/about-redhat-openshift-gitops.adoc
index 0aff1b216ab5..6418a90e9c46 100644
--- a/modules/about-redhat-openshift-gitops.adoc
+++ b/modules/about-redhat-openshift-gitops.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift-docs/cicd/gitops/understanding-openshift-gitops.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-redhat-openshift-gitops_{context}"]
 = About {gitops-title}
 
diff --git a/modules/about-scaling-a-user-provisioned-installation-with-the-bare-metal-operator.adoc b/modules/about-scaling-a-user-provisioned-installation-with-the-bare-metal-operator.adoc
index b69932c9f83c..5c2678bc3a11 100644
--- a/modules/about-scaling-a-user-provisioned-installation-with-the-bare-metal-operator.adoc
+++ b/modules/about-scaling-a-user-provisioned-installation-with-the-bare-metal-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="about-scaling-a-user-provisioned-cluster-with-the-bare-metal-operator_{context}"]
 = About scaling a user-provisioned cluster with the Bare Metal Operator
diff --git a/modules/about-sosreport.adoc b/modules/about-sosreport.adoc
index 6d819a84a840..76487183ed2a 100644
--- a/modules/about-sosreport.adoc
+++ b/modules/about-sosreport.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-sosreport_{context}"]
 = About sosreport
 
diff --git a/modules/about-toolbox.adoc b/modules/about-toolbox.adoc
index 486ab0e6950f..bf771504d65c 100644
--- a/modules/about-toolbox.adoc
+++ b/modules/about-toolbox.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-toolbox_{context}"]
 = About `toolbox`
 
diff --git a/modules/about-using-gpu-operator.adoc b/modules/about-using-gpu-operator.adoc
index e9879d71049a..fb718fdea576 100644
--- a/modules/about-using-gpu-operator.adoc
+++ b/modules/about-using-gpu-operator.adoc
@@ -1,23 +1,11 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-using-nvidia-gpu_{context}"]
 = About using the NVIDIA GPU Operator
 
-The NVIDIA GPU Operator manages NVIDIA GPU resources in an {product-title} cluster and automates tasks related to bootstrapping GPU nodes.
-Since the GPU is a special resource in the cluster, you must install some components before deploying application workloads onto the GPU.
-These components include the NVIDIA drivers which enables compute unified device architecture (CUDA), Kubernetes device plugin, container runtime and others such as automatic node labelling, monitoring and more.
-[NOTE]
-====
-The NVIDIA GPU Operator is supported only by NVIDIA. For more information about obtaining support from NVIDIA, see link:https://access.redhat.com/solutions/5174941[Obtaining Support from NVIDIA].
-====
+You can use the NVIDIA GPU Operator with {VirtProductName} to rapidly provision worker nodes for running GPU-enabled virtual machines (VMs). The NVIDIA GPU Operator manages NVIDIA GPU resources in an {product-title} cluster and automates tasks that are required when preparing nodes for GPU workloads.
 
-There are two ways to enable GPUs with {product-title} {VirtProductName}: the {product-title}-native way described here and by using the NVIDIA GPU Operator.
-
-The NVIDIA GPU Operator is a Kubernetes Operator that enables {product-title} {VirtProductName} to expose GPUs to virtualized workloads running on {product-title}.
-It allows users to easily provision and manage GPU-enabled virtual machines, providing them with the ability to run complex artificial intelligence/machine learning (AI/ML) workloads on the same platform as their other workloads.
-It also provides an easy way to scale the GPU capacity of their infrastructure, allowing for rapid growth of GPU-based workloads.
-
-For more information about using the NVIDIA GPU Operator to provision worker nodes for running GPU-accelerated VMs, see link:https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/openshift/openshift-virtualization.html[NVIDIA GPU Operator with OpenShift Virtualization].
+Before you can deploy application workloads to a GPU resource, you must install components such as the NVIDIA drivers that enable the compute unified device architecture (CUDA), Kubernetes device plugin, container runtime, and other features, such as automatic node labeling and monitoring. By automating these tasks, you can quickly scale the GPU capacity of your infrastructure. The NVIDIA GPU Operator can especially facilitate provisioning complex artificial intelligence and machine learning (AI/ML) workloads.
\ No newline at end of file
diff --git a/modules/about-ztp.adoc b/modules/about-ztp.adoc
index f618e11dd7b3..42bd3daf9b03 100644
--- a/modules/about-ztp.adoc
+++ b/modules/about-ztp.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-ztp_{context}"]
 = Using {ztp} to provision clusters at the network far edge
 
@@ -18,6 +18,6 @@ A high-level overview of using {ztp} to provision and maintain bare-metal hosts
 
 * You make the hosts ready for provisioning as managed clusters, and use {rh-rhacm} and the assisted service to install the bare-metal hosts on site.
 
-Installing and deploying the clusters is a two-stage process, involving an initial installation phase, and a subsequent configuration phase. The following diagram illustrates this workflow:
+Installing and deploying the clusters is a two-stage process, involving an initial installation phase, and a subsequent configuration and deployment phase. The following diagram illustrates this workflow:
 
-image::217_OpenShift_Zero_Touch_Provisioning_updates_1022_2.png[Using GitOps and {ztp} to install and deploy managed clusters]
+image::474_OpenShift_OpenShift_RAN_RDS_arch_updates_1023.png[Using GitOps and {ztp} to install and deploy managed clusters]
diff --git a/modules/access-cluster.adoc b/modules/access-cluster.adoc
index 233466d4b87a..0c008038c516 100644
--- a/modules/access-cluster.adoc
+++ b/modules/access-cluster.adoc
@@ -3,7 +3,7 @@
 // * osd_install_access_delete_cluster/config-identity-providers.adoc
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="access-cluster_{context}"]
 = Accessing your cluster
 
diff --git a/modules/access-service.adoc b/modules/access-service.adoc
index a48382e04b52..a752b67a5c20 100644
--- a/modules/access-service.adoc
+++ b/modules/access-service.adoc
@@ -2,14 +2,14 @@
 //
 // * assemblies/adding-service.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="access-service_{context}"]
 
 = Accessing installed add-on services on your cluster
 
-After you successfully install an add-on service on your {product-title} 
+After you successfully install an add-on service on your {product-title}
 ifdef::openshift-rosa[]
-(ROSA) 
+(ROSA)
 endif::openshift-rosa[]
 cluster, you can access the service by using the OpenShift web console.
 
diff --git a/modules/accessing-an-example-cluster-node-tuning-operator-specification.adoc b/modules/accessing-an-example-cluster-node-tuning-operator-specification.adoc
index 6952da48f917..32934cfea12f 100644
--- a/modules/accessing-an-example-cluster-node-tuning-operator-specification.adoc
+++ b/modules/accessing-an-example-cluster-node-tuning-operator-specification.adoc
@@ -3,7 +3,7 @@
 // * scalability_and_performance/using-node-tuning-operator.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-an-example-node-tuning-operator-specification_{context}"]
 = Accessing an example Node Tuning Operator specification
 
@@ -15,7 +15,7 @@ Use this process to access an example Node Tuning Operator specification.
 +
 [source,terminal]
 ----
-$ oc get Tuned/default -o yaml -n openshift-cluster-node-tuning-operator
+oc get tuned.tuned.openshift.io/default -o yaml -n openshift-cluster-node-tuning-operator
 ----
 
 The default CR is meant for delivering standard node-level tuning for the {product-title} platform and it can only be modified to set the Operator Management state. Any other custom changes to the default CR will be overwritten by the Operator. For custom tuning, create your own Tuned CRs. Newly created CRs will be combined with the default CR and custom tuning applied to {product-title} nodes based on node or pod labels and profile priorities.
diff --git a/modules/accessing-hosts-on-aws.adoc b/modules/accessing-hosts-on-aws.adoc
index bf9a54c876f2..0ac515d3b849 100644
--- a/modules/accessing-hosts-on-aws.adoc
+++ b/modules/accessing-hosts-on-aws.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/accessing-hosts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-hosts-on-aws_{context}"]
 = Accessing hosts on Amazon Web Services in an installer-provisioned infrastructure cluster
 
diff --git a/modules/accessing-metrics-outside-cluster.adoc b/modules/accessing-metrics-outside-cluster.adoc
index ba88f496261b..9892681d1e9e 100644
--- a/modules/accessing-metrics-outside-cluster.adoc
+++ b/modules/accessing-metrics-outside-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-metrics-from-outside-cluster_{context}"]
 = Accessing metrics from outside the cluster for custom applications
 
diff --git a/modules/accessing-running-pods.adoc b/modules/accessing-running-pods.adoc
index 5513024f44b0..656f9a0257df 100644
--- a/modules/accessing-running-pods.adoc
+++ b/modules/accessing-running-pods.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/investigating-pod-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-running-pods_{context}"]
 = Accessing running pods
 
@@ -10,7 +10,12 @@ You can review running pods dynamically by opening a shell inside a pod or by ga
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/accessing-windows-node-using-rdp.adoc b/modules/accessing-windows-node-using-rdp.adoc
index 136d9cb95ee3..545b74623eb9 100644
--- a/modules/accessing-windows-node-using-rdp.adoc
+++ b/modules/accessing-windows-node-using-rdp.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-windows-node-using-rdp_{context}"]
 = Accessing a Windows node using RDP
 
diff --git a/modules/accessing-windows-node-using-ssh.adoc b/modules/accessing-windows-node-using-ssh.adoc
index 234e4fac65ff..3de1236351e2 100644
--- a/modules/accessing-windows-node-using-ssh.adoc
+++ b/modules/accessing-windows-node-using-ssh.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-windows-node-using-ssh_{context}"]
 = Accessing a Windows node using SSH
 
diff --git a/modules/add-user.adoc b/modules/add-user.adoc
index ca7fba2406ed..454101405757 100644
--- a/modules/add-user.adoc
+++ b/modules/add-user.adoc
@@ -2,7 +2,7 @@
 //
 // * assemblies/quickstart-osd.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-user_{context}"]
 = Adding a user
 
diff --git a/modules/adding-a-custom-logo.adoc b/modules/adding-a-custom-logo.adoc
index 72b86e611336..ce4023382b91 100644
--- a/modules/adding-a-custom-logo.adoc
+++ b/modules/adding-a-custom-logo.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-a-custom-logo_{context}"]
 = Adding a custom logo and product name
 
@@ -11,7 +11,7 @@ You can create custom branding by adding a custom logo or custom product name. Y
 .Prerequisites
 
 * You must have administrator privileges.
-* Create a file of the logo that you want to use. The logo can be a file in any common image format, including GIF, JPG, PNG, or SVG, and is constrained to a `max-height` of `60px`.
+* Create a file of the logo that you want to use. The logo can be a file in any common image format, including GIF, JPG, PNG, or SVG, and is constrained to a `max-width` of `200px` and a max-height` of `68px`. Image size must not exceed 1 MB due to constraints on the `ConfigMap` object size.
 
 .Procedure
 
diff --git a/modules/adding-bare-metal-host-to-cluster-using-web-console.adoc b/modules/adding-bare-metal-host-to-cluster-using-web-console.adoc
index dea67e07e3e3..68c045948985 100644
--- a/modules/adding-bare-metal-host-to-cluster-using-web-console.adoc
+++ b/modules/adding-bare-metal-host-to-cluster-using-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/managing-bare-metal-hosts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-bare-metal-host-to-cluster-using-web-console_{context}"]
 = Adding a bare metal host to the cluster using the web console
 
diff --git a/modules/adding-bare-metal-host-to-cluster-using-yaml.adoc b/modules/adding-bare-metal-host-to-cluster-using-yaml.adoc
index 50665bc96ce2..5db5921ae3de 100644
--- a/modules/adding-bare-metal-host-to-cluster-using-yaml.adoc
+++ b/modules/adding-bare-metal-host-to-cluster-using-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/managing-bare-metal-hosts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-bare-metal-host-to-cluster-using-yaml_{context}"]
 = Adding a bare metal host to the cluster using YAML in the web console
 
diff --git a/modules/adding-cluster-notification-contacts.adoc b/modules/adding-cluster-notification-contacts.adoc
index 655864015282..b27a8d68b23d 100644
--- a/modules/adding-cluster-notification-contacts.adoc
+++ b/modules/adding-cluster-notification-contacts.adoc
@@ -4,16 +4,16 @@
 // * osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
 // * logging/sd-accessing-the-service-logs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-cluster-notification-contacts_{context}"]
 = Adding cluster notification contacts
 
-You can add notification contacts for your 
+You can add notification contacts for your
 ifdef::openshift-dedicated[]
-{product-title} 
+{product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-{product-title} (ROSA) 
+{product-title} (ROSA)
 endif::openshift-rosa[]
 cluster. When an event occurs that triggers a cluster notification email, subscribed users are notified.
 
diff --git a/modules/adding-custom-notification-banners.adoc b/modules/adding-custom-notification-banners.adoc
index 15ddd52527d7..917dbc0d51f4 100644
--- a/modules/adding-custom-notification-banners.adoc
+++ b/modules/adding-custom-notification-banners.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-custom-notification-banners_{context}"]
 = Creating custom notification banners
 
diff --git a/modules/adding-service-existing.adoc b/modules/adding-service-existing.adoc
index 62e20985eca8..974c8b4daa0f 100644
--- a/modules/adding-service-existing.adoc
+++ b/modules/adding-service-existing.adoc
@@ -2,14 +2,14 @@
 //
 // * assemblies/adding-service.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-service-existing_{context}"]
 
 = Adding an add-on service to a cluster
 
-You can add an add-on service to an existing {product-title} 
+You can add an add-on service to an existing {product-title}
 ifdef::openshift-rosa[]
-(ROSA) 
+(ROSA)
 endif::openshift-rosa[]
 cluster by using {cluster-manager-first}.
 
diff --git a/modules/adding-tab-pods-page.adoc b/modules/adding-tab-pods-page.adoc
index a51172c1fd69..fd4e8781dc44 100644
--- a/modules/adding-tab-pods-page.adoc
+++ b/modules/adding-tab-pods-page.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/dynamic-plugin-example.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-tab-to-pods-page_{context}"]
 = Adding a tab to the pods page
 
diff --git a/modules/adding-tls-termination.adoc b/modules/adding-tls-termination.adoc
index 2192b5d6b3f9..026485c59275 100644
--- a/modules/adding-tls-termination.adoc
+++ b/modules/adding-tls-termination.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/aws_load_balancer_operator/add-tls-termination.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-adding-tls-termination_{context}"]
 = Adding TLS termination on the AWS Load Balancer
 
@@ -21,13 +21,12 @@ You can route the traffic for the domain to pods of a service and add TLS termin
 apiVersion: networking.olm.openshift.io/v1
 kind: AWSLoadBalancerController
 metadata:
-  name: cluster <1>
+  name: cluster
 spec:
-  subnetTagging: auto
-  ingressClass: tls-termination <2>
+  subnetTagging: Auto
+  ingressClass: tls-termination <1>
 ----
-<1> Defines the `aws-load-balancer-controller` instance.
-<2> Defines the name of an `ingressClass` resource reconciled by the AWS Load Balancer Controller. This `ingressClass` resource gets created if it is not present. You can add additional `ingressClass` values. The controller reconciles the `ingressClass` values if the `spec.controller` is set to `ingress.k8s.aws/alb`.
+<1> Defines the name of an `ingressClass` resource reconciled by the AWS Load Balancer Controller. This `ingressClass` resource gets created if it is not present. You can add additional `ingressClass` values. The controller reconciles the `ingressClass` values if the `spec.controller` is set to `ingress.k8s.aws/alb`.
 
 . Create an `Ingress` resource:
 +
diff --git a/modules/adding-to-a-project.adoc b/modules/adding-to-a-project.adoc
index 5cc909680bb7..425d8fa873d4 100644
--- a/modules/adding-to-a-project.adoc
+++ b/modules/adding-to-a-project.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-to-a-project_{context}"]
 = Adding to a project
 
diff --git a/modules/adding-yaml-examples-to-kube-resources.adoc b/modules/adding-yaml-examples-to-kube-resources.adoc
index d179f415b02e..22dd14d5cfcd 100644
--- a/modules/adding-yaml-examples-to-kube-resources.adoc
+++ b/modules/adding-yaml-examples-to-kube-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-yaml-examples-to-kube-resources_{context}"]
 = Adding YAML examples to Kubernetes resources
 
diff --git a/modules/admin-credentials-root-secret-formats.adoc b/modules/admin-credentials-root-secret-formats.adoc
index 03e566790073..ff2ab4d917eb 100644
--- a/modules/admin-credentials-root-secret-formats.adoc
+++ b/modules/admin-credentials-root-secret-formats.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "cco-mode-passthrough"]
 :passthrough:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="admin-credentials-root-secret-formats_{context}"]
 = Admin credentials root secret format
 
@@ -108,23 +108,6 @@ data:
   clouds.conf: <base64-encoded_cloud_creds_init>
 ----
 
-.{rh-virtualization-first} secret format
-
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  namespace: kube-system
-  name: ovirt-credentials
-data:
-  ovirt_url: <base64-encoded_url>
-  ovirt_username: <base64-encoded_username>
-  ovirt_password: <base64-encoded_password>
-  ovirt_insecure: <base64-encoded_insecure>
-  ovirt_ca_bundle: <base64-encoded_ca_bundle>
-----
-
 .VMware vSphere secret format
 
 [source,yaml]
@@ -146,4 +129,4 @@ ifeval::["{context}" == "cco-mode-mint"]
 endif::[]
 ifeval::["{context}" == "cco-mode-passthrough"]
 :!passthrough:
-endif::[]
\ No newline at end of file
+endif::[]
diff --git a/modules/admission-plug-ins-about.adoc b/modules/admission-plug-ins-about.adoc
index 0616ddd904c3..c5aecaad5f23 100644
--- a/modules/admission-plug-ins-about.adoc
+++ b/modules/admission-plug-ins-about.adoc
@@ -2,11 +2,11 @@
 //
 // * architecture/admission-plug-ins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="admission-plug-ins-about_{context}"]
 = About admission plugins
 
-Admission plugins are used to help regulate how {product-title} {product-version} functions. Admission plugins intercept requests to the master API to validate resource requests and ensure policies are adhered to, after the request is authenticated and authorized. For example, they are commonly used to enforce security policy, resource limitations or configuration requirements.
+Admission plugins intercept requests to the master API to validate resource requests. After a request is authenticated and authorized, the admission plugins ensure that any associated policies are followed. For example, they are commonly used to enforce security policy, resource limitations or configuration requirements.
 
 Admission plugins run in sequence as an admission chain. If any admission plugin in the sequence rejects a request, the whole chain is aborted and an error is returned.
 
diff --git a/modules/admission-plug-ins-default.adoc b/modules/admission-plug-ins-default.adoc
index 6ef96178cbc8..c14838ee89bd 100644
--- a/modules/admission-plug-ins-default.adoc
+++ b/modules/admission-plug-ins-default.adoc
@@ -5,8 +5,14 @@
 [id="admission-plug-ins-default_{context}"]
 = Default admission plugins
 
+ifndef::openshift-rosa,openshift-dedicated[]
 //Future xref - A set of default admission plugins is enabled in {product-title} {product-version}. These default plugins contribute to fundamental control plane functionality, such as ingress policy, xref:../nodes/clusters/nodes-cluster-overcommit.adoc#nodes-cluster-resource-override_nodes-cluster-overcommit[cluster resource limit override] and quota policy.
-Default validating and admission plugins are enabled in {product-title} {product-version}. These default plugins contribute to fundamental control plane functionality, such as ingress policy, cluster resource limit override and quota policy. The following lists contain the default admission plugins:
+endif::openshift-rosa,openshift-dedicated[]
+Default validating and admission plugins are enabled in {product-title} {product-version}. These default plugins contribute to fundamental control plane functionality, such as ingress policy, cluster resource limit override and quota policy. 
+
+include::snippets/default-projects.adoc[]
+
+The following lists contain the default admission plugins:
 
 .Validating admission plugins
 [%collapsible]
diff --git a/modules/admission-webhooks-about.adoc b/modules/admission-webhooks-about.adoc
index 6a8a92b02180..7b3178097258 100644
--- a/modules/admission-webhooks-about.adoc
+++ b/modules/admission-webhooks-about.adoc
@@ -9,10 +9,26 @@ In addition to {product-title} default admission plugins, dynamic admission can
 
 There are two types of webhook admission plugins in {product-title}:
 
+ifndef::openshift-rosa,openshift-dedicated[]
 //Future xref - * During the admission process, xref:../architecture/admission-plug-ins.adoc#mutating-admission-plug-in[the mutating admission plugin] can perform tasks, such as injecting affinity labels.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa[]
+//Future xref - * During the admission process, xref:../rosa_architecture/rosa-admission-plug-ins.adoc#mutating-admission-plug-in[the mutating admission plugin] can perform tasks, such as injecting affinity labels.
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+//Future xref - * During the admission process, xref:../osd_architecture/osd-admission-plug-ins.adoc#mutating-admission-plug-in[the mutating admission plugin] can perform tasks, such as injecting affinity labels.
+endif::openshift-dedicated[]
 * During the admission process, the _mutating admission plugin_ can perform tasks, such as injecting affinity labels.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 //Future xref - * At the end of the admission process, xref:../architecture/admission-plug-ins.adoc#validating-admission-plug-in[the validating admission plugin] makes sure an object is configured properly, for example ensuring affinity labels are as expected. If the validation passes, {product-title} schedules the object as configured.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa[]
+//Future xref - * At the end of the admission process, xref:../rosa_architecture/rosa-admission-plug-ins.html#validating-admission-plug-in_admission-plug-ins[the validating admission plugin] makes sure an object is configured properly, for example ensuring affinity labels are as expected. If the validation passes, {product-title} schedules the object as configured.
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+//Future xref - * At the end of the admission process, xref:../osd_architecture/osd-admission-plug-ins.html#validating-admission-plug-in_admission-plug-ins[the validating admission plugin] makes sure an object is configured properly, for example ensuring affinity labels are as expected. If the validation passes, {product-title} schedules the object as configured.
+endif::openshift-dedicated[]
 * At the end of the admission process, the _validating admission plugin_ can be used to make sure an object is configured properly, for example ensuring affinity labels are as expected. If the validation passes, {product-title} schedules the object as configured.
 
 When an API request comes in, mutating or validating admission plugins use the list of external webhooks in the configuration and call them in parallel:
@@ -25,8 +41,10 @@ When an API request comes in, mutating or validating admission plugins use the l
 
 * If an error is encountered when calling a webhook, the request is either denied or the webhook is ignored depending on the error policy set. If the error policy is set to `Ignore`, the request is unconditionally accepted in the event of a failure. If the policy is set to `Fail`, failed requests are denied. Using `Ignore` can result in unpredictable behavior for all clients.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 //Future xrefs - Communication between the webhook admission plugin and the webhook server must use TLS. Generate a certificate authority (CA) certificate and use the certificate to sign the server certificate that is used by your webhook server. The PEM-encoded CA certificate is supplied to the webhook admission plugin using a mechanism, such as xref:../security/certificates/service-serving-certificate.adoc#service-serving-certificate[service serving certificate secrets].
 Communication between the webhook admission plugin and the webhook server must use TLS. Generate a CA certificate and use the certificate to sign the server certificate that is used by your webhook admission server. The PEM-encoded CA certificate is supplied to the webhook admission plugin using a mechanism, such as service serving certificate secrets.
+endif::openshift-rosa,openshift-dedicated[]
 
 The following diagram illustrates the sequential admission chain process within which multiple webhook servers are called.
 
@@ -41,9 +59,11 @@ Some common webhook admission plugin use cases include:
 * Namespace reservation.
 //Future xrefs - * :../networking/hardware_networks/configuring-sriov-operator.adoc#configuring-sriov-operator[Limiting custom network resources managed by the SR-IOV network device plugin].
 * Limiting custom network resources managed by the SR-IOV network device plugin.
+ifndef::openshift-rosa,openshift-dedicated[]
 //Future xref - * xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations_dedicating_nodes-scheduler-taints-tolerations[Defining tolerations that enable taints to qualify which pods should be scheduled on a node].
 * Defining tolerations that enable taints to qualify which pods should be scheduled on a node.
 //Future xref - * xref:../nodes/pods/nodes-pods-priority.adoc#admin-guide-priority-preemption-names_nodes-pods-priority[Pod priority class validation].
+endif::openshift-rosa,openshift-dedicated[]
 * Pod priority class validation.
 
 [NOTE]
diff --git a/modules/advanced-node-tuning-hosted-cluster.adoc b/modules/advanced-node-tuning-hosted-cluster.adoc
index 750ff762b47d..cf99ac097872 100644
--- a/modules/advanced-node-tuning-hosted-cluster.adoc
+++ b/modules/advanced-node-tuning-hosted-cluster.adoc
@@ -1,14 +1,12 @@
 // Module included in the following assemblies:
 //
 // * scalability_and_performance/using-node-tuning-operator.adoc
+// * hosted_control_planes/hcp-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="advanced-node-tuning-hosted-cluster_{context}"]
 = Advanced node tuning for hosted clusters by setting kernel boot parameters
 
-:FeatureName: Hosted control planes
-include::snippets/technology-preview.adoc[]
-
 For more advanced tuning in hosted control planes, which requires setting kernel boot parameters, you can also use the Node Tuning Operator. The following example shows how you can create a node pool with huge pages reserved.
 
 .Procedure
@@ -55,7 +53,7 @@ The `.spec.recommend.match` field is intentionally left blank. In this case, thi
 $ oc --kubeconfig="$MGMT_KUBECONFIG" create -f tuned-hugepages.yaml
 ----
 
-. Create a `NodePool` manifest YAML file, customize the upgrade type of the `NodePool`, and reference the `ConfigMap` object that you created in the `spec.tuningConfig` section. Create the `NodePool` manifest and save it in a file named `hugepages-nodepool.yaml` by using the `hypershift` CLI:
+. Create a `NodePool` manifest YAML file, customize the upgrade type of the `NodePool`, and reference the `ConfigMap` object that you created in the `spec.tuningConfig` section. Create the `NodePool` manifest and save it in a file named `hugepages-nodepool.yaml` by using the `hcp` CLI:
 +
 [source,yaml]
 ----
@@ -63,7 +61,7 @@ $ oc --kubeconfig="$MGMT_KUBECONFIG" create -f tuned-hugepages.yaml
     INSTANCE_TYPE=m5.2xlarge
     NODEPOOL_REPLICAS=2
 
-    hypershift create nodepool aws \
+    hcp create nodepool aws \
       --cluster-name $CLUSTER_NAME \
       --name $NODEPOOL_NAME \
       --node-count $NODEPOOL_REPLICAS \
@@ -110,7 +108,7 @@ After the nodes are available, the containerized TuneD daemon calculates the req
 +
 [source,terminal]
 ----
-$ oc --kubeconfig="$HC_KUBECONFIG" get Tuneds -n openshift-cluster-node-tuning-operator
+$ oc --kubeconfig="$HC_KUBECONFIG" get tuned.tuned.openshift.io -n openshift-cluster-node-tuning-operator
 ----
 +
 .Example output
@@ -121,12 +119,12 @@ default              123m
 hugepages-8dfb1fed   1m23s
 rendered             123m
 ----
-   
+
 . List the `Profile` objects in the hosted cluster:
 +
 [source,terminal]
 ----
-$ oc --kubeconfig="$HC_KUBECONFIG" get Profiles -n openshift-cluster-node-tuning-operator
+$ oc --kubeconfig="$HC_KUBECONFIG" get profile.tuned.openshift.io -n openshift-cluster-node-tuning-operator
 ----
 +
 .Example output
diff --git a/modules/agent-configuration-parameters.adoc b/modules/agent-configuration-parameters.adoc
new file mode 100644
index 000000000000..0e0cc3782c09
--- /dev/null
+++ b/modules/agent-configuration-parameters.adoc
@@ -0,0 +1,124 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_with_agent_based_installer/installation-config-parameters-agent.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="agent-configuration-parameters_{context}"]
+= Available Agent configuration parameters
+
+The following tables specify the required and optional Agent configuration parameters that you can set as part of the Agent-based installation process.
+
+These values are specified in the `agent-config.yaml` file.
+
+[NOTE]
+====
+These settings are used for installation only, and cannot be modified after installation.
+====
+
+[id="agent-configuration-parameters-required_{context}"]
+== Required configuration parameters
+
+Required Agent configuration parameters are described in the following table:
+
+.Required parameters
+[cols=".^2l,.^3,.^5a",options="header"]
+|====
+|Parameter|Description|Values
+
+|apiVersion:
+|The API version for the `agent-config.yaml` content.
+The current version is `v1beta1`.
+The installation program might also support older API versions.
+|String
+
+|metadata:
+|Kubernetes resource `ObjectMeta`, from which only the `name` parameter is consumed.
+|Object
+
+|metadata:
+  name:
+|The name of the cluster.
+DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`.
+The value entered in the `agent-config.yaml` file is ignored, and instead the value specified in the `install-config.yaml` file is used.
+When you do not provide `metadata.name` through either the `install-config.yaml` or `agent-config.yaml` files, for example when you use only ZTP manifests, the cluster name is set to `agent-cluster`.
+|String of lowercase letters and hyphens (`-`), such as `dev`.
+|====
+
+
+[id="agent-configuration-parameters-optional_{context}"]
+== Optional configuration parameters
+
+Optional Agent configuration parameters are described in the following table:
+
+.Optional parameters
+[cols=".^2l,.^4,.^4a",options="header"]
+|====
+|Parameter|Description|Values
+
+|rendezvousIP:
+|The IP address of the node that performs the bootstrapping process as well as running the `assisted-service` component.
+You must provide the rendezvous IP address when you do not specify at least one host's IP address in the `networkConfig` parameter.
+If this address is not provided, one IP address is selected from the provided hosts' `networkConfig`.
+|IPv4 or IPv6 address.
+
+|bootArtifactsBaseURL:
+|The URL of the server to upload Preboot Execution Environment (PXE) assets to when using the Agent-based Installer to generate an iPXE script.
+For more information, see "Preparing PXE assets for {product-title}".
+|String.
+
+|additionalNTPSources:
+|A list of Network Time Protocol (NTP) sources to be added to all cluster hosts, which are added to any NTP sources that are configured through other means.
+|List of hostnames or IP addresses.
+
+|hosts:
+|Host configuration.
+An optional list of hosts.
+The number of hosts defined must not exceed the total number of hosts defined in the `install-config.yaml` file, which is the sum of the values of the `compute.replicas` and `controlPlane.replicas` parameters.
+|An array of host configuration objects.
+
+|hosts:
+  hostname:
+|Hostname.
+Overrides the hostname obtained from either the Dynamic Host Configuration Protocol (DHCP) or a reverse DNS lookup.
+Each host must have a unique hostname supplied by one of these methods, although configuring a hostname through this parameter is optional.
+|String.
+
+|hosts:
+  interfaces:
+|Provides a table of the name and MAC address mappings for the interfaces on the host.
+If a `NetworkConfig` section is provided in the `agent-config.yaml` file, this table must be included and the values must match the mappings provided in the `NetworkConfig` section.
+|An array of host configuration objects.
+
+|hosts:
+  interfaces:
+    name:
+|The name of an interface on the host.
+|String.
+
+|hosts:
+  interfaces:
+    macAddress:
+|The MAC address of an interface on the host.
+|A MAC address such as the following example: `00-B0-D0-63-C2-26`
+
+|hosts:
+  rootDeviceHints:
+|Enables provisioning of the {op-system-first} image to a particular device.
+The installation program examines the devices in the order it discovers them, and compares the discovered values with the hint values.
+It uses the first discovered device that matches the hint value.
+This is the device that the operating system is written on during installation.
+|A dictionary of key-value pairs.
+For more information, see "Root device hints" in the "Setting up the environment for an OpenShift installation" page.
+
+|hosts:
+  rootDeviceHints:
+    deviceName:
+|The name of the device the {op-system} image is provisioned to.
+|String.
+
+|hosts:
+  networkConfig:
+|The host network definition.
+The configuration must match the Host Network Management API defined in the link:https://nmstate.io/[nmstate documentation].
+|A dictionary of host network configuration objects.
+|====
\ No newline at end of file
diff --git a/modules/agent-install-about-mirroring-for-disconnected-registry.adoc b/modules/agent-install-about-mirroring-for-disconnected-registry.adoc
index 2e041c2cbdc6..427b5f87038f 100644
--- a/modules/agent-install-about-mirroring-for-disconnected-registry.adoc
+++ b/modules/agent-install-about-mirroring-for-disconnected-registry.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_with_agent_based_installer/understanding-disconnected-installation-mirroring.adoc
 // re-use of applicable content from disconnected install mirroring
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="agent-install-about-mirroring-for-disconnected-registry_{context}"]
 = About mirroring the {product-title} image repository for a disconnected registry
 
diff --git a/modules/agent-install-configuring-for-disconnected-registry.adoc b/modules/agent-install-configuring-for-disconnected-registry.adoc
index e1a8378c6594..2c9b27c2917c 100644
--- a/modules/agent-install-configuring-for-disconnected-registry.adoc
+++ b/modules/agent-install-configuring-for-disconnected-registry.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_with_agent_based_installer/understanding-disconnected-installation-mirroring.adoc
 
-:_content-type: Procedure[id="agent-install-configuring-for-disconnected-registry_{context}"]
+:_mod-docs-content-type: Procedure[id="agent-install-configuring-for-disconnected-registry_{context}"]
 = Configuring the Agent-based Installer to use mirrored images
 
 You must use the output of either the `oc adm release mirror` command or the oc-mirror plugin to configure the Agent-based Installer to use mirrored images.
diff --git a/modules/agent-install-dns-none.adoc b/modules/agent-install-dns-none.adoc
new file mode 100644
index 000000000000..65cdf6425edb
--- /dev/null
+++ b/modules/agent-install-dns-none.adoc
@@ -0,0 +1,172 @@
+:_mod-docs-content-type: CONCEPT
+[id="agent-install-dns-none_{context}"]
+= Platform "none" DNS requirements
+
+In {product-title} deployments, DNS name resolution is required for the following components:
+
+* The Kubernetes API
+* The {product-title} application wildcard
+* The control plane and compute machines
+
+Reverse DNS resolution is also required for the Kubernetes API, the control plane machines, and the compute machines.
+
+DNS A/AAAA or CNAME records are used for name resolution and PTR records are used for reverse name resolution. The reverse records are important because {op-system-first} uses the reverse records to set the hostnames for all the nodes, unless the hostnames are provided by DHCP. Additionally, the reverse records are used to generate the certificate signing requests (CSR) that {product-title} needs to operate.
+
+[NOTE]
+====
+It is recommended to use a DHCP server to provide the hostnames to each cluster node.
+====
+
+The following DNS records are required for an {product-title} cluster using the platform `none` option and they must be in place before installation. In each record, `<cluster_name>` is the cluster name and `<base_domain>` is the base domain that you specify in the `install-config.yaml` file. A complete DNS record takes the form: `<component>.<cluster_name>.<base_domain>.`.
+
+.Required DNS records
+[cols="1a,3a,5a",options="header"]
+|===
+
+|Component
+|Record
+|Description
+
+.2+a|Kubernetes API
+|`api.<cluster_name>.<base_domain>.`
+|A DNS A/AAAA or CNAME record, and a DNS PTR record, to identify the API load balancer. These records must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
+
+|`api-int.<cluster_name>.<base_domain>.`
+|A DNS A/AAAA or CNAME record, and a DNS PTR record, to internally identify the API load balancer. These records must be resolvable from all the nodes within the cluster.
+[IMPORTANT]
+====
+The API server must be able to resolve the worker nodes by the hostnames
+that are recorded in Kubernetes. If the API server cannot resolve the node
+names, then proxied API calls can fail, and you cannot retrieve logs from pods.
+====
+
+|Routes
+|`*.apps.<cluster_name>.<base_domain>.`
+|A wildcard DNS A/AAAA or CNAME record that refers to the application ingress load balancer. The application ingress load balancer targets the machines that run the Ingress Controller pods. The Ingress Controller pods run on the compute machines by default. These records must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
+
+For example, `console-openshift-console.apps.<cluster_name>.<base_domain>` is used as a wildcard route to the {product-title} console.
+
+|Control plane machines
+|`<master><n>.<cluster_name>.<base_domain>.`
+|DNS A/AAAA or CNAME records and DNS PTR records to identify each machine
+for the control plane nodes. These records must be resolvable by the nodes within the cluster.
+
+|Compute machines
+|`<worker><n>.<cluster_name>.<base_domain>.`
+|DNS A/AAAA or CNAME records and DNS PTR records to identify each machine
+for the worker nodes. These records must be resolvable by the nodes within the cluster.
+
+|===
+
+[NOTE]
+====
+In {product-title} 4.4 and later, you do not need to specify etcd host and SRV records in your DNS configuration.
+====
+
+[TIP]
+====
+You can use the `dig` command to verify name and reverse name resolution.
+====
+
+[id="agent-install-dns-none-example_{context}"]
+== Example DNS configuration for platform "none" clusters
+
+This section provides A and PTR record configuration samples that meet the DNS requirements for deploying {product-title} using the platform `none` option. The samples are not meant to provide advice for choosing one DNS solution over another.
+
+In the examples, the cluster name is `ocp4` and the base domain is `example.com`.
+
+.Example DNS A record configuration for a platform "none" cluster
+
+The following example is a BIND zone file that shows sample A records for name resolution in a cluster using the platform `none` option.
+
+.Sample DNS zone database
+[%collapsible]
+====
+[source,text]
+----
+$TTL 1W
+@	IN	SOA	ns1.example.com.	root (
+			2019070700	; serial
+			3H		; refresh (3 hours)
+			30M		; retry (30 minutes)
+			2W		; expiry (2 weeks)
+			1W )		; minimum (1 week)
+	IN	NS	ns1.example.com.
+	IN	MX 10	smtp.example.com.
+;
+;
+ns1.example.com.		IN	A	192.168.1.5
+smtp.example.com.		IN	A	192.168.1.5
+;
+helper.example.com.		IN	A	192.168.1.5
+helper.ocp4.example.com.	IN	A	192.168.1.5
+;
+api.ocp4.example.com.		IN	A	192.168.1.5 <1>
+api-int.ocp4.example.com.	IN	A	192.168.1.5 <2>
+;
+*.apps.ocp4.example.com.	IN	A	192.168.1.5 <3>
+;
+master0.ocp4.example.com.	IN	A	192.168.1.97 <4>
+master1.ocp4.example.com.	IN	A	192.168.1.98 <4>
+master2.ocp4.example.com.	IN	A	192.168.1.99 <4>
+;
+worker0.ocp4.example.com.	IN	A	192.168.1.11 <5>
+worker1.ocp4.example.com.	IN	A	192.168.1.7 <5>
+;
+;EOF
+----
+
+<1> Provides name resolution for the Kubernetes API. The record refers to the IP address of the API load balancer.
+<2> Provides name resolution for the Kubernetes API. The record refers to the IP address of the API load balancer and is used for internal cluster communications.
+<3> Provides name resolution for the wildcard routes. The record refers to the IP address of the application ingress load balancer. The application ingress load balancer targets the machines that run the Ingress Controller pods. The Ingress Controller pods run on the compute machines by default.
++
+[NOTE]
+=====
+In the example, the same load balancer is used for the Kubernetes API and application ingress traffic. In production scenarios, you can deploy the API and application ingress load balancers separately so that you can scale the load balancer infrastructure for each in isolation.
+=====
++
+<4> Provides name resolution for the control plane machines.
+<5> Provides name resolution for the compute machines.
+====
+
+.Example DNS PTR record configuration for a platform "none" cluster
+
+The following example BIND zone file shows sample PTR records for reverse name resolution in a cluster using the platform `none` option.
+
+.Sample DNS zone database for reverse records
+[%collapsible]
+====
+[source,text]
+----
+$TTL 1W
+@	IN	SOA	ns1.example.com.	root (
+			2019070700	; serial
+			3H		; refresh (3 hours)
+			30M		; retry (30 minutes)
+			2W		; expiry (2 weeks)
+			1W )		; minimum (1 week)
+	IN	NS	ns1.example.com.
+;
+5.1.168.192.in-addr.arpa.	IN	PTR	api.ocp4.example.com. <1>
+5.1.168.192.in-addr.arpa.	IN	PTR	api-int.ocp4.example.com. <2>
+;
+97.1.168.192.in-addr.arpa.	IN	PTR	master0.ocp4.example.com. <3>
+98.1.168.192.in-addr.arpa.	IN	PTR	master1.ocp4.example.com. <3>
+99.1.168.192.in-addr.arpa.	IN	PTR	master2.ocp4.example.com. <3>
+;
+11.1.168.192.in-addr.arpa.	IN	PTR	worker0.ocp4.example.com. <4>
+7.1.168.192.in-addr.arpa.	IN	PTR	worker1.ocp4.example.com. <4>
+;
+;EOF
+----
+
+<1> Provides reverse DNS resolution for the Kubernetes API. The PTR record refers to the record name of the API load balancer.
+<2> Provides reverse DNS resolution for the Kubernetes API. The PTR record refers to the record name of the API load balancer and is used for internal cluster communications.
+<3> Provides reverse DNS resolution for the control plane machines.
+<4> Provides reverse DNS resolution for the compute machines.
+====
+
+[NOTE]
+====
+A PTR record is not required for the {product-title} application wildcard.
+====
\ No newline at end of file
diff --git a/modules/agent-install-ipi-install-root-device-hints.adoc b/modules/agent-install-ipi-install-root-device-hints.adoc
index 15133769910e..bac0f3e92a57 100644
--- a/modules/agent-install-ipi-install-root-device-hints.adoc
+++ b/modules/agent-install-ipi-install-root-device-hints.adoc
@@ -2,7 +2,7 @@
 //
 // preparing-to-install-with-agent-based-installer.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id='root-device-hints_{context}']
 = About root device hints
 
@@ -13,7 +13,7 @@ The `rootDeviceHints` parameter enables the installer to provision the {op-syste
 |===
 | Subfield | Description
 
-| `deviceName` | A string containing a Linux device name like `/dev/vda`. The hint must match the actual value exactly.
+| `deviceName` | A string containing a Linux device name such as `/dev/vda` or `/dev/disk/by-path/`. It is recommended to use the `/dev/disk/by-path/<device_path>` link to the storage location. The hint must match the actual value exactly.
 
 | `hctl` | A string containing a SCSI bus address like `0:0:0:0`. The hint must match the actual value exactly.
 
diff --git a/modules/agent-install-load-balancing-none.adoc b/modules/agent-install-load-balancing-none.adoc
new file mode 100644
index 000000000000..c9e932205ec4
--- /dev/null
+++ b/modules/agent-install-load-balancing-none.adoc
@@ -0,0 +1,190 @@
+:_mod-docs-content-type: CONCEPT
+[id="agent-install-load-balancing-none_{context}"]
+= Platform "none" Load balancing requirements
+
+
+Before you install {product-title}, you must provision the API and application Ingress load balancing infrastructure. In production scenarios, you can deploy the API and application Ingress load balancers separately so that you can scale the load balancer infrastructure for each in isolation.
+
+[NOTE]
+====
+These requirements do not apply to single-node OpenShift clusters using the platform `none` option.
+====
+
+[NOTE]
+====
+If you want to deploy the API and application Ingress load balancers with a {op-system-base-full} instance, you must purchase the {op-system-base} subscription separately.
+====
+
+The load balancing infrastructure must meet the following requirements:
+
+. *API load balancer*: Provides a common endpoint for users, both human and machine, to interact with and configure the platform. Configure the following conditions:
++
+--
+  ** Layer 4 load balancing only. This can be referred to as Raw TCP, SSL Passthrough, or SSL Bridge mode. If you use SSL Bridge mode, you must enable Server Name Indication (SNI) for the API routes.
+  ** A stateless load balancing algorithm. The options vary based on the load balancer implementation.
+--
++
+[IMPORTANT]
+====
+Do not configure session persistence for an API load balancer.
+====
++
+Configure the following ports on both the front and back of the load balancers:
++
+.API load balancer
+[cols="2,5,^2,^2,2",options="header"]
+|===
+
+|Port
+|Back-end machines (pool members)
+|Internal
+|External
+|Description
+
+|`6443`
+|Control plane. You must configure the `/readyz` endpoint for the API server health check probe.
+|X
+|X
+|Kubernetes API server
+
+|`22623`
+|Control plane.
+|X
+|
+|Machine config server
+
+|===
++
+[NOTE]
+====
+The load balancer must be configured to take a maximum of 30 seconds from the
+time the API server turns off the `/readyz` endpoint to the removal of the API
+server instance from the pool. Within the time frame after `/readyz` returns an
+error or becomes healthy, the endpoint must have been removed or added. Probing
+every 5 or 10 seconds, with two successful requests to become healthy and three
+to become unhealthy, are well-tested values.
+====
++
+. *Application Ingress load balancer*: Provides an ingress point for application traffic flowing in from outside the cluster. A working configuration for the Ingress router is required for an {product-title} cluster.
++
+Configure the following conditions:
++
+--
+  ** Layer 4 load balancing only. This can be referred to as Raw TCP, SSL Passthrough, or SSL Bridge mode. If you use SSL Bridge mode, you must enable Server Name Indication (SNI) for the ingress routes.
+  ** A connection-based or session-based persistence is recommended, based on the options available and types of applications that will be hosted on the platform.
+--
++
+[TIP]
+====
+If the true IP address of the client can be seen by the application Ingress load balancer, enabling source IP-based session persistence can improve performance for applications that use end-to-end TLS encryption.
+====
++
+Configure the following ports on both the front and back of the load balancers:
++
+.Application Ingress load balancer
+[cols="2,5,^2,^2,2",options="header"]
+|===
+
+|Port
+|Back-end machines (pool members)
+|Internal
+|External
+|Description
+
+|`443`
+|The machines that run the Ingress Controller pods, compute, or worker, by default.
+|X
+|X
+|HTTPS traffic
+
+|`80`
+|The machines that run the Ingress Controller pods, compute, or worker, by default.
+|X
+|X
+|HTTP traffic
+
+|===
++
+[NOTE]
+====
+If you are deploying a three-node cluster with zero compute nodes, the Ingress Controller pods run on the control plane nodes. In three-node cluster deployments, you must configure your application Ingress load balancer to route HTTP and HTTPS traffic to the control plane nodes.
+====
+
+[id="agent-install-load-balancing-none-example_{context}"]
+== Example load balancer configuration for platform "none" clusters
+
+This section provides an example API and application Ingress load balancer configuration that meets the load balancing requirements for clusters using the platform `none` option. The sample is an `/etc/haproxy/haproxy.cfg` configuration for an HAProxy load balancer. The example is not meant to provide advice for choosing one load balancing solution over another.
+
+In the example, the same load balancer is used for the Kubernetes API and application ingress traffic. In production scenarios, you can deploy the API and application ingress load balancers separately so that you can scale the load balancer infrastructure for each in isolation.
+
+[NOTE]
+====
+If you are using HAProxy as a load balancer and SELinux is set to `enforcing`, you must ensure that the HAProxy service can bind to the configured TCP port by running `setsebool -P haproxy_connect_any=1`.
+====
+
+.Sample API and application Ingress load balancer configuration
+[%collapsible]
+====
+[source,text]
+----
+global
+  log         127.0.0.1 local2
+  pidfile     /var/run/haproxy.pid
+  maxconn     4000
+  daemon
+defaults
+  mode                    http
+  log                     global
+  option                  dontlognull
+  option http-server-close
+  option                  redispatch
+  retries                 3
+  timeout http-request    10s
+  timeout queue           1m
+  timeout connect         10s
+  timeout client          1m
+  timeout server          1m
+  timeout http-keep-alive 10s
+  timeout check           10s
+  maxconn                 3000
+listen api-server-6443 <1>
+  bind *:6443
+  mode tcp
+  server master0 master0.ocp4.example.com:6443 check inter 1s
+  server master1 master1.ocp4.example.com:6443 check inter 1s
+  server master2 master2.ocp4.example.com:6443 check inter 1s
+listen machine-config-server-22623 <2>
+  bind *:22623
+  mode tcp
+  server master0 master0.ocp4.example.com:22623 check inter 1s
+  server master1 master1.ocp4.example.com:22623 check inter 1s
+  server master2 master2.ocp4.example.com:22623 check inter 1s
+listen ingress-router-443 <3>
+  bind *:443
+  mode tcp
+  balance source
+  server worker0 worker0.ocp4.example.com:443 check inter 1s
+  server worker1 worker1.ocp4.example.com:443 check inter 1s
+listen ingress-router-80 <4>
+  bind *:80
+  mode tcp
+  balance source
+  server worker0 worker0.ocp4.example.com:80 check inter 1s
+  server worker1 worker1.ocp4.example.com:80 check inter 1s
+----
+
+<1> Port `6443` handles the Kubernetes API traffic and points to the control plane machines.
+<2> Port `22623` handles the machine config server traffic and points to the control plane machines.
+<3> Port `443` handles the HTTPS traffic and points to the machines that run the Ingress Controller pods. The Ingress Controller pods run on the compute machines by default.
+<4> Port `80` handles the HTTP traffic and points to the machines that run the Ingress Controller pods. The Ingress Controller pods run on the compute machines by default.
++
+[NOTE]
+=====
+If you are deploying a three-node cluster with zero compute nodes, the Ingress Controller pods run on the control plane nodes. In three-node cluster deployments, you must configure your application Ingress load balancer to route HTTP and HTTPS traffic to the control plane nodes.
+=====
+====
+
+[TIP]
+====
+If you are using HAProxy as a load balancer, you can check that the `haproxy` process is listening on ports `6443`, `22623`, `443`, and `80` by running `netstat -nltupe` on the HAProxy node.
+====
\ No newline at end of file
diff --git a/modules/agent-install-networking.adoc b/modules/agent-install-networking.adoc
index 4797f35c5962..561dca7d6f59 100644
--- a/modules/agent-install-networking.adoc
+++ b/modules/agent-install-networking.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-with-agent-based-installer/preparing-to-install-with-agent-based-installer.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="agent-install-networking_{context}"]
 = About networking
 
@@ -14,7 +14,7 @@ In addition to static IP addresses, you can apply any network configuration that
 
 == DHCP
 
-.Preferred method: `install-config.yaml` and `agent.config.yaml`
+.Preferred method: `install-config.yaml` and `agent-config.yaml`
 
 You must specify the value for the `rendezvousIP` field. The `networkConfig` fields can be left blank:
 
@@ -32,7 +32,7 @@ rendezvousIP: 192.168.111.80 <1>
 
 == Static networking
 
-.. Preferred method: `install-config.yaml` and `agent.config.yaml`
+.. Preferred method: `install-config.yaml` and `agent-config.yaml`
 
 +
 .Sample agent-config.yaml.file
@@ -70,8 +70,9 @@ rendezvousIP: 192.168.111.80 <1>
           config:
             - destination: 0.0.0.0/0
               next-hop-address: 192.168.111.1 <6>
-              next-hop-interface: eth0
+              next-hop-interface: eno1
               table-id: 254
+  EOF
 ----
 <1> If a value is not specified for the `rendezvousIP` field, one address will be chosen from the static IP addresses specified in the `networkConfig` fields.
 <2> The MAC address of an interface on the host, used to determine which host to apply the configuration to.
diff --git a/modules/agent-install-sample-config-bond-sriov.adoc b/modules/agent-install-sample-config-bond-sriov.adoc
index 1cdbcb2cbc25..094990d5437b 100644
--- a/modules/agent-install-sample-config-bond-sriov.adoc
+++ b/modules/agent-install-sample-config-bond-sriov.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-with-agent-based-installer/preparing-to-install-with-agent-based-installer.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="agent-install-sample-config-bond-sriov_{context}"]
 = Example: Bonds and SR-IOV dual-nic node network configuration
 
diff --git a/modules/agent-install-sample-config-bonds-vlans.adoc b/modules/agent-install-sample-config-bonds-vlans.adoc
index 8c1a13ea404e..455e00b11b78 100644
--- a/modules/agent-install-sample-config-bonds-vlans.adoc
+++ b/modules/agent-install-sample-config-bonds-vlans.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-with-agent-based-installer/preparing-to-install-with-agent-based-installer.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="agent-install-sample-config-bonds-vlans_{context}"]
 = Example: Bonds and VLAN interface node network configuration
 
diff --git a/modules/agent-installer-configuring-fips-compliance.adoc b/modules/agent-installer-configuring-fips-compliance.adoc
index 7e988324cbd8..3060d4aa4745 100644
--- a/modules/agent-installer-configuring-fips-compliance.adoc
+++ b/modules/agent-installer-configuring-fips-compliance.adoc
@@ -3,14 +3,14 @@
 // * installing/installing_with_agent_bases_installer/preparing-to-install-with-agent-based-installer.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="agent-installer-configuring-fips-compliance_{context}"]
 
 = Configuring FIPS through the Agent-based Installer
 
 During a cluster deployment, the Federal Information Processing Standards (FIPS) change is applied when the Red Hat Enterprise Linux CoreOS (RHCOS) machines are deployed in your cluster. For Red Hat Enterprise Linux (RHEL) machines, you must enable FIPS mode when you install the operating system on the machines that you plan to use as worker machines.
 
-You can enable FIPS mode through the preferred method of `install-config.yaml` and `agent.config.yaml`:
+You can enable FIPS mode through the preferred method of `install-config.yaml` and `agent-config.yaml`:
 
 . You must set value of the `fips` field to `True` in the `install-config.yaml` file:
 +
diff --git a/modules/agent-installer-fips-compliance.adoc b/modules/agent-installer-fips-compliance.adoc
index fef47f8db3f8..8f243efe62c3 100644
--- a/modules/agent-installer-fips-compliance.adoc
+++ b/modules/agent-installer-fips-compliance.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_with_agent_bases_installer/preparing-to-install-with-agent-based-installer.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="agent-installer-fips-compliance_{context}"]
 = About FIPS compliance
 
@@ -12,5 +12,5 @@ Federal Information Processing Standards (FIPS) compliance is one of the most cr
 
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
diff --git a/modules/ai-adding-worker-nodes-to-cluster.adoc b/modules/ai-adding-worker-nodes-to-cluster.adoc
index e195cb619082..64e393cb3dcb 100644
--- a/modules/ai-adding-worker-nodes-to-cluster.adoc
+++ b/modules/ai-adding-worker-nodes-to-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/nodes-sno-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ai-adding-worker-nodes-to-cluster_{context}"]
 = Adding worker nodes using the Assisted Installer REST API
 
@@ -101,7 +101,7 @@ $ curl -s "$API_URL/api/assisted-install/v2/infra-envs/$INFRA_ENV_ID" -H "Author
 .Example output
 [source,terminal]
 ----
-https://api.openshift.com/api/assisted-images/images/41b91e72-c33e-42ee-b80f-b5c5bbf6431a?arch=x86_64&image_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTYwMjYzNzEsInN1YiI6IjQxYjkxZTcyLWMzM2UtNDJlZS1iODBmLWI1YzViYmY2NDMxYSJ9.1EX_VGaMNejMhrAvVRBS7PDPIQtbOOc8LtG8OukE1a4&type=minimal-iso&version=4.13
+https://api.openshift.com/api/assisted-images/images/41b91e72-c33e-42ee-b80f-b5c5bbf6431a?arch=x86_64&image_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTYwMjYzNzEsInN1YiI6IjQxYjkxZTcyLWMzM2UtNDJlZS1iODBmLWI1YzViYmY2NDMxYSJ9.1EX_VGaMNejMhrAvVRBS7PDPIQtbOOc8LtG8OukE1a4&type=minimal-iso&version=$VERSION
 ----
 
 . Download the ISO:
@@ -315,6 +315,6 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS   ROLES           AGE   VERSION
-control-plane-1.example.com    Ready    master,worker   56m   v1.26.0
-compute-1.example.com          Ready    worker          11m   v1.26.0
+control-plane-1.example.com    Ready    master,worker   56m   v1.28.5
+compute-1.example.com          Ready    worker          11m   v1.28.5
 ----
diff --git a/modules/ai-authenticating-against-ai-rest-api.adoc b/modules/ai-authenticating-against-ai-rest-api.adoc
index 020e34fa64c0..b4f2eab9615f 100644
--- a/modules/ai-authenticating-against-ai-rest-api.adoc
+++ b/modules/ai-authenticating-against-ai-rest-api.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/nodes-sno-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ai-authenticating-against-ai-rest-api_{context}"]
 = Authenticating against the Assisted Installer REST API
 
diff --git a/modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc b/modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc
index 74d9b70fbee6..aa5ed2224be9 100644
--- a/modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc
+++ b/modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc
@@ -1,19 +1,7 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_aws/manually-creating-iam.adoc
-// * installing/installing_azure/manually-creating-iam-azure.adoc
-// * installing/installing_gcp/manually-creating-iam-gcp.adoc
 // * installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc
 
-ifeval::["{context}" == "manually-creating-iam-aws"]
-:aws:
-endif::[]
-ifeval::["{context}" == "manually-creating-iam-azure"]
-:azure:
-endif::[]
-ifeval::["{context}" == "manually-creating-iam-gcp"]
-:google-cloud-platform:
-endif::[]
 ifeval::["{context}" == "configuring-iam-ibm-cloud"]
 :ibm-cloud:
 endif::[]
@@ -23,72 +11,12 @@ endif::[]
 
 The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). You can configure the CCO to suit the security requirements of your organization by setting different values for the `credentialsMode` parameter in the `install-config.yaml` file.
 
-ifdef::aws,google-cloud-platform[]
-If you prefer not to store an administrator-level credential secret in the cluster `kube-system` project, you can choose one of the following options when installing {product-title}:
-
-endif::aws,google-cloud-platform[]
-
-ifdef::aws[]
-* *Use the Amazon Web Services Security Token Service*:
-+
-You can use the CCO utility (`ccoctl`) to configure the cluster to use the Amazon Web Services Security Token Service (AWS STS). When the CCO utility is used to configure the cluster for STS, it assigns IAM roles that provide short-term, limited-privilege security credentials to components.
-+
-[NOTE]
-====
-This credentials strategy is supported for only new {product-title} clusters and must be configured during installation. You cannot reconfigure an existing cluster that uses a different credentials strategy to use this feature.
-====
-
-endif::aws[]
-
-ifdef::google-cloud-platform[]
-* *Use manual mode with GCP Workload Identity*:
-+
-You can use the CCO utility (`ccoctl`) to configure the cluster to use manual mode with GCP Workload Identity. When the CCO utility is used to configure the cluster for GCP Workload Identity, it signs service account tokens that provide short-term, limited-privilege security credentials to components.
-+
-[NOTE]
-====
-This credentials strategy is supported for only new {product-title} clusters and must be configured during installation. You cannot reconfigure an existing cluster that uses a different credentials strategy to use this feature.
-====
-
-endif::google-cloud-platform[]
-
-ifdef::aws,google-cloud-platform[]
-* *Manage cloud credentials manually*:
-+
-You can set the `credentialsMode` parameter for the CCO to `Manual` to manage cloud credentials manually. Using manual mode allows each cluster component to have only the permissions it requires, without storing an administrator-level credential in the cluster. You can also use this mode if your environment does not have connectivity to the cloud provider public IAM endpoint. However, you must manually reconcile permissions with new release images for every upgrade. You must also manually supply credentials for every component that requests them.
-
-* *Remove the administrator-level credential secret after installing {product-title} with mint mode*:
-+
-If you are using the CCO with the `credentialsMode` parameter set to `Mint`, you can remove or rotate the administrator-level credential after installing {product-title}. Mint mode is the default configuration for the CCO. This option requires the presence of the administrator-level credential during an installation. The administrator-level credential is used during the installation to mint other credentials with some permissions granted. The original credential secret is not stored in the cluster permanently.
-
-[NOTE]
-====
-Prior to a non z-stream upgrade, you must reinstate the credential secret with the administrator-level credential. If the credential is not present, the upgrade might be blocked.
-====
-
-endif::aws,google-cloud-platform[]
-
-ifdef::azure[]
-If you prefer not to store an administrator-level credential secret in the cluster `kube-system` project, you can set the `credentialsMode` parameter for the CCO to `Manual` when installing {product-title} and manage your cloud credentials manually.
-
-Using manual mode allows each cluster component to have only the permissions it requires, without storing an administrator-level credential in the cluster. You can also use this mode if your environment does not have connectivity to the cloud provider public IAM endpoint. However, you must manually reconcile permissions with new release images for every upgrade. You must also manually supply credentials for every component that requests them.
-endif::azure[]
-
 ifdef::ibm-cloud[]
-Storing an administrator-level credential secret in the cluster `kube-system` project is not supported for IBM Cloud; therefore, you must set the `credentialsMode` parameter for the CCO to `Manual` when installing {product-title} and manage your cloud credentials manually.
+Storing an administrator-level credential secret in the cluster `kube-system` project is not supported for {ibm-cloud-name}; therefore, you must set the `credentialsMode` parameter for the CCO to `Manual` when installing {product-title} and manage your cloud credentials manually.
 
 Using manual mode allows each cluster component to have only the permissions it requires, without storing an administrator-level credential in the cluster. You can also use this mode if your environment does not have connectivity to the cloud provider public IAM endpoint. However, you must manually reconcile permissions with new release images for every upgrade. You must also manually supply credentials for every component that requests them.
 endif::ibm-cloud[]
 
-ifeval::["{context}" == "manually-creating-iam-aws"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "manually-creating-iam-azure"]
-:!azure:
-endif::[]
-ifeval::["{context}" == "manually-creating-iam-gcp"]
-:!google-cloud-platform:
-endif::[]
 ifeval::["{context}" == "configuring-iam-ibm-cloud"]
 :!ibm-cloud:
 endif::[]
diff --git a/modules/api-compatibility-common-terminology.adoc b/modules/api-compatibility-common-terminology.adoc
index 9862ede14c06..ddf1e7bedaef 100644
--- a/modules/api-compatibility-common-terminology.adoc
+++ b/modules/api-compatibility-common-terminology.adoc
@@ -32,16 +32,18 @@ Virtual environments emulate bare-metal environments such that unprivileged appl
 
 A Red Hat major release represents a significant step in the development of a product. Minor releases appear more frequently within the scope of a major release and represent deprecation boundaries that might impact future application compatibility. A z-stream release is an update to a minor release which provides a stream of continuous fixes to an associated minor release. API and AOE compatibility is never broken in a z-stream release except when this policy is explicitly overridden in order to respond to an unforeseen security impact.
 
-For example, in the release 4.3.2:
+For example, in the release 4.13.2:
 
 * 4 is the major release version
-* 3 is the minor release version
+* 13 is the minor release version
 * 2 is the z-stream release version
 
+ifndef::openshift-origin[]
 [id="api-compatibility-common-terminology-eus_{context}"]
 == Extended user support (EUS)
 
 A minor release in an {product-title} major release that has an extended support window for critical bug fixes. Users are able to migrate between EUS releases by incrementally adopting minor versions between EUS releases. It is important to note that the deprecation policy is defined across minor releases and not EUS releases. As a result, an EUS user might have to respond to a deprecation when migrating to a future EUS while sequentially upgrading through each minor release.
+endif::openshift-origin[]
 
 [id="api-compatibility-common-terminology-dev-preview_{context}"]
 == Developer Preview
diff --git a/modules/api-compatibility-guidelines.adoc b/modules/api-compatibility-guidelines.adoc
index b165dd9bea87..67292066ec02 100644
--- a/modules/api-compatibility-guidelines.adoc
+++ b/modules/api-compatibility-guidelines.adoc
@@ -9,7 +9,7 @@ Red Hat recommends that application developers adopt the following principles in
 
 * Use APIs and components with support tiers that match the application's need.
 * Build applications using the published client libraries where possible.
-* Applications are only guaranteed to run correctly if they execute in an environment that is as new as the environment it was built to execute against. An application that was built for {product-title} 4.7 is not guaranteed to function properly on {product-title} 4.6.
+* Applications are only guaranteed to run correctly if they execute in an environment that is as new as the environment it was built to execute against. An application that was built for {product-title} 4.14 is not guaranteed to function properly on {product-title} 4.13.
 * Do not design applications that rely on configuration files provided by system packages or other components. These files can change between versions unless the upstream community is explicitly committed to preserving them. Where appropriate, depend on any Red Hat provided interface abstraction over those configuration files in order to maintain forward compatibility. Direct file system modification of configuration files is discouraged, and users are strongly encouraged to integrate with an Operator provided API where available to avoid dual-writer conflicts.
 * Do not depend on API fields prefixed with `unsupported<FieldName>` or annotations that are not explicitly mentioned in product documentation.
 * Do not depend on components with shorter compatibility guarantees than your application.
diff --git a/modules/api-support-tiers-mapping.adoc b/modules/api-support-tiers-mapping.adoc
index 43d98272d256..f556cdc551fa 100644
--- a/modules/api-support-tiers-mapping.adoc
+++ b/modules/api-support-tiers-mapping.adoc
@@ -123,5 +123,28 @@ API groups that end with the suffix `monitoring.coreos.com` have the following m
 |`v1`
 |Tier 1
 
+|===
+endif::microshift[]
+
+ifndef::microshift[]
+[id="mapping-support-tiers-to-olm-api-groups_{context}"]
+== Support for Operator Lifecycle Manager API groups
+
+Operator Lifecycle Manager (OLM) provides APIs that include API groups with the suffix `operators.coreos.com`. These APIs have the following mapping:
+
+[cols="2",options="header"]
+|===
+|API version example
+|API tier
+
+|`v2`
+|Tier 1
+
+|`v1`
+|Tier 1
+
+|`v1alpha1`
+|Tier 1
+
 |===
 endif::microshift[]
\ No newline at end of file
diff --git a/modules/apiserversource-kn.adoc b/modules/apiserversource-kn.adoc
index 53c684393991..9d1c8dc5e097 100644
--- a/modules/apiserversource-kn.adoc
+++ b/modules/apiserversource-kn.adoc
@@ -3,11 +3,11 @@
 // * serverless/eventing/event-sources/serverless-apiserversource.adoc
 // * serverless/reference/kn-eventing-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="apiserversource-kn_{context}"]
 = Creating an API server source by using the Knative CLI
 
-You can use the `kn source apiserver create` command to create an API server source by using the `kn` CLI. Using the `kn` CLI to create an API server source provides a more streamlined and intuitive user interface than modifying YAML files directly. 
+You can use the `kn source apiserver create` command to create an API server source by using the `kn` CLI. Using the `kn` CLI to create an API server source provides a more streamlined and intuitive user interface than modifying YAML files directly.
 
 .Prerequisites
 
diff --git a/modules/apiserversource-yaml.adoc b/modules/apiserversource-yaml.adoc
index 6cacbe9cc46f..ae3ca2d84efe 100644
--- a/modules/apiserversource-yaml.adoc
+++ b/modules/apiserversource-yaml.adoc
@@ -2,8 +2,8 @@
 //
 // * serverless/eventing/event-sources/serverless-apiserversource.adoc
 
-:_content-type: PROCEDURE
-[id="apiserversource-yaml_context"]
+:_mod-docs-content-type: PROCEDURE
+[id="apiserversource-yaml_{context}"]
 = Creating an API server source by using YAML files
 
 Creating Knative resources by using YAML files uses a declarative API, which enables you to describe event sources declaratively and in a reproducible manner. To create an API server source by using YAML, you must create a YAML file that defines an `ApiServerSource` object, then apply it by using the `oc apply` command.
diff --git a/modules/application-health-about.adoc b/modules/application-health-about.adoc
index 2124f13ba458..164f2b765fc8 100644
--- a/modules/application-health-about.adoc
+++ b/modules/application-health-about.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/application-health.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="application-health-about_{context}"]
 = Understanding health checks
 
diff --git a/modules/application-health-configuring.adoc b/modules/application-health-configuring.adoc
index fe308a5dc9d8..c8530c90beca 100644
--- a/modules/application-health-configuring.adoc
+++ b/modules/application-health-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/application-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="application-health-configuring_{context}"]
 = Configuring health checks using the CLI
 
diff --git a/modules/applications-create-using-cli-modify.adoc b/modules/applications-create-using-cli-modify.adoc
index f5975d0617c4..00d5995362b8 100644
--- a/modules/applications-create-using-cli-modify.adoc
+++ b/modules/applications-create-using-cli-modify.adoc
@@ -214,7 +214,7 @@ $ oc new-app --search php
 
 To set the import mode when using `oc new-app`, add the `--import-mode` flag. This flag can be appended with `Legacy` or `PreserveOriginal`, which provides users the option to create image streams using a single sub-manifest, or all manifests, respectively. 
 
-[souce,terminal]
+[source,terminal]
 ----
 $ oc new-app --image=registry.redhat.io/ubi8/httpd-24:latest  --import-mode=Legacy --name=test
 ----
diff --git a/modules/applying-custom-seccomp-profile.adoc b/modules/applying-custom-seccomp-profile.adoc
index 32c17f98f639..5594bbd3adef 100644
--- a/modules/applying-custom-seccomp-profile.adoc
+++ b/modules/applying-custom-seccomp-profile.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="applying-custom-seccomp-profile_{context}"]
 = Applying the custom seccomp profile to the workload
 
diff --git a/modules/arch-cluster-operators.adoc b/modules/arch-cluster-operators.adoc
index 3097bfc1aebb..d4d3969d2a61 100644
--- a/modules/arch-cluster-operators.adoc
+++ b/modules/arch-cluster-operators.adoc
@@ -7,4 +7,11 @@
 
 In {product-title}, all cluster functions are divided into a series of default _cluster Operators_. Cluster Operators manage a particular area of cluster functionality, such as cluster-wide application logging, management of the Kubernetes control plane, or the machine provisioning system.
 
-Cluster Operators are represented by a `ClusterOperator` object, which cluster administrators can view in the {product-title} web console from the *Administration* -> *Cluster Settings* page. Each cluster Operator provides a simple API for determining cluster functionality. The Operator hides the details of managing the lifecycle of that component. Operators can manage a single component or tens of components, but the end goal is always to reduce operational burden by automating common actions.
+Cluster Operators are represented by a `ClusterOperator` object, which
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can view in the {product-title} web console from the *Administration* -> *Cluster Settings* page. Each cluster Operator provides a simple API for determining cluster functionality. The Operator hides the details of managing the lifecycle of that component. Operators can manage a single component or tens of components, but the end goal is always to reduce operational burden by automating common actions.
diff --git a/modules/arch-olm-operators.adoc b/modules/arch-olm-operators.adoc
index 6681f67f1c91..d2bc7d9db1d5 100644
--- a/modules/arch-olm-operators.adoc
+++ b/modules/arch-olm-operators.adoc
@@ -7,9 +7,30 @@
 
 Operator Lifecycle Manager (OLM) and OperatorHub are default components in {product-title} that help manage Kubernetes-native applications as Operators. Together they provide the system for discovering, installing, and managing the optional add-on Operators available on the cluster.
 
-Using OperatorHub in the {product-title} web console, cluster administrators and authorized users can select Operators to install from catalogs of Operators. After installing an Operator from OperatorHub, it can be made available globally or in specific namespaces to run in user applications.
+Using OperatorHub in the {product-title} web console,
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+and authorized users can select Operators to install from catalogs of Operators. After installing an Operator from OperatorHub, it can be made available globally or in specific namespaces to run in user applications.
 
-Default catalog sources are available that include Red Hat Operators, certified Operators, and community Operators. Cluster administrators can also add their own custom catalog sources, which can contain a custom set of Operators.
+Default catalog sources are available that include Red Hat Operators, certified Operators, and community Operators.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can also add their own custom catalog sources, which can contain a custom set of Operators.
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+All Operators listed in the Operator Hub marketplace should be available for installation. These Operators are considered customer workloads, and are not monitored by Red Hat Site Reliability Engineering (SRE).
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 Developers can use the Operator SDK to help author custom Operators that take advantage of OLM features, as well. Their Operator can then be bundled and added to a custom catalog source, which can be added to a cluster and made available to users.
 
diff --git a/modules/arch-platform-operators.adoc b/modules/arch-platform-operators.adoc
index 48b96b5c07eb..3e70106e974a 100644
--- a/modules/arch-platform-operators.adoc
+++ b/modules/arch-platform-operators.adoc
@@ -3,7 +3,7 @@
 // * architecture/control-plane.adoc
 // * operators/admin/olm-managing-po.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 ifeval::["{context}" == "control-plane"]
 [id="platform-operators_{context}"]
diff --git a/modules/architecture-kubernetes-introduction.adoc b/modules/architecture-kubernetes-introduction.adoc
index 8fd1f576e11a..38986820829e 100644
--- a/modules/architecture-kubernetes-introduction.adoc
+++ b/modules/architecture-kubernetes-introduction.adoc
@@ -2,7 +2,7 @@
 //
 // * architecture/architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="architecture-kubernetes-introduction_{context}"]
 = About Kubernetes
 
diff --git a/modules/architecture-machine-roles.adoc b/modules/architecture-machine-roles.adoc
index b7e497484b35..9243250b1bef 100644
--- a/modules/architecture-machine-roles.adoc
+++ b/modules/architecture-machine-roles.adoc
@@ -14,9 +14,9 @@ The cluster also contains the definition for the `bootstrap` role. Because the b
 
 == Control plane and node host compatibility
 
-The {product-title} version must match between control plane host and node host. For example, in a 4.13 cluster, all control plane hosts must be 4.13 and all nodes must be 4.13.
+The {product-title} version must match between control plane host and node host. For example, in a {product-version} cluster, all control plane hosts must be {product-version} and all nodes must be {product-version}.
 
-Temporary mismatches during cluster upgrades are acceptable. For example, when upgrading from {product-title} 4.12 to 4.13, some nodes will upgrade to 4.13 before others. Prolonged skewing of control plane hosts and node hosts might expose older compute machines to bugs and missing features. Users should resolve skewed control plane hosts and node hosts as soon as possible.
+Temporary mismatches during cluster upgrades are acceptable. For example, when upgrading from the previous {product-title} version to {product-version}, some nodes will upgrade to {product-version} before others. Prolonged skewing of control plane hosts and node hosts might expose older compute machines to bugs and missing features. Users should resolve skewed control plane hosts and node hosts as soon as possible.
 
 The `kubelet` service must not be newer than `kube-apiserver`, and can be up to two minor versions older depending on whether your {product-title} version is odd or even. The table below shows the appropriate version compatibility:
 
diff --git a/modules/architecture-platform-benefits.adoc b/modules/architecture-platform-benefits.adoc
index a8de25b3f252..776c8f137cb5 100644
--- a/modules/architecture-platform-benefits.adoc
+++ b/modules/architecture-platform-benefits.adoc
@@ -2,7 +2,7 @@
 //
 // * architecture/architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="architecture-platform-benefits_{context}"]
 = {product-title} overview
 
diff --git a/modules/architecture-rhcos-updating-bootloader.adoc b/modules/architecture-rhcos-updating-bootloader.adoc
index 694af67ecf58..3aead5e86144 100644
--- a/modules/architecture-rhcos-updating-bootloader.adoc
+++ b/modules/architecture-rhcos-updating-bootloader.adoc
@@ -39,7 +39,7 @@ Component EFI
 ifndef::openshift-origin[]
 +
 .Example output for `aarch64`
-[source, terminal]
+[source,terminal]
 ----
 Component EFI
   Installed: grub2-efi-aa64-1:2.02-99.el8_4.1.aarch64,shim-aa64-15.4-2.el8_1.aarch64
diff --git a/modules/argo-cd-command-line.adoc b/modules/argo-cd-command-line.adoc
index f240c4a954df..45de3d8fa252 100644
--- a/modules/argo-cd-command-line.adoc
+++ b/modules/argo-cd-command-line.adoc
@@ -2,7 +2,7 @@
 //
 // * argo-cd-custom-resource-properties.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="command-line-tool_{context}"]
 = Argo CD CLI tool
 
diff --git a/modules/assisted-installer-adding-hosts-to-the-cluster.adoc b/modules/assisted-installer-adding-hosts-to-the-cluster.adoc
index 1942549311d3..c0de5db33bb6 100644
--- a/modules/assisted-installer-adding-hosts-to-the-cluster.adoc
+++ b/modules/assisted-installer-adding-hosts-to-the-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // assisted-installer-installing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-hosts-to-the-cluster_{context}"]
 = Adding hosts to the cluster
 
diff --git a/modules/assisted-installer-assisted-installer-prerequisites.adoc b/modules/assisted-installer-assisted-installer-prerequisites.adoc
index 564af9a31f0c..d689ae8c1418 100644
--- a/modules/assisted-installer-assisted-installer-prerequisites.adoc
+++ b/modules/assisted-installer-assisted-installer-prerequisites.adoc
@@ -1,7 +1,7 @@
 // This is included in the following assemblies:
 //
 // installing-on-prem-assisted.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id='assisted-installer-prerequisites_{context}']
 = Assisted Installer prerequisites
@@ -48,7 +48,7 @@ The {product-title} cluster's network must also meet the following requirements:
 
 == Preflight validations
 
-The {ai-full} ensures the cluster meets the prerequisites before installation, because it eliminates complex post-installation troubleshooting, thereby saving significant amounts of time and effort. Before installing software on the nodes, the {ai-full} conducts the following validations:
+The {ai-full} ensures the cluster meets the prerequisites before installation, because it eliminates complex postinstallation troubleshooting, thereby saving significant amounts of time and effort. Before installing software on the nodes, the {ai-full} conducts the following validations:
 
 * Ensures network connectivity
 * Ensures sufficient network bandwidth
diff --git a/modules/assisted-installer-booting-with-a-usb-drive.adoc b/modules/assisted-installer-booting-with-a-usb-drive.adoc
index d0b0dfb8a6ab..18480c1ec777 100644
--- a/modules/assisted-installer-booting-with-a-usb-drive.adoc
+++ b/modules/assisted-installer-booting-with-a-usb-drive.adoc
@@ -2,7 +2,7 @@
 //
 // installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="booting-with-a-usb-drive_{context}"]
 = Booting with a USB drive
 
diff --git a/modules/assisted-installer-completing-the-installation.adoc b/modules/assisted-installer-completing-the-installation.adoc
index ef22614e4013..13817ac68989 100644
--- a/modules/assisted-installer-completing-the-installation.adoc
+++ b/modules/assisted-installer-completing-the-installation.adoc
@@ -2,7 +2,7 @@
 //
 // assisted-installer-installing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="completing-the-installation_{context}"]
 = Completing the installation
 
diff --git a/modules/assisted-installer-configuring-host-network-interfaces.adoc b/modules/assisted-installer-configuring-host-network-interfaces.adoc
index daf69425239a..ce86869d7251 100644
--- a/modules/assisted-installer-configuring-host-network-interfaces.adoc
+++ b/modules/assisted-installer-configuring-host-network-interfaces.adoc
@@ -2,7 +2,7 @@
 //
 // assisted-installer-installing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-host-network-interfaces_{context}"]
 = Optional: Configuring host network interfaces
 
@@ -20,7 +20,7 @@ The {ai-full} supports IPv4 networking and dual stack networking. The {ai-full}
 
 .. Enter the default gateway IP address.
 
-.. Enter the DNS server IP addresss.
+.. Enter the DNS server IP address.
 
 . Enter the host-specific configuration.
 
diff --git a/modules/assisted-installer-configuring-hosts.adoc b/modules/assisted-installer-configuring-hosts.adoc
index 730906f8bfcd..3a89c5e0bb38 100644
--- a/modules/assisted-installer-configuring-hosts.adoc
+++ b/modules/assisted-installer-configuring-hosts.adoc
@@ -2,7 +2,7 @@
 //
 // assisted-installer-installing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-hosts_{context}"]
 = Configuring hosts
 
diff --git a/modules/assisted-installer-configuring-networking.adoc b/modules/assisted-installer-configuring-networking.adoc
index 02abe638d69d..07f436301969 100644
--- a/modules/assisted-installer-configuring-networking.adoc
+++ b/modules/assisted-installer-configuring-networking.adoc
@@ -2,7 +2,7 @@
 //
 // assisted-installer-installing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-networking_{context}"]
 = Configuring networking
 
diff --git a/modules/assisted-installer-installing-the-cluster.adoc b/modules/assisted-installer-installing-the-cluster.adoc
index 88dde8da1bbd..2fac0c22e30f 100644
--- a/modules/assisted-installer-installing-the-cluster.adoc
+++ b/modules/assisted-installer-installing-the-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // assisted-installer-installing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-the-cluster_{context}"]
 = Installing the cluster
 
diff --git a/modules/assisted-installer-pre-installation-considerations.adoc b/modules/assisted-installer-pre-installation-considerations.adoc
index ce46b6db4d63..366915764f72 100644
--- a/modules/assisted-installer-pre-installation-considerations.adoc
+++ b/modules/assisted-installer-pre-installation-considerations.adoc
@@ -2,9 +2,9 @@
 //
 // installing-on-prem-assisted.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id='pre-installation-considerations_{context}']
-= Pre-installation considerations
+= Preinstallation considerations
 
 Before installing {product-title} with the {ai-full}, you must consider the following configuration choices:
 
diff --git a/modules/assisted-installer-release-notes.adoc b/modules/assisted-installer-release-notes.adoc
index dc5bc02db2ac..6cd7e4692f26 100644
--- a/modules/assisted-installer-release-notes.adoc
+++ b/modules/assisted-installer-release-notes.adoc
@@ -2,7 +2,7 @@
 //
 //installing_bare_metal_assisted/installing-bare-metal-assisted.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="assisted-installer-release-notes_{context}"]
 = {ai-full} {ai-version} release notes
 
diff --git a/modules/assisted-installer-setting-the-cluster-details.adoc b/modules/assisted-installer-setting-the-cluster-details.adoc
index e1718b286592..c39635061ec6 100644
--- a/modules/assisted-installer-setting-the-cluster-details.adoc
+++ b/modules/assisted-installer-setting-the-cluster-details.adoc
@@ -2,7 +2,7 @@
 //
 // installing-on-prem-assisted.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='setting-the-cluster-details_{context}']
 = Setting the cluster details
 
diff --git a/modules/assisted-installer-using-the-assisted-installer.adoc b/modules/assisted-installer-using-the-assisted-installer.adoc
index e4df53f5e835..202dd55bfde0 100644
--- a/modules/assisted-installer-using-the-assisted-installer.adoc
+++ b/modules/assisted-installer-using-the-assisted-installer.adoc
@@ -1,49 +1,44 @@
 // This is included in the following assemblies:
 //
 // installing-on-prem-assisted.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="using-the-assisted-installer_{context}"]
 = Using the Assisted Installer
 
-The {product-title} link:https://console.redhat.com/openshift/assisted-installer/clusters/~new[{ai-full}] is a user-friendly installation solution offered on the link:http://console.redhat.com[Red Hat Hybrid Cloud Console]. The {ai-full} supports the various deployment platforms with a focus on bare metal, Nutanix, and vSphere infrastructures.
+The link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}] is a user-friendly installation solution offered on the link:https://console.redhat.com/openshift/assisted-installer/clusters/~new[Red Hat Hybrid Cloud Console]. The {ai-full} supports the various deployment platforms with a focus on bare metal, Nutanix, and vSphere infrastructures.
 
 The {ai-full} provides installation functionality as a service. This software-as-a-service (SaaS) approach has the following advantages:
 
 * *Web user interface:* The web user interface performs cluster installation without the user having to create the installation configuration files manually.
 * *No bootstrap node:* A bootstrap node is not required when installing with the {ai-full}. The bootstrapping process executes on a node within the cluster.
 * *Hosting:* The {ai-full} hosts:
-  - Ignition files
-  - The installation configuration
-  - A discovery ISO
-  - The installer
+** Ignition files
+** The installation configuration
+** A discovery ISO
+** The installer
 * *Streamlined installation workflow:* Deployment does not require in-depth knowledge of {product-title}. The {ai-full} provides reasonable defaults and provides the installer as a service, which:
-  - Eliminates the need to install and run the {product-title} installer locally.
-  - Ensures the latest version of the installer up to the latest tested z-stream releases. Older versions remain available, if needed.
-  - Enables building automation by using the API without the need to run the {product-title} installer locally.
-* *Advanced networking:* The {ai-full} supports IPv4 networking with SDN and OVN, IPv6 and dual stack networking with OVN only, NMState-based static IP addressing, and an HTTP/S proxy. OVN is the default Container Network Interface (CNI) for OpenShift Container Platform 4.12 and later releases, but you can use SDN.
-
-* *Pre-installation validation:* The {ai-full} validates the configuration before installation to ensure a high probability of success. Validation includes:
-  - Ensuring network connectivity
-  - Ensuring sufficient network bandwidth
-  - Ensuring connectivity to the registry
-  - Ensuring time synchronization between cluster nodes
-  - Verifying that the cluster nodes meet the minimum hardware requirements
-  - Validating the installation configuration parameters
+** Eliminates the need to install and run the {product-title} installer locally.
+** Ensures the latest version of the installer up to the latest tested z-stream releases. Older versions remain available, if needed.
+** Enables building automation by using the API without the need to run the {product-title} installer locally.
+* *Advanced networking:* The {ai-full} supports IPv4 networking with SDN and OVN, IPv6 and dual stack networking with OVN only, NMState-based static IP addressing, and an HTTP/S proxy. OVN is the default Container Network Interface (CNI) for OpenShift Container Platform 4.12 and later releases. SDN is supported up to {product-title} 4.14, but is not supported for {product-title} 4.15 and later releases.
+
+* *Preinstallation validation:* The {ai-full} validates the configuration before installation to ensure a high probability of success. The validation process includes the following checks:
+** Ensuring network connectivity
+** Ensuring sufficient network bandwidth
+** Ensuring connectivity to the registry
+** Ensuring time synchronization between cluster nodes
+** Verifying that the cluster nodes meet the minimum hardware requirements
+** Validating the installation configuration parameters
 * *REST API:* The {ai-full} has a REST API, enabling automation.
 
 The {ai-full} supports installing {product-title} on premises in a connected environment, including with an optional HTTP/S proxy. It can install the following:
 
-* Highly available {product-title} or Single Node OpenShift (SNO)
-+
-[NOTE]
-====
-SNO is not supported on {ibmzProductName} and {ibmpowerProductName}.
-====
-+
+* Highly available {product-title} or {sno} (SNO)
+
 * {product-title} on bare metal, Nutanix, or vSphere with full platform integration, or other virtualization platforms without integration
 * Optionally {VirtProductName} and {rh-storage} (formerly OpenShift Container Storage)
 
 The user interface provides an intuitive interactive workflow where automation does not exist or is not required. Users may also automate installations using the REST API.
 
-See link:https://console.redhat.com/openshift/assisted-installer/clusters/~new[Install OpenShift with the Assisted Installer] to create an {product-title} cluster with the {ai-full}. See the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[Assisted Installer for OpenShift Container Platform] documentation for details on using the {ai-full}.
+See the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[Assisted Installer for OpenShift Container Platform] documentation for details.
diff --git a/modules/assuming-an-aws-iam-role-in-your-own-pods.adoc b/modules/assuming-an-aws-iam-role-in-your-own-pods.adoc
index 62e76c2bac51..9f130cb794c4 100644
--- a/modules/assuming-an-aws-iam-role-in-your-own-pods.adoc
+++ b/modules/assuming-an-aws-iam-role-in-your-own-pods.adoc
@@ -2,10 +2,10 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="assuming-an-aws-iam-role-in-your-own-pods_{context}"]
 = Assuming an AWS IAM role in your own pods
 
 Follow the procedures in this section to enable a service account to assume an AWS Identity and Access Management (IAM) role in a pod deployed in a user-defined project.
 
-You can create the required resources, including an AWS IAM role, a service account, a container image that includes an AWS SDK, and a pod deployed by using the image. In the example, the AWS Boto3 SDK for Python is used. You can also verify that the pod identity webhook mutates the AWS environment variables, the volume mount, and the token volume into your pod. Additionally, you can check that the service account assumes the AWS IAM role in your pod and can successfully run AWS SDK operations. 
+You can create the required resources, including an AWS IAM role, a service account, a container image that includes an AWS SDK, and a pod deployed by using the image. In the example, the AWS Boto3 SDK for Python is used. You can also verify that the pod identity webhook mutates the AWS environment variables, the volume mount, and the token volume into your pod. Additionally, you can check that the service account assumes the AWS IAM role in your pod and can successfully run AWS SDK operations.
diff --git a/modules/auth-allowing-javascript-access-api-server.adoc b/modules/auth-allowing-javascript-access-api-server.adoc
index 8330c0f70297..b9fd264191df 100644
--- a/modules/auth-allowing-javascript-access-api-server.adoc
+++ b/modules/auth-allowing-javascript-access-api-server.adoc
@@ -2,7 +2,7 @@
 //
 // * security/allowing-javascript-access-api-server.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="auth-allowing-javascript-access-api-server_{context}"]
 = Allowing JavaScript-based access to the API server from additional hosts
 
diff --git a/modules/authentication-authorization-common-terms.adoc b/modules/authentication-authorization-common-terms.adoc
index e0e5cb6c239a..08efd1a69af0 100644
--- a/modules/authentication-authorization-common-terms.adoc
+++ b/modules/authentication-authorization-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/index.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-auth-common-terms_{context}"]
 = Glossary of common terms for {product-title} authentication and authorization
 
@@ -17,8 +17,11 @@ Authorization determines whether the identified user has permissions to perform
 bearer token::
 Bearer token is used to authenticate to API with the header `Authorization: Bearer <token>`.
 
+// In OSD and ROSA, the CCO is managed by Red Hat SRE.
+ifndef::openshift-dedicated,openshift-rosa[]
 Cloud Credential Operator::
 The Cloud Credential Operator (CCO) manages cloud provider credentials as custom resource definitions (CRDs).
+endif::openshift-dedicated,openshift-rosa[]
 
 config map::
 A config map provides a way to inject configuration data into the pods. You can reference the data stored in a config map in a volume of type `ConfigMap`. Applications running in a pod can use this data.
@@ -41,11 +44,15 @@ Keystone is an {rh-openstack-first} project that provides identity, token, catal
 Lightweight directory access protocol (LDAP)::
 LDAP is a protocol that queries user information.
 
+ifndef::openshift-dedicated,openshift-rosa[]
 manual mode::
 In manual mode, a user manages cloud credentials instead of the Cloud Credential Operator (CCO).
+endif::openshift-dedicated,openshift-rosa[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 mint mode::
 Mint mode is the default and recommended best practice setting for the Cloud Credential Operator (CCO) to use on the platforms for which it is supported. In this mode, the CCO uses the provided administrator-level cloud credential to create new credentials for components in the cluster with only the specific permissions that are required.
+endif::openshift-dedicated,openshift-rosa[]
 
 namespace::
 A namespace isolates specific system resources that are visible to all processes. Inside a namespace, only processes that are members of that namespace can see those resources.
@@ -62,8 +69,10 @@ The {product-title} control plane includes a built-in OAuth server that determin
 OpenID Connect::
 The OpenID Connect is a protocol to authenticate the users to use single sign-on (SSO) to access sites that use OpenID Providers.
 
+ifndef::openshift-dedicated,openshift-rosa[]
 passthrough mode::
 In passthrough mode, the Cloud Credential Operator (CCO) passes the provided cloud credential to the components that request cloud credentials.
+endif::openshift-dedicated,openshift-rosa[]
 
 pod::
 A pod is the smallest logical unit in Kubernetes. A pod is comprised of one or more containers to run in a worker node.
diff --git a/modules/authentication-remove-kubeadmin.adoc b/modules/authentication-remove-kubeadmin.adoc
index bbe29a4ce955..5665036f4e03 100644
--- a/modules/authentication-remove-kubeadmin.adoc
+++ b/modules/authentication-remove-kubeadmin.adoc
@@ -4,7 +4,7 @@
 // * authentication/understanding-identity-provider.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="removing-kubeadmin_{context}"]
 = Removing the kubeadmin user
 
diff --git a/modules/automatic-network-verification-bypassing.adoc b/modules/automatic-network-verification-bypassing.adoc
index 1902455a418a..b2feb7b64e80 100644
--- a/modules/automatic-network-verification-bypassing.adoc
+++ b/modules/automatic-network-verification-bypassing.adoc
@@ -2,16 +2,16 @@
 //
 // * networking/network-verification.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="automatic-network-verification-bypassing_{context}"]
 = Automatic network verification bypassing
 
-You can bypass the automatic network verification if you want to deploy  
+You can bypass the automatic network verification if you want to deploy
 ifdef::openshift-dedicated[]
-an {product-title} 
+an {product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-a {product-title} (ROSA) 
+a {product-title} (ROSA)
 endif::openshift-rosa[]
 cluster with known network configuration issues into an existing Virtual Private Cloud (VPC).
 
@@ -23,20 +23,21 @@ ifdef::openshift-rosa[]
 endif::openshift-rosa[]
 When you install a cluster into an existing VPC by using {cluster-manager-first}, you can bypass the automatic verification by selecting *Bypass network verification* on the *Virtual Private Cloud (VPC) subnet settings* page.
 
-ifdef::openshift-rosa[]
-.Bypassing automatic network verification by using the ROSA CLI (`rosa`)
+//Commented out due to updates made in OSDOCS-7033
+//ifdef::openshift-rosa[]
+//.Bypassing automatic network verification by using the ROSA CLI (`rosa`)
 
-When you install a cluster into an existing VPC by using the `rosa create cluster` command, you can bypass the automatic verification by including the `--bypass-network-verify --force` arguments. The following example bypasses the network verification before creating a cluster:
+//When you install a cluster into an existing VPC by using the `rosa create cluster` command, you can bypass the automatic verification by including the `--bypass-network-verify --force` arguments. The following example bypasses the network verification before creating a cluster:
 
-[source,terminal]
-----
-$ rosa create cluster --cluster-name mycluster \
-                      --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc \
-                      --bypass-network-verify --force
-----
+//[source,terminal]
+//----
+//$ rosa create cluster --cluster-name mycluster \
+//                      --subnet-ids subnet-03146b9b52b6024cb,subnet-///03146b9b52b2034cc \
+//                      --bypass-network-verify --force
+//----
 
-[NOTE]
-====
-Alternatively, you can specify the `--interactive` argument and select the option in the interactive prompts to bypass the network verification checks.
-====
-endif::openshift-rosa[]
+//[NOTE]
+//====
+//Alternatively, you can specify the `--interactive` argument and select the option in the interactive prompts to bypass the network verification checks.
+//====
+//endif::openshift-rosa[]
diff --git a/modules/automatically-scaling-machines-to-available-bare-metal-hosts.adoc b/modules/automatically-scaling-machines-to-available-bare-metal-hosts.adoc
index fa805eadf566..7052a8e049fb 100644
--- a/modules/automatically-scaling-machines-to-available-bare-metal-hosts.adoc
+++ b/modules/automatically-scaling-machines-to-available-bare-metal-hosts.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/managing-bare-metal-hosts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="automatically-scaling-machines-to-available-bare-metal-hosts_{context}"]
 = Automatically scaling machines to the number of available bare metal hosts
 
diff --git a/modules/available-persistent-storage-options.adoc b/modules/available-persistent-storage-options.adoc
index 718d2d073858..9dffd70b760d 100644
--- a/modules/available-persistent-storage-options.adoc
+++ b/modules/available-persistent-storage-options.adoc
@@ -42,8 +42,3 @@ a| * Accessible through a REST API endpoint
 --
 1. NetApp NFS supports dynamic PV provisioning when using the Trident plugin.
 --
-
-[IMPORTANT]
-====
-Currently, CNS is not supported in {product-title} {product-version}.
-====
diff --git a/modules/aws-cloudwatch.adoc b/modules/aws-cloudwatch.adoc
index e675ca103e80..ddcdd0d23fe2 100644
--- a/modules/aws-cloudwatch.adoc
+++ b/modules/aws-cloudwatch.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * adding_service_cluster/rosa-available-services.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="aws-cloudwatch_{context}"]
 
 = Amazon CloudWatch
diff --git a/modules/aws-cluster-installation-options-aws-lzs.adoc b/modules/aws-cluster-installation-options-aws-lzs.adoc
new file mode 100644
index 000000000000..b4a44ea4ebc1
--- /dev/null
+++ b/modules/aws-cluster-installation-options-aws-lzs.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_aws/installing-aws-localzone.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="aws-cluster-installation-options-aws-lzs_{context}"]
+= Cluster installation options for an AWS Local Zones environment
+
+To install an {product-title} cluster in an AWS Local Zones environment on AWS infrastructure, choose one of the following installation options:
+
+* Installing a cluster to quickly extend workers to edge compute pools, where the installation program automatically creates resources for the {product-title} cluster.
+
+* Installing a cluster on AWS into an existing VPC, where you must add Local Zone subnets to the `install-config.yaml` file.
diff --git a/modules/aws-console-changing-aws-instance-type.adoc b/modules/aws-console-changing-aws-instance-type.adoc
index 74608149b371..e36eb47139e8 100644
--- a/modules/aws-console-changing-aws-instance-type.adoc
+++ b/modules/aws-console-changing-aws-instance-type.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="aws-console-changing-aws-instance-type_{context}"]
 = Changing the Amazon Web Services instance type by using the AWS console
 
diff --git a/modules/aws-direct-connect.adoc b/modules/aws-direct-connect.adoc
index 45b8635ba9b7..dbb2c1ff94a4 100644
--- a/modules/aws-direct-connect.adoc
+++ b/modules/aws-direct-connect.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="aws-direct-connect_{context}"]
 = Configuring AWS Direct Connect
 
diff --git a/modules/aws-installing-an-aws-load-balancer-operator.adoc b/modules/aws-installing-an-aws-load-balancer-operator.adoc
new file mode 100644
index 000000000000..5232f9a0a0e4
--- /dev/null
+++ b/modules/aws-installing-an-aws-load-balancer-operator.adoc
@@ -0,0 +1,367 @@
+// Module included in the following assemblies:
+//
+// * networking/aws-load-balancer-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="aws-installing-an-aws-load-balancer-operator_{context}"]
+= Installing an AWS Load Balancer Operator
+You can install an AWS Load Balancer Operator (ALBO) if you meet certain requirements.
+
+.Prerequisites
+
+* You have an existing
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+{product-title} (ROSA)
+endif::openshift-rosa[]
+cluster with bring-your-own-VPC (BYO-VPC) configuration across multiple availability zones (AZ) installed in STS mode.
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* You have access to modify the VPC and subnets of the created
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster.
+* You have installed the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+CLI (`rosa`).
+* You have installed the Amazon Web Services (AWS) CLI.
+* You have installed the OpenShift CLI (oc).
+* You are using OpenShift Container Platform (OCP) 4.13 or later.
+
+[IMPORTANT]
+====
+When installing an ALBO for use with
+ifndef::openshift-rosa[]
+a {product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+a ROSA
+endif::openshift-rosa[]
+cluster in an AWS Local Zone (LZ), you must enable the AWS LZ for the account, and AWS Elastic Load Balancing v2 (ELBv2) services must be available in the AWS LZ.
+====
+.Procedure
+
+. Identify the cluster infrastructure ID and the cluster OpenID Connect (OIDC) DNS by running the following commands:
+.. Identify the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster INFRA ID:
++
+[source,terminal]
+----
+$ rosa describe cluster --cluster=<cluster_name> | grep -i 'Infra ID'
+----
++
+or
++
+[source,terminal]
+----
+$ oc get infrastructure cluster -o json | jq -r '.status.infrastructureName'
+----
+.. Identify the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster OIDC DNS:
++
+--
+[source, terminal]
+----
+$ rosa describe cluster --cluster=<cluster_name> | grep -i 'OIDC'
+----
+Save the output from the commands. You will use this information in future steps within this procedure.
+--
+. Create the AWS IAM policy required for the ALBO:
++
+.. Log in to the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster as a user with the `dedicated-admin` role and create a new project using the following command:
++
+[source, terminal]
+----
+$ oc new-project aws-load-balancer-operator
+----
+
++
+.. Assign the following trust policy to the newly-created AWS IAM role:
++
+[source,terminal]
+----
+$ IDP='{Cluster_OIDC_Endpoint}'
+$ IDP_ARN="arn:aws:iam::{AWS_AccountNo}:oidc-provider/${IDP}" <1>
+$ cat <<EOF > albo-operator-trusted-policy.json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "${IDP_ARN}"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringEquals": {
+                    "${IDP}:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager"
+                }
+            }
+        }
+    ]
+}
+EOF
+----
+<1> Replace '{AWS_AccountNo}' with your AWS account number and '{Cluster_OIDC_Endpoint}' with the OIDC DNS identified earlier in this procedure.
++
+[IMPORTANT]
+====
+Do not include the `https` portion of the OIDC DNS URL when replacing `{Cluster_OIDC_Endpoint}` with the OIDC DNS you identified earlier. Only the alphanumeric information that follows the `/` within the URL is needed.
+====
++
+For more information on assigning trust policies to AWS IAM roles, see link:https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/[How to use trust policies with IAM roles].
+.. Create and verify the role by using the generated trust policy:
++
+[source, terminal]
+----
+$ aws iam create-role --role-name albo-operator --assume-role-policy-document file://albo-operator-trusted-policy.json
+$ OPERATOR_ROLE_ARN=$(aws iam get-role --role-name albo-operator --output json | jq -r '.Role.Arn')
+$ echo $OPERATOR_ROLE_ARN
+----
++
+For more information on creating AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html[Creating IAM roles].
++
+.. Attach the operator's permission policy to the role:
++
+[source, terminal]
+----
+$ curl -o albo-operator-permission-policy.json https://raw.githubusercontent.com/alebedev87/aws-load-balancer-operator/aws-cli-commands-for-sts/hack/operator-permission-policy.json
+aws iam put-role-policy --role-name albo-operator --policy-name perms-policy-albo-operator --policy-document file://albo-operator-permission-policy.json
+----
++
+For more information on adding AWS IAM permissions to AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html[Adding and removing IAM identity permissions].
++
+.. Generate the operator's AWS credentials:
++
+[source,terminal]
+----
+$ cat <<EOF> albo-operator-aws-credentials.cfg
+[default]
+sts_regional_endpoints = regional
+role_arn = ${OPERATOR_ROLE_ARN}
+web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+EOF
+----
++
+For more information about formatting credentials files, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/authentication_and_authorization/managing-cloud-provider-credentials#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service].
++
+.. Create the operator's credentials secret with the generated AWS credentials:
++
+[source, terminal]
+----
+$ oc -n aws-load-balancer-operator create secret generic aws-load-balancer-operator --from-file=credentials=albo-operator-aws-credentials.cfg
+----
+. Create the AWS IAM policy required for the AWS Load Balancer Controller (ALBC):
++
+.. Generate a trust policy file for your identity provider. The following example uses OpenID Connect:
++
+[source,terminal]
+----
+$ IDP='{Cluster_OIDC_Endpoint}'
+$ IDP_ARN="arn:aws:iam::{AWS_AccountNo}:oidc-provider/${IDP}"
+$ cat <<EOF > albo-controller-trusted-policy.json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "${IDP_ARN}"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringEquals": {
+                    "${IDP}:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster"
+                }
+            }
+        }
+    ]
+}
+EOF
+----
++
+.. Create and verify the role by using the generated trust policy:
++
+[source, terminal]
+----
+$ aws iam create-role --role-name albo-controller --assume-role-policy-document file://albo-controller-trusted-policy.json
+$ CONTROLLER_ROLE_ARN=$(aws iam get-role --role-name albo-controller --output json | jq -r '.Role.Arn')
+$ echo $CONTROLLER_ROLE_ARN
+----
++
+.. Attach the controller's permission policy to the role:
++
+[source,terminal]
+----
+$ curl -o albo-controller-permission-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
+aws iam put-role-policy --role-name albo-controller --policy-name perms-policy-albo-controller --policy-document file://albo-controller-permission-policy.json
+----
++
+.. Generate the controller's AWS credentials:
++
+[source,terminal]
+----
+$ cat <<EOF > albo-controller-aws-credentials.cfg
+[default]
+sts_regional_endpoints = regional
+role_arn = ${CONTROLLER_ROLE_ARN}
+web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+EOF
+----
++
+.. Create the controller's credentials secret by using the generated AWS credentials:
++
+[source,terminal]
+----
+$ oc -n aws-load-balancer-operator create secret generic aws-load-balancer-controller-cluster --from-file=credentials=albo-controller-aws-credentials.cfg
+----
++
+. Add the tags necessary for subnet discovery:
+.. Add the following `{Key: Value}` tag to the VPC hosting the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster. Replace `{Cluster Infra ID}` with the Infra ID specified previously:
++
+[source, terminal]
+----
+* kubernetes.io/cluster/${Cluster Infra ID}:owned
+----
++
+.. Add the following ELBv2 `{Key: Value}` tags to the private subnets and, optionally, to the public subnets:
+
+* Private subnets: `kubernetes.io/role/internal-elb:1`
+* Public subnets: `kubernetes.io/role/elb:1`
++
+[NOTE]
+====
+Internet-facing and internal load balancers will be created within the AZ to which these subnets belong.
+====
++
+For more information on adding tags to AWS resources, including VPCs and subnets, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html[Tag your Amazon EC2 resources].
++
+[IMPORTANT]
+====
+ELBv2 resources (such as ALBs and NLBs) created by ALBO do not inherit custom tags set for
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+clusters. You must set tags separately for these resources.
+====
++
+. Create ALBO:
++
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  upgradeStrategy: Default
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  channel: stable-v1.0
+  installPlanApproval: Automatic
+  name: aws-load-balancer-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: aws-load-balancer-operator.v1.0.0
+----
++
+. Create an AWS ALBC:
++
+[source,yaml]
+----
+apiVersion: networking.olm.openshift.io/v1
+kind: AWSLoadBalancerController
+metadata:
+  name: cluster
+spec:
+  subnetTagging: Manual
+  credentials:
+    name: aws-load-balancer-controller-cluster
+----
++
+[IMPORTANT]
+====
+Because AWS ALBCs do not support creating ALBs associated with both AZs and AWS LZs,
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+clusters can have ALBs associated exclusively with either AWS LZs or AZs but not both simultaneously.
+====
++
+For more information regarding AWS ALBC configurations, see the following topics:
+
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/networking/aws-load-balancer-operator-1#nw-multiple-ingress-through-single-alb[Creating multiple ingresses]
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/networking/aws-load-balancer-operator-1#nw-adding-tls-termination_adding-tls-termination[Adding TLS termination]
+
+.Verification
+
+* Confirm successful installation by running the following commands:
+
+. Gather information about pods within the project:
++
+[source, terminal]
+----
+$ oc get pods -n aws-load-balancer-operator
+----
+. View the logs within the project:
++
+[source, terminal]
+----
+$ oc logs -n aws-load-balancer-operator deployment/aws-load-balancer-operator-controller-manager -c manager
+----
+For detailed instructions on verifying that the ELBv2 was created for the application running in the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+cluster, see link:https://docs.openshift.com/container-platform/4.13/networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.html[Creating an instance of AWS Load Balancer Controller].
\ No newline at end of file
diff --git a/modules/aws-limits.adoc b/modules/aws-limits.adoc
index 34338992529f..69291e7b8e55 100644
--- a/modules/aws-limits.adoc
+++ b/modules/aws-limits.adoc
@@ -47,10 +47,10 @@ To use the `us-east-1` region, you must increase the EIP limit for your account.
 |5 VPCs per region
 |Each cluster creates its own VPC.
 
-|Elastic Load Balancing (ELB/NLB)
+|Elastic Load Balancing (ELB)
 |3
 |20 per region
-|By default, each cluster creates internal and external network load balancers for the primary API server and a single classic elastic load balancer for the router. Deploying more Kubernetes LoadBalancer Service objects will create additional link:https://aws.amazon.com/elasticloadbalancing/[load balancers].
+|By default, each cluster creates internal and external Network Load Balancers for the primary API server and a single Classic Load Balancer for the router. Deploying more Kubernetes LoadBalancer Service objects will create additional link:https://aws.amazon.com/elasticloadbalancing/[load balancers].
 
 
 |NAT Gateways
@@ -63,7 +63,7 @@ To use the `us-east-1` region, you must increase the EIP limit for your account.
 |350 per region
 |The default installation creates 21 ENIs and an ENI for each availability zone in your region. For example, the `us-east-1` region contains six availability zones, so a cluster that is deployed in that zone uses 27 ENIs. Review the link:https://aws.amazon.com/about-aws/global-infrastructure/[AWS region map] to determine how many availability zones are in each region.
 
-Additional ENIs are created for additional machines and elastic load balancers that are created by cluster usage and deployed workloads.
+Additional ENIs are created for additional machines and load balancers that are created by cluster usage and deployed workloads.
 
 |VPC Gateway
 |20
diff --git a/modules/aws-uninstalling-an-aws-load-balancer-operator.adoc b/modules/aws-uninstalling-an-aws-load-balancer-operator.adoc
new file mode 100644
index 000000000000..0cd9f20bb327
--- /dev/null
+++ b/modules/aws-uninstalling-an-aws-load-balancer-operator.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * networking/aws-load-balancer-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="aws-uninstalling-an-aws-load-balancer-operator_{context}"]
+= Uninstalling an AWS Load Balancer Operator
+To uninstall an AWS Load Balancer Operator (ALBO) and perform an overall cleanup of the associated resources, perform the following procedure.
+
+.Procedure
+. Clean up the sample application by deleting the Load Balancers created and managed by the ALBO. For more information about deleting Load Balancers, see link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-delete.html[Delete an Application Load Balancer].
+. Clean up the AWS VPC tags by removing the VPC tags that were added to the subnets for discovering subnets and for creating Application Load Balancers (ALBs). For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-basics[Tag basics].
+. Clean up ALBO components by deleting both the ALBO and the Application Load Balancer Controller (ALBC).
+For more information, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/operators/administrator-tasks#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster].
diff --git a/modules/aws-vpc.adoc b/modules/aws-vpc.adoc
index 4572be7b66f4..e5d5f7fbb676 100644
--- a/modules/aws-vpc.adoc
+++ b/modules/aws-vpc.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="aws-vpc_{context}"]
 = Configuring AWS VPC peering
 
@@ -11,7 +11,7 @@ A Virtual Private Cloud (VPC) peering connection is a networking connection betw
 
 [WARNING]
 ====
-Private clusters cannot be fully deleted by {cluster-manager-first} if the VPC the cluster is installed in is peered.
+Before you attempt to uninstall a cluster, you must remove any VPC peering connections from the cluster's VPC. Failure to do so might result in a cluster not completing the uninstall process.
 
 AWS supports inter-region VPC peering between all commercial regions link:https://aws.amazon.com/vpc/faqs/#Peering_Connections[excluding China].
 ====
diff --git a/modules/aws-vpn.adoc b/modules/aws-vpn.adoc
index 8f1c5afb1f4f..670a912da0e1 100644
--- a/modules/aws-vpn.adoc
+++ b/modules/aws-vpn.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="aws-vpn_{context}"]
 = Configuring an AWS VPN
 
diff --git a/modules/azure-stack-hub-internal-ca.adoc b/modules/azure-stack-hub-internal-ca.adoc
index d882b1ea1c75..e951def030c0 100644
--- a/modules/azure-stack-hub-internal-ca.adoc
+++ b/modules/azure-stack-hub-internal-ca.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="internal-certificate-authority_{context}"]
 = Configuring the cluster to use an internal CA
 
diff --git a/modules/backup-etcd-hosted-cluster.adoc b/modules/backup-etcd-hosted-cluster.adoc
index 455fc4e25f9f..347821ed4e69 100644
--- a/modules/backup-etcd-hosted-cluster.adoc
+++ b/modules/backup-etcd-hosted-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * hcp-backup-restore-dr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="backup-etcd-hosted-cluster_{context}"]
 = Taking a snapshot of etcd on a hosted cluster
 
diff --git a/modules/backup-etcd.adoc b/modules/backup-etcd.adoc
index ab3985bf46ea..8c31f0a85c14 100644
--- a/modules/backup-etcd.adoc
+++ b/modules/backup-etcd.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * disaster_recovery/backing-up-etcd.adoc
+// * backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="backing-up-etcd-data_{context}"]
 = Backing up etcd data
 
@@ -26,23 +26,23 @@ You can check whether the proxy is enabled by reviewing the output of `oc get pr
 
 .Procedure
 
-. Start a debug session for a control plane node:
+. Start a debug session as root for a control plane node:
 +
 [source,terminal]
 ----
-$ oc debug node/<node_name>
+$ oc debug --as-root node/<node_name>
 ----
 
-. Change your root directory to `/host`:
+. Change your root directory to `/host` in the debug shell:
 +
 [source,terminal]
 ----
-sh-4.2# chroot /host
+sh-4.4# chroot /host
 ----
 
 . If the cluster-wide proxy is enabled, be sure that you have exported the `NO_PROXY`, `HTTP_PROXY`, and `HTTPS_PROXY` environment variables.
 
-. Run the `cluster-backup.sh` script and pass in the location to save the backup to.
+. Run the `cluster-backup.sh` script in the debug shell and pass in the location to save the backup to.
 +
 [TIP]
 ====
diff --git a/modules/before-updating-ocp.adoc b/modules/before-updating-ocp.adoc
new file mode 100644
index 000000000000..a8ebb507ad73
--- /dev/null
+++ b/modules/before-updating-ocp.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="before-updating-ocp_{context}"]
+= Before updating the {product-title} cluster
+
+Before updating, consider the following:
+
+* You have recently backed up etcd.
+
+* In `PodDisruptionBudget`, if `minAvailable` is set to `1`, the nodes are drained to apply pending machine configs that might block the eviction process. If several nodes are rebooted, all the pods might run on only one node, and the `PodDisruptionBudget` field can prevent the node drain.
+
+* You might need to update the cloud provider resources for the new release if your cluster uses manually maintained credentials.
+
+* You must review administrator acknowledgement requests, take any recommended actions, and provide the acknowledgement when you are ready.
+
+* You can perform a partial update by updating the worker or custom pool nodes to accommodate the time it takes to update. You can pause and resume within the progress bar of each pool.
\ No newline at end of file
diff --git a/modules/binding-infra-node-workloads-using-taints-tolerations.adoc b/modules/binding-infra-node-workloads-using-taints-tolerations.adoc
index 618adb487fac..d75fd63c7288 100644
--- a/modules/binding-infra-node-workloads-using-taints-tolerations.adoc
+++ b/modules/binding-infra-node-workloads-using-taints-tolerations.adoc
@@ -3,7 +3,7 @@
 // * machine_management/creating-infrastructure-machinesets.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="binding-infra-node-workloads-using-taints-tolerations_{context}"]
 = Binding infrastructure node workloads using taints and tolerations
 
@@ -43,7 +43,7 @@ Taints:             node-role.kubernetes.io/infra:NoSchedule
 This example shows that the node has a taint. You can proceed with adding a toleration to your pod in the next step.
 
 .. If you have not configured a taint to prevent scheduling user workloads on it:
-+ 
++
 [source,terminal]
 ----
 $ oc adm taint nodes <node_name> <key>=<value>:<effect>
diff --git a/modules/bmo-about-the-baremetalhost-resource.adoc b/modules/bmo-about-the-baremetalhost-resource.adoc
index 86168debc9b5..aa843e8eb062 100644
--- a/modules/bmo-about-the-baremetalhost-resource.adoc
+++ b/modules/bmo-about-the-baremetalhost-resource.adoc
@@ -2,7 +2,7 @@
 //
 // post_installation_configuration/bare-metal-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="about-the-baremetalhost-resource_{context}"]
 = About the BareMetalHost resource
 
@@ -90,7 +90,7 @@ raid:
   hardwareRAIDVolumes:
   softwareRAIDVolumes:
 ----
-a|  (Optional) Contains the information about the RAID configuration for bare metal hosts. If not specified, it retains the current configuration.  
+a|  (Optional) Contains the information about the RAID configuration for bare metal hosts. If not specified, it retains the current configuration.
 
 [NOTE]
 ====
diff --git a/modules/bmo-about-the-firmwareschema-resource.adoc b/modules/bmo-about-the-firmwareschema-resource.adoc
index 96228e915345..b9d85d86d231 100644
--- a/modules/bmo-about-the-firmwareschema-resource.adoc
+++ b/modules/bmo-about-the-firmwareschema-resource.adoc
@@ -2,7 +2,7 @@
 //
 // post_installation_configuration/bare-metal-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="about-the-firmwareschema-resource_{context}"]
 = About the FirmwareSchema resource
 
diff --git a/modules/bmo-about-the-hostfirmwaresettings-resource.adoc b/modules/bmo-about-the-hostfirmwaresettings-resource.adoc
index e10a31dacab7..23c6ca8417e9 100644
--- a/modules/bmo-about-the-hostfirmwaresettings-resource.adoc
+++ b/modules/bmo-about-the-hostfirmwaresettings-resource.adoc
@@ -2,7 +2,7 @@
 //
 // post_installation_configuration/bare-metal-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="about-the-hostfirmwaresettings-resource_{context}"]
 = About the HostFirmwareSettings resource
 
diff --git a/modules/bmo-editing-the-hostfirmwaresettings-resource.adoc b/modules/bmo-editing-the-hostfirmwaresettings-resource.adoc
index 3ff058b6689a..b9842a47f5e3 100644
--- a/modules/bmo-editing-the-hostfirmwaresettings-resource.adoc
+++ b/modules/bmo-editing-the-hostfirmwaresettings-resource.adoc
@@ -2,7 +2,7 @@
 //
 // post_installation_configuration/bare-metal-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="editing-the-hostfirmwaresettings-resource_{context}"]
 = Editing the HostFirmwareSettings resource
 
diff --git a/modules/bmo-getting-the-baremetalhost-resource.adoc b/modules/bmo-getting-the-baremetalhost-resource.adoc
index 689e3137e5ff..a21e36cfc087 100644
--- a/modules/bmo-getting-the-baremetalhost-resource.adoc
+++ b/modules/bmo-getting-the-baremetalhost-resource.adoc
@@ -1,7 +1,7 @@
 // This is included in the following assemblies:
 //
 // post_installation_configuration/bare-metal-configuration.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-the-baremetalhost-resource_{context}"]
 = Getting the BareMetalHost resource
 
@@ -69,7 +69,7 @@ spec:
   hardwareProfile: unknown
   online: true
   rootDeviceHints:
-    deviceName: /dev/sda
+    deviceName: /dev/disk/by-id/scsi-<serial_number>
   userData:
     name: worker-user-data-managed
     namespace: openshift-machine-api
@@ -107,7 +107,7 @@ status:
     storage:
     - hctl: "0:0:0:0"
       model: VK000960GWTTB
-      name: /dev/sda
+      name: /dev/disk/by-id/scsi-<serial_number>
       sizeBytes: 960197124096
       type: SSD
       vendor: ATA
@@ -130,7 +130,7 @@ status:
       hardwareRAIDVolumes: null
       softwareRAIDVolumes: []
     rootDeviceHints:
-      deviceName: /dev/sda
+      deviceName: /dev/disk/by-id/scsi-<serial_number>
     state: provisioned
   triedCredentials:
     credentials:
diff --git a/modules/bmo-getting-the-firmwareschema-resource.adoc b/modules/bmo-getting-the-firmwareschema-resource.adoc
index 4c43701107d6..39d4b963a9c7 100644
--- a/modules/bmo-getting-the-firmwareschema-resource.adoc
+++ b/modules/bmo-getting-the-firmwareschema-resource.adoc
@@ -2,7 +2,7 @@
 //
 // post_installation_configuration/bare-metal-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-the-firmwareschema-resource_{context}"]
 = Getting the FirmwareSchema resource
 
diff --git a/modules/bmo-verifying-the-hostfirmware-settings-resource-is-valid.adoc b/modules/bmo-verifying-the-hostfirmware-settings-resource-is-valid.adoc
index a358314edcca..e469b36d3ac2 100644
--- a/modules/bmo-verifying-the-hostfirmware-settings-resource-is-valid.adoc
+++ b/modules/bmo-verifying-the-hostfirmware-settings-resource-is-valid.adoc
@@ -2,7 +2,7 @@
 //
 // post_installation_configuration/bare-metal-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="verifying-the-hostfirmware-settings-resource-is-valid_{context}"]
 = Verifying the HostFirmware Settings resource is valid
 
diff --git a/modules/bootstrap-aws-load-balancer-operator.adoc b/modules/bootstrap-aws-load-balancer-operator.adoc
deleted file mode 100644
index 328f354d15b5..000000000000
--- a/modules/bootstrap-aws-load-balancer-operator.adoc
+++ /dev/null
@@ -1,59 +0,0 @@
-// Module included in the following assemblies:
-// * networking/installing-albo-sts-cluster.adoc
-
-:_content-type: PROCEDURE
-[id="nw-bootstra-albo-on-sts-cluster_{context}"]
-= Bootstrapping AWS Load Balancer Operator on Security Token Service cluster
-
-.Prerequisites
-
-* You must extract and prepare the `ccoctl` binary.
-
-.Procedure
-
-. Create the `aws-load-balancer-operator` namespace by running the following command:
-+
-[source,terminal]
-----
-$ oc create namespace aws-load-balancer-operator
-----
-
-. Download the `CredentialsRequest` custom resource (CR) of the AWS Load Balancer Operator, and create a directory to store it by running the following command:
-+
-[source,terminal]
-----
-$ curl --create-dirs -o <path-to-credrequests-dir>/cr.yaml https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/operator-credentials-request.yaml
-----
-
-. Use the `ccoctl` tool to process `CredentialsRequest` objects of the AWS Load Balancer Operator, by running the following command:
-+
-[source,terminal]
-----
-$ ccoctl aws create-iam-roles \
-    --name <name> --region=<aws_region> \
-    --credentials-requests-dir=<path-to-credrequests-dir> \
-    --identity-provider-arn <oidc-arn>
-----
-
-. Apply the secrets generated in the manifests directory of your cluster by running the following command:
-+
-[source,terminal]
-----
-$ ls manifests/*-credentials.yaml | xargs -I{} oc apply -f {}
-----
-
-. Verify that the credentials secret of the AWS Load Balancer Operator is created by running the following command:
-+
-[source,terminal]
-----
-$ oc -n aws-load-balancer-operator get secret aws-load-balancer-operator --template='{{index .data "credentials"}}' | base64 -d
-----
-+
-.Example output
-[source,terminal]
-----
-[default]
-sts_regional_endpoints = regional
-role_arn = arn:aws:iam::999999999999:role/aws-load-balancer-operator-aws-load-balancer-operator
-web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
-----
diff --git a/modules/bound-sa-tokens-about.adoc b/modules/bound-sa-tokens-about.adoc
index 03114f2b9277..9c082a000249 100644
--- a/modules/bound-sa-tokens-about.adoc
+++ b/modules/bound-sa-tokens-about.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/bound-service-account-tokens.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="bound-sa-tokens-about_{context}"]
 = About bound service account tokens
 
diff --git a/modules/bound-sa-tokens-configuring-externally.adoc b/modules/bound-sa-tokens-configuring-externally.adoc
index 5b26a8f1c045..8e265ad44036 100644
--- a/modules/bound-sa-tokens-configuring-externally.adoc
+++ b/modules/bound-sa-tokens-configuring-externally.adoc
@@ -2,13 +2,18 @@
 //
 // * authentication/bound-service-account-tokens.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="bound-sa-tokens-configuring-externally_{context}"]
 = Creating bound service account tokens outside the pod
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 * You have created a service account. This procedure assumes that the service account is named `build-robot`.
 
 .Procedure
diff --git a/modules/bound-sa-tokens-configuring.adoc b/modules/bound-sa-tokens-configuring.adoc
index 7c544dcab394..23b96aba9f5d 100644
--- a/modules/bound-sa-tokens-configuring.adoc
+++ b/modules/bound-sa-tokens-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/bound-service-account-tokens.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="bound-sa-tokens-configuring_{context}"]
 = Configuring bound service account tokens using volume projection
 
@@ -10,11 +10,17 @@ You can configure pods to request bound service account tokens by using volume p
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 * You have created a service account. This procedure assumes that the service account is named `build-robot`.
 
 .Procedure
 
+ifndef::openshift-dedicated,openshift-rosa[]
 . Optional: Set the service account issuer.
 +
 This step is typically not required if the bound tokens are used only within the cluster.
@@ -92,6 +98,7 @@ $ for I in $(oc get ns -o jsonpath='{range .items[*]} {.metadata.name}{"\n"} {en
       sleep 1; \
       done
 ----
+endif::openshift-dedicated,openshift-rosa[]
 
 . Configure a pod to use a bound service account token by using volume projection.
 
@@ -124,6 +131,11 @@ spec:
 <2> The path relative to the mount point of the file to project the token into.
 <3> Optionally set the expiration of the service account token, in seconds. The default is 3600 seconds (1 hour) and must be at least 600 seconds (10 minutes). The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.
 <4> Optionally set the intended audience of the token. The recipient of a token should verify that the recipient identity matches the audience claim of the token, and should otherwise reject the token. The audience defaults to the identifier of the API server.
++
+[NOTE]
+====
+In order to prevent unexpected failure, {product-title} overrides the `expirationSeconds` value to be one year from the initial token generation with the `--service-account-extend-token-expiration` default of `true`. You cannot change this setting.
+====
 
 .. Create the pod:
 +
diff --git a/modules/build-config-capability.adoc b/modules/build-config-capability.adoc
new file mode 100644
index 000000000000..13f8713c811b
--- /dev/null
+++ b/modules/build-config-capability.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// *  installing/cluster-capabilities.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="build-config-capability_{context}"]
+= Build capability
+
+[discrete]
+== Purpose
+
+The `Build` capability enables the `Build` API. The `Build` API manages the lifecycle of `Build` and `BuildConfig` objects.
+
+[IMPORTANT]
+====
+If the `Build` capability is disabled, the cluster cannot use `Build` or `BuildConfig` resources. Disable the capability only if `Build` and `BuildConfig` resources are not required in the cluster.
+====
diff --git a/modules/build-image-docker.adoc b/modules/build-image-docker.adoc
index 9c6a6cabd400..c7be17fae773 100644
--- a/modules/build-image-docker.adoc
+++ b/modules/build-image-docker.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/deploy-plugin-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="build-image-with-docker_{context}"]
 = Build an image with Docker
 
diff --git a/modules/builds-adding-input-secrets-configmaps.adoc b/modules/builds-adding-input-secrets-configmaps.adoc
index 1b52c52f7643..3c50bd520ef3 100644
--- a/modules/builds-adding-input-secrets-configmaps.adoc
+++ b/modules/builds-adding-input-secrets-configmaps.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-adding-input-secrets-configmaps_{context}"]
 = Adding input secrets and config maps
 
diff --git a/modules/builds-assigning-builds-to-nodes.adoc b/modules/builds-assigning-builds-to-nodes.adoc
index bfdc08422f83..51421c5d3c93 100644
--- a/modules/builds-assigning-builds-to-nodes.adoc
+++ b/modules/builds-assigning-builds-to-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/advanced-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-assigning-builds-to-nodes_{context}"]
 = Assigning builds to specific nodes
 
diff --git a/modules/builds-automatically-add-source-clone-secrets.adoc b/modules/builds-automatically-add-source-clone-secrets.adoc
index 9be83d18d409..ad17389618bc 100644
--- a/modules/builds-automatically-add-source-clone-secrets.adoc
+++ b/modules/builds-automatically-add-source-clone-secrets.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-automatically-add-source-clone-secrets_{context}"]
 = Automatically adding a source clone secret to a build configuration
 
diff --git a/modules/builds-basic-access-build-logs.adoc b/modules/builds-basic-access-build-logs.adoc
index 2d5c743cb2b6..513fbfe72a34 100644
--- a/modules/builds-basic-access-build-logs.adoc
+++ b/modules/builds-basic-access-build-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-access-build-logs_{context}"]
 = Accessing build logs
 
diff --git a/modules/builds-basic-access-build-verbosity.adoc b/modules/builds-basic-access-build-verbosity.adoc
index c969ea8da1c0..86c5a68836d4 100644
--- a/modules/builds-basic-access-build-verbosity.adoc
+++ b/modules/builds-basic-access-build-verbosity.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-access-build-verbosity_{context}"]
 = Enabling log verbosity
 
diff --git a/modules/builds-basic-access-buildconfig-logs.adoc b/modules/builds-basic-access-buildconfig-logs.adoc
index c5eaa2386c74..c428d3b4d460 100644
--- a/modules/builds-basic-access-buildconfig-logs.adoc
+++ b/modules/builds-basic-access-buildconfig-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-access-buildconfig-logs_{context}"]
 = Accessing BuildConfig logs
 
diff --git a/modules/builds-basic-access-buildconfig-version-logs.adoc b/modules/builds-basic-access-buildconfig-version-logs.adoc
index 4dfe03f3ce88..a2a1b43c146a 100644
--- a/modules/builds-basic-access-buildconfig-version-logs.adoc
+++ b/modules/builds-basic-access-buildconfig-version-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-access-buildconfig-version-logs_{context}"]
 = Accessing BuildConfig logs for a given version build
 
diff --git a/modules/builds-basic-cancel-all-state.adoc b/modules/builds-basic-cancel-all-state.adoc
index 9a6cac4782b2..ea1ad75b21ba 100644
--- a/modules/builds-basic-cancel-all-state.adoc
+++ b/modules/builds-basic-cancel-all-state.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-cancel-all-state_{context}"]
 = Canceling all builds in a given state
 
diff --git a/modules/builds-basic-cancel-all.adoc b/modules/builds-basic-cancel-all.adoc
index 5fbfd37fdc1d..2e45152cf45c 100644
--- a/modules/builds-basic-cancel-all.adoc
+++ b/modules/builds-basic-cancel-all.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-cancel-all_{context}"]
 = Canceling all builds
 
diff --git a/modules/builds-basic-cancel-build.adoc b/modules/builds-basic-cancel-build.adoc
index 3f34748c789c..3372f4dd941c 100644
--- a/modules/builds-basic-cancel-build.adoc
+++ b/modules/builds-basic-cancel-build.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-cancel-build_{context}"]
 = Canceling a build
 
diff --git a/modules/builds-basic-cancel-multiple.adoc b/modules/builds-basic-cancel-multiple.adoc
index f116b33d4b15..3714a059f9ec 100644
--- a/modules/builds-basic-cancel-multiple.adoc
+++ b/modules/builds-basic-cancel-multiple.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-cancel-multiple_{context}"]
 = Canceling multiple builds
 
diff --git a/modules/builds-basic-delete-buildconfig.adoc b/modules/builds-basic-delete-buildconfig.adoc
index c0297e357dca..da63279b0d1d 100644
--- a/modules/builds-basic-delete-buildconfig.adoc
+++ b/modules/builds-basic-delete-buildconfig.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-delete-buildconfig_{context}"]
 = Deleting a BuildConfig
 
diff --git a/modules/builds-basic-edit-buildconfig.adoc b/modules/builds-basic-edit-buildconfig.adoc
index 698f4139f838..e9c1ede55cd3 100644
--- a/modules/builds-basic-edit-buildconfig.adoc
+++ b/modules/builds-basic-edit-buildconfig.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-edit-buildconfig_{context}"]
 = Editing a BuildConfig
 
diff --git a/modules/builds-basic-start-build.adoc b/modules/builds-basic-start-build.adoc
index 15f093b5c24b..7e250e2b5207 100644
--- a/modules/builds-basic-start-build.adoc
+++ b/modules/builds-basic-start-build.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-start-build_{context}"]
 = Starting a build
 
diff --git a/modules/builds-basic-start-environment-variable.adoc b/modules/builds-basic-start-environment-variable.adoc
index f09305f58976..c26132d48c6f 100644
--- a/modules/builds-basic-start-environment-variable.adoc
+++ b/modules/builds-basic-start-environment-variable.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-start-environment-variable_{context}"]
 = Setting environment variables when starting a build
 
diff --git a/modules/builds-basic-start-logs.adoc b/modules/builds-basic-start-logs.adoc
index 4c4ec349f430..b7b89cb791b9 100644
--- a/modules/builds-basic-start-logs.adoc
+++ b/modules/builds-basic-start-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-start-logs_{context}"]
 = Streaming build logs
 
diff --git a/modules/builds-basic-start-re-run.adoc b/modules/builds-basic-start-re-run.adoc
index 3a7690c1964b..80b56440fe68 100644
--- a/modules/builds-basic-start-re-run.adoc
+++ b/modules/builds-basic-start-re-run.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-start-re-run_{context}"]
 = Re-running a build
 
diff --git a/modules/builds-basic-start-source.adoc b/modules/builds-basic-start-source.adoc
index 598a7b46399b..2fd351b02821 100644
--- a/modules/builds-basic-start-source.adoc
+++ b/modules/builds-basic-start-source.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-start-source_{context}"]
 = Starting a build with source
 
diff --git a/modules/builds-basic-view-build-details.adoc b/modules/builds-basic-view-build-details.adoc
index 8d32c5b7f846..fd8bcdb95018 100644
--- a/modules/builds-basic-view-build-details.adoc
+++ b/modules/builds-basic-view-build-details.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/basic-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-basic-view-build-details_{context}"]
 = Viewing build details
 
diff --git a/modules/builds-build-custom-builder-image.adoc b/modules/builds-build-custom-builder-image.adoc
index 811a96a47180..f8674ddbd2f2 100644
--- a/modules/builds-build-custom-builder-image.adoc
+++ b/modules/builds-build-custom-builder-image.adoc
@@ -3,7 +3,7 @@
 // * builds/custom-builds-buildah.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-build-custom-builder-image_{context}"]
 = Build custom builder image
 
diff --git a/modules/builds-build-pruning.adoc b/modules/builds-build-pruning.adoc
index ceba6c9191a5..9fe446aa0884 100644
--- a/modules/builds-build-pruning.adoc
+++ b/modules/builds-build-pruning.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/advanced-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-build-pruning_{context}"]
 = Pruning builds
 
diff --git a/modules/builds-buildconfig.adoc b/modules/builds-buildconfig.adoc
index 86101dfb34d7..82709f7fac46 100644
--- a/modules/builds-buildconfig.adoc
+++ b/modules/builds-buildconfig.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/understanding-builds.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="builds-buildconfig_{context}"]
 = BuildConfigs
 
diff --git a/modules/builds-configuration-file.adoc b/modules/builds-configuration-file.adoc
index 1ebe97f28a56..738bcd796625 100644
--- a/modules/builds-configuration-file.adoc
+++ b/modules/builds-configuration-file.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/build-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-configuration-file_{context}"]
 = Configuring build settings
 
diff --git a/modules/builds-configuring-post-commit-build-hooks.adoc b/modules/builds-configuring-post-commit-build-hooks.adoc
index 4084f62e322b..0b495d0b9ce4 100644
--- a/modules/builds-configuring-post-commit-build-hooks.adoc
+++ b/modules/builds-configuring-post-commit-build-hooks.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-configuring-post-commit-build-hooks_{context}"]
 = Configuring post commit build hooks
 
diff --git a/modules/builds-create-custom-build-artifacts.adoc b/modules/builds-create-custom-build-artifacts.adoc
index 8c3a4ccd74d1..ec5c3daf5149 100644
--- a/modules/builds-create-custom-build-artifacts.adoc
+++ b/modules/builds-create-custom-build-artifacts.adoc
@@ -3,7 +3,7 @@
 // * builds/custom-builds-buildah.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-create-custom-build-artifacts_{context}"]
 = Creating custom build artifacts
 
diff --git a/modules/builds-create-imagestreamtag.adoc b/modules/builds-create-imagestreamtag.adoc
index c424f221a576..e043aa14eeab 100644
--- a/modules/builds-create-imagestreamtag.adoc
+++ b/modules/builds-create-imagestreamtag.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-create-imagestreamtag_{context}"]
 = Creating an image stream tag for the Red Hat Universal Base Image
 
diff --git a/modules/builds-creating-secrets.adoc b/modules/builds-creating-secrets.adoc
index e5b1c4de60f3..70ea779bb6df 100644
--- a/modules/builds-creating-secrets.adoc
+++ b/modules/builds-creating-secrets.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-creating-secrets_{context}"]
 = Creating secrets
 
@@ -43,8 +43,8 @@ metadata:
   name: mysecret
 type: Opaque <1>
 data:
-  username: dXNlci1uYW1l
-  password: cGFzc3dvcmQ=
+  username: <username>
+  password: <password>
 ----
 +
 <1> Specifies an _opaque_ secret.
diff --git a/modules/builds-disabling-build-strategy-globally.adoc b/modules/builds-disabling-build-strategy-globally.adoc
index 1e680725bd2e..6480bc0570a1 100644
--- a/modules/builds-disabling-build-strategy-globally.adoc
+++ b/modules/builds-disabling-build-strategy-globally.adoc
@@ -3,7 +3,7 @@
 // * builds/securing-builds-by-strategy.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-disabling-build-strategy-globally_{context}"]
 = Disabling access to a build strategy globally
 
diff --git a/modules/builds-displaying-webhook-urls.adoc b/modules/builds-displaying-webhook-urls.adoc
index 0243bfd84089..eb3918557fc4 100644
--- a/modules/builds-displaying-webhook-urls.adoc
+++ b/modules/builds-displaying-webhook-urls.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-displaying-webhook-urls_{context}"]
 = Displaying webhook URLs
 
diff --git a/modules/builds-docker-credentials-private-registries.adoc b/modules/builds-docker-credentials-private-registries.adoc
index 8e7fc9a5b216..805484c44949 100644
--- a/modules/builds-docker-credentials-private-registries.adoc
+++ b/modules/builds-docker-credentials-private-registries.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-docker-credentials-private-registries_{context}"]
 = Using docker credentials for private registries
 
diff --git a/modules/builds-docker-strategy.adoc b/modules/builds-docker-strategy.adoc
index 8d70207eb909..d3fa463e1c5c 100644
--- a/modules/builds-docker-strategy.adoc
+++ b/modules/builds-docker-strategy.adoc
@@ -30,5 +30,5 @@ CMD ["/bin/sh", "-c", "/input_report.sh"]
 ====
 Users normally remove their input secrets from the final application image so that the secrets are not present in the container running from that image. However, the secrets still exist in the image itself in the layer where they were added. This removal is part of the Dockerfile itself.
 
-To prevent the contents of input secrets and config maps from appearing in the build output container images and avoid this removal process altogether, xref:../../cicd/builds/build-strategies.html#builds-using-build-volumes_build-strategies-docker[use build volumes] in your Docker build strategy instead.
+To prevent the contents of input secrets and config maps from appearing in the build output container images and avoid this removal process altogether, xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-docker[use build volumes] in your Docker build strategy instead.
 ====
diff --git a/modules/builds-gitconfig-file-secured-git.adoc b/modules/builds-gitconfig-file-secured-git.adoc
index 0bb18b8ad29c..62fd6d470dec 100644
--- a/modules/builds-gitconfig-file-secured-git.adoc
+++ b/modules/builds-gitconfig-file-secured-git.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-gitconfig-file-secured-git_{context}"]
 = Creating a secret from a .gitconfig file for secured Git
 
diff --git a/modules/builds-gitconfig-file.adoc b/modules/builds-gitconfig-file.adoc
index 111e5e11fe42..b81f4ad36817 100644
--- a/modules/builds-gitconfig-file.adoc
+++ b/modules/builds-gitconfig-file.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-gitconfig-file_{context}"]
 = Creating a secret from a .gitconfig file
 
diff --git a/modules/builds-identifying-image-change-triggers.adoc b/modules/builds-identifying-image-change-triggers.adoc
index 460a160b0a4d..58f79d7deba0 100644
--- a/modules/builds-identifying-image-change-triggers.adoc
+++ b/modules/builds-identifying-image-change-triggers.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-image-change-trigger-identification_{context}"]
 = Identifying the image change trigger of a build
 
diff --git a/modules/builds-image-source.adoc b/modules/builds-image-source.adoc
index 8d7c16c0ed97..ad43e17d21fe 100644
--- a/modules/builds-image-source.adoc
+++ b/modules/builds-image-source.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="builds-image-source_{context}"]
 = Image source
diff --git a/modules/builds-input-secrets-configmaps.adoc b/modules/builds-input-secrets-configmaps.adoc
index b79521842418..6550cb2704b1 100644
--- a/modules/builds-input-secrets-configmaps.adoc
+++ b/modules/builds-input-secrets-configmaps.adoc
@@ -7,7 +7,7 @@
 
 [IMPORTANT]
 ====
-To prevent the contents of input secrets and config maps from appearing in build output container images, use build volumes in your xref:../../cicd/builds/build-strategies.html#builds-using-build-volumes_build-strategies-docker[Docker build] and xref:../../cicd/builds/build-strategies.html#builds-using-build-volumes_build-strategies-s2i[source-to-image build] strategies.
+To prevent the contents of input secrets and config maps from appearing in build output container images, use build volumes in your xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-docker[Docker build] and xref:../../cicd/builds/build-strategies.adoc#builds-using-build-volumes_build-strategies-s2i[source-to-image build] strategies.
 ====
 
 In some scenarios, build operations require credentials or other configuration data to access dependent resources, but it is undesirable for that information to be placed in source control. You can define input secrets and input config maps for this purpose.
diff --git a/modules/builds-manually-add-source-clone-secrets.adoc b/modules/builds-manually-add-source-clone-secrets.adoc
index 8284e05ce320..cbb060277832 100644
--- a/modules/builds-manually-add-source-clone-secrets.adoc
+++ b/modules/builds-manually-add-source-clone-secrets.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-manually-add-source-clone-secrets_{context}"]
 = Manually adding a source clone secret
 
@@ -10,7 +10,7 @@ Source clone secrets can be added manually to a build configuration by adding a
 
 [source,yaml]
 ----
-apiVersion: "v1"
+apiVersion: "build.openshift.io/v1"
 kind: "BuildConfig"
 metadata:
   name: "sample-build"
diff --git a/modules/builds-restricting-build-strategy-globally.adoc b/modules/builds-restricting-build-strategy-globally.adoc
index d069e219dce6..8937671956ce 100644
--- a/modules/builds-restricting-build-strategy-globally.adoc
+++ b/modules/builds-restricting-build-strategy-globally.adoc
@@ -3,7 +3,7 @@
 // * builds/securing-builds-by-strategy.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-restricting-build-strategy-globally_{context}"]
 = Restricting build strategies to users globally
 
diff --git a/modules/builds-restricting-build-strategy-to-user.adoc b/modules/builds-restricting-build-strategy-to-user.adoc
index e61500218bba..136f41e09612 100644
--- a/modules/builds-restricting-build-strategy-to-user.adoc
+++ b/modules/builds-restricting-build-strategy-to-user.adoc
@@ -3,7 +3,7 @@
 // * builds/securing-builds-by-strategy.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-restricting-build-strategy-to-user_{context}"]
 = Restricting build strategies to a user within a project
 
diff --git a/modules/builds-running-entitled-builds-with-sharedsecret-objects.adoc b/modules/builds-running-entitled-builds-with-sharedsecret-objects.adoc
index 09e696674da1..c7c67d7170ce 100644
--- a/modules/builds-running-entitled-builds-with-sharedsecret-objects.adoc
+++ b/modules/builds-running-entitled-builds-with-sharedsecret-objects.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-running-entitled-builds-with-sharedsecret-objects_{context}"]
 = Running entitled builds using SharedSecret objects
 
@@ -8,15 +8,10 @@ You can still access RHEL entitlements from OpenShift Builds by creating a `Secr
 
 This procedure relies on the newly introduced Shared Resources CSI Driver feature, which you can use to declare CSI Volume mounts in {product-title} Builds. It also relies on the {product-title} Insights Operator.
 
-[IMPORTANT]
-====
-[subs="attributes+"]
-The Shared Resources CSI Driver and The Build CSI Volumes are both Technology Preview features, which are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
-
-For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
+:FeatureName: Managing machines with the Cluster API
+include::snippets/technology-preview.adoc[]
 
-The Shared Resources CSI Driver and the Build CSI Volumes features also belong to the `TechPreviewNoUpgrade` feature set, which is a subset of the current Technology Preview features. You can enable the `TechPreviewNoUpgrade` feature set on test clusters, where you can fully test them while leaving the features disabled on production clusters. Enabling this feature set cannot be undone and prevents minor version updates. This feature set is not recommended on production clusters. See "Enabling Technology Preview features using feature gates" in the following "Additional resources" section.
-====
+The Shared Resources CSI Driver feature also belongs to the `TechPreviewNoUpgrade` feature set, which is a subset of the current Technology Preview features. You can enable the `TechPreviewNoUpgrade` feature set on test clusters, where you can fully test them while leaving the features disabled on production clusters. Enabling this feature set cannot be undone and prevents minor version updates. This feature set is not recommended on production clusters. See "Enabling Technology Preview features using feature gates" in the following "Additional resources" section.
 
 .Prerequisites
 
diff --git a/modules/builds-secrets-overview.adoc b/modules/builds-secrets-overview.adoc
index 41795716e3f9..5f6e8287f932 100644
--- a/modules/builds-secrets-overview.adoc
+++ b/modules/builds-secrets-overview.adoc
@@ -17,8 +17,8 @@ metadata:
   namespace: my-namespace
 type: Opaque <1>
 data: <2>
-  username: dmFsdWUtMQ0K <3>
-  password: dmFsdWUtMg0KDQo=
+  username: <username> <3>
+  password: <password>
 stringData: <4>
   hostname: myapp.mydomain.com <5>
 ----
diff --git a/modules/builds-service-serving-certificate-secrets.adoc b/modules/builds-service-serving-certificate-secrets.adoc
index d1c3ca70611d..7e139208223a 100644
--- a/modules/builds-service-serving-certificate-secrets.adoc
+++ b/modules/builds-service-serving-certificate-secrets.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-service-serving-certificate-secrets_{context}"]
 = Service serving certificate secrets
 
diff --git a/modules/builds-setting-build-resources.adoc b/modules/builds-setting-build-resources.adoc
index 65cb9157f799..5e0b63abae50 100644
--- a/modules/builds-setting-build-resources.adoc
+++ b/modules/builds-setting-build-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/advanced-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-setting-build-resources_{context}"]
 = Setting build resources
 
diff --git a/modules/builds-setting-maximum-duration.adoc b/modules/builds-setting-maximum-duration.adoc
index 7bf9472791d3..1aa6bd598fdf 100644
--- a/modules/builds-setting-maximum-duration.adoc
+++ b/modules/builds-setting-maximum-duration.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/advanced-build-operations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-setting-maximum-duration_{context}"]
 = Setting maximum duration
 
diff --git a/modules/builds-setting-triggers-manually.adoc b/modules/builds-setting-triggers-manually.adoc
index 39037726d40b..76fc4296c58a 100644
--- a/modules/builds-setting-triggers-manually.adoc
+++ b/modules/builds-setting-triggers-manually.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-setting-triggers-manually_{context}"]
 = Setting triggers manually
 
diff --git a/modules/builds-source-code.adoc b/modules/builds-source-code.adoc
index 41ec0a214aae..428011217fe6 100644
--- a/modules/builds-source-code.adoc
+++ b/modules/builds-source-code.adoc
@@ -23,7 +23,7 @@ ifndef::openshift-online[]
   dockerfile: "FROM openshift/ruby-22-centos7\nUSER example" <3>
 endif::[]
 ----
-<1> The `git` field contains the URI to the remote Git repository of the source code. Optionally, specify the `ref` field to check out a specific Git reference. A valid `ref` can be a SHA1 tag or a branch name.
+<1> The `git` field contains the Uniform Resource Identifier (URI) to the remote Git repository of the source code. You must specify the value of the `ref` field to check out a specific Git reference. A valid `ref` can be a SHA1 tag or a branch name. The default value of the `ref` field is `master`.
 <2> The `contextDir` field allows you to override the default location inside the source code repository where the build looks for the application source code. If your application exists inside a sub-directory, you can override the default location (the root folder) using this field.
 ifndef::openshift-online[]
 <3> If the optional `dockerfile` field is provided, it should be a string containing a Dockerfile that overwrites any Dockerfile that may exist in the source repository.
@@ -31,7 +31,7 @@ endif::[]
 
 If the `ref` field denotes a pull request, the system uses a `git fetch` operation and then checkout `FETCH_HEAD`.
 
-When no `ref` value is provided, {product-title} performs a shallow clone (`--depth=1`). In this case, only the files associated with the most recent commit on the default branch (typically `master`) are downloaded. This results in repositories downloading faster, but without the full commit history. To perform a full `git clone` of the default branch of a specified repository, set `ref` to the name of the default branch (for example `master`).
+When no `ref` value is provided, {product-title} performs a shallow clone (`--depth=1`). In this case, only the files associated with the most recent commit on the default branch (typically `master`) are downloaded. This results in repositories downloading faster, but without the full commit history. To perform a full `git clone` of the default branch of a specified repository, set `ref` to the name of the default branch (for example `main`).
 
 
 [WARNING]
diff --git a/modules/builds-source-input-satellite-config.adoc b/modules/builds-source-input-satellite-config.adoc
index f386639992e6..9577bdefa737 100644
--- a/modules/builds-source-input-satellite-config.adoc
+++ b/modules/builds-source-input-satellite-config.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-input-satellite-config_{context}"]
 = Adding Red Hat Satellite configurations to builds
 
diff --git a/modules/builds-source-secret-basic-auth.adoc b/modules/builds-source-secret-basic-auth.adoc
index 19d84dc40173..01569bba356f 100644
--- a/modules/builds-source-secret-basic-auth.adoc
+++ b/modules/builds-source-secret-basic-auth.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-basic-auth_{context}"]
 = Creating a secret from source code basic authentication
 
diff --git a/modules/builds-source-secret-combinations-basic-auth-ca.adoc b/modules/builds-source-secret-combinations-basic-auth-ca.adoc
index 6c4e755705ab..d2780444b943 100644
--- a/modules/builds-source-secret-combinations-basic-auth-ca.adoc
+++ b/modules/builds-source-secret-combinations-basic-auth-ca.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-combinations-basic-auth-ca_{context}"]
 = Creating a basic authentication secret with a CA certificate
 
diff --git a/modules/builds-source-secret-combinations-basic-auth-gitconfig-ca.adoc b/modules/builds-source-secret-combinations-basic-auth-gitconfig-ca.adoc
index a7236a9a7dab..489f66182787 100644
--- a/modules/builds-source-secret-combinations-basic-auth-gitconfig-ca.adoc
+++ b/modules/builds-source-secret-combinations-basic-auth-gitconfig-ca.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-combinations-basic-auth-gitconfig-ca_{context}"]
 = Creating a basic authentication secret with a .gitconfig file and CA certificate
 
diff --git a/modules/builds-source-secret-combinations-basic-auth-gitconfig.adoc b/modules/builds-source-secret-combinations-basic-auth-gitconfig.adoc
index 8df61ec39b53..6c2f0aa79245 100644
--- a/modules/builds-source-secret-combinations-basic-auth-gitconfig.adoc
+++ b/modules/builds-source-secret-combinations-basic-auth-gitconfig.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-combinations-basic-auth-gitconfig_{context}"]
 = Creating a basic authentication secret with a .gitconfig file
 
diff --git a/modules/builds-source-secret-combinations-gitconfig-ca.adoc b/modules/builds-source-secret-combinations-gitconfig-ca.adoc
index debed8750cf9..7575a9fe9a0b 100644
--- a/modules/builds-source-secret-combinations-gitconfig-ca.adoc
+++ b/modules/builds-source-secret-combinations-gitconfig-ca.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-combinations-gitconfig-ca_{context}"]
 = Creating a secret that combines a .gitconfig file and CA certificate
 
diff --git a/modules/builds-source-secret-combinations-ssh-gitconfig.adoc b/modules/builds-source-secret-combinations-ssh-gitconfig.adoc
index 8c82cc2f5c19..3033d5ba246f 100644
--- a/modules/builds-source-secret-combinations-ssh-gitconfig.adoc
+++ b/modules/builds-source-secret-combinations-ssh-gitconfig.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-combinations-ssh-gitconfig_{context}"]
 = Creating a SSH-based authentication secret with a `.gitconfig` file
 
diff --git a/modules/builds-source-secret-ssh-key-auth.adoc b/modules/builds-source-secret-ssh-key-auth.adoc
index f85a5927b7c5..263147ad59ac 100644
--- a/modules/builds-source-secret-ssh-key-auth.adoc
+++ b/modules/builds-source-secret-ssh-key-auth.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-ssh-key-auth_{context}"]
 = Creating a secret from source code SSH key authentication
 
diff --git a/modules/builds-source-secret-trusted-ca.adoc b/modules/builds-source-secret-trusted-ca.adoc
index d4ab011b1739..fc45fe3f95f5 100644
--- a/modules/builds-source-secret-trusted-ca.adoc
+++ b/modules/builds-source-secret-trusted-ca.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secret-trusted-ca_{context}"]
 = Creating a secret from source code trusted certificate authorities
 
diff --git a/modules/builds-source-secrets-entitlements.adoc b/modules/builds-source-secrets-entitlements.adoc
index d96bbdaa2285..30f8ea82abed 100644
--- a/modules/builds-source-secrets-entitlements.adoc
+++ b/modules/builds-source-secrets-entitlements.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-source-secrets-entitlements_{context}"]
 = Adding subscription entitlements as a build secret
 
diff --git a/modules/builds-strategy-custom-environment-variables.adoc b/modules/builds-strategy-custom-environment-variables.adoc
index 0f34f2d3a76d..a5225877dcbe 100644
--- a/modules/builds-strategy-custom-environment-variables.adoc
+++ b/modules/builds-strategy-custom-environment-variables.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-custom-environment-variables_{context}"]
 = Using environment variables for custom builds
 
diff --git a/modules/builds-strategy-custom-from-image.adoc b/modules/builds-strategy-custom-from-image.adoc
index 944868031aa8..282508e2a283 100644
--- a/modules/builds-strategy-custom-from-image.adoc
+++ b/modules/builds-strategy-custom-from-image.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-custom-from-image_{context}"]
 = Using FROM image for custom builds
 
diff --git a/modules/builds-strategy-custom-secrets.adoc b/modules/builds-strategy-custom-secrets.adoc
index 5689e522dcad..9c5bb9bfad8b 100644
--- a/modules/builds-strategy-custom-secrets.adoc
+++ b/modules/builds-strategy-custom-secrets.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-custom-secrets_{context}"]
 = Using secrets in custom builds
 
diff --git a/modules/builds-strategy-docker-build-arguments.adoc b/modules/builds-strategy-docker-build-arguments.adoc
index b43dbe77cee7..64069b56a0fd 100644
--- a/modules/builds-strategy-docker-build-arguments.adoc
+++ b/modules/builds-strategy-docker-build-arguments.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-docker-build-arguments_{context}"]
 = Adding docker build arguments
 
-You can set link:http://docs.docker.com/v1.7/reference/api/hub_registry_spec/#docker-registry-1-0[docker build arguments] using the `buildArgs` array. The build arguments are passed to docker when a build is started.
+You can set link:https://docs.docker.com/engine/reference/builder/#arg[docker build arguments] using the `buildArgs` array. The build arguments are passed to docker when a build is started.
 
 [TIP]
 ====
diff --git a/modules/builds-strategy-docker-entitled-satellite.adoc b/modules/builds-strategy-docker-entitled-satellite.adoc
index 845c1c9b4861..daf0de0ad3df 100644
--- a/modules/builds-strategy-docker-entitled-satellite.adoc
+++ b/modules/builds-strategy-docker-entitled-satellite.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-docker-entitled-satellite_{context}"]
 = Docker builds using Red Hat Satellite subscriptions
 
diff --git a/modules/builds-strategy-docker-entitled-subman.adoc b/modules/builds-strategy-docker-entitled-subman.adoc
index 3a52967a0c7f..3d193770ae76 100644
--- a/modules/builds-strategy-docker-entitled-subman.adoc
+++ b/modules/builds-strategy-docker-entitled-subman.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-docker-entitled-subman_{context}"]
 = Docker builds using Subscription Manager
 
diff --git a/modules/builds-strategy-docker-environment-variables.adoc b/modules/builds-strategy-docker-environment-variables.adoc
index d5d023f8b213..201284fc3192 100644
--- a/modules/builds-strategy-docker-environment-variables.adoc
+++ b/modules/builds-strategy-docker-environment-variables.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-docker-environment-variables_{context}"]
 = Using docker environment variables
 
diff --git a/modules/builds-strategy-docker-from-image.adoc b/modules/builds-strategy-docker-from-image.adoc
index 5a20f963a70b..1eb77e9cd7c6 100644
--- a/modules/builds-strategy-docker-from-image.adoc
+++ b/modules/builds-strategy-docker-from-image.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-docker-from-image_{context}"]
 = Replacing Dockerfile FROM image
 
diff --git a/modules/builds-strategy-docker-squash-layers.adoc b/modules/builds-strategy-docker-squash-layers.adoc
index f4f5eeab55ae..0927a6943f30 100644
--- a/modules/builds-strategy-docker-squash-layers.adoc
+++ b/modules/builds-strategy-docker-squash-layers.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-docker-squash-layers_{context}"]
 = Squashing layers with docker builds
 
diff --git a/modules/builds-strategy-dockerfile-path.adoc b/modules/builds-strategy-dockerfile-path.adoc
index 588e23dc482b..61bbb7aba2a5 100644
--- a/modules/builds-strategy-dockerfile-path.adoc
+++ b/modules/builds-strategy-dockerfile-path.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-dockerfile-path_{context}"]
 = Using Dockerfile path
 
diff --git a/modules/builds-strategy-enable-pulling-pushing.adoc b/modules/builds-strategy-enable-pulling-pushing.adoc
index 93e9d9b706d7..fe166122d226 100644
--- a/modules/builds-strategy-enable-pulling-pushing.adoc
+++ b/modules/builds-strategy-enable-pulling-pushing.adoc
@@ -2,7 +2,7 @@
 //
 //* builds/running-entitled-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-enable-pulling-pushing_{context}"]
 = Enabling pulling and pushing
 
diff --git a/modules/builds-strategy-pipeline-environment-variables.adoc b/modules/builds-strategy-pipeline-environment-variables.adoc
index b66b2f868efe..0d49a282d844 100644
--- a/modules/builds-strategy-pipeline-environment-variables.adoc
+++ b/modules/builds-strategy-pipeline-environment-variables.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-pipeline-environment-variables_{context}"]
 = Using environment variables for pipeline builds
 
diff --git a/modules/builds-strategy-pipeline-providing-jenkinsfile.adoc b/modules/builds-strategy-pipeline-providing-jenkinsfile.adoc
index e1dd011463bb..29f7c82291c4 100644
--- a/modules/builds-strategy-pipeline-providing-jenkinsfile.adoc
+++ b/modules/builds-strategy-pipeline-providing-jenkinsfile.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-pipeline-providing-jenkinsfile_{context}"]
 = Providing the Jenkins file for pipeline builds
 
diff --git a/modules/builds-strategy-s2i-buildconfig-environment.adoc b/modules/builds-strategy-s2i-buildconfig-environment.adoc
index ac7626313953..69701a673de4 100644
--- a/modules/builds-strategy-s2i-buildconfig-environment.adoc
+++ b/modules/builds-strategy-s2i-buildconfig-environment.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //* * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-s2i-buildconfig-environment_{context}"]
 = Using source-to-image build configuration environment
 
diff --git a/modules/builds-strategy-s2i-environment-files.adoc b/modules/builds-strategy-s2i-environment-files.adoc
index e93d9ad7bc91..d6a4973bd745 100644
--- a/modules/builds-strategy-s2i-environment-files.adoc
+++ b/modules/builds-strategy-s2i-environment-files.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-s2i-environment-files_{context}"]
 = Using source-to-image environment files
 
diff --git a/modules/builds-strategy-s2i-incremental-builds.adoc b/modules/builds-strategy-s2i-incremental-builds.adoc
index 0cb82d974fec..d9290f4ddfb8 100644
--- a/modules/builds-strategy-s2i-incremental-builds.adoc
+++ b/modules/builds-strategy-s2i-incremental-builds.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //* builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-s2i-incremental-builds_{context}"]
 = Performing source-to-image incremental builds
 
diff --git a/modules/builds-strategy-s2i-override-builder-image-scripts.adoc b/modules/builds-strategy-s2i-override-builder-image-scripts.adoc
index f0a81b4c49e2..569dcb258e77 100644
--- a/modules/builds-strategy-s2i-override-builder-image-scripts.adoc
+++ b/modules/builds-strategy-s2i-override-builder-image-scripts.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-s2i-override-builder-image-scripts_{context}"]
 = Overriding source-to-image builder image scripts
 
diff --git a/modules/builds-strategy-secrets-web-console.adoc b/modules/builds-strategy-secrets-web-console.adoc
index f1af2f37776e..e91253f95d3b 100644
--- a/modules/builds-strategy-secrets-web-console.adoc
+++ b/modules/builds-strategy-secrets-web-console.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-strategy-secrets-web-console_{context}"]
 = Adding secrets with web console
 
diff --git a/modules/builds-tutorial-pipeline.adoc b/modules/builds-tutorial-pipeline.adoc
index a47415c5ae5f..4179ad5a0e94 100644
--- a/modules/builds-tutorial-pipeline.adoc
+++ b/modules/builds-tutorial-pipeline.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * builds/build-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-tutorial-pipeline_{context}"]
 = Pipeline build tutorial
 
diff --git a/modules/builds-understanding-openshift-pipeline.adoc b/modules/builds-understanding-openshift-pipeline.adoc
index af71e4a98ff0..9ec09cc0e2e4 100644
--- a/modules/builds-understanding-openshift-pipeline.adoc
+++ b/modules/builds-understanding-openshift-pipeline.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //* builds/build-strategies.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="builds-understanding-openshift-pipeline_{context}"]
 = Understanding {product-title} pipelines
 
diff --git a/modules/builds-use-custom-builder-image.adoc b/modules/builds-use-custom-builder-image.adoc
index 06e7f899f50d..8d52708d2c76 100644
--- a/modules/builds-use-custom-builder-image.adoc
+++ b/modules/builds-use-custom-builder-image.adoc
@@ -3,7 +3,7 @@
 // * builds/custom-builds-buildah.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-use-custom-builder-image_{context}"]
 = Use custom builder image
 
diff --git a/modules/builds-using-bitbucket-webhooks.adoc b/modules/builds-using-bitbucket-webhooks.adoc
index b10cac521aba..97d7327f9766 100644
--- a/modules/builds-using-bitbucket-webhooks.adoc
+++ b/modules/builds-using-bitbucket-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-bitbucket-webhooks_{context}"]
 = Using Bitbucket webhooks
 
diff --git a/modules/builds-using-build-fields-as-environment-variables.adoc b/modules/builds-using-build-fields-as-environment-variables.adoc
index a5f5637df94e..cb908c4ffa7a 100644
--- a/modules/builds-using-build-fields-as-environment-variables.adoc
+++ b/modules/builds-using-build-fields-as-environment-variables.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-build-fields-as-environment-variables_{context}"]
 = Using build fields as environment variables
 
diff --git a/modules/builds-using-build-volumes.adoc b/modules/builds-using-build-volumes.adoc
index 90a499f783b8..3178054739a1 100644
--- a/modules/builds-using-build-volumes.adoc
+++ b/modules/builds-using-build-volumes.adoc
@@ -5,7 +5,7 @@ ifeval::["{context}" == "build-strategies-s2i"]
 :sourcestrategy:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-build-volumes_{context}"]
 = Using build volumes
 
diff --git a/modules/builds-using-cli-post-commit-build-hooks.adoc b/modules/builds-using-cli-post-commit-build-hooks.adoc
index 75fdddda29c8..e3e1b475abf5 100644
--- a/modules/builds-using-cli-post-commit-build-hooks.adoc
+++ b/modules/builds-using-cli-post-commit-build-hooks.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-cli-post-commit-build-hooks_{context}"]
 = Using the CLI to set post commit build hooks
 
diff --git a/modules/builds-using-generic-webhooks.adoc b/modules/builds-using-generic-webhooks.adoc
index 22b4ed0b0bed..57bf0fa13d88 100644
--- a/modules/builds-using-generic-webhooks.adoc
+++ b/modules/builds-using-generic-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-generic-webhooks_{context}"]
 = Using generic webhooks
 
diff --git a/modules/builds-using-github-webhooks.adoc b/modules/builds-using-github-webhooks.adoc
index 104cd1fd173a..b4ebb684b230 100644
--- a/modules/builds-using-github-webhooks.adoc
+++ b/modules/builds-using-github-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-github-webhooks_{context}"]
 = Using GitHub webhooks
 
@@ -84,6 +84,11 @@ $ curl -H "X-GitHub-Event: push" -H "Content-Type: application/json" -k -X POST
 The `-k` argument is only necessary if your API server does not have a properly
 signed certificate.
 
+[NOTE]
+====
+The build will only be triggered if the `ref` value from GitHub webhook event matches the `ref` value specified in the `source.git` field of the `BuildConfig` resource.
+====
+
 [role="_additional-resources"]
 .Additional resources
 
diff --git a/modules/builds-using-gitlab-webhooks.adoc b/modules/builds-using-gitlab-webhooks.adoc
index 6629fa6b2f2f..2fd160ac1168 100644
--- a/modules/builds-using-gitlab-webhooks.adoc
+++ b/modules/builds-using-gitlab-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-gitlab-webhooks_{context}"]
 = Using GitLab webhooks
 
diff --git a/modules/builds-using-image-change-triggers.adoc b/modules/builds-using-image-change-triggers.adoc
index d4af4c231e65..15de3bf3d01e 100644
--- a/modules/builds-using-image-change-triggers.adoc
+++ b/modules/builds-using-image-change-triggers.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/triggering-builds-build-hooks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-image-change-triggers_{context}"]
 = Using image change triggers
 
diff --git a/modules/builds-using-secrets-as-environment-variables.adoc b/modules/builds-using-secrets-as-environment-variables.adoc
index 9ffb37083e5d..aa5209c84e2c 100644
--- a/modules/builds-using-secrets-as-environment-variables.adoc
+++ b/modules/builds-using-secrets-as-environment-variables.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/creating-build-inputs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-secrets-as-environment-variables_{context}"]
 = Using secrets as environment variables
 
diff --git a/modules/builds-using-secrets.adoc b/modules/builds-using-secrets.adoc
index a8046e128bee..a1a15ca5ae37 100644
--- a/modules/builds-using-secrets.adoc
+++ b/modules/builds-using-secrets.adoc
@@ -2,7 +2,7 @@
 // * builds/creating-build-inputs.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="builds-using-secrets_{context}"]
 = Using secrets
 
@@ -44,8 +44,8 @@ kind: Secret
 metadata:
   name: test-secret
 data:
-  username: dmFsdWUtMQ0K     <1>
-  password: dmFsdWUtMQ0KDQo= <2>
+  username: <username> <1>
+  password: <password> <2>
 stringData:
   hostname: myapp.mydomain.com <3>
   secret.properties: |-     <4>
diff --git a/modules/byoh-configuring.adoc b/modules/byoh-configuring.adoc
index 0a80416ac66e..27f3b20bf618 100644
--- a/modules/byoh-configuring.adoc
+++ b/modules/byoh-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/creating_windows_machinesets/byoh-windows-instance.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-byoh-windows-instance"]
 = Configuring a BYOH Windows instance
 
@@ -25,7 +25,7 @@ Any Windows instances that are to be attached to the cluster as a node must fulf
 
 [NOTE]
 ====
-Windows instances deployed by the WMCO are configured with the containerd container runtime. Because the WMCO installs and manages the runtime, it is recommended that you not manually install containerd on nodes. 
+Windows instances deployed by the WMCO are configured with the containerd container runtime. Because the WMCO installs and manages the runtime, it is recommended that you not manually install containerd on nodes.
 ====
 
 .Procedure
diff --git a/modules/ca-bundle-replacing.adoc b/modules/ca-bundle-replacing.adoc
index 1b96d175e8b9..4284a8b3322c 100644
--- a/modules/ca-bundle-replacing.adoc
+++ b/modules/ca-bundle-replacing.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/updating-ca-bundle.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ca-bundle-replacing_{context}"]
 = Replacing the CA Bundle certificate
 
diff --git a/modules/ca-bundle-understanding.adoc b/modules/ca-bundle-understanding.adoc
index 949b7f2c768d..2cc43b9dba8b 100644
--- a/modules/ca-bundle-understanding.adoc
+++ b/modules/ca-bundle-understanding.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/updating-ca-bundle.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 [id="ca-bundle-understanding_{context}"]
 = Understanding the CA Bundle certificate
 
diff --git a/modules/capi-machine-set-creating.adoc b/modules/capi-machine-set-creating.adoc
index 240c070f444a..fc2e9b1d937c 100644
--- a/modules/capi-machine-set-creating.adoc
+++ b/modules/capi-machine-set-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="capi-machine-set-creating_{context}"]
 = Creating a Cluster API compute machine set
 
@@ -142,7 +142,7 @@ NAME            AGE
 <template_name> 77m
 ----
 
-. Create a YAML file that contains the compute machine set CR and is named `<machine_set_resource_file>.yaml`. 
+. Create a YAML file that contains the compute machine set CR and is named `<machine_set_resource_file>.yaml`.
 
 . Create the compute machine set CR by running the following command:
 +
@@ -200,7 +200,7 @@ $ oc get node
 [source,terminal]
 ----
 NAME                                     STATUS ROLES  AGE   VERSION
-<ip_address_1>.<region>.compute.internal Ready  worker 5h14m v1.26.0
-<ip_address_2>.<region>.compute.internal Ready  master 5h19m v1.26.0
-<ip_address_3>.<region>.compute.internal Ready  worker 7m    v1.26.0
+<ip_address_1>.<region>.compute.internal Ready  worker 5h14m v1.28.5
+<ip_address_2>.<region>.compute.internal Ready  master 5h19m v1.28.5
+<ip_address_3>.<region>.compute.internal Ready  worker 7m    v1.28.5
 ----
diff --git a/modules/capi-troubleshooting.adoc b/modules/capi-troubleshooting.adoc
index d81354af80b0..522d0435ef29 100644
--- a/modules/capi-troubleshooting.adoc
+++ b/modules/capi-troubleshooting.adoc
@@ -2,18 +2,18 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-troubleshooting_{context}"]
 = Troubleshooting clusters that use the Cluster API
 
-Use the information in this section to understand and recover from issues you might encounter. Generally, troubleshooting steps for problems with the Cluster API are similar to those steps for problems with the Machine API. 
+Use the information in this section to understand and recover from issues you might encounter. Generally, troubleshooting steps for problems with the Cluster API are similar to those steps for problems with the Machine API.
 
 The Cluster CAPI Operator and its operands are provisioned in the `openshift-cluster-api` namespace, whereas the Machine API uses the `openshift-machine-api` namespace. When using `oc` commands that reference a namespace, be sure to reference the correct one.
 
 [id="ts-capi-cli_{context}"]
 == CLI commands return Cluster API machines
 
-For clusters that use the Cluster API, `oc` commands such as `oc get machine` return results for Cluster API machines. Because the letter `c` precedes the letter `m` alphabetically, Cluster API machines appear in the return before Machine API machines do. 
+For clusters that use the Cluster API, `oc` commands such as `oc get machine` return results for Cluster API machines. Because the letter `c` precedes the letter `m` alphabetically, Cluster API machines appear in the return before Machine API machines do.
 
 * To list only Machine API machines, use the fully qualified name `machines.machine.openshift.io` when running the `oc get machine` command:
 +
diff --git a/modules/capi-yaml-cluster.adoc b/modules/capi-yaml-cluster.adoc
index 6ae11078445e..83198594510e 100644
--- a/modules/capi-yaml-cluster.adoc
+++ b/modules/capi-yaml-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-cluster_{context}"]
 = Sample YAML for a Cluster API cluster resource
 
diff --git a/modules/capi-yaml-infrastructure-aws.adoc b/modules/capi-yaml-infrastructure-aws.adoc
index b835fa3c3437..736d991a8927 100644
--- a/modules/capi-yaml-infrastructure-aws.adoc
+++ b/modules/capi-yaml-infrastructure-aws.adoc
@@ -2,11 +2,11 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-infrastructure-aws_{context}"]
 = Sample YAML for a Cluster API infrastructure resource on Amazon Web Services
 
-The infrastructure resource is provider-specific and defines properties that are shared by all the compute machine sets in the cluster, such as the region and subnets. The compute machine set references this resource when creating machines. 
+The infrastructure resource is provider-specific and defines properties that are shared by all the compute machine sets in the cluster, such as the region and subnets. The compute machine set references this resource when creating machines.
 
 [source,yaml]
 ----
diff --git a/modules/capi-yaml-infrastructure-gcp.adoc b/modules/capi-yaml-infrastructure-gcp.adoc
index bffc4d600b28..59344e4b05b4 100644
--- a/modules/capi-yaml-infrastructure-gcp.adoc
+++ b/modules/capi-yaml-infrastructure-gcp.adoc
@@ -2,11 +2,11 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-infrastructure-gcp_{context}"]
 = Sample YAML for a Cluster API infrastructure resource on Google Cloud Platform
 
-The infrastructure resource is provider-specific and defines properties that are shared by all the compute machine sets in the cluster, such as the region and subnets. The compute machine set references this resource when creating machines. 
+The infrastructure resource is provider-specific and defines properties that are shared by all the compute machine sets in the cluster, such as the region and subnets. The compute machine set references this resource when creating machines.
 
 [source,yaml]
 ----
diff --git a/modules/capi-yaml-machine-set-aws.adoc b/modules/capi-yaml-machine-set-aws.adoc
index a6bc4e18599a..3ebea60ac6c6 100644
--- a/modules/capi-yaml-machine-set-aws.adoc
+++ b/modules/capi-yaml-machine-set-aws.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-machine-set-aws_{context}"]
 = Sample YAML for a Cluster API compute machine set resource on Amazon Web Services
 
@@ -19,7 +19,7 @@ spec:
   clusterName: <cluster_name> <2>
   replicas: 1
   selector:
-    matchLabels: 
+    matchLabels:
       test: example
   template:
     metadata:
diff --git a/modules/capi-yaml-machine-set-gcp.adoc b/modules/capi-yaml-machine-set-gcp.adoc
index fa1b5076a334..a0ee34e90109 100644
--- a/modules/capi-yaml-machine-set-gcp.adoc
+++ b/modules/capi-yaml-machine-set-gcp.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-machine-set-gcp_{context}"]
 = Sample YAML for a Cluster API compute machine set resource on Google Cloud Platform
 
@@ -19,7 +19,7 @@ spec:
   clusterName: <cluster_name> <2>
   replicas: 1
   selector:
-    matchLabels: 
+    matchLabels:
       test: test
   template:
     metadata:
diff --git a/modules/capi-yaml-machine-template-aws.adoc b/modules/capi-yaml-machine-template-aws.adoc
index 2e40623bc553..d22c18f12d69 100644
--- a/modules/capi-yaml-machine-template-aws.adoc
+++ b/modules/capi-yaml-machine-template-aws.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-machine-template-aws_{context}"]
 = Sample YAML for a Cluster API machine template resource on Amazon Web Services
 
@@ -11,7 +11,7 @@ The machine template resource is provider-specific and defines the basic propert
 [source,yaml]
 ----
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
-kind: AWSMachineTemplate <1> 
+kind: AWSMachineTemplate <1>
 metadata:
   name: <template_name> <2>
   namespace: openshift-cluster-api
diff --git a/modules/capi-yaml-machine-template-gcp.adoc b/modules/capi-yaml-machine-template-gcp.adoc
index 5a43a909cf51..d56bcf137435 100644
--- a/modules/capi-yaml-machine-template-gcp.adoc
+++ b/modules/capi-yaml-machine-template-gcp.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="capi-yaml-machine-template-gcp_{context}"]
 = Sample YAML for a Cluster API machine template resource on Google Cloud Platform
 
diff --git a/modules/cco-ccoctl-configuring.adoc b/modules/cco-ccoctl-configuring.adoc
index 512bcc332de3..d495b191034c 100644
--- a/modules/cco-ccoctl-configuring.adoc
+++ b/modules/cco-ccoctl-configuring.adoc
@@ -1,19 +1,41 @@
 // Module included in the following assemblies:
 //
-// * authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
-// * authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
+//Platforms that must use `ccoctl` and update content
 // * installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc
 // * installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.doc
 // * installing/installing_alibaba/manually-creating-alibaba-ram.adoc
 // * installing/installing_nutanix/preparing-to-install-on-nutanix.adoc
-// * updating/preparing-manual-creds-update.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
+//
+// AWS assemblies:
+// * installing/installing_aws/installing-aws-customizations.adoc
+// * installing/installing_aws/installing-aws-network-customizations.adoc
+// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-localzone.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+//
+// GCP assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+// * installing/installing_gcp/installing-gcp-network-customizations.adoc
+// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
+// * installing/installing_gcp/installing-gcp-vpc.adoc
+// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
+// * installing/installing_gcp/installing-gcp-private.adoc
+//
+// Azure assemblies
+// * installing/installing_azure/installing-azure-customizations.adoc
+// * installing/installing_azure/installing-azure-government-region.adoc
+// * installing/installing_azure/installing-azure-network-customizations.adoc
+// * installing/installing_azure/installing-azure-private.adoc
+// * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
 
-ifeval::["{context}" == "cco-mode-sts"]
-:aws-sts:
-endif::[]
-ifeval::["{context}" == "cco-mode-gcp-workload-identity"]
-:google-cloud-platform:
-endif::[]
+//Platforms that must use `ccoctl` and update content
 ifeval::["{context}" == "configuring-iam-ibm-cloud"]
 :ibm-cloud:
 endif::[]
@@ -30,14 +52,86 @@ ifeval::["{context}" == "preparing-to-install-on-ibm-power-vs"]
 :ibm-power-vs:
 endif::[]
 
-:_content-type: PROCEDURE
+//AWS install assemblies
+ifeval::["{context}" == "installing-aws-customizations"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-network-customizations"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-vpc"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-private"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-government-region"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-china-region"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-localzone"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
+:aws-sts:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:google-cloud-platform:
+endif::[]
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure-workload-id:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="cco-ccoctl-configuring_{context}"]
 ifndef::update[= Configuring the Cloud Credential Operator utility]
 ifdef::update[= Configuring the Cloud Credential Operator utility for a cluster update]
 
 //This applies only to Alibaba Cloud.
 ifdef::alibabacloud[]
-To assign RAM users and policies that provide long-lived RAM AccessKeys (AKs) for each in-cluster component, extract and prepare the Cloud Credential Operator (CCO) utility (`ccoctl`) binary.
+To assign RAM users and policies that provide long-term RAM AccessKeys (AKs) for each in-cluster component, extract and prepare the Cloud Credential Operator (CCO) utility (`ccoctl`) binary.
 endif::alibabacloud[]
 
 //Nutanix-only intro because it needs context in its install procedure.
@@ -45,7 +139,7 @@ ifdef::nutanix[]
 The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on Nutanix, you must set the CCO to `manual` mode as part of the installation process.
 endif::nutanix[]
 ifdef::ibm-power-vs[]
-The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on {ibmpowerProductName} Virtual Server, you must set the CCO to `manual` mode as part of the installation process.
+The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on {ibm-power-server-name}, you must set the CCO to `manual` mode as part of the installation process.
 endif::ibm-power-vs[]
 
 //Alibaba Cloud uses ccoctl, but creates different kinds of resources than other clouds, so this applies to everyone else. The upgrade procs also have a different intro, so they are excluded here.
@@ -66,11 +160,13 @@ The `ccoctl` utility is a Linux binary that must run in a Linux environment.
 .Prerequisites
 
 * You have access to an {product-title} account with cluster administrator access.
-* You have installed the OpenShift CLI (`oc`).
+* You have installed the {oc-first}.
 
 //Upgrade prereqs
 ifdef::update[]
 * Your cluster was configured using the `ccoctl` utility to create and manage cloud credentials from outside of the cluster.
+
+* You have extracted the `CredentialsRequest` custom resources (CRs) from the {product-title} release image and ensured that a namespace that matches the text in the `spec.secretRef.namespace` field exists in the cluster.
 endif::update[]
 
 //AWS permissions needed when running ccoctl during install (I think we can omit from upgrade, since they already have an appropriate AWS account if they are upgrading).
@@ -78,12 +174,11 @@ ifdef::aws-sts[]
 * You have created an AWS account for the `ccoctl` utility to use with the following permissions:
 +
 .Required AWS permissions
-[cols="a,a"]
-|====
-|Permission type |Required permissions
+[%collapsible]
+====
+**Required `iam` permissions**
 
-|`iam` permissions
-|* `iam:CreateOpenIDConnectProvider`
+* `iam:CreateOpenIDConnectProvider`
 * `iam:CreateRole`
 * `iam:DeleteOpenIDConnectProvider`
 * `iam:DeleteRole`
@@ -98,8 +193,9 @@ ifdef::aws-sts[]
 * `iam:TagOpenIDConnectProvider`
 * `iam:TagRole`
 
-|`s3` permissions
-|* `s3:CreateBucket`
+**Required `s3` permissions**
+
+* `s3:CreateBucket`
 * `s3:DeleteBucket`
 * `s3:DeleteObject`
 * `s3:GetBucketAcl`
@@ -116,16 +212,18 @@ ifdef::aws-sts[]
 * `s3:PutObjectAcl`
 * `s3:PutObjectTagging`
 
-|`cloudfront` permissions
-|* `cloudfront:ListCloudFrontOriginAccessIdentities`
+**Required `cloudfront` permissions**
+
+* `cloudfront:ListCloudFrontOriginAccessIdentities`
 * `cloudfront:ListDistributions`
 * `cloudfront:ListTagsForResource`
-
-|====
+====
 +
 If you plan to store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL, the AWS account that runs the `ccoctl` utility requires the following additional permissions:
 +
---
+.Additional permissions for a private S3 bucket with CloudFront
+[%collapsible]
+====
 * `cloudfront:CreateCloudFrontOriginAccessIdentity`
 * `cloudfront:CreateDistribution`
 * `cloudfront:DeleteCloudFrontOriginAccessIdentity`
@@ -135,22 +233,102 @@ If you plan to store the OIDC configuration in a private S3 bucket that is acces
 * `cloudfront:GetDistribution`
 * `cloudfront:TagResource`
 * `cloudfront:UpdateDistribution`
---
-+
+
 [NOTE]
-====
+=====
 These additional permissions support the use of the `--create-private-s3-bucket` option when processing credentials requests with the `ccoctl aws create-all` command.
+=====
 ====
 endif::aws-sts[]
 
+//Azure permissions needed when running ccoctl during install.
+ifdef::azure-workload-id[]
+* You have created a global Microsoft Azure account for the `ccoctl` utility to use with the following permissions:
++
+.Required Azure permissions
+[%collapsible]
+====
+* Microsoft.Resources/subscriptions/resourceGroups/read
+* Microsoft.Resources/subscriptions/resourceGroups/write
+* Microsoft.Resources/subscriptions/resourceGroups/delete
+* Microsoft.Authorization/roleAssignments/read
+* Microsoft.Authorization/roleAssignments/delete
+* Microsoft.Authorization/roleAssignments/write
+* Microsoft.Authorization/roleDefinitions/read
+* Microsoft.Authorization/roleDefinitions/write
+* Microsoft.Authorization/roleDefinitions/delete
+* Microsoft.Storage/storageAccounts/listkeys/action
+* Microsoft.Storage/storageAccounts/delete
+* Microsoft.Storage/storageAccounts/read
+* Microsoft.Storage/storageAccounts/write
+* Microsoft.Storage/storageAccounts/blobServices/containers/write
+* Microsoft.Storage/storageAccounts/blobServices/containers/delete
+* Microsoft.Storage/storageAccounts/blobServices/containers/read
+* Microsoft.ManagedIdentity/userAssignedIdentities/delete
+* Microsoft.ManagedIdentity/userAssignedIdentities/read
+* Microsoft.ManagedIdentity/userAssignedIdentities/write
+* Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read
+* Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write
+* Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete
+* Microsoft.Storage/register/action
+* Microsoft.ManagedIdentity/register/action
+====
+endif::azure-workload-id[]
+
+//GCP permissions needed when running ccoctl during install.
+ifdef::google-cloud-platform[]
+* You have added one of the following authentication options to the GCP account that the installation program uses:
+
+** The **IAM Workload Identity Pool Admin** role.
+
+** The following granular permissions:
++
+.Required GCP permissions
+[%collapsible]
+====
+* compute.projects.get
+* iam.googleapis.com/workloadIdentityPoolProviders.create
+* iam.googleapis.com/workloadIdentityPoolProviders.get
+* iam.googleapis.com/workloadIdentityPools.create
+* iam.googleapis.com/workloadIdentityPools.delete
+* iam.googleapis.com/workloadIdentityPools.get
+* iam.googleapis.com/workloadIdentityPools.undelete
+* iam.roles.create
+* iam.roles.delete
+* iam.roles.list
+* iam.roles.undelete
+* iam.roles.update
+* iam.serviceAccounts.create
+* iam.serviceAccounts.delete
+* iam.serviceAccounts.getIamPolicy
+* iam.serviceAccounts.list
+* iam.serviceAccounts.setIamPolicy
+* iam.workloadIdentityPoolProviders.get
+* iam.workloadIdentityPools.delete
+* resourcemanager.projects.get
+* resourcemanager.projects.getIamPolicy
+* resourcemanager.projects.setIamPolicy
+* storage.buckets.create
+* storage.buckets.delete
+* storage.buckets.get
+* storage.buckets.getIamPolicy
+* storage.buckets.setIamPolicy
+* storage.objects.create
+* storage.objects.delete
+* storage.objects.list
+====
+endif::google-cloud-platform[]
+
 .Procedure
 
+ifndef::update[]
 . Obtain the {product-title} release image by running the following command:
 +
 [source,terminal]
 ----
 $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
+endif::update[]
 
 . Obtain the CCO container image from the {product-title} release image by running the following command:
 +
@@ -198,6 +376,7 @@ Usage:
 Available Commands:
   alibabacloud Manage credentials objects for alibaba cloud
   aws          Manage credentials objects for AWS cloud
+  azure        Manage credentials objects for Azure
   gcp          Manage credentials objects for Google cloud
   help         Help about any command
   ibmcloud     Manage credentials objects for IBM Cloud
@@ -209,12 +388,7 @@ Flags:
 Use "ccoctl [command] --help" for more information about a command.
 ----
 
-ifeval::["{context}" == "cco-mode-sts"]
-:!aws-sts:
-endif::[]
-ifeval::["{context}" == "cco-mode-gcp-workload-identity"]
-:!google-cloud-platform:
-endif::[]
+//Platforms that must use `ccoctl` and update content
 ifeval::["{context}" == "configuring-iam-ibm-cloud"]
 :!ibm-cloud:
 endif::[]
@@ -230,3 +404,75 @@ endif::[]
 ifeval::["{context}" == "preparing-to-install-on-ibm-power-vs"]
 :!ibm-power-vs:
 endif::[]
+
+//AWS install assemblies
+ifeval::["{context}" == "installing-aws-customizations"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-network-customizations"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-vpc"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-private"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-government-region"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-china-region"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-localzone"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
+:!aws-sts:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:!google-cloud-platform:
+endif::[]
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure-workload-id:
+endif::[]
\ No newline at end of file
diff --git a/modules/cco-ccoctl-creating-at-once.adoc b/modules/cco-ccoctl-creating-at-once.adoc
index 757d474040a1..495473377fe2 100644
--- a/modules/cco-ccoctl-creating-at-once.adoc
+++ b/modules/cco-ccoctl-creating-at-once.adoc
@@ -1,17 +1,39 @@
 // Module included in the following assemblies:
 //
-// * authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
-// * authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
+// Platforms that must use `ccoctl`
 // * installing/installing_alibaba/manually-creating-alibaba-ram.adoc
 // * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
 // * installing/installing_alibaba/installing-alibaba-vpc.adoc
+//
+// AWS assemblies:
+// * installing/installing_aws/installing-aws-customizations.adoc
+// * installing/installing_aws/installing-aws-network-customizations.adoc
+// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-localzone.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+//
+// GCP assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+// * installing/installing_gcp/installing-gcp-network-customizations.adoc
+// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
+// * installing/installing_gcp/installing-gcp-vpc.adoc
+// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
+// * installing/installing_gcp/installing-gcp-private.adoc
+//
+// Azure assemblies
+// * installing/installing_azure/installing-azure-customizations.adoc
+// * installing/installing_azure/installing-azure-government-region.adoc
+// * installing/installing_azure/installing-azure-network-customizations.adoc
+// * installing/installing_azure/installing-azure-private.adoc
+// * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
 
-ifeval::["{context}" == "cco-mode-sts"]
-:aws-sts:
-endif::[]
-ifeval::["{context}" == "cco-mode-gcp-workload-identity"]
-:google-cloud-platform:
-endif::[]
+//Platforms that must use `ccoctl`
 ifeval::["{context}" == "installing-alibaba-default"]
 :alibabacloud-default:
 endif::[]
@@ -22,22 +44,98 @@ ifeval::["{context}" == "installing-alibaba-vpc"]
 :alibabacloud-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+//AWS install assemblies
+ifeval::["{context}" == "installing-aws-customizations"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-network-customizations"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-vpc"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-private"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-government-region"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-china-region"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-localzone"]
+:aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
+:aws-sts:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:google-cloud-platform:
+endif::[]
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure-workload-id:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="cco-ccoctl-creating-at-once_{context}"]
 ifdef::aws-sts[]
 = Creating AWS resources with a single command
 
-If you do not need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, and if the process the `ccoctl` tool uses to create AWS resources automatically meets the requirements of your organization, you can use the `ccoctl aws create-all` command to automate the creation of AWS resources.
+If the process the `ccoctl` tool uses to create AWS resources automatically meets the requirements of your organization, you can use the `ccoctl aws create-all` command to automate the creation of AWS resources.
 
-Otherwise, you can create the AWS resources individually.
+Otherwise, you can create the AWS resources individually. For more information, see "Creating AWS resources individually".
 
-//to-do if possible: xref to modules/cco-ccoctl-creating-individually.adoc for `create the AWS resources individually`
 endif::aws-sts[]
 ifdef::google-cloud-platform[]
 = Creating GCP resources with the Cloud Credential Operator utility
 
 You can use the `ccoctl gcp create-all` command to automate the creation of GCP resources.
 endif::google-cloud-platform[]
+ifdef::azure-workload-id[]
+= Creating Azure resources with the Cloud Credential Operator utility
+
+You can use the `ccoctl azure create-all` command to automate the creation of Azure resources.
+endif::azure-workload-id[]
 ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 [id="cco-ccoctl-creating-at-once_{context}"]
 = Creating credentials for {product-title} components with the ccoctl tool
@@ -59,132 +157,59 @@ ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 * Created a RAM user with sufficient permission to create the {product-title} cluster.
 * Added the AccessKeyID (`access_key_id`) and AccessKeySecret (`access_key_secret`) of that RAM user into the link:https://www.alibabacloud.com/help/en/doc-detail/311667.htm#h2-sls-mfm-3p3[`~/.alibabacloud/credentials` file] on your local computer.
 endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
+ifdef::azure-workload-id[]
+* Access to your Microsoft Azure account by using the Azure CLI.
+endif::azure-workload-id[]
 
 .Procedure
 
-ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-. Set the `$RELEASE_IMAGE` variable by running the following command:
+. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
-[source,terminal] 
+[source,terminal]
 ----
 $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
-endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 
 . Extract the list of `CredentialsRequest` objects from the {product-title} release image by running the following command:
 +
 [source,terminal]
-ifdef::aws-sts[]
-----
-$ oc adm release extract \
---credentials-requests \
---cloud=aws \
---to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
---from=quay.io/<path_to>/ocp-release:<version>
-----
-endif::aws-sts[]
-ifdef::google-cloud-platform[]
 ----
 $ oc adm release extract \
---credentials-requests \
---cloud=gcp \
---to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
-quay.io/<path_to>/ocp-release:<version>
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
+  --to=<path_to_directory_for_credentials_requests> <3>
 ----
-endif::google-cloud-platform[]
-ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-----
-$ oc adm release extract \
---credentials-requests \
---cloud=alibabacloud \
---to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
-$RELEASE_IMAGE
-----
-endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-+
-<1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the location of the `install-config.yaml` file.
+<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
 +
 [NOTE]
 ====
-This command can take a few moments to run.
+This command might take a few moments to run.
 ====
 
-ifdef::aws-sts[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on AWS
+ifdef::azure-workload-id[]
+. To enable the `ccoctl` utility to detect your Azure credentials automatically, log in to the Azure CLI by running the following command:
 +
 [source,terminal]
 ----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cloud-credential-operator_05-iam-ro-credentialsrequest.yaml <2>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request.yaml <3>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <4>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <5>
-0000_50_cluster-storage-operator_03_credentials_request_aws.yaml <6>
+$ az login
 ----
-+
-<1> The Machine API Operator CR is required.
-<2> The Cloud Credential Operator CR is required.
-<3> The Image Registry Operator CR is required.
-<4> The Ingress Operator CR is required.
-<5> The Network Operator CR is required.
-<6> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::aws-sts[]
-ifdef::google-cloud-platform[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on GCP
-+
-[source,terminal]
-----
-0000_26_cloud-controller-manager-operator_16_credentialsrequest-gcp.yaml <1>
-0000_30_machine-api-operator_00_credentials-request.yaml <2>
-0000_50_cloud-credential-operator_05-gcp-ro-credentialsrequest.yaml <3>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request-gcs.yaml <4>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <5>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <6>
-0000_50_cluster-storage-operator_03_credentials_request_gcp.yaml <7>
-----
-+
-<1> The Cloud Controller Manager Operator CR is required.
-<2> The Machine API Operator CR is required.
-<3> The Cloud Credential Operator CR is required.
-<4> The Image Registry Operator CR is required.
-<5> The Ingress Operator CR is required.
-<6> The Network Operator CR is required.
-<7> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::google-cloud-platform[]
-ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on Alibaba Cloud
-+
-[source,terminal]
-----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request-alibaba.yaml <2>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <3>
-0000_50_cluster-storage-operator_03_credentials_request_alibaba.yaml <4>
-----
-+
-<1> The Machine API Operator CR is required.
-<2> The Image Registry Operator CR is required.
-<3> The Ingress Operator CR is required.
-<4> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
+endif::azure-workload-id[]
 
-ifdef::aws-sts,google-cloud-platform[]
-. Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
+ifdef::aws-sts,google-cloud-platform,azure-workload-id[]
+. Use the `ccoctl` tool to process all `CredentialsRequest` objects by running the following command:
 +
-endif::aws-sts,google-cloud-platform[]
+endif::aws-sts,google-cloud-platform,azure-workload-id[]
 ifdef::aws-sts[]
 [source,terminal]
 ----
 $ ccoctl aws create-all \
   --name=<name> \// <1>
   --region=<aws_region> \// <2>
-  --credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <3>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <3>
   --output-dir=<path_to_ccoctl_output_dir> \// <4>
   --create-private-s3-bucket <5>
 ----
@@ -203,49 +228,66 @@ ifdef::google-cloud-platform[]
 [source,terminal]
 ----
 $ ccoctl gcp create-all \
---name=<name> \
---region=<gcp_region> \
---project=<gcp_project_id> \
---credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests
+  --name=<name> \// <1>
+  --region=<gcp_region> \// <2>
+  --project=<gcp_project_id> \// <3>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> <4>
 ----
-+
-where:
-+
---
-** `<name>` is the user-defined name for all created GCP resources used for tracking.
-** `<gcp_region>` is the GCP region in which cloud resources will be created.
-** `<gcp_project_id>` is the GCP project ID in which cloud resources will be created.
-** `<path_to_directory_with_list_of_credentials_requests>/credrequests` is the directory containing the files of `CredentialsRequest` manifests to create GCP service accounts.
---
+<1> Specify the user-defined name for all created GCP resources used for tracking.
+<2> Specify the GCP region in which cloud resources will be created.
+<3> Specify the GCP project ID in which cloud resources will be created.
+<4> Specify the directory containing the files of `CredentialsRequest` manifests to create GCP service accounts.
 +
 [NOTE]
 ====
 If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter.
 ====
 endif::google-cloud-platform[]
+ifdef::azure-workload-id[]
+[source,terminal]
+----
+$ ccoctl azure create-all \
+  --name=<azure_infra_name> \// <1>
+  --output-dir=<ccoctl_output_dir> \// <2>
+  --region=<azure_region> \// <3>
+  --subscription-id=<azure_subscription_id> \// <4>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <5>
+  --dnszone-resource-group-name=<azure_dns_zone_resource_group_name> \// <6>
+  --tenant-id=<azure_tenant_id> <7>
+----
+<1> Specify the user-defined name for all created Azure resources used for tracking.
+<2> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+<3> Specify the Azure region in which cloud resources will be created.
+<4> Specify the Azure subscription ID to use.
+<5> Specify the directory containing the files for the component `CredentialsRequest` objects.
+<6> Specify the name of the resource group containing the cluster's base domain Azure DNS zone.
+<7> Specify the Azure tenant ID to use.
++
+[NOTE]
+====
+If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter.
+
+To see additional optional parameters and explanations of how to use them, run the `azure create-all --help` command.
+====
+endif::azure-workload-id[]
 
 ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-. Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
+. Use the `ccoctl` tool to process all `CredentialsRequest` objects by running the following command:
 
 .. Run the following command to use the tool:
 +
 [source,terminal]
 ----
 $ ccoctl alibabacloud create-ram-users \
---name <name> \
---region=<alibaba_region> \
---credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \
---output-dir=<path_to_ccoctl_output_dir>
+  --name <name> \// <1>
+  --region=<alibaba_region> \// <2>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <3>
+  --output-dir=<path_to_ccoctl_output_dir> <4>
 ----
-+
-where:
-+
---
-** `<name>` is the name used to tag any cloud resources that are created for tracking.
-** `<alibaba_region>` is the Alibaba Cloud region in which cloud resources will be created.
-** `<path_to_directory_with_list_of_credentials_requests>/credrequests` is the directory containing the files for the component `CredentialsRequest` objects.
-** `<path_to_ccoctl_output_dir>` is the directory where the generated component credentials secrets will be placed.
---
+<1> Specify the name used to tag any cloud resources that are created for tracking.
+<2> Specify the Alibaba Cloud region in which cloud resources will be created.
+<3> Specify the directory containing the files for the component `CredentialsRequest` objects.
+<4> Specify the directory where the generated component credentials secrets will be placed.
 +
 [NOTE]
 ====
@@ -253,8 +295,7 @@ If your cluster uses Technology Preview features that are enabled by the `TechPr
 ====
 +
 .Example output
-+
-[source,terminal]
+[source,text]
 ----
 2022/02/11 16:18:26 Created RAM User: user1-alicloud-openshift-machine-api-alibabacloud-credentials
 2022/02/11 16:18:27 Ready for creating new ram policy user1-alicloud-openshift-machine-api-alibabacloud-credentials-policy-policy
@@ -267,9 +308,8 @@ If your cluster uses Technology Preview features that are enabled by the `TechPr
 +
 [NOTE]
 ====
-A RAM user can have up to two AccessKeys at the same time. If you run `ccoctl alibabacloud create-ram-users` more than twice, the previous generated manifests secret becomes stale and you must reapply the newly generated secrets.
+A RAM user can have up to two AccessKeys at the same time. If you run `ccoctl alibabacloud create-ram-users` more than twice, the previously generated manifests secret becomes stale and you must reapply the newly generated secrets.
 ====
-// Above output was in AWS area but I believe belongs here.
 
 .. Verify that the {product-title} secrets are created:
 +
@@ -278,9 +318,8 @@ A RAM user can have up to two AccessKeys at the same time. If you run `ccoctl al
 $ ls <path_to_ccoctl_output_dir>/manifests
 ----
 +
-.Example output:
-+
-[source,terminal]
+.Example output
+[source,text]
 ----
 openshift-cluster-csi-drivers-alibaba-disk-credentials-credentials.yaml
 openshift-image-registry-installer-cloud-credentials-credentials.yaml
@@ -303,7 +342,7 @@ where:
 `<path_to_installation_dir>`:: Specifies the directory in which the installation program creates files.
 endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 
-ifdef::aws-sts,google-cloud-platform[]
+ifdef::aws-sts,google-cloud-platform,azure-workload-id[]
 .Verification
 
 * To verify that the {product-title} secrets are created, list the files in the `<path_to_ccoctl_output_dir>/manifests` directory:
@@ -312,34 +351,63 @@ ifdef::aws-sts,google-cloud-platform[]
 ----
 $ ls <path_to_ccoctl_output_dir>/manifests
 ----
-endif::aws-sts,google-cloud-platform[]
+endif::aws-sts,google-cloud-platform,azure-workload-id[]
 ifdef::aws-sts[]
 +
-.Example output:
-+
-[source,terminal]
+.Example output
+[source,text]
 ----
 cluster-authentication-02-config.yaml
 openshift-cloud-credential-operator-cloud-credential-operator-iam-ro-creds-credentials.yaml
+openshift-cloud-network-config-controller-cloud-credentials-credentials.yaml
+openshift-cluster-api-capa-manager-bootstrap-credentials-credentials.yaml
 openshift-cluster-csi-drivers-ebs-cloud-credentials-credentials.yaml
 openshift-image-registry-installer-cloud-credentials-credentials.yaml
 openshift-ingress-operator-cloud-credentials-credentials.yaml
 openshift-machine-api-aws-cloud-credentials-credentials.yaml
 ----
-//Would love a GCP version of the above output.
-
++
 You can verify that the IAM roles are created by querying AWS. For more information, refer to AWS documentation on listing IAM roles.
 endif::aws-sts[]
 ifdef::google-cloud-platform[]
++
+.Example output
+[source,text]
+----
+cluster-authentication-02-config.yaml
+openshift-cloud-controller-manager-gcp-ccm-cloud-credentials-credentials.yaml
+openshift-cloud-credential-operator-cloud-credential-operator-gcp-ro-creds-credentials.yaml
+openshift-cloud-network-config-controller-cloud-credentials-credentials.yaml
+openshift-cluster-api-capg-manager-bootstrap-credentials-credentials.yaml
+openshift-cluster-csi-drivers-gcp-pd-cloud-credentials-credentials.yaml
+openshift-image-registry-installer-cloud-credentials-credentials.yaml
+openshift-ingress-operator-cloud-credentials-credentials.yaml
+openshift-machine-api-gcp-cloud-credentials-credentials.yaml
+----
++
 You can verify that the IAM service accounts are created by querying GCP. For more information, refer to GCP documentation on listing IAM service accounts.
 endif::google-cloud-platform[]
+ifdef::azure-workload-id[]
++
+.Example output
+[source,text]
+----
+azure-ad-pod-identity-webhook-config.yaml
+cluster-authentication-02-config.yaml
+openshift-cloud-controller-manager-azure-cloud-credentials-credentials.yaml
+openshift-cloud-network-config-controller-cloud-credentials-credentials.yaml
+openshift-cluster-api-capz-manager-bootstrap-credentials-credentials.yaml
+openshift-cluster-csi-drivers-azure-disk-credentials-credentials.yaml
+openshift-cluster-csi-drivers-azure-file-credentials-credentials.yaml
+openshift-image-registry-installer-cloud-credentials-credentials.yaml
+openshift-ingress-operator-cloud-credentials-credentials.yaml
+openshift-machine-api-azure-cloud-credentials-credentials.yaml
+----
++
+You can verify that the Azure AD service accounts are created by querying Azure. For more information, refer to Azure documentation on listing AD service accounts.
+endif::azure-workload-id[]
 
-ifeval::["{context}" == "cco-mode-sts"]
-:!aws-sts:
-endif::[]
-ifeval::["{context}" == "cco-mode-gcp-workload-identity"]
-:!google-cloud-platform:
-endif::[]
+//Platforms that must use `ccoctl`
 ifeval::["{context}" == "installing-alibaba-default"]
 :!alibabacloud-default:
 endif::[]
@@ -349,3 +417,75 @@ endif::[]
 ifeval::["{context}" == "installing-alibaba-vpc"]
 :!alibabacloud-vpc:
 endif::[]
+
+//AWS install assemblies
+ifeval::["{context}" == "installing-aws-customizations"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-network-customizations"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-vpc"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-private"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-government-region"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-china-region"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-localzone"]
+:!aws-sts:
+endif::[]
+ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
+:!aws-sts:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:!google-cloud-platform:
+endif::[]
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure-workload-id:
+endif::[]
\ No newline at end of file
diff --git a/modules/cco-ccoctl-creating-individually.adoc b/modules/cco-ccoctl-creating-individually.adoc
index d2404785a72d..fe7bec70252a 100644
--- a/modules/cco-ccoctl-creating-individually.adoc
+++ b/modules/cco-ccoctl-creating-individually.adoc
@@ -1,16 +1,24 @@
 // Module included in the following assemblies:
 //
-// * authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
-
-:_content-type: PROCEDURE
+// AWS assemblies:
+// * installing/installing_aws/installing-aws-customizations.adoc
+// * installing/installing_aws/installing-aws-network-customizations.adoc
+// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-localzone.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="cco-ccoctl-creating-individually_{context}"]
 = Creating AWS resources individually
 
-If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. For example, this option might be useful for an organization that shares the responsibility for creating these resources among different users or departments.
-
-Otherwise, you can use the `ccoctl aws create-all` command to create the AWS resources automatically.
+You can use the `ccoctl` tool to create AWS resources individually. This option might be useful for an organization that shares the responsibility for creating these resources among different users or departments.
 
-//to-do if possible: xref to modules/cco-ccoctl-creating-at-once.adoc for `create the AWS resources automatically`
+Otherwise, you can use the `ccoctl aws create-all` command to create the AWS resources automatically. For more information, see "Creating AWS resources with a single command".
 
 [NOTE]
 ====
@@ -25,16 +33,15 @@ Some `ccoctl` commands make AWS API calls to create or modify AWS resources. You
 
 .Procedure
 
-. Generate the public and private RSA key files that are used to set up the OpenID Connect provider for the cluster:
+. Generate the public and private RSA key files that are used to set up the OpenID Connect provider for the cluster by running the following command:
 +
 [source,terminal]
 ----
 $ ccoctl aws create-key-pair
 ----
 +
-.Example output:
-+
-[source,terminal]
+.Example output
+[source,text]
 ----
 2021/04/13 11:01:02 Generating RSA keypair
 2021/04/13 11:01:03 Writing private key to /<path_to_ccoctl_output_dir>/serviceaccount-signer.private
@@ -46,27 +53,21 @@ where `serviceaccount-signer.private` and `serviceaccount-signer.public` are the
 +
 This command also creates a private key that the cluster requires during installation in `/<path_to_ccoctl_output_dir>/tls/bound-service-account-signing-key.key`.
 
-. Create an OpenID Connect identity provider and S3 bucket on AWS:
+. Create an OpenID Connect identity provider and S3 bucket on AWS by running the following command:
 +
 [source,terminal]
 ----
 $ ccoctl aws create-identity-provider \
---name=<name> \
---region=<aws_region> \
---public-key-file=<path_to_ccoctl_output_dir>/serviceaccount-signer.public
+  --name=<name> \// <1>
+  --region=<aws_region> \// <2>
+  --public-key-file=<path_to_ccoctl_output_dir>/serviceaccount-signer.public <3>
 ----
+<1> `<name>` is the name used to tag any cloud resources that are created for tracking.
+<2> `<aws-region>` is the AWS region in which cloud resources will be created.
+<3> `<path_to_ccoctl_output_dir>` is the path to the public key file that the `ccoctl aws create-key-pair` command generated.
 +
-where:
-+
---
-** `<name>` is the name used to tag any cloud resources that are created for tracking.
-** `<aws-region>` is the AWS region in which cloud resources will be created.
-** `<path_to_ccoctl_output_dir>` is the path to the public key file that the `ccoctl aws create-key-pair` command generated.
---
-+
-.Example output:
-+
-[source,terminal]
+.Example output
+[source,text]
 ----
 2021/04/13 11:16:09 Bucket <name>-oidc created
 2021/04/13 11:16:10 OpenID Connect discovery document in the S3 bucket <name>-oidc at .well-known/openid-configuration updated
@@ -79,50 +80,39 @@ where `openid-configuration` is a discovery document and `keys.json` is a JSON w
 +
 This command also creates a YAML configuration file in `/<path_to_ccoctl_output_dir>/manifests/cluster-authentication-02-config.yaml`. This file sets the issuer URL field for the service account tokens that the cluster generates, so that the AWS IAM identity provider trusts the tokens.
 
-. Create IAM roles for each component in the cluster.
+. Create IAM roles for each component in the cluster:
 
-.. Extract the list of `CredentialsRequest` objects from the {product-title} release image:
+.. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm release extract --credentials-requests \
---cloud=aws \
---to=<path_to_directory_with_list_of_credentials_requests>/credrequests <1>
---from=quay.io/<path_to>/ocp-release:<version>
+$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
-+
-<1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
 
-.. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on AWS
+.. Extract the list of `CredentialsRequest` objects from the {product-title} release image:
 +
 [source,terminal]
 ----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cloud-credential-operator_05-iam-ro-credentialsrequest.yaml <2>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request.yaml <3>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <4>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <5>
-0000_50_cluster-storage-operator_03_credentials_request_aws.yaml <6>
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
+  --to=<path_to_directory_for_credentials_requests> <3>
 ----
-+
-<1> The Machine API Operator CR is required. 
-<2> The Cloud Credential Operator CR is required.
-<3> The Image Registry Operator CR is required.
-<4> The Ingress Operator CR is required.
-<5> The Network Operator CR is required.
-<6> The Storage Operator CR is an optional component and might be disabled in your cluster.
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the location of the `install-config.yaml` file.
+<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
 
-.. Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
+.. Use the `ccoctl` tool to process all `CredentialsRequest` objects by running the following command:
 +
 [source,terminal]
 ----
 $ ccoctl aws create-iam-roles \
---name=<name> \
---region=<aws_region> \
---credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \
---identity-provider-arn=arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com
+  --name=<name> \
+  --region=<aws_region> \
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \
+  --identity-provider-arn=arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com
 ----
 +
 [NOTE]
@@ -140,20 +130,20 @@ For each `CredentialsRequest` object, `ccoctl` creates an IAM role with a trust
 +
 [source,terminal]
 ----
-$ ll <path_to_ccoctl_output_dir>/manifests
+$ ls <path_to_ccoctl_output_dir>/manifests
 ----
 +
-.Example output:
-+
-[source,terminal]
+.Example output
+[source,text]
 ----
-total 24
--rw-------. 1 <user> <user> 161 Apr 13 11:42 cluster-authentication-02-config.yaml
--rw-------. 1 <user> <user> 379 Apr 13 11:59 openshift-cloud-credential-operator-cloud-credential-operator-iam-ro-creds-credentials.yaml
--rw-------. 1 <user> <user> 353 Apr 13 11:59 openshift-cluster-csi-drivers-ebs-cloud-credentials-credentials.yaml
--rw-------. 1 <user> <user> 355 Apr 13 11:59 openshift-image-registry-installer-cloud-credentials-credentials.yaml
--rw-------. 1 <user> <user> 339 Apr 13 11:59 openshift-ingress-operator-cloud-credentials-credentials.yaml
--rw-------. 1 <user> <user> 337 Apr 13 11:59 openshift-machine-api-aws-cloud-credentials-credentials.yaml
+cluster-authentication-02-config.yaml
+openshift-cloud-credential-operator-cloud-credential-operator-iam-ro-creds-credentials.yaml
+openshift-cloud-network-config-controller-cloud-credentials-credentials.yaml
+openshift-cluster-api-capa-manager-bootstrap-credentials-credentials.yaml
+openshift-cluster-csi-drivers-ebs-cloud-credentials-credentials.yaml
+openshift-image-registry-installer-cloud-credentials-credentials.yaml
+openshift-ingress-operator-cloud-credentials-credentials.yaml
+openshift-machine-api-aws-cloud-credentials-credentials.yaml
 ----
-
++
 You can verify that the IAM roles are created by querying AWS. For more information, refer to AWS documentation on listing IAM roles.
diff --git a/modules/cco-ccoctl-deleting-sts-resources.adoc b/modules/cco-ccoctl-deleting-sts-resources.adoc
index 3c3ceb12b8c8..c74bf14f92e0 100644
--- a/modules/cco-ccoctl-deleting-sts-resources.adoc
+++ b/modules/cco-ccoctl-deleting-sts-resources.adoc
@@ -2,56 +2,95 @@
 //
 // * installing/installing_aws/uninstalling-cluster-aws.adoc
 // * installing/installing_gcp/uninstalling-cluster-gcp.adoc
+// * installing/installing_azure/uninstalling-cluster-azure.adoc
 
 ifeval::["{context}" == "uninstall-cluster-aws"]
+:cp-first: Amazon Web Services
+:cp: AWS
+:cp-name: aws
 :aws-sts:
 endif::[]
 ifeval::["{context}" == "uninstalling-cluster-gcp"]
-:google-cloud-platform:
+:cp-first: Google Cloud Platform
+:cp: GCP
+:cp-name: gcp
+:gcp-workload-id:
+endif::[]
+ifeval::["{context}" == "uninstall-cluster-azure"]
+:cp-first: Microsoft Azure
+:cp: Azure
+:cp-name: azure
+:azure-workload-id:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cco-ccoctl-deleting-sts-resources_{context}"]
-ifdef::aws-sts[]
-= Deleting AWS resources with the Cloud Credential Operator utility
-
-To clean up resources after uninstalling an {product-title} cluster with the Cloud Credential Operator (CCO) in manual mode with STS, you can use the CCO utility (`ccoctl`) to remove the AWS resources that `ccoctl` created during installation.
-endif::aws-sts[]
-
-ifdef::google-cloud-platform[]
-= Deleting GCP resources with the Cloud Credential Operator utility
+= Deleting {cp-first} resources with the Cloud Credential Operator utility
 
-To clean up resources after uninstalling an {product-title} cluster with the Cloud Credential Operator (CCO) in manual mode with GCP Workload Identity, you can use the CCO utility (`ccoctl`) to remove the GCP resources that `ccoctl` created during installation.
-endif::google-cloud-platform[]
+After uninstalling an {product-title} cluster that uses short-term credentials managed outside the cluster, you can use the CCO utility (`ccoctl`) to remove the {cp-first} ({cp}) resources that `ccoctl` created during installation.
 
 .Prerequisites
 
 * Extract and prepare the `ccoctl` binary.
-ifdef::aws-sts[]
-* Install an {product-title} cluster with the CCO in manual mode with STS.
-endif::aws-sts[]
-ifdef::google-cloud-platform[]
-* Install an {product-title} cluster with the CCO in manual mode with GCP Workload Identity.
-endif::google-cloud-platform[]
+* Uninstall an {product-title} cluster on {cp} that uses short-term credentials.
 
 .Procedure
-
-ifdef::aws-sts[]
-* Delete the AWS resources that `ccoctl` created:
+//GCP has extra prep steps
+ifdef::gcp-workload-id[]
+. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
 [source,terminal]
 ----
-$ ccoctl aws delete \
-  --name=<name> \ <1>
-  --region=<aws_region> <2>
+$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
+----
+
+. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
++
+[source,terminal,subs="attributes+"]
 ----
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --to=<path_to_directory_for_credentials_requests> <2>
+----
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
+
+. Delete the {cp} resources that `ccoctl` created by running the following command:
+endif::gcp-workload-id[]
+ifdef::aws-sts,azure-workload-id[]
+* Delete the {cp} resources that `ccoctl` created by running the following command:
+endif::aws-sts,azure-workload-id[]
 +
-<1> `<name>` matches the name that was originally used to create and tag the cloud resources.
-<2> `<aws_region>` is the AWS region in which to delete cloud resources.
+[source,terminal,subs="attributes+"]
+----
+$ ccoctl {cp-name} delete \
+  --name=<name> \// <1>
+ifdef::aws-sts[  --region=<{cp-name}_region> <2>]
+ifdef::gcp-workload-id[]
+  --project=<{cp-name}_project_id> \// <2>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \
+  --force-delete-custom-roles <3>
+endif::gcp-workload-id[]
+ifdef::azure-workload-id[]
+  --region=<{cp-name}_region> \// <2>
+  --subscription-id=<{cp-name}_subscription_id> \// <3>
+  --delete-oidc-resource-group
+endif::azure-workload-id[]
+----
 +
-.Example output:
+<1> `<name>` matches the name that was originally used to create and tag the cloud resources.
+ifdef::aws-sts,azure-workload-id[<2> `<{cp-name}_region>` is the {cp} region in which to delete cloud resources.]
+ifdef::gcp-workload-id[]
+<2> `<{cp-name}_project_id>` is the {cp} project ID in which to delete cloud resources.
+<3> Optional: This parameter deletes the custom roles that the `ccoctl` utility creates during installation. GCP does not permanently delete custom roles immediately. For more information, see GCP documentation about link:https://cloud.google.com/iam/docs/creating-custom-roles#deleting-custom-role[deleting a custom role].
+endif::gcp-workload-id[]
+ifdef::azure-workload-id[<3> `<{cp-name}_subscription_id>` is the {cp} subscription ID for which to delete cloud resources.]
+ifdef::aws-sts[]
 +
-[source,terminal]
+.Example output
+[source,text]
 ----
 2021/04/08 17:50:41 Identity Provider object .well-known/openid-configuration deleted from the bucket <name>-oidc
 2021/04/08 17:50:42 Identity Provider object keys.json deleted from the bucket <name>-oidc
@@ -68,55 +107,25 @@ $ ccoctl aws delete \
 2021/04/08 17:51:11 IAM Role <name>-openshift-machine-api-aws-cloud-credentials deleted
 2021/04/08 17:51:39 Identity Provider with ARN arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com deleted
 ----
-//Would love a GCP version of the above output.
+//Would love a GCP and Azure version of the above output.
 endif::aws-sts[]
-ifdef::google-cloud-platform[]
-. Obtain the {product-title} release image by running the following command:
-+
-[source,terminal]
-----
-$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
-----
-
-. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
-+
-[source,terminal]
-----
-$ oc adm release extract --credentials-requests \
-  --cloud=gcp \
-  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
-  $RELEASE_IMAGE
-----
-+
-<1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
-
-. Delete the GCP resources that `ccoctl` created:
-+
-[source,terminal]
-----
-$ ccoctl gcp delete \
-  --name=<name> \ <1>
-  --project=<gcp_project_id> \ <2>
-  --credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests
-----
-+
-<1> `<name>` matches the name that was originally used to create and tag the cloud resources.
-<2> `<gcp_project_id>` is the GCP project ID in which to delete cloud resources.
-endif::google-cloud-platform[]
 
 .Verification
 
-ifdef::aws-sts[]
-* To verify that the resources are deleted, query AWS. For more information, refer to AWS documentation.
-endif::aws-sts[]
-
-ifdef::google-cloud-platform[]
-* To verify that the resources are deleted, query GCP. For more information, refer to GCP documentation.
-endif::google-cloud-platform[]
+* To verify that the resources are deleted, query {cp}. For more information, refer to {cp} documentation.
 
 ifeval::["{context}" == "uninstall-cluster-aws"]
+:!cp-first: Amazon Web Services
+:!cp: AWS
 :!aws-sts:
 endif::[]
 ifeval::["{context}" == "uninstalling-cluster-gcp"]
-:!google-cloud-platform:
+:!cp-first: Google Cloud Platform
+:!cp: GCP
+:!gcp-workload-id:
 endif::[]
+ifeval::["{context}" == "uninstall-cluster-azure"]
+:!cp-first: Microsoft Azure
+:!cp: Azure
+:!azure-workload-id:
+endif::[]
\ No newline at end of file
diff --git a/modules/cco-ccoctl-install-creating-manifests.adoc b/modules/cco-ccoctl-install-creating-manifests.adoc
new file mode 100644
index 000000000000..19a2b9f15e45
--- /dev/null
+++ b/modules/cco-ccoctl-install-creating-manifests.adoc
@@ -0,0 +1,196 @@
+// Module included in the following assemblies:
+//
+// AWS assemblies:
+// * installing/installing_aws/installing-aws-customizations.adoc
+// * installing/installing_aws/installing-aws-network-customizations.adoc
+// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-localzone.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+//
+// GCP assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+// * installing/installing_gcp/installing-gcp-network-customizations.adoc
+// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
+// * installing/installing_gcp/installing-gcp-vpc.adoc
+// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
+// * installing/installing_gcp/installing-gcp-private.adoc
+//
+// Azure assemblies
+// * installing/installing_azure/installing-azure-customizations.adoc
+// * installing/installing_azure/installing-azure-government-region.adoc
+// * installing/installing_azure/installing-azure-network-customizations.adoc
+// * installing/installing_azure/installing-azure-private.adoc
+// * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure-workload-id:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:google-cloud-platform:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="cco-ccoctl-install-creating-manifests_{context}"]
+= Incorporating the Cloud Credential Operator utility manifests
+
+To implement short-term security credentials managed outside the cluster for individual components, you must move the manifest files that the Cloud Credential Operator utility (`ccoctl`) created to the correct directories for the installation program.
+
+.Prerequisites
+
+* You have configured an account with the cloud platform that hosts your cluster.
+* You have configured the Cloud Credential Operator utility (`ccoctl`).
+* You have created the cloud provider resources that are required for your cluster with the `ccoctl` utility.
+
+.Procedure
+
+ifdef::google-cloud-platform[]
+. Add the following granular permissions to the GCP account that the installation program uses:
++
+.Required GCP permissions
+[%collapsible]
+====
+* compute.machineTypes.list
+* compute.regions.list
+* compute.zones.list
+* dns.changes.create
+* dns.changes.get
+* dns.managedZones.create
+* dns.managedZones.delete
+* dns.managedZones.get
+* dns.managedZones.list
+* dns.networks.bindPrivateDNSZone
+* dns.resourceRecordSets.create
+* dns.resourceRecordSets.delete
+* dns.resourceRecordSets.list
+====
+endif::google-cloud-platform[]
+
+. If you did not set the `credentialsMode` parameter in the `install-config.yaml` configuration file to `Manual`, modify the value as shown:
++
+.Sample configuration file snippet
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com
+credentialsMode: Manual
+# ...
+----
+
+ifdef::azure-workload-id[]
+. If you used the `ccoctl` utility to create a new Azure resource group instead of using an existing resource group, modify the `resourceGroupName` parameter in the `install-config.yaml` as shown:
++
+.Sample configuration file snippet
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com
+# ...
+platform:
+  azure:
+    resourceGroupName: <azure_infra_name> # <1>
+# ...
+----
+<1> This value must match the user-defined name for Azure resources that was specified with the `--name` argument of the `ccoctl azure create-all` command.
+endif::azure-workload-id[]
+
+. If you have not previously created installation manifest files, do so by running the following command:
++
+[source,terminal]
+----
+$ openshift-install create manifests --dir <installation_directory>
+----
++
+where `<installation_directory>` is the directory in which the installation program creates files.
+
+. Copy the manifests that the `ccoctl` utility generated to the `manifests` directory that the installation program created by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ cp /<path_to_ccoctl_output_dir>/manifests/* ./manifests/
+----
+
+. Copy the private key that the `ccoctl` utility generated in the `tls` directory to the installation directory by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ cp -a /<path_to_ccoctl_output_dir>/tls .
+----
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:!azure-workload-id:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure-workload-id:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:!google-cloud-platform:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:!google-cloud-platform:
+endif::[]
\ No newline at end of file
diff --git a/modules/cco-ccoctl-install-verifying.adoc b/modules/cco-ccoctl-install-verifying.adoc
new file mode 100644
index 000000000000..1226e3d4104d
--- /dev/null
+++ b/modules/cco-ccoctl-install-verifying.adoc
@@ -0,0 +1,64 @@
+// Module included in the following assemblies:
+//
+// * installing/validating-an-installation.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cco-ccoctl-install-verifying_{context}"]
+= Clusters that use short-term credentials: Verifying the credentials configuration
+
+You can verify that your cluster is using short-term security credentials for individual components.
+
+.Prerequisites
+
+* You deployed an {product-title} cluster using the Cloud Credential Operator utility (`ccoctl`) to implement short-term credentials.
+
+* You installed the {oc-first}.
+
+
+.Procedure
+
+. Log in as a user with `cluster-admin` privileges.
+
+. Verify that the cluster does not have `root` credentials by running the following command:
++
+[source,terminal]
+----
+$ oc get secrets -n kube-system <secret_name>
+----
++
+where `<secret_name>` is the name of the root secret for your cloud provider.
++
+[cols=2,options=header]
+|===
+|Platform
+|Secret name
+
+|AWS
+|`aws-creds`
+
+|Azure
+|`azure-credentials`
+
+|GCP
+|`gcp-credentials`
+
+|===
++
+An error confirms that the root secret is not present on the cluster. The following example shows the expected output from an AWS cluster:
++
+.Example output
+[source,text]
+----
+Error from server (NotFound): secrets "aws-creds" not found
+----
+
+. Verify that the components are using short-term security credentials for individual components by running the following command:
++
+[source,terminal]
+----
+$ oc get authentication cluster \
+  -o jsonpath \
+  --template='{ .spec.serviceAccountIssuer }'
+----
++
+This command displays the value of the `.spec.serviceAccountIssuer` parameter in the cluster `Authentication` object. An output of a URL that is associated with your cloud provider indicates that the cluster is using manual mode with short-term credentials that are created and managed from outside of the cluster.
\ No newline at end of file
diff --git a/modules/cco-ccoctl-upgrading.adoc b/modules/cco-ccoctl-upgrading.adoc
index e2ef3daff1bf..f0faf568670e 100644
--- a/modules/cco-ccoctl-upgrading.adoc
+++ b/modules/cco-ccoctl-upgrading.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-manual-creds-update.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cco-ccoctl-upgrading_{context}"]
 = Updating cloud provider resources with the Cloud Credential Operator utility
 
@@ -11,85 +11,110 @@ The process for upgrading an {product-title} cluster that was configured using t
 
 [NOTE]
 ====
-By default, `ccoctl` creates objects in the directory in which the commands are run. To create the objects in a different directory, use the `--output-dir` flag. This procedure uses `<path_to_ccoctl_output_dir>` to refer to this directory.
-
 On AWS clusters, some `ccoctl` commands make AWS API calls to create or modify AWS resources. You can use the `--dry-run` flag to avoid making API calls. Using this flag creates JSON files on the local file system instead. You can review and modify the JSON files and then apply them with the AWS CLI tool using the `--cli-input-json` parameters.
 ====
 
 .Prerequisites
 
-* Obtain the {product-title} release image for the version that you are upgrading to.
+* You have extracted the `CredentialsRequest` custom resources (CRs) from the {product-title} release image and ensured that a namespace that matches the text in the `spec.secretRef.namespace` field exists in the cluster.
 
-* Extract and prepare the `ccoctl` binary from the release image.
+* You have extracted and configured the `ccoctl` binary from the release image.
 
 .Procedure
 
-. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
+. Use the `ccoctl` tool to process all `CredentialsRequest` objects by running the command for your cloud provider. The following commands process `CredentialsRequest` objects:
 +
+.{alibaba}
+[%collapsible]
+====
 [source,terminal]
 ----
-$ oc adm release extract --credentials-requests \
-  --cloud=<provider_type> \
-  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \
-  quay.io/<path_to>/ocp-release:<version>
+$ ccoctl alibabacloud create-ram-users \
+  --name <name> \// <1>
+  --region=<alibaba_region> \// <2>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <3>
+  --output-dir=<path_to_ccoctl_output_dir> <4>
 ----
-+
-where:
-+
---
-* `<provider_type>` is the value for your cloud provider. Valid values are `alibabacloud`, `aws`, `gcp`, `ibmcloud`, and `nutanix`.
-* `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
---
+<1> Specify the name used to tag any cloud resources that are created for tracking.
+<2> Specify the Alibaba Cloud region in which cloud resources will be created.
+<3> Specify the directory containing the files for the component `CredentialsRequest` objects.
+<4> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
 
-. For each `CredentialsRequest` CR in the release image, ensure that a namespace that matches the text in the `spec.secretRef.namespace` field exists in the cluster. This field is where the generated secrets that hold the credentials configuration are stored.
+[NOTE]
+=====
+A RAM user can have up to two AccessKeys at the same time. If you run `ccoctl alibabacloud create-ram-users` more than twice, the previously generated manifests secret becomes stale and you must reapply the newly generated secrets.
+=====
+====
 +
-.Sample AWS `CredentialsRequest` object
-[source,yaml]
+.Amazon Web Services (AWS)
+[%collapsible]
+====
+[source,terminal]
 ----
-apiVersion: cloudcredential.openshift.io/v1
-kind: CredentialsRequest
-metadata:
-  name: cloud-credential-operator-iam-ro
-  namespace: openshift-cloud-credential-operator
-spec:
-  providerSpec:
-    apiVersion: cloudcredential.openshift.io/v1
-    kind: AWSProviderSpec
-    statementEntries:
-    - effect: Allow
-      action:
-      - iam:GetUser
-      - iam:GetUserPolicy
-      - iam:ListAccessKeys
-      resource: "*"
-  secretRef:
-    name: cloud-credential-operator-iam-ro-creds
-    namespace: openshift-cloud-credential-operator <1>
+$ ccoctl aws create-all \// <1>
+  --name=<name> \// <2>
+  --region=<aws_region> \// <3>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <4>
+  --output-dir=<path_to_ccoctl_output_dir> \// <5>
+  --create-private-s3-bucket <6>
 ----
-<1> This field indicates the namespace which needs to exist to hold the generated secret.
-+
-The `CredentialsRequest` CRs for other platforms have a similar format with different platform-specific values.
-
-. For any `CredentialsRequest` CR for which the cluster does not already have a namespace with the name specified in `spec.secretRef.namespace`, create the namespace by running the following command:
+<1> To create the AWS resources individually, use the "Creating AWS resources individually" procedure in the "Installing a cluster on AWS with customizations" content. This option might be useful if you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization.
+<2> Specify the name used to tag any cloud resources that are created for tracking.
+<3> Specify the AWS region in which cloud resources will be created.
+<4> Specify the directory containing the files for the component `CredentialsRequest` objects.
+<5> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+<6> Optional: By default, the `ccoctl` utility stores the OpenID Connect (OIDC) configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint. To store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL instead, use the `--create-private-s3-bucket` parameter.
+====
 +
+.Google Cloud Platform (GCP)
+[%collapsible]
+====
 [source,terminal]
 ----
-$ oc create namespace <component_namespace>
+$ ccoctl gcp create-all \
+  --name=<name> \// <1>
+  --region=<gcp_region> \// <2>
+  --project=<gcp_project_id> \// <3>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <4>
+  --output-dir=<path_to_ccoctl_output_dir> <5>
 ----
-
-. Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory by running the command for your cloud provider. The following commands process `CredentialsRequest` objects:
+<1> Specify the user-defined name for all created GCP resources used for tracking.
+<2> Specify the GCP region in which cloud resources will be created.
+<3> Specify the GCP project ID in which cloud resources will be created.
+<4> Specify the directory containing the files of `CredentialsRequest` manifests to create GCP service accounts.
+<5> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+====
 +
---
-* {alibaba}: `ccoctl alibabacloud create-ram-users`
-* Amazon Web Services (AWS): `ccoctl aws create-iam-roles`
-* Google Cloud Platform (GCP): `ccoctl gcp create-all`
-* IBM Cloud: `ccoctl ibmcloud create-service-id`
-* Nutanix: `ccoctl nutanix create-shared-secrets`
---
+.{ibm-cloud-title}
+[%collapsible]
+====
+[source,terminal]
+----
+$ ccoctl ibmcloud create-service-id \
+  --credentials-requests-dir=<path_to_credential_requests_directory> \// <1>
+  --name=<cluster_name> \// <2>
+  --output-dir=<installation_directory> \// <3>
+  --resource-group-name=<resource_group_name> <4>
+----
+<1> Specify the directory containing the files for the component `CredentialsRequest` objects.
+<2> Specify the name of the {product-title} cluster.
+<3> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+<4> Optional: Specify the name of the resource group used for scoping the access policies.
+====
 +
-[IMPORTANT]
+.Nutanix
+[%collapsible]
 ====
-Refer to the `ccoctl` utility instructions in the installation content for your cloud provider for important platform-specific details about the required arguments and special considerations.
+[source,terminal]
+----
+$ ccoctl nutanix create-shared-secrets \
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <1>
+  --output-dir=<ccoctl_output_dir> \// <2>
+  --credentials-source-filepath=<path_to_credentials_file> <3>
+----
+<1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects.
+<2> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+<3> Optional: Specify the directory that contains the credentials data YAML file. By default, `ccoctl` expects this file to be in `<home_directory>/.nutanix/credentials`.
 ====
 +
 For each `CredentialsRequest` object, `ccoctl` creates the required provider resources and a permissions policy as defined in each `CredentialsRequest` object from the {product-title} release image.
@@ -107,4 +132,4 @@ You can verify that the required provider resources and permissions policies are
 
 .Next steps
 
-* Update the `upgradeable-to` annotation to indicate that the cluster is ready to upgrade.
+* Update the `upgradeable-to` annotation to indicate that the cluster is ready to upgrade.
\ No newline at end of file
diff --git a/modules/cco-determine-mode-cli.adoc b/modules/cco-determine-mode-cli.adoc
index 9017ccf1b381..8e6f49da27c8 100644
--- a/modules/cco-determine-mode-cli.adoc
+++ b/modules/cco-determine-mode-cli.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-manual-creds-update.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
 // * authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 ifeval::["{context}" == "preparing-manual-creds-update"]
 :update:
@@ -50,14 +50,14 @@ The following output values are possible, though not all are supported on all pl
 +
 [IMPORTANT]
 ====
-To determine the specific configuration of an AWS or GCP cluster that has a `spec.credentialsMode` of `''`, `Mint`, or `Manual`, you must investigate further.
+To determine the specific configuration of an AWS, GCP, or global Microsoft Azure cluster that has a `spec.credentialsMode` of `''`, `Mint`, or `Manual`, you must investigate further.
 
 AWS and GCP clusters support using mint mode with the root secret deleted.
 ifdef::update[]
 If the cluster is specifically configured to use mint mode or uses mint mode by default, you must determine if the root secret is present on the cluster before updating.
 endif::update[]
 
-An AWS or GCP cluster that uses manual mode might be configured to create and manage cloud credentials from outside of the cluster using the AWS Security Token Service (STS) or GCP Workload Identity. You can determine whether your cluster uses this strategy by examining the cluster `Authentication` object.
+An AWS, GCP, or global Microsoft Azure cluster that uses manual mode might be configured to create and manage cloud credentials from outside of the cluster with AWS STS, GCP Workload Identity, or Azure AD Workload Identity. You can determine whether your cluster uses this strategy by examining the cluster `Authentication` object.
 ====
 
 ifdef::about-cco[]
@@ -95,7 +95,7 @@ where `<secret_name>` is `aws-creds` for AWS or `gcp-credentials` for GCP.
 +
 If the root secret is present, the output of this command returns information about the secret. An error indicates that the root secret is not present on the cluster.
 
-. AWS or GCP clusters that use manual mode only: To determine whether the cluster is configured to create and manage cloud credentials from outside of the cluster, run the following command:
+. AWS, GCP, or global Microsoft Azure clusters that use manual mode only: To determine whether the cluster is configured to create and manage cloud credentials from outside of the cluster, run the following command:
 +
 [source,terminal]
 ----
@@ -107,7 +107,7 @@ $ oc get authentication cluster \
 This command displays the value of the `.spec.serviceAccountIssuer` parameter in the cluster `Authentication` object.
 +
 --
-* An output of a URL that is associated with your cloud provider indicates that the CCO is using manual mode with AWS STS or GCP Workload Identity to create and manage cloud credentials from outside of the cluster. These clusters are configured using the `ccoctl` utility.
+* An output of a URL that is associated with your cloud provider indicates that the CCO is using manual mode with short-term credentials for components. These clusters are configured using the `ccoctl` utility to create and manage cloud credentials from outside of the cluster.
 
 * An empty output indicates that the cluster is using the CCO in manual mode but was not configured using the `ccoctl` utility.
 --
@@ -121,12 +121,16 @@ ifdef::update[]
 
 * If your cluster was configured using the CCO utility (`ccoctl`), you must take the following actions:
 
+.. Extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
+
 .. Configure the `ccoctl` utility for the new release and use it to update the cloud provider resources.
 
 .. Update the `upgradeable-to` annotation to indicate that the cluster is ready to update.
 
 * If your cluster is using the CCO in manual mode but was not configured using the `ccoctl` utility, you must take the following actions:
 
+.. Extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
+
 .. Manually update the cloud provider resources for the new release.
 
 .. Update the `upgradeable-to` annotation to indicate that the cluster is ready to update.
diff --git a/modules/cco-determine-mode-gui.adoc b/modules/cco-determine-mode-gui.adoc
index 8f38ae7f9931..c8193c87bb29 100644
--- a/modules/cco-determine-mode-gui.adoc
+++ b/modules/cco-determine-mode-gui.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-manual-creds-update.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
 // * authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 ifeval::["{context}" == "preparing-manual-creds-update"]
 :update:
@@ -49,14 +49,14 @@ Only Amazon Web Services (AWS), global Microsoft Azure, and Google Cloud Platfor
 +
 [IMPORTANT]
 ====
-To determine the specific configuration of an AWS or GCP cluster that has a `spec.credentialsMode` of `''`, `Mint`, or `Manual`, you must investigate further.
+To determine the specific configuration of an AWS, GCP, or global Microsoft Azure cluster that has a `spec.credentialsMode` of `''`, `Mint`, or `Manual`, you must investigate further.
 
 AWS and GCP clusters support using mint mode with the root secret deleted.
 ifdef::update[]
 If the cluster is specifically configured to use mint mode or uses mint mode by default, you must determine if the root secret is present on the cluster before updating.
 endif::update[]
 
-An AWS or GCP cluster that uses manual mode might be configured to create and manage cloud credentials from outside of the cluster using the AWS Security Token Service (STS) or GCP Workload Identity. You can determine whether your cluster uses this strategy by examining the cluster `Authentication` object.
+An AWS, GCP, or global Microsoft Azure cluster that uses manual mode might be configured to create and manage cloud credentials from outside of the cluster with AWS STS, GCP Workload Identity, or Azure AD Workload Identity. You can determine whether your cluster uses this strategy by examining the cluster `Authentication` object.
 ====
 
 ifdef::about-cco[]
@@ -117,7 +117,7 @@ Ensure that the *Project* dropdown is set to *All Projects*.
 * If you do not see these values, your cluster is using the CCO in mint mode with the root secret removed.
 --
 
-. AWS or GCP clusters that use manual mode only: To determine whether the cluster is configured to create and manage cloud credentials from outside of the cluster, you must check the cluster `Authentication` object YAML values.
+. AWS, GCP, or global Microsoft Azure clusters that use manual mode only: To determine whether the cluster is configured to create and manage cloud credentials from outside of the cluster, you must check the cluster `Authentication` object YAML values.
 
 .. Navigate to *Administration* -> *Cluster Settings*.
 
@@ -130,7 +130,7 @@ Ensure that the *Project* dropdown is set to *All Projects*.
 .. In the YAML block, check the value of the `.spec.serviceAccountIssuer` parameter.
 +
 --
-* A value that contains a URL that is associated with your cloud provider indicates that the CCO is using manual mode with AWS STS or GCP Workload Identity to create and manage cloud credentials from outside of the cluster. These clusters are configured using the `ccoctl` utility.
+* A value that contains a URL that is associated with your cloud provider indicates that the CCO is using manual mode with short-term credentials for components. These clusters are configured using the `ccoctl` utility to create and manage cloud credentials from outside of the cluster.
 
 * An empty value (`''`) indicates that the cluster is using the CCO in manual mode but was not configured using the `ccoctl` utility.
 --
@@ -144,12 +144,16 @@ ifdef::update[]
 
 * If your cluster was configured using the CCO utility (`ccoctl`), you must take the following actions:
 
+.. Extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
+
 .. Configure the `ccoctl` utility for the new release and use it to update the cloud provider resources.
 
 .. Update the `upgradeable-to` annotation to indicate that the cluster is ready to update.
 
 * If your cluster is using the CCO in manual mode but was not configured using the `ccoctl` utility, you must take the following actions:
 
+.. Extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
+
 .. Manually update the cloud provider resources for the new release.
 
 .. Update the `upgradeable-to` annotation to indicate that the cluster is ready to update.
diff --git a/modules/cco-manual-upgrade-annotation.adoc b/modules/cco-manual-upgrade-annotation.adoc
index de02caaf5e44..cd8b39c6c745 100644
--- a/modules/cco-manual-upgrade-annotation.adoc
+++ b/modules/cco-manual-upgrade-annotation.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc
-// * updating/preparing-manual-creds-update.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="cco-manual-upgrade-annotation_{context}"]
 = Indicating that the cluster is ready to upgrade
diff --git a/modules/cco-short-term-creds-auth-flow-aws.adoc b/modules/cco-short-term-creds-auth-flow-aws.adoc
new file mode 100644
index 000000000000..fb1e32cdb87e
--- /dev/null
+++ b/modules/cco-short-term-creds-auth-flow-aws.adoc
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-auth-flow-aws_{context}"]
+= AWS Security Token Service authentication process
+
+The AWS Security Token Service (STS) and the link:https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html[`AssumeRole`] API action allow pods to retrieve access keys that are defined by an IAM role policy.
+
+The {product-title} cluster includes a Kubernetes service account signing service. This service uses a private key to sign service account JSON web tokens (JWT). A pod that requires a service account token requests one through the pod specification. When the pod is created and assigned to a node, the node retrieves a signed service account from the service account signing service and mounts it onto the pod.
+
+Clusters that use STS contain an IAM role ID in their Kubernetes configuration secrets. Workloads assume the identity of this IAM role ID. The signed service account token issued to the workload aligns with the configuration in AWS, which allows AWS STS to grant access keys for the specified IAM role to the workload.
+
+AWS STS grants access keys only for requests that include service account tokens that meet the following conditions:
+
+* The token name and namespace match the service account name and namespace.
+
+* The token is signed by a key that matches the public key.
+
+The public key pair for the service account signing key used by the cluster is stored in an AWS S3 bucket. AWS STS federation validates that the service account token signature aligns with the public key stored in the S3 bucket.
+
+[id="cco-short-term-creds-auth-flow-aws-diagram_{context}"]
+== Authentication flow for AWS STS
+
+The following diagram illustrates the authentication flow between AWS and the {product-title} cluster when using AWS STS.
+
+* _Token signing_ is the Kubernetes service account signing service on the {product-title} cluster.
+* The _Kubernetes service account_ in the pod is the signed service account token.
+
+.AWS Security Token Service authentication flow
+image::347_OpenShift_credentials_with_STS_updates_0623_AWS.png[Detailed authentication flow between AWS and the cluster when using AWS STS]
+
+Requests for new and refreshed credentials are automated by using an appropriately configured AWS IAM OpenID Connect (OIDC) identity provider combined with AWS IAM roles. Service account tokens that are trusted by AWS IAM are signed by {product-title} and can be projected into a pod and used for authentication.
+
+[id="cco-short-term-creds-auth-flow-aws-refresh-policy_{context}"]
+== Token refreshing for AWS STS
+
+The signed service account token that a pod uses expires after a period of time. For clusters that use AWS STS, this time period is 3600 seconds, or one hour.
+
+The kubelet on the node that the pod is assigned to ensures that the token is refreshed. The kubelet attempts to rotate a token when it is older than 80 percent of its time to live.
+
+[id="cco-short-term-creds-auth-flow-aws-oidc_{context}"]
+== OpenID Connect requirements for AWS STS
+
+You can store the public portion of the encryption keys for your OIDC configuration in a public or private S3 bucket.
+
+The OIDC spec requires the use of HTTPS. AWS services require a public endpoint to expose the OIDC documents in the form of JSON web key set (JWKS) public keys. This allows AWS services to validate the bound tokens signed by Kubernetes and determine whether to trust certificates. As a result, both S3 bucket options require a public HTTPS endpoint and private endpoints are not supported.
+
+To use AWS STS, the public AWS backbone for the AWS STS service must be able to communicate with a public S3 bucket or a private S3 bucket with a public CloudFront endpoint. You can choose which type of bucket to use when you process `CredentialsRequest` objects during installation:
+
+* By default, the CCO utility (`ccoctl`) stores the OIDC configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint.
+
+* As an alternative, you can have the `ccoctl` utility store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL.
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-auth-flow-azure.adoc b/modules/cco-short-term-creds-auth-flow-azure.adoc
new file mode 100644
index 000000000000..8dcf82826835
--- /dev/null
+++ b/modules/cco-short-term-creds-auth-flow-azure.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-auth-flow-azure_{context}"]
+= Azure AD Workload Identity authentication process
+
+The following diagram details the authentication flow between Azure and the {product-title} cluster when using Azure AD Workload Identity.
+
+.Azure AD Workload Identity authentication flow
+image::347_OpenShift_credentials_with_STS_updates_1023_Azure.png[Detailed authentication flow between Azure and the cluster when using Azure AD Workload Identity]
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-auth-flow-gcp.adoc b/modules/cco-short-term-creds-auth-flow-gcp.adoc
new file mode 100644
index 000000000000..2204d243cbcf
--- /dev/null
+++ b/modules/cco-short-term-creds-auth-flow-gcp.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-auth-flow-gcp_{context}"]
+= GCP Workload Identity authentication process
+
+Requests for new and refreshed credentials are automated by using an appropriately configured OpenID Connect (OIDC) identity provider combined with IAM service accounts. Service account tokens that are trusted by GCP are signed by {product-title} and can be projected into a pod and used for authentication. Tokens are refreshed after one hour.
+
+The following diagram details the authentication flow between GCP and the {product-title} cluster when using GCP Workload Identity.
+
+.GCP Workload Identity authentication flow
+image::347_OpenShift_credentials_with_STS_updates_0623_GCP.png[Detailed authentication flow between GCP and the cluster when using GCP Workload Identity]
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-aws-olm.adoc b/modules/cco-short-term-creds-aws-olm.adoc
new file mode 100644
index 000000000000..1f2e2bb032e8
--- /dev/null
+++ b/modules/cco-short-term-creds-aws-olm.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="cco-short-term-creds-aws-olm_{context}"]
+= OLM-managed Operator support for authentication with AWS STS
+
+In addition to {product-title} cluster components, some Operators managed by the Operator Lifecycle Manager (OLM) on AWS clusters can use manual mode with STS. These Operators authenticate with limited-privilege, short-term credentials that are managed outside the cluster. To determine if an Operator supports authentication with AWS STS, see the Operator description in OperatorHub.
diff --git a/modules/cco-short-term-creds-azure-olm.adoc b/modules/cco-short-term-creds-azure-olm.adoc
new file mode 100644
index 000000000000..01ce30ea7562
--- /dev/null
+++ b/modules/cco-short-term-creds-azure-olm.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="cco-short-term-creds-azure-olm_{context}"]
+= OLM-managed Operator support for authentication with Azure AD Workload Identity
+
+In addition to {product-title} cluster components, some Operators managed by the Operator Lifecycle Manager (OLM) on Azure clusters can use manual mode with Azure AD Workload Identity. These Operators authenticate with short-term credentials that are managed outside the cluster. To determine if an Operator supports authentication with Azure AD Workload Identity, see the Operator description in OperatorHub.
diff --git a/modules/cco-short-term-creds-component-permissions-aws.adoc b/modules/cco-short-term-creds-component-permissions-aws.adoc
new file mode 100644
index 000000000000..2d108ce801c2
--- /dev/null
+++ b/modules/cco-short-term-creds-component-permissions-aws.adoc
@@ -0,0 +1,209 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-component-permissions-aws_{context}"]
+= AWS component secret permissions requirements
+
+{product-title} components require the following permissions. These values are in the `CredentialsRequest` custom resource (CR) for each component.
+
+[NOTE]
+====
+These permissions apply to all resources. Unless specified, there are no request conditions on these permissions.
+====
+
+[cols="a,a,a"]
+|====
+|Component |Custom resource |Required permissions for services
+
+|Cluster CAPI Operator
+|`openshift-cluster-api-aws`
+|**EC2**
+
+* `ec2:CreateTags`
+* `ec2:DescribeAvailabilityZones`
+* `ec2:DescribeDhcpOptions`
+* `ec2:DescribeImages`
+* `ec2:DescribeInstances`
+* `ec2:DescribeInternetGateways`
+* `ec2:DescribeSecurityGroups`
+* `ec2:DescribeSubnets`
+* `ec2:DescribeVpcs`
+* `ec2:DescribeNetworkInterfaces`
+* `ec2:DescribeNetworkInterfaceAttribute`
+* `ec2:ModifyNetworkInterfaceAttribute`
+* `ec2:RunInstances`
+* `ec2:TerminateInstances`
+
+**Elastic load balancing**
+
+* `elasticloadbalancing:DescribeLoadBalancers`
+* `elasticloadbalancing:DescribeTargetGroups`
+* `elasticloadbalancing:DescribeTargetHealth`
+* `elasticloadbalancing:RegisterInstancesWithLoadBalancer`
+* `elasticloadbalancing:RegisterTargets`
+* `elasticloadbalancing:DeregisterTargets`
+
+**Identity and Access Management (IAM)**
+
+* `iam:PassRole`
+* `iam:CreateServiceLinkedRole`
+
+**Key Management Service (KMS)**
+
+* `kms:Decrypt`
+* `kms:Encrypt`
+* `kms:GenerateDataKey`
+* `kms:GenerateDataKeyWithoutPlainText`
+* `kms:DescribeKey`
+* `kms:RevokeGrant`^[1]^
+* `kms:CreateGrant` ^[1]^
+* `kms:ListGrants` ^[1]^
+
+|Machine API Operator
+|`openshift-machine-api-aws`
+|**EC2**
+
+* `ec2:CreateTags`
+* `ec2:DescribeAvailabilityZones`
+* `ec2:DescribeDhcpOptions`
+* `ec2:DescribeImages`
+* `ec2:DescribeInstances`
+* `ec2:DescribeInstanceTypes`
+* `ec2:DescribeInternetGateways`
+* `ec2:DescribeSecurityGroups`
+* `ec2:DescribeRegions`
+* `ec2:DescribeSubnets`
+* `ec2:DescribeVpcs`
+* `ec2:RunInstances`
+* `ec2:TerminateInstances`
+
+**Elastic load balancing**
+
+* `elasticloadbalancing:DescribeLoadBalancers`
+* `elasticloadbalancing:DescribeTargetGroups`
+* `elasticloadbalancing:DescribeTargetHealth`
+* `elasticloadbalancing:RegisterInstancesWithLoadBalancer`
+* `elasticloadbalancing:RegisterTargets`
+* `elasticloadbalancing:DeregisterTargets`
+
+**Identity and Access Management (IAM)**
+
+* `iam:PassRole`
+* `iam:CreateServiceLinkedRole`
+
+**Key Management Service (KMS)**
+
+* `kms:Decrypt`
+* `kms:Encrypt`
+* `kms:GenerateDataKey`
+* `kms:GenerateDataKeyWithoutPlainText`
+* `kms:DescribeKey`
+* `kms:RevokeGrant`^[1]^
+* `kms:CreateGrant` ^[1]^
+* `kms:ListGrants` ^[1]^
+
+|Cloud Credential Operator
+|`cloud-credential-operator-iam-ro`
+|**Identity and Access Management (IAM)**
+
+* `iam:GetUser`
+* `iam:GetUserPolicy`
+* `iam:ListAccessKeys`
+
+|Cluster Image Registry Operator
+|`openshift-image-registry`
+|**S3**
+
+* `s3:CreateBucket`
+* `s3:DeleteBucket`
+* `s3:PutBucketTagging`
+* `s3:GetBucketTagging`
+* `s3:PutBucketPublicAccessBlock`
+* `s3:GetBucketPublicAccessBlock`
+* `s3:PutEncryptionConfiguration`
+* `s3:GetEncryptionConfiguration`
+* `s3:PutLifecycleConfiguration`
+* `s3:GetLifecycleConfiguration`
+* `s3:GetBucketLocation`
+* `s3:ListBucket`
+* `s3:GetObject`
+* `s3:PutObject`
+* `s3:DeleteObject`
+* `s3:ListBucketMultipartUploads`
+* `s3:AbortMultipartUpload`
+* `s3:ListMultipartUploadParts`
+
+|Ingress Operator
+|`openshift-ingress`
+|**Elastic load balancing**
+
+* `elasticloadbalancing:DescribeLoadBalancers`
+
+**Route 53**
+
+* `route53:ListHostedZones`
+* `route53:ListTagsForResources`
+* `route53:ChangeResourceRecordSets`
+
+**Tag**
+
+* `tag:GetResources`
+
+**Security Token Service (STS)**
+
+* `sts:AssumeRole`
+
+|Cluster Network Operator
+|`openshift-cloud-network-config-controller-aws`
+|**EC2**
+
+* `ec2:DescribeInstances`
+* `ec2:DescribeInstanceStatus`
+* `ec2:DescribeInstanceTypes`
+* `ec2:UnassignPrivateIpAddresses`
+* `ec2:AssignPrivateIpAddresses`
+* `ec2:UnassignIpv6Addresses`
+* `ec2:AssignIpv6Addresses`
+* `ec2:DescribeSubnets`
+* `ec2:DescribeNetworkInterfaces`
+
+|AWS Elastic Block Store CSI Driver Operator
+|`aws-ebs-csi-driver-operator`
+|**EC2**
+
+* `ec2:AttachVolume`
+* `ec2:CreateSnapshot`
+* `ec2:CreateTags`
+* `ec2:CreateVolume`
+* `ec2:DeleteSnapshot`
+* `ec2:DeleteTags`
+* `ec2:DeleteVolume`
+* `ec2:DescribeInstances`
+* `ec2:DescribeSnapshots`
+* `ec2:DescribeTags`
+* `ec2:DescribeVolumes`
+* `ec2:DescribeVolumesModifications`
+* `ec2:DetachVolume`
+* `ec2:ModifyVolume`
+* `ec2:DescribeAvailabilityZones`
+* `ec2:EnableFastSnapshotRestores`
+
+**Key Management Service (KMS)**
+
+* `kms:ReEncrypt*`
+* `kms:Decrypt`
+* `kms:Encrypt`
+* `kms:GenerateDataKey`
+* `kms:GenerateDataKeyWithoutPlainText`
+* `kms:DescribeKey`
+* `kms:RevokeGrant`^[1]^
+* `kms:CreateGrant` ^[1]^
+* `kms:ListGrants` ^[1]^
+
+|====
+[.small]
+--
+1. Request condition: `kms:GrantIsForAWSResource: true`
+--
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-component-permissions-azure.adoc b/modules/cco-short-term-creds-component-permissions-azure.adoc
new file mode 100644
index 000000000000..483f7c65f7ef
--- /dev/null
+++ b/modules/cco-short-term-creds-component-permissions-azure.adoc
@@ -0,0 +1,136 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-component-permissions-azure_{context}"]
+= Azure component secret permissions requirements
+
+{product-title} components require the following permissions. These values are in the `CredentialsRequest` custom resource (CR) for each component.
+
+[cols="a,a,a"]
+|====
+|Component |Custom resource |Required permissions for services
+
+|Cloud Controller Manager Operator
+|`openshift-azure-cloud-controller-manager`
+|* `Microsoft.Compute/virtualMachines/read`
+* `Microsoft.Network/loadBalancers/read`
+* `Microsoft.Network/loadBalancers/write`
+* `Microsoft.Network/networkInterfaces/read`
+* `Microsoft.Network/networkSecurityGroups/read`
+* `Microsoft.Network/networkSecurityGroups/write`
+* `Microsoft.Network/publicIPAddresses/join/action`
+* `Microsoft.Network/publicIPAddresses/read`
+* `Microsoft.Network/publicIPAddresses/write`
+
+|Cluster CAPI Operator
+|`openshift-cluster-api-azure`
+|role: `Contributor` ^[1]^
+
+|Machine API Operator
+|`openshift-machine-api-azure`
+|* `Microsoft.Compute/availabilitySets/delete`
+* `Microsoft.Compute/availabilitySets/read`
+* `Microsoft.Compute/availabilitySets/write`
+* `Microsoft.Compute/diskEncryptionSets/read`
+* `Microsoft.Compute/disks/delete`
+* `Microsoft.Compute/galleries/images/versions/read`
+* `Microsoft.Compute/skus/read`
+* `Microsoft.Compute/virtualMachines/delete`
+* `Microsoft.Compute/virtualMachines/extensions/delete`
+* `Microsoft.Compute/virtualMachines/extensions/read`
+* `Microsoft.Compute/virtualMachines/extensions/write`
+* `Microsoft.Compute/virtualMachines/read`
+* `Microsoft.Compute/virtualMachines/write`
+* `Microsoft.ManagedIdentity/userAssignedIdentities/assign/action`
+* `Microsoft.Network/applicationSecurityGroups/read`
+* `Microsoft.Network/loadBalancers/backendAddressPools/join/action`
+* `Microsoft.Network/loadBalancers/read`
+* `Microsoft.Network/loadBalancers/write`
+* `Microsoft.Network/networkInterfaces/delete`
+* `Microsoft.Network/networkInterfaces/join/action`
+* `Microsoft.Network/networkInterfaces/loadBalancers/read`
+* `Microsoft.Network/networkInterfaces/read`
+* `Microsoft.Network/networkInterfaces/write`
+* `Microsoft.Network/networkSecurityGroups/read`
+* `Microsoft.Network/networkSecurityGroups/write`
+* `Microsoft.Network/publicIPAddresses/delete`
+* `Microsoft.Network/publicIPAddresses/join/action`
+* `Microsoft.Network/publicIPAddresses/read`
+* `Microsoft.Network/publicIPAddresses/write`
+* `Microsoft.Network/routeTables/read`
+* `Microsoft.Network/virtualNetworks/delete`
+* `Microsoft.Network/virtualNetworks/read`
+* `Microsoft.Network/virtualNetworks/subnets/join/action`
+* `Microsoft.Network/virtualNetworks/subnets/read`
+* `Microsoft.Resources/subscriptions/resourceGroups/read`
+
+|Cluster Image Registry Operator
+|`openshift-image-registry-azure`
+|**Data permissions**
+
+* `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete`
+* `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write`
+* `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`
+* `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action`
+* `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action`
+
+**General permissions**
+
+* `Microsoft.Storage/storageAccounts/blobServices/read`
+* `Microsoft.Storage/storageAccounts/blobServices/containers/read`
+* `Microsoft.Storage/storageAccounts/blobServices/containers/write`
+* `Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action`
+* `Microsoft.Storage/storageAccounts/read`
+* `Microsoft.Storage/storageAccounts/write`
+* `Microsoft.Storage/storageAccounts/delete`
+* `Microsoft.Storage/storageAccounts/listKeys/action`
+* `Microsoft.Resources/tags/write`
+
+|Ingress Operator
+|`openshift-ingress-azure`
+|* `Microsoft.Network/dnsZones/A/delete`
+* `Microsoft.Network/dnsZones/A/write`
+* `Microsoft.Network/privateDnsZones/A/delete`
+* `Microsoft.Network/privateDnsZones/A/write`
+
+|Cluster Network Operator
+|`openshift-cloud-network-config-controller-azure`
+|* `Microsoft.Network/networkInterfaces/read`
+* `Microsoft.Network/networkInterfaces/write`
+* `Microsoft.Compute/virtualMachines/read`
+* `Microsoft.Network/virtualNetworks/read`
+* `Microsoft.Network/virtualNetworks/subnets/join/action`
+* `Microsoft.Network/loadBalancers/backendAddressPools/join/action`
+
+|Azure File CSI Driver Operator
+|`azure-file-csi-driver-operator`
+|* `Microsoft.Network/networkSecurityGroups/join/action`
+* `Microsoft.Network/virtualNetworks/subnets/read`
+* `Microsoft.Network/virtualNetworks/subnets/write`
+* `Microsoft.Storage/storageAccounts/delete`
+* `Microsoft.Storage/storageAccounts/fileServices/read`
+* `Microsoft.Storage/storageAccounts/fileServices/shares/delete`
+* `Microsoft.Storage/storageAccounts/fileServices/shares/read`
+* `Microsoft.Storage/storageAccounts/fileServices/shares/write`
+* `Microsoft.Storage/storageAccounts/listKeys/action`
+* `Microsoft.Storage/storageAccounts/read`
+* `Microsoft.Storage/storageAccounts/write`
+
+|Azure Disk CSI Driver Operator
+|`azure-disk-csi-driver-operator`
+|* `Microsoft.Compute/disks/*`
+* `Microsoft.Compute/snapshots/*`
+* `Microsoft.Compute/virtualMachineScaleSets/*/read`
+* `Microsoft.Compute/virtualMachineScaleSets/read`
+* `Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write`
+* `Microsoft.Compute/virtualMachines/*/read`
+* `Microsoft.Compute/virtualMachines/write`
+* `Microsoft.Resources/subscriptions/resourceGroups/read`
+
+|====
+[.small]
+--
+1. This component requires a role rather than a set of permissions.
+--
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-component-permissions-gcp.adoc b/modules/cco-short-term-creds-component-permissions-gcp.adoc
new file mode 100644
index 000000000000..1248c24440dd
--- /dev/null
+++ b/modules/cco-short-term-creds-component-permissions-gcp.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-component-permissions-gcp_{context}"]
+= GCP component secret permissions requirements
+
+//This topic is a placeholder for when GCP role granularity can bbe documented
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-format-aws.adoc b/modules/cco-short-term-creds-format-aws.adoc
new file mode 100644
index 000000000000..8711c4541c5e
--- /dev/null
+++ b/modules/cco-short-term-creds-format-aws.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-format-aws_{context}"]
+= AWS component secret formats
+
+Using manual mode with the AWS Security Token Service (STS) changes the content of the AWS credentials that are provided to individual {product-title} components. Compare the following secret formats:
+
+.AWS secret format using long-term credentials
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: <target_namespace> <1>
+  name: <target_secret_name> <2>
+data:
+  aws_access_key_id: <base64_encoded_access_key_id>
+  aws_secret_access_key: <base64_encoded_secret_access_key>
+----
+<1> The namespace for the component.
+<2> The name of the component secret.
+
+.AWS secret format using AWS STS
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: <target_namespace> <1>
+  name: <target_secret_name> <2>
+stringData:
+  credentials: |-
+    [default]
+    sts_regional_endpoints = regional
+    role_name: <operator_role_name> <3>
+    web_identity_token_file: <path_to_token> <4>
+----
+<1> The namespace for the component.
+<2> The name of the component secret.
+<3> The IAM role for the component.
+<4> The path to the service account token inside the pod. By convention, this is `/var/run/secrets/openshift/serviceaccount/token` for {product-title} components.
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-format-azure.adoc b/modules/cco-short-term-creds-format-azure.adoc
new file mode 100644
index 000000000000..55d1aa5dc1f2
--- /dev/null
+++ b/modules/cco-short-term-creds-format-azure.adoc
@@ -0,0 +1,57 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-format-azure_{context}"]
+= Azure component secret formats
+
+Using manual mode with AD Workload Identity changes the content of the Azure credentials that are provided to individual {product-title} components. Compare the following secret formats:
+
+.Azure secret format using long-term credentials
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: <target_namespace> <1>
+  name: <target_secret_name> <2>
+data:
+  azure_client_id: <client_id> <3>
+  azure_client_secret: <client_secret> <4>
+  azure_region: <region>
+  azure_resource_prefix: <resource_group_prefix> <5>
+  azure_resourcegroup: <resource_group_prefix>-rg <6>
+  azure_subscription_id: <subscription_id>
+  azure_tenant_id: <tenant_id>
+type: Opaque
+----
+<1> The namespace for the component.
+<2> The name of the component secret.
+<3> The client ID of the Azure AD identity that the component uses to authenticate.
+<4> The component secret that is used to authenticate with Azure AD for the `<client_id>` identity.
+<5> The resource group prefix.
+<6> The resource group. This value is formed by the `<resource_group_prefix>` and the suffix `-rg`.
+
+.Azure secret format using AD Workload Identity
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: <target_namespace> <1>
+  name: <target_secret_name> <2>
+data:
+  azure_client_id: <client_id> <3>
+  azure_federated_token_file: <path_to_token_file> <4>
+  azure_region: <region>
+  azure_subscription_id: <subscription_id>
+  azure_tenant_id: <tenant_id>
+type: Opaque
+----
+<1> The namespace for the component.
+<2> The name of the component secret.
+<3> The client ID of the user-assigned managed identity that the component uses to authenticate.
+<4> The path to the mounted service account token file.
\ No newline at end of file
diff --git a/modules/cco-short-term-creds-format-gcp.adoc b/modules/cco-short-term-creds-format-gcp.adoc
new file mode 100644
index 000000000000..e24da6ef8ed6
--- /dev/null
+++ b/modules/cco-short-term-creds-format-gcp.adoc
@@ -0,0 +1,68 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cco-short-term-creds-format-gcp_{context}"]
+= GCP component secret formats
+
+Using manual mode with GCP Workload Identity changes the content of the GCP credentials that are provided to individual {product-title} components. Compare the following secret content:
+
+.GCP secret format
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: <target_namespace> <1>
+  name: <target_secret_name> <2>
+data:
+  service_account.json: <service_account> <3>
+----
+<1> The namespace for the component.
+<2> The name of the component secret.
+<3> The Base64 encoded service account.
+
+.Content of the Base64 encoded `service_account.json` file using long-term credentials
+
+[source,json]
+----
+{
+   "type": "service_account", <1>
+   "project_id": "<project_id>",
+   "private_key_id": "<private_key_id>",
+   "private_key": "<private_key>", <2>
+   "client_email": "<client_email_address>",
+   "client_id": "<client_id>",
+   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+   "token_uri": "https://oauth2.googleapis.com/token",
+   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/<client_email_address>"
+}
+----
+<1> The credential type is `service_account`.
+<2> The private RSA key that is used to authenticate to GCP. This key must be kept secure and is not rotated.
+
+.Content of the Base64 encoded `service_account.json` file using GCP Workload Identity
+
+[source,json]
+----
+{
+   "type": "external_account", <1>
+   "audience": "//iam.googleapis.com/projects/123456789/locations/global/workloadIdentityPools/test-pool/providers/test-provider", <2>
+   "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
+   "token_url": "https://sts.googleapis.com/v1/token",
+   "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/<client_email_address>:generateAccessToken", <3>
+   "credential_source": {
+      "file": "<path_to_token>", <4>
+      "format": {
+         "type": "text"
+      }
+   }
+}
+----
+<1> The credential type is `external_account`.
+<2> The target audience is the GCP Workload Identity provider.
+<3> The resource URL of the service account that can be impersonated with these credentials.
+<4> The path to the service account token inside the pod. By convention, this is `/var/run/secrets/openshift/serviceaccount/token` for {product-title} components.
\ No newline at end of file
diff --git a/modules/ccs-aws-customer-procedure.adoc b/modules/ccs-aws-customer-procedure.adoc
index d2e64d20d051..6f963abd0413 100644
--- a/modules/ccs-aws-customer-procedure.adoc
+++ b/modules/ccs-aws-customer-procedure.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_planning/aws-ccs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ccs-aws-customer-procedure_{context}"]
 = Required customer procedure
 // TODO: Better procedure heading that tells you what this is doing
diff --git a/modules/ccs-aws-provisioned.adoc b/modules/ccs-aws-provisioned.adoc
index a714090750c2..56848a087fa3 100644
--- a/modules/ccs-aws-provisioned.adoc
+++ b/modules/ccs-aws-provisioned.adoc
@@ -46,9 +46,9 @@ Volume requirements for each EC2 instance:
 * Input/output operations per second: 900
 
 [id="aws-policy-elastic-load-balancers_{context}"]
-== Elastic load balancers
+== Elastic Load Balancing (ELB) load balancers
 
-Up to two Network Load Balancers (NLBs) for API and up to two Classic Load Balancers (CLBs) for application router. For more information, see the link:https://aws.amazon.com/elasticloadbalancing/features/#Details_for_Elastic_Load_Balancing_Products[ELB documentation for AWS].
+Up to two Network Load Balancers for API and up to two Classic Load Balancers for application router. For more information, see the link:https://aws.amazon.com/elasticloadbalancing/features/#Details_for_Elastic_Load_Balancing_Products[ELB documentation for AWS].
 
 [id="aws-policy-s3-storage_{context}"]
 == S3 storage
@@ -84,3 +84,11 @@ image::VPC-Diagram.png[VPC Reference Architecture]
 == Security groups
 
 AWS security groups provide security at the protocol and port-access level; they are associated with EC2 instances and Elastic Load Balancing. Each security group contains a set of rules that filter traffic coming in and out of an EC2 instance. You must ensure the ports required for the link:https://docs.openshift.com/container-platform/4.7/installing/installing_aws/installing-aws-user-infra.html#installation-aws-user-infra-other-infrastructure_installing-aws-user-infra[{OCP} installation] are open on your network and configured to allow access between hosts.
+
+[id="osd-security-groups-custom_{context}"]
+=== Additional custom security groups
+When you create a cluster by using a non-managed VPC, you can add custom security groups during cluster creation. Custom security groups are subject to the following limitations:
+
+* You must create the custom security groups in AWS before you create the cluster. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html[Amazon EC2 security groups for Linux instances].
+* You must associate the custom security groups with the VPC that the cluster will be installed into. Your custom security groups cannot be associated with another VPC.
+* You might need to request additional quota for your VPC if you are adding additional custom security groups. For information on requesting an AWS quota increase, see link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[Requesting a quota increase].
diff --git a/modules/ccs-aws-understand.adoc b/modules/ccs-aws-understand.adoc
index b5c6ae6218bc..73bb42c4327d 100644
--- a/modules/ccs-aws-understand.adoc
+++ b/modules/ccs-aws-understand.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_planning/aws-ccs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ccs-aws-understand_{context}"]
 = Understanding Customer Cloud Subscriptions on AWS
 
diff --git a/modules/ccs-gcp-customer-procedure.adoc b/modules/ccs-gcp-customer-procedure.adoc
index 7a22e6e38685..65c1fa784bfc 100644
--- a/modules/ccs-gcp-customer-procedure.adoc
+++ b/modules/ccs-gcp-customer-procedure.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_planning/gcp-ccs.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ccs-gcp-customer-procedure_{context}"]
 
 = Required customer procedure
@@ -16,8 +16,8 @@ To use {product-title} in your GCP project, the following GCP organizational pol
 
 * `constraints/iam.allowedPolicyMemberDomains`
 * `constraints/compute.restrictLoadBalancerCreationForTypes`
-* `constraints/compute.requireShieldedVm`
-* `constraints/compute.vmExternalIpAccess` (This policy constraint is unsupported only during installation. You can re-enable the policy constraint after installation.)
+* `constraints/compute.requireShieldedVm` (This policy constraint is supported only if the cluster is installed with "Enable Secure Boot support for Shielded VMs" selected during the initial cluster creation).
+* `constraints/compute.vmExternalIpAccess` (This policy constraint is supported only after installation).
 ====
 
 .Procedure
@@ -73,6 +73,9 @@ The project name must be 10 characters or less.
 
 |link:https://console.cloud.google.com/apis/library/storage-component.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Cloud Storage]
 |`storage-component.googleapis.com`
+//Additional Org Policy going live TBD. See https://issues.redhat.com/browse/OSDOCS-8893 for more info.
+// |link:https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Google Cloud Organization Policy API]
+// |`orgpolicy.googleapis.com`
 
 |===
 
diff --git a/modules/ccs-gcp-iam.adoc b/modules/ccs-gcp-iam.adoc
index 7bdee7a0dece..22f63f53625c 100644
--- a/modules/ccs-gcp-iam.adoc
+++ b/modules/ccs-gcp-iam.adoc
@@ -52,6 +52,10 @@ When applied to an individual *bucket*, control applies only to the specified bu
 |`roles/iam.serviceAccountUser`
 |Run operations as the service account.
 
+|Role Administrator
+|`roles/iam.roleAdmin`
+|Provides access to all custom roles in the project.
+
 |===
 
 [id="ccs-gcp-iam-group-roles_{context}"]
diff --git a/modules/ccs-gcp-understand.adoc b/modules/ccs-gcp-understand.adoc
index 51e1db886b03..7c4396436f78 100644
--- a/modules/ccs-gcp-understand.adoc
+++ b/modules/ccs-gcp-understand.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_planning/gcp-ccs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ccs-gcp-understand_{context}"]
 = Understanding Customer Cloud Subscriptions on GCP
 
diff --git a/modules/cert-manager-about.adoc b/modules/cert-manager-about.adoc
index 983d08b7eec5..943d44322ce9 100644
--- a/modules/cert-manager-about.adoc
+++ b/modules/cert-manager-about.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cert-manager-about_{context}"]
 = About the {cert-manager-operator}
 
diff --git a/modules/cert-manager-acme-about.adoc b/modules/cert-manager-acme-about.adoc
index 5e1ee75c13ba..c247acdf704b 100644
--- a/modules/cert-manager-acme-about.adoc
+++ b/modules/cert-manager-acme-about.adoc
@@ -2,8 +2,13 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cert-manager-acme-about_{context}"]
 = About ACME issuers
 
 The ACME issuer type for the {cert-manager-operator} represents an Automated Certificate Management Environment (ACME) certificate authority (CA) server. ACME CA servers rely on a _challenge_ to verify that a client owns the domain names that the certificate is being requested for. If the challenge is successful, the {cert-manager-operator} can issue the certificate. If the challenge fails, the {cert-manager-operator} does not issue the certificate.
+
+[NOTE]
+====
+Private DNS zones are not supported with _Let’s Encrypt_ and internet ACME servers.
+====
\ No newline at end of file
diff --git a/modules/cert-manager-acme-challenges-types.adoc b/modules/cert-manager-acme-challenges-types.adoc
index 55877b3e1958..2855573f5baa 100644
--- a/modules/cert-manager-acme-challenges-types.adoc
+++ b/modules/cert-manager-acme-challenges-types.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cert-manager-acme-challenges-types_{context}"]
 = Supported ACME challenges types
 
diff --git a/modules/cert-manager-acme-dns-providers.adoc b/modules/cert-manager-acme-dns-providers.adoc
index 2237e77502dc..c40fe8b307ce 100644
--- a/modules/cert-manager-acme-dns-providers.adoc
+++ b/modules/cert-manager-acme-dns-providers.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cert-manager-acme-dns-providers_{context}"]
 = Supported DNS-01 providers
 
@@ -16,8 +16,15 @@ The {cert-manager-operator} supports the following DNS-01 providers for ACME iss
 The {cert-manager-operator} does not support using Azure Active Directory (Azure AD) pod identities to assign a managed identity to a pod.
 ====
 * Google Cloud DNS
+* Webhook
 +
+--
+Red Hat tests and supports DNS providers using an external webhook with cert-manager on {product-title}. The following DNS providers are tested and supported with {product-title}:
+
+** link:https://github.com/jb-dk/cert-manager-webhook-ibmcis[cert-manager-webhook-ibmcis]
+
 [NOTE]
 ====
-The {cert-manager-operator} does not support using Google workload identity federation.
+Using a DNS provider that is not listed might work with {product-title}, but the provider was not tested by Red Hat and therefore is not supported by Red Hat.
 ====
+--
\ No newline at end of file
diff --git a/modules/cert-manager-acme-dns01-ambient-aws.adoc b/modules/cert-manager-acme-dns01-ambient-aws.adoc
new file mode 100644
index 000000000000..4da165cd0aec
--- /dev/null
+++ b/modules/cert-manager-acme-dns01-ambient-aws.adoc
@@ -0,0 +1,103 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-acme-dns01-ambient-aws_{context}"]
+= Configuring an ACME issuer by using ambient credentials on AWS
+
+You can use {cert-manager-operator} to set up an ACME issuer to solve DNS-01 challenges by using ambient credentials on AWS. This procedure uses _Let's Encrypt_ as the ACME CA server and shows how to solve DNS-01 challenges with Amazon Route 53.
+
+.Prerequisites
+
+* If your cluster is configured to use the AWS Security Token Service (STS), you followed the instructions from the _Configuring cloud credentials for the cert-manager Operator for Red Hat OpenShift for the AWS Security Token Service cluster_ section.
+* If your cluster does not use the AWS STS, you followed the instructions from the _Configuring cloud credentials for the cert-manager Operator for Red Hat OpenShift on AWS_ section.
+
+.Procedure
+
+. Optional: Override the nameserver settings for the DNS-01 self check.
++
+This step is required only when the target public-hosted zone overlaps with the cluster's default private-hosted zone.
+
+.. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager cluster
+----
+
+.. Add a `spec.controllerConfig` section with the following override arguments:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+metadata:
+  name: cluster
+  ...
+spec:
+  ...
+  controllerConfig:                                <1>
+    overrideArgs:
+      - '--dns01-recursive-nameservers-only'       <2>
+      - '--dns01-recursive-nameservers=1.1.1.1:53' <3>
+----
+<1> Add the `spec.controllerConfig` section.
+<2> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
+<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check. You must use a `1.1.1.1:53` value to avoid the public and private zones overlapping.
+
+.. Save the file to apply the changes.
+
+. Optional: Create a namespace for the issuer:
++
+[source,terminal]
+----
+$ oc new-project <issuer_namespace>
+----
+
+. Modify the `CertManager` resource to add the `--issuer-ambient-credentials` argument:
++
+[source,terminal]
+----
+$ oc patch certmanager/cluster \
+  --type=merge \
+  -p='{"spec":{"controllerConfig":{"overrideArgs":["--issuer-ambient-credentials"]}}}'
+----
+
+. Create an issuer:
+
+.. Create a YAML file that defines the `Issuer` object:
++
+.Example `issuer.yaml` file
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: <letsencrypt_staging>                                        <1>
+  namespace: <issuer_namespace>                                   <2>
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory <3>
+    email: "<email_address>"                                       <4>
+    privateKeySecretRef:
+      name: <secret_private_key>                                   <5>
+    solvers:
+    - dns01:
+        route53:
+          hostedZoneID: <hosted_zone_id>                           <6>
+          region: us-east-1
+----
+<1> Provide a name for the issuer.
+<2> Specify the namespace that you created for the issuer.
+<3> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
+<4> Replace `<email_address>` with your email address.
+<5> Replace `<secret_private_key>` with the name of the secret to store the ACME account private key in.
+<6> Replace `<hosted_zone_id>` with your hosted zone ID.
+
+.. Create the `Issuer` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f issuer.yaml
+----
\ No newline at end of file
diff --git a/modules/cert-manager-acme-dns01-ambient-gcp.adoc b/modules/cert-manager-acme-dns01-ambient-gcp.adoc
new file mode 100644
index 000000000000..1349065166b2
--- /dev/null
+++ b/modules/cert-manager-acme-dns01-ambient-gcp.adoc
@@ -0,0 +1,100 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-acme-dns01-ambient-gcp_{context}"]
+= Configuring an ACME issuer by using ambient credentials on GCP
+
+You can use the {cert-manager-operator} to set up an ACME issuer to solve DNS-01 challenges by using ambient credentials on GCP. This procedure uses _Let's Encrypt_ as the ACME CA server and shows how to solve DNS-01 challenges with Google CloudDNS.
+
+.Prerequisites
+
+* If your cluster is configured to use GCP Workload Identity, you followed the instructions from the _Configuring cloud credentials for the cert-manager Operator for Red Hat OpenShift with GCP Workload Identity_ section.
+* If your cluster does not use GCP Workload Identity, you followed the instructions from the _Configuring cloud credentials for the cert-manager Operator for Red Hat OpenShift on GCP_ section.
+
+.Procedure
+
+. Optional: Override the nameserver settings for the DNS-01 self check.
++
+This step is required only when the target public-hosted zone overlaps with the cluster's default private-hosted zone.
+
+.. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager cluster
+----
+
+.. Add a `spec.controllerConfig` section with the following override arguments:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+metadata:
+  name: cluster
+  ...
+spec:
+  ...
+  controllerConfig:                                <1>
+    overrideArgs:
+      - '--dns01-recursive-nameservers-only'       <2>
+      - '--dns01-recursive-nameservers=1.1.1.1:53' <3>
+----
+<1> Add the `spec.controllerConfig` section.
+<2> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
+<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check. You must use a `1.1.1.1:53` value to avoid the public and private zones overlapping.
+
+.. Save the file to apply the changes.
+
+. Optional: Create a namespace for the issuer:
++
+[source,terminal]
+----
+$ oc new-project <issuer_namespace>
+----
+
+. Modify the `CertManager` resource to add the `--issuer-ambient-credentials` argument:
++
+[source,terminal]
+----
+$ oc patch certmanager/cluster \
+  --type=merge \
+  -p='{"spec":{"controllerConfig":{"overrideArgs":["--issuer-ambient-credentials"]}}}'
+----
+
+. Create an issuer:
+
+.. Create a YAML file that defines the `Issuer` object:
++
+.Example `issuer.yaml` file
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: <acme_dns01_clouddns_issuer> <1>
+  namespace: <issuer_namespace>
+spec:
+  acme:
+    preferredChain: ""
+    privateKeySecretRef:
+      name: <secret_private_key> <2>
+    server: https://acme-staging-v02.api.letsencrypt.org/directory <3>
+    solvers:
+    - dns01:
+        cloudDNS:
+          project: <gcp_project_id> <4>
+----
+<1> Provide a name for the issuer.
+<2> Replace `<secret_private_key>` with the name of the secret to store the ACME account private key in.
+<3> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
+<4> Replace `<gcp_project_id>` with the name of the GCP project that contains the Cloud DNS zone.
+
+.. Create the `Issuer` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f issuer.yaml
+----
\ No newline at end of file
diff --git a/modules/cert-manager-acme-dns01-aws.adoc b/modules/cert-manager-acme-dns01-aws.adoc
deleted file mode 100644
index 50ba6e3b2df5..000000000000
--- a/modules/cert-manager-acme-dns01-aws.adoc
+++ /dev/null
@@ -1,170 +0,0 @@
-// Module included in the following assemblies:
-//
-// * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
-
-:_content-type: PROCEDURE
-[id="cert-manager-acme-dns01-aws_{context}"]
-= Configuring an ACME issuer to solve DNS-01 challenges
-
-You can use {cert-manager-operator} to set up an ACME issuer to solve DNS-01 challenges. This procedure uses _Let's Encrypt_ as the ACME CA server and shows how to solve DNS-01 challenges with Amazon Route 53.
-
-[NOTE]
-====
-Private DNS zones are not supported.
-====
-
-.Prerequisites
-
-* You have access to the {product-title} cluster as a user with the `cluster-admin` role.
-* You have set up an IAM role for Amazon Route 53. For more information, see link:https://cert-manager.io/docs/configuration/acme/dns01/route53/[Route53] in the upstream cert-manager documentation.
-+
-[NOTE]
-====
-If your cluster is _not_ configured to use the AWS Security Token Service (STS), you must provide explicit `accessKeyID` and `secretAccessKey` credentials. If you cluster uses AWS STS, you can use implicit ambient credentials.
-====
-
-.Procedure
-
-. Optional: Override the nameserver settings for the DNS-01 self check:
-+
-This step is required only when the target public-hosted zone overlaps with the cluster's default private-hosted zone.
-
-.. Edit the `CertManager` resource by running the following command:
-+
-[source,terminal]
-----
-$ oc edit certmanager cluster
-----
-
-.. Add a `spec.controllerConfig` section with the following override arguments:
-+
-[source,yaml]
-----
-apiVersion: operator.openshift.io/v1alpha1
-kind: CertManager
-metadata:
-  name: cluster
-  ...
-spec:
-  ...
-  controllerConfig:                                <1>
-    overrideArgs:
-      - '--dns01-recursive-nameservers=1.1.1.1:53' <2>
-      - '--dns01-recursive-nameservers-only'       <3>
-----
-<1> Add the `spec.controllerConfig` section.
-<2> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check.
-<3> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
-
-.. Save the file to apply the changes.
-
-. Optional: Create a namespace for the issuer.
-
-.. Create a YAML file that defines a `Namespace` object:
-+
-.Example `namespace.yaml` file
-[source,yaml]
-----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: my-issuer-namespace <1>
-----
-<1> Specify the namespace for the issuer.
-
-.. Create the `Namespace` object by running the following command:
-+
-[source,terminal]
-----
-$ oc create -f namespace.yaml
-----
-
-. Create a secret to store your AWS credentials in by running the following command:
-+
-[source,terminal]
-----
-$ oc create secret generic aws-secret --from-literal=awsSecretAccessKey=<aws_secret_access_key> \ <1>
-    -n my-issuer-namespace
-----
-<1> Replace `<aws_secret_access_key>` with your AWS secret access key.
-
-. Create an issuer.
-
-.. Create a YAML file that defines the `Issuer` object:
-+
-.Example `issuer.yaml` file
-[source,yaml]
-----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt-staging                                        <1>
-  namespace: my-issuer-namespace                                   <2>
-spec:
-  acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory <3>
-    email: "<email_address>"                                       <4>
-    privateKeySecretRef:
-      name: <secret_private_key>                                   <5>
-    solvers:
-    - dns01:
-        route53:
-          accessKeyID: <aws_key_id>                                <6>
-          hostedZoneID: <hosted_zone_id>                           <7>
-          region: us-east-1
-          secretAccessKeySecretRef:
-            name: "aws-secret"                                     <8>
-            key: "awsSecretAccessKey"                              <9>
-----
-<1> Provide a name for the issuer.
-<2> Specify the namespace that you created for the issuer.
-<3> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
-<4> Replace `<email_address>` with your email address.
-<5> Replace `<secret_private_key>` with the name of the secret to store the ACME account private key in.
-<6> Replace `<aws_key_id>` with your AWS key ID.
-<7> Replace `<hosted_zone_id>` with your hosted zone ID.
-<8> Specify the name of the secret you created.
-<9> Specify the key in the secret you created that stores your AWS secret access key.
-
-.. Create the `Issuer` object by running the following command:
-+
-[source,terminal]
-----
-$ oc create -f issuer.yaml
-----
-
-. Create a certificate.
-
-.. Create a YAML file that defines the `Certificate` object:
-+
-.Example `certificate.yaml` file
-[source,yaml]
-----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: my-tls-cert              <1>
-  namespace: my-issuer-namespace <2>
-spec:
-  isCA: false
-  commonName: '<common_name>'    <3>
-  secretName: my-tls-cert        <4>
-  dnsNames:
-  - '<domain_name>'              <5>
-  issuerRef:
-    name: letsencrypt-staging    <6>
-    kind: Issuer
-----
-<1> Provide a name for the certificate.
-<2> Specify the namespace that you created for the issuer.
-<3> Replace `<common_name>` with your common name (CN).
-<4> Specify the name of the secret to create that will contain the certificate.
-<5> Replace `<domain_name>` with your domain name.
-<6> Specify the name of the issuer that you created.
-
-.. Create the `Certificate` object by running the following command:
-+
-[source,terminal]
-----
-$ oc create -f certificate.yaml
-----
diff --git a/modules/cert-manager-acme-dns01-explicit-aws.adoc b/modules/cert-manager-acme-dns01-explicit-aws.adoc
new file mode 100644
index 000000000000..6ec24e1799ff
--- /dev/null
+++ b/modules/cert-manager-acme-dns01-explicit-aws.adoc
@@ -0,0 +1,115 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-acme-dns01-explicit-aws_{context}"]
+= Configuring an ACME issuer by using explicit credentials for AWS Route53
+
+You can use {cert-manager-operator} to set up an Automated Certificate Management Environment (ACME) issuer to solve DNS-01 challenges by using explicit credentials on AWS. This procedure uses _Let's Encrypt_ as the ACME certificate authority (CA) server and shows how to solve DNS-01 challenges with Amazon Route 53.
+
+.Prerequisites
+
+* You must provide the explicit `accessKeyID` and `secretAccessKey` credentials. For more information, see link:https://cert-manager.io/docs/configuration/acme/dns01/route53/[Route53] in the upstream cert-manager documentation.
++
+[NOTE]
+====
+You can use Amazon Route 53 with explicit credentials in an {product-title} cluster that is not running on AWS.
+====
+
+.Procedure
+
+. Optional: Override the nameserver settings for the DNS-01 self check.
++
+This step is required only when the target public-hosted zone overlaps with the cluster's default private-hosted zone.
+
+.. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager cluster
+----
+
+.. Add a `spec.controllerConfig` section with the following override arguments:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+metadata:
+  name: cluster
+  ...
+spec:
+  ...
+  controllerConfig:                                <1>
+    overrideArgs:
+      - '--dns01-recursive-nameservers-only'       <2>
+      - '--dns01-recursive-nameservers=1.1.1.1:53' <3>
+----
+<1> Add the `spec.controllerConfig` section.
+<2> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
+<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check. You must use a `1.1.1.1:53` value to avoid the public and private zones overlapping.
+
+.. Save the file to apply the changes.
+
+. Optional: Create a namespace for the issuer:
++
+[source,terminal]
+----
+$ oc new-project <issuer_namespace>
+----
+
+. Create a secret to store your AWS credentials in by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic aws-secret --from-literal=awsSecretAccessKey=<aws_secret_access_key> \ <1>
+    -n my-issuer-namespace
+----
+<1> Replace `<aws_secret_access_key>` with your AWS secret access key.
+
+. Create an issuer:
+
+.. Create a YAML file that defines the `Issuer` object:
++
+.Example `issuer.yaml` file
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: <letsencrypt_staging>                                        <1>
+  namespace: <issuer_namespace>                                   <2>
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory <3>
+    email: "<email_address>"                                       <4>
+    privateKeySecretRef:
+      name: <secret_private_key>                                   <5>
+    solvers:
+    - dns01:
+        route53:
+          accessKeyID: <aws_key_id>                                <6>
+          hostedZoneID: <hosted_zone_id>                           <7>
+          region: <region_name>                                    <8>
+          secretAccessKeySecretRef:
+            name: "aws-secret"                                     <9>
+            key: "awsSecretAccessKey"                              <10>
+----
+<1> Provide a name for the issuer.
+<2> Specify the namespace that you created for the issuer.
+<3> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
+<4> Replace `<email_address>` with your email address.
+<5> Replace `<secret_private_key>` with the name of the secret to store the ACME account private key in.
+<6> Replace `<aws_key_id>` with your AWS key ID.
+<7> Replace `<hosted_zone_id>` with your hosted zone ID.
+<8> Replace `<region_name>` with the AWS region name. For example, `us-east-1`.
+<9> Specify the name of the secret you created.
+<10> Specify the key in the secret you created that stores your AWS secret access key.
+
+.. Create the `Issuer` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f issuer.yaml
+----
\ No newline at end of file
diff --git a/modules/cert-manager-acme-dns01-explicit-azure.adoc b/modules/cert-manager-acme-dns01-explicit-azure.adoc
new file mode 100644
index 000000000000..923734641dc7
--- /dev/null
+++ b/modules/cert-manager-acme-dns01-explicit-azure.adoc
@@ -0,0 +1,121 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-acme-dns01-explicit-azure_{context}"]
+= Configuring an ACME issuer by using explicit credentials for Microsoft Azure DNS
+
+You can use {cert-manager-operator} to set up an ACME issuer to solve DNS-01 challenges by using explicit credentials on Microsoft Azure. This procedure uses _Let's Encrypt_ as the ACME CA server and shows how to solve DNS-01 challenges with Azure DNS.
+
+.Prerequisites
+
+* You have set up a service principal with desired role for Azure DNS. For more information, see link:https://cert-manager.io/docs/configuration/acme/dns01/azuredns/[Azure DNS] in the upstream cert-manager documentation.
++
+[NOTE]
+====
+You can follow this procedure for an {product-title} cluster that is not running on Microsoft Azure.
+====
+
+.Procedure
+
+. Optional: Override the nameserver settings for the DNS-01 self check.
++
+This step is required only when the target public-hosted zone overlaps with the cluster's default private-hosted zone.
+
+.. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager cluster
+----
+
+.. Add a `spec.controllerConfig` section with the following override arguments:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+metadata:
+  name: cluster
+  ...
+spec:
+  ...
+  controllerConfig:                                <1>
+    overrideArgs:
+      - '--dns01-recursive-nameservers-only'       <2>
+      - '--dns01-recursive-nameservers=1.1.1.1:53' <3>
+----
+<1> Add the `spec.controllerConfig` section.
+<2> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
+<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check. You must use a `1.1.1.1:53` value to avoid the public and private zones overlapping.
+
+.. Save the file to apply the changes.
+
+. Optional: Create a namespace for the issuer:
++
+[source,terminal]
+----
+$ oc new-project my-issuer-namespace
+----
+
+. Create a secret to store your Azure credentials in by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic <secret_name> --from-literal=<azure_secret_access_key_name>=<azure_secret_access_key_value> \ <1> <2> <3>
+    -n my-issuer-namespace
+----
+<1> Replace `<secret_name>` with your secret name.
+<2> Replace `<azure_secret_access_key_name>` with your Azure secret access key name.
+<3> Replace `<azure_secret_access_key_value>` with your Azure secret key.
+
+. Create an issuer:
+
+.. Create a YAML file that defines the `Issuer` object:
++
+.Example `issuer.yaml` file
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: <acme-dns01-azuredns-issuer>   <1>
+  namespace: <issuer_namespace>   <2>
+spec:
+  acme:
+    preferredChain: ""
+    privateKeySecretRef:
+      name: <secret_private_key> <3>
+    server: https://acme-staging-v02.api.letsencrypt.org/directory <4>
+    solvers:
+    - dns01:
+        azureDNS:
+          clientID: <azure_client_id> <5>
+          clientSecretSecretRef:
+            name: <secret_name> <6>
+            key: <azure_secret_access_key_name> <7>
+          subscriptionID: <azure_subscription_id> <8>
+          tenantID: <azure_tenant_id> <9>
+          resourceGroupName: <azure_dns_zone_resource_group> <10>
+          hostedZoneName: <azure_dns_zone> <11>
+          environment: AzurePublicCloud
+----
+<1> Provide a name for the issuer.
+<2> Replace `<issuer_namespace>` with your issuer namespace.
+<3> Replace `<secret_private_key>` with the name of the secret to store the ACME account private key in.
+<4> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
+<5> Replace `<azure_client_id>` with your Azure client ID.
+<6> Replace `<secret_name>` with a name of the client secret.
+<7> Replace `<azure_secret_access_key_name>` with the client secret key name.
+<8> Replace `<azure_subscription_id>` with your Azure subscription ID.
+<9> Replace `<azure_tenant_id>` with your Azure tenant ID.
+<10> Replace `<azure_dns_zone_resource_group>` with the name of the Azure DNS zone resource group.
+<11> Replace `<azure_dns_zone>` with the name of Azure DNS zone.
+
+.. Create the `Issuer` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f issuer.yaml
+----
\ No newline at end of file
diff --git a/modules/cert-manager-acme-dns01-explicit-gcp.adoc b/modules/cert-manager-acme-dns01-explicit-gcp.adoc
new file mode 100644
index 000000000000..433a3acdf885
--- /dev/null
+++ b/modules/cert-manager-acme-dns01-explicit-gcp.adoc
@@ -0,0 +1,108 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-acme-dns01-explicit-gcp_{context}"]
+= Configuring an ACME issuer by using explicit credentials for GCP Cloud DNS
+
+You can use the {cert-manager-operator} to set up an ACME issuer to solve DNS-01 challenges by using explicit credentials on GCP. This procedure uses _Let's Encrypt_ as the ACME CA server and shows how to solve DNS-01 challenges with Google CloudDNS.
+
+.Prerequisites
+
+* You have set up Google Cloud service account with a desired role for Google CloudDNS. For more information, see link:https://cert-manager.io/docs/configuration/acme/dns01/google/[Google CloudDNS] in the upstream cert-manager documentation.
++
+[NOTE]
+====
+You can use Google CloudDNS with explicit credentials in an {product-title} cluster that is not running on GCP.
+====
+
+.Procedure
+
+. Optional: Override the nameserver settings for the DNS-01 self check.
++
+This step is required only when the target public-hosted zone overlaps with the cluster's default private-hosted zone.
+
+.. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager cluster
+----
+
+.. Add a `spec.controllerConfig` section with the following override arguments:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+metadata:
+  name: cluster
+  ...
+spec:
+  ...
+  controllerConfig:                                <1>
+    overrideArgs:
+      - '--dns01-recursive-nameservers-only'       <2>
+      - '--dns01-recursive-nameservers=1.1.1.1:53' <3>
+----
+<1> Add the `spec.controllerConfig` section.
+<2> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
+<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check. You must use a `1.1.1.1:53` value to avoid the public and private zones overlapping.
+
+.. Save the file to apply the changes.
+
+. Optional: Create a namespace for the issuer:
++
+[source,terminal]
+----
+$ oc new-project my-issuer-namespace
+----
+
+. Create a secret to store your GCP credentials by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic clouddns-dns01-solver-svc-acct --from-file=service_account.json=<path/to/gcp_service_account.json> -n my-issuer-namespace
+----
+
+. Create an issuer:
+
+.. Create a YAML file that defines the `Issuer` object:
++
+.Example `issuer.yaml` file
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: <acme_dns01_clouddns_issuer> <1>
+  namespace: <issuer_namespace> <2>
+spec:
+  acme:
+    preferredChain: ""
+    privateKeySecretRef:
+      name: <secret_private_key> <3>
+    server: https://acme-staging-v02.api.letsencrypt.org/directory <4>
+    solvers:
+    - dns01:
+        cloudDNS:
+          project: <project_id> <5>
+          serviceAccountSecretRef:
+            name: clouddns-dns01-solver-svc-acct <6>
+            key: service_account.json <7>
+----
+<1> Provide a name for the issuer.
+<2> Replace `<issuer_namespace>` with your issuer namespace.
+<3> Replace `<secret_private_key>` with the name of the secret to store the ACME account private key in.
+<4> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
+<5> Replace `<project_id>` with the name of the GCP project that contains the Cloud DNS zone.
+<6> Specify the name of the secret you created.
+<7> Specify the key in the secret you created that stores your GCP secret access key.
+
+.. Create the `Issuer` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f issuer.yaml
+----
\ No newline at end of file
diff --git a/modules/cert-manager-acme-http01.adoc b/modules/cert-manager-acme-http01.adoc
index 40fde7e20a8c..4ff9a2afcd66 100644
--- a/modules/cert-manager-acme-http01.adoc
+++ b/modules/cert-manager-acme-http01.adoc
@@ -2,11 +2,11 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-acme-http01_{context}"]
 = Configuring an ACME issuer to solve HTTP-01 challenges
 
-You can use {cert-manager-operator} to set up an ACME issuer to solve HTTP-01 challenges. This procedure uses Let's Encrypt as the ACME CA server.
+You can use {cert-manager-operator} to set up an ACME issuer to solve HTTP-01 challenges. This procedure uses _Let's Encrypt_ as the ACME CA server.
 
 .Prerequisites
 
@@ -39,7 +39,7 @@ spec:
 ----
 <1> Provide a name for the cluster issuer.
 <2> Replace `<secret_private_key>` with the name of secret to store the ACME account private key in.
-<3> Specify the URL to access the ACME server's `directory` endpoint. This example uses the Let's Encrypt staging environment.
+<3> Specify the URL to access the ACME server's `directory` endpoint. This example uses the _Let's Encrypt_ staging environment.
 <4> Specify the Ingress class.
 
 .. Create the `ClusterIssuer` object by running the following command:
diff --git a/modules/cert-manager-certificate-api-server.adoc b/modules/cert-manager-certificate-api-server.adoc
new file mode 100644
index 000000000000..d768b8560fd9
--- /dev/null
+++ b/modules/cert-manager-certificate-api-server.adoc
@@ -0,0 +1,70 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-creating-certificate.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-certificate-api-server_{context}"]
+= Creating certificates for the API server
+
+.Prerequisites
+
+* You have access to the cluster with `cluster-admin` privileges.
+* You have installed the {cert-manager-operator} 1.13.0 or later.
+
+.Procedure
+
+. Create an issuer. For more information, see "Configuring an issuer" in the "Additional Resources" section.
+
+. Create a certificate:
+
+.. Create a YAML file, for example, `certificate.yaml`, that defines the `Certificate` object:
++
+.Example `certificate.yaml` file
++
+[source, yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: <tls_cert> #<1>
+  namespace: openshift-config
+spec:
+  isCA: false
+  commonName: "api.<cluster_base_domain>" #<2>
+  secretName: <secret_name> #<3>
+  dnsNames:
+  - "api.<cluster_base_domain>" #<4>
+  issuerRef:
+    name: <issuer_name> #<5>
+    kind: Issuer
+----
+<1> Provide a name for the certificate.
+<2> Specify the common name (CN).
+<3> Specify the name of the secret to create that contains the certificate.
+<4> Specify the DNS name of the API server.
+<5> Specify the name of the issuer.
+
+.. Create the `Certificate` object by running the following command:
++
+[source, terminal]
+----
+$ oc create -f certificate.yaml
+----
+
+. Add the API server named certificate. For more information, see "Adding an API server named certificate" section in the "Additional resources" section.
+
+[NOTE]
+====
+To ensure the certificates are updated, run the `oc login` command again after the certificate is created.
+====
+
+.Verification
+
+* Verify that the certificate is created and ready to use by running the following command:
++
+[source, terminal]
+----
+$ oc get certificate -w -n openshift-config
+----
++
+Once certificate is in `Ready` status, API server on your cluster can start using the generated certificate secret.
\ No newline at end of file
diff --git a/modules/cert-manager-certificate-ingress.adoc b/modules/cert-manager-certificate-ingress.adoc
new file mode 100644
index 000000000000..072a34c1d5a5
--- /dev/null
+++ b/modules/cert-manager-certificate-ingress.adoc
@@ -0,0 +1,66 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-creating-certificate.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-certificate-ingress_{context}"]
+= Creating certificates for the Ingress Controller
+
+.Prerequisites
+
+* You have access to the cluster with `cluster-admin` privileges.
+* You have installed the {cert-manager-operator} 1.13.0 or later.
+
+.Procedure
+
+. Create an issuer. For more information, see "Configuring an issuer" in the "Additional Resources" section.
+
+. Create a certificate:
+
+.. Create a YAML file, for example, `certificate.yaml`, that defines the `Certificate` object:
++
+.Example `certificate.yaml` file
++
+[source, yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: <tls_cert> #<1>
+  namespace: openshift-ingress
+spec:
+  isCA: false
+  commonName: "apps.<cluster_base_domain>" #<2>
+  secretName: <secret_name> #<3>
+  dnsNames:
+  - "apps.<cluster_base_domain>" #<4>
+  - "*.apps.<cluster_base_domain>" #<4>
+  issuerRef:
+    name: <issuer_name> #<5>
+    kind: Issuer
+----
+<1> Provide a name for the certificate.
+<2> Specify the common name (CN).
+<3> Specify the name of the secret to create that contains the certificate.
+<4> Specify the DNS name of the ingress.
+<5> Specify the name of the issuer.
+
+.. Create the `Certificate` object by running the following command:
++
+[source, terminal]
+----
+$ oc create -f certificate.yaml
+----
+
+. Replace the default ingress certificate. For more information, see "Replacing the default ingress certificate" section in the "Additional resources" section.
+
+.Verification
+
+* Verify that the certificate is created and ready to use by running the following command:
++ 
+[source, terminal]
+----
+$ oc get certificate -w -n openshift-ingress
+----
++
+Once certificate is in `Ready` status, Ingress Controller on your cluster can start using the generated certificate secret.
\ No newline at end of file
diff --git a/modules/cert-manager-certificate-mgmt.adoc b/modules/cert-manager-certificate-mgmt.adoc
new file mode 100644
index 000000000000..d109232b00c6
--- /dev/null
+++ b/modules/cert-manager-certificate-mgmt.adoc
@@ -0,0 +1,64 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-creating-certificate.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-certificate-mgmt_{context}"]
+= Creating certificates for user workloads
+
+.Prerequisites
+
+* You have access to the cluster with `cluster-admin` privileges.
+* You have installed the {cert-manager-operator}.
+
+.Procedure
+
+. Create an issuer. For more information, see "Configuring an issuer" in the "Additional Resources" section.
+
+. Create a certificate:
+
+.. Create a YAML file, for example, `certificate.yaml`, that defines the `Certificate` object:
++
+.Example `certificate.yaml` file
++
+[source, yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: <tls_cert> #<1>
+  namespace: <issuer_namespace> #<2>
+spec:
+  isCA: false
+  commonName: '<common_name>' #<3>
+  secretName: <secret_name> #<4>
+  dnsNames:
+  - "<domain_name>" #<5>
+  issuerRef:
+    name: <issuer_name> #<6>
+    kind: Issuer
+----
+<1> Provide a name for the certificate.
+<2> Specify the namespace of the issuer.
+<3> Specify the common name (CN).
+<4> Specify the name of the secret to create that contains the certificate.
+<5> Specify the domain name.
+<6> Specify the name of the issuer.
+
+.. Create the `Certificate` object by running the following command:
++
+[source, terminal]
+----
+$ oc create -f certificate.yaml
+----
+
+.Verification
+
+* Verify that the certificate is created and ready to use by running the following command:
++ 
+[source, terminal]
+----
+$ oc get certificate -w -n <issuer_namespace>
+----
++
+Once certificate is in `Ready` status, workloads on your cluster can start using the generated certificate secret.
diff --git a/modules/cert-manager-configure-cloud-credentials-aws-non-sts.adoc b/modules/cert-manager-configure-cloud-credentials-aws-non-sts.adoc
index 91efdaee0e2c..1dff8fb819e6 100644
--- a/modules/cert-manager-configure-cloud-credentials-aws-non-sts.adoc
+++ b/modules/cert-manager-configure-cloud-credentials-aws-non-sts.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-authenticate-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-configure-cloud-credentials-aws-non-sts_{context}"]
 = Configuring cloud credentials for the {cert-manager-operator} on AWS
 
diff --git a/modules/cert-manager-configure-cloud-credentials-aws-sts.adoc b/modules/cert-manager-configure-cloud-credentials-aws-sts.adoc
index 8365a4fdd72c..42d1849fab5f 100644
--- a/modules/cert-manager-configure-cloud-credentials-aws-sts.adoc
+++ b/modules/cert-manager-configure-cloud-credentials-aws-sts.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-authenticate-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-configure-cloud-credentials-aws-sts_{context}"]
 = Configuring cloud credentials for the {cert-manager-operator} for the AWS Security Token Service cluster
 
diff --git a/modules/cert-manager-configure-cloud-credentials-gcp-non-sts.adoc b/modules/cert-manager-configure-cloud-credentials-gcp-non-sts.adoc
index 7b03f29456e5..467ec60e043c 100644
--- a/modules/cert-manager-configure-cloud-credentials-gcp-non-sts.adoc
+++ b/modules/cert-manager-configure-cloud-credentials-gcp-non-sts.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-configure-cloud-credentials-gcp-non-sts_{context}"]
 = Configuring cloud credentials for the {cert-manager-operator} on GCP
 
diff --git a/modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc b/modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc
index c155d3c261d0..0260ca8e93a2 100644
--- a/modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc
+++ b/modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-authenticate-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-configure-cloud-credentials-gcp-sts_{context}"]
 = Configuring cloud credentials for the {cert-manager-operator} with GCP Workload Identity
 
diff --git a/modules/cert-manager-configure-cpu-memory.adoc b/modules/cert-manager-configure-cpu-memory.adoc
new file mode 100644
index 000000000000..31ed62e1311b
--- /dev/null
+++ b/modules/cert-manager-configure-cpu-memory.adoc
@@ -0,0 +1,196 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-configure-cpu-memory_{context}"]
+= Overriding CPU and memory limits for the cert-manager components
+
+After installing the {cert-manager-operator}, you can configure the CPU and memory limits from the {cert-manager-operator} API for the cert-manager components such as cert-manager controller, CA injector, and Webhook.
+
+.Prerequisites
+
+* You have access to the {product-title} cluster as a user with the `cluster-admin` role.
+* You have installed the {cert-manager-operator} 1.12.0 or later.
+
+.Procedure
+
+. Check that the deployments of the cert-manager controller, CA injector, and Webhook are available by entering the following command:
++
+[source,terminal]
+----
+$ oc get deployment -n cert-manager
+----
++
+.Example output
+[source,terminal]
+----
+NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
+cert-manager              1/1     1            1           53m
+cert-manager-cainjector   1/1     1            1           53m
+cert-manager-webhook      1/1     1            1           53m
+----
+
+. Before setting the CPU and memory limit, check the existing configuration for the cert-manager controller, CA injector, and Webhook by entering the following command:
++
+[source,terminal]
+----
+$ oc get deployment -n cert-manager -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+# ...
+  metadata:
+    name: cert-manager
+    namespace: cert-manager
+# ...
+  spec:
+    template:
+      spec:
+        containers:
+        - name: cert-manager-controller
+          resources: {} <1>
+# ...
+  metadata:
+    name: cert-manager-cainjector
+    namespace: cert-manager
+# ...
+  spec:
+    template:
+      spec:
+        containers:
+        - name: cert-manager-cainjector
+          resources: {} <1>
+# ...
+  metadata:
+    name: cert-manager-webhook
+    namespace: cert-manager
+# ...
+  spec:
+    template:
+      spec:
+        containers:
+        - name: cert-manager-webhook
+          resources: {} <1>
+# ...
+----
+<1> The `spec.resources` field is empty by default. The cert-manager components do not have CPU and memory limits.
+
+. To configure the CPU and memory limits for the cert-manager controller, CA injector, and Webhook, enter the following command:
++
+[source,yaml]
+----
+$ oc patch certmanager.operator cluster --type=merge -p="
+spec:
+  controllerConfig:
+    overrideResources:
+      limits: <1>
+        cpu: 200m <2>
+        memory: 64Mi <3>
+      requests: <4>
+        cpu: 10m <2>
+        memory: 16Mi <3>
+  webhookConfig:
+    overrideResources:
+      limits: <5>
+        cpu: 200m <6>
+        memory: 64Mi <7>
+      requests: <8>
+        cpu: 10m <6>
+        memory: 16Mi <7>
+  cainjectorConfig:
+    overrideResources:
+      limits: <9>
+        cpu: 200m <10>
+        memory: 64Mi <11>
+      requests: <12>
+        cpu: 10m <10>
+        memory: 16Mi <11>
+"
+----
+<1> Defines the maximum amount of CPU and memory that a single container in a cert-manager controller pod can request.
+<2> You can specify the CPU limit that a cert-manager controller pod can request. The default value is `10m`.
+<3> You can specify the memory limit that a cert-manager controller pod can request. The default value is `32Mi`.
+<4> Defines the amount of CPU and memory set by scheduler for the cert-manager controller pod.
+<5> Defines the maximum amount of CPU and memory that a single container in a CA injector pod can request.
+<6> You can specify the CPU limit that a CA injector pod can request. The default value is `10m`.
+<7> You can specify the memory limit that a CA injector pod can request. The default value is `32Mi`.
+<8> Defines the amount of CPU and memory set by scheduler for the CA injector pod.
+<9> Defines the maximum amount of CPU and memory Defines the maximum amount of CPU and memory that a single container in a Webhook pod can request.
+<10> You can specify the CPU limit that a Webhook pod can request. The default value is `10m`.
+<11> You can specify the memory limit that a Webhook pod can request. The default value is `32Mi`.
+<12> Defines the amount of CPU and memory set by scheduler for the Webhook pod.
++
+.Example output
+[source,termnal]
+----
+certmanager.operator.openshift.io/cluster patched
+----
+
+.Verification
+
+. Verify that the CPU and memory limits are updated for the cert-manager components:
++
+[source,terminal]
+----
+$ oc get deployment -n cert-manager -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+# ...
+  metadata:
+    name: cert-manager
+    namespace: cert-manager
+# ...
+  spec:
+    template:
+      spec:
+        containers:
+        - name: cert-manager-controller
+          resources:
+            limits:
+              cpu: 200m
+              memory: 64Mi
+            requests:
+              cpu: 10m
+              memory: 16Mi
+# ...
+  metadata:
+    name: cert-manager-cainjector
+    namespace: cert-manager
+# ...
+  spec:
+    template:
+      spec:
+        containers:
+        - name: cert-manager-cainjector
+          resources:
+            limits:
+              cpu: 200m
+              memory: 64Mi
+            requests:
+              cpu: 10m
+              memory: 16Mi
+# ...
+  metadata:
+    name: cert-manager-webhook
+    namespace: cert-manager
+# ...
+  spec:
+    template:
+      spec:
+        containers:
+        - name: cert-manager-webhook
+          resources:
+            limits:
+              cpu: 200m
+              memory: 64Mi
+            requests:
+              cpu: 10m
+              memory: 16Mi
+# ...
+----
diff --git a/modules/cert-manager-enable-metrics.adoc b/modules/cert-manager-enable-metrics.adoc
index 4329a3d67426..159ea35488f8 100644
--- a/modules/cert-manager-enable-metrics.adoc
+++ b/modules/cert-manager-enable-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-enable-metrics_{context}"]
 = Enabling monitoring by using a service monitor for the {cert-manager-operator}
 
@@ -22,15 +22,45 @@ You can enable monitoring and metrics collection for the {cert-manager-operator}
 $ oc label namespace cert-manager openshift.io/cluster-monitoring=true
 ----
 
-. Enable monitoring for user-defined projects. See _Enabling monitoring for user-defined projects_ for instructions.
-
 . Create a service monitor:
 
-.. Create a YAML file that defines the `ServiceMonitor` object:
+.. Create a YAML file that defines the `Role`, `RoleBinding`, and `ServiceMonitor` objects:
 +
-.Example `service-monitor.yaml` file
+.Example `monitoring.yaml` file
+
 [source,yaml]
 ----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: prometheus-k8s
+  namespace: cert-manager
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: prometheus-k8s
+  namespace: cert-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: prometheus-k8s
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: openshift-monitoring
+---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -53,9 +83,9 @@ spec:
       app.kubernetes.io/name: cert-manager
 ----
 
-.. Create the `ServiceMonitor` object by running the following command:
+.. Create the `Role`, `RoleBinding`, and `ServiceMonitor` objects by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f service-monitor.yaml
+$ oc create -f monitoring.yaml
 ----
\ No newline at end of file
diff --git a/modules/cert-manager-enable-operand-log-level.adoc b/modules/cert-manager-enable-operand-log-level.adoc
index eb4676bf2332..f2e03ef6265b 100644
--- a/modules/cert-manager-enable-operand-log-level.adoc
+++ b/modules/cert-manager-enable-operand-log-level.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-log-levels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-enable-operand-log-level_{context}"]
 = Setting a log level for cert-manager
 
diff --git a/modules/cert-manager-enable-operator-log-level.adoc b/modules/cert-manager-enable-operator-log-level.adoc
index a2263ef1f2dd..619251320fb2 100644
--- a/modules/cert-manager-enable-operator-log-level.adoc
+++ b/modules/cert-manager-enable-operator-log-level.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-log-levels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-enable-operator-log-level_{context}"]
 = Setting a log level for the {cert-manager-operator}
 
diff --git a/modules/cert-manager-install-console.adoc b/modules/cert-manager-install-console.adoc
index 4267edae6d3d..4076a32219cf 100644
--- a/modules/cert-manager-install-console.adoc
+++ b/modules/cert-manager-install-console.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-install-console_{context}"]
 = Installing the {cert-manager-operator} using the web console
 
@@ -22,6 +22,11 @@ You can use the web console to install the {cert-manager-operator}.
 . Enter *{cert-manager-operator}* into the filter box.
 
 . Select the *{cert-manager-operator}* and click *Install*.
++
+[NOTE]
+====
+From the {cert-manager-operator} `1.12.0` and later, the z-stream versions of the upstream cert-manager operands such as cert-manager controller, CA injector, Webhook, and {cert-manager-operator} are decoupled. For example, for the {cert-manager-operator} `1.12.0`, the cert-manager operand version is `v1.12.4`.
+====
 
 . On the *Install Operator* page:
 .. Update the *Update channel*, if necessary. The channel defaults to *stable-v1*, which installs the latest stable release of the {cert-manager-operator}.
@@ -57,4 +62,4 @@ cert-manager-cainjector-56cc5f9868-7g9z7   1/1     Running   0          4m5s
 cert-manager-webhook-d4f79d7f7-9dg9w       1/1     Running   0          4m9s
 ----
 +
-You can use the {cert-manager-operator} only after cert-manager pods are up and running.
\ No newline at end of file
+You can use the {cert-manager-operator} only after cert-manager pods are up and running.
diff --git a/modules/cert-manager-issuer-types.adoc b/modules/cert-manager-issuer-types.adoc
index 5736a227e8a0..e0bbc2ba56ee 100644
--- a/modules/cert-manager-issuer-types.adoc
+++ b/modules/cert-manager-issuer-types.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cert-manager-issuer-types_{context}"]
 = Supported issuer types
 
@@ -12,3 +12,4 @@ The {cert-manager-operator} supports the following issuer types:
 * Certificate authority (CA)
 * Self-signed
 * link:https://cert-manager.io/docs/configuration/vault/[Vault]
+* link:https://cert-manager.io/docs/configuration/venafi/[Venafi]
diff --git a/modules/cert-manager-operator-update-channels.adoc b/modules/cert-manager-operator-update-channels.adoc
new file mode 100644
index 000000000000..1fd305c6f0e6
--- /dev/null
+++ b/modules/cert-manager-operator-update-channels.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-operator-install.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="cert-manager-operator-update-channels_{context}"]
+= Understanding update channels of the {cert-manager-operator}
+
+Update channels are the mechanism by which you can declare the version of your {cert-manager-operator} in your cluster. The {cert-manager-operator} offers the following update channels:
+
+* `stable-v1`
+* `stable-v1.y`
+
+[id="stable-v1-channel_{context}"]
+== stable-v1 channel
+
+The `stable-v1` channel is the default and suggested channel while installing the {cert-manager-operator}. The `stable-v1` channel installs and updates the latest release version of the {cert-manager-operator}. Select the `stable-v1` channel if you want to use the latest stable release of the {cert-manager-operator}.
+
+The `stable-v1` channel offers the following update approval strategies:
+
+Automatic:: If you choose automatic updates for an installed {cert-manager-operator}, a new version of the {cert-manager-operator} is available in the `stable-v1` channel. The Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without human intervention.
+
+Manual:: If you select manual updates, when a newer version of the {cert-manager-operator} is available, OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the {cert-manager-operator} updated to the new version.
+
+[id="stable-v1-y-channel_{context}"]
+== stable-v1.y channel
+
+The y-stream version of the {cert-manager-operator} installs updates from the `stable-v1.y` channels such as `stable-v1.10`, `stable-v1.11`, and `stable-v1.12`. Select the `stable-v1.y` channel if you want to use the y-stream version and stay updated to the z-stream version of the {cert-manager-operator}.
+
+The `stable-v1.y` channel offers the following update approval strategies:
+
+Automatic:: If you choose automatic updates for an installed {cert-manager-operator}, a new z-stream version of the {cert-manager-operator} is available in the `stable-v1.y` channel. OLM automatically upgrades the running instance of your Operator without human intervention.
+
+Manual:: If you select manual updates, when a newer version of the {cert-manager-operator} is available, OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the {cert-manager-operator} updated to the new version of the z-stream releases.
diff --git a/modules/cert-manager-override-arguments.adoc b/modules/cert-manager-override-arguments.adoc
index 6b528d674af7..8fcec3826be4 100644
--- a/modules/cert-manager-override-arguments.adoc
+++ b/modules/cert-manager-override-arguments.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-override-arguments_{context}"]
 = Customizing cert-manager by overriding arguments from the cert-manager Operator API
 
@@ -34,11 +34,12 @@ spec:
   ...
   controllerConfig:
     overrideArgs:
-      - '--dns01-recursive-nameservers=<host>:<port>' <1>
+      - '--dns01-recursive-nameservers=<server_address>' <1>
       - '--dns01-recursive-nameservers-only' <2>
       - '--acme-http01-solver-nameservers=<host>:<port>' <3>
       - '--v=<verbosity_level>' <4>
       - '--metrics-listen-address=<host>:<port>' <5>
+      - '--issuer-ambient-credentials' <6>
   webhookConfig:
     overrideArgs:
       - '--v=4' <4>
@@ -46,11 +47,17 @@ spec:
     overrideArgs:
       - '--v=2' <4>
 ----
-<1> Provide a comma-separated list of `<host>:<port>` nameservers to query for the DNS-01 self check. For example, `--dns01-recursive-nameservers=1.1.1.1:53`.
+<1> Provide a comma-separated list of nameservers to query for the DNS-01 self check. The nameservers can be specified either as `<host>:<port>`, for example, `1.1.1.1:53`, or use DNS over HTTPS (DoH), for example, `https://1.1.1.1/dns-query`.
 <2> Specify to only use recursive nameservers instead of checking the authoritative nameservers associated with that domain.
-<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the ACME HTTP01 self check. For example, `--acme-http01-solver-nameservers=1.1.1.1:53`.
+<3> Provide a comma-separated list of `<host>:<port>` nameservers to query for the Automated Certificate Management Environment (ACME) HTTP01 self check. For example, `--acme-http01-solver-nameservers=1.1.1.1:53`.
 <4> Specify to set the log level verbosity to determine the verbosity of log messages.
 <5> Specify the host and port for the metrics endpoint. The default value is `--metrics-listen-address=0.0.0.0:9402`.
+<6> You must use the `--issuer-ambient-credentials` argument when configuring an ACME Issuer to solve DNS-01 challenges by using ambient credentials.
++
+[NOTE]
+====
+DNS over HTTPS (DoH) is supported starting only from {cert-manager-operator} version 1.13.0 and later.
+====
 
 . Save your changes and quit the text editor to apply your changes.
 
diff --git a/modules/cert-manager-override-environment-variables.adoc b/modules/cert-manager-override-environment-variables.adoc
index a54fd7195e5e..5850ad551176 100644
--- a/modules/cert-manager-override-environment-variables.adoc
+++ b/modules/cert-manager-override-environment-variables.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-override-environment-variables_{context}"]
 = Customizing cert-manager by overriding environment variables from the cert-manager Operator API
 
diff --git a/modules/cert-manager-override-flag-controller.adoc b/modules/cert-manager-override-flag-controller.adoc
new file mode 100644
index 000000000000..c40717ade3ca
--- /dev/null
+++ b/modules/cert-manager-override-flag-controller.adoc
@@ -0,0 +1,84 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cert-manager-override-flag-controller_{context}"]
+= Deleting a TLS secret automatically upon Certificate removal
+
+You can enable the `--enable-certificate-owner-ref` flag for the {cert-manager-operator} by adding a `spec.controllerConfig` section in the `CertManager` resource. The `--enable-certificate-owner-ref` flag sets the certificate resource as an owner of the secret where the TLS certificate is stored.
+
+[WARNING]
+====
+If you uninstall the {cert-manager-operator} or delete certificate resources from the cluster, the secret is deleted automatically. This might cause network connectivity issues depending upon where the certificate TLS secret is being used.
+====
+
+.Prerequisites
+
+* You have access to the {product-title} cluster as a user with the `cluster-admin` role.
+* You have installed the {cert-manager-operator} 1.12.0 or later.
+
+
+.Procedure
+
+. Check that the `Certificate` object and its secret are available by running the following command:
++
+[source,terminal]
+----
+$ oc get certificate
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                             READY   SECRET                                           AGE
+certificate-from-clusterissuer-route53-ambient   True    certificate-from-clusterissuer-route53-ambient   8h
+----
+
+. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager cluster
+----
+
+. Add a `spec.controllerConfig` section with the following override arguments:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+metadata:
+  name: cluster
+# ...
+spec:
+# ...
+  controllerConfig:
+    overrideArgs:
+      - '--enable-certificate-owner-ref'
+----
+
+. Save your changes and quit the text editor to apply your changes.
+
+.Verification
+
+* Verify that the `--enable-certificate-owner-ref` flag is updated for cert-manager controller pod by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -l app.kubernetes.io/name=cert-manager -n cert-manager -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+# ...
+  metadata:
+    name: cert-manager-6e4b4d7d97-zmdnb
+    namespace: cert-manager
+# ...
+  spec:
+    containers:
+    - args:
+      - --enable-certificate-owner-ref
+----
diff --git a/modules/cert-manager-proxy-support.adoc b/modules/cert-manager-proxy-support.adoc
index cfbd5d29f7d1..b7996edcde51 100644
--- a/modules/cert-manager-proxy-support.adoc
+++ b/modules/cert-manager-proxy-support.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-proxy-support_{context}"]
 = Injecting a custom CA certificate for the {cert-manager-operator}
 
diff --git a/modules/cert-manager-query-metrics.adoc b/modules/cert-manager-query-metrics.adoc
index 0cb178d36a84..ca0573e18b9e 100644
--- a/modules/cert-manager-query-metrics.adoc
+++ b/modules/cert-manager-query-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-query-metrics_{context}"]
 = Querying metrics for the {cert-manager-operator}
 
diff --git a/modules/cert-manager-remove-resources-console.adoc b/modules/cert-manager-remove-resources-console.adoc
index eb0d751fe968..bb3913ddf639 100644
--- a/modules/cert-manager-remove-resources-console.adoc
+++ b/modules/cert-manager-remove-resources-console.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert-manager-operator-uninstall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-remove-resources-console_{context}"]
 = Removing {cert-manager-operator} resources
 
diff --git a/modules/cert-manager-request-methods.adoc b/modules/cert-manager-request-methods.adoc
index 4d972a7c64a5..ff9aebcc8db5 100644
--- a/modules/cert-manager-request-methods.adoc
+++ b/modules/cert-manager-request-methods.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cert-manager-request-methods_{context}"]
 = Certificate request methods
 
diff --git a/modules/cert-manager-uninstall-console.adoc b/modules/cert-manager-uninstall-console.adoc
index 32b069abc629..d22f7cb446c5 100644
--- a/modules/cert-manager-uninstall-console.adoc
+++ b/modules/cert-manager-uninstall-console.adoc
@@ -2,7 +2,7 @@
 //
 // * security/cert_manager_operator/cert-manager-operator-uninstall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cert-manager-uninstall-console_{context}"]
 = Uninstalling the {cert-manager-operator}
 
diff --git a/modules/checking-cluster-resource-availability-and-utilization.adoc b/modules/checking-cluster-resource-availability-and-utilization.adoc
index 8ace6a550f11..204a60ce30c4 100644
--- a/modules/checking-cluster-resource-availability-and-utilization.adoc
+++ b/modules/checking-cluster-resource-availability-and-utilization.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-cluster-resource-availability-and-utilization_{context}"]
 = Checking cluster resource availability and utilization
 
diff --git a/modules/checking-file-intergrity-cr-status.adoc b/modules/checking-file-intergrity-cr-status.adoc
index 15dcf51c86b7..94e438194b0c 100644
--- a/modules/checking-file-intergrity-cr-status.adoc
+++ b/modules/checking-file-intergrity-cr-status.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-understanding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-the-file-integrity-CR-status_{context}"]
 = Checking the FileIntegrity custom resource status
 
diff --git a/modules/checking-load-balancer-configuration.adoc b/modules/checking-load-balancer-configuration.adoc
index c60a997a5807..6f1099c16435 100644
--- a/modules/checking-load-balancer-configuration.adoc
+++ b/modules/checking-load-balancer-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-load-balancer-configuration_{context}"]
 = Checking a load balancer configuration before {product-title} installation
 
diff --git a/modules/checking-mco-node-status.adoc b/modules/checking-mco-node-status.adoc
new file mode 100644
index 000000000000..dd70e96b7149
--- /dev/null
+++ b/modules/checking-mco-node-status.adoc
@@ -0,0 +1,115 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/machine-configuration-tasks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="checking-mco-node-status_{context}"]
+= Checking machine config node status
+
+During updates you might want to monitor the progress of individual nodes in case issues arise and you need to troubleshoot a node.
+
+To see the status of the Machine Config Operator (MCO) updates to your cluster, use the following `oc` commands:
+
+:FeatureName: Improved MCO state reporting
+include::snippets/technology-preview.adoc[]
+
+.Procedure
+. Get a summary of update statuses for all nodes in all machine config pools by running the following command:
++
+[source,terminal]
+----
+$ oc get machineconfignodes
+----
++
+.Example output
+[source,text]
+----
+NAME                          UPDATED   UPDATEPREPARED   UPDATEEXECUTED   UPDATEPOSTACTIONCOMPLETED   UPDATECOMPLETED   RESUMED
+ip-10-0-12-194.ec2.internal   True      False             False              False                    False              False
+ip-10-0-17-102.ec2.internal   False     True              False              False                    False              False
+ip-10-0-2-232.ec2.internal    False     False             True               False                    False              False
+ip-10-0-59-251.ec2.internal   False     False             False              True                     False              False
+ip-10-0-59-56.ec2.internal    False     False             False              False                    True               True
+ip-10-0-6-214.ec2.internal    False     False             Unknown            False                    False              False
+----
++
+where:
++
+UPDATED:: The `True` status indicates that the MCO has applied the current machine config to that particular node. The `False` status indicates that the node is currently updating. The `Unknown` status means the operation is processing.
+UPDATEPREPARED:: The `False` status indicates that the MCO has not started reconciling the new machine configs to be distributed. The `True` status indicates that the MCO has completed this phase of the update. The `Unknown` status means the operation is processing.
+UPDATEEXECUTED:: The `False` status indicates that the MCO has not started cordoning and draining the node. It also indicates that the disk state and operating system have not started updating. The `True` status indicates that the MCO has completed this phase of the update. The `Unknown` status means the operation is processing.
+UPDATEPOSTACTIONCOMPLETED:: The `False` status indicates that the MCO has not started rebooting the node or closing the daemon. The `True` status indicates that the MCO has completed reboot and updating the node status. The `Unknown` status indicates either that an error has occurred during the update process at this phase, or that the MCO is currently applying the update.
+UPDATECOMPLETED:: The `False` status indicates that the MCO has not started uncordoning the node and updating the node state and metrics. The `True` status indicates that the MCO has finished updating the node state and available metrics.
+RESUMED:: The `False` status indicates that the MCO has not started the config drift monitor. The `True` status indicates that the node has resumed operation. The `Unknown` status means the operation is processing.
++
+[NOTE]
+====
+Within the primary phases previously described, you can have secondary phases which you can use to see the update progression in more detail. You can get more information that includes secondary phases of updates by using the `-o wide` option of the preceding command. This provides the additional `UPDATECOMPATIBLE`, `UPDATEFILESANDOS`, `DRAINEDNODE`, `CORDONEDNODE`, `REBOOTNODE`, `RELOADEDCRIO` and `UNCORDONED` columns. These secondary phases do not always occur and depend on the type of update you want to apply.
+====
+
+. Check the update status of nodes in a specific machine config pool by running the following command:
++
+[source,terminal]
+----
+$ oc get machineconfignodes $(oc get machineconfignodes -o json | jq -r '.items[]|select(.spec.pool.name=="<pool_name>")|.metadata.name') <1>
+----
+<1> The name of the pool is the `MachineConfigPool` object name.
++
+.Example output
+[source,text]
+----
+NAME                          UPDATED   UPDATEPREPARED   UPDATEEXECUTED   UPDATEPOSTACTIONCOMPLETE   UPDATECOMPLETE   RESUMED
+ip-10-0-48-226.ec2.internal   True      False            False            False                      False            False
+ip-10-0-5-241.ec2.internal    True      False            False            False                      False            False
+ip-10-0-74-108.ec2.internal   True      False            False            False                      False            False
+----
+
+. Check the update status of an individual node by running the following command:
++
+[source,terminal]
+----
+$ oc describe machineconfignode/<node_name> <1>
+----
+<1> The name of the node is the `MachineConfigNode` object name.
++
+.Example output
+[source,text]
+----
+Name:         <node_name>
+Namespace:
+Labels:       <none>
+Annotations:  <none>
+API Version:  machineconfiguration.openshift.io/v1alpha1
+Kind:         MachineConfigNode
+Metadata:
+  Creation Timestamp:  2023-10-17T13:08:58Z
+  Generation:          1
+  Resource Version:    49443
+  UID:                 4bd758ab-2187-413c-ac42-882e61761b1d
+Spec:
+  Node Ref:
+    Name:         <node_name>
+  Pool:
+    Name:         master
+  ConfigVersion:
+    Desired: rendered-worker-823ff8dc2b33bf444709ed7cd2b9855b <1>
+Status:
+  Conditions:
+    Last Transition Time:  2023-10-17T13:09:02Z
+    Message:               Node has completed update to config rendered-master-cf99e619747ab19165f11e3546c71f1e
+    Reason:                NodeUpgradeComplete
+    Status:                True
+    Type:                  Updated
+    Last Transition Time:  2023-10-17T13:09:02Z
+    Message:               This node has not yet entered the UpdatePreparing phase
+    Reason:                NotYetOccured
+    Status:                False
+  Config Version:
+    Current:            rendered-worker-823ff8dc2b33bf444709ed7cd2b9855b
+    Desired:            rendered-worker-823ff8dc2b33bf444709ed7cd2b9855b <2>
+  Health:               Healthy
+  Most Recent Error:
+  Observed Generation:  3
+----
+<1> The desired configuration specified in the `spec.configversion.desired` field updates immediately when a new configuration is detected on the node.
+<2> The desired configuration specified in the `status.configversion.desired` field updates only when the new configuration is validated by the Machine Config Daemon (MCD). The MCD performs validation by checking the current phase of the update. If the update successfully passes the `UPDATEPREPARED` phase, then the status adds the new configuration.
diff --git a/modules/checking-mco-status-certs.adoc b/modules/checking-mco-status-certs.adoc
new file mode 100644
index 000000000000..3ee48306159b
--- /dev/null
+++ b/modules/checking-mco-status-certs.adoc
@@ -0,0 +1,84 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/machine-configuration-tasks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="checking-mco-status-certs_{context}"]
+= Viewing and interacting with certificates
+
+The following certificates are handled in the cluster by the Machine Config Controller (MCC) and can be found in the `ControllerConfig` resource:
+
+* `/etc/kubernetes/kubelet-ca.crt`
+* `/etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem`
+* `/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt`
+
+The MCC also handles the image registry certificates and its associated user bundle certificate.
+
+You can get information about the listed certificates, including the underyling bundle the certificate comes from, and the signing and subject data.
+
+.Procedure
+
+* Get detailed certificate information by running the following command:
++
+[source,terminal]
+----
+$ oc get controllerconfig/machine-config-controller -o yaml | yq -y '.status.controllerCertificates'
+----
++
+.Example output
++
+[source,text]
+----
+"controllerCertificates": [
+                   {
+                       "bundleFile": "KubeAPIServerServingCAData",
+                       "signer": "<signer_data1>",
+                       "subject": "CN=openshift-kube-apiserver-operator_node-system-admin-signer@168909215"
+                   },
+                   {
+                       "bundleFile": "RootCAData",
+                       "signer": "<signer_data2>",
+                       "subject": "CN=root-ca,OU=openshift"
+                   }
+                ]
+----
+
+* Get a simpler version of the information found in the ControllerConfig by checking the machine config pool status using the following command:
++
+[source,terminal]
+----
+$ oc get mcp master -o yaml | yq -y '.status.certExpirys'
+----
++
+.Example output
++
+[source,text]
+----
+status:
+  certExpirys:
+  - bundle: KubeAPIServerServingCAData
+    subject: CN=admin-kubeconfig-signer,OU=openshift
+  - bundle: KubeAPIServerServingCAData
+    subject: CN=kube-csr-signer_@1689585558
+  - bundle: KubeAPIServerServingCAData
+    subject: CN=kubelet-signer,OU=openshift
+  - bundle: KubeAPIServerServingCAData
+    subject: CN=kube-apiserver-to-kubelet-signer,OU=openshift
+  - bundle: KubeAPIServerServingCAData
+    subject: CN=kube-control-plane-signer,OU=openshift
+----
++
+This method is meant for {product-title} applications that already consume machine config pool information.
+
+* Check which image registry certificates are on the nodes by looking at the contents of the `/etc/docker/cert.d` directory:
++
+[source,terminal]
+----
+# ls /etc/docker/certs.d
+----
++
+.Example output
+[source,text]
+----
+image-registry.openshift-image-registry.svc.cluster.local:5000 image-registry.openshift-image-registry.svc:5000
+----
diff --git a/modules/checking-mco-status.adoc b/modules/checking-mco-status.adoc
index a0693741c0ba..92ef365867c9 100644
--- a/modules/checking-mco-status.adoc
+++ b/modules/checking-mco-status.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-mco-status_{context}"]
 = Checking machine config pool status
 
@@ -28,21 +28,21 @@ worker    rendered-worker-f4b64…    False    True       False     3
 where:
 
 UPDATED:: The `True` status indicates that the MCO has applied the current machine config to the nodes in that MCP. The current machine config is specified in the `STATUS` field in the `oc get mcp` output. The `False` status indicates a node in the MCP is updating.
-UPDATING:: The `True` status indicates that the MCO is applying the desired machine config, as specified in the `MachineConfigPool` custom resource, to at least one of the nodes in that MCP. The desired machine config is the new, edited machine config. Nodes that are updating might not be available for scheduling. The `False` status indicates that all nodes in the MCP are updated. 
-DEGRADED:: A `True` status indicates the MCO is blocked from applying the current or desired machine config to at least one of the nodes in that MCP, or the configuration is failing. Nodes that are degraded might not be available for scheduling. A `False` status indicates that all nodes in the MCP are ready. 
+UPDATING:: The `True` status indicates that the MCO is applying the desired machine config, as specified in the `MachineConfigPool` custom resource, to at least one of the nodes in that MCP. The desired machine config is the new, edited machine config. Nodes that are updating might not be available for scheduling. The `False` status indicates that all nodes in the MCP are updated.
+DEGRADED:: A `True` status indicates the MCO is blocked from applying the current or desired machine config to at least one of the nodes in that MCP, or the configuration is failing. Nodes that are degraded might not be available for scheduling. A `False` status indicates that all nodes in the MCP are ready.
 MACHINECOUNT:: Indicates the total number of machines in that MCP.
 READYMACHINECOUNT:: Indicates the total number of machines in that MCP that are ready for scheduling.
 UPDATEDMACHINECOUNT:: Indicates the total number of machines in that MCP that have the current machine config.
 DEGRADEDMACHINECOUNT:: Indicates the total number of machines in that MCP that are marked as degraded or unreconcilable.
 --
 +
-In the previous output, there are three control plane (master) nodes and three worker nodes. The control plane MCP and the associated nodes are updated to the current machine config. The nodes in the worker MCP are being updated to the desired machine config. Two of the nodes in the worker MCP are updated and one is still updating, as indicated by the `UPDATEDMACHINECOUNT` being `2`. There are no issues, as indicated by the `DEGRADEDMACHINECOUNT` being `0` and `DEGRADED` being `False`. 
+In the previous output, there are three control plane (master) nodes and three worker nodes. The control plane MCP and the associated nodes are updated to the current machine config. The nodes in the worker MCP are being updated to the desired machine config. Two of the nodes in the worker MCP are updated and one is still updating, as indicated by the `UPDATEDMACHINECOUNT` being `2`. There are no issues, as indicated by the `DEGRADEDMACHINECOUNT` being `0` and `DEGRADED` being `False`.
 +
 While the nodes in the MCP are updating, the machine config listed under `CONFIG` is the current machine config, which the MCP is being updated from. When the update is complete, the listed machine config is the desired machine config, which the MCP was updated to.
 +
 [NOTE]
 ====
-If a node is being cordoned, that node is not included in the `READYMACHINECOUNT`, but is included in the `MACHINECOUNT`. Also, the MCP status is set to `UPDATING`. Because the node has the current machine config, it is counted in the `UPDATEDMACHINECOUNT` total: 
+If a node is being cordoned, that node is not included in the `READYMACHINECOUNT`, but is included in the `MACHINECOUNT`. Also, the MCP status is set to `UPDATING`. Because the node has the current machine config, it is counted in the `UPDATEDMACHINECOUNT` total:
 
 .Example output
 [source,terminal]
diff --git a/modules/checking-project-status-using-the-CLI.adoc b/modules/checking-project-status-using-the-CLI.adoc
index 0849609763c7..d4c5b8bc577c 100644
--- a/modules/checking-project-status-using-the-CLI.adoc
+++ b/modules/checking-project-status-using-the-CLI.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-project-status-using-the-CLI_{context}"]
 = Checking project status using the CLI
 
diff --git a/modules/checking-project-status-using-the-web-console.adoc b/modules/checking-project-status-using-the-web-console.adoc
index fb0d6cd6f95c..b2a1f716298a 100644
--- a/modules/checking-project-status-using-the-web-console.adoc
+++ b/modules/checking-project-status-using-the-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-project-status-using-the-web-console_{context}"]
 = Checking project status using the web console
 
diff --git a/modules/cleaning-crio-storage.adoc b/modules/cleaning-crio-storage.adoc
index 335e35edcfba..1a4ea072b4bc 100644
--- a/modules/cleaning-crio-storage.adoc
+++ b/modules/cleaning-crio-storage.adoc
@@ -1,4 +1,8 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * support/troubleshooting/troubleshooting-crio-issues
+
+:_mod-docs-content-type: PROCEDURE
 [id="cleaning-crio-storage_{context}"]
 
 = Cleaning CRI-O storage
@@ -6,14 +10,14 @@
 You can manually clear the CRI-O ephemeral storage if you experience the following issues:
 
 * A node cannot run on any pods and this error appears:
-[source, terminal]
+[source,terminal]
 +
 ----
 Failed to create pod sandbox: rpc error: code = Unknown desc = failed to mount container XXX: error recreating the missing symlinks: error reading name of symlink for XXX: open /var/lib/containers/storage/overlay/XXX/link: no such file or directory
 ----
 +
 * You cannot create a new container on a working node and the  “can’t stat lower layer” error appears:
-[source, terminal]
+[source,terminal]
 +
 ----
 can't stat lower layer ...  because it does not exist.  Going through storage to recreate the missing symlinks.
@@ -23,7 +27,7 @@ can't stat lower layer ...  because it does not exist.  Going through storage to
 
 * The container runtime implementation (`crio`) is not working properly.
 
-* You are unable to start a debug shell on the node using `oc debug node/<nodename>` because the container runtime instance (`crio`) is not working.
+* You are unable to start a debug shell on the node using `oc debug node/<node_name>` because the container runtime instance (`crio`) is not working.
 
 Follow this process to completely wipe the CRI-O storage and resolve the errors.
 
@@ -35,26 +39,26 @@ Follow this process to completely wipe the CRI-O storage and resolve the errors.
 .Procedure
 
 . Use `cordon` on the node. This is to avoid any workload getting scheduled if the node gets into the `Ready` status. You will know that scheduling is disabled when `SchedulingDisabled` is in your Status section:
-[source, terminal]
+[source,terminal]
 +
 ----
-$ oc adm cordon <nodename>
+$ oc adm cordon <node_name>
 ----
 +
 . Drain the node as the cluster-admin user:
-[source, terminal]
+[source,terminal]
 +
 ----
-$ oc adm drain <nodename> --ignore-daemonsets --delete-emptydir-data
+$ oc adm drain <node_name> --ignore-daemonsets --delete-emptydir-data
 ----
 +
 [NOTE]
 ====
-The `terminationGracePeriodSeconds` attribute of a pod or pod template controls the graceful termination period. This attribute defaults at 30 seconds, but can be customized per application as necessary. If set to more than 90 seconds, the pod might be marked as `SIGKILLed` and fail to terminate successfully.
+The `terminationGracePeriodSeconds` attribute of a pod or pod template controls the graceful termination period. This attribute defaults at 30 seconds, but can be customized for each application as necessary. If set to more than 90 seconds, the pod might be marked as `SIGKILLed` and fail to terminate successfully.
 ====
 
 . When the node returns, connect back to the node via SSH or Console. Then connect to the root user:
-[source, terminal]
+[source,terminal]
 +
 ----
 $ ssh core@node1.example.com
@@ -62,7 +66,7 @@ $ sudo -i
 ----
 +
 . Manually stop the kubelet:
-[source, terminal]
+[source,terminal]
 +
 ----
 # systemctl stop kubelet
@@ -71,35 +75,35 @@ $ sudo -i
 . Stop the containers and pods:
 
 .. Use the following command to stop the pods that are not in the `HostNetwork`. They must be removed first because their removal relies on the networking plugin pods, which are in the `HostNetwork`.
-[source, terminal]
+[source,terminal]
 +
 ----
 .. for pod in $(crictl pods -q); do if [[ "$(crictl inspectp $pod | jq -r .status.linux.namespaces.options.network)" != "NODE" ]]; then crictl rmp -f $pod; fi; done
 ----
 
 .. Stop all other pods:
-[source, terminal]
+[source,terminal]
 +
 ----
 # crictl rmp -fa
 ----
 +
 . Manually stop the crio services:
-[source, terminal]
+[source,terminal]
 +
 ----
 # systemctl stop crio
 ----
 +
 . After you run those commands, you can completely wipe the ephemeral storage:
-[source, terminal]
+[source,terminal]
 +
 ----
 # crio wipe -f
 ----
 +
 . Start the crio and kubelet service:
-[source, terminal]
+[source,terminal]
 +
 ----
 # systemctl start crio
@@ -107,31 +111,31 @@ $ sudo -i
 ----
 +
 . You will know if the clean up worked if the crio and kubelet services are started, and the node is in the `Ready` status:
-[source, terminal]
+[source,terminal]
 +
 ----
 $ oc get nodes
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 +
 ----
 NAME				    STATUS	                ROLES    AGE    VERSION
-ci-ln-tkbxyft-f76d1-nvwhr-master-1  Ready, SchedulingDisabled   master	 133m   v1.26.0
+ci-ln-tkbxyft-f76d1-nvwhr-master-1  Ready, SchedulingDisabled   master	 133m   v1.28.5
 ----
 +
 . Mark the node schedulable. You will know that the scheduling is enabled when `SchedulingDisabled` is no longer in status:
-[source, terminal]
+[source,terminal]
 +
 ----
-$ oc adm uncordon <nodename>
+$ oc adm uncordon <node_name>
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 +
 ----
 NAME				     STATUS	      ROLES    AGE    VERSION
-ci-ln-tkbxyft-f76d1-nvwhr-master-1   Ready            master   133m   v1.26.0
+ci-ln-tkbxyft-f76d1-nvwhr-master-1   Ready            master   133m   v1.28.5
 ----
diff --git a/modules/cleanup-a-backup-oadp-rosa-sts.adoc b/modules/cleanup-a-backup-oadp-rosa-sts.adoc
new file mode 100644
index 000000000000..d94fc8371047
--- /dev/null
+++ b/modules/cleanup-a-backup-oadp-rosa-sts.adoc
@@ -0,0 +1,96 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cleanup-a-backup-oadp-rosa-sts_{context}"]
+= Cleaning up a cluster after a backup with OADP and ROSA STS
+
+If you need to uninstall the {oadp-first} Operator together with the backups and the S3 bucket from this example, follow these instructions.
+
+.Procedure
+
+. Delete the workload by running the following command:
++
+[source,terminal]
+----
+$ oc delete ns hello-world
+----
+. Delete the Data Protection Application (DPA) by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete dpa ${CLUSTER_NAME}-dpa
+----
+. Delete the cloud storage by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete cloudstorage ${CLUSTER_NAME}-oadp
+----
++
+[WARNING]
+====
+If this command hangs, you might need to delete the finalizer by running the following command:
+[source,terminal]
+----
+$ oc -n openshift-adp patch cloudstorage ${CLUSTER_NAME}-oadp -p '{"metadata":{"finalizers":null}}' --type=merge
+----
+====
+. If the Operator is no longer required, remove it by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete subscription oadp-operator
+----
+. Remove the namespace from the Operator:
++
+[source,terminal]
+----
+$ oc delete ns openshift-adp
+----
+
+. If the backup and restore resources are no longer required, remove them from the cluster by running the following command:
+
++
+[source,terminal]
+----
+$ oc delete backup hello-world
+----
++
+. To delete backup, restore and remote objects in {aws-short} S3 run the following command:
++
+[source,terminal]
+----
+$ velero backup delete hello-world
+----
+. If you no longer need the Custom Resource Definitions (CRD), remove them from the cluster by running the following command:
++
+[source,terminal]
+----
+$ for CRD in `oc get crds | grep velero | awk '{print $1}'`; do oc delete crd $CRD; done
+----
+. Delete the {aws-short} S3 bucket by running the following commands:
++
+[source,terminal]
+----
+$ aws s3 rm s3://${CLUSTER_NAME}-oadp --recursive
+----
++
+[source,terminal]
+----
+$ aws s3api delete-bucket --bucket ${CLUSTER_NAME}-oadp
+----
+. Detach the policy from the role by running the following command:
++
+[source,terminal]
+----
+$ aws iam detach-role-policy --role-name "${ROLE_NAME}" \
+  --policy-arn "${POLICY_ARN}"
+----
+. Delete the role by running the following command:
++
+[source,terminal]
+----
+$ aws iam delete-role --role-name "${ROLE_NAME}"
+----
diff --git a/modules/cli-about-cli.adoc b/modules/cli-about-cli.adoc
index 4f25aaa91f68..a640d0d6d4db 100644
--- a/modules/cli-about-cli.adoc
+++ b/modules/cli-about-cli.adoc
@@ -2,14 +2,25 @@
 //
 // * cli_reference/openshift_cli/getting-started.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cli-about-cli_{context}"]
 = About the OpenShift CLI
 
-With the OpenShift command-line interface (CLI), the `oc` command, you can create applications and manage {product-title} projects from a terminal. The OpenShift CLI is ideal in the following situations:
+With the {oc-first}, you can create applications and manage {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+projects from a terminal. The OpenShift CLI is ideal in the following situations:
 
 * Working directly with project source code
-* Scripting {product-title} operations
+* Scripting
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+operations
 ifndef::microshift[]
 * Managing projects while restricted by bandwidth resources and the web console is unavailable
 endif::microshift[]
diff --git a/modules/cli-configuring-completion-zsh.adoc b/modules/cli-configuring-completion-zsh.adoc
index 5fb7754406c6..075c0c0202a6 100644
--- a/modules/cli-configuring-completion-zsh.adoc
+++ b/modules/cli-configuring-completion-zsh.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/configuring-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-enabling-tab-completion-zsh_{context}"]
 = Enabling tab completion for Zsh
 
diff --git a/modules/cli-configuring-completion.adoc b/modules/cli-configuring-completion.adoc
index 36ff7dba2e04..af3f61f1ebc0 100644
--- a/modules/cli-configuring-completion.adoc
+++ b/modules/cli-configuring-completion.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/configuring-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-enabling-tab-completion_{context}"]
 = Enabling tab completion for Bash
 
diff --git a/modules/cli-extending-plugins-installing.adoc b/modules/cli-extending-plugins-installing.adoc
index 33e91a5e3764..8f5f06d43734 100644
--- a/modules/cli-extending-plugins-installing.adoc
+++ b/modules/cli-extending-plugins-installing.adoc
@@ -2,12 +2,19 @@
 //
 // * cli_reference/openshift_cli/extending-cli-plugins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-plugins_{context}"]
 = Installing and using CLI plugins
 
-After you write a custom plugin for the {product-title} CLI, you must install
-it to use the functionality that it provides.
+After you write a custom plugin for the
+ifndef::openshift-rosa,openshift-dedicated[]
+{product-title}
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+OpenShift
+endif::openshift-rosa,openshift-dedicated[]
+CLI, you must install
+the plugin before use.
 
 .Prerequisites
 
diff --git a/modules/cli-extending-plugins-writing.adoc b/modules/cli-extending-plugins-writing.adoc
index a71a89e167a3..e143ed4552ab 100644
--- a/modules/cli-extending-plugins-writing.adoc
+++ b/modules/cli-extending-plugins-writing.adoc
@@ -2,11 +2,18 @@
 //
 // * cli_reference/openshift_cli/extending-cli-plugins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-writing-plugins_{context}"]
 = Writing CLI plugins
 
-You can write a plugin for the {product-title} CLI in any programming language
+You can write a plugin for the
+ifndef::openshift-rosa,openshift-dedicated[]
+{product-title}
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+OpenShift
+endif::openshift-rosa,openshift-dedicated[]
+CLI in any programming language
 or script that allows you to write command-line commands. Note that you can not
 use a plugin to overwrite an existing `oc` command.
 
@@ -50,7 +57,14 @@ fi
 echo "I am a plugin named kubectl-foo"
 ----
 
-After you install this plugin for the {product-title} CLI, it can be invoked
+After you install this plugin for the
+ifndef::openshift-rosa,openshift-dedicated[]
+{product-title}
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa[]
+OpenShift
+endif::openshift-rosa[]
+CLI, it can be invoked
 using the `oc foo` command.
 
 [role="_additional-resources"]
diff --git a/modules/cli-getting-help.adoc b/modules/cli-getting-help.adoc
index 0bbcbf6ce47d..8b352e7e4a2c 100644
--- a/modules/cli-getting-help.adoc
+++ b/modules/cli-getting-help.adoc
@@ -5,8 +5,14 @@
 [id="cli-getting-help_{context}"]
 = Getting help
 
-You can get help with CLI commands and {product-title} resources in the
-following ways.
+You can get help with CLI commands and 
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+resources in the following ways:
 
 * Use `oc help` to get a list and description of all available CLI commands:
 +
diff --git a/modules/cli-installing-cli-brew.adoc b/modules/cli-installing-cli-brew.adoc
index 8315eeef2c46..a53a1785cbd8 100644
--- a/modules/cli-installing-cli-brew.adoc
+++ b/modules/cli-installing-cli-brew.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/openshift_cli/getting-started.adoc
 // * microshift_cli_ref/microshift_oc_cli_install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-cli-brew_{context}"]
 = Installing the OpenShift CLI by using Homebrew
 
diff --git a/modules/cli-installing-cli-rpm.adoc b/modules/cli-installing-cli-rpm.adoc
index ecedb5b9bb84..81301b74a316 100644
--- a/modules/cli-installing-cli-rpm.adoc
+++ b/modules/cli-installing-cli-rpm.adoc
@@ -3,11 +3,20 @@
 // * cli_reference/openshift_cli/getting-started.adoc
 // * microshift_cli_ref/microshift_oc_cli_install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-cli-rpm_{context}"]
 = Installing the OpenShift CLI by using an RPM
 
-For {op-system-base-full}, you can install the OpenShift CLI (`oc`) as an RPM if you have an active {product-title} subscription on your Red Hat account.
+For {op-system-base-full}, you can install the {oc-first} as an RPM if you have an active {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+subscription on your Red Hat account.
+
+[NOTE]
+====
+It is not supported to install the OpenShift CLI (`oc`) as an RPM for {op-system-base-full} 9. You must install the OpenShift CLI for {op-system-base} 9 by downloading the binary.
+====
 
 .Prerequisites
 
@@ -36,24 +45,32 @@ For {op-system-base-full}, you can install the OpenShift CLI (`oc`) as an RPM if
 # subscription-manager list --available --matches '*OpenShift*'
 ----
 
-. In the output for the previous command, find the pool ID for an {product-title} subscription and attach the subscription to the registered system:
+. In the output for the previous command, find the pool ID for
+ifndef::openshift-rosa[]
+an {product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+a ROSA
+endif::openshift-rosa[]
+subscription and attach the subscription to the registered system:
 +
 [source,terminal]
 ----
 # subscription-manager attach --pool=<pool_id>
 ----
 
-. Enable the repositories required by {product-title} {product-version}.
+. Enable the repositories required by
+ifndef::openshift-rosa[]
+{product-title} {product-version}.
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA.
+endif::openshift-rosa[]
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-# subscription-manager repos --enable="rhocp-4.13-for-rhel-8-x86_64-rpms"
+# subscription-manager repos --enable="rhocp-{product-version}-for-rhel-8-x86_64-rpms"
 ----
-+
-[NOTE]
-====
-It is not supported to install the OpenShift CLI (`oc`) as an RPM for {op-system-base-full} 9. You must install the OpenShift CLI for {op-system-base} 9 by downloading the binary.
-====
 
 . Install the `openshift-clients` package:
 +
diff --git a/modules/cli-installing-cli-web-console-linux.adoc b/modules/cli-installing-cli-web-console-linux.adoc
index d1490d480359..bbd2583633fb 100644
--- a/modules/cli-installing-cli-web-console-linux.adoc
+++ b/modules/cli-installing-cli-web-console-linux.adoc
@@ -2,14 +2,14 @@ ifeval::["{context}" == "updating-restricted-network-cluster"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-cli-web-console-macos-linux_{context}"]
 = Installing the OpenShift CLI on Linux using the web console
 
 You can install the OpenShift CLI (`oc`) binary on Linux by using the following procedure.
 
 .Procedure
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . From the web console, click *?*.
 +
 image::click-question-mark.png[]
@@ -17,8 +17,16 @@ image::click-question-mark.png[]
 +
 image::CLI-list.png[]
 . Select appropriate `oc` binary for your Linux platform, and then click *Download oc for Linux*.
+
 . Save the file.
 . Unpack the archive.
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+. Download the latest version of the `oc` CLI for your operating system from the link:https://console.redhat.com/openshift/downloads[*Downloads*] page on {cluster-manager}.
+
+. Extract the `oc` binary file from the downloaded archive.
+endif::openshift-rosa,openshift-dedicated[]
 +
 [source,terminal]
 ----
diff --git a/modules/cli-installing-cli-web-console-macos.adoc b/modules/cli-installing-cli-web-console-macos.adoc
index 02e13fc47b2d..eab712b96fad 100644
--- a/modules/cli-installing-cli-web-console-macos.adoc
+++ b/modules/cli-installing-cli-web-console-macos.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-cli-web-console-macos_{context}"]
 = Installing the OpenShift CLI on macOS using the web console
 ifeval::["{context}" == "updating-restricted-network-cluster"]
@@ -8,7 +8,7 @@ endif::[]
 You can install the OpenShift CLI (`oc`) binary on macOS by using the following procedure.
 
 .Procedure
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . From the web console, click *?*.
 +
 image::click-question-mark.png[]
@@ -24,6 +24,12 @@ For macOS arm64, click *Download oc for Mac for ARM 64*.
 
 . Save the file.
 . Unpack and unzip the archive.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+. Download the latest version of the `oc` CLI for your operating system from the link:https://console.redhat.com/openshift/downloads[*Downloads*] page on {cluster-manager}.
+
+. Extract the `oc` binary file from the downloaded archive.
+endif::openshift-rosa,openshift-dedicated[]
 . Move the `oc` binary to a directory on your PATH.
 +
 To check your `PATH`, open a terminal and execute the following command:
diff --git a/modules/cli-installing-cli-web-console-windows.adoc b/modules/cli-installing-cli-web-console-windows.adoc
index fa18b6e7f06c..475e51e06bf6 100644
--- a/modules/cli-installing-cli-web-console-windows.adoc
+++ b/modules/cli-installing-cli-web-console-windows.adoc
@@ -2,14 +2,14 @@ ifeval::["{context}" == "updating-restricted-network-cluster"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-cli-web-console-macos-windows_{context}"]
 = Installing the OpenShift CLI on Windows using the web console
 
-You can install the OpenShift CLI (`oc`) binary on Winndows by using the following procedure.
+You can install the OpenShift CLI (`oc`) binary on Windows by using the following procedure.
 
 .Procedure
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . From the web console, click *?*.
 +
 image::click-question-mark.png[]
@@ -19,6 +19,13 @@ image::CLI-list.png[]
 . Select the `oc` binary for Windows platform, and then click *Download oc for Windows for x86_64*.
 . Save the file.
 . Unzip the archive with a ZIP program.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+. Download the latest version of the `oc` CLI for your operating system from the link:https://console.redhat.com/openshift/downloads[*Downloads*] page on {cluster-manager}.
+
+. Extract the `oc` binary file from the downloaded archive.
+endif::openshift-rosa,openshift-dedicated[]
+
 . Move the `oc` binary to a directory that is on your `PATH`.
 +
 To check your `PATH`, open the command prompt and execute the following command:
diff --git a/modules/cli-installing-cli-web-console.adoc b/modules/cli-installing-cli-web-console.adoc
index c991721ea6eb..ce881a2871f8 100644
--- a/modules/cli-installing-cli-web-console.adoc
+++ b/modules/cli-installing-cli-web-console.adoc
@@ -5,12 +5,26 @@ endif::[]
 [id="cli-installing-cli-web-console_{context}"]
 = Installing the OpenShift CLI by using the web console
 
-You can install the OpenShift CLI (`oc`) to interact with {product-title} from a web console. You can install `oc` on Linux, Windows, or macOS.
+You can install the {oc-first} to interact with {product-title} 
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+clusters
+endif::openshift-dedicated[]
+from a web console. You can install `oc` on Linux, Windows, or macOS.
 
 [IMPORTANT]
 ====
 If you installed an earlier version of `oc`, you cannot use it to complete all
-of the commands in {product-title} {product-version}. Download and
+of the commands in 
+ifndef::openshift-rosa[]
+{product-title} {product-version}.
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA.
+endif::openshift-rosa[]
+Download and
 install the new version of `oc`.
 ifdef::restricted[]
 If you are upgrading a cluster in a restricted network, install the `oc` version that you plan to upgrade to.
diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc
index 130cafa81371..52f3e20ff24e 100644
--- a/modules/cli-installing-cli.adoc
+++ b/modules/cli-installing-cli.adoc
@@ -33,40 +33,54 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/install_config/installing-restricted-networks-preparations.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
 // * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
 // * microshift_cli_ref/microshift-oc-cli-install.adoc
-// * updating/updating-restricted-network-cluster.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 // * installing/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
 // AMQ docs link to this; do not change anchor
 
 ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-installing-cli_{context}"]
 = Installing the OpenShift CLI by downloading the binary
 
-You can install the OpenShift CLI (`oc`) to interact with {product-title} from a
-command-line interface. You can install `oc` on Linux, Windows, or macOS.
+You can install the {oc-first} to interact with
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+clusters
+endif::openshift-dedicated[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+from a command-line interface. You can install `oc` on Linux, Windows, or macOS.
 
 [IMPORTANT]
 ====
-If you installed an earlier version of `oc`, you cannot use it to complete all of the commands in {product-title} {product-version}. Download and install the new version of `oc`.
+If you installed an earlier version of `oc`, you cannot use it to complete all of the commands in
+ifndef::openshift-rosa[]
+{product-title} {product-version}.
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA.
+endif::openshift-rosa[]
+Download and install the new version of `oc`.
 ifdef::restricted[]
 If you are updating a cluster in a disconnected environment, install the `oc` version that you plan to update to.
 endif::restricted[]
@@ -77,6 +91,13 @@ endif::restricted[]
 
 You can install the OpenShift CLI (`oc`) binary on Linux by using the following procedure.
 
+ifdef::microshift[]
+[NOTE]
+====
+{product-title} version numbering matches {OCP} version numbering. Use the `oc` binary that matches your {microshift-short} version and has the appropriate RHEL compatibility.
+====
+
+endif::microshift[]
 .Procedure
 
 ifdef::openshift-origin[]
@@ -110,8 +131,10 @@ To check your `PATH`, execute the following command:
 $ echo $PATH
 ----
 
-After you install the OpenShift CLI, it is available using the `oc` command:
+.Verification
 
+* After you install the OpenShift CLI, it is available using the `oc` command:
++
 [source,terminal]
 ----
 $ oc <command>
@@ -121,7 +144,13 @@ $ oc <command>
 == Installing the OpenShift CLI on Windows
 
 You can install the OpenShift CLI (`oc`) binary on Windows by using the following procedure.
+ifdef::microshift[]
+[NOTE]
+====
+{product-title} version numbering matches {OCP} version numbering. Use the `oc` binary that matches your {microshift-short} version and has the appropriate RHEL compatibility.
+====
 
+endif::microshift[]
 .Procedure
 
 ifdef::openshift-origin[]
@@ -148,8 +177,10 @@ To check your `PATH`, open the command prompt and execute the following command:
 C:\> path
 ----
 
-After you install the OpenShift CLI, it is available using the `oc` command:
+.Verification
 
+* After you install the OpenShift CLI, it is available using the `oc` command:
++
 [source,terminal]
 ----
 C:\> oc <command>
@@ -159,7 +190,13 @@ C:\> oc <command>
 == Installing the OpenShift CLI on macOS
 
 You can install the OpenShift CLI (`oc`) binary on macOS by using the following procedure.
+ifdef::microshift[]
+[NOTE]
+====
+{product-title} version numbering matches {OCP} version numbering. Use the `oc` binary that matches your {microshift-short} version and has the appropriate RHEL compatibility.
+====
 
+endif::microshift[]
 .Procedure
 
 ifdef::openshift-origin[]
@@ -191,8 +228,10 @@ To check your `PATH`, open a terminal and execute the following command:
 $ echo $PATH
 ----
 
-After you install the OpenShift CLI, it is available using the `oc` command:
+.Verification
 
+* After you install the OpenShift CLI, it is available using the `oc` command:
++
 [source,terminal]
 ----
 $ oc <command>
diff --git a/modules/cli-krew-install-plugin.adoc b/modules/cli-krew-install-plugin.adoc
index e35186d4b426..c3ddf5c48f8e 100644
--- a/modules/cli-krew-install-plugin.adoc
+++ b/modules/cli-krew-install-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/installing-cli-plugins-krew.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-krew-install-plugin_{context}"]
 = Installing a CLI plugin with Krew
 
diff --git a/modules/cli-krew-remove-plugin.adoc b/modules/cli-krew-remove-plugin.adoc
index 5c43e2a6b427..7db9e9ebd6a4 100644
--- a/modules/cli-krew-remove-plugin.adoc
+++ b/modules/cli-krew-remove-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/installing-cli-plugins-krew.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-krew-remove-plugin_{context}"]
 = Uninstalling a CLI plugin with Krew
 
diff --git a/modules/cli-krew-update-plugin.adoc b/modules/cli-krew-update-plugin.adoc
index ddaf47993cf1..a53a747ef20f 100644
--- a/modules/cli-krew-update-plugin.adoc
+++ b/modules/cli-krew-update-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/installing-cli-plugins-krew.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-krew-update-plugin_{context}"]
 = Updating a CLI plugin with Krew
 
diff --git a/modules/cli-logging-in-kubeadmin.adoc b/modules/cli-logging-in-kubeadmin.adoc
index a2965982f9e0..832a90039cd5 100644
--- a/modules/cli-logging-in-kubeadmin.adoc
+++ b/modules/cli-logging-in-kubeadmin.adoc
@@ -37,8 +37,8 @@
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
@@ -50,11 +50,11 @@
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
 // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-logging-in-kubeadmin_{context}"]
 = Logging in to the cluster by using the CLI
 
diff --git a/modules/cli-logging-in-web.adoc b/modules/cli-logging-in-web.adoc
new file mode 100644
index 000000000000..157aa21c7e77
--- /dev/null
+++ b/modules/cli-logging-in-web.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * cli_reference/openshift_cli/getting-started.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cli-logging-in-web_{context}"]
+= Logging in to the OpenShift CLI using a web browser
+
+You can log in to the OpenShift CLI (`oc`) with the help of a web browser to access and manage your cluster. This allows users to avoid inserting their access token into the command line.
+
+[WARNING]
+====
+Logging in to the CLI through the web browser runs a server on localhost with HTTP, not HTTPS; use with caution on multi-user workstations.
+====
+
+.Prerequisites
+
+* You must have access to an {product-title} cluster.
+* You must have installed the OpenShift CLI (`oc`).
+* You must have a browser installed.
+
+.Procedure
+
+. Enter the `oc login` command with the `--web` flag:
++
+[source,terminal]
+----
+$ oc login <cluster_url> --web <1>
+----
+<1> Optionally, you can specify the server URL and callback port. For example, `oc login <cluster_url> --web --callback-port 8280 localhost:8443`.
+
+. The web browser opens automatically. If it does not, click the link in the command output. If you do not specify the {product-title} server `oc` tries to open the web console of the cluster specified in the current `oc` configuration file. If no `oc` configuration exists, `oc` prompts interactively for the server URL.
++
+.Example output
+
+[source,terminal]
+----
+Opening login URL in the default browser: https://openshift.example.com
+Opening in existing browser session.
+----
+
+. If more than one identity provider is available, select your choice from the options provided.
+
+. Enter your username and password into the corresponding browser fields. After you are logged in, the browser displays the text `access token received successfully; please return to your terminal`.
+
+. Check the CLI for a login confirmation.
++
+.Example output
+
+[source,terminal]
+----
+Login successful.
+
+You don't have any projects. You can try to create a new project, by running
+
+    oc new-project <projectname>
+
+----
+
+[NOTE]
+====
+The web console defaults to the profile used in the previous session. To switch between Administrator and Developer profiles, log out of the {product-title} web console and clear the cache.
+====
+
+You can now create a project or issue other commands for managing your cluster.
\ No newline at end of file
diff --git a/modules/cli-logging-in.adoc b/modules/cli-logging-in.adoc
index fa4bf9ab6a20..7c506ee04dd7 100644
--- a/modules/cli-logging-in.adoc
+++ b/modules/cli-logging-in.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cli-logging-in_{context}"]
 = Logging in to the OpenShift CLI
 
@@ -10,8 +10,15 @@ You can log in to the OpenShift CLI (`oc`) to access and manage your cluster.
 
 .Prerequisites
 
-* You must have access to an {product-title} cluster.
-* You must have installed the OpenShift CLI (`oc`).
+* You must have access to
+ifndef::openshift-rosa[]
+an {product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+a ROSA
+endif::openshift-rosa[]
+cluster.
+* The {oc-first} is installed.
 
 [NOTE]
 ====
@@ -51,13 +58,27 @@ You don't have any projects. You can try to create a new project, by running
 
 Welcome! See 'oc help' to get started.
 ----
-<1> Enter the {product-title} server URL.
+<1> Enter the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+server URL.
 <2> Enter whether to use insecure connections.
 <3> Enter the user's password.
 
 [NOTE]
 ====
-If you are logged in to the web console, you can generate an `oc login` command that includes your token and server information. You can use the command to log in to the {product-title} CLI without the interactive prompts. To generate the command, select *Copy login command* from the username drop-down menu at the top right of the web console.
+If you are logged in to the web console, you can generate an `oc login` command that includes your token and server information. You can use the command to log in to the
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+OpenShift
+endif::openshift-rosa[]
+CLI without the interactive prompts. To generate the command, select *Copy login command* from the username drop-down menu at the top right of the web console.
 ====
 
 You can now create a project or issue other commands for managing your cluster.
diff --git a/modules/cloud-credential-operator.adoc b/modules/cloud-credential-operator.adoc
index d3daf7ae2224..ba0ef20e456b 100644
--- a/modules/cloud-credential-operator.adoc
+++ b/modules/cloud-credential-operator.adoc
@@ -1,17 +1,37 @@
 // Module included in the following assemblies:
 //
 // * operators/operator-reference.adoc
+// * installing/modules/node-tuning-operator.adoc
 
+ifeval::["{context}" == "cluster-operators-ref"]
+:operators:
+endif::[]
+ifeval::["{context}" == "cluster-capabilities"]
+:cluster-caps:
+endif::[]
+
+:_mod-docs-content-type: REFERENCE
 [id="cloud-credential-operator_{context}"]
-= Cloud Credential Operator
+ifdef::operators[= Cloud Credential Operator]
+ifdef::cluster-caps[= Cloud credential capability]
 
 [discrete]
 == Purpose
 
+ifdef::cluster-caps[]
+The Cloud Credential Operator provides features for the `CloudCredential` capability.
+
+[NOTE]
+====
+Currently, disabling the `CloudCredential` capability is only supported for bare-metal clusters.
+====
+endif::cluster-caps[]
+
 The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). The CCO syncs on `CredentialsRequest` custom resources (CRs) to allow {product-title} components to request cloud provider credentials with the specific permissions that are required for the cluster to run.
 
 By setting different values for the `credentialsMode` parameter in the `install-config.yaml` file, the CCO can be configured to operate in several different modes. If no mode is specified, or the `credentialsMode` parameter is set to an empty string (`""`), the CCO operates in its default mode.
 
+ifdef::operators[]
 [discrete]
 == Project
 
@@ -29,3 +49,11 @@ link:https://github.com/openshift/cloud-credential-operator[openshift-cloud-cred
 == Configuration objects
 
 No configuration required.
+endif::operators[]
+
+ifeval::["{context}" == "cluster-operators-ref"]
+:!operators:
+endif::[]
+ifeval::["{context}" == "cluster-capabilities"]
+:!cluster-caps:
+endif::[]
\ No newline at end of file
diff --git a/modules/cluster-api-architecture.adoc b/modules/cluster-api-architecture.adoc
index 9a952b3e4dac..242a575215b6 100644
--- a/modules/cluster-api-architecture.adoc
+++ b/modules/cluster-api-architecture.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/capi-machine-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-api-architecture_{context}"]
 = Cluster API architecture
 
@@ -13,32 +13,27 @@ The {product-title} integration of the upstream Cluster API is implemented and m
 
 The Cluster CAPI Operator is an {product-title} Operator that maintains the lifecycle of Cluster API resources. This Operator is responsible for all administrative tasks related to deploying the Cluster API project within an {product-title} cluster.
 
-If a cluster is configured correctly to allow the use of the Cluster API, the Cluster CAPI Operator installs the Cluster API Operator on the cluster.
-
-[NOTE]
-====
-The Cluster CAPI Operator is distinct from the upstream Cluster API Operator.
-====
+If a cluster is configured correctly to allow the use of the Cluster API, the Cluster CAPI Operator installs the Cluster API components on the cluster.
 
 For more information, see the entry for the Cluster CAPI Operator in the _Cluster Operators reference_ content.
 
 [id="capi-arch-resources"]
 == Primary resources
 
-The Cluster API is comprised of the following primary resources. For the Technology Preview of this feature, you must create these resources manually in the `openshift-cluster-api` namespace.
+The Cluster API consists of the following primary resources. For the Technology Preview of this feature, you must create these resources manually in the `openshift-cluster-api` namespace.
 
-Cluster:: A fundamental unit that represents a cluster that is managed by the Cluster API. 
+Cluster:: A fundamental unit that represents a cluster that is managed by the Cluster API.
 
 Infrastructure:: A provider-specific resource that defines properties that are shared by all the compute machine sets in the cluster, such as the region and subnets.
 
 Machine template:: A provider-specific template that defines the properties of the machines that a compute machine set creates.
 
-Machine set:: A group of machines. 
+Machine set:: A group of machines.
 +
-Compute machine sets are to machines as replica sets are to pods. If you need more machines or must scale them down, you change the `replicas` field on the compute machine set to meet your compute needs. 
+Compute machine sets are to machines as replica sets are to pods. If you need more machines or must scale them down, you change the `replicas` field on the compute machine set to meet your compute needs.
 +
 With the Cluster API, a compute machine set references a `Cluster` object and a provider-specific machine template.
 
-Machine:: A fundamental unit that describes the host for a node. 
+Machine:: A fundamental unit that describes the host for a node.
 +
 The Cluster API creates machines based on the configuration in the machine template.
\ No newline at end of file
diff --git a/modules/cluster-autoscaler-about.adoc b/modules/cluster-autoscaler-about.adoc
index a73d93c8a571..4785ff3b12db 100644
--- a/modules/cluster-autoscaler-about.adoc
+++ b/modules/cluster-autoscaler-about.adoc
@@ -4,8 +4,10 @@
 // * post_installation_configuration/cluster-tasks.adoc
 // * machine_management/applying-autoscaling.adoc
 // * osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc
+// * osd_cluster_admin/osd-cluster-autoscaling.adoc
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-autoscaler-about_{context}"]
 = About the cluster autoscaler
 
diff --git a/modules/cluster-autoscaler-cr.adoc b/modules/cluster-autoscaler-cr.adoc
index 88e368c87f91..91f24830425b 100644
--- a/modules/cluster-autoscaler-cr.adoc
+++ b/modules/cluster-autoscaler-cr.adoc
@@ -3,9 +3,9 @@
 // * machine_management/applying-autoscaling.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cluster-autoscaler-cr_{context}"]
-= ClusterAutoscaler resource definition
+= Cluster autoscaler resource definition
 
 This `ClusterAutoscaler` resource definition shows the parameters and sample values for the cluster autoscaler.
 
@@ -51,10 +51,10 @@ spec:
 <7> Optional: Specify the type of GPU node to deploy. Only `nvidia.com/gpu` and `amd.com/gpu` are valid types.
 <8> Specify the minimum number of GPUs to deploy in the cluster.
 <9> Specify the maximum number of GPUs to deploy in the cluster.
-<10> Specify the logging verbosity level between `0` and `10`. The following log level thresholds are provided for guidance: 
+<10> Specify the logging verbosity level between `0` and `10`. The following log level thresholds are provided for guidance:
 +
 --
-* `1`: (Default) Basic information about changes. 
+* `1`: (Default) Basic information about changes.
 * `4`: Debug-level verbosity for troubleshooting typical issues.
 * `9`: Extensive, protocol-level debugging information.
 --
@@ -65,7 +65,8 @@ If you do not specify a value, the default value of `1` is used.
 <13> Optional: Specify the period to wait before deleting a node after a node has recently been _added_. If you do not specify a value, the default value of `10m` is used.
 <14> Optional: Specify the period to wait before deleting a node after a node has recently been _deleted_. If you do not specify a value, the default value of `0s` is used.
 <15> Optional: Specify the period to wait before deleting a node after a scale down failure occurred. If you do not specify a value, the default value of `3m` is used.
-<16> Optional: Specify the period before an unnecessary node is eligible for deletion. If you do not specify a value, the default value of `10m` is used.<17> Optional: Specify the _node utilization level_ below which an unnecessary node is eligible for deletion. The node utilization level is the sum of the requested resources divided by the allocated resources for the node, and must be a value greater than `"0"` but less than `"1"`. If you do not specify a value, the cluster autoscaler uses a default value of `"0.5"`, which corresponds to 50% utilization. This value must be expressed as a string.
+<16> Optional: Specify a period of time before an unnecessary node is eligible for deletion. If you do not specify a value, the default value of `10m` is used.
+<17> Optional:  Specify the _node utilization level_. Nodes below this utilization level are eligible for deletion. If you do not specify a value, the default value of `10m` is used.. The node utilization level is the sum of the requested resources divided by the allocated resources for the node, and must be a value greater than `"0"` but less than `"1"`. If you do not specify a value, the cluster autoscaler uses a default value of `"0.5"`, which corresponds to 50% utilization. This value must be expressed as a string.
 // Might be able to add a formula to show this visually, but need to look into asciidoc math formatting and what our tooling supports.
 
 [NOTE]
diff --git a/modules/cluster-bare-metal-operator.adoc b/modules/cluster-bare-metal-operator.adoc
index cb5882fdfac2..a4b02efcc0bd 100644
--- a/modules/cluster-bare-metal-operator.adoc
+++ b/modules/cluster-bare-metal-operator.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "cluster-capabilities"]
 :cluster-caps:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cluster-bare-metal-operator_{context}"]
 ifdef::operator-ref[= Cluster Baremetal Operator]
 ifdef::cluster-caps[= Bare-metal capability]
@@ -34,16 +34,16 @@ The Cluster Baremetal Operator provides the features for the `baremetal` capabil
 
 endif::cluster-caps[]
 
-The Cluster Baremetal Operator (CBO) deploys all the components necessary to take a bare-metal server to a fully functioning worker node ready to run {product-title} compute nodes. The CBO ensures that the metal3 deployment, which consists of the Bare Metal Operator (BMO) and Ironic containers, runs on one of the control plane nodes within the {product-title} cluster. The CBO also listens for {product-title} updates to resources that it watches and takes appropriate action. 
+The Cluster Baremetal Operator (CBO) deploys all the components necessary to take a bare-metal server to a fully functioning worker node ready to run {product-title} compute nodes. The CBO ensures that the metal3 deployment, which consists of the Bare Metal Operator (BMO) and Ironic containers, runs on one of the control plane nodes within the {product-title} cluster. The CBO also listens for {product-title} updates to resources that it watches and takes appropriate action.
 
 ifdef::cluster-caps[]
 The bare-metal capability is required for deployments using installer-provisioned infrastructure. Disabling the bare-metal capability can result in unexpected problems with these deployments.
 
-It is recommended that cluster administrators only disable the bare-metal capability during installations with user-provisioned infrastructure that do not have any `BareMetalHost` resources in the cluster. 
+It is recommended that cluster administrators only disable the bare-metal capability during installations with user-provisioned infrastructure that do not have any `BareMetalHost` resources in the cluster.
 
 [IMPORTANT]
 ====
-If the bare-metal capability is disabled, the cluster cannot provision or manage bare-metal nodes. Only disable the capability if there are no `BareMetalHost` resources in your deployment.
+If the bare-metal capability is disabled, the cluster cannot provision or manage bare-metal nodes. Only disable the capability if there are no `BareMetalHost` resources in your deployment. The `baremetal` capability depends on the `MachineAPI` capability. If you enable the `baremetal` capability, you must also enable `MachineAPI`.
 ====
 endif::cluster-caps[]
 
diff --git a/modules/cluster-capi-operator.adoc b/modules/cluster-capi-operator.adoc
index 9a3e1caeb48a..961811c31c97 100644
--- a/modules/cluster-capi-operator.adoc
+++ b/modules/cluster-capi-operator.adoc
@@ -7,7 +7,7 @@
 
 [NOTE]
 ====
-This Operator is available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] for Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure clusters.
+This Operator is available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] for Amazon Web Services (AWS) and Google Cloud Platform (GCP) clusters.
 ====
 
 [discrete]
diff --git a/modules/cluster-cloud-controller-config-osp.adoc b/modules/cluster-cloud-controller-config-osp.adoc
index 2a10338e3833..70c01e03016a 100644
--- a/modules/cluster-cloud-controller-config-osp.adoc
+++ b/modules/cluster-cloud-controller-config-osp.adoc
@@ -2,17 +2,17 @@
 //
 // * installing/installing_openstack/installing-openstack-cloud-config-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cluster-cloud-controller-config_{context}"]
 = The OpenStack Cloud Controller Manager (CCM) config map
 
-An OpenStack CCM config map defines how your cluster interacts with your {rh-openstack} cloud. By default, this configuration is stored under the `cloud.conf` key in the `cloud-conf` config map in the `openshift-cloud-controller-manager` namespace. 
+An OpenStack CCM config map defines how your cluster interacts with your {rh-openstack} cloud. By default, this configuration is stored under the `cloud.conf` key in the `cloud-conf` config map in the `openshift-cloud-controller-manager` namespace.
 
 [IMPORTANT]
 ====
 The `cloud-conf` config map is generated from the `cloud-provider-config` config map in the `openshift-config` namespace.
 
-To change the settings that are described by the `cloud-conf` config map, modify the `cloud-provider-config` config map. 
+To change the settings that are described by the `cloud-conf` config map, modify the `cloud-provider-config` config map.
 
 As part of this synchronization, the CCM Operator overrides some options. For more information, see "The {rh-openstack} Cloud Controller Manager".
 ====
@@ -30,7 +30,7 @@ data:
     secret-namespace = kube-system
     region = regionOne
     [LoadBalancer]
-    use-octavia = True
+    enabled = True
 kind: ConfigMap
 metadata:
   creationTimestamp: "2022-12-20T17:01:08Z"
@@ -41,7 +41,7 @@ metadata:
 ----
 <1> Set global options by using a `clouds.yaml` file rather than modifying the config map.
 
-The following options are present in the config map. Except when indicated otherwise, they are mandatory for clusters that run on {rh-openstack}. 
+The following options are present in the config map. Except when indicated otherwise, they are mandatory for clusters that run on {rh-openstack}.
 
 // [id="ccm-config-global-options"]
 // == Global options
@@ -112,11 +112,11 @@ The following options are present in the config map. Except when indicated other
 [id="ccm-config-lb-options"]
 == Load balancer options
 
-CCM supports several load balancer options for deployments that use Octavia. 
+CCM supports several load balancer options for deployments that use Octavia.
 
 [NOTE]
 ====
-Neutron-LBaaS support is deprecated. 
+Neutron-LBaaS support is deprecated.
 ====
 
 |===
@@ -125,10 +125,6 @@ Neutron-LBaaS support is deprecated.
 | `enabled`
 | Whether or not to enable the `LoadBalancer` type of services integration. The default value is `true`.
 
-// Always enforced.
-// | `use-octavia`
-// | Whether or not to use Octavia for the `LoadBalancer` type of service implementation rather than Neutron-LBaaS. The default value is `true`.
-
 | `floating-network-id`
 | Optional. The external network used to create floating IP addresses for load balancer virtual IP addresses (VIPs). If there are multiple external networks in the cloud, this option must be set or the user must specify `loadbalancer.openstack.org/floating-network-id` in the service annotation.
 
@@ -158,7 +154,7 @@ For the Amphora provider, if using the `LEAST_CONNECTIONS` or `SOURCE_IP` method
 | Optional. The load balancer API version. Only `"v2"` is supported.
 
 | `subnet-id`
-| The ID of the Networking service subnet on which load balancer VIPs are created. 
+| The ID of the Networking service subnet on which load balancer VIPs are created.
 
 // This ID is also used to create pool members if `member-subnet-id` is not set.
 
@@ -195,7 +191,7 @@ This option is unsupported if you use {rh-openstack} earlier than version 17 wit
 // | The id of the loadbalancer flavor to use. Uses octavia default if not set.
 
 // | `availability-zone`
-// | The name of the loadbalancer availability zone to use. It is applicable if use-octavia is set to True and requires Octavia API version 2.14 or later (Ussuri release). The Octavia availability zone capabilities will not be used if it is not set. The parameter will be ignored if the Octavia version doesn't support availability zones yet.
+// | The name of the loadbalancer availability zone to use. The Octavia availability zone capabilities will not be used if it is not set. The parameter will be ignored if the Octavia version doesn't support availability zones yet.
 
 | `LoadBalancerClass "ClassName"`
 a| This is a config section that comprises a set of options:
@@ -211,7 +207,7 @@ a| This is a config section that comprises a set of options:
 
 The behavior of these options is the same as that of the identically named options in the load balancer section of the CCM config file.
 
-You can set the `ClassName` value by specifying the service annotation `loadbalancer.openstack.org/class`. 
+You can set the `ClassName` value by specifying the service annotation `loadbalancer.openstack.org/class`.
 
 // | `enable-ingress-hostname`
 // | Used with proxy protocol (set by annotation `loadbalancer.openstack.org/proxy-protocol: "true"`) by adding a dns suffix (nip.io) to the load balancer IP address. Default false.
@@ -265,37 +261,37 @@ The CCM Operator overrides the following options, which you might recognize from
 | The {rh-openstack} Identity service URL. For example, `http://128.110.154.166/identity`.
 
 | `os-endpoint-type`
-| The type of endpoint to use from the service catalog. 
+| The type of endpoint to use from the service catalog.
 
 // If unset, public endpoints are used.
 
 | `username`
-| The Identity service user name. 
+| The Identity service user name.
 
 // Leave this option unset if you are using Identity service application credentials.
 
 | `password`
-| The Identity service user password. 
+| The Identity service user password.
 
 // Leave this option unset if you are using Identity service application credentials.
 
 | `domain-id`
-| The Identity service user domain ID. 
+| The Identity service user domain ID.
 
 // Leave this option unset if you are using Identity service application credentials.
 
 | `domain-name`
-| The Identity service user domain name. 
+| The Identity service user domain name.
 
 // This option is not required if you set `domain-id`.
 
 | `tenant-id`
 | The Identity service project ID. Leave this option unset if you are using Identity service application credentials.
 
-In version 3 of the Identity API, which changed the identifier `tenant` to `project`, the value of `tenant-id` is automatically mapped to the project construct in the API. 
+In version 3 of the Identity API, which changed the identifier `tenant` to `project`, the value of `tenant-id` is automatically mapped to the project construct in the API.
 
 | `tenant-name`
-| The Identity service project name. 
+| The Identity service project name.
 
 | `tenant-domain-id`
 | The Identity service project domain ID.
@@ -310,7 +306,7 @@ In version 3 of the Identity API, which changed the identifier `tenant` to `proj
 | The Identity service user domain name.
 
 | `use-clouds`
-a| Whether or not to fetch authorization credentials from a `clouds.yaml` file. Options set in this section are prioritized over values read from the `clouds.yaml` file. 
+a| Whether or not to fetch authorization credentials from a `clouds.yaml` file. Options set in this section are prioritized over values read from the `clouds.yaml` file.
 
 CCM searches for the file in the following places:
 
diff --git a/modules/cluster-cloud-controller-manager-operator.adoc b/modules/cluster-cloud-controller-manager-operator.adoc
index 15fcc72f076f..82fb199097b8 100644
--- a/modules/cluster-cloud-controller-manager-operator.adoc
+++ b/modules/cluster-cloud-controller-manager-operator.adoc
@@ -10,9 +10,9 @@
 
 [NOTE]
 ====
-This Operator is General Availability for Microsoft Azure Stack Hub, Nutanix, {rh-openstack-first}, and VMware vSphere.
+The status of this Operator is General Availability for {aws-first}, {gcp-first}, {ibm-cloud-name}, global {azure-full}, Microsoft Azure Stack Hub, Nutanix, {rh-openstack-first}, and {vmw-full}.
 
-It is available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] for Alibaba Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP), IBM Cloud, IBM Cloud Power VS, and Microsoft Azure.
+The Operator is available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] for {alibaba} and {ibm-power-server-name}.
 ====
 
 The Cluster Cloud Controller Manager Operator manages and updates the cloud controller managers deployed on top of {product-title}. The Operator is based on the Kubebuilder framework and `controller-runtime` libraries. It is installed via the Cluster Version Operator (CVO).
diff --git a/modules/cluster-csi-snapshot-controller-operator.adoc b/modules/cluster-csi-snapshot-controller-operator.adoc
index 94231b46b00b..eab49dc72ab0 100644
--- a/modules/cluster-csi-snapshot-controller-operator.adoc
+++ b/modules/cluster-csi-snapshot-controller-operator.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "cluster-capabilities"]
 :cluster-caps:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cluster-csi-snapshot-controller-operator_{context}"]
 ifdef::operator-ref[= Cluster CSI Snapshot Controller Operator]
 ifdef::cluster-caps[= CSI snapshot controller capability]
diff --git a/modules/cluster-entitlements.adoc b/modules/cluster-entitlements.adoc
index 0c38b7e01af7..5f9bf566f2cc 100644
--- a/modules/cluster-entitlements.adoc
+++ b/modules/cluster-entitlements.adoc
@@ -17,6 +17,7 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
@@ -30,10 +31,6 @@
 // * installing/installing_azure/installing-azure-government-region.adoc
 // * installing/installing_azure/installing-azure-customizations.adoc
 // * installing/installing_azure/installing-azure-private.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
 // * installing/installing_aws/installing-aws-network-customizations.adoc
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
@@ -46,13 +43,10 @@
 // * installing/installing_aws/installing-aws-secret-region.adoc
 // * installing/installing_aws/installing-aws-china-region.adoc
 // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user-sr-iov.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
@@ -72,6 +66,8 @@
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
 // * architecture/architecture.adoc
 // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
+
 
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :restricted:
@@ -91,9 +87,6 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-aws"]
 :restricted:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:restricted:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :restricted:
 endif::[]
@@ -112,8 +105,14 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-gcp"]
 :restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:restricted:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:restricted:
+endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-entitlements_{context}"]
 ifndef::openshift-origin[]
 = Internet access for {product-title}
@@ -162,9 +161,6 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-aws"]
 :!restricted:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:!restricted:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :!restricted:
 endif::[]
@@ -183,3 +179,9 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-gcp"]
 :!restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!restricted:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!restricted:
+endif::[]
diff --git a/modules/cluster-image-registry-operator.adoc b/modules/cluster-image-registry-operator.adoc
index 545abba8f2fd..5cbb31550ecb 100644
--- a/modules/cluster-image-registry-operator.adoc
+++ b/modules/cluster-image-registry-operator.adoc
@@ -1,13 +1,30 @@
 // Module included in the following assemblies:
 //
 // * operators/operator-reference.adoc
+// * installing/cluster-capabilities.adoc
 
+// operators/operator-reference.adoc
+ifeval::["{context}" == "cluster-operators-ref"]
+:operator-ref:
+endif::[]
+
+// installing/cluster-capabilities.adoc
+ifeval::["{context}" == "cluster-capabilities"]
+:cluster-caps:
+endif::[]
+
+:_mod-docs-content-type: REFERENCE
 [id="cluster-image-registry-operator_{context}"]
-= Cluster Image Registry Operator
+ifdef::operator-ref[= Cluster Image Registry Operator]
+ifdef::cluster-caps[= Cluster Image Registry capability]
 
 [discrete]
 == Purpose
 
+ifdef::cluster-caps[]
+The Cluster Image Registry Operator provides features for the `ImageRegistry` capability.
+endif::[]
+
 The Cluster Image Registry Operator manages a singleton instance of the {product-registry}. It manages all configuration of the registry, including creating storage.
 
 On initial start up, the Operator creates a default `image-registry` resource instance based on the configuration detected in the cluster. This indicates what cloud storage type to use based on the cloud provider.
@@ -16,7 +33,18 @@ If insufficient information is available to define a complete `image-registry` r
 
 The Cluster Image Registry Operator runs in the `openshift-image-registry` namespace and it also manages the registry instance in that location. All configuration and workload resources for the registry reside in that namespace.
 
+ifdef::cluster-caps[]
+If you disable the `ImageRegistry` capability, you can reduce the overall resource footprint of {product-title} in Telco environments. Depending on your deployment, you can disable this component if you do not need it.
+endif::[]
+
 [discrete]
 == Project
 
 link:https://github.com/openshift/cluster-image-registry-operator[cluster-image-registry-operator]
+
+ifeval::["{context}" == "cluster-operators-ref"]
+:!operator-ref:
+endif::[]
+ifeval::["{context}" == "cluster-capabilities"]
+:!cluster-caps:
+endif::[]
\ No newline at end of file
diff --git a/modules/cluster-limitations-local-zone.adoc b/modules/cluster-limitations-local-zone.adoc
index c2e83896622f..5ffaf02e8be2 100644
--- a/modules/cluster-limitations-local-zone.adoc
+++ b/modules/cluster-limitations-local-zone.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-aws-localzone.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="cluster-limitations-local-zone_{context}"]
 = Cluster limitations in AWS Local Zones
@@ -14,6 +14,15 @@ Some limitations exist when you attempt to deploy a cluster with a default insta
 The following list details limitations when deploying a cluster in AWS Local Zones:
 
 - The Maximum Transmission Unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is `1300`. This causes the cluster-wide network MTU to change according to the network plugin that is used on the deployment.
-- Network resources such as Network Load Balancer (NLB), Classic Load Balancer, and Network Address Translation (NAT) Gateways are not supported in AWS Local Zones.
+- Network resources such as Network Load Balancer (NLB), Classic Load Balancer, and Network Address Translation (NAT) Gateways are not globally supported in AWS Local Zones.
 - For an {product-title} cluster on AWS, the AWS Elastic Block Storage (EBS) `gp3` type volume is the default for node volumes and the default for the storage class. This volume type is not globally available on Local Zone locations. By default, the nodes running in Local Zones are deployed with the `gp2` EBS volume. The `gp2-csi` `StorageClass` must be set when creating workloads on Local Zone nodes.
 ====
+
+If you want the installation program to automatically create Local Zone subnets for your {product-title} cluster, specific configuration limitations apply with this method.
+
+[IMPORTANT]
+====
+The following configuration limitation applies when you set the installation program to automatically create subnets for your {product-title} cluster:
+
+- The private subnets for an AWS Local Zone associate with the route table of the parent zone, so that each private subnet can route egress traffic to the internet. If this route table does not exist during cluster installation, the private subnet associates with the first available private route table in the Virtual Private Cloud (VPC). This approach is valid only for AWS Local Zones subnets in an {product-title} cluster.
+====
diff --git a/modules/cluster-logging-Uninstall-logging.adoc b/modules/cluster-logging-Uninstall-logging.adoc
deleted file mode 100644
index b7dfe0709216..000000000000
--- a/modules/cluster-logging-Uninstall-logging.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-uninstall-logging-about_{context}"]
-= About uninstalling {product-title} Logging
-
-You can stop log aggregation by deleting the ClusterLogging custom resource (CR). After deleting the CR, there are other cluster logging components that remain, which you can optionally remove.
diff --git a/modules/cluster-logging-about-collector.adoc b/modules/cluster-logging-about-collector.adoc
deleted file mode 100644
index 4b6251b5841d..000000000000
--- a/modules/cluster-logging-about-collector.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-about-collector_{context}"]
-= About the logging collector
-
-The {logging-title} collects container and node logs.
-
-By default, the log collector uses the following sources:
-
-* journald for all system logs
-* `/var/log/containers/*.log` for all container logs
-
-If you configure the log collector to collect audit logs, it gets them from `/var/log/audit/audit.log`.
-
-The logging collector is a daemon set that deploys pods to each {product-title} node. System and infrastructure logs are generated by journald log messages from the operating system, the container runtime, and {product-title}. Application logs are generated by the CRI-O container engine. Fluentd collects the logs from these sources and forwards them internally or externally as you configure in {product-title}.
-
-The container runtimes provide minimal information to identify the source of log messages: project, pod name, and container ID. This information is not sufficient to uniquely identify the source of the logs. If a pod with a given name and project is deleted before the log collector begins processing its logs, information from the API server, such as labels and annotations, might not be available. There might not be a way to distinguish the log messages from a similarly named pod and project or trace the logs to their source. This limitation means that log collection and normalization are considered *best effort*.
-
-[IMPORTANT]
-====
-The available container runtimes provide minimal information to identify the
-source of log messages and do not guarantee unique individual log
-messages or that these messages can be traced to their source.
-====
diff --git a/modules/cluster-logging-about-components.adoc b/modules/cluster-logging-about-components.adoc
deleted file mode 100644
index 14d79d9bfe43..000000000000
--- a/modules/cluster-logging-about-components.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-about-components_{context}"]
-= About {logging} components
-
-The {logging} components include a collector deployed to each node in the {product-title} cluster
-that collects all node and container logs and writes them to a log store. You can use a centralized web UI to create rich visualizations and dashboards with the aggregated data.
-
-The major components of the {logging} are:
-
-* collection - This is the component that collects logs from the cluster, formats them, and forwards them to the log store. The current implementation is Fluentd.
-* log store - This is where the logs are stored. The default implementation is Elasticsearch. You can use the default Elasticsearch log store or forward logs to external log stores. The default log store is optimized and tested for short-term storage.
-* visualization - This is the UI component you can use to view logs, graphs, charts, and so forth. The current implementation is Kibana.
-
diff --git a/modules/cluster-logging-about-crd.adoc b/modules/cluster-logging-about-crd.adoc
index 5c2a76f06048..f21de4446bfd 100644
--- a/modules/cluster-logging-about-crd.adoc
+++ b/modules/cluster-logging-about-crd.adoc
@@ -1,75 +1,25 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging.adoc
+// * logging/cluster-logging-deploying.adoc
 
-:_content-type: CONCEPT
-[id="cluster-logging-configuring-crd_{context}"]
+:_mod-docs-content-type: REFERENCE
+[id="cluster-logging-about-crd_{context}"]
 = About the ClusterLogging custom resource
 
 To make changes to your {logging} environment, create and modify the `ClusterLogging` custom resource (CR).
 
-Instructions for creating or modifying a CR are provided in this documentation as appropriate.
-
-The following example shows a typical custom resource for the {logging}.
-
-[id="efk-logging-configuring-about-sample_{context}"]
 .Sample `ClusterLogging` custom resource (CR)
-ifdef::openshift-enterprise,openshift-rosa,openshift-dedicated,openshift-webscale,openshift-origin[]
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
 metadata:
-  name: "instance" <1>
-  namespace: "openshift-logging" <2>
+  name: instance <1>
+  namespace: openshift-logging <2>
 spec:
-  managementState: "Managed" <3>
-  logStore:
-    type: "elasticsearch" <4>
-    retentionPolicy:
-      application:
-        maxAge: 1d
-      infra:
-        maxAge: 7d
-      audit:
-        maxAge: 7d
-    elasticsearch:
-      nodeCount: 3
-      resources:
-        limits:
-          memory: 16Gi
-        requests:
-          cpu: "1"
-          memory: 16Gi
-      storage:
-        storageClassName: "gp2"
-        size: "200G"
-      redundancyPolicy: "SingleRedundancy"
-  visualization: <5>
-    type: "kibana"
-    kibana:
-      resources:
-        limits:
-          memory: 736Mi
-        requests:
-          cpu: 100m
-          memory: 736Mi
-      replicas: 1
-  collection: <6>
-    logs:
-      type: "fluentd"
-      fluentd:
-        resources:
-          limits:
-            memory: 736Mi
-          requests:
-            cpu: 100m
-            memory: 736Mi
+  managementState: Managed <3>
+# ...
 ----
 <1> The CR name must be `instance`.
 <2> The CR must be installed to the `openshift-logging` namespace.
-<3> The Red Hat OpenShift Logging Operator management state. When set to `unmanaged` the operator is in an unsupported state and will not get updates.
-<4> Settings for the log store, including retention policy, the number of nodes, the resource requests and limits, and the storage class.
-<5> Settings for the visualizer, including the resource requests and limits, and the number of pod replicas.
-<6> Settings for the log collector, including the resource requests and limits.
-endif::[]
+<3> The {clo} management state. When the state is set to `unmanaged`, the Operator is in an unsupported state and does not receive updates.
diff --git a/modules/cluster-logging-about-es-logstore.adoc b/modules/cluster-logging-about-es-logstore.adoc
new file mode 100644
index 000000000000..a536ace2b41a
--- /dev/null
+++ b/modules/cluster-logging-about-es-logstore.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="cluster-logging-about-es-logstore_{context}"]
+= About the Elasticsearch log store
+
+The {logging} Elasticsearch instance is optimized and tested for short term storage, approximately seven days. If you want to retain your logs over a longer term, it is recommended you move the data to a third-party storage system.
+
+Elasticsearch organizes the log data from Fluentd into datastores, or _indices_, then subdivides each index into multiple pieces called _shards_, which it spreads across a set of Elasticsearch nodes in an Elasticsearch cluster. You can configure Elasticsearch to make copies of the shards, called _replicas_, which Elasticsearch also spreads across the Elasticsearch nodes. The `ClusterLogging` custom resource (CR) allows you to specify how the shards are replicated to provide data redundancy and resilience to failure. You can also specify how long the different types of logs are retained using a retention policy in the `ClusterLogging` CR.
+
+[NOTE]
+====
+The number of primary shards for the index templates is equal to the number of Elasticsearch data nodes.
+====
+
+The Red Hat OpenShift Logging Operator and companion OpenShift Elasticsearch Operator ensure that each Elasticsearch node is deployed using a unique deployment that includes its own storage volume.
+You can use a `ClusterLogging` custom resource (CR) to increase the number of Elasticsearch nodes, as needed.
+See the link:https://www.elastic.co/guide/en/elasticsearch/guide/current/hardware.html[Elasticsearch documentation] for considerations involved in configuring storage.
+
+[NOTE]
+====
+A highly-available Elasticsearch environment requires at least three Elasticsearch nodes, each on a different host.
+====
+
+Role-based access control (RBAC) applied on the Elasticsearch indices enables the controlled access of the logs to the developers. Administrators can access all logs and developers can access only the logs in their projects.
diff --git a/modules/cluster-logging-about-logstore.adoc b/modules/cluster-logging-about-logstore.adoc
deleted file mode 100644
index d51ab1623e43..000000000000
--- a/modules/cluster-logging-about-logstore.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-about-logstore_{context}"]
-= About the log store
-
-By default, {product-title} uses link:https://www.elastic.co/products/elasticsearch[Elasticsearch (ES)] to store log data. Optionally you can use the Log Forwarder API to forward logs to an external store. Several types of store are supported, including fluentd, rsyslog, kafka and others.
-
-The {logging} Elasticsearch instance is optimized and tested for short term storage, approximately seven days. If you want to retain your logs over a longer term, it is recommended you move the data to a third-party storage system.
-
-Elasticsearch organizes the log data from Fluentd into datastores, or _indices_, then subdivides each index into multiple pieces called _shards_, which it spreads across a set of Elasticsearch nodes in an Elasticsearch cluster. You can configure Elasticsearch to make copies of the shards, called _replicas_, which Elasticsearch also spreads across the Elasticsearch nodes. The `ClusterLogging` custom resource (CR) allows you to specify how the shards are replicated to provide data redundancy and resilience to failure. You can also specify how long the different types of logs are retained using a retention policy in the `ClusterLogging` CR.
-
-[NOTE]
-====
-The number of primary shards for the index templates is equal to the number of Elasticsearch data nodes.
-====
-
-The Red Hat OpenShift Logging Operator and companion OpenShift Elasticsearch Operator ensure that each Elasticsearch node is deployed using a unique deployment that includes its own storage volume.
-You can use a `ClusterLogging` custom resource (CR) to increase the number of Elasticsearch nodes, as needed.
-See the link:https://www.elastic.co/guide/en/elasticsearch/guide/current/hardware.html[Elasticsearch documentation] for considerations involved in configuring storage.
-
-[NOTE]
-====
-A highly-available Elasticsearch environment requires at least three Elasticsearch nodes, each on a different host.
-====
-
-Role-based access control (RBAC) applied on the Elasticsearch indices enables the controlled access of the logs to the developers. Administrators can access all logs and developers can access only the logs in their projects.
diff --git a/modules/cluster-logging-about-visualizer.adoc b/modules/cluster-logging-about-visualizer.adoc
deleted file mode 100644
index 607f8a4d912d..000000000000
--- a/modules/cluster-logging-about-visualizer.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-about-visualizer_{context}"]
-= About logging visualization
-
-{product-title} uses Kibana to display the log data collected by Fluentd and indexed by Elasticsearch.
-
-Kibana is a browser-based console interface to query, discover, and visualize your Elasticsearch data through 
-histograms, line graphs, pie charts, and other visualizations. 
-
diff --git a/modules/cluster-logging-about.adoc b/modules/cluster-logging-about.adoc
index 257ad90ea41c..d3cb4668116d 100644
--- a/modules/cluster-logging-about.adoc
+++ b/modules/cluster-logging-about.adoc
@@ -4,17 +4,36 @@
 // * logging/cluster-logging.adoc
 // * serverless/monitor/cluster-logging-serverless.adoc
 
-// This module uses conditionalized paragraphs so that the module
-// can be re-used in associated products.
-
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-about_{context}"]
-= About deploying the {logging-title}
-
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-{product-title} cluster administrators can deploy the {logging} using the {product-title} web console or CLI to install the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator. When the Operators are installed, you create a `ClusterLogging` custom resource (CR) to schedule {logging} pods and other resources necessary to support the {logging}. The Operators are responsible for deploying, upgrading, and maintaining the {logging}.
-endif::openshift-enterprise,openshift-webscale,openshift-origin[]
+= About deploying {logging}
 
-The `ClusterLogging` CR defines a complete {logging} environment that includes all the components of the logging stack to collect, store and visualize logs. The Red Hat OpenShift Logging Operator watches the {logging} CR and adjusts the logging deployment accordingly.
+Administrators can deploy the {logging} by using the {product-title} web console or the {oc-first} to install the {logging} Operators. The Operators are responsible for deploying, upgrading, and maintaining the {logging}.
 
 Administrators and application developers can view the logs of the projects for which they have view access.
+
+[id="cluster-logging-about-custom-resources_{context}"]
+== Logging custom resources
+
+You can configure your {logging} deployment with custom resource (CR) YAML files implemented by each Operator.
+
+*{clo}*:
+
+* `ClusterLogging` (CL) - After the Operators are installed, you create a `ClusterLogging` custom resource (CR) to schedule {logging} pods and other resources necessary to support the {logging}. The `ClusterLogging` CR deploys the collector and forwarder, which currently are both implemented by a daemonset running on each node. The {clo} watches the `ClusterLogging` CR and adjusts the logging deployment accordingly.
+
+* `ClusterLogForwarder` (CLF) - Generates collector configuration to forward logs per user configuration.
+
+*{loki-op}*:
+
+* `LokiStack` - Controls the Loki cluster as log store and the web proxy with {product-title} authentication integration to enforce multi-tenancy.
+
+*{es-op}*:
+
+[NOTE]
+====
+These CRs are generated and managed by the {es-op}. Manual changes cannot be made without being overwritten by the Operator.
+====
+
+* `ElasticSearch` - Configure and deploy an Elasticsearch instance as the default log store.
+
+* `Kibana` - Configure and deploy Kibana instance to search, query and view logs.
diff --git a/modules/cluster-logging-clo-status-comp.adoc b/modules/cluster-logging-clo-status-comp.adoc
index ce35d99ce49f..9faf17b065da 100644
--- a/modules/cluster-logging-clo-status-comp.adoc
+++ b/modules/cluster-logging-clo-status-comp.adoc
@@ -1,16 +1,16 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-cluster-status.adoc
+// * logging/troubleshooting/cluster-logging-cluster-status.adoc
 
-:_content-type: PROCEDURE
-[id="cluster-logging-clo-status-example_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="cluster-logging-clo-status-comp_{context}"]
 = Viewing the status of {logging} components
 
 You can view the status for a number of {logging} components.
 
 .Prerequisites
 
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
+* The {clo} and {es-op} are installed.
 
 .Procedure
 
@@ -21,7 +21,7 @@ You can view the status for a number of {logging} components.
 $ oc project openshift-logging
 ----
 
-. View the status of the {logging-title} environment:
+. View the status of {logging} environment:
 +
 [source,terminal]
 ----
diff --git a/modules/cluster-logging-clo-status.adoc b/modules/cluster-logging-clo-status.adoc
index 14b1b1d9edd4..ce8547226196 100644
--- a/modules/cluster-logging-clo-status.adoc
+++ b/modules/cluster-logging-clo-status.adoc
@@ -1,29 +1,27 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-cluster-status.adoc
+// * logging/troubleshooting/cluster-logging-cluster-status.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-clo-status_{context}"]
-= Viewing the status of the Red Hat OpenShift Logging Operator
+= Viewing the status of the {clo}
 
-You can view the status of your Red Hat OpenShift Logging Operator.
+You can view the status of the {clo}.
 
 .Prerequisites
 
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
+* The {clo} and {es-op} are installed.
 
 .Procedure
 
-. Change to the `openshift-logging` project.
+. Change to the `openshift-logging` project by running the following command:
 +
 [source,terminal]
 ----
 $ oc project openshift-logging
 ----
 
-. To view the OpenShift Logging status:
-
-.. Get the OpenShift Logging status:
+. Get the `ClusterLogging` instance status by running the following command:
 +
 [source,terminal]
 ----
@@ -35,31 +33,29 @@ $ oc get clusterlogging instance -o yaml
 ----
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogging
-
-....
-
+# ...
 status:  <1>
   collection:
     logs:
       fluentdStatus:
         daemonSet: fluentd  <2>
         nodes:
-          fluentd-2rhqp: ip-10-0-169-13.ec2.internal
-          fluentd-6fgjh: ip-10-0-165-244.ec2.internal
-          fluentd-6l2ff: ip-10-0-128-218.ec2.internal
-          fluentd-54nx5: ip-10-0-139-30.ec2.internal
-          fluentd-flpnn: ip-10-0-147-228.ec2.internal
-          fluentd-n2frh: ip-10-0-157-45.ec2.internal
+          collector-2rhqp: ip-10-0-169-13.ec2.internal
+          collector-6fgjh: ip-10-0-165-244.ec2.internal
+          collector-6l2ff: ip-10-0-128-218.ec2.internal
+          collector-54nx5: ip-10-0-139-30.ec2.internal
+          collector-flpnn: ip-10-0-147-228.ec2.internal
+          collector-n2frh: ip-10-0-157-45.ec2.internal
         pods:
           failed: []
           notReady: []
           ready:
-          - fluentd-2rhqp
-          - fluentd-54nx5
-          - fluentd-6fgjh
-          - fluentd-6l2ff
-          - fluentd-flpnn
-          - fluentd-n2frh
+          - collector-2rhqp
+          - collector-54nx5
+          - collector-6fgjh
+          - collector-6l2ff
+          - collector-flpnn
+          - collector-n2frh
   logstore: <3>
     elasticsearchStatus:
     - ShardAllocationEnabled:  all
@@ -114,10 +110,7 @@ visualization:  <4>
 [id="cluster-logging-clo-status-message_{context}"]
 == Example condition messages
 
-The following are examples of some condition messages from the `Status.Nodes` section of the OpenShift Logging instance.
-
-
-// https://github.com/openshift/elasticsearch-operator/pull/92
+The following are examples of some condition messages from the `Status.Nodes` section of the `ClusterLogging` instance.
 
 A status message similar to the following indicates a node has exceeded the configured low watermark and no shard will be allocated to this node:
 
@@ -156,7 +149,7 @@ A status message similar to the following indicates a node has exceeded the conf
 A status message similar to the following indicates the Elasticsearch node selector in the CR does not match any nodes in the cluster:
 
 .Example output
-[source,text]
+[source,terminal]
 ----
     Elasticsearch Status:
       Shard Allocation Enabled:  shard allocation unknown
@@ -204,7 +197,7 @@ A status message similar to the following indicates the Elasticsearch node selec
 A status message similar to the following indicates that the requested PVC could not bind to PV:
 
 .Example output
-[source,text]
+[source,terminal]
 ----
       Node Conditions:
         elasticsearch-cdm-mkkdys93-1:
diff --git a/modules/cluster-logging-cloudwatch.adoc b/modules/cluster-logging-cloudwatch.adoc
index 618bf932c5b8..d404a68a6380 100644
--- a/modules/cluster-logging-cloudwatch.adoc
+++ b/modules/cluster-logging-cloudwatch.adoc
@@ -5,11 +5,11 @@
 // This module uses conditionalized paragraphs so that the module
 // can be re-used in associated products.
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-cloudwatch_{context}"]
 = CloudWatch recommendation for {product-title}
 
-Red Hat recommends that you use the AWS CloudWatch solution for your logging needs. 
+Red Hat recommends that you use the AWS CloudWatch solution for your logging needs.
 
 [id="cluster-logging-requirements-explained_{context}"]
 == Logging requirements
diff --git a/modules/cluster-logging-collecting-storing-kubernetes-events.adoc b/modules/cluster-logging-collecting-storing-kubernetes-events.adoc
index fb0a9dcb39b5..98a22e66e2e7 100644
--- a/modules/cluster-logging-collecting-storing-kubernetes-events.adoc
+++ b/modules/cluster-logging-collecting-storing-kubernetes-events.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-collecting-storing-kubernetes-events-about_{context}"]
 = About collecting and storing Kubernetes events
 
diff --git a/modules/cluster-logging-collector-alerts-viewing.adoc b/modules/cluster-logging-collector-alerts-viewing.adoc
deleted file mode 100644
index 6d11df002d37..000000000000
--- a/modules/cluster-logging-collector-alerts-viewing.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-collector.adoc
-
-:_content-type: PROCEDURE
-[id="cluster-logging-collector-alerts-viewing_{context}"]
-= Viewing logging collector alerts
-
-Alerts are shown in the  
-ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} web console, 
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-{cluster-manager-url}, 
-endif::[]
-on the *Alerts* tab of the Alerting UI. Alerts are in one of the following states:
-
-* *Firing*. The alert condition is true for the duration of the timeout. Click the *Options* menu at the end of the firing alert to view more information or silence the alert.
-* *Pending* The alert condition is currently true, but the timeout has not been reached.
-* *Not Firing*. The alert is not currently triggered.
-
-.Procedure
-
-To view the {logging} and other {product-title} alerts:
-
-. In the {product-title} console, click *Observe* → *Alerting*.
-
-. Click the *Alerts* tab. The alerts are listed, based on the filters selected.
diff --git a/modules/cluster-logging-collector-alerts.adoc b/modules/cluster-logging-collector-alerts.adoc
deleted file mode 100644
index 453c2076b96c..000000000000
--- a/modules/cluster-logging-collector-alerts.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-collector.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-collector-alerts_{context}"]
-= About logging collector alerts
-
-The following alerts are generated by the logging collector. You can view these alerts in the 
-ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} web console 
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-{cluster-manager-url} 
-endif::[]
-on the *Alerts* page of the Alerting UI.
-
-.Fluentd Prometheus alerts
-[cols="2,2,2,1",options="header"]
-|===
-|Alert |Message |Description |Severity
-
-|`FluentDHighErrorRate`
-|`<value> of records have resulted in an error by fluentd <instance>.`
-|The number of FluentD output errors is high, by default more than 10 in the previous 15 minutes.
-|Warning
-
-|`FluentdNodeDown`
-|`Prometheus could not scrape fluentd <instance> for more than 10m.`
-|Fluentd is reporting that Prometheus could not scrape a specific Fluentd instance.
-|Critical
-
-|`FluentdQueueLengthIncreasing`
-|`In the last 12h, fluentd <instance> buffer queue length constantly increased more than 1. Current value is <value>.`
-|Fluentd is reporting that the queue size is increasing.
-|Critical
-
-|`FluentDVeryHighErrorRate`
-|`<value> of records have resulted in an error by fluentd <instance>.`
-|The number of FluentD output errors is very high, by default more than 25 in the previous 15 minutes.
-|Critical
-
-|===
diff --git a/modules/cluster-logging-collector-collecting-ovn-logs.adoc b/modules/cluster-logging-collector-collecting-ovn-logs.adoc
index 3558b5ee370a..af9769956a8b 100644
--- a/modules/cluster-logging-collector-collecting-ovn-logs.adoc
+++ b/modules/cluster-logging-collector-collecting-ovn-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collecting-ovn-audit-logs_{context}"]
 = Collecting OVN network policy audit logs
 
diff --git a/modules/cluster-logging-collector-limits.adoc b/modules/cluster-logging-collector-limits.adoc
index 32de5dd04337..43ab4abe998c 100644
--- a/modules/cluster-logging-collector-limits.adoc
+++ b/modules/cluster-logging-collector-limits.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-collector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-limits_{context}"]
 = Configure log collector CPU and memory limits
 
@@ -10,7 +10,7 @@ The log collector allows for adjustments to both the CPU and memory limits.
 
 .Procedure
 
-. Edit the `ClusterLogging` custom resource (CR) in the `openshift-logging` project:
+* Edit the `ClusterLogging` custom resource (CR) in the `openshift-logging` project:
 +
 [source,terminal]
 ----
@@ -19,23 +19,20 @@ $ oc -n openshift-logging edit ClusterLogging instance
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
 metadata:
-  name: "instance"
+  name: instance
   namespace: openshift-logging
-
-...
-
 spec:
   collection:
-    logs:
-      fluentd:
-        resources:
-          limits: <1>
-            memory: 736Mi
-          requests:
-            cpu: 100m
-            memory: 736Mi
+    type: fluentd
+    resources:
+      limits: <1>
+        memory: 736Mi
+        requests:
+          cpu: 100m
+          memory: 736Mi
+# ...
 ----
 <1> Specify the CPU and memory limits and requests as needed. The values shown are the default values.
diff --git a/modules/cluster-logging-collector-log-forward-cloudwatch.adoc b/modules/cluster-logging-collector-log-forward-cloudwatch.adoc
index 45e11be8b076..d57b6dd53a93 100644
--- a/modules/cluster-logging-collector-log-forward-cloudwatch.adoc
+++ b/modules/cluster-logging-collector-log-forward-cloudwatch.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-cloudwatch_{context}"]
 = Forwarding logs to Amazon CloudWatch
 
@@ -33,45 +33,47 @@ $ oc apply -f cw-secret.yaml
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
+apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: cw <3>
-     type: cloudwatch <4>
+   - name: cw <4>
+     type: cloudwatch <5>
      cloudwatch:
-       groupBy: logType <5>
-       groupPrefix: <group prefix> <6>
-       region: us-east-2 <7>
+       groupBy: logType <6>
+       groupPrefix: <group prefix> <7>
+       region: us-east-2 <8>
      secret:
-        name: cw-secret <8>
+        name: cw-secret <9>
   pipelines:
-    - name: infra-logs <9>
-      inputRefs: <10>
+    - name: infra-logs <10>
+      inputRefs: <11>
         - infrastructure
         - audit
         - application
       outputRefs:
-        - cw <11>
-----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `cloudwatch` type.
-<5> Optional: Specify how to group the logs:
+        - cw <12>
+----
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `cloudwatch` type.
+<6> Optional: Specify how to group the logs:
 +
-* `logType` creates log groups for each log type
+* `logType` creates log groups for each log type.
 * `namespaceName` creates a log group for each application name space. It also creates separate log groups for infrastructure and audit logs.
 * `namespaceUUID` creates a new log groups for each application namespace UUID. It also creates separate log groups for infrastructure and audit logs.
-<6> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
-<7> Specify the AWS region.
-<8> Specify the name of the secret that contains your AWS credentials.
-<9> Optional: Specify a name for the pipeline.
-<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<7> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
+<8> Specify the AWS region.
+<9> Specify the name of the secret that contains your AWS credentials.
+<10> Optional: Specify a name for the pipeline.
+<11> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<12> Specify the name of the output to use when forwarding logs with this pipeline.
 
 . Create the CR object:
 +
@@ -84,12 +86,12 @@ $ oc create -f <file-name>.yaml
 
 Here, you see an example `ClusterLogForwarder` custom resource (CR) and the log data that it outputs to Amazon CloudWatch.
 
-Suppose that you are running 
+Suppose that you are running
 ifndef::openshift-rosa[]
-an {product-title} cluster 
+an {product-title} cluster
 endif::[]
 ifdef::openshift-rosa[]
-a ROSA cluster 
+a ROSA cluster
 endif::[]
 named `mycluster`. The following command returns the cluster's `infrastructureName`, which you will use to compose `aws` commands later on:
 
@@ -287,4 +289,4 @@ $ aws --output json logs describe-log-groups | jq .logGroups[].logGroupName
 "mycluster-7977k.infrastructure"
 ----
 
-The `groupBy` field affects the application log group only. It does not affect the `audit` and `infrastructure` log groups.
\ No newline at end of file
+The `groupBy` field affects the application log group only. It does not affect the `audit` and `infrastructure` log groups.
diff --git a/modules/cluster-logging-collector-log-forward-es.adoc b/modules/cluster-logging-collector-log-forward-es.adoc
index 51ef169e9f85..3e5c036cffd7 100644
--- a/modules/cluster-logging-collector-log-forward-es.adoc
+++ b/modules/cluster-logging-collector-log-forward-es.adoc
@@ -1,16 +1,20 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-es_{context}"]
 = Forwarding logs to an external Elasticsearch instance
 
-You can optionally forward logs to an external Elasticsearch instance in addition to, or instead of, the internal {product-title} Elasticsearch instance. You are responsible for configuring the external log aggregator to receive log data from {product-title}.
+You can forward logs to an external Elasticsearch instance in addition to, or instead of, the internal log store. You are responsible for configuring the external log aggregator to receive log data from {product-title}.
 
 To configure log forwarding to an external Elasticsearch instance, you must create a `ClusterLogForwarder` custom resource (CR) with an output to that instance, and a pipeline that uses the output. The external Elasticsearch output can use the HTTP (insecure) or HTTPS (secure HTTP) connection.
 
-To forward logs to both an external and the internal Elasticsearch instance, create outputs and pipelines to the external instance and a pipeline that uses the `default` output to forward logs to the internal instance. You do not need to create a `default` output. If you do configure a `default` output, you receive an error message because the `default` output is reserved for the Red Hat OpenShift Logging Operator.
+To forward logs to both an external and the internal Elasticsearch instance, create outputs and pipelines to the external instance and a pipeline that uses the `default` output to forward logs to the internal instance.
 
 [NOTE]
 ====
-If you want to forward logs to *only* the internal {product-title} Elasticsearch instance, you do not need to create a `ClusterLogForwarder` CR.
+If you only want to forward logs to an internal Elasticsearch instance, you do not need to create a `ClusterLogForwarder` CR.
 ====
 
 .Prerequisites
@@ -19,68 +23,57 @@ If you want to forward logs to *only* the internal {product-title} Elasticsearch
 
 .Procedure
 
-. Create or edit a YAML file that defines the `ClusterLogForwarder` CR object:
+. Create or edit a YAML file that defines the `ClusterLogForwarder` CR:
 +
+.Example `ClusterLogForwarder` CR
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
+apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> # <1>
+  namespace: <log_forwarder_namespace> # <2>
 spec:
+  serviceAccountName: <service_account_name> # <3>
   outputs:
-   - name: elasticsearch-insecure <3>
-     type: "elasticsearch" <4>
-     url: http://elasticsearch.insecure.com:9200 <5>
-   - name: elasticsearch-secure
-     type: "elasticsearch"
-     url: https://elasticsearch.secure.com:9200 <6>
+   - name: elasticsearch-example # <4>
+     type: elasticsearch # <5>
+     elasticsearch:
+       version: 8 # <6>
+     url: http://elasticsearch.example.com:9200 # <7>
      secret:
-        name: es-secret <7>
+       name: es-secret # <8>
   pipelines:
-   - name: application-logs <8>
-     inputRefs: <9>
+   - name: application-logs # <9>
+     inputRefs: # <10>
      - application
      - audit
      outputRefs:
-     - elasticsearch-secure <10>
-     - default <11>
-     parse: json <12>
-     labels:
-       myLabel: "myValue" <13>
-   - name: infrastructure-audit-logs <14>
-     inputRefs:
-     - infrastructure
-     outputRefs:
-     - elasticsearch-insecure
+     - elasticsearch-example # <11>
+     - default # <12>
      labels:
-       logs: "audit-infra"
+       myLabel: "myValue" # <13>
+# ...
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `elasticsearch` type.
-<5> Specify the URL and port of the external Elasticsearch instance as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address.
-<6> For a secure connection, you can specify an `https` or `http` URL that you authenticate by specifying a `secret`.
-<7> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. For more information, see the following "Example: Setting secret that contains a username and password."
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: Specify the `default` output to send the logs to the internal Elasticsearch instance.
-<12> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `elasticsearch` type.
+<6> Specify the Elasticsearch version. This can be `6`, `7`, or `8`.
+<7> Specify the URL and port of the external Elasticsearch instance as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address.
+<8> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must contain a `ca-bundle.crt` key that points to the certificate it represents. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. In legacy implementations, the secret must exist in the `openshift-logging` project. For more information, see the following "Example: Setting a secret that contains a username and password."
+<9> Optional: Specify a name for the pipeline.
+<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<12> Optional: Specify the `default` output to send the logs to the internal Elasticsearch instance.
 <13> Optional: String. One or more labels to add to the logs.
-<14> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
-** A name to describe the pipeline.
-** The `inputRefs` is the log type to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-** The `outputRefs` is the name of the output to use.
-** Optional: String. One or more labels to add to the logs.
 
-. Create the CR object:
+. Apply the `ClusterLogForwarder` CR:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc apply -f <filename>.yaml
 ----
 
 .Example: Setting a secret that contains a username and password
@@ -98,8 +91,9 @@ kind: Secret
 metadata:
   name: openshift-test-secret
 data:
-  username: dGVzdHVzZXJuYW1lCg==
-  password: dGVzdHBhc3N3b3JkCg==
+  username: <username>
+  password: <password>
+# ...
 ----
 
 . Create the secret:
@@ -124,6 +118,7 @@ spec:
      url: https://elasticsearch.secure.com:9200
      secret:
         name: openshift-test-secret
+# ...
 ----
 +
 [NOTE]
@@ -131,9 +126,9 @@ spec:
 In the value of the `url` field, the prefix can be `http` or `https`.
 ====
 
-. Create the CR object:
+. Apply the CR object:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc apply -f <filename>.yaml
 ----
diff --git a/modules/cluster-logging-collector-log-forward-fluentd.adoc b/modules/cluster-logging-collector-log-forward-fluentd.adoc
index cf1c1f6384b0..7e00eb8ea741 100644
--- a/modules/cluster-logging-collector-log-forward-fluentd.adoc
+++ b/modules/cluster-logging-collector-log-forward-fluentd.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-fluentd_{context}"]
 = Forwarding logs using the Fluentd forward protocol
 
@@ -6,11 +6,6 @@ You can use the Fluentd *forward* protocol to send a copy of your logs to an ext
 
 To configure log forwarding using the *forward* protocol, you must create a `ClusterLogForwarder` custom resource (CR) with one or more outputs to the Fluentd servers, and pipelines that use those outputs. The Fluentd output can use a TCP (insecure) or TLS (secure TCP) connection.
 
-[NOTE]
-====
-Alternately, you can use a config map to forward logs using the *forward* protocols. However, this method is deprecated in {product-title} and will be removed in a future release.
-====
-
 .Prerequisites
 
 * You must have a logging server that is configured to receive the logging data using the specified protocol or format.
@@ -33,22 +28,20 @@ spec:
      url: 'tls://fluentdserver.security.example.com:24224' <5>
      secret: <6>
         name: fluentd-secret
-        passphrase: phrase <7>
    - name: fluentd-server-insecure
      type: fluentdForward
      url: 'tcp://fluentdserver.home.example.com:24224'
   pipelines:
-   - name: forward-to-fluentd-secure <8>
-     inputRefs:  <9>
+   - name: forward-to-fluentd-secure <7>
+     inputRefs:  <8>
      - application
      - audit
      outputRefs:
-     - fluentd-server-secure <10>
-     - default <11>
-     parse: json <12>
+     - fluentd-server-secure <9>
+     - default <10>
      labels:
-       clusterId: "C1234" <13>
-   - name: forward-to-fluentd-insecure <14>
+       clusterId: "C1234" <11>
+   - name: forward-to-fluentd-insecure <12>
      inputRefs:
      - infrastructure
      outputRefs:
@@ -61,15 +54,13 @@ spec:
 <3> Specify a name for the output.
 <4> Specify the `fluentdForward` type.
 <5> Specify the URL and port of the external Fluentd instance as a valid absolute URL. You can use the `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
-<6> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent.
-<7> Optional: Specify the password or passphrase that protects the private key file.
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
-<12> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
-<13> Optional: String. One or more labels to add to the logs.
-<14> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
+<6> If you are using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project and must contain a `ca-bundle.crt` key that points to the certificate it represents.
+<7> Optional: Specify a name for the pipeline.
+<8> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<9> Specify the name of the output to use when forwarding logs with this pipeline.
+<10> Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
+<11> Optional: String. One or more labels to add to the logs.
+<12> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
 ** A name to describe the pipeline.
 ** The `inputRefs` is the log type to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
 ** The `outputRefs` is the name of the output to use.
diff --git a/modules/cluster-logging-collector-log-forward-gcp.adoc b/modules/cluster-logging-collector-log-forward-gcp.adoc
index 9dfe1b9a7689..70a4170ef309 100644
--- a/modules/cluster-logging-collector-log-forward-gcp.adoc
+++ b/modules/cluster-logging-collector-log-forward-gcp.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
-// cluster-logging-external.adoc
 //
+// * logging/log_collection_forwarding/configuring-log-forwarding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-gcp_{context}"]
 = Forwarding logs to Google Cloud Platform (GCP)
 
@@ -14,7 +14,8 @@ Using this feature with Fluentd is not supported.
 ====
 
 .Prerequisites
-* {logging-title-uc} Operator 5.5.1 and later
+
+* {clo} 5.5.1 and later
 
 .Procedure
 
@@ -28,30 +29,34 @@ $ oc -n openshift-logging create secret generic gcp-secret --from-file google-ap
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogForwarder"
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
 metadata:
-  name: "instance"
-  namespace: "openshift-logging"
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
     - name: gcp-1
       type: googleCloudLogging
       secret:
         name: gcp-secret
       googleCloudLogging:
-        projectId : "openshift-gce-devel" <1>
-        logId : "app-gcp" <2>
+        projectId : "openshift-gce-devel" <4>
+        logId : "app-gcp" <5>
   pipelines:
     - name: test-app
-      inputRefs: <3>
+      inputRefs: <6>
         - application
       outputRefs:
         - gcp-1
 ----
-<1> Set either a `projectId`, `folderId`, `organizationId`, or `billingAccountId` field and its corresponding value, depending on where you want to store your logs in the link:https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy[GCP resource hierarchy].
-<2> Set the value to add to the `logName` field of the link:https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry[Log Entry].
-<3> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Set a `projectId`, `folderId`, `organizationId`, or `billingAccountId` field and its corresponding value, depending on where you want to store your logs in the link:https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy[GCP resource hierarchy].
+<5> Set the value to add to the `logName` field of the link:https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry[Log Entry].
+<6> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
 
 [role="_additional-resources"]
 .Additional resources
diff --git a/modules/cluster-logging-collector-log-forward-kafka.adoc b/modules/cluster-logging-collector-log-forward-kafka.adoc
index a6a611cf2747..b6bc06ff0b68 100644
--- a/modules/cluster-logging-collector-log-forward-kafka.adoc
+++ b/modules/cluster-logging-collector-log-forward-kafka.adoc
@@ -1,7 +1,13 @@
+// Module included in the following assemblies:
+//
+// logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
 [id="cluster-logging-collector-log-forward-kafka_{context}"]
 = Forwarding logs to a Kafka broker
 
-You can forward logs to an external Kafka broker in addition to, or instead of, the default Elasticsearch log store.
+You can forward logs to an external Kafka broker in addition to, or instead of, the default log store.
 
 To configure log forwarding to an external Kafka instance, you must create a `ClusterLogForwarder` custom resource (CR) with an output to that instance, and a pipeline that uses the output. You can include a specific Kafka topic in the output or use the default. The Kafka output can use a TCP (insecure) or TLS (secure TCP) connection.
 
@@ -14,30 +20,30 @@ To configure log forwarding to an external Kafka instance, you must create a `Cl
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: app-logs <3>
-     type: kafka <4>
-     url: tls://kafka.example.devlab.com:9093/app-topic <5>
+   - name: app-logs <4>
+     type: kafka <5>
+     url: tls://kafka.example.devlab.com:9093/app-topic <6>
      secret:
-       name: kafka-secret <6>
+       name: kafka-secret <7>
    - name: infra-logs
      type: kafka
-     url: tcp://kafka.devlab2.example.com:9093/infra-topic <7>
+     url: tcp://kafka.devlab2.example.com:9093/infra-topic <8>
    - name: audit-logs
      type: kafka
      url: tls://kafka.qelab.example.com:9093/audit-topic
      secret:
         name: kafka-secret-qe
   pipelines:
-   - name: app-topic <8>
-     inputRefs: <9>
+   - name: app-topic <9>
+     inputRefs: <10>
      - application
-     outputRefs: <10>
+     outputRefs: <11>
      - app-logs
-     parse: json <11>
      labels:
        logType: "application" <12>
    - name: infra-topic <13>
@@ -52,34 +58,32 @@ spec:
      - audit
      outputRefs:
      - audit-logs
-     - default <14>
      labels:
        logType: "audit"
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `kafka` type.
-<5> Specify the URL and port of the Kafka broker as a valid absolute URL, optionally with a specific topic. You can use the `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
-<6> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent.
-<7> Optional: To send an insecure output, use a `tcp` prefix in front of the URL. Also omit the `secret` key and its `name` from this output.
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `kafka` type.
+<6> Specify the URL and port of the Kafka broker as a valid absolute URL, optionally with a specific topic. You can use the `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
+<7> If you are using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must contain a `ca-bundle.crt` key that points to the certificate it represents. In legacy implementations, the secret must exist in the `openshift-logging` project.
+<8> Optional: To send an insecure output, use a `tcp` prefix in front of the URL. Also omit the `secret` key and its `name` from this output.
+<9> Optional: Specify a name for the pipeline.
+<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<11> Specify the name of the output to use when forwarding logs with this pipeline.
 <12> Optional: String. One or more labels to add to the logs.
 <13> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
 ** A name to describe the pipeline.
 ** The `inputRefs` is the log type to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
 ** The `outputRefs` is the name of the output to use.
 ** Optional: String. One or more labels to add to the logs.
-<14> Optional: Specify `default` to forward logs to the internal Elasticsearch instance.
 
-. Optional: To forward a single output to multiple Kafka brokers, specify an array of Kafka brokers as shown in this example:
+. Optional: To forward a single output to multiple Kafka brokers, specify an array of Kafka brokers as shown in the following example:
 +
 [source,yaml]
 ----
-...
+# ...
 spec:
   outputs:
   - name: app-logs
@@ -91,15 +95,15 @@ spec:
         - tls://kafka-broker1.example.com:9093/
         - tls://kafka-broker2.example.com:9093/
       topic: app-topic <3>
-...
+# ...
 ----
 <1> Specify a `kafka` key that has a `brokers` and `topic` key.
 <2> Use the `brokers` key to specify an array of one or more brokers.
-<3> Use the `topic` key to specify the target topic that will receive the logs.
+<3> Use the `topic` key to specify the target topic that receives the logs.
 
-. Create the CR object:
+. Apply the `ClusterLogForwarder` CR by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc apply -f <filename>.yaml
 ----
diff --git a/modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc b/modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc
index d12fbfe96cd8..285ea042d564 100644
--- a/modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc
+++ b/modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc
@@ -1,4 +1,8 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/configuring-log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-logs-from-application-pods_{context}"]
 = Forwarding application logs from specific pods
 
@@ -18,36 +22,34 @@ To specify the pod labels, you use one or more `matchLabels` key-value pairs. If
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
   pipelines:
     - inputRefs: [ myAppLogData ] <3>
       outputRefs: [ default ] <4>
-      parse: json <5>
-  inputs: <6>
+  inputs: <5>
     - name: myAppLogData
       application:
         selector:
-          matchLabels: <7>
+          matchLabels: <6>
             environment: production
             app: nginx
-        namespaces: <8>
+        namespaces: <7>
         - app1
         - app2
-  outputs: <9>
-    - default
+  outputs: <8>
+    - <output_name>
     ...
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
 <3> Specify one or more comma-separated values from `inputs[].name`.
 <4> Specify one or more comma-separated values from `outputs[]`.
-<5> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
-<6> Define a unique `inputs[].name` for each application that has a unique set of pod labels.
-<7> Specify the key-value pairs of pod labels whose log data you want to gather. You must specify both a key and value, not just a key. To be selected, the pods must match all the key-value pairs.
-<8> Optional: Specify one or more namespaces.
-<9> Specify one or more outputs to forward your log data to. The optional `default` output shown here sends log data to the internal Elasticsearch instance.
+<5> Define a unique `inputs[].name` for each application that has a unique set of pod labels.
+<6> Specify the key-value pairs of pod labels whose log data you want to gather. You must specify both a key and value, not just a key. To be selected, the pods must match all the key-value pairs.
+<7> Optional: Specify one or more namespaces.
+<8> Specify one or more outputs to forward your log data to.
 
 . Optional: To restrict the gathering of log data to specific namespaces, use `inputs[].name.application.namespaces`, as shown in the preceding example.
 
diff --git a/modules/cluster-logging-collector-log-forward-loki.adoc b/modules/cluster-logging-collector-log-forward-loki.adoc
index 82845208ad83..56bd0e2d3069 100644
--- a/modules/cluster-logging-collector-log-forward-loki.adoc
+++ b/modules/cluster-logging-collector-log-forward-loki.adoc
@@ -1,8 +1,12 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-loki_{context}"]
-= Forwarding logs to Loki
+= Forwarding logs to an external Loki logging system
 
-You can forward logs to an external Loki logging system in addition to, or instead of, the internal default {product-title} Elasticsearch instance.
+You can forward logs to an external Loki logging system in addition to, or instead of, the default log store.
 
 To configure log forwarding to Loki, you must create a `ClusterLogForwarder` custom resource (CR) with an output to Loki, and a pipeline that uses the output. The output to Loki can use the HTTP (insecure) or HTTPS (secure HTTP) connection.
 
@@ -16,57 +20,60 @@ To configure log forwarding to Loki, you must create a `ClusterLogForwarder` cus
 +
 [source,yaml]
 ----
-  apiVersion: "logging.openshift.io/v1"
-  kind: ClusterLogForwarder
-  metadata:
-    name: instance <1>
-    namespace: openshift-logging <2>
-  spec:
-    outputs:
-     - name: loki-insecure <3>
-       type: "loki" <4>
-       url: http://loki.insecure.com:3100 <5>
-       loki:
-          tenantKey: kubernetes.namespace_name
-          labelKeys: kubernetes.labels.foo
-     - name: loki-secure <6>
-       type: "loki"
-       url: https://loki.secure.com:3100
-       secret:
-          name: loki-secret <7>
-       loki:
-          tenantKey: kubernetes.namespace_name <8>
-          labelKeys: kubernetes.labels.foo <9>
-    pipelines:
-     - name: application-logs <10>
-       inputRefs:  <11>
-       - application
-       - audit
-       outputRefs: <12>
-       - loki-secure
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
+spec:
+  serviceAccountName: <service_account_name> <3>
+  outputs:
+  - name: loki-insecure <4>
+    type: "loki" <5>
+    url: http://loki.insecure.com:3100 <6>
+    loki:
+      tenantKey: kubernetes.namespace_name
+      labelKeys:
+      - kubernetes.labels.foo
+  - name: loki-secure <7>
+    type: "loki"
+    url: https://loki.secure.com:3100
+    secret:
+      name: loki-secret <8>
+    loki:
+      tenantKey: kubernetes.namespace_name <9>
+      labelKeys:
+      - kubernetes.labels.foo <10>
+  pipelines:
+  - name: application-logs <11>
+    inputRefs:  <12>
+    - application
+    - audit
+    outputRefs: <13>
+    - loki-secure
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the type as `"loki"`.
-<5> Specify the URL and port of the Loki system as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address. Loki's default port for HTTP(S) communication is 3100.
-<6> For a secure connection, you can specify an `https` or `http` URL that you authenticate by specifying a `secret`.
-<7> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. For more information, see the following "Example: Setting secret that contains a username and password."
-<8> Optional: Specify a meta-data key field to generate values for the `TenantID` field in Loki. For example, setting `tenantKey: kubernetes.namespace_name` uses the names of the Kubernetes namespaces as values for tenant IDs in Loki. To see which other log record fields you can specify, see the "Log Record Fields" link in the following "Additional resources" section.
-<9> Optional: Specify a list of meta-data field keys to replace the default Loki labels. Loki label names must match the regular expression `[a-zA-Z_:][a-zA-Z0-9_:]*`. Illegal characters in meta-data keys are replaced with `_` to form the label name. For example, the `kubernetes.labels.foo` meta-data key becomes Loki label `kubernetes_labels_foo`. If you do not set `labelKeys`, the default value is: `[log_type, kubernetes.namespace_name, kubernetes.pod_name, kubernetes_host]`. Keep the set of labels small because Loki limits the size and number of labels allowed. See link:https://grafana.com/docs/loki/latest/configuration/#limits_config[Configuring Loki, limits_config]. You can still query based on any log record field using query filters.
-<10> Optional: Specify a name for the pipeline.
-<11> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<12> Specify the name of the output to use when forwarding logs with this pipeline.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the type as `"loki"`.
+<6> Specify the URL and port of the Loki system as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address. Loki's default port for HTTP(S) communication is 3100.
+<7> For a secure connection, you can specify an `https` or `http` URL that you authenticate by specifying a `secret`.
+<8> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must contain a `ca-bundle.crt` key that points to the certificates it represents. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. In legacy implementations, the secret must exist in the `openshift-logging` project. For more information, see the following "Example: Setting a secret that contains a username and password."
+<9> Optional: Specify a metadata key field to generate values for the `TenantID` field in Loki. For example, setting `tenantKey: kubernetes.namespace_name` uses the names of the Kubernetes namespaces as values for tenant IDs in Loki. To see which other log record fields you can specify, see the "Log Record Fields" link in the following "Additional resources" section.
+<10> Optional: Specify a list of metadata field keys to replace the default Loki labels. Loki label names must match the regular expression `[a-zA-Z_:][a-zA-Z0-9_:]*`. Illegal characters in metadata keys are replaced with `_` to form the label name. For example, the `kubernetes.labels.foo` metadata key becomes Loki label `kubernetes_labels_foo`. If you do not set `labelKeys`, the default value is: `[log_type, kubernetes.namespace_name, kubernetes.pod_name, kubernetes_host]`. Keep the set of labels small because Loki limits the size and number of labels allowed. See link:https://grafana.com/docs/loki/latest/configuration/#limits_config[Configuring Loki, limits_config]. You can still query based on any log record field using query filters.
+<11> Optional: Specify a name for the pipeline.
+<12> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<13> Specify the name of the output to use when forwarding logs with this pipeline.
 +
 [NOTE]
 ====
 Because Loki requires log streams to be correctly ordered by timestamp, `labelKeys` always includes the `kubernetes_host` label set, even if you do not specify it. This inclusion ensures that each stream originates from a single host, which prevents timestamps from becoming disordered due to clock differences on different hosts.
 ====
 
-
-. Create the CR object:
+. Apply the `ClusterLogForwarder` CR object by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc apply -f <filename>.yaml
 ----
diff --git a/modules/cluster-logging-collector-log-forward-project.adoc b/modules/cluster-logging-collector-log-forward-project.adoc
index 19f8880edb5b..c0709fa8a5e7 100644
--- a/modules/cluster-logging-collector-log-forward-project.adoc
+++ b/modules/cluster-logging-collector-log-forward-project.adoc
@@ -1,8 +1,12 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/configuring-log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-project_{context}"]
 = Forwarding application logs from specific projects
 
-You can use the Cluster Log Forwarder to send a copy of the application logs from specific projects to an external log aggregator. You can do this in addition to, or instead of, using the default Elasticsearch log store. You must also configure the external log aggregator to receive log data from {product-title}.
+You can forward a copy of the application logs from specific projects to an external log aggregator, in addition to, or instead of, using the internal log store. You must also configure the external log aggregator to receive log data from {product-title}.
 
 To configure forwarding application logs from a project, you must create a `ClusterLogForwarder` custom resource (CR) with at least one input from a project, optional outputs for other log aggregators, and pipelines that use those inputs and outputs.
 
@@ -12,8 +16,9 @@ To configure forwarding application logs from a project, you must create a `Clus
 
 .Procedure
 
-. Create or edit a YAML file that defines the `ClusterLogForwarder` CR object:
+. Create or edit a YAML file that defines the `ClusterLogForwarder` CR:
 +
+.Example `ClusterLogForwarder` CR
 [source,yaml]
 ----
 apiVersion: logging.openshift.io/v1
@@ -35,19 +40,18 @@ spec:
    - name: my-app-logs
      application:
         namespaces:
-        - my-project
+        - my-project <8>
   pipelines:
-   - name: forward-to-fluentd-insecure <8>
-     inputRefs: <9>
+   - name: forward-to-fluentd-insecure <9>
+     inputRefs: <10>
      - my-app-logs
-     outputRefs: <10>
+     outputRefs: <11>
      - fluentd-server-insecure
-     parse: json <11>
      labels:
        project: "my-project" <12>
    - name: forward-to-fluentd-secure <13>
      inputRefs:
-     - application
+     - application <14>
      - audit
      - infrastructure
      outputRefs:
@@ -58,26 +62,28 @@ spec:
 ----
 <1> The name of the `ClusterLogForwarder` CR must be `instance`.
 <2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the output type: `elasticsearch`, `fluentdForward`, `syslog`, or `kafka`.
-<5> Specify the URL and port of the external log aggregator as a valid absolute URL. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
+<3> The name of the output.
+<4> The output type: `elasticsearch`, `fluentdForward`, `syslog`, or `kafka`.
+<5> The URL and port of the external log aggregator as a valid absolute URL. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
 <6> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project and have *tls.crt*, *tls.key*, and *ca-bundle.crt* keys that each point to the certificates they represent.
-<7> Configuration for an input to filter application logs from the specified projects.
-<8> Configuration for a pipeline to use the input to send project application logs to an external Fluentd instance.
-<9> The `my-app-logs` input.
-<10> The name of the output to use.
-<11> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
+<7> The configuration for an input to filter application logs from the specified projects.
+<8> If no namespace is specified, logs are collected from all namespaces.
+<9> The pipeline configuration directs logs from a named input to a named output. In this example, a pipeline named `forward-to-fluentd-insecure` forwards logs from an input named `my-app-logs` to an output named `fluentd-server-insecure`.
+<10> A list of inputs.
+<11> The name of the output to use.
 <12> Optional: String. One or more labels to add to the logs.
 <13> Configuration for a pipeline to send logs to other log aggregators.
-** Optional: Specify a name for the pipeline.
-** Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-** Specify the name of the output to use when forwarding logs with this pipeline.
-** Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
-** Optional: String. One or more labels to add to the logs.
++
+* Optional: Specify a name for the pipeline.
+* Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+* Specify the name of the output to use when forwarding logs with this pipeline.
+* Optional: Specify the `default` output to forward logs to the default log store.
+* Optional: String. One or more labels to add to the logs.
+<14> Note that application logs from all namespaces are collected when using this configuration.
 
-. Create the CR object:
+. Apply the `ClusterLogForwarder` CR by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc apply -f <filename>.yaml
 ----
diff --git a/modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc b/modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc
index fc8b131c687a..1fa3fd8528a5 100644
--- a/modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc
+++ b/modules/cluster-logging-collector-log-forward-secret-cloudwatch.adoc
@@ -3,9 +3,9 @@
 // * logging/cluster-logging-external.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-secret-cloudwatch_{context}"]
-== Creating a secret for AWS CloudWatch with an existing AWS role
+= Creating a secret for AWS CloudWatch with an existing AWS role
 If you have an existing role for AWS, you can create a secret for AWS with STS using the `oc create secret --from-literal` command.
 
 .Procedure
diff --git a/modules/cluster-logging-collector-log-forward-sts-cloudwatch.adoc b/modules/cluster-logging-collector-log-forward-sts-cloudwatch.adoc
new file mode 100644
index 000000000000..0549fddb7971
--- /dev/null
+++ b/modules/cluster-logging-collector-log-forward-sts-cloudwatch.adoc
@@ -0,0 +1,118 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/configuring-log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cluster-logging-collector-log-forward-sts-cloudwatch_{context}"]
+= Forwarding logs to Amazon CloudWatch from STS enabled clusters
+
+For clusters with AWS Security Token Service (STS) enabled, you can create an AWS service account manually or create a credentials request by using the
+ifdef::openshift-enterprise,openshift-origin[]
+xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc[Cloud Credential Operator(CCO)]
+endif::[]
+ifdef::openshift-dedicated[]
+link:https://docs.openshift.com/container-platform/latest/authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.html[Cloud Credential Operator(CCO)]
+endif::[]
+ utility `ccoctl`.
+
+.Prerequisites
+
+* {logging-title-uc}: 5.5 and later
+
+.Procedure
+
+. Create a `CredentialsRequest` custom resource YAML by using the template below:
++
+.CloudWatch credentials request template
+[source,yaml]
+----
+apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: <your_role_name>-credrequest
+  namespace: openshift-cloud-credential-operator
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: AWSProviderSpec
+    statementEntries:
+      - action:
+          - logs:PutLogEvents
+          - logs:CreateLogGroup
+          - logs:PutRetentionPolicy
+          - logs:CreateLogStream
+          - logs:DescribeLogGroups
+          - logs:DescribeLogStreams
+        effect: Allow
+        resource: arn:aws:logs:*:*:*
+  secretRef:
+    name: <your_role_name>
+    namespace: openshift-logging
+  serviceAccountNames:
+    - logcollector
+----
++
+. Use the `ccoctl` command to create a role for AWS using your `CredentialsRequest` CR. With the `CredentialsRequest` object, this `ccoctl` command creates an IAM role with a trust policy that is tied to the specified OIDC identity provider, and a permissions policy that grants permissions to perform operations on CloudWatch resources. This command also creates a YAML configuration file in `/<path_to_ccoctl_output_dir>/manifests/openshift-logging-<your_role_name>-credentials.yaml`. This secret file contains the `role_arn` key/value used during authentication with the AWS IAM identity provider.
++
+[source,terminal]
+----
+$ ccoctl aws create-iam-roles \
+--name=<name> \
+--region=<aws_region> \
+--credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \
+--identity-provider-arn=arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com <1>
+----
+<1> <name> is the name used to tag your cloud resources and should match the name used during your STS cluster install
++
+. Apply the secret created:
+[source,terminal]
++
+----
+$ oc apply -f output/manifests/openshift-logging-<your_role_name>-credentials.yaml
+----
++
+. Create or edit a `ClusterLogForwarder` custom resource:
++
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
+spec:
+  serviceAccountName: clf-collector <3>
+  outputs:
+   - name: cw <4>
+     type: cloudwatch <5>
+     cloudwatch:
+       groupBy: logType <6>
+       groupPrefix: <group prefix> <7>
+       region: us-east-2 <8>
+     secret:
+        name: <your_secret_name> <9>
+  pipelines:
+    - name: to-cloudwatch <10>
+      inputRefs: <11>
+        - infrastructure
+        - audit
+        - application
+      outputRefs:
+        - cw <12>
+----
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> Specify the `clf-collector` service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `cloudwatch` type.
+<6> Optional: Specify how to group the logs:
++
+* `logType` creates log groups for each log type.
+* `namespaceName` creates a log group for each application name space. Infrastructure and audit logs are unaffected, remaining grouped by `logType`.
+* `namespaceUUID` creates a new log groups for each application namespace UUID. It also creates separate log groups for infrastructure and audit logs.
+<7> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
+<8> Specify the AWS region.
+<9> Specify the name of the secret that contains your AWS credentials.
+<10> Optional: Specify a name for the pipeline.
+<11> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<12> Specify the name of the output to use when forwarding logs with this pipeline.
diff --git a/modules/cluster-logging-collector-log-forward-syslog.adoc b/modules/cluster-logging-collector-log-forward-syslog.adoc
index d5a72e9c2ef6..2cdcd5412bb8 100644
--- a/modules/cluster-logging-collector-log-forward-syslog.adoc
+++ b/modules/cluster-logging-collector-log-forward-syslog.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-log-forward-syslog_{context}"]
 = Forwarding logs using the syslog protocol
 
@@ -6,12 +6,6 @@ You can use the *syslog* link:https://tools.ietf.org/html/rfc3164[RFC3164] or li
 
 To configure log forwarding using the *syslog* protocol, you must create a `ClusterLogForwarder` custom resource (CR) with one or more outputs to the syslog servers, and pipelines that use those outputs. The syslog output can use a UDP, TCP, or TLS connection.
 
-//SME-Feedback-Req: Is the below note accurate?
-[NOTE]
-====
-Alternately, you can use a config map to forward logs using the *syslog* RFC3164 protocols. However, this method is deprecated in {product-title} and will be removed in a future release.
-====
-
 .Prerequisites
 
 * You must have a logging server that is configured to receive the logging data using the specified protocol or format.
@@ -25,19 +19,20 @@ Alternately, you can use a config map to forward logs using the *syslog* RFC3164
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: rsyslog-east <3>
-     type: syslog <4>
-     syslog: <5>
+   - name: rsyslog-east <4>
+     type: syslog <5>
+     syslog: <6>
        facility: local0
        rfc: RFC3164
        payloadKey: message
        severity: informational
-     url: 'tls://rsyslogserver.east.example.com:514' <6>
-     secret: <7>
+     url: 'tls://rsyslogserver.east.example.com:514' <7>
+     secret: <8>
         name: syslog-secret
    - name: rsyslog-west
      type: syslog
@@ -48,16 +43,15 @@ spec:
       procID: myproc
       rfc: RFC5424
       severity: debug
-     url: 'udp://rsyslogserver.west.example.com:514'
+     url: 'tcp://rsyslogserver.west.example.com:514'
   pipelines:
-   - name: syslog-east <8>
-     inputRefs: <9>
+   - name: syslog-east <9>
+     inputRefs: <10>
      - audit
      - application
-     outputRefs: <10>
+     outputRefs: <11>
      - rsyslog-east
-     - default <11>
-     parse: json <12>
+     - default <12>
      labels:
        secure: "true" <13>
        syslog: "east"
@@ -70,18 +64,18 @@ spec:
      labels:
        syslog: "west"
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the `syslog` type.
-<5> Optional: Specify the syslog parameters, listed below.
-<6> Specify the URL and port of the external syslog instance. You can use the `udp` (insecure), `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
-<7> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project, and must have keys of: *tls.crt*, *tls.key*, and *ca-bundle.crt* that point to the respective certificates that they represent.
-<8> Optional: Specify a name for the pipeline.
-<9> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
-<10> Specify the name of the output to use when forwarding logs with this pipeline.
-<11> Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
-<12> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `syslog` type.
+<6> Optional: Specify the syslog parameters, listed below.
+<7> Specify the URL and port of the external syslog instance. You can use the `udp` (insecure), `tcp` (insecure) or `tls` (secure TCP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP address.
+<8> If using a `tls` prefix, you must specify the name of the secret required by the endpoint for TLS communication. The secret must contain a `ca-bundle.crt` key that points to the certificate it represents. In legacy implementations, the secret must exist in the `openshift-logging` project.
+<9> Optional: Specify a name for the pipeline.
+<10> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<11> Specify the name of the output to use when forwarding logs with this pipeline.
+<12> Optional: Specify the `default` output to forward logs to the internal Elasticsearch instance.
 <13> Optional: String. One or more labels to add to the logs. Quote values like "true" so they are recognized as string values, not as a boolean.
 <14> Optional: Configure multiple outputs to forward logs to other external log aggregators of any supported type:
 ** A name to describe the pipeline.
@@ -93,7 +87,7 @@ spec:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc create -f <filename>.yaml
 ----
 
 [id=cluster-logging-collector-log-forward-examples-syslog-log-source]
diff --git a/modules/cluster-logging-collector-log-forwarding-about.adoc b/modules/cluster-logging-collector-log-forwarding-about.adoc
index 41d98d4df978..d5d2d93edae5 100644
--- a/modules/cluster-logging-collector-log-forwarding-about.adoc
+++ b/modules/cluster-logging-collector-log-forwarding-about.adoc
@@ -1,27 +1,9 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-collector-log-forwarding-about_{context}"]
 = About forwarding logs to third-party systems
 
 To send logs to specific endpoints inside and outside your {product-title} cluster, you specify a combination of _outputs_ and _pipelines_ in a `ClusterLogForwarder` custom resource (CR). You can also use _inputs_ to forward the application logs associated with a specific project to an endpoint. Authentication is provided by a Kubernetes _Secret_ object.
 
-_output_:: The destination for log data that you define, or where you want the logs sent. An output can be one of the following types:
-+
---
-* `elasticsearch`. An external Elasticsearch instance. The `elasticsearch` output can use a TLS connection.
-
-* `fluentdForward`. An external log aggregation solution that supports Fluentd. This option uses the Fluentd *forward* protocols. The `fluentForward` output can use a TCP or TLS connection and supports shared-key authentication by providing a *shared_key* field in a secret. Shared-key authentication can be used with or without TLS.
-
-* `syslog`. An external log aggregation solution that supports the syslog link:https://tools.ietf.org/html/rfc3164[RFC3164] or link:https://tools.ietf.org/html/rfc5424[RFC5424] protocols. The `syslog` output can use a UDP, TCP, or TLS connection.
-
-* `cloudwatch`. Amazon CloudWatch, a monitoring and log storage service hosted by Amazon Web Services (AWS).
-
-* `loki`. Loki, a horizontally scalable, highly available, multi-tenant log aggregation system.
-
-* `kafka`. A Kafka broker. The `kafka` output can use a TCP or TLS connection.
-
-* `default`. The internal {product-title} Elasticsearch instance. You are not required to configure the default output. If you do configure a `default` output, you receive an error message because the `default` output is reserved for the Red Hat OpenShift Logging Operator.
---
-+
 _pipeline_:: Defines simple routing from one log type to one or more outputs, or which logs you want to send. The log types are one of the following:
 +
 --
@@ -63,34 +45,34 @@ The following example forwards the audit logs to a secure external Elasticsearch
 apiVersion: "logging.openshift.io/v1"
 kind: ClusterLogForwarder
 metadata:
-  name: instance <1>
-  namespace: openshift-logging <2>
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
-   - name: elasticsearch-secure <3>
+   - name: elasticsearch-secure <4>
      type: "elasticsearch"
      url: https://elasticsearch.secure.com:9200
      secret:
         name: elasticsearch
-   - name: elasticsearch-insecure <4>
+   - name: elasticsearch-insecure <5>
      type: "elasticsearch"
      url: http://elasticsearch.insecure.com:9200
-   - name: kafka-app <5>
+   - name: kafka-app <6>
      type: "kafka"
      url: tls://kafka.secure.com:9093/app-topic
-  inputs: <6>
+  inputs: <7>
    - name: my-app-logs
      application:
         namespaces:
         - my-project
   pipelines:
-   - name: audit-logs <7>
+   - name: audit-logs <8>
      inputRefs:
       - audit
      outputRefs:
       - elasticsearch-secure
       - default
-     parse: json <8>
      labels:
        secure: "true" <9>
        datacenter: "east"
@@ -113,28 +95,28 @@ spec:
      labels:
        datacenter: "south"
 ----
-<1> The name of the `ClusterLogForwarder` CR must be `instance`.
-<2> The namespace for the `ClusterLogForwarder` CR must be `openshift-logging`.
-<3> Configuration for an secure Elasticsearch output using a secret with a secure URL.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Configuration for an secure Elasticsearch output using a secret with a secure URL.
 ** A name to describe the output.
 ** The type of output: `elasticsearch`.
 ** The secure URL and port of the Elasticsearch instance as a valid absolute URL, including the prefix.
 ** The secret required by the endpoint for TLS communication. The secret must exist in the `openshift-logging` project.
-<4> Configuration for an insecure Elasticsearch output:
+<5> Configuration for an insecure Elasticsearch output:
 ** A name to describe the output.
 ** The type of output: `elasticsearch`.
 ** The insecure URL and port of the Elasticsearch instance as a valid absolute URL, including the prefix.
-<5> Configuration for a Kafka output using a client-authenticated TLS communication over a secure URL
+<6> Configuration for a Kafka output using a client-authenticated TLS communication over a secure URL:
 ** A name to describe the output.
 ** The type of output: `kafka`.
 ** Specify the URL and port of the Kafka broker as a valid absolute URL, including the prefix.
-<6> Configuration for an input to filter application logs from the `my-project` namespace.
-<7> Configuration for a pipeline to send audit logs to the secure external Elasticsearch instance:
+<7> Configuration for an input to filter application logs from the `my-project` namespace.
+<8> Configuration for a pipeline to send audit logs to the secure external Elasticsearch instance:
 ** A name to describe the pipeline.
 ** The `inputRefs` is the log type, in this example `audit`.
 ** The `outputRefs` is the name of the output to use, in this example `elasticsearch-secure` to forward to the secure Elasticsearch instance and `default` to forward to the internal Elasticsearch instance.
 ** Optional: Labels to add to the logs.
-<8> Optional: Specify whether to forward structured JSON log entries as JSON objects in the `structured` field. The log entry must contain valid structured JSON; otherwise, OpenShift Logging removes the `structured` field and instead sends the log entry to the default index, `app-00000x`.
 <9> Optional: String. One or more labels to add to the logs. Quote values like "true" so they are recognized as string values, not as a boolean.
 <10> Configuration for a pipeline to send infrastructure logs to the insecure external Elasticsearch instance.
 <11> Configuration for a pipeline to send logs from the `my-project` project to the internal Elasticsearch instance.
@@ -157,14 +139,9 @@ If your external logging aggregator becomes unavailable and cannot receive logs,
 == Supported Authorization Keys
 Common key types are provided here. Some output types support additional specialized keys, documented with the output-specific configuration field. All secret keys are optional. Enable the security features you want by setting the relevant keys. You are responsible for creating and maintaining any additional configurations that external destinations might require, such as keys and secrets, service accounts, port openings, or global proxy configuration. Open Shift Logging will not attempt to verify a mismatch between authorization combinations.
 
-Transport Layer Security (TLS):: Using a TLS URL ('http://...' or 'ssl://...') without a Secret enables basic TLS server-side authentication. Additional TLS features are enabled by including a Secret and setting the following optional fields:
-
-* `tls.crt`: (string) File name containing a client certificate. Enables mutual authentication. Requires `tls.key`.
-
-* `tls.key`: (string) File name containing the private key to unlock the client certificate. Requires `tls.crt`.
+Transport Layer Security (TLS):: Using a TLS URL (`+http://...+` or `+ssl://...+`) without a secret enables basic TLS server-side authentication. Additional TLS features are enabled by including a secret and setting the following optional fields:
 
 * `passphrase`: (string) Passphrase to decode an encoded TLS private key. Requires `tls.key`.
-
 * `ca-bundle.crt`: (string) File name of a customer CA for server authentication.
 
 Username and Password::
@@ -181,14 +158,13 @@ If missing or empty, the system defaults are used.
 == Creating a Secret
 
 You can create a secret in the directory that contains your certificate and key files by using the following command:
-[subs="+quotes"]
+
+[source,terminal]
 ----
-$ oc create secret generic -n openshift-logging <my-secret> \
- --from-file=tls.key=<your_key_file>
- --from-file=tls.crt=<your_crt_file>
- --from-file=ca-bundle.crt=<your_bundle_file>
- --from-literal=username=<your_username>
- --from-literal=password=<your_password>
+$ oc create secret generic -n <namespace> <secret_name> \
+  --from-file=ca-bundle.crt=<your_bundle_file> \
+  --from-literal=username=<your_username> \
+  --from-literal=password=<your_password>
 ----
 
 [NOTE]
diff --git a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-1.adoc b/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-1.adoc
deleted file mode 100644
index 39c1385383fa..000000000000
--- a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-1.adoc
+++ /dev/null
@@ -1,53 +0,0 @@
-// Module included in the following assemblies:
-//
-// logging/cluster-logging-external.adoc
-
-[id="cluster-logging-collector-log-forwarding-supported-plugins-5-1_{context}"]
-
-= Supported log data output types in OpenShift Logging 5.1
-
-Red Hat OpenShift Logging 5.1 provides the following output types and protocols for sending log data to target log collectors.
-
-Red Hat tests each of the combinations shown in the following table. However, you should be able to send log data to a wider range target log collectors that ingest these protocols.
-
-[options="header"]
-|====
-| Output types   | Protocols          | Tested with
-
-| elasticsearch
-| elasticsearch
-a| Elasticsearch 6.8.1
-
-Elasticsearch 6.8.4
-
-Elasticsearch 7.12.2
-
-| fluentdForward
-| fluentd forward v1
-a| fluentd 1.7.4
-
-logstash 7.10.1
-
-| kafka
-| kafka 0.11
-a| kafka 2.4.1
-
-kafka 2.7.0
-
-| syslog
-| RFC-3164, RFC-5424
-| rsyslog-8.39.0
-
-|====
-
-// Note to tech writer, validate these items against the corresponding line of the test configuration file that Red Hat OpenShift Logging 5.0 uses: https://github.com/openshift/origin-aggregated-logging/blob/release-5.0/fluentd/Gemfile.lock
-// This file is the authoritative source of information about which items and versions Red Hat tests and supports.
-// According to this link:https://github.com/zendesk/ruby-kafka#compatibility[Zendesk compatibility list for ruby-kafka], the fluent-plugin-kafka plugin supports Kafka version 0.11.
-// Logstash support is according to https://github.com/openshift/cluster-logging-operator/blob/master/test/functional/outputs/forward_to_logstash_test.go#L37
-
-[NOTE]
-====
-Previously, the syslog output supported only RFC-3164. The current syslog output adds support for RFC-5424.
-====
-
-//ENG-Feedback: How can we reformat this to accurately reflect 5.4? 
diff --git a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-2.adoc b/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-2.adoc
deleted file mode 100644
index aec5cc9350b6..000000000000
--- a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-2.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-// Module included in the following assemblies:
-//
-// logging/cluster-logging-external.adoc
-
-[id="cluster-logging-collector-log-forwarding-supported-plugins-5-2_{context}"]
-
-= Supported log data output types in OpenShift Logging 5.2
-
-Red Hat OpenShift Logging 5.2 provides the following output types and protocols for sending log data to target log collectors.
-
-Red Hat tests each of the combinations shown in the following table. However, you should be able to send log data to a wider range target log collectors that ingest these protocols.
-
-[options="header"]
-|====
-| Output types   | Protocols          | Tested with
-
-| Amazon CloudWatch
-| REST over HTTPS
-| The current version of Amazon CloudWatch
-
-
-| elasticsearch
-| elasticsearch
-a| Elasticsearch 6.8.1
-
-Elasticsearch 6.8.4
-
-Elasticsearch 7.12.2
-
-| fluentdForward
-| fluentd forward v1
-a| fluentd 1.7.4
-
-logstash 7.10.1
-
-| Loki
-| REST over HTTP and HTTPS
-| Loki 2.3.0 deployed on OCP and Grafana labs
-
-| kafka
-| kafka 0.11
-a| kafka 2.4.1
-
-kafka 2.7.0
-
-| syslog
-| RFC-3164, RFC-5424
-| rsyslog-8.39.0
-
-|====
-
-// Note to tech writer, validate these items against the corresponding line of the test configuration file that Red Hat OpenShift Logging 5.0 uses: https://github.com/openshift/origin-aggregated-logging/blob/release-5.0/fluentd/Gemfile.lock
-// This file is the authoritative source of information about which items and versions Red Hat tests and supports.
-// According to this link:https://github.com/zendesk/ruby-kafka#compatibility[Zendesk compatibility list for ruby-kafka], the fluent-plugin-kafka plugin supports Kafka version 0.11.
-// Logstash support is according to https://github.com/openshift/cluster-logging-operator/blob/master/test/functional/outputs/forward_to_logstash_test.go#L37
diff --git a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-3.adoc b/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-3.adoc
deleted file mode 100644
index 72ec71c764b7..000000000000
--- a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-3.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-// Module included in the following assemblies:
-//
-// logging/cluster-logging-external.adoc
-
-[id="cluster-logging-collector-log-forwarding-supported-plugins-5-3_{context}"]
-
-= Supported log data output types in OpenShift Logging 5.3
-
-Red Hat OpenShift Logging 5.3 provides the following output types and protocols for sending log data to target log collectors.
-
-Red Hat tests each of the combinations shown in the following table. However, you should be able to send log data to a wider range target log collectors that ingest these protocols.
-
-[options="header"]
-|====
-| Output types   | Protocols          | Tested with
-
-| Amazon CloudWatch
-| REST over HTTPS
-| The current version of Amazon CloudWatch
-
-
-| elasticsearch
-| elasticsearch
-a| Elasticsearch 7.10.1
-
-| fluentdForward
-| fluentd forward v1
-a| fluentd 1.7.4
-
-logstash 7.10.1
-
-| Loki
-| REST over HTTP and HTTPS
-| Loki 2.2.1 deployed on OCP
-
-| kafka
-| kafka 0.11
-a| kafka 2.7.0
-
-| syslog
-| RFC-3164, RFC-5424
-| rsyslog-8.39.0
-
-|====
-
-// Note: validate these items against the corresponding line of the test configuration files that Red Hat OpenShift Logging uses:
-//
-// cloudwatch       https://github.com/openshift/cluster-logging-operator/blob/release-5.3/test/functional/outputs/forward_to_cloudwatch_test.go#L18
-// elasticsearch    https://github.com/openshift/cluster-logging-operator/blob/release-5.3/test/functional/outputs/forward_to_elasticsearch_index_test.go#L17
-// es fluentd       https://github.com/ViaQ/logging-fluentd/blob/release-5.5/fluentd/Gemfile.lock#L55
-// fluentd          https://github.com/openshift/cluster-logging-operator/blob/release-5.3/Makefile#L23
-// kafka            https://github.com/openshift/cluster-logging-operator/blob/release-5.3/test/helpers/kafka/constants.go#L17
-// kafka fluentd    https://github.com/zendesk/ruby-kafka/tree/v1.4.0#compatibility
-// logstash         https://github.com/openshift/cluster-logging-operator/blob/release-5.3/test/functional/outputs/forward_to_logstash_test.go#L30 
-// loki             https://github.com/openshift/cluster-logging-operator/blob/release-5.3/test/helpers/loki/receiver.go#L25
-// syslog protocols https://github.com/openshift/cluster-logging-operator/tree/release-5.3/test/functional/outputs/syslog
-// syslog version   https://github.com/openshift/cluster-logging-operator/blob/release-5.3/test/framework/functional/output_syslog.go#L13
diff --git a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-4.adoc b/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-4.adoc
deleted file mode 100644
index c41053c98de8..000000000000
--- a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-4.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-// Module included in the following assemblies:
-//
-// logging/cluster-logging-external.adoc
-
-[id="cluster-logging-collector-log-forwarding-supported-plugins-5-4_{context}"]
-
-= Supported log data output types in OpenShift Logging 5.4
-
-Red Hat OpenShift Logging 5.4 provides the following output types and protocols for sending log data to target log collectors.
-
-Red Hat tests each of the combinations shown in the following table. However, you should be able to send log data to a wider range target log collectors that ingest these protocols.
-
-[options="header"]
-|====
-| Output types   | Protocols          | Tested with
-
-| Amazon CloudWatch
-| REST over HTTPS
-| The current version of Amazon CloudWatch
-
-
-| elasticsearch
-| elasticsearch
-a| Elasticsearch 7.10.1
-
-| fluentdForward
-| fluentd forward v1
-a| fluentd 1.14.5
-
-logstash 7.10.1
-
-| Loki
-| REST over HTTP and HTTPS
-| Loki 2.2.1 deployed on OCP
-
-| kafka
-| kafka 0.11
-a| kafka 2.7.0
-
-| syslog
-| RFC-3164, RFC-5424
-| rsyslog-8.39.0
-
-|====
-
-// Note: validate these items against the corresponding line of the test configuration files that Red Hat OpenShift Logging uses:
-//
-// cloudwatch       https://github.com/openshift/cluster-logging-operator/blob/release-5.4/test/functional/outputs/forward_to_cloudwatch_test.go#L18
-// elasticsearch    https://github.com/openshift/cluster-logging-operator/blob/release-5.4/test/functional/outputs/forward_to_elasticsearch_index_test.go#L17
-// es fluentd       https://github.com/ViaQ/logging-fluentd/blob/release-5.5/fluentd/Gemfile.lock#L55
-// fluentd          https://github.com/openshift/cluster-logging-operator/blob/release-5.4/Makefile#L23
-// kafka            https://github.com/openshift/cluster-logging-operator/blob/release-5.4/test/helpers/kafka/constants.go#L17
-// kafka fluentd    https://github.com/zendesk/ruby-kafka/tree/v1.4.0#compatibility
-// logstash         https://github.com/openshift/cluster-logging-operator/blob/release-5.4/test/functional/outputs/forward_to_logstash_test.go#L30 
-// loki             https://github.com/openshift/cluster-logging-operator/blob/release-5.4/test/helpers/loki/receiver.go#L26
-// syslog protocols https://github.com/openshift/cluster-logging-operator/tree/release-5.4/test/functional/outputs/syslog
-// syslog version   https://github.com/openshift/cluster-logging-operator/blob/release-5.4/test/framework/functional/output_syslog.go#L13
diff --git a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-5.adoc b/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-5.adoc
deleted file mode 100644
index 0ee234a1d603..000000000000
--- a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-5.adoc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Module included in the following assemblies:
-//
-// logging/cluster-logging-external.adoc
-
-[id="cluster-logging-collector-log-forwarding-supported-plugins-5-5_{context}"]
-
-= Supported log data output types in OpenShift Logging 5.5
-
-Red Hat OpenShift Logging 5.5 provides the following output types and protocols for sending log data to target log collectors.
-
-Red Hat tests each of the combinations shown in the following table. However, you should be able to send log data to a wider range target log collectors that ingest these protocols.
-
-[options="header"]
-|====
-| Output types   | Protocols          | Tested with
-
-| Amazon CloudWatch
-| REST over HTTPS
-| The current version of Amazon CloudWatch
-
-
-| elasticsearch
-| elasticsearch
-a| Elasticsearch 7.10.1
-
-| fluentdForward
-| fluentd forward v1
-a| fluentd 1.14.6
-
-logstash 7.10.1
-
-| Loki
-| REST over HTTP and HTTPS
-| Loki 2.5.0 deployed on OCP
-
-| kafka
-| kafka 0.11
-a| kafka 2.7.0
-
-| syslog
-| RFC-3164, RFC-5424
-| rsyslog-8.39.0
-
-|====
-
-// Note: validate these items against the corresponding line of the test configuration files that Red Hat OpenShift Logging uses:
-//
-// cloudwatch       https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/functional/outputs/forward_to_cloudwatch_test.go#L18
-// elasticsearch    https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/functional/outputs/elasticsearch/forward_to_elasticsearch_index_test.go#L24
-// elasticsearch    https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/framework/functional/output_elasticsearch7.go#L13
-// es fluentd       https://github.com/ViaQ/logging-fluentd/blob/release-5.5/fluentd/Gemfile.lock#L55
-// fluentd          https://github.com/openshift/cluster-logging-operator/blob/release-5.5/Makefile#L24
-// kafka            https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/helpers/kafka/constants.go#L17
-// kafka fluentd    https://github.com/zendesk/ruby-kafka/tree/v1.4.0#compatibility
-// logstash         https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/functional/outputs/forward_to_logstash_test.go#L30 
-// loki             https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/helpers/loki/receiver.go#L26
-// syslog protocols https://github.com/openshift/cluster-logging-operator/tree/release-5.5/test/functional/outputs/syslog
-// syslog version   https://github.com/openshift/cluster-logging-operator/blob/release-5.5/test/framework/functional/output_syslog.go#L14
\ No newline at end of file
diff --git a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-6.adoc b/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-6.adoc
deleted file mode 100644
index f93995221cb7..000000000000
--- a/modules/cluster-logging-collector-log-forwarding-supported-plugins-5-6.adoc
+++ /dev/null
@@ -1,67 +0,0 @@
-// Module included in the following assemblies:
-//
-// logging/cluster-logging-external.adoc
-
-[id="cluster-logging-collector-log-forwarding-supported-plugins-5-6_{context}"]
-
-= Supported log data output types in OpenShift Logging 5.6
-
-Red Hat OpenShift Logging 5.6 provides the following output types and protocols for sending log data to target log collectors.
-
-Red Hat tests each of the combinations shown in the following table. However, you should be able to send log data to a wider range target log collectors that ingest these protocols.
-
-[options="header"]
-|====
-| Output types   | Protocols          | Tested with
-
-| Amazon CloudWatch
-| REST over HTTPS
-| The current version of Amazon CloudWatch
-
-
-| elasticsearch
-| elasticsearch
-a| Elasticsearch 6.8.23
-
-Elasticsearch 7.10.1
-
-Elasticsearch 8.6.1
-
-| fluentdForward
-| fluentd forward v1
-a| fluentd 1.14.6
-
-logstash 7.10.1
-
-| Loki
-| REST over HTTP and HTTPS
-| Loki 2.5.0 deployed on OCP
-
-| kafka
-| kafka 0.11
-a| kafka 2.7.0
-
-| syslog
-| RFC-3164, RFC-5424
-| rsyslog-8.39.0
-
-|====
-
-[IMPORTANT]
-====
-Fluentd doesn't support Elasticsearch 8 as of 5.6.2.
-Vector doesn't support fluentd/logstash/rsyslog before 5.7.0.
-====
-
-// Note: validate these items against the corresponding line of the test configuration files that Red Hat OpenShift Logging uses:
-//
-// cloudwatch       https://github.com/openshift/cluster-logging-operator/blob/release-5.6/test/functional/outputs/cloudwatch/forward_to_cloudwatch_test.go#L13
-// elasticsearch    https://github.com/openshift/cluster-logging-operator/blob/release-5.6/test/framework/functional/output_elasticsearch.go#L16-L18
-// es fluentd       https://github.com/ViaQ/logging-fluentd/blob/release-5.6/fluentd/Gemfile.lock#L55
-// fluentd          https://github.com/openshift/cluster-logging-operator/blob/release-5.6/Makefile#L50
-// kafka            https://github.com/openshift/cluster-logging-operator/blob/release-5.6/test/helpers/kafka/constants.go#L17
-// kafka fluentd    https://github.com/zendesk/ruby-kafka/tree/v1.4.0#compatibility
-// logstash         https://github.com/openshift/cluster-logging-operator/blob/release-5.6/test/functional/outputs/forward_to_logstash_test.go#L30 
-// loki             https://github.com/openshift/cluster-logging-operator/blob/release-5.6/test/helpers/loki/receiver.go#L27
-// syslog protocols https://github.com/openshift/cluster-logging-operator/tree/release-5.6/test/functional/outputs/syslog
-// syslog version   https://github.com/openshift/cluster-logging-operator/blob/release-5.6/test/framework/functional/output_syslog.go#L14
diff --git a/modules/cluster-logging-collector-pod-location.adoc b/modules/cluster-logging-collector-pod-location.adoc
index 47d350339f6d..47adf0104ddd 100644
--- a/modules/cluster-logging-collector-pod-location.adoc
+++ b/modules/cluster-logging-collector-pod-location.adoc
@@ -2,47 +2,28 @@
 //
 // * logging/cluster-logging-collector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-pod-location_{context}"]
 = Viewing logging collector pods
 
-You can view the Fluentd logging collector pods and the corresponding nodes that they are running on. The Fluentd logging collector pods run only in the `openshift-logging` project.
+You can view the logging collector pods and the corresponding nodes that they are running on.
 
 .Procedure
 
-* Run the following command in the `openshift-logging` project to view the Fluentd logging collector pods and their details:
-
+* Run the following command in a project to view the logging collector pods and their details:
++
 [source,terminal]
 ----
-$ oc get pods --selector component=collector -o wide -n openshift-logging
+$ oc get pods --selector component=collector -o wide -n <project_name>
 ----
-
++
 .Example output
 [source,terminal]
 ----
 NAME           READY  STATUS    RESTARTS   AGE     IP            NODE                  NOMINATED NODE   READINESS GATES
-fluentd-8d69v  1/1    Running   0          134m    10.130.2.30   master1.example.com   <none>           <none>
-fluentd-bd225  1/1    Running   0          134m    10.131.1.11   master2.example.com   <none>           <none>
-fluentd-cvrzs  1/1    Running   0          134m    10.130.0.21   master3.example.com   <none>           <none>
-fluentd-gpqg2  1/1    Running   0          134m    10.128.2.27   worker1.example.com   <none>           <none>
-fluentd-l9j7j  1/1    Running   0          134m    10.129.2.31   worker2.example.com   <none>           <none>
-----
-
-////
-[source,terminal]
-----
-$ oc get pods -o wide | grep rsyslog
-----
-
-.Example output
-[source,terminal]
-----
-NAME                         READY     STATUS    RESTARTS   AGE     IP            NODE                           NOMINATED NODE   READINESS GATES
-rsyslog-5gtfs                1/1       Running   0          3m6s    10.130.0.40   ip-10-0-148-139.ec2.internal   <none>           <none>
-rsyslog-67rv6                1/1       Running   0          3m6s    10.128.2.13   ip-10-0-158-206.ec2.internal   <none>           <none>
-rsyslog-bqgjn                1/1       Running   0          3m6s    10.131.0.11   ip-10-0-132-167.ec2.internal   <none>           <none>
-rsyslog-cjmdp                1/1       Running   0          3m6s    10.129.2.16   ip-10-0-139-191.ec2.internal   <none>           <none>
-rsyslog-kqlzh                1/1       Running   0          3m6s    10.129.0.37   ip-10-0-141-243.ec2.internal   <none>           <none>
-rsyslog-nhshr                1/1       Running   0          3m6s    10.128.0.41   ip-10-0-143-38.ec2.internal    <none>           <none>
+collector-8d69v  1/1    Running   0          134m    10.130.2.30   master1.example.com   <none>           <none>
+collector-bd225  1/1    Running   0          134m    10.131.1.11   master2.example.com   <none>           <none>
+collector-cvrzs  1/1    Running   0          134m    10.130.0.21   master3.example.com   <none>           <none>
+collector-gpqg2  1/1    Running   0          134m    10.128.2.27   worker1.example.com   <none>           <none>
+collector-l9j7j  1/1    Running   0          134m    10.129.2.31   worker2.example.com   <none>           <none>
 ----
-////
diff --git a/modules/cluster-logging-collector-tolerations.adoc b/modules/cluster-logging-collector-tolerations.adoc
index 1738a57067bb..eb8a555f8e35 100644
--- a/modules/cluster-logging-collector-tolerations.adoc
+++ b/modules/cluster-logging-collector-tolerations.adoc
@@ -1,69 +1,98 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-collector.adoc
+// * logging/scheduling_resources/logging-taints-tolerations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-tolerations_{context}"]
-= Using tolerations to control the log collector pod placement
+= Using tolerations to control log collector pod placement
 
-You can ensure which nodes the logging collector pods run on and prevent
-other workloads from using those nodes by using tolerations on the pods.
-
-You apply tolerations to logging collector pods through the `ClusterLogging` custom resource (CR)
-and apply taints to a node through the node specification. You can use taints and tolerations
-to ensure the pod does not get evicted for things like memory and CPU issues.
-
-By default, the logging collector pods have the following toleration:
+By default, log collector pods have the following `tolerations` configuration:
 
 [source,yaml]
 ----
-tolerations:
-- key: "node-role.kubernetes.io/master"
-  operator: "Exists"
-  effect: "NoExecute"
+apiVersion: v1
+kind: Pod
+metadata:
+  name: collector-example
+  namespace: openshift-logging
+spec:
+# ...
+  collection:
+    type: vector
+    tolerations:
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/master
+      operator: Exists
+    - effect: NoSchedule
+      key: node.kubernetes.io/disk-pressure
+      operator: Exists
+    - effect: NoExecute
+      key: node.kubernetes.io/not-ready
+      operator: Exists
+    - effect: NoExecute
+      key: node.kubernetes.io/unreachable
+      operator: Exists
+    - effect: NoSchedule
+      key: node.kubernetes.io/memory-pressure
+      operator: Exists
+    - effect: NoSchedule
+      key: node.kubernetes.io/pid-pressure
+      operator: Exists
+    - effect: NoSchedule
+      key: node.kubernetes.io/unschedulable
+      operator: Exists
+# ...
 ----
 
 .Prerequisites
 
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
+* You have installed the {clo} and {oc-first}.
 
 .Procedure
 
-. Use the following command to add a taint to a node where you want logging collector pods to schedule logging collector pods:
+. Add a taint to a node where you want logging collector pods to schedule logging collector pods by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm taint nodes <node-name> <key>=<value>:<effect>
+$ oc adm taint nodes <node_name> <key>=<value>:<effect>
 ----
 +
-For example:
-+
+.Example command
 [source,terminal]
 ----
 $ oc adm taint nodes node1 collector=node:NoExecute
 ----
 +
-This example places a taint on `node1` that has key `collector`, value `node`, and taint effect `NoExecute`.
-You must use the `NoExecute` taint effect. `NoExecute` schedules only pods that match the taint and removes existing pods
-that do not match.
+This example places a taint on `node1` that has key `collector`, value `node`, and taint effect `NoExecute`. You must use the `NoExecute` taint effect. `NoExecute` schedules only pods that match the taint and removes existing pods that do not match.
 
 . Edit the `collection` stanza of the `ClusterLogging` custom resource (CR) to configure a toleration for the logging collector pods:
 +
 [source,yaml]
 ----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+# ...
+spec:
+# ...
   collection:
-    logs:
-      type: "fluentd"
-      fluentd:
-        tolerations:
-        - key: "collector"  <1>
-          operator: "Exists"  <2>
-          effect: "NoExecute"  <3>
-          tolerationSeconds: 6000  <4>
+    type: vector
+    tolerations:
+    - key: collector <1>
+      operator: Exists <2>
+      effect: NoExecute <3>
+      tolerationSeconds: 6000 <4>
+    resources:
+      limits:
+        memory: 2Gi
+      requests:
+        cpu: 100m
+        memory: 1Gi
+# ...
 ----
 <1> Specify the key that you added to the node.
 <2> Specify the `Exists` operator to require the `key`/`value`/`effect` parameters to match.
 <3> Specify the `NoExecute` effect.
 <4> Optionally, specify the `tolerationSeconds` parameter to set how long a pod can remain bound to a node before being evicted.
 
-This toleration matches the taint created by the `oc adm taint` command. A pod with this toleration would be able to schedule onto `node1`.
+This toleration matches the taint created by the `oc adm taint` command. A pod with this toleration can be scheduled onto `node1`.
diff --git a/modules/cluster-logging-collector-tuning.adoc b/modules/cluster-logging-collector-tuning.adoc
index a0217dd494aa..d96be37f9a39 100644
--- a/modules/cluster-logging-collector-tuning.adoc
+++ b/modules/cluster-logging-collector-tuning.adoc
@@ -1,12 +1,14 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-collector.adoc
+// * logging/log_collection_forwarding/cluster-logging-collector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-collector-tuning_{context}"]
-= Advanced configuration for the log forwarder
+= Advanced configuration for the Fluentd log forwarder
 
-The {logging-title} includes multiple Fluentd parameters that you can use for tuning the performance of the Fluentd log forwarder. With these parameters, you can change the following Fluentd behaviors:
+include::snippets/logging-fluentd-dep-snip.adoc[]
+
+{logging-uc} includes multiple Fluentd parameters that you can use for tuning the performance of the Fluentd log forwarder. With these parameters, you can change the following Fluentd behaviors:
 
 * Chunk and chunk buffer sizes
 * Chunk flushing behavior
@@ -45,7 +47,7 @@ These parameters are:
 
 |`totalLimitSize`
 |The maximum size of the buffer, which is the total size of the stage and the queue. If the buffer size exceeds this value, Fluentd stops adding data to chunks and fails with an error. All data not in chunks is lost.
-|`8G`
+|Approximately 15% of the node disk distributed across all outputs.
 
 |`flushInterval`
 |The interval between chunk flushes. You can use `s` (seconds), `m` (minutes), `h` (hours), or `d` (days).
@@ -114,7 +116,7 @@ metadata:
   name: instance
   namespace: openshift-logging
 spec:
-  forwarder:
+  collection:
     fluentd:
       buffer:
         chunkLimitSize: 8m <1>
@@ -126,7 +128,7 @@ spec:
         retryType: periodic <7>
         retryWait: 1s <8>
         totalLimitSize: 32m <9>
-...
+# ...
 ----
 <1> Specify the maximum size of each chunk before it is queued for flushing.
 <2> Specify the interval between chunk flushes.
@@ -149,25 +151,26 @@ $ oc get pods -l component=collector -n openshift-logging
 +
 [source,terminal]
 ----
-$ oc extract configmap/fluentd --confirm
+$ oc extract configmap/collector-config --confirm
 ----
 +
 .Example fluentd.conf
 [source,terminal]
 ----
 <buffer>
- @type file
- path '/var/lib/fluentd/default'
- flush_mode interval
- flush_interval 5s
- flush_thread_count 3
- retry_type periodic
- retry_wait 1s
- retry_max_interval 300s
- retry_timeout 60m
- queued_chunks_limit_size "#{ENV['BUFFER_QUEUE_LIMIT'] || '32'}"
- total_limit_size 32m
- chunk_limit_size 8m
- overflow_action throw_exception
+  @type file
+  path '/var/lib/fluentd/default'
+  flush_mode interval
+  flush_interval 5s
+  flush_thread_count 3
+  retry_type periodic
+  retry_wait 1s
+  retry_max_interval 300s
+  retry_timeout 60m
+  queued_chunks_limit_size "#{ENV['BUFFER_QUEUE_LIMIT'] || '32'}"
+  total_limit_size "#{ENV['TOTAL_LIMIT_SIZE_PER_BUFFER'] || '8589934592'}"
+  chunk_limit_size 8m
+  overflow_action throw_exception
+  disable_chunk_backup true
 </buffer>
 ----
diff --git a/modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc b/modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc
index 44ef382c5ed0..38b4e93e7fa2 100644
--- a/modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc
+++ b/modules/cluster-logging-configuration-of-json-log-data-for-default-elasticsearch.adoc
@@ -12,11 +12,11 @@ If you forward JSON logs to the default Elasticsearch instance managed by OpenSh
 
 You can use the following structure types in the `ClusterLogForwarder` CR to construct index names for the Elasticsearch log store:
 
-* `structuredTypeKey` (string, optional) is the name of a message field. The value of that field, if present, is used to construct the index name.
+* `structuredTypeKey` is the name of a message field. The value of that field is used to construct the index name.
 ** `kubernetes.labels.<key>` is the Kubernetes pod label whose value is used to construct the index name.
 ** `openshift.labels.<key>` is the `pipeline.label.<key>` element in the `ClusterLogForwarder` CR whose value is used to construct the index name.
 ** `kubernetes.container_name` uses the container name to construct the index name.
-* `structuredTypeName`: (string, optional) If `structuredTypeKey` is not set or its key is not present, OpenShift Logging uses the value of `structuredTypeName` as the structured type. When you use both `structuredTypeKey` and `structuredTypeName` together,  `structuredTypeName` provides a fallback index name if the key in `structuredTypeKey` is missing from the JSON log data.
+* `structuredTypeName`: If the `structuredTypeKey` field is not set or its key is not present, the `structuredTypeName` value is used as the structured type. When you use both the `structuredTypeKey` field and the `structuredTypeName` field together, the `structuredTypeName` value provides a fallback index name if the key in the `structuredTypeKey` field is missing from the JSON log data.
 
 [NOTE]
 ====
@@ -33,14 +33,22 @@ Suppose the following:
 
 [source,yaml]
 ----
-outputDefaults:
- elasticsearch:
-    structuredTypeKey: kubernetes.labels.logFormat <1>
-    structuredTypeName: nologformat
-pipelines:
-- inputRefs: <application>
-  outputRefs: default
-  parse: json <2>
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+# ...
+spec:
+# ...
+  outputDefaults:
+    elasticsearch:
+      structuredTypeKey: kubernetes.labels.logFormat <1>
+      structuredTypeName: nologformat
+  pipelines:
+  - inputRefs:
+    - application
+    outputRefs:
+    - default
+    parse: json <2>
 ----
 <1> Uses the value of the key-value pair that is formed by the Kubernetes `logFormat` label.
 <2> Enables parsing JSON logs.
diff --git a/modules/cluster-logging-configuring-image-about.adoc b/modules/cluster-logging-configuring-image-about.adoc
index f0b6522dba2c..842c6e764f74 100644
--- a/modules/cluster-logging-configuring-image-about.adoc
+++ b/modules/cluster-logging-configuring-image-about.adoc
@@ -5,7 +5,7 @@
 [id="cluster-logging-configuring-image-about_{context}"]
 = Understanding {logging} component images
 
-There are several components in the {logging-title}, each one implemented with one or more images. Each image is specified by an environment variable
+There are several components in {logging}, each one implemented with one or more images. Each image is specified by an environment variable
 defined in the *cluster-logging-operator* deployment in the *openshift-logging* project and should not be changed.
 
 You can view the images by running the following command:
diff --git a/modules/cluster-logging-cpu-memory.adoc b/modules/cluster-logging-cpu-memory.adoc
index 0971d084f6af..3c06f7479d8b 100644
--- a/modules/cluster-logging-cpu-memory.adoc
+++ b/modules/cluster-logging-cpu-memory.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-collector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-memory-limits_{context}"]
 = Configuring CPU and memory limits
 
diff --git a/modules/cluster-logging-dashboards-access.adoc b/modules/cluster-logging-dashboards-access.adoc
index 9f1b1effaca1..ac6377b7011d 100644
--- a/modules/cluster-logging-dashboards-access.adoc
+++ b/modules/cluster-logging-dashboards-access.adoc
@@ -1,13 +1,14 @@
+// Module included in the following assemblies:
 //
-// * logging/cluster-logging-dashboards.adoc
+// * logging/log_visualization/cluster-logging-dashboards.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-dashboards-access_{context}"]
 = Accessing the Elasticsearch and OpenShift Logging dashboards
 
-You can view the *Logging/Elasticsearch Nodes* and *OpenShift Logging* dashboards in the 
+You can view the *Logging/Elasticsearch Nodes* and *OpenShift Logging* dashboards in the
 ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} web console. 
+{product-title} web console.
 endif::[]
 ifdef::openshift-rosa,openshift-dedicated[]
 {cluster-manager-url}.
@@ -21,7 +22,7 @@ ifndef::openshift-rosa,openshift-dedicated[]
 . In the {product-title} web console, click *Observe* -> *Dashboards*.
 endif::[]
 ifdef::openshift-rosa,openshift-dedicated[]
-. In the {product-title} {hybrid-console}, click *Observe* -> *Dashboards*. 
+. In the {product-title} {hybrid-console}, click *Observe* -> *Dashboards*.
 endif::[]
 
 . On the *Dashboards* page, select *Logging/Elasticsearch Nodes* or *OpenShift Logging* from the *Dashboard* menu.
diff --git a/modules/cluster-logging-dashboards-es.adoc b/modules/cluster-logging-dashboards-es.adoc
index 7db01c18985b..c24b016f5086 100644
--- a/modules/cluster-logging-dashboards-es.adoc
+++ b/modules/cluster-logging-dashboards-es.adoc
@@ -1,13 +1,13 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-dashboards.adoc
+// * logging/log_visualization/cluster-logging-dashboards.adoc
 
 [id="cluster-logging-dashboards-es_{context}"]
-= Charts on the Logging/Elasticsearch nodes dashboard  
+= Charts on the Logging/Elasticsearch nodes dashboard
 
 The *Logging/Elasticsearch Nodes* dashboard contains charts that show details about your Elasticsearch instance, many at node-level, for further diagnostics.
 
-Elasticsearch status::  
+Elasticsearch status::
 
 The *Logging/Elasticsearch Nodes* dashboard contains the following charts about the status of your Elasticsearch instance.
 
@@ -16,20 +16,20 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |===
 |Metric|Description
 
-|Cluster status 
-a|The cluster health status during the selected time period, using the Elasticsearch green, yellow, and red statuses: 
+|Cluster status
+a|The cluster health status during the selected time period, using the Elasticsearch green, yellow, and red statuses:
 
-* 0 - Indicates that the Elasticsearch instance is in green status, which means that all shards are allocated. 
-* 1 - Indicates that the Elasticsearch instance is in yellow status, which means that replica shards for at least one shard are not allocated. 
+* 0 - Indicates that the Elasticsearch instance is in green status, which means that all shards are allocated.
+* 1 - Indicates that the Elasticsearch instance is in yellow status, which means that replica shards for at least one shard are not allocated.
 * 2 - Indicates that the Elasticsearch instance is in red status, which means that at least one primary shard and its replicas are not allocated.
 
-|Cluster nodes 
+|Cluster nodes
 |The total number of Elasticsearch nodes in the cluster.
 
-|Cluster data nodes 
+|Cluster data nodes
 |The number of Elasticsearch data nodes in the cluster.
 
-|Cluster pending tasks 
+|Cluster pending tasks
 |The number of cluster state changes that are not finished and are waiting in a cluster queue, for example, index creation, index deletion, or shard allocation. A growing trend indicates that the cluster is not able to keep up with changes.
 
 |===
@@ -52,14 +52,14 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |===
 |Metric|Description
 
-|Cluster active shards 
+|Cluster active shards
 |The number of active primary shards and the total number of shards, including replicas, in the cluster. If the number of shards grows higher, the cluster performance can start degrading.
 
-|Cluster initializing shards 
+|Cluster initializing shards
 |The number of non-active shards in the cluster. A non-active shard is one that is initializing, being reallocated to a different node, or is unassigned. A cluster typically has non–active shards for short periods. A growing number of non–active shards over longer periods could indicate a problem.
 
-|Cluster relocating shards 
-|The number of shards that Elasticsearch is relocating to a new node. Elasticsearch relocates nodes for multiple reasons, such as high memory use on a node or after a new node is added to the cluster. 
+|Cluster relocating shards
+|The number of shards that Elasticsearch is relocating to a new node. Elasticsearch relocates nodes for multiple reasons, such as high memory use on a node or after a new node is added to the cluster.
 
 |Cluster unassigned shards
 |The number of unassigned shards. Elasticsearch shards might be unassigned for reasons such as a new index being added or the failure of a node.
@@ -68,7 +68,7 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 
 Elasticsearch node metrics::
 
-Each Elasticsearch node has a finite amount of resources that can be used to process tasks. When all the resources are being used and Elasticsearch attempts to perform a new task, Elasticsearch put the tasks into a queue until some resources become available. 
+Each Elasticsearch node has a finite amount of resources that can be used to process tasks. When all the resources are being used and Elasticsearch attempts to perform a new task, Elasticsearch puts the tasks into a queue until some resources become available.
 
 The *Logging/Elasticsearch Nodes* dashboard contains the following charts about resource usage for a selected node and the number of tasks waiting in the Elasticsearch queue.
 
@@ -80,41 +80,41 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |ThreadPool tasks
 |The number of waiting tasks in individual queues, shown by task type. A long–term accumulation of tasks in any queue could indicate node resource shortages or some other problem.
 
-|CPU usage 
+|CPU usage
 |The amount of CPU being used by the selected Elasticsearch node as a percentage of the total CPU allocated to the host container.
 
-|Memory usage 
+|Memory usage
 |The amount of memory being used by the selected Elasticsearch node.
 
-|Disk usage 
-|The total disk space being used for index data and metadata on the selected Elasticsearch node. 
+|Disk usage
+|The total disk space being used for index data and metadata on the selected Elasticsearch node.
 
-|Documents indexing rate 
+|Documents indexing rate
 |The rate that documents are indexed on the selected Elasticsearch node.
 
-|Indexing latency 
+|Indexing latency
 |The time taken to index the documents on the selected Elasticsearch node. Indexing latency can be affected by many factors, such as JVM Heap memory and overall load. A growing latency indicates a resource capacity shortage in the instance.
 
-|Search rate 
+|Search rate
 |The number of search requests run on the selected Elasticsearch node.
 
-|Search latency  
+|Search latency
 |The time taken to complete search requests on the selected Elasticsearch node. Search latency can be affected by many factors. A growing latency indicates a resource capacity shortage in the instance.
 
-|Documents count (with replicas) 
+|Documents count (with replicas)
 |The number of Elasticsearch documents stored on the selected Elasticsearch node, including documents stored in both the primary shards and replica shards that are allocated on the node.
 
-|Documents deleting rate 
+|Documents deleting rate
 |The number of Elasticsearch documents being deleted from any of the index shards that are allocated to the selected Elasticsearch node.
 
-|Documents merging rate 
+|Documents merging rate
 |The number of Elasticsearch documents being merged in any of index shards that are allocated to the selected Elasticsearch node.
 
 |===
 
 Elasticsearch node fielddata::
 
-link:https://www.elastic.co/guide/en/elasticsearch/reference/6.8/fielddata.html[_Fielddata_] is an Elasticsearch data structure that holds lists of terms in an index and is kept in the JVM Heap. Because fielddata building is an expensive operation, Elasticsearch caches the fielddata structures. Elasticsearch can evict a fielddata cache when the underlying index segment is deleted or merged, or if there is not enough JVM HEAP memory for all the fielddata caches. 
+link:https://www.elastic.co/guide/en/elasticsearch/reference/6.8/fielddata.html[_Fielddata_] is an Elasticsearch data structure that holds lists of terms in an index and is kept in the JVM Heap. Because fielddata building is an expensive operation, Elasticsearch caches the fielddata structures. Elasticsearch can evict a fielddata cache when the underlying index segment is deleted or merged, or if there is not enough JVM HEAP memory for all the fielddata caches.
 
 The *Logging/Elasticsearch Nodes* dashboard contains the following charts about Elasticsearch fielddata.
 
@@ -123,17 +123,17 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |===
 |Metric|Description
 
-|Fielddata memory size 
+|Fielddata memory size
 |The amount of JVM Heap used for the fielddata cache on the selected Elasticsearch node.
 
-|Fielddata evictions 
-|The number of fielddata structures that were deleted from the selected Elasticsearch node. 
+|Fielddata evictions
+|The number of fielddata structures that were deleted from the selected Elasticsearch node.
 
 |===
 
 Elasticsearch node query cache::
 
-If the data stored in the index does not change, search query results are cached in a node-level query cache for reuse by Elasticsearch. 
+If the data stored in the index does not change, search query results are cached in a node-level query cache for reuse by Elasticsearch.
 
 The *Logging/Elasticsearch Nodes* dashboard contains the following charts about the Elasticsearch node query cache.
 
@@ -142,23 +142,23 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |===
 |Metric|Description
 
-|Query cache size 
+|Query cache size
 |The total amount of memory used for the query cache for all the shards allocated to the selected Elasticsearch node.
 
-|Query cache evictions 
+|Query cache evictions
 |The number of query cache evictions on the selected Elasticsearch node.
 
-|Query cache hits 
+|Query cache hits
 |The number of query cache hits on the selected Elasticsearch node.
 
-|Query cache misses 
+|Query cache misses
 |The number of query cache misses on the selected Elasticsearch node.
 
 |===
 
 Elasticsearch index throttling::
 
-When indexing documents, Elasticsearch stores the documents in index segments, which are physical representations of the data. At the same time, Elasticsearch periodically merges smaller segments into a larger segment as a way to optimize resource use. If the indexing is faster then the ability to merge segments, the merge process does not complete quickly enough, which can lead to issues with searches and performance. To prevent this situation, Elasticsearch throttles indexing, typically by reducing the number of threads allocated to indexing down to a single thread. 
+When indexing documents, Elasticsearch stores the documents in index segments, which are physical representations of the data. At the same time, Elasticsearch periodically merges smaller segments into a larger segment as a way to optimize resource use. If the indexing is faster then the ability to merge segments, the merge process does not complete quickly enough, which can lead to issues with searches and performance. To prevent this situation, Elasticsearch throttles indexing, typically by reducing the number of threads allocated to indexing down to a single thread.
 
 The *Logging/Elasticsearch Nodes* dashboard contains the following charts about Elasticsearch index throttling.
 
@@ -167,10 +167,10 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |===
 |Metric|Description
 
-|Indexing throttling 
+|Indexing throttling
 |The amount of time that Elasticsearch has been throttling the indexing operations on the selected Elasticsearch node.
 
-|Merging throttling 
+|Merging throttling
 |The amount of time that Elasticsearch has been throttling the segment merge operations on the selected Elasticsearch node.
 
 |===
@@ -184,13 +184,13 @@ The *Logging/Elasticsearch Nodes* dashboard contains the following charts about
 |===
 |Metric|Description
 
-|Heap used 
+|Heap used
 |The amount of the total allocated JVM Heap space that is used on the selected Elasticsearch node.
 
-|GC count 
+|GC count
 |The number of garbage collection operations that have been run on the selected Elasticsearch node, by old and young garbage collection.
 
-|GC time 
+|GC time
 |The amount of time that the JVM spent running garbage collection operations on the selected Elasticsearch node, by old and young garbage collection.
 
 |===
diff --git a/modules/cluster-logging-dashboards-logging.adoc b/modules/cluster-logging-dashboards-logging.adoc
index 214d1677c6dc..d4f8f0296ddb 100644
--- a/modules/cluster-logging-dashboards-logging.adoc
+++ b/modules/cluster-logging-dashboards-logging.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-dashboards.adoc
+// * logging/log_visualization/cluster-logging-dashboards.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-dashboards-logging_{context}"]
 = About the OpenShift Logging dashboard
 
@@ -16,9 +16,9 @@ The *OpenShift Logging* dashboard contains charts that show details about your E
 |Elastic Cluster Status
 a|The current Elasticsearch status:
 
-* ONLINE - Indicates that the Elasticsearch instance is online. 
-* OFFLINE - Indicates that the Elasticsearch instance is offline. 
-	
+* ONLINE - Indicates that the Elasticsearch instance is online.
+* OFFLINE - Indicates that the Elasticsearch instance is offline.
+
 |Elastic Nodes
 |The total number of Elasticsearch nodes in the Elasticsearch instance.
 
@@ -42,7 +42,7 @@ a|The current Elasticsearch status:
 
 |Elastic Query/Fetch Latency Sum
 a|* Query latency: The average time each Elasticsearch search query takes to execute.
-* Fetch latency: The average time each Elasticsearch search query spends fetching data. 
+* Fetch latency: The average time each Elasticsearch search query spends fetching data.
 
 Fetch latency typically takes less time than query latency. If fetch latency is consistently increasing, it might indicate slow disks, data enrichment, or large requests with too many results.
 
@@ -50,7 +50,7 @@ Fetch latency typically takes less time than query latency. If fetch latency is
 |The total queries executed against the Elasticsearch instance per second for each Elasticsearch node.
 
 |CPU
-|The amount of CPU used by Elasticsearch, Fluentd, and Kibana, shown for each component. 
+|The amount of CPU used by Elasticsearch, Fluentd, and Kibana, shown for each component.
 
 |Elastic JVM Heap Used
 |The amount of JVM memory used. In a healthy cluster, the graph shows regular drops as memory is freed by JVM garbage collection.
@@ -64,8 +64,8 @@ Fetch latency typically takes less time than query latency. If fetch latency is
 |FluentD emit count
 |The total number of Fluentd messages per second for the Fluentd default output, and the retry count for the default output.
 
-|FluentD Buffer Availability
-|The percent of the Fluentd buffer that is available for chunks. A full buffer might indicate that Fluentd is not able to process the number of logs received.
+|FluentD Buffer Usage
+|The percent of the Fluentd buffer that is being used for chunks. A full buffer might indicate that Fluentd is not able to process the number of logs received.
 
 |Elastic rx bytes
 |The total number of bytes that Elasticsearch has received from FluentD, the Elasticsearch nodes, and other sources.
diff --git a/modules/cluster-logging-deploy-certificates.adoc b/modules/cluster-logging-deploy-certificates.adoc
deleted file mode 100644
index c6c25b166b50..000000000000
--- a/modules/cluster-logging-deploy-certificates.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-deploy.adoc
-
-[id="cluster-logging-deploy-certificates_{context}"]
-= Deploying custom certificates
-
-You can specify custom certificates using the following variables
-instead of relying on those generated during the deployment process. These
-certificates are used to encrypt and secure communication between a user's
-browser and Kibana. The security-related files will be generated if they are not
-supplied.
-
-[cols="3,7",options="header"]
-|===
-|File Name
-|Description
-
-|`openshift_logging_kibana_cert`
-|A browser-facing certificate for the Kibana server.
-
-|`openshift_logging_kibana_key`
-|A key to be used with the browser-facing Kibana certificate.
-
-|`openshift_logging_kibana_ca`
-|The absolute path on the control node to the CA file to use
-for the browser facing Kibana certs.
-
-|===
diff --git a/modules/cluster-logging-deploy-cli.adoc b/modules/cluster-logging-deploy-cli.adoc
index 50fa7c12deee..1f124aa1f953 100644
--- a/modules/cluster-logging-deploy-cli.adoc
+++ b/modules/cluster-logging-deploy-cli.adoc
@@ -2,207 +2,51 @@
 //
 // * logging/cluster-logging-deploying.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-deploy-cli_{context}"]
-= Installing the {logging-title} using the CLI
+= Installing the {clo} by using the CLI
 
-You can use the {product-title} CLI to install the OpenShift Elasticsearch and Red Hat OpenShift Logging Operators.
+You can use the {oc-first} to install the {clo}.
 
 .Prerequisites
 
-* Ensure that you have the necessary persistent storage for Elasticsearch. Note that each Elasticsearch node requires its own storage volume.
-+
-[NOTE]
-====
-If you use a local volume for persistent storage, do not use a raw block volume, which is described with `volumeMode: block` in the `LocalVolume` object. Elasticsearch cannot use raw block volumes.
-====
-+
-Elasticsearch is a memory-intensive application. By default, {product-title} installs three Elasticsearch nodes with memory requests and limits of 16 GB. This initial set of three {product-title} nodes might not have enough memory to run Elasticsearch within your cluster. If you experience memory issues that are related to Elasticsearch, add more Elasticsearch nodes to your cluster rather than increasing the memory on existing nodes.
-
 ifdef::openshift-origin[]
 * Ensure that you have downloaded the {cluster-manager-url-pull} as shown in _Obtaining the installation program_ in the installation documentation for your platform.
 +
 If you have the pull secret, add the `redhat-operators` catalog to the OperatorHub custom resource (CR) as shown in *Configuring {product-title} to use Red Hat Operators*.
 endif::[]
 
-.Procedure
-
-To install the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator using the CLI:
-
-. Create a namespace for the OpenShift Elasticsearch Operator.
-
-.. Create a namespace object YAML file (for example, `eo-namespace.yaml`) for the OpenShift Elasticsearch Operator:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: openshift-operators-redhat <1>
-  annotations:
-    openshift.io/node-selector: ""
-  labels:
-    openshift.io/cluster-monitoring: "true" <2>
-----
-<1> You must specify the `openshift-operators-redhat` namespace. To prevent possible conflicts with metrics, you should configure the Prometheus Cluster Monitoring stack to scrape metrics from the `openshift-operators-redhat` namespace and not the `openshift-operators` namespace. The `openshift-operators` namespace might contain community Operators, which are untrusted and could publish a metric with the same name as 
-ifdef::openshift-rosa[]
- a ROSA 
-endif::[]
-ifdef::openshift-dedicated[]
- an {product-title} 
-endif::[]
-metric, which would cause conflicts.
-<2> String. You must specify this label as shown to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
+* You have administrator permissions.
+* You have installed the {oc-first}.
 
-.. Create the namespace:
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc create -f eo-namespace.yaml
-----
-
-. Create a namespace for the Red Hat OpenShift Logging Operator:
+.Procedure
 
-.. Create a namespace object YAML file (for example, `olo-namespace.yaml`) for the Red Hat OpenShift Logging Operator:
+. Create a `Namespace` object as a YAML file:
 +
+.Example `Namespace` object
 [source,yaml]
 ----
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: openshift-logging
+  name: <name> <1>
   annotations:
     openshift.io/node-selector: ""
   labels:
     openshift.io/cluster-monitoring: "true"
 ----
+<1> You must specify `openshift-logging` as the name of the namespace for logging versions 5.7 and earlier versions. For logging 5.8 and later versions, you can use any name.
 
-.. Create the namespace:
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc create -f olo-namespace.yaml
-----
-
-. Install the OpenShift Elasticsearch Operator by creating the following objects:
-
-.. Create an Operator Group object YAML file (for example, `eo-og.yaml`) for the OpenShift Elasticsearch Operator:
-+
-[source,yaml]
-----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: openshift-operators-redhat
-  namespace: openshift-operators-redhat <1>
-spec: {}
-----
-<1> You must specify the `openshift-operators-redhat` namespace.
-
-.. Create an Operator Group object:
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc create -f eo-og.yaml
-----
-
-.. Create a Subscription object YAML file (for example, `eo-sub.yaml`) to
-subscribe a namespace to the OpenShift Elasticsearch Operator.
-+
-.Example Subscription
-[source,yaml]
-----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: "elasticsearch-operator"
-  namespace: "openshift-operators-redhat" <1>
-spec:
-  channel: "stable-5.5" <2>
-  installPlanApproval: "Automatic" <3>
-  source: "redhat-operators" <4>
-  sourceNamespace: "openshift-marketplace"
-  name: "elasticsearch-operator"
-----
-<1> You must specify the `openshift-operators-redhat` namespace.
-<2> Specify `stable`, or `stable-5.<x>` as the channel. See the following note.
-<3> `Automatic` allows the Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available. `Manual` requires a user with appropriate credentials to approve the Operator update.
-<4> Specify `redhat-operators`. If your {product-title} cluster is installed on a restricted network, also known as a disconnected cluster,
-specify the name of the CatalogSource object created when you configured the Operator Lifecycle Manager (OLM).
-+
-[NOTE]
-====
-Specifying `stable` installs the current version of the latest stable release. Using `stable` with `installPlanApproval: "Automatic"`, will automatically upgrade your operators to the latest stable major and minor release.
-
-Specifying `stable-5.<x>` installs the current minor version of a specific major release. Using `stable-5.<x>` with `installPlanApproval: "Automatic"`, will automatically upgrade your operators to the latest stable minor release within the major release you specify with `x`.
-====
-
-
-.. Create the Subscription object:
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc create -f eo-sub.yaml
-----
-+
-The OpenShift Elasticsearch Operator is installed to the `openshift-operators-redhat` namespace and copied to each project in the cluster.
-
-.. Verify the Operator installation:
+. Apply the `Namespace` object by running the following command:
 +
 [source,terminal]
 ----
-$ oc get csv --all-namespaces
+$ oc apply -f <filename>.yaml
 ----
-+
-.Example output
-[source,terminal]
-----
-NAMESPACE                                               NAME                                            DISPLAY                  VERSION               REPLACES   PHASE
-default                                                 elasticsearch-operator.5.1.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-kube-node-lease                                         elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-kube-public                                             elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-kube-system                                             elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-openshift-apiserver-operator                            elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-openshift-apiserver                                     elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-openshift-authentication-operator                       elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-openshift-authentication                                elasticsearch-operator.5.5.0-202007012112.p0    OpenShift Elasticsearch Operator   5.5.0-202007012112.p0               Succeeded
-...
-----
-+
-There should be an OpenShift Elasticsearch Operator in each namespace. The version number might be different than shown.
 
-. Install the Red Hat OpenShift Logging Operator by creating the following objects:
-
-.. Create an Operator Group object YAML file (for example, `olo-og.yaml`) for the Red Hat OpenShift Logging Operator:
+. Create an `OperatorGroup` object as a YAML file:
 +
+.Example `OperatorGroup` object
 [source,yaml]
 ----
 apiVersion: operators.coreos.com/v1
@@ -214,25 +58,18 @@ spec:
   targetNamespaces:
   - openshift-logging <1>
 ----
-<1> You must specify the `openshift-logging` namespace.
+<1> You must specify the `openshift-logging` namespace for logging versions 5.7 and older. For logging 5.8 and later versions, you can use any namespace.
 
-.. Create an Operator Group object:
+. Apply the `OperatorGroup` object by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc create -f olo-og.yaml
+$ oc apply -f <filename>.yaml
 ----
 
-.. Create a Subscription object YAML file (for example, `olo-sub.yaml`) to
-subscribe a namespace to the Red Hat OpenShift Logging Operator.
+. Create a `Subscription` object to subscribe the namespace to the {clo}:
 +
+.Example `Subscription` object
 [source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
@@ -241,176 +78,40 @@ metadata:
   name: cluster-logging
   namespace: openshift-logging <1>
 spec:
-  channel: "stable" <2>
+  channel: stable <2>
   name: cluster-logging
   source: redhat-operators <3>
   sourceNamespace: openshift-marketplace
 ----
-<1> You must specify the `openshift-logging` namespace.
-<2> Specify `stable`, or `stable-5.<x>` as the channel.
-<3> Specify `redhat-operators`. If your {product-title} cluster is installed on a restricted network, also known as a disconnected cluster, specify the name of the CatalogSource object you created when you configured the Operator Lifecycle Manager (OLM).
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc create -f olo-sub.yaml
-----
-+
-The Red Hat OpenShift Logging Operator is installed to the `openshift-logging` namespace.
+<1> You must specify the `openshift-logging` namespace for logging versions 5.7 and older. For logging 5.8 and later versions, you can use any namespace.
+<2> Specify `stable` or `stable-x.y` as the channel.
+<3> Specify `redhat-operators`. If your {product-title} cluster is installed on a restricted network, also known as a disconnected cluster, specify the name of the `CatalogSource` object you created when you configured the Operator Lifecycle Manager (OLM).
 
-.. Verify the Operator installation.
+. Apply the subscription by running the following command:
 +
-There should be a Red Hat OpenShift Logging Operator in the `openshift-logging` namespace. The Version number might be different than shown.
-+
-[source,terminal]
-----
-$ oc get csv -n openshift-logging
-----
-+
-.Example output
 [source,terminal]
 ----
-NAMESPACE                                               NAME                                         DISPLAY                  VERSION               REPLACES   PHASE
-...
-openshift-logging                                       clusterlogging.5.1.0-202007012112.p0         OpenShift Logging          5.1.0-202007012112.p0              Succeeded
-...
+$ oc apply -f <filename>.yaml
 ----
-
-. Create an OpenShift Logging instance:
-
-.. Create an instance object YAML file (for example, `olo-instance.yaml`) for the Red Hat OpenShift Logging Operator:
 +
-[NOTE]
-====
-This default OpenShift Logging configuration should support a wide array of environments. Review the topics on tuning and
-configuring {logging} components for information about modifications you can make to your OpenShift Logging cluster.
-====
-+
-[source,yaml]
-----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
-metadata:
-  name: "instance" <1>
-  namespace: "openshift-logging"
-spec:
-  managementState: "Managed"  <2>
-  logStore:
-    type: "elasticsearch"  <3>
-    retentionPolicy: <4>
-      application:
-        maxAge: 1d
-      infra:
-        maxAge: 7d
-      audit:
-        maxAge: 7d
-    elasticsearch:
-      nodeCount: 3 <5>
-      storage:
-        storageClassName: "<storage-class-name>" <6>
-        size: 200G
-      resources: <7>
-        limits:
-          memory: "16Gi"
-        requests:
-          memory: "16Gi"
-      proxy: <8>
-        resources:
-          limits:
-            memory: 256Mi
-          requests:
-             memory: 256Mi
-      redundancyPolicy: "SingleRedundancy"
-  visualization:
-    type: "kibana"  <9>
-    kibana:
-      replicas: 1
-  collection:
-    logs:
-      type: "fluentd"  <10>
-      fluentd: {} 
-----
-<1> The name must be `instance`.
-<2> The OpenShift Logging management state. In some cases, if you change the OpenShift Logging defaults, you must set this to `Unmanaged`.
-However, an unmanaged deployment does not receive updates until OpenShift Logging is placed back into a managed state. Placing a deployment back into a managed state might revert any modifications you made.
-<3> Settings for configuring Elasticsearch. Using the custom resource (CR), you can configure shard replication policy and persistent storage.
-<4> Specify the length of time that Elasticsearch should retain each log source. Enter an integer and a time designation: weeks(w), hours(h/H), minutes(m) and seconds(s). For example, `7d` for seven days. Logs older than the `maxAge` are deleted. You must specify a retention policy for each log source or the Elasticsearch indices will not be created for that source.
-<5> Specify the number of Elasticsearch nodes. See the note that follows this list.
-<6> Enter the name of an existing storage class for Elasticsearch storage. For best performance, specify a storage class that allocates block storage. If you do not specify a storage class, {product-title} deploys OpenShift Logging with ephemeral storage only.
-<7> Specify the CPU and memory requests for Elasticsearch as needed. If you leave these values blank, the OpenShift Elasticsearch Operator sets default values that are sufficient for most deployments. The default values are `16Gi` for the memory request and `1` for the CPU request.
-<8> Specify the CPU and memory requests for the Elasticsearch proxy as needed. If you leave these values blank, the OpenShift Elasticsearch Operator sets default values that should be sufficient for most deployments. The default values are  `256Mi` for the memory request and `100m` for the CPU request.
-<9> Settings for configuring Kibana. Using the CR, you can scale Kibana for redundancy and configure the CPU and memory for your Kibana pods. For more information, see *Configuring the log visualizer*.
-<10> Settings for configuring Fluentd. Using the CR, you can configure Fluentd CPU and memory limits. For more information, see *Configuring Fluentd*.
-+
-[NOTE]
-+
-====
-The maximum number of Elasticsearch control plane nodes is three. If you specify a `nodeCount` greater than `3`, {product-title} creates three Elasticsearch nodes that are Master-eligible nodes, with the master, client, and data roles. The additional Elasticsearch nodes are created as Data-only nodes, using client and data roles. Control plane nodes perform cluster-wide actions such as creating or deleting an index, shard allocation, and tracking nodes. Data nodes hold the shards and perform data-related operations such as CRUD, search, and aggregations. Data-related operations are I/O-, memory-, and CPU-intensive. It is important to monitor these resources and to add more Data nodes if the current nodes are overloaded.
+The {clo} is installed to the `openshift-logging` namespace.
 
-For example, if `nodeCount=4`, the following nodes are created:
+.Verification
 
-[source,terminal]
-----
-$ oc get deployment
-----
-
-.Example output
-[source,terminal]
-----
-cluster-logging-operator       1/1     1            1           18h
-elasticsearch-cd-x6kdekli-1    1/1     1            0           6m54s
-elasticsearch-cdm-x6kdekli-1   1/1     1            1           18h
-elasticsearch-cdm-x6kdekli-2   1/1     1            0           6m49s
-elasticsearch-cdm-x6kdekli-3   1/1     1            0           6m44s
-----
-
-The number of primary shards for the index templates is equal to the number of Elasticsearch data nodes.
-====
-
-.. Create the instance:
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
-----
-+
-For example:
+. Run the following command:
 +
 [source,terminal]
 ----
-$ oc create -f olo-instance.yaml
+$ oc get csv -n <namespace>
 ----
-+
-This creates the {logging} components, the `Elasticsearch` custom resource and components, and the Kibana interface.
 
-. Verify the installation by listing the pods in the *openshift-logging* project.
-+
-You should see several pods for components of the Logging subsystem, similar to the following list:
-+
-[source,terminal]
-----
-$ oc get pods -n openshift-logging
-----
+. Observe the output and confirm that the {clo} exists in the namespace:
 +
 .Example output
 [source,terminal]
 ----
-NAME                                            READY   STATUS    RESTARTS   AGE
-cluster-logging-operator-66f77ffccb-ppzbg       1/1     Running   0          7m
-elasticsearch-cdm-ftuhduuw-1-ffc4b9566-q6bhp    2/2     Running   0          2m40s
-elasticsearch-cdm-ftuhduuw-2-7b4994dbfc-rd2gc   2/2     Running   0          2m36s
-elasticsearch-cdm-ftuhduuw-3-84b5ff7ff8-gqnm2   2/2     Running   0          2m4s
-collector-587vb                                   1/1     Running   0          2m26s
-collector-7mpb9                                   1/1     Running   0          2m30s
-collector-flm6j                                   1/1     Running   0          2m33s
-collector-gn4rn                                   1/1     Running   0          2m26s
-collector-nlgb6                                   1/1     Running   0          2m30s
-collector-snpkt                                   1/1     Running   0          2m28s
-kibana-d6d5668c5-rppqm                          2/2     Running   0          2m39s
+NAMESPACE                                               NAME                                         DISPLAY                  VERSION               REPLACES   PHASE
+...
+openshift-logging                                       clusterlogging.5.8.0-202007012112.p0         OpenShift Logging          5.8.0-202007012112.p0              Succeeded
+...
 ----
diff --git a/modules/cluster-logging-deploy-console.adoc b/modules/cluster-logging-deploy-console.adoc
index c5af639bf08f..5353eb283e30 100644
--- a/modules/cluster-logging-deploy-console.adoc
+++ b/modules/cluster-logging-deploy-console.adoc
@@ -2,243 +2,57 @@
 //
 // * logging/cluster-logging-deploying.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-deploy-console_{context}"]
-= Installing the {logging-title} using the web console
+= Installing the {clo} by using the web console
 
-ifndef::openshift-rosa,openshift-dedicated[]
-You can use the {product-title} web console to install the OpenShift Elasticsearch and Red Hat OpenShift Logging Operators.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-You can install the OpenShift Elasticsearch and Red Hat OpenShift Logging Operators by using the {product-title} {cluster-manager-url}. 
-endif::[]
-
-[NOTE]
-====
-If you do not want to use the default Elasticsearch log store, you can remove the internal Elasticsearch `logStore` and Kibana `visualization` components from the `ClusterLogging` custom resource (CR). Removing these components is optional but saves resources. For more information, see the additional resources of this section.
-====
+You can install the {clo} by using the {product-title} web console.
 
 .Prerequisites
 
-* Ensure that you have the necessary persistent storage for Elasticsearch. Note that each Elasticsearch node
-requires its own storage volume.
-+
-[NOTE]
-====
-If you use a local volume for persistent storage, do not use a raw block volume, which is described with `volumeMode: block` in the `LocalVolume` object. Elasticsearch cannot use raw block volumes.
-====
-+
-Elasticsearch is a memory-intensive application. By default, {product-title} installs three Elasticsearch nodes with memory requests and limits of 16 GB. This initial set of three {product-title} nodes might not have enough memory to run Elasticsearch within your cluster. If you experience memory issues that are related to Elasticsearch, add more Elasticsearch nodes to your cluster rather than increasing the memory on existing nodes.
-
-ifdef::openshift-origin[]
-* Ensure that you have downloaded the {cluster-manager-url-pull} as shown in _Obtaining the installation program_ in the installation documentation for your platform.
-+
-If you have the pull secret, add the `redhat-operators` catalog to the OperatorHub custom resource (CR) as shown in _Configuring {product-title} to use Red Hat Operators_.
-endif::[]
+* You have administrator permissions.
+* You have access to the {product-title} web console.
 
 .Procedure
 
-ifndef::openshift-rosa,openshift-dedicated[]
-To install the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator by using the {product-title} web console:
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-To install the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator by using the {product-title} {cluster-manager-url}: 
-endif::[]
-
-. Install the OpenShift Elasticsearch Operator:
-
-ifndef::openshift-rosa,openshift-dedicated[]
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-.. In the {hybrid-console}, click *Operators* -> *OperatorHub*. 
-endif::[]
-
-.. Choose  *OpenShift Elasticsearch Operator* from the list of available Operators, and click *Install*.
-
-.. Ensure that the *All namespaces on the cluster* is selected under *Installation Mode*.
-
-.. Ensure that *openshift-operators-redhat* is selected under *Installed Namespace*.
-+
-You must specify the `openshift-operators-redhat` namespace. The `openshift-operators` namespace might contain Community Operators, which are untrusted and could publish a metric with the same name as 
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+. Type `OpenShift Logging` in the *Filter by keyword* box.
+. Choose  *Red Hat OpenShift Logging* from the list of available Operators, and click *Install*.
 ifdef::openshift-rosa[]
- a ROSA 
-endif::[]
-ifdef::openshift-dedicated[]
- an {product-title} 
-endif::[]
-metric, which would cause conflicts.
-
-.. Select *Enable operator recommended cluster monitoring on this namespace*.
-+
-This option sets the `openshift.io/cluster-monitoring: "true"` label in the Namespace object. You must select this option to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
-
-.. Select *stable-5.x* as the *Update Channel*.
-
-.. Select an *Approval Strategy*.
-+
-* The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
-+
-* The *Manual* strategy requires a user with appropriate credentials to approve the Operator update.
-
-.. Click *Install*.
-
-.. Verify that the OpenShift Elasticsearch Operator installed by switching to the *Operators* → *Installed Operators* page.
-
-.. Ensure that *OpenShift Elasticsearch Operator* is listed in all projects with a *Status* of *Succeeded*.
-
-. Install the Red Hat OpenShift Logging Operator:
-
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-
-.. Choose  *Red Hat OpenShift Logging* from the list of available Operators, and click *Install*.
-
-.. Ensure that the *A specific namespace on the cluster* is selected under *Installation Mode*.
-
-.. Ensure that *Operator recommended namespace* is *openshift-logging* under *Installed Namespace*.
-
-.. Select *Enable operator recommended cluster monitoring on this namespace*.
-+
-This option sets the `openshift.io/cluster-monitoring: "true"` label in the Namespace object. You must select this option to ensure that cluster monitoring scrapes the `openshift-logging` namespace.
-
-.. Select *stable-5.x* as the *Update Channel*.
-
-.. Select an *Approval Strategy*.
-+
-* The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
-+
-* The *Manual* strategy requires a user with appropriate credentials to approve the Operator update.
-
-.. Click *Install*.
-
-.. Verify that the Red Hat OpenShift Logging Operator installed by switching to the *Operators* → *Installed Operators* page.
-
-.. Ensure that *Red Hat OpenShift Logging* is listed in the *openshift-logging* project with a *Status* of *Succeeded*.
-+
-If the Operator does not appear as installed, to troubleshoot further:
-+
-* Switch to the *Operators* → *Installed Operators* page and inspect the *Status* column for any errors or failures.
-* Switch to the *Workloads* → *Pods* page and check the logs in any pods in the `openshift-logging` project that are reporting issues.
-
-. Create an OpenShift Logging instance:
-
-.. Switch to the *Administration* -> *Custom Resource Definitions* page.
-
-.. On the *Custom Resource Definitions* page, click *ClusterLogging*.
-
-.. On the *Custom Resource Definition details* page, select *View Instances* from the *Actions* menu.
-
-.. On the *ClusterLoggings* page, click *Create ClusterLogging*.
-+
-You might have to refresh the page to load the data.
-
-.. In the YAML field, replace the code with the following:
+. In the *role ARN* text field, type "no_role_arn". Although the specific ARN for the cluster is not required, the *role ARN* text field must be populated to continue the installation process.
 +
 [NOTE]
 ====
-This default OpenShift Logging configuration should support a wide array of environments. Review the topics on tuning and
-configuring {logging} components for information on modifications you can make to your OpenShift Logging cluster.
+The *role ARN* text field is only applicable for ROSA clusters with STS.
 ====
 +
-[source,yaml]
-----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogging"
-metadata:
-  name: "instance" <1>
-  namespace: "openshift-logging"
-spec:
-  managementState: "Managed"  <2>
-  logStore:
-    type: "elasticsearch"  <3>
-    retentionPolicy: <4>
-      application:
-        maxAge: 1d
-      infra:
-        maxAge: 7d
-      audit:
-        maxAge: 7d
-    elasticsearch:
-      nodeCount: 3 <5>
-      storage:
-        storageClassName: "<storage_class_name>" <6>
-        size: 200G
-      resources: <7>
-          limits:
-            memory: "16Gi"
-          requests:
-            memory: "16Gi"
-      proxy: <8>
-        resources:
-          limits:
-            memory: 256Mi
-          requests:
-            memory: 256Mi
-      redundancyPolicy: "SingleRedundancy"
-  visualization:
-    type: "kibana"  <9>
-    kibana:
-      replicas: 1
-  collection:
-    logs:
-      type: "fluentd"  <10>
-      fluentd: {}
-----
-<1> The name must be `instance`.
-<2> The OpenShift Logging management state. In some cases, if you change the OpenShift Logging defaults, you must set this to `Unmanaged`.
-However, an unmanaged deployment does not receive updates until OpenShift Logging is placed back into a managed state.
-<3> Settings for configuring Elasticsearch. Using the CR, you can configure shard replication policy and persistent storage.
-<4> Specify the length of time that Elasticsearch should retain each log source. Enter an integer and a time designation: weeks(w), hours(h/H), minutes(m) and seconds(s). For example, `7d` for seven days. Logs older than the `maxAge` are deleted. You must specify a retention policy for each log source or the Elasticsearch indices will not be created for that source.
-<5> Specify the number of Elasticsearch nodes. See the note that follows this list.
-<6> Enter the name of an existing storage class for Elasticsearch storage. For best performance, specify a storage class that allocates block storage. If you do not specify a storage class, OpenShift Logging uses ephemeral storage.
-<7> Specify the CPU and memory requests for Elasticsearch as needed. If you leave these values blank, the OpenShift Elasticsearch Operator sets default values that should be sufficient for most deployments. The default values are `16Gi` for the memory request and `1` for the CPU request.
-<8> Specify the CPU and memory requests for the Elasticsearch proxy as needed. If you leave these values blank, the OpenShift Elasticsearch Operator sets default values that should be sufficient for most deployments. The default values are `256Mi` for the memory request and `100m` for the CPU request.
-<9> Settings for configuring Kibana. Using the CR, you can scale Kibana for redundancy and configure the CPU and memory for your Kibana nodes. For more information, see *Configuring the log visualizer*.
-<10> Settings for configuring Fluentd. Using the CR, you can configure Fluentd CPU and memory limits. For more information, see *Configuring Fluentd*.
+endif::[]
+. Select *stable-5.y* as the *Update channel*.
 +
-[NOTE]
+--
+include::snippets/logging-stable-updates-snip.adoc[]
+--
 +
-====
-The maximum number of Elasticsearch control plane nodes is three. If you specify a `nodeCount` greater than `3`, {product-title} creates three Elasticsearch nodes that are Master-eligible nodes, with the master, client, and data roles. The additional Elasticsearch nodes are created as Data-only nodes, using client and data roles. Control plane nodes perform cluster-wide actions such as creating or deleting an index, shard allocation, and tracking nodes. Data nodes hold the shards and perform data-related operations such as CRUD, search, and aggregations. Data-related operations are I/O-, memory-, and CPU-intensive. It is important to monitor these resources and to add more Data nodes if the current nodes are overloaded.
+. Select a *Version*.
+. Ensure that *A specific namespace on the cluster* is selected under *Installation mode*.
+. Ensure that *Operator recommended namespace* is *openshift-logging* under *Installed Namespace*.
+. Select an *Update approval*.
+** The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
+** The *Manual* strategy requires a user with appropriate credentials to approve the Operator update.
+. Select *Enable* or *Disable* for the *Console plugin*.
+. Click *Install*.
 
-For example, if `nodeCount=4`, the following nodes are created:
+.Verification
 
-[source,terminal]
-----
-$ oc get deployment
-----
+. Verify that the *Red Hat OpenShift Logging Operator* is installed by switching to the *Operators* → *Installed Operators* page.
+. In the *Status* column, verify that you see green checkmarks with *InstallSucceeded* and the text *Up to date*.
 
-.Example output
-[source,terminal]
-----
-cluster-logging-operator       1/1     1            1           18h
-elasticsearch-cd-x6kdekli-1    0/1     1            0           6m54s
-elasticsearch-cdm-x6kdekli-1   1/1     1            1           18h
-elasticsearch-cdm-x6kdekli-2   0/1     1            0           6m49s
-elasticsearch-cdm-x6kdekli-3   0/1     1            0           6m44s
-----
-
-The number of primary shards for the index templates is equal to the number of Elasticsearch data nodes.
+[IMPORTANT]
+====
+An Operator might display a `Failed` status before the installation finishes. If the Operator install completes with an `InstallSucceeded` message, refresh the page.
 ====
 
-.. Click *Create*. This creates the {logging} components, the `Elasticsearch` custom resource and components, and the Kibana interface.
-
-. Verify the installation:
-
-.. Switch to the *Workloads* -> *Pods* page.
+If the Operator does not show as installed, choose one of the following troubleshooting options:
 
-.. Select the *openshift-logging* project.
-+
-You should see several pods for OpenShift Logging, Elasticsearch, Fluentd, and Kibana similar to the following list:
-+
-* cluster-logging-operator-cb795f8dc-xkckc
-* collector-pb2f8
-* elasticsearch-cdm-b3nqzchd-1-5c6797-67kfz
-* elasticsearch-cdm-b3nqzchd-2-6657f4-wtprv
-* elasticsearch-cdm-b3nqzchd-3-588c65-clg7g
-* fluentd-2c7dg
-* fluentd-9z7kk
-* fluentd-br7r2
-* fluentd-fn2sb
-* fluentd-zqgqx
-* kibana-7fb4fd4cc9-bvt4p
\ No newline at end of file
+* Go to the *Operators* → *Installed Operators* page, and inspect the *Status* column for any errors or failures.
+* Go to the *Workloads* → *Pods* page, and check the logs in any pods in the `openshift-logging` project that are reporting issues.
diff --git a/modules/cluster-logging-deploy-es-cli.adoc b/modules/cluster-logging-deploy-es-cli.adoc
new file mode 100644
index 000000000000..8dd631004561
--- /dev/null
+++ b/modules/cluster-logging-deploy-es-cli.adoc
@@ -0,0 +1,145 @@
+// Module included in the following assemblies:
+//
+// * logging/log_storage/installing-log-storage.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cluster-logging-deploy-es-cli_{context}"]
+= Installing the {es-op} by using the CLI
+
+You can use the {oc-first} to install the {es-op}.
+
+.Prerequisites
+
+* Ensure that you have the necessary persistent storage for Elasticsearch. Note that each Elasticsearch node requires its own storage volume.
++
+[NOTE]
+====
+If you use a local volume for persistent storage, do not use a raw block volume, which is described with `volumeMode: block` in the `LocalVolume` object. Elasticsearch cannot use raw block volumes.
+====
++
+Elasticsearch is a memory-intensive application. By default, {product-title} installs three Elasticsearch nodes with memory requests and limits of 16 GB. This initial set of three {product-title} nodes might not have enough memory to run Elasticsearch within your cluster. If you experience memory issues that are related to Elasticsearch, add more Elasticsearch nodes to your cluster rather than increasing the memory on existing nodes.
+
+ifdef::openshift-origin[]
+* Ensure that you have downloaded the {cluster-manager-url-pull} as shown in "Obtaining the installation program" in the installation documentation for your platform.
++
+If you have the pull secret, add the `redhat-operators` catalog to the `OperatorHub` custom resource (CR) as shown in *Configuring {product-title} to use Red Hat Operators*.
+endif::[]
+
+* You have administrator permissions.
+* You have installed the {oc-first}.
+
+.Procedure
+
+. Create a `Namespace` object as a YAML file:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-operators-redhat <1>
+  annotations:
+    openshift.io/node-selector: ""
+  labels:
+    openshift.io/cluster-monitoring: "true" <2>
+----
+<1> You must specify the `openshift-operators-redhat` namespace. To prevent possible conflicts with metrics, configure the Prometheus Cluster Monitoring stack to scrape metrics from the `openshift-operators-redhat` namespace and not the `openshift-operators` namespace. The `openshift-operators` namespace might contain community Operators, which are untrusted and could publish a metric with the same name as
+ifdef::openshift-rosa[]
+ a ROSA
+endif::[]
+ifdef::openshift-dedicated[]
+ an {product-title}
+endif::[]
+metric, which would cause conflicts.
+<2> String. You must specify this label as shown to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
+
+. Apply the `Namespace` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
+
+. Create an `OperatorGroup` object  as a YAML file:
++
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-operators-redhat
+  namespace: openshift-operators-redhat <1>
+spec: {}
+----
+<1> You must specify the `openshift-operators-redhat` namespace.
+
+. Apply the `OperatorGroup` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
+
+. Create a `Subscription` object to subscribe the namespace to the {es-op}:
++
+.Example Subscription
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: elasticsearch-operator
+  namespace: openshift-operators-redhat <1>
+spec:
+  channel: stable-x.y <2>
+  installPlanApproval: Automatic <3>
+  source: redhat-operators <4>
+  sourceNamespace: openshift-marketplace
+  name: elasticsearch-operator
+----
+<1> You must specify the `openshift-operators-redhat` namespace.
+<2> Specify `stable`, or `stable-x.y` as the channel. See the following note.
+<3> `Automatic` allows the Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available. `Manual` requires a user with appropriate credentials to approve the Operator update.
+<4> Specify `redhat-operators`. If your {product-title} cluster is installed on a restricted network, also known as a disconnected cluster,
+specify the name of the `CatalogSource` object created when you configured the Operator Lifecycle Manager (OLM).
++
+[NOTE]
+====
+Specifying `stable` installs the current version of the latest stable release. Using `stable` with `installPlanApproval: "Automatic"` automatically upgrades your Operators to the latest stable major and minor release.
+
+Specifying `stable-x.y` installs the current minor version of a specific major release. Using `stable-x.y` with `installPlanApproval: "Automatic"` automatically upgrades your Operators to the latest stable minor release within the major release.
+====
+
+. Apply the subscription by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
++
+The {es-op} is installed to the `openshift-operators-redhat` namespace and copied to each project in the cluster.
+
+.Verification
+
+. Run the following command:
++
+[source,terminal]
+----
+$ oc get csv -n --all-namespaces
+----
+
+. Observe the output and confirm that pods for the {es-op} exist in each namespace
++
+.Example output
+[source,terminal]
+----
+NAMESPACE                                          NAME                            DISPLAY                            VERSION          REPLACES                        PHASE
+default                                            elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+kube-node-lease                                    elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+kube-public                                        elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+kube-system                                        elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+non-destructive-test                               elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+openshift-apiserver-operator                       elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+openshift-apiserver                                elasticsearch-operator.v5.8.1   OpenShift Elasticsearch Operator   5.8.1            elasticsearch-operator.v5.8.0   Succeeded
+...
+----
diff --git a/modules/cluster-logging-deploy-label.adoc b/modules/cluster-logging-deploy-label.adoc
deleted file mode 100644
index 38a3aa28704e..000000000000
--- a/modules/cluster-logging-deploy-label.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-deploy.adoc
-
-[id="cluster-logging-deploy-label_{context}"]
-= Labeling nodes
-
-At 100 nodes or more, pre-pull the logging images from the registry. After deploying the logging pods, such as Elasticsearch and Kibana, node labeling should be done in steps of 20 nodes at a time. For example:
-
-Using a simple loop:
-
-[source,terminal]
-----
-$ while read node; do oc label nodes $node elasticsearch-fluentd=true; done < 20_fluentd.lst
-----
-
-The following also works:
-
-[source,terminal]
-----
-$ oc label nodes 10.10.0.{100..119} elasticsearch-fluentd=true
-----
-
-Labeling nodes in groups paces the daemon sets used by the {logging}, helping to avoid contention on shared resources such as the image registry.
-
-[NOTE]
-====
-Check for the occurrence of any "CrashLoopBackOff | ImagePullFailed | Error" issues.
-`oc logs <pod>`, `oc describe pod <pod>` and `oc get event` are helpful diagnostic commands.
-====
diff --git a/modules/cluster-logging-deploy-memory.adoc b/modules/cluster-logging-deploy-memory.adoc
deleted file mode 100644
index accf34ab0172..000000000000
--- a/modules/cluster-logging-deploy-memory.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-deploy.adoc
-
-[id="cluster-logging-deploy-memory_{context}"]
-= Configure memory for Elasticsearch instances
-
-By default, the amount of RAM allocated to each ES instance is 16GB. You can change this value as needed.
-
-Keep in mind that *half* of this value will be passed to the individual
-Elasticsearch pods java processes
-link:https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#_give_half_your_memory_to_lucene[heap
-size].
-
-.Procedure
-
diff --git a/modules/cluster-logging-deploy-multitenant.adoc b/modules/cluster-logging-deploy-multitenant.adoc
index 7a190bff3fc0..f66b815a31f4 100644
--- a/modules/cluster-logging-deploy-multitenant.adoc
+++ b/modules/cluster-logging-deploy-multitenant.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-deploying.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-deploy-multitenant_{context}"]
 = Allowing traffic between projects when network isolation is enabled
 
diff --git a/modules/cluster-logging-deploy-storage-considerations.adoc b/modules/cluster-logging-deploy-storage-considerations.adoc
deleted file mode 100644
index 220e59386b62..000000000000
--- a/modules/cluster-logging-deploy-storage-considerations.adoc
+++ /dev/null
@@ -1,75 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-deploy.adoc
-
-[id="cluster-logging-deploy-storage-considerations_{context}"]
-= Storage considerations for the {logging-title}
-
-////
-An Elasticsearch index is a collection of primary shards and their corresponding replica shards. This is how Elasticsearch implements high availability internally, so there is little requirement to use hardware based mirroring RAID variants. RAID 0 can still be used to increase overall disk performance.
-////
-
-A persistent volume is required for each Elasticsearch deployment configuration. On {product-title} this is achieved using persistent volume claims.
-
-[NOTE]
-====
-If you use a local volume for persistent storage, do not use a raw block volume, which is described with `volumeMode: block` in the `LocalVolume` object. Elasticsearch cannot use raw block volumes.
-====
-
-The OpenShift Elasticsearch Operator names the PVCs using the Elasticsearch resource name.
-
-////
-Below are capacity planning guidelines for {product-title} aggregate logging.
-
-*Example scenario*
-
-Assumptions:
-
-. Which application: Apache
-. Bytes per line: 256
-. Lines per second load on application: 1
-. Raw text data -> JSON
-
-Baseline (256 characters per minute -> 15KB/min)
-
-[cols="3,4",options="header"]
-|===
-|Logging pods
-|Storage Throughput
-
-|3 es
-1 kibana
-1 fluentd
-| 6 pods total: 90000 x 86400 = 7,7 GB/day
-
-|3 es
-1 kibana
-11 fluentd
-| 16 pods total: 225000 x 86400 = 24,0 GB/day
-
-|3 es
-1 kibana
-20 fluentd
-|25 pods total: 225000 x 86400 = 32,4 GB/day
-|===
-
-
-Calculating the total logging throughput and disk space required for your {product-title} cluster requires knowledge of your applications. For example, if one of your applications on average logs 10 lines-per-second, each 256 bytes-per-line, calculate per-application throughput and disk space as follows:
-
-----
- (bytes-per-line * (lines-per-second) = 2560 bytes per app per second
- (2560) * (number-of-pods-per-node,100) = 256,000 bytes per second per node
- 256k * (number-of-nodes) = total logging throughput per cluster per second
-----
-////
-
-Fluentd ships any logs from *systemd journal* and **/var/log/containers/*.log** to Elasticsearch.
-
-Elasticsearch requires sufficient memory to perform large merge operations. If it does not have enough memory, it becomes unresponsive. To avoid this problem, evaluate how much application log data you need, and allocate approximately double that amount of free storage capacity.
-
-By default, when storage capacity is 85% full, Elasticsearch stops allocating new data to the node. At 90%, Elasticsearch attempts to relocate existing shards from that node to other nodes if possible. But if no nodes have a free capacity below 85%, Elasticsearch effectively rejects creating new indices and becomes RED.
-
-[NOTE]
-====
-These low and high watermark values are Elasticsearch defaults in the current release. You can modify these default values. Although the alerts use the same default values, you cannot change these values in the alerts.
-====
diff --git a/modules/cluster-logging-deploying-about.adoc b/modules/cluster-logging-deploying-about.adoc
index 1fb3db28544e..e8d799c67bf4 100644
--- a/modules/cluster-logging-deploying-about.adoc
+++ b/modules/cluster-logging-deploying-about.adoc
@@ -3,9 +3,9 @@
 // * logging/cluster-logging-deploying-about.adoc
 // * serverless/monitor/cluster-logging-serverless.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-deploying-about_{context}"]
-= About deploying and configuring the {logging-title}
+= About deploying and configuring {logging}
 
 The {logging} is designed to be used with the default configuration, which is tuned for small to medium sized {product-title} clusters.
 
diff --git a/modules/cluster-logging-elasticsearch-audit.adoc b/modules/cluster-logging-elasticsearch-audit.adoc
index d08144f52214..217676fb9b39 100644
--- a/modules/cluster-logging-elasticsearch-audit.adoc
+++ b/modules/cluster-logging-elasticsearch-audit.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-elasticsearch.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-elasticsearch-audit_{context}"]
 = Forwarding audit logs to the log store
 
@@ -12,7 +12,7 @@ To send the audit logs to the default internal Elasticsearch log store, for exam
 
 [IMPORTANT]
 ====
-The internal {product-title} Elasticsearch log store does not provide secure storage for audit logs. Verify that the system to which you forward audit logs complies with your organizational and governmental regulations and is properly secured. The {logging-title} does not comply with those regulations.
+The internal {product-title} Elasticsearch log store does not provide secure storage for audit logs. Verify that the system to which you forward audit logs complies with your organizational and governmental regulations and is properly secured. {logging-uc} does not comply with those regulations.
 ====
 
 .Procedure
diff --git a/modules/cluster-logging-elasticsearch-exposing.adoc b/modules/cluster-logging-elasticsearch-exposing.adoc
index d8df4bfaa19b..4e02a829386c 100644
--- a/modules/cluster-logging-elasticsearch-exposing.adoc
+++ b/modules/cluster-logging-elasticsearch-exposing.adoc
@@ -2,11 +2,11 @@
 //
 // * logging/cluster-logging-elasticsearch.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-elasticsearch-exposing_{context}"]
 = Exposing the log store service as a route
 
-By default, the log store that is deployed with the {logging-title} is not accessible from outside the logging cluster. You can enable a route with re-encryption termination for external access to the log store service for those tools that access its data.
+By default, the log store that is deployed with {logging} is not accessible from outside the logging cluster. You can enable a route with re-encryption termination for external access to the log store service for those tools that access its data.
 
 Externally, you can access the log store by creating a reencrypt route, your {product-title} token and the installed log store CA certificate. Then, access a node that hosts the log store service with a cURL request that contains:
 
diff --git a/modules/cluster-logging-elasticsearch-ha.adoc b/modules/cluster-logging-elasticsearch-ha.adoc
index 779ada7aaddb..47542c99c70c 100644
--- a/modules/cluster-logging-elasticsearch-ha.adoc
+++ b/modules/cluster-logging-elasticsearch-ha.adoc
@@ -2,9 +2,9 @@
 //
 // * logging/cluster-logging-elasticsearch.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-elasticsearch-ha_{context}"]
-= Configuring replication policy for the log store 
+= Configuring replication policy for the log store
 
 You can define how Elasticsearch shards are replicated across data nodes in the cluster.
 
diff --git a/modules/cluster-logging-elasticsearch-persistent-storage-empty.adoc b/modules/cluster-logging-elasticsearch-persistent-storage-empty.adoc
index 45744345a89c..f85584454636 100644
--- a/modules/cluster-logging-elasticsearch-persistent-storage-empty.adoc
+++ b/modules/cluster-logging-elasticsearch-persistent-storage-empty.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-elasticsearch-storage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-elasticsearch-persistent-storage-empty_{context}"]
 = Configuring the log store for emptyDir storage
 
diff --git a/modules/cluster-logging-elasticsearch-retention.adoc b/modules/cluster-logging-elasticsearch-retention.adoc
index 2673a9bfe041..543d6a41bba0 100644
--- a/modules/cluster-logging-elasticsearch-retention.adoc
+++ b/modules/cluster-logging-elasticsearch-retention.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-elasticsearch.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-elasticsearch-retention_{context}"]
 = Configuring log retention time
 
@@ -19,8 +19,7 @@ Elasticsearch rolls over an index, moving the current index and creating a new i
 Elasticsearch deletes the rolled-over indices based on the retention policy you configure. If you do not create a retention policy for any log sources, logs are deleted after seven days by default.
 
 .Prerequisites
-//SME Feedback Req: There are a few instances of these for prereqs. Should OpenShift Logging here be the Red Hat OpenShift Logging Operator or the logging product name?
-* The {logging-title} and the OpenShift Elasticsearch Operator must be installed.
+* The {clo} and the {es-op} must be installed.
 
 .Procedure
 
diff --git a/modules/cluster-logging-elasticsearch-rules.adoc b/modules/cluster-logging-elasticsearch-rules.adoc
index 1e4ba49ad24e..80494cfb6ca3 100644
--- a/modules/cluster-logging-elasticsearch-rules.adoc
+++ b/modules/cluster-logging-elasticsearch-rules.adoc
@@ -1,8 +1,12 @@
-:_content-type: CONCEPT
+// Module included in the following assemblies:
+//
+// * logging/logging_alerts/default-logging-alerts.adoc
+
+:_mod-docs-content-type: REFERENCE
 [id="cluster-logging-elasticsearch-rules_{context}"]
-= About Elasticsearch alerting rules
+= Elasticsearch alerting rules
 
-You can view these alerting rules in Prometheus.
+You can view these alerting rules in the {product-title} web console.
 
 .Alerting rules
 [cols="3,6,1",options="header"]
@@ -11,7 +15,6 @@ You can view these alerting rules in Prometheus.
 |Description
 |Severity
 
-
 |`ElasticsearchClusterNotHealthy`
 |The cluster health status has been RED for at least 2 minutes. The cluster does not accept writes, shards may be missing, or the master
  node hasn't been elected yet.
diff --git a/modules/cluster-logging-elasticsearch-storage.adoc b/modules/cluster-logging-elasticsearch-storage.adoc
index b850964b9441..7aff28b14a3f 100644
--- a/modules/cluster-logging-elasticsearch-storage.adoc
+++ b/modules/cluster-logging-elasticsearch-storage.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-elasticsearch.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-elasticsearch-storage_{context}"]
 = Configuring persistent storage for the log store
 
diff --git a/modules/cluster-logging-elasticsearch-tolerations.adoc b/modules/cluster-logging-elasticsearch-tolerations.adoc
deleted file mode 100644
index e64a8339de5a..000000000000
--- a/modules/cluster-logging-elasticsearch-tolerations.adoc
+++ /dev/null
@@ -1,70 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-elasticsearch.adoc
-
-:_content-type: PROCEDURE
-[id="cluster-logging-elasticsearch-tolerations_{context}"]
-= Using tolerations to control the log store pod placement
-
-You can control which nodes the log store pods runs on and prevent
-other workloads from using those nodes by using tolerations on the pods.
-
-You apply tolerations to the log store pods through the `ClusterLogging` custom resource (CR)
-and apply taints to a node through the node specification. A taint on a node is a `key:value pair` that
-instructs the node to repel all pods that do not tolerate the taint. Using a specific `key:value` pair
-that is not on other pods ensures only the log store pods can run on that node.
-
-By default, the log store pods have the following toleration:
-
-[source,yaml]
-----
-tolerations:
-- effect: "NoExecute"
-  key: "node.kubernetes.io/disk-pressure"
-  operator: "Exists"
-----
-
-.Prerequisites
-
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
-
-.Procedure
-
-. Use the following command to add a taint to a node where you want to schedule the OpenShift Logging pods:
-+
-[source,terminal]
-----
-$ oc adm taint nodes <node-name> <key>=<value>:<effect>
-----
-+
-For example:
-+
-[source,terminal]
-----
-$ oc adm taint nodes node1 elasticsearch=node:NoExecute
-----
-+
-This example places a taint on `node1` that has key `elasticsearch`, value `node`, and taint effect `NoExecute`.
-Nodes with the `NoExecute` effect schedule only pods that match the taint and remove existing pods
-that do not match.
-
-. Edit the `logstore` section of the `ClusterLogging` CR to configure a toleration for the Elasticsearch pods:
-+
-[source,yaml]
-----
-  logStore:
-    type: "elasticsearch"
-    elasticsearch:
-      nodeCount: 1
-      tolerations:
-      - key: "elasticsearch"  <1>
-        operator: "Exists"  <2>
-        effect: "NoExecute"  <3>
-        tolerationSeconds: 6000  <4>
-----
-<1> Specify the key that you added to the node.
-<2> Specify the `Exists` operator to require a taint with the key `elasticsearch` to be present on the Node.
-<3> Specify the `NoExecute` effect.
-<4> Optionally, specify the `tolerationSeconds` parameter to set how long a pod can remain bound to a node before being evicted.
-
-This toleration matches the taint created by the `oc adm taint` command. A pod with this toleration could be scheduled onto `node1`.
diff --git a/modules/cluster-logging-eventrouter-about.adoc b/modules/cluster-logging-eventrouter-about.adoc
index 690662b9f531..edb7d8df9d32 100644
--- a/modules/cluster-logging-eventrouter-about.adoc
+++ b/modules/cluster-logging-eventrouter-about.adoc
@@ -2,11 +2,11 @@
 //
 // * logging/cluster-logging.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-eventrouter-about_{context}"]
 = About event routing
 
-The Event Router is a pod that watches {product-title} events so they can be collected by the {logging-title}.
+The Event Router is a pod that watches {product-title} events so they can be collected by {logging}.
 The Event Router collects events from all projects and writes them to `STDOUT`. Fluentd collects those events and forwards them into the {product-title} Elasticsearch instance. Elasticsearch indexes the events to the `infra` index.
 
 You must manually deploy the Event Router.
diff --git a/modules/cluster-logging-eventrouter-deploy.adoc b/modules/cluster-logging-eventrouter-deploy.adoc
index f9392832eac4..a32b4d2dc077 100644
--- a/modules/cluster-logging-eventrouter-deploy.adoc
+++ b/modules/cluster-logging-eventrouter-deploy.adoc
@@ -1,20 +1,25 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-eventrouter.adoc
+// * logging/log_collection_forwarding/cluster-logging-eventrouter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-eventrouter-deploy_{context}"]
 = Deploying and configuring the Event Router
 
 Use the following steps to deploy the Event Router into your cluster. You should always deploy the Event Router to the `openshift-logging` project to ensure it collects events from across the cluster.
 
-The following Template object creates the service account, cluster role, and cluster role binding required for the Event Router. The template also configures and deploys the Event Router pod. You can use this template without making changes, or change the deployment object CPU and memory requests.
+[NOTE]
+====
+The Event Router image is not a part of the {clo} and must be downloaded separately.
+====
+
+The following `Template` object creates the service account, cluster role, and cluster role binding required for the Event Router. The template also configures and deploys the Event Router pod. You can either use this template without making changes or edit the template to change the deployment object CPU and memory requests.
 
 .Prerequisites
 
 * You need proper permissions to create service accounts and update cluster role bindings. For example, you can run the following template with a user that has the *cluster-admin* role.
 
-* The {logging-title} must be installed.
+* The {clo} must be installed.
 
 .Procedure
 
@@ -22,8 +27,8 @@ The following Template object creates the service account, cluster role, and clu
 +
 [source,yaml]
 ----
-kind: Template
 apiVersion: template.openshift.io/v1
+kind: Template
 metadata:
   name: eventrouter-template
   annotations:
@@ -43,7 +48,7 @@ objects:
     - apiGroups: [""]
       resources: ["events"]
       verbs: ["get", "watch", "list"]
-  - kind: ClusterRoleBinding  <3>
+  - kind: ClusterRoleBinding <3>
     apiVersion: rbac.authorization.k8s.io/v1
     metadata:
       name: event-reader-binding
@@ -100,15 +105,23 @@ objects:
               volumeMounts:
               - name: config-volume
                 mountPath: /etc/eventrouter
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop: ["ALL"]
+          securityContext:
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
           volumes:
-            - name: config-volume
-              configMap:
-                name: eventrouter
+          - name: config-volume
+            configMap:
+              name: eventrouter
 parameters:
   - name: IMAGE <6>
     displayName: Image
-    value: "registry.redhat.io/openshift-logging/eventrouter-rhel8:v0.4"
-  - name: CPU  <7>
+    value: "registry.redhat.io/openshift-logging/eventrouter-rhel9:v0.4"
+  - name: CPU <7>
     displayName: CPU
     value: "100m"
   - name: MEMORY <8>
@@ -146,8 +159,8 @@ $ oc process -f eventrouter.yaml | oc apply -n openshift-logging -f -
 [source,terminal]
 ----
 serviceaccount/eventrouter created
-clusterrole.authorization.openshift.io/event-reader created
-clusterrolebinding.authorization.openshift.io/event-reader-binding created
+clusterrole.rbac.authorization.k8s.io/event-reader created
+clusterrolebinding.rbac.authorization.k8s.io/event-reader-binding created
 configmap/eventrouter created
 deployment.apps/eventrouter created
 ----
diff --git a/modules/cluster-logging-export-fields.adoc b/modules/cluster-logging-export-fields.adoc
index aed1b489be72..2a4a8dc7c96f 100644
--- a/modules/cluster-logging-export-fields.adoc
+++ b/modules/cluster-logging-export-fields.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-export-fields-about_{context}"]
 = About exporting fields
 
diff --git a/modules/cluster-logging-exported-fields-top-level-fields.adoc b/modules/cluster-logging-exported-fields-top-level-fields.adoc
index 882c12ec5bfd..bde30bebfa8f 100644
--- a/modules/cluster-logging-exported-fields-top-level-fields.adoc
+++ b/modules/cluster-logging-exported-fields-top-level-fields.adoc
@@ -9,6 +9,7 @@
 
 The top level fields may be present in every record.
 
+[discrete]
 == message
 
 The original log entry text, UTF-8 encoded. This field may be absent or empty if a non-empty `structured` field is present. See the description of `structured` for more.
@@ -17,6 +18,7 @@ The original log entry text, UTF-8 encoded. This field may be absent or empty if
 Data type:: text
 Example value:: `HAPPY`
 
+[discrete]
 == structured
 
 Original log entry as a structured object. This field may be present if the forwarder was configured to parse structured JSON logs. If the original log entry was a valid structured log, this field will contain an equivalent JSON structure. Otherwise this field will be empty or absent, and the `message` field will contain the original log message. The `structured` field can have any subfields that are included in the log message, there are no restrictions defined here.
@@ -25,6 +27,7 @@ Original log entry as a structured object. This field may be present if the forw
 Data type:: group
 Example value:: map[message:starting fluentd worker pid=21631 ppid=21618 worker=0 pid:21631 ppid:21618 worker:0]
 
+[discrete]
 == @timestamp
 
 A UTC value that marks when the log payload was created or, if the creation time is not known, when the log payload was first collected. The “@” prefix denotes a field that is reserved for a particular use. By default, most tools look for “@timestamp” with ElasticSearch.
@@ -33,6 +36,7 @@ A UTC value that marks when the log payload was created or, if the creation time
 Data type:: date
 Example value:: `2015-01-24 14:06:05.071000000 Z`
 
+[discrete]
 == hostname
 
 The name of the host where this log message originated. In a Kubernetes cluster, this is the same as `kubernetes.host`.
@@ -40,6 +44,7 @@ The name of the host where this log message originated. In a Kubernetes cluster,
 [horizontal]
 Data type:: keyword
 
+[discrete]
 == ipaddr4
 
 The IPv4 address of the source server. Can be an array.
@@ -47,6 +52,7 @@ The IPv4 address of the source server. Can be an array.
 [horizontal]
 Data type:: ip
 
+[discrete]
 == ipaddr6
 
 The IPv6 address of the source server, if available. Can be an array.
@@ -54,6 +60,7 @@ The IPv6 address of the source server, if available. Can be an array.
 [horizontal]
 Data type:: ip
 
+[discrete]
 == level
 
 The logging level from various sources, including `rsyslog(severitytext property)`, a Python logging module, and others.
@@ -80,6 +87,7 @@ Map the log levels or priorities of other logging systems to their nearest match
 Data type:: keyword
 Example value:: `info`
 
+[discrete]
 == pid
 
 The process ID of the logging entity, if available.
@@ -87,6 +95,7 @@ The process ID of the logging entity, if available.
 [horizontal]
 Data type:: keyword
 
+[discrete]
 == service
 
 The name of the service associated with the logging entity, if available. For example, syslog's `APP-NAME` and rsyslog's `programname` properties are mapped to the service field.
@@ -101,6 +110,7 @@ Optional. An operator-defined list of tags placed on each log by the collector o
 [horizontal]
 Data type:: text
 
+[discrete]
 == file
 
 The path to the log file from which the collector reads this log entry. Normally, this is a path in the `/var/log` file system of a cluster node.
@@ -108,6 +118,7 @@ The path to the log file from which the collector reads this log entry. Normally
 [horizontal]
 Data type:: text
 
+[discrete]
 == offset
 
 The offset value. Can represent bytes to the start of the log line in the file (zero- or one-based), or log line numbers (zero- or one-based), so long as the values are strictly monotonically increasing in the context of a single log file. The values are allowed to wrap, representing a new version of the log file (rotation).
diff --git a/modules/cluster-logging-feature-reference.adoc b/modules/cluster-logging-feature-reference.adoc
deleted file mode 100644
index cce9af7d6638..000000000000
--- a/modules/cluster-logging-feature-reference.adoc
+++ /dev/null
@@ -1,170 +0,0 @@
-// Module is included in the following assemblies:
-//cluster-logging-loki.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-about-vector_{context}"]
-= About Vector
-Vector is a log collector offered as an alternative to Fluentd for the {logging}.
-
-The following outputs are supported:
-
-* `elasticsearch`. An external Elasticsearch instance. The `elasticsearch` output can use a TLS connection.
-
-* `kafka`. A Kafka broker. The `kafka` output can use an unsecured or TLS connection.
-
-* `loki`. Loki, a horizontally scalable, highly available, multitenant log aggregation system.
-
-
-[id="cluster-logging-vector-enable_{context}"]
-== Enabling Vector
-Vector is not enabled by default. Use the following steps to enable Vector on your {product-title} cluster.
-
-[IMPORTANT]
-====
-Vector does not support FIPS Enabled Clusters.
-====
-
-.Prerequisites
-
-* {product-title}: 4.13
-* {logging-title-uc}: 5.4
-* FIPS disabled
-
-.Procedure
-
-. Edit the `ClusterLogging` custom resource (CR) in the `openshift-logging` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-logging edit ClusterLogging instance
-----
-
-. Add a `logging.openshift.io/preview-vector-collector: enabled` annotation to the `ClusterLogging` custom resource (CR).
-
-. Add `vector` as a collection type to the `ClusterLogging` custom resource (CR).
-
-[source,yaml]
-----
-  apiVersion: "logging.openshift.io/v1"
-  kind: "ClusterLogging"
-  metadata:
-    name: "instance"
-    namespace: "openshift-logging"
-    annotations:
-      logging.openshift.io/preview-vector-collector: enabled
-  spec:
-    collection:
-    logs:
-      type: "vector"
-      vector: {}
-----
-
-[role="_additional-resources"]
-.Additional resources
-* link:https://vector.dev/docs/about/what-is-vector/[Vector Documentation]
-
-== Collector features
-
-.Log Sources
-[options="header"]
-|===============================================================
-| Feature                   | Fluentd  | Vector
-| App container logs        | &#10003; | &#10003;
-| App-specific routing      | &#10003; | &#10003;
-| App-specific routing by namespace | &#10003; | &#10003;
-| Infra container logs      | &#10003; | &#10003;
-| Infra journal logs        | &#10003; | &#10003;
-| Kube API audit logs       | &#10003; | &#10003;
-| OpenShift API audit logs  | &#10003; | &#10003;
-| Open Virtual Network (OVN) audit logs| &#10003; | &#10003;
-|===============================================================
-
-.Outputs
-[options="header"]
-|==========================================================
-| Feature              | Fluentd  | Vector
-| Elasticsearch v5-v7  | &#10003; | &#10003;
-| Fluent forward       | &#10003; |
-| Syslog RFC3164       | &#10003; | &#10003; (Logging 5.7+)
-| Syslog RFC5424       | &#10003; | &#10003; (Logging 5.7+)
-| Kafka                | &#10003; | &#10003;
-| Cloudwatch           | &#10003; | &#10003;
-| Loki                 | &#10003; | &#10003;
-| HTTP                 | &#10003; | &#10003; (Logging 5.7+)
-|==========================================================
-
-.Authorization and Authentication
-[options="header"]
-|=================================================================
-| Feature                     | Fluentd  | Vector
-| Elasticsearch certificates  | &#10003; | &#10003;
-| Elasticsearch username / password | &#10003; | &#10003;
-| Cloudwatch keys             | &#10003; | &#10003;
-| Cloudwatch STS              | &#10003; | &#10003;
-| Kafka certificates          | &#10003; | &#10003;
-| Kafka username / password   | &#10003; | &#10003;
-| Kafka SASL                  | &#10003; | &#10003;
-| Loki bearer token           | &#10003; | &#10003;
-|=================================================================
-
-.Normalizations and Transformations
-[options="header"]
-|============================================================================
-| Feature                                | Fluentd  | Vector
-| Viaq data model - app                  | &#10003; | &#10003;
-| Viaq data model - infra                | &#10003; | &#10003;
-| Viaq data model - infra(journal)       | &#10003; | &#10003;
-| Viaq data model - Linux audit          | &#10003; | &#10003;
-| Viaq data model - kube-apiserver audit | &#10003; | &#10003;
-| Viaq data model - OpenShift API audit  | &#10003; | &#10003;
-| Viaq data model - OVN                  | &#10003; | &#10003;
-| Loglevel Normalization                 | &#10003; | &#10003;
-| JSON parsing                           | &#10003; | &#10003;
-| Structured Index                       | &#10003; | &#10003;
-| Multiline error detection              | &#10003; | &#10003;
-| Multicontainer / split indices         | &#10003; | &#10003;
-| Flatten labels                         | &#10003; | &#10003;
-| CLF static labels                      | &#10003; | &#10003;
-|============================================================================
-
-.Tuning
-[options="header"]
-|==========================================================
-| Feature                | Fluentd  | Vector
-| Fluentd readlinelimit  | &#10003; |
-| Fluentd buffer         | &#10003; |
-| - chunklimitsize       | &#10003; |
-| - totallimitsize       | &#10003; |
-| - overflowaction       | &#10003; |
-| - flushthreadcount     | &#10003; |
-| - flushmode            | &#10003; |
-| - flushinterval        | &#10003; |
-| - retrywait            | &#10003; |
-| - retrytype            | &#10003; |
-| - retrymaxinterval     | &#10003; |
-| - retrytimeout         | &#10003; |
-|==========================================================
-
-.Visibility
-[options="header"]
-|=====================================================
-| Feature         | Fluentd  | Vector
-| Metrics         | &#10003; | &#10003;
-| Dashboard       | &#10003; | &#10003;
-| Alerts          | &#10003; |
-|=====================================================
-
-.Miscellaneous
-[options="header"]
-|===========================================================
-| Feature               | Fluentd  | Vector
-| Global proxy support  | &#10003; | &#10003;
-| x86 support           | &#10003; | &#10003;
-| ARM support           | &#10003; | &#10003;
-ifndef::openshift-rosa[]
-| {ibmpowerProductName} support       | &#10003; | &#10003;
-| {ibmzProductName} support         | &#10003; | &#10003;
-endif::openshift-rosa[]
-| IPv6 support          | &#10003; | &#10003;
-| Log event buffering   | &#10003; |
-| Disconnected Cluster  | &#10003; | &#10003;
-|===========================================================
diff --git a/modules/cluster-logging-forwarding-about.adoc b/modules/cluster-logging-forwarding-about.adoc
deleted file mode 100644
index efe67f586b8f..000000000000
--- a/modules/cluster-logging-forwarding-about.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-forwarding-about_{context}"]
-= About log forwarding
-
-By default, the {logging-title} sends logs to the default internal Elasticsearch log store, defined in the `ClusterLogging` custom resource (CR). If you want to forward logs to other log aggregators, you can use the log forwarding features to send logs to specific endpoints within or outside your cluster.
diff --git a/modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc b/modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc
index 6469db82413d..5eb3143f876b 100644
--- a/modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc
+++ b/modules/cluster-logging-forwarding-json-logs-to-the-default-elasticsearch.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-forwarding-json-logs-to-the-default-elasticsearch_{context}"]
 = Forwarding JSON logs to the Elasticsearch log store
 
@@ -28,15 +28,15 @@ pipelines:
   parse: json
 ----
 
-. Optional: Use `structuredTypeKey` to specify one of the log record fields, as described in the preceding topic, xref:../logging/cluster-logging-enabling-json-logging.adoc#cluster-logging-configuration-of-json-log-data-for-default-elasticsearch_cluster-logging-enabling-json-logging[Configuring JSON log data for Elasticsearch]. Otherwise, remove this line.
+. Use `structuredTypeKey` field to specify one of the log record fields.
 
-. Optional: Use `structuredTypeName` to specify a `<name>`, as described in the preceding topic, xref:../logging/cluster-logging-enabling-json-logging.adoc#cluster-logging-configuration-of-json-log-data-for-default-elasticsearch_cluster-logging-enabling-json-logging[Configuring JSON log data for Elasticsearch]. Otherwise, remove this line.
+. Use `structuredTypeName` field to specify a name.
 +
 [IMPORTANT]
 ====
-To parse JSON logs, you must set either `structuredTypeKey` or `structuredTypeName`, or both  `structuredTypeKey` and `structuredTypeName`.
+To parse JSON logs, you must set both the `structuredTypeKey` and `structuredTypeName` fields.
 ====
-+
+
 . For `inputRefs`, specify which log types to forward by using that pipeline, such as `application,` `infrastructure`, or `audit`.
 
 . Add the `parse: json` element to pipelines.
@@ -45,10 +45,10 @@ To parse JSON logs, you must set either `structuredTypeKey` or `structuredTypeNa
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc create -f <filename>.yaml
 ----
 +
-The Red Hat OpenShift Logging Operator redeploys the Fluentd pods. However, if they do not redeploy, delete the Fluentd pods to force them to redeploy.
+The Red Hat OpenShift Logging Operator redeploys the collector pods. However, if they do not redeploy, delete the collector pods to force them to redeploy.
 +
 [source,terminal]
 ----
diff --git a/modules/cluster-logging-forwarding-lokistack.adoc b/modules/cluster-logging-forwarding-lokistack.adoc
deleted file mode 100644
index 1d9455537eac..000000000000
--- a/modules/cluster-logging-forwarding-lokistack.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-// Module is included in the following assemblies:
-//cluster-logging-loki.adoc
-:_content-type: PROCEDURE
-[id="cluster-logging-forwarding-lokistack_{context}"]
-= Forwarding logs to LokiStack
-
-To configure log forwarding to the LokiStack gateway, you must create a ClusterLogging custom resource (CR).
-
-.Prerequisites
-
-* {logging-title-uc}: 5.5 and later
-* `Loki Operator` Operator
-
-.Procedure
-
-. Create or edit a YAML file that defines the `ClusterLogging` custom resource (CR):
-
-[source,yaml]
-----
-apiVersion: logging.openshift.io/v1
-kind: ClusterLogging
-metadata:
-  name: instance
-  namespace: openshift-logging
-spec:
-  managementState: Managed
-  logStore:
-    type: lokistack
-    lokistack:
-      name: logging-loki
-  collection:
-    type: vector
-----
diff --git a/modules/cluster-logging-forwarding-separate-indices.adoc b/modules/cluster-logging-forwarding-separate-indices.adoc
index f4fae73a0eca..25382128fbe5 100644
--- a/modules/cluster-logging-forwarding-separate-indices.adoc
+++ b/modules/cluster-logging-forwarding-separate-indices.adoc
@@ -1,6 +1,7 @@
 // Module is included in the following assemblies:
-//cluster-logging-external
-:_content-type: PROCEDURE
+// * logging/log_collection_forwarding/log-forwarding
+
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-forwarding-separate-indices_{context}"]
 = Forwarding JSON logs from containers in the same pod to separate indices
 
@@ -20,7 +21,7 @@ JSON formatting of logs varies by application. Because creating too many indices
 +
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
+apiVersion: logging.openshift.io/v1
 kind: ClusterLogForwarder
 metadata:
   name: instance
@@ -28,7 +29,9 @@ metadata:
 spec:
   outputDefaults:
     elasticsearch:
-      enableStructuredContainerLogs: true <1>
+      structuredTypeKey: kubernetes.labels.logFormat <1>
+      structuredTypeName: nologformat
+      enableStructuredContainerLogs: true <2>
   pipelines:
   - inputRefs:
     - application
@@ -37,24 +40,25 @@ spec:
     - default
     parse: json
 ----
-<1> Enables multi-container outputs.
+<1> Uses the value of the key-value pair that is formed by the Kubernetes `logFormat` label.
+<2> Enables multi-container outputs.
 
 . Create or edit a YAML file that defines the `Pod` CR object:
 +
 [source,yaml]
 ----
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      annotations:
-        containerType.logging.openshift.io/heavy: heavy <1>
-        containerType.logging.openshift.io/low: low
-    spec:
-      containers:
-      - name: heavy <2>
-        image: heavyimage
-      - name: low
-        image: lowimage
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    containerType.logging.openshift.io/heavy: heavy <1>
+    containerType.logging.openshift.io/low: low
+spec:
+  containers:
+  - name: heavy <2>
+    image: heavyimage
+  - name: low
+    image: lowimage
 ----
 <1> Format: `containerType.logging.openshift.io/<container-name>: <index>`
 <2> Annotation names must match container names
diff --git a/modules/cluster-logging-json-log-forwarding.adoc b/modules/cluster-logging-json-log-forwarding.adoc
index a080fb425f25..b078b6fc1734 100644
--- a/modules/cluster-logging-json-log-forwarding.adoc
+++ b/modules/cluster-logging-json-log-forwarding.adoc
@@ -1,9 +1,9 @@
 [id="cluster-logging-json-log-forwarding_{context}"]
 = Parsing JSON logs
 
-Logs including JSON logs are usually represented as a string inside the `message` field. That makes it hard for users to query specific fields inside a JSON document. OpenShift Logging's Log Forwarding API enables you to parse JSON logs into a structured object and forward them to either OpenShift Logging-managed Elasticsearch or any other third-party system supported by the Log Forwarding API.
+You can use a `ClusterLogForwarder` object to parse JSON logs into a structured object and forward them to a supported output.
 
-To illustrate how this works, suppose that you have the following structured JSON log entry.
+To illustrate how this works, suppose that you have the following structured JSON log entry:
 
 .Example structured JSON log entry
 [source,yaml]
@@ -11,16 +11,7 @@ To illustrate how this works, suppose that you have the following structured JSO
 {"level":"info","name":"fred","home":"bedrock"}
 ----
 
-Normally, the `ClusterLogForwarder` custom resource (CR) forwards that log entry in the `message` field. The `message` field contains the JSON-quoted string equivalent of the JSON log entry, as shown in the following example.
-
-.Example `message` field
-[source,yaml]
-----
-{"message":"{\"level\":\"info\",\"name\":\"fred\",\"home\":\"bedrock\"",
- "more fields..."}
-----
-
-To enable parsing JSON log, you add `parse: json` to a pipeline in the `ClusterLogForwarder` CR, as shown in the following example.
+To enable parsing JSON log, you add `parse: json` to a pipeline in the `ClusterLogForwarder` CR, as shown in the following example:
 
 .Example snippet showing `parse: json`
 [source,yaml]
@@ -31,7 +22,7 @@ pipelines:
   parse: json
 ----
 
-When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON-structured log entry in a `structured` field, as shown in the following example. This does not modify the original `message` field.
+When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON-structured log entry in a `structured` field, as shown in the following example:
 
 .Example `structured` output containing the structured JSON log entry
 [source,yaml]
@@ -42,7 +33,5 @@ When you enable parsing JSON logs by using `parse: json`, the CR copies the JSON
 
 [IMPORTANT]
 ====
-If the log entry does not contain valid structured JSON, the `structured` field will be absent.
+If the log entry does not contain valid structured JSON, the `structured` field is absent.
 ====
-
-To enable parsing JSON logs for specific logging platforms, see xref:../logging/cluster-logging-external.adoc#cluster-logging-external[Forwarding logs to third-party systems].
diff --git a/modules/cluster-logging-json-logging-about.adoc b/modules/cluster-logging-json-logging-about.adoc
index db6c394bdc8a..2f691fdde4b6 100644
--- a/modules/cluster-logging-json-logging-about.adoc
+++ b/modules/cluster-logging-json-logging-about.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-json-logging-about_{context}"]
 = About JSON {product-title} Logging
 
diff --git a/modules/cluster-logging-kibana-scaling.adoc b/modules/cluster-logging-kibana-scaling.adoc
index 9f56f0f93f23..e2ed84ccb1f7 100644
--- a/modules/cluster-logging-kibana-scaling.adoc
+++ b/modules/cluster-logging-kibana-scaling.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-visualizer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-kibana-scaling_{context}"]
 = Scaling redundancy for the log visualizer nodes
 
@@ -10,7 +10,7 @@ You can scale the pod that hosts the log visualizer for redundancy.
 
 .Procedure
 
-. Edit the `ClusterLogging` custom resource (CR) in the `openshift-logging` project: 
+. Edit the `ClusterLogging` custom resource (CR) in the `openshift-logging` project:
 +
 [source,terminal]
 ----
@@ -31,5 +31,5 @@ spec:
       type: "kibana"
       kibana:
         replicas: 1 <1>
----- 
+----
 <1> Specify the number of Kibana nodes.
diff --git a/modules/cluster-logging-kibana-tolerations.adoc b/modules/cluster-logging-kibana-tolerations.adoc
index f74d68a9061b..a3bdb7f0f9bd 100644
--- a/modules/cluster-logging-kibana-tolerations.adoc
+++ b/modules/cluster-logging-kibana-tolerations.adoc
@@ -1,60 +1,64 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-visualizer.adoc
+// * logging/scheduling_resources/logging-taints-tolerations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-kibana-tolerations_{context}"]
 = Using tolerations to control the log visualizer pod placement
 
-You can control the node where the log visualizer pod runs and prevent
-other workloads from using those nodes by using tolerations on the pods.
-
-You apply tolerations to the log visualizer pod through the `ClusterLogging` custom resource (CR)
-and apply taints to a node through the node specification. A taint on a node is a `key:value pair` that
-instructs the node to repel all pods that do not tolerate the taint. Using a specific `key:value` pair
-that is not on other pods ensures only the Kibana pod can run on that node.
+You can use a specific key/value pair that is not on other pods to ensure that only the Kibana pod can run on the specified node.
 
 .Prerequisites
 
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
+* You have installed the {clo}, the {es-op}, and the {oc-first}.
 
 .Procedure
 
-. Use the following command to add a taint to a node where you want to schedule the log visualizer pod:
+. Add a taint to a node where you want to schedule the log visualizer pod by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm taint nodes <node-name> <key>=<value>:<effect>
+$ oc adm taint nodes <node_name> <key>=<value>:<effect>
 ----
 +
-For example:
-+
+.Example command
 [source,terminal]
 ----
 $ oc adm taint nodes node1 kibana=node:NoExecute
 ----
 +
-This example places a taint on `node1` that has key `kibana`, value `node`, and taint effect `NoExecute`.
-You must use the `NoExecute` taint effect. `NoExecute` schedules only pods that match the taint and remove existing pods
-that do not match.
+This example places a taint on `node1` that has key `kibana`, value `node`, and taint effect `NoExecute`. You must use the `NoExecute` taint effect. `NoExecute` schedules only pods that match the taint and remove existing pods that do not match.
 
 . Edit the `visualization` section of the `ClusterLogging` CR to configure a toleration for the Kibana pod:
 +
 [source,yaml]
 ----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+# ...
+spec:
+# ...
   visualization:
-    type: "kibana"
+    type: kibana
     kibana:
       tolerations:
-      - key: "kibana"  <1>
-        operator: "Exists"  <2>
-        effect: "NoExecute"  <3>
+      - key: kibana  <1>
+        operator: Exists <2>
+        effect: NoExecute <3>
         tolerationSeconds: 6000 <4>
+      resources:
+        limits:
+          memory: 2Gi
+        requests:
+          cpu: 100m
+          memory: 1Gi
+      replicas: 1
+# ...
 ----
 <1> Specify the key that you added to the node.
-<2> Specify the `Exists` operator to require the `key`/`value`/`effect` parameters to match.
+<2> Specify the `Exists` operator to require the `key`, value, and `effect` parameters to match.
 <3> Specify the `NoExecute` effect.
 <4> Optionally, specify the `tolerationSeconds` parameter to set how long a pod can remain bound to a node before being evicted.
 
-
 This toleration matches the taint created by the `oc adm taint` command. A pod with this toleration would be able to schedule onto `node1`.
diff --git a/modules/cluster-logging-log-store-status-viewing.adoc b/modules/cluster-logging-log-store-status-viewing.adoc
index bcc1ac8a83f6..2ddfdcac806b 100644
--- a/modules/cluster-logging-log-store-status-viewing.adoc
+++ b/modules/cluster-logging-log-store-status-viewing.adoc
@@ -2,19 +2,19 @@
 //
 // * logging/cluster-logging-log-store.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-log-store-comp-viewing_{context}"]
-= Viewing the status of the log store
+= Viewing the status of the Elasticsearch log store
 
-You can view the status of your log store.
+You can view the status of the Elasticsearch log store.
 
 .Prerequisites
 
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
+* The {clo} and {es-op} are installed.
 
 .Procedure
 
-. Change to the `openshift-logging` project.
+. Change to the `openshift-logging` project by running the following command:
 +
 [source,terminal]
 ----
@@ -23,7 +23,7 @@ $ oc project openshift-logging
 
 . To view the status:
 
-.. Get the name of the log store instance:
+.. Get the name of the Elasticsearch log store instance by running the following command:
 +
 [source,terminal]
 ----
@@ -37,7 +37,7 @@ NAME            AGE
 elasticsearch   5h9m
 ----
 
-.. Get the log store status:
+.. Get the Elasticsearch log store status by running the following command:
 +
 [source,terminal]
 ----
@@ -54,7 +54,7 @@ $ oc get Elasticsearch elasticsearch -n openshift-logging -o yaml
 The output includes information similar to the following:
 +
 .Example output
-[source,terminal]
+[source,yaml]
 ----
 status: <1>
   cluster: <2>
@@ -101,31 +101,29 @@ status: <1>
   shardAllocationEnabled: all
 ----
 <1> In the output, the cluster status fields appear in the `status` stanza.
-<2> The status of the log store:
+<2> The status of the Elasticsearch log store:
 +
 * The number of active primary shards.
 * The number of active shards.
 * The number of shards that are initializing.
-* The number of log store data nodes.
-* The total number of log store nodes.
+* The number of Elasticsearch log store data nodes.
+* The total number of Elasticsearch log store nodes.
 * The number of pending tasks.
-* The log store status: `green`, `red`, `yellow`.
+* The Elasticsearch log store status: `green`, `red`, `yellow`.
 * The number of unassigned shards.
-<3> Any status conditions, if present. The log store status indicates the reasons from the scheduler if a pod could not be placed. Any events related to the following conditions are shown:
-* Container Waiting for both the log store and proxy containers.
-* Container Terminated for both the log store and proxy containers.
+<3> Any status conditions, if present. The Elasticsearch log store status indicates the reasons from the scheduler if a pod could not be placed. Any events related to the following conditions are shown:
+* Container Waiting for both the Elasticsearch log store and proxy containers.
+* Container Terminated for both the Elasticsearch log store and proxy containers.
 * Pod unschedulable.
 Also, a condition is shown for a number of issues; see *Example condition messages*.
-<4> The log store nodes in the cluster, with `upgradeStatus`.
-<5> The log store client, data, and master pods in the cluster, listed under 'failed`, `notReady`, or `ready` state.
+<4> The Elasticsearch log store nodes in the cluster, with `upgradeStatus`.
+<5> The Elasticsearch log store client, data, and master pods in the cluster, listed under `failed`, `notReady`, or `ready` state.
 
 [id="cluster-logging-elasticsearch-status-message_{context}"]
 == Example condition messages
 
 The following are examples of some condition messages from the `Status` section of the Elasticsearch instance.
 
-// https://github.com/openshift/elasticsearch-operator/pull/92
-
 The following status message indicates that a node has exceeded the configured low watermark, and no shard will be allocated to this node.
 
 [source,yaml]
@@ -160,7 +158,7 @@ status:
     upgradeStatus: {}
 ----
 
-The following status message indicates that the log store node selector in the CR does not match any nodes in the cluster:
+The following status message indicates that the Elasticsearch log store node selector in the custom resource (CR) does not match any nodes in the cluster:
 
 [source,yaml]
 ----
@@ -174,7 +172,7 @@ status:
         type: Unschedulable
 ----
 
-The following status message indicates that the log store CR uses a non-existent persistent volume claim (PVC).
+The following status message indicates that the Elasticsearch log store CR uses a non-existent persistent volume claim (PVC).
 
 [source,yaml]
 ----
@@ -188,7 +186,7 @@ status:
        type:                  Unschedulable
 ----
 
-The following status message indicates that your log store cluster does not have enough nodes to support the redundancy policy.
+The following status message indicates that your Elasticsearch log store cluster does not have enough nodes to support the redundancy policy.
 
 [source,yaml]
 ----
@@ -243,5 +241,5 @@ The `reason` and `type` fields specify the type of unsupported change:
 +
 [IMPORTANT]
 ====
-If you try to configure the `ClusterLogging` custom resource (CR) to switch from ephemeral to persistent storage, the OpenShift Elasticsearch Operator creates a persistent volume claim (PVC) but does not create a persistent volume (PV). To clear the `StorageStructureChangeIgnored` status, you must revert the change to the `ClusterLogging` CR and delete the PVC.
+If you try to configure the `ClusterLogging` CR to switch from ephemeral to persistent storage, the {es-op} creates a persistent volume claim (PVC) but does not create a persistent volume (PV). To clear the `StorageStructureChangeIgnored` status, you must revert the change to the `ClusterLogging` CR and delete the PVC.
 ====
diff --git a/modules/cluster-logging-logcli-reference.adoc b/modules/cluster-logging-logcli-reference.adoc
index 272aa5886ac7..646511020a9d 100644
--- a/modules/cluster-logging-logcli-reference.adoc
+++ b/modules/cluster-logging-logcli-reference.adoc
@@ -1,6 +1,6 @@
 // Module is included in the following assemblies:
 //cluster-logging-loki.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="logging-logcli-about_{context}"]
 
 = Querying Loki
diff --git a/modules/cluster-logging-logstore-limits.adoc b/modules/cluster-logging-logstore-limits.adoc
index 5af44f66a99e..fad6536708a6 100644
--- a/modules/cluster-logging-logstore-limits.adoc
+++ b/modules/cluster-logging-logstore-limits.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-elasticsearch.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-logstore-limits_{context}"]
 = Configuring CPU and memory requests for the log store
 
diff --git a/modules/cluster-logging-logstore-tolerations.adoc b/modules/cluster-logging-logstore-tolerations.adoc
new file mode 100644
index 000000000000..3c320c73fe22
--- /dev/null
+++ b/modules/cluster-logging-logstore-tolerations.adoc
@@ -0,0 +1,116 @@
+// Module included in the following assemblies:
+//
+// * logging/scheduling_resources/logging-taints-tolerations.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cluster-logging-logstore-tolerations_{context}"]
+= Using tolerations to control log store pod placement
+
+By default, log store pods have the following toleration configurations:
+
+.Elasticsearch log store pods default tolerations
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: elasticsearch-example
+  namespace: openshift-logging
+spec:
+# ...
+  tolerations:
+  - effect: NoSchedule
+    key: node.kubernetes.io/disk-pressure
+    operator: Exists
+  - effect: NoExecute
+    key: node.kubernetes.io/not-ready
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoExecute
+    key: node.kubernetes.io/unreachable
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoSchedule
+    key: node.kubernetes.io/memory-pressure
+    operator: Exists
+# ...
+----
+
+.LokiStack log store pods default tolerations
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: lokistack-example
+  namespace: openshift-logging
+spec:
+# ...
+  tolerations:
+  - effect: NoExecute
+    key: node.kubernetes.io/not-ready
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoExecute
+    key: node.kubernetes.io/unreachable
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoSchedule
+    key: node.kubernetes.io/memory-pressure
+    operator: Exists
+# ...
+----
+
+You can configure a toleration for log store pods by adding a taint and then modifying the `tolerations` syntax in the `ClusterLogging` custom resource (CR).
+
+.Prerequisites
+
+* You have installed the {clo}.
+* You have installed the {oc-first}.
+* You have deployed an internal log store that is either Elasticsearch or LokiStack.
+
+.Procedure
+
+. Add a taint to a node where you want to schedule the {logging} pods, by running the following command:
++
+[source,terminal]
+----
+$ oc adm taint nodes <node_name> <key>=<value>:<effect>
+----
++
+.Example command
+[source,terminal]
+----
+$ oc adm taint nodes node1 lokistack=node:NoExecute
+----
++
+This example places a taint on `node1` that has key `lokistack`, value `node`, and taint effect `NoExecute`. Nodes with the `NoExecute` effect schedule only pods that match the taint and remove existing pods that do not match.
+
+. Edit the `logstore` section of the `ClusterLogging` CR to configure a toleration for the log store pods:
++
+.Example `ClusterLogging` CR
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+# ...
+spec:
+# ...
+  logStore:
+    type: lokistack
+    elasticsearch:
+      nodeCount: 1
+      tolerations:
+      - key: lokistack # <1>
+        operator: Exists # <2>
+        effect: NoExecute # <3>
+        tolerationSeconds: 6000 # <4>
+# ...
+----
+<1> Specify the key that you added to the node.
+<2> Specify the `Exists` operator to require a taint with the key `lokistack` to be present on the node.
+<3> Specify the `NoExecute` effect.
+<4> Optional: Specify the `tolerationSeconds` parameter to set how long a pod can remain bound to a node before being evicted.
+
+This toleration matches the taint created by the `oc adm taint` command. A pod with this toleration can be scheduled onto `node1`.
diff --git a/modules/cluster-logging-loki-about.adoc b/modules/cluster-logging-loki-about.adoc
deleted file mode 100644
index da91f15ee1a9..000000000000
--- a/modules/cluster-logging-loki-about.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-// Module is included in the following assemblies:
-//cluster-logging-loki.adoc
-:_content-type: CONCEPT
-[id="about-logging-loki_{context}"]
-= About the LokiStack
-
-In {logging} documentation, *LokiStack* refers to the {logging} supported combination of Loki, and web proxy with {product-title} authentication integration. LokiStack's proxy uses {product-title} authentication to enforce multi-tenancy. *Loki* refers to the log store as either the individual component or an external store.
-
-Loki is a horizontally scalable, highly available, multi-tenant log aggregation system currently offered as an alternative to Elasticsearch as a log store for the {logging}. Elasticsearch indexes incoming log records completely during ingestion. Loki only indexes a few fixed labels during ingestion, and defers more complex parsing until after the logs have been stored. This means Loki can collect logs more quickly. As with Elasticsearch, you can query Loki link:https://grafana.com/docs/loki/latest/[using JSON paths or regular expressions].
-
-[id="deployment-sizing_{context}"]
-== Deployment Sizing
-Sizing for Loki follows the format of `N<x>._<size>_` where the value `<N>` is number of instances and `<size>` specifies performance capabilities.
-
-[NOTE]
-====
-1x.extra-small is for demo purposes only, and is not supported. 
-====
-
-.Loki Sizing
-[options="header"]
-|========================================================================================
-|                              | 1x.extra-small  | 1x.small            | 1x.medium
-| *Data transfer*              | Demo use only.  | 500GB/day           | 2TB/day
-| *Queries per second (QPS)*   | Demo use only.  | 25-50 QPS at 200ms  | 25-75 QPS at 200ms
-| *Replication factor*         | None            | 2                   | 3
-| *Total CPU requests*         | 5 vCPUs         | 36 vCPUs            | 54 vCPUs
-| *Total Memory requests*      | 7.5Gi           | 63Gi                | 139Gi
-| *Total Disk requests*        | 150Gi           | 300Gi               | 450Gi
-|========================================================================================
-
-[id="CRD-API-support_{context}"]
-== Supported API Custom Resource Definitions
-LokiStack development is ongoing, not all APIs are supported currently supported.
-
-[options="header"]
-|=====================================================================
-| CustomResourceDefinition (CRD)| ApiVersion           | Support state
-| LokiStack      | lokistack.loki.grafana.com/v1       | Supported in 5.5
-| RulerConfig    | rulerconfig.loki.grafana/v1beta1    | Technology Preview
-| AlertingRule   | alertingrule.loki.grafana/v1beta1   | Technology Preview
-| RecordingRule  | recordingrule.loki.grafana/v1beta1  | Technology Preview
-|=====================================================================
-
-:FeatureName: Usage of `RulerConfig`, `AlertingRule` and `RecordingRule` custom resource definitions (CRDs).
-include::snippets/technology-preview.adoc[]
diff --git a/modules/cluster-logging-loki-deploy.adoc b/modules/cluster-logging-loki-deploy.adoc
deleted file mode 100644
index beda913b63b3..000000000000
--- a/modules/cluster-logging-loki-deploy.adoc
+++ /dev/null
@@ -1,150 +0,0 @@
-// Module is included in the following assemblies:
-//cluster-logging-loki.adoc
-:_content-type: PROCEDURE
-[id="logging-loki-deploy_{context}"]
-= Deploying the LokiStack
-
-ifndef::openshift-rosa,openshift-dedicated[]
-You can use the {product-title} web console to deploy the LokiStack.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-You can deploy the LokiStack by using the {product-title} {cluster-manager-url}.
-endif::[]
-
-.Prerequisites
-
-* {logging-title-uc} Operator 5.5 and later
-* Supported Log Store (AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation)
-
-.Procedure
-
-. Install the `Loki Operator` Operator:
-
-ifndef::openshift-rosa,openshift-dedicated[]
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-.. In the {hybrid-console}, click *Operators* -> *OperatorHub*.
-endif::[]
-
-.. Choose  *Loki Operator* from the list of available Operators, and click *Install*.
-
-.. Under *Installation Mode*, select *All namespaces on the cluster*.
-
-.. Under *Installed Namespace*, select *openshift-operators-redhat*.
-+
-You must specify the `openshift-operators-redhat` namespace. The `openshift-operators` namespace might contain Community Operators, which are untrusted and might publish a metric with the same name as
-ifndef::openshift-rosa[]
-an {product-title} metric, which would cause conflicts.
-endif::[]
-ifdef::openshift-rosa[]
-a {product-title} metric, which would cause conflicts.
-endif::[]
-
-.. Select *Enable operator recommended cluster monitoring on this namespace*.
-+
-This option sets the `openshift.io/cluster-monitoring: "true"` label in the Namespace object. You must select this option to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
-
-.. Select an *Approval Strategy*.
-+
-* The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
-+
-* The *Manual* strategy requires a user with appropriate credentials to approve the Operator update.
-
-.. Click *Install*.
-
-.. Verify that you installed the Loki Operator. Visit the *Operators* → *Installed Operators* page and look for *Loki Operator*.
-
-.. Ensure that *Loki Operator* is listed with *Status* as *Succeeded* in all the projects.
-+
-. Create a `Secret` YAML file that uses the `access_key_id` and `access_key_secret` fields to specify your AWS credentials and `bucketnames`, `endpoint` and `region` to define the object storage location. For example:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: logging-loki-s3
-  namespace: openshift-logging
-stringData:
-  access_key_id: AKIAIOSFODNN7EXAMPLE
-  access_key_secret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-  bucketnames: s3-bucket-name
-  endpoint: https://s3.eu-central-1.amazonaws.com
-  region: eu-central-1
-----
-+
-. Create the `LokiStack` custom resource:
-+
-[source,yaml]
-----
-apiVersion: loki.grafana.com/v1
-kind: LokiStack
-metadata:
-  name: logging-loki
-  namespace: openshift-logging
-spec:
-  size: 1x.small
-  storage:
-    schemas:
-    - version: v12
-      effectiveDate: "2022-06-01"
-    secret:
-      name: logging-loki-s3
-      type: s3
-  storageClassName: gp3-csi <1>
-  tenants:
-    mode: openshift-logging
-----
-<1> Or `gp2-csi`. 
-+
-.. Apply the configuration:
-+
-[source,terminal]
-----
-oc apply -f logging-loki.yaml
-----
-+
-. Create or edit a `ClusterLogging` CR:
-+
-[source,yaml]
-----
-apiVersion: logging.openshift.io/v1
-kind: ClusterLogging
-metadata:
-  name: instance
-  namespace: openshift-logging
-spec:
-  managementState: Managed
-  logStore:
-    type: lokistack
-    lokistack:
-      name: logging-loki
-  collection:
-    type: vector
-----
-+
-.. Apply the configuration:
-+
-[source,terminal]
-----
-oc apply -f cr-lokistack.yaml
-----
-+
-. Enable the RedHat OpenShift Logging Console Plugin:
-ifndef::openshift-rosa,openshift-dedicated[]
-.. In the {product-title} web console, click *Operators* -> *Installed Operators*.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-.. In the {hybrid-console}, click *Operators* -> *Installed Operators*.
-endif::[]
-.. Select the *RedHat OpenShift Logging* Operator.
-.. Under Console plugin, click *Disabled*.
-.. Select *Enable* and then *Save*. This change will restart the 'openshift-console' pods.
-.. After the pods restart, you will receive a notification that a web console update is available, prompting you to refresh.
-.. After refreshing the web console, click *Observe* from the left main menu. A new option for *Logs* will be available to you.
-
-[NOTE]
-====
-This plugin is only available on {product-title} 4.10 and later.
-====
diff --git a/modules/cluster-logging-loki-tech-preview.adoc b/modules/cluster-logging-loki-tech-preview.adoc
deleted file mode 100644
index 9ec3560ebf1d..000000000000
--- a/modules/cluster-logging-loki-tech-preview.adoc
+++ /dev/null
@@ -1,59 +0,0 @@
-// Module included in the following assemblies:
-//cluster-logging-release-notes.adoc
-
-:_content-type: PROCEDURE
-[id="cluster-logging-loki-tech-preview_{context}"]
-:FeatureName: Loki Operator
-include::snippets/technology-preview.adoc[]
-
-[id="cluster-logging-about-loki"]
-= About Loki
-
-Loki is a horizontally scalable, highly available, multi-tenant log aggregation system currently offered as an alternative to Elasticsearch as a log store for the {logging}.
-
-[role="_additional-resources"]
-.Additional resources
-* link:https://grafana.com/docs/loki/latest/[Loki Documentation]
-
-== Deploying the Lokistack
-You can use the {product-title} web console to install the Loki Operator.
-
-.Prerequisites
-
-* {product-title}: 4.13
-* {logging-title-uc}: 5.4
-
-To install the Loki Operator using the {product-title} web console:
-
-. Install the Loki Operator:
-
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-
-.. Choose  *Loki Operator* from the list of available Operators, and click *Install*.
-
-.. Under *Installation Mode*, select *All namespaces on the cluster*.
-
-.. Under *Installed Namespace*, select *openshift-operators-redhat*.
-+
-You must specify the `openshift-operators-redhat` namespace. The `openshift-operators`
-namespace might contain Community Operators, which are untrusted and could publish
-a metric with the same name as an {product-title} metric, which would cause
-conflicts.
-
-.. Select *Enable operator recommended cluster monitoring on this namespace*.
-+
-This option sets the `openshift.io/cluster-monitoring: "true"` label in the Namespace object.
-You must select this option to ensure that cluster monitoring
-scrapes the `openshift-operators-redhat` namespace.
-
-.. Select an *Approval Strategy*.
-+
-* The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
-+
-* The *Manual* strategy requires a user with appropriate credentials to approve the Operator update.
-
-.. Click *Install*.
-
-.. Verify that you installed the Loki Operator. Visit the *Operators* → *Installed Operators* page and look for "Loki Operator."
-
-.. Ensure that *Loki Operator* is listed in all the projects whose *Status* is *Succeeded*.
diff --git a/modules/cluster-logging-maintenance-support-about.adoc b/modules/cluster-logging-maintenance-support-about.adoc
deleted file mode 100644
index f71a4c5c6520..000000000000
--- a/modules/cluster-logging-maintenance-support-about.adoc
+++ /dev/null
@@ -1,14 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/config/cluster-logging-maintenance-support.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-maintenance-support-about_{context}"]
-= About unsupported configurations
-
-The supported way of configuring the {logging-title} is by configuring it using the options described in this documentation. Do not use other configurations, as they are unsupported. Configuration paradigms might change across {product-title} releases, and such cases can only be handled gracefully if all configuration possibilities are controlled. If you use configurations other than those described in this documentation, your changes will disappear because the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator reconcile any differences. The Operators reverse everything to the defined state by default and by design.
-
-[NOTE]
-====
-If you _must_ perform configurations not described in the {product-title} documentation, you _must_ set your Red Hat OpenShift Logging Operator or OpenShift Elasticsearch Operator to *Unmanaged*. An unmanaged OpenShift Logging environment is _not supported_ and does not receive updates until you return OpenShift Logging to *Managed*.
-====
diff --git a/modules/cluster-logging-maintenance-support-list.adoc b/modules/cluster-logging-maintenance-support-list.adoc
index 7cfc808389f4..d155b02edc9c 100644
--- a/modules/cluster-logging-maintenance-support-list.adoc
+++ b/modules/cluster-logging-maintenance-support-list.adoc
@@ -1,13 +1,13 @@
 // Module included in the following assemblies:
 //
-// * logging/config/cluster-logging-maintenance-support.adoc
+// * logging/cluster-logging-support.adoc
 
 [id="cluster-logging-maintenance-support-list_{context}"]
 = Unsupported configurations
 
-You must set the Red Hat OpenShift Logging Operator to the unmanaged state to modify the following components:
+You must set the Red{nbsp}Hat OpenShift Logging Operator to the `Unmanaged` state to modify the following components:
 
-* The `Elasticsearch` CR
+* The `Elasticsearch` custom resource (CR)
 
 * The Kibana deployment
 
@@ -15,9 +15,7 @@ You must set the Red Hat OpenShift Logging Operator to the unmanaged state to mo
 
 * The Fluentd daemon set
 
-You must set the OpenShift Elasticsearch Operator to the unmanaged state to modify the following component:
-
-*  the Elasticsearch deployment files.
+You must set the OpenShift Elasticsearch Operator to the `Unmanaged` state to modify the Elasticsearch deployment files.
 
 Explicitly unsupported cases include:
 
diff --git a/modules/cluster-logging-manual-rollout-rolling.adoc b/modules/cluster-logging-manual-rollout-rolling.adoc
index 3befd3648696..542e13274a2d 100644
--- a/modules/cluster-logging-manual-rollout-rolling.adoc
+++ b/modules/cluster-logging-manual-rollout-rolling.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * logging/config/cluster-logging-log-store.adoc
+// * logging/log_storage/logging-config-es-store.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-manual-rollout-rolling_{context}"]
 = Performing an Elasticsearch rolling cluster restart
 
@@ -28,7 +28,7 @@ $ oc project openshift-logging
 . Get the names of the Elasticsearch pods:
 +
 ----
-$ oc get pods -l component=elasticsearch-
+$ oc get pods -l component=elasticsearch
 ----
 
 . Scale down the collector pods so they stop sending new logs to Elasticsearch:
diff --git a/modules/cluster-logging-must-gather-about.adoc b/modules/cluster-logging-must-gather-about.adoc
index e8abfa298832..5947cf947961 100644
--- a/modules/cluster-logging-must-gather-about.adoc
+++ b/modules/cluster-logging-must-gather-about.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * logging/troubleshooting/cluster-logging-must-gather.adoc
+// * logging/cluster-logging-support.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-must-gather_{context}"]
 = About the must-gather tool
 
diff --git a/modules/cluster-logging-must-gather-collecting.adoc b/modules/cluster-logging-must-gather-collecting.adoc
index 1747f51ffa6b..dcda4bd1056c 100644
--- a/modules/cluster-logging-must-gather-collecting.adoc
+++ b/modules/cluster-logging-must-gather-collecting.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * logging/troubleshooting/cluster-logging-must-gather.adoc
+// * logging/cluster-logging-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-must-gather-collecting_{context}"]
 = Collecting OpenShift Logging data
 
diff --git a/modules/cluster-logging-release-notes-5.2.z.adoc b/modules/cluster-logging-release-notes-5.2.z.adoc
deleted file mode 100644
index 64c5227fa241..000000000000
--- a/modules/cluster-logging-release-notes-5.2.z.adoc
+++ /dev/null
@@ -1,324 +0,0 @@
-[id="cluster-logging-release-notes-5-2-10"]
-== OpenShift Logging 5.2.10
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/[ OpenShift Logging Bug Fix Release 5.2.10]]
-
-[id="openshift-logging-5-2-10-bug-fixes"]
-=== Bug fixes
-* Before this update some log forwarder outputs could re-order logs with the same time-stamp. With this update, a sequence number has been added to the log record to order entries that have matching timestamps.(https://issues.redhat.com/browse/LOG-2335[LOG-2335])
-
-* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (https://issues.redhat.com/browse/LOG-2475[LOG-2475])
-
-* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2480[LOG-2480])
-
-* Before this update, the `cluster-logging-operator` utilized cluster scoped roles and bindings to establish permissions for the Prometheus service account to scrape metrics. These permissions were only created when deploying the Operator using the console interface, and were missing when the Operator was deployed from the command line. This fixes the issue by making this role and binding namespace scoped. (https://issues.redhat.com/browse/LOG-1972[LOG-1972])
-
-
-[id="openshift-logging-5-2-10-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* link:https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
-* link:https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
-* link:https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
-* link:https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
-* link:https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
-* link:https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
-* link:https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
-* link:https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
-* link:https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
-* link:https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
-* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* link:https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
-====
-
-[id="cluster-logging-release-notes-5-2-9"]
-== OpenShift Logging 5.2.9
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/RHBA-2022:1375[RHBA-2022:1375 OpenShift Logging Bug Fix Release 5.2.9]]
-
-[id="openshift-logging-5-2-9-bug-fixes"]
-=== Bug fixes
-* Before this update, defining a toleration with no key and the existing Operator caused the Operator to be unable to complete an upgrade. With this update, this toleration no longer blocks the upgrade from completing. (link:https://issues.redhat.com/browse/LOG-2304[LOG-2304])
-
-[id="cluster-logging-release-notes-5-2-8"]
-== OpenShift Logging 5.2.8
-
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0728[RHSA-2022:0728 OpenShift Logging Bug Fix Release 5.2.8]
-
-[id="openshift-logging-5-2-8-bug-fixes"]
-=== Bug fixes
-* Before this update, if you removed OpenShift Logging from {product-title}, the web console continued displaying a link to the *Logging* page. With this update, removing or uninstalling OpenShift Logging also removes that link.(link:https://issues.redhat.com/browse/LOG-2180[LOG-2180])
-
-[id="openshift-logging-5-2-8-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28491[CVE-2020-28491]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1930423[BZ-1930423]
-* link:https://access.redhat.com/security/cve/CVE-2022-0552[CVE-2022-0552]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2052539[BG-2052539]
-====
-
-[id="cluster-logging-release-notes-5-2-7"]
-== OpenShift Logging 5.2.7
-
-This release includes link:https://access.redhat.com/errata/RHBA-2022:0478[RHBA-2022:0478 OpenShift Logging Bug Fix Release 5.2.7]
-
-[id="openshift-logging-5-2-7-bug-fixes"]
-=== Bug fixes
-* Before this update, Elasticsearch pods failed to start after updating with FIPS enabled. With this update, Elasticsearch pods start successfully. (link:https://issues.redhat.com/browse/LOG-2000[LOG-2000])
-
-* Before this update, if a persistent volume claim (PVC) already existed, Elasticsearch generated an error, "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." With this update, Elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2118[LOG-2118])
-
-[id="openshift-logging-5-2-7-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
-* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
-* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
-* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
-* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
-* link:https://access.redhat.com/security/cve/CVE-2021-4155[CVE-2021-4155]
-* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
-* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
-* link:https://access.redhat.com/security/cve/CVE-2022-0185[CVE-2022-0185]
-====
-
-[id="cluster-logging-release-notes-5-2-6"]
-== OpenShift Logging 5.2.6
-
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0230[RHSA-2022:0230 OpenShift Logging Bug Fix Release 5.2.6]
-
-[id="openshift-logging-5-2-6-bug-fixes"]
-=== Bug fixes
-* Before this update, the release did not include a filter change which caused fluentd to crash. With this update, the missing filter has been corrected. (link:https://issues.redhat.com/browse/LOG-2104[LOG-2104])
-
-* This update changes the log4j dependency to 2.17.1 to resolve link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832].(link:https://issues.redhat.com/browse/LOG-2101[LOG-2101])
-
-[id="openshift-logging-5-2-6-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-27292[CVE-2021-27292]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1940613[BZ-1940613]
-* link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2035951[BZ-2035951]
-====
-
-[id="cluster-logging-release-notes-5-2-5"]
-== OpenShift Logging 5.2.5
-
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0043[RHSA-2022:0043 OpenShift Logging Bug Fix Release 5.2.5]
-
-[id="openshift-logging-5-2-5-bug-fixes"]
-=== Bug fixes
-* Before this update, Elasticsearch rejected logs from the Event Router due to a parsing error. This update changes the data model to resolve the parsing error. However, as a result, previous indices might cause warnings or errors within Kibana. The `kubernetes.event.metadata.resourceVersion` field causes errors until existing indices are removed or reindexed. If this field is not used in Kibana, you can ignore the error messages. If you have a retention policy that deletes old indices, the policy eventually removes the old indices and stops the error messages. Otherwise, manually reindex to stop the error messages. link:https://issues.redhat.com/browse/LOG-2087[LOG-2087])
-
-
-[id="openshift-logging-5-2-5-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-3712[CVE-2021-3712]
-* link:https://access.redhat.com/security/cve/CVE-2021-20321[CVE-2021-20321]
-* link:https://access.redhat.com/security/cve/CVE-2021-42574[CVE-2021-42574]
-* link:https://access.redhat.com/security/cve/CVE-2021-45105[CVE-2021-45105]
-====
-
-[id="cluster-logging-release-notes-5-2-4"]
-== OpenShift Logging 5.2.4
-
-This release includes link:https://access.redhat.com/errata/RHSA-2021:5127[RHSA-2021:5127 OpenShift Logging Bug Fix Release 5.2.4]
-
-[id="openshift-logging-5-2-4-bug-fixes"]
-=== Bug fixes
-
-* Before this update records shipped via syslog would serialize a ruby hash encoding key/value pairs to contain a '=>' character, as well as replace tabs with "#11".  This update serializes the message correctly as proper JSON. (link:https://issues.redhat.com/browse/LOG-1775[LOG-1775])
-
-* Before this update, the Elasticsearch Prometheus exporter plugin compiled index-level metrics using a high-cost query that impacted the Elasticsearch node performance. This update implements a lower-cost query that improves performance. (link:https://issues.redhat.com/browse/LOG-1970[LOG-1970])
-
-* Before this update, Elasticsearch sometimes rejected messages when Log Forwarding was configured with multiple outputs. This happened because configuring one of the outputs modified message content to be a single message. With this update, Log Forwarding duplicates the messages for each output so that output-specific processing does not affect the other outputs. (link:https://issues.redhat.com/browse/LOG-1824[LOG-1824])
-
-
-[id="openshift-logging-5-2-4-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3712.html[CVE-2021-3712]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20317.html[CVE-2021-20317]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-21409.html[CVE-2021-21409]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37136.html[CVE-2021-37136]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37137.html[CVE-2021-37137]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43267.html[CVE-2021-43267]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43527.html[CVE-2021-43527]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-44228.html[CVE-2021-44228]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-45046.html[CVE-2021-45046]
-====
-
-[id="cluster-logging-release-notes-5-2-3"]
-== OpenShift Logging 5.2.3
-
-This release includes link:https://access.redhat.com/errata/RHSA-2021:4032[RHSA-2021:4032 OpenShift Logging Bug Fix Release 5.2.3]
-
-[id="openshift-logging-5-2-3-bug-fixes"]
-=== Bug fixes
-
-* Before this update, some alerts did not include a namespace label. This omission doesn't comply with the OpenShift Monitoring Team's guidelines for writing alerting rules in OpenShift. With this update, all the alerts in Elasticsearch Operator include a namespace label and follow all the guidelines for writing alerting rules in OpenShift.(link:https://issues.redhat.com/browse/LOG-1857[LOG-1857])
-
-* Before this update, a regression introduced in a prior release intentionally disabled JSON message parsing. This update re-enables JSON parsing. It also sets the log entry "level" based on the "level" field in parsed JSON message or by using regex to extract a match from a message field. (link:https://issues.redhat.com/browse/LOG-1759[LOG-1759])
-
-[id="openshift-logging-5-2-3-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-23369[CVE-2021-23369]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1948761[BZ-1948761]
-* link:https://access.redhat.com/security/cve/CVE-2021-23383[CVE-2021-23383]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1956688[BZ-1956688]
-* link:https://access.redhat.com/security/cve/CVE-2018-20673[CVE-2018-20673]
-* link:https://access.redhat.com/security/cve/CVE-2019-5827[CVE-2019-5827]
-* link:https://access.redhat.com/security/cve/CVE-2019-13750[CVE-2019-13750]
-* link:https://access.redhat.com/security/cve/CVE-2019-13751[CVE-2019-13751]
-* link:https://access.redhat.com/security/cve/CVE-2019-17594[CVE-2019-17594]
-* link:https://access.redhat.com/security/cve/CVE-2019-17595[CVE-2019-17595]
-* link:https://access.redhat.com/security/cve/CVE-2019-18218[CVE-2019-18218]
-* link:https://access.redhat.com/security/cve/CVE-2019-19603[CVE-2019-19603]
-* link:https://access.redhat.com/security/cve/CVE-2019-20838[CVE-2019-20838]
-* link:https://access.redhat.com/security/cve/CVE-2020-12762[CVE-2020-12762]
-* link:https://access.redhat.com/security/cve/CVE-2020-13435[CVE-2020-13435]
-* link:https://access.redhat.com/security/cve/CVE-2020-14155[CVE-2020-14155]
-* link:https://access.redhat.com/security/cve/CVE-2020-16135[CVE-2020-16135]
-* link:https://access.redhat.com/security/cve/CVE-2020-24370[CVE-2020-24370]
-* link:https://access.redhat.com/security/cve/CVE-2021-3200[CVE-2021-3200]
-* link:https://access.redhat.com/security/cve/CVE-2021-3426[CVE-2021-3426]
-* link:https://access.redhat.com/security/cve/CVE-2021-3445[CVE-2021-3445]
-* link:https://access.redhat.com/security/cve/CVE-2021-3572[CVE-2021-3572]
-* link:https://access.redhat.com/security/cve/CVE-2021-3580[CVE-2021-3580]
-* link:https://access.redhat.com/security/cve/CVE-2021-3778[CVE-2021-3778]
-* link:https://access.redhat.com/security/cve/CVE-2021-3796[CVE-2021-3796]
-* link:https://access.redhat.com/security/cve/CVE-2021-3800[CVE-2021-3800]
-* link:https://access.redhat.com/security/cve/CVE-2021-20231[CVE-2021-20231]
-* link:https://access.redhat.com/security/cve/CVE-2021-20232[CVE-2021-20232]
-* link:https://access.redhat.com/security/cve/CVE-2021-20266[CVE-2021-20266]
-* link:https://access.redhat.com/security/cve/CVE-2021-22876[CVE-2021-22876]
-* link:https://access.redhat.com/security/cve/CVE-2021-22898[CVE-2021-22898]
-* link:https://access.redhat.com/security/cve/CVE-2021-22925[CVE-2021-22925]
-* link:https://access.redhat.com/security/cve/CVE-2021-23840[CVE-2021-23840]
-* link:https://access.redhat.com/security/cve/CVE-2021-23841[CVE-2021-23841]
-* link:https://access.redhat.com/security/cve/CVE-2021-27645[CVE-2021-27645]
-* link:https://access.redhat.com/security/cve/CVE-2021-28153[CVE-2021-28153]
-* link:https://access.redhat.com/security/cve/CVE-2021-33560[CVE-2021-33560]
-* link:https://access.redhat.com/security/cve/CVE-2021-33574[CVE-2021-33574]
-* link:https://access.redhat.com/security/cve/CVE-2021-35942[CVE-2021-35942]
-* link:https://access.redhat.com/security/cve/CVE-2021-36084[CVE-2021-36084]
-* link:https://access.redhat.com/security/cve/CVE-2021-36085[CVE-2021-36085]
-* link:https://access.redhat.com/security/cve/CVE-2021-36086[CVE-2021-36086]
-* link:https://access.redhat.com/security/cve/CVE-2021-36087[CVE-2021-36087]
-====
-
-[id="cluster-logging-release-notes-5-2-2"]
-== OpenShift Logging 5.2.2
-
-This release includes link:https://access.redhat.com/errata/RHBA-2021:3747[RHBA-2021:3747 OpenShift Logging Bug Fix Release 5.2.2]
-
-[id="openshift-logging-5-2-2-bug-fixes"]
-=== Bug fixes
-
-* Before this update, the `ClusterLogging` custom resource (CR) applied the value of the `totalLimitSize` field to the Fluentd `total_limit_size` field, even if the required buffer space was not available. With this update, the CR applies the lesser of the two `totalLimitSize` or 'default' values to the Fluentd `total_limit_size` field, resolving the issue.(link:https://issues.redhat.com/browse/LOG-1738[LOG-1738])
-
-* Before this update, a regression introduced in a prior release configuration caused the collector to flush its buffered messages before shutdown, creating a delay the termination and restart of collector Pods. With this update, fluentd no longer flushes buffers at shutdown, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1739[LOG-1739])
-
-* Before this update, an issue in the bundle manifests prevented installation of the Elasticsearch operator through OLM on OpenShift 4.9. With this update, a correction to bundle manifests re-enables installs and upgrades in 4.9.(link:https://issues.redhat.com/browse/LOG-1780[LOG-1780])
-
-[id="openshift-logging-5-2-2-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2020-25648.html[CVE-2020-25648]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22922.html[CVE-2021-22922]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22923.html[CVE-2021-22923]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22924.html[CVE-2021-22924]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36222.html[CVE-2021-36222]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37576.html[CVE-2021-37576]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37750.html[CVE-2021-37750]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-38201.html[CVE-2021-38201]
-====
-
-[id="cluster-logging-release-notes-5-2-1"]
-== OpenShift Logging 5.2.1
-
-This release includes link:https://access.redhat.com/errata/RHBA-2021:3550[RHBA-2021:3550 OpenShift Logging Bug Fix Release 5.2.1]
-
-[id="openshift-logging-5-2-1-bug-fixes"]
-=== Bug fixes
-
-* Before this update, due to an issue in the release pipeline scripts, the value of the `olm.skipRange` field remained unchanged at `5.2.0` instead of reflecting the current release number. This update fixes the pipeline scripts to update the value of this field when the release numbers change. (link:https://issues.redhat.com/browse/LOG-1743[LOG-1743])
-
-[id="openshift-logging-5-2-1-CVEs"]
-=== CVEs
-
-(None)
diff --git a/modules/cluster-logging-release-notes-5.3.z.adoc b/modules/cluster-logging-release-notes-5.3.z.adoc
deleted file mode 100644
index 01db62341b9a..000000000000
--- a/modules/cluster-logging-release-notes-5.3.z.adoc
+++ /dev/null
@@ -1,247 +0,0 @@
-//Z-stream Release Notes by Version
-[id="cluster-logging-release-notes-5-3-7"]
-== OpenShift Logging 5.3.7
-This release includes link:https://access.redhat.com/errata/RHSA-2022:2217[RHSA-2022:2217 OpenShift Logging Bug Fix Release 5.3.7]
-
-[id="openshift-logging-5-3-7-bug-fixes"]
-=== Bug fixes
-* Before this update, Linux audit log time parsing relied on an ordinal position of key/value pair. This update changes the parsing to utilize a regex to find the time entry. (https://issues.redhat.com/browse/LOG-2322[LOG-2322])
-
-* * Before this update some log forwarder outputs could re-order logs with the same time-stamp. With this update, a sequence number has been added to the log record to order entries that have matching timestamps. (https://issues.redhat.com/browse/LOG-2334[LOG-2334])
-
-* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue. (https://issues.redhat.com/browse/LOG-2450[LOG-2450])
-
-* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2481[LOG-2481)])
-
-=== CVEs
-[id="openshift-logging-5-3-7-CVEs"]
-.Click to expand CVEs
-[%collapsible]
-====
-* https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
-* https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
-* https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
-* https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
-* https://access.redhat.com/security/cve/CVE-2022-0759[CVE-2022-0759]
-* https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
-* https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
-* https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
-* https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
-* https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
-* https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
-* https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
-* https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
-====
-
-[id="cluster-logging-release-notes-5-3-6"]
-== OpenShift Logging 5.3.6
-This release includes link:https://access.redhat.com/errata/RHBA-2022:1377[RHBA-2022:1377 OpenShift Logging Bug Fix Release 5.3.6]
-
-[id="openshift-logging-5-3-6-bug-fixes"]
-=== Bug fixes
-* Before this update, defining a toleration with no key and the existing Operator caused the Operator to be unable to complete an upgrade. With this update, this toleration no longer blocks the upgrade from completing. (link:https://issues.redhat.com/browse/LOG-2126[LOG-2126])
-
-* Before this change, it was possible for the collector to generate a warning where the chunk byte limit was exceeding an emitted event. With this change, you can tune the readline limit to resolve the issue as advised by the upstream documentation. (link:https://issues.redhat.com/browse/LOG-2380[LOG-2380])
-
-[id="cluster-logging-release-notes-5-3-5"]
-== OpenShift Logging 5.3.5
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0721[RHSA-2022:0721 OpenShift Logging Bug Fix Release 5.3.5]
-
-[id="openshift-logging-5-3-5-bug-fixes"]
-=== Bug fixes
-* Before this update, if you removed OpenShift Logging from {product-title}, the web console continued displaying a link to the *Logging* page. With this update, removing or uninstalling OpenShift Logging also removes that link. (link:https://issues.redhat.com/browse/LOG-2182[LOG-2182])
-
-=== CVEs
-[id="openshift-logging-5-3-5-CVEs"]
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28491[CVE-2020-28491]
-* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
-* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
-* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
-* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
-* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
-* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
-* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
-* link:https://access.redhat.com/security/cve/CVE-2022-0552[CVE-2022-0552]
-====
-
-[id="cluster-logging-release-notes-5-3-4"]
-== OpenShift Logging 5.3.4
-[role="_abstract"]
-This release includes link:https://access.redhat.com/errata/RHBA-2022:0411[RHBA-2022:0411 OpenShift Logging Bug Fix Release 5.3.4]
-
-[id="openshift-logging-5-3-4-bug-fixes"]
-=== Bug fixes
-*  Before this update, changes to the metrics dashboards had not yet been deployed because the `cluster-logging-operator` did not correctly compare existing and desired config maps that contained the dashboard.  This update fixes the logic by adding a unique hash value to the object labels. (link:https://issues.redhat.com/browse/LOG-2066[LOG-2066])
-
-* Before this update, Elasticsearch pods failed to start after updating with FIPS enabled. With this update, Elasticsearch pods start successfully. (link:https://issues.redhat.com/browse/LOG-1974[LOG-1974])
-
-* Before this update, elasticsearch generated the error "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." if the PVC already existed. With this update, elasticsearch checks for existing PVCs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2127[LOG-2127])
-
-=== CVEs
-[id="openshift-logging-5-3-4-CVEs"]
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-3521[CVE-2021-3521]
-* link:https://access.redhat.com/security/cve/CVE-2021-3872[CVE-2021-3872]
-* link:https://access.redhat.com/security/cve/CVE-2021-3984[CVE-2021-3984]
-* link:https://access.redhat.com/security/cve/CVE-2021-4019[CVE-2021-4019]
-* link:https://access.redhat.com/security/cve/CVE-2021-4122[CVE-2021-4122]
-* link:https://access.redhat.com/security/cve/CVE-2021-4155[CVE-2021-4155]
-* link:https://access.redhat.com/security/cve/CVE-2021-4192[CVE-2021-4192]
-* link:https://access.redhat.com/security/cve/CVE-2021-4193[CVE-2021-4193]
-* link:https://access.redhat.com/security/cve/CVE-2022-0185[CVE-2022-0185]
-* link:https://access.redhat.com/security/cve/CVE-2022-21248[CVE-2022-21248]
-* link:https://access.redhat.com/security/cve/CVE-2022-21277[CVE-2022-21277]
-* link:https://access.redhat.com/security/cve/CVE-2022-21282[CVE-2022-21282]
-* link:https://access.redhat.com/security/cve/CVE-2022-21283[CVE-2022-21283]
-* link:https://access.redhat.com/security/cve/CVE-2022-21291[CVE-2022-21291]
-* link:https://access.redhat.com/security/cve/CVE-2022-21293[CVE-2022-21293]
-* link:https://access.redhat.com/security/cve/CVE-2022-21294[CVE-2022-21294]
-* link:https://access.redhat.com/security/cve/CVE-2022-21296[CVE-2022-21296]
-* link:https://access.redhat.com/security/cve/CVE-2022-21299[CVE-2022-21299]
-* link:https://access.redhat.com/security/cve/CVE-2022-21305[CVE-2022-21305]
-* link:https://access.redhat.com/security/cve/CVE-2022-21340[CVE-2022-21340]
-* link:https://access.redhat.com/security/cve/CVE-2022-21341[CVE-2022-21341]
-* link:https://access.redhat.com/security/cve/CVE-2022-21360[CVE-2022-21360]
-* link:https://access.redhat.com/security/cve/CVE-2022-21365[CVE-2022-21365]
-* link:https://access.redhat.com/security/cve/CVE-2022-21366[CVE-2022-21366]
-====
-
-[id="cluster-logging-release-notes-5-3-3"]
-== OpenShift Logging 5.3.3
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0227[RHSA-2022:0227 OpenShift Logging Bug Fix Release 5.3.3]
-
-[id="openshift-logging-5-3-3-bug-fixes"]
-=== Bug fixes
-* Before this update, changes to the metrics dashboards had not yet been deployed because the cluster-logging-operator did not correctly compare existing and desired configmaps containing the dashboard. This update fixes the logic by adding a dashboard unique hash value to the object labels.(link:https://issues.redhat.com/browse/LOG-2066[LOG-2066])
-
-* This update changes the log4j dependency to 2.17.1 to resolve link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832].(link:https://issues.redhat.com/browse/LOG-2102[LOG-2102])
-
-=== CVEs
-[id="openshift-logging-5-3-3-CVEs"]
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-27292[CVE-2021-27292]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1940613[BZ-1940613]
-* link:https://access.redhat.com/security/cve/CVE-2021-44832[CVE-2021-44832]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2035951[BZ-2035951]
-====
-
-[id="cluster-logging-release-notes-5-3-2"]
-== OpenShift Logging 5.3.2
-This release includes link:https://access.redhat.com/errata/RHSA-2022:0044[RHSA-2022:0044 OpenShift Logging Bug Fix Release 5.3.2]
-
-[id="openshift-logging-5-3-2-bug-fixes"]
-=== Bug fixes
-* Before this update, Elasticsearch rejected logs from the Event Router due to a parsing error. This update changes the data model to resolve the parsing error. However, as a result, previous indices might cause warnings or errors within Kibana. The `kubernetes.event.metadata.resourceVersion` field causes errors until existing indices are removed or reindexed. If this field is not used in Kibana, you can ignore the error messages. If you have a retention policy that deletes old indices, the policy eventually removes the old indices and stops the error messages. Otherwise, manually reindex to stop the error messages. (link:https://issues.redhat.com/browse/LOG-2087[LOG-2087])
-
-* Before this update, the OpenShift Logging Dashboard displayed the wrong pod namespace in the table that displays top producing and collected containers over the last 24 hours. With this update, the OpenShift Logging Dashboard displays the correct pod namespace. (link:https://issues.redhat.com/browse/LOG-2051[LOG-2051])
-
-* Before this update, if `outputDefaults.elasticsearch.structuredTypeKey` in the `ClusterLogForwarder` custom resource (CR) instance did not have a structured key, the CR replaced the output secret with the default secret used to communicate to the default log store. With this update, the defined output secret is correctly used. (link:https://issues.redhat.com/browse/LOG-2046[LOG-2046])
-
-[id="openshift-logging-5-3-2-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* https://access.redhat.com/security/cve/CVE-2020-36327[CVE-2020-36327]
-** https://bugzilla.redhat.com/show_bug.cgi?id=1958999[BZ-1958999]
-* https://access.redhat.com/security/cve/CVE-2021-45105[CVE-2021-45105]
-** https://bugzilla.redhat.com/show_bug.cgi?id=2034067[BZ-2034067]
-* https://access.redhat.com/security/cve/CVE-2021-3712[CVE-2021-3712]
-* https://access.redhat.com/security/cve/CVE-2021-20321[CVE-2021-20321]
-* https://access.redhat.com/security/cve/CVE-2021-42574[CVE-2021-42574]
-====
-
-[id="cluster-logging-release-notes-5-3-1"]
-== OpenShift Logging 5.3.1
-This release includes link:https://access.redhat.com/errata/RHSA-2021:5129[RHSA-2021:5129 OpenShift Logging Bug Fix Release 5.3.1]
-
-[id="openshift-logging-5-3-1-bug-fixes"]
-=== Bug fixes
-* Before this update, the Fluentd container image included builder tools that were unnecessary at run time. This update removes those tools from the image. (link:https://issues.redhat.com/browse/LOG-1998[LOG-1998])
-
-* Before this update, the Logging dashboard displayed an empty CPU graph because of a reference to an invalid metric. With this update, the Logging dashboard displays CPU graphs correctly. (link:https://issues.redhat.com/browse/LOG-1925[LOG-1925])
-
-* Before this update, the Elasticsearch Prometheus exporter plugin compiled index-level metrics using a high-cost query that impacted the Elasticsearch node performance. This update implements a lower-cost query that improves performance. (link:https://issues.redhat.com/browse/LOG-1897[LOG-1897])
-
-
-[id="openshift-logging-5-3-1-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://www.redhat.com/security/data/cve/CVE-2021-21409.html[CVE-2021-21409]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=1944888[BZ-1944888]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37136.html[CVE-2021-37136]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2004133[BZ-2004133]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-37137.html[CVE-2021-37137]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2004135[BZ-2004135]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-44228.html[CVE-2021-44228]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2030932[BZ-2030932]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25009.html[CVE-2018-25009]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25010.html[CVE-2018-25010]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25012.html[CVE-2018-25012]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25013.html[CVE-2018-25013]
-* link:https://www.redhat.com/security/data/cve/CVE-2018-25014.html[CVE-2018-25014]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-5827.html[CVE-2019-5827]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13750.html[CVE-2019-13750]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-13751.html[CVE-2019-13751]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17594.html[CVE-2019-17594]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-17595.html[CVE-2019-17595]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-18218.html[CVE-2019-18218]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-19603.html[CVE-2019-19603]
-* link:https://www.redhat.com/security/data/cve/CVE-2019-20838.html[CVE-2019-20838]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-12762.html[CVE-2020-12762]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-13435.html[CVE-2020-13435]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14145.html[CVE-2020-14145]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-14155.html[CVE-2020-14155]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-16135.html[CVE-2020-16135]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-17541.html[CVE-2020-17541]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-24370.html[CVE-2020-24370]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35521.html[CVE-2020-35521]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35522.html[CVE-2020-35522]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35523.html[CVE-2020-35523]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-35524.html[CVE-2020-35524]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36330.html[CVE-2020-36330]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36331.html[CVE-2020-36331]
-* link:https://www.redhat.com/security/data/cve/CVE-2020-36332.html[CVE-2020-36332]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3200.html[CVE-2021-3200]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3426.html[CVE-2021-3426]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3445.html[CVE-2021-3445]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3481.html[CVE-2021-3481]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3572.html[CVE-2021-3572]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3580.html[CVE-2021-3580]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3712.html[CVE-2021-3712]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-3800.html[CVE-2021-3800]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20231.html[CVE-2021-20231]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20232.html[CVE-2021-20232]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20266.html[CVE-2021-20266]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-20317.html[CVE-2021-20317]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22876.html[CVE-2021-22876]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22898.html[CVE-2021-22898]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-22925.html[CVE-2021-22925]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-27645.html[CVE-2021-27645]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-28153.html[CVE-2021-28153]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-31535.html[CVE-2021-31535]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33560.html[CVE-2021-33560]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-33574.html[CVE-2021-33574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-35942.html[CVE-2021-35942]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36084.html[CVE-2021-36084]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36085.html[CVE-2021-36085]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36086.html[CVE-2021-36086]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-36087.html[CVE-2021-36087]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-42574.html[CVE-2021-42574]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43267.html[CVE-2021-43267]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-43527.html[CVE-2021-43527]
-* link:https://www.redhat.com/security/data/cve/CVE-2021-45046.html[CVE-2021-45046]
-====
diff --git a/modules/cluster-logging-release-notes-5.4.0.adoc b/modules/cluster-logging-release-notes-5.4.0.adoc
deleted file mode 100644
index 794d45e98e1d..000000000000
--- a/modules/cluster-logging-release-notes-5.4.0.adoc
+++ /dev/null
@@ -1,53 +0,0 @@
-
-// Module included in the following assemblies:
-//cluster-logging-release-notes.adoc
-[id="cluster-logging-release-notes-5-4-0"]
-= Logging 5.4
-The following advisories are available for logging 5.4:
-link:https://access.redhat.com/errata/RHSA-2022:1461[{logging-title-uc} Release 5.4]
-
-[id="openshift-logging-5-4-0-bug-fixes"]
-== Bug fixes
-
-*	Before this update, the `cluster-logging-operator` utilized cluster scoped roles and bindings to establish permissions for the Prometheus service account to scrape metrics. These permissions were only created when deploying the Operator using the console interface but were missing when deploying from the command line. This update fixes the issue by making the roles and bindings namespace-scoped. (link:https://issues.redhat.com/browse/LOG-2286[LOG-2286])
-
-* Before this update, a prior change to fix dashboard reconciliation introduced a `ownerReferences` field to the resource across namespaces. As a result, both the config map and dashboard were not getting created in the namespace. With this update, the removal of the `ownerReferences` field resolves the issue and the OpenShift Logging dashboard is available in the console. (link:https://issues.redhat.com/browse/LOG-2163[LOG-2163])
-
-* Before this update, changes to the metrics dashboards did not deploy because the `cluster-logging-operator` did not correctly compare existing and desired configmaps containing the dashboard. With this update, the addition of a unique hash value to object labels resolves the issue.	(link:https://issues.redhat.com/browse/LOG-2071[LOG-2071])
-
-*	Before this update, the OpenShift Logging dashboard did not correctly display the pods and namespaces in the table, which displays the top producing containers collected over the last 24 hours. With this update, the pods and namespaces are displayed correctly.	(link:https://issues.redhat.com/browse/LOG-2069[LOG-2069])
-
-*	Before this update, when the `ClusterLogForwarder` was set up with `Elasticsearch OutputDefault` and Elasticsearch outputs did not have structured keys, the generated configuration contained the incorrect values for authentication. This update corrects the secret and certificates used.	(link:https://issues.redhat.com/browse/LOG-2056[LOG-2056])
-
-*	Before this update, the OpenShift Logging dashboard displayed an empty CPU graph because of a reference to an invalid metric. With this update, the correct data point has been selected, resolving the issue.	(link:https://issues.redhat.com/browse/LOG-2026[LOG-2026])
-
-*	Before this update, the Fluentd container image included builder tools that were unnecessary at run time. This update removes those tools from the image.(link:https://issues.redhat.com/browse/LOG-1927[LOG-1927])
-
-*	Before this update, a name change of the deployed collector in the 5.3 release caused the logging collector to generate the `FluentdNodeDown` alert. This update resolves the issue by fixing the job name for the Prometheus alert. 	(link:https://issues.redhat.com/browse/LOG-1918[LOG-1918])
-
-*	Before this update, the log collector was collecting its own logs due to a refactoring of the component name change. This could lead to a potential feedback loop of the collector processing its own log that might result in memory and log message size issues. This update resolves the issue by excluding the collector logs from the collection. (link:https://issues.redhat.com/browse/LOG-1774[LOG-1774])
-
-* Before this update, Elasticsearch generated the error "Unable to create PersistentVolumeClaim due to forbidden: exceeded quota: infra-storage-quota." if the PVC already existed. With this update, Elasticsearch checks for existing PVCs, resolving the issue.	(link:https://issues.redhat.com/browse/LOG-2131[LOG-2131])
-
-* Before this update, Elasticsearch was unable to return to the ready state when the `elasticsearch-signing `secret was removed. With this update, Elasticsearch is able to go back to the ready state after that secret is removed.	(link:https://issues.redhat.com/browse/LOG-2171[LOG-2171])
-
-* Before this update, the change of the path from which the collector reads container logs caused the collector to forward some records to the wrong indices. With this update, the collector now uses the correct configuration to resolve the issue.	(link:https://issues.redhat.com/browse/LOG-2160[LOG-2160])
-
-* Before this update, clusters with a large number of namespaces caused Elasticsearch to stop serving requests because the list of namespaces reached the maximum header size limit. With this update, headers only include a list of namespace names, resolving the issue.	(link:https://issues.redhat.com/browse/LOG-1899[LOG-1899])
-
-* Before this update, the *{product-title} Logging* dashboard showed the number of shards 'x' times larger than the actual value when Elasticsearch had 'x' nodes. This issue occurred because it was printing all primary shards for each ES pod and calculating a sum on it, although the output was always for the whole ES cluster. With this update, the number of shards is now correctly calculated. (link:https://issues.redhat.com/browse/LOG-2156[LOG-2156])
-
-* Before this update, the secrets "kibana" and "kibana-proxy" were not recreated if they were deleted manually. With this update, the `elasticsearch-operator` will watch the resources and automatically recreate them if deleted.	(link:https://issues.redhat.com/browse/LOG-2250[LOG-2250])
-
-* Before this update, tuning the buffer chunk size could cause the collector to generate a warning about the chunk size exceeding the byte limit for the event stream. With this update, you can also tune the read line limit, resolving the issue.	(link:https://issues.redhat.com/browse/LOG-2379[LOG-2379])
-
-* Before this update, the logging console link in OpenShift WebConsole was not removed with the ClusterLogging CR. With this update, deleting the CR or uninstalling the Cluster Logging Operator removes the link. (link:https://issues.redhat.com/browse/LOG-2373[LOG-2373])
-
-* Before this update, a change to the container logs path caused this metric to always be zero with older releases configured with the original path. With this update, the plugin which exposes metrics about collected logs supports reading from either path to resolve the issue. (link:https://issues.redhat.com/browse/LOG-2462[LOG-2462])
-
-== CVEs
-[id="openshift-logging-5-4-0-CVEs"]
-* link:https://access.redhat.com/security/cve/CVE-2022-0759[CVE-2022-0759]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2058404[BZ-2058404]
-* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-** link:https://bugzilla.redhat.com/show_bug.cgi?id=2045880[BZ-2045880]
diff --git a/modules/cluster-logging-release-notes-5.4.z.adoc b/modules/cluster-logging-release-notes-5.4.z.adoc
deleted file mode 100644
index 5c16c65d03f4..000000000000
--- a/modules/cluster-logging-release-notes-5.4.z.adoc
+++ /dev/null
@@ -1,39 +0,0 @@
-//Z-stream Release Notes by Version
-[id="cluster-logging-release-notes-5-4-1"]
-== Logging 5.4.1
-This release includes https://access.redhat.com/errata/RHSA-2022:2216[RHSA-2022:2216-OpenShift Logging Bug Fix Release 5.4.1].
-
-[id="openshift-logging-5-4-1-bug-fixes"]
-=== Bug fixes
-* Before this update, the log file metric exporter only reported logs created while the exporter was running, which resulted in inaccurate log growth data. This update resolves this issue by monitoring `/var/log/pods`. (https://issues.redhat.com/browse/LOG-2442[LOG-2442])
-
-* Before this update, the collector would be blocked because it continually tried to use a stale connection when forwarding logs to fluentd forward receivers. With this release, the `keepalive_timeout` value has been set to 30 seconds (`30s`) so that the collector recycles the connection and re-attempts to send failed messages within a reasonable amount of time. (https://issues.redhat.com/browse/LOG-2534[LOG-2534])
-
-* Before this update, an error in the gateway component enforcing tenancy for reading logs limited access to logs with a Kubernetes namespace causing "audit" and some "infrastructure" logs to be unreadable. With this update, the proxy correctly detects users with admin access and allows access to logs without a namespace. (https://issues.redhat.com/browse/LOG-2448[LOG-2448])
-
-* Before this update, `system:serviceaccount:openshift-monitoring:prometheus-k8s` had cluster level privileges as a `clusterrole` and `clusterrolebinding`. This update restricts the `serviceaccount` to the `openshift-logging` namespace with a role and rolebinding. (https://issues.redhat.com/browse/LOG-2437[LOG-2437])
-
-* Before this update, Linux audit log time parsing relied on an ordinal position of a key/value pair. This update changes the parsing to use a regular expression to find the time entry.  (https://issues.redhat.com/browse/LOG-2321[LOG-2321])
-
-
-[id="openshift-logging-5-4-1-CVEs"]
-=== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* https://access.redhat.com/security/cve/CVE-2021-4028[CVE-2021-4028]
-* https://access.redhat.com/security/cve/CVE-2021-37136[CVE-2021-37136]
-* https://access.redhat.com/security/cve/CVE-2021-37137[CVE-2021-37137]
-* https://access.redhat.com/security/cve/CVE-2021-43797[CVE-2021-43797]
-* https://access.redhat.com/security/cve/CVE-2022-0778[CVE-2022-0778]
-* https://access.redhat.com/security/cve/CVE-2022-1154[CVE-2022-1154]
-* https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* https://access.redhat.com/security/cve/CVE-2022-21426[CVE-2022-21426]
-* https://access.redhat.com/security/cve/CVE-2022-21434[CVE-2022-21434]
-* https://access.redhat.com/security/cve/CVE-2022-21443[CVE-2022-21443]
-* https://access.redhat.com/security/cve/CVE-2022-21476[CVE-2022-21476]
-* https://access.redhat.com/security/cve/CVE-2022-21496[CVE-2022-21496]
-* https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* https://access.redhat.com/security/cve/CVE-2022-25636[CVE-2022-25636]
-====
diff --git a/modules/cluster-logging-removing-unused-components-if-no-elasticsearch.adoc b/modules/cluster-logging-removing-unused-components-if-no-elasticsearch.adoc
index aaeee905be20..ebee7883bd49 100644
--- a/modules/cluster-logging-removing-unused-components-if-no-elasticsearch.adoc
+++ b/modules/cluster-logging-removing-unused-components-if-no-elasticsearch.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging-collector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-removing-unused-components-if-no-elasticsearch_{context}"]
 = Removing unused components if you do not use the default Elasticsearch log store
 
@@ -48,9 +48,8 @@ metadata:
 spec:
   managementState: "Managed"
   collection:
-    logs:
-      type: "fluentd"
-      fluentd: {}
+    type: "fluentd"
+    fluentd: {}
 ----
 
 . Verify that the collector pods are redeployed:
diff --git a/modules/cluster-logging-rn-5.2.11.adoc b/modules/cluster-logging-rn-5.2.11.adoc
deleted file mode 100644
index a3b84e3b1145..000000000000
--- a/modules/cluster-logging-rn-5.2.11.adoc
+++ /dev/null
@@ -1,61 +0,0 @@
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-2-11"]
-= Logging 5.2.11
-This release includes link:https://access.redhat.com/errata/RHBA-2022:5012[RHBA-2022:5012-OpenShift Logging Bug Fix Release 5.2.11]
-
-[id="openshift-logging-5-2-11-bug-fixes"]
-== Bug fixes
-* Before this update, clusters configured to perform CloudWatch forwarding wrote rejected log files to temporary storage, causing cluster instability over time. With this update, chunk backup for CloudWatch has been disabled, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2635[LOG-2635])
-
-[id="openshift-logging-5-2-11-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* link:https://access.redhat.com/security/cve/CVE-2020-0404[CVE-2020-0404]
-* link:https://access.redhat.com/security/cve/CVE-2020-4788[CVE-2020-4788]
-* link:https://access.redhat.com/security/cve/CVE-2020-13974[CVE-2020-13974]
-* link:https://access.redhat.com/security/cve/CVE-2020-19131[CVE-2020-19131]
-* link:https://access.redhat.com/security/cve/CVE-2020-27820[CVE-2020-27820]
-* link:https://access.redhat.com/security/cve/CVE-2021-0941[CVE-2021-0941]
-* link:https://access.redhat.com/security/cve/CVE-2021-3612[CVE-2021-3612]
-* link:https://access.redhat.com/security/cve/CVE-2021-3634[CVE-2021-3634]
-* link:https://access.redhat.com/security/cve/CVE-2021-3669[CVE-2021-3669]
-* link:https://access.redhat.com/security/cve/CVE-2021-3737[CVE-2021-3737]
-* link:https://access.redhat.com/security/cve/CVE-2021-3743[CVE-2021-3743]
-* link:https://access.redhat.com/security/cve/CVE-2021-3744[CVE-2021-3744]
-* link:https://access.redhat.com/security/cve/CVE-2021-3752[CVE-2021-3752]
-* link:https://access.redhat.com/security/cve/CVE-2021-3759[CVE-2021-3759]
-* link:https://access.redhat.com/security/cve/CVE-2021-3764[CVE-2021-3764]
-* link:https://access.redhat.com/security/cve/CVE-2021-3772[CVE-2021-3772]
-* link:https://access.redhat.com/security/cve/CVE-2021-3773[CVE-2021-3773]
-* link:https://access.redhat.com/security/cve/CVE-2021-4002[CVE-2021-4002]
-* link:https://access.redhat.com/security/cve/CVE-2021-4037[CVE-2021-4037]
-* link:https://access.redhat.com/security/cve/CVE-2021-4083[CVE-2021-4083]
-* link:https://access.redhat.com/security/cve/CVE-2021-4157[CVE-2021-4157]
-* link:https://access.redhat.com/security/cve/CVE-2021-4189[CVE-2021-4189]
-* link:https://access.redhat.com/security/cve/CVE-2021-4197[CVE-2021-4197]
-* link:https://access.redhat.com/security/cve/CVE-2021-4203[CVE-2021-4203]
-* link:https://access.redhat.com/security/cve/CVE-2021-20322[CVE-2021-20322]
-* link:https://access.redhat.com/security/cve/CVE-2021-21781[CVE-2021-21781]
-* link:https://access.redhat.com/security/cve/CVE-2021-23222[CVE-2021-23222]
-* link:https://access.redhat.com/security/cve/CVE-2021-26401[CVE-2021-26401]
-* link:https://access.redhat.com/security/cve/CVE-2021-29154[CVE-2021-29154]
-* link:https://access.redhat.com/security/cve/CVE-2021-37159[CVE-2021-37159]
-* link:https://access.redhat.com/security/cve/CVE-2021-41617[CVE-2021-41617]
-* link:https://access.redhat.com/security/cve/CVE-2021-41864[CVE-2021-41864]
-* link:https://access.redhat.com/security/cve/CVE-2021-42739[CVE-2021-42739]
-* link:https://access.redhat.com/security/cve/CVE-2021-43056[CVE-2021-43056]
-* link:https://access.redhat.com/security/cve/CVE-2021-43389[CVE-2021-43389]
-* link:https://access.redhat.com/security/cve/CVE-2021-43976[CVE-2021-43976]
-* link:https://access.redhat.com/security/cve/CVE-2021-44733[CVE-2021-44733]
-* link:https://access.redhat.com/security/cve/CVE-2021-45485[CVE-2021-45485]
-* link:https://access.redhat.com/security/cve/CVE-2021-45486[CVE-2021-45486]
-* link:https://access.redhat.com/security/cve/CVE-2022-0001[CVE-2022-0001]
-* link:https://access.redhat.com/security/cve/CVE-2022-0002[CVE-2022-0002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0286[CVE-2022-0286]
-* link:https://access.redhat.com/security/cve/CVE-2022-0322[CVE-2022-0322]
-* link:https://access.redhat.com/security/cve/CVE-2022-1011[CVE-2022-1011]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-====
diff --git a/modules/cluster-logging-rn-5.2.12.adoc b/modules/cluster-logging-rn-5.2.12.adoc
deleted file mode 100644
index 86c386347b62..000000000000
--- a/modules/cluster-logging-rn-5.2.12.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-2-12"]
-= Logging 5.2.12
-This release includes link:https://access.redhat.com/errata/RHBA-2022:5558[RHBA-2022:5558-OpenShift Logging Bug Fix Release 5.2.12].
-
-[id="openshift-logging-5-2-12-bug-fixes"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-2-12-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28915[CVE-2020-28915]
-* link:https://access.redhat.com/security/cve/CVE-2021-40528[CVE-2021-40528]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-1621[CVE-2022-1621]
-* link:https://access.redhat.com/security/cve/CVE-2022-1629[CVE-2022-1629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22576[CVE-2022-22576]
-* link:https://access.redhat.com/security/cve/CVE-2022-25313[CVE-2022-25313]
-* link:https://access.redhat.com/security/cve/CVE-2022-25314[CVE-2022-25314]
-* link:https://access.redhat.com/security/cve/CVE-2022-26691[CVE-2022-26691]
-* link:https://access.redhat.com/security/cve/CVE-2022-27666[CVE-2022-27666]
-* link:https://access.redhat.com/security/cve/CVE-2022-27774[CVE-2022-27774]
-* link:https://access.redhat.com/security/cve/CVE-2022-27776[CVE-2022-27776]
-* link:https://access.redhat.com/security/cve/CVE-2022-27782[CVE-2022-27782]
-* link:https://access.redhat.com/security/cve/CVE-2022-29824[CVE-2022-29824]
-====
diff --git a/modules/cluster-logging-rn-5.2.13.adoc b/modules/cluster-logging-rn-5.2.13.adoc
deleted file mode 100644
index 468304e0e599..000000000000
--- a/modules/cluster-logging-rn-5.2.13.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-2-13"]
-= Logging 5.2.13
-This release includes link:https://access.redhat.com/errata/RHSA-2022:5909[RHSA-2022:5909-OpenShift Logging Bug Fix Release 5.2.13].
-
-[id="openshift-logging-5-2-13-bug-fixes"]
-== Bug fixes
-* https://bugzilla.redhat.com/show_bug.cgi?id=2100495[BZ-2100495]
-
-[id="openshift-logging-5-2-13-cves"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-38561[CVE-2021-38561]
-* link:https://access.redhat.com/security/cve/CVE-2021-40528[CVE-2021-40528]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-1621[CVE-2022-1621]
-* link:https://access.redhat.com/security/cve/CVE-2022-1629[CVE-2022-1629]
-* link:https://access.redhat.com/security/cve/CVE-2022-21540[CVE-2022-21540]
-* link:https://access.redhat.com/security/cve/CVE-2022-21541[CVE-2022-21541]
-* link:https://access.redhat.com/security/cve/CVE-2022-22576[CVE-2022-22576]
-* link:https://access.redhat.com/security/cve/CVE-2022-25313[CVE-2022-25313]
-* link:https://access.redhat.com/security/cve/CVE-2022-25314[CVE-2022-25314]
-* link:https://access.redhat.com/security/cve/CVE-2022-27774[CVE-2022-27774]
-* link:https://access.redhat.com/security/cve/CVE-2022-27776[CVE-2022-27776]
-* link:https://access.redhat.com/security/cve/CVE-2022-27782[CVE-2022-27782]
-* link:https://access.redhat.com/security/cve/CVE-2022-29824[CVE-2022-29824]
-* link:https://access.redhat.com/security/cve/CVE-2022-34169[CVE-2022-34169]
-====
diff --git a/modules/cluster-logging-rn-5.3.10.adoc b/modules/cluster-logging-rn-5.3.10.adoc
deleted file mode 100644
index 03d1e82f5efd..000000000000
--- a/modules/cluster-logging-rn-5.3.10.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-10"]
-= Logging 5.3.10
-This release includes link:https://access.redhat.com/errata/RHSA-2022:5908[RHSA-2022:5908-OpenShift Logging Bug Fix Release 5.3.10].
-
-[id="openshift-logging-5-3-10-bug-fixes"]
-== Bug fixes
-* https://bugzilla.redhat.com/show_bug.cgi?id=2100495[BZ-2100495]
-
-[id="openshift-logging-5-3-10-cves"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2021-38561[CVE-2021-38561]
-* link:https://access.redhat.com/security/cve/CVE-2021-40528[CVE-2021-40528]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-1621[CVE-2022-1621]
-* link:https://access.redhat.com/security/cve/CVE-2022-1629[CVE-2022-1629]
-* link:https://access.redhat.com/security/cve/CVE-2022-21540[CVE-2022-21540]
-* link:https://access.redhat.com/security/cve/CVE-2022-21541[CVE-2022-21541]
-* link:https://access.redhat.com/security/cve/CVE-2022-22576[CVE-2022-22576]
-* link:https://access.redhat.com/security/cve/CVE-2022-25313[CVE-2022-25313]
-* link:https://access.redhat.com/security/cve/CVE-2022-25314[CVE-2022-25314]
-* link:https://access.redhat.com/security/cve/CVE-2022-27774[CVE-2022-27774]
-* link:https://access.redhat.com/security/cve/CVE-2022-27776[CVE-2022-27776]
-* link:https://access.redhat.com/security/cve/CVE-2022-27782[CVE-2022-27782]
-* link:https://access.redhat.com/security/cve/CVE-2022-29824[CVE-2022-29824]
-* link:https://access.redhat.com/security/cve/CVE-2022-34169[CVE-2022-34169]
-====
diff --git a/modules/cluster-logging-rn-5.3.11.adoc b/modules/cluster-logging-rn-5.3.11.adoc
deleted file mode 100644
index 0102585c3311..000000000000
--- a/modules/cluster-logging-rn-5.3.11.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-11_{context}"]
-= Logging 5.3.11
-This release includes link:https://access.redhat.com/errata/RHSA-2022:6182[OpenShift Logging Bug Fix Release 5.3.11].
-
-[id="openshift-logging-5-3-11-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, the Operator did not ensure that the pod was ready, which caused the cluster to reach an inoperable state during a cluster restart. With this update, the Operator marks new pods as ready before continuing to a new pod during a restart, which resolves the issue. (link:https://issues.redhat.com/browse/LOG-2871[LOG-2871])
-
-[id="openshift-logging-5-3-11-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-30631[CVE-2022-30631]
diff --git a/modules/cluster-logging-rn-5.3.12.adoc b/modules/cluster-logging-rn-5.3.12.adoc
deleted file mode 100644
index 1053b7870d85..000000000000
--- a/modules/cluster-logging-rn-5.3.12.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-12_{context}"]
-= Logging 5.3.12
-This release includes link:https://access.redhat.com/errata/RHSA-2022:6560[OpenShift Logging Bug Fix Release 5.3.12].
-
-[id="openshift-logging-5-3-12-bug-fixes_{context}"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-3-12-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2015-20107[CVE-2015-20107]
-* link:https://access.redhat.com/security/cve/CVE-2022-0391[CVE-2022-0391]
-* link:https://access.redhat.com/security/cve/CVE-2022-21123[CVE-2022-21123]
-* link:https://access.redhat.com/security/cve/CVE-2022-21125[CVE-2022-21125]
-* link:https://access.redhat.com/security/cve/CVE-2022-21166[CVE-2022-21166]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
diff --git a/modules/cluster-logging-rn-5.3.13.adoc b/modules/cluster-logging-rn-5.3.13.adoc
deleted file mode 100644
index 64676f9cd3cf..000000000000
--- a/modules/cluster-logging-rn-5.3.13.adoc
+++ /dev/null
@@ -1,36 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-13_{context}"]
-= Logging 5.3.13
-This release includes link:https://access.redhat.com/errata/RHSA-2022:6882[RHSA-2022:68828-OpenShift Logging Bug Fix Release 5.3.13].
-
-[id="openshift-logging-5-3-13-bug-fixes"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-3-13-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2022-0494[CVE-2022-0494]
-* link:https://access.redhat.com/security/cve/CVE-2022-1353[CVE-2022-1353]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2588[CVE-2022-2588]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-23816[CVE-2022-23816]
-* link:https://access.redhat.com/security/cve/CVE-2022-23825[CVE-2022-23825]
-* link:https://access.redhat.com/security/cve/CVE-2022-29900[CVE-2022-29900]
-* link:https://access.redhat.com/security/cve/CVE-2022-29901[CVE-2022-29901]
-* link:https://access.redhat.com/security/cve/CVE-2022-32149[CVE-2022-32149]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-39399[CVE-2022-39399]
-* link:https://access.redhat.com/security/cve/CVE-2022-40674[CVE-2022-40674]
-====
diff --git a/modules/cluster-logging-rn-5.3.14.adoc b/modules/cluster-logging-rn-5.3.14.adoc
deleted file mode 100644
index ac7efd450212..000000000000
--- a/modules/cluster-logging-rn-5.3.14.adoc
+++ /dev/null
@@ -1,84 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-14_{context}"]
-= Logging 5.3.14
-This release includes link:https://access.redhat.com/errata/RHSA-2022:8889[OpenShift Logging Bug Fix Release 5.3.14].
-
-[id="openshift-logging-5-3-14-bug-fixes"]
-== Bug fixes
-* Before this update, the log file size map generated by the `log-file-metrics-exporter` component did not remove entries for deleted files, resulting in increased file size, and process memory. With this update, the log file size map does not contain entries for deleted files. (link:https://issues.redhat.com/browse/LOG-3293[LOG-3293])
-
-[id="openshift-logging-5-3-14-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2016-3709[CVE-2016-3709]
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2020-36516[CVE-2020-36516]
-* link:https://access.redhat.com/security/cve/CVE-2020-36558[CVE-2020-36558]
-* link:https://access.redhat.com/security/cve/CVE-2021-3640[CVE-2021-3640]
-* link:https://access.redhat.com/security/cve/CVE-2021-30002[CVE-2021-30002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0168[CVE-2022-0168]
-* link:https://access.redhat.com/security/cve/CVE-2022-0561[CVE-2022-0561]
-* link:https://access.redhat.com/security/cve/CVE-2022-0562[CVE-2022-0562]
-* link:https://access.redhat.com/security/cve/CVE-2022-0617[CVE-2022-0617]
-* link:https://access.redhat.com/security/cve/CVE-2022-0854[CVE-2022-0854]
-* link:https://access.redhat.com/security/cve/CVE-2022-0865[CVE-2022-0865]
-* link:https://access.redhat.com/security/cve/CVE-2022-0891[CVE-2022-0891]
-* link:https://access.redhat.com/security/cve/CVE-2022-0908[CVE-2022-0908]
-* link:https://access.redhat.com/security/cve/CVE-2022-0909[CVE-2022-0909]
-* link:https://access.redhat.com/security/cve/CVE-2022-0924[CVE-2022-0924]
-* link:https://access.redhat.com/security/cve/CVE-2022-1016[CVE-2022-1016]
-* link:https://access.redhat.com/security/cve/CVE-2022-1048[CVE-2022-1048]
-* link:https://access.redhat.com/security/cve/CVE-2022-1055[CVE-2022-1055]
-* link:https://access.redhat.com/security/cve/CVE-2022-1184[CVE-2022-1184]
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1304[CVE-2022-1304]
-* link:https://access.redhat.com/security/cve/CVE-2022-1355[CVE-2022-1355]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1852[CVE-2022-1852]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2078[CVE-2022-2078]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2586[CVE-2022-2586]
-* link:https://access.redhat.com/security/cve/CVE-2022-2639[CVE-2022-2639]
-* link:https://access.redhat.com/security/cve/CVE-2022-2938[CVE-2022-2938]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-20368[CVE-2022-20368]
-* link:https://access.redhat.com/security/cve/CVE-2022-21499[CVE-2022-21499]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22624[CVE-2022-22624]
-* link:https://access.redhat.com/security/cve/CVE-2022-22628[CVE-2022-22628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22629[CVE-2022-22629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22662[CVE-2022-22662]
-* link:https://access.redhat.com/security/cve/CVE-2022-22844[CVE-2022-22844]
-* link:https://access.redhat.com/security/cve/CVE-2022-23960[CVE-2022-23960]
-* link:https://access.redhat.com/security/cve/CVE-2022-24448[CVE-2022-24448]
-* link:https://access.redhat.com/security/cve/CVE-2022-25255[CVE-2022-25255]
-* link:https://access.redhat.com/security/cve/CVE-2022-26373[CVE-2022-26373]
-* link:https://access.redhat.com/security/cve/CVE-2022-26700[CVE-2022-26700]
-* link:https://access.redhat.com/security/cve/CVE-2022-26709[CVE-2022-26709]
-* link:https://access.redhat.com/security/cve/CVE-2022-26710[CVE-2022-26710]
-* link:https://access.redhat.com/security/cve/CVE-2022-26716[CVE-2022-26716]
-* link:https://access.redhat.com/security/cve/CVE-2022-26717[CVE-2022-26717]
-* link:https://access.redhat.com/security/cve/CVE-2022-26719[CVE-2022-26719]
-* link:https://access.redhat.com/security/cve/CVE-2022-27404[CVE-2022-27404]
-* link:https://access.redhat.com/security/cve/CVE-2022-27405[CVE-2022-27405]
-* link:https://access.redhat.com/security/cve/CVE-2022-27406[CVE-2022-27406]
-* link:https://access.redhat.com/security/cve/CVE-2022-27950[CVE-2022-27950]
-* link:https://access.redhat.com/security/cve/CVE-2022-28390[CVE-2022-28390]
-* link:https://access.redhat.com/security/cve/CVE-2022-28893[CVE-2022-28893]
-* link:https://access.redhat.com/security/cve/CVE-2022-29581[CVE-2022-29581]
-* link:https://access.redhat.com/security/cve/CVE-2022-30293[CVE-2022-30293]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
-* link:https://access.redhat.com/security/cve/CVE-2022-36946[CVE-2022-36946]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-39399[CVE-2022-39399]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
diff --git a/modules/cluster-logging-rn-5.3.8.adoc b/modules/cluster-logging-rn-5.3.8.adoc
deleted file mode 100644
index d3f152160b2e..000000000000
--- a/modules/cluster-logging-rn-5.3.8.adoc
+++ /dev/null
@@ -1,61 +0,0 @@
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-8"]
-= Logging 5.3.8
-This release includes link:https://access.redhat.com/errata/RHBA-2022:5010[RHBA-2022:5010-OpenShift Logging Bug Fix Release 5.3.8]
-
-[id="openshift-logging-5-3-8-bug-fixes"]
-== Bug fixes
-(None.)
-
-[id="openshift-logging-5-3-8-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* link:https://access.redhat.com/security/cve/CVE-2020-0404[CVE-2020-0404]
-* link:https://access.redhat.com/security/cve/CVE-2020-4788[CVE-2020-4788]
-* link:https://access.redhat.com/security/cve/CVE-2020-13974[CVE-2020-13974]
-* link:https://access.redhat.com/security/cve/CVE-2020-19131[CVE-2020-19131]
-* link:https://access.redhat.com/security/cve/CVE-2020-27820[CVE-2020-27820]
-* link:https://access.redhat.com/security/cve/CVE-2021-0941[CVE-2021-0941]
-* link:https://access.redhat.com/security/cve/CVE-2021-3612[CVE-2021-3612]
-* link:https://access.redhat.com/security/cve/CVE-2021-3634[CVE-2021-3634]
-* link:https://access.redhat.com/security/cve/CVE-2021-3669[CVE-2021-3669]
-* link:https://access.redhat.com/security/cve/CVE-2021-3737[CVE-2021-3737]
-* link:https://access.redhat.com/security/cve/CVE-2021-3743[CVE-2021-3743]
-* link:https://access.redhat.com/security/cve/CVE-2021-3744[CVE-2021-3744]
-* link:https://access.redhat.com/security/cve/CVE-2021-3752[CVE-2021-3752]
-* link:https://access.redhat.com/security/cve/CVE-2021-3759[CVE-2021-3759]
-* link:https://access.redhat.com/security/cve/CVE-2021-3764[CVE-2021-3764]
-* link:https://access.redhat.com/security/cve/CVE-2021-3772[CVE-2021-3772]
-* link:https://access.redhat.com/security/cve/CVE-2021-3773[CVE-2021-3773]
-* link:https://access.redhat.com/security/cve/CVE-2021-4002[CVE-2021-4002]
-* link:https://access.redhat.com/security/cve/CVE-2021-4037[CVE-2021-4037]
-* link:https://access.redhat.com/security/cve/CVE-2021-4083[CVE-2021-4083]
-* link:https://access.redhat.com/security/cve/CVE-2021-4157[CVE-2021-4157]
-* link:https://access.redhat.com/security/cve/CVE-2021-4189[CVE-2021-4189]
-* link:https://access.redhat.com/security/cve/CVE-2021-4197[CVE-2021-4197]
-* link:https://access.redhat.com/security/cve/CVE-2021-4203[CVE-2021-4203]
-* link:https://access.redhat.com/security/cve/CVE-2021-20322[CVE-2021-20322]
-* link:https://access.redhat.com/security/cve/CVE-2021-21781[CVE-2021-21781]
-* link:https://access.redhat.com/security/cve/CVE-2021-23222[CVE-2021-23222]
-* link:https://access.redhat.com/security/cve/CVE-2021-26401[CVE-2021-26401]
-* link:https://access.redhat.com/security/cve/CVE-2021-29154[CVE-2021-29154]
-* link:https://access.redhat.com/security/cve/CVE-2021-37159[CVE-2021-37159]
-* link:https://access.redhat.com/security/cve/CVE-2021-41617[CVE-2021-41617]
-* link:https://access.redhat.com/security/cve/CVE-2021-41864[CVE-2021-41864]
-* link:https://access.redhat.com/security/cve/CVE-2021-42739[CVE-2021-42739]
-* link:https://access.redhat.com/security/cve/CVE-2021-43056[CVE-2021-43056]
-* link:https://access.redhat.com/security/cve/CVE-2021-43389[CVE-2021-43389]
-* link:https://access.redhat.com/security/cve/CVE-2021-43976[CVE-2021-43976]
-* link:https://access.redhat.com/security/cve/CVE-2021-44733[CVE-2021-44733]
-* link:https://access.redhat.com/security/cve/CVE-2021-45485[CVE-2021-45485]
-* link:https://access.redhat.com/security/cve/CVE-2021-45486[CVE-2021-45486]
-* link:https://access.redhat.com/security/cve/CVE-2022-0001[CVE-2022-0001]
-* link:https://access.redhat.com/security/cve/CVE-2022-0002[CVE-2022-0002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0286[CVE-2022-0286]
-* link:https://access.redhat.com/security/cve/CVE-2022-0322[CVE-2022-0322]
-* link:https://access.redhat.com/security/cve/CVE-2022-1011[CVE-2022-1011]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-====
diff --git a/modules/cluster-logging-rn-5.3.9.adoc b/modules/cluster-logging-rn-5.3.9.adoc
deleted file mode 100644
index 1e89c948a680..000000000000
--- a/modules/cluster-logging-rn-5.3.9.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-3-9"]
-= Logging 5.3.9
-This release includes link:https://access.redhat.com/errata/RHBA-2022:5557[RHBA-2022:5557-OpenShift Logging Bug Fix Release 5.3.9].
-
-[id="openshift-logging-5-3-9-bug-fixes"]
-== Bug fixes
-
-* Before this update, the logging collector included a path as a label for the metrics it produced. This path changed frequently and contributed to significant storage changes for the Prometheus server. With this update, the label has been dropped to resolve the issue and reduce storage consumption. (link:https://issues.redhat.com/browse/LOG-2682[LOG-2682]) 
-
-
-[id="openshift-logging-5-3-9-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28915[CVE-2020-28915]
-* link:https://access.redhat.com/security/cve/CVE-2021-40528[CVE-2021-40528]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-1621[CVE-2022-1621]
-* link:https://access.redhat.com/security/cve/CVE-2022-1629[CVE-2022-1629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22576[CVE-2022-22576]
-* link:https://access.redhat.com/security/cve/CVE-2022-25313[CVE-2022-25313]
-* link:https://access.redhat.com/security/cve/CVE-2022-25314[CVE-2022-25314]
-* link:https://access.redhat.com/security/cve/CVE-2022-26691[CVE-2022-26691]
-* link:https://access.redhat.com/security/cve/CVE-2022-27666[CVE-2022-27666]
-* link:https://access.redhat.com/security/cve/CVE-2022-27774[CVE-2022-27774]
-* link:https://access.redhat.com/security/cve/CVE-2022-27776[CVE-2022-27776]
-* link:https://access.redhat.com/security/cve/CVE-2022-27782[CVE-2022-27782]
-* link:https://access.redhat.com/security/cve/CVE-2022-29824[CVE-2022-29824]
-====
diff --git a/modules/cluster-logging-rn-5.4.10.adoc b/modules/cluster-logging-rn-5.4.10.adoc
deleted file mode 100644
index 0bf8b088e108..000000000000
--- a/modules/cluster-logging-rn-5.4.10.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-10_{context}"]
-= Logging 5.4.10
-This release includes link:https://access.redhat.com/errata/RHBA-2023:0385[OpenShift Logging Bug Fix Release 5.4.10].
-
-[id="openshift-logging-5-4-10-bug-fixes"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-4-10-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* link:https://access.redhat.com/security/cve/CVE-2022-2056[CVE-2022-2056]
-* link:https://access.redhat.com/security/cve/CVE-2022-2057[CVE-2022-2057]
-* link:https://access.redhat.com/security/cve/CVE-2022-2058[CVE-2022-2058]
-* link:https://access.redhat.com/security/cve/CVE-2022-2519[CVE-2022-2519]
-* link:https://access.redhat.com/security/cve/CVE-2022-2520[CVE-2022-2520]
-* link:https://access.redhat.com/security/cve/CVE-2022-2521[CVE-2022-2521]
-* link:https://access.redhat.com/security/cve/CVE-2022-2867[CVE-2022-2867]
-* link:https://access.redhat.com/security/cve/CVE-2022-2868[CVE-2022-2868]
-* link:https://access.redhat.com/security/cve/CVE-2022-2869[CVE-2022-2869]
-* link:https://access.redhat.com/security/cve/CVE-2022-2953[CVE-2022-2953]
-* link:https://access.redhat.com/security/cve/CVE-2022-2964[CVE-2022-2964]
-* link:https://access.redhat.com/security/cve/CVE-2022-4139[CVE-2022-4139]
-* link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/cluster-logging-rn-5.4.11.adoc b/modules/cluster-logging-rn-5.4.11.adoc
deleted file mode 100644
index f659fe685961..000000000000
--- a/modules/cluster-logging-rn-5.4.11.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-11_{context}"]
-= Logging 5.4.11
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0632[OpenShift Logging Bug Fix Release 5.4.11].
-
-[id="openshift-logging-5-4-11-bug-fixes_{context}"]
-== Bug fixes
-* link:https://bugzilla.redhat.com/show_bug.cgi?id=2099524[BZ 2099524]
-* link:https://bugzilla.redhat.com/show_bug.cgi?id=2161274[BZ 2161274]
-
-[id="openshift-logging-5-4-11-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* link:https://access.redhat.com/security/cve/CVE-2022-3821[CVE-2022-3821]
-* link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/cluster-logging-rn-5.4.12.adoc b/modules/cluster-logging-rn-5.4.12.adoc
deleted file mode 100644
index 137dfe68b341..000000000000
--- a/modules/cluster-logging-rn-5.4.12.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-12_{context}"]
-= Logging 5.4.12
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0931[OpenShift Logging Bug Fix Release 5.4.12].
-
-[id="openshift-logging-5-4-12-bug-fixes"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-4-12-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-10735[CVE-2020-10735]
-* link:https://access.redhat.com/security/cve/CVE-2021-28861[CVE-2021-28861]
-* link:https://access.redhat.com/security/cve/CVE-2022-2873[CVE-2022-2873]
-* link:https://access.redhat.com/security/cve/CVE-2022-4415[CVE-2022-4415]
-* link:https://access.redhat.com/security/cve/CVE-2022-40897[CVE-2022-40897]
-* link:https://access.redhat.com/security/cve/CVE-2022-41222[CVE-2022-41222]
-* link:https://access.redhat.com/security/cve/CVE-2022-41717[CVE-2022-41717]
-* link:https://access.redhat.com/security/cve/CVE-2022-43945[CVE-2022-43945]
-* link:https://access.redhat.com/security/cve/CVE-2022-45061[CVE-2022-45061]
-* link:https://access.redhat.com/security/cve/CVE-2022-48303[CVE-2022-48303]
diff --git a/modules/cluster-logging-rn-5.4.13.adoc b/modules/cluster-logging-rn-5.4.13.adoc
deleted file mode 100644
index cf5b6ccbd808..000000000000
--- a/modules/cluster-logging-rn-5.4.13.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-13_{context}"]
-= Logging 5.4.13
-This release includes link:https://access.redhat.com/errata/RHBA-2023:1312[OpenShift Logging Bug Fix Release 5.4.13].
-
-[id="openshift-logging-5-4-13-bug-fixes"]
-== Bug fixes
-* Before this update, a problem with the Fluentd collector caused it to not capture OAuth login events stored in `/var/log/auth-server/audit.log`. This led to incomplete collection of login events from the OAuth service. With this update, the Fluentd collector now resolves this issue by capturing all login events from the OAuth service, including those stored in `/var/log/auth-server/audit.log`, as expected. (link:https://issues.redhat.com/browse/LOG-3731[LOG-3731])
-
-[id="openshift-logging-5-4-13-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* link:https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* link:https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* link:https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* link:https://access.redhat.com/security/cve/CVE-2023-0767[CVE-2023-0767]
-* link:https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/cluster-logging-rn-5.4.14.adoc b/modules/cluster-logging-rn-5.4.14.adoc
deleted file mode 100644
index 2bd231f72c23..000000000000
--- a/modules/cluster-logging-rn-5.4.14.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-14{context}"]
-= Logging 5.4.14
-This release includes link:https://access.redhat.com/errata/RHBA-2023:1843[OpenShift Logging Bug Fix Release 5.4.14].
-
-[id="openshift-logging-5-4-14-bug-fixes"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-4-14-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* link:https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* link:https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* link:https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* link:https://access.redhat.com/security/cve/CVE-2023-0361[CVE-2023-0361]
-* link:https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/cluster-logging-rn-5.4.2.adoc b/modules/cluster-logging-rn-5.4.2.adoc
deleted file mode 100644
index ab88c1d7bf83..000000000000
--- a/modules/cluster-logging-rn-5.4.2.adoc
+++ /dev/null
@@ -1,65 +0,0 @@
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-2"]
-= Logging 5.4.2
-This release includes link:https://access.redhat.com/errata/RHBA-2022:4874[RHBA-2022:4874-OpenShift Logging Bug Fix Release 5.4.2]
-
-[id="openshift-logging-5-4-2-bug-fixes"]
-== Bug fixes
-* Before this update, editing the Collector configuration using `oc edit` was difficult because it had inconsistent use of white-space.  This change introduces logic to normalize and format the configuration prior to any updates by the Operator so that it is easy to edit using `oc edit`. (link:https://issues.redhat.com/browse/LOG-2319[LOG-2319])
-
-* Before this update, the `FluentdNodeDown` alert could not provide instance labels in the message section appropriately. This update resolves the issue by fixing the alert rule to provide instance labels in cases of partial instance failures. (link:https://issues.redhat.com/browse/LOG-2607[LOG-2607])
-
-* Before this update, several log levels, such as`critical`, that were documented as supported by the product were not. This update fixes the discrepancy so the documented log levels are now supported by the product. (link:https://issues.redhat.com/browse/LOG-2033[LOG-2033])
-
-[id="openshift-logging-5-4-2-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2018-25032[CVE-2018-25032]
-* link:https://access.redhat.com/security/cve/CVE-2020-0404[CVE-2020-0404]
-* link:https://access.redhat.com/security/cve/CVE-2020-4788[CVE-2020-4788]
-* link:https://access.redhat.com/security/cve/CVE-2020-13974[CVE-2020-13974]
-* link:https://access.redhat.com/security/cve/CVE-2020-19131[CVE-2020-19131]
-* link:https://access.redhat.com/security/cve/CVE-2020-27820[CVE-2020-27820]
-* link:https://access.redhat.com/security/cve/CVE-2021-0941[CVE-2021-0941]
-* link:https://access.redhat.com/security/cve/CVE-2021-3612[CVE-2021-3612]
-* link:https://access.redhat.com/security/cve/CVE-2021-3634[CVE-2021-3634]
-* link:https://access.redhat.com/security/cve/CVE-2021-3669[CVE-2021-3669]
-* link:https://access.redhat.com/security/cve/CVE-2021-3737[CVE-2021-3737]
-* link:https://access.redhat.com/security/cve/CVE-2021-3743[CVE-2021-3743]
-* link:https://access.redhat.com/security/cve/CVE-2021-3744[CVE-2021-3744]
-* link:https://access.redhat.com/security/cve/CVE-2021-3752[CVE-2021-3752]
-* link:https://access.redhat.com/security/cve/CVE-2021-3759[CVE-2021-3759]
-* link:https://access.redhat.com/security/cve/CVE-2021-3764[CVE-2021-3764]
-* link:https://access.redhat.com/security/cve/CVE-2021-3772[CVE-2021-3772]
-* link:https://access.redhat.com/security/cve/CVE-2021-3773[CVE-2021-3773]
-* link:https://access.redhat.com/security/cve/CVE-2021-4002[CVE-2021-4002]
-* link:https://access.redhat.com/security/cve/CVE-2021-4037[CVE-2021-4037]
-* link:https://access.redhat.com/security/cve/CVE-2021-4083[CVE-2021-4083]
-* link:https://access.redhat.com/security/cve/CVE-2021-4157[CVE-2021-4157]
-* link:https://access.redhat.com/security/cve/CVE-2021-4189[CVE-2021-4189]
-* link:https://access.redhat.com/security/cve/CVE-2021-4197[CVE-2021-4197]
-* link:https://access.redhat.com/security/cve/CVE-2021-4203[CVE-2021-4203]
-* link:https://access.redhat.com/security/cve/CVE-2021-20322[CVE-2021-20322]
-* link:https://access.redhat.com/security/cve/CVE-2021-21781[CVE-2021-21781]
-* link:https://access.redhat.com/security/cve/CVE-2021-23222[CVE-2021-23222]
-* link:https://access.redhat.com/security/cve/CVE-2021-26401[CVE-2021-26401]
-* link:https://access.redhat.com/security/cve/CVE-2021-29154[CVE-2021-29154]
-* link:https://access.redhat.com/security/cve/CVE-2021-37159[CVE-2021-37159]
-* link:https://access.redhat.com/security/cve/CVE-2021-41617[CVE-2021-41617]
-* link:https://access.redhat.com/security/cve/CVE-2021-41864[CVE-2021-41864]
-* link:https://access.redhat.com/security/cve/CVE-2021-42739[CVE-2021-42739]
-* link:https://access.redhat.com/security/cve/CVE-2021-43056[CVE-2021-43056]
-* link:https://access.redhat.com/security/cve/CVE-2021-43389[CVE-2021-43389]
-* link:https://access.redhat.com/security/cve/CVE-2021-43976[CVE-2021-43976]
-* link:https://access.redhat.com/security/cve/CVE-2021-44733[CVE-2021-44733]
-* link:https://access.redhat.com/security/cve/CVE-2021-45485[CVE-2021-45485]
-* link:https://access.redhat.com/security/cve/CVE-2021-45486[CVE-2021-45486]
-* link:https://access.redhat.com/security/cve/CVE-2022-0001[CVE-2022-0001]
-* link:https://access.redhat.com/security/cve/CVE-2022-0002[CVE-2022-0002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0286[CVE-2022-0286]
-* link:https://access.redhat.com/security/cve/CVE-2022-0322[CVE-2022-0322]
-* link:https://access.redhat.com/security/cve/CVE-2022-1011[CVE-2022-1011]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-====
diff --git a/modules/cluster-logging-rn-5.4.3.adoc b/modules/cluster-logging-rn-5.4.3.adoc
deleted file mode 100644
index efebbe265853..000000000000
--- a/modules/cluster-logging-rn-5.4.3.adoc
+++ /dev/null
@@ -1,44 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-3"]
-= Logging 5.4.3
-This release includes link:https://access.redhat.com/errata/RHSA-2022:5556[RHSA-2022:5556-OpenShift Logging Bug Fix Release 5.4.3].
-
-[id="openshift-logging-elasticsearch-dep"]
-== Elasticsearch Operator deprecation notice
-In {logging} 5.4.3 the Elasticsearch Operator is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to using the Elasticsearch Operator to manage the default log storage, you can use the Loki Operator.
-
-[id="openshift-logging-5-4-3-bug-fixes"]
-== Bug fixes
-* Before this update, the OpenShift Logging Dashboard showed the number of active primary shards instead of all active shards. With this update, the dashboard displays all active shards. (link:https://issues.redhat.com//browse/LOG-2781[LOG-2781])
-
-* Before this update, a bug in a library used by `elasticsearch-operator` contained a denial of service attack vulnerability. With this update, the library has been updated to a version that does not contain this vulnerability. (link:https://issues.redhat.com//browse/LOG-2816[LOG-2816])
-
-* Before this update, when configuring Vector to forward logs to Loki, it was not possible to set a custom bearer token or use the default token if Loki had TLS enabled. With this update, Vector can forward logs to Loki using tokens with TLS enabled. (link:https://issues.redhat.com//browse/https://issues.redhat.com//browse/LOG-2786[LOG-2786]
-
-* Before this update, the ElasticSearch Operator omitted the `referencePolicy` property of the `ImageStream` custom resource when selecting an `oauth-proxy` image. This omission caused the Kibana deployment to fail in specific environments. With this update, using `referencePolicy` resolves the issue, and the Operator can deploy Kibana successfully. (link:https://issues.redhat.com/browse/LOG-2791[LOG-2791])
-
-* Before this update, alerting rules for the `ClusterLogForwarder` custom resource did not take multiple forward outputs into account. This update resolves the issue. (link:https://issues.redhat.com/browse/LOG-2640[LOG-2640])
-
-* Before this update, clusters configured to forward logs to Amazon CloudWatch wrote rejected log files to temporary storage, causing cluster instability over time. With this update, chunk backup for CloudWatch has been disabled, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2768[LOG-2768])
-
-[id="openshift-logging-5-4-3-CVEs"]
-== CVEs
-.Click to expand CVEs
-[%collapsible]
-====
-* link:https://access.redhat.com/security/cve/CVE-2020-28915[CVE-2020-28915]
-* link:https://access.redhat.com/security/cve/CVE-2021-40528[CVE-2021-40528]
-* link:https://access.redhat.com/security/cve/CVE-2022-1271[CVE-2022-1271]
-* link:https://access.redhat.com/security/cve/CVE-2022-1621[CVE-2022-1621]
-* link:https://access.redhat.com/security/cve/CVE-2022-1629[CVE-2022-1629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22576[CVE-2022-22576]
-* link:https://access.redhat.com/security/cve/CVE-2022-25313[CVE-2022-25313]
-* link:https://access.redhat.com/security/cve/CVE-2022-25314[CVE-2022-25314]
-* link:https://access.redhat.com/security/cve/CVE-2022-26691[CVE-2022-26691]
-* link:https://access.redhat.com/security/cve/CVE-2022-27666[CVE-2022-27666]
-* link:https://access.redhat.com/security/cve/CVE-2022-27774[CVE-2022-27774]
-* link:https://access.redhat.com/security/cve/CVE-2022-27776[CVE-2022-27776]
-* link:https://access.redhat.com/security/cve/CVE-2022-27782[CVE-2022-27782]
-* link:https://access.redhat.com/security/cve/CVE-2022-29824[CVE-2022-29824]
-====
diff --git a/modules/cluster-logging-rn-5.4.4.adoc b/modules/cluster-logging-rn-5.4.4.adoc
deleted file mode 100644
index 227a47277670..000000000000
--- a/modules/cluster-logging-rn-5.4.4.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-4"]
-= Logging 5.4.4
-This release includes link:https://access.redhat.com/errata/RHBA-2022:5907[RHBA-2022:5907-OpenShift Logging Bug Fix Release 5.4.4].
-
-[id="openshift-logging-5-4-4-bug-fixes"]
-== Bug fixes
-
-* Before this update, non-latin characters displayed incorrectly in Elasticsearch. With this update, Elasticsearch displays all valid UTF-8 symbols correctly. (link:https://issues.redhat.com/browse/LOG-2794[LOG-2794])
-
-* Before this update, non-latin characters displayed incorrectly in Fluentd. With this update, Fluentd displays all valid UTF-8 symbols correctly. (link:https://issues.redhat.com/browse/LOG-2657[LOG-2657])
-
-* Before this update, the metrics server for the collector attempted to bind to the address using a value exposed by an environment value.  This change modifies the configuration to bind to any available interface. (link:https://issues.redhat.com/browse/LOG-2821[LOG-2821])
-
-* Before this update, the `cluster-logging` Operator relied on the cluster to create a secret. This cluster behavior changed in {product-title} 4.11, which caused logging deployments to fail. With this update, the `cluster-logging` Operator resolves the issue by creating the secret if needed. (link:https://issues.redhat.com/browse/LOG-2840[LOG-2840])
-
-[id="openshift-logging-5-4-4-cves"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-21540[CVE-2022-21540]
-* link:https://access.redhat.com/security/cve/CVE-2022-21541[CVE-2022-21541]
-* link:https://access.redhat.com/security/cve/CVE-2022-34169[CVE-2022-34169]
diff --git a/modules/cluster-logging-rn-5.4.5.adoc b/modules/cluster-logging-rn-5.4.5.adoc
deleted file mode 100644
index 678a4775ce8b..000000000000
--- a/modules/cluster-logging-rn-5.4.5.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-5_{context}"]
-= Logging 5.4.5
-This release includes link:https://access.redhat.com/errata/RHSA-2022:6183[RHSA-2022:6183-OpenShift Logging Bug Fix Release 5.4.5].
-
-[id="openshift-logging-5-4-5-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, the Operator did not ensure that the pod was ready, which caused the cluster to reach an inoperable state during a cluster restart. With this update, the Operator marks new pods as ready before continuing to a new pod during a restart, which resolves the issue. (link:https://issues.redhat.com/browse/LOG-2881[LOG-2881])
-
-* Before this update, the addition of multi-line error detection caused internal routing to change and forward records to the wrong destination. With this update, the internal routing is correct. (link:https://issues.redhat.com/browse/LOG-2946[LOG-2946])
-
-* Before this update, the Operator could not decode index setting JSON responses with a quoted Boolean value and would result in an error. With this update, the Operator can properly decode this JSON response. (link:https://issues.redhat.com/browse/LOG-3009[LOG-3009])
-
-* Before this update, Elasticsearch index templates defined the fields for labels with the wrong types. This change updates those templates to match the expected types forwarded by the log collector. (link:https://issues.redhat.com/browse/LOG-2972[LOG-2972])
-
-[id="openshift-logging-5-4-5-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-30631[CVE-2022-30631]
diff --git a/modules/cluster-logging-rn-5.4.6.adoc b/modules/cluster-logging-rn-5.4.6.adoc
deleted file mode 100644
index 88b38bf0a7aa..000000000000
--- a/modules/cluster-logging-rn-5.4.6.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-6_{context}"]
-= Logging 5.4.6
-This release includes link:https://access.redhat.com/errata/RHBA-2022:6558[OpenShift Logging Bug Fix Release 5.4.6].
-
-[id="openshift-logging-5-4-6-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, Fluentd would sometimes not recognize that the Kubernetes platform rotated the log file and would no longer read log messages. This update corrects that by setting the configuration parameter suggested by the upstream development team. (link:https://issues.redhat.com/browse/LOG-2792[LOG-2792])
-
-* Before this update, each rollover job created empty indices when the `ClusterLogForwarder` custom resource had JSON parsing defined. With this update, new indices are not empty. (link:https://issues.redhat.com/browse/LOG-2823[LOG-2823])
-
-* Before this update, if you deleted the Kibana Custom Resource, the {product-title} web console continued displaying a link to Kibana. With this update, removing the Kibana Custom Resource also removes that link. (link:https://issues.redhat.com/browse/LOG-3054[LOG-3054])
-
-[id="openshift-logging-5-4-6-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2015-20107[CVE-2015-20107]
-* link:https://access.redhat.com/security/cve/CVE-2022-0391[CVE-2022-0391]
-* link:https://access.redhat.com/security/cve/CVE-2022-21123[CVE-2022-21123]
-* link:https://access.redhat.com/security/cve/CVE-2022-21125[CVE-2022-21125]
-* link:https://access.redhat.com/security/cve/CVE-2022-21166[CVE-2022-21166]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
diff --git a/modules/cluster-logging-rn-5.4.7.adoc b/modules/cluster-logging-rn-5.4.7.adoc
deleted file mode 100644
index 9d65c5b935d5..000000000000
--- a/modules/cluster-logging-rn-5.4.7.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-7_{context}"]
-= Logging 5.4.7
-This release includes link:https://access.redhat.com/errata/RHBA-2022:6857[OpenShift Logging Bug Fix Release 5.4.7].
-
-[id="openshift-logging-5-4-7-bug-fixes_{context}"]
-== Bug fixes
-* (link:https://issues.redhat.com/browse/LOG-2464[LOG-2464])
-
-[id="openshift-logging-5-4-7-cves_{context}"]
-== CVEs
-(None.)
diff --git a/modules/cluster-logging-rn-5.4.8.adoc b/modules/cluster-logging-rn-5.4.8.adoc
deleted file mode 100644
index d5dcadfe1fb4..000000000000
--- a/modules/cluster-logging-rn-5.4.8.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-8_{context}"]
-= Logging 5.4.8
-This release includes link:https://access.redhat.com/errata/RHSA-2022:7435[RHSA-2022:7435-OpenShift Logging Bug Fix Release 5.4.8].
-
-[id="openshift-logging-5-4-8-bug-fixes"]
-== Bug fixes
-None.
-
-[id="openshift-logging-5-4-8-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2016-3709[CVE-2016-3709]
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2020-36518[CVE-2020-36518]
-* link:https://access.redhat.com/security/cve/CVE-2022-1304[CVE-2022-1304]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-22624[CVE-2022-22624]
-* link:https://access.redhat.com/security/cve/CVE-2022-22628[CVE-2022-22628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22629[CVE-2022-22629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22662[CVE-2022-22662]
-* link:https://access.redhat.com/security/cve/CVE-2022-26700[CVE-2022-26700]
-* link:https://access.redhat.com/security/cve/CVE-2022-26709[CVE-2022-26709]
-* link:https://access.redhat.com/security/cve/CVE-2022-26710[CVE-2022-26710]
-* link:https://access.redhat.com/security/cve/CVE-2022-26716[CVE-2022-26716]
-* link:https://access.redhat.com/security/cve/CVE-2022-26717[CVE-2022-26717]
-* link:https://access.redhat.com/security/cve/CVE-2022-26719[CVE-2022-26719]
-* link:https://access.redhat.com/security/cve/CVE-2022-30293[CVE-2022-30293]
-* link:https://access.redhat.com/security/cve/CVE-2022-32149[CVE-2022-32149]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-40674[CVE-2022-40674]
-* link:https://access.redhat.com/security/cve/CVE-2022-42003[CVE-2022-42003]
-* link:https://access.redhat.com/security/cve/CVE-2022-42004[CVE-2022-42004]
diff --git a/modules/cluster-logging-rn-5.4.9.adoc b/modules/cluster-logging-rn-5.4.9.adoc
deleted file mode 100644
index 89c6b1e57b5a..000000000000
--- a/modules/cluster-logging-rn-5.4.9.adoc
+++ /dev/null
@@ -1,85 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-4-9_{context}"]
-= Logging 5.4.9
-This release includes link:https://access.redhat.com/errata/RHBA-2022:8780[OpenShift Logging Bug Fix Release 5.4.9].
-
-[id="openshift-logging-5-4-9-bug-fixes"]
-== Bug fixes
-* Before this update, the Fluentd collector would warn of unused configuration parameters. This update removes those configuration parameters and their warning messages. (link:https://issues.redhat.com/browse/LOG-3074[LOG-3074])
-
-* Before this update, Kibana had a fixed `24h` OAuth cookie expiration time, which resulted in 401 errors in Kibana whenever the `accessTokenInactivityTimeout` field was set to a value lower than `24h`. With this update, Kibana's OAuth cookie expiration time synchronizes to the `accessTokenInactivityTimeout`, with a default value of `24h`. (link:https://issues.redhat.com/browse/LOG-3306[LOG-3306])
-
-[id="openshift-logging-5-4-9-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2016-3709[CVE-2016-3709]
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2020-36516[CVE-2020-36516]
-* link:https://access.redhat.com/security/cve/CVE-2020-36558[CVE-2020-36558]
-* link:https://access.redhat.com/security/cve/CVE-2021-3640[CVE-2021-3640]
-* link:https://access.redhat.com/security/cve/CVE-2021-30002[CVE-2021-30002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0168[CVE-2022-0168]
-* link:https://access.redhat.com/security/cve/CVE-2022-0561[CVE-2022-0561]
-* link:https://access.redhat.com/security/cve/CVE-2022-0562[CVE-2022-0562]
-* link:https://access.redhat.com/security/cve/CVE-2022-0617[CVE-2022-0617]
-* link:https://access.redhat.com/security/cve/CVE-2022-0854[CVE-2022-0854]
-* link:https://access.redhat.com/security/cve/CVE-2022-0865[CVE-2022-0865]
-* link:https://access.redhat.com/security/cve/CVE-2022-0891[CVE-2022-0891]
-* link:https://access.redhat.com/security/cve/CVE-2022-0908[CVE-2022-0908]
-* link:https://access.redhat.com/security/cve/CVE-2022-0909[CVE-2022-0909]
-* link:https://access.redhat.com/security/cve/CVE-2022-0924[CVE-2022-0924]
-* link:https://access.redhat.com/security/cve/CVE-2022-1016[CVE-2022-1016]
-* link:https://access.redhat.com/security/cve/CVE-2022-1048[CVE-2022-1048]
-* link:https://access.redhat.com/security/cve/CVE-2022-1055[CVE-2022-1055]
-* link:https://access.redhat.com/security/cve/CVE-2022-1184[CVE-2022-1184]
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1304[CVE-2022-1304]
-* link:https://access.redhat.com/security/cve/CVE-2022-1355[CVE-2022-1355]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1852[CVE-2022-1852]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2078[CVE-2022-2078]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2586[CVE-2022-2586]
-* link:https://access.redhat.com/security/cve/CVE-2022-2639[CVE-2022-2639]
-* link:https://access.redhat.com/security/cve/CVE-2022-2938[CVE-2022-2938]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-20368[CVE-2022-20368]
-* link:https://access.redhat.com/security/cve/CVE-2022-21499[CVE-2022-21499]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22624[CVE-2022-22624]
-* link:https://access.redhat.com/security/cve/CVE-2022-22628[CVE-2022-22628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22629[CVE-2022-22629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22662[CVE-2022-22662]
-* link:https://access.redhat.com/security/cve/CVE-2022-22844[CVE-2022-22844]
-* link:https://access.redhat.com/security/cve/CVE-2022-23960[CVE-2022-23960]
-* link:https://access.redhat.com/security/cve/CVE-2022-24448[CVE-2022-24448]
-* link:https://access.redhat.com/security/cve/CVE-2022-25255[CVE-2022-25255]
-* link:https://access.redhat.com/security/cve/CVE-2022-26373[CVE-2022-26373]
-* link:https://access.redhat.com/security/cve/CVE-2022-26700[CVE-2022-26700]
-* link:https://access.redhat.com/security/cve/CVE-2022-26709[CVE-2022-26709]
-* link:https://access.redhat.com/security/cve/CVE-2022-26710[CVE-2022-26710]
-* link:https://access.redhat.com/security/cve/CVE-2022-26716[CVE-2022-26716]
-* link:https://access.redhat.com/security/cve/CVE-2022-26717[CVE-2022-26717]
-* link:https://access.redhat.com/security/cve/CVE-2022-26719[CVE-2022-26719]
-* link:https://access.redhat.com/security/cve/CVE-2022-27404[CVE-2022-27404]
-* link:https://access.redhat.com/security/cve/CVE-2022-27405[CVE-2022-27405]
-* link:https://access.redhat.com/security/cve/CVE-2022-27406[CVE-2022-27406]
-* link:https://access.redhat.com/security/cve/CVE-2022-27950[CVE-2022-27950]
-* link:https://access.redhat.com/security/cve/CVE-2022-28390[CVE-2022-28390]
-* link:https://access.redhat.com/security/cve/CVE-2022-28893[CVE-2022-28893]
-* link:https://access.redhat.com/security/cve/CVE-2022-29581[CVE-2022-29581]
-* link:https://access.redhat.com/security/cve/CVE-2022-30293[CVE-2022-30293]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
-* link:https://access.redhat.com/security/cve/CVE-2022-36946[CVE-2022-36946]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-39399[CVE-2022-39399]
diff --git a/modules/cluster-logging-rn-5.5.10.adoc b/modules/cluster-logging-rn-5.5.10.adoc
deleted file mode 100644
index 0ec69d907639..000000000000
--- a/modules/cluster-logging-rn-5.5.10.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-10{context}"]
-= Logging 5.5.10
-This release includes link:https://access.redhat.com/errata/RHBA-2023:1827[OpenShift Logging Bug Fix Release 5.5.10].
-
-[id="cluster-logging-5-5-10-bug-fixes"]
-== Bug fixes
-* Before this update, the logging view plugin of the OpenShift Web Console showed only an error text when the LokiStack was not reachable. After this update the plugin shows a proper error message with details on how to fix the unreachable LokiStack. (link:https://issues.redhat.com/browse/LOG-2874[LOG-2874])
-
-[id="cluster-logging-5-5-10-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* link:https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* link:https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* link:https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* link:https://access.redhat.com/security/cve/CVE-2023-0361[CVE-2023-0361]
-* link:https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/cluster-logging-rn-5.5.2.adoc b/modules/cluster-logging-rn-5.5.2.adoc
deleted file mode 100644
index 7cab2f497647..000000000000
--- a/modules/cluster-logging-rn-5.5.2.adoc
+++ /dev/null
@@ -1,45 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-2_{context}"]
-= Logging 5.5.2
-This release includes link:https://access.redhat.com/errata/RHBA-2022:6559[OpenShift Logging Bug Fix Release 5.5.2].
-
-[id="openshift-logging-5-5-2-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, alerting rules for the Fluentd collector did not adhere to the {product-title} monitoring style guidelines. This update modifies those alerts to include the namespace label, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1823[LOG-1823])
-
-* Before this update, the index management rollover script failed to generate a new index name whenever there was more than one hyphen character in the name of the index. With this update, index names generate correctly. (link:https://issues.redhat.com/browse/LOG-2644[LOG-2644])
-
-* Before this update, the Kibana route was setting a `caCertificate` value without a certificate present. With this update, no `caCertificate` value is set. (link:https://issues.redhat.com/browse/LOG-2661[LOG-2661])
-
-* Before this update, a change in the collector dependencies caused it to issue a warning message for unused parameters. With this update, removing unused configuration parameters resolves the issue. (link:https://issues.redhat.com/browse/LOG-2859[LOG-2859])
-
-* Before this update, pods created for deployments that Loki Operator created were mistakenly scheduled on nodes with non-Linux operating systems, if such nodes were available in the cluster the Operator was running in. With this update, the Operator attaches an additional node-selector to the pod definitions which only allows scheduling the pods on Linux-based nodes. (link:https://issues.redhat.com/browse/LOG-2895[LOG-2895])
-
-* Before this update,  the OpenShift Console Logs view did not filter logs by severity due to a LogQL parser issue in the LokiStack gateway. With this update, a parser fix resolves the issue and the OpenShift Console Logs view can filter by severity. (link:https://issues.redhat.com/browse/LOG-2908[LOG-2908])
-
-* Before this update, a refactoring of the Fluentd collector plugins removed the timestamp field for events. This update restores the timestamp field, sourced from the event's received time. (link:https://issues.redhat.com/browse/LOG-2923[LOG-2923])
-
-* Before this update, absence of a `level` field in audit logs caused an error in vector logs. With this update, the addition of a `level` field in the audit log record resolves the issue. (link:https://issues.redhat.com/browse/LOG-2961[LOG-2961])
-
-* Before this update, if you deleted the Kibana Custom Resource, the {product-title} web console continued displaying a link to Kibana. With this update, removing the Kibana Custom Resource also removes that link. (link:https://issues.redhat.com/browse/LOG-3053[LOG-3053])
-
-* Before this update, each rollover job created empty indices when the `ClusterLogForwarder` custom resource had JSON parsing defined. With this update, new indices are not empty. (link:https://issues.redhat.com/browse/LOG-3063[LOG-3063])
-
-* Before this update, when the user deleted the LokiStack after an update to Loki Operator 5.5 resources originally created by Loki Operator 5.4 remained. With this update, the resources' owner-references point to the 5.5 LokiStack. (link:https://issues.redhat.com/browse/LOG-2945[LOG-2945])
-
-* Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs. (link:https://issues.redhat.com/browse/LOG-2918[LOG-2918])
-
-* Before this update, users with cluster-admin privileges were not able to properly view infrastructure and audit logs using the logging console. With this update, the authorization check has been extended to also recognize users in cluster-admin and dedicated-admin groups as admins. (link:https://issues.redhat.com/browse/LOG-2970[LOG-2970])
-
-[id="openshift-logging-5-5-2-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2015-20107[CVE-2015-20107]
-* link:https://access.redhat.com/security/cve/CVE-2022-0391[CVE-2022-0391]
-* link:https://access.redhat.com/security/cve/CVE-2022-21123[CVE-2022-21123]
-* link:https://access.redhat.com/security/cve/CVE-2022-21125[CVE-2022-21125]
-* link:https://access.redhat.com/security/cve/CVE-2022-21166[CVE-2022-21166]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
diff --git a/modules/cluster-logging-rn-5.5.3.adoc b/modules/cluster-logging-rn-5.5.3.adoc
deleted file mode 100644
index 59a9a158b01d..000000000000
--- a/modules/cluster-logging-rn-5.5.3.adoc
+++ /dev/null
@@ -1,36 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-3_{context}"]
-= Logging 5.5.3
-This release includes link:https://access.redhat.com/errata/RHBA-2022:6858[OpenShift Logging Bug Fix Release 5.5.3].
-
-[id="openshift-logging-5-5-3-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, log entries that had structured messages included the original message field, which made the entry larger. This update removes the message field for structured logs to reduce the increased size. (link:https://issues.redhat.com/browse/LOG-2759[LOG-2759])
-
-* Before this update, the collector configuration excluded logs from `collector`, `default-log-store`, and `visualization`  pods, but was unable to exclude logs archived in a `.gz` file. With this update, archived logs stored as `.gz` files of `collector`, `default-log-store`, and `visualization` pods are also excluded. (link:https://issues.redhat.com/browse/LOG-2844[LOG-2844])
-
-* Before this update, when requests to an unavailable pod were sent through the gateway, no alert would warn of the disruption. With this update, individual alerts will generate if the gateway has issues completing a write or read request. (link:https://issues.redhat.com/browse/LOG-2884[LOG-2884])
-
-* Before this update, pod metadata could be altered by fluent plugins because the values passed through the pipeline by reference. This update ensures each log message receives a copy of the pod metadata so each message processes independently. (link:https://issues.redhat.com/browse/LOG-3046[LOG-3046])
-
-* Before this update, selecting *unknown* severity in the OpenShift Console Logs view excluded logs with a `level=unknown` value. With this update, logs without level and with `level=unknown` values are visible when filtering by *unknown* severity. (link:https://issues.redhat.com/browse/LOG-3062[LOG-3062])
-
-* Before this update, log records sent to Elasticsearch had an extra field named `write-index` that contained the name of the index to which the logs needed to be sent. This field is not a part of the data model. After this update, this field is no longer sent. (link:https://issues.redhat.com/browse/LOG-3075[LOG-3075])
-
-* With the introduction of the new built-in link:https://cloud.redhat.com/blog/pod-security-admission-in-openshift-4.11[Pod Security Admission Controller], Pods not configured in accordance with the enforced security standards defined globally or on the namespace level cannot run. With this update, the Operator and collectors allow privileged execution and run without security audit warnings or errors. (link:https://issues.redhat.com/browse/LOG-3077[LOG-3077])
-
-* Before this update, the Operator removed any custom outputs defined in the `ClusterLogForwarder` custom resource when using LokiStack as the default log storage. With this update, the Operator merges custom outputs with the default outputs when processing the `ClusterLogForwarder` custom resource. (link:https://issues.redhat.com/browse/LOG-3095[LOG-3095])
-
-[id="openshift-logging-5-5-3-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2015-20107[CVE-2015-20107]
-* link:https://access.redhat.com/security/cve/CVE-2022-0391[CVE-2022-0391]
-* link:https://access.redhat.com/security/cve/CVE-2022-2526[CVE-2022-2526]
-* link:https://access.redhat.com/security/cve/CVE-2022-21123[CVE-2022-21123]
-* link:https://access.redhat.com/security/cve/CVE-2022-21125[CVE-2022-21125]
-* link:https://access.redhat.com/security/cve/CVE-2022-21166[CVE-2022-21166]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
diff --git a/modules/cluster-logging-rn-5.5.4.adoc b/modules/cluster-logging-rn-5.5.4.adoc
deleted file mode 100644
index eee627dc3237..000000000000
--- a/modules/cluster-logging-rn-5.5.4.adoc
+++ /dev/null
@@ -1,41 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-4_{context}"]
-= Logging 5.5.4
-This release includes link:https://access.redhat.com/errata/RHSA-2022:7434[RHSA-2022:7434-OpenShift Logging Bug Fix Release 5.5.4].
-
-[id="openshift-logging-5-5-4-bug-fixes"]
-== Bug fixes
-* Before this update, an error in the query parser of the logging view plugin caused parts of the logs query to disappear if the query contained curly brackets `{}`. This made the queries invalid, leading to errors being returned for valid queries. With this update, the parser correctly handles these queries. (link:https://issues.redhat.com/browse/LOG-3042[LOG-3042])
-
-* Before this update, the Operator could enter a loop of removing and recreating the collector daemonset while the Elasticsearch or Kibana deployments changed their status. With this update, a fix in the status handling of the Operator resolves the issue. (link:https://issues.redhat.com/browse/LOG-3049[LOG-3049])
-
-* Before this update, no alerts were implemented to support the collector implementation of Vector. This change adds Vector alerts and deploys separate alerts, depending upon the chosen collector implementation. (link:https://issues.redhat.com/browse/LOG-3127[LOG-3127])
-
-* Before this update, the secret creation component of the Elasticsearch Operator modified internal secrets constantly. With this update, the existing secret is properly handled. (link:https://issues.redhat.com/browse/LOG-3138[LOG-3138])
-
-* Before this update, a prior refactoring of the logging `must-gather` scripts removed the expected location for the artifacts. This update reverts that change to write artifacts to the `/must-gather` folder. (link:https://issues.redhat.com/browse/LOG-3213[LOG-3213])
-
-* Before this update, on certain clusters, the Prometheus exporter would bind on IPv4 instead of IPv6. After this update, Fluentd detects the IP version and binds to `0.0.0.0` for IPv4 or `[::]` for IPv6. (link:https://issues.redhat.com/browse/LOG-3162[LOG-3162])
-
-[id="openshift-logging-5-5-4-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2022-0494[CVE-2022-0494]
-* link:https://access.redhat.com/security/cve/CVE-2022-1353[CVE-2022-1353]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2588[CVE-2022-2588]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-23816[CVE-2022-23816]
-* link:https://access.redhat.com/security/cve/CVE-2022-23825[CVE-2022-23825]
-* link:https://access.redhat.com/security/cve/CVE-2022-29900[CVE-2022-29900]
-* link:https://access.redhat.com/security/cve/CVE-2022-29901[CVE-2022-29901]
-* link:https://access.redhat.com/security/cve/CVE-2022-32149[CVE-2022-32149]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-40674[CVE-2022-40674]
diff --git a/modules/cluster-logging-rn-5.5.5.adoc b/modules/cluster-logging-rn-5.5.5.adoc
deleted file mode 100644
index e7314fb41822..000000000000
--- a/modules/cluster-logging-rn-5.5.5.adoc
+++ /dev/null
@@ -1,93 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-5_{context}"]
-= Logging 5.5.5
-This release includes link:https://access.redhat.com/errata/RHSA-2022:8781[OpenShift Logging Bug Fix Release 5.5.5].
-
-[id="openshift-logging-5-5-5-bug-fixes"]
-== Bug fixes
-* Before this update, Kibana had a fixed `24h` OAuth cookie expiration time, which resulted in 401 errors in Kibana whenever the `accessTokenInactivityTimeout` field was set to a value lower than `24h`. With this update, Kibana's OAuth cookie expiration time synchronizes to the `accessTokenInactivityTimeout`, with a default value of `24h`. (link:https://issues.redhat.com/browse/LOG-3305[LOG-3305])
-
-* Before this update, Vector parsed the message field when JSON  parsing was enabled without also defining `structuredTypeKey` or `structuredTypeName` values. With this update, a value is required for either  `structuredTypeKey` or `structuredTypeName` when writing structured logs to Elasticsearch. (link:https://issues.redhat.com/browse/LOG-3284[LOG-3284])
-
-* Before this update, the `FluentdQueueLengthIncreasing` alert could fail to fire when there was a cardinality issue with the set of labels returned from this alert expression. This update reduces labels to only include those required for the alert. (https://issues.redhat.com/browse/LOG-3226[LOG-3226])
-
-* Before this update, Loki did not have support to reach an external storage in a disconnected cluster. With this update,  proxy environment variables and proxy trusted CA bundles are included in the container image to support these connections. (link:https://issues.redhat.com/browse/LOG-2860[LOG-2860])
-
-* Before this update, {product-title} web console users could not choose the `ConfigMap` object that includes the CA certificate for Loki, causing pods to operate without the CA. With this update, web console users can select the config map, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3310[LOG-3310])
-
-* Before this update, the CA key was used as volume name for mounting the CA into Loki, causing error states when the CA Key included non-conforming characters (such as dots). With this update, the volume name is standardized to an internal string which resolves the issue. (link:https://issues.redhat.com/browse/LOG-3332[LOG-3332])
-
-[id="openshift-logging-5-5-5-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2016-3709[CVE-2016-3709]
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2020-36516[CVE-2020-36516]
-* link:https://access.redhat.com/security/cve/CVE-2020-36558[CVE-2020-36558]
-* link:https://access.redhat.com/security/cve/CVE-2021-3640[CVE-2021-3640]
-* link:https://access.redhat.com/security/cve/CVE-2021-30002[CVE-2021-30002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0168[CVE-2022-0168]
-* link:https://access.redhat.com/security/cve/CVE-2022-0561[CVE-2022-0561]
-* link:https://access.redhat.com/security/cve/CVE-2022-0562[CVE-2022-0562]
-* link:https://access.redhat.com/security/cve/CVE-2022-0617[CVE-2022-0617]
-* link:https://access.redhat.com/security/cve/CVE-2022-0854[CVE-2022-0854]
-* link:https://access.redhat.com/security/cve/CVE-2022-0865[CVE-2022-0865]
-* link:https://access.redhat.com/security/cve/CVE-2022-0891[CVE-2022-0891]
-* link:https://access.redhat.com/security/cve/CVE-2022-0908[CVE-2022-0908]
-* link:https://access.redhat.com/security/cve/CVE-2022-0909[CVE-2022-0909]
-* link:https://access.redhat.com/security/cve/CVE-2022-0924[CVE-2022-0924]
-* link:https://access.redhat.com/security/cve/CVE-2022-1016[CVE-2022-1016]
-* link:https://access.redhat.com/security/cve/CVE-2022-1048[CVE-2022-1048]
-* link:https://access.redhat.com/security/cve/CVE-2022-1055[CVE-2022-1055]
-* link:https://access.redhat.com/security/cve/CVE-2022-1184[CVE-2022-1184]
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1304[CVE-2022-1304]
-* link:https://access.redhat.com/security/cve/CVE-2022-1355[CVE-2022-1355]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1852[CVE-2022-1852]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2078[CVE-2022-2078]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2586[CVE-2022-2586]
-* link:https://access.redhat.com/security/cve/CVE-2022-2639[CVE-2022-2639]
-* link:https://access.redhat.com/security/cve/CVE-2022-2938[CVE-2022-2938]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-20368[CVE-2022-20368]
-* link:https://access.redhat.com/security/cve/CVE-2022-21499[CVE-2022-21499]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22624[CVE-2022-22624]
-* link:https://access.redhat.com/security/cve/CVE-2022-22628[CVE-2022-22628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22629[CVE-2022-22629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22662[CVE-2022-22662]
-* link:https://access.redhat.com/security/cve/CVE-2022-22844[CVE-2022-22844]
-* link:https://access.redhat.com/security/cve/CVE-2022-23960[CVE-2022-23960]
-* link:https://access.redhat.com/security/cve/CVE-2022-24448[CVE-2022-24448]
-* link:https://access.redhat.com/security/cve/CVE-2022-25255[CVE-2022-25255]
-* link:https://access.redhat.com/security/cve/CVE-2022-26373[CVE-2022-26373]
-* link:https://access.redhat.com/security/cve/CVE-2022-26700[CVE-2022-26700]
-* link:https://access.redhat.com/security/cve/CVE-2022-26709[CVE-2022-26709]
-* link:https://access.redhat.com/security/cve/CVE-2022-26710[CVE-2022-26710]
-* link:https://access.redhat.com/security/cve/CVE-2022-26716[CVE-2022-26716]
-* link:https://access.redhat.com/security/cve/CVE-2022-26717[CVE-2022-26717]
-* link:https://access.redhat.com/security/cve/CVE-2022-26719[CVE-2022-26719]
-* link:https://access.redhat.com/security/cve/CVE-2022-27404[CVE-2022-27404]
-* link:https://access.redhat.com/security/cve/CVE-2022-27405[CVE-2022-27405]
-* link:https://access.redhat.com/security/cve/CVE-2022-27406[CVE-2022-27406]
-* link:https://access.redhat.com/security/cve/CVE-2022-27950[CVE-2022-27950]
-* link:https://access.redhat.com/security/cve/CVE-2022-28390[CVE-2022-28390]
-* link:https://access.redhat.com/security/cve/CVE-2022-28893[CVE-2022-28893]
-* link:https://access.redhat.com/security/cve/CVE-2022-29581[CVE-2022-29581]
-* link:https://access.redhat.com/security/cve/CVE-2022-30293[CVE-2022-30293]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
-* link:https://access.redhat.com/security/cve/CVE-2022-36946[CVE-2022-36946]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-39399[CVE-2022-39399]
diff --git a/modules/cluster-logging-rn-5.5.6.adoc b/modules/cluster-logging-rn-5.5.6.adoc
deleted file mode 100644
index 9e904588c6a9..000000000000
--- a/modules/cluster-logging-rn-5.5.6.adoc
+++ /dev/null
@@ -1,49 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-6_{context}"]
-= Logging 5.5.6
-This release includes link:https://access.redhat.com/errata/RHBA-2023:0386[OpenShift Logging Bug Fix Release 5.5.6].
-
-[id="openshift-logging-5-5-6-bug-fixes"]
-== Bug fixes
-* Before this update, the Pod Security admission controller added the label `podSecurityLabelSync = true` to the `openshift-logging` namespace. This resulted in our specified security labels being overwritten, and as a result Collector pods would not start. With this update, the label `podSecurityLabelSync = false` preserves security labels. Collector pods deploy as expected. (link:https://issues.redhat.com/browse/LOG-3340[LOG-3340])
-
-* Before this update, the Operator installed the console view plugin, even when it was not enabled on the cluster. This caused the Operator to crash. With this update, if an account for a cluster does not have the console view enabled, the Operator functions normally and does not install the console view. (link:https://issues.redhat.com/browse/LOG-3407[LOG-3407])
-
-* Before this update, a prior fix to support a regression where the status of the Elasticsearch deployment was not being updated caused the Operator to crash unless the `Red Hat Elasticsearch Operator` was deployed. With this update, that fix has been reverted so the Operator is now stable but re-introduces the previous issue related to the reported status. (link:https://issues.redhat.com/browse/LOG-3428[LOG-3428])
-
-* Before this update, the Loki Operator only deployed one replica of the LokiStack gateway regardless of the chosen stack size. With this update, the number of replicas is correctly configured according to the selected size. (link:https://issues.redhat.com/browse/LOG-3478[LOG-3478])
-
-* Before this update, records written to Elasticsearch would fail if multiple label keys had the same prefix and some keys included dots. With this update, underscores replace dots in label keys, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3341[LOG-3341])
-
-* Before this update, the logging view plugin contained an incompatible feature for certain versions of {product-title}. With this update, the correct release stream of the plugin resolves the issue. (link:https://issues.redhat.com/browse/LOG-3467[LOG-3467])
-
-* Before this update, the reconciliation of the `ClusterLogForwarder` custom resource would incorrectly report a degraded status of one or more pipelines causing the collector pods to restart every 8-10 seconds. With this update, reconciliation of the `ClusterLogForwarder` custom resource processes correctly, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3469[LOG-3469])
-
-* Before this change the spec for the `outputDefaults` field of the ClusterLogForwarder custom resource would apply the settings to every declared Elasticsearch output type. This change corrects the behavior to match the enhancement specification where the setting specifically applies to the default managed Elasticsearch store. (link:https://issues.redhat.com/browse/LOG-3342[LOG-3342])
-
-* Before this update, the OpenShift CLI (oc) `must-gather` script did not complete because the OpenShift CLI (oc) needs a folder with write permission to build its cache. With this update, the OpenShift CLI (oc) has write permissions to a folder, and the `must-gather` script completes successfully. (link:https://issues.redhat.com/browse/LOG-3472[LOG-3472])
-
-* Before this update, the Loki Operator webhook server caused TLS errors. With this update, the Loki Operator webhook PKI is managed by the Operator Lifecycle Manager's dynamic webhook management resolving the issue. (link:https://issues.redhat.com/browse/LOG-3511[LOG-3511])
-
-[id="openshift-logging-5-5-6-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* link:https://access.redhat.com/security/cve/CVE-2022-2056[CVE-2022-2056]
-* link:https://access.redhat.com/security/cve/CVE-2022-2057[CVE-2022-2057]
-* link:https://access.redhat.com/security/cve/CVE-2022-2058[CVE-2022-2058]
-* link:https://access.redhat.com/security/cve/CVE-2022-2519[CVE-2022-2519]
-* link:https://access.redhat.com/security/cve/CVE-2022-2520[CVE-2022-2520]
-* link:https://access.redhat.com/security/cve/CVE-2022-2521[CVE-2022-2521]
-* link:https://access.redhat.com/security/cve/CVE-2022-2867[CVE-2022-2867]
-* link:https://access.redhat.com/security/cve/CVE-2022-2868[CVE-2022-2868]
-* link:https://access.redhat.com/security/cve/CVE-2022-2869[CVE-2022-2869]
-* link:https://access.redhat.com/security/cve/CVE-2022-2953[CVE-2022-2953]
-* link:https://access.redhat.com/security/cve/CVE-2022-2964[CVE-2022-2964]
-* link:https://access.redhat.com/security/cve/CVE-2022-4139[CVE-2022-4139]
-* link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/cluster-logging-rn-5.5.7.adoc b/modules/cluster-logging-rn-5.5.7.adoc
deleted file mode 100644
index c8e7b84eba7c..000000000000
--- a/modules/cluster-logging-rn-5.5.7.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-7_{context}"]
-= Logging 5.5.7
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0633[OpenShift Logging Bug Fix Release 5.5.7].
-
-[id="openshift-logging-5-5-7-bug-fixes"]
-== Bug fixes
-* Before this update, the LokiStack Gateway Labels Enforcer generated parsing errors for valid LogQL queries when using combined label filters with boolean expressions. With this update, the LokiStack LogQL implementation supports label filters with boolean expression and resolves the issue. (link:https://issues.redhat.com/browse/LOG-3534[LOG-3534])
-
-* Before this update, the `ClusterLogForwarder` custom resource (CR) did not pass TLS credentials for syslog output to Fluentd, resulting in errors during forwarding. With this update, credentials pass correctly to Fluentd, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3533[LOG-3533])
-
-[id="openshift-logging-5-5-7-CVEs"]
-== CVEs
-link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-link:https://access.redhat.com/security/cve/CVE-2022-3821[CVE-2022-3821]
-link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/cluster-logging-rn-5.5.8.adoc b/modules/cluster-logging-rn-5.5.8.adoc
deleted file mode 100644
index b9062d4d0750..000000000000
--- a/modules/cluster-logging-rn-5.5.8.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-8_{context}"]
-= Logging 5.5.8
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0930[OpenShift Logging Bug Fix Release 5.5.8].
-
-[id="openshift-logging-5-5-8-bug-fixes"]
-== Bug fixes
-* Before this update, the `priority` field was missing from `systemd` logs due to an error in how the collector set `level` fields. With this update, these fields are set correctly, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3630[LOG-3630])
-
-[id="openshift-logging-5-5-8-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-10735[CVE-2020-10735]
-* link:https://access.redhat.com/security/cve/CVE-2021-28861[CVE-2021-28861]
-* link:https://access.redhat.com/security/cve/CVE-2022-2873[CVE-2022-2873]
-* link:https://access.redhat.com/security/cve/CVE-2022-4415[CVE-2022-4415]
-* link:https://access.redhat.com/security/cve/CVE-2022-24999[CVE-2022-24999]
-* link:https://access.redhat.com/security/cve/CVE-2022-40897[CVE-2022-40897]
-* link:https://access.redhat.com/security/cve/CVE-2022-41222[CVE-2022-41222]
-* link:https://access.redhat.com/security/cve/CVE-2022-41717[CVE-2022-41717]
-* link:https://access.redhat.com/security/cve/CVE-2022-43945[CVE-2022-43945]
-* link:https://access.redhat.com/security/cve/CVE-2022-45061[CVE-2022-45061]
-* link:https://access.redhat.com/security/cve/CVE-2022-48303[CVE-2022-48303]
diff --git a/modules/cluster-logging-rn-5.5.9.adoc b/modules/cluster-logging-rn-5.5.9.adoc
deleted file mode 100644
index 61c30f80324a..000000000000
--- a/modules/cluster-logging-rn-5.5.9.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-5-9_{context}"]
-= Logging 5.5.9
-This release includes link:https://access.redhat.com/errata/RHSA-2023:1310[OpenShift Logging Bug Fix Release 5.5.9].
-
-[id="openshift-logging-5-5-9-bug-fixes"]
-== Bug fixes
-* Before this update, a problem with the Fluentd collector caused it to not capture OAuth login events stored in `/var/log/auth-server/audit.log`. This led to incomplete collection of login events from the OAuth service. With this update, the Fluentd collector now resolves this issue by capturing all login events from the OAuth service, including those stored in `/var/log/auth-server/audit.log`, as expected.(link:https://issues.redhat.com/browse/LOG-3730[LOG-3730])
-
-* Before this update, when structured parsing was enabled and messages were forwarded to multiple destinations, they were not deep copied. This resulted in some of the received logs including the structured message, while others did not. With this update, the configuration generation has been modified to deep copy messages before JSON parsing. As a result, all received logs now have structured messages included, even when they are forwarded to multiple destinations.(link:https://issues.redhat.com/browse/LOG-3767[LOG-3767])
-
-[id="openshift-logging-5-5-9-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* link:https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* link:https://access.redhat.com/security/cve/CVE-2022-41717[CVE-2022-41717]
-* link:https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* link:https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* link:https://access.redhat.com/security/cve/CVE-2023-0767[CVE-2023-0767]
-* link:https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/cluster-logging-rn-5.5.adoc b/modules/cluster-logging-rn-5.5.adoc
deleted file mode 100644
index 47a81edfe948..000000000000
--- a/modules/cluster-logging-rn-5.5.adoc
+++ /dev/null
@@ -1,49 +0,0 @@
-// Module included in the following assemblies:
-//cluster-logging-release-notes
-[id="cluster-logging-release-notes-5-5-0"]
-= Logging 5.5
-The following advisories are available for Logging 5.5:link:https://access.redhat.com/errata/RHSA-2022:6051[Release 5.5]
-
-[id="openshift-logging-5-5-0-enhancements"]
-== Enhancements
-* With this update, you can forward structured logs from different containers within the same pod to different indices. To use this feature, you must configure the pipeline with multi-container support and annotate the pods. (link:https://issues.redhat.com/browse/LOG-1296[LOG-1296])
-
-[IMPORTANT]
-====
-JSON formatting of logs varies by application. Because creating too many indices impacts performance, limit your use of this feature to creating indices for logs that have incompatible JSON formats. Use queries to separate logs from different namespaces, or applications with compatible JSON formats.
-====
-
-* With this update, you can filter logs with Elasticsearch outputs by using the Kubernetes common labels, `app.kubernetes.io/component`, `app.kubernetes.io/managed-by`, `app.kubernetes.io/part-of`, and `app.kubernetes.io/version`. Non-Elasticsearch output types can use all labels included in `kubernetes.labels`. (link:https://issues.redhat.com/browse/LOG-2388[LOG-2388])
-
-* With this update, clusters with AWS Security Token Service (STS) enabled may use STS authentication to forward logs to Amazon CloudWatch. (link:https://issues.redhat.com/browse/LOG-1976[LOG-1976])
-
-* With this update, the 'Loki Operator' Operator and Vector collector move from Technical Preview to General Availability. Full feature parity with prior releases are pending, and some APIs remain Technical Previews. See the *Logging with the LokiStack* section for details.
-
-[id="openshift-logging-5-5-0-bug-fixes"]
-== Bug fixes
-* Before this update, clusters configured to forward logs to Amazon CloudWatch wrote rejected log files to temporary storage, causing cluster instability over time. With this update, chunk backup for all storage options has been disabled, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2746[LOG-2746])
-
-* Before this update, the Operator was using versions of some APIs that are deprecated and planned for removal in future versions of {product-title}. This update moves dependencies to the supported API versions. (link:https://issues.redhat.com/browse/LOG-2656[LOG-2656])
-
-Before this update, the Operator was using versions of some APIs that are deprecated and planned for removal in future versions of {product-title}. This update moves dependencies to the supported API versions. (link:https://issues.redhat.com/browse/LOG-2656[LOG-2656])
-
-* Before this update, multiple `ClusterLogForwarder` pipelines configured for multiline error detection caused the collector to go into a `crashloopbackoff` error state. This update fixes the issue where multiple configuration sections had the same unique ID. (link:https://issues.redhat.com/browse/LOG-2241[LOG-2241])
-
-* Before this update, the collector could not save non UTF-8 symbols to the Elasticsearch storage logs. With this update the collector encodes non UTF-8 symbols, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2203[LOG-2203])
-
-* Before this update, non-latin characters displayed incorrectly in Kibana. With this update, Kibana displays all valid UTF-8 symbols correctly. (link:https://issues.redhat.com/browse/LOG-2784[LOG-2784])
-
-== CVEs
-[id="openshift-logging-5-5-0-CVEs"]
-* link:https://access.redhat.com/security/cve/CVE-2021-38561[CVE-2021-38561]
-* link:https://access.redhat.com/security/cve/CVE-2022-1012[CVE-2022-1012]
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* link:https://access.redhat.com/security/cve/CVE-2022-30631[CVE-2022-30631]
-* link:https://access.redhat.com/security/cve/CVE-2022-32250[CVE-2022-32250]
diff --git a/modules/cluster-logging-rn-5.6.1.adoc b/modules/cluster-logging-rn-5.6.1.adoc
deleted file mode 100644
index 40a28ff3b4f3..000000000000
--- a/modules/cluster-logging-rn-5.6.1.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-6-1_{context}"]
-= Logging 5.6.1
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0634[OpenShift Logging Bug Fix Release 5.6.1].
-
-[id="openshift-logging-5-6-1-bug-fixes"]
-== Bug fixes
-* Before this update, the compactor would report TLS certificate errors from communications with the querier when retention was active. With this update, the compactor and querier no longer communicate erroneously over HTTP. (link:https://issues.redhat.com/browse/LOG-3494[LOG-3494])
-
-* Before this update, the Loki Operator would not retry setting the status of the `LokiStack` CR, which caused stale status information. With this update, the Operator retries status information updates on conflict. (link:https://issues.redhat.com/browse/LOG-3496[LOG-3496])
-
-* Before this update, the Loki Operator Webhook server caused TLS errors when the `kube-apiserver-operator` Operator checked the webhook validity. With this update, the Loki Operator Webhook PKI is managed by the Operator Lifecycle Manager (OLM), resolving the issue. (link:https://issues.redhat.com/browse/LOG-3510[LOG-3510])
-
-* Before this update, the LokiStack Gateway Labels Enforcer generated parsing errors for valid LogQL queries when using combined label filters with boolean expressions. With this update, the LokiStack LogQL implementation supports label filters with boolean expression and resolves the issue. (link:https://issues.redhat.com/browse/LOG-3441[LOG-3441]), (link:https://issues.redhat.com/browse/LOG-3397[LOG-3397])
-
-* Before this update, records written to Elasticsearch would fail if multiple label keys had the same prefix and some keys included dots. With this update, underscores replace dots in label keys, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3463[LOG-3463])
-
-* Before this update, the `Red Hat OpenShift Logging` Operator was not available for {product-title} 4.10 clusters because of an incompatibility between {product-title} console and the logging-view-plugin.  With this update, the plugin is properly integrated with the {product-title} 4.10 admin console. (link:https://issues.redhat.com/browse/LOG-3447[LOG-3447])
-
-* Before this update the reconciliation of the `ClusterLogForwarder` custom resource would incorrectly report a degraded status of pipelines that reference the default logstore. With this update, the pipeline validates properly.(link:https://issues.redhat.com/browse/LOG-3477[LOG-3477])
-
-
-[id="openshift-logging-5-6-1-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* link:https://access.redhat.com/security/cve/CVE-2022-3821[CVE-2022-3821]
-* link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
-* link:https://access.redhat.com/security/cve/CVE-2021-35065[CVE-2021-35065]
-* link:https://access.redhat.com/security/cve/CVE-2022-46175[CVE-2022-46175]
diff --git a/modules/cluster-logging-rn-5.6.2.adoc b/modules/cluster-logging-rn-5.6.2.adoc
deleted file mode 100644
index 541faf0a0b82..000000000000
--- a/modules/cluster-logging-rn-5.6.2.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-6-2_{context}"]
-= Logging 5.6.2
-This release includes link:https://access.redhat.com/errata/RHBA-2023:0793[OpenShift Logging Bug Fix Release 5.6.2].
-
-[id="openshift-logging-5-6-2-bug-fixes"]
-== Bug fixes
-* Before this update, the collector did not set `level` fields correctly based on priority for systemd logs. With this update, `level` fields are set correctly. (link:https://issues.redhat.com/browse/LOG-3429[LOG-3429])
-
-* Before this update, the Operator incorrectly generated incompatibility warnings on  {product-title} 4.12 or later. With this update, the Operator max {product-title} version value has been corrected, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3584[LOG-3584])
-
-* Before this update, creating a `ClusterLogForwarder` custom resource (CR) with an output value of `default` did not generate any errors. With this update, an error warning that this value is invalid generates appropriately. (link:https://issues.redhat.com/browse/LOG-3437[LOG-3437])
-
-* Before this update, when the `ClusterLogForwarder` custom resource (CR) had multiple pipelines configured with one output set as `default`, the collector pods restarted. With this update, the logic for output validation has been corrected, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3559[LOG-3559])
-
-* Before this update, collector pods restarted after being created. With this update, the deployed collector does not restart on its own. (link:https://issues.redhat.com/browse/LOG-3608[LOG-3608])
-
-* Before this update, patch releases removed previous versions of the Operators from the catalog. This made installing the old versions impossible. This update changes bundle configurations so that previous releases of the same minor version stay in the catalog. (link:https://issues.redhat.com/browse/LOG-3635[LOG-3635])
-
-[id="openshift-logging-5-6-2-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-23521[CVE-2022-23521]
-* link:https://access.redhat.com/security/cve/CVE-2022-40303[CVE-2022-40303]
-* link:https://access.redhat.com/security/cve/CVE-2022-40304[CVE-2022-40304]
-* link:https://access.redhat.com/security/cve/CVE-2022-41903[CVE-2022-41903]
-* link:https://access.redhat.com/security/cve/CVE-2022-47629[CVE-2022-47629]
-* link:https://access.redhat.com/security/cve/CVE-2023-21835[CVE-2023-21835]
-* link:https://access.redhat.com/security/cve/CVE-2023-21843[CVE-2023-21843]
diff --git a/modules/cluster-logging-rn-5.6.3.adoc b/modules/cluster-logging-rn-5.6.3.adoc
deleted file mode 100644
index 226c1059e7b7..000000000000
--- a/modules/cluster-logging-rn-5.6.3.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-6-3_{context}"]
-= Logging 5.6.3
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0932[OpenShift Logging Bug Fix Release 5.6.3].
-
-[id="openshift-logging-5-6-3-bug-fixes"]
-== Bug fixes
-* Before this update, the operator stored gateway tenant secret information in a config map. With this update, the operator stores this information in a secret. (link:https://issues.redhat.com/browse/LOG-3717[LOG-3717])
-
-* Before this update, the Fluentd collector did not capture OAuth login events stored in `/var/log/auth-server/audit.log`. With this update, Fluentd captures these OAuth login events, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3729[LOG-3729])
-
-[id="openshift-logging-5-6-3-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-10735[CVE-2020-10735]
-* link:https://access.redhat.com/security/cve/CVE-2021-28861[CVE-2021-28861]
-* link:https://access.redhat.com/security/cve/CVE-2022-2873[CVE-2022-2873]
-* link:https://access.redhat.com/security/cve/CVE-2022-4415[CVE-2022-4415]
-* link:https://access.redhat.com/security/cve/CVE-2022-40897[CVE-2022-40897]
-* link:https://access.redhat.com/security/cve/CVE-2022-41222[CVE-2022-41222]
-* link:https://access.redhat.com/security/cve/CVE-2022-43945[CVE-2022-43945]
-* link:https://access.redhat.com/security/cve/CVE-2022-45061[CVE-2022-45061]
-* link:https://access.redhat.com/security/cve/CVE-2022-48303[CVE-2022-48303]
diff --git a/modules/cluster-logging-rn-5.6.4.adoc b/modules/cluster-logging-rn-5.6.4.adoc
deleted file mode 100644
index 9e2cf339fa63..000000000000
--- a/modules/cluster-logging-rn-5.6.4.adoc
+++ /dev/null
@@ -1,34 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="cluster-logging-release-notes-5-6-4_{context}"]
-= Logging 5.6.4
-This release includes link:https://access.redhat.com/errata/RHBA-2023:1311[OpenShift Logging Bug Fix Release 5.6.4].
-
-[id="openshift-logging-5-6-4-bug-fixes"]
-== Bug fixes
-* Before this update, when LokiStack was deployed as the log store, the logs generated by Loki pods were collected and sent to LokiStack. With this update, the logs generated by Loki are excluded from collection and will not be stored. (link:https://issues.redhat.com/browse/LOG-3280[LOG-3280])
-
-* Before this update, when the query editor on the Logs page of the OpenShift Web Console was empty, the drop-down menus did not populate. With this update, if an empty query is attempted, an error message is displayed and the drop-down menus now populate as expected. (link:https://issues.redhat.com/browse/LOG-3454[LOG-3454])
-
-* Before this update, when the `tls.insecureSkipVerify` option was set to `true`, the Cluster Logging Operator would generate incorrect configuration. As a result, the operator would fail to send data to Elasticsearch when attempting to skip certificate validation. With this update, the Cluster Logging Operator generates the correct TLS configuration even when `tls.insecureSkipVerify` is enabled. As a result, data can be sent successfully to Elasticsearch even when attempting to skip certificate validation. (link:https://issues.redhat.com/browse/LOG-3475[LOG-3475])
-
-* Before this update, when structured parsing was enabled and messages were forwarded to multiple destinations, they were not deep copied. This resulted in some of the received logs including the structured message, while others did not. With this update, the configuration generation has been modified to deep copy messages before JSON parsing. As a result, all received messages now have structured messages included, even when they are forwarded to multiple destinations. (link:https://issues.redhat.com/browse/LOG-3640[LOG-3640])
-
-* Before this update, if the `collection` field contained `{}` it could result in the Operator crashing. With this update, the Operator will ignore this value, allowing the operator to continue running smoothly without interruption. (link:https://issues.redhat.com/browse/LOG-3733[LOG-3733])
-
-* Before this update, the `nodeSelector` attribute for the Gateway component of LokiStack did not have any effect. With this update, the `nodeSelector` attribute functions as expected. (link:https://issues.redhat.com/browse/LOG-3783[LOG-3783])
-
-* Before this update, the static LokiStack memberlist configuration relied solely on private IP networks. As a result, when the {product-title} cluster pod network was configured with a public IP range, the LokiStack pods would crashloop. With this update, the LokiStack administrator now has the option to use the pod network for the memberlist configuration. This resolves the issue and prevents the LokiStack pods from entering a crashloop state when the {product-title} cluster pod network is configured with a public IP range. (link:https://issues.redhat.com/browse/LOG-3814[LOG-3814])
-
-* Before this update, if the `tls.insecureSkipVerify` field was set to `true`, the Cluster Logging Operator would generate an incorrect configuration. As a result, the Operator would fail to send data to Elasticsearch when attempting to skip certificate validation. With this update, the Operator generates the correct TLS configuration even when `tls.insecureSkipVerify` is enabled. As a result, data can be sent successfully to Elasticsearch even when attempting to skip certificate validation. (link:https://issues.redhat.com/browse/LOG-3838[LOG-3838])
-
-* Before this update, if the Cluster Logging Operator (CLO) was installed without the Elasticsearch Operator, the CLO pod would continuously display an error message related to the deletion of Elasticsearch. With this update, the CLO now performs additional checks before displaying any error messages. As a result, error messages related to Elasticsearch deletion are no longer displayed in the absence of the Elasticsearch Operator.(link:https://issues.redhat.com/browse/LOG-3763[LOG-3763])
-
-[id="openshift-logging-5-6-4-CVEs"]
-== CVEs
-* https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* https://access.redhat.com/security/cve/CVE-2023-0767[CVE-2023-0767]
-* https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/cluster-logging-rn-5.6.5.adoc b/modules/cluster-logging-rn-5.6.5.adoc
deleted file mode 100644
index e8c52a5ed062..000000000000
--- a/modules/cluster-logging-rn-5.6.5.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:content-type: REFERENCE
-[id="cluster-logging-release-notes-5-6-5{context}"]
-= Logging 5.6.5
-This release includes link:https://access.redhat.com/errata/RHSA-2023:1953[OpenShift Logging Bug Fix Release 5.6.5].
-
-[id="openshift-logging-5-6-5-bug-fixes"]
-== Bug fixes
-* Before this update, the template definitions prevented Elasticsearch from indexing some labels and namespace_labels, causing issues with data ingestion. With this update, the fix replaces dots and slashes in labels to ensure proper ingestion, effectively resolving the issue. (link:https://issues.redhat.com/browse/LOG-3419[LOG-3419])
-
-* Before this update, if the Logs page of the OpenShift Web Console failed to connect to the LokiStack, a generic error message was displayed, providing no additional context or troubleshooting suggestions. With this update, the error message has been enhanced to include more specific details and recommendations for troubleshooting. (link:https://issues.redhat.com/browse/LOG-3750[LOG-3750])
-
-* Before this update, time range formats were not validated, leading to errors selecting a custom date range. With this update, time formats are now validated, enabling users to select a valid range. If an invalid time range format is selected, an error message is displayed to the user. (link:https://issues.redhat.com/browse/LOG-3583[LOG-3583])
-
-* Before this update, when searching logs in Loki, even if the length of an expression did not exceed 5120 characters, the query would fail in many cases. With this update, query authorization label matchers have been optimized, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3480[LOG-3480])
-
-* Before this update, the Loki Operator failed to produce a memberlist configuration that was sufficient for locating all the components when using a memberlist for private IPs. With this update, the fix ensures that the generated configuration includes the advertised port, allowing for successful lookup of all components. (link:https://issues.redhat.com/browse/LOG-4008[LOG-4008])
-
-[id="openshift-logging-5-6-5-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4269[CVE-2022-4269]
-* link:https://access.redhat.com/security/cve/CVE-2022-4378[CVE-2022-4378]
-* link:https://access.redhat.com/security/cve/CVE-2023-0266[CVE-2023-0266]
-* link:https://access.redhat.com/security/cve/CVE-2023-0361[CVE-2023-0361]
-* link:https://access.redhat.com/security/cve/CVE-2023-0386[CVE-2023-0386]
-* link:https://access.redhat.com/security/cve/CVE-2023-27539[CVE-2023-27539]
-* link:https://access.redhat.com/security/cve/CVE-2023-28120[CVE-2023-28120]
diff --git a/modules/cluster-logging-rn-5.6.adoc b/modules/cluster-logging-rn-5.6.adoc
deleted file mode 100644
index 423d87804a18..000000000000
--- a/modules/cluster-logging-rn-5.6.adoc
+++ /dev/null
@@ -1,85 +0,0 @@
-//included in cluster-logging-release-notes.adoc
-:_content-type: ASSEMBLY
-[id="cluster-logging-release-notes-5-6_{context}"]
-= Logging 5.6
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0264[OpenShift Logging Release 5.6].
-
-[id="openshift-logging-5-6-dep-notice_{context}"]
-== Deprecation notice
-In Logging 5.6, Fluentd is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to fluentd, you can use Vector instead.
-
-[id="openshift-logging-5-6-enhancements_{context}"]
-== Enhancements
-* With this update, Logging is compliant with {product-title} cluster-wide cryptographic policies.
- (link:https://issues.redhat.com/browse/LOG-895[LOG-895])
-
-* With this update, you can declare per-tenant, per-stream, and global policies retention policies through the LokiStack custom resource, ordered by priority. (link:https://issues.redhat.com/browse/LOG-2695[LOG-2695])
-
-* With this update, Splunk is an available output option for log forwarding. (link:https://issues.redhat.com/browse/LOG-2913[LOG-2913])
-
-* With this update, Vector replaces Fluentd as the default Collector. (link:https://issues.redhat.com/browse/LOG-2222[LOG-2222])
-
-* With this update, the *Developer* role can access the per-project workload logs they are assigned to within the Log Console Plugin on clusters running {product-title} 4.11 and higher. (link:https://issues.redhat.com/browse/LOG-3388[LOG-3388])
-
-* With this update, logs from any source contain a field `openshift.cluster_id`, the unique identifier of the cluster in which the Operator is deployed. You can view the `clusterID` value with the command below. (link:https://issues.redhat.com/browse/LOG-2715[LOG-2715])
-
-include::snippets/logging-get-clusterid-snip.adoc[lines=9..12]
-
-[id="openshift-logging-5-6-known-issues_{context}"]
-== Known Issues
-* Before this update, Elasticsearch would reject logs if multiple label keys had the same prefix and some keys included the `.` character. This fixes the limitation of Elasticsearch by replacing `.` in the label keys with `_`. As a workaround for this issue, remove the labels that cause errors, or add a namespace to the label. (link:https://issues.redhat.com/browse/LOG-3463[LOG-3463])
-
-[id="openshift-logging-5-6-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, if you deleted the Kibana Custom Resource, the {product-title} web console continued displaying a link to Kibana. With this update, removing the Kibana Custom Resource also removes that link. (link:https://issues.redhat.com/browse/LOG-2993[LOG-2993])
-
-* Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs. (link:https://issues.redhat.com/browse/LOG-3072[LOG-3072])
-
-* Before this update, the Operator removed any custom outputs defined in the `ClusterLogForwarder` custom resource when using LokiStack as the default log storage. With this update, the Operator merges custom outputs with the default outputs when processing the `ClusterLogForwarder` custom resource. (link:https://issues.redhat.com/browse/LOG-3090[LOG-3090])
-
-* Before this update, the CA key was used as the volume name for mounting the CA into Loki, causing error states when the CA Key included non-conforming characters, such as dots. With this update, the volume name is standardized to an internal string which resolves the issue. (link:https://issues.redhat.com/browse/LOG-3331[LOG-3331])
-
-* Before this update, a default value set within the LokiStack Custom Resource Definition, caused an inability to create a LokiStack instance without a `ReplicationFactor` of `1`. With this update,  the operator sets the actual value for the size used. (link:https://issues.redhat.com/browse/LOG-3296[LOG-3296])
-
-* Before this update, Vector parsed the message field when JSON parsing was enabled without also defining `structuredTypeKey` or `structuredTypeName` values. With this update, a value is required for either `structuredTypeKey` or `structuredTypeName` when writing structured logs to Elasticsearch. (link:https://issues.redhat.com/browse/LOG-3195[LOG-3195])
-
-* Before this update, the secret creation component of the Elasticsearch Operator modified internal secrets constantly. With this update, the existing secret is properly handled. (link:https://issues.redhat.com/browse/LOG-3161[LOG-3161])
-
-* Before this update, the Operator could enter a loop of removing and recreating the collector daemonset while the Elasticsearch or Kibana deployments changed their status. With this update, a fix in the status handling of the Operator resolves the issue. (link:https://issues.redhat.com/browse/LOG-3157[LOG-3157])
-
-* Before this update, Kibana had a fixed `24h` OAuth cookie expiration time, which resulted in 401 errors in Kibana whenever the `accessTokenInactivityTimeout` field was set to a value lower than `24h`. With this update, Kibana's OAuth cookie expiration time synchronizes to the `accessTokenInactivityTimeout`, with a default value of `24h`. (link:https://issues.redhat.com/browse/LOG-3129[LOG-3129])
-
-* Before this update, the Operators general pattern for reconciling resources was to try and create before attempting to get or update which would lead to constant HTTP 409 responses after creation.  With this update, Operators first attempt to retrieve an object and only create or update it if it is either missing or not as specified. (link:https://issues.redhat.com/browse/LOG-2919[LOG-2919])
-
-* Before this update, the `.level` and`.structure.level` fields in Fluentd could contain different values. With this update, the values are the same for each field. (link:https://issues.redhat.com/browse/LOG-2819[LOG-2819])
-
-* Before this update, the Operator did not wait for the population of the trusted CA bundle and deployed the collector a second time once the bundle updated.  With this update, the Operator waits briefly to see if the bundle has been populated before it continues the collector deployment. (link:https://issues.redhat.com/browse/LOG-2789[LOG-2789])
-
-* Before this update, logging telemetry info appeared twice when reviewing metrics.  With this update, logging telemetry info displays as expected. (link:https://issues.redhat.com/browse/LOG-2315[LOG-2315])
-
-* Before this update, Fluentd pod logs contained a warning message after enabling the JSON parsing addition. With this update, that warning message does not appear. (link:https://issues.redhat.com/browse/LOG-1806[LOG-1806])
-
-* Before this update, the `must-gather` script did not complete because `oc` needs a folder with write permission to build its cache. With this update, `oc` has write permissions to a folder, and the `must-gather` script completes successfully. (link:https://issues.redhat.com/browse/LOG-3446[LOG-3446])
-
-* Before this update the log collector SCC could be superseded by other SCCs on the cluster, rendering the collector unusable. This update sets the priority of the log collector SCC so that it takes precedence over the others. (link:https://issues.redhat.com/browse/LOG-3235[LOG-3235])
-
-* Before this update, Vector was missing the field `sequence`, which was added to fluentd as a way to deal with a lack of actual nanoseconds precision. With this update, the field `openshift.sequence` has been added to the event logs. (link:https://issues.redhat.com/browse/LOG-3106[LOG-3106])
-
-[id="openshift-logging-5-6-cves_{context}"]
-== CVEs
-* https://access.redhat.com/security/cve/CVE-2020-36518[CVE-2020-36518]
-* https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* https://access.redhat.com/security/cve/CVE-2022-2879[CVE-2022-2879]
-* https://access.redhat.com/security/cve/CVE-2022-2880[CVE-2022-2880]
-* https://access.redhat.com/security/cve/CVE-2022-27664[CVE-2022-27664]
-* https://access.redhat.com/security/cve/CVE-2022-32190[CVE-2022-32190]
-* https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* https://access.redhat.com/security/cve/CVE-2022-37601[CVE-2022-37601]
-* https://access.redhat.com/security/cve/CVE-2022-41715[CVE-2022-41715]
-* https://access.redhat.com/security/cve/CVE-2022-42003[CVE-2022-42003]
-* https://access.redhat.com/security/cve/CVE-2022-42004[CVE-2022-42004]
-* https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/cluster-logging-rn-5.7.0.adoc b/modules/cluster-logging-rn-5.7.0.adoc
deleted file mode 100644
index b8dfbfda3dc4..000000000000
--- a/modules/cluster-logging-rn-5.7.0.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:content-type: REFERENCE
-[id="cluster-logging-release-notes-5-7-0{context}"]
-= Logging 5.7.0
-This release includes link:https://access.redhat.com/errata/RHBA-2023:2133[OpenShift Logging Bug Fix Release 5.7.0].
-
-[id="openshift-logging-5-7-enhancements"]
-== Enhancements
-With this update, you can enable logging to detect multi-line exceptions and reassemble them into a single log entry.
-
-To enable logging to detect multi-line exceptions and reassemble them into a single log entry, ensure that the `ClusterLogForwarder` Custom Resource (CR) contains a `detectMultilineErrors` field, with a value of `true`.
-
-[id="openshift-logging-5-7-known-issues"]
-== Known Issues
-None.
-
-[id="openshift-logging-5-7-0-bug-fixes"]
-== Bug fixes
-* Before this update, the `nodeSelector` attribute for the Gateway component of the LokiStack did not impact node scheduling. With this update, the `nodeSelector` attribute works as expected. (link:https://issues.redhat.com/browse/LOG-3713[LOG-3713])
-
-[id="openshift-logging-5-7-0-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2023-1999[CVE-2023-1999]
-* link:https://access.redhat.com/security/cve/CVE-2023-28617[CVE-2023-28617]
diff --git a/modules/cluster-logging-systemd-scaling.adoc b/modules/cluster-logging-systemd-scaling.adoc
index aeb747e0d51d..a92726515e28 100644
--- a/modules/cluster-logging-systemd-scaling.adoc
+++ b/modules/cluster-logging-systemd-scaling.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/config/cluster-logging-systemd
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-systemd-scaling_{context}"]
 = Configuring systemd-journald for OpenShift Logging
 
@@ -25,10 +25,10 @@ and other settings.
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 40-worker-custom-journald
   labels:
@@ -53,19 +53,19 @@ storage:
         SystemMaxFileSize=10M <10>
 ----
 +
-<1> Set the permissions for the `journal.conf` file. It is recommended to set `0644` permissions.
+<1> Set the permissions for the `journald.conf` file. It is recommended to set `0644` permissions.
 <2> Specify whether you want logs compressed before they are written to the file system.
 Specify `yes` to compress the message or `no` to not compress. The default is `yes`.
 <3> Configure whether to forward log messages. Defaults to `no` for each. Specify:
 * `ForwardToConsole` to forward logs to the system console.
-* `ForwardToKsmg` to forward logs to the kernel log buffer.
+* `ForwardToKMsg` to forward logs to the kernel log buffer.
 * `ForwardToSyslog` to forward to a syslog daemon.
 * `ForwardToWall` to forward messages as wall messages to all logged-in users.
 <4> Specify the maximum time to store journal entries. Enter a number to specify seconds. Or
 include a unit: "year", "month", "week", "day", "h" or "m". Enter `0` to disable. The default is `1month`.
 <5> Configure rate limiting. If more logs are received than what is specified in `RateLimitBurst` during the time interval defined by `RateLimitIntervalSec`, all further messages within the interval are dropped until the interval is over. It is recommended to set `RateLimitIntervalSec=30s` and `RateLimitBurst=10000`, which are the defaults.
 <6> Specify how logs are stored. The default is `persistent`:
-* `volatile` to store logs in memory in `/var/log/journal/`.
+* `volatile` to store logs in memory in `/run/log/journal/`. These logs are lost after rebooting.
 * `persistent` to store logs to disk in `/var/log/journal/`. systemd creates the directory if it does not exist.
 * `auto` to store logs in `/var/log/journal/` if the directory exists. If it does not exist, systemd temporarily stores logs in `/run/systemd/journal`.
 * `none` to not store logs. systemd drops all logs.
diff --git a/modules/cluster-logging-troubleshoot-logging.adoc b/modules/cluster-logging-troubleshoot-logging.adoc
index da30383f4ebc..bda3e59c1341 100644
--- a/modules/cluster-logging-troubleshoot-logging.adoc
+++ b/modules/cluster-logging-troubleshoot-logging.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/cluster-logging.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-logging-troubleshoot-logging-about_{context}"]
 = About troubleshooting {product-title} Logging
 
diff --git a/modules/cluster-logging-troubleshooting-log-forwarding.adoc b/modules/cluster-logging-troubleshooting-log-forwarding.adoc
deleted file mode 100644
index 943b5cf35438..000000000000
--- a/modules/cluster-logging-troubleshooting-log-forwarding.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-
-:_content-type: PROCEDURE
-[id="cluster-logging-troubleshooting-log-forwarding_{context}"]
-= Troubleshooting log forwarding
-
-When you create a `ClusterLogForwarder` custom resource (CR), if the Red Hat OpenShift Logging Operator does not redeploy the Fluentd pods automatically, you can delete the Fluentd pods to force them to redeploy.
-
-.Prerequisites
-
-* You have created a `ClusterLogForwarder` custom resource (CR) object.
-
-.Procedure
-
-* Delete the Fluentd pods to force them to redeploy.
-+
-[source,terminal]
-----
-$ oc delete pod --selector logging-infra=collector
-----
diff --git a/modules/cluster-logging-troubleshooting-loki-entry-out-of-order-errors.adoc b/modules/cluster-logging-troubleshooting-loki-entry-out-of-order-errors.adoc
deleted file mode 100644
index acfe2f9376ab..000000000000
--- a/modules/cluster-logging-troubleshooting-loki-entry-out-of-order-errors.adoc
+++ /dev/null
@@ -1,137 +0,0 @@
-:_module-type: PROCEDURE
-
-:_content-type: PROCEDURE
-[id="cluser-logging-troubleshooting-loki-entry-out-of-order-messages_{context}"]
-= Troubleshooting Loki "entry out of order" errors
-
-If your Fluentd forwards a large block of messages to a Loki logging system that exceeds the rate limit, Loki to generates "entry out of order" errors. To fix this issue, you update some values in the Loki server configuration file, `loki.yaml`.
-
-[NOTE]
-====
-`loki.yaml` is not available on Grafana-hosted Loki. This topic does not apply to Grafana-hosted Loki servers.
-====
-
-.Conditions
-
-* The `ClusterLogForwarder` custom resource is configured to forward logs to Loki.
-
-* Your system sends a block of messages that is larger than 2 MB to Loki, such as:
-+
-----
-"values":[["1630410392689800468","{\"kind\":\"Event\",\"apiVersion\":\
-.......
-......
-......
-......
-\"received_at\":\"2021-08-31T11:46:32.800278+00:00\",\"version\":\"1.7.4 1.6.0\"}},\"@timestamp\":\"2021-08-31T11:46:32.799692+00:00\",\"viaq_index_name\":\"audit-write\",\"viaq_msg_id\":\"MzFjYjJkZjItNjY0MC00YWU4LWIwMTEtNGNmM2E5ZmViMGU4\",\"log_type\":\"audit\"}"]]}]}
-----
-
-* When you enter `oc logs -c fluentd`, the Fluentd logs in your OpenShift Logging cluster show the following messages:
-+
-[source,text]
-----
-429 Too Many Requests Ingestion rate limit exceeded (limit: 8388608 bytes/sec) while attempting to ingest '2140' lines totaling '3285284' bytes
-
-429 Too Many Requests Ingestion rate limit exceeded' or '500 Internal Server Error rpc error: code = ResourceExhausted desc = grpc: received message larger than max (5277702 vs. 4194304)'
-----
-
-* When you open the logs on the Loki server, they display `entry out of order` messages like these:
-+
-[source,text]
-----
-,\nentry with timestamp 2021-08-18 05:58:55.061936 +0000 UTC ignored, reason: 'entry out of order' for stream:
-
-{fluentd_thread=\"flush_thread_0\", log_type=\"audit\"},\nentry with timestamp 2021-08-18 06:01:18.290229 +0000 UTC ignored, reason: 'entry out of order' for stream: {fluentd_thread="flush_thread_0", log_type="audit"}
-----
-
-.Procedure
-
-. Update the following fields in the `loki.yaml` configuration file on the Loki server with the values shown here:
-+
-  * `grpc_server_max_recv_msg_size: 8388608`
-  * `chunk_target_size: 8388608`
-  * `ingestion_rate_mb: 8`
-  * `ingestion_burst_size_mb: 16`
-
-. Apply the changes in `loki.yaml` to the Loki server.
-
-.Example `loki.yaml` file
-[source,yaml]
-----
-auth_enabled: false
-
-server:
-  http_listen_port: 3100
-  grpc_listen_port: 9096
-  grpc_server_max_recv_msg_size: 8388608
-
-ingester:
-  wal:
-    enabled: true
-    dir: /tmp/wal
-  lifecycler:
-    address: 127.0.0.1
-    ring:
-      kvstore:
-        store: inmemory
-      replication_factor: 1
-    final_sleep: 0s
-  chunk_idle_period: 1h       # Any chunk not receiving new logs in this time will be flushed
-  chunk_target_size: 8388608
-  max_chunk_age: 1h           # All chunks will be flushed when they hit this age, default is 1h
-  chunk_retain_period: 30s    # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m)
-  max_transfer_retries: 0     # Chunk transfers disabled
-
-schema_config:
-  configs:
-    - from: 2020-10-24
-      store: boltdb-shipper
-      object_store: filesystem
-      schema: v11
-      index:
-        prefix: index_
-        period: 24h
-
-storage_config:
-  boltdb_shipper:
-    active_index_directory: /tmp/loki/boltdb-shipper-active
-    cache_location: /tmp/loki/boltdb-shipper-cache
-    cache_ttl: 24h         # Can be increased for faster performance over longer query periods, uses more disk space
-    shared_store: filesystem
-  filesystem:
-    directory: /tmp/loki/chunks
-
-compactor:
-  working_directory: /tmp/loki/boltdb-shipper-compactor
-  shared_store: filesystem
-
-limits_config:
-  reject_old_samples: true
-  reject_old_samples_max_age: 12h
-  ingestion_rate_mb: 8
-  ingestion_burst_size_mb: 16
-
-chunk_store_config:
-  max_look_back_period: 0s
-
-table_manager:
-  retention_deletes_enabled: false
-  retention_period: 0s
-
-ruler:
-  storage:
-    type: local
-    local:
-      directory: /tmp/loki/rules
-  rule_path: /tmp/loki/rules-temp
-  alertmanager_url: http://localhost:9093
-  ring:
-    kvstore:
-      store: inmemory
-  enable_api: true
-----
-
-[role="_additional-resources"]
-.Additional resources
-
-* link:https://grafana.com/docs/loki/latest/configuration/[Configuring Loki]
diff --git a/modules/cluster-logging-uninstall.adoc b/modules/cluster-logging-uninstall.adoc
deleted file mode 100644
index 39b4b50f3cbd..000000000000
--- a/modules/cluster-logging-uninstall.adoc
+++ /dev/null
@@ -1,87 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging-uninstall.adoc
-
-:_content-type: PROCEDURE
-[id="cluster-logging-uninstall_{context}"]
-= Uninstalling the {logging-title}
-
-You can stop log aggregation by deleting the `ClusterLogging` custom resource (CR). After deleting the CR, there are other {logging} components that remain, which you can optionally remove.
-
-
-Deleting the `ClusterLogging` CR does not remove the persistent volume claims (PVCs). To preserve or delete the remaining PVCs, persistent volumes (PVs), and associated data, you must take further action.
-
-.Prerequisites
-
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed.
-
-.Procedure
-
-To remove OpenShift Logging:
-
-. Use the  
-ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} web console 
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-{cluster-manager-url} 
-endif::[]
- to remove the `ClusterLogging` CR:
-
-.. Switch to the *Administration* -> *Custom Resource Definitions* page.
-
-.. On the *Custom Resource Definitions* page, click *ClusterLogging*.
-
-.. On the *Custom Resource Definition Details* page, click *Instances*.
-
-.. Click the Options menu {kebab} next to the instance and select *Delete ClusterLogging*.
-
-. Optional: Delete the custom resource definitions (CRD):
-
-.. Switch to the *Administration* -> *Custom Resource Definitions* page.
-
-.. Click the Options menu {kebab} next to *ClusterLogForwarder* and select *Delete Custom Resource Definition*.
-
-.. Click the Options menu {kebab} next to *ClusterLogging* and select *Delete Custom Resource Definition*.
-
-.. Click the Options menu {kebab} next to *Elasticsearch* and select *Delete Custom Resource Definition*.
-
-. Optional: Remove the Red Hat OpenShift Logging Operator and OpenShift Elasticsearch Operator:
-
-.. Switch to the *Operators* -> *Installed Operators* page.
-
-.. Click the Options menu {kebab} next to the Red Hat OpenShift Logging Operator and select *Uninstall Operator*.
-
-.. Click the Options menu {kebab} next to the OpenShift Elasticsearch Operator and select *Uninstall Operator*.
-
-. Optional: Remove the OpenShift Logging and Elasticsearch projects.
-
-.. Switch to the *Home* -> *Projects* page.
-
-.. Click the Options menu {kebab} next to the *openshift-logging* project and select *Delete Project*.
-
-.. Confirm the deletion by typing `openshift-logging` in the dialog box and click *Delete*.
-
-.. Click the Options menu {kebab} next to the *openshift-operators-redhat* project and select *Delete Project*.
-+
-[IMPORTANT]
-====
-Do not delete the `openshift-operators-redhat` project if other global operators are installed in this namespace.
-====
-
-.. Confirm the deletion by typing `openshift-operators-redhat` in the dialog box and click *Delete*.
-
-. To keep the PVCs for reuse with other pods, keep the labels or PVC names that you need to reclaim the PVCs.
-
-. Optional: If you do not want to keep the PVCs, you can delete them.
-+
-[WARNING]
-====
-Releasing or deleting PVCs can delete PVs and cause data loss.
-====
-
-.. Switch to the *Storage* -> *Persistent Volume Claims* page.
-
-.. Click the Options menu {kebab} next to each PVC and select *Delete Persistent Volume Claim*.
-
-.. If you want to recover storage space, you can delete the PVs.
diff --git a/modules/cluster-logging-update-logging.adoc b/modules/cluster-logging-update-logging.adoc
deleted file mode 100644
index 06724db46dc1..000000000000
--- a/modules/cluster-logging-update-logging.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-update-logging-about_{context}"]
-= About updating {product-title} Logging
-
-{product-title} allows you to update {product-title} logging. You must update the following operators while updating {product-title} Logging:
-
-* Elasticsearch Operator
-* Cluster Logging Operator
diff --git a/modules/cluster-logging-updating-logging-to-5-0.adoc b/modules/cluster-logging-updating-logging-to-5-0.adoc
deleted file mode 100644
index bdf2c3d5ff47..000000000000
--- a/modules/cluster-logging-updating-logging-to-5-0.adoc
+++ /dev/null
@@ -1,225 +0,0 @@
-:_content-type: PROCEDURE
-[id="cluster-logging-updating-logging-to-5-0_{context}"]
-= Updating from cluster logging in {product-title} 4.6 or earlier to OpenShift Logging 5.x
-
-{product-title} 4.7 made the following name changes:
-
-* The _cluster logging_ feature became the _Red Hat OpenShift Logging_ 5.x product.
-* The _Cluster Logging_ Operator became the _Red Hat OpenShift Logging_ Operator.
-* The _Elasticsearch_ Operator became _OpenShift Elasticsearch_ Operator.
-
-To upgrade from cluster logging in {product-title} version 4.6 and earlier to OpenShift Logging 5.x, you update the {product-title} cluster to version 4.7, 4.8, or 4.9. Then, you update the following operators:
-
-* From Elasticsearch Operator 4.x to OpenShift Elasticsearch Operator 5.x
-* From Cluster Logging Operator 4.x to Red Hat OpenShift Logging Operator 5.x
-
-[IMPORTANT]
-====
-You must update the OpenShift Elasticsearch Operator _before_ you update the Red Hat OpenShift Logging Operator. You must also update _both_ Operators to the same version.
-====
-
-If you update the operators in the wrong order, Kibana does not update and the Kibana custom resource (CR) is not created. To work around this problem, you delete the Red Hat OpenShift Logging Operator pod. When the Red Hat OpenShift Logging Operator pod redeploys, it creates the Kibana CR and Kibana becomes available again.
-
-.Prerequisites
-
-* The {product-title} version is 4.7 or later.
-
-* The OpenShift Logging status is healthy:
-** All pods are `ready`.
-** The Elasticsearch cluster is healthy.
-
-* Your Elasticsearch and Kibana data is backed up.
-
-.Procedure
-
-. Update the OpenShift Elasticsearch Operator:
-
-.. From the web console, click *Operators* -> *Installed Operators*.
-
-.. Select the `openshift-operators-redhat` project.
-
-.. Click the *OpenShift Elasticsearch Operator*.
-
-.. Click *Subscription* -> *Channel*.
-
-.. In the *Change Subscription Update Channel* window, select *stable-5.x* and click *Save*.
-
-.. Wait for a few seconds, then click *Operators* -> *Installed Operators*.
-+
-Verify that the OpenShift Elasticsearch Operator version is 5.x.x.
-+
-Wait for the *Status* field to report *Succeeded*.
-
-. Update the Cluster Logging Operator:
-
-.. From the web console, click *Operators* -> *Installed Operators*.
-
-.. Select the `openshift-logging` project.
-
-.. Click the *Cluster Logging Operator*.
-
-.. Click *Subscription* -> *Channel*.
-
-.. In the *Change Subscription Update Channel* window, select *stable-5.x* and click *Save*.
-
-.. Wait for a few seconds, then click *Operators* -> *Installed Operators*.
-+
-Verify that the Red Hat OpenShift Logging Operator version is 5.0.x or 5.x.x.
-+
-Wait for the *Status* field to report *Succeeded*.
-
-. Check the logging components:
-
-.. Ensure that all Elasticsearch pods are in the *Ready* status:
-+
-[source,terminal]
-----
-$ oc get pod -n openshift-logging --selector component=elasticsearch
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                                            READY   STATUS    RESTARTS   AGE
-elasticsearch-cdm-1pbrl44l-1-55b7546f4c-mshhk   2/2     Running   0          31m
-elasticsearch-cdm-1pbrl44l-2-5c6d87589f-gx5hk   2/2     Running   0          30m
-elasticsearch-cdm-1pbrl44l-3-88df5d47-m45jc     2/2     Running   0          29m
-----
-+
-.. Ensure that the Elasticsearch cluster is healthy:
-+
-[source,terminal]
-----
-$ oc exec -n openshift-logging -c elasticsearch elasticsearch-cdm-1pbrl44l-1-55b7546f4c-mshhk -- health
-----
-+
-[source,json]
-----
-{
-  "cluster_name" : "elasticsearch",
-  "status" : "green",
-}
-----
-
-.. Ensure that the Elasticsearch cron jobs are created:
-+
-[source,terminal]
-----
-$ oc project openshift-logging
-----
-+
-[source,terminal]
-----
-$ oc get cronjob
-----
-+
-[source,terminal]
-----
-NAME                     SCHEDULE       SUSPEND   ACTIVE   LAST SCHEDULE   AGE
-elasticsearch-im-app     */15 * * * *   False     0        <none>          56s
-elasticsearch-im-audit   */15 * * * *   False     0        <none>          56s
-elasticsearch-im-infra   */15 * * * *   False     0        <none>          56s
-----
-
-.. Verify that the log store is updated to 5.0 or 5.x and the indices are `green`:
-+
-[source,terminal]
-----
-$ oc exec -c elasticsearch <any_es_pod_in_the_cluster> -- indices
-----
-+
-Verify that the output includes the `app-00000x`, `infra-00000x`, `audit-00000x`, `.security` indices.
-+
-.Sample output with indices in a green status
-[%collapsible]
-====
-[source,terminal]
-----
-Tue Jun 30 14:30:54 UTC 2020
-health status index                                                                 uuid                   pri rep docs.count docs.deleted store.size pri.store.size
-green  open   infra-000008                                                          bnBvUFEXTWi92z3zWAzieQ   3 1       222195            0        289            144
-green  open   infra-000004                                                          rtDSzoqsSl6saisSK7Au1Q   3 1       226717            0        297            148
-green  open   infra-000012                                                          RSf_kUwDSR2xEuKRZMPqZQ   3 1       227623            0        295            147
-green  open   .kibana_7                                                             1SJdCqlZTPWlIAaOUd78yg   1 1            4            0          0              0
-green  open   infra-000010                                                          iXwL3bnqTuGEABbUDa6OVw   3 1       248368            0        317            158
-green  open   infra-000009                                                          YN9EsULWSNaxWeeNvOs0RA   3 1       258799            0        337            168
-green  open   infra-000014                                                          YP0U6R7FQ_GVQVQZ6Yh9Ig   3 1       223788            0        292            146
-green  open   infra-000015                                                          JRBbAbEmSMqK5X40df9HbQ   3 1       224371            0        291            145
-green  open   .orphaned.2020.06.30                                                  n_xQC2dWQzConkvQqei3YA   3 1            9            0          0              0
-green  open   infra-000007                                                          llkkAVSzSOmosWTSAJM_hg   3 1       228584            0        296            148
-green  open   infra-000005                                                          d9BoGQdiQASsS3BBFm2iRA   3 1       227987            0        297            148
-green  open   infra-000003                                                          1-goREK1QUKlQPAIVkWVaQ   3 1       226719            0        295            147
-green  open   .security                                                             zeT65uOuRTKZMjg_bbUc1g   1 1            5            0          0              0
-green  open   .kibana-377444158_kubeadmin                                           wvMhDwJkR-mRZQO84K0gUQ   3 1            1            0          0              0
-green  open   infra-000006                                                          5H-KBSXGQKiO7hdapDE23g   3 1       226676            0        295            147
-green  open   infra-000001                                                          eH53BQ-bSxSWR5xYZB6lVg   3 1       341800            0        443            220
-green  open   .kibana-6                                                             RVp7TemSSemGJcsSUmuf3A   1 1            4            0          0              0
-green  open   infra-000011                                                          J7XWBauWSTe0jnzX02fU6A   3 1       226100            0        293            146
-green  open   app-000001                                                            axSAFfONQDmKwatkjPXdtw   3 1       103186            0        126             57
-green  open   infra-000016                                                          m9c1iRLtStWSF1GopaRyCg   3 1        13685            0         19              9
-green  open   infra-000002                                                          Hz6WvINtTvKcQzw-ewmbYg   3 1       228994            0        296            148
-green  open   infra-000013                                                          KR9mMFUpQl-jraYtanyIGw   3 1       228166            0        298            148
-green  open   audit-000001                                                          eERqLdLmQOiQDFES1LBATQ   3 1            0            0          0              0
-----
-====
-
-.. Verify that the log collector is updated to 5.0 or 5.x:
-+
-[source,terminal]
-----
-$ oc get ds fluentd -o json | grep fluentd-init
-----
-+
-Verify that the output includes a `fluentd-init` container:
-+
-[source,terminal]
-----
-"containerName": "fluentd-init"
-----
-
-.. Verify that the log visualizer is updated to 5.0 or 5.x using the Kibana CRD:
-+
-[source,terminal]
-----
-$ oc get kibana kibana -o json
-----
-+
-Verify that the output includes a Kibana pod with the `ready` status:
-+
-.Sample output with a ready Kibana pod
-[%collapsible]
-====
-[source,json]
-----
-[
-{
-"clusterCondition": {
-"kibana-5fdd766ffd-nb2jj": [
-{
-"lastTransitionTime": "2020-06-30T14:11:07Z",
-"reason": "ContainerCreating",
-"status": "True",
-"type": ""
-},
-{
-"lastTransitionTime": "2020-06-30T14:11:07Z",
-"reason": "ContainerCreating",
-"status": "True",
-"type": ""
-}
-]
-},
-"deployment": "kibana",
-"pods": {
-"failed": [],
-"notReady": []
-"ready": []
-},
-"replicaSets": [
-"kibana-5fdd766ffd"
-],
-"replicas": 1
-}
-]
-----
-====
diff --git a/modules/cluster-logging-updating-logging-to-5-1.adoc b/modules/cluster-logging-updating-logging-to-5-1.adoc
index dbc194adc050..8077f9311feb 100644
--- a/modules/cluster-logging-updating-logging-to-5-1.adoc
+++ b/modules/cluster-logging-updating-logging-to-5-1.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-updating-logging-to-5-1_{context}"]
 = Updating OpenShift Logging to the current version
 
diff --git a/modules/cluster-logging-updating-logging-to-current.adoc b/modules/cluster-logging-updating-logging-to-current.adoc
deleted file mode 100644
index fd413f21d54a..000000000000
--- a/modules/cluster-logging-updating-logging-to-current.adoc
+++ /dev/null
@@ -1,230 +0,0 @@
-// Module file include in the following assemblies:
-//cluster-logging-upgrading.adoc
-:_content-type: PROCEDURE
-[id="cluster-logging-updating-logging-to_current_{context}"]
-= Updating Logging to the current version
-
-To update Logging to the current version, you change the subscriptions for the OpenShift Elasticsearch Operator and Red Hat OpenShift Logging Operator.
-
-[IMPORTANT]
-====
-You must update the OpenShift Elasticsearch Operator _before_ you update the Red Hat OpenShift Logging Operator. You must also update _both_ Operators to the same version.
-====
-
-
-If you update the Operators in the wrong order, Kibana does not update and the Kibana custom resource (CR) is not created. To work around this problem, you delete the Red Hat OpenShift Logging Operator pod. When the Red Hat OpenShift Logging Operator pod redeploys, it creates the Kibana CR and Kibana becomes available again.
-
-.Prerequisites
-
-* The {product-title} version is 4.7 or later.
-
-* The Logging status is healthy:
-+
-** All pods are `ready`.
-** The Elasticsearch cluster is healthy.
-
-* Your link:https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html[Elasticsearch and Kibana data is backed up.]
-
-.Procedure
-
-. Update the OpenShift Elasticsearch Operator:
-
-ifndef::openshift-rosa,openshift-dedicated[]
-.. In the {product-title} web console, click *Operators* -> *Installed Operators*.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-.. In the {hybrid-console}, click *Operators* -> *Installed Operators*. 
-endif::[]
-
-.. Select the `openshift-Operators-redhat` project.
-
-.. Click the *OpenShift Elasticsearch Operator*.
-
-.. Click *Subscription* -> *Channel*.
-
-.. In the *Change Subscription Update Channel* window, select *stable-5.x* and click *Save*.
-
-.. Wait for a few seconds, then click *Operators* -> *Installed Operators*.
-+
-.. Verify that the OpenShift Elasticsearch Operator version is 5.x.x.
-+
-.. Wait for the *Status* field to report *Succeeded*.
-
-. Update the Red Hat OpenShift Logging Operator:
-
-ifndef::openshift-rosa,openshift-dedicated[]
-.. In the {product-title} web console, click *Operators* -> *Installed Operators*.
-endif::[]
-ifdef::openshift-rosa,openshift-dedicated[]
-.. In the {hybrid-console}, click *Operators* -> *Installed Operators*. 
-endif::[]
-
-.. Select the `openshift-logging` project.
-
-.. Click the *Red Hat OpenShift Logging Operator*.
-
-.. Click *Subscription* -> *Channel*.
-
-.. In the *Change Subscription Update Channel* window, select *stable-5.x* and click *Save*.
-
-.. Wait for a few seconds, then click *Operators* -> *Installed Operators*.
-+
-.. Verify that the Red Hat OpenShift Logging Operator version is 5.y.z
-+
-.. Wait for the *Status* field to report *Succeeded*.
-
-. Check the logging components:
-
-.. Ensure that all Elasticsearch pods are in the *Ready* status:
-+
-[source,terminal]
-----
-$ oc get pod -n openshift-logging --selector component=elasticsearch
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                                            READY   STATUS    RESTARTS   AGE
-elasticsearch-cdm-1pbrl44l-1-55b7546f4c-mshhk   2/2     Running   0          31m
-elasticsearch-cdm-1pbrl44l-2-5c6d87589f-gx5hk   2/2     Running   0          30m
-elasticsearch-cdm-1pbrl44l-3-88df5d47-m45jc     2/2     Running   0          29m
-----
-+
-.. Ensure that the Elasticsearch cluster is healthy:
-+
-[source,terminal]
-----
-$ oc exec -n openshift-logging -c elasticsearch elasticsearch-cdm-1pbrl44l-1-55b7546f4c-mshhk -- health
-----
-+
-[source,json]
-----
-{
-  "cluster_name" : "elasticsearch",
-  "status" : "green",
-}
-----
-
-.. Ensure that the Elasticsearch cron jobs are created:
-+
-[source,terminal]
-----
-$ oc project openshift-logging
-----
-+
-[source,terminal]
-----
-$ oc get cronjob
-----
-+
-[source,terminal]
-----
-NAME                     SCHEDULE       SUSPEND   ACTIVE   LAST SCHEDULE   AGE
-elasticsearch-im-app     */15 * * * *   False     0        <none>          56s
-elasticsearch-im-audit   */15 * * * *   False     0        <none>          56s
-elasticsearch-im-infra   */15 * * * *   False     0        <none>          56s
-----
-
-.. Verify that the log store is updated to 5.x and the indices are `green`:
-+
-[source,terminal]
-----
-$ oc exec -c elasticsearch <any_es_pod_in_the_cluster> -- indices
-----
-+
-.. Verify that the output includes the `app-00000x`, `infra-00000x`, `audit-00000x`, `.security` indices.
-+
-.Sample output with indices in a green status
-[%collapsible]
-====
-[source,terminal]
-----
-Tue Jun 30 14:30:54 UTC 2020
-health status index                                                                 uuid                   pri rep docs.count docs.deleted store.size pri.store.size
-green  open   infra-000008                                                          bnBvUFEXTWi92z3zWAzieQ   3 1       222195            0        289            144
-green  open   infra-000004                                                          rtDSzoqsSl6saisSK7Au1Q   3 1       226717            0        297            148
-green  open   infra-000012                                                          RSf_kUwDSR2xEuKRZMPqZQ   3 1       227623            0        295            147
-green  open   .kibana_7                                                             1SJdCqlZTPWlIAaOUd78yg   1 1            4            0          0              0
-green  open   infra-000010                                                          iXwL3bnqTuGEABbUDa6OVw   3 1       248368            0        317            158
-green  open   infra-000009                                                          YN9EsULWSNaxWeeNvOs0RA   3 1       258799            0        337            168
-green  open   infra-000014                                                          YP0U6R7FQ_GVQVQZ6Yh9Ig   3 1       223788            0        292            146
-green  open   infra-000015                                                          JRBbAbEmSMqK5X40df9HbQ   3 1       224371            0        291            145
-green  open   .orphaned.2020.06.30                                                  n_xQC2dWQzConkvQqei3YA   3 1            9            0          0              0
-green  open   infra-000007                                                          llkkAVSzSOmosWTSAJM_hg   3 1       228584            0        296            148
-green  open   infra-000005                                                          d9BoGQdiQASsS3BBFm2iRA   3 1       227987            0        297            148
-green  open   infra-000003                                                          1-goREK1QUKlQPAIVkWVaQ   3 1       226719            0        295            147
-green  open   .security                                                             zeT65uOuRTKZMjg_bbUc1g   1 1            5            0          0              0
-green  open   .kibana-377444158_kubeadmin                                           wvMhDwJkR-mRZQO84K0gUQ   3 1            1            0          0              0
-green  open   infra-000006                                                          5H-KBSXGQKiO7hdapDE23g   3 1       226676            0        295            147
-green  open   infra-000001                                                          eH53BQ-bSxSWR5xYZB6lVg   3 1       341800            0        443            220
-green  open   .kibana-6                                                             RVp7TemSSemGJcsSUmuf3A   1 1            4            0          0              0
-green  open   infra-000011                                                          J7XWBauWSTe0jnzX02fU6A   3 1       226100            0        293            146
-green  open   app-000001                                                            axSAFfONQDmKwatkjPXdtw   3 1       103186            0        126             57
-green  open   infra-000016                                                          m9c1iRLtStWSF1GopaRyCg   3 1        13685            0         19              9
-green  open   infra-000002                                                          Hz6WvINtTvKcQzw-ewmbYg   3 1       228994            0        296            148
-green  open   infra-000013                                                          KR9mMFUpQl-jraYtanyIGw   3 1       228166            0        298            148
-green  open   audit-000001                                                          eERqLdLmQOiQDFES1LBATQ   3 1            0            0          0              0
-----
-====
-
-.. Verify that the log collector is updated:
-+
-[source,terminal]
-----
-$ oc get ds collector -o json | grep collector
-----
-+
-.. Verify that the output includes a `collectort` container:
-+
-[source,terminal]
-----
-"containerName": "collector"
-----
-
-.. Verify that the log visualizer is updated to 5.x using the Kibana CRD:
-+
-[source,terminal]
-----
-$ oc get kibana kibana -o json
-----
-+
-.. Verify that the output includes a Kibana pod with the `ready` status:
-+
-.Sample output with a ready Kibana pod
-[%collapsible]
-====
-[source,json]
-----
-[
-{
-"clusterCondition": {
-"kibana-5fdd766ffd-nb2jj": [
-{
-"lastTransitionTime": "2020-06-30T14:11:07Z",
-"reason": "ContainerCreating",
-"status": "True",
-"type": ""
-},
-{
-"lastTransitionTime": "2020-06-30T14:11:07Z",
-"reason": "ContainerCreating",
-"status": "True",
-"type": ""
-}
-]
-},
-"deployment": "kibana",
-"pods": {
-"failed": [],
-"notReady": []
-"ready": []
-},
-"replicaSets": [
-"kibana-5fdd766ffd"
-],
-"replicas": 1
-}
-]
-----
-====
diff --git a/modules/cluster-logging-upgrading-elasticsearch.adoc b/modules/cluster-logging-upgrading-elasticsearch.adoc
new file mode 100644
index 000000000000..9a62639a987e
--- /dev/null
+++ b/modules/cluster-logging-upgrading-elasticsearch.adoc
@@ -0,0 +1,192 @@
+// Module file include in the following assemblies:
+// logging/cluster-logging-upgrading.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cluster-logging-upgrading-elasticsearch_{context}"]
+= Updating the {es-op}
+
+To update the {es-op} to the current version, you must modify the subscription.
+
+include::snippets/logging-elastic-dep-snip.adoc[]
+
+.Prerequisites
+
+* If you are using Elasticsearch as the default log store, and Kibana as the UI, update the {es-op} before you update the {clo}.
++
+[IMPORTANT]
+====
+If you update the Operators in the wrong order, Kibana does not update and the Kibana custom resource (CR) is not created. To fix this issue, delete the {clo} pod. When the {clo} pod redeploys, it creates the Kibana CR and Kibana becomes available again.
+====
+
+* The Logging status is healthy:
+** All pods have a `ready` status.
+** The Elasticsearch cluster is healthy.
+
+* Your link:https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html[Elasticsearch and Kibana data is backed up].
+* You have administrator permissions.
+* You have installed the {oc-first} for the verification steps.
+
+.Procedure
+
+ifndef::openshift-rosa,openshift-dedicated[]
+. In the {product-title} web console, click *Operators* -> *Installed Operators*.
+endif::[]
+ifdef::openshift-rosa,openshift-dedicated[]
+. In the {hybrid-console}, click *Operators* -> *Installed Operators*.
+endif::[]
+
+. Select the *openshift-operators-redhat* project.
+
+. Click *OpenShift Elasticsearch Operator*.
+
+. Click *Subscription* -> *Channel*.
+
+. In the *Change Subscription Update Channel* window, select *stable-5.y* and click *Save*. Note the `elasticsearch-operator.v5.y.z` version.
+
+. Wait for a few seconds, then click *Operators* -> *Installed Operators*. Verify that the {es-op} version matches the latest `elasticsearch-operator.v5.y.z` version.
+
+. On the *Operators* -> *Installed Operators* page, wait for the *Status* field to report *Succeeded*.
+
+.Verification
+
+. Verify that all Elasticsearch pods have a *Ready* status by entering the following command and observing the output:
++
+[source,terminal]
+----
+$ oc get pod -n openshift-logging --selector component=elasticsearch
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                            READY   STATUS    RESTARTS   AGE
+elasticsearch-cdm-1pbrl44l-1-55b7546f4c-mshhk   2/2     Running   0          31m
+elasticsearch-cdm-1pbrl44l-2-5c6d87589f-gx5hk   2/2     Running   0          30m
+elasticsearch-cdm-1pbrl44l-3-88df5d47-m45jc     2/2     Running   0          29m
+----
+
+. Verify that the Elasticsearch cluster status is `green` by entering the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch elasticsearch-cdm-1pbrl44l-1-55b7546f4c-mshhk -- health
+----
++
+.Example output
+[source,json]
+----
+{
+  "cluster_name" : "elasticsearch",
+  "status" : "green",
+}
+----
+
+. Verify that the Elasticsearch cron jobs are created by entering the following commands and observing the output:
++
+[source,terminal]
+----
+$ oc project openshift-logging
+----
++
+[source,terminal]
+----
+$ oc get cronjob
+----
++
+.Example output
+[source,terminal]
+----
+NAME                     SCHEDULE       SUSPEND   ACTIVE   LAST SCHEDULE   AGE
+elasticsearch-im-app     */15 * * * *   False     0        <none>          56s
+elasticsearch-im-audit   */15 * * * *   False     0        <none>          56s
+elasticsearch-im-infra   */15 * * * *   False     0        <none>          56s
+----
+
+. Verify that the log store is updated to the correct version and the indices are `green` by entering the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -c elasticsearch <any_es_pod_in_the_cluster> -- indices
+----
++
+Verify that the output includes the `app-00000x`, `infra-00000x`, `audit-00000x`, `.security` indices:
++
+.Sample output with indices in a green status
+[%collapsible]
+====
+[source,terminal]
+----
+Tue Jun 30 14:30:54 UTC 2020
+health status index                                                                 uuid                   pri rep docs.count docs.deleted store.size pri.store.size
+green  open   infra-000008                                                          bnBvUFEXTWi92z3zWAzieQ   3 1       222195            0        289            144
+green  open   infra-000004                                                          rtDSzoqsSl6saisSK7Au1Q   3 1       226717            0        297            148
+green  open   infra-000012                                                          RSf_kUwDSR2xEuKRZMPqZQ   3 1       227623            0        295            147
+green  open   .kibana_7                                                             1SJdCqlZTPWlIAaOUd78yg   1 1            4            0          0              0
+green  open   infra-000010                                                          iXwL3bnqTuGEABbUDa6OVw   3 1       248368            0        317            158
+green  open   infra-000009                                                          YN9EsULWSNaxWeeNvOs0RA   3 1       258799            0        337            168
+green  open   infra-000014                                                          YP0U6R7FQ_GVQVQZ6Yh9Ig   3 1       223788            0        292            146
+green  open   infra-000015                                                          JRBbAbEmSMqK5X40df9HbQ   3 1       224371            0        291            145
+green  open   .orphaned.2020.06.30                                                  n_xQC2dWQzConkvQqei3YA   3 1            9            0          0              0
+green  open   infra-000007                                                          llkkAVSzSOmosWTSAJM_hg   3 1       228584            0        296            148
+green  open   infra-000005                                                          d9BoGQdiQASsS3BBFm2iRA   3 1       227987            0        297            148
+green  open   infra-000003                                                          1-goREK1QUKlQPAIVkWVaQ   3 1       226719            0        295            147
+green  open   .security                                                             zeT65uOuRTKZMjg_bbUc1g   1 1            5            0          0              0
+green  open   .kibana-377444158_kubeadmin                                           wvMhDwJkR-mRZQO84K0gUQ   3 1            1            0          0              0
+green  open   infra-000006                                                          5H-KBSXGQKiO7hdapDE23g   3 1       226676            0        295            147
+green  open   infra-000001                                                          eH53BQ-bSxSWR5xYZB6lVg   3 1       341800            0        443            220
+green  open   .kibana-6                                                             RVp7TemSSemGJcsSUmuf3A   1 1            4            0          0              0
+green  open   infra-000011                                                          J7XWBauWSTe0jnzX02fU6A   3 1       226100            0        293            146
+green  open   app-000001                                                            axSAFfONQDmKwatkjPXdtw   3 1       103186            0        126             57
+green  open   infra-000016                                                          m9c1iRLtStWSF1GopaRyCg   3 1        13685            0         19              9
+green  open   infra-000002                                                          Hz6WvINtTvKcQzw-ewmbYg   3 1       228994            0        296            148
+green  open   infra-000013                                                          KR9mMFUpQl-jraYtanyIGw   3 1       228166            0        298            148
+green  open   audit-000001                                                          eERqLdLmQOiQDFES1LBATQ   3 1            0            0          0              0
+----
+====
+
+. Verify that the log visualizer is updated to the correct version by entering the following command and observing the output:
++
+[source,terminal]
+----
+$ oc get kibana kibana -o json
+----
++
+Verify that the output includes a Kibana pod with the `ready` status:
++
+.Sample output with a ready Kibana pod
+[%collapsible]
+====
+[source,json]
+----
+[
+{
+"clusterCondition": {
+"kibana-5fdd766ffd-nb2jj": [
+{
+"lastTransitionTime": "2020-06-30T14:11:07Z",
+"reason": "ContainerCreating",
+"status": "True",
+"type": ""
+},
+{
+"lastTransitionTime": "2020-06-30T14:11:07Z",
+"reason": "ContainerCreating",
+"status": "True",
+"type": ""
+}
+]
+},
+"deployment": "kibana",
+"pods": {
+"failed": [],
+"notReady": []
+"ready": []
+},
+"replicaSets": [
+"kibana-5fdd766ffd"
+],
+"replicas": 1
+}
+]
+----
+====
diff --git a/modules/cluster-logging-vector-tech-preview.adoc b/modules/cluster-logging-vector-tech-preview.adoc
deleted file mode 100644
index 1e69a31af785..000000000000
--- a/modules/cluster-logging-vector-tech-preview.adoc
+++ /dev/null
@@ -1,68 +0,0 @@
-// Module included in the following assemblies:
-//cluster-logging-release-notes.adoc
-
-:_content-type: PROCEDURE
-[id="cluster-logging-vector-tech-preview_{context}"]
-:FeatureName: Vector
-include::snippets/technology-preview.adoc[]
-
-[id="cluster-logging-about-vector"]
-= About Vector
-Vector is a log collector offered as a tech-preview alternative to the current default collector for the {logging}.
-
-The following outputs are supported:
-
-* `elasticsearch`. An external Elasticsearch instance. The `elasticsearch` output can use a TLS connection.
-
-* `kafka`. A Kafka broker. The `kafka` output can use an unsecured or TLS connection.
-
-* `loki`. Loki, a horizontally scalable, highly available, multi-tenant log aggregation system.
-
-
-[id="cluster-logging-enabling-vector"]
-== Enabling Vector
-Vector is not enabled by default. Use the following steps to enable Vector on your {product-title} cluster.
-
-[IMPORTANT]
-====
-Vector does not support FIPS Enabled Clusters.
-====
-
-.Prerequisites
-
-* {product-title}: 4.13
-* {logging-title-uc}: 5.4
-* FIPS disabled
-
-.Procedure
-
-. Edit the `ClusterLogging` custom resource (CR) in the `openshift-logging` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-logging edit ClusterLogging instance
-----
-
-. Add a `logging.openshift.io/preview-vector-collector: enabled` annotation to the `ClusterLogging` custom resource (CR).
-
-. Add `vector` as a collection type to the `ClusterLogging` custom resource (CR).
-
-[source,yaml]
-----
-  apiVersion: "logging.openshift.io/v1"
-  kind: "ClusterLogging"
-  metadata:
-    name: "instance"
-    namespace: "openshift-logging"
-    annotations:
-      logging.openshift.io/preview-vector-collector: enabled
-  spec:
-    collection:
-      logs:
-        type: "vector"
-        vector: {}
-----
-
-[role="_additional-resources"]
-.Additional resources
-* link:https://vector.dev/docs/about/what-is-vector/[Vector Documentation]
diff --git a/modules/cluster-logging-view-cluster-dashboards.adoc b/modules/cluster-logging-view-cluster-dashboards.adoc
deleted file mode 100644
index 9205ecfca60f..000000000000
--- a/modules/cluster-logging-view-cluster-dashboards.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: CONCEPT
-[id="cluster-logging-view-cluster-dashboards-about_{context}"]
-= About viewing the cluster dashboard
-
-The {product-title} Logging dashboard contains charts that show details about your Elasticsearch instance at the cluster level. These charts help you diagnose and anticipate problems.
diff --git a/modules/cluster-logging-visualizer-indices.adoc b/modules/cluster-logging-visualizer-indices.adoc
index bd796c77befd..1b6deaab2d61 100644
--- a/modules/cluster-logging-visualizer-indices.adoc
+++ b/modules/cluster-logging-visualizer-indices.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * logging/cluster-logging-visualizer.adoc
+// * logging/log_visualizer/logging-kibana.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-visualizer-indices_{context}"]
 = Defining Kibana index patterns
 
@@ -16,7 +16,7 @@ If you can view the pods and logs in the `default`, `kube-` and `openshift-` pro
 +
 [source,terminal]
 ----
-$ oc auth can-i get pods/log -n <project>
+$ oc auth can-i get pods --subresource log -n <project>
 ----
 +
 .Example output
diff --git a/modules/cluster-logging-visualizer-kibana.adoc b/modules/cluster-logging-visualizer-kibana.adoc
index 4c1451412763..0ae118f203cb 100644
--- a/modules/cluster-logging-visualizer-kibana.adoc
+++ b/modules/cluster-logging-visualizer-kibana.adoc
@@ -2,7 +2,7 @@
 //
 // * logging/viewing/cluster-logging-visualizer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cluster-logging-visualizer-kibana_{context}"]
 = Viewing cluster logs in Kibana
 
@@ -20,7 +20,7 @@ If you can view the pods and logs in the `default`, `kube-` and `openshift-` pro
 +
 [source,terminal]
 ----
-$ oc auth can-i get pods/log -n <project>
+$ oc auth can-i get pods --subresource log -n <project>
 ----
 +
 .Example output
diff --git a/modules/cluster-logging-visualizer-launch.adoc b/modules/cluster-logging-visualizer-launch.adoc
index 268ea7a9c092..4bb32430077b 100644
--- a/modules/cluster-logging-visualizer-launch.adoc
+++ b/modules/cluster-logging-visualizer-launch.adoc
@@ -16,7 +16,7 @@ If you can view the pods and logs in the `default`, `kube-*` and `openshift-*` p
 +
 [source,terminal]
 ----
-$ oc auth can-i get pods/log -n <project>
+$ oc auth can-i get pods --subresource log -n <project>
 ----
 +
 .Example output
diff --git a/modules/cluster-node-tuning-operator-verify-profiles.adoc b/modules/cluster-node-tuning-operator-verify-profiles.adoc
index 3239b503ee99..380f179c15be 100644
--- a/modules/cluster-node-tuning-operator-verify-profiles.adoc
+++ b/modules/cluster-node-tuning-operator-verify-profiles.adoc
@@ -9,7 +9,7 @@ Verify the TuneD profiles that are applied to your cluster node.
 
 [source,terminal]
 ----
-$ oc get profile -n openshift-cluster-node-tuning-operator
+$ oc get profile.tuned.openshift.io -n openshift-cluster-node-tuning-operator
 ----
 
 .Example output
@@ -39,10 +39,10 @@ $ oc get co/node-tuning -n openshift-cluster-node-tuning-operator
 ----
 
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME          VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
-node-tuning   4.13.1    True        False         True       60m     1/5 Profiles with bootcmdline conflict
+node-tuning   {product-version}.1    True        False         True       60m     1/5 Profiles with bootcmdline conflict
 ----
 
 If either the `ClusterOperator/node-tuning` or a profile object's status is `DEGRADED`, additional information is provided in the Operator or operand logs.
diff --git a/modules/cluster-openshift-controller-manager-operators.adoc b/modules/cluster-openshift-controller-manager-operators.adoc
index 52d18d574c48..acc14fee1b7c 100644
--- a/modules/cluster-openshift-controller-manager-operators.adoc
+++ b/modules/cluster-openshift-controller-manager-operators.adoc
@@ -15,7 +15,7 @@ The OpenShift Controller Manager Operator installs and maintains the `OpenShiftC
 $ oc get clusteroperator openshift-controller-manager -o yaml
 ----
 
-The custom resource definitino (CRD) `openshiftcontrollermanagers.operator.openshift.io` can be viewed in a cluster with:
+The custom resource definition (CRD) `openshiftcontrollermanagers.operator.openshift.io` can be viewed in a cluster with:
 
 [source,terminal]
 ----
diff --git a/modules/cluster-resources.adoc b/modules/cluster-resources.adoc
index 1efb54bcb609..863254078ea4 100644
--- a/modules/cluster-resources.adoc
+++ b/modules/cluster-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-cluster-resources_{context}"]
 = Interacting with your cluster resources
 
@@ -6,7 +6,12 @@ You can interact with cluster resources by using the OpenShift CLI (`oc`) tool i
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have access to the web console or you have installed the `oc` CLI tool.
 
 .Procedure
diff --git a/modules/cluster-samples-operator.adoc b/modules/cluster-samples-operator.adoc
index 26328f29cd5b..6234ae123e50 100644
--- a/modules/cluster-samples-operator.adoc
+++ b/modules/cluster-samples-operator.adoc
@@ -13,7 +13,7 @@ ifeval::["{context}" == "cluster-capabilities"]
 :cluster-caps:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cluster-samples-operator_{context}"]
 ifdef::operator-ref[= Cluster Samples Operator]
 ifdef::cluster-caps[= OpenShift samples capability]
diff --git a/modules/cluster-telemetry.adoc b/modules/cluster-telemetry.adoc
index e8e773f4392d..fe208ae3cbdf 100644
--- a/modules/cluster-telemetry.adoc
+++ b/modules/cluster-telemetry.adoc
@@ -26,10 +26,6 @@
 // * installing/installing_azure/installing-azure-government-region.adoc
 // * installing/installing_azure/installing-azure-customizations.adoc
 // * installing/installing_azure/installing-azure-private.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
 // * installing/installing_aws/installing-aws-network-customizations.adoc
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
@@ -41,13 +37,10 @@
 // * installing/installing_aws/installing-aws-government-region.adoc
 // * installing/installing_aws/installing-aws-china.adoc
 // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user-sr-iov.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
@@ -63,6 +56,7 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_ibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
@@ -70,8 +64,10 @@
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
 // * installing/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-telemetry_{context}"]
 ifndef::openshift-origin[]
 = Telemetry access for {product-title}
diff --git a/modules/cluster-wide-proxy-preqs.adoc b/modules/cluster-wide-proxy-preqs.adoc
index f495c5dc44c1..e3dc88906add 100644
--- a/modules/cluster-wide-proxy-preqs.adoc
+++ b/modules/cluster-wide-proxy-preqs.adoc
@@ -2,11 +2,11 @@
 //
 // * networking/configuring-cluster-wide-proxy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-wide-proxy-prereqs_{context}"]
 = Prerequisites for configuring a cluster-wide proxy
 
-To configure a cluster-wide proxy, you must meet the following requirements. These requirements are valid when you configure a proxy during installation or post-installation.
+To configure a cluster-wide proxy, you must meet the following requirements. These requirements are valid when you configure a proxy during installation or postinstallation.
 
 [discrete]
 [id="cluster-wide-proxy-general-prereqs_{context}"]
@@ -22,16 +22,26 @@ ifdef::openshift-dedicated[]
 * You are using the Customer Cloud Subscription (CCS) model for your cluster.
 endif::openshift-dedicated[]
 * The proxy can access the VPC for the cluster and the private subnets of the VPC. The proxy is also accessible from the VPC for the cluster and from the private subnets of the VPC.
-* You have added the `ec2.<aws_region>.amazonaws.com`, `elasticloadbalancing.<aws_region>.amazonaws.com`, and `s3.<aws_region>.amazonaws.com` endpoints to your VPC endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works at the container level and not at the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not enough.
+* You have added the following endpoints to your VPC endpoint:
+** `ec2.<aws_region>.amazonaws.com`
+** `elasticloadbalancing.<aws_region>.amazonaws.com`
+** `s3.<aws_region>.amazonaws.com`
++
+These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works at the container level and not at the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not enough.
++
+[NOTE]
+====
+When using a cluster-wide proxy, you must configure the `s3.<aws_region>.amazonaws.com` endpoint as type `Gateway`. Also, you can configure the `ec2.<aws_region>.amazonaws.com` and `elasticloadbalancing.<aws_region>.amazonaws.com` endpoints only as type `Interface`.
+====
 
 [discrete]
 [id="cluster-wide-proxy-network-prereqs_{context}"]
 == Network requirements
 
-* If your proxy re-encyrpts egress traffic, you must create exclusions to the domain and port combinations. The following table offers guidance into these exceptions.
+* If your proxy re-encrypts egress traffic, you must create exclusions to the domain and port combinations. The following table offers guidance into these exceptions.
 +
 --
-** Add the following OpenShift URLs to your allowlist for re-encryption.
+** Your proxy must exclude re-encrypting the following OpenShift URLs:
 +
 [cols="6,1,6",options="header"]
 |===
@@ -45,7 +55,7 @@ endif::openshift-dedicated[]
 |The https://cloud.redhat.com/openshift site uses authentication from sso.redhat.com to download the cluster pull secret and use Red Hat SaaS solutions to facilitate monitoring of your subscriptions, cluster inventory, and chargeback reporting.
 |===
 +
-** Add the following site reliability engineering (SRE) and management URLs to your allowlist for re-encryption.
+** Your proxy must exclude re-encrypting the following site reliability engineering (SRE) and management URLs:
 +
 [cols="6,1,6",options="header"]
 |===
diff --git a/modules/cnf-about-collecting-nro-data.adoc b/modules/cnf-about-collecting-nro-data.adoc
new file mode 100644
index 000000000000..c892716e3589
--- /dev/null
+++ b/modules/cnf-about-collecting-nro-data.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/cnf-numa-aware-scheduling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cnf-about-collecting-nro-data_{context}"]
+= Collecting NUMA Resources Operator data
+
+You can use the `oc adm must-gather` CLI command to collect information about your cluster, including features and objects associated with the NUMA Resources Operator.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+* You have installed the {oc-first}.
+
+.Procedure
+
+* To collect NUMA Resources Operator data with `must-gather`, you must specify the NUMA Resources Operator `must-gather` image.
++
+[source,terminal,subs="attributes+"]
+----
+$ oc adm must-gather --image=registry.redhat.io/numaresources-must-gather/numaresources-must-gather-rhel9:{product-version}
+----
diff --git a/modules/cnf-about-collecting-ptp-data.adoc b/modules/cnf-about-collecting-ptp-data.adoc
new file mode 100644
index 000000000000..b2009621bdbd
--- /dev/null
+++ b/modules/cnf-about-collecting-ptp-data.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * networking/ptp/configuring-ptp.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cnf-about-collecting-nro-data_{context}"]
+= Collecting PTP Operator data
+
+You can use the `oc adm must-gather` command to collect information about your cluster, including features and objects associated with PTP Operator.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+* You have installed the {oc-first}.
+
+* You have installed the PTP Operator.
+
+.Procedure
+
+* To collect PTP Operator data with `must-gather`, you must specify the PTP Operator `must-gather` image.
++
+[source,terminal,subs="attributes+"]
+----
+$ oc adm must-gather --image=registry.redhat.io/openshift4/ptp-must-gather-rhel8:v{product-version}
+----
diff --git a/modules/cnf-about-irq-affinity-setting.adoc b/modules/cnf-about-irq-affinity-setting.adoc
index ec13c4e595d0..451004ef5bce 100644
--- a/modules/cnf-about-irq-affinity-setting.adoc
+++ b/modules/cnf-about-irq-affinity-setting.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about_irq_affinity_setting_{context}"]
 = About support of IRQ affinity setting
 
@@ -24,7 +24,7 @@ If the effective affinity of any IRQ is set to an isolated CPU, it might be a si
 
 [source,terminal]
 ----
-$ find /proc/irq/ -name effective_affinity -exec sh -c 'i="$1"; mask=$(cat $i); file=$(echo $i); echo $file: $mask' _ {} \;
+$ find /proc/irq -name effective_affinity -printf "%p: " -exec cat {} \;
 ----
 
 .Example output
diff --git a/modules/cnf-about-numa-aware-scheduling.adoc b/modules/cnf-about-numa-aware-scheduling.adoc
index 7b711d8945f9..3c6f047b13bc 100644
--- a/modules/cnf-about-numa-aware-scheduling.adoc
+++ b/modules/cnf-about-numa-aware-scheduling.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-numa-aware-scheduling_{context}"]
 = About NUMA-aware scheduling
 
@@ -26,7 +26,7 @@ PodResources API:: The `PodResources` API is local to each node and exposes the
 +
 [NOTE]
 ====
-The `List` endpoint of the `PodResources` API exposes exclusive CPUs allocated to a particular container. The API does not expose CPUs that belong to a shared pool. 
+The `List` endpoint of the `PodResources` API exposes exclusive CPUs allocated to a particular container. The API does not expose CPUs that belong to a shared pool.
 
 The `GetAllocatableResources` endpoint exposes allocatable resources available on a node.
 ====
diff --git a/modules/cnf-about-ptp-and-clock-synchronization.adoc b/modules/cnf-about-ptp-and-clock-synchronization.adoc
index c60985b76fcd..33b1673c9d6d 100644
--- a/modules/cnf-about-ptp-and-clock-synchronization.adoc
+++ b/modules/cnf-about-ptp-and-clock-synchronization.adoc
@@ -1,14 +1,14 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/using-ptp-events.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-ptp-and-clock-synchronization_{context}"]
 = About PTP and clock synchronization error events
 
 Loss of PTP synchronization is a critical error for a RAN network. If synchronization is lost on a node, the radio might be shut down and the network Over the Air (OTA) traffic might be shifted to another node in the wireless network. Fast event notifications mitigate against workload errors by allowing cluster nodes to communicate PTP clock sync status to the vRAN application running in the DU.
 
-Event notifications are available to vRAN applications running on the same DU node. A publish-subscribe REST API passes events notifications to the messaging bus. Publish-subscribe messaging, or pub-sub messaging, is an asynchronous service-to-service communication architecture where any message published to a topic is immediately received by all of the subscribers to the topic.
+Event notifications are available to vRAN applications running on the same DU node. A publish/subscribe REST API passes events notifications to the messaging bus. Publish/subscribe messaging, or pub-sub messaging, is an asynchronous service-to-service communication architecture where any message published to a topic is immediately received by all of the subscribers to the topic.
 
 The PTP Operator generates fast event notifications for every PTP-capable network interface. You can access the events by using a `cloud-event-proxy` sidecar container over an HTTP or Advanced Message Queuing Protocol (AMQP) message bus.
 
diff --git a/modules/cnf-about-ptp-fast-event-notifications-framework.adoc b/modules/cnf-about-ptp-fast-event-notifications-framework.adoc
index c14f62f40fec..beb4fd6d55af 100644
--- a/modules/cnf-about-ptp-fast-event-notifications-framework.adoc
+++ b/modules/cnf-about-ptp-fast-event-notifications-framework.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/using-ptp-events.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-ptp-fast-event-notifications-framework_{context}"]
 = About the PTP fast event notifications framework
 
@@ -32,11 +32,6 @@ The PTP plugin reads the event from the UNIX domain socket and passes it to the
 
 image:darkcircle-3.png[20,20] Event is persisted::
 The `cloud-event-proxy` sidecar in the PTP Operator-managed pod processes the event and publishes the cloud-native event by using a REST API.
-+
-[NOTE]
-====
-When you use HTTP transport for events, you must persist the events subscription in the PTP Operator-managed pod by using a Persistent Volume (PV) resource or similar persistent storage mechanism.
-====
 
 image:darkcircle-4.png[20,20] Message is transported::
 The message transporter transports the event to the `cloud-event-proxy` sidecar in the application pod over HTTP or AMQP 1.0 QPID.
diff --git a/modules/cnf-about-the-profile-creator-tool.adoc b/modules/cnf-about-the-profile-creator-tool.adoc
index 8ef33fa5d1cf..3ff072199913 100644
--- a/modules/cnf-about-the-profile-creator-tool.adoc
+++ b/modules/cnf-about-the-profile-creator-tool.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-792 (4.8)
 // * scalability_and_performance/cnf-create-performance-profiles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-the-profile-creator-tool_{context}"]
 = About the Performance Profile Creator
 
diff --git a/modules/cnf-about-topology-aware-lifecycle-manager-blocking-crs.adoc b/modules/cnf-about-topology-aware-lifecycle-manager-blocking-crs.adoc
index af99ad355260..34c4285cdae0 100644
--- a/modules/cnf-about-topology-aware-lifecycle-manager-blocking-crs.adoc
+++ b/modules/cnf-about-topology-aware-lifecycle-manager-blocking-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-about-topology-aware-lifecycle-manager-blocking-crs_{context}"]
 = Blocking ClusterGroupUpgrade CRs
 
diff --git a/modules/cnf-about-topology-aware-lifecycle-manager-config.adoc b/modules/cnf-about-topology-aware-lifecycle-manager-config.adoc
index 36254476b6b2..9a5c6d451d69 100644
--- a/modules/cnf-about-topology-aware-lifecycle-manager-config.adoc
+++ b/modules/cnf-about-topology-aware-lifecycle-manager-config.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-topology-aware-lifecycle-manager-config_{context}"]
 = About the {cgu-operator-full} configuration
 
diff --git a/modules/cnf-about-topology-aware-lifecycle-manager-policies.adoc b/modules/cnf-about-topology-aware-lifecycle-manager-policies.adoc
index 4fcbde5b0b33..2ee82dce5507 100644
--- a/modules/cnf-about-topology-aware-lifecycle-manager-policies.adoc
+++ b/modules/cnf-about-topology-aware-lifecycle-manager-policies.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-topology-aware-lifecycle-manager-about-policies_{context}"]
 = About managed policies used with {cgu-operator-full}
 
@@ -11,7 +11,7 @@ The {cgu-operator-first} uses {rh-rhacm} policies for cluster updates.
 {cgu-operator} can be used to manage the rollout of any policy CR where the `remediationAction` field is set to `inform`.
 Supported use cases include the following:
 
-* Manual user creation of policy CRs 
+* Manual user creation of policy CRs
 * Automatically generated policies from the `PolicyGenTemplate` custom resource definition (CRD)
 
 For policies that update an Operator subscription with manual approval, {cgu-operator} provides additional functionality that approves the installation of the updated Operator.
diff --git a/modules/cnf-about-virtual-routing-and-forwarding.adoc b/modules/cnf-about-virtual-routing-and-forwarding.adoc
index aec1274e411a..eb71ca238728 100644
--- a/modules/cnf-about-virtual-routing-and-forwarding.adoc
+++ b/modules/cnf-about-virtual-routing-and-forwarding.adoc
@@ -2,7 +2,7 @@
 //
 // networking/multiple_networks/about-virtual-routing-and-forwarding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-about-virtual-routing-and-forwarding_{context}"]
 = About virtual routing and forwarding
 
diff --git a/modules/cnf-about_hyperthreading_for_low_latency_and_real_time_applications.adoc b/modules/cnf-about_hyperthreading_for_low_latency_and_real_time_applications.adoc
index 621e42793fd3..bf42fa0e49a0 100644
--- a/modules/cnf-about_hyperthreading_for_low_latency_and_real_time_applications.adoc
+++ b/modules/cnf-about_hyperthreading_for_low_latency_and_real_time_applications.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about_hyperthreading_for_low_latency_and_real_time_applications_{context}"]
 = About hyperthreading for low latency and real-time applications
 
diff --git a/modules/cnf-adjusting-nic-queues-with-the-performance-profile.adoc b/modules/cnf-adjusting-nic-queues-with-the-performance-profile.adoc
index df17beef2cd8..935b8eed4e90 100644
--- a/modules/cnf-adjusting-nic-queues-with-the-performance-profile.adoc
+++ b/modules/cnf-adjusting-nic-queues-with-the-performance-profile.adoc
@@ -2,7 +2,7 @@
 //CNF-1483 (4.8)
 // * scalability_and_performance/low-latency-tuning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adjusting-nic-queues-with-the-performance-profile_{context}"]
 = Adjusting the NIC queues with the performance profile
 
diff --git a/modules/cnf-assigning-a-secondary-network-to-a-vrf.adoc b/modules/cnf-assigning-a-secondary-network-to-a-vrf.adoc
index a76720346154..390b27f06eb9 100644
--- a/modules/cnf-assigning-a-secondary-network-to-a-vrf.adoc
+++ b/modules/cnf-assigning-a-secondary-network-to-a-vrf.adoc
@@ -3,7 +3,7 @@
 // networking/multiple_networks/assigning-a-secondary-network-to-a-vrf.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-assigning-a-secondary-network-to-a-vrf_{context}"]
 = Assigning a secondary network to a VRF
 
diff --git a/modules/cnf-assigning-a-sriov-network-to-a-vrf.adoc b/modules/cnf-assigning-a-sriov-network-to-a-vrf.adoc
index 209f39f079bf..7e8feca993fd 100644
--- a/modules/cnf-assigning-a-sriov-network-to-a-vrf.adoc
+++ b/modules/cnf-assigning-a-sriov-network-to-a-vrf.adoc
@@ -2,7 +2,7 @@
 //
 //networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-assigning-a-sriov-network-to-a-vrf_{context}"]
 = Assigning an SR-IOV network to a VRF
 
diff --git a/modules/cnf-collecting-low-latency-tuning-debugging-data-for-red-hat-support.adoc b/modules/cnf-collecting-low-latency-tuning-debugging-data-for-red-hat-support.adoc
index 884d8455a647..e52c523cdd4a 100644
--- a/modules/cnf-collecting-low-latency-tuning-debugging-data-for-red-hat-support.adoc
+++ b/modules/cnf-collecting-low-latency-tuning-debugging-data-for-red-hat-support.adoc
@@ -3,7 +3,7 @@
 //
 // *scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-collecting-low-latency-tuning-debugging-data-for-red-hat-support_{context}"]
 = Collecting low latency tuning debugging data for Red Hat Support
 
@@ -25,44 +25,17 @@ The `oc adm must-gather` CLI command collects the information from your cluster
 You can specify one or more images when you run the command by including the `--image` argument. When you specify an image, the tool collects data related to that feature or product. When you run `oc adm must-gather`, a new pod is created on the cluster. The data is collected on that pod and saved in a new directory that starts with `must-gather.local`. This directory is created in your current working directory.
 
 [id="cnf-about-collecting-low-latency-data_{context}"]
-== About collecting low latency tuning data
+== Gathering low latency tuning data
 
 Use the `oc adm must-gather` CLI command to collect information about your cluster, including features and objects associated with low latency tuning, including:
 
 * The Node Tuning Operator namespaces and child objects.
 * `MachineConfigPool` and associated `MachineConfig` objects.
 * The Node Tuning Operator and associated Tuned objects.
-* Linux Kernel command line options.
+* Linux kernel command line options.
 * CPU and NUMA topology
 * Basic PCI device information and NUMA locality.
 
-To collect debugging information with `must-gather`, you must specify the Performance Addon Operator `must-gather` image:
-
-[source,terminal,subs="attributes+"]
-----
---image=registry.redhat.io/openshift4/performance-addon-operator-must-gather-rhel8:v{product-version}.
-----
-
-[NOTE]
-====
-In earlier versions of {product-title}, the Performance Addon Operator provided automatic, low latency performance tuning for applications. In {product-title} 4.11 and later, this functionality is part of the Node Tuning Operator. However, you must still use the `performance-addon-operator-must-gather` image when running the `must-gather` command.
-====
-
-[id="cnf-about-gathering-data_{context}"]
-== Gathering data about specific features
-
-You can gather debugging information about specific features by using the `oc adm must-gather` CLI command with the `--image` or `--image-stream` argument. The `must-gather` tool supports multiple images, so you can gather data about more than one feature by running a single command.
-
-[NOTE]
-====
-To collect the default `must-gather` data in addition to specific feature data, add the `--image-stream=openshift/must-gather` argument.
-====
-
-[NOTE]
-====
-In earlier versions of {product-title}, the Performance Addon Operator provided automatic, low latency performance tuning for applications. In {product-title} 4.11, these functions are part of the Node Tuning Operator. However, you must still use the `performance-addon-operator-must-gather` image when running the `must-gather` command.
-====
-
 .Prerequisites
 
 * Access to the cluster as a user with the `cluster-admin` role.
@@ -72,26 +45,55 @@ In earlier versions of {product-title}, the Performance Addon Operator provided
 
 . Navigate to the directory where you want to store the `must-gather` data.
 
-. Run the `oc adm must-gather` command with one or more `--image` or `--image-stream` arguments. For example, the following command gathers both the default cluster data and information specific to the Node Tuning Operator:
+. Collect debugging information by running the following command:
 +
-[source,terminal,subs="attributes+"]
+[source,terminal]
 ----
-$ oc adm must-gather \
- --image-stream=openshift/must-gather \ <1>
-
- --image=registry.redhat.io/openshift4/performance-addon-operator-must-gather-rhel8:v{product-version} <2>
+$ oc adm must-gather
 ----
 +
-<1> The default {product-title} `must-gather` image.
-<2> The `must-gather` image for low latency tuning diagnostics.
+.Example output
++
+[source,terminal]
+----
+[must-gather      ] OUT Using must-gather plug-in image: quay.io/openshift-release
+When opening a support case, bugzilla, or issue please include the following summary data along with any other requested information:
+ClusterID: 829er0fa-1ad8-4e59-a46e-2644921b7eb6
+ClusterVersion: Stable at "<cluster_version>"
+ClusterOperators:
+	All healthy and stable
+
+
+[must-gather      ] OUT namespace/openshift-must-gather-8fh4x created
+[must-gather      ] OUT clusterrolebinding.rbac.authorization.k8s.io/must-gather-rhlgc created
+[must-gather-5564g] POD 2023-07-17T10:17:37.610340849Z Gathering data for ns/openshift-cluster-version...
+[must-gather-5564g] POD 2023-07-17T10:17:38.786591298Z Gathering data for ns/default...
+[must-gather-5564g] POD 2023-07-17T10:17:39.117418660Z Gathering data for ns/openshift...
+[must-gather-5564g] POD 2023-07-17T10:17:39.447592859Z Gathering data for ns/kube-system...
+[must-gather-5564g] POD 2023-07-17T10:17:39.803381143Z Gathering data for ns/openshift-etcd...
+
+...
+
+Reprinting Cluster State:
+When opening a support case, bugzilla, or issue please include the following summary data along with any other requested information:
+ClusterID: 829er0fa-1ad8-4e59-a46e-2644921b7eb6
+ClusterVersion: Stable at "<cluster_version>"
+ClusterOperators:
+	All healthy and stable
+----
 
 . Create a compressed file from the `must-gather` directory that was created in your working directory. For example, on a computer that uses a Linux operating system, run the following command:
 +
 [source,terminal]
 ----
- $ tar cvaf must-gather.tar.gz must-gather.local.5421342344627712289/ <1>
+$ tar cvaf must-gather.tar.gz must-gather-local.5421342344627712289// <1>
 ----
 +
-<1> Replace `must-gather-local.5421342344627712289/` with the actual directory name.
+<1> Replace `must-gather-local.5421342344627712289//` with the directory name created by the `must-gather` tool.
++
+[NOTE]
+====
+Create a compressed file to attach the data to a support case or to use with the Performance Profile Creator wrapper script when you create a performance profile.
+====
 
 . Attach the compressed file to your support case on the link:https://access.redhat.com/[Red Hat Customer Portal].
diff --git a/modules/cnf-configure_for_irq_dynamic_load_balancing.adoc b/modules/cnf-configure_for_irq_dynamic_load_balancing.adoc
index 46538da7f3dd..f751153763ad 100644
--- a/modules/cnf-configure_for_irq_dynamic_load_balancing.adoc
+++ b/modules/cnf-configure_for_irq_dynamic_load_balancing.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring_for_irq_dynamic_load_balancing_{context}"]
 = Configuring a node for IRQ dynamic load balancing
 
diff --git a/modules/cnf-configuring-fifo-priority-scheduling-for-ptp.adoc b/modules/cnf-configuring-fifo-priority-scheduling-for-ptp.adoc
index d401f9b4fd4d..a7cf8c959ad6 100644
--- a/modules/cnf-configuring-fifo-priority-scheduling-for-ptp.adoc
+++ b/modules/cnf-configuring-fifo-priority-scheduling-for-ptp.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-configuring-fifo-priority-scheduling-for-ptp_{context}"]
 = Configuring FIFO priority scheduling for PTP hardware
 
-In telco or other deployment configurations that require low latency performance, PTP daemon threads run in a constrained CPU footprint alongside the rest of the infrastructure components. By default, PTP threads run with the `SCHED_OTHER` policy. Under high load, these threads might not get the scheduling latency they require for error-free operation.
+In telco or other deployment types that require low latency performance, PTP daemon threads run in a constrained CPU footprint alongside the rest of the infrastructure components. By default, PTP threads run with the `SCHED_OTHER` policy. Under high load, these threads might not get the scheduling latency they require for error-free operation.
 
 To mitigate against potential scheduling latency errors, you can configure the PTP Operator `linuxptp` services to allow threads to run with a `SCHED_FIFO` policy. If `SCHED_FIFO` is set for a `PtpConfig` CR, then `ptp4l` and `phc2sys` will run in the parent container under `chrt` with a priority set by the `ptpSchedulingPriority` field of the `PtpConfig` CR.
 
@@ -76,5 +76,3 @@ $ oc -n openshift-ptp logs linuxptp-daemon-lgm55 -c linuxptp-daemon-container|gr
 ----
 I1216 19:24:57.091872 1600715 daemon.go:285] /bin/chrt -f 65 /usr/sbin/ptp4l -f /var/run/ptp4l.0.config -2  --summary_interval -4 -m
 ----
-
-
diff --git a/modules/cnf-configuring-log-filtering-for-linuxptp.adoc b/modules/cnf-configuring-log-filtering-for-linuxptp.adoc
index 8d7de05a016b..9eb306f578e7 100644
--- a/modules/cnf-configuring-log-filtering-for-linuxptp.adoc
+++ b/modules/cnf-configuring-log-filtering-for-linuxptp.adoc
@@ -1,14 +1,14 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-configuring-log-filtering-for-linuxptp_{context}"]
 = Configuring log filtering for linuxptp services
 
-The `linuxptp` daemon generates logs that you can use for debugging purposes. In telco or other deployment configurations that feature a limited storage capacity, these logs can add to the storage demand. 
+The `linuxptp` daemon generates logs that you can use for debugging purposes. In telco or other deployment types that feature a limited storage capacity, these logs can add to the storage demand.
 
-To reduce the number log messages, you can configure the `PtpConfig` custom resource (CR) to exclude log messages that report the `master offset` value. The `master offset` log message reports the difference between the current node's clock and the master clock in nanoseconds.  
+To reduce the number log messages, you can configure the `PtpConfig` custom resource (CR) to exclude log messages that report the `master offset` value. The `master offset` log message reports the difference between the current node's clock and the master clock in nanoseconds.
 
 .Prerequisites
 * Install the OpenShift CLI (`oc`).
@@ -77,4 +77,4 @@ $ oc -n openshift-ptp logs <linux_daemon_container> -c linuxptp-daemon-container
 ----
 <1> <linux_daemon_container> is the name of the `linuxptp-daemon` pod, for example `linuxptp-daemon-gmv2n`.
 +
-When you configure the `logReduce` specification, this command does not report any instances of `master offset` in the logs of the `linuxptp` daemon.
\ No newline at end of file
+When you configure the `logReduce` specification, this command does not report any instances of `master offset` in the logs of the `linuxptp` daemon.
diff --git a/modules/cnf-configuring-node-groups-for-the-numaresourcesoperator.adoc b/modules/cnf-configuring-node-groups-for-the-numaresourcesoperator.adoc
index b1c89e14c665..5d54e6b169ff 100644
--- a/modules/cnf-configuring-node-groups-for-the-numaresourcesoperator.adoc
+++ b/modules/cnf-configuring-node-groups-for-the-numaresourcesoperator.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="cnf-configuring-node-groups-for-the-numaresourcesoperator_{context}"]
 = Optional: Configuring polling operations for NUMA resources updates
diff --git a/modules/cnf-configuring-the-ptp-fast-event-publisher.adoc b/modules/cnf-configuring-the-ptp-fast-event-publisher.adoc
index 0eab42101b5f..60ef23240315 100644
--- a/modules/cnf-configuring-the-ptp-fast-event-publisher.adoc
+++ b/modules/cnf-configuring-the-ptp-fast-event-publisher.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/using-ptp-events.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-configuring-the-ptp-fast-event-publisher_{context}"]
 = Configuring the PTP fast event notifications publisher
 
@@ -16,15 +16,6 @@ To start using PTP fast event notifications for a network interface in your clus
 
 * You have installed the PTP Operator.
 
-* When you use HTTP events transport, configure dynamic volume provisioning in the cluster or manually create `StorageClass`, `LocalVolume`, and `PersistentVolume` resources to persist the events subscription.
-+
-[NOTE]
-====
-When you enable dynamic volume provisioning in the cluster, a `PersistentVolume` resource is automatically created for the `PersistentVolumeClaim` that the PTP Operator deploys.
-
-For more information about manually creating persistent storage in the cluster, see "Persistent storage using local volumes".
-====
-
 .Procedure
 
 . Modify the default PTP Operator config to enable PTP fast events.
@@ -43,19 +34,14 @@ spec:
     node-role.kubernetes.io/worker: ""
   ptpEventConfig:
     enableEventPublisher: true <1>
-    storageType: "example-storage-class" <2>
 ----
 <1> Set `enableEventPublisher` to `true` to enable PTP fast event notifications.
-<2> Use the value that you set for `storageType` to populate the `StorageClassName` field for the `PersistentVolumeClaim` (`PVC`) resource that the PTP Operator automatically deploys.
-The `PVC` resource is used to persist consumer event subscriptions.
+
 +
 [NOTE]
 ====
 In {product-title} 4.13 or later, you do not need to set the `spec.ptpEventConfig.transportHost` field in the `PtpOperatorConfig` resource when you use HTTP transport for PTP events.
 Set `transportHost` only when you use AMQP transport for PTP events.
-
-The value that you set for `.spec.storageType` in the `PtpOperatorConfig` CR must match the `storageClassName` that is set in the `PersistentVolume` CR.
-If `storageType` is not set and the `transportHost` uses HTTP, the PTP daemons are not deployed.
 ====
 
 .. Update the `PtpOperatorConfig` CR:
@@ -77,10 +63,10 @@ spec:
     ptp4lOpts: "-2 -s --summary_interval -4" <1>
     phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" <2>
     ptp4lConf: "" <3>
-  ptpClockThreshold: <4>
-    holdOverTimeout: 5
-    maxOffsetThreshold: 100
-    minOffsetThreshold: -100
+    ptpClockThreshold: <4>
+      holdOverTimeout: 5
+      maxOffsetThreshold: 100
+      minOffsetThreshold: -100
 ----
 <1> Append `--summary_interval -4` to use PTP fast events.
 <2> Required `phc2sysOpts` values. `-m` prints messages to `stdout`. The `linuxptp-daemon` `DaemonSet` parses the logs and generates Prometheus metrics.
diff --git a/modules/cnf-configuring-workload-hints.adoc b/modules/cnf-configuring-workload-hints.adoc
index 52a39eec5873..4c2b1c78bfeb 100644
--- a/modules/cnf-configuring-workload-hints.adoc
+++ b/modules/cnf-configuring-workload-hints.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-workload-hints_{context}"]
 = Configuring workload hints manually
 
@@ -26,3 +26,8 @@
 ----
 <1> If `highPowerConsumption` is `true`, the node is tuned for very low latency at the cost of increased power consumption.
 <2> Disables some debugging and monitoring features that can affect system latency.
+
+[NOTE]
+====
+When the `realTime` workload hint flag is set to `true` in a performance profile, add the `cpu-quota.crio.io: disable` annotation to every guaranteed pod with pinned CPUs. This annotation is necessary to prevent the degradation of the process performance within the pod. If the `realTime` workload hint is not explicitly set then it defaults to `true`.
+====
\ No newline at end of file
diff --git a/modules/cnf-cpu-infra-container.adoc b/modules/cnf-cpu-infra-container.adoc
index 819f524ae863..71f55c08d876 100644
--- a/modules/cnf-cpu-infra-container.adoc
+++ b/modules/cnf-cpu-infra-container.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-cpu-infra-container_{context}"]
 = Restricting CPUs for infra and application containers
 
@@ -36,7 +36,7 @@ Generic housekeeping and workload tasks use CPUs in a way that may impact latenc
 The allocatable capacity of cores on a node for pods of all QoS process types, `Burstable`,  `BestEffort`, or `Guaranteed`, is equal to the capacity of the isolated pool. The capacity of the reserved pool is removed from the node's total core capacity for use by the cluster and operating system housekeeping duties.
 
 .Example 1
-A node features a capacity of 100 cores. Using a performance profile, the cluster administrator allocates 50 cores to the isolated pool and 50 cores to the reserved pool. The cluster administrator assigns 25 cores to QoS `Guaranteed` pods and 25 cores for `BestEffort` or `Burstable` pods. This matches the capacity of the isolated pool. 
+A node features a capacity of 100 cores. Using a performance profile, the cluster administrator allocates 50 cores to the isolated pool and 50 cores to the reserved pool. The cluster administrator assigns 25 cores to QoS `Guaranteed` pods and 25 cores for `BestEffort` or `Burstable` pods. This matches the capacity of the isolated pool.
 
 .Example 2
 A node features a capacity of 100 cores. Using a performance profile, the cluster administrator allocates 50 cores to the isolated pool and 50 cores to the reserved pool. The cluster administrator assigns 50 cores to QoS `Guaranteed` pods and one core for `BestEffort` or `Burstable` pods. This exceeds the capacity of the isolated pool by one core. Pod scheduling fails because of insufficient CPU capacity.
diff --git a/modules/cnf-debugging-low-latency-cnf-tuning-status.adoc b/modules/cnf-debugging-low-latency-cnf-tuning-status.adoc
index c4b7582cac5f..4dc6937eb0d0 100644
--- a/modules/cnf-debugging-low-latency-cnf-tuning-status.adoc
+++ b/modules/cnf-debugging-low-latency-cnf-tuning-status.adoc
@@ -61,7 +61,7 @@ Each of these types contain the following fields:
 
 A performance profile and its created products are applied to a node according to an associated machine config pool (MCP). The MCP holds valuable information about the progress of applying the machine configurations created by performance profiles that encompass kernel args, kube config, huge pages allocation, and deployment of rt-kernel. The Performance Profile controller monitors changes in the MCP and updates the performance profile status accordingly.
 
-The only conditions returned by the MCP to the performance profile status is when the MCP is `Degraded`, which leads to `performaceProfile.status.condition.Degraded = true`.
+The only conditions returned by the MCP to the performance profile status is when the MCP is `Degraded`, which leads to `performanceProfile.status.condition.Degraded = true`.
 
 .Example
 
diff --git a/modules/cnf-deploying-the-numa-aware-scheduler-with-manual-performance-settings.adoc b/modules/cnf-deploying-the-numa-aware-scheduler-with-manual-performance-settings.adoc
index 9f523817fb82..a8ea748c0017 100644
--- a/modules/cnf-deploying-the-numa-aware-scheduler-with-manual-performance-settings.adoc
+++ b/modules/cnf-deploying-the-numa-aware-scheduler-with-manual-performance-settings.adoc
@@ -78,7 +78,7 @@ metadata:
   name: numaresourcesscheduler
 spec:
   imageSpec: "registry.redhat.io/openshift4/noderesourcetopology-scheduler-container-rhel8:v{product-version}"
-  cacheResyncPeriod: "5s" <1> 
+  cacheResyncPeriod: "5s" <1>
 ----
 <1> Enter an interval value in seconds for synchronization of the scheduler cache. A value of `5s` is typical for most implementations.
 +
diff --git a/modules/cnf-deploying-the-numa-aware-scheduler.adoc b/modules/cnf-deploying-the-numa-aware-scheduler.adoc
index 4d30c1bc3da4..c8e6da0b5741 100644
--- a/modules/cnf-deploying-the-numa-aware-scheduler.adoc
+++ b/modules/cnf-deploying-the-numa-aware-scheduler.adoc
@@ -8,7 +8,7 @@
 
 After you install the NUMA Resources Operator, do the following to deploy the NUMA-aware secondary pod scheduler:
 
-* Configure the performance profile. 
+* Configure the performance profile.
 
 * Deploy the NUMA-aware secondary scheduler.
 
@@ -36,8 +36,8 @@ metadata:
   name: perfprof-nrop
 spec:
   cpu: <1>
-    isolated: "4-51,56-103" 
-    reserved: "0,1,2,3,52,53,54,55" 
+    isolated: "4-51,56-103"
+    reserved: "0,1,2,3,52,53,54,55"
   nodeSelector:
     node-role.kubernetes.io/worker: ""
   numa:
@@ -69,8 +69,8 @@ kind: NUMAResourcesScheduler
 metadata:
   name: numaresourcesscheduler
 spec:
-  imageSpec: "registry.redhat.io/openshift4/noderesourcetopology-scheduler-container-rhel8:v{product-version}"
-  cacheResyncPeriod: "5s" <1> 
+  imageSpec: "registry.redhat.io/openshift4/noderesourcetopology-scheduler-rhel9:v{product-version}"
+  cacheResyncPeriod: "5s" <1>
 ----
 <1> Enter an interval value in seconds for synchronization of the scheduler cache. A value of `5s` is typical for most implementations.
 +
diff --git a/modules/cnf-disable-chronyd.adoc b/modules/cnf-disable-chronyd.adoc
index 671a726fb8e2..e7554dd6157b 100644
--- a/modules/cnf-disable-chronyd.adoc
+++ b/modules/cnf-disable-chronyd.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/using-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-disable-chronyd_{context}"]
 = Disabling the chrony time service
 
diff --git a/modules/cnf-du-management-pods.adoc b/modules/cnf-du-management-pods.adoc
index b7dd626c82b6..1885f8e5c9e2 100644
--- a/modules/cnf-du-management-pods.adoc
+++ b/modules/cnf-du-management-pods.adoc
@@ -252,7 +252,7 @@ The following tables identify the namespaces and pods that can be restricted to
 | packageserver
 
 | openshift-ovn-kubernetes
-| ovnkube-master
+| ovnkube-control-plane
 
 | openshift-ovn-kubernetes
 | ovnkube-node
diff --git a/modules/cnf-fast-event-notifications-api-refererence.adoc b/modules/cnf-fast-event-notifications-api-refererence.adoc
index 2b2357e626cb..e1957e8647a5 100644
--- a/modules/cnf-fast-event-notifications-api-refererence.adoc
+++ b/modules/cnf-fast-event-notifications-api-refererence.adoc
@@ -1,42 +1,14 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/using-ptp-events.adoc
 
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-fast-event-notifications-api-refererence_{context}"]
-= Subscribing DU applications to PTP events REST API reference
+= PTP events REST API reference
 
-Use the PTP event notifications REST API to subscribe a distributed unit (DU) application to the PTP events that are generated on the parent node.
-
-Subscribe applications to PTP events by using the resource address `/cluster/node/<node_name>/ptp`, where `<node_name>` is the cluster node running the DU application.
-
-Deploy your `cloud-event-consumer` DU application container and `cloud-event-proxy` sidecar container in a separate DU application pod. The `cloud-event-consumer` DU application subscribes to the `cloud-event-proxy` container in the application pod.
-
-Use the following API endpoints to subscribe the `cloud-event-consumer` DU application to PTP events posted by the `cloud-event-proxy` container at [x-]`http://localhost:8089/api/ocloudNotifications/v1/` in the DU application pod:
-
-* `/api/ocloudNotifications/v1/subscriptions`
-- `POST`: Creates a new subscription
-- `GET`: Retrieves a list of subscriptions
-
-* `/api/ocloudNotifications/v1/subscriptions/<subscription_id>`
-- `GET`: Returns details for the specified subscription ID
-
-* `api/ocloudNotifications/v1/subscriptions/status/<subscription_id>`
-- `PUT`: Creates a new status ping request for the specified subscription ID
-
-* `/api/ocloudNotifications/v1/health`
-- `GET`: Returns the health status of `ocloudNotifications` API
-
-* `api/ocloudNotifications/v1/publishers`
-- `GET`: Returns an array of `os-clock-sync-state`, `ptp-clock-class-change`, and `lock-state` messages for the cluster node
-
-* `/api/ocloudnotifications/v1/<resource_address>/CurrentState`
--  `GET`: Returns the current state of one the following event types: `os-clock-sync-state`, `ptp-clock-class-change`, or `lock-state` events
-
-[NOTE]
-====
-`9089` is the default port for the `cloud-event-consumer` container deployed in the application pod. You can configure a different port for your DU application as required.
-====
+Use the PTP event notifications REST API to subscribe a cluster application to the PTP events that are generated on the parent node.
 
+[id="api-ocloud-notifications-v1-subscriptions_{context}"]
 == api/ocloudNotifications/v1/subscriptions
 
 [discrete]
@@ -45,7 +17,7 @@ Use the following API endpoints to subscribe the `cloud-event-consumer` DU appli
 `GET api/ocloudNotifications/v1/subscriptions`
 
 [discrete]
-==== Description
+=== Description
 
 Returns a list of subscriptions. If subscriptions exist, a `200 OK` status code is returned along with the list of subscriptions.
 
@@ -68,17 +40,19 @@ Returns a list of subscriptions. If subscriptions exist, a `200 OK` status code
 `POST api/ocloudNotifications/v1/subscriptions`
 
 [discrete]
-==== Description
+=== Description
 
 Creates a new subscription. If a subscription is successfully created, or if it already exists, a `201 Created` status code is returned.
 
 .Query parameters
-|===
-| Parameter | Type
+[cols=2*, width="60%", options="header"]
+|====
+|Parameter
+|Type
 
-| subscription
-| data
-|===
+|subscription
+|data
+|====
 
 .Example payload
 [source,json]
@@ -89,6 +63,7 @@ Creates a new subscription. If a subscription is successfully created, or if it
 }
 ----
 
+[id="api-ocloud-notifications-v1-subscriptions-subscription_id_{context}"]
 == api/ocloudNotifications/v1/subscriptions/<subscription_id>
 
 [discrete]
@@ -97,17 +72,19 @@ Creates a new subscription. If a subscription is successfully created, or if it
 `GET api/ocloudNotifications/v1/subscriptions/<subscription_id>`
 
 [discrete]
-==== Description
+=== Description
 
 Returns details for the subscription with ID `<subscription_id>`
 
 .Query parameters
-|===
-| Parameter | Type
+[cols=2*, width="60%", options="header"]
+|====
+|Parameter
+|Type
 
-| `<subscription_id>`
-| string
-|===
+|`<subscription_id>`
+|string
+|====
 
 .Example API response
 [source,json]
@@ -120,33 +97,8 @@ Returns details for the subscription with ID `<subscription_id>`
 }
 ----
 
-== api/ocloudNotifications/v1/subscriptions/status/<subscription_id>
-
-[discrete]
-=== HTTP method
-
-`PUT api/ocloudNotifications/v1/subscriptions/status/<subscription_id>`
-
-[discrete]
-==== Description
-
-Creates a new status ping request for subscription with ID `<subscription_id>`. If a subscription is present, the status request is successful and a `202 Accepted` status code is returned.
-
-.Query parameters
-|===
-| Parameter | Type
-
-| `<subscription_id>`
-| string
-|===
-
-.Example API response
-[source,json]
-----
-{"status":"ping sent"}
-----
-
-== api/ocloudNotifications/v1/health/
+[id="api-ocloudnotifications-v1-health_{context}"]
+== api/ocloudNotifications/v1/health
 
 [discrete]
 === HTTP method
@@ -154,7 +106,7 @@ Creates a new status ping request for subscription with ID `<subscription_id>`.
 `GET api/ocloudNotifications/v1/health/`
 
 [discrete]
-==== Description
+=== Description
 
 Returns the health status for the `ocloudNotifications` REST API.
 
@@ -164,6 +116,7 @@ Returns the health status for the `ocloudNotifications` REST API.
 OK
 ----
 
+[id="api-ocloudnotifications-v1-publishers_{context}"]
 == api/ocloudNotifications/v1/publishers
 
 [discrete]
@@ -172,13 +125,17 @@ OK
 `GET api/ocloudNotifications/v1/publishers`
 
 [discrete]
-==== Description
+=== Description
 
-Returns an array of `os-clock-sync-state`, `ptp-clock-class-change`, and `lock-state` details for the cluster node. The system generates notifications when the relevant equipment state changes.
+Returns an array of `os-clock-sync-state`, `ptp-clock-class-change`, `lock-state`, and `gnss-sync-status` details for the cluster node.
+The system generates notifications when the relevant equipment state changes.
 
 * `os-clock-sync-state` notifications describe the host operating system clock synchronization state. Can be in `LOCKED` or `FREERUN` state.
 * `ptp-clock-class-change` notifications describe the current state of the PTP clock class.
 * `lock-state` notifications describe the current status of the PTP equipment lock state. Can be in `LOCKED`, `HOLDOVER` or `FREERUN` state.
+* `gnss-sync-status` notifications describe the GPS synchronization state with regard to the external GNSS clock signal. Can be in `LOCKED` or `FREERUN` state.
+
+You can use equipment synchronization status subscriptions together to deliver a detailed view of the overall synchronization health of the system.
 
 .Example API response
 [source,json]
@@ -201,11 +158,17 @@ Returns an array of `os-clock-sync-state`, `ptp-clock-class-change`, and `lock-s
     "endpointUri": "http://localhost:9085/api/ocloudNotifications/v1/dummy",
     "uriLocation": "http://localhost:9085/api/ocloudNotifications/v1/publishers/44aa480d-7347-48b0-a5b0-e0af01fa9677",
     "resource": "/cluster/node/compute-1.example.com/sync/ptp-status/lock-state"
+  },
+  {
+    "id": "778da345d-4567-67b0-a43f0-rty885a456",
+    "endpointUri": "http://localhost:9085/api/ocloudNotifications/v1/dummy",
+    "uriLocation": "http://localhost:9085/api/ocloudNotifications/v1/publishers/778da345d-4567-67b0-a43f0-rty885a456",
+    "resource": "/cluster/node/compute-1.example.com/sync/gnss-status/gnss-sync-status"
   }
 ]
 ----
 
-You can find `os-clock-sync-state`, `ptp-clock-class-change` and `lock-state` events in the logs for the `cloud-event-proxy` container. For example:
+You can find `os-clock-sync-state`, `ptp-clock-class-change`, `lock-state`, and `gnss-sync-status` events in the logs for the `cloud-event-proxy` container. For example:
 
 [source,terminal]
 ----
@@ -293,7 +256,37 @@ $ oc logs -f linuxptp-daemon-cvgr6 -n openshift-ptp -c cloud-event-proxy
 }
 ----
 
-== /api/ocloudnotifications/v1/<resource_address>/CurrentState
+.Example gnss-sync-status event
+[source,json]
+----
+{
+  "id": "435e1f2a-6854-4555-8520-767325c087d7",
+  "type": "event.sync.gnss-status.gnss-state-change",
+  "source": "/cluster/node/compute-1.example.com/sync/gnss-status/gnss-sync-status",
+  "dataContentType": "application/json",
+  "time": "2023-09-27T19:35:33.42347206Z",
+  "data": {
+    "version": "v1",
+    "values": [
+      {
+        "resource": "/cluster/node/compute-1.example.com/ens2fx/master",
+        "dataType": "notification",
+        "valueType": "enumeration",
+        "value": "LOCKED"
+      },
+      {
+        "resource": "/cluster/node/compute-1.example.com/ens2fx/master",
+        "dataType": "metric",
+        "valueType": "decimal64.3",
+        "value": "5"
+      }
+    ]
+  }
+}
+----
+
+[id="resource-address-current-state_{context}"]
+== api/ocloudNotifications/v1/<resource_address>/CurrentState
 
 [discrete]
 === HTTP method
@@ -305,21 +298,23 @@ $ oc logs -f linuxptp-daemon-cvgr6 -n openshift-ptp -c cloud-event-proxy
 `GET api/ocloudNotifications/v1/cluster/node/<node_name>/sync/ptp-status/ptp-clock-class-change/CurrentState`
 
 [discrete]
-==== Description
+=== Description
 
-Configure the `CurrentState` API endpoint to return the current state of the `os-clock-sync-state`, `ptp-clock-class-change`, or `lock-state` events for the cluster node.
+Configure the `CurrentState` API endpoint to return the current state of the `os-clock-sync-state`, `ptp-clock-class-change`, `lock-state` events for the cluster node.
 
 * `os-clock-sync-state` notifications describe the host operating system clock synchronization state. Can be in `LOCKED` or `FREERUN` state.
 * `ptp-clock-class-change` notifications describe the current state of the PTP clock class.
 * `lock-state` notifications describe the current status of the PTP equipment lock state. Can be in `LOCKED`, `HOLDOVER` or `FREERUN` state.
 
 .Query parameters
-|===
-| Parameter | Type
-
-| `<resource_address>`
-| string
-|===
+[cols=2*, width="60%", options="header"]
+|====
+|Parameter
+|Type
+
+|`<resource_address>`
+|string
+|====
 
 .Example lock-state API response
 [source,json]
diff --git a/modules/cnf-gathering-data-about-cluster-using-must-gather.adoc b/modules/cnf-gathering-data-about-cluster-using-must-gather.adoc
index 14ecc33bce7b..97897f419cd1 100644
--- a/modules/cnf-gathering-data-about-cluster-using-must-gather.adoc
+++ b/modules/cnf-gathering-data-about-cluster-using-must-gather.adoc
@@ -2,21 +2,15 @@
 // Epic CNF-792 (4.8)
 // * scalability_and_performance/cnf-create-performance-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-data-about-your-cluster-using-must-gather_{context}"]
 = Gathering data about your cluster using the must-gather command
 
 The Performance Profile Creator (PPC) tool requires `must-gather` data. As a cluster administrator, run the `must-gather` command to capture information about your cluster.
 
-[NOTE]
-====
-In earlier versions of {product-title}, the Performance Addon Operator provided automatic, low latency performance tuning for applications. In {product-title} 4.11 and later, this functionality is part of the Node Tuning Operator. However, you must still use the `performance-addon-operator-must-gather` image when running the `must-gather` command.
-====
-
 .Prerequisites
 
 * Access to the cluster as a user with the `cluster-admin` role.
-* Access to the Performance Addon Operator `must gather` image.
 * The OpenShift CLI (`oc`) installed.
 
 .Procedure
@@ -45,27 +39,21 @@ $ oc label mcp <mcp_name> <mcp_name>=""
 
 . Navigate to the directory where you want to store the `must-gather` data.
 
-. Run `must-gather` on your cluster:
+. Collect cluster information by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm must-gather --image=<PAO_must_gather_image> --dest-dir=<dir>
+$ oc adm must-gather
 ----
-+
-[NOTE]
-====
-The `must-gather` command must be run with the `performance-addon-operator-must-gather` image. The output can optionally be compressed. Compressed output is required if you are running the Performance Profile Creator wrapper script.
-====
-+
-.Example
-+
-[source,terminal,subs="attributes+"]
-----
-$ oc adm must-gather --image=registry.redhat.io/openshift4/performance-addon-operator-must-gather-rhel8:v{product-version} --dest-dir=<path_to_must-gather>/must-gather
-----
-. Create a compressed file from the `must-gather` directory:
+
+. Optional: Create a compressed file from the `must-gather` directory:
 +
 [source,terminal]
 ----
 $ tar cvaf must-gather.tar.gz must-gather/
 ----
++
+[NOTE]
+====
+Compressed output is required if you are running the Performance Profile Creator wrapper script.
+====
diff --git a/modules/cnf-installing-amq-interconnect-messaging-bus.adoc b/modules/cnf-installing-amq-interconnect-messaging-bus.adoc
index f5770addccb1..5279cb2c5ef5 100644
--- a/modules/cnf-installing-amq-interconnect-messaging-bus.adoc
+++ b/modules/cnf-installing-amq-interconnect-messaging-bus.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/using-ptp-events.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-installing-amq-interconnect-messaging-bus_{context}"]
 = Installing the AMQ messaging bus
 
diff --git a/modules/cnf-installing-numa-resources-operator-cli.adoc b/modules/cnf-installing-numa-resources-operator-cli.adoc
index c58047bcd178..2ca0b892ef4b 100644
--- a/modules/cnf-installing-numa-resources-operator-cli.adoc
+++ b/modules/cnf-installing-numa-resources-operator-cli.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-installing-numa-resources-operator-cli_{context}"]
 = Installing the NUMA Resources Operator using the CLI
 
@@ -64,7 +64,7 @@ $ oc create -f nro-operatorgroup.yaml
 +
 [source,yaml,subs="attributes+"]
 ----
-apiVersion: operators.coreos.com/v1
+apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: numaresources-operator
diff --git a/modules/cnf-installing-numa-resources-operator-console.adoc b/modules/cnf-installing-numa-resources-operator-console.adoc
index b793ee53dc91..a43b11471d38 100644
--- a/modules/cnf-installing-numa-resources-operator-console.adoc
+++ b/modules/cnf-installing-numa-resources-operator-console.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-installing-numa-resources-operator-console_{context}"]
 = Installing the NUMA Resources Operator using the web console
 
@@ -10,17 +10,25 @@ As a cluster administrator, you can install the NUMA Resources Operator using th
 
 .Procedure
 
-. Install the NUMA Resources Operator using the {product-title} web console:
+. Create a namespace for the NUMA Resources Operator:
+
+.. In the {product-title} web console, click *Administration* -> *Namespaces*.
+
+.. Click *Create Namespace*, enter `openshift-numaresources` in the *Name* field, and then click *Create*.
+
+. Install the NUMA Resources Operator:
 
 .. In the {product-title} web console, click *Operators* -> *OperatorHub*.
 
 .. Choose *NUMA Resources Operator* from the list of available Operators, and then click *Install*.
 
+.. In the *Installed Namespaces* field, select the `openshift-numaresources` namespace, and then click *Install*.
+
 . Optional: Verify that the NUMA Resources Operator installed successfully:
 
 .. Switch to the *Operators* -> *Installed Operators* page.
 
-.. Ensure that *NUMA Resources Operator* is listed in the *default* project with a *Status* of *InstallSucceeded*.
+.. Ensure that *NUMA Resources Operator* is listed in the `openshift-numaresources` namespace with a *Status* of *InstallSucceeded*.
 +
 [NOTE]
 ====
diff --git a/modules/cnf-installing-the-operators.adoc b/modules/cnf-installing-the-operators.adoc
index d0781bc6f2c1..9e9a55054485 100644
--- a/modules/cnf-installing-the-operators.adoc
+++ b/modules/cnf-installing-the-operators.adoc
@@ -3,7 +3,7 @@
 //
 // *scalability_and_performance/cnf-provisioning-and-deploying-a-distributed-unit.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-installing-the-operators_{context}"]
 = Installing the Operators
 
diff --git a/modules/cnf-latency-tests-discovery-mode.adoc b/modules/cnf-latency-tests-discovery-mode.adoc
index 83b18540e063..2bbf569eef9f 100644
--- a/modules/cnf-latency-tests-discovery-mode.adoc
+++ b/modules/cnf-latency-tests-discovery-mode.adoc
@@ -2,11 +2,11 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="discovery-mode_{context}"]
 = About discovery mode for latency tests
 
-Use discovery mode to validate the functionality of a cluster without altering its configuration. Existing environment configurations are used for the tests. The tests can find the configuration items needed and use those items to execute the tests. If resources needed to run a specific test are not found, the test is skipped, providing an appropriate message to the user. After the tests are finished, no cleanup of the pre-configured configuration items is done, and the test environment can be immediately used for another test run.
+Use discovery mode to validate the functionality of a cluster without altering its configuration. Existing environment configurations are used for the tests. The tests can find the configuration items needed and use those items to execute the tests. If resources needed to run a specific test are not found, the test is skipped, providing an appropriate message to the user. After the tests are finished, no cleanup of the preconfigured configuration items is done, and the test environment can be immediately used for another test run.
 
 [IMPORTANT]
 ====
diff --git a/modules/cnf-logging-associated-with-adjusting-nic-queues.adoc b/modules/cnf-logging-associated-with-adjusting-nic-queues.adoc
index 898d72bd4f1e..a28052fb7c6a 100644
--- a/modules/cnf-logging-associated-with-adjusting-nic-queues.adoc
+++ b/modules/cnf-logging-associated-with-adjusting-nic-queues.adoc
@@ -9,13 +9,13 @@ Log messages detailing the assigned devices are recorded in the respective Tuned
 
 * An `INFO` message is recorded detailing the successfully assigned devices:
 +
-[source, terminal]
+[source,terminal]
 ----
 INFO tuned.plugins.base: instance net_test (net): assigning devices ens1, ens2, ens3
 ----
 * A `WARNING` message is recorded if none of the devices can be assigned:
 +
-[source, terminal]
+[source,terminal]
 ----
 WARNING  tuned.plugins.base: instance net_test: no matching devices available
 ----
diff --git a/modules/cnf-measuring-latency.adoc b/modules/cnf-measuring-latency.adoc
index 67e08afa1c59..5dc48aff3b2e 100644
--- a/modules/cnf-measuring-latency.adoc
+++ b/modules/cnf-measuring-latency.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-measuring-latency_{context}"]
 = Measuring latency
 
diff --git a/modules/cnf-migrating-from-amqp-to-http-transport.adoc b/modules/cnf-migrating-from-amqp-to-http-transport.adoc
index bac9bbec9429..20d4d457706a 100644
--- a/modules/cnf-migrating-from-amqp-to-http-transport.adoc
+++ b/modules/cnf-migrating-from-amqp-to-http-transport.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
-// * networking/using-ptp.adoc
+// * scalability_and_performance/using-rfhe.adoc
+// * networking/ptp/using-ptp-events.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-migrating-from-amqp-to-http-transport_{context}"]
 = Migrating consumer applications to use HTTP transport for PTP or bare-metal events
 
@@ -17,13 +17,6 @@ If you have previously deployed PTP or bare-metal events consumer applications,
 
 * You have updated the PTP Operator or {redfish-operator} to version 4.13+ which uses HTTP transport by default.
 
-* Configure dynamic volume provisioning in the cluster or manually create `StorageClass`, `LocalVolume`, and `PersistentVolume` resources to persist the events subscription.
-+
-[NOTE]
-====
-When dynamic volume provisioning is enabled, a `PersistentVolume` resource is automatically created for the `PersistentVolumeClaim` that the PTP Operator or {redfish-operator} deploys.
-====
-
 .Procedure
 
 . Update your events consumer application to use HTTP transport.
diff --git a/modules/cnf-monitoring-fast-events-metrics.adoc b/modules/cnf-monitoring-fast-events-metrics.adoc
index 4a801789ce1d..71ab3d735575 100644
--- a/modules/cnf-monitoring-fast-events-metrics.adoc
+++ b/modules/cnf-monitoring-fast-events-metrics.adoc
@@ -1,13 +1,13 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/using-ptp-events.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-monitoring-fast-events-metrics_{context}"]
 = Monitoring PTP fast event metrics
 
 You can monitor PTP fast events metrics from cluster nodes where the `linuxptp-daemon` is running.
-You can also monitor PTP fast event metrics in the {product-title} web console by using the pre-configured and self-updating Prometheus monitoring stack.
+You can also monitor PTP fast event metrics in the {product-title} web console by using the preconfigured and self-updating Prometheus monitoring stack.
 
 .Prerequisites
 
@@ -19,35 +19,28 @@ You can also monitor PTP fast event metrics in the {product-title} web console b
 
 .Procedure
 
-. Check for exposed PTP metrics on any node where the `linuxptp-daemon` is running. For example, run the following command:
+. Start a debug pod for the node by running the following command:
 +
 [source,terminal]
 ----
-$ curl http://<node_name>:9091/metrics
+$ oc debug node/<node_name>
+----
+
+. Check for PTP metrics exposed by the `linuxptp-daemon` container. For example, run the following command:
++
+[source,terminal]
+----
+sh-4.4# curl http://localhost:9091/metrics
 ----
 +
 .Example output
 ----
-# HELP openshift_ptp_clock_state 0 = FREERUN, 1 = LOCKED, 2 = HOLDOVER
-# TYPE openshift_ptp_clock_state gauge
-openshift_ptp_clock_state{iface="ens1fx",node="compute-1.example.com",process="ptp4l"} 1
-openshift_ptp_clock_state{iface="ens3fx",node="compute-1.example.com",process="ptp4l"} 1
-openshift_ptp_clock_state{iface="ens5fx",node="compute-1.example.com",process="ptp4l"} 1
-openshift_ptp_clock_state{iface="ens7fx",node="compute-1.example.com",process="ptp4l"} 1
-# HELP openshift_ptp_delay_ns
-# TYPE openshift_ptp_delay_ns gauge
-openshift_ptp_delay_ns{from="master",iface="ens1fx",node="compute-1.example.com",process="ptp4l"} 842
-openshift_ptp_delay_ns{from="master",iface="ens3fx",node="compute-1.example.com",process="ptp4l"} 480
-openshift_ptp_delay_ns{from="master",iface="ens5fx",node="compute-1.example.com",process="ptp4l"} 584
-openshift_ptp_delay_ns{from="master",iface="ens7fx",node="compute-1.example.com",process="ptp4l"} 482
-openshift_ptp_delay_ns{from="phc",iface="CLOCK_REALTIME",node="compute-1.example.com",process="phc2sys"} 547
-# HELP openshift_ptp_offset_ns
-# TYPE openshift_ptp_offset_ns gauge
-openshift_ptp_offset_ns{from="master",iface="ens1fx",node="compute-1.example.com",process="ptp4l"} -2
-openshift_ptp_offset_ns{from="master",iface="ens3fx",node="compute-1.example.com",process="ptp4l"} -44
-openshift_ptp_offset_ns{from="master",iface="ens5fx",node="compute-1.example.com",process="ptp4l"} -8
-openshift_ptp_offset_ns{from="master",iface="ens7fx",node="compute-1.example.com",process="ptp4l"} 3
-openshift_ptp_offset_ns{from="phc",iface="CLOCK_REALTIME",node="compute-1.example.com",process="phc2sys"} 12
+# HELP cne_api_events_published Metric to get number of events published by the rest api
+# TYPE cne_api_events_published gauge
+cne_api_events_published{address="/cluster/node/compute-1.example.com/sync/gnss-status/gnss-sync-status",status="success"} 1
+cne_api_events_published{address="/cluster/node/compute-1.example.com/sync/ptp-status/lock-state",status="success"} 94
+cne_api_events_published{address="/cluster/node/compute-1.example.com/sync/ptp-status/ptp-clock-class-change",status="success"} 18
+cne_api_events_published{address="/cluster/node/compute-1.example.com/sync/sync-status/os-clock-sync-state",status="success"} 27
 ----
 
 . To view the PTP event in the {product-title} web console, copy the name of the PTP metric you want to query, for example, `openshift_ptp_offset_ns`.
diff --git a/modules/cnf-performance-profile-creator-arguments.adoc b/modules/cnf-performance-profile-creator-arguments.adoc
index 24abb8322fbc..3d45d481d32f 100644
--- a/modules/cnf-performance-profile-creator-arguments.adoc
+++ b/modules/cnf-performance-profile-creator-arguments.adoc
@@ -75,7 +75,7 @@ Possible values:
 Default: `default`.
 
 | `per-pod-power-management`
-a|Enable per-pod power management. You cannot use this argument if you configured `ultra-low-latency` as the power consumption mode.
+a|Enable per pod power management. You cannot use this argument if you configured `ultra-low-latency` as the power consumption mode.
 
 Possible values: `true` or `false`.
 
diff --git a/modules/cnf-performing-end-to-end-tests-disconnected-mode.adoc b/modules/cnf-performing-end-to-end-tests-disconnected-mode.adoc
index 71c2b0eaac31..8438c0bfb642 100644
--- a/modules/cnf-performing-end-to-end-tests-disconnected-mode.adoc
+++ b/modules/cnf-performing-end-to-end-tests-disconnected-mode.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-disconnected-mode_{context}"]
 = Running latency tests in a disconnected cluster
 
diff --git a/modules/cnf-performing-end-to-end-tests-junit-test-output.adoc b/modules/cnf-performing-end-to-end-tests-junit-test-output.adoc
index be2ad8f1b5e1..ee4666e51288 100644
--- a/modules/cnf-performing-end-to-end-tests-junit-test-output.adoc
+++ b/modules/cnf-performing-end-to-end-tests-junit-test-output.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-junit-test-output_{context}"]
 = Generating a JUnit latency test report
 
diff --git a/modules/cnf-performing-end-to-end-tests-running-cyclictest.adoc b/modules/cnf-performing-end-to-end-tests-running-cyclictest.adoc
index 608533e13786..34c0984e847d 100644
--- a/modules/cnf-performing-end-to-end-tests-running-cyclictest.adoc
+++ b/modules/cnf-performing-end-to-end-tests-running-cyclictest.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-running-cyclictest_{context}"]
 = Running cyclictest
 
@@ -39,7 +39,7 @@ registry.redhat.io/openshift4/cnf-tests-rhel8:v{product-version} \
 /usr/bin/test-run.sh -ginkgo.v -ginkgo.focus="cyclictest"
 ----
 +
-The command runs the `cyclictest` tool for 10 minutes (600 seconds). The test runs successfully when the maximum observed latency is lower than `MAXIMUM_LATENCY` (in this example, 20 μs). Latency spikes of 20 μs and above are generally not acceptable for telco RAN workloads.
+The command runs the `cyclictest` tool for 10 minutes (600 seconds). The test runs successfully when the maximum observed latency is lower than `MAXIMUM_LATENCY` (in this example, 20 μs). Latency spikes of 20 μs and above are generally not acceptable for {rds} workloads.
 +
 If the results exceed the latency threshold, the test fails.
 +
@@ -78,7 +78,7 @@ FAIL
 The same output can indicate different results for different workloads. For example, spikes up to 18μs are acceptable for 4G DU workloads, but not for 5G DU workloads.
 
 .Example of good results
-[source, terminal]
+[source,terminal]
 ----
 running cmd: cyclictest -q -D 10m -p 1 -t 16 -a 2,4,6,8,10,12,14,16,54,56,58,60,62,64,66,68 -h 30 -i 1000 -m
 # Histogram
@@ -111,7 +111,7 @@ More histogram entries ...
 ----
 
 .Example of bad results
-[source, terminal]
+[source,terminal]
 ----
 running cmd: cyclictest -q -D 10m -p 1 -t 16 -a 2,4,6,8,10,12,14,16,54,56,58,60,62,64,66,68 -h 30 -i 1000 -m
 # Histogram
diff --git a/modules/cnf-performing-end-to-end-tests-running-hwlatdetect.adoc b/modules/cnf-performing-end-to-end-tests-running-hwlatdetect.adoc
index 110a0d1f281f..1c8a35e737d1 100644
--- a/modules/cnf-performing-end-to-end-tests-running-hwlatdetect.adoc
+++ b/modules/cnf-performing-end-to-end-tests-running-hwlatdetect.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-performing-end-to-end-tests-running-hwlatdetect_{context}"]
 = Running hwlatdetect
 
@@ -122,7 +122,7 @@ You can capture the following types of results:
 * The combined set of the rough tests with the best results and configuration settings.
 
 .Example of good results
-[source, terminal]
+[source,terminal]
 ----
 hwlatdetect: test duration 3600 seconds
 detector: tracer
@@ -142,7 +142,7 @@ Samples recorded: 0
 The `hwlatdetect` tool only provides output if the sample exceeds the specified threshold.
 
 .Example of bad results
-[source, terminal]
+[source,terminal]
 ----
 hwlatdetect: test duration 3600 seconds
 detector: tracer
diff --git a/modules/cnf-performing-end-to-end-tests-running-in-single-node-cluster.adoc b/modules/cnf-performing-end-to-end-tests-running-in-single-node-cluster.adoc
index 06abc75cbe5b..dfd28e380783 100644
--- a/modules/cnf-performing-end-to-end-tests-running-in-single-node-cluster.adoc
+++ b/modules/cnf-performing-end-to-end-tests-running-in-single-node-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-running-in-single-node-cluster_{context}"]
 = Running latency tests on a {sno} cluster
 
diff --git a/modules/cnf-performing-end-to-end-tests-running-oslat.adoc b/modules/cnf-performing-end-to-end-tests-running-oslat.adoc
index a54d72cd5361..648e7a12daa8 100644
--- a/modules/cnf-performing-end-to-end-tests-running-oslat.adoc
+++ b/modules/cnf-performing-end-to-end-tests-running-oslat.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-running-oslat_{context}"]
 = Running oslat
 
diff --git a/modules/cnf-performing-end-to-end-tests-running-the-tests.adoc b/modules/cnf-performing-end-to-end-tests-running-the-tests.adoc
index 018bdcde713a..136d3c88bbd3 100644
--- a/modules/cnf-performing-end-to-end-tests-running-the-tests.adoc
+++ b/modules/cnf-performing-end-to-end-tests-running-the-tests.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-running-the-tests_{context}"]
 = Running the latency tests
 
diff --git a/modules/cnf-performing-end-to-end-tests-test-failure-report.adoc b/modules/cnf-performing-end-to-end-tests-test-failure-report.adoc
index f51213919621..3627d84e463a 100644
--- a/modules/cnf-performing-end-to-end-tests-test-failure-report.adoc
+++ b/modules/cnf-performing-end-to-end-tests-test-failure-report.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-test-failure-report_{context}"]
 = Generating a latency test failure report
 
diff --git a/modules/cnf-performing-end-to-end-tests-troubleshooting.adoc b/modules/cnf-performing-end-to-end-tests-troubleshooting.adoc
index 6d74e4644d6b..e076dd23aed4 100644
--- a/modules/cnf-performing-end-to-end-tests-troubleshooting.adoc
+++ b/modules/cnf-performing-end-to-end-tests-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-performing-end-to-end-tests-troubleshooting_{context}"]
 = Troubleshooting errors with the cnf-tests container
 
diff --git a/modules/cnf-provisioning-real-time-and-low-latency-workloads.adoc b/modules/cnf-provisioning-real-time-and-low-latency-workloads.adoc
index 0dd4836fd387..e1b7fdbb8737 100644
--- a/modules/cnf-provisioning-real-time-and-low-latency-workloads.adoc
+++ b/modules/cnf-provisioning-real-time-and-low-latency-workloads.adoc
@@ -3,7 +3,7 @@
 //
 // *cnf-low-latency-tuning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-provisioning-real-time-and-low-latency-workloads_{context}"]
 = Provisioning real-time and low latency workloads
 
@@ -128,16 +128,16 @@ Use this command to verify that the real-time kernel is installed:
 $ oc get node -o wide
 ----
 
-Note the worker with the role `worker-rt` that contains the string `4.18.0-305.30.1.rt7.102.el8_4.x86_64   cri-o://1.26.0-99.rhaos4.10.gitc3131de.el8`:
+Note the worker with the role `worker-rt` that contains the string `4.18.0-305.30.1.rt7.102.el8_4.x86_64   cri-o://1.28.5-99.rhaos4.10.gitc3131de.el8`:
 
 [source,terminal]
 ----
 NAME                               	STATUS   ROLES           	AGE 	VERSION                  	INTERNAL-IP
 EXTERNAL-IP   OS-IMAGE                                       	KERNEL-VERSION
 CONTAINER-RUNTIME
-rt-worker-0.example.com	          Ready	 worker,worker-rt   5d17h   v1.26.0
+rt-worker-0.example.com	          Ready	 worker,worker-rt   5d17h   v1.28.5
 128.66.135.107   <none>    	        Red Hat Enterprise Linux CoreOS 46.82.202008252340-0 (Ootpa)
-4.18.0-305.30.1.rt7.102.el8_4.x86_64   cri-o://1.26.0-99.rhaos4.10.gitc3131de.el8
+4.18.0-305.30.1.rt7.102.el8_4.x86_64   cri-o://1.28.5-99.rhaos4.10.gitc3131de.el8
 [...]
 ----
 
@@ -345,20 +345,18 @@ When you configure a node with a power saving configuration, you must configure
 By disabling P-states and C-states at the pod level, you can configure high priority workloads for best performance and lowest latency.
 
 .Configuration for high priority workloads
-[cols="1,2", options="header"]
-|====
-|Annotation
-|Description
+[cols="1,2,3", options="header"]
 
-a|[source,yaml]
-----
-annotations:
-  cpu-c-states.crio.io: "disable"
-  cpu-freq-governor.crio.io: "<governor>"
-----
-|Provides the best performance for a pod by disabling C-states and specifying the governor type for CPU scaling. The `performance` governor is recommended for high priority workloads.
-|====
+|===
+| Annotation | Possible Values | Description
+
+|`cpu-c-states.crio.io:` a|  * `"enable"`
+* `"disable"`
+* `"max_latency:microseconds"` | This annotation allows you to enable or disable C-states for each CPU. Alternatively, you can also specify a maximum latency in microseconds for the C-states. For example, enable C-states with a maximum latency of 10 microseconds with the setting `cpu-c-states.crio.io`: `"max_latency:10"`. Set the value to `"disable"` to provide the best performance for a pod.
+
+| `cpu-freq-governor.crio.io:` | Any supported `cpufreq governor`. | Sets the `cpufreq` governor for each CPU. The `"performance"` governor is recommended for high priority workloads.
 
+|===
 
 .Prerequisites
 
@@ -435,7 +433,7 @@ metadata:
   annotations:
     ...
     cpu-c-states.crio.io: "disable"
-    cpu-freq-governor.crio.io: "<governor>"
+    cpu-freq-governor.crio.io: "performance"
     ...
   ...
 spec:
diff --git a/modules/cnf-rfhe-notifications-api-refererence.adoc b/modules/cnf-rfhe-notifications-api-refererence.adoc
index afb67c84bdc2..96ecc5852c15 100644
--- a/modules/cnf-rfhe-notifications-api-refererence.adoc
+++ b/modules/cnf-rfhe-notifications-api-refererence.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cnf-rfhe-notifications-api-refererence_{context}"]
 = Subscribing applications to bare-metal events REST API reference
 
@@ -18,8 +18,6 @@ Use the following API endpoints to subscribe the `cloud-event-consumer` applicat
 - `POST`: Creates a new subscription
 - `GET`: Retrieves a list of subscriptions
 * `/api/ocloudNotifications/v1/subscriptions/<subscription_id>`
-- `GET`: Returns details for the specified subscription ID
-* `api/ocloudNotifications/v1/subscriptions/status/<subscription_id>`
 - `PUT`: Creates a new status ping request for the specified subscription ID
 * `/api/ocloudNotifications/v1/health`
 - `GET`: Returns the health status of `ocloudNotifications` API
@@ -114,33 +112,6 @@ Returns details for the subscription with ID `<subscription_id>`
 }
 ----
 
-[discrete]
-== api/ocloudNotifications/v1/subscriptions/status/<subscription_id>
-
-[discrete]
-=== HTTP method
-
-`PUT api/ocloudNotifications/v1/subscriptions/status/<subscription_id>`
-
-[discrete]
-==== Description
-
-Creates a new status ping request for subscription with ID `<subscription_id>`. If a subscription is present, the status request is successful and a `202 Accepted` status code is returned.
-
-.Query parameters
-|===
-| Parameter | Type
-
-| `<subscription_id>`
-| string
-|===
-
-.Example API response
-[source,json]
-----
-{"status":"ping sent"}
-----
-
 [discrete]
 == api/ocloudNotifications/v1/health/
 
diff --git a/modules/cnf-running-the-performance-creator-profile-offline.adoc b/modules/cnf-running-the-performance-creator-profile-offline.adoc
index ba395b4ea2cb..aaedc51abc09 100644
--- a/modules/cnf-running-the-performance-creator-profile-offline.adoc
+++ b/modules/cnf-running-the-performance-creator-profile-offline.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-792 (4.8)
 // * scalability_and_performance/cnf-create-performance-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-the-performance-profile-creator-wrapper-script_{context}"]
 = Running the Performance Profile Creator wrapper script
 
@@ -146,6 +146,7 @@ Flags:
       --mcp-name string                   MCP name corresponding to the target machines (required)
       --must-gather-dir-path string       Must gather directory path (default "must-gather")
       --offlined-cpu-count int            Number of offlined CPUs
+      --per-pod-power-management          Enable Per Pod Power Management
       --power-consumption-mode string     The power consumption mode.  [Valid values: default, low-latency, ultra-low-latency] (default "default")
       --profile-name string               Name of the performance profile to be created (default "performance")
       --reserved-cpu-count int            Number of reserved CPUs (required)
diff --git a/modules/cnf-running-the-performance-creator-profile.adoc b/modules/cnf-running-the-performance-creator-profile.adoc
index 69902b3c2695..de0080407e39 100644
--- a/modules/cnf-running-the-performance-creator-profile.adoc
+++ b/modules/cnf-running-the-performance-creator-profile.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-792 (4.8)
 // * scalability_and_performance/cnf-create-performance-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-the-performance-profile-profile-cluster-using-podman_{context}"]
 = Running the Performance Profile Creator using podman
 
@@ -41,8 +41,8 @@ $ podman login registry.redhat.io
 +
 [source,bash]
 ----
-Username: myrhusername
-Password: ************
+Username: <username>
+Password: <password>
 ----
 
 . Optional: Display help for the PPC tool:
@@ -68,6 +68,7 @@ Flags:
       --mcp-name string                   MCP name corresponding to the target machines (required)
       --must-gather-dir-path string       Must gather directory path (default "must-gather")
       --offlined-cpu-count int            Number of offlined CPUs
+      --per-pod-power-management          Enable Per Pod Power Management
       --power-consumption-mode string     The power consumption mode.  [Valid values: default, low-latency, ultra-low-latency] (default "default")
       --profile-name string               Name of the performance profile to be created (default "performance")
       --reserved-cpu-count int            Number of reserved CPUs (required)
diff --git a/modules/cnf-scheduling-numa-aware-workloads-overview-with-manual-performance-settings.adoc b/modules/cnf-scheduling-numa-aware-workloads-overview-with-manual-performance-settings.adoc
index 78e74391fc4f..3598d5f5c1f1 100644
--- a/modules/cnf-scheduling-numa-aware-workloads-overview-with-manual-performance-settings.adoc
+++ b/modules/cnf-scheduling-numa-aware-workloads-overview-with-manual-performance-settings.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-scheduling-numa-aware-workloads-with-manual-perofrmance-settings_{context}"]
 = Scheduling NUMA-aware workloads with manual performance settings
 
-Clusters running latency-sensitive workloads typically feature performance profiles that help to minimize workload latency and optimize performance. However, you can schedule NUMA-aware workloads in a pristine cluster that does not feature a performance profile. The following workflow features a pristine cluster that you can manually configure for performance by using the `KubeletConfig` resource. This is not the typical environment for scheduling NUMA-aware workloads.  
+Clusters running latency-sensitive workloads typically feature performance profiles that help to minimize workload latency and optimize performance. However, you can schedule NUMA-aware workloads in a pristine cluster that does not feature a performance profile. The following workflow features a pristine cluster that you can manually configure for performance by using the `KubeletConfig` resource. This is not the typical environment for scheduling NUMA-aware workloads.
diff --git a/modules/cnf-scheduling-numa-aware-workloads-overview.adoc b/modules/cnf-scheduling-numa-aware-workloads-overview.adoc
index 970da3a69bb9..158ba6dae197 100644
--- a/modules/cnf-scheduling-numa-aware-workloads-overview.adoc
+++ b/modules/cnf-scheduling-numa-aware-workloads-overview.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-scheduling-numa-aware-workloads-overview_{context}"]
-= Scheduling NUMA-aware workloads 
+= Scheduling NUMA-aware workloads
 
 Clusters running latency-sensitive workloads typically feature performance profiles that help to minimize workload latency and optimize performance. The NUMA-aware scheduler deploys workloads based on available node NUMA resources and with respect to any performance profile settings applied to the node. The combination of NUMA-aware deployments, and the performance profile of the workload, ensures that workloads are scheduled in a way that maximizes performance.
\ No newline at end of file
diff --git a/modules/cnf-scheduling-numa-aware-workloads-with-manual-performance-setttings.adoc b/modules/cnf-scheduling-numa-aware-workloads-with-manual-performance-setttings.adoc
index 378b7b5136e3..be8150cb45b0 100644
--- a/modules/cnf-scheduling-numa-aware-workloads-with-manual-performance-setttings.adoc
+++ b/modules/cnf-scheduling-numa-aware-workloads-with-manual-performance-setttings.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-scheduling-numa-aware-workloads-with-manual-performance-setttings_{context}"]
 = Scheduling workloads with the NUMA-aware scheduler with manual performance settings
 
@@ -43,7 +43,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: numa-deployment-1
-  namespace: <namespace> <1>
+  namespace: openshift-numaresources
 spec:
   replicas: 1
   selector:
@@ -54,7 +54,7 @@ spec:
       labels:
         app: test
     spec:
-      schedulerName: topo-aware-scheduler <2>
+      schedulerName: topo-aware-scheduler <1>
       containers:
       - name: ctnr
         image: quay.io/openshifttest/hello-openshift:openshift
@@ -67,8 +67,10 @@ spec:
             memory: "100Mi"
             cpu: "10"
       - name: ctnr2
-        image: gcr.io/google_containers/pause-amd64:3.0
+        image: registry.access.redhat.com/rhel:latest
         imagePullPolicy: IfNotPresent
+        command: ["/bin/sh", "-c"]
+        args: [ "while true; do sleep 1h; done;" ]
         resources:
           limits:
             memory: "100Mi"
@@ -77,8 +79,7 @@ spec:
             memory: "100Mi"
             cpu: "8"
 ----
-<1> Replace with the namespace for your deployment.
-<2> `schedulerName` must match the name of the NUMA-aware scheduler that is deployed in your cluster, for example `topo-aware-scheduler`.
+<1> `schedulerName` must match the name of the NUMA-aware scheduler that is deployed in your cluster, for example `topo-aware-scheduler`.
 
 .. Create the `Deployment` CR by running the following command:
 +
@@ -128,7 +129,7 @@ Events:
 Deployments that request more resources than is available for scheduling will fail with a `MinimumReplicasUnavailable` error. The deployment succeeds when the required resources become available. Pods remain in the `Pending` state until the required resources are available.
 ====
 
-. Verify that the expected allocated resources are listed for the node. 
+. Verify that the expected allocated resources are listed for the node.
 
 .. Identify the node that is running the deployment pod by running the following command, replacing <namespace> with the namespace you specified in the `Deployment` CR:
 +
diff --git a/modules/cnf-scheduling-numa-aware-workloads.adoc b/modules/cnf-scheduling-numa-aware-workloads.adoc
index 6e4e7c00ba6c..ae71a91223ea 100644
--- a/modules/cnf-scheduling-numa-aware-workloads.adoc
+++ b/modules/cnf-scheduling-numa-aware-workloads.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-scheduling-numa-aware-workloads_{context}"]
 = Scheduling workloads with the NUMA-aware scheduler
 
@@ -67,7 +67,7 @@ spec:
             memory: "100Mi"
             cpu: "10"
       - name: ctnr2
-        image: gcr.io/google_containers/pause-amd64:3.0
+        image: registry.access.redhat.com/rhel:latest
         imagePullPolicy: IfNotPresent
         command: ["/bin/sh", "-c"]
         args: [ "while true; do sleep 1h; done;" ]
@@ -129,7 +129,7 @@ Events:
 Deployments that request more resources than is available for scheduling will fail with a `MinimumReplicasUnavailable` error. The deployment succeeds when the required resources become available. Pods remain in the `Pending` state until the required resources are available.
 ====
 
-. Verify that the expected allocated resources are listed for the node. 
+. Verify that the expected allocated resources are listed for the node.
 
 .. Identify the node that is running the deployment pod by running the following command, replacing <namespace> with the namespace you specified in the `Deployment` CR:
 +
@@ -149,7 +149,7 @@ numa-deployment-1-65684f8fcc-bw4bw   0/2     Running   0          82m   10.128.2
 +
 [source,terminal]
 ----
-$ oc describe noderesourcetopologies.topology.node.k8s.io
+$ oc describe noderesourcetopologies.topology.node.k8s.io <node_name>
 ----
 +
 .Example output
diff --git a/modules/cnf-topology-aware-lifecycle-manager-about-cgu-crs.adoc b/modules/cnf-topology-aware-lifecycle-manager-about-cgu-crs.adoc
index c553c600912a..c0bd7eeefcd1 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-about-cgu-crs.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-about-cgu-crs.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="talo-about-cgu-crs_{context}"]
 = About the ClusterGroupUpgrade CR
 
@@ -77,16 +77,16 @@ metadata:
   resourceVersion: '40451823'
   uid: cca245a5-4bca-45fa-89c0-aa6af81a596c
 Spec:
-  actions: 
+  actions:
     afterCompletion: <1>
       addClusterLabels:
-        upgrade-done: "" 
+        upgrade-done: ""
       deleteClusterLabels:
         upgrade-running: ""
       deleteObjects: true
     beforeEnable: <2>
       addClusterLabels:
-        upgrade-running: ""     
+        upgrade-running: ""
   backup: false
   clusters: <3>
     - spoke1
@@ -177,7 +177,7 @@ Policies are missing or invalid, or an invalid platform image has been specified
 [id="precaching_{context}"]
 == Pre-caching
 
-Clusters might have limited bandwidth to access the container image registry, which can cause a timeout before the updates are completed. On {sno} clusters, you can use pre-caching to avoid this. The container image pre-caching starts when you create a `ClusterGroupUpgrade` CR with the `preCaching` field set to `true`. 
+Clusters might have limited bandwidth to access the container image registry, which can cause a timeout before the updates are completed. On {sno} clusters, you can use pre-caching to avoid this. The container image pre-caching starts when you create a `ClusterGroupUpgrade` CR with the `preCaching` field set to `true`.
 {cgu-operator} compares the available disk space with the estimated {product-title} image size to ensure that there is enough space. If a cluster has insufficient space, {cgu-operator} cancels pre-caching for that cluster and does not remediate policies on it.
 
 {cgu-operator} uses the `PrecacheSpecValid` condition to report status information as follows:
diff --git a/modules/cnf-topology-aware-lifecycle-manager-about-subscription-crs.adoc b/modules/cnf-topology-aware-lifecycle-manager-about-subscription-crs.adoc
new file mode 100644
index 000000000000..7fc3d314ed78
--- /dev/null
+++ b/modules/cnf-topology-aware-lifecycle-manager-about-subscription-crs.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+// Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
+// * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="talo-about-subscription-crs_{context}"]
+= Configuring Operator subscriptions for managed clusters that you install with {cgu-operator}
+
+{cgu-operator-first} can only approve the install plan for an Operator if the `Subscription` custom resource (CR) of the Operator contains the `status.state.AtLatestKnown` field.
+
+.Procedure
+
+. Add the `status.state.AtLatestKnown` field to the `Subscription` CR of the Operator:
++
+.Example Subscription CR
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+  annotations:
+    ran.openshift.io/ztp-deploy-wave: "2"
+spec:
+  channel: "stable"
+  name: cluster-logging
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Manual
+status:
+  state: AtLatestKnown <1>
+----
+<1> The `status.state: AtLatestKnown` field is used for the latest Operator version available from the Operator catalog.
+
++
+[NOTE]
+====
+When a new version of the Operator is available in the registry, the associated policy becomes non-compliant.
+====
+
++
+. Apply the changed `Subscription` policy to your managed clusters with a `ClusterGroupUpgrade` CR.
\ No newline at end of file
diff --git a/modules/cnf-topology-aware-lifecycle-manager-apply-policies.adoc b/modules/cnf-topology-aware-lifecycle-manager-apply-policies.adoc
index 3e49e4543f40..d6b9b8b9cf3d 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-apply-policies.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-apply-policies.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-apply-policies_{context}"]
 = Applying update policies to managed clusters
 
@@ -361,7 +361,7 @@ openshift-logging                      install-6khtw   cluster-logging.5.3.3-4
 +
 [NOTE]
 ====
-When {cgu-operator} is remediating a policy containing a subscription, it automatically approves any install plans attached to that subscription. 
+When {cgu-operator} is remediating a policy containing a subscription, it automatically approves any install plans attached to that subscription.
 Where multiple install plans are needed to get the operator to the latest known version, {cgu-operator} might approve multiple install plans, upgrading through one or more intermediate versions to get to the final version.
 ====
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-autocreate-cgu-cr-ztp.adoc b/modules/cnf-topology-aware-lifecycle-manager-autocreate-cgu-cr-ztp.adoc
index 9507019846cc..de9dc3ad8b1a 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-autocreate-cgu-cr-ztp.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-autocreate-cgu-cr-ztp.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-precache-autocreated-cgu-for-ztp_{context}"]
 = About the auto-created ClusterGroupUpgrade CR for {ztp}
 
@@ -10,7 +10,7 @@
 
 For any managed cluster in the `Ready` state without a `ztp-done` label applied, the `ManagedClusterForCGU` controller automatically creates a `ClusterGroupUpgrade` CR in the `ztp-install` namespace with its associated {rh-rhacm} policies that are created during the {ztp} process. {cgu-operator} then remediates the set of configuration policies that are listed in the auto-created `ClusterGroupUpgrade` CR to push the configuration CRs to the managed cluster.
 
-If there are no policies for the managed cluster at the time when the cluster becomes `Ready`, a `ClusterGroupUpgrade` CR with no policies is created. Upon completion of the `ClusterGroupUpgrade` the managed cluster is labeled as `ztp-done`. If there are policies that you want to apply for that managed cluster, manually create a `ClusterGroupUpgrade` as a day-2 operation. 
+If there are no policies for the managed cluster at the time when the cluster becomes `Ready`, a `ClusterGroupUpgrade` CR with no policies is created. Upon completion of the `ClusterGroupUpgrade` the managed cluster is labeled as `ztp-done`. If there are policies that you want to apply for that managed cluster, manually create a `ClusterGroupUpgrade` as a day-2 operation.
 
 .Example of an auto-created `ClusterGroupUpgrade` CR for {ztp}
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-backup-concept.adoc b/modules/cnf-topology-aware-lifecycle-manager-backup-concept.adoc
index d0abba993491..d2729321300a 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-backup-concept.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-backup-concept.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-3901 (CNF-2133) (4.11), Story TELCODOCS-339
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="talo-backup-feature-concept_{context}"]
 = Creating a backup of cluster resources before upgrade
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-backup-feature.adoc b/modules/cnf-topology-aware-lifecycle-manager-backup-feature.adoc
index f1f6baae6f82..8425f67d82d8 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-backup-feature.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-backup-feature.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-3901 (CNF-2133) (4.11), Story TELCODOCS-339
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-backup-start_and_update_{context}"]
 = Creating a ClusterGroupUpgrade CR with backup
 
@@ -31,16 +31,16 @@ The following is an example `SiteConfig` custom resource (CR) for a recovery par
 [source,yaml]
 ----
 nodes:
-    - hostName: "snonode.sno-worker-0.e2e.bos.redhat.com"
+    - hostName: "node-1.example.com"
     role: "master"
     rootDeviceHints:
         hctl: "0:2:0:0"
-        deviceName: /dev/sda
-........
-........
-    #Disk /dev/sda: 893.3 GiB, 959119884288 bytes, 1873281024 sectors
+        deviceName: /dev/disk/by-id/scsi-3600508b400105e210000900000490000
+...
+    #Disk /dev/disk/by-id/scsi-3600508b400105e210000900000490000:
+    #893.3 GiB, 959119884288 bytes, 1873281024 sectors
     diskPartition:
-        - device: /dev/sda
+        - device: /dev/disk/by-id/scsi-3600508b400105e210000900000490000
         partitions:
         - mount_point: /var/recovery
             size: 51200
diff --git a/modules/cnf-topology-aware-lifecycle-manager-backup-recovery.adoc b/modules/cnf-topology-aware-lifecycle-manager-backup-recovery.adoc
index 0c5ee05c1881..1397841d9d91 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-backup-recovery.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-backup-recovery.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-3901 (CNF-2133) (4.11), Story TELCODOCS-339
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-backup-recovery_{context}"]
 = Recovering a cluster after a failed upgrade
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-creating-custom-resources.adoc b/modules/cnf-topology-aware-lifecycle-manager-creating-custom-resources.adoc
new file mode 100644
index 000000000000..77f1217030a6
--- /dev/null
+++ b/modules/cnf-topology-aware-lifecycle-manager-creating-custom-resources.adoc
@@ -0,0 +1,228 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="talm-prechache-user-specified-images-preparing-crs_{context}"]
+== Creating the custom resources for pre-caching
+
+You must create the `PreCachingConfig` CR before or concurrently with the `ClusterGroupUpgrade` CR.
+
+. Create the `PreCachingConfig` CR with the list of additional images you want to pre-cache.
++
+[source,yaml]
+----
+apiVersion: ran.openshift.io/v1alpha1
+kind: PreCachingConfig
+metadata:
+  name: exampleconfig
+  namespace: default <1>
+spec:
+[...]
+  spaceRequired: 30Gi <2>
+  additionalImages:
+    - quay.io/exampleconfig/application1@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e1ef
+    - quay.io/exampleconfig/application2@sha256:3d5800123dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47adfaef
+    - quay.io/exampleconfig/applicationN@sha256:4fe1334adfafadsf987123adfffdaf1243340adfafdedga0991234afdadfsa09
+----
+<1> The `namespace` must be accessible to the hub cluster.
+<2>  It is recommended to set the minimum disk space required field to ensure that there is sufficient storage space for the pre-cached images.
+
+. Create a `ClusterGroupUpgrade` CR with the `preCaching` field set to `true` and specify the `PreCachingConfig` CR created in the previous step:
++
+[source,yaml]
+----
+apiVersion: ran.openshift.io/v1alpha1
+kind: ClusterGroupUpgrade
+metadata:
+  name: cgu
+  namespace: default
+spec:
+  clusters:
+  - sno1
+  - sno2
+  preCaching: true
+  preCachingConfigRef:
+  - name: exampleconfig
+    namespace: default
+  managedPolicies:
+    - du-upgrade-platform-upgrade
+    - du-upgrade-operator-catsrc-policy
+    - common-subscriptions-policy
+  remediationStrategy:
+    timeout: 240
+----
+
++
+[WARNING]
+====
+Once you install the images on the cluster, you cannot change or delete them.
+====
+
++
+. When you want to start pre-caching the images, apply the `ClusterGroupUpgrade` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f cgu.yaml
+----
+
+{cgu-operator} verifies the `ClusterGroupUpgrade` CR.
+
+From this point, you can continue with the {cgu-operator} pre-caching workflow.
+
+[NOTE]
+====
+All sites are pre-cached concurrently.
+====
+
+.Verification
+
+. Check the pre-caching status on the hub cluster where the `ClusterUpgradeGroup` CR is applied by running the following command:
++
+[source,terminal]
+----
+$ oc get cgu <cgu_name> -n <cgu_namespace> -oyaml
+----
+
++
+.Example output
+[source,yaml]
+----
+  precaching:
+    spec:
+      platformImage: quay.io/openshift-release-dev/ocp-release@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e1ef
+      operatorsIndexes:
+        - registry.example.com:5000/custom-redhat-operators:1.0.0
+      operatorsPackagesAndChannels:
+        - local-storage-operator: stable
+        - ptp-operator: stable
+        - sriov-network-operator: stable
+      excludePrecachePatterns:
+        - aws
+        - vsphere
+      additionalImages:
+        - quay.io/exampleconfig/application1@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e1ef
+        - quay.io/exampleconfig/application2@sha256:3d5800123dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47adfaef
+        - quay.io/exampleconfig/applicationN@sha256:4fe1334adfafadsf987123adfffdaf1243340adfafdedga0991234afdadfsa09
+      spaceRequired: "30"
+    status:
+      sno1: Starting
+      sno2: Starting
+----
+
++
+The pre-caching configurations are validated by checking if the managed policies exist.
+Valid configurations of the `ClusterGroupUpgrade` and the `PreCachingConfig` CRs result in the following statuses:
+
++
+.Example output of valid CRs
+[source,yaml]
+----
+- lastTransitionTime: "2023-01-01T00:00:01Z"
+  message: All selected clusters are valid
+  reason: ClusterSelectionCompleted
+  status: "True"
+  type: ClusterSelected
+- lastTransitionTime: "2023-01-01T00:00:02Z"
+  message: Completed validation
+  reason: ValidationCompleted
+  status: "True"
+  type: Validated
+- lastTransitionTime: "2023-01-01T00:00:03Z"
+  message: Precaching spec is valid and consistent
+  reason: PrecacheSpecIsWellFormed
+  status: "True"
+  type: PrecacheSpecValid
+- lastTransitionTime: "2023-01-01T00:00:04Z"
+  message: Precaching in progress for 1 clusters
+  reason: InProgress
+  status: "False"
+  type: PrecachingSucceeded
+----
+
++
+.Example of an invalid PreCachingConfig CR
+[source,yaml]
+----
+Type:    "PrecacheSpecValid"
+Status:  False,
+Reason:  "PrecacheSpecIncomplete"
+Message: "Precaching spec is incomplete: failed to get PreCachingConfig resource due to PreCachingConfig.ran.openshift.io "<pre-caching_cr_name>" not found"
+----
+
+. You can find the pre-caching job by running the following command on the managed cluster:
++
+[source,terminal]
+----
+$ oc get jobs -n openshift-talo-pre-cache
+----
+
++
+.Example of pre-caching job in progress
+[source,terminal]
+----
+NAME        COMPLETIONS       DURATION      AGE
+pre-cache   0/1               1s            1s
+----
+
+. You can check the status of the pod created for the pre-caching job by running the following command:
++
+[source,terminal]
+----
+$ oc describe pod pre-cache -n openshift-talo-pre-cache
+----
+
++
+.Example of pre-caching job in progress
+[source,terminal]
+----
+Type        Reason              Age    From              Message
+Normal      SuccesfulCreate     19s    job-controller    Created pod: pre-cache-abcd1
+----
+
+. You can get live updates on the status of the job by running the following command:
++
+[source,terminal]
+----
+$ oc logs -f pre-cache-abcd1 -n openshift-talo-pre-cache
+----
+
+. To verify the pre-cache job is successfully completed, run the following command:
++
+[source,terminal]
+----
+$ oc describe pod pre-cache -n openshift-talo-pre-cache
+----
+
++
+.Example of completed pre-cache job
+[source,terminal]
+----
+Type        Reason              Age    From              Message
+Normal      SuccesfulCreate     5m19s  job-controller    Created pod: pre-cache-abcd1
+Normal      Completed           19s    job-controller    Job completed
+----
+
+. To verify that the images are successfully pre-cached on the {sno}, do the following:
+
+.. Enter into the node in debug mode:
++
+[source,terminal]
+----
+$ oc debug node/cnfdf00.example.lab
+----
+
+.. Change root to `host`:
++
+[source,terminal]
+----
+$ chroot /host/
+----
+
+.. Search for the desired images:
++
+[source,terminal]
+----
+$ sudo podman images | grep <operator_name>
+----
\ No newline at end of file
diff --git a/modules/cnf-topology-aware-lifecycle-manager-installation-cli.adoc b/modules/cnf-topology-aware-lifecycle-manager-installation-cli.adoc
index 8980d8a04b27..60f7e5d53521 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-installation-cli.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-installation-cli.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-topology-aware-lifecycle-manager-using-cli_{context}"]
 = Installing the {cgu-operator-full} by using the CLI
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-installation-web-console.adoc b/modules/cnf-topology-aware-lifecycle-manager-installation-web-console.adoc
index 88ea0d4d24e3..e5372de3d3f5 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-installation-web-console.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-installation-web-console.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-topology-aware-lifecycle-manager-using-web-console_{context}"]
 = Installing the {cgu-operator-full} by using the web console
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-operator-and-platform-update.adoc b/modules/cnf-topology-aware-lifecycle-manager-operator-and-platform-update.adoc
index c3bd2729b31b..8c94a5069707 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-operator-and-platform-update.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-operator-and-platform-update.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-operator-and-platform-update_{context}"]
 = Performing a platform and an Operator update together
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-operator-troubleshooting.adoc b/modules/cnf-topology-aware-lifecycle-manager-operator-troubleshooting.adoc
new file mode 100644
index 000000000000..a90d9986083a
--- /dev/null
+++ b/modules/cnf-topology-aware-lifecycle-manager-operator-troubleshooting.adoc
@@ -0,0 +1,68 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cnf-topology-aware-lifecycle-manager-operator-troubleshooting_{context}"]
+= Troubleshooting missed Operator updates due to out-of-date policy compliance states
+
+In some scenarios, {cgu-operator-first} might miss Operator updates due to an out-of-date policy compliance state.
+
+After a catalog source update, it takes time for the Operator Lifecycle Manager (OLM) to update the subscription status. The status of the subscription policy might continue to show as compliant while {cgu-operator} decides whether remediation is needed. As a result, the Operator specified in the subscription policy does not get upgraded.
+
+To avoid this scenario, add another catalog source configuration to the `PolicyGenTemplate` and specify this configuration in the subscription for any Operators that require an update.
+
+.Procedure
+
+. Add a catalog source configuration in the `PolicyGenTemplate` resource:
++
+[source,yaml]
+----
+- fileName: DefaultCatsrc.yaml
+      remediationAction: inform
+      policyName: "operator-catsrc-policy"
+      metadata:
+        name: redhat-operators
+      spec:
+        displayName: Red Hat Operators Catalog
+        image: registry.example.com:5000/olm/redhat-operators:v{product-version}
+        updateStrategy:
+          registryPoll:
+            interval: 1h
+      status:
+        connectionState:
+            lastObservedState: READY
+- fileName: DefaultCatsrc.yaml
+      remediationAction: inform
+      policyName: "operator-catsrc-policy"
+      metadata:
+        name: redhat-operators-v2 <1>
+      spec:
+        displayName: Red Hat Operators Catalog v2 <2>
+        image: registry.example.com:5000/olredhat-operators:<version> <3>
+        updateStrategy:
+          registryPoll:
+            interval: 1h
+      status:
+        connectionState:
+            lastObservedState: READY
+----
+<1> Update the name for the new configuration.
+<2> Update the display name for the new configuration.
+<3> Update the index image URL. This `fileName.spec.image` field overrides any configuration in the `DefaultCatsrc.yaml` file.
+
+. Update the `Subscription` resource to point to the new configuration for Operators that require an update:
++
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: operator-subscription
+  namespace: operator-namspace
+# ...
+spec:
+  source: redhat-operators-v2 <1>
+# ...
+----
+<1> Enter the name of the additional catalog source configuration that you defined in the `PolicyGenTemplate` resource.
diff --git a/modules/cnf-topology-aware-lifecycle-manager-operator-update.adoc b/modules/cnf-topology-aware-lifecycle-manager-operator-update.adoc
index 8cf75b7e0ba8..9d12b206c77f 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-operator-update.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-operator-update.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-operator-update_{context}"]
 = Performing an Operator update
 
@@ -46,10 +46,13 @@ spec:
         updateStrategy: <2>
           registryPoll:
             interval: 1h
+      status:
+        connectionState:
+            lastObservedState: READY <3>
 ----
 <1> The index image URL contains the desired Operator images. If the index images are always pushed to the same image name and tag, this change is not needed.
 <2> Set how frequently the Operator Lifecycle Manager (OLM) polls the index image for new Operator versions with the `registryPoll.interval` field. This change is not needed if a new index image tag is always pushed for y-stream and z-stream Operator updates. The `registryPoll.interval` field can be set to a shorter interval to expedite the update, however shorter intervals increase computational load. To counteract this, you can restore `registryPoll.interval` to the default value once the update is complete.
-
+<3> Last observed state of the catalog connection. The `READY` value ensures that the `CatalogSource` policy is ready, indicating that the index pod is pulled and is running. This way, {cgu-operator} upgrades the Operators based on up-to-date policy compliance states.
 
 .. This update generates one policy, `du-upgrade-operator-catsrc-policy`, to update the `redhat-operators` catalog source with the new index images that contain the desired Operators images.
 +
diff --git a/modules/cnf-topology-aware-lifecycle-manager-pao-update.adoc b/modules/cnf-topology-aware-lifecycle-manager-pao-update.adoc
index 796c2e4c5c0f..99542d1c4276 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-pao-update.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-pao-update.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talm-pao-update_{context}"]
 = Removing Performance Addon Operator subscriptions from deployed clusters
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-platform-update.adoc b/modules/cnf-topology-aware-lifecycle-manager-platform-update.adoc
index e25a1d94db4f..5e1363a8cc6d 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-platform-update.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-platform-update.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-platform-update_{context}"]
 = Performing a platform update
 
@@ -54,15 +54,6 @@ spec:
             - quay-intern.example.com/ocp4/openshift-release-dev
             source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
     - fileName: ClusterVersion.yaml <4>
-      policyName: "platform-upgrade-prep"
-      metadata:
-        name: version
-        annotations:
-          ran.openshift.io/ztp-deploy-wave: "1"
-      spec:
-        channel: "stable-{product-version}"
-        upstream: http://upgrade.example.com/images/upgrade-graph_stable-{product-version}
-    - fileName: ClusterVersion.yaml <5>
       policyName: "platform-upgrade"
       metadata:
         name: version
@@ -77,10 +68,9 @@ spec:
             state: "Completed"
 ----
 <1> The `ConfigMap` CR contains the signature of the desired release image to update to.
-<2> Shows the image signature of the desired {product-title} release. Get the signature from the `checksum-${OCP_RELASE_NUMBER}.yaml` file you saved when following the procedures in the "Setting up the environment" section.
+<2> Shows the image signature of the desired {product-title} release. Get the signature from the `checksum-${OCP_RELEASE_NUMBER}.yaml` file you saved when following the procedures in the "Setting up the environment" section.
 <3> Shows the mirror repository that contains the desired {product-title} image. Get the mirrors from the `imageContentSources.yaml` file that you saved when following the procedures in the "Setting up the environment" section.
-<4> Shows the `ClusterVersion` CR to update upstream.
-<5> Shows the `ClusterVersion` CR to trigger the update. The `channel`, `upstream`, and `desiredVersion` fields are all required for image pre-caching.
+<4> Shows the `ClusterVersion` CR to trigger the update. The `channel`, `upstream`, and `desiredVersion` fields are all required for image pre-caching.
 +
 The `PolicyGenTemplate` CR generates two policies:
 
@@ -99,44 +89,9 @@ ArgoCD pulls the changes from the Git repository and generates the policies on t
 $ oc get policies -A | grep platform-upgrade
 ----
 
-. Apply the required update resources before starting the platform update with the {cgu-operator}.
-
-.. Save the content of the `platform-upgrade-prep` `ClusterUpgradeGroup` CR with the `du-upgrade-platform-upgrade-prep` policy and the target managed clusters to the `cgu-platform-upgrade-prep.yml` file, as shown in the following example:
-+
-[source,yaml]
-----
-apiVersion: ran.openshift.io/v1alpha1
-kind: ClusterGroupUpgrade
-metadata:
-  name: cgu-platform-upgrade-prep
-  namespace: default
-spec:
-  managedPolicies:
-  - du-upgrade-platform-upgrade-prep
-  clusters:
-  - spoke1
-  remediationStrategy:
-    maxConcurrency: 1
-  enable: true
-----
-
-.. Apply the policy to the hub cluster by running the following command:
-+
-[source,terminal]
-----
-$ oc apply -f cgu-platform-upgrade-prep.yml
-----
-
-.. Monitor the update process. Upon completion, ensure that the policy is compliant by running the following command:
-+
-[source,terminal]
-----
-$ oc get policies --all-namespaces
-----
-
 . Create the `ClusterGroupUpdate` CR for the platform update with the `spec.enable` field set to `false`.
 
-.. Save the content of the platform update `ClusterGroupUpdate` CR with the `du-upgrade-platform-upgrade` policy and the target clusters to the `cgu-platform-upgrade.yml` file, as shown in the following example:
+.. Save the content of the platform update `ClusterGroupUpdate` CR with the `du-upgrade-platform-upgrade-prep` and the `du-upgrade-platform-upgrade` policies and the target clusters to the `cgu-platform-upgrade.yml` file, as shown in the following example:
 +
 [source,yaml]
 ----
@@ -147,6 +102,7 @@ metadata:
   namespace: default
 spec:
   managedPolicies:
+  - du-upgrade-platform-upgrade-prep
   - du-upgrade-platform-upgrade
   preCaching: false
   clusters:
diff --git a/modules/cnf-topology-aware-lifecycle-manager-policies-concept.adoc b/modules/cnf-topology-aware-lifecycle-manager-policies-concept.adoc
index f707f204b538..2c7d148d41b7 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-policies-concept.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-policies-concept.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="talo-policies-concept_{context}"]
 = Update policies on managed clusters
 
@@ -18,4 +18,6 @@ If a spoke cluster does not report any compliant state to {rh-rhacm}, the manage
 
 The `ClusterGroupUpgrade` CR's `batchTimeoutAction` determines what happens if an upgrade fails for a cluster. You can specify `continue` to skip the failing cluster and continue to upgrade other clusters, or specify `abort` to stop the policy remediation for all clusters. Once the timeout elapses, {cgu-operator} removes all enforce policies to ensure that no further updates are made to clusters.
 
+include::snippets/cnf-example-upgrade-policy.adoc[]
+
 For more information about {rh-rhacm} policies, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/{rh-rhacm-version}/html-single/governance/index#policy-overview[Policy overview].
diff --git a/modules/cnf-topology-aware-lifecycle-manager-precache-concept.adoc b/modules/cnf-topology-aware-lifecycle-manager-precache-concept.adoc
index 7a5800a3c622..3dbcc3177430 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-precache-concept.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-precache-concept.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="talo-precache-feature-concept_{context}"]
 = Using the container image pre-cache feature
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-precache-feature.adoc b/modules/cnf-topology-aware-lifecycle-manager-precache-feature.adoc
index 60c01cb5bd7d..7aeb626ac8ae 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-precache-feature.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-precache-feature.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-2600 (CNF-2133) (4.10), Story TELCODOCS-285
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-precache-start_and_update_{context}"]
 = Creating a ClusterGroupUpgrade CR with pre-caching
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-precache-image-filter.adoc b/modules/cnf-topology-aware-lifecycle-manager-precache-image-filter.adoc
index 3e2201430bee..070f5e086012 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-precache-image-filter.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-precache-image-filter.adoc
@@ -2,7 +2,7 @@
 // Epic CNF-6848 (4.13), Story TELCODOCS-949
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="talo-precache-feature-image-filter_{context}"]
 = Using the container image pre-cache filter
 
@@ -26,8 +26,8 @@ metadata:
 data:
   excludePrecachePatterns: |
     azure <1>
-    aws 
-    vsphere 
+    aws
+    vsphere
     alibaba
 ----
 <1> {cgu-operator} excludes all images with names that include any of the patterns listed here.
\ No newline at end of file
diff --git a/modules/cnf-topology-aware-lifecycle-manager-precache-user-spec-images.adoc b/modules/cnf-topology-aware-lifecycle-manager-precache-user-spec-images.adoc
new file mode 100644
index 000000000000..ed1155e3ff6a
--- /dev/null
+++ b/modules/cnf-topology-aware-lifecycle-manager-precache-user-spec-images.adoc
@@ -0,0 +1,67 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="talm-prechache-user-specified-images-concept_{context}"]
+= Pre-caching user-specified images with {cgu-operator} on {sno} clusters
+
+You can pre-cache application-specific workload images on {sno} clusters before upgrading your applications.
+
+You can specify the configuration options for the pre-caching jobs using the following custom resources (CR):
+
+* `PreCachingConfig` CR
+* `ClusterGroupUpgrade` CR
+
+[NOTE]
+====
+All fields in the `PreCachingConfig` CR are optional.
+====
+
+.Example PreCachingConfig CR
+[source,yaml]
+----
+apiVersion: ran.openshift.io/v1alpha1
+kind: PreCachingConfig
+metadata:
+  name: exampleconfig
+  namespace: exampleconfig-ns
+spec:
+  overrides: <1>
+    platformImage: quay.io/openshift-release-dev/ocp-release@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e1ef
+    operatorsIndexes:
+      - registry.example.com:5000/custom-redhat-operators:1.0.0
+    operatorsPackagesAndChannels:
+      - local-storage-operator: stable
+      - ptp-operator: stable
+      - sriov-network-operator: stable
+  spaceRequired: 30 Gi <2>
+  excludePrecachePatterns: <3>
+    - aws
+    - vsphere
+  additionalImages: <4>
+    - quay.io/exampleconfig/application1@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e1ef
+    - quay.io/exampleconfig/application2@sha256:3d5800123dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47adfaef
+    - quay.io/exampleconfig/applicationN@sha256:4fe1334adfafadsf987123adfffdaf1243340adfafdedga0991234afdadfsa09
+----
+<1>  By default, {cgu-operator} automatically populates the `platformImage`, `operatorsIndexes`, and the `operatorsPackagesAndChannels` fields from the policies of the managed clusters. You can specify values to override the default {cgu-operator}-derived values for these fields.
+<2> Specifies the minimum required disk space on the cluster. If unspecified, {cgu-operator} defines a default value for {product-title} images. The disk space field must include an integer value and the storage unit. For example: `40 GiB`, `200 MB`, `1 TiB`.
+<3> Specifies the images to exclude from pre-caching based on image name matching.
+<4> Specifies the list of additional images to pre-cache.
+
+.Example ClusterGroupUpgrade CR with PreCachingConfig CR reference
+[source,yaml]
+----
+apiVersion: ran.openshift.io/v1alpha1
+kind: ClusterGroupUpgrade
+metadata:
+  name: cgu
+spec:
+  preCaching: true <1>
+  preCachingConfigRef:
+    name: exampleconfig <2>
+    namespace: exampleconfig-ns <3>
+----
+<1> The `preCaching` field set to `true` enables the pre-caching job.
+<2> The `preCachingConfigRef.name` field specifies the `PreCachingConfig` CR that you want to use.
+<3> The `preCachingConfigRef.namespace` specifies the namespace of the `PreCachingConfig` CR that you want to use.
\ No newline at end of file
diff --git a/modules/cnf-topology-aware-lifecycle-manager-preparing-for-updates.adoc b/modules/cnf-topology-aware-lifecycle-manager-preparing-for-updates.adoc
index 6434f48dd6f5..0218ab047d88 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-preparing-for-updates.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-preparing-for-updates.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-platform-prepare-end-to-end_{context}"]
 = Updating clusters in a disconnected environment
 
diff --git a/modules/cnf-topology-aware-lifecycle-manager-troubleshooting.adoc b/modules/cnf-topology-aware-lifecycle-manager-troubleshooting.adoc
index bf1ebb0d3c05..d38b6d6e2810 100644
--- a/modules/cnf-topology-aware-lifecycle-manager-troubleshooting.adoc
+++ b/modules/cnf-topology-aware-lifecycle-manager-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="talo-troubleshooting_{context}"]
 = Troubleshooting the {cgu-operator-full}
 
@@ -439,7 +439,7 @@ sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNext
 
 Issue:: The policy compliance status that {cgu-operator} uses to decide if remediation is needed has not yet fully updated for all clusters.
 This may be because:
-* The CGU was run too soon after a policy was created or updated. 
+* The CGU was run too soon after a policy was created or updated.
 * The remediation of a policy affects the compliance of subsequent policies in the `ClusterGroupUpgrade` CR.
 
 Resolution:: Create and apply a new `ClusterGroupUpdate` CR with the same specification.
@@ -448,24 +448,24 @@ Resolution:: Create and apply a new `ClusterGroupUpdate` CR with the same specif
 [id="talo-troubleshooting-auto-create-policies_{context}"]
 === Auto-created `ClusterGroupUpgrade` CR in the {ztp} workflow has no managed policies
 
-Issue:: If there are no policies for the managed cluster when the cluster becomes `Ready`, a `ClusterGroupUpgrade` CR with no policies is auto-created. 
-Upon completion of the `ClusterGroupUpgrade` CR, the managed cluster is labeled as `ztp-done`. 
+Issue:: If there are no policies for the managed cluster when the cluster becomes `Ready`, a `ClusterGroupUpgrade` CR with no policies is auto-created.
+Upon completion of the `ClusterGroupUpgrade` CR, the managed cluster is labeled as `ztp-done`.
 If the `PolicyGenTemplate` CRs were not pushed to the Git repository within the required time after `SiteConfig` resources were pushed, this might result in no policies being available for the target cluster when the cluster became `Ready`.
 
-Resolution:: Verify that the policies you want to apply are available on the hub cluster, then create a `ClusterGroupUpgrade` CR with the required policies. 
+Resolution:: Verify that the policies you want to apply are available on the hub cluster, then create a `ClusterGroupUpgrade` CR with the required policies.
 
 You can either manually create the `ClusterGroupUpgrade` CR or trigger auto-creation again. To trigger auto-creation of the `ClusterGroupUpgrade` CR, remove the `ztp-done` label from the cluster and delete the empty `ClusterGroupUpgrade` CR that was previously created in the `zip-install` namespace.
 
 [discrete]
 [id="talo-troubleshooting-pre-cache-failed_{context}"]
-=== Pre-caching has failed 
+=== Pre-caching has failed
 
-Issue:: Pre-caching might fail for one of the following reasons: 
+Issue:: Pre-caching might fail for one of the following reasons:
 * There is not enough free space on the node.
-* For a disconnected environment, the pre-cache image has not been properly mirrored. 
+* For a disconnected environment, the pre-cache image has not been properly mirrored.
 * There was an issue when creating the pod.
 
-Resolution:: 
+Resolution::
 . To check if pre-caching has failed due to insufficient space, check the log of the pre-caching pod in the node.
 .. Find the name of the pod using the following command:
 +
diff --git a/modules/cnf-troubleshooting-common-ptp-operator-issues.adoc b/modules/cnf-troubleshooting-common-ptp-operator-issues.adoc
index 204a38430681..83959c1d6a67 100644
--- a/modules/cnf-troubleshooting-common-ptp-operator-issues.adoc
+++ b/modules/cnf-troubleshooting-common-ptp-operator-issues.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-troubleshooting-common-ptp-operator-issues_{context}"]
 = Troubleshooting common PTP Operator issues
 
@@ -141,3 +141,37 @@ sending: GET PORT_DATA_SET
         logMinPdelayReqInterval -4
         versionNumber           2
 ----
+
+. For GNSS-sourced grandmaster clocks, verify that the in-tree NIC ice driver is correct by running the following command, for example:
++
+[source,terminal]
+----
+$ oc rsh -n openshift-ptp -c linuxptp-daemon-container linuxptp-daemon-74m2g ethtool -i ens7f0
+----
++
+.Example output
+[source,terminal]
+----
+driver: ice
+version: 5.14.0-356.bz2232515.el9.x86_64
+firmware-version: 4.20 0x8001778b 1.3346.0
+----
+
+. For GNSS-sourced grandmaster clocks, verify that the `linuxptp-daemon` container is receiving signal from the GNSS antenna.
+If the container is not receiving the GNSS signal, the `/dev/gnss0` file is not populated.
+To verify, run the following command:
++
+[source,terminal]
+----
+$ oc rsh -n openshift-ptp -c linuxptp-daemon-container linuxptp-daemon-jnz6r cat /dev/gnss0
+----
++
+.Example output
+[source,terminal]
+----
+$GNRMC,125223.00,A,4233.24463,N,07126.64561,W,0.000,,300823,,,A,V*0A
+$GNVTG,,T,,M,0.000,N,0.000,K,A*3D
+$GNGGA,125223.00,4233.24463,N,07126.64561,W,1,12,99.99,98.6,M,-33.1,M,,*7E
+$GNGSA,A,3,25,17,19,11,12,06,05,04,09,20,,,99.99,99.99,99.99,1*37
+$GPGSV,3,1,10,04,12,039,41,05,31,222,46,06,50,064,48,09,28,064,42,1*62
+----
diff --git a/modules/cnf-troubleshooting-numa-aware-workloads.adoc b/modules/cnf-troubleshooting-numa-aware-workloads.adoc
index 9a753b1f34ec..6623e453569c 100644
--- a/modules/cnf-troubleshooting-numa-aware-workloads.adoc
+++ b/modules/cnf-troubleshooting-numa-aware-workloads.adoc
@@ -2,7 +2,7 @@
 //
 // *scalability_and_performance/cnf-numa-aware-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cnf-troubleshooting-numa-aware-workloads_{context}"]
 = Troubleshooting NUMA-aware scheduling
 
diff --git a/modules/cnf-tuning-nodes-for-low-latency-via-performanceprofile.adoc b/modules/cnf-tuning-nodes-for-low-latency-via-performanceprofile.adoc
index d4cf37cdacd3..ef7f45fe5eff 100644
--- a/modules/cnf-tuning-nodes-for-low-latency-via-performanceprofile.adoc
+++ b/modules/cnf-tuning-nodes-for-low-latency-via-performanceprofile.adoc
@@ -14,6 +14,13 @@ The performance profile lets you control latency tuning aspects of nodes that be
 
 You can use a performance profile to specify whether to update the kernel to kernel-rt, to allocate huge pages, and to partition the CPUs for performing housekeeping duties or running workloads.
 
+[IMPORTANT]
+====
+In {product-title} {product-version}, if you apply a performance profile to your cluster, all nodes in the cluster will reboot. This reboot includes control plane nodes and worker nodes that were not targeted by the performance profile. This is a known issue in {product-title} {product-version} because this release uses Linux control group version 2 (cgroup v2) in alignment with RHEL 9. The low latency tuning features associated with the performance profile do not support cgroup v2, therefore the nodes reboot to switch back to the cgroup v1 configuration.
+
+To revert all nodes in the cluster to the cgroups v2 configuration, you must edit the `Node` resource. (link:https://issues.redhat.com/browse/OCPBUGS-16976[*OCPBUGS-16976*])
+====
+
 [NOTE]
 ====
 You can manually create the `PerformanceProfile` object or use the Performance Profile Creator (PPC) to generate a performance profile. See the additional resources below for more information on the PPC.
@@ -28,8 +35,8 @@ metadata:
  name: performance
 spec:
  cpu:
-  isolated: "5-15" <1>
-  reserved: "0-4" <2>
+  isolated: "4-15" <1>
+  reserved: "0-3" <2>
  hugepages:
   defaultHugepagesSize: "1G"
   pages:
@@ -43,7 +50,7 @@ spec:
  nodeSelector:
   node-role.kubernetes.io/worker-cnf: "" <5>
 ----
-<1> Use this field to isolate specific CPUs to use with application containers for workloads.
+<1> Use this field to isolate specific CPUs to use with application containers for workloads. Set an even number of isolated CPUs to enable the pods to run without errors when hyperthreading is enabled.
 <2> Use this field to reserve specific CPUs to use with infra containers for housekeeping.
 <3> Use this field to install the real-time kernel on the node. Valid values are `true` or `false`. Setting the `true` value installs the real-time kernel.
 <4> Use this field to configure the topology manager policy. Valid values are `none` (default), `best-effort`, `restricted`, and `single-numa-node`. For more information, see link:https://kubernetes.io/docs/tasks/administer-cluster/topology-manager/#topology-manager-policies[Topology Manager Policies].
diff --git a/modules/cnf-understanding-low-latency.adoc b/modules/cnf-understanding-low-latency.adoc
index 9c2c126ca4e7..a8c06194b73f 100644
--- a/modules/cnf-understanding-low-latency.adoc
+++ b/modules/cnf-understanding-low-latency.adoc
@@ -2,12 +2,11 @@
 // Epic CNF-78 (4.4)
 // * scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-understanding-low-latency_{context}"]
 = Understanding low latency
 
-The emergence of Edge computing in the area of Telco / 5G plays a key role in
-reducing latency and congestion problems and improving application performance.
+The emergence of Edge computing in the area of Telco / 5G plays a key role in reducing latency and congestion problems and improving application performance.
 
 Simply put, latency determines how fast data (packets) moves from the sender to receiver and returns to the sender after processing by the receiver. Maintaining a network architecture with the lowest possible delay of latency speeds is key for meeting the network performance requirements of 5G. Compared to 4G technology, with an average latency of 50 ms, 5G is targeted to reach latency numbers of 1 ms or less. This reduction in latency boosts wireless throughput by a factor of 10.
 
@@ -21,9 +20,16 @@ Administrators must be able to manage their many Edge sites and local services i
 
 {product-title} uses the Node Tuning Operator to implement automatic tuning to achieve low latency performance for {product-title} applications. The cluster administrator uses this performance profile configuration that makes it easier to make these changes in a more reliable way. The administrator can specify whether to update the kernel to kernel-rt, reserve CPUs for cluster and operating system housekeeping duties, including pod infra containers, and isolate CPUs for application containers to run the workloads.
 
+[IMPORTANT]
+====
+In {product-title} 4.14, if you apply a performance profile to your cluster, all nodes in the cluster will reboot. This reboot includes control plane nodes and worker nodes that were not targeted by the performance profile. This is a known issue in {product-title} 4.14 because this release uses Linux control group version 2 (cgroup v2) in alignment with RHEL 9. The low latency tuning features associated with the performance profile do not support cgroup v2, therefore the nodes reboot to switch back to the cgroup v1 configuration.
+
+To revert all nodes in the cluster to the cgroups v2 configuration, you must edit the `Node` resource. (link:https://issues.redhat.com/browse/OCPBUGS-16976[*OCPBUGS-16976*])
+====
+
 [NOTE]
 ====
-Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performace profiles.
+Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performance profiles.
 ====
 
 {product-title} also supports workload hints for the Node Tuning Operator that can tune the `PerformanceProfile` to meet the demands of different industry environments. Workload hints are available for `highPowerConsumption` (very low latency at the cost of increased power consumption) and `realTime` (priority given to optimum latency). A combination of `true/false` settings for these hints can be used to deal with application-specific workload profiles and requirements.
@@ -38,4 +44,3 @@ In an ideal world, all of those would be prioritized: in real life, some come at
 
 The environment in which an application is operating influences its behavior. For a typical data center with no strict latency requirements, only minimal default tuning is needed that enables CPU partitioning for some high performance workload pods. For data centers and workloads where latency is a higher priority, measures are still taken to optimize power consumption. The most complicated cases are clusters close to latency-sensitive equipment such as manufacturing machinery and software-defined radios. This last class of deployment is often referred to as Far edge. For Far edge deployments, ultra-low latency is the ultimate priority, and is achieved at the expense of power management.
 
-In {product-title} version 4.10 and previous versions, the Performance Addon Operator was used to implement automatic tuning to achieve low latency performance. Now this functionality is part of the Node Tuning Operator.
diff --git a/modules/cnf-understanding-workload-hints.adoc b/modules/cnf-understanding-workload-hints.adoc
index 99479338da11..f92b8b43bf1d 100644
--- a/modules/cnf-understanding-workload-hints.adoc
+++ b/modules/cnf-understanding-workload-hints.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cnf-understanding-workload-hints_{context}"]
 = Understanding workload hints
 
@@ -10,6 +10,7 @@ The following table describes how combinations of power consumption and real-tim
 [NOTE]
 ====
 The following workload hints can be configured manually. You can also work with workload hints using the Performance Profile Creator. For more information about the performance profile, see the "Creating a performance profile" section.
+If the workload hint is configured manually and the `realTime` workload hint is not explicitly set then it defaults to `true`.
 ====
 
 [cols="1,1,1,1",options="header"]
@@ -60,4 +61,4 @@ perPodPowerManagement: true
     | Critical and non-critical workloads
     | Allows for power management per pod.
 
-|===
\ No newline at end of file
+|===
diff --git a/modules/collecting-docker-logs-windows.adoc b/modules/collecting-docker-logs-windows.adoc
index 1f9b42554d59..7c938888fb09 100644
--- a/modules/collecting-docker-logs-windows.adoc
+++ b/modules/collecting-docker-logs-windows.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="collecting-docker-logs-windows_{context}"]
 = Collecting Docker logs for Windows containers
 
diff --git a/modules/collecting-gitops-debugging-data.adoc b/modules/collecting-gitops-debugging-data.adoc
index 827a869d211c..00fff1f9941a 100644
--- a/modules/collecting-gitops-debugging-data.adoc
+++ b/modules/collecting-gitops-debugging-data.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/gitops/collecting-debugging-data-for-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="collecting-debugging-data-for-gitops_{context}"]
 = Collecting debugging data for {gitops-title}
 
diff --git a/modules/collecting-kube-node-logs-windows.adoc b/modules/collecting-kube-node-logs-windows.adoc
index 5dc1c3a331c2..5a14340830c7 100644
--- a/modules/collecting-kube-node-logs-windows.adoc
+++ b/modules/collecting-kube-node-logs-windows.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="collecting-kube-node-logs-windows_{context}"]
 = Collecting Kubernetes node logs for Windows containers
 
diff --git a/modules/collecting-windows-application-event-logs.adoc b/modules/collecting-windows-application-event-logs.adoc
index 349032028392..1a8fba0005aa 100644
--- a/modules/collecting-windows-application-event-logs.adoc
+++ b/modules/collecting-windows-application-event-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="collecting-windows-application-event-logs_{context}"]
 = Collecting Windows application event logs
 
diff --git a/modules/compliance-anatomy.adoc b/modules/compliance-anatomy.adoc
index c19f299fd4fa..2106b834adc0 100644
--- a/modules/compliance-anatomy.adoc
+++ b/modules/compliance-anatomy.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-troubleshooting.adoc
+// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
 
 [id="compliance-anatomy_{context}"]
 = Anatomy of a scan
diff --git a/modules/compliance-apply-remediation-for-customized-mcp.adoc b/modules/compliance-apply-remediation-for-customized-mcp.adoc
index 4821ec97e0ad..d9f4e927f1b5 100644
--- a/modules/compliance-apply-remediation-for-customized-mcp.adoc
+++ b/modules/compliance-apply-remediation-for-customized-mcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-operator-apply-remediation-for-customized-mcp"]
 = Applying remediation when using customized machine config pools
 
@@ -23,11 +23,11 @@ $ oc get nodes -n openshift-compliance
 [source,terminal]
 ----
 NAME                                       STATUS  ROLES  AGE    VERSION
-ip-10-0-128-92.us-east-2.compute.internal  Ready   master 5h21m  v1.26.0
-ip-10-0-158-32.us-east-2.compute.internal  Ready   worker 5h17m  v1.26.0
-ip-10-0-166-81.us-east-2.compute.internal  Ready   worker 5h17m  v1.26.0
-ip-10-0-171-170.us-east-2.compute.internal Ready   master 5h21m  v1.26.0
-ip-10-0-197-35.us-east-2.compute.internal  Ready   master 5h22m  v1.26.0
+ip-10-0-128-92.us-east-2.compute.internal  Ready   master 5h21m  v1.28.5
+ip-10-0-158-32.us-east-2.compute.internal  Ready   worker 5h17m  v1.28.5
+ip-10-0-166-81.us-east-2.compute.internal  Ready   worker 5h17m  v1.28.5
+ip-10-0-171-170.us-east-2.compute.internal Ready   master 5h21m  v1.28.5
+ip-10-0-197-35.us-east-2.compute.internal  Ready   master 5h22m  v1.28.5
 ----
 
 . Add a label to nodes.
diff --git a/modules/compliance-apply-remediations-from-scans.adoc b/modules/compliance-apply-remediations-from-scans.adoc
index 712384bcf369..3866b624cfd8 100644
--- a/modules/compliance-apply-remediations-from-scans.adoc
+++ b/modules/compliance-apply-remediations-from-scans.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-compliance-operator-cli_{context}"]
 =  Applying remediations generated by suite scans
 
diff --git a/modules/compliance-applying-resource-requests-and-limits.adoc b/modules/compliance-applying-resource-requests-and-limits.adoc
index 00f52953e297..7aaa41f7a8f7 100644
--- a/modules/compliance-applying-resource-requests-and-limits.adoc
+++ b/modules/compliance-applying-resource-requests-and-limits.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-scans.adoc
+// * security/compliance_operator/co-scans/compliance-scans.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-applying-resource-requests-and-limits_{context}"]
 = Applying resource requests and limits
 
diff --git a/modules/compliance-applying.adoc b/modules/compliance-applying.adoc
index d448f850ff83..dd9d5ce017bd 100644
--- a/modules/compliance-applying.adoc
+++ b/modules/compliance-applying.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
 [id="compliance-applying_{context}"]
 = Applying a remediation
@@ -24,3 +24,8 @@ The Compliance Operator can apply remediations automatically. Set `autoApplyReme
 ====
 Applying remediations automatically should only be done with careful consideration.
 ====
+
+[IMPORTANT]
+====
+The Compliance Operator does not automatically resolve dependency issues that can occur between remediations. Users should perform a rescan after remediations are applied to ensure accurate results.
+====
\ No newline at end of file
diff --git a/modules/compliance-auto-update-remediations.adoc b/modules/compliance-auto-update-remediations.adoc
index 90e920ed854a..8e0784f45031 100644
--- a/modules/compliance-auto-update-remediations.adoc
+++ b/modules/compliance-auto-update-remediations.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="automatically-update-remediations_{context}"]
 =  Automatically update remediations
 
diff --git a/modules/compliance-crd-advanced-compliance-scan.adoc b/modules/compliance-crd-advanced-compliance-scan.adoc
index 8ae9e5acfd84..20e41665c218 100644
--- a/modules/compliance-crd-advanced-compliance-scan.adoc
+++ b/modules/compliance-crd-advanced-compliance-scan.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="advance-compliance-scan-object_{context}"]
 = Advanced ComplianceScan Object
 The Compliance Operator includes options for advanced users for debugging or integrating with existing tooling. While it is recommended that you not create a `ComplianceScan` object directly, you can instead manage it using a `ComplianceSuite` object.
@@ -18,7 +18,7 @@ spec:
   scanType: Node <1>
   profile: xccdf_org.ssgproject.content_profile_moderate <2>
   content: ssg-ocp4-ds.xml
-  contentImage: quay.io/complianceascode/ocp4:latest <3>
+  contentImage: registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:45dc... <3>
   rule: "xccdf_org.ssgproject.content_rule_no_netrc_files" <4>
   nodeSelector: <5>
     node-role.kubernetes.io/worker: ""
diff --git a/modules/compliance-crd-compliance-check-result.adoc b/modules/compliance-crd-compliance-check-result.adoc
index c5ff012bb21d..16f237c2b8e4 100644
--- a/modules/compliance-crd-compliance-check-result.adoc
+++ b/modules/compliance-crd-compliance-check-result.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-check-result_{context}"]
 = ComplianceCheckResult object
 When you run a scan with a specific profile, several rules in the profiles are verified. For each of these rules, a `ComplianceCheckResult` object is created, which provides the state of the cluster for a specific rule.
diff --git a/modules/compliance-crd-compliance-remediation.adoc b/modules/compliance-crd-compliance-remediation.adoc
index 9a8341e17f4d..ff62b59a0e5b 100644
--- a/modules/compliance-crd-compliance-remediation.adoc
+++ b/modules/compliance-crd-compliance-remediation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-remediation-object_{context}"]
 = ComplianceRemediation object
 For a specific check you can have a datastream specified fix. However, if a Kubernetes fix is available, then the Compliance Operator creates a `ComplianceRemediation` object.
diff --git a/modules/compliance-crd-compliance-suite.adoc b/modules/compliance-crd-compliance-suite.adoc
index 372d5a2288f6..33c089441f84 100644
--- a/modules/compliance-crd-compliance-suite.adoc
+++ b/modules/compliance-crd-compliance-suite.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-suite-object_{context}"]
 = ComplianceSuite object
 The `ComplianceSuite` object helps you keep track of the state of the scans. It contains the raw settings to create scans and the overall result.
@@ -24,7 +24,7 @@ spec:
       scanType: Node
       profile: xccdf_org.ssgproject.content_profile_moderate
       content: ssg-rhcos4-ds.xml
-      contentImage: quay.io/complianceascode/ocp4:latest
+      contentImage: registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:45dc...
       rule: "xccdf_org.ssgproject.content_rule_no_netrc_files"
       nodeSelector:
         node-role.kubernetes.io/worker: ""
diff --git a/modules/compliance-crd-profile-bundle.adoc b/modules/compliance-crd-profile-bundle.adoc
index 971f4ceb9beb..78521aa19594 100644
--- a/modules/compliance-crd-profile-bundle.adoc
+++ b/modules/compliance-crd-profile-bundle.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="profile-bundle-object_{context}"]
 = ProfileBundle object
 When you install the Compliance Operator, it includes ready-to-run `ProfileBundle` objects. The Compliance Operator parses the `ProfileBundle` object and creates a `Profile` object for each profile in the bundle. It also parses `Rule` and `Variable` objects, which are used by the `Profile` object.
diff --git a/modules/compliance-crd-profile.adoc b/modules/compliance-crd-profile.adoc
index 9dbb9ba919e4..715c0249827a 100644
--- a/modules/compliance-crd-profile.adoc
+++ b/modules/compliance-crd-profile.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="profile-object_{context}"]
 = Profile object
 
diff --git a/modules/compliance-crd-rule.adoc b/modules/compliance-crd-rule.adoc
index 1ee2b9c4608b..c867cc5ab1fd 100644
--- a/modules/compliance-crd-rule.adoc
+++ b/modules/compliance-crd-rule.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rule-object_{context}"]
 = Rule object
 The `Rule` object, which forms the profiles, are also exposed as objects. Use the `Rule` object to define your compliance check requirements and specify how it could be fixed.
diff --git a/modules/compliance-crd-scan-setting-binding.adoc b/modules/compliance-crd-scan-setting-binding.adoc
index 974d0fa58350..273ecf1bfc64 100644
--- a/modules/compliance-crd-scan-setting-binding.adoc
+++ b/modules/compliance-crd-scan-setting-binding.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="scan-setting-binding-object_{context}"]
 = ScanSettingBinding object
 
diff --git a/modules/compliance-crd-scan-setting.adoc b/modules/compliance-crd-scan-setting.adoc
index db839f74974c..0d4c088e3099 100644
--- a/modules/compliance-crd-scan-setting.adoc
+++ b/modules/compliance-crd-scan-setting.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="scan-setting-object_{context}"]
 = ScanSetting object
 Use the `ScanSetting` object to define and reuse the operational policies to run your scans.
@@ -14,73 +14,49 @@ By default, the Compliance Operator creates the following `ScanSetting` objects:
 .Example `ScanSetting` object
 [source,yaml]
 ----
-Name:                      default-auto-apply
-Namespace:                 openshift-compliance
-Labels:                    <none>
-Annotations:               <none>
-API Version:               compliance.openshift.io/v1alpha1
-Auto Apply Remediations:   true
-Auto Update Remediations:  true
-Kind:                      ScanSetting
-Metadata:
-  Creation Timestamp:  2022-10-18T20:21:00Z
-  Generation:          1
-  Managed Fields:
-    API Version:  compliance.openshift.io/v1alpha1
-    Fields Type:  FieldsV1
-    fieldsV1:
-      f:autoApplyRemediations: <1>
-      f:autoUpdateRemediations: <2>
-      f:rawResultStorage:
-        .:
-        f:nodeSelector:
-          .:
-          f:node-role.kubernetes.io/master:
-        f:pvAccessModes:
-        f:rotation:
-        f:size:
-        f:tolerations:
-      f:roles:
-      f:scanTolerations:
-      f:schedule:
-      f:showNotApplicable:
-      f:strictNodeScan:
-    Manager:         compliance-operator
-    Operation:       Update
-    Time:            2022-10-18T20:21:00Z
-  Resource Version:  38840
-  UID:               8cb0967d-05e0-4d7a-ac1c-08a7f7e89e84
-Raw Result Storage:
-  Node Selector:
-    node-role.kubernetes.io/master:
-  Pv Access Modes:
-    ReadWriteOnce
-  Rotation:  3 <3>
-  Size:      1Gi <4>
-  Tolerations:
-    Effect:              NoSchedule
-    Key:                 node-role.kubernetes.io/master
-    Operator:            Exists
-    Effect:              NoExecute
-    Key:                 node.kubernetes.io/not-ready
-    Operator:            Exists
-    Toleration Seconds:  300
-    Effect:              NoExecute
-    Key:                 node.kubernetes.io/unreachable
-    Operator:            Exists
-    Toleration Seconds:  300
-    Effect:              NoSchedule
-    Key:                 node.kubernetes.io/memory-pressure
-    Operator:            Exists
-Roles: <6>
-  master
-  worker
-Scan Tolerations:
-  Operator:           Exists
-Schedule:             "0 1 * * *" <5>
-Show Not Applicable:  false
-Strict Node Scan:     true
-Events:               <none>
+apiVersion: compliance.openshift.io/v1alpha1
+autoApplyRemediations: true <1>
+autoUpdateRemediations: true <2>
+kind: ScanSetting
+maxRetryOnTimeout: 3
+metadata:
+  creationTimestamp: "2022-10-18T20:21:00Z"
+  generation: 1
+  name: default-auto-apply
+  namespace: openshift-compliance
+  resourceVersion: "38840"
+  uid: 8cb0967d-05e0-4d7a-ac1c-08a7f7e89e84
+rawResultStorage:
+  nodeSelector:
+    node-role.kubernetes.io/master: ""
+  pvAccessModes:
+  - ReadWriteOnce
+  rotation: 3 <3>
+  size: 1Gi <4>
+  tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/master
+    operator: Exists
+  - effect: NoExecute
+    key: node.kubernetes.io/not-ready
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoExecute
+    key: node.kubernetes.io/unreachable
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoSchedule
+    key: node.kubernetes.io/memory-pressure
+    operator: Exists
+roles: <6>
+- master
+- worker
+scanTolerations:
+- operator: Exists
+schedule: 0 1 * * * <5>
+showNotApplicable: false
+strictNodeScan: true
+timeout: 30m
 ----
 <1> Set to `true` to enable auto remediations. Set to `false` to disable auto remediations.
 <2> Set to `true` to enable auto remediations for content updates. Set to `false` to disable auto remediations for content updates.
diff --git a/modules/compliance-crd-tailored-profile.adoc b/modules/compliance-crd-tailored-profile.adoc
index 96408f985628..f161a270c8d0 100644
--- a/modules/compliance-crd-tailored-profile.adoc
+++ b/modules/compliance-crd-tailored-profile.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="tailored-profile-object_{context}"]
 = TailoredProfile object
 
diff --git a/modules/compliance-crd-workflow.adoc b/modules/compliance-crd-workflow.adoc
index a5f4cff79971..b5ad6f75357b 100644
--- a/modules/compliance-crd-workflow.adoc
+++ b/modules/compliance-crd-workflow.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-crd.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="custom-resource-definitions-workflow_{context}"]
 = CRDs workflow
 
diff --git a/modules/compliance-custom-node-pools.adoc b/modules/compliance-custom-node-pools.adoc
index e0c7bd03c0ca..7247552ebee1 100644
--- a/modules/compliance-custom-node-pools.adoc
+++ b/modules/compliance-custom-node-pools.adoc
@@ -1,38 +1,15 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-custom-node-pools_{context}"]
 = Scanning custom node pools
 
 The Compliance Operator does not maintain a copy of each node pool configuration. The Compliance Operator aggregates consistent configuration options for all nodes within a single node pool into one copy of the configuration file. The Compliance Operator then uses the configuration file for a particular node pool to evaluate rules against nodes within that pool.
 
-If your cluster uses custom node pools outside the default `worker` and `master` node pools, you must supply additional variables to ensure the Compliance Operator aggregates a configuration file for that node pool.
-
 .Procedure
 
-. To check the configuration against all pools in an example cluster containing `master`, `worker`, and custom `example` node pools, set the value of the `ocp-var-role-master` and `opc-var-role-worker` fields to `example` in the `TailoredProfile` object:
-+
-[source,yaml]
-----
-apiVersion: compliance.openshift.io/v1alpha1
-kind: TailoredProfile
-metadata:
-  name: cis-example-tp
-spec:
-  extends: ocp4-cis
-  title: My modified NIST profile to scan example nodes
-  setValues:
-  - name: ocp4-var-role-master
-    value: example
-    rationale: test for example nodes
-  - name: ocp4-var-role-worker
-    value: example
-    rationale: test for example nodes
-  description: cis-example-scan
-----
-
 . Add the `example` role to the `ScanSetting` object that will be stored in the `ScanSettingBinding` CR:
 +
 [source,yaml]
@@ -72,17 +49,12 @@ profiles:
 - apiGroup: compliance.openshift.io/v1alpha1
   kind: Profile
   name: ocp4-cis-node
-- apiGroup: compliance.openshift.io/v1alpha1
-  kind: TailoredProfile
-  name: cis-example-tp
 settingsRef:
   apiGroup: compliance.openshift.io/v1alpha1
   kind: ScanSetting
   name: default
 ----
 
-The Compliance Operator checks the runtime `KubeletConfig` through the `Node/Proxy` API object and then uses variables such as `ocp-var-role-master` and `ocp-var-role-worker` to determine the nodes it performs the check against. In the `ComplianceCheckResult`, the `KubeletConfig` rules are shown as `ocp4-cis-kubelet-*`. The scan passes only if all selected nodes pass this check.
-
 .Verification
 
 * The Platform KubeletConfig rules are checked through the `Node/Proxy` object. You can find those rules by running the following command:
diff --git a/modules/compliance-custom-scc.adoc b/modules/compliance-custom-scc.adoc
index fbb0ad118971..4b8d1cf32a18 100644
--- a/modules/compliance-custom-scc.adoc
+++ b/modules/compliance-custom-scc.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-custom-scc_{context}"]
 = Creating a custom SCC for the Compliance Operator
 
-In some environments, you must create a custom Security Context Constraints (SCC) file to ensure the correct permissions are available to the Compliance Operator `api-resource-collector`. 
+In some environments, you must create a custom Security Context Constraints (SCC) file to ensure the correct permissions are available to the Compliance Operator `api-resource-collector`.
 
 .Prerequisites
 
diff --git a/modules/compliance-custom-storage.adoc b/modules/compliance-custom-storage.adoc
index ccb7299dd930..4e975afb9db9 100644
--- a/modules/compliance-custom-storage.adoc
+++ b/modules/compliance-custom-storage.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
 [id="compliance-custom-storage_{context}"]
 = Setting custom storage size for results
diff --git a/modules/compliance-evaluate-kubeletconfig-rules.adoc b/modules/compliance-evaluate-kubeletconfig-rules.adoc
index 181e9a42a303..b2536dab7d67 100644
--- a/modules/compliance-evaluate-kubeletconfig-rules.adoc
+++ b/modules/compliance-evaluate-kubeletconfig-rules.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-evaluate-kubeletconfig-rules_{context}"]
 = Evaluating KubeletConfig rules against default configuration values
 
diff --git a/modules/compliance-filtering-results.adoc b/modules/compliance-filtering-results.adoc
index 6f3356d5fd45..767d5f6f4fb5 100644
--- a/modules/compliance-filtering-results.adoc
+++ b/modules/compliance-filtering-results.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="filtering-compliance-check-results_{context}"]
 = Filters for compliance check results
 
diff --git a/modules/compliance-imagestreams.adoc b/modules/compliance-imagestreams.adoc
index 4d7c883701af..80e9085635a6 100644
--- a/modules/compliance-imagestreams.adoc
+++ b/modules/compliance-imagestreams.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-manage.adoc
+// * security/compliance_operator/co-management/compliance-operator-manage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-imagestreams_{context}"]
 = Using image streams
 
diff --git a/modules/compliance-inconsistent.adoc b/modules/compliance-inconsistent.adoc
index d0d734877259..dce0d60dd46d 100644
--- a/modules/compliance-inconsistent.adoc
+++ b/modules/compliance-inconsistent.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-inconsistent_{context}"]
 = Inconsistent ComplianceScan
 The `ScanSetting` object lists the node roles that the compliance scans generated from the `ScanSetting` or `ScanSettingBinding` objects would scan. Each node role usually maps to a machine config pool.
diff --git a/modules/compliance-increasing-operator-limits.adoc b/modules/compliance-increasing-operator-limits.adoc
index 77c8f5bd17b8..1ba641d501c3 100644
--- a/modules/compliance-increasing-operator-limits.adoc
+++ b/modules/compliance-increasing-operator-limits.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-troubleshooting.adoc
+// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-increasing-operator-limits_{context}"]
 = Increasing Compliance Operator resource limits
 
diff --git a/modules/compliance-kubeletconfig-sub-pool-remediation.adoc b/modules/compliance-kubeletconfig-sub-pool-remediation.adoc
index 471299ca99c7..c9243df9fcc1 100644
--- a/modules/compliance-kubeletconfig-sub-pool-remediation.adoc
+++ b/modules/compliance-kubeletconfig-sub-pool-remediation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-kubeletconfig-sub-pool-remediation_{context}"]
 = Remediating `KubeletConfig` sub pools
 
diff --git a/modules/compliance-manual.adoc b/modules/compliance-manual.adoc
index 52ef596ecb58..873db7e790df 100644
--- a/modules/compliance-manual.adoc
+++ b/modules/compliance-manual.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-manual_{context}"]
 = Remediating a platform check manually
 
diff --git a/modules/compliance-new-tailored-profiles.adoc b/modules/compliance-new-tailored-profiles.adoc
index 9c8468d3361c..e89a836c3107 100644
--- a/modules/compliance-new-tailored-profiles.adoc
+++ b/modules/compliance-new-tailored-profiles.adoc
@@ -1,20 +1,20 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-tailor.adoc
+// * security/compliance_operator/co-scans/compliance-operator-tailor.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-new-tailored-profiles_{context}"]
 = Creating a new tailored profile
 
-You can write a tailored profile from scratch using the `TailoredProfile` object. Set an appropriate `title` and `description` and leave the `extends` field empty. Indicate to the Compliance Operator what type of scan will this custom profile generate:
+You can write a tailored profile from scratch by using the `TailoredProfile` object. Set an appropriate `title` and `description` and leave the `extends` field empty. Indicate to the Compliance Operator what type of scan this custom profile will generate:
 
 * Node scan: Scans the Operating System.
-* Platform scan: Scans the OpenShift configuration.
+* Platform scan: Scans the {product-title} configuration.
 
 .Procedure
 
-Set the following annotation on the `TailoredProfile` object:
-+
+* Set the following annotation on the `TailoredProfile` object:
+
 .Example `new-profile.yaml`
 [source,yaml]
 ----
@@ -25,13 +25,20 @@ metadata:
   annotations:
     compliance.openshift.io/product-type: Node <1>
 spec:
-  extends:
-  description: My custom profile <2>
-  title: Custom profile <3>
+  extends: ocp4-cis-node <2>
+  description: My custom profile <3>
+  title: Custom profile <4>
+  enableRules:
+    - name: ocp4-etcd-unique-ca
+      rationale: We really need to enable this
+  disableRules:
+    - name: ocp4-file-groupowner-cni-conf
+      rationale: This does not apply to the cluster
 ----
 <1> Set `Node` or `Platform` accordingly.
-<2> Use the `description` field to describe the function of the new `TailoredProfile` object.
-<3> Give your `TailoredProfile` object a title with the `title` field.
+<2> The `extends` field is optional.
+<3> Use the `description` field to describe the function of the new `TailoredProfile` object.
+<4> Give your `TailoredProfile` object a title with the `title` field.
 +
 [NOTE]
 ====
diff --git a/modules/compliance-objects.adoc b/modules/compliance-objects.adoc
index 0db4e4b9a693..59d712faf45e 100644
--- a/modules/compliance-objects.adoc
+++ b/modules/compliance-objects.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
 [id="compliance-objects_{context}"]
 = Using the ComplianceSuite and ComplianceScan objects directly
@@ -28,7 +28,7 @@ spec:
     - name: workers-scan
       profile: xccdf_org.ssgproject.content_profile_moderate
       content: ssg-rhcos4-ds.xml
-      contentImage: quay.io/complianceascode/ocp4:latest
+      contentImage: registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:45dc...
       debug: true
       rule: xccdf_org.ssgproject.content_rule_no_direct_root_logins
       nodeSelector:
diff --git a/modules/compliance-operator-cli-installation.adoc b/modules/compliance-operator-cli-installation.adoc
index f9cb58f3f487..7ec7712c0afe 100644
--- a/modules/compliance-operator-cli-installation.adoc
+++ b/modules/compliance-operator-cli-installation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-installation.adoc
+// * security/compliance_operator/co-management/compliance-operator-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-compliance-operator-cli_{context}"]
 = Installing the Compliance Operator using the CLI
 
diff --git a/modules/compliance-operator-cli-uninstall.adoc b/modules/compliance-operator-cli-uninstall.adoc
index 47625212d37c..e58b751eef96 100644
--- a/modules/compliance-operator-cli-uninstall.adoc
+++ b/modules/compliance-operator-cli-uninstall.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// security/compliance_operator/compliance-operator-uninstallation.adoc
+// security/compliance_operator/co-management/compliance-operator-uninstallation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-operator-uninstall-cli_{context}"]
 = Uninstalling the OpenShift Compliance Operator from {product-title} using the CLI
 
@@ -21,78 +21,56 @@ To remove the Compliance Operator, you must first delete the objects in the name
 +
 [source,terminal]
 ----
-$ oc delete ssb <ScanSettingBinding-name> -n openshift-compliance
+$ oc delete ssb --all -n openshift-compliance
 ----
 
 .. Delete the `ScanSetting` objects:
 +
 [source,terminal]
 ----
-$ oc delete ss <ScanSetting-name> -n openshift-compliance
+$ oc delete ss --all -n openshift-compliance
 ----
 
 .. Delete the `ComplianceSuite` objects:
 +
 [source,terminal]
 ----
-$ oc delete suite <compliancesuite-name> -n openshift-compliance
+$ oc delete suite --all -n openshift-compliance
 ----
 
 .. Delete the `ComplianceScan` objects:
 +
 [source,terminal]
 ----
-$ oc delete scan <compliancescan-name> -n openshift-compliance
-----
-
-.. Obtain the `ProfileBundle` objects:
-+
-[source,terminal]
-----
-$ oc get profilebundle.compliance -n openshift-compliance
-----
-+
-.Example output
-[source,terminal]
-----
-NAME     CONTENTIMAGE                                                                     CONTENTFILE         STATUS
-ocp4     registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:<hash>   ssg-ocp4-ds.xml     VALID
-rhcos4   registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:<hash>   ssg-rhcos4-ds.xml   VALID
+$ oc delete scan --all -n openshift-compliance
 ----
 
 .. Delete the `ProfileBundle` objects:
 +
 [source,terminal]
 ----
-$ oc delete profilebundle.compliance ocp4 rhcos4 -n openshift-compliance
-----
-+
-.Example output
-[source,terminal]
-----
-profilebundle.compliance.openshift.io "ocp4" deleted
-profilebundle.compliance.openshift.io "rhcos4" deleted
+$ oc delete profilebundle.compliance --all -n openshift-compliance
 ----
 
 . Delete the Subscription object:
 +
 [source,terminal]
 ----
-$ oc delete sub <Subscription-Name> -n openshift-compliance
+$ oc delete sub --all -n openshift-compliance
 ----
 
 . Delete the CSV object:
 +
 [source,terminal]
 ----
-$ oc delete CSV -n openshift-compliance
+$ oc delete csv --all -n openshift-compliance
 ----
 
 . Delete the project:
 +
 [source,terminal]
 ----
-$ oc delete project -n openshift-compliance
+$ oc delete project openshift-compliance
 ----
 +
 .Example output
@@ -114,4 +92,4 @@ $ oc get project/openshift-compliance
 [source,terminal]
 ----
 Error from server (NotFound): namespaces "openshift-compliance" not found
-----
\ No newline at end of file
+----
diff --git a/modules/compliance-operator-console-installation.adoc b/modules/compliance-operator-console-installation.adoc
index c0dd1e7ac2c4..7b2de3a03450 100644
--- a/modules/compliance-operator-console-installation.adoc
+++ b/modules/compliance-operator-console-installation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-installation.adoc
+// * security/compliance_operator/co-management/compliance-operator-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-compliance-operator-web-console_{context}"]
 = Installing the Compliance Operator through the web console
 
diff --git a/modules/compliance-operator-hcp-install.adoc b/modules/compliance-operator-hcp-install.adoc
new file mode 100644
index 000000000000..f4ccfb97f51c
--- /dev/null
+++ b/modules/compliance-operator-hcp-install.adoc
@@ -0,0 +1,109 @@
+// Module included in the following assemblies:
+//
+// * security/compliance_operator/co-management/compliance-operator-installation.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-compliance-operator-hcp_{context}"]
+= Installing the Compliance Operator on Hosted control planes
+
+The Compliance Operator can be installed in Hosted control planes using the OperatorHub by creating a `Subscription` file.
+
+:FeatureName: Hosted control planes
+include::snippets/technology-preview.adoc[]
+
+.Prerequisites
+
+* You must have `admin` privileges.
+
+.Procedure
+
+. Define a `Namespace` object similar to the following:
++
+.Example `namespace-object.yaml`
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    openshift.io/cluster-monitoring: "true"
+    pod-security.kubernetes.io/enforce: privileged <1>
+  name: openshift-compliance
+----
+<1> In {product-title} {product-version}, the pod security label must be set to `privileged` at the namespace level.
+
+. Create the `Namespace` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f namespace-object.yaml
+----
+
+. Define an `OperatorGroup` object:
++
+.Example `operator-group-object.yaml`
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: compliance-operator
+  namespace: openshift-compliance
+spec:
+  targetNamespaces:
+  - openshift-compliance
+----
+
+. Create the `OperatorGroup` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f operator-group-object.yaml
+----
+
+. Define a `Subscription` object:
++
+.Example `subscription-object.yaml`
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: compliance-operator-sub
+  namespace: openshift-compliance
+spec:
+  channel: "stable"
+  installPlanApproval: Automatic
+  name: compliance-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  config:
+    nodeSelector:
+      node-role.kubernetes.io/worker: ""
+    env:
+    - name: PLATFORM
+      value: "HyperShift"
+----
+
+. Create the `Subscription` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f subscription-object.yaml
+----
+
+.Verification
+
+. Verify the installation succeeded by inspecting the CSV file by running the following command:
++
+[source,terminal]
+----
+$ oc get csv -n openshift-compliance
+----
+
+. Verify that the Compliance Operator is up and running by running the following command:
++
+[source,terminal]
+----
+$ oc get deploy -n openshift-compliance
+----
\ No newline at end of file
diff --git a/modules/compliance-operator-hcp-mgmt-config.adoc b/modules/compliance-operator-hcp-mgmt-config.adoc
new file mode 100644
index 000000000000..7d28ef894bc2
--- /dev/null
+++ b/modules/compliance-operator-hcp-mgmt-config.adoc
@@ -0,0 +1,72 @@
+// Module included in the following assemblies:
+//
+// * security/compliance_operator/compliance-scans.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="co-hcp-mgmt-config_{context}"]
+= Configuring the Hosted control planes management cluster
+
+If you are hosting your own Hosted control plane or Hypershift environment and want to scan a Hosted Cluster from the management cluster, you will need to set the name and prefix namespace for the target Hosted Cluster. You can achieve this by creating a `TailoredProfile`.
+
+[IMPORTANT]
+====
+This procedure only applies to users managing their own Hosted control planes environment.
+====
+
+[NOTE]
+====
+Only `ocp4-cis` and `ocp4-pci-dss` profiles are supported in Hosted control planes management clusters.
+====
+
+.Prerequisites
+
+* The Compliance Operator is installed in the management cluster.
+
+.Procedure
+
+. Obtain the `name` and `namespace` of the hosted cluster to be scanned by running the following command:
++
+[source,terminal]
+----
+$ oc get hostedcluster -A
+----
++
+.Example output
+[source,terminal]
+----
+NAMESPACE       NAME                   VERSION   KUBECONFIG                              PROGRESS    AVAILABLE   PROGRESSING   MESSAGE
+local-cluster   79136a1bdb84b3c13217   4.13.5    79136a1bdb84b3c13217-admin-kubeconfig   Completed   True        False         The hosted control plane is available
+----
+
+. In the management cluster, create a `TailoredProfile` extending the scan Profile and define the name and namespace of the Hosted Cluster to be scanned:
++
+.Example `management-tailoredprofile.yaml`
+[source,yaml]
+----
+apiVersion: compliance.openshift.io/v1alpha1
+kind: TailoredProfile
+metadata:
+  name: hypershift-cisk57aw88gry
+  namespace: openshift-compliance
+spec:
+  description: This profile test required rules
+  extends: ocp4-cis <1>
+  title: Management namespace profile
+  setValues:
+  - name: ocp4-hypershift-cluster
+    rationale: This value is used for HyperShift version detection
+    value: 79136a1bdb84b3c13217 <2>
+  - name: ocp4-hypershift-namespace-prefix
+    rationale: This value is used for HyperShift control plane namespace detection
+    value: local-cluster <3>
+----
+<1> Variable. Only `ocp4-cis` and `ocp4-pci-dss` profiles are supported in Hosted control planes management clusters.
+<2> The `value` is the `NAME` from the output in the previous step.
+<3> The `value` is the `NAMESPACE` from the output in the previous step.
+
+. Create the `TailoredProfile`:
++
+[source,terminal]
+----
+$ oc create -n openshift-compliance -f mgmt-tp.yaml
+----
\ No newline at end of file
diff --git a/modules/compliance-operator-uninstall.adoc b/modules/compliance-operator-uninstall.adoc
index d45269360b85..9bc5e8f653be 100644
--- a/modules/compliance-operator-uninstall.adoc
+++ b/modules/compliance-operator-uninstall.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// security/compliance_operator/compliance-operator-uninstallation.adoc
+// security/compliance_operator/co-management/compliance-operator-uninstallation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-operator-uninstall_{context}"]
 = Uninstalling the OpenShift Compliance Operator from {product-title} using the web console
 
diff --git a/modules/compliance-priorityclass.adoc b/modules/compliance-priorityclass.adoc
index fc62847beb78..2648ab02da2d 100644
--- a/modules/compliance-priorityclass.adoc
+++ b/modules/compliance-priorityclass.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-priorityclass_{context}"]
 = Setting `PriorityClass` for `ScanSetting` scans
 
diff --git a/modules/compliance-profilebundle.adoc b/modules/compliance-profilebundle.adoc
index efad4006acb9..77fd2d982718 100644
--- a/modules/compliance-profilebundle.adoc
+++ b/modules/compliance-profilebundle.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-manage.adoc
+// * security/compliance_operator/co-management/compliance-operator-manage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-profilebundle_{context}"]
 = ProfileBundle CR example
 
diff --git a/modules/compliance-profiles.adoc b/modules/compliance-profiles.adoc
index dbcbf8c3960c..3f9add649797 100644
--- a/modules/compliance-profiles.adoc
+++ b/modules/compliance-profiles.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-understanding.adoc
+// * security/compliance_operator/co-concepts/compliance-operator-understanding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance_profiles_{context}"]
 = Compliance Operator profiles
 
@@ -193,7 +193,7 @@ warning: Manual editing of these files may indicate nefarious activity, such as
 ----
 ====
 
-[id="compliance_profile_types{context}"]
+[id="compliance_profile_types_{context}"]
 == Compliance Operator profile types
 
 There are two types of compliance profiles available: Platform and Node.
diff --git a/modules/compliance-raw-tailored.adoc b/modules/compliance-raw-tailored.adoc
index f0cb71982f9d..cdbc22a57a25 100644
--- a/modules/compliance-raw-tailored.adoc
+++ b/modules/compliance-raw-tailored.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-raw-tailored_{context}"]
 = Using raw tailored profiles
 While the `TailoredProfile` CR enables the most common tailoring operations, the XCCDF standard allows even more flexibility in tailoring OpenSCAP profiles. In addition, if your organization has been using OpenScap previously, you may have an existing XCCDF tailoring file and can reuse it.
@@ -33,7 +33,7 @@ spec:
     - name: workers-scan
       profile: xccdf_org.ssgproject.content_profile_moderate
       content: ssg-rhcos4-ds.xml
-      contentImage: quay.io/complianceascode/ocp4:latest
+      contentImage: registry.redhat.io/compliance/openshift-compliance-content-rhel8@sha256:45dc...
       debug: true
   tailoringConfigMap:
       name: nist-moderate-modified
diff --git a/modules/compliance-removing-kubeletconfig.adoc b/modules/compliance-removing-kubeletconfig.adoc
index be84a1b811b2..079fbebc474d 100644
--- a/modules/compliance-removing-kubeletconfig.adoc
+++ b/modules/compliance-removing-kubeletconfig.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-removing-kubeletconfig_{context}"]
 = Removing a KubeletConfig remediation
 `KubeletConfig` remediations are included in node-level profiles. In order to remove a KubeletConfig remediation, you must manually remove it from the `KubeletConfig` objects. This example demonstrates how to remove the compliance check for the `one-rule-tp-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available` remediation.
@@ -36,7 +36,7 @@ metadata:
     blockOwnerDeletion: true
     controller: true
     kind: ComplianceCheckResult
-    name: one-rule-tp-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available 
+    name: one-rule-tp-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available
     uid: fe8e1577-9060-4c59-95b2-3e2c51709adc
   resourceVersion: "84820"
   uid: 5339d21a-24d7-40cb-84d2-7a2ebb015355
diff --git a/modules/compliance-rescan.adoc b/modules/compliance-rescan.adoc
index 331f7deea867..46c54cead302 100644
--- a/modules/compliance-rescan.adoc
+++ b/modules/compliance-rescan.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-advanced.adoc
+// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc
 
 [id="compliance-rescan_{context}"]
 = Performing a rescan
diff --git a/modules/compliance-results.adoc b/modules/compliance-results.adoc
index 72d171cef7ff..1e88129bd19c 100644
--- a/modules/compliance-results.adoc
+++ b/modules/compliance-results.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-raw-results.adoc
+// * security/compliance_operator/co-scans/compliance-operator-raw-results.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-results_{context}"]
 = Obtaining Compliance Operator raw results from a persistent volume
 
diff --git a/modules/compliance-review.adoc b/modules/compliance-review.adoc
index 111ac9faa5a8..71f0d9ce177e 100644
--- a/modules/compliance-review.adoc
+++ b/modules/compliance-review.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
 [id="compliance-review_{context}"]
 = Reviewing a remediation
@@ -53,3 +53,8 @@ $ echo "net.ipv4.conf.all.accept_redirects%3D0" | python3 -c "import sys, urllib
 ----
 net.ipv4.conf.all.accept_redirects=0
 ----
+
+[IMPORTANT]
+====
+The Compliance Operator does not automatically resolve dependency issues that can occur between remediations. Users should perform a rescan after remediations are applied to ensure accurate results.
+====
\ No newline at end of file
diff --git a/modules/compliance-scansetting-cr.adoc b/modules/compliance-scansetting-cr.adoc
index a76b1da48e4a..f78289440b91 100644
--- a/modules/compliance-scansetting-cr.adoc
+++ b/modules/compliance-scansetting-cr.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-scans.adoc
+// * security/compliance_operator/co-scans/compliance-scans.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-scansetting-cr_{context}"]
 = `ScanSetting` Custom Resource
 
diff --git a/modules/compliance-scheduling-pods-with-resource-requests.adoc b/modules/compliance-scheduling-pods-with-resource-requests.adoc
index 2afb461050d6..9b63446f2bc1 100644
--- a/modules/compliance-scheduling-pods-with-resource-requests.adoc
+++ b/modules/compliance-scheduling-pods-with-resource-requests.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-scans.adoc
+// * security/compliance_operator/co-scans/compliance-scans.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-scheduling-pods-with-resource-requests_{context}"]
 = Scheduling Pods with container resource requests
 
diff --git a/modules/compliance-supported-profiles.adoc b/modules/compliance-supported-profiles.adoc
index 77e6b1203c6f..7fd526ec13ce 100644
--- a/modules/compliance-supported-profiles.adoc
+++ b/modules/compliance-supported-profiles.adoc
@@ -2,7 +2,7 @@
 //
 // * security/compliance_operator/
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-supported-profiles_{context}"]
 = Compliance profiles
 
@@ -19,19 +19,40 @@ The Compliance Operator provides the following compliance profiles:
 |Industry compliance benchmark
 |Supported architectures
 
+|rhcos4-stig
+|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
+|Node
+|1.3.0+
+|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG] ^[1]^
+|`x86_64`
+
+|ocp4-stig-node
+|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
+|Node
+|1.3.0+
+|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG] ^[1]^
+|`x86_64`
+
+|ocp4-stig
+|Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) for Red Hat Openshift
+|Platform
+|1.3.0+
+|link:https://public.cyber.mil/stigs/downloads/[DISA-STIG] ^[1]^
+|`x86_64`
+
 |ocp4-cis
-|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.1.0
+|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.4.0
 |Platform
-|0.1.39+
+|1.2.0+
 |link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks &#8482;] ^[1]^
 |`x86_64`
  `ppc64le`
  `s390x`
 
 |ocp4-cis-node
-|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.1.0
+|CIS Red Hat OpenShift Container Platform 4 Benchmark v1.4.0
 |Node ^[2]^
-|0.1.39+
+|1.2.0+
 |link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks &#8482;] ^[1]^
 |`x86_64`
  `ppc64le`
@@ -50,6 +71,8 @@ The Compliance Operator provides the following compliance profiles:
 |0.1.39+
 |link:https://nvd.nist.gov/800-53/Rev4/impact/moderate[NIST SP-800-53 Release Search]
 |`x86_64`
+ `ppc64le`
+ `s390x`
 
 |rhcos4-e8
 |Australian Cyber Security Centre (ACSC) Essential Eight
@@ -71,26 +94,28 @@ The Compliance Operator provides the following compliance profiles:
 |0.1.44+
 |link:https://nvd.nist.gov/800-53/Rev4/impact/moderate[NIST SP-800-53 Release Search]
 |`x86_64`
+ `ppc64le`
+ `s390x`
 
 |ocp4-nerc-cip
 |North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for the Red Hat OpenShift Container Platform - Platform level
 |Platform
 |0.1.44+
-|link:https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx[NERC CIP Standards]
+|link:https://www.nerc.com/pa/Stand/Pages/USRelStand.aspx[NERC CIP Standards]
 |`x86_64`
 
 |ocp4-nerc-cip-node
 |North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for the Red Hat OpenShift Container Platform - Node level
 |Node ^[2]^
 |0.1.44+
-|link:https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx[NERC CIP Standards]
+|link:https://www.nerc.com/pa/Stand/Pages/USRelStand.aspx[NERC CIP Standards]
 |`x86_64`
 
 |rhcos4-nerc-cip
 |North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for Red Hat Enterprise Linux CoreOS
 |Node
 |0.1.44+
-|link:https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx[NERC CIP Standards]
+|link:https://www.nerc.com/pa/Stand/Pages/USRelStand.aspx[NERC CIP Standards]
 |`x86_64`
 
 |ocp4-pci-dss
@@ -131,5 +156,44 @@ The Compliance Operator provides the following compliance profiles:
 |`x86_64`
 |===
 [.small]
-1. To locate the CIS {product-title} v4 Benchmark, go to  link:https://www.cisecurity.org/cis-benchmarks/[CIS Benchmarks] and type `Kubernetes` in the search box. Click on *Kubernetes* and then *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
-2. Node profiles must be used with the relevant Platform profile. For more information, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profile_typesunderstanding-compliance[Compliance Operator profile types].
\ No newline at end of file
+1. To locate the CIS {product-title} v4 Benchmark, go to  link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
+2. Node profiles must be used with the relevant Platform profile. For more information, see _Compliance Operator profile types_.
+
+[id="compliance-extended-profiles_{context}"]
+== About extended compliance profiles
+
+Some compliance profiles have controls that require following industry best practices, resulting in some profiles extending others. Combining the Center for Internet Security (CIS) best practices with National Institute of Standards and Technology (NIST) security frameworks establishes a path to a secure and compliant environment.
+
+For example, the NIST High-Impact and Moderate-Impact profiles extend the CIS profile to achieve compliance. As a result, extended compliance profiles eliminate the need to run both profiles in a single cluster.
+
+.Profile extensions
+[cols="50%,50%", options="header"]
+
+|===
+|Profile
+|Extends
+
+|ocp4-pci-dss
+|ocp4-cis
+
+|ocp4-pci-dss-node
+|ocp4-cis-node
+
+|ocp4-high
+|ocp4-cis
+
+|ocp4-high-node
+|ocp4-cis-node
+
+|ocp4-moderate
+|ocp4-cis
+
+|ocp4-moderate-node
+|ocp4-cis-node
+
+|ocp4-nerc-cip
+|ocp4-moderate
+
+|ocp4-nerc-cip-node
+|ocp4-moderate-node
+|===
\ No newline at end of file
diff --git a/modules/compliance-tailored-profiles.adoc b/modules/compliance-tailored-profiles.adoc
index 620f2f082470..6e187ab0600d 100644
--- a/modules/compliance-tailored-profiles.adoc
+++ b/modules/compliance-tailored-profiles.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-tailor.adoc
+// * security/compliance_operator/co-scans/compliance-operator-tailor.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-tailored-profiles_{context}"]
 = Using tailored profiles to extend existing ProfileBundles
 While the `TailoredProfile` CR enables the most common tailoring operations, the XCCDF standard allows even more flexibility in tailoring OpenSCAP profiles. In addition, if your organization has been using OpenScap previously, you may have an existing XCCDF tailoring file and can reuse it.
diff --git a/modules/compliance-timeout.adoc b/modules/compliance-timeout.adoc
index 31d75ba13941..0c15ec2960b8 100644
--- a/modules/compliance-timeout.adoc
+++ b/modules/compliance-timeout.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-troubleshooting.adoc
+// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-timeout_{context}"]
 = Configuring ScanSetting timeout
 
diff --git a/modules/compliance-unapplying.adoc b/modules/compliance-unapplying.adoc
index d214ca6ea313..ddd54d5fc0a0 100644
--- a/modules/compliance-unapplying.adoc
+++ b/modules/compliance-unapplying.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-unapplying_{context}"]
 = Unapplying a remediation
 It might be required to unapply a remediation that was previously applied.
@@ -23,3 +23,8 @@ patch complianceremediations/rhcos4-moderate-worker-sysctl-net-ipv4-conf-all-acc
 ====
 All affected nodes with the remediation will be rebooted.
 ====
+
+[IMPORTANT]
+====
+The Compliance Operator does not automatically resolve dependency issues that can occur between remediations. Users should perform a rescan after remediations are applied to ensure accurate results.
+====
\ No newline at end of file
diff --git a/modules/compliance-update.adoc b/modules/compliance-update.adoc
index 2ed2be580eb1..89bf414f5ba7 100644
--- a/modules/compliance-update.adoc
+++ b/modules/compliance-update.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-manage.adoc
+// * security/compliance_operator/co-management/compliance-operator-manage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compliance-update_{context}"]
 = Updating security content
 
diff --git a/modules/compliance-updating.adoc b/modules/compliance-updating.adoc
index 6b0673e27042..daa2f934b1ae 100644
--- a/modules/compliance-updating.adoc
+++ b/modules/compliance-updating.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-remediation.adoc
+// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="compliance-updating_{context}"]
 = Updating remediations
 
@@ -52,3 +52,8 @@ workers-scan-no-empty-passwords   Applied
 ----
 
 . The nodes will apply the newer remediation version and reboot.
+
+[IMPORTANT]
+====
+The Compliance Operator does not automatically resolve dependency issues that can occur between remediations. Users should perform a rescan after remediations are applied to ensure accurate results.
+====
\ No newline at end of file
diff --git a/modules/compute-machineset-upi-reqs.adoc b/modules/compute-machineset-upi-reqs.adoc
index ff6d5f90e3c0..6116509f5d2c 100644
--- a/modules/compute-machineset-upi-reqs.adoc
+++ b/modules/compute-machineset-upi-reqs.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "creating-machineset-vsphere"]
 :vsphere:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="compute-machineset-upi-reqs_{context}"]
 = Requirements for clusters with user-provisioned infrastructure to use compute machine sets
 
diff --git a/modules/con_auto-reboot-during-argo-cd-sync-with-machine-configurations.adoc b/modules/con_auto-reboot-during-argo-cd-sync-with-machine-configurations.adoc
index 798687c94189..25456588be96 100644
--- a/modules/con_auto-reboot-during-argo-cd-sync-with-machine-configurations.adoc
+++ b/modules/con_auto-reboot-during-argo-cd-sync-with-machine-configurations.adoc
@@ -1,4 +1,4 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="auto-reboot-during-argo-cd-sync-with-machine-configurations"]
 = Issue: Auto-reboot during Argo CD sync with machine configurations
diff --git a/modules/con_bmo-bare-metal-operator-architecture.adoc b/modules/con_bmo-bare-metal-operator-architecture.adoc
index c263a5df8cf1..eea8e45d9bc9 100644
--- a/modules/con_bmo-bare-metal-operator-architecture.adoc
+++ b/modules/con_bmo-bare-metal-operator-architecture.adoc
@@ -1,7 +1,7 @@
 // This is included in the following assemblies:
 //
 // post_installation_configuration/bare-metal-configuration.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="bmo-bare-metal-operator-architecture_{context}"]
 = Bare Metal Operator architecture
 
@@ -11,16 +11,16 @@ image::302_OpenShift_Bare_Metal_Operator_0223.png[BMO architecture overview]
 
 .BareMetalHost
 
-The `BareMetalHost` resource defines a physical host and its properties. When you provision a bare-metal host to the cluster, you must define a `BareMetalHost` resource for that host. For ongoing management of the host, you can inspect the information in the `BareMetalHost` or update this information. 
+The `BareMetalHost` resource defines a physical host and its properties. When you provision a bare-metal host to the cluster, you must define a `BareMetalHost` resource for that host. For ongoing management of the host, you can inspect the information in the `BareMetalHost` or update this information.
 
 The `BareMetalHost` resource features provisioning information such as the following:
 
-* Deployment specifications such as the operating system boot image or the custom RAM disk 
-* Provisioning state 
+* Deployment specifications such as the operating system boot image or the custom RAM disk
+* Provisioning state
 * Baseboard Management Controller (BMC) address
 * Desired power state
 
-The `BareMetalHost` resource features hardware information such as the following: 
+The `BareMetalHost` resource features hardware information such as the following:
 
 * Number of CPUs
 * MAC address of a NIC
@@ -28,9 +28,9 @@ The `BareMetalHost` resource features hardware information such as the following
 * Current power state
 
 .HostFirmwareSettings
-You can use the `HostFirmwareSettings` resource to retrieve and manage the firmware settings for a host. When a host moves to the `Available` state, the Ironic service reads the host's firmware settings and creates the `HostFirmwareSettings` resource. There is a one-to-one mapping between the `BareMetalHost` resource and the `HostFirmwareSettings` resource. 
+You can use the `HostFirmwareSettings` resource to retrieve and manage the firmware settings for a host. When a host moves to the `Available` state, the Ironic service reads the host's firmware settings and creates the `HostFirmwareSettings` resource. There is a one-to-one mapping between the `BareMetalHost` resource and the `HostFirmwareSettings` resource.
 
-You can use the `HostFirmwareSettings` resource to inspect the firmware specifications for a host or to update a host's firmware specifications. 
+You can use the `HostFirmwareSettings` resource to inspect the firmware specifications for a host or to update a host's firmware specifications.
 
 [NOTE]
 ====
@@ -38,9 +38,9 @@ You must adhere to the schema specific to the vendor firmware when you edit the
 ====
 
 .FirmwareSchema
-Firmware settings vary among hardware vendors and host models. A `FirmwareSchema` resource is a read-only resource that contains the types and limits for each firmware setting on each host model. The data comes directly from the BMC by using the Ironic service. The `FirmwareSchema` resource enables you to identify valid values you can specify in the `spec` field of the `HostFirmwareSettings` resource. 
+Firmware settings vary among hardware vendors and host models. A `FirmwareSchema` resource is a read-only resource that contains the types and limits for each firmware setting on each host model. The data comes directly from the BMC by using the Ironic service. The `FirmwareSchema` resource enables you to identify valid values you can specify in the `spec` field of the `HostFirmwareSettings` resource.
 
-A `FirmwareSchema` resource can apply to many `BareMetalHost` resources if the schema is the same. 
+A `FirmwareSchema` resource can apply to many `BareMetalHost` resources if the schema is the same.
 
 [role="_additional-resources"]
 .Additional resources
diff --git a/modules/config-aws-access.adoc b/modules/config-aws-access.adoc
index b037e04e3e96..45022ed43213 100644
--- a/modules/config-aws-access.adoc
+++ b/modules/config-aws-access.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-aws-access_{context}"]
 
 = Configuring AWS infrastructure access
diff --git a/modules/config-github-idp.adoc b/modules/config-github-idp.adoc
index dd6b0033da72..b628f5a8fce5 100644
--- a/modules/config-github-idp.adoc
+++ b/modules/config-github-idp.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-github-idp_{context}"]
 = Configuring a GitHub identity provider
 
diff --git a/modules/config-gitlab-idp.adoc b/modules/config-gitlab-idp.adoc
index ac89b1c27fdb..f4d21875e35f 100644
--- a/modules/config-gitlab-idp.adoc
+++ b/modules/config-gitlab-idp.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-gitlab-idp_{context}"]
 = Configuring a GitLab identity provider
 
diff --git a/modules/config-google-idp.adoc b/modules/config-google-idp.adoc
index 7e5069ef999e..25253407bb27 100644
--- a/modules/config-google-idp.adoc
+++ b/modules/config-google-idp.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-google-idp_{context}"]
 = Configuring a Google identity provider
 
diff --git a/modules/config-htpasswd-idp.adoc b/modules/config-htpasswd-idp.adoc
index beb8b0a5ca1e..531b2d551efb 100644
--- a/modules/config-htpasswd-idp.adoc
+++ b/modules/config-htpasswd-idp.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "rosa-config-identity-providers"]
 :rosa-distro:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-htpasswd-idp_{context}"]
 = Configuring an htpasswd identity provider
 
diff --git a/modules/config-idp.adoc b/modules/config-idp.adoc
index 576d1083b811..6524a70baa9d 100644
--- a/modules/config-idp.adoc
+++ b/modules/config-idp.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-idp_{context}"]
 = Configuring an identity provider
 
diff --git a/modules/config-ldap-idp.adoc b/modules/config-ldap-idp.adoc
index 71b855efff34..8b3ed0326dfb 100644
--- a/modules/config-ldap-idp.adoc
+++ b/modules/config-ldap-idp.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-ldap-idp_{context}"]
 = Configuring a LDAP identity provider
 
diff --git a/modules/config-openid-idp.adoc b/modules/config-openid-idp.adoc
index 00e66b2c8eaa..a2a9ecfa3a4e 100644
--- a/modules/config-openid-idp.adoc
+++ b/modules/config-openid-idp.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="config-openid-idp_{context}"]
 = Configuring an OpenID identity provider
 
diff --git a/modules/configmap-adding-ca.adoc b/modules/configmap-adding-ca.adoc
index 7240c17f228b..2beea826ad58 100644
--- a/modules/configmap-adding-ca.adoc
+++ b/modules/configmap-adding-ca.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/setting-up-trusted-ca
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configmap-adding-ca_{context}"]
 = Adding certificate authorities to the cluster
 
diff --git a/modules/configmap-removing-ca.adoc b/modules/configmap-removing-ca.adoc
index a1b93ec8621a..357a794ab707 100644
--- a/modules/configmap-removing-ca.adoc
+++ b/modules/configmap-removing-ca.adoc
@@ -2,7 +2,7 @@
 //
 // * builds/setting-up-trusted-ca
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configmap-removing-ca_{context}"]
 = Removing certificate authorities on a {product-title} cluster
 
@@ -41,12 +41,12 @@ $ rosa describe cluster -c <cluster_name>
 +
 Before removal, the Additional trust bundle section appears, redacting its value for security purposes:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 Name:                       <cluster_name>
 ID:                         <cluster_internal_id>
 External ID:                <cluster_external_id>
-OpenShift Version:          4.13.0
+OpenShift Version:          {product-version}.0
 Channel Group:              stable
 DNS:                        <dns>
 AWS Account:                <aws_account_id>
@@ -71,12 +71,12 @@ Additional trust bundle:    REDACTED
 +
 After removing the proxy, the Additional trust bundle section is removed:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 Name:                       <cluster_name>
 ID:                         <cluster_internal_id>
 External ID:                <cluster_external_id>
-OpenShift Version:          4.13.0
+OpenShift Version:          {product-version}.0
 Channel Group:              stable
 DNS:                        <dns>
 AWS Account:                <aws_account_id>
diff --git a/modules/configuration-ovnk-multi-network-policy.adoc b/modules/configuration-ovnk-multi-network-policy.adoc
new file mode 100644
index 000000000000..8456d923a315
--- /dev/null
+++ b/modules/configuration-ovnk-multi-network-policy.adoc
@@ -0,0 +1,68 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-additional-network.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="compatibility-with-multi-network-policy_{context}"]
+= Compatibility with multi-network policy
+
+The multi-network policy API, which is provided by the `MultiNetworkPolicy` custom resource definition (CRD) in the `k8s.cni.cncf.io` API group, is compatible with an OVN-Kubernetes secondary network. When defining a network policy, the network policy rules that can be used depend on whether the OVN-Kubernetes secondary network defines the `subnets` field. Refer to the following table for details:
+
+.Supported multi-network policy selectors based on `subnets` CNI configuration
+[cols=".^3,.^7",options="header"]
+|====
+a|`subnets` field specified|Allowed multi-network policy selectors
+
+|
+Yes
+a|
+* `podSelector` and `namespaceSelector`
+* `ipBlock`
+
+|
+No
+a|
+* `ipBlock`
+
+|====
+
+For example, the following multi-network policy is valid only if the `subnets` field is defined in the additional network CNI configuration for the additional network named `blue2`:
+
+.Example multi-network policy that uses a pod selector
+[source,yaml]
+----
+apiVersion: k8s.cni.cncf.io/v1beta1
+kind: MultiNetworkPolicy
+metadata:
+  name: allow-same-namespace
+  annotations:
+    k8s.v1.cni.cncf.io/policy-for: blue2
+spec:
+  podSelector:
+  ingress:
+  - from:
+    - podSelector: {}
+----
+
+The following example uses the `ipBlock` network policy selector, which is always valid for an OVN-Kubernetes additional network:
+
+.Example multi-network policy that uses an IP block selector
+[source,yaml]
+----
+apiVersion: k8s.cni.cncf.io/v1beta1
+kind: MultiNetworkPolicy
+metadata:
+  name:  ingress-ipblock
+  annotations:
+    k8s.v1.cni.cncf.io/policy-for: default/flatl2net
+spec:
+  podSelector:
+    matchLabels:
+      name: access-control
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - ipBlock:
+        cidr: 10.200.0.0/30
+----
diff --git a/modules/configuration-ovnk-network-plugin-json-object.adoc b/modules/configuration-ovnk-network-plugin-json-object.adoc
index c2192071ae4b..0dc5b0dabf71 100644
--- a/modules/configuration-ovnk-network-plugin-json-object.adoc
+++ b/modules/configuration-ovnk-network-plugin-json-object.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="configuration-ovnk-network-plugin-json-object_{context}"]
 = OVN-Kubernetes network plugin JSON configuration table
 
@@ -11,40 +11,55 @@ The following table describes the configuration parameters for the OVN-Kubernete
 
 |`cniVersion`
 |`string`
-|The CNI specification version. The required value is `0.3.1`.
+|
+The CNI specification version. The required value is `0.3.1`.
 
 |`name`
 |`string`
-|The name of the network. These networks are not namespaced. For example, you can have a network named
+|
+The name of the network. These networks are not namespaced. For example, you can have a network named
 `l2-network` referenced from two different `NetworkAttachmentDefinitions` that exist on two different
 namespaces. This ensures that pods making use of the `NetworkAttachmentDefinition` on their own different
 namespaces can communicate over the same secondary network. However, those two different `NetworkAttachmentDefinitions` must also share the same network specific parameters such as `topology`, `subnets`, `mtu`, and `excludeSubnets`.
 
 |`type`
 |`string`
-|The name of the CNI plugin to configure. The required value is `ovn-k8s-cni-overlay`.
+|
+The name of the CNI plugin to configure. This value must be set to `ovn-k8s-cni-overlay`.
 
 |`topology`
 |`string`
-|The topological configuration for the network. The required value is `layer2`.
+|
+The topological configuration for the network. Must be one of `layer2` or `localnet`.
 
 |`subnets`
 |`string`
-| The subnet to use for the network across the cluster. When specifying `layer2` for the `topology`, only include the CIDR for the node. For example, `10.100.200.0/24`.
+|
+The subnet to use for the network across the cluster. When specifying `layer2` for the `topology`, only include the CIDR for the node. For example, `10.100.200.0/24`.
 
 For `"topology":"layer2"` deployments, IPv6 (`2001:DBB::/64`) and dual-stack (`192.168.100.0/24,2001:DBB::/64`) subnets are supported.
 
+When omitted, the logical switch implementing the network only provides layer 2 communication, and users must configure IP addresses for the pods. Port security only prevents MAC spoofing.
+
 |`mtu`
 |`string`
-|The maximum transmission unit (MTU) to the specified value. The default value, `1300`, is automatically set by the kernel.
+|
+The maximum transmission unit (MTU). The default value, `1300`, is automatically set by the kernel.
 
 |`netAttachDefName`
 |`string`
-|The metadata `namespace` and `name` of the network attachment definition object where this
+|
+The metadata `namespace` and `name` of the network attachment definition object where this
 configuration is included. For example, if this configuration is defined in a `NetworkAttachmentDefinition` in namespace `ns1` named `l2-network`, this should be set to `ns1/l2-network`.
 
 |`excludeSubnets`
 |`string`
-|A comma-separated list of CIDRs and IPs. IPs are removed from the assignable IP pool, and are never passed to the pods. When omitted, the logical switch implementing the network only provides layer 2 communication, and users must configure IPs for the pods. Port security only prevents MAC spoofing.
+|
+A comma-separated list of CIDRs and IP addresses. IP addresses are removed from the assignable IP address pool and are never passed to the pods.
+
+|`vlanID`
+|`integer`
+|
+If topology is set to `localnet`, the specified VLAN tag is assigned to traffic from this additional network. The default is to not assign a VLAN tag.
 
-|====
\ No newline at end of file
+|====
diff --git a/modules/configure-web-terminal-image-admin.adoc b/modules/configure-web-terminal-image-admin.adoc
index 938567a40007..83993b0b321b 100644
--- a/modules/configure-web-terminal-image-admin.adoc
+++ b/modules/configure-web-terminal-image-admin.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/web_terminal/configuring-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="configure-web-terminal-image-admin_{context}"]
 = Configuring the web terminal image for all users
diff --git a/modules/configure-web-terminal-timeout-admin.adoc b/modules/configure-web-terminal-timeout-admin.adoc
index 44a4b39ee51c..5edc4128b2c7 100644
--- a/modules/configure-web-terminal-timeout-admin.adoc
+++ b/modules/configure-web-terminal-timeout-admin.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/web_terminal/configuring-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="configure-web-terminal-timeout-admin_{context}"]
 = Configuring the web terminal timeout for all users
diff --git a/modules/configure-workloads.adoc b/modules/configure-workloads.adoc
index fe6bbe2658d0..712000640972 100644
--- a/modules/configure-workloads.adoc
+++ b/modules/configure-workloads.adoc
@@ -2,12 +2,12 @@
 //
 // * cicd/gitops/configuring-resource-quota.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-workloads_{context}"]
 = Configuring workloads with resource requests and limits
 
 [role="_abstract"]
-You can create Argo CD custom resource workloads with resource requests and limits. This is required when you want to deploy the Argo CD instance in a namespace that is configured with resource quotas. 
+You can create Argo CD custom resource workloads with resource requests and limits. This is required when you want to deploy the Argo CD instance in a namespace that is configured with resource quotas.
 
 The following Argo CD instance deploys the Argo CD workloads such as `Application Controller`, `ApplicationSet Controller`, `Dex`, `Redis`,`Repo Server`, and `Server` with resource requests and limits. You can also create the other workloads with resource requirements in the same manner.
 
diff --git a/modules/configuring-a-provisioning-resource-to-scale-user-provisioned-clusters.adoc b/modules/configuring-a-provisioning-resource-to-scale-user-provisioned-clusters.adoc
index 72593eab1508..acd105ec9cb4 100644
--- a/modules/configuring-a-provisioning-resource-to-scale-user-provisioned-clusters.adoc
+++ b/modules/configuring-a-provisioning-resource-to-scale-user-provisioned-clusters.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="configuring-a-provisioning-resource-to-scale-user-provisioned-clusters_{context}"]
 = Configuring a provisioning resource to scale user-provisioned clusters
 
-Create a `Provisioning` custom resource (CR) to enable Metal platform components on a user-provisioned infrastructure cluster. 
+Create a `Provisioning` custom resource (CR) to enable Metal platform components on a user-provisioned infrastructure cluster.
 
 .Prerequisites
 
diff --git a/modules/configuring-a-proxy-after-installation-cli.adoc b/modules/configuring-a-proxy-after-installation-cli.adoc
index bee9d7ea26e6..b3fa1e7ce0be 100644
--- a/modules/configuring-a-proxy-after-installation-cli.adoc
+++ b/modules/configuring-a-proxy-after-installation-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-cluster-wide-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-a-proxy-after-installation-cli_{context}"]
 = Configuring a proxy after installation using the CLI
 
diff --git a/modules/configuring-a-proxy-after-installation-ocm.adoc b/modules/configuring-a-proxy-after-installation-ocm.adoc
index 6ede7996208f..f4c1098c6fb1 100644
--- a/modules/configuring-a-proxy-after-installation-ocm.adoc
+++ b/modules/configuring-a-proxy-after-installation-ocm.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-cluster-wide-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-a-proxy-after-installation-ocm_{context}"]
 = Configuring a proxy after installation using {cluster-manager}
 
diff --git a/modules/configuring-a-proxy-during-installation-cli.adoc b/modules/configuring-a-proxy-during-installation-cli.adoc
index 95315d2121a0..27752883e67d 100644
--- a/modules/configuring-a-proxy-during-installation-cli.adoc
+++ b/modules/configuring-a-proxy-during-installation-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-cluster-wide-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-a-proxy-during-installation-cli_{context}"]
 = Configuring a proxy during installation using the CLI
 
@@ -37,6 +37,6 @@ $ rosa create cluster \
 +
 Preface a domain with `.` to match subdomains only. For example, `.y.com` matches `x.y.com`, but not `y.com`. Use `*` to bypass proxy for all destinations.
 If you scale up workers that are not included in the network defined by the `networking.machineNetwork[].cidr` field from the installation configuration, you must add them to this list to prevent connection issues.
-+ 
++
 This field is ignored if neither the `httpProxy` or `httpsProxy` fields are set.
 --
\ No newline at end of file
diff --git a/modules/configuring-a-proxy-during-installation-ocm.adoc b/modules/configuring-a-proxy-during-installation-ocm.adoc
index be66fe5fcd49..54bd9a4e3b03 100644
--- a/modules/configuring-a-proxy-during-installation-ocm.adoc
+++ b/modules/configuring-a-proxy-during-installation-ocm.adoc
@@ -2,16 +2,16 @@
 //
 // * networking/configuring-cluster-wide-proxy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-a-proxy-during-installation-ocm_{context}"]
 = Configuring a proxy during installation using {cluster-manager}
 
-If you are installing 
+If you are installing
 ifdef::openshift-dedicated[]
-an {product-title} 
+an {product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-a {product-title} (ROSA) 
+a {product-title} (ROSA)
 endif::openshift-rosa[]
 cluster into an existing Virtual Private Cloud (VPC), you can use {cluster-manager-first} to enable a cluster-wide HTTP or HTTPS proxy during installation.
 ifdef::openshift-dedicated[]
diff --git a/modules/configuring-a-proxy-trust-bundle-responsibilities.adoc b/modules/configuring-a-proxy-trust-bundle-responsibilities.adoc
index b0d559d590ea..6fc76b72b7a4 100644
--- a/modules/configuring-a-proxy-trust-bundle-responsibilities.adoc
+++ b/modules/configuring-a-proxy-trust-bundle-responsibilities.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-cluster-wide-proxy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-a-proxy-trust-bundle-responsibilities_{context}"]
 = Responsibilities for additional trust bundles
 
diff --git a/modules/configuring-albo-on-sts-cluster-predefined-credentials.adoc b/modules/configuring-albo-on-sts-cluster-predefined-credentials.adoc
deleted file mode 100644
index 6e145452cda6..000000000000
--- a/modules/configuring-albo-on-sts-cluster-predefined-credentials.adoc
+++ /dev/null
@@ -1,71 +0,0 @@
-// Module included in the following assemblies:
-// * networking/installing-albo-sts-cluster.adoc
-
-:_content-type: PROCEDURE
-[id="nw-installing-albo-on-sts-cluster-predefined-credentials_{context}"]
-= Configuring the AWS Load Balancer Operator on Security Token Service cluster by using specific credentials
-
-You can specify the credential secret by using the `spec.credentials` field in the AWS Load Balancer Controller custom resource (CR). You can use the predefined  `CredentialsRequest` object of the controller to know which roles are required.
-
-.Prerequisites
-
-* You must extract and prepare the `ccoctl` binary.
-
-.Procedure
-
-. Download the CredentialsRequest custom resource (CR) of the AWS Load Balancer Controller, and create a directory to store it by running the following command:
-+
-[source,terminal]
-----
-$ curl --create-dirs -o <path-to-credrequests-dir>/cr.yaml https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/controller/controller-credentials-request.yaml
-----
-
-. Use the `ccoctl` tool to process the `CredentialsRequest` object of the controller:
-+
-[source,terminal]
-----
-$ ccoctl aws create-iam-roles \
-        --name <name> --region=<aws_region> \
-        --credentials-requests-dir=<path-to-credrequests-dir> \
-        --identity-provider-arn <oidc-arn>
-----
-
-. Apply the secrets to your cluster:
-+
-[source,terminal]
-----
-$ ls manifests/*-credentials.yaml | xargs -I{} oc apply -f {}
-----
-
-. Verify the credentials secret has been created for use by the controller:
-+
-[source,terminal]
-----
-$ oc -n aws-load-balancer-operator get secret aws-load-balancer-controller-manual-cluster --template='{{index .data "credentials"}}' | base64 -d
-----
-+
-.Example output
-----
-[default]
-    sts_regional_endpoints = regional
-    role_arn = arn:aws:iam::999999999999:role/aws-load-balancer-operator-aws-load-balancer-controller
-    web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
-----
-
-. Create the `AWSLoadBalancerController` resource YAML file, for example, `sample-aws-lb-manual-creds.yaml`, as follows:
-+
-[source,yaml]
-----
-apiVersion: networking.olm.openshift.io/v1
-kind: AWSLoadBalancerController <1>
-metadata:
-  name: cluster <2>
-spec:
-  credentials:
-    name: <secret-name> <3>
-----
-<1> Defines the `AWSLoadBalancerController` resource.
-<2> Defines the AWS Load Balancer Controller instance name. This instance name gets added as a suffix to all related resources.
-<3> Specifies the secret name containing AWS credentials that the controller uses.
-
-
diff --git a/modules/configuring-albo-on-sts-cluster.adoc b/modules/configuring-albo-on-sts-cluster.adoc
deleted file mode 100644
index fc9d42a54f85..000000000000
--- a/modules/configuring-albo-on-sts-cluster.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-// Module included in the following assemblies:
-// * networking/installing-albo-sts-cluster.adoc
-
-:_content-type: PROCEDURE
-[id="nw-installing-albo-on-sts-cluster_{context}"]
-= Configuring AWS Load Balancer Operator on Security Token Service cluster by using managed `CredentialsRequest` objects
-
-.Prerequisites
-
-* You must extract and prepare the `ccoctl` binary.
-
-.Procedure
-
-. The AWS Load Balancer Operator creates the `CredentialsRequest` object in the `openshift-cloud-credential-operator` namespace for each `AWSLoadBalancerController` custom resource (CR). You can extract and save the created `CredentialsRequest` object in a directory by running the following command:
-+
-[source,terminal]
-----
-$ oc get credentialsrequest -n openshift-cloud-credential-operator  \
-    aws-load-balancer-controller-<cr-name> -o yaml > <path-to-credrequests-dir>/cr.yaml <1>
-----
-<1> The `aws-load-balancer-controller-<cr-name>` parameter specifies the credential request name created by the AWS Load Balancer Operator. The `cr-name` specifies the name of the AWS Load Balancer Controller instance.
-
-. Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory by running the following command:
-+
-[source,terminal]
-----
-$ ccoctl aws create-iam-roles \
-    --name <name> --region=<aws_region> \
-    --credentials-requests-dir=<path-to-credrequests-dir> \
-    --identity-provider-arn <oidc-arn>
-----
-
-. Apply the secrets generated in manifests directory to your cluster, by running the following command:
-+
-[source,terminal]
-----
-$ ls manifests/*-credentials.yaml | xargs -I{} oc apply -f {}
-----
-
-. Verify that the `aws-load-balancer-controller` pod is created:
-+
-[source,terminal]
-----
-$ oc -n aws-load-balancer-operator get pods
-NAME                                                            READY   STATUS    RESTARTS   AGE
-aws-load-balancer-controller-cluster-9b766d6-gg82c              1/1     Running   0          137m
-aws-load-balancer-operator-controller-manager-b55ff68cc-85jzg   2/2     Running   0          3h26m
-----
diff --git a/modules/configuring-cluster-monitoring.adoc b/modules/configuring-cluster-monitoring.adoc
index 03fb61e3e452..c4cb5b57d004 100644
--- a/modules/configuring-cluster-monitoring.adoc
+++ b/modules/configuring-cluster-monitoring.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-cluster-monitoring_{context}"]
 = Configuring cluster monitoring
 
@@ -44,15 +44,10 @@ metadata:
   name: cluster-monitoring-config
   namespace: openshift-monitoring
 ----
-<1> A typical value is `PROMETHEUS_RETENTION_PERIOD=15d`. Units are measured in
-time using one of these suffixes: s, m, h, d.
+<1> The default value of Prometheus retention is `PROMETHEUS_RETENTION_PERIOD=15d`. Units are measured in time using one of these suffixes: s, m, h, d.
 <2> The storage class for your cluster.
-<3> A typical value is `PROMETHEUS_STORAGE_SIZE=2000Gi`. Storage values can be a
-plain integer or as a fixed-point integer using one of these suffixes: E, P, T,
-G, M, K. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.
-<4> A typical value is `ALERTMANAGER_STORAGE_SIZE=20Gi`. Storage values can be a
-plain integer or as a fixed-point integer using one of these suffixes: E, P, T,
-G, M, K. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.
+<3> A typical value is `PROMETHEUS_STORAGE_SIZE=2000Gi`. Storage values can be a plain integer or a fixed-point integer using one of these suffixes: E, P, T, G, M, K. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.
+<4> A typical value is `ALERTMANAGER_STORAGE_SIZE=20Gi`. Storage values can be a plain integer or a fixed-point integer using one of these suffixes: E, P, T, G, M, K. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki.
 
 . Add values for the retention period, storage class, and storage sizes.
 
diff --git a/modules/configuring-default-seccomp-profile.adoc b/modules/configuring-default-seccomp-profile.adoc
index 17b3a5adfa68..79cc0c565e9d 100644
--- a/modules/configuring-default-seccomp-profile.adoc
+++ b/modules/configuring-default-seccomp-profile.adoc
@@ -2,7 +2,7 @@
 //
 // * security/seccomp-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="verifying-default-seccomp-profile_{context}"]
 = Verifying the default seccomp profile applied to a pod
@@ -15,21 +15,21 @@
 
 .. Verify what pods are running in the namespace:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n <namespace>
 ----
 +
 For example, to verify what pods are running in the `workshop` namespace run the following:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n workshop
 ----
 +
 .Example output
 +
-[source, terminal]
+[source,terminal]
 ----
 NAME                READY   STATUS      RESTARTS   AGE
 parksmap-1-4xkwf    1/1     Running     0          2m17s
@@ -38,14 +38,14 @@ parksmap-1-deploy   0/1     Completed   0          2m22s
 +
 .. Inspect the pods:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pod parksmap-1-4xkwf -n workshop -o yaml
 ----
 +
 .Example output
 +
-[source, terminal]
+[source,terminal]
 ----
 apiVersion: v1
 kind: Pod
@@ -97,13 +97,13 @@ Conversely with a workload that requires `privilegeEscalation: true` this worklo
 [id="newly_installed_{context}"]
 == Newly installed cluster
 
-For newly installed {product-title} 4.11 or later clusters, the `restricted-v2` replaces the `restricted` SCC as an SCC that is available to be used by any authenticated user. A workload with `privilegeEscalation: true`, is not admitted into the cluster since `restricted-v2` is the only SCC available for authenticated users by default. 
+For newly installed {product-title} 4.11 or later clusters, the `restricted-v2` replaces the `restricted` SCC as an SCC that is available to be used by any authenticated user. A workload with `privilegeEscalation: true`, is not admitted into the cluster since `restricted-v2` is the only SCC available for authenticated users by default.
 
 The feature `privilegeEscalation` is allowed by `restricted` but not by `restricted-v2`. More features are denied by `restricted-v2` than were allowed by `restricted` SCC.
 
 A workload with `privilegeEscalation: true` may be admitted into a newly installed {product-title} 4.11 or later cluster. To give access to the `restricted` SCC to the ServiceAccount running the workload (or any other SCC that can admit this workload) using a RoleBinding run the following command:
 
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n <workload-namespace> adm policy add-scc-to-user <scc-name> -z <serviceaccount_name>
 ----
diff --git a/modules/configuring-dynamic-admission.adoc b/modules/configuring-dynamic-admission.adoc
index 9dccc271ee65..03373ac2ebc1 100644
--- a/modules/configuring-dynamic-admission.adoc
+++ b/modules/configuring-dynamic-admission.adoc
@@ -2,7 +2,7 @@
 //
 // * architecture/admission-plug-ins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-dynamic-admission_{context}"]
 = Configuring dynamic admission
 
diff --git a/modules/configuring-egress-proxy-edns-operator.adoc b/modules/configuring-egress-proxy-edns-operator.adoc
index 98b318759b6b..cbdf658186d5 100644
--- a/modules/configuring-egress-proxy-edns-operator.adoc
+++ b/modules/configuring-egress-proxy-edns-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-cluster-wide-proxy_{context}"]
 = Configuring the External DNS Operator to trust the certificate authority of the cluster-wide proxy
 
diff --git a/modules/configuring-egress-proxy.adoc b/modules/configuring-egress-proxy.adoc
index b0b9f0f678ce..e6dec735746f 100644
--- a/modules/configuring-egress-proxy.adoc
+++ b/modules/configuring-egress-proxy.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/aws_load_balancer_operator/configure-egress-proxy-aws-load-balancer-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-cluster-wide-proxy_{context}"]
 = Configuring the AWS Load Balancer Operator to trust the certificate authority of the cluster-wide proxy
 
diff --git a/modules/configuring-firewall.adoc b/modules/configuring-firewall.adoc
index 115396f0cdf3..374807cc087e 100644
--- a/modules/configuring-firewall.adoc
+++ b/modules/configuring-firewall.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/install_config/configuring-firewall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-firewall_{context}"]
 = Configuring your firewall for {product-title}
 
@@ -24,40 +24,44 @@ If your environment has a dedicated load balancer in front of your {product-titl
 |URL | Port | Function
 
 |`registry.redhat.io`
-|443, 80
+|443
 |Provides core container images
 
-|`access.redhat.com`
-|443, 80
-|Provides core container images
+|`access.redhat.com` ^[1]^
+|443
+|Hosts all the container images that are stored on the Red Hat Ecosytem Catalog, including core container images.
 
 |`quay.io`
-|443, 80
+|443
 |Provides core container images
 
 |`cdn.quay.io`
-|443, 80
+|443
 |Provides core container images
 
 |`cdn01.quay.io`
-|443, 80
+|443
 |Provides core container images
 
 |`cdn02.quay.io`
-|443, 80
+|443
 |Provides core container images
 
 |`cdn03.quay.io`
-|443, 80
+|443
 |Provides core container images
 
 |`sso.redhat.com`
-|443, 80
-|The `https://console.redhat.com/openshift` site uses authentication from `sso.redhat.com`
-
+|443
+|The `https://console.redhat.com` site uses authentication from `sso.redhat.com`
 |===
 +
-You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, image downloads are denied when the initial download request redirects to a hostname such as `cdn01.quay.io`.
+[.small]
+--
+1. In a firewall environment, ensure that the `access.redhat.com` resource is on the allowlist. This resource hosts a signature store that a container client requires for verifying images when pulling them from `registry.access.redhat.com`.
+--
++
+You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn.quay.io` and `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, image downloads are denied when the initial download request redirects to a hostname such as `cdn01.quay.io`.
 
 . Allowlist any site that provides resources for a language or framework that your builds require.
 
@@ -68,19 +72,19 @@ You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn
 |URL | Port | Function
 
 |`cert-api.access.redhat.com`
-|443, 80
+|443
 |Required for Telemetry
 
 |`api.access.redhat.com`
-|443, 80
+|443
 |Required for Telemetry
 
 |`infogw.api.openshift.com`
-|443, 80
+|443
 |Required for Telemetry
 
-|`console.redhat.com/api/ingress`, `cloud.redhat.com/api/ingress`
-|443, 80
+|`console.redhat.com`
+|443
 |Required for Telemetry and for `insights-operator`
 |===
 
@@ -92,14 +96,18 @@ You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn
 
 |Alibaba
 |`*.aliyuncs.com`
-|443, 80
+|443
 |Required to access Alibaba Cloud services and resources. Review the link:https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/sdk/endpoints/endpoints_config.go?spm=a2c4g.11186623.0.0.47875873ciGnC8&file=endpoints_config.go[Alibaba endpoints_config.go file] to determine the exact endpoints to allow for the regions that you use.
 
-.15+|AWS
+.16+|AWS
+|`aws.amazon.com`
+|443
+|Used to install and manage clusters in an AWS environment.
+
 |`*.amazonaws.com`
 
 Alternatively, if you choose to not use a wildcard for AWS APIs, you must allowlist the following URLs:
-|443, 80
+|443
 |Required to access AWS services and resources. Review the link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS Service Endpoints] in the AWS documentation to determine the exact endpoints to allow for the regions that you use.
 
 |`ec2.amazonaws.com`
@@ -151,33 +159,33 @@ Alternatively, if you choose to not use a wildcard for AWS APIs, you must allowl
 |Used to install and manage clusters in an AWS environment.
 
 |`servicequotas.<aws_region>.amazonaws.com`
-|443, 80
+|443
 |Required. Used to confirm quotas for deploying the service.
 
 |`tagging.<aws_region>.amazonaws.com`
-|443, 80
+|443
 |Allows the assignment of metadata about AWS resources in the form of tags.
 
 .2+|GCP
 |`*.googleapis.com`
-|443, 80
+|443
 |Required to access GCP services and resources. Review link:https://cloud.google.com/endpoints/[Cloud Endpoints] in the GCP documentation to determine the endpoints to allow for your APIs.
 
 |`accounts.google.com`
-|443, 80
+|443
 | Required to access your GCP account.
 
-.4+|Azure
+.3+|Azure
 |`management.azure.com`
-|443, 80
+|443
 |Required to access Azure services and resources. Review the link:https://docs.microsoft.com/en-us/rest/api/azure/[Azure REST API reference] in the Azure documentation to determine the endpoints to allow for your APIs.
 
 |`*.blob.core.windows.net`
-|443, 80
+|443
 |Required to download Ignition files.
 
 |`login.microsoftonline.com`
-|443, 80
+|443
 |Required to access Azure services and resources. Review the link:https://docs.microsoft.com/en-us/rest/api/azure/[Azure REST API reference] in the Azure documentation to determine the endpoints to allow for your APIs.
 
 |===
@@ -189,40 +197,40 @@ Alternatively, if you choose to not use a wildcard for AWS APIs, you must allowl
 |URL | Port | Function
 
 |`mirror.openshift.com`
-|443, 80
+|443
 |Required to access mirrored installation content and images. This site is also a source of release image signatures, although the Cluster Version Operator needs only a single functioning source.
 
 |`storage.googleapis.com/openshift-release`
-|443, 80
+|443
 |A source of release image signatures, although the Cluster Version Operator needs only a single functioning source.
 
 |`*.apps.<cluster_name>.<base_domain>`
-|443, 80
+|443
 |Required to access the default cluster routes unless you set an ingress wildcard during installation.
 
 |`quayio-production-s3.s3.amazonaws.com`
-|443, 80
+|443
 |Required to access Quay image content in AWS.
 
 |`api.openshift.com`
-|443, 80
+|443
 |Required both for your cluster token and to check if updates are available for the cluster.
 
 |`rhcos.mirror.openshift.com`
-|443, 80
+|443
 |Required to download {op-system-first} images.
 
-|`console.redhat.com/openshift`
-|443, 80
+|`console.redhat.com`
+|443
 |Required for your cluster token.
 
 // |`registry.access.redhat.com`
-// |443, 80
+// |443
 // |Required for `odo` CLI.
 
 |`sso.redhat.com`
-|443, 80
-|The `https://console.redhat.com/openshift` site uses authentication from `sso.redhat.com`
+|443
+|The `https://console.redhat.com` site uses authentication from `sso.redhat.com`
 
 |===
 Operators require route access to perform health checks. Specifically, the
@@ -242,15 +250,15 @@ that is specified in the `spec.route.hostname` field of the
 |URL | Port | Function
 
 |`registry.connect.redhat.com`
-|443, 80
+|443
 |Required for all third-party images and certified operators.
 
 |`rhc4tp-prod-z8cxf-image-registry-us-east-1-evenkyleffocxqvofrk.s3.dualstack.us-east-1.amazonaws.com`
-|443, 80
+|443
 |Provides access to container images hosted on `registry.connect.redhat.com`
 
 |`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
-|443, 80
+|443
 |Required for Sonatype Nexus, F5 Big IP operators.
 |===
 +
diff --git a/modules/configuring-haproxy-interval.adoc b/modules/configuring-haproxy-interval.adoc
index f2cc8051051f..34f73a83c65d 100644
--- a/modules/configuring-haproxy-interval.adoc
+++ b/modules/configuring-haproxy-interval.adoc
@@ -2,7 +2,7 @@
 // * scalability_and_performance/optimization/routing-optimization.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-haproxy-interval_{context}"]
 = Configuring HAProxy reload interval
 
@@ -21,7 +21,7 @@ Setting a large value for the minimum HAProxy reload interval can cause latency
 
 * Change the minimum HAProxy reload interval of the default Ingress Controller to 15 seconds by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ingress-operator patch ingresscontrollers/default --type=merge --patch='{"spec":{"tuningOptions":{"reloadInterval":"15s"}}}'
 ----
diff --git a/modules/configuring-huge-pages.adoc b/modules/configuring-huge-pages.adoc
index 91fa8949c382..888c06de7167 100644
--- a/modules/configuring-huge-pages.adoc
+++ b/modules/configuring-huge-pages.adoc
@@ -3,7 +3,7 @@
 // * scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-huge-pages_{context}"]
 = Configuring huge pages at boot time
 
@@ -92,9 +92,9 @@ $ oc get node <node_using_hugepages> -o jsonpath="{.status.allocatable.hugepages
 ----
 
 ifndef::openshift-origin[]
-[WARNING]
+[NOTE]
 ====
-The TuneD bootloader plugin is currently supported on {op-system-first} 8.x worker nodes. For {op-system-base-full} 7.x worker nodes, the TuneD bootloader plugin is currently not supported.
+The TuneD bootloader plugin only supports {op-system-first} worker nodes.
 ====
 endif::openshift-origin[]
 
diff --git a/modules/configuring-hybrid-ovnkubernetes.adoc b/modules/configuring-hybrid-ovnkubernetes.adoc
index fd0a14ac569f..65bcc30775f6 100644
--- a/modules/configuring-hybrid-ovnkubernetes.adoc
+++ b/modules/configuring-hybrid-ovnkubernetes.adoc
@@ -5,17 +5,22 @@
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
 // * networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "configuring-hybrid-networking"]
+:post-install:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-hybrid-ovnkubernetes_{context}"]
 = Configuring hybrid networking with OVN-Kubernetes
 
-You can configure your cluster to use hybrid networking with OVN-Kubernetes. This allows a hybrid cluster that supports different node networking configurations. For example, this is necessary to run both Linux and Windows nodes in a cluster.
+You can configure your cluster to use hybrid networking with the OVN-Kubernetes network plugin. This allows a hybrid cluster that supports different node networking configurations.
 
-[IMPORTANT]
+[NOTE]
 ====
-You must configure hybrid networking with OVN-Kubernetes during the installation of your cluster. You cannot switch to hybrid networking after the installation process.
+This configuration is necessary to run both Linux and Windows nodes in the same cluster.
 ====
 
+ifndef::post-install[]
 .Prerequisites
 
 * You defined `OVNKubernetes` for the `networking.networkType` parameter in the `install-config.yaml` file. See the installation documentation for configuring {product-title} network customizations on your chosen cloud provider for more information.
@@ -87,3 +92,67 @@ Windows Server Long-Term Servicing Channel (LTSC): Windows Server 2019 is not su
 . Optional: Back up the `manifests/cluster-network-03-config.yml` file. The
 installation program deletes the `manifests/` directory when creating the
 cluster.
+endif::post-install[]
+ifdef::post-install[]
+.Prerequisites
+
+* Install the OpenShift CLI (`oc`).
+* Log in to the cluster with a user with `cluster-admin` privileges.
+* Ensure that the cluster uses the OVN-Kubernetes network plugin.
+
+.Procedure
+
+. To configure the OVN-Kubernetes hybrid network overlay, enter the following command:
++
+[source,terminal]
+----
+$ oc patch networks.operator.openshift.io cluster --type=merge \
+  -p '{
+    "spec":{
+      "defaultNetwork":{
+        "ovnKubernetesConfig":{
+          "hybridOverlayConfig":{
+            "hybridClusterNetwork":[
+              {
+                "cidr": "<cidr>",
+                "hostPrefix": <prefix>
+              }
+            ],
+            "hybridOverlayVXLANPort": <overlay_port>
+          }
+        }
+      }
+    }
+  }'
+----
++
+--
+where:
+
+`cidr`:: Specify the CIDR configuration used for nodes on the additional overlay network. This CIDR cannot overlap with the cluster network CIDR.
+`hostPrefix`:: Specifies the subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23`, then each node is assigned a `/23` subnet out of the given `cidr`, which allows for 510 (2^(32 - 23) - 2) pod IP addresses. If you are required to provide access to nodes from an external network, configure load balancers and routers to manage the traffic.
+`hybridOverlayVXLANPort`:: Specify a custom VXLAN port for the additional overlay network. This is required for running Windows nodes in a cluster installed on vSphere, and must not be configured for any other cloud provider. The custom port can be any open port excluding the default `4789` port. For more information on this requirement, see the Microsoft documentation on link:https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/common-problems#pod-to-pod-connectivity-between-hosts-is-broken-on-my-kubernetes-cluster-running-on-vsphere[Pod-to-pod connectivity between hosts is broken].
+
+[NOTE]
+====
+Windows Server Long-Term Servicing Channel (LTSC): Windows Server 2019 is not supported on clusters with a custom `hybridOverlayVXLANPort` value because this Windows server version does not support selecting a custom VXLAN port.
+====
+--
++
+.Example output
+[source,text]
+----
+network.operator.openshift.io/cluster patched
+----
+
+. To confirm that the configuration is active, enter the following command. It can take several minutes for the update to apply.
++
+[source,terminal]
+----
+$ oc get network.operator.openshift.io -o jsonpath="{.items[0].spec.defaultNetwork.ovnKubernetesConfig}"
+----
+endif::post-install[]
+
+ifdef::post-install[]
+:!post-install:
+endif::[]
diff --git a/modules/configuring-layer-three-routed-topology.adoc b/modules/configuring-layer-three-routed-topology.adoc
index 9ad6d548be75..0b614d892a69 100644
--- a/modules/configuring-layer-three-routed-topology.adoc
+++ b/modules/configuring-layer-three-routed-topology.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuration-layer-three-routed-topology_{context}"]
 = Configuration for a routed topology
 
diff --git a/modules/configuring-layer-two-switched-topology.adoc b/modules/configuring-layer-two-switched-topology.adoc
index 90af949198a3..af575a2f7995 100644
--- a/modules/configuring-layer-two-switched-topology.adoc
+++ b/modules/configuring-layer-two-switched-topology.adoc
@@ -2,9 +2,9 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuration-layer-two-switched-topology_{context}"]
-= Configuration for a switched topology
+= Configuration for a layer 2 switched topology
 
 The switched (layer 2) topology networks interconnect the workloads through a cluster-wide logical switch. This configuration can be used for IPv6 and dual-stack deployments.
 
@@ -13,18 +13,18 @@ The switched (layer 2) topology networks interconnect the workloads through a cl
 Layer 2 switched topology networks only allow for the transfer of data packets between pods within a cluster.
 ====
 
-The following `NetworkAttachmentDefinition` custom resource definition (CRD) YAML describes the fields needed to configure a switched secondary network.
+The following JSON example configures a switched secondary network:
 
-[source,yaml]
+[source,json]
+----
+{
+  "cniVersion": "0.3.1",
+  "name": "l2-network",
+  "type": "ovn-k8s-cni-overlay",
+  "topology":"layer2",
+  "subnets": "10.100.200.0/24",
+  "mtu": 1300,
+  "netAttachDefName": "ns1/l2-network",
+  "excludeSubnets": "10.100.200.0/29"
+}
 ----
-    {
-            "cniVersion": "0.3.1",
-            "name": "l2-network",
-            "type": "ovn-k8s-cni-overlay",
-            "topology":"layer2",
-            "subnets": "10.100.200.0/24",
-            "mtu": 1300,
-            "netAttachDefName": "ns1/l2-network",
-            "excludeSubnets": "10.100.200.0/29"
-    }
-----
\ No newline at end of file
diff --git a/modules/configuring-localnet-switched-topology.adoc b/modules/configuring-localnet-switched-topology.adoc
index 3db11b0bb4a2..50a3a2655b62 100644
--- a/modules/configuring-localnet-switched-topology.adoc
+++ b/modules/configuring-localnet-switched-topology.adoc
@@ -2,26 +2,107 @@
 //
 // * networking/ovn_kubernetes_network_provider/configuring-secondary-networks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="configuration-localnet-switched-topology_{context}"]
 = Configuration for a localnet switched topology
 
+// To accommodate a link to the NMstate Operator, the content in this module
+// is split with tags. The tag includes don't pull in the module header above.
+
+// tag::localnet-intro[]
 The switched (localnet) topology interconnects the workloads through a cluster-wide logical switch to a physical network.
+// end::localnet-intro[]
+
+// tag::localnet-content[]
+You must map an additional network to the OVN bridge to use it as an OVN-Kubernetes additional network. Bridge mappings allow network traffic to reach the physical network. A bridge mapping associates a physical network name, also known as an interface label, to a bridge created with Open vSwitch (OVS).
+
+You can create an `NodeNetworkConfigurationPolicy` object, part of the `nmstate.io/v1` API group, to declaratively create the mapping. This API is provided by the NMState Operator. By using this API you can apply the bridge mapping to nodes that match your specified `nodeSelector` expression, such as `node-role.kubernetes.io/worker: ''`.
+
+When attaching an additional network, you can either use the existing `br-ex` bridge or create a new bridge. Which approach to use depends on your specific network infrastructure.
+
+- If your nodes include only a single network interface, you must use the existing bridge. This network interface is owned and managed by OVN-Kubernetes and you must not remove it from the `br-ex` bridge or alter the interface configuration. If you remove or alter the network interface, your cluster network will stop working correctly.
+- If your nodes include several network interfaces, you can attach a different network interface to a new bridge, and use that for your additional network. This approach provides for traffic isolation from your primary cluster network.
+
+The `localnet1` network is mapped to the `br-ex` bridge in the following example:
+
+.Example mapping for sharing a bridge
+[source,yaml]
+----
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: mapping <1>
+spec:
+  nodeSelector:
+    node-role.kubernetes.io/worker: '' <2>
+  desiredState:
+    ovn:
+      bridge-mappings:
+      - localnet: localnet1 <3>
+        bridge: br-ex <4>
+        state: present <5>
+----
+<1> The name for the configuration object.
+<2> A node selector that specifies the nodes to apply the node network configuration policy to.
+<3> The name for the additional network from which traffic is forwarded to the OVS bridge. This additional network must match the name of the `spec.config.name` field of the `NetworkAttachmentDefinition` object that defines the OVN-Kubernetes additional network.
+<4> The name of the OVS bridge on the node. This value is required only if you specify `state: present`.
+<5> The state for the mapping. Must be either `present` to add the bridge or `absent` to remove the bridge. The default value is `present`.
 
-The following `NetworkAttachmentDefinition` custom resource definition (CRD) YAML describes the fields needed to configure a localnet secondary network.
+In the following example, the `localnet2` network interface is attached to the `ovs-br1` bridge. Through this attachment, the network interface is available to the OVN-Kubernetes network plugin as an additional network.
 
+.Example mapping for nodes with multiple interfaces
 [source,yaml]
 ----
-    {
-            "cniVersion": "0.3.1",
-            "name": "ns1-localnet-network",
-            "type": "ovn-k8s-cni-overlay",
-            "topology":"localnet",
-            "subnets": "202.10.130.112/28",
-            "vlanID": 33,
-            "mtu": 1500,
-            "netAttachDefName": "ns1/localnet-network"
-            "excludeSubnets": "10.100.200.0/29"
-
-    }
-----
\ No newline at end of file
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: ovs-br1-multiple-networks <1>
+spec:
+  nodeSelector:
+    node-role.kubernetes.io/worker: '' <2>
+  desiredState:
+    interfaces:
+    - name: ovs-br1 <3>
+      description: |-
+        A dedicated OVS bridge with eth1 as a port
+        allowing all VLANs and untagged traffic
+      type: ovs-bridge
+      state: up
+      bridge:
+        options:
+          stp: true
+        port:
+        - name: eth1 <4>
+    ovn:
+      bridge-mappings:
+      - localnet: localnet2 <5>
+        bridge: ovs-br1 <6>
+        state: present <7>
+----
+<1> The name for the configuration object.
+<2> A node selector that specifies the nodes to apply the node network configuration policy to.
+<3> A new OVS bridge, separate from the default bridge used by OVN-Kubernetes for all cluster traffic.
+<4> A network device on the host system to associate with this new OVS bridge.
+<5> The name for the additional network from which traffic is forwarded to the OVS bridge. This additional network must match the name of the `spec.config.name` field of the `NetworkAttachmentDefinition` object that defines the OVN-Kubernetes additional network.
+<6> The name of the OVS bridge on the node. This value is required only if you specify `state: present`.
+<7> The state for the mapping. Must be either `present` to add the bridge or `absent` to remove the bridge. The default value is `present`.
+
+This declarative approach is recommended because the NMState Operator applies additional network configuration to all nodes specified by the node selector automatically and transparently.
+
+The following JSON example configures a localnet secondary network:
+
+[source,json]
+----
+{
+  "cniVersion": "0.3.1",
+  "name": "ns1-localnet-network",
+  "type": "ovn-k8s-cni-overlay",
+  "topology":"localnet",
+  "subnets": "202.10.130.112/28",
+  "vlanID": 33,
+  "mtu": 1500,
+  "netAttachDefName": "ns1/localnet-network"
+  "excludeSubnets": "10.100.200.0/29"
+}
+----
+// end::localnet-content[]
diff --git a/modules/configuring-log-storage-cr.adoc b/modules/configuring-log-storage-cr.adoc
new file mode 100644
index 000000000000..16709f3579e4
--- /dev/null
+++ b/modules/configuring-log-storage-cr.adoc
@@ -0,0 +1,72 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-deploying.adoc
+// * logging/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-log-storage-cr_{context}"]
+= Configuring log storage
+
+You can configure which log storage type your {logging} uses by modifying the `ClusterLogging` custom resource (CR).
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have installed the {oc-first}.
+* You have installed the {clo} and an internal log store that is either the LokiStack or Elasticsearch.
+* You have created a `ClusterLogging` CR.
+
+include::snippets/logging-elastic-dep-snip.adoc[]
+
+.Procedure
+
+. Modify the `ClusterLogging` CR `logStore` spec:
++
+.`ClusterLogging` CR example
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+# ...
+spec:
+# ...
+  logStore:
+    type: <log_store_type> <1>
+    elasticsearch: <2>
+      nodeCount: <integer>
+      resources: {}
+      storage: {}
+      redundancyPolicy: <redundancy_type> <3>
+    lokistack: <4>
+      name: {}
+# ...
+----
+<1> Specify the log store type. This can be either `lokistack` or `elasticsearch`.
+<2> Optional configuration options for the Elasticsearch log store.
+<3> Specify the redundancy type. This value can be `ZeroRedundancy`, `SingleRedundancy`, `MultipleRedundancy`, or `FullRedundancy`.
+<4> Optional configuration options for LokiStack.
++
+.Example `ClusterLogging` CR to specify LokiStack as the log store
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  managementState: Managed
+  logStore:
+    type: lokistack
+    lokistack:
+      name: logging-loki
+# ...
+----
+
+. Apply the `ClusterLogging` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/configuring-log-visualizer.adoc b/modules/configuring-log-visualizer.adoc
new file mode 100644
index 000000000000..797943e3e4de
--- /dev/null
+++ b/modules/configuring-log-visualizer.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * logging/log_visualization/log-visualization.adoc
+// * logging/cluster-logging-deploying.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-log-visualizer_{context}"]
+= Configuring the log visualizer
+
+You can configure which log visualizer type your {logging} uses by modifying the `ClusterLogging` custom resource (CR).
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have installed the {oc-first}.
+* You have installed the {clo}.
+* You have created a `ClusterLogging` CR.
+
+[IMPORTANT]
+====
+If you want to use the {product-title} web console for visualization, you must enable the {log-plug}. See the documentation about "Log visualization with the web console".
+====
+
+.Procedure
+
+. Modify the `ClusterLogging` CR `visualization` spec:
++
+.`ClusterLogging` CR example
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+# ...
+spec:
+# ...
+  visualization:
+    type: <visualizer_type> <1>
+    kibana: <2>
+      resources: {}
+      nodeSelector: {}
+      proxy: {}
+      replicas: {}
+      tolerations: {}
+    ocpConsole: <3>
+      logsLimit: {}
+      timeout: {}
+# ...
+----
+<1> The type of visualizer you want to use for your {logging}. This can be either `kibana` or `ocp-console`. The Kibana console is only compatible with deployments that use Elasticsearch log storage, while the {product-title} console is only compatible with LokiStack deployments.
+<2> Optional configurations for the Kibana console.
+<3> Optional configurations for the {product-title} web console.
+
+. Apply the `ClusterLogging` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/configuring-logging-collector.adoc b/modules/configuring-logging-collector.adoc
new file mode 100644
index 000000000000..e0666009014f
--- /dev/null
+++ b/modules/configuring-logging-collector.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-deploying.adoc
+// * logging/log_collection_forwarding/cluster-logging-collector.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-logging-collector_{context}"]
+= Configuring the log collector
+
+You can configure which log collector type your {logging} uses by modifying the `ClusterLogging` custom resource (CR).
+
+include::snippets/logging-fluentd-dep-snip.adoc[]
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have installed the {oc-first}.
+* You have installed the {clo}.
+* You have created a `ClusterLogging` CR.
+
+.Procedure
+
+. Modify the `ClusterLogging` CR `collection` spec:
++
+.`ClusterLogging` CR example
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+# ...
+spec:
+# ...
+  collection:
+    type: <log_collector_type> <1>
+    resources: {}
+    tolerations: {}
+# ...
+----
+<1> The log collector type you want to use for the {logging}. This can be `vector` or `fluentd`.
+
+. Apply the `ClusterLogging` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/configuring-logging-loki-ruler.adoc b/modules/configuring-logging-loki-ruler.adoc
new file mode 100644
index 000000000000..7d23c0476c90
--- /dev/null
+++ b/modules/configuring-logging-loki-ruler.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * logging/logging_alerts/custom-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-logging-loki-ruler_{context}"]
+= Configuring the ruler
+
+When the LokiStack ruler component is enabled, users can define a group of link:https://grafana.com/docs/loki/latest/query/[LogQL] expressions that trigger logging alerts or recorded metrics.
+
+Administrators can enable the ruler by modifying the `LokiStack` custom resource (CR).
+
+.Prerequisites
+
+* You have installed the {clo} and the {loki-op}.
+* You have created a `LokiStack` CR.
+* You have administrator permissions.
+
+.Procedure
+
+* Enable the ruler by ensuring that the `LokiStack` CR contains the following spec configuration:
++
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: <name>
+  namespace: <namespace>
+spec:
+# ...
+  rules:
+    enabled: true <1>
+    selector:
+      matchLabels:
+        openshift.io/<label_name>: "true" <2>
+    namespaceSelector:
+      matchLabels:
+        openshift.io/<label_name>: "true" <3>
+----
+<1> Enable Loki alerting and recording rules in your cluster.
+<2> Add a custom label that can be added to namespaces where you want to enable the use of logging alerts and metrics.
+<3> Add a custom label that can be added to namespaces where you want to enable the use of logging alerts and metrics.
diff --git a/modules/configuring-machine-pool-disk-volume-cli.adoc b/modules/configuring-machine-pool-disk-volume-cli.adoc
new file mode 100644
index 000000000000..58102c102e93
--- /dev/null
+++ b/modules/configuring-machine-pool-disk-volume-cli.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring_machine_pool_disk_volume_cli{context}"]
+= Configuring machine pool disk volume using the ROSA CLI
+
+.Prerequisite for cluster creation
+
+* You have the option to select the root disk sizing for the default machine pool during cluster installation.
+
+.Procedure for cluster creation
+
+* Run the following command when creating your OpenShift cluster for the desired root disk size:
++
+[source,terminal]
+----
+$ rosa create cluster --worker-disk-size=<disk_size>
+----
+The value can be in GB, GiB, TB, or TiB. Replace '<disk_size>' with a numeric value and unit, for example '--worker-disk-size=200GiB'. You cannot separate the digit and the unit. No spaces are allowed.
+
+.Prerequisite for machine pool creation
+
+* You have the option to select the root disk sizing for the new machine pool after the cluster has been installed.
+
+.Procedure for machine pool creation
+
+. Scale up the cluster by executing the following command:
++
+[source,terminal]
+----
+$ rosa create machinepool --cluster=<cluster_id>  <1>
+                          --disk-size=<disk_size>  <2>
+----
+<1> Specifies the ID or name of your existing OpenShift cluster
+<2> Specifies the worker node disk size. The value can be in GB, GiB, TB, or TiB. Replace '<disk_size>' with a numeric value and unit, for example '--disk-size=200GiB'. You cannot separate the digit and the unit. No spaces are allowed.
+. Confirm new machine pool disk volume size by logging into the AWS console and find the EC2 virtual machine root volume size.
diff --git a/modules/configuring-machine-pool-disk-volume-ocm.adoc b/modules/configuring-machine-pool-disk-volume-ocm.adoc
new file mode 100644
index 000000000000..7e576b378547
--- /dev/null
+++ b/modules/configuring-machine-pool-disk-volume-ocm.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+ifdef::openshift-rosa[]
+[id="configuring_machine_pool_disk_volume_ocm{context}"]
+= Configuring machine pool disk volume using OpenShift Cluster Manager
+endif::openshift-rosa[]
+.Prerequisite for cluster creation
+* You have the option to select the node disk sizing for the default machine pool during cluster installation.
+
+.Procedure for cluster creation
+
+. From ROSA cluster wizard, navigate to Cluster settings.
+
+. Navigate to *Machine pool* step.
+
+. Select the desired *Root disk size*.
+
+. Select *Next* to continue creating your cluster.
+
+.Prerequisite for machine pool creation
+* You have the option to select the node disk sizing for the new machine pool after the cluster has been installed.
+
+.Procedure for machine pool creation
+
+. Navigate to {cluster-manager-url} and select your cluster.
+
+. Navigate to *Machine pool tab*.
+
+. Click *Add machine pool*.
+
+. Select the desired *Root disk size*.
+
+. Select *Add machine pool* to create the machine pool.
diff --git a/modules/configuring-machine-pool-disk-volume.adoc b/modules/configuring-machine-pool-disk-volume.adoc
new file mode 100644
index 000000000000..61d5cfb5f47a
--- /dev/null
+++ b/modules/configuring-machine-pool-disk-volume.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="configuring_machine_pool_disk_volume{context}"]
+= Configuring machine pool disk volume
+
+Machine pool disk volume size can be configured for additional flexibility. The default disk size is 300 GiB. For cluster version 4.13 or earlier, the disk size can be configured to a minimum of 128 GiB to a maximum of 1 TiB. For cluster version 4.14 and later, the disk size can be configured to a minimum of 128 GiB to a maximum of 16 TiB.
+
+You can configure the machine pool disk size for your cluster by using {cluster-manager} or the ROSA CLI (`rosa`).
+
+[NOTE]
+====
+Existing cluster and machine pool node volumes cannot be resized.
+====
+
+
+[IMPORTANT]
+====
+The default disk size is 300 GiB. For cluster version 4.13 or earlier, the disk size can be configured to a minimum of 128 GiB to a maximum of 1 TiB. For cluster version 4.14 and later, the disk size can be configured to a minimum of 128 GiB to a maximum of 16 TiB.
+====
\ No newline at end of file
diff --git a/modules/configuring-node-pools-for-hcp.adoc b/modules/configuring-node-pools-for-hcp.adoc
index 6827d566ade8..2c494c2b51c8 100644
--- a/modules/configuring-node-pools-for-hcp.adoc
+++ b/modules/configuring-node-pools-for-hcp.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updates/updating-hosted-control-planes.adoc
+// * updates/updating_a_cluster/updating-hosted-control-planes.adoc
 // * hosted_control_planes/hcp-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-node-pools-for-hcp_{context}"]
 = Configuring node pools for hosted control planes
 
diff --git a/modules/configuring-ovnk-additional-networks.adoc b/modules/configuring-ovnk-additional-networks.adoc
index fbc930409e57..d6e784e6647d 100644
--- a/modules/configuring-ovnk-additional-networks.adoc
+++ b/modules/configuring-ovnk-additional-networks.adoc
@@ -2,18 +2,37 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuration-ovnk-additional-networks_{context}"]
 = Configuration for an OVN-Kubernetes additional network
 
-The {openshift-networking} OVN-Kubernetes network plugin allows the configuration of secondary network interfaces for pods. To configure secondary network interfaces, you must define the configurations in the `NetworkAttachmentDefinition` custom resource definition (CRD).
+The {openshift-networking} OVN-Kubernetes network plugin allows the configuration of secondary network interfaces for pods. To configure secondary network interfaces, you must define the configurations in the `NetworkAttachmentDefinition` custom resource (CR).
 
-:FeatureName: Configuration for an OVN-Kubernetes additional network
-include::snippets/technology-preview.adoc[]
+[NOTE]
+====
+Pod and multi-network policy creation might remain in a pending state until the OVN-Kubernetes control plane agent in the nodes processes the associated `network-attachment-definition` CR.
+====
+
+You can configure an OVN-Kubernetes additional network in either _layer 2_ or _localnet_ topologies.
+
+- A layer 2 topology supports east-west cluster traffic, but does not allow access to the underlying physical network.
+- A localnet topology allows connections to the physical network, but requires additional configuration of the underlying Open vSwitch (OVS) bridge on cluster nodes.
 
 The following sections provide example configurations for each of the topologies that OVN-Kubernetes currently allows for secondary networks.
 
 [NOTE]
 ====
-Networks names must be unique. For example, creating multiple `NetworkAttachmentDefinition` CRDs with different configurations that reference the same network is unsupported.
-====
\ No newline at end of file
+Networks names must be unique. For example, creating multiple `NetworkAttachmentDefinition` CRs with different configurations that reference the same network is unsupported.
+====
+
+[id="configuration-additional-network-types-supported-platforms_{context}"]
+== Supported platforms for OVN-Kubernetes additional network
+
+You can use an OVN-Kubernetes additional network with the following supported platforms:
+
+- Bare metal
+- {ibm-power-name}
+- {ibm-z-name}
+- {ibm-linuxone-name}
+- VMware vSphere
+- {rh-openstack-first}
diff --git a/modules/configuring-ovs-log-level-permanently.adoc b/modules/configuring-ovs-log-level-permanently.adoc
index d3a6a5ea1154..16453eb32f46 100644
--- a/modules/configuring-ovs-log-level-permanently.adoc
+++ b/modules/configuring-ovs-log-level-permanently.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-network-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-ovs-log-level-permanently_{context}"]
 = Configuring the Open vSwitch log level permanently
 
diff --git a/modules/configuring-ovs-log-level-temp.adoc b/modules/configuring-ovs-log-level-temp.adoc
index a91b89b10c13..6f9eba59a76c 100644
--- a/modules/configuring-ovs-log-level-temp.adoc
+++ b/modules/configuring-ovs-log-level-temp.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-ovs-log-level-temp_{context}"]
 = Configuring the Open vSwitch log level temporarily
 
diff --git a/modules/configuring-pods-secondary-network.adoc b/modules/configuring-pods-secondary-network.adoc
index ff0c5becc876..ef640e805c99 100644
--- a/modules/configuring-pods-secondary-network.adoc
+++ b/modules/configuring-pods-secondary-network.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="configuring-pods-secondary-network_{context}"]
 = Configuring pods for additional networks
 
diff --git a/modules/configuring-pods-static-ip.adoc b/modules/configuring-pods-static-ip.adoc
index 7c463ef9e61d..12b9428b5e3b 100644
--- a/modules/configuring-pods-static-ip.adoc
+++ b/modules/configuring-pods-static-ip.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-pods-static-ip_{context}"]
 = Configuring pods with a static IP address
 
diff --git a/modules/configuring-private-storage-endpoint-azure-user-provided-vnet-subnet.adoc b/modules/configuring-private-storage-endpoint-azure-user-provided-vnet-subnet.adoc
new file mode 100644
index 000000000000..18fe0def426e
--- /dev/null
+++ b/modules/configuring-private-storage-endpoint-azure-user-provided-vnet-subnet.adoc
@@ -0,0 +1,117 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-private-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-private-storage-endpoint-azure-user-provided-vnet-subnet_{context}"]
+= Configuring a private storage endpoint on Azure with user-provided VNet and subnet names
+
+Use the following procedure to configure a storage account that has public network access disabled and is exposed behind a private storage endpoint on Azure.
+
+.Prerequisites
+
+* You have configured the image registry to run on Azure.
+* You must know the VNet and subnet names used for your Azure environment.
+* If your network was configured in a separate resource group in Azure, you must also know its name.
+
+.Procedure 
+
+. Edit the Image Registry Operator `config` object and configure the private endpoint using your VNet and subnet names:
++
+[source,terminal]
+----
+$ oc edit configs.imageregistry/cluster
+----
++
+[source,terminal]
+----
+# ...
+spec:
+  # ...
+   storage:
+      azure:
+        # ...
+        networkAccess:
+          type: Internal
+          internal:
+            subnetName: <subnet_name>
+            vnetName: <vnet_name>
+            networkResourceGroupName: <network_resource_group_name>
+# ...
+----
+
+. Optional: Enter the following command to confirm that the Operator has completed provisioning. This might take a few minutes. 
++
+[source,terminal]
+----
+$ oc get configs.imageregistry/cluster -o=jsonpath="{.spec.storage.azure.privateEndpointName}" -w
+----
++
+[NOTE]
+====
+When redirect is enabled, pulling images from outside of the cluster will not work.
+====
+
+.Verification
+
+. Fetch the registry service name by running the following command:
++
+[source,terminal]
+----
+$ oc registry info --internal=true
+----
++
+.Example output
++
+[source,terminal]
+----
+image-registry.openshift-image-registry.svc:5000
+----
+
+. Enter debug mode by running the following command:
++
+[source,terminal]
+----
+$ oc debug node/<node_name>
+----
+
+. Run the suggested `chroot` command. For example:
++
+[source,terminal]
+----
+$ chroot /host
+----
+
+. Enter the following command to log in to your container registry:
++
+[source,terminal]
+----
+$ podman login --tls-verify=false -u unused -p $(oc whoami -t) image-registry.openshift-image-registry.svc:5000
+----
++
+.Example output
++
+[source,terminal]
+----
+Login Succeeded!
+----
+
+. Enter the following command to verify that you can pull an image from the registry:
++
+[source,terminal]
+----
+$ podman pull --tls-verify=false image-registry.openshift-image-registry.svc:5000/openshift/tools
+----
++
+.Example output
++
+[source,terminal]
+----
+Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/tools/openshift/tools...
+Getting image source signatures
+Copying blob 6b245f040973 done
+Copying config 22667f5368 done
+Writing manifest to image destination
+Storing signatures
+22667f53682a2920948d19c7133ab1c9c3f745805c14125859d20cede07f11f9
+----
\ No newline at end of file
diff --git a/modules/configuring-private-storage-endpoint-azure-vnet-subnet-iro-discovery.adoc b/modules/configuring-private-storage-endpoint-azure-vnet-subnet-iro-discovery.adoc
new file mode 100644
index 000000000000..75f71f2579d8
--- /dev/null
+++ b/modules/configuring-private-storage-endpoint-azure-vnet-subnet-iro-discovery.adoc
@@ -0,0 +1,121 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-private-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-private-storage-endpoint-azure-vnet-subnet-iro-discovery_{context}"]
+= Configuring a private storage endpoint on Azure by enabling the Image Registry Operator to discover VNet and subnet names
+
+The following procedure shows you how to set up a private storage endpoint on Azure by configuring the Image Registry Operator to discover VNet and subnet names.
+
+.Prerequisites 
+
+* You have configured the image registry to run on Azure.
+* Your network has been set up using the Installer Provisioned Infrastructure installation method. 
++
+For users with a custom network setup, see "Configuring a private storage endpoint on Azure with user-provided VNet and subnet names". 
+
+.Procedure 
+
+. Edit the Image Registry Operator `config` object and set `networkAccess.type` to `Internal`:
++
+[source,terminal]
+----
+$ oc edit configs.imageregistry/cluster
+----
++
+[source,terminal]
+----
+# ...
+spec:
+  # ...
+   storage:
+      azure:
+        # ...
+        networkAccess:
+          type: Internal
+# ...
+----
+
+. Optional: Enter the following command to confirm that the Operator has completed provisioning. This might take a few minutes. 
++
+[source,terminal]
+----
+$ oc get configs.imageregistry/cluster -o=jsonpath="{.spec.storage.azure.privateEndpointName}" -w
+----
+
+. Optional: If the registry is exposed by a route, and you are configuring your storage account to be private, you must disable redirect if you want pulls external to the cluster to continue to work. Enter the following command to disable redirect on the Image Operator configuration:
++
+[source,terminal]
+----
+$ oc patch configs.imageregistry cluster --type=merge -p '{"spec":{"disableRedirect": true}}'
+----
++
+[NOTE]
+====
+When redirect is enabled,  pulling images from outside of the cluster will not work.
+====
+
+.Verification
+
+. Fetch the registry service name by running the following command:
++
+[source,terminal]
+----
+$ oc registry info --internal=true
+----
++
+.Example output
++
+[source,terminal]
+----
+image-registry.openshift-image-registry.svc:5000
+----
+
+. Enter debug mode by running the following command:
++
+[source,terminal]
+----
+$ oc debug node/<node_name>
+----
+
+. Run the suggested `chroot` command. For example:
++
+[source,terminal]
+----
+$ chroot /host
+----
+
+. Enter the following command to log in to your container registry:
++
+[source,terminal]
+----
+$ podman login --tls-verify=false -u unused -p $(oc whoami -t) image-registry.openshift-image-registry.svc:5000
+----
++
+.Example output
++
+[source,terminal]
+----
+Login Succeeded!
+----
+
+. Enter the following command to verify that you can pull an image from the registry:
++
+[source,terminal]
+----
+$ podman pull --tls-verify=false image-registry.openshift-image-registry.svc:5000/openshift/tools
+----
++
+.Example output
++
+[source,terminal]
+----
+Trying to pull image-registry.openshift-image-registry.svc:5000/openshift/tools/openshift/tools...
+Getting image source signatures
+Copying blob 6b245f040973 done
+Copying config 22667f5368 done
+Writing manifest to image destination
+Storing signatures
+22667f53682a2920948d19c7133ab1c9c3f745805c14125859d20cede07f11f9
+----
diff --git a/modules/configuring-registry-storage-nutanix.adoc b/modules/configuring-registry-storage-nutanix.adoc
new file mode 100644
index 000000000000..39d2dd036b93
--- /dev/null
+++ b/modules/configuring-registry-storage-nutanix.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+// * registry/configuring_registry_storage/configuring-registry-storage-nutanix.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-registry-storage-nutanix_{context}"]
+= Configuring registry storage for Nutanix
+
+As a cluster administrator, following installation you must configure your registry to use storage.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have a cluster on Nutanix.
+* You have provisioned persistent storage for your cluster, such as {rh-storage-first}.
++
+[IMPORTANT]
+====
+{product-title} supports `ReadWriteOnce` access for image registry storage when you have only one replica. `ReadWriteOnce` access also requires that the registry uses the `Recreate` rollout strategy. To deploy an image registry that supports high availability with two or more replicas, `ReadWriteMany` access is required.
+====
++
+* You must have 100 Gi capacity.
+
+.Procedure
+
+. To configure your registry to use storage, change the `spec.storage.pvc` in the `configs.imageregistry/cluster` resource.
++
+[NOTE]
+====
+When you use shared storage, review your security settings to prevent outside access.
+====
+
+. Verify that you do not have a registry pod:
++
+[source,terminal]
+----
+$ oc get pod -n openshift-image-registry -l docker-registry=default
+----
++
+.Example output
+[source,terminal]
+----
+No resourses found in openshift-image-registry namespace
+----
++
+[NOTE]
+=====
+If you do have a registry pod in your output, you do not need to continue with this procedure.
+=====
+
+. Check the registry configuration:
++
+[source,terminal]
+----
+$ oc edit configs.imageregistry.operator.openshift.io
+----
++
+.Example output
+[source,yaml]
+----
+storage:
+  pvc:
+    claim: <1>
+----
+<1> Leave the `claim` field blank to allow the automatic creation of an `image-registry-storage` persistent volume claim (PVC). The PVC is generated based on the default storage class. However, be aware that the default storage class might provide ReadWriteOnce (RWO) volumes, such as a RADOS Block Device (RBD), which can cause issues when you replicate to more than one replica.
+
+
+. Check the `clusteroperator` status:
++
+[source,terminal]
+----
+$ oc get clusteroperator image-registry
+----
++
+.Example output
+[source,terminal]
+----
+NAME             VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
+image-registry   4.13                                  True        False         False      6h50m
+----
diff --git a/modules/configuring-secret-for-wmco.adoc b/modules/configuring-secret-for-wmco.adoc
index ac87fcdf07f5..824008101557 100644
--- a/modules/configuring-secret-for-wmco.adoc
+++ b/modules/configuring-secret-for-wmco.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/enabling-windows-container-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-secret-for-wmco_{context}"]
 = Configuring a secret for the Windows Machine Config Operator
 
diff --git a/modules/configuring-user-level-access.adoc b/modules/configuring-user-level-access.adoc
index 0309ba573a69..5b183d11b308 100644
--- a/modules/configuring-user-level-access.adoc
+++ b/modules/configuring-user-level-access.adoc
@@ -2,7 +2,7 @@
 //
 // * installing-red-hat-openshift-gitops
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-user-level-access_{context}"]
 = Configuring user level access
 
@@ -29,7 +29,7 @@ metadata
     scopes: '[groups]'
 ----
 +
-* Add the `policy` configuration to the `rbac` section and add the `name`, `email` and the `role` of the user: 
+* Add the `policy` configuration to the `rbac` section and add the `name`, `email` and the `role` of the user:
 +
 [source,yaml]
 ----
diff --git a/modules/configuring-vsphere-connection-settings.adoc b/modules/configuring-vsphere-connection-settings.adoc
index 2d4940e61ef8..461254884cf7 100644
--- a/modules/configuring-vsphere-connection-settings.adoc
+++ b/modules/configuring-vsphere-connection-settings.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_vsphere/installing-vsphere-post-installation-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-vSphere-connection-settings_{context}"]
 = Configuring the vSphere connection settings
 
@@ -25,7 +25,7 @@ Modify the following vSphere configuration settings as required:
 .Procedure
 . In the Administrator perspective, navigate to *Home -> Overview*.
 . Under *Status*, click *vSphere connection* to open the *vSphere connection configuration* wizard.
-. In the *vCenter* field, enter the network address of the vSphere vCenter server. This can be either a domain name or an IP address. It appears in the vSphere web client URL; for example `https://[your_vCenter_address]/ui`. 
+. In the *vCenter* field, enter the network address of the vSphere vCenter server. This can be either a domain name or an IP address. It appears in the vSphere web client URL; for example `https://[your_vCenter_address]/ui`.
 . In the *vCenter cluster* field, enter the name of the vSphere vCenter cluster where {product-title} is installed.
 +
 [IMPORTANT]
@@ -33,8 +33,8 @@ Modify the following vSphere configuration settings as required:
 This step is mandatory if you installed {product-title} 4.13 or later.
 ====
 
-. In the *Username* field, enter your vSphere vCenter username. 
-. In the *Password* field, enter your vSphere vCenter password. 
+. In the *Username* field, enter your vSphere vCenter username.
+. In the *Password* field, enter your vSphere vCenter password.
 +
 [WARNING]
 ====
@@ -46,7 +46,7 @@ The system stores the username and password in the `vsphere-creds` secret in the
 +
 [WARNING]
 ====
-Updating the vSphere data center or default data store after the configuration has been saved detaches any active vSphere `PersistentVolumes`. 
+Updating the vSphere data center or default data store after the configuration has been saved detaches any active vSphere `PersistentVolumes`.
 ====
 +
 . In the *Virtual Machine Folder* field, enter the data center folder that contains the virtual machine of the cluster; for example, `/SDDC-Datacenter/vm/ci-ln-hjg4vg2-c61657-t2gzr`. For the {product-title} installation to succeed, all virtual machines comprising the cluster must be located in a single data center folder.
diff --git a/modules/configuring-vsphere-regions-zones.adoc b/modules/configuring-vsphere-regions-zones.adoc
index 47ad37085ed1..8c7a7e484fd5 100644
--- a/modules/configuring-vsphere-regions-zones.adoc
+++ b/modules/configuring-vsphere-regions-zones.adoc
@@ -7,12 +7,12 @@
 //* installing/installing-restricted-networks-installer-provisioned-vsphere.adoc [IPI]
 //* installing/installing-restricted-networks-vsphere.adoc [IPI]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-vsphere-regions-zones_{context}"]
 = Configuring regions and zones for a VMware vCenter
-You can modify the default installation configuration file, so that you can deploy an {product-title} cluster to multiple vSphere datacenters that run in a single VMware vCenter. 
+You can modify the default installation configuration file, so that you can deploy an {product-title} cluster to multiple vSphere datacenters that run in a single VMware vCenter.
 
-The default `install-config.yaml` file configuration from the previous release of {product-title} is deprecated. You can continue to use the deprecated default configuration, but the `openshift-installer` will prompt you with a warning message that indicates the use of deprecated fields in the configuration file. 
+The default `install-config.yaml` file configuration from the previous release of {product-title} is deprecated. You can continue to use the deprecated default configuration, but the `openshift-installer` will prompt you with a warning message that indicates the use of deprecated fields in the configuration file.
 
 [IMPORTANT]
 ====
@@ -33,7 +33,7 @@ You must specify at least one failure domain for your {product-title} cluster, s
 +
 [IMPORTANT]
 ====
-If you specify different names for the `openshift-region` and `openshift-zone` vCenter tag categories, the installation of the {product-title} cluster fails.  
+If you specify different names for the `openshift-region` and `openshift-zone` vCenter tag categories, the installation of the {product-title} cluster fails.
 ====
 +
 [source,terminal]
@@ -60,7 +60,7 @@ $ govc tags.create -c <region_tag_category> <region_tag>
 $ govc tags.create -c <zone_tag_category> <zone_tag>
 ----
 
-. Attach region tags to each vCenter datacenter object by entering the following command: 
+. Attach region tags to each vCenter datacenter object by entering the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/configuring-vsphere-verifying-configuration.adoc b/modules/configuring-vsphere-verifying-configuration.adoc
index c8cfa6cd1c44..7600c5b2c09d 100644
--- a/modules/configuring-vsphere-verifying-configuration.adoc
+++ b/modules/configuring-vsphere-verifying-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_vsphere/installing-vsphere-post-installation-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-vSphere-monitoring-configuration-completion{context}"]
 = Verifying the configuration
 
@@ -27,7 +27,7 @@ A failure indicates that at least one of the connection settings is incorrect. C
 .. Create a `StorageClass` object using the following YAML:
 +
 [source,yaml]
----- 
+----
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
diff --git a/modules/configuring_hyperthreading_for_a_cluster.adoc b/modules/configuring_hyperthreading_for_a_cluster.adoc
index fe86e7445ada..47b335b84ed6 100644
--- a/modules/configuring_hyperthreading_for_a_cluster.adoc
+++ b/modules/configuring_hyperthreading_for_a_cluster.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring_hyperthreading_for_a_cluster_{context}"]
 = Configuring hyperthreading for a cluster
 
diff --git a/modules/connected-to-disconnected-mirror-images.adoc b/modules/connected-to-disconnected-mirror-images.adoc
index 0eef46b81423..4442817e69ec 100644
--- a/modules/connected-to-disconnected-mirror-images.adoc
+++ b/modules/connected-to-disconnected-mirror-images.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/connected-to-disconnected.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connected-to-disconnected-mirror-images_{context}"]
 = Mirroring the images
 
diff --git a/modules/connected-to-disconnected-prepare-mirror.adoc b/modules/connected-to-disconnected-prepare-mirror.adoc
index ff61826f6bba..b814ef303111 100644
--- a/modules/connected-to-disconnected-prepare-mirror.adoc
+++ b/modules/connected-to-disconnected-prepare-mirror.adoc
@@ -2,14 +2,14 @@
 //
 // * post_installation_configuration/connected-to-disconnected.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connected-to-disconnected-prepare-mirror_{context}"]
-= Preparing the cluster for mirroring 
+= Preparing the cluster for mirroring
 
 Before disconnecting your cluster, you must mirror, or copy, the images to a mirror registry that is reachable by every node in your disconnected cluster. In order to mirror the images, you must prepare your cluster by:
 
 * Adding the mirror registry certificates to the list of trusted CAs on your host.
-* Creating a `.dockerconfigjson` file that contains your image pull secret, which is from the `cloud.openshift.com` token. 
+* Creating a `.dockerconfigjson` file that contains your image pull secret, which is from the `cloud.openshift.com` token.
 
 .Procedure
 
@@ -39,7 +39,7 @@ $ update-ca-trust
 +
 [source,terminal]
 ----
-$ oc extract secret/pull-secret -n openshift-config --confirm --to=. 
+$ oc extract secret/pull-secret -n openshift-config --confirm --to=.
 ----
 +
 .Example output
@@ -59,7 +59,7 @@ $ oc extract secret/pull-secret -n openshift-config --confirm --to=.
 where:
 +
 `<local_registry>`:: Specifies the registry domain name, and optionally the port, that your mirror registry uses to serve content.
-`auth`:: Specifies the base64-encoded user name and password for your mirror registry. 
+`auth`:: Specifies the base64-encoded user name and password for your mirror registry.
 `<registry>:<port>/<namespace>`:: Specifies the mirror registry details.
 `<token>`:: Specifies  the base64-encoded `username:password` for your mirror registry.
 +
diff --git a/modules/connected-to-disconnected-restore-insights.adoc b/modules/connected-to-disconnected-restore-insights.adoc
index 51bc38646bfd..42852d28f10d 100644
--- a/modules/connected-to-disconnected-restore-insights.adoc
+++ b/modules/connected-to-disconnected-restore-insights.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/connected-to-disconnected.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connected-to-disconnected-restore-insights_{context}"]
 = Restoring a degraded Insights Operator
 
diff --git a/modules/connected-to-disconnected-restore.adoc b/modules/connected-to-disconnected-restore.adoc
index b670b45bcc09..c739a62d2951 100644
--- a/modules/connected-to-disconnected-restore.adoc
+++ b/modules/connected-to-disconnected-restore.adoc
@@ -2,13 +2,13 @@
 //
 // * post_installation_configuration/connected-to-disconnected.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connected-to-disconnected-restore_{context}"]
 = Restoring the network
 
 If you want to reconnect a disconnected cluster and pull images from online registries, delete the cluster's ImageContentSourcePolicy (ICSP) objects. Without the ICSP, pull requests to external registries are no longer redirected to the mirror registry.
 
-.Procedure 
+.Procedure
 
 . View the ICSP objects in your cluster:
 +
@@ -50,7 +50,7 @@ imagecontentsourcepolicy.operator.openshift.io "qe45-index-0" deleted
 
 . Wait for all the nodes to restart and return to the READY status and verify that the `registries.conf` file is pointing to the original registries and not the mirror registries:
 
-.. Log into a node: 
+.. Log into a node:
 +
 [source,terminal]
 ----
@@ -68,7 +68,7 @@ sh-4.4# chroot /host
 +
 [source,terminal]
 ----
-sh-4.4# cat /etc/containers/registries.conf 
+sh-4.4# cat /etc/containers/registries.conf
 ----
 +
 .Example output
diff --git a/modules/connected-to-disconnected-verify.adoc b/modules/connected-to-disconnected-verify.adoc
index 7eb6403be7b5..31c934b52b3b 100644
--- a/modules/connected-to-disconnected-verify.adoc
+++ b/modules/connected-to-disconnected-verify.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/connected-to-disconnected.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connected-to-disconnected-verify_{context}"]
 = Ensure applications continue to work
 
@@ -44,10 +44,10 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                       STATUS   ROLES    AGE   VERSION
-ci-ln-47ltxtb-f76d1-mrffg-master-0         Ready    master   42m   v1.26.0
-ci-ln-47ltxtb-f76d1-mrffg-master-1         Ready    master   42m   v1.26.0
-ci-ln-47ltxtb-f76d1-mrffg-master-2         Ready    master   42m   v1.26.0
-ci-ln-47ltxtb-f76d1-mrffg-worker-a-gsxbz   Ready    worker   35m   v1.26.0
-ci-ln-47ltxtb-f76d1-mrffg-worker-b-5qqdx   Ready    worker   35m   v1.26.0
-ci-ln-47ltxtb-f76d1-mrffg-worker-c-rjkpq   Ready    worker   34m   v1.26.0
+ci-ln-47ltxtb-f76d1-mrffg-master-0         Ready    master   42m   v1.28.5
+ci-ln-47ltxtb-f76d1-mrffg-master-1         Ready    master   42m   v1.28.5
+ci-ln-47ltxtb-f76d1-mrffg-master-2         Ready    master   42m   v1.28.5
+ci-ln-47ltxtb-f76d1-mrffg-worker-a-gsxbz   Ready    worker   35m   v1.28.5
+ci-ln-47ltxtb-f76d1-mrffg-worker-b-5qqdx   Ready    worker   35m   v1.28.5
+ci-ln-47ltxtb-f76d1-mrffg-worker-c-rjkpq   Ready    worker   34m   v1.28.5
 ----
diff --git a/modules/console-operator.adoc b/modules/console-operator.adoc
index 6937c3e17d2d..edec4ab1a8e6 100644
--- a/modules/console-operator.adoc
+++ b/modules/console-operator.adoc
@@ -12,7 +12,7 @@ ifeval::["{context}" == "cluster-capabilities"]
 :cluster-caps:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="console-operator_{context}"]
 ifdef::operator-ref[= Console Operator]
 ifdef::cluster-caps[= Console capability]
diff --git a/modules/consuming-huge-pages-resource-using-the-downward-api.adoc b/modules/consuming-huge-pages-resource-using-the-downward-api.adoc
index 37b68a02f97b..f6c66e03fa8f 100644
--- a/modules/consuming-huge-pages-resource-using-the-downward-api.adoc
+++ b/modules/consuming-huge-pages-resource-using-the-downward-api.adoc
@@ -4,7 +4,7 @@
 
 :file-name: hugepages-volume-pod.yaml
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="consuming-huge-pages-resource-using-the-downward-api_{context}"]
 = Consuming huge pages resources using the Downward API
 
diff --git a/modules/containers-about.adoc b/modules/containers-about.adoc
index a6523095c368..00ca577ec4e3 100644
--- a/modules/containers-about.adoc
+++ b/modules/containers-about.adoc
@@ -4,7 +4,7 @@
 [id="containers-about_{context}"]
 = Containers
 
-The basic units of {product-title} applications are called containers. link:https://access.redhat.com/articles/1353593[Linux container technologies] are lightweight mechanisms for isolating running processes so that they are limited to interacting with only their designated resources. The word container is defined as a specific running or paused instance of a container image.
+The basic units of {product-title} applications are called containers. link:https://www.redhat.com/en/topics/containers#overview[Linux container technologies] are lightweight mechanisms for isolating running processes so that they are limited to interacting with only their designated resources. The word container is defined as a specific running or paused instance of a container image.
 
 Many application instances can be running in containers on a single host without visibility into each others' processes, files, network, and so on. Typically, each container provides a single service, often called a micro-service, such as a web server or a database, though containers can be used for arbitrary workloads.
 
diff --git a/modules/containers-signature-verify-application.adoc b/modules/containers-signature-verify-application.adoc
index 664538bb45f5..e684db7bc247 100644
--- a/modules/containers-signature-verify-application.adoc
+++ b/modules/containers-signature-verify-application.adoc
@@ -2,7 +2,7 @@
 //
 // * security/container_security/security-container-signature.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="containers-signature-verify-application_{context}"]
 = Verifying the signature verification configuration
 After you apply the machine configs to the cluster, the Machine Config Controller detects the new `MachineConfig` object and generates a new `rendered-worker-<hash>` version.
diff --git a/modules/containers-signature-verify-enable.adoc b/modules/containers-signature-verify-enable.adoc
index e9949a5acdae..213379aac122 100644
--- a/modules/containers-signature-verify-enable.adoc
+++ b/modules/containers-signature-verify-enable.adoc
@@ -2,7 +2,7 @@
 //
 // * security/container_security/security-container-signature.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="containers-signature-verify-enable_{context}"]
 = Enabling signature verification for Red Hat Container Registries
 Enabling container signature validation for Red Hat Container Registries requires writing a signature verification policy file specifying the keys to verify images from these registries. For RHEL8 nodes, the registries are already defined in `/etc/containers/registries.d` by default.
@@ -16,10 +16,10 @@ Enabling container signature validation for Red Hat Container Registries require
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 51-worker-rh-registry-trust
   labels:
diff --git a/modules/containers-signature-verify-skopeo.adoc b/modules/containers-signature-verify-skopeo.adoc
new file mode 100644
index 000000000000..52aa91f65487
--- /dev/null
+++ b/modules/containers-signature-verify-skopeo.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// * security/container_security/security-container-signature.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="containers-signature-verify-skopeo_{context}"]
+= Using skopeo to verify signatures of Red Hat container images
+
+You can verify the signatures for container images included in an {product-title} release image by pulling those signatures from link:https://mirror.openshift.com/pub/openshift-v4/signatures/openshift-release-dev/ocp-release/[OCP release mirror site]. Because the signatures on the mirror site are not in a format readily understood by Podman or CRI-O, you can use the `skopeo standalone-verify` command to verify that the your release images are signed by Red Hat.
+
+.Prerequisites
+
+* You have installed the `skopeo` command-line utility.
+
+.Procedure
+
+. Get the full SHA for your release by running the following command:
++
+[source,terminal]
+----
+$ oc adm release info <release_version>  \ <1>
+----
+<1> Substitute <release_version> with your release number, for example, `4.14.3`.
++
+.Example output snippet
++
+[source,terminal]
+----
+---
+Pull From: quay.io/openshift-release-dev/ocp-release@sha256:e73ab4b33a9c3ff00c9f800a38d69853ca0c4dfa5a88e3df331f66df8f18ec55
+---
+----
+
+. Pull down the Red Hat release key by running the following command:
++
+[source,terminal]
+----
+$ curl -o pub.key https://access.redhat.com/security/data/fd431d51.txt
+----
+
+. Get the signature file for the specific release that you want to verify by running the following command:
++
+[source,terminal]
+----
+$ curl -o signature-1 https://mirror.openshift.com/pub/openshift-v4/signatures/openshift-release-dev/ocp-release/sha256%<sha_from_version>/signature-1 \ <1>
+----
+<1> Replace `<sha_from_version>` with SHA value from the full link to the mirror site that matches the SHA of your release. For example, the link to the signature for the 4.12.23 release is `https://mirror.openshift.com/pub/openshift-v4/signatures/openshift-release-dev/ocp-release/sha256%e73ab4b33a9c3ff00c9f800a38d69853ca0c4dfa5a88e3df331f66df8f18ec55/signature-1`, and the SHA value is `e73ab4b33a9c3ff00c9f800a38d69853ca0c4dfa5a88e3df331f66df8f18ec55`.
+
+. Get the manifest for the release image by running the following command:
++
+[source,terminal]
+----
+$ skopeo inspect --raw docker://<quay_link_to_release> > manifest.json \ <1>
+----
+<1> Replace `<quay_link_to_release>` with the output of the `oc adm release info` command. For example, `quay.io/openshift-release-dev/ocp-release@sha256:e73ab4b33a9c3ff00c9f800a38d69853ca0c4dfa5a88e3df331f66df8f18ec55`.
+
+. Use skopeo to verify the signature:
++
+[source,terminal]
+----
+$ skopeo standalone-verify manifest.json quay.io/openshift-release-dev/ocp-release:<release_number>-<arch> any signature-1 --public-key-file pub.key
+----
++
+where:
++
+`<release_number>`:: Specifies the release number, for example `4.14.3`.
+`<arch>`:: Specifies the architecture, for example `x86_64`.
++
+.Example output
+[source,terminal]
+----
+Signature verified using fingerprint 567E347AD0044ADE55BA8A5F199E2F91FD431D51, digest sha256:e73ab4b33a9c3ff00c9f800a38d69853ca0c4dfa5a88e3df331f66df8f18ec55
+----
+
diff --git a/modules/containers-signature-verify-unsigned.adoc b/modules/containers-signature-verify-unsigned.adoc
new file mode 100644
index 000000000000..45745d7a0d38
--- /dev/null
+++ b/modules/containers-signature-verify-unsigned.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * security/container_security/security-container-signature.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="containers-signature-verify-artifacts_{context}"]
+= Understanding the verification of container images lacking verifiable signatures
+Each {product-title} release image is immutable and signed with a Red Hat production key. During an {product-title} update or installation, a release image might deploy container images that do not have verifiable signatures. Each signed release image digest is immutable. Each reference in the release image is to the immutable digest of another image, so the contents can be trusted transitively. In other words, the signature on the release image validates all release contents.
+
+For example, the image references lacking a verifiable signature are contained in the signed {product-title} release image:
+
+.Example release info output
+[source,terminal]
+----
+$ oc adm release info  quay.io/openshift-release-dev/ ocp-release@sha256:2309578b68c5666dad62aed696f1f9d778ae1a089ee461060ba7b9514b7ca417 -o pullspec <1>
+quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9aafb914d5d7d0dec4edd800d02f811d7383a7d49e500af548eab5d00c1bffdb <2>
+----
+
+<1> Signed release image SHA.
+<2> Container image lacking a verifiable signature included in the release.
+
+[id="containers-signature-verification-automatic_{context}"]
+== Automated verification during updates
+Verification of signatures is automatic. The OpenShift Cluster Version Operator (CVO) verifies signatures on the release images during an {product-title} update. This is an internal process. An {product-title} installation or update fails if the automated verification fails.
+
+Verification of signatures can also be done manually using the `skopeo` command-line utility.
\ No newline at end of file
diff --git a/modules/contributing-quick-starts.adoc b/modules/contributing-quick-starts.adoc
index aa0c7b0a2523..71c694b91965 100644
--- a/modules/contributing-quick-starts.adoc
+++ b/modules/contributing-quick-starts.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/creating-quick-start-tutorials.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="contributing-quick-starts_{context}"]
 = Contributing quick starts
 
diff --git a/modules/copying-files-pods-and-containers.adoc b/modules/copying-files-pods-and-containers.adoc
index 42c855304989..d6f16c2c77c0 100644
--- a/modules/copying-files-pods-and-containers.adoc
+++ b/modules/copying-files-pods-and-containers.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/investigating-pod-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="copying-files-pods-and-containers_{context}"]
 = Copying files to and from pods and containers
 
@@ -10,7 +10,12 @@ You can copy files to and from a pod to test configuration changes or gather dia
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
@@ -28,7 +33,7 @@ $ oc cp <local_path> <pod_name>:/<path> -c <container_name>  <1>
 +
 [source,terminal]
 ----
-$ oc cp <pod_name>:/<path>  -c <container_name><local_path>  <1>
+$ oc cp <pod_name>:/<path>  -c <container_name> <local_path>  <1>
 ----
 <1> The first container in a pod is selected if the `-c` option is not specified.
 +
diff --git a/modules/core-user-password.adoc b/modules/core-user-password.adoc
index ffe50da84b55..d3a0dd40dec6 100644
--- a/modules/core-user-password.adoc
+++ b/modules/core-user-password.adoc
@@ -2,11 +2,11 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="core-user-password_{context}"]
 = Changing the core user password for node access
 
-By default, {op-system-first} creates a user named `core` on the nodes in your cluster. You can use the `core` user to access the node through a cloud provider serial console or a bare metal baseboard controller manager (BMC). This can be helpful, for example, if a node is down and you cannot access that node by using SSH or the `oc debug node` command. However, by default, there is no password for this user, so you cannot log in without creating one. 
+By default, {op-system-first} creates a user named `core` on the nodes in your cluster. You can use the `core` user to access the node through a cloud provider serial console or a bare metal baseboard controller manager (BMC). This can be helpful, for example, if a node is down and you cannot access that node by using SSH or the `oc debug node` command. However, by default, there is no password for this user, so you cannot log in without creating one.
 
 You can create a password for the `core` user by using a machine config. The Machine Config Operator (MCO) assigns the password and injects the password into the `/etc/shadow` file, allowing you to log in with the `core` user. The MCO does not examine the password hash. As such, the MCO cannot report if there is a problem with the password.
 
@@ -17,7 +17,7 @@ You can create a password for the `core` user by using a machine config. The Mac
 * If you have a machine config that includes an `/etc/shadow` file or a systemd unit that sets a password, it takes precedence over the password hash.
 ====
 
-You can change the password, if needed, by editing the machine config you used to create the password. Also, you can remove the password by deleting the machine config. Deleting the machine config does not remove the user account. 
+You can change the password, if needed, by editing the machine config you used to create the password. Also, you can remove the password by deleting the machine config. Deleting the machine config does not remove the user account.
 
 .Prerequisites
 
@@ -42,14 +42,14 @@ spec:
     passwd:
       users:
       - name: core <1>
-        passwordHash: $6$2sE/010goDuRSxxv$o18K52wor.wIwZp <2>
+        passwordHash: <password> <2>
 ----
 <1> This must be `core`.
 <2> The hashed password to use with the `core` account.
 
 . Create the machine config by running the following command:
 +
-[source,yaml]
+[source,terminal]
 ----
 $ oc create -f <file-name>.yaml
 ----
diff --git a/modules/coreos-layering-configuring.adoc b/modules/coreos-layering-configuring.adoc
index 8b7861cbc422..b94b7631549b 100644
--- a/modules/coreos-layering-configuring.adoc
+++ b/modules/coreos-layering-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * post-installation_configuration/coreos-layering.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="coreos-layering-configuring_{context}"]
 = Applying a {op-system} custom layered image
 
@@ -24,27 +24,29 @@ When you configure a custom layered image, {product-title} no longer automatical
 You should use the same base {op-system} image that is installed on the rest of your cluster. Use the `oc adm release info --image-for rhel-coreos` command to obtain the base image being used in your cluster.
 ====
 +
-For example, the following Containerfile creates a custom layered image from an {product-title} 4.13 image and a Hotfix package:
+For example, the following Containerfile creates a custom layered image from an {product-title} {product-version} image and overrides the kernel package with one from CentOS 9 Stream:
 +
 .Example Containerfile for a custom layer image
-[source,yaml]
+[source,yaml,subs="+attributes"]
 ----
-# Using a 4.12.0 image
+# Using a {product-version}.0 image
 FROM quay.io/openshift-release/ocp-release@sha256... <1>
 #Install hotfix rpm
-RUN rpm-ostree override replace https://example.com/hotfixes/haproxy-1.0.16-5.el8.src.rpm && \ <2>
+RUN rpm-ostree cliwrap install-to-root / && \ <2>
+    rpm-ostree override replace http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/kernel-{,core-,modules-,modules-core-,modules-extra-}5.14.0-295.el9.x86_64.rpm && \ <3>
     rpm-ostree cleanup -m && \
     ostree container commit
 ----
 <1> Specifies the {op-system} base image of your cluster.
-<2> Specifies the path to the Hotfix package.
+<2> Enables `cliwrap`. This is currently required to intercept some command invocations made from kernel scripts.
+<3> Replaces the kernel packages.
 +
 [NOTE]
 ====
 Instructions on how to create a Containerfile are beyond the scope of this documentation.
 ====
 
-* Because the process for building a custom layered image is performed outside of the cluster, you must use the `--authfile /path/to/pull-secret` option with Podman or Buildah. Alternatively, to have the pull secret read by these tools automatically, you can add it to one of the default file locations: `~/.docker/config.json`, `$XDG_RUNTIME_DIR/containers/auth.json`, `~/.docker/config.json`, or `~/.dockercfg`. Refer to the `containers-auth.json` man page for more information. 
+* Because the process for building a custom layered image is performed outside of the cluster, you must use the `--authfile /path/to/pull-secret` option with Podman or Buildah. Alternatively, to have the pull secret read by these tools automatically, you can add it to one of the default file locations: `~/.docker/config.json`, `$XDG_RUNTIME_DIR/containers/auth.json`, `~/.docker/config.json`, or `~/.dockercfg`. Refer to the `containers-auth.json` man page for more information.
 
 * You must push the custom layered image to a repository that your cluster can access.
 
@@ -123,13 +125,13 @@ $ oc describe mc rendered-master-4e8be63aef68b843b546827b6ebe0913
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 Name:         rendered-master-4e8be63aef68b843b546827b6ebe0913
 Namespace:
 Labels:       <none>
 Annotations:  machineconfiguration.openshift.io/generated-by-controller-version: 8276d9c1f574481043d3661a1ace1f36cd8c3b62
-              machineconfiguration.openshift.io/release-image-version: 4.13.0-ec.3
+              machineconfiguration.openshift.io/release-image-version: {product-version}.0-ec.3
 API Version:  machineconfiguration.openshift.io/v1
 Kind:         MachineConfig
 ...
@@ -163,12 +165,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                         STATUS                     ROLES                  AGE   VERSION
-ip-10-0-148-79.us-west-1.compute.internal    Ready                      worker                 32m   v1.26.0
-ip-10-0-155-125.us-west-1.compute.internal   Ready,SchedulingDisabled   worker                 35m   v1.26.0
-ip-10-0-170-47.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.26.0
-ip-10-0-174-77.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.26.0
-ip-10-0-211-49.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.26.0
-ip-10-0-218-151.us-west-1.compute.internal   Ready                      worker                 31m   v1.26.0
+ip-10-0-148-79.us-west-1.compute.internal    Ready                      worker                 32m   v1.28.5
+ip-10-0-155-125.us-west-1.compute.internal   Ready,SchedulingDisabled   worker                 35m   v1.28.5
+ip-10-0-170-47.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.28.5
+ip-10-0-174-77.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.28.5
+ip-10-0-211-49.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.28.5
+ip-10-0-218-151.us-west-1.compute.internal   Ready                      worker                 31m   v1.28.5
 ----
 
 . When the node is back in the `Ready` state, check that the node is using the custom layered image:
diff --git a/modules/coreos-layering-removing.adoc b/modules/coreos-layering-removing.adoc
index 582711e2700a..5644151ca5cf 100644
--- a/modules/coreos-layering-removing.adoc
+++ b/modules/coreos-layering-removing.adoc
@@ -2,7 +2,7 @@
 //
 // * post-installation_configuration/coreos-layering.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="coreos-layering-removing_{context}"]
 = Removing a {op-system} custom layered image
 
@@ -52,12 +52,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                         STATUS                     ROLES                  AGE   VERSION
-ip-10-0-148-79.us-west-1.compute.internal    Ready                      worker                 32m   v1.26.0
-ip-10-0-155-125.us-west-1.compute.internal   Ready,SchedulingDisabled   worker                 35m   v1.26.0
-ip-10-0-170-47.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.26.0
-ip-10-0-174-77.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.26.0
-ip-10-0-211-49.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.26.0
-ip-10-0-218-151.us-west-1.compute.internal   Ready                      worker                 31m   v1.26.0
+ip-10-0-148-79.us-west-1.compute.internal    Ready                      worker                 32m   v1.28.5
+ip-10-0-155-125.us-west-1.compute.internal   Ready,SchedulingDisabled   worker                 35m   v1.28.5
+ip-10-0-170-47.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.28.5
+ip-10-0-174-77.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.28.5
+ip-10-0-211-49.us-west-1.compute.internal    Ready                      control-plane,master   42m   v1.28.5
+ip-10-0-218-151.us-west-1.compute.internal   Ready                      worker                 31m   v1.28.5
 ----
 
 . When the node is back in the `Ready` state, check that the node is using the base image:
diff --git a/modules/coreos-layering-updating.adoc b/modules/coreos-layering-updating.adoc
index d8b07552bbe7..f76e9c98a97f 100644
--- a/modules/coreos-layering-updating.adoc
+++ b/modules/coreos-layering-updating.adoc
@@ -2,7 +2,7 @@
 //
 // * post-installation_configuration/coreos-layering.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="coreos-layering-updating_{context}"]
 = Updating with a {op-system} custom layered image
 
diff --git a/modules/cpms-changing-aws-instance-type.adoc b/modules/cpms-changing-aws-instance-type.adoc
index ceebcbbb0aeb..1df94371650a 100644
--- a/modules/cpms-changing-aws-instance-type.adoc
+++ b/modules/cpms-changing-aws-instance-type.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso-using:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpms-changing-aws-instance-type_{context}"]
 = Changing the Amazon Web Services instance type by using a control plane machine set
 
diff --git a/modules/cpms-changing-openstack-flavor-type.adoc b/modules/cpms-changing-openstack-flavor-type.adoc
new file mode 100644
index 000000000000..058e05060fd5
--- /dev/null
+++ b/modules/cpms-changing-openstack-flavor-type.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cpms-changing-openstack-flavor-type_{context}"]
+= Changing the {rh-openstack} compute flavor by using a control plane machine set
+
+You can change the {rh-openstack-first} compute service (Nova) flavor that your control plane machines use by updating the specification in the control plane machine set custom resource.
+
+In {rh-openstack}, flavors define the compute, memory, and storage capacity of computing instances. By increasing or decreasing the flavor size, you can scale your control plane vertically.
+
+.Prerequisites
+
+* Your {rh-openstack} cluster uses a control plane machine set.
+
+.Procedure
+
+. Edit the following line under the `providerSpec` field:
++
+[source,yaml]
+----
+providerSpec:
+  value:
+# ...
+    flavor: m1.xlarge <1>
+----
+<1> Specify a {rh-openstack} flavor type that has the same base as the existing selection. For example, you can change `m6i.xlarge` to `m6i.2xlarge` or `m6i.4xlarge`. You can choose larger or smaller flavors depending on your vertical scaling needs.
+
+. Save your changes.
+
+After you save your changes, machines are replaced with ones that use the flavor you chose.
\ No newline at end of file
diff --git a/modules/cpmso-activating.adoc b/modules/cpmso-activating.adoc
index b58bbb82120e..2c29677c29a0 100644
--- a/modules/cpmso-activating.adoc
+++ b/modules/cpmso-activating.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-activating_{context}"]
 = Activating the control plane machine set custom resource
 
diff --git a/modules/cpmso-checking-status.adoc b/modules/cpmso-checking-status.adoc
index c89547619dcf..018795df8196 100644
--- a/modules/cpmso-checking-status.adoc
+++ b/modules/cpmso-checking-status.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "cpmso-disabling"]
 :cpmso-disabling:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-checking-status_{context}"]
 = Checking the control plane machine set custom resource state
 
diff --git a/modules/cpmso-control-plane-recovery.adoc b/modules/cpmso-control-plane-recovery.adoc
index 4660ca0dfdc9..70723d474bfa 100644
--- a/modules/cpmso-control-plane-recovery.adoc
+++ b/modules/cpmso-control-plane-recovery.adoc
@@ -2,19 +2,19 @@
 //
 // * machine_management/cpmso-resiliency.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cpmso-control-plane-recovery_{context}"]
 = Recovery of failed control plane machines
 
-The Control Plane Machine Set Operator automates the recovery of control plane machines. When a control plane machine is deleted, the Operator creates a replacement with the configuration that is specified in the `ControlPlaneMachineSet` custom resource (CR).  
+The Control Plane Machine Set Operator automates the recovery of control plane machines. When a control plane machine is deleted, the Operator creates a replacement with the configuration that is specified in the `ControlPlaneMachineSet` custom resource (CR).
 
-For clusters that use control plane machine sets, you can configure a machine health check. The machine health check deletes unhealthy control plane machines so that they are replaced. 
+For clusters that use control plane machine sets, you can configure a machine health check. The machine health check deletes unhealthy control plane machines so that they are replaced.
 
 [IMPORTANT]
 ====
-If you configure a `MachineHealthCheck` resource for the control plane, set the value of `maxUnhealthy` to `1`. 
+If you configure a `MachineHealthCheck` resource for the control plane, set the value of `maxUnhealthy` to `1`.
 
-This configuration ensures that the machine health check takes no action when multiple control plane machines appear to be unhealthy. Multiple unhealthy control plane machines can indicate that the etcd cluster is degraded or that a scaling operation to replace a failed machine is in progress. 
+This configuration ensures that the machine health check takes no action when multiple control plane machines appear to be unhealthy. Multiple unhealthy control plane machines can indicate that the etcd cluster is degraded or that a scaling operation to replace a failed machine is in progress.
 
 If the etcd cluster is degraded, manual intervention might be required. If a scaling operation is in progress, the machine health check should allow it to finish.
 ====
\ No newline at end of file
diff --git a/modules/cpmso-creating-cr.adoc b/modules/cpmso-creating-cr.adoc
index 1fbc26b04545..2b616515aaf1 100644
--- a/modules/cpmso-creating-cr.adoc
+++ b/modules/cpmso-creating-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-creating-cr_{context}"]
 = Creating a control plane machine set custom resource
 
@@ -65,13 +65,8 @@ $ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
 Before you activate the CR, you must ensure that its configuration is correct for your cluster requirements.
 ====
 <3> Specify the update strategy for the cluster. Valid values are `OnDelete` and `RollingUpdate`. The default value is `RollingUpdate`. For more information about update strategies, see "Updating the control plane configuration".
-<4> Specify your cloud provider platform name. Valid values are `AWS`, `Azure`, `GCP`, `Nutanix`, and `VSphere`.
+<4> Specify your cloud provider platform name. Valid values are `AWS`, `Azure`, `GCP`, `Nutanix`, `VSphere`, and `OpenStack`.
 <5> Add the `<platform_failure_domains>` configuration for the cluster. The format and values of this section are provider-specific. For more information, see the sample failure domain configuration for your cloud provider.
-+
-[NOTE]
-====
-VMware vSphere does not support failure domains. For vSphere clusters, replace `<platform_failure_domains>` with an empty `failureDomains:` parameter.
-====
 <6> Specify the infrastructure ID.
 <7> Add the `<platform_provider_spec>` configuration for the cluster. The format and values of this section are provider-specific. For more information, see the sample provider specification for your cloud provider.
 --
diff --git a/modules/cpmso-deleting.adoc b/modules/cpmso-deleting.adoc
index 305e305792b5..8be6fd588ade 100644
--- a/modules/cpmso-deleting.adoc
+++ b/modules/cpmso-deleting.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-disabling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-deleting_{context}"]
 = Deleting the control plane machine set
 
diff --git a/modules/cpmso-failure-domains-balancing.adoc b/modules/cpmso-failure-domains-balancing.adoc
index ae9a19f4831a..fccb30a22b48 100644
--- a/modules/cpmso-failure-domains-balancing.adoc
+++ b/modules/cpmso-failure-domains-balancing.adoc
@@ -2,13 +2,13 @@
 //
 // * machine_management/cpmso-resiliency.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cpmso-failure-domains-balancing_{context}"]
 = Balancing control plane machines
 
 The control plane machine set balances control plane machines across the failure domains that are specified in the custom resource (CR).
 
-//If failure domains must be reused, they are selected alphabetically by name. 
-When possible, the control plane machine set uses each failure domain equally to ensure appropriate fault tolerance. If there are fewer failure domains than control plane machines, failure domains are selected for reuse alphabetically by name. For clusters with no failure domains specified, all control plane machines are placed within a single failure domain. 
+//If failure domains must be reused, they are selected alphabetically by name.
+When possible, the control plane machine set uses each failure domain equally to ensure appropriate fault tolerance. If there are fewer failure domains than control plane machines, failure domains are selected for reuse alphabetically by name. For clusters with no failure domains specified, all control plane machines are placed within a single failure domain.
 
-Some changes to the failure domain configuration cause the control plane machine set to rebalance the control plane machines. For example, if you add failure domains to a cluster with fewer failure domains than control plane machines, the control plane machine set rebalances the machines across all available failure domains. 
\ No newline at end of file
+Some changes to the failure domain configuration cause the control plane machine set to rebalance the control plane machines. For example, if you add failure domains to a cluster with fewer failure domains than control plane machines, the control plane machine set rebalances the machines across all available failure domains.
\ No newline at end of file
diff --git a/modules/cpmso-failure-domains-provider.adoc b/modules/cpmso-failure-domains-provider.adoc
index fcf5aa850443..eda0d0b54cf8 100644
--- a/modules/cpmso-failure-domains-provider.adoc
+++ b/modules/cpmso-failure-domains-provider.adoc
@@ -2,7 +2,9 @@
 //
 // * machine_management/cpmso-resiliency.adoc
 
-:_content-type: REFERENCE
+// TODO: See if I can find RHOSP docs links for the proposed changes.
+
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-failure-domains-provider_{context}"]
 = Failure domain platform support and configuration
 
@@ -33,6 +35,10 @@ The control plane machine set concept of a failure domain is analogous to existi
 |VMware vSphere
 |
 |Not applicable
+
+|{rh-openstack-first}
+|X
+|link:https://docs.openstack.org/nova/2023.2/admin/availability-zones.html[OpenStack Nova availability zones] and link:https://docs.openstack.org/cinder/2023.2/admin/availability-zone-type.html[OpenStack Cinder availability zones]
 |====
 [.small]
 --
diff --git a/modules/cpmso-feat-auto-update.adoc b/modules/cpmso-feat-auto-update.adoc
index 562ebf30780f..407b55832aa3 100644
--- a/modules/cpmso-feat-auto-update.adoc
+++ b/modules/cpmso-feat-auto-update.adoc
@@ -2,12 +2,12 @@
 //
 // * machine_management/control_plane_machine_management/cpmso-using.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cpmso-feat-auto-update_{context}"]
-= Automatically updating the control plane configuration
+= Automatic updates to the control plane configuration
 
-You can use the `RollingUpdate` update strategy to automatically propagate changes to your control plane configuration.
+The `RollingUpdate` update strategy automatically propagates changes to your control plane configuration. This update strategy is the default configuration for the control plane machine set.
 
-For clusters that use the default `RollingUpdate` update strategy, the Operator creates a replacement control plane machine with the configuration that is specified in the CR. When the replacement control plane machine is ready, the Operator deletes the control plane machine that is marked for replacement. The replacement machine then joins the control plane.
+For clusters that use the `RollingUpdate` update strategy, the Operator creates a replacement control plane machine with the configuration that is specified in the CR. When the replacement control plane machine is ready, the Operator deletes the control plane machine that is marked for replacement. The replacement machine then joins the control plane.
 
-If multiple control plane machines are marked for replacement, the Operator repeats this replacement process one machine at a time until each machine is replaced.
+If multiple control plane machines are marked for replacement, the Operator protects etcd health during replacement by repeating this replacement process one machine at a time until it has replaced each machine.
\ No newline at end of file
diff --git a/modules/cpmso-feat-config-update.adoc b/modules/cpmso-feat-config-update.adoc
index be0e8bc919e8..233f32a40ba8 100644
--- a/modules/cpmso-feat-config-update.adoc
+++ b/modules/cpmso-feat-config-update.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/control_plane_machine_management/cpmso-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-feat-config-update_{context}"]
 = Updating the control plane configuration
 
@@ -35,6 +35,6 @@ $ oc edit controlplanemachineset.machine.openshift.io cluster \
 
 .Next steps
 
-* For clusters that use the default `RollingUpdate` update strategy, the changes to your control plane configuration are propagated automatically.
+* For clusters that use the default `RollingUpdate` update strategy, the control plane machine set propagates changes to your control plane configuration automatically.
 
 * For clusters that are configured to use the `OnDelete` update strategy, you must replace your control plane machines manually.
\ No newline at end of file
diff --git a/modules/cpmso-feat-ondelete-update.adoc b/modules/cpmso-feat-ondelete-update.adoc
new file mode 100644
index 000000000000..6fef1b931764
--- /dev/null
+++ b/modules/cpmso-feat-ondelete-update.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="cpmso-feat-ondelete-update_{context}"]
+= Manual updates to the control plane configuration
+
+You can use the `OnDelete` update strategy to propagate changes to your control plane configuration by replacing machines manually. Manually replacing machines allows you to test changes to your configuration on a single machine before applying the changes more broadly.
+
+For clusters that are configured to use the `OnDelete` update strategy, the Operator creates a replacement control plane machine when you delete an existing machine. When the replacement control plane machine is ready, the etcd Operator allows the existing machine to be deleted. The replacement machine then joins the control plane.
+
+If multiple control plane machines are deleted, the Operator creates all of the required replacement machines simultaneously. The Operator maintains etcd health by preventing more than one machine being removed from the control plane at once.
\ No newline at end of file
diff --git a/modules/cpmso-feat-replace.adoc b/modules/cpmso-feat-replace.adoc
new file mode 100644
index 000000000000..b82817f98aa6
--- /dev/null
+++ b/modules/cpmso-feat-replace.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cpmso-feat-replace_{context}"]
+= Replacing a control plane machine
+
+To replace a control plane machine in a cluster that has a control plane machine set, you delete the machine manually. The control plane machine set replaces the deleted machine with one using the specification in the control plane machine set custom resource (CR).
+
+.Prerequisites
+
+* If your cluster runs on {rh-openstack-first} and you need to evacuate a compute server, such as for an upgrade, you must disable the {rh-openstack} compute node that the machine runs on by running the following command:
++
+[source,terminal]
+----
+$ openstack compute service set <target_node_host_name> nova-compute --disable
+----
++
+For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html/configuring_the_compute_service_for_instance_creation/assembly_managing-instances_managing-instances#proc_preparing-to-migrate_migrating-instances[Preparing to migrate] in the {rh-openstack} documentation.
+
+.Procedure
+
+. List the control plane machines in your cluster by running the following command:
++
+[source,terminal]
+----
+$ oc get machines \
+  -l machine.openshift.io/cluster-api-machine-role==master \
+  -n openshift-machine-api
+----
+
+. Delete a control plane machine by running the following command:
++
+[source,terminal]
+----
+$ oc delete machine \
+  -n openshift-machine-api \
+  <control_plane_machine_name> <1>
+----
+<1> Specify the name of the control plane machine to delete.
++
+[NOTE]
+====
+If you delete multiple control plane machines, the control plane machine set replaces them according to the configured update strategy:
+
+* For clusters that use the default `RollingUpdate` update strategy, the Operator replaces one machine at a time until each machine is replaced.
+
+* For clusters that are configured to use the `OnDelete` update strategy, the Operator creates all of the required replacement machines simultaneously.
+
+Both strategies maintain etcd health during control plane machine replacement.
+====
\ No newline at end of file
diff --git a/modules/cpmso-feat-test-changes.adoc b/modules/cpmso-feat-test-changes.adoc
deleted file mode 100644
index d5513cf610e9..000000000000
--- a/modules/cpmso-feat-test-changes.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-// Module included in the following assemblies:
-//
-// * machine_management/control_plane_machine_management/cpmso-using.adoc
-
-:_content-type: CONCEPT
-[id="cpmso-feat-test-changes_{context}"]
-= Testing changes to the control plane configuration
-
-You can use the `OnDelete` update strategy to test changes to your control plane configuration. With this update strategy, you replace control plane machines manually. Manually replacing machines allows you to test changes to your configuration on a single machine before applying the changes more broadly.
-
-For clusters that are configured to use the `OnDelete` update strategy, the Operator creates a replacement control plane machine when you delete an existing machine. When the replacement control plane machine is ready, the etcd Operator allows the existing machine to be deleted. The replacement machine then joins the control plane.
-
-If multiple control plane machines are deleted, the Operator creates all of the required replacement machines simultaneously.
\ No newline at end of file
diff --git a/modules/cpmso-feat-vertical-resize.adoc b/modules/cpmso-feat-vertical-resize.adoc
index b9f08a8bda72..c0f3ace4e601 100644
--- a/modules/cpmso-feat-vertical-resize.adoc
+++ b/modules/cpmso-feat-vertical-resize.adoc
@@ -2,6 +2,6 @@
 //
 // * machine_management/cpmso-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cpmso-feat-vertical-resize_{context}"]
 = Vertical resizing of the control plane
\ No newline at end of file
diff --git a/modules/cpmso-openstack-ts-root-volume-azs.adoc b/modules/cpmso-openstack-ts-root-volume-azs.adoc
new file mode 100644
index 000000000000..a442fa4f94d6
--- /dev/null
+++ b/modules/cpmso-openstack-ts-root-volume-azs.adoc
@@ -0,0 +1,101 @@
+// Module included in the following assemblies:
+//
+// * machine_management/control_plane_machine_management/cpmso-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cpmso-openstack-ts-root-volume-azs_{context}"]
+= Configuring {rh-openstack} clusters that have machines with root volume availability zones after an upgrade
+
+For some clusters that run on {rh-openstack-first} that you upgrade, you must manually update machine resources before you can use control plane machine sets if the following configurations are true:
+
+* The upgraded cluster was created with {product-title} 4.13 or earlier.
+
+* The cluster infrastructure is installer-provisioned.
+
+* Machines were distributed across multiple availability zones.
+
+* Machines were configured to use root volumes for which block storage availability zones were not defined.
+
+To understand why this procedure is necessary, see link:https://access.redhat.com/solutions/7013893[Solution #7024383].
+
+.Procedure
+
+. For all control plane machines, edit the provider spec for all control plane machines that match the environment. For example, to edit the machine `master-0`, enter the following command:
++
+[source,terminal]
+----
+$ oc edit machine/<cluster_id>-master-0 -n openshift-machine-api
+----
++
+where:
++
+`<cluster_id>`:: Specifies the ID of the upgraded cluster.
+
+. In the provider spec, set the value of the property `rootVolume.availabilityZone` to the volume of the availability zone you want to use.
++
+.An example {rh-openstack} provider spec
+[source,yaml]
+----
+providerSpec:
+  value:
+    apiVersion: machine.openshift.io/v1alpha1
+    availabilityZone: az0
+      cloudName: openstack
+    cloudsSecret:
+      name: openstack-cloud-credentials
+      namespace: openshift-machine-api
+    flavor: m1.xlarge
+    image: rhcos-4.14
+    kind: OpenstackProviderSpec
+    metadata:
+      creationTimestamp: null
+    networks:
+    - filter: {}
+      subnets:
+      - filter:
+          name: refarch-lv7q9-nodes
+          tags: openshiftClusterID=refarch-lv7q9
+    rootVolume:
+        availabilityZone: nova <1>
+        diskSize: 30
+        sourceUUID: rhcos-4.12
+        volumeType: fast-0
+    securityGroups:
+    - filter: {}
+      name: refarch-lv7q9-master
+    serverGroupName: refarch-lv7q9-master
+    serverMetadata:
+      Name: refarch-lv7q9-master
+      openshiftClusterID: refarch-lv7q9
+    tags:
+    - openshiftClusterID=refarch-lv7q9
+    trunk: true
+    userDataSecret:
+      name: master-user-data
+----
+<1> Set the zone name as this value.
++
+[NOTE]
+====
+If you edited or recreated machine resources after your initial cluster deployment, you might have to adapt these steps for your configuration.
+
+In your {rh-openstack} cluster, find the availability zone of the root volumes for your machines and use that as the value.
+====
+
+. Run the following command to retrieve information about the control plane machine set resource:
++
+[source,terminal]
+----
+$ oc describe controlplanemachineset.machine.openshift.io/cluster --namespace openshift-machine-api
+----
+
+. Run the following command to edit the resource:
++
+[source,terminal]
+----
+$ oc edit controlplanemachineset.machine.openshift.io/cluster --namespace openshift-machine-api
+----
+
+. For that resource, set the value of the `spec.state` property to `Active` to activate control plane machine sets for your cluster.
+
+Your control plane is ready to be managed by the Cluster Control Plane Machine Set Operator.
\ No newline at end of file
diff --git a/modules/cpmso-openstack-with-az-config.adoc b/modules/cpmso-openstack-with-az-config.adoc
new file mode 100644
index 000000000000..7ec702771972
--- /dev/null
+++ b/modules/cpmso-openstack-with-az-config.adoc
@@ -0,0 +1,94 @@
+// Module included in the following assemblies:
+//
+// * machine_management/control_plane_machine_management/cpmso-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cpmso-openstack-with-az-config_{context}"]
+= Configuring {rh-openstack} clusters that have control plane machines with availability zones after an upgrade
+
+For some clusters that run on {rh-openstack-first} that you upgrade, you must manually update machine resources before you can use control plane machine sets if the following configurations are true:
+
+* The upgraded cluster was created with {product-title} 4.13 or earlier.
+
+* The cluster infrastructure is installer-provisioned.
+
+* Control plane machines were distributed across multiple compute availability zones.
+
+To understand why this procedure is necessary, see link:https://access.redhat.com/solutions/7013893[Solution #7013893].
+
+.Procedure
+
+. For the `master-1` and `master-2` control plane machines, open the provider specs for editing. For example, to edit the first machine, enter the following command:
++
+[source,terminal]
+----
+$ oc edit machine/<cluster_id>-master-1 -n openshift-machine-api
+----
++
+where:
++
+`<cluster_id>`:: Specifies the ID of the upgraded cluster.
+
+. For the `master-1` and `master-2` control plane machines, edit the value of the `serverGroupName` property in their provider specs to match that of the machine `master-0`.
++
+.An example {rh-openstack} provider spec
+[source,yaml]
+----
+providerSpec:
+  value:
+    apiVersion: machine.openshift.io/v1alpha1
+    availabilityZone: az0
+      cloudName: openstack
+    cloudsSecret:
+      name: openstack-cloud-credentials
+      namespace: openshift-machine-api
+    flavor: m1.xlarge
+    image: rhcos-4.15
+    kind: OpenstackProviderSpec
+    metadata:
+      creationTimestamp: null
+    networks:
+    - filter: {}
+      subnets:
+      - filter:
+          name: refarch-lv7q9-nodes
+          tags: openshiftClusterID=refarch-lv7q9
+    securityGroups:
+    - filter: {}
+      name: refarch-lv7q9-master
+    serverGroupName: refarch-lv7q9-master-az0 <1>
+    serverMetadata:
+      Name: refarch-lv7q9-master
+      openshiftClusterID: refarch-lv7q9
+    tags:
+    - openshiftClusterID=refarch-lv7q9
+    trunk: true
+    userDataSecret:
+      name: master-user-data
+----
+<1> This value must match for machines `master-0`, `master-1`, and `master-3`.
++
+[NOTE]
+====
+If you edited or recreated machine resources after your initial cluster deployment, you might have to adapt these steps for your configuration.
+
+In your {rh-openstack} cluster, find the server group that your control plane instances are in and use that as the value.
+====
+
+. Run the following command to retrieve information about the control plane machine set resource:
++
+[source,terminal]
+----
+$ oc describe controlplanemachineset.machine.openshift.io/cluster --namespace openshift-machine-api
+----
+
+. Run the following command to edit the resource:
++
+[source,terminal]
+----
+$ oc edit controlplanemachineset.machine.openshift.io/cluster --namespace openshift-machine-api
+----
+
+. For that resource, set the value of the `spec.state` property to `Active` to activate control plane machine sets for your cluster.
+
+Your control plane is ready to be managed by the Cluster Control Plane Machine Set Operator.
\ No newline at end of file
diff --git a/modules/cpmso-overview.adoc b/modules/cpmso-overview.adoc
index 20f2978e9997..e0b15ef8ef05 100644
--- a/modules/cpmso-overview.adoc
+++ b/modules/cpmso-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cpmso-overview_{context}"]
 = Control Plane Machine Set Operator overview
 
diff --git a/modules/cpmso-ts-ilb-missing.adoc b/modules/cpmso-ts-ilb-missing.adoc
index 5e43319a9129..8080064986aa 100644
--- a/modules/cpmso-ts-ilb-missing.adoc
+++ b/modules/cpmso-ts-ilb-missing.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-ts-ilb-missing_{context}"]
 = Adding a missing Azure internal load balancer
 
diff --git a/modules/cpmso-ts-mhc-etcd-degraded.adoc b/modules/cpmso-ts-mhc-etcd-degraded.adoc
index 7ccad84470cb..576b3bdf7969 100644
--- a/modules/cpmso-ts-mhc-etcd-degraded.adoc
+++ b/modules/cpmso-ts-mhc-etcd-degraded.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="cpmso-ts-etcd-degraded_{context}"]
 = Recovering a degraded etcd Operator
 
diff --git a/modules/cpmso-yaml-failure-domain-aws.adoc b/modules/cpmso-yaml-failure-domain-aws.adoc
index c84f33886658..a45266f90f3c 100644
--- a/modules/cpmso-yaml-failure-domain-aws.adoc
+++ b/modules/cpmso-yaml-failure-domain-aws.adoc
@@ -2,13 +2,13 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-failure-domain-aws_{context}"]
 = Sample AWS failure domain configuration
 
-The control plane machine set concept of a failure domain is analogous to existing AWS concept of an link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones[_Availability Zone (AZ)_]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible. 
+The control plane machine set concept of a failure domain is analogous to existing AWS concept of an link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones[_Availability Zone (AZ)_]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible.
 
-When configuring AWS failure domains in the control plane machine set, you must specify the availability zone name and the subnet to use. 
+When configuring AWS failure domains in the control plane machine set, you must specify the availability zone name and the subnet to use.
 
 .Sample AWS failure domain values
 [source,yaml]
diff --git a/modules/cpmso-yaml-failure-domain-azure.adoc b/modules/cpmso-yaml-failure-domain-azure.adoc
index 32b0efeeb309..7d572c2b06cc 100644
--- a/modules/cpmso-yaml-failure-domain-azure.adoc
+++ b/modules/cpmso-yaml-failure-domain-azure.adoc
@@ -2,11 +2,11 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-failure-domain-azure_{context}"]
 = Sample Azure failure domain configuration
 
-The control plane machine set concept of a failure domain is analogous to existing Azure concept of an link:https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones[_Azure availability zone_]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible. 
+The control plane machine set concept of a failure domain is analogous to existing Azure concept of an link:https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones[_Azure availability zone_]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible.
 
 When configuring Azure failure domains in the control plane machine set, you must specify the availability zone name.
 
diff --git a/modules/cpmso-yaml-failure-domain-gcp.adoc b/modules/cpmso-yaml-failure-domain-gcp.adoc
index fcaa407f0c15..93607dda0909 100644
--- a/modules/cpmso-yaml-failure-domain-gcp.adoc
+++ b/modules/cpmso-yaml-failure-domain-gcp.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-failure-domain-gcp_{context}"]
 = Sample GCP failure domain configuration
 
diff --git a/modules/cpmso-yaml-failure-domain-openstack.adoc b/modules/cpmso-yaml-failure-domain-openstack.adoc
new file mode 100644
index 000000000000..a46cb9901cb6
--- /dev/null
+++ b/modules/cpmso-yaml-failure-domain-openstack.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * machine_management/cpmso-configuration.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cpmso-yaml-failure-domain-openstack_{context}"]
+= Sample {rh-openstack} failure domain configuration
+// TODO: Replace that link.
+The control plane machine set concept of a failure domain is analogous to existing {rh-openstack-first} concept of an link:https://docs.openstack.org/nova/latest/admin/availability-zones.html[availability zone]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible.
+
+The following example demonstrates the use of multiple Nova availability zones as well as Cinder availability zones.
+
+.Sample OpenStack failure domain values
+[source,yaml]
+----
+failureDomains:
+  platform: OpenStack
+  openstack:
+  - availabilityZone: nova-az0
+    rootVolume:
+      availabilityZone: cinder-az0
+  - availabilityZone: nova-az1
+    rootVolume:
+      availabilityZone: cinder-az1
+  - availabilityZone: nova-az2
+    rootVolume:
+      availabilityZone: cinder-az2
+----
\ No newline at end of file
diff --git a/modules/cpmso-yaml-failure-domain-vsphere.adoc b/modules/cpmso-yaml-failure-domain-vsphere.adoc
new file mode 100644
index 000000000000..2451a56a9109
--- /dev/null
+++ b/modules/cpmso-yaml-failure-domain-vsphere.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * machine_management/cpmso-configuration.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cpmso-yaml-failure-domain-vsphere_{context}"]
+= Sample VMware vSphere failure domain configuration
+
+On VMware vSphere infrastructure, the cluster-wide infrastructure Custom Resource Definition (CRD), `infrastructures.config.openshift.io`, defines failure domains for your cluster. The `providerSpec` in the `ControlPlaneMachineSet` custom resource (CR) specifies names for failure domains. A failure domain is an infrastructure resource that comprises a control plane machine set, a vCenter datacenter, vCenter datastore, and a network. 
+
+By using a failure domain resource, you can use a control plane machine set to deploy control plane machines on hardware that is separate from the primary VMware vSphere infrastructure. A control plane machine set also balances control plane machines across defined failure domains to provide fault tolerance capabilities to your infrastructure.
+
+[NOTE]
+====
+If you modify the `ProviderSpec` configuration in the `ControlPlaneMachineSet` CR, the control plane machine set updates all control plane machines deployed on the primary infrastructure and each failure domain infrastructure.
+====
+
+:FeatureName: Defining a failure domain for a control plane machine set
+include::snippets/technology-preview.adoc[]
+
+.Example ProviderSpec configuration with specified failure domain names
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+metadata:
+  name: cluster
+  namespace: openshift-machine-api
+spec:
+# ...
+  template:
+    machineType: machines_v1beta1_machine_openshift_io
+    machines_v1beta1_machine_openshift_io:
+      failureDomains: <1>
+        platform: VSphere
+        vsphere: <2>
+        - name: <failure_domain_name1>
+        - name: <failure_domain_name2> 
+# ...    
+----
+<1> A failure domain defines the vCenter location for {product-title} cluster nodes.
+<2> Defines failure domains by name for the control plane machine set.
+
+[IMPORTANT]
+====
+Each `failureDomains.platform.vsphere.name` field value in the `ControlPlaneMachineSet` CR must match the corresponding value defined in the `failureDomains.name` field of the cluster-wide infrastructure CRD. Currently, the `vsphere.name` field is the only supported failure domain field that you can specify in the `ControlPlaneMachineSet` CR.
+====
diff --git a/modules/cpmso-yaml-provider-spec-aws.adoc b/modules/cpmso-yaml-provider-spec-aws.adoc
index 257276d42306..0bb2f9a1c4e0 100644
--- a/modules/cpmso-yaml-provider-spec-aws.adoc
+++ b/modules/cpmso-yaml-provider-spec-aws.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-provider-spec-aws_{context}"]
 = Sample AWS provider specification
 
diff --git a/modules/cpmso-yaml-provider-spec-azure.adoc b/modules/cpmso-yaml-provider-spec-azure.adoc
index f2d6576efc61..d8a6a74e9a9f 100644
--- a/modules/cpmso-yaml-provider-spec-azure.adoc
+++ b/modules/cpmso-yaml-provider-spec-azure.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-provider-spec-azure_{context}"]
 = Sample Azure provider specification
 
@@ -60,10 +60,10 @@ providerSpec:
 <2> Specifies the image details for your control plane machine set.
 <3> Specifies an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a `-gen2` suffix, while V1 images have the same name without the suffix.
 <4> Specifies the internal load balancer for the control plane. This field might not be preconfigured but is required in both the `ControlPlaneMachineSet` and control plane `Machine` CRs.
-<5> Specifies the cloud provider platform type. Do not change this value. 
+<5> Specifies the cloud provider platform type. Do not change this value.
 <6> Specifies the region to place control plane machines on.
 <7> Specifies the disk configuration for the control plane.
 <8> Specifies the public load balancer for the control plane.
 <9> Specifies the subnet for the control plane.
 <10> Specifies the control plane user data secret. Do not change this value.
-<11> This parameter is configured in the failure domain, and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Operator overwrites it with the value in the failure domain. 
\ No newline at end of file
+<11> This parameter is configured in the failure domain, and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Operator overwrites it with the value in the failure domain.
\ No newline at end of file
diff --git a/modules/cpmso-yaml-provider-spec-gcp.adoc b/modules/cpmso-yaml-provider-spec-gcp.adoc
index 3b1f3e29fbad..873b91a51815 100644
--- a/modules/cpmso-yaml-provider-spec-gcp.adoc
+++ b/modules/cpmso-yaml-provider-spec-gcp.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-provider-spec-gcp_{context}"]
 = Sample GCP provider specification
 
@@ -76,9 +76,9 @@ providerSpec:
 To use a GCP Marketplace image, specify the offer to use:
 +
 --
-* {product-title}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-ocp-48-x86-64-202210040145`
-* {opp}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-opp-48-x86-64-202206140145`
-* {oke}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-oke-48-x86-64-202206140145`
+* {product-title}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-ocp-413-x86-64-202305021736`
+* {opp}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-opp-413-x86-64-202305021736`
+* {oke}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-oke-413-x86-64-202305021736`
 --
 <3> Specifies the cloud provider platform type. Do not change this value.
 <4> Specifies the name of the GCP project that you use for your cluster.
diff --git a/modules/cpmso-yaml-provider-spec-nutanix.adoc b/modules/cpmso-yaml-provider-spec-nutanix.adoc
index 9d02f6ec0367..eef0229cd486 100644
--- a/modules/cpmso-yaml-provider-spec-nutanix.adoc
+++ b/modules/cpmso-yaml-provider-spec-nutanix.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-provider-spec-nutanix_{context}"]
 = Sample Nutanix provider specification
 
diff --git a/modules/cpmso-yaml-provider-spec-openstack.adoc b/modules/cpmso-yaml-provider-spec-openstack.adoc
new file mode 100644
index 000000000000..d16aa86cf0ef
--- /dev/null
+++ b/modules/cpmso-yaml-provider-spec-openstack.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * machine_management/cpmso-configuration.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cpmso-yaml-provider-spec-openstack_{context}"]
+= Sample {rh-openstack} provider specification
+
+When you create a control plane machine set for an existing cluster, the provider specification must match the `providerSpec` configuration in the control plane machine custom resource (CR) that is created by the installation program.
+
+.Sample OpenStack `providerSpec` values
+[source,yaml]
+----
+providerSpec:
+  value:
+    apiVersion: machine.openshift.io/v1alpha1
+    cloudName: openstack
+    cloudsSecret:
+      name: openstack-cloud-credentials <1>
+      namespace: openshift-machine-api
+    flavor: m1.xlarge <2>
+    image: ocp1-2g2xs-rhcos
+    kind: OpenstackProviderSpec <3>
+    metadata:
+      creationTimestamp: null
+    networks:
+    - filter: {}
+      subnets:
+      - filter:
+          name: ocp1-2g2xs-nodes
+          tags: openshiftClusterID=ocp1-2g2xs
+    securityGroups:
+    - filter: {}
+      name: ocp1-2g2xs-master <4>
+    serverGroupName: ocp1-2g2xs-master
+    serverMetadata:
+      Name: ocp1-2g2xs-master
+      openshiftClusterID: ocp1-2g2xs
+    tags:
+    - openshiftClusterID=ocp1-2g2xs
+    trunk: true
+    userDataSecret:
+      name: master-user-data
+----
+<1> The secret name for the cluster. Do not change this value.
+<2> The {rh-openstack} flavor type for the control plane.
+<3> The {rh-openstack} cloud provider platform type. Do not change this value.
+<4> The control plane machines security group.
\ No newline at end of file
diff --git a/modules/cpmso-yaml-provider-spec-vsphere.adoc b/modules/cpmso-yaml-provider-spec-vsphere.adoc
index 7dfe933f4cba..d235d55f92d7 100644
--- a/modules/cpmso-yaml-provider-spec-vsphere.adoc
+++ b/modules/cpmso-yaml-provider-spec-vsphere.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-provider-spec-vsphere_{context}"]
 = Sample vSphere provider specification
 
diff --git a/modules/cpmso-yaml-sample-cr.adoc b/modules/cpmso-yaml-sample-cr.adoc
index e8008b36e217..9250e4f11b3b 100644
--- a/modules/cpmso-yaml-sample-cr.adoc
+++ b/modules/cpmso-yaml-sample-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/cpmso-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cpmso-yaml-sample-cr_{context}"]
 = Sample YAML for a control plane machine set custom resource
 
@@ -59,9 +59,4 @@ Before you activate the Operator, you must ensure that the `ControlPlaneMachineS
 <5> Specifies the update strategy for the cluster. The allowed values are `OnDelete` and `RollingUpdate`. The default value is `RollingUpdate`. For more information about update strategies, see "Updating the control plane configuration".
 <6> Specifies the cloud provider platform name. Do not change this value.
 <7> Specifies the `<platform_failure_domains>` configuration for the cluster. The format and values of this section are provider-specific. For more information, see the sample failure domain configuration for your cloud provider.
-+
-[NOTE]
-====
-VMware vSphere does not support failure domains.
-====
 <8> Specifies the `<platform_provider_spec>` configuration for the cluster. The format and values of this section are provider-specific. For more information, see the sample provider specification for your cloud provider.
\ No newline at end of file
diff --git a/modules/crd-creating-aggregated-cluster-roles.adoc b/modules/crd-creating-aggregated-cluster-roles.adoc
index a7c7c1b9726e..dc652c97e23a 100644
--- a/modules/crd-creating-aggregated-cluster-roles.adoc
+++ b/modules/crd-creating-aggregated-cluster-roles.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/crds/extending-api-with-crds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="crd-creating-aggregated-cluster-role_{context}"]
 = Creating cluster roles for custom resource definitions
 
diff --git a/modules/crd-creating-crds.adoc b/modules/crd-creating-crds.adoc
index e39db189f15a..aeb57f317cfa 100644
--- a/modules/crd-creating-crds.adoc
+++ b/modules/crd-creating-crds.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/crds/extending-api-with-crds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="crd-creating-custom-resources-definition_{context}"]
 = Creating a custom resource definition
 
@@ -27,7 +27,7 @@ metadata:
   name: crontabs.stable.example.com <2>
 spec:
   group: stable.example.com <3>
-  versions: 
+  versions:
     name: v1 <4>
   scope: Namespaced <5>
   names:
diff --git a/modules/crd-creating-custom-resources-from-file.adoc b/modules/crd-creating-custom-resources-from-file.adoc
index 0b55f960ce33..c0603bfc25dd 100644
--- a/modules/crd-creating-custom-resources-from-file.adoc
+++ b/modules/crd-creating-custom-resources-from-file.adoc
@@ -5,11 +5,11 @@
 // * operators/understanding/crds/crd-managing-resources-from-crds.adoc
 // * operators/understanding/crds/extending-api-with-crds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="crd-creating-custom-resources-from-file_{context}"]
 = Creating custom resources from a file
 
-After a custom resource definitions (CRD) has been added to the cluster, custom resources (CRs) can be created with the CLI from a file using the CR specification.
+After a custom resource definition (CRD) has been added to the cluster, custom resources (CRs) can be created with the CLI from a file using the CR specification.
 
 .Prerequisites
 
diff --git a/modules/crd-inspecting-custom-resources.adoc b/modules/crd-inspecting-custom-resources.adoc
index abae97060767..cb3909a399ce 100644
--- a/modules/crd-inspecting-custom-resources.adoc
+++ b/modules/crd-inspecting-custom-resources.adoc
@@ -5,7 +5,7 @@
 // * operators/understanding/crds/crd-managing-resources-from-crds.adoc
 // * operators/understanding/crds/extending-api-with-crds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="crd-inspecting-custom-resources_{context}"]
 = Inspecting custom resources
 
diff --git a/modules/create-a-containerruntimeconfig-crd.adoc b/modules/create-a-containerruntimeconfig-crd.adoc
index a4715f0cc228..62b112236a91 100644
--- a/modules/create-a-containerruntimeconfig-crd.adoc
+++ b/modules/create-a-containerruntimeconfig-crd.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-a-containerruntimeconfig_{context}"]
 = Creating a ContainerRuntimeConfig CR to edit CRI-O parameters
 
@@ -47,10 +47,9 @@ $ oc get ctrcfg
 ----
 
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 NAME         AGE
-ctr-pid      24m
 ctr-overlay  15m
 ctr-level    5m45s
 ----
@@ -62,7 +61,7 @@ $ oc get mc | grep container
 ----
 
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 ...
 01-master-container-runtime                        b5c5119de007945b6fe6fb215db3b8e2ceb12511   3.2.0             57m
@@ -75,7 +74,7 @@ $ oc get mc | grep container
 ...
 ----
 
-The following example raises the `pids_limit` to 2048, sets the `log_level` to `debug`, sets the overlay size to 8 GB, and sets the `log_size_max` to unlimited:
+The following example sets the `log_level` field to `debug` and sets the overlay size to 8 GB:
 
 .Example `ContainerRuntimeConfig` CR
 [source,yaml]
@@ -89,28 +88,14 @@ spec:
    matchLabels:
      pools.operator.machineconfiguration.openshift.io/worker: '' <1>
  containerRuntimeConfig:
-   pidsLimit: 2048 <2>
-   logLevel: debug <3>
-   overlaySize: 8G <4>
-   logSizeMax: "-1" <5>
-   defaultRuntime: "crun" <6>
+   logLevel: debug <2>
+   overlaySize: 8G <3>
+   defaultRuntime: "crun" <4>
 ----
 <1> Specifies the machine config pool label.
-<2> Optional: Specifies the maximum number of processes allowed in a container.
-<3> Optional: Specifies the level of verbosity for log messages.
-<4> Optional: Specifies the maximum size of a container image.
-<5> Optional: Specifies the maximum size allowed for the container log file. If
-	set to a positive number, it must be at least 8192.
-<6> Optional: Specifies the container runtime to deploy to new containers. The default is `runc`.
-
-.Prerequisite
-
-* To enable crun, you must enable the `TechPreviewNoUpgrade` feature set.
-+
-[NOTE]
-====
-Enabling the `TechPreviewNoUpgrade` feature set cannot be undone and prevents minor version updates. These feature sets are not recommended on production clusters.
-====
+<2> Optional: Specifies the level of verbosity for log messages.
+<3> Optional: Specifies the maximum size of a container image.
+<4> Optional: Specifies the container runtime to deploy to new containers. The default value is `runc`.
 
 .Procedure
 
@@ -129,10 +114,8 @@ spec:
    matchLabels:
      pools.operator.machineconfiguration.openshift.io/worker: '' <1>
  containerRuntimeConfig: <2>
-   pidsLimit: 2048
    logLevel: debug
    overlaySize: 8G
-   logSizeMax: "-1"
 ----
 <1> Specify a label for the machine config pool that you want you want to modify.
 <2> Set the parameters as needed.
@@ -190,12 +173,12 @@ worker  rendered-worker-169  False    True      False     3             1
 
 .. Open an `oc debug` session to a node in the machine config pool and run `chroot /host`.
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc debug node/<node_name>
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 sh-4.4# chroot /host
 ----
@@ -204,15 +187,13 @@ sh-4.4# chroot /host
 +
 [source,terminal]
 ----
-sh-4.4# crio config | egrep 'log_level|pids_limit|log_size_max'
+sh-4.4# crio config | grep 'log_level'
 ----
 +
 .Example output
 +
 [source,terminal]
 ----
-pids_limit = 2048
-log_size_max = -1
 log_level = "debug"
 ----
 
diff --git a/modules/create-a-kubeletconfig-crd-to-edit-kubelet-parameters.adoc b/modules/create-a-kubeletconfig-crd-to-edit-kubelet-parameters.adoc
index 5206bed8c78e..1f5181afe837 100644
--- a/modules/create-a-kubeletconfig-crd-to-edit-kubelet-parameters.adoc
+++ b/modules/create-a-kubeletconfig-crd-to-edit-kubelet-parameters.adoc
@@ -3,7 +3,7 @@
 // * post_installation_configuration/node-tasks.adoc
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-a-kubeletconfig-crd-to-edit-kubelet-parameters_{context}"]
 = Creating a KubeletConfig CRD to edit kubelet parameters
 
@@ -35,7 +35,7 @@ If you have a machine config with a `kubelet-9` suffix, and you create another `
 $ oc get kubeletconfig
 ----
 
-[source, terminal]
+[source,terminal]
 ----
 NAME                AGE
 set-max-pods        15m
@@ -47,7 +47,7 @@ set-max-pods        15m
 $ oc get mc | grep kubelet
 ----
 
-[source, terminal]
+[source,terminal]
 ----
 ...
 99-worker-generated-kubelet-1                  b5c5119de007945b6fe6fb215db3b8e2ceb12511   3.2.0             26m
@@ -136,6 +136,11 @@ Allocatable:
 
 . Set the maximum pods per node on the worker nodes by creating a custom resource file that contains the kubelet configuration:
 +
+[IMPORTANT]
+====
+Kubelet configurations that target a specific machine config pool also affect any dependent pools. For example, creating a kubelet configuration for the pool containing worker nodes will also apply to any subset pools, including the pool containing infrastructure nodes. To avoid this, you must create a new machine config pool with a selection expression that only includes worker nodes, and have your kubelet configuration target this new pool.
+====
++
 [source,yaml]
 ----
 apiVersion: machineconfiguration.openshift.io/v1
@@ -194,7 +199,7 @@ $ oc get kubeletconfig
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 NAME                AGE
 set-max-pods        15m
diff --git a/modules/create-cluster-logging-cli.adoc b/modules/create-cluster-logging-cli.adoc
new file mode 100644
index 000000000000..c743485f16b0
--- /dev/null
+++ b/modules/create-cluster-logging-cli.adoc
@@ -0,0 +1,131 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-deploying.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="create-cluster-logging-cli_{context}"]
+= Creating a ClusterLogging object by using the CLI
+
+This default {logging} configuration supports a wide array of environments. Review the topics on tuning and configuring components for information about modifications you can make.
+
+.Prerequisites
+
+* You have installed the {clo}.
+* You have installed the {es-op} for your log store.
+* You have installed the {oc-first}.
+
+.Procedure
+
+. Create a `ClusterLogging` object as a YAML file:
++
+.Example `ClusterLogging` object
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+  name: instance <1>
+  namespace: openshift-logging
+spec:
+  managementState: Managed <2>
+  logStore:
+    type: elasticsearch <3>
+    retentionPolicy: <4>
+      application:
+        maxAge: 1d
+      infra:
+        maxAge: 7d
+      audit:
+        maxAge: 7d
+    elasticsearch:
+      nodeCount: 3 <5>
+      storage:
+        storageClassName: <storage_class_name> <6>
+        size: 200G
+      resources: <7>
+          limits:
+            memory: 16Gi
+          requests:
+            memory: 16Gi
+      proxy: <8>
+        resources:
+          limits:
+            memory: 256Mi
+          requests:
+            memory: 256Mi
+      redundancyPolicy: SingleRedundancy
+  visualization:
+    type: kibana <9>
+    kibana:
+      replicas: 1
+  collection:
+    type: fluentd <10>
+    fluentd: {}
+----
+<1> The name must be `instance`.
+<2> The OpenShift Logging management state. In some cases, if you change the OpenShift Logging defaults, you must set this to `Unmanaged`.
+However, an unmanaged deployment does not receive updates until OpenShift Logging is placed back into a managed state.
+<3> Settings for configuring Elasticsearch. Using the CR, you can configure shard replication policy and persistent storage.
+<4> Specify the length of time that Elasticsearch should retain each log source. Enter an integer and a time designation: weeks(w), hours(h/H), minutes(m) and seconds(s). For example, `7d` for seven days. Logs older than the `maxAge` are deleted. You must specify a retention policy for each log source or the Elasticsearch indices will not be created for that source.
+<5> Specify the number of Elasticsearch nodes. See the note that follows this list.
+<6> Enter the name of an existing storage class for Elasticsearch storage. For best performance, specify a storage class that allocates block storage. If you do not specify a storage class, OpenShift Logging uses ephemeral storage.
+<7> Specify the CPU and memory requests for Elasticsearch as needed. If you leave these values blank, the OpenShift Elasticsearch Operator sets default values that should be sufficient for most deployments. The default values are `16Gi` for the memory request and `1` for the CPU request.
+<8> Specify the CPU and memory requests for the Elasticsearch proxy as needed. If you leave these values blank, the OpenShift Elasticsearch Operator sets default values that should be sufficient for most deployments. The default values are `256Mi` for the memory request and `100m` for the CPU request.
+<9> Settings for configuring Kibana. Using the CR, you can scale Kibana for redundancy and configure the CPU and memory for your Kibana nodes. For more information, see *Configuring the log visualizer*.
+<10> Settings for configuring Fluentd. Using the CR, you can configure Fluentd CPU and memory limits. For more information, see "Configuring Fluentd".
++
+[NOTE]
++
+====
+The maximum number of Elasticsearch control plane nodes is three. If you specify a `nodeCount` greater than `3`, {product-title} creates three Elasticsearch nodes that are Master-eligible nodes, with the master, client, and data roles. The additional Elasticsearch nodes are created as data-only nodes, using client and data roles. Control plane nodes perform cluster-wide actions such as creating or deleting an index, shard allocation, and tracking nodes. Data nodes hold the shards and perform data-related operations such as CRUD, search, and aggregations. Data-related operations are I/O-, memory-, and CPU-intensive. It is important to monitor these resources and to add more Data nodes if the current nodes are overloaded.
+
+For example, if `nodeCount=4`, the following nodes are created:
+
+[source,terminal]
+----
+$ oc get deployment
+----
+
+.Example output
+[source,terminal]
+----
+NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
+cluster-logging-operator       1/1     1            1           18h
+elasticsearch-cd-x6kdekli-1    1/1     1            1          6m54s
+elasticsearch-cdm-x6kdekli-1   1/1     1            1           18h
+elasticsearch-cdm-x6kdekli-2   1/1     1            1           6m49s
+elasticsearch-cdm-x6kdekli-3   1/1     1            1           6m44s
+----
+
+The number of primary shards for the index templates is equal to the number of Elasticsearch data nodes.
+====
+
+.Verification
+
+You can verify the installation by listing the pods in the `openshift-logging` project.
+
+* List the pods by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n openshift-logging
+----
++
+Observe the pods for components of the {logging}, similar to the following list:
++
+.Example output
+[source,terminal]
+----
+NAME                                            READY   STATUS    RESTARTS   AGE
+cluster-logging-operator-66f77ffccb-ppzbg       1/1     Running   0          7m
+elasticsearch-cdm-ftuhduuw-1-ffc4b9566-q6bhp    2/2     Running   0          2m40s
+elasticsearch-cdm-ftuhduuw-2-7b4994dbfc-rd2gc   2/2     Running   0          2m36s
+elasticsearch-cdm-ftuhduuw-3-84b5ff7ff8-gqnm2   2/2     Running   0          2m4s
+collector-587vb                                   1/1     Running   0          2m26s
+collector-7mpb9                                   1/1     Running   0          2m30s
+collector-flm6j                                   1/1     Running   0          2m33s
+collector-gn4rn                                   1/1     Running   0          2m26s
+collector-nlgb6                                   1/1     Running   0          2m30s
+collector-snpkt                                   1/1     Running   0          2m28s
+kibana-d6d5668c5-rppqm                          2/2     Running   0          2m39s
+----
diff --git a/modules/create-cluster-logging-cr-console.adoc b/modules/create-cluster-logging-cr-console.adoc
new file mode 100644
index 000000000000..efccbc477f57
--- /dev/null
+++ b/modules/create-cluster-logging-cr-console.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * list assemblies
+
+:_mod-docs-content-type: PROCEDURE
+[id="create-cluster-logging-cr-console_{context}"]
+= Creating a ClusterLogging object by using the web console
+
+After you have installed the {logging} Operators, you must create a `ClusterLogging` custom resource to configure log storage, visualization, and the log collector for your cluster.
+
+.Prerequisites
+
+* You have installed the Red Hat OpenShift Logging Operator.
+* You have access to the {product-title} web console *Administrator* perspective.
+
+.Procedure
+
+. Navigate to the *Custom Resource Definitions* page.
+
+. On the *Custom Resource Definitions* page, click *ClusterLogging*.
+
+. On the *Custom Resource Definition details* page, select *View Instances* from the *Actions* menu.
+
+. On the *ClusterLoggings* page, click *Create ClusterLogging*.
+
+. In the *collection* section, select a *Collector Implementation*.
++
+--
+include::snippets/logging-fluentd-dep-snip.adoc[]
+--
+
+. In the *logStore* section, select a type.
++
+--
+include::snippets/logging-elastic-dep-snip.adoc[]
+--
+
+. Click *Create*.
diff --git a/modules/create-lokistack-cr-cli.adoc b/modules/create-lokistack-cr-cli.adoc
new file mode 100644
index 000000000000..dbd08718adad
--- /dev/null
+++ b/modules/create-lokistack-cr-cli.adoc
@@ -0,0 +1,90 @@
+// Module included in the following assemblies:
+//
+// * logging/log_storage/installing-log-storage.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="create-lokistack-cr-cli_{context}"]
+= Creating a LokiStack custom resource by using the CLI
+
+You can create a `LokiStack` custom resource (CR) by using the {oc-first}.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+
+.Procedure
+
+. Create a `LokiStack` CR:
++
+.Example `LokiStack` CR
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki
+  namespace: openshift-logging
+spec:
+  size: 1x.small # <1>
+  storage:
+    schemas:
+    - version: v12
+      effectiveDate: "2022-06-01"
+    secret:
+      name: logging-loki-s3 # <2>
+      type: s3 # <3>
+  storageClassName: <storage_class_name> # <4>
+  tenants:
+    mode: openshift-logging
+----
+<1> Specify the deployment size. In the {logging} 5.8 and later versions, the supported size options for production instances of Loki are `1x.extra-small`, `1x.small`, or `1x.medium`.
+<2> Specify the name of your log store secret.
+<3> Specify the type of your log store secret.
+<4> Specify the name of a storage class for temporary storage. For best performance, specify a storage class that allocates block storage. Available storage classes for your cluster can be listed by using the `oc get storageclasses` command.
+
+. Apply the `LokiStack` CR:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
+
+.Verification
+
+* Verify the installation by listing the pods in the `openshift-logging` project by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc get pods -n openshift-logging
+----
++
+Confirm that you see several pods for components of the {logging}, similar to the following list:
++
+.Example output
+[source,terminal]
+----
+NAME                                           READY   STATUS    RESTARTS   AGE
+cluster-logging-operator-78fddc697-mnl82       1/1     Running   0          14m
+collector-6cglq                                2/2     Running   0          45s
+collector-8r664                                2/2     Running   0          45s
+collector-8z7px                                2/2     Running   0          45s
+collector-pdxl9                                2/2     Running   0          45s
+collector-tc9dx                                2/2     Running   0          45s
+collector-xkd76                                2/2     Running   0          45s
+logging-loki-compactor-0                       1/1     Running   0          8m2s
+logging-loki-distributor-b85b7d9fd-25j9g       1/1     Running   0          8m2s
+logging-loki-distributor-b85b7d9fd-xwjs6       1/1     Running   0          8m2s
+logging-loki-gateway-7bb86fd855-hjhl4          2/2     Running   0          8m2s
+logging-loki-gateway-7bb86fd855-qjtlb          2/2     Running   0          8m2s
+logging-loki-index-gateway-0                   1/1     Running   0          8m2s
+logging-loki-index-gateway-1                   1/1     Running   0          7m29s
+logging-loki-ingester-0                        1/1     Running   0          8m2s
+logging-loki-ingester-1                        1/1     Running   0          6m46s
+logging-loki-querier-f5cf9cb87-9fdjd           1/1     Running   0          8m2s
+logging-loki-querier-f5cf9cb87-fp9v5           1/1     Running   0          8m2s
+logging-loki-query-frontend-58c579fcb7-lfvbc   1/1     Running   0          8m2s
+logging-loki-query-frontend-58c579fcb7-tjf9k   1/1     Running   0          8m2s
+logging-view-plugin-79448d8df6-ckgmx           1/1     Running   0          46s
+----
diff --git a/modules/create-lokistack-cr-console.adoc b/modules/create-lokistack-cr-console.adoc
new file mode 100644
index 000000000000..fc03fe965257
--- /dev/null
+++ b/modules/create-lokistack-cr-console.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * logging/log_storage/installing-log-storage.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="create-lokistack-cr-console_{context}"]
+= Creating a LokiStack custom resource by using the web console
+
+You can create a `LokiStack` custom resource (CR) by using the {product-title} web console.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have access to the {product-title} web console.
+* You installed the {loki-op}.
+
+.Procedure
+
+. Go to the *Operators* -> *Installed Operators* page. Click the *All instances* tab.
+
+. From the *Create new* drop-down list, select *LokiStack*.
+
+. Select *YAML view*, and then use the following template to create a `LokiStack` CR:
++
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki # <1>
+  namespace: openshift-logging
+spec:
+  size: 1x.small # <2>
+  storage:
+    schemas:
+    - version: v12
+      effectiveDate: '2022-06-01'
+    secret:
+      name: logging-loki-s3 # <3>
+      type: s3 # <4>
+  storageClassName: <storage_class_name> # <5>
+  tenants:
+    mode: openshift-logging
+----
+<1> Use the name `logging-loki`.
+<2> Specify the deployment size. In the {logging} 5.8 and later versions, the supported size options for production instances of Loki are `1x.extra-small`, `1x.small`, or `1x.medium`.
+<3> Specify the secret used for your log storage.
+<4> Specify the corresponding storage type.
+<5> Enter the name of a storage class for temporary storage. For best performance, specify a storage class that allocates block storage. Available storage classes for your cluster can be listed by using the `oc get storageclasses` command.
diff --git a/modules/creating-a-custom-ingress-controller.adoc b/modules/creating-a-custom-ingress-controller.adoc
index 9e395c8e60f9..d522177e6855 100644
--- a/modules/creating-a-custom-ingress-controller.adoc
+++ b/modules/creating-a-custom-ingress-controller.adoc
@@ -2,7 +2,7 @@
 //
 // *ingress-controller-dnsmgt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-custom-ingress-controller_{context}"]
 = Creating a custom Ingress Controller with the `Unmanaged` DNS management policy
 
diff --git a/modules/creating-a-machine-pool-cli.adoc b/modules/creating-a-machine-pool-cli.adoc
index 10432a15aaad..c72e899f113e 100644
--- a/modules/creating-a-machine-pool-cli.adoc
+++ b/modules/creating-a-machine-pool-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating_machine_pools_cli_{context}"]
 = Creating a machine pool using the ROSA CLI
 
@@ -27,7 +27,13 @@ $ rosa create machinepool --cluster=<cluster-name> \
                           --labels=<key>=<value>,<key>=<value> \ <4>
                           --taints=<key>=<value>:<effect>,<key>=<value>:<effect> \ <5>
                           --use-spot-instances \ <6>
-                          --spot-max-price=0.5 <7>
+                          --spot-max-price=0.5 \ <7>
+ifdef::openshift-rosa[]
+                          --disk-size=<disk_size> <8>
+                          --availability-zone=<az> <9>
+                          --additional-security-group-ids <sec_group_id> <10>
+
+endif::openshift-rosa[]
 ----
 <1> Specifies the name of the machine pool. Replace `<machine_pool_id>` with the name of your machine pool.
 <2> Specifies the number of compute nodes to provision. If you deployed ROSA using a single availability zone, this defines the number of compute nodes to provision to the machine pool for the zone. If you deployed your cluster using multiple availability zones, this defines the number of compute nodes to provision in total across all zones and the count must be a multiple of 3. The `--replicas` argument is required when autoscaling is not configured.
@@ -36,6 +42,11 @@ $ rosa create machinepool --cluster=<cluster-name> \
 <5> Optional: Defines the taints for the machine pool. Replace `<key>=<value>:<effect>,<key>=<value>:<effect>` with a key, value, and effect for each taint, for example `--taints=key1=value1:NoSchedule,key2=value2:NoExecute`. Available effects include `NoSchedule`, `PreferNoSchedule`, and `NoExecute`.
 <6> Optional: Configures your machine pool to deploy machines as non-guaranteed AWS Spot Instances. For information, see link:https://aws.amazon.com/ec2/spot/[Amazon EC2 Spot Instances] in the AWS documentation. If you select *Use Amazon EC2 Spot Instances* for a machine pool, you cannot disable the option after the machine pool is created.
 <7> Optional: If you have opted to use Spot Instances, you can specify this argument to define a maximum hourly price for a Spot Instance. If this argument is not specified, the on-demand price is used.
+ifdef::openshift-rosa[]
+<8> Optional: Specifies the worker node disk size. The value can be in GB, GiB, TB, or TiB. Replace `<disk_size>` with a numeric value and unit, for example `--disk-size=200GiB`.
+<9> Optional: For Multi-AZ clusters, you can create a machine pool in a Single-AZ of your choice. Replace `<az>` with a Single-AZ.
+<10> Optional: For machine pools in clusters that do not have Red Hat managed VPCs, you can select additional custom security groups to use in your machine pools. You must have already created the security groups and associated them with the VPC that you selected for this cluster. You cannot add or edit security groups after you create the machine pool. For more information, see the requirements for security groups in the "Additional resources" section.
+endif::openshift-rosa[]
 +
 [IMPORTANT]
 ====
@@ -70,6 +81,7 @@ $ rosa create machinepool --cluster=<cluster-name> \
                           --taints=<key>=<value>:<effect>,<key>=<value>:<effect> \ <6>
                           --use-spot-instances \ <7>
                           --spot-max-price=0.5 <8>
+                          --availability-zone=<az> <9>
 ----
 <1> Specifies the name of the machine pool. Replace `<machine_pool_id>` with the name of your machine pool.
 <2> Enables autoscaling in the machine pool to meet the deployment needs.
@@ -79,6 +91,7 @@ $ rosa create machinepool --cluster=<cluster-name> \
 <6> Optional: Defines the taints for the machine pool. Replace `<key>=<value>:<effect>,<key>=<value>:<effect>` with a key, value, and effect for each taint, for example `--taints=key1=value1:NoSchedule,key2=value2:NoExecute`. Available effects include `NoSchedule`, `PreferNoSchedule`, and `NoExecute`.
 <7> Optional: Configures your machine pool to deploy machines as non-guaranteed AWS Spot Instances. For information, see link:https://aws.amazon.com/ec2/spot/[Amazon EC2 Spot Instances] in the AWS documentation. If you select *Use Amazon EC2 Spot Instances* for a machine pool, you cannot disable the option after the machine pool is created.
 <8> Optional: If you have opted to use Spot Instances, you can specify this argument to define a maximum hourly price for a Spot Instance. If this argument is not specified, the on-demand price is used.
+<9> Optional: For Multi-AZ clusters, you can create a machine pool in a Single-AZ of your choice. Replace `<az>` with a Single-AZ.
 +
 [IMPORTANT]
 ====
@@ -101,7 +114,9 @@ I: To view all machine pools, run 'rosa list machinepools -c mycluster'
 
 .Verification
 
-. List the available machine pools in your cluster:
+You can list all machine pools on your cluster or describe individual machine pools.
+
+. List the available machine pools on your cluster:
 +
 [source,terminal]
 ----
@@ -116,4 +131,28 @@ Default        No           3         m5.xlarge
 mymachinepool  Yes          3-6       m5.xlarge      app=db, tier=backend              us-east-1a, us-east-1b, us-east-1c    No
 ----
 
+. Describe the information of a specific machine pool in your cluster:
++
+[source,terminal]
+----
+$ rosa describe machinepool --cluster=<cluster_name> mymachinepool
+----
++
+.Example output
+[source,terminal]
+----
+ID:                         mymachinepool
+Cluster ID:                 27iimopsg1mge0m81l0sqivkne2qu6dr
+Autoscaling:                Yes
+Replicas:                   3-6
+Instance type:              m5.xlarge
+Labels:                     app=db, tier=backend
+Taints:
+Availability zones:         us-east-1a, us-east-1b, us-east-1c
+Subnets:
+Spot instances:             No
+Disk size:                  300 GiB
+Security Group IDs:
+----
+
 . Verify that the machine pool is included in the output and the configuration is as expected.
diff --git a/modules/creating-a-machine-pool-ocm.adoc b/modules/creating-a-machine-pool-ocm.adoc
index c205af14ed4b..3ca01bc41745 100644
--- a/modules/creating-a-machine-pool-ocm.adoc
+++ b/modules/creating-a-machine-pool-ocm.adoc
@@ -4,7 +4,7 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating_machine_pools_ocm_{context}"]
 ifndef::openshift-rosa[]
 = Creating a machine pool
@@ -14,7 +14,7 @@ ifdef::openshift-rosa[]
 endif::openshift-rosa[]
 
 ifndef::openshift-rosa[]
-A default machine pool is created when you install an {product-title} cluster. After installation, you can create additional machine pools for your cluster by using {cluster-manager}.
+A machine pool is created when you install an {product-title} cluster. After installation, you can create additional machine pools for your cluster by using {cluster-manager}.
 endif::openshift-rosa[]
 ifdef::openshift-rosa[]
 You can create additional machine pools for your {product-title} (ROSA) cluster by using {cluster-manager}.
@@ -23,12 +23,12 @@ endif::openshift-rosa[]
 ifndef::openshift-rosa[]
 [IMPORTANT]
 ====
-The compute (also known as worker) node instance types, autoscaling options, and node counts that are available to you depend on your 
+The compute (also known as worker) node instance types, autoscaling options, and node counts that are available depend on your
 ifdef::openshift-rosa[]
-ROSA 
+ROSA
 endif::openshift-rosa[]
 ifndef::openshift-rosa[]
-{product-title} 
+{product-title}
 endif::[]
 subscriptions, resource quotas and deployment scenario. For more information, contact your sales representative or Red Hat support.
 ====
@@ -41,7 +41,7 @@ ifdef::openshift-rosa[]
 endif::openshift-rosa[]
 ifndef::openshift-rosa[]
 * You created an {product-title} cluster.
-endif::[]
+endif::openshift-rosa[]
 
 .Procedure
 
@@ -51,7 +51,7 @@ endif::[]
 
 . Add a *Machine pool name*.
 
-. Select a *Worker node instance type* from the drop-down menu. The instance type defines the vCPU and memory allocation for each compute node in the machine pool.
+. Select a *Compute node instance type* from the drop-down menu. The instance type defines the vCPU and memory allocation for each compute node in the machine pool.
 +
 [NOTE]
 ====
@@ -77,13 +77,20 @@ Alternatively, you can set your autoscaling preferences for the machine pool aft
 ====
 
 . If you did not enable autoscaling, select a compute node count:
-* If you deployed your cluster using a single availability zone, select a *Worker node count* from the drop-down menu. This defines the number of compute nodes to provision to the machine pool for the zone.
-* If you deployed your cluster using multiple availability zones, select a *Worker node count (per zone)* from the drop-down menu. This defines the number of compute nodes to provision to the machine pool per zone.
-
+* If you deployed your cluster using a single availability zone, select a *Compute node count* from the drop-down menu. This defines the number of compute nodes to provision to the machine pool for the zone.
+* If you deployed your cluster using multiple availability zones, select a *Compute node count (per zone)* from the drop-down menu. This defines the number of compute nodes to provision to the machine pool per zone.
+ifdef::openshift-rosa[]
+. Optional: Configure *Root disk size*.
+endif::openshift-rosa[]
 . Optional: Add node labels and taints for your machine pool:
 .. Expand the *Edit node labels and taints* menu.
 .. Under *Node labels*, add *Key* and *Value* entries for your node labels.
 .. Under *Taints*, add *Key* and *Value* entries for your taints.
++
+[NOTE]
+====
+Creating a machine pool with taints is only possible if the cluster already has at least one machine pool without a taint.
+====
 .. For each taint, select an *Effect* from the drop-down menu. Available options include `NoSchedule`, `PreferNoSchedule`, and `NoExecute`.
 +
 [NOTE]
@@ -91,6 +98,10 @@ Alternatively, you can set your autoscaling preferences for the machine pool aft
 Alternatively, you can add the node labels and taints after you create the machine pool.
 ====
 
+ifdef::openshift-rosa,openshift-dedicated[]
+. Optional: Select additional custom security groups to use for nodes in this machine pool. You must have already created the security groups and associated them with the VPC that you selected for this cluster. You cannot add or edit security groups after you create the machine pool. For more information, see the requirements for security groups in the "Additional resources" section.
+endif::openshift-rosa,openshift-dedicated[]
+
 ifdef::openshift-dedicated[]
 . Optional: If you deployed {product-title} on AWS using the Customer Cloud Subscription (CCS) model, use Amazon EC2 Spot Instances if you want to configure your machine pool to deploy machines as non-guaranteed AWS Spot Instances:
 .. Select *Use Amazon EC2 Spot Instances*.
@@ -115,9 +126,9 @@ Your Amazon EC2 Spot Instances might be interrupted at any time. Use Amazon EC2
 ====
 If you select *Use Amazon EC2 Spot Instances* for a machine pool, you cannot disable the option after the machine pool is created.
 ====
-
 . Click *Add machine pool* to create the machine pool.
 
+
 .Verification
 
 * Verify that the machine pool is visible on the *Machine pools* page and the configuration is as expected.
diff --git a/modules/creating-a-machine-pool.adoc b/modules/creating-a-machine-pool.adoc
index aa35f2adedb3..ce830c8ee46d 100644
--- a/modules/creating-a-machine-pool.adoc
+++ b/modules/creating-a-machine-pool.adoc
@@ -2,8 +2,12 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="creating_a_machine_pool_{context}"]
 = Creating a machine pool
 
-A default machine pool is created when you install a {product-title} (ROSA) cluster. After installation, you can create additional machine pools for your cluster by using {cluster-manager} or the ROSA CLI (`rosa`).
+A machine pool is created when you install a {product-title} (ROSA) cluster. After installation, you can create additional machine pools for your cluster by using {cluster-manager} or the ROSA CLI (`rosa`).
+[NOTE]
+====
+For users of ROSA CLI `rosa` version 1.2.25 and earlier versions, the machine pool created along with the cluster is identified as `Default`. For users of ROSA CLI  `rosa` version 1.2.26 and later, the machine pool created along with the cluster is identified as `worker`.
+====
\ No newline at end of file
diff --git a/modules/creating-a-project-using-the-CLI.adoc b/modules/creating-a-project-using-the-CLI.adoc
index edec035d947e..0a669e677ee1 100644
--- a/modules/creating-a-project-using-the-CLI.adoc
+++ b/modules/creating-a-project-using-the-CLI.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-project-using-the-CLI_{context}"]
 = Creating a project using the CLI
 
@@ -13,11 +13,6 @@ If allowed by your cluster administrator, you can create a new project.
 Projects starting with `openshift-` and `kube-` are considered critical by {product-title}. As such, {product-title} does not allow you to create Projects starting with `openshift-` or `kube-` using the `oc new-project` command. Cluster administrators can create these Projects using the `oc adm new-project` command.
 ====
 
-[NOTE]
-====
-You cannot assign an SCC to pods created in one of the default namespaces: `default`, `kube-system`, `kube-public`, `openshift-node`, `openshift-infra`, and `openshift`. You cannot use these namespaces for running pods or services.
-====
-
 .Procedure
 
 * Run:
diff --git a/modules/creating-a-project-using-the-web-console.adoc b/modules/creating-a-project-using-the-web-console.adoc
index e6aa4786edce..68f0b5c66172 100644
--- a/modules/creating-a-project-using-the-web-console.adoc
+++ b/modules/creating-a-project-using-the-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-project-using-the-web-console_{context}"]
 = Creating a project using the web console
 
@@ -13,11 +13,6 @@ If allowed by your cluster administrator, you can create a new project.
 Projects starting with `openshift-` and `kube-` are considered critical by {product-title}. As such, {product-title} does not allow you to create Projects starting with `openshift-` using the web console.
 ====
 
-[NOTE]
-====
-You cannot assign an SCC to pods created in one of the default namespaces: `default`, `kube-system`, `kube-public`, `openshift-node`, `openshift-infra`, and `openshift`. You cannot use these namespaces for running pods or services.
-====
-
 .Procedure
 
 . Navigate to *Home* -> *Projects*.
diff --git a/modules/creating-a-service-account-in-your-project.adoc b/modules/creating-a-service-account-in-your-project.adoc
index 8fa8055bafa0..3b57179135d9 100644
--- a/modules/creating-a-service-account-in-your-project.adoc
+++ b/modules/creating-a-service-account-in-your-project.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-service-account-in-your-project_{context}"]
 = Creating a service account in your project
 
diff --git a/modules/creating-an-example-aws-sdk-container-image.adoc b/modules/creating-an-example-aws-sdk-container-image.adoc
index 0b935539f853..46e9d6586382 100644
--- a/modules/creating-an-example-aws-sdk-container-image.adoc
+++ b/modules/creating-an-example-aws-sdk-container-image.adoc
@@ -2,13 +2,13 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-an-example-aws-sdk-container-image_{context}"]
 = Creating an example AWS SDK container image
 
 The steps in this procedure provide an example method to create a container image that includes an AWS SDK.
 
-The example steps use Podman to create the container image and Quay.io to host the image. For more information about Quay.io, see link:https://docs.quay.io/solution/getting-started.html[Getting Started with Quay.io]. The container image can be used to deploy pods that can run AWS SDK operations. 
+The example steps use Podman to create the container image and Quay.io to host the image. For more information about Quay.io, see link:https://docs.quay.io/solution/getting-started.html[Getting Started with Quay.io]. The container image can be used to deploy pods that can run AWS SDK operations.
 
 [NOTE]
 ====
diff --git a/modules/creating-an-infra-node.adoc b/modules/creating-an-infra-node.adoc
index 397957a500ba..a2f5d887d3df 100644
--- a/modules/creating-an-infra-node.adoc
+++ b/modules/creating-an-infra-node.adoc
@@ -1,8 +1,10 @@
 // Module included in the following assemblies:
 //
 // * post_installation_configuration/cluster-tasks.adoc
+// * machine_management/creating-infrastructure-machinesets.adoc
+// * nodes/nodes/nodes-nodes-creating-infrastructure-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-an-infra-node_{context}"]
 = Creating an infrastructure node
 
@@ -62,10 +64,9 @@ apiVersion: config.openshift.io/v1
 kind: Scheduler
 metadata:
   name: cluster
-...
 spec:
   defaultNodeSelector: topology.kubernetes.io/region=us-east-1 <1>
-...
+# ...
 ----
 <1> This example node selector deploys pods on nodes in the `us-east-1` region by default.
 
diff --git a/modules/creating-cluster-with-aws-kms-key.adoc b/modules/creating-cluster-with-aws-kms-key.adoc
new file mode 100644
index 000000000000..82a34d70694a
--- /dev/null
+++ b/modules/creating-cluster-with-aws-kms-key.adoc
@@ -0,0 +1,170 @@
+// Module included in the following assemblies:
+//
+// * monitoring/enabling-monitoring-for-user-defined-projects.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-cluster-with-aws-kms-key"]
+= Creating a ROSA cluster using a custom AWS KMS key
+
+You can create a {product-title} (ROSA) cluster with a customer-provided KMS key that is used to encrypt either node root volumes, the etcd database, or both. A different KMS key ARN can be provided for each option.
+
+[NOTE]
+====
+{hcp-title} does not automatically configure the `default` storage class to encrypt persistent volumes with the customer-provided KMS key. This is something that can be configured in-cluster after installation.
+====
+
+
+.Procedure
+
+. Create a custom AWS customer-managed KMS key by running the following command:
++
+[source,terminal]
+----
+$ KMS_ARN=$(aws kms create-key --region $AWS_REGION --description 'Custom ROSA Encryption Key' --tags TagKey=red-hat,TagValue=true --query KeyMetadata.Arn --output text)
+----
++
+This command saves the Amazon Resource Name (ARN) output of this custom key for further steps.
++
+[NOTE]
+====
+Customers must provide the `--tags TagKey=red-hat,TagValue=true` argument that is required for a customer KMS key.
+====
+
+
+. Verify the KMS key has been created by running the following command:
++
+[source,terminal]
+----
+$ echo $KMS_ARN
+----
+
+. Set your AWS account ID to an environment variable.
++
+[source,terminal]
+----
+$ AWS_ACCOUNT_ID=<aws_account_id>
+----
+. Add the ARN for the account-wide installer role and operator roles that you created in the preceding step to the `Statement.Principal.AWS` section in the file. In the following example, the ARN for the default `ManagedOpenShift-HCP-ROSA-Installer-Role` role is added:
+
++
+[source,terminal]
+----
+{
+  "Version": "2012-10-17",
+  "Id": "key-rosa-policy-1",
+  "Statement": [
+  {
+              "Sid": "Enable IAM User Permissions",
+              "Effect": "Allow",
+              "Principal": {
+                  "AWS": "arn:aws:iam::${AWS_ACCOUNT_ID}:root"
+              },
+              "Action": "kms:*",
+              "Resource": "*"
+          },
+        {
+              "Sid": "Installer Permissions",
+              "Effect": "Allow",
+              "Principal": {
+                  "AWS": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/ManagedOpenShift-HCP-ROSA-Installer-Role"
+              },
+              "Action": [
+                  "kms:CreateGrant",
+                  "kms:DescribeKey",
+                  "kms:GenerateDataKeyWithoutPlaintext"
+              ],
+              "Resource": "*"
+          },
+          {
+              "Sid": "ROSA KubeControllerManager Permissions",
+              "Effect": "Allow",
+              "Principal": {
+                  "AWS": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/<operator_role_prefix>-kube-system-kube-controller-manager"
+
+              },
+              "Action": "kms:DescribeKey",
+              "Resource": "*"
+          },
+          {
+              "Sid": "ROSA KMS Provider Permissions",
+              "Effect": "Allow",
+              "Principal": {
+                  "AWS": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/<operator_role_prefix>-kube-system-kms-provider"
+              },
+              "Action": [
+                  "kms:Encrypt",
+                  "kms:Decrypt",
+                  "kms:DescribeKey"
+              ],
+              "Resource": "*"
+          },
+          {
+              "Sid": "ROSA NodeManager Permissions",
+              "Effect": "Allow",
+              "Principal": {
+                  "AWS": "arn:aws:iam::${AWS_ACCOUNT_ID}:role/<operator_role_prefix>-kube-system-capa-controller-manager"
+              },
+              "Action": [
+                  "kms:DescribeKey",
+                  "kms:GenerateDataKeyWithoutPlaintext",
+                  "kms:CreateGrant"
+              ],
+              "Resource": "*"
+          }
+      ]
+  } 
+----
+
+. Confirm the details of the policy file created by running the following command:
++
+[source,terminal]
+----
+$ cat rosa-key-policy.json
+----
+
+. Apply the newly generated key policy to the custom KMS key by running the following command:
+
++
+[source,terminal]
+----
+$ aws kms put-key-policy --key-id $KMS_ARN \
+--policy file://rosa-key-policy.json \
+--policy-name default
+----
+
+. Create the cluster by running the following command:
+
++
+[source,terminal]
+----
+$ rosa create cluster --cluster-name <cluster_name> \
+--subnet-ids <private_subnet_id>,<public_subnet_id> \
+--sts \
+--mode auto \
+--machine-cidr 10.0.0.0/16 \
+--compute-machine-type m5.xlarge \
+--hosted-cp \
+--region <aws_region> \
+--oidc-config-id $OIDC_ID \
+--kms-key-arn $KMS_ARN \ <1>
+--etcd-encryption-kms-arn $KMS_ARN \ <2>
+--operator-roles-prefix $OPERATOR_ROLES_PREFIX
+----
+<1> This KMS key ARN is used to encrypt all worker node root volumes. It is not required if only etcd database encryption is needed.
+<2> This KMS key ARN is used to encrypt the etcd database. The etcd database is always encrypted by default with an AES cipher block, but can be encrypted instead with a KMS key. It is not required if only node root volume encryption is needed.
+
+.Verification
+
+You can verify that your KMS key works by using {cluster-manager-url}. 
+
+. Navigate to {cluster-manager-url} and select *Instances*.
+
+. Select your instance.
+
+. Click the *Storage* tab.
+
+. Copy the *KMS key ID*.
+
+. Search and select *Key Management Service*.
+
+. Enter your copied _KMS key ID_ in the *Filter* field.
diff --git a/modules/creating-custom-links.adoc b/modules/creating-custom-links.adoc
index 3636d2e74d4a..4e1e219111f6 100644
--- a/modules/creating-custom-links.adoc
+++ b/modules/creating-custom-links.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-custom-links_{context}"]
 = Creating custom links in the web console
 
diff --git a/modules/creating-custom-seccomp-profile.adoc b/modules/creating-custom-seccomp-profile.adoc
index 68bf177695aa..89ff154f7af8 100644
--- a/modules/creating-custom-seccomp-profile.adoc
+++ b/modules/creating-custom-seccomp-profile.adoc
@@ -2,7 +2,7 @@
 //
 // * security/seccomp-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-custom-seccomp-profile_{context}"]
 = Creating seccomp profiles
 You can use the `MachineConfig` object to create profiles.
diff --git a/modules/creating-ibm-power-vs-workspace-procedure.adoc b/modules/creating-ibm-power-vs-workspace-procedure.adoc
index ef98301347dc..cfde2fa57b53 100644
--- a/modules/creating-ibm-power-vs-workspace-procedure.adoc
+++ b/modules/creating-ibm-power-vs-workspace-procedure.adoc
@@ -1,19 +1,19 @@
 // * installing/installing_ibm_powervs/creating-ibm-power-vs-workspace.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-ibm-power-vs-workspace-procedure_{context}"]
-= Creating an {ibmpowerProductName} Virtual Server workspace
+= Creating an {ibm-power-server-title} workspace
 
-Use the following procedure to create an {ibmpowerProductName} Virtual Server workspace.
+Use the following procedure to create an {ibm-power-server-name} workspace.
 
 .Procedure
 
-. To create an {ibmpowerProductName} Virtual Server workspace, complete step 1 to step 5 from the IBM Cloud documentation for link:https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server[Creating an IBM Power Virtual Server].
+. To create an {ibm-power-server-name} workspace, complete step 1 to step 5 from the {ibm-cloud-name} documentation for link:https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server[Creating an {ibm-power-server-name}].
 
-. After it has finished provisioning, retrieve the 32-character alphanumeric ID of your new workspace by entering the following command:
+. After it has finished provisioning, retrieve the 32-character alphanumeric Globally Unique Identifier (GUID) of your new workspace by entering the following command:
 +
 [source,terminal]
 ----
-$ ibmcloud resource service-instances | grep <workspace name>
+$ ibmcloud resource service-instance <workspace name>
 ----
 +
diff --git a/modules/creating-infra-machines.adoc b/modules/creating-infra-machines.adoc
index b2da9ecaace2..52ad16ada07b 100644
--- a/modules/creating-infra-machines.adoc
+++ b/modules/creating-infra-machines.adoc
@@ -3,12 +3,17 @@
 // * machine_management/creating-infrastructure-machinesets.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-infra-machines_{context}"]
 = Creating a machine config pool for infrastructure machines
 
 If you need infrastructure machines to have dedicated configurations, you must create an infra pool.
 
+[IMPORTANT]
+====
+Creating a custom machine configuration pool overrides default worker pool configurations if they refer to the same file or unit.
+====
+
 .Procedure
 
 . Add a label to the node you want to assign as the infra node with a specific label:
@@ -157,4 +162,4 @@ master   rendered-master-9360fdb895d4c131c7c4bebbae099c90   True      False
 worker   rendered-worker-60e35c2e99f42d976e084fa94da4d0fc   True      False      False      2              2                   2                     0                      91m
 ----
 +
-In this example, a worker node was changed to an infra node. 
+In this example, a worker node was changed to an infra node.
diff --git a/modules/creating-instance-aws-load-balancer-controller.adoc b/modules/creating-instance-aws-load-balancer-controller.adoc
index 3485ac2842c5..8e34d7714c4a 100644
--- a/modules/creating-instance-aws-load-balancer-controller.adoc
+++ b/modules/creating-instance-aws-load-balancer-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-creating-instance-aws-load-balancer-controller_{context}"]
 = Creating an instance of the AWS Load Balancer Controller using AWS Load Balancer Operator
 
@@ -28,7 +28,7 @@ spec:
   additionalResourceTags: <4>
   - key: example.org/security-scope
     value: staging
-  ingressClass: cloud <5>
+  ingressClass: alb <5>
   config:
     replicas: 2 <6>
   enabledAddons: <7>
diff --git a/modules/creating-multiple-ingress-through-single-alb.adoc b/modules/creating-multiple-ingress-through-single-alb.adoc
index 184f75c324f3..704ca60b1773 100644
--- a/modules/creating-multiple-ingress-through-single-alb.adoc
+++ b/modules/creating-multiple-ingress-through-single-alb.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/aws_load_balancer_operator/multiple-ingress-through-single-alb.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-creating-multiple-ingress-through-single-alb_{context}"]
 = Creating multiple ingresses through a single AWS Load Balancer
 
@@ -21,7 +21,7 @@ You can route the traffic to multiple Ingresses through a single AWS Load Balanc
 apiVersion: elbv2.k8s.aws/v1beta1 <1>
 kind: IngressClassParams
 metadata:
-  name: <single-lb-params> <2>
+  name: single-lb-params <2>
 spec:
   group:
     name: single-lb <3>
@@ -37,24 +37,24 @@ spec:
 $ oc create -f sample-single-lb-params.yaml
 ----
 
-. Create an `IngressClass` resource YAML file, for example, `sample-single-lb.yaml`, as follows:
+. Create an `IngressClass` resource YAML file, for example, `sample-single-lb-class.yaml`, as follows:
 +
 [source,yaml]
 ----
 apiVersion: networking.k8s.io/v1 <1>
 kind: IngressClass
 metadata:
-  name: <single-lb> <2>
+  name: single-lb <2>
 spec:
   controller: ingress.k8s.aws/alb <3>
   parameters:
     apiGroup: elbv2.k8s.aws <4>
     kind: IngressClassParams <5>
-    name: single-lb <6>
+    name: single-lb-params <6>
 ----
-<1> Defines the API group and the version of the `IngressClass` resource.
+<1> Defines the API group and version of the `IngressClass` resource.
 <2> Specifies the name of the `IngressClass`.
-<3> Defines the controller name, common for all `IngressClasses`. The `aws-load-balancer-controller` reconciles the controller.
+<3> Defines the controller name. `ingress.k8s.aws/alb` denotes that all Ingresses of this class should be managed by the `aws-load-balancer-controller`.
 <4> Defines the API group of the `IngressClassParams` resource.
 <5> Defines the resource type of the `IngressClassParams` resource.
 <6> Defines the name of the `IngressClassParams` resource.
@@ -63,6 +63,27 @@ spec:
 +
 [source,terminal]
 ----
+$ oc create -f sample-single-lb-class.yaml
+----
+
+. Create an `AWSLoadBalancerController` resource YAML file, for example, `sample-single-lb.yaml`, as follows:
++
+[source,yaml]
+----
+apiVersion: networking.olm.openshift.io/v1
+kind: AWSLoadBalancerController
+metadata:
+  name: cluster
+spec:
+  subnetTagging: Auto
+  ingressClass: single-lb <1>
+----
+<1> Defines the name of the `IngressClass` resource.
+
+. Create an `AWSLoadBalancerController` resource by running the following command:
++
+[source,terminal]
+----
 $ oc create -f sample-single-lb.yaml
 ----
 
@@ -70,70 +91,81 @@ $ oc create -f sample-single-lb.yaml
 +
 [source,yaml]
 ----
-apiVersion: networking.k8s.io/v1 <1>
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: <example-1> <1>
+  name: example-1 <1>
   annotations:
     alb.ingress.kubernetes.io/scheme: internet-facing <2>
     alb.ingress.kubernetes.io/group.order: "1" <3>
+    alb.ingress.kubernetes.io/target-type: instance <4>
 spec:
-  ingressClass: alb <4>
+  ingressClassName: single-lb <5>
   rules:
-  - host: example.com <5>
+  - host: example.com <6>
     http:
         paths:
-        - path: /blog <6>
+        - path: /blog <7>
+          pathType: Prefix
           backend:
             service:
-              name: <example-1> <7>
+              name: example-1 <8>
               port:
-                number: 80 <8>
+                number: 80 <9>
+---
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: <example-2>
+  name: example-2
   annotations:
     alb.ingress.kubernetes.io/scheme: internet-facing
     alb.ingress.kubernetes.io/group.order: "2"
+    alb.ingress.kubernetes.io/target-type: instance
 spec:
-  ingressClass: alb
+  ingressClassName: single-lb
   rules:
   - host: example.com
     http:
         paths:
         - path: /store
+          pathType: Prefix
           backend:
             service:
-              name: <example-2>
+              name: example-2
               port:
                 number: 80
+---
+apiVersion: networking.k8s.io/v1
 kind: Ingress
-  metadata:
-  name: <example-3>
+metadata:
+  name: example-3
   annotations:
     alb.ingress.kubernetes.io/scheme: internet-facing
     alb.ingress.kubernetes.io/group.order: "3"
+    alb.ingress.kubernetes.io/target-type: instance
 spec:
-  ingressClass: alb
+  ingressClassName: single-lb
   rules:
   - host: example.com
     http:
         paths:
         - path: /
+          pathType: Prefix
           backend:
             service:
-              name: <example-3>
+              name: example-3
               port:
                 number: 80
 ----
 <1> Specifies the name of an ingress.
 <2> Indicates the load balancer to provision in the public subnet and makes it accessible over the internet.
 <3> Specifies the order in which the rules from the Ingresses are matched when the request is received at the load balancer.
-<4> Specifies the Ingress Class that belongs to this ingress.
-<5> Defines the name of a domain used for request routing.
-<6> Defines the path that must route to the service.
-<7> Defines the name of the service that serves the endpoint configured in the ingress.
-<8> Defines the port on the service that serves the endpoint.
+<4> Indicates the load balancer will target OpenShift nodes to reach the service.
+<5> Specifies the Ingress Class that belongs to this ingress.
+<6> Defines the name of a domain used for request routing.
+<7> Defines the path that must route to the service.
+<8> Defines the name of the service that serves the endpoint configured in the ingress.
+<9> Defines the port on the service that serves the endpoint.
 
 . Create the `Ingress` resources by running the following command:
 +
diff --git a/modules/creating-new-osdk-v0-1-0-project.adoc b/modules/creating-new-osdk-v0-1-0-project.adoc
index 20af6c50aada..dd0f192caf5b 100644
--- a/modules/creating-new-osdk-v0-1-0-project.adoc
+++ b/modules/creating-new-osdk-v0-1-0-project.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-new-operator-sdk-v0-1-0-project_{context}"]
 = Creating a new Operator SDK v0.1.0 project
 
@@ -19,6 +19,7 @@ Operator SDK
 
 . Ensure the SDK version is v0.1.0:
 +
+[source,terminal]
 ----
 $ operator-sdk --version
 operator-sdk version 0.1.0
@@ -26,6 +27,7 @@ operator-sdk version 0.1.0
 
 . Create a new project:
 +
+[source,terminal]
 ----
 $ mkdir -p $GOPATH/src/github.com/example-inc/
 $ cd $GOPATH/src/github.com/example-inc/
@@ -35,8 +37,9 @@ $ ls
 memcached-operator old-memcached-operator
 ----
 
-. Copy over `.git` from old project:
+. Copy `.git` from the old project:
 +
+[source,terminal]
 ----
 $ cp -rf old-memcached-operator/.git memcached-operator/.git
 ----
diff --git a/modules/creating-rolling-deployments-CLI.adoc b/modules/creating-rolling-deployments-CLI.adoc
index ae99abf954de..1f11a1f3897f 100644
--- a/modules/creating-rolling-deployments-CLI.adoc
+++ b/modules/creating-rolling-deployments-CLI.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-creating-rolling-deployment_{context}"]
 = Creating a rolling deployment
 
diff --git a/modules/creating-runtimeclass.adoc b/modules/creating-runtimeclass.adoc
index a16d6f4a6ed9..8178fb83d172 100644
--- a/modules/creating-runtimeclass.adoc
+++ b/modules/creating-runtimeclass.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/scheduling-windows-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-runtimeclass_{context}"]
 = Creating a RuntimeClass object to encapsulate scheduling mechanisms
 
@@ -18,7 +18,7 @@ apiVersion: node.k8s.io/v1beta1
 kind: RuntimeClass
 metadata:
   name: <runtime_class_name> <1>
-handler: 'runhcs-wcow-process' 
+handler: 'runhcs-wcow-process'
 scheduling:
   nodeSelector: <2>
     kubernetes.io/os: 'windows'
diff --git a/modules/creating-serverless-apps-admin-console.adoc b/modules/creating-serverless-apps-admin-console.adoc
index 1c8b8d5ddcf9..df3df6353788 100644
--- a/modules/creating-serverless-apps-admin-console.adoc
+++ b/modules/creating-serverless-apps-admin-console.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/admin_guide/serverless-cluster-admin-serving.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-serverless-apps-admin-console_{context}"]
 = Creating serverless applications using the Administrator perspective
 
diff --git a/modules/creating-serverless-apps-kn.adoc b/modules/creating-serverless-apps-kn.adoc
index d43d64d8725f..6c9adfc208d8 100644
--- a/modules/creating-serverless-apps-kn.adoc
+++ b/modules/creating-serverless-apps-kn.adoc
@@ -3,7 +3,7 @@
 // * serverless/develop/serverless-applications.adoc
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-serverless-apps-kn_{context}"]
 = Creating serverless applications by using the Knative CLI
 
diff --git a/modules/creating-serverless-apps-yaml.adoc b/modules/creating-serverless-apps-yaml.adoc
index 874b60304db7..15ce3e7dfa06 100644
--- a/modules/creating-serverless-apps-yaml.adoc
+++ b/modules/creating-serverless-apps-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-serverless-apps-yaml_{context}"]
 = Creating serverless applications using YAML
 
diff --git a/modules/creating-the-vsphere-windows-vm-golden-image.adoc b/modules/creating-the-vsphere-windows-vm-golden-image.adoc
index 1dd90a54be73..25f4412d8018 100644
--- a/modules/creating-the-vsphere-windows-vm-golden-image.adoc
+++ b/modules/creating-the-vsphere-windows-vm-golden-image.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-the-vsphere-windows-vm-golden-image_{context}"]
 = Creating the vSphere Windows VM golden image
 
@@ -64,7 +64,7 @@ PS C:\> Get-Service -Name VMTools | Select Status, StartType
 [IMPORTANT]
 ====
 The public key used in the instructions must correspond to the private key you create later in the WMCO namespace that holds your secret. See the "Configuring a secret for the Windows Machine Config Operator" section for more details.
-==== 
+====
 
 . You must create a new firewall rule in the Windows VM that allows incoming connections for container logs. Run the following PowerShell command to create the firewall rule on TCP port 10250:
 +
diff --git a/modules/csr-management.adoc b/modules/csr-management.adoc
index c3e8fa33d704..aaac53e14d98 100644
--- a/modules/csr-management.adoc
+++ b/modules/csr-management.adoc
@@ -17,14 +17,13 @@
 // installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// installing/installing_vsphere/installing-vsphere.adoc
 // machine_management/adding-rhel-compute.adoc
 // machine_management/more-rhel-compute.adoc
 // post_installation_configuration/node-tasks.adoc
+// installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="csr-management_{context}"]
 = Certificate signing requests management
 
diff --git a/modules/custom-tuning-specification.adoc b/modules/custom-tuning-specification.adoc
index 463a83e74a32..4fd6c6f0edd5 100644
--- a/modules/custom-tuning-specification.adoc
+++ b/modules/custom-tuning-specification.adoc
@@ -134,23 +134,21 @@ ifdef::rosa-hcp-tuning[]
   "recommend": [
     {
       "profile": <tuned_profile_name>, <1>
-      "priority": <priority>, <2>
-      "machineConfigLabels": { <Key_Pair_for_MachineConfig> <3>
+      "priority":{ <priority>, <2>
       },
-      "match": [ <4>
+      "match": [ <3>
         {
-          "label": <label_information> <5>
+          "label": <label_information> <4>
         },
       ]
     },
   ]
 }
 ----
-<1> Profile ordering priority. Lower numbers mean higher priority (`0` is the highest priority).
-<2> A TuneD profile to apply on a match. For example `tuned_profile_1`.
-<3> Optional: A dictionary of key-value pairs `MachineConfig` labels. The keys must be unique.
-<4> If omitted, profile match is assumed unless a profile with a higher priority matches first or `machineConfigLabels` is set.
-<5> The label for the profile matched items.
+<1> A TuneD profile to apply on a match. For example `tuned_profile_1`.
+<2> Profile ordering priority. Lower numbers mean higher priority (`0` is the highest priority).
+<3> If omitted, profile match is assumed unless a profile with a higher priority matches first.
+<4> The label for the profile matched items.
 endif::[]
 
 `<match>` is an optional list recursively defined as follows:
@@ -181,6 +179,7 @@ ifdef::rosa-hcp-tuning[]
 endif::[]
 
 If `<match>` is not omitted, all nested `<match>` sections must also evaluate to `true`. Otherwise, `false` is assumed and the profile with the respective `<match>` section will not be applied or recommended. Therefore, the nesting (child `<match>` sections) works as logical AND operator. Conversely, if any item of the `<match>` list matches, the entire `<match>` list evaluates to `true`. Therefore, the list acts as logical OR operator.
+ifndef::rosa-hcp-tuning[]
 
 If `machineConfigLabels` is defined, machine config pool based matching is turned on for the given `recommend:` list item. `<mcLabels>` specifies the labels for a machine config. The machine config is created automatically to apply host settings, such as kernel boot parameters, for the profile `<tuned_profile_name>`. This involves finding all machine config pools with machine config selector matching `<mcLabels>` and setting the profile `<tuned_profile_name>` on all nodes that are assigned the found machine config pools. To target nodes that have both master and worker roles, you must use the master role.
 
@@ -190,8 +189,8 @@ The list items `match` and `machineConfigLabels` are connected by the logical OR
 ====
 When using machine config pool based matching, it is advised to group nodes with the same hardware configuration into the same machine config pool. Not following this practice might result in TuneD operands calculating conflicting kernel parameters for two or more nodes sharing the same machine config pool.
 ====
-
-.Example: node or pod label based matching
+endif::rosa-hcp-tuning[]
+.Example: Node or pod label based matching
 
 ifndef::rosa-hcp-tuning[]
 [source,yaml]
@@ -263,8 +262,8 @@ Finally, the profile `openshift-node` has the lowest priority of `30`. It lacks
 
 image::node-tuning-operator-workflow-revised.png[Decision workflow]
 
-.Example: machine config pool based matching
 ifndef::rosa-hcp-tuning[]
+.Example: Machine config pool based matching
 [source,yaml]
 ----
 apiVersion: tuned.openshift.io/v1
@@ -290,6 +289,7 @@ spec:
 ----
 endif::rosa-hcp-tuning[]
 ifdef::rosa-hcp-tuning[]
+.Example: Machine pool based matching
 [source,JSON]
 ----
 {
@@ -308,9 +308,6 @@ ifdef::rosa-hcp-tuning[]
     ],
     "recommend": [
       {
-        "machineConfigLabels": {
-          "machineconfiguration.openshift.io/role": "worker-custom"
-        },
         "priority": 20,
         "profile": "openshift-node-custom"
       }
@@ -320,8 +317,9 @@ ifdef::rosa-hcp-tuning[]
 ----
 endif::[]
 
+ifndef::rosa-hcp-tuning[]
 To minimize node reboots, label the target nodes with a label the machine config pool's node selector will match, then create the Tuned CR above and finally create the custom machine config pool itself.
-
+endif::rosa-hcp-tuning[]
 // $ oc label node <node> node-role.kubernetes.io/worker-custom=
 // $ oc create -f <tuned-cr-above>
 // $ oc create -f- <<EOF
@@ -342,7 +340,13 @@ To minimize node reboots, label the target nodes with a label the machine config
 
 *Cloud provider-specific TuneD profiles*
 
-With this functionality, all Cloud provider-specific nodes can conveniently be assigned a TuneD profile specifically tailored to a given Cloud provider on a {product-title} cluster. This can be accomplished without adding additional node labels or grouping nodes into machine config pools.
+With this functionality, all Cloud provider-specific nodes can conveniently be assigned a TuneD profile specifically tailored to a given Cloud provider on a {product-title} cluster. This can be accomplished without adding additional node labels or grouping nodes into
+ifndef::rosa-hcp-tuning[]
+machine config pools.
+endif::rosa-hcp-tuning[]
+ifdef::rosa-hcp-tuning[]
+machine pools.
+endif::rosa-hcp-tuning[]
 
 This functionality takes advantage of `spec.providerID` node object values in the form of `<cloud-provider>://<cloud-provider-specific-id>` and writes the file `/var/lib/tuned/provider` with the value `<cloud-provider>` in NTO operand containers.  The content of this file is then used by TuneD to load `provider-<cloud-provider>` profile if such profile exists.
 
diff --git a/modules/customize-certificates-add-service-serving-apiservice.adoc b/modules/customize-certificates-add-service-serving-apiservice.adoc
index 5be455b0eac7..f5264a422aba 100644
--- a/modules/customize-certificates-add-service-serving-apiservice.adoc
+++ b/modules/customize-certificates-add-service-serving-apiservice.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-service-certificate-apiservice_{context}"]
 = Add the service CA bundle to an API service
 
diff --git a/modules/customize-certificates-add-service-serving-configmap.adoc b/modules/customize-certificates-add-service-serving-configmap.adoc
index 8fd6008e56e3..c6793d15ddea 100644
--- a/modules/customize-certificates-add-service-serving-configmap.adoc
+++ b/modules/customize-certificates-add-service-serving-configmap.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-service-certificate-configmap_{context}"]
 = Add the service CA bundle to a config map
 
diff --git a/modules/customize-certificates-add-service-serving-crd.adoc b/modules/customize-certificates-add-service-serving-crd.adoc
index 0414151a5aad..8eac8f2b59f7 100644
--- a/modules/customize-certificates-add-service-serving-crd.adoc
+++ b/modules/customize-certificates-add-service-serving-crd.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-service-certificate-crd_{context}"]
 = Add the service CA bundle to a custom resource definition
 
diff --git a/modules/customize-certificates-add-service-serving-mutating-webhook.adoc b/modules/customize-certificates-add-service-serving-mutating-webhook.adoc
index 284eda698829..77160e4a44da 100644
--- a/modules/customize-certificates-add-service-serving-mutating-webhook.adoc
+++ b/modules/customize-certificates-add-service-serving-mutating-webhook.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-service-certificate-mutating-webhook_{context}"]
 = Add the service CA bundle to a mutating webhook configuration
 
diff --git a/modules/customize-certificates-add-service-serving-validating-webhook.adoc b/modules/customize-certificates-add-service-serving-validating-webhook.adoc
index 2cbc9e8c278d..8897c78e2527 100644
--- a/modules/customize-certificates-add-service-serving-validating-webhook.adoc
+++ b/modules/customize-certificates-add-service-serving-validating-webhook.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-service-certificate-validating-webhook_{context}"]
 = Add the service CA bundle to a validating webhook configuration
 
diff --git a/modules/customize-certificates-add-service-serving.adoc b/modules/customize-certificates-add-service-serving.adoc
index 346faa2a2949..3cb4d86fb9be 100644
--- a/modules/customize-certificates-add-service-serving.adoc
+++ b/modules/customize-certificates-add-service-serving.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-service-certificate_{context}"]
 = Add a service certificate
 
diff --git a/modules/customize-certificates-api-add-named.adoc b/modules/customize-certificates-api-add-named.adoc
index 740ff7c7eaf8..3984d11e721d 100644
--- a/modules/customize-certificates-api-add-named.adoc
+++ b/modules/customize-certificates-api-add-named.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/api-server.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="customize-certificates-api-add-named_{context}"]
 = Add an API server named certificate
 
diff --git a/modules/customize-certificates-manually-rotate-service-ca.adoc b/modules/customize-certificates-manually-rotate-service-ca.adoc
index 9c5a0161ea5b..c8535729a94c 100644
--- a/modules/customize-certificates-manually-rotate-service-ca.adoc
+++ b/modules/customize-certificates-manually-rotate-service-ca.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/certificates/service-signing-certificates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-rotate-service-ca_{context}"]
 = Manually rotate the service CA certificate
 
diff --git a/modules/customize-certificates-replace-default-router.adoc b/modules/customize-certificates-replace-default-router.adoc
index 85672192b088..c06e51e472a7 100644
--- a/modules/customize-certificates-replace-default-router.adoc
+++ b/modules/customize-certificates-replace-default-router.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/replacing-default-ingress-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="replacing-default-ingress_{context}"]
 = Replacing the default ingress certificate
 
diff --git a/modules/customize-certificates-rotate-service-serving.adoc b/modules/customize-certificates-rotate-service-serving.adoc
index e79214866e98..a88991e91211 100644
--- a/modules/customize-certificates-rotate-service-serving.adoc
+++ b/modules/customize-certificates-rotate-service-serving.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rotate-service-serving_{context}"]
 = Manually rotate the generated service certificate
 
diff --git a/modules/customize-certificates-understanding-default-router.adoc b/modules/customize-certificates-understanding-default-router.adoc
index 2ac5764f66b5..d418726a478b 100644
--- a/modules/customize-certificates-understanding-default-router.adoc
+++ b/modules/customize-certificates-understanding-default-router.adoc
@@ -2,7 +2,7 @@
 //
 // security/certificates/replacing-default-ingress-certificate.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-default-ingress_{context}"]
 = Understanding the default ingress certificate
 
diff --git a/modules/customize-certificates-understanding-service-serving.adoc b/modules/customize-certificates-understanding-service-serving.adoc
index 990857d97dc7..df6a2ee63bd3 100644
--- a/modules/customize-certificates-understanding-service-serving.adoc
+++ b/modules/customize-certificates-understanding-service-serving.adoc
@@ -2,7 +2,7 @@
 //
 // * security/certificates/service-serving-certificate.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-service-serving_{context}"]
 = Understanding service serving certificates
 
diff --git a/modules/customizing-cli-downloads.adoc b/modules/customizing-cli-downloads.adoc
index 4511b2322a48..2f568df248be 100644
--- a/modules/customizing-cli-downloads.adoc
+++ b/modules/customizing-cli-downloads.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-custom-CLI-downloads_{context}"]
 = Customizing CLI downloads
 
@@ -27,18 +27,18 @@ the packages.
 apiVersion: console.openshift.io/v1
 kind: ConsoleCLIDownload
 metadata:
-  name: example-cli-download-links-for-foo
+  name: example-cli-download-links
 spec:
   description: |
-    This is an example of download links for foo
-  displayName: example-foo
+    This is an example of download links
+  displayName: example
   links:
-  - href: 'https://www.example.com/public/foo.tar'
-    text: foo for linux
-  - href: 'https://www.example.com/public/foo.mac.zip'
-    text: foo for mac
-  - href: 'https://www.example.com/public/foo.win.zip'
-    text: foo for windows
+  - href: 'https://www.example.com/public/example.tar'
+    text: example for linux
+  - href: 'https://www.example.com/public/example.mac.zip'
+    text: example for mac
+  - href: 'https://www.example.com/public/example.win.zip'
+    text: example for windows
 ----
 
 . Click the *Save* button.
diff --git a/modules/customizing-project-request-message.adoc b/modules/customizing-project-request-message.adoc
index 67a5cb425afa..a8fcfa75e53f 100644
--- a/modules/customizing-project-request-message.adoc
+++ b/modules/customizing-project-request-message.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/projects/configuring-project-creation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="customizing-project-request-message_{context}"]
 = Customizing the project request message
 
diff --git a/modules/customizing-the-jenkins-image-stream-tag.adoc b/modules/customizing-the-jenkins-image-stream-tag.adoc
index 18e44e51c516..6723c547295e 100644
--- a/modules/customizing-the-jenkins-image-stream-tag.adoc
+++ b/modules/customizing-the-jenkins-image-stream-tag.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * cicd/jenkins/important-changes-to-openshift-jenkins-images.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="customizing-the-jenkins-image-stream-tag_{context}"]
 = Customizing the Jenkins image stream tag
@@ -23,7 +23,7 @@ To override the current upgrade value for existing deployments, change the value
 
 .Prerequisites
 
-* You are running OpenShift Jenkins on {product-title} 4.13.
+* You are running OpenShift Jenkins on {product-title} {product-version}.
 * You know the namespace where OpenShift Jenkins is deployed.
 
 .Procedure
diff --git a/modules/customizing-the-login-page.adoc b/modules/customizing-the-login-page.adoc
index ec9889b4e7c3..eeedf4983dfb 100644
--- a/modules/customizing-the-login-page.adoc
+++ b/modules/customizing-the-login-page.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="customizing-the-login-page_{context}"]
 = Customizing the login page
 
@@ -68,6 +68,11 @@ $ oc edit oauths cluster
 +
 [source,yaml]
 ----
+apiVersion: config.openshift.io/v1
+kind: OAuth
+metadata:
+  name: cluster
+# ...
 spec:
   templates:
     error:
diff --git a/modules/customizing-the-web-console-URL.adoc b/modules/customizing-the-web-console-URL.adoc
index aada0fac09c4..0fc9f7bf9ff0 100644
--- a/modules/customizing-the-web-console-URL.adoc
+++ b/modules/customizing-the-web-console-URL.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="customizing-the-web-console-url_{context}"]
 = Customizing console routes
 
diff --git a/modules/debug-nodes-hcp.adoc b/modules/debug-nodes-hcp.adoc
new file mode 100644
index 000000000000..468bcb35320b
--- /dev/null
+++ b/modules/debug-nodes-hcp.adoc
@@ -0,0 +1,109 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="debug-nodes-hcp_{context}"]
+= Checking why worker nodes did not join the hosted cluster
+
+If your control plane API endpoint is available, but worker nodes did not join the hosted cluster on AWS, you can debug worker node issues. To troubleshoot why worker nodes did not join the hosted cluster on AWS, you can check the following information.
+
+:FeatureName: Hosted control planes on AWS
+include::snippets/technology-preview.adoc[]
+
+.Prerequisites
+
+* You have link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[configured the hosting cluster on AWS].
+* Your control plane API endpoint is available.
+
+.Procedure
+
+. Address any error messages in the status of the `HostedCluster` and `NodePool` resources:
+
+.. Check the status of the `HostedCluster` resource by running the following command:
++
+[source,terminal]
+----
+$ oc get hc -n <hosted_cluster_namespace> <hosted_cluster_name> -o jsonpath='{.status}'
+----
+
+.. Check the status of the `NodePool` resource by running the following command:
++
+[source,terminal]
+----
+$ oc get hc -n <hosted_cluster_namespace> <hosted_cluster_name> -o jsonpath='{.status}'
+----
++
+If you did not find any error messages in the status of the `HostedCluster` and `NodePool` resources, proceed to the next step.
+
+. Check if your worker machines are created by running the following commands, replacing values as necessary:
++
+[source,terminal]
+----
+$ HC_NAMESPACE="clusters"
+$ HC_NAME="cluster_name"
+$ CONTROL_PLANE_NAMESPACE="${HC_NAMESPACE}-${HC_NAME}"
+$ oc get machines.cluster.x-k8s.io -n $CONTROL_PLANE_NAMESPACE
+$ oc get awsmachines -n $CONTROL_PLANE_NAMESPACE
+----
+
+. If worker machines do not exist, check if the `machinedeployment` and `machineset` resources are created by running the following commands:
++
+[source,terminal]
+----
+$ oc get machinedeployment -n $CONTROL_PLANE_NAMESPACE
+$ oc get machineset -n $CONTROL_PLANE_NAMESPACE
+----
+
+. If the `machinedeployment` and `machineset` resources do not exist, check logs of the HyperShift Operator by running the following command:
++
+[source,terminal]
+----
+$ oc logs deployment/operator -n hypershift
+----
+
+. If worker machines exist but are not provisioned in the hosted cluster, check the log of the cluster API provider by running the following command:
++
+[source,terminal]
+----
+$ oc logs deployment/capi-provider -c manager -n $CONTROL_PLANE_NAMESPACE
+----
+
+. If worker machines exist and are provisioned in the cluster, ensure that machines are initialized through Ignition successfully by checking the system console logs. Check the system console logs of every machine by using the `console-logs` utility by running the following command:
++
+[source,terminal]
+----
+$ ./bin/hypershift console-logs aws --name $HC_NAME --aws-creds ~/.aws/credentials --output-dir /tmp/console-logs
+----
++
+You can access the system console logs in the `/tmp/console-logs` directory. The control plane exposes the Ignition endpoint. If you see an error related to the Ignition endpoint, then the Ignition endpoint is not accessible from the worker nodes through `https`.
+
+. If worker machines are provisioned and initialized through Ignition successfully, you can extract and access the journal logs of every worker machine by creating a bastion machine. A bastion machine allows you to access worker machines by using SSH.
+
+.. Create a bastion machine by running the following command:
++
+[source,terminal]
+----
+$ ./bin/hypershift create bastion aws --aws-creds ~/.aws/credentials --name $CLUSTER_NAME --ssh-key-file /tmp/ssh/id_rsa.pub
+----
+
+.. Optional: If you used the `--generate-ssh` flag when creating the cluster, you can extract the public and private key for the cluster by running the following commands:
++
+[souce,terminal]
+----
+$ mkdir /tmp/ssh
+$ oc get secret -n clusters ${HC_NAME}-ssh-key -o jsonpath='{ .data.id_rsa }' | base64 -d > /tmp/ssh/id_rsa
+$ oc get secret -n clusters ${HC_NAME}-ssh-key -o jsonpath='{ .data.id_rsa\.pub }' | base64 -d > /tmp/ssh/id_rsa.pub
+----
+
+.. Extract journal logs from the every worker machine by running the following commands:
++
+[source,terminal]
+----
+$ mkdir /tmp/journals
+$ INFRAID="$(oc get hc -n clusters $CLUSTER_NAME -o jsonpath='{ .spec.infraID }')"
+$ SSH_PRIVATE_KEY=/tmp/ssh/id_rsa
+$ ./test/e2e/util/dump/copy-machine-journals.sh /tmp/journals
+----
++
+You must place journal logs in the `/tmp/journals` directory in a compressed format. Check for the error that indicates why kubelet did not join the cluster.
\ No newline at end of file
diff --git a/modules/dedicated-aws-dc-existing.adoc b/modules/dedicated-aws-dc-existing.adoc
index 878293949393..24f7845df05d 100644
--- a/modules/dedicated-aws-dc-existing.adoc
+++ b/modules/dedicated-aws-dc-existing.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-dc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-dc-existing"]
 = Connecting to an existing Direct Connect Gateway
 
diff --git a/modules/dedicated-aws-dc-hvif.adoc b/modules/dedicated-aws-dc-hvif.adoc
index a57b2273b2fa..1f41e8c36c50 100644
--- a/modules/dedicated-aws-dc-hvif.adoc
+++ b/modules/dedicated-aws-dc-hvif.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-dc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-dc-hvif"]
 = Creating the hosted Virtual Interface
 
diff --git a/modules/dedicated-aws-vpc-accepting-peering.adoc b/modules/dedicated-aws-vpc-accepting-peering.adoc
index d6fc3a90f00c..d5e6845e0e2a 100644
--- a/modules/dedicated-aws-vpc-accepting-peering.adoc
+++ b/modules/dedicated-aws-vpc-accepting-peering.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-vpc-accepting-peering"]
 = Accepting the VPC peer request
 
diff --git a/modules/dedicated-aws-vpc-configuring-routing-tables.adoc b/modules/dedicated-aws-vpc-configuring-routing-tables.adoc
index 13f250517ddf..69662421f0d0 100644
--- a/modules/dedicated-aws-vpc-configuring-routing-tables.adoc
+++ b/modules/dedicated-aws-vpc-configuring-routing-tables.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-vpc-configuring-routing-tables"]
 = Configuring the routing tables
 
diff --git a/modules/dedicated-aws-vpc-initiating-peering.adoc b/modules/dedicated-aws-vpc-initiating-peering.adoc
index 1ba72f76680c..638e85c297d3 100644
--- a/modules/dedicated-aws-vpc-initiating-peering.adoc
+++ b/modules/dedicated-aws-vpc-initiating-peering.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-vpc-initiating-peering"]
 = Initiating the VPC peer request
 
diff --git a/modules/dedicated-aws-vpc-verifying-troubleshooting.adoc b/modules/dedicated-aws-vpc-verifying-troubleshooting.adoc
index 85f30e1b9b85..3da569f90618 100644
--- a/modules/dedicated-aws-vpc-verifying-troubleshooting.adoc
+++ b/modules/dedicated-aws-vpc-verifying-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-vpc-verifying-troubleshooting"]
 = Verifying and troubleshooting VPC peering
 
diff --git a/modules/dedicated-aws-vpn-creating.adoc b/modules/dedicated-aws-vpn-creating.adoc
index ed6974d85835..6f7092307042 100644
--- a/modules/dedicated-aws-vpn-creating.adoc
+++ b/modules/dedicated-aws-vpn-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-vpn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-vpn-creating"]
 = Creating a VPN connection
 
diff --git a/modules/dedicated-aws-vpn-verifying.adoc b/modules/dedicated-aws-vpn-verifying.adoc
index d0a766715fea..0e798d0352ca 100644
--- a/modules/dedicated-aws-vpn-verifying.adoc
+++ b/modules/dedicated-aws-vpn-verifying.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-vpn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dedicated-aws-vpn-verifying"]
 = Verifying the VPN connection
 
diff --git a/modules/dedicated-configuring-your-application-routes.adoc b/modules/dedicated-configuring-your-application-routes.adoc
index 2620204b24ed..72bf3725d16f 100644
--- a/modules/dedicated-configuring-your-application-routes.adoc
+++ b/modules/dedicated-configuring-your-application-routes.adoc
@@ -5,7 +5,7 @@
 [id="dedicated-configuring-your-application-routes_{context}"]
 = Configuring your application routes
 
-When your cluster is provisioned, an AWS elastic load balancer (ELB) is created
+When your cluster is provisioned, an Elastic Load Balancing (ELB) load balancer is created
 to route application traffic into the cluster. The domain for your ELB is configured to route application traffic via
 `http(s)://*.<cluster-id>.<shard-id>.p1.openshiftapps.com`. The `<shard-id>` is a
 random four-character string assigned to your cluster at creation time.
diff --git a/modules/dedicated-exposing-TCP-services.adoc b/modules/dedicated-exposing-TCP-services.adoc
index f5dcb989cca5..d514d1d68221 100644
--- a/modules/dedicated-exposing-TCP-services.adoc
+++ b/modules/dedicated-exposing-TCP-services.adoc
@@ -8,7 +8,7 @@
 {product-title} routes expose applications by proxying traffic through
 HTTP/HTTPS(SNI)/TLS(SNI) to pods and services. A
 link:https://kubernetes.io/docs/concepts/services-networking/#loadbalancer[LoadBalancer]
-service creates an AWS Elastic Load Balancer (ELB) for your {product-title}
+service creates an Elastic Load Balancing (ELB) load balancer for your {product-title}
 cluster, enabling direct TCP access to applications exposed by your LoadBalancer
 service.
 
diff --git a/modules/defining-template-for-external-log-link.adoc b/modules/defining-template-for-external-log-link.adoc
index d18d19988232..5998e5bf1c76 100644
--- a/modules/defining-template-for-external-log-link.adoc
+++ b/modules/defining-template-for-external-log-link.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="defining-template-for-external-log-links_{context}"]
 = Defining a template for an external log link
 
diff --git a/modules/delete-hosted-cluster.adoc b/modules/delete-hosted-cluster.adoc
index 073e88185ba8..caf02e4f3a64 100644
--- a/modules/delete-hosted-cluster.adoc
+++ b/modules/delete-hosted-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * hosted_control_planes/hcp-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="delete-hosted-cluster_{context}"]
 = Deleting a hosted cluster
 
@@ -10,12 +10,12 @@ The steps to delete a hosted cluster differ depending on which provider you use.
 
 .Procedure
 
-* If the cluster is on AWS, follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hypershift-cluster-destroy-aws[Destroying a hosted cluster on AWS].
+* If the cluster is on AWS, follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hypershift-cluster-destroy-aws[Destroying a hosted cluster on AWS].
 
-* If the cluster is on bare metal, follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hypershift-cluster-destroy-bm[Destroying a hosted cluster on bare metal].
+* If the cluster is on bare metal, follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hypershift-cluster-destroy-bm[Destroying a hosted cluster on bare metal].
 
-* If the cluster is on {VirtProductName}, follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hypershift-cluster-destroy-kubevirt[Destroying a hosted cluster on OpenShift Virtualization].
+* If the cluster is on {VirtProductName}, follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hypershift-cluster-destroy-kubevirt[Destroying a hosted cluster on OpenShift Virtualization].
 
 .Next steps
 
-If you want to disable the hosted control plane feature, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#disable-hosted-control-planes[Disabling the hosted control plane feature].
\ No newline at end of file
+If you want to disable the hosted control plane feature, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#disable-hosted-control-planes[Disabling the hosted control plane feature].
\ No newline at end of file
diff --git a/modules/delete-kn-trigger.adoc b/modules/delete-kn-trigger.adoc
index 784862981990..de2b61ad5f01 100644
--- a/modules/delete-kn-trigger.adoc
+++ b/modules/delete-kn-trigger.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/triggers/delete-triggers-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="delete-kn-trigger_{context}"]
 = Deleting a trigger by using the Knative CLI
 
diff --git a/modules/deleting-a-namespace-using-the-web-console.adoc b/modules/deleting-a-namespace-using-the-web-console.adoc
index b2d87dab26aa..0d187bb62deb 100644
--- a/modules/deleting-a-namespace-using-the-web-console.adoc
+++ b/modules/deleting-a-namespace-using-the-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/uninstalling-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-a-namespace-using-the-web-console_{context}"]
 = Deleting a namespace using the web console
 
diff --git a/modules/deleting-a-project-using-the-CLI.adoc b/modules/deleting-a-project-using-the-CLI.adoc
index 08308f10b8aa..206324f0559d 100644
--- a/modules/deleting-a-project-using-the-CLI.adoc
+++ b/modules/deleting-a-project-using-the-CLI.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-a-project-using-the-CLI_{context}"]
 = Deleting a project using the CLI
 
diff --git a/modules/deleting-a-project-using-the-web-console.adoc b/modules/deleting-a-project-using-the-web-console.adoc
index a06b7e2e7d1a..959cc2e3ec7d 100644
--- a/modules/deleting-a-project-using-the-web-console.adoc
+++ b/modules/deleting-a-project-using-the-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-a-project-using-the-web-console_{context}"]
 = Deleting a project using the web console
 
diff --git a/modules/deleting-cluster-autoscaler.adoc b/modules/deleting-cluster-autoscaler.adoc
new file mode 100644
index 000000000000..492ed72d0aba
--- /dev/null
+++ b/modules/deleting-cluster-autoscaler.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// * machine_management/applying-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="deleting-cluster-autoscaler_{context}"]
+= Disabling the cluster autoscaler
+
+To disable the cluster autoscaler, you delete the corresponding `ClusterAutoscaler` resource.
+
+[NOTE]
+====
+Disabling the cluster autoscaler disables autoscaling on the cluster, even if the cluster has existing machine autoscalers.
+====
+
+.Procedure
+
+. List the `ClusterAutoscaler` resource for the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc get ClusterAutoscaler
+----
++
+.Example output
+[source,terminal]
+----
+NAME      AGE
+default   42m
+----
+
+. Optional: Create a YAML file backup of the `ClusterAutoscaler` CR by running the following command:
++
+[source,terminal]
+----
+$ oc get ClusterAutoscaler/default \//<1>
+  -o yaml> <cluster_autoscaler_backup_name>.yaml //<2>
+----
+<1> `default` is the name of the `ClusterAutoscaler` CR.
+<2> `<cluster_autoscaler_backup_name>` is the name for the backup of the CR.
+
+. Delete the `ClusterAutoscaler` CR by running the following command:
++
+[source,terminal]
+----
+$ oc delete ClusterAutoscaler/default
+----
++
+.Example output
+[source,terminal]
+----
+clusterautoscaler.autoscaling.openshift.io "default" deleted
+----
+
+.Verification
+
+* To verify that the cluster autoscaler is disabled, run the following command:
++
+[source,terminal]
+----
+$ oc get ClusterAutoscaler
+----
++
+.Expected output
+[source,terminal]
+----
+No resources found
+----
+
+.Next steps
+
+* Disabling the cluster autoscaler by deleting the `ClusterAutoscaler` CR prevents the cluster from autoscaling but does not delete any existing machine autoscalers on the cluster. To clean up unneeded machine autoscalers, see "Disabling a machine autoscaler".
+
+* If you need to re-enable the cluster autoscaler, use the `<cluster_autoscaler_name_backup>.yaml` backup file and follow the instructions in "Deploying a cluster autoscaler".
\ No newline at end of file
diff --git a/modules/deleting-cluster.adoc b/modules/deleting-cluster.adoc
index 57eb621134ba..2f220beabc51 100644
--- a/modules/deleting-cluster.adoc
+++ b/modules/deleting-cluster.adoc
@@ -3,7 +3,7 @@
 // * osd_install_access_delete_cluster/osd-deleting-a-cluster.adoc
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-cluster_{context}"]
 = Deleting your cluster
 
@@ -19,3 +19,8 @@ You can delete your {product-title} cluster in {cluster-manager-first}.
 . Select *Delete cluster* from the *Actions* drop-down menu.
 
 . Type the name of the cluster highlighted in bold, then click *Delete*. Cluster deletion occurs automatically.
++
+[NOTE]
+====
+If you delete a cluster that was installed into a GCP Shared VPC, inform the VPC owner of the host project to remove the IAM policy roles granted to the service account that was referenced during cluster creation.
+====
\ No newline at end of file
diff --git a/modules/deleting-machine-autoscaler.adoc b/modules/deleting-machine-autoscaler.adoc
new file mode 100644
index 000000000000..f1f38d4dae08
--- /dev/null
+++ b/modules/deleting-machine-autoscaler.adoc
@@ -0,0 +1,70 @@
+// Module included in the following assemblies:
+//
+// * machine_management/applying-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="deleting-machine-autoscaler_{context}"]
+= Disabling a machine autoscaler
+
+To disable a machine autoscaler, you delete the corresponding `MachineAutoscaler` custom resource (CR).
+
+[NOTE]
+====
+Disabling a machine autoscaler does not disable the cluster autoscaler. To disable the cluster autoscaler, follow the instructions in "Disabling the cluster autoscaler".
+====
+
+.Procedure
+
+. List the `MachineAutoscaler` CRs for the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc get MachineAutoscaler -n openshift-machine-api
+----
++
+.Example output
+[source,terminal]
+----
+NAME                 REF KIND     REF NAME             MIN   MAX   AGE
+compute-us-east-1a   MachineSet   compute-us-east-1a   1     12    39m
+compute-us-west-1a   MachineSet   compute-us-west-1a   2     4     37m
+----
+
+. Optional: Create a YAML file backup of the `MachineAutoscaler` CR by running the following command:
++
+[source,terminal]
+----
+$ oc get MachineAutoscaler/<machine_autoscaler_name> \//<1>
+  -n openshift-machine-api \
+  -o yaml> <machine_autoscaler_name_backup>.yaml //<2>
+----
+<1> `<machine_autoscaler_name>` is the name of the CR that you want to delete.
+<2> `<machine_autoscaler_name_backup>` is the name for the backup of the CR.
+
+. Delete the `MachineAutoscaler` CR by running the following command:
++
+[source,terminal]
+----
+$ oc delete MachineAutoscaler/<machine_autoscaler_name> -n openshift-machine-api
+----
++
+.Example output
+[source,terminal]
+----
+machineautoscaler.autoscaling.openshift.io "compute-us-east-1a" deleted
+----
+
+.Verification
+
+* To verify that the machine autoscaler is disabled, run the following command:
++
+[source,terminal]
+----
+$ oc get MachineAutoscaler -n openshift-machine-api
+----
++
+The disabled machine autoscaler does not appear in the list of machine autoscalers.
+
+.Next steps
+
+* If you need to re-enable the machine autoscaler, use the `<machine_autoscaler_name_backup>.yaml` backup file and follow the instructions in "Deploying a machine autoscaler".
\ No newline at end of file
diff --git a/modules/deleting-machine-pools-cli.adoc b/modules/deleting-machine-pools-cli.adoc
index dc445f69d4fb..f7dd88d1610d 100644
--- a/modules/deleting-machine-pools-cli.adoc
+++ b/modules/deleting-machine-pools-cli.adoc
@@ -2,17 +2,22 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-machine-pools-cli{context}"]
 = Deleting a machine pool using the ROSA CLI
 You can delete a machine pool for your Red Hat OpenShift Service on AWS (ROSA) cluster by using the ROSA CLI.
 
+[NOTE]
+====
+For users of ROSA CLI `rosa` version 1.2.25 and earlier versions, the machine pool (ID='Default') that is created along with the cluster cannot be deleted. For users of ROSA CLI `rosa` version 1.2.26 and later, the machine pool (ID='worker') that is created along with the cluster can be deleted as long as there is one machine pool within the cluster that contains no taints, and at least two replicas for a Single-AZ cluster or three replicas for a Multi-AZ cluster.
+====
+
 .Prerequisites
 
 ifdef::openshift-rosa[]
 * You created a ROSA cluster.
 * The cluster is in the ready state.
-* You have an existing machine pool without any taints and with at least two instances for a single-AZ cluster or three instances for a multi-AZ cluster.
+* You have an existing machine pool without any taints and with at least two instances for a Single-AZ cluster or three instances for a Multi-AZ cluster.
 endif::openshift-rosa[]
 ifndef::openshift-rosa[]
 * You have created an {product-title} cluster.
diff --git a/modules/deleting-machine-pools-ocm.adoc b/modules/deleting-machine-pools-ocm.adoc
index e15a56d3320d..9d9a32e83000 100644
--- a/modules/deleting-machine-pools-ocm.adoc
+++ b/modules/deleting-machine-pools-ocm.adoc
@@ -4,7 +4,7 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-machine-pools-ocm{context}"]
 ifndef::openshift-rosa[]
 = Deleting a machine pool
@@ -25,7 +25,7 @@ endif::openshift-rosa[]
 ifndef::openshift-rosa[]
 * You have created an {product-title} cluster.
 * The newly created cluster is in the ready state.
-endif::[]
+endif::openshift-rosa[]
 
 .Procedure
 . From {cluster-manager-url}, navigate to the *Clusters* page and select the cluster that contains the machine pool that you want to delete.
diff --git a/modules/deleting-machine-pools.adoc b/modules/deleting-machine-pools.adoc
index 472e1ceb87ad..6d30adf7d46c 100644
--- a/modules/deleting-machine-pools.adoc
+++ b/modules/deleting-machine-pools.adoc
@@ -2,29 +2,27 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-machine-pools{context}"]
 = Deleting a machine pool
 
 You can delete a machine pool in the event that your workload requirements have changed and your current machine pools no longer meet your needs.
-// Over time, users may find that their workload needs have changed, and may want to modify the various machine pool settings. While many of these settings can be modified, certain settings (for example, instance types and availability zones) cannot be changed once a machine pool is created. If a user finds that these settings are no longer meeting their needs, they can delete the machine pool in question and create a new machine pool with the desired settings.
+
+
 You can delete machine pools using the
 ifdef::openshift-rosa[]
-Openshift Cluster Manager or the ROSA CLI (`rosa`).
+OpenShift Cluster Manager or the ROSA CLI (`rosa`).
 endif::openshift-rosa[]
 ifndef::openshift-rosa[]
-Openshift Cluster Manager.
+OpenShift Cluster Manager.
 endif::[]
-
-// Users that wish to delete the default machine pool that is automatically created during the installation of a {product-title} (ROSA) cluster can do so using the OCM or ROSA CLI.
-//
-
 ifndef::openshift-rosa[]
+
 .Prerequisites
 
 * You have created an {product-title} cluster.
 * The cluster is in the ready state.
-* You have an existing machine pool without any taints and with at least two instances for a single-AZ cluster or three instances for a multi-AZ cluster.
+* You have an existing machine pool without any taints and with at least two replicas for a Single-AZ cluster or three replicas for a Multi-AZ cluster.
 
 .Procedure
 . From {cluster-manager-url}, navigate to the *Clusters* page and select the cluster that contains the machine pool that you want to delete.
diff --git a/modules/deleting-service-cli.adoc b/modules/deleting-service-cli.adoc
index 1d96f5e21be3..4505393269ac 100644
--- a/modules/deleting-service-cli.adoc
+++ b/modules/deleting-service-cli.adoc
@@ -3,7 +3,7 @@
 //
 // * assemblies/adding-service.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-service-cli_{context}"]
 = Deleting an add-on service using the CLI
 
diff --git a/modules/deleting-service.adoc b/modules/deleting-service.adoc
index 5809ae44fbe2..62f0e882eb09 100644
--- a/modules/deleting-service.adoc
+++ b/modules/deleting-service.adoc
@@ -2,13 +2,13 @@
 //
 // * assemblies/adding-service.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-service_{context}"]
 = Deleting an add-on service using {cluster-manager-first}
 
-You can delete an add-on service from your {product-title} 
+You can delete an add-on service from your {product-title}
 ifdef::openshift-rosa[]
-(ROSA) 
+(ROSA)
 endif::openshift-rosa[]
 cluster by using {cluster-manager-first}.
 
diff --git a/modules/deleting-wmco-namespace.adoc b/modules/deleting-wmco-namespace.adoc
index 14e230ab81d2..2745967f4643 100644
--- a/modules/deleting-wmco-namespace.adoc
+++ b/modules/deleting-wmco-namespace.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/disabling-windows-container-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-wmco-namespace_{context}"]
 = Deleting the Windows Machine Config Operator namespace
 
diff --git a/modules/deploy-app.adoc b/modules/deploy-app.adoc
index 352ba6f15c4d..c5456b351d89 100644
--- a/modules/deploy-app.adoc
+++ b/modules/deploy-app.adoc
@@ -4,7 +4,7 @@
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploy-app_{context}"]
 = Deploying an application from the Developer Catalog
 
diff --git a/modules/deploy-red-hat-openshift-container-storage.adoc b/modules/deploy-red-hat-openshift-container-storage.adoc
index 089a18788feb..078182918ce6 100644
--- a/modules/deploy-red-hat-openshift-container-storage.adoc
+++ b/modules/deploy-red-hat-openshift-container-storage.adoc
@@ -32,11 +32,11 @@
 |Instructions on deploying and managing {rh-storage} on existing Red Hat {product-title} Azure clusters
 |link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.12/html/deploying_openshift_data_foundation_using_microsoft_azure/index[Deploying and managing OpenShift Data Foundation 4.12 using Microsoft Azure]
 
-|Instructions on deploying {rh-storage} to use local storage on IBM Power infrastructure
-|link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.12/html-single/deploying_openshift_data_foundation_using_ibm_power/index[Deploying OpenShift Data Foundation on IBM Power]
+|Instructions on deploying {rh-storage} to use local storage on {ibm-power-name} infrastructure
+|link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.12/html-single/deploying_openshift_data_foundation_using_ibm_power/index[Deploying OpenShift Data Foundation on {ibm-power-name}]
 
-|Instructions on deploying {rh-storage} to use local storage on IBM Z infrastructure
-|link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.12/html/deploying_openshift_data_foundation_using_ibm_z_infrastructure/index[Deploying OpenShift Data Foundation on IBM Z infrastructure]
+|Instructions on deploying {rh-storage} to use local storage on {ibm-z-name} infrastructure
+|link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.12/html/deploying_openshift_data_foundation_using_ibm_z_infrastructure/index[Deploying OpenShift Data Foundation on {ibm-z-name} infrastructure]
 
 |Allocating storage to core services and hosted applications in {rh-storage-first}, including snapshot and clone
 |link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.12/html/managing_and_allocating_storage_resources[Managing and allocating resources]
diff --git a/modules/deploying-a-pod-that-includes-an-aws-sdk.adoc b/modules/deploying-a-pod-that-includes-an-aws-sdk.adoc
index 93d51d709083..da7ef21ac8f0 100644
--- a/modules/deploying-a-pod-that-includes-an-aws-sdk.adoc
+++ b/modules/deploying-a-pod-that-includes-an-aws-sdk.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-a-pod-that-includes-an-aws-sdk_{context}"]
 = Deploying a pod that includes an AWS SDK
 
diff --git a/modules/deploying-lvms-on-sno-cluster.adoc b/modules/deploying-lvms-on-sno-cluster.adoc
index 622a97d4925f..6fe2af2a6c56 100644
--- a/modules/deploying-lvms-on-sno-cluster.adoc
+++ b/modules/deploying-lvms-on-sno-cluster.adoc
@@ -2,11 +2,11 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="lvms-preface-sno-ran_{context}"]
-= Deploying {lvms} on {sno} clusters
+= Deploying {lvms}
 
-You can deploy {lvms} on a {sno} bare-metal or user-provisioned infrastructure cluster and configure it to dynamically provision storage for your workloads.
+You can deploy {lvms} on a bare-metal or user-provisioned infrastructure cluster and configure it to dynamically provision storage for your workloads.
 
 {lvms} creates a volume group using all the available unused disks and creates a single thin pool with a size of 90% of the volume group.
 The remaining 10% of the volume group is left free to enable data recovery by expanding the thin pool when required.
@@ -15,31 +15,36 @@ You might need to manually perform such recovery.
 You can use persistent volume claims (PVCs) and volume snapshots provisioned by {lvms} to request storage and create volume snapshots.
 
 {lvms} configures a default overprovisioning limit of 10 to take advantage of the thin-provisioning feature.
-The total size of the volumes and volume snapshots that can be created on the {sno} clusters is 10 times the size of the thin pool.
+The total size of the volumes and volume snapshots that can be created on the clusters is 10 times the size of the thin pool.
 
-You can deploy {lvms} on {sno} clusters using one of the following:
+You can deploy {lvms} using one of the following:
 
 * {rh-rhacm-first}
 * {product-title} Web Console
 
+[WARNING]
+====
+{lvms} only supports provisioning local storage on multi-node clusters. It does not support storage data replication mechanism across nodes. When you are using {lvms} on multi-node clusters, you must ensure storage data replication through active or passive replication mechanism to avoid a single point of failure.
+==== 
+
 [id="lvms-deployment-requirements-for-sno-ran_{context}"]
 == Requirements
 
-Before you begin deploying {lvms} on {sno} clusters, ensure that the following requirements are met:
+Before deploying {lvms} on {sno} clusters, ensure that the following requirements are met:
 
 * You have installed {rh-rhacm-first} on an {product-title} cluster.
-* Every managed {sno} cluster has dedicated disks that are used to provision storage.
-
-Before you deploy {lvms} on {sno} clusters, be aware of the following limitations:
+* Every managed cluster has dedicated disks that are used to provision storage.
 
-* You can only create a single instance of the `LVMCluster` custom resource (CR) on an {product-title} cluster.
-* You can make only a single `deviceClass` entry in the `LVMCluster` CR.
-* When a device becomes part of the `LVMCluster` CR, it cannot be removed.
+Before deploying {lvms} in a private CI environment where you can reuse the virtual machines and storage devices, ensure that you have wiped the disks that are not in use. 
+[NOTE]
+====
+You cannot wipe the disks that are in use.
+====
 
 [id="lvms-deployment-limitations-for-sno-ran_{context}"]
 == Limitations
 
-For deploying {sno}, LVM Storage has the following limitations:
+For deploying {product-title}, LVM Storage has the following limitations:
 
 * The total storage size is limited by the size of the underlying Logical Volume Manager (LVM) thin pool and the overprovisioning factor.
 * The size of the logical volume depends on the size of the Physical Extent (PE) and the Logical Extent (LE).
@@ -51,19 +56,18 @@ For deploying {sno}, LVM Storage has the following limitations:
 [cols="1,1,1,1,1", width="100%", options="header"]
 |====
 |Architecture
-|RHEL 5
 |RHEL 6
 |RHEL 7
 |RHEL 8
+|RHEL 9
 
 |32-bit
 |16 TB
-|16 TB
+|-
 |-
 |-
 
 |64-bit
-|8 EB ^[1]^
 
 |8 EB ^[1]^
 
@@ -72,6 +76,7 @@ For deploying {sno}, LVM Storage has the following limitations:
 
 500 TB ^[2]^
 |8 EB
+|8 EB
 
 |====
 [.small]
diff --git a/modules/deploying-resource.adoc b/modules/deploying-resource.adoc
index d1f7a0153087..435fd526dbd6 100644
--- a/modules/deploying-resource.adoc
+++ b/modules/deploying-resource.adoc
@@ -8,23 +8,23 @@
 // * machine_management/applying-autoscaling.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="{FeatureResourceName}-deploying_{context}"]
-= Deploying the {FeatureName}
+= Deploying a {FeatureName}
 
-To deploy the {FeatureName}, you create an instance of the `{FeatureResourceName}` resource.
+To deploy a {FeatureName}, you create an instance of the `{FeatureResourceName}` resource.
 
 .Procedure
 
-. Create a YAML file for the `{FeatureResourceName}` resource that contains the customized resource definition.
+. Create a YAML file for a `{FeatureResourceName}` resource that contains the custom resource definition.
 
-. Create the resource in the cluster:
+. Create the custom resource in the cluster by running the following command:
 +
 [source,terminal]
 ----
 $ oc create -f <filename>.yaml <1>
 ----
-<1> `<filename>` is the name of the resource file that you customized.
+<1> `<filename>` is the name of the custom resource file.
 
 // Undefine attributes, so that any mistakes are easily spotted
 :!FeatureName:
diff --git a/modules/deployment-config-capability.adoc b/modules/deployment-config-capability.adoc
new file mode 100644
index 000000000000..a07cb5654c17
--- /dev/null
+++ b/modules/deployment-config-capability.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// *  installing/cluster-capabilities.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="deployment-config-capability_{context}"]
+= DeploymentConfig capability
+
+[discrete]
+== Purpose
+
+The `DeploymentConfig` capability enables and manages the `DeploymentConfig` API.
+
+[IMPORTANT]
+====
+If the `DeploymentConfig` capability is disabled, the cluster cannot use `DeploymentConfig` resources. Disable the capability only if `DeploymentConfig` resources are not required in the cluster.
+====
diff --git a/modules/deployment-plug-in-cluster.adoc b/modules/deployment-plug-in-cluster.adoc
index 1e457239846d..1cbdf342e7bd 100644
--- a/modules/deployment-plug-in-cluster.adoc
+++ b/modules/deployment-plug-in-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/deploy-plugin-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploy-on-cluster_{context}"]
 = Deploy your plugin on a cluster
 
diff --git a/modules/deployments-ab-testing-lb.adoc b/modules/deployments-ab-testing-lb.adoc
index 4c2006eaa31f..94a67efa248d 100644
--- a/modules/deployments-ab-testing-lb.adoc
+++ b/modules/deployments-ab-testing-lb.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/route-based-deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-ab-testing-lb_{context}"]
 = Load balancing for A/B testing
 
@@ -54,6 +54,11 @@ Browse to the application at `ab-example-a.<project>.<router_domain>` to verify
 
 . When you deploy the route, the router balances the traffic according to the `weights` specified for the services. At this point, there is a single service with default `weight=1` so all requests go to it. Adding the other service as an `alternateBackends` and adjusting the `weights` brings the A/B setup to life. This can be done by the `oc set route-backends` command or by editing the route.
 +
+[NOTE]
+====
+When using `alternateBackends`, also use the `roundrobin` load-balancing strategy to ensure requests are distributed as expected to the services based on weight. `roundrobin` can be set for a route by using a link:https://docs.openshift.com/container-platform/4.13/networking/routes/route-configuration.html#nw-route-specific-annotations_route-configuration[route annotation].
+====
++
 Setting the `oc set route-backend` to `0` means the service does not participate in load-balancing, but continues to serve existing persistent connections.
 +
 [NOTE]
diff --git a/modules/deployments-accessing-private-repos.adoc b/modules/deployments-accessing-private-repos.adoc
index e20d9a1a6a07..ea849190857a 100644
--- a/modules/deployments-accessing-private-repos.adoc
+++ b/modules/deployments-accessing-private-repos.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-accessing-private-repos_{context}"]
 = Accessing private repositories from DeploymentConfig objects
 
diff --git a/modules/deployments-assigning-pods-to-nodes.adoc b/modules/deployments-assigning-pods-to-nodes.adoc
index 1f7d7706ae87..baeeaef71238 100644
--- a/modules/deployments-assigning-pods-to-nodes.adoc
+++ b/modules/deployments-assigning-pods-to-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-assigning-pods-to-nodes_{context}"]
 = Assigning pods to specific nodes
 
diff --git a/modules/deployments-blue-green.adoc b/modules/deployments-blue-green.adoc
index e73648eb4200..f161c2546f0e 100644
--- a/modules/deployments-blue-green.adoc
+++ b/modules/deployments-blue-green.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/route-based-deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-blue-green_{context}"]
 = Blue-green deployments
 
diff --git a/modules/deployments-comparing-deploymentconfigs.adoc b/modules/deployments-comparing-deploymentconfigs.adoc
index 3c8231353dfa..11c2f19dc6bb 100644
--- a/modules/deployments-comparing-deploymentconfigs.adoc
+++ b/modules/deployments-comparing-deploymentconfigs.adoc
@@ -9,6 +9,8 @@ Both Kubernetes `Deployment` objects and {product-title}-provided `DeploymentCon
 
 The following sections go into more detail on the differences between the two object types to further help you decide which type to use.
 
+include::snippets/deployment-config-deprecated.adoc[]
+
 [id="deployments-design_{context}"]
 == Design
 
@@ -18,6 +20,28 @@ For `DeploymentConfig` objects, if a node running a deployer pod goes down, it w
 
 However, deployment rollouts are driven from a controller manager. The controller manager runs in high availability mode on masters and uses leader election algorithms to value availability over consistency. During a failure it is possible for other masters to act on the same deployment at the same time, but this issue will be reconciled shortly after the failure occurs.
 
+[id="delpoyments-specific-features_{context}"]
+== Deployment-specific features
+
+[discrete]
+==== Rollover
+
+The deployment process for `Deployment` objects is driven by a controller loop, in contrast to `DeploymentConfig` objects that use deployer pods for every new rollout. This means that the `Deployment` object can have as many active replica sets as possible, and eventually the deployment controller will scale down all old replica sets and scale up the newest one.
+
+`DeploymentConfig` objects can have at most one deployer pod running, otherwise multiple deployers might conflict when trying to scale up what they think should be the newest replication controller. Because of this, only two replication controllers can be active at any point in time. Ultimately, this results in faster rapid rollouts for `Deployment` objects.
+
+[discrete]
+==== Proportional scaling
+
+Because the deployment controller is the sole source of truth for the sizes of new and old replica sets owned by a `Deployment` object, it can scale ongoing rollouts. Additional replicas are distributed proportionally based on the size of each replica set.
+
+`DeploymentConfig` objects cannot be scaled when a rollout is ongoing because the controller will have issues with the deployer process about the size of the new replication controller.
+
+[discrete]
+==== Pausing mid-rollout
+
+Deployments can be paused at any point in time, meaning you can also pause ongoing rollouts. However, you currently cannot pause deployer pods; if you try to pause a deployment in the middle of a rollout, the deployer process is not affected and continues until it finishes.
+
 [id="delpoymentconfigs-specific-features_{context}"]
 == DeploymentConfig object-specific features
 
@@ -45,27 +69,4 @@ Deployments do not yet support any lifecycle hooks.
 [discrete]
 ==== Custom strategies
 
-Deployments do not support user-specified custom deployment strategies yet.
-
-[id="delpoyments-specific-features_{context}"]
-== Deployment-specific features
-
-[discrete]
-==== Rollover
-
-The deployment process for `Deployment` objects is driven by a controller loop, in contrast to `DeploymentConfig` objects which use deployer pods for every new rollout. This means that the `Deployment` object can have as many active replica sets as possible, and eventually the deployment controller will scale down all old replica sets and scale up the newest one.
-
-`DeploymentConfig` objects can have at most one deployer pod running, otherwise multiple deployers end up conflicting while trying to scale up what they think should be the newest replication controller. Because of this, only two replication controllers can be active at any point in time. Ultimately, this translates to faster rapid rollouts for `Deployment` objects.
-
-[discrete]
-==== Proportional scaling
-
-Because the deployment controller is the sole source of truth for the sizes of new and old replica sets owned by a `Deployment` object, it is able to scale ongoing rollouts. Additional replicas are distributed proportionally based on the size of each replica set.
-
-`DeploymentConfig` objects cannot be scaled when a rollout is ongoing because the controller will end up having issues with the deployer process about the size of the new replication controller.
-
-[discrete]
-==== Pausing mid-rollout
-
-Deployments can be paused at any point in time, meaning you can also pause ongoing rollouts. On the other hand, you cannot pause deployer pods
-currently, so if you try to pause a deployment in the middle of a rollout, the deployer process will not be affected and will continue until it finishes.
+Deployments do not support user-specified custom deployment strategies.
diff --git a/modules/deployments-deploymentconfigs.adoc b/modules/deployments-deploymentconfigs.adoc
index 63f5468a15b9..a0537f7bc096 100644
--- a/modules/deployments-deploymentconfigs.adoc
+++ b/modules/deployments-deploymentconfigs.adoc
@@ -5,6 +5,8 @@
 [id="deployments-and-deploymentconfigs_{context}"]
 = DeploymentConfig objects
 
+include::snippets/deployment-config-deprecated.adoc[]
+
 Building on replication controllers, {product-title} adds expanded support for the software development and deployment lifecycle with the concept of `DeploymentConfig` objects. In the simplest case, a `DeploymentConfig` object creates a new replication controller and lets it start up pods.
 
 However, {product-title} deployments from `DeploymentConfig` objects also provide the ability to transition from an existing deployment of an image to a new one and also define hooks to be run before or after creating the replication controller.
diff --git a/modules/deployments-exec-cmd-in-container.adoc b/modules/deployments-exec-cmd-in-container.adoc
index 5c6edc97af18..9dc1907ad012 100644
--- a/modules/deployments-exec-cmd-in-container.adoc
+++ b/modules/deployments-exec-cmd-in-container.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-exe-cmd-in-container_{context}"]
 = Executing commands inside a container
 
diff --git a/modules/deployments-kube-deployments.adoc b/modules/deployments-kube-deployments.adoc
index 831d85a783f8..b858a8c168c7 100644
--- a/modules/deployments-kube-deployments.adoc
+++ b/modules/deployments-kube-deployments.adoc
@@ -5,9 +5,7 @@
 [id="deployments-kube-deployments_{context}"]
 = Deployments
 
-Kubernetes provides a first-class, native API object type in {product-title} called `Deployment`. `Deployment` objects serve as a descendant of the {product-title}-specific `DeploymentConfig` object.
-
-Like `DeploymentConfig` objects, `Deployment` objects describe the desired state of a particular component of an application as a pod template. Deployments create replica sets, which orchestrate pod lifecycles.
+Kubernetes provides a first-class, native API object type in {product-title} called `Deployment`. `Deployment` objects describe the desired state of a particular component of an application as a pod template. Deployments create replica sets, which orchestrate pod lifecycles.
 
 For example, the following deployment definition creates a replica set to bring up one `hello-openshift` pod:
 
diff --git a/modules/deployments-lifecycle-hooks.adoc b/modules/deployments-lifecycle-hooks.adoc
index a373a6866b68..2f8576e33a5c 100644
--- a/modules/deployments-lifecycle-hooks.adoc
+++ b/modules/deployments-lifecycle-hooks.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-lifecycle-hooks_{context}"]
 = Lifecycle hooks
 
diff --git a/modules/deployments-replicasets.adoc b/modules/deployments-replicasets.adoc
index fe2bbb4820c6..b6e2987cac93 100644
--- a/modules/deployments-replicasets.adoc
+++ b/modules/deployments-replicasets.adoc
@@ -5,7 +5,7 @@
 [id="deployments-repliasets_{context}"]
 = Replica sets
 
-Similar to a replication controller, a `ReplicaSet` is a native Kubernetes API object that ensures a specified number of pod replicas are running at any given time. The difference between a replica set and a replication controller is that a replica set supports set-based selector requirements whereas a replication controller only supports equality-based selector requirements.
+A `ReplicaSet` is a native Kubernetes API object that ensures a specified number of pod replicas are running at any given time. 
 
 [NOTE]
 ====
diff --git a/modules/deployments-replicationcontrollers.adoc b/modules/deployments-replicationcontrollers.adoc
index eef11545854f..9d3aba24ae07 100644
--- a/modules/deployments-replicationcontrollers.adoc
+++ b/modules/deployments-replicationcontrollers.adoc
@@ -5,7 +5,7 @@
 [id="deployments-replicationcontrollers_{context}"]
 = Replication controllers
 
-A replication controller ensures that a specified number of replicas of a pod are running at all times. If pods exit or are deleted, the replication controller acts to instantiate more up to the defined number. Likewise, if there are more running than desired, it deletes as many as necessary to match the defined amount.
+Similar to a replica set, a replication controller ensures that a specified number of replicas of a pod are running at all times. If pods exit or are deleted, the replication controller instantiates more up to the defined number. Likewise, if there are more running than desired, it deletes as many as necessary to match the defined amount. The difference between a replica set and a replication controller is that a replica set supports set-based selector requirements whereas a replication controller only supports equality-based selector requirements.
 
 A replication controller configuration consists of:
 
@@ -18,6 +18,13 @@ A selector is a set of labels assigned to the pods that are managed by the repli
 The replication controller does not perform auto-scaling based on load or traffic, as it does not track either. Rather, this requires its replica
 count to be adjusted by an external auto-scaler.
 
+[NOTE]
+====
+Use a `DeploymentConfig` to create a replication controller instead of creating replication controllers directly.
+
+If you require custom orchestration or do not require updates, use replica sets instead of replication controllers.
+====
+
 The following is an example definition of a replication controller:
 
 [source,yaml]
diff --git a/modules/deployments-retrying-deployment.adoc b/modules/deployments-retrying-deployment.adoc
index c2f04a91d147..bb9b2ae7838a 100644
--- a/modules/deployments-retrying-deployment.adoc
+++ b/modules/deployments-retrying-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-retrying-deployment_{context}"]
 = Retrying a deployment
 
diff --git a/modules/deployments-rolling-back.adoc b/modules/deployments-rolling-back.adoc
index b8845944f77f..69123a04490f 100644
--- a/modules/deployments-rolling-back.adoc
+++ b/modules/deployments-rolling-back.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-rolling-back_{context}"]
 = Rolling back a deployment
 
diff --git a/modules/deployments-running-pod-svc-acct.adoc b/modules/deployments-running-pod-svc-acct.adoc
index b02377390a70..8637d15f116a 100644
--- a/modules/deployments-running-pod-svc-acct.adoc
+++ b/modules/deployments-running-pod-svc-acct.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-running-pod-svc-acct_{context}"]
 = Running a pod with a different service account
 
diff --git a/modules/deployments-scaling-manually.adoc b/modules/deployments-scaling-manually.adoc
index 4df16c9cca92..e1d10cad6915 100644
--- a/modules/deployments-scaling-manually.adoc
+++ b/modules/deployments-scaling-manually.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-scaling-manually_{context}"]
 = Scaling manually
 
diff --git a/modules/deployments-setting-resources.adoc b/modules/deployments-setting-resources.adoc
index 2f2bbd2a01ae..200b7f20dcbb 100644
--- a/modules/deployments-setting-resources.adoc
+++ b/modules/deployments-setting-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-setting-resources_{context}"]
 = Setting deployment resources
 
diff --git a/modules/deployments-setting-triggers.adoc b/modules/deployments-setting-triggers.adoc
index b31f1b6cc9cc..e6696cc31e1a 100644
--- a/modules/deployments-setting-triggers.adoc
+++ b/modules/deployments-setting-triggers.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-setting-triggers_{context}"]
 = Setting deployment triggers
 
diff --git a/modules/deployments-starting-deployment.adoc b/modules/deployments-starting-deployment.adoc
index 5bbce6150665..80bc6be3810a 100644
--- a/modules/deployments-starting-deployment.adoc
+++ b/modules/deployments-starting-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-starting-a-deployment_{context}"]
 = Starting a deployment
 
diff --git a/modules/deployments-viewing-deployment.adoc b/modules/deployments-viewing-deployment.adoc
index 15ac06a8168a..ab0600913185 100644
--- a/modules/deployments-viewing-deployment.adoc
+++ b/modules/deployments-viewing-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-viewing-a-deployment_{context}"]
 = Viewing a deployment
 
diff --git a/modules/deployments-viewing-logs.adoc b/modules/deployments-viewing-logs.adoc
index 417ea9833a8f..471a0d521d4a 100644
--- a/modules/deployments-viewing-logs.adoc
+++ b/modules/deployments-viewing-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/managing-deployment-processes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deployments-viewing-logs_{context}"]
 = Viewing deployment logs
 
diff --git a/modules/describe-function-kn.adoc b/modules/describe-function-kn.adoc
index d86daf880a8e..25be7b09f6f1 100644
--- a/modules/describe-function-kn.adoc
+++ b/modules/describe-function-kn.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="describe-function-kn_{context}"]
 = Describing a function
 
diff --git a/modules/determining-upgrade-viability-conditiontype.adoc b/modules/determining-upgrade-viability-conditiontype.adoc
index 775b6e771261..217d438c0050 100644
--- a/modules/determining-upgrade-viability-conditiontype.adoc
+++ b/modules/determining-upgrade-viability-conditiontype.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding_clusteroperator_conditiontypes_{context}"]
 = Understanding cluster Operator condition types
 
diff --git a/modules/determining-upgrade-viability-cv-conditiontype.adoc b/modules/determining-upgrade-viability-cv-conditiontype.adoc
index 17d7b7a08457..b2532778b63a 100644
--- a/modules/determining-upgrade-viability-cv-conditiontype.adoc
+++ b/modules/determining-upgrade-viability-cv-conditiontype.adoc
@@ -2,15 +2,15 @@
 //
 // * updating/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-clusterversion-conditiontypes_{context}"]
 = Understanding cluster version condition types
- 
+
 The Cluster Version Operator (CVO) monitors cluster Operators and other components, and is responsible for collecting the status of both the cluster version and its Operators. This status includes the condition type, which informs you of the health and current state of the {product-title} cluster.
 
 In addition to `Available`, `Progressing`, and `Upgradeable`, there are condition types that affect cluster versions and Operators.
 
-* Failing: 
+* Failing:
 The cluster version condition type `Failing` indicates that a cluster cannot reach its desired state, is unhealthy, and requires an administrator to intervene.
 
 * Invalid:
@@ -19,7 +19,7 @@ The cluster version condition type `Invalid` indicates that the cluster version
 * RetrievedUpdates:
 The cluster version condition type `RetrievedUpdates` indicates whether or not available updates have been retrieved from the upstream update server. The condition is `Unknown` before retrieval, `False` if the updates either recently failed or could not be retrieved, or `True` if the `availableUpdates` field is both recent and accurate.
 
-* ReleaseAccepted: 
+* ReleaseAccepted:
 The cluster version condition type `ReleaseAccepted` with a `True` status indicates that the requested release payload was successfully loaded without failure during image verification and precondition checking.
 
 * ImplicitlyEnabledCapabilities:
diff --git a/modules/developer-cli-odo-about-devfiles-in-odo.adoc b/modules/developer-cli-odo-about-devfiles-in-odo.adoc
index e4e97bc98203..34c1b3b0a7c7 100644
--- a/modules/developer-cli-odo-about-devfiles-in-odo.adoc
+++ b/modules/developer-cli-odo-about-devfiles-in-odo.adoc
@@ -1,4 +1,4 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-the-devfile-in-odo"]
 = About the devfile in {odo-title}
 
diff --git a/modules/developer-cli-odo-adding-a-custom-builder-to-specify-a-build-image.adoc b/modules/developer-cli-odo-adding-a-custom-builder-to-specify-a-build-image.adoc
index 290da8336df9..5cffa51639c6 100644
--- a/modules/developer-cli-odo-adding-a-custom-builder-to-specify-a-build-image.adoc
+++ b/modules/developer-cli-odo-adding-a-custom-builder-to-specify-a-build-image.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating-a-single-component-application-with-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-a-custom-builder-to-specify-a-build-image_{context}"]
 = Adding a custom builder to specify a build image
 
diff --git a/modules/developer-cli-odo-adding-storage-to-a-specific-container.adoc b/modules/developer-cli-odo-adding-storage-to-a-specific-container.adoc
index 7ae9158d6d8f..8d7e5cf9710a 100644
--- a/modules/developer-cli-odo-adding-storage-to-a-specific-container.adoc
+++ b/modules/developer-cli-odo-adding-storage-to-a-specific-container.adoc
@@ -2,7 +2,7 @@
 //
 //creating_and_deploying_applications_with_odo/working-with-storage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-storage-to-a-specific-container_{context}"]
 = Adding storage to a specific container
 
@@ -29,7 +29,7 @@ components:
       memoryLimit: 1024Mi
 ----
 <1> The `runtime` container.
-<2> The `funtime` container. 
+<2> The `funtime` container.
 
 . To create storage for the `runtime` container:
 +
diff --git a/modules/developer-cli-odo-adding-storage-to-the-application-components.adoc b/modules/developer-cli-odo-adding-storage-to-the-application-components.adoc
index 8237f11d6462..3d327f931f4b 100644
--- a/modules/developer-cli-odo-adding-storage-to-the-application-components.adoc
+++ b/modules/developer-cli-odo-adding-storage-to-the-application-components.adoc
@@ -3,7 +3,7 @@
 // *cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-single-component-application-with-odo.adoc
 // *cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-storage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-storage-to-the-application-components_{context}"]
 = Adding storage to the application components
 
diff --git a/modules/developer-cli-odo-configuring-debugging-parameters.adoc b/modules/developer-cli-odo-configuring-debugging-parameters.adoc
index 51c14736c32b..23e6d7a913ef 100644
--- a/modules/developer-cli-odo-configuring-debugging-parameters.adoc
+++ b/modules/developer-cli-odo-configuring-debugging-parameters.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/creating_and_deploying_applications_with_odo/debugging-applications-in-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-debugging-parameters_{context}"]
 
 = Configuring debugging parameters
diff --git a/modules/developer-cli-odo-connecting-a-java-application-to-mysql-database.adoc b/modules/developer-cli-odo-connecting-a-java-application-to-mysql-database.adoc
index 4835230bfbf4..04556fb2664b 100644
--- a/modules/developer-cli-odo-connecting-a-java-application-to-mysql-database.adoc
+++ b/modules/developer-cli-odo-connecting-a-java-application-to-mysql-database.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating-a-java-application-with-a-database
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connecting-a-java-application-to-a-database_{context}"]
 = Connecting a Java application to a database
 
diff --git a/modules/developer-cli-odo-connecting-your-application-to-multiple-services-using-openshift-service-catalog.adoc b/modules/developer-cli-odo-connecting-your-application-to-multiple-services-using-openshift-service-catalog.adoc
index 8351710b60c3..8a84fdbff064 100644
--- a/modules/developer-cli-odo-connecting-your-application-to-multiple-services-using-openshift-service-catalog.adoc
+++ b/modules/developer-cli-odo-connecting-your-application-to-multiple-services-using-openshift-service-catalog.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating-a-single-component-application-with-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="connecting-your-application-to-multiple-services-using-openshift-service-catalog_{context}"]
 
 = Connecting your application to multiple services using OpenShift Service Catalog
diff --git a/modules/developer-cli-odo-converting-an-s2i-component-into-a-devfile-component.adoc b/modules/developer-cli-odo-converting-an-s2i-component-into-a-devfile-component.adoc
index c88d9727c68e..e1f5a12505e8 100644
--- a/modules/developer-cli-odo-converting-an-s2i-component-into-a-devfile-component.adoc
+++ b/modules/developer-cli-odo-converting-an-s2i-component-into-a-devfile-component.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/using-devfiles-in-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="converting-an-s2i-component-into-a-devfile-component_{context}"]
 = Converting an S2I component into a devfile component
 
diff --git a/modules/developer-cli-odo-creating-a-database-with-odo.adoc b/modules/developer-cli-odo-creating-a-database-with-odo.adoc
index 1a17ec3f3593..5895dbfc6301 100644
--- a/modules/developer-cli-odo-creating-a-database-with-odo.adoc
+++ b/modules/developer-cli-odo-creating-a-database-with-odo.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-database-with-odo_{context}"]
 
 = Creating a database with `odo`
@@ -42,15 +42,15 @@ $ odo service create postgresql-operator.v0.1.1/Database --dry-run > db.yaml
     service.binding/db.user: 'path={.spec.databaseUser}'
 ----
 +
-This configuration ensures that when a database service is started, appropriate annotations are added to it. Annotations help the Service Binding Operator in injecting the values for `databaseName`, `databasePassword`, and `databaseUser` into the application. 
+This configuration ensures that when a database service is started, appropriate annotations are added to it. Annotations help the Service Binding Operator in injecting the values for `databaseName`, `databasePassword`, and `databaseUser` into the application.
 
 . Change the following values under the `spec:` section of the YAML file:
 +
 [source,yaml]
 ----
-  databaseName: "sampledb"
-  databasePassword: "samplepwd"
-  databaseUser: "sampleuser"
+  databaseName: "<database_name>"
+  databasePassword: "<password>"
+  databaseUser: "<username>"
 ----
 
 . Create a database from the YAML file:
diff --git a/modules/developer-cli-odo-creating-a-java-application-by-using-a-devfile-in-a-disconnected-cluster.adoc b/modules/developer-cli-odo-creating-a-java-application-by-using-a-devfile-in-a-disconnected-cluster.adoc
index b5ec4fd3bb21..44870a4e0cf4 100644
--- a/modules/developer-cli-odo-creating-a-java-application-by-using-a-devfile-in-a-disconnected-cluster.adoc
+++ b/modules/developer-cli-odo-creating-a-java-application-by-using-a-devfile-in-a-disconnected-cluster.adoc
@@ -2,19 +2,19 @@
 //
 // * cli_reference/developer_cli_odo/
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="developer-cli-odo-creating-a-java-application-by-using-a-devfile-in-a-disconnected-cluster_{context}"]
 
 = Creating a Java application by using a devfile in a disconnected cluster
 
 [WARNING]
 ====
-This procedure is using external dependencies such as `quay.io/eclipse/che-java11-maven:nightly` or an example application `springboot-ex` that are not maintained by Red Hat. These dependencies are not maintained with the documentation and their functionality cannot be guaranteed. 
+This procedure is using external dependencies such as `quay.io/eclipse/che-java11-maven:nightly` or an example application `springboot-ex` that are not maintained by Red Hat. These dependencies are not maintained with the documentation and their functionality cannot be guaranteed.
 ====
 
 .Prerequisites
 * You have created and logged into a disconnected cluster.
-* You have added `quay.io`, `registry.access.redhat.com`, `apache.org`, `quayio-production-s3.s3.amazonaws.com` URLs in your proxy configuration. 
+* You have added `quay.io`, `registry.access.redhat.com`, `apache.org`, `quayio-production-s3.s3.amazonaws.com` URLs in your proxy configuration.
 
 .Procedure
 
@@ -54,7 +54,7 @@ commands:
       group:
         kind: build
         isDefault: true
-  - id: run 
+  - id: run
     exec:
       component: tools
       commandLine: "java -jar target/*.jar"
@@ -84,7 +84,7 @@ Validation
  ✓  Checking devfile existence [87716ns]
  ✓  Creating a devfile component from registry: DefaultDevfileRegistry [107247ns]
  ✓  Validating devfile component [396971ns]
- 
+
  Starter Project
  ✓  Downloading starter project springbootproject from https://github.com/odo-devfiles/springboot-ex.git [2s]
 
@@ -132,12 +132,12 @@ $ odo log
 .Example output
 [source,terminal]
 ----
-time="2021-02-24T08:58:58Z" level=info msg="create process:devrun" 
-time="2021-02-24T08:58:58Z" level=info msg="create process:debugrun" 
-time="2021-02-24T08:59:32Z" level=debug msg="no auth required" 
-time="2021-02-24T08:59:32Z" level=debug msg="succeed to find process:devrun" 
-time="2021-02-24T08:59:32Z" level=info msg="try to start program" program=devrun 
-time="2021-02-24T08:59:32Z" level=info msg="success to start program" program=devrun 
+time="2021-02-24T08:58:58Z" level=info msg="create process:devrun"
+time="2021-02-24T08:58:58Z" level=info msg="create process:debugrun"
+time="2021-02-24T08:59:32Z" level=debug msg="no auth required"
+time="2021-02-24T08:59:32Z" level=debug msg="succeed to find process:devrun"
+time="2021-02-24T08:59:32Z" level=info msg="try to start program" program=devrun
+time="2021-02-24T08:59:32Z" level=info msg="success to start program" program=devrun
 ODO_COMMAND_RUN is java -jar target/*.jar
 Executing command  java -jar target/*.jar
 [...]
diff --git a/modules/developer-cli-odo-creating-a-nodejs-application-by-using-a-devfile-in-a-disconnected-cluster.adoc b/modules/developer-cli-odo-creating-a-nodejs-application-by-using-a-devfile-in-a-disconnected-cluster.adoc
index 266c404ec41b..ff5b26b79c63 100644
--- a/modules/developer-cli-odo-creating-a-nodejs-application-by-using-a-devfile-in-a-disconnected-cluster.adoc
+++ b/modules/developer-cli-odo-creating-a-nodejs-application-by-using-a-devfile-in-a-disconnected-cluster.adoc
@@ -2,14 +2,14 @@
 //
 // * cli_reference/developer_cli_odo/
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="developer-cli-odo-creating-a-nodejs-application-by-using-a-devfile-in-a-disconnected-cluster_{context}"]
 
 = Creating a NodeJS application by using a devfile in a disconnected cluster
 
 [WARNING]
 ====
-This procedure is using external dependencies such as `nodejs-ex.git` application that are not maintained by Red Hat. These dependencies are not maintained with the documentation and their functionality cannot be guaranteed. 
+This procedure is using external dependencies such as `nodejs-ex.git` application that are not maintained by Red Hat. These dependencies are not maintained with the documentation and their functionality cannot be guaranteed.
 ====
 
 .Prerequisites
diff --git a/modules/developer-cli-odo-creating-a-project.adoc b/modules/developer-cli-odo-creating-a-project.adoc
index acf1ffc53218..002f17259441 100644
--- a/modules/developer-cli-odo-creating-a-project.adoc
+++ b/modules/developer-cli-odo-creating-a-project.adoc
@@ -5,7 +5,7 @@
 // * cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc
 // * cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-projects
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-project_{context}"]
 = Creating a project
 
diff --git a/modules/developer-cli-odo-creating-and-deploying-a-nodejs-application-with-odo.adoc b/modules/developer-cli-odo-creating-and-deploying-a-nodejs-application-with-odo.adoc
index 77b3746a88ad..62a83ac4a4c8 100644
--- a/modules/developer-cli-odo-creating-and-deploying-a-nodejs-application-with-odo.adoc
+++ b/modules/developer-cli-odo-creating-and-deploying-a-nodejs-application-with-odo.adoc
@@ -9,7 +9,7 @@ ifeval::["{context}" == "creating-a-multicomponent-application-with-odo"]
 :multi:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-nodejs-application-with-odo_{context}"]
 = Creating a Node.js application with {odo-title}
 
diff --git a/modules/developer-cli-odo-creating-services-from-yaml-files.adoc b/modules/developer-cli-odo-creating-services-from-yaml-files.adoc
index f33b7a9e91e0..fa38e0699b23 100644
--- a/modules/developer-cli-odo-creating-services-from-yaml-files.adoc
+++ b/modules/developer-cli-odo-creating-services-from-yaml-files.adoc
@@ -49,7 +49,7 @@ spec:
 $ odo service create --from-file etcd.yaml
 ----
 
-. Verify that the `EtcdCluster` service has started with one pod instead of the pre-configured three pods:
+. Verify that the `EtcdCluster` service has started with one pod instead of the preconfigured three pods:
 +
 [source,terminal]
 ----
diff --git a/modules/developer-cli-odo-debugging-an-application.adoc b/modules/developer-cli-odo-debugging-an-application.adoc
index a4fd9cc5d0ba..4dd9dfd9716a 100644
--- a/modules/developer-cli-odo-debugging-an-application.adoc
+++ b/modules/developer-cli-odo-debugging-an-application.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/creating_and_deploying_applications_with_odo/debugging-applications-in-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="debugging-an-application_{context}"]
 
 = Debugging an application
diff --git a/modules/developer-cli-odo-deleting-an-application.adoc b/modules/developer-cli-odo-deleting-an-application.adoc
index 3427953a2747..becd1538849d 100644
--- a/modules/developer-cli-odo-deleting-an-application.adoc
+++ b/modules/developer-cli-odo-deleting-an-application.adoc
@@ -4,7 +4,7 @@
 // * cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc
 // * cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-a-multicomponent-application-with-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deleting-an-application_{context}"]
 = Deleting an application
 
diff --git a/modules/developer-cli-odo-deploying-a-database-in-interactive-mode.adoc b/modules/developer-cli-odo-deploying-a-database-in-interactive-mode.adoc
index 7459638ad96e..57f31ee3d7e4 100644
--- a/modules/developer-cli-odo-deploying-a-database-in-interactive-mode.adoc
+++ b/modules/developer-cli-odo-deploying-a-database-in-interactive-mode.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/creating-an-application-with-a-database.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-a-database-in-interactive-mode_{context}"]
 = Deploying a database in interactive mode
 
diff --git a/modules/developer-cli-odo-deploying-a-java-application-using-a-devfile.adoc b/modules/developer-cli-odo-deploying-a-java-application-using-a-devfile.adoc
index 6e5bd97d0c8b..ecbb00572b80 100644
--- a/modules/developer-cli-odo-deploying-a-java-application-using-a-devfile.adoc
+++ b/modules/developer-cli-odo-deploying-a-java-application-using-a-devfile.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/creating-a-java-application-using-devfile
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-a-java-application-using-a-devfile_{context}"]
 = Deploying a Java application using a devfile
 
diff --git a/modules/developer-cli-odo-deploying-the-back-end-component.adoc b/modules/developer-cli-odo-deploying-the-back-end-component.adoc
index 99e01e88ef9c..160efc78fec7 100644
--- a/modules/developer-cli-odo-deploying-the-back-end-component.adoc
+++ b/modules/developer-cli-odo-deploying-the-back-end-component.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating-a-multicomponent-application-with-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-the-back-end-component_{context}"]
 
 = Deploying the back-end component
diff --git a/modules/developer-cli-odo-deploying-the-front-end-component.adoc b/modules/developer-cli-odo-deploying-the-front-end-component.adoc
index 269e3da609ff..d6cd9d42fc0e 100644
--- a/modules/developer-cli-odo-deploying-the-front-end-component.adoc
+++ b/modules/developer-cli-odo-deploying-the-front-end-component.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "creating-an-application-with-a-database"]
 :database:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-the-front-end-component_{context}"]
 
 = Deploying the front-end component
diff --git a/modules/developer-cli-odo-exposing-the-components-to-the-public.adoc b/modules/developer-cli-odo-exposing-the-components-to-the-public.adoc
index 3478a5de5959..4e9cb042bfbe 100644
--- a/modules/developer-cli-odo-exposing-the-components-to-the-public.adoc
+++ b/modules/developer-cli-odo-exposing-the-components-to-the-public.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating-a-multicomponent-application-with-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="exposing-the-components-to-the-public_{context}"]
 
 = Exposing components to the public
diff --git a/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-power.adoc b/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-power.adoc
index 34fd462aec70..d2f55ca78f82 100644
--- a/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-power.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-power.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/developer_cli_odo/installing-odo.adoc
 
 [id="installing-odo-on-linux-on-ibm-power_{context}"]
-= Installing {odo-title} on Linux on IBM Power
+= Installing {odo-title} on Linux on {ibm-power-title}
 
 [id="installing-odo-on-linux-on-ibm-power-binary_{context}"]
 == Binary installation
diff --git a/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-z.adoc b/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-z.adoc
index 38ab5abb40a1..24981bc2e1b1 100644
--- a/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-z.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-linux-on-ibm-z.adoc
@@ -4,7 +4,7 @@
 
 [id="installing-odo-on-linux-on-ibm-z"]
 
-= Installing {odo-title} on Linux on {ibmzProductName} and {linuxoneProductName}
+= Installing {odo-title} on Linux on {ibm-z-title} and {ibm-linuxone-title}
 
 == Binary installation
 
diff --git a/modules/developer-cli-odo-installing-odo-on-linux-rpm.adoc b/modules/developer-cli-odo-installing-odo-on-linux-rpm.adoc
index 73dcde59a2ce..e6a0f8a34ae7 100644
--- a/modules/developer-cli-odo-installing-odo-on-linux-rpm.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-linux-rpm.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-odo-on-linux-rpm_{context}"]
 
 = Installing {odo-title} on {op-system-base-full} using an RPM
@@ -37,9 +37,9 @@ For {op-system-base-full}, you can install the `{odo-title}` CLI as an RPM.
 
 . Enable the repositories required by `{odo-title}`:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-# subscription-manager repos --enable="ocp-tools-4.13-for-rhel-8-x86_64-rpms"
+# subscription-manager repos --enable="ocp-tools-{product-version}-for-rhel-8-x86_64-rpms"
 ----
 
 . Install the `{odo-title}` package:
diff --git a/modules/developer-cli-odo-installing-odo-on-linux.adoc b/modules/developer-cli-odo-installing-odo-on-linux.adoc
index f1598be3fc7d..241f64294f19 100644
--- a/modules/developer-cli-odo-installing-odo-on-linux.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-linux.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/installing-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-odo-on-linux_{context}"]
 
 = Installing {odo-title} on Linux
@@ -13,8 +13,8 @@ The `{odo-title}` CLI is available to download as a binary and as a tarball for
 |===
 |Operating System|Binary|Tarball
 |Linux|link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-amd64[odo-linux-amd64] |link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-amd64.tar.gz[odo-linux-amd64.tar.gz]
-|Linux on {ibmpowerProductName}|link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-ppc64le[odo-linux-ppc64le] |link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-ppc64le.tar.gz[odo-linux-ppc64le.tar.gz]
-|Linux on {ibmzProductName} and {linuxoneProductName}|link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-s390x[odo-linux-s390x] |link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-s390x.tar.gz[odo-linux-s390x.tar.gz]
+|Linux on {ibm-power-name}|link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-ppc64le[odo-linux-ppc64le] |link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-ppc64le.tar.gz[odo-linux-ppc64le.tar.gz]
+|Linux on {ibm-z-name} and {ibm-linuxone-name}|link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-s390x[odo-linux-s390x] |link:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/latest/odo-linux-s390x.tar.gz[odo-linux-s390x.tar.gz]
 |===
 
 
diff --git a/modules/developer-cli-odo-installing-odo-on-macos.adoc b/modules/developer-cli-odo-installing-odo-on-macos.adoc
index eac77e49908d..246937212852 100644
--- a/modules/developer-cli-odo-installing-odo-on-macos.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-macos.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/installing-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-odo-on-macos_{context}"]
 
 = Installing {odo-title} on macOS
diff --git a/modules/developer-cli-odo-installing-odo-on-vs-code.adoc b/modules/developer-cli-odo-installing-odo-on-vs-code.adoc
index ed7438a4d40a..fba15ab869d7 100644
--- a/modules/developer-cli-odo-installing-odo-on-vs-code.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-vs-code.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/installing-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-odo-on-vs-code_{context}"]
 
 = Installing odo on VS Code
diff --git a/modules/developer-cli-odo-installing-odo-on-windows.adoc b/modules/developer-cli-odo-installing-odo-on-windows.adoc
index 934fdb7c42ee..3ca0bc0bc225 100644
--- a/modules/developer-cli-odo-installing-odo-on-windows.adoc
+++ b/modules/developer-cli-odo-installing-odo-on-windows.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/installing-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-odo-on-windows_{context}"]
 
 = Installing {odo-title} on Windows
diff --git a/modules/developer-cli-odo-linking-both-components.adoc b/modules/developer-cli-odo-linking-both-components.adoc
index 009d6027756d..e473240071a3 100644
--- a/modules/developer-cli-odo-linking-both-components.adoc
+++ b/modules/developer-cli-odo-linking-both-components.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * cli_reference/developer_cli_odo/creating-a-multicomponent-application-with-odo.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="linking-both-components_{context}"]
 
 = Linking both components
diff --git a/modules/developer-cli-odo-listing-available-devfile-components.adoc b/modules/developer-cli-odo-listing-available-devfile-components.adoc
index d04a6f69d92f..a9f387cfa6ae 100644
--- a/modules/developer-cli-odo-listing-available-devfile-components.adoc
+++ b/modules/developer-cli-odo-listing-available-devfile-components.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/creating-a-java-application-using-devfile
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="listing-available-devfile-components_{context}"]
 = Listing available devfile components
 
diff --git a/modules/developer-cli-odo-mirroring-a-supported-builder-image.adoc b/modules/developer-cli-odo-mirroring-a-supported-builder-image.adoc
index 2c041622ab7d..0d3b4e895c45 100644
--- a/modules/developer-cli-odo-mirroring-a-supported-builder-image.adoc
+++ b/modules/developer-cli-odo-mirroring-a-supported-builder-image.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-a-component-to-the-disconnected-cluster
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mirroring-a-supported-builder-image_{context}"]
 = Mirroring a supported builder image
 
diff --git a/modules/developer-cli-odo-modifying-the-running-application.adoc b/modules/developer-cli-odo-modifying-the-running-application.adoc
index fd4b4295a83d..e9159e497815 100644
--- a/modules/developer-cli-odo-modifying-the-running-application.adoc
+++ b/modules/developer-cli-odo-modifying-the-running-application.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/creating-a-multicomponent--application-with-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-the-running-application_{context}"]
 
 = Modifying the running application
diff --git a/modules/developer-cli-odo-overwriting-a-mirror-registry.adoc b/modules/developer-cli-odo-overwriting-a-mirror-registry.adoc
index f970a33f62e9..fe5f4b332d42 100644
--- a/modules/developer-cli-odo-overwriting-a-mirror-registry.adoc
+++ b/modules/developer-cli-odo-overwriting-a-mirror-registry.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/creating-and-deploying-a-component-to-the-disconnected-cluster
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="overwriting-the-mirror-registry_{context}"]
 = Overwriting the mirror registry
 
diff --git a/modules/developer-cli-odo-preference-table.adoc b/modules/developer-cli-odo-preference-table.adoc
index 5fd8e5d2a27f..da86e2c87ea3 100644
--- a/modules/developer-cli-odo-preference-table.adoc
+++ b/modules/developer-cli-odo-preference-table.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="developer-cli-odo-preference-table_{context}"]
 = Preference key table
 
diff --git a/modules/developer-cli-odo-pushing-the-odo-init-image-to-a-mirror-registry.adoc b/modules/developer-cli-odo-pushing-the-odo-init-image-to-a-mirror-registry.adoc
index 4deb48351980..4877a6bb477c 100644
--- a/modules/developer-cli-odo-pushing-the-odo-init-image-to-a-mirror-registry.adoc
+++ b/modules/developer-cli-odo-pushing-the-odo-init-image-to-a-mirror-registry.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pushing-the-odo-init-image-to-a-mirror-registry_{context}"]
 = Pushing the `odo` init image to a mirror registry
 
diff --git a/modules/developer-cli-odo-pushing-the-odo-init-image-to-an-internal-registry-directly.adoc b/modules/developer-cli-odo-pushing-the-odo-init-image-to-an-internal-registry-directly.adoc
index 19da7763d919..b0c225db154e 100644
--- a/modules/developer-cli-odo-pushing-the-odo-init-image-to-an-internal-registry-directly.adoc
+++ b/modules/developer-cli-odo-pushing-the-odo-init-image-to-an-internal-registry-directly.adoc
@@ -2,7 +2,7 @@
 //
 // cli_reference/developer_cli_odo/using_odo_in_a_restricted_environment/pushing-the-odo-init-image-to-the-restricted-cluster-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pushing-the-odo-init-image-to-an-internal-registry-directly_{context}"]
 = Pushing the `odo` init image to an {product-registry} directly
 
diff --git a/modules/developer-cli-odo-ref-build-images.adoc b/modules/developer-cli-odo-ref-build-images.adoc
index 583725081047..d2f2e0e80ccd 100644
--- a/modules/developer-cli-odo-ref-build-images.adoc
+++ b/modules/developer-cli-odo-ref-build-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-build-images_{context}"]
 = odo build-images
 
diff --git a/modules/developer-cli-odo-ref-catalog.adoc b/modules/developer-cli-odo-ref-catalog.adoc
index cb3d28106157..db04884aa0f9 100644
--- a/modules/developer-cli-odo-ref-catalog.adoc
+++ b/modules/developer-cli-odo-ref-catalog.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-catalog_{context}"]
 = odo catalog
 
@@ -161,7 +161,7 @@ KIND:    Database
 VERSION: v1alpha1
 
 DESCRIPTION:
-     Database is the Schema for the the Database Database API
+     Database is the Schema for the Database API
 
 FIELDS:
    awsAccessKeyId (string)
diff --git a/modules/developer-cli-odo-ref-create.adoc b/modules/developer-cli-odo-ref-create.adoc
index 028c99c804b2..fee909938874 100644
--- a/modules/developer-cli-odo-ref-create.adoc
+++ b/modules/developer-cli-odo-ref-create.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-create_{context}"]
 = odo create
 
diff --git a/modules/developer-cli-odo-ref-delete.adoc b/modules/developer-cli-odo-ref-delete.adoc
index 1271628c1c61..ef0cee5282f6 100644
--- a/modules/developer-cli-odo-ref-delete.adoc
+++ b/modules/developer-cli-odo-ref-delete.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-delete_{context}"]
 = odo delete
 
diff --git a/modules/developer-cli-odo-ref-deploy.adoc b/modules/developer-cli-odo-ref-deploy.adoc
index 441b52f4a4c3..62e2cae66db3 100644
--- a/modules/developer-cli-odo-ref-deploy.adoc
+++ b/modules/developer-cli-odo-ref-deploy.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-deploy_{context}"]
 = odo deploy
 
diff --git a/modules/developer-cli-odo-ref-flags.adoc b/modules/developer-cli-odo-ref-flags.adoc
index 3e20ae4bf374..e780b6393b94 100644
--- a/modules/developer-cli-odo-ref-flags.adoc
+++ b/modules/developer-cli-odo-ref-flags.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-flags_{context}"]
 = Common flags
 
diff --git a/modules/developer-cli-odo-ref-json-output.adoc b/modules/developer-cli-odo-ref-json-output.adoc
index d9d850b4318d..ab0d31a50201 100644
--- a/modules/developer-cli-odo-ref-json-output.adoc
+++ b/modules/developer-cli-odo-ref-json-output.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-json-output_{context}"]
 = JSON output
 
diff --git a/modules/developer-cli-odo-ref-link.adoc b/modules/developer-cli-odo-ref-link.adoc
index faf1b4d1be2f..58d1086fbb39 100644
--- a/modules/developer-cli-odo-ref-link.adoc
+++ b/modules/developer-cli-odo-ref-link.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-link_{context}"]
 = odo link
 
diff --git a/modules/developer-cli-odo-ref-registry.adoc b/modules/developer-cli-odo-ref-registry.adoc
index abc4734bc63d..1e1c187173bf 100644
--- a/modules/developer-cli-odo-ref-registry.adoc
+++ b/modules/developer-cli-odo-ref-registry.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-registry_{context}"]
 = odo registry
 
diff --git a/modules/developer-cli-odo-ref-service.adoc b/modules/developer-cli-odo-ref-service.adoc
index e75982c528f8..af6daf5021ce 100644
--- a/modules/developer-cli-odo-ref-service.adoc
+++ b/modules/developer-cli-odo-ref-service.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-service_{context}"]
 = odo service
 
diff --git a/modules/developer-cli-odo-ref-storage.adoc b/modules/developer-cli-odo-ref-storage.adoc
index 467337948839..745305e8b4af 100644
--- a/modules/developer-cli-odo-ref-storage.adoc
+++ b/modules/developer-cli-odo-ref-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="odo-storage_{context}"]
 = odo storage
 
diff --git a/modules/developer-cli-odo-set-config.adoc b/modules/developer-cli-odo-set-config.adoc
index b946c88b6d88..46d3e3444ff6 100644
--- a/modules/developer-cli-odo-set-config.adoc
+++ b/modules/developer-cli-odo-set-config.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="developer-cli-odo-set-config_{context}"]
 = Setting a value
 
diff --git a/modules/developer-cli-odo-setting-and-unsetting-environment-variables.adoc b/modules/developer-cli-odo-setting-and-unsetting-environment-variables.adoc
index f386929b35d5..caf5d55f6186 100644
--- a/modules/developer-cli-odo-setting-and-unsetting-environment-variables.adoc
+++ b/modules/developer-cli-odo-setting-and-unsetting-environment-variables.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/managing-environment-variables-in-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-and-unsetting-environment-variables._{context}"]
 
 = Setting and unsetting environment variables
diff --git a/modules/developer-cli-odo-switching-between-ephemeral-and-persistent-storage.adoc b/modules/developer-cli-odo-switching-between-ephemeral-and-persistent-storage.adoc
index a412f1509437..9e9d6aa8c60f 100644
--- a/modules/developer-cli-odo-switching-between-ephemeral-and-persistent-storage.adoc
+++ b/modules/developer-cli-odo-switching-between-ephemeral-and-persistent-storage.adoc
@@ -2,17 +2,17 @@
 //
 // *cli_reference/developer_cli_odo/creating_and_deploying_applications_with_odo/working-with-storage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="switching-between-ephemeral-and-persistent-storage_{context}"]
 = Switching between ephemeral and persistent storage
 
 You can switch between ephemeral and persistent storage in your project by using the `odo preference` command. `odo preference` modifies the global preference in your cluster.
 
-When persistent storage is enabled, the cluster stores the information between the restarts. 
+When persistent storage is enabled, the cluster stores the information between the restarts.
 
 When ephemeral storage is enabled, the cluster does not store the information between the restarts.
 
-Ephemeral storage is enabled by default. 
+Ephemeral storage is enabled by default.
 
 .Procedure
 
diff --git a/modules/developer-cli-odo-unset-config.adoc b/modules/developer-cli-odo-unset-config.adoc
index a18da10de1ce..63fb36410f53 100644
--- a/modules/developer-cli-odo-unset-config.adoc
+++ b/modules/developer-cli-odo-unset-config.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="developer-cli-odo-unset-config_{context}"]
 = Unsetting a value
 
diff --git a/modules/developer-cli-odo-using-command-completion.adoc b/modules/developer-cli-odo-using-command-completion.adoc
index b17ad00196d3..7266febdb3b5 100644
--- a/modules/developer-cli-odo-using-command-completion.adoc
+++ b/modules/developer-cli-odo-using-command-completion.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-command-completion_{context}"]
 = Using command completion
 
diff --git a/modules/developer-cli-odo-view-config.adoc b/modules/developer-cli-odo-view-config.adoc
index d8cd5ef914ec..f52bd1d9d512 100644
--- a/modules/developer-cli-odo-view-config.adoc
+++ b/modules/developer-cli-odo-view-config.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/configuring-the-odo-cli.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="developer-cli-odo-view-config_{context}"]
 = Viewing the current configuration
 
diff --git a/modules/differences-between-machinesets-and-machineconfigpool.adoc b/modules/differences-between-machinesets-and-machineconfigpool.adoc
index be0e2f35297e..9c790c269c4b 100644
--- a/modules/differences-between-machinesets-and-machineconfigpool.adoc
+++ b/modules/differences-between-machinesets-and-machineconfigpool.adoc
@@ -4,7 +4,7 @@
 // * post_installation_configuration/cluster-tasks.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="differences-between-machinesets-and-machineconfigpool_{context}"]
 = Understanding the difference between compute machine sets and the machine config pool
 
diff --git a/modules/disabling-catalogsource-objects.adoc b/modules/disabling-catalogsource-objects.adoc
new file mode 100644
index 000000000000..c889a0700c23
--- /dev/null
+++ b/modules/disabling-catalogsource-objects.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * admin/olm-cs-podsched.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="disabling-catalogsource-objects_{context}"]
+= Disabling default CatalogSource objects at a local level
+
+You can apply persistent changes to a `CatalogSource` object, such as catalog source pods, at a local level, by disabling a default `CatalogSource` object. Consider the default configuration in situations where the default `CatalogSource` object's configuration does not meet your organization's needs. By default, if you modify fields in the `spec.grpcPodConfig` section of the   `CatalogSource` object, the Marketplace Operator automatically reverts these changes.
+
+The Marketplace Operator, `openshift-marketplace`, manages the default custom resources (CRs) of the `OperatorHub`. The `OperatorHub` manages `CatalogSource` objects.
+
+To apply persistent changes to `CatalogSource` object, you must first disable a default `CatalogSource` object.
+
+.Procedure
+
+* To disable all the default `CatalogSource` objects at a local level, enter the following command:
++
+[source,terminal]
+----
+$ oc patch operatorhub cluster -p '{"spec": {"disableAllDefaultSources": true}}' --type=merge
+----
++
+[NOTE]
+====
+You can also configure the default `OperatorHub` CR to either disable all `CatalogSource` objects or disable a specific object.
+====
diff --git a/modules/disabling-etcd-encryption.adoc b/modules/disabling-etcd-encryption.adoc
index 6f5d1ec95546..a561e23ad2f3 100644
--- a/modules/disabling-etcd-encryption.adoc
+++ b/modules/disabling-etcd-encryption.adoc
@@ -3,7 +3,7 @@
 // * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-etcd-encryption_{context}"]
 = Disabling etcd encryption
 
diff --git a/modules/disabling-insights-advisor-recommendations.adoc b/modules/disabling-insights-advisor-recommendations.adoc
index 2b0d256497fb..10f59c717e6e 100644
--- a/modules/disabling-insights-advisor-recommendations.adoc
+++ b/modules/disabling-insights-advisor-recommendations.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
-// * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-insights-advisor-recommendations_{context}"]
 = Disabling Insights Advisor recommendations
 
@@ -23,10 +22,15 @@ Disabling a recommendation for all of your clusters also applies to any future c
 .Procedure
 
 . Navigate to *Advisor* -> *Recommendations* on {cluster-manager-url}.
-. Click the name of the recommendation to disable. You are directed to the single recommendation page.
-. To disable the recommendation for a single cluster:
-.. Click the *Options* menu {kebab} for that cluster, and then click *Disable recommendation for cluster*.
+. Optional: Use the *Clusters Impacted* and *Status* filters as needed.
+. Disable an alert by using one of the following methods:
++
+* To disable an alert:
+.. Click the *Options* menu {kebab} for that alert, and then click *Disable recommendation*.
 .. Enter a justification note and click *Save*.
-. To disable the recommendation for all of your clusters:
-.. Click *Actions* -> *Disable recommendation*.
++
+* To view the clusters affected by this alert before disabling the alert:
+.. Click the name of the recommendation to disable. You are directed to the single recommendation page.
+.. Review the list of clusters in the *Affected clusters* section.
+.. Click *Actions* -> *Disable recommendation* to disable the alert for all of your clusters.
 .. Enter a justification note and click *Save*.
diff --git a/modules/disabling-insights-operator-alerts.adoc b/modules/disabling-insights-operator-alerts.adoc
index 564ecd965a48..a1e5ef5913a5 100644
--- a/modules/disabling-insights-operator-alerts.adoc
+++ b/modules/disabling-insights-operator-alerts.adoc
@@ -3,18 +3,45 @@
 // * support/remote_health_monitoring/using-insights-operator.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="disabling-insights-operator-alerts_{context}"]
 = Disabling Insights Operator alerts
 
-You can stop Insights Operator from firing alerts to the cluster Prometheus instance.
+ifndef::openshift-rosa,openshift-dedicated[]
+To prevent the Insights Operator from sending alerts to the cluster Prometheus instance, you edit the `support` secret. If the `support` secret doesn't exist, you must create it when you first add custom configurations. Note that configurations within the `support` secret take precedence over the default settings defined in the `pod.yaml` file.
+endif::openshift-rosa,openshift-dedicated[]
+ifndef::openshift-rosa,openshift-dedicated[]
+To prevent the Insights Operator from sending alerts to the cluster Prometheus instance, you edit the `support` secret. Note that this `secret` is created by default. The configurations stored in the support secret take precedence over any default settings specified in the `pod.yaml` file.
+endif::openshift-rosa,openshift-dedicated[]
+
+.Prerequisites
+
+* Remote health reporting is enabled, which is the default.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as `cluster-admin`.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+
+.Procedure
 
 . Navigate to *Workloads* -> *Secrets*.
 . On the *Secrets* page, select *All Projects* from the *Project* list, and then set *Show default projects* to on.
 . Select the *openshift-config* project from the *Projects* list.
-. Search for the *support* secret using the *Search by name* field. If the secret does not exist, click *Create* -> *Key/value secret* to create it.
+. Search for the *support* secret by using the *Search by name* field.
++
+* If the secret exists:
 . Click the *Options* menu {kebab}, and then click *Edit Secret*.
 . Click *Add Key/Value*.
-. Enter `disableInsightsAlerts` as the key with the value `True`, and click *Save*.
+.. In the *Key* field, enter `disableInsightsAlerts`.
+.. In the *Value* field, enter `True`.
++
+* If the secret does not exist:
+.. Click *Create* -> *Key/value secret*.
+... In the *Secret name* field, enter `support`.
+... In the *Key* field, enter `disableInsightsAlerts`.
+... In the *Value* field, enter `True`.
+.. Click *Create*.
 
-After you save the changes, Insights Operator will no longer send alerts to the cluster Prometheus instance. 
+After you save the changes, Insights Operator no longer sends alerts to the cluster Prometheus instance.
diff --git a/modules/disabling-insights-operator-gather.adoc b/modules/disabling-insights-operator-gather.adoc
index abfc419f6e0a..5b2d9e7c24fe 100644
--- a/modules/disabling-insights-operator-gather.adoc
+++ b/modules/disabling-insights-operator-gather.adoc
@@ -3,18 +3,28 @@
 // * support/remote_health_monitoring/using-insights-operator.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-insights-operator-gather_{context}"]
 = Disabling the Insights Operator gather operations
 
-You can disable the Insights Operator gather operations. Disabling the gather operations gives you the ability to increase privacy for your organization as Insights Operator will no longer gather and send Insights cluster reports to Red Hat. This will disable Insights analysis and recommendations for your cluster without affecting other core functions that require communication with Red Hat such as cluster transfers. You can view a list of attempted gather operations for your cluster from the `/insights-operator/gathers.json` file in your Insights Operator archive. Be aware that some gather operations only occur when certain conditions are met and might not appear in your most recent archive. 
+You can disable the Insights Operator gather operations. Disabling the gather operations gives you the ability to increase privacy for your organization as Insights Operator will no longer gather and send Insights cluster reports to Red Hat. This will disable Insights analysis and recommendations for your cluster without affecting other core functions that require communication with Red Hat such as cluster transfers. You can view a list of attempted gather operations for your cluster from the `/insights-operator/gathers.json` file in your Insights Operator archive. Be aware that some gather operations only occur when certain conditions are met and might not appear in your most recent archive.
 
-:FeatureName: The `InsightsDataGather` custom resource 
-include::snippets/technology-preview.adoc[] 
+:FeatureName: The `InsightsDataGather` custom resource
+include::snippets/technology-preview.adoc[]
+
+[NOTE]
+====
+If you enable Technology Preview in your cluster, the Insights Operator runs gather operations in individual pods. This is part of the Technology Preview feature set for the Insights Operator and supports the new data gathering features.
+====
 
 .Prerequisites
 
-* You are logged in to the {product-title} web console as a user with `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
@@ -22,7 +32,8 @@ include::snippets/technology-preview.adoc[]
 . On the *CustomResourceDefinitions* page, use the *Search by name* field to find the *InsightsDataGather* resource definition and click it.
 . On the *CustomResourceDefinition details* page, click the *Instances* tab.
 . Click *cluster*, and then click the *YAML* tab.
-. To disable all the gather operations, edit the `InsightsDataGather` configuration file:
+. Disable the gather operations by performing one of the following edits to the `InsightsDataGather` configuration file:
+.. To disable all the gather operations, enter `all` under the `disabledGatherers` key:
 +
 [source,yaml]
 ----
@@ -32,16 +43,17 @@ metadata:
 ....
 
 spec: <1>
-  gatherConfig: 
-    disabledGatherers: 
+  gatherConfig:
+    disabledGatherers:
       - all <2>
 ----
 +
 --
-<1> The `spec` parameter specifies gather configurations. 
+<1> The `spec` parameter specifies gather configurations.
 <2> The `all` value disables all gather operations.
 --
-To disable individual gather operations, enter their values under the `disabledGatherers` key:
+
+.. To disable individual gather operations, enter their values under the `disabledGatherers` key:
 +
 [source,yaml]
 ----
@@ -59,7 +71,7 @@ spec:
 +
 . Click *Save*.
 +
-After you save the changes, the Insights Operator gather configurations are updated and the operations will no longer occur. 
+After you save the changes, the Insights Operator gather configurations are updated and the operations will no longer occur.
 
 [NOTE]
 ====
diff --git a/modules/disabling-plug-in-browser.adoc b/modules/disabling-plug-in-browser.adoc
index 465c1b1a8626..a51a73926277 100644
--- a/modules/disabling-plug-in-browser.adoc
+++ b/modules/disabling-plug-in-browser.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/deploy-plugin-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-your-plugin-browser_{context}"]
 = Disabling your plugin in the browser
 
diff --git a/modules/disabling-project-self-provisioning.adoc b/modules/disabling-project-self-provisioning.adoc
index 662545ba8532..2ab131556a3e 100644
--- a/modules/disabling-project-self-provisioning.adoc
+++ b/modules/disabling-project-self-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/projects/configuring-project-creation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-project-self-provisioning_{context}"]
 = Disabling project self-provisioning
 
diff --git a/modules/disabling-redirect-private-storage-endpoint-azure.adoc b/modules/disabling-redirect-private-storage-endpoint-azure.adoc
new file mode 100644
index 000000000000..709976fa9d6f
--- /dev/null
+++ b/modules/disabling-redirect-private-storage-endpoint-azure.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-private-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="disabling-redirect-private-storage-endpoint-azure_{context}"]
+= Optional: Disabling redirect when using a private storage endpoint on Azure
+
+By default, redirect is enabled when using the image registry. Redirect allows off-loading of traffic from the registry pods into the object storage, which makes pull faster. When redirect is enabled and the storage account is private, users from outside of the cluster are unable to pull images from the registry. 
+
+In some cases, users might want to disable redirect so that users from outside of the cluster can pull images from the registry. 
+
+Use the following procedure to disable redirect.
+
+.Prerequisites
+
+* You have configured the image registry to run on Azure.
+* You have configured a route.
+
+.Procedure
+
+* Enter the following command to disable redirect on the image 
+registry configuration:
++
+[source,terminal]
+----
+$ oc patch configs.imageregistry cluster --type=merge -p '{"spec":{"disableRedirect": true}}'
+----
+
+.Verification
+
+. Fetch the registry service name by running the following command:
++
+[source,terminal]
+----
+$ oc registry info
+----
++
+.Example output
++
+[source,terminal]
+----
+default-route-openshift-image-registry.<cluster_dns>
+----
+
+. Enter the following command to log in to your container registry:
++
+[source,terminal]
+----
+$ podman login --tls-verify=false -u unused -p $(oc whoami -t) default-route-openshift-image-registry.<cluster_dns>
+----
++
+.Example output
++
+[source,terminal]
+----
+Login Succeeded!
+----
+
+. Enter the following command to verify that you can pull an image from the registry:
++
+[source,terminal]
+----
+$ podman pull --tls-verify=false default-route-openshift-image-registry.<cluster_dns>
+/openshift/tools
+----
++
+.Example output
++
+[source,terminal]
+----
+Trying to pull default-route-openshift-image-registry.<cluster_dns>/openshift/tools...
+Getting image source signatures
+Copying blob 6b245f040973 done
+Copying config 22667f5368 done
+Writing manifest to image destination
+Storing signatures
+22667f53682a2920948d19c7133ab1c9c3f745805c14125859d20cede07f11f9
+----
\ No newline at end of file
diff --git a/modules/disabling-transparent-huge-pages.adoc b/modules/disabling-transparent-huge-pages.adoc
index 528252bfcba2..4cb0b10a408a 100644
--- a/modules/disabling-transparent-huge-pages.adoc
+++ b/modules/disabling-transparent-huge-pages.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disable-thp_{context}"]
 = Disabling Transparent Huge Pages
 
diff --git a/modules/disconnected-osus-overview.adoc b/modules/disconnected-osus-overview.adoc
index 19ff74f791af..f737fdeb5f05 100644
--- a/modules/disconnected-osus-overview.adoc
+++ b/modules/disconnected-osus-overview.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/understanding-openshift-updates.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-service-overview_{context}"]
 
 = Using the OpenShift Update Service in a disconnected environment
@@ -11,4 +11,12 @@ The OpenShift Update Service (OSUS) provides update recommendations to {product-
 
 However, clusters in a disconnected environment cannot access these public APIs to retrieve update information. To have a similar update experience in a disconnected environment, you can install and configure the OpenShift Update Service locally so that it is available within the disconnected environment.
 
+A single OSUS instance is capable of serving recommendations to thousands of clusters.
+OSUS can be scaled horizontally to cater to more clusters by changing the replica value.
+So for most disconnected use cases, one OSUS instance is enough.
+For example, Red Hat hosts just one OSUS instance for the entire fleet of connected clusters.
+
+If you want to keep update recommendations separate in different environments, you can run one OSUS instance for each environment.
+For example, in a case where you have separate test and stage environments, you might not want a cluster in a stage environment to receive update recommendations to version A if that version has not been tested in the test environment yet.
+
 The following sections describe how to install a local OSUS instance and configure it to provide update recommendations to a cluster.
\ No newline at end of file
diff --git a/modules/displaying-all-insights-advisor-recommendations.adoc b/modules/displaying-all-insights-advisor-recommendations.adoc
index 770fef46d25c..667481a09fb0 100644
--- a/modules/displaying-all-insights-advisor-recommendations.adoc
+++ b/modules/displaying-all-insights-advisor-recommendations.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
-// * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="displaying-all-insights-advisor-recommendations_{context}"]
 = Displaying all Insights Advisor recommendations
 
diff --git a/modules/displaying-ovs-logs.adoc b/modules/displaying-ovs-logs.adoc
index ca1e90ec49e5..28b37cd57abb 100644
--- a/modules/displaying-ovs-logs.adoc
+++ b/modules/displaying-ovs-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="displaying-ovs-logs_{context}"]
 = Displaying Open vSwitch logs
 
diff --git a/modules/displaying-potential-issues-with-your-cluster.adoc b/modules/displaying-potential-issues-with-your-cluster.adoc
index 2d441f83da21..cf1e5ebcf8c5 100644
--- a/modules/displaying-potential-issues-with-your-cluster.adoc
+++ b/modules/displaying-potential-issues-with-your-cluster.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
-// * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="displaying-potential-issues-with-your-cluster_{context}"]
 = Displaying potential issues with your cluster
 
diff --git a/modules/displaying-the-insights-status-in-the-web-console.adoc b/modules/displaying-the-insights-status-in-the-web-console.adoc
index dfbd2add1ecd..c3f7989222c0 100644
--- a/modules/displaying-the-insights-status-in-the-web-console.adoc
+++ b/modules/displaying-the-insights-status-in-the-web-console.adoc
@@ -3,7 +3,7 @@
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 // * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="displaying-the-insights-status-in-the-web-console_{context}"]
 = Displaying the Insights status in the web console
 
diff --git a/modules/distr-tracing-accessing-jaeger-console.adoc b/modules/distr-tracing-accessing-jaeger-console.adoc
index 69ada6de56b7..5794717c27c8 100644
--- a/modules/distr-tracing-accessing-jaeger-console.adoc
+++ b/modules/distr-tracing-accessing-jaeger-console.adoc
@@ -1,9 +1,8 @@
 ////
 Module included in the following assemblies:
-* distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc
-* distr_tracing/distr_tracing_install/distr-tracing-deploying-otel.adoc
+* distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-accessing-jaeger-console_{context}"]
 = Accessing the Jaeger console
 
@@ -13,7 +12,7 @@ The installation process creates a route to access the Jaeger console.
 
 If you know the URL for the Jaeger console, you can access it directly. If you do not know the URL, use the following directions.
 
-.Procedure from OpenShift console
+.Procedure from the web console
 . Log in to the {product-title} web console as a user with cluster-admin rights. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
 
 . Navigate to *Networking* -> *Routes*.
@@ -38,7 +37,7 @@ The *Location* column displays the linked address for each route.
 
 .Procedure from the CLI
 
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
+. Log in to the {product-title} CLI as a user with the `cluster-admin` role by running the following command. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
 +
 [source,terminal]
 ----
diff --git a/modules/distr-tracing-architecture.adoc b/modules/distr-tracing-architecture.adoc
index fe03b691610b..eb9734a29411 100644
--- a/modules/distr-tracing-architecture.adoc
+++ b/modules/distr-tracing-architecture.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 -service_mesh/v2x/ossm-architecture.adoc
 -dist_tracing_arch/distr-tracing-architecture.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="distr-tracing-architecture_{context}"]
 = {DTProductName} architecture
 
@@ -25,6 +25,21 @@ This module included in the following assemblies:
 
 ** *Jaeger Console* – With the {JaegerName} user interface, you can visualize your distributed tracing data. On the Search page, you can find traces and explore details of the spans that make up an individual trace.
 
+* *{TempoName}* - This component is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo project].
+
+** *Gateway* – The Gateway handles authentication, authorization, and forwarding requests to the Distributor or Query front-end service.
+
+** *Distributor* – The Distributor accepts spans in multiple formats including Jaeger, OpenTelemetry, and Zipkin. It routes spans to Ingesters by hashing the `+traceID+` and using a distributed consistent hash ring.
+
+** *Ingester* – The Ingester batches a trace into blocks, creates bloom filters and indexes, and then flushes it all to the back end.
+
+** *Query Frontend* – The Query Frontend is responsible for sharding the search space for an incoming query. The search query is then sent to the Queriers. The Query Frontend deployment exposes the Jaeger UI through the Tempo Query sidecar.
+
+** *Querier* - The Querier is responsible for finding the requested trace ID in either the Ingesters or the back-end storage. Depending on parameters, it can query the Ingesters and pull Bloom indexes from the back end to search blocks in object storage.
+
+** *Compactor* – The Compactors stream blocks to and from the back-end storage to reduce the total number of blocks.
+
 * *{OTELName}* - This component is based on the open source link:https://opentelemetry.io/[OpenTelemetry project].
 
 ** *OpenTelemetry Collector* - The OpenTelemetry Collector is a vendor-agnostic way to receive, process, and export telemetry data. The OpenTelemetry Collector supports open-source observability data formats, for example, Jaeger and Prometheus, sending to one or more open-source or commercial back-ends. The Collector is the default location instrumentation libraries export their telemetry data.
+
diff --git a/modules/distr-tracing-change-operator-20.adoc b/modules/distr-tracing-change-operator-20.adoc
deleted file mode 100644
index 9ec4c14fad64..000000000000
--- a/modules/distr-tracing-change-operator-20.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-////
-This module included in the following assemblies:
-- dist_tracing/dist_tracing_install/dist-tracing-updating.adoc
-////
-
-[id="distr-tracing-changing-operator-channel_{context}"]
-= Changing the Operator channel for 2.0
-
-{DTProductName} 2.0.0 made the following changes:
-
-* Renamed the Red Hat OpenShift Jaeger Operator to the {JaegerName} Operator.
-
-* Stopped support for individual release channels. Going forward, the {JaegerName} Operator will only support the *stable* Operator channel. Maintenance channels, for example *1.24-stable*, will no longer be supported by future Operators.
-
-As part of the update to version 2.0, you must update your OpenShift Elasticsearch and {JaegerName} Operator subscriptions.
-
-.Prerequisites
-
-* The {product-title} version is 4.6 or later.
-* You have updated the OpenShift Elasticsearch Operator.
-* You have backed up the Jaeger custom resource file.
-* An account with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
diff --git a/modules/distr-tracing-config-default.adoc b/modules/distr-tracing-config-default.adoc
index 3c4488dd88a2..36f14cb22c78 100644
--- a/modules/distr-tracing-config-default.adoc
+++ b/modules/distr-tracing-config-default.adoc
@@ -1,14 +1,14 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-config-default_{context}"]
 = Distributed tracing default configuration options
 
 The Jaeger custom resource (CR) defines the architecture and settings to be used when creating the {JaegerShortName} resources. You can modify these parameters to customize your {JaegerShortName} implementation to your business needs.
 
-.Jaeger generic YAML example
+.Generic YAML example of the Jaeger CR
 [source,yaml]
 ----
 apiVersion: jaegertracing.io/v1
@@ -46,7 +46,7 @@ spec:
 |Parameter |Description |Values |Default value
 
 |`apiVersion:`
-||API version to use when creating the object.
+|API version to use when creating the object.
 |`jaegertracing.io/v1`
 |`jaegertracing.io/v1`
 
@@ -109,6 +109,7 @@ spec:
 |Configuration options that define the Ingester service.
 |
 |
+
 |===
 
 The following example YAML is the minimum required to create a {JaegerName} deployment using the default settings.
diff --git a/modules/distr-tracing-config-ingester.adoc b/modules/distr-tracing-config-ingester.adoc
index a6b4930dbbb8..533286b9f3db 100644
--- a/modules/distr-tracing-config-ingester.adoc
+++ b/modules/distr-tracing-config-ingester.adoc
@@ -1,8 +1,8 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-config-ingester_{context}"]
 = Ingester configuration options
 
diff --git a/modules/distr-tracing-config-jaeger-collector.adoc b/modules/distr-tracing-config-jaeger-collector.adoc
index 6a32b00d4b15..2f10da1bdb3b 100644
--- a/modules/distr-tracing-config-jaeger-collector.adoc
+++ b/modules/distr-tracing-config-jaeger-collector.adoc
@@ -1,8 +1,8 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-config-jaeger-collector_{context}"]
 = Jaeger Collector configuration options
 
@@ -63,4 +63,46 @@ The Collectors are stateless and thus many instances of Jaeger Collector can be
   log-level:
 |Logging level for the Collector.
 |Possible values: `debug`, `info`, `warn`, `error`, `fatal`, `panic`.
+
+|options:
+  otlp:
+    enabled: true
+    grpc:
+      host-port: 4317
+      max-connection-age: 0s
+      max-connection-age-grace: 0s
+      max-message-size: 4194304
+      tls:
+        enabled: false
+        cert: /path/to/cert.crt
+        cipher-suites: "TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256"
+        client-ca: /path/to/cert.ca
+        reload-interval: 0s
+        min-version: 1.2
+        max-version: 1.3
+|To accept OTLP/gRPC, explicitly enable the `otlp`. All the other options are optional.
+
+|options:
+  otlp:
+    enabled: true
+    http:
+      cors:
+        allowed-headers: [<header-name>[, <header-name>]*]
+        allowed-origins: *
+      host-port: 4318
+      max-connection-age: 0s
+      max-connection-age-grace: 0s
+      max-message-size: 4194304
+      read-timeout: 0s
+      read-header-timeout: 2s
+      idle-timeout: 0s
+      tls:
+        enabled: false
+        cert: /path/to/cert.crt
+        cipher-suites: "TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256"
+        client-ca: /path/to/cert.ca
+        reload-interval: 0s
+        min-version: 1.2
+        max-version: 1.3
+|To accept OTLP/HTTP, explicitly enable the `otlp`. All the other options are optional.
 |===
diff --git a/modules/distr-tracing-config-otel-collector.adoc b/modules/distr-tracing-config-otel-collector.adoc
deleted file mode 100644
index 3156c704d9e0..000000000000
--- a/modules/distr-tracing-config-otel-collector.adoc
+++ /dev/null
@@ -1,128 +0,0 @@
-////
-This module included in the following assemblies:
--distr_tracing_install/distributed-tracing-deploying-otel.adoc
-////
-:_content-type: REFERENCE
-[id="distr-tracing-config-otel-collector_{context}"]
-= OpenTelemetry Collector configuration options
-
-:FeatureName: The {OTELName} Operator
-include::snippets/technology-preview.adoc[leveloffset=+1]
-
-The OpenTelemetry Collector consists of three components that access telemetry data:
-
-* *Receivers* - A receiver, which can be push or pull based, is how data gets into the Collector. Generally, a receiver accepts data in a specified format, translates it into the internal format and passes it to processors and exporters defined in the applicable pipelines. By default, no receivers are configured. One or more receivers must be configured. Receivers may support one or more data sources.
-
-* *Processors* - (Optional) Processors are run on data between being received and being exported. By default, no processors are enabled. Processors must be enabled for every data source. Not all processors support all data sources. Depending on the data source, it may be recommended that multiple processors be enabled. In addition, it is important to note that the order of processors matters.
-
-* *Exporters* - An exporter, which can be push or pull based, is how you send data to one or more backends/destinations. By default, no exporters are configured. One or more exporters must be configured. Exporters may support one or more data sources. Exporters may come with default settings, but many require configuration to specify at least the destination and security settings.
-
-You can define multiple instances of components in a custom resource YAML file. Once configured, these components must be enabled through pipelines defined in the `spec.config.service` section of the YAML file. As a best practice you should only enable the components that you need.
-
-.sample OpenTelemetry collector custom resource file
-[source,yaml]
-----
-apiVersion: opentelemetry.io/v1alpha1
-kind: OpenTelemetryCollector
-metadata:
-  name: cluster-collector
-  namespace: tracing-system
-spec:
-  mode: deployment
-  config: |
-    receivers:
-      otlp:
-        protocols:
-          grpc:
-          http:
-    processors:
-    exporters:
-      jaeger:
-        endpoint: jaeger-production-collector-headless.tracing-system.svc:14250
-        tls:
-          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
-    service:
-      pipelines:
-        traces:
-          receivers: [otlp]
-          processors: []
-          exporters: [jaeger]
-----
-
-[NOTE]
-====
-If a component is configured, but not defined within the `service` section then it is not enabled.
-====
-
-.Parameters used by the Operator to define the OpenTelemetry Collector
-[options="header"]
-[cols="l, a, a, a"]
-|===
-|Parameter |Description |Values |Default
-|receivers:
-|A receiver is how data gets into the Collector. By default, no receivers are configured. There must be at least one enabled receiver for a configuration to be considered valid. Receivers are enabled by being added to a pipeline.
-|`otlp`, `jaeger`
-|None
-
-|receivers:
-  otlp:
-|The `oltp` and `jaeger` receivers come with default settings, specifying the name of the receiver is enough to configure it.
-|
-|
-
-|processors:
-|Processors run on data between being received and being exported. By default, no processors are enabled.
-|
-|None
-
-|exporters:
-|An exporter sends data to one or more backends/destinations. By default, no exporters are configured. There must be at least one enabled exporter for a configuration to be considered valid. Exporters are enabled by being added to a pipeline. Exporters may come with default settings, but many require configuration to specify at least the destination and security settings.
-|`logging`, `jaeger`
-|None
-
-|exporters:
- jaeger:
-  endpoint:
-
-|The `jaeger` exporter’s endpoint must be of the form `<name>-collector-headless.<namespace>.svc`, with the name and namespace of the Jaeger deployment, for a secure connection to be established.
-|
-|
-
-|exporters:
- jaeger:
-  tls:
-   ca_file:
-|Path to the CA certificate. For a client this verifies the server certificate. For a server this verifies client certificates. If empty uses system root CA.
-|
-|
-
-|service:
-  pipelines:
-|Components are enabled by adding them to a pipeline under `services.pipeline`.
-|
-|
-
-|service:
-  pipelines:
-    traces:
-      receivers:
-|You enable receivers for tracing by adding them under `service.pipelines.traces`.
-|
-|None
-
-|service:
-  pipelines:
-    traces:
-      processors:
-|You enable processors for tracing by adding them under `service.pipelines.traces`.
-|
-|None
-
-|service:
-  pipelines:
-    traces:
-      exporters:
-|You enable exporters for tracing by adding them under `service.pipelines.traces`.
-|
-|None
-|===
diff --git a/modules/distr-tracing-config-query.adoc b/modules/distr-tracing-config-query.adoc
index 1aa8ba06d64e..0071d3b4742e 100644
--- a/modules/distr-tracing-config-query.adoc
+++ b/modules/distr-tracing-config-query.adoc
@@ -1,8 +1,8 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-config-query_{context}"]
 = Query configuration options
 
diff --git a/modules/distr-tracing-config-sampling.adoc b/modules/distr-tracing-config-sampling.adoc
index 9e743c4072d9..f3aeeba8b74b 100644
--- a/modules/distr-tracing-config-sampling.adoc
+++ b/modules/distr-tracing-config-sampling.adoc
@@ -1,8 +1,8 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-config-sampling_{context}"]
 = Distributed tracing sampling configuration options
 
diff --git a/modules/distr-tracing-config-security-ossm-cli.adoc b/modules/distr-tracing-config-security-ossm-cli.adoc
index 8fe1119a7a54..61ddb075be4e 100644
--- a/modules/distr-tracing-config-security-ossm-cli.adoc
+++ b/modules/distr-tracing-config-security-ossm-cli.adoc
@@ -2,22 +2,22 @@
 This module included in the following assemblies:
 service_mesh/v2x/ossm-reference-jaeger.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-config-security-ossm-cli_{context}"]
 = Configuring distributed tracing security for service mesh from the command line
 
-You can modify the Jaeger resource to configure {JaegerShortName} security for use with {SMproductShortName} from the command line using the `oc` utility.
+You can modify the Jaeger resource to configure {JaegerShortName} security for use with {SMproductShortName} from the command line by running the {oc-first}.
 
 .Prerequisites
 
 * You have access to the cluster as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
 * The {SMProductName} Operator must be installed.
 * The `ServiceMeshControlPlane` deployed to the cluster.
-* You have access to the OpenShift CLI (oc) that matches your OpenShift Container Platform version.
+* You have access to the {oc-first} that matches your {product-title} version.
 
 .Procedure
 
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
+. Log in to the {oc-first} as a user with the `cluster-admin` role by running the following command. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
 +
 [source,terminal]
 ----
diff --git a/modules/distr-tracing-config-security-ossm-web.adoc b/modules/distr-tracing-config-security-ossm-web.adoc
index 9759190ae799..8a4004fe64ae 100644
--- a/modules/distr-tracing-config-security-ossm-web.adoc
+++ b/modules/distr-tracing-config-security-ossm-web.adoc
@@ -2,22 +2,22 @@
 This module included in the following assemblies:
 service_mesh/v2x/ossm-reference-jaeger.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-config-security-ossm-web_{context}"]
-= Configuring distributed tracing security for service mesh from the OpenShift console
+= Configuring distributed tracing security for service mesh from the web console
 
-You can modify the Jaeger resource to configure {JaegerShortName} security for use with {SMproductShortName} in the OpenShift console.
+You can modify the Jaeger resource to configure {JaegerShortName} security for use with {SMproductShortName} in the web console.
 
 .Prerequisites
 
 * You have access to the cluster as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
 * The {SMProductName} Operator must be installed.
 * The `ServiceMeshControlPlane` deployed to the cluster.
-* You have access to the OpenShift Container Platform web console.
+* You have access to the {product-title} web console.
 
 .Procedure
 
-. Log in to the {product-title} web console as a user with the `cluster-admin` role. 
+. Log in to the {product-title} web console as a user with the `cluster-admin` role.
 
 . Navigate to Operators → Installed Operators.
 
@@ -29,7 +29,7 @@ You can modify the Jaeger resource to configure {JaegerShortName} security for u
 
 . Click the name of your Jaeger instance.
 
-. On the Jaeger details page, click the `YAML` tab to modify your configuration.
+. On the Jaeger details page, click the *YAML* tab to modify your configuration.
 
 . Edit the `Jaeger` custom resource file to add the `htpasswd` configuration as shown in the following example.
 
diff --git a/modules/distr-tracing-config-security-ossm.adoc b/modules/distr-tracing-config-security-ossm.adoc
index 14bca9be19b5..c0a333db7014 100644
--- a/modules/distr-tracing-config-security-ossm.adoc
+++ b/modules/distr-tracing-config-security-ossm.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 service_mesh/v2x/ossm-reference-jaeger.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="distr-tracing-config-security-ossm_{context}"]
 = Configuring distributed tracing security for service mesh
 
diff --git a/modules/distr-tracing-config-storage.adoc b/modules/distr-tracing-config-storage.adoc
index 8947448d3432..8e02995c6a42 100644
--- a/modules/distr-tracing-config-storage.adoc
+++ b/modules/distr-tracing-config-storage.adoc
@@ -1,8 +1,8 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-config-storage_{context}"]
 = Distributed tracing storage configuration options
 
@@ -159,10 +159,10 @@ Minimum deployment = 16Gi*
 |`true`/`false`
 |`true`
 
-|
-3+|*Each Elasticsearch node can operate with a lower memory setting though this is NOT recommended for production deployments. For production use, you should have no less than 16Gi allocated to each pod by default, but preferably allocate as much as you can, up to 64Gi per pod.
 |===
 
+Each Elasticsearch node can operate with a lower memory setting though this is NOT recommended for production deployments. For production use, you must have no less than 16 Gi allocated to each pod by default, but preferably allocate as much as you can, up to 64 Gi per pod.
+
 .Production storage example
 [source,yaml]
 ----
@@ -618,7 +618,7 @@ spec:
 
 The following example shows a Jaeger CR using an external Elasticsearch cluster with TLS CA certificate mounted from a volume and user/password stored in a secret.
 
-.External Elasticsearch example:
+.External Elasticsearch example
 [source,yaml]
 ----
 apiVersion: jaegertracing.io/v1
diff --git a/modules/distr-tracing-deploy-default.adoc b/modules/distr-tracing-deploy-default.adoc
index 627adb8bc6f7..90688dbc3c1f 100644
--- a/modules/distr-tracing-deploy-default.adoc
+++ b/modules/distr-tracing-deploy-default.adoc
@@ -1,9 +1,9 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-deploy-default_{context}"]
 = Deploying the {DTShortName} default strategy from the web console
 
@@ -30,8 +30,8 @@ In-memory storage is not persistent. If the Jaeger pod shuts down, restarts, or
 ====
 If you are installing as part of Service Mesh, the {DTShortName} resources must be installed in the same namespace as the `ServiceMeshControlPlane` resource, for example `istio-system`.
 ====
-+
-.. Navigate to *Home* -> *Projects*.
+
+.. Go to *Home* -> *Projects*.
 
 .. Click *Create Project*.
 
@@ -63,19 +63,19 @@ Follow this procedure to create an instance of {JaegerShortName} from the comman
 
 * The {JaegerName} Operator has been installed and verified.
 * You have reviewed the instructions for how to customize the deployment.
-* You have access to the OpenShift CLI (`oc`) that matches your {product-title} version.
+* You have access to the {oc-first} that matches your {product-title} version.
 * You have access to the cluster as a user with the `cluster-admin` role.
 
 .Procedure
 
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role.
+. Log in to the {product-title} CLI as a user with the `cluster-admin` role by running the following command:
 +
 [source,terminal]
 ----
 $ oc login --username=<NAMEOFUSER> https://<HOSTNAME>:8443
 ----
 
-. Create a new project named `tracing-system`.
+. Create a new project named `tracing-system` by running the following command:
 +
 [source,terminal]
 ----
@@ -107,7 +107,7 @@ $ oc create -n tracing-system -f jaeger.yaml
 $ oc get pods -n tracing-system -w
 ----
 +
-After the installation process has completed, you should see output similar to the following example:
+After the installation process has completed, the output is similar to the following example:
 +
 [source,terminal]
 ----
diff --git a/modules/distr-tracing-deploy-production-es.adoc b/modules/distr-tracing-deploy-production-es.adoc
index 7420097adead..4e04535f1a61 100644
--- a/modules/distr-tracing-deploy-production-es.adoc
+++ b/modules/distr-tracing-deploy-production-es.adoc
@@ -1,9 +1,9 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-deploy-production_{context}"]
 = Deploying the {DTShortName} production strategy from the web console
 
@@ -26,7 +26,7 @@ The `production` deployment strategy is intended for production environments tha
 ====
 If you are installing as part of Service Mesh, the {DTShortName} resources must be installed in the same namespace as the `ServiceMeshControlPlane` resource, for example `istio-system`.
 ====
-+
+
 .. Navigate to *Home* -> *Projects*.
 
 .. Click *Create Project*.
@@ -44,7 +44,6 @@ If you are installing as part of Service Mesh, the {DTShortName} resources must
 . Under *Jaeger*, click *Create Instance*.
 
 . On the *Create Jaeger* page, replace the default `all-in-one` YAML text with your production YAML configuration, for example:
-
 +
 .Example jaeger-production.yaml file with Elasticsearch
 [source,yaml]
@@ -70,7 +69,6 @@ spec:
     esRollover:
       schedule: '*/30 * * * *'
 ----
-+
 
 . Click *Create* to create the {JaegerShortName} instance.
 
@@ -89,19 +87,19 @@ Follow this procedure to create an instance of {JaegerShortName} from the comman
 * The OpenShift Elasticsearch Operator has been installed.
 * The {JaegerName} Operator has been installed.
 * You have reviewed the instructions for how to customize the deployment.
-* You have access to the OpenShift CLI (`oc`) that matches your {product-title} version.
+* You have access to the {oc-first} that matches your {product-title} version.
 * You have access to the cluster as a user with the `cluster-admin` role.
 
 .Procedure
 
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role.
+. Log in to the {oc-first} as a user with the `cluster-admin` role by running the following command:
 +
 [source,terminal]
 ----
 $ oc login --username=<NAMEOFUSER> https://<HOSTNAME>:8443
 ----
 
-. Create a new project named `tracing-system`.
+. Create a new project named `tracing-system` by running the following command:
 +
 [source,terminal]
 ----
@@ -124,7 +122,7 @@ $ oc create -n tracing-system -f jaeger-production.yaml
 $ oc get pods -n tracing-system -w
 ----
 +
-After the installation process has completed, you should see output similar to the following example:
+After the installation process has completed, you will see output similar to the following example:
 +
 [source,terminal]
 ----
diff --git a/modules/distr-tracing-deploy-streaming.adoc b/modules/distr-tracing-deploy-streaming.adoc
index 473e522f7d12..341f038b68f5 100644
--- a/modules/distr-tracing-deploy-streaming.adoc
+++ b/modules/distr-tracing-deploy-streaming.adoc
@@ -1,9 +1,9 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-deploy-streaming_{context}"]
 = Deploying the {DTShortName} streaming strategy from the web console
 
@@ -18,7 +18,7 @@ The streaming strategy requires an additional Red Hat subscription for AMQ Strea
 
 [NOTE]
 ====
-The streaming deployment strategy is currently unsupported on {ibmzProductName}.
+The streaming deployment strategy is currently unsupported on {ibm-z-name}.
 ====
 
 .Prerequisites
@@ -33,13 +33,11 @@ The streaming deployment strategy is currently unsupported on {ibmzProductName}.
 . Log in to the {product-title} web console as a user with the `cluster-admin` role.
 
 . Create a new project, for example `tracing-system`.
-
 +
 [NOTE]
 ====
 If you are installing as part of Service Mesh, the {DTShortName} resources must be installed in the same namespace as the `ServiceMeshControlPlane` resource, for example `istio-system`.
 ====
-+
 
 .. Navigate to *Home* -> *Projects*.
 
@@ -58,7 +56,7 @@ If you are installing as part of Service Mesh, the {DTShortName} resources must
 . Under *Jaeger*, click *Create Instance*.
 
 . On the *Create Jaeger* page, replace the default `all-in-one` YAML text with your streaming YAML configuration, for example:
-
++
 .Example jaeger-streaming.yaml file
 [source,yaml]
 ----
@@ -73,8 +71,7 @@ spec:
       kafka:
         producer:
           topic: jaeger-spans
-          #Note: If brokers are not defined,AMQStreams 1.4.0+ will self-provision Kafka.
-          brokers: my-cluster-kafka-brokers.kafka:9092
+          brokers: my-cluster-kafka-brokers.kafka:9092 # <1>
   storage:
     type: elasticsearch
   ingester:
@@ -85,6 +82,7 @@ spec:
           brokers: my-cluster-kafka-brokers.kafka:9092
 
 ----
+<1> If the brokers are not defined, AMQStreams 1.4.0+ self-provisions Kafka.
 //TODO - find out if this storage configuration is correct for OpenShift
 
 . Click *Create* to create the {JaegerShortName} instance.
@@ -104,19 +102,19 @@ Follow this procedure to create an instance of {JaegerShortName} from the comman
 * The AMQ Streams Operator has been installed. If using version 1.4.0 or higher you can use self-provisioning. Otherwise you must create the Kafka instance.
 * The {JaegerName} Operator has been installed.
 * You have reviewed the instructions for how to customize the deployment.
-* You have access to the OpenShift CLI (`oc`) that matches your {product-title} version.
+* You have access to the {oc-first} that matches your {product-title} version.
 * You have access to the cluster as a user with the `cluster-admin` role.
 
 Procedure
 
-. Log in to the {product-title} CLI as a user with the `cluster-admin` role.
+. Log in to the {oc-first} as a user with the `cluster-admin` role by running the following command:
 +
 [source,terminal]
 ----
 $ oc login --username=<NAMEOFUSER> https://<HOSTNAME>:8443
 ----
 
-. Create a new project named `tracing-system`.
+. Create a new project named `tracing-system` by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/distr-tracing-deployment-best-practices.adoc b/modules/distr-tracing-deployment-best-practices.adoc
index 8e6098bc6140..9d8a59b1036c 100644
--- a/modules/distr-tracing-deployment-best-practices.adoc
+++ b/modules/distr-tracing-deployment-best-practices.adoc
@@ -1,15 +1,11 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="distr-tracing-deployment-best-practices_{context}"]
 = Deployment best practices
 
 * {DTProductName} instance names must be unique. If you want to have multiple {JaegerName} instances and are using sidecar injected agents, then the {JaegerName} instances should have unique names, and the injection annotation should explicitly specify the {JaegerName} instance name the tracing data should be reported to.
 
 * If you have a multitenant implementation and tenants are separated by namespaces, deploy a {JaegerName} instance to each tenant namespace.
-
-** Agent as a daemonset is not supported for multitenant installations or {product-dedicated}. Agent as a sidecar is the only supported configuration for these use cases.
-
-* If you are installing {DTShortName} as part of {SMProductName}, the {DTShortName} resources must be installed in the same namespace as the `ServiceMeshControlPlane` resource.
diff --git a/modules/distr-tracing-install-elasticsearch.adoc b/modules/distr-tracing-install-elasticsearch.adoc
index 822df38406e2..e55afe299b70 100644
--- a/modules/distr-tracing-install-elasticsearch.adoc
+++ b/modules/distr-tracing-install-elasticsearch.adoc
@@ -1,9 +1,9 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-installing.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-installing.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-operator-install-elasticsearch_{context}"]
 = Installing the OpenShift Elasticsearch Operator
 
@@ -45,7 +45,7 @@ The Elasticsearch installation requires the *openshift-operators-redhat* namespa
 ====
 +
 
-* Accept the default *Automatic* approval strategy. By accepting the default, when a new version of this Operator is available, Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without human intervention. If you select *Manual* updates, when a newer version of an Operator is available, OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the Operator updated to the new version.
+. Accept the default *Automatic* approval strategy. By accepting the default, when a new version of this Operator is available, Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without human intervention. If you select *Manual* updates, when a newer version of an Operator is available, OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the Operator updated to the new version.
 +
 [NOTE]
 ====
diff --git a/modules/distr-tracing-install-jaeger-operator.adoc b/modules/distr-tracing-install-jaeger-operator.adoc
index 37bcc6ba7cd7..1db98d064ffe 100644
--- a/modules/distr-tracing-install-jaeger-operator.adoc
+++ b/modules/distr-tracing-install-jaeger-operator.adoc
@@ -1,9 +1,9 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-installing.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-installing.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-jaeger-operator-install_{context}"]
 = Installing the {JaegerName} Operator
 
@@ -44,7 +44,6 @@ Do not install Community versions of the Operators. Community Operators are not
 ====
 The *Manual* approval strategy requires a user with appropriate credentials to approve the Operator install and subscription process.
 ====
-+
 
 . Click *Install*.
 
diff --git a/modules/distr-tracing-install-otel-operator.adoc b/modules/distr-tracing-install-otel-operator.adoc
deleted file mode 100644
index d85255daa30c..000000000000
--- a/modules/distr-tracing-install-otel-operator.adoc
+++ /dev/null
@@ -1,54 +0,0 @@
-////
-This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-installing.adoc
-////
-
-:_content-type: PROCEDURE
-[id="distr-tracing-install-otel-operator_{context}"]
-= Installing the {OTELName} Operator
-
-:FeatureName: The {OTELName} Operator
-include::snippets/technology-preview.adoc[leveloffset=+1]
-
-To install {OTELName}, you use the link:https://operatorhub.io/[OperatorHub] to install the {OTELName} Operator.
-
-By default, the Operator is installed in the `openshift-operators` project.
-
-.Prerequisites
-* You have access to the {product-title} web console.
-* You have access to the cluster as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
-
-[WARNING]
-====
-Do not install Community versions of the Operators. Community Operators are not supported.
-====
-
-.Procedure
-
-. Log in to the {product-title} web console as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
-
-. Navigate to *Operators* -> *OperatorHub*.
-
-. Type *distributed tracing data collection* into the filter to locate the {OTELName} Operator.
-
-. Click the *{OTELName} Operator* provided by Red Hat to display information about the Operator.
-
-. Click *Install*.
-
-. On the *Install Operator* page, accept the default *stable* Update channel. This automatically updates your Operator as new versions are released.
-
-. Accept the default *All namespaces on the cluster (default)*. This installs the Operator in the default `openshift-operators` project and makes the Operator available to all projects in the cluster.
-
-. Accept the default *Automatic* approval strategy. By accepting the default, when a new version of this Operator is available, Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without human intervention. If you select *Manual* updates, when a newer version of an Operator is available, OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the Operator updated to the new version.
-+
-[NOTE]
-====
-The *Manual* approval strategy requires a user with appropriate credentials to approve the Operator install and subscription process.
-====
-+
-
-. Click *Install*.
-
-. Navigate to *Operators* -> *Installed Operators*.
-
-. On the *Installed Operators* page, select the `openshift-operators` project. Wait until you see that the {OTELName} Operator shows a status of "Succeeded" before continuing.
diff --git a/modules/distr-tracing-install-overview.adoc b/modules/distr-tracing-install-overview.adoc
index d082c4e98944..7e0a7711daff 100644
--- a/modules/distr-tracing-install-overview.adoc
+++ b/modules/distr-tracing-install-overview.adoc
@@ -1,9 +1,9 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-installing.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-installing.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="distr-tracing-install-overview_{context}"]
 = {DTProductName} installation overview
 
diff --git a/modules/distr-tracing-product-overview.adoc b/modules/distr-tracing-product-overview.adoc
index d7519178e294..a7768e395e9c 100644
--- a/modules/distr-tracing-product-overview.adoc
+++ b/modules/distr-tracing-product-overview.adoc
@@ -1,19 +1,28 @@
-////
-This module included in the following assemblies:
--service_mesh/v2x/ossm-architecture.adoc
-- distributed-tracing-release-notes.adoc
--distr_tracing_arch/distr-tracing-architecture.adoc
--serverless/serverless-tracing.adoc
-////
-
-:_content-type: CONCEPT
+// Module included in the following assemblies:
+//
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-0.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-1.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-2.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-3.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-4.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-5.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-6.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-7.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-8.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-3-0.adoc
+// * distr_tracing_arch/distr-tracing-architecture.adoc
+// * service_mesh/v2x/ossm-architecture.adoc
+// * serverless/serverless-tracing.adoc
+
+:_mod-docs-content-type: CONCEPT
 [id="distr-tracing-product-overview_{context}"]
 = Distributed tracing overview
 
 As a service owner, you can use distributed tracing to instrument your services to gather insights into your service architecture.
-You can use {DTShortName} for monitoring, network profiling, and troubleshooting the interaction between components in modern, cloud-native, microservices-based applications.
+You can use the {DTProductName} for monitoring, network profiling, and troubleshooting the interaction between components in modern, cloud-native, microservices-based applications.
 
-With {DTShortName} you can perform the following functions:
+With the {DTShortName}, you can perform the following functions:
 
 * Monitor distributed transactions
 
@@ -21,8 +30,15 @@ With {DTShortName} you can perform the following functions:
 
 * Perform root cause analysis
 
-{DTProductName} consists of two main components:
+The {DTShortName} consists of three components:
 
-* *{JaegerName}* - This component is based on the open source link:https://www.jaegertracing.io/[Jaeger project].
+* *{JaegerName}*, which is based on the open source link:https://www.jaegertracing.io/[Jaeger project].
 
-* *{OTELNAME}* - This component is based on the open source link:https://opentelemetry.io/[OpenTelemetry project].
+* *{TempoName}*, which is based on the open source link:https://grafana.com/oss/tempo/[Grafana Tempo project].
+
+* *{OTELNAME}*, which is based on the open source link:https://opentelemetry.io/[OpenTelemetry project].
+
+[IMPORTANT]
+====
+Jaeger does not use FIPS validated cryptographic modules.
+====
diff --git a/modules/distr-tracing-removing-instance-cli.adoc b/modules/distr-tracing-removing-instance-cli.adoc
index cf9d94810e7f..4140602816ef 100644
--- a/modules/distr-tracing-removing-instance-cli.adoc
+++ b/modules/distr-tracing-removing-instance-cli.adoc
@@ -4,16 +4,36 @@ This module included in the following assemblies:
 ////
 
 [id="distr-tracing-removing-instance-cli_{context}"]
-= Removing a {JaegerName} instance from the CLI
+= Removing a {JaegerShortName} instance by using the CLI
 
-. Log in to the {product-title} CLI.
+You can remove a {JaegerShortName} instance on the command line.
+
+.Prerequisites
+
+* An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
++
+[TIP]
+====
+* Ensure that your {oc-first} version is up to date and matches your {product-title} version.
+
+* Run `oc login`:
++
+[source,terminal]
+----
+$ oc login --username=<your_username>
+----
+====
+
+.Procedure
+
+. Log in with the {oc-first} by running the following command:
 +
 [source,terminal]
 ----
 $ oc login --username=<NAMEOFUSER> 
 ----
 +
-. To display the {JaegerShortName} instances run the command:
+. To display the {JaegerShortName} instances, run the following command:
 +
 [source,terminal]
 ----
@@ -34,7 +54,7 @@ The names of Operators have the suffix `-operator`. The following example shows
 $ oc get deployments -n openshift-operators
 ----
 +
-You should see output similar to the following:
+You will see output similar to the following:
 +
 [source,terminal]
 ----
@@ -77,7 +97,7 @@ For example:
 $ oc get deployments -n openshift-operators
 ----
 +
-You should see generated output that is similar to the following example:
+You will see generated output that is similar to the following example:
 +
 [source,terminal]
 ----
diff --git a/modules/distr-tracing-removing-instance.adoc b/modules/distr-tracing-removing-instance.adoc
index 809277e3c3bc..0a03a8bb83fd 100644
--- a/modules/distr-tracing-removing-instance.adoc
+++ b/modules/distr-tracing-removing-instance.adoc
@@ -3,15 +3,21 @@ This module included in the following assemblies:
 - distr_tracing_install/dist-tracing-removing.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="distr-tracing-removing-instance_{context}"]
-= Removing a {JaegerName} instance using the web console
+= Removing a {JaegershortName} instance by using the web console
 
-[NOTE]
+You can remove a {JaegerShortName} instance in the *Administrator* view of the web console.
+
+[WARNING]
 ====
-When deleting an instance that uses the in-memory storage, all data is permanently lost. Data stored in a persistent storage such as Elasticsearch is not be deleted when a {JaegerName} instance is removed.
+When deleting an instance that uses in-memory storage, all data is irretrievably lost. Data stored in persistent storage such as Elasticsearch is not deleted when a {JaegerName} instance is removed.
 ====
 
+.Prerequisites
+
+* You are logged in to the web console as a cluster administrator with the `cluster-admin` role.
+
 .Procedure
 
 . Log in to the {product-title} web console.
diff --git a/modules/distr-tracing-rn-fixed-issues.adoc b/modules/distr-tracing-rn-fixed-issues.adoc
deleted file mode 100644
index 6fffaa723b2f..000000000000
--- a/modules/distr-tracing-rn-fixed-issues.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-////
-Module included in the following assemblies:
-* distributed-tracing-release-notes.adoc
-* service_mesh/v2x/servicemesh-release-notes.adoc
-////
-:_content-type: REFERENCE
-[id="distr-tracing-rn-fixed-issues_{context}"]
-= {DTProductName} fixed issues
-////
-Provide the following info for each issue if possible:
-Consequence - What user action or situation would make this problem appear (If you have the foo option enabled and did x)? What did the customer experience as a result of the issue? What was the symptom?
-Cause - Why did this happen?
-Fix - What did we change to fix the problem?
-Result - How has the behavior changed as a result? Try to avoid “It is fixed” or “The issue is resolved” or “The error no longer presents”.
-////
-
-* link:https://issues.redhat.com/browse/OSSM-1910[OSSM-1910]
-Because of an issue introduced in version 2.6, TLS connections could not be established with {product-title} {SMProductShortName}. 
-This update resolves the issue by changing the service port names to match conventions used by {product-title} {SMProductShortName} and Istio. 
-
-* link:https://issues.redhat.com/browse/OBSDA-208[OBSDA-208]
- Before this update, the default 200m CPU and 256Mi memory resource limits could cause {OTELShortName} to restart continuously on large clusters.
- This update resolves the issue by removing these resource limits.
-
-* link:https://issues.redhat.com/browse/OBSDA-222[OBSDA-222]
-Before this update, spans could be dropped in the {product-title} {JaegerShortName}. 
-To help prevent this issue from occurring, this release updates version dependencies.
-
-* link:https://issues.redhat.com/browse/TRACING-2337[TRACING-2337]
-Jaeger is logging a repetitive warning message in the Jaeger logs similar to the following:
-+
-[source,terminal]
-----
-{"level":"warn","ts":1642438880.918793,"caller":"channelz/logging.go:62","msg":"[core]grpc: Server.Serve failed to create ServerTransport: connection error: desc = \"transport: http2Server.HandleStreams received bogus greeting from client: \\\"\\\\x16\\\\x03\\\\x01\\\\x02\\\\x00\\\\x01\\\\x00\\\\x01\\\\xfc\\\\x03\\\\x03vw\\\\x1a\\\\xc9T\\\\xe7\\\\xdaCj\\\\xb7\\\\x8dK\\\\xa6\\\"\"","system":"grpc","grpc_log":true}
-----
-+
-This issue was resolved by exposing only the HTTP(S) port of the query service, and not the gRPC port.
-
-* link:https://issues.redhat.com/browse/TRACING-2009[TRACING-2009] The Jaeger Operator has been updated to include support for the Strimzi Kafka Operator 0.23.0.
-
-* link:https://issues.redhat.com/browse/TRACING-1907[TRACING-1907] The Jaeger agent sidecar injection was failing due to missing config maps in the application namespace. The config maps were getting automatically deleted due to an incorrect `OwnerReference` field setting and as a result, the application pods were not moving past the "ContainerCreating" stage. The incorrect settings have been removed.
-
-* link:https://issues.redhat.com/browse/TRACING-1725[TRACING-1725] Follow-up to TRACING-1631. Additional fix to ensure that Elasticsearch certificates are properly reconciled when there are multiple Jaeger production instances, using same name but within different namespaces. See also link:https://bugzilla.redhat.com/show_bug.cgi?id=1918920[BZ-1918920].
-
-* link:https://issues.jboss.org/browse/TRACING-1631[TRACING-1631] Multiple Jaeger production instances, using same name but within different namespaces, causing Elasticsearch certificate issue. When multiple service meshes were installed, all of the Jaeger Elasticsearch instances had the same Elasticsearch secret instead of individual secrets, which prevented the OpenShift Elasticsearch Operator from communicating with all of the Elasticsearch clusters.
-
-* link:https://issues.redhat.com/browse/TRACING-1300[TRACING-1300] Failed connection between Agent and Collector when using Istio sidecar. An update of the Jaeger Operator enabled TLS communication by default between a Jaeger sidecar agent and the Jaeger Collector.
-
-* link:https://issues.redhat.com/browse/TRACING-1208[TRACING-1208] Authentication "500 Internal Error" when accessing Jaeger UI. When trying to authenticate to the UI using OAuth, I get a 500 error because oauth-proxy sidecar doesn't trust the custom CA bundle defined at installation time with the `additionalTrustBundle`.
-
-* link:https://issues.redhat.com/browse/TRACING-1166[TRACING-1166] It is not currently possible to use the Jaeger streaming strategy within a disconnected environment. When a Kafka cluster is being provisioned, it results in a error: `Failed to pull image registry.redhat.io/amq7/amq-streams-kafka-24-rhel7@sha256:f9ceca004f1b7dccb3b82d9a8027961f9fe4104e0ed69752c0bdd8078b4a1076`.
-
-* link:https://issues.redhat.com/browse/TRACING-809[TRACING-809] Jaeger Ingester is incompatible with Kafka 2.3. When there are two or more instances of the Jaeger Ingester and enough traffic it will continuously generate rebalancing messages in the logs. This is due to a regression in Kafka 2.3 that was fixed in Kafka 2.3.1. For more information, see https://github.com/jaegertracing/jaeger/issues/1819[Jaegertracing-1819].
-
-* link:https://bugzilla.redhat.com/show_bug.cgi?id=1918920[BZ-1918920]/link:https://issues.redhat.com/browse/LOG-1619[LOG-1619] The Elasticsearch pods does not get restarted automatically after an update.
-+
-Workaround: Restart the pods manually.
diff --git a/modules/distr-tracing-rn-known-issues.adoc b/modules/distr-tracing-rn-known-issues.adoc
deleted file mode 100644
index 737bc1fbe259..000000000000
--- a/modules/distr-tracing-rn-known-issues.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-////
-Module included in the following assemblies:
-* service_mesh/v2x/servicemesh-release-notes.adoc
-* distributed-tracing--release-notes.adoc
-////
-:_content-type: REFERENCE
-[id="distr-tracing-rn-known-issues_{context}"]
-= {DTProductName} known issues
-
-////
-Consequence - What user action or situation would make this problem appear (Selecting the Foo option with the Bar version 1.3 plugin enabled results in an error message)? What did the customer experience as a result of the issue? What was the symptom?
-Cause (if it has been identified) - Why did this happen?
-Workaround (If there is one)- What can you do to avoid or negate the effects of this issue in the meantime? Sometimes if there is no workaround it is worthwhile telling readers to contact support for advice. Never promise future fixes.
-Result - If the workaround does not completely address the problem.
-////
-
-These limitations exist in {DTProductName}:
-
-* Apache Spark is not supported.
-ifndef::openshift-rosa[]
-
-* The streaming deployment via AMQ/Kafka is unsupported on IBM Z and IBM Power Systems.
-endif::openshift-rosa[]
-
-These are the known issues for {DTProductName}:
-
-* link:https://issues.redhat.com/browse/OBSDA-220[OBSDA-220] In some cases, if you try to pull an image using {OTELShortName}, the image pull fails and a `Failed to pull image` error message appears. 
-There is no workaround for this issue.
-
-* link:https://issues.redhat.com/browse/TRACING-2057[TRACING-2057] The Kafka API has been updated to `v1beta2` to support the Strimzi Kafka Operator 0.23.0. However, this API version is not supported by AMQ Streams 1.6.3. If you have the following environment, your Jaeger services will not be upgraded, and you cannot create new Jaeger services or modify existing Jaeger services:
-
-** Jaeger Operator channel: *1.17.x stable* or *1.20.x stable*
-** AMQ Streams Operator channel: *amq-streams-1.6.x*
-+
-To resolve this issue, switch the subscription channel for your AMQ Streams Operator to either *amq-streams-1.7.x* or *stable*.
diff --git a/modules/distr-tracing-rn-new-features.adoc b/modules/distr-tracing-rn-new-features.adoc
deleted file mode 100644
index cc2674c57079..000000000000
--- a/modules/distr-tracing-rn-new-features.adoc
+++ /dev/null
@@ -1,236 +0,0 @@
-////
-Module included in the following assemblies:
-- distributed-tracing-release-notes.adoc
-////
-////
-Feature – Describe the new functionality available to the customer. For enhancements, try to describe as specifically as possible where the customer will see changes.
-Reason – If known, include why has the enhancement been implemented (use case, performance, technology, etc.). For example, showcases integration of X with Y, demonstrates Z API feature, includes latest framework bug fixes.
-Result – If changed, describe the current user experience.
-////
-:_content-type: REFERENCE
-[id="distr-tracing-rn-new-features_{context}"]
-= New features and enhancements
-
-This release adds improvements related to the following components and concepts.
-
-== New features and enhancements {DTProductName} 2.8
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.8
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.42
-
-|{OTELName}
-|OpenTelemetry
-|0.74.0
-
-|{TempoName}
-|{TempoShortName}
-|0.1.0
-|===
-
-== New features and enhancements {DTProductName} 2.7
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.7
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.39
-
-|{OTELName}
-|OpenTelemetry
-|0.63.1
-|===
-
-== New features and enhancements {DTProductName} 2.6
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.6
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.38
-
-|{OTELName}
-|OpenTelemetry
-|0.60
-|===
-
-== New features and enhancements {DTProductName} 2.5
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-This release introduces support for ingesting OpenTelemetry protocol (OTLP) to the {JaegerName} Operator. The Operator now automatically enables the OTLP ports:
-
-* Port 4317 is used for OTLP gRPC protocol.
-* Port 4318 is used for OTLP HTTP protocol.
-
-This release also adds support for collecting Kubernetes resource attributes to the {OTELName} Operator.
-
-=== Component versions supported in {DTProductName} version 2.5
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.36
-
-|{OTELName}
-|OpenTelemetry
-|0.56
-|===
-
-
-== New features and enhancements {DTProductName} 2.4
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-This release also adds support for auto-provisioning certificates using the Red Hat Elasticsearch Operator.
-
-* Self-provisioning, which means using the {JaegerName} Operator to call the Red Hat Elasticsearch Operator during installation. Self provisioning is fully supported with this release.
-* Creating the Elasticsearch instance and certificates first and then configuring the {JaegerShortName} to use the certificate is a Technology Preview for this release.
-
-[NOTE]
-====
-When upgrading to {DTProductName} 2.4, the Operator recreates the Elasticsearch instance, which might take five to ten minutes. Distributed tracing will be down and unavailable for that period.
-====
-
-=== Component versions supported in {DTProductName} version 2.4
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.34.1
-
-|{OTELName}
-|OpenTelemetry
-|0.49
-|===
-
-== New features and enhancements {DTProductName} 2.3.1
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.3.1
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.30.2
-
-|{OTELName}
-|OpenTelemetry
-|0.44.1-1
-|===
-
-== New features and enhancements {DTProductName} 2.3.0
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-With this release, the {JaegerName} Operator is now installed to the `openshift-distributed-tracing` namespace by default. Before this update, the default installation had been in the `openshift-operators` namespace.
-
-=== Component versions supported in {DTProductName} version 2.3.0
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.30.1
-
-|{OTELName}
-|OpenTelemetry
-|0.44.0
-|===
-
-== New features and enhancements {DTProductName} 2.2.0
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.2.0
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.30.0
-
-|{OTELName}
-|OpenTelemetry
-|0.42.0
-|===
-
-== New features and enhancements {DTProductName} 2.1.0
-
-This release of {DTProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.1.0
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.29.1
-
-|{OTELName}
-|OpenTelemetry
-|0.41.1
-|===
-
-== New features and enhancements {DTProductName} 2.0.0
-
-This release marks the rebranding of Red Hat OpenShift Jaeger to {DTProductName}. This release consists of the following changes, additions, and improvements:
-
-* {DTProductName} now consists of the following two main components:
-
-** *{JaegerName}* - This component is based on the open source link:https://www.jaegertracing.io/[Jaeger project].
-
-** *{OTELName}* - This component is based on the open source link:https://opentelemetry.io/[OpenTelemetry project].
-
-* Updates {JaegerName} Operator to Jaeger 1.28. Going forward, {DTProductName} will only support the `stable` Operator channel. Channels for individual releases are no longer supported.
-
-* Introduces a new {OTELName} Operator based on OpenTelemetry 0.33. Note that this Operator is a Technology Preview feature.
-
-* Adds support for OpenTelemetry protocol (OTLP) to the Query service.
-
-* Introduces a new distributed tracing icon that appears in the OpenShift OperatorHub.
-
-* Includes rolling updates to the documentation to support the name change and new features.
-
-This release also addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
-
-=== Component versions supported in {DTProductName} version 2.0.0
-
-[options="header"]
-|===
-|Operator |Component |Version
-|{JaegerName}
-|Jaeger
-|1.28.0
-
-|{OTELName}
-|OpenTelemetry
-|0.33.0
-|===
diff --git a/modules/distr-tracing-rn-technology-preview.adoc b/modules/distr-tracing-rn-technology-preview.adoc
deleted file mode 100644
index bb06420e5a5d..000000000000
--- a/modules/distr-tracing-rn-technology-preview.adoc
+++ /dev/null
@@ -1,86 +0,0 @@
-////
-Module included in the following assemblies:
-- rhbjaeger-release-notes.adoc
-////
-:_content-type: CONCEPT
-[id="distr-tracing-rn-technology-preview_{context}"]
-= {DTProductName} Technology Preview
-////
-Provide the following info for each issue if possible:
-Description - Describe the new functionality available to the customer. For enhancements, try to describe as specifically as possible where the customer will see changes. Avoid the word “supports” as in [product] now supports [feature] to avoid customer confusion with full support. Say, for example, “available as a Technology Preview.”
-Package - A brief description of what the customer has to install or enable to use the Technology Preview feature. (e.g., available in quickstart.zip on customer portal, JDF website, container on registry, enable option, etc.)
-////
-
-[IMPORTANT]
-====
-Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
-
-For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
-====
-
-== {DTProductName} 2.8.0 Technology Preview
-
-This release introduces support for {TempoName} as a Technology Preview feature for {DTProductName}.
-The feature uses version 0.1.0 of {TempoName} and version 2.0.1 of the upstream {TempoShortName} components.
-
-You can use {TempoName} to replace Jaeger so that you can use S3-compatible storage instead of ElasticSearch.
-Most users who use {TempoName} instead of Jaeger will not notice any difference in functionality because {TempoShortName} supports the same ingestion and query protocols as Jaeger and uses the same user interface.
-
-If you enable this Technology Preview feature, note the following limitations of the current implementation:
-
-* {TempoName} currently does not support disconnected installations. (link:https://issues.redhat.com/browse/TRACING-3145[TRACING-3145])
-
-* When you use the Jaeger user interface (UI) with {TempoName}, the Jaeger UI lists only services that have sent traces within the last 15 minutes.
-For services that have not sent traces within the last 15 minutes, those traces are still stored even though they are not visible in the Jaeger UI. (link:https://issues.redhat.com/browse/TRACING-3139[TRACING-3139])
-
-Expanded support for the Tempo Operator is planned for future releases of {DTProductName}.
-Possible additional features might include support for TLS authentication, multitenancy, and multiple clusters.
-For more information about the Tempo Operator, see link:https://tempo-operator.netlify.app[the Tempo community documentation].
-
-== {DTProductName} 2.4.0 Technology Preview
-
-This release also adds support for auto-provisioning certificates using the Red Hat Elasticsearch Operator.
-
-* Self-provisioning, which means using the {JaegerName} Operator to call the Red Hat Elasticsearch Operator during installation. Self provisioning is fully supported with this release.
-* Creating the Elasticsearch instance and certificates first and then configuring the {JaegerShortName} to use the certificate is a Technology Preview for this release.
-
-== {DTProductName} 2.2.0 Technology Preview
-
-Unsupported OpenTelemetry Collector components included in the 2.1 release have been removed.
-
-== {DTProductName} 2.1.0 Technology Preview
-
-This release introduces a breaking change to how to configure certificates in the OpenTelemetry custom resource file. In the new version, the `ca_file` moves under `tls` in the custom resource, as shown in the following examples.
-
-.CA file configuration for OpenTelemetry version 0.33
-[source,yaml]
-----
-spec:
-  mode: deployment
-  config: |
-    exporters:
-      jaeger:
-        endpoint: jaeger-production-collector-headless.tracing-system.svc:14250
-        ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
-----
-
-.CA file configuration for OpenTelemetry version 0.41.1
-[source,yaml]
-----
-spec:
-  mode: deployment
-  config: |
-    exporters:
-      jaeger:
-        endpoint: jaeger-production-collector-headless.tracing-system.svc:14250
-        tls:
-          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
-----
-
-== {DTProductName} 2.0.0 Technology Preview
-
-This release includes the addition of the {OTELName}, which you install using the {OTELName} Operator. {OTELName} is based on the link:https://opentelemetry.io/[OpenTelemetry] APIs and instrumentation.
-
-{OTELName} includes the OpenTelemetry Operator and Collector. The Collector can be used to receive traces in either the OpenTelemetry or Jaeger protocol and send the trace data to {DTProductName}. Other capabilities of the Collector are not supported at this time.
-
-The OpenTelemetry Collector allows developers to instrument their code with vendor agnostic APIs, avoiding vendor lock-in and enabling a growing ecosystem of observability tooling.
diff --git a/modules/distr-tracing-sidecar-automatic.adoc b/modules/distr-tracing-sidecar-automatic.adoc
index 9c425dc12c7a..c71455add8fc 100644
--- a/modules/distr-tracing-sidecar-automatic.adoc
+++ b/modules/distr-tracing-sidecar-automatic.adoc
@@ -1,13 +1,13 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="dist-tracing-sidecar-automatic_{context}"]
 = Automatically injecting sidecars
 
-The {JaegerName} Operator can inject Jaeger Agent sidecars into Deployment workloads. To enable automatic injection of sidecars, add the `sidecar.jaegertracing.io/inject` annotation set to either the string `true` or to the {JaegerShortName} instance name that is returned by running `$ oc get jaegers`.
-When you specify `true`, there should be only a single {JaegerShortName} instance for the same namespace as the deployment, otherwise, the Operator cannot determine which {JaegerShortName} instance to use. A specific {JaegerShortName} instance name on a deployment has a higher precedence than `true` applied on its namespace.
+The {JaegerName} Operator can inject Jaeger Agent sidecars into deployment workloads. To enable automatic injection of sidecars, add the `sidecar.jaegertracing.io/inject` annotation set to either the string `true` or to the {JaegerShortName} instance name that is returned by running `$ oc get jaegers`.
+When you specify `true`, there must be only a single {JaegerShortName} instance for the same namespace as the deployment. Otherwise, the Operator is unable to determine which {JaegerShortName} instance to use. A specific {JaegerShortName} instance name on a deployment has a higher precedence than `true` applied on its namespace.
 
 The following snippet shows a simple application that will inject a sidecar, with the agent pointing to the single {JaegerShortName} instance available in the same namespace:
 
diff --git a/modules/distr-tracing-sidecar-manual.adoc b/modules/distr-tracing-sidecar-manual.adoc
index 1f914ed319cb..132edd5cb939 100644
--- a/modules/distr-tracing-sidecar-manual.adoc
+++ b/modules/distr-tracing-sidecar-manual.adoc
@@ -1,8 +1,8 @@
 ////
 This module included in the following assemblies:
-- distr_tracing_install/distr-tracing-deploying-jaeger.adoc
+- distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="distr-tracing-sidecar-manual_{context}"]
 = Manually injecting sidecars
 
diff --git a/modules/distr-tracing-tempo-config-default.adoc b/modules/distr-tracing-tempo-config-default.adoc
new file mode 100644
index 000000000000..489d9f66626f
--- /dev/null
+++ b/modules/distr-tracing-tempo-config-default.adoc
@@ -0,0 +1,150 @@
+// Module included in the following assemblies:
+//
+// * distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="distr-tracing-tempo-config-default_{context}"]
+= Distributed tracing default configuration options
+
+The Tempo custom resource (CR) defines the architecture and settings to be used when creating the {TempoShortName} resources. You can modify these parameters to customize your {TempoShortName} implementation to your business needs.
+
+.Example of a generic Tempo YAML file
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: name
+spec:
+  storage: {}
+  resources: {}
+  storageSize: 200M
+  replicationFactor: 1
+  retention: {}
+  template:
+      distributor:{}
+      ingester: {}
+      compactor: {}
+      querier: {}
+      queryFrontend: {}
+      gateway: {}
+----
+
+.Tempo parameters
+[options="header"]
+[cols="l, a, a, a"]
+|===
+|Parameter |Description |Values |Default value
+
+|apiVersion:
+|API version to use when creating the object.
+|`tempotracing.io/v1`
+|`tempotracing.io/v1`
+
+|kind:
+|Defines the kind of Kubernetes object to create.
+|`tempo`
+|
+
+|metadata:
+|Data that uniquely identifies the object, including a `name` string, `UID`, and optional `namespace`.
+|
+|{product-title} automatically generates the `UID` and completes the `namespace` with the name of the project where the object is created.
+
+|name:
+|Name for the object.
+|Name of your TempoStack instance.
+|`tempo-all-in-one-inmemory`
+
+|spec:
+|Specification for the object to be created.
+|Contains all of the configuration parameters for your TempoStack instance. When a common definition for all Tempo components is required, it is defined under the `spec` node. When the definition relates to an individual component, it is placed under the `spec/template/<component>` node.
+|N/A
+
+|resources:
+|Resources assigned to the TempoStack.
+|
+|
+
+|storageSize:
+|Storage size for ingester PVCs.
+|
+|
+
+|replicationFactor:
+|Configuration for the replication factor.
+|
+|
+
+|retention:
+|Configuration options for retention of traces.
+|
+|
+
+|storage:
+|Configuration options that define the storage. All storage-related options must be placed under `storage` and not under the `allInOne` or other component options.
+|
+|
+
+|template.distributor:
+|Configuration options for the Tempo `distributor`.
+|
+|
+
+|template.ingester:
+|Configuration options for the Tempo `ingester`.
+|
+|
+
+|template.compactor:
+|Configuration options for the Tempo `compactor`.
+|
+|
+
+|template.querier:
+|Configuration options for the Tempo `querier`.
+|
+|
+
+|template.queryFrontend:
+|Configuration options for the Tempo `query-frontend`.
+|
+|
+
+|template.gateway:
+|Configuration options for the Tempo `gateway`.
+|
+|
+
+|===
+
+
+
+.Minimum required configuration
+
+The following is the required minimum for creating a {TempoShortName} deployment with the default settings:
+
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: simplest
+spec:
+  storage: # <1>
+    secret:
+      name: minio
+      type: s3
+  resources:
+    total:
+      limits:
+        memory: 2Gi
+        cpu: 2000m
+  template:
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+        ingress:
+          type: route
+----
+<1> This section specifies the deployed object storage back end, which requires a created secret with credentials for access to the object storage.
diff --git a/modules/distr-tracing-tempo-config-multitenancy.adoc b/modules/distr-tracing-tempo-config-multitenancy.adoc
new file mode 100644
index 000000000000..4310887e58ef
--- /dev/null
+++ b/modules/distr-tracing-tempo-config-multitenancy.adoc
@@ -0,0 +1,151 @@
+// Module included in the following assemblies:
+//
+// * distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="distr-tracing-tempo-config-multitenancy_{context}"]
+= Multitenancy
+
+Multitenancy with authentication and authorization is provided in the Tempo Gateway service.
+The authentication uses OpenShift OAuth and the Kubernetes `TokenReview` API. The authorization uses the Kubernetes `SubjectAccessReview` API.
+
+.Sample Tempo CR with two tenants, `dev` and `prod`
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind:  TempoStack
+metadata:
+  name: simplest
+spec:
+  tenants:
+    mode: openshift # <1>
+    authentication: # <2>
+      - tenantName: dev # <3>
+        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfa" # <4>
+      - tenantName: prod
+        tenantId: "1610b0c3-c509-4592-a256-a1871353dbfb"
+  template:
+    gateway:
+      enabled: true # <5>
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+----
+
+<1> Must be set to `openshift`.
+<2> The list of tenants.
+<3> The tenant name. Must be provided in the `X-Scope-OrgId` header when ingesting the data.
+<4> A unique tenant ID.
+<5> Enables a gateway that performs authentication and authorization. The Jaeger UI is exposed at `http://<gateway-ingress>/api/traces/v1/<tenant-name>/search`.
+
+The authorization configuration uses the `ClusterRole` and `ClusterRoleBinding` of the Kubernetes Role-Based Access Control (RBAC). By default, no users have read or write permissions.
+
+.Sample of the read RBAC configuration that allows authenticated users to read the trace data of the `dev` and `prod` tenants
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tempostack-traces-reader
+rules:
+  - apiGroups:
+      - 'tempo.grafana.com'
+    resources: # <1>
+      - dev
+      - prod
+    resourceNames:
+      - traces
+    verbs:
+      - 'get' # <2>
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tempostack-traces-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tempostack-traces-reader
+subjects:
+  - kind: Group
+    apiGroup: rbac.authorization.k8s.io
+    name: system:authenticated # <3>
+----
+
+<1> Lists the tenants.
+<2> The `get` value enables the read operation.
+<3> Grants all authenticated users the read permissions for trace data.
+
+.Sample of the write RBAC configuration that allows the `otel-collector` service account to write the trace data for the `dev` tenant
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector # <1>
+  namespace: otel
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tempostack-traces-write
+rules:
+  - apiGroups:
+      - 'tempo.grafana.com'
+    resources: # <2>
+      - dev
+    resourceNames:
+      - traces
+    verbs:
+      - 'create' # <3>
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tempostack-traces
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tempostack-traces-write
+subjects:
+  - kind: ServiceAccount
+    name: otel-collector
+    namespace: otel
+----
+<1> The service account name for the client to use when exporting trace data. The client must send the service account token, `/var/run/secrets/kubernetes.io/serviceaccount/token`, as the bearer token header.
+<2> Lists the tenants.
+<3> The `create` value enables the write operation.
+
+Trace data can be sent to the Tempo instance from the OpenTelemetry Collector that uses the service account with RBAC for writing the data.
+
+.Sample OpenTelemetry CR configuration
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: cluster-collector
+  namespace: tracing-system
+spec:
+  mode: deployment
+  serviceAccount: otel-collector
+  config: |
+      extensions:
+        bearertokenauth:
+          filename: "/var/run/secrets/kubernetes.io/serviceaccount/token"
+      exporters:
+        otlp/dev:
+          endpoint: tempo-simplest-gateway.tempo.svc.cluster.local:8090
+          tls:
+            insecure: false
+            ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+          auth:
+            authenticator: bearertokenauth
+          headers:
+            X-Scope-OrgID: "dev"
+      service:
+        extensions: [bearertokenauth]
+        pipelines:
+          traces:
+            exporters: [otlp/dev]
+----
diff --git a/modules/distr-tracing-tempo-config-query-frontend.adoc b/modules/distr-tracing-tempo-config-query-frontend.adoc
new file mode 100644
index 000000000000..9230513396d4
--- /dev/null
+++ b/modules/distr-tracing-tempo-config-query-frontend.adoc
@@ -0,0 +1,67 @@
+// Module included in the following assemblies:
+//
+// * distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="distr-tracing-tempo-config-query_{context}"]
+= Query configuration options
+
+Query is a service that retrieves traces from storage and hosts the user interface to display them.
+
+.Parameters used by the {TempoOperator} to define Query
+[options="header"]
+[cols="l, a, a, a"]
+|===
+|Parameter |Description |Values |Default value
+
+|spec:
+  query:
+    replicas:
+|Specifies the number of Query replicas to create.
+|Positive integer
+|
+|===
+
+
+.Configuration parameters passed to Query
+[options="header"]
+[cols="l, a, a, a"]
+|===
+|Parameter |Description |Values |Default value
+
+|spec:
+  query:
+    options: {}
+|Configuration options that define the Query service.
+|
+|
+
+|options:
+  log-level:
+|Logging level for Query.
+|`debug`, `info`, `warn`, `error`, `fatal`, `panic`
+|
+
+|options:
+  query:
+    base-path:
+|You can set the base path for all tempo-query HTTP routes to a non-root value: for example, `/tempo` will cause all UI URLs to start with `/tempo`. This can be useful when running `tempo-query` behind a reverse proxy.
+|`/<path>`
+|
+|===
+
+.Sample Query configuration
+[source,yaml]
+----
+apiVersion: tempotracing.io/v1
+kind: "Tempo"
+metadata:
+  name: "my-tempo"
+spec:
+  strategy: allInOne
+  allInOne:
+    options:
+      log-level: debug
+      query:
+        base-path: /tempo
+----
diff --git a/modules/distr-tracing-tempo-config-spanmetrics.adoc b/modules/distr-tracing-tempo-config-spanmetrics.adoc
new file mode 100644
index 000000000000..9988bbc09d6a
--- /dev/null
+++ b/modules/distr-tracing-tempo-config-spanmetrics.adoc
@@ -0,0 +1,94 @@
+// Module included in the following assemblies:
+//
+// * distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="distr-tracing-tempo-config-spanmetrics_{context}"]
+= Configuration of the monitor tab in Jaeger UI
+
+Trace data contains rich information, and the data is normalized across instrumented languages and frameworks.
+Therefore, additional metrics can be extracted from traces. These metrics are request count, duration, and error count (RED).
+The metrics can be visualized in Jaeger console in the *Monitor* tab.
+
+The metrics are derived from spans in the OpenTelemetry Collector that are scraped from the Collector by the Prometheus deployed in the user-workload monitoring stack.
+The Jaeger UI queries these metrics from the Prometheus endpoint and visualizes them.
+
+== OpenTelemetry Collector configuration
+
+The OpenTelemetry Collector requires configuration of the `spanmetrics` connector that derives metrics from traces and exports the metrics in the Prometheus format.
+
+.OpenTelemetry Collector custom resource for span RED
+[source,yaml]
+----
+kind: OpenTelemetryCollector
+apiVersion: opentelemetry.io/v1alpha1
+metadata:
+  name: otel
+spec:
+  mode: deployment
+  observability:
+    metrics:
+      enableMetrics: true # <1>
+  config: |
+    connectors:
+      spanmetrics: # <2>
+        metrics_flush_interval: 15s
+
+    receivers:
+      otlp: # <3>
+        protocols:
+          grpc:
+          http:
+
+    exporters:
+      prometheus: # <4>
+        endpoint: 0.0.0.0:8889
+        add_metric_suffixes: false
+        resource_to_telemetry_conversion:
+          enabled: true # by default resource attributes are dropped
+
+      otlp:
+        endpoint: "tempo-simplest-distributor:4317"
+        tls:
+          insecure: true
+
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp, spanmetrics] # <5>
+        metrics:
+          receivers: [spanmetrics] # <6>
+          exporters: [prometheus]
+----
+<1> Creates the `ServiceMonitor` custom resource to enable scraping of the Prometheus exporter.
+<2> The Spanmetrics connector receives traces and exports metrics.
+<3> The OTLP receiver to receive spans in the OpenTelemetry protocol.
+<4> The Prometheus exporter is used to export metrics in the Prometheus format.
+<5> The Spanmetrics connector is configured as exporter in traces pipeline.
+<6> The Spanmetrics connector is configured as receiver in metrics pipeline.
+
+== Tempo configuration
+
+The `TempoStack` custom resource must specify the following: the *Monitor* tab is enabled, and the Prometheus endpoint is set to the Thanos querier service to query the data from the user-defined monitoring stack.
+
+.TempoStack custom resource with the enabled Monitor tab
+[source,yaml]
+----
+kind:  TempoStack
+apiVersion: tempo.grafana.com/v1alpha1
+metadata:
+  name: simplest
+spec:
+  template:
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+        monitorTab:
+          enabled: true # <1>
+          prometheusEndpoint: https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 # <2>
+        ingress:
+          type: route
+----
+<1> Enables the monitoring tab in the Jaeger console.
+<2> The service name for Thanos Querier from user-workload monitoring.
diff --git a/modules/distr-tracing-tempo-config-storage.adoc b/modules/distr-tracing-tempo-config-storage.adoc
new file mode 100644
index 000000000000..b2c71d4b4dcb
--- /dev/null
+++ b/modules/distr-tracing-tempo-config-storage.adoc
@@ -0,0 +1,39 @@
+
+// Module included in the following assemblies:
+//
+// * distr_tracing_tempo/distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="distr-tracing-tempo-config-storage_{context}"]
+= The {TempoShortName} storage configuration
+
+You can configure object storage for the {TempoShortName} in the `TempoStack` custom resource under `spec.storage`. You can choose from among several storage providers that are supported.
+
+.General storage parameters used by the {TempoOperator} to define distributed tracing storage
+[options="header"]
+[cols="l, a, a, a"]
+|===
+|Parameter |Description |Values |Default value
+|spec:
+  storage:
+    secret
+      type:
+|Type of storage to use for the deployment.
+|`memory`. Memory storage is only appropriate for development, testing, demonstrations, and proof of concept environments because the data does not persist when the pod is shut down.
+|`memory`
+
+|storage:
+  secretname:
+|Name of the secret that contains the credentials for the set object storage type.
+|
+|N/A
+
+|storage:
+  tls:
+    caName:
+|CA is the name of a `ConfigMap` object containing a CA certificate.
+|
+|
+|===
+
+include::snippets/distr-tracing-tempo-required-secret-parameters.adoc[]
diff --git a/modules/distr-tracing-tempo-configuring-tempooperator-metrics-and-alerts.adoc b/modules/distr-tracing-tempo-configuring-tempooperator-metrics-and-alerts.adoc
new file mode 100644
index 000000000000..4f69fe640442
--- /dev/null
+++ b/modules/distr-tracing-tempo-configuring-tempooperator-metrics-and-alerts.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-tempooperator-metrics-and-alerts_{context}"]
+= Configuring {TempoOperator} metrics and alerts
+
+When installing the {TempoOperator} from the web console, you can select the *Enable Operator recommended cluster monitoring on this Namespace* checkbox, which enables creating metrics and alerts of the {TempoOperator}.
+
+If the checkbox was not selected during installation, you can manually enable metrics and alerts even after installing the {TempoOperator}.
+
+.Procedure
+
+* Add the `openshift.io/cluster-monitoring: "true"` label in the project where the {TempoOperator} is installed, which is `openshift-tempo-operator` by default.
+
+.Verification
+
+You can use the *Administrator* view of the web console to verify successful configuration:
+
+. Go to *Observe* -> *Targets*, filter for *Source: Platform*, and search for `tempo-operator`, which must have the *Up* status.
+
+. To verify that alerts are set up correctly, go to *Observe* -> *Alerting* -> *Alerting rules*, filter for *Source: Platform*, and locate the *Alert rules* for the *{TempoOperator}*.
diff --git a/modules/distr-tracing-tempo-configuring-tempostack-metrics-and-alerts.adoc b/modules/distr-tracing-tempo-configuring-tempostack-metrics-and-alerts.adoc
new file mode 100644
index 000000000000..ad639edda6e4
--- /dev/null
+++ b/modules/distr-tracing-tempo-configuring-tempostack-metrics-and-alerts.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * distr-tracing-tempo-configuring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-tempostack-metrics-and-alerts_{context}"]
+= Configuring TempoStack metrics and alerts
+
+You can enable metrics and alerts of TempoStack instances.
+
+.Prerequisites
+
+* Monitoring for user-defined projects is enabled in the cluster. See xref:../../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects].
+
+.Procedure
+
+. To enable metrics of a TempoStack instance, set the `spec.observability.metrics.createServiceMonitors` field to `true`:
++
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: <name>
+spec:
+  observability:
+    metrics:
+      createServiceMonitors: true
+----
+
+. To enable alerts for a TempoStack instance, set the `spec.observability.metrics.createPrometheusRules` field to `true`:
++
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: <name>
+spec:
+  observability:
+    metrics:
+      createPrometheusRules: true
+----
+
+.Verification
+
+You can use the *Administrator* view of the web console to verify successful configuration:
+
+. Go to *Observe* -> *Targets*, filter for *Source: User*, and check that *ServiceMonitors* in the format `tempo-<instance_name>-<component>` have the *Up* status.
+
+. To verify that alerts are set up correctly, go to *Observe* -> *Alerting* -> *Alerting rules*, filter for *Source: User*, and check that the *Alert rules* for the TempoStack instance components are available.
diff --git a/modules/distr-tracing-tempo-install-cli.adoc b/modules/distr-tracing-tempo-install-cli.adoc
new file mode 100644
index 000000000000..e3479f0408c5
--- /dev/null
+++ b/modules/distr-tracing-tempo-install-cli.adoc
@@ -0,0 +1,220 @@
+// Module included in the following assemblies:
+//
+//* distr_tracing_tempo/distr-tracing-tempo-installing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="distr-tracing-tempo-install-cli_{context}"]
+= Installing the {TempoShortName} by using the CLI
+
+You can install the {TempoShortName} from the command line.
+
+.Prerequisites
+
+* An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
++
+[TIP]
+====
+* Ensure that your {oc-first} version is up to date and matches your {product-title} version.
+
+* Run `oc login`:
++
+[source,terminal]
+----
+$ oc login --username=<your_username>
+----
+====
+
+* You are using a supported provider of object storage: link:https://www.redhat.com/en/technologies/cloud-computing/openshift-data-foundation[Red Hat OpenShift Data Foundation], link:https://min.io/[MinIO], link:https://aws.amazon.com/s3/[Amazon S3], link:https://azure.microsoft.com/en-us/products/storage/blobs/[Azure Blob Storage], link:https://cloud.google.com/storage/[Google Cloud Storage].
+
+.Procedure
+
+. Install the {TempoOperator}:
+
+.. Create a project for the {TempoOperator} by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  labels:
+    kubernetes.io/metadata.name: openshift-tempo-operator
+    openshift.io/cluster-monitoring: "true"
+  name: openshift-tempo-operator
+EOF
+----
+
+.. Create an Operator group by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-tempo-operator
+  namespace: openshift-tempo-operator
+spec:
+  upgradeStrategy: Default
+EOF
+----
+
+.. Create a subscription by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: tempo-product
+  namespace: openshift-tempo-operator
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: tempo-product
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+EOF
+----
+
+.. Check the operator status by running the following command:
++
+[source,terminal]
+----
+$ oc get csv -n openshift-tempo-operator
+----
+
+. Run the following command to create a project of your choice for the TempoStack instance that you will create in a subsequent step:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  name: <project_of_tempostack_instance>
+EOF
+----
+
+. In the project that you created for the TempoStack instance, create a secret for your object storage bucket by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+<object_storage_secret>
+EOF
+----
++
+--
+include::snippets/distr-tracing-tempo-secret-example.adoc[]
+--
+
+. Create a TempoStack instance in the project that you created for the TempoStack instance.
++
+[NOTE]
+====
+You can create multiple TempoStack instances in separate projects on the same cluster.
+====
++
+.. Customize the `TempoStack` custom resource (CR):
++
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: sample
+  namespace: <project_of_tempostack_instance>
+spec:
+  storageSize: 1Gi
+  storage:
+      secret:
+          name: <secret-name> # <1>
+          type: <secret-provider> # <2>
+  template:
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+        ingress:
+          route:
+            termination: edge
+          type: route
+----
+<1> The value of the `name` in the `metadata` of the secret.
+<2> The accepted values are `azure` for Azure Blob Storage; `gcs` for Google Cloud Storage; and `s3` for Amazon S3, MinIO, or Red Hat OpenShift Data Foundation.
++
+.Example of a TempoStack CR for AWS S3 and MinIO storage
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: simplest
+  namespace: project_of_tempostack_instance
+spec:
+  storageSize: 1Gi
+  storage:
+    secret:
+      name: minio-test
+      type: s3
+  resources:
+    total:
+      limits:
+        memory: 2Gi
+        cpu: 2000m
+  template:
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+        ingress:
+          route:
+            termination: edge
+          type: route
+----
+The stack deployed in this example is configured to receive Jaeger Thrift over HTTP and OpenTelemetry Protocol (OTLP), which permits visualizing the data with the Jaeger UI.
+
+.. Apply the customized CR by running the following command.
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+<TempoStack_custom_resource>
+EOF
+----
+
+
+.Verification
+
+. Verify that the `status` of all TempoStack `components` is `Running` and the `conditions` are `type: Ready` by running the following command:
++
+[source,terminal]
+----
+$ oc get tempostacks.tempo.grafana.com simplest -o yaml
+----
+
+. Verify that all the TempoStack component pods are running by running the following command:
++
+[source,terminal]
+----
+$ oc get pods
+----
+
+. Access the Tempo console:
+
+.. Query the route details by running the following command:
++
+[source,terminal]
+----
+$ export TEMPO_URL=$(oc get route -n <control_plane_namespace> tempo -o jsonpath='{.spec.host}')
+----
+
+.. Open `\https://<route_from_previous_step>` in a web browser.
+
+.. Log in using your cluster administrator credentials for the web console.
++
+[NOTE]
+====
+The Tempo console initially shows no trace data following the Tempo console installation.
+====
diff --git a/modules/distr-tracing-tempo-install-web-console.adoc b/modules/distr-tracing-tempo-install-web-console.adoc
new file mode 100644
index 000000000000..e5af2c59ae86
--- /dev/null
+++ b/modules/distr-tracing-tempo-install-web-console.adoc
@@ -0,0 +1,137 @@
+// Module included in the following assemblies:
+//
+//* distr_tracing_tempo/distr-tracing-tempo-installing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="distr-tracing-tempo-install-web-console_{context}"]
+= Installing the {TempoShortName} from the web console
+
+You can install the {TempoShortName} from the *Administrator* view of the web console.
+
+.Prerequisites
+
+* You are logged in to the {product-title} web console as a cluster administrator with the `cluster-admin` role.
+
+* For {product-dedicated}, you must be logged in using an account with the `dedicated-admin` role.
+
+* You are using a supported provider of object storage: link:https://www.redhat.com/en/technologies/cloud-computing/openshift-data-foundation[Red Hat OpenShift Data Foundation], link:https://min.io/[MinIO], link:https://aws.amazon.com/s3/[Amazon S3], link:https://azure.microsoft.com/en-us/products/storage/blobs/[Azure Blob Storage], link:https://cloud.google.com/storage/[Google Cloud Storage].
+
+.Procedure
+
+. Install the {TempoOperator}:
+
+.. Go to *Operators* -> *OperatorHub* and search for `{TempoOperator}`.
+
+.. Select the *{TempoOperator}* that is *OpenShift Operator for Tempo* -> *Install* -> *Install* -> *View Operator*.
++
+[IMPORTANT]
+====
+This installs the Operator with the default presets:
+
+* *Update channel* -> *stable*
+* *Installation mode* -> *All namespaces on the cluster*
+* *Installed Namespace* -> *openshift-tempo-operator*
+* *Update approval* -> *Automatic*
+====
+
+.. In the *Details* tab of the page of the installed Operator, under *ClusterServiceVersion details*, verify that the installation *Status* is *Succeeded*.
+
+. Create a project of your choice for the *TempoStack* instance that you will create in a subsequent step: go to *Home* -> *Projects* -> *Create Project*.
+
+. In the project that you created for the *TempoStack* instance, create a secret for your object storage bucket: go to *Workloads* -> *Secrets* -> *Create* -> *From YAML*.
++
+--
+include::snippets/distr-tracing-tempo-secret-example.adoc[]
+--
+
+. Create a *TempoStack* instance.
++
+[NOTE]
+====
+You can create multiple *TempoStack* instances in separate projects on the same cluster.
+====
+
+.. Go to *Operators* -> *Installed Operators*.
+
+.. Select *TempoStack* -> *Create TempoStack* -> *YAML view*.
+
+.. In the *YAML view*, customize the `TempoStack` custom resource (CR):
++
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: sample
+  namespace: <project_of_tempostack_instance>
+spec:
+  storageSize: 1Gi
+  storage:
+    secret:
+      name: <secret-name> # <1>
+      type: <secret-provider> # <2>
+  template:
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+        ingress:
+          route:
+            termination: edge
+          type: route
+----
+<1> The value of the `name` in the `metadata` of the secret.
+<2> The accepted values are `azure` for Azure Blob Storage; `gcs` for Google Cloud Storage; and `s3` for Amazon S3, MinIO, or Red Hat OpenShift Data Foundation.
++
+.Example of a TempoStack CR for AWS S3 and MinIO storage
+[source,yaml]
+----
+apiVersion: tempo.grafana.com/v1alpha1
+kind: TempoStack
+metadata:
+  name: simplest
+  namespace: <project_of_tempostack_instance>
+spec:
+  storageSize: 1Gi
+  storage:
+    secret:
+      name: minio-test
+      type: s3
+  resources:
+    total:
+      limits:
+        memory: 2Gi
+        cpu: 2000m
+  template:
+    queryFrontend:
+      jaegerQuery:
+        enabled: true
+        ingress:
+          route:
+            termination: edge
+          type: route
+----
+The stack deployed in this example is configured to receive Jaeger Thrift over HTTP and OpenTelemetry Protocol (OTLP), which permits visualizing the data with the Jaeger UI.
+
+.. Select *Create*.
+
+
+.Verification
+
+. Use the *Project:* dropdown list to select the project of the *TempoStack* instance.
+
+. Go to *Operators* -> *Installed Operators* to verify that the *Status* of the *TempoStack* instance is *Condition: Ready*.
+
+. Go to *Workloads* -> *Pods* to verify that all the component pods of the *TempoStack* instance are running.
+
+. Access the Tempo console:
+
+.. Go to *Networking* -> *Routes* and kbd:[Ctrl+F] to search for `tempo`.
+
+.. In the *Location* column, open the URL to access the Tempo console.
+
+.. Select *Log In With OpenShift* to use your cluster administrator credentials for the web console.
++
+[NOTE]
+====
+The Tempo console initially shows no trace data following the Tempo console installation.
+====
diff --git a/modules/distr-tracing-tempo-remove-cli.adoc b/modules/distr-tracing-tempo-remove-cli.adoc
new file mode 100644
index 000000000000..ec4024467557
--- /dev/null
+++ b/modules/distr-tracing-tempo-remove-cli.adoc
@@ -0,0 +1,52 @@
+//Module included in the following assemblies:
+//
+//* distr_tracing_install/dist-tracing-tempo-removing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="distr-tracing-removing-tempo-instance-cli_{context}"]
+= Removing a TempoStack instance by using the CLI
+
+You can remove a TempoStack instance on the command line.
+
+.Prerequisites
+
+* An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
++
+[TIP]
+====
+* Ensure that your {oc-first} version is up to date and matches your {product-title} version.
+
+* Run `oc login`:
++
+[source,terminal]
+----
+$ oc login --username=<your_username>
+----
+====
+
+.Procedure
+
+. Get the name of the TempoStack instance by running the following command:
++
+[source,terminal]
+----
+$ oc get deployments -n <project_of_tempostack_instance>
+----
+
+. Remove the TempoStack instance by running the following command:
++
+[source,terminal]
+----
+$ oc delete tempo <tempostack_instance_name> -n <project_of_tempostack_instance>
+----
+
+. Optional: Remove the {TempoOperator}.
+
+.Verification
+
+. Run the following command to verify that the TempoStack instance is not found in the output, which indicates its successful removal:
++
+[source,terminal]
+----
+$ oc get deployments -n <project_of_tempostack_instance>
+----
diff --git a/modules/distr-tracing-tempo-remove-web-console.adoc b/modules/distr-tracing-tempo-remove-web-console.adoc
new file mode 100644
index 000000000000..be42f2a7c6e2
--- /dev/null
+++ b/modules/distr-tracing-tempo-remove-web-console.adoc
@@ -0,0 +1,23 @@
+//Module included in the following assemblies:
+//
+//* distr_tracing_install/dist-tracing-tempo-removing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="distr-tracing-removing-tempo-instance_{context}"]
+= Removing a TempoStack instance by using the web console
+
+You can remove a TempoStack instance in the *Administrator* view of the web console.
+
+.Prerequisites
+
+* You are logged in to the {product-title} web console as a cluster administrator with the `cluster-admin` role.
+
+* For {product-dedicated}, you must be logged in using an account with the `dedicated-admin` role.
+
+.Procedure
+
+. Go to *Operators* -> *Installed Operators* -> *{TempoOperator}* -> *TempoStack*.
+
+. To remove the TempoStack instance, select {kebab} -> *Delete TempoStack* -> *Delete*.
+
+. Optional: Remove the {TempoOperator}.
diff --git a/modules/distr-tracing-tempo-storage-ref.adoc b/modules/distr-tracing-tempo-storage-ref.adoc
new file mode 100644
index 000000000000..27289a6709f7
--- /dev/null
+++ b/modules/distr-tracing-tempo-storage-ref.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+//* distr_tracing_tempo/distr-tracing-tempo-installing.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="distr-tracing-tempo-object-storage-setup_{context}"]
+= Object storage setup
+
+You can use the following configuration parameters when setting up a supported object storage.
+
+--
+include::snippets/distr-tracing-tempo-required-secret-parameters.adoc[]
+--
diff --git a/modules/distr-tracing-upgrading-es5-es6.adoc b/modules/distr-tracing-upgrading-es5-es6.adoc
index d2c0107a0622..e484ecb23900 100644
--- a/modules/distr-tracing-upgrading-es5-es6.adoc
+++ b/modules/distr-tracing-upgrading-es5-es6.adoc
@@ -10,43 +10,43 @@ When updating from Elasticsearch 5 to 6, you must delete your {JaegerShortName}
 
 .Procedure if {JaegerShortName} is installed as part of {SMProductName}
 
-. Determine the name of your Jaeger custom resource file. In this example, `istio-system` is the control plane namespace.
+. Determine the name of your Jaeger custom resource file by running the following command. In this example, `istio-system` is the control plane namespace.
 +
 [source,terminal]
 ----
 $ oc get jaeger -n <istio-system>
 ----
 +
-You should see something like the following:
+You will see output similar to the following:
 +
 [source,terminal]
 ----
 NAME    STATUS   VERSION    STRATEGY     STORAGE         AGE
 jaeger  Running  1.24.1     production   elasticsearch   d21h
 ----
-+
-. Copy the generated custom resource file into a temporary directory:
+
+. Copy the generated custom resource file into a temporary directory by running the following command:
 +
 [source,terminal]
 ----
 $ oc get jaeger jaeger -oyaml -n <istio-system> > /tmp/jaeger-cr.yaml
 ----
-+
-. Delete the {JaegerShortName} instance:
+
+. Delete the {JaegerShortName} instance by running the following command:
 +
 [source,terminal]
 ----
 $ oc delete jaeger jaeger -n <istio-system>
 ----
-+
-. Recreate the {JaegerShortName} instance from your copy of the custom resource file:
+
+. Recreate the {JaegerShortName} instance from your copy of the custom resource file by running the following command:
 +
 [source,terminal]
 ----
 $ oc create -f /tmp/jaeger-cr.yaml -n <istio-system>
 ----
-+
-. Delete the copy of the generated custom resource file:
+
+. Delete the copy of the generated custom resource file by running the following command:
 +
 [source,terminal]
 ----
@@ -58,7 +58,7 @@ $ rm /tmp/jaeger-cr.yaml
 
 Before you begin, create a copy of your Jaeger custom resource file.
 
-. Delete the {JaegerShortName} instance by deleting the custom resource file:
+. Run the following command to delete the Jaeger custom resource file, which deletes the {JaegerShortName} instance:
 +
 [source,terminal]
 ----
@@ -71,18 +71,18 @@ For example:
 ----
 $ oc delete -f jaeger-prod-elasticsearch.yaml
 ----
-+
-. Recreate your {JaegerShortName} instance from the backup copy of your custom resource file:
+
+. Recreate your {JaegerShortName} instance from the backup copy of your custom resource file by running the following command:
 +
 [source,terminal]
 ----
 $ oc create -f <jaeger-cr-file>
 ----
-+
-. Validate that your pods have restarted:
+
+. Validate that your pods have restarted by running the following command:
 +
 [source,terminal]
 ----
 $ oc get pods -n <tracing-system> -w
 ----
-+
+
diff --git a/modules/dr-hosted-cluster-within-aws-region-backup.adoc b/modules/dr-hosted-cluster-within-aws-region-backup.adoc
index cb30ed2bac4d..6071307cb444 100644
--- a/modules/dr-hosted-cluster-within-aws-region-backup.adoc
+++ b/modules/dr-hosted-cluster-within-aws-region-backup.adoc
@@ -2,7 +2,7 @@
 //
 // * hcp-backup-restore-dr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dr-hosted-cluster-within-aws-region-backup_{context}"]
 = Backing up a hosted cluster
 
diff --git a/modules/dr-hosted-cluster-within-aws-region-delete.adoc b/modules/dr-hosted-cluster-within-aws-region-delete.adoc
index 887e8c67ed50..e7bd0f3fefb2 100644
--- a/modules/dr-hosted-cluster-within-aws-region-delete.adoc
+++ b/modules/dr-hosted-cluster-within-aws-region-delete.adoc
@@ -2,7 +2,7 @@
 //
 // * hcp-backup-restore-dr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dr-hosted-cluster-within-aws-region-delete_{context}"]
 = Deleting a hosted cluster from your source management cluster
 
@@ -21,6 +21,13 @@ Ensure that the `kubeconfig` file of the destination management cluster is place
 
 . Scale the `deployment` and `statefulset` objects by entering these commands:
 +
+[IMPORTANT]
+====
+Do not scale the stateful set if the value of its `spec.persistentVolumeClaimRetentionPolicy.whenScaled` field is set to `Delete`, because this could lead to a loss of data.
+
+As a workaround, update the value of the `spec.persistentVolumeClaimRetentionPolicy.whenScaled` field to `Retain`. Ensure that no controllers exist that reconcile the stateful set and would return the value back to `Delete`, which could lead to a loss of data.
+====
++
 [source,terminal]
 ----
 # Just in case
diff --git a/modules/dr-hosted-cluster-within-aws-region-restore.adoc b/modules/dr-hosted-cluster-within-aws-region-restore.adoc
index 2e73f04aa59e..e05d1657c7eb 100644
--- a/modules/dr-hosted-cluster-within-aws-region-restore.adoc
+++ b/modules/dr-hosted-cluster-within-aws-region-restore.adoc
@@ -2,11 +2,11 @@
 //
 // * hcp-backup-restore-dr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dr-hosted-cluster-within-aws-region-restore_{context}"]
 = Restoring a hosted cluster
 
-Gather all of the objects that you backed up and restore them in your destination management cluster. 
+Gather all of the objects that you backed up and restore them in your destination management cluster.
 
 .Prerequisites
 
diff --git a/modules/dr-hosted-cluster-within-aws-region-script.adoc b/modules/dr-hosted-cluster-within-aws-region-script.adoc
index a1049b78ee52..5bbe35b177a7 100644
--- a/modules/dr-hosted-cluster-within-aws-region-script.adoc
+++ b/modules/dr-hosted-cluster-within-aws-region-script.adoc
@@ -2,7 +2,7 @@
 //
 // * hcp-backup-restore-dr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dr-hosted-cluster-within-aws-region-script_{context}"]
 = Running a script to back up and restore a hosted cluster
 
diff --git a/modules/dr-recover-expired-control-plane-certs.adoc b/modules/dr-recover-expired-control-plane-certs.adoc
index c70cda469977..2b6786c4cd4c 100644
--- a/modules/dr-recover-expired-control-plane-certs.adoc
+++ b/modules/dr-recover-expired-control-plane-certs.adoc
@@ -2,7 +2,7 @@
 //
 // * disaster_recovery/scenario-3-expired-certs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dr-scenario-3-recovering-expired-certs_{context}"]
 = Recovering from expired control plane certificates
 
diff --git a/modules/dr-restoring-cluster-state-about.adoc b/modules/dr-restoring-cluster-state-about.adoc
index afba3a3db5eb..451140c56b51 100644
--- a/modules/dr-restoring-cluster-state-about.adoc
+++ b/modules/dr-restoring-cluster-state-about.adoc
@@ -2,7 +2,7 @@
 //
 // * disaster_recovery/scenario-2-restoring-cluster-state.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="dr-scenario-2-restoring-cluster-state-about_{context}"]
 = About restoring cluster state
 
diff --git a/modules/dr-restoring-cluster-state.adoc b/modules/dr-restoring-cluster-state.adoc
index aa45e1690263..5bc34208fe25 100644
--- a/modules/dr-restoring-cluster-state.adoc
+++ b/modules/dr-restoring-cluster-state.adoc
@@ -4,28 +4,28 @@
 // * post_installation_configuration/cluster-tasks.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dr-scenario-2-restoring-cluster-state_{context}"]
 = Restoring to a previous cluster state
 
-You can use a saved etcd backup to restore a previous cluster state or restore a cluster that has lost the majority of control plane hosts.
+You can use a saved `etcd` backup to restore a previous cluster state or restore a cluster that has lost the majority of control plane hosts.
 
 [NOTE]
 ====
-If your cluster uses a control plane machine set, see "Troubleshooting the control plane machine set" for a more simple etcd recovery procedure.
+If your cluster uses a control plane machine set, see "Troubleshooting the control plane machine set" for a more simple `etcd` recovery procedure.
 ====
 
 [IMPORTANT]
 ====
-When you restore your cluster, you must use an etcd backup that was taken from the same z-stream release. For example, an {product-title} 4.7.2 cluster must use an etcd backup that was taken from 4.7.2.
+When you restore your cluster, you must use an `etcd` backup that was taken from the same z-stream release. For example, an {product-title} 4.7.2 cluster must use an `etcd` backup that was taken from 4.7.2.
 ====
 
 .Prerequisites
 
-* Access to the cluster as a user with the `cluster-admin` role.
+* Access to the cluster as a user with the `cluster-admin` role through a certificate-based `kubeconfig` file, like the one that was used during installation.
 * A healthy control plane host to use as the recovery host.
 * SSH access to control plane hosts.
-* A backup directory containing both the etcd snapshot and the resources for the static pods, which were from the same backup. The file names in the directory must be in the following formats: `snapshot_<datetimestamp>.db` and `static_kuberesources_<datetimestamp>.tar.gz`.
+* A backup directory containing both the `etcd` snapshot and the resources for the static pods, which were from the same backup. The file names in the directory must be in the following formats: `snapshot_<datetimestamp>.db` and `static_kuberesources_<datetimestamp>.tar.gz`.
 
 [IMPORTANT]
 ====
@@ -38,69 +38,140 @@ For non-recovery control plane nodes, it is not required to establish SSH connec
 
 . Establish SSH connectivity to each of the control plane nodes, including the recovery host.
 +
-The Kubernetes API server becomes inaccessible after the restore process starts, so you cannot access the control plane nodes. For this reason, it is recommended to establish SSH connectivity to each control plane host in a separate terminal.
+`kube-apiserver` becomes inaccessible after the restore process starts, so you cannot access the control plane nodes. For this reason, it is recommended to establish SSH connectivity to each control plane host in a separate terminal.
 +
 [IMPORTANT]
 ====
 If you do not complete this step, you will not be able to access the control plane hosts to complete the restore procedure, and you will be unable to recover your cluster from this state.
 ====
 
-. Copy the etcd backup directory to the recovery control plane host.
+. Copy the `etcd` backup directory to the recovery control plane host.
 +
-This procedure assumes that you copied the `backup` directory containing the etcd snapshot and the resources for the static pods to the `/home/core/` directory of your recovery control plane host.
+This procedure assumes that you copied the `backup` directory containing the `etcd` snapshot and the resources for the static pods to the `/home/core/` directory of your recovery control plane host.
 
 . Stop the static pods on any other control plane nodes.
 +
 [NOTE]
 ====
-It is not required to manually stop the pods on the recovery host. The recovery script will stop the pods on the recovery host.
+You do not need to stop the static pods on the recovery host.
 ====
 
 .. Access a control plane host that is not the recovery host.
 
-.. Move the existing etcd pod file out of the kubelet manifest directory:
+.. Move the existing etcd pod file out of the kubelet manifest directory by running:
 +
 [source,terminal]
 ----
 $ sudo mv /etc/kubernetes/manifests/etcd-pod.yaml /tmp
 ----
 
-.. Verify that the etcd pods are stopped.
+.. Verify that the `etcd` pods are stopped by using:
 +
 [source,terminal]
 ----
 $ sudo crictl ps | grep etcd | egrep -v "operator|etcd-guard"
 ----
 +
-The output of this command should be empty. If it is not empty, wait a few minutes and check again.
+If the output of this command is not empty, wait a few minutes and check again.
 
-.. Move the existing Kubernetes API server pod file out of the kubelet manifest directory:
+.. Move the existing `kube-apiserver` file out of the kubelet manifest directory by running:
 +
 [source,terminal]
 ----
 $ sudo mv /etc/kubernetes/manifests/kube-apiserver-pod.yaml /tmp
 ----
 
-.. Verify that the Kubernetes API server pods are stopped.
+.. Verify that the `kube-apiserver` containers are stopped by running:
 +
 [source,terminal]
 ----
 $ sudo crictl ps | grep kube-apiserver | egrep -v "operator|guard"
 ----
 +
-The output of this command should be empty. If it is not empty, wait a few minutes and check again.
+If the output of this command is not empty, wait a few minutes and check again.
+
+.. Move the existing `kube-controller-manager` file out of the kubelet manifest directory by using:
++
+[source,terminal]
+----
+$ sudo mv /etc/kubernetes/manifests/kube-controller-manager-pod.yaml /tmp
+----
+
+.. Verify that the `kube-controller-manager` containers are stopped by running:
++
+[source,terminal]
+----
+$ sudo crictl ps | grep kube-controller-manager | egrep -v "operator|guard"
+----
+If the output of this command is not empty, wait a few minutes and check again.
+
+.. Move the existing `kube-scheduler` file out of the kubelet manifest directory by using:
++
+[source,terminal]
+----
+$ sudo mv /etc/kubernetes/manifests/kube-scheduler-pod.yaml /tmp
+----
 
-.. Move the etcd data directory to a different location:
+.. Verify that the `kube-scheduler` containers are stopped by using:
++
+[source,terminal]
+----
+$ sudo crictl ps | grep kube-scheduler | egrep -v "operator|guard"
+---- 
+If the output of this command is not empty, wait a few minutes and check again.
+
+.. Move the `etcd` data directory to a different location with the following example:
 +
 [source,terminal]
 ----
 $ sudo mv /var/lib/etcd/ /tmp
 ----
 
+.. If the `/etc/kubernetes/manifests/keepalived.yaml` file exists, follow these steps:
+
+... Move the `/etc/kubernetes/manifests/keepalived.yaml` file out of the kubelet manifest directory:
++
+[source,terminal]
+----
+$ sudo mv /etc/kubernetes/manifests/keepalived.yaml /tmp
+----
+
+... Verify that any containers managed by the `keepalived` daemon are stopped:
++
+[source,terminal]
+----
+$ sudo crictl ps --name keepalived
+----
++
+The output of this command should be empty. If it is not empty, wait a few minutes and check again.
+
+... Check if the control plane has any Virtual IPs (VIPs) assigned to it:
++
+[source,terminal]
+----
+$ ip -o address | egrep '<api_vip>|<ingress_vip>'
+----
+
+... For each reported VIP, run the following command to remove it:
++
+[source,terminal]
+----
+$ sudo ip address del <reported_vip> dev <reported_vip_device>
+----
+
 .. Repeat this step on each of the other control plane hosts that is not the recovery host.
 
 . Access the recovery control plane host.
 
+. If the `keepalived` daemon is in use, verify that the recovery control plane node owns the VIP:
++
+[source,terminal]
+----
+$ ip -o address | grep <api_vip>
+----
++
+The address of the VIP is highlighted in the output if it exists. This command returns an empty string if the VIP is not set or configured incorrectly.
+
 . If the cluster-wide proxy is enabled, be sure that you have exported the `NO_PROXY`, `HTTP_PROXY`, and `HTTPS_PROXY` environment variables.
 +
 [TIP]
@@ -108,7 +179,7 @@ $ sudo mv /var/lib/etcd/ /tmp
 You can check whether the proxy is enabled by reviewing the output of `oc get proxy cluster -o yaml`. The proxy is enabled if the `httpProxy`, `httpsProxy`, and `noProxy` fields have values set.
 ====
 
-. Run the restore script on the recovery control plane host and pass in the path to the etcd backup directory:
+. Run the restore script on the recovery control plane host and pass in the path to the `etcd` backup directory:
 +
 [source,terminal]
 ----
@@ -144,13 +215,15 @@ starting kube-scheduler-pod.yaml
 static-pod-resources/kube-scheduler-pod-8/kube-scheduler-pod.yaml
 ----
 +
+
+The cluster-restore.sh script must show that `etcd`, `kube-apiserver`, `kube-controller-manager`, and `kube-scheduler` pods are stopped and then started at the end of the restore process.
++
 [NOTE]
 ====
-The restore process can cause nodes to enter the `NotReady` state if the node certificates were updated after the last etcd backup.
+The restore process can cause nodes to enter the `NotReady` state if the node certificates were updated after the last `etcd` backup.
 ====
 
 . Check the nodes to ensure they are in the `Ready` state.
-
 .. Run the following command:
 +
 [source,terminal]
@@ -162,14 +235,14 @@ $ oc get nodes -w
 [source,terminal]
 ----
 NAME                STATUS  ROLES          AGE     VERSION
-host-172-25-75-28   Ready   master         3d20h   v1.26.0
-host-172-25-75-38   Ready   infra,worker   3d20h   v1.26.0
-host-172-25-75-40   Ready   master         3d20h   v1.26.0
-host-172-25-75-65   Ready   master         3d20h   v1.26.0
-host-172-25-75-74   Ready   infra,worker   3d20h   v1.26.0
-host-172-25-75-79   Ready   worker         3d20h   v1.26.0
-host-172-25-75-86   Ready   worker         3d20h   v1.26.0
-host-172-25-75-98   Ready   infra,worker   3d20h   v1.26.0
+host-172-25-75-28   Ready   master         3d20h   v1.28.5
+host-172-25-75-38   Ready   infra,worker   3d20h   v1.28.5
+host-172-25-75-40   Ready   master         3d20h   v1.28.5
+host-172-25-75-65   Ready   master         3d20h   v1.28.5
+host-172-25-75-74   Ready   infra,worker   3d20h   v1.28.5
+host-172-25-75-79   Ready   worker         3d20h   v1.28.5
+host-172-25-75-86   Ready   worker         3d20h   v1.28.5
+host-172-25-75-98   Ready   infra,worker   3d20h   v1.28.5
 ----
 +
 It can take several minutes for all nodes to report their state.
@@ -193,7 +266,7 @@ kubelet-client-current.pem              kubelet-server-current.pem
 
 . Restart the kubelet service on all control plane hosts.
 
-.. From the recovery host, run the following command:
+.. From the recovery host, run:
 +
 [source,terminal]
 ----
@@ -202,14 +275,14 @@ $ sudo systemctl restart kubelet.service
 
 .. Repeat this step on all other control plane hosts.
 
-. Approve the pending CSRs:
+. Approve the pending Certificate Signing Requests (CSRs):
 +
 [NOTE]
 ====
-Clusters with no worker nodes, such as single-node clusters or clusters consisting of three schedulable control plane nodes, will not have any pending CSRs to approve. In those scenarios, you can skip this step.
+Clusters with no worker nodes, such as single-node clusters or clusters consisting of three schedulable control plane nodes, will not have any pending CSRs to approve. You can skip all the commands listed in this step.
 ====
 
-.. Get the list of current CSRs:
+.. Get the list of current CSRs by running:
 +
 [source,terminal]
 ----
@@ -225,10 +298,12 @@ csr-4hl85   13m    kubernetes.io/kube-apiserver-client-kubelet   system:servicea
 csr-zhhhp   3m8s   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending <2>
 ...
 ----
-<1> A pending kubelet service CSR (for user-provisioned installations).
+<1> A pending kubelet service 
+
+CSR (for user-provisioned installations).
 <2> A pending `node-bootstrapper` CSR.
 
-.. Review the details of a CSR to verify that it is valid:
+.. Review the details of a CSR to verify that it is valid by running:
 +
 [source,terminal]
 ----
@@ -236,14 +311,14 @@ $ oc describe csr <csr_name> <1>
 ----
 <1> `<csr_name>` is the name of a CSR from the list of current CSRs.
 
-.. Approve each valid `node-bootstrapper` CSR:
+.. Approve each valid `node-bootstrapper` CSR by running:
 +
 [source,terminal]
 ----
 $ oc adm certificate approve <csr_name>
 ----
 
-.. For user-provisioned installations, approve each valid kubelet service CSR:
+.. For user-provisioned installations, approve each valid kubelet service CSR by running:
 +
 [source,terminal]
 ----
@@ -252,7 +327,7 @@ $ oc adm certificate approve <csr_name>
 
 . Verify that the single member control plane has started successfully.
 
-.. From the recovery host, verify that the etcd container is running.
+.. From the recovery host, verify that the `etcd` container is running by using:
 +
 [source,terminal]
 ----
@@ -265,23 +340,13 @@ $ sudo crictl ps | grep etcd | egrep -v "operator|etcd-guard"
 3ad41b7908e32       36f86e2eeaaffe662df0d21041eb22b8198e0e58abeeae8c743c3e6e977e8009                                                         About a minute ago   Running             etcd                                          0                   7c05f8af362f0
 ----
 
-.. From the recovery host, verify that the etcd pod is running.
+.. From the recovery host, verify that the `etcd` pod is running by using:
 +
 [source,terminal]
 ----
 $ oc -n openshift-etcd get pods -l k8s-app=etcd
 ----
 +
-[NOTE]
-====
-If you attempt to run `oc login` prior to running this command and receive the following error, wait a few moments for the authentication controllers to start and try again.
-
-[source,terminal]
-----
-Unable to connect to the server: EOF
-----
-====
-+
 .Example output
 [source,terminal]
 ----
@@ -289,33 +354,31 @@ NAME                                             READY   STATUS      RESTARTS
 etcd-ip-10-0-143-125.ec2.internal                1/1     Running     1          2m47s
 ----
 +
-If the status is `Pending`, or the output lists more than one running etcd pod, wait a few minutes and check again.
-+
-[NOTE]
-====
-Perform the following step only if you are using `OVNKubernetes` network plugin.
-====
+If the status is `Pending`, or the output lists more than one running `etcd` pod, wait a few minutes and check again.
 
-. Delete the node objects that are associated with control plane hosts that are not the recovery control plane host.
+. If you are using the `OVNKubernetes` network plugin, you must restart `ovnkube-controlplane` pods.
+.. Delete all of the `ovnkube-controlplane` pods by running:
 +
 [source,terminal]
 ----
-$ oc delete node <non-recovery-controlplane-host-1> <non-recovery-controlplane-host-2>
+$ oc -n openshift-ovn-kubernetes delete pod -l app=ovnkube-control-plane
 ----
-
-. Verify that the Cluster Network Operator (CNO) redeploys the OVN-Kubernetes control plane and that it no longer references the non-recovery controller IP addresses. To verify this result, regularly check the output of the following command. Wait until it returns an empty result before you proceed with the next step.
+.. Verify that all of the `ovnkube-controlplane` pods were redeployed by using:
 +
 [source,terminal]
 ----
-$ oc -n openshift-ovn-kubernetes get ds/ovnkube-master -o yaml | grep -E '<non-recovery_controller_ip_1>|<non-recovery_controller_ip_2>'
+$ oc -n openshift-ovn-kubernetes get pod -l app=ovnkube-control-plane
 ----
+
+. If you are using the OVN-Kubernetes network plugin, restart the Open Virtual Network (OVN) Kubernetes pods on all the nodes one by one. Use the following steps to restart OVN-Kubernetes pods on each node:
 +
-[NOTE]
+[IMPORTANT]
 ====
-It can take at least 5-10 minutes for the OVN-Kubernetes control plane to be redeployed and the previous command to return empty output.
+.Restart OVN-Kubernetes pods in the following order:
+. The recovery control plane host
+. The other control plane hosts (if available)
+. The other nodes
 ====
-
-. Restart the Open Virtual Network (OVN) Kubernetes pods on all the hosts.
 +
 [NOTE]
 ====
@@ -324,49 +387,41 @@ Validating and mutating admission webhooks can reject pods. If you add any addit
 Alternatively, you can temporarily set the `failurePolicy` to `Ignore` while restoring the cluster state. After the cluster state is restored successfully, you can set the `failurePolicy` to `Fail`.
 ====
 
-.. Remove the northbound database (nbdb) and southbound database (sbdb). Access the recovery host and the remaining control plane nodes by using Secure Shell (SSH) and run the following command:
+.. Remove the northbound database (nbdb) and southbound database (sbdb). Access the recovery host and the remaining control plane nodes by using Secure Shell (SSH) and run:
 +
 [source,terminal]
 ----
-$ sudo rm -f /var/lib/ovn/etc/*.db
+$ sudo rm -f /var/lib/ovn-ic/etc/*.db
 ----
 
-.. Delete all OVN-Kubernetes control plane pods by running the following command:
+.. Restart the OpenVSwitch services. Access the node by using Secure Shell (SSH) and run the following command:
 +
 [source,terminal]
 ----
-$ oc delete pods -l app=ovnkube-master -n openshift-ovn-kubernetes
+$ sudo systemctl restart ovs-vswitchd ovsdb-server
 ----
 
-.. Ensure that any OVN-Kubernetes control plane pods are deployed again and are in a `Running` state by running the following command:
+.. Delete the `ovnkube-node` pod on the node by running the following command, replacing `<node>` with the name of the node that you are restarting:
 +
 [source,terminal]
 ----
-$ oc get pods -l app=ovnkube-master -n openshift-ovn-kubernetes
+$ oc -n openshift-ovn-kubernetes delete pod -l app=ovnkube-node --field-selector=spec.nodeName==<node>
 ----
 +
-.Example output
-[source,terminal]
-----
-NAME                   READY   STATUS    RESTARTS   AGE
-ovnkube-master-nb24h   4/4     Running   0          48s
-----
 
-.. Delete all `ovnkube-node` pods by running the following command:
+.. Verify that the `ovnkube-node` pod is running again with:
 +
 [source,terminal]
 ----
-$ oc get pods -n openshift-ovn-kubernetes -o name | grep ovnkube-node | while read p ; do oc delete $p -n openshift-ovn-kubernetes ; done
+$ oc -n openshift-ovn-kubernetes get pod -l app=ovnkube-node --field-selector=spec.nodeName==<node>
 ----
-
-.. Ensure that all the `ovnkube-node` pods are deployed again and are in a `Running` state by running the following command:
 +
-[source,terminal]
-----
-$ oc get  pods -n openshift-ovn-kubernetes | grep ovnkube-node
-----
+[NOTE]
+====
+It might take several minutes for the pods to restart.
+====
 
-. Delete and re-create other non-recovery, control plane machines, one by one. After the machines are re-created, a new revision is forced and etcd automatically scales up.
+. Delete and re-create other non-recovery, control plane machines, one by one. After the machines are re-created, a new revision is forced and `etcd` automatically scales up.
 +
 ** If you use a user-provisioned bare metal installation, you can re-create a control plane machine by using the same method that you used to originally create it. For more information, see "Installing a user-provisioned cluster on bare metal".
 +
@@ -406,7 +461,7 @@ clustername-8qw5l-worker-us-east-1c-pkg26   Running   m4.large    us-east-1   us
 ----
 <1> This is the control plane machine for the lost control plane host, `ip-10-0-131-183.ec2.internal`.
 
-.. Save the machine configuration to a file on your file system:
+.. Save the machine configuration to a file on your file system by running:
 +
 [source,terminal]
 ----
@@ -419,7 +474,7 @@ $ oc get machine clustername-8qw5l-master-0 \ <1>
 
 .. Edit the `new-master-machine.yaml` file that was created in the previous step to assign a new name and remove unnecessary fields.
 
-... Remove the entire `status` section:
+... Remove the entire `status` section by running:
 +
 [source,terminal]
 ----
@@ -451,7 +506,7 @@ status:
     kind: AWSMachineProviderStatus
 ----
 
-... Change the `metadata.name` field to a new name.
+... Change the `metadata.name` field to a new name by running:
 +
 It is recommended to keep the same base name as the old machine and change the ending number to the next available number. In this example, `clustername-8qw5l-master-0` is changed to `clustername-8qw5l-master-3`:
 +
@@ -465,14 +520,14 @@ metadata:
   ...
 ----
 
-... Remove the `spec.providerID` field:
+... Remove the `spec.providerID` field by running:
 +
 [source,terminal]
 ----
 providerID: aws:///us-east-1a/i-0fdb85790d76d0c3f
 ----
 
-... Remove the `metadata.annotations` and `metadata.generation` fields:
+... Remove the `metadata.annotations` and `metadata.generation` fields by running:
 +
 [source,terminal]
 ----
@@ -482,7 +537,7 @@ annotations:
 generation: 2
 ----
 
-... Remove the `metadata.resourceVersion` and `metadata.uid` fields:
+... Remove the `metadata.resourceVersion` and `metadata.uid` fields by running:
 +
 [source,terminal]
 ----
@@ -490,7 +545,7 @@ resourceVersion: "13291"
 uid: a282eb70-40a2-4e89-8009-d05dd420d31a
 ----
 
-.. Delete the machine of the lost control plane host:
+.. Delete the machine of the lost control plane host by running:
 +
 [source,terminal]
 ----
@@ -498,7 +553,7 @@ $ oc delete machine -n openshift-machine-api clustername-8qw5l-master-0 <1>
 ----
 <1> Specify the name of the control plane machine for the lost control plane host.
 
-.. Verify that the machine was deleted:
+.. Verify that the machine was deleted by running:
 +
 [source,terminal]
 ----
@@ -517,14 +572,14 @@ clustername-8qw5l-worker-us-east-1b-lrdxb   Running   m4.large    us-east-1   us
 clustername-8qw5l-worker-us-east-1c-pkg26   Running   m4.large    us-east-1   us-east-1c   3h28m   ip-10-0-170-181.ec2.internal   aws:///us-east-1c/i-06861c00007751b0a   running
 ----
 
-.. Create a machine by using the `new-master-machine.yaml` file:
+.. Create a machine by using the `new-master-machine.yaml` file by running:
 +
 [source,terminal]
 ----
 $ oc apply -f new-master-machine.yaml
 ----
 
-.. Verify that the new machine has been created:
+.. Verify that the new machine has been created by running:
 +
 [source,terminal]
 ----
@@ -545,11 +600,11 @@ clustername-8qw5l-worker-us-east-1c-pkg26   Running        m4.large    us-east-1
 ----
 <1> The new machine, `clustername-8qw5l-master-3` is being created and is ready after the phase changes from `Provisioning` to `Running`.
 +
-It might take a few minutes for the new machine to be created. The etcd cluster Operator will automatically sync when the machine or node returns to a healthy state.
+It might take a few minutes for the new machine to be created. The `etcd` cluster Operator will automatically sync when the machine or node returns to a healthy state.
 
 .. Repeat these steps for each lost control plane host that is not the recovery host.
 
-. Turn off the quorum guard by entering the following command:
+. Turn off the quorum guard by entering:
 +
 [source,terminal]
 ----
@@ -558,17 +613,16 @@ $ oc patch etcd/cluster --type=merge -p '{"spec": {"unsupportedConfigOverrides":
 +
 This command ensures that you can successfully re-create secrets and roll out the static pods.
 
-. In a separate terminal window, log in to the cluster as a user with the `cluster-admin` role by entering the following command:
+. In a separate terminal window within the recovery host, export the recovery `kubeconfig` file by running:
 +
 [source,terminal]
 ----
-$ oc login -u <cluster_admin> <1>
+$ export KUBECONFIG=/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/localhost-recovery.kubeconfig
 ----
-<1> For `<cluster_admin>`, specify a user name with the `cluster-admin` role.
 
-. Force etcd redeployment.
+. Force `etcd` redeployment.
 +
-In a terminal that has access to the cluster as a `cluster-admin` user, run the following command:
+In the same terminal window where you exported the recovery `kubeconfig` file, run:
 +
 [source,terminal]
 ----
@@ -576,16 +630,16 @@ $ oc patch etcd cluster -p='{"spec": {"forceRedeploymentReason": "recovery-'"$(
 ----
 <1> The `forceRedeploymentReason` value must be unique, which is why a timestamp is appended.
 +
-When the etcd cluster Operator performs a redeployment, the existing nodes are started with new pods similar to the initial bootstrap scale up.
+When the `etcd` cluster Operator performs a redeployment, the existing nodes are started with new pods similar to the initial bootstrap scale up.
 
-. Turn the quorum guard back on by entering the following command:
+. Turn the quorum guard back on by entering:
 +
 [source,terminal]
 ----
 $ oc patch etcd/cluster --type=merge -p '{"spec": {"unsupportedConfigOverrides": null}}'
 ----
 
-. You can verify that the `unsupportedConfigOverrides` section is removed from the object by entering this command:
+. You can verify that the `unsupportedConfigOverrides` section is removed from the object by running:
 +
 [source,terminal]
 ----
@@ -594,14 +648,14 @@ $ oc get etcd/cluster -oyaml
 
 . Verify all nodes are updated to the latest revision.
 +
-In a terminal that has access to the cluster as a `cluster-admin` user, run the following command:
+In a terminal that has access to the cluster as a `cluster-admin` user, run:
 +
 [source,terminal]
 ----
 $ oc get etcd -o=jsonpath='{range .items[0].status.conditions[?(@.type=="NodeInstallerProgressing")]}{.reason}{"\n"}{.message}{"\n"}'
 ----
 +
-Review the `NodeInstallerProgressing` status condition for etcd to verify that all nodes are at the latest revision. The output shows `AllNodesAtLatestRevision` upon successful update:
+Review the `NodeInstallerProgressing` status condition for `etcd` to verify that all nodes are at the latest revision. The output shows `AllNodesAtLatestRevision` upon successful update:
 +
 [source,terminal]
 ----
@@ -612,11 +666,11 @@ AllNodesAtLatestRevision
 +
 If the output includes multiple revision numbers, such as `2 nodes are at revision 6; 1 nodes are at revision 7`, this means that the update is still in progress. Wait a few minutes and try again.
 
-. After etcd is redeployed, force new rollouts for the control plane. The Kubernetes API server will reinstall itself on the other nodes because the kubelet is connected to API servers using an internal load balancer.
+. After `etcd` is redeployed, force new rollouts for the control plane. `kube-apiserver` will reinstall itself on the other nodes because the kubelet is connected to API servers using an internal load balancer.
 +
-In a terminal that has access to the cluster as a `cluster-admin` user, run the following commands.
+In a terminal that has access to the cluster as a `cluster-admin` user, run:
 
-.. Force a new rollout for the Kubernetes API server:
+.. Force a new rollout for `kube-apiserver`:
 +
 [source,terminal]
 ----
@@ -641,14 +695,14 @@ AllNodesAtLatestRevision
 +
 If the output includes multiple revision numbers, such as `2 nodes are at revision 6; 1 nodes are at revision 7`, this means that the update is still in progress. Wait a few minutes and try again.
 
-.. Force a new rollout for the Kubernetes controller manager:
+.. Force a new rollout for the Kubernetes controller manager by running the following command:
 +
 [source,terminal]
 ----
 $ oc patch kubecontrollermanager cluster -p='{"spec": {"forceRedeploymentReason": "recovery-'"$( date --rfc-3339=ns )"'"}}' --type=merge
 ----
 +
-Verify all nodes are updated to the latest revision.
+Verify all nodes are updated to the latest revision by running:
 +
 [source,terminal]
 ----
@@ -666,14 +720,14 @@ AllNodesAtLatestRevision
 +
 If the output includes multiple revision numbers, such as `2 nodes are at revision 6; 1 nodes are at revision 7`, this means that the update is still in progress. Wait a few minutes and try again.
 
-.. Force a new rollout for the Kubernetes scheduler:
+.. Force a new rollout for the `kube-scheduler` by running:
 +
 [source,terminal]
 ----
 $ oc patch kubescheduler cluster -p='{"spec": {"forceRedeploymentReason": "recovery-'"$( date --rfc-3339=ns )"'"}}' --type=merge
 ----
 +
-Verify all nodes are updated to the latest revision.
+Verify all nodes are updated to the latest revision by using:
 +
 [source,terminal]
 ----
@@ -708,7 +762,7 @@ etcd-ip-10-0-154-194.ec2.internal                2/2     Running     0
 etcd-ip-10-0-173-171.ec2.internal                2/2     Running     0          9h
 ----
 
-To ensure that all workloads return to normal operation following a recovery procedure, restart each pod that stores Kubernetes API information. This includes {product-title} components such as routers, Operators, and third-party components.
+To ensure that all workloads return to normal operation following a recovery procedure, restart each pod that stores `kube-apiserver` information. This includes {product-title} components such as routers, Operators, and third-party components.
 
 [NOTE]
 ====
diff --git a/modules/dynamic-plug-in-development.adoc b/modules/dynamic-plug-in-development.adoc
index e7fc7936f804..3044aa3ba812 100644
--- a/modules/dynamic-plug-in-development.adoc
+++ b/modules/dynamic-plug-in-development.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/dynamic-plugins-get-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="dynamic-plugin-development_{context}"]
 = Dynamic plugin development
 
diff --git a/modules/dynamic-plugin-api.adoc b/modules/dynamic-plugin-api.adoc
index f7b3357eac4a..b18984570561 100644
--- a/modules/dynamic-plugin-api.adoc
+++ b/modules/dynamic-plugin-api.adoc
@@ -5,7 +5,7 @@
 :power-bi-url: https://microsoft.github.io/PowerBI-JavaScript/interfaces/_node_modules_typedoc_node_modules_typescript_lib_lib_dom_d_.requestinit.html
 //needed to add an attribute for the url because escaping the underscore in the link would not work and the build was failing.
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="dynamic-plugin-api_{context}"]
 = {product-title} console API
 
@@ -1239,16 +1239,17 @@ Hook that returns the given feature flag from FLAGS redux state. It returns the
 |===
 
 [discrete]
-== `YAMLEditor`
+== `CodeEditor`
 
-A basic lazy loaded YAML editor with hover help and completion.
+A basic lazy loaded Code editor with hover help and completion.
 
 .Example
 [source,text]
 ----
 <React.Suspense fallback={<LoadingBox />}>
-  <YAMLEditor
+  <CodeEditor
     value={code}
+    language="yaml"
   />
 </React.Suspense>
 ----
@@ -1257,25 +1258,17 @@ A basic lazy loaded YAML editor with hover help and completion.
 |===
 |Parameter Name |Description
 |`value` |String representing the yaml code to render.
-
-|`options` |Monaco editor options.
-
+|`language` |String representing the language of the editor.
+|`options` |Monaco editor options. For more details, please, visit link:https://microsoft.github.io/monaco-editor/docs.html#interfaces/editor.IStandaloneEditorConstructionOptions.html[Interface IStandAloneEditorConstructionOptions].
 |`minHeight` |Minimum editor height in valid CSS height values.
-
 |`showShortcuts` |Boolean to show shortcuts on top of the editor.
-
-|`toolbarLinks` |Array of ReactNode rendered on the toolbar links
-section on top of the editor.
-
+|`toolbarLinks` |Array of ReactNode rendered on the toolbar links section on top of the editor.
 |`onChange` |Callback for on code change event.
-
 |`onSave` |Callback called when the command CTRL / CMD + S is triggered.
-
-|`ref` |React reference to `{ editor?: IStandaloneCodeEditor }`. Using
-the `editor` property, you are able to access to all methods to control
-the editor.
+|`ref` |React reference to `{ editor?: IStandaloneCodeEditor }`. Using the `editor` property, you are able to access to all methods to control the editor. For more information, visit link:https://microsoft.github.io/monaco-editor/docs.html#interfaces/editor.IStandaloneCodeEditor.html[Interface IStandaloneCodeEditor].
 |===
 
+
 [discrete]
 == `ResourceYAMLEditor`
 
@@ -1475,6 +1468,149 @@ Creates full page ErrorBoundaryFallbackPage component to display the "Oh no! Som
 |`title` |title to render as the header of the error boundary page
 |===
 
+[discrete]
+== `QueryBrowser`
+
+A component that renders a graph of the results from a Prometheus PromQL query along with controls for interacting with the graph.
+
+.Example
+[source,tsx]
+----
+<QueryBrowser
+  defaultTimespan={15 * 60 * 1000}
+  namespace={namespace}
+  pollInterval={30 * 1000}
+  queries={[
+    'process_resident_memory_bytes{job="console"}',
+    'sum(irate(container_network_receive_bytes_total[6h:5m])) by (pod)',
+  ]}
+/>
+----
+
+[cols=",",options="header",]
+|===
+|Parameter Name |Description
+|`customDataSource` |(optional) Base URL of an API endpoint that handles PromQL queries. If provided, this is used instead of the default API for fetching data.
+|`defaultSamples` |(optional) The default number of data samples plotted for each data series. If there are many data series, QueryBrowser might automatically pick a lower number of data samples than specified here.
+|`defaultTimespan` |(optional) The default timespan for the graph in milliseconds - defaults to 1,800,000 (30 minutes).
+|`disabledSeries` |(optional) Disable (don't display) data series with these exact label / value pairs.
+|`disableZoom` |(optional) Flag to disable the graph zoom controls.
+|`filterLabels` |(optional) Optionally filter the returned data series to only those that match these label / value pairs.
+|`fixedEndTime` |(optional) Set the end time for the displayed time range rather than showing data up to the current time.
+|`formatSeriesTitle` |(optional) Function that returns a string to use as the title for a single data series.
+|`GraphLink` |(optional) Component for rendering a link to another page (for example getting more information about this query).
+|`hideControls` |(optional) Flag to hide the graph controls for changing the graph timespan, and so on.
+|`isStack` |(optional) Flag to display a stacked graph instead of a line graph. If showStackedControl is set, it will still be possible for the user to switch to a line graph.
+|`namespace` |(optional) If provided, data is only returned for this namespace (only series that have this namespace label).
+|`onZoom` |(optional) Callback called when the graph is zoomed.
+|`pollInterval` |(optional) If set, determines how often the graph is updated to show the latest data (in milliseconds).
+|`queries` |Array of PromQL queries to run and display the results in the graph.
+|`showLegend` |(optional) Flag to enable displaying a legend below the graph.
+|`showStackedControl` |Flag to enable displaying a graph control for switching between stacked graph mode and line graph mode.
+|`timespan` |(optional) The timespan that should be covered by the graph in milliseconds.
+|`units` |(optional) Units to display on the Y-axis and in the tooltip.
+|===
+
+[discrete]
+== `useAnnotationsModal`
+
+A hook that provides a callback to launch a modal for editing Kubernetes resource annotations.
+
+.Example
+[source,tsx]
+----
+const PodAnnotationsButton = ({ pod }) => {
+  const { t } = useTranslation();
+  const launchAnnotationsModal = useAnnotationsModal<PodKind>(pod);
+  return <button onClick={launchAnnotationsModal}>{t('Edit Pod Annotations')}</button>
+}
+----
+
+[cols=",",options="header",]
+|===
+|Parameter Name |Description
+|`resource` |The resource to edit annotations for an object of K8sResourceCommon type.
+|===
+
+.Returns
+A function which will launch a modal for editing a resource's annotations.
+
+[discrete]
+== `useDeleteModal`
+
+A hook that provides a callback to launch a modal for deleting a resource.
+
+.Example
+[source,tsx]
+----
+const DeletePodButton = ({ pod }) => {
+  const { t } = useTranslation();
+  const launchDeleteModal = useDeleteModal<PodKind>(pod);
+  return <button onClick={launchDeleteModal}>{t('Delete Pod')}</button>
+}
+----
+
+[cols=",",options="header",]
+|===
+|Parameter Name |Description
+|`resource` |The resource to delete.
+|`redirectTo` |(optional) A location to redirect to after deleting the resource.
+|`message` |	(optional) A message to display in the modal.
+|`btnText` |	(optional) The text to display on the delete button.
+|`deleteAllResources` |(optional) A function to delete all resources of the same kind.
+|===
+
+.Returns
+A function which will launch a modal for deleting a resource.
+
+[discrete]
+== `useLabelsModel`
+
+A hook that provides a callback to launch a modal for editing Kubernetes resource labels.
+
+.Example
+[source,tsx]
+----
+const PodLabelsButton = ({ pod }) => {
+  const { t } = useTranslation();
+  const launchLabelsModal = useLabelsModal<PodKind>(pod);
+  return <button onClick={launchLabelsModal}>{t('Edit Pod Labels')}</button>
+}
+----
+
+[cols=",",options="header",]
+|===
+|Parameter Name |Description
+|`resource` |The resource to edit labels for, an object of K8sResourceCommon type.
+|===
+
+.Returns
+A function which will launch a modal for editing a resource's labels.
+
+[discrete]
+== `useActiveNamespace`
+
+Hook that provides the currently active namespace and a callback for setting the active namespace.
+
+.Example
+[source,tsx]
+----
+const Component: React.FC = (props) => {
+   const [activeNamespace, setActiveNamespace] = useActiveNamespace();
+   return <select
+     value={activeNamespace}
+     onChange={(e) => setActiveNamespace(e.target.value)}
+   >
+     {
+       // ...namespace options
+     }
+   </select>
+}
+----
+
+.Returns
+A tuple containing the current active namespace and setter callback.
+
 [discrete]
 == `PerspectiveContext`
 
@@ -1509,4 +1645,42 @@ Deprecated: This hook is not related to console functionality. Hook that ensures
 |`initialState` |initial state value
 |===
 
-:!power-bi-url:
\ No newline at end of file
+:!power-bi-url:
+
+[discrete]
+== `YAMLEditor`
+
+Deprecated: A basic lazy loaded YAML editor with hover help and completion.
+
+.Example
+[source,text]
+----
+<React.Suspense fallback={<LoadingBox />}>
+  <YAMLEditor
+    value={code}
+  />
+</React.Suspense>
+----
+
+[cols=",",options="header",]
+|===
+|Parameter Name |Description
+|`value` |String representing the yaml code to render.
+
+|`options` |Monaco editor options.
+
+|`minHeight` |Minimum editor height in valid CSS height values.
+
+|`showShortcuts` |Boolean to show shortcuts on top of the editor.
+
+|`toolbarLinks` |Array of ReactNode rendered on the toolbar links
+section on top of the editor.
+
+|`onChange` |Callback for on code change event.
+
+|`onSave` |Callback called when the command CTRL / CMD + S is triggered.
+
+|`ref` |React reference to `{ editor?: IStandaloneCodeEditor }`. Using
+the `editor` property, you are able to access to all methods to control
+the editor.
+|===
\ No newline at end of file
diff --git a/modules/dynamic-plugin-sdk-extensions.adoc b/modules/dynamic-plugin-sdk-extensions.adoc
index 71cdc5861983..12eadcc03e7d 100644
--- a/modules/dynamic-plugin-sdk-extensions.adoc
+++ b/modules/dynamic-plugin-sdk-extensions.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/dynamic-plugins-reference.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="dynamic-plugin-sdk-extensions_{context}"]
 = Dynamic plugin extension types
 
diff --git a/modules/dynamic-provisioning-about.adoc b/modules/dynamic-provisioning-about.adoc
index dc6ac59dbbdf..213e37b8f564 100644
--- a/modules/dynamic-provisioning-about.adoc
+++ b/modules/dynamic-provisioning-about.adoc
@@ -4,7 +4,7 @@
 // * post_installation_configuration/storage-configuration.adoc
 // * microshift_storage/dynamic-provisioning-microshift.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about_{context}"]
 = About dynamic provisioning
 
diff --git a/modules/dynamic-provisioning-available-plugins.adoc b/modules/dynamic-provisioning-available-plugins.adoc
index 32f4b0297923..f7192daf9c41 100644
--- a/modules/dynamic-provisioning-available-plugins.adoc
+++ b/modules/dynamic-provisioning-available-plugins.adoc
@@ -28,7 +28,7 @@ ifndef::openshift-dedicated,openshift-rosa[]
 |Once installed, the OpenStack Manila CSI Driver Operator and ManilaDriver automatically create the required storage classes for all available Manila share types needed for dynamic provisioning.
 endif::openshift-dedicated,openshift-rosa[]
 
-|AWS Elastic Block Store (EBS)
+|Amazon Elastic Block Store (Amazon EBS)
 |`kubernetes.io/aws-ebs`
 |For dynamic provisioning when using multiple clusters in different zones,
 tag each node with `Key=kubernetes.io/cluster/<cluster_name>,Value=<cluster_id>`
@@ -51,6 +51,10 @@ ifndef::openshift-rosa[]
 |In multi-zone configurations, it is advisable to run one {product-title}
 cluster per GCE project to avoid PVs from being created in zones where
 no node in the current cluster exists.
+
+|{ibm-power-server-name} Block
+|`powervs.csi.ibm.com`
+|After installation, the {ibm-power-server-name} Block CSI Driver Operator and {ibm-power-server-name} Block CSI Driver automatically create the required storage classes for dynamic provisioning.
 endif::openshift-rosa[]
 
 //|GlusterFS
diff --git a/modules/dynamic-provisioning-azure-file-definition.adoc b/modules/dynamic-provisioning-azure-file-definition.adoc
index 62301a8f7ce0..d32accec4b37 100644
--- a/modules/dynamic-provisioning-azure-file-definition.adoc
+++ b/modules/dynamic-provisioning-azure-file-definition.adoc
@@ -4,7 +4,7 @@
 // * post_installation_configuration/storage-configuration.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="azure-file-definition_{context}"]
 = Azure File object definition
 
diff --git a/modules/dynamic-provisioning-storage-class-definition.adoc b/modules/dynamic-provisioning-storage-class-definition.adoc
index 436a78ed6962..5a4508d16e69 100644
--- a/modules/dynamic-provisioning-storage-class-definition.adoc
+++ b/modules/dynamic-provisioning-storage-class-definition.adoc
@@ -12,7 +12,6 @@ The following resource shows the parameters and default values that you
 use to configure a storage class. This example uses the AWS
 ElasticBlockStore (EBS) object definition.
 
-
 .Sample `StorageClass` definition
 [source,yaml]
 ----
diff --git a/modules/dynamic-provisioning-vsphere-definition.adoc b/modules/dynamic-provisioning-vsphere-definition.adoc
index ee169124a417..d01ee9e6e09a 100644
--- a/modules/dynamic-provisioning-vsphere-definition.adoc
+++ b/modules/dynamic-provisioning-vsphere-definition.adoc
@@ -14,14 +14,9 @@ kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: <storage-class-name> <1>
-provisioner: kubernetes.io/vsphere-volume <2>
-parameters:
-  diskformat: thin <3>
+provisioner: csi.vsphere.vmware.com <2>
 ----
 <1> Name of the storage class. The persistent volume claim uses this storage class for provisioning the associated persistent volumes.
-<2> For more information about using VMware vSphere with {product-title},
+<2> For more information about using VMware vSphere CSI with {product-title},
 see the
-link:https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/index.html[VMware vSphere documentation].
-<3>  `diskformat`: `thin`, `zeroedthick` and `eagerzeroedthick` are all
-valid disk formats. See vSphere docs for additional details regarding the
-disk format types. The default value is `thin`.
+link:https://kubernetes.io/docs/concepts/storage/volumes/#vsphere-csi-migration[Kubernetes documentation].
\ No newline at end of file
diff --git a/modules/eco-about-node-maintenance-standalone.adoc b/modules/eco-about-node-maintenance-standalone.adoc
index 7482ac3101ca..38f3824cea7e 100644
--- a/modules/eco-about-node-maintenance-standalone.adoc
+++ b/modules/eco-about-node-maintenance-standalone.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="eco-about-node-maintenance-operator_{context}"]
 = About the Node Maintenance Operator
 
diff --git a/modules/eco-checking_status_of_node_maintenance_cr_tasks.adoc b/modules/eco-checking_status_of_node_maintenance_cr_tasks.adoc
index 6a6df77203ea..4a3d48b4c114 100644
--- a/modules/eco-checking_status_of_node_maintenance_cr_tasks.adoc
+++ b/modules/eco-checking_status_of_node_maintenance_cr_tasks.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-checking_status_of_node_maintenance_cr_tasks_{context}"]
 = Checking status of current NodeMaintenance CR tasks
 
diff --git a/modules/eco-configuring-control-plane-machine-health-check-with-self-node-remediation.adoc b/modules/eco-configuring-control-plane-machine-health-check-with-self-node-remediation.adoc
index 6bf269cf942b..1e92012130a0 100644
--- a/modules/eco-configuring-control-plane-machine-health-check-with-self-node-remediation.adoc
+++ b/modules/eco-configuring-control-plane-machine-health-check-with-self-node-remediation.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-poison-pill-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-control-plane-machine-health-check-with-self-node-remediation-operator_{context}"]
 = Configuring control-plane machine health checks to use the Self Node Remediation Operator
 
diff --git a/modules/eco-configuring-machine-health-check-with-self-node-remediation.adoc b/modules/eco-configuring-machine-health-check-with-self-node-remediation.adoc
index 95cab1ac7228..8aa261713143 100644
--- a/modules/eco-configuring-machine-health-check-with-self-node-remediation.adoc
+++ b/modules/eco-configuring-machine-health-check-with-self-node-remediation.adoc
@@ -2,7 +2,7 @@
 //
 // *nodes/nodes/eco-poison-pill-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-machine-health-check-with-self-node-remediation-operator_{context}"]
 = Configuring machine health checks to use the Self Node Remediation Operator
 
diff --git a/modules/eco-maintaining-bare-metal-nodes.adoc b/modules/eco-maintaining-bare-metal-nodes.adoc
index 0f778eaa1888..52046907789c 100644
--- a/modules/eco-maintaining-bare-metal-nodes.adoc
+++ b/modules/eco-maintaining-bare-metal-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="eco-maintaining-bare-metal-nodes_{context}"]
 = Maintaining bare-metal nodes
 
diff --git a/modules/eco-node-health-check-operator-about.adoc b/modules/eco-node-health-check-operator-about.adoc
index 04a60196e055..b94e47e230bc 100644
--- a/modules/eco-node-health-check-operator-about.adoc
+++ b/modules/eco-node-health-check-operator-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-node-health-check-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-node-health-check-operator_{context}"]
 = About the Node Health Check Operator
 
diff --git a/modules/eco-node-health-check-operator-control-plane-fencing.adoc b/modules/eco-node-health-check-operator-control-plane-fencing.adoc
index b8276e8d11b8..8fff6165ff7b 100644
--- a/modules/eco-node-health-check-operator-control-plane-fencing.adoc
+++ b/modules/eco-node-health-check-operator-control-plane-fencing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-node-health-check-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="control-plane-fencing-node-health-check-operator_{context}"]
 = Control plane fencing
 
diff --git a/modules/eco-node-health-check-operator-creating-node-health-check.adoc b/modules/eco-node-health-check-operator-creating-node-health-check.adoc
index 0e4c36d42d36..0cdefb1b0680 100644
--- a/modules/eco-node-health-check-operator-creating-node-health-check.adoc
+++ b/modules/eco-node-health-check-operator-creating-node-health-check.adoc
@@ -2,7 +2,7 @@
 //
 // * ../nodes/nodes/eco-node-health-check-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-node-health-check-operator-creating-node-health-check_{context}"]
 = Creating a node health check
 Using the web console, you can create a node health check to identify unhealthy nodes and specify the remediation type and strategy to fix them.
diff --git a/modules/eco-node-health-check-operator-installation-cli.adoc b/modules/eco-node-health-check-operator-installation-cli.adoc
index bca1ea8e8f6c..619ac46719af 100644
--- a/modules/eco-node-health-check-operator-installation-cli.adoc
+++ b/modules/eco-node-health-check-operator-installation-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/node-health-check-operator-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-node-health-check-operator-using-cli_{context}"]
 = Installing the Node Health Check Operator by using the CLI
 You can use the OpenShift CLI (`oc`) to install the Node Health Check Operator.
diff --git a/modules/eco-node-health-check-operator-installation-web-console.adoc b/modules/eco-node-health-check-operator-installation-web-console.adoc
index 76c8924f9e90..849a9f553ce2 100644
--- a/modules/eco-node-health-check-operator-installation-web-console.adoc
+++ b/modules/eco-node-health-check-operator-installation-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/node-health-check-operator-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-node-health-check-operator-using-web-console_{context}"]
 = Installing the Node Health Check Operator by using the web console
 
diff --git a/modules/eco-node-maintenance-operator-installation-cli.adoc b/modules/eco-node-maintenance-operator-installation-cli.adoc
index 1bdf3016f167..97fbae61953b 100644
--- a/modules/eco-node-maintenance-operator-installation-cli.adoc
+++ b/modules/eco-node-maintenance-operator-installation-cli.adoc
@@ -2,7 +2,7 @@
 //
 // nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-maintenance-operator-using-cli_{context}"]
 = Installing the Node Maintenance Operator by using the CLI
 You can use the OpenShift CLI (`oc`) to install the Node Maintenance Operator.
@@ -99,10 +99,10 @@ $ oc get csv -n openshift-operators
 +
 .Example output
 
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                               DISPLAY                     VERSION   REPLACES  PHASE
-node-maintenance-operator.v4.13    Node Maintenance Operator   4.13                Succeeded
+node-maintenance-operator.v{product-version}    Node Maintenance Operator   {product-version}                Succeeded
 ----
 . Verify that the Node Maintenance Operator is running:
 +
diff --git a/modules/eco-node-maintenance-operator-installation-web-console.adoc b/modules/eco-node-maintenance-operator-installation-web-console.adoc
index 319561f3bbca..666f7672b026 100644
--- a/modules/eco-node-maintenance-operator-installation-web-console.adoc
+++ b/modules/eco-node-maintenance-operator-installation-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-node-maintenance-operator-using-web-console_{context}"]
 = Installing the Node Maintenance Operator by using the web console
 
diff --git a/modules/eco-resuming-node-maintenance-actions-web-console.adoc b/modules/eco-resuming-node-maintenance-actions-web-console.adoc
index 85004f7c989c..cabfa00d0182 100644
--- a/modules/eco-resuming-node-maintenance-actions-web-console.adoc
+++ b/modules/eco-resuming-node-maintenance-actions-web-console.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-resuming-node-maintenance-actions-web-console_{context}"]
 = Resuming a bare-metal node from maintenance mode
 Resume a bare-metal node from maintenance mode using the Options menu {kebab} found on each node in the *Compute* -> *Nodes* list, or using the *Actions* control of the *Node Details* screen.
diff --git a/modules/eco-resuming-node-maintenance-cr-cli.adoc b/modules/eco-resuming-node-maintenance-cr-cli.adoc
index 0dbbed583f85..8c1b72b6711a 100644
--- a/modules/eco-resuming-node-maintenance-cr-cli.adoc
+++ b/modules/eco-resuming-node-maintenance-cr-cli.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-resuming-node-from-maintenance-mode-with-cr_{context}"]
 = Resuming a node from maintenance mode by using the CLI
 
diff --git a/modules/eco-resuming-node-maintenance-cr-web-console.adoc b/modules/eco-resuming-node-maintenance-cr-web-console.adoc
index 87703af9ebc6..a50be7b13072 100644
--- a/modules/eco-resuming-node-maintenance-cr-web-console.adoc
+++ b/modules/eco-resuming-node-maintenance-cr-web-console.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-resuming-node-maintenance-web-console_{context}"]
 = Resuming a node from maintenance mode by using the web console
 
diff --git a/modules/eco-self-node-remediation-about-watchdog.adoc b/modules/eco-self-node-remediation-about-watchdog.adoc
index 0b7a1af0cc56..5a39ddfd7700 100644
--- a/modules/eco-self-node-remediation-about-watchdog.adoc
+++ b/modules/eco-self-node-remediation-about-watchdog.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-self-node-remediation-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-watchdog-devices_{context}"]
 = About watchdog devices
 
diff --git a/modules/eco-self-node-remediation-operator-about.adoc b/modules/eco-self-node-remediation-operator-about.adoc
index cf4ffa94d28a..7a5a414e4bcf 100644
--- a/modules/eco-self-node-remediation-operator-about.adoc
+++ b/modules/eco-self-node-remediation-operator-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-self-node-remediation-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-self-node-remediation-operator_{context}"]
 = About the Self Node Remediation Operator
 
diff --git a/modules/eco-self-node-remediation-operator-configuring.adoc b/modules/eco-self-node-remediation-operator-configuring.adoc
index 2345a3bdd55b..17de1342417b 100644
--- a/modules/eco-self-node-remediation-operator-configuring.adoc
+++ b/modules/eco-self-node-remediation-operator-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-self-node-remediation-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-self-node-remediation-operator_{context}"]
 = Configuring the Self Node Remediation Operator
 
diff --git a/modules/eco-self-node-remediation-operator-control-plane-fencing.adoc b/modules/eco-self-node-remediation-operator-control-plane-fencing.adoc
index d34ae660e348..265289c5c3c5 100644
--- a/modules/eco-self-node-remediation-operator-control-plane-fencing.adoc
+++ b/modules/eco-self-node-remediation-operator-control-plane-fencing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-node-health-check-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="control-plane-fencing-self-node-remediation-operator_{context}"]
 = Control plane fencing
 
diff --git a/modules/eco-self-node-remediation-operator-installation-cli.adoc b/modules/eco-self-node-remediation-operator-installation-cli.adoc
index e68ea8230e84..dfcb25f4c57e 100644
--- a/modules/eco-self-node-remediation-operator-installation-cli.adoc
+++ b/modules/eco-self-node-remediation-operator-installation-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-self-node-remediation-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-self-node-remediation-operator-using-cli_{context}"]
 = Installing the Self Node Remediation Operator by using the CLI
 
diff --git a/modules/eco-self-node-remediation-operator-installation-web-console.adoc b/modules/eco-self-node-remediation-operator-installation-web-console.adoc
index 1f44cdb63811..b44562724b38 100644
--- a/modules/eco-self-node-remediation-operator-installation-web-console.adoc
+++ b/modules/eco-self-node-remediation-operator-installation-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // *nodes/nodes/eco-self-node-remediation-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-self-node-remediation-operator-using-web-console_{context}"]
 = Installing the Self Node Remediation Operator by using the web console
 
diff --git a/modules/eco-self-node-remediation-operator-troubleshooting.adoc b/modules/eco-self-node-remediation-operator-troubleshooting.adoc
index 26935f3bcbf0..e79a7eb8c7c0 100644
--- a/modules/eco-self-node-remediation-operator-troubleshooting.adoc
+++ b/modules/eco-self-node-remediation-operator-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/eco-self-node-remediation-operator.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="troubleshooting-self-node-remediation-operator_{context}"]
 = Troubleshooting the Self Node Remediation Operator
 
diff --git a/modules/eco-setting-node-maintenance-actions-web-console.adoc b/modules/eco-setting-node-maintenance-actions-web-console.adoc
index 40caf350883c..9f47263b0a84 100644
--- a/modules/eco-setting-node-maintenance-actions-web-console.adoc
+++ b/modules/eco-setting-node-maintenance-actions-web-console.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-setting-node-maintenance-actions-web-console_{context}"]
 = Setting a bare-metal node to maintenance mode
 Set a bare-metal node to maintenance mode using the Options menu {kebab} found on each node in the *Compute* -> *Nodes* list, or using the *Actions* control of the *Node Details* screen.
diff --git a/modules/eco-setting-node-maintenance-cr-cli.adoc b/modules/eco-setting-node-maintenance-cr-cli.adoc
index 31ef35f46993..b5b9d4fff84c 100644
--- a/modules/eco-setting-node-maintenance-cr-cli.adoc
+++ b/modules/eco-setting-node-maintenance-cr-cli.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-setting-node-maintenance-cr-cli_{context}"]
 = Setting a node to maintenance mode by using the CLI
 
diff --git a/modules/eco-setting-node-maintenance-cr-web-console.adoc b/modules/eco-setting-node-maintenance-cr-web-console.adoc
index 77b6371406ef..2e2a5489a323 100644
--- a/modules/eco-setting-node-maintenance-cr-web-console.adoc
+++ b/modules/eco-setting-node-maintenance-cr-web-console.adoc
@@ -2,7 +2,7 @@
 //
 //nodes/nodes/eco-node-maintenance-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="eco-setting-node-maintenance-web-console_{context}"]
 = Setting a node to maintenance mode by using the web console
 
diff --git a/modules/edge-machine-pools-aws-local-zones.adoc b/modules/edge-machine-pools-aws-local-zones.adoc
index 302d29b2b059..f11ac1c78fe9 100644
--- a/modules/edge-machine-pools-aws-local-zones.adoc
+++ b/modules/edge-machine-pools-aws-local-zones.adoc
@@ -1,21 +1,25 @@
 // Module included in the following assemblies:
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: CONCEPT
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:edge:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
 [id="edge-machine-pools-aws-local-zones_{context}"]
 = Edge compute pools and AWS Local Zones
 
 Edge worker nodes are tainted worker nodes that run in AWS Local Zones locations.
 
-When deploying a cluster that uses Local Zones:
+When deploying a cluster that uses Local Zones, consider the following points:
 
 * Amazon EC2 instances in the Local Zones are more expensive than Amazon EC2 instances in the Availability Zones.
-* Latency between applications and end users is lower in Local Zones, and it may vary by location. There is a latency impact for some workloads if, for example, routers are mixed between Local Zones and Availability Zones.
-* The cluster-network Maximum Transmission Unit (MTU) is adjusted automatically to the lower restricted by AWS when Local Zone subnets are detected on the `install-config.yaml`, according to the network plugin. For example, the adjusted values are 1200 for OVN-Kubernetes and 1250 for OpenShift SDN. If additional features are enabled, manual MTU adjustment can be necessary.
+* Latency between applications and end users is lower in Local Zones, and latency might vary by location. A latency impact exists for some workloads if, for example, ingress traffic is mixed between Local Zones and Availability Zones.
 
 [IMPORTANT]
 ====
-Generally, the Maximum Transmission Unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. For more information, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation. 
+Generally, the maximum transmission unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. For more information, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation.
 The cluster network MTU must be always less than the EC2 MTU to account for the overhead. The specific overhead is determined by the network plugin, for example:
 
 - OVN-Kubernetes: `100 bytes`
@@ -23,3 +27,93 @@ The cluster network MTU must be always less than the EC2 MTU to account for the
 
 The network plugin can provide additional features, like IPsec, that also must be decreased the MTU. For additional information, see the documentation.
 ====
+
+{product-title} 4.12 introduced a new compute pool, _edge_, that is designed for use in remote zones. The edge compute pool configuration is common between AWS Local Zones locations. Because of the type and size limitations of resources like EC2 and EBS on Local Zone resources, the default instance type can vary from the traditional worker pool.
+
+The default Elastic Block Store (EBS) for Local Zone locations is `gp2`, which differs from the regular worker pool. The instance type used for each Local Zone on edge compute pool also might differ from worker pools, depending on the instance offerings on the zone.
+
+The edge compute pool creates new labels that developers can use to deploy applications onto AWS Local Zones nodes. The new labels are:
+
+* `node-role.kubernetes.io/edge=''`
+* `machine.openshift.io/zone-type=local-zone`
+* `machine.openshift.io/zone-group=$ZONE_GROUP_NAME`
+
+////
+By default, the system creates the edge compute pool manifests only if users add AWS Local Zones subnet IDs to the list `platform.aws.subnets`.
+////
+
+By default, the machine sets for the edge compute pool defines the taint of `NoSchedule` to prevent regular workloads from spreading on Local Zone instances. Users can only run user workloads if they define tolerations in the pod specification.
+
+ifndef::edge[]
+The following examples show `install-config.yaml` files that use the edge machine pool.
+
+.Configuration that uses an edge pool with a custom instance type
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: devcluster.openshift.com
+metadata:
+  name: ipi-localzone
+compute:
+- name: edge
+  platform:
+    aws:
+      type: m5.4xlarge
+platform:
+  aws:
+    region: us-west-2
+pullSecret: '{"auths": ...}'
+sshKey: ssh-ed25519 AAAA...
+----
+
+Instance types differ between locations. To verify availability in the Local Zone in which the cluster runs, see the AWS documentation.
+
+.Configuration that uses an edge pool with a custom EBS type
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: devcluster.openshift.com
+metadata:
+  name: ipi-localzone
+compute:
+- name: edge
+  platform:
+    aws:
+      rootVolume:
+        type: gp3
+        size: 120
+platform:
+  aws:
+    region: us-west-2
+pullSecret: '{"auths": ...}'
+sshKey: ssh-ed25519 AAAA...
+----
+
+EBS types differ between locations. Check the AWS documentation to verify availability in the Local Zone in which the cluster runs.
+
+.Configuration that uses an edge pool with custom security groups
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: devcluster.openshift.com
+metadata:
+  name: ipi-localzone
+compute:
+- name: edge
+  platform:
+    aws:
+      additionalSecurityGroupIDs:
+        - sg-1 <1>
+        - sg-2
+platform:
+  aws:
+    region: us-west-2
+pullSecret: '{"auths": ...}'
+sshKey: ssh-ed25519 AAAA...
+----
+<1> Specify the name of the security group as it appears in the Amazon EC2 console, including the `sg` prefix.
+endif::edge[]
+
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:!edge:
+endif::[]
diff --git a/modules/enable-aws-access.adoc b/modules/enable-aws-access.adoc
index 82c2bf046caf..5a24ec8b30d9 100644
--- a/modules/enable-aws-access.adoc
+++ b/modules/enable-aws-access.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="enable-aws-access"]
 = Understanding AWS cloud infrastructure access
 
diff --git a/modules/enable-private-cluster-existing.adoc b/modules/enable-private-cluster-existing.adoc
index 7b4e3fdfe902..ea487a0a84f7 100644
--- a/modules/enable-private-cluster-existing.adoc
+++ b/modules/enable-private-cluster-existing.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/private-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enable-private-cluster-existing_{context}"]
 = Enabling an existing cluster to be private
 
diff --git a/modules/enable-private-cluster-new.adoc b/modules/enable-private-cluster-new.adoc
index d65f85c3d6bd..19f44d53b1ea 100644
--- a/modules/enable-private-cluster-new.adoc
+++ b/modules/enable-private-cluster-new.adoc
@@ -3,7 +3,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/private-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enable-private-cluster-new_{context}"]
 = Enabling a private cluster during cluster creation
 
diff --git a/modules/enable-public-cluster.adoc b/modules/enable-public-cluster.adoc
index 04e7954a735e..8961950aa868 100644
--- a/modules/enable-public-cluster.adoc
+++ b/modules/enable-public-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd_private_connections/private-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enable-public-cluster_{context}"]
 = Enabling an existing private cluster to be public
 // TODO: These wordings of "enabling the cluster "to be public/private" could probably be improved. At the very least, these two modules should probably use "Configuring" instead of "Enabling", as it is worded now.
diff --git a/modules/enabling-baseline-capability-set.adoc b/modules/enabling-baseline-capability-set.adoc
index 711ad6fefec4..b3a84816525c 100644
--- a/modules/enabling-baseline-capability-set.adoc
+++ b/modules/enabling-baseline-capability-set.adoc
@@ -20,6 +20,6 @@ As a cluster administrator, you can enable the capabilities by setting `baseline
 $ oc patch clusterversion version --type merge -p '{"spec":{"capabilities":{"baselineCapabilitySet":"vCurrent"}}}' <1>
 ----
 +
-<1> For `baselineCapabilitySet` you can specify `vCurrent`, `v4.12`, `v4.13`, or `None`.
+<1> For `baselineCapabilitySet` you can specify `vCurrent`, `v{product-version}`, or `None`.
 
 include::snippets/capabilities-table.adoc[]
diff --git a/modules/enabling-encapsulation.adoc b/modules/enabling-encapsulation.adoc
index faaf4cdfe183..2ffd0cc6a922 100644
--- a/modules/enabling-encapsulation.adoc
+++ b/modules/enabling-encapsulation.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/optimization/optimizing-cpu-usage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-encapsulation_{context}"]
 = Configuring mount namespace encapsulation
 
diff --git a/modules/enabling-etcd-encryption.adoc b/modules/enabling-etcd-encryption.adoc
index a639a82f6066..e14f6708ce6b 100644
--- a/modules/enabling-etcd-encryption.adoc
+++ b/modules/enabling-etcd-encryption.adoc
@@ -3,7 +3,7 @@
 // * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-etcd-encryption_{context}"]
 = Enabling etcd encryption
 
diff --git a/modules/enabling-insights-advisor-recommendations.adoc b/modules/enabling-insights-advisor-recommendations.adoc
index f11d3363ba36..1f330fb0ff6a 100644
--- a/modules/enabling-insights-advisor-recommendations.adoc
+++ b/modules/enabling-insights-advisor-recommendations.adoc
@@ -1,13 +1,12 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
-// * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-insights-advisor-recommendations_{context}"]
 = Enabling a previously disabled Insights Advisor recommendation
 
-When a recommendation is disabled for all clusters, you will no longer see the recommendation in Insights Advisor. You can change this behavior.
+When a recommendation is disabled for all clusters, you no longer see the recommendation in the Insights Advisor. You can change this behavior.
 
 .Prerequisites
 
@@ -18,6 +17,9 @@ When a recommendation is disabled for all clusters, you will no longer see the r
 .Procedure
 
 . Navigate to *Advisor* -> *Recommendations* on {cluster-manager-url}.
-. Filter the recommendations by *Status* -> *Disabled*.
+. Filter the recommendations to display on the disabled recommendations:
+.. From the *Status* drop-down menu, select *Status*.
+.. From the *Filter by status* drop-down menu, select *Disabled*.
+.. Optional: Clear the *Clusters impacted* filter.
 . Locate the recommendation to enable.
 . Click the *Options* menu {kebab}, and then click *Enable recommendation*.
diff --git a/modules/enabling-insights-operator-alerts.adoc b/modules/enabling-insights-operator-alerts.adoc
new file mode 100644
index 000000000000..99d2d82c5676
--- /dev/null
+++ b/modules/enabling-insights-operator-alerts.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-operator.adoc
+
+
+:_mod-docs-content-type: CONCEPT
+[id="enabling-insights-operator-alerts_{context}"]
+= Enabling Insights Operator alerts
+
+When alerts are disabled, the Insights Operator no longer sends alerts to the cluster Prometheus instance. You can change this behavior.
+
+.Prerequisites
+
+* Remote health reporting is enabled, which is the default.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as `cluster-admin`.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+
+.Procedure
+
+. Navigate to *Workloads* -> *Secrets*.
+. On the *Secrets* page, select *All Projects* from the *Project* list, and then set *Show default projects* to *ON*.
+. Select the *openshift-config* project from the *Projects* list.
+. Search for the *support* secret by using the *Search by name* field.
+. Click the *Options* menu {kebab}, and then click *Edit Secret*.
+. For the `disableInsightsAlerts` key, set the *Value* field to `false`.
+
+After you save the changes, Insights Operator again sends alerts to the cluster Prometheus instance.
diff --git a/modules/enabling-insights-operator-gather.adoc b/modules/enabling-insights-operator-gather.adoc
new file mode 100644
index 000000000000..6449cc04416b
--- /dev/null
+++ b/modules/enabling-insights-operator-gather.adoc
@@ -0,0 +1,73 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-operator.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="enabling-insights-operator-gather_{context}"]
+= Enabling the Insights Operator gather operations
+
+You can enable the Insights Operator gather operations, if the gather operations have been disabled.
+
+:FeatureName: The `InsightsDataGather` custom resource
+include::snippets/technology-preview.adoc[]
+
+.Prerequisites
+
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+
+.Procedure
+
+. Navigate to *Administration* -> *CustomResourceDefinitions*.
+. On the *CustomResourceDefinitions* page, use the *Search by name* field to find the *InsightsDataGather* resource definition and click it.
+. On the *CustomResourceDefinition details* page, click the *Instances* tab.
+. Click *cluster*, and then click the *YAML* tab.
+. Enable the gather operations by performing one of the following edits:
+
+** To enable all disabled gather operations, remove the `gatherConfig` stanza:
++
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1alpha1
+kind: InsightsDataGather
+metadata:
+....
+
+spec:
+  gatherConfig: <1>
+    disabledGatherers: all
+----
++
+--
+<1> Remove the `gatherConfig` stanza to enable all gather operations.
+--
+
+** To enable individual gather operations, remove their values under the `disabledGatherers` key:
++
+[source,yaml]
+----
+spec:
+  gatherConfig:
+    disabledGatherers:
+      - clusterconfig/container_images <1>
+      - clusterconfig/host_subnets
+      - workloads/workload_info
+----
++
+--
+<1> Remove one or more gather operations.
+--
++
+. Click *Save*.
++
+After you save the changes, the Insights Operator gather configurations are updated and the affected gather operations start.
+
+[NOTE]
+====
+Disabling gather operations degrades Insights Advisor's ability to offer effective recommendations for your cluster.
+====
diff --git a/modules/enabling-internal-api-server-vsphere.adoc b/modules/enabling-internal-api-server-vsphere.adoc
index db927aaf9c7d..a890ea287975 100644
--- a/modules/enabling-internal-api-server-vsphere.adoc
+++ b/modules/enabling-internal-api-server-vsphere.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-internal-api-server-vsphere_{context}"]
 = Enabling communication with the internal API server for the WMCO on vSphere
 
diff --git a/modules/enabling-log-console-plugin.adoc b/modules/enabling-log-console-plugin.adoc
new file mode 100644
index 000000000000..e3876ffd85a5
--- /dev/null
+++ b/modules/enabling-log-console-plugin.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * logging/log_visualization/log-visualization-ocp-console.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="enabling-log-console-plugin_{context}"]
+= Enabling the {log-plug} after you have installed the {clo}
+
+You can enable the {log-plug} as part of the {clo} installation, but you can also enable the plugin if you have already installed the {clo} with the plugin disabled.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have installed the {clo} and selected *Disabled* for the *Console plugin*.
+* You have access to the {product-title} web console.
+
+.Procedure
+
+. In the {product-title} web console *Administrator* perspective, navigate to *Operators* -> *Installed Operators*.
+. Click *Red Hat OpenShift Logging*. This takes you to the Operator *Details* page.
+. In the *Details* page, click *Disabled* for the *Console plugin* option.
+. In the *Console plugin enablement* dialog, select *Enable*.
+. Click *Save*.
+. Verify that the *Console plugin* option now shows *Enabled*.
+. The web console displays a pop-up window when changes have been applied. The window prompts you to reload the web console. Refresh the browser when you see the pop-up window to apply the changes.
diff --git a/modules/enabling-multi-cluster-console.adoc b/modules/enabling-multi-cluster-console.adoc
index e8eb5c7bb5d4..3e10fdea486b 100644
--- a/modules/enabling-multi-cluster-console.adoc
+++ b/modules/enabling-multi-cluster-console.adoc
@@ -2,7 +2,7 @@
 //
 // * assemblies/web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enable-multi-cluster-console_{context}"]
 = Enabling multicluster in the web console
 
diff --git a/modules/enabling-plug-in-browser.adoc b/modules/enabling-plug-in-browser.adoc
index a58ddc2c0c1e..4775147d5099 100644
--- a/modules/enabling-plug-in-browser.adoc
+++ b/modules/enabling-plug-in-browser.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plug-ins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enable-plug-in-browser_{context}"]
 = Enable dynamic plugins in the web console
 Cluster administrators can enable plugins in the web console browser. Dynamic plugins are disabled by default. In order to enable, a cluster administrator will need to enable them in the `console-operator` configuration.
diff --git a/modules/ephemeral-storage-additional-details-about-volumeattributes-on-shared-resource-pod-volumes.adoc b/modules/ephemeral-storage-additional-details-about-volumeattributes-on-shared-resource-pod-volumes.adoc
index 071d522d529a..62fc3e44ed6b 100644
--- a/modules/ephemeral-storage-additional-details-about-volumeattributes-on-shared-resource-pod-volumes.adoc
+++ b/modules/ephemeral-storage-additional-details-about-volumeattributes-on-shared-resource-pod-volumes.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="ephemeral-storage-additional-details-about-volumeattributes-on-shared-resource-pod-volumes_{context}"]
 = Additional details about VolumeAttributes on shared resource pod volumes
diff --git a/modules/ephemeral-storage-additional-support-limitations-for-shared-resource-csi-driver.adoc b/modules/ephemeral-storage-additional-support-limitations-for-shared-resource-csi-driver.adoc
index a205bece172a..0f5fc0e65a30 100644
--- a/modules/ephemeral-storage-additional-support-limitations-for-shared-resource-csi-driver.adoc
+++ b/modules/ephemeral-storage-additional-support-limitations-for-shared-resource-csi-driver.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="ephemeral-storage-additional-support-limitations-for-shared-resource-csi-driver_{context}"]
 = Additional support limitations for the Shared Resource CSI Driver
diff --git a/modules/ephemeral-storage-csi-inline-overview-admin-plugin.adoc b/modules/ephemeral-storage-csi-inline-overview-admin-plugin.adoc
index 6ddf45dbcb9d..755ae1cee9d8 100644
--- a/modules/ephemeral-storage-csi-inline-overview-admin-plugin.adoc
+++ b/modules/ephemeral-storage-csi-inline-overview-admin-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/ephemeral-storage-csi-inline.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ephemeral-storage-csi-overview-admin-plugin_{context}"]
 = CSI Volume Admission plugin
 
@@ -25,7 +25,7 @@ metadata:
 
 This “effective profile” communicates that a pod can use the CSI driver to mount CSI ephemeral volumes when the pod’s namespace is governed by a pod security standard.
 
-The CSI Volume Admission plugin inspects pod volumes when pods are created; existing pods that use CSI volumes are not affected. If a pod uses a container storage interface (CSI) volume, the plugin looks up the `CSIDriver` object and inspects the `csi-ephemeral-volume-profile` label, and then use the label’s value in its enforcement, warning, and audit decisions. 
+The CSI Volume Admission plugin inspects pod volumes when pods are created; existing pods that use CSI volumes are not affected. If a pod uses a container storage interface (CSI) volume, the plugin looks up the `CSIDriver` object and inspects the `csi-ephemeral-volume-profile` label, and then use the label’s value in its enforcement, warning, and audit decisions.
 
 [id="security-profile-enforcement"]
 == Pod security profile enforcement
@@ -106,12 +106,12 @@ The CSI Volume Admission plugin can apply audit annotations to the pod if the CS
 [id="admission-plugin-default-behavior"]
 == Default behavior for the CSI Volume Admission plugin
 
-If the referenced CSI driver for a CSI ephemeral volume does not have the `csi-ephemeral-volume-profile` label, the CSI Volume Admission plugin considers the driver to have the privileged profile for enforcement, warning, and audit behaviors. Likewise, if the pod’s namespace does not have the pod security admission label set, the Admission plugin assumes the restricted profile is allowed for enforcement, warning, and audit decisions. Therefore, if no labels are set, CSI ephemeral volumes using that CSI driver are only usable in privileged namespaces by default. 
+If the referenced CSI driver for a CSI ephemeral volume does not have the `csi-ephemeral-volume-profile` label, the CSI Volume Admission plugin considers the driver to have the privileged profile for enforcement, warning, and audit behaviors. Likewise, if the pod’s namespace does not have the pod security admission label set, the Admission plugin assumes the restricted profile is allowed for enforcement, warning, and audit decisions. Therefore, if no labels are set, CSI ephemeral volumes using that CSI driver are only usable in privileged namespaces by default.
 
 The CSI drivers that ship with {product-title} and support ephemeral volumes have a reasonable default set for the `csi-ephemeral-volume-profile` label:
 
 * Shared Resource CSI driver: restricted
 
-* Azure File CSI driver: privileged 
+* Azure File CSI driver: privileged
 
 An admin can change the default value of the label if desired.
\ No newline at end of file
diff --git a/modules/ephemeral-storage-csi-inline-overview.adoc b/modules/ephemeral-storage-csi-inline-overview.adoc
index cb97b8bdaf70..646983db89b6 100644
--- a/modules/ephemeral-storage-csi-inline-overview.adoc
+++ b/modules/ephemeral-storage-csi-inline-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/ephemeral-storage-csi-inline.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ephemeral-storage-csi-inline-overview_{context}"]
 = Overview of CSI inline ephemeral volumes
 
diff --git a/modules/ephemeral-storage-csi-inline-pod.adoc b/modules/ephemeral-storage-csi-inline-pod.adoc
index 67f8c93e9cb2..53d52b31040d 100644
--- a/modules/ephemeral-storage-csi-inline-pod.adoc
+++ b/modules/ephemeral-storage-csi-inline-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/ephemeral-storage-csi-inline-pod-scheduling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ephemeral-storage-csi-inline-pod_{context}"]
 = Embedding a CSI inline ephemeral volume in the pod specification
 
diff --git a/modules/ephemeral-storage-integration-between-shared-resources-insights-operator-and-openshift-builds.adoc b/modules/ephemeral-storage-integration-between-shared-resources-insights-operator-and-openshift-builds.adoc
index 62691d8cd385..10e34800636b 100644
--- a/modules/ephemeral-storage-integration-between-shared-resources-insights-operator-and-openshift-builds.adoc
+++ b/modules/ephemeral-storage-integration-between-shared-resources-insights-operator-and-openshift-builds.adoc
@@ -1,4 +1,4 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="ephemeral-storage-integration-between-shared-resources-insights-operator-and-openshift-builds_{context}"]
 = Integration between shared resources, Insights Operator, and {product-title} Builds
diff --git a/modules/ephemeral-storage-sharing-configmaps-across-namespaces.adoc b/modules/ephemeral-storage-sharing-configmaps-across-namespaces.adoc
index 9da4cf670d59..680e5070aa38 100644
--- a/modules/ephemeral-storage-sharing-configmaps-across-namespaces.adoc
+++ b/modules/ephemeral-storage-sharing-configmaps-across-namespaces.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="ephemeral-storage-sharing-configmaps-across-namespaces_{context}"]
 = Sharing a config map across namespaces
diff --git a/modules/ephemeral-storage-sharing-secrets-across-namespaces.adoc b/modules/ephemeral-storage-sharing-secrets-across-namespaces.adoc
index fd80147e7c5c..2b6ab91f521b 100644
--- a/modules/ephemeral-storage-sharing-secrets-across-namespaces.adoc
+++ b/modules/ephemeral-storage-sharing-secrets-across-namespaces.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="ephemeral-storage-sharing-secrets-across-namespaces_{context}"]
 = Sharing secrets across namespaces
diff --git a/modules/ephemeral-storage-using-a-sharedconfigmap-object-in-a-pod.adoc b/modules/ephemeral-storage-using-a-sharedconfigmap-object-in-a-pod.adoc
index 552ea3fc2c29..7575e74290a0 100644
--- a/modules/ephemeral-storage-using-a-sharedconfigmap-object-in-a-pod.adoc
+++ b/modules/ephemeral-storage-using-a-sharedconfigmap-object-in-a-pod.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="ephemeral-storage-using-a-sharedconfigmap-object-in-a-pod_{context}"]
 = Using a SharedConfigMap instance in a pod
diff --git a/modules/ephemeral-storage-using-a-sharedsecrets-resource-in-a-pod.adoc b/modules/ephemeral-storage-using-a-sharedsecrets-resource-in-a-pod.adoc
index 8ffe930a3526..7b23f49b48a5 100644
--- a/modules/ephemeral-storage-using-a-sharedsecrets-resource-in-a-pod.adoc
+++ b/modules/ephemeral-storage-using-a-sharedsecrets-resource-in-a-pod.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="ephemeral-storage-using-a-sharedsecrets-resource-in-a-pod_{context}"]
 = Using a SharedSecret instance in a pod
diff --git a/modules/es-cluster-health-is-red.adoc b/modules/es-cluster-health-is-red.adoc
new file mode 100644
index 000000000000..9a087ffd76e5
--- /dev/null
+++ b/modules/es-cluster-health-is-red.adoc
@@ -0,0 +1,172 @@
+// Module included in the following assemblies:
+//
+// * logging/troubleshooting/troubleshooting-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="es-cluster-health-is-red_{context}"]
+= Elasticsearch cluster health status is red
+
+At least one primary shard and its replicas are not allocated to a node. Use the following procedure to troubleshoot this alert.
+
+include::snippets/es-pod-var-logging.adoc[]
+
+.Procedure
+
+. Check the Elasticsearch cluster health and verify that the cluster `status` is red by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME -- health
+----
+
+. List the nodes that have joined the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cat/nodes?v
+----
+
+. List the Elasticsearch pods and compare them with the nodes in the command output from the previous step, by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get pods -l component=elasticsearch
+----
+
+. If some of the Elasticsearch nodes have not joined the cluster, perform the following steps.
+
+.. Confirm that Elasticsearch has an elected master node by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cat/master?v
+----
+
+.. Review the pod logs of the elected master node for issues by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc logs <elasticsearch_master_pod_name> -c elasticsearch -n openshift-logging
+----
+
+.. Review the logs of nodes that have not joined the cluster for issues by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc logs <elasticsearch_node_name> -c elasticsearch -n openshift-logging
+----
+
+. If all the nodes have joined the cluster, check if the cluster is in the process of recovering by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cat/recovery?active_only=true
+----
++
+If there is no command output, the recovery process might be delayed or stalled by pending tasks.
+
+. Check if there are pending tasks by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- health | grep number_of_pending_tasks
+----
+
+. If there are pending tasks, monitor their status. If their status changes and indicates that the cluster is recovering, continue waiting. The recovery time varies according to the size of the cluster and other factors. Otherwise, if the status of the pending tasks does not change, this indicates that the recovery has stalled.
+
+. If it seems like the recovery has stalled, check if the `cluster.routing.allocation.enable` value is set to `none`, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cluster/settings?pretty
+----
+
+. If the `cluster.routing.allocation.enable` value is set to `none`, set it to `all`, by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cluster/settings?pretty \
+  -X PUT -d '{"persistent": {"cluster.routing.allocation.enable":"all"}}'
+----
+
+. Check if any indices are still red by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cat/indices?v
+----
+
+. If any indices are still red, try to clear them by performing the following steps.
+
+.. Clear the cache by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name>/_cache/clear?pretty
+----
+
+.. Increase the max allocation retries by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name>/_settings?pretty \
+  -X PUT -d '{"index.allocation.max_retries":10}'
+----
+
+.. Delete all the scroll items by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_search/scroll/_all -X DELETE
+----
+
+.. Increase the timeout by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name>/_settings?pretty \
+  -X PUT -d '{"index.unassigned.node_left.delayed_timeout":"10m"}'
+----
+
+. If the preceding steps do not clear the red indices, delete the indices individually.
+
+.. Identify the red index name by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cat/indices?v
+----
+
+.. Delete the red index by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_red_index_name> -X DELETE
+----
+
+. If there are no red indices and the cluster status is red, check for a continuous heavy processing load on a data node.
+
+.. Check if the Elasticsearch JVM Heap usage is high by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_nodes/stats?pretty
+----
++
+In the command output, review the `node_name.jvm.mem.heap_used_percent` field to determine the JVM Heap usage.
+
+.. Check for high CPU utilization. For more information about CPU utilitzation, see the {product-title} "Reviewing monitoring dashboards" documentation.
diff --git a/modules/es-disk-space-low.adoc b/modules/es-disk-space-low.adoc
new file mode 100644
index 000000000000..c647e27159ed
--- /dev/null
+++ b/modules/es-disk-space-low.adoc
@@ -0,0 +1,72 @@
+// Module included in the following assemblies:
+//
+// * logging/troubleshooting/troubleshooting-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="es-disk-space-low_{context}"]
+= Elasticsearch disk space is running low
+
+Elasticsearch is predicted to run out of disk space within the next 6 hours based on current disk usage. Use the following procedure to troubleshoot this alert.
+
+.Procedure
+
+. Get the disk space of the Elasticsearch node:
++
+[source,terminal]
+----
+$ for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; \
+  do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod \
+  -- df -h /elasticsearch/persistent; done
+----
+
+. In the command output, check the `Avail` column to determine the free disk space on that node.
++
+.Example output
+[source,terminal]
+----
+elasticsearch-cdm-kcrsda6l-1-586cc95d4f-h8zq8
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme1n1     19G  522M   19G   3% /elasticsearch/persistent
+elasticsearch-cdm-kcrsda6l-2-5b548fc7b-cwwk7
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme2n1     19G  522M   19G   3% /elasticsearch/persistent
+elasticsearch-cdm-kcrsda6l-3-5dfc884d99-59tjw
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme3n1     19G  528M   19G   3% /elasticsearch/persistent
+----
+
+. Increase the disk space on all nodes. If increasing the disk space is not possible, try adding a new data node to the cluster, or decrease the total cluster redundancy policy.
+
+. To check the current `redundancyPolicy`, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get es elasticsearch -o jsonpath='{.spec.redundancyPolicy}'
+----
++
+If you are using a `ClusterLogging` resource on your cluster, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get cl \
+  -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
+----
++
+If the cluster `redundancyPolicy` value is higher than the `SingleRedundancy` value, set it to the `SingleRedundancy` value and save this change.
+
+. If the preceding steps do not fix the issue, delete the old indices.
+.. Check the status of all indices on Elasticsearch by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME -- indices
+----
+
+.. Identify an old index that can be deleted.
+.. Delete the index by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name> -X DELETE
+----
diff --git a/modules/es-node-disk-flood-watermark-reached.adoc b/modules/es-node-disk-flood-watermark-reached.adoc
new file mode 100644
index 000000000000..c6030aadcbb8
--- /dev/null
+++ b/modules/es-node-disk-flood-watermark-reached.adoc
@@ -0,0 +1,89 @@
+// Module included in the following assemblies:
+//
+// * logging/troubleshooting/troubleshooting-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="es-node-disk-flood-watermark-reached_{context}"]
+= Elasticsearch node disk flood watermark reached
+
+Elasticsearch enforces a read-only index block on every index that has both of these conditions:
+
+* One or more shards are allocated to the node.
+* One or more disks exceed the https://www.elastic.co/guide/en/elasticsearch/reference/6.8/disk-allocator.html[flood stage].
+
+Use the following procedure to troubleshoot this alert.
+
+include::snippets/es-pod-var-logging.adoc[]
+
+.Procedure
+
+. Get the disk space of the Elasticsearch node:
++
+[source,terminal]
+----
+$ for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; \
+  do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod \
+  -- df -h /elasticsearch/persistent; done
+----
+
+. In the command output, check the `Avail` column to determine the free disk space on that node.
++
+.Example output
+[source,terminal]
+----
+elasticsearch-cdm-kcrsda6l-1-586cc95d4f-h8zq8
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme1n1     19G  522M   19G   3% /elasticsearch/persistent
+elasticsearch-cdm-kcrsda6l-2-5b548fc7b-cwwk7
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme2n1     19G  522M   19G   3% /elasticsearch/persistent
+elasticsearch-cdm-kcrsda6l-3-5dfc884d99-59tjw
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme3n1     19G  528M   19G   3% /elasticsearch/persistent
+----
+
+. Increase the disk space on all nodes. If increasing the disk space is not possible, try adding a new data node to the cluster, or decrease the total cluster redundancy policy.
+
+. To check the current `redundancyPolicy`, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get es elasticsearch \
+  -o jsonpath='{.spec.redundancyPolicy}'
+----
++
+If you are using a `ClusterLogging` resource on your cluster, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get cl \
+  -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
+----
++
+If the cluster `redundancyPolicy` value is higher than the `SingleRedundancy` value, set it to the `SingleRedundancy` value and save this change.
+
+. If the preceding steps do not fix the issue, delete the old indices.
+.. Check the status of all indices on Elasticsearch by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME -- indices
+----
+
+.. Identify an old index that can be deleted.
+.. Delete the index by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name> -X DELETE
+----
+
+. Continue freeing up and monitoring the disk space. After the used disk space drops below 90%, unblock writing to this node by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_all/_settings?pretty \
+  -X PUT -d '{"index.blocks.read_only_allow_delete": null}'
+----
diff --git a/modules/es-node-disk-high-watermark-reached.adoc b/modules/es-node-disk-high-watermark-reached.adoc
new file mode 100644
index 000000000000..30326628a7bf
--- /dev/null
+++ b/modules/es-node-disk-high-watermark-reached.adoc
@@ -0,0 +1,78 @@
+// Module included in the following assemblies:
+//
+// * logging/troubleshooting/troubleshooting-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="es-node-disk-high-watermark-reached_{context}"]
+= Elasticsearch node disk high watermark reached
+
+Elasticsearch attempts to relocate shards away from a node that has reached the high watermark to a node with low disk usage that has not crossed any watermark threshold limits.
+
+To allocate shards to a particular node, you must free up some space on that node. If increasing the disk space is not possible, try adding a new data node to the cluster, or decrease the total cluster redundancy policy.
+
+include::snippets/es-pod-var-logging.adoc[]
+
+.Procedure
+
+. Identify the node on which Elasticsearch is deployed by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get po -o wide
+----
+
+. Check the disk space on each node:
++
+[source,terminal]
+----
+$ for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; \
+  do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod \
+  -- df -h /elasticsearch/persistent; done
+----
+
+. Check if the cluster is rebalancing:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cluster/health?pretty | grep relocating_shards
+----
++
+If the command output shows relocating shards, the high watermark has been exceeded. The default value of the high watermark is 90%.
+
+. Increase the disk space on all nodes. If increasing the disk space is not possible, try adding a new data node to the cluster, or decrease the total cluster redundancy policy.
+
+. To check the current `redundancyPolicy`, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get es elasticsearch \
+  -o jsonpath='{.spec.redundancyPolicy}'
+----
++
+If you are using a `ClusterLogging` resource on your cluster, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get cl \
+  -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
+----
++
+If the cluster `redundancyPolicy` value is higher than the `SingleRedundancy` value, set it to the `SingleRedundancy` value and save this change.
+
+. If the preceding steps do not fix the issue, delete the old indices.
+.. Check the status of all indices on Elasticsearch by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME -- indices
+----
+
+.. Identify an old index that can be deleted.
+.. Delete the index by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name> -X DELETE
+----
diff --git a/modules/es-node-disk-low-watermark-reached.adoc b/modules/es-node-disk-low-watermark-reached.adoc
new file mode 100644
index 000000000000..490716adcce0
--- /dev/null
+++ b/modules/es-node-disk-low-watermark-reached.adoc
@@ -0,0 +1,90 @@
+// Module included in the following assemblies:
+//
+// * logging/troubleshooting/troubleshooting-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="es-node-disk-low-watermark-reached_{context}"]
+= Elasticsearch node disk low watermark reached
+
+Elasticsearch does not allocate shards to nodes that reach the low watermark.
+
+include::snippets/es-pod-var-logging.adoc[]
+
+.Procedure
+
+. Identify the node on which Elasticsearch is deployed by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get po -o wide
+----
+
+. Check if there are unassigned shards by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=_cluster/health?pretty | grep unassigned_shards
+----
+
+. If there are unassigned shards, check the disk space on each node, by running the following command:
++
+[source,terminal]
+----
+$ for pod in `oc -n openshift-logging get po -l component=elasticsearch -o jsonpath='{.items[*].metadata.name}'`; \
+  do echo $pod; oc -n openshift-logging exec -c elasticsearch $pod \
+  -- df -h /elasticsearch/persistent; done
+----
+
+. In the command output, check the `Use` column to determine the used disk percentage on that node.
++
+.Example output
+[source,terminal]
+----
+elasticsearch-cdm-kcrsda6l-1-586cc95d4f-h8zq8
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme1n1     19G  522M   19G   3% /elasticsearch/persistent
+elasticsearch-cdm-kcrsda6l-2-5b548fc7b-cwwk7
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme2n1     19G  522M   19G   3% /elasticsearch/persistent
+elasticsearch-cdm-kcrsda6l-3-5dfc884d99-59tjw
+Filesystem      Size  Used Avail Use% Mounted on
+/dev/nvme3n1     19G  528M   19G   3% /elasticsearch/persistent
+----
++
+If the used disk percentage is above 85%, the node has exceeded the low watermark, and shards can no longer be allocated to this node.
+
+. To check the current `redundancyPolicy`, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get es elasticsearch \
+  -o jsonpath='{.spec.redundancyPolicy}'
+----
++
+If you are using a `ClusterLogging` resource on your cluster, run the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging get cl \
+  -o jsonpath='{.items[*].spec.logStore.elasticsearch.redundancyPolicy}'
+----
++
+If the cluster `redundancyPolicy` value is higher than the `SingleRedundancy` value, set it to the `SingleRedundancy` value and save this change.
+
+. If the preceding steps do not fix the issue, delete the old indices.
+.. Check the status of all indices on Elasticsearch by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME -- indices
+----
+
+.. Identify an old index that can be deleted.
+.. Delete the index by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n openshift-logging -c elasticsearch $ES_POD_NAME \
+  -- es_util --query=<elasticsearch_index_name> -X DELETE
+----
diff --git a/modules/etcd-creating-automated-backups.adoc b/modules/etcd-creating-automated-backups.adoc
new file mode 100644
index 000000000000..c641fb18a094
--- /dev/null
+++ b/modules/etcd-creating-automated-backups.adoc
@@ -0,0 +1,356 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-automated-etcd-backups_{context}"]
+= Creating automated etcd backups
+
+The automated backup feature for etcd supports both recurring and single backups. Recurring backups create a cron job that starts a single backup each time the job triggers.
+
+:FeatureName: Automating etcd backups
+include::snippets/technology-preview.adoc[]
+
+[id="enabling-automated-etcd-backups_{context}"]
+== Enabling automated etcd backups
+
+Follow these steps to enable automated backups for etcd.
+
+[WARNING]
+====
+Enabling the `TechPreviewNoUpgrade` feature set on your cluster prevents minor version updates. The `TechPreviewNoUpgrade` feature set cannot be disabled. Do not enable this feature set on production clusters.
+====
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Create a `FeatureGate` custom resource (CR) file named `enable-tech-preview-no-upgrade.yaml` with the following contents:
++
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: FeatureGate
+metadata:
+  name: cluster
+spec:
+  featureSet: TechPreviewNoUpgrade
+----
+
+. Apply the CR and enable automated backups:
++
+[source,terminal]
+----
+$ oc apply -f enable-tech-preview-no-upgrade.yaml
+----
+
+. It takes time to enable the related APIs. Verify the creation of the custom resource definition (CRD) by running the following command:
++
+[source,terminal]
+----
+$ oc get crd | grep backup
+----
++
+.Example output
+[source,terminal]
+----
+backups.config.openshift.io 2023-10-25T13:32:43Z
+etcdbackups.operator.openshift.io 2023-10-25T13:32:04Z
+----
+
+[id="creating-single-etcd-backup_{context}"]
+== Creating a single etcd backup
+
+Follow these steps to create a single etcd backup by creating and applying a custom resource (CR).
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the OpenShift CLI (`oc`).
+* You have a PVC to save backup data to.
+
+.Procedure
+
+. Create a CR file named `etcd-single-backup.yaml` with contents such as the following example:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: EtcdBackup
+metadata:
+  name: etcd-single-backup
+  namespace: openshift-etcd
+spec:
+  pvcName: etcd-backup-pvc <.>
+----
+<.> The name of the persistent volume claim (PVC) to save the backup to. Adjust this value according to your environment.
+
+. Apply the CR to start a single backup:
++
+[source,terminal]
+----
+$ oc apply -f etcd-single-backup.yaml
+----
+
+[id="creating-recurring-etcd-backups_{context}"]
+== Creating recurring etcd backups
+
+Follow these steps to create automated recurring backups of etcd.
+
+Use dynamically-provisioned storage to keep the created etcd backup data in a safe, external location if possible. If dynamically-provisioned storage is not available, consider storing the backup data on an NFS share to make backup recovery more accessible.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the OpenShift CLI (`oc`).
+
+.Procedure
+
+. If dynamically-provisioned storage is available, complete the following steps to create automated recurring backups:
+
+.. Create a persistent volume claim (PVC) named `etcd-backup-pvc.yaml` with contents such as the following example:
++
+[source,yaml]
+----
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: etcd-backup-pvc
+  namespace: openshift-etcd
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 200Gi <.>
+  storageClassName: standard-csi <.>
+  volumeMode: Filesystem
+----
+<.> The amount of storage available to the PVC. Adjust this value for your requirements.
+<.> The name of the `StorageClass` required by the claim. Adjust this value according to your environment.
++
+[NOTE]
+====
+Each of the following providers require changes to the `accessModes` and `storageClassName` keys:
+
+[cols="1,1,1"]
+|===
+|Provider|`accessModes` value|`storageClassName` value
+
+|AWS with the `versioned-installer-efc_operator-ci` profile
+|`- ReadWriteMany`
+|`efs-sc`
+
+|Google Cloud Platform
+|`- ReadWriteMany`
+|`filestore-csi`
+
+|Microsoft Azure
+|`- ReadWriteMany`
+|`azurefile-csi`
+|===
+====
+
+.. Apply the PVC by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f etcd-backup-pvc.yaml
+----
+
+.. Verify the creation of the PVC by running the following command:
++
+[source,terminal]
+----
+$ oc get pvc
+----
++
+.Example output
+[source,terminal]
+----
+NAME              STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+etcd-backup-pvc   Pending                                      standard-csi   51s
+----
++
+[NOTE]
+====
+Dynamic PVCs stay in the `Pending` state until they are mounted.
+====
+
+. If dynamically-provisioned storage is unavailable, create a local storage PVC by completing the following steps:
++
+[WARNING]
+====
+If you delete or otherwise lose access to the node that contains the stored backup data, you can lose data.
+====
+
+.. Create a `StorageClass` CR file named `etcd-backup-local-storage.yaml` with the following contents:
++
+[source,yaml]
+----
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: etcd-backup-local-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+----
+
+.. Apply the `StorageClass` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f etcd-backup-local-storage.yaml
+----
+
+.. Create a PV named `etcd-backup-pv-fs.yaml` from the applied `StorageClass` with content such as the following example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: etcd-backup-pv-fs
+spec:
+  capacity:
+    storage: 100Gi <.>
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteMany
+  persistentVolumeReclaimPolicy: Delete
+  storageClassName: local-storage
+  local:
+    path: /mnt/
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - <example-master-node> <.>
+----
+<.> The amount of storage available to the PV. Adjust this value for your requirements.
+<.> Replace this value with the node to attach this PV to.
++
+[TIP]
+====
+Run the following command to list the available nodes:
+
+[source,terminal]
+----
+$ oc get nodes
+----
+====
+
+.. Verify the creation of the PV by running the following command:
++
+[source,terminal]
+----
+$ oc get pv
+----
++
+.Example output
+[source,terminal]
+----
+NAME                    CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS    REASON   AGE
+etcd-backup-pv-fs       100Gi      RWX            Delete           Available           local-storage            10s
+----
+
+.. Create a PVC named `etcd-backup-pvc.yaml` with contents such as the following example:
++
+[source,yaml]
+----
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: etcd-backup-pvc
+spec:
+  accessModes:
+  - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi <.>
+  storageClassName: local-storage
+----
+<.> The amount of storage available to the PVC. Adjust this value for your requirements.
+
+.. Apply the PVC by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f etcd-backup-pvc.yaml
+----
+
+. Create a custom resource definition (CRD) file named `etcd-recurring-backups.yaml`. The contents of the created CRD define the schedule and retention type of automated backups.
++
+For the default retention type of `RetentionNumber` with 15 retained backups, use contents such as the following example:
++
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1alpha1
+kind: Backup
+metadata:
+  name: etcd-recurring-backup
+spec:
+  etcd:
+    schedule: "20 4 * * *" <.>
+    timeZone: "UTC"
+    pvcName: etcd-backup-pvc
+----
+<.> The `CronTab` schedule for recurring backups. Adjust this value for your needs.
++
+To use retention based on the maximum number of backups, add the following key-value pairs to the `etcd` key:
++
+[source,yaml]
+----
+spec:
+  etcd:
+    retentionPolicy:
+      retentionType: RetentionNumber <.>
+      retentionNumber:
+        maxNumberOfBackups: 5 <.>
+----
+<.> The retention type. Defaults to `RetentionNumber` if unspecified.
+<.> The maximum number of backups to retain. Adjust this value for your needs. Defaults to 15 backups if unspecified.
++
+[WARNING]
+====
+A known issue causes the number of retained backups to be one greater than the configured value.
+====
++
+For retention based on the file size of backups, use the following:
++
+[source,yaml]
+----
+spec:
+  etcd:
+    retentionPolicy:
+      retentionType: RetentionSize
+      retentionSize:
+        maxSizeOfBackupsGb: 20 <.>
+----
+<.> The maximum file size of the retained backups in gigabytes. Adjust this value for your needs. Defaults to 10 GB if unspecified.
++
+[WARNING]
+====
+A known issue causes the maximum size of retained backups to be up to 10 GB greater than the configured value.
+====
+
+. Create the cron job defined by the CRD by running the following command:
++
+[source,terminal]
+----
+$ oc create -f etcd-recurring-backup.yaml
+----
+
+. To find the created cron job, run the following command:
++
+[source,terminal]
+----
+$ oc get cronjob -n openshift-etcd
+----
diff --git a/modules/etcd-defrag.adoc b/modules/etcd-defrag.adoc
index 0611d436cce1..5285f5f4bada 100644
--- a/modules/etcd-defrag.adoc
+++ b/modules/etcd-defrag.adoc
@@ -3,7 +3,7 @@
 // * post_installation_configuration/cluster-tasks.adoc
 // * scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="etcd-defrag_{context}"]
 = Defragmenting etcd data
 
@@ -113,9 +113,9 @@ Use 'oc describe pod/etcd-ip-10-0-159-225.example.redhat.com -n openshift-etcd'
 +---------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
 |         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
 +---------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
-|  https://10.0.191.37:2379 | 251cd44483d811c3 |   3.4.9 |  104 MB |     false |      false |         7 |      91624 |              91624 |        |
-| https://10.0.159.225:2379 | 264c7c58ecbdabee |   3.4.9 |  104 MB |     false |      false |         7 |      91624 |              91624 |        |
-| https://10.0.199.170:2379 | 9ac311f93915cc79 |   3.4.9 |  104 MB |      true |      false |         7 |      91624 |              91624 |        |
+|  https://10.0.191.37:2379 | 251cd44483d811c3 |   3.5.9 |  104 MB |     false |      false |         7 |      91624 |              91624 |        |
+| https://10.0.159.225:2379 | 264c7c58ecbdabee |   3.5.9 |  104 MB |     false |      false |         7 |      91624 |              91624 |        |
+| https://10.0.199.170:2379 | 9ac311f93915cc79 |   3.5.9 |  104 MB |      true |      false |         7 |      91624 |              91624 |        |
 +---------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
 ----
 +
@@ -165,9 +165,9 @@ sh-4.4# etcdctl endpoint status -w table --cluster
 +---------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
 |         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
 +---------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
-|  https://10.0.191.37:2379 | 251cd44483d811c3 |   3.4.9 |  104 MB |     false |      false |         7 |      91624 |              91624 |        |
-| https://10.0.159.225:2379 | 264c7c58ecbdabee |   3.4.9 |   41 MB |     false |      false |         7 |      91624 |              91624 |        | <1>
-| https://10.0.199.170:2379 | 9ac311f93915cc79 |   3.4.9 |  104 MB |      true |      false |         7 |      91624 |              91624 |        |
+|  https://10.0.191.37:2379 | 251cd44483d811c3 |   3.5.9 |  104 MB |     false |      false |         7 |      91624 |              91624 |        |
+| https://10.0.159.225:2379 | 264c7c58ecbdabee |   3.5.9 |   41 MB |     false |      false |         7 |      91624 |              91624 |        | <1>
+| https://10.0.199.170:2379 | 9ac311f93915cc79 |   3.5.9 |  104 MB |      true |      false |         7 |      91624 |              91624 |        |
 +---------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
 ----
 This example shows that the database size for this etcd member is now 41 MB as opposed to the starting size of 104 MB.
@@ -197,7 +197,3 @@ memberID:12345678912345678912 alarm:NOSPACE
 ----
 sh-4.4# etcdctl alarm disarm
 ----
-
-.Next steps
-
-After defragmentation, if etcd still uses more than 50% of its available space, consider increasing the disk quota for etcd.
diff --git a/modules/etcd-encryption-types.adoc b/modules/etcd-encryption-types.adoc
index a06811bb20f9..13d1eec705d0 100644
--- a/modules/etcd-encryption-types.adoc
+++ b/modules/etcd-encryption-types.adoc
@@ -3,7 +3,7 @@
 // * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="etcd-encryption-types_{context}"]
 = Supported encryption types
 
diff --git a/modules/etcd-overview.adoc b/modules/etcd-overview.adoc
index 431353d9f2e1..077d8f3d00ed 100644
--- a/modules/etcd-overview.adoc
+++ b/modules/etcd-overview.adoc
@@ -3,7 +3,7 @@
 // * architecture/control-plane.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="etcd-overview_{context}"]
 = Overview of etcd
 
diff --git a/modules/etcd-tuning-parameters.adoc b/modules/etcd-tuning-parameters.adoc
new file mode 100644
index 000000000000..41d1a459cc87
--- /dev/null
+++ b/modules/etcd-tuning-parameters.adoc
@@ -0,0 +1,131 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="etcd-tuning-parameters_{context}"]
+= Setting tuning parameters for etcd
+
+You can set the control plane hardware speed to `"Standard"`, `"Slower"`, or the default, which is `""`.
+
+The default setting allows the system to decide which speed to use. This value enables upgrades from versions where this feature does not exist, as the system can select values from previous versions.
+
+By selecting one of the other values, you are overriding the default. If you see many leader elections due to timeouts or missed heartbeats and your system is set to `""` or `"Standard"`, set the hardware speed to `"Slower"` to make the system more tolerant to the increased latency.
+
+:FeatureName: Tuning etcd latency tolerances
+include::snippets/technology-preview.adoc[]
+
+[id="etcd-changing-hardware-speed-tolerance_{context}"]
+== Changing hardware speed tolerance
+
+To change the hardware speed tolerance for etcd, complete the following steps.
+
+.Procedure
+
+. Check to see what the current value is by entering the following command:
++
+[source,terminal]
+----
+$ oc describe etcd/cluster | grep "Control Plane Hardware Speed"
+----
++
+.Example output
+[source,terminal]
+----
+Control Plane Hardware Speed:  <VALUE>
+----
++
+[NOTE]
+====
+If the output is empty, the field has not been set and should be considered as the default ("").
+====
+
+. Change the value by entering the following command. Replace `<value>` with one of the valid values: `""`, `"Standard"`, or `"Slower"`:
++
+[source,terminal]
+----
+oc patch etcd/cluster --type=merge -p '{"spec": {"controlPlaneHardwareSpeed": "<value>"}}'
+----
++
+The following table indicates the heartbeat interval and leader election timeout for each profile. These values are subject to change.
++
+|===
+| Profile | ETCD_HEARTBEAT_INTERVAL | ETCD_LEADER_ELECTION_TIMEOUT
+| `""` | Varies depending on platform | Varies depending on platform
+| `Standard` | 100 | 1000
+| `Slower` | 500 | 2500
+|===
+
+. Review the output:
++
+.Example output
+[source,terminal]
+----
+etcd.operator.openshift.io/cluster patched
+----
++
+If you enter any value besides the valid values, error output is displayed. For example, if you entered `"Faster"` as the value, the output is as follows:
++
+.Example output
+[source,terminal]
+----
+The Etcd "cluster" is invalid: spec.controlPlaneHardwareSpeed: Unsupported value: "Faster": supported values: "", "Standard", "Slower"
+----
+
+. Verify that the value was changed by entering the following command:
++
+[source,terminal]
+----
+$ oc describe etcd/cluster | grep "Control Plane Hardware Speed"
+----
++
+.Example output
+[source,terminal]
+----
+Control Plane Hardware Speed:  ""
+----
+
+. Wait for etcd pods to roll out:
++
+[source,terminal]
+----
+oc get pods -n openshift-etcd -w
+----
++
+The following output shows the expected entries for master-0. Before you continue, wait until all masters show a status of `4/4 Running`.
++
+.Example output
+[source,terminal]
+----
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     Pending             0          0s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     Pending             0          0s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     ContainerCreating   0          0s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     ContainerCreating   0          1s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           1/1     Running             0          2s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     Completed           0          34s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     Completed           0          36s
+installer-9-ci-ln-qkgs94t-72292-9clnd-master-0           0/1     Completed           0          36s
+etcd-guard-ci-ln-qkgs94t-72292-9clnd-master-0            0/1     Running             0          26m
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  4/4     Terminating         0          11m
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  4/4     Terminating         0          11m
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  0/4     Pending             0          0s
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  0/4     Init:1/3            0          1s
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  0/4     Init:2/3            0          2s
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  0/4     PodInitializing     0          3s
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  3/4     Running             0          4s
+etcd-guard-ci-ln-qkgs94t-72292-9clnd-master-0            1/1     Running             0          26m
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  3/4     Running             0          20s
+etcd-ci-ln-qkgs94t-72292-9clnd-master-0                  4/4     Running             0          20s
+----
+
+. Enter the following command to review to the values:
++
+[source,terminal]
+----
+$ oc describe -n openshift-etcd pod/<ETCD_PODNAME> | grep -e HEARTBEAT_INTERVAL -e ELECTION_TIMEOUT
+----
++
+[NOTE]
+====
+These values might not have changed from the default.
+====
\ No newline at end of file
diff --git a/modules/explanation-of-capabilities.adoc b/modules/explanation-of-capabilities.adoc
index 98ff249574ba..defb13743593 100644
--- a/modules/explanation-of-capabilities.adoc
+++ b/modules/explanation-of-capabilities.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/cluster-capabilities.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="explanation_of_capabilities_{context}"]
 = Optional cluster capabilities in {product-title} {product-version}
 
diff --git a/modules/file-integrity-events.adoc b/modules/file-integrity-events.adoc
index e9ddd20a3868..9bd05fd6df8f 100644
--- a/modules/file-integrity-events.adoc
+++ b/modules/file-integrity-events.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-understanding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="file-integrity-events_{context}"]
 = Understanding events
 
diff --git a/modules/file-integrity-examine-default-config.adoc b/modules/file-integrity-examine-default-config.adoc
index 6c6327b32db7..b0edcb6d1aa8 100644
--- a/modules/file-integrity-examine-default-config.adoc
+++ b/modules/file-integrity-examine-default-config.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="file-integrity-examine-default-config_{context}"]
 = Examine the default configuration
 
diff --git a/modules/file-integrity-operator-defining-custom-config.adoc b/modules/file-integrity-operator-defining-custom-config.adoc
index f6d472aa7929..fbc7c10cec5c 100644
--- a/modules/file-integrity-operator-defining-custom-config.adoc
+++ b/modules/file-integrity-operator-defining-custom-config.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="file-integrity-operator-defining-custom-config_{context}"]
 = Defining a custom File Integrity Operator configuration
 
diff --git a/modules/file-integrity-operator-installing-cli.adoc b/modules/file-integrity-operator-installing-cli.adoc
index 25b574cb1ed8..74fd4d4e0508 100644
--- a/modules/file-integrity-operator-installing-cli.adoc
+++ b/modules/file-integrity-operator-installing-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-file-integrity-operator-using-cli_{context}"]
 = Installing the File Integrity Operator using the CLI
 
diff --git a/modules/file-integrity-operator-installing-web-console.adoc b/modules/file-integrity-operator-installing-web-console.adoc
index 902b0195d9a8..60ddb01d3308 100644
--- a/modules/file-integrity-operator-installing-web-console.adoc
+++ b/modules/file-integrity-operator-installing-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-file-integrity-operator-using-web-console_{context}"]
 = Installing the File Integrity Operator using the web console
 
diff --git a/modules/file-integrity-operator-reinitializing-database.adoc b/modules/file-integrity-operator-reinitializing-database.adoc
index 17f49f63bf53..6077ea7dbec9 100644
--- a/modules/file-integrity-operator-reinitializing-database.adoc
+++ b/modules/file-integrity-operator-reinitializing-database.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-advanced-usage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="file-integrity-operator-reinitializing-database_{context}"]
 = Reinitializing the database
 
diff --git a/modules/file-integrity-understanding-default-config.adoc b/modules/file-integrity-understanding-default-config.adoc
index dc8acd071cb6..083109e9efc8 100644
--- a/modules/file-integrity-understanding-default-config.adoc
+++ b/modules/file-integrity-understanding-default-config.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-configuring.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="file-integrity-understanding-default-config_{context}"]
 = Understanding the default File Integrity Operator configuration
 
diff --git a/modules/file-integrity-understanding-file-integrity-cr.adoc b/modules/file-integrity-understanding-file-integrity-cr.adoc
index 8aa9455512ed..652d81647b2e 100644
--- a/modules/file-integrity-understanding-file-integrity-cr.adoc
+++ b/modules/file-integrity-understanding-file-integrity-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-understanding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="understanding-file-integrity-custom-resource_{context}"]
 =  Creating the FileIntegrity custom resource
 
diff --git a/modules/file-integrity-understanding-file-integrity-node-statuses-object.adoc b/modules/file-integrity-understanding-file-integrity-node-statuses-object.adoc
index b3b7f28825f0..06c4f546e7f6 100644
--- a/modules/file-integrity-understanding-file-integrity-node-statuses-object.adoc
+++ b/modules/file-integrity-understanding-file-integrity-node-statuses-object.adoc
@@ -2,7 +2,7 @@
 //
 // * security/file_integrity_operator/file-integrity-operator-understanding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-file-integrity-node-statuses-object_{context}"]
 = Understanding the FileIntegrityNodeStatuses object
 
diff --git a/modules/filtering-insights-advisor-recommendations.adoc b/modules/filtering-insights-advisor-recommendations.adoc
new file mode 100644
index 000000000000..6b4c31212c79
--- /dev/null
+++ b/modules/filtering-insights-advisor-recommendations.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="filtering-unnecessary-advisor-recommendations_{context}"]
+= Filtering Insights advisor recommendations
+
+As an {product-title} cluster manager, you can filter the recommendations that are displayed on the recommendations list. By applying filters, you can reduce the number of reported recommendations and concentrate on your highest priority recommendations.
+
+The following procedure demonstrates how to set and remove *Category* filters; however, the procedure is applicable to any of the filter types and respective values. 
+
+.Prerequisites
+You are logged in to the https://console.redhat.com/openshift[OpenShift Cluster Manager Hybrid Cloud Console].
+
+.Procedure
+. Go to *Red Hat Hybrid Cloud Console* -> *OpenShift* -> *Advisor recommendations*.
+. In the main, filter-type drop-down list, select the *Category* filter type.
+. Expand the filter-value drop-down list and select the checkbox next to each category of recommendation you want to view. Leave the checkboxes for unnecessary categories clear.
+. Optional: Add additional filters to further refine the list.
+
+Only recommendations from the selected categories are shown in the list. 
+
+.Verification
+
+* After applying filters, you can view the updated recommendations list. The applied filters are added next to the default filters.
diff --git a/modules/functions-list-kn.adoc b/modules/functions-list-kn.adoc
index e77055534907..dcfc98e93f71 100644
--- a/modules/functions-list-kn.adoc
+++ b/modules/functions-list-kn.adoc
@@ -2,7 +2,7 @@
 
 // * /serverless/cli_tools/kn-func-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="functions-list-kn_{context}"]
 = Listing existing functions
 
diff --git a/modules/gathering-application-diagnostic-data.adoc b/modules/gathering-application-diagnostic-data.adoc
index 71e47442a9a2..4ad99f8a5c21 100644
--- a/modules/gathering-application-diagnostic-data.adoc
+++ b/modules/gathering-application-diagnostic-data.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-s2i.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-application-diagnostic-data_{context}"]
 = Gathering application diagnostic data to investigate application failures
 
@@ -14,7 +14,12 @@ Application failures can occur within running application pods. In these situati
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -71,7 +76,9 @@ $ oc exec -it my-app-1-akdlg /bin/bash
 Root privileges are required to run some diagnostic binaries. In these situations you can start a debug pod with root access, based on a problematic pod's `DeploymentConfig` object, by running `oc debug dc/<deployment_configuration> --as-root`. Then, you can run diagnostic binaries as root from within the debug pod.
 ====
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . If diagnostic binaries are not available within a container, you can run a host's diagnostic binaries within a container's namespace by using `nsenter`. The following example runs `ip ad` within a container's namespace, using the host`s `ip` binary.
+// cannot create resource "namespaces" in API group
 .. Enter into a debug session on the target node. This step instantiates a debug pod called `<node_name>-debug`:
 +
 [source,terminal]
@@ -116,3 +123,4 @@ $ oc debug node/my-cluster-node
 ====
 Running a host's diagnostic binaries within a container's namespace is only possible if you are using a privileged container such as a debug node.
 ====
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/gathering-bootstrap-diagnostic-data.adoc b/modules/gathering-bootstrap-diagnostic-data.adoc
index c9acb3aa81e7..dc40584a129d 100644
--- a/modules/gathering-bootstrap-diagnostic-data.adoc
+++ b/modules/gathering-bootstrap-diagnostic-data.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-bootstrap-diagnostic-data_{context}"]
 = Gathering bootstrap node diagnostic data
 
diff --git a/modules/gathering-clusterversion-history-cli.adoc b/modules/gathering-clusterversion-history-cli.adoc
new file mode 100644
index 000000000000..32f4e13c9ae4
--- /dev/null
+++ b/modules/gathering-clusterversion-history-cli.adoc
@@ -0,0 +1,62 @@
+// Module included in the following assemblies:
+//
+// * updating/troubleshooting_updates/gathering-data-cluster-update.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gathering-clusterversion-history-cli_{context}"]
+= Gathering ClusterVersion history using the {oc-first}
+
+You can view the ClusterVersion history using the {oc-first}.
+
+.Prerequisites
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have installed the {oc-first}.
+
+.Procedure
+
+. View the cluster update history by entering the following command:
++
+[source,terminal]
+----
+$ oc describe clusterversions/version
+----
++
+.Example output
+[source,terminal]
+----
+  Desired:
+    Channels:
+      candidate-4.13
+      candidate-4.14
+      fast-4.13
+      fast-4.14
+      stable-4.13
+    Image:    quay.io/openshift-release-dev/ocp-release@sha256:a148b19231e4634196717c3597001b7d0af91bf3a887c03c444f59d9582864f4
+    URL:      https://access.redhat.com/errata/RHSA-2023:6130
+    Version:  4.13.19
+  History:
+    Completion Time:    2023-11-07T20:26:04Z
+    Image:              quay.io/openshift-release-dev/ocp-release@sha256:a148b19231e4634196717c3597001b7d0af91bf3a887c03c444f59d9582864f4
+    Started Time:       2023-11-07T19:11:36Z
+    State:              Completed
+    Verified:           true
+    Version:            4.13.19
+    Completion Time:    2023-10-04T18:53:29Z
+    Image:              quay.io/openshift-release-dev/ocp-release@sha256:eac141144d2ecd6cf27d24efe9209358ba516da22becc5f0abc199d25a9cfcec
+    Started Time:       2023-10-04T17:26:31Z
+    State:              Completed
+    Verified:           true
+    Version:            4.13.13
+    Completion Time:    2023-09-26T14:21:43Z
+    Image:              quay.io/openshift-release-dev/ocp-release@sha256:371328736411972e9640a9b24a07be0af16880863e1c1ab8b013f9984b4ef727
+    Started Time:       2023-09-26T14:02:33Z
+    State:              Completed
+    Verified:           false
+    Version:            4.13.12
+  Observed Generation:  4
+  Version Hash:         CMLl3sLq-EA=
+Events:                 <none>
+----
+
+
+
diff --git a/modules/gathering-clusterversion-history-console.adoc b/modules/gathering-clusterversion-history-console.adoc
new file mode 100644
index 000000000000..99abdea348b3
--- /dev/null
+++ b/modules/gathering-clusterversion-history-console.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * updating/troubleshooting_updates/gathering-data-cluster-update.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gathering-clusterversion-history-console_{context}"]
+= Gathering ClusterVersion history in the {product-title} web console
+
+You can view the ClusterVersion history in the {product-title} web console.
+
+.Prerequisites
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the {product-title} web console.
+
+.Procedure
+
+* From the web console, click *Administration* -> *Cluster Settings* and review the contents of the *Details* tab.
diff --git a/modules/gathering-clusterversion-history.adoc b/modules/gathering-clusterversion-history.adoc
new file mode 100644
index 000000000000..8fbae430e1e2
--- /dev/null
+++ b/modules/gathering-clusterversion-history.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * updating/troubleshooting_updates/gathering-data-cluster-update.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gathering-clusterversion-history_{context}"]
+= Gathering ClusterVersion history 
+
+The Cluster Version Operator (CVO) records updates made to a cluster, known as the ClusterVersion history. The entries can reveal correlation between changes in cluster behavior with potential triggers, although correlation does not imply causation.
+
+[NOTE]
+====
+The initial, minor, and z-stream version updates are stored by the ClusterVersion history. However, the ClusterVersion history has a size limit. If the limit is reached, the oldest z-stream updates in previous minor versions are pruned to accommodate the limit.
+====
+
+You can view the ClusterVersion history by using the {product-title} web console or by using the {oc-first}.
+
diff --git a/modules/gathering-crio-logs.adoc b/modules/gathering-crio-logs.adoc
index a6939d6d5ddd..6fc4f70c913c 100644
--- a/modules/gathering-crio-logs.adoc
+++ b/modules/gathering-crio-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-crio-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-crio-logs_{context}"]
 = Gathering CRI-O journald unit logs
 
@@ -10,7 +10,12 @@ If you experience CRI-O issues, you can obtain CRI-O journald unit logs from a n
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 * You have the fully qualified domain names of the control plane or control plane machines.
diff --git a/modules/gathering-data-audit-logs.adoc b/modules/gathering-data-audit-logs.adoc
index 2a64fd91fa3e..3085a56922a2 100644
--- a/modules/gathering-data-audit-logs.adoc
+++ b/modules/gathering-data-audit-logs.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "audit-log-view"]
 :viewing:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-data-audit-logs_{context}"]
 = Gathering audit logs
 
@@ -45,7 +45,7 @@ $ tar cvaf must-gather.tar.gz must-gather.local.472290403699006248 <1>
 ----
 <1> Replace `must-gather-local.472290403699006248` with the actual directory name.
 
-. Attach the compressed file to your support case on the link:https://access.redhat.com[Red Hat Customer Portal].
+. Attach the compressed file to your support case on the link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 endif::openshift-origin[]
 
 ifeval::["{context}" == "gathering-cluster-data"]
diff --git a/modules/gathering-data-network-logs.adoc b/modules/gathering-data-network-logs.adoc
index d02e7b1a53e8..84a8f9822231 100644
--- a/modules/gathering-data-network-logs.adoc
+++ b/modules/gathering-data-network-logs.adoc
@@ -3,7 +3,7 @@
 // * support/gathering-cluster-data.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-data-network-logs_{context}"]
 = Gathering network logs
 
@@ -18,6 +18,10 @@ You can gather network logs on all nodes in a cluster.
 $ oc adm must-gather -- gather_network_logs
 ----
 
+[NOTE]
+====
+By default, the `must-gather` tool collects the OVN `nbdb` and `sbdb` databases from all of the nodes in the cluster. Adding the `-- gather_network_logs` option to include additional logs that contain OVN-Kubernetes transactions for OVN `nbdb` database.
+====
 . Create a compressed file from the `must-gather` directory that was just created in your working directory. For example, on a computer that uses a Linux operating system, run the following command:
 +
 [source,terminal]
@@ -26,4 +30,4 @@ $ tar cvaf must-gather.tar.gz must-gather.local.472290403699006248 <1>
 ----
 <1> Replace `must-gather-local.472290403699006248` with the actual directory name.
 
-. Attach the compressed file to your support case on the link:https://access.redhat.com[Red Hat Customer Portal].
\ No newline at end of file
+. Attach the compressed file to your support case on the link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
diff --git a/modules/gathering-data-specific-features.adoc b/modules/gathering-data-specific-features.adoc
index 7ff8dcad633c..c14495812b01 100644
--- a/modules/gathering-data-specific-features.adoc
+++ b/modules/gathering-data-specific-features.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "gathering-cluster-data"]
 :VirtProductName: OpenShift Virtualization
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-data-specific-features_{context}"]
 = Gathering data about specific features
 
@@ -25,13 +25,13 @@ ifndef::openshift-origin[]
 |===
 |Image |Purpose
 
-|`registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v<installed_version_virt>`
+|`registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion}`
 |Data collection for {VirtProductName}.
 
 |`registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8`
 |Data collection for OpenShift Serverless.
 
-|`registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8:v<installed_version_service_mesh>`
+|`registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8:<installed_version_service_mesh>`
 |Data collection for Red Hat OpenShift Service Mesh.
 
 ifndef::openshift-dedicated[]
@@ -63,11 +63,24 @@ endif::openshift-dedicated[]
 |`registry.redhat.io/workload-availability/self-node-remediation-must-gather-rhel8:v<installed-version-SNR>`
 |Data collection for the Self Node Remediation (SNR) Operator and the Node Health Check (NHC) Operator.
 
+|`registry.redhat.io/numaresources/numaresources-must-gather-rhel9:v<installed-version-nro>`
+|Data collection for the NUMA Resources Operator (NRO).
+
+|`registry.redhat.io/openshift4/ptp-must-gather-rhel8:v<installed-version-ptp>`
+|Data collection for the PTP Operator.
+
 |`registry.redhat.io/workload-availability/node-maintenance-must-gather-rhel8:v<installed-version-NMO>`
 |Data collection for the Node Maintenance Operator (NMO).
 
-|`registry.redhat.io/openshift-gitops-1/gitops-must-gather-rhel8:v<installed_version_GitOps>`
+|`registry.redhat.io/openshift-gitops-1/must-gather-rhel8:v<installed_version_GitOps>`
 |Data collection for {gitops-title}.
+
+|`registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel8:v<installed_version_secret_store>`
+|Data collection for the {secrets-store-operator}.
+
+|`registry.redhat.io/lvms4/lvms-must-gather-rhel9:v<installed_version_LVMS>`
+|Data collection for the LVM Operator.
+
 |===
 
 [NOTE]
@@ -107,6 +120,9 @@ ifndef::openshift-dedicated[]
 |Data collection for Local Storage Operator.
 endif::openshift-dedicated[]
 
+|`quay.io/openshift/origin-secrets-store-csi-mustgather`
+|Data collection for the {secrets-store-operator}.
+
 |===
 
 endif::openshift-origin[]
@@ -115,12 +131,17 @@ endif::from-main-support-section[]
 
 .Prerequisites
 
-* Access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 ifndef::openshift-dedicated[]
-* The {product-title} CLI (`oc`) installed.
+* The {product-title} CLI (`oc`) is installed.
 endif::openshift-dedicated[]
 ifdef::openshift-dedicated[]
-* The OpenShift CLI (`oc`) installed.
+* The OpenShift CLI (`oc`) is installed.
 endif::openshift-dedicated[]
 
 .Procedure
@@ -354,7 +375,7 @@ $ tar cvaf must-gather.tar.gz must-gather.local.5421342344627712289/ <1>
 <1> Make sure to replace `must-gather-local.5421342344627712289/` with the
 actual directory name.
 
-. Attach the compressed file to your support case on the link:https://access.redhat.com[Red Hat Customer Portal].
+. Attach the compressed file to your support case on the link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 endif::openshift-origin[]
 
 ifeval::["{context}" == "gathering-cluster-data"]
diff --git a/modules/gathering-kubelet-logs.adoc b/modules/gathering-kubelet-logs.adoc
index f6bbce89771b..53745a2732dc 100644
--- a/modules/gathering-kubelet-logs.adoc
+++ b/modules/gathering-kubelet-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-kubelet-logs_{context}"]
 = Gathering kubelet logs
 
diff --git a/modules/gathering-log-data.adoc b/modules/gathering-log-data.adoc
new file mode 100644
index 000000000000..2789840f7988
--- /dev/null
+++ b/modules/gathering-log-data.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * updating/troubleshooting_updates/gathering-data-cluster-update.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gathering-log-data_{context}"]
+= Gathering log data for a support case
+
+To gather data from your cluster, including log data, use the `oc adm must-gather` command. See _Gathering data about your cluster_.
diff --git a/modules/gathering-operator-logs.adoc b/modules/gathering-operator-logs.adoc
index db808849d4d1..9ef14db7ec63 100644
--- a/modules/gathering-operator-logs.adoc
+++ b/modules/gathering-operator-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-operator-logs_{context}"]
 = Gathering Operator logs
 
@@ -10,7 +10,12 @@ If you experience Operator issues, you can gather detailed diagnostic informatio
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 * You have the fully qualified domain names of the control plane or control plane machines.
diff --git a/modules/gathering-s2i-diagnostic-data.adoc b/modules/gathering-s2i-diagnostic-data.adoc
index 2a9dcaf18369..33dee1e3c60c 100644
--- a/modules/gathering-s2i-diagnostic-data.adoc
+++ b/modules/gathering-s2i-diagnostic-data.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-s2i.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-s2i-diagnostic-data_{context}"]
 = Gathering Source-to-Image diagnostic data
 
@@ -10,7 +10,12 @@ The S2I tool runs a build pod and a deployment pod in sequence. The deployment p
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/generating-icsp-object-scoped-to-a-registry.adoc b/modules/generating-icsp-object-scoped-to-a-registry.adoc
index 01d67e424b25..46a7228c60fc 100644
--- a/modules/generating-icsp-object-scoped-to-a-registry.adoc
+++ b/modules/generating-icsp-object-scoped-to-a-registry.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="generating-icsp-object-scoped-to-a-registry_{context}"]
 = Widening the scope of the mirror image catalog to reduce the frequency of cluster node reboots
 
diff --git a/modules/getting-cluster-version-status-and-update-details.adoc b/modules/getting-cluster-version-status-and-update-details.adoc
index fddb5c515e0b..66f876c37d53 100644
--- a/modules/getting-cluster-version-status-and-update-details.adoc
+++ b/modules/getting-cluster-version-status-and-update-details.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-cluster-version-and-update-details_{context}"]
 = Getting cluster version, status, and update details
 
@@ -37,7 +37,7 @@ The example output indicates that the cluster has been installed successfully.
 +
 [source,terminal]
 ----
-$ oc get clusteroperators.config.openshift.io 
+$ oc get clusteroperators.config.openshift.io
 ----
 
 . View a detailed summary of cluster specifications, update availability, and update history:
diff --git a/modules/getting-started-cli-connecting-a-database.adoc b/modules/getting-started-cli-connecting-a-database.adoc
index f535643f446b..b007f077ffba 100644
--- a/modules/getting-started-cli-connecting-a-database.adoc
+++ b/modules/getting-started-cli-connecting-a-database.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-connecting-database_{context}"]
 = Connecting to a database
 
diff --git a/modules/getting-started-cli-creating-new-project.adoc b/modules/getting-started-cli-creating-new-project.adoc
index dd9c062da08a..38357be5a949 100644
--- a/modules/getting-started-cli-creating-new-project.adoc
+++ b/modules/getting-started-cli-creating-new-project.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-creating-new-project_{context}"]
 = Creating a new project
 
diff --git a/modules/getting-started-cli-creating-route.adoc b/modules/getting-started-cli-creating-route.adoc
index d13359c57614..c0141b8a709e 100644
--- a/modules/getting-started-cli-creating-route.adoc
+++ b/modules/getting-started-cli-creating-route.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-creating-route_{context}"]
 = Creating a route
 
diff --git a/modules/getting-started-cli-creating-secret.adoc b/modules/getting-started-cli-creating-secret.adoc
index b906e6e5bf2c..a8660cc3a6cf 100644
--- a/modules/getting-started-cli-creating-secret.adoc
+++ b/modules/getting-started-cli-creating-secret.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-creating-secret_{context}"]
 
 = Creating a secret
diff --git a/modules/getting-started-cli-deploying-first-image.adoc b/modules/getting-started-cli-deploying-first-image.adoc
index 85819051fc35..8ab8e420a781 100644
--- a/modules/getting-started-cli-deploying-first-image.adoc
+++ b/modules/getting-started-cli-deploying-first-image.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-deploying-first-image_{context}"]
 = Deploying your first image
 
diff --git a/modules/getting-started-cli-deploying-python-app.adoc b/modules/getting-started-cli-deploying-python-app.adoc
index 2d13040c2f02..3af1953a87a8 100644
--- a/modules/getting-started-cli-deploying-python-app.adoc
+++ b/modules/getting-started-cli-deploying-python-app.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-deploying-python-app_{context}"]
 = Deploying a Python application
 
diff --git a/modules/getting-started-cli-examining-pod.adoc b/modules/getting-started-cli-examining-pod.adoc
index 2d37160deb11..2bdf697dea6b 100644
--- a/modules/getting-started-cli-examining-pod.adoc
+++ b/modules/getting-started-cli-examining-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-examining-pod_{context}"]
 = Examining the pod
 
diff --git a/modules/getting-started-cli-granting-permissions.adoc b/modules/getting-started-cli-granting-permissions.adoc
index 814b42b5b3fc..ffbad4a59168 100644
--- a/modules/getting-started-cli-granting-permissions.adoc
+++ b/modules/getting-started-cli-granting-permissions.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-granting-permissions_{context}"]
 = Granting view permissions
 
diff --git a/modules/getting-started-cli-load-data-output.adoc b/modules/getting-started-cli-load-data-output.adoc
index 6ae8521b30e7..6d90a87f111e 100644
--- a/modules/getting-started-cli-load-data-output.adoc
+++ b/modules/getting-started-cli-load-data-output.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-load-data-output_{context}"]
 
 = Loading data and displaying the national parks map
diff --git a/modules/getting-started-cli-login.adoc b/modules/getting-started-cli-login.adoc
index 369673fd0b43..0b64285f79b3 100644
--- a/modules/getting-started-cli-login.adoc
+++ b/modules/getting-started-cli-login.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-login_{context}"]
 = Logging in to the CLI
 
@@ -15,7 +15,7 @@ You can log in to the OpenShift CLI (`oc`) to access and manage your cluster.
 
 .Procedure
 
-* Log into {product-title} from the CLI using your username and password or with an OAuth token:
+* Log into {product-title} from the CLI using your username and password, with an OAuth token, or with a web browser:
 ** With username and password:
 +
 [source,terminal]
@@ -28,5 +28,11 @@ $ oc login -u=<username> -p=<password> --server=<your-openshift-server> --insecu
 ----
 $ oc login <https://api.your-openshift-server.com> --token=<tokenID>
 ----
+** With a web browser:
++
+[source,terminal]
+----
+$ oc login <cluster_url> --web
+----
 
 You can now create a project or issue other commands for managing your cluster.
diff --git a/modules/getting-started-cli-scaling-app.adoc b/modules/getting-started-cli-scaling-app.adoc
index 20e433ac8ad4..74ffba59201a 100644
--- a/modules/getting-started-cli-scaling-app.adoc
+++ b/modules/getting-started-cli-scaling-app.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-cli-scaling-app_{context}"]
 = Scaling the application
 
diff --git a/modules/getting-started-openshift-common-terms.adoc b/modules/getting-started-openshift-common-terms.adoc
index 66e46a9e2c2d..28003cf49162 100644
--- a/modules/getting-started-openshift-common-terms.adoc
+++ b/modules/getting-started-openshift-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-overview.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="getting-started-openshift-common-terms_{context}"]
 = Glossary of common terms for {product-title}
 
diff --git a/modules/getting-started-web-console-connecting-a-database.adoc b/modules/getting-started-web-console-connecting-a-database.adoc
index 585c35aac815..8d37039800bb 100644
--- a/modules/getting-started-web-console-connecting-a-database.adoc
+++ b/modules/getting-started-web-console-connecting-a-database.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-connecting-database_{context}"]
 = Connecting to a database
 
diff --git a/modules/getting-started-web-console-creating-new-project.adoc b/modules/getting-started-web-console-creating-new-project.adoc
index 7fea42282167..064ec7162c14 100644
--- a/modules/getting-started-web-console-creating-new-project.adoc
+++ b/modules/getting-started-web-console-creating-new-project.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-creating-new-project_{context}"]
 = Creating a new project
 
diff --git a/modules/getting-started-web-console-creating-secret.adoc b/modules/getting-started-web-console-creating-secret.adoc
index 04fbef14e8bc..8546fbc81774 100644
--- a/modules/getting-started-web-console-creating-secret.adoc
+++ b/modules/getting-started-web-console-creating-secret.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-creating-secret_{context}"]
 = Creating a secret
 
diff --git a/modules/getting-started-web-console-deploying-first-image.adoc b/modules/getting-started-web-console-deploying-first-image.adoc
index 5e65cef4675f..7475cec9adfc 100644
--- a/modules/getting-started-web-console-deploying-first-image.adoc
+++ b/modules/getting-started-web-console-deploying-first-image.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-deploying-first-image_{context}"]
 = Deploying your first image
 
diff --git a/modules/getting-started-web-console-deploying-python-app.adoc b/modules/getting-started-web-console-deploying-python-app.adoc
index f799d1a7f86d..06d59bab2a2b 100644
--- a/modules/getting-started-web-console-deploying-python-app.adoc
+++ b/modules/getting-started-web-console-deploying-python-app.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-deploying-python-app_{context}"]
 = Deploying a Python application
 
diff --git a/modules/getting-started-web-console-examining-pod.adoc b/modules/getting-started-web-console-examining-pod.adoc
index 65134f3c9b5d..f1e726e9fef1 100644
--- a/modules/getting-started-web-console-examining-pod.adoc
+++ b/modules/getting-started-web-console-examining-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-examining-pod_{context}"]
 = Examining the pod
 
diff --git a/modules/getting-started-web-console-granting-permissions.adoc b/modules/getting-started-web-console-granting-permissions.adoc
index d9734cb23d72..5979fda4ca51 100644
--- a/modules/getting-started-web-console-granting-permissions.adoc
+++ b/modules/getting-started-web-console-granting-permissions.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-granting-permissions_{context}"]
 = Granting view permissions
 
diff --git a/modules/getting-started-web-console-load-data-output.adoc b/modules/getting-started-web-console-load-data-output.adoc
index 96dd70dda84b..b8e1b32a9b83 100644
--- a/modules/getting-started-web-console-load-data-output.adoc
+++ b/modules/getting-started-web-console-load-data-output.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-load-data-output_{context}"]
 
 = Loading data and displaying the national parks map
diff --git a/modules/getting-started-web-console-login.adoc b/modules/getting-started-web-console-login.adoc
index 29868c71a24f..4d58f2318ae2 100644
--- a/modules/getting-started-web-console-login.adoc
+++ b/modules/getting-started-web-console-login.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-login_{context}"]
 = Logging in to the web console
 
diff --git a/modules/getting-started-web-console-scaling-app.adoc b/modules/getting-started-web-console-scaling-app.adoc
index fa7f80b108e3..4b4f744b7164 100644
--- a/modules/getting-started-web-console-scaling-app.adoc
+++ b/modules/getting-started-web-console-scaling-app.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-started-web-console-scaling-app_{context}"]
 = Scaling the application
 
diff --git a/modules/gitops-about-argo-rollout-manager-custom-resources-and-spec.adoc b/modules/gitops-about-argo-rollout-manager-custom-resources-and-spec.adoc
new file mode 100644
index 000000000000..03caca854f5d
--- /dev/null
+++ b/modules/gitops-about-argo-rollout-manager-custom-resources-and-spec.adoc
@@ -0,0 +1,38 @@
+// Module is included in the following assemblies:
+//
+// * cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="gitops-about-argo-rollout-manager-custom-resources-and-spec_{context}"]
+= About RolloutManager custom resources and specification
+
+To use Argo Rollouts, you must install {gitops-title} Operator on the cluster, and then create and submit a `RolloutManager` custom resource (CR) to the Operator in the namespace of your choice. You can scope the `RolloutManager` CR for single or multiple namespaces. The Operator creates an `argo-rollouts` instance with the following namespace-scoped supporting resources:
+
+* Argo Rollouts controller
+* Argo Rollouts metrics service
+* Argo Rollouts service account
+* Argo Rollouts roles
+* Argo Rollouts role bindings
+* Argo Rollouts secret
+
+You can specify the command arguments, environment variables, a custom image name, and so on for the Argo Rollouts controller resource in the spec of the `RolloutsManager` CR. The `RolloutManager` CR spec defines the desired state of Argo Rollouts.
+
+.Example: `RolloutManager` CR
+[source,yaml]
+----
+apiVersion: argoproj.io/v1alpha1
+kind: RolloutManager
+metadata:
+  name: argo-rollout
+  labels:
+    example: basic
+spec: {}
+----
+
+[id="argo-rollouts-controller_{context}"]
+== Argo Rollouts controller
+
+With the Argo Rollouts controller resource, you can manage the progressive application delivery in your namespace. The Argo Rollouts controller resource monitors the cluster for events, and reacts whenever there is a change in any resource related to Argo Rollouts. The controller reads all the rollout details and brings the cluster to the same state as described in the rollout definition.
+
+.Additional Resources
+link:https://argo-rollouts-manager.readthedocs.io/en/latest/crd_reference/[`RolloutManager` Custom Resource specification]
\ No newline at end of file
diff --git a/modules/gitops-additional-permissions-for-cluster-config.adoc b/modules/gitops-additional-permissions-for-cluster-config.adoc
index 1dae04ccca55..d03a283d9764 100644
--- a/modules/gitops-additional-permissions-for-cluster-config.adoc
+++ b/modules/gitops-additional-permissions-for-cluster-config.adoc
@@ -2,11 +2,11 @@
 //
 // * configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-additional-permissions-for-cluster-config_{context}"]
 = Adding permissions for cluster configuration
 
-You can grant permissions for an Argo CD instance to manage cluster configuration. Create a cluster role with additional permissions and then create a new cluster role binding to associate the cluster role with a service account. 
+You can grant permissions for an Argo CD instance to manage cluster configuration. Create a cluster role with additional permissions and then create a new cluster role binding to associate the cluster role with a service account.
 
 .Procedure
 
@@ -24,7 +24,7 @@ rules:
   resources: ["secrets"]
   verbs: ["*"]
 ----
-. Click **Create** to add the cluster role.  
+. Click **Create** to add the cluster role.
 . Now create the cluster role binding. In the web console, select **User Management** -> **Role Bindings** -> **Create Binding**.
 . Select **All Projects** from the **Project** drop-down.
 . Click **Create binding**.
diff --git a/modules/gitops-additional-steps-for-disconnected-clusters.adoc b/modules/gitops-additional-steps-for-disconnected-clusters.adoc
index 92fed7003276..9ad7d60eb1e2 100644
--- a/modules/gitops-additional-steps-for-disconnected-clusters.adoc
+++ b/modules/gitops-additional-steps-for-disconnected-clusters.adoc
@@ -1,8 +1,8 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-additional-steps-disconnected-clusters_{context}"]
 = Integrating Keycloak with the OpenShift OAuth server in a disconnected cluster
 
-In a disconnected cluster, Keycloak communicates with the OpenShift OAuth server through a proxy. 
+In a disconnected cluster, Keycloak communicates with the OpenShift OAuth server through a proxy.
 
 .Procedure
 
diff --git a/modules/gitops-argo-cd-installation.adoc b/modules/gitops-argo-cd-installation.adoc
index 5bb2536336ce..63f6ecc8404b 100644
--- a/modules/gitops-argo-cd-installation.adoc
+++ b/modules/gitops-argo-cd-installation.adoc
@@ -2,14 +2,14 @@
 //
 // * cicd/gitops/setting-up-argocd-instance.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-argo-cd-installation_{context}"]
-= Installing Argo CD 
+= Installing Argo CD
 
 To manage cluster configurations or deploy applications, you can install and deploy a new Argo CD instance.
 
 .Procedure
-. Log in to the {product-title} web console. 
+. Log in to the {product-title} web console.
 
 . Click *Operators* -> *Installed Operators*.
 
@@ -19,8 +19,8 @@ To manage cluster configurations or deploy applications, you can install and dep
 
 . Click *Create* to configure the parameters:
 
-.. Enter the **Name** of the instance. By default, the *Name* is set to *argocd*. 
+.. Enter the **Name** of the instance. By default, the *Name* is set to *argocd*.
 
-.. Create an external OS Route to access Argo CD server. Click *Server* -> *Route* and check *Enabled*.  
+.. Create an external OS Route to access Argo CD server. Click *Server* -> *Route* and check *Enabled*.
 
 . To open the Argo CD web UI, click the route by navigating to **Networking -> Routes -> <instance name>-server** in the project where the Argo CD instance is installed.
\ No newline at end of file
diff --git a/modules/gitops-argo-cd-notification.adoc b/modules/gitops-argo-cd-notification.adoc
index 62b6b7e551e9..44185cbe96c3 100644
--- a/modules/gitops-argo-cd-notification.adoc
+++ b/modules/gitops-argo-cd-notification.adoc
@@ -2,7 +2,7 @@
 //
 // * argo-cd-custom-resource-properties.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-argo-cd-notification_{context}"]
 = Enabling notifications with Argo CD instance
 
diff --git a/modules/gitops-argo-cd-properties.adoc b/modules/gitops-argo-cd-properties.adoc
index da03b3c77ef4..523d34eda823 100644
--- a/modules/gitops-argo-cd-properties.adoc
+++ b/modules/gitops-argo-cd-properties.adoc
@@ -2,7 +2,7 @@
 //
 // * argo-cd-custom-resource-properties.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="argo-cd-properties_{context}"]
 = Argo CD custom resource properties
 
@@ -11,18 +11,18 @@ The Argo CD Custom Resource consists of the following properties:
 
 |===
 |**Name** |**Description** |**Default** | **Properties**
-|`ApplicationInstanceLabelKey` |The `metadata.label` key name where Argo CD injects the app name as a tracking label.|`app.kubernetes.io/instance` |
-|`ApplicationSet` 
-|`ApplicationSet` controller configuration options.
-| `_<Object>_`
-a|* _<Image>_ - The container image for the `ApplicationSet` controller. This overrides the `ARGOCD_APPLICATIONSET_IMAGE` environment variable.
-  * _<Version>_ - The tag to use with the `ApplicationSet` container image.
+|`applicationInstanceLabelKey` |The `metadata.label` key name where Argo CD injects the app name as a tracking label.|`app.kubernetes.io/instance` |
+|`applicationSet`
+|`applicationSet` controller configuration options.
+| `_<object>_`
+a|* _<Image>_ - The container image for the `applicationSet` controller. This overrides the `ARGOCD_APPLICATIONSET_IMAGE` environment variable.
+  * _<Version>_ - The tag to use with the `applicationSet` container image.
   * _<Resources>_ - The container compute resources.
   * _<LogLevel>_ - The log level used by the Argo CD Application Controller component. Valid options are `debug`, `info`, `error`, and `warn`.
   * _<LogFormat>_ - The log format used by the Argo CD Application Controller component. Valid options are `text` or `json`.
   * _<PrallelismLimit>_ - The kubectl parallelism limit to set for the controller `(--kubectl-parallelism-limit flag)`.
-|`ConfigManagementPlugins`    |Add a configuration management plugin.| `__<empty>__` |
-|`Controller`    |Argo CD Application Controller options.| `__<Object>__`
+|`configManagementPlugins`    |Add a configuration management plugin.| `__<empty>__` |
+|`Controller`    |Argo CD Application Controller options.| `__<object>__`
 a|* _<Processors.Operation>_ - The number of operation processors.
   * _<Processors.Status>_ - The number of status processors.
   * _<Resources>_ - The container compute resources.
@@ -31,49 +31,49 @@ a|* _<Processors.Operation>_ - The number of operation processors.
   * _<Sharding.enabled>_ - Enable sharding on the Argo CD Application Controller component. This property is used to manage a large number of clusters to relieve memory pressure on the controller component.
   * _<Sharding.replicas>_ - The number of replicas that will be used to support sharding of the Argo CD Application Controller.
   * _<Env>_ - Environment to set for the application controller workloads.
-|`DisableAdmin`    |Disables the built-in admin user.|`false` |
-|`GATrackingID`    |Use a Google Analytics tracking ID.|`__<empty>__` |
-|`GAAnonymizeusers`    |Enable hashed usernames sent to google analytics.|`false` |
-|`HA`    |High availablity options.| `__<Object>__`
+|`disableAdmin`    |Disables the built-in admin user.|`false` |
+|`gaTrackingID`    |Use a Google Analytics tracking ID.|`__<empty>__` |
+|`gaAnonymizeusers`    |Enable hashed usernames sent to google analytics.|`false` |
+|`HA`    |High availablity options.| `__<object>__`
 a|* _<Enabled>_ - Toggle high availability support globally for Argo CD.
   * _<RedisProxyImage>_ - The Redis HAProxy container image. This overrides the `ARGOCD_REDIS_HA_PROXY_IMAGE` environment variable.
   * _<RedisProxyVersion>_ - The tag to use for the Redis HAProxy container image.
-|`HelpChatURL`    |URL for getting chat help (this will typically be your Slack channel for support).|`https://mycorp.slack.com/argo-cd` |
-|`HelpChatText`    |The text that appears in a text box for getting chat help.|`Chat now!`|
-|`Image`    |The container image for all Argo CD components. This overrides the `ARGOCD_IMAGE` environment variable.|`argoproj/argocd` |
-|`Ingress`    |Ingress configuration options.| `__<Object>__` |
-|`InitialRepositories`    |Initial Git repositories to configure Argo CD to use upon creation of the cluster.|`__<empty>__` |
-|`Notifications`    |Notifications controller configuration options.|`__<Object>__`
+|`helpChatURL`    |URL for getting chat help (this will typically be your Slack channel for support).|`https://mycorp.slack.com/argo-cd` |
+|`helpChatText`    |The text that appears in a text box for getting chat help.|`Chat now!`|
+|`image`    |The container image for all Argo CD components. This overrides the `ARGOCD_IMAGE` environment variable.|`argoproj/argocd` |
+|`ingress`    |Ingress configuration options.| `__<object>__` |
+|`initialRepositories`    |Initial Git repositories to configure Argo CD to use upon creation of the cluster.|`__<empty>__` |
+|`notifications`    |Notifications controller configuration options.|`__<object>__`
 a|* _<Enabled>_ - The toggle to start the notifications-controller.
   * _<Image>_ - The container image for all Argo CD components. This overrides the `ARGOCD_IMAGE` environment variable.
   * _<Version>_ - The tag to use with the Notifications container image.
   * _<Resources>_ - The container compute resources.
   * _<LogLevel>_ - The log level used by the Argo CD Application Controller component. Valid options are `debug`, `info`, `error`, and `warn`.
-|`RepositoryCredentials`    |Git repository credential templates to configure Argo CD to use upon creation of the cluster.| `__<empty>__` |
-|`InitialSSHKnownHosts`    |Initial SSH Known Hosts for Argo CD to use upon creation of the cluster.| `__<default_Argo_CD_Known_Hosts>__` |
-|`KustomizeBuildOptions`    |The build options and parameters to use with `kustomize build`.|`__<empty>__` |
-|`OIDCConfig` |The OIDC configuration as an alternative to Dex.|`__<empty>__` |
-|`NodePlacement` |Add the `nodeSelector` and the `tolerations`.|`__<empty>__` |
-|`Prometheus` |Prometheus configuration options.|`__<Object>__`
+|`repositoryCredentials`    |Git repository credential templates to configure Argo CD to use upon creation of the cluster.| `__<empty>__` |
+|`initialSSHKnownHosts`    |Initial SSH Known Hosts for Argo CD to use upon creation of the cluster.| `__<default_Argo_CD_Known_Hosts>__` |
+|`kustomizeBuildOptions`    |The build options and parameters to use with `kustomize build`.|`__<empty>__` |
+|`oidcConfig` |The OIDC configuration as an alternative to Dex.|`__<empty>__` |
+|`nodePlacement` |Add the `nodeSelector` and the `tolerations`.|`__<empty>__` |
+|`prometheus` |Prometheus configuration options.|`__<object>__`
 a|* _<Enabled>_ - Toggle Prometheus support globally for Argo CD.
   * _<Host>_ - The hostname to use for Ingress or Route resources.
   * _<Ingress>_ - Toggles Ingress for Prometheus.
   * _<Route>_ - Route configuration options.
-  * _<Size>_ - The replica count for the Prometheus `StatefulSet`.
-|`RBAC` |RBAC configuration options.|`__<Object>__`
+  * _<Size>_ - The replica count for the Prometheus `statefulSet`.
+|`rbac` |RBAC configuration options.|`__<object>__`
 a|* _<DefaultPolicy>_ - The `policy.default` property in the `argocd-rbac-cm` config map. The name of the default role which Argo CD will fall back to, when authorizing API requests.
   * _<Policy>_ - The `policy.csv` property in the `argocd-rbac-cm` config map. CSV data containing user-defined RBAC policies and role definitions.
   * _<Scopes>_ - The scopes property in the `argocd-rbac-cm` config map. Controls which OIDC scopes to examine during RBAC enforcement (in addition to sub scope).
-|`Redis` |Redis configuration options.|`__<Object>__`
+|`redis` |Redis configuration options.|`__<object>__`
 a|* _<AutoTLS>_ - Use the provider to create the Redis server's TLS certificate (one of: openshift). Currently only available for {product-title}.
   * _<DisableTLSVerification>_ - Define whether the Redis server should be accessed using strict TLS validation.
   * _<Image>_ - The container image for Redis. This overrides the `ARGOCD_REDIS_IMAGE` environment variable.
   * _<Resources>_ - The container compute resources.
   * _<Version>_ - The tag to use with the Redis container image.
-|`ResourceCustomizations` |Customize resource behavior.|`__<empty>__` |
-|`ResourceExclusions` |Completely ignore entire classes of resource group.|`__<empty>__` |
-|`ResourceInclusions` |The configuration to configure which resource group/kinds are applied.|`__<empty>__` |
-|`Server` |Argo CD Server configuration options.|`__<Object>__`
+|`resourceCustomizations` |Customize resource behavior.|`__<empty>__` |
+|`resourceExclusions` |Completely ignore entire classes of resource group.|`__<empty>__` |
+|`resourceInclusions` |The configuration to configure which resource group/kinds are applied.|`__<empty>__` |
+|`server` |Argo CD Server configuration options.|`__<object>__`
 a|* _<Autoscale>_ - Server autoscale configuration options.
   * _<ExtraCommandArgs>_ - List of arguments added to the existing arguments set by the Operator.
   * _<GRPC>_ - GRPC configuration options.
@@ -81,13 +81,13 @@ a|* _<Autoscale>_ - Server autoscale configuration options.
   * _<Ingress>_ - Ingress configuration for the Argo CD server component.
   * _<Insecure>_ - Toggles the insecure flag for Argo CD server.
   * _<Resources>_ - The container compute resources.
-  * _<Replicas>_ - The number of replicas for the Argo CD server. Must be greater than or equal to `0`. If `Autoscale` is enabled, `Replicas` is ignored.
+  * _<Replicas>_ - The number of replicas for the Argo CD server. Must be greater than or equal to `0`. If `autoscale` is enabled, `replicas` is ignored.
   * _<Route>_ - Route configuration options.
-  * _<Service.Type>_ - The `ServiceType` used for the service resource.
+  * _<Service.Type>_ - The `serviceType` used for the service resource.
   * _<LogLevel>_ - The log level to be used by the Argo CD Server component. Valid options are  `debug`, `info`, `error`, and `warn`.
   * _<LogFormat>_ - The log format used by the Argo CD Application Controller component. Valid options are `text` or `json`.
   * _<Env>_ - Environment to set for the server workloads.
-|`SSO` |Single Sign-on options.|`__<Object>__`
+|`sso` |Single Sign-on options.|`__<object>__`
 a|* _<Image>_ - The container image for Keycloak. This overrides the `ARGOCD_KEYCLOAK_IMAGE` environment variable.
   * _<Keycloak>_ - Configuration options for Keycloak SSO provider.
   * _<Dex>_ - Configuration options for Dex SSO provider.
@@ -95,16 +95,16 @@ a|* _<Image>_ - The container image for Keycloak. This overrides the `ARGOCD_KEY
   * _<Resources>_ - The container compute resources.
   * _<VerifyTLS>_ - Whether to enforce strict TLS checking when communicating with Keycloak service.
   * _<Version>_ - The tag to use with the Keycloak container image.
-|`StatusBadgeEnabled` |Enable application status badge.|`true` |
-|`TLS` |TLS configuration options.|`__<Object>__`
+|`statusBadgeEnabled` |Enable application status badge.|`true` |
+|`tls` |TLS configuration options.|`__<bject>__`
 a|* _<CA.ConfigMapName>_ - The name of the `ConfigMap` which contains the CA certificate.
   * _<CA.SecretName>_ - The name of the secret which contains the CA Certificate and Key.
   * _<InitialCerts>_ - Initial set of certificates in the `argocd-tls-certs-cm` config map for connecting Git repositories via HTTPS.
-|`UserAnonyousEnabled` |Enable anonymous user access.|`true` |
-|`Version` |The tag to use with the container image for all Argo CD components.|Latest Argo CD version|
-|`Banner` |Add a UI banner message.|`__<Object>__`
+|`userAnonyousEnabled` |Enable anonymous user access.|`true` |
+|`version` |The tag to use with the container image for all Argo CD components.|Latest Argo CD version|
+|`banner` |Add a UI banner message.|`__<object>__`
 a|* _<Banner.Content>_ - The banner message content (required if a banner is displayed).
-  * _<Banner.URL.SecretName>_ - The banner message link URL (optional). 
+  * _<Banner.URL.SecretName>_ - The banner message link URL (optional).
 |===
 
 
diff --git a/modules/gitops-benefits-of-argo-rollouts.adoc b/modules/gitops-benefits-of-argo-rollouts.adoc
new file mode 100644
index 000000000000..290f75049438
--- /dev/null
+++ b/modules/gitops-benefits-of-argo-rollouts.adoc
@@ -0,0 +1,26 @@
+// Module is included in the following assemblies:
+//
+// * cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="gitops-benefits-of-argo-rollouts_{context}"]
+= Benefits of Argo Rollouts
+
+Managing and coordinating advanced deployment strategies in traditional infrastructure often involves long maintenance windows. Automation with tools like {product-title} and {gitops-title} can reduce these windows, but setting up these strategies can still be challenging. With Argo Rollouts, you simplify this process by allowing application teams to define their rollout strategy declaratively. Teams no longer need to define multiple deployments and services or create automation for traffic shaping and integration of tests. Using Argo Rollouts, you can encapsulate all the required definitions for a declarative rollout strategy, automate and manage the process.
+
+Using Argo Rollouts as a default workload in {gitops-title} provides the following benefits:
+
+* Automated progressive delivery as part of the {gitops-shortname} workflow
+* Advanced deployment capabilities
+* Optimize the existing advanced deployment strategies such as blue-green or canary
+* Zero downtime updates for deployments
+* Fine-grained, weighted traffic shifting
+* Able to test without any new traffic hitting the production environment
+* Automated rollbacks and promotions
+* Manual judgment
+* Customizable metric queries and analysis of business key performance indicators (KPIs)
+* Integration with ingress controller and {SMProductName} for advanced traffic routing
+* Integration with metric providers for deployment strategy analysis
+* Usage of multiple providers
+
+With Argo Rollouts, users can more easily adopt progressive delivery in end-user environments. This provides structure and guidelines without requiring teams to learn about traffic managers and complex infrastructure. With automated rollouts, the {gitops-title} Operator provides security to your end-user environments and helps manage the resources, cost, and time effectively. Existing users who use Argo CD with security and automated deployments get feedback early in the process and avoid problems that impact them.
\ No newline at end of file
diff --git a/modules/gitops-configuring-tls-for-redis-with-autotls-disabled.adoc b/modules/gitops-configuring-tls-for-redis-with-autotls-disabled.adoc
new file mode 100644
index 000000000000..5c0a16bec9f3
--- /dev/null
+++ b/modules/gitops-configuring-tls-for-redis-with-autotls-disabled.adoc
@@ -0,0 +1,232 @@
+// Module is included in the following assemblies:
+//
+// * /cicd/gitops/configuring-secure-communication-with-redis.adoc
+
+[id="gitops-configuring-tls-for-redis-with-autotls-disabled_{context}"]
+= Configuring TLS for Redis with autotls disabled
+
+You can manually configure TLS encryption for Redis by creating the `argocd-operator-redis-tls` secret with a key and certificate pair. In addition, you must annotate the secret to indicate that it belongs to the appropriate Argo CD instance. The steps to create a certificate and secret vary for instances with High Availability (HA) enabled.
+
+.Procedure
+
+. Log in to the {product-title} web console.
+
+. Create an Argo CD instance:
+
+.. In the *Administrator* perspective of the web console, use the left navigation panel to go to *Administration* -> *CustomResourceDefinitions*.
+
+.. Search for `argocds.argoproj.io` and click `ArgoCD` custom resource definition (CRD).
+
+.. On the *CustomResourceDefinition details* page, click the *Instances* tab, and then click *Create ArgoCD*.
+
+.. Edit or replace the YAML similar to the following example:
++
+.Example ArgoCD CR with autotls disabled
+[source,yaml]
+----
+apiVersion: argoproj.io/v1alpha1
+kind: ArgoCD
+metadata:
+  name: argocd <1>
+  namespace: openshift-gitops <2>
+spec:
+  ha:
+    enabled: true <3>
+----
+<1> The name of the Argo CD instance. 
+<2> The namespace where you want to run the Argo CD instance. 
+<3> The flag value that enables the HA feature. If you do not want to enable HA, do not include this line or set the flag value as `false`.
+
+.. Click *Create*.
+
+.. Verify that the Argo CD pods are ready and running:
++
+[source,terminal]
+----
+$ oc get pods -n <namespace> <1>
+----
+<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
++
+.Example output with HA disabled
+[source,terminal]
+----
+NAME                                  READY   STATUS    RESTARTS   AGE
+argocd-application-controller-0       1/1     Running   0          26s
+argocd-redis-84b77d4f58-vp6zm         1/1     Running   0          37s
+argocd-repo-server-5b959b57f4-znxjq   1/1     Running   0          37s
+argocd-server-6b8787d686-wv9zh        1/1     Running   0          37s
+----
++
+[NOTE]
+====
+The HA-enabled TLS configuration requires a cluster with at least three worker nodes. It can take a few minutes for the output to appear if you have enabled the Argo CD instances with HA configuration.
+====
++
+.Example output with HA enabled
+[source,terminal]
+----
+NAME                                       READY   STATUS    RESTARTS   AGE
+argocd-application-controller-0            1/1     Running   0          10m
+argocd-redis-ha-haproxy-669757fdb7-5xg8h   1/1     Running   0          10m
+argocd-redis-ha-server-0                   2/2     Running   0          9m9s
+argocd-redis-ha-server-1                   2/2     Running   0          98s
+argocd-redis-ha-server-2                   2/2     Running   0          53s
+argocd-repo-server-576499d46d-8hgbh        1/1     Running   0          10m
+argocd-server-9486f88b7-dk2ks              1/1     Running   0          10m
+----
+
+. Create a self-signed certificate for the Redis server by using one of the following options depending on your HA configuration:
+
+* For the Argo CD instance with HA disabled, run the following command:
++
+[source,terminal]
+----
+$ openssl req -new -x509 -sha256 \
+  -subj "/C=XX/ST=XX/O=Testing/CN=redis" \
+  -reqexts SAN -extensions SAN \
+  -config <(printf "\n[SAN]\nsubjectAltName=DNS:argocd-redis.<namespace>.svc.cluster.local\n[req]\ndistinguished_name=req") \ <1>
+  -keyout /tmp/redis.key \
+  -out /tmp/redis.crt \
+  -newkey rsa:4096 \
+  -nodes \
+  -sha256 \
+  -days 10
+----
+<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
++
+.Example output
+[source,terminal]
+----
+Generating a RSA private key
+...............++++
+............................++++
+writing new private key to '/tmp/redis.key'
+----
+
+* For the Argo CD instance with HA enabled, run the following command:
++
+[source,terminal]
+----
+$ openssl req -new -x509 -sha256 \
+  -subj "/C=XX/ST=XX/O=Testing/CN=redis" \
+  -reqexts SAN -extensions SAN \
+  -config <(printf "\n[SAN]\nsubjectAltName=DNS:argocd-redis-ha-haproxy.<namespace>.svc.cluster.local\n[req]\ndistinguished_name=req") \ <1>
+  -keyout /tmp/redis-ha.key \
+  -out /tmp/redis-ha.crt \
+  -newkey rsa:4096 \
+  -nodes \
+  -sha256 \
+  -days 10
+----
+<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
++
+.Example output
+[source,terminal]
+----
+Generating a RSA private key
+...............++++
+............................++++
+writing new private key to '/tmp/redis-ha.key'
+----
+
+. Verify that the generated certificate and key are available in the `/tmp` directory by running the following commands:
++
+[source,terminal]
+----
+$ cd /tmp
+----
++
+[source,terminal]
+----
+$ ls
+----
++
+.Example output with HA disabled
+[source,terminal]
+----
+...
+redis.crt
+redis.key
+...
+----
++
+.Example output with HA enabled
+[source,terminal]
+----
+...
+redis-ha.crt
+redis-ha.key
+...
+----
+
+. Create the `argocd-operator-redis-tls` secret by using one of the following options depending on your HA configuration:
+
+* For the Argo CD instance with HA disabled, run the following command:
++
+[source,terminal]
+----
+$ oc create secret tls argocd-operator-redis-tls --key=/tmp/redis.key --cert=/tmp/redis.crt
+----
+
+* For the Argo CD instance with HA enabled, run the following command:
++
+[source,terminal]
+----
+$ oc create secret tls argocd-operator-redis-tls --key=/tmp/redis-ha.key --cert=/tmp/redis-ha.crt
+----
++
+.Example output
+[source,terminal]
+----
+secret/argocd-operator-redis-tls created
+----
+
+. Annotate the secret to indicate that it belongs to the Argo CD CR:
++
+[source,terminal]
+----
+$ oc annotate secret argocd-operator-redis-tls argocds.argoproj.io/name=<instance-name> <1>
+----
+<1> Specify a name of the Argo CD instance, for example `argocd`.
++
+.Example output
+[source,terminal]
+----
+secret/argocd-operator-redis-tls annotated
+----
+
+. Verify that the Argo CD pods are ready and running:
++
+[source,terminal]
+----
+$ oc get pods -n <namespace> <1>
+----
+<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
++
+.Example output with HA disabled
+[source,terminal]
+----
+NAME                                  READY   STATUS    RESTARTS   AGE
+argocd-application-controller-0       1/1     Running   0          26s
+argocd-redis-84b77d4f58-vp6zm         1/1     Running   0          37s
+argocd-repo-server-5b959b57f4-znxjq   1/1     Running   0          37s
+argocd-server-6b8787d686-wv9zh        1/1     Running   0          37s
+----
++
+[NOTE]
+====
+It can take a few minutes for the output to appear if you have enabled the Argo CD instances with HA configuration.
+====
++
+.Example output with HA enabled
+[source,terminal]
+----
+NAME                                       READY   STATUS    RESTARTS   AGE
+argocd-application-controller-0            1/1     Running   0          10m
+argocd-redis-ha-haproxy-669757fdb7-5xg8h   1/1     Running   0          10m
+argocd-redis-ha-server-0                   2/2     Running   0          9m9s
+argocd-redis-ha-server-1                   2/2     Running   0          98s
+argocd-redis-ha-server-2                   2/2     Running   0          53s
+argocd-repo-server-576499d46d-8hgbh        1/1     Running   0          10m
+argocd-server-9486f88b7-dk2ks              1/1     Running   0          10m
+----
diff --git a/modules/gitops-configuring-tls-for-redis-with-autotls-enabled.adoc b/modules/gitops-configuring-tls-for-redis-with-autotls-enabled.adoc
new file mode 100644
index 000000000000..6983398a1b8f
--- /dev/null
+++ b/modules/gitops-configuring-tls-for-redis-with-autotls-enabled.adoc
@@ -0,0 +1,111 @@
+// Module is included in the following assemblies:
+//
+// * /cicd/gitops/configuring-secure-communication-with-redis.adoc
+
+[id="gitops-configuring-tls-for-redis-with-autotls-enabled_{context}"]
+= Configuring TLS for Redis with autotls enabled
+
+You can configure TLS encryption for Redis by enabling the `autotls` setting on a new or already existing Argo CD instance. The configuration automatically provisions the `argocd-operator-redis-tls` secret and does not require further steps. Currently, {product-title} is the only supported secret provider.
+
+[NOTE]
+====
+By default, the `autotls` setting is disabled.
+====
+
+.Procedure
+
+. Log in to the {product-title} web console.
+
+. Create an Argo CD instance with `autotls` enabled:
+
+.. In the *Administrator* perspective of the web console, use the left navigation panel to go to *Administration* -> *CustomResourceDefinitions*.
+
+.. Search for `argocds.argoproj.io` and click `ArgoCD` custom resource definition (CRD).
+
+.. On the *CustomResourceDefinition details* page, click the *Instances* tab, and then click *Create ArgoCD*.
+
+.. Edit or replace the YAML similar to the following example:
++
+.Example Argo CD CR with autotls enabled
+[source,yaml]
+----
+apiVersion: argoproj.io/v1alpha1
+kind: ArgoCD
+metadata:
+  name: argocd <1>
+  namespace: openshift-gitops <2>
+spec:
+  redis:
+    autotls: openshift <3>
+  ha:
+    enabled: true <4>
+----
+<1> The name of the Argo CD instance.
+<2> The namespace where you want to run the Argo CD instance.
+<3> The flag that enables the `autotls` setting and creates a TLS certificate for Redis.
+<4> The flag value that enables the HA feature. If you do not want to enable HA, do not include this line or set the flag value as `false`.
++
+[TIP]
+====
+Alternatively, you can enable the `autotls` setting on an already existing Argo CD instance by running the following command:
+
+[source,terminal]
+----
+$ oc patch argocds.argoproj.io <instance-name> --type=merge -p '{"spec":{"redis":{"autotls":"openshift"}}}'
+----
+====
+
+.. Click *Create*.
+
+.. Verify that the Argo CD pods are ready and running:
++
+[source,terminal]
+----
+$ oc get pods -n <namespace> <1>
+----
+<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
++
+.Example output with HA disabled
+[source,terminal]
+----
+NAME                                  READY   STATUS    RESTARTS   AGE
+argocd-application-controller-0       1/1     Running   0          26s
+argocd-redis-84b77d4f58-vp6zm         1/1     Running   0          37s
+argocd-repo-server-5b959b57f4-znxjq   1/1     Running   0          37s
+argocd-server-6b8787d686-wv9zh        1/1     Running   0          37s
+----
++
+[NOTE]
+====
+The HA-enabled TLS configuration requires a cluster with at least three worker nodes. It can take a few minutes for the output to appear if you have enabled the Argo CD instances with HA configuration.
+====
++
+.Example output with HA enabled
+[source,terminal]
+----
+NAME                                       READY   STATUS    RESTARTS   AGE
+argocd-application-controller-0            1/1     Running   0          10m
+argocd-redis-ha-haproxy-669757fdb7-5xg8h   1/1     Running   0          10m
+argocd-redis-ha-server-0                   2/2     Running   0          9m9s
+argocd-redis-ha-server-1                   2/2     Running   0          98s
+argocd-redis-ha-server-2                   2/2     Running   0          53s
+argocd-repo-server-576499d46d-8hgbh        1/1     Running   0          10m
+argocd-server-9486f88b7-dk2ks              1/1     Running   0          10m
+----
+
+. Verify that the `argocd-operator-redis-tls` secret is created:
++
+[source,terminal]
+----
+$ oc get secrets argocd-operator-redis-tls -n <namespace> <1>
+----
+<1> Specify a namespace where the Argo CD instance is running, for example `openshift-gitops`.
++
+.Example output 
+[source,terminal]
+----
+NAME                        TYPE                DATA   AGE
+argocd-operator-redis-tls   kubernetes.io/tls   2      30s
+----
++
+The secret must be of the `kubernetes.io/tls` type and a size of `2`.
diff --git a/modules/gitops-creating-a-new-client-using-keycloak.adoc b/modules/gitops-creating-a-new-client-using-keycloak.adoc
index edf490e1d0f5..954a77802df6 100644
--- a/modules/gitops-creating-a-new-client-using-keycloak.adoc
+++ b/modules/gitops-creating-a-new-client-using-keycloak.adoc
@@ -2,7 +2,7 @@
 //
 // * configuring-sso-for-argo-cd-using-keycloak.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-creating-a-new-client-in-keycloak_{context}"]
 = Configuring a new client in Keycloak
 
@@ -12,7 +12,7 @@ Dex is installed by default for all the Argo CD instances created by the Operato
 
 To configure Keycloak, follow these steps:
 
-. Delete the Dex configuration by removing the `.spec.sso.dex` parameter from the Argo CD custom resource (CR), and save the CR: 
+. Delete the Dex configuration by removing the `.spec.sso.dex` parameter from the Argo CD custom resource (CR), and save the CR:
 +
 [source,yaml]
 ----
@@ -20,11 +20,11 @@ dex:
     openShiftOAuth: true
     resources:
       limits:
-        cpu: 
-        memory: 
+        cpu:
+        memory:
       requests:
-        cpu: 
-        memory: 
+        cpu:
+        memory:
 ----
 
 . Set the value of the `provider` parameter to `keycloak` in the Argo CD CR.
@@ -51,7 +51,7 @@ spec:
       enabled: true
 ----
 <1> A custom certificate used to verify the Keycloak's TLS certificate.
-+ 
++
 The Operator reconciles changes in the `.spec.keycloak.rootCA` parameter and updates the `oidc.config` parameter with the PEM encoded root certificate in the `argocd-cm` configuration map.
 
 * For an insecure connection, leave the value of the `rootCA` parameter empty and use the `oidc.tls.insecure.skip.verify` parameter as shown below:
diff --git a/modules/gitops-creating-an-application-by-using-the-argo-cd-dashboard.adoc b/modules/gitops-creating-an-application-by-using-the-argo-cd-dashboard.adoc
index f28510a4af03..5587733403b5 100644
--- a/modules/gitops-creating-an-application-by-using-the-argo-cd-dashboard.adoc
+++ b/modules/gitops-creating-an-application-by-using-the-argo-cd-dashboard.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "deploying-a-spring-boot-application-with-argo-cd"]
 :app:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-an-application-by-using-the-argo-cd-dashboard_{context}"]
 = Creating an application by using the Argo CD dashboard
 
diff --git a/modules/gitops-creating-an-application-by-using-the-oc-tool.adoc b/modules/gitops-creating-an-application-by-using-the-oc-tool.adoc
index ff283c613777..40590434f096 100644
--- a/modules/gitops-creating-an-application-by-using-the-oc-tool.adoc
+++ b/modules/gitops-creating-an-application-by-using-the-oc-tool.adoc
@@ -10,13 +10,13 @@ ifeval::["{context}" == "deploying-a-spring-boot-application-with-argo-cd"]
 :app:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-an-application-by-using-the-oc-tool_{context}"]
 = Creating an application by using the `oc` tool
 
 You can create Argo CD applications in your terminal by using the `oc` tool.
 
-.Procedure 
+.Procedure
 
 . Download link:https://github.com/redhat-developer/openshift-gitops-getting-started[the sample application]:
 +
diff --git a/modules/gitops-creating-rolloutmanager-custom-resource.adoc b/modules/gitops-creating-rolloutmanager-custom-resource.adoc
new file mode 100644
index 000000000000..e8f615d0e18e
--- /dev/null
+++ b/modules/gitops-creating-rolloutmanager-custom-resource.adoc
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gitops-creating-rolloutmanager-custom-resource_{context}"]
+= Creating a RolloutManager custom resource
+
+To manage progressive delivery of deployments by using Argo Rollouts in {gitops-title}, you must create and configure a `RolloutManager` custom resource (CR) in the namespace of your choice. By default, any new `argo-rollouts` instance has permission to manage resources only in the namespace where it is deployed, but you can use Argo Rollouts in multiple namespaces as required.
+
+.Prerequisites
+
+* {gitops-title} 1.9.0 or a newer version is installed in your cluster.
+
+.Procedure
+
+. Log in to the {product-title} web console as a cluster administrator.
+
+. In the *Administrator* perspective, click *Operators* -> *Installed Operators*.
+
+. Create or select the project where you want to create and configure a `RolloutManager` custom resource (CR) from the *Project* drop-down menu.
+
+. Select *OpenShift GitOps Operator* from the installed operators.
+
+. In the *Details* tab, under the *Provided APIs* section, click *Create instance* in the *RolloutManager* pane.
+
+. On the *Create RolloutManager* page, select the *YAML view* and use the default YAML or edit it according to your requirements:
++
+.Example: `RolloutManager` CR
+[source,yaml]
+----
+apiVersion: argoproj.io/v1alpha1
+kind: RolloutManager
+metadata:
+  name: argo-rollout
+  labels:
+    example: basic
+spec: {}
+----
+
+. Click *Create*.
+
+. In the *RolloutManager* tab, under the *RolloutManagers* section, verify that the *Status* field of the RolloutManager instance shows as *Phase: Available*.
+
+. In the left navigation pane, verify the creation of the namespace-scoped supporting resources:
++
+* Click *Workloads* -> *Deployments* to verify that the `argo-rollouts` deployment is available with the *Status* showing as `1 of 1 pods` running.
+* Click *Workloads* -> *Secrets* to verify that the `argo-rollouts-notification-secret` secret is available.
+* Click *Networking* -> *Services* to verify that the `argo-rollouts-metrics` service is available.
+* Click *User Management* -> *Roles* to verify that the `argo-rollouts` role and `argo-rollouts-aggregate-to-admin`, `argo-rollouts-aggregate-to-edit`, and `argo-rollouts-aggregate-to-view` cluster roles are available.
+* Click *User Management* -> *RoleBindings* to verify that the `argo-rollouts` role binding is available.
+
+.Additional resources
+* link:https://argo-rollouts-manager.readthedocs.io/en/latest/crd_reference/[`RolloutManager` Custom Resource specification]
diff --git a/modules/gitops-customize-argo-cd-consolelink.adoc b/modules/gitops-customize-argo-cd-consolelink.adoc
index 5b97884ca019..09fb2a0320fb 100644
--- a/modules/gitops-customize-argo-cd-consolelink.adoc
+++ b/modules/gitops-customize-argo-cd-consolelink.adoc
@@ -2,13 +2,13 @@
 //
 // * cicd/gitops/setting-up-argocd-instance.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-customize-argo-cd-consolelink_{context}"]
 = Customizing the Argo CD console link
 
-In a multi-tenant cluster, users might have to deal with multiple instances of Argo CD. For example, after installing an Argo CD instance in your namespace, you might find a different Argo CD instance attached to the Argo CD console link, instead of your own Argo CD instance, in the Console Application Launcher. 
+In a multi-tenant cluster, users might have to deal with multiple instances of Argo CD. For example, after installing an Argo CD instance in your namespace, you might find a different Argo CD instance attached to the Argo CD console link, instead of your own Argo CD instance, in the Console Application Launcher.
 
-You can customize the Argo CD console link by setting the `DISABLE_DEFAULT_ARGOCD_CONSOLELINK` environment variable:  
+You can customize the Argo CD console link by setting the `DISABLE_DEFAULT_ARGOCD_CONSOLELINK` environment variable:
 
 * When you set `DISABLE_DEFAULT_ARGOCD_CONSOLELINK` to `true`, the Argo CD console link is permanently deleted.
 * When you set `DISABLE_DEFAULT_ARGOCD_CONSOLELINK` to `false` or use the default value, the Argo CD console link is temporarily deleted and visible again when the Argo CD route is reconciled.
@@ -35,5 +35,5 @@ spec:
   config:
     env:
     - name: DISABLE_DEFAULT_ARGOCD_CONSOLELINK
-      value: 'true'    
+      value: 'true'
 ----
diff --git a/modules/gitops-default-permissions-of-an-argocd-instance.adoc b/modules/gitops-default-permissions-of-an-argocd-instance.adoc
index e039d6bd1b98..d4ab138908e4 100644
--- a/modules/gitops-default-permissions-of-an-argocd-instance.adoc
+++ b/modules/gitops-default-permissions-of-an-argocd-instance.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/configuring_argo_cd_to_recursively_sync_a_git_repository_with_your_application/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="default-permissions-of-an-argocd-instance.adoc{context}"]
 
 = Default permissions of an Argocd instance
diff --git a/modules/gitops-deleting-rolloutmanager-custom-resource.adoc b/modules/gitops-deleting-rolloutmanager-custom-resource.adoc
new file mode 100644
index 000000000000..9fcf1b1d297f
--- /dev/null
+++ b/modules/gitops-deleting-rolloutmanager-custom-resource.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * cicd/gitops/using-argo-rollouts-for-progressive-deployment-delivery.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gitops-deleting-rolloutmanager-custom-resource_{context}"]
+= Deleting a RolloutManager custom resource
+
+Uninstalling the {gitops-title} Operator does not remove the resources that were created during installation. You must manually delete the `RolloutManager` custom resource (CR) before you uninstall the {gitops-title} Operator.
+
+.Prerequisites
+
+* {gitops-title} 1.9.0 or a newer version is installed in your cluster.
+* A `RolloutManager` CR exists in your namespace.
+
+.Procedure
+
+. Log in to the {product-title} web console as a cluster administrator.
+
+. In the *Administrator* perspective, click *Operators* -> *Installed Operators*.
+
+. Click the *Project* drop-down menu and select the project that contains the `RolloutManager` CR.
+
+. Select *OpenShift GitOps Operator* from the installed operators.
+
+. Click the *RolloutManager* tab to find RolloutManager instances under the *RolloutManagers* section.
+
+. Click the instance.
+
+. Click *Actions* -> *Delete RolloutManager* from the drop-down menu, and click *Delete* to confirm in the dialog box.
+
+. In the *RolloutManager* tab, under the *RolloutManagers* section, verify that the RolloutManager instance is not available anymore.
+
+. In the left navigation pane, verify the deletion of the namespace-scoped supporting resources:
++
+* Click *Workloads* -> *Deployments* to verify that the `argo-rollouts` deployment is deleted.
+* Click *Workloads* -> *Secrets* to verify that the `argo-rollouts-notification-secret` secret is deleted.
+* Click *Networking* -> *Services* to verify that the `argo-rollouts-metrics` service is deleted.
+* Click *User Management* -> *Roles* to verify that the `argo-rollouts` role and `argo-rollouts-aggregate-to-admin`, `argo-rollouts-aggregate-to-edit`, and `argo-rollouts-aggregate-to-view` cluster roles are deleted.
+* Click *User Management* -> *RoleBindings* to verify that the `argo-rollouts` role binding is deleted.
+
+
diff --git a/modules/gitops-deploy-resources-different-namespaces.adoc b/modules/gitops-deploy-resources-different-namespaces.adoc
index d3e680239a10..cf2a7cbba67b 100644
--- a/modules/gitops-deploy-resources-different-namespaces.adoc
+++ b/modules/gitops-deploy-resources-different-namespaces.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/gitops/setting-up-argocd-instance.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-deploy-resources-different-namespaces_{context}"]
 = Deploying resources to a different namespace
 
@@ -17,5 +17,5 @@ To allow Argo CD to manage resources in other namespaces apart from where it is
 $ oc label namespace <namespace> \
 argocd.argoproj.io/managed-by=<namespace> <1>
 ----
-<1> The namespace where Argo CD is installed. 
+<1> The namespace where Argo CD is installed.
 
diff --git a/modules/gitops-dex-role-mappings.adoc b/modules/gitops-dex-role-mappings.adoc
index 2d253c8c9f47..d9290c296620 100644
--- a/modules/gitops-dex-role-mappings.adoc
+++ b/modules/gitops-dex-role-mappings.adoc
@@ -2,7 +2,7 @@
 //
 // * configuring-sso-for-argo-cd-on-openshift
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-dex-role-mappings_{context}"]
 = Mapping users to specific roles
 
diff --git a/modules/gitops-disable-dex-using-spec-sso.adoc b/modules/gitops-disable-dex-using-spec-sso.adoc
index 4a649af5d8ce..a306e09fec93 100644
--- a/modules/gitops-disable-dex-using-spec-sso.adoc
+++ b/modules/gitops-disable-dex-using-spec-sso.adoc
@@ -2,7 +2,7 @@
 //
 // * configuring-sso-for-argo-cd-using-dex
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-disable-dex-using-spec-sso_{context}"]
 = Enabling or disabling Dex using .spec.sso
 
diff --git a/modules/gitops-disable-dex.adoc b/modules/gitops-disable-dex.adoc
index 79412ef2a905..d4e55ff58cf1 100644
--- a/modules/gitops-disable-dex.adoc
+++ b/modules/gitops-disable-dex.adoc
@@ -2,11 +2,11 @@
 //
 // * configuring-sso-for-argo-cd-using-dex
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-disable-dex_{context}"]
 = Disabling Dex
 
-Dex is installed by default for all the Argo CD instances created by the Operator. You can configure {gitops-title} to use Dex as the SSO authentication provider by setting the `.spec.dex` parameter. 
+Dex is installed by default for all the Argo CD instances created by the Operator. You can configure {gitops-title} to use Dex as the SSO authentication provider by setting the `.spec.dex` parameter.
 
 [IMPORTANT]
 ====
diff --git a/modules/gitops-disabling-monitoring-for-argo-cd-custom-resource-workloads.adoc b/modules/gitops-disabling-monitoring-for-argo-cd-custom-resource-workloads.adoc
index 18c62bb219a0..9bd35fc79406 100644
--- a/modules/gitops-disabling-monitoring-for-argo-cd-custom-resource-workloads.adoc
+++ b/modules/gitops-disabling-monitoring-for-argo-cd-custom-resource-workloads.adoc
@@ -2,7 +2,7 @@
 //
 // * /cicd/gitops/monitoring-argo-cd-custom-resource-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-disabling-monitoring-for-argo-cd-custom-resource-workloads_{context}"]
 = Disabling Monitoring for Argo CD custom resource workloads
 
diff --git a/modules/gitops-enable-replicas-for-argo-cd-server.adoc b/modules/gitops-enable-replicas-for-argo-cd-server.adoc
index 1565ee1064d7..56b65cf383d2 100644
--- a/modules/gitops-enable-replicas-for-argo-cd-server.adoc
+++ b/modules/gitops-enable-replicas-for-argo-cd-server.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/gitops/setting-up-argocd-instance.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-enable-replicas-for-argo-cd-server_{context}"]
 = Enabling replicas for Argo CD server and repo server
 
diff --git a/modules/gitops-enabling-monitoring-for-argo-cd-custom-resource-workloads.adoc b/modules/gitops-enabling-monitoring-for-argo-cd-custom-resource-workloads.adoc
index 32139dab191e..71f0f88c5e53 100644
--- a/modules/gitops-enabling-monitoring-for-argo-cd-custom-resource-workloads.adoc
+++ b/modules/gitops-enabling-monitoring-for-argo-cd-custom-resource-workloads.adoc
@@ -2,7 +2,7 @@
 //
 // * /cicd/gitops/monitoring-argo-cd-custom-resource-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-enabling-monitoring-for-argo-cd-custom-resource-workloads_{context}"]
 = Enabling Monitoring for Argo CD custom resource workloads
 
@@ -56,7 +56,7 @@ spec:
             kube_statefulset_status_replicas{statefulset="openshift-gitops-application-controller statefulset",
             namespace="openshift-gitops"} !=
             kube_statefulset_status_replicas_ready{statefulset="openshift-gitops-application-controller statefulset",
-            namespace="openshift-gitops"} 
+            namespace="openshift-gitops"}
           for: 1m
           labels:
             severity: critical
diff --git a/modules/gitops-inbuilt-permissions-for-cluster-config.adoc b/modules/gitops-inbuilt-permissions-for-cluster-config.adoc
index db5440fb4cc9..1d036e47b80f 100644
--- a/modules/gitops-inbuilt-permissions-for-cluster-config.adoc
+++ b/modules/gitops-inbuilt-permissions-for-cluster-config.adoc
@@ -2,11 +2,11 @@
 //
 // * configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="gitops-inbuilt-permissions-for-cluster-config_{context}"]
 = In-built permissions for cluster configuration
 
-By default, the Argo CD instance has permissions to manage specific cluster-scoped resources such as cluster Operators, optional OLM Operators and user management. 
+By default, the Argo CD instance has permissions to manage specific cluster-scoped resources such as cluster Operators, optional OLM Operators and user management.
 
 [NOTE]
 ====
diff --git a/modules/gitops-installing-olm-operators-using-gitops.adoc b/modules/gitops-installing-olm-operators-using-gitops.adoc
index 84a00f1d15b6..c2a174dd144f 100644
--- a/modules/gitops-installing-olm-operators-using-gitops.adoc
+++ b/modules/gitops-installing-olm-operators-using-gitops.adoc
@@ -2,7 +2,7 @@
 //
 // * configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-installing-olm-operators-using-gitops_{context}"]
 = Installing OLM Operators using {gitops-title}
 
diff --git a/modules/gitops-logging-into-keycloak.adoc b/modules/gitops-logging-into-keycloak.adoc
index 255fe5dfa88a..86870782086b 100644
--- a/modules/gitops-logging-into-keycloak.adoc
+++ b/modules/gitops-logging-into-keycloak.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gitops-logging-into-keycloak_{context}"]
 = Logging in to Keycloak
 
@@ -35,7 +35,7 @@ keycloak-1-2sjcl           1/1    Running            0        45m
 ----
 $ oc -n argocd exec keycloak-1-2sjcl -- "env" | grep SSO_ADMIN_USERNAME
 
-SSO_ADMIN_USERNAME=Cqid54Ih
+SSO_ADMIN_USERNAME=<username>
 ----
 .. Get the Keycloak password:
 +
@@ -43,7 +43,7 @@ SSO_ADMIN_USERNAME=Cqid54Ih
 ----
 $ oc -n argocd exec keycloak-1-2sjcl -- "env" | grep SSO_ADMIN_PASSWORD
 
-SSO_ADMIN_PASSWORD=GVXxHifH
+SSO_ADMIN_PASSWORD=<password>
 ----
 . On the login page, click *LOG IN VIA KEYCLOAK*.
 +
@@ -66,6 +66,3 @@ Login using `kubeadmin` is not supported.
 policy.csv:
 <name>, <email>, role:admin
 ----
-
-
-
diff --git a/modules/gitops-monitoring-argo-cd-health-using-prometheus-metrics.adoc b/modules/gitops-monitoring-argo-cd-health-using-prometheus-metrics.adoc
new file mode 100644
index 000000000000..fd26d989e267
--- /dev/null
+++ b/modules/gitops-monitoring-argo-cd-health-using-prometheus-metrics.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * cicd/gitops/monitoring-argo-cd-instances.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gitops-monitoring-argo-cd-health-using-promethous-metrics_{context}"]
+= Monitoring Argo CD health using Prometheus metrics
+
+You can monitor the health status of an Argo CD application by running Prometheus metrics queries against it.
+
+.Procedure
+
+. In the *Developer* perspective of the web console, select the namespace where your Argo CD application is installed, and navigate to *Observe* -> *Metrics*.
+. From the *Select query* drop-down list, select *Custom query*.
+. To check the health status of your Argo CD application, enter the Prometheus Query Language (PromQL) query similar to the following example in the *Expression* field:
++
+.Example
+[source,terminal]
+----
+sum(argocd_app_info{dest_namespace=~"<your_defined_namespace>",health_status!=""}) by (health_status) <1>
+----
+<1> Replace the `<your_defined_namespace>` variable with the actual name of your defined namespace, for example `openshift-gitops`.
+
+
diff --git a/modules/gitops-release-notes-1-4-11.adoc b/modules/gitops-release-notes-1-4-11.adoc
index c6ec704e85fb..4ce95154500b 100644
--- a/modules/gitops-release-notes-1-4-11.adoc
+++ b/modules/gitops-release-notes-1-4-11.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-4-11_{context}"]
 = Release notes for {gitops-title} 1.4.11
@@ -28,7 +28,7 @@ The following issues have been resolved in the current release:
 
 *  {gitops-title} Operator can use RHSSO (KeyCloak) with OIDC and Dex. However, with a recent security fix applied, the Operator cannot validate the RHSSO certificate in some scenarios. link:https://issues.redhat.com/browse/GITOPS-2214[GITOPS-2214]
 +
-As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification. 
+As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification.
 +
 [source,yaml]
 ----
diff --git a/modules/gitops-release-notes-1-4-12.adoc b/modules/gitops-release-notes-1-4-12.adoc
index cab800e7dcc3..d9d1d754aac4 100644
--- a/modules/gitops-release-notes-1-4-12.adoc
+++ b/modules/gitops-release-notes-1-4-12.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-4-12_{context}"]
 = Release notes for {gitops-title} 1.4.12
@@ -23,7 +23,7 @@ The following issues have been resolved in the current release:
 Restart the Argo CD server pod after updating the `.spec.keycloak.rootCA` field.
 ====
 +
-For example: 
+For example:
 +
 [source,yaml]
 ----
@@ -49,5 +49,5 @@ spec:
 
 * Before this update, a terminating namespace that was managed by Argo CD would block the creation of roles and other configuration of other managed namespaces. This update fixes this issue. link:https://issues.redhat.com/browse/GITOPS-2276[GITOPS-2276]
 
-* Before this update, the Dex pods failed to start with `CreateContainerConfigError` when an SCC of `anyuid` was assigned to the Dex `ServiceAccount` resource. This update fixes this issue by assigning a default user id to the Dex container. link:https://issues.redhat.com/browse/GITOPS-2235[GITOPS-2235]  
+* Before this update, the Dex pods failed to start with `CreateContainerConfigError` when an SCC of `anyuid` was assigned to the Dex `ServiceAccount` resource. This update fixes this issue by assigning a default user id to the Dex container. link:https://issues.redhat.com/browse/GITOPS-2235[GITOPS-2235]
 
diff --git a/modules/gitops-release-notes-1-4-13.adoc b/modules/gitops-release-notes-1-4-13.adoc
index 5f42b2c0286c..fe4108389dc6 100644
--- a/modules/gitops-release-notes-1-4-13.adoc
+++ b/modules/gitops-release-notes-1-4-13.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-4-13_{context}"]
 = Release notes for {gitops-title} 1.4.13
diff --git a/modules/gitops-release-notes-1-5-1.adoc b/modules/gitops-release-notes-1-5-1.adoc
index 566284e66310..0eb632543e2f 100644
--- a/modules/gitops-release-notes-1-5-1.adoc
+++ b/modules/gitops-release-notes-1-5-1.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-1_{context}"]
 = Release notes for {gitops-title} 1.5.1
@@ -16,6 +16,6 @@ The following issues have been resolved in the current release:
 
 * Before this update, if Argo CD's anonymous access was enabled, an unauthenticated user was able to craft a JWT token and get full access to the Argo CD instance. This issue is fixed now. link:https://bugzilla.redhat.com/show_bug.cgi?id=2081686[CVE-2022-29165]
 
-* Before this update, an unauthenticated user was able to display error messages on the login screen while SSO was enabled. This issue is now fixed. link:https://bugzilla.redhat.com/show_bug.cgi?id=2081689[CVE-2022-24905] 
+* Before this update, an unauthenticated user was able to display error messages on the login screen while SSO was enabled. This issue is now fixed. link:https://bugzilla.redhat.com/show_bug.cgi?id=2081689[CVE-2022-24905]
 
 * Before this update, all unpatched versions of Argo CD v0.7.0 and later were vulnerable to a symlink-following bug. As a result, an unauthorized user with repository write access would be able to leak sensitive files from Argo CD's repo-server. This issue is now fixed. link:https://bugzilla.redhat.com/show_bug.cgi?id=2081686[CVE-2022-24904]
\ No newline at end of file
diff --git a/modules/gitops-release-notes-1-5-2.adoc b/modules/gitops-release-notes-1-5-2.adoc
index bfc7a55b7674..9d036879149b 100644
--- a/modules/gitops-release-notes-1-5-2.adoc
+++ b/modules/gitops-release-notes-1-5-2.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-2_{context}"]
 = Release notes for {gitops-title} 1.5.2
diff --git a/modules/gitops-release-notes-1-5-3.adoc b/modules/gitops-release-notes-1-5-3.adoc
index 09068129474b..402eec089205 100644
--- a/modules/gitops-release-notes-1-5-3.adoc
+++ b/modules/gitops-release-notes-1-5-3.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-3_{context}"]
 = Release notes for {gitops-title} 1.5.3
diff --git a/modules/gitops-release-notes-1-5-4.adoc b/modules/gitops-release-notes-1-5-4.adoc
index 7db547928f1d..c30bd6e9de7c 100644
--- a/modules/gitops-release-notes-1-5-4.adoc
+++ b/modules/gitops-release-notes-1-5-4.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-4_{context}"]
 = Release notes for {gitops-title} 1.5.4
diff --git a/modules/gitops-release-notes-1-5-5.adoc b/modules/gitops-release-notes-1-5-5.adoc
index 36f912fad862..3e76e4e9781a 100644
--- a/modules/gitops-release-notes-1-5-5.adoc
+++ b/modules/gitops-release-notes-1-5-5.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-5_{context}"]
 = Release notes for {gitops-title} 1.5.5
@@ -28,7 +28,7 @@ The following issues have been resolved in the current release:
 
 *  {gitops-title} Operator can use RHSSO (KeyCloak) with OIDC and Dex. However, with a recent security fix applied, the Operator cannot validate the RHSSO certificate in some scenarios. link:https://issues.redhat.com/browse/GITOPS-2214[GITOPS-2214]
 +
-As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification. 
+As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification.
 +
 [source,yaml]
 ----
diff --git a/modules/gitops-release-notes-1-5-6.adoc b/modules/gitops-release-notes-1-5-6.adoc
index 25db860d7198..543b6f18fc3d 100644
--- a/modules/gitops-release-notes-1-5-6.adoc
+++ b/modules/gitops-release-notes-1-5-6.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-6_{context}"]
 = Release notes for {gitops-title} 1.5.6
@@ -23,7 +23,7 @@ The following issues have been resolved in the current release:
 Restart the Argo CD server pod after updating the `.spec.keycloak.rootCA` field.
 ====
 +
-For example: 
+For example:
 +
 [source,yaml]
 ----
@@ -49,5 +49,5 @@ spec:
 
 * Before this update, a terminating namespace that was managed by Argo CD would block the creation of roles and other configuration of other managed namespaces. This update fixes this issue. link:https://issues.redhat.com/browse/GITOPS-2278[GITOPS-2278]
 
-* Before this update, the Dex pods failed to start with `CreateContainerConfigError` when an SCC of `anyuid` was assigned to the Dex `ServiceAccount` resource. This update fixes this issue by assigning a default user id to the Dex container. link:https://issues.redhat.com/browse/GITOPS-2235[GITOPS-2235]  
+* Before this update, the Dex pods failed to start with `CreateContainerConfigError` when an SCC of `anyuid` was assigned to the Dex `ServiceAccount` resource. This update fixes this issue by assigning a default user id to the Dex container. link:https://issues.redhat.com/browse/GITOPS-2235[GITOPS-2235]
 
diff --git a/modules/gitops-release-notes-1-5-7.adoc b/modules/gitops-release-notes-1-5-7.adoc
index 9f3ff842d5d3..af881490df24 100644
--- a/modules/gitops-release-notes-1-5-7.adoc
+++ b/modules/gitops-release-notes-1-5-7.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-7_{context}"]
 = Release notes for {gitops-title} 1.5.7
diff --git a/modules/gitops-release-notes-1-5-9.adoc b/modules/gitops-release-notes-1-5-9.adoc
index 63f69f7de14f..bf86afd53c27 100644
--- a/modules/gitops-release-notes-1-5-9.adoc
+++ b/modules/gitops-release-notes-1-5-9.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-5-9_{context}"]
 = Release notes for {gitops-title} 1.5.9
diff --git a/modules/gitops-release-notes-1-6-0.adoc b/modules/gitops-release-notes-1-6-0.adoc
index 9f423d740955..a5e6629d502c 100644
--- a/modules/gitops-release-notes-1-6-0.adoc
+++ b/modules/gitops-release-notes-1-6-0.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * gitops/gitops-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-6-0_{context}"]
 = Release notes for {gitops-title} 1.6.0
@@ -61,7 +61,7 @@ The following issues have been resolved in the current release:
 
 *  {gitops-title} Operator can make use of RHSSO (KeyCloak) through OIDC in addition to Dex. However, with a recent security fix applied, the certificate of RHSSO cannot be validated in some scenarios. link:https://issues.redhat.com/browse/GITOPS-2214[GITOPS-2214]
 +
-As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification. 
+As a workaround, disable TLS validation for the OIDC (Keycloak/RHSSO) endpoint in the ArgoCD specification.
 
 [source,yaml]
 ----
diff --git a/modules/gitops-release-notes-1-6-1.adoc b/modules/gitops-release-notes-1-6-1.adoc
index 8b1460673385..4e09506dbe81 100644
--- a/modules/gitops-release-notes-1-6-1.adoc
+++ b/modules/gitops-release-notes-1-6-1.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-6-1_{context}"]
 = Release notes for {gitops-title} 1.6.1
@@ -23,7 +23,7 @@ The following issues have been resolved in the current release:
 Restart the Argo CD server pod after updating the `.spec.keycloak.rootCA` field.
 ====
 +
-For example: 
+For example:
 +
 [source,yaml]
 ----
@@ -49,5 +49,5 @@ spec:
 
 * Before this update, a terminating namespace that was managed by Argo CD would block the creation of roles and other configuration of other managed namespaces. This update fixes this issue. link:https://issues.redhat.com/browse/GITOPS-2277[GITOPS-2277]
 
-* Before this update, the Dex pods failed to start with `CreateContainerConfigError` when an SCC of `anyuid` was assigned to the Dex `ServiceAccount` resource. This update fixes this issue by assigning a default user id to the Dex container. link:https://issues.redhat.com/browse/GITOPS-2235[GITOPS-2235] 
+* Before this update, the Dex pods failed to start with `CreateContainerConfigError` when an SCC of `anyuid` was assigned to the Dex `ServiceAccount` resource. This update fixes this issue by assigning a default user id to the Dex container. link:https://issues.redhat.com/browse/GITOPS-2235[GITOPS-2235]
 
diff --git a/modules/gitops-release-notes-1-6-2.adoc b/modules/gitops-release-notes-1-6-2.adoc
index ea122b5bb8f1..993d8dca5be2 100644
--- a/modules/gitops-release-notes-1-6-2.adoc
+++ b/modules/gitops-release-notes-1-6-2.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-6-2_{context}"]
 = Release notes for {gitops-title} 1.6.2
@@ -24,5 +24,5 @@ The following issues have been resolved in the current release:
 * Before this update, the {gitops-title} Operator would spam the cluster with a deprecation notice warning whenever it detected that an Argo CD instance used deprecated fields. This update fixes this issue and shows only one warning event for each instance that detects a field. link:https://issues.redhat.com/browse/GITOPS-2230[GITOPS-2230]
 
 * From {product-title} 4.12, it is optional to install the console. This fix updates the {gitops-title} Operator to prevent errors with the Operator if the console is not installed. link:https://issues.redhat.com/browse/GITOPS-2352[GITOPS-2352]
- 
+
 
diff --git a/modules/gitops-release-notes-1-6-4.adoc b/modules/gitops-release-notes-1-6-4.adoc
index 922f10fbb30e..183c741d720f 100644
--- a/modules/gitops-release-notes-1-6-4.adoc
+++ b/modules/gitops-release-notes-1-6-4.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-6-4_{context}"]
 = Release notes for {gitops-title} 1.6.4
diff --git a/modules/gitops-release-notes-1-7-0.adoc b/modules/gitops-release-notes-1-7-0.adoc
index d4ae833c70a2..ec89f1560055 100644
--- a/modules/gitops-release-notes-1-7-0.adoc
+++ b/modules/gitops-release-notes-1-7-0.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * gitops/gitops-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-7-0_{context}"]
 = Release notes for {gitops-title} 1.7.0
@@ -38,9 +38,9 @@ link:https://issues.redhat.com/browse/GITOPS-1561[GITOPS-1561]
 In future releases, there is a possibility to deprecate the old method of customizing resource behavior by using only resourceCustomization and not subkeys.
 ====
 
-* With this update, to use the *Environments* page in the *Developer* perspective, you must upgrade if you are using a {gitops-title} version prior to 1.7 and {product-title} 4.15 or above. link:https://issues.redhat.com/browse/GITOPS-2415[GITOPS-2415] 
+* With this update, to use the *Environments* page in the *Developer* perspective, you must upgrade if you are using a {gitops-title} version prior to 1.7 and {product-title} 4.15 or above. link:https://issues.redhat.com/browse/GITOPS-2415[GITOPS-2415]
 
-* With this update, you can create applications, which are managed by the same control plane Argo CD instance, in any namespace in the same cluster. As an administrator, perform the following actions to enable this update: 
+* With this update, you can create applications, which are managed by the same control plane Argo CD instance, in any namespace in the same cluster. As an administrator, perform the following actions to enable this update:
 ** Add the namespace to the `.spec.sourceNamespaces` attribute for a cluster-scoped Argo CD instance that manages the application.
 ** Add the namespace to the `.spec.sourceNamespaces` attribute in the `AppProject` custom resource that is associated with the application. 
 +
@@ -75,7 +75,7 @@ metadata:
 spec:
   sso:
     keycloak:
-      rootCA: '<PEM encoded root certificate>' 
+      rootCA: '<PEM encoded root certificate>'
     provider: keycloak
 .......
 .......
diff --git a/modules/gitops-release-notes-1-7-1.adoc b/modules/gitops-release-notes-1-7-1.adoc
index fe3492527f3d..3e0769c80162 100644
--- a/modules/gitops-release-notes-1-7-1.adoc
+++ b/modules/gitops-release-notes-1-7-1.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * gitops/gitops-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-7-1_{context}"]
 = Release notes for {gitops-title} 1.7.1
@@ -11,11 +11,11 @@
 [id="errata-updates-1-7-1_{context}"]
 == Errata updates
 
-=== RHSA-2023:0467 - {gitops-title} 1.7.1 security update advisory 
+=== RHSA-2023:0467 - {gitops-title} 1.7.1 security update advisory
 
 Issued: 2023-01-25
 
-The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:0467[RHSA-2023:0467] advisory. 
+The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:0467[RHSA-2023:0467] advisory.
 
 If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
 
diff --git a/modules/gitops-release-notes-1-7-3.adoc b/modules/gitops-release-notes-1-7-3.adoc
index e353b0c4bf62..48d9726eeec1 100644
--- a/modules/gitops-release-notes-1-7-3.adoc
+++ b/modules/gitops-release-notes-1-7-3.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-7-3_{context}"]
 = Release notes for {gitops-title} 1.7.3
@@ -12,11 +12,11 @@
 [id="errata-updates-1-7-3_{context}"]
 == Errata updates
 
-=== RHSA-2023:1454 - {gitops-title} 1.7.3 security update advisory 
+=== RHSA-2023:1454 - {gitops-title} 1.7.3 security update advisory
 
 Issued: 2023-03-23
 
-The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:1454[RHSA-2023:1454] advisory. 
+The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:1454[RHSA-2023:1454] advisory.
 
 If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
 
diff --git a/modules/gitops-release-notes-1-7-4.adoc b/modules/gitops-release-notes-1-7-4.adoc
index 9ee6ddabeb75..170262c8aeb4 100644
--- a/modules/gitops-release-notes-1-7-4.adoc
+++ b/modules/gitops-release-notes-1-7-4.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-7-4_{context}"]
 = Release notes for {gitops-title} 1.7.4
@@ -12,11 +12,11 @@
 [id="errata-updates-1-7-4_{context}"]
 == Errata updates
 
-=== RHSA-2023:1454 - {gitops-title} 1.7.4 security update advisory 
+=== RHSA-2023:1454 - {gitops-title} 1.7.4 security update advisory
 
 Issued: 2023-03-23
 
-The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:1454[RHSA-2023:1454] advisory. 
+The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:1454[RHSA-2023:1454] advisory.
 
 If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
 
diff --git a/modules/gitops-release-notes-1-8-0.adoc b/modules/gitops-release-notes-1-8-0.adoc
index 03279ff7fd1d..d7b599c2eba2 100644
--- a/modules/gitops-release-notes-1-8-0.adoc
+++ b/modules/gitops-release-notes-1-8-0.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="gitops-release-notes-1-8-0_{context}"]
 = Release notes for {gitops-title} 1.8.0
 
@@ -73,7 +73,7 @@ spec:
        value: "true"
 ----
 
-* Before this update, while installing the {gitops-title} Operator v1.7.0, the default `argocd-cm.yml` config map file created for authenticating Dex contained the base64-encoded client secret in the format of a `key:value` pair. This update fixes this issue by not storing the client secret in the default `argocd-cm.yml` config map file. Instead, the client secret is inside an `argocd-secret` object now, and you can reference it inside the configuration map as a secret name. link:https://issues.redhat.com/browse/GITOPS-2570[GITOPS-2570] 
+* Before this update, while installing the {gitops-title} Operator v1.7.0, the default `argocd-cm.yml` config map file created for authenticating Dex contained the base64-encoded client secret in the format of a `key:value` pair. This update fixes this issue by not storing the client secret in the default `argocd-cm.yml` config map file. Instead, the client secret is inside an `argocd-secret` object now, and you can reference it inside the configuration map as a secret name. link:https://issues.redhat.com/browse/GITOPS-2570[GITOPS-2570]
 
 [id="known-issues-1-8-0_{context}"]
 == Known issues
diff --git a/modules/gitops-release-notes-1-8-1.adoc b/modules/gitops-release-notes-1-8-1.adoc
index fa8a41ed6b06..6a6fea31a3f6 100644
--- a/modules/gitops-release-notes-1-8-1.adoc
+++ b/modules/gitops-release-notes-1-8-1.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="gitops-release-notes-1-8-1_{context}"]
 = Release notes for {gitops-title} 1.8.1
@@ -12,11 +12,11 @@
 [id="errata-updates-1-8-1_{context}"]
 == Errata updates
 
-=== RHSA-2023:1452 - {gitops-title} 1.8.1 security update advisory 
+=== RHSA-2023:1452 - {gitops-title} 1.8.1 security update advisory
 
 Issued: 2023-03-23
 
-The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:1452[RHSA-2023:1452] advisory. 
+The list of security fixes that are included in this release is documented in the link:https://access.redhat.com/errata/RHSA-2023:1452[RHSA-2023:1452] advisory.
 
 If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
 
diff --git a/modules/gitops-release-notes-1-8-2.adoc b/modules/gitops-release-notes-1-8-2.adoc
index 94bbe3944aba..0f08213c01af 100644
--- a/modules/gitops-release-notes-1-8-2.adoc
+++ b/modules/gitops-release-notes-1-8-2.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * gitops/gitops-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="gitops-release-notes-1-8-2_{context}"]
 = Release notes for {gitops-title} 1.8.2
 
@@ -12,11 +12,11 @@
 
 The following issues have been resolved in the current release:
 
-* Before this update, when you configured Dex using the `.spec.dex` parameter and tried to log in to the Argo CD UI by using the *LOG IN VIA OPENSHIFT* option, you were not able to log in. This update fixes the issue. 
+* Before this update, when you configured Dex using the `.spec.dex` parameter and tried to log in to the Argo CD UI by using the *LOG IN VIA OPENSHIFT* option, you were not able to log in. This update fixes the issue.
 +
 [IMPORTANT]
 ====
 The `spec.dex` parameter in the ArgoCD CR is deprecated. In a future release of {gitops-title} v1.9, configuring Dex using the `spec.dex` parameter in the ArgoCD CR is planned to be removed. Consider using the `.spec.sso` parameter instead. See "Enabling or disabling Dex using .spec.sso".  link:https://issues.redhat.com/browse/GITOPS-2761[GITOPS-2761]
 ====
 
-* Before this update, the cluster and `kam` CLI pods failed to start with a new installation of {gitops-title} v1.8.0 on the {product-title} 4.10 cluster. This update fixes the issue and now all pods run as expected. link:https://issues.redhat.com/browse/GITOPS-2762[GITOPS-2762] 
\ No newline at end of file
+* Before this update, the cluster and `kam` CLI pods failed to start with a new installation of {gitops-title} v1.8.0 on the {product-title} 4.10 cluster. This update fixes the issue and now all pods run as expected. link:https://issues.redhat.com/browse/GITOPS-2762[GITOPS-2762]
\ No newline at end of file
diff --git a/modules/gitops-release-notes-1-8-3.adoc b/modules/gitops-release-notes-1-8-3.adoc
index 2792dae872d4..96e0c2250750 100644
--- a/modules/gitops-release-notes-1-8-3.adoc
+++ b/modules/gitops-release-notes-1-8-3.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * gitops/gitops-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="gitops-release-notes-1-8-3_{context}"]
 = Release notes for {gitops-title} 1.8.3
 
@@ -10,7 +10,7 @@
 [id="errata-updates-1-8-3_{context}"]
 == Errata updates
 
-=== RHBA-2023:3206 and RHSA-2023:3229 - {gitops-title} 1.8.3 security update advisory 
+=== RHBA-2023:3206 and RHSA-2023:3229 - {gitops-title} 1.8.3 security update advisory
 
 Issued: 2023-05-18
 
diff --git a/modules/gitops-release-notes-1-8-4.adoc b/modules/gitops-release-notes-1-8-4.adoc
new file mode 100644
index 000000000000..021666352a50
--- /dev/null
+++ b/modules/gitops-release-notes-1-8-4.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assembly:
+//
+// * gitops/gitops-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="gitops-release-notes-1-8-4_{context}"]
+= Release notes for {gitops-title} 1.8.4
+
+{gitops-title} 1.8.4 is now available on {product-title} 4.10, 4.11, 4.12, and 4.13.
+
+[id="new-features-1-8-4_{context}"]
+== New features
+
+The current release adds the following improvements:
+
+* With this update, the bundled Argo CD has been updated to version 2.6.13.
+
+[id="fixed-issues-1-8-4_{context}"]
+== Fixed issues
+
+The following issues have been resolved in the current release:
+
+* Before this update, Argo CD was becoming unresponsive when there was an increase in namespaces and applications. The functions competing for resources caused a deadlock. This update fixes the issue by removing the deadlock. Now, you should not experience crashes or unresponsiveness when there is an increase in namespaces or applications. link:https://issues.redhat.com/browse/GITOPS-3192[GITOPS-3192]
+
+* Before this update, the Argo CD application controller resource could suddenly stop working when resynchronizing applications. This update fixes the issue by adding logic to prevent a cluster cache deadlock. Now, applications should resynchronize successfully. link:https://issues.redhat.com/browse/GITOPS-3052[GITOPS-3052]
+
+* Before this update, there was a mismatch in the RSA key for known hosts in the `argocd-ssh-known-hosts-cm` config map. This update fixes the issue by matching the RSA key with the upstream project. Now, you can use the default RSA keys on default deployments. link:https://issues.redhat.com/browse/GITOPS-3144[GITOPS-3144]
+
+* Before this update, an old Redis image version was used when deploying the {gitops-title} Operator, which resulted in vulnerabilities. This update fixes the vulnerabilities on Redis by upgrading it to the latest version of the `registry.redhat.io/rhel-8/redis-6` image. link:https://issues.redhat.com/browse/GITOPS-3069[GITOPS-3069]
+
+* Before this update, users could not connect to Microsoft Team Foundation Server (TFS) type Git repositories through Argo CD deployed by the Operator. This update fixes the issue by updating the Git version to 2.39.3 in the Operator. Now, you can set the `Force HTTP basic auth` flag during repository configurations to connect with the TFS type Git repositories. link:https://issues.redhat.com/browse/GITOPS-1315[GITOPS-1315]
+
+[id="known-issues-1-8-4_{context}"]
+== Known issues
+
+* Currently, {gitops-title} 1.8.4 is not available in the `latest` channel of {product-title} 4.10 and 4.11. The `latest` channel is taken by {gitops-shortname} 1.9.z, which is only released on {product-title} 4.12 and later versions.
++
+As a workaround, switch to the `gitops-1.8` channel to get the new update. link:https://issues.redhat.com/browse/GITOPS-3158[GITOPS-3158]
\ No newline at end of file
diff --git a/modules/gitops-release-notes-1-8-5.adoc b/modules/gitops-release-notes-1-8-5.adoc
new file mode 100644
index 000000000000..530055b30e8e
--- /dev/null
+++ b/modules/gitops-release-notes-1-8-5.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assembly:
+//
+// * gitops/gitops-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="gitops-release-notes-1-8-5_{context}"]
+= Release notes for {gitops-title} 1.8.5
+
+{gitops-title} 1.8.5 is now available on {product-title} 4.10, 4.11, 4.12, and 4.13.
+
+[id="errata-updates-1-8-5_{context}"]
+== Errata updates
+
+[id="rhsa-2023-5030-gitops-1-8-5-security-update-advisory_{context}"]
+=== RHSA-2023:5030 - {gitops-title} 1.8.5 security update advisory
+
+Issued: 2023-09-08
+
+The list of security fixes that are included in this release is documented in the following advisory:
+
+* link:https://access.redhat.com/errata/RHSA-2023:5030[RHSA-2023:5030]
+
+If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
+
+[source,terminal]
+----
+$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
+----
+
diff --git a/modules/gitops-release-notes-1-9-0.adoc b/modules/gitops-release-notes-1-9-0.adoc
index 949c705df00f..e961b0db40ae 100644
--- a/modules/gitops-release-notes-1-9-0.adoc
+++ b/modules/gitops-release-notes-1-9-0.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * gitops/gitops-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="gitops-release-notes-1-9-0_{context}"]
 = Release notes for {gitops-title} 1.9.0
 
@@ -10,13 +10,13 @@
 [id="errata-updates-1-9-0_{context}"]
 == Errata updates
 
-=== RHSA-2023:112944 - {gitops-title} 1.9.0 security update advisory 
+=== RHSA-2023:3557 - {gitops-title} 1.9.0 security update advisory
 
 Issued: 2023-06-09
 
 The list of security fixes that are included in this release is documented in the following advisory:
 
-* link:https://access.redhat.com/errata/RHSA-2023:112944[RHSA-2023:112944]
+* link:https://access.redhat.com/errata/RHSA-2023:3557[RHSA-2023:3557]
 
 If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
 
@@ -41,7 +41,7 @@ The custom `must-gather` tool is a Technology Preview feature.
 +
 [IMPORTANT]
 ====
-Argo Rollouts is a Technology Preview feature. 
+Argo Rollouts is a Technology Preview feature.
 ====
 
 [role="_additional-resources"]
@@ -69,7 +69,7 @@ The following issues have been resolved in the current release:
 
 * Before this update, when enforcing GPG signature verification against a `targetRevision` integer pointing to a signed Git tag, users got a `Target revision in Git is not signed` error. This update fixes the issue and lets users enforce GPG signature verification against signed Git tags. link:https://issues.redhat.com/browse/GITOPS-2418[GITOPS-2418]
 
-* Before this update, users could not connect to Microsoft Team Foundation Server (TFS) type Git repositories through Argo CD deployed by the Operator. This update fixes the issue by updating the Git version to 
+* Before this update, users could not connect to Microsoft Team Foundation Server (TFS) type Git repositories through Argo CD deployed by the Operator. This update fixes the issue by updating the Git version to
 2.39.3 in the Operator. link:https://issues.redhat.com/browse/GITOPS-2768[GITOPS-2768]
 
 * Before this update, when the Operator was deployed and running with the High availability (HA) feature enabled, setting resource limits under the `.spec.ha.resources` field did not affect Redis HA pods. This update fixes the reconciliation by adding checks in the Redis reconciliation code. These checks ensure whether the `spec.ha.resources` field in the Argo CD custom resource (CR) is updated. When the Argo CD CR is updated with new CPU and memory requests or limit values for HA, now these changes are applied to the Redis HA pods. link:https://issues.redhat.com/browse/GITOPS-2404[GITOPS-2404]
@@ -108,7 +108,7 @@ spec:
         configMap:
           name: user-ca-bundle
    ...
----- 
+----
 
 . Create an empty config map in the namespace where the subscription for your Operator exists and include the following label:
 +
diff --git a/modules/gitops-release-notes-1-9-1.adoc b/modules/gitops-release-notes-1-9-1.adoc
new file mode 100644
index 000000000000..95ca20e1caad
--- /dev/null
+++ b/modules/gitops-release-notes-1-9-1.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assembly:
+//
+// * gitops/gitops-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="gitops-release-notes-1-9-1_{context}"]
+= Release notes for {gitops-title} 1.9.1
+
+{gitops-title} 1.9.1 is now available on {product-title} 4.12 and 4.13.
+
+[id="errata-updates-1-9-1_{context}"]
+== Errata updates
+
+=== RHSA-2023:3591 and RHBA-2023:4117 - {gitops-title} 1.9.1 security update advisory
+
+Issued: 2023-07-17
+
+The list of security fixes that are included in this release is documented in the following advisories:
+
+* link:https://access.redhat.com/errata/RHSA-2023:3591[RHSA-2023:3591]
+* link:https://access.redhat.com/errata/RHBA-2023:4117[RHBA-2023:4117]
+
+If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
+
+[source,terminal]
+----
+$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
+----
+
+[id="new-features-1-9-1_{context}"]
+== New features
+
+The current release adds the following improvements:
+
+* With this update, the bundled Argo CD has been updated to version 2.7.6.
+
+[id="fixed-issues-1-9-1_{context}"]
+== Fixed issues
+
+The following issues have been resolved in the current release:
+
+* Before this update, Argo CD was becoming unresponsive when there was an increase in namespaces and applications. This update fixes the issue by removing a deadlock. Deadlock occurs when two functions are competing for resources. Now, you should not experience crashes or unresponsiveness when there is an increase in namespaces or applications. link:https://issues.redhat.com/browse/GITOPS-2782[GITOPS-2782]
+
+* Before this update, the Argo CD application controller resource could suddenly stop working when resynchronizing applications. This update fixes the issue by adding logic to prevent a cluster cache deadlock. Now, you should not experience the deadlock situation, and applications should resynchronize successfully. link:https://issues.redhat.com/browse/GITOPS-2880[GITOPS-2880]
+
+* Before this update, there was a mismatch in the RSA key for known hosts in the `argocd-ssh-known-hosts-cm` config map. This update fixes the issue by matching the RSA key with the upstream project. Now, you can use the default RSA keys on default deployments. link:https://issues.redhat.com/browse/GITOPS-3042[GITOPS-3042]
+
+* Before this update, the reconciliation timeout setting in the `argocd-cm` config map was not being correctly applied to the Argo CD application controller resource. This update fixes the issue by correctly reading and applying the reconciliation timeout setting from the `argocd-cm` config map. Now, you can modify the reconciliation timeout value from the `AppSync` setting without a problem. link:https://issues.redhat.com/browse/GITOPS-2810[GITOPS-2810]
diff --git a/modules/gitops-release-notes-1-9-2.adoc b/modules/gitops-release-notes-1-9-2.adoc
new file mode 100644
index 000000000000..b880972aaa18
--- /dev/null
+++ b/modules/gitops-release-notes-1-9-2.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assembly:
+//
+// * gitops/gitops-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="gitops-release-notes-1-9-2_{context}"]
+= Release notes for {gitops-title} 1.9.2
+
+{gitops-title} 1.9.2 is now available on {product-title} 4.12 and 4.13.
+
+[id="errata-updates-1-9-2_{context}"]
+== Errata updates
+
+[id="rhsa-2023-5029-gitops-1-9-2-security-update-advisory_{context}"]
+=== RHSA-2023:5029 - {gitops-title} 1.9.2 security update advisory
+
+Issued: 2023-09-08
+
+The list of security fixes that are included in this release is documented in the following advisory:
+
+* link:https://access.redhat.com/errata/RHSA-2023:5029[RHSA-2023:5029]
+
+If you have installed the {gitops-title} Operator, run the following command to view the container images in this release:
+
+[source,terminal]
+----
+$ oc describe deployment gitops-operator-controller-manager -n openshift-operators
+----
+
+[id="fixed-issues-1-9-2_{context}"]
+== Fixed issues
+
+The following issue has been resolved in the current release:
+
+* Before this update, an old Redis image version was used when deploying the {gitops-title} Operator, which resulted in vulnerabilities. This update fixes the vulnerabilities on Redis by upgrading it to the latest version of the `registry.redhat.io/rhel-8/redis-6` image. link:https://issues.redhat.com/browse/GITOPS-3069[GITOPS-3069]
+
diff --git a/modules/gitops-repo-server-properties.adoc b/modules/gitops-repo-server-properties.adoc
index 6ae98d80915b..141664f950e7 100644
--- a/modules/gitops-repo-server-properties.adoc
+++ b/modules/gitops-repo-server-properties.adoc
@@ -2,7 +2,7 @@
 //
 // * argo-cd-custom-resource-properties.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="argo-repo-server-properties_{context}"]
 = Repo server properties
 
@@ -10,19 +10,19 @@
 The following properties are available for configuring the Repo server component:
 
 |===
-|**Name** |**Default** | **Description** 
-|`Resources` |`__<empty>__` |The container compute resources.
-|`MountSAToken` |`false` |Whether the `ServiceAccount` token should be mounted to the repo-server pod.
-|`ServiceAccount` |`""` |The name of the `ServiceAccount` to use with the repo-server pod.
-|`VerifyTLS` |`false` |Whether to enforce strict TLS checking on all components when communicating with repo server.
-|`AutoTLS` |`""` |Provider to use for setting up TLS the repo-server's gRPC TLS certificate (one of: openshift). Currently only available for OpenShift.
-|`Image` | `argoproj/argocd` |The container image for Argo CD Repo server. This overrides the `ARGOCD_REPOSERVER_IMAGE` environment variable.
-|`Version` | same as `.spec.Version` |The tag to use with the Argo CD Repo server.
-|`LogLevel` | `info` |The log level used by the Argo CD Repo server. Valid options are debug, info, error, and warn.
-|`LogFormat` | `text` |The log format to be used by the Argo CD Repo server. Valid options are text or json.
-|`ExecTimeout` | `180` |Execution timeout in seconds for rendering tools (e.g. Helm, Kustomize).
-|`Env` | `__<empty>__` |Environment to set for the repository server workloads.
-|`Replicas` | `__<empty>__` |The number of replicas for the Argo CD Repo server. Must be greater than or equal to `0`.
+|**Name** |**Default** | **Description**
+|`resources` |`__<empty>__` |The container compute resources.
+|`mountsatoken` |`false` |Whether the `serviceAccount` token should be mounted to the repo-server pod.
+|`ServiceAccount` |`""` |The name of the `serviceAccount` to use with the repo-server pod.
+|`verifytls` |`false` |Whether to enforce strict TLS checking on all components when communicating with repo server.
+|`autotls` |`""` |Provider to use for setting up TLS the repo-server's gRPC TLS certificate (one of: openshift). Currently only available for OpenShift.
+|`image` | `argoproj/argocd` |The container image for Argo CD Repo server. This overrides the `ARGOCD_REPOSERVER_IMAGE` environment variable.
+|`version` | same as `.spec.Version` |The tag to use with the Argo CD Repo server.
+|`logLevel` | `info` |The log level used by the Argo CD Repo server. Valid options are debug, info, error, and warn.
+|`logFormat` | `text` |The log format to be used by the Argo CD Repo server. Valid options are text or json.
+|`execTimeout` | `180` |Execution timeout in seconds for rendering tools (e.g. Helm, Kustomize).
+|`env` | `__<empty>__` |Environment to set for the repository server workloads.
+|`replicas` | `__<empty>__` |The number of replicas for the Argo CD Repo server. Must be greater than or equal to `0`.
 |===
 
 
diff --git a/modules/gitops-storing-and-retrieving-argo-cd-logs.adoc b/modules/gitops-storing-and-retrieving-argo-cd-logs.adoc
new file mode 100644
index 000000000000..c8a79d7cef37
--- /dev/null
+++ b/modules/gitops-storing-and-retrieving-argo-cd-logs.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// * cicd/gitops/viewing-argo-cd-logs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gitops-storing-and-retrieving-argo-cd-logs_{context}"]
+= Storing and retrieving Argo CD logs
+
+You can use the Kibana dashboard to store and retrieve Argo CD logs.
+
+.Prerequisites
+
+* The {gitops-title} Operator is installed in your cluster.
+* {logging-uc} is installed with default configuration in your cluster.
+
+.Procedure
+
+. In the {product-title} web console, go to the {rh-app-icon} menu -> *Observability* -> *Logging* to view the Kibana dashboard.
+
+. Create an index pattern.
+
+.. To display all the indices, define the index pattern as `pass:[*]`, and click *Next step*.
+
+.. Select *@timestamp* for *Time Filter field name*.
+
+.. Click *Create index pattern*.
+
+. In the navigation panel of the Kibana dashboard, click the *Discover* tab.
+
+. Create a filter to retrieve logs for Argo CD. The following steps create a filter that retrieves logs for all the pods in the `openshift-gitops` namespace:
+
+.. Click *Add a filter +*.
+
+.. Select the *kubernetes.namespace_name* field.
+
+.. Select the *is* operator.
+
+.. Select the *openshift-gitops* value.
+
+.. Click *Save*.
+
+. Optional: Add additional filters to narrow the search. For example, to retrieve logs for a particular pod, you can create another filter with `kubernetes.pod_name` as the field.
+
+. View the filtered Argo CD logs in the Kibana dashboard.
diff --git a/modules/gitops-synchronizing-your-application-application-with-your-git-repository.adoc b/modules/gitops-synchronizing-your-application-application-with-your-git-repository.adoc
index 6c016acb3a2a..1e4e5481cb73 100644
--- a/modules/gitops-synchronizing-your-application-application-with-your-git-repository.adoc
+++ b/modules/gitops-synchronizing-your-application-application-with-your-git-repository.adoc
@@ -2,7 +2,7 @@
 //
 // * configuring-an-openshift-cluster-with-argo-cd.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="synchronizing-your-application-application-with-your-git-repository_{context}"]
 = Synchronizing your application with your Git repository
 
diff --git a/modules/gitops-using-argo-cd-instance-to-manage-cluster-scoped-resources.adoc b/modules/gitops-using-argo-cd-instance-to-manage-cluster-scoped-resources.adoc
index 01fba3a92f80..dcef0a53bfb9 100644
--- a/modules/gitops-using-argo-cd-instance-to-manage-cluster-scoped-resources.adoc
+++ b/modules/gitops-using-argo-cd-instance-to-manage-cluster-scoped-resources.adoc
@@ -2,16 +2,16 @@
 //
 // * gitops/configuring_argo_cd_to_recursively_sync_a_git_repository_with_your_application/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-argo-cd-instance-to-manage-cluster-scoped-resources{context}"]
 
 = Using an Argo CD instance to manage cluster-scoped resources
 
-To manage cluster-scoped resources, update the existing `Subscription` object for the `gitops-title` Operator and add the namespace of the Argo CD instance to the `ARGOCD_CLUSTER_CONFIG_NAMESPACES` environment variable in the `spec` section.
+To manage cluster-scoped resources, update the existing `Subscription` object for the {gitops-title} Operator and add the namespace of the Argo CD instance to the `ARGOCD_CLUSTER_CONFIG_NAMESPACES` environment variable in the `spec` section.
 
 [discrete]
 .Procedure
-. In the **Administrator** perspective of the web console, navigate to **Operators** → **Installed Operators** → **{gitops-title}** → **Subscription**. 
+. In the **Administrator** perspective of the web console, navigate to **Operators** → **Installed Operators** → **{gitops-title}** → **Subscription**.
 . Click the **Actions** drop-down menu then click **Edit Subscription**.
 . On the **openshift-gitops-operator** Subscription details page, under the **YAML** tab, edit the `Subscription` YAML file by adding the namespace of the Argo CD instance to the `ARGOCD_CLUSTER_CONFIG_NAMESPACES` environment variable in the `spec` section:
 +
diff --git a/modules/gitops-verifying-argo-cd-self-healing-behavior.adoc b/modules/gitops-verifying-argo-cd-self-healing-behavior.adoc
index 037bdcc70af1..faf83ef29af1 100644
--- a/modules/gitops-verifying-argo-cd-self-healing-behavior.adoc
+++ b/modules/gitops-verifying-argo-cd-self-healing-behavior.adoc
@@ -2,7 +2,7 @@
 //
 // * deploying-a-spring-boot-application-with-argo-cd
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="verifying-argo-cd-self-healing-behavior_{context}"]
 = Verifying Argo CD self-healing behavior
 
diff --git a/modules/go-add-infra-nodes.adoc b/modules/go-add-infra-nodes.adoc
index 6e22560530ed..789405ad797e 100644
--- a/modules/go-add-infra-nodes.adoc
+++ b/modules/go-add-infra-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/run-gitops-control-plane-workload-on-infra-node.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-infra-nodes_{context}"]
 = Moving {gitops-shortname} workloads to infrastructure nodes
 
diff --git a/modules/go-compatibility-and-support-matrix.adoc b/modules/go-compatibility-and-support-matrix.adoc
index 957404e3643a..74cacad1122f 100644
--- a/modules/go-compatibility-and-support-matrix.adoc
+++ b/modules/go-compatibility-and-support-matrix.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/gitops-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="GitOps-compatibility-support-matrix_{context}"]
 = Compatibility and support matrix
 
@@ -42,7 +42,7 @@ In {product-title} 4.13, the `stable` channel has been removed. Before upgrading
 [id="GitOps-technology-preview_{context}"]
 == Technology Preview features
 
-The features mentioned in the following table are currently in Technology Preview (TP). These experimental features are not intended for production use. 
+The features mentioned in the following table are currently in Technology Preview (TP). These experimental features are not intended for production use.
 
 .Technology Preview tracker
 [cols="4,1,1",options="header"]
diff --git a/modules/go-deleting-argocd-instance.adoc b/modules/go-deleting-argocd-instance.adoc
index 72da969f9822..8f6458dcaa9c 100644
--- a/modules/go-deleting-argocd-instance.adoc
+++ b/modules/go-deleting-argocd-instance.adoc
@@ -2,7 +2,7 @@
 //
 // */gitops/uninstalling-openshift-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='go-deleting-argocd-instance_{context}']
 = Deleting the Argo CD instances
 
diff --git a/modules/go-health-monitoring.adoc b/modules/go-health-monitoring.adoc
index 20619f141571..950d54cafa63 100644
--- a/modules/go-health-monitoring.adoc
+++ b/modules/go-health-monitoring.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="health-information-resources_{context}"]
 = Checking health information
 
@@ -17,7 +17,7 @@ The {gitops-title} Operator will install the GitOps backend service in the `open
 
 . Click the application name from the list to view the details of a specific application.
 
-. In the *Application environments* page, if the *Resources* section under the *Overview* tab displays icons, hover over the icons to get status details. 
+. In the *Application environments* page, if the *Resources* section under the *Overview* tab displays icons, hover over the icons to get status details.
 ** A broken heart indicates that resource issues have degraded the application's performance.
 ** A yellow yield sign indicates that resource issues have delayed data about the application's health.
 
diff --git a/modules/go-run-argo-cd-instance-on-infrastructure-nodes.adoc b/modules/go-run-argo-cd-instance-on-infrastructure-nodes.adoc
index 0f8fb1bd9a17..6f2505c0ef9f 100644
--- a/modules/go-run-argo-cd-instance-on-infrastructure-nodes.adoc
+++ b/modules/go-run-argo-cd-instance-on-infrastructure-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * gitops/configuring_argo_cd_to_recursively_sync_a_git_repository_with_your_application/configuring-an-openshift-cluster-by-deploying-an-application-with-cluster-configurations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="run-argo-cd-instance-on-cluster_{context}"]
 
 = Running the Argo CD instance at the cluster-level
diff --git a/modules/go-settings-for-environment-labels-and-annotations.adoc b/modules/go-settings-for-environment-labels-and-annotations.adoc
new file mode 100644
index 000000000000..3dcfe4774635
--- /dev/null
+++ b/modules/go-settings-for-environment-labels-and-annotations.adoc
@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// * /gitops/health-information-for-resources-deployment.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="go-settings-for-environment-labels-and-annotations_{context}"]
+= Settings for environment labels and annotations
+
+This section provides reference settings for environment labels and annotations required to display an environment application in the *Environments* page, in the *Developer* perspective of the {product-title} web console.
+
+[discrete]
+== Environment labels
+
+The environment application manifest must contain `labels.openshift.gitops/environment` and `destination.namespace` fields. You must set identical values for the `<environment_name>` variable and the name of the environment application manifest.
+
+.Specification of the environment application manifest
+[source,yaml]
+----
+spec:
+  labels:
+    openshift.gitops/environment: <environment_name>
+  destination:
+    namespace: <environment_name>
+...
+----
+
+.Example of an environment application manifest
+[source,yaml]
+----
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dev-env <1>
+  namespace: openshift-gitops
+spec:
+  labels:
+    openshift.gitops/environment: dev-env
+  destination:
+    namespace: dev-env
+...
+----
+<1> The name of the environment application manifest. The value set is the same as the value of the `<environment_name>` variable.
+
+[discrete]
+== Environment annotations
+The environment namespace manifest must contain the `annotations.app.openshift.io/vcs-uri` and `annotations.app.openshift.io/vcs-ref` fields to specify the version controller code source of the application. You must set identical values for the `<environment_name>` variable and the name of the environment namespace manifest.
+
+.Specification of the environment namespace manifest
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    app.openshift.io/vcs-uri: <application_source_url>
+    app.openshift.io/vcs-ref: <branch_reference>
+  name: <environment_name> <1>
+...
+----
+<1> The name of the environment namespace manifest. The value set is the same as the value of the `<environment_name>` variable.
+
+.Example of an environment namespace manifest
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    app.openshift.io/vcs-uri: https://example.com/<your_domain>/<your_gitops.git>
+    app.openshift.io/vcs-ref: main
+  labels:
+    argocd.argoproj.io/managed-by: openshift-gitops
+  name: dev-env
+...
+----
\ No newline at end of file
diff --git a/modules/go-uninstalling-gitops-operator.adoc b/modules/go-uninstalling-gitops-operator.adoc
index 8e87f570c059..37caa6949d1e 100644
--- a/modules/go-uninstalling-gitops-operator.adoc
+++ b/modules/go-uninstalling-gitops-operator.adoc
@@ -2,7 +2,7 @@
 //
 // */gitops/uninstalling-openshift-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='go-uninstalling-gitops-operator_{context}']
 = Uninstalling the GitOps Operator
 
diff --git a/modules/graceful-restart.adoc b/modules/graceful-restart.adoc
index 1bfbcda827da..889e7eb5941d 100644
--- a/modules/graceful-restart.adoc
+++ b/modules/graceful-restart.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/graceful-cluster-restart.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="graceful-restart_{context}"]
 = Restarting the cluster
 
@@ -35,9 +35,9 @@ The control plane nodes are ready if the status is `Ready`, as shown in the foll
 [source,terminal]
 ----
 NAME                           STATUS   ROLES    AGE   VERSION
-ip-10-0-168-251.ec2.internal   Ready    master   75m   v1.26.0
-ip-10-0-170-223.ec2.internal   Ready    master   75m   v1.26.0
-ip-10-0-211-16.ec2.internal    Ready    master   75m   v1.26.0
+ip-10-0-168-251.ec2.internal   Ready    master   75m   v1.28.5
+ip-10-0-170-223.ec2.internal   Ready    master   75m   v1.28.5
+ip-10-0-211-16.ec2.internal    Ready    master   75m   v1.28.5
 ----
 
 . If the control plane nodes are _not_ ready, then check whether there are any pending certificate signing requests (CSRs) that must be approved.
@@ -76,9 +76,9 @@ The worker nodes are ready if the status is `Ready`, as shown in the following o
 [source,terminal]
 ----
 NAME                           STATUS   ROLES    AGE   VERSION
-ip-10-0-179-95.ec2.internal    Ready    worker   64m   v1.26.0
-ip-10-0-182-134.ec2.internal   Ready    worker   64m   v1.26.0
-ip-10-0-250-100.ec2.internal   Ready    worker   64m   v1.26.0
+ip-10-0-179-95.ec2.internal    Ready    worker   64m   v1.28.5
+ip-10-0-182-134.ec2.internal   Ready    worker   64m   v1.28.5
+ip-10-0-250-100.ec2.internal   Ready    worker   64m   v1.28.5
 ----
 
 . If the worker nodes are _not_ ready, then check whether there are any pending certificate signing requests (CSRs) that must be approved.
@@ -116,17 +116,17 @@ $ oc get clusteroperators
 +
 Check that there are no cluster Operators with the `DEGRADED` condition set to `True`.
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
-authentication                             4.13.0    True        False         False      59m
-cloud-credential                           4.13.0    True        False         False      85m
-cluster-autoscaler                         4.13.0    True        False         False      73m
-config-operator                            4.13.0    True        False         False      73m
-console                                    4.13.0    True        False         False      62m
-csi-snapshot-controller                    4.13.0    True        False         False      66m
-dns                                        4.13.0    True        False         False      76m
-etcd                                       4.13.0    True        False         False      76m
+authentication                             {product-version}.0    True        False         False      59m
+cloud-credential                           {product-version}.0    True        False         False      85m
+cluster-autoscaler                         {product-version}.0    True        False         False      73m
+config-operator                            {product-version}.0    True        False         False      73m
+console                                    {product-version}.0    True        False         False      62m
+csi-snapshot-controller                    {product-version}.0    True        False         False      66m
+dns                                        {product-version}.0    True        False         False      76m
+etcd                                       {product-version}.0    True        False         False      76m
 ...
 ----
 
@@ -142,12 +142,12 @@ Check that the status for all nodes is `Ready`.
 [source,terminal]
 ----
 NAME                           STATUS   ROLES    AGE   VERSION
-ip-10-0-168-251.ec2.internal   Ready    master   82m   v1.26.0
-ip-10-0-170-223.ec2.internal   Ready    master   82m   v1.26.0
-ip-10-0-179-95.ec2.internal    Ready    worker   70m   v1.26.0
-ip-10-0-182-134.ec2.internal   Ready    worker   70m   v1.26.0
-ip-10-0-211-16.ec2.internal    Ready    master   82m   v1.26.0
-ip-10-0-250-100.ec2.internal   Ready    worker   69m   v1.26.0
+ip-10-0-168-251.ec2.internal   Ready    master   82m   v1.28.5
+ip-10-0-170-223.ec2.internal   Ready    master   82m   v1.28.5
+ip-10-0-179-95.ec2.internal    Ready    worker   70m   v1.28.5
+ip-10-0-182-134.ec2.internal   Ready    worker   70m   v1.28.5
+ip-10-0-211-16.ec2.internal    Ready    master   82m   v1.28.5
+ip-10-0-250-100.ec2.internal   Ready    worker   69m   v1.28.5
 ----
 
 If the cluster did not start properly, you might need to restore your cluster using an etcd backup.
diff --git a/modules/graceful-shutdown.adoc b/modules/graceful-shutdown.adoc
index 8f7199a21804..7e7f7a77c857 100644
--- a/modules/graceful-shutdown.adoc
+++ b/modules/graceful-shutdown.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/graceful-cluster-shutdown.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="graceful-shutdown_{context}"]
 = Shutting down the cluster
 
@@ -17,99 +17,67 @@ You can shut down a cluster until a year from the installation date and expect i
 
 * You have access to the cluster as a user with the `cluster-admin` role.
 * You have taken an etcd backup.
-+
-[IMPORTANT]
-====
-It is important to take an etcd backup before performing this procedure so that your cluster can be restored if you encounter any issues when restarting the cluster.
-
-For example, the following conditions can cause the restarted cluster to malfunction:
-
-* etcd data corruption during shutdown
-* Node failure due to hardware
-* Network connectivity issues
-
-If your cluster fails to recover, follow the steps to restore to a previous cluster state.
-====
 
 .Procedure
 
-. If you plan to shut down the cluster for an extended period of time, determine the date that cluster certificates expire.
-+
-You must restart the cluster prior to the date that certificates expire. As the cluster restarts, the process might require you to manually approve the pending certificate signing requests (CSRs) to recover kubelet certificates.
-
-.. Check the expiration date for the `kube-apiserver-to-kubelet-signer` CA certificate:
+. If you are shutting the cluster down for an extended period, determine the date on which certificates expire and run the following command:
 +
 [source,terminal]
 ----
-$ oc -n openshift-kube-apiserver-operator get secret kube-apiserver-to-kubelet-signer -o jsonpath='{.metadata.annotations.auth\.openshift\.io/certificate-not-after}{"\n"}'
+$ oc -n openshift-kube-apiserver-operator get secret kube-apiserver-to-kubelet-signer -o jsonpath='{.metadata.annotations.auth\.openshift\.io/certificate-not-after}'
 ----
 +
 .Example output
 [source,terminal]
 ----
-2023-08-05T14:37:50Z
-----
-
-.. Check the expiration date for the kubelet certificates:
-
-... Start a debug session for a control plane node by running the following command:
-+
-[source,terminal]
-----
-$ oc debug node/<node_name>
-----
-
-... Change your root directory to `/host` by running the following command:
-+
-[source,terminal]
-----
-sh-4.4# chroot /host
+2022-08-05T14:37:50Zuser@user:~ $ <1>
 ----
+<1> To ensure that the cluster can restart gracefully, plan to restart it on or before the specified date. As the cluster restarts, the process might require you to manually approve the pending certificate signing requests (CSRs) to recover kubelet certificates.
 
-... Check the kubelet client certificate expiration date by running the following command:
+. Mark all the nodes in the cluster as unschedulable. You can do this from your cloud provider's web console, or by running the following loop:
 +
 [source,terminal]
 ----
-sh-5.1# openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -enddate
+$ for node in $(oc get nodes -o jsonpath='{.items[*].metadata.name}'); do echo ${node} ; oc adm cordon ${node} ; done
 ----
 +
 .Example output
 [source,terminal]
 ----
-notAfter=Jun  6 10:50:07 2023 GMT
-----
-
-... Check the kubelet server certificate expiration date by running the following command:
-+
+ci-ln-mgdnf4b-72292-n547t-master-0
+node/ci-ln-mgdnf4b-72292-n547t-master-0 cordoned
+ci-ln-mgdnf4b-72292-n547t-master-1
+node/ci-ln-mgdnf4b-72292-n547t-master-1 cordoned
+ci-ln-mgdnf4b-72292-n547t-master-2
+node/ci-ln-mgdnf4b-72292-n547t-master-2 cordoned
+ci-ln-mgdnf4b-72292-n547t-worker-a-s7ntl
+node/ci-ln-mgdnf4b-72292-n547t-worker-a-s7ntl cordoned
+ci-ln-mgdnf4b-72292-n547t-worker-b-cmc9k
+node/ci-ln-mgdnf4b-72292-n547t-worker-b-cmc9k cordoned
+ci-ln-mgdnf4b-72292-n547t-worker-c-vcmtn
+node/ci-ln-mgdnf4b-72292-n547t-worker-c-vcmtn cordoned
+----
+
+. Evacuate the pods using the following method:
 [source,terminal]
-----
-sh-5.1# openssl x509 -in /var/lib/kubelet/pki/kubelet-server-current.pem -noout -enddate
-----
 +
-.Example output
-[source,terminal]
 ----
-notAfter=Jun  6 10:50:07 2023 GMT
+$ for node in $(oc get nodes -l node-role.kubernetes.io/worker -o jsonpath='{.items[*].metadata.name}'); do echo ${node} ; oc adm drain ${node} --delete-emptydir-data --ignore-daemonsets=true --timeout=15s ; done
 ----
 
-... Exit the debug session.
-
-... Repeat these steps to check certificate expiration dates on all control plane nodes. To ensure that the cluster can restart gracefully, plan to restart it before the earliest certificate expiration date.
-
-. Shut down all of the nodes in the cluster. You can do this from your cloud provider's web console, or run the following loop:
+. Shut down all of the nodes in the cluster. You can do this from your cloud provider’s web console, or by running the following loop:
 +
 [source,terminal]
 ----
-$ for node in $(oc get nodes -o jsonpath='{.items[*].metadata.name}'); do oc debug node/${node} -- chroot /host shutdown -h 1; done <1>
+$ for node in $(oc get nodes -o jsonpath='{.items[*].metadata.name}'); do oc debug node/${node} -- chroot /host shutdown -h 1; done
 ----
-<1> `-h 1` indicates how long, in minutes, this process lasts before the control-plane nodes are shut down. For large-scale clusters with 10 nodes or more, set to 10 minutes or longer to make sure all the compute nodes have time to shut down first.
 +
 .Example output
+[source,terminal]
 ----
 Starting pod/ip-10-0-130-169us-east-2computeinternal-debug ...
 To use host binaries, run `chroot /host`
 Shutdown scheduled for Mon 2021-09-13 09:36:17 UTC, use 'shutdown -c' to cancel.
-
 Removing debug pod ...
 Starting pod/ip-10-0-150-116us-east-2computeinternal-debug ...
 To use host binaries, run `chroot /host`
@@ -121,6 +89,7 @@ Shutting down the nodes using one of these methods allows pods to terminate grac
 [NOTE]
 ====
 Adjust the shut down time to be longer for large-scale clusters:
+
 [source,terminal]
 ----
 $ for node in $(oc get nodes -o jsonpath='{.items[*].metadata.name}'); do oc debug node/${node} -- chroot /host shutdown -h 10; done
@@ -130,7 +99,6 @@ $ for node in $(oc get nodes -o jsonpath='{.items[*].metadata.name}'); do oc deb
 [NOTE]
 ====
 It is not necessary to drain control plane nodes of the standard pods that ship with {product-title} prior to shutdown.
-
 Cluster administrators are responsible for ensuring a clean restart of their own workloads after the cluster is restarted. If you drained control plane nodes prior to shutdown because of custom workloads, you must mark the control plane nodes as schedulable before the cluster will be functional again after restart.
 ====
 
@@ -139,4 +107,4 @@ Cluster administrators are responsible for ensuring a clean restart of their own
 [IMPORTANT]
 ====
 If you deployed your cluster on a cloud-provider platform, do not shut down, suspend, or delete the associated cloud resources. If you delete the cloud resources of a suspended virtual machine, {product-title} might not restore successfully.
-====
+====
\ No newline at end of file
diff --git a/modules/helm-adding-helm-chart-repositories.adoc b/modules/helm-adding-helm-chart-repositories.adoc
index c2e708f494c7..1e948b990f22 100644
--- a/modules/helm-adding-helm-chart-repositories.adoc
+++ b/modules/helm-adding-helm-chart-repositories.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-helm-chart-repositories_{context}"]
 = Adding custom Helm chart repositories
 
diff --git a/modules/helm-adding-namespace-scoped-helm-chart-repositories.adoc b/modules/helm-adding-namespace-scoped-helm-chart-repositories.adoc
index 4d4c8bd3bd6f..835099bd8159 100644
--- a/modules/helm-adding-namespace-scoped-helm-chart-repositories.adoc
+++ b/modules/helm-adding-namespace-scoped-helm-chart-repositories.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-namespace-scoped-helm-chart-repositories.adoc_{context}"]
 = Adding namespace-scoped custom Helm chart repositories
 
diff --git a/modules/helm-creating-a-custom-helm-chart-on-openshift.adoc b/modules/helm-creating-a-custom-helm-chart-on-openshift.adoc
index 4da0edb38d91..6c8cc593a9cf 100644
--- a/modules/helm-creating-a-custom-helm-chart-on-openshift.adoc
+++ b/modules/helm-creating-a-custom-helm-chart-on-openshift.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-custom-helm-chart-on-openshift_{context}"]
 = Creating a custom Helm chart on {product-title}
 
diff --git a/modules/helm-creating-credentials-and-certificates-to-add-helm-repositories.adoc b/modules/helm-creating-credentials-and-certificates-to-add-helm-repositories.adoc
index 43a6f87231ca..e9ffcc3de009 100644
--- a/modules/helm-creating-credentials-and-certificates-to-add-helm-repositories.adoc
+++ b/modules/helm-creating-credentials-and-certificates-to-add-helm-repositories.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-credentials-and-certificates-to-add-helm-repositories_{context}"]
 = Creating credentials and CA certificates to add Helm chart repositories
 
diff --git a/modules/helm-disabling-helm-chart-repositories.adoc b/modules/helm-disabling-helm-chart-repositories.adoc
index 67565113e2cd..dbc49c9e2337 100644
--- a/modules/helm-disabling-helm-chart-repositories.adoc
+++ b/modules/helm-disabling-helm-chart-repositories.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="helm-disabling-helm-chart-repositories_{context}"]
 = Disabling Helm Chart repositories
 
diff --git a/modules/helm-filtering-helm-charts-by-certification-level.adoc b/modules/helm-filtering-helm-charts-by-certification-level.adoc
index b7f030d649f3..c11b8b714097 100644
--- a/modules/helm-filtering-helm-charts-by-certification-level.adoc
+++ b/modules/helm-filtering-helm-charts-by-certification-level.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="filtering-helm-charts-by-certification-level_{context}"]
 = Filtering Helm Charts by their certification level
 
diff --git a/modules/helm-installing-a-helm-chart-on-an-openshift-cluster.adoc b/modules/helm-installing-a-helm-chart-on-an-openshift-cluster.adoc
index fe43cdb4dbae..cdbaced3819e 100644
--- a/modules/helm-installing-a-helm-chart-on-an-openshift-cluster.adoc
+++ b/modules/helm-installing-a-helm-chart-on-an-openshift-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-a-helm-chart-on-an-openshift-cluster_{context}"]
 
 = Installing a Helm chart on an {product-title} cluster
diff --git a/modules/hosted-cluster-etcd-quorum-loss-recovery.adoc b/modules/hosted-cluster-etcd-quorum-loss-recovery.adoc
new file mode 100644
index 000000000000..2208a4b5b1b4
--- /dev/null
+++ b/modules/hosted-cluster-etcd-quorum-loss-recovery.adoc
@@ -0,0 +1,277 @@
+// Module included in the following assembly:
+//
+// * hcp-backup-restore-dr.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-cluster-etcd-quorum-loss-recovery_{context}"]
+= Recovering an etcd cluster from a quorum loss
+
+If multiple members of the etcd cluster have lost data or return a `CrashLoopBackOff` status, it can cause an etcd quorum loss. You must restore your etcd cluster from a snapshot.
+
+[IMPORTANT]
+====
+This procedure requires API downtime.
+====
+
+.Prerequisites
+* The `oc` and `jq` binaries have been installed.
+
+.Procedure
+
+. First, set up your environment variables and scale down the API servers:
+
+.. Set up environment variables for your hosted cluster by entering the following commands, replacing values as necessary:
++
+[source,terminal]
+----
+$ CLUSTER_NAME=my-cluster
+----
++
+[source,terminal]
+----
+$ HOSTED_CLUSTER_NAMESPACE=clusters
+----
++
+[source,terminal]
+----
+$ CONTROL_PLANE_NAMESPACE="${HOSTED_CLUSTER_NAMESPACE}-${CLUSTER_NAME}"
+----
+
+.. Pause reconciliation of the hosted cluster by entering the following command, replacing values as necessary:
++
+[source,terminal]
+----
+$ oc patch -n ${HOSTED_CLUSTER_NAMESPACE} hostedclusters/${CLUSTER_NAME} -p '{"spec":{"pausedUntil":"true"}}' --type=merge
+----
+
+.. Scale down the API servers by entering the following commands:
++
+... Scale down the `kube-apiserver`:
++
+[source,terminal]
+----
+$ oc scale -n ${CONTROL_PLANE_NAMESPACE} deployment/kube-apiserver --replicas=0
+----
+
+... Scale down the `openshift-apiserver`:
++
+[source,terminal]
+----
+$ oc scale -n ${CONTROL_PLANE_NAMESPACE} deployment/openshift-apiserver --replicas=0
+----
+
+... Scale down the `openshift-oauth-apiserver`:
++
+[source,terminal]
+----
+$ oc scale -n ${CONTROL_PLANE_NAMESPACE} deployment/openshift-oauth-apiserver --replicas=0
+----
+
+. Next, take a snapshot of etcd by using one of the following methods:
+
+.. Use a previously backed-up snapshot of etcd.
+.. If you have an available etcd pod, take a snapshot from the active etcd pod by completing the following steps:
+
+... List etcd pods by entering the following command:
++
+[source,terminal]
+----
+$ oc get -n ${CONTROL_PLANE_NAMESPACE} pods -l app=etcd
+----
+
+... Take a snapshot of the pod database and save it locally to your machine by entering the following commands:
++
+[source,terminal]
+----
+$ ETCD_POD=etcd-0
+----
++
+[source,terminal]
+----
+$ oc exec -n ${CONTROL_PLANE_NAMESPACE} -c etcd -t ${ETCD_POD} -- env ETCDCTL_API=3 /usr/bin/etcdctl \
+--cacert /etc/etcd/tls/etcd-ca/ca.crt \
+--cert /etc/etcd/tls/client/etcd-client.crt \
+--key /etc/etcd/tls/client/etcd-client.key \
+--endpoints=https://localhost:2379 \
+snapshot save /var/lib/snapshot.db
+----
+
+... Verify that the snapshot is successful by entering the following command:
++
+[source,terminal]
+----
+$ oc exec -n ${CONTROL_PLANE_NAMESPACE} -c etcd -t ${ETCD_POD} -- env ETCDCTL_API=3 /usr/bin/etcdctl -w table snapshot status /var/lib/snapshot.db
+----
+
+.. Make a local copy of the snapshot by entering the following command:
++
+[source,terminal]
+----
+$ oc cp -c etcd ${CONTROL_PLANE_NAMESPACE}/${ETCD_POD}:/var/lib/snapshot.db /tmp/etcd.snapshot.db
+----
+
+... Make a copy of the snapshot database from etcd persistent storage:
++
+.... List etcd pods by entering the following command:
++
+[source,terminal]
+----
+$ oc get -n ${CONTROL_PLANE_NAMESPACE} pods -l app=etcd
+----
+
+.... Find a pod that is running and set its name as the value of `ETCD_POD: ETCD_POD=etcd-0`, and then copy its snapshot database by entering the following command:
++
+[source,terminal]
+----
+$ oc cp -c etcd ${CONTROL_PLANE_NAMESPACE}/${ETCD_POD}:/var/lib/data/member/snap/db /tmp/etcd.snapshot.db
+----
+
+. Next, scale down the etcd statefulset by entering the following command:
++
+[source,terminal]
+----
+$ oc scale -n ${CONTROL_PLANE_NAMESPACE} statefulset/etcd --replicas=0
+----
+
+.. Delete volumes for second and third members by entering the following command:
++
+[source,terminal]
+----
+$ oc delete -n ${CONTROL_PLANE_NAMESPACE} pvc/data-etcd-1 pvc/data-etcd-2
+----
+
+.. Create a pod to access the first etcd member's data:
+
+... Get the etcd image by entering the following command:
++
+[source,terminal]
+----
+$ ETCD_IMAGE=$(oc get -n ${CONTROL_PLANE_NAMESPACE} statefulset/etcd -o jsonpath='{ .spec.template.spec.containers[0].image }')
+----
++
+... Create a pod that allows access to etcd data:
++
+[source,yaml]
+----
+$ cat << EOF | oc apply -n ${CONTROL_PLANE_NAMESPACE} -f -
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: etcd-data
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: etcd-data
+  template:
+    metadata:
+      labels:
+        app: etcd-data
+    spec:
+      containers:
+      - name: access
+        image: $ETCD_IMAGE
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib
+        command:
+        - /usr/bin/bash
+        args:
+        - -c
+        - |-
+          while true; do
+            sleep 1000
+          done
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: data-etcd-0
+EOF
+----
+
+... Check the status of the `etcd-data` pod and wait for it to be running by entering the following command:
++
+[source,terminal]
+----
+$ oc get -n ${CONTROL_PLANE_NAMESPACE} pods -l app=etcd-data
+----
+
+... Get the name of the `etcd-data` pod by entering the following command:
++
+[source,terminal]
+----
+$ DATA_POD=$(oc get -n ${CONTROL_PLANE_NAMESPACE} pods --no-headers -l app=etcd-data -o name | cut -d/ -f2)
+----
+
+.. Copy an etcd snapshot into the pod by entering the following command:
++
+[source,terminal]
+----
+$ oc cp /tmp/etcd.snapshot.db ${CONTROL_PLANE_NAMESPACE}/${DATA_POD}:/var/lib/restored.snap.db
+----
+
+.. Remove old data from the `etcd-data` pod by entering the following commands:
++
+[source,terminal]
+----
+$ oc exec -n ${CONTROL_PLANE_NAMESPACE} ${DATA_POD} -- rm -rf /var/lib/data
+----
++
+[source,terminal]
+----
+$ oc exec -n ${CONTROL_PLANE_NAMESPACE} ${DATA_POD} -- mkdir -p /var/lib/data
+----
+
+.. Restore the etcd snapshot by entering the following command:
++
+[source,terminal]
+----
+$ oc exec -n ${CONTROL_PLANE_NAMESPACE} ${DATA_POD} -- etcdutl snapshot restore /var/lib/restored.snap.db \
+     --data-dir=/var/lib/data --skip-hash-check \
+     --name etcd-0 \
+     --initial-cluster-token=etcd-cluster \
+     --initial-cluster etcd-0=https://etcd-0.etcd-discovery.${CONTROL_PLANE_NAMESPACE}.svc:2380,etcd-1=https://etcd-1.etcd-discovery.${CONTROL_PLANE_NAMESPACE}.svc:2380,etcd-2=https://etcd-2.etcd-discovery.${CONTROL_PLANE_NAMESPACE}.svc:2380 \
+     --initial-advertise-peer-urls https://etcd-0.etcd-discovery.${CONTROL_PLANE_NAMESPACE}.svc:2380
+----
+
+.. Remove the temporary etcd snapshot from the pod by entering the following command:
++
+[source,terminal]
+----
+$ oc exec -n ${CONTROL_PLANE_NAMESPACE} ${DATA_POD} -- rm /var/lib/restored.snap.db
+----
+
+.. Delete data access deployment by entering the following command:
++
+[source,terminal]
+----
+$ oc delete -n ${CONTROL_PLANE_NAMESPACE} deployment/etcd-data
+----
+
+.. Scale up the etcd cluster by entering the following command:
++
+[source,terminal]
+----
+$ oc scale -n ${CONTROL_PLANE_NAMESPACE} statefulset/etcd --replicas=3
+----
+
+.. Wait for the etcd member pods to return and report as available by entering the following command:
++
+[source,terminal]
+----
+$ oc get -n ${CONTROL_PLANE_NAMESPACE} pods -l app=etcd -w
+----
+
+.. Scale up all etcd-writer deployments by entering the following command:
++
+[source,terminal]
+----
+$ oc scale deployment -n ${CONTROL_PLANE_NAMESPACE} --replicas=3 kube-apiserver openshift-apiserver openshift-oauth-apiserver
+----
+
+. Restore reconciliation of the hosted cluster by entering the following command:
++
+[source,terminal]
+----
+$ oc patch -n ${CLUSTER_NAMESPACE} hostedclusters/${CLUSTER_NAME} -p '{"spec":{"pausedUntil":""}}' --type=merge
+----
diff --git a/modules/hosted-cluster-etcd-status.adoc b/modules/hosted-cluster-etcd-status.adoc
new file mode 100644
index 000000000000..8a27c6a17ece
--- /dev/null
+++ b/modules/hosted-cluster-etcd-status.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assembly:
+//
+// * hcp-backup-restore-dr.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-cluster-etcd-status_{context}"]
+= Checking the status of a hosted cluster
+
+To check the status of your hosted cluster, complete the following steps.
+
+.Procedure
+
+. Enter the running etcd pod that you want to check by entering the following command:
++
+[source,terminal]
+----
+$ oc rsh -n <control_plane_namespace> -c etcd etcd-0
+----
+
+. Set up the etcdctl environment by entering the following commands:
++
+[source,terminal]
+----
+sh-4.4$ export ETCDCTL_API=3
+----
++
+[source,terminal]
+----
+sh-4.4$ export ETCDCTL_CACERT=/etc/etcd/tls/etcd-ca/ca.crt
+----
++
+[source,terminal]
+----
+sh-4.4$ export ETCDCTL_CERT=/etc/etcd/tls/client/etcd-client.crt
+----
++
+[source,terminal]
+----
+sh-4.4$ export ETCDCTL_KEY=/etc/etcd/tls/client/etcd-client.key
+----
++
+[source,terminal]
+----
+sh-4.4$ export ETCDCTL_ENDPOINTS=https://etcd-client:2379
+----
+
+. Print the endpoint status for each cluster member by entering the following command:
++
+[source,terminal]
+----
+sh-4.4$ etcdctl endpoint health --cluster -w table
+----
\ No newline at end of file
diff --git a/modules/hosted-cluster-single-node-recovery.adoc b/modules/hosted-cluster-single-node-recovery.adoc
new file mode 100644
index 000000000000..debedd831fd5
--- /dev/null
+++ b/modules/hosted-cluster-single-node-recovery.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assembly:
+//
+// * hcp-backup-restore-dr.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-cluster-single-node-recovery_{context}"]
+= Recovering an etcd member for a hosted cluster
+
+An etcd member of a 3-node cluster might fail because of corrupted or missing data. To recover the etcd member, complete the following steps.
+
+.Procedure
+
+. If you need to confirm that the etcd member is failing, enter the following command:
++
+[source,terminal]
+----
+$ oc get pods -l app=etcd -n <control_plane_namespace>
+----
++
+The output resembles this example if the etcd member is failing:
++
+.Example output
+[source,terminal]
+----
+NAME     READY   STATUS             RESTARTS     AGE
+etcd-0   2/2     Running            0            64m
+etcd-1   2/2     Running            0            45m
+etcd-2   1/2     CrashLoopBackOff   1 (5s ago)   64m
+----
+
+. Delete the persistent volume claim of the failing etcd member and the pod by entering the following command:
++
+[source,terminal]
+----
+$ oc delete pvc/data-etcd-2 pod/etcd-2 --wait=false
+----
+
+. When the pod restarts, verify that the etcd member is added back to the etcd cluster and is correctly functioning by entering the following command:
++
+[source,terminal]
+----
+$ oc get pods -l app=etcd -n $CONTROL_PLANE_NAMESPACE
+----
++
+.Example output
+[source,terminal]
+----
+NAME     READY   STATUS    RESTARTS   AGE
+etcd-0   2/2     Running   0          67m
+etcd-1   2/2     Running   0          48m
+etcd-2   2/2     Running   0          2m2s
+----
\ No newline at end of file
diff --git a/modules/hosted-control-planes-concepts-personas.adoc b/modules/hosted-control-planes-concepts-personas.adoc
index d10d8bd282b0..6a6bdc092f9b 100644
--- a/modules/hosted-control-planes-concepts-personas.adoc
+++ b/modules/hosted-control-planes-concepts-personas.adoc
@@ -4,7 +4,7 @@
 // * hosted-control-planes/index.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="hosted-control-planes-concepts-personas_{context}"]
 = Glossary of common concepts and personas for hosted control planes
 
@@ -13,7 +13,7 @@ When you use hosted control planes for {product-title}, it is important to under
 [id="hosted-control-planes-concepts_{context}"]
 == Concepts
 
-hosted cluster:: An {product-title} API endpoint for the tenant cluster that is managed by the HyperShift Operator.
+hosted cluster:: An {product-title} cluster with its control plane and API endpoint hosted on a management cluster. The hosted cluster includes the control plane and its corresponding data plane.
 
 hosted cluster infrastructure:: Network, compute, and storage resources that exist in the tenant or end-user cloud account.
 
@@ -21,7 +21,9 @@ hosted control plane:: An {product-title} control plane that runs on the managem
 
 hosting cluster:: See _management cluster_.
 
-management cluster:: An {product-title} cluster where the HyperShift Operator is deployed and where the control planes for tenant clusters are hosted. The management cluster is synonymous with the _hosting cluster_.
+managed cluster:: A cluster that the hub cluster manages. This term is specific to the cluster lifecycle that the multicluster engine for Kubernetes Operator manages in Red Hat Advanced Cluster Management. A managed cluster is not the same thing as a _management cluster_. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/about/welcome-to-red-hat-advanced-cluster-management-for-kubernetes#managed-cluster[Managed cluster].
+
+management cluster:: An {product-title} cluster where the HyperShift Operator is deployed and where the control planes for hosted clusters are hosted. The management cluster is synonymous with the _hosting cluster_.
 
 management cluster infrastructure:: Network, compute, and storage resources of the management cluster.
 
diff --git a/modules/hosted-control-planes-metrics-sets.adoc b/modules/hosted-control-planes-metrics-sets.adoc
new file mode 100644
index 000000000000..7482ee964361
--- /dev/null
+++ b/modules/hosted-control-planes-metrics-sets.adoc
@@ -0,0 +1,126 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-control-planes-metrics-sets_{context}"]
+= Configuring metrics sets for hosted control planes
+
+Hosted control planes for Red Hat {product-title} creates `ServiceMonitor` resources in each control plane namespace that allow a Prometheus stack to gather metrics from the control planes. The `ServiceMonitor` resources use metrics relabelings to define which metrics are included or excluded from a particular component, such as etcd or the Kubernetes API server. The number of metrics that are produced by control planes directly impacts the resource requirements of the monitoring stack that gathers them.
+
+Instead of producing a fixed number of metrics that apply to all situations, you can configure a metrics set that identifies a set of metrics to produce for each control plane. The following metrics sets are supported:
+
+* `Telemetry`: These metrics are needed for telemetry. This set is the default set and is the smallest set of metrics.
+* `SRE`: This set includes the necessary metrics to produce alerts and allow the troubleshooting of control plane components.
+* `All`: This set includes all of the metrics that are produced by standalone {product-title} control plane components.
+
+To configure a metrics set, set the `METRICS_SET` environment variable in the HyperShift Operator deployment by entering the following command:
+
+[source,terminal]
+----
+$ oc set env -n hypershift deployment/operator METRICS_SET=All
+----
+
+[#hosted-control-planes-sre-metrics-set]
+== Configuring the SRE metrics set
+
+When you specify the `SRE` metrics set, the HyperShift Operator looks for a config map named `sre-metric-set` with a single key: `config`. The value of the `config` key must contain a set of `RelabelConfigs` that are organized by control plane component.
+
+You can specify the following components:
+
+* `etcd`
+* `kubeAPIServer`
+* `kubeControllerManager`
+* `openshiftAPIServer`
+* `openshiftControllerManager`
+* `openshiftRouteControllerManager`
+* `cvo`
+* `olm`
+* `catalogOperator`
+* `registryOperator`
+* `nodeTuningOperator`
+* `controlPlaneOperator`
+* `hostedClusterConfigOperator`
+
+A configuration of the `SRE` metrics set is illustrated in the following example:
+
+[source,terminal]
+----
+kubeAPIServer:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|server).*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_admission_controller_admission_latencies_seconds_.*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_admission_step_admission_latencies_seconds_.*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "scheduler_(e2e_scheduling_latency_microseconds|scheduling_algorithm_predicate_evaluation|scheduling_algorithm_priority_evaluation|scheduling_algorithm_preemption_evaluation|scheduling_algorithm_latency_microseconds|binding_latency_microseconds|scheduling_latency_seconds)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "docker_(operations|operations_latency_microseconds|operations_errors|operations_timeout)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "reflector_(items_per_list|items_per_watch|list_duration_seconds|lists_total|short_watches_total|watch_duration_seconds|watches_total)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "transformation_(transformation_latencies_microseconds|failures_total)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "network_plugin_operations_latency_microseconds|sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)"
+    sourceLabels: ["__name__", "le"]
+kubeControllerManager:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|request|server).*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "rest_client_request_latency_seconds_(bucket|count|sum)"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "root_ca_cert_publisher_sync_duration_seconds_(bucket|count|sum)"
+    sourceLabels: ["__name__"]
+openshiftAPIServer:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|server).*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_admission_controller_admission_latencies_seconds_.*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_admission_step_admission_latencies_seconds_.*"
+    sourceLabels: ["__name__"]
+  - action:       "drop"
+    regex:        "apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)"
+    sourceLabels: ["__name__", "le"]
+openshiftControllerManager:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|request|server).*"
+    sourceLabels: ["__name__"]
+openshiftRouteControllerManager:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|request|server).*"
+    sourceLabels: ["__name__"]
+olm:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|server).*"
+    sourceLabels: ["__name__"]
+catalogOperator:
+  - action:       "drop"
+    regex:        "etcd_(debugging|disk|server).*"
+    sourceLabels: ["__name__"]
+cvo:
+  - action: drop
+    regex: "etcd_(debugging|disk|server).*"
+    sourceLabels: ["__name__"]
+----
\ No newline at end of file
diff --git a/modules/hosted-control-planes-monitoring-dashboard.adoc b/modules/hosted-control-planes-monitoring-dashboard.adoc
new file mode 100644
index 000000000000..c227bd68375f
--- /dev/null
+++ b/modules/hosted-control-planes-monitoring-dashboard.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-control-planes-monitoring-dashboard_{context}"]
+= Creating monitoring dashboards for hosted clusters
+
+The HyperShift Operator can create or delete monitoring dashboards in the management cluster for each hosted cluster that it manages.
+
+[#hosted-control-planes-enable-dashboard]
+== Enabling monitoring dashboards
+
+To enable monitoring dashboards in a hosted cluster, complete the following steps:
+
+.Procedure
+
+. Create the `hypershift-operator-install-flags` config map in the `local-cluster` namespace, being sure to specify the `--monitoring-dashboards` flag in the `data.installFlagsToAdd` section. For example:
+
++
+[source,yaml]
+----
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: hypershift-operator-install-flags
+  namespace: local-cluster
+data:
+  installFlagsToAdd: "--monitoring-dashboards"
+  installFlagsToRemove: ""
+----
+
+. Wait a couple of minutes for the HyperShift Operator deployment in the `hypershift` namespace to be updated to include the following environment variable:
+
++
+----
+    - name: MONITORING_DASHBOARDS
+      value: "1"
+----
+
++
+When monitoring dashboards are enabled, for each hosted cluster that the HyperShift Operator manages, the Operator creates a config map named `cp-[NAMESPACE]-[NAME]` in the `openshift-config-managed` namespace, where `NAMESPACE` is the namespace of the hosted cluster and `NAME` is the name of the hosted cluster. As a result, a new dashboard is added in the administrative console of the management cluster.
+
+. To view the dashboard, log in to the management cluster's console and go to the dashboard for the hosted cluster by clicking *Observe -> Dashboards*.
+
+. Optional: To disable a monitoring dashboards in a hosted cluster, remove the `--monitoring-dashboards` flag from the `hypershift-operator-install-flags` config map. When you delete a hosted cluster, its corresponding dashboard is also deleted.
+
+[#hosted-control-planes-customize-dashboards]
+== Dashboard customization
+
+To generate dashboards for each hosted cluster, the HyperShift Operator uses a template that is stored in the `monitoring-dashboard-template` config map in the operator namespace (`hypershift`). This template contains a set of Grafana panels that contain the metrics for the dashboard. You can edit the content of the config map to customize the dashboards.
+
+When a dashboard is generated, the following strings are replaced with values that correspond to a specific hosted cluster:
+
+|===
+| Name | Description
+| [x-]`__NAME__` | The name of the hosted cluster
+| [x-]`__NAMESPACE__` | The namespace of the hosted cluster
+| [x-]`__CONTROL_PLANE_NAMESPACE__` | The namespace where the control plane pods of the hosted cluster are placed
+| [x-]`__CLUSTER_ID__` | The UUID of the hosted cluster, which matches the `_id` label of the hosted cluster metrics
+|===
\ No newline at end of file
diff --git a/modules/hosted-control-planes-overview.adoc b/modules/hosted-control-planes-overview.adoc
index 5393edd5cbd6..98c062acb971 100644
--- a/modules/hosted-control-planes-overview.adoc
+++ b/modules/hosted-control-planes-overview.adoc
@@ -4,16 +4,19 @@
 // * hosted-control-planes/index.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="hosted-control-planes-overview_{context}"]
-= Introduction to hosted control planes (Technology Preview)
+= Introduction to hosted control planes
 
 You can use hosted control planes for Red Hat {product-title} to reduce management costs, optimize cluster deployment time, and separate management and workload concerns so that you can focus on your applications.
 
-You can enable hosted control planes as a Technology Preview feature by using the link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#cluster_mce_overview[multicluster engine for Kubernetes operator version 2.0 or later] on Amazon Web Services (AWS), bare metal by using the Agent provider, or {VirtProductName}.
+Hosted control planes is available by using the link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#cluster_mce_overview[multicluster engine for Kubernetes operator version 2.0 or later] on the following platforms:
 
-:FeatureName: Hosted control planes
-include::snippets/technology-preview.adoc[]
+* Bare metal by using the Agent provider
+* {VirtProductName}
+* {aws-first}, as a Technology Preview feature
+* {ibm-z-title}, as a Technology Preview feature
+* {ibm-power-title}, as a Technology Preview feature
 
 [id="hosted-control-planes-architecture_{context}"]
 == Architecture of hosted control planes
diff --git a/modules/hosted-control-planes-pause-reconciliation.adoc b/modules/hosted-control-planes-pause-reconciliation.adoc
new file mode 100644
index 000000000000..d6fe2a9dd7f6
--- /dev/null
+++ b/modules/hosted-control-planes-pause-reconciliation.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-control-planes-pause-reconciliation_{context}"]
+= Pausing the reconciliation of a hosted cluster and hosted control plane
+
+If you are a cluster instance administrator, you can pause the reconciliation of a hosted cluster and hosted control plane. You might want to pause reconciliation when you back up and restore an etcd database or when you need to debug problems with a hosted cluster or hosted control plane.
+
+.Procedure
+
+. To pause reconciliation for a hosted cluster and hosted control plane, populate the `pausedUntil` field of the `HostedCluster` resource, as shown in the following examples. In the examples, the value for `pausedUntil` is defined in an environment variable prior to the command.
++
+** To pause the reconciliation until a specific time, specify an RFC339 timestamp:
++
+[source,terminal]
+----
+PAUSED_UNTIL="2022-03-03T03:28:48Z"
+oc patch -n <hosted-cluster-namespace> hostedclusters/<hosted-cluster-name> -p '{"spec":{"pausedUntil":"'${PAUSED_UNTIL}'"}}' --type=merge
+----
++
+The reconciliation is paused until the specified time is passed.
++
+** To pause the reconciliation indefinitely, pass a Boolean value of `true`:
++
+[source,terminal]
+----
+PAUSED_UNTIL="true"
+oc patch -n <hosted-cluster-namespace> hostedclusters/<hosted-cluster-name> -p '{"spec":{"pausedUntil":"'${PAUSED_UNTIL}'"}}' --type=merge
+----
++
+The reconciliation is paused until you remove the field from the `HostedCluster` resource.
++
+When the pause reconciliation field is populated for the `HostedCluster` resource, the field is automatically added to the associated `HostedControlPlane` resource.
+
+. To remove the `pausedUntil` field, enter the following patch command:
++
+[source,terminal]
+----
+oc patch -n <hosted-cluster-namespace> hostedclusters/<hosted-cluster-name> -p '{"spec":{"pausedUntil":null}}' --type=merge
+----
+
+
+
+
+
diff --git a/modules/hosted-control-planes-troubleshooting.adoc b/modules/hosted-control-planes-troubleshooting.adoc
new file mode 100644
index 000000000000..2d99bb48e83b
--- /dev/null
+++ b/modules/hosted-control-planes-troubleshooting.adoc
@@ -0,0 +1,147 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hosted-control-planes-troubleshooting_{context}"]
+= Gathering information to troubleshoot hosted control planes
+
+When you need to troubleshoot an issue with hosted control plane clusters, you can gather information by running the `hypershift dump cluster` command. The command generates output for the management cluster and the hosted cluster.
+
+The output for the management cluster contains the following content:
+
+* *Cluster-scoped resources:* These resources are node definitions of the management cluster.
+* *The `hypershift-dump` compressed file:* This file is useful if you need to share the content with other people.
+* *Namespaced resources:* These resources include all of the objects from the relevant namespaces, such as config maps, services, events, and logs.
+* *Network logs:* These logs include the OVN northbound and southbound databases and the status for each one.
+* *Hosted clusters:* This level of output involves all of the resources inside of the hosted cluster.
+
+The output for the hosted cluster contains the following content:
+
+* *Cluster-scoped resources:* These resources include all of the cluster-wide objects, such as nodes and CRDs.
+* *Namespaced resources:* These resources include all of the objects from the relevant namespaces, such as config maps, services, events, and logs.
+
+Although the output does not contain any secret objects from the cluster, it can contain references to the names of secrets.
+
+.Prerequisites
+
+* You must have `cluster-admin` access to the management cluster.
+
+* You need the `name` value for the `HostedCluster` resource and the namespace where the CR is deployed.
+
+* You must have the `hcp` command line interface installed. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-install-cli[Installing the hosted control planes command line interface].
+
+* You must have the OpenShift CLI (`oc`) installed.
+
+* You must ensure that the `kubeconfig` file is loaded and is pointing to the management cluster.
+
+.Procedure
+
+* To gather output for troubleshooting, enter the following commands:
++
+[source,terminal]
+----
+$ CLUSTERNAME="samplecluster"
+----
++
+[source,terminal]
+----
+$ CLUSTERNS="clusters"
+----
++
+[source,terminal]
+----
+$ mkdir clusterDump-${CLUSTERNS}-${CLUSTERNAME}
+----
++
+[source,terminal]
+----
+$ hypershift dump cluster \
+    --name ${CLUSTERNAME} \
+    --namespace ${CLUSTERNS} \
+    --dump-guest-cluster \
+    --artifact-dir clusterDump-${CLUSTERNS}-${CLUSTERNAME}
+----
++
+.Example output
++
+[source,terminal]
+----
+2023-06-06T12:18:20+02:00   INFO    Archiving dump  {"command": "tar", "args": ["-cvzf", "hypershift-dump.tar.gz", "cluster-scoped-resources", "event-filter.html", "namespaces", "network_logs", "timestamp"]}
+2023-06-06T12:18:21+02:00   INFO    Successfully archived dump  {"duration": "1.519376292s"}
+----
+
+* To configure the command-line interface so that it impersonates all of the queries against the management cluster by using a username or service account, enter the `hypershift dump cluster` command with the `--as` flag.
++
+The service account must have enough permissions to query all of the objects from the namespaces, so the `cluster-admin` role is recommended to make sure you have enough permissions. The service account must be located in or have permissions to query the namespace of the `HostedControlPlane` resource.
++
+If your username or service account does not have enough permissions, the output contains only the objects that you have permissions to access. During that process, you might see `forbidden` errors.
++
+** To use impersonation by using a service account, enter the following commands. Replace values as necessary:
++
+[source,terminal]
+----
+$ CLUSTERNAME="samplecluster"
+----
++
+[source,terminal]
+----
+$ CLUSTERNS="clusters"
+----
++
+[source,terminal]
+----
+$ SA="samplesa"
+----
++
+[source,terminal]
+----
+$ SA_NAMESPACE="default"
+----
++
+[source,terminal]
+----
+$ mkdir clusterDump-${CLUSTERNS}-${CLUSTERNAME}
+----
++
+[source,terminal]
+----
+$ hypershift dump cluster \
+    --name ${CLUSTERNAME} \
+    --namespace ${CLUSTERNS} \
+    --dump-guest-cluster \
+    --as "system:serviceaccount:${SA_NAMESPACE}:${SA}" \
+    --artifact-dir clusterDump-${CLUSTERNS}-${CLUSTERNAME}
+----
+
+** To use impersonation by using a username, enter the following commands. Replace values as necessary:
++
+[source,terminal]
+----
+$ CLUSTERNAME="samplecluster"
+----
++
+[source,terminal]
+----
+$ CLUSTERNS="clusters"
+----
++
+[source,terminal]
+----
+$ CLUSTERUSER="cloud-admin"
+----
++
+[source,terminal]
+----
+$ mkdir clusterDump-${CLUSTERNS}-${CLUSTERNAME}
+----
++
+[source,terminal]
+----
+$ hypershift dump cluster \
+    --name ${CLUSTERNAME} \
+    --namespace ${CLUSTERNS} \
+    --dump-guest-cluster \
+    --as "${CLUSTERUSER}" \
+    --artifact-dir clusterDump-${CLUSTERNS}-${CLUSTERNAME}
+----
\ No newline at end of file
diff --git a/modules/hosted-control-planes-version-support.adoc b/modules/hosted-control-planes-version-support.adoc
index 754c9a5e0c1b..80cd261f31f2 100644
--- a/modules/hosted-control-planes-version-support.adoc
+++ b/modules/hosted-control-planes-version-support.adoc
@@ -4,7 +4,7 @@
 // * hosted-control-planes/index.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="hosted-control-planes-version-support_{context}"]
 = Versioning for hosted control planes
 
@@ -19,7 +19,7 @@ The HyperShift Operator manages the lifecycle of hosted clusters that are repres
 ----
     apiVersion: v1
     data:
-      supported-versions: '{"versions":["4.13","4.12","4.11"]}'
+      supported-versions: '{"versions":["4.15"]}'
     kind: ConfigMap
     metadata:
       labels:
@@ -32,7 +32,7 @@ The CLI is a helper utility for development purposes. The CLI is released as par
 
 The API, `hypershift.openshift.io`, provides a way to create and manage lightweight, flexible, heterogeneous {product-title} clusters at scale. The API exposes two user-facing resources: `HostedCluster` and `NodePool`. A `HostedCluster` resource encapsulates the control plane and common data plane configuration. When you create a `HostedCluster` resource, you have a fully functional control plane with no attached nodes. A `NodePool` resource is a scalable set of worker nodes that is attached to a `HostedCluster` resource.
 
-The API version policy generally aligns with the policy for link:https://kubernetes.io/docs/reference/using-api/#api-versioning[Kubernetes API versioning]. 
+The API version policy generally aligns with the policy for link:https://kubernetes.io/docs/reference/using-api/#api-versioning[Kubernetes API versioning].
 
 
 
diff --git a/modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects.adoc b/modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects.adoc
new file mode 100644
index 000000000000..466658abc7f7
--- /dev/null
+++ b/modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+// * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects_{context}"]
+= How service accounts assume AWS IAM roles in SRE owned projects
+
+When you install a {product-title} cluster that uses the AWS Security Token Service (STS), cluster-specific Operator AWS Identity and Access Management (IAM) roles are created. These IAM roles permit the {product-title} cluster Operators to run core OpenShift functionality.
+
+Cluster Operators use service accounts to assume IAM roles. When a service account assumes an IAM role, temporary STS credentials are provided for the service account to use in the cluster Operator's pod. If the assumed role has the necessary AWS privileges, the service account can run AWS SDK operations in the pod.
+
+[discrete]
+[id="workflow-for-assuming-aws-iam-roles-in-sre-owned-projects_{context}"]
+== Workflow for assuming AWS IAM roles in SRE owned projects
+
+The following diagram illustrates the workflow for assuming AWS IAM roles in SRE owned projects:
+
+.Workflow for assuming AWS IAM roles in SRE owned projects
+image::workflow-assuming-aws-iam-roles-sre-owned-projects.png[Workflow for assuming AWS IAM roles in SRE owned projects]
+
+The workflow has the following stages:
+
+. Within each project that a cluster Operator runs, the Operator's deployment spec has a volume mount for the projected service account token, and a secret containing AWS credential configuration for the pod. The token is audience-bound and time-bound. Every hour, {product-title} generates a new token, and the AWS SDK reads the mounted secret containing the AWS credential configuration. This configuration has a path to the mounted token and the AWS IAM Role ARN. The secret's credential configuration includes the following:
+
+** An `$AWS_ARN_ROLE` variable that has the ARN for the IAM role that has the permissions required to run AWS SDK operations.
+
+** An `$AWS_WEB_IDENTITY_TOKEN_FILE` variable that has the full path in the pod to the OpenID Connect (OIDC) token for the service account. The full path is `/var/run/secrets/openshift/serviceaccount/token`.
+
+. When a cluster Operator needs to assume an AWS IAM role to access an AWS service (such as EC2), the AWS SDK client code running on the Operator invokes the `AssumeRoleWithWebIdentity` API call.
+
+. The OIDC token is passed from the pod to the OIDC provider. The provider authenticates the service account identity if the following requirements are met:
+
+** The identity signature is valid and signed by the private key.
+
+** The `sts.amazonaws.com` audience is listed in the OIDC token and matches the audience configured in the OIDC provider.
++
+[NOTE]
+====
+In {product-title} with STS clusters, the OIDC provider is created during install and set as the service account issuer by default. The `sts.amazonaws.com` audience is set by default in the OIDC provider.
+====
+
+** The OIDC token has not expired.
+
+** The issuer value in the token has the URL for the OIDC provider.
+
+. If the project and service account are in the scope of the trust policy for the IAM role that is being assumed, then authorization succeeds.
+
+. After successful authentication and authorization, temporary AWS STS credentials in the form of an AWS access token, secret key, and session token are passed to the pod for use by the service account. By using the credentials, the service account is temporarily granted the AWS permissions enabled in the IAM role.
+
+. When the cluster Operator runs, the Operator that is using the AWS SDK in the pod consumes the secret that has the path to the projected service account and AWS IAM Role ARN to authenticate against the OIDC provider. The OIDC provider returns temporary STS credentials for authentication against the AWS API.
diff --git a/modules/hw-installing-amq-interconnect-messaging-bus.adoc b/modules/hw-installing-amq-interconnect-messaging-bus.adoc
index 914b93dbce69..257f950e2925 100644
--- a/modules/hw-installing-amq-interconnect-messaging-bus.adoc
+++ b/modules/hw-installing-amq-interconnect-messaging-bus.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="hw-installing-amq-interconnect-messaging-bus_{context}"]
 = Installing the AMQ messaging bus
 
diff --git a/modules/ibm-z-boost-networking-performance-with-rfs.adoc b/modules/ibm-z-boost-networking-performance-with-rfs.adoc
index 61ed4c0b1e39..981da2162bcf 100644
--- a/modules/ibm-z-boost-networking-performance-with-rfs.adoc
+++ b/modules/ibm-z-boost-networking-performance-with-rfs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ibm-z-recommended-host-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ibm-z-boost-networking-performance-with-rfs_{context}"]
 = Boost networking performance with Receive Flow Steering
 
diff --git a/modules/ibm-z-choose-networking-setup.adoc b/modules/ibm-z-choose-networking-setup.adoc
index c6b72387e26d..84644df46779 100644
--- a/modules/ibm-z-choose-networking-setup.adoc
+++ b/modules/ibm-z-choose-networking-setup.adoc
@@ -2,11 +2,11 @@
 //
 // * scalability_and_performance/ibm-z-recommended-host-practices.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ibm-z-choose-networking-setup_{context}"]
 = Choose your networking setup
 
-The networking stack is one of the most important components for a Kubernetes-based product like {product-title}. For {ibmzProductName} setups, the networking setup depends on the hypervisor of your choice. Depending on the workload and the application, the best fit usually changes with the use case and the traffic pattern.
+The networking stack is one of the most important components for a Kubernetes-based product like {product-title}. For {ibm-z-name} setups, the networking setup depends on the hypervisor of your choice. Depending on the workload and the application, the best fit usually changes with the use case and the traffic pattern.
 
 Depending on your setup, consider these best practices:
 
diff --git a/modules/ibm-z-disable-thp.adoc b/modules/ibm-z-disable-thp.adoc
index 7a706757ef98..c554d7442b12 100644
--- a/modules/ibm-z-disable-thp.adoc
+++ b/modules/ibm-z-disable-thp.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ibm-z-recommended-host-practices.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ibm-z-disable-thp_{context}"]
 = Disable Transparent Huge Pages
 
diff --git a/modules/ibm-z-ensure-high-disk-performance-hyperpav.adoc b/modules/ibm-z-ensure-high-disk-performance-hyperpav.adoc
index acdd66b32547..d27b86fab4d9 100644
--- a/modules/ibm-z-ensure-high-disk-performance-hyperpav.adoc
+++ b/modules/ibm-z-ensure-high-disk-performance-hyperpav.adoc
@@ -2,11 +2,11 @@
 //
 // * scalability_and_performance/ibm-z-recommended-host-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ibm-z-ensure-high-disk-performance-hyperpav_{context}"]
 = Ensure high disk performance with HyperPAV on z/VM
 
-DASD and ECKD devices are commonly used disk types in {ibmzProductName} environments. In a typical {product-title} setup in z/VM environments, DASD disks are commonly used to support the local storage for the nodes. You can set up HyperPAV alias devices to provide more throughput and overall better I/O performance for the DASD disks that support the z/VM guests.
+DASD and ECKD devices are commonly used disk types in {ibm-z-name} environments. In a typical {product-title} setup in z/VM environments, DASD disks are commonly used to support the local storage for the nodes. You can set up HyperPAV alias devices to provide more throughput and overall better I/O performance for the DASD disks that support the z/VM guests.
 
 Using HyperPAV for the local storage devices leads to a significant performance benefit. However, you must be aware that there is a trade-off between throughput and CPU costs.
 
diff --git a/modules/ibm-z-managing-cpu-overcommitment.adoc b/modules/ibm-z-managing-cpu-overcommitment.adoc
index 5c7c9dab1cc3..7f7da38e99c5 100644
--- a/modules/ibm-z-managing-cpu-overcommitment.adoc
+++ b/modules/ibm-z-managing-cpu-overcommitment.adoc
@@ -2,11 +2,11 @@
 //
 // * scalability_and_performance/ibm-z-recommended-host-practices.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ibm-z-managing-cpu-overcommitment_{context}"]
 = Managing CPU overcommitment
 
-In a highly virtualized {ibmzProductName} environment, you must carefully plan the infrastructure setup and sizing. One of the most important features of virtualization is the capability to do resource overcommitment, allocating more resources to the virtual machines than actually available at the hypervisor level. This is very workload dependent and there is no golden rule that can be applied to all setups.
+In a highly virtualized {ibm-z-name} environment, you must carefully plan the infrastructure setup and sizing. One of the most important features of virtualization is the capability to do resource overcommitment, allocating more resources to the virtual machines than actually available at the hypervisor level. This is very workload dependent and there is no golden rule that can be applied to all setups.
 
 Depending on your setup, consider these best practices regarding CPU overcommitment:
 
diff --git a/modules/ibm-z-rhel-kvm-host-recommendations.adoc b/modules/ibm-z-rhel-kvm-host-recommendations.adoc
index 2ec915c7b189..80cbe4d09bcd 100644
--- a/modules/ibm-z-rhel-kvm-host-recommendations.adoc
+++ b/modules/ibm-z-rhel-kvm-host-recommendations.adoc
@@ -2,31 +2,13 @@
 //
 // * scalability_and_performance/ibm-z-recommended-host-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ibm-z-rhel-kvm-host-recommendations_{context}"]
-= {op-system-base} KVM on {ibmzProductName} host recommendations
+= {op-system-base} KVM on {ibm-z-title} host recommendations
 
 Optimizing a KVM virtual server environment strongly depends on the workloads of the virtual servers and on the available resources. The same action that enhances performance in one environment can have adverse effects in another. Finding the best balance for a particular setting can be a challenge and often involves experimentation.
 
-The following section introduces some best practices when using {product-title} with {op-system-base} KVM on {ibmzProductName} and {linuxoneProductName} environments.
-
-[id="use-multiple-queues-for-your-virtio-network-interfaces_{context}"]
-== Use multiple queues for your VirtIO network interfaces
-
-With multiple virtual CPUs, you can transfer packages in parallel if you provide multiple queues for incoming and outgoing packets. Use the `queues` attribute of the `driver` element to configure multiple queues. Specify an integer of at least 2 that does not exceed the number of virtual CPUs of the virtual server.
-
-The following example specification configures two input and output queues for a network interface:
-
-[source,xml]
-----
-<interface type="direct">
-    <source network="net01"/>
-    <model type="virtio"/>
-    <driver ... queues="2"/>
-</interface>
-----
-
-Multiple queues are designed to provide enhanced performance for a network interface, but they also use memory and CPU resources. Start with defining two queues for busy interfaces. Next, try two queues for interfaces with less traffic or more than two queues for busy interfaces.
+The following section introduces some best practices when using {product-title} with {op-system-base} KVM on {ibm-z-name} and {ibm-linuxone-name} environments.
 
 [id="use-io-threads-for-your-virtual-block-devices_{context}"]
 == Use I/O threads for your virtual block devices
diff --git a/modules/ibm-z-secure-execution.adoc b/modules/ibm-z-secure-execution.adoc
index c0c65cdb4ef2..5d372f7e107e 100644
--- a/modules/ibm-z-secure-execution.adoc
+++ b/modules/ibm-z-secure-execution.adoc
@@ -3,37 +3,37 @@
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-rhcos-using-ibm-secure-execution_{context}"]
-= Installing {op-system} using IBM Secure Execution
+= Installing {op-system} using {ibm-title} Secure Execution
 
-Before you install {op-system} using IBM Secure Execution, you must prepare the underlying infrastructure.
+Before you install {op-system} using {ibm-name} Secure Execution, you must prepare the underlying infrastructure.
 
 .Prerequisites
 
-* IBM z15 or later, or {linuxoneProductName} III or later.
+* {ibm-name} z15 or later, or {ibm-linuxone-name} III or later.
 * {op-system-base-full} 8 or later.
 * You have a bootstrap Ignition file. The file is not protected, enabling others to view and edit it.
 * You have verified that the boot image has not been altered after installation.
-* You must run all your nodes as IBM Secure Execution guests.
+* You must run all your nodes as {ibm-name} Secure Execution guests.
 
 .Procedure
 
-. Prepare your {op-system-base} KVM host to support IBM Secure Execution.
+. Prepare your {op-system-base} KVM host to support {ibm-name} Secure Execution.
 
-** By default, KVM hosts do not support guests in IBM Secure Execution mode. To support guests in IBM Secure Execution mode, KVM hosts must boot in LPAR mode with the kernel parameter specification `prot_virt=1`. To enable `prot_virt=1` on {op-system-base} 8, follow these steps:
+** By default, KVM hosts do not support guests in {ibm-name} Secure Execution mode. To support guests in {ibm-name} Secure Execution mode, KVM hosts must boot in LPAR mode with the kernel parameter specification `prot_virt=1`. To enable `prot_virt=1` on {op-system-base} 8, follow these steps:
 
 .. Navigate to `/boot/loader/entries/` to modify your bootloader configuration file `*.conf`.
 .. Add the kernel command line parameter `prot_virt=1`.
 .. Run the `zipl` command and reboot your system.
 +
-KVM hosts that successfully start with support for IBM Secure Execution for Linux issue the following kernel message:
+KVM hosts that successfully start with support for {ibm-name} Secure Execution for Linux issue the following kernel message:
 +
 [source,terminal]
 ----
 prot_virt: Reserving <amount>MB as ultravisor base storage.
 ----
-.. To verify that the KVM host now supports IBM Secure Execution, run the following command:
+.. To verify that the KVM host now supports {ibm-name} Secure Execution, run the following command:
 +
 [source,terminal]
 ----
@@ -54,7 +54,7 @@ During the first boot, {op-system} looks for your host keys to re-encrypt itself
 +
 [NOTE]
 ====
-You need to prepare your Ignition file on a safe system. For example, another IBM Secure Execution guest.
+You need to prepare your Ignition file on a safe system. For example, another {ibm-name} Secure Execution guest.
 ====
 +
 For example:
@@ -87,7 +87,7 @@ For example:
 +
 [NOTE]
 ====
-You can add as many host keys as required if you want your node to be able to run on multiple {ibmzProductName} machines.
+You can add as many host keys as required if you want your node to be able to run on multiple {ibm-z-name} machines.
 ====
 . To generate the Base64 encoded string, run the following command:
 +
@@ -96,7 +96,7 @@ You can add as many host keys as required if you want your node to be able to ru
 base64 <your-hostkey>.crt
 ----
 +
-Compared to guests not running IBM Secure Execution, the first boot of the machine is longer because the entire image is encrypted with a randomly generated LUKS passphrase before the Ignition phase.
+Compared to guests not running {ibm-name} Secure Execution, the first boot of the machine is longer because the entire image is encrypted with a randomly generated LUKS passphrase before the Ignition phase.
 
 . Add Ignition protection
 +
@@ -104,7 +104,7 @@ To protect the secrets that are stored in the Ignition config file from being re
 +
 [NOTE]
 ====
-To achieve the desired security, Ignition logging and local login are disabled by default when running IBM Secure Execution.
+To achieve the desired security, Ignition logging and local login are disabled by default when running {ibm-name} Secure Execution.
 ====
 .. Fetch the public GPG key for the `secex-qemu.qcow2` image and encrypt the Ignition config with the key by running the following command:
 +
@@ -112,13 +112,19 @@ To achieve the desired security, Ignition logging and local login are disabled b
 ----
 gpg --recipient-file /path/to/ignition.gpg.pub --yes --output /path/to/config.ign.gpg --verbose --armor --encrypt /path/to/config.ign
 ----
+
+. Follow the fast-track installation of {op-system} to install nodes by using the {ibm-name} Secure Execution QCOW image.
 +
 [NOTE]
 ====
-Before starting the VM, replace `serial=ignition` with `serial=ignition_crypted` when mounting the Ignition file.
+Before you start the VM, replace `serial=ignition` with `serial=ignition_crypted`, and add the `launchSecurity` parameter.
 ====
-+
-When Ignition runs on the first boot, and the decryption is successful, you will see an output like the following example:
+
+.Verification
+
+When you have completed the fast-track installation of {op-system} and Ignition runs at the first boot, verify if decryption is successful.
+
+** If the decryption is successful, you can expect an output similar to the following example:
 +
 .Example output
 [source,terminal]
@@ -129,8 +135,8 @@ When Ignition runs on the first boot, and the decryption is successful, you will
 [    2.808874] coreos-secex-ignition-decrypt[740]: gpg: encrypted with rsa4096 key, ID <key_name>, created <yyyy-mm-dd>
 [  OK  ] Finished coreos-secex-igni…S Secex Ignition Config Decryptor.
 ----
-+
-If the decryption fails, you will see an output like the following example:
+
+** If the decryption fails, you can expect an output similar to the following example:
 +
 .Example output
 [source,terminal]
@@ -141,6 +147,5 @@ Starting coreos-ignition-s…reOS Ignition User Config Setup...
 [    2.870347] coreos-secex-ignition-decrypt[738]: gpg: public key decryption failed: No secret key
 [    2.870371] coreos-secex-ignition-decrypt[738]: gpg: decryption failed: No secret key
 ----
-+
 
-. Follow the fast-track installation procedure to install nodes using the IBM Secure Exection QCOW image.
\ No newline at end of file
+
diff --git a/modules/ibmz-configure-devices-manually.adoc b/modules/ibmz-configure-devices-manually.adoc
index 951a6f4823b4..bc9ede9f69fd 100644
--- a/modules/ibmz-configure-devices-manually.adoc
+++ b/modules/ibmz-configure-devices-manually.adoc
@@ -2,11 +2,11 @@
 //
 // * post-installation-configuration/ibmz-post-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configure-additional-devices-manually_{context}"]
 = Configuring additional devices manually
 
-Tasks in this section describe how to manually configure additional devices in an {ibmzProductName} or {linuxoneProductName} environment. This configuration method is persistent over node restarts but not {product-title} native and you need to redo the steps if you replace the node.
+Tasks in this section describe how to manually configure additional devices in an {ibm-z-name} or {ibm-linuxone-name} environment. This configuration method is persistent over node restarts but not {product-title} native and you need to redo the steps if you replace the node.
 
 .Prerequisites
 
diff --git a/modules/ibmz-configure-devices-mco.adoc b/modules/ibmz-configure-devices-mco.adoc
index 84789c7732bb..3e70ed0afc9c 100644
--- a/modules/ibmz-configure-devices-mco.adoc
+++ b/modules/ibmz-configure-devices-mco.adoc
@@ -2,11 +2,11 @@
 //
 // * post-installation-configuration/ibmz-post-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configure-additional-devices-using-mco_{context}"]
 = Configuring additional devices using the Machine Config Operator (MCO)
 
-Tasks in this section describe how to use features of the Machine Config Operator (MCO) to configure additional devices in an {ibmzProductName} or {linuxoneProductName} environment. Configuring devices with the MCO is persistent but only allows specific configurations for compute nodes. MCO does not allow control plane nodes to have different configurations.
+Tasks in this section describe how to use features of the Machine Config Operator (MCO) to configure additional devices in an {ibm-z-name} or {ibm-linuxone-name} environment. Configuring devices with the MCO is persistent but only allows specific configurations for compute nodes. MCO does not allow control plane nodes to have different configurations.
 
 .Prerequisites
 
diff --git a/modules/ibmz-configure-nbde-with-static-ip.adoc b/modules/ibmz-configure-nbde-with-static-ip.adoc
index eb4bb24794f2..8f0999d9a5af 100644
--- a/modules/ibmz-configure-nbde-with-static-ip.adoc
+++ b/modules/ibmz-configure-nbde-with-static-ip.adoc
@@ -18,11 +18,11 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
 :ibm-z-kvm:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-nbde-static-ip-ibmz-linuxone-environment_{context}"]
-= Configuring NBDE with static IP in an {ibmzProductName} or {linuxoneProductName} environment
+= Configuring NBDE with static IP in an {ibm-z-title} or {ibm-linuxone-title} environment
 
-Enabling NBDE disk encryption in an {ibmzProductName} or {linuxoneProductName} environment requires additional steps, which are described in detail in this section.
+Enabling NBDE disk encryption in an {ibm-z-name} or {ibm-linuxone-name} environment requires additional steps, which are described in detail in this section.
 
 .Prerequisites
 
@@ -36,10 +36,10 @@ Enabling NBDE disk encryption in an {ibmzProductName} or {linuxoneProductName} e
 +
 The following example of a Butane configuration for a control plane node creates a file named `master-storage.bu` for disk encryption:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: master-storage
   labels:
@@ -91,7 +91,7 @@ endif::ibm-z-kvm[]
 ----
 $ coreos-installer pxe customize \
     /root/rhcos-bootfiles/rhcos-<release>-live-initramfs.s390x.img \
-    --dest-device /dev/sda --dest-karg-append \
+    --dest-device /dev/disk/by-id/scsi-<serial-number> --dest-karg-append \
     ip=<ip-address>::<gateway-ip>:<subnet-mask>::<network-device>:none \
     --dest-karg-append nameserver=<nameserver-ip> \
     --dest-karg-append rd.neednet=1 -o \
@@ -159,4 +159,4 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
 endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
 :!ibm-z-kvm:
-endif::[]
\ No newline at end of file
+endif::[]
diff --git a/modules/ibmz-enable-multipathing-fcp-luns.adoc b/modules/ibmz-enable-multipathing-fcp-luns.adoc
index 44e1bc4cd578..7caa877a24da 100644
--- a/modules/ibmz-enable-multipathing-fcp-luns.adoc
+++ b/modules/ibmz-enable-multipathing-fcp-luns.adoc
@@ -2,15 +2,15 @@
 //
 // * post-installation-configuration/ibmz-post-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-multipathing-fcp-luns_{context}"]
 = Enabling multipathing for FCP LUNs
 
-Tasks in this section describe how to manually configure additional devices in an {ibmzProductName} or {linuxoneProductName} environment. This configuration method is persistent over node restarts but not {product-title} native and you need to redo the steps if you replace the node.
+Tasks in this section describe how to manually configure additional devices in an {ibm-z-name} or {ibm-linuxone-name} environment. This configuration method is persistent over node restarts but not {product-title} native and you need to redo the steps if you replace the node.
 
 [IMPORTANT]
 ====
-On {ibmzProductName} and {linuxoneProductName}, you can enable multipathing only if you configured your cluster for it during installation. For more information, see "Installing {op-system} and starting the {product-title} bootstrap process" in _Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName}_.
+On {ibm-z-name} and {ibm-linuxone-name}, you can enable multipathing only if you configured your cluster for it during installation. For more information, see "Installing {op-system} and starting the {product-title} bootstrap process" in _Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}_.
 ====
 
 .Prerequisites
diff --git a/modules/identity-provider-about-basic-authentication.adoc b/modules/identity-provider-about-basic-authentication.adoc
index aa7370657006..417edb7591e9 100644
--- a/modules/identity-provider-about-basic-authentication.adoc
+++ b/modules/identity-provider-about-basic-authentication.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="identity-provider-about-basic-authentication_{context}"]
 = About basic authentication
 
diff --git a/modules/identity-provider-about-ldap.adoc b/modules/identity-provider-about-ldap.adoc
index 32b452b4ba4d..f382235d4595 100644
--- a/modules/identity-provider-about-ldap.adoc
+++ b/modules/identity-provider-about-ldap.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-ldap-identity-provider.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="identity-provider-about-ldap_{context}"]
 = About LDAP authentication
 
diff --git a/modules/identity-provider-about-request-header.adoc b/modules/identity-provider-about-request-header.adoc
index 17f0d8dd902a..30d79dd228d3 100644
--- a/modules/identity-provider-about-request-header.adoc
+++ b/modules/identity-provider-about-request-header.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-request-header-identity-provider.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="identity-provider-about-request-header_{context}"]
 = About request header authentication
 
diff --git a/modules/identity-provider-add.adoc b/modules/identity-provider-add.adoc
index 78a9612ec1fd..d6a460a966cc 100644
--- a/modules/identity-provider-add.adoc
+++ b/modules/identity-provider-add.adoc
@@ -25,7 +25,7 @@ ifeval::["{context}" == "configuring-oidc-identity-provider"]
 :oidc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-identity-provider_{context}"]
 = Adding an identity provider to your cluster
 
diff --git a/modules/identity-provider-config-map.adoc b/modules/identity-provider-config-map.adoc
index 4932e8d886e6..e403dd031eac 100644
--- a/modules/identity-provider-config-map.adoc
+++ b/modules/identity-provider-config-map.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "configuring-github-identity-provider"]
 :github:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-configmap_{context}"]
 = Creating a config map
 
diff --git a/modules/identity-provider-configuring-apache-request-header.adoc b/modules/identity-provider-configuring-apache-request-header.adoc
index 88515151d9a1..bc7f5f46e304 100644
--- a/modules/identity-provider-configuring-apache-request-header.adoc
+++ b/modules/identity-provider-configuring-apache-request-header.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-request-header-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-configuring-apache-request-header_{context}"]
 = Configuring Apache authentication using request header
 
diff --git a/modules/identity-provider-configuring-using-web-console.adoc b/modules/identity-provider-configuring-using-web-console.adoc
index 883ec4e64652..52282366502c 100644
--- a/modules/identity-provider-configuring-using-web-console.adoc
+++ b/modules/identity-provider-configuring-using-web-console.adoc
@@ -3,7 +3,7 @@
 //* authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
 //* authentication/identity_providers/configuring-oidc-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-configuring-using-the-web-console_{context}"]
 = Configuring identity providers using the web console
 
diff --git a/modules/identity-provider-creating-htpasswd-file-linux.adoc b/modules/identity-provider-creating-htpasswd-file-linux.adoc
index 204ee422d26d..b09f54bd0bd9 100644
--- a/modules/identity-provider-creating-htpasswd-file-linux.adoc
+++ b/modules/identity-provider-creating-htpasswd-file-linux.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-htpasswd-file-linux_{context}"]
 = Creating an htpasswd file using Linux
 
@@ -21,7 +21,7 @@ this is available by installing the `httpd-tools` package.
 +
 [source,terminal]
 ----
-$ htpasswd -c -B -b </path/to/users.htpasswd> <user_name> <password>
+$ htpasswd -c -B -b </path/to/users.htpasswd> <username> <password>
 ----
 +
 The command generates a hashed version of the password.
@@ -30,7 +30,7 @@ For example:
 +
 [source,terminal]
 ----
-$ htpasswd -c -B -b users.htpasswd user1 MyPassword!
+$ htpasswd -c -B -b users.htpasswd <username> <password>
 ----
 +
 .Example output
diff --git a/modules/identity-provider-creating-htpasswd-file-windows.adoc b/modules/identity-provider-creating-htpasswd-file-windows.adoc
index 61784c60c228..910fb733c15a 100644
--- a/modules/identity-provider-creating-htpasswd-file-windows.adoc
+++ b/modules/identity-provider-creating-htpasswd-file-windows.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-htpasswd-file-windows_{context}"]
 = Creating an htpasswd file using Windows
 
@@ -21,7 +21,7 @@ directory of many Apache httpd distributions.
 +
 [source,terminal]
 ----
-> htpasswd.exe -c -B -b <\path\to\users.htpasswd> <user_name> <password>
+> htpasswd.exe -c -B -b <\path\to\users.htpasswd> <username> <password>
 ----
 +
 The command generates a hashed version of the password.
@@ -30,7 +30,7 @@ For example:
 +
 [source,terminal]
 ----
-> htpasswd.exe -c -B -b users.htpasswd user1 MyPassword!
+> htpasswd.exe -c -B -b users.htpasswd <username> <password>
 ----
 +
 .Example output
@@ -43,5 +43,5 @@ Adding password for user user1
 +
 [source,terminal]
 ----
-> htpasswd.exe -b <\path\to\users.htpasswd> <user_name> <password>
+> htpasswd.exe -b <\path\to\users.htpasswd> <username> <password>
 ----
diff --git a/modules/identity-provider-htpasswd-secret.adoc b/modules/identity-provider-htpasswd-secret.adoc
index e43d172923a5..1de7df0308b7 100644
--- a/modules/identity-provider-htpasswd-secret.adoc
+++ b/modules/identity-provider-htpasswd-secret.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-htpasswd-secret_{context}"]
 = Creating the htpasswd secret
 
diff --git a/modules/identity-provider-htpasswd-update-users.adoc b/modules/identity-provider-htpasswd-update-users.adoc
index 5a2b2d128c11..c580210ab31d 100644
--- a/modules/identity-provider-htpasswd-update-users.adoc
+++ b/modules/identity-provider-htpasswd-update-users.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-htpasswd-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-htpasswd-update-users_{context}"]
 = Updating users for an htpasswd identity provider
 
diff --git a/modules/identity-provider-ldap-secret.adoc b/modules/identity-provider-ldap-secret.adoc
index 124eed26a24d..bc92d4f357b7 100644
--- a/modules/identity-provider-ldap-secret.adoc
+++ b/modules/identity-provider-ldap-secret.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-ldap-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-ldap-secret_{context}"]
 = Creating the LDAP secret
 
diff --git a/modules/identity-provider-overview.adoc b/modules/identity-provider-overview.adoc
index d650bc4df595..0f69f7bad451 100644
--- a/modules/identity-provider-overview.adoc
+++ b/modules/identity-provider-overview.adoc
@@ -14,7 +14,7 @@
 // * authentication/identity_providers/configuring-oidc-identity-provider.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="identity-provider-overview_{context}"]
 = About identity providers in {product-title}
 
diff --git a/modules/identity-provider-registering-github.adoc b/modules/identity-provider-registering-github.adoc
index a23099cfe6c6..b14a498d63cc 100644
--- a/modules/identity-provider-registering-github.adoc
+++ b/modules/identity-provider-registering-github.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/identity_providers/configuring-github-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-registering-github_{context}"]
 = Registering a GitHub application
 
diff --git a/modules/identity-provider-secret-tls.adoc b/modules/identity-provider-secret-tls.adoc
index 6b22d24e83ff..85259addf132 100644
--- a/modules/identity-provider-secret-tls.adoc
+++ b/modules/identity-provider-secret-tls.adoc
@@ -3,7 +3,7 @@
 // * authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc
 // * authentication/identity_providers/configuring-keystone-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-secret-tls_{context}"]
 = Creating the secret
 
diff --git a/modules/identity-provider-secret.adoc b/modules/identity-provider-secret.adoc
index 5b8554b453ef..b4eeeede7a7b 100644
--- a/modules/identity-provider-secret.adoc
+++ b/modules/identity-provider-secret.adoc
@@ -5,7 +5,7 @@
 // * authentication/identity_providers/configuring-google-identity-provider.adoc
 // * authentication/identity_providers/configuring-oidc-identity-provider.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="identity-provider-creating-secret_{context}"]
 = Creating the secret
 
diff --git a/modules/idle-idling-applications.adoc b/modules/idle-idling-applications.adoc
index 8620ccee24a2..0c02461dfc95 100644
--- a/modules/idle-idling-applications.adoc
+++ b/modules/idle-idling-applications.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/idling-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="idle-idling-applications_{context}"]
 = Idling applications
 
diff --git a/modules/idle-unidling-applications.adoc b/modules/idle-unidling-applications.adoc
index fbe6b94c2c7a..22700c32581c 100644
--- a/modules/idle-unidling-applications.adoc
+++ b/modules/idle-unidling-applications.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/idling-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="idle-unidling-applications_{context}"]
 = Unidling applications
 
@@ -26,7 +26,3 @@ $ oc scale --replicas=1 dc <dc_name>
 Automatic unidling by a router is currently only supported by the default
 HAProxy router.
 ====
-[NOTE]
-====
-Services do not support automatic unidling if you configure Kuryr-Kubernetes as an SDN.
-====
diff --git a/modules/images b/modules/images
index e4c5bd02a10a..5e67573196d8 120000
--- a/modules/images
+++ b/modules/images
@@ -1 +1 @@
-../images/
\ No newline at end of file
+../images
\ No newline at end of file
diff --git a/modules/images-add-tags-to-imagestreams.adoc b/modules/images-add-tags-to-imagestreams.adoc
index 1c1c3ca0d5f3..7d1a835a8176 100644
--- a/modules/images-add-tags-to-imagestreams.adoc
+++ b/modules/images-add-tags-to-imagestreams.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/tagging-images
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-add-tags-to-imagestreams_{context}"]
 = Adding tags to image streams
 
diff --git a/modules/images-allow-pods-to-reference-images-across-projects.adoc b/modules/images-allow-pods-to-reference-images-across-projects.adoc
index 258a61227950..cb5a7ac83ee7 100644
--- a/modules/images-allow-pods-to-reference-images-across-projects.adoc
+++ b/modules/images-allow-pods-to-reference-images-across-projects.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/using-image-pull-secrets
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-allow-pods-to-reference-images-across-projects_{context}"]
 = Allowing pods to reference images across projects
 
diff --git a/modules/images-allow-pods-to-reference-images-from-secure-registries.adoc b/modules/images-allow-pods-to-reference-images-from-secure-registries.adoc
index 8b148c76bf92..caeb70b9ccc8 100644
--- a/modules/images-allow-pods-to-reference-images-from-secure-registries.adoc
+++ b/modules/images-allow-pods-to-reference-images-from-secure-registries.adoc
@@ -2,7 +2,7 @@
 // * openshift_images/using-image-pull-secrets
 // * openshift_images/managing-image-streams.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-allow-pods-to-reference-images-from-secure-registries_{context}"]
 = Allowing pods to reference images from other secured registries
 
diff --git a/modules/images-cluster-sample-imagestream-import.adoc b/modules/images-cluster-sample-imagestream-import.adoc
index 14277214d97a..55f3e0b4b913 100644
--- a/modules/images-cluster-sample-imagestream-import.adoc
+++ b/modules/images-cluster-sample-imagestream-import.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-cluster-sample-imagestream-import_{context}"]
 = Configuring periodic importing of Cluster Sample Operator image stream tags
 
@@ -18,20 +18,20 @@ oc get imagestreams -nopenshift
 
 . Fetch the tags for every imagestream in the `openshift` namespace by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get is <image-stream-name> -o jsonpath="{range .spec.tags[*]}{.name}{'\t'}{.from.name}{'\n'}{end}" -nopenshift
 ----
 +
 For example:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get is ubi8-openjdk-17 -o jsonpath="{range .spec.tags[*]}{.name}{'\t'}{.from.name}{'\n'}{end}" -nopenshift
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 1.11	registry.access.redhat.com/ubi8/openjdk-17:1.11
 1.12	registry.access.redhat.com/ubi8/openjdk-17:1.12
diff --git a/modules/images-configuration-allowed.adoc b/modules/images-configuration-allowed.adoc
index 97d12ea64aec..d890d9f3b74f 100644
--- a/modules/images-configuration-allowed.adoc
+++ b/modules/images-configuration-allowed.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-allowed_{context}"]
 = Adding specific registries
 
@@ -18,7 +18,7 @@ When the `allowedRegistries` parameter is defined, all registries, including the
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` CR:
+* Edit the `image.config.openshift.io/cluster` custom resource:
 +
 [source,terminal]
 ----
@@ -59,13 +59,45 @@ status:
 Either the `allowedRegistries` parameter or the `blockedRegistries` parameter can be set, but not both.
 ====
 +
-The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, the allowed registries list is used to update the image signature policy in the `/host/etc/containers/policy.json` file on each node.
+The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, the allowed registries list is used to update the image signature policy in the `/etc/containers/policy.json` file on each node.
 
-. To check that the registries have been added to the policy file, use the following command on a node:
+ifndef::openshift-rosa,openshift-dedicated[]
+.Verification
+
+* Enter the following command to obtain a list of your nodes:
++
+[source,terminal]
+----
+$ oc get nodes
+----
++
+Example output
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/policy.json
+NAME               STATUS   ROLES                  AGE   VERSION
+<node_name>        Ready    control-plane,master   37m   v1.27.8+4fab27b
+----
+
+. Run the following command to enter debug mode on the node:
++
+[source,terminal]
+----
+$ oc debug node/<node_name>
+----
+
+. When prompted, enter `chroot /host` into the terminal:
++
+[source,terminal]
+----
+sh-4.4# chroot /host
+----
+
+. Enter the following command to check that the registries have been added to the policy file:
++
+[source,terminal]
+----
+sh-5.1# cat /etc/containers/policy.json | jq '.'
 ----
 +
 The following policy indicates that only images from the example.com, quay.io, and registry.redhat.io registries are permitted for image pulls and pushes:
@@ -73,7 +105,7 @@ The following policy indicates that only images from the example.com, quay.io, a
 .Example image signature policy file
 [%collapsible]
 ====
-[source,terminal]
+[source,text]
 ----
 {
    "default":[
@@ -157,6 +189,7 @@ The following policy indicates that only images from the example.com, quay.io, a
 }
 ----
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [NOTE]
 ====
@@ -164,7 +197,7 @@ If your cluster uses the `registrySources.insecureRegistries` parameter, ensure
 
 For example:
 
-[source,yml]
+[source,yaml]
 ----
 spec:
   registrySources:
diff --git a/modules/images-configuration-blocked-payload.adoc b/modules/images-configuration-blocked-payload.adoc
index e1e231c089d5..cb7042c433fc 100644
--- a/modules/images-configuration-blocked-payload.adoc
+++ b/modules/images-configuration-blocked-payload.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/image-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-blocked-payload"]
 
 = Blocking a payload registry
@@ -26,7 +26,7 @@ spec:
 ----
 . After the object deploys onto your nodes, verify that the mirror configuration is set by checking the `/etc/containers/registries.conf` file:
 +
-.Example output 
+.Example output
 [source,terminal]
 ----
 [[registry]]
@@ -54,8 +54,8 @@ spec:
 ----
 
 .Verification
-* Verify that the upstream payload registry is blocked by checking the `/etc/containers/registries.conf` file on the node. 
-+ 
+* Verify that the upstream payload registry is blocked by checking the `/etc/containers/registries.conf` file on the node.
++
 .Example output
 [source,terminal]
 ----
diff --git a/modules/images-configuration-blocked.adoc b/modules/images-configuration-blocked.adoc
index dfe4a3699464..2007b943abca 100644
--- a/modules/images-configuration-blocked.adoc
+++ b/modules/images-configuration-blocked.adoc
@@ -3,11 +3,11 @@
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-blocked_{context}"]
 = Blocking specific registries
 
-You can block any registry, and optionally an individual repository within a registry, by editing the `image.config.openshift.io/cluster` custom resource (CR). {product-title} applies the changes to this CR to all nodes in the cluster.  
+You can block any registry, and optionally an individual repository within a registry, by editing the `image.config.openshift.io/cluster` custom resource (CR). {product-title} applies the changes to this CR to all nodes in the cluster.
 
 When pulling or pushing images, the container runtime searches the registries listed under the `registrySources` parameter in the `image.config.openshift.io/cluster` CR. If you created a list of registries under the `blockedRegistries` parameter, the container runtime does not search those registries. All other registries are allowed.
 
@@ -18,7 +18,7 @@ To prevent pod failure, do not add the `registry.redhat.io` and `quay.io` regist
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` CR:
+* Edit the `image.config.openshift.io/cluster` custom resource:
 +
 [source,terminal]
 ----
@@ -58,17 +58,49 @@ Either the `blockedRegistries` registry or the `allowedRegistries` registry can
 +
 The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, changes to the blocked registries appear in the `/etc/containers/registries.conf` file on each node.
 
-. To check that the registries have been added to the policy file, use the following command on a node:
+ifndef::openshift-rosa,openshift-dedicated[]
+.Verification
+
+* Enter the following command to obtain a list of your nodes:
++
+[source,terminal]
+----
+$ oc get nodes
+----
++
+Example output
++
+[source,terminal]
+----
+NAME                STATUS   ROLES                  AGE   VERSION
+<node_name>         Ready    control-plane,master   37m   v1.27.8+4fab27b
+----
+
+. Run the following command to enter debug mode on the node:
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/registries.conf
+$ oc debug node/<node_name>
+----
+
+. When prompted, enter `chroot /host` into the terminal:
++
+[source,terminal]
+----
+sh-4.4# chroot /host
+----
+
+. Enter the following command to check that the registries have been added to the policy file:
++
+[source,terminal]
+----
+sh-5.1# cat etc/containers/registries.conf
 ----
 +
 The following example indicates that images from the `untrusted.com` registry are prevented for image pulls and pushes:
 +
 .Example output
-[source,terminal]
+[source,text]
 ----
 unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
 
@@ -77,3 +109,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
   location = "untrusted.com"
   blocked = true
 ----
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/images-configuration-cas.adoc b/modules/images-configuration-cas.adoc
index ff93fd4a9b9e..63c4b7b35472 100644
--- a/modules/images-configuration-cas.adoc
+++ b/modules/images-configuration-cas.adoc
@@ -4,7 +4,7 @@
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-cas_{context}"]
 = Configuring additional trust stores for image registry access
 
@@ -40,7 +40,7 @@ data:
 
 You can configure additional CAs with the following procedure.
 
-. To configure an additional CA:
+* To configure an additional CA:
 +
 [source,terminal]
 ----
diff --git a/modules/images-configuration-file.adoc b/modules/images-configuration-file.adoc
index 35996661089a..3f03b04c1eab 100644
--- a/modules/images-configuration-file.adoc
+++ b/modules/images-configuration-file.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-file_{context}"]
 = Configuring image registry settings
 
@@ -86,10 +86,10 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                         STATUS                     ROLES                  AGE   VERSION
-ip-10-0-137-182.us-east-2.compute.internal   Ready,SchedulingDisabled   worker                 65m   v1.26.0
-ip-10-0-139-120.us-east-2.compute.internal   Ready,SchedulingDisabled   control-plane          74m   v1.26.0
-ip-10-0-176-102.us-east-2.compute.internal   Ready                      control-plane          75m   v1.26.0
-ip-10-0-188-96.us-east-2.compute.internal    Ready                      worker                 65m   v1.26.0
-ip-10-0-200-59.us-east-2.compute.internal    Ready                      worker                 63m   v1.26.0
-ip-10-0-223-123.us-east-2.compute.internal   Ready                      control-plane          73m   v1.26.0
+ip-10-0-137-182.us-east-2.compute.internal   Ready,SchedulingDisabled   worker                 65m   v1.28.5
+ip-10-0-139-120.us-east-2.compute.internal   Ready,SchedulingDisabled   control-plane          74m   v1.28.5
+ip-10-0-176-102.us-east-2.compute.internal   Ready                      control-plane          75m   v1.28.5
+ip-10-0-188-96.us-east-2.compute.internal    Ready                      worker                 65m   v1.28.5
+ip-10-0-200-59.us-east-2.compute.internal    Ready                      worker                 63m   v1.28.5
+ip-10-0-223-123.us-east-2.compute.internal   Ready                      control-plane          73m   v1.28.5
 ----
diff --git a/modules/images-configuration-insecure.adoc b/modules/images-configuration-insecure.adoc
index a8d07d0c62f5..1c63da8328c4 100644
--- a/modules/images-configuration-insecure.adoc
+++ b/modules/images-configuration-insecure.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-insecure_{context}"]
 = Allowing insecure registries
 
@@ -18,7 +18,7 @@ Insecure external registries should be avoided to reduce possible security risks
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` CR:
+* Edit the `image.config.openshift.io/cluster` custom resource:
 +
 [source,terminal]
 ----
@@ -66,11 +66,14 @@ When the `allowedRegistries` parameter is defined, all registries, including the
 +
 The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` CR for any changes to the registries, then drains and uncordons the nodes when it detects changes. After the nodes return to the `Ready` state, changes to the insecure and blocked registries appear in the `/etc/containers/registries.conf` file on each node.
 
-. To check that the registries have been added to the policy file, use the following command on a node:
+ifndef::openshift-rosa,openshift-dedicated[]
+.Verification
+
+* To check that the registries have been added to the policy file, use the following command on a node:
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/registries.conf
+$ cat /etc/containers/registries.conf
 ----
 +
 The following example indicates that images from the `insecure.com` registry is insecure and is allowed for image pulls and pushes.
@@ -85,3 +88,4 @@ unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
   location = "insecure.com"
   insecure = true
 ----
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/images-configuration-registry-mirror-convert.adoc b/modules/images-configuration-registry-mirror-convert.adoc
index 08afe23e850c..95d419a5b6ca 100644
--- a/modules/images-configuration-registry-mirror-convert.adoc
+++ b/modules/images-configuration-registry-mirror-convert.adoc
@@ -2,21 +2,26 @@
 //
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-registry-mirror-convert_{context}"]
 = Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring
 
-Using an `ImageContentSourcePolicy` (ICSP) object to configure repository mirroring is a deprecated feature. This functionality is still included in {product-title} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments. 
+Using an `ImageContentSourcePolicy` (ICSP) object to configure repository mirroring is a deprecated feature. This functionality is still included in {product-title} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
 
-ICSP objects are being replaced by `ImageDigestMirrorSet` and `ImageTagMirrorSet` objects to configure repository mirroring. If you have existing YAML files that you used to create `ImageContentSourcePolicy` objects, you can use the `oc adm migrate icsp` command to convert those files to an `ImageDigestMirrorSet` YAML file. The command updates the API to the current version, changes the `kind` value to `ImageDigestMirrorSet`, and changes `spec.repositoryDigestMirrors` to `spec.imageDigestMirrors`. The rest of the file is not changed. 
+ICSP objects are being replaced by `ImageDigestMirrorSet` and `ImageTagMirrorSet` objects to configure repository mirroring. If you have existing YAML files that you used to create `ImageContentSourcePolicy` objects, you can use the `oc adm migrate icsp` command to convert those files to an `ImageDigestMirrorSet` YAML file. The command updates the API to the current version, changes the `kind` value to `ImageDigestMirrorSet`, and changes `spec.repositoryDigestMirrors` to `spec.imageDigestMirrors`. The rest of the file is not changed.
 
 For more information about `ImageDigestMirrorSet` or `ImageTagMirrorSet` objects, see "Configuring image registry repository mirroring" in the previous section.
 
 .Prerequisites
 
-* Ensure that you have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 * Ensure that you have `ImageContentSourcePolicy` objects on your cluster.
 
diff --git a/modules/images-configuration-registry-mirror.adoc b/modules/images-configuration-registry-mirror.adoc
index 9ef3a53e7a7c..30ac2e1e51a6 100644
--- a/modules/images-configuration-registry-mirror.adoc
+++ b/modules/images-configuration-registry-mirror.adoc
@@ -2,9 +2,9 @@
 //
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-registry-mirror_{context}"]
 = Configuring image registry repository mirroring
 
@@ -29,7 +29,7 @@ By pulling container images needed by {product-title} and then bringing those im
 
 * After {product-title} installation:
 +
-If you did not configure mirroring during {product-title} installation, you can do so post-installation by using one of the following custom resource (CR) objects:
+If you did not configure mirroring during {product-title} installation, you can do so postinstallation by using one of the following custom resource (CR) objects:
 +
 --
 ** `ImageDigestMirrorSet`. This CR allows you to pull images from a mirrored registry by using digest specifications.
@@ -39,7 +39,7 @@ If you did not configure mirroring during {product-title} installation, you can
 +
 [IMPORTANT]
 ====
-Using an `ImageContentSourcePolicy` (ICSP) object to configure repository mirroring is a deprecated feature. Deprecated functionality is still included in {product-title} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments. If you have existing YAML files that you used to create `ImageContentSourcePolicy` objects, you can use the `oc adm migrate icsp` command to convert those files to an `ImageDigestMirrorSet` YAML file. For more information, see "Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring" in the following section. 
+Using an `ImageContentSourcePolicy` (ICSP) object to configure repository mirroring is a deprecated feature. Deprecated functionality is still included in {product-title} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments. If you have existing YAML files that you used to create `ImageContentSourcePolicy` objects, you can use the `oc adm migrate icsp` command to convert those files to an `ImageDigestMirrorSet` YAML file. For more information, see "Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring" in the following section.
 ====
 
 Both of these custom resource objects identify the following information:
@@ -54,20 +54,25 @@ requested from the source repository.
 If your cluster uses an `ImageDigestMirrorSet` or `ImageTagMirrorSet` object to configure repository mirroring, you can use only global pull secrets for mirrored registries. You cannot add a pull secret to a project.
 ====
 
-The following procedure creates a post-installation mirror configuration, where you create an `ImageDigestMirrorSet` object.
+The following procedure creates a postinstallation mirror configuration, where you create an `ImageDigestMirrorSet` object.
 
 .Prerequisites
-* Ensure that you have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 * Ensure that there are no `ImageContentSourcePolicy` objects on your cluster. For example, you can use the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get ImageContentSourcePolicy
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 No resources found
 ----
@@ -134,12 +139,12 @@ spec:
 ** `ImageTagMirrorSet`: Pulls a tag reference image.
 <3> Indicates the type of image pull method, either:
 ** `imageDigestMirrors`: Use for an `ImageDigestMirrorSet` CR.
-** `imageTagMirrors`: Use for an `ImageTagMirrorSet` CR. 
+** `imageTagMirrors`: Use for an `ImageTagMirrorSet` CR.
 <4> Indicates the name of the mirrored image registry and repository.
 <5> Optional: Indicates a secondary mirror repository for each target repository. If one mirror is down, the target repository can use another mirror.
 <6> Indicates the registry and repository source, which is the repository that is referred to in image pull specifications.
 <7> Optional: Indicates the fallback policy if the image pull fails:
-** `AllowContactingSource`: Allows continued attempts to pull the image from the source repository. This is the default. 
+** `AllowContactingSource`: Allows continued attempts to pull the image from the source repository. This is the default.
 ** `NeverContactSource`: Prevents continued attempts to pull the image from the source repository.
 <8> Optional: Indicates a namespace inside a registry, which allows you to use any image in that namespace. If you use a registry domain as a source, the object is applied to all repositories from the registry.
 <9> Optional: Indicates a registry, which allows you to use any image in that registry. If you specify a registry name, the object is applied to all repositories from a source registry to a mirror registry.
@@ -169,12 +174,12 @@ $ oc get node
 [source,terminal]
 ----
 NAME                           STATUS                     ROLES    AGE  VERSION
-ip-10-0-137-44.ec2.internal    Ready                      worker   7m   v1.26.0
-ip-10-0-138-148.ec2.internal   Ready                      master   11m  v1.26.0
-ip-10-0-139-122.ec2.internal   Ready                      master   11m  v1.26.0
-ip-10-0-147-35.ec2.internal    Ready                      worker   7m   v1.26.0
-ip-10-0-153-12.ec2.internal    Ready                      worker   7m   v1.26.0
-ip-10-0-154-10.ec2.internal    Ready                      master   11m  v1.26.0
+ip-10-0-137-44.ec2.internal    Ready                      worker   7m   v1.28.5
+ip-10-0-138-148.ec2.internal   Ready                      master   11m  v1.28.5
+ip-10-0-139-122.ec2.internal   Ready                      master   11m  v1.28.5
+ip-10-0-147-35.ec2.internal    Ready                      worker   7m   v1.28.5
+ip-10-0-153-12.ec2.internal    Ready                      worker   7m   v1.28.5
+ip-10-0-154-10.ec2.internal    Ready                      master   11m  v1.28.5
 ----
 
 .. Start the debugging process to access the node:
@@ -277,8 +282,8 @@ short-name-mode = ""
 <1> Indicates the repository that is referred to in a pull spec.
 <2> Indicates the mirror for that repository.
 <3> Indicates that the image pull from the mirror is a digest reference image.
-<4> Indicates that the `NeverContactSource` parameter is set for this repository. 
-<5> Indicates that the image pull from the mirror is a tag reference image. 
+<4> Indicates that the `NeverContactSource` parameter is set for this repository.
+<5> Indicates that the image pull from the mirror is a tag reference image.
 
 .. Pull an image to the node from the source and check if it is resolved by the mirror.
 +
diff --git a/modules/images-configuration-shortname.adoc b/modules/images-configuration-shortname.adoc
index a2b7b0f87274..2bad49e0b3bf 100644
--- a/modules/images-configuration-shortname.adoc
+++ b/modules/images-configuration-shortname.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/image-configuration.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-configuration-shortname_{context}"]
 = Adding registries that allow image short names
 
@@ -31,13 +31,13 @@ Potentially add the last line to the Ignoring image registry repository mirrorin
 ////
 ====
 
-The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, if the `containerRuntimeSearchRegistries` parameter is added, the MCO creates a file in the `/etc/containers/registries.conf.d` directory on each node with the listed registries. The file overrides the default list of unqualified search registries in the `/host/etc/containers/registries.conf` file. There is no way to fall back to the default list of unqualified search registries.
+The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` resource for any changes to the registries. When the MCO detects a change, it drains the nodes, applies the change, and uncordons the nodes. After the nodes return to the `Ready` state, if the `containerRuntimeSearchRegistries` parameter is added, the MCO creates a file in the `/etc/containers/registries.conf.d` directory on each node with the listed registries. The file overrides the default list of unqualified search registries in the `/etc/containers/registries.conf` file. There is no way to fall back to the default list of unqualified search registries.
 
 The `containerRuntimeSearchRegistries` parameter works only with the Podman and CRI-O container engines. The registries in the list can be used only in pod specs, not in builds and image streams.
 
 .Procedure
 
-. Edit the `image.config.openshift.io/cluster` custom resource:
+* Edit the `image.config.openshift.io/cluster` custom resource:
 +
 [source,terminal]
 ----
@@ -90,16 +90,48 @@ status:
 When the `allowedRegistries` parameter is defined, all registries, including the `registry.redhat.io` and `quay.io` registries and the default {product-registry}, are blocked unless explicitly listed. If you use this parameter, to prevent pod failure, add all registries including the `registry.redhat.io` and `quay.io` registries and the `internalRegistryHostname` to the `allowedRegistries` list, as they are required by payload images within your environment. For disconnected clusters, mirror registries should also be added.
 ====
 
-. To check that the registries have been added, when a node returns to the `Ready` state, use the following command on the node:
+ifndef::openshift-rosa,openshift-dedicated[]
+.Verification
+
+* Enter the following command to obtain a list of your nodes:
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/registries.conf.d/01-image-searchRegistries.conf
+$ oc get nodes
 ----
 +
-.Example output
+Example output
++
 [source,terminal]
 ----
-unqualified-search-registries = ['reg1.io', 'reg2.io', 'reg3.io']
+NAME                STATUS   ROLES                  AGE   VERSION
+<node_name>         Ready    control-plane,master   37m   v1.27.8+4fab27b
+----
+
+. Run the following command to enter debug mode on the node:
++
+[source,terminal]
+----
+$ oc debug node/<node_name>
 ----
 
+. When prompted, enter `chroot /host` into the terminal:
++
+[source,terminal]
+----
+sh-4.4# chroot /host
+----
+
+. Enter the following command to check that the registries have been added to the policy file:
++
+[source,terminal]
+----
+sh-5.1# cat /etc/containers/registries.conf.d/01-image-searchRegistries.conf
+----
++
+.Example output
+[source,text]
+----
+unqualified-search-registries = ['reg1.io', 'reg2.io', 'reg3.io']
+----
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/images-create-guide-general.adoc b/modules/images-create-guide-general.adoc
index 89c34156a1d5..9b6282647019 100644
--- a/modules/images-create-guide-general.adoc
+++ b/modules/images-create-guide-general.adoc
@@ -16,9 +16,9 @@ In addition, use tags in the `FROM` instruction, for example, `rhel:rhel7`, to m
 [discrete]
 == Maintain compatibility within tags
 
-When tagging your own images, try to maintain backwards compatibility within a tag. For example, if you provide an image named `foo` and it currently includes version `1.0`, you might provide a tag of `foo:v1`. When you update the image, as long as it continues to be compatible with the original image, you can continue to tag the new image `foo:v1`, and downstream consumers of this tag are able to get updates without being broken.
+When tagging your own images, try to maintain backwards compatibility within a tag. For example, if you provide an image named `image` and it currently includes version `1.0`, you might provide a tag of `image:v1`. When you update the image, as long as it continues to be compatible with the original image, you can continue to tag the new image `image:v1`, and downstream consumers of this tag are able to get updates without being broken.
 
-If you later release an incompatible update, then switch to a new tag, for example `foo:v2`. This allows downstream consumers to move up to the new version at will, but not be inadvertently broken by the new incompatible image. Any downstream consumer using `foo:latest` takes on the risk of any incompatible changes being introduced.
+If you later release an incompatible update, then switch to a new tag, for example `image:v2`. This allows downstream consumers to move up to the new version at will, but not be inadvertently broken by the new incompatible image. Any downstream consumer using `image:latest` takes on the risk of any incompatible changes being introduced.
 
 [discrete]
 == Avoid multiple processes
diff --git a/modules/images-create-guide-openshift.adoc b/modules/images-create-guide-openshift.adoc
index 281ad8162bd5..a8c3352c9a02 100644
--- a/modules/images-create-guide-openshift.adoc
+++ b/modules/images-create-guide-openshift.adoc
@@ -39,9 +39,9 @@ Because the container user is always a member of the root group, the container u
 
 [WARNING]
 ====
-Care must be taken when altering the directories and file permissions of sensitive areas of a container, which is no different than to a normal system.
+Care must be taken when altering the directories and file permissions of the sensitive areas of a container. If applied to sensitive areas, such as the `/etc/passwd` file, such changes can allow the modification of these files by unintended users, potentially exposing the container or host. CRI-O supports the insertion of arbitrary user IDs into a container's `/etc/passwd` file. As such, changing permissions is never required.
 
-If applied to sensitive areas, such as `/etc/passwd`, this can allow the modification of such files by unintended users potentially exposing the container or host. CRI-O supports the insertion of arbitrary user IDs into the container's `/etc/passwd`, so changing permissions is never required.
+Additionally, the `/etc/passwd` file should not exist in any container image. If it does, the CRI-O container runtime will fail to inject a random UID into the `/etc/passwd` file. In such cases, the container might face challenges in resolving the active UID. Failing to meet this requirement could impact the functionality of certain containerized applications.
 ====
 
 In addition, the processes running in the container must not listen on privileged ports, ports below 1024, since they are not running as a privileged user.
diff --git a/modules/images-create-s2i-build.adoc b/modules/images-create-s2i-build.adoc
index c90b36ee958c..fd10ad617c86 100644
--- a/modules/images-create-s2i-build.adoc
+++ b/modules/images-create-s2i-build.adoc
@@ -3,7 +3,7 @@
 //* builds/build-strategies.adoc
 // * openshift_images/create-images.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-create-s2i-build_{context}"]
 = Understanding the source-to-image build process
 
diff --git a/modules/images-getting-info-about-imagestreams.adoc b/modules/images-getting-info-about-imagestreams.adoc
index cb2f7d9262bb..22b64752bcf6 100644
--- a/modules/images-getting-info-about-imagestreams.adoc
+++ b/modules/images-getting-info-about-imagestreams.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-getting-info-about-imagestreams_{context}"]
 = Getting information about image streams
 
diff --git a/modules/images-image-pull-policy-overview.adoc b/modules/images-image-pull-policy-overview.adoc
index e17c0746dc30..df07a82ba5bf 100644
--- a/modules/images-image-pull-policy-overview.adoc
+++ b/modules/images-image-pull-policy-overview.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-pull-policy
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-image-pull-policy-overview_{context}"]
 = Image pull policy overview
 
diff --git a/modules/images-imagestream-adding-tags.adoc b/modules/images-imagestream-adding-tags.adoc
index 5965b854d45b..fb501d3e938b 100644
--- a/modules/images-imagestream-adding-tags.adoc
+++ b/modules/images-imagestream-adding-tags.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-adding-tags_{context}"]
 = Adding tags to an image stream
 
diff --git a/modules/images-imagestream-external-image-tags.adoc b/modules/images-imagestream-external-image-tags.adoc
index 6cd16d53c01b..26761257f2f2 100644
--- a/modules/images-imagestream-external-image-tags.adoc
+++ b/modules/images-imagestream-external-image-tags.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-external-image-tags_{context}"]
 = Adding tags for an external image
 
diff --git a/modules/images-imagestream-import-images-private-registry.adoc b/modules/images-imagestream-import-images-private-registry.adoc
index 052da8c0cc8b..43fc63a132f5 100644
--- a/modules/images-imagestream-import-images-private-registry.adoc
+++ b/modules/images-imagestream-import-images-private-registry.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * assembly/openshift_images/managing-image-streams.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-import-images-private-registry_{context}"]
 = Importing images and image streams from private registries
 
diff --git a/modules/images-imagestream-import-import-mode.adoc b/modules/images-imagestream-import-import-mode.adoc
index 13824e32806c..54815378bebc 100644
--- a/modules/images-imagestream-import-import-mode.adoc
+++ b/modules/images-imagestream-import-import-mode.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-import-import-mode_{context}"]
 = Working with manifest lists
 
diff --git a/modules/images-imagestream-import.adoc b/modules/images-imagestream-import.adoc
index 5e3519586319..ef3ceb06b42a 100644
--- a/modules/images-imagestream-import.adoc
+++ b/modules/images-imagestream-import.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-import_{context}"]
 = Configuring periodic importing of image stream tags
 
diff --git a/modules/images-imagestream-periodic-import-list.adoc b/modules/images-imagestream-periodic-import-list.adoc
index c736f6c4405d..fef883b64ae1 100644
--- a/modules/images-imagestream-periodic-import-list.adoc
+++ b/modules/images-imagestream-periodic-import-list.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-periodic-import-list_{context}"]
 = Configuring periodic importing of manifest lists
 
diff --git a/modules/images-imagestream-remove-tag.adoc b/modules/images-imagestream-remove-tag.adoc
index 7a7e94d53003..d964f521578e 100644
--- a/modules/images-imagestream-remove-tag.adoc
+++ b/modules/images-imagestream-remove-tag.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-remove-tag_{context}"]
 = Removing image stream tags
 
@@ -20,11 +20,11 @@ For example:
 +
 [source,terminal]
 ----
-$ oc tag -d python:3.5
+$ oc tag -d python:3.6
 ----
 +
 .Example output
 [source,terminal]
 ----
-Deleted tag default/python:3.5.
+Deleted tag default/python:3.6
 ----
diff --git a/modules/images-imagestream-specify-architecture.adoc b/modules/images-imagestream-specify-architecture.adoc
index bc3d6dbe1dad..bc8c9bd029e3 100644
--- a/modules/images-imagestream-specify-architecture.adoc
+++ b/modules/images-imagestream-specify-architecture.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * assembly/openshift_images/managing-image-streams.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-imagestream-specify-architecture_{context}"]
 = Specifying architecture for --import-mode
 
diff --git a/modules/images-imagestream-ssl-import-list.adoc b/modules/images-imagestream-ssl-import-list.adoc
index 2546dd13f834..ef455374c25b 100644
--- a/modules/images-imagestream-ssl-import-list.adoc
+++ b/modules/images-imagestream-ssl-import-list.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-ssl-import-list_{context}"]
 = Configuring SSL/TSL when importing manifest lists
 
diff --git a/modules/images-imagestream-update-tag.adoc b/modules/images-imagestream-update-tag.adoc
index 4ec866a23446..15bf1e82a9ca 100644
--- a/modules/images-imagestream-update-tag.adoc
+++ b/modules/images-imagestream-update-tag.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-imagestream-update-tag_{context}"]
 = Updating image stream tags
 
diff --git a/modules/images-managing-images-enabling-imagestreams-kube.adoc b/modules/images-managing-images-enabling-imagestreams-kube.adoc
index ba537f178b16..bca39c044156 100644
--- a/modules/images-managing-images-enabling-imagestreams-kube.adoc
+++ b/modules/images-managing-images-enabling-imagestreams-kube.adoc
@@ -3,16 +3,13 @@
 // * openshift_images/managing-images/using-imagestreams-with-kube-resources.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-managing-images-enabling-imagestreams-kube_{context}"]
 = Enabling image streams with Kubernetes resources
 
 When using image streams with Kubernetes resources, you can only reference image streams that reside in the same project as the resource. The image stream reference must consist of a single segment value, for example `ruby:2.5`, where `ruby` is the name of an image stream that has a tag named `2.5` and resides in the same project as the resource making the reference.
 
-[NOTE]
-====
-This feature can not be used in the `default` namespace, nor in any `openshift-` or `kube-` namespace.
-====
+include::snippets/default-projects.adoc[]
 
 There are two ways to enable image streams with Kubernetes resources:
 
diff --git a/modules/images-managing-overview.adoc b/modules/images-managing-overview.adoc
index 7de251d923fe..daddcb57b7ab 100644
--- a/modules/images-managing-overview.adoc
+++ b/modules/images-managing-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift-images/managing-images.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-managing-overview_{context}"]
 = Images overview
 
diff --git a/modules/images-other-jenkins-agent-env-var.adoc b/modules/images-other-jenkins-agent-env-var.adoc
index 37dafbad9e2e..7560170f1acc 100644
--- a/modules/images-other-jenkins-agent-env-var.adoc
+++ b/modules/images-other-jenkins-agent-env-var.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins-agent.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="images-other-jenkins-agent-env-var_{context}"]
 = Jenkins agent environment variables
 
diff --git a/modules/images-other-jenkins-agent-gradle.adoc b/modules/images-other-jenkins-agent-gradle.adoc
index 03e94695f8b3..76aa553cef8e 100644
--- a/modules/images-other-jenkins-agent-gradle.adoc
+++ b/modules/images-other-jenkins-agent-gradle.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins-agent.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="images-other-jenkins-agent-gradle_{context}"]
 = Jenkins agent Gradle builds
 
diff --git a/modules/images-other-jenkins-agent-images.adoc b/modules/images-other-jenkins-agent-images.adoc
index 33bb1b484a59..458f3b5420eb 100644
--- a/modules/images-other-jenkins-agent-images.adoc
+++ b/modules/images-other-jenkins-agent-images.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins-agent.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="images-other-jenkins-agent-images_{context}"]
 = Jenkins agent images
 
diff --git a/modules/images-other-jenkins-agent-memory.adoc b/modules/images-other-jenkins-agent-memory.adoc
index e3bff2646037..fd08077ae994 100644
--- a/modules/images-other-jenkins-agent-memory.adoc
+++ b/modules/images-other-jenkins-agent-memory.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins-agent.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-agent-memory_{context}"]
 = Jenkins agent memory requirements
 
diff --git a/modules/images-other-jenkins-agent-pod-retention.adoc b/modules/images-other-jenkins-agent-pod-retention.adoc
index 74e36a839b96..e41c7da911cb 100644
--- a/modules/images-other-jenkins-agent-pod-retention.adoc
+++ b/modules/images-other-jenkins-agent-pod-retention.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins-agent.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="images-other-jenkins-agent-pod-retention_{context}"]
 = Jenkins agent pod retention
 
diff --git a/modules/images-other-jenkins-auth.adoc b/modules/images-other-jenkins-auth.adoc
index 67592c60a648..c8dbaaad6bde 100644
--- a/modules/images-other-jenkins-auth.adoc
+++ b/modules/images-other-jenkins-auth.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-other-jenkins-auth_{context}"]
 = Jenkins authentication
 
diff --git a/modules/images-other-jenkins-config-kubernetes.adoc b/modules/images-other-jenkins-config-kubernetes.adoc
index faad540c5695..d85ce08b2394 100644
--- a/modules/images-other-jenkins-config-kubernetes.adoc
+++ b/modules/images-other-jenkins-config-kubernetes.adoc
@@ -2,11 +2,11 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-config-kubernetes_{context}"]
 = Configuring the Jenkins Kubernetes plugin
 
-The OpenShift Jenkins image includes the pre-installed link:https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+Plugin[Kubernetes plugin for Jenkins] so that Jenkins agents can be dynamically provisioned on multiple container hosts using Kubernetes and {product-title}.
+The OpenShift Jenkins image includes the preinstalled link:https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+Plugin[Kubernetes plugin for Jenkins] so that Jenkins agents can be dynamically provisioned on multiple container hosts using Kubernetes and {product-title}.
 
 To use the Kubernetes plugin, {product-title} provides an OpenShift Agent Base image that is suitable for use as a Jenkins agent.
 
diff --git a/modules/images-other-jenkins-create-service.adoc b/modules/images-other-jenkins-create-service.adoc
index ba9c53fcadbc..3f30b25e87bf 100644
--- a/modules/images-other-jenkins-create-service.adoc
+++ b/modules/images-other-jenkins-create-service.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-other-jenkins-create-service_{context}"]
 = Creating a Jenkins service from a template
 
diff --git a/modules/images-other-jenkins-cross-project.adoc b/modules/images-other-jenkins-cross-project.adoc
index 0aa0d3736718..a81568221864 100644
--- a/modules/images-other-jenkins-cross-project.adoc
+++ b/modules/images-other-jenkins-cross-project.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-other-jenkins-cross-project_{context}"]
 = Providing Jenkins cross project access
 
diff --git a/modules/images-other-jenkins-customize-s2i.adoc b/modules/images-other-jenkins-customize-s2i.adoc
index b9421af42602..b7ca9ccb1fb1 100644
--- a/modules/images-other-jenkins-customize-s2i.adoc
+++ b/modules/images-other-jenkins-customize-s2i.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-customize-s2i_{context}"]
 = Customizing the Jenkins image through source-to-image
 
diff --git a/modules/images-other-jenkins-env-var.adoc b/modules/images-other-jenkins-env-var.adoc
index 8e1569691b4e..4d47fcd50d03 100644
--- a/modules/images-other-jenkins-env-var.adoc
+++ b/modules/images-other-jenkins-env-var.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="images-other-jenkins-env-var_{context}"]
 = Jenkins environment variables
 
diff --git a/modules/images-other-jenkins-kubernetes-plugin.adoc b/modules/images-other-jenkins-kubernetes-plugin.adoc
index 843eb4d9af87..46fae2a1b37c 100644
--- a/modules/images-other-jenkins-kubernetes-plugin.adoc
+++ b/modules/images-other-jenkins-kubernetes-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-kubernetes-plugin_{context}"]
 = Using the Jenkins Kubernetes plugin
 
diff --git a/modules/images-other-jenkins-memory.adoc b/modules/images-other-jenkins-memory.adoc
index d12411d290c5..6c7e8488ae62 100644
--- a/modules/images-other-jenkins-memory.adoc
+++ b/modules/images-other-jenkins-memory.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-memory_{context}"]
 = Jenkins memory requirements
 
diff --git a/modules/images-other-jenkins-oauth-auth.adoc b/modules/images-other-jenkins-oauth-auth.adoc
index 493d59fca046..70797b25ed23 100644
--- a/modules/images-other-jenkins-oauth-auth.adoc
+++ b/modules/images-other-jenkins-oauth-auth.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-oauth-auth_{context}"]
 = {product-title} OAuth authentication
 
diff --git a/modules/images-other-jenkins-permissions.adoc b/modules/images-other-jenkins-permissions.adoc
index a28686174b32..c86709864d10 100644
--- a/modules/images-other-jenkins-permissions.adoc
+++ b/modules/images-other-jenkins-permissions.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/jenkins/images-other-jenkins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-other-jenkins-permissions_{context}"]
 = Jenkins permissions
 
diff --git a/modules/images-pulling-from-private-registries.adoc b/modules/images-pulling-from-private-registries.adoc
index dc0b673a009c..4066797e2a39 100644
--- a/modules/images-pulling-from-private-registries.adoc
+++ b/modules/images-pulling-from-private-registries.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/using-image-pull-secrets
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-pulling-from-private-registries_{context}"]
 = Pulling from private registries with delegated authentication
 
diff --git a/modules/images-referencing-images-imagestreams.adoc b/modules/images-referencing-images-imagestreams.adoc
index c222a57ba9e8..f8dc4f7d83f1 100644
--- a/modules/images-referencing-images-imagestreams.adoc
+++ b/modules/images-referencing-images-imagestreams.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/tagging-images
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-referencing-images-imagestreams_{context}"]
 = Referencing images in imagestreams
 
diff --git a/modules/images-remove-tag-imagestream.adoc b/modules/images-remove-tag-imagestream.adoc
index a97922e3e970..9176be11bd31 100644
--- a/modules/images-remove-tag-imagestream.adoc
+++ b/modules/images-remove-tag-imagestream.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/tagging-images
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-remove-tag-imagestream_{context}"]
 = Removing tags from image streams
 
diff --git a/modules/images-s2i-build-process-overview.adoc b/modules/images-s2i-build-process-overview.adoc
index 006552f1558d..5edd31f9e043 100644
--- a/modules/images-s2i-build-process-overview.adoc
+++ b/modules/images-s2i-build-process-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using_images/using-images-source-to-image.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-s2i-build-process-overview_{context}"]
 = Source-to-image build process overview
 
diff --git a/modules/images-samples-operator-deprecated-image-stream.adoc b/modules/images-samples-operator-deprecated-image-stream.adoc
index a721d87db974..c7df0260dbed 100644
--- a/modules/images-samples-operator-deprecated-image-stream.adoc
+++ b/modules/images-samples-operator-deprecated-image-stream.adoc
@@ -1,9 +1,10 @@
 // Module included in the following assemblies:
 //
 // * openshift_images/configuring-samples-operator.adoc
+// * openshift_images/configuring-samples-operator.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-samples-operator-deprecated-image-stream_{context}"]
 = Removing deprecated image stream tags from the Cluster Samples Operator
 
diff --git a/modules/images-test-s2i.adoc b/modules/images-test-s2i.adoc
index 447fde8ce773..a2c40faf483c 100644
--- a/modules/images-test-s2i.adoc
+++ b/modules/images-test-s2i.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/create-images.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="images-test-s2i_{context}"]
 = About testing source-to-image images
 
diff --git a/modules/images-triggering-updates-imagestream-changes-kubernetes-about.adoc b/modules/images-triggering-updates-imagestream-changes-kubernetes-about.adoc
index 246cb30bd97e..ac1d9ca82ae5 100644
--- a/modules/images-triggering-updates-imagestream-changes-kubernetes-about.adoc
+++ b/modules/images-triggering-updates-imagestream-changes-kubernetes-about.adoc
@@ -12,25 +12,29 @@ The annotation is defined as follows:
 
 [source,yaml]
 ----
-Key: image.openshift.io/triggers
-Value:
-[
- {
-   "from": {
-     "kind": "ImageStreamTag", <1>
-     "name": "example:latest", <2>
-     "namespace": "myapp" <3>
-   },
-   "fieldPath": "spec.template.spec.containers[?(@.name==\"web\")].image", <4>
-   "paused": false <5>
- },
- ...
-]
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    image.openshift.io/triggers:
+      [
+       {
+         "from": {
+           "kind": "ImageStreamTag", <1>
+           "name": "example:latest", <2>
+           "namespace": "myapp" <3>
+         },
+         "fieldPath": "spec.template.spec.containers[?(@.name==\"web\")].image", <4>
+         "paused": false <5>
+       },
+      # ...
+      ]
+# ...
 ----
 <1> Required: `kind` is the resource to trigger from must be `ImageStreamTag`.
 <2> Required: `name` must be the name of an image stream tag.
 <3> Optional: `namespace` defaults to the namespace of the object.
-<4> Required: `fieldPath` is the JSON path to change. This field is limited and accepts only a JSON path expression that precisely matches a container by ID or index. For pods, the JSON path is  "spec.containers[?(@.name='web')].image".
+<4> Required: `fieldPath` is the JSON path to change. This field is limited and accepts only a JSON path expression that precisely matches a container by ID or index. For pods, the JSON path is `spec.containers[?(@.name='web')].image`.
 <5> Optional: `paused` is whether or not the trigger is paused, and the default value is `false`. Set `paused` to `true` to temporarily disable this trigger.
 
 When one of the core Kubernetes resources contains both a pod template and this annotation, {product-title} attempts to update the object by using the image currently associated with the image stream tag that is referenced by trigger. The update is performed against the `fieldPath` specified.
diff --git a/modules/images-triggering-updates-imagestream-changes-kubernetes-cli.adoc b/modules/images-triggering-updates-imagestream-changes-kubernetes-cli.adoc
index 03e76d91a1e3..838a6c091cb1 100644
--- a/modules/images-triggering-updates-imagestream-changes-kubernetes-cli.adoc
+++ b/modules/images-triggering-updates-imagestream-changes-kubernetes-cli.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/triggering-updates-on-imagestream-changes.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-triggering-updates-imagestream-changes-kubernetes-cli_{context}"]
 = Setting the image trigger on Kubernetes resources
 
@@ -17,5 +17,17 @@ When adding an image trigger to deployments, you can use the `oc set triggers` c
 ----
 $ oc set triggers deploy/example --from-image=example:latest -c web
 ----
-
++
+.Example deployment with trigger annotation
++
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"example:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"container\")].image"}]'
+# ...
+----
++
 Unless the deployment is paused, this pod template update automatically causes a deployment to occur with the new image value.
diff --git a/modules/images-update-global-pull-secret.adoc b/modules/images-update-global-pull-secret.adoc
index ab32a54f219e..130a434500d8 100644
--- a/modules/images-update-global-pull-secret.adoc
+++ b/modules/images-update-global-pull-secret.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 // * openshift_images/managing_images/using-image-pull-secrets.adoc
 // * post_installation_configuration/cluster-tasks.adoc
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 // * support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
-// * sd_support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
 //
 // Not included, but linked to from:
 // * operators/admin/olm-managing-custom-catalogs.adoc
@@ -12,7 +11,7 @@ ifeval::["{context}" == "using-image-pull-secrets"]
 :image-pull-secrets:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-update-global-pull-secret_{context}"]
 = Updating the global cluster pull secret
 
@@ -27,7 +26,7 @@ ifdef::image-pull-secrets[]
 ====
 To transfer your cluster to another owner, you must first initiate the transfer in {cluster-manager-url}, and then update the pull secret on the cluster. Updating a cluster's pull secret without initiating the transfer in {cluster-manager} causes the cluster to stop reporting Telemetry metrics in {cluster-manager}.
 
-For more information link:https://access.redhat.com/documentation/en-us/openshift_cluster_manager/2021/html/managing_clusters/assembly-managing-clusters#transferring-cluster-ownership_assembly-managing-clusters[about transferring cluster ownership], see "Transferring cluster ownership" in the {cluster-manager-first} documentation.
+For more information link:https://access.redhat.com/documentation/en-us/openshift_cluster_manager/2023/html-single/managing_clusters/index#transferring-cluster-ownership_downloading-and-updating-pull-secrets[about transferring cluster ownership], see "Transferring cluster ownership" in the {cluster-manager-first} documentation.
 ====
 endif::image-pull-secrets[]
 
diff --git a/modules/images-using-customizing-s2i-images-scripts-embedded.adoc b/modules/images-using-customizing-s2i-images-scripts-embedded.adoc
index 4c32e6efc5a7..6035fa20ced2 100644
--- a/modules/images-using-customizing-s2i-images-scripts-embedded.adoc
+++ b/modules/images-using-customizing-s2i-images-scripts-embedded.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using_images/customizing-s2i-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="images-using-customizing-s2i-images-scripts-embedded_{context}"]
 = Invoking scripts embedded in an image
 
diff --git a/modules/images-using-imagestream-tags.adoc b/modules/images-using-imagestream-tags.adoc
index a0226e7b35e2..365308129f47 100644
--- a/modules/images-using-imagestream-tags.adoc
+++ b/modules/images-using-imagestream-tags.adoc
@@ -14,6 +14,11 @@ The following image stream tag is from an `ImageStream` object:
 
 [source,yaml]
 ----
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: my-image-stream
+# ...  
   tags:
   - items:
     - created: 2017-09-02T10:15:09Z
@@ -25,6 +30,7 @@ The following image stream tag is from an `ImageStream` object:
       generation: 1
       image: sha256:47463d94eb5c049b2d23b03a9530bf944f8f967a0fe79147dd6b9135bf7dd13d
     tag: latest
+# ...
 ----
 
 Image stream tags can be permanent tags or tracking tags.
diff --git a/modules/impersonation-project-creation.adoc b/modules/impersonation-project-creation.adoc
index 8dce08473d60..ec7d1277dfe8 100644
--- a/modules/impersonation-project-creation.adoc
+++ b/modules/impersonation-project-creation.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/projects/creating-project-other-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="impersonation-project-creation_{context}"]
 = Impersonating a user when you create a project
 
diff --git a/modules/impersonation-system-admin-group.adoc b/modules/impersonation-system-admin-group.adoc
index 8d47b654141b..0d3ef0871757 100644
--- a/modules/impersonation-system-admin-group.adoc
+++ b/modules/impersonation-system-admin-group.adoc
@@ -2,7 +2,7 @@
 //
 // * users_and_roles/impersonating-system-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="impersonation-system-admin-group_{context}"]
 = Impersonating the system:admin group
 
diff --git a/modules/impersonation-system-admin-user.adoc b/modules/impersonation-system-admin-user.adoc
index 86bd63c3e363..c2bafd6c67ac 100644
--- a/modules/impersonation-system-admin-user.adoc
+++ b/modules/impersonation-system-admin-user.adoc
@@ -2,7 +2,7 @@
 //
 // * users_and_roles/impersonating-system-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="impersonation-system-admin-user_{context}"]
 = Impersonating the system:admin user
 
diff --git a/modules/importing-manifest-list-through-imagestreamimport.adoc b/modules/importing-manifest-list-through-imagestreamimport.adoc
index f18ebf11ae0b..395ad21eb4c5 100644
--- a/modules/importing-manifest-list-through-imagestreamimport.adoc
+++ b/modules/importing-manifest-list-through-imagestreamimport.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/image-streams-manage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="importing-manifest-list-through-imagestreamimport_{context}"]
 = Importing a manifest list through ImageStreamImport
 
diff --git a/modules/importmode-configuration-fields.adoc b/modules/importmode-configuration-fields.adoc
index 078d52eeb64b..dc6b2b09887e 100644
--- a/modules/importmode-configuration-fields.adoc
+++ b/modules/importmode-configuration-fields.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * assembly/openshift_images/managing-image-streams.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="importmode-configuration-fields_{context}"]
 = Configuration fields for --import-mode
 
diff --git a/modules/infrastructure-moving-logging.adoc b/modules/infrastructure-moving-logging.adoc
index 184b1cb05099..fdaee3b4275d 100644
--- a/modules/infrastructure-moving-logging.adoc
+++ b/modules/infrastructure-moving-logging.adoc
@@ -3,17 +3,17 @@
 // * machine_management/creating-infrastructure-machinesets.adoc
 // * logging/cluster-logging-moving.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="infrastructure-moving-logging_{context}"]
-= Moving OpenShift Logging resources
+= Moving {logging} resources
 
-You can configure the Cluster Logging Operator to deploy the pods for {logging} components, such as Elasticsearch and Kibana, to different nodes. You cannot move the Cluster Logging Operator pod from its installed location.
+You can configure the {clo} to deploy the pods for {logging} components, such as Elasticsearch and Kibana, to different nodes. You cannot move the {clo} pod from its installed location.
 
 For example, you can move the Elasticsearch pods to a separate node because of high CPU, memory, and disk requirements.
 
 .Prerequisites
 
-* The Red Hat OpenShift Logging and Elasticsearch Operators must be installed. These features are not installed by default.
+* You have installed the {clo} and the {es-op}.
 
 .Procedure
 
@@ -24,19 +24,13 @@ For example, you can move the Elasticsearch pods to a separate node because of h
 $ oc edit ClusterLogging instance
 ----
 +
+.Example `ClusterLogging` CR
 [source,yaml]
 ----
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogging
-
-...
-
+# ...
 spec:
-  collection:
-    logs:
-      fluentd:
-        resources: null
-      type: fluentd
   logStore:
     elasticsearch:
       nodeCount: 3
@@ -76,8 +70,7 @@ spec:
       replicas: 1
       resources: null
     type: kibana
-
-...
+# ...
 ----
 <1> Add a `nodeSelector` parameter with the appropriate value to the component you want to move. You can use a `nodeSelector` in the format shown or use `<key>: <value>` pairs, based on the value specified for the node.  If you added a taint to the infrasructure node, also add a matching toleration.
 
@@ -112,13 +105,13 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                         STATUS   ROLES          AGE   VERSION
-ip-10-0-133-216.us-east-2.compute.internal   Ready    master         60m   v1.26.0
-ip-10-0-139-146.us-east-2.compute.internal   Ready    master         60m   v1.26.0
-ip-10-0-139-192.us-east-2.compute.internal   Ready    worker         51m   v1.26.0
-ip-10-0-139-241.us-east-2.compute.internal   Ready    worker         51m   v1.26.0
-ip-10-0-147-79.us-east-2.compute.internal    Ready    worker         51m   v1.26.0
-ip-10-0-152-241.us-east-2.compute.internal   Ready    master         60m   v1.26.0
-ip-10-0-139-48.us-east-2.compute.internal    Ready    infra          51m   v1.26.0
+ip-10-0-133-216.us-east-2.compute.internal   Ready    master         60m   v1.28.5
+ip-10-0-139-146.us-east-2.compute.internal   Ready    master         60m   v1.28.5
+ip-10-0-139-192.us-east-2.compute.internal   Ready    worker         51m   v1.28.5
+ip-10-0-139-241.us-east-2.compute.internal   Ready    worker         51m   v1.28.5
+ip-10-0-147-79.us-east-2.compute.internal    Ready    worker         51m   v1.28.5
+ip-10-0-152-241.us-east-2.compute.internal   Ready    master         60m   v1.28.5
+ip-10-0-139-48.us-east-2.compute.internal    Ready    infra          51m   v1.28.5
 ----
 +
 Note that the node has a `node-role.kubernetes.io/infra: ''` label:
@@ -150,13 +143,9 @@ metadata:
 ----
 apiVersion: logging.openshift.io/v1
 kind: ClusterLogging
-
-...
-
+# ...
 spec:
-
-...
-
+# ...
   visualization:
     kibana:
       nodeSelector: <1>
@@ -184,12 +173,12 @@ cluster-logging-operator-84d98649c4-zb9g7       1/1     Running       0
 elasticsearch-cdm-hwv01pf7-1-56588f554f-kpmlg   2/2     Running       0          28m
 elasticsearch-cdm-hwv01pf7-2-84c877d75d-75wqj   2/2     Running       0          28m
 elasticsearch-cdm-hwv01pf7-3-f5d95b87b-4nx78    2/2     Running       0          28m
-fluentd-42dzz                                   1/1     Running       0          28m
-fluentd-d74rq                                   1/1     Running       0          28m
-fluentd-m5vr9                                   1/1     Running       0          28m
-fluentd-nkxl7                                   1/1     Running       0          28m
-fluentd-pdvqb                                   1/1     Running       0          28m
-fluentd-tflh6                                   1/1     Running       0          28m
+collector-42dzz                                 1/1     Running       0          28m
+collector-d74rq                                 1/1     Running       0          28m
+collector-m5vr9                                 1/1     Running       0          28m
+collector-nkxl7                                 1/1     Running       0          28m
+collector-pdvqb                                 1/1     Running       0          28m
+collector-tflh6                                 1/1     Running       0          28m
 kibana-5b8bdf44f9-ccpq9                         2/2     Terminating   0          4m11s
 kibana-7d85dcffc8-bfpfp                         2/2     Running       0          33s
 ----
@@ -223,11 +212,11 @@ cluster-logging-operator-84d98649c4-zb9g7       1/1     Running   0          30m
 elasticsearch-cdm-hwv01pf7-1-56588f554f-kpmlg   2/2     Running   0          29m
 elasticsearch-cdm-hwv01pf7-2-84c877d75d-75wqj   2/2     Running   0          29m
 elasticsearch-cdm-hwv01pf7-3-f5d95b87b-4nx78    2/2     Running   0          29m
-fluentd-42dzz                                   1/1     Running   0          29m
-fluentd-d74rq                                   1/1     Running   0          29m
-fluentd-m5vr9                                   1/1     Running   0          29m
-fluentd-nkxl7                                   1/1     Running   0          29m
-fluentd-pdvqb                                   1/1     Running   0          29m
-fluentd-tflh6                                   1/1     Running   0          29m
+collector-42dzz                                 1/1     Running   0          29m
+collector-d74rq                                 1/1     Running   0          29m
+collector-m5vr9                                 1/1     Running   0          29m
+collector-nkxl7                                 1/1     Running   0          29m
+collector-pdvqb                                 1/1     Running   0          29m
+collector-tflh6                                 1/1     Running   0          29m
 kibana-7d85dcffc8-bfpfp                         2/2     Running   0          62s
 ----
diff --git a/modules/infrastructure-moving-monitoring.adoc b/modules/infrastructure-moving-monitoring.adoc
index 13273b9b8e9a..c1852ae07167 100644
--- a/modules/infrastructure-moving-monitoring.adoc
+++ b/modules/infrastructure-moving-monitoring.adoc
@@ -2,13 +2,13 @@
 //
 // * machine_management/creating-infrastructure-machinesets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="infrastructure-moving-monitoring_{context}"]
 = Moving the monitoring solution
 
 The monitoring stack includes multiple components, including Prometheus, Thanos Querier, and Alertmanager.
 The Cluster Monitoring Operator manages this stack. To redeploy the monitoring stack to infrastructure nodes, you can create and apply a custom config map.
- 
+
 .Procedure
 
 . Edit the `cluster-monitoring-config` config map and change the `nodeSelector` to use the `infra` label:
@@ -107,8 +107,18 @@ data:
       - key: node-role.kubernetes.io/infra
         value: reserved
         effect: NoExecute
+    monitoringPlugin:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - key: node-role.kubernetes.io/infra
+        value: reserved
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/infra
+        value: reserved
+        effect: NoExecute
 ----
-<1> Add a `nodeSelector` parameter with the appropriate value to the component you want to move. You can use a `nodeSelector` in the format shown or use `<key>: <value>` pairs, based on the value specified for the node.  If you added a taint to the infrasructure node, also add a matching toleration.
+<1> Add a `nodeSelector` parameter with the appropriate value to the component you want to move. You can use a `nodeSelector` in the format shown or use `<key>: <value>` pairs, based on the value specified for the node. If you added a taint to the infrastructure node, also add a matching toleration.
 
 . Watch the monitoring pods move to the new machines:
 +
diff --git a/modules/infrastructure-moving-registry.adoc b/modules/infrastructure-moving-registry.adoc
index 9d70bb2badeb..f23ccca14362 100644
--- a/modules/infrastructure-moving-registry.adoc
+++ b/modules/infrastructure-moving-registry.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/creating-infrastructure-machinesets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="infrastructure-moving-registry_{context}"]
 = Moving the default registry
 
diff --git a/modules/infrastructure-moving-router.adoc b/modules/infrastructure-moving-router.adoc
index 83be616110f5..9c9e42e9e16b 100644
--- a/modules/infrastructure-moving-router.adoc
+++ b/modules/infrastructure-moving-router.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/creating-infrastructure-machinesets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="infrastructure-moving-router_{context}"]
 = Moving the router
 
@@ -104,7 +104,7 @@ $ oc get node <node_name> <1>
 [source,terminal]
 ----
 NAME                          STATUS  ROLES         AGE   VERSION
-ip-10-0-217-226.ec2.internal  Ready   infra,worker  17h   v1.26.0
+ip-10-0-217-226.ec2.internal  Ready   infra,worker  17h   v1.28.5
 ----
 +
 Because the role list includes `infra`, the pod is running on the correct node.
diff --git a/modules/ingress-liveness-readiness-startup-probes.adoc b/modules/ingress-liveness-readiness-startup-probes.adoc
index 1459013e1e9b..c47352a67bc1 100644
--- a/modules/ingress-liveness-readiness-startup-probes.adoc
+++ b/modules/ingress-liveness-readiness-startup-probes.adoc
@@ -2,7 +2,7 @@
 // * scalability_and_performance/optimization/routing-optimization.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ingress-liveness-readiness-startup-probes_{context}"]
 = Configuring Ingress Controller liveness, readiness, and startup probes
 
@@ -34,13 +34,13 @@ The timeout configuration option is an advanced tuning technique that can be use
 The following example demonstrates how you can directly patch the default router deployment to set a 5-second timeout for the liveness and readiness probes:
 
 
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ingress patch deploy/router-default --type=strategic --patch='{"spec":{"template":{"spec":{"containers":[{"name":"router","livenessProbe":{"timeoutSeconds":5},"readinessProbe":{"timeoutSeconds":5}}]}}}}'
 ----
 
 .Verification
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ingress describe deploy/router-default | grep -e Liveness: -e Readiness:
     Liveness:   http-get http://:1936/healthz delay=0s timeout=5s period=10s #success=1 #failure=3
diff --git a/modules/insights-advisor-recommendations-filters.adoc b/modules/insights-advisor-recommendations-filters.adoc
new file mode 100644
index 000000000000..9d821c39dc57
--- /dev/null
+++ b/modules/insights-advisor-recommendations-filters.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="insights-operator-advisor-recommendation-filters_{context}"]
+= Advisor recommendation filters
+
+The Insights advisor service can return a large number of recommendations. To focus on your most critical recommendations, you can apply filters to the https://console.redhat.com/openshift/insights/advisor/recommendations[Advisor recommendations] list to remove low-priority recommendations.
+
+By default, filters are set to only show enabled recommendations that are impacting one or more clusters. To view all or disabled recommendations in the Insights library, you can customize the filters.
+
+To apply a filter, select a filter type and then set its value based on the options that are available in the drop-down list. You can apply multiple filters to the list of recommendations.
+
+You can set the following filter types:
+
+* *Name:* Search for a recommendation by name.
+* *Total risk:* Select one or more values from *Critical*, *Important*, *Moderate*, and *Low* indicating the likelihood and the severity of a negative impact on a cluster.
+* *Impact:* Select one or more values from *Critical*, *High*, *Medium*, and *Low* indicating the potential impact to the continuity of cluster operations. 
+* *Likelihood:* Select one or more values from *Critical*, *High*, *Medium*, and *Low* indicating the potential for a negative impact to a cluster if the recommendation comes to fruition.
+* *Category:* Select one or more categories from *Service Availability*, *Performance*, *Fault Tolerance*, *Security*, and *Best Practice* to focus your attention on.
+* *Status:* Click a radio button to show enabled recommendations (default), disabled recommendations, or all recommendations.
+* *Clusters impacted:* Set the filter to show recommendations currently impacting one or more clusters, non-impacting recommendations, or all recommendations.
+* *Risk of change:* Select one or more values from *High*, *Moderate*, *Low*, and *Very low* indicating the risk that the implementation of the resolution could have on cluster operations.
\ No newline at end of file
diff --git a/modules/insights-operator-about.adoc b/modules/insights-operator-about.adoc
index c98ba34c3b4e..515d3bd67207 100644
--- a/modules/insights-operator-about.adoc
+++ b/modules/insights-operator-about.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/about-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="insights-operator-about_{context}"]
 = About the Insights Operator
 
diff --git a/modules/insights-operator-advisor-overview.adoc b/modules/insights-operator-advisor-overview.adoc
index 30fec852260f..152dcfa46bfb 100644
--- a/modules/insights-operator-advisor-overview.adoc
+++ b/modules/insights-operator-advisor-overview.adoc
@@ -1,17 +1,16 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
-// * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="insights-operator-advisor-overview_{context}"]
 = About Red Hat Insights Advisor for {product-title}
 
-You can use Insights Advisor to assess and monitor the health of your {product-title} clusters. Whether you are concerned about individual clusters, or with your whole infrastructure, it is important to be aware of your exposure to issues that can affect service availability, fault tolerance, performance, or security.
+You can use Insights Advisor to assess and monitor the health of your {product-title} clusters. Whether you are concerned about individual clusters, or with your whole infrastructure, it is important to be aware of the exposure of your cluster infrastructure to issues that can affect service availability, fault tolerance, performance, or security.
 
-Insights repeatedly analyzes the data that Insights Operator sends using a database of _recommendations_, which are sets of conditions that can leave your {product-title} clusters at risk. Your data is then uploaded to the Insights Advisor service on Red Hat Hybrid Cloud Console where you can perform the following actions:
+Using cluster data collected by the Insights Operator, Insights repeatedly compares that data against a library of _recommendations_. Each recommendation is a set of cluster-environment conditions that can leave {product-title} clusters at risk. The results of the Insights analysis are available in the Insights Advisor service on Red Hat Hybrid Cloud Console. In the Console, you can perform the following actions:
 
 * See clusters impacted by a specific recommendation.
 * Use robust filtering capabilities to refine your results to those recommendations.
 * Learn more about individual recommendations, details about the risks they present, and get resolutions tailored to your individual clusters.
-* Share results with other stakeholders. 
+* Share results with other stakeholders.
diff --git a/modules/insights-operator-advisor-recommendations.adoc b/modules/insights-operator-advisor-recommendations.adoc
index 1c2f1a6088cf..607aad70afcb 100644
--- a/modules/insights-operator-advisor-recommendations.adoc
+++ b/modules/insights-operator-advisor-recommendations.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
-// * sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="insights-operator-advisor-recommendations_{context}"]
 = Understanding Insights Advisor recommendations
 
diff --git a/modules/insights-operator-configuring-sca.adoc b/modules/insights-operator-configuring-sca.adoc
index 66dc1f5f163e..47b36db4f029 100644
--- a/modules/insights-operator-configuring-sca.adoc
+++ b/modules/insights-operator-configuring-sca.adoc
@@ -1,31 +1,47 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/insights-operator-simple-access.adoc
-// * sd_support/remote_health_monitoring/insights-operator-simple-access.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-configuring-sca_{context}"]
 = Configuring simple content access import interval
 
-You can configure how often the Insights Operator imports the simple content access entitlements using the `support` secret in the `openshift-config` namespace. The entitlement import normally occurs every eight hours, but you can shorten this interval if you update your simple content access configuration in Red Hat Subscription Management.
+You can configure how often the Insights Operator imports the simple content access entitlements by using the `support` secret in the `openshift-config` namespace. The entitlement import normally occurs every eight hours, but you can shorten this interval if you update your simple content access configuration in Red Hat Subscription Management.
 
-This procedure describes how to update the import interval to one hour. 
+This procedure describes how to update the import interval to one hour.
 
 .Prerequisites
 
-* You are logged in to the {product-title} web console as `cluster-admin`.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
 . Navigate to *Workloads* -> *Secrets*.
 . Select the *openshift-config* project.
-. Search for the *support* secret using the *Search by name* field. If it does not exist, click *Create* -> *Key/value secret* to create it.
+. Search for the *support* secret by using the *Search by name* field. If it does not exist, click *Create* -> *Key/value secret* to create it.
++
+--
+* If the secret exists:
 . Click the *Options* menu {kebab}, and then click *Edit Secret*.
 . Click *Add Key/Value*.
-. Create a key named `scaInterval` with a value of `1h`, and click *Save*.
+.. In the *Key* field, enter `scaInterval`.
+.. In the *Value* field, enter `1h`.
++
+* If the secret does not exist:
+.. Click *Create* -> *Key/value secret*.
+... In the *Secret name* field, enter `support`.
+... In the *Key* field, enter `scaInterval`.
+... In the *Value* field, enter `1h`.
+.. Click *Create*.
+--
 +
 [NOTE]
 ====
-The interval `1h` can also be entered as `60m` for 60 minutes. 
+The interval `1h` can also be entered as `60m` for 60 minutes.
 ====
diff --git a/modules/insights-operator-configuring.adoc b/modules/insights-operator-configuring.adoc
index 258d044fa211..fae54de3e1a2 100644
--- a/modules/insights-operator-configuring.adoc
+++ b/modules/insights-operator-configuring.adoc
@@ -3,8 +3,8 @@
 // * support/remote_health_monitoring/using-insights-operator.adoc
 
 
-:_content-type: PROCEDURE
-[id="insights-operator-configuring-sca_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="insights-operator-configuring_{context}"]
 = Configuring Insights Operator
 
 You can configure Insights Operator to meet the needs of your organization. The Insights Operator is configured using a combination of the default configurations in the `pod.yaml` file in the Insights Operator `Config` directory and the configurations stored in the `support` secret in the `openshift-config` namespace. The `support` secret does not exist by default and must be created when adding custom configurations for the first time. Configurations in the `support` secret override the defaults set in the `pod.yaml` file.
@@ -15,8 +15,6 @@ The table below describes the available configuration attributes:
 [options="header"]
 |====
 |Attribute name|Description|Value type|Default value
-|`username`|Specifies username for basic authentication with `console.redhat.com` (overrides the default `pull-secret` token authentication when set)|String|Not set
-|`password`|Specifies password for basic authentication with `console.redhat.com` (overrides the default `pull-secret` token authentication when set)|String|Not set
 |`enableGlobalObfuscation`|Enables the global obfuscation of IP addresses and the cluster domain name|Boolean|`false`
 |`scaInterval`|Specifies the frequency of the simple content access entitlements download|Time interval|`8h`
 |`scaPullDisabled`|Disables the simple content access entitlements download|Boolean|`false`
@@ -28,7 +26,7 @@ This procedure describes how to set custom Insights Operator configurations.
 
 [IMPORTANT]
 ====
-Red Hat recommends you consult Red Hat Support before making changes to the default Insights Operator configuration. 
+Red Hat recommends you consult Red Hat Support before making changes to the default Insights Operator configuration.
 ====
 
 .Prerequisites
diff --git a/modules/insights-operator-disabling-sca.adoc b/modules/insights-operator-disabling-sca.adoc
index 8f6a91e2df09..18267fcf105b 100644
--- a/modules/insights-operator-disabling-sca.adoc
+++ b/modules/insights-operator-disabling-sca.adoc
@@ -1,14 +1,13 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/insights-operator-simple-access.adoc
-// * sd_support/remote_health_monitoring/insights-operator-simple-access.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-disabling-sca_{context}"]
 = Disabling simple content access import
 
-You can disable the importing of simple content access entitlements using the `support` secret in the `openshift-config` namespace.
+You can disable the importing of simple content access entitlements by using the `support` secret in the `openshift-config` namespace.
 
 .Prerequisites
 
@@ -18,12 +17,24 @@ You can disable the importing of simple content access entitlements using the `s
 
 . Navigate to *Workloads* -> *Secrets*.
 . Select the *openshift-config* project.
-. Search for the *support* secret using the *Search by name* field. If it does not exist, click *Create* -> *Key/value secret* to create it.
+. Search for the *support* secret using the *Search by name* field.
++
+--
+* If the secret exists:
 . Click the *Options* menu {kebab}, and then click *Edit Secret*.
 . Click *Add Key/Value*.
-. Create a key named `scaPullDisabled` with a value of `true`, and click *Save*.
+.. In the *Key* field, enter `scaPullDisabled`.
+.. In the *Value* field, enter `true`.
++
+* If the secret does not exist:
+.. Click *Create* -> *Key/value secret*.
+... In the *Secret name* field, enter `support`.
+... In the *Key* field, enter `scaPullDisabled`.
+... In the *Value* field, enter `true`.
+.. Click *Create*.
+--
 +
-The simple content access entitlement import is now disabled. 
+The simple content access entitlement import is now disabled.
 +
 [NOTE]
 ====
diff --git a/modules/insights-operator-downloading-archive.adoc b/modules/insights-operator-downloading-archive.adoc
index 81df8ba614c2..30d0a5219e3d 100644
--- a/modules/insights-operator-downloading-archive.adoc
+++ b/modules/insights-operator-downloading-archive.adoc
@@ -2,15 +2,20 @@
 //
 // * support/remote_health_monitoring/using-insights-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-downloading-archive_{context}"]
 = Downloading your Insights Operator archive
 
-Insights Operator stores gathered data in an archive located in the `openshift-insights` namespace of your cluster. You can download and review the data that is gathered by the Insights Operator. 
+Insights Operator stores gathered data in an archive located in the `openshift-insights` namespace of your cluster. You can download and review the data that is gathered by the Insights Operator.
 
 .Prerequisites
 
-* Access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
diff --git a/modules/insights-operator-enable-obfuscation.adoc b/modules/insights-operator-enable-obfuscation.adoc
index b095cb44ae56..1db3281e224a 100644
--- a/modules/insights-operator-enable-obfuscation.adoc
+++ b/modules/insights-operator-enable-obfuscation.adoc
@@ -1,11 +1,10 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
-// * sd_support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
 
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-enable-obfuscation_{context}"]
 = Enabling Insights Operator data obfuscation
 
@@ -20,7 +19,7 @@ Obfuscation assigns non-identifying values to cluster IPv4 addresses, and uses a
 
 For cluster base domains, obfuscation changes the base domain to a hardcoded substring. For example, `cluster-api.openshift.example.com` becomes `cluster-api.<CLUSTER_BASE_DOMAIN>`.
 
-The following procedure enables obfuscation using the `support` secret in the `openshift-config` namespace. 
+The following procedure enables obfuscation using the `support` secret in the `openshift-config` namespace.
 
 .Prerequisites
 
@@ -39,12 +38,12 @@ The following procedure enables obfuscation using the `support` secret in the `o
 . Find the `insights-operator` pod.
 . To restart the `insights-operator` pod, click the *Options* menu {kebab}, and then click *Delete Pod*.
 
-.Verification 
+.Verification
 
 . Navigate to *Workloads* -> *Secrets*.
 . Select the *openshift-insights* project.
 . Search for the *obfuscation-translation-table* secret using the *Search by name* field.
 
-If the `obfuscation-translation-table` secret exists, then obfuscation is enabled and working. 
+If the `obfuscation-translation-table` secret exists, then obfuscation is enabled and working.
 
 Alternatively, you can inspect `/insights-operator/gathers.json` in your Insights Operator archive for the value `"is_global_obfuscation_enabled": true`.
diff --git a/modules/insights-operator-enabling-sca.adoc b/modules/insights-operator-enabling-sca.adoc
new file mode 100644
index 000000000000..4af0baee0b52
--- /dev/null
+++ b/modules/insights-operator-enabling-sca.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/insights-operator-simple-access.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="insights-operator-enabling-sca_{context}"]
+= Enabling a previously disabled simple content access import
+
+If the importing of simple content access entitlements is disabled, the Insights Operator does not import simple content access entitlements. You can change this behavior.
+
+.Prerequisites
+
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+
+.Procedure
+
+. Navigate to *Workloads* -> *Secrets*.
+. Select the *openshift-config* project.
+. Search for the *support* secret by using the *Search by name* field.
+. Click the *Options* menu {kebab}, and then click *Edit Secret*.
+. For the `scaPullDisabled` key, set the *Value* field to `false`.
++
+The simple content access entitlement import is now disabled.
diff --git a/modules/insights-operator-gather-duration.adoc b/modules/insights-operator-gather-duration.adoc
index 9159f06550b5..215abef462cd 100644
--- a/modules/insights-operator-gather-duration.adoc
+++ b/modules/insights-operator-gather-duration.adoc
@@ -2,14 +2,14 @@
 //
 // * support/remote_health_monitoring/using-insights-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-gather-duration_{context}"]
 = Viewing Insights Operator gather durations
 
 You can view the time it takes for the Insights Operator to gather the information contained in the archive. This helps you to understand Insights Operator resource usage and issues with Insights Advisor.
 
 
-.Prerequisites 
+.Prerequisites
 
 * A recent copy of your Insights Operator archive.
 
@@ -17,7 +17,7 @@ You can view the time it takes for the Insights Operator to gather the informati
 
 . From your archive, open `/insights-operator/gathers.json`.
 +
-The file contains a list of Insights Operator gather operations: 
+The file contains a list of Insights Operator gather operations:
 +
 [source,json]
 ----
@@ -30,6 +30,6 @@ The file contains a list of Insights Operator gather operations:
     }
 ----
 +
-<1> `duration_in_ms` is the amount of time in milliseconds for each gather operation. 
+<1> `duration_in_ms` is the amount of time in milliseconds for each gather operation.
 
-. Inspect each gather operation for abnormalities. 
+. Inspect each gather operation for abnormalities.
diff --git a/modules/insights-operator-manual-upload.adoc b/modules/insights-operator-manual-upload.adoc
index b705a2c1b211..11050f9737fd 100644
--- a/modules/insights-operator-manual-upload.adoc
+++ b/modules/insights-operator-manual-upload.adoc
@@ -1,11 +1,10 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
-// * sd_support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
 
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-manual-upload_{context}"]
 = Uploading an Insights Operator archive
 
@@ -29,9 +28,9 @@ $ oc extract secret/pull-secret -n openshift-config --to=.
 +
 [source,json,subs="+quotes"]
 ----
-{    
-  "auths": {        
-    "cloud.openshift.com": {            
+{
+  "auths": {
+    "cloud.openshift.com": {
       "auth": "_<your_token>_",
       "email": "asd@redhat.com"
     }
@@ -45,7 +44,7 @@ $ oc extract secret/pull-secret -n openshift-config --to=.
 ----
 $ curl -v -H "User-Agent: insights-operator/one10time200gather184a34f6a168926d93c330 cluster/_<cluster_id>_" -H "Authorization: Bearer _<your_token>_" -F "upload=@_<path_to_archive>_; type=application/vnd.redhat.openshift.periodic+tar" https://console.redhat.com/api/ingress/v1/upload
 ----
-where `_<cluster_id>_` is your cluster ID, `_<your_token>_` is the token from your pull secret, and `_<path_to_archive>_` is the path to the Insights Operator archive. 
+where `_<cluster_id>_` is your cluster ID, `_<your_token>_` is the token from your pull secret, and `_<path_to_archive>_` is the path to the Insights Operator archive.
 +
 If the operation is successful, the command returns a `"request_id"` and `"account_number"`:
 +
diff --git a/modules/insights-operator-new-pull-secret-disabled.adoc b/modules/insights-operator-new-pull-secret-disabled.adoc
index f1078cb7a4c5..c505ac123745 100644
--- a/modules/insights-operator-new-pull-secret-disabled.adoc
+++ b/modules/insights-operator-new-pull-secret-disabled.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
-// * sd_support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-new-pull-secret_{context}"]
 = Modifying the global cluster pull secret to disable remote health reporting
 
@@ -11,7 +10,12 @@ You can modify your existing global cluster pull secret to disable remote health
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
diff --git a/modules/insights-operator-new-pull-secret-enable.adoc b/modules/insights-operator-new-pull-secret-enable.adoc
index f563ef1c40e0..90bd08c2b8f5 100644
--- a/modules/insights-operator-new-pull-secret-enable.adoc
+++ b/modules/insights-operator-new-pull-secret-enable.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/enabling-remote-health-reporting.adoc
-// * sd_support/remote_health_monitoring/enabling-remote-health-reporting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-new-pull-secret-enable_{context}"]
 = Modifying your global cluster pull secret to enable remote health reporting
 
@@ -29,6 +28,7 @@ The file `pull-secret.txt` containing your `cloud.openshift.com` access token in
       "auth": "_<your_token>_",
       "email": "_<email_address>_"
     }
+  }
 }
 ----
 
diff --git a/modules/insights-operator-one-time-gather.adoc b/modules/insights-operator-one-time-gather.adoc
index b70d565d461b..e25ef62f76af 100644
--- a/modules/insights-operator-one-time-gather.adoc
+++ b/modules/insights-operator-one-time-gather.adoc
@@ -1,11 +1,10 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
-// * sd_support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
 
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-one-time-gather_{context}"]
 = Running an Insights Operator gather operation
 
@@ -21,7 +20,7 @@ You must run a gather operation to create an Insights Operator archive.
 +
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/insights-operator/release-4.13/docs/gather-job.yaml[]
+include::https://raw.githubusercontent.com/openshift/insights-operator/release-4.15/docs/gather-job.yaml[]
 ----
 . Copy your `insights-operator` image version:
 +
@@ -29,16 +28,50 @@ include::https://raw.githubusercontent.com/openshift/insights-operator/release-4
 ----
 $ oc get -n openshift-insights deployment insights-operator -o yaml
 ----
++
+.Example output
++
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: insights-operator
+  namespace: openshift-insights
+# ...
+spec:
+  template:
+# ...
+    spec:
+      containers:
+      - args:
+# ...
+        image: registry.ci.openshift.org/ocp/4.15-2023-10-12-212500@sha256:a0aa581400805ad0... <1>
+# ...
+----
+<1> Specifies your `insights-operator` image version.
+
 . Paste your image version in `gather-job.yaml`:
 +
 [source,yaml,subs="+quotes"]
 ----
-initContainers:
-      - name: insights-operator
-        image: _<your_insights_operator_image_version>_
-        terminationMessagePolicy: FallbackToLogsOnError
-        volumeMounts:
-----
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: insights-operator-job
+# ...
+spec:
+# ...
+  template:
+    spec:
+    initContainers:
+    - name: insights-operator
+      image: image: registry.ci.openshift.org/ocp/4.15-2023-10-12-212500@sha256:a0aa581400805ad0... <1>
+      terminationMessagePolicy: FallbackToLogsOnError
+      volumeMounts:
+----
+<1> Replace any existing value with your `insights-operator` image version.
+
 . Create the gather job:
 +
 [source,terminal]
@@ -55,18 +88,22 @@ $ oc describe -n openshift-insights job/insights-operator-job
 .Example output
 [source,terminal,subs="+quotes"]
 ----
+Name:             insights-operator-job
+Namespace:        openshift-insights
+# ...
 Events:
   Type    Reason            Age    From            Message
   ----    ------            ----   ----            -------
-  Normal  SuccessfulCreate  7m18s  job-controller  Created pod: insights-operator-job-_<your_job>_
+  Normal  SuccessfulCreate  7m18s  job-controller  Created pod: insights-operator-job-<your_job>
 ----
-where `insights-operator-job-_<your_job>_` is the name of the pod.
++
+where:: `insights-operator-job-<your_job>` is the name of the pod.
 
 . Verify that the operation has finished:
 +
 [source,terminal,subs="+quotes"]
 ----
-$ oc logs -n openshift-insights insights-operator-job-_<your_job>_ insights-operator
+$ oc logs -n openshift-insights insights-operator-job-<your_job> insights-operator
 ----
 +
 .Example output
diff --git a/modules/insights-operator-register-disconnected-cluster.adoc b/modules/insights-operator-register-disconnected-cluster.adoc
new file mode 100644
index 000000000000..a2775def580c
--- /dev/null
+++ b/modules/insights-operator-register-disconnected-cluster.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="insights-operator-register-disconnected-cluster_{context}"]
+= Registering your disconnected cluster
+
+Register your disconnected {product-title} cluster on the {hybrid-console} so that your cluster is not impacted by the consequences listed in the section named "Consequences of disabling remote health reporting".
+
+[IMPORTANT]
+====
+By registering your disconnected cluster, you can continue to report your subscription usage to Red Hat. In turn, Red Hat can return accurate usage and capacity trends associated with your subscription, so that you can use the returned information to better organize subscription allocations across all of your resources.
+====
+
+.Prerequisites
+
+* You are logged in to the {product-title} web console as `cluster-admin`.
+* You can log in to the {hybrid-console}.
+
+.Procedure
+. Go to the link:https://console.redhat.com/openshift/register[*Register disconnected cluster*] web page on the {hybrid-console}.
+
+. Optional: To access the *Register disconnected cluster* web page from the home page of the {hybrid-console}, go to the *Clusters* navigation menu item and then select the *Register cluster* button.
+
+. Enter your cluster's details in the provided fields on the *Register disconnected cluster* page.
+
+. From the *Subscription settings* section of the page, select the subcription settings that apply to your Red Hat subscription offering.
+
+. To register your disconnected cluster, select the *Register cluster* button.
diff --git a/modules/insights-operator-showing-data-collected-from-the-cluster.adoc b/modules/insights-operator-showing-data-collected-from-the-cluster.adoc
index 64dbaf590eda..f7e5fc7d9819 100644
--- a/modules/insights-operator-showing-data-collected-from-the-cluster.adoc
+++ b/modules/insights-operator-showing-data-collected-from-the-cluster.adoc
@@ -1,10 +1,8 @@
 // Module included in the following assemblies:
 //
-// * rosa_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
 // * support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="insights-operator-showing-data-collected-from-the-cluster_{context}"]
 = Showing data collected by the Insights Operator
 
diff --git a/modules/insights-operator-what-information-is-collected.adoc b/modules/insights-operator-what-information-is-collected.adoc
index 72e0cbcbf9a4..79a9c099f33b 100644
--- a/modules/insights-operator-what-information-is-collected.adoc
+++ b/modules/insights-operator-what-information-is-collected.adoc
@@ -1,7 +1,6 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/about-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
 
 [id="insights-operator-what-information-is-collected_{context}"]
 = Information collected by the Insights Operator
diff --git a/modules/insights-operator.adoc b/modules/insights-operator.adoc
index c6b730da4cf7..38525c5b1423 100644
--- a/modules/insights-operator.adoc
+++ b/modules/insights-operator.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "cluster-operators-ref"]
 :operator-ref:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="insights-operator_{context}"]
 ifdef::operator-ref[= Insights Operator]
 ifdef::cluster-caps[= Insights capability]
diff --git a/modules/inspecting-pod-and-container-logs.adoc b/modules/inspecting-pod-and-container-logs.adoc
index 011170bf8e26..1ececd35f154 100644
--- a/modules/inspecting-pod-and-container-logs.adoc
+++ b/modules/inspecting-pod-and-container-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/investigating-pod-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="inspecting-pod-and-container-logs_{context}"]
 = Inspecting pod and container logs
 
@@ -10,7 +10,12 @@ You can inspect pod and container logs for warnings and error messages related t
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
@@ -37,7 +42,25 @@ Logs retrieved using the preceding `oc logs` commands are composed of messages s
 +
 [source,terminal]
 ----
-$ oc exec <pod_name> ls -alh /var/log
+$ oc exec <pod_name>  -- ls -alh /var/log
+----
++
+.Example output
+[source,text]
+----
+total 124K
+drwxr-xr-x. 1 root root   33 Aug 11 11:23 .
+drwxr-xr-x. 1 root root   28 Sep  6  2022 ..
+-rw-rw----. 1 root utmp    0 Jul 10 10:31 btmp
+-rw-r--r--. 1 root root  33K Jul 17 10:07 dnf.librepo.log
+-rw-r--r--. 1 root root  69K Jul 17 10:07 dnf.log
+-rw-r--r--. 1 root root 8.8K Jul 17 10:07 dnf.rpm.log
+-rw-r--r--. 1 root root  480 Jul 17 10:07 hawkey.log
+-rw-rw-r--. 1 root utmp    0 Jul 10 10:31 lastlog
+drwx------. 2 root root   23 Aug 11 11:14 openshift-apiserver
+drwx------. 2 root root    6 Jul 10 10:31 private
+drwxr-xr-x. 1 root root   22 Mar  9 08:05 rhsm
+-rw-rw-r--. 1 root utmp    0 Jul 10 10:31 wtmp
 ----
 +
 .. Query a specific log file contained in `/var/log` within a pod:
@@ -46,6 +69,19 @@ $ oc exec <pod_name> ls -alh /var/log
 ----
 $ oc exec <pod_name> cat /var/log/<path_to_log>
 ----
++
+.Example output
+[source,text]
+----
+2023-07-10T10:29:38+0000 INFO --- logging initialized ---
+2023-07-10T10:29:38+0000 DDEBUG timer: config: 13 ms
+2023-07-10T10:29:38+0000 DEBUG Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, uploadprofile
+2023-07-10T10:29:38+0000 INFO Updating Subscription Management repositories.
+2023-07-10T10:29:38+0000 INFO Unable to read consumer identity
+2023-07-10T10:29:38+0000 INFO Subscription Manager is operating in container mode.
+2023-07-10T10:29:38+0000 INFO
+----
++
 .. List log files and subdirectories contained in `/var/log` within a specific container:
 +
 [source,terminal]
diff --git a/modules/install-booting-from-an-iso-over-http-redfish.adoc b/modules/install-booting-from-an-iso-over-http-redfish.adoc
index 80d732fc82a2..d2bbb00db678 100644
--- a/modules/install-booting-from-an-iso-over-http-redfish.adoc
+++ b/modules/install-booting-from-an-iso-over-http-redfish.adoc
@@ -2,15 +2,26 @@
 //
 // * installing/installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-booting-from-an-iso-over-http-redfish_{context}"]
 = Booting from an HTTP-hosted ISO image using the Redfish API
 
 You can provision hosts in your network using ISOs that you install using the Redfish Baseboard Management Controller (BMC) API.
 
+[NOTE]
+====
+This example procedure demonstrates the steps on a Dell server.
+====
+
+[IMPORTANT]
+====
+Ensure that you have the latest firmware version of iDRAC that is compatible with your hardware. If you have any issues with the hardware or firmware, you must contact the provider.
+====
+
 .Prerequisites
 
-. Download the installation {op-system-first} ISO.
+* Download the installation {op-system-first} ISO.
+* Use a Dell PowerEdge server that is compatible with iDRAC9.
 
 .Procedure
 
@@ -18,7 +29,7 @@ You can provision hosts in your network using ISOs that you install using the Re
 
 . Boot the host from the hosted ISO file, for example:
 
-.. Call the redfish API to set the hosted ISO as the `VirtualMedia` boot media by running the following command:
+.. Call the Redfish API to set the hosted ISO as the `VirtualMedia` boot media by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/install-creating-install-config-aws-local-zones-subnets.adoc b/modules/install-creating-install-config-aws-local-zones-subnets.adoc
new file mode 100644
index 000000000000..7dfce6af0479
--- /dev/null
+++ b/modules/install-creating-install-config-aws-local-zones-subnets.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+// * installing/installing_aws/installing-aws-localzone.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="install-creating-install-config-aws-local-zones-subnets_{context}"]
+= Modifying an installation configuration file to use AWS Local Zones subnets
+
+Modify an `install-config.yaml` file to include AWS Local Zones subnets.
+
+.Prerequisites
+
+* You created subnets by using the procedure "Creating a subnet in AWS Local Zones".
+* You created an `install-config.yaml` file by using the procedure "Creating the installation configuration file".
+
+.Procedure
+
+* Modify the `install-config.yaml` configuration file by specifying Local Zone subnets in the `platform.aws.subnets` property, as demonstrated in the following example:
++
+[source,yaml]
+----
+...
+platform:
+  aws:
+    region: us-west-2
+    subnets: <1>
+    - publicSubnetId-1
+    - publicSubnetId-2
+    - publicSubnetId-3
+    - privateSubnetId-1
+    - privateSubnetId-2
+    - privateSubnetId-3
+    - publicSubnetId-LocalZone-1
+...
+----
+<1> List of subnets created in the Availability and Local Zones.
\ No newline at end of file
diff --git a/modules/install-creating-install-config-aws-local-zones.adoc b/modules/install-creating-install-config-aws-local-zones.adoc
index 4ea327ea350c..7a1befbef4f0 100644
--- a/modules/install-creating-install-config-aws-local-zones.adoc
+++ b/modules/install-creating-install-config-aws-local-zones.adoc
@@ -1,35 +1,63 @@
 // Module included in the following assemblies:
 // * installing/installing_aws/installing-aws-localzone.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-creating-install-config-aws-local-zones_{context}"]
-= Modifying an installation configuration file to use AWS Local Zones subnets
+= Modifying an installation configuration file to use AWS Local Zones
 
-Modify an `install-config.yaml` file to include AWS Local Zones subnets.
+Modify an `install-config.yaml` file to include AWS Local Zones.
 
 .Prerequisites
 
-* You created subnets by using the procedure "Creating a subnet in AWS Local Zones".
+* You have configured an AWS account.
+* You added your AWS keys and region to your local AWS profile by running `aws configure`.
+* You have read the configuration limitations that apply when you specify the installation program to automatically create subnets for your {product-title} cluster. See the section named "Cluster limitations in AWS Local Zones".
+* You opted in to the Local Zone group for each zone.
 * You created an `install-config.yaml` file by using the procedure "Creating the installation configuration file".
 
 .Procedure
 
-* Add the VPC and Local Zone subnets as the values of the `platform.aws.subnets` property. As an example:
+. Modify the `install-config.yaml` file by specifying Local Zone names in the `platform.aws.zones` property of the edge compute pool. For example:
 +
 [source,yaml]
 ----
 ...
+platform:
+  aws:
+    region: <region_name> <1>
+compute:
+- name: edge
+  platform:
+    aws:
+      zones: <2>
+      - <local_zone_name>
+#...
+----
+<1> The AWS Region name.
+<2> The list of Local Zone names that must belong in the same AWS Region.
++
+.Example of a configuration to install a cluster in the `us-west-2` AWS Region that extends edge nodes to Local Zones in `Los Angeles` and `Las Vegas` locations.
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com
+metadata:
+  name: cluster-name
 platform:
   aws:
     region: us-west-2
-    subnets: <1>
-    - publicSubnetId-1
-    - publicSubnetId-2
-    - publicSubnetId-3
-    - privateSubnetId-1
-    - privateSubnetId-2
-    - privateSubnetId-3
-    - publicSubnetId-LocalZone-1
-...
+compute:
+- name: edge
+  platform:
+    aws:
+      zones:
+      - us-west-2-lax-1a
+      - us-west-2-lax-1b
+      - us-west-2-las-1a
+pullSecret: '{"auths": ...}'
+sshKey: 'ssh-ed25519 AAAA...'
+#...
 ----
-<1> List of subnets created in the Availability and Local Zones.
\ No newline at end of file
+
+. Deploy your cluster.
diff --git a/modules/install-ibm-cloud-configuring-the-install-config-file.adoc b/modules/install-ibm-cloud-configuring-the-install-config-file.adoc
index da7769187be2..827c26064f4d 100644
--- a/modules/install-ibm-cloud-configuring-the-install-config-file.adoc
+++ b/modules/install-ibm-cloud-configuring-the-install-config-file.adoc
@@ -2,11 +2,11 @@
 //
 // installing_ibm_cloud/install-ibm-cloud-installing-on-ibm-cloud.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-install-config-file_{context}"]
 = Configuring the install-config.yaml file
 
-The `install-config.yaml` file requires some additional details. Most of the information is teaching the installer and the resulting cluster enough about the available IBM Cloud&#174; hardware so that it is able to fully manage it. The material difference between installing on bare metal and installing on IBM Cloud is that you must explicitly set the privilege level for IPMI in the BMC section of the `install-config.yaml` file.
+The `install-config.yaml` file requires some additional details. Most of the information is teaching the installer and the resulting cluster enough about the available {ibm-cloud-bm} hardware so that it is able to fully manage it. The material difference between installing on bare metal and installing on {ibm-cloud-bm} is that you must explicitly set the privilege level for IPMI in the BMC section of the `install-config.yaml` file.
 
 .Procedure
 
@@ -59,7 +59,7 @@ pullSecret: '<pull_secret>'
 sshKey: '<ssh_pub_key>'
 ----
 +
-<1> The `bmc.address` provides a `privilegelevel` configuration setting with the value set to `OPERATOR`. This is required for IBM Cloud.
+<1> The `bmc.address` provides a `privilegelevel` configuration setting with the value set to `OPERATOR`. This is required for {ibm-cloud-bm} infrastructure.
 <2> Add the MAC address of the private `provisioning` network NIC for the corresponding node.
 +
 [NOTE]
diff --git a/modules/install-ibm-cloud-configuring-the-public-subnet.adoc b/modules/install-ibm-cloud-configuring-the-public-subnet.adoc
index cd16ed93358a..338cac2ad8e6 100644
--- a/modules/install-ibm-cloud-configuring-the-public-subnet.adoc
+++ b/modules/install-ibm-cloud-configuring-the-public-subnet.adoc
@@ -2,13 +2,13 @@
 //
 // installing_ibm_cloud/install-ibm-cloud-installing-on-ibm-cloud.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-public-subnet_{context}"]
 = Configuring the public subnet
 
-All of the {product-title} cluster nodes must be on the public subnet. IBM Cloud&#174; does not provide a DHCP server on the subnet. Set it up separately on the provisioner node.
+All of the {product-title} cluster nodes must be on the public subnet. {ibm-cloud-bm} does not provide a DHCP server on the subnet. Set it up separately on the provisioner node.
 
-You must reset the BASH variables defined when preparing the provisioner node. Rebooting the provisioner node after preparing it will delete the BASH variables previously set. 
+You must reset the BASH variables defined when preparing the provisioner node. Rebooting the provisioner node after preparing it will delete the BASH variables previously set.
 
 .Procedure
 
diff --git a/modules/install-ibm-cloud-preparing-the-provisioner-node.adoc b/modules/install-ibm-cloud-preparing-the-provisioner-node.adoc
index dbdf3943b497..426077c3392d 100644
--- a/modules/install-ibm-cloud-preparing-the-provisioner-node.adoc
+++ b/modules/install-ibm-cloud-preparing-the-provisioner-node.adoc
@@ -2,9 +2,9 @@
 //
 // * installing/installing_ibm_cloud/install-ibm-cloud-installing-on-ibm-cloud.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="preparing-the-provisioner-node-for-openshift-install-on-ibm-cloud_{context}"]
-= Preparing the provisioner node for {product-title} installation on IBM Cloud
+= Preparing the provisioner node on {ibm-cloud-bm} infrastructure
 
 Perform the following steps to prepare the provisioner node.
 
diff --git a/modules/install-ibm-cloud-setting-up-ibm-cloud-infrastructure.adoc b/modules/install-ibm-cloud-setting-up-ibm-cloud-infrastructure.adoc
index 078aebf0790e..3cb86f9c43dd 100644
--- a/modules/install-ibm-cloud-setting-up-ibm-cloud-infrastructure.adoc
+++ b/modules/install-ibm-cloud-setting-up-ibm-cloud-infrastructure.adoc
@@ -1,23 +1,23 @@
 // This is included in the following assemblies:
 //
 // installing_ibm_cloud/install-ibm-cloud-installing-on-ibm-cloud.adoc
-
+:_mod-docs-content-type: PROCEDURE
 [id="setting-up-ibm-cloud-infrastructure_{context}"]
-= Setting up IBM Cloud infrastructure
+= Setting up {ibm-cloud-bm-title} infrastructure
 
-To deploy an {product-title} cluster on IBM Cloud&#174;, you must first provision the IBM Cloud nodes.
+To deploy an {product-title} cluster on {ibm-cloud-bm} infrastructure, you must first provision the {ibm-cloud-name} nodes.
 
 [IMPORTANT]
 ====
-Red Hat supports IPMI and PXE on the `provisioning` network only. Red Hat has not tested Red Fish, virtual media, or other complementary technologies such as Secure Boot on IBM Cloud deployments. The `provisioning` network is required.
+Red Hat supports IPMI and PXE on the `provisioning` network only. Red Hat has not tested Red Fish, virtual media, or other complementary technologies such as Secure Boot on {ibm-cloud-name} deployments. The `provisioning` network is required.
 ====
 
-You can customize IBM Cloud nodes using the IBM Cloud API. When creating IBM Cloud nodes, you must consider the following requirements.
+You can customize {ibm-cloud-name} nodes using the {ibm-cloud-name} API. When creating {ibm-cloud-name} nodes, you must consider the following requirements.
 
 [discrete]
 == Use one data center per cluster
 
-All nodes in the {product-title} cluster must run in the same IBM Cloud data center.
+All nodes in the {product-title} cluster must run in the same {ibm-cloud-name} data center.
 
 [discrete]
 == Create public and private VLANs
@@ -27,9 +27,9 @@ Create all nodes with a single public VLAN and a single private VLAN.
 [discrete]
 == Ensure subnets have sufficient IP addresses
 
-IBM Cloud public VLAN subnets use a `/28` prefix by default, which provides 16 IP addresses. That is sufficient for a cluster consisting of three control plane nodes, four worker nodes, and two IP addresses for the API VIP and Ingress VIP on the `baremetal` network. For larger clusters, you might need a smaller prefix.
+{ibm-cloud-name} public VLAN subnets use a `/28` prefix by default, which provides 16 IP addresses. That is sufficient for a cluster consisting of three control plane nodes, four worker nodes, and two IP addresses for the API VIP and Ingress VIP on the `baremetal` network. For larger clusters, you might need a smaller prefix.
 
-IBM Cloud private VLAN subnets use a `/26` prefix by default, which provides 64 IP addresses. IBM Cloud will use private network IP addresses to access the Baseboard Management Controller (BMC) of each node. {product-title} creates an additional subnet for the `provisioning` network. Network traffic for the `provisioning` network subnet routes through the private VLAN. For larger clusters, you might need a smaller prefix.
+{ibm-cloud-name} private VLAN subnets use a `/26` prefix by default, which provides 64 IP addresses. {ibm-cloud-bm} uses private network IP addresses to access the Baseboard Management Controller (BMC) of each node. {product-title} creates an additional subnet for the `provisioning` network. Network traffic for the `provisioning` network subnet routes through the private VLAN. For larger clusters, you might need a smaller prefix.
 
 .IP addresses per prefix
 [options="header"]
@@ -76,7 +76,7 @@ Ensure PXE is enabled on the NIC used for the `provisioning` network and is disa
 [discrete]
 == Configuring canonical names
 
-Clients access the {product-title} cluster nodes over the `baremetal` network. Configure IBM Cloud subdomains or subzones where the canonical name extension is the cluster name.
+Clients access the {product-title} cluster nodes over the `baremetal` network. Configure {ibm-cloud-name} subdomains or subzones where the canonical name extension is the cluster name.
 
 ----
 <cluster_name>.<domain>
@@ -122,7 +122,7 @@ The following table provides an example of fully qualified domain names. The API
 
 [IMPORTANT]
 ====
-After provisioning the IBM Cloud nodes, you must create a DNS entry for the `api.<cluster_name>.<domain>` domain name on the external DNS because removing CoreDNS causes the local entry to disappear. Failure to create a DNS record for the `api.<cluster_name>.<domain>` domain name in the external DNS server prevents worker nodes from joining the cluster.
+After provisioning the {ibm-cloud-name} nodes, you must create a DNS entry for the `api.<cluster_name>.<domain>` domain name on the external DNS because removing CoreDNS causes the local entry to disappear. Failure to create a DNS record for the `api.<cluster_name>.<domain>` domain name in the external DNS server prevents worker nodes from joining the cluster.
 ====
 
 [discrete]
@@ -138,11 +138,11 @@ Define a consistent clock date and time format in each cluster node's BIOS setti
 [discrete]
 == Configure a DHCP server
 
-IBM Cloud does not run DHCP on the public or private VLANs. After provisioning IBM Cloud nodes, you must set up a DHCP server for the public VLAN, which corresponds to {product-title}'s `baremetal` network.
+{ibm-cloud-bm} does not run DHCP on the public or private VLANs. After provisioning {ibm-cloud-name} nodes, you must set up a DHCP server for the public VLAN, which corresponds to {product-title}'s `baremetal` network.
 
 [NOTE]
 ====
-The IP addresses allocated to each node do not need to match the IP addresses allocated by the IBM Cloud provisioning system.
+The IP addresses allocated to each node do not need to match the IP addresses allocated by the {ibm-cloud-bm} provisioning system.
 ====
 
 See the "Configuring the public subnet" section for details.
@@ -159,12 +159,12 @@ In the `install-config.yaml` file, add the `privilegelevel` parameter to the URL
 ipmi://<IP>:<port>?privilegelevel=OPERATOR
 ----
 
-Alternatively, contact IBM Cloud support and request that they increase the IPMI privileges to `ADMINISTRATOR` for each node.
+Alternatively, contact {ibm-cloud-name} support and request that they increase the IPMI privileges to `ADMINISTRATOR` for each node.
 
 [discrete]
 == Create bare metal servers
 
-Create bare metal servers in the link:https://cloud.ibm.com[IBM Cloud dashboard] by navigating to *Create resource* -> *Bare Metal Server*.
+Create bare metal servers in the link:https://cloud.ibm.com[{ibm-cloud-name} dashboard] by navigating to *Create resource* -> *Bare Metal Servers for Classic*.
 
 Alternatively, you can create bare metal servers with the `ibmcloud` CLI utility. For example:
 
@@ -179,9 +179,9 @@ $ ibmcloud sl hardware create --hostname <SERVERNAME> \
                             --billing <BILLING>
 ----
 
-See link:https://cloud.ibm.com/docs/cli?topic=cli-install-ibmcloud-cli[Installing the stand-alone IBM Cloud CLI] for details on installing the IBM Cloud CLI.
+See link:https://cloud.ibm.com/docs/cli?topic=cli-install-ibmcloud-cli[Installing the stand-alone {ibm-cloud-name} CLI] for details on installing the {ibm-cloud-name} CLI.
 
 [NOTE]
 ====
-IBM Cloud servers might take 3-5 hours to become available.
+{ibm-cloud-name} servers might take 3-5 hours to become available.
 ====
diff --git a/modules/install-openshift-common-terms.adoc b/modules/install-openshift-common-terms.adoc
index 427185853c4f..d9f4efe36cd5 100644
--- a/modules/install-openshift-common-terms.adoc
+++ b/modules/install-openshift-common-terms.adoc
@@ -2,20 +2,19 @@
 //
 // * installing/index.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="install-openshift-common-terms_{context}"]
 = Glossary of common terms for {product-title} installing
 
-This glossary defines common terms that are used in the installation content. These terms help you understand installation effectively.
+The glossary defines common terms that relate to the installation content. Read the following list of terms to better understand the installation process.
 
 {ai-full}::
-An installer hosted at link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[console.redhat.com] that provides a web user interface or a RESTful API for creating a cluster configuration. The {ai-full} generates a discovery image. Cluster machines boot with the discovery image, which installs {op-system} and an agent. Together, the {ai-full} and agent provide pre-installation validation and installation for the cluster.
-
-Agent-based installer::
-An installer similar to the {ai-full}, but you must download the link:https://console.redhat.com/openshift/install/metal/agent-based[agent-based installer] first. The agent-based installer is ideal for air-gapped/restricted networks.
+An installer hosted at link:https://console.redhat.com/openshift/assisted-installer/clusters/~new[console.redhat.com] that provides a web-based user interface or a RESTful API for creating a cluster configuration. The link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}] generates a discovery image. Cluster machines boot with the discovery image, which installs {op-system} and an agent. Together, the {ai-full} and agent provide preinstallation validation and installation for the cluster.
 
+Agent-based Installer::
+An installer similar to the {ai-full}, but you must download the link:https://console.redhat.com/openshift/install/metal/agent-based[Agent-based Installer] first. The Agent-based Installer is ideal for disconnected environments.
 Bootstrap node::
-A temporary machine that runs a minimal Kubernetes configuration to deploy the {product-title} control plane.
+A temporary machine that runs a minimal Kubernetes configuration required to deploy the {product-title} control plane.
 
 Control plane::
 A container orchestration layer that exposes the API and interfaces to define, deploy, and manage the lifecycle of containers. Also known as control plane machines.
@@ -24,7 +23,7 @@ Compute node::
 Nodes that are responsible for executing workloads for cluster users. Also known as worker nodes.
 
 Disconnected installation::
-There are situations where parts of a data center might not have access to the internet, even through proxy servers. You can still install the {product-title} in these environments, but you must download the required software and images and make them available to the disconnected environment.
+In some situations, parts of a data center might not have access to the internet, even through proxy servers. You can still install the {product-title} in these environments, but you must download the required software and images and make them available to the disconnected environment.
 
 The {product-title} installation program::
 A program that provisions the infrastructure and deploys a cluster.
@@ -33,19 +32,19 @@ Installer-provisioned infrastructure::
 The installation program deploys and configures the infrastructure that the cluster runs on.
 
 Ignition config files::
-A file that Ignition uses to configure {op-system-first} during operating system initialization. The installation program generates different Ignition config files to initialize bootstrap, control plane, and worker nodes.
+A file that the Ignition tool uses to configure {op-system-first} during operating system initialization. The installation program generates different Ignition configuration files to initialize bootstrap, control plane, and worker nodes.
 
 Kubernetes manifests::
-Specifications of a Kubernetes API object in a JSON or YAML format. A configuration file can include deployments, config maps, secrets, daemonsets etc.
+Specifications of a Kubernetes API object in a JSON or YAML format. A configuration file can include deployments, config maps, secrets, daemonsets, and so on.
 
 Kubelet::
-A **primary node** agent that runs on each node in the cluster to ensure that containers are running in a pod.
+A primary node agent that runs on each node in the cluster to ensure that containers are running in a pod.
 
 Load balancers::
 A load balancer serves as the single point of contact for clients. Load balancers for the API distribute incoming traffic across control plane nodes.
 
 Machine Config Operator::
-An Operator that manages and applies configuration and updates of the base operating system and container runtime, including everything between the kernel and kubelet for the nodes in the cluster.
+An Operator that manages and applies configurations and updates of the base operating system and container runtime, including everything between the kernel and kubelet, for the nodes in the cluster.
 
 Operators::
 The preferred method of packaging, deploying, and managing a Kubernetes application in an {product-title} cluster. An operator takes human operational knowledge and encodes it into software that is easily packaged and shared with customers.
diff --git a/modules/install-osp-deploy-dualstack.adoc b/modules/install-osp-deploy-dualstack.adoc
new file mode 100644
index 000000000000..3c14d78f1a2f
--- /dev/null
+++ b/modules/install-osp-deploy-dualstack.adoc
@@ -0,0 +1,141 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_openstack/installing-openstack-installer-custom.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="install-osp-deploy-dualstack_{context}"]
+= Deploying the dual-stack cluster
+
+.Procedure
+
+. Create a network with IPv4 and IPv6 subnets. The available address modes for the `ipv6-ra-mode` and `ipv6-address-mode` fields are: `dhcpv6-stateful`, `dhcpv6-stateless`, and `slaac`.
++
+[NOTE]
+====
+The dualstack network MTU must accommodate both the minimum MTU for IPv6, which is 1280, and the OVN-Kubernetes encapsulation overhead, which is 100.
+====
++
+[NOTE]
+====
+DHCP must be enabled on the subnets.
+====
+
+. Create the API and Ingress VIPs ports.
+
+. Add the IPv6 subnet to the router to enable router advertisements. If you are using a provider network, you can enable router advertisements by adding the network as an external gateway, which also enables external connectivity.
+
+
+. To configure IPv4 and IPv6 address endpoints for cluster nodes, edit the `install-config.yaml` file. The following is an example of an `install-config.yaml` file:
++
+.Example `install-config.yaml`
+
+[source, yaml]
+----
+apiVersion: v1
+baseDomain: mydomain.test
+compute:
+- name: worker
+  platform:
+    openstack:
+      type: m1.xlarge
+  replicas: 3
+controlPlane:
+  name: master
+  platform:
+    openstack:
+      type: m1.xlarge
+  replicas: 3
+metadata:
+  name: mycluster
+networking:
+  machineNetwork: <1>
+  - cidr: "192.168.25.0/24"
+  - cidr: "fd2e:6f44:5dd8:c956::/64"
+  clusterNetwork: <1>
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  - cidr: fd01::/48
+    hostPrefix: 64
+  serviceNetwork: <1>
+  - 172.30.0.0/16
+  - fd02::/112
+platform:
+  openstack:
+    ingressVIPs: ['192.168.25.79', 'fd2e:6f44:5dd8:c956:f816:3eff:fef1:1bad'] <2>
+    apiVIPs: ['192.168.25.199', 'fd2e:6f44:5dd8:c956:f816:3eff:fe78:cf36'] <3>
+    controlPlanePort: <4>
+      fixedIPs: <5>
+      - subnet: <6>
+          name: subnet-v4
+          id: subnet-v4-id
+      - subnet: <6>
+          name: subnet-v6
+          id: subnet-v6-id
+      network: <7>
+        name: dualstack
+        id: network-id
+----
+<1> You must specify an IP address range for both the IPv4 and IPv6 address families.
+<2> Specify the virtual IP (VIP) address endpoints for the Ingress VIP services to provide an interface to the cluster.
+<3> Specify the virtual IP (VIP) address endpoints for the API VIP services to provide an interface to the cluster.
+<4> Specify the dual-stack network details that are used by all of the nodes across the cluster.
+<5> The CIDR of any subnet specified in this field must match the CIDRs listed on `networks.machineNetwork`.
+<6> You can specify a value for either `name` or `id`, or both.
+<7> Specifying the `network` under the `ControlPlanePort` field is optional.
++
+Alternatively, if you want an IPv6 primary dual-stack cluster, edit the `install-config.yaml` file following the example below:
++
+.Example `install-config.yaml`
+
+[source, yaml]
+----
+apiVersion: v1
+baseDomain: mydomain.test
+compute:
+- name: worker
+  platform:
+    openstack:
+      type: m1.xlarge
+  replicas: 3
+controlPlane:
+  name: master
+  platform:
+    openstack:
+      type: m1.xlarge
+  replicas: 3
+metadata:
+  name: mycluster
+networking:
+  machineNetwork: <1>
+  - cidr: "fd2e:6f44:5dd8:c956::/64"
+  - cidr: "192.168.25.0/24"
+  clusterNetwork: <1>
+  - cidr: fd01::/48
+    hostPrefix: 64
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  serviceNetwork: <1>
+  - fd02::/112
+  - 172.30.0.0/16
+platform:
+  openstack:
+    ingressVIPs: ['fd2e:6f44:5dd8:c956:f816:3eff:fef1:1bad', '192.168.25.79'] <2>
+    apiVIPs: ['fd2e:6f44:5dd8:c956:f816:3eff:fe78:cf36', '192.168.25.199'] <3>
+    controlPlanePort: <4>
+      fixedIPs: <5>
+      - subnet: <6>
+          name: subnet-v6
+          id: subnet-v6-id
+      - subnet: <6>
+          name: subnet-v4
+          id: subnet-v4-id
+      network: <7>
+        name: dualstack
+        id: network-id
+----
+<1> You must specify an IP address range for both the IPv4 and IPv6 address families.
+<2> Specify the virtual IP (VIP) address endpoints for the Ingress VIP services to provide an interface to the cluster.
+<3> Specify the virtual IP (VIP) address endpoints for the API VIP services to provide an interface to the cluster.
+<4> Specify the dual-stack network details that are used by all the nodes across the cluster.
+<5> The CIDR of any subnet specified in this field must match the CIDRs listed on `networks.machineNetwork`.
+<6> You can specify a value for either `name` or `id`, or both.
+<7> Specifying the `network` under the `ControlPlanePort` field is optional.
\ No newline at end of file
diff --git a/modules/install-osp-dualstack.adoc b/modules/install-osp-dualstack.adoc
new file mode 100644
index 000000000000..e6c259436a24
--- /dev/null
+++ b/modules/install-osp-dualstack.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_openstack/installing-openstack-installer-custom.adoc
+:_mod-docs-content-type: CONCEPT
+[id="install-osp-dualstack_{context}"]
+= Optional: Configuring a cluster with dual-stack networking
+
+:FeatureName: Dual-stack configuration for OpenStack
+
+You can create a dual-stack cluster on {rh-openstack}. However, the dual-stack configuration is enabled only if you are using an {rh-openstack} network with IPv4 and IPv6 subnets.
+
+[NOTE]
+====
+{rh-openstack} does not support the conversion of an IPv4 single-stack cluster to a dual-stack cluster network.
+====
+
diff --git a/modules/install-sno-about-installing-on-a-single-node.adoc b/modules/install-sno-about-installing-on-a-single-node.adoc
index aba00569f8d6..189b115ac4a0 100644
--- a/modules/install-sno-about-installing-on-a-single-node.adoc
+++ b/modules/install-sno-about-installing-on-a-single-node.adoc
@@ -2,11 +2,11 @@
 //
 // installing_sno/install-sno-preparing-to-install-sno.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="install-sno-about-installing-on-a-single-node_{context}"]
 = About OpenShift on a single node
 
-You can create a single-node cluster with standard installation methods. {product-title} on a single node is a specialized installation that requires the creation of a special ignition configuration ISO. The primary use case is for edge computing workloads, including intermittent connectivity, portable clouds, and 5G radio access networks (RAN) close to a base station. The major tradeoff with an installation on a single node is the lack of high availability.
+You can create a single-node cluster with standard installation methods. {product-title} on a single node is a specialized installation that requires the creation of a special Ignition configuration file. The primary use case is for edge computing workloads, including intermittent connectivity, portable clouds, and 5G radio access networks (RAN) close to a base station. The major tradeoff with an installation on a single node is the lack of high availability.
 
 [IMPORTANT]
 ====
diff --git a/modules/install-sno-additional-requirements-for-installing-sno-on-a-cloud-provider.adoc b/modules/install-sno-additional-requirements-for-installing-sno-on-a-cloud-provider.adoc
new file mode 100644
index 000000000000..b7d70b369b30
--- /dev/null
+++ b/modules/install-sno-additional-requirements-for-installing-sno-on-a-cloud-provider.adoc
@@ -0,0 +1,18 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_sno/install-sno-preparing-to-install-sno.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="additional-requirements-for-installing-sno-on-a-cloud-provider_{context}"]
+= Additional requirements for installing {sno} on a cloud provider
+
+The documentation for installer-provisioned installation on cloud providers is based on a high availability cluster consisting of three control plane nodes. When referring to the documentation, consider the differences between the requirements for a {sno} cluster and a high availability cluster.
+
+* A high availability cluster requires a temporary bootstrap machine, three control plane machines, and at least two compute machines. For a {sno} cluster, you need only a temporary bootstrap machine and one cloud instance for the control plane node and no worker nodes.
+
+* The minimum resource requirements for high availability cluster installation include a control plane node with 4 vCPUs and 100GB of storage. For a {sno} cluster, you must have a minimum of 8 vCPU cores and 120GB of storage.
+
+* The `controlPlane.replicas` setting in the `install-config.yaml` file should be set to `1`.
+
+* The `compute.replicas` setting in the `install-config.yaml` file should be set to `0`.
+This makes the control plane node schedulable.
diff --git a/modules/install-sno-generating-the-discovery-iso-with-the-assisted-installer.adoc b/modules/install-sno-generating-the-discovery-iso-with-the-assisted-installer.adoc
index 5a507f007ae5..924d2dd991cc 100644
--- a/modules/install-sno-generating-the-discovery-iso-with-the-assisted-installer.adoc
+++ b/modules/install-sno-generating-the-discovery-iso-with-the-assisted-installer.adoc
@@ -2,7 +2,7 @@
 //
 // installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-sno-generating-the-discovery-iso-with-the-assisted-installer_{context}"]
 = Generating the discovery ISO with the Assisted Installer
 
diff --git a/modules/install-sno-generating-the-install-iso-manually.adoc b/modules/install-sno-generating-the-install-iso-manually.adoc
index b57ba3120096..7cf218b23423 100644
--- a/modules/install-sno-generating-the-install-iso-manually.adoc
+++ b/modules/install-sno-generating-the-install-iso-manually.adoc
@@ -2,7 +2,7 @@
 //
 // installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="generating-the-install-iso-manually_{context}"]
 = Generating the installation ISO with coreos-installer
 
diff --git a/modules/install-sno-ibm-power.adoc b/modules/install-sno-ibm-power.adoc
new file mode 100644
index 000000000000..770448878e69
--- /dev/null
+++ b/modules/install-sno-ibm-power.adoc
@@ -0,0 +1,49 @@
+// This is included in the following assemblies:
+//
+// installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-sno-on-ibm-power_{context}"]
+= Installing {sno} with {ibm-power-title}
+
+.Prerequisites
+
+* You have set up bastion.
+
+.Procedure
+
+There are two steps for the {sno} cluster installation. First the {sno} logical partition (LPAR) needs to boot up with PXE, then you need to monitor the installation progress.
+
+. Use the following command to boot powerVM with netboot:
++
+[source,terminal]
+----
+$ lpar_netboot -i -D -f -t ent -m <sno_mac> -s auto -d auto -S <server_ip> -C <sno_ip> -G <gateway> <lpar_name> default_profile <cec_name>
+----
++
+where:
++
+--
+sno_mac:: Specifies the MAC address of the {sno} cluster.
+sno_ip:: Specifies the IP address of the {sno} cluster.
+server_ip:: Specifies the IP address of bastion (PXE server).
+gateway:: Specifies the Network's gateway IP.
+lpar_name:: Specifies the {sno} lpar name in HMC.
+cec_name:: Specifies the System name where the sno_lpar resides
+--
+
+. After the {sno} LPAR boots up with PXE, use the `openshift-install` command to monitor the progress of installation:
+
+.. Run the following command after the bootstrap is complete:
++
+[source,terminal]
+----
+./openshift-install wait-for bootstrap-complete
+----
+
+.. Run the following command after it returns successfully:
++
+[source,terminal]
+----
+./openshift-install wait-for install-complete
+----
\ No newline at end of file
diff --git a/modules/install-sno-ibm-z-kvm.adoc b/modules/install-sno-ibm-z-kvm.adoc
new file mode 100644
index 000000000000..02e4e05590f0
--- /dev/null
+++ b/modules/install-sno-ibm-z-kvm.adoc
@@ -0,0 +1,173 @@
+// This is included in the following assemblies:
+//
+// installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-sno-on-ibm-z-kvm_{context}"]
+= Installing {sno} with {op-system-base} KVM on {ibm-z-title} and {ibm-linuxone-title}
+
+.Prerequisites
+
+* You  have installed `podman`.
+
+.Procedure
+
+. Set the {product-title} version by running the following command:
++
+[source,terminal]
+----
+$ OCP_VERSION=<ocp_version> <1>
+----
++
+<1> Replace `<ocp_version>` with the current version, for example, `latest-{product-version}`
+
+. Set the host architecture by running the following command:
++
+[source,terminal]
+----
+$ ARCH=<architecture> <1>
+----
+<1> Replace `<architecture>` with the target host architecture `s390x`.
+
+. Download the {product-title} client (`oc`) and make it available for use by entering the following commands:
++
+[source,terminal]
+----
+$ curl -k https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OCP_VERSION/openshift-client-linux.tar.gz -o oc.tar.gz
+----
++
+[source,terminal]
+----
+$ tar zxf oc.tar.gz
+----
++
+[source,terminal]
+----
+$ chmod +x oc
+----
+
+. Download the {product-title} installer and make it available for use by entering the following commands:
++
+[source,terminal]
+----
+$ curl -k https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OCP_VERSION/openshift-install-linux.tar.gz -o openshift-install-linux.tar.gz
+----
++
+[source,terminal]
+----
+$ tar zxvf openshift-install-linux.tar.gz
+----
++
+[source,terminal]
+----
+$ chmod +x openshift-install
+----
+
+. Prepare the `install-config.yaml` file:
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: <domain> <1>
+compute:
+- name: worker
+  replicas: 0 <2>
+controlPlane:
+  name: master
+  replicas: 1 <3>
+metadata:
+  name: <name> <4>
+networking: <5>
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 10.0.0.0/16 <6>
+  networkType: OVNKubernetes
+  serviceNetwork:
+  - 172.30.0.0/16
+platform:
+  none: {}
+bootstrapInPlace:
+  installationDisk: /dev/disk/by-id/<disk_id> <7>
+pullSecret: '<pull_secret>' <8>
+sshKey: |
+  <ssh_key> <9>
+----
+<1> Add the cluster domain name.
+<2> Set the `compute` replicas to `0`. This makes the control plane node schedulable.
+<3> Set the `controlPlane` replicas to `1`. In conjunction with the previous `compute` setting, this setting ensures the cluster runs on a single node.
+<4> Set the `metadata` name to the cluster name.
+<5> Set the `networking` details. OVN-Kubernetes is the only allowed network plugin type for single-node clusters.
+<6> Set the `cidr` value to match the subnet of the {sno} cluster.
+<7> Set the path to the installation disk drive, for example, `/dev/disk/by-id/wwn-0x64cd98f04fde100024684cf3034da5c2`.
+<8> Copy the {cluster-manager-url-pull} and add the contents to this configuration setting.
+<9> Add the public SSH key from the administration host so that you can log in to the cluster after installation.
+
+. Generate {product-title} assets by running the following commands:
++
+[source,terminal]
+----
+$ mkdir ocp
+----
++
+[source,terminal]
+----
+$ cp install-config.yaml ocp
+----
++
+[source,terminal]
+----
+$ ./openshift-install --dir=ocp create single-node-ignition-config
+----
+
+. Obtain the {op-system-base} `kernel`, `initramfs`, and `rootfs` artifacts from the link:https://access.redhat.com/downloads/content/290[Product Downloads] page on the Red Hat Customer Portal or from the link:https://mirror.openshift.com/pub/openshift-v4/s390x/dependencies/rhcos/latest/[{op-system} image mirror] page.
++
+[IMPORTANT]
+====
+The {op-system} images might not change with every release of {product-title}. You must download images with the highest version that is less than or equal to the {product-title} version that you install. Only use the appropriate `kernel`, `initramfs`, and `rootfs` artifacts described in the following procedure.
+====
++
+The file names contain the {product-title} version number. They resemble the following examples:
++
+`kernel`:: `rhcos-<version>-live-kernel-<architecture>`
+`initramfs`:: `rhcos-<version>-live-initramfs.<architecture>.img`
+`rootfs`:: `rhcos-<version>-live-rootfs.<architecture>.img`
++
+. Before you launch `virt-install`, move the following files and artifacts to an HTTP or HTTPS server:
+
+** Downloaded {op-system-base} live `kernel`, `initramfs`, and `rootfs` artifacts
+** Ignition files
+
+. Create the KVM guest nodes by using the following components:
+
+** {op-system-base} `kernel` and `initramfs` artifacts
+** Ignition files
+** The new disk image
+** Adjusted parm line arguments
+
+[source,terminal]
+----
+$ virt-install \
+   --name {vn_name} \
+   --autostart \
+   --memory={memory_mb} \
+   --cpu host \
+   --vcpus {vcpus} \
+   --location {media_location},kernel={rhcos_kernel},initrd={rhcos_initrd} \// <1>
+   --disk size=100 \
+   --network network={virt_network_parm} \
+   --graphics none \
+   --noautoconsole \
+   --extra-args "ip=${IP}::${GATEWAY}:${MASK}:${VM_NAME}::none" \
+   --extra-args "nameserver=${NAME_SERVER}" \
+   --extra-args "ip=dhcp rd.neednet=1 ignition.platform.id=metal ignition.firstboot" \
+   --extra-args "coreos.live.rootfs_url={rhcos_liveos}" \// <2>
+   --extra-args "ignition.config.url={rhcos_ign}" \// <3>
+   --extra-args "random.trust_cpu=on rd.luks.options=discard" \
+   --extra-args "console=tty1 console=ttyS1,115200n8" \
+   --wait
+----
+<1> For the `--location` parameter, specify the location  of the kernel/initrd on the HTTP or HTTPS server.
+<2> For the `coreos.live.rootfs_url=` artifact, specify the matching `rootfs` artifact for the `kernel` and `initramfs` you are booting. Only HTTP and HTTPS protocols are supported.
+<3> For the `ignition.config.url=` parameter, specify the Ignition file for the machine role. Only HTTP and HTTPS protocols are supported.
\ No newline at end of file
diff --git a/modules/install-sno-ibm-z.adoc b/modules/install-sno-ibm-z.adoc
new file mode 100644
index 000000000000..cd997227b8dd
--- /dev/null
+++ b/modules/install-sno-ibm-z.adoc
@@ -0,0 +1,264 @@
+// This is included in the following assemblies:
+//
+// installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-sno-on-ibm-z_{context}"]
+= Installing {sno} with z/VM on {ibm-z-title} and {ibm-linuxone-title}
+
+.Prerequisites
+
+* You have installed `podman`.
+
+.Procedure
+
+. Set the {product-title} version by running the following command:
++
+[source,terminal]
+----
+$ OCP_VERSION=<ocp_version> <1>
+----
++
+<1> Replace `<ocp_version>` with the current version, for example, `latest-{product-version}`
+
+. Set the host architecture by running the following command:
++
+[source,terminal]
+----
+$ ARCH=<architecture> <1>
+----
+<1> Replace `<architecture>` with the target host architecture `s390x`.
+
+. Download the {product-title} client (`oc`) and make it available for use by entering the following commands:
++
+[source,terminal]
+----
+$ curl -k https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OCP_VERSION/openshift-client-linux.tar.gz -o oc.tar.gz
+----
++
+[source,terminal]
+----
+$ tar zxf oc.tar.gz
+----
++
+[source,terminal]
+----
+$ chmod +x oc
+----
+
+. Download the {product-title} installer and make it available for use by entering the following commands:
++
+[source,terminal]
+----
+$ curl -k https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OCP_VERSION/openshift-install-linux.tar.gz -o openshift-install-linux.tar.gz
+----
++
+[source,terminal]
+----
+$ tar zxvf openshift-install-linux.tar.gz
+----
++
+[source,terminal]
+----
+$ chmod +x openshift-install
+----
+
+. Prepare the `install-config.yaml` file:
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: <domain> <1>
+compute:
+- name: worker
+  replicas: 0 <2>
+controlPlane:
+  name: master
+  replicas: 1 <3>
+metadata:
+  name: <name> <4>
+networking: <5>
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 10.0.0.0/16 <6>
+  networkType: OVNKubernetes
+  serviceNetwork:
+  - 172.30.0.0/16
+platform:
+  none: {}
+bootstrapInPlace:
+  installationDisk: /dev/disk/by-id/<disk_id> <7>
+pullSecret: '<pull_secret>' <8>
+sshKey: |
+  <ssh_key> <9>
+----
+<1> Add the cluster domain name.
+<2> Set the `compute` replicas to `0`. This makes the control plane node schedulable.
+<3> Set the `controlPlane` replicas to `1`. In conjunction with the previous `compute` setting, this setting ensures the cluster runs on a single node.
+<4> Set the `metadata` name to the cluster name.
+<5> Set the `networking` details. OVN-Kubernetes is the only allowed network plugin type for single-node clusters.
+<6> Set the `cidr` value to match the subnet of the {sno} cluster.
+<7> Set the path to the installation disk drive, for example, `/dev/disk/by-id/wwn-0x64cd98f04fde100024684cf3034da5c2`.
+<8> Copy the {cluster-manager-url-pull} and add the contents to this configuration setting.
+<9> Add the public SSH key from the administration host so that you can log in to the cluster after installation.
+
+. Generate {product-title} assets by running the following commands:
++
+[source,terminal]
+----
+$ mkdir ocp
+----
++
+[source,terminal]
+----
+$ cp install-config.yaml ocp
+----
++
+[source,terminal]
+----
+$ ./openshift-install --dir=ocp create single-node-ignition-config
+----
+
+. Obtain the {op-system-base} `kernel`, `initramfs`, and `rootfs`  artifacts from the link:https://access.redhat.com/downloads/content/290[Product Downloads] page on the Red Hat Customer Portal or from the link:https://mirror.openshift.com/pub/openshift-v4/s390x/dependencies/rhcos/latest/[{op-system} image mirror] page.
++
+[IMPORTANT]
+====
+The {op-system} images might not change with every release of {product-title}. You must download images with the highest version that is less than or equal to the {product-title} version that you install. Only use the appropriate `kernel`, `initramfs`, and `rootfs` artifacts described in the following procedure.
+====
++
+The file names contain the {product-title} version number. They resemble the following examples:
++
+`kernel`:: `rhcos-<version>-live-kernel-<architecture>`
+`initramfs`:: `rhcos-<version>-live-initramfs.<architecture>.img`
+`rootfs`:: `rhcos-<version>-live-rootfs.<architecture>.img`
++
+[NOTE]
+====
+The `rootfs` image is the same for FCP and DASD.
+====
+
+. Move the following artifacts and files to an HTTP or HTTPS server:
+
+** Downloaded {op-system-base} live `kernel`, `initramfs`, and `rootfs` artifacts
+** Ignition files
+
+. Create parameter files for a particular virtual machine:
++
+.Example parameter file
++
+[source,terminal]
+----
+rd.neednet=1 \
+console=ttysclp0 \
+coreos.live.rootfs_url={rhcos_liveos}:8080/rootfs.img \// <1>
+ignition.config.url={rhcos_ign}:8080/ignition/bootstrap-in-place-for-live-iso.ign \// <2>
+ip=encbdd0:dhcp::02:00:00:02:34:02 <3>
+rd.znet=qeth,0.0.bdd0,0.0.bdd1,0.0.bdd2,layer2=1 \
+rd.dasd=0.0.4411 \// <4>
+rd.zfcp=0.0.8001,0x50050763040051e3,0x4000406300000000 \// <5>
+zfcp.allow_lun_scan=0 \
+rd.luks.options=discard \
+ignition.firstboot ignition.platform.id=metal \
+console=tty1 console=ttyS1,115200n8
+----
+<1> For the `coreos.live.rootfs_url=` artifact, specify the matching `rootfs` artifact for the `kernel`and `initramfs` you are booting. Only HTTP and HTTPS protocols are supported.
+<2> For the `ignition.config.url=` parameter, specify the Ignition file for the machine role. Only HTTP and HTTPS protocols are supported.
+<3> For the `ip=` parameter, assign the IP address automatically using DHCP or manually as described in "Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}".
+<4> For installations on DASD-type disks, use `rd.dasd=` to specify the DASD where {op-system} is to be installed. Omit this entry for FCP-type disks.
+<5> For installations on FCP-type disks, use `rd.zfcp=<adapter>,<wwpn>,<lun>` to specify the FCP disk where {op-system} is to be installed. Omit this entry for DASD-type disks.
++
+Leave all other parameters unchanged.
+
+. Transfer the following artifacts, files, and images to z/VM. For example by using FTP:
+
+** `kernel` and `initramfs` artifacts
+** Parameter files
+** {op-system} images
++
+For details about how to transfer the files with FTP and boot from the virtual reader, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-installing-zvm-s390[Installing under Z/VM].
+
+. Punch the files to the virtual reader of the z/VM guest virtual machine that is to become your bootstrap node.
+
+. Log in to CMS on the bootstrap machine.
+
+. IPL the bootstrap machine from the reader by running the following command:
++
+----
+$ cp ipl c
+----
+
+. After the first reboot of the virtual machine, run the following commands directly after one another:
+
+.. To boot a DASD device after first reboot, run the following commands:
++
+--
+[source,terminal]
+----
+$ cp i <devno> clear loadparm prompt
+----
+
+where:
+
+`<devno>`:: Specifies the device number of the boot device as seen by the guest.
+
+[source,terminal]
+----
+$ cp vi vmsg 0 <kernel_parameters>
+----
+
+where:
+
+`<kernel_parameters>`:: Specifies a set of kernel parameters to be stored as system control program data (SCPDATA). When booting Linux, these kernel parameters are concatenated to the end of the existing kernel parameters that are used by your boot configuration. The combined parameter string must not exceed 896 characters.
+--
+.. To boot an FCP device after first reboot, run the following commands:
++
+--
+[source,terminal]
+----
+$ cp set loaddev portname <wwpn> lun <lun>
+----
+
+where:
+
+`<wwpn>`:: Specifies the target port and `<lun>` the logical unit in hexadecimal format.
+
+[source,terminal]
+----
+$ cp set loaddev bootprog <n>
+----
+
+where:
+
+`<n>`:: Specifies the kernel to be booted.
+
+[source,terminal]
+----
+$ cp set loaddev scpdata {APPEND|NEW} '<kernel_parameters>'
+----
+
+where:
+
+`<kernel_parameters>`:: Specifies a set of kernel parameters to be stored as system control program data (SCPDATA). When booting Linux, these kernel parameters are concatenated to the end of the existing kernel parameters that are used by your boot configuration. The combined parameter string must not exceed 896 characters.
+
+`<APPEND|NEW>`:: Optional: Specify `APPEND` to append kernel parameters to existing SCPDATA. This is the default. Specify `NEW` to replace existing SCPDATA.
+
+.Example
+[source,terminal]
+----
+$ cp set loaddev scpdata 'rd.zfcp=0.0.8001,0x500507630a0350a4,0x4000409D00000000
+ip=encbdd0:dhcp::02:00:00:02:34:02 rd.neednet=1'
+----
+
+To start the IPL and boot process, run the following command:
+
+[source,terminal]
+----
+$ cp i <devno>
+----
+
+where:
+
+`<devno>`:: Specifies the device number of the boot device as seen by the guest.
+--
\ No newline at end of file
diff --git a/modules/install-sno-installing-sno-on-azure.adoc b/modules/install-sno-installing-sno-on-azure.adoc
new file mode 100644
index 000000000000..d381cfde4262
--- /dev/null
+++ b/modules/install-sno-installing-sno-on-azure.adoc
@@ -0,0 +1,9 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="installing-sno-on-azure_{context}"]
+= Installing {sno} on Azure
+
+Installing a single node cluster on Azure requires installer-provisioned installation using the "Installing a cluster on Azure with customizations" procedure.
\ No newline at end of file
diff --git a/modules/install-sno-installing-sno-on-gcp.adoc b/modules/install-sno-installing-sno-on-gcp.adoc
new file mode 100644
index 000000000000..41d998734a6d
--- /dev/null
+++ b/modules/install-sno-installing-sno-on-gcp.adoc
@@ -0,0 +1,9 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="installing-sno-on-gcp_{context}"]
+= Installing {sno} on GCP
+
+Installing a single node cluster on GCP requires installer-provisioned installation using the "Installing a cluster on GCP with customizations" procedure.
diff --git a/modules/install-sno-installing-with-the-assisted-installer.adoc b/modules/install-sno-installing-with-the-assisted-installer.adoc
index ee83eca56a83..a4d61bd1bc9b 100644
--- a/modules/install-sno-installing-with-the-assisted-installer.adoc
+++ b/modules/install-sno-installing-with-the-assisted-installer.adoc
@@ -2,7 +2,7 @@
 //
 // installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-sno-installing-with-the-assisted-installer_{context}"]
 = Installing {sno} with the Assisted Installer
 
diff --git a/modules/install-sno-installing-with-usb-media.adoc b/modules/install-sno-installing-with-usb-media.adoc
index 30da15ddf754..f1ee1b05b3e5 100644
--- a/modules/install-sno-installing-with-usb-media.adoc
+++ b/modules/install-sno-installing-with-usb-media.adoc
@@ -2,7 +2,7 @@
 //
 // installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-with-usb-media_{context}"]
 = Creating a bootable ISO image on a USB drive
 
diff --git a/modules/install-sno-monitoring-the-installation-manually.adoc b/modules/install-sno-monitoring-the-installation-manually.adoc
index 7efb12a995a8..aed40fb90747 100644
--- a/modules/install-sno-monitoring-the-installation-manually.adoc
+++ b/modules/install-sno-monitoring-the-installation-manually.adoc
@@ -2,7 +2,7 @@
 //
 // installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-sno-monitoring-the-installation-manually_{context}"]
 = Monitoring the cluster installation using openshift-install
 
@@ -41,5 +41,5 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                         STATUS   ROLES           AGE     VERSION
-control-plane.example.com    Ready    master,worker   10m     v1.26.0
+control-plane.example.com    Ready    master,worker   10m     v1.28.5
 ----
diff --git a/modules/install-sno-requirements-for-installing-on-a-single-node.adoc b/modules/install-sno-requirements-for-installing-on-a-single-node.adoc
index a2ffd5562b0c..48bfd00e3e3b 100644
--- a/modules/install-sno-requirements-for-installing-on-a-single-node.adoc
+++ b/modules/install-sno-requirements-for-installing-on-a-single-node.adoc
@@ -1,7 +1,7 @@
 // This is included in the following assemblies:
 //
 // installing_sno/install-sno-preparing-to-install-sno.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="install-sno-requirements-for-installing-on-a-single-node_{context}"]
 = Requirements for installing OpenShift on a single node
@@ -9,18 +9,28 @@
 Installing {product-title} on a single node alleviates some of the requirements for high availability and large scale clusters. However, you must address the following requirements:
 
 * *Administration host:* You must have a computer to prepare the ISO, to create the USB boot drive, and to monitor the installation.
++
+[NOTE]
+====
+For the `ppc64le` platform, the host should prepare the ISO, but does not need to create the USB boot drive. The ISO can be mounted to PowerVM directly.
+====
++
+[NOTE]
+====
+ISO is not required for {ibm-z-name} installations.
+====
 
-* *CPU Architecture:* Installing {product-title} on a single node supports `x86_64` and `arm64` CPU architectures.
+* *CPU Architecture:* Installing {product-title} on a single node supports `x86_64`, `arm64`,`ppc64le`, and `s390x` CPU architectures.
 
-* *Supported platforms:* Installing {product-title} on a single node is supported on bare metal, vSphere, AWS, Red Hat OpenStack, and Red Hat Virtualization platforms. In all cases, you must specify the `platform.none: {}` parameter in the `install-config.yaml` configuration file.
+* *Supported platforms:* Installing {product-title} on a single node is supported on bare metal, vSphere, AWS cloud, Red Hat OpenStack, {VirtProductName}, {ibm-power-name}, and {ibm-z-name} platforms.
 
-* *Production-grade server:* Installing {product-title} on a single node requires a server with sufficient resources to run {product-title} services and a production workload. 
+* *Production-grade server:* Installing {product-title} on a single node requires a server with sufficient resources to run {product-title} services and a production workload.
 +
 .Minimum resource requirements
 [options="header"]
 |====
 |Profile|vCPU|Memory|Storage
-|Minimum|8 vCPU cores|16GB of RAM| 120GB
+|Minimum|8 vCPU cores|16 GB of RAM| 120 GB
 |====
 +
 [NOTE]
@@ -32,7 +42,12 @@ Installing {product-title} on a single node alleviates some of the requirements
 * Adding Operators during the installation process might increase the minimum resource requirements.
 ====
 +
-The server must have a Baseboard Management Controller (BMC) when booting with virtual media. 
+The server must have a Baseboard Management Controller (BMC) when booting with virtual media.
++
+[NOTE]
+====
+BMC is not supported on {ibm-z-name} and {ibm-power-name}.
+====
 
 * *Networking:* The server must have access to the internet or access to a local registry if it is not connected to a routable network. The server must have a DHCP reservation or a static IP address for the Kubernetes API, ingress route, and cluster node domain names. You must configure the DNS to resolve the IP address to each of the following fully qualified domain names (FQDN):
 +
diff --git a/modules/install-sno-supported-cloud-providers-for-single-node-openshift.adoc b/modules/install-sno-supported-cloud-providers-for-single-node-openshift.adoc
new file mode 100644
index 000000000000..d345b04ea7ae
--- /dev/null
+++ b/modules/install-sno-supported-cloud-providers-for-single-node-openshift.adoc
@@ -0,0 +1,18 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="supported-cloud-providers-for-single-node-openshift_{context}"]
+= Supported cloud providers for {sno}
+
+The following table contains a list of supported cloud providers and CPU architectures.
+
+.Supported cloud providers
+[options="header"]
+|====
+|Cloud provider |CPU architecture
+|Amazon Web Service (AWS)|x86_64 and AArch64
+|Microsoft Azure|x86_64
+|Google Cloud Platform (GCP) | x86_64 and AArch64
+|====
diff --git a/modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-a-cloud-provider.adoc b/modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-a-cloud-provider.adoc
new file mode 100644
index 000000000000..f46247c6a305
--- /dev/null
+++ b/modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-a-cloud-provider.adoc
@@ -0,0 +1,18 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_sno/install-sno-preparing-to-install-sno.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="additional-requirements-for-installing-sno-on-a-cloud-provider_{context}"]
+= Additional requirements for installing {sno} on a cloud provider
+
+The AWS documentation for installer-provisioned installation is written with a high availability cluster consisting of three control plane nodes. When referring to the AWS documentation, consider the differences between the requirements for a {sno} cluster and a high availability cluster.
+
+* The required machines for cluster installation in AWS documentation indicates a temporary bootstrap machine, three control plane machines, and at least two compute machines. You require only a temporary bootstrap machine and one AWS instance for the control plane node and no worker nodes.
+
+* The minimum resource requirements for cluster installation in the AWS documentation indicates a control plane node with 4 vCPUs and 100GB of storage. For a single node cluster, you must have a minimum of 8 vCPU cores and 120GB of storage.
+
+* The `controlPlane.replicas` setting in the `install-config.yaml` file should be set to `1`.
+
+* The `compute.replicas` setting in the `install-config.yaml` file should be set to `0`.
+This makes the control plane node schedulable.
diff --git a/modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-aws.adoc b/modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-aws.adoc
deleted file mode 100644
index 69b6038d43ca..000000000000
--- a/modules/install-sno_additional-requirements-for-installing-on-a-single-node-on-aws.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-// This module is included in the following assemblies: 
-//
-// installing/installing_sno/install-sno-preparing-to-install-sno.adoc
-
-:_content-type: CONCEPT
-[id="additional-requirements-for-installing-on-a-single-node-on-aws_{context}"]
-= Additional requirements for installing on a single node on AWS
-
-The AWS documentation for installer-provisioned installation is written with a high availability cluster consisting of three control plane nodes. When referring to the AWS documentation, consider the differences between the requirements for a {sno} cluster and a high availability cluster.
-
-* The required machines for cluster installation in AWS documentation indicates a temporary bootstrap machine, three control plane machines, and at least two compute machines. You require only a temporary bootstrap machine and one AWS instance for the control plane node and no worker nodes.
-
-* The minimum resource requirements for cluster installation in the AWS documentation indicates a control plane node with 4 vCPUs and 100GB of storage. For a single node cluster, you must have a minimum of 8 vCPU cores and 120GB of storage.
-
-* The `controlPlane.replicas` setting in the `install-config.yaml` file should be set to `1`.
-
-* The `compute.replicas` setting in the `install-config.yaml` file should be set to `0`.
-This makes the control plane node schedulable.
diff --git a/modules/installation-about-custom-azure-vnet.adoc b/modules/installation-about-custom-azure-vnet.adoc
index 00c4bf45794d..06c379d946f3 100644
--- a/modules/installation-about-custom-azure-vnet.adoc
+++ b/modules/installation-about-custom-azure-vnet.adoc
@@ -3,6 +3,7 @@
 // * installing/installing_azure/installing-azure-government-region.adoc
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-government-region"]
 :azure:
@@ -13,8 +14,12 @@ endif::[]
 ifeval::["{context}" == "installing-azure-vnet"]
 :azure:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure:
+:restricted:
+endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-about-custom-azure-vnet_{context}"]
 = About reusing a VNet for your {product-title} cluster
 
@@ -45,6 +50,12 @@ Your VNet must meet the following characteristics:
 
 You must provide two subnets within your VNet, one for the control plane machines and one for the compute machines. Because Azure distributes machines in different availability zones within the region that you specify, your cluster will have high availability by default.
 
+[NOTE]
+====
+By default, if you specify availability zones in the `install-config.yaml` file, the installation program distributes the control plane machines and the compute machines across link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[these availability zones]
+within link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a region]. To ensure high availability for your cluster, select a region with at least three availability zones. If your region contains fewer than three availability zones, the installation program places more than one control plane machine in the available zones.
+====
+
 To ensure that the subnets that you provide are suitable, the installation program confirms the following data:
 
 * All the specified subnets exist.
@@ -97,16 +108,34 @@ The network security group rules must be in place before you install the cluster
 |Allows internal communication to the machine config server for provisioning machines
 |x
 |
+
+ifdef::restricted[]
+|`*`
+a|Allows connections to Azure APIs. You must set a Destination Service Tag to `AzureCloud`. ^[1]^
+|x
+|x
+
+|`*`
+a|Denies connections to the internet. You must set a Destination Service Tag to `Internet`. ^[1]^
+|x
+|x
+endif::restricted[]
 |===
+[.small]
+--
+1. If you are using Azure Firewall to restrict the internet access, then xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[you can configure Azure Firewall to allow the Azure APIs]. A network security group rule is not needed.
+--
 
 include::snippets/mcs-endpoint-limitation.adoc[]
 
 Because cluster components do not modify the user-provided network security groups, which the Kubernetes controllers update, a pseudo-network security group is created for the Kubernetes controller to modify without impacting the rest of the environment.
 
+[role="_additional-resources"]
 .Additional resources
 
 * xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[About the OpenShift SDN network plugin]
 
+* xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[Configuring your firewall]
 
 [id="installation-about-custom-azure-permissions_{context}"]
 == Division of permissions
@@ -129,3 +158,17 @@ If you deploy {product-title} to an existing network, the isolation of cluster s
 * Control plane TCP 6443 ingress (Kubernetes API) is allowed to the entire network.
 * Control plane TCP 22623 ingress (MCS) is allowed to the entire network.
 ////
+
+ifeval::["{context}" == "installing-azure-government-region"]
+:!azure:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:!azure-private:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:!azure:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure:
+:!restricted:
+endif::[]
diff --git a/modules/installation-about-custom-gcp-vpc.adoc b/modules/installation-about-custom-gcp-vpc.adoc
index 380524acd4ee..32b2d894068c 100644
--- a/modules/installation-about-custom-gcp-vpc.adoc
+++ b/modules/installation-about-custom-gcp-vpc.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-about-custom-gcp-vpc_{context}"]
 = About using a custom VPC
 
diff --git a/modules/installation-about-mirror-registry.adoc b/modules/installation-about-mirror-registry.adoc
index 4418f3edac1a..d032e02e29fd 100644
--- a/modules/installation-about-mirror-registry.adoc
+++ b/modules/installation-about-mirror-registry.adoc
@@ -3,7 +3,7 @@
 // * installing/disconnected_install/installing-mirroring-installation-images.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
 // * scalability_and_performance/ztp-deploying-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
 ifeval::["{context}" == "installing-mirroring-disconnected"]
 :oc-mirror:
@@ -13,7 +13,7 @@ ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :oc-mirror:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-about-mirror-registry_{context}"]
 = About the mirror registry
 
diff --git a/modules/installation-about-restricted-network.adoc b/modules/installation-about-restricted-network.adoc
index 91bf70b2e5ad..a6216d4638e5 100644
--- a/modules/installation-about-restricted-network.adoc
+++ b/modules/installation-about-restricted-network.adoc
@@ -10,8 +10,9 @@
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
-// * installing/installing-rhv-restricted-network.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 
 ifeval::["{context}" == "installing-ibm-power"]
 :ibm-power:
@@ -19,6 +20,10 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-cloud:
+:ipi:
+endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-power-vs"]
 :ipi:
 endif::[]
@@ -28,9 +33,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :ipi:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:ipi:
-endif::[]
 ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
 :ipi:
 endif::[]
@@ -40,28 +42,33 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"]
 :ipi:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:ipi:
+endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-about-restricted-networks_{context}"]
 = About installations in restricted networks
 
 In {product-title} {product-version}, you can perform an installation that does not
 require an active connection to the internet to obtain software components. Restricted network installations can be completed using installer-provisioned infrastructure or user-provisioned infrastructure, depending on the cloud platform to which you are installing the cluster.
 
-ifndef::ibm-power[]
+ifndef::ibm-power,ibm-cloud[]
 If you choose to perform a restricted network installation on a cloud platform, you
 still require access to its cloud APIs. Some cloud functions, like
 Amazon Web Service's Route 53 DNS and IAM services, require internet access.
 //behind a proxy
 Depending on your network, you might require less internet
 access for an installation on bare metal hardware, Nutanix, or on VMware vSphere.
-endif::ibm-power[]
+endif::ibm-power,ibm-cloud[]
 
+ifndef::ibm-cloud[]
 To complete a restricted network installation, you must create a registry that
 mirrors the contents of the {product-registry} and contains the
 installation media. You can create this registry on a mirror host, which can
 access both the internet and your closed network, or by using other methods
 that meet your restrictions.
+endif::ibm-cloud[]
 
 ifndef::ipi[]
 [IMPORTANT]
@@ -70,6 +77,51 @@ Because of the complexity of the configuration for user-provisioned installation
 ====
 endif::ipi[]
 
+ifdef::ibm-cloud[]
+[id="required-internet-access-and-an-installation-host_{context}"]
+== Required internet access and an installation host
+
+You complete the installation using a bastion host or portable device that can access both the internet and your closed network. You must use a host with internet access to:
+
+* Download the installation program, the OpenShift CLI (`oc`), and the CCO utility (`ccoctl`).
+* Use the installation program to locate the {op-system-first} image and create the installation configuration file.
+* Use `oc` to extract `ccoctl` from the CCO container image.
+* Use `oc` and `ccoctl` to configure IAM for {ibm-cloud-name}.
+
+[id="access-to-a-mirror-registry_{context}"]
+== Access to a mirror registry
+
+To complete a restricted network installation, you must create a registry that
+mirrors the contents of the {product-registry} and contains the installation media.
+
+You can create this registry on a mirror host, which can access both the internet and your restricted network, or by using other methods that meet your organization's security restrictions.
+
+For more information on mirroring images for a disconnected installation, see "Additional resources".
+
+[id="access-to-ibm-service-endpoints_{context}"]
+== Access to IBM service endpoints
+
+The installation program requires access to the following {ibm-cloud-name} service endpoints:
+
+* Cloud Object Storage
+* DNS Services
+* Global Search
+* Global Tagging
+* Identity Services
+* Resource Controller
+* Resource Manager
+* VPC
+
+[NOTE]
+====
+If you are specifying an {ibm-name} Key Protect for {ibm-cloud-name} root key as part of the installation process, the service endpoint for Key Protect is also required.
+====
+
+By default, the public endpoint is used to access the service. If network restrictions limit access to public service endpoints, you can override the default behavior.
+
+Before deploying the cluster, you can update the installation configuration file (`install-config.yaml`) to specify the URI of an alternate service endpoint. For more information on usage, see "Additional resources".
+endif::ibm-cloud[]
+
 [id="installation-restricted-network-limits_{context}"]
 == Additional limits
 
@@ -88,6 +140,10 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :!ibm-power:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-cloud:
+:!ipi:
+endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-power-vs"]
 :!ipi:
 endif::[]
@@ -97,9 +153,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :!ipi:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:!ipi:
-endif::[]
 ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
 :!ipi:
 endif::[]
@@ -109,3 +162,6 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"]
 :!ipi:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!ipi:
+endif::[]
diff --git a/modules/installation-adding-nutanix-root-certificates.adoc b/modules/installation-adding-nutanix-root-certificates.adoc
index d225d2834406..9ced535dae10 100644
--- a/modules/installation-adding-nutanix-root-certificates.adoc
+++ b/modules/installation-adding-nutanix-root-certificates.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-adding-nutanix-root-certificates_{context}"]
 = Adding Nutanix root CA certificates to your system trust
 
diff --git a/modules/installation-adding-registry-pull-secret.adoc b/modules/installation-adding-registry-pull-secret.adoc
index d8459ad3388f..a3918c0cb846 100644
--- a/modules/installation-adding-registry-pull-secret.adoc
+++ b/modules/installation-adding-registry-pull-secret.adoc
@@ -4,7 +4,7 @@
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
 ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :restricted:
@@ -20,7 +20,7 @@ ifeval::["{context}" == "installing-mirroring-disconnected"]
 :oc-mirror:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-adding-registry-pull-secret_{context}"]
 = Configuring credentials that allow images to be mirrored
 
@@ -43,8 +43,12 @@ This process requires that you have write access to a container image registry o
 endif::restricted[]
 
 .Prerequisites
-
+ifndef::openshift-rosa,openshift-dedicated[]
 * You configured a mirror registry to use in your disconnected environment.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You configured a mirror registry to use.
+endif::openshift-rosa,openshift-dedicated[]
 ifdef::restricted[]
 * You identified an image repository location on your mirror registry to mirror images into.
 * You provisioned a mirror registry account that allows images to be uploaded to that image repository.
diff --git a/modules/installation-adding-vcenter-root-certificates.adoc b/modules/installation-adding-vcenter-root-certificates.adoc
index e38ed94989dd..ab02590473f9 100644
--- a/modules/installation-adding-vcenter-root-certificates.adoc
+++ b/modules/installation-adding-vcenter-root-certificates.adoc
@@ -1,11 +1,7 @@
 // Module included in the following assemblies:
-//
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-adding-vcenter-root-certificates_{context}"]
 = Adding vCenter root CA certificates to your system trust
 
diff --git a/modules/installation-alibaba-config-yaml.adoc b/modules/installation-alibaba-config-yaml.adoc
index c3fb7aa75be1..c44a5da11662 100644
--- a/modules/installation-alibaba-config-yaml.adoc
+++ b/modules/installation-alibaba-config-yaml.adoc
@@ -3,7 +3,7 @@
 // installing/installing_alibaba/installing-alibaba-network-customizations.adoc
 // * installing/installing_alibaba/installing-alibaba-customizations.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-alibaba-config-yaml_{context}"]
 = Sample customized install-config.yaml file for Alibaba Cloud
 
diff --git a/modules/installation-alibaba-dns.adoc b/modules/installation-alibaba-dns.adoc
index 4af3415ddf36..6a9de87bad7d 100644
--- a/modules/installation-alibaba-dns.adoc
+++ b/modules/installation-alibaba-dns.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_alibaba/installing-alibaba-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-alibaba-dns_{context}"]
 = Registering and Configuring Alibaba Cloud Domain
 
diff --git a/modules/installation-alibaba-regions.adoc b/modules/installation-alibaba-regions.adoc
index 0667c6b4e912..99134ab62dba 100644
--- a/modules/installation-alibaba-regions.adoc
+++ b/modules/installation-alibaba-regions.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_alibaba/installing-alibaba-account.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-alibaba-regions_{context}"]
 = Supported Alibaba regions
 
diff --git a/modules/installation-applying-aws-security-groups.adoc b/modules/installation-applying-aws-security-groups.adoc
new file mode 100644
index 000000000000..9f370b984590
--- /dev/null
+++ b/modules/installation-applying-aws-security-groups.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-aws-vpc-security-groups_{context}"]
+= Applying existing AWS security groups to the cluster
+
+Applying existing AWS security groups to your control plane and compute machines can help you meet the security needs of your organization, in such cases where you need to control the incoming or outgoing traffic of these machines.
+
+.Prerequisites
+* You have created the security groups in AWS. For more information, see the AWS documentation about working with link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html[security groups].
+* The security groups must be associated with the existing VPC that you are deploying the cluster to. The security groups cannot be associated with another VPC.
+* You have an existing `install-config.yaml` file.
+
+.Procedure
+
+. In the `install-config.yaml` file, edit the `compute.platform.aws.additionalSecurityGroupIDs` parameter to specify one or more custom security groups for your compute machines.
+. Edit the `controlPlane.platform.aws.additionalSecurityGroupIDs` parameter to specify one or more custom security groups for your control plane machines.
+. Save the file and reference it when deploying the cluster.
+
+.Sample `install-config.yaml` file that specifies custom security groups
+[source,yaml]
+----
+# ...
+compute:
+- hyperthreading: Enabled
+  name: worker
+  platform:
+    aws:
+      additionalSecurityGroupIDs:
+        - sg-1 <1>
+        - sg-2
+  replicas: 3
+controlPlane:
+  hyperthreading: Enabled
+  name: master
+  platform:
+    aws:
+      additionalSecurityGroupIDs:
+        - sg-3
+        - sg-4
+  replicas: 3
+platform:
+  aws:
+    region: us-east-1
+    subnets: <2>
+      - subnet-1
+      - subnet-2
+      - subnet-3
+----
+<1> Specify the name of the security group as it appears in the Amazon EC2 console, including the `sg` prefix.
+<2> Specify subnets for each availability zone that your cluster uses.
diff --git a/modules/installation-approve-csrs.adoc b/modules/installation-approve-csrs.adoc
index b5a8835ed88a..a27a7b30dc33 100644
--- a/modules/installation-approve-csrs.adoc
+++ b/modules/installation-approve-csrs.adoc
@@ -22,6 +22,8 @@
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc
 
 
 ifeval::["{context}" == "installing-ibm-z"]
@@ -30,8 +32,11 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-z-kvm"]
 :ibm-z-kvm:
 endif::[]
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:ibm-power:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-approve-csrs_{context}"]
 = Approving the certificate signing requests for your machines
 
@@ -54,9 +59,9 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME      STATUS    ROLES   AGE  VERSION
-master-0  Ready     master  63m  v1.26.0
-master-1  Ready     master  63m  v1.26.0
-master-2  Ready     master  64m  v1.26.0
+master-0  Ready     master  63m  v1.28.5
+master-1  Ready     master  63m  v1.28.5
+master-2  Ready     master  64m  v1.28.5
 ----
 +
 The output lists all of the machines that you created.
@@ -169,18 +174,35 @@ $ oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}
 +
 [source,terminal]
 ----
+ifndef::ibm-power[]
 $ oc get nodes
+endif::ibm-power[]
+ifdef::ibm-power[]
+$ oc get nodes -o wide
+endif::ibm-power[]
 ----
 +
 .Example output
 [source,terminal]
 ----
+ifndef::ibm-power[]
 NAME      STATUS    ROLES   AGE  VERSION
-master-0  Ready     master  73m  v1.26.0
-master-1  Ready     master  73m  v1.26.0
-master-2  Ready     master  74m  v1.26.0
-worker-0  Ready     worker  11m  v1.26.0
-worker-1  Ready     worker  11m  v1.26.0
+master-0  Ready     master  73m  v1.28.5
+master-1  Ready     master  73m  v1.28.5
+master-2  Ready     master  74m  v1.28.5
+worker-0  Ready     worker  11m  v1.28.5
+worker-1  Ready     worker  11m  v1.28.5
+endif::ibm-power[]
+ifdef::ibm-power[]
+NAME               STATUS   ROLES                  AGE   VERSION           INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                                                       KERNEL-VERSION                  CONTAINER-RUNTIME
+worker-0-ppc64le   Ready    worker                 42d   v1.28.2+e3ba6d9   192.168.200.21   <none>        Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.ppc64le   cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+worker-1-ppc64le   Ready    worker                 42d   v1.28.2+e3ba6d9   192.168.200.20   <none>        Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.ppc64le   cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+master-0-x86       Ready    control-plane,master   75d   v1.28.2+e3ba6d9   10.248.0.38      10.248.0.38   Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.x86_64    cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+master-1-x86       Ready    control-plane,master   75d   v1.28.2+e3ba6d9   10.248.0.39      10.248.0.39   Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.x86_64    cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+master-2-x86       Ready    control-plane,master   75d   v1.28.2+e3ba6d9   10.248.0.40      10.248.0.40   Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.x86_64    cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+worker-0-x86       Ready    worker                 75d   v1.28.2+e3ba6d9   10.248.0.43      10.248.0.43   Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.x86_64    cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+worker-1-x86       Ready    worker                 75d   v1.28.2+e3ba6d9   10.248.0.44      10.248.0.44   Red Hat Enterprise Linux CoreOS 415.92.202309261919-0 (Plow)   5.14.0-284.34.1.el9_2.x86_64    cri-o://1.28.1-3.rhaos4.15.gitb36169e.el9
+endif::ibm-power[]
 ----
 +
 [NOTE]
@@ -197,3 +219,6 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-z-kvm"]
 :!ibm-z-kvm:
 endif::[]
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:!ibm-power:
+endif::[]
diff --git a/modules/installation-arm-bootstrap.adoc b/modules/installation-arm-bootstrap.adoc
index 0840532634cd..7d370f0e2aed 100644
--- a/modules/installation-arm-bootstrap.adoc
+++ b/modules/installation-arm-bootstrap.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -19,10 +20,10 @@ bootstrap machine that you need for your {product-title} cluster:
 [source,json]
 ----
 ifndef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azure/04_bootstrap.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azure/04_bootstrap.json[]
 endif::ash[]
 ifdef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azurestack/04_bootstrap.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azurestack/04_bootstrap.json[]
 endif::ash[]
 ----
 ====
diff --git a/modules/installation-arm-control-plane.adoc b/modules/installation-arm-control-plane.adoc
index 59b8127da2c0..e39c8656f86b 100644
--- a/modules/installation-arm-control-plane.adoc
+++ b/modules/installation-arm-control-plane.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -19,10 +20,10 @@ control plane machines that you need for your {product-title} cluster:
 [source,json]
 ----
 ifndef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azure/05_masters.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azure/05_masters.json[]
 endif::ash[]
 ifdef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azurestack/05_masters.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azurestack/05_masters.json[]
 endif::ash[]
 ----
 ====
diff --git a/modules/installation-arm-dns.adoc b/modules/installation-arm-dns.adoc
index f15f4cd08ab0..c767e54d3d97 100644
--- a/modules/installation-arm-dns.adoc
+++ b/modules/installation-arm-dns.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -20,10 +21,10 @@ cluster:
 [source,json]
 ----
 ifndef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azure/03_infra.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azure/03_infra.json[]
 endif::ash[]
 ifdef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azurestack/03_infra.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azurestack/03_infra.json[]
 endif::ash[]
 ----
 ====
diff --git a/modules/installation-arm-image-storage.adoc b/modules/installation-arm-image-storage.adoc
index b22d620d6c42..f5627f78a8e9 100644
--- a/modules/installation-arm-image-storage.adoc
+++ b/modules/installation-arm-image-storage.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -19,10 +20,10 @@ stored {op-system-first} image that you need for your {product-title} cluster:
 [source,json]
 ----
 ifndef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azure/02_storage.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azure/02_storage.json[]
 endif::ash[]
 ifdef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azurestack/02_storage.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azurestack/02_storage.json[]
 endif::ash[]
 ----
 ====
diff --git a/modules/installation-arm-vnet.adoc b/modules/installation-arm-vnet.adoc
index 8c1f64237b4c..b9130e79b53d 100644
--- a/modules/installation-arm-vnet.adoc
+++ b/modules/installation-arm-vnet.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -19,10 +20,10 @@ VNet that you need for your {product-title} cluster:
 [source,json]
 ----
 ifndef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azure/01_vnet.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azure/01_vnet.json[]
 endif::ash[]
 ifdef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azurestack/01_vnet.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azurestack/01_vnet.json[]
 endif::ash[]
 ----
 ====
diff --git a/modules/installation-arm-worker.adoc b/modules/installation-arm-worker.adoc
index 6586d94624ff..3966a73010e2 100644
--- a/modules/installation-arm-worker.adoc
+++ b/modules/installation-arm-worker.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -19,10 +20,10 @@ worker machines that you need for your {product-title} cluster:
 [source,json]
 ----
 ifndef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azure/06_workers.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azure/06_workers.json[]
 endif::ash[]
 ifdef::ash[]
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/azurestack/06_workers.json[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/azurestack/06_workers.json[]
 endif::ash[]
 ----
 ====
diff --git a/modules/installation-aws-access-analyzer.adoc b/modules/installation-aws-access-analyzer.adoc
index 2ec78ad2588d..73f85242935f 100644
--- a/modules/installation-aws-access-analyzer.adoc
+++ b/modules/installation-aws-access-analyzer.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-custom-permissions-for-iam-instance-profiles_{context}"]
 = Using AWS IAM Analyzer to create policy templates
 
diff --git a/modules/installation-aws-add-iam-roles.adoc b/modules/installation-aws-add-iam-roles.adoc
index 0e7ce88aa415..791776f21e40 100644
--- a/modules/installation-aws-add-iam-roles.adoc
+++ b/modules/installation-aws-add-iam-roles.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specify-an-existing-iam-role_{context}"]
 = Specifying an existing IAM role
 
diff --git a/modules/installation-aws-add-local-zone-locations.adoc b/modules/installation-aws-add-local-zone-locations.adoc
index 691e858b509c..545ecb5463dd 100644
--- a/modules/installation-aws-add-local-zone-locations.adoc
+++ b/modules/installation-aws-add-local-zone-locations.adoc
@@ -1,60 +1,60 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-add-local-zone-locations_{context}"]
-= Opting into AWS Local Zones
+= Opting in to AWS Local Zones
 
 If you plan to create the subnets in AWS Local Zones, you must opt in to each zone group separately.
 
 .Prerequisites
 
 * You have installed the AWS CLI.
-* You have determined into which region you will deploy your {product-title} cluster.
-
-.Procedure
-
-. Export a variable to contain the name of the region in which you plan to deploy your {product-title} cluster by running the following command:
+* You have determined an AWS Region for where you want to deploy your {product-title} cluster.
+* You have attached a permissive IAM policy to a user or role account that opts in to the zone group. Consider the following configuration as an example IAM policy:
 +
-[source,terminal]
+[source,yaml]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:ModifyAvailabilityZoneGroup"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
 ----
-$ export CLUSTER_REGION="<region_name>" <1>
-----
-<1> For `<region_name>`, specify a valid AWS region name, such as `us-east-1`.
 
-. List the zones that are available in your region by running the following command:
+.Procedure
+
+. List the zones that are available in your AWS Region by running the following command:
 +
 [source,terminal]
 ----
-$ aws --region ${CLUSTER_REGION} ec2 describe-availability-zones \
+$ aws --region "<value_of_AWS_Region>" ec2 describe-availability-zones \
     --query 'AvailabilityZones[].[{ZoneName: ZoneName, GroupName: GroupName, Status: OptInStatus}]' \
     --filters Name=zone-type,Values=local-zone \
     --all-availability-zones
 ----
 +
-Depending on the region, the list of available zones can be long. The command will return the following fields:
+Depending on the AWS Region, the list of available zones can be long. The command returns the following fields:
 +
 `ZoneName`:: The name of the Local Zone.
-`GroupName`:: The group that the zone is part of. You need to save this name to opt in.
+`GroupName`:: The group that comprises the zone. To opt in to the region, save the name.
 `Status`:: The status of the Local Zone group. If the status is `not-opted-in`, you must opt in the `GroupName` by running the commands that follow.
 
-. Export a variable to contain the name of the Local Zone to host your VPC by running the following command:
-+
-[source,terminal]
-----
-$ export ZONE_GROUP_NAME="<value_of_GroupName>" <1>
-----
-+
-where:
-
-<value_of_GroupName>:: Specifies the name of the group of the Local Zone you want to create subnets on. For example, specify `us-east-1-nyc-1` to use the zone `us-east-1-nyc-1a`, US East (New York).
-
 . Opt in to the zone group on your AWS account by running the following command:
 +
 [source,terminal]
 ----
 $ aws ec2 modify-availability-zone-group \
-    --group-name "${ZONE_GROUP_NAME}" \
+    --group-name "<value_of_GroupName>" \// <1>
     --opt-in-status opted-in
 ----
+<1> For `<value_of_GroupName>`, specify the name of the group of the Local Zone where you want to create subnets. For example, specify `us-east-1-nyc-1` to use the zone `us-east-1-nyc-1a` (US East New York).
diff --git a/modules/installation-aws-ami-stream-metadata.adoc b/modules/installation-aws-ami-stream-metadata.adoc
index f08a0b2202f8..3259df03f0b4 100644
--- a/modules/installation-aws-ami-stream-metadata.adoc
+++ b/modules/installation-aws-ami-stream-metadata.adoc
@@ -6,7 +6,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-ami-stream-metadata_{context}"]
 = Accessing {op-system} AMIs with stream metadata
 
@@ -51,7 +51,7 @@ ifndef::openshift-origin[]
 $ openshift-install coreos print-stream-json | jq -r '.architectures.aarch64.images.aws.regions["us-west-1"].image'
 ----
 +
-.Example output 
+.Example output
 [source,terminal]
 ----
 ami-0af1d3b7fa5be2131
diff --git a/modules/installation-aws-config-yaml.adoc b/modules/installation-aws-config-yaml.adoc
index 1b9401aee4bc..f32f43c1da5c 100644
--- a/modules/installation-aws-config-yaml.adoc
+++ b/modules/installation-aws-config-yaml.adoc
@@ -44,7 +44,7 @@ ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
 :aws-outposts:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-aws-config-yaml_{context}"]
 = Sample customized install-config.yaml file for AWS
 
@@ -76,9 +76,6 @@ controlPlane: <3> <4>
 ifndef::aws-outposts[]
   platform:
     aws:
-ifndef::openshift-origin[]
-      lbType: NLB
-endif::openshift-origin[]
       zones:
 ifdef::china[]
       - cn-north-1a
@@ -201,7 +198,7 @@ ifdef::aws-outposts[]
 endif::aws-outposts[]
 ifdef::vpc,restricted[]
 ifndef::secret,china[]
-    amiID: ami-96c6f8f7 <10>
+    amiID: ami-0c5d3e03c0ab9b19a <10>
 endif::secret,china[]
 ifdef::secret,china[]
     amiID: ami-96c6f8f7 <1> <10>
@@ -217,7 +214,7 @@ endif::china[]
     hostedZone: Z3URY6TWQ91KVV <12>
 endif::vpc,restricted[]
 ifndef::vpc,restricted,aws-outposts[]
-    amiID: ami-96c6f8f7 <9>
+    amiID: ami-0c5d3e03c0ab9b19a <9>
     serviceEndpoints: <10>
       - name: ec2
         url: https://vpce-id.ec2.us-west-2.vpce.amazonaws.com
@@ -312,7 +309,7 @@ endif::gov,secret,china[]
 ifdef::gov,secret,china[]
 <1> Required.
 endif::gov,secret,china[]
-<2> Optional: Add this parameter to force the Cloud Credential Operator (CCO) to use the specified mode, instead of having the CCO dynamically try to determine the capabilities of the credentials. For details about CCO modes, see the _Cloud Credential Operator_ entry in the _Red Hat Operators reference_ content.
+<2> Optional: Add this parameter to force the Cloud Credential Operator (CCO) to use the specified mode. By default, the CCO uses the root credentials in the `kube-system` namespace to dynamically try to determine the capabilities of the credentials. For details about CCO modes, see the "About the Cloud Credential Operator" section in the _Authentication and authorization_ guide.
 <3> If you do not provide these parameters and values, the installation program
 provides the default value.
 <4> The `controlPlane` section is a single mapping, but the `compute` section is a
@@ -363,7 +360,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <14> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
@@ -379,7 +376,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
diff --git a/modules/installation-aws-delete-cluster.adoc b/modules/installation-aws-delete-cluster.adoc
index 1fc057646abc..aa3fb36a1508 100644
--- a/modules/installation-aws-delete-cluster.adoc
+++ b/modules/installation-aws-delete-cluster.adoc
@@ -2,18 +2,18 @@
 //
 // * installing/installing_aws/uninstalling-cluster-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-delete-cluster"]
 = Deleting a cluster with a configured AWS Local Zone infrastructure
 
-After you install a cluster on Amazon Web Services (AWS) into an existing Virtual Private Cloud (VPC), and you set subnets for each Local Zone location, you can delete the cluster and any AWS resources associated with it. 
+After you install a cluster on Amazon Web Services (AWS) into an existing Virtual Private Cloud (VPC), and you set subnets for each Local Zone location, you can delete the cluster and any AWS resources associated with it.
 
 The example in the procedure assumes that you created a VPC and its subnets by using a CloudFormation template.
 
 .Prerequisites
 
 * You know the name of the CloudFormation stacks, `<local_zone_stack_name>` and `<vpc_stack_name>`, that were used during the creation of the network. You need the name of the stack to delete the cluster.
-* You have access rights to the directory that contains the installation files that were created by the installation program. 
+* You have access rights to the directory that contains the installation files that were created by the installation program.
 * Your account includes a policy that provides you with permissions to delete the CloudFormation stack.
 
 .Procedure
@@ -22,7 +22,7 @@ The example in the procedure assumes that you created a VPC and its subnets by u
 +
 [source,terminal]
 ----
-$ ./openshift-install destroy cluster --dir <installation_directory> \//<1> 
+$ ./openshift-install destroy cluster --dir <installation_directory> \//<1>
    --log-level=debug <2>
 ----
 <1> For `<installation_directory>`, specify the directory that stored any files created by the installation program.
@@ -44,14 +44,14 @@ $ aws cloudformation delete-stack --stack-name <vpc_stack_name>
 
 .Verification
 
-* Check that you removed the stack resources by issuing the following commands in the AWS CLI. The AWS CLI outputs that no template component exists. 
+* Check that you removed the stack resources by issuing the following commands in the AWS CLI. The AWS CLI outputs that no template component exists.
 +
 [source,terminal]
 ----
-$ aws cloudformation describe-stacks --stack-name <local_zone_stack_name> 
+$ aws cloudformation describe-stacks --stack-name <local_zone_stack_name>
 ----
 +
 [source,terminal]
 ----
-$ aws cloudformation describe-stacks --stack-name <vpc_stack_name> 
+$ aws cloudformation describe-stacks --stack-name <vpc_stack_name>
 ----
\ No newline at end of file
diff --git a/modules/installation-aws-editing-manifests.adoc b/modules/installation-aws-editing-manifests.adoc
index 44c36e1ed291..a7c008e4db35 100644
--- a/modules/installation-aws-editing-manifests.adoc
+++ b/modules/installation-aws-editing-manifests.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-creating-manifests_{context}"]
 = Generating manifest files
 
diff --git a/modules/installation-aws-iam-policies-about.adoc b/modules/installation-aws-iam-policies-about.adoc
index e604cf5ec274..283b4685ca32 100644
--- a/modules/installation-aws-iam-policies-about.adoc
+++ b/modules/installation-aws-iam-policies-about.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-account.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="iam-policies-and-aws-authentication_{context}"]
 = IAM Policies and AWS authentication
 
diff --git a/modules/installation-aws-iam-user.adoc b/modules/installation-aws-iam-user.adoc
index ebd7cc101fff..2cf2000c34f6 100644
--- a/modules/installation-aws-iam-user.adoc
+++ b/modules/installation-aws-iam-user.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-iam-user_{context}"]
 = Creating an IAM user
 
@@ -48,5 +48,5 @@ You cannot use a temporary session token that you generated while using a
 multi-factor authentication device to authenticate to AWS when you deploy a
 cluster. The cluster continues to use your current AWS credentials to
 create AWS resources for the entire life of the cluster, so you must
-use key-based, long-lived credentials.
+use key-based, long-term credentials.
 ====
diff --git a/modules/installation-aws-limits.adoc b/modules/installation-aws-limits.adoc
index 6f256194f916..1db3b48fe331 100644
--- a/modules/installation-aws-limits.adoc
+++ b/modules/installation-aws-limits.adoc
@@ -69,7 +69,7 @@ To use the `us-east-1` region, you must increase the EIP limit for your account.
 |3
 |20 per region
 |By default, each cluster creates internal and external network load balancers for the master
-API server and a single classic elastic load balancer for the router. Deploying
+API server and a single Classic Load Balancer for the router. Deploying
 more Kubernetes `Service` objects with type `LoadBalancer` will create additional
 link:https://aws.amazon.com/elasticloadbalancing/[load balancers].
 
@@ -88,7 +88,7 @@ zones, so a cluster that is deployed in that zone uses 27 ENIs. Review the
 link:https://aws.amazon.com/about-aws/global-infrastructure/[AWS region map] to
 determine how many availability zones are in each region.
 
-Additional ENIs are created for additional machines and elastic load balancers
+Additional ENIs are created for additional machines and ELB load balancers
 that are created by cluster usage and deployed workloads.
 
 |VPC Gateway
diff --git a/modules/installation-aws-marketplace-subscribe.adoc b/modules/installation-aws-marketplace-subscribe.adoc
index aba198cb16bf..14b7b1eee751 100644
--- a/modules/installation-aws-marketplace-subscribe.adoc
+++ b/modules/installation-aws-marketplace-subscribe.adoc
@@ -17,7 +17,7 @@ ifeval::["{context}" == "installing-aws-user-infra"]
 :upi:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-marketplace-subscribe_{context}"]
 = Obtaining an AWS Marketplace image
 If you are deploying an {product-title} cluster using an AWS Marketplace image, you must first subscribe through AWS. Subscribing to the offer provides you with the AMI ID that the installation program uses to deploy worker nodes.
diff --git a/modules/installation-aws-marketplace.adoc b/modules/installation-aws-marketplace.adoc
index 295c20428b48..cab41cab72b5 100644
--- a/modules/installation-aws-marketplace.adoc
+++ b/modules/installation-aws-marketplace.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-account.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-aws-marketplace_{context}"]
 = Supported AWS Marketplace regions
 
diff --git a/modules/installation-aws-permissions-iam-shared-vpc.adoc b/modules/installation-aws-permissions-iam-shared-vpc.adoc
new file mode 100644
index 000000000000..c0c8e213920b
--- /dev/null
+++ b/modules/installation-aws-permissions-iam-shared-vpc.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assembly:
+// * installing/installing_aws/installing-aws-account.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="installation-aws-permissions-iam-shared-vpc_{context}"]
+= Modifying trust policy when installing into a shared VPC
+If you install your cluster using a shared VPC, you can use the `Passthrough` or `Manual` credentials mode. You must add the IAM role used to install the cluster as a principal in the trust policy of the account that owns the VPC.
+
+If you use `Passthrough` mode, add the Amazon Resource Name (ARN) of the account that creates the cluster, such as `arn:aws:iam::123456789012:user/clustercreator`, to the trust policy as a principal.
+
+If you use `Manual` mode, add the ARN of the account that creates the cluster as well as the ARN of the ingress operator role in the cluster owner account, such as `arn:aws:iam::123456789012:role/<cluster-name>-openshift-ingress-operator-cloud-credentials`, to the trust policy as principals.
+
+You must add the following actions to the policy:
+
+.Required actions for shared VPC installation
+[%collapsible]
+====
+* `route53:ChangeResourceRecordSets`
+* `route53:ListHostedZones`
+* `route53:ListHostedZonesByName`
+* `route53:ListResourceRecordSets`
+* `route53:ChangeTagsForResource`
+* `route53:GetAccountLimit`
+* `route53:GetChange`
+* `route53:GetHostedZone`
+* `route53:ListTagsForResource`
+* `route53:UpdateHostedZoneComment`
+* `tag:GetResources`
+* `tag:UntagResources`
+====
\ No newline at end of file
diff --git a/modules/installation-aws-permissions.adoc b/modules/installation-aws-permissions.adoc
index 8e0baa5d11a8..1fabfa2af503 100644
--- a/modules/installation-aws-permissions.adoc
+++ b/modules/installation-aws-permissions.adoc
@@ -187,7 +187,6 @@ If you have not created a load balancer in your AWS account, the IAM user also r
 * `s3:GetBucketLogging`
 * `s3:GetBucketPolicy`
 * `s3:GetBucketObjectLockConfiguration`
-* `s3:GetBucketReplication`
 * `s3:GetBucketRequestPayment`
 * `s3:GetBucketTagging`
 * `s3:GetBucketVersioning`
@@ -291,3 +290,9 @@ If you are managing your cloud provider credentials with mint mode, the IAM user
 * `ec2:DescribeInstanceTypeOfferings`
 * `servicequotas:ListAWSDefaultServiceQuotas`
 ====
+
+.Optional permissions for the cluster owner account when installing a cluster on a shared VPC
+[%collapsible]
+====
+* `sts:AssumeRole` 
+====
diff --git a/modules/installation-aws-regions.adoc b/modules/installation-aws-regions.adoc
index b00ea7fadb89..afc349204c7b 100644
--- a/modules/installation-aws-regions.adoc
+++ b/modules/installation-aws-regions.adoc
@@ -37,6 +37,7 @@ The following AWS public regions are supported:
 * `eu-west-1` (Ireland)
 * `eu-west-2` (London)
 * `eu-west-3` (Paris)
+* `il-central-1` (Tel Aviv)
 * `me-central-1` (UAE)
 * `me-south-1` (Bahrain)
 * `sa-east-1` (São Paulo)
diff --git a/modules/installation-aws-route53.adoc b/modules/installation-aws-route53.adoc
index 14c632a66268..069c96de8328 100644
--- a/modules/installation-aws-route53.adoc
+++ b/modules/installation-aws-route53.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-route53_{context}"]
 = Configuring Route 53
 
diff --git a/modules/installation-aws-security-groups.adoc b/modules/installation-aws-security-groups.adoc
new file mode 100644
index 000000000000..64dd4b86c2f4
--- /dev/null
+++ b/modules/installation-aws-security-groups.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-localzone.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+
+ifeval::["{context}" == "installing-aws-localzone"]
+:localzone:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
+[id="installation-aws-security-groups_{context}"]
+= AWS security groups
+
+By default, the installation program creates and attaches security groups to control plane and compute machines. The rules associated with the default security groups cannot be modified.
+
+However, you can apply additional existing AWS security groups, which are associated with your existing VPC, to control plane and compute machines. Applying custom security groups can help you meet the security needs of your organization, in such cases where you need to control the incoming or outgoing traffic of these machines.
+
+As part of the installation process, you apply custom security groups by modifying the `install-config.yaml` file before deploying the cluster.
+
+ifndef::localzone[]
+For more information, see "Applying existing AWS security groups to the cluster".
+endif::localzone[]
+ifdef::localzone[]
+For more information, see "Edge compute pools and AWS Local Zones".
+endif::localzone[]
+
+ifeval::["{context}" == "installing-aws-localzone"]
+:!localzone:
+endif::[]
diff --git a/modules/installation-aws-tested-machine-types.adoc b/modules/installation-aws-tested-machine-types.adoc
index aa79d2c49733..3720f7385cb1 100644
--- a/modules/installation-aws-tested-machine-types.adoc
+++ b/modules/installation-aws-tested-machine-types.adoc
@@ -5,6 +5,7 @@
 // installing/installing_aws/installing-aws-government-region.adoc
 // installing/installing_aws/installing-aws-network-customizations.adoc
 // installing/installing_aws/installing-aws-private.adoc
+// installing/installing_aws/installing-aws-secret-region.adoc
 // installing/installing_aws/installing-aws-user-infra.adoc
 // installing/installing_aws/installing-aws-vpc.adoc
 // installing/installing_aws/installing-restricted-networks-aws.adoc
@@ -13,6 +14,9 @@
 ifeval::["{context}" == "installing-aws-localzone"]
 :localzone:
 endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:secretregion:
+endif::[]
 
 [id="installation-aws-tested-machine-types_{context}"]
 = Tested instance types for AWS
@@ -30,13 +34,13 @@ endif::localzone[]
 Use the machine types included in the following charts for your AWS instances. If you use an instance type that is not listed in the chart, ensure that the instance size you use matches the minimum resource requirements that are listed in "Minimum resource requirements for cluster installation".
 ====
 
-ifndef::localzone[]
+ifndef::localzone,secretregion[]
 .Machine types based on 64-bit x86 architecture
 [%collapsible]
 ====
 include::https://raw.githubusercontent.com/openshift/installer/master/docs/user/aws/tested_instance_types_x86_64.md[]
 ====
-endif::localzone[]
+endif::localzone,secretregion[]
 ifdef::localzone[]
 .Machine types based on 64-bit x86 architecture for AWS Local Zones
 [%collapsible]
@@ -49,7 +53,24 @@ ifdef::localzone[]
 * `t3.*`
 ====
 endif::localzone[]
+ifdef::secretregion[]
+.Machine types based on 64-bit x86 architecture for secret regions
+[%collapsible]
+====
+* `c4.*`
+* `c5.*`
+* `i3.*`
+* `m4.*`
+* `m5.*`
+* `r4.*`
+* `r5.*`
+* `t3.*`
+====
+endif::secretregion[]
 
 ifeval::["{context}" == "installing-aws-localzone"]
 :!localzone:
+endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:!secretregion:
 endif::[]
\ No newline at end of file
diff --git a/modules/installation-aws-upload-custom-rhcos-ami.adoc b/modules/installation-aws-upload-custom-rhcos-ami.adoc
index ad94e78fd777..3be6a3b7b861 100644
--- a/modules/installation-aws-upload-custom-rhcos-ami.adoc
+++ b/modules/installation-aws-upload-custom-rhcos-ami.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "installing-aws-government-region"]
 :aws-gov:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-upload-custom-rhcos-ami_{context}"]
 = Uploading a custom {op-system} AMI in AWS
 
@@ -58,7 +58,7 @@ variable:
 ----
 $ export RHCOS_VERSION=<version> <1>
 ----
-<1> The {op-system} VMDK version, like `4.13.0`.
+<1> The {op-system} VMDK version, like `{product-version}.0`.
 
 . Export the Amazon S3 bucket name as an environment variable:
 +
@@ -143,9 +143,9 @@ $ aws ec2 register-image \
    --root-device-name '/dev/xvda' \
    --block-device-mappings 'DeviceName=/dev/xvda,Ebs={DeleteOnTermination=true,SnapshotId=<snapshot_ID>}' <4>
 ----
-<1> The {op-system} VMDK architecture type, like `x86_64`, 
+<1> The {op-system} VMDK architecture type, like `x86_64`,
 ifndef::openshift-origin[]
-`aarch64`, 
+`aarch64`,
 endif::openshift-origin[]
 `s390x`, or `ppc64le`.
 <2> The `Description` from the imported snapshot.
diff --git a/modules/installation-aws-user-infra-bootstrap.adoc b/modules/installation-aws-user-infra-bootstrap.adoc
index 47123f354285..1c59b973c3da 100644
--- a/modules/installation-aws-user-infra-bootstrap.adoc
+++ b/modules/installation-aws-user-infra-bootstrap.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-user-infra-bootstrap_{context}"]
 = Initializing the bootstrap sequence on AWS with user-provisioned infrastructure
 
@@ -40,7 +40,7 @@ stored the installation files in.
 [source,terminal]
 ----
 INFO Waiting up to 20m0s for the Kubernetes API at https://api.mycluster.example.com:6443...
-INFO API v1.26.0 up
+INFO API v1.28.5 up
 INFO Waiting up to 30m0s for bootstrapping to complete...
 INFO It is now safe to remove the bootstrap resources
 INFO Time elapsed: 1s
diff --git a/modules/installation-aws-user-infra-delete-bootstrap.adoc b/modules/installation-aws-user-infra-delete-bootstrap.adoc
index ba730b6a57e5..d73e6d44f920 100644
--- a/modules/installation-aws-user-infra-delete-bootstrap.adoc
+++ b/modules/installation-aws-user-infra-delete-bootstrap.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-user-infra-delete-bootstrap_{context}"]
 = Deleting the bootstrap resources
 
diff --git a/modules/installation-aws-user-infra-installation.adoc b/modules/installation-aws-user-infra-installation.adoc
index 819e7661640b..433e217ececd 100644
--- a/modules/installation-aws-user-infra-installation.adoc
+++ b/modules/installation-aws-user-infra-installation.adoc
@@ -10,7 +10,7 @@ ifdef::openshift-origin[]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-aws-user-infra-installation_{context}"]
 = Completing an AWS installation on user-provisioned infrastructure
 
@@ -47,7 +47,7 @@ INFO Waiting up to 10m0s for the openshift-console route to be created...
 INFO Install complete!
 INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/myuser/install_dir/auth/kubeconfig'
 INFO Access the OpenShift web-console here: https://console-openshift-console.apps.mycluster.example.com
-INFO Login to the console with user: "kubeadmin", and password: "4vYBz-Fe5en-ymBEc-Wt6NL"
+INFO Login to the console with user: "kubeadmin", and password: "password"
 INFO Time elapsed: 1s
 ----
 +
diff --git a/modules/installation-aws-user-infra-rhcos-ami.adoc b/modules/installation-aws-user-infra-rhcos-ami.adoc
index bdaa1f3dd69c..5d240ba2e729 100644
--- a/modules/installation-aws-user-infra-rhcos-ami.adoc
+++ b/modules/installation-aws-user-infra-rhcos-ami.adoc
@@ -23,91 +23,91 @@ ifndef::openshift-origin[]
 |AWS AMI
 
 |`af-south-1`
-|`ami-052b3e6b060b5595d`
+|`ami-01860370941726bdd`
 
 |`ap-east-1`
-|`ami-09c502968481ee218`
+|`ami-05bc702cdaf7e4251`
 
 |`ap-northeast-1`
-|`ami-06b1dbe049e3c1d23`
+|`ami-098932fd93c15690d`
 
 |`ap-northeast-2`
-|`ami-08add6eb5aa1c8639`
+|`ami-006f4e02d97910a36`
 
 |`ap-northeast-3`
-|`ami-0af4dfc64506fe20e`
+|`ami-0c4bd5b1724f82273`
 
 |`ap-south-1`
-|`ami-09b1532dd3d63fdc0`
+|`ami-0cbf22b638724853d`
 
 |`ap-south-2`
-|`ami-0a915cedf8558e600`
+|`ami-031f4d165f4b429c4`
 
 |`ap-southeast-1`
-|`ami-0c914fd7a50130c9e`
+|`ami-0dc3e381a731ab9fc`
 
 |`ap-southeast-2`
-|`ami-04b54199f4be0ec9d`
+|`ami-032ae8d0f287a66a6`
 
 |`ap-southeast-3`
-|`ami-0be3ee78b9a3fdf07`
+|`ami-0393130e034b86423`
 
 |`ap-southeast-4`
-|`ami-00a44d7d5054bb5f8`
+|`ami-0b38f776bded7d7d7`
 
 |`ca-central-1`
-|`ami-0bb1fd49820ea09ae`
+|`ami-058ea81b3a1d17edd`
 
 |`eu-central-1`
-|`ami-03d9cb166a11c9b8a`
+|`ami-011010debd974a250`
 
 |`eu-central-2`
-|`ami-089865c640f876630`
+|`ami-0623b105ae811a5e2`
 
 |`eu-north-1`
-|`ami-0e94d896e72eeae0d`
+|`ami-0c4bb9ce04f3526d4`
 
 |`eu-south-1`
-|`ami-04df4e2850dce0721`
+|`ami-06c29eccd3d74df52`
 
 |`eu-south-2`
-|`ami-0d80de3a5ba722545`
+|`ami-00e0b5f3181a3f98b`
 
 |`eu-west-1`
-|`ami-066f2d86026ef97a8`
+|`ami-087bfa513dc600676`
 
 |`eu-west-2`
-|`ami-0f1c0b26b1c99499d`
+|`ami-0ebad59c0e9554473`
 
 |`eu-west-3`
-|`ami-0f639505a9c74d9a2`
+|`ami-074e63b65eaf83f96`
 
 |`me-central-1`
-|`ami-0fbb2ece8478f1402`
+|`ami-0179d6ae1d908ace9`
 
 |`me-south-1`
-|`ami-01507551558853852`
+|`ami-0b60c75273d3efcd7`
 
 |`sa-east-1`
-|`ami-097132aa0da53c981`
+|`ami-0913cbfbfa9a7a53c`
 
 |`us-east-1`
-|`ami-0624891c612b5eaa0`
+|`ami-0f71dcd99e6a1cd53`
 
 |`us-east-2`
-|`ami-0dc6c4d1bd5161f13`
+|`ami-0545fae7edbbbf061`
 
 |`us-gov-east-1`
-|`ami-0bab20368b3b9b861`
+|`ami-081eabdc478e501e5`
 
 |`us-gov-west-1`
-|`ami-0fe8299f8e808e720`
+|`ami-076102c394767f319`
 
 |`us-west-1`
-|`ami-0c03b7e5954f10f9b`
+|`ami-0609e4436c4ae5eff`
 
 |`us-west-2`
-|`ami-0f4cdfd74e4a3fc29`
+|`ami-0c5d3e03c0ab9b19a`
 
 |===
 
@@ -120,91 +120,91 @@ ifndef::openshift-origin[]
 |AWS AMI
 
 |`af-south-1`
-|`ami-0d684ca7c09e6f5fc`
+|`ami-08dd66a61a2caa326`
 
 |`ap-east-1`
-|`ami-01b0e1c24d180fe5d`
+|`ami-0232cd715f8168c34`
 
 |`ap-northeast-1`
-|`ami-06439c626e2663888`
+|`ami-0bc0b17618da96700`
 
 |`ap-northeast-2`
-|`ami-0a19d3bed3a2854e3`
+|`ami-0ee505fb62eed2fd6`
 
 |`ap-northeast-3`
-|`ami-08b8fa76fd46b5c58`
+|`ami-0462cd2c3b7044c77`
 
 |`ap-south-1`
-|`ami-0ec6463b788929a6a`
+|`ami-0e0b4d951b43adc58`
 
 |`ap-south-2`
-|`ami-0f5077b6d7e1b10a5`
+|`ami-06d457b151cc0e407`
 
 |`ap-southeast-1`
-|`ami-081a6c6a24e2ee453`
+|`ami-0874e1640dfc15f17`
 
 |`ap-southeast-2`
-|`ami-0a70049ac02157a02`
+|`ami-05f215734ceb0f5ad`
 
 |`ap-southeast-3`
-|`ami-065fd6311a9d7e6a6`
+|`ami-073030df265c88b3f`
 
 |`ap-southeast-4`
-|`ami-0105993dc2508c4f4`
+|`ami-043f4c40a6fc3238a`
 
 |`ca-central-1`
-|`ami-04582d73d5aad9a85`
+|`ami-0840622f99a32f586`
 
 |`eu-central-1`
-|`ami-0f72c8b59213f628e`
+|`ami-09a5e6ebe667ae6b5`
 
 |`eu-central-2`
-|`ami-0647f43516c31119c`
+|`ami-0835cb1bf387e609a`
 
 |`eu-north-1`
-|`ami-0d155ca6a531f5f72`
+|`ami-069ddbda521a10a27`
 
 |`eu-south-1`
-|`ami-02f8d2794a663dbd0`
+|`ami-09c5cc21026032b4c`
 
 |`eu-south-2`
-|`ami-0427659985f520cae`
+|`ami-0c36ab2a8bbeed045`
 
 |`eu-west-1`
-|`ami-04e9944a8f9761c3e`
+|`ami-0d2723c8228cb2df3`
 
 |`eu-west-2`
-|`ami-09c701f11d9a7b167`
+|`ami-0abd66103d069f9a8`
 
 |`eu-west-3`
-|`ami-02cd8181243610e0d`
+|`ami-08c7249d59239fc5c`
 
 |`me-central-1`
-|`ami-03008d03f133e6ec0`
+|`ami-0685f33ebb18445a2`
 
 |`me-south-1`
-|`ami-096bc3b4ec0faad76`
+|`ami-0466941f4e5c56fe6`
 
 |`sa-east-1`
-|`ami-01f9b5a4f7b8c50a1`
+|`ami-08cdc0c8a972f4763`
 
 |`us-east-1`
-|`ami-09ea6f8f7845792e1`
+|`ami-0d461970173c4332d`
 
 |`us-east-2`
-|`ami-039cdb2bf3b5178da`
+|`ami-0e9cdc0e85e0a6aeb`
 
 |`us-gov-east-1`
-|`ami-0fed54a5ab75baed0`
+|`ami-0b896df727672ce09`
 
 |`us-gov-west-1`
-|`ami-0fc5be5af4bb1d79f`
+|`ami-0b896df727672ce09`
 
 |`us-west-1`
-|`ami-018e5407337da1062`
+|`ami-027b7cc5f4c74e6c1`
 
 |`us-west-2`
-|`ami-0c0c67ef81b80e8eb`
+|`ami-0b189d89b44bdfbf2`
 
 |===
 endif::openshift-origin[]
diff --git a/modules/installation-aws_con_connecting-the-vpc-to-the-on-premise-network.adoc b/modules/installation-aws_con_connecting-the-vpc-to-the-on-premise-network.adoc
deleted file mode 100644
index 9408672fb476..000000000000
--- a/modules/installation-aws_con_connecting-the-vpc-to-the-on-premise-network.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-// This module is included in the following assemblies: 
-//
-// installing/installing_aws/installing-aws-expanding-a-cluster-with-on-premise-bare-metal-nodes.adoc
-
-:_content-type: CONCEPT
-[id="connecting-the-vpc-to-the-on-premise-network_{context}"]
-= Connecting the VPC to the on-premise network
-
-To expand the {product-title} cluster deployed on AWS with on-premise bare metal nodes, you must establish network connectivity between them. You will need to configure the networking using a virtual private network or AWS Direct Connect between the AWS VPC and your on-premise network. This allows traffic to flow between the on-premise nodes and the AWS nodes.
-
-Additionally, you need to ensure secure access to the Baseboard Management Controllers (BMCs) of the bare metal nodes. When expanding the cluster with the Baremetal Operator, access to the BMCs is required for remotely managing and monitoring the hardware of your on-premise nodes.
-
-To securely access the BMCs, you can create a separate, secure network segment or use a dedicated VPN connection specifically for BMC access. This way, you can isolate the BMC traffic from other network traffic, reducing the risk of unauthorized access or potential vulnerabilities.
-
-[WARNING]
-====
-Misconfiguration of the network connection between the AWS and on-premise environments can expose the on-premise network and bare-metal nodes to the internet. That is a significant security risk, which might result in an attacker having full access to the exposed machines, and through them to the private network in these environments.
-====
diff --git a/modules/installation-aws_con_installing-sno-on-aws.adoc b/modules/installation-aws_con_installing-sno-on-aws.adoc
index a09e50c3bd5c..d7b08eb11f07 100644
--- a/modules/installation-aws_con_installing-sno-on-aws.adoc
+++ b/modules/installation-aws_con_installing-sno-on-aws.adoc
@@ -1,9 +1,9 @@
-// This module is included in the following assemblies: 
+// This module is included in the following assemblies:
 //
 // installing/installing_sno/install-sno-installing-sno.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installing-sno-on-aws_{context}"]
 = Installing {sno} on AWS
 
-Installing a single node cluster on AWS requires installer-provisioned installation using the "Installing a cluster on AWS with customizations" procedure.
+Installing a single-node cluster on AWS requires installer-provisioned installation using the "Installing a cluster on AWS with customizations" procedure.
diff --git a/modules/installation-aws_proc_creating-firewall-rules-for-port-6183.adoc b/modules/installation-aws_proc_creating-firewall-rules-for-port-6183.adoc
deleted file mode 100644
index bcf43736d62c..000000000000
--- a/modules/installation-aws_proc_creating-firewall-rules-for-port-6183.adoc
+++ /dev/null
@@ -1,59 +0,0 @@
-// This module is included in the following assemblies: 
-//
-// installing/installing_aws/installing-aws-expanding-a-cluster-with-on-premise-bare-metal-nodes.adoc
-
-:_content-type: PROCEDURE
-[id="creating-firewall-rules-for-port-6183_{context}"]
-= Creating firewall rules for port 6183
-
-Port `6183` is open by default on the control plane. However, you must create a firewall rule for the VPC connection and for the on-premise network for the bare metal nodes to allow inbound and outbound traffic on that port.
-
-.Procedure
-
-. Modify the AWS VPC security group to open port `6183`:
-
-.. Navigate to the Amazon VPC console in the AWS Management Console.
-.. In the left navigation pane, click on **Security Groups**.
-.. Find and select the security group associated with the {product-title} cluster.
-.. In the **Inbound rules** tab, click **Edit inbound rules**.
-.. Click **Add rule** and select **Custom TCP Rule** as the rule type.
-.. In the **Port range** field, enter `6183`.
-.. In the **Source** field, specify the CIDR block for the on-premise network or the security group ID of the peered VPC (if you have VPC peering) to allow traffic only from the desired sources.
-.. Click **Save rules**.
-
-. Modify the AWS VPC network access control lists to open port `6183`:
-
-.. In the Amazon VPC console, click on **Network ACLs** in the left navigation pane.
-.. Find and select the network ACL associated with your {product-title} cluster's VPC.
-.. In the **Inbound rules** tab, click **Edit inbound rules**.
-.. Click **Add rule** and enter a rule number in the **Rule #** field. Choose a number that doesn't conflict with existing rules.
-.. Select `TCP` as the protocol.
-.. In the **Port range** field, enter `6183`.
-.. In the **Source** field, specify the CIDR block for the on-premise network to allow traffic only from the desired sources.
-.. Click **Save** to save the new rule.
-.. Repeat the same process for the **Outbound rules** tab to allow outbound traffic on port `6183`.
-
-. Modify the on-premise network to allow traffic on port `6183`:
-
-.. Execute the following command to identify the zone you want to modify:
-+
-[source,terminal]
-----
-$ sudo firewall-cmd --list-all-zones
-----
-
-.. To open port `6183` for TCP traffic in the desired zone execute the following command:
-+
-[source,terminal]
-----
-$ sudo firewall-cmd --zone=<zone> --add-port=6183/tcp --permanent
-----
-+
-Replace `<zone>` with the appropriate zone name.
-
-.. Reload `firewalld` to apply the new rule:
-+
-[source,terminal]
-----
-$ sudo firewall-cmd --reload
-----
\ No newline at end of file
diff --git a/modules/installation-azure-arm-tested-machine-types.adoc b/modules/installation-azure-arm-tested-machine-types.adoc
index d11dace44f89..abd6d315b537 100644
--- a/modules/installation-azure-arm-tested-machine-types.adoc
+++ b/modules/installation-azure-arm-tested-machine-types.adoc
@@ -7,6 +7,9 @@
 // installing/installing_azure/installing-azure-private.adoc
 // installing/installing_azure/installing-azure-user-infra.adoc
 // installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+
 
 [id="installation-azure-arm-tested-machine-types_{context}"]
 = Tested instance types for Azure on 64-bit ARM infrastructures
@@ -16,5 +19,5 @@ The following Microsoft Azure ARM64 instance types have been tested with {produc
 .Machine types based on 64-bit ARM architecture
 [%collapsible]
 ====
-include::https://raw.githubusercontent.com/openshift/installer/master/docs/user/azure/tested_instance_types_aarch64.md[] 
-====
\ No newline at end of file
+include::https://raw.githubusercontent.com/openshift/installer/master/docs/user/azure/tested_instance_types_aarch64.md[]
+====
diff --git a/modules/installation-azure-confidential-vms.adoc b/modules/installation-azure-confidential-vms.adoc
new file mode 100644
index 000000000000..8b55a82b153a
--- /dev/null
+++ b/modules/installation-azure-confidential-vms.adoc
@@ -0,0 +1,92 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_azure/installing-azure-network-customizations
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-azure-confidential-vms_{context}"]
+= Enabling confidential VMs
+
+You can enable confidential VMs when installing your cluster. You can enable confidential VMs for compute nodes, control plane nodes, or all nodes.
+
+:FeatureName: Using confidential VMs
+
+include::snippets/technology-preview.adoc[]
+
+//commenting out the second encryption option until https://issues.redhat.com/browse/OCPBUGS-18379 is resolved
+////
+Confidential VMs can operate in two modes:
+
+* Only encrypting the virtual machine guest state storage, which contains the security state of the virtual machine
+* Encrypting the virtual machine guest state storage and the operating system storage
+
+If you encrypt the operating system storage, you can use a platform-managed encryption key or a key you manage.
+////
+
+You can use confidential VMs with the following VM sizes:
+
+* DCasv5-series
+* DCadsv5-series
+* ECasv5-series
+* ECadsv5-series
+
+
+[IMPORTANT]
+====
+Confidential VMs are currently not supported on 64-bit ARM architectures.
+====
+
+.Prerequisites
+* You have created an `install-config.yaml` file.
+
+.Procedure
+
+* Use a text editor to edit the `install-config.yaml` file prior to deploying your cluster and add the following stanza:
++
+[source,yaml]
+----
+controlPlane: <1>
+  platform:
+    azure:
+      settings:
+        securityType: ConfidentialVM <2>
+        confidentialVM:
+          uefiSettings:
+            secureBoot: Enabled <3>
+            virtualizedTrustedPlatformModule: Enabled <4>
+      osDisk:
+        securityProfile:
+          securityEncryptionType: VMGuestStateOnly <5>
+----
+<1> Specify `controlPlane.platform.azure` or `compute.platform.azure` to deploy confidential VMs on only control plane or compute nodes respectively. Specify `platform.azure.defaultMachinePlatform` to deploy confidential VMs on all nodes.
+<2> Enable confidential VMs.
+<3> Enable secure boot. For more information, see the Azure documentation about link:https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch#secure-boot[secure boot].
+<4> Enable the virtualized Trusted Platform Module. For more information, see the Azure documentation about link:https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/trusted-platform-module-overview[virtualized Trusted Platform Modules].
+<5> Specify `VMGuestStateOnly` to encrypt the VM guest state.
+
+// commenting out the second option until https://issues.redhat.com/browse/OCPBUGS-18379 is fixed
+////
++
+.. To use confidential VMs that encrypt both the VM guest state and the OS disk:
++
+[source,yaml]
+----
+controlPlane:
+  platform:
+    azure:
+      settings:
+        securityType: ConfidentialVM
+        confidentialVM:
+          uefiSettings:
+            secureBoot: Enabled
+            virtualizedTrustedPlatformModule: Enabled
+      osDisk:
+        securityProfile:
+          securityEncryptionType: DiskWithVMGuestState <1>
+          diskEncryptionSet: <2>
+            resourceGroup: <your-resource-group-name>
+            name: <your-des-name>
+            subscriptionId: <subscription-uuid>
+----
+<1> Enable OS disk and VM guest state encryption.
+<2> Specify disk encryption set parameters for user-managed encryption, or omit the `diskEncryptionSet` stanza for platform-managed encryption.
+////
\ No newline at end of file
diff --git a/modules/installation-azure-config-yaml.adoc b/modules/installation-azure-config-yaml.adoc
index 66f7aeae24d2..1bcc40748dd4 100644
--- a/modules/installation-azure-config-yaml.adoc
+++ b/modules/installation-azure-config-yaml.adoc
@@ -5,6 +5,7 @@
 // * installing/installing_azure/installing-azure-network-customizations.adoc
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-network-customizations"]
 :with-networking:
@@ -21,6 +22,9 @@ endif::[]
 ifeval::["{context}" == "installing-azure-government-region"]
 :gov:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:restricted:
+endif::[]
 
 [id="installation-azure-config-yaml_{context}"]
 = Sample customized install-config.yaml file for Azure
@@ -50,6 +54,11 @@ controlPlane: <2>
           resourceGroup: disk_encryption_set_resource_group
           name: disk_encryption_set_name
           subscriptionId: secondary_subscription_id
+      osImage:
+        publisher: example_publisher_name
+        offer: example_image_offer
+        sku: example_offer_sku
+        version: example_image_version
       type: Standard_D8s_v3
   replicas: 3
 compute: <2>
@@ -67,6 +76,11 @@ compute: <2>
           resourceGroup: disk_encryption_set_resource_group
           name: disk_encryption_set_name
           subscriptionId: secondary_subscription_id
+      osImage:
+        publisher: example_publisher_name
+        offer: example_image_offer
+        sku: example_offer_sku
+        version: example_image_version
       zones: <6>
       - "1"
       - "2"
@@ -91,86 +105,112 @@ endif::[]
 platform:
   azure:
     defaultMachinePlatform:
+      osImage: <8>
+        publisher: example_publisher_name
+        offer: example_image_offer
+        sku: example_offer_sku
+        version: example_image_version
       ultraSSDCapability: Enabled
-    baseDomainResourceGroupName: resource_group <8>
+    baseDomainResourceGroupName: resource_group <9>
 ifndef::gov[]
     region: centralus <1>
 endif::gov[]
 ifdef::gov[]
     region: usgovvirginia
 endif::gov[]
-    resourceGroupName: existing_resource_group <9>
-ifdef::vnet,private,gov[]
-    networkResourceGroupName: vnet_resource_group <10>
-    virtualNetwork: vnet <11>
-    controlPlaneSubnet: control_plane_subnet <12>
-    computeSubnet: compute_subnet <13>
-endif::vnet,private,gov[]
-ifndef::private,gov[]
+    resourceGroupName: existing_resource_group <10>
+ifdef::vnet,private,gov,restricted[]
+    networkResourceGroupName: vnet_resource_group <11>
+    virtualNetwork: vnet <12>
+    controlPlaneSubnet: control_plane_subnet <13>
+    computeSubnet: compute_subnet <14>
+endif::vnet,private,gov,restricted[]
+ifndef::private,gov,restricted[]
     outboundType: Loadbalancer
-endif::private,gov[]
+endif::private,gov,restricted[]
 ifdef::private,gov[]
-    outboundType: UserDefinedRouting <14>
+    outboundType: UserDefinedRouting <15>
 endif::private,gov[]
+ifdef::restricted[]
+    outboundType: UserDefinedRouting <15>
+endif::restricted[]
 ifndef::gov[]
     cloudName: AzurePublicCloud
 endif::gov[]
 ifdef::gov[]
-    cloudName: AzureUSGovernmentCloud <15>
+    cloudName: AzureUSGovernmentCloud <16>
 endif::gov[]
 pullSecret: '{"auths": ...}' <1>
 ifdef::vnet[]
 ifndef::openshift-origin[]
-fips: false <14>
-sshKey: ssh-ed25519 AAAA... <15>
+fips: false <15>
+sshKey: ssh-ed25519 AAAA... <16>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <14>
+sshKey: ssh-ed25519 AAAA... <15>
 endif::openshift-origin[]
 endif::vnet[]
 ifdef::private[]
 ifndef::openshift-origin[]
-fips: false <15>
-sshKey: ssh-ed25519 AAAA... <16>
+fips: false <16>
+sshKey: ssh-ed25519 AAAA... <17>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <15>
+sshKey: ssh-ed25519 AAAA... <16>
 endif::openshift-origin[]
 endif::private[]
 ifdef::gov[]
 ifndef::openshift-origin[]
-fips: false <16>
+fips: false <17>
 endif::openshift-origin[]
 ifndef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <17>
+sshKey: ssh-ed25519 AAAA... <18>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <16>
+sshKey: ssh-ed25519 AAAA... <17>
 endif::openshift-origin[]
 endif::gov[]
+ifdef::restricted[]
+fips: false <16>
+sshKey: ssh-ed25519 AAAA... <17>
+additionalTrustBundle: | <18>
+    -----BEGIN CERTIFICATE-----
+    <MY_TRUSTED_CA_CERT>
+    -----END CERTIFICATE-----
+imageContentSources: <19>
+- mirrors:
+  - <local_registry>/<local_repository_name>/release
+  source: quay.io/openshift-release-dev/ocp-release
+- mirrors:
+  - <local_registry>/<local_repository_name>/release
+  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+publish: Internal <20>
+endif::restricted[]
 ifndef::vnet,private,gov[]
 ifndef::openshift-origin[]
-fips: false <10>
-sshKey: ssh-ed25519 AAAA... <11>
+ifndef::restricted[]
+fips: false <11>
+sshKey: ssh-ed25519 AAAA... <12>
+endif::restricted[]
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <10>
+sshKey: ssh-ed25519 AAAA... <11>
 endif::openshift-origin[]
 endif::vnet,private,gov[]
 ifdef::private[]
 ifndef::openshift-origin[]
-publish: Internal <17>
+publish: Internal <18>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-publish: Internal <16>
+publish: Internal <17>
 endif::openshift-origin[]
 endif::private[]
 ifdef::gov[]
 ifndef::openshift-origin[]
-publish: Internal <18>
+publish: Internal <19>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-publish: Internal <17>
+publish: Internal <18>
 endif::openshift-origin[]
 endif::gov[]
 ----
@@ -193,98 +233,115 @@ If you disable simultaneous multithreading, ensure that your capacity planning a
 //storage type as `io1` and set `iops` to `2000`.
 <6> Specify a list of zones to deploy your machines to. For high availability, specify at least two zones.
 <7> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
-<8> Specify the name of the resource group that contains the DNS zone for your base domain.
-<9> Specify the name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster.
-ifdef::vnet,private,gov[]
-<10> If you use an existing VNet, specify the name of the resource group that contains it.
-<11> If you use an existing VNet, specify its name.
-<12> If you use an existing VNet, specify the name of the subnet to host the control plane machines.
-<13> If you use an existing VNet, specify the name of the subnet to host the compute machines.
-endif::vnet,private,gov[]
+<8> Optional: A custom {op-system-first} image that should be used to boot control plane and compute machines. The `publisher`, `offer`, `sku`, and `version` parameters under `platform.azure.defaultMachinePlatform.osImage` apply to both control plane and compute machines. If the parameters under `controlPlane.platform.azure.osImage` or `compute.platform.azure.osImage` are set, they override the `platform.azure.defaultMachinePlatform.osImage` parameters.
+<9> Specify the name of the resource group that contains the DNS zone for your base domain.
+<10> Specify the name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster.
+ifdef::vnet,private,gov,restricted[]
+<11> If you use an existing VNet, specify the name of the resource group that contains it.
+<12> If you use an existing VNet, specify its name.
+<13> If you use an existing VNet, specify the name of the subnet to host the control plane machines.
+<14> If you use an existing VNet, specify the name of the subnet to host the compute machines.
+endif::vnet,private,gov,restricted[]
 ifdef::private,gov[]
-<14> You can customize your own outbound routing. Configuring user-defined routing prevents exposing external endpoints in your cluster. User-defined routing for egress requires deploying your cluster to an existing VNet.
+<15> You can customize your own outbound routing. Configuring user-defined routing prevents exposing external endpoints in your cluster. User-defined routing for egress requires deploying your cluster to an existing VNet.
 endif::private,gov[]
 ifdef::gov[]
-<15> Specify the name of the Azure cloud environment to deploy your cluster to. Set `AzureUSGovernmentCloud` to deploy to a Microsoft Azure Government (MAG) region. The default value is `AzurePublicCloud`.
+<16> Specify the name of the Azure cloud environment to deploy your cluster to. Set `AzureUSGovernmentCloud` to deploy to a Microsoft Azure Government (MAG) region. The default value is `AzurePublicCloud`.
 endif::gov[]
+ifdef::restricted[]
+<15> When using Azure Firewall to restrict Internet access, you must configure outbound routing to send traffic through the Azure Firewall. Configuring user-defined routing prevents exposing external endpoints in your cluster.
+<16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
++
+[IMPORTANT]
+====
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. The use of FIPS validated or Modules In Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64`, `ppc64le`, and `s390x` architectures.
+====
+<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+endif::restricted[]
 ifdef::vnet[]
 ifndef::openshift-origin[]
-<14> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<15> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<14> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 endif::vnet[]
 ifdef::private[]
 ifndef::openshift-origin[]
-<15> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 endif::private[]
 ifdef::gov[]
 ifndef::openshift-origin[]
-<16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<17> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<18> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 endif::gov[]
-ifndef::vnet,private,gov[]
+ifndef::vnet,private,gov,restricted[]
 ifndef::openshift-origin[]
-<10> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<11> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<10> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
-endif::vnet,private,gov[]
+endif::vnet,private,gov,restricted[]
 +
 [NOTE]
 ====
 For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
 ====
+ifdef::restricted[]
+<18> Provide the contents of the certificate file that you used for your mirror registry.
+<19> Provide the `imageContentSources` section from the output of the command to mirror the repository.
+<20> How to publish the user-facing endpoints of your cluster. When using Azure Firewall to restrict Internet access, set `publish` to `Internal` to deploy a private cluster. The user-facing endpoints then cannot be accessed from the internet. The default value is `External`.
+endif::restricted[]
 ifdef::private[]
 ifndef::openshift-origin[]
-<17> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
+<18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<16> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
+<17> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
 endif::openshift-origin[]
 endif::private[]
 ifdef::gov[]
 ifndef::openshift-origin[]
-<18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
+<19> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<17> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
+<18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
 endif::openshift-origin[]
 endif::gov[]
 
+
 ifeval::["{context}" == "installing-azure-network-customizations"]
 :!with-networking:
 endif::[]
@@ -300,3 +357,6 @@ endif::[]
 ifeval::["{context}" == "installing-azure-government-region"]
 :!gov:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!restricted:
+endif::[]
diff --git a/modules/installation-azure-create-dns-zones.adoc b/modules/installation-azure-create-dns-zones.adoc
index e8a84aab60d2..4e34cb9d87c4 100644
--- a/modules/installation-azure-create-dns-zones.adoc
+++ b/modules/installation-azure-create-dns-zones.adoc
@@ -2,12 +2,13 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-create-dns-zones_{context}"]
 = Example for creating DNS zones
 
diff --git a/modules/installation-azure-create-ingress-dns-records.adoc b/modules/installation-azure-create-ingress-dns-records.adoc
index 7c126498561a..f6ff24ab469a 100644
--- a/modules/installation-azure-create-ingress-dns-records.adoc
+++ b/modules/installation-azure-create-ingress-dns-records.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :cp: Azure
@@ -10,8 +11,11 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-create-ingress-dns-records_{context}"]
 = Adding the Ingress DNS records
 
@@ -125,3 +129,6 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-azure-create-resource-group-and-identity.adoc b/modules/installation-azure-create-resource-group-and-identity.adoc
index 00b7ce116ce1..51bc27e1550c 100644
--- a/modules/installation-azure-create-resource-group-and-identity.adoc
+++ b/modules/installation-azure-create-resource-group-and-identity.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -9,8 +10,11 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-create-resource-group-and-identity_{context}"]
 = Creating the Azure resource group
 
@@ -92,3 +96,6 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+endif::[]
diff --git a/modules/installation-azure-finalizing-encryption.adoc b/modules/installation-azure-finalizing-encryption.adoc
index 84bfe847e7eb..faeb1032349b 100644
--- a/modules/installation-azure-finalizing-encryption.adoc
+++ b/modules/installation-azure-finalizing-encryption.adoc
@@ -23,7 +23,7 @@ ifeval::["{context}" == "installing-azure-vnet"]
 :azure-public:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="finalizing-encryption_{context}"]
 = Finalizing user-managed encryption after installation
 If you installed {product-title} using a user-managed encryption key, you can complete the installation by creating a new storage class and granting write permissions to the Azure cluster resource group.
@@ -75,7 +75,7 @@ The `id` is in the format of `"/subscriptions/.../resourceGroups/.../providers/M
 [source,terminal]
 ----
 $ az identity show -g <cluster_resource_group> \// <1>
-     -n <cluster_service_principal_name> \// <2> 
+     -n <cluster_service_principal_name> \// <2>
      --query principalId --out tsv
 ----
 <1> Specifies the name of the cluster resource group created by the installation program.
diff --git a/modules/installation-azure-identities.adoc b/modules/installation-azure-identities.adoc
new file mode 100644
index 000000000000..288eaeadf4ec
--- /dev/null
+++ b/modules/installation-azure-identities.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_azure/installing-azure-account.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="installation-azure-identities_{context}"]
+= Supported identities to access Azure resources
+
+An {product-title} cluster requires an Azure identity to create and manage Azure resources. As such, you need one of the following types of identities to complete the installation:
+
+* A service principal
+* A system-assigned managed identity
+* A user-assigned managed identity
diff --git a/modules/installation-azure-increasing-limits.adoc b/modules/installation-azure-increasing-limits.adoc
index 2e60107fdd1a..89e645e2a8e4 100644
--- a/modules/installation-azure-increasing-limits.adoc
+++ b/modules/installation-azure-increasing-limits.adoc
@@ -2,8 +2,9 @@
 //
 // * installing/installing_azure/installing-azure-account.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-increasing-limits_{context}"]
 = Increasing Azure account limits
 
diff --git a/modules/installation-azure-limits.adoc b/modules/installation-azure-limits.adoc
index 4a85205a3bc4..81ed60ddadf9 100644
--- a/modules/installation-azure-limits.adoc
+++ b/modules/installation-azure-limits.adoc
@@ -4,6 +4,7 @@
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -22,8 +23,11 @@ endif::[]
 ifeval::["{context}" == "installing-azure-account"]
 :cp: Azure
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:cp: Azure
+endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-azure-limits_{context}"]
 = {cp} account limits
 
@@ -109,17 +113,6 @@ To deploy more worker nodes, enable autoscaling, deploy large workloads, or use
 a different instance type, you must further increase the vCPU limit for your
 account to ensure that your cluster can deploy the machines that you require.
 
-ifndef::ash[]
-By default, the installation program distributes control plane and compute machines across
-link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[all availability zones]
-within
-link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a region].
-To ensure high availability for your cluster, select a region with at least
-three availability zones. If your region contains fewer than three availability
-zones, the installation program places more than one control plane machine in the
-available zones.
-endif::ash[]
-
 ifndef::ash[]
 |OS Disk
 |7
@@ -230,3 +223,6 @@ endif::[]
 ifeval::["{context}" == "installing-azure-account"]
 :!cp: Azure
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-azure-marketplace-subscribe.adoc b/modules/installation-azure-marketplace-subscribe.adoc
index bacdb4b01f84..d9f31380fd44 100644
--- a/modules/installation-azure-marketplace-subscribe.adoc
+++ b/modules/installation-azure-marketplace-subscribe.adoc
@@ -4,6 +4,7 @@
 // * installing/installing_aws/installing-azure-user-infra.adoc
 // * machine_management/creating-machineset-azure.adoc
 // * machine_management/control_plane_machine_management/cpmso-using.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-customizations"]
 :ipi:
@@ -17,15 +18,20 @@ endif::[]
 ifeval::["{context}" == "cpmso-using"]
 :mapi:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:upi:
+endif::[]
 
 //mpytlak: The procedure differs depending on whether this module is used in an IPI or UPI assembly.
 //jrouth: Also some variations for when it appears in the machine management content (`mapi`).
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-marketplace-subscribe_{context}"]
-= Selecting an Azure Marketplace image
+= Using the Azure Marketplace offering
 ifndef::mapi[]
-If you are deploying an {product-title} cluster using the Azure Marketplace offering, you must first obtain the Azure Marketplace image. The installation program uses this image to deploy worker nodes. When obtaining your image, consider the following:
+Using the Azure Marketplace offering lets you deploy an {product-title} cluster, which is billed on pay-per-use basis (hourly, per core) through Azure, while still being supported directly by Red{nbsp}Hat.
+
+To deploy an {product-title} cluster using the Azure Marketplace offering, you must first obtain the Azure Marketplace image. The installation program uses this image to deploy worker nodes. When obtaining your image, consider the following:
 endif::mapi[]
 ifdef::mapi[]
 You can create a machine set running on Azure that deploys machines that use the Azure Marketplace offering. To use this offering, you must first obtain the Azure Marketplace image. When obtaining your image, consider the following:
@@ -37,7 +43,7 @@ endif::mapi[]
 
 [IMPORTANT]
 ====
-Installing images with the Azure marketplace is not supported on clusters with 64-bit ARM instances. 
+Installing images with the Azure marketplace is not supported on clusters with 64-bit ARM instances.
 ====
 
 .Prerequisites
@@ -61,9 +67,9 @@ $  az vm image list --all --offer rh-ocp-worker --publisher redhat -o table
 [source,terminal]
 ----
 Offer          Publisher       Sku                 Urn                                                             Version
--------------  --------------  ------------------  --------------------------------------------------------------  --------------
-rh-ocp-worker  RedHat          rh-ocp-worker       RedHat:rh-ocp-worker:rh-ocpworker:4.8.2021122100               4.8.2021122100
-rh-ocp-worker  RedHat          rh-ocp-worker-gen1  RedHat:rh-ocp-worker:rh-ocp-worker-gen1:4.8.2021122100         4.8.2021122100
+-------------  --------------  ------------------  --------------------------------------------------------------  -----------------
+rh-ocp-worker  RedHat          rh-ocp-worker       RedHat:rh-ocp-worker:rh-ocp-worker:413.92.2023101700            413.92.2023101700
+rh-ocp-worker  RedHat          rh-ocp-worker-gen1  RedHat:rh-ocp-worker:rh-ocp-worker-gen1:413.92.2023101700       413.92.2023101700
 ----
 ** EMEA:
 +
@@ -75,16 +81,16 @@ $  az vm image list --all --offer rh-ocp-worker --publisher redhat-limited -o ta
 .Example output
 [source,terminal]
 ----
-Offer          Publisher       Sku                 Urn                                                             Version
--------------  --------------  ------------------  --------------------------------------------------------------  --------------
-rh-ocp-worker  redhat-limited  rh-ocp-worker       redhat-limited:rh-ocp-worker:rh-ocp-worker:4.8.2021122100       4.8.2021122100
-rh-ocp-worker  redhat-limited  rh-ocp-worker-gen1  redhat-limited:rh-ocp-worker:rh-ocp-worker-gen1:4.8.2021122100  4.8.2021122100
+Offer          Publisher       Sku                 Urn                                                                     Version
+-------------  --------------  ------------------  --------------------------------------------------------------          -----------------
+rh-ocp-worker  redhat-limited  rh-ocp-worker       redhat-limited:rh-ocp-worker:rh-ocp-worker:413.92.2023101700            413.92.2023101700
+rh-ocp-worker  redhat-limited  rh-ocp-worker-gen1  redhat-limited:rh-ocp-worker:rh-ocp-worker-gen1:413.92.2023101700       413.92.2023101700
 ----
 --
 +
 [NOTE]
 ====
-Regardless of the version of {product-title} that you install, the correct version of the Azure Marketplace image to use is 4.8. If required, your VMs are automatically upgraded as part of the installation process.
+Regardless of the version of {product-title} that you install, the correct version of the Azure Marketplace image to use is 4.13. If required, your VMs are automatically upgraded as part of the installation process.
 ====
 . Inspect the image for your offer by running one of the following commands:
 ** North America:
@@ -132,9 +138,9 @@ ifdef::upi[]
 . Record the image details of your offer. If you use the Azure Resource Manager (ARM) template to deploy your worker nodes:
 +
 .. Update `storageProfile.imageReference` by deleting the `id` parameter and adding the `offer`, `publisher`, `sku`, and `version` parameters by using the values from your offer.
-.. Specify a `plan` for the virtual machines (VMs). 
+.. Specify a `plan` for the virtual machines (VMs).
 +
-.Example `06_workers.json` ARM template with an updated `storageProfile.imageReference` object and a specified `plan` 
+.Example `06_workers.json` ARM template with an updated `storageProfile.imageReference` object and a specified `plan`
 +
 [source,json,subs="none"]
 ----
@@ -154,7 +160,7 @@ ifdef::upi[]
     "offer": "rh-ocp-worker",
     "publisher": "redhat",
     "sku": "rh-ocp-worker",
-    "version": "4.8.2021122100"
+    "version": "413.92.2023101700"
     }
     ...
    }
@@ -184,7 +190,7 @@ compute:
         publisher: redhat
         offer: rh-ocp-worker
         sku: rh-ocp-worker
-        version: 4.8.2021122100
+        version: 413.92.2023101700
   replicas: 3
 ----
 endif::ipi[]
@@ -202,7 +208,7 @@ providerSpec:
       resourceID: ""
       sku: rh-ocp-worker
       type: MarketplaceWithPlan
-      version: 4.8.2021122100
+      version: 413.92.2023101700
 ----
 //offer also has "worker"
 endif::mapi[]
@@ -218,4 +224,7 @@ ifeval::["{context}" == "creating-machineset-azure"]
 endif::[]
 ifeval::["{context}" == "cpmso-using"]
 :!mapi:
-endif::[]
\ No newline at end of file
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!upi:
+endif::[]
diff --git a/modules/installation-azure-marketplace.adoc b/modules/installation-azure-marketplace.adoc
index b7608a754331..8fa3c95f609d 100644
--- a/modules/installation-azure-marketplace.adoc
+++ b/modules/installation-azure-marketplace.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-azure-account.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-azure-marketplace_{context}"]
 = Supported Azure Marketplace regions
 
diff --git a/modules/installation-azure-network-config.adoc b/modules/installation-azure-network-config.adoc
index e23deb945e48..a62a2f462c77 100644
--- a/modules/installation-azure-network-config.adoc
+++ b/modules/installation-azure-network-config.adoc
@@ -2,8 +2,9 @@
 //
 // * installing/installing_azure/installing-azure-account.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-network-config_{context}"]
 = Configuring a public DNS zone in Azure
 
diff --git a/modules/installation-azure-permissions.adoc b/modules/installation-azure-permissions.adoc
index 7d23ada530a6..f2235010948e 100644
--- a/modules/installation-azure-permissions.adoc
+++ b/modules/installation-azure-permissions.adoc
@@ -2,13 +2,16 @@
 //
 // * installing/installing_azure/installing-azure-account.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 [id="installation-azure-permissions_{context}"]
 = Required Azure roles
 
-{product-title} needs a service principal so it can manage Microsoft Azure resources. Before you can create a service principal, your Azure account subscription must have the following roles:
+An {product-title} cluster requires an Azure identity to create and manage Azure resources. Before you create the identity, verify that your environment meets the following requirements:
 
-* `User Access Administrator`
-* `Contributor`
+* The Azure account that you use to create the identity is assigned the `User Access Administrator` and `Contributor` roles. These roles are required when:
+** Creating a service principal or user-assigned managed identity.
+** Enabling a system-assigned managed identity on a virtual machine.
+* If you are going to use a service principal to complete the installation, verify that the Azure account that you use to create the identity is assigned the `microsoft.directory/servicePrincipals/createAsOwner` permission in Azure Active Directory.
 
-To set roles on the Azure portal, see the link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[Manage access to Azure resources using RBAC and the Azure portal] in the Azure documentation.
\ No newline at end of file
+To set roles on the Azure portal, see the link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[Manage access to Azure resources using RBAC and the Azure portal] in the Azure documentation.
diff --git a/modules/installation-azure-preparing-diskencryptionsets.adoc b/modules/installation-azure-preparing-diskencryptionsets.adoc
index 858b35021320..ee0d38f17c57 100644
--- a/modules/installation-azure-preparing-diskencryptionsets.adoc
+++ b/modules/installation-azure-preparing-diskencryptionsets.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_azure/enabling-disk-encryption-sets-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="preparing-disk-encryption-sets"]
 = Preparing an Azure Disk Encryption Set
 The {product-title} installer can use an existing Disk Encryption Set with a user-managed key. To enable this feature, you can create a Disk Encryption Set in Azure and provide the key to the installer.
@@ -68,7 +68,7 @@ $ az group create --name $RESOURCEGROUP --location $LOCATION
 [source,terminal]
 ----
 $ az keyvault create -n $KEYVAULT_NAME -g $RESOURCEGROUP -l $LOCATION \
-    --enable-purge-protection true --enable-soft-delete true
+    --enable-purge-protection true
 ----
 +
 . Create an encryption key in the key vault by running the following command:
diff --git a/modules/installation-azure-regions.adoc b/modules/installation-azure-regions.adoc
index 64d1540d3a7a..fde0952945cc 100644
--- a/modules/installation-azure-regions.adoc
+++ b/modules/installation-azure-regions.adoc
@@ -1,8 +1,10 @@
+
 // Module included in the following assemblies:
 //
 // * installing/installing_azure/installing-azure-account.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 [id="installation-azure-regions_{context}"]
 = Supported Azure regions
@@ -26,6 +28,8 @@ The installation program dynamically generates the list of available Microsoft A
 * `francecentral` (France Central)
 //* francesouth (France South)
 * `germanywestcentral` (Germany West Central)
+* `israelcentral` (Israel Central)
+* `italynorth` (Italy North)
 * `japaneast` (Japan East)
 * `japanwest` (Japan West)
 * `koreacentral` (Korea Central)
@@ -33,6 +37,7 @@ The installation program dynamically generates the list of available Microsoft A
 * `northcentralus` (North Central US)
 * `northeurope` (North Europe)
 * `norwayeast` (Norway East)
+* `polandcentral` (Poland Central)
 * `qatarcentral` (Qatar Central)
 * `southafricanorth` (South Africa North)
 //* southafricawest (South Africa West)
diff --git a/modules/installation-azure-service-principal.adoc b/modules/installation-azure-service-principal.adoc
index 195a9b309e2f..d37ab2d18c35 100644
--- a/modules/installation-azure-service-principal.adoc
+++ b/modules/installation-azure-service-principal.adoc
@@ -4,6 +4,7 @@
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
@@ -17,8 +18,11 @@ endif::[]
 ifeval::["{context}" == "installing-azure-user-infra"]
 :upi:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:upi:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-service-principal_{context}"]
 = Creating a service principal
 
@@ -225,8 +229,8 @@ $ az ad sp create-for-rbac --role <role_name> \// <1>
 [source,terminal]
 ----
 Creating 'Contributor' role assignment under scope '/subscriptions/<subscription_id>'
-The output includes credentials that you must protect. Be sure that you do not 
-include these credentials in your code or check the credentials into your source 
+The output includes credentials that you must protect. Be sure that you do not
+include these credentials in your code or check the credentials into your source
 control. For more information, see https://aka.ms/azadsp-cli
 {
   "appId": "ac461d78-bf4b-4387-ad16-7e32e328aec6",
@@ -262,4 +266,7 @@ ifeval::["{context}" == "installing-azure-account"]
 endif::[]
 ifeval::["{context}" == "installing-azure-user-infra"]
 :!upi:
-endif::[]
\ No newline at end of file
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!upi:
+endif::[]
diff --git a/modules/installation-azure-stack-hub-config-yaml.adoc b/modules/installation-azure-stack-hub-config-yaml.adoc
index a4717e2b1223..b6fb2390c9b9 100644
--- a/modules/installation-azure-stack-hub-config-yaml.adoc
+++ b/modules/installation-azure-stack-hub-config-yaml.adoc
@@ -95,7 +95,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <12> If your Azure Stack Hub environment uses an internal certificate authority (CA), add the necessary certificate bundle in `.pem` format.
 <13> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
@@ -188,7 +188,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <14> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
diff --git a/modules/installation-azure-subscription-tenant-id.adoc b/modules/installation-azure-subscription-tenant-id.adoc
new file mode 100644
index 000000000000..7c29f1bae550
--- /dev/null
+++ b/modules/installation-azure-subscription-tenant-id.adoc
@@ -0,0 +1,121 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_azure/installing-azure-account.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-azure-subscription-tenant-id_{context}"]
+= Recording the subscription and tenant IDs
+
+The installation program requires the subscription and tenant IDs that are associated with your Azure account. You can use the Azure CLI to gather this information.
+
+.Prerequisites
+
+* You have installed or updated the link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-latest[Azure CLI].
+
+.Procedure
+
+. Log in to the Azure CLI by running the following command:
++
+[source,terminal]
+----
+$ az login
+----
+
+. Ensure that you are using the right subscription:
+
+.. View a list of available subscriptions by running the following command:
++
+[source,terminal]
+----
+$ az account list --refresh
+----
++
+.Example output
+[source,terminal]
+----
+[
+  {
+    "cloudName": "AzureCloud",
+    "id": "8xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+    "isDefault": true,
+    "name": "Subscription Name 1",
+    "state": "Enabled",
+    "tenantId": "6xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+    "user": {
+      "name": "you@example.com",
+      "type": "user"
+    }
+  },
+  {
+    "cloudName": "AzureCloud",
+    "id": "9xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+    "isDefault": false,
+    "name": "Subscription Name 2",
+    "state": "Enabled",
+    "tenantId": "7xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+    "user": {
+      "name": "you2@example.com",
+      "type": "user"
+    }
+  }
+]
+----
+
+.. View the details of the active account, and confirm that this is the subscription you want to use, by running the following command:
++
+[source,terminal]
+----
+$ az account show
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "environmentName": "AzureCloud",
+  "id": "8xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+  "isDefault": true,
+  "name": "Subscription Name 1",
+  "state": "Enabled",
+  "tenantId": "6xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+  "user": {
+    "name": "you@example.com",
+    "type": "user"
+  }
+}
+----
+
+. If you are not using the right subscription:
+
+.. Change the active subscription by running the following command:
++
+[source,terminal]
+----
+$ az account set -s <subscription_id>
+----
+
+.. Verify that you are using the subscription you need by running the following command:
++
+[source,terminal]
+----
+$ az account show
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "environmentName": "AzureCloud",
+  "id": "9xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+  "isDefault": true,
+  "name": "Subscription Name 2",
+  "state": "Enabled",
+  "tenantId": "7xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+  "user": {
+    "name": "you2@example.com",
+    "type": "user"
+  }
+}
+----
+
+. Record the `id` and `tenantId` parameter values from the output. You require these values to install an {product-title} cluster.
diff --git a/modules/installation-azure-tested-machine-types.adoc b/modules/installation-azure-tested-machine-types.adoc
index d0ead0fbd221..4551b8c6c008 100644
--- a/modules/installation-azure-tested-machine-types.adoc
+++ b/modules/installation-azure-tested-machine-types.adoc
@@ -6,6 +6,8 @@
 // installing/installing_azure/installing-azure-private.adoc
 // installing/installing_azure/installing-azure-user-infra.adoc
 // installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 [id="installation-azure-tested-machine-types_{context}"]
 = Tested instance types for Azure
diff --git a/modules/installation-azure-trusted-launch.adoc b/modules/installation-azure-trusted-launch.adoc
new file mode 100644
index 000000000000..651258966bbe
--- /dev/null
+++ b/modules/installation-azure-trusted-launch.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_azure/installing-azure-network-customizations
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-azure-trusted-launch_{context}"]
+= Enabling trusted launch for Azure VMs
+
+You can enable two trusted launch features when installing your cluster on Azure: link:https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch#secure-boot[secure boot] and link:https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/trusted-platform-module-overview[virtualized Trusted Platform Modules].
+
+See the Azure documentation about link:https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch#virtual-machines-sizes[virtual machine sizes] to learn what sizes of virtual machines support these features.
+
+:FeatureName: Trusted launch
+
+include::snippets/technology-preview.adoc[]
+
+.Prerequisites
+* You have created an `install-config.yaml` file.
+
+.Procedure
+
+* Use a text editor to edit the `install-config.yaml` file prior to deploying your cluster and add the following stanza:
++
+[source,yaml]
+----
+controlPlane: <1>
+  platform:
+    azure:
+      settings:
+        securityType: TrustedLaunch <2>
+        trustedLaunch:
+          uefiSettings:
+            secureBoot: Enabled <3>
+            virtualizedTrustedPlatformModule: Enabled <4>
+----
+<1> Specify `controlPlane.platform.azure` or `compute.platform.azure` to enable trusted launch on only control plane or compute nodes respectively. Specify `platform.azure.defaultMachinePlatform` to enable trusted launch on all nodes.
+<2> Enable trusted launch features.
+<3> Enable secure boot. For more information, see the Azure documentation about link:https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch#secure-boot[secure boot].
+<4> Enable the virtualized Trusted Platform Module. For more information, see the Azure documentation about link:https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/trusted-platform-module-overview[virtualized Trusted Platform Modules].
\ No newline at end of file
diff --git a/modules/installation-azure-user-defined-routing.adoc b/modules/installation-azure-user-defined-routing.adoc
index f06596a66d59..eb7912308e9c 100644
--- a/modules/installation-azure-user-defined-routing.adoc
+++ b/modules/installation-azure-user-defined-routing.adoc
@@ -1,26 +1,27 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_azure/installing-azure-private.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
+
+ifeval::["{context}" == "installing-azure-private"]
+:private:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:restricted:
+endif::[]
 
 [id="installation-azure-user-defined-routing_{context}"]
 = User-defined outbound routing
 
-In {product-title}, you can choose your own outbound routing for a cluster to
-connect to the internet. This allows you to skip the creation of public IP
-addresses and the public load balancer.
+In {product-title}, you can choose your own outbound routing for a cluster to connect to the internet. This allows you to skip the creation of public IP addresses and the public load balancer.
 
-You can configure user-defined routing by modifying parameters in the
-`install-config.yaml` file before installing your cluster. A pre-existing VNet
-is required to use outbound routing when installing a cluster; the installation
-program is not responsible for configuring this.
+You can configure user-defined routing by modifying parameters in the `install-config.yaml` file before installing your cluster. A pre-existing VNet is required to use outbound routing when installing a cluster; the installation program is not responsible for configuring this.
 
-When configuring a cluster to use user-defined routing, the installation program
-does not create the following resources:
+When configuring a cluster to use user-defined routing, the installation program does not create the following resources:
 
 * Outbound rules for access to the internet.
 * Public IPs for the public load balancer.
-* Kubernetes Service object to add the cluster machines to the public load
-balancer for outbound requests.
+* Kubernetes Service object to add the cluster machines to the public load balancer for outbound requests.
 
 You must ensure the following items are available before setting user-defined
 routing:
@@ -28,48 +29,44 @@ routing:
 * Egress to the internet is possible to pull container images, unless using an
 {product-registry} mirror.
 * The cluster can access Azure APIs.
-* Various allowlist endpoints are configured. You can reference these endpoints
-in the _Configuring your firewall_ section.
+* Various allowlist endpoints are configured. You can reference these endpoints in the _Configuring your firewall_ section.
+
+There are several pre-existing networking setups that are supported for internet access using user-defined routing.
 
-There are several pre-existing networking setups that are supported for internet
-access using user-defined routing.
+ifdef::restricted[]
 
+[discrete]
+== Restricted cluster with Azure Firewall
+
+You can use Azure Firewall to restrict the outbound routing for the Virtual Network (VNet) that is used to install the {product-title} cluster. For more information, see link:https://learn.microsoft.com/en-us/azure/aks/egress-outboundtype#deploy-a-cluster-with-outbound-type-of-udr-and-azure-firewall[providing user-defined routing with Azure Firewall]. You can create a {product-title} cluster in a restricted network by using VNet with Azure Firewall and configuring the user-defined routing.
+
+[IMPORTANT]
+====
+If you are using Azure Firewall for restricting internet access, you must set the `publish` field to `Internal` in the `install-config.yaml` file. This is because link:https://learn.microsoft.com/en-us/azure/firewall/integrate-lb[Azure Firewall does not work properly with Azure public load balancers].
+====
+endif::restricted[]
+
+ifdef::private[]
 [discrete]
 == Private cluster with network address translation
 
-You can use link:https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview[Azure VNET network address translation (NAT)]
-to provide outbound internet access for the subnets in your cluster. You can
-reference
-link:https://docs.microsoft.com/en-us/azure/virtual-network/quickstart-create-nat-gateway-cli[Create a NAT gateway using Azure CLI]
-in the Azure documentation for configuration instructions.
+You can use link:https://docs.microsoft.com/en-us/azure/virtual-network/nat-overview[Azure VNET network address translation (NAT)] to provide outbound internet access for the subnets in your cluster. You can reference link:https://docs.microsoft.com/en-us/azure/virtual-network/quickstart-create-nat-gateway-cli[Create a NAT gateway using Azure CLI] in the Azure documentation for configuration instructions.
 
-When using a VNet setup with Azure NAT and user-defined routing configured, you
-can create a private cluster with no public endpoints.
+When using a VNet setup with Azure NAT and user-defined routing configured, you can create a private cluster with no public endpoints.
 
 [discrete]
 == Private cluster with Azure Firewall
 
-You can use Azure Firewall to provide outbound routing for the VNet used to
-install the cluster. You can learn more about
-link:https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype#deploy-a-cluster-with-outbound-type-of-udr-and-azure-firewall[providing user-defined routing with Azure Firewall]
-in the Azure documentation.
+You can use Azure Firewall to provide outbound routing for the VNet used to install the cluster. You can learn more about link:https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype#deploy-a-cluster-with-outbound-type-of-udr-and-azure-firewall[providing user-defined routing with Azure Firewall] in the Azure documentation.
 
-When using a VNet setup with Azure Firewall and user-defined routing configured,
-you can create a private cluster with no public endpoints.
+When using a VNet setup with Azure Firewall and user-defined routing configured, you can create a private cluster with no public endpoints.
 
 [discrete]
 == Private cluster with a proxy configuration
 
-You can use a proxy with user-defined routing to allow egress to the internet.
-You must ensure that cluster Operators do not access Azure APIs using a
-proxy; Operators must have access to Azure APIs outside of the proxy.
+You can use a proxy with user-defined routing to allow egress to the internet. You must ensure that cluster Operators do not access Azure APIs using a proxy; Operators must have access to Azure APIs outside of the proxy.
 
-When using the default route table for subnets, with `0.0.0.0/0` populated
-automatically by Azure, all Azure API requests are routed over Azure's internal
-network even though the IP addresses are public. As long as the Network Security
-Group rules allow egress to Azure API endpoints, proxies with user-defined
-routing configured allow you to create private clusters with no public
-endpoints.
+When using the default route table for subnets, with `0.0.0.0/0` populated automatically by Azure, all Azure API requests are routed over Azure's internal network even though the IP addresses are public. As long as the Network Security Group rules allow egress to Azure API endpoints, proxies with user-defined routing configured allow you to create private clusters with no public endpoints.
 
 [discrete]
 == Private cluster with no internet access
@@ -79,5 +76,12 @@ You can install a private network that restricts all access to the internet, exc
 * An {product-registry} mirror that allows for pulling container images
 * Access to Azure APIs
 
-With these requirements available, you can use user-defined routing to create
-private clusters with no public endpoints.
+With these requirements available, you can use user-defined routing to create private clusters with no public endpoints.
+endif::private[]
+
+ifeval::["{context}" == "installing-azure-private"]
+:!private:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!restricted:
+endif::[]
diff --git a/modules/installation-azure-user-infra-completing.adoc b/modules/installation-azure-user-infra-completing.adoc
index 2cc4fb5a7edd..ae8765cb3269 100644
--- a/modules/installation-azure-user-infra-completing.adoc
+++ b/modules/installation-azure-user-infra-completing.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :cp: Azure
@@ -9,8 +10,11 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-user-infra-completing_{context}"]
 = Completing an {cp} installation on user-provisioned infrastructure
 
@@ -53,3 +57,6 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-azure-user-infra-deploying-rhcos.adoc b/modules/installation-azure-user-infra-deploying-rhcos.adoc
index 7dcb6ecc7f7a..e9daea6112b8 100644
--- a/modules/installation-azure-user-infra-deploying-rhcos.adoc
+++ b/modules/installation-azure-user-infra-deploying-rhcos.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -11,8 +12,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-user-infra-deploying-rhcos_{context}"]
 = Deploying the {op-system} cluster image for the {cp} infrastructure
 
@@ -50,13 +55,13 @@ $ az deployment group create -g ${RESOURCE_GROUP} \
   --template-file "<installation_directory>/02_storage.json" \
   --parameters vhdBlobURL="${VHD_BLOB_URL}" \ <1>
   --parameters baseName="${INFRA_ID}" \ <2>
-  --parameters storageAccount="${CLUSTER_NAME}sa" \ <3> 
+  --parameters storageAccount="${CLUSTER_NAME}sa" \ <3>
   --parameters architecture="<architecture>" <4>
 ----
 <1> The blob URL of the {op-system} VHD to be used to create master and worker machines.
 <2> The base name to be used in resource names; this is usually the cluster's infrastructure ID.
-<3> The name of your Azure storage account. 
-<4> Specify the system architecture. Valid values are `x64` (default) or `Arm64`. 
+<3> The name of your Azure storage account.
+<4> Specify the system architecture. Valid values are `x64` (default) or `Arm64`.
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :!azure:
@@ -66,3 +71,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-azure-user-infra-uploading-rhcos.adoc b/modules/installation-azure-user-infra-uploading-rhcos.adoc
index b244c84d2f99..f99ddea68b0c 100644
--- a/modules/installation-azure-user-infra-uploading-rhcos.adoc
+++ b/modules/installation-azure-user-infra-uploading-rhcos.adoc
@@ -3,6 +3,7 @@
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -16,8 +17,11 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
 :ash-ipi:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-user-infra-uploading-rhcos_{context}"]
 ifndef::ash-ipi[]
 = Uploading the {op-system} cluster image and bootstrap Ignition config file
@@ -177,3 +181,6 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
 :!ash-ipi:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+endif::[]
diff --git a/modules/installation-azure-user-infra-wait-for-bootstrap.adoc b/modules/installation-azure-user-infra-wait-for-bootstrap.adoc
index c30d1e24036d..a9a1abe6fb58 100644
--- a/modules/installation-azure-user-infra-wait-for-bootstrap.adoc
+++ b/modules/installation-azure-user-infra-wait-for-bootstrap.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -11,8 +12,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-azure-user-infra-wait-for-bootstrap_{context}"]
 = Wait for bootstrap completion and remove bootstrap resources in {cp}
 
@@ -75,3 +80,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-bare-metal-agent-installer-config-yaml.adoc b/modules/installation-bare-metal-agent-installer-config-yaml.adoc
index 20cd5025e86b..48d768dcdac9 100644
--- a/modules/installation-bare-metal-agent-installer-config-yaml.adoc
+++ b/modules/installation-bare-metal-agent-installer-config-yaml.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 
-//* installing-with-agent/installing-with-agent.adoc
+// * installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc
 // Re-used content from Sample install-config.yaml file for bare metal without conditionals
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-bare-metal-agent-installer-config-yaml_{context}"]
 = Sample install-config.yaml file for bare metal
 
@@ -56,7 +56,7 @@ Class E CIDR range is reserved for a future use. To use the Class E CIDR range,
 <7> The subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23`, then each node is assigned a `/23` subnet out of the given `cidr`, which allows for 510 (2^(32 - 23) - 2) pod IP addresses. If you are required to provide access to nodes from an external network, configure load balancers and routers to manage the traffic.
 <8> The cluster network plugin to install. The supported values are `OVNKubernetes` (default value) and `OpenShiftSDN`.
 <9> The IP address pool to use for service IP addresses. You can enter only one IP address pool. This block must not overlap with existing physical networks. If you need to access the services from an external network, configure load balancers and routers to manage the traffic.
-<10> You must set the platform to `none` for a single-node cluster. You can set the platform to either `vsphere` or `baremetal` for multi-node clusters.
+<10> You must set the platform to `none` for a single-node cluster. You can set the platform to `vsphere`, `baremetal`, or `none` for multi-node clusters.
 +
 [NOTE]
 ====
@@ -96,7 +96,7 @@ platform:
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 
 <12> This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for {product-title} components.
diff --git a/modules/installation-bare-metal-config-yaml.adoc b/modules/installation-bare-metal-config-yaml.adoc
index 74c75bcbc5ed..a8d6c6d1c144 100644
--- a/modules/installation-bare-metal-config-yaml.adoc
+++ b/modules/installation-bare-metal-config-yaml.adoc
@@ -10,7 +10,7 @@
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing-rhv-restricted-network.adoc
+
 
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :restricted:
@@ -39,28 +39,22 @@ endif::[]
 ifeval::["{context}" == "installing-platform-agnostic"]
 :agnostic:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:rhv:
-endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 // Assumption is that attribute once outside ifdef works for several level one headings.
 [id="installation-bare-metal-config-yaml_{context}"]
-ifndef::ibm-z,ibm-z-kvm,ibm-power,agnostic,rhv[]
+ifndef::ibm-z,ibm-z-kvm,ibm-power,agnostic[]
 = Sample install-config.yaml file for bare metal
-endif::ibm-z,ibm-z-kvm,ibm-power,agnostic,rhv[]
+endif::ibm-z,ibm-z-kvm,ibm-power,agnostic[]
 ifdef::ibm-z,ibm-z-kvm[]
-= Sample install-config.yaml file for {ibmzProductName}
+= Sample install-config.yaml file for {ibm-z-title}
 endif::ibm-z,ibm-z-kvm[]
 ifdef::ibm-power[]
-= Sample install-config.yaml file for {ibmpowerProductName}
+= Sample install-config.yaml file for {ibm-power-title}
 endif::ibm-power[]
 ifdef::agnostic[]
 = Sample install-config.yaml file for other platforms
 endif::agnostic[]
-ifdef::rhv[]
-= Sample install-config.yaml file for RHV
-endif::rhv[]
 
 You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters.
 
@@ -248,10 +242,9 @@ Class E CIDR range is reserved for a future use. To use the Class E CIDR range,
 <9> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
 <10> The IP address pool to use for service IP addresses. You can enter only one IP address pool. This block must not overlap with existing physical networks. If you need to access the services from an external network, configure load balancers and routers to manage the traffic.
 <11> You must set the platform to `none`. You cannot provide additional platform configuration variables for
-ifndef::ibm-z,ibm-z-kvm,ibm-power,rhv[your platform.]
-ifdef::ibm-z,ibm-z-kvm[{ibmzProductName} infrastructure.]
-ifdef::ibm-power[{ibmpowerProductName} infrastructure.]
-ifdef::rhv[RHV infrastructure.]
+ifndef::ibm-z,ibm-z-kvm,ibm-power[your platform.]
+ifdef::ibm-z,ibm-z-kvm[{ibm-z-name} infrastructure.]
+ifdef::ibm-power[{ibm-power-name} infrastructure.]
 +
 [IMPORTANT]
 ====
@@ -262,7 +255,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on `x86_64`, `ppc64le`, and `s390x` architectures.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 endif::openshift-origin[]
 ifndef::restricted[]
@@ -305,7 +298,14 @@ ifdef::ibm-z,ibm-z-kvm[]
 <15> Add the `additionalTrustBundle` parameter and value. The value must be the contents of the certificate file that you used for your mirror registry. The certificate file can be an existing, trusted certificate authority or the self-signed certificate that you generated for the mirror registry.
 endif::ibm-z,ibm-z-kvm[]
 ifndef::openshift-origin[]
-<16> Provide the `imageContentSources` section from the output of the command to mirror the repository.
+<16> Provide the `imageContentSources` section according to the output of the command that you used to mirror the repository.
++
+[IMPORTANT]
+====
+* When using the `oc adm release mirror` command, use the output from the `imageContentSources` section.
+* When using `oc mirror` command, use the `repositoryDigestMirrors` section of the `ImageContentSourcePolicy` file that results from running the command.
+* `ImageContentSourcePolicy` is deprecated. For more information see _Configuring image registry repository mirroring_.
+====
 endif::openshift-origin[]
 ifdef::openshift-origin[]
 <15> Provide the `imageContentSources` section from the output of the command to mirror the repository.
@@ -342,6 +342,3 @@ endif::[]
 ifeval::["{context}" == "installing-platform-agnostic"]
 :!agnostic:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:!rhv:
-endif::[]
diff --git a/modules/installation-bootstrap-gather.adoc b/modules/installation-bootstrap-gather.adoc
index 68c03e91fe09..1698357ae6a3 100644
--- a/modules/installation-bootstrap-gather.adoc
+++ b/modules/installation-bootstrap-gather.adoc
@@ -3,7 +3,7 @@
 // * installing/installing-troubleshooting.adoc
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-bootstrap-gather_{context}"]
 = Gathering logs from a failed installation
 
diff --git a/modules/installation-cis-ibm-cloud.adoc b/modules/installation-cis-ibm-cloud.adoc
index b4ee1501fe71..3dcad4d16c1e 100644
--- a/modules/installation-cis-ibm-cloud.adoc
+++ b/modules/installation-cis-ibm-cloud.adoc
@@ -3,11 +3,15 @@
 // installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
 // installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "installing-ibm-cloud-account-power-vs"]
+:ibm-power-vs:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="installation-cis-ibm-cloud_{context}"]
-= Using IBM Cloud Internet Services for DNS resolution
+= Using {ibm-cloud-title} Internet Services for DNS resolution
 
-The installation program uses IBM Cloud Internet Services (CIS) to configure cluster DNS resolution and provide name lookup for a public cluster.
+The installation program uses {ibm-cloud-name} Internet Services (CIS) to configure cluster DNS resolution and provide name lookup for a public cluster.
 
 [NOTE]
 ====
@@ -18,8 +22,8 @@ You must create a domain zone in CIS in the same account as your cluster. You mu
 
 .Prerequisites
 
-* You have installed the link:https://www.ibm.com/cloud/cli[IBM Cloud CLI].
-* You have an existing domain and registrar. For more information, see the IBM link:https://cloud.ibm.com/docs/dns?topic=dns-getting-started[documentation].
+* You have installed the link:https://www.ibm.com/cloud/cli[{ibm-cloud-name} CLI].
+* You have an existing domain and registrar. For more information, see the {ibm-name} link:https://cloud.ibm.com/docs/dns?topic=dns-getting-started[documentation].
 
 .Procedure
 
@@ -32,6 +36,15 @@ You must create a domain zone in CIS in the same account as your cluster. You mu
 $ ibmcloud plugin install cis
 ----
 
+ifdef::ibm-power-vs[]
+.. Log in to {ibm-cloud-name} by using the CLI:
++
+[source,terminal]
+----
+$ ibmcloud login
+----
+endif::ibm-power-vs[]
+
 .. Create the CIS instance:
 +
 [source,terminal]
@@ -43,12 +56,23 @@ $ ibmcloud cis instance-create <instance_name> standard <1>
 . Connect an existing domain to your CIS instance:
 
 .. Set the context instance for CIS:
+ifndef::ibm-power-vs[]
 +
 [source,terminal]
 ----
-$ ibmcloud cis instance-set <instance_crn> <1>
+$ ibmcloud cis instance-set <instance_name> <1>
 ----
 <1> The instance cloud resource name.
+endif::ibm-power-vs[]
+ifdef::ibm-power-vs[]
++
+[source,terminal]
+----
+$ ibmcloud cis instance-set <instance_CRN> <1>
+----
+<1> The instance CRN (Cloud Resource Name).
+For example: `ibmcloud cis instance-set crn:v1:bluemix:public:power-iaas:osa21:a/65b64c1f1c29460d8c2e4bbfbd893c2c:c09233ac-48a5-4ccb-a051-d1cfb3fc7eb5::`
+endif::ibm-power-vs[]
 
 .. Add the domain for CIS:
 +
@@ -65,4 +89,8 @@ A root domain uses the form `openshiftcorp.com`. A subdomain uses the form `clus
 
 . Open the link:https://cloud.ibm.com/catalog/services/internet-services[CIS web console], navigate to the *Overview* page, and note your CIS name servers. These name servers will be used in the next step.
 
-. Configure the name servers for your domains or subdomains at the domain's registrar or DNS provider. For more information, see the IBM Cloud link:https://cloud.ibm.com/docs/cis?topic=cis-getting-started#configure-your-name-servers-with-the-registrar-or-existing-dns-provider[documentation].
\ No newline at end of file
+. Configure the name servers for your domains or subdomains at the domain's registrar or DNS provider. For more information, see the {ibm-cloud-name} link:https://cloud.ibm.com/docs/cis?topic=cis-getting-started#configure-your-name-servers-with-the-registrar-or-existing-dns-provider[documentation].
+
+ifeval::["{context}" == "installing-ibm-cloud-account-power-vs"]
+:!ibm-power-vs:
+endif::[]
\ No newline at end of file
diff --git a/modules/installation-cloudformation-bootstrap.adoc b/modules/installation-cloudformation-bootstrap.adoc
index 2ee56936ca8b..c7fce6247e49 100644
--- a/modules/installation-cloudformation-bootstrap.adoc
+++ b/modules/installation-cloudformation-bootstrap.adoc
@@ -13,6 +13,6 @@ You can use the following CloudFormation template to deploy the bootstrap machin
 ====
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/aws/cloudformation/04_cluster_bootstrap.yaml[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/aws/cloudformation/04_cluster_bootstrap.yaml[]
 ----
 ====
diff --git a/modules/installation-cloudformation-control-plane.adoc b/modules/installation-cloudformation-control-plane.adoc
index c5cd60b6ca57..735119d573b6 100644
--- a/modules/installation-cloudformation-control-plane.adoc
+++ b/modules/installation-cloudformation-control-plane.adoc
@@ -14,6 +14,6 @@ machines that you need for your {product-title} cluster.
 ====
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/aws/cloudformation/05_cluster_master_nodes.yaml[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/aws/cloudformation/05_cluster_master_nodes.yaml[]
 ----
 ====
diff --git a/modules/installation-cloudformation-dns.adoc b/modules/installation-cloudformation-dns.adoc
index fc1b7e3558bb..a285b88c408c 100644
--- a/modules/installation-cloudformation-dns.adoc
+++ b/modules/installation-cloudformation-dns.adoc
@@ -14,7 +14,7 @@ objects and load balancers that you need for your {product-title} cluster.
 ====
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/aws/cloudformation/02_cluster_infra.yaml[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/aws/cloudformation/02_cluster_infra.yaml[]
 ----
 ====
 
diff --git a/modules/installation-cloudformation-security.adoc b/modules/installation-cloudformation-security.adoc
index 3dc650bfb6e0..4fa7f8899a8e 100644
--- a/modules/installation-cloudformation-security.adoc
+++ b/modules/installation-cloudformation-security.adoc
@@ -14,6 +14,6 @@ that you need for your {product-title} cluster.
 ====
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/aws/cloudformation/03_cluster_security.yaml[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/aws/cloudformation/03_cluster_security.yaml[]
 ----
 ====
diff --git a/modules/installation-cloudformation-subnet-localzone.adoc b/modules/installation-cloudformation-subnet-localzone.adoc
index 47503db35a56..689f52e682f9 100644
--- a/modules/installation-cloudformation-subnet-localzone.adoc
+++ b/modules/installation-cloudformation-subnet-localzone.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-cloudformation-subnet-localzone_{context}"]
 = CloudFormation template for the subnet that uses AWS Local Zones
 
diff --git a/modules/installation-cloudformation-vpc-localzone.adoc b/modules/installation-cloudformation-vpc-localzone.adoc
index e242a8f0f46d..eb5f3f6e9138 100644
--- a/modules/installation-cloudformation-vpc-localzone.adoc
+++ b/modules/installation-cloudformation-vpc-localzone.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-cloudformation-vpc-localzone_{context}"]
 = CloudFormation template for the VPC
 
diff --git a/modules/installation-cloudformation-vpc.adoc b/modules/installation-cloudformation-vpc.adoc
index 9cc2bb3920c3..426237718bf4 100644
--- a/modules/installation-cloudformation-vpc.adoc
+++ b/modules/installation-cloudformation-vpc.adoc
@@ -14,6 +14,6 @@ you need for your {product-title} cluster.
 ====
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/aws/cloudformation/01_vpc.yaml[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/aws/cloudformation/01_vpc.yaml[]
 ----
 ====
diff --git a/modules/installation-cloudformation-worker.adoc b/modules/installation-cloudformation-worker.adoc
index 91d8186ed923..8c9e71011af4 100644
--- a/modules/installation-cloudformation-worker.adoc
+++ b/modules/installation-cloudformation-worker.adoc
@@ -14,6 +14,6 @@ that you need for your {product-title} cluster.
 ====
 [source,yaml]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/aws/cloudformation/06_cluster_worker_node.yaml[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/aws/cloudformation/06_cluster_worker_node.yaml[]
 ----
 ====
diff --git a/modules/installation-cluster-quickly-extend-workers.adoc b/modules/installation-cluster-quickly-extend-workers.adoc
new file mode 100644
index 000000000000..373329b614ba
--- /dev/null
+++ b/modules/installation-cluster-quickly-extend-workers.adoc
@@ -0,0 +1,10 @@
+// Module included in the following assemblies:
+//
+// * installing/installing-aws-localzone.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="installation-cluster-quickly-extend-workers_{context}"]
+= Install a cluster quickly in AWS Local Zones
+
+For {product-title} {product-version}, you can quickly install a cluster on Amazon Web Services (AWS) to extend compute nodes to Local Zone locations. By using this installation route, the installation program automatically creates network resources and Local Zone subnets for each Local Zone that you defined in your configuration file. To customize the installation, you must modify parameters in the `install-config.yaml` file before you deploy the cluster.
diff --git a/modules/installation-common-issues.adoc b/modules/installation-common-issues.adoc
deleted file mode 100644
index e537e06043d4..000000000000
--- a/modules/installation-common-issues.adoc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing/installing-troubleshooting.adoc
-
-[id="installation-common-issues_{context}"]
-= Troubleshooting common issues with installing on {rh-virtualization-first}
-
-Here are some common issues you might encounter, along with proposed causes and solutions.
-
-[id="cpu-load-increases-and-nodes-go-into-a-not-ready-state_{context}"]
-== CPU load increases and nodes go into a `Not Ready` state
-
-* *Symptom*: CPU load increases significantly and nodes start going into a `Not Ready` state.
-* *Cause*: The storage domain latency might be too high, especially for control plane nodes.
-* *Solution*:
-+
-Make the nodes ready again by restarting the kubelet service:
-+
-[source,terminal]
-----
-$ systemctl restart kubelet
-----
-+
-Inspect the {product-title} metrics service, which automatically gathers and reports on some valuable data such as the etcd disk sync duration. If the cluster is operational, use this data to help determine whether storage latency or throughput is the root issue. If so, consider using a storage resource that has lower latency and higher throughput.
-+
-To get raw metrics, enter the following command as kubeadmin or user with cluster-admin privileges:
-+
-[source,terminal]
-----
-$ oc get --insecure-skip-tls-verify --server=https://localhost:<port> --raw=/metrics
-----
-+
-To learn more, see https://access.redhat.com/articles/3793621[Exploring Application Endpoints for the purposes of Debugging with OpenShift 4.x]
-
-[id="trouble-connecting-the-rhv-cluster-api_{context}"]
-== Trouble connecting the {product-title} cluster API
-
-* *Symptom*: The installation program completes but the {product-title} cluster API is not available. The bootstrap virtual machine remains up after the bootstrap process is complete. When you enter the following command, the response will time out.
-+
-[source,terminal]
-----
-$ oc login -u kubeadmin -p *** <apiurl>
-----
-
-* *Cause*: The bootstrap VM was not deleted by the installation program and has not released the cluster's API IP address.
-* *Solution*: Use the `wait-for` subcommand to be notified when the bootstrap process is complete:
-+
-[source,terminal]
-----
-$ ./openshift-install wait-for bootstrap-complete
-----
-+
-When the bootstrap process is complete, delete the bootstrap virtual machine:
-+
-[source,terminal]
-----
-$ ./openshift-install destroy bootstrap
-----
diff --git a/modules/installation-complete-user-infra.adoc b/modules/installation-complete-user-infra.adoc
index 972139fda40f..57808498114d 100644
--- a/modules/installation-complete-user-infra.adoc
+++ b/modules/installation-complete-user-infra.adoc
@@ -37,7 +37,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 :restricted:
 endif::[]
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-complete-user-infra_{context}"]
 = Completing installation on user-provisioned infrastructure
 
@@ -59,40 +59,40 @@ $ watch -n5 oc get clusteroperators
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
-authentication                             4.13.0    True        False         False      19m
-baremetal                                  4.13.0    True        False         False      37m
-cloud-credential                           4.13.0    True        False         False      40m
-cluster-autoscaler                         4.13.0    True        False         False      37m
-config-operator                            4.13.0    True        False         False      38m
-console                                    4.13.0    True        False         False      26m
-csi-snapshot-controller                    4.13.0    True        False         False      37m
-dns                                        4.13.0    True        False         False      37m
-etcd                                       4.13.0    True        False         False      36m
-image-registry                             4.13.0    True        False         False      31m
-ingress                                    4.13.0    True        False         False      30m
-insights                                   4.13.0    True        False         False      31m
-kube-apiserver                             4.13.0    True        False         False      26m
-kube-controller-manager                    4.13.0    True        False         False      36m
-kube-scheduler                             4.13.0    True        False         False      36m
-kube-storage-version-migrator              4.13.0    True        False         False      37m
-machine-api                                4.13.0    True        False         False      29m
-machine-approver                           4.13.0    True        False         False      37m
-machine-config                             4.13.0    True        False         False      36m
-marketplace                                4.13.0    True        False         False      37m
-monitoring                                 4.13.0    True        False         False      29m
-network                                    4.13.0    True        False         False      38m
-node-tuning                                4.13.0    True        False         False      37m
-openshift-apiserver                        4.13.0    True        False         False      32m
-openshift-controller-manager               4.13.0    True        False         False      30m
-openshift-samples                          4.13.0    True        False         False      32m
-operator-lifecycle-manager                 4.13.0    True        False         False      37m
-operator-lifecycle-manager-catalog         4.13.0    True        False         False      37m
-operator-lifecycle-manager-packageserver   4.13.0    True        False         False      32m
-service-ca                                 4.13.0    True        False         False      38m
-storage                                    4.13.0    True        False         False      37m
+authentication                             {product-version}.0    True        False         False      19m
+baremetal                                  {product-version}.0    True        False         False      37m
+cloud-credential                           {product-version}.0    True        False         False      40m
+cluster-autoscaler                         {product-version}.0    True        False         False      37m
+config-operator                            {product-version}.0    True        False         False      38m
+console                                    {product-version}.0    True        False         False      26m
+csi-snapshot-controller                    {product-version}.0    True        False         False      37m
+dns                                        {product-version}.0    True        False         False      37m
+etcd                                       {product-version}.0    True        False         False      36m
+image-registry                             {product-version}.0    True        False         False      31m
+ingress                                    {product-version}.0    True        False         False      30m
+insights                                   {product-version}.0    True        False         False      31m
+kube-apiserver                             {product-version}.0    True        False         False      26m
+kube-controller-manager                    {product-version}.0    True        False         False      36m
+kube-scheduler                             {product-version}.0    True        False         False      36m
+kube-storage-version-migrator              {product-version}.0    True        False         False      37m
+machine-api                                {product-version}.0    True        False         False      29m
+machine-approver                           {product-version}.0    True        False         False      37m
+machine-config                             {product-version}.0    True        False         False      36m
+marketplace                                {product-version}.0    True        False         False      37m
+monitoring                                 {product-version}.0    True        False         False      29m
+network                                    {product-version}.0    True        False         False      38m
+node-tuning                                {product-version}.0    True        False         False      37m
+openshift-apiserver                        {product-version}.0    True        False         False      32m
+openshift-controller-manager               {product-version}.0    True        False         False      30m
+openshift-samples                          {product-version}.0    True        False         False      32m
+operator-lifecycle-manager                 {product-version}.0    True        False         False      37m
+operator-lifecycle-manager-catalog         {product-version}.0    True        False         False      37m
+operator-lifecycle-manager-packageserver   {product-version}.0    True        False         False      32m
+service-ca                                 {product-version}.0    True        False         False      38m
+storage                                    {product-version}.0    True        False         False      37m
 ----
 +
 Alternatively, the following command notifies you when all of the clusters are available. It also retrieves and displays credentials:
@@ -160,7 +160,7 @@ ifdef::ibm-power[]
 . Additional steps are required to enable multipathing. Do not enable multipathing during installation.
 endif::ibm-power[]
 +
-See "Enabling multipathing with kernel arguments on {op-system}" in the _Post-installation machine configuration tasks_ documentation for more information.
+See "Enabling multipathing with kernel arguments on {op-system}" in the _Postinstallation machine configuration tasks_ documentation for more information.
 
 ifdef::restricted[]
 . Register your cluster on the link:https://console.redhat.com/openshift/register[Cluster registration] page.
diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc
index f1efe09ff57b..5b99cd1647a2 100644
--- a/modules/installation-configuration-parameters.adoc
+++ b/modules/installation-configuration-parameters.adoc
@@ -1,277 +1,88 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_alibaba/installing-alibaba-default.adoc
-// * installing/installing_aws/installing-alibaba-customizations.adoc
-// * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
-// * installing/installing_alibaba_installing-alibaba-vpc.adoc
-// * installing/installing_aws/installing-aws-china.adoc
-// * installing/installing_aws/installing-aws-customizations.adoc
-// * installing/installing_aws/installing-aws-government-region.adoc
-// * installing/installing_aws/installing-aws-network-customizations.adoc
-// * installing/installing_aws/installing-aws-private.adoc
-// * installing/installing_aws/installing-aws-secret-region.adoc
-// * installing/installing_aws/installing-aws-vpc.adoc
-// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
-// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
-// * installing/installing_azure/installing-azure-customizations.adoc
-// * installing/installing_azure/installing-azure-government-region.adoc
-// * installing/installing_azure/installing-azure-network-customizations.adoc
-// * installing/installing_azure/installing-azure-private.adoc
-// * installing/installing_azure/installing-azure-vnet.adoc
-// * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
-// * installing/installing_bare_metal/installing-bare-metal.adoc
-// * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
-// * installing/installing_gcp/installing-gcp-customizations.adoc
-// * installing/installing_gcp/installing-gcp-network-customizations.adoc
-// * installing/installing_gcp/installing-gcp-private.adoc
-// * installing/installing_gcp/installing-gcp-vpc.adoc
-// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
-// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
-// * installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc
-// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
-// * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
-// * installing/installing_ibm_cloud_public/intalling-ibm-cloud-private.adoc
-// * installing/installing_ibm_power/installing-ibm-power.adoc
-// * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
-// * installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc
-// * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
-// * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
-// * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
-// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
-// * installing/installing_ibm_z/installing-ibm-z.adoc
-// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
-// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
-// * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-installer-restricted.adoc
-// * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-sr-iov.adoc
-// * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
-// * installing/installing_azure_stack_hub/installing-azure-stack-hub-customizations.adoc
-// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
-// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 // * installing/installing_vsphere/installation-config-parameters-vsphere.adoc
+// * installing/installing_gcp/installation-config-parameters-gcp.adoc
+// * installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc
+// * installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc
+// * installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc
+// * installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc
+// * installing/installing_ibm_cloud_public/installation-config-parameters-ibm-cloud-vps.adoc
+// * installing/installing_alibaba/installation-config-parameters-alibaba.adoc
+// * installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs.adoc
+// * installing/installing_nutanix/installation-config-parameters-nutanix.adoc
+// * installing/installing_openstack/installation-config-parameters-openstack.adoc
+// * installing/installing_azure/installation-config-parameters-azure.adoc
+// * installing/installing_aws/installation-config-parameters-aws.adoc
+// * installing/installing_with_agent_based_installer/installation-config-parameters-agent.adoc
 
-ifeval::["{context}" == "installing-alibaba-customizations"]
-:alibabacloud:
-endif::[]
-ifeval::["{context}" == "installing-alibaba-vpc"]
-:alibabacloud:
-endif::[]
-ifeval::["{context}" == "installing-aws-customizations"]
-:aws:
-endif::[]
-//Starting in 4.10, aws on arm64 is only supported for installation on custom, network custom, private clusters and VPC . This attribute excludes arm64 content from installing on gov regions. When government regions are supported on arm64, change `aws-govcloud` to `aws`.
-ifeval::["{context}" == "installing-aws-government-region"]
-:aws-govcloud:
-endif::[]
-//Starting in 4.10, aws on arm64 is only supported for installation on custom, network custom, private clusters and VPC. This attribute excludes arm64 content from installing on secret regions. When secret regions are supported on arm64, change `aws-secret` to `aws`.
-ifeval::["{context}" == "installing-aws-secret-region"]
-:aws-secret:
-endif::[]
-ifeval::["{context}" == "installing-aws-network-customizations"]
-:aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-private"]
-:aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-vpc"]
-:aws:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
-:aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
-:aws:
-endif::[]
-ifeval::["{context}" == "installing-azure-customizations"]
-:azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-government-region"]
-:azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-network-customizations"]
-:azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-private"]
-:azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-vnet"]
-:azure:
-endif::[]
-ifeval::["{context}" == "installing-gcp-customizations"]
-:gcp:
-endif::[]
-ifeval::["{context}" == "installing-bare-metal"]
-:bare:
-endif::[]
-ifeval::["{context}" == "installing-bare-metal-network-customizations"]
-:bare:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
-:bare:
-endif::[]
-ifeval::["{context}" == "installing-gcp-private"]
-:gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-network-customizations"]
-:gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-vpc"]
-:gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-shared-vpc"]
-:gcp:
+ifeval::["{context}" == "installation-config-parameters-vsphere"]
+:vsphere:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+ifeval::["{context}" == "installation-config-parameters-gcp"]
 :gcp:
 endif::[]
-ifeval::["{context}" == "installing-aws-customizations"]
-:aws:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-customizations"]
-:ibm-cloud:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
-:ibm-cloud:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-vpc"]
-:ibm-cloud:
-:ibm-cloud-vpc:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-private"]
-:ibm-cloud:
-:ibm-cloud-vpc:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-custom"]
-:osp:
-:osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:osp:
-:osp-kuryr:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user"]
-:osp:
-:osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:osp:
-:osp-kuryr:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov"]
-:osp:
-:osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:osp:
-:osp-kuryr:
-endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:rhv:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-restricted"]
-:osp:
-:osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-ibm-z"]
-:ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-ibm-z-kvm"]
-:ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
+ifeval::["{context}" == "installation-config-parameters-ibm-z"]
 :ibm-z:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
-:ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-ibm-power"]
+ifeval::["{context}" == "installation-config-parameters-ibm-power"]
 :ibm-power:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
-:ibm-power:
+ifeval::["{context}" == "installation-config-parameters-ash"]
+:ash:
 endif::[]
-ifeval::["{context}" == "installing-ibm-power-vs-customizations"]
-:ibm-power-vs:
+ifeval::["{context}" == "installation-config-parameters-bare-metal"]
+:bare:
 endif::[]
-ifeval::["{context}" == "installing-ibm-power-vs-private-cluster"]
-:ibm-power-vs:
+ifeval::["{context}" == "installation-config-parameters-ibm-cloud-vpc"]
+:ibm-cloud:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-power-vs"]
-:ibm-power-vs:
+ifeval::["{context}" == "installation-config-parameters-alibaba"]
+:alibaba-cloud:
 endif::[]
-ifeval::["{context}" == "installing-ibm-powervs-vpc"]
+ifeval::["{context}" == "installation-config-parameters-ibm-power-vs"]
 :ibm-power-vs:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-default"]
-:ash:
+ifeval::["{context}" == "installation-config-parameters-nutanix"]
+:nutanix:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
-:ash:
+ifeval::["{context}" == "installation-config-parameters-openstack"]
+:osp:
 endif::[]
-ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
-:nutanix:
+ifeval::["{context}" == "installation-config-parameters-azure"]
+:azure:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"]
-:nutanix:
+ifeval::["{context}" == "installation-config-parameters-aws"]
+:aws:
 endif::[]
-ifeval::["{context}" == "installation-config-parameters-vsphere"]
-:vsphere:
+ifeval::["{context}" == "installation-config-parameters-agent"]
+:agent:
 endif::[]
 
-
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-configuration-parameters_{context}"]
-ifndef::vsphere[]
-= Installation configuration parameters
-endif::vsphere[]
-
-// Managing headings is required as part of the effort for https://issues.redhat.com/browse/OSDOCS-6493.
-// This accommodates the existing IA of the installation assemblies, while the improvement is implemented.
-// As part of the updates for the last provider, the conditions can be removed and the following heading can be used.
-ifdef::vsphere[]
+ifndef::agent[]
 = Available installation configuration parameters for {platform}
-endif::vsphere[]
+The following tables specify the required, optional, and {platform}-specific installation configuration parameters that you can set as part of the installation process.
 
-// If install-config.yaml is generated by openshift-install
-// The addition of providers beyond bare,ibm-power,ibm-z,ash is necessary as part of the effort for https://issues.redhat.com/browse/OSDOCS-6493
-// This accommodates the existing IA of the installation assemblies, while the improvement is implemented.
-// As part of the updates for the last provider, content between lines 277-292 can be completely removed.
-ifndef::bare,ibm-power,ibm-z,ash,vsphere[]
-Before you deploy an {product-title} cluster, you provide parameter values to describe your account on the cloud platform that hosts your cluster and optionally customize your cluster's platform. When you create the `install-config.yaml` installation configuration file, you provide values for the required parameters through the command line. If you customize your cluster, you can modify the `install-config.yaml` file to provide more details about the platform.
-endif::bare,ibm-power,ibm-z,ash,vsphere[]
-
-// If the user manually creates install-config.yaml
-ifdef::bare,ibm-power,ibm-power-vs,ibm-z,ash[]
-Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
-endif::bare,ibm-power,ibm-power-vs,ibm-z,ash[]
-
-// A condition for this note is required as part of the effort for https://issues.redhat.com/browse/OSDOCS-6493.
-// This accommodates the existing content for installation assemblies, while the improvement is implemented.
-// As part of the updates for the last provider, this note can be removed from the module
-ifndef::vsphere[]
 [NOTE]
 ====
 After installation, you cannot modify these parameters in the `install-config.yaml` file.
 ====
-endif::vsphere[]
 
-// This condition is required as part of the effort for https://issues.redhat.com/browse/OSDOCS-6493.
-// As part of the update for each provider, this content applies to the net new provider-specific installation configuration parameter assembly.
-// As part of the updates for the last provider, the conditions can be completely removed.
-ifdef::vsphere[]
-The following tables specify the required, optional, and {platform}-specific installation configuration parameters that you can set as part of the installation process.
+endif::agent[]
+
+ifdef::agent[]
+= Available installation configuration parameters
+The following tables specify the required and optional installation configuration parameters that you can set as part of the Agent-based installation process.
+
+These values are specified in the `install-config.yaml` file.
 
 [NOTE]
 ====
-After installation, you cannot modify these parameters in the `install-config.yaml` file.
+These settings are used for installation only, and cannot be modified after installation.
 ====
-endif::vsphere[]
+
+endif::agent[]
 
 [id="installation-configuration-parameters-required_{context}"]
 == Required configuration parameters
@@ -279,24 +90,28 @@ endif::vsphere[]
 Required installation configuration parameters are described in the following table:
 
 .Required parameters
-[cols=".^2,.^3,.^5a",options="header"]
+[cols=".^2l,.^3,.^5a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`apiVersion`
+|apiVersion:
 |The API version for the `install-config.yaml` content. The current version is `v1`. The installation program may also support older API versions.
 |String
 
-|`baseDomain`
+|baseDomain:
 |The base domain of your cloud provider. The base domain is used to create routes to your {product-title} cluster components. The full DNS name for your cluster is a combination of the `baseDomain` and `metadata.name` parameter values that uses the `<metadata.name>.<baseDomain>` format.
 |A fully-qualified domain or subdomain name, such as `example.com`.
 
-|`metadata`
+|metadata:
 |Kubernetes resource `ObjectMeta`, from which only the `name` parameter is consumed.
 |Object
 
-|`metadata.name`
+|metadata:
+  name:
 |The name of the cluster. DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`.
+ifdef::agent[]
+When you do not provide `metadata.name` through either the `install-config.yaml` or `agent-config.yaml` files, for example when you use only ZTP manifests, the cluster name is set to `agent-cluster`.
+endif::agent[]
 ifndef::bare,nutanix,vsphere[]
 |String of lowercase letters, hyphens (`-`), and periods (`.`), such as `dev`.
 endif::bare,nutanix,vsphere[]
@@ -307,12 +122,17 @@ ifdef::osp[]
 The string must be 14 characters or fewer long.
 endif::osp[]
 
-|`platform`
-|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `powervs`, `vsphere`, or `{}`. For additional information about `platform.<platform>` parameters, consult the table for your specific platform that follows.
+|platform:
+ifndef::agent[]
+|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `powervs`, `vsphere`, or `{}`. For additional information about `platform.<platform>` parameters, consult the table for your specific platform that follows.
+endif::agent[]
+ifdef::agent[]
+|The configuration for the specific platform upon which to perform the installation: `baremetal`, `external`, `none`, or `vsphere`.
+endif::agent[]
 |Object
 
 ifndef::openshift-origin[]
-|`pullSecret`
+|pullSecret:
 |Get a {cluster-manager-url-pull} to authenticate downloading container images for {product-title} components from services such as Quay.io.
 |
 [source,json]
@@ -332,6 +152,37 @@ ifndef::openshift-origin[]
 ----
 endif::[]
 
+ifdef::ibm-power-vs[]
+|platform:
+  powervs:
+    userID:
+|The UserID is the login for the user's {ibm-cloud-name} account.
+|String. For example, `existing_user_id`.
+
+|platform:
+  powervs:
+    powervsResourceGroup:
+|The PowerVSResourceGroup is the resource group in which {ibm-power-server-name} resources are created. If using an existing VPC, the existing VPC and subnets should be in this resource group.
+|String. For example, `existing_resource_group`.
+
+|platform:
+  powervs:
+    region:
+|Specifies the {ibm-cloud-name} colo region where the cluster will be created.
+|String. For example, `existing_region`.
+
+|platform:
+  powervs:
+    zone:
+|Specifies the {ibm-cloud-name} colo region where the cluster will be created.
+|String. For example, `existing_zone`.
+
+|platform:
+  powervs:
+    serviceInstanceID:
+|The ServiceInstanceID is the ID of the Power IAAS instance created from the {ibm-cloud-name} Catalog.
+|String. For example, `existing_service_instance_ID`.
+endif::ibm-power-vs[]
 |====
 
 [id="installation-configuration-parameters-network_{context}"]
@@ -344,11 +195,11 @@ You can customize your installation configuration based on the requirements of y
 // https://bugzilla.redhat.com/show_bug.cgi?id=2020416
 // Once BM UPI supports dual-stack, uncomment all the following conditionals and blocks
 
-ifndef::bare,vsphere[]
+ifndef::agent,bare,ibm-power,ibm-z,vsphere[]
 Only IPv4 addresses are supported.
-endif::[]
+endif::agent,bare,ibm-power,ibm-z,vsphere[]
 
-ifdef::bare,vsphere[]
+ifdef::agent,bare,ibm-power,ibm-z,vsphere[]
 * If you use the {openshift-networking} OVN-Kubernetes network plugin, both IPv4 and IPv6 address families are supported.
 
 * If you use the {openshift-networking} OpenShift SDN network plugin, only the IPv4 address family is supported.
@@ -356,20 +207,14 @@ ifdef::bare,vsphere[]
 ifdef::ibm-cloud[]
 [NOTE]
 ====
-IBM Cloud VPC does not support IPv6 address families.
+{ibm-cloud-name} does not support IPv6 address families.
 ====
 endif::ibm-cloud[]
 
 ifdef::vsphere[]
 [NOTE]
 ====
-On VMware vSphere, dual-stack networking must specify IPv4 as the primary address family.
-
-The following additional limitations apply to dual-stack networking:
-
-* Nodes report only their IPv6 IP address in `node.status.addresses`
-* Nodes with only a single NIC are supported
-* Pods configured for host networking report only their IPv6 addresses in `pod.status.IP`
+On VMware vSphere, dual-stack networking can specify either IPv4 or IPv6 as the primary address family.
 ====
 endif::vsphere[]
 
@@ -393,7 +238,7 @@ networking:
   - 172.30.0.0/16
   - fd00:172:16::/112
 ----
-endif::[]
+endif::agent,bare,ibm-power,ibm-z,vsphere[]
 
 [NOTE]
 ====
@@ -401,11 +246,11 @@ Globalnet is not supported with {rh-storage-first} disaster recovery solutions.
 ====
 
 .Network parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^3a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`networking`
+|networking:
 |The configuration for the cluster network.
 |Object
 
@@ -414,7 +259,8 @@ Globalnet is not supported with {rh-storage-first} disaster recovery solutions.
 You cannot modify parameters specified by the `networking` object after installation.
 ====
 
-|`networking.networkType`
+|networking:
+  networkType:
 |The {openshift-networking} network plugin to install.
 |
 ifdef::openshift-origin[]
@@ -429,7 +275,8 @@ The default value is `OVNKubernetes`.
 endif::ibm-power-vs[]
 endif::openshift-origin[]
 
-|`networking.clusterNetwork`
+|networking:
+  clusterNetwork:
 |
 The IP address blocks for pods.
 
@@ -440,83 +287,89 @@ If you specify multiple IP address blocks, the blocks must not overlap.
 
 [source,yaml]
 ----
-ifndef::bare[]
+ifndef::agent,bare[]
 networking:
   clusterNetwork:
   - cidr: 10.128.0.0/14
     hostPrefix: 23
-endif::bare[]
-ifdef::bare[]
+endif::agent,bare[]
+ifdef::agent,bare[]
 networking:
   clusterNetwork:
   - cidr: 10.128.0.0/14
     hostPrefix: 23
   - cidr: fd01::/48
     hostPrefix: 64
-endif::bare[]
+endif::agent,bare[]
 ----
 
-|`networking.clusterNetwork.cidr`
+|networking:
+  clusterNetwork:
+    cidr:
 |
 Required if you use `networking.clusterNetwork`. An IP address block.
 
-ifndef::bare[]
+ifndef::agent,bare[]
 An IPv4 network.
-endif::bare[]
+endif::agent,bare[]
 
-ifdef::bare[]
+ifdef::agent,bare[]
 If you use the OpenShift SDN network plugin, specify an IPv4 network. If you use the OVN-Kubernetes network plugin, you can specify IPv4 and IPv6 networks.
-endif::bare[]
+endif::agent,bare[]
 |
 An IP address block in Classless Inter-Domain Routing (CIDR) notation.
 The prefix length for an IPv4 block is between `0` and `32`.
-ifdef::bare[]
+ifdef::agent,bare[]
 The prefix length for an IPv6 block is between `0` and `128`. For example, `10.128.0.0/14` or `fd01::/48`.
-endif::bare[]
+endif::agent,bare[]
 
-|`networking.clusterNetwork.hostPrefix`
+|networking:
+  clusterNetwork:
+    hostPrefix:
 |The subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23` then each node is assigned a `/23` subnet out of the given `cidr`. A `hostPrefix` value of `23` provides 510 (2^(32 - 23) - 2) pod IP addresses.
 |
 A subnet prefix.
 
-ifndef::bare[]
+ifndef::agent,bare[]
 The default value is `23`.
-endif::bare[]
+endif::agent,bare[]
 
-ifdef::bare[]
+ifdef::agent,bare[]
 For an IPv4 network the default value is `23`.
 For an IPv6 network the default value is `64`. The default value is also the minimum value for IPv6.
-endif::bare[]
+endif::agent,bare[]
 
-|`networking.serviceNetwork`
+|networking:
+  serviceNetwork:
 |
 The IP address block for services. The default value is `172.30.0.0/16`.
 
 The OpenShift SDN and OVN-Kubernetes network plugins support only a single IP address block for the service network.
 
-ifdef::bare[]
+ifdef::agent,bare[]
 If you use the OVN-Kubernetes network plugin, you can specify an IP address block for both of the IPv4 and IPv6 address families.
-endif::bare[]
+endif::agent,bare[]
 
 |
 An array with an IP address block in CIDR format. For example:
 
 [source,yaml]
 ----
-ifndef::bare[]
+ifndef::agent,bare[]
 networking:
   serviceNetwork:
    - 172.30.0.0/16
-endif::bare[]
-ifdef::bare[]
+endif::agent,bare[]
+ifdef::agent,bare[]
 networking:
   serviceNetwork:
    - 172.30.0.0/16
    - fd02::/112
-endif::bare[]
+endif::agent,bare[]
 ----
 
-|`networking.machineNetwork`
+|networking:
+  machineNetwork:
 |
 The IP address blocks for machines.
 
@@ -536,21 +389,23 @@ networking:
   - cidr: 10.0.0.0/16
 ----
 
-|`networking.machineNetwork.cidr`
+|networking:
+  machineNetwork:
+    cidr:
 |
-Required if you use `networking.machineNetwork`. An IP address block. The default value is `10.0.0.0/16` for all platforms other than libvirt and {ibmpowerProductName} Virtual Server. For libvirt, the default value is `192.168.126.0/24`. For {ibmpowerProductName} Virtual Server, the default value is `192.168.0.0/24`.
-ifdef::ibm-cloud-vpc[]
-The CIDR must contain the subnets defined in `platform.ibmcloud.controlPlaneSubnets` and `platform.ibmcloud.computeSubnets`.
-endif::ibm-cloud-vpc[]
+Required if you use `networking.machineNetwork`. An IP address block. The default value is `10.0.0.0/16` for all platforms other than libvirt and {ibm-power-server-name}. For libvirt, the default value is `192.168.126.0/24`. For {ibm-power-server-name}, the default value is `192.168.0.0/24`.
+ifdef::ibm-cloud[]
+If you are deploying the cluster to an existing Virtual Private Cloud (VPC), the CIDR must contain the subnets defined in `platform.ibmcloud.controlPlaneSubnets` and `platform.ibmcloud.computeSubnets`.
+endif::ibm-cloud[]
 |
 An IP network block in CIDR notation.
 
-ifndef::bare,ibm-power-vs[]
+ifndef::agent,bare,ibm-power-vs[]
 For example, `10.0.0.0/16`.
-endif::bare,ibm-power-vs[]
-ifdef::bare[]
+endif::agent,bare,ibm-power-vs[]
+ifdef::agent,bare[]
 For example, `10.0.0.0/16` or `fd00::/48`.
-endif::bare[]
+endif::agent,bare[]
 ifdef::ibm-power-vs[]
 For example, `192.168.0.0/24`.
 endif::ibm-power-vs[]
@@ -568,74 +423,90 @@ Set the `networking.machineNetwork` to match the CIDR that the preferred NIC res
 Optional installation configuration parameters are described in the following table:
 
 .Optional parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^3a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`additionalTrustBundle`
+|additionalTrustBundle:
 |A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle may also be used when a proxy has been configured.
 |String
 
-|`capabilities`
+|capabilities:
 |Controls the installation of optional core cluster components. You can reduce the footprint of your {product-title} cluster by disabling optional components. For more information, see the "Cluster capabilities" page in _Installing_.
 |String array
 
-|`capabilities.baselineCapabilitySet`
+|capabilities:
+  baselineCapabilitySet:
 |Selects an initial set of optional capabilities to enable. Valid values are `None`, `v4.11`, `v4.12` and `vCurrent`. The default value is `vCurrent`.
 |String
 
-|`capabilities.additionalEnabledCapabilities`
+|capabilities:
+  additionalEnabledCapabilities:
 |Extends the set of optional capabilities beyond what you specify in `baselineCapabilitySet`. You may specify multiple capabilities in this parameter.
 |String array
 
-|`cpuPartitioningMode`
+|cpuPartitioningMode:
 |Enables workload partitioning, which isolates {product-title} services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. Workload partitioning can only be enabled during installation and cannot be disabled after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the _Workload partitioning_ page in the _Scalability and Performance_ section.
 |`None` or `AllNodes`. `None` is the default value.
 
-|`compute`
+|compute:
 |The configuration for the machines that comprise the compute nodes.
 |Array of `MachinePool` objects.
-ifdef::rhv[]
-For details, see the "Additional RHV parameters for machine pools" table.
-endif::rhv[]
 
 ifndef::openshift-origin[]
 
-ifndef::aws,bare,ibm-power,ibm-z,azure,ibm-power-vs[]
-|`compute.architecture`
+ifndef::agent,aws,bare,gcp,ibm-power,ibm-z,azure,ibm-power-vs[]
+|compute:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default).
 |String
-endif::aws,bare,ibm-power,ibm-z,azure,ibm-power-vs[]
-
-ifdef::aws,bare,azure[]
-|`compute.architecture`
-|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
+endif::agent,aws,bare,gcp,ibm-power,ibm-z,azure,ibm-power-vs[]
+
+ifdef::aws,azure,gcp,bare[]
+|compute:
+  architecture:
+|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`.
+ifdef::aws,azure[]
+ Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see _Supported installation methods for different platforms_ in _Selecting a cluster installation method and preparing it for users_.
+endif::aws,azure[]
 |String
-endif::aws,bare,azure[]
+endif::aws,azure,gcp,bare[]
 
 ifdef::ibm-z[]
-|`compute.architecture`
+|compute:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, heteregeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `s390x` (the default).
 |String
 endif::ibm-z[]
 
 ifdef::ibm-power,ibm-power-vs[]
-|`compute.architecture`
+|compute:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, heteregeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `ppc64le` (the default).
 |String
 endif::ibm-power,ibm-power-vs[]
+
+ifdef::agent[]
+|compute:
+  architecture:
+|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`.
+|String
+endif::agent[]
+
 endif::openshift-origin[]
 
 ifdef::openshift-origin[]
-|`compute.architecture`
+|compute:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default).
 ifdef::aws[]
 See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
 endif::aws[]
 |String
 endif::openshift-origin[]
-
-|`compute.hyperthreading`
+ifndef::vsphere[]
+|compute:
+  hyperthreading:
 |Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.
 [IMPORTANT]
 ====
@@ -643,58 +514,83 @@ If you disable simultaneous multithreading, ensure that your capacity planning
 accounts for the dramatically decreased machine performance.
 ====
 |`Enabled` or `Disabled`
+endif::vsphere[]
 
-|`compute.name`
+|compute:
+  name:
 |Required if you use `compute`. The name of the machine pool.
 |`worker`
 
-|`compute.platform`
+|compute:
+  platform:
 |Required if you use `compute`. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the `controlPlane.platform` parameter value.
-|`alibabacloud`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `powervs`, `vsphere`, or `{}`
-
-|`compute.replicas`
+ifdef::ibm-power-vs[]
+Example usage, `compute.platform.powervs.sysType`.
+endif::ibm-power-vs[]
+ifndef::agent[]
+|`alibabacloud`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `powervs`, `vsphere`, or `{}`
+endif::agent[]
+ifdef::agent[]
+|`baremetal`, `vsphere`, or `{}`
+endif::agent[]
+
+|compute:
+  replicas:
 |The number of compute machines, which are also known as worker machines, to provision.
 |A positive integer greater than or equal to `2`. The default value is `3`.
 
-|`featureSet`
+|featureSet:
 |Enables the cluster for a feature set. A feature set is a collection of {product-title} features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates".
 |String. The name of the feature set to enable, such as `TechPreviewNoUpgrade`.
 
-|`controlPlane`
+|controlPlane:
 |The configuration for the machines that comprise the control plane.
 |Array of `MachinePool` objects.
-ifdef::rhv[]
-For details, see the "Additional RHV parameters for machine pools" table.
-endif::rhv[]
 
 ifndef::openshift-origin[]
-ifndef::aws,bare,ibm-z,ibm-power,azure,ibm-power-vs[]
-|`controlPlane.architecture`
+ifndef::agent,aws,bare,gcp,ibm-z,ibm-power,azure,ibm-power-vs[]
+|controlPlane:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default).
 |String
-endif::aws,bare,ibm-z,ibm-power,azure,ibm-power-vs[]
-
-ifdef::aws,bare,azure[]
-|`controlPlane.architecture`
-|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
+endif::agent,aws,bare,gcp,ibm-z,ibm-power,azure,ibm-power-vs[]
+
+ifdef::aws,azure,gcp,bare[]
+|controlPlane:
+  architecture:
+|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`.
+ifdef::aws,azure[]
+ Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see _Supported installation methods for different platforms_ in _Selecting a cluster installation method and preparing it for users_.
+endif::aws,azure[]
 |String
-endif::aws,bare,azure[]
+endif::aws,azure,gcp,bare[]
 
 ifdef::ibm-z[]
-|`controlPlane.architecture`
+|controlPlane:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `s390x` (the default).
 |String
 endif::ibm-z[]
 
 ifdef::ibm-power,ibm-power-vs[]
-|`controlPlane.architecture`
+|controlPlane:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `ppc64le` (the default).
 |String
 endif::ibm-power,ibm-power-vs[]
+
+ifdef::agent[]
+|controlPlane:
+  architecture:
+|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`.
+|String
+endif::agent[]
+
 endif::openshift-origin[]
 
 ifdef::openshift-origin[]
-|`controlPlane.architecture`
+|controlPlane:
+  architecture:
 |Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64`.
 ifdef::aws[]
 See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
@@ -702,7 +598,9 @@ endif::aws[]
 |String
 endif::openshift-origin[]
 
-|`controlPlane.hyperthreading`
+ifndef::vsphere[]
+|controlPlane:
+  hyperthreading:
 |Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.
 [IMPORTANT]
 ====
@@ -710,37 +608,41 @@ If you disable simultaneous multithreading, ensure that your capacity planning
 accounts for the dramatically decreased machine performance.
 ====
 |`Enabled` or `Disabled`
+endif::vsphere[]
 
-|`controlPlane.name`
+|controlPlane:
+  name:
 |Required if you use `controlPlane`. The name of the machine pool.
 |`master`
 
-|`controlPlane.platform`
+|controlPlane:
+  platform:
 |Required if you use `controlPlane`. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the `compute.platform` parameter value.
-|`alibabacloud`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `powervs`, `vsphere`, or `{}`
-
-|`controlPlane.replicas`
+ifdef::ibm-power-vs[]
+Example usage, `controlPlane.platform.powervs.processors`.
+endif::ibm-power-vs[]
+ifndef::agent[]
+|`alibabacloud`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `powervs`, `vsphere`, or `{}`
+endif::agent[]
+ifdef::agent[]
+|`baremetal`, `vsphere`, or `{}`
+endif::agent[]
+
+|controlPlane:
+  replicas:
 |The number of control plane machines to provision.
-|The only supported value is `3`, which is the default value.
+|Supported values are `3`, or `1` when deploying {sno}.
 
-|`credentialsMode`
+|credentialsMode:
 |The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.
-ifdef::gcp[If you are installing on GCP into a shared virtual private cloud (VPC), `credentialsMode` must be set to `Passthrough`.]
-[NOTE]
-====
-Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the _Cloud Credential Operator_ entry in the _Cluster Operators reference_ content.
-====
-[NOTE]
-====
-If your AWS account has service control policies (SCP) enabled, you must configure the `credentialsMode` parameter to `Mint`, `Passthrough` or `Manual`.
-====
-|`Mint`, `Passthrough`, `Manual` or an empty string (`""`).
+|`Mint`, `Passthrough`, `Manual` or an empty string (`""`). ^[1]^
+
 ifndef::openshift-origin,ibm-power-vs[]
-|`fips`
+|fips:
 |Enable or disable FIPS mode. The default is `false` (disabled). If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on `x86_64`, `ppc64le`, and `s390x` architectures.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 [NOTE]
 ====
@@ -748,33 +650,40 @@ If you are using Azure File storage, you cannot enable FIPS mode.
 ====
 |`false` or `true`
 endif::openshift-origin,ibm-power-vs[]
-|`imageContentSources`
+|imageContentSources:
 |Sources and repositories for the release-image content.
 |Array of objects. Includes a `source` and, optionally, `mirrors`, as described in the following rows of this table.
 
-|`imageContentSources.source`
+|imageContentSources:
+  source:
 |Required if you use `imageContentSources`. Specify the repository that users refer to, for example, in image pull specifications.
 |String
 
-|`imageContentSources.mirrors`
+|imageContentSources:
+  mirrors:
 |Specify one or more repositories that may also contain the same images.
 |Array of strings
 
 ifndef::openshift-origin[]
 ifdef::aws[]
-|`platform.aws.lbType`
+|platform:
+  aws:
+    lbType:
 |Required to set the NLB load balancer type in AWS. Valid values are `Classic` or `NLB`. If no value is specified, the installation program defaults to `Classic`. The installation program sets the value provided here in the ingress cluster configuration object. If you do not specify a load balancer type for other Ingress Controllers, they use the type set in this parameter.
 |`Classic` or `NLB`. The default value is `Classic`.
 endif::aws[]
 endif::openshift-origin[]
 
-|`publish`
+|publish:
 |How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.
 |
-ifdef::aws,aws-govcloud,aws-secret,azure,gcp,ibm-cloud[]
+ifdef::aws,gcp,ibm-cloud[]
 `Internal` or `External`. To deploy a private cluster, which cannot be accessed from the internet, set `publish` to `Internal`. The default value is `External`.
 endif::[]
-ifndef::aws,aws-govcloud,aws-secret,azure,gcp,ibm-cloud[]
+ifdef::azure[]
+`Internal`, `External`, or `Mixed`. To deploy a private cluster, which cannot be accessed from the internet, set `publish` to `Internal`. The default value is `External`. To deploy a cluster where the API and the ingress server have different publishing strategies, set `publish` to `Mixed` and use the `operatorPublishingStrategy` parameter.
+endif::[]
+ifndef::aws,azure,gcp,ibm-cloud[]
 `Internal` or `External`. The default value is `External`.
 
 Setting this field to `Internal` is not supported on non-cloud platforms.
@@ -788,7 +697,7 @@ endif::[]
 endif::ibm-power-vs[]
 endif::[]
 
-|`sshKey`
+|sshKey:
 | The SSH key to authenticate access to your cluster machines.
 [NOTE]
 ====
@@ -796,55 +705,172 @@ For production {product-title} clusters on which you want to perform installatio
 ====
 a|For example, `sshKey: ssh-ed25519 AAAA..`.
 
+ifdef::ibm-power-vs[]
+|platform:
+  powervs:
+    vpcRegion:
+|Specifies the {ibm-cloud-name} region in which to create VPC resources.
+|String. For example, `existing_vpc_region`.
+
+|platform:
+  powervs:
+    vpcSubnets:
+|Specifies existing subnets (by name) where cluster resources will be created.
+|String. For example, `powervs_region_example_subnet`.
+
+|platform:
+  powervs:
+    vpcName:
+|Specifies the {ibm-cloud-name} name.
+|String. For example, `existing_vpcName`.
+
+|platform:
+  powervs:
+    cloudConnectionName:
+|The CloudConnectionName is the name of an existing PowerVS Cloud connection.
+|String. For example, `existing_cloudConnectionName`.
+
+|platform:
+  powervs:
+    clusterOSImage:
+|The ClusterOSImage is a pre-created {ibm-power-server-name} boot image that overrides the default image for cluster nodes.
+|String. For example, `existing_cluster_os_image`.
+
+|platform:
+  powervs:
+    defaultMachinePlatform:
+|The DefaultMachinePlatform is the default configuration used when installing on {ibm-power-server-name} for machine pools that do not define their own platform configuration.
+|String. For example, `existing_machine_platform`.
+
+|platform:
+  powervs:
+    memoryGiB:
+|The size of a virtual machine's memory, in GB.
+|The valid integer must be an integer number of GB that is at least 2 and no more than 64, depending on the machine type.
+
+|platform:
+  powervs:
+    procType:
+|The ProcType defines the processor sharing model for the instance.
+|The valid values are Capped, Dedicated, and Shared.
+
+|platform:
+  powervs:
+    processors:
+|The Processors defines the processing units for the instance.
+|The number of processors must be from .5 to 32 cores. The processors must be in increments of .25.
+
+|platform:
+  powervs:
+    sysType:
+|The SysType defines the system type for the instance.
+|The system type must be either `e980` or `s922`.
+endif::ibm-power-vs[]
 |====
+[.small]
+--
+1. Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the _Authentication and authorization_ content.
+ifdef::aws,gcp[]
++
+[NOTE]
+====
+ifdef::aws[If your AWS account has service control policies (SCP) enabled, you must configure the `credentialsMode` parameter to `Mint`, `Passthrough`, or `Manual`.]
+ifdef::gcp[If you are installing on GCP into a shared virtual private cloud (VPC), `credentialsMode` must be set to `Passthrough` or `Manual`.]
+====
+endif::aws,gcp[]
+ifdef::aws,gcp,azure[]
++
+[IMPORTANT]
+====
+Setting this parameter to `Manual` enables alternatives to storing administrator-level secrets in the `kube-system` project, which require additional configuration steps. For more information, see "Alternatives to storing administrator-level secrets in the kube-system project".
+====
+endif::aws,gcp,azure[]
+ifdef::ibm-power-vs[]
++
+[NOTE]
+====
+Cloud connections are no longer supported in the `install-config.yaml` while deploying in the `dal10` region, as they have been replaced by the Power Edge Router (PER).
+====
+endif::ibm-power-vs[]
+--
 
-ifdef::aws,aws-govcloud,aws-secret[]
+ifdef::aws[]
 [id="installation-configuration-parameters-optional-aws_{context}"]
 == Optional AWS configuration parameters
 
 Optional AWS configuration parameters are described in the following table:
 
 .Optional AWS parameters
-[cols=".^2,.^3,.^5a",options="header"]
+[cols=".^2l,.^3,.^5a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`compute.platform.aws.amiID`
+|compute:
+  platform:
+    aws:
+      amiID:
 |The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom {op-system} AMI.
 |Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.
 
-|`compute.platform.aws.iamRole`
+|compute:
+  platform:
+    aws:
+      iamRole:
 |A pre-existing AWS IAM role applied to the compute machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.
 |The name of a valid AWS IAM role.
 
-|`compute.platform.aws.rootVolume.iops`
+|compute:
+  platform:
+    aws:
+      rootVolume:
+        iops:
 |The Input/Output Operations Per Second (IOPS) that is reserved for the root volume.
 |Integer, for example `4000`.
 
-|`compute.platform.aws.rootVolume.size`
+|compute:
+  platform:
+    aws:
+      rootVolume:
+        size:
 |The size in GiB of the root volume.
 |Integer, for example `500`.
 
-|`compute.platform.aws.rootVolume.type`
+|compute:
+  platform:
+    aws:
+      rootVolume:
+        type:
 |The type of the root volume.
 |Valid link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html[AWS EBS volume type],
 such as `io1`.
 
-|`compute.platform.aws.rootVolume.kmsKeyARN`
+|compute:
+  platform:
+    aws:
+      rootVolume:
+        kmsKeyARN:
 |The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of worker nodes with a specific KMS key.
 |Valid link:https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html[key ID or the key ARN].
 
-|`compute.platform.aws.type`
+|compute:
+  platform:
+    aws:
+      type:
 |The EC2 instance type for the compute machines.
 |Valid AWS instance type, such as `m4.2xlarge`. See the *Supported AWS machine types* table that follows.
 //add an xref when possible.
 
-|`compute.platform.aws.zones`
+|compute:
+  platform:
+    aws:
+      zones:
 |The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone.
 |A list of valid AWS availability zones, such as `us-east-1c`, in a
 link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
 
-|`compute.aws.region`
+|compute:
+  aws:
+    region:
 |The AWS region that the installation program creates compute resources in.
 |Any valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`. You can use the AWS CLI to access the regions available based on your selected instance type. For example:
 [source,terminal]
@@ -859,54 +885,108 @@ When running on ARM based AWS instances, ensure that you enter a region where AW
 endif::openshift-origin[]
 
 
-|`controlPlane.platform.aws.amiID`
+|controlPlane:
+  platform:
+    aws:
+      amiID:
 |The AWS AMI used to boot control plane machines for the cluster. This is required for regions that require a custom {op-system} AMI.
 |Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.
 
-|`controlPlane.platform.aws.iamRole`
+|controlPlane:
+  platform:
+    aws:
+      iamRole:
 |A pre-existing AWS IAM role applied to the control plane machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.
 |The name of a valid AWS IAM role.
 
-|`controlPlane.platform.aws.rootVolume.kmsKeyARN`
+|controlPlane:
+  platform:
+    aws:
+      rootVolume:
+        iops:
+|The Input/Output Operations Per Second (IOPS) that is reserved for the root volume on control plane machines.
+|Integer, for example `4000`.
+
+|controlPlane:
+  platform:
+    aws:
+      rootVolume:
+        size:
+|The size in GiB of the root volume for control plane machines.
+|Integer, for example `500`.
+
+|controlPlane:
+  platform:
+    aws:
+      rootVolume:
+        type:
+|The type of the root volume for control plane machines.
+|Valid link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html[AWS EBS volume type],
+such as `io1`.
+
+|controlPlane:
+  platform:
+    aws:
+      rootVolume:
+        kmsKeyARN:
 |The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of control plane nodes with a specific KMS key.
 |Valid link:https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html[key ID and the key ARN].
 
-|`controlPlane.platform.aws.type`
+|controlPlane:
+  platform:
+    aws:
+      type:
 |The EC2 instance type for the control plane machines.
 |Valid AWS instance type, such as `m6i.xlarge`. See the *Supported AWS machine types* table that follows.
 //add an xref when possible
 
-|`controlPlane.platform.aws.zones`
+|controlPlane:
+  platform:
+    aws:
+      zones:
 |The availability zones where the installation program creates machines for the
 control plane machine pool.
 |A list of valid AWS availability zones, such as `us-east-1c`, in a link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
 
-|`controlPlane.aws.region`
+|controlPlane:
+  aws:
+    region:
 |The AWS region that the installation program creates control plane resources in.
 |Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`.
 
-|`platform.aws.amiID`
+|platform:
+  aws:
+    amiID:
 |The AWS AMI used to boot all machines for the cluster. If set, the AMI must
 belong to the same region as the cluster. This is required for regions that require a custom {op-system} AMI.
 |Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.
 
-|`platform.aws.hostedZone`
+|platform:
+  aws:
+    hostedZone:
 |An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone.
 |String, for example `Z3URY6TWQ91KVV`.
 
-|`platform.aws.serviceEndpoints.name`
-|The AWS service endpoint name. Custom endpoints are only required for cases
+|platform:
+  aws:
+    hostedZoneRole:
+|An Amazon Resource Name (ARN) for an existing IAM role in the account containing the specified hosted zone. The installation program and cluster operators will assume this role when performing operations on the hosted zone. This parameter should only be used if you are installing a cluster into a shared VPC.
+|String, for example `arn:aws:iam::1234567890:role/shared-vpc-role`.
+
+|platform:
+  aws:
+    serviceEndpoints:
+      - name:
+        url:
+|The AWS service endpoint name and URL. Custom endpoints are only required for cases
 where alternative AWS endpoints, like FIPS, must be used. Custom API endpoints
 can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53,
 and STS AWS services.
-|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] name.
-
-|`platform.aws.serviceEndpoints.url`
-|The AWS service endpoint URL. The URL must use the `https` protocol and the
-host must trust the certificate.
-|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] URL.
+|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] name and valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] URL.
 
-|`platform.aws.userTags`
+|platform:
+  aws:
+    userTags:
 |A map of keys and values that the installation program adds as tags to all resources that it creates.
 |Any valid YAML map, such as key value pairs in the `<key>: <value>` format. For more information about AWS tags, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html[Tagging Your Amazon EC2 Resources] in the AWS documentation.
 
@@ -915,12 +995,16 @@ host must trust the certificate.
 You can add up to 25 user defined tags during installation. The remaining 25 tags are reserved for {product-title}.
 ====
 
-|`platform.aws.propagateUserTags`
+|platform:
+  aws:
+    propagateUserTags:
 | A flag that directs in-cluster Operators to include the specified user tags in the tags of the AWS resources that the Operators create.
 | Boolean values, for example `true` or `false`.
 
 
-|`platform.aws.subnets`
+|platform:
+  aws:
+    subnets:
 |If you provide the VPC instead of allowing the installation program to create the VPC for you, specify the subnet for the cluster to use. The subnet must be part of the same `machineNetwork[].cidr` ranges that you specify.
 
 For a standard cluster, specify a public and a private subnet for each availability zone.
@@ -930,8 +1014,14 @@ For a private cluster, specify a private subnet for each availability zone.
 For clusters that use AWS Local Zones, you must add AWS Local Zone subnets to this list to ensure edge machine pool creation.
 |Valid subnet IDs.
 
+|platform:
+  aws:
+    preserveBootstrapIgnition:
+|Prevents the S3 bucket from being deleted after completion of bootstrapping.
+|`true` or `false`. The default value is `false`, which results in the S3 bucket being deleted.
+
 |====
-endif::aws,aws-govcloud,aws-secret[]
+endif::aws[]
 
 ifdef::osp[]
 [id="installation-configuration-parameters-additional-osp_{context}"]
@@ -940,36 +1030,92 @@ ifdef::osp[]
 Additional {rh-openstack} configuration parameters are described in the following table:
 
 .Additional {rh-openstack} parameters
-[cols=".^2m,.^3a,^5a",options="header"]
+[cols=".^2l,.^3a,^5a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`compute.platform.openstack.rootVolume.size`
+|compute:
+  platform:
+    openstack:
+      rootVolume:
+        size:
 |For compute machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.
 |Integer, for example `30`.
 
-|`compute.platform.openstack.rootVolume.type`
-|For compute machines, the root volume's type.
-|String, for example `performance`.
+|compute:
+  platform:
+    openstack:
+      rootVolume:
+        types:
+|For compute machines, the root volume types.
+|A list of strings, for example, {`performance-host1`, `performance-host2`, `performance-host3`}. ^[1]^
+
+|compute:
+  platform:
+    openstack:
+      rootVolume:
+        type:
+|For compute machines, the root volume's type. This property is deprecated and is replaced by `compute.platform.openstack.rootVolume.types`.
+|String, for example, `performance`. ^[2]^
+
+|compute:
+  platform:
+    openstack:
+      rootVolume:
+        zones:
+|For compute machines, the Cinder availability zone to install root volumes on. If you do not set a value for this parameter, the installation program selects the default availability zone. This parameter is mandatory when `compute.platform.openstack.zones` is defined.
+|A list of strings, for example `["zone-1", "zone-2"]`.
 
-|`controlPlane.platform.openstack.rootVolume.size`
+|controlPlane:
+  platform:
+    openstack:
+      rootVolume:
+        size:
 |For control plane machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.
 |Integer, for example `30`.
 
-|`controlPlane.platform.openstack.rootVolume.type`
-|For control plane machines, the root volume's type.
-|String, for example `performance`.
+|controlPlane:
+  platform:
+    openstack:
+      rootVolume:
+        types:
+|For control plane machines, the root volume types.
+|A list of strings, for example, {`performance-host1`, `performance-host2`, `performance-host3`}. ^[1]^
+
+|controlPlane:
+  platform:
+    openstack:
+      rootVolume:
+        type:
+|For control plane machines, the root volume's type. This property is deprecated and is replaced by `compute.platform.openstack.rootVolume.types`.
+|String, for example, `performance`. ^[2]^
+
+|controlPlane:
+  platform:
+    openstack:
+      rootVolume:
+        zones:
+|For control plane machines, the Cinder availability zone to install root volumes on. If you do not set this value, the installation program selects the default availability zone. This parameter is mandatory when `controlPlane.platform.openstack.zones` is defined.
+|A list of strings, for example `["zone-1", "zone-2"]`.
+
+|platform:
+  openstack:
+    cloud:
+|The name of the {rh-openstack} cloud to use from the list of clouds in the `clouds.yaml` file.
+
+In the cloud configuration in the `clouds.yaml` file, if possible, use application credentials rather than a user name and password combination. Using application credentials avoids disruptions from secret propogation that follow user name and password rotation.
 
-|`platform.openstack.cloud`
-|The name of the {rh-openstack} cloud to use from the list of clouds in the
-`clouds.yaml` file.
 |String, for example `MyCloud`.
 
-|`platform.openstack.externalNetwork`
+|platform:
+  openstack:
+    externalNetwork:
 |The {rh-openstack} external network name to be used for installation.
 |String, for example `external`.
 
-|`platform.openstack.computeFlavor`
+|platform:
+  openstack:
+    computeFlavor:
 |The {rh-openstack} flavor to use for control plane and compute machines.
 
 This property is deprecated. To use a flavor as the default for all machine pools, add it as the value of the `type` key in the `platform.openstack.defaultMachinePlatform` property. You can also set a flavor value for each machine pool individually.
@@ -977,35 +1123,47 @@ This property is deprecated. To use a flavor as the default for all machine pool
 |String, for example `m1.xlarge`.
 |====
 
+. If the machine pool defines `zones`, the count of types can either be a single item or match the number of items in `zones`. For example, the count of types cannot be 2 if there are 3 items in `zones`.
+
+. If you have any existing reference to this property, the installer populates the corresponding value in the `controlPlane.platform.openstack.rootVolume.types` field.
+
+
 [id="installation-configuration-parameters-optional-osp_{context}"]
 == Optional {rh-openstack} configuration parameters
 
 Optional {rh-openstack} configuration parameters are described in the following table:
 
 .Optional {rh-openstack} parameters
-[%header, cols=".^2,.^3,.^5a"]
+[%header, cols=".^2l,.^3,.^5a"]
 |====
 |Parameter|Description|Values
 
-|`compute.platform.openstack.additionalNetworkIDs`
+|compute:
+  platform:
+    openstack:
+      additionalNetworkIDs:
 |Additional networks that are associated with compute machines. Allowed address pairs are not created for additional networks.
 |A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
 
-|`compute.platform.openstack.additionalSecurityGroupIDs`
+|compute:
+  platform:
+    openstack:
+      additionalSecurityGroupIDs:
 |Additional security groups that are associated with compute machines.
 |A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`.
 
-|`compute.platform.openstack.zones`
+|compute:
+  platform:
+    openstack:
+      zones:
 |{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installation program relies on the default settings for Nova that the {rh-openstack} administrator configured.
 
-On clusters that use Kuryr, {rh-openstack} Octavia does not support availability zones. Load balancers and, if you are using the Amphora provider driver, {product-title} services that rely on Amphora VMs, are not created according to the value of this property.
 |A list of strings. For example, `["zone-1", "zone-2"]`.
 
-|`compute.platform.openstack.rootVolume.zones`
-|For compute machines, the availability zone to install root volumes on. If you do not set a value for this parameter, the installation program selects the default availability zone.
-|A list of strings, for example `["zone-1", "zone-2"]`.
-
-|`compute.platform.openstack.serverGroupPolicy`
+|compute:
+  platform:
+    openstack:
+      serverGroupPolicy:
 |Server group policy to apply to the group that will contain the compute machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include `anti-affinity`, `soft-affinity`, and `soft-anti-affinity`. The default value is `soft-anti-affinity`.
 
 An `affinity` policy prevents migrations and therefore affects {rh-openstack} upgrades. The `affinity` policy is not supported.
@@ -1013,27 +1171,34 @@ An `affinity` policy prevents migrations and therefore affects {rh-openstack} up
 If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is required during instance migration.
 |A server group policy to apply to the machine pool. For example, `soft-affinity`.
 
-|`controlPlane.platform.openstack.additionalNetworkIDs`
+|controlPlane:
+  platform:
+    openstack:
+      additionalNetworkIDs:
 |Additional networks that are associated with control plane machines. Allowed address pairs are not created for additional networks.
 
 Additional networks that are attached to a control plane machine are also attached to the bootstrap node.
 |A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
 
-|`controlPlane.platform.openstack.additionalSecurityGroupIDs`
+|controlPlane:
+  platform:
+    openstack:
+      additionalSecurityGroupIDs:
 |Additional security groups that are associated with control plane machines.
 |A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`.
 
-|`controlPlane.platform.openstack.zones`
+|controlPlane:
+  platform:
+    openstack:
+      zones:
 |{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installation program relies on the default settings for Nova that the {rh-openstack} administrator configured.
 
-On clusters that use Kuryr, {rh-openstack} Octavia does not support availability zones. Load balancers and, if you are using the Amphora provider driver, {product-title} services that rely on Amphora VMs, are not created according to the value of this property.
 |A list of strings. For example, `["zone-1", "zone-2"]`.
 
-|`controlPlane.platform.openstack.rootVolume.zones`
-|For control plane machines,  the availability zone to install root volumes on. If you do not set this value, the installation program selects the default availability zone.
-|A list of strings, for example `["zone-1", "zone-2"]`.
-
-|`controlPlane.platform.openstack.serverGroupPolicy`
+|controlPlane:
+  platform:
+    openstack:
+      serverGroupPolicy:
 |Server group policy to apply to the group that will contain the control plane machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include `anti-affinity`, `soft-affinity`, and `soft-anti-affinity`. The default value is `soft-anti-affinity`.
 
 An `affinity` policy prevents migrations, and therefore affects {rh-openstack} upgrades. The `affinity` policy is not supported.
@@ -1041,7 +1206,9 @@ An `affinity` policy prevents migrations, and therefore affects {rh-openstack} u
 If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is required during instance migration.
 |A server group policy to apply to the machine pool. For example, `soft-affinity`.
 
-|`platform.openstack.clusterOSImage`
+|platform:
+  openstack:
+    clusterOSImage:
 |The location from which the installation program downloads the {op-system} image.
 
 You must set this parameter to perform an installation in a restricted network.
@@ -1050,7 +1217,9 @@ You must set this parameter to perform an installation in a restricted network.
 For example, `\http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d`.
 The value can also be the name of an existing Glance image, for example `my-rhcos`.
 
-|`platform.openstack.clusterOSImageProperties`
+|platform:
+  openstack:
+    clusterOSImageProperties:
 |Properties to add to the installer-uploaded ClusterOSImage in Glance. This property is ignored if `platform.openstack.clusterOSImage` is set to an existing Glance image.
 
 You can use this property to exceed the default persistent volume (PV) limit for {rh-openstack} of 26 PVs per node. To exceed the limit, set the `hw_scsi_model` property value to `virtio-scsi` and the `hw_disk_bus` value to  `scsi`.
@@ -1058,7 +1227,9 @@ You can use this property to exceed the default persistent volume (PV) limit for
 You can also use this property to enable the QEMU guest agent by including the `hw_qemu_guest_agent` property with a value of `yes`.
 |A list of key-value string pairs. For example, `["hw_scsi_model": "virtio-scsi", "hw_disk_bus": "scsi"]`.
 
-|`platform.openstack.defaultMachinePlatform`
+|platform:
+  openstack:
+    defaultMachinePlatform:
 |The default machine pool platform configuration.
 |
 [source,json]
@@ -1072,23 +1243,33 @@ You can also use this property to enable the QEMU guest agent by including the `
 }
 ----
 
-|`platform.openstack.ingressFloatingIP`
+|platform:
+  openstack:
+    ingressFloatingIP:
 |An existing floating IP address to associate with the Ingress port. To use this property, you must also define the `platform.openstack.externalNetwork` property.
 |An IP address, for example `128.0.0.1`.
 
-|`platform.openstack.apiFloatingIP`
+|platform:
+  openstack:
+    apiFloatingIP:
 |An existing floating IP address to associate with the API load balancer. To use this property, you must also define the `platform.openstack.externalNetwork` property.
 |An IP address, for example `128.0.0.1`.
 
-|`platform.openstack.externalDNS`
+|platform:
+  openstack:
+    externalDNS:
 |IP addresses for external DNS servers that cluster instances use for DNS resolution.
 |A list of IP addresses as strings. For example, `["8.8.8.8", "192.168.1.12"]`.
 
-|`platform.openstack.loadbalancer`
+|platform:
+  openstack:
+    loadbalancer:
 |Whether or not to use the default, internal load balancer. If the value is set to `UserManaged`, this default load balancer is disabled so that you can deploy a cluster that uses an external, user-managed load balancer. If the parameter is not set, or if the value is `OpenShiftManagedDefault`, the cluster uses the default load balancer.
 |`UserManaged` or `OpenShiftManagedDefault`.
 
-|`platform.openstack.machinesSubnet`
+|platform:
+  openstack:
+    machinesSubnet:
 |The UUID of a {rh-openstack} subnet that the cluster's nodes use. Nodes and virtual IP (VIP) ports are created on this subnet.
 
 The first item in `networking.machineNetwork` must match the value of `machinesSubnet`.
@@ -1097,266 +1278,611 @@ If you deploy to a custom subnet, you cannot specify an external DNS server to t
 
 |A UUID as a string. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
 |====
+endif::osp[]
 
-[id="installation-configuration-parameters-failure-domains-osp_{context}"]
-== {rh-openstack} parameters for failure domains
+ifdef::azure[]
+[id="installation-configuration-parameters-additional-azure_{context}"]
+== Additional Azure configuration parameters
 
-:FeatureName: {rh-openstack} failure domains
-[IMPORTANT]
-====
-[subs="attributes+"]
-{FeatureName} is a Technology Preview feature only. Technology Preview features
-are not supported with Red Hat production service level agreements (SLAs) and
-might not be functionally complete. Red Hat does not recommend using them
-in production. These features provide early access to upcoming product
-features, enabling customers to test functionality and provide feedback during
-the development process.
+Additional Azure configuration parameters are described in the following table.
 
-For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
+[NOTE]
+====
+By default, if you specify availability zones in the `install-config.yaml` file, the installation program distributes the control plane machines and the compute machines across link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[these availability zones]
+within link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a region]. To ensure high availability for your cluster, select a region with at least three availability zones. If your region contains fewer than three availability zones, the installation program places more than one control plane machine in the available zones.
 ====
-// Undefine {FeatureName} attribute, so that any mistakes are easily spotted
-:!FeatureName:
-
-{rh-openstack-first} deployments do not have a single implementation of failure domains. Instead, availability zones are defined individually for each service, such as the compute service, Nova; the networking service, Neutron; and the storage service, Cinder.
-
-Beginning with {product-title} 4.13, there is a unified definition of failure domains for {rh-openstack} deployments that covers all supported availability zone types. You can use failure domains to control related aspects of Nova, Neutron, and Cinder configurations from a single place.
-
-In {rh-openstack}, a port describes a network connection and maps to an interface inside a compute machine. A port also:
-
-* Is defined by a network or by one more or subnets
-* Connects a machine to one or more subnets
-
-Failure domains group the services of your deployment by using ports. If you use failure domains, each machine connects to:
-
-* The `portTarget` object with the ID `control-plane` while that object exists.
-* All non-control-plane `portTarget` objects within its own failure domain.
-* All networks in the machine pool's `additionalNetworkIDs` list.
-
-To configure failure domains for a machine pool, edit availability zone and port target parameters under `controlPlane.platform.openstack.failureDomains`.
 
-.{rh-openstack} parameters for failure domains
-[cols=".^2,.^3a,.^3a",options="header"]
+.Additional Azure parameters
+[cols=".^2l,.^3a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`platform.openstack.failuredomains.computeAvailabilityZone`
-|An availability zone for the server. If not specified, the cluster default is used.
-|The name of the availability zone. For example, `nova-1`.
+|compute:
+  platform:
+    azure:
+      encryptionAtHost:
+|Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.
+|`true` or `false`. The default is `false`.
 
-|`platform.openstack.failuredomains.storageAvailabilityZone`
-|An availability zone for the root volume. If not specified, the cluster default is used.
-|The name of the availability zone. For example, `cinder-1`.
-
-|`platform.openstack.failuredomains.portTargets`
-|A list of `portTarget` objects,  each of which defines a network connection to attach to machines within a failure domain.
-|A list of `portTarget` objects.
-
-|`platform.openstack.failuredomains.portTargets.portTarget.id`
-|The ID of an individual port target. To select that port target as the first network for machines, set the value of this parameter to `control-plane`. If this parameter has a different value, it is ignored.
-|`control-plane` or an arbitrary string.
-
-|`platform.openstack.failuredomains.portTargets.portTarget.network`
-|Required. The name or ID of the network to attach to machines in the failure domain.
-a|A `network` object that contains either a name or UUID. For example:
-
-[source,yaml]
-----
-network:
-  id: 8db6a48e-375b-4caa-b20b-5b9a7218bfe6
-----
-
-or:
-
-[source,yaml]
-----
-network:
-  name: my-network-1
-----
-
-|`platform.openstack.failuredomains.portTargets.portTarget.fixedIPs`
-|Subnets to allocate fixed IP addresses to. These subnets must exist within the same network as the port.
-|A list of `subnet` objects.
-|====
-
-NOTE: You cannot combine zone fields and failure domains. If you want to use failure domains, the `controlPlane.zone` and `controlPlane.rootVolume.zone` fields must be left unset.
-endif::osp[]
-
-ifdef::azure[]
-[id="installation-configuration-parameters-additional-azure_{context}"]
-== Additional Azure configuration parameters
-
-Additional Azure configuration parameters are described in the following table:
-
-.Additional Azure parameters
-[cols=".^2,.^3a,.^3a",options="header"]
-|====
-|Parameter|Description|Values
-
-|`compute.platform.azure.encryptionAtHost`
-|Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.
-|`true` or `false`. The default is `false`.
-
-|`compute.platform.azure.osDisk.diskSizeGB`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskSizeGB:
 |The Azure disk size for the VM.
 |Integer that represents the size of the disk in GB. The default is `128`.
 
-|`compute.platform.azure.osDisk.diskType`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskType:
 |Defines the type of disk.
 |`standard_LRS`, `premium_LRS`, or `standardSSD_LRS`. The default is `premium_LRS`.
 
-|`compute.platform.azure.ultraSSDCapability`
+|compute:
+  platform:
+    azure:
+      ultraSSDCapability:
 |Enables the use of Azure ultra disks for persistent storage on compute nodes. This requires that your Azure region and zone have ultra disks available.
 |`Enabled`, `Disabled`. The default is `Disabled`.
 
-|`compute.platform.azure.osDisk.diskEncryptionSet.resourceGroup`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskEncryptionSet:
+          resourceGroup:
 |The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. This resource group should be different from the resource group where you install the cluster to avoid deleting your Azure encryption key when the cluster is destroyed. This value is only necessary if you intend to install the cluster with user-managed disk encryption.
 |String, for example `production_encryption_resource_group`.
 
-|`compute.platform.azure.osDisk.diskEncryptionSet.name`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskEncryptionSet:
+          name:
 |The name of the disk encryption set that contains the encryption key from the installation prerequisites.
 |String, for example `production_disk_encryption_set`.
 
-|`compute.platform.azure.osDisk.diskEncryptionSet.subscriptionId`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskEncryptionSet:
+          subscriptionId:
 |Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines.
 |String, in the format `00000000-0000-0000-0000-000000000000`.
 
-|`compute.platform.azure.vmNetworkingType`
+|compute:
+  platform:
+    azure:
+      osImage:
+        publisher:
+|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot compute machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for compute machines only.
+|String. The name of the image publisher.
+
+|compute:
+  platform:
+    azure:
+      osImage:
+        offer:
+|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `compute.platform.azure.osImage.publisher`, this field is required.
+|String. The name of the image offer.
+
+|compute:
+  platform:
+    azure:
+      osImage:
+        sku:
+|An instance of the Azure Marketplace offer. If you use `compute.platform.azure.osImage.publisher`, this field is required.
+|String. The SKU of the image offer.
+
+|compute:
+  platform:
+    azure:
+      osImage:
+        version:
+|The version number of the image SKU. If you use `compute.platform.azure.osImage.publisher`, this field is required.
+|String. The version of the image to use.
+
+|compute:
+  platform:
+    azure:
+      vmNetworkingType:
 |Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of compute machines support `Accelerated` networking, by default, the installer enables `Accelerated` networking, otherwise the default networking type is `Basic`.
 |`Accelerated` or `Basic`.
 
-|`compute.platform.azure.type`
+|compute:
+  platform:
+    azure:
+      type:
 |Defines the Azure instance type for compute machines.
 |String
 
-|`compute.platform.azure.zones`
+|compute:
+  platform:
+    azure:
+      zones:
 |The availability zones where the installation program creates compute machines.
 |String list
 
-|`controlPlane.platform.azure.type`
+|compute:
+  platform:
+    azure:
+      settings:
+        securityType:
+|Enables confidential VMs or trusted launch for compute nodes. This option is not enabled by default.
+|`ConfidentialVM` or `TrustedLaunch`.
+
+|compute:
+  platform:
+    azure:
+      settings:
+        confidentialVM:
+          uefiSettings:
+            secureBoot:
+|Enables secure boot on compute nodes if you are using confidential VMs.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|compute:
+  platform:
+    azure:
+      settings:
+        confidentialVM:
+          uefiSettings:
+            virtualizedTrustedPlatformModule:
+|Enables the virtualized Trusted Platform Module (vTPM) feature on compute nodes if you are using confidential VMs.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|compute:
+  platform:
+    azure:
+      settings:
+        trustedLaunch:
+          uefiSettings:
+            secureBoot:
+|Enables secure boot on compute nodes if you are using trusted launch.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|compute:
+  platform:
+    azure:
+      settings:
+        trustedLaunch:
+          uefiSettings:
+            virtualizedTrustedPlatformModule:
+|Enables the vTPM feature on compute nodes if you are using trusted launch.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|compute:
+  platform:
+    azure:
+      osDisk:
+        securityProfile:
+          securityEncryptionType:
+|Enables the encryption of the virtual machine guest state for compute nodes. This parameter can only be used if you use Confidential VMs.
+|`VMGuestStateOnly` is the only supported value.
+
+|controlPlane:
+  platform:
+    azure:
+      settings:
+        securityType:
+|Enables confidential VMs or trusted launch for control plane nodes. This option is not enabled by default.
+|`ConfidentialVM` or `TrustedLaunch`.
+
+|controlPlane:
+  platform:
+    azure:
+      settings:
+        confidentialVM:
+          uefiSettings:
+            secureBoot:
+|Enables secure boot on control plane nodes if you are using confidential VMs.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|controlPlane:
+  platform:
+    azure:
+      settings:
+        confidentialVM:
+          uefiSettings:
+            virtualizedTrustedPlatformModule:
+|Enables the vTPM feature on control plane nodes if you are using confidential VMs.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|controlPlane:
+  platform:
+    azure:
+      settings:
+        trustedLaunch:
+          uefiSettings:
+            secureBoot:
+|Enables secure boot on control plane nodes if you are using trusted launch.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|controlPlane:
+  platform:
+    azure:
+      settings:
+        trustedLaunch:
+          uefiSettings:
+            virtualizedTrustedPlatformModule:
+|Enables the vTPM feature on control plane nodes if you are using trusted launch.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        securityProfile:
+          securityEncryptionType:
+|Enables the encryption of the virtual machine guest state for control plane nodes. This parameter can only be used if you use Confidential VMs.
+|`VMGuestStateOnly` is the only supported value.
+
+|controlPlane:
+  platform:
+    azure:
+      type:
 |Defines the Azure instance type for control plane machines.
 |String
 
-|`controlPlane.platform.azure.zones`
+|controlPlane:
+  platform:
+    azure:
+      zones:
 |The availability zones where the installation program creates control plane machines.
 |String list
 
-|`platform.azure.defaultMachinePlatform.encryptionAtHost`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      settings:
+        securityType:
+|Enables confidential VMs or trusted launch for all nodes. This option is not enabled by default.
+|`ConfidentialVM` or `TrustedLaunch`.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      settings:
+        confidentialVM:
+          uefiSettings:
+            secureBoot:
+|Enables secure boot on all nodes if you are using confidential VMs.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      settings:
+        confidentialVM:
+          uefiSettings:
+            virtualizedTrustedPlatformModule:
+|Enables the virtualized Trusted Platform Module (vTPM) feature on all nodes if you are using confidential VMs.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      settings:
+        trustedLaunch:
+          uefiSettings:
+            secureBoot:
+|Enables secure boot on all nodes if you are using trusted launch.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      settings:
+        trustedLaunch:
+          uefiSettings:
+            virtualizedTrustedPlatformModule:
+|Enables the vTPM feature on all nodes if you are using trusted launch.
+|`Enabled` or `Disabled`. The default is `Disabled`.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        securityProfile:
+          securityEncryptionType:
+|Enables the encryption of the virtual machine guest state for all nodes. This parameter can only be used if you use Confidential VMs.
+|`VMGuestStateOnly` is the only supported value.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      encryptionAtHost:
 |Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached, and un-managed disks on the VM host. This parameter is not a prerequisite for user-managed server-side encryption.
 |`true` or `false`. The default is `false`.
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskEncryptionSet.name`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskEncryptionSet:
+          name:
 |The name of the disk encryption set that contains the encryption key from the installation prerequisites.
 |String, for example, `production_disk_encryption_set`.
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskEncryptionSet.resourceGroup`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskEncryptionSet:
+          resourceGroup:
 |The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. To avoid deleting your Azure encryption key when the cluster is destroyed, this resource group must be different from the resource group where you install the cluster. This value is necessary only if you intend to install the cluster with user-managed disk encryption.
 |String, for example, `production_encryption_resource_group`.
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskEncryptionSet.subscriptionId`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskEncryptionSet:
+          subscriptionId:
 |Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines.
 |String, in the format `00000000-0000-0000-0000-000000000000`.
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskSizeGB`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskSizeGB:
 |The Azure disk size for the VM.
 |Integer that represents the size of the disk in GB. The default is `128`.
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskType`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskType:
 |Defines the type of disk.
 |`premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`.
 
-|`platform.azure.defaultMachinePlatform.type`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osImage:
+        publisher:
+|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane and compute machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for both types of machines.
+|String. The name of the image publisher.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osImage:
+        offer:
+|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required.
+|String. The name of the image offer.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osImage:
+        sku:
+|An instance of the Azure Marketplace offer. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required.
+|String. The SKU of the image offer.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osImage:
+        version:
+|The version number of the image SKU. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required.
+|String. The version of the image to use.
+
+|platform:
+  azure:
+    defaultMachinePlatform:
+      type:
 |The Azure instance type for control plane and compute machines.
 |The Azure instance type.
 
-|`platform.azure.defaultMachinePlatform.zones`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      zones:
 |The availability zones where the installation program creates compute and control plane machines.
 |String list.
 
-|`controlPlane.platform.azure.encryptionAtHost`
+|controlPlane:
+  platform:
+    azure:
+      encryptionAtHost:
 |Enables host-level encryption for control plane machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.
 |`true` or `false`. The default is `false`.
 
-|`controlPlane.platform.azure.osDisk.diskEncryptionSet.resourceGroup`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskEncryptionSet:
+          resourceGroup:
 |The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. This resource group should be different from the resource group where you install the cluster to avoid deleting your Azure encryption key when the cluster is destroyed. This value is only necessary if you intend to install the cluster with user-managed disk encryption.
 |String, for example `production_encryption_resource_group`.
 
-|`controlPlane.platform.azure.osDisk.diskEncryptionSet.name`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskEncryptionSet:
+          name:
 |The name of the disk encryption set that contains the encryption key from the installation prerequisites.
 |String, for example `production_disk_encryption_set`.
 
-|`controlPlane.platform.azure.osDisk.diskEncryptionSet.subscriptionId`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskEncryptionSet:
+          subscriptionId:
 |Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt control plane machines.
 |String, in the format `00000000-0000-0000-0000-000000000000`.
 
-|`controlPlane.platform.azure.osDisk.diskSizeGB`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskSizeGB:
 |The Azure disk size for the VM.
 |Integer that represents the size of the disk in GB. The default is `1024`.
 
-|`controlPlane.platform.azure.osDisk.diskType`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskType:
 |Defines the type of disk.
 |`premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`.
 
-|`controlPlane.platform.azure.ultraSSDCapability`
+|controlPlane:
+  platform:
+    azure:
+      osImage:
+        publisher:
+|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for control plane machines only.
+|String. The name of the image publisher.
+
+|controlPlane:
+  platform:
+    azure:
+      osImage:
+        offer:
+|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `controlPlane.platform.azure.osImage.publisher`, this field is required.
+|String. The name of the image offer.
+
+|controlPlane:
+  platform:
+    azure:
+      osImage:
+        sku:
+|An instance of the Azure Marketplace offer. If you use `controlPlane.platform.azure.osImage.publisher`, this field is required.
+|String. The SKU of the image offer.
+
+|controlPlane:
+  platform:
+    azure:
+      osImage:
+        version:
+|The version number of the image SKU. If you use `controlPlane.platform.azure.osImage.publisher`, this field is required.
+|String. The version of the image to use.
+
+|controlPlane:
+  platform:
+    azure:
+      ultraSSDCapability:
 |Enables the use of Azure ultra disks for persistent storage on control plane machines. This requires that your Azure region and zone have ultra disks available.
 |`Enabled`, `Disabled`. The default is `Disabled`.
 
-|`controlPlane.platform.azure.vmNetworkingType`
+|controlPlane:
+  platform:
+    azure:
+      vmNetworkingType:
 |Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of control plane machines support `Accelerated` networking, by default, the installer enables `Accelerated` networking, otherwise the default networking type is `Basic`.
 |`Accelerated` or `Basic`.
 
-|`platform.azure.baseDomainResourceGroupName`
+|platform:
+  azure:
+    baseDomainResourceGroupName:
 |The name of the resource group that contains the DNS zone for your base domain.
 |String, for example `production_cluster`.
 
-|`platform.azure.resourceGroupName`
+|platform:
+  azure:
+    resourceGroupName:
 | The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster by using the installation program deletes this resource group.
 |String, for example `existing_resource_group`.
 
-|`platform.azure.outboundType`
+|platform:
+  azure:
+    outboundType:
 |The outbound routing strategy used to connect your cluster to the internet. If
 you are using user-defined routing, you must have pre-existing networking
 available where the outbound routing has already been configured prior to
 installing a cluster. The installation program is not responsible for
-configuring user-defined routing.
-|`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`.
+configuring user-defined routing. If you specify the `NatGateway` routing strategy, the installation program will only create one NAT gateway. If you specify the `NatGateway` routing strategy, your account must have the `Microsoft.Network/natGateways/read` and `Microsoft.Network/natGateways/write` permissions.
 
-|`platform.azure.region`
+[IMPORTANT]
+====
+[subs="attributes+"]
+`NatGateway` is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
+
+For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
+====
+//You can't put a snippet within a conditional.
+
+|`LoadBalancer`, `UserDefinedRouting`, or `NatGateway`. The default is `LoadBalancer`.
+
+|platform:
+  azure:
+    region:
 |The name of the Azure region that hosts your cluster.
 |Any valid region name, such as `centralus`.
 
-|`platform.azure.zone`
+|platform:
+  azure:
+    zone:
 |List of availability zones to place machines in. For high availability, specify
 at least two zones.
 |List of zones, for example `["1", "2", "3"]`.
 
-|`platform.azure.defaultMachinePlatform.ultraSSDCapability`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      ultraSSDCapability:
 |Enables the use of Azure ultra disks for persistent storage on control plane and compute machines. This requires that your Azure region and zone have ultra disks available.
 |`Enabled`, `Disabled`. The default is `Disabled`.
 
-|`platform.azure.networkResourceGroupName`
+|platform:
+  azure:
+    networkResourceGroupName:
 |The name of the resource group that contains the existing VNet that you want to deploy your cluster to. This name cannot be the same as the `platform.azure.baseDomainResourceGroupName`.
 |String.
 
-|`platform.azure.virtualNetwork`
+|platform:
+  azure:
+    virtualNetwork:
 |The name of the existing VNet that you want to deploy your cluster to.
 |String.
 
-|`platform.azure.controlPlaneSubnet`
+|platform:
+  azure:
+    controlPlaneSubnet:
 |The name of the existing subnet in your VNet that you want to deploy your control plane machines to.
 |Valid CIDR, for example `10.0.0.0/16`.
 
-|`platform.azure.computeSubnet`
+|platform:
+  azure:
+    computeSubnet:
 |The name of the existing subnet in your VNet that you want to deploy your compute machines to.
 |Valid CIDR, for example `10.0.0.0/16`.
 
-|`platform.azure.cloudName`
+|platform:
+  azure:
+    cloudName:
 |The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the default value `AzurePublicCloud` is used.
 |Any valid cloud environment, such as `AzurePublicCloud` or `AzureUSGovernmentCloud`.
 
-|`platform.azure.defaultMachinePlatform.vmNetworkingType`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      vmNetworkingType:
 |Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance.
 |`Accelerated` or `Basic`. If instance type of control plane and compute machines support `Accelerated` networking, by default, the installer enables `Accelerated` networking, otherwise the default networking type is `Basic`.
 
+|operatorPublishingStrategy:
+  apiserver:
+|Determines whether the load balancers that service the API are public or private. Set this parameter to `Internal` to prevent the API server from being accessible outside of your VNet. Set this parameter to `External` to make the API server accessible outside of your VNet. If you set this parameter, you must set the `publish` parameter to `Mixed`.
+|`External` or `Internal`. The default value is `External`.
+
+|operatorPublishingStrategy:
+  ingress:
+|Determines whether the DNS resources that the cluster creates for ingress traffic are publicly visible. Set this parameter to `Internal` to prevent the ingress VIP from being publicly accessible. Set this parameter to `External` to make the ingress VIP publicly accessible. If you set this parameter, you must set the `publish` parameter to `Mixed`.
+|`External` or `Internal`. The default value is `External`.
+
 |====
 
 [NOTE]
@@ -1369,6 +1895,139 @@ with an Azure cluster.
 ====
 endif::azure[]
 
+ifdef::agent[]
+[id="installation-configuration-parameters-additional-bare_{context}"]
+== Additional bare metal configuration parameters for the Agent-based Installer
+
+Additional bare metal installation configuration parameters for the Agent-based Installer are described in the following table:
+
+[NOTE]
+====
+These fields are not used during the initial provisioning of the cluster, but they are available to use once the cluster has been installed.
+Configuring these fields at install time eliminates the need to set them as a Day 2 operation.
+====
+
+.Additional bare metal parameters
+[cols=".^2l,.^3a,.^3a",options="header"]
+|====
+|Parameter|Description|Values
+
+|platform:
+  baremetal:
+    clusterProvisioningIP:
+|The IP address within the cluster where the provisioning services run.
+Defaults to the third IP address of the provisioning subnet.
+For example, `172.22.0.3` or `2620:52:0:1307::3`.
+|IPv4 or IPv6 address.
+
+|platform:
+  baremetal:
+    provisioningNetwork:
+|The `provisioningNetwork` configuration setting determines whether the cluster uses the provisioning network.
+If it does, the configuration setting also determines if the cluster manages the network.
+
+`Managed`: Default. Set this parameter to `Managed` to fully manage the provisioning network, including DHCP, TFTP, and so on.
+
+`Disabled`: Set this parameter to `Disabled` to disable the requirement for a provisioning network.
+When set to `Disabled`, you can use only virtual media based provisioning on Day 2.
+If `Disabled` and using power management, BMCs must be accessible from the bare-metal network.
+If Disabled, you must provide two IP addresses on the bare-metal network that are used for the provisioning services.
+
+|`Managed` or `Disabled`.
+
+|platform:
+  baremetal:
+    provisioningMACAddress:
+|The MAC address within the cluster where provisioning services run.
+|MAC address.
+
+|platform:
+  baremetal:
+    provisioningNetworkCIDR:
+|The CIDR for the network to use for provisioning.
+This option is required when not using the default address range on the provisioning network.
+|Valid CIDR, for example `10.0.0.0/16`.
+
+|platform:
+  baremetal:
+    provisioningNetworkInterface:
+|The name of the network interface on nodes connected to the provisioning network.
+Use the `bootMACAddress` configuration setting to enable Ironic to identify the IP address of the NIC instead of using the `provisioningNetworkInterface` configuration setting to identify the name of the NIC.
+|String.
+
+|platform:
+  baremetal:
+    provisioningDHCPRange:
+|Defines the IP range for nodes on the provisioning network, for example `172.22.0.10,172.22.0.254`.
+|IP address range.
+
+|platform:
+  baremetal:
+    hosts:
+|Configuration for bare metal hosts.
+|Array of host configuration objects.
+
+|platform:
+  baremetal:
+    hosts:
+      name:
+|The name of the host.
+|String.
+
+|platform:
+  baremetal:
+    hosts:
+      bootMACAddress:
+|The MAC address of the NIC used for provisioning the host.
+|MAC address.
+
+|platform:
+  baremetal:
+    hosts:
+      bmc:
+|Configuration for the host to connect to the baseboard management controller (BMC).
+|Dictionary of BMC configuration objects.
+
+|platform:
+  baremetal:
+    hosts:
+      bmc:
+        username:
+|The username for the BMC.
+|String.
+
+|platform:
+  baremetal:
+    hosts:
+      bmc:
+        password:
+|Password for the BMC.
+|String.
+
+|platform:
+  baremetal:
+    hosts:
+      bmc:
+        address:
+|The URL for communicating with the host's BMC controller.
+The address configuration setting specifies the protocol.
+For example, `redfish+http://10.10.10.1:8000/redfish/v1/Systems/1234` enables Redfish.
+For more information, see "BMC addressing" in the "Deploying installer-provisioned clusters on bare metal" section.
+|URL.
+
+|platform:
+  baremetal:
+    hosts:
+      bmc:
+        disableCertificateVerification:
+|`redfish` and `redfish-virtualmedia` need this parameter to manage BMC addresses.
+The value should be `True` when using a self-signed certificate for BMC addresses.
+|Boolean.
+
+|====
+endif::agent[]
+
+
 ifdef::gcp[]
 [id="installation-configuration-parameters-additional-gcp_{context}"]
 == Additional Google Cloud Platform (GCP) configuration parameters
@@ -1376,198 +2035,427 @@ ifdef::gcp[]
 Additional GCP configuration parameters are described in the following table:
 
 .Additional GCP parameters
-[cols=".^1,.^6a,.^3a",options="header"]
+[cols=".^1l,.^6a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`platform.gcp.network`
+|controlPlane:
+  platform:
+    gcp:
+      osImage:
+        project:
+|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane machines. You can override the default behavior by specifying the location of a custom {op-system} image that the installation program is to use for control plane machines only.
+|String. The name of GCP project where the image is located.
+
+|controlPlane:
+  platform:
+    gcp:
+      osImage:
+        name:
+|The name of the custom {op-system} image that the installation program is to use to boot control plane machines. If you use `controlPlane.platform.gcp.osImage.project`, this field is required.
+|String. The name of the {op-system} image.
+
+|compute:
+  platform:
+    gcp:
+      osImage:
+        project:
+|Optional. By default, the installation program downloads and installs the {op-system} image that is used to boot compute machines. You can override the default behavior by specifying the location of a custom {op-system} image that the installation program is to use for compute machines only.
+|String. The name of GCP project where the image is located.
+
+|compute:
+  platform:
+    gcp:
+      osImage:
+        name:
+|The name of the custom {op-system} image that the installation program is to use to boot compute machines. If you use `compute.platform.gcp.osImage.project`, this field is required.
+|String. The name of the {op-system} image.
+
+|platform:
+  gcp:
+    network:
 |The name of the existing Virtual Private Cloud (VPC) where you want to deploy your cluster. If you want to deploy your cluster into a shared VPC, you must set `platform.gcp.networkProjectID` with the name of the GCP project that contains the shared VPC.
 |String.
 
-|`platform.gcp.networkProjectID`
+|platform:
+  gcp:
+    networkProjectID:
 |Optional. The name of the GCP project that contains the shared VPC where you want to deploy your cluster.
 |String.
 
-|`platform.gcp.projectID`
+|platform:
+  gcp:
+    projectID:
 |The name of the GCP project where the installation program installs the cluster.
 |String.
 
-|`platform.gcp.region`
+|platform:
+  gcp:
+    region:
 |The name of the GCP region that hosts your cluster.
 |Any valid region name, such as `us-central1`.
 
-|`platform.gcp.controlPlaneSubnet`
+|platform:
+  gcp:
+    controlPlaneSubnet:
 |The name of the existing subnet where you want to deploy your control plane machines.
 |The subnet name.
 
-|`platform.gcp.computeSubnet`
+|platform:
+  gcp:
+    computeSubnet:
 |The name of the existing subnet where you want to deploy your compute machines.
 |The subnet name.
 
-|`platform.gcp.licenses`
-|A list of license URLs that must be applied to the compute images.
-[IMPORTANT]
-====
-The `licenses` parameter is a deprecated field and nested virtualization is enabled by default. It is not recommended to use this field.
-====
-|Any license available with the link:https://cloud.google.com/compute/docs/reference/rest/v1/licenses/list[license API], such as the license to enable link:https://cloud.google.com/compute/docs/instances/nested-virtualization/overview[nested virtualization]. You cannot use this parameter with a mechanism that generates pre-built images. Using a license URL forces the installation program to copy the source image before use.
-
-|`platform.gcp.defaultMachinePlatform.zones`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      zones:
 |The availability zones where the installation program creates machines.
 |A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[GCP availability zones], such as `us-central1-a`, in a
 link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
+[IMPORTANT]
+====
+When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU's are available. You can find which zones are compatible with 64-bit ARM processors in the "GCP availability zones" link.
+====
 
-|`platform.gcp.defaultMachinePlatform.osDisk.diskSizeGB`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        diskSizeGB:
 |The size of the disk in gigabytes (GB).
 |Any size between 16 GB and 65536 GB.
 
-|`platform.gcp.defaultMachinePlatform.osDisk.diskType`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        diskType:
 |The link:https://cloud.google.com/compute/docs/disks#disk-types[GCP disk type].
-|Either the default `pd-ssd` or the `pd-standard` disk type. The control plane nodes must be the `pd-ssd` disk type. Compute nodes can be either type.
-
-|`platform.gcp.defaultMachinePlatform.tags`
+|The default disk type for all machines. Control plane nodes must use the `pd-ssd` disk type. Compute nodes can use the `pd-ssd`, `pd-balanced`, or `pd-standard` disk types.
+
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osImage:
+        project:
+|Optional. By default, the installation program downloads and installs the {op-system} image that is used to boot control plane and compute machines. You can override the default behavior by specifying the location of a custom {op-system} image that the installation program is to use for both types of machines.
+|String. The name of GCP project where the image is located.
+
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osImage:
+        name:
+|The name of the custom {op-system} image that the installation program is to use to boot control plane and compute machines. If you use `platform.gcp.defaultMachinePlatform.osImage.project`, this field is required.
+|String. The name of the RHCOS image.
+
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      tags:
 |Optional. Additional network tags to add to the control plane and compute machines.
 |One or more strings, for example `network-tag1`.
 
-|`platform.gcp.defaultMachinePlatform.type`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      type:
 |The link:https://cloud.google.com/compute/docs/machine-types[GCP machine type] for control plane and compute machines.
 |The GCP machine type, for example `n1-standard-4`.
 
-|`platform.gcp.defaultMachinePlatform.osDisk.encryptionKey.kmsKey.name`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            name:
 |The name of the customer managed encryption key to be used for machine disk encryption.
 |The encryption key name.
 
-|`platform.gcp.defaultMachinePlatform.osDisk.encryptionKey.kmsKey.keyRing`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            keyRing:
 |The name of the Key Management Service (KMS) key ring to which the KMS key belongs.
 |The KMS key ring name.
 
-|`platform.gcp.defaultMachinePlatform.osDisk.encryptionKey.kmsKey.location`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            location:
 |The link:https://cloud.google.com/kms/docs/locations[GCP location] in which the KMS key ring exists.
 |The GCP location.
 
-|`platform.gcp.defaultMachinePlatform.osDisk.encryptionKey.kmsKey.projectID`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            projectID:
 |The ID of the project in which the KMS key ring exists. This value defaults to the value of the `platform.gcp.projectID` parameter if it is not set.
 |The GCP project ID.
 
-|`platform.gcp.defaultMachinePlatform.osDisk.encryptionKey.kmsKeyServiceAccount`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      osDisk:
+        encryptionKey:
+          kmsKeyServiceAccount:
 |The GCP service account used for the encryption request for control plane and compute machines. If absent, the Compute Engine default service account is used. For more information about GCP service accounts, see Google's documentation on link:https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account[service accounts].
 |The GCP service account email, for example `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
 
-|`platform.gcp.defaultMachinePlatform.secureBoot`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      secureBoot:
 |Whether to enable Shielded VM secure boot for all machines in the cluster. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
 |`Enabled` or `Disabled`. The default value is `Disabled`.
 
-|`platform.gcp.defaultMachinePlatform.confidentialCompute`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      confidentialCompute:
 |Whether to use Confidential VMs for all machines in the cluster. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential computing].
 |`Enabled` or `Disabled`. The default value is `Disabled`.
 
-|`platform.gcp.defaultMachinePlatform.onHostMaintenance`
+|platform:
+  gcp:
+    defaultMachinePlatform:
+      onHostMaintenance:
 |Specifies the behavior of all VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
 |`Terminate` or `Migrate`. The default value is `Migrate`.
 
-|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.name`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            name:
 |The name of the customer managed encryption key to be used for control plane machine disk encryption.
 |The encryption key name.
 
-|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.keyRing`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            keyRing:
 |For control plane machines, the name of the KMS key ring to which the KMS key belongs.
 |The KMS key ring name.
 
-|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.location`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            location:
 |For control plane machines, the GCP location in which the key ring exists. For more information about KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations].
 |The GCP location for the key ring.
 
-|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.projectID`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            projectID:
 |For control plane machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.
 |The GCP project ID.
 
-|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKeyServiceAccount`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKeyServiceAccount:
 |The GCP service account used for the encryption request for control plane machines. If absent, the Compute Engine default service account is used. For more information about GCP service accounts, see Google's documentation on link:https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account[service accounts].
 |The GCP service account email, for example `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
 
-|`controlPlane.platform.gcp.osDisk.diskSizeGB`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        diskSizeGB:
 |The size of the disk in gigabytes (GB). This value applies to control plane machines.
 |Any integer between 16 and 65536.
 
-|`controlPlane.platform.gcp.osDisk.diskType`
+|controlPlane:
+  platform:
+    gcp:
+      osDisk:
+        diskType:
 |The link:https://cloud.google.com/compute/docs/disks#disk-types[GCP disk type] for control plane machines.
 |Control plane machines must use the `pd-ssd` disk type, which is the default.
 
-|`controlPlane.platform.gcp.tags`
+|controlPlane:
+  platform:
+    gcp:
+      tags:
 |Optional. Additional network tags to add to the control plane machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.tags` parameter for control plane machines.
 |One or more strings, for example `control-plane-tag1`.
 
-|`controlPlane.platform.gcp.type`
+|controlPlane:
+  platform:
+    gcp:
+      type:
 |The link:https://cloud.google.com/compute/docs/machine-types[GCP machine type] for control plane machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.type` parameter.
 |The GCP machine type, for example `n1-standard-4`.
 
-|`controlPlane.platform.gcp.zones`
+|controlPlane:
+  platform:
+    gcp:
+      zones:
 |The availability zones where the installation program creates control plane machines.
 |A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[GCP availability zones], such as `us-central1-a`, in a
 link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
+[IMPORTANT]
+====
+When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU's are available. You can find which zones are compatible with 64-bit ARM processors in the "GCP availability zones" link.
+====
 
-|`controlPlane.platform.gcp.secureBoot`
+|controlPlane:
+  platform:
+    gcp:
+      secureBoot:
 |Whether to enable Shielded VM secure boot for control plane machines. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
 |`Enabled` or `Disabled`. The default value is `Disabled`.
 
-|`controlPlane.platform.gcp.confidentialCompute`
+|controlPlane:
+  platform:
+    gcp:
+      confidentialCompute:
 |Whether to enable Confidential VMs for control plane machines. Confidential VMs provide encryption for data while it is being processed. For more information on Confidential VMs, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential Computing].
 |`Enabled` or `Disabled`. The default value is `Disabled`.
 
-|`controlPlane.platform.gcp.onHostMaintenance`
+|controlPlane:
+  platform:
+    gcp:
+      onHostMaintenance:
 |Specifies the behavior of control plane VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
 |`Terminate` or `Migrate`. The default value is `Migrate`.
 
-|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.name`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            name:
 |The name of the customer managed encryption key to be used for compute machine disk encryption.
 |The encryption key name.
 
-|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.keyRing`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            keyRing:
 |For compute machines, the name of the KMS key ring to which the KMS key belongs.
 |The KMS key ring name.
 
-|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.location`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            location:
 |For compute machines, the GCP location in which the key ring exists. For more information about KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations].
 |The GCP location for the key ring.
 
-|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.projectID`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKey:
+            projectID:
 |For compute machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.
 |The GCP project ID.
 
-|`compute.platform.gcp.osDisk.encryptionKey.kmsKeyServiceAccount`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        encryptionKey:
+          kmsKeyServiceAccount:
 |The GCP service account used for the encryption request for compute machines. If this value is not set, the Compute Engine default service account is used. For more information about GCP service accounts, see Google's documentation on link:https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account[service accounts].
 |The GCP service account email, for example `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
 
-|`compute.platform.gcp.osDisk.diskSizeGB`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        diskSizeGB:
 |The size of the disk in gigabytes (GB). This value applies to compute machines.
 |Any integer between 16 and 65536.
 
-|`compute.platform.gcp.osDisk.diskType`
+|compute:
+  platform:
+    gcp:
+      osDisk:
+        diskType:
 |The link:https://cloud.google.com/compute/docs/disks#disk-types[GCP disk type] for compute machines.
-|Either the default `pd-ssd` or the `pd-standard` disk type.
+|`pd-ssd`, `pd-standard`, or `pd-balanced`. The default is `pd-ssd`.
 
-|`compute.platform.gcp.tags`
+|compute:
+  platform:
+    gcp:
+      tags:
 |Optional. Additional network tags to add to the compute machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.tags` parameter for compute machines.
 |One or more strings, for example `compute-network-tag1`.
 
-|`compute.platform.gcp.type`
+|compute:
+  platform:
+    gcp:
+      type:
 |The link:https://cloud.google.com/compute/docs/machine-types[GCP machine type] for compute machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.type` parameter.
 |The GCP machine type, for example `n1-standard-4`.
 
-|`compute.platform.gcp.zones`
+|compute:
+  platform:
+    gcp:
+      zones:
 |The availability zones where the installation program creates compute machines.
 |A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[GCP availability zones], such as `us-central1-a`, in a
 link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
+[IMPORTANT]
+====
+When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU's are available. You can find which zones are compatible with 64-bit ARM processors in the "GCP availability zones" link.
+====
 
-|`compute.platform.gcp.secureBoot`
+|compute:
+  platform:
+    gcp:
+      secureBoot:
 |Whether to enable Shielded VM secure boot for compute machines. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
 |`Enabled` or `Disabled`. The default value is `Disabled`.
 
-|`compute.platform.gcp.confidentialCompute`
+|compute:
+  platform:
+    gcp:
+      confidentialCompute:
 |Whether to enable Confidential VMs for compute machines. Confidential VMs provide encryption for data while it is being processed. For more information on Confidential VMs, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential Computing].
 |`Enabled` or `Disabled`. The default value is `Disabled`.
 
-|`compute.platform.gcp.onHostMaintenance`
+|compute:
+  platform:
+    gcp:
+      onHostMaintenance:
 |Specifies the behavior of compute VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
 |`Terminate` or `Migrate`. The default value is `Migrate`.
 
@@ -1576,47 +2464,134 @@ link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
 endif::gcp[]
 ifdef::ibm-cloud[]
 [id="installation-configuration-parameters-additional-ibm-cloud_{context}"]
-== Additional IBM Cloud VPC configuration parameters
+== Additional {ibm-cloud-title} configuration parameters
 
-Additional IBM Cloud VPC configuration parameters are described in the following table:
+Additional {ibm-cloud-name} configuration parameters are described in the following table:
 
-.Additional IBM Cloud VPC parameters
-[cols=".^1,.^6a,.^3a",options="header"]
+.Additional {ibm-cloud-name} parameters
+[cols=".^1l,.^6a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`platform.ibmcloud.resourceGroupName`
+|controlPlane:
+  platform:
+    ibmcloud:
+      bootVolume:
+        encryptionKey:
+|An {ibm-name} Key Protect for {ibm-cloud-name} (Key Protect) root key that should be used to encrypt the root (boot) volume of only control plane machines.
+d|The Cloud Resource Name (CRN) of the root key.
+
+The CRN must be enclosed in quotes ("").
+
+|compute:
+  platform:
+    ibmcloud:
+      bootVolume:
+        encryptionKey:
+|A Key Protect root key that should be used to encrypt the root (boot) volume of only compute machines.
+d|The CRN of the root key.
+
+The CRN must be enclosed in quotes ("").
+
+|platform:
+  ibmcloud:
+    defaultMachinePlatform:
+      bootvolume:
+        encryptionKey:
+d|A Key Protect root key that should be used to encrypt the root (boot) volume of all of the cluster's machines.
+
+When specified as part of the default machine configuration, all managed storage classes are updated with this key. As such, data volumes that are provisioned after the installation are also encrypted using this key.
+d|The CRN of the root key.
+
+The CRN must be enclosed in quotes ("").
+
+|platform:
+  ibmcloud:
+    resourceGroupName:
 |The name of an existing resource group.
 By default, an installer-provisioned VPC and cluster resources are placed in this resource group. When not specified, the installation program creates the resource group for the cluster.
 If you are deploying the cluster into an existing VPC, the installer-provisioned cluster resources are placed in this resource group. When not specified, the installation program creates the resource group for the cluster. The VPC resources that you have provisioned must exist in a resource group that you specify using the `networkResourceGroupName` parameter.
 In either case, this resource group must only be used for a single cluster installation, as the cluster components assume ownership of all of the resources in the resource group. [^1^]
 |String, for example `existing_resource_group`.
 
-|`platform.ibmcloud.networkResourceGroupName`
+|platform:
+  ibmcloud:
+    serviceEndpoints:
+      - name:
+        url:
+a|A list of service endpoint names and URIs.
+
+By default, the installation program and cluster components use public service endpoints to access the required {ibm-cloud-name} services.
+
+If network restrictions limit access to public service endpoints, you can specify an alternate service endpoint to override the default behavior.
+
+You can specify only one alternate service endpoint for each of the following services:
+
+* Cloud Object Storage
+* DNS Services
+* Global Search
+* Global Tagging
+* Identity Services
+* Key Protect
+* Resource Controller
+* Resource Manager
+* VPC
+
+a|A valid service endpoint name and fully qualified URI.
+
+Valid names include:
+
+* `COS`
+* `DNSServices`
+* `GlobalServices`
+* `GlobalTagging`
+* `IAM`
+* `KeyProtect`
+* `ResourceController`
+* `ResourceManager`
+* `VPC`
+
+|platform:
+  ibmcloud:
+    networkResourceGroupName:
 |The name of an existing resource group. This resource contains the existing VPC and subnets to which the cluster will be deployed. This parameter is required when deploying the cluster to a VPC that you have provisioned.
 |String, for example `existing_network_resource_group`.
 
-|`platform.ibmcloud.dedicatedHosts.profile`
+|platform:
+  ibmcloud:
+    dedicatedHosts:
+      profile:
 |The new dedicated host to create. If you specify a value for `platform.ibmcloud.dedicatedHosts.name`, this parameter is not required.
-|Valid IBM Cloud VPC dedicated host profile, such as `cx2-host-152x304`. [^2^]
+|Valid {ibm-cloud-name} dedicated host profile, such as `cx2-host-152x304`. [^2^]
 
-|`platform.ibmcloud.dedicatedHosts.name`
+|platform:
+  ibmcloud:
+    dedicatedHosts:
+      name:
 |An existing dedicated host. If you specify a value for `platform.ibmcloud.dedicatedHosts.profile`, this parameter is not required.
 |String, for example `my-dedicated-host-name`.
 
-|`platform.ibmcloud.type`
-|The instance type for all IBM Cloud VPC machines.
-|Valid IBM Cloud VPC instance type, such as `bx2-8x32`. [^2^]
+|platform:
+  ibmcloud:
+    type:
+|The instance type for all {ibm-cloud-name} machines.
+|Valid {ibm-cloud-name} instance type, such as `bx2-8x32`. [^2^]
 
-|`platform.ibmcloud.vpcName`
+|platform:
+  ibmcloud:
+    vpcName:
 | The name of the existing VPC that you want to deploy your cluster to.
 | String.
 
-|`platform.ibmcloud.controlPlaneSubnets`
+|platform:
+  ibmcloud:
+    controlPlaneSubnets:
 | The name(s) of the existing subnet(s) in your VPC that you want to deploy your control plane machines to. Specify a subnet for each availability zone.
 | String array
 
-|`platform.ibmcloud.computeSubnets`
+|platform:
+  ibmcloud:
+    computeSubnets:
 | The name(s) of the existing subnet(s) in your VPC that you want to deploy your compute machines to. Specify a subnet for each availability zone. Subnet IDs are not supported.
 | String array
 
@@ -1624,313 +2599,98 @@ In either case, this resource group must only be used for a single cluster insta
 [.small]
 --
 1. Whether you define an existing resource group, or if the installer creates one, determines how the resource group is treated when the cluster is uninstalled. If you define a resource group, the installer removes all of the installer-provisioned resources, but leaves the resource group alone; if a resource group is created as part of the installation, the installer removes all of the installer-provisioned resources and the resource group.
-2. To determine which profile best meets your needs, see https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[Instance Profiles] in the IBM documentation.
+2. To determine which profile best meets your needs, see https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[Instance Profiles] in the {ibm-name} documentation.
 --
 endif::ibm-cloud[]
 
-ifdef::ibm-power-vs[]
-[id="installation-configuration-parameters-additional-ibm-cloud_{context}"]
-== Additional {ibmpowerProductName} Virtual Server configuration parameters
-
-Additional {ibmpowerProductName} Virtual Server configuration parameters are described in the following table:
-
-.Additional {ibmpowerProductName} Virtual Server parameters
-[cols=".^1,.^6a,.^3a",options="header"]
-|====
-|Parameter|Description|Values
-
-|`platform.powervs.userID`
-|The UserID is the login for the user's IBM Cloud account.
-|String. For example `existing_user_id`.
-
-|`platform.powervs.powervsResourceGroup`
-|The PowerVSResourceGroup is the resource group in which {ibmpowerProductName} Virtual Server resources are created. If using an existing VPC, the existing VPC and subnets should be in this resource group.
-|String. For example `existing_resource_group`.
-
-|`platform.powervs.region`
-|Specifies the IBM Cloud colo region where the cluster will be created.
-|String. For example `existing_region`.
-
-|`platform.powervs.zone`
-|Specifies the IBM Cloud colo region where the cluster will be created.
-|String. For example `existing_zone`.
-
-|`platform.powervs.serviceInstanceID`
-|The ServiceInstanceID is the ID of the Power IAAS instance created from the IBM Cloud Catalog.
-|String. For example `existing_service_instance_ID`.
-
-|`platform.powervs.vpcRegion`
-|Specifies the IBM Cloud region in which to create VPC resources.
-|String. For example `existing_vpc_region`.
-
-|`platform.powervs.vpcSubnets`
-|Specifies existing subnets (by name) where cluster resources will be created.
-|String. For example `powervs_region_example_subnet`.
-
-|`platform.powervs.vpcName`
-|Specifies the IBM Cloud VPC name.
-|String. For example `existing_vpcName`.
-
-|`platform.powervs.cloudConnectionName`
-|The CloudConnctionName is the name of an existing PowerVS Cloud connection.
-|String. For example `existing_cloudConnectionName`.
-
-|`platform.powervs.clusterOSImage`
-|The ClusterOSImage is a pre-created {ibmpowerProductName} Virtual Server boot image that overrides the default image for cluster nodes.
-|String. For example `existing_cluster_os_image`.
-
-|`platform.powervs.defaultMachinePlatform`
-|The DefaultMachinePlatform is the default configuration used when installing on {ibmpowerProductName} Virtual Server for machine pools that do not define their own platform configuration.
-|String. For example `existing_machine_platform`.
-
-//|`platform.ibmcloud.dedicatedHosts.profile`
-//|The new dedicated host to create. If you specify a value for `platform.ibmcloud.dedicatedHosts.name`, this parameter is not required.
-//|Valid IBM Cloud VPC dedicated host profile, such as `cx2-host-152x304`. [^2^]
-
-//|`platform.ibmcloud.dedicatedHosts.name`
-//|An existing dedicated host. If you specify a value for `platform.ibmcloud.dedicatedHosts.profile`, this parameter is not required.
-//|String, for example `my-dedicated-host-name`.
-
-//|`platform.ibmcloud.type`
-//|The instance type for all IBM Cloud VPC machines.
-//|Valid IBM Cloud VPC instance type, such as `bx2-8x32`. [^2^]
-
-|`platform.powervs.memoryGiB`
-|The size of a virtual machine's memory, in GB.
-|The valid integer must be an integer number of GB that is at least 2 and no more than 64, depending on the machine type.
-
-|`platform.powervs.procType`
-|The ProcType defines the processor sharing model for the instance.
-|The valid values are Capped, Dedicated and Shared.
-
-|`platform.powervs.processors`
-|The Processors defines the processing units for the instance.
-|The number of processors must be from .5 to 32 cores. The processors must be in increments of .25.
-
-|`platform.powervs.sysType`
-|The SysType defines the system type for the instance.
-|The system type must be one of {e980,s922}.
-
-|====
-[.small]
---
-1. Whether you define an existing resource group, or if the installer creates one, determines how the resource group is treated when the cluster is uninstalled. If you define a resource group, the installer removes all of the installer-provisioned resources, but leaves the resource group alone; if a resource group is created as part of the installation, the installer removes all of the installer provisioned resources and the resource group.
-2. To determine which profile best meets your needs, see https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[Instance Profiles] in the IBM documentation.
---
-endif::ibm-power-vs[]
-
-ifdef::rhv[]
-[id="installation-configuration-parameters-additional-rhv_{context}"]
-== Additional {rh-virtualization-first} configuration parameters
-
-Additional {rh-virtualization} configuration parameters are described in the following table:
-
-[id="additional-virt-parameters-for-clusters_{context}"]
-.Additional {rh-virtualization-first} parameters for clusters
-[cols=".^2,.^3a,.^3a",options="header"]
-|====
-|Parameter|Description|Values
-
-|`platform.ovirt.ovirt_cluster_id`
-|Required. The Cluster where the VMs will be created.
-|String. For example: `68833f9f-e89c-4891-b768-e2ba0815b76b`
-
-|`platform.ovirt.ovirt_storage_domain_id`
-|Required. The Storage Domain ID where the VM disks will be created.
-|String. For example: `ed7b0f4e-0e96-492a-8fff-279213ee1468`
-
-|`platform.ovirt.ovirt_network_name`
-|Required. The network name where the VM nics will be created.
-|String. For example: `ocpcluster`
-
-|`platform.ovirt.vnicProfileID`
-|Required. The vNIC profile ID of the VM network interfaces. This can be inferred if the cluster network has a single profile.
-|String. For example: `3fa86930-0be5-4052-b667-b79f0a729692`
-
-|`platform.ovirt.api_vips`
-|Required. An IP address on the machine network that will be assigned to the API virtual IP (VIP). You can access the OpenShift API at this endpoint. For dual-stack networks, assign up to two IP addresses. The primary IP address must be from the IPv4 network.
-
-[NOTE]
-====
-In {product-title} 4.12 and later, the `api_vip` configuration setting is deprecated. Instead, use a list format to enter a value in the `api_vips` configuration setting. The order of the list indicates the primary and secondary VIP address for each service.
-====
-
-|String. Example: `10.46.8.230`
-
-|`platform.ovirt.ingress_vips`
-|Required. An IP address on the machine network that will be assigned to the Ingress virtual IP (VIP). For dual-stack networks, assign up to two IP addresses. The primary IP address must be from the IPv4 network.
-
-[NOTE]
-====
-In {product-title} 4.12 and later, the `ingress_vip` configuration setting is deprecated. Instead, use a list format to enter a value in the `ingress_vips` configuration setting. The order of the list indicates the primary and secondary VIP address for each service.
-====
-
-|String. Example: `10.46.8.232`
-
-|`platform.ovirt.affinityGroups`
-|Optional. A list of affinity groups to create during the installation process.
-|List of objects.
-
-|`platform.ovirt.affinityGroups.description`
-|Required if you include `platform.ovirt.affinityGroups`. A description of the affinity group.
-|String. Example: `AffinityGroup for spreading each compute machine to a different host`
-
-|`platform.ovirt.affinityGroups.enforcing`
-|Required if you include `platform.ovirt.affinityGroups`. When set to `true`, {rh-virtualization} does not provision any machines if not enough hardware nodes are available. When set to `false`, {rh-virtualization} does provision machines even if not enough hardware nodes are available, resulting in multiple virtual machines being hosted on the same physical machine.
-
-|String. Example: `true`
-
-|`platform.ovirt.affinityGroups.name`
-|Required if you include `platform.ovirt.affinityGroups`. The name of the affinity group.
-|String. Example: `compute`
-
-|`platform.ovirt.affinityGroups.priority`
-|Required if you include `platform.ovirt.affinityGroups`. The priority given to an affinity group when `platform.ovirt.affinityGroups.enforcing = false`. {rh-virtualization} applies affinity groups in the order of priority, where a greater number takes precedence over a lesser one. If multiple affinity groups have the same priority, the order in which they are applied is not guaranteed.
-|Integer. Example: `3`
-|====
-
-[id="installation-configuration-parameters-additional-machine_{context}"]
-== Additional {rh-virtualization} parameters for machine pools
-
-Additional {rh-virtualization} configuration parameters for machine pools are described in the following table:
-
-.Additional {rh-virtualization} parameters for machine pools
-[cols=".^2,.^3a,.^3a",options="header"]
-|====
-|Parameter|Description|Values
-
-|`<machine-pool>.platform.ovirt.cpu`
-|Optional. Defines the CPU of the VM.
-|Object
-
-|`<machine-pool>.platform.ovirt.cpu.cores`
-|Required if you use `<machine-pool>.platform.ovirt.cpu`. The number of cores. Total virtual CPUs (vCPUs) is cores * sockets.
-|Integer
-
-|`<machine-pool>.platform.ovirt.cpu.sockets`
-|Required if you use `<machine-pool>.platform.ovirt.cpu`. The number of sockets per core. Total virtual CPUs (vCPUs) is cores * sockets.
-|Integer
-
-|`<machine-pool>.platform.ovirt.memoryMB`
-|Optional. Memory of the VM in MiB.
-|Integer
-
-|`<machine-pool>.platform.ovirt.osDisk`
-|Optional. Defines the first and bootable disk of the VM.
-|String
-
-|`<machine-pool>.platform.ovirt.osDisk.sizeGB`
-|Required if you use `<machine-pool>.platform.ovirt.osDisk`. Size of the disk in GiB.
-|Number
-
-|`<machine-pool>.platform.ovirt.vmType`
-|Optional. The VM workload type, such as `high-performance`, `server`, or `desktop`.  By default, control plane nodes use `high-performance`, and worker nodes use `server`. For details, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Virtual_Machine_General_settings_explained[Explanation of Settings in the New Virtual Machine and Edit Virtual Machine Windows] and link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_.
-[NOTE]
-====
-`high_performance` improves performance on the VM, but there are limitations. For example, you cannot access the VM with a graphical console. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_.
-====
-|String
-
-|`<machine-pool>.platform.ovirt.affinityGroupsNames`
-|Optional. A list of affinity group names that should be applied to the virtual machines. The affinity groups must exist in {rh-virtualization}, or be created during installation as described in _Additional {rh-virtualization} parameters for clusters_ in this topic. This entry can be empty.
-// xref:../../installing/installing_rhv/installing-rhv-customizations.adoc#additional-virt-parameters-for-clusters[Additional {rh-virtualization} parameters for clusters]. This entry can be empty.
-//xref:../../additional-virt-parameters-for-clusters[Additional {rh-virtualization} parameters for clusters]. This entry can be empty.
-
-.Example with two affinity groups
-
-This example defines two affinity groups, named `compute` and `clusterWideNonEnforcing`:
-
-[source,yaml]
-----
-<machine-pool>:
-  platform:
-    ovirt:
-      affinityGroupNames:
-        - compute
-        - clusterWideNonEnforcing
-----
-
-This example defines no affinity groups:
-
-[source,yaml]
-----
-<machine-pool>:
-  platform:
-    ovirt:
-      affinityGroupNames: []
-----
-|String
-|`<machine-pool>.platform.ovirt.AutoPinningPolicy`
-| Optional. AutoPinningPolicy defines the policy to automatically set the CPU and NUMA settings, including pinning to the host for the instance. When the field is omitted, the default is `none`. Supported values: `none`, `resize_and_pin`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Setting_NUMA_Nodes[Setting NUMA Nodes] in the _Virtual Machine Management Guide_.
-
-|String
-|`<machine-pool>.platform.ovirt.hugepages`
-|Optional. Hugepages is the size in KiB for defining hugepages in a VM. Supported values: `2048` or `1048576`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_Huge_Pages[Configuring Huge Pages] in the _Virtual Machine Management Guide_.
-
-|Integer
-
-|====
-
-[NOTE]
-====
-You can replace `<machine-pool>` with `controlPlane` or `compute`.
-====
-
-endif::rhv[]
-
 ifdef::vsphere[]
+
 [id="installation-configuration-parameters-additional-vsphere_{context}"]
 == Additional VMware vSphere configuration parameters
 
 Additional VMware vSphere configuration parameters are described in the following table:
 
 .Additional VMware vSphere cluster parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^4,.^2",options="header,word-wrap",subs="+quotes,+attributes"]
 |====
 |Parameter|Description|Values
 
-|`platform.vsphere.apiVIPs`
+|platform:
+  vsphere:
+    apiVIPs:
 |Virtual IP (VIP) addresses that you configured for control plane API access.
-a|Multiple IP addresses
 
-|`platform.vsphere.diskType`
+*Note:* This parameter applies only to installer-provisioned infrastructure.
+|Multiple IP addresses
+
+|platform:
+  vsphere:
+    diskType:
 |Optional. The disk provisioning method. This value defaults to the vSphere default storage policy if not set.
 |Valid values are `thin`, `thick`, or `eagerZeroedThick`.
 
-|`platform.vsphere.failureDomains`
+|platform:
+  vsphere:
+    failureDomains:
 |Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
 |String
 
-|`platform.vsphere.failureDomains.topology.networks`
+|platform:
+  vsphere:
+    failureDomains:
+      topology:
+        networks:
 |Lists any network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
 |String
 
-|`platform.vsphere.failureDomains.region`
+|platform:
+  vsphere:
+    failureDomains:
+      region:
 |If you define multiple failure domains for your cluster, you must attach the tag to each vCenter datacenter. To define a region, use a tag from the `openshift-region` tag category. For a single vSphere datacenter environment, you do not need to attach a tag, but you must enter an alphanumeric value, such as `datacenter`, for the parameter.
 |String
 
-|`platform.vsphere.failureDomains.zone`
+|platform:
+  vsphere:
+    failureDomains:
+      zone:
 |If you define multiple failure domains for your cluster, you must attach the tag to each vCenter cluster. To define a zone, use a tag from the `openshift-zone` tag category. For a single vSphere datacenter environment, you do not need to attach a tag, but you must enter an alphanumeric value, such as `cluster`, for the parameter.
-|`String`
+|String
+
+|platform:
+  vsphere:
+    failureDomains:
+      template:
+|Specify the absolute path to a pre-existing {op-system-first} image template or virtual machine. The installation program can use the image template or virtual machine to quickly install {op-system} on vSphere hosts. Consider using this parameter as an alternative to uploading an {op-system} image on vSphere hosts. The parameter is available for use only on installer-provisioned infrastructure.
+|String
 
-|`platform.vsphere.ingressVIPs`
+|platform:
+  vsphere:
+    ingressVIPs:
 |Virtual IP (VIP) addresses that you configured for cluster Ingress.
+
+*Note:* This parameter applies only to installer-provisioned infrastructure.
 |Multiple IP addresses
 
-|`platform.vsphere`
+|platform:
+  vsphere:
 | Describes your account on the cloud platform that hosts your cluster. You can use the parameter to customize the platform. When providing additional configuration settings for compute and control plane machines in the machine pool, the parameter is optional. You can only specify one vCenter server for your {product-title} cluster.
 |String
 
-|`platform.vsphere.vcenters`
+|platform:
+  vsphere:
+    vcenters:
 |Lists any fully-qualified hostname or IP address of a vCenter server.
 |String
 
-|`platform.vsphere.vcenters.datacenters`
+|platform:
+  vsphere:
+    vcenters:
+      datacenters:
 |Lists and defines the datacenters where {product-title} virtual machines (VMs) operate. The list of datacenters must match the list of datacenters specified in the `failureDomains` field.
 |String
 |====
 
-
 [id="deprecated-parameters-vsphere_{context}"]
 == Deprecated VMware vSphere configuration parameters
 
@@ -1939,96 +2699,122 @@ In {product-title} 4.13, the following vSphere configuration parameters are depr
 The following table lists each deprecated vSphere configuration parameter:
 
 .Deprecated VMware vSphere cluster parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^4,.^2",options="header,word-wrap",subs="+quotes,+attributes"]
 |====
 |Parameter|Description|Values
 
-|`platform.vsphere.apiVIP`
+|platform:
+  vsphere:
+    apiVIP:
 |The virtual IP (VIP) address that you configured for control plane API access.
-a|An IP address, for example `128.0.0.1`.
 
-[NOTE]
-====
-In {product-title} 4.12 and later, the `apiVIP` configuration setting is deprecated. Instead, use a `List` format to enter a value in the `apiVIPs` configuration setting.
-====
+*Note:* In {product-title} 4.12 and later, the `apiVIP` configuration setting is deprecated. Instead, use a `List` format to enter a value in the `apiVIPs` configuration setting.
+a|An IP address, for example `128.0.0.1`.
 
-|`platform.vsphere.cluster`
+|platform:
+  vsphere:
+    cluster:
 |The vCenter cluster to install the {product-title} cluster in.
 |String
 
-|`platform.vsphere.datacenter`
+|platform:
+  vsphere:
+    datacenter:
 |Defines the datacenter where {product-title} virtual machines (VMs) operate.
 |String
 
-|`platform.vsphere.defaultDatastore`
+|platform:
+  vsphere:
+    defaultDatastore:
 |The name of the default datastore to use for provisioning volumes.
 |String
 
-|`platform.vsphere.folder`
+|platform:
+  vsphere:
+    folder:
 |Optional. The absolute path of an existing folder where the installation program creates the virtual machines. If you do not provide this value, the installation program creates a folder that is named with the infrastructure ID in the data center virtual machine folder.
 |String, for example, `/<datacenter_name>/vm/<folder_name>/<subfolder_name>`.
 
-|`platform.vsphere.ingressVIP`
+|platform:
+  vsphere:
+    ingressVIP:
 |Virtual IP (VIP) addresses that you configured for cluster Ingress.
-a|An IP address, for example `128.0.0.1`.
 
-[NOTE]
-====
-In {product-title} 4.12 and later, the `ingressVIP` configuration setting is deprecated. Instead, use a `List` format to enter a value in the `ingressVIPs` configuration setting.
-====
+*Note:* In {product-title} 4.12 and later, the `ingressVIP` configuration setting is deprecated. Instead, use a `List` format to enter a value in the `ingressVIPs` configuration setting.
+a|An IP address, for example `128.0.0.1`.
 
-|`platform.vsphere.network`
+|platform:
+  vsphere:
+    network:
 |The network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
 |String
 
-|`platform.vsphere.password`
+|platform:
+  vsphere:
+    password:
 |The password for the vCenter user name.
 |String
 
-|`platform.vsphere.resourcePool`
+|platform:
+  vsphere:
+    resourcePool:
 |Optional. The absolute path of an existing resource pool where the installation program creates the virtual machines. If you do not specify a value, the installation program installs the resources in the root of the cluster under `/<datacenter_name>/host/<cluster_name>/Resources`.
-|String, for example, `/<datacenter_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`.
+a|String, for example, `/<datacenter_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`.
 
-|`platform.vsphere.username`
+|platform:
+  vsphere:
+    username:
 |The user name to use to connect to the vCenter instance with. This user must have at least
 the roles and privileges that are required for
 link:https://github.com/vmware-archive/vsphere-storage-for-kubernetes/blob/master/documentation/vcp-roles.md[static or dynamic persistent volume provisioning]
 in vSphere.
 |String
 
-|`platform.vsphere.vCenter`
+|platform:
+  vsphere:
+    vCenter:
 |The fully-qualified hostname or IP address of a vCenter server.
 |String
 |====
 
-
 [id="installation-configuration-parameters-optional-vsphere_{context}"]
 == Optional VMware vSphere machine pool configuration parameters
 
 Optional VMware vSphere machine pool configuration parameters are described in the following table:
 
 .Optional VMware vSphere machine pool parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^3a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`platform.vsphere.clusterOSImage`
-|The location from which the installation program downloads the {op-system} image. You must set this parameter to perform an installation in a restricted network.
+|platform:
+  vsphere:
+    clusterOSImage:
+|The location from which the installation program downloads the {op-system-first} image. Before setting a path value for this parameter, ensure that the default {op-system} boot image in the {product-title} release matches the {op-system} image template or virtual machine version; otherwise, cluster installation might fail.
 |An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, `\https://mirror.openshift.com/images/rhcos-<version>-vmware.<architecture>.ova`.
 
-|`platform.vsphere.osDisk.diskSizeGB`
+|platform:
+  vsphere:
+    osDisk:
+      diskSizeGB:
 |The size of the disk in gigabytes.
 |Integer
 
-|`platform.vsphere.cpus`
+|platform:
+  vsphere:
+    cpus:
 |The total number of virtual processor cores to assign a virtual machine. The value of `platform.vsphere.cpus` must be a multiple of `platform.vsphere.coresPerSocket` value.
 |Integer
 
-|`platform.vsphere.coresPerSocket`
+|platform:
+  vsphere:
+    coresPerSocket:
 |The number of cores per socket in a virtual machine. The number of virtual sockets on the virtual machine is `platform.vsphere.cpus`/`platform.vsphere.coresPerSocket`. The default value for control plane nodes and worker nodes is `4` and `2`, respectively.
 |Integer
 
-|`platform.vsphere.memoryMB`
+|platform:
+  vsphere:
+    memoryMB:
 |The size of a virtual machine's memory in megabytes.
 |Integer
 |====
@@ -2041,63 +2827,106 @@ ifdef::ash[]
 Additional Azure configuration parameters are described in the following table:
 
 .Additional Azure Stack Hub parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^3a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`compute.platform.azure.osDisk.diskSizeGB`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskSizeGB:
 |The Azure disk size for the VM.
 |Integer that represents the size of the disk in GB. The default is `128`.
 
-|`compute.platform.azure.osDisk.diskType`
+|compute:
+  platform:
+    azure:
+      osDisk:
+        diskType:
 |Defines the type of disk.
-|`standard_LRS`, `premium_LRS`, or `standardSSD_LRS`. The default is `premium_LRS`.
+|`standard_LRS` or `premium_LRS`. The default is `premium_LRS`.
 
-|`compute.platform.azure.type`
+|compute:
+  platform:
+    azure:
+      type:
 |Defines the azure instance type for compute machines.
 |String
 
-|`controlPlane.platform.azure.osDisk.diskSizeGB`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskSizeGB:
 |The Azure disk size for the VM.
 |Integer that represents the size of the disk in GB. The default is `1024`.
 
-|`controlPlane.platform.azure.osDisk.diskType`
+|controlPlane:
+  platform:
+    azure:
+      osDisk:
+        diskType:
 |Defines the type of disk.
-|`premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`.
+|`premium_LRS`.
 
-|`controlPlane.platform.azure.type`
+|controlPlane:
+  platform:
+    azure:
+      type:
 |Defines the azure instance type for control plane machines.
 |String
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskSizeGB`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskSizeGB:
 |The Azure disk size for the VM.
 |Integer that represents the size of the disk in GB. The default is `128`.
 
-|`platform.azure.defaultMachinePlatform.osDisk.diskType`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      osDisk:
+        diskType:
 |Defines the type of disk.
-|`standard_LRS`, `premium_LRS`, or `standardSSD_LRS`. The default is `premium_LRS`.
+|`standard_LRS` or `premium_LRS`. The default is `premium_LRS`.
 
-|`platform.azure.defaultMachinePlatform.type`
+|platform:
+  azure:
+    defaultMachinePlatform:
+      type:
 |The Azure instance type for control plane and compute machines.
 |The Azure instance type.
 
-|`platform.azure.armEndpoint`
+|platform:
+  azure:
+    armEndpoint:
 |The URL of the Azure Resource Manager endpoint that your Azure Stack Hub operator provides.
 |String
 
-|`platform.azure.baseDomainResourceGroupName`
+|platform:
+  azure:
+    baseDomainResourceGroupName:
 |The name of the resource group that contains the DNS zone for your base domain.
 |String, for example `production_cluster`.
 
-|`platform.azure.region`
+|platform:
+  azure:
+    region:
 |The name of your Azure Stack Hub local region.
 |String
 
-|`platform.azure.resourceGroupName`
+|platform:
+  azure:
+    resourceGroupName:
 |The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster by using the installation program deletes this resource group.
 |String, for example `existing_resource_group`.
 
-|`platform.azure.outboundType`
+|platform:
+  azure:
+    outboundType:
 |The outbound routing strategy used to connect your cluster to the internet. If
 you are using user-defined routing, you must have pre-existing networking
 available where the outbound routing has already been configured prior to
@@ -2105,18 +2934,20 @@ installing a cluster. The installation program is not responsible for
 configuring user-defined routing.
 |`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`.
 
-|`platform.azure.cloudName`
+|platform:
+  azure:
+    cloudName:
 |The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints.
 |`AzureStackCloud`
 
-|`clusterOSImage`
+|clusterOSImage:
 |The URL of a storage blob in the Azure Stack environment that contains an {op-system} VHD.
 |String, for example, \https://vhdsa.blob.example.example.com/vhd/rhcos-410.84.202112040202-0-azurestack.x86_64.vhd
 
 |====
 endif::ash[]
 
-ifdef::alibabacloud[]
+ifdef::alibaba-cloud[]
 //From: https://github.com/openshift/installer/blob/master/data/data/install.openshift.io_installconfigs.yaml#L20; https://github.com/openshift/openshift-docs/pull/40651/files#r792388476
 
 [id="installation-configuration-parameters-additional-alibaba_{context}"]
@@ -2132,97 +2963,154 @@ If defined, the parameters `compute.platform.alibabacloud` and `controlPlane.pla
 ====
 
 .Optional {alibaba} parameters
-[cols=".^2,.^3,.^5a",options="header"]
+[cols=".^2l,.^3,.^5a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`compute.platform.alibabacloud.imageID`
+|compute:
+  platform:
+    alibabacloud:
+      imageID:
 |The imageID used to create the ECS instance. ImageID must belong to the same region as the cluster.
 |String.
 
-|`compute.platform.alibabacloud.instanceType`
+|compute:
+  platform:
+    alibabacloud:
+      instanceType:
 |InstanceType defines the ECS instance type. Example: `ecs.g6.large`
 |String.
 
-|`compute.platform.alibabacloud.systemDiskCategory`
+|compute:
+  platform:
+    alibabacloud:
+      systemDiskCategory:
 |Defines the category of the system disk. Examples: `cloud_efficiency`,`cloud_essd`
 |String.
 
-|`compute.platform.alibabacloud.systemDisksize`
+|compute:
+  platform:
+    alibabacloud:
+      systemDisksize:
 |Defines the size of the system disk in gibibytes (GiB).
 |Integer.
 
-|`compute.platform.alibabacloud.zones`
+|compute:
+  platform:
+    alibabacloud:
+      zones:
 |The list of availability zones that can be used. Examples: `cn-hangzhou-h`, `cn-hangzhou-j`
 |String list.
 
-|`controlPlane.platform.alibabacloud.imageID`
+|controlPlane:
+  platform:
+    alibabacloud:
+      imageID:
 |The imageID used to create the ECS instance. ImageID must belong to the same region as the cluster.
 |String.
 
-|`controlPlane.platform.alibabacloud.instanceType`
+|controlPlane:
+  platform:
+    alibabacloud:
+      instanceType:
 |InstanceType defines the ECS instance type. Example: `ecs.g6.xlarge`
 |String.
 
-|`controlPlane.platform.alibabacloud.systemDiskCategory`
+|controlPlane:
+  platform:
+    alibabacloud:
+      systemDiskCategory:
 |Defines the category of the system disk. Examples: `cloud_efficiency`,`cloud_essd`
 |String.
 
-|`controlPlane.platform.alibabacloud.systemDisksize`
+|controlPlane:
+  platform:
+    alibabacloud:
+      systemDisksize:
 |Defines the size of the system disk in gibibytes (GiB).
 |Integer.
 
-|`controlPlane.platform.alibabacloud.zones`
+|controlPlane:
+  platform:
+    alibabacloud:
+      zones:
 |The list of availability zones that can be used. Examples: `cn-hangzhou-h`, `cn-hangzhou-j`
 |String list.
 
-|`platform.alibabacloud.region`
+|platform:
+  alibabacloud:
+    region:
 |Required. The Alibaba Cloud region where the cluster will be created.
 |String.
 
-|`platform.alibabacloud.resourceGroupID`
+|platform:
+  alibabacloud:
+    resourceGroupID:
 |The ID of an already existing resource group where the cluster will be installed. If empty, the installation program will create a new resource group for the cluster.
 |String.
 
-|`platform.alibabacloud.tags`
+|platform:
+  alibabacloud:
+    tags:
 |Additional keys and values to apply to all Alibaba Cloud resources created for the cluster.
 |Object.
 
-|`platform.alibabacloud.vpcID`
+|platform:
+  alibabacloud:
+    vpcID:
 |The ID of an already existing VPC where the cluster should be installed. If empty, the installation program will create a new VPC for the cluster.
 |String.
 
-|`platform.alibabacloud.vswitchIDs`
+|platform:
+  alibabacloud:
+    vswitchIDs:
 |The ID list of already existing VSwitches where cluster resources will be created. The existing VSwitches can only be used when also using existing VPC. If empty, the installation program will create new VSwitches for the cluster.
 |String list.
 
-|`platform.alibabacloud.defaultMachinePlatform.imageID`
+|platform:
+  alibabacloud:
+    defaultMachinePlatform:
+      imageID:
 |For both compute machines and control plane machines, the image ID that should be used to create ECS instance. If set, the image ID should belong to the same region as the cluster.
 |String.
 
-|`platform.alibabacloud.defaultMachinePlatform.instanceType`
+|platform:
+  alibabacloud:
+    defaultMachinePlatform:
+      instanceType:
 |For both compute machines and control plane machines, the ECS instance type used to create the ECS instance. Example: `ecs.g6.xlarge`
 |String.
 
-|`platform.alibabacloud.defaultMachinePlatform.systemDiskCategory`
+|platform:
+  alibabacloud:
+    defaultMachinePlatform:
+      systemDiskCategory:
 |For both compute machines and control plane machines, the category of the system disk. Examples: `cloud_efficiency`, `cloud_essd`.
 |String, for example "", `cloud_efficiency`, `cloud_essd`.
 
-|`platform.alibabacloud.defaultMachinePlatform.systemDiskSize`
+|platform:
+  alibabacloud:
+    defaultMachinePlatform:
+      systemDiskSize:
 |For both compute machines and control plane machines, the size of the system disk in gibibytes (GiB). The minimum is `120`.
 |Integer.
 
-|`platform.alibabacloud.defaultMachinePlatform.zones`
+|platform:
+  alibabacloud:
+    defaultMachinePlatform:
+      zones:
 |For both compute machines and control plane machines, the list of availability zones that can be used. Examples: `cn-hangzhou-h`, `cn-hangzhou-j`
 |String list.
 
-|`platform.alibabacloud.privateZoneID`
+|platform:
+  alibabacloud:
+    privateZoneID:
 |The ID of an existing private zone into which to add DNS records for the cluster's internal API. An existing private zone can only be used when also using existing VPC. The private zone must be associated with the VPC containing the subnets. Leave the private zone unset to have the installation program create the private zone on your behalf.
 |String.
 
 |====
 
-endif::alibabacloud[]
+endif::alibaba-cloud[]
 
 ifdef::nutanix[]
 [id="installation-configuration-parameters-additional-vsphere_{context}"]
@@ -2231,274 +3119,291 @@ ifdef::nutanix[]
 Additional Nutanix configuration parameters are described in the following table:
 
 .Additional Nutanix cluster parameters
-[cols=".^2,.^3a,.^3a",options="header"]
+[cols=".^2l,.^3a,.^3a",options="header"]
 |====
 |Parameter|Description|Values
 
-|`compute.platform.nutanix.categories.key`
+|compute:
+  platform:
+    nutanix:
+      categories:
+        key:
 |The name of a prism category key to apply to compute VMs. This parameter must be accompanied by the `value` parameter, and both `key` and `value` parameters must exist in Prism Central. For more information on categories, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_6:ssp-ssp-categories-manage-pc-c.html[Category management].
 |String
 
-|`compute.platform.nutanix.categories.value`
+|compute:
+  platform:
+    nutanix:
+      categories:
+        value:
 |The value of a prism category key-value pair to apply to compute VMs. This parameter must be accompanied by the `key` parameter, and both `key` and `value` parameters must exist in Prism Central.
 |String
 
-|`compute.platform.nutanix.project.type`
+|compute:
+  platform:
+    nutanix:
+     failureDomains:
+d|The failure domains that apply to only compute machines.
+
+Failure domains are specified in `platform.nutanix.failureDomains`.
+d|List.
+
+The name of one or more failures domains.
+
+|compute:
+  platform:
+    nutanix:
+      project:
+        type:
 |The type of identifier you use to select a project for compute VMs.  Projects define logical groups of user roles for managing permissions, networks, and other parameters. For more information on projects, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_9:ssp-app-mgmt-project-env-c.html[Projects Overview].
 |`name` or `uuid`
 
-|`compute.platform.nutanix.project.name` or `compute.platform.nutanix.project.uuid`
+|compute:
+  platform:
+    nutanix:
+      project:
+        name: or uuid:
 |The name or UUID of a project with which compute VMs are associated. This parameter must be accompanied by the `type` parameter.
 |String
 
-|`compute.platform.nutanix.bootType`
+|compute:
+  platform:
+    nutanix:
+      bootType:
 |The boot type that the compute machines use. You must use the `Legacy` boot type in {product-title} {product-version}. For more information on boot types, see link:https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000H3K9SAK[Understanding UEFI, Secure Boot, and TPM in the Virtualized Environment].
 |`Legacy`, `SecureBoot` or `UEFI`. The default is `Legacy`.
 
-|`controlPlane.platform.nutanix.categories.key`
+|controlPlane:
+  platform:
+    nutanix:
+      categories:
+        key:
 |The name of a prism category key to apply to control plane VMs. This parameter must be accompanied by the `value` parameter, and both `key` and `value` parameters must exist in Prism Central. For more information on categories, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_6:ssp-ssp-categories-manage-pc-c.html[Category management].
 |String
 
-|`controlPlane.platform.nutanix.categories.value`
+|controlPlane:
+  platform:
+    nutanix:
+      categories:
+        value:
 |The value of a prism category key-value pair to apply to control plane VMs. This parameter must be accompanied by the `key` parameter, and both `key` and `value` parameters must exist in Prism Central.
 |String
 
-|`controlPlane.platform.nutanix.project.type`
+|controlPlane:
+  platform:
+    nutanix:
+     failureDomains:
+d|The failure domains that apply to only control plane machines.
+
+Failure domains are specified in `platform.nutanix.failureDomains`.
+d|List.
+
+The name of one or more failures domains.
+
+|controlPlane:
+  platform:
+    nutanix:
+      project:
+        type:
 |The type of identifier you use to select a project for control plane VMs.  Projects define logical groups of user roles for managing permissions, networks, and other parameters. For more information on projects, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_9:ssp-app-mgmt-project-env-c.html[Projects Overview].
 |`name` or `uuid`
 
-|`controlPlane.platform.nutanix.project.name` or `controlPlane.platform.nutanix.project.uuid`
+|controlPlane:
+  platform:
+    nutanix:
+      project:
+        name: or uuid:
 |The name or UUID of a project with which control plane VMs are associated. This parameter must be accompanied by the `type` parameter.
 |String
 
-|`platform.nutanix.defaultMachinePlatform.categories.key`
+|platform:
+  nutanix:
+    defaultMachinePlatform:
+      categories:
+        key:
 |The name of a prism category key to apply to all VMs. This parameter must be accompanied by the `value` parameter, and both `key` and `value` parameters must exist in Prism Central. For more information on categories, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_6:ssp-ssp-categories-manage-pc-c.html[Category management].
 |String
 
-|`platform.nutanix.defaultMachinePlatform.categories.value`
+|platform:
+  nutanix:
+    defaultMachinePlatform:
+      categories:
+        value:
 |The value of a prism category key-value pair to apply to all VMs. This parameter must be accompanied by the `key` parameter, and both `key` and `value` parameters must exist in Prism Central.
 |String
 
-|`platform.nutanix.defaultMachinePlatform.project.type`
+|platform:
+  nutanix:
+    defaulatMachinePlatform:
+      failureDomains:
+d|The failure domains that apply to both control plane and compute machines.
+
+Failure domains are specified in `platform.nutanix.failureDomains`.
+d|List.
+
+The name of one or more failures domains.
+
+|platform:
+  nutanix:
+    defaultMachinePlatform:
+      project:
+        type:
 |The type of identifier you use to select a project for all VMs. Projects define logical groups of user roles for managing permissions, networks, and other parameters. For more information on projects, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_9:ssp-app-mgmt-project-env-c.html[Projects Overview].
 |`name` or `uuid`.
 
-|`platform.nutanix.defaultMachinePlatform.project.name` or `platform.nutanix.defaultMachinePlatform.project.uuid`
+|platform:
+  nutanix:
+    defaultMachinePlatform:
+      project:
+        name: or uuid:
 |The name or UUID of a project with which all VMs are associated. This parameter must be accompanied by the `type` parameter.
 |String
 
-|`platform.nutanix.defaultMachinePlatform.bootType`
+|platform:
+  nutanix:
+    defaultMachinePlatform:
+      bootType:
 |The boot type for all machines. You must use the `Legacy` boot type in {product-title} {product-version}. For more information on boot types, see link:https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000H3K9SAK[Understanding UEFI, Secure Boot, and TPM in the Virtualized Environment].
 |`Legacy`, `SecureBoot` or `UEFI`. The default is `Legacy`.
 
-|`platform.nutanix.apiVIP`
+|platform:
+  nutanix:
+    apiVIP:
 |The virtual IP (VIP) address that you configured for control plane API access.
 |IP address
 
-|`platform.nutanix.ingressVIP`
+|platform:
+  nutanix:
+    failureDomains:
+    - name:
+      prismElement:
+        name:
+        uuid:
+      subnetUUIDs:
+      -
+a|By default, the installation program installs cluster machines to a single Prism Element instance. You can specify additional Prism Element instances for fault tolerance, and then apply them to:
+
+* The cluster's default machine configuration
+* Only control plane or compute machine pools
+d|A list of configured failure domains.
+
+For more information on usage, see "Configuring a failure domain" in "Installing a cluster on Nutanix".
+
+|platform:
+  nutanix:
+    ingressVIP:
 |The virtual IP (VIP) address that you configured for cluster ingress.
 |IP address
 
-|`platform.nutanix.prismCentral.endpoint.address`
+|platform:
+  nutanix:
+    prismCentral:
+      endpoint:
+        address:
 |The Prism Central domain name or IP address.
 |String
 
-|`platform.nutanix.prismCentral.endpoint.port`
+|platform:
+  nutanix:
+    prismCentral:
+      endpoint:
+        port:
 |The port that is used to log into Prism Central.
 |String
 
-|`platform.nutanix.prismCentral.password`
+|platform:
+  nutanix:
+    prismCentral:
+      password:
 |The password for the Prism Central user name.
 |String
 
-|`platform.nutanix.prismCentral.username`
+|platform:
+  nutanix:
+    prismCentral:
+      username:
 |The user name that is used to log into Prism Central.
 |String
 
-|`platform.nutanix.prismElments.endpoint.address`
+|platform:
+  nutanix:
+    prismElements:
+      endpoint:
+        address:
 |The Prism Element domain name or IP address. [^1^]
 |String
 
-|`platform.nutanix.prismElments.endpoint.port`
+|platform:
+  nutanix:
+    prismElements:
+      endpoint:
+        port:
 |The port that is used to log into Prism Element.
 |String
 
-|`platform.nutanix.prismElements.uuid`
+|platform:
+  nutanix:
+    prismElements:
+      uuid:
 |The universally unique identifier (UUID) for Prism Element.
 |String
 
-|`platform.nutanix.subnetUUIDs`
+|platform:
+  nutanix:
+    subnetUUIDs:
 |The UUID of the Prism Element network that contains the virtual IP addresses and DNS records that you configured. [^2^]
 |String
 
-|`platform.nutanix.clusterOSImage`
+|platform:
+  nutanix:
+    clusterOSImage:
 |Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server and pointing the installation program to the image.
 |An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, \http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2
 |====
 [.small]
 --
-1. The `prismElements` section holds a list of Prism Elements (clusters). A Prism Element encompasses all of the Nutanix resources, for example virtual machines and subnets, that are used to host the {product-title} cluster. Only a single Prism Element is supported.
-2. Only one subnet per {product-title} cluster is supported.
+1. The `prismElements` section holds a list of Prism Elements (clusters). A Prism Element encompasses all of the Nutanix resources, for example virtual machines and subnets, that are used to host the {product-title} cluster.
+2. Only one subnet per Prism Element in an {product-title} cluster is supported.
 --
 endif::nutanix[]
 
-ifdef::bare[]
-:!bare:
-endif::bare[]
-ifeval::["{context}" == "installing-alibaba-customizations"]
-:!alibabacloud:
-endif::[]
-ifeval::["{context}" == "installing-alibaba-vpc"]
-:!alibabacloud:
-endif::[]
-ifeval::["{context}" == "installing-aws-customizations"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-government-region"]
-:!aws-govcloud:
-endif::[]
-ifeval::["{context}" == "installing-aws-secret-region"]
-:!aws-secret:
-endif::[]
-ifeval::["{context}" == "installing-aws-network-customizations"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-private"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-vpc"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-azure-customizations"]
-:!azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-government-region"]
-:!azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-network-customizations"]
-:!azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-private"]
-:!azure:
-endif::[]
-ifeval::["{context}" == "installing-azure-vnet"]
-:!azure:
-endif::[]
-ifeval::["{context}" == "installing-gcp-customizations"]
-:!gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-private"]
-:!gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-network-customizations"]
-:!gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-vpc"]
-:!gcp:
-endif::[]
-ifeval::["{context}" == "installing-gcp-shared-vpc"]
-:!gcp:
+ifeval::["{context}" == "installation-config-parameters-vsphere"]
+:!vsphere:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+ifeval::["{context}" == "installation-config-parameters-gcp"]
 :!gcp:
 endif::[]
-ifeval::["{context}" == "installing-aws-customizations"]
-:!aws:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-customizations"]
-:!ibm-cloud:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
-:!ibm-cloud:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-vpc"]
-:!ibm-cloud:
-:!ibm-cloud-vpc:
-endif::[]
-ifeval::["{context}" == "installing-ibm-cloud-private"]
-:!ibm-cloud:
-:!ibm-cloud-vpc:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-custom"]
-:!osp:
-:!osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!osp:
-:!osp-kuryr:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user"]
-:!osp:
-:!osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!osp:
-:!osp-kuryr:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov"]
-:!osp:
-:!osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!osp:
-:!osp-kuryr:
-endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:!rhv:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-restricted"]
-:!osp:
-:!osp-custom:
-endif::[]
-ifeval::["{context}" == "installing-ibm-z"]
-:!ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-ibm-z-kvm"]
+ifeval::["{context}" == "installation-config-parameters-ibm-z"]
 :!ibm-z:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
-:!ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
-:!ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-ibm-power"]
+ifeval::["{context}" == "installation-config-parameters-ibm-power"]
 :!ibm-power:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
-:!ibm-power:
+ifeval::["{context}" == "installation-config-parameters-ash"]
+:!ash:
 endif::[]
-ifeval::["{context}" == "installing-ibm-power-vs-customizations"]
-:!ibm-power-vs:
+ifeval::["{context}" == "installation-config-parameters-bare-metal"]
+:!bare:
 endif::[]
-ifeval::["{context}" == "installing-ibm-power-vs-private-cluster"]
-:!ibm-power-vs:
+ifeval::["{context}" == "installation-config-parameters-ibm-cloud-vpc"]
+:!ibm-cloud:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-power-vs"]
-:!ibm-power-vs:
+ifeval::["{context}" == "installation-config-parameters-alibaba"]
+:!alibaba-cloud:
 endif::[]
-ifeval::["{context}" == "installing-ibm-powervs-vpc"]
+ifeval::["{context}" == "installation-config-parameters-ibm-power-vs"]
 :!ibm-power-vs:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-default"]
-:!ash:
-endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
-:!ash:
-endif::[]
-ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
+ifeval::["{context}" == "installation-config-parameters-nutanix"]
 :!nutanix:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"]
-:!nutanix:
+ifeval::["{context}" == "installation-config-parameters-openstack"]
+:!osp:
 endif::[]
-ifeval::["{context}" == "installation-config-parameters-vsphere"]
-:!vsphere:
+ifeval::["{context}" == "installation-config-parameters-azure"]
+:!azure:
+endif::[]
+ifeval::["{context}" == "installation-config-parameters-aws"]
+:!aws:
 endif::[]
 :!platform:
diff --git a/modules/installation-configure-proxy.adoc b/modules/installation-configure-proxy.adoc
index 71a1838b8a9b..457608f7b982 100644
--- a/modules/installation-configure-proxy.adoc
+++ b/modules/installation-configure-proxy.adoc
@@ -30,10 +30,10 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
@@ -54,9 +54,10 @@
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
 // * networking/configuring-a-custom-pki.adoc
-// * installing/installing-rhv-restricted-network.adoc
 // * installing/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-aws-china-region"]
 :aws:
@@ -113,14 +114,8 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
 :vsphere:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:kuryr:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-restricted"]
-:kuryr:
-endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-configure-proxy_{context}"]
 = Configuring the cluster-wide proxy during installation
 
@@ -138,27 +133,8 @@ range that is specified in the `networking.machineNetwork[].cidr` field in the
 ====
 endif::bare-metal[]
 
-ifdef::kuryr[]
-[NOTE]
-====
-Kuryr installations default to HTTP proxies.
-====
-endif::kuryr[]
-
 .Prerequisites
 
-ifdef::kuryr[]
-
-* For Kuryr installations on restricted networks that use the `Proxy` object, the proxy must be able to reply to the router that the cluster uses. To add a static route for the proxy configuration, from a command line as the root user, enter:
-+
-[source,terminal]
-----
-$ ip route add <cluster_network_cidr> via <installer_subnet_gateway>
-----
-
-* The restricted subnet must have a gateway that is defined and available to be linked to the `Router` resource that Kuryr creates.
-
-endif::kuryr[]
 * You have an existing `install-config.yaml` file.
 // TODO: xref (../../installing/install_config/configuring-firewall.adoc#configuring-firewall)
 * You reviewed the sites that your cluster requires access to and determined whether any of them need to bypass the proxy. By default, all cluster egress traffic is proxied, including calls to hosting cloud provider APIs. You added sites to the `Proxy` object's `spec.noProxy` field to bypass the proxy if necessary.
@@ -295,9 +271,3 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
 :!vsphere:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!kuryr:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-restricted"]
-:!kuryr:
-endif::[]
diff --git a/modules/installation-configuring-nutanix-failure-domains.adoc b/modules/installation-configuring-nutanix-failure-domains.adoc
new file mode 100644
index 000000000000..4eb86db8c8c3
--- /dev/null
+++ b/modules/installation-configuring-nutanix-failure-domains.adoc
@@ -0,0 +1,99 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
+// * installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-configuring-nutanix-failure-domains_{context}"]
+= Configuring failure domains
+
+Failure domains improve the fault tolerance of an {product-title} cluster by distributing control plane and compute machines across multiple Nutanix Prism Elements (clusters).
+
+[TIP]
+====
+It is recommended that you configure three failure domains to ensure high-availability.
+====
+
+.Prerequisites
+
+* You have an installation configuration file (`install-config.yaml`).
+
+.Procedure
+
+. Edit the `install-config.yaml` file and add the following stanza to configure the first failure domain:
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com
+compute:
+# ...
+platform:
+  nutanix:
+    failureDomains:
+    - name: <failure_domain_name>
+      prismElement:
+        name: <prism_element_name>
+        uuid: <prism_element_uuid>
+      subnetUUIDs:
+      - <network_uuid>
+# ...
+----
++
+where:
+
+`<failure_domain_name>`:: Specifies a unique name for the failure domain. The name is limited to 64 or fewer characters, which can include lower-case letters, digits, and a dash (`-`). The dash cannot be in the leading or ending position of the name.
+`<prism_element_name>`:: Optional. Specifies the name of the Prism Element.
+`<prism_element_uuid`>:: Specifies the UUID of the Prism Element.
+`<network_uuid`>:: Specifies the UUID of the Prism Element subnet object. The subnet's IP address prefix (CIDR) should contain the virtual IP addresses that the {product-title} cluster uses. Only one subnet per failure domain (Prism Element) in an {product-title} cluster is supported.
+
+. As required, configure additional failure domains.
+. To distribute control plane and compute machines across the failure domains, do one of the following:
+
+** If compute and control plane machines can share the same set of failure domains, add the failure domain names under the cluster's default machine configuration.
++
+.Example of control plane and compute machines sharing a set of failure domains
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com
+compute:
+# ...
+platform:
+  nutanix:
+    defaultMachinePlatform:
+      failureDomains:
+        - failure-domain-1
+        - failure-domain-2
+        - failure-domain-3
+# ...
+----
+** If compute and control plane machines must use different failure domains, add the failure domain names under the respective machine pools.
++
+.Example of control plane and compute machines using different failure domains
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com
+compute:
+# ...
+controlPlane:
+  platform:
+    nutanix:
+      failureDomains:
+        - failure-domain-1
+        - failure-domain-2
+        - failure-domain-3
+# ...
+compute:
+  platform:
+    nutanix:
+      failureDomains:
+        - failure-domain-1
+        - failure-domain-2
+# ...
+----
+
+. Save the file.
diff --git a/modules/installation-create-ingress-dns-records.adoc b/modules/installation-create-ingress-dns-records.adoc
index 552e814f512e..3a3f414835e5 100644
--- a/modules/installation-create-ingress-dns-records.adoc
+++ b/modules/installation-create-ingress-dns-records.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-create-ingress-dns-records_{context}"]
 = Creating the Ingress DNS Records
 
diff --git a/modules/installation-creating-aws-bootstrap.adoc b/modules/installation-creating-aws-bootstrap.adoc
index d6765d2a70af..4606de664bac 100644
--- a/modules/installation-creating-aws-bootstrap.adoc
+++ b/modules/installation-creating-aws-bootstrap.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-bootstrap_{context}"]
 = Creating the bootstrap node in AWS
 
diff --git a/modules/installation-creating-aws-control-plane.adoc b/modules/installation-creating-aws-control-plane.adoc
index ed6e2b23df4d..ae2dd6935496 100644
--- a/modules/installation-creating-aws-control-plane.adoc
+++ b/modules/installation-creating-aws-control-plane.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-control-plane_{context}"]
 = Creating the control plane machines in AWS
 
diff --git a/modules/installation-creating-aws-dns.adoc b/modules/installation-creating-aws-dns.adoc
index 3c1efca6f7f3..ca8c12da6ecf 100644
--- a/modules/installation-creating-aws-dns.adoc
+++ b/modules/installation-creating-aws-dns.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-dns_{context}"]
 = Creating networking and load balancing components in AWS
 
diff --git a/modules/installation-creating-aws-security.adoc b/modules/installation-creating-aws-security.adoc
index 64dc0c527619..10e5272eb7d4 100644
--- a/modules/installation-creating-aws-security.adoc
+++ b/modules/installation-creating-aws-security.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-security_{context}"]
 = Creating security group and roles in AWS
 
diff --git a/modules/installation-creating-aws-subnet-localzone.adoc b/modules/installation-creating-aws-subnet-localzone.adoc
index 9546ed8e3d8d..4ff5b6cea368 100644
--- a/modules/installation-creating-aws-subnet-localzone.adoc
+++ b/modules/installation-creating-aws-subnet-localzone.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-subnet-localzone_{context}"]
 = Creating a subnet in AWS Local Zones
 
@@ -47,8 +48,8 @@ requires:
     "ParameterValue": "<value_of_ZoneName>" <3>
   },
   {
-    "ParameterKey": "SubnetName", 
-    "ParameterValue": "<value_of_SubnetName>" 
+    "ParameterKey": "SubnetName",
+    "ParameterValue": "<value_of_SubnetName>"
   },
   {
     "ParameterKey": "PublicSubnetCidr",
@@ -60,7 +61,7 @@ requires:
 for the VPC.
 <2> Specify the Route Table ID, which is the value of the `PublicRouteTableId` in the CloudFormation stack
 for the VPC.
-<3> Specify the AWS Local Zone name, which is the value of the `ZoneName` field in the `AvailabilityZones` object that you retrieve in the section "Opting into AWS Local Zones".
+<3> Specify the AWS Local Zone name, which is the value of the `ZoneName` field in the `AvailabilityZones` object that you retrieve in the section "Opting in to AWS Local Zones".
 <4> Specify a CIDR block that is used to create the Local Zone subnet. This block must be part of the VPC CIDR block `VpcCidr`.
 
 . Copy the template from the *CloudFormation template for the subnet*
diff --git a/modules/installation-creating-aws-vpc-localzone.adoc b/modules/installation-creating-aws-vpc-localzone.adoc
index 1cca351d8450..085481d3be2c 100644
--- a/modules/installation-creating-aws-vpc-localzone.adoc
+++ b/modules/installation-creating-aws-vpc-localzone.adoc
@@ -2,11 +2,11 @@
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-vpc-localzone_{context}"]
-= Creating a VPC that uses AWS Local Zones
+= Creating a VPC in AWS
 
-You must create a Virtual Private Cloud (VPC), and subnets for each Local Zone location, in Amazon Web Services (AWS) for your {product-title}
+You can create a Virtual Private Cloud (VPC), and subnets for each Local Zone location, in Amazon Web Services (AWS) for your {product-title}
 cluster to extend worker nodes to the edge locations. You can further customize the VPC to meet your requirements, including
 VPN, route tables, and add new Local Zone subnets that are not included at initial deployment.
 
diff --git a/modules/installation-creating-aws-vpc.adoc b/modules/installation-creating-aws-vpc.adoc
index 80a2481d0698..e01365b392ce 100644
--- a/modules/installation-creating-aws-vpc.adoc
+++ b/modules/installation-creating-aws-vpc.adoc
@@ -3,13 +3,13 @@
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-vpc_{context}"]
 = Creating a VPC in AWS
 
 You must create a Virtual Private Cloud (VPC) in Amazon Web Services (AWS) for your {product-title}
 cluster to use. You can customize the VPC to meet your requirements, including
-VPN and route tables. 
+VPN and route tables.
 
 You can use the provided CloudFormation template and a custom parameter file to create a stack of AWS resources that represent the VPC.
 
diff --git a/modules/installation-creating-aws-worker.adoc b/modules/installation-creating-aws-worker.adoc
index 33b53d0b67a0..44c8cc5ab359 100644
--- a/modules/installation-creating-aws-worker.adoc
+++ b/modules/installation-creating-aws-worker.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "installing-aws-user-infra"]
 :three-node-cluster:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-aws-worker_{context}"]
 = Creating the worker nodes in AWS
 
diff --git a/modules/installation-creating-azure-bootstrap.adoc b/modules/installation-creating-azure-bootstrap.adoc
index 7a121da80e98..ed908f816023 100644
--- a/modules/installation-creating-azure-bootstrap.adoc
+++ b/modules/installation-creating-azure-bootstrap.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -11,8 +12,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-azure-bootstrap_{context}"]
 = Creating the bootstrap machine in {cp}
 
@@ -118,3 +123,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-creating-azure-control-plane.adoc b/modules/installation-creating-azure-control-plane.adoc
index 341b2bdb3476..f7f273b05592 100644
--- a/modules/installation-creating-azure-control-plane.adoc
+++ b/modules/installation-creating-azure-control-plane.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -11,8 +12,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-azure-control-plane_{context}"]
 = Creating the control plane machines in {cp}
 
@@ -20,13 +25,14 @@ You must create the control plane machines in Microsoft {cp} for your cluster
 to use. One way to create these machines is to modify the provided Azure
 Resource Manager (ARM) template.
 
+ifdef::azure[]
 [NOTE]
 ====
-If you do not use the provided ARM template to create your control plane
-machines, you must review the provided information and manually create the
-infrastructure. If your cluster does not initialize correctly, you might have to
-contact Red Hat support with your installation logs.
+By default, Microsoft {cp} places control plane machines and compute machines in a pre-set availability zone. You can manually set an availability zone for a compute node or control plane node. To do this, modify a vendor's Azure Resource Manager (ARM) template by specifying each of your availability zones in the `zones` parameter of the virtual machine resource.
 ====
+endif::azure[]
+
+If you do not use the provided ARM template to create your control plane machines, you must review the provided information and manually create the infrastructure. If your cluster does not initialize correctly, consider contacting Red Hat support with your installation logs.
 
 .Prerequisites
 
@@ -85,3 +91,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-creating-azure-dns.adoc b/modules/installation-creating-azure-dns.adoc
index c71b671ec7c7..61b9a1cbf18f 100644
--- a/modules/installation-creating-azure-dns.adoc
+++ b/modules/installation-creating-azure-dns.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -11,8 +12,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-azure-dns_{context}"]
 = Creating networking and load balancing components in {cp}
 
@@ -146,3 +151,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-creating-azure-service-principal.adoc b/modules/installation-creating-azure-service-principal.adoc
new file mode 100644
index 000000000000..a244dab74052
--- /dev/null
+++ b/modules/installation-creating-azure-service-principal.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_azure/installing-azure-account.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-creating-azure-service-principal_{context}"]
+= Creating a service principal
+
+The installation program requires an Azure identity to complete the installation. You can use a service principal.
+
+If you are unable to use a service principal, you can use a managed identity.
+
+.Prerequisites
+
+* You have installed or updated the link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-latest[Azure CLI].
+* You have an Azure subscription ID.
+* If you are not going to assign the `Contributor` and `User Administrator Access` roles to the service principal, you have created a custom role with the required Azure permissions.
+
+.Procedure
+
+. Create the service principal for your account by running the following command:
++
+[source,terminal]
+----
+$ az ad sp create-for-rbac --role <role_name> \// <1>
+     --name <service_principal> \// <2>
+     --scopes /subscriptions/<subscription_id> <3>
+----
+<1> Defines the role name. You can use the `Contributor` role, or you can specify a custom role which contains the necessary permissions.
+<2> Defines the service principal name.
+<3> Specifies the subscription ID.
++
+.Example output
+[source,terminal]
+----
+Creating 'Contributor' role assignment under scope '/subscriptions/<subscription_id>'
+The output includes credentials that you must protect. Be sure that you do not
+include these credentials in your code or check the credentials into your source
+control. For more information, see https://aka.ms/azadsp-cli
+{
+  "appId": "axxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
+  "displayName": <service_principal>",
+  "password": "00000000-0000-0000-0000-000000000000",
+  "tenantId": "8xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+----
+
+. Record the values of the `appId` and `password` parameters from the output. You require these values when installing the cluster.
+
+. If you applied the `Contributor` role to your service principal, assign the `User Administrator Access` role by running the following command:
++
+[source,terminal]
+----
+$ az role assignment create --role "User Access Administrator" \
+  --assignee-object-id $(az ad sp show --id <appId> --query id -o tsv) <1>
+  --scope /subscriptions/<subscription_id> <2>
+----
+<1> Specify the `appId` parameter value for your service principal.
+<2> Specifies the subscription ID.
diff --git a/modules/installation-creating-azure-vnet.adoc b/modules/installation-creating-azure-vnet.adoc
index 337d6cf596a8..a3c53239230b 100644
--- a/modules/installation-creating-azure-vnet.adoc
+++ b/modules/installation-creating-azure-vnet.adoc
@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -10,8 +11,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-azure-vnet_{context}"]
 = Creating a VNet in {cp}
 
@@ -66,3 +71,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-creating-azure-worker.adoc b/modules/installation-creating-azure-worker.adoc
index 407cf4bcc6c0..ea3096238c7a 100644
--- a/modules/installation-creating-azure-worker.adoc
+++ b/modules/installation-creating-azure-worker.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -12,8 +13,12 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-azure-worker_{context}"]
 = Creating additional worker machines in {cp}
 
@@ -33,13 +38,14 @@ In this example, you manually launch one instance by using the Azure Resource
 Manager (ARM) template. Additional instances can be launched by including
 additional resources of type `06_workers.json` in the file.
 
+ifdef::azure[]
 [NOTE]
 ====
-If you do not use the provided ARM template to create your worker machines, you
-must review the provided information and manually create the infrastructure. If
-your cluster does not initialize correctly, you might have to contact Red Hat
-support with your installation logs.
+By default, Microsoft {cp} places control plane machines and compute machines in a pre-set availability zone. You can manually set an availability zone for a compute node or control plane node. To do this, modify a vendor's ARM template by specifying each of your availability zones in the `zones` parameter of the virtual machine resource.
 ====
+endif::azure[]
+
+If you do not use the provided ARM template to create your control plane machines, you must review the provided information and manually create the infrastructure. If your cluster does not initialize correctly, consider contacting Red Hat support with your installation logs.
 
 .Prerequisites
 
@@ -100,3 +106,7 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 :!cp: Azure Stack Hub
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!cp: Azure
+endif::[]
diff --git a/modules/installation-creating-gcp-bootstrap.adoc b/modules/installation-creating-gcp-bootstrap.adoc
index 7ba569b0e4a9..66888f0e632f 100644
--- a/modules/installation-creating-gcp-bootstrap.adoc
+++ b/modules/installation-creating-gcp-bootstrap.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-bootstrap_{context}"]
 = Creating the bootstrap machine in GCP
 
diff --git a/modules/installation-creating-gcp-control-plane.adoc b/modules/installation-creating-gcp-control-plane.adoc
index 99311ea97fc0..810d4985b399 100644
--- a/modules/installation-creating-gcp-control-plane.adoc
+++ b/modules/installation-creating-gcp-control-plane.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-control-plane_{context}"]
 = Creating the control plane machines in GCP
 
diff --git a/modules/installation-creating-gcp-firewall-rules-vpc.adoc b/modules/installation-creating-gcp-firewall-rules-vpc.adoc
index 4a6ce5e9e974..a43915069522 100644
--- a/modules/installation-creating-gcp-firewall-rules-vpc.adoc
+++ b/modules/installation-creating-gcp-firewall-rules-vpc.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-firewall-rules-vpc_{context}"]
 = Creating firewall rules in GCP
 
diff --git a/modules/installation-creating-gcp-iam-shared-vpc.adoc b/modules/installation-creating-gcp-iam-shared-vpc.adoc
index 4e6994b72a64..e06d77a1440f 100644
--- a/modules/installation-creating-gcp-iam-shared-vpc.adoc
+++ b/modules/installation-creating-gcp-iam-shared-vpc.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-iam-shared-vpc_{context}"]
 = Creating IAM roles in GCP
 
diff --git a/modules/installation-creating-gcp-lb.adoc b/modules/installation-creating-gcp-lb.adoc
index c21fd4bca419..9865f5b89794 100644
--- a/modules/installation-creating-gcp-lb.adoc
+++ b/modules/installation-creating-gcp-lb.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-lb_{context}"]
 = Creating load balancers in GCP
 
diff --git a/modules/installation-creating-gcp-private-dns.adoc b/modules/installation-creating-gcp-private-dns.adoc
index 1bd2f2e060bb..0b03ddae267f 100644
--- a/modules/installation-creating-gcp-private-dns.adoc
+++ b/modules/installation-creating-gcp-private-dns.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-private-dns_{context}"]
 = Creating a private DNS zone in GCP
 
diff --git a/modules/installation-creating-gcp-shared-vpc-cluster-wide-firewall-rules.adoc b/modules/installation-creating-gcp-shared-vpc-cluster-wide-firewall-rules.adoc
index b794bf7f9272..dfab22252e5d 100644
--- a/modules/installation-creating-gcp-shared-vpc-cluster-wide-firewall-rules.adoc
+++ b/modules/installation-creating-gcp-shared-vpc-cluster-wide-firewall-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-shared-vpc-cluster-wide-firewall-rules_{context}"]
 = Creating cluster-wide firewall rules for a shared VPC in GCP
 
diff --git a/modules/installation-creating-gcp-vpc.adoc b/modules/installation-creating-gcp-vpc.adoc
index 3e40ab12d4a9..17fb8561eff1 100644
--- a/modules/installation-creating-gcp-vpc.adoc
+++ b/modules/installation-creating-gcp-vpc.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-vpc_{context}"]
 = Creating a VPC in GCP
 
diff --git a/modules/installation-creating-gcp-worker.adoc b/modules/installation-creating-gcp-worker.adoc
index 8ee13f0c22ef..208e6093dfdb 100644
--- a/modules/installation-creating-gcp-worker.adoc
+++ b/modules/installation-creating-gcp-worker.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-gcp-worker_{context}"]
 = Creating additional worker machines in GCP
 
diff --git a/modules/installation-creating-image-restricted.adoc b/modules/installation-creating-image-restricted.adoc
index 42b9ac663ef3..02bf2b54c3aa 100644
--- a/modules/installation-creating-image-restricted.adoc
+++ b/modules/installation-creating-image-restricted.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vs
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-creating-image-restricted_{context}"]
 = Creating the {op-system} image for restricted network installations
 
diff --git a/modules/installation-custom-alibaba-vpc.adoc b/modules/installation-custom-alibaba-vpc.adoc
index 8549403209ad..0be217cb89d4 100644
--- a/modules/installation-custom-alibaba-vpc.adoc
+++ b/modules/installation-custom-alibaba-vpc.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_alibaba/installing-alibaba-vpc.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-custom-alibaba-vpc_{context}"]
 = Using a custom VPC
 
diff --git a/modules/installation-custom-aws-vpc.adoc b/modules/installation-custom-aws-vpc.adoc
index ff4978815a26..bc96eee16d51 100644
--- a/modules/installation-custom-aws-vpc.adoc
+++ b/modules/installation-custom-aws-vpc.adoc
@@ -19,7 +19,7 @@ ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
 :aws-outposts:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-custom-aws-vpc_{context}"]
 = About using a custom VPC
 
@@ -27,7 +27,7 @@ ifndef::aws-outposts[]
 In {product-title} {product-version}, you can deploy a cluster into existing subnets in an existing Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS). By deploying {product-title} into an existing AWS VPC, you might be able to avoid limit constraints in new accounts or more easily abide by the operational constraints that your company's guidelines set. If you cannot obtain the infrastructure creation permissions that are required to create the VPC yourself, use this installation option.
 endif::aws-outposts[]
 ifdef::aws-outposts[]
-{product-title} {product-version} installer cannot automatically deploy AWS Subnets on AWS Outposts, so you will need to manually configure the VPC. Therefore, you have to deploy the cluster into existing subnets in an existing Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS). In addition, by deploying {product-title} into an existing AWS VPC, you might be able to avoid limit constraints in new accounts or more easily abide by the operational constraints that your company’s guidelines set.
+{product-title} {product-version} installer cannot automatically deploy AWS Subnets on AWS Outposts, so you will need to manually configure the VPC. Therefore, you have to deploy the cluster into existing subnets in an existing Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS). In addition, by deploying {product-title} into an existing AWS VPC, you might be able to avoid limit constraints in new accounts or more easily abide by the operational constraints that your company's guidelines set.
 endif::aws-outposts[]
 
 Because the installation program cannot know what other components are also in your existing subnets, it cannot choose subnet CIDRs and so forth on your behalf. You must configure networking for the subnets that you install your cluster to yourself.
@@ -101,7 +101,8 @@ endif::aws-outposts[]
 The installation program modifies your subnets to add the `kubernetes.io/cluster/.*: shared` tag, so your subnets must have at least one free tag slot available for it. See link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions[Tag Restrictions] in the AWS documentation to confirm that the installation program can add a tag to each subnet that you specify. You cannot use a `Name` tag, because it overlaps with the EC2 `Name` field and the installation fails.
 * You must enable the `enableDnsSupport` and `enableDnsHostnames` attributes in your VPC, so that the cluster can use the Route 53 zones that are attached to the VPC to resolve cluster's internal DNS records. See link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support[DNS Support in Your VPC] in the AWS documentation.
 +
-If you prefer to use your own Route 53 hosted private zone, you must associate the existing hosted zone with your VPC prior to installing a cluster. You can define your hosted zone using the `platform.aws.hostedZone` field in the `install-config.yaml` file.
+If you prefer to use your own Route 53 hosted private zone, you must associate the existing hosted zone with your VPC prior to installing a cluster. You can define your hosted zone using the `platform.aws.hostedZone` and `platform.aws.hostedZoneRole` fields in the `install-config.yaml` file.
+You can use a private hosted zone from another account by sharing it with the account where you install the cluster. If you use a private hosted zone from another account, you must use the `Passthrough` or `Manual` credentials mode.
 
 ifndef::aws-secret,aws-outposts[]
 If you are working in a disconnected environment, you are unable to reach the public IP addresses for EC2, ELB, and S3 endpoints. Depending on the level to which you want to restrict internet traffic during the installation, the following configuration options are available:
diff --git a/modules/installation-custom-gcp-vpc.adoc b/modules/installation-custom-gcp-vpc.adoc
index 4e935dd2c622..32c7fa90c054 100644
--- a/modules/installation-custom-gcp-vpc.adoc
+++ b/modules/installation-custom-gcp-vpc.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_gcp/installing-gcp-vpc.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-custom-gcp-vpc_{context}"]
 = About using a custom VPC
 
diff --git a/modules/installation-custom-ibm-cloud-vpc.adoc b/modules/installation-custom-ibm-cloud-vpc.adoc
index 3c60e3bebb25..0e5b6de2be02 100644
--- a/modules/installation-custom-ibm-cloud-vpc.adoc
+++ b/modules/installation-custom-ibm-cloud-vpc.adoc
@@ -1,13 +1,25 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_gcp/installing-ibm-cloud-vpc.adoc
+// * installing/installing_ibm_cloud/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
-
-:_content-type: CONCEPT
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+
+ifeval::["{context}" == "installing-ibm-cloud-vpc"]
+:ibm-cloud:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-cloud:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-private"]
+:ibm-cloud:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
 [id="installation-custom-ibm-cloud-vpc_{context}"]
 = About using a custom VPC
 
-In {product-title} {product-version}, you can deploy a cluster into the subnets of an existing IBM Virtual Private Cloud (VPC). Deploying {product-title} into an existing VPC can help you avoid limit constraints in new accounts or more easily abide by the operational constraints that your company's guidelines set. If you cannot obtain the infrastructure creation permissions that are required to create the VPC yourself, use this installation option.
+In {product-title} {product-version}, you can deploy a cluster into the subnets of an existing {ibm-name} Virtual Private Cloud (VPC). Deploying {product-title} into an existing VPC can help you avoid limit constraints in new accounts or more easily abide by the operational constraints that your company's guidelines set. If you cannot obtain the infrastructure creation permissions that are required to create the VPC yourself, use this installation option.
 
 Because the installation program cannot know what other components are in your existing subnets, it cannot choose subnet CIDRs and so forth. You must configure networking for the subnets to which you will install the cluster.
 
@@ -32,13 +44,35 @@ include::snippets/custom-dns-server.adoc[]
 [id="installation-custom-ibm-cloud-vpc-validation_{context}"]
 == VPC validation
 
-The VPC and all of the subnets must be in an existing resource group. The cluster is deployed to this resource group.
+The VPC and all of the subnets must be in an existing resource group. The cluster is deployed to the existing VPC.
 
 As part of the installation, specify the following in the `install-config.yaml` file:
 
-* The name of the resource group
-* The name of VPC
-* The subnets for control plane machines and compute machines
+ifndef::ibm-cloud[]
+* The name of the existing resource group that contains the VPC and subnets
+endif::ibm-cloud[]
+ifdef::ibm-cloud[]
+* The name of the existing resource group that contains the VPC and subnets (`networkResourceGroupName`)
+endif::ibm-cloud[]
+ifndef::ibm-cloud[]
+* The name of the existing VPC
+endif::ibm-cloud[]
+ifdef::ibm-cloud[]
+* The name of the existing VPC (`vpcName`)
+endif::ibm-cloud[]
+ifndef::ibm-cloud[]
+* The subnets that were created for control plane machines and compute machines
+endif::ibm-cloud[]
+ifdef::ibm-cloud[]
+* The subnets that were created for control plane machines and compute machines (`controlPlaneSubnets` and `computeSubnets`)
+endif::ibm-cloud[]
+
+ifdef::ibm-cloud[]
+[NOTE]
+====
+Additional installer-provisioned cluster resources are deployed to a separate resource group (`resourceGroupName`). You can specify this resource group before installing the cluster. If undefined, a new resource group is created for the cluster.
+====
+endif::ibm-cloud[]
 
 To ensure that the subnets that you provide are suitable, the installation program confirms the following:
 
@@ -67,3 +101,13 @@ If you deploy {product-title} to an existing network, the isolation of cluster s
 * Control plane TCP 6443 ingress (Kubernetes API) is allowed to the entire network.
 
 * Control plane TCP 22623 ingress (MCS) is allowed to the entire network.
+
+ifeval::["{context}" == "installing-ibm-cloud-vpc"]
+:!ibm-cloud:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-cloud:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-private"]
+:!ibm-cloud:
+endif::[]
diff --git a/modules/installation-custom-ibm-power-vs.adoc b/modules/installation-custom-ibm-power-vs.adoc
index d4a249fdebe9..27900f4985da 100644
--- a/modules/installation-custom-ibm-power-vs.adoc
+++ b/modules/installation-custom-ibm-power-vs.adoc
@@ -14,18 +14,18 @@ ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :ibm-powervs-vpc:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 ifndef::private[]
 [id="installation-custom-ibm-powervs-vpc_{context}"]
 = About using a custom VPC
 
 ifdef::ibm-powervs-vpc[]
-In {product-title} {product-version}, you can deploy a cluster using an existing IBM Virtual Private Cloud (VPC).
+In {product-title} {product-version}, you can deploy a cluster using an existing {ibm-name} Virtual Private Cloud (VPC).
 
 Because the installation program cannot know what other components are in your existing subnets, it cannot choose subnet CIDRs and so forth. You must configure networking for the subnets to which you will install the cluster.
 endif::ibm-powervs-vpc[]
 ifdef::restricted[]
-In {product-title} {product-version}, you can deploy a cluster into the subnets of an existing IBM Virtual Private Cloud (VPC).
+In {product-title} {product-version}, you can deploy a cluster into the subnets of an existing {ibm-name} Virtual Private Cloud (VPC).
 endif::restricted[]
 endif::private[]
 
diff --git a/modules/installation-deployment-manager-bootstrap.adoc b/modules/installation-deployment-manager-bootstrap.adoc
index 476ee1141437..1375d54523a2 100644
--- a/modules/installation-deployment-manager-bootstrap.adoc
+++ b/modules/installation-deployment-manager-bootstrap.adoc
@@ -14,6 +14,6 @@ machine that you need for your {product-title} cluster:
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/04_bootstrap.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/04_bootstrap.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-control-plane.adoc b/modules/installation-deployment-manager-control-plane.adoc
index 83f14c0f1760..6e9e12b12c4f 100644
--- a/modules/installation-deployment-manager-control-plane.adoc
+++ b/modules/installation-deployment-manager-control-plane.adoc
@@ -14,6 +14,6 @@ plane machines that you need for your {product-title} cluster:
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/05_control_plane.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/05_control_plane.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-ext-lb.adoc b/modules/installation-deployment-manager-ext-lb.adoc
index cc7209d31ef3..803507d584f5 100644
--- a/modules/installation-deployment-manager-ext-lb.adoc
+++ b/modules/installation-deployment-manager-ext-lb.adoc
@@ -12,6 +12,6 @@ You can use the following Deployment Manager template to deploy the external loa
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/02_lb_ext.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/02_lb_ext.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-firewall-rules.adoc b/modules/installation-deployment-manager-firewall-rules.adoc
index 0c818440439b..96baed764272 100644
--- a/modules/installation-deployment-manager-firewall-rules.adoc
+++ b/modules/installation-deployment-manager-firewall-rules.adoc
@@ -12,6 +12,6 @@ You can use the following Deployment Manager template to deploy the firewall rue
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/03_firewall.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/03_firewall.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-iam-shared-vpc.adoc b/modules/installation-deployment-manager-iam-shared-vpc.adoc
index 037ffccc4f27..18742d3775c1 100644
--- a/modules/installation-deployment-manager-iam-shared-vpc.adoc
+++ b/modules/installation-deployment-manager-iam-shared-vpc.adoc
@@ -12,6 +12,6 @@ You can use the following Deployment Manager template to deploy the IAM roles th
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/03_iam.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/03_iam.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-int-lb.adoc b/modules/installation-deployment-manager-int-lb.adoc
index e14074135740..1fc098a08cd4 100644
--- a/modules/installation-deployment-manager-int-lb.adoc
+++ b/modules/installation-deployment-manager-int-lb.adoc
@@ -12,7 +12,7 @@ You can use the following Deployment Manager template to deploy the internal loa
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/02_lb_int.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/02_lb_int.py[]
 ----
 ====
 
diff --git a/modules/installation-deployment-manager-private-dns.adoc b/modules/installation-deployment-manager-private-dns.adoc
index 846a9253025b..c48c47849635 100644
--- a/modules/installation-deployment-manager-private-dns.adoc
+++ b/modules/installation-deployment-manager-private-dns.adoc
@@ -12,6 +12,6 @@ You can use the following Deployment Manager template to deploy the private DNS
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/02_dns.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/02_dns.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-vpc.adoc b/modules/installation-deployment-manager-vpc.adoc
index 67da87e8f3d9..6f5b6041520e 100644
--- a/modules/installation-deployment-manager-vpc.adoc
+++ b/modules/installation-deployment-manager-vpc.adoc
@@ -14,6 +14,6 @@ you need for your {product-title} cluster:
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/01_vpc.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/01_vpc.py[]
 ----
 ====
diff --git a/modules/installation-deployment-manager-worker.adoc b/modules/installation-deployment-manager-worker.adoc
index 4622ad2cf1c5..03bc8806711c 100644
--- a/modules/installation-deployment-manager-worker.adoc
+++ b/modules/installation-deployment-manager-worker.adoc
@@ -14,6 +14,6 @@ that you need for your {product-title} cluster:
 ====
 [source,python]
 ----
-include::https://raw.githubusercontent.com/openshift/installer/release-4.13/upi/gcp/06_worker.py[]
+include::https://raw.githubusercontent.com/openshift/installer/release-4.15/upi/gcp/06_worker.py[]
 ----
 ====
diff --git a/modules/installation-disk-partitioning-upi-templates.adoc b/modules/installation-disk-partitioning-upi-templates.adoc
index 2a8d332cebef..c4b51655fd46 100644
--- a/modules/installation-disk-partitioning-upi-templates.adoc
+++ b/modules/installation-disk-partitioning-upi-templates.adoc
@@ -6,6 +6,7 @@
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 // Similar content to what is in this module is also present in modules/installation-disk-partitioning.adoc. <-- This module is in use with the following vSphere assemblies:
 //    * installing-vsphere.adoc
@@ -17,7 +18,7 @@
 //    * installing-bare-metal.adoc
 //    * installing-restricted-networks-bare-metal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-disk-partitioning-upi-templates_{context}"]
 = Optional: Creating a separate `/var` partition
 It is recommended that disk partitioning for {product-title} be left to the installer. However, there are cases where you might want to create separate partitions in a part of the filesystem that you expect to grow.
@@ -83,17 +84,17 @@ $ ls $HOME/clusterconfig/openshift/
 
 . Create a Butane config that configures the additional partition. For example, name the file `$HOME/clusterconfig/98-var-partition.bu`, change the disk device name to the name of the storage device on the `worker` systems, and set the storage size as appropriate. This example places the `/var` directory on a separate partition:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   labels:
     machineconfiguration.openshift.io/role: worker
   name: 98-var-partition
 storage:
   disks:
-  - device: /dev/<device_name> <1>
+  - device: /dev/disk/by-id/<device_name> <1>
     partitions:
     - label: var
       start_mib: <partition_start_offset> <2>
diff --git a/modules/installation-disk-partitioning.adoc b/modules/installation-disk-partitioning.adoc
index 495b00237b14..83ba81e435b4 100644
--- a/modules/installation-disk-partitioning.adoc
+++ b/modules/installation-disk-partitioning.adoc
@@ -6,7 +6,7 @@
 
 // This content was sourced from the bare metal RHCOS assembly file `modules/installation-user-infra-machines-advanced.adoc` under the `== Disk partitioning` subheader. "Disk partioning" content in the bare metal assembly is not modularized, so anything in this vsphere module should be checked against that file for consistency until such time that the large bare metal assembly can be modularized.
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-disk-partitioning_{context}"]
 = Disk partitioning
 
@@ -82,17 +82,17 @@ $ ls $HOME/clusterconfig/openshift/
 
 . Create a Butane config that configures the additional partition. For example, name the file `$HOME/clusterconfig/98-var-partition.bu`, change the disk device name to the name of the storage device on the `worker` systems, and set the storage size as appropriate. This example places the `/var` directory on a separate partition:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   labels:
     machineconfiguration.openshift.io/role: worker
   name: 98-var-partition
 storage:
   disks:
-  - device: /dev/<device_name> <1>
+  - device: /dev/disk/by-id/<device_name> <1>
     partitions:
     - label: var
       start_mib: <partition_start_offset> <2>
diff --git a/modules/installation-dns-ibm-cloud.adoc b/modules/installation-dns-ibm-cloud.adoc
index 14f96b32e101..de522d80e7ed 100644
--- a/modules/installation-dns-ibm-cloud.adoc
+++ b/modules/installation-dns-ibm-cloud.adoc
@@ -2,23 +2,23 @@
 //
 // installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-dns-ibm-cloud_{context}"]
-= Using IBM Cloud DNS Services for DNS resolution
+= Using {ibm-cloud-title} DNS Services for DNS resolution
 
-The installation program uses IBM Cloud DNS Services to configure cluster DNS resolution and provide name lookup for a private cluster.
+The installation program uses {ibm-cloud-name} DNS Services to configure cluster DNS resolution and provide name lookup for a private cluster.
 
 You configure DNS resolution by creating a DNS services instance for the cluster, and then adding a DNS zone to the DNS Services instance. Ensure that the zone is authoritative for the domain. You can do this using a root domain or subdomain.
 
 [NOTE]
 ====
-IBM Cloud VPC does not support IPv6, so dual stack or IPv6 environments are not possible.
+{ibm-cloud-name} does not support IPv6, so dual stack or IPv6 environments are not possible.
 ====
 
 .Prerequisites
 
-* You have installed the link:https://www.ibm.com/cloud/cli[IBM Cloud CLI].
-* You have an existing domain and registrar. For more information, see the IBM link:https://cloud.ibm.com/docs/dns?topic=dns-getting-started[documentation].
+* You have installed the link:https://www.ibm.com/cloud/cli[{ibm-cloud-name} CLI].
+* You have an existing domain and registrar. For more information, see the {ibm-name} link:https://cloud.ibm.com/docs/dns?topic=dns-getting-started[documentation].
 
 .Procedure
 
diff --git a/modules/installation-dns-user-infra.adoc b/modules/installation-dns-user-infra.adoc
index 8d4b3644f7fa..85232130c0bb 100644
--- a/modules/installation-dns-user-infra.adoc
+++ b/modules/installation-dns-user-infra.adoc
@@ -10,10 +10,10 @@
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
+// * installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
+// * installing/installing_vmc/installing-vmc-user-infra.adoc
+// * installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
 ifeval::["{context}" == "installing-ibm-z"]
 :ibm-z:
@@ -32,7 +32,7 @@ endif::[]
 
 :prewrap!:
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-dns-user-infra_{context}"]
 = User-provisioned DNS requirements
 
@@ -88,12 +88,12 @@ For example, `console-openshift-console.apps.<cluster_name>.<base_domain>` is us
 machine. These records must be resolvable by the nodes within the cluster.
 
 |Control plane machines
-|`<master><n>.<cluster_name>.<base_domain>.`
+|`<control_plane><n>.<cluster_name>.<base_domain>.`
 |DNS A/AAAA or CNAME records and DNS PTR records to identify each machine
 for the control plane nodes. These records must be resolvable by the nodes within the cluster.
 
 |Compute machines
-|`<worker><n>.<cluster_name>.<base_domain>.`
+|`<compute><n>.<cluster_name>.<base_domain>.`
 |DNS A/AAAA or CNAME records and DNS PTR records to identify each machine
 for the worker nodes. These records must be resolvable by the nodes within the cluster.
 
@@ -149,12 +149,12 @@ api-int.ocp4.example.com.	IN	A	192.168.1.5 <2>
 ;
 bootstrap.ocp4.example.com.	IN	A	192.168.1.96 <4>
 ;
-master0.ocp4.example.com.	IN	A	192.168.1.97 <5>
-master1.ocp4.example.com.	IN	A	192.168.1.98 <5>
-master2.ocp4.example.com.	IN	A	192.168.1.99 <5>
+control-plane0.ocp4.example.com.	IN	A	192.168.1.97 <5>
+control-plane1.ocp4.example.com.	IN	A	192.168.1.98 <5>
+control-plane2.ocp4.example.com.	IN	A	192.168.1.99 <5>
 ;
-worker0.ocp4.example.com.	IN	A	192.168.1.11 <6>
-worker1.ocp4.example.com.	IN	A	192.168.1.7 <6>
+compute0.ocp4.example.com.	IN	A	192.168.1.11 <6>
+compute1.ocp4.example.com.	IN	A	192.168.1.7 <6>
 ;
 ;EOF
 ----
@@ -196,12 +196,12 @@ $TTL 1W
 ;
 96.1.168.192.in-addr.arpa.	IN	PTR	bootstrap.ocp4.example.com. <3>
 ;
-97.1.168.192.in-addr.arpa.	IN	PTR	master0.ocp4.example.com. <4>
-98.1.168.192.in-addr.arpa.	IN	PTR	master1.ocp4.example.com. <4>
-99.1.168.192.in-addr.arpa.	IN	PTR	master2.ocp4.example.com. <4>
+97.1.168.192.in-addr.arpa.	IN	PTR	control-plane0.ocp4.example.com. <4>
+98.1.168.192.in-addr.arpa.	IN	PTR	control-plane1.ocp4.example.com. <4>
+99.1.168.192.in-addr.arpa.	IN	PTR	control-plane2.ocp4.example.com. <4>
 ;
-11.1.168.192.in-addr.arpa.	IN	PTR	worker0.ocp4.example.com. <5>
-7.1.168.192.in-addr.arpa.	IN	PTR	worker1.ocp4.example.com. <5>
+11.1.168.192.in-addr.arpa.	IN	PTR	compute0.ocp4.example.com. <5>
+7.1.168.192.in-addr.arpa.	IN	PTR	compute1.ocp4.example.com. <5>
 ;
 ;EOF
 ----
diff --git a/modules/installation-extend-edge-nodes-aws-local-zones.adoc b/modules/installation-extend-edge-nodes-aws-local-zones.adoc
index 6ac1ddd43f9d..7142c68aae83 100644
--- a/modules/installation-extend-edge-nodes-aws-local-zones.adoc
+++ b/modules/installation-extend-edge-nodes-aws-local-zones.adoc
@@ -1,19 +1,19 @@
 // Module included in the following assemblies:
 //
-// * post_installation_configuration/cluster-tasks.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 ifeval::["{context}" == "installing-aws-localzone"]
 :localzone:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-extend-edge-nodes-aws-local-zones_{context}"]
 = Creating user workloads in AWS Local Zones
-After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets. 
+After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets.
 
-After the `openshift-installer` creates the cluster, the installation program automatically specifies a taint effect of `NoSchedule` to each edge worker node. This means that a scheduler does not add a new pod, or deployment, to a node if the pod does not match the specified tolerations for a taint. You can modify the taint for better control over how each node creates a workload in each Local Zone subnet.
+After you run the installation program and create the cluster, the installation program automatically specifies a taint effect of `NoSchedule` to each edge worker node. This means that a scheduler does not add a new pod, or deployment, to a node if the pod does not match the specified tolerations for a taint. You can modify the taint for better control over how nodes create workloads in each Local Zone subnet.
 
-The `openshift-installer` creates the compute machine set manifests file with `node-role.kubernetes.io/edge` and `node-role.kubernetes.io/worker` labels applied to each edge worker node that is located in a Local Zone subnet.
+The installation program creates the compute machine set manifests file with `node-role.kubernetes.io/edge` and `node-role.kubernetes.io/worker` labels applied to each edge worker node that is located in a Local Zone subnet.
 
 .Prerequisites
 
@@ -53,13 +53,13 @@ metadata:
   name: <local_zone_application> <3>
   namespace: <local_zone_application_namespace> <4>
 spec:
-  selector: 
+  selector:
     matchLabels:
       app: <local_zone_application>
   replicas: 1
   template:
     metadata:
-      labels: 
+      labels:
         app: <local_zone_application>
         zone-group: ${ZONE_GROUP_NAME} <5>
     spec:
@@ -88,7 +88,7 @@ spec:
             - mountPath: "/mnt/storage"
               name: data
       volumes:
-      - name: data 
+      - name: data
         persistentVolumeClaim:
           claimName: <pvc_name>
 ----
@@ -97,7 +97,7 @@ spec:
 <3> `name`: Specifies the name of your Local Zone application. For example, `local-zone-demo-app-nyc-1`.
 <4> `namespace:` Defines the namespace for the AWS Local Zone where you want to run the user workload. For example: `local-zone-app-nyc-1a`.
 <5> `zone-group`: Defines the group to where a zone belongs. For example, `us-east-1-iah-1`.
-<6> `nodeSelector`: Targets edge worker nodes that match the specified labels. 
+<6> `nodeSelector`: Targets edge worker nodes that match the specified labels.
 <7> `tolerations`: Sets the values that match with the `taints` defined on the `MachineSet` manifest for the Local Zone node.
 
 . Create a `service` resource YAML file for the node. This resource exposes a pod from a targeted edge worker node to services that run inside your Local Zone network.
diff --git a/modules/installation-extracting-infraid.adoc b/modules/installation-extracting-infraid.adoc
index 30157a8297c7..3d67dca83312 100644
--- a/modules/installation-extracting-infraid.adoc
+++ b/modules/installation-extracting-infraid.adoc
@@ -62,7 +62,7 @@ ifeval::["{context}" == "installing-vsphere-network-customizations"]
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-extracting-infraid_{context}"]
 = Extracting the infrastructure name
 
diff --git a/modules/installation-full-ibm-z-kvm-user-infra-machines-iso.adoc b/modules/installation-full-ibm-z-kvm-user-infra-machines-iso.adoc
index 3c3a97bb56f8..1ecae6a9444d 100644
--- a/modules/installation-full-ibm-z-kvm-user-infra-machines-iso.adoc
+++ b/modules/installation-full-ibm-z-kvm-user-infra-machines-iso.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-iso-ibm-z-kvm-full_{context}"]
 = Full installation on a new QCOW2 disk image
 
@@ -48,14 +48,14 @@ The Ignition files are generated by the {product-title} installer.
 ----
 $ virt-install \
    --connect qemu:///system \
-   --name {vn_name} \
+   --name {vm_name} \
    --vcpus {vcpus} \
    --memory {memory_mb} \
-   --disk {vn_name}.qcow2,size={image_size| default(10,true)} \
+   --disk {vm_name}.qcow2,size={image_size| default(10,true)} \
    --network network={virt_network_parm} \
    --boot hd \
    --location {media_location},kernel={rhcos_kernel},initrd={rhcos_initrd} \
-   --extra-args "rd.neednet=1 coreos.inst.install_dev=/dev/vda coreos.live.rootfs_url={rhcos_liveos} ip={ip}::{default_gateway}:{subnet_mask_length}:{vn_name}:enc1:none:{MTU} nameserver={dns} coreos.inst.ignition_url={rhcos_ign}" \
+   --extra-args "rd.neednet=1 coreos.inst.install_dev=/dev/vda coreos.live.rootfs_url={rhcos_liveos} ip={ip}::{default_gateway}:{subnet_mask_length}:{vm_name}:enc1:none:{MTU} nameserver={dns} coreos.inst.ignition_url={rhcos_ign}" \
    --noautoconsole \
    --wait
 ----
diff --git a/modules/installation-gcp-config-yaml.adoc b/modules/installation-gcp-config-yaml.adoc
index 5230bb78b9f2..47523f76d071 100644
--- a/modules/installation-gcp-config-yaml.adoc
+++ b/modules/installation-gcp-config-yaml.adoc
@@ -37,8 +37,9 @@ This sample YAML file is provided for reference only. You must obtain your `inst
 ----
 apiVersion: v1
 baseDomain: example.com <1>
-controlPlane: <2> <3>
-  hyperthreading: Enabled <4>
+credentialsMode: Mint <2>
+controlPlane: <3> <4>
+  hyperthreading: Enabled <5>
   name: master
   platform:
     gcp:
@@ -49,18 +50,21 @@ controlPlane: <2> <3>
       osDisk:
         diskType: pd-ssd
         diskSizeGB: 1024
-        encryptionKey: <5>
+        encryptionKey: <6>
           kmsKey:
             name: worker-key
             keyRing: test-machine-keys
             location: global
             projectID: project-id
-      tags: <6>
+      tags: <7>
       - control-plane-tag1
       - control-plane-tag2
+      osImage: <8>
+        project: example-project-name
+        name: example-image-name
   replicas: 3
-compute: <2> <3>
-- hyperthreading: Enabled <4>
+compute: <3> <4>
+- hyperthreading: Enabled <5>
   name: worker
   platform:
     gcp:
@@ -71,15 +75,18 @@ compute: <2> <3>
       osDisk:
         diskType: pd-standard
         diskSizeGB: 128
-        encryptionKey: <5>
+        encryptionKey: <6>
           kmsKey:
             name: worker-key
             keyRing: test-machine-keys
             location: global
             projectID: project-id
-        tags: <6>
+        tags: <7>
         - compute-tag1
         - compute-tag2
+        osImage: <8>
+          project: example-project-name
+          name: example-image-name
   replicas: 3
 metadata:
   name: test-cluster <1>
@@ -87,14 +94,14 @@ ifdef::without-networking[]
 networking:
 endif::[]
 ifdef::with-networking[]
-networking: <2>
+networking: <3>
 endif::[]
   clusterNetwork:
   - cidr: 10.128.0.0/14
     hostPrefix: 23
   machineNetwork:
   - cidr: 10.0.0.0/16
-  networkType: OVNKubernetes <7>
+  networkType: OVNKubernetes <9>
   serviceNetwork:
   - 172.30.0.0/16
 platform:
@@ -102,62 +109,65 @@ platform:
     projectID: openshift-production <1>
     region: us-central1 <1>
     defaultMachinePlatform:
-      tags: <6>
+      tags: <7>
       - global-tag1
       - global-tag2
+      osImage: <8>
+        project: example-project-name
+        name: example-image-name
 ifdef::vpc,restricted[]
-    network: existing_vpc <8>
-    controlPlaneSubnet: control_plane_subnet <9>
-    computeSubnet: compute_subnet <10>
+    network: existing_vpc <10>
+    controlPlaneSubnet: control_plane_subnet <11>
+    computeSubnet: compute_subnet <12>
 endif::vpc,restricted[]
 ifndef::restricted[]
 pullSecret: '{"auths": ...}' <1>
 endif::restricted[]
 ifdef::restricted[]
-pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}' <11>
+pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}' <13>
 endif::restricted[]
 ifndef::vpc,restricted[]
 ifndef::openshift-origin[]
-fips: false <8>
-sshKey: ssh-ed25519 AAAA... <9>
+fips: false <10>
+sshKey: ssh-ed25519 AAAA... <11>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <8>
+sshKey: ssh-ed25519 AAAA... <10>
 endif::openshift-origin[]
 endif::vpc,restricted[]
 ifdef::vpc[]
 ifndef::openshift-origin[]
-fips: false <11>
-sshKey: ssh-ed25519 AAAA... <12>
+fips: false <13>
+sshKey: ssh-ed25519 AAAA... <14>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <11>
+sshKey: ssh-ed25519 AAAA... <13>
 endif::openshift-origin[]
 endif::vpc[]
 ifdef::restricted[]
 ifndef::openshift-origin[]
-fips: false <12>
-sshKey: ssh-ed25519 AAAA... <13>
+fips: false <14>
+sshKey: ssh-ed25519 AAAA... <15>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-sshKey: ssh-ed25519 AAAA... <12>
+sshKey: ssh-ed25519 AAAA... <14>
 endif::openshift-origin[]
 endif::restricted[]
 ifdef::private[]
 ifndef::openshift-origin[]
-publish: Internal <13>
+publish: Internal <15>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-publish: Internal <12>
+publish: Internal <14>
 endif::openshift-origin[]
 endif::private[]
 ifdef::restricted[]
 ifndef::openshift-origin[]
-additionalTrustBundle: | <14>
+additionalTrustBundle: | <16>
     -----BEGIN CERTIFICATE-----
     <MY_TRUSTED_CA_CERT>
     -----END CERTIFICATE-----
-imageContentSources: <15>
+imageContentSources: <17>
 - mirrors:
   - <local_registry>/<local_repository_name>/release
   source: quay.io/openshift-release-dev/ocp-release
@@ -166,11 +176,11 @@ imageContentSources: <15>
   source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-additionalTrustBundle: | <13>
+additionalTrustBundle: | <15>
   -----BEGIN CERTIFICATE-----
   <MY_TRUSTED_CA_CERT>
   -----END CERTIFICATE-----
-imageContentSources: <14>
+imageContentSources: <16>
 - mirrors:
   - <local_registry>/<local_repository_name>/release
   source: quay.io/openshift-release-dev/ocp-release
@@ -181,65 +191,67 @@ endif::openshift-origin[]
 endif::restricted[]
 ----
 <1> Required. The installation program prompts you for this value.
-<2> If you do not provide these parameters and values, the installation program provides the default value.
-<3> The `controlPlane` section is a single mapping, but the `compute` section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Only one control plane pool is used.
-<4> Whether to enable or disable simultaneous multithreading, or `hyperthreading`. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines.
+<2> Optional: Add this parameter to force the Cloud Credential Operator (CCO) to use the specified mode. By default, the CCO uses the root credentials in the `kube-system` namespace to dynamically try to determine the capabilities of the credentials. For details about CCO modes, see the "About the Cloud Credential Operator" section in the _Authentication and authorization_ guide.
+<3> If you do not provide these parameters and values, the installation program provides the default value.
+<4> The `controlPlane` section is a single mapping, but the `compute` section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Only one control plane pool is used.
+<5> Whether to enable or disable simultaneous multithreading, or `hyperthreading`. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines.
 +
 [IMPORTANT]
 ====
 If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. Use larger machine types, such as `n1-standard-8`, for your machines if you disable simultaneous multithreading.
 ====
-<5> Optional: The custom encryption key section to encrypt both virtual machines and persistent volumes. Your default compute service account must have the permissions granted to use your KMS key and have the correct IAM role assigned. The default service account name follows the `service-<project_number>@compute-system.iam.gserviceaccount.com` pattern. For more information about granting the correct permissions for your service account, see "Machine management" -> "Creating compute machine sets" -> "Creating a compute machine set on GCP".
-<6> Optional: A set of network tags to apply to the control plane or compute machine sets. The `platform.gcp.defaultMachinePlatform.tags` parameter will apply to both control plane and compute machines. If the `compute.platform.gcp.tags` or `controlPlane.platform.gcp.tags` parameters are set, they override the `platform.gcp.defaultMachinePlatform.tags` parameter.
-<7> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
+<6> Optional: The custom encryption key section to encrypt both virtual machines and persistent volumes. Your default compute service account must have the permissions granted to use your KMS key and have the correct IAM role assigned. The default service account name follows the `service-<project_number>@compute-system.iam.gserviceaccount.com` pattern. For more information about granting the correct permissions for your service account, see "Machine management" -> "Creating compute machine sets" -> "Creating a compute machine set on GCP".
+<7> Optional: A set of network tags to apply to the control plane or compute machine sets. The `platform.gcp.defaultMachinePlatform.tags` parameter will apply to both control plane and compute machines. If the `compute.platform.gcp.tags` or `controlPlane.platform.gcp.tags` parameters are set, they override the `platform.gcp.defaultMachinePlatform.tags` parameter.
+<8> Optional: A custom {op-system-first} that should be used to boot control plane and compute machines. The `project` and `name` parameters under `platform.gcp.defaultMachinePlatform.osImage` apply to both control plane and compute machines. If the `project` and `name` parameters under `controlPlane.platform.gcp.osImage` or `compute.platform.gcp.osImage` are set, they override the `platform.gcp.defaultMachinePlatform.osImage` parameters.
+<9> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
 ifdef::vpc,restricted[]
-<8> Specify the name of an existing VPC.
-<9> Specify the name of the existing subnet to deploy the control plane machines to. The subnet must belong to the VPC that you specified.
-<10> Specify the name of the existing subnet to deploy the compute machines to. The subnet must belong to the VPC that you specified.
+<10> Specify the name of an existing VPC.
+<11> Specify the name of the existing subnet to deploy the control plane machines to. The subnet must belong to the VPC that you specified.
+<12> Specify the name of the existing subnet to deploy the compute machines to. The subnet must belong to the VPC that you specified.
 endif::vpc,restricted[]
 ifdef::restricted[]
-<11> For `<local_registry>`, specify the registry domain name, and optionally the port, that your mirror registry uses to serve content. For example, `registry.example.com` or `registry.example.com:5000`. For `<credentials>`, specify the base64-encoded user name and password for your mirror registry.
+<13> For `<local_registry>`, specify the registry domain name, and optionally the port, that your mirror registry uses to serve content. For example, `registry.example.com` or `registry.example.com:5000`. For `<credentials>`, specify the base64-encoded user name and password for your mirror registry.
 endif::restricted[]
 ifdef::vpc[]
 ifndef::openshift-origin[]
-<11> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<13> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<14> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<13> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 endif::vpc[]
 ifdef::restricted[]
 ifndef::openshift-origin[]
-<12> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<14> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<13> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<14> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 endif::restricted[]
 ifndef::vpc,restricted[]
 ifndef::openshift-origin[]
-<8> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+<10> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
-<9> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<8> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<10> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
 endif::vpc,restricted[]
 +
@@ -249,20 +261,20 @@ For production {product-title} clusters on which you want to perform installatio
 ====
 ifdef::private[]
 ifndef::openshift-origin[]
-<13> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
+<15> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<12> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
+<14> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
 endif::openshift-origin[]
 endif::private[]
 ifdef::restricted[]
 ifndef::openshift-origin[]
-<14> Provide the contents of the certificate file that you used for your mirror registry.
-<15> Provide the `imageContentSources` section from the output of the command to mirror the repository.
+<16> Provide the contents of the certificate file that you used for your mirror registry.
+<17> Provide the `imageContentSources` section from the output of the command to mirror the repository.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-<13> Provide the contents of the certificate file that you used for your mirror registry.
-<14> Provide the `imageContentSources` section from the output of the command to mirror the repository.
+<15> Provide the contents of the certificate file that you used for your mirror registry.
+<16> Provide the `imageContentSources` section from the output of the command to mirror the repository.
 endif::openshift-origin[]
 endif::restricted[]
 
diff --git a/modules/installation-gcp-dns.adoc b/modules/installation-gcp-dns.adoc
index 4e010cdab36a..75abc245fd33 100644
--- a/modules/installation-gcp-dns.adoc
+++ b/modules/installation-gcp-dns.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :user-infra-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-dns_{context}"]
 = Configuring DNS for GCP
 
diff --git a/modules/installation-gcp-enabling-api-services.adoc b/modules/installation-gcp-enabling-api-services.adoc
index 713323cc3bd9..bcec9361d8bd 100644
--- a/modules/installation-gcp-enabling-api-services.adoc
+++ b/modules/installation-gcp-enabling-api-services.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "installing-gcp-restricted-networks"]
 :template:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-enabling-api-services_{context}"]
 = Enabling API services in GCP
 
diff --git a/modules/installation-gcp-enabling-confidential-vms.adoc b/modules/installation-gcp-enabling-confidential-vms.adoc
index 970bc305d36e..ce9810032cd3 100644
--- a/modules/installation-gcp-enabling-confidential-vms.adoc
+++ b/modules/installation-gcp-enabling-confidential-vms.adoc
@@ -9,18 +9,15 @@
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-enabling-confidential-vms_{context}"]
 = Enabling Confidential VMs
 
 You can use Confidential VMs when installing your cluster. Confidential VMs encrypt data while it is being processed. For more information, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential Computing]. You can enable Confidential VMs and Shielded VMs at the same time, although they are not dependent on each other.
 
-:FeatureName: Confidential Computing
-include::snippets/technology-preview.adoc[]
-
-[IMPORTANT]
+[NOTE]
 ====
-Due to a known issue, you cannot use persistent volume storage on a cluster with Confidential VMs. For more information, see link:https://issues.redhat.com/browse/OCPBUGS-7582[OCPBUGS-7582].
+Confidential VMs are currently not supported on 64-bit ARM architectures.
 ====
 
 .Prerequisites
@@ -40,7 +37,7 @@ controlPlane:
        type: n2d-standard-8 <2>
        onHostMaintenance: Terminate <3>
 ----
-<1> Enable confidential VMs. 
+<1> Enable confidential VMs.
 <2> Specify a machine type that supports Confidential VMs. Confidential VMs require the N2D or C2D series of machine types. For more information on supported machine types, see link:https://cloud.google.com/compute/confidential-vm/docs/os-and-machine-type#machine-type[Supported operating systems and machine types].
 <3> Specify the behavior of the VM during a host maintenance event, such as a hardware or software update. For a machine that uses Confidential VM, this value must be set to `Terminate`, which stops the VM. Confidential VMs do not support live VM migration.
 +
diff --git a/modules/installation-gcp-enabling-shielded-vms.adoc b/modules/installation-gcp-enabling-shielded-vms.adoc
index 33f24019ed73..c6fd39e799ee 100644
--- a/modules/installation-gcp-enabling-shielded-vms.adoc
+++ b/modules/installation-gcp-enabling-shielded-vms.adoc
@@ -9,11 +9,16 @@
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-enabling-shielded-vms_{context}"]
 = Enabling Shielded VMs
 You can use Shielded VMs when installing your cluster. Shielded VMs have extra security features including secure boot, firmware and integrity monitoring, and rootkit detection. For more information, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
 
+[NOTE]
+====
+Shielded VMs are currently not supported on clusters with 64-bit ARM infrastructures.
+====
+
 .Prerequisites
 * You have created an `install-config.yaml` file.
 
diff --git a/modules/installation-gcp-install-cli.adoc b/modules/installation-gcp-install-cli.adoc
index f664cf38056c..3e1c22aff677 100644
--- a/modules/installation-gcp-install-cli.adoc
+++ b/modules/installation-gcp-install-cli.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-install-cli_{context}"]
 = Installing and configuring CLI tools for GCP
 
diff --git a/modules/installation-gcp-marketplace.adoc b/modules/installation-gcp-marketplace.adoc
index 6f4424c250f7..9a1081642761 100644
--- a/modules/installation-gcp-marketplace.adoc
+++ b/modules/installation-gcp-marketplace.adoc
@@ -2,47 +2,41 @@
 //
 // * installing/installing_gcp/installing-gcp-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-marketplace_{context}"]
-= Using a GCP Marketplace image
-If you want to deploy an {product-title} cluster using a GCP Marketplace image, you must create the manifests and edit the compute machine set definitions to specify the GCP Marketplace image.
+= Using the GCP Marketplace offering
 
-.Prerequisites
-
-* You have the {product-title} installation program and the pull secret for your cluster.
+Using the GCP Marketplace offering lets you deploy an {product-title} cluster, which is billed on pay-per-use basis (hourly, per core) through GCP, while still being supported directly by Red{nbsp}Hat.
 
-.Procedure
+By default, the installation program downloads and installs the {op-system-first} image that is used to deploy compute machines. To deploy an {product-title} cluster using an {op-system} image from the GCP Marketplace, override the default behavior by modifying the `install-config.yaml` file to reference the location of GCP Marketplace offer.
 
-. Generate the installation manifests by running the following command:
-+
-[source,terminal]
-----
-$ openshift-install create manifests --dir <installation_dir>
-----
+.Prerequisites
 
-. Locate the following files:
+* You have an existing `install-config.yaml` file.
 
-** `<installation_dir>/openshift/99_openshift-cluster-api_worker-machineset-0.yaml`
-** `<installation_dir>/openshift/99_openshift-cluster-api_worker-machineset-1.yaml`
-** `<installation_dir>/openshift/99_openshift-cluster-api_worker-machineset-2.yaml`
+.Procedure
 
-. In each file, edit the `.spec.template.spec.providerSpec.value.disks[0].image` property to reference the offer to use:
+. Edit the `compute.platform.gcp.osImage` parameters to specify the location of the GCP Marketplace image:
+** Set the `project` parameter to `redhat-marketplace-public`
+** Set the `name` parameter to one of the following offers:
 +
-{product-title}:: `projects/redhat-marketplace-public/global/images/redhat-coreos-ocp-413-x86-64-202305021736`
-{opp}:: `projects/redhat-marketplace-public/global/images/redhat-coreos-opp-413-x86-64-202305021736`
-{oke}:: `projects/redhat-marketplace-public/global/images/redhat-coreos-oke-413-x86-64-202305021736`
+{product-title}:: `redhat-coreos-ocp-413-x86-64-202305021736`
+{opp}:: `redhat-coreos-opp-413-x86-64-202305021736`
+{oke}:: `redhat-coreos-oke-413-x86-64-202305021736`
+. Save the file and reference it when deploying the cluster.
 
-.Example compute machine set with the GCP Marketplace image
+.Sample `install-config.yaml` file that specifies a GCP Marketplace image for compute machines
 [source,yaml]
 ----
-deletionProtection: false
-disks:
-- autoDelete: true
-  boot: true
-  image: projects/redhat-marketplace-public/global/images/redhat-coreos-ocp-48-x86-64-202210040145
-  labels: null
-  sizeGb: 128
-  type: pd-ssd
-kind: GCPMachineProviderSpec
-machineType: n2-standard-4
+apiVersion: v1
+baseDomain: example.com
+controlPlane:
+# ...
+compute:
+  platform:
+    gcp:
+      osImage:
+        project: redhat-marketplace-public
+        name: redhat-coreos-ocp-413-x86-64-202305021736
+# ...
 ----
diff --git a/modules/installation-gcp-permissions.adoc b/modules/installation-gcp-permissions.adoc
index c17d0a43e57f..c69c7f0fba7c 100644
--- a/modules/installation-gcp-permissions.adoc
+++ b/modules/installation-gcp-permissions.adoc
@@ -21,6 +21,7 @@ When you attach the `Owner` role to the service account that you create, you gra
 
 .Required roles for the installation program
 * Compute Admin
+* IAM Role Administrator
 * IAM Security Admin
 * Service Account Admin
 * Service Account Key Admin
@@ -30,18 +31,17 @@ When you attach the `Owner` role to the service account that you create, you gra
 .Required roles for creating network resources during installation
 * DNS Administrator
 
-.Required roles for using passthrough credentials mode
+.Required roles for using the Cloud Credential Operator in passthrough mode
 * Compute Load Balancer Admin
-* IAM Role Viewer
 
 ifdef::template[]
 .Required roles for user-provisioned GCP infrastructure
 * Deployment Manager Editor
 endif::template[]
 
-The roles are applied to the service accounts that the control plane and compute machines use:
+The following roles are applied to the service accounts that the control plane and compute machines use:
 
-.GCP service account permissions
+.GCP service account roles
 [cols="2a,2a",options="header"]
 |===
 |Account
diff --git a/modules/installation-gcp-project.adoc b/modules/installation-gcp-project.adoc
index 04bc1e381128..aa6a84ececd5 100644
--- a/modules/installation-gcp-project.adoc
+++ b/modules/installation-gcp-project.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-project_{context}"]
 = Creating a GCP project
 
diff --git a/modules/installation-gcp-regions.adoc b/modules/installation-gcp-regions.adoc
index 64b4f33877b1..d8a1c2c202a4 100644
--- a/modules/installation-gcp-regions.adoc
+++ b/modules/installation-gcp-regions.adoc
@@ -32,6 +32,7 @@ regions:
 * `europe-west8` (Milan, Italy)
 * `europe-west9` (Paris, France)
 * `europe-west12` (Turin, Italy)
+* `me-central1` (Doha, Qatar, Middle East)
 * `me-west1` (Tel Aviv, Israel)
 * `northamerica-northeast1` (Montréal, Québec, Canada)
 * `northamerica-northeast2` (Toronto, Ontario, Canada)
@@ -46,3 +47,8 @@ regions:
 * `us-west2` (Los Angeles, California, USA)
 * `us-west3` (Salt Lake City, Utah, USA)
 * `us-west4` (Las Vegas, Nevada, USA)
+
+[NOTE]
+====
+To determine which machine type instances are available by region and zone, see the Google link:https://cloud.google.com/compute/docs/regions-zones#available[documentation].
+====
diff --git a/modules/installation-gcp-service-account.adoc b/modules/installation-gcp-service-account.adoc
index c8e82cb1fc44..71e2fdecb1a9 100644
--- a/modules/installation-gcp-service-account.adoc
+++ b/modules/installation-gcp-service-account.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-service-account_{context}"]
 = Creating a service account in GCP
 
diff --git a/modules/installation-gcp-shared-vpc-config.adoc b/modules/installation-gcp-shared-vpc-config.adoc
index 0dcd9c7bd465..a851db312f77 100644
--- a/modules/installation-gcp-shared-vpc-config.adoc
+++ b/modules/installation-gcp-shared-vpc-config.adoc
@@ -1,7 +1,7 @@
 // This file is referenced in the following assembly:
 // installing/installing_gcp/installing-gcp-shared-vpc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-shared-vpc-config_{context}"]
 = Sample customized install-config.yaml file for shared VPC installation
 There are several configuration parameters which are required to install {product-title} on GCP using a shared VPC. The following is a sample `install-config.yaml` file which demonstrates these fields.
@@ -45,7 +45,7 @@ compute:
   platform:
     gcp:
       tags: <7>
-      - compute-tag1 
+      - compute-tag1
       type: n2-standard-4
       zones:
       - us-central1-a
@@ -60,7 +60,7 @@ networking:
 pullSecret: '{"auths": ...}'
 sshKey: ssh-ed25519 AAAA... <8>
 ----
-<1> `credentialsMode` must be set to `Passthrough` to allow the cluster to use the provided GCP service account after cluster creation. See the "Prerequisites" section for the required GCP permissions that your service account must have.
+<1> `credentialsMode` must be set to `Passthrough` or `Manual`. See the "Prerequisites" section for the required GCP permissions that your service account must have.
 <2> The name of the subnet in the shared VPC for compute machines to use.
 <3> The name of the subnet in the shared VPC for control plane machines to use.
 <4> The name of the shared VPC.
diff --git a/modules/installation-gcp-shared-vpc-ingress.adoc b/modules/installation-gcp-shared-vpc-ingress.adoc
index b6048ac391de..d0982f8ad221 100644
--- a/modules/installation-gcp-shared-vpc-ingress.adoc
+++ b/modules/installation-gcp-shared-vpc-ingress.adoc
@@ -1,7 +1,7 @@
 // File included in the following assemblies:
 // * installation/installing_gcp/installing-gcp-shared-vpc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-shared-vpc-ingress_{context}"]
 = Optional: Adding Ingress DNS records for shared VPC installations
 If the public DNS zone exists in a host project outside the project where you installed your cluster, you must manually create DNS records that point at the Ingress load balancer. You can create either a wildcard `*.apps.{baseDomain}.` or specific records. You can use A, CNAME, and other records per your requirements.
diff --git a/modules/installation-gcp-tested-machine-types-arm.adoc b/modules/installation-gcp-tested-machine-types-arm.adoc
new file mode 100644
index 000000000000..2efb5e8af291
--- /dev/null
+++ b/modules/installation-gcp-tested-machine-types-arm.adoc
@@ -0,0 +1,21 @@
+// module included in the following assemblies 
+//
+// installing/installing_gcp/installing-gcp-customizations.adoc
+// installing/installing_gcp/installing-gcp-network-customizations.adoc
+// installing/installing_gcp/installing-gcp-private.adoc
+// installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
+// installing/installing_gcp/installing-gcp-user-infra.adoc
+// installing/installing_gcp/installing-gcp-vpc.adoc
+// installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
+// installing/installing_gcp/installing-restricted-networks-gcp.adoc
+
+[id="installation-gcp-tested-machine-types-arm_{context}"]
+= Tested instance types for GCP on 64-bit ARM infrastructures 
+
+The following Google Cloud Platform (GCP) 64-bit ARM instance types have been tested with {product-title}.
+
+.Machine series for 64-bit ARM machines 
+[%collapsible]
+====
+include::https://raw.githubusercontent.com/openshift/installer/master/docs/user/gcp/tested_instance_types_arm.md[]
+====
\ No newline at end of file
diff --git a/modules/installation-gcp-user-infra-adding-ingress.adoc b/modules/installation-gcp-user-infra-adding-ingress.adoc
index 40773d2cd6b5..6c9c4da51092 100644
--- a/modules/installation-gcp-user-infra-adding-ingress.adoc
+++ b/modules/installation-gcp-user-infra-adding-ingress.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-user-infra-adding-ingress_{context}"]
 ifndef::shared-vpc[]
 = Optional: Adding the ingress DNS records
diff --git a/modules/installation-gcp-user-infra-completing.adoc b/modules/installation-gcp-user-infra-completing.adoc
index e96f6b9466ae..18f42522cfa3 100644
--- a/modules/installation-gcp-user-infra-completing.adoc
+++ b/modules/installation-gcp-user-infra-completing.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-user-infra-installation_{context}"]
 = Completing a GCP installation on user-provisioned infrastructure
 
diff --git a/modules/installation-gcp-user-infra-config-host-project-vpc.adoc b/modules/installation-gcp-user-infra-config-host-project-vpc.adoc
index 05b7728db5e4..d6a55aa14024 100644
--- a/modules/installation-gcp-user-infra-config-host-project-vpc.adoc
+++ b/modules/installation-gcp-user-infra-config-host-project-vpc.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-user-infra-config-host-project-vpc_{context}"]
 = Configuring the GCP project that hosts your shared VPC network
 
diff --git a/modules/installation-gcp-user-infra-rhcos.adoc b/modules/installation-gcp-user-infra-rhcos.adoc
index bf0eb3c9b92e..513533349047 100644
--- a/modules/installation-gcp-user-infra-rhcos.adoc
+++ b/modules/installation-gcp-user-infra-rhcos.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-user-infra-rhcos_{context}"]
 = Creating the {op-system} cluster image for the GCP infrastructure
 
@@ -12,7 +12,7 @@ your {product-title} nodes.
 .Procedure
 
 ifndef::openshift-origin[]
-. Obtain the {op-system} image from the link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.13/[{op-system} image mirror] page.
+. Obtain the {op-system} image from the link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.15/[{op-system} image mirror] page.
 +
 [IMPORTANT]
 ====
diff --git a/modules/installation-gcp-user-infra-shared-vpc-config-yaml.adoc b/modules/installation-gcp-user-infra-shared-vpc-config-yaml.adoc
index e2eca17b69d8..127d0cfe5023 100644
--- a/modules/installation-gcp-user-infra-shared-vpc-config-yaml.adoc
+++ b/modules/installation-gcp-user-infra-shared-vpc-config-yaml.adoc
@@ -90,7 +90,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <10> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
diff --git a/modules/installation-gcp-user-infra-wait-for-bootstrap.adoc b/modules/installation-gcp-user-infra-wait-for-bootstrap.adoc
index 07d5f2439e11..5931fa0a07c2 100644
--- a/modules/installation-gcp-user-infra-wait-for-bootstrap.adoc
+++ b/modules/installation-gcp-user-infra-wait-for-bootstrap.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-gcp-user-infra-wait-for-bootstrap_{context}"]
 = Wait for bootstrap completion and remove bootstrap resources in GCP
 
diff --git a/modules/installation-generate-aws-user-infra-install-config.adoc b/modules/installation-generate-aws-user-infra-install-config.adoc
index b81cf578cecc..6910cfdcca66 100644
--- a/modules/installation-generate-aws-user-infra-install-config.adoc
+++ b/modules/installation-generate-aws-user-infra-install-config.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "installing-aws-localzone"]
 :localzone:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-generate-aws-user-infra-install-config_{context}"]
 = Creating the installation configuration file
 
@@ -72,7 +72,7 @@ The AWS access key ID and secret access key are stored in `~/.aws/credentials` i
 ====
 ... Select the AWS region to deploy the cluster to.
 ifdef::localzone[]
-The region that you specify must be the same region that contains the Local Zone that you opted into for your AWS account.
+The region that you specify must be the same region that contains the Local Zone that you opted in to for your AWS account.
 endif::localzone[]
 ... Select the base domain for the Route 53 service that you configured for your cluster.
 ... Enter a descriptive name for your cluster.
diff --git a/modules/installation-generate-ignition-configs.adoc b/modules/installation-generate-ignition-configs.adoc
index 112d7d050528..a13038c5f1b4 100644
--- a/modules/installation-generate-ignition-configs.adoc
+++ b/modules/installation-generate-ignition-configs.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-generate-ignition-configs_{context}"]
 = Creating the Ignition config files
 
diff --git a/modules/installation-getting-debug-information.adoc b/modules/installation-getting-debug-information.adoc
index 78ac7814d936..bdc50d5f7c93 100644
--- a/modules/installation-getting-debug-information.adoc
+++ b/modules/installation-getting-debug-information.adoc
@@ -1,6 +1,5 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_rhv/installing-rhv-troubleshooting.adoc
 
 [id="installing-getting-debug-information_{context}"]
 = Getting debug information from the installation program
diff --git a/modules/installation-ibm-cloud-config-yaml.adoc b/modules/installation-ibm-cloud-config-yaml.adoc
index 1f056ce0efbb..f189669b84eb 100644
--- a/modules/installation-ibm-cloud-config-yaml.adoc
+++ b/modules/installation-ibm-cloud-config-yaml.adoc
@@ -4,6 +4,7 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 
 ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
 :with-networking:
@@ -17,10 +18,13 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :private:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:restricted:
+endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-ibm-cloud-config-yaml_{context}"]
-= Sample customized install-config.yaml file for IBM Cloud VPC
+= Sample customized install-config.yaml file for {ibm-cloud-title}
 
 You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters.
 
@@ -91,7 +95,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <7> Optional: provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
@@ -136,7 +140,7 @@ networking:
 platform:
   ibmcloud:
     region: eu-gb <1>
-    resourceGroupName: eu-gb-example-network-rg <7>
+    resourceGroupName: eu-gb-example-cluster-rg <7>
     networkResourceGroupName: eu-gb-example-existing-network-rg <8>
     vpcName: eu-gb-example-network-1 <9>
     controlPlaneSubnets: <10>
@@ -179,7 +183,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <13> Optional: provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
@@ -224,7 +228,7 @@ networking:
 platform:
   ibmcloud:
     region: eu-gb <1>
-    resourceGroupName: eu-gb-example-network-rg <8>
+    resourceGroupName: eu-gb-example-cluster-rg <8>
     networkResourceGroupName: eu-gb-example-existing-network-rg <9>
     vpcName: eu-gb-example-network-1 <10>
     controlPlaneSubnets: <11>
@@ -269,7 +273,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <15> Optional: provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
@@ -283,6 +287,143 @@ For production {product-title} clusters on which you want to perform installatio
 ====
 endif::private[]
 
+ifdef::restricted[]
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com <1>
+controlPlane: <2> <3>
+  hyperthreading: Enabled <4>
+  name: master
+  platform:
+    ibm-cloud: {}
+  replicas: 3
+compute: <2> <3>
+- hyperthreading: Enabled <4>
+  name: worker
+  platform:
+    ibmcloud: {}
+  replicas: 3
+metadata:
+  name: test-cluster <1>
+networking:
+  clusterNetwork:
+  - cidr: 10.128.0.0/14 <5>
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 10.0.0.0/16 <6>
+  networkType: OVNKubernetes <7>
+  serviceNetwork:
+  - 172.30.0.0/16
+platform:
+  ibmcloud:
+    region: us-east <1>
+    resourceGroupName: us-east-example-cluster-rg <8>
+    serviceEndpoints: <9>
+      - name: IAM
+        url: https://private.us-east.iam.cloud.ibm.com
+      - name: VPC
+        url: https://us-east.private.iaas.cloud.ibm.com/v1
+      - name: ResourceController
+        url: https://private.us-east.resource-controller.cloud.ibm.com
+      - name: ResourceManager
+        url: https://private.us-east.resource-controller.cloud.ibm.com
+      - name: DNSServices
+        url: https://api.private.dns-svcs.cloud.ibm.com/v1
+      - name: COS
+        url: https://s3.direct.us-east.cloud-object-storage.appdomain.cloud
+      - name: GlobalSearch
+        url: https://api.private.global-search-tagging.cloud.ibm.com
+      - name: GlobalTagging
+        url: https://tags.private.global-search-tagging.cloud.ibm.com
+    networkResourceGroupName: us-east-example-existing-network-rg <10>
+    vpcName: us-east-example-network-1 <11>
+    controlPlaneSubnets: <12>
+      - us-east-example-network-1-cp-us-east-1
+      - us-east-example-network-1-cp-us-east-2
+      - us-east-example-network-1-cp-us-east-3
+    computeSubnets: <13>
+      - us-east-example-network-1-compute-us-east-1
+      - us-east-example-network-1-compute-us-east-2
+      - us-east-example-network-1-compute-us-east-3
+credentialsMode: Manual
+pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}' <14>
+ifndef::openshift-origin[]
+fips: false <15>
+sshKey: ssh-ed25519 AAAA... <16>
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+sshKey: ssh-ed25519 AAAA... <15>
+endif::openshift-origin[]
+ifndef::openshift-origin[]
+additionalTrustBundle: | <17>
+    -----BEGIN CERTIFICATE-----
+    <MY_TRUSTED_CA_CERT>
+    -----END CERTIFICATE-----
+imageContentSources: <18>
+- mirrors:
+  - <local_registry>/<local_repository_name>/release
+  source: quay.io/openshift-release-dev/ocp-release
+- mirrors:
+  - <local_registry>/<local_repository_name>/release
+  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+additionalTrustBundle: | <16>
+  -----BEGIN CERTIFICATE-----
+  <MY_TRUSTED_CA_CERT>
+  -----END CERTIFICATE-----
+imageContentSources: <17>
+- mirrors:
+  - <local_registry>/<local_repository_name>/release
+  source: quay.io/openshift-release-dev/ocp-release
+- mirrors:
+  - <local_registry>/<local_repository_name>/release
+  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+endif::openshift-origin[]
+----
+<1> Required.
+<2> If you do not provide these parameters and values, the installation program provides the default value.
+<3> The `controlPlane` section is a single mapping, but the `compute` section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Only one control plane pool is used.
+<4> Enables or disables simultaneous multithreading, also known as Hyper-Threading. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines.
++
+[IMPORTANT]
+====
+If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. Use larger machine types, such as `n1-standard-8`, for your machines if you disable simultaneous multithreading.
+====
+<5> The machine CIDR must contain the subnets for the compute machines and control plane machines.
+<6> The CIDR must contain the subnets defined in `platform.ibmcloud.controlPlaneSubnets` and `platform.ibmcloud.computeSubnets`.
+<7> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
+<8> The name of an existing resource group. All installer-provisioned cluster resources are deployed to this resource group. If undefined, a new resource group is created for the cluster.
+<9> Based on the network restrictions of the VPC, specify alternate service endpoints as needed. This overrides the default public endpoint for the service.
+<10> Specify the name of the resource group that contains the existing virtual private cloud (VPC). The existing VPC and subnets should be in this resource group. The cluster will be installed to this VPC.
+<11> Specify the name of an existing VPC.
+<12> Specify the name of the existing subnets to which to deploy the control plane machines. The subnets must belong to the VPC that you specified. Specify a subnet for each availability zone in the region.
+<13> Specify the name of the existing subnets to which to deploy the compute machines. The subnets must belong to the VPC that you specified. Specify a subnet for each availability zone in the region.
+<14> For `<local_registry>`, specify the registry domain name, and optionally the port, that your mirror registry uses to serve content. For example, registry.example.com or registry.example.com:5000. For `<credentials>`, specify the base64-encoded user name and password for your mirror registry.
+ifndef::openshift-origin[]
+<15> Enables or disables FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
++
+[IMPORTANT]
+====
+The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+====
+<16> Optional: provide the `sshKey` value that you use to access the machines in your cluster.
+<17> Provide the contents of the certificate file that you used for your mirror registry.
+<18> Provide these values from the `metadata.name: release-0` section of the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry.
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+<16> Provide the contents of the certificate file that you used for your mirror registry.
+<17> Provide these values from the `metadata.name: release-0` section of the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry.
+endif::openshift-origin[]
++
+[NOTE]
+====
+For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
+====
+endif::restricted[]
+
 
 ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
 :!with-networking:
@@ -296,3 +437,6 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :!private:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!restricted:
+endif::[]
diff --git a/modules/installation-ibm-cloud-configure-vpc-for-endpoint-gateways.adoc b/modules/installation-ibm-cloud-configure-vpc-for-endpoint-gateways.adoc
new file mode 100644
index 000000000000..c93290b83561
--- /dev/null
+++ b/modules/installation-ibm-cloud-configure-vpc-for-endpoint-gateways.adoc
@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-ibm-cloud-configure-vpc-for-endpoint-gateways_{context}"]
+= Allowing endpoint gateway traffic
+
+If you are using {ibm-cloud-name} Virtual Private endpoints, your Virtual Private Cloud (VPC) must be configured to allow traffic to and from the endpoint gateways.
+
+A VPC's default security group is configured to allow all outbound traffic to endpoint gateways. Therefore, the simplest way to allow traffic between your VPC and endpoint gateways is to modify the default security group to allow inbound traffic on port 443.
+
+[NOTE]
+====
+If you choose to configure a new security group, the security group must be configured to allow both inbound and outbound traffic.
+====
+
+.Prerequisites
+
+* You have installed the {ibm-cloud-name} Command Line Interface utility (`ibmcloud`).
+
+.Procedure
+
+. Obtain the identifier for the default security group by running the following command:
++
+[source,terminal]
+----
+$ DEFAULT_SG=$(ibmcloud is vpc <your_vpc_name> --output JSON | jq -r '.default_security_group.id')
+----
+. Add a rule that allows inbound traffic on port 443 by running the following command:
++
+[source,terminal]
+----
+$ ibmcloud is security-group-rule-add $DEFAULT_SG inbound tcp --remote 0.0.0.0/0 --port-min 443 --port-max 443
+----
+
+[NOTE]
+====
+Be sure that your endpoint gateways are configured to use this security group.
+====
diff --git a/modules/installation-ibm-cloud-creating-api-key.adoc b/modules/installation-ibm-cloud-creating-api-key.adoc
index f77f544984fc..9c2d9106e630 100644
--- a/modules/installation-ibm-cloud-creating-api-key.adoc
+++ b/modules/installation-ibm-cloud-creating-api-key.adoc
@@ -3,19 +3,19 @@
 // installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
 // installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-ibm-cloud-creating-api-key_{context}"]
 = Creating an API key
 
-You must create a user API key or a service ID API key for your IBM Cloud account.
+You must create a user API key or a service ID API key for your {ibm-cloud-name} account.
 
 .Prerequisites
 
-* You have assigned the required access policies to your IBM Cloud account.
+* You have assigned the required access policies to your {ibm-cloud-name} account.
 * You have attached you IAM access policies to an access group, or other appropriate resource.
 
 .Procedure
 
 * Create an API key, depending on how you defined your IAM access policies.
 +
-For example, if you assigned your access policies to a user, you must create a link:https://cloud.ibm.com/docs/account?topic=account-userapikey[user API key]. If you assigned your access policies to a service ID, you must create a link:https://cloud.ibm.com/docs/account?topic=account-serviceidapikeys[service ID API key]. If your access policies are assigned to an access group, you can use either API key type. For more information on IBM Cloud VPC API keys, see link:https://cloud.ibm.com/docs/account?topic=account-manapikey&interface=ui[Understanding API keys].
+For example, if you assigned your access policies to a user, you must create a link:https://cloud.ibm.com/docs/account?topic=account-userapikey[user API key]. If you assigned your access policies to a service ID, you must create a link:https://cloud.ibm.com/docs/account?topic=account-serviceidapikeys[service ID API key]. If your access policies are assigned to an access group, you can use either API key type. For more information on {ibm-cloud-name} API keys, see link:https://cloud.ibm.com/docs/account?topic=account-manapikey&interface=ui[Understanding API keys].
diff --git a/modules/installation-ibm-cloud-download-rhcos.adoc b/modules/installation-ibm-cloud-download-rhcos.adoc
new file mode 100644
index 000000000000..c4e7f4829ebc
--- /dev/null
+++ b/modules/installation-ibm-cloud-download-rhcos.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+// * installing/installing_installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-ibm-cloud-download-rhcos_{context}"]
+= Downloading the RHCOS cluster image
+
+The installation program requires the {op-system-first} image to install the cluster. While optional, downloading the {op-system-first} before deploying removes the need for internet access when creating the cluster.
+
+Use the installation program to locate and download the {op-system-first} image.
+
+.Prerequisites
+
+* The host running the installation program has internet access.
+
+.Procedure
+
+. Change to the directory that contains the installation program and run the following command:
++
+[source,terminal]
+----
+$ ./openshift-install coreos print-stream-json
+----
+
+. Use the output of the command to find the location of the {ibm-cloud-name} image.
+[source,terminal]
++
+.Example output
+----
+  "release": "415.92.202311241643-0",
+  "formats": {
+    "qcow2.gz": {
+      "disk": {
+        "location": "https://rhcos.mirror.openshift.com/art/storage/prod/streams/4.15-9.2/builds/415.92.202311241643-0/x86_64/rhcos-415.92.202311241643-0-ibmcloud.x86_64.qcow2.gz",
+        "sha256": "6b562dee8431bec3b93adeac1cfefcd5e812d41e3b7d78d3e28319870ffc9eae",
+        "uncompressed-sha256": "5a0f9479505e525a30367b6a6a6547c86a8f03136f453c1da035f3aa5daa8bc9"
+----
+. Download and extract the image archive. Make the image available on the host that the installation program uses to create the cluster.
diff --git a/modules/installation-ibm-cloud-export-variables.adoc b/modules/installation-ibm-cloud-export-variables.adoc
index f93c390548f8..eaee5b2fd7c0 100644
--- a/modules/installation-ibm-cloud-export-variables.adoc
+++ b/modules/installation-ibm-cloud-export-variables.adoc
@@ -8,6 +8,7 @@
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 
 ifeval::["{context}" == "installing-ibm-cloud-customizations"]
 :ibm-vpc:
@@ -33,8 +34,11 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :ibm-power-vs:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-vpc:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-ibm-cloud-export-variables_{context}"]
 = Exporting the API key
 
@@ -42,7 +46,7 @@ You must set the API key you created as a global variable; the installation prog
 
 .Prerequisites
 
-* You have created either a user API key or service ID API key for your IBM Cloud account.
+* You have created either a user API key or service ID API key for your {ibm-cloud-name} account.
 
 .Procedure
 
@@ -91,3 +95,6 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :!ibm-power-vs:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-vpc:
+endif::[]
diff --git a/modules/installation-ibm-cloud-iam-policies-api-key.adoc b/modules/installation-ibm-cloud-iam-policies-api-key.adoc
index 5c2222e02e5f..b537bba3ce90 100644
--- a/modules/installation-ibm-cloud-iam-policies-api-key.adoc
+++ b/modules/installation-ibm-cloud-iam-policies-api-key.adoc
@@ -10,19 +10,19 @@ ifeval::["{context}" == "installing-ibm-cloud-account-power-vs"]
 :ibm-power-vs:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-ibm-cloud-iam-policies-api-key_{context}"]
-= IBM Cloud VPC IAM Policies and API Key
+= {ibm-cloud-title} IAM Policies and API Key
 
-To install {product-title} into your IBM Cloud account, the installation program requires an IAM API key, which provides authentication and authorization to access IBM Cloud service APIs. You can use an existing IAM API key that contains the required policies or create a new one.
+To install {product-title} into your {ibm-cloud-name} account, the installation program requires an IAM API key, which provides authentication and authorization to access {ibm-cloud-name} service APIs. You can use an existing IAM API key that contains the required policies or create a new one.
 
-For an IBM Cloud IAM overview, see the IBM Cloud link:https://cloud.ibm.com/docs/account?topic=account-iamoverview[documentation].
+For an {ibm-cloud-name} IAM overview, see the {ibm-cloud-name} link:https://cloud.ibm.com/docs/account?topic=account-iamoverview[documentation].
 
 ifdef::ibm-vpc[]
 [id="required-access-policies-ibm-cloud_{context}"]
 == Required access policies
 
-You must assign the required access policies to your IBM Cloud account.
+You must assign the required access policies to your {ibm-cloud-name} account.
 
 .Required access policies
 [cols="1,2,2,2,3",options="header"]
@@ -41,6 +41,12 @@ You must assign the required access policies to your IBM Cloud account.
 |Editor, Operator, Viewer, Administrator
 |
 
+|Account management
+|Resource group only
+|All resource groups in the account
+|Administrator
+|
+
 |IAM services
 |Cloud Object Storage
 |All resources or a subset of resources ^[1]^
@@ -48,13 +54,13 @@ You must assign the required access policies to your IBM Cloud account.
 |Reader, Writer, Manager, Content Reader, Object Reader, Object Writer
 
 |IAM services
-|Internet Services ^3^
+|Internet Services
 |All resources or a subset of resources ^[1]^
 |Editor, Operator, Viewer, Administrator
 |Reader, Writer, Manager
 
 |IAM services
-|DNS Services ^3^
+|DNS Services
 |All resources or a subset of resources ^[1]^
 |Editor, Operator, Viewer, Administrator
 |Reader, Writer, Manager
@@ -69,8 +75,7 @@ You must assign the required access policies to your IBM Cloud account.
 [.small]
 --
 1. The policy access scope should be set based on how granular you want to assign access. The scope can be set to *All resources* or *Resources based on selected attributes*.
-2. Optional: This access policy is only required if you want the installation program to create a resource group. For more information about resource groups, see the IBM link:https://cloud.ibm.com/docs/account?topic=account-rgs[documentation].
-3. Only one service is required. The service that is required depends on the type of cluster that you are installing. If you are installing a public cluster, `Internet Services` is required. If you are installing a private cluster, `DNS Services` is required.
+2. Optional: This access policy is only required if you want the installation program to create a resource group. For more information about resource groups, see the {ibm-name} link:https://cloud.ibm.com/docs/account?topic=account-rgs[documentation].
 --
 //TODO: IBM confirmed current values in the table above. They hope to provide more guidance on possibly scoping down the permissions (related to resource group actions).
 endif::ibm-vpc[]
@@ -121,7 +126,7 @@ ifdef::ibm-power-vs[]
 |Default resource group: The resource type should equal `Resource group`, with a value of `Default`. If your account administrator changed your account's default resource group to something other than Default, use that value instead.
 
 |Viewer, Operator, Editor, Reader, Manager
-|Power Systems Virtual Server service in <resoure_group> resource group
+|{ibm-power-server-name} service in <resource_group> resource group
 
 |Viewer, Operator, Editor, Reader, Writer, Manager, Administrator
 |Internet Services service in <resource_group> resource group: CIS functional scope string equals reliability
@@ -138,10 +143,10 @@ endif::ibm-power-vs[]
 == Access policy assignment
 
 ifdef::ibm-vpc[]
-In IBM Cloud VPC IAM, access policies can be attached to different subjects:
+In {ibm-cloud-name} IAM, access policies can be attached to different subjects:
 endif::ibm-vpc[]
 ifdef::ibm-power-vs[]
-In IBM Cloud IAM, access policies can be attached to different subjects:
+In {ibm-cloud-name} IAM, access policies can be attached to different subjects:
 endif::ibm-power-vs[]
 
 * Access group (Recommended)
@@ -155,4 +160,4 @@ ifeval::["{context}" == "installing-ibm-cloud-account"]
 endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-account-power-vs"]
 :!ibm-power-vs:
-endif::[]
\ No newline at end of file
+endif::[]
diff --git a/modules/installation-ibm-cloud-regions.adoc b/modules/installation-ibm-cloud-regions.adoc
index 733507b03831..d9b9b38021da 100644
--- a/modules/installation-ibm-cloud-regions.adoc
+++ b/modules/installation-ibm-cloud-regions.adoc
@@ -10,14 +10,14 @@ ifeval::["{context}" == "installing-ibm-cloud-account-power-vs"]
 :ibm-power-vs:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 ifdef::ibm-vpc[]
 [id="installation-ibm-cloud-regions_{context}"]
-= Supported IBM Cloud VPC regions
+= Supported {ibm-cloud-title} regions
 endif::ibm-vpc[]
 ifdef::ibm-power-vs[]
 [id="installation-ibm-power-vs-regions_{context}"]
-= Supported {ibmpowerProductName} Virtual Server regions and zones
+= Supported {ibm-power-server-title} regions and zones
 endif::ibm-power-vs[]
 
 You can deploy an {product-title} cluster to the following regions:
@@ -38,6 +38,7 @@ endif::ibm-vpc[]
 ifdef::ibm-power-vs[]
 
 * `dal` (Dallas, USA)
+** `dal10`
 ** `dal12`
 * `us-east` (Washington DC, USA)
 ** `us-east`
@@ -58,7 +59,7 @@ ifdef::ibm-power-vs[]
 * `tor` (Toronto, Canada)
 ** `tor01`
 
-You might optionally specify the IBM Cloud VPC region in which the installer will create any VPC components. Supported regions in IBM Cloud are:
+You might optionally specify the {ibm-cloud-name} region in which the installer will create any VPC components. Supported regions in {ibm-cloud-name} are:
 
 * `us-south`
 * `eu-de`
diff --git a/modules/installation-ibm-power-vs-config-yaml.adoc b/modules/installation-ibm-power-vs-config-yaml.adoc
index dfd06d641235..372e847dc0c9 100644
--- a/modules/installation-ibm-power-vs-config-yaml.adoc
+++ b/modules/installation-ibm-power-vs-config-yaml.adoc
@@ -18,9 +18,9 @@ ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :ibm-powervs-vpc:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-ibm-power-vs-config-yaml_{context}"]
-= Sample customized install-config.yaml file for {ibmpowerProductName} Virtual Server
+= Sample customized install-config.yaml file for {ibm-power-server-title}
 
 You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters.
 
diff --git a/modules/installation-ibm-z-kvm-user-infra-installing-rhcos.adoc b/modules/installation-ibm-z-kvm-user-infra-installing-rhcos.adoc
index 8f5e08fb281a..8b3273ddf01d 100644
--- a/modules/installation-ibm-z-kvm-user-infra-installing-rhcos.adoc
+++ b/modules/installation-ibm-z-kvm-user-infra-installing-rhcos.adoc
@@ -3,12 +3,12 @@
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-ibm-z-kvm-user-infra-installing-rhcos_{context}"]
 = Installing {op-system} and starting the {product-title} bootstrap process
 
-To install {product-title} on {ibmzProductName} infrastructure that you provision, you must install {op-system-first} as {op-system-base-full} guest virtual machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} machines have rebooted.
+To install {product-title} on {ibm-z-name} infrastructure that you provision, you must install {op-system-first} as {op-system-base-full} guest virtual machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} machines have rebooted.
 
 You can perform a fast-track installation of {op-system} that uses a prepackaged QEMU copy-on-write (QCOW2) disk image. Alternatively, you can perform a full installation on a new QCOW2 disk image.
 
-To add further security to your system, you can optionally install {op-system} using IBM Secure Execution before proceeding to the fast-track installation.
+To add further security to your system, you can optionally install {op-system} using {ibm-name} Secure Execution before proceeding to the fast-track installation.
diff --git a/modules/installation-ibm-z-kvm-user-infra-machines-iso.adoc b/modules/installation-ibm-z-kvm-user-infra-machines-iso.adoc
index 6afe796fd9cd..cee33d25901d 100644
--- a/modules/installation-ibm-z-kvm-user-infra-machines-iso.adoc
+++ b/modules/installation-ibm-z-kvm-user-infra-machines-iso.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-iso-ibm-z_kvm_{context}"]
 = Fast-track installation by using a prepackaged QCOW2 disk image
 
@@ -48,12 +48,14 @@ $ qemu-img create -f qcow2 -F qcow2 -b /var/lib/libvirt/images/{source_rhcos_qem
 ----
 $ virt-install --noautoconsole \
    --connect qemu:///system \
-   --name {vn_name} \
+   --name {vm_name} \
    --memory {memory} \
    --vcpus {vcpus} \
    --disk {disk} \
+   --launchSecurity type="s390-pv" \ <1>
    --import \
    --network network={network},mac={mac} \
-   --disk path={ign_file},format=raw,readonly=on,serial=ignition,startup_policy=optional <1>
+   --disk path={ign_file},format=raw,readonly=on,serial=ignition,startup_policy=optional <2>
 ----
-<1> If IBM Secure Execution is enabled, replace `serial=ignition` with `serial=ignition_crypted`.
+<1> If {ibm-name} Secure Execution is enabled, add the `launchSecurity type="s390-pv"` parameter.
+<2> If {ibm-name} Secure Execution is enabled, replace `serial=ignition` with `serial=ignition_crypted`.
diff --git a/modules/installation-ibm-z-troubleshooting-and-debugging.adoc b/modules/installation-ibm-z-troubleshooting-and-debugging.adoc
index e56d9d1699ed..4f8be08b0793 100644
--- a/modules/installation-ibm-z-troubleshooting-and-debugging.adoc
+++ b/modules/installation-ibm-z-troubleshooting-and-debugging.adoc
@@ -2,12 +2,12 @@
 //
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-ibm-z-troubleshooting-and-debugging_{context}"]
 = Collecting debugging information
 
 You can gather debugging information that might help you to troubleshoot and
-debug certain issues with an {product-title} installation on {ibmzProductName}.
+debug certain issues with an {product-title} installation on {ibm-z-name}.
 
 .Prerequisites
 
diff --git a/modules/installation-ibm-z-user-infra-machines-iso.adoc b/modules/installation-ibm-z-user-infra-machines-iso.adoc
index 5ef3578456ec..36c97484b03a 100644
--- a/modules/installation-ibm-z-user-infra-machines-iso.adoc
+++ b/modules/installation-ibm-z-user-infra-machines-iso.adoc
@@ -2,11 +2,11 @@
 //
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-iso-ibm-z_{context}"]
 = Installing {op-system} and starting the {product-title} bootstrap process
 
-To install {product-title} on {ibmzProductName} infrastructure that you provision, you must install {op-system-first} on z/VM guest virtual machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} z/VM guest virtual machines have rebooted.
+To install {product-title} on {ibm-z-name} infrastructure that you provision, you must install {op-system-first} on z/VM guest virtual machines. When you install {op-system}, you must provide the Ignition config file that was generated by the {product-title} installation program for the type of machine you are installing. If you have configured suitable networking, DNS, and load balancing infrastructure, the {product-title} bootstrap process begins automatically after the {op-system} z/VM guest virtual machines have rebooted.
 
 Complete the following steps to create the machines.
 
@@ -79,7 +79,7 @@ Write all options in the parameter file as a single line and make sure you have
 ====
 When you install with multiple paths, you must enable multipathing directly after the installation, not at a later point in time, as this can cause problems.
 ====
-... Set the install device as: `coreos.inst.install_dev=/dev/sda`.
+... Set the install device as: `coreos.inst.install_dev=/dev/disk/by-id/scsi-<serial_number>`.
 +
 [NOTE]
 ====
@@ -89,7 +89,7 @@ If additional LUNs are configured with NPIV, FCP requires `zfcp.allow_lun_scan=0
 +
 [IMPORTANT]
 ====
-Additional post-installation steps are required to fully enable multipathing. For more information, see “Enabling multipathing with kernel arguments on {op-system}" in _Post-installation machine configuration tasks_.
+Additional postinstallation steps are required to fully enable multipathing. For more information, see “Enabling multipathing with kernel arguments on {op-system}" in _Postinstallation machine configuration tasks_.
 ====
 // Add xref once it's allowed.
 +
@@ -99,7 +99,7 @@ The following is an example parameter file `worker-1.parm` for a worker node wit
 ----
 rd.neednet=1 \
 console=ttysclp0 \
-coreos.inst.install_dev=/dev/sda \
+coreos.inst.install_dev=/dev/disk/by-id/scsi-<serial_number> \
 coreos.live.rootfs_url=http://cl1.provide.example.com:8080/assets/rhcos-live-rootfs.s390x.img \
 coreos.inst.ignition_url=http://cl1.provide.example.com:8080/ignition/worker.ign \
 ip=172.18.78.2::172.18.78.1:255.255.255.0:::none nameserver=172.18.78.1 \
@@ -116,7 +116,7 @@ Write all options in the parameter file as a single line and make sure you have
 . Transfer the initramfs, kernel, parameter files, and {op-system} images to z/VM, for example with FTP. For details about how to transfer the files with FTP and boot from the virtual reader, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-installing-zvm-s390[Installing under Z/VM].
 . Punch the files to the virtual reader of the z/VM guest virtual machine that is to become your bootstrap node.
 +
-See link:https://www.ibm.com/docs/en/zvm/7.1?topic=commands-punch[PUNCH] in IBM Documentation.
+See link:https://www.ibm.com/docs/en/zvm/latest?topic=commands-punch[PUNCH] in IBM Documentation.
 +
 [TIP]
 ====
@@ -130,6 +130,6 @@ You can use the CP PUNCH command or, if you use Linux, the **vmur** command to t
 $ ipl c
 ----
 +
-See link:https://www.ibm.com/docs/en/zvm/7.1?topic=commands-ipl[IPL] in IBM Documentation.
+See link:https://www.ibm.com/docs/en/zvm/latest?topic=commands-ipl[IPL] in IBM Documentation.
 +
 . Repeat this procedure for the other machines in the cluster.
diff --git a/modules/installation-identify-supported-aws-outposts-instance-types.adoc b/modules/installation-identify-supported-aws-outposts-instance-types.adoc
index 0e184d710a29..fbb9ee8ee8b7 100644
--- a/modules/installation-identify-supported-aws-outposts-instance-types.adoc
+++ b/modules/installation-identify-supported-aws-outposts-instance-types.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_aws/installing-aws-outposts-remote-workers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-identify-supported-aws-outposts-instance-types_{context}"]
 = Identifying your AWS Outposts instance types
 
diff --git a/modules/installation-images-samples-disconnected-mirroring-assist.adoc b/modules/installation-images-samples-disconnected-mirroring-assist.adoc
index f01833243456..2f27802697eb 100644
--- a/modules/installation-images-samples-disconnected-mirroring-assist.adoc
+++ b/modules/installation-images-samples-disconnected-mirroring-assist.adoc
@@ -11,11 +11,13 @@ During installation, {product-title} creates a config map named `imagestreamtag-
 
 The format of the key for each entry in the data field in the config map is `<image_stream_name>_<image_stream_tag_name>`.
 
+ifndef::openshift-rosa;openshift-dedicated[]
 During a disconnected installation of {product-title}, the status of the Cluster Samples Operator is set to `Removed`. If you choose to change it to `Managed`, it installs samples.
 [NOTE]
 ====
 The use of samples in a network-restricted or discontinued environment may require access to services external to your network. Some example services include: Github, Maven Central, npm, RubyGems, PyPi and others. There might be additional steps to take that allow the cluster samples operators's objects to reach the services they require.
 ====
+endif::openshift-rosa;openshift-dedicated[]
 
 You can use this config map as a reference for which images need to be mirrored for your image streams to import.
 
diff --git a/modules/installation-infrastructure-user-infra.adoc b/modules/installation-infrastructure-user-infra.adoc
index 4122df6c5b8e..a75d387e3e26 100644
--- a/modules/installation-infrastructure-user-infra.adoc
+++ b/modules/installation-infrastructure-user-infra.adoc
@@ -3,14 +3,12 @@
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
 
 ifeval::["{context}" == "installing-ibm-z"]
 :ibm-z:
@@ -25,7 +23,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
 :ibm-z-kvm:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-infrastructure-user-infra_{context}"]
 = Preparing the user-provisioned infrastructure
 
@@ -77,7 +75,7 @@ endif::ibm-z-kvm[]
 +
 [IMPORTANT]
 ====
-By default, port `1936` is accessible for an {product-title} cluster, because each control plane node needs access to this port. 
+By default, port `1936` is accessible for an {product-title} cluster, because each control plane node needs access to this port.
 
 Avoid using the Ingress load balancer to expose this port, because doing so might result in the exposure of sensitive information, such as statistics and metrics, related to Ingress Controllers.
 ====
diff --git a/modules/installation-initializing-manual.adoc b/modules/installation-initializing-manual.adoc
index a704b6476aeb..4a567577eb8e 100644
--- a/modules/installation-initializing-manual.adoc
+++ b/modules/installation-initializing-manual.adoc
@@ -25,12 +25,18 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 endif::[]
+ifeval::["{context}" == "installing-vsphere"]
+:vsphere-upi-vsphere:
+endif::[]
 ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:restricted:
+:restricted-upi:
 endif::[]
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :restricted:
 endif::[]
+ifeval::["{context}" == "installing-vsphere-network-customizations"]
+:vsphere-upi:
+endif::[]
 ifeval::["{context}" == "installing-aws-china-region"]
 :aws-china:
 endif::[]
@@ -64,21 +70,30 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-power-vs-private-cluster"]
 :ibm-power-vs-private:
 endif::[]
-ifeval::["{context}" == "installing-vsphere"]
-:three-node-cluster:
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-cloud-restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+
+:_mod-docs-content-type: PROCEDURE
 [id="installation-initializing-manual_{context}"]
 = Manually creating the installation configuration file
 
-ifndef::aws-china,aws-gov,aws-secret,azure-gov,ash,aws-private,azure-private,gcp-private,gcp-shared,ash-default,ash-network,ibm-cloud-private,ibm-power-vs-private[]
+ifdef::restricted,vsphere-upi-vsphere[]
+For user-provisioned installations of {product-title}, you manually generate your installation configuration file.
+endif::restricted,vsphere-upi-vsphere[]
+ifdef::vsphere-upi,restricted-upi[]
 For user-provisioned installations of {product-title}, you manually generate your installation configuration file.
-endif::aws-china,aws-gov,aws-secret,azure-gov,ash,aws-private,azure-private,gcp-private,gcp-shared,ash-default,ash-network,ibm-cloud-private,ibm-power-vs-private[]
-ifdef::aws-china,aws-gov,aws-secret[]
-Installing the cluster requires that you manually generate the installation configuration file.
+
+[IMPORTANT]
+====
+The Cluster Cloud Controller Manager Operator performs a connectivity check on a provided hostname or IP address. Ensure that you specify a hostname or an IP address to a reachable vCenter server. If you provide metadata to a non-existent vCenter server, installation of the cluster fails at the bootstrap stage.
+====
+endif::vsphere-upi,restricted-upi[]
+ifdef::aws-china,aws-gov,aws-secret,ibm-cloud-restricted[]
+Installing the cluster requires that you manually create the installation configuration file.
 //Made this update as part of feedback in PR3961. tl;dr Simply state you have to create the config file, instead of creating a number of conditions to explain why.
-endif::aws-china,aws-gov,aws-secret[]
+endif::aws-china,aws-gov,aws-secret,ibm-cloud-restricted[]
 ifdef::azure-gov[]
 When installing {product-title} on Microsoft Azure into a government region, you
 must manually generate your installation configuration file.
@@ -98,14 +113,20 @@ endif::gcp-shared[]
 ifdef::aws-china,aws-secret[]
 * You have uploaded a custom RHCOS AMI.
 endif::aws-china,aws-secret[]
+ifndef::ibm-cloud-restricted[]
 * You have an SSH public key on your local machine to provide to the installation program. The key will be used for SSH authentication onto your cluster nodes for debugging and disaster recovery.
+endif::ibm-cloud-restricted[]
 * You have obtained the {product-title} installation program and the pull secret for your
 cluster.
-ifdef::restricted[]
+ifdef::restricted,restricted-upi[]
 * Obtain the `imageContentSources` section from the output of the command to
 mirror the repository.
 * Obtain the contents of the certificate for your mirror registry.
-endif::restricted[]
+endif::restricted,restricted-upi[]
+ifdef::ibm-cloud-restricted[]
+* You have the `imageContentSourcePolicy.yaml` file that was created when you mirrored your registry.
+* You have obtained the contents of the certificate for your mirror registry.
+endif::ibm-cloud-restricted[]
 
 .Procedure
 
@@ -128,27 +149,142 @@ when copying installation files from an earlier {product-title} version.
 
 . Customize the sample `install-config.yaml` file template that is provided and save
 it in the `<installation_directory>`.
+ifdef::ibm-cloud-restricted[]
 +
 [NOTE]
 ====
 You must name this configuration file `install-config.yaml`.
 ====
-ifdef::restricted[]
++
+When customizing the sample template, be sure to provide the information that is required for an installation in a restricted network:
+
+.. Update the `pullSecret` value to contain the authentication information for your registry:
++
+[source,yaml]
+----
+pullSecret: '{"auths":{"<mirror_host_name>:5000": {"auth": "<credentials>","email": "you@example.com"}}}'
+----
++
+For `<mirror_host_name>`, specify the registry domain name
+that you specified in the certificate for your mirror registry, and for
+`<credentials>`, specify the base64-encoded user name and password for
+your mirror registry.
+.. Add the `additionalTrustBundle` parameter and value.
++
+[source,yaml]
+----
+additionalTrustBundle: |
+  -----BEGIN CERTIFICATE-----
+  ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
+  -----END CERTIFICATE-----
+----
++
+The value must be the contents of the certificate file that you used for your mirror registry. The certificate file can be an existing, trusted certificate authority, or the self-signed certificate that you generated for the mirror registry.
+.. Define the network and subnets for the VPC to install the cluster in under the parent `platform.ibmcloud` field:
++
+[source,yaml]
+----
+vpcName: <existing_vpc>
+controlPlaneSubnets: <control_plane_subnet>
+computeSubnets: <compute_subnet>
+----
++
+For `platform.ibmcloud.vpcName`, specify the name for the existing IBM Cloud VPC. For `platform.ibmcloud.controlPlaneSubnets` and `platform.ibmcloud.computeSubnets`, specify the existing subnets to deploy the control plane machines and compute machines, respectively.
+.. Add the image content resources, which resemble the following YAML excerpt:
++
+[source,yaml]
+----
+imageContentSources:
+- mirrors:
+  - <mirror_host_name>:5000/<repo_name>/release
+  source: quay.io/openshift-release-dev/ocp-release
+- mirrors:
+  - <mirror_host_name>:5000/<repo_name>/release
+  source: registry.redhat.io/ocp/release
+----
++
+For these values, use the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry.
+.. If network restrictions limit the use of public endpoints to access the required {ibm-cloud-name} services, add the `serviceEndpoints` stanza to `platform.ibmcloud` to specify an alternate service endpoint.
++
+[NOTE]
+====
+You can specify only one alternate service endpoint for each service.
+====
++
+.Example of using alternate services endpoints
+[source,yaml]
+----
+# ...
+serviceEndpoints:
+  - name: IAM
+    url: <iam_alternate_endpoint_url>
+  - name: VPC
+    url: <vpc_alternate_endpoint_url>
+  - name: ResourceController
+    url: <resource_controller_alternate_endpoint_url>
+  - name: ResourceManager
+    url: <resource_manager_alternate_endpoint_url>
+  - name: DNSServices
+    url: <dns_services_alternate_endpoint_url>
+  - name: COS
+    url: <cos_alternate_endpoint_url>
+  - name: GlobalSearch
+    url: <global_search_alternate_endpoint_url>
+  - name: GlobalTagging
+    url: <global_tagging_alternate_endpoint_url>
+# ...
+----
+.. Optional: Set the publishing strategy to `Internal`:
++
+[source,yaml]
+----
+publish: Internal
+----
++
+By setting this option, you create an internal Ingress Controller and a private load balancer.
++
+[NOTE]
+====
+If you use the default value of `External`, your network must be able to access the public endpoint for {ibm-cloud-name} Internet Services (CIS). CIS is not enabled for Virtual Private Endpoints.
+====
+endif::ibm-cloud-restricted[]
+
+ifndef::ibm-cloud-restricted[]
++
+[NOTE]
+====
+You must name this configuration file `install-config.yaml`.
+====
+endif::ibm-cloud-restricted[]
+
+ifdef::restricted,restricted-upi[]
+
 ** Unless you use a registry that {op-system} trusts by default, such as
 `docker.io`, you must provide the contents of the certificate for your mirror
 repository in the `additionalTrustBundle` section. In most cases, you must
 provide the certificate for your mirror.
 ** You must include the `imageContentSources` section from the output of the command to
 mirror the repository.
-endif::restricted[]
+
 +
+[IMPORTANT]
+====
+** The `ImageContentSourcePolicy` file is generated as an output of `oc mirror` after the mirroring process is finished.
+** The `oc mirror` command generates an `ImageContentSourcePolicy` file which contains the YAML needed to define `ImageContentSourcePolicy`.
+Copy the text from this file and paste it into your `install-config.yaml` file.
+** You must run the 'oc mirror' command twice. The first time you run the `oc mirror` command, you get a full `ImageContentSourcePolicy` file. The second time you run the `oc mirror` command, you only get the difference between the first and second run.
+Because of this behavior, you must always keep a backup of these files in case you need to merge them into one complete `ImageContentSourcePolicy` file. Keeping a backup of these two output files ensures that you have a complete `ImageContentSourcePolicy` file.
+====
+
+endif::restricted,restricted-upi[]
 
-ifndef::aws-china,aws-gov,aws-secret,azure-gov,ash,ash-default,ash-network,gcp-shared,ibm-cloud-private,ibm-power-vs-private[]
+ifndef::aws-china,aws-gov,aws-secret,azure-gov,ash,ash-default,ash-network,gcp-shared,ibm-cloud-private,ibm-power-vs-private,ibm-cloud-restricted[]
++
 [NOTE]
 ====
 For some platform types, you can alternatively run `./openshift-install create install-config --dir <installation_directory>` to generate an `install-config.yaml` file. You can provide details about your cluster configuration at the prompts.
 ====
-endif::aws-china,aws-gov,aws-secret,azure-gov,ash,ash-default,ash-network,gcp-shared,ibm-cloud-private,ibm-power-vs-private[]
+endif::aws-china,aws-gov,aws-secret,azure-gov,ash,ash-default,ash-network,gcp-shared,ibm-cloud-private,ibm-power-vs-private,ibm-cloud-restricted[]
 ifdef::ash[]
 +
 Make the following modifications for Azure Stack Hub:
@@ -197,17 +333,15 @@ Make the following modifications:
 For more information about the parameters, see "Installation configuration parameters".
 endif::ash-default,ash-network[]
 
-ifdef::three-node-cluster[]
+ifdef::vsphere-upi-vsphere[]
 . If you are installing a three-node cluster, modify the `install-config.yaml` file by setting the `compute.replicas` parameter to `0`. This ensures that the cluster's control planes are schedulable. For more information, see "Installing a three-node cluster on {platform}".
-endif::three-node-cluster[]
+endif::vsphere-upi-vsphere[]
 
-. Back up the `install-config.yaml` file so that you can use it to install
-multiple clusters.
+. Back up the `install-config.yaml` file so that you can use it to install multiple clusters.
 +
 [IMPORTANT]
 ====
-The `install-config.yaml` file is consumed during the next step of the
-installation process. You must back it up now.
+The `install-config.yaml` file is consumed during the next step of the installation process. You must back it up now.
 ====
 
 ifeval::["{context}" == "installing-azure-government-region"]
@@ -216,12 +350,18 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 endif::[]
+ifeval::["{context}" == "installing-vsphere"]
+:!vsphere-upi-vsphere:
+endif::[]
 ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:!restricted:
+:!restricted-upi:
 endif::[]
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :!restricted:
 endif::[]
+ifeval::["{context}" == "installing-vsphere-network-customizations"]
+:!vsphere-upi:
+endif::[]
 ifeval::["{context}" == "installing-aws-china-region"]
 :!aws-china:
 endif::[]
@@ -255,7 +395,7 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-power-vs-private-cluster"]
 :!ibm-power-vs-private:
 endif::[]
-ifeval::["{context}" == "installing-vsphere"]
-:!three-node-cluster:
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-cloud-restricted:
 endif::[]
 :!platform:
diff --git a/modules/installation-initializing.adoc b/modules/installation-initializing.adoc
index 651f4ef9eebc..ece0816079dd 100644
--- a/modules/installation-initializing.adoc
+++ b/modules/installation-initializing.adoc
@@ -27,18 +27,19 @@
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-customizations.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
+// * installing/installing_vmc/installing-vmc-customizations.adoc
+// * installing/installing_vmc/installing-vmc-network-customizations.adoc
+// * installing/installing_vmc/installing-restricted-networks-vmc.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
 // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_nutanix/configuring-iam-nutanix.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
-
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 // * installing/installing_gcp/installing-openstack-installer-restricted.adoc
 // Consider also adding the installation-configuration-parameters.adoc module.
 //YOU MUST SET AN IFEVAL FOR EACH NEW MODULE
@@ -131,34 +132,21 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :ibm-cloud:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-custom"]
-:osp:
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-cloud:
+:restricted:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
+ifeval::["{context}" == "installing-openstack-installer-custom"]
 :osp:
 endif::[]
 ifeval::["{context}" == "installing-openstack-user"]
 :osp:
 :osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:osp:
-:osp-user:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :osp:
 :osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:osp:
-:osp-user:
-endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:rhv:
-endif::[]
-ifeval::["{context}" == "installing-rhv-default"]
-:rhv:
-endif::[]
 ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
 :vsphere:
 :three-node-cluster:
@@ -181,8 +169,16 @@ ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provis
 :nutanix:
 :restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure:
+:restricted:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:restricted:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-initializing_{context}"]
 = Creating the installation configuration file
 
@@ -200,7 +196,7 @@ ifdef::gcp[]
 Google Cloud Platform (GCP).
 endif::gcp[]
 ifdef::ibm-cloud[]
-IBM Cloud.
+{ibm-cloud-name}.
 endif::ibm-cloud[]
 ifdef::osp[]
 {rh-openstack-first}.
@@ -208,39 +204,49 @@ endif::osp[]
 ifdef::vsphere[]
 VMware vSphere.
 endif::vsphere[]
-ifdef::rhv[]
-{rh-virtualization-first}.
-endif::rhv[]
 ifdef::nutanix[]
 Nutanix.
 endif::nutanix[]
 
 .Prerequisites
 
-* Obtain the {product-title} installation program and the pull secret for your cluster.
+* You have the {product-title} installation program and the pull secret for your cluster.
 ifdef::restricted[]
 For a restricted network installation, these files are on your mirror host.
-ifndef::nutanix[]
-* Have the `imageContentSources` values that were generated during mirror registry creation.
-endif::nutanix[]
+ifndef::nutanix,ibm-cloud[]
+* You have the `imageContentSources` values that were generated during mirror registry creation.
+endif::nutanix,ibm-cloud[]
 ifdef::nutanix+restricted[]
-* Have the `imageContentSourcePolicy.yaml` file that was created when you mirrored your registry.
-* Have the location of the {op-system-first} image you download.
+* You have the `imageContentSourcePolicy.yaml` file that was created when you mirrored your registry.
+* You have the location of the {op-system-first} image you download.
 endif::nutanix+restricted[]
-* Obtain the contents of the certificate for your mirror registry.
-ifndef::aws,gcp[]
-* Retrieve a {op-system-first} image and upload it to an accessible location.
-endif::aws,gcp[]
+ifdef::ibm-cloud+restricted[]
+* You have the `imageContentSourcePolicy.yaml` file that was created when you mirrored your registry.
+endif::ibm-cloud+restricted[]
+* You have obtained the contents of the certificate for your mirror registry.
+ifndef::aws,gcp,ibm-cloud[]
+* You have retrieved a {op-system-first} image and uploaded it to an accessible location.
+endif::aws,gcp,ibm-cloud[]
 endif::restricted[]
-ifndef::nutanix[]
-* Obtain service principal permissions at the subscription level.
-endif::nutanix[]
+ifdef::azure[]
+* You have an Azure subscription ID and tenant ID.
+* If you are installing the cluster using a service principal, you have its application ID and password.
+* If you are installing the cluster using a system-assigned managed identity, you have enabled it on the virtual machine that you will run the installation program from.
+* If you are installing the cluster using a user-assigned managed identity, you have met these prerequisites:
+** You have its client ID.
+** You have assigned it to the virtual machine that you will run the installation program from.
+endif::azure[]
 ifdef::nutanix[]
-* Verify that you have met the Nutanix networking requirements. For more information, see "Preparing to install on Nutanix".
+* You have verified that you have met the Nutanix networking requirements. For more information, see "Preparing to install on Nutanix".
 endif::nutanix[]
 
 .Procedure
 
+ifdef::azure[]
+. Optional: If you have run the installation program on this computer before, and want to use an alternative service principal or managed identity, go to the `~/.azure/` directory and delete the `osServicePrincipal.json` configuration file.
++
+Deleting this file prevents the installation program from automatically reusing subscription and authentication values from a previous installation.
+endif::azure[]
 . Create the `install-config.yaml` file.
 +
 .. Change to the directory that contains the installation program and run the following command:
@@ -255,8 +261,17 @@ files that the installation program creates.
 When specifying the directory:
 * Verify that the directory has the `execute` permission. This permission is required to run Terraform binaries under the installation directory.
 * Use an empty directory. Some installation assets, such as bootstrap X.509 certificates, have short expiration intervals, therefore you must not reuse an installation directory. If you want to reuse individual files from another cluster installation, you can copy them into your directory. However, the file names for the installation assets might change between releases. Use caution when copying installation files from an earlier {product-title} version.
-
-ifndef::rhv[]
+ifdef::ibm-power-vs[]
++
+[NOTE]
+=====
+Always delete the `~/.powervs` directory to avoid reusing a stale configuration. Run the following command:
+[source,terminal]
+----
+$ rm -rf ~/.powervs
+----
+=====
+endif::ibm-power-vs[]
 .. At the prompts, provide the configuration details for your cloud:
 ... Optional: Select an SSH key to use to access your cluster machines.
 +
@@ -264,7 +279,6 @@ ifndef::rhv[]
 ====
 For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
 ====
-endif::rhv[]
 ifdef::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
 ... Select *alibabacloud* as the platform to target.
 ... Select the region to deploy the cluster to.
@@ -281,16 +295,19 @@ installation program.
 endif::aws[]
 ifdef::azure[]
 ... Select *azure* as the platform to target.
-... If you do not have a Microsoft Azure profile stored on your computer, specify the
-following Azure parameter values for your subscription and service principal:
-**** *azure subscription id*: The subscription ID to use for the cluster.
-Specify the `id` value in your account output.
-**** *azure tenant id*: The tenant ID. Specify the `tenantId` value in your
-account output.
-**** *azure service principal client id*: The value of the `appId` parameter
-for the service principal.
-**** *azure service principal client secret*: The value of the `password`
-parameter for the service principal.
++
+If the installation program cannot locate the `osServicePrincipal.json` configuration file from a previous installation, you are prompted for Azure subscription and authentication values.
+... Enter the following Azure parameter values for your subscription:
+**** *azure subscription id*: Enter the subscription ID to use for the cluster.
+**** *azure tenant id*: Enter the tenant ID.
+... Depending on the Azure identity you are using to deploy the cluster, do one of the following when prompted for the *azure service principal client id*:
+**** If you are using a service principal, enter its application ID.
+**** If you are using a system-assigned managed identity, leave this value blank.
+**** If you are using a user-assigned managed identity, specify its client ID.
+... Depending on the Azure identity you are using to deploy the cluster, do one of the following when prompted for the *azure service principal client secret*:
+**** If you are using a service principal, enter its password.
+**** If you are using a system-assigned managed identity, leave this value blank.
+**** If you are using a user-assigned managed identity, leave this value blank.
 ... Select the region to deploy the cluster to.
 ... Select the base domain to deploy the cluster to. The base domain corresponds
 to the Azure DNS Zone that you created for your cluster.
@@ -342,6 +359,13 @@ After you create the installation configuration file, you can modify the file to
 ====
 
 ... Select the default vCenter datastore to use.
++
+[WARNING]
+====
+You can specify the path of any datastore that exists in a datastore cluster. By default, Storage Distributed Resource Scheduler (SDRS), which uses Storage vMotion, is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage DRS to avoid data loss issues for your {product-title} cluster.
+
+You cannot specify more than one datastore path. If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
+====
 ... Select the vCenter cluster to install the {product-title} cluster in. The installation program uses the root resource pool of the vSphere cluster as the default resource pool.
 ... Select the network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
 ... Enter the virtual IP address that you configured for control plane API access.
@@ -362,101 +386,29 @@ The installation program connects to Prism Central.
 ... Enter the base domain. This base domain must be the same one that you configured in the DNS records.
 endif::nutanix[]
 ifndef::osp[]
-ifndef::rhv,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
+ifndef::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
 ... Enter a descriptive name for your cluster.
-ifdef::vsphere,nutanix[]
-The cluster name you enter must match the cluster name you specified when configuring the DNS records.
-endif::vsphere,nutanix[]
-endif::rhv,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
-endif::osp[]
-ifdef::osp[]
-... Enter a name for your cluster. The name must be 14 or fewer characters long.
-endif::osp[]
 ifdef::azure[]
 +
 [IMPORTANT]
 ====
-All Azure resources that are available through public endpoints are subject to
-resource name restrictions, and you cannot create resources that use certain
-terms. For a list of terms that Azure restricts, see
-link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors]
-in the Azure documentation.
+All Azure resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation.
 ====
 endif::azure[]
-ifdef::rhv[]
-.. Respond to the installation program prompts.
-... For `SSH Public Key`, select a password-less public key, such as `~/.ssh/id_rsa.pub`. This key authenticates connections with the new {product-title} cluster.
-+
-[NOTE]
-====
-For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, select an SSH key that your `ssh-agent` process uses.
-====
-... For `Platform`, select `ovirt`.
-... For `Enter oVirt's API endpoint URL`, enter the URL of the {rh-virtualization} API using this format:
-+
-[source,terminal]
-----
-https://<engine-fqdn>/ovirt-engine/api <1>
-----
-<1> For `<engine-fqdn>`, specify the fully qualified domain name of the {rh-virtualization} environment.
-+
-For example:
-+
-ifndef::openshift-origin[]
-[source,terminal]
-----
-$ curl -k -u ocpadmin@internal:pw123 \
-https://rhv-env.virtlab.example.com/ovirt-engine/api
-----
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-[source,terminal]
-----
-$ curl -k -u admin@internal:pw123 \
-https://ovirtlab.example.com/ovirt-engine/api
-----
-endif::openshift-origin[]
 +
-... For `Is the oVirt CA trusted locally?`, enter `Yes`, because you have already set up a CA certificate. Otherwise, enter `No`.
-
-... For `oVirt's CA bundle`, if you entered `Yes` for the preceding question, copy the certificate content from `/etc/pki/ca-trust/source/anchors/ca.pem` and paste it here. Then, press `Enter` twice. Otherwise, if you entered `No` for the preceding question, this question does not appear.
-... For `oVirt engine username`, enter the user name and profile of the {rh-virtualization} administrator using this format:
-+
-[source,terminal]
-----
-<username>@<profile> <1>
-----
-<1> For `<username>`, specify the user name of an {rh-virtualization} administrator. For `<profile>`, specify the login profile, which you can get by going to the {rh-virtualization} Administration Portal login page and reviewing the *Profile* dropdown list. Together, the user name and profile should look similar to this example:
-+
-ifndef::openshift-origin[]
-[source,terminal]
-----
-ocpadmin@internal
-----
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-[source,terminal]
-----
-admin@internal
-----
-endif::openshift-origin[]
-+
-... For `oVirt engine password`, enter the {rh-virtualization} admin password.
-... For `oVirt cluster`, select the cluster for installing {product-title}.
-... For `oVirt storage domain`, select the storage domain for installing {product-title}.
-... For `oVirt network`, select a virtual network that has access to the {rh-virtualization} {rh-virtualization-engine-name} REST API.
-... For `Internal API Virtual IP`, enter the static IP address you set aside for the cluster's REST API.
-... For `Ingress virtual IP`, enter the static IP address you reserved for the wildcard apps domain.
-... For `Base Domain`, enter the base domain of the {product-title} cluster. If this cluster is exposed to the outside world, this must be a valid domain recognized by DNS infrastructure. For example, enter: `virtlab.example.com`
-... For `Cluster Name`, enter the name of the cluster. For example, `my-cluster`. Use cluster name from the externally registered/resolvable DNS entries you created for the {product-title} REST API and apps domain names. The installation program also gives this name to the cluster in the {rh-virtualization} environment.
-... For `Pull Secret`, copy the pull secret from the `pull-secret.txt` file you downloaded earlier and paste it here. You can also get a copy of the same {cluster-manager-url-pull}.
-endif::rhv[]
-ifndef::rhv[]
+ifdef::azure+restricted[]
 ... Paste the {cluster-manager-url-pull}.
-ifdef::openshift-origin[]
-This field is optional.
-endif::[]
-endif::rhv[]
+endif::azure+restricted[]
+ifdef::vsphere,nutanix[]
+
+The cluster name you enter must match the cluster name you specified when configuring the DNS records.
+
+endif::vsphere,nutanix[]
+endif::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
+endif::osp[]
+ifdef::osp[]
+... Enter a name for your cluster. The name must be 14 or fewer characters long.
+endif::osp[]
 
 ifdef::aws-outposts[]
 . Modify the `install-config.yaml` file. The AWS Outposts installation has the following limitations which require manual modification of the `install-config.yaml` file:
@@ -468,8 +420,7 @@ You will find more information about how to change these values below.
 endif::aws-outposts[]
 
 ifndef::restricted,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc,nutanix,aws-outposts[]
-. Modify the `install-config.yaml` file. You can find more information about
-the available parameters in the "Installation configuration parameters" section.
+. Modify the `install-config.yaml` file. You can find more information about the available parameters in the "Installation configuration parameters" section.
 endif::restricted,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc,nutanix,aws-outposts[]
 ifdef::three-node-cluster[]
 +
@@ -497,45 +448,9 @@ compute:
 endif::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
 
 ifdef::alibabacloud-custom,alibabacloud-vpc[]
-. Modify the `install-config.yaml` file. You can find more information about
-the available parameters in the "Installation configuration parameters" section.
+. Modify the `install-config.yaml` file. You can find more information about the available parameters in the "Installation configuration parameters" section.
 endif::alibabacloud-custom,alibabacloud-vpc[]
 
-ifndef::restricted[]
-
-ifdef::rhv[]
-+
-[NOTE]
-====
-If you have any intermediate CA certificates on the {rh-virtualization-engine-name}, verify that the certificates appear in the `ovirt-config.yaml` file and the `install-config.yaml` file. If they do not appear, add them as follows:
-
-. In the `~/.ovirt/ovirt-config.yaml` file:
-+
-[source,yaml]
-----
-[ovirt_ca_bundle]: |
-     -----BEGIN CERTIFICATE-----
-     <MY_TRUSTED_CA>
-     -----END CERTIFICATE-----
-     -----BEGIN CERTIFICATE-----
-     <INTERMEDIATE_CA>
-     -----END CERTIFICATE-----
-----
-. In the `install-config.yaml` file:
-+
-[source,yaml]
-----
-[additionalTrustBundle]: |
-     -----BEGIN CERTIFICATE-----
-     <MY_TRUSTED_CA>
-     -----END CERTIFICATE-----
-     -----BEGIN CERTIFICATE-----
-     <INTERMEDIATE_CA>
-     -----END CERTIFICATE-----
-----
-====
-endif::rhv[]
-endif::restricted[]
 
 ifdef::osp+restricted[]
 . In the `install-config.yaml` file, set the value of `platform.openstack.clusterOSImage` to the image location or name. For example:
@@ -568,8 +483,7 @@ platform:
 ----
 endif::nutanix+restricted[]
 ifdef::restricted[]
-. Edit the `install-config.yaml` file to give the additional information that
-is required for an installation in a restricted network.
+. Edit the `install-config.yaml` file to give the additional information that is required for an installation in a restricted network.
 .. Update the `pullSecret` value to contain the authentication information for
 your registry:
 +
@@ -605,6 +519,21 @@ subnets:
 - subnet-3
 ----
 endif::aws+restricted[]
+ifdef::azure+restricted[]
+.. Define the network and subnets for the VNet to install the cluster under the `platform.azure` field:
++
+[source,yaml]
+----
+networkResourceGroupName: <vnet_resource_group> <1>
+virtualNetwork: <vnet> <2>
+controlPlaneSubnet: <control_plane_subnet> <3>
+computeSubnet: <compute_subnet> <4>
+----
+<1> Replace `<vnet_resource_group>` with the resource group name that contains the existing virtual network (VNet).
+<2> Replace `<vnet>` with the existing virtual network name.
+<3> Replace `<control_plane_subnet>` with the existing subnet name to deploy the control plane machines.
+<4> Replace `<compute_subnet>` with the existing subnet name to deploy compute machines.
+endif::azure+restricted[]
 ifdef::gcp+restricted[]
 .. Define the network and subnets for the VPC to install the cluster in under the parent `platform.gcp` field:
 +
@@ -617,6 +546,7 @@ computeSubnet: <compute_subnet>
 +
 For `platform.gcp.network`, specify the name for the existing Google VPC. For `platform.gcp.controlPlaneSubnet` and `platform.gcp.computeSubnet`, specify the existing subnets to deploy the control plane machines and compute machines, respectively.
 endif::gcp+restricted[]
+
 ifdef::ibm-power-vs+restricted[]
 .. Define the network and subnets for the VPC to install the cluster in under the parent `platform.ibmcloud` field:
 +
@@ -626,8 +556,20 @@ vpcName: <existing_vpc>
 vpcSubnets: <vpcSubnet>
 ----
 +
-For `platform.powervs.vpcName`, specify the name for the existing IBM Cloud VPC. For `platform.powervs.vpcSubnets`, specify the existing subnets.
+For `platform.powervs.vpcName`, specify the name for the existing {ibm-cloud-name}. For `platform.powervs.vpcSubnets`, specify the existing subnets.
 endif::ibm-power-vs+restricted[]
+ifdef::ibm-cloud+restricted[]
+.. Define the network and subnets for the VPC to install the cluster in under the parent `platform.ibmcloud` field:
++
+[source,yaml]
+----
+vpcName: <existing_vpc>
+controlPlaneSubnets: <control_plane_subnet>
+computeSubnets: <compute_subnet>
+----
++
+For `platform.ibmcloud.vpcName`, specify the name for the existing IBM Cloud VPC. For `platform.ibmcloud.controlPlaneSubnets` and `platform.ibmcloud.computeSubnets`, specify the existing subnets to deploy the control plane machines and compute machines, respectively.
+endif::ibm-cloud+restricted[]
 
 .. Add the image content resources, which resemble the following YAML excerpt:
 +
@@ -642,16 +584,72 @@ imageContentSources:
   source: registry.redhat.io/ocp/release
 ----
 +
-ifndef::nutanix[]
+ifndef::nutanix,ibm-cloud[]
 For these values, use the `imageContentSources` that you recorded during mirror registry creation.
-endif::nutanix[]
-ifdef::nutanix[]
+endif::nutanix,ibm-cloud[]
+ifdef::nutanix,ibm-cloud[]
 For these values, use the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry.
-endif::nutanix[]
+endif::nutanix,ibm-cloud[]
+ifdef::ibm-cloud[]
+.. If your Virtual Private Cloud (VPC) network is unable to access the public endpoints for the required {ibm-cloud-name} service endpoints, add the following stanza to `platform.ibmcloud` to override them using {ibm-cloud-name} Virtual Private Endpoints (VPE).
++
+[source,yaml]
+----
+# ...
+serviceEndpoints:
+  - name: IAM
+    url: <iam_private_endpoint_url>
+  - name: VPC
+    url: <vpc_private_endpoint_url>
+  - name: ResourceController
+    url: <resource_controller_private_endpoint_url>
+  - name: ResourceManager
+    url: <resource_manager_private_endpoint_url>
+  - name: DNSServices
+    url: <dns_services_private_endpoint_url>
+  - name: COS
+    url: <cos_private_endpoint_url>
+  - name: GlobalSearch
+    url: <global_search_private_endpoint_url>
+  - name: GlobalTagging
+    url: <global_tagging_private_endpoint_url>
+# ...
+----
++
+[NOTE]
+====
+Only one VPE can be specified per service.
+====
+endif::ibm-cloud[]
+ifdef::restricted[]
+.. Optional: Set the publishing strategy to `Internal`:
++
+[source,yaml]
+----
+publish: Internal
+----
++
+By setting this option, you create an internal Ingress Controller and a private load balancer.
+ifdef::azure[]
++
+[IMPORTANT]
+====
+Azure Firewall link:https://learn.microsoft.com/en-us/azure/firewall/integrate-lb[does not work seamlessly] with Azure Public Load balancers. Thus, when using Azure Firewall for restricting internet access, the `publish` field in `install-config.yaml` should be set to `Internal`.
+====
+endif::azure[]
+ifdef::ibm-cloud[]
++
+[NOTE]
+====
+If you use the default value of `External`, your network must be able to access the public endpoint for {ibm-cloud-name} Internet Services (CIS). CIS is not enabled for Virtual Private Endpoints.
+====
+endif::ibm-cloud[]
+endif::restricted[]
 
 ifndef::nutanix[]
-. Make any other modifications to the `install-config.yaml` file that you require. You can find more information about
-the available parameters in the *Installation configuration parameters* section.
+. Make any other modifications to the `install-config.yaml` file that you require.
++
+For more information about the parameters, see "Installation configuration parameters".
 endif::nutanix[]
 endif::restricted[]
 
@@ -675,6 +673,10 @@ The `install-config.yaml` file is consumed during the installation process. If
 you want to reuse the file, you must back it up now.
 ====
 
+ifdef::azure[]
+If previously not detected, the installation program creates an `osServicePrincipal.json` configuration file and stores this file in the `~/.azure/` directory on your computer. This ensures that the installation program can load the profile when it is creating an {product-title} cluster on the target platform.
+endif::azure[]
+
 ifdef::osp-user[You now have the file `install-config.yaml` in the directory that you specified.]
 
 ifeval::["{context}" == "installing-alibaba-default"]
@@ -765,34 +767,21 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :!ibm-cloud:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-custom"]
-:!osp:
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-cloud:
+:!restricted:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
+ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!osp:
 endif::[]
 ifeval::["{context}" == "installing-openstack-user"]
 :!osp:
 :!osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!osp:
-:!osp-user:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :!osp:
 :!osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!osp:
-:!osp-user:
-endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:!rhv:
-endif::[]
-ifeval::["{context}" == "installing-rhv-default"]
-:!rhv:
-endif::[]
 ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
 :!vsphere:
 :!three-node-cluster:
@@ -816,3 +805,11 @@ ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provis
 :!restricted:
 endif::[]
 :!platform:
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure:
+:!restricted:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!restricted:
+endif::[]
diff --git a/modules/installation-installer-provisioned-vsphere-config-yaml.adoc b/modules/installation-installer-provisioned-vsphere-config-yaml.adoc
index b627d7dc4ed4..33e19cf25ae2 100644
--- a/modules/installation-installer-provisioned-vsphere-config-yaml.adoc
+++ b/modules/installation-installer-provisioned-vsphere-config-yaml.adoc
@@ -24,19 +24,17 @@ apiVersion: v1
 baseDomain: example.com <1>
 compute: <2>
 - architecture: amd64
-  hyperthreading: Enabled <3>
   name:  <worker_node>
   platform: {}
   replicas: 3
 controlPlane: <2>
-- architecture: amd64
-  hyperthreading: Enabled <3>
+  architecture: amd64
   name: <parent_node>
   platform: {}
   replicas: 3
 metadata:
   creationTimestamp: null
-  name: test <4>
+  name: test <3>
 ifdef::network[]
 networking:
   clusterNetwork:
@@ -49,17 +47,17 @@ networking:
   - 172.30.0.0/16
 endif::network[]
 platform:
-  vsphere: <5>
+  vsphere: <4>
     apiVIPs:
       - 10.0.0.1
-    failureDomains: <6>
+    failureDomains: <5>
     - name: <failure_domain_name>
       region: <default_region_name>
       server: <fully_qualified_domain_name>
       topology:
         computeCluster: "/<datacenter>/host/<cluster>"
         datacenter: <datacenter>
-        datastore: "/<datacenter>/datastore/<datastore>"
+        datastore: "/<datacenter>/datastore/<datastore>" <6>
         networks:
         - <VM_Network_name>
         resourcePool: "/<datacenter>/host/<cluster>/Resources/<resourcePool>" <7>
@@ -95,26 +93,27 @@ additionalTrustBundle: | <11>
   -----END CERTIFICATE-----
 imageContentSources: <12>
 - mirrors:
-  - <local_registry>/<local_repository_name>/release
-  source: quay.io/openshift-release-dev/ocp-release
+  - <mirror_host_name>:<mirror_port>/<repo_name>/release
+  source: <source_image_1>
 - mirrors:
-  - <local_registry>/<local_repository_name>/release
-  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+  - <mirror_host_name>:<mirror_port>/<repo_name>/release-images
+  source: <source_image_2>
 endif::restricted[]
 ----
 <1> The base domain of the cluster. All DNS records must be sub-domains of this base and include the cluster name.
 <2> The `controlPlane` section is a single mapping, but the `compute` section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Only one control plane pool is used.
-<3> Whether to enable or disable simultaneous multithreading, or `hyperthreading`. By default, simultaneous multithreading is enabled
-to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines.
+<3> The cluster name that you specified in your DNS records.
+<4> Optional: Provides additional configuration for the machine pool parameters for the compute and control plane machines.
+<5> Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
+<6> The path to the vSphere datastore that holds virtual machine files, templates, and ISO images. 
 +
 [IMPORTANT]
 ====
-If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. Your machines must use at least 8 CPUs and 32 GB of RAM if you disable simultaneous multithreading.
+You can specify the path of any datastore that exists in a datastore cluster. By default, Storage vMotion is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage vMotion to avoid data loss issues for your {product-title} cluster.
+
+If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
 ====
-<4> The cluster name that you specified in your DNS records.
-<5> Optional parameter for providing additional configuration for the machine pool parameters for the compute and control plane machines.
-<6> Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
-<7> Optional parameter for providing an existing resource pool for machine creation. If you do not specify a value, the installation program uses the root resource pool of the vSphere cluster.
+<7> Optional: Provides an existing resource pool for machine creation. If you do not specify a value, the installation program uses the root resource pool of the vSphere cluster.
 <8> The vSphere disk provisioning method.
 ifdef::network[]
 <9> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
diff --git a/modules/installation-installing-bare-metal.adoc b/modules/installation-installing-bare-metal.adoc
index eae9ea10c0b3..6dbeb8963193 100644
--- a/modules/installation-installing-bare-metal.adoc
+++ b/modules/installation-installing-bare-metal.adoc
@@ -25,7 +25,7 @@ ifeval::["{context}" == "installing-restricted-networks-vsphere"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-installing-bare-metal_{context}"]
 = Waiting for the bootstrap process to complete
 
@@ -57,7 +57,7 @@ $ ./openshift-install --dir <installation_directory> wait-for bootstrap-complete
 [source,terminal]
 ----
 INFO Waiting up to 30m0s for the Kubernetes API at https://api.test.example.com:6443...
-INFO API v1.26.0 up
+INFO API v1.28.5 up
 INFO Waiting up to 30m0s for bootstrapping to complete...
 INFO It is now safe to remove the bootstrap resources
 ----
diff --git a/modules/installation-launching-installer.adoc b/modules/installation-launching-installer.adoc
index efe4de49864c..6634ab55383d 100644
--- a/modules/installation-launching-installer.adoc
+++ b/modules/installation-launching-installer.adoc
@@ -26,12 +26,14 @@
 // * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
 // * installing/installing_gcp/installing-ibm-cloud-customizations.adoc
 // * installing/installing_gcp/installing-ibm-cloud-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_openstack/installing-openstack-installer.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
@@ -42,6 +44,7 @@
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
 // If you use this module in any other assembly, you must update the ifeval
 // statements.
 
@@ -108,6 +111,7 @@ endif::[]
 ifeval::["{context}" == "installing-azure-default"]
 :no-config:
 :azure:
+:azure-default:
 endif::[]
 ifeval::["{context}" == "installing-gcp-customizations"]
 :custom-config:
@@ -145,7 +149,7 @@ endif::[]
 ifeval::["{context}" == "installing-azure-government-region"]
 :custom-config:
 :azure:
-:single-step:
+:azure-gov:
 endif::[]
 ifeval::["{context}" == "installing-azure-vnet"]
 :custom-config:
@@ -160,7 +164,7 @@ endif::[]
 ifeval::["{context}" == "installing-azure-private"]
 :custom-config:
 :azure:
-:single-step:
+:azure-private:
 endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-default"]
 :custom-config:
@@ -177,11 +181,6 @@ ifeval::["{context}" == "installing-openstack-installer-custom"]
 :custom-config:
 :single-step:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:osp:
-:custom-config:
-:single-step:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :osp:
 :custom-config:
@@ -190,15 +189,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer"]
 :osp:
 endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:custom-config:
-:rhv:
-:single-step:
-endif::[]
-ifeval::["{context}" == "installing-rhv-default"]
-:no-config:
-:rhv:
-endif::[]
 ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
 :no-config:
 :vsphere:
@@ -238,6 +228,10 @@ ifeval::["{context}" == "installing-ibm-cloud-private"]
 :ibm-cloud:
 :single-step:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:custom-config:
+:ibm-cloud-restricted:
+endif::[]
 ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
 :custom-config:
 :nutanix:
@@ -264,8 +258,13 @@ ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :custom-config:
 :single-step:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:custom-config:
+:azure:
+:single-step:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-launching-installer_{context}"]
 = Deploying the cluster
 
@@ -278,17 +277,39 @@ You can run the `create cluster` command of the installation program only once,
 
 .Prerequisites
 
-ifndef::osp,rhv,vsphere,nutanix[* Configure an account with the cloud platform that hosts your cluster.]
-
-ifdef::rhv[* Open the `ovirt-imageio` port to the {rh-virtualization-engine-name} from the machine running the installer. By default, the port is `54322`.]
+ifndef::osp,vsphere,nutanix[* You have configured an account with the cloud platform that hosts your cluster.]
 
-* Obtain the {product-title} installation program and the pull secret for your
-cluster.
-
-* Verify the cloud provider account on your host has the correct permissions to deploy the cluster. An account with incorrect permissions causes the installation process to fail with an error message that displays the missing permissions.
+* You have the {product-title} installation program and the pull secret for your cluster.
+ifdef::ibm-cloud-restricted[]
++
+If the {op-system-first} image is available locally, the host running the installation program does not require internet access.
+endif::ibm-cloud-restricted[]
+ifdef::azure[]
+* You have an Azure subscription ID and tenant ID.
+endif::azure[]
+ifdef::azure-default[]
+* You have the application ID and password of a service principal.
+endif::azure-default[]
+ifdef::azure-gov,azure-private[]
+* If you are installing the cluster using a service principal, you have its application ID and password.
+* If you are installing the cluster using a system-assigned managed identity, you have enabled it on the virtual machine that you will run the installation program from.
+* If you are installing the cluster using a user-assigned managed identity, you have met these prerequisites:
+** You have its client ID.
+** You have assigned it to the virtual machine that you will run the installation program from.
+endif::azure-gov,azure-private[]
+ifndef::azure[]
+* You have verified that the cloud provider account on your host has the correct permissions to deploy the cluster. An account with incorrect permissions causes the installation process to fail with an error message that displays the missing permissions.
+endif::azure[]
+ifdef::vsphere[]
+* Optional: Before you create the cluster, configure an external load balancer in place of the default load balancer.
++
+[IMPORTANT]
+====
+You do not need to specify API and Ingress static addresses for your installation program. If you choose this configuration, you must take additional actions to define network targets that accept an IP address from each referenced vSphere subnet. See the section "Configuring an external load balancer".
+====
+endif::vsphere[]
 
 .Procedure
-
 ifdef::gcp[]
 . Remove any existing GCP credentials that do not use the service account key
 for the GCP account that you configured for your cluster and that are stored in the
@@ -299,12 +320,30 @@ environment variables
 ** The `gcloud cli` default credentials
 endif::gcp[]
 
-ifdef::aws,gcp,no-config[]
+ifdef::aws,azure-gov,azure-private,gcp,ibm-cloud-restricted,no-config[]
+ifdef::azure-default[]
+. Optional: If you have run the installation program on this computer before, and want to use an alternative service principal, go to the `~/.azure/` directory and delete the `osServicePrincipal.json` configuration file.
++
+Deleting this file prevents the installation program from automatically reusing subscription and authentication values from a previous installation.
+endif::azure-default[]
+ifdef::azure-gov,azure-private[]
+. Optional: If you have run the installation program on this computer before, and want to use an alternative service principal or managed identity, go to the `~/.azure/` directory and delete the `osServicePrincipal.json` configuration file.
++
+Deleting this file prevents the installation program from automatically reusing subscription and authentication values from a previous installation.
+endif::azure-gov,azure-private[]
+ifdef::ibm-cloud-restricted[]
+. Export the `OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE` variable to specify the location of the {op-system-first} image by running the following command:
++
+[source,terminal]
+----
+$ export OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE="<path_to_image>/rhcos-<image_version>-ibmcloud.x86_64.qcow2.gz"
+----
+endif::ibm-cloud-restricted[]
 . Change to the directory that contains the installation program and initialize the cluster deployment:
-endif::aws,gcp,no-config[]
-ifdef::single-step[]
+endif::aws,azure-gov,azure-private,gcp,ibm-cloud-restricted,no-config[]
+ifdef::single-step,azure-restricted[]
 * Change to the directory that contains the installation program and initialize the cluster deployment:
-endif::single-step[]
+endif::single-step,azure-restricted[]
 +
 [source,terminal]
 ----
@@ -320,13 +359,31 @@ directory name to store the files that the installation program creates.
 endif::no-config[]
 <2> To view different installation details, specify `warn`, `debug`, or
 `error` instead of `info`.
+
+ifdef::azure-gov,azure-private[]
++
+If the installation program cannot locate the `osServicePrincipal.json` configuration file from a previous installation, you are prompted for Azure subscription and authentication values.
+. Enter the following Azure parameter values for your subscription:
+** *azure subscription id*: Enter the subscription ID to use for the cluster.
+** *azure tenant id*: Enter the tenant ID.
+. Depending on the Azure identity you are using to deploy the cluster, do one of the following when prompted for the *azure service principal client id*:
+** If you are using a service principal, enter its application ID.
+** If you are using a system-assigned managed identity, leave this value blank.
+** If you are using a user-assigned managed identity, specify its client ID.
+. Depending on the Azure identity you are using to deploy the cluster, do one of the following when prompted for the *azure service principal client secret*:
+** If you are using a service principal, enter its password.
+** If you are using a system-assigned managed identity, leave this value blank.
+** If you are using a user-assigned managed identity,leave this value blank.
+
+If previously not detected, the installation program creates an `osServicePrincipal.json` configuration file and stores this file in the `~/.azure/` directory on your computer. This ensures that the installation program can load the profile when it is creating an {product-title} cluster on the target platform.
+endif::azure-gov,azure-private[]
+
 ifdef::no-config[]
 +
 When specifying the directory:
 * Verify that the directory has the `execute` permission. This permission is required to run Terraform binaries under the installation directory.
 * Use an empty directory. Some installation assets, such as bootstrap X.509 certificates, have short expiration intervals, therefore you must not reuse an installation directory. If you want to reuse individual files from another cluster installation, you can copy them into your directory. However, the file names for the installation assets might change between releases. Use caution when copying installation files from an earlier {product-title} version.
 
-ifndef::rhv[]
 . Provide values at the prompts:
 
 .. Optional: Select an SSH key to use to access your cluster machines.
@@ -347,27 +404,18 @@ The AWS access key ID and secret access key are stored in `~/.aws/credentials` i
 .. Select the AWS region to deploy the cluster to.
 .. Select the base domain for the Route 53 service that you configured for your cluster.
 endif::aws[]
-ifdef::azure,ash[]
+ifdef::azure[]
 .. Select *azure* as the platform to target.
-.. If the installation program cannot locate the `osServicePrincipal.json` configuration file, which contains Microsoft Azure profile information, in the `~/.azure/` directory on your computer, the installer prompts you to specify the following Azure parameter values for your subscription and service principal.
-*** *azure subscription id*: The subscription ID to use for the cluster.
-Specify the `id` value in your account output.
-*** *azure tenant id*: The tenant ID. Specify the `tenantId` value in your
-account output.
-*** *azure service principal client id*: The value of the `appId` parameter
-for the service principal.
-*** *azure service principal client secret*: The value of the `password`
-parameter for the service principal.
 +
-[IMPORTANT]
-====
-After you enter values for the previously listed parameters, the installation program creates a `osServicePrincipal.json` configuration file and stores this file in
-the `~/.azure/` directory on your computer. These actions ensure that the installation program can load the profile when it is creating an {product-title} cluster on the target platform.
-====
+If the installation program cannot locate the `osServicePrincipal.json` configuration file from a previous installation, you are prompted for Azure subscription and authentication values.
+.. Specify the following Azure parameter values for your subscription and service principal:
+*** *azure subscription id*: Enter the subscription ID to use for the cluster.
+*** *azure tenant id*: Enter the tenant ID.
+*** *azure service principal client id*: Enter its application ID.
+*** *azure service principal client secret*: Enter its password.
 .. Select the region to deploy the cluster to.
-.. Select the base domain to deploy the cluster to. The base domain corresponds
-to the Azure DNS Zone that you created for your cluster.
-endif::azure,ash[]
+.. Select the base domain to deploy the cluster to. The base domain corresponds to the Azure DNS Zone that you created for your cluster.
+endif::azure[]
 ifdef::gcp[]
 .. Select *gcp* as the platform to target.
 .. If you have not configured the service account key for your GCP account on
@@ -397,6 +445,14 @@ ifdef::vsphere[]
 .. Specify the user name and password for the vCenter account that has the required permissions to create the cluster.
 +
 The installation program connects to your vCenter instance.
++
+[IMPORTANT]
+====
+Some VMware vCenter Single Sign-On (SSO) environments with Active Directory (AD) integration might primarily require you to use the traditional login method, which requires the `<domain>\` construct.
+
+To ensure that vCenter account permission checks complete properly, consider using the User Principal Name (UPN) login method, such as `<username>@<fully_qualified_domainname>`.
+====
+
 .. Select the data center in your vCenter instance to connect to.
 .. Select the default vCenter datastore to use.
 +
@@ -423,11 +479,8 @@ ifdef::azure[]
 +
 [IMPORTANT]
 ====
-All Azure resources that are available through public endpoints are subject to
-resource name restrictions, and you cannot create resources that use certain
-terms. For a list of terms that Azure restricts, see
-link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors]
-in the Azure documentation.
+All Azure resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure restricts, see
+link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resourcename[Resolve reserved resource name errors] in the Azure documentation.
 ====
 endif::azure[]
 ifdef::gcp[]
@@ -443,56 +496,10 @@ ifdef::openshift-origin[]
 * If you do not have a {cluster-manager-url-pull}, you can paste the pull secret another private registry.
 * If you do not need the cluster to pull images from a private registry, you can paste `{"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}` as the pull secret.
 endif::openshift-origin[]
-endif::rhv[]
-ifdef::rhv[]
-. Respond to the installation program prompts.
 
-.. Optional: For `SSH Public Key`, select a password-less public key, such as `~/.ssh/id_rsa.pub`. This key authenticates connections with the new {product-title} cluster.
-+
-[NOTE]
-====
-For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, select an SSH key that your `ssh-agent` process uses.
-====
-.. For `Platform`, select `ovirt`.
-.. For `Engine FQDN[:PORT]`, enter the fully qualified domain name (FQDN) of the {rh-virtualization} environment.
-+
-For example:
-+
-ifndef::openshift-origin[]
-[source,terminal]
-----
-rhv-env.virtlab.example.com:443
-----
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-[source,terminal]
-----
-$ curl -k -u admin@internal:pw123 \
-https://ovirtlab.example.com/ovirt-engine/api
-----
-endif::openshift-origin[]
-+
-.. The installation program automatically generates a CA certificate. For `Would you like to use the above certificate to connect to the {rh-virtualization-engine-name}?`, answer `y` or `N`. If you answer `N`, you must install {product-title} in insecure mode.
-//TODO: Add this sentence with xref after it's OK to add xrefs: For information about insecure mode, see xref:installing-rhv-insecure-mode_installing-rhv-default[].
-.. For `Engine username`, enter the user name and profile of the {rh-virtualization} administrator using this format:
-+
-[source,terminal]
-----
-<username>@<profile> <1>
-----
-+
-<1> For `<username>`, specify the user name of an {rh-virtualization} administrator. For `<profile>`, specify the login profile, which you can get by going to the {rh-virtualization} Administration Portal login page and reviewing the *Profile* dropdown list. For example: `admin@internal`.
-+
-.. For `Engine password`, enter the {rh-virtualization} admin password.
-.. For `Cluster`, select the {rh-virtualization} cluster for installing {product-title}.
-.. For `Storage domain`, select the storage domain for installing {product-title}.
-.. For `Network`, select a virtual network that has access to the {rh-virtualization} {rh-virtualization-engine-name} REST API.
-.. For `Internal API Virtual IP`, enter the static IP address you set aside for the cluster's REST API.
-.. For `Ingress virtual IP`, enter the static IP address you reserved for the wildcard apps domain.
-.. For `Base Domain`, enter the base domain of the {product-title} cluster. If this cluster is exposed to the outside world, this must be a valid domain recognized by DNS infrastructure. For example, enter: `virtlab.example.com`
-.. For `Cluster Name`, enter the name of the cluster. For example, `my-cluster`. Use cluster name from the externally registered/resolvable DNS entries you created for the {product-title} REST API and apps domain names. The installation program also gives this name to the cluster in the {rh-virtualization} environment.
-.. For `Pull Secret`, copy the pull secret from the `pull-secret.txt` file you downloaded earlier and paste it here. You can also get a copy of the same {cluster-manager-url-pull}.
-endif::rhv[]
+ifdef::azure[]
+If previously not detected, the installation program creates an `osServicePrincipal.json` configuration file and stores this file in the `~/.azure/` directory on your computer. This ensures that the installation program can load the profile when it is creating an {product-title} cluster on the target platform.
+endif::azure[]
 
 endif::no-config[]
 
@@ -531,7 +538,7 @@ Do not delete the installation program or the files that the installation progra
 INFO Install complete!
 INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/myuser/install_dir/auth/kubeconfig'
 INFO Access the OpenShift web-console here: https://console-openshift-console.apps.mycluster.example.com
-INFO Login to the console with user: "kubeadmin", and password: "4vYBz-Ee6gm-ymBZj-Wt5AL"
+INFO Login to the console with user: "kubeadmin", and password: "password"
 INFO Time elapsed: 36m22s
 ----
 
@@ -605,6 +612,7 @@ endif::[]
 ifeval::["{context}" == "installing-azure-default"]
 :!no-config:
 :!azure:
+:!azure-default:
 endif::[]
 ifeval::["{context}" == "installing-azure-network-customizations"]
 :!custom-config:
@@ -647,7 +655,7 @@ endif::[]
 ifeval::["{context}" == "installing-azure-government-region"]
 :!custom-config:
 :!azure:
-:!single-step:
+:!azure-gov:
 endif::[]
 ifeval::["{context}" == "installing-azure-vnet"]
 :!custom-config:
@@ -657,7 +665,7 @@ endif::[]
 ifeval::["{context}" == "installing-azure-private"]
 :!custom-config:
 :!azure:
-:!single-step:
+:!azure-private:
 endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-default"]
 :!custom-config:
@@ -674,11 +682,6 @@ ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!custom-config:
 :!single-step:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!osp:
-:!custom-config:
-:!single-step:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :!osp:
 :!custom-config:
@@ -687,15 +690,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer"]
 :!osp:
 endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:!custom-config:
-:!rhv:
-:!single-step:
-endif::[]
-ifeval::["{context}" == "installing-rhv-default"]
-:!no-config:
-:!rhv:
-endif::[]
 ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
 :!no-config:
 :!vsphere:
@@ -735,6 +729,10 @@ ifeval::["{context}" == "installing-ibm-cloud-private"]
 :!ibm-cloud:
 :!single-step:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!custom-config:
+:!ibm-cloud-restricted:
+endif::[]
 ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
 :!custom-config:
 :!nutanix:
@@ -761,3 +759,8 @@ ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :!custom-config:
 :!single-step:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!custom-config:
+:!azure:
+:!single-step:
+endif::[]
diff --git a/modules/installation-load-balancing-user-infra.adoc b/modules/installation-load-balancing-user-infra.adoc
index cd0a9e6deb0a..9b8be446d702 100644
--- a/modules/installation-load-balancing-user-infra.adoc
+++ b/modules/installation-load-balancing-user-infra.adoc
@@ -4,29 +4,13 @@
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
-// * installing/installing-rhv-restricted-network.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-ifeval::["{context}" == "installing-vsphere"]
-:vsphere:
-endif::[]
-
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:vsphere:
-endif::[]
-
-ifeval::["{context}" == "installing-vsphere-network-customizations"]
-:vsphere:
-endif::[]
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
 ifeval::["{context}" == "installing-ibm-z"]
 :ibm-z:
@@ -46,11 +30,8 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :user-managed-lb:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:user-managed-lb:
-endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-load-balancing-user-infra_{context}"]
 = Load balancing requirements for user-provisioned infrastructure
 
@@ -59,18 +40,6 @@ Before you install {product-title}, you must provision the API and application I
 endif::user-managed-lb[]
 
 ifdef::user-managed-lb[]
-[IMPORTANT]
-====
-[subs="attributes+"]
-Deployment with User-Managed Load Balancers is a Technology Preview feature only. Technology Preview features
-are not supported with Red Hat production service level agreements (SLAs) and
-might not be functionally complete. Red Hat does not recommend using them
-in production. These features provide early access to upcoming product
-features, enabling customers to test functionality and provide feedback during
-the development process.
-
-For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
-====
 
 Before you install {product-title}, you can provision your own API and application ingress load balancing infrastructure to use in place of the default, internal load balancing solution. In production scenarios, you can deploy the API and application Ingress load balancers separately so that you can scale the load balancer infrastructure for each in isolation.
 endif::user-managed-lb[]
@@ -91,7 +60,7 @@ The load balancing infrastructure must meet the following requirements:
 +
 [IMPORTANT]
 ====
-Do not configure session persistence for an API load balancer.
+Do not configure session persistence for an API load balancer. Configuring session persistence for a Kubernetes API server might cause performance issues from excess application traffic for your {product-title} cluster and the Kubernetes API that runs inside the cluster.
 ====
 +
 Configure the following ports on both the front and back of the load balancers:
@@ -233,10 +202,13 @@ listen api-server-6443 <1>
 listen machine-config-server-22623 <3>
   bind *:22623
   mode tcp
-  server bootstrap bootstrap.ocp4.example.com:22623 check inter 1s backup <2>
-  server master0 master0.ocp4.example.com:22623 check inter 1s
-  server master1 master1.ocp4.example.com:22623 check inter 1s
-  server master2 master2.ocp4.example.com:22623 check inter 1s
+  option  httpchk GET /readyz HTTP/1.0
+  option  log-health-checks
+  balance roundrobin
+  server bootstrap bootstrap.ocp4.example.com:6443 verify none check check-ssl inter 10s fall 2 rise 3 backup <2>
+  server master0 master0.ocp4.example.com:6443 weight 1 verify none check check-ssl inter 10s fall 2 rise 3
+  server master1 master1.ocp4.example.com:6443 weight 1 verify none check check-ssl inter 10s fall 2 rise 3
+  server master2 master2.ocp4.example.com:6443 weight 1 verify none check check-ssl inter 10s fall 2 rise 3
 listen ingress-router-443 <4>
   bind *:443
   mode tcp
@@ -285,7 +257,4 @@ ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 endif::[]
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!user-managed-lb:
-endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!user-managed-lb:
 endif::[]
\ No newline at end of file
diff --git a/modules/installation-localzone-generate-k8s-manifest.adoc b/modules/installation-localzone-generate-k8s-manifest.adoc
index 7f8504e39b9f..b305559295de 100644
--- a/modules/installation-localzone-generate-k8s-manifest.adoc
+++ b/modules/installation-localzone-generate-k8s-manifest.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-localzone-generate-k8s-manifest_{context}"]
 = Creating the Kubernetes manifest files
 
@@ -30,7 +30,7 @@ contains the `install-config.yaml` file you created.
 +
 [IMPORTANT]
 ====
-Generally, the Maximum Transmission Unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. See link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation. 
+Generally, the Maximum Transmission Unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. See link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation.
 The cluster network MTU must be always less than the EC2 MTU to account for the overhead. The specific overhead is determined by your network plugin, for example:
 
 - OVN-Kubernetes: `100 bytes`
@@ -114,7 +114,7 @@ $ export AMI_ID=$(grep ami
 [source,terminal]
 ----
 $ export SUBNET_ID=$(aws cloudformation describe-stacks --stack-name "<subnet_stack_name>" \ <1>
-  | jq -r '.Stacks[0].Outputs[0].OutputValue') 
+  | jq -r '.Stacks[0].Outputs[0].OutputValue')
 ----
 <1> For `<subnet_stack_name>`, specify the name of the subnet stack that you created.
 
diff --git a/modules/installation-machine-requirements.adoc b/modules/installation-machine-requirements.adoc
index f05497049622..2d747f9a3d97 100644
--- a/modules/installation-machine-requirements.adoc
+++ b/modules/installation-machine-requirements.adoc
@@ -10,13 +10,12 @@
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_ibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
 ifeval::["{context}" == "installing-bare-metal"]
 :bare-metal:
@@ -40,7 +39,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-machine-requirements_{context}"]
 = Required machines for cluster installation
 
@@ -84,7 +83,7 @@ endif::ibm-z[]
 ====
 
 ifndef::ibm-z,ibm-power[]
-The bootstrap and control plane machines must use {op-system-first} as the operating system. However, the compute machines can choose between {op-system-first}, {op-system-base-full} 8.6, {op-system-base} 8.7, or {op-system-base} 8.8.
+The bootstrap and control plane machines must use {op-system-first} as the operating system. However, the compute machines can choose between {op-system-first}, {op-system-base-full} 8.6 and later.
 endif::ibm-z,ibm-power[]
 ifdef::ibm-z,ibm-power[]
 The bootstrap, control plane, and compute machines must use {op-system-first} as the operating system.
diff --git a/modules/installation-minimum-resource-requirements.adoc b/modules/installation-minimum-resource-requirements.adoc
index 4a58774321e5..094872a90212 100644
--- a/modules/installation-minimum-resource-requirements.adoc
+++ b/modules/installation-minimum-resource-requirements.adoc
@@ -28,9 +28,6 @@
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_ibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
@@ -42,6 +39,10 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
+// * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
 ifeval::["{context}" == "installing-azure-customizations"]
 :azure:
@@ -61,6 +62,12 @@ endif::[]
 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+endif::[]
 ifeval::["{context}" == "installing-bare-metal"]
 :bare-metal:
 endif::[]
@@ -100,8 +107,14 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :ibm-cloud-vpc:
 endif::[]
+ifeval::["{context}" == "upi-vsphere-installation-reqs"]
+:vsphere:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-cloud-vpc:
+endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-minimum-resource-requirements_{context}"]
 = Minimum resource requirements for cluster installation
 
@@ -114,12 +127,12 @@ Each cluster machine must meet the following minimum requirements:
 |Machine
 |Operating System
 ifndef::bare-metal[]
-ifndef::ibm-cloud-vpc[]
+ifndef::ibm-cloud-vpc,vsphere[]
 |vCPU ^[1]^
-endif::ibm-cloud-vpc[]
-ifdef::ibm-cloud-vpc[]
+endif::ibm-cloud-vpc,vsphere[]
+ifdef::ibm-cloud-vpc,vsphere[]
 |vCPU
-endif::ibm-cloud-vpc[]
+endif::ibm-cloud-vpc,vsphere[]
 |Virtual RAM
 endif::bare-metal[]
 ifdef::bare-metal[]
@@ -127,11 +140,14 @@ ifdef::bare-metal[]
 |RAM
 endif::bare-metal[]
 |Storage
-ifndef::ibm-z,ibm-cloud-vpc[]
-|IOPS ^[2]^
-endif::ibm-z,ibm-cloud-vpc[]
+ifndef::ibm-z,ibm-cloud-vpc,vsphere[]
+|Input/Output Per Second (IOPS)^[2]^
+endif::ibm-z,ibm-cloud-vpc,vsphere[]
+ifdef::vsphere[]
+|Input/Output Per Second (IOPS)^[1]^
+endif::vsphere[]
 ifdef::ibm-z,ibm-cloud-vpc[]
-|IOPS
+|Input/Output Per Second (IOPS)
 endif::ibm-z,ibm-cloud-vpc[]
 
 |Bootstrap
@@ -164,7 +180,8 @@ endif::ibm-z[]
 ifndef::openshift-origin[]
 |Compute
 ifdef::ibm-z,ibm-power,ibm-cloud-vpc[|{op-system}]
-ifndef::ibm-z,ibm-power,ibm-cloud-vpc[|{op-system}, {op-system-base} 8.6, {op-system-base} 8.7, or {op-system-base} 8.8 ^[3]^]
+ifndef::ibm-z,ibm-power,ibm-cloud-vpc,vsphere[|{op-system}, {op-system-base} 8.6 and later ^[3]^]
+ifdef::vsphere[|{op-system}, {op-system-base} 8.6 and later ^[2]^]
 |2
 |8 GB
 |100 GB
@@ -198,16 +215,20 @@ endif::ibm-z[]
 ifdef::bare-metal[]
 1. One CPU is equivalent to one physical core when simultaneous multithreading (SMT), or hyperthreading, is not enabled. When enabled, use the following formula to calculate the corresponding ratio: (threads per core × cores) × sockets = CPUs.
 endif::bare-metal[]
-ifndef::ibm-z,bare-metal,ibm-cloud-vpc[]
+ifndef::ibm-z,bare-metal,ibm-cloud-vpc,vsphere[]
 1. One vCPU is equivalent to one physical core when simultaneous multithreading (SMT), or hyperthreading, is not enabled. When enabled, use the following formula to calculate the corresponding ratio: (threads per core × cores) × sockets = vCPUs.
-endif::ibm-z,bare-metal,ibm-cloud-vpc[]
-ifndef::ibm-z,ibm-power,ibm-cloud-vpc[]
+endif::ibm-z,bare-metal,ibm-cloud-vpc,vsphere[]
+ifndef::ibm-z,ibm-power,ibm-cloud-vpc,vsphere[]
 2. {product-title} and Kubernetes are sensitive to disk performance, and faster storage is recommended, particularly for etcd on the control plane nodes which require a 10 ms p99 fsync duration. Note that on many cloud platforms, storage size and IOPS scale together, so you might need to over-allocate storage volume to obtain sufficient performance.
 3. As with all user-provisioned installations, if you choose to use {op-system-base} compute machines in your cluster, you take responsibility for all operating system life cycle management and maintenance, including performing system updates, applying patches, and completing all other required tasks. Use of {op-system-base} 7 compute machines is deprecated and has been removed in {product-title} 4.10 and later.
-endif::ibm-z,ibm-power,ibm-cloud-vpc[]
+endif::ibm-z,ibm-power,ibm-cloud-vpc,vsphere[]
 ifdef::ibm-power[]
 2. {product-title} and Kubernetes are sensitive to disk performance, and faster storage is recommended, particularly for etcd on the control plane nodes. Note that on many cloud platforms, storage size and IOPS scale together, so you might need to over-allocate storage volume to obtain sufficient performance.
 endif::ibm-power[]
+ifdef::vsphere[]
+1. {product-title} and Kubernetes are sensitive to disk performance, and faster storage is recommended, particularly for etcd on the control plane nodes which require a 10 ms p99 fsync duration. Note that on many cloud platforms, storage size and IOPS scale together, so you might need to over-allocate storage volume to obtain sufficient performance.
+2. As with all user-provisioned installations, if you choose to use {op-system-base} compute machines in your cluster, you take responsibility for all operating system life cycle management and maintenance, including performing system updates, applying patches, and completing all other required tasks. Use of {op-system-base} 7 compute machines is deprecated and has been removed in {product-title} 4.10 and later.
+endif::vsphere[]
 --
 
 ifdef::azure[]
@@ -237,6 +258,12 @@ endif::[]
 ifeval::["{context}" == "installing-azure-user-infra"]
 :!azure:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+endif::[]
 ifeval::["{context}" == "installing-bare-metal"]
 :!bare-metal:
 endif::[]
@@ -276,3 +303,9 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :!ibm-cloud-vpc:
 endif::[]
+ifeval::["{context}" == "upi-vsphere-installation-reqs"]
+:!vsphere:
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-cloud-vpc:
+endif::[]
diff --git a/modules/installation-mirror-repository.adoc b/modules/installation-mirror-repository.adoc
index 73d209f0a199..c0897851b51b 100644
--- a/modules/installation-mirror-repository.adoc
+++ b/modules/installation-mirror-repository.adoc
@@ -2,9 +2,8 @@
 //
 // * installing/install_config/installing-restricted-networks-preparations.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
-// * installing/installing-rhv-restricted-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-mirror-repository_{context}"]
 = Mirroring the {product-title} image repository
 
@@ -13,8 +12,13 @@ Mirror the {product-title} image repository to your registry to use during clust
 .Prerequisites
 
 * Your mirror host has access to the internet.
+ifndef::openshift-rosa,openshift-dedicated[]
 * You configured a mirror registry to use in your restricted network and
 can access the certificate and credentials that you configured.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You configured a mirror registry to use.
+endif::openshift-rosa,openshift-dedicated[]
 ifndef::openshift-origin[]
 * You downloaded the {cluster-manager-url-pull} and modified it to include authentication to your mirror repository.
 endif::[]
@@ -126,6 +130,7 @@ $ REMOVABLE_MEDIA_PATH=<path> <1>
 ----
 <1> Specify the full path, including the initial forward slash (/) character.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Mirror the version images to the mirror registry:
 ** If your mirror host does not have internet access, take the following actions:
 ... Connect the removable media to a system that is connected to the internet.
@@ -245,10 +250,62 @@ content.
 
 You must perform this step on a machine with an active internet connection.
 ====
+
+. For clusters using installer-provisioned infrastructure, run the following command:
++
+[source,terminal]
+----
+$ openshift-install
+----
+
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+. Mirror the version images to the mirror registry:
+
+.. Directly push the release images to the local registry by using following command:
++
+[source,terminal]
+----
+$ oc adm release mirror -a ${LOCAL_SECRET_JSON}  \
+     --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
+     --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
+     --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}
+----
++
+This command pulls the release information as a digest, and its output includes
+the `imageContentSources` data that you require when you install your cluster.
+
+.. Record the entire `imageContentSources` section from the output of the previous
+command. The information about your mirrors is unique to your mirrored repository, and you must add the `imageContentSources` section to the `install-config.yaml` file during installation.
++
+[NOTE]
+====
+The image name gets patched to Quay.io during the mirroring process, and the podman images will show Quay.io in the registry on the bootstrap virtual machine.
+====
+
+. To create the installation program that is based on the content that you
+mirrored, extract it and pin it to the release by running the following command:
 +
+[source,terminal]
+----
+$ oc adm release extract -a ${LOCAL_SECRET_JSON} --command=openshift-install "${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}"
+----
++
+[IMPORTANT]
+====
+To ensure that you use the correct images for the version of {product-title}
+that you selected, you must extract the installation program from the mirrored
+content.
+
+You must perform this step on a machine with an active internet connection.
+====
+
 . For clusters using installer-provisioned infrastructure, run the following command:
 +
 [source,terminal]
 ----
 $ openshift-install
 ----
+endif::openshift-rosa,openshift-dedicated[]
+
diff --git a/modules/installation-network-user-infra.adoc b/modules/installation-network-user-infra.adoc
index eb5802f0f64d..e7b75ddebe8d 100644
--- a/modules/installation-network-user-infra.adoc
+++ b/modules/installation-network-user-infra.adoc
@@ -9,27 +9,15 @@
 // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
-// * installing/installing-rhv-restricted-network.adoc
-// * installing/installing-rhv-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
-ifeval::["{context}" == "installing-vsphere"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-network-customizations"]
-:vsphere:
-endif::[]
 ifeval::["{context}" == "installing-ibm-z"]
 :ibm-z:
 endif::[]
@@ -65,15 +53,15 @@ ifeval::["{context}" == "installing-restricted-networks-gcp"]
 :gcp:
 :restricted:
 endif::[]
-ifeval::["{context}" == "installing-rhv-user-infra"]
-:rhv:
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
 endif::[]
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:rhv:
+ifeval::["{context}" == "upi-vsphere-installation-reqs"]
+:vsphere:
 endif::[]
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-network-user-infra_{context}"]
 = Networking requirements for user-provisioned infrastructure
 
@@ -105,41 +93,6 @@ node names. Another supported approach is to always refer to hosts by their
 fully-qualified domain names in both the node objects and all DNS requests.
 endif::azure,gcp[]
 
-ifdef::rhv[]
-.Firewall
-
-Configure your firewall so your cluster has access to required sites.
-
-See also:
-
-ifndef::openshift-origin[]
-* link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/planning_and_prerequisites_guide/index#RHV-manager-firewall-requirements_RHV_planning[Red Hat Virtualization Manager firewall requirements]
-* link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/planning_and_prerequisites_guide#host-firewall-requirements_RHV_planning[Host firewall requirements]
-endif::[]
-ifdef::openshift-origin[]
-* link:https://ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_command_line/index.html#RHV-manager-firewall-requirements_SHE_cli_deploy[oVirt Engine firewall requirements]
-* link:https://ovirt.org/documentation/installing_ovirt_as_a_self-hosted_engine_using_the_command_line/index.html#host-firewall-requirements_SHE_cli_deploy[Host firewall requirements]
-endif::[]
-
-ifeval::["{context}" == "installing-rhv-user-infra"]
-.Load balancers
-
-Configure one or preferably two layer-4 load balancers:
-
-* Provide load balancing for ports `6443` and `22623` on the control plane and bootstrap machines. Port `6443` provides access to the Kubernetes API server and must be reachable both internally and externally. Port `22623` must be accessible to nodes within the cluster.
-
-* Provide load balancing for port `443` and `80` for machines that run the Ingress router, which are usually compute nodes in the default configuration. Both ports must be accessible from within and outside the cluster.
-endif::[]
-
-.DNS
-
-Configure infrastructure-provided DNS to allow the correct resolution of the main components and services. If you use only one load balancer, these DNS records can point to the same IP address.
-
-* Create DNS records for `api.<cluster_name>.<base_domain>` (internal and external resolution) and `api-int.<cluster_name>.<base_domain>` (internal resolution) that point to the load balancer for the control plane machines.
-
-* Create a DNS record for `*.apps.<cluster_name>.<base_domain>` that points to the load balancer for the Ingress router. For example, ports `443` and `80` of the compute machines.
-endif::rhv[]
-
 ifndef::ibm-z,azure[]
 [id="installation-host-names-dhcp-user-infra_{context}"]
 == Setting the cluster node hostnames through DHCP
@@ -164,12 +117,7 @@ ifndef::restricted,origin[]
 In connected {product-title} environments, all nodes are required to have internet access to pull images
 for platform containers and provide telemetry data to Red Hat.
 ====
-ifeval::["{context}" == "installing-rhv-restricted-network"]
-:!rhv:
-endif::[]
-ifeval::["{context}" == "installing-rhv-user-infra"]
-:!rhv:
-endif::[]
+
 endif::restricted,origin[]
 
 ifdef::ibm-z-kvm[]
@@ -276,10 +224,6 @@ If a MAC address outside the VMware OUI is used, the cluster installation will
 not succeed.
 endif::vsphere[]
 
-ifdef::vsphere[]
-:!vsphere:
-endif::[]
-
 ifndef::azure,gcp[]
 [discrete]
 == NTP configuration for user-provisioned infrastructure
@@ -326,3 +270,9 @@ ifeval::["{context}" == "installing-restricted-networks-gcp"]
 :!gcp:
 :!restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+endif::[]
+ifeval::["{context}" == "upi-vsphere-installation-reqs"]
+:!vsphere:
+endif::[]
diff --git a/modules/installation-nutanix-ccm.adoc b/modules/installation-nutanix-ccm.adoc
new file mode 100644
index 000000000000..f8f66a27bc49
--- /dev/null
+++ b/modules/installation-nutanix-ccm.adoc
@@ -0,0 +1,85 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nutanix-ccm-config_{context}"]
+= Adding config map and secret resources required for Nutanix CCM
+
+Installations on Nutanix require additional `ConfigMap` and `Secret` resources to integrate with the Nutanix Cloud Controller Manager (CCM).
+
+.Prerequisites
+
+* You have created a `manifests` directory within your installation directory.
+
+.Procedure
+
+. Navigate to the `manifests` directory:
++
+[source,terminal]
+----
+$ cd <path_to_installation_directory>/manifests
+----
+
+. Create a file with the name `openshift-cloud-controller-manager-nutanix-credentials-credentials.yaml` and add the following information:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: nutanix-credentials
+  namespace: openshift-cloud-controller-manager
+type: Opaque
+stringData:
+  credentials: "[{
+    \"type\":\"basic_auth\",
+    \"data\":{
+          \"prismCentral\":{
+            \"username\":\"<username_for_prism_central>\", <1>
+            \"password\":\"<password_for_prism_central>\"}, <2>
+            \"prismElements\":null
+          }
+    }]"
+----
+<1> Specify the Prism Central username.
+<2> Specify the Prism Central password.
+
+. Create the `cloud-conf` `ConfigMap` file with the name `openshift-cloud-controller-manager-cloud-config.yaml` and add the following information:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloud-conf
+  namespace: openshift-cloud-controller-manager
+data:
+  cloud.conf: "{
+      \"prismCentral\": {
+          \"address\": \"<prism_central_FQDN/IP>\", <1>
+          \"port\": 9440,
+            \"credentialRef\": {
+                \"kind\": \"Secret\",
+                \"name\": \"nutanix-credentials\",
+                \"namespace\": \"openshift-cloud-controller-manager\"
+            }
+       },
+       \"topologyDiscovery\": {
+           \"type\": \"Prism\",
+           \"topologyCategories\": null
+       },
+       \"enableCustomLabeling\": true
+     }"
+----
+<1> Specify the Prism Central FQDN/IP.
+
+. Verify that the file `cluster-infrastructure-02-config.yml` exists and has the following information:
++
+[source,yaml]
+----
+spec:
+  cloudConfig:
+    key: config
+    name: cloud-provider-config
+----
diff --git a/modules/installation-nutanix-config-yaml.adoc b/modules/installation-nutanix-config-yaml.adoc
index 716b652f598b..810fdfcf0661 100644
--- a/modules/installation-nutanix-config-yaml.adoc
+++ b/modules/installation-nutanix-config-yaml.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provis
 :restricted:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-nutanix-config-yaml_{context}"]
 = Sample customized install-config.yaml file for Nutanix
 
@@ -59,16 +59,17 @@ metadata:
   name: test-cluster <1>
 networking:
   clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
+    - cidr: 10.128.0.0/14
+      hostPrefix: 23
   machineNetwork:
-  - cidr: 10.0.0.0/16
+    - cidr: 10.0.0.0/16
   networkType: OVNKubernetes <6>
   serviceNetwork:
-  - 172.30.0.0/16
+    - 172.30.0.0/16
 platform:
   nutanix:
-    apiVIP: 10.40.142.7 <1>
+    apiVIPs:
+      - 10.40.142.7 <1>
     defaultMachinePlatform:
       bootType: Legacy
       categories: <5>
@@ -77,13 +78,14 @@ platform:
       project: <7>
         type: name
         name: <project_name>
-    ingressVIP: 10.40.142.8 <1>
+    ingressVIPs:
+      - 10.40.142.8 <1>
     prismCentral:
       endpoint:
         address: your.prismcentral.domainname <1>
         port: 9440 <1>
-      password: samplepassword <1>
-      username: sampleadmin <1>
+      password: <password> <1>
+      username: <username> <1>
     prismElements:
     - endpoint:
         address: your.prismelement.domainname
@@ -121,7 +123,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <10> Optional: You can provide the `sshKey` value that you use to access the machines in your cluster.
 endif::openshift-origin[]
@@ -197,8 +199,8 @@ platform:
       endpoint:
         address: your.prismcentral.domainname <1>
         port: 9440 <1>
-      password: samplepassword <1>
-      username: sampleadmin <1>
+      password: <password> <1>
+      username: <username> <1>
     prismElements:
     - endpoint:
         address: your.prismelement.domainname
@@ -264,7 +266,7 @@ ifndef::openshift-origin[]
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 <11> Optional: You can provide the `sshKey` value that you use to access the machines in your cluster.
 +
diff --git a/modules/installation-nutanix-download-rhcos.adoc b/modules/installation-nutanix-download-rhcos.adoc
index 8e8088fa2a48..fe5564c78c9c 100644
--- a/modules/installation-nutanix-download-rhcos.adoc
+++ b/modules/installation-nutanix-download-rhcos.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-nutanix-download-rhcos_{context}"]
 = Downloading the RHCOS cluster image
 
@@ -23,7 +23,7 @@ $ ./openshift-install coreos print-stream-json
 . Use the output of the command to find the location of the Nutanix image, and click the link to download it.
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 "nutanix": {
   "release": "411.86.202210041459-0",
diff --git a/modules/installation-nutanix-failure-domains-req.adoc b/modules/installation-nutanix-failure-domains-req.adoc
new file mode 100644
index 000000000000..a049c456ea33
--- /dev/null
+++ b/modules/installation-nutanix-failure-domains-req.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_nutanix/nutanix-failure-domains.adoc
+// * post_installation_configuration/adding-nutanix-failure-domains.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="installation-nutanix-failure-domains-req_{context}"]
+= Failure domain requirements
+
+When planning to use failure domains, consider the following requirements:
+
+* All Nutanix Prism Element instances must be managed by the same instance of Prism Central. A deployment that is comprised of multiple Prism Central instances is not supported.
+* The machines that make up the Prism Element clusters must reside on the same Ethernet network for failure domains to be able to communicate with each other.
+* A subnet is required in each Prism Element that will be used as a failure domain in the {product-title} cluster. When defining these subnets, they must share the same IP address prefix (CIDR) and should contain the virtual IP addresses that the {product-title} cluster uses.
diff --git a/modules/installation-nutanix-infrastructure.adoc b/modules/installation-nutanix-infrastructure.adoc
index cf97a0bf75cf..b4116af6a1a6 100644
--- a/modules/installation-nutanix-infrastructure.adoc
+++ b/modules/installation-nutanix-infrastructure.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_nutanix/preparing-to-install-nutanix.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-nutanix-infrastructure_{context}"]
 = Nutanix version requirements
 
@@ -13,6 +13,6 @@ You must install the {product-title} cluster to a Nutanix environment that meets
 [cols=2, options="header"]
 |===
 |Component |Required version
-|Nutanix AOS | 5.20.4+ or 6.5.1+
-|Prism Central | 2022.4+
+|Nutanix AOS | 6.5.2.7 or later
+|Prism Central | pc.2022.6 or later
 |===
diff --git a/modules/installation-nutanix-installer-infra-reqs.adoc b/modules/installation-nutanix-installer-infra-reqs.adoc
index d378ac009ca7..fbf59f5629a0 100644
--- a/modules/installation-nutanix-installer-infra-reqs.adoc
+++ b/modules/installation-nutanix-installer-infra-reqs.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_nutanix/preparing-to-install-on-nutanix.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-nutanix-installer-infra-reqs_{context}"]
 = Environment requirements
 
@@ -11,7 +11,80 @@ Before you install an {product-title} cluster, review the following Nutanix AOS
 [id="installation-nutanix-installer-infra-reqs-account_{context}"]
 == Required account privileges
 
-Installing a cluster to Nutanix requires an account with administrative privileges to read and create the required resources.
+The installation program requires access to a Nutanix account with the necessary permissions to deploy the cluster and to maintain the daily operation of it. The following options are available to you:
+
+* You can use a local Prism Central user account with administrative privileges. Using a local account is the quickest way to grant access to an account with the required permissions.
+* If your organization’s security policies require that you use a more restrictive set of permissions, use the permissions that are listed in the following table to create a custom Cloud Native role in Prism Central. You can then assign the role to a user account that is a member of a Prism Central authentication directory.
+
+Consider the following when managing this user account:
+
+* When assigning entities to the role, ensure that the user can access only the Prism Element and subnet that are required to deploy the virtual machines.
+* Ensure that the user is a member of the project to which it needs to assign virtual machines.
+
+For more information, see the Nutanix documentation about creating a link:https://opendocs.nutanix.com/guides/cloud_native_role/[Custom Cloud Native role], link:https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide:ssp-ssp-role-assignment-pc-t.html[assigning a role], and link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Admin-Center-Guide-vpc_2023_1_0_1:ssp-projects-add-users-t.html[adding a user to a project].
+
+.Required permissions for creating a Custom Cloud Native role
+[%collapsible]
+====
+[cols="3a,3a,3a,3a",options="header"]
+|===
+|Nutanix Object
+|When required
+|Required permissions in Nutanix API
+|Description
+
+|Categories
+|Always
+|
+[%hardbreaks]
+`Create_Category_Mapping`
+`Create_Or_Update_Name_Category`
+`Create_Or_Update_Value_Category`
+`Delete_Category_Mapping`
+`Delete_Name_Category`
+`Delete_Value_Category`
+`View_Category_Mapping`
+`View_Name_Category`
+`View_Value_Category`
+|Create, read, and delete categories that are assigned to the {product-title} machines.
+
+
+|Images
+|Always
+|
+[%hardbreaks]
+`Create_Image`
+`Delete_Image`
+`View_Image`
+|Create, read, and delete the operating system images used for the {product-title} machines.
+
+|Virtual Machines
+|Always
+|
+[%hardbreaks]
+`Create_Virtual_Machine`
+`Delete_Virtual_Machine`
+`View_Virtual_Machine`
+|Create, read, and delete the {product-title} machines.
+
+|Clusters
+|Always
+|`View_Cluster`
+|View the Prism Element clusters that host the {product-title} machines.
+
+|Subnets
+|Always
+|`View_Subnet`
+|View the subnets that host the {product-title} machines.
+
+|Projects
+|If you will associate a project with compute machines, control plane machines, or all machines.
+|
+[%hardbreaks]
+`View_Project`
+|View the projects defined in Prism Central and allow a project to be assigned to the {product-title} machines.
+|===
+====
 
 [id="installation-nutanix-installer-infra-reqs-limits_{context}"]
 == Cluster limits
@@ -37,7 +110,7 @@ A standard {product-title} installation creates the following resources:
 [id="installation-nutanix-installer-infra-requirements-networking_{context}"]
 == Networking requirements
 
-You must use AHV IP Address Management (IPAM) for the network and ensure that it is configured to provide persistent IP addresses to the cluster machines. Additionally, create the following networking resources before you install the {product-title} cluster:
+You must use either AHV IP Address Management (IPAM) or Dynamic Host Configuration Protocol (DHCP) for the network and ensure that it is configured to provide persistent IP addresses to the cluster machines. Additionally, create the following networking resources before you install the {product-title} cluster:
 
 * IP addresses
 * DNS records
diff --git a/modules/installation-obtaining-installer.adoc b/modules/installation-obtaining-installer.adoc
index 57ec0cdd6673..cac889868315 100644
--- a/modules/installation-obtaining-installer.adoc
+++ b/modules/installation-obtaining-installer.adoc
@@ -29,22 +29,16 @@
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
 // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
 
 
 ifeval::["{context}" == "installing-ibm-z"]
@@ -65,17 +59,11 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :private:
 endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
+ifeval::["{context}" == "ipi-vsphere-preparing-to-install"]
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-obtaining-installer_{context}"]
 = Obtaining the installation program
 
@@ -92,7 +80,7 @@ a bastion host on your cloud network or a machine that has access to the to the
 For more information about private cluster installation requirements, see "Private clusters".
 endif::private[]
 endif::restricted[]
-//mpytlak: Added "private" in the context of a review for the IBM Cloud VPC private work. In an effort to keep updates to other platforms separate, I will open a doc story for each platform that supports a private install.
+//mpytlak: Added "private" in the context of a review for the IBM Cloud private work. In an effort to keep updates to other platforms separate, I will open a doc story for each platform that supports a private install.
 
 .Prerequisites
 
@@ -173,12 +161,6 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-private"]
 :!private:
 endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
+ifeval::["{context}" == "ipi-vsphere-preparing-to-install"]
 :!vsphere:
 endif::[]
diff --git a/modules/installation-openshift-local.adoc b/modules/installation-openshift-local.adoc
index 3b963b16e417..01cc205f53ef 100644
--- a/modules/installation-openshift-local.adoc
+++ b/modules/installation-openshift-local.adoc
@@ -3,14 +3,14 @@
 // * getting_started/openshift-overview.adoc
 // * installing/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-openshift-local_{context}"]
 = OpenShift Local overview
 
-OpenShift Local supports rapid application development to get started building {product-title} clusters. OpenShift Local is designed to run on a local computer to simplify setup and testing, and to emulate the cloud development environment locally with all of the tools needed to develop container-based applications. 
+OpenShift Local supports rapid application development to get started building {product-title} clusters. OpenShift Local is designed to run on a local computer to simplify setup and testing, and to emulate the cloud development environment locally with all of the tools needed to develop container-based applications.
 
 Regardless of the programming language you use, OpenShift Local hosts your application and brings a minimal, preconfigured Red Hat {product-title} cluster to your local PC without the need for a server-based infrastructure.
 
-On a hosted environment, OpenShift Local can create microservices, convert them into images, and run them in Kubernetes-hosted containers directly on your laptop or desktop running Linux, macOS, or Windows 10 or later. 
+On a hosted environment, OpenShift Local can create microservices, convert them into images, and run them in Kubernetes-hosted containers directly on your laptop or desktop running Linux, macOS, or Windows 10 or later.
 
 For more information about OpenShift Local, see link:https://developers.redhat.com/products/openshift-local/overview[Red Hat OpenShift Local Overview].
\ No newline at end of file
diff --git a/modules/installation-openstack-nfv-requirements.adoc b/modules/installation-openstack-nfv-requirements.adoc
index d072ab75f0da..877976f50489 100644
--- a/modules/installation-openstack-nfv-requirements.adoc
+++ b/modules/installation-openstack-nfv-requirements.adoc
@@ -2,10 +2,10 @@
 //
 // * installing/installing_openstack/installing-openstack-nfv-preparing
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-openstack-nfv-requirements_{context}"]
 = Requirements for clusters on {rh-openstack} that use either SR-IOV or OVS-DPDK
 
 If you use SR-IOV or OVS-DPDK with your deployment, you must meet the following requirements:
 
-* {rh-openstack} compute nodes must use a flavor that supports huge pages.
\ No newline at end of file
+* {rh-openstack} compute nodes must use a flavor that supports huge pages.
diff --git a/modules/installation-openstack-ovs-dpdk-performance-profile.adoc b/modules/installation-openstack-ovs-dpdk-performance-profile.adoc
index a699d078c9ea..063f81c6eb87 100644
--- a/modules/installation-openstack-ovs-dpdk-performance-profile.adoc
+++ b/modules/installation-openstack-ovs-dpdk-performance-profile.adoc
@@ -3,7 +3,7 @@
 // * scalability_and_performance/cnf-create-performance-profiles.adoc
 // TODO: ^^^ at the moment
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-openstack-ovs-dpdk-performance-profile_{context}"]
 = A performance profile template for clusters that use OVS-DPDK on OpenStack
 
@@ -45,6 +45,6 @@ spec:
     globallyDisableIrqLoadBalancing: true
 ----
 
-Insert values that are appropriate for your configuration for the `CPU_ISOLATED`, `CPU_RESERVED`, and `HUGEPAGES_COUNT` keys. 
+Insert values that are appropriate for your configuration for the `CPU_ISOLATED`, `CPU_RESERVED`, and `HUGEPAGES_COUNT` keys.
 
-To learn how to create and use performance profiles, see the "Creating a performance profile" page in the "Scalability and performance" section of the {product-title} documentation. 
\ No newline at end of file
+To learn how to create and use performance profiles, see the "Creating a performance profile" page in the "Scalability and performance" section of the {product-title} documentation.
\ No newline at end of file
diff --git a/modules/installation-openstack-ovs-dpdk-requirements.adoc b/modules/installation-openstack-ovs-dpdk-requirements.adoc
index 9e18e27e6188..be9f09ce8257 100644
--- a/modules/installation-openstack-ovs-dpdk-requirements.adoc
+++ b/modules/installation-openstack-ovs-dpdk-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-nfv-preparing
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-openstack-ovs-dpdk-requirements_{context}"]
 = Requirements for clusters on {rh-openstack} that use OVS-DPDK
 
diff --git a/modules/installation-openstack-sr-iov-requirements.adoc b/modules/installation-openstack-sr-iov-requirements.adoc
index 7aef3cd75c16..ee2af95cb516 100644
--- a/modules/installation-openstack-sr-iov-requirements.adoc
+++ b/modules/installation-openstack-sr-iov-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-nfv-preparing
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-openstack-sr-iov-requirements_{context}"]
 = Requirements for clusters on {rh-openstack} that use SR-IOV
 
diff --git a/modules/installation-operators-config.adoc b/modules/installation-operators-config.adoc
index 79cd36cb1995..39a8f66480ed 100644
--- a/modules/installation-operators-config.adoc
+++ b/modules/installation-operators-config.adoc
@@ -10,7 +10,7 @@
 // * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-operators-config_{context}"]
 = Initial Operator configuration
 
@@ -31,39 +31,39 @@ $ watch -n5 oc get clusteroperators
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
-authentication                             4.13.0    True        False         False      19m
-baremetal                                  4.13.0    True        False         False      37m
-cloud-credential                           4.13.0    True        False         False      40m
-cluster-autoscaler                         4.13.0    True        False         False      37m
-config-operator                            4.13.0    True        False         False      38m
-console                                    4.13.0    True        False         False      26m
-csi-snapshot-controller                    4.13.0    True        False         False      37m
-dns                                        4.13.0    True        False         False      37m
-etcd                                       4.13.0    True        False         False      36m
-image-registry                             4.13.0    True        False         False      31m
-ingress                                    4.13.0    True        False         False      30m
-insights                                   4.13.0    True        False         False      31m
-kube-apiserver                             4.13.0    True        False         False      26m
-kube-controller-manager                    4.13.0    True        False         False      36m
-kube-scheduler                             4.13.0    True        False         False      36m
-kube-storage-version-migrator              4.13.0    True        False         False      37m
-machine-api                                4.13.0    True        False         False      29m
-machine-approver                           4.13.0    True        False         False      37m
-machine-config                             4.13.0    True        False         False      36m
-marketplace                                4.13.0    True        False         False      37m
-monitoring                                 4.13.0    True        False         False      29m
-network                                    4.13.0    True        False         False      38m
-node-tuning                                4.13.0    True        False         False      37m
-openshift-apiserver                        4.13.0    True        False         False      32m
-openshift-controller-manager               4.13.0    True        False         False      30m
-openshift-samples                          4.13.0    True        False         False      32m
-operator-lifecycle-manager                 4.13.0    True        False         False      37m
-operator-lifecycle-manager-catalog         4.13.0    True        False         False      37m
-operator-lifecycle-manager-packageserver   4.13.0    True        False         False      32m
-service-ca                                 4.13.0    True        False         False      38m
-storage                                    4.13.0    True        False         False      37m
+authentication                             {product-version}.0    True        False         False      19m
+baremetal                                  {product-version}.0    True        False         False      37m
+cloud-credential                           {product-version}.0    True        False         False      40m
+cluster-autoscaler                         {product-version}.0    True        False         False      37m
+config-operator                            {product-version}.0    True        False         False      38m
+console                                    {product-version}.0    True        False         False      26m
+csi-snapshot-controller                    {product-version}.0    True        False         False      37m
+dns                                        {product-version}.0    True        False         False      37m
+etcd                                       {product-version}.0    True        False         False      36m
+image-registry                             {product-version}.0    True        False         False      31m
+ingress                                    {product-version}.0    True        False         False      30m
+insights                                   {product-version}.0    True        False         False      31m
+kube-apiserver                             {product-version}.0    True        False         False      26m
+kube-controller-manager                    {product-version}.0    True        False         False      36m
+kube-scheduler                             {product-version}.0    True        False         False      36m
+kube-storage-version-migrator              {product-version}.0    True        False         False      37m
+machine-api                                {product-version}.0    True        False         False      29m
+machine-approver                           {product-version}.0    True        False         False      37m
+machine-config                             {product-version}.0    True        False         False      36m
+marketplace                                {product-version}.0    True        False         False      37m
+monitoring                                 {product-version}.0    True        False         False      29m
+network                                    {product-version}.0    True        False         False      38m
+node-tuning                                {product-version}.0    True        False         False      37m
+openshift-apiserver                        {product-version}.0    True        False         False      32m
+openshift-controller-manager               {product-version}.0    True        False         False      30m
+openshift-samples                          {product-version}.0    True        False         False      32m
+operator-lifecycle-manager                 {product-version}.0    True        False         False      37m
+operator-lifecycle-manager-catalog         {product-version}.0    True        False         False      37m
+operator-lifecycle-manager-packageserver   {product-version}.0    True        False         False      32m
+service-ca                                 {product-version}.0    True        False         False      38m
+storage                                    {product-version}.0    True        False         False      37m
 ----
 . Configure the Operators that are not available.
diff --git a/modules/installation-osp-about-kuryr.adoc b/modules/installation-osp-about-kuryr.adoc
deleted file mode 100644
index 218e06cfc793..000000000000
--- a/modules/installation-osp-about-kuryr.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-:_content-type: CONCEPT
-[id="installation-osp-about-kuryr_{context}"]
-= About Kuryr SDN
-
-:FeatureName: Kuryr
-include::snippets/deprecated-feature.adoc[]
-
-link:https://docs.openstack.org/kuryr-kubernetes/latest/[Kuryr] is a container
-network interface (CNI) plugin solution that uses the
-link:https://docs.openstack.org/neutron/latest/[Neutron] and
-link:https://docs.openstack.org/octavia/latest/[Octavia] {rh-openstack-first} services
-to provide networking for pods and Services.
-
-Kuryr and {product-title} integration is primarily designed for
-{product-title} clusters running on {rh-openstack} VMs. Kuryr improves the
-network performance by plugging {product-title} pods into {rh-openstack} SDN.
-In addition, it provides interconnectivity between pods and
-{rh-openstack} virtual instances.
-
-Kuryr components are installed as pods in {product-title} using the
-`openshift-kuryr` namespace:
-
-* `kuryr-controller` - a single service instance installed on a `master` node.
-This is modeled in {product-title} as a `Deployment` object.
-* `kuryr-cni` - a container installing and configuring Kuryr as a CNI driver on
-each {product-title} node. This is modeled in {product-title} as a `DaemonSet` object.
-
-The Kuryr controller watches the {product-title} API server for pod, service, and
-namespace create, update, and delete events. It maps the {product-title} API
-calls to corresponding objects in Neutron and Octavia. This means that every
-network solution that implements the Neutron trunk port functionality can be
-used to back {product-title} via Kuryr. This includes open source solutions
-such as Open vSwitch (OVS) and Open Virtual Network (OVN) as well as
-Neutron-compatible commercial SDNs.
-
-Kuryr is recommended for {product-title} deployments on encapsulated {rh-openstack} tenant
-networks to avoid double encapsulation, such as running an encapsulated
-{product-title} SDN over an {rh-openstack} network.
-
-If you use provider networks or tenant VLANs, you do not need to use Kuryr to
-avoid double encapsulation. The performance benefit is negligible. Depending on
-your configuration, though, using Kuryr to avoid having two overlays might still
-be beneficial.
-
-Kuryr is not recommended in deployments where all of the following criteria are true:
-
-* The {rh-openstack} version is less than 16.
-* The deployment uses UDP services, or a large number of TCP services on few hypervisors.
-
-or
-
-* The `ovn-octavia` Octavia driver is disabled.
-* The deployment uses a large number of TCP services on few hypervisors.
\ No newline at end of file
diff --git a/modules/installation-osp-accessing-api-floating.adoc b/modules/installation-osp-accessing-api-floating.adoc
index 313d938c0425..05bc9976141a 100644
--- a/modules/installation-osp-accessing-api-floating.adoc
+++ b/modules/installation-osp-accessing-api-floating.adoc
@@ -2,23 +2,16 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
 
 ifeval::["{context}" == "installing-openstack-user"]
 :osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:osp-user:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:osp-user:
-endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-accessing-api-floating_{context}"]
 = Enabling access with floating IP addresses
 
@@ -103,12 +96,6 @@ You can make {product-title} resources available outside of the cluster by assig
 ifeval::["{context}" == "installing-openstack-user"]
 :!osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!osp-user:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :!osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!osp-user:
-endif::[]
diff --git a/modules/installation-osp-accessing-api-no-floating.adoc b/modules/installation-osp-accessing-api-no-floating.adoc
index 7654adeba22d..c8a46edb7f85 100644
--- a/modules/installation-osp-accessing-api-no-floating.adoc
+++ b/modules/installation-osp-accessing-api-no-floating.adoc
@@ -2,31 +2,17 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :osp-ipi:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:osp-kuryr:
-:osp-ipi:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user"]
 :osp-upi:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:osp-kuryr:
-:osp-upi:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :osp-upi:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:osp-upi:
-:osp-kuryr:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :osp-ipi:
 :osp-restricted:
@@ -79,24 +65,12 @@ If you do not control the DNS server, you can add the record to your `/etc/hosts
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!osp-ipi:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!osp-kuryr:
-:!osp-ipi:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user"]
 :!osp-upi:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!osp-kuryr:
-:!osp-upi:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :!osp-upi:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!osp-upi:
-:!osp-kuryr:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :!osp-ipi:
 :!osp-restricted:
diff --git a/modules/installation-osp-accessing-api.adoc b/modules/installation-osp-accessing-api.adoc
index 22de3d2cddb0..1bad56fb7700 100644
--- a/modules/installation-osp-accessing-api.adoc
+++ b/modules/installation-osp-accessing-api.adoc
@@ -2,15 +2,13 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 //
-// Stub module. To be used with other FIP OSP modules only. 
+// Stub module. To be used with other FIP OSP modules only.
 
 [id="installation-osp-accessing-api_{context}"]
 = Enabling access to the environment
 
 At deployment, all {product-title} machines are created in a {rh-openstack-first}-tenant network. Therefore, they are not accessible directly in most {rh-openstack} deployments.
 
-You can configure {product-title} API and application access by using floating IP addresses (FIPs) during installation. You can also complete an installation without configuring FIPs, but the installer will not configure a way to reach the API or applications externally. 
+You can configure {product-title} API and application access by using floating IP addresses (FIPs) during installation. You can also complete an installation without configuring FIPs, but the installer will not configure a way to reach the API or applications externally.
diff --git a/modules/installation-osp-api-octavia.adoc b/modules/installation-osp-api-octavia.adoc
index 8d04a884c1ee..c7966c388d0c 100644
--- a/modules/installation-osp-api-octavia.adoc
+++ b/modules/installation-osp-api-octavia.adoc
@@ -7,6 +7,4 @@
 
 {product-title} clusters that run on {rh-openstack-first} can use the Octavia load balancing service to distribute traffic across multiple virtual machines (VMs) or floating IP addresses. This feature mitigates the bottleneck that single machines or addresses create.
 
-If your cluster uses Kuryr, the Cluster Network Operator created an internal Octavia load balancer at deployment. You can use this load balancer for application network scaling.
-
-If your cluster does not use Kuryr, you must create your own Octavia load balancer to use it for application network scaling.
\ No newline at end of file
+You must create your own Octavia load balancer to use it for application network scaling.
\ No newline at end of file
diff --git a/modules/installation-osp-api-scaling.adoc b/modules/installation-osp-api-scaling.adoc
index dcbe18fbceb6..474a4d5b3697 100644
--- a/modules/installation-osp-api-scaling.adoc
+++ b/modules/installation-osp-api-scaling.adoc
@@ -2,11 +2,11 @@
 //
 // * networking/load-balancing-openstack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-api-scaling_{context}"]
 = Scaling clusters by using Octavia
 
-If you want to use multiple API load balancers, or if your cluster does not use Kuryr, create an Octavia load balancer and then configure your cluster to use it.
+If you want to use multiple API load balancers, create an Octavia load balancer and then configure your cluster to use it.
 
 .Prerequisites
 
@@ -73,11 +73,4 @@ $ openstack floating ip unset $API_FIP
 $ openstack floating ip set  --port $(openstack loadbalancer show -c <vip_port_id> -f value API_OCP_CLUSTER) $API_FIP
 ----
 
-Your cluster now uses Octavia for load balancing.
-
-[NOTE]
-====
-If Kuryr uses the Octavia Amphora driver, all traffic is routed through a single Amphora virtual machine (VM).
-
-You can repeat this procedure to create additional load balancers, which can alleviate the bottleneck.
-====
+Your cluster now uses Octavia for load balancing.
\ No newline at end of file
diff --git a/modules/installation-osp-bootstrap-machine.adoc b/modules/installation-osp-bootstrap-machine.adoc
index 32581e3744a8..f37ef23174af 100644
--- a/modules/installation-osp-bootstrap-machine.adoc
+++ b/modules/installation-osp-bootstrap-machine.adoc
@@ -1,7 +1,6 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 
 [id="installation-osp-bootstrap-machine_{context}"]
 = Bootstrap machine
diff --git a/modules/installation-osp-config-yaml.adoc b/modules/installation-osp-config-yaml.adoc
index f9de1a04f30a..03d2b4401279 100644
--- a/modules/installation-osp-config-yaml.adoc
+++ b/modules/installation-osp-config-yaml.adoc
@@ -1,7 +1,6 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 
 [id="installation-osp-config-yaml_{context}"]
 = Sample customized `install-config.yaml` file for {rh-openstack}
diff --git a/modules/installation-osp-configuring-api-floating-ip.adoc b/modules/installation-osp-configuring-api-floating-ip.adoc
index 93ee17222636..64e3606a6ceb 100644
--- a/modules/installation-osp-configuring-api-floating-ip.adoc
+++ b/modules/installation-osp-configuring-api-floating-ip.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-configuring-api-floating-ip_{context}"]
 = Configuring application access with floating IP addresses
 
diff --git a/modules/installation-osp-configuring-sr-iov.adoc b/modules/installation-osp-configuring-sr-iov.adoc
index d189e4ff37f2..c739137aa344 100644
--- a/modules/installation-osp-configuring-sr-iov.adoc
+++ b/modules/installation-osp-configuring-sr-iov.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-user-sr-iov.adoc
-// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-configuring-sr-iov_{context}"]
 = Creating SR-IOV networks for compute machines
 
diff --git a/modules/installation-osp-control-compute-machines.adoc b/modules/installation-osp-control-compute-machines.adoc
index 3bf6e8297515..698553196e5b 100644
--- a/modules/installation-osp-control-compute-machines.adoc
+++ b/modules/installation-osp-control-compute-machines.adoc
@@ -1,7 +1,6 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc
 
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
diff --git a/modules/installation-osp-converting-ignition-resources.adoc b/modules/installation-osp-converting-ignition-resources.adoc
index 28887b106ae7..2fa5a435d885 100644
--- a/modules/installation-osp-converting-ignition-resources.adoc
+++ b/modules/installation-osp-converting-ignition-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-converting-ignition-resources_{context}"]
 = Preparing the bootstrap Ignition files
 
diff --git a/modules/installation-osp-creating-bootstrap-machine.adoc b/modules/installation-osp-creating-bootstrap-machine.adoc
index de630603955c..c446d7394790 100644
--- a/modules/installation-osp-creating-bootstrap-machine.adoc
+++ b/modules/installation-osp-creating-bootstrap-machine.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-bootstrap-machine_{context}"]
 = Creating the bootstrap machine on {rh-openstack}
 
diff --git a/modules/installation-osp-creating-compute-machines.adoc b/modules/installation-osp-creating-compute-machines.adoc
index 784442e4a486..c9a0c5f1d777 100644
--- a/modules/installation-osp-creating-compute-machines.adoc
+++ b/modules/installation-osp-creating-compute-machines.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-compute-machines_{context}"]
 = Creating compute machines on {rh-openstack}
 
diff --git a/modules/installation-osp-creating-control-plane-ignition.adoc b/modules/installation-osp-creating-control-plane-ignition.adoc
index f97291eb97ec..04d69db1d44f 100644
--- a/modules/installation-osp-creating-control-plane-ignition.adoc
+++ b/modules/installation-osp-creating-control-plane-ignition.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-control-plane-ignition_{context}"]
 = Creating control plane Ignition config files on {rh-openstack}
 
diff --git a/modules/installation-osp-creating-control-plane.adoc b/modules/installation-osp-creating-control-plane.adoc
index 05682083e3d1..34e6e7ded7d1 100644
--- a/modules/installation-osp-creating-control-plane.adoc
+++ b/modules/installation-osp-creating-control-plane.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-control-plane_{context}"]
 = Creating the control plane machines on {rh-openstack}
 
@@ -40,7 +40,7 @@ You will see messages that confirm that the control plane machines are running a
 +
 [source,terminal]
 ----
-INFO API v1.26.0 up
+INFO API v1.28.5 up
 INFO Waiting up to 30m0s for bootstrapping to complete...
 ...
 INFO It is now safe to remove the bootstrap resources
diff --git a/modules/installation-osp-creating-image.adoc b/modules/installation-osp-creating-image.adoc
index ac4d934ed17c..36419f63ab54 100644
--- a/modules/installation-osp-creating-image.adoc
+++ b/modules/installation-osp-creating-image.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-image_{context}"]
 = Creating the {op-system-first} image
 
diff --git a/modules/installation-osp-creating-network-resources.adoc b/modules/installation-osp-creating-network-resources.adoc
index 559e59da284c..d6a658252ef6 100644
--- a/modules/installation-osp-creating-network-resources.adoc
+++ b/modules/installation-osp-creating-network-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-network-resources_{context}"]
 = Creating network resources on {rh-openstack}
 
@@ -60,7 +60,7 @@ If you did not provide a value for `os_external_network` in the `inventory.yaml`
 +
 [IMPORTANT]
 ====
-If you do not define values for `os_api_fip` and `os_ingress_fip`, you must perform post-installation network configuration.
+If you do not define values for `os_api_fip` and `os_ingress_fip`, you must perform postinstallation network configuration.
 
 If you do not define a value for `os_bootstrap_fip`, the installer cannot download debugging information from failed installations.
 
@@ -86,4 +86,4 @@ $ ansible-playbook -i inventory.yaml network.yaml
 [source,terminal]
 ----
 $ openstack subnet set --dns-nameserver <server_1> --dns-nameserver <server_2> "$INFRA_ID-nodes"
-----
\ No newline at end of file
+----
diff --git a/modules/installation-osp-creating-sr-iov-compute-machines.adoc b/modules/installation-osp-creating-sr-iov-compute-machines.adoc
index 8b91e68e6ac8..ac8da76448f7 100644
--- a/modules/installation-osp-creating-sr-iov-compute-machines.adoc
+++ b/modules/installation-osp-creating-sr-iov-compute-machines.adoc
@@ -1,12 +1,11 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-user-sr-iov.adoc
-// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
 //
 // TODO: Get https://github.com/shiftstack/SRIOV-Compute-Nodes-Ansible-Automation into a supported
 //       repo, associate playbooks with individual releases, and then embed here.
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-creating-sr-iov-compute-machines_{context}"]
 = Creating compute machines that run on SR-IOV networks
 
@@ -34,7 +33,7 @@ After standing up the control plane, create compute machines that run on the SR-
 # in case of install failure.
     os_bootstrap_fip: '203.0.113.20'
 
-    additionalNetworks: 
+    additionalNetworks:
     - id: radio
       count: 4 <1>
       type: direct
@@ -80,31 +79,17 @@ After standing up the control plane, create compute machines that run on the SR-
   - name: 'Set Compute ports tag'
     command:
       cmd: "openstack port set --tag {{ cluster_id_tag }} {{ item.1 }}-{{ item.0 }}"
-    with_indexed_items: "{{ [os_port_worker] * os_compute_nodes_number }}"  
-
-  - name: 'List the Compute Trunks'
-    command:
-      cmd: "openstack network trunk list"
-    when: os_networking_type == "Kuryr"
-    register: compute_trunks
- 
-  - name: 'Create the Compute trunks'
-    command:
-      cmd: "openstack network trunk create --parent-port {{ item.1.id }} {{ os_compute_trunk_name }}-{{ item.0 }}"
-    with_indexed_items: "{{ ports.results }}"
-    when:
-    - os_networking_type == "Kuryr"
-    - "os_compute_trunk_name|string not in compute_trunks.stdout"
+    with_indexed_items: "{{ [os_port_worker] * os_compute_nodes_number }}"
 
   - name: ‘Call additional-port processing’
     include_tasks: additional-ports.yaml
-    
-  # Create additional ports in OpenStack  
+
+  # Create additional ports in OpenStack
   - name: ‘Create additionalNetworks ports’
     os_port:
       name:  "{{ item.0 }}-{{ item.1.name }}"
       vnic_type: "{{ item.1.type }}"
-      network: "{{ item.1.uuid }}" 
+      network: "{{ item.1.uuid }}"
       port_security_enabled: "{{ item.1.port_security_enabled|default(omit) }}"
       no_security_groups: "{{ 'true' if item.1.security_groups is not defined else omit }}"
       security_groups: "{{ item.1.security_groups | default(omit) }}"
@@ -116,7 +101,7 @@ After standing up the control plane, create compute machines that run on the SR-
   - name: 'Set additionalNetworks ports tag'
     command:
       cmd: "openstack port set --tag {{ cluster_id_tag }} {{ item.0 }}-{{ item.1.name }}"
-    with_nested: 
+    with_nested:
       - "{{ worker_list }}"
       - "{{ port_name_list }}"
 
@@ -153,7 +138,7 @@ After standing up the control plane, create compute machines that run on the SR-
 ----
 # Build a list of worker nodes with indexes
 - name: ‘Build worker list’
-  set_fact:       
+  set_fact:
     worker_list: "{{ worker_list | default([]) + [ item.1 + '-' + item.0 | string ] }}"
   with_indexed_items: "{{ [ os_compute_server_name ] * os_compute_nodes_number }}"
 
@@ -167,22 +152,22 @@ After standing up the control plane, create compute machines that run on the SR-
 # Expand additionalNetworks by the count parameter in each network definition
 - name: ‘Build port and port index list for additionalNetworks’
   set_fact:
-    port_list: "{{ port_list | default([]) + [ { 
+    port_list: "{{ port_list | default([]) + [ {
                     'net_name' : item.1.id,
-                    'uuid' : network_info.results[item.0].openstack_networks[0].id, 
+                    'uuid' : network_info.results[item.0].openstack_networks[0].id,
                     'type' : item.1.type|default('normal'),
                     'security_groups' : item.1.security_groups|default(omit),
                     'port_security_enabled' : item.1.port_security_enabled|default(omit)
                     } ] * item.1.count|default(1) }}"
     index_list: "{{ index_list | default([]) + range(item.1.count|default(1)) | list }}"
   with_indexed_items: "{{ additionalNetworks }}"
-    
+
 # Calculate and save the name of the port
 # The format of the name is cluster_name-worker-workerID-networkUUID(partial)-count
 # i.e. fdp-nz995-worker-1-99bcd111-1
 - name: ‘Calculate port name’
   set_fact:
-    port_name_list: "{{ port_name_list | default([]) + [ item.1 | combine( {'name' : item.1.uuid | regex_search('([^-]+)') + '-' + index_list[item.0]|string } ) ] }}" 
+    port_name_list: "{{ port_name_list | default([]) + [ item.1 | combine( {'name' : item.1.uuid | regex_search('([^-]+)') + '-' + index_list[item.0]|string } ) ] }}"
   with_indexed_items: "{{ port_list }}"
   when: port_list is defined
 ----
diff --git a/modules/installation-osp-custom-subnet.adoc b/modules/installation-osp-custom-subnet.adoc
index c026151efb4a..f9fd37ce52ea 100644
--- a/modules/installation-osp-custom-subnet.adoc
+++ b/modules/installation-osp-custom-subnet.adoc
@@ -2,9 +2,7 @@
 //
 
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
 [id="installation-osp-custom-subnet_{context}"]
 = Custom subnets in {rh-openstack} deployments
diff --git a/modules/installation-osp-default-kuryr-deployment.adoc b/modules/installation-osp-default-kuryr-deployment.adoc
deleted file mode 100644
index 30694dce284e..000000000000
--- a/modules/installation-osp-default-kuryr-deployment.adoc
+++ /dev/null
@@ -1,83 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-[id="installation-osp-default-kuryr-deployment_{context}"]
-= Resource guidelines for installing {product-title} on {rh-openstack} with Kuryr
-
-When using Kuryr SDN, the pods, services, namespaces, and network policies are
-using resources from the {rh-openstack} quota; this increases the minimum
-requirements. Kuryr also has some additional requirements on top of what a
-default install requires.
-
-Use the following quota to satisfy a default cluster's minimum requirements:
-
-.Recommended resources for a default {product-title} cluster on {rh-openstack} with Kuryr
-
-[options="header"]
-|==============================================================================================
-|Resource                | Value
-|Floating IP addresses   | 3 - plus the expected number of Services of LoadBalancer type
-|Ports                   | 1500 - 1 needed per Pod
-|Routers                 | 1
-|Subnets                 | 250 - 1 needed per Namespace/Project
-|Networks                | 250 - 1 needed per Namespace/Project
-|RAM                     | 112 GB
-|vCPUs                   | 28
-|Volume storage          | 275 GB
-|Instances               | 7
-|Security groups         | 250 - 1 needed per Service and per NetworkPolicy
-|Security group rules    | 1000
-|Server groups           | 2 - plus 1 for each additional availability zone in each machine pool
-|Load balancers          | 100 - 1 needed per Service
-|Load balancer listeners | 500 - 1 needed per Service-exposed port
-|Load balancer pools     | 500 - 1 needed per Service-exposed port
-|==============================================================================================
-
-A cluster might function with fewer than recommended resources, but its performance is not guaranteed.
-
-[IMPORTANT]
-====
-If {rh-openstack} object storage (Swift) is available and operated by a user account with the `swiftoperator` role, it is used as the default backend for the {product-title} image registry. In this case, the volume storage requirement is 175 GB. Swift space requirements vary depending on the size of the image registry.
-====
-
-[IMPORTANT]
-====
-If you are using {rh-openstack-first} version 16 with the Amphora driver rather than the OVN Octavia driver, security groups are associated with service accounts instead of user projects.
-====
-
-Take the following notes into consideration when setting resources:
-
-* The number of ports that are required is larger than the number of pods. Kuryr
-uses ports pools to have pre-created ports ready to be used by pods and speed up
-the pods' booting time.
-
-* Each network policy is mapped into an {rh-openstack} security group, and
-depending on the `NetworkPolicy` spec, one or more rules are added to the
-security group.
-
-* Each service is mapped to an {rh-openstack} load balancer. Consider this requirement
- when estimating the number of security groups required for the quota.
-+
-If you are using
-{rh-openstack} version 15 or earlier, or the `ovn-octavia driver`, each load balancer
-has a security group with the user project.
-
-* The quota does not account for load balancer resources (such as VM
-resources), but you must consider these resources when you decide the
-{rh-openstack} deployment's size. The default installation will have more than
-50 load balancers; the clusters must be able to accommodate them.
-+
-If you are using {rh-openstack} version 16 with the OVN Octavia driver enabled, only one load balancer
-VM is generated; services are load balanced through OVN flows.
-
-An {product-title} deployment comprises control plane machines, compute
-machines, and a bootstrap machine.
-
-To enable Kuryr SDN, your environment must meet the following requirements:
-
-* Run {rh-openstack} 13+.
-* Have Overcloud with Octavia.
-* Use Neutron Trunk ports extension.
-* Use `openvswitch` firewall driver if ML2/OVS Neutron driver is used instead
-of `ovs-hybrid`.
diff --git a/modules/installation-osp-deleting-bootstrap-resources.adoc b/modules/installation-osp-deleting-bootstrap-resources.adoc
index 83bf50ad565f..fa9b4fc48906 100644
--- a/modules/installation-osp-deleting-bootstrap-resources.adoc
+++ b/modules/installation-osp-deleting-bootstrap-resources.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-deleting-bootstrap-resources_{context}"]
 = Deleting bootstrap resources from {rh-openstack}
 
diff --git a/modules/installation-osp-deploying-bare-metal-machines.adoc b/modules/installation-osp-deploying-bare-metal-machines.adoc
index dacb9ba8f464..b2d88168e7e3 100644
--- a/modules/installation-osp-deploying-bare-metal-machines.adoc
+++ b/modules/installation-osp-deploying-bare-metal-machines.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "installing-openstack-installer-custom"]
 :osp-ipi:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-deploying-bare-metal-machines_{context}"]
 = Deploying a cluster with bare metal machines
 
@@ -16,12 +16,9 @@ ifdef::osp-ipi[`install-config.yaml`]
 ifndef::osp-ipi[`inventory.yaml`]
 file. Your cluster can have both control plane and compute machines running on bare metal, or just compute machines.
 
-Bare-metal compute machines are not supported on clusters that use Kuryr.
-
 [NOTE]
 ====
 Be sure that your `install-config.yaml` file reflects whether the {rh-openstack} network that you use for bare metal workers supports floating IP addresses or not.
-
 ====
 
 .Prerequisites
@@ -30,6 +27,9 @@ Be sure that your `install-config.yaml` file reflects whether the {rh-openstack}
 
 * Bare metal is available as link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/bare_metal_provisioning/configuring-the-bare-metal-provisioning-service-after-deployment#creating-the-bare-metal-flavor_bare-metal-post-deployment[a {rh-openstack} flavor].
 
+* If your cluster runs on an {rh-openstack} version that is more than 16.1.6 and less than 16.2.4, bare metal workers do not function due to a link:https://bugzilla.redhat.com/show_bug.cgi?id=2033953[known issue] that causes the metadata service to be unavailable for services on {product-title} nodes.
+
+
 * The {rh-openstack} network supports both VM and bare metal server attachment.
 
 * Your network configuration does not rely on a provider network. Provider networks are not supported.
diff --git a/modules/installation-osp-deploying-provider-networks-installer.adoc b/modules/installation-osp-deploying-provider-networks-installer.adoc
index ea3d7e679b9c..34831803a989 100644
--- a/modules/installation-osp-deploying-provider-networks-installer.adoc
+++ b/modules/installation-osp-deploying-provider-networks-installer.adoc
@@ -1,11 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-deploying-provider-networks-installer_{context}"]
 = Deploying a cluster that has a primary interface on a provider network
 
@@ -35,9 +33,9 @@ The `platform.openstack.apiVIPs` and `platform.openstack.ingressVIPs` properties
         platform:
           openstack:
             apiVIPs: <1>
-              - 192.0.2.13 
+              - 192.0.2.13
             ingressVIPs: <1>
-              - 192.0.2.23 
+              - 192.0.2.23
             machinesSubnet: fa806b2f-ac49-4bce-b9db-124bc64209bf
             # ...
         networking:
diff --git a/modules/installation-osp-describing-cloud-parameters.adoc b/modules/installation-osp-describing-cloud-parameters.adoc
index cee1f24af9ac..e34893f8161b 100644
--- a/modules/installation-osp-describing-cloud-parameters.adoc
+++ b/modules/installation-osp-describing-cloud-parameters.adoc
@@ -2,10 +2,9 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-describing-cloud-parameters_{context}"]
 = Defining parameters for the installation program
 
@@ -31,15 +30,15 @@ clouds:
     auth:
       auth_url: http://10.10.14.42:5000/v3
       project_name: shiftstack
-      username: shiftstack_user
-      password: XXX
+      username: <username>
+      password: <password>
       user_domain_name: Default
       project_domain_name: Default
   dev-env:
     region_name: RegionOne
     auth:
-      username: 'devuser'
-      password: XXX
+      username: <username>
+      password: <password>
       project_name: 'devonly'
       auth_url: 'https://10.10.14.22:5001/v2.0'
 ----
diff --git a/modules/installation-osp-downloading-modules.adoc b/modules/installation-osp-downloading-modules.adoc
index d463e7422725..5f0880abee8a 100644
--- a/modules/installation-osp-downloading-modules.adoc
+++ b/modules/installation-osp-downloading-modules.adoc
@@ -1,6 +1,5 @@
 // Module included in the following assemblies:
 // * installing/installing_openstack/installing-openstack-installer-user.adoc
-// * installing/installing_openstack/installing-openstack-installer-user-kuryr.adoc
 // * installing/installing_openstack/uninstalling-openstack-user.adoc
 //
 //YOU MUST SET AN IFEVAL FOR EACH NEW MODULE
@@ -8,20 +7,17 @@
 ifeval::["{context}" == "installing-openstack-user"]
 :osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:osp-user:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:osp-user:
-endif::[]
 ifeval::["{context}" == "uninstalling-openstack-user"]
 :osp-user-uninstall:
 endif::[]
+ifeval::["{context}" == "uninstalling-cluster-openstack"]
+:osp-user-uninstall:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-downloading-modules_{context}"]
 = Downloading playbook dependencies
 
@@ -85,7 +81,7 @@ ifdef::osp-user[]
 +
 [source,terminal]
 ----
-$ sudo yum install python3-openstackclient ansible python3-openstacksdk python3-netaddr
+$ sudo yum install python3-openstackclient ansible python3-openstacksdk python3-netaddr ansible-collections-openstack
 ----
 endif::osp-user[]
 
@@ -108,15 +104,12 @@ $ sudo alternatives --set python /usr/bin/python3
 ifeval::["{context}" == "installing-openstack-user"]
 :!osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!osp-user:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :!osp-user:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!osp-user:
-endif::[]
 ifeval::["{context}" == "uninstalling-cluster-openstack"]
 :!osp-user-uninstall:
-endif::[]
\ No newline at end of file
+endif::[]
+ifeval::["{context}" == "uninstalling-openstack-user"]
+:!osp-user-uninstall:
+endif::[]
diff --git a/modules/installation-osp-downloading-playbooks.adoc b/modules/installation-osp-downloading-playbooks.adoc
index 616ce5dbaa8f..7146d5970876 100644
--- a/modules/installation-osp-downloading-playbooks.adoc
+++ b/modules/installation-osp-downloading-playbooks.adoc
@@ -1,8 +1,7 @@
 // Module included in the following assemblies:
-// * installing/installing_openstack/installing-openstack-user.adoc 
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
+// * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-downloading-playbooks_{context}"]
 = Downloading the installation playbooks
 
@@ -19,19 +18,19 @@ Download Ansible playbooks that you can use to install {product-title} on your o
 [source,terminal,subs=attributes+]
 ----
 $ xargs -n 1 curl -O <<< '
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/bootstrap.yaml                                  
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/common.yaml                                     
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/compute-nodes.yaml                              
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/control-plane.yaml                                                        
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/inventory.yaml                                  
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/network.yaml                                    
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/bootstrap.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/common.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/compute-nodes.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/control-plane.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/inventory.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/network.yaml
         https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/security-groups.yaml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-bootstrap.yaml                             
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-compute-nodes.yaml                         
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-control-plane.yaml                         
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-load-balancers.yaml                        
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-network.yaml                               
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-security-groups.yaml                       
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-bootstrap.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-compute-nodes.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-control-plane.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-load-balancers.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-network.yaml
+        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-security-groups.yaml
         https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/openstack/down-containers.yaml'
 ----
 
@@ -39,7 +38,7 @@ The playbooks are downloaded to your machine.
 
 [IMPORTANT]
 ====
-During the installation process, you can modify the playbooks to configure your deployment. 
+During the installation process, you can modify the playbooks to configure your deployment.
 
 Retain all playbooks for the life of your cluster. You must have the playbooks to remove your {product-title} cluster from {rh-openstack}.
 ====
diff --git a/modules/installation-osp-dpdk-binding-vfio-pci.adoc b/modules/installation-osp-dpdk-binding-vfio-pci.adoc
index edf73d787c51..f5d55badfc39 100644
--- a/modules/installation-osp-dpdk-binding-vfio-pci.adoc
+++ b/modules/installation-osp-dpdk-binding-vfio-pci.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-dpdk-binding-vfio-pci_{context}"]
 = Binding the vfio-pci kernel driver to NICs
 
@@ -59,9 +59,9 @@ spec:
                 echo "Nework ID not provided, nothing to do"
                 exit
             fi
-            
+
             source /etc/vhostuser-bind.conf
-            
+
             NW_DATA="/var/config/openstack/latest/network_data.json"
             if [ ! -f ${NW_DATA} ]; then
                 echo "Network data file not found, trying to download it from nova metadata"
@@ -90,7 +90,7 @@ spec:
                     done
                 fi
             }
-            
+
             function bindDriver() {
                 local mac=$1
                 for file in /sys/class/net/*; do
@@ -100,9 +100,9 @@ spec:
                         bus_str=$(ethtool -i $name | grep bus)
                         dev_t=${bus_str#*:}
                         dev=${dev_t#[[:space:]]}
-            
+
                         echo $dev
-            
+
                         devlink="/sys/bus/pci/devices/$dev"
                         syspath=$(realpath "$devlink")
                         if [ ! -f "$syspath/driver/unbind" ]; then
@@ -112,7 +112,7 @@ spec:
                         if ! echo "$dev">"$syspath/driver/unbind"; then
                             return 1
                         fi
-            
+
                         if [ ! -f "$syspath/driver_override" ]; then
                             echo "File $syspath/driver_override not found"
                             return 1
@@ -120,7 +120,7 @@ spec:
                         if ! echo "vfio-pci">"$syspath/driver_override"; then
                             return 1
                         fi
-            
+
                         if [ ! -f "/sys/bus/pci/drivers/vfio-pci/bind" ]; then
                             echo "File /sys/bus/pci/drivers/vfio-pci/bind not found"
                             return 1
@@ -133,7 +133,7 @@ spec:
                 done
                 return 1
             }
-            
+
             for nwid in "$@"; do
                 parseNetwork $nwid
             done
@@ -142,12 +142,12 @@ spec:
         path: /usr/local/bin/vhostuser
       - contents:
           inline: |
-            ARG="be22563c-041e-44a0-9cbd-aa391b439a39,ec200105-fb85-4181-a6af-35816da6baf7" <1> 
+            ARG="be22563c-041e-44a0-9cbd-aa391b439a39,ec200105-fb85-4181-a6af-35816da6baf7" <1>
         filesystem: root
         mode: 0644
         path: /etc/vhostuser-bind.conf
 ----
-<1> Replace this value with a comma-separated list of VFIO network UUIDs. 
+<1> Replace this value with a comma-separated list of VFIO network UUIDs.
 ====
 +
 On boot for machines that are part of this set, the MAC addresses of ports are translated into PCI bus IDs. The `vfio-pci` module is bound to any port that is assocated with a network that is identified by the {rh-openstack} network ID.
diff --git a/modules/installation-osp-dpdk-exposing-host-interface.adoc b/modules/installation-osp-dpdk-exposing-host-interface.adoc
index 5010e75cf410..4bd15a7a1dbb 100644
--- a/modules/installation-osp-dpdk-exposing-host-interface.adoc
+++ b/modules/installation-osp-dpdk-exposing-host-interface.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-dpdk-exposing-host-interface_{context}"]
 = Exposing the host-device interface to the pod
 
diff --git a/modules/installation-osp-emptying-worker-pools.adoc b/modules/installation-osp-emptying-worker-pools.adoc
index d1f38d77a2b3..8b2217b4a959 100644
--- a/modules/installation-osp-emptying-worker-pools.adoc
+++ b/modules/installation-osp-emptying-worker-pools.adoc
@@ -1,8 +1,7 @@
 // Module included in the following assemblies:
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-emptying-worker-pools_{context}"]
 = Emptying compute machine pools
 
diff --git a/modules/installation-osp-enabling-swift.adoc b/modules/installation-osp-enabling-swift.adoc
index de016f677928..f3e3143663fe 100644
--- a/modules/installation-osp-enabling-swift.adoc
+++ b/modules/installation-osp-enabling-swift.adoc
@@ -2,9 +2,8 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-enabling-swift_{context}"]
 = Enabling Swift on {rh-openstack}
 
diff --git a/modules/installation-osp-external-lb-config.adoc b/modules/installation-osp-external-lb-config.adoc
index 0ad440b3a7c2..6c55485fda5a 100644
--- a/modules/installation-osp-external-lb-config.adoc
+++ b/modules/installation-osp-external-lb-config.adoc
@@ -1,16 +1,13 @@
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="install-osp-external-lb-config_{context}"]
 = Installation configuration for a cluster on OpenStack with a user-managed load balancer
 
-:FeatureName: Deployment on OpenStack with User-Managed Load Balancers
-include::snippets/technology-preview.adoc[]
-
 The following example `install-config.yaml` file demonstrates how to configure a cluster that uses an external, user-managed load balancer rather than the default internal load balancer.
 
 [source,yaml]
 ----
 apiVersion: v1
-baseDomain: mydomain.test 
+baseDomain: mydomain.test
 compute:
 - name: worker
   platform:
@@ -41,8 +38,7 @@ platform:
     - 192.168.10.7
     loadBalancer:
       type: UserManaged <2>
-featureSet: TechPreviewNoUpgrade <3>
+
 ----
 <1> Regardless of which load balancer you use, the load balancer is deployed to this subnet.
-<2> The `UserManaged` value indicates that you are using an user-managed load balancer.
-<3> Because user-managed load balancers are in Technology Preview, you must include the `TechPreviewNoUpgrade` value to deploy a cluster that uses a user-managed load balancer.
\ No newline at end of file
+<2> The `UserManaged` value indicates that you are using an user-managed load balancer.
\ No newline at end of file
diff --git a/modules/installation-osp-failure-domains-config.adoc b/modules/installation-osp-failure-domains-config.adoc
deleted file mode 100644
index 94c1a52afc2e..000000000000
--- a/modules/installation-osp-failure-domains-config.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-*.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-failure-domains-config_{context}"]
-= Example installation configuration section that uses failure domains
-
-:FeatureName: {rh-openstack} failure domains
-include::snippets/technology-preview.adoc[]
-
-The following section of an `install-config.yaml` file demonstrates the use of failure domains in a cluster to deploy on {rh-openstack-first}:
-
-[source,yaml]
-----
-# ...
-controlPlane:
-  name: master
-  platform:
-    openstack:
-      type: m1.large
-      failureDomains:
-      - computeAvailabilityZone: 'nova-1'
-        storageAvailabilityZone: 'cinder-1'
-        portTargets:
-        - id: control-plane
-          network:
-            id: 8db6a48e-375b-4caa-b20b-5b9a7218bfe6
-      - computeAvailabilityZone: 'nova-2'
-        storageAvailabilityZone: 'cinder-2'
-        portTargets:
-        - id: control-plane
-          network:
-            id: 39a7b82a-a8a4-45a4-ba5a-288569a6edd1
-      - computeAvailabilityZone: 'nova-3'
-        storageAvailabilityZone: 'cinder-3'
-        portTargets:
-        - id: control-plane
-          network:
-            id: 8e4b4e0d-3865-4a9b-a769-559270271242
-featureSet: TechPreviewNoUpgrade
-# ...
-----
\ No newline at end of file
diff --git a/modules/installation-osp-fixing-subnet.adoc b/modules/installation-osp-fixing-subnet.adoc
index ab0935039a07..4138850d83e6 100644
--- a/modules/installation-osp-fixing-subnet.adoc
+++ b/modules/installation-osp-fixing-subnet.adoc
@@ -3,7 +3,7 @@
 //
 //YOU MUST SET AN IFEVAL FOR EACH NEW MODULE
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-fixing-subnet_{context}"]
 = Setting a custom subnet for machines
 
diff --git a/modules/installation-osp-kuryr-api-scaling.adoc b/modules/installation-osp-kuryr-api-scaling.adoc
deleted file mode 100644
index 3032874d7838..000000000000
--- a/modules/installation-osp-kuryr-api-scaling.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * networking/load-balancing-openstack.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-api-scaling_{context}"]
-= Scaling clusters that use Kuryr by using Octavia
-
-:FeatureName: Kuryr
-include::snippets/deprecated-feature.adoc[]
-
-If your cluster uses Kuryr, associate the API floating IP address of your cluster with the pre-existing Octavia load balancer.
-
-.Prerequisites
-
-* Your {product-title} cluster uses Kuryr.
-
-* Octavia is available on your {rh-openstack-first} deployment.
-
-.Procedure
-
-. Optional: From a command line, to reuse the cluster API floating IP address, unset it:
-+
-[source,terminal]
-----
-$ openstack floating ip unset $API_FIP
-----
-
-. Add either the unset `API_FIP` or a new address to the created load balancer VIP:
-+
-[source,terminal]
-----
-$ openstack floating ip set --port $(openstack loadbalancer show -c <vip_port_id> -f value ${OCP_CLUSTER}-kuryr-api-loadbalancer) $API_FIP
-----
-
-Your cluster now uses Octavia for load balancing.
-
-[NOTE]
-====
-If Kuryr uses the Octavia Amphora driver, all traffic is routed through a single Amphora virtual machine (VM).
-
-You can repeat this procedure to create additional load balancers, which can alleviate the bottleneck.
-====
\ No newline at end of file
diff --git a/modules/installation-osp-kuryr-config-yaml.adoc b/modules/installation-osp-kuryr-config-yaml.adoc
deleted file mode 100644
index b883e747fb28..000000000000
--- a/modules/installation-osp-kuryr-config-yaml.adoc
+++ /dev/null
@@ -1,63 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-[id="installation-osp-kuryr-config-yaml_{context}"]
-= Sample customized `install-config.yaml` file for {rh-openstack} with Kuryr
-
-To deploy with Kuryr SDN instead of the default OVN-Kubernetes network plugin, you must modify the `install-config.yaml` file to include `Kuryr` as the desired `networking.networkType`.
-This sample `install-config.yaml` demonstrates all of the possible
-{rh-openstack-first} customization options.
-
-[IMPORTANT]
-====
-This sample file is provided for reference only. You must obtain your
-`install-config.yaml` file by using the installation program.
-====
-
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: example.com
-controlPlane:
-  name: master
-  platform: {}
-  replicas: 3
-compute:
-- name: worker
-  platform:
-    openstack:
-      type: ml.large
-  replicas: 3
-metadata:
-  name: example
-networking:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  machineNetwork:
-  - cidr: 10.0.0.0/16
-  serviceNetwork:
-  - 172.30.0.0/16 <1>
-  networkType: Kuryr <2>
-platform:
-  openstack:
-    cloud: mycloud
-    externalNetwork: external
-    computeFlavor: m1.xlarge
-    apiFloatingIP: 128.0.0.1
-    trunkSupport: true <3>
-    octaviaSupport: true <3>
-pullSecret: '{"auths": ...}'
-sshKey: ssh-ed25519 AAAA...
-----
-<1> The Amphora Octavia driver creates two ports per load balancer. As a
-result, the service subnet that the installer creates is twice the size of the
-CIDR that is specified as the value of the `serviceNetwork` property. The larger range is
-required to prevent IP address conflicts.
-<2> The cluster network plugin to install. The supported values are `Kuryr`, `OVNKubernetes`, and `OpenShiftSDN`. The default value is `OVNKubernetes`.
-<3> Both `trunkSupport` and `octaviaSupport` are automatically discovered by the
-installer, so there is no need to set them. But if your environment does not
-meet both requirements, Kuryr SDN will not properly work. Trunks are needed
-to connect the pods to the {rh-openstack} network and Octavia is required to create the
-{product-title} services.
diff --git a/modules/installation-osp-kuryr-increase-quota.adoc b/modules/installation-osp-kuryr-increase-quota.adoc
deleted file mode 100644
index 4aeff7fbac7a..000000000000
--- a/modules/installation-osp-kuryr-increase-quota.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-increase-quota_{context}"]
-= Increasing quota
-
-When using Kuryr SDN, you must increase quotas to satisfy the {rh-openstack-first}
-resources used by pods, services, namespaces, and network policies.
-
-.Procedure
-
-* Increase the quotas for a project by running the following command:
-+
-[source,terminal]
-----
-$ sudo openstack quota set --secgroups 250 --secgroup-rules 1000 --ports 1500 --subnets 250 --networks 250 <project>
-----
diff --git a/modules/installation-osp-kuryr-ingress-scaling.adoc b/modules/installation-osp-kuryr-ingress-scaling.adoc
deleted file mode 100644
index 0888b7b40265..000000000000
--- a/modules/installation-osp-kuryr-ingress-scaling.adoc
+++ /dev/null
@@ -1,126 +0,0 @@
-// Module included in the following assemblies:
-//
-// * networking/load-balancing-openstack.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-octavia-scale_{context}"]
-= Scaling for ingress traffic by using {rh-openstack} Octavia
-
-:FeatureName: Kuryr
-include::snippets/deprecated-feature.adoc[]
-
-You can use Octavia load balancers to scale Ingress controllers on clusters that use Kuryr.
-
-.Prerequisites
-
-* Your {product-title} cluster uses Kuryr.
-
-* Octavia is available on your {rh-openstack} deployment.
-
-.Procedure
-
-. To copy the current internal router service, on a command line, enter:
-+
-[source,terminal]
-----
-$ oc -n openshift-ingress get svc router-internal-default -o yaml > external_router.yaml
-----
-
-. In the file `external_router.yaml`, change the values of `metadata.name` and `spec.type` to
-`LoadBalancer`.
-+
-[source,yaml]
-.Example router file
-----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    ingresscontroller.operator.openshift.io/owning-ingresscontroller: default
-  name: router-external-default <1>
-  namespace: openshift-ingress
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: http
-  - name: https
-    port: 443
-    protocol: TCP
-    targetPort: https
-  - name: metrics
-    port: 1936
-    protocol: TCP
-    targetPort: 1936
-  selector:
-    ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default
-  sessionAffinity: None
-  type: LoadBalancer <2>
-----
-<1> Ensure that this value is descriptive, like `router-external-default`.
-<2> Ensure that this value is `LoadBalancer`.
-
-[NOTE]
-====
-You can delete timestamps and other information that is irrelevant to load balancing.
-====
-
-. From a command line, create a service from the `external_router.yaml` file:
-+
-[source,terminal]
-----
-$ oc apply -f external_router.yaml
-----
-
-. Verify that the external IP address of the service is the same as the one that is associated with the load balancer:
-.. On a command line, retrieve the external IP address of the service:
-+
-[source,terminal]
-----
-$ oc -n openshift-ingress get svc
-----
-+
-[source,terminal]
-.Example output
-----
-NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                                     AGE
-router-external-default   LoadBalancer   172.30.235.33    10.46.22.161   80:30112/TCP,443:32359/TCP,1936:30317/TCP   3m38s
-router-internal-default   ClusterIP      172.30.115.123   <none>         80/TCP,443/TCP,1936/TCP                     22h
-----
-
-.. Retrieve the IP address of the load balancer:
-+
-[source,terminal]
-----
-$ openstack loadbalancer list | grep router-external
-----
-+
-.Example output
-[source,terminal]
-----
-| 21bf6afe-b498-4a16-a958-3229e83c002c | openshift-ingress/router-external-default | 66f3816acf1b431691b8d132cc9d793c | 172.30.235.33  | ACTIVE | octavia |
-----
-
-.. Verify that the addresses you retrieved in the previous steps are associated with each other in the floating IP list:
-+
-[source,terminal]
-----
-$ openstack floating ip list | grep 172.30.235.33
-----
-+
-.Example output
-[source,terminal]
-----
-| e2f80e97-8266-4b69-8636-e58bacf1879e | 10.46.22.161 | 172.30.235.33 | 655e7122-806a-4e0a-a104-220c6e17bda6 | a565e55a-99e7-4d15-b4df-f9d7ee8c9deb | 66f3816acf1b431691b8d132cc9d793c |
-----
-
-You can now use the value of `EXTERNAL-IP` as the new Ingress address.
-
-
-[NOTE]
-====
-If Kuryr uses the Octavia Amphora driver, all traffic is routed through a single Amphora virtual machine (VM).
-
-You can repeat this procedure to create additional load balancers, which can alleviate the bottleneck.
-====
diff --git a/modules/installation-osp-kuryr-known-limitations.adoc b/modules/installation-osp-kuryr-known-limitations.adoc
deleted file mode 100644
index 64bba5bc87b1..000000000000
--- a/modules/installation-osp-kuryr-known-limitations.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-[id="installation-osp-kuryr-known-limitations_{context}"]
-= Known limitations of installing with Kuryr
-
-Using {product-title} with Kuryr SDN has several known limitations.
-
-[discrete]
-[id="openstack-general-limitations_{context}"]
-== {rh-openstack} general limitations
-
-Using {product-title} with Kuryr SDN has several limitations that apply to all versions and environments:
-
-* `Service` objects with the `NodePort` type are not supported.
-
-* Clusters that use the OVN Octavia provider driver support `Service` objects for which the `.spec.selector` property is unspecified only if the `.subsets.addresses` property of the `Endpoints` object includes the subnet of the nodes or pods. 
-
-* If the subnet on which machines are created is not connected to a router, or if the subnet is connected, but the router has no external gateway set, Kuryr cannot create floating IPs for `Service` objects with type `LoadBalancer`.
-
-* Configuring the `sessionAffinity=ClientIP` property on `Service` objects does not have an effect. Kuryr does not support this setting.
-
-[discrete]
-[id="openstack-version-limitations_{context}"]
-== {rh-openstack} version limitations
-
-Using {product-title} with Kuryr SDN has several limitations that depend on the {rh-openstack} version.
-
-* {rh-openstack} versions before 16 use
-the default Octavia load balancer driver (Amphora). This driver requires that one
-Amphora load balancer VM is deployed per {product-title} service. Creating too many
-services can cause you to run out of resources.
-+
-Deployments of later versions of {rh-openstack} that have the OVN Octavia driver disabled also
-use the Amphora driver. They are subject to the same resource concerns as earlier versions of {rh-openstack}.
-
-* Kuryr SDN does not support automatic unidling by a service.
-
-[discrete]
-[id="openstack-upgrade-limitations_{context}"]
-== {rh-openstack} upgrade limitations
-
-As a result of the {rh-openstack} upgrade process, the Octavia API might be changed, and upgrades to the Amphora images that are used for load balancers might be required.
-
-You can address API changes on an individual basis.
-
-If the Amphora image is upgraded, the {rh-openstack} operator can handle existing load balancer VMs in two ways:
-
-* Upgrade each VM by triggering a link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/networking_guide/sec-octavia#update-running-amphora-instances[load balancer failover].
-
-* Leave responsibility for upgrading the VMs to users.
-
-If the operator takes the first option, there might be short downtimes during failovers.
-
-If the operator takes the second option, the existing load balancers will not support upgraded Octavia
-API features, like UDP listeners. In this case, users must recreate their Services to use these features.
diff --git a/modules/installation-osp-kuryr-neutron-configuration.adoc b/modules/installation-osp-kuryr-neutron-configuration.adoc
deleted file mode 100644
index 4341f276ffd7..000000000000
--- a/modules/installation-osp-kuryr-neutron-configuration.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-[id="installation-osp-kuryr-neutron-configuration_{context}"]
-= Configuring Neutron
-
-Kuryr CNI leverages the Neutron Trunks extension to plug containers into the
-{rh-openstack-first} SDN, so you must use the `trunks` extension for Kuryr to properly work.
-
-In addition, if you leverage the default ML2/OVS Neutron driver, the firewall
-must be set to `openvswitch` instead of `ovs_hybrid` so that security groups are
-enforced on trunk subports and Kuryr can properly handle network policies.
diff --git a/modules/installation-osp-kuryr-octavia-configuration.adoc b/modules/installation-osp-kuryr-octavia-configuration.adoc
deleted file mode 100644
index 9447b8834c2b..000000000000
--- a/modules/installation-osp-kuryr-octavia-configuration.adoc
+++ /dev/null
@@ -1,145 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-octavia-configuration_{context}"]
-= Configuring Octavia
-
-Kuryr SDN uses {rh-openstack-first}'s Octavia LBaaS to implement {product-title} services. Thus,
-you must install and configure Octavia components in {rh-openstack}
-to use Kuryr SDN.
-
-To enable Octavia, you must include the Octavia service during the installation
-of the {rh-openstack} Overcloud, or upgrade the Octavia service if the Overcloud
-already exists. The following steps for enabling Octavia apply to both a clean
-install of the Overcloud or an Overcloud update.
-
-[NOTE]
-====
-The following steps only capture the key pieces required during the
-https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/director_installation_and_usage/[deployment of {rh-openstack}]
-when dealing with Octavia. It is also important to note that
-https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/director_installation_and_usage/configuring-a-container-image-source#registry-methods[registry methods]
-vary.
-
-This example uses the local registry method.
-====
-
-.Procedure
-
-. If you are using the local registry, create a template to upload the images to
-the registry. For example:
-+
-[source,terminal]
-----
-(undercloud) $ openstack overcloud container image prepare \
--e /usr/share/openstack-tripleo-heat-templates/environments/services-docker/octavia.yaml \
---namespace=registry.access.redhat.com/rhosp13 \
---push-destination=<local-ip-from-undercloud.conf>:8787 \
---prefix=openstack- \
---tag-from-label {version}-{product-version} \
---output-env-file=/home/stack/templates/overcloud_images.yaml \
---output-images-file /home/stack/local_registry_images.yaml
-----
-
-. Verify that the `local_registry_images.yaml` file contains the Octavia images.
-For example:
-+
-[source,yaml]
-----
-...
-- imagename: registry.access.redhat.com/rhosp13/openstack-octavia-api:13.0-43
-  push_destination: <local-ip-from-undercloud.conf>:8787
-- imagename: registry.access.redhat.com/rhosp13/openstack-octavia-health-manager:13.0-45
-  push_destination: <local-ip-from-undercloud.conf>:8787
-- imagename: registry.access.redhat.com/rhosp13/openstack-octavia-housekeeping:13.0-45
-  push_destination: <local-ip-from-undercloud.conf>:8787
-- imagename: registry.access.redhat.com/rhosp13/openstack-octavia-worker:13.0-44
-  push_destination: <local-ip-from-undercloud.conf>:8787
-----
-+
-[NOTE]
-====
-The Octavia container versions vary depending upon the specific
-{rh-openstack} release installed.
-====
-
-. Pull the container images from `registry.redhat.io` to the Undercloud node:
-+
-[source,terminal]
-----
-(undercloud) $ sudo openstack overcloud container image upload \
-  --config-file  /home/stack/local_registry_images.yaml \
-  --verbose
-----
-+
-This may take some time depending on the speed of your network and Undercloud
-disk.
-
-. Install or update your Overcloud environment with Octavia:
-+
-[source,terminal]
-----
-$ openstack overcloud deploy --templates \
-  -e /usr/share/openstack-tripleo-heat-templates/environments/services-docker/octavia.yaml \
-  -e octavia_timeouts.yaml
-----
-+
-[NOTE]
-====
-This command only includes the files associated with Octavia; it varies based on
-your specific installation of {rh-openstack}. See the {rh-openstack}
-documentation for further information. For more information on customizing your
-Octavia installation, see
-https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html-single/networking_guide/#planning_your_octavia_deployment[installation
-of Octavia using Director].
-====
-+
-[NOTE]
-====
-When leveraging Kuryr SDN, the Overcloud installation requires the Neutron `trunk` extension. This is available by default on director deployments.
-Use the `openvswitch` firewall instead of the default `ovs-hybrid` when the Neutron
-backend is ML2/OVS. There is no need for modifications if the backend is
-ML2/OVN.
-====
-
-[id="installation-osp-kuryr-octavia-driver_{context}"]
-== The Octavia OVN Driver
-
-Octavia supports multiple provider drivers through the Octavia API.
-
-To see all available Octavia provider drivers, on a command line, enter:
-[source,terminal]
-----
-$ openstack loadbalancer provider list
-----
-
-.Example output
-[source,terminal]
-----
-+---------+-------------------------------------------------+
-| name    | description                                     |
-+---------+-------------------------------------------------+
-| amphora | The Octavia Amphora driver.                     |
-| octavia | Deprecated alias of the Octavia Amphora driver. |
-| ovn     | Octavia OVN driver.                             |
-+---------+-------------------------------------------------+
-----
-
-Beginning with {rh-openstack} version 16, the Octavia OVN provider driver (`ovn`) is supported on
-{product-title} on {rh-openstack} deployments.
-
-`ovn` is an integration driver for the load balancing
-that Octavia and OVN provide. It supports basic load balancing capabilities,
-and is based on OpenFlow rules. The driver is automatically enabled
-in Octavia by Director on deployments that use OVN Neutron ML2.
-
-The Amphora provider driver is the default driver. If `ovn` is enabled, however, Kuryr uses it.
-
-If Kuryr uses `ovn` instead of Amphora, it offers the following benefits:
-
-* Decreased resource requirements. Kuryr does not require a load balancer VM for each service.
-* Reduced network latency.
-* Increased service creation speed by using OpenFlow rules instead of a VM for each service.
-* Distributed load balancing actions across all nodes instead of centralized on Amphora VMs.
diff --git a/modules/installation-osp-kuryr-octavia-upgrade.adoc b/modules/installation-osp-kuryr-octavia-upgrade.adoc
deleted file mode 100644
index 87a8a3e218b6..000000000000
--- a/modules/installation-osp-kuryr-octavia-upgrade.adoc
+++ /dev/null
@@ -1,111 +0,0 @@
-// Module included in the following assemblies:
-//
-// * networking/load-balancing-openstack.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-octavia-configure_{context}"]
-= Using the Octavia OVN load balancer provider driver with Kuryr SDN
-
-:FeatureName: Kuryr
-include::snippets/deprecated-feature.adoc[]
-
-If your {product-title} cluster uses Kuryr and was installed on a {rh-openstack-first} 13 cloud
-that was later upgraded to {rh-openstack} 16, you can configure it to use the Octavia OVN provider driver.
-
-[IMPORTANT]
-====
-Kuryr replaces existing load balancers after you change provider drivers. This process
-results in some downtime.
-====
-
-.Prerequisites
-
-* Install the {rh-openstack} CLI, `openstack`.
-
-* Install the {product-title} CLI, `oc`.
-
-* Verify that the Octavia OVN driver on {rh-openstack} is enabled.
-+
-[TIP]
-====
-To view a list of available Octavia drivers, on a command line, enter `openstack loadbalancer provider list`.
-
-The `ovn` driver is displayed in the command's output.
-====
-
-.Procedure
-
-To change from the Octavia Amphora provider driver to Octavia OVN:
-
-. Open the `kuryr-config` ConfigMap. On a command line, enter:
-+
-[source,terminal]
-----
-$ oc -n openshift-kuryr edit cm kuryr-config
-----
-
-. In the ConfigMap, delete the line that contains `kuryr-octavia-provider: default`. For example:
-+
-[source,yaml]
-----
-...
-kind: ConfigMap
-metadata:
-  annotations:
-    networkoperator.openshift.io/kuryr-octavia-provider: default <1>
-...
-----
-<1> Delete this line. The cluster will regenerate it with `ovn` as the value.
-+
-Wait for the Cluster Network Operator to detect the modification and to redeploy the `kuryr-controller` and `kuryr-cni` pods. This process might take several minutes.
-
-. Verify that the `kuryr-config` ConfigMap annotation is present with `ovn` as its value. On a command line, enter:
-+
-[source,terminal]
-----
-$ oc -n openshift-kuryr edit cm kuryr-config
-----
-+
-The `ovn` provider value is displayed in the output:
-+
-[source,yaml]
-----
-...
-kind: ConfigMap
-metadata:
-  annotations:
-    networkoperator.openshift.io/kuryr-octavia-provider: ovn
-...
-----
-
-. Verify that {rh-openstack} recreated its load balancers.
-
-.. On a command line, enter:
-+
-[source,terminal]
-----
-$ openstack loadbalancer list | grep amphora
-----
-+
-A single Amphora load balancer is displayed. For example:
-+
-[source,terminal]
-----
-a4db683b-2b7b-4988-a582-c39daaad7981 | ostest-7mbj6-kuryr-api-loadbalancer  | 84c99c906edd475ba19478a9a6690efd | 172.30.0.1     | ACTIVE              | amphora
-----
-
-.. Search for `ovn` load balancers by entering:
-+
-[source,terminal]
-----
-$ openstack loadbalancer list | grep ovn
-----
-+
-The remaining load balancers of the `ovn` type are displayed. For example:
-+
-[source,terminal]
-----
-2dffe783-98ae-4048-98d0-32aa684664cc | openshift-apiserver-operator/metrics | 84c99c906edd475ba19478a9a6690efd | 172.30.167.119 | ACTIVE              | ovn
-0b1b2193-251f-4243-af39-2f99b29d18c5 | openshift-etcd/etcd                  | 84c99c906edd475ba19478a9a6690efd | 172.30.143.226 | ACTIVE              | ovn
-f05b07fc-01b7-4673-bd4d-adaa4391458e | openshift-dns-operator/metrics       | 84c99c906edd475ba19478a9a6690efd | 172.30.152.27  | ACTIVE              | ovn
-----
diff --git a/modules/installation-osp-kuryr-port-pools.adoc b/modules/installation-osp-kuryr-port-pools.adoc
deleted file mode 100644
index 3264dac0d7d4..000000000000
--- a/modules/installation-osp-kuryr-port-pools.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
-// * post_installation_configuration/network-configuration.adoc
-
-[id="installation-osp-kuryr-port-pools_{context}"]
-= Kuryr ports pools
-
-A Kuryr ports pool maintains a number of ports on standby for pod creation.
-
-Keeping ports on standby minimizes pod creation time. Without ports pools, Kuryr must explicitly request port creation or deletion whenever a pod is created or deleted.
-
-The Neutron ports that Kuryr uses are created in subnets that are tied to namespaces. These pod ports are also added as subports to the primary port of {product-title} cluster nodes.
-
-Because Kuryr keeps each namespace in a separate subnet, a separate ports pool is maintained for each namespace-worker pair.
-
-Prior to installing a cluster, you can set the following parameters in the `cluster-network-03-config.yml` manifest file to configure ports pool behavior:
-
-* The `enablePortPoolsPrepopulation` parameter controls pool prepopulation, which forces Kuryr to add Neutron ports to the pools when the first pod that is configured to use the dedicated network for pods is created in a namespace. The default value is `false`.
-* The `poolMinPorts` parameter is the minimum number of free ports that are kept in the pool. The default value is `1`.
-* The `poolMaxPorts` parameter is the maximum number of free ports that are kept in the pool. A value of `0` disables that upper bound. This is the default setting.
-+
-If your OpenStack port quota is low, or you have a limited number of IP addresses on the pod network, consider setting this option to ensure that unneeded ports are deleted.
-* The `poolBatchPorts` parameter defines the maximum number of Neutron ports that can be created at once. The default value is `3`.
diff --git a/modules/installation-osp-kuryr-settings-active.adoc b/modules/installation-osp-kuryr-settings-active.adoc
deleted file mode 100644
index 09afe176207e..000000000000
--- a/modules/installation-osp-kuryr-settings-active.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-// Module included in the following assemblies:
-//
-// * post_installation_configuration/network-configuration.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-settings-active_{context}"]
-= Adjusting Kuryr ports pool settings in active deployments on {rh-openstack}
-
-You can use a custom resource (CR) to configure how Kuryr manages {rh-openstack-first} Neutron ports to control the speed and efficiency of pod creation on a deployed cluster.
-
-.Procedure
-
-. From a command line, open the Cluster Network Operator (CNO) CR for editing:
-+
-[source,terminal]
-----
-$ oc edit networks.operator.openshift.io cluster
-----
-
-. Edit the settings to meet your requirements. The following file is provided as an example:
-+
-[source,yaml]
-----
-apiVersion: operator.openshift.io/v1
-kind: Network
-metadata:
-  name: cluster
-spec:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  serviceNetwork:
-  - 172.30.0.0/16
-  defaultNetwork:
-    type: Kuryr
-    kuryrConfig:
-      enablePortPoolsPrepopulation: false <1>
-      poolMinPorts: 1 <2>
-      poolBatchPorts: 3 <3>
-      poolMaxPorts: 5 <4>
-----
-<1> Set `enablePortPoolsPrepopulation` to `true` to make Kuryr create Neutron ports when the first pod that is configured to use the dedicated network for pods is created in a namespace. This setting raises the Neutron ports quota but can reduce the time that is required to spawn pods. The default value is `false`.
-<2> Kuryr creates new ports for a pool if the number of free ports in that pool is lower than the value of `poolMinPorts`. The default value is `1`.
-<3> `poolBatchPorts` controls the number of new ports that are created if the number of free ports is lower than the value of `poolMinPorts`. The default value is `3`.
-<4> If the number of free ports in a pool is higher than the value of `poolMaxPorts`, Kuryr deletes them until the number matches that value. Setting the value to `0` disables this upper bound, preventing pools from shrinking. The default value is `0`.
-
-. Save your changes and quit the text editor to commit your changes.
-
-[IMPORTANT]
-====
-Modifying these options on a running cluster forces the kuryr-controller and kuryr-cni pods to restart. As a result, the creation of new pods and services will be delayed.
-====
diff --git a/modules/installation-osp-kuryr-settings-installing.adoc b/modules/installation-osp-kuryr-settings-installing.adoc
deleted file mode 100644
index 8e4ec3bbfb54..000000000000
--- a/modules/installation-osp-kuryr-settings-installing.adoc
+++ /dev/null
@@ -1,98 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
-
-:_content-type: PROCEDURE
-[id="installation-osp-kuryr-settings-installing_{context}"]
-= Adjusting Kuryr ports pools during installation
-
-During installation, you can configure how Kuryr manages {rh-openstack-first} Neutron ports to control the speed and efficiency of pod creation.
-
-.Prerequisites
-
-* Create and modify the `install-config.yaml` file.
-
-.Procedure
-
-. From a command line, create the manifest files:
-+
-[source,terminal]
-----
-$ ./openshift-install create manifests --dir <installation_directory> <1>
-----
-<1> For `<installation_directory>`, specify the name of the directory that
-contains the `install-config.yaml` file for your cluster.
-
-. Create a file that is named `cluster-network-03-config.yml` in the
-`<installation_directory>/manifests/` directory:
-+
-[source,terminal]
-----
-$ touch <installation_directory>/manifests/cluster-network-03-config.yml <1>
-----
-<1> For `<installation_directory>`, specify the directory name that contains the
-`manifests/` directory for your cluster.
-+
-After creating the file, several network configuration files are in the
-`manifests/` directory, as shown:
-+
-[source,terminal]
-----
-$ ls <installation_directory>/manifests/cluster-network-*
-----
-+
-.Example output
-[source,terminal]
-----
-cluster-network-01-crd.yml
-cluster-network-02-config.yml
-cluster-network-03-config.yml
-----
-
-. Open the `cluster-network-03-config.yml` file in an editor,  and enter a custom resource (CR) that describes the Cluster Network Operator configuration that you want:
-+
-[source,terminal]
-----
-$ oc edit networks.operator.openshift.io cluster
-----
-
-. Edit the settings to meet your requirements. The following file is provided as an example:
-+
-[source,yaml]
-----
-apiVersion: operator.openshift.io/v1
-kind: Network
-metadata:
-  name: cluster
-spec:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  serviceNetwork:
-  - 172.30.0.0/16
-  defaultNetwork:
-    type: Kuryr
-    kuryrConfig:
-      enablePortPoolsPrepopulation: false <1>
-      poolMinPorts: 1 <2>
-      poolBatchPorts: 3 <3>
-      poolMaxPorts: 5 <4>
-      openstackServiceNetwork: 172.30.0.0/15 <5>
-----
-<1> Set `enablePortPoolsPrepopulation` to `true` to make Kuryr create new Neutron ports when the first pod on the network for pods is created in a namespace. This setting raises the Neutron ports quota but can reduce the time that is required to spawn pods. The default value is `false`.
-<2> Kuryr creates new ports for a pool if the number of free ports in that pool is lower than the value of `poolMinPorts`. The default value is `1`.
-<3> `poolBatchPorts` controls the number of new ports that are created if the number of free ports is lower than the value of `poolMinPorts`. The default value is `3`.
-<4> If the number of free ports in a pool is higher than the value of  `poolMaxPorts`, Kuryr deletes them until the number matches that value. Setting this value to `0` disables this upper bound, preventing pools from shrinking. The default value is `0`.
-<5> The `openStackServiceNetwork` parameter defines the CIDR range of the network from which IP addresses are allocated to {rh-openstack} Octavia's LoadBalancers.
-+
-If this parameter is used with the Amphora driver, Octavia takes two IP addresses from this network for each load balancer: one for OpenShift and the other for VRRP connections. Because these IP addresses are managed by {product-title} and Neutron respectively, they must come from different pools.
-Therefore, the value of `openStackServiceNetwork` must be at least twice the size of the value of `serviceNetwork`, and the value of `serviceNetwork` must overlap entirely with the range that is defined by `openStackServiceNetwork`.
-+
-The CNO verifies that VRRP IP addresses that are taken from the range that is defined by this parameter do not overlap with the range that is defined by the `serviceNetwork` parameter.
-+
-If this parameter is not set, the CNO uses an expanded value of `serviceNetwork` that is determined by decrementing the prefix size by 1.
-
-. Save the `cluster-network-03-config.yml` file, and exit the text editor.
-
-. Optional: Back up the `manifests/cluster-network-03-config.yml` file. The installation program deletes the `manifests/` directory while creating the cluster.
diff --git a/modules/installation-osp-modifying-networktype.adoc b/modules/installation-osp-modifying-networktype.adoc
index d879f93ba359..04b8b76829cd 100644
--- a/modules/installation-osp-modifying-networktype.adoc
+++ b/modules/installation-osp-modifying-networktype.adoc
@@ -1,13 +1,12 @@
 // Module included in the following assemblies:
-// * installing/installing_openstack/installing-openstack-installer-user-kuryr.adoc
 //
 //YOU MUST SET AN IFEVAL FOR EACH NEW MODULE
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-modifying-networktype_{context}"]
 = Modifying the network type
 
-By default, the installation program selects the `OpenShiftSDN` network type. To use Kuryr instead, change the value in the installation configuration file that the program generated.
+By default, the installation program selects the `OVN-Kubernetes` network type. To use OpenShift-SDN instead, change the value in the installation configuration file that the program generated.
 
 .Prerequisites
 
@@ -27,8 +26,8 @@ $ python -c '
 import yaml;
 path = "install-config.yaml";
 data = yaml.safe_load(open(path));
-data["networking"]["networkType"] = "Kuryr";
+data["networking"]["networkType"] = "OpenShiftSDN";
 open(path, "w").write(yaml.dump(data, default_flow_style=False))'
 ----
 
-** To set the value manually, open the file and set `networking.networkType` to `"Kuryr"`.
+** To set the value manually, open the file and set `networking.networkType` to `"OpenShiftSDN"`.
diff --git a/modules/installation-osp-provider-network-preparation.adoc b/modules/installation-osp-provider-network-preparation.adoc
index dbcfdde97f0c..83d2afdc837f 100644
--- a/modules/installation-osp-provider-network-preparation.adoc
+++ b/modules/installation-osp-provider-network-preparation.adoc
@@ -1,8 +1,6 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
 
 [id="installation-osp-provider-network-preparation_{context}"]
diff --git a/modules/installation-osp-provider-networks.adoc b/modules/installation-osp-provider-networks.adoc
index 6a269966f31e..a91ba1ec548e 100644
--- a/modules/installation-osp-provider-networks.adoc
+++ b/modules/installation-osp-provider-networks.adoc
@@ -1,8 +1,6 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
 
 [id="installation-osp-provider-networks_{context}"]
diff --git a/modules/installation-osp-setting-cloud-provider-options.adoc b/modules/installation-osp-setting-cloud-provider-options.adoc
index a6705de95db9..4ac8ba8a7fd7 100644
--- a/modules/installation-osp-setting-cloud-provider-options.adoc
+++ b/modules/installation-osp-setting-cloud-provider-options.adoc
@@ -2,10 +2,9 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-setting-cloud-provider-options_{context}"]
 = Setting OpenStack Cloud Controller Manager options
 
@@ -31,28 +30,26 @@ $ vi openshift/manifests/cloud-provider-config.yaml
 
 . Modify the options according to the CCM reference guide.
 +
-Configuring Octavia for load balancing is a common case for clusters that do not use Kuryr. For example:
+Configuring Octavia for load balancing is a common case. For example:
 +
 [source,text]
 ----
 #...
 [LoadBalancer]
-use-octavia=true <1>
-lb-provider = "amphora" <2>
-floating-network-id="d3deb660-4190-40a3-91f1-37326fe6ec4a" <3>
-create-monitor = True <4>
-monitor-delay = 10s <5>
-monitor-timeout = 10s <6>
-monitor-max-retries = 1 <7>
+lb-provider = "amphora" <1>
+floating-network-id="d3deb660-4190-40a3-91f1-37326fe6ec4a" <2>
+create-monitor = True <3>
+monitor-delay = 10s <4>
+monitor-timeout = 10s <5>
+monitor-max-retries = 1 <6>
 #...
 ----
-<1> This property enables Octavia integration.
-<2> This property sets the Octavia provider that your load balancer uses. It accepts `"ovn"` or `"amphora"` as values. If you choose to use OVN, you must also set `lb-method` to `SOURCE_IP_PORT`.
-<3> This property is required if you want to use multiple external networks with your cluster. The cloud provider creates floating IP addresses on the network that is specified here.
-<4> This property controls whether the cloud provider creates health monitors for Octavia load balancers. Set the value to `True` to create health monitors. As of {rh-openstack} 16.1 and 16.2, this feature is only available for the Amphora provider.
-<5> This property sets the frequency with which endpoints are monitored. The value must be in the `time.ParseDuration()` format. This property is required if the value of the `create-monitor` property is `True`.
-<6> This property sets the time that monitoring requests are open before timing out. The value must be in the `time.ParseDuration()` format. This property is required if the value of the `create-monitor` property is `True`.
-<7> This property defines how many successful monitoring requests are required before a load balancer is marked as online. The value must be an integer. This property is required if the value of the `create-monitor` property is `True`.
+<1> This property sets the Octavia provider that your load balancer uses. It accepts `"ovn"` or `"amphora"` as values. If you choose to use OVN, you must also set `lb-method` to `SOURCE_IP_PORT`.
+<2> This property is required if you want to use multiple external networks with your cluster. The cloud provider creates floating IP addresses on the network that is specified here.
+<3> This property controls whether the cloud provider creates health monitors for Octavia load balancers. Set the value to `True` to create health monitors. As of {rh-openstack} 16.2, this feature is only available for the Amphora provider.
+<4> This property sets the frequency with which endpoints are monitored. The value must be in the `time.ParseDuration()` format. This property is required if the value of the `create-monitor` property is `True`.
+<5> This property sets the time that monitoring requests are open before timing out. The value must be in the `time.ParseDuration()` format. This property is required if the value of the `create-monitor` property is `True`.
+<6> This property defines how many successful monitoring requests are required before a load balancer is marked as online. The value must be an integer. This property is required if the value of the `create-monitor` property is `True`.
 
 +
 [IMPORTANT]
@@ -62,13 +59,9 @@ Prior to saving your changes, verify that the file is structured correctly. Clus
 +
 [IMPORTANT]
 ====
-You must set the value of the `create-monitor` property to `True` if you use services that have the value of the `.spec.externalTrafficPolicy` property set to `Local`. The OVN Octavia provider in {rh-openstack} 16.1 and 16.2 does not support health monitors. Therefore, services that have `ETP` parameter values set to `Local` might not respond when the `lb-provider` value is set to `"ovn"`.
+You must set the value of the `create-monitor` property to `True` if you use services that have the value of the `.spec.externalTrafficPolicy` property set to `Local`. The OVN Octavia provider in {rh-openstack} 16.2 does not support health monitors. Therefore, services that have `ETP` parameter values set to `Local` might not respond when the `lb-provider` value is set to `"ovn"`.
 ====
 +
-[IMPORTANT]
-====
-For installations that use Kuryr, Kuryr handles relevant services. There is no need to configure Octavia load balancing in the cloud provider.
-====
 
 . Save the changes to the file and proceed with installation.
 +
@@ -82,4 +75,4 @@ $ oc edit configmap -n openshift-config cloud-provider-config
 ----
 
 After you save your changes, your cluster will take some time to reconfigure itself. The process is complete if none of your nodes have a `SchedulingDisabled` status.
-====
\ No newline at end of file
+====
diff --git a/modules/installation-osp-setting-worker-affinity.adoc b/modules/installation-osp-setting-worker-affinity.adoc
index ee1e906e718d..8f369b029868 100644
--- a/modules/installation-osp-setting-worker-affinity.adoc
+++ b/modules/installation-osp-setting-worker-affinity.adoc
@@ -2,13 +2,10 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-setting-worker-affinity_{context}"]
 = Setting compute machine affinity
 
diff --git a/modules/installation-osp-verifying-cluster-status.adoc b/modules/installation-osp-verifying-cluster-status.adoc
index dc3ca66c2a74..f148e0870514 100644
--- a/modules/installation-osp-verifying-cluster-status.adoc
+++ b/modules/installation-osp-verifying-cluster-status.adoc
@@ -2,18 +2,11 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
 
-ifeval::["{context}" == "installing-rhv-user-infra"]
-:rhv-user-infra:
-endif::[]
 
-:_content-type: PROCEDURE
+
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-verifying-cluster-status_{context}"]
 = Verifying cluster status
 
@@ -23,19 +16,11 @@ You can verify your {product-title} cluster's status during or after installatio
 
 . In the cluster environment, export the administrator's kubeconfig file:
 +
-ifdef::rhv-user-infra[]
-[source,terminal]
-----
-$ export KUBECONFIG=$ASSETS_DIR/auth/kubeconfig
-----
-endif::rhv-user-infra[]
-ifndef::rhv-user-infra[]
 [source,terminal]
 ----
 $ export KUBECONFIG=<installation_directory>/auth/kubeconfig <1>
 ----
 <1> For `<installation_directory>`, specify the path to the directory that you stored the installation files in.
-endif::rhv-user-infra[]
 +
 The `kubeconfig` file contains information about the cluster that is used by the CLI to connect a client to the correct cluster and API server.
 
@@ -66,7 +51,3 @@ $ oc get clusteroperator
 ----
 $ oc get pods -A
 ----
-
-ifeval::["{context}" == "installing-rhv-customizations"]
-:!rhv-user-infra:
-endif::[]
diff --git a/modules/installation-osp-verifying-external-network.adoc b/modules/installation-osp-verifying-external-network.adoc
index 3757237fde51..673a30db7a1f 100644
--- a/modules/installation-osp-verifying-external-network.adoc
+++ b/modules/installation-osp-verifying-external-network.adoc
@@ -2,16 +2,12 @@
 //
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
 //
 // DNS resolution KI
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :osp-custom:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:osp-kuryr:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user"]
 :osp-user:
 endif::[]
@@ -19,7 +15,7 @@ ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :osp-user:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-verifying-external-network_{context}"]
 = Verifying external network access
 
@@ -66,7 +62,7 @@ $ openstack network list --long -c ID -c Name -c "Router Type"
 
 A network with an external router type appears in the network list. If at least one does not, see link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/director_installation_and_usage/performing-overcloud-post-installation-tasks#creating-a-default-floating-ip-network[Creating a default floating IP network] and link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/director_installation_and_usage/performing-overcloud-post-installation-tasks#creating-a-default-provider-network[Creating a default provider network].
 
-ifdef::osp-custom,osp-kuryr[]
+ifdef::osp-custom[]
 [IMPORTANT]
 ====
 If the external network's CIDR range overlaps one of the default network ranges, you must change the matching network ranges in the `install-config.yaml` file before you start the installation process.
@@ -86,12 +82,12 @@ The default network ranges are:
 |10.128.0.0/14
 |====
 ====
-endif::osp-custom,osp-kuryr[]
+endif::osp-custom[]
 
-ifdef::osp-custom,osp-kuryr[]
+ifdef::osp-custom[]
 [WARNING]
 If the installation program finds multiple networks with the same name, it sets one of them at random. To avoid this behavior, create unique names for resources in {rh-openstack}.
-endif::osp-custom,osp-kuryr[]
+endif::osp-custom[]
 
 [NOTE]
 ====
@@ -101,9 +97,6 @@ If the Neutron trunk service plugin is enabled, a trunk port is created by defau
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!osp-custom:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!osp-kuryr:
-endif::[]
 ifeval::["{context}" == "installing-openstack-user"]
 :!osp-user:
 endif::[]
diff --git a/modules/installation-osp-verifying-installation.adoc b/modules/installation-osp-verifying-installation.adoc
index 78d3ad18f565..f5a45a4bee13 100644
--- a/modules/installation-osp-verifying-installation.adoc
+++ b/modules/installation-osp-verifying-installation.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-osp-verifying-installation_{context}"]
 = Verifying a successful installation
 
diff --git a/modules/installation-overview.adoc b/modules/installation-overview.adoc
index 4ad461198eee..66d49dce4905 100644
--- a/modules/installation-overview.adoc
+++ b/modules/installation-overview.adoc
@@ -3,31 +3,31 @@
 // * installing/index.adoc
 // * architecture/architecture-installation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-overview_{context}"]
 = About {product-title} installation
 
-The {product-title} installation program offers four methods for deploying a cluster: 
+The {product-title} installation program offers four methods for deploying a cluster which are detailed in the following list:
 
-* *Interactive*: You can deploy a cluster with the web-based link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[{ai-full}]. This is the recommended approach for clusters with networks connected to the internet. The {ai-full} is the easiest way to install {product-title}, it provides smart defaults, and it performs pre-flight validations before installing the cluster. It also provides a RESTful API for automation and advanced configuration scenarios.
+* *Interactive*: You can deploy a cluster with the web-based link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}]. This is an ideal approach for clusters with networks connected to the internet. The {ai-full} is the easiest way to install {product-title}, it provides smart defaults, and it performs pre-flight validations before installing the cluster. It also provides a RESTful API for automation and advanced configuration scenarios.
 
-* *Local Agent-based*: You can deploy a cluster locally with the agent-based installer for air-gapped or restricted networks. It provides many of the benefits of the {ai-full}, but you must download and configure the link:https://console.redhat.com/openshift/install/metal/agent-based[agent-based installer] first. Configuration is done with a commandline interface. This approach is ideal for air-gapped or restricted networks.
+* *Local Agent-based*: You can deploy a cluster locally with the Agent-based Installer for disconnected environments or restricted networks. It provides many of the benefits of the {ai-full}, but you must download and configure the link:https://console.redhat.com/openshift/install/metal/agent-based[Agent-based Installer] first. Configuration is done with a command-line interface. This approach is ideal for disconnected environments.
 
-* *Automated*: You can deploy a cluster on installer-provisioned infrastructure and the cluster it maintains. The installer uses each cluster host's baseboard management controller (BMC) for provisioning. You can deploy clusters with both connected or air-gapped or restricted networks.
+* *Automated*: You can deploy a cluster on installer-provisioned infrastructure. The installation program uses each cluster host's baseboard management controller (BMC) for provisioning. You can deploy clusters in connected or disconnected environments.
 
-* *Full control*: You can deploy a cluster on infrastructure that you prepare and maintain, which provides maximum customizability. You can deploy clusters with both connected or air-gapped or restricted networks.
+* *Full control*: You can deploy a cluster on infrastructure that you prepare and maintain, which provides maximum customizability. You can deploy clusters in connected or disconnected environments.
 
-The clusters have the following characteristics:
+Each method deploys a cluster with the following characteristics:
 
-* Highly available infrastructure with no single points of failure is available by default.
-* Administrators maintain control over what updates are applied and when.
+* Highly available infrastructure with no single points of failure, which is available by default.
+* Administrators can control what updates are applied and when.
 
 [id="about-the-installation-program"]
 == About the installation program
 
-You can use the installation program to deploy each type of cluster. The installation program generates main assets such as Ignition config files for the bootstrap, control plane (master), and worker machines. You can start an {product-title} cluster with these three configurations and correctly configured infrastructure.
+You can use the installation program to deploy each type of cluster. The installation program generates the main assets, such as Ignition config files for the bootstrap, control plane, and compute machines. You can start an {product-title} cluster with these three machine configurations, provided you correctly configured the infrastructure.
 
-The {product-title} installation program uses a set of targets and dependencies to manage cluster installations. The installation program has a set of targets that it must achieve, and each target has a set of dependencies. Because each target is only concerned with its own dependencies, the installation program can act to achieve multiple targets in parallel with the ultimate target being a running cluster. The installation program recognizes and uses existing components instead of running commands to create them again because the program meets dependencies.
+The {product-title} installation program uses a set of targets and dependencies to manage cluster installations. The installation program has a set of targets that it must achieve, and each target has a set of dependencies. Because each target is only concerned with its own dependencies, the installation program can act to achieve multiple targets in parallel with the ultimate target being a running cluster. The installation program recognizes and uses existing components instead of running commands to create them again because the program meets the dependencies.
 
 .{product-title} installation targets and dependencies
 image::targets-and-dependencies.png[{product-title} installation targets and dependencies]
@@ -36,8 +36,8 @@ image::targets-and-dependencies.png[{product-title} installation targets and dep
 [id="about-rhcos"]
 == About {op-system-first}
 
-Post-installation, each cluster machine uses {op-system-first} as the operating system. {op-system} is the immutable container host version of {op-system-base-full} and features a {op-system-base} kernel with SELinux enabled by default. It includes the `kubelet`, which is the Kubernetes node agent, and the CRI-O container runtime, which is optimized for Kubernetes.
+Post-installation, each cluster machine uses {op-system-first} as the operating system. {op-system} is the immutable container host version of {op-system-base-full} and features a {op-system-base} kernel with SELinux enabled by default. {op-system} includes the `kubelet`, which is the Kubernetes node agent, and the CRI-O container runtime, which is optimized for Kubernetes.
 
-Every control plane machine in an {product-title} {product-version} cluster must use {op-system}, which includes a critical first-boot provisioning tool called Ignition. This tool enables the cluster to configure the machines. Operating system updates are delivered as a bootable container image, using **OSTree** as a backend, that is deployed across the cluster by the Machine Config Operator. Actual operating system changes are made in-place on each machine as an atomic operation by using **rpm-ostree**. Together, these technologies enable {product-title} to manage the operating system like it manages any other application on the cluster, by in-place upgrades that keep the entire platform up-to-date. These in-place updates can reduce the burden on operations teams.
+Every control plane machine in an {product-title} {product-version} cluster must use {op-system}, which includes a critical first-boot provisioning tool called Ignition. This tool enables the cluster to configure the machines. Operating system updates are delivered as a bootable container image, using **OSTree** as a backend, that is deployed across the cluster by the Machine Config Operator. Actual operating system changes are made in-place on each machine as an atomic operation by using **rpm-ostree**. Together, these technologies enable {product-title} to manage the operating system like it manages any other application on the cluster, by in-place upgrades that keep the entire platform up to date. These in-place updates can reduce the burden on operations teams.
 
 If you use {op-system} as the operating system for all cluster machines, the cluster manages all aspects of its components and machines, including the operating system. Because of this, only the installation program and the Machine Config Operator can change machines. The installation program uses Ignition config files to set the exact state of each machine, and the Machine Config Operator completes more changes to the machines, such as the application of new certificates or keys, after installation.
diff --git a/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc b/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc
index 759162b1e787..05e27faadf94 100644
--- a/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc
+++ b/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-preparing-restricted-cluster-to-gather-support-data_{context}"]
 = Preparing your cluster to gather support data
 
diff --git a/modules/installation-process.adoc b/modules/installation-process.adoc
index a042ba7f90bb..ac031450d1e7 100644
--- a/modules/installation-process.adoc
+++ b/modules/installation-process.adoc
@@ -3,41 +3,42 @@
 // * installing/index.adoc
 // * architecture/architecture-installation.adoc
 
+:_mod-docs-content-type: CONCEPT
 [id="installation-process_{context}"]
 = Installation process
 
-Except for the {ai-full}, when you install an {product-title} cluster, you download the installation program from
+Except for the {ai-full}, when you install an {product-title} cluster, you must download the installation program from
 ifndef::openshift-origin[]
-the appropriate link:https://console.redhat.com/openshift/install[Infrastructure Provider] page on the {cluster-manager} site. This site manages:
+the appropriate link:https://console.redhat.com/openshift/create[*Cluster Type*] page on the {cluster-manager} {hybrid-console-second}. This console manages:
 
-* REST API for accounts
-* Registry tokens, which are the pull secrets that you use to obtain the required components
-* Cluster registration, which associates the cluster identity to your Red Hat account to facilitate the gathering of usage metrics
+* REST API for accounts.
+* Registry tokens, which are the pull secrets that you use to obtain the required components.
+* Cluster registration, which associates the cluster identity to your Red Hat account to facilitate the gathering of usage metrics.
 endif::[]
 ifdef::openshift-origin[]
 https://github.com/openshift/okd/releases.
 endif::[]
 
-In {product-title} {product-version}, the installation program is a Go binary file that performs a series of file transformations on a set of assets. The way you interact with the installation program differs depending on your installation type.
+In {product-title} {product-version}, the installation program is a Go binary file that performs a series of file transformations on a set of assets. The way you interact with the installation program differs depending on your installation type. Consider the following installation use cases:
 
-* To deploy a cluster with the {ai-full}, you configure the cluster settings using the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[{ai-full}]. There is no installer to download and configure. After you complete the configuration, you download a discovery ISO and boot cluster machines with that image. You can install clusters with the {ai-full} on Nutanix, vSphere, and bare metal with full integration, and other platforms without integration. If you install on bare metal, you must provide all of the cluster infrastructure and resources, including the networking, load balancing, storage, and individual cluster machines.
+*  To deploy a cluster with the {ai-full}, you must configure the cluster settings by using the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}]. There is no installation program to download and configure. After you finish setting the cluster configuration, you download a discovery ISO and then boot cluster machines with that image. You can install clusters with the {ai-full} on Nutanix, vSphere, and bare metal with full integration, and other platforms without integration. If you install on bare metal, you must provide all of the cluster infrastructure and resources, including the networking, load balancing, storage, and individual cluster machines.
 
-* To deploy clusters with the agent-based installer, you download the link:https://console.redhat.com/openshift/install/metal/agent-based[agent-based installer] first. Then, you configure the cluster and generate a discovery image. You boot cluster machines with the discovery image, which installs an agent that communicates with the installation program and handles the provisioning for you instead of you interacting with the installation program or setting up a provisioner machine yourself. You must provide all of the cluster infrastructure and resources, including the networking, load balancing, storage, and individual cluster machines. This approach is ideal for air-gapped or restricted network environments.
+* To deploy clusters with the Agent-based Installer, you can download the link:https://console.redhat.com/openshift/install/metal/agent-based[Agent-based Installer] first. You can then configure the cluster and generate a discovery image. You boot cluster machines with the discovery image, which installs an agent that communicates with the installation program and handles the provisioning for you instead of you interacting with the installation program or setting up a provisioner machine yourself. You must provide all of the cluster infrastructure and resources, including the networking, load balancing, storage, and individual cluster machines. This approach is ideal for disconnected environments.
 
 * For clusters with installer-provisioned infrastructure, you delegate the infrastructure bootstrapping and provisioning to the installation program instead of doing it yourself. The installation program creates all of the networking, machines, and operating systems that are required to support the cluster, except if you install on bare metal. If you install on bare metal, you must provide all of the cluster infrastructure and resources, including the bootstrap machine, networking, load balancing, storage, and individual cluster machines.
 
 * If you provision and manage the infrastructure for your cluster, you must provide all of the cluster infrastructure and resources, including the bootstrap machine, networking, load balancing, storage, and individual cluster machines.
 
-The installer uses three sets of files during installation: an installation configuration file that is named `install-config.yaml`, Kubernetes manifests, and Ignition config files for your machine types.
+For the installation program, the program uses three sets of files during installation: an installation configuration file that is named `install-config.yaml`, Kubernetes manifests, and Ignition config files for your machine types.
 
 [IMPORTANT]
 ====
-It is possible to modify Kubernetes and the Ignition config files that control the underlying {op-system} operating system during installation. However, no validation is available to confirm the suitability of any modifications that you make to these objects. If you modify these objects, you might render your cluster non-functional. Because of this risk, modifying Kubernetes and Ignition config files is not supported unless you are following documented procedures or are instructed to do so by Red Hat support.
+You can modify Kubernetes and the Ignition config files that control the underlying {op-system} operating system during installation. However, no validation is available to confirm the suitability of any modifications that you make to these objects. If you modify these objects, you might render your cluster non-functional. Because of this risk, modifying Kubernetes and Ignition config files is not supported unless you are following documented procedures or are instructed to do so by Red Hat support.
 ====
 
 The installation configuration file is transformed into Kubernetes manifests, and then the manifests are wrapped into Ignition config files. The installation program uses these Ignition config files to create the cluster.
 
-The installation configuration files are all pruned when you run the installation program, so be sure to back up all configuration files that you want to use again.
+The installation configuration files are all pruned when you run the installation program, so be sure to back up all the configuration files that you want to use again.
 
 [IMPORTANT]
 ====
@@ -47,18 +48,18 @@ You cannot modify the parameters that you set during installation, but you can m
 [discrete]
 == The installation process with the {ai-full}
 
-Installation with the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform/2022/html-single/assisted_installer_for_openshift_container_platform/index[{ai-full}] involves creating a cluster configuration interactively using the web-based user interface or using the RESTful API. The {ai-full} user interface prompts you for required values and provides reasonable default values for the remaining parameters, unless you change them in the user interface or with the API.  The {ai-full} generates a discovery image, which you download and use to boot the cluster machines. The image installs {op-system} and an agent, and the agent handles the provisioning for you. You can install {product-title} with the {ai-full} and full integration on Nutanix, vSphere, and bare metal, and on other platforms without integration.
+Installation with the link:https://access.redhat.com/documentation/en-us/assisted_installer_for_openshift_container_platform[{ai-full}] involves creating a cluster configuration interactively by using the web-based user interface or the RESTful API. The {ai-full} user interface prompts you for required values and provides reasonable default values for the remaining parameters, unless you change them in the user interface or with the API.  The {ai-full} generates a discovery image, which you download and use to boot the cluster machines. The image installs {op-system} and an agent, and the agent handles the provisioning for you. You can install {product-title} with the {ai-full} and full integration on Nutanix, vSphere, and bare metal. Additionally, you can install {product-title} with the {ai-full} on other platforms without integration.
 
 {product-title} manages all aspects of the cluster, including the operating system itself. Each machine boots with a configuration that references resources hosted in the cluster that it joins. This configuration allows the cluster to manage itself as updates are applied.
 
-If possible, use this feature to avoid having to download and configure the agent-based installer.
+If possible, use the {ai-full} feature to avoid having to download and configure the Agent-based Installer.
 
 [discrete]
-== The installation process with agent-based infrastructure
+== The installation process with Agent-based infrastructure
 
-Agent-based installation is similar to using the {ai-full}, except that you download and install the link:https://console.redhat.com/openshift/install/metal/agent-based[agent-based installer] first. Agent-based installation is recommended when you want all the convenience of the {ai-full}, but you need to install with an air-gapped or disconnected network.
+Agent-based installation is similar to using the {ai-full}, except that you must initially download and install the link:https://console.redhat.com/openshift/install/metal/agent-based[Agent-based Installer]. An Agent-based installation is useful when you want the convenience of the {ai-full}, but you need to install a cluster in a disconnected environment.
 
-If possible, use this feature to avoid having to create a provisioner machine with a bootstrap VM and provision and maintain the cluster infrastructure.
+If possible, use the Agent-based installation feature to avoid having to create a provisioner machine with a bootstrap VM, and then provision and maintain the cluster infrastructure.
 
 [discrete]
 == The installation process with installer-provisioned infrastructure
@@ -76,7 +77,7 @@ With installer-provisioned infrastructure clusters, {product-title} manages all
 
 You can also install {product-title} on infrastructure that you provide. You use the installation program to generate the assets that you require to provision the cluster infrastructure, create the cluster infrastructure, and then deploy the cluster to the infrastructure that you provided.
 
-If you do not use infrastructure that the installation program provisioned, you must manage and maintain the cluster resources yourself, including:
+If you do not use infrastructure that the installation program provisioned, you must manage and maintain the cluster resources yourself. The following list details some of these self-managed resources:
 
 * The underlying infrastructure for the control plane and compute machines that make up the cluster
 * Load balancers
@@ -88,7 +89,7 @@ If your cluster uses user-provisioned infrastructure, you have the option of add
 [discrete]
 == Installation process details
 
-Because each machine in the cluster requires information about the cluster when it is provisioned, {product-title} uses a temporary _bootstrap_ machine during initial configuration to provide the required information to the permanent control plane. It boots by using an Ignition config file that describes how to create the cluster. The bootstrap machine creates the control plane machines that make up the control plane. The control plane machines then create the compute machines, which are also known as worker machines. The following figure illustrates this process:
+When a cluster is provisioned, each machine in the cluster requires information about the cluster. {product-title} uses a temporary bootstrap machine during initial configuration to provide the required information to the permanent control plane. The temporary bootstrap machine boots by using an Ignition config file that describes how to create the cluster. The bootstrap machine creates the control plane machines that make up the control plane. The control plane machines then create the compute machines, which are also known as worker machines. The following figure illustrates this process:
 
 ifndef::openshift-origin[]
 .Creating the bootstrap, control plane, and compute machines
@@ -105,20 +106,20 @@ After the cluster machines initialize, the bootstrap machine is destroyed. All c
 ====
 * The Ignition config files that the installation program generates contain certificates that expire after 24 hours, which are then renewed at that time. If the cluster is shut down before renewing the certificates and the cluster is later restarted after the 24 hours have elapsed, the cluster automatically recovers the expired certificates. The exception is that you must manually approve the pending `node-bootstrapper` certificate signing requests (CSRs) to recover kubelet certificates. See the documentation for _Recovering from expired control plane certificates_ for more information.
 
-* It is recommended that you use Ignition config files within 12 hours after they are generated because the 24-hour certificate rotates from 16 to 22 hours after the cluster is installed. By using the Ignition config files within 12 hours, you can avoid installation failure if the certificate update runs during installation.
+* Consider using Ignition config files within 12 hours after they are generated, because the 24-hour certificate rotates from 16 to 22 hours after the cluster is installed. By using the Ignition config files within 12 hours, you can avoid installation failure if the certificate update runs during installation.
 ====
 
 Bootstrapping a cluster involves the following steps:
 
-. The bootstrap machine boots and starts hosting the remote resources required for the control plane machines to boot. (Requires manual intervention if you provision the infrastructure)
+. The bootstrap machine boots and starts hosting the remote resources required for the control plane machines to boot. If you provision the infrastructure, this step requires manual intervention.
 . The bootstrap machine starts a single-node etcd cluster and a temporary Kubernetes control plane.
-. The control plane machines fetch the remote resources from the bootstrap machine and finish booting. (Requires manual intervention if you provision the infrastructure)
+. The control plane machines fetch the remote resources from the bootstrap machine and finish booting. If you provision the infrastructure, this step requires manual intervention.
 . The temporary control plane schedules the production control plane to the production control plane machines.
 . The Cluster Version Operator (CVO) comes online and installs the etcd Operator. The etcd Operator scales up etcd on all control plane nodes.
 . The temporary control plane shuts down and passes control to the production control plane.
 . The bootstrap machine injects {product-title} components into the production control plane.
-. The installation program shuts down the bootstrap machine. (Requires manual intervention if you provision the infrastructure)
+. The installation program shuts down the bootstrap machine. If you provision the infrastructure, this step requires manual intervention.
 . The control plane sets up the compute nodes.
 . The control plane installs additional services in the form of a set of Operators.
 
-The result of this bootstrapping process is a running {product-title} cluster. The cluster then downloads and configures remaining components needed for the day-to-day operation, including the creation of compute machines in supported environments.
+The result of this bootstrapping process is a running {product-title} cluster. The cluster then downloads and configures remaining components needed for the day-to-day operations, including the creation of compute machines in supported environments.
diff --git a/modules/installation-registry-osp-creating-custom-pvc.adoc b/modules/installation-registry-osp-creating-custom-pvc.adoc
index ee79c983f4aa..c6cb0e394e48 100644
--- a/modules/installation-registry-osp-creating-custom-pvc.adoc
+++ b/modules/installation-registry-osp-creating-custom-pvc.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/configuring_registry_storage/configuring-registry-storage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-registry-osp-creating-custom-pvc_{context}"]
 = Configuring an image registry with custom storage on clusters that run on {rh-openstack}
 
@@ -65,7 +65,7 @@ spec:
 ----
 <1> Enter the namespace `openshift-image-registry`. This namespace allows the Cluster Image Registry Operator to consume the PVC.
 <2> Optional: Adjust the volume size.
-<3> Enter the name of the storage class that you created. 
+<3> Enter the name of the storage class that you created.
 
 . From a command line, apply the configuration:
 +
diff --git a/modules/installation-registry-storage-block-recreate-rollout-bare-metal.adoc b/modules/installation-registry-storage-block-recreate-rollout-bare-metal.adoc
index c007bf0eb6ad..21189d6cf235 100644
--- a/modules/installation-registry-storage-block-recreate-rollout-bare-metal.adoc
+++ b/modules/installation-registry-storage-block-recreate-rollout-bare-metal.adoc
@@ -6,31 +6,70 @@
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
 // * registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-registry-storage-block-recreate-rollout-bare-metal_{context}"]
-= Configuring block registry storage
+= Configuring block registry storage for bare metal
 
 To allow the image registry to use block storage types during upgrades as a cluster administrator, you can use the `Recreate` rollout strategy.
 
 [IMPORTANT]
 ====
-Block storage volumes, or block persistent volumes, are supported but not recommended for use with the image
-registry on production clusters. An installation where the registry is
-configured on block storage is not highly available because the registry cannot
-have more than one replica.
+Block storage volumes, or block persistent volumes, are supported but not recommended for use with the image registry on production clusters. An installation where the registry is configured on block storage is not highly available because the registry cannot have more than one replica.
 
-If you choose to use a block storage volume with the image registry, you must use a filesystem Persistent Volume Claim (PVC).
+If you choose to use a block storage volume with the image registry, you must use a filesystem persistent volume claim (PVC).
 ====
 
 .Procedure
 
-. To set the image registry storage as a block storage type, patch the registry so that it uses the `Recreate` rollout strategy and runs with only one (`1`) replica:
+. Enter the following command to set the image registry storage as a block storage type, patch the registry so that it uses the `Recreate` rollout strategy, and runs with only one (`1`) replica:
 +
 [source,terminal]
 ----
 $ oc patch config.imageregistry.operator.openshift.io/cluster --type=merge -p '{"spec":{"rolloutStrategy":"Recreate","replicas":1}}'
 ----
-+
+
 . Provision the PV for the block storage device, and create a PVC for that volume. The requested block volume uses the ReadWriteOnce (RWO) access mode.
+.. Create a `pvc.yaml` file with the following contents to define a VMware vSphere `PersistentVolumeClaim` object:
++
+[source,yaml]
+----
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: image-registry-storage <1>
+  namespace: openshift-image-registry <2>
+spec:
+  accessModes:
+  - ReadWriteOnce <3>
+  resources:
+    requests:
+      storage: 100Gi <4>
+----
+<1> A unique name that represents the `PersistentVolumeClaim` object.
+<2> The namespace for the `PersistentVolumeClaim` object, which is `openshift-image-registry`.
+<3> The access mode of the persistent volume claim. With `ReadWriteOnce`, the volume can be mounted with read and write permissions by a single node.
+<4> The size of the persistent volume claim.
+
+.. Enter the following command to create the `PersistentVolumeClaim` object from the file:
++
+[source,terminal]
+----
+$ oc create -f pvc.yaml -n openshift-image-registry
+----
+
++
+. Enter the following command to edit the registry configuration so that it references the correct PVC:
 +
-. Edit the registry configuration so that it references the correct PVC.
+[source,terminal]
+----
+$ oc edit config.imageregistry.operator.openshift.io -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+storage:
+  pvc:
+    claim: <1>
+----
+<1> By creating a custom PVC, you can leave the `claim` field blank for the default automatic creation of an `image-registry-storage` PVC.
\ No newline at end of file
diff --git a/modules/installation-registry-storage-block-recreate-rollout-nutanix.adoc b/modules/installation-registry-storage-block-recreate-rollout-nutanix.adoc
new file mode 100644
index 000000000000..cc82e056169d
--- /dev/null
+++ b/modules/installation-registry-storage-block-recreate-rollout-nutanix.adoc
@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_bare_metal/installing-bare-metal.adoc
+// * installing/installing_baremetal/installing-bare-metal-network-customizations.adoc
+// * installing/installing_baremetal/installing-restricted-networks-bare-metal.adoc
+// * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
+// * registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-registry-storage-block-recreate-rollout-nutanix_{context}"]
+= Configuring block registry storage for Nutanix volumes
+
+To allow the image registry to use block storage types such as Nutanix volumes during upgrades as a cluster administrator, you can use the `Recreate` rollout strategy.
+
+[IMPORTANT]
+====
+Block storage volumes, or block persistent volumes, are supported but not recommended for use with the image registry on production clusters. An installation where the registry is configured on block storage is not highly available because the registry cannot have more than one replica.
+
+If you choose to use a block storage volume with the image registry, you must use a filesystem persistent volume claim (PVC).
+====
+
+.Procedure
+
+. Enter the following command to set the image registry storage as a block storage type, patch the registry so that it uses the `Recreate` rollout strategy, and runs with only one (`1`) replica:
++
+[source,terminal]
+----
+$ oc patch config.imageregistry.operator.openshift.io/cluster --type=merge -p '{"spec":{"rolloutStrategy":"Recreate","replicas":1}}'
+----
+
+. Provision the PV for the block storage device, and create a PVC for that volume. The requested block volume uses the ReadWriteOnce (RWO) access mode.
+
+.. Create a `pvc.yaml` file with the following contents to define a Nutanix `PersistentVolumeClaim` object:
++
+[source,yaml]
+----
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: image-registry-storage <1>
+  namespace: openshift-image-registry <2>
+spec:
+  accessModes:
+  - ReadWriteOnce <3>
+  resources:
+    requests:
+      storage: 100Gi <4>
+----
+<1> A unique name that represents the `PersistentVolumeClaim` object.
+<2> The namespace for the `PersistentVolumeClaim` object, which is `openshift-image-registry`.
+<3> The access mode of the persistent volume claim. With `ReadWriteOnce`, the volume can be mounted with read and write permissions by a single node.
+<4> The size of the persistent volume claim.
+
+.. Enter the following command to create the `PersistentVolumeClaim` object from the file:
++
+[source,terminal]
+----
+$ oc create -f pvc.yaml -n openshift-image-registry
+----
+
+. Enter the following command to edit the registry configuration so that it references the correct PVC:
++
+[source,terminal]
+----
+$ oc edit config.imageregistry.operator.openshift.io -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+storage:
+  pvc:
+    claim: <1>
+----
+<1> By creating a custom PVC, you can leave the `claim` field blank for the default automatic creation of an `image-registry-storage` PVC.
\ No newline at end of file
diff --git a/modules/installation-registry-storage-block-recreate-rollout.adoc b/modules/installation-registry-storage-block-recreate-rollout.adoc
index 93c9581fe82b..5fd6de615cc4 100644
--- a/modules/installation-registry-storage-block-recreate-rollout.adoc
+++ b/modules/installation-registry-storage-block-recreate-rollout.adoc
@@ -8,7 +8,7 @@
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
 // * registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-registry-storage-block-recreate-rollout_{context}"]
 = Configuring block registry storage for VMware vSphere
 
@@ -24,7 +24,7 @@ have more than one replica.
 
 .Procedure
 
-. To set the image registry storage as a block storage type, patch the registry so that it uses the `Recreate` rollout strategy and runs with only `1` replica:
+. Enter the following command to set the image registry storage as a block storage type, patch the registry so that it uses the `Recreate` rollout strategy, and runs with only `1` replica:
 +
 [source,terminal]
 ----
@@ -53,7 +53,7 @@ spec:
 <3> The access mode of the persistent volume claim. With `ReadWriteOnce`, the volume can be mounted with read and write permissions by a single node.
 <4> The size of the persistent volume claim.
 
-.. Create the `PersistentVolumeClaim` object from the file:
+.. Enter the following command to create the `PersistentVolumeClaim` object from the file:
 +
 [source,terminal]
 ----
@@ -61,7 +61,7 @@ $ oc create -f pvc.yaml -n openshift-image-registry
 ----
 
 +
-. Edit the registry configuration so that it references the correct PVC:
+. Enter the following command to edit the registry configuration so that it references the correct PVC:
 +
 [source,terminal]
 ----
@@ -75,4 +75,4 @@ storage:
   pvc:
     claim: <1>
 ----
-<1> Creating a custom PVC allows you to leave the `claim` field blank for the default automatic creation of an `image-registry-storage` PVC.
+<1> By creating a custom PVC, you can leave the `claim` field blank for the default automatic creation of an `image-registry-storage` PVC.
diff --git a/modules/installation-registry-storage-config.adoc b/modules/installation-registry-storage-config.adoc
index 6f2b23df9e66..3d09efb2d11e 100644
--- a/modules/installation-registry-storage-config.adoc
+++ b/modules/installation-registry-storage-config.adoc
@@ -26,7 +26,7 @@ ifeval::["{context}" == "installing-restricted-networks-aws"]
 :aws:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-registry-storage-config_{context}"]
 = Image registry storage configuration
 
diff --git a/modules/installation-registry-storage-non-production.adoc b/modules/installation-registry-storage-non-production.adoc
index 983d096b9217..e528aee4fe77 100644
--- a/modules/installation-registry-storage-non-production.adoc
+++ b/modules/installation-registry-storage-non-production.adoc
@@ -9,7 +9,7 @@
 // * installing/installing_vsphere/installing-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-registry-storage-non-production_{context}"]
 = Configuring storage for the image registry in non-production clusters
 
diff --git a/modules/installation-requirements-user-infra-ibm-z-kvm.adoc b/modules/installation-requirements-user-infra-ibm-z-kvm.adoc
index 229b88f6aa71..0565f6cd1dd3 100644
--- a/modules/installation-requirements-user-infra-ibm-z-kvm.adoc
+++ b/modules/installation-requirements-user-infra-ibm-z-kvm.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-requirements-user-infra_{context}"]
 = Machine requirements for a cluster with user-provisioned infrastructure
 
@@ -50,9 +50,9 @@ See link:https://access.redhat.com/articles/rhel-limits[Red Hat Enterprise Linux
 The {product-title} installer creates the Ignition files, which are necessary for all the {op-system-first} virtual machines. The automated installation of {product-title} is performed by the bootstrap machine. It starts the installation of {product-title} on each node, starts the Kubernetes cluster, and then finishes. During this bootstrap, the virtual machine must have an established network connection either through a Dynamic Host Configuration Protocol (DHCP) server or static IP address.
 
 [id="ibm-z-network-connectivity_{context}"]
-== {ibmzProductName} network connectivity requirements
+== {ibm-z-title} network connectivity requirements
 
-To install on {ibmzProductName} under {op-system-base} KVM, you need:
+To install on {ibm-z-name} under {op-system-base} KVM, you need:
 
 *   A {op-system-base} KVM host configured with an OSA or RoCE network adapter.
 *   Either a {op-system-base} KVM host that is configured to use bridged networking in libvirt or MacVTap to connect the network to the guests.
@@ -63,13 +63,13 @@ See link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/
 == Host machine resource requirements
 The {op-system-base} KVM host in your environment must meet the following requirements to host the virtual machines that you plan for the {product-title} environment. See link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_virtualization/getting-started-with-virtualization-in-rhel-8_configuring-and-managing-virtualization[Getting started with virtualization].
 
-You can install {product-title} version {product-version} on the following IBM hardware:
+You can install {product-title} version {product-version} on the following {ibm-name} hardware:
 
-* IBM z16 (all models), IBM z15 (all models), IBM z14 (all models)
-* {linuxoneProductName} 4 (all models), {linuxoneProductName} III (all models), {linuxoneProductName} Emperor II, {linuxoneProductName} Rockhopper II
+* {ibm-name} z16 (all models), {ibm-name} z15 (all models), {ibm-name} z14 (all models)
+* {ibm-linuxone-name} 4 (all models), {ibm-linuxone-name} III (all models), {ibm-linuxone-name} Emperor II, {ibm-linuxone-name} Rockhopper II
 
 [id="minimum-ibm-z-system-requirements_{context}"]
-== Minimum {ibmzProductName} system environment
+== Minimum {ibm-z-title} system environment
 
 [discrete]
 === Hardware requirements
@@ -79,7 +79,7 @@ You can install {product-title} version {product-version} on the following IBM h
 
 [NOTE]
 ====
-You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of {ibmzProductName}. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every {product-title} cluster.
+You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of {ibm-z-name}. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every {product-title} cluster.
 ====
 
 [IMPORTANT]
@@ -140,7 +140,7 @@ Each cluster virtual machine must meet the following minimum requirements:
 --
 
 [id="preferred-ibm-z-system-requirements_{context}"]
-== Preferred {ibmzProductName} system environment
+== Preferred {ibm-z-title} system environment
 
 [discrete]
 === Hardware requirements
@@ -158,7 +158,7 @@ On your {op-system-base} KVM host, set up:
 * Three guest virtual machines for {product-title} control plane machines, distributed across the {op-system-base} KVM host machines.
 * At least six guest virtual machines for {product-title} compute machines, distributed across the {op-system-base} KVM host machines.
 * One guest virtual machine for the temporary {product-title} bootstrap machine.
-* To ensure the availability of integral components in an overcommitted environment, increase the priority of the control plane by using `cpu_shares`. Do the same for infrastructure nodes, if they exist. See link:https://www.ibm.com/docs/en/linux-on-systems?topic=domain-schedinfo[schedinfo] in IBM Documentation.
+* To ensure the availability of integral components in an overcommitted environment, increase the priority of the control plane by using `cpu_shares`. Do the same for infrastructure nodes, if they exist. See link:https://www.ibm.com/docs/en/linux-on-systems?topic=domain-schedinfo[schedinfo] in {ibm-name} Documentation.
 
 [id="preferred-resource-requirements_{context}"]
 == Preferred resource requirements
diff --git a/modules/installation-restricted-network-samples.adoc b/modules/installation-restricted-network-samples.adoc
index bde1f1f54228..b4dece70fbbb 100644
--- a/modules/installation-restricted-network-samples.adoc
+++ b/modules/installation-restricted-network-samples.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "samples-operator-alt-registry"]
 :samplesoperatoraltreg:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-restricted-network-samples_{context}"]
 = Using Cluster Samples Operator image streams with alternate or mirrored registries
 
@@ -35,7 +35,12 @@ The Cluster Samples Operator must be set to `Managed` in a disconnected environm
 ====
 
 .Prerequisites
+ifndef::openshift-rosa,openshift-dedicated[]
 * Access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Create a pull secret for your mirror registry.
 
 .Procedure
diff --git a/modules/installation-rhv-about-inventory-yml.adoc b/modules/installation-rhv-about-inventory-yml.adoc
deleted file mode 100644
index afb61642bcda..000000000000
--- a/modules/installation-rhv-about-inventory-yml.adoc
+++ /dev/null
@@ -1,187 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-[id="installation-rhv-about-inventory-yml_{context}"]
-= The inventory.yml file
-
-You use the `inventory.yml` file to define and create elements of the {product-title} cluster you are installing. This includes elements such as the {op-system-first} image, virtual machine templates, bootstrap machine, control plane nodes, and worker nodes. You also use `inventory.yml` to destroy the cluster.
-
-The following `inventory.yml` example shows you the parameters and their default values. The quantities and numbers in these default values meet the requirements for running a production {product-title} cluster in a {rh-virtualization} environment.
-
-.Example `inventory.yml` file
-[source,yaml]
-----
----
-all:
-  vars:
-
-    ovirt_cluster: "Default"
-    ocp:
-      assets_dir: "{{ lookup('env', 'ASSETS_DIR') }}"
-      ovirt_config_path: "{{ lookup('env', 'HOME') }}/.ovirt/ovirt-config.yaml"
-
-    # ---
-    # {op-system} section
-    # ---
-    rhcos:
-      image_url: "https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.13/latest/rhcos-openstack.x86_64.qcow2.gz"
-      local_cmp_image_path: "/tmp/rhcos.qcow2.gz"
-      local_image_path: "/tmp/rhcos.qcow2"
-
-    # ---
-    # Profiles section
-    # ---
-    control_plane:
-      cluster: "{{ ovirt_cluster }}"
-      memory: 16GiB
-      sockets: 4
-      cores: 1
-      template: rhcos_tpl
-      operating_system: "rhcos_x64"
-      type: high_performance
-      graphical_console:
-        headless_mode: false
-        protocol:
-        - spice
-        - vnc
-      disks:
-      - size: 120GiB
-        name: os
-        interface: virtio_scsi
-        storage_domain: depot_nvme
-      nics:
-      - name: nic1
-        network: lab
-        profile: lab
-
-    compute:
-      cluster: "{{ ovirt_cluster }}"
-      memory: 16GiB
-      sockets: 4
-      cores: 1
-      template: worker_rhcos_tpl
-      operating_system: "rhcos_x64"
-      type: high_performance
-      graphical_console:
-        headless_mode: false
-        protocol:
-        - spice
-        - vnc
-      disks:
-      - size: 120GiB
-        name: os
-        interface: virtio_scsi
-        storage_domain: depot_nvme
-      nics:
-      - name: nic1
-        network: lab
-        profile: lab
-
-    # ---
-    # Virtual machines section
-    # ---
-    vms:
-    - name: "{{ metadata.infraID }}-bootstrap"
-      ocp_type: bootstrap
-      profile: "{{ control_plane }}"
-      type: server
-    - name: "{{ metadata.infraID }}-master0"
-      ocp_type: master
-      profile: "{{ control_plane }}"
-    - name: "{{ metadata.infraID }}-master1"
-      ocp_type: master
-      profile: "{{ control_plane }}"
-    - name: "{{ metadata.infraID }}-master2"
-      ocp_type: master
-      profile: "{{ control_plane }}"
-    - name: "{{ metadata.infraID }}-worker0"
-      ocp_type: worker
-      profile: "{{ compute }}"
-    - name: "{{ metadata.infraID }}-worker1"
-      ocp_type: worker
-      profile: "{{ compute }}"
-    - name: "{{ metadata.infraID }}-worker2"
-      ocp_type: worker
-      profile: "{{ compute }}"
-----
-
-[IMPORTANT]
-====
-Enter values for parameters whose descriptions begin with "Enter." Otherwise, you can use the default value or replace it with a new value.
-====
-
-.General section
-
-* `ovirt_cluster`: Enter the name of an existing {rh-virtualization} cluster in which to install the {product-title} cluster.
-* `ocp.assets_dir`: The path of a directory the `openshift-install` installation program creates to store the files that it generates.
-* `ocp.ovirt_config_path`: The path of the `ovirt-config.yaml` file the installation program generates, for example, `./wrk/install-config.yaml`. This file contains the credentials required to interact with the REST API of the {rh-virtualization-engine-name}.
-
-.{op-system-first} section
-
-* `image_url`: Enter the URL of the {op-system} image you specified for download.
-* `local_cmp_image_path`: The path of a local download directory for the compressed {op-system} image.
-* `local_image_path`: The path of a local directory for the extracted {op-system} image.
-
-.Profiles section
-
-This section consists of two profiles:
-
-* `control_plane`: The profile of the bootstrap and control plane nodes.
-* `compute`: The profile of workers nodes in the compute plane.
-
-These profiles have the following parameters. The default values of the parameters meet the minimum requirements for running a production cluster. You can increase or customize these values to meet your workload requirements.
-
-* `cluster`: The value gets the cluster name from `ovirt_cluster` in the General Section.
-* `memory`: The amount of memory, in GB, for the virtual machine.
-* `sockets`: The number of sockets for the virtual machine.
-* `cores`: The number of cores for the virtual machine.
-* `template`: The name of the virtual machine template. If plan to install multiple clusters, and these clusters use templates that contain different specifications, prepend the template name with the ID of the cluster.
-* `operating_system`: The type of guest operating system in the virtual machine. With oVirt/{rh-virtualization} version 4.4, this value must be `rhcos_x64` so the value of `Ignition script` can be passed to the VM.
-* `type`: Enter `server` as the type of the virtual machine.
-+
-[IMPORTANT]
-====
-You must change the value of the `type` parameter from `high_performance` to `server`.
-====
-* `disks`: The disk specifications. The `control_plane` and `compute` nodes can have different storage domains.
-* `size`: The minimum disk size.
-* `name`: Enter the name of a disk connected to the target cluster in {rh-virtualization}.
-* `interface`: Enter the interface type of the disk you specified.
-* `storage_domain`: Enter the storage domain of the disk you specified.
-* `nics`: Enter the `name` and `network` the virtual machines use. You can also specify the virtual network interface profile. By default, NICs obtain their MAC addresses from the oVirt/{rh-virtualization} MAC pool.
-
-.Virtual machines section
-
-This final section, `vms`, defines the virtual machines you plan to create and deploy in the cluster. By default, it provides the minimum number of control plane and worker nodes for a production environment.
-
-`vms`  contains three required elements:
-
-* `name`: The name of the virtual machine. In this case, `metadata.infraID` prepends the virtual machine name with the infrastructure ID from the `metadata.yml` file.
-* `ocp_type`: The role of the virtual machine in the {product-title} cluster. Possible values are `bootstrap`, `master`, `worker`.
-* `profile`: The name of the profile from which each virtual machine inherits specifications. Possible values in this example are `control_plane` or `compute`.
-+
-You can override the value a virtual machine inherits from its profile. To do this, you add the name of the profile attribute to the virtual machine in `inventory.yml` and assign it an overriding value. To see an example of this, examine the `name: "{{ metadata.infraID }}-bootstrap"` virtual machine in the preceding `inventory.yml` example: It has a `type` attribute whose value, `server`, overrides the value of the `type` attribute this virtual machine would otherwise inherit from the `control_plane` profile.
-
-// TBD https://issues.redhat.com/browse/OCPRHV-414
-// Consider documenting *additional* optional attributes in https://github.com/oVirt/ovirt-ansible-vm-infra that aren't already covered here. Hypothetically, it seems like a user could add these attributes to a profile and then want to override them in the inventory.yml.
-
-// TBD - Consider adding a topic on how related to: Configure DHCP to assign permanent IP addresses to the virtual machines, consider using the `mac_address` attribute to assign a fixed MAC address to each virtual machine. However, avoid using the same MAC address if you are deploying more than one cluster. We should consider creating a new topic to document this/these scenario(s).
-
-.Metadata variables
-
-For virtual machines, `metadata.infraID` prepends the name of the virtual machine with the infrastructure ID from the `metadata.json` file you create when you build the Ignition files.
-
-The playbooks use the following code to read `infraID` from the specific file located in the `ocp.assets_dir`.
-
-[source,yaml]
-----
----
-- name: include metadata.json vars
-  include_vars:
-    file: "{{ ocp.assets_dir }}/metadata.json"
-    name: metadata
-
-  ...
-----
diff --git a/modules/installation-rhv-building-ignition-files.adoc b/modules/installation-rhv-building-ignition-files.adoc
deleted file mode 100644
index c8621709f68b..000000000000
--- a/modules/installation-rhv-building-ignition-files.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-building-ignition-files_{context}"]
-= Building the Ignition files
-
-To build the Ignition files from the manifest files you just generated and modified, you run the installation program. This action creates a {op-system-first} machine, `initramfs`, which fetches the Ignition files and performs the configurations needed to create a node.
-
-In addition to the Ignition files, the installation program generates the following:
-
-* An `auth` directory that contains the admin credentials for connecting to the cluster with the `oc` and `kubectl` utilities.
-* A `metadata.json` file that contains information such as the {product-title} cluster name, cluster ID, and infrastructure ID for the current installation.
-
-The Ansible playbooks for this installation process use the value of `infraID` as a prefix for the virtual machines they create. This prevents naming conflicts when there are multiple installations in the same oVirt/{rh-virtualization} cluster.
-
-[NOTE]
-====
-Certificates in Ignition configuration files expire after 24 hours. Complete the cluster installation and keep the cluster running in a non-degraded state for 24 hours so that the first certificate rotation can finish.
-====
-
-.Procedure
-
-. To build the Ignition files, enter:
-+
-[source,terminal]
-----
-$ openshift-install create ignition-configs --dir $ASSETS_DIR
-----
-+
-.Example output
-[source,terminal]
-----
-$ tree
-.
-└── wrk
-    ├── auth
-    │   ├── kubeadmin-password
-    │   └── kubeconfig
-    ├── bootstrap.ign
-    ├── master.ign
-    ├── metadata.json
-    └── worker.ign
-----
diff --git a/modules/installation-rhv-creating-bootstrap-machine.adoc b/modules/installation-rhv-creating-bootstrap-machine.adoc
deleted file mode 100644
index 072b53762542..000000000000
--- a/modules/installation-rhv-creating-bootstrap-machine.adoc
+++ /dev/null
@@ -1,40 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-creating-bootstrap-machine_{context}"]
-= Creating the bootstrap machine
-
-You create a bootstrap machine by running the `bootstrap.yml` playbook. This playbook starts the bootstrap virtual machine, and passes it the `bootstrap.ign` Ignition file from the assets directory. The bootstrap node configures itself so it can serve Ignition files to the control plane nodes.
-
-To monitor the bootstrap process, you use the console in the {rh-virtualization} Administration Portal or connect to the virtual machine by using SSH.
-
-.Procedure
-
-. Create the bootstrap machine:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml bootstrap.yml
-----
-
-. Connect to the bootstrap machine using a console in the Administration Portal or SSH. Replace `<bootstrap_ip>` with the bootstrap node IP address. To use SSH, enter:
-+
-[source,terminal]
-----
-$ ssh core@<boostrap.ip>
-----
-
-. Collect `bootkube.service` journald unit logs for the release image service from the bootstrap node:
-+
-[source,terminal]
-----
-[core@ocp4-lk6b4-bootstrap ~]$ journalctl -b -f -u release-image.service -u bootkube.service
-----
-+
-[NOTE]
-====
-The `bootkube.service` log on the bootstrap node outputs etcd `connection refused` errors, indicating that the bootstrap server is unable to connect to etcd on control plane nodes. After etcd has started on each control plane node and the nodes have joined the cluster, the errors should stop.
-====
diff --git a/modules/installation-rhv-creating-control-plane-nodes.adoc b/modules/installation-rhv-creating-control-plane-nodes.adoc
deleted file mode 100644
index 11494a4ea7de..000000000000
--- a/modules/installation-rhv-creating-control-plane-nodes.adoc
+++ /dev/null
@@ -1,41 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-creating-control-plane-nodes_{context}"]
-= Creating the control plane nodes
-
-You create the control plane nodes by running the `masters.yml` playbook. This playbook passes the `master.ign` Ignition file to each of the virtual machines. The Ignition file contains a directive for the control plane node to get the Ignition from a URL such as `https://api-int.ocp4.example.org:22623/config/master`. The port number in this URL is managed by the load balancer, and is accessible only inside the cluster.
-
-.Procedure
-
-. Create the control plane nodes:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml masters.yml
-----
-
-. While the playbook creates your control plane, monitor the bootstrapping process:
-+
-[source,terminal]
-----
-$ openshift-install wait-for bootstrap-complete --dir $ASSETS_DIR
-----
-+
-.Example output
-[source,terminal]
-----
-INFO API v1.26.0 up
-INFO Waiting up to 40m0s for bootstrapping to complete...
-----
-
-. When all the pods on the control plane nodes and etcd are up and running, the installation program displays the following output.
-+
-.Example output
-[source,terminal]
-----
-INFO It is now safe to remove the bootstrap resources
-----
diff --git a/modules/installation-rhv-creating-install-config-file.adoc b/modules/installation-rhv-creating-install-config-file.adoc
deleted file mode 100644
index d4c9d3aa6948..000000000000
--- a/modules/installation-rhv-creating-install-config-file.adoc
+++ /dev/null
@@ -1,76 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-creating-install-config-file_{context}"]
-= Creating the install config file
-
-You create an installation configuration file by running the installation program, `openshift-install`, and responding to its prompts with information you specified or gathered earlier.
-
-When you finish responding to the prompts, the installation program creates an initial version of the `install-config.yaml` file in the assets directory you specified earlier, for example, `./wrk/install-config.yaml`
-
-The installation program also creates a file, `$HOME/.ovirt/ovirt-config.yaml`, that contains all the connection parameters that are required to reach the {rh-virtualization-engine-name} and use its REST API.
-
-**NOTE:**
-The installation process does not use values you supply for some parameters, such as `Internal API virtual IP` and `Ingress virtual IP`, because you have already configured them in your infrastructure DNS.
-
-It also uses the values you supply for parameters in `inventory.yml`, like the ones for `oVirt cluster`, `oVirt storage`, and `oVirt network`. And uses a script to remove or replace these same values from `install-config.yaml` with the previously mentioned `virtual IPs`.
-//For details, see xref:set-platform-to-none[].
-
-.Procedure
-
-. Run the installation program:
-+
-[source,terminal]
-----
-$ openshift-install create install-config --dir $ASSETS_DIR
-----
-
-. Respond to the installation program's prompts with information about your system.
-+
-ifndef::openshift-origin[]
-.Example output
-[source,terminal]
-----
-? SSH Public Key /home/user/.ssh/id_dsa.pub
-? Platform <ovirt>
-? Engine FQDN[:PORT] [? for help] <engine.fqdn>
-? Enter ovirt-engine username <ocpadmin@internal>
-? Enter password <******>
-? oVirt cluster <cluster>
-? oVirt storage <storage>
-? oVirt network <net>
-? Internal API virtual IP <172.16.0.252>
-? Ingress virtual IP <172.16.0.251>
-? Base Domain <example.org>
-? Cluster Name <ocp4>
-? Pull Secret [? for help] <********>
-----
-endif::openshift-origin[]
-ifndef::openshift-origin[]
-.Example output
-[source,terminal]
-----
-? SSH Public Key /home/user/.ssh/id_dsa.pub
-? Platform <ovirt>
-? Engine FQDN[:PORT] [? for help] <engine.fqdn>
-? Enter ovirt-engine username <ocpadmin@internal>
-? Enter password <******>
-? oVirt cluster <cluster>
-? oVirt storage <storage>
-? oVirt network <net>
-? Internal API virtual IP <172.16.0.252>
-? Ingress virtual IP <172.16.0.251>
-? Base Domain <example.org>
-? Cluster Name <ocp4>
-? Pull Secret [? for help] <********>
-----
-endif::openshift-origin[]
-
-For `Internal API virtual IP` and `Ingress virtual IP`, supply the IP addresses you specified when you configured the DNS service.
-
-Together, the values you enter for the `oVirt cluster` and `Base Domain` prompts form the FQDN portion of URLs for the REST API and any applications you create, such as `\https://api.ocp4.example.org:6443/` and `\https://console-openshift-console.apps.ocp4.example.org`.
-
-You can get the {cluster-manager-url-pull}.
diff --git a/modules/installation-rhv-creating-templates-virtual-machines.adoc b/modules/installation-rhv-creating-templates-virtual-machines.adoc
deleted file mode 100644
index dac4128acf3a..000000000000
--- a/modules/installation-rhv-creating-templates-virtual-machines.adoc
+++ /dev/null
@@ -1,44 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-creating-templates-virtual-machines_{context}"]
-= Creating templates and virtual machines
-
-After confirming the variables in the `inventory.yml`, you run the first Ansible provisioning playbook, `create-templates-and-vms.yml`.
-
-This playbook uses the connection parameters for the {rh-virtualization} {rh-virtualization-engine-name} from `$HOME/.ovirt/ovirt-config.yaml` and reads `metadata.json` in the assets directory.
-
-If a local {op-system-first} image is not already present, the playbook downloads one from the URL you specified for `image_url` in `inventory.yml`. It extracts the image and uploads it to {rh-virtualization} to create templates.
-
-The playbook creates a template based on the `control_plane` and `compute` profiles in the `inventory.yml` file. If these profiles have different names, it creates two templates.
-
-When the playbook finishes, the virtual machines it creates are stopped. You can get information from them to help configure other infrastructure elements. For example, you can get the virtual machines' MAC addresses to configure DHCP to assign permanent IP addresses to the virtual machines.
-
-.Procedure
-
-
-. In `inventory.yml`, under the `control_plane` and `compute` variables, change both instances of `type: high_performance` to `type: server`.
-
-. Optional: If you plan to perform multiple installations to the same cluster, create different templates for each {product-title} installation. In the `inventory.yml` file, prepend the value of `template` with `infraID`. For example:
-+
-[source,yaml]
-----
-  control_plane:
-    cluster: "{{ ovirt_cluster }}"
-    memory: 16GiB
-    sockets: 4
-    cores: 1
-    template: "{{ metadata.infraID }}-rhcos_tpl"
-    operating_system: "rhcos_x64"
-    ...
-----
-
-. Create the templates and virtual machines:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml create-templates-and-vms.yml
-----
diff --git a/modules/installation-rhv-creating-worker-nodes-completing-installation.adoc b/modules/installation-rhv-creating-worker-nodes-completing-installation.adoc
deleted file mode 100644
index d7977662fb4a..000000000000
--- a/modules/installation-rhv-creating-worker-nodes-completing-installation.adoc
+++ /dev/null
@@ -1,106 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-creating-worker-nodes-completing-installation_{context}"]
-= Creating the worker nodes and completing the installation
-
-Creating worker nodes is similar to creating control plane nodes. However, worker nodes workers do not automatically join the cluster. To add them to the cluster, you review and approve the workers' pending CSRs (Certificate Signing Requests).
-
-After approving the first requests, you continue approving CSR until all of the worker nodes are approved. When you complete this process, the worker nodes become `Ready` and can have pods scheduled to run on them.
-
-Finally, monitor the command line to see when the installation process completes.
-
-.Procedure
-
-. Create the worker nodes:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml workers.yml
-----
-
-
-. To list all of the CSRs, enter:
-+
-[source,terminal]
-----
-$ oc get csr -A
-----
-+
-Eventually, this command displays one CSR per node. For example:
-+
-.Example output
-[source,terminal]
-----
-NAME        AGE    SIGNERNAME                                    REQUESTOR                                                                   CONDITION
-csr-2lnxd   63m    kubernetes.io/kubelet-serving                 system:node:ocp4-lk6b4-master0.ocp4.example.org                             Approved,Issued
-csr-hff4q   64m    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
-csr-hsn96   60m    kubernetes.io/kubelet-serving                 system:node:ocp4-lk6b4-master2.ocp4.example.org                             Approved,Issued
-csr-m724n   6m2s   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending
-csr-p4dz2   60m    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
-csr-t9vfj   60m    kubernetes.io/kubelet-serving                 system:node:ocp4-lk6b4-master1.ocp4.example.org                             Approved,Issued
-csr-tggtr   61m    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Approved,Issued
-csr-wcbrf   7m6s   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending
-----
-
-. To filter the list and see only pending CSRs, enter:
-+
-[source,terminal]
-----
-$ watch "oc get csr -A | grep pending -i"
-----
-+
-This command refreshes the output every two seconds and displays only pending CSRs. For example:
-+
-.Example output
-[source,terminal]
-----
-Every 2.0s: oc get csr -A | grep pending -i
-
-csr-m724n   10m   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending
-csr-wcbrf   11m   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   Pending
-----
-
-. Inspect each pending request. For example:
-+
-.Example output
-[source,terminal]
-----
-$ oc describe csr csr-m724n
-----
-+
-.Example output
-[source,terminal]
-----
-Name:               csr-m724n
-Labels:             <none>
-Annotations:        <none>
-CreationTimestamp:  Sun, 19 Jul 2020 15:59:37 +0200
-Requesting User:    system:serviceaccount:openshift-machine-config-operator:node-bootstrapper
-Signer:             kubernetes.io/kube-apiserver-client-kubelet
-Status:             Pending
-Subject:
-         Common Name:    system:node:ocp4-lk6b4-worker1.ocp4.example.org
-         Serial Number:
-         Organization:   system:nodes
-Events:  <none>
-----
-
-. If the CSR information is correct, approve the request:
-+
-[source,terminal]
-----
-$ oc adm certificate approve csr-m724n
-----
-
-. Wait for the installation process to finish:
-+
-[source,terminal]
-----
-$ openshift-install wait-for install-complete --dir $ASSETS_DIR --log-level debug
-----
-+
-When the installation completes, the command line displays the URL of the {product-title} web console and the administrator user name and password.
diff --git a/modules/installation-rhv-customizing-install-config-yaml.adoc b/modules/installation-rhv-customizing-install-config-yaml.adoc
deleted file mode 100644
index a710a635e780..000000000000
--- a/modules/installation-rhv-customizing-install-config-yaml.adoc
+++ /dev/null
@@ -1,73 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-customizing-install-config-yaml_{context}"]
-= Customizing install-config.yaml
-
-Here, you use three Python scripts to override some of the installation program's default behaviors:
-
-* By default, the installation program uses the machine API to create nodes. To override this default behavior, you set the number of compute nodes to zero replicas. Later, you use Ansible playbooks to create the compute nodes.
-
-* By default, the installation program sets the IP range of the machine network for nodes. To override this default behavior, you set the IP range to match your infrastructure.
-
-* By default, the installation program sets the platform to `ovirt`. However, installing a cluster on user-provisioned infrastructure is more similar to installing a cluster on bare metal. Therefore, you delete the ovirt platform section from `install-config.yaml` and change the platform to `none`. Instead, you use `inventory.yml` to specify all of the required settings.
-
-[NOTE]
-====
-These snippets work with Python 3 and Python 2.
-====
-
-// TBD - https://issues.redhat.com/browse/OCPRHV-414
-// Please discuss with engineering whether these three scripts can/should be combined into a single script.
-// Also consider combining this topic with other customization topics.
-
-.Procedure
-//TBD - Should we combine these into one script?
-
-. Set the number of compute nodes to zero replicas:
-+
-[source,python]
-----
-$ python3 -c 'import os, yaml
-path = "%s/install-config.yaml" % os.environ["ASSETS_DIR"]
-conf = yaml.safe_load(open(path))
-conf["compute"][0]["replicas"] = 0
-open(path, "w").write(yaml.dump(conf, default_flow_style=False))'
-----
-
-
-. Set the IP range of the machine network. For example, to set the range to `172.16.0.0/16`, enter:
-+
-[source,python]
-----
-$ python3 -c 'import os, yaml
-path = "%s/install-config.yaml" % os.environ["ASSETS_DIR"]
-conf = yaml.safe_load(open(path))
-conf["networking"]["machineNetwork"][0]["cidr"] = "172.16.0.0/16"
-open(path, "w").write(yaml.dump(conf, default_flow_style=False))'
-----
-
-
-. Remove the `ovirt` section and change the platform to `none`:
-+
-[source,python]
-----
-$ python3 -c 'import os, yaml
-path = "%s/install-config.yaml" % os.environ["ASSETS_DIR"]
-conf = yaml.safe_load(open(path))
-platform = conf["platform"]
-del platform["ovirt"]
-platform["none"] = {}
-open(path, "w").write(yaml.dump(conf, default_flow_style=False))'
-----
-+
-[WARNING]
-====
-Red Hat Virtualization does not currently support installation with user-provisioned infrastructure on the oVirt platform. Therefore, you must set the platform to `none`, allowing {product-title} to identify each node as a bare-metal node and the cluster as a bare-metal cluster. This is the same as xref:../../installing/installing_platform_agnostic/installing-platform-agnostic.adoc#installing-platform-agnostic[installing a cluster on any platform], and has the following limitations:
-
-. There will be no cluster provider so you must manually add each machine and there will be no node scaling capabilities.
-. The oVirt CSI driver will not be installed and there will be no CSI capabilities.
-====
diff --git a/modules/installation-rhv-destroying-cluster.adoc b/modules/installation-rhv-destroying-cluster.adoc
deleted file mode 100644
index 4efef6a3e2b6..000000000000
--- a/modules/installation-rhv-destroying-cluster.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-
-[id="installation-rhv-destroying-cluster_{context}"]
-= Destroying the cluster
-
-When you are finished using the cluster, you can destroy it and remove related configurations from your infrastructure.
-
-.Prerequisites
-* You preserved the original files you used to create the cluster.
-
-.Procedure
-
-. Optional: To remove the cluster, enter:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml \
-    retire-bootstrap.yml \
-    retire-masters.yml   \
-    retire-workers.yml
-----
-
-. Remove any previous configurations you added to DNS, load balancers, and any other infrastructure.
diff --git a/modules/installation-rhv-downloading-ansible-playbooks.adoc b/modules/installation-rhv-downloading-ansible-playbooks.adoc
deleted file mode 100644
index 9356e5201624..000000000000
--- a/modules/installation-rhv-downloading-ansible-playbooks.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-downloading-ansible-playbooks_{context}"]
-= Downloading the Ansible playbooks
-
-Download the Ansible playbooks for installing {product-title} version {product-version} on {rh-virtualization}.
-
-.Procedure
-
-* On your installation machine, run the following commands:
-+
-[source,terminal,subs=attributes+]
-----
-$ mkdir playbooks
-----
-+
-[source,terminal,subs=attributes+]
-----
-$ cd playbooks
-----
-+
-[source,terminal,subs=attributes+]
-----
-$  xargs -n 1 curl -O <<< '
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/bootstrap.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/common-auth.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/create-templates-and-vms.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/inventory.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/masters.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/retire-bootstrap.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/retire-masters.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/retire-workers.yml
-        https://raw.githubusercontent.com/openshift/installer/release-{product-version}/upi/ovirt/workers.yml'
-
-----
-
-
-.Next steps
-
-* After you download these Ansible playbooks, you must also create the environment variable for the assets directory and customize the `inventory.yml` file before you create an installation configuration file by running the installation program.
diff --git a/modules/installation-rhv-editing-manifests.adoc b/modules/installation-rhv-editing-manifests.adoc
deleted file mode 100644
index 35c5a1ecaa91..000000000000
--- a/modules/installation-rhv-editing-manifests.adoc
+++ /dev/null
@@ -1,89 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-editing-mantifests_{context}"]
-= Generate manifest files
-
-Use the installation program to generate a set of manifest files in the assets directory.
-
-The command to generate the manifest files displays a warning message before it consumes the `install-config.yaml` file.
-
-If you plan to reuse the `install-config.yaml` file, create a backup copy of it before you back it up before you generate the manifest files.
-
-// TBD There isn't a clear reason to generate the manifest files. Is this step necessary? It seem like normally the user only does this if they need to edit the files to customize something. Unfortunately, the lead developer on this project has left the organization. Looking at similar commands/topics in the openshift-docs, it seems like this step is only taken when the user needs to perform a specific customization.
-
-
-.Procedure
-
-. Optional: Create a backup copy of the `install-config.yaml` file:
-+
-[source,terminal]
-----
-$ cp install-config.yaml install-config.yaml.backup
-----
-
-. Generate a set of manifests in your assets directory:
-+
-[source,terminal]
-----
-$ openshift-install create manifests --dir $ASSETS_DIR
-----
-+
-This command displays the following messages.
-+
-.Example output
-[source,terminal]
-----
-INFO Consuming Install Config from target directory
-WARNING Making control-plane schedulable by setting MastersSchedulable to true for Scheduler cluster settings
-----
-+
-The command generates the following manifest files:
-+
-.Example output
-[source,terminal]
-----
-$ tree
-.
-└── wrk
-    ├── manifests
-    │   ├── 04-openshift-machine-config-operator.yaml
-    │   ├── cluster-config.yaml
-    │   ├── cluster-dns-02-config.yml
-    │   ├── cluster-infrastructure-02-config.yml
-    │   ├── cluster-ingress-02-config.yml
-    │   ├── cluster-network-01-crd.yml
-    │   ├── cluster-network-02-config.yml
-    │   ├── cluster-proxy-01-config.yaml
-    │   ├── cluster-scheduler-02-config.yml
-    │   ├── cvo-overrides.yaml
-    │   ├── etcd-ca-bundle-configmap.yaml
-    │   ├── etcd-client-secret.yaml
-    │   ├── etcd-host-service-endpoints.yaml
-    │   ├── etcd-host-service.yaml
-    │   ├── etcd-metric-client-secret.yaml
-    │   ├── etcd-metric-serving-ca-configmap.yaml
-    │   ├── etcd-metric-signer-secret.yaml
-    │   ├── etcd-namespace.yaml
-    │   ├── etcd-service.yaml
-    │   ├── etcd-serving-ca-configmap.yaml
-    │   ├── etcd-signer-secret.yaml
-    │   ├── kube-cloud-config.yaml
-    │   ├── kube-system-configmap-root-ca.yaml
-    │   ├── machine-config-server-tls-secret.yaml
-    │   └── openshift-config-secret-pull-secret.yaml
-    └── openshift
-        ├── 99_kubeadmin-password-secret.yaml
-        ├── 99_openshift-cluster-api_master-user-data-secret.yaml
-        ├── 99_openshift-cluster-api_worker-user-data-secret.yaml
-        ├── 99_openshift-machineconfig_99-master-ssh.yaml
-        ├── 99_openshift-machineconfig_99-worker-ssh.yaml
-        └── openshift-install-manifests.yaml
-----
-
-.Next steps
-
-* Make control plane nodes non-schedulable.
diff --git a/modules/installation-rhv-making-control-plane-nodes-non-schedulable.adoc b/modules/installation-rhv-making-control-plane-nodes-non-schedulable.adoc
deleted file mode 100644
index c0caa206ce09..000000000000
--- a/modules/installation-rhv-making-control-plane-nodes-non-schedulable.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-making-control-plane-nodes-non-schedulable_{context}"]
-= Making control-plane nodes non-schedulable
-
-// TBD - https://issues.redhat.com/browse/OCPRHV-414
-// Here's my version of the intro text from https://github.com/openshift/installer/blob/master/docs/user/ovirt/install_upi.md#set-control-plane-nodes-unschedulable . This information is confusing. Please discuss with engineering and provide a good concise explanation of why the user is doing this.
-
-// "Earlier, when you set the compute `replicas` to zero, it also made control-plane nodes schedulable, which is something you do not want at this stage in the process.""
-//
-// "NOTE: Router pods can run also on control-plane nodes but there are some Kubernetes limitations that prevent the ingress load balancer from reaching those pods.""
-
-Because you are manually creating and deploying the control plane machines, you must configure a manifest file to make the control plane nodes non-schedulable.
-
-.Procedure
-
-. To make the control plane nodes non-schedulable, enter:
-+
-[source,terminal]
-----
-$ python3 -c 'import os, yaml
-path = "%s/manifests/cluster-scheduler-02-config.yml" % os.environ["ASSETS_DIR"]
-data = yaml.safe_load(open(path))
-data["spec"]["mastersSchedulable"] = False
-open(path, "w").write(yaml.dump(data, default_flow_style=False))'
-----
diff --git a/modules/installation-rhv-removing-bootstrap-machine.adoc b/modules/installation-rhv-removing-bootstrap-machine.adoc
deleted file mode 100644
index d43bc16e7cc4..000000000000
--- a/modules/installation-rhv-removing-bootstrap-machine.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-removing-bootstrap-machine_{context}"]
-= Removing the bootstrap machine
-
-After the `wait-for` command shows that the bootstrap process is complete, you must remove the bootstrap virtual machine to free up compute, memory, and storage resources. Also, remove settings for the bootstrap machine from the load balancer directives.
-
-.Procedure
-
-
-. To remove the bootstrap machine from the cluster, enter:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml retire-bootstrap.yml
-----
-
-. Remove settings for the bootstrap machine from the load balancer directives.
diff --git a/modules/installation-rhv-removing-cluster-upi.adoc b/modules/installation-rhv-removing-cluster-upi.adoc
deleted file mode 100644
index 34c5a70da878..000000000000
--- a/modules/installation-rhv-removing-cluster-upi.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-removing-cluster-upi_{context}"]
-= Removing a cluster that uses user-provisioned infrastructure
-
-When you are finished using the cluster, you can remove a cluster that uses user-provisioned infrastructure from your cloud.
-
-.Prerequisites
-
-* Have the original playbook files, assets directory and files, and `$ASSETS_DIR` environment variable that you used to you install the cluster. Typically, you can achieve this by using the same computer you used when you installed the cluster.
-
-.Procedure
-
-. To remove the cluster, enter:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml \
-    retire-bootstrap.yml \
-    retire-masters.yml   \
-    retire-workers.yml
-----
-
-. Remove any configurations you added to DNS, load balancers, and any other infrastructure for this cluster.
diff --git a/modules/installation-rhv-specifying-rhcos-image-settings.adoc b/modules/installation-rhv-specifying-rhcos-image-settings.adoc
deleted file mode 100644
index 60eacb9486fd..000000000000
--- a/modules/installation-rhv-specifying-rhcos-image-settings.adoc
+++ /dev/null
@@ -1,42 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installation-rhv-specifying-rhcos-image-settings_{context}"]
-= Specifying the {op-system} image settings
-
-Update the {op-system-first} image settings of the `inventory.yml` file. Later, when you run this file one of the playbooks, it downloads a compressed {op-system-first} image from the `image_url` URL to the `local_cmp_image_path` directory. The playbook then uncompresses the image to the `local_image_path` directory and uses it to create oVirt/{rh-virtualization} templates.
-
-// TBD - https://issues.redhat.com/browse/OCPRHV-414
-// Consider combining this topic with another one after we've resolved the issue of getting the files.
-
-.Procedure
-
-ifndef::openshift-origin[]
-. Locate the {op-system} image download page for the version of {product-title} you are installing, such as link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.13/latest/[Index of /pub/openshift-v4/dependencies/rhcos/latest/latest].
-
-. From that download page, copy the URL of an OpenStack `qcow2` image, such as `\https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.13/latest/rhcos-openstack.x86_64.qcow2.gz`.
-
-. Edit the `inventory.yml` playbook you downloaded earlier. In it, paste the URL as the value for `image_url`. For example:
-+
-[source,yaml]
-----
-rhcos:
-  "https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.13/latest/rhcos-openstack.x86_64.qcow2.gz"
-----
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-. Locate the {op-system} image download page, such as link:https://getfedora.org/coreos/download?tab=cloud_operators&stream=stable[Download Fedora CoreOS].
-
-. From that download page, copy the URL of an OpenStack `qcow2` image, such as `\https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/34.20210611.3.0/x86_64/fedora-coreos-34.20210611.3.0-openstack.x86_64.qcow2.xz`.
-
-. Edit the `inventory.yml` playbook you downloaded earlier. In it, replace the `rhcos` stanza and paste the URL as the value for `image_url`. For example:
-+
-[source,yaml]
-----
-rhcos:
-  image_url: "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/34.20210611.3.0/x86_64/fedora-coreos-34.20210611.3.0-openstack.x86_64.qcow2.xz"
-----
-endif::openshift-origin[]
diff --git a/modules/installation-special-config-butane-about.adoc b/modules/installation-special-config-butane-about.adoc
index a5dedc13fd13..f8aea69da3fc 100644
--- a/modules/installation-special-config-butane-about.adoc
+++ b/modules/installation-special-config-butane-about.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/install_config/installing-customizing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-special-config-butane-about_{context}"]
 = About Butane
 
diff --git a/modules/installation-special-config-butane-create.adoc b/modules/installation-special-config-butane-create.adoc
index c282326e5e5d..d7ba710c7324 100644
--- a/modules/installation-special-config-butane-create.adoc
+++ b/modules/installation-special-config-butane-create.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/install_config/installing-customizing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-butane-create_{context}"]
 = Creating a MachineConfig object by using Butane
 
@@ -16,10 +16,10 @@ You can use Butane to produce a `MachineConfig` object so that you can configure
 
 . Create a Butane config file. The following example creates a file named `99-worker-custom.bu` that configures the system console to show kernel debug messages and specifies custom settings for the chrony time service:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-worker-custom
   labels:
diff --git a/modules/installation-special-config-butane-install.adoc b/modules/installation-special-config-butane-install.adoc
index 19473dc10be8..f76e720325be 100644
--- a/modules/installation-special-config-butane-install.adoc
+++ b/modules/installation-special-config-butane-install.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/install_config/installing-customizing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-butane-install_{context}"]
 = Installing Butane
 
diff --git a/modules/installation-special-config-chrony.adoc b/modules/installation-special-config-chrony.adoc
index 058b36b02bda..827875829c45 100644
--- a/modules/installation-special-config-chrony.adoc
+++ b/modules/installation-special-config-chrony.adoc
@@ -15,7 +15,7 @@ ifeval::["{context}" == "installing-restricted-networks-vsphere"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-chrony_{context}"]
 = Configuring chrony time service
 
@@ -35,10 +35,10 @@ to your nodes as a machine config.
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-worker-chrony <1>
   labels:
diff --git a/modules/installation-special-config-kargs.adoc b/modules/installation-special-config-kargs.adoc
index d4ab4fe5250b..bb83daf3be9b 100644
--- a/modules/installation-special-config-kargs.adoc
+++ b/modules/installation-special-config-kargs.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-special-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-kargs_{context}"]
 
 = Adding day-1 kernel arguments
diff --git a/modules/installation-special-config-kmod.adoc b/modules/installation-special-config-kmod.adoc
index 375c7dcb4ccf..fdefcf319e47 100644
--- a/modules/installation-special-config-kmod.adoc
+++ b/modules/installation-special-config-kmod.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-special-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-kmod_{context}"]
 = Adding kernel modules to nodes
 
@@ -385,10 +385,10 @@ $ cd .. && rm -rf kmod-tree && cp -Lpr ${FAKEROOT} kmod-tree
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-simple-kmod
   labels:
diff --git a/modules/installation-special-config-raid.adoc b/modules/installation-special-config-raid.adoc
index 6d14dbab8466..14ec5b07817d 100644
--- a/modules/installation-special-config-raid.adoc
+++ b/modules/installation-special-config-raid.adoc
@@ -24,10 +24,10 @@ Butane is a command-line utility that {product-title} uses to provide convenient
 * To configure a data volume with RAID 1 on the same disks that are used for a mirrored boot disk, create a `$HOME/clusterconfig/raid1-storage.bu` file, for example:
 +
 .RAID 1 on mirrored boot disk
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: raid1-storage
   labels:
@@ -35,16 +35,16 @@ metadata:
 boot_device:
   mirror:
     devices:
-      - /dev/sda
-      - /dev/sdb
+      - /dev/disk/by-id/scsi-3600508b400105e210000900000490000
+      - /dev/disk/by-id/scsi-SSEAGATE_ST373453LW_3HW1RHM6
 storage:
   disks:
-    - device: /dev/sda
+    - device: /dev/disk/by-id/scsi-3600508b400105e210000900000490000
       partitions:
         - label: root-1
           size_mib: 25000 <1>
         - label: var-1
-    - device: /dev/sdb
+    - device: /dev/disk/by-id/scsi-SSEAGATE_ST373453LW_3HW1RHM6
       partitions:
         - label: root-2
           size_mib: 25000 <1>
@@ -67,10 +67,10 @@ storage:
 * To configure a data volume with RAID 1 on secondary disks, create a `$HOME/clusterconfig/raid1-alt-storage.bu` file, for example:
 +
 .RAID 1 on secondary disks
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: raid1-alt-storage
   labels:
diff --git a/modules/installation-special-config-rtkernel.adoc b/modules/installation-special-config-rtkernel.adoc
index 1d03d79c5d01..43a945b6b73e 100644
--- a/modules/installation-special-config-rtkernel.adoc
+++ b/modules/installation-special-config-rtkernel.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/install_config/installing-customizing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-rtkernel_{context}"]
 
 = Adding a real-time kernel to nodes (during installation)
@@ -92,12 +92,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                        STATUS  ROLES    AGE   VERSION
-ip-10-0-139-200.us-east-2.compute.internal  Ready   master   111m  v1.26.0
-ip-10-0-143-147.us-east-2.compute.internal  Ready   worker   103m  v1.26.0
-ip-10-0-146-92.us-east-2.compute.internal   Ready   worker   101m  v1.26.0
-ip-10-0-156-255.us-east-2.compute.internal  Ready   master   111m  v1.26.0
-ip-10-0-164-74.us-east-2.compute.internal   Ready   master   111m  v1.26.0
-ip-10-0-169-2.us-east-2.compute.internal    Ready   worker   102m  v1.26.0
+ip-10-0-139-200.us-east-2.compute.internal  Ready   master   111m  v1.28.5
+ip-10-0-143-147.us-east-2.compute.internal  Ready   worker   103m  v1.28.5
+ip-10-0-146-92.us-east-2.compute.internal   Ready   worker   101m  v1.28.5
+ip-10-0-156-255.us-east-2.compute.internal  Ready   master   111m  v1.28.5
+ip-10-0-164-74.us-east-2.compute.internal   Ready   master   111m  v1.28.5
+ip-10-0-169-2.us-east-2.compute.internal    Ready   worker   102m  v1.28.5
 ----
 +
 [source,terminal]
diff --git a/modules/installation-special-config-storage.adoc b/modules/installation-special-config-storage.adoc
index a42e636cbc98..f9aabd34a778 100644
--- a/modules/installation-special-config-storage.adoc
+++ b/modules/installation-special-config-storage.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/install_config/installing-customizing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-special-config-storage_{context}"]
 = Encrypting and mirroring disks during installation
 
@@ -54,15 +54,17 @@ You can also configure the TPM v2 and Tang encryption modes simultaneously.
 This enables boot disk data decryption only if the TPM secure cryptoprocessor is present and the Tang servers are accessible over a secure network.
 
 You can use the `threshold` attribute in your Butane configuration to define the minimum number of TPM v2 and Tang encryption conditions required for decryption to occur.
-The threshold is met when the stated value is reached through any combination of the declared conditions.
-For example, the `threshold` value of `2` in the following configuration can be reached by accessing the two Tang servers, or by accessing the TPM secure cryptoprocessor and one of the Tang servers:
+
+The threshold is met when the stated value is reached through any combination of the declared conditions. In the case of offline provisioning, the offline server is accessed using an included advertisement, and only uses that supplied advertisement if the number of online servers do not meet the set threshold.
+
+For example, the `threshold` value of `2` in the following configuration can be reached by accessing two Tang servers, with the offline server available as a backup, or by accessing the TPM secure cryptoprocessor and one of the Tang servers:
 
 .Example Butane configuration for disk encryption
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: worker-storage
   labels:
@@ -76,7 +78,10 @@ boot_device:
         thumbprint: jwGN5tRFK-kF6pIX89ssF3khxxX
       - url: http://tang2.example.com:7500
         thumbprint: VCJsvZFjBSIHSldw78rOrq7h2ZF
-    threshold: 2 <4>
+      - url: http://tang3.example.com:7500
+        thumbprint: PLjNyRdGw03zlRoGjQYMahSZGu9
+        advertisement: "{\"payload\": \"...\", \"protected\": \"...\", \"signature\": \"...\"}" <4>
+    threshold: 2 <5>
 openshift:
   fips: true
 ----
@@ -84,7 +89,8 @@ openshift:
 Some examples include, `x86_64`, `aarch64`, or `ppc64le`.
 <2> Include this field if you want to use a Trusted Platform Module (TPM) to encrypt the root file system.
 <3> Include this section if you want to use one or more Tang servers.
-<4> Specify the minimum number of TPM v2 and Tang encryption conditions required for decryption to occur.
+<4> Optional: Include this field for offline provisioning. Ignition will provision the Tang server binding rather than fetching the advertisement from the server at runtime. This lets the server be unavailable at provisioning time.
+<5> Specify the minimum number of TPM v2 and Tang encryption conditions required for decryption to occur.
 
 [IMPORTANT]
 ====
@@ -151,11 +157,11 @@ $ sudo yum install clevis
 ----
 
 .. On the {op-system-base} 8 machine, run the following command to generate a thumbprint of the exchange key.
-Replace `\http://tang.example.com:7500` with the URL of your Tang server:
+Replace `\http://tang1.example.com:7500` with the URL of your Tang server:
 +
 [source,terminal]
 ----
-$ clevis-encrypt-tang '{"url":"http://tang.example.com:7500"}' < /dev/null > /dev/null <1>
+$ clevis-encrypt-tang '{"url":"http://tang1.example.com:7500"}' < /dev/null > /dev/null <1>
 ----
 <1> In this example, `tangd.socket` is listening on port `7500` on the Tang server.
 +
@@ -176,13 +182,28 @@ PLjNyRdGw03zlRoGjQYMahSZGu9 <1>
 <1> The thumbprint of the exchange key.
 +
 When the `Do you wish to trust these keys? [ynYN]` prompt displays, type `Y`.
+
+.. Optional: For offline Tang provisioning:
+
+... Obtain the advertisement from the server using the `curl` command. Replace `\http://tang2.example.com:7500` with the URL of your Tang server:
 +
-[NOTE]
-====
-{op-system-base} 8 provides Clevis version 15, which uses the SHA-1 hash algorithm to generate thumbprints.
-Some other distributions provide Clevis version 17 or later, which use the SHA-256 hash algorithm for thumbprints.
-You must use a Clevis version that uses SHA-1 to create the thumbprint, to prevent Clevis binding issues when you install {op-system-first} on your {product-title} cluster nodes.
-====
+[source,terminal]
+----
+$ curl -f http://tang2.example.com:7500/adv > adv.jws && cat adv.jws
+----
++
+.Expected output
+[source,text]
+----
+{"payload": "eyJrZXlzIjogW3siYWxnIjogIkV", "protected": "eyJhbGciOiJFUzUxMiIsImN0eSI", "signature": "ADLgk7fZdE3Yt4FyYsm0pHiau7Q"}
+----
+
+... Provide the advertisement file to Clevis for encryption:
++
+[source,terminal]
+----
+$ clevis-encrypt-tang '{"url":"http://tang2.example.com:7500","adv":"adv.jws"}' < /dev/null > /dev/null
+----
 
 .. If the nodes are configured with static IP addressing, run `coreos-installer iso customize --dest-karg-append` or use the `coreos-installer` `--append-karg` option when installing {op-system} nodes to set the IP address of the installed system.
 Append the `ip=` and other arguments needed for your network.
@@ -205,11 +226,11 @@ $ ./openshift-install create manifests --dir <installation_directory> <1>
 . Create a Butane config that configures disk encryption, mirroring, or both.
 For example, to configure storage for compute nodes, create a `$HOME/clusterconfig/worker-storage.bu` file.
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 .Butane config example for a boot device
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: worker-storage <1>
   labels:
@@ -219,15 +240,18 @@ boot_device:
   luks: <3>
     tpm2: true <4>
     tang: <5>
-      - url: http://tang.example.com:7500 <6>
+      - url: http://tang1.example.com:7500 <6>
         thumbprint: PLjNyRdGw03zlRoGjQYMahSZGu9 <7>
-    threshold: 1 <8>
-  mirror: <9>
-    devices: <10>
+      - url: http://tang2.example.com:7500
+        thumbprint: VCJsvZFjBSIHSldw78rOrq7h2ZF
+        advertisement: "{"payload": "eyJrZXlzIjogW3siYWxnIjogIkV", "protected": "eyJhbGciOiJFUzUxMiIsImN0eSI", "signature": "ADLgk7fZdE3Yt4FyYsm0pHiau7Q"}" <8>
+    threshold: 1 <9>
+  mirror: <10>
+    devices: <11>
       - /dev/sda
       - /dev/sdb
 openshift:
-  fips: true <11>
+  fips: true <12>
 ----
 +
 <1> For control plane configurations, replace `worker` with `master` in both of these locations.
@@ -240,21 +264,22 @@ For more details, see "About disk encryption".
 <6> Specify the URL of a Tang server.
 In this example, `tangd.socket` is listening on port `7500` on the Tang server.
 <7> Specify the exchange key thumbprint, which was generated in a preceding step.
-<8> Specify the minimum number of TPM v2 and Tang encryption conditions that must be met for decryption to occur.
+<8> Optional: Specify the advertisement for your offline Tang server in valid JSON format.
+<9> Specify the minimum number of TPM v2 and Tang encryption conditions that must be met for decryption to occur.
 The default value is `1`.
 For more information about this topic, see "Configuring an encryption threshold".
-<9> Include this section if you want to mirror the boot disk.
+<10> Include this section if you want to mirror the boot disk.
 For more details, see "About disk mirroring".
-<10> List all disk devices that should be included in the boot disk mirror, including the disk that {op-system} will be installed onto.
-<11> Include this directive to enable FIPS mode on your cluster.
+<11> List all disk devices that should be included in the boot disk mirror, including the disk that {op-system} will be installed onto.
+<12> Include this directive to enable FIPS mode on your cluster.
 +
 [IMPORTANT]
 ====
-If you are configuring nodes to use both disk encryption and mirroring, both features must be configured in the same Butane config.
-If you are configuring disk encryption on a node with FIPS mode enabled, you must include the `fips` directive in the same Butane config, even if FIPS mode is also enabled in a separate manifest.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. If you are configuring nodes to use both disk encryption and mirroring, both features must be configured in the same Butane configuration file.
+If you are configuring disk encryption on a node with FIPS mode enabled, you must include the `fips` directive in the same Butane configuration file, even if FIPS mode is also enabled in a separate manifest.
 ====
 
-. Create a control plane or compute node manifest from the corresponding Butane config and save it to the `<installation_directory>/openshift` directory.
+. Create a control plane or compute node manifest from the corresponding Butane configuration file and save it to the `<installation_directory>/openshift` directory.
 For example, to create a manifest for the compute nodes, run the following command:
 +
 [source,terminal]
@@ -264,7 +289,7 @@ $ butane $HOME/clusterconfig/worker-storage.bu -o <installation_directory>/opens
 +
 Repeat this step for each node type that requires disk encryption or mirroring.
 
-. Save the Butane configs in case you need to update the manifests in the future.
+. Save the Butane configuration file in case you need to update the manifests in the future.
 
 . Continue with the remainder of the {product-title} installation.
 +
@@ -451,4 +476,4 @@ In the example output, the `/boot` file system is mounted on the `/dev/md126` so
 [role="_additional-resources"]
 .Additional resources
 
-* For more information about the TPM v2 and Tang encryption modes, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption].
\ No newline at end of file
+* For more information about the TPM v2 and Tang encryption modes, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption].
diff --git a/modules/installation-three-node-cluster-cloud-provider.adoc b/modules/installation-three-node-cluster-cloud-provider.adoc
index 34f68ea1b5a1..972346ca861d 100644
--- a/modules/installation-three-node-cluster-cloud-provider.adoc
+++ b/modules/installation-three-node-cluster-cloud-provider.adoc
@@ -20,7 +20,7 @@ ifeval::["{context}" == "installing-nutanix-three-node"]
 :nutanix:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-three-node-cluster_{context}"]
 = Configuring a three-node cluster
 
diff --git a/modules/installation-three-node-cluster.adoc b/modules/installation-three-node-cluster.adoc
index cb78197d15d1..b90d0ed498a1 100644
--- a/modules/installation-three-node-cluster.adoc
+++ b/modules/installation-three-node-cluster.adoc
@@ -27,7 +27,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
 :restricted:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-three-node-cluster_{context}"]
 = Configuring a three-node cluster
 
@@ -64,7 +64,7 @@ ifdef::ibm-z,ibm-z-kvm[]
 +
 [NOTE]
 ====
-The preferred resource for control plane nodes is six vCPUs and 21 GB. For three control plane nodes this is the memory + vCPU equivalent of a minimum five-node cluster. You should back the three nodes, each installed on a 120 GB disk, with three IFLs that are SMT2 enabled. The minimum tested setup is three vCPUs and 10 GB on a 120 GB disk for each control plane node.  
+The preferred resource for control plane nodes is six vCPUs and 21 GB. For three control plane nodes this is the memory + vCPU equivalent of a minimum five-node cluster. You should back the three nodes, each installed on a 120 GB disk, with three IFLs that are SMT2 enabled. The minimum tested setup is three vCPUs and 10 GB on a 120 GB disk for each control plane node.
 ====
 endif::ibm-z,ibm-z-kvm[]
 .Next steps
diff --git a/modules/installation-uninstall-clouds.adoc b/modules/installation-uninstall-clouds.adoc
index 45a6f372cb3d..f2f75dcbebdd 100644
--- a/modules/installation-uninstall-clouds.adoc
+++ b/modules/installation-uninstall-clouds.adoc
@@ -7,7 +7,7 @@
 // * installing/installing_ibm_cloud_public/uninstalling-cluster-ibm-cloud.adoc
 // * installing/installing_ibm_powervs/uninstalling-cluster-ibm-power-vs.adoc
 // * installing/installing_osp/uninstalling-cluster-openstack.adoc
-// * installing/installing_rhv/uninstalling-cluster-rhv.adoc
+// * installing/installing_vmc/uninstalling-cluster-vmc.adoc
 // * installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc
 // * installing/installing_nutanix/uninstalling-cluster-nutanix.adoc
 
@@ -24,7 +24,7 @@ ifeval::["{context}" == "uninstalling-cluster-ibm-power-vs"]
 :ibm-power-vs:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-uninstall-clouds_{context}"]
 = Removing a cluster that uses installer-provisioned infrastructure
 
@@ -52,7 +52,7 @@ endif::gcp[]
 cluster.
 ifdef::ibm-cloud,ibm-power-vs[]
 * You have configured the `ccoctl` binary.
-* You have installed the IBM Cloud CLI and installed or updated the VPC infrastructure service plugin. For more information see "Prerequisites" in the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#cli-ref-prereqs[IBM Cloud VPC CLI documentation].
+* You have installed the {ibm-cloud-name} CLI and installed or updated the VPC infrastructure service plugin. For more information see "Prerequisites" in the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#cli-ref-prereqs[{ibm-cloud-name} CLI documentation].
 endif::ibm-cloud,ibm-power-vs[]
 
 .Procedure
@@ -64,24 +64,24 @@ ifdef::ibm-cloud,ibm-power-vs[]
 +
 In which case, the PVCs are not removed when uninstalling the cluster, which might prevent the resource group from being successfully removed. To prevent a failure:
 
-.. Log in to the IBM Cloud using the CLI.
+.. Log in to the {ibm-cloud-name} using the CLI.
 .. To list the PVCs, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ ibmcloud is volumes --resource-group-name <infrastructure_id>
 ----
 +
-For more information about listing volumes, see the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#volume-cli[IBM Cloud VPC CLI documentation].
+For more information about listing volumes, see the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#volume-cli[{ibm-cloud-name} CLI documentation].
 
 .. To delete the PVCs, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ ibmcloud is volume-delete --force <volume_id>
 ----
 +
-For more information about deleting volumes, see the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#volume-delete[IBM Cloud VPC CLI documentation].
+For more information about deleting volumes, see the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#volume-delete[{ibm-cloud-name} CLI documentation].
 
 . Export the API key that was created as part of the installation process.
 endif::ibm-cloud,ibm-power-vs[]
diff --git a/modules/installation-uninstall-infra.adoc b/modules/installation-uninstall-infra.adoc
index 457ad3cfcdf5..dafa963a5d40 100644
--- a/modules/installation-uninstall-infra.adoc
+++ b/modules/installation-uninstall-infra.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/uninstalling-openstack-user.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-uninstall-infra_{context}"]
 = Removing a cluster from {rh-openstack} that uses your own infrastructure
 
@@ -13,7 +13,7 @@ You can remove an {product-title} cluster on {rh-openstack-first} that uses your
 * Python 3 is installed on your machine.
 * You downloaded the modules in "Downloading playbook dependencies."
 * You have the playbooks that you used to install the cluster.
-* You modified the playbooks that are prefixed with `down-` to reflect any changes that you made to their corresponding installation playbooks. For example, changes to the `bootstrap.yaml` file are reflected in the `down-bootstrap.yaml` file. 
+* You modified the playbooks that are prefixed with `down-` to reflect any changes that you made to their corresponding installation playbooks. For example, changes to the `bootstrap.yaml` file are reflected in the `down-bootstrap.yaml` file.
 * All of the playbooks are in a common directory.
 
 .Procedure
diff --git a/modules/installation-user-defined-tags-azure.adoc b/modules/installation-user-defined-tags-azure.adoc
index 53fd0c1375f6..a520b0a7ef8d 100644
--- a/modules/installation-user-defined-tags-azure.adoc
+++ b/modules/installation-user-defined-tags-azure.adoc
@@ -1,13 +1,13 @@
 // Module included in the following assemblies:
 // * installing/installing_azure/installing-azure-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installing-azure-user-defined-tags_{context}"]
-= Configuring the user-defined tags for Azure
+= Configuring user-defined tags for Azure
 
 In {product-title}, you can use the tags for grouping resources and for managing resource access and cost. You can define the tags on the Azure resources in the `install-config.yaml` file only during {product-title} cluster creation. You cannot modify the user-defined tags after cluster creation.
 
-Support for user-defined tags is available only for the resources created in the Azure Public Cloud. User-defined tags are not supported for the {product-title} clusters upgraded to {product-title} 4.14.
+Support for user-defined tags is available only for the resources created in the Azure Public Cloud. User-defined tags are not supported for the {product-title} clusters upgraded to {product-title} {product-version}.
 
 User-defined and {product-title} specific tags are applied only to the resources created by the {product-title} installer and its core operators such as Machine api provider azure Operator, Cluster Ingress Operator, Cluster Image Registry Operator.
 
diff --git a/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc b/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc
index 826155780304..ab7868d93589 100644
--- a/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc
+++ b/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-user-infra"]
 :cp: Azure
@@ -10,8 +11,11 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :cp: Azure Stack Hub
 :ash:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:cp: Azure
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-exporting-common-variables-arm-templates_{context}"]
 = Exporting common variables for ARM templates
 
@@ -89,3 +93,6 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!cp:
 :!ash:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!cp:
+endif::[]
diff --git a/modules/installation-user-infra-exporting-common-variables.adoc b/modules/installation-user-infra-exporting-common-variables.adoc
index f2fd861626b6..f11756eebf07 100644
--- a/modules/installation-user-infra-exporting-common-variables.adoc
+++ b/modules/installation-user-infra-exporting-common-variables.adoc
@@ -28,7 +28,7 @@ ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
 :shared-vpc:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-exporting-common-variables_{context}"]
 = Exporting common variables for {cp-template} templates
 
diff --git a/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc b/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc
index d756d3fa0ee8..804fede8872a 100644
--- a/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc
+++ b/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc
@@ -18,6 +18,7 @@
 // * installing/installing_ibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 
 ifeval::["{context}" == "installing-aws-user-infra"]
@@ -37,10 +38,6 @@ ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 :azure-user-infra:
 endif::[]
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:vsphere:
-:restricted:
-endif::[]
 ifeval::["{context}" == "installing-bare-metal"]
 :baremetal:
 endif::[]
@@ -59,22 +56,29 @@ ifeval::["{context}" == "installing-restricted-networks-gcp"]
 :gcp:
 :restricted:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user"]
+ifeval::["{context}" == "installing-osp-user"]
 :osp:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
+ifeval::["{context}" == "installing-openstack-user"]
 :osp:
 endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :osp:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:osp:
-endif::[]
 ifeval::["{context}" == "installing-vsphere"]
 :vsphere:
 :three-node-cluster:
 endif::[]
+ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
+:vsphere:
+endif::[]
+ifeval::["{context}" == "installing-vsphere-network-customizations"]
+:vsphere:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-vsphere"]
+:vsphere:
+:restricted:
+endif::[]
 ifeval::["{context}" == "installing-platform-agnostic"]
 :baremetal:
 endif::[]
@@ -99,8 +103,12 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 :restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:azure:
+:azure-user-infra:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-generate-k8s-manifest-ignition_{context}"]
 = Creating the Kubernetes manifest and Ignition config files
 
@@ -176,25 +184,32 @@ ifndef::user-infra-vpc[]
 the Kubernetes manifest files that define the worker machines:
 endif::user-infra-vpc[]
 endif::gcp[]
-ifdef::aws,azure,ash,user-infra-vpc[]
+ifdef::azure,ash,user-infra-vpc[]
 . Remove the Kubernetes manifest files that define the worker machines:
-endif::aws,azure,ash,user-infra-vpc[]
+endif::azure,ash,user-infra-vpc[]
 ifdef::aws,azure,ash,gcp[]
 +
 [source,terminal]
 ----
 $ rm -f <installation_directory>/openshift/99_openshift-cluster-api_worker-machineset-*.yaml
 ----
+ifndef::user-infra-vpc[]
++
+[IMPORTANT]
+====
+If you disabled the `MachineAPI` capability when installing a cluster on user-provisioned infrastructure, you must remove the Kubernetes manifest files that define the worker machines. Otherwise, your cluster fails to install.
+====
+endif::user-infra-vpc[]
 +
 Because you create and manage the worker machines yourself, you do not need to initialize these machines.
 endif::aws,azure,ash,gcp[]
 
 ifdef::osp,vsphere[]
-. Remove the Kubernetes manifest files that define the control plane machines and compute machine sets:
+. Remove the Kubernetes manifest files that define the control plane machines, compute machine sets, and control plane machine sets:
 +
 [source,terminal]
 ----
-$ rm -f openshift/99_openshift-cluster-api_master-machines-*.yaml openshift/99_openshift-cluster-api_worker-machineset-*.yaml
+$ rm -f openshift/99_openshift-cluster-api_master-machines-*.yaml openshift/99_openshift-cluster-api_worker-machineset-*.yaml openshift/99_openshift-machine-api_master-control-plane-machine-set.yaml
 ----
 +
 Because you create and manage these resources yourself, you do not have
@@ -307,7 +322,6 @@ status:
   domain: ''
   selector: ''
 ----
-
 endif::user-infra-vpc[]
 
 ifdef::ash[]
@@ -357,17 +371,32 @@ $ openshift-install version
 ----
 +
 .Example output
-[source,terminal]
+[source,text]
 ----
 release image quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64
 ----
 
-.. Locate all `CredentialsRequest` objects in this release image that target the cloud you are deploying on:
+.. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 --credentials-requests --cloud=azure
+$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
+
+.. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
++
+[source,terminal]
+----
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
+  --to=<path_to_directory_for_credentials_requests> <3>
+----
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the location of the `install-config.yaml` file.
+<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
 +
 This command creates a YAML file for each `CredentialsRequest` object.
 +
@@ -412,29 +441,6 @@ stringData:
   azure_region: ${azure_region}
 ----
 
-[IMPORTANT]
-====
-The release image includes `CredentialsRequest` objects for Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set. You can identify these objects by their use of the `release.openshift.io/feature-set: TechPreviewNoUpgrade` annotation.
-
-* If you are not using any of these features, do not create secrets for these objects. Creating secrets for Technology Preview features that you are not using can cause the installation to fail.
-
-* If you are using any of these features, you must create secrets for the corresponding objects.
-====
-
-*** To find `CredentialsRequest` objects with the `TechPreviewNoUpgrade` annotation, run the following command:
-+
-[source,terminal]
-----
-$ grep "release.openshift.io/feature-set" *
-----
-+
-.Example output
-[source,terminal]
-----
-0000_30_capi-operator_00_credentials-request.yaml:  release.openshift.io/feature-set: TechPreviewNoUpgrade
-----
-// Right now, only the CAPI Operator is an issue, but it might make sense to update `0000_30_capi-operator_00_credentials-request.yaml` to `<tech_preview_credentials_request>.yaml` for the future.
-
 .. Create a `cco-configmap.yaml` file in the manifests directory with the Cloud Credential Operator (CCO) disabled:
 +
 .Sample `ConfigMap` object
@@ -523,19 +529,22 @@ endif::[]
 ifeval::["{context}" == "installing-osp-user"]
 :!osp:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
+ifeval::["{context}" == "installing-openstack-user"]
 :!osp:
 endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :!osp:
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!osp:
-endif::[]
 ifeval::["{context}" == "installing-vsphere"]
 :!vsphere:
 :!three-node-cluster:
 endif::[]
+ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
+:!vsphere:
+endif::[]
+ifeval::["{context}" == "installing-vsphere-network-customizations"]
+:!vsphere:
+endif::[]
 ifeval::["{context}" == "installing-restricted-networks-vsphere"]
 :!vsphere:
 :!restricted:
@@ -564,3 +573,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :!ibm-power:
 :!restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!azure:
+:!azure-user-infra:
+endif::[]
diff --git a/modules/installation-user-infra-generate.adoc b/modules/installation-user-infra-generate.adoc
index de6a6362cb8f..5518923735c1 100644
--- a/modules/installation-user-infra-generate.adoc
+++ b/modules/installation-user-infra-generate.adoc
@@ -6,7 +6,9 @@
 // * installing/installing_gcp/installing-gcp-user-infra.adoc
 // * installing/installing_gcp/installing-gcp-shared-vpc.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
+// * installing/installing-aws-localzone.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-restricted-networks-aws"]
 :restricted:
@@ -22,7 +24,7 @@ endif::[]
 ifeval::["{context}" == "installing-aws-localzone"]
 :cp-first: Amazon Web Services
 :cp: AWS
-:localzone:
+:aws:
 endif::[]
 ifeval::["{context}" == "installing-azure-user-infra"]
 :cp-first: Microsoft Azure
@@ -58,17 +60,14 @@ ifeval::["{context}" == "installing-openstack-user"]
 :cp-first: Red Hat OpenStack Platform
 :cp: RHOSP
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:cp-first: Red Hat OpenStack Platform
-:cp: RHOSP
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :cp-first: Red Hat OpenStack Platform
 :cp: RHOSP
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:cp-first: Red Hat OpenStack Platform
-:cp: RHOSP
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:cp-first: Microsoft Azure
+:cp: Azure
+:azure:
 endif::[]
 
 [id="installation-user-infra-generate_{context}"]
@@ -83,9 +82,6 @@ endif::ash[]
 ifdef::aws,gcp[]
 To install {product-title} on {cp-first} ({cp}) using user-provisioned infrastructure, you must generate the files that the installation program needs to deploy your cluster and modify them so that the cluster creates only the machines that it will use. You generate and customize the `install-config.yaml` file, Kubernetes manifests, and Ignition config files. You also have the option to first set up a separate `var` partition during the preparation phases of installation.
 endif::aws,gcp[]
-ifdef::localzone[]
-To install {product-title} on {cp-first} ({cp}) and use AWS Local Zones, you must generate the files that the installation program needs to deploy your cluster and modify them so that the cluster creates only the machines that it will use. You generate and customize the `install-config.yaml` file and configure add Local Zone subnets to it.
-endif::localzone[]
 ifdef::gcp-shared[]
 To install {product-title} on {cp-first} ({cp}) into a shared VPC, you must generate the `install-config.yaml` file and modify it so that the cluster uses the correct VPC networks, DNS zones, and project names.
 endif::gcp-shared[]
@@ -101,11 +97,6 @@ ifeval::["{context}" == "installing-aws-user-infra"]
 :!cp:
 :!aws:
 endif::[]
-ifeval::["{context}" == "installing-aws-localzone"]
-:!cp-first: Amazon Web Services
-:!cp: AWS
-:!localzone:
-endif::[]
 ifeval::["{context}" == "installing-azure-user-infra"]
 :!cp-first:
 :!cp:
@@ -140,15 +131,12 @@ ifeval::["{context}" == "installing-openstack-user"]
 :!cp-first: Red Hat OpenStack Platform
 :!cp: RHOSP
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!cp-first: Red Hat OpenStack Platform
-:!cp: RHOSP
-endif::[]
 ifeval::["{context}" == "installing-openstack-user-sr-iov"]
 :!cp-first: Red Hat OpenStack Platform
 :!cp: RHOSP
 endif::[]
-ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
-:!cp-first: Red Hat OpenStack Platform
-:!cp: RHOSP
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!cp-first: Microsoft Azure
+:!cp: Azure
+:!azure:
 endif::[]
diff --git a/modules/installation-user-infra-machines-advanced-console-configuration.adoc b/modules/installation-user-infra-machines-advanced-console-configuration.adoc
index 318bec9e939f..4fa9715b9dd3 100644
--- a/modules/installation-user-infra-machines-advanced-console-configuration.adoc
+++ b/modules/installation-user-infra-machines-advanced-console-configuration.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-user-infra-machines-advanced-console-configuration_{context}"]
 = Default console configuration
 
diff --git a/modules/installation-user-infra-machines-advanced-customizing-iso-or-pxe.adoc b/modules/installation-user-infra-machines-advanced-customizing-iso-or-pxe.adoc
index 01300cae7fae..c376d4f9348a 100644
--- a/modules/installation-user-infra-machines-advanced-customizing-iso-or-pxe.adoc
+++ b/modules/installation-user-infra-machines-advanced-customizing-iso-or-pxe.adoc
@@ -14,4 +14,4 @@ The `customize` subcommand is a general purpose tool that can embed other types
 
 * Inject custom CA certificates for when corporate security policy requires their use.
 * Configure network settings without the need for kernel arguments.
-* Embed arbitrary pre-install and post-install scripts or binaries.
+* Embed arbitrary preinstall and post-install scripts or binaries.
diff --git a/modules/installation-user-infra-machines-advanced-customizing-live-ca-certs.adoc b/modules/installation-user-infra-machines-advanced-customizing-live-ca-certs.adoc
index 1a9244f7e3df..e6fcfa65eff0 100644
--- a/modules/installation-user-infra-machines-advanced-customizing-live-ca-certs.adoc
+++ b/modules/installation-user-infra-machines-advanced-customizing-live-ca-certs.adoc
@@ -4,11 +4,17 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing_bare_metal/installing-bare-metal-network-customizations.adoc
 
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-advanced-customizing-live-{boot}-ca-certs_{context}"]
 = Modifying a live install {boot-media} to use a custom certificate authority
 
 You can provide certificate authority (CA) certificates to Ignition with the `--ignition-ca` flag of the `customize` subcommand. You can use the CA certificates during both the installation boot and when provisioning the installed system.
 
+[NOTE]
+====
+Custom CA certificates affect how Ignition fetches remote resources but they do not affect the certificates installed onto the system.
+====
+
 .Procedure
 
 . Download the `coreos-installer` binary from the link:https://mirror.openshift.com/pub/openshift-v4/clients/coreos-installer/latest/[`coreos-installer` image mirror] page.
@@ -21,6 +27,7 @@ ifeval::["{boot-media}" == "ISO image"]
 $ coreos-installer iso customize rhcos-<version>-live.x86_64.iso --ignition-ca cert.pem
 ----
 endif::[]
+
 ifeval::["{boot-media}" == "PXE environment"]
 . Retrieve the {op-system} `kernel`, `initramfs` and `rootfs` files from the link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/[{op-system} image mirror] page and run the following command to create a new customized `initramfs` file for use with a custom CA:
 +
@@ -30,17 +37,14 @@ $ coreos-installer pxe customize rhcos-<version>-live-initramfs.x86_64.img \
     --ignition-ca cert.pem \
     -o rhcos-<version>-custom-initramfs.x86_64.img
 ----
+
+. Use the customized `initramfs` file in your PXE configuration. Add the `ignition.firstboot` and `ignition.platform.id=metal` kernel arguments if they are not already present.
 endif::[]
-+
+
 [IMPORTANT]
 ====
 The `coreos.inst.ignition_url` kernel parameter does not work with the `--ignition-ca` flag.
 You must use the `--dest-ignition` flag to create a customized image for each cluster.
 ====
-+
-[NOTE]
-====
-Custom CA certificates affect how Ignition fetches remote resources but they do not affect the certificates installed onto the system.
-====
-+
-Your CA certificate is applied and affects every subsequent boot of the {boot-media}.
+
+Applying your custom CA certificate affects every subsequent boot of {op-system}.
diff --git a/modules/installation-user-infra-machines-advanced-customizing-live-network-config.adoc b/modules/installation-user-infra-machines-advanced-customizing-live-network-config.adoc
index 39b3d5675bd7..634b0bdec0f7 100644
--- a/modules/installation-user-infra-machines-advanced-customizing-live-network-config.adoc
+++ b/modules/installation-user-infra-machines-advanced-customizing-live-network-config.adoc
@@ -4,10 +4,16 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing_bare_metal/installing-bare-metal-network-customizations.adoc
 
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-advanced-customizing-live-{boot}_network_keyfile_{context}"]
 = Modifying a live install {boot-media} with customized network settings
 You can embed a NetworkManager keyfile into the live {boot-media} and pass it through to the installed system with the `--network-keyfile` flag of the `customize` subcommand.
 
+[WARNING]
+====
+When creating a connection profile, you must use a `.nmconnection` filename extension in the filename of the connection profile. If you do not use a `.nmconnection` filename extension, the cluster will apply the connection profile to the live environment, but it will not apply the configuration when the cluster first boots up the nodes, resulting in a setup that does not work.
+====
+
 .Procedure
 
 . Download the `coreos-installer` binary from the link:https://mirror.openshift.com/pub/openshift-v4/clients/coreos-installer/latest/[`coreos-installer` image mirror] page.
@@ -38,7 +44,7 @@ method=auto
 
 [proxy]
 ----
-+
+
 . Create a connection profile for a secondary interface to add to the bond. For example, create the `bond0-proxy-em1.nmconnection` file in your local directory with the following content:
 +
 [source,ini]
@@ -55,7 +61,7 @@ slave-type=bond
 [ethernet]
 mac-address-blacklist=
 ----
-+
+
 . Create a connection profile for a secondary interface to add to the bond. For example, create the `bond0-proxy-em2.nmconnection` file in your local directory with the following content:
 +
 [source,ini]
@@ -72,7 +78,7 @@ slave-type=bond
 [ethernet]
 mac-address-blacklist=
 ----
-+
+
 ifeval::["{boot-media}" == "ISO image"]
 . Retrieve the {op-system} ISO image from the link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/[{op-system} image mirror] page and run the following command to customize the ISO image with your configured networking:
 +
@@ -96,6 +102,8 @@ $ coreos-installer pxe customize rhcos-<version>-live-initramfs.x86_64.img \
     --network-keyfile bond0-proxy-em2.nmconnection \
     -o rhcos-<version>-custom-initramfs.x86_64.img
 ----
+
+. Use the customized `initramfs` file in your PXE configuration. Add the `ignition.firstboot` and `ignition.platform.id=metal` kernel arguments if they are not already present.
 endif::[]
 +
 Network settings are applied to the live system and are carried over to the destination system.
diff --git a/modules/installation-user-infra-machines-advanced-customizing-live-serial-console.adoc b/modules/installation-user-infra-machines-advanced-customizing-live-serial-console.adoc
index c0a2e3517921..f9733dcfafcb 100644
--- a/modules/installation-user-infra-machines-advanced-customizing-live-serial-console.adoc
+++ b/modules/installation-user-infra-machines-advanced-customizing-live-serial-console.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-advanced-customizing-live-{boot}-serial-console_{context}"]
 = Modifying a live install {boot-media} to enable the serial console
 
@@ -23,13 +23,13 @@ $ coreos-installer iso customize rhcos-<version>-live.x86_64.iso \
   --dest-ignition <path> \//<1>
   --dest-console tty0 \//<2>
   --dest-console ttyS0,<options> \//<3>
-  --dest-device /dev/sda <4>
+  --dest-device /dev/disk/by-id/scsi-<serial_number> <4>
 ----
 +
 <1> The location of the Ignition config to install.
 <2> The desired secondary console. In this case, the graphical console. Omitting this option will disable the graphical console.
 <3> The desired primary console. In this case, the serial console. The `options` field defines the baud rate and other settings. A common value for this field is `115200n8`. If no options are provided, the default kernel value of `9600n8` is used. For more information on the format of this option, see the link:https://www.kernel.org/doc/html/latest/admin-guide/serial-console.html[Linux kernel serial console] documentation.
-<4> The specified disk to install to. In this case, `/dev/sda`. If you omit this option, the {boot-media} automatically runs the installation program which will fail unless you also specify the `coreos.inst.install_dev` kernel argument.
+<4> The specified disk to install to. If you omit this option, the {boot-media} automatically runs the installation program which will fail unless you also specify the `coreos.inst.install_dev` kernel argument.
 +
 [NOTE]
 ====
@@ -58,14 +58,15 @@ $ coreos-installer pxe customize rhcos-<version>-live-initramfs.x86_64.img \
   --dest-ignition <path> \//<1>
   --dest-console tty0 \//<2>
   --dest-console ttyS0,<options> \//<3>
-  --dest-device /dev/sda \//<4>
-  -o rhcos-<version>-custom-initramfs.x86_64.img
+  --dest-device /dev/disk/by-id/scsi-<serial_number> \//<4>
+  -o rhcos-<version>-custom-initramfs.x86_64.img <5>
 ----
 +
 <1> The location of the Ignition config to install.
 <2> The desired secondary console. In this case, the graphical console. Omitting this option will disable the graphical console.
 <3> The desired primary console. In this case, the serial console. The `options` field defines the baud rate and other settings. A common value for this field is `115200n8`. If no options are provided, the default kernel value of `9600n8` is used. For more information on the format of this option, see the link:https://www.kernel.org/doc/html/latest/admin-guide/serial-console.html[Linux kernel serial console] documentation.
-<4> The specified disk to install to. In this case, `/dev/sda`. If you omit this option, the {boot-media} automatically runs the installer which will fail unless you also specify the `coreos.inst.install_dev` kernel argument.
+<4> The specified disk to install to. If you omit this option, the {boot-media} automatically runs the installer which will fail unless you also specify the `coreos.inst.install_dev` kernel argument.
+<5> Use the customized `initramfs` file in your PXE configuration. Add the `ignition.firstboot` and `ignition.platform.id=metal` kernel arguments if they are not already present.
 +
 Your customizations are applied and affect every subsequent boot of the {boot-media}.
 endif::[]
diff --git a/modules/installation-user-infra-machines-advanced-customizing-live.adoc b/modules/installation-user-infra-machines-advanced-customizing-live.adoc
index 4e328052194f..4743447e3932 100644
--- a/modules/installation-user-infra-machines-advanced-customizing-live.adoc
+++ b/modules/installation-user-infra-machines-advanced-customizing-live.adoc
@@ -4,6 +4,7 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing_bare_metal/installing-bare-metal-network-customizations.adoc
 
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-advanced-customizing-live-{boot}_{context}"]
 = Customizing a live {op-system} {boot-media}
 You can customize a live {op-system} {boot-media} directly with the
@@ -28,8 +29,19 @@ ifeval::["{boot-media}" == "ISO image"]
 ----
 $ coreos-installer iso customize rhcos-<version>-live.x86_64.iso \
     --dest-ignition bootstrap.ign \ <1>
-    --dest-device /dev/sda <2>
+    --dest-device /dev/disk/by-id/scsi-<serial_number> <2>
 ----
+<1> The Ignition config file that is generated from the `openshift-installer` installation program.
+<2> When you specify this option, the {boot-media} automatically runs an installation. Otherwise, the image remains configured for installation, but does not install automatically unless you specify the `coreos.inst.install_dev` kernel argument.
+
+. Optional: To remove the {boot-media} customizations and return the image to its pristine state, run:
++
+[source,terminal]
+----
+$ coreos-installer iso reset rhcos-<version>-live.x86_64.iso
+----
++
+You can now re-customize the live {boot-media} or use it in its pristine state.
 endif::[]
 
 ifeval::["{boot-media}" == "PXE environment"]
@@ -39,22 +51,12 @@ ifeval::["{boot-media}" == "PXE environment"]
 ----
 $ coreos-installer pxe customize rhcos-<version>-live-initramfs.x86_64.img \
     --dest-ignition bootstrap.ign \ <1>
-    --dest-device /dev/sda \ <2>
-    -o rhcos-<version>-custom-initramfs.x86_64.img
+    --dest-device /dev/disk/by-id/scsi-<serial_number> \ <2>
+    -o rhcos-<version>-custom-initramfs.x86_64.img <3>
 ----
-endif::[]
 <1> The Ignition config file that is generated from `openshift-installer`.
 <2> When you specify this option, the {boot-media} automatically runs an install. Otherwise, the image remains configured for installing, but does not do so automatically unless you specify the `coreos.inst.install_dev` kernel argument.
-+
-Your customizations are applied and affect every subsequent boot of the {boot-media}.
-
-ifeval::["{boot-media}" == "ISO image"]
-. To remove the ISO image customizations and return the image to its pristine state, run:
-+
-[source,terminal]
-----
-$ coreos-installer iso reset rhcos-<version>-live.x86_64.iso
-----
-+
-You can now re-customize the live ISO image or use it in its pristine state.
+<3> Use the customized `initramfs` file in your PXE configuration. Add the `ignition.firstboot` and `ignition.platform.id=metal` kernel arguments if they are not already present.
 endif::[]
+
+Applying your customizations affects every subsequent boot of {op-system}.
diff --git a/modules/installation-user-infra-machines-advanced-enabling-serial-console.adoc b/modules/installation-user-infra-machines-advanced-enabling-serial-console.adoc
index 074b3fef2a49..7597a00a8d41 100644
--- a/modules/installation-user-infra-machines-advanced-enabling-serial-console.adoc
+++ b/modules/installation-user-infra-machines-advanced-enabling-serial-console.adoc
@@ -4,11 +4,11 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-advanced-enabling-serial-console_{context}"]
 = Enabling the serial console for PXE and ISO installations
 
-By default, the {op-system-first} serial console is disabled and all output is written to the graphical console. You can enable the serial console for an ISO installatiand reconfigure the bootloader so that output is sent to both the serial console and the graphical console.
+By default, the {op-system-first} serial console is disabled and all output is written to the graphical console. You can enable the serial console for an ISO installation and reconfigure the bootloader so that output is sent to both the serial console and the graphical console.
 
 .Procedure
 
@@ -21,7 +21,7 @@ By default, the {op-system-first} serial console is disabled and all output is w
 $ coreos-installer install \
   --console=tty0 \//<1>
   --console=ttyS0,<options> \//<2>
-  --ignition-url=http://host/worker.ign /dev/sda
+  --ignition-url=http://host/worker.ign /dev/disk/by-id/scsi-<serial_number>
 ----
 +
 <1> The desired secondary console. In this case, the graphical console. Omitting this option will disable the graphical console.
diff --git a/modules/installation-user-infra-machines-advanced.adoc b/modules/installation-user-infra-machines-advanced.adoc
index e6218590621d..cf1194a15b6e 100644
--- a/modules/installation-user-infra-machines-advanced.adoc
+++ b/modules/installation-user-infra-machines-advanced.adoc
@@ -2,9 +2,15 @@
 //
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
-// * installing_bare_metal/installing-bare-metal-network-customizations.adoc
+// * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
+// * installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "installing-with-agent-based-installer"]
+:agent:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+ifndef::agent[]
 [id="installation-user-infra-machines-advanced_{context}"]
 = Advanced {op-system} installation configuration
 
@@ -49,7 +55,7 @@ system using available RHEL tools, such as `nmcli` or `nmtui`.
 [source,terminal]
 ----
 $ sudo coreos-installer install --copy-network \
-     --ignition-url=http://host/worker.ign /dev/sda
+     --ignition-url=http://host/worker.ign /dev/disk/by-id/scsi-<serial_number>
 ----
 +
 [IMPORTANT]
@@ -96,6 +102,13 @@ The use of custom partitions could result in those partitions not being monitore
 
 [id="installation-user-infra-machines-advanced_vardisk_{context}"]
 === Creating a separate `/var` partition
+endif::agent[]
+
+ifdef::agent[]
+[id="installing-ocp-agent-disk-partition_{context}"]
+= Disk partitioning
+endif::agent[]
+
 In general, you should use the default disk partitioning that is created during the {op-system} installation. However, there are cases where you might want to create a separate partition for a directory that you expect to grow.
 
 {product-title} supports the addition of a single partition to attach
@@ -120,26 +133,37 @@ The following procedure sets up a separate `/var` partition by adding a machine
 
 .Procedure
 
+ifndef::agent[]
 . On your installation host, change to the directory that contains the {product-title} installation program and generate the Kubernetes manifests for the cluster:
 +
 [source,terminal]
 ----
 $ openshift-install create manifests --dir <installation_directory>
 ----
+endif::agent[]
+
+ifdef::agent[]
+. On your installation host, create the `openshift` subdirectory within the installation directory:
++
+[source,terminal]
+----
+$ mkdir <installation_directory>/openshift
+----
+endif::agent[]
 
 . Create a Butane config that configures the additional partition. For example, name the file `$HOME/clusterconfig/98-var-partition.bu`, change the disk device name to the name of the storage device on the `worker` systems, and set the storage size as appropriate. This example places the `/var` directory on a separate partition:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   labels:
     machineconfiguration.openshift.io/role: worker
   name: 98-var-partition
 storage:
   disks:
-  - device: /dev/<device_name> <1>
+  - device: /dev/disk/by-id/<device_name> <1>
     partitions:
     - label: var
       start_mib: <partition_start_offset> <2>
@@ -169,6 +193,7 @@ When creating a separate `/var` partition, you cannot use different instance typ
 $ butane $HOME/clusterconfig/98-var-partition.bu -o $HOME/clusterconfig/openshift/98-var-partition.yaml
 ----
 
+ifndef::agent[]
 . Create the Ignition config files:
 +
 [source,terminal]
@@ -217,7 +242,7 @@ This example preserves any partition in which the partition label begins with `d
 [source,terminal]
 ----
 # coreos-installer install --ignition-url http://10.0.2.2:8080/user.ign \
-        --save-partlabel 'data*' /dev/sda
+        --save-partlabel 'data*' /dev/disk/by-id/scsi-<serial_number>
 ----
 
 The following example illustrates running the `coreos-installer` in a way that preserves
@@ -226,7 +251,7 @@ the sixth (6) partition on the disk:
 [source,terminal]
 ----
 # coreos-installer install --ignition-url http://10.0.2.2:8080/user.ign \
-        --save-partindex 6 /dev/sda
+        --save-partindex 6 /dev/disk/by-id/scsi-<serial_number>
 ----
 
 This example preserves partitions 5 and higher:
@@ -234,7 +259,7 @@ This example preserves partitions 5 and higher:
 [source,terminal]
 ----
 # coreos-installer install --ignition-url http://10.0.2.2:8080/user.ign
-        --save-partindex 5- /dev/sda
+        --save-partindex 5- /dev/disk/by-id/scsi-<serial_number>
 ----
 
 In the previous examples where partition saving is used, `coreos-installer` recreates the partition immediately.
@@ -289,3 +314,8 @@ For PXE or ISO boots, you can create the Ignition config
 and `APPEND` the `ignition.config.url=` option to identify the location of
 the Ignition config. You also need to append `ignition.firstboot ignition.platform.id=metal`
 or the `ignition.config.url` option will be ignored.
+endif::agent[]
+
+ifeval::["{context}" == "installing-with-agent-based-installer"]
+:!agent:
+endif::[]
diff --git a/modules/installation-user-infra-machines-iso.adoc b/modules/installation-user-infra-machines-iso.adoc
index aa3741f0c583..7bea85e9ba9d 100644
--- a/modules/installation-user-infra-machines-iso.adoc
+++ b/modules/installation-user-infra-machines-iso.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-iso_{context}"]
 = Installing {op-system} by using an ISO image
 
@@ -85,10 +85,10 @@ $ openshift-install coreos print-stream-json | grep '\.iso[^.]'
 [source,terminal]
 ifndef::openshift-origin[]
 ----
-"location": "<url>/art/storage/releases/rhcos-4.13-aarch64/<release>/aarch64/rhcos-<release>-live.aarch64.iso",
-"location": "<url>/art/storage/releases/rhcos-4.13-ppc64le/<release>/ppc64le/rhcos-<release>-live.ppc64le.iso",
-"location": "<url>/art/storage/releases/rhcos-4.13-s390x/<release>/s390x/rhcos-<release>-live.s390x.iso",
-"location": "<url>/art/storage/releases/rhcos-4.13/<release>/x86_64/rhcos-<release>-live.x86_64.iso",
+"location": "<url>/art/storage/releases/rhcos-4.15-aarch64/<release>/aarch64/rhcos-<release>-live.aarch64.iso",
+"location": "<url>/art/storage/releases/rhcos-4.15-ppc64le/<release>/ppc64le/rhcos-<release>-live.ppc64le.iso",
+"location": "<url>/art/storage/releases/rhcos-4.15-s390x/<release>/s390x/rhcos-<release>-live.s390x.iso",
+"location": "<url>/art/storage/releases/rhcos-4.15/<release>/x86_64/rhcos-<release>-live.x86_64.iso",
 ----
 endif::openshift-origin[]
 ifdef::openshift-origin[]
diff --git a/modules/installation-user-infra-machines-pxe.adoc b/modules/installation-user-infra-machines-pxe.adoc
index 374099c74a91..707e6e0ba6ae 100644
--- a/modules/installation-user-infra-machines-pxe.adoc
+++ b/modules/installation-user-infra-machines-pxe.adoc
@@ -16,7 +16,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :only-pxe:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-infra-machines-pxe_{context}"]
 ifndef::only-pxe[]
 = Installing {op-system} by using PXE or iPXE booting
@@ -101,18 +101,18 @@ $ openshift-install coreos print-stream-json | grep -Eo '"https.*(kernel-|initra
 [source,terminal]
 ifndef::openshift-origin[]
 ----
-"<url>/art/storage/releases/rhcos-4.13-aarch64/<release>/aarch64/rhcos-<release>-live-kernel-aarch64"
-"<url>/art/storage/releases/rhcos-4.13-aarch64/<release>/aarch64/rhcos-<release>-live-initramfs.aarch64.img"
-"<url>/art/storage/releases/rhcos-4.13-aarch64/<release>/aarch64/rhcos-<release>-live-rootfs.aarch64.img"
-"<url>/art/storage/releases/rhcos-4.13-ppc64le/49.84.202110081256-0/ppc64le/rhcos-<release>-live-kernel-ppc64le"
-"<url>/art/storage/releases/rhcos-4.13-ppc64le/<release>/ppc64le/rhcos-<release>-live-initramfs.ppc64le.img"
-"<url>/art/storage/releases/rhcos-4.13-ppc64le/<release>/ppc64le/rhcos-<release>-live-rootfs.ppc64le.img"
-"<url>/art/storage/releases/rhcos-4.13-s390x/<release>/s390x/rhcos-<release>-live-kernel-s390x"
-"<url>/art/storage/releases/rhcos-4.13-s390x/<release>/s390x/rhcos-<release>-live-initramfs.s390x.img"
-"<url>/art/storage/releases/rhcos-4.13-s390x/<release>/s390x/rhcos-<release>-live-rootfs.s390x.img"
-"<url>/art/storage/releases/rhcos-4.13/<release>/x86_64/rhcos-<release>-live-kernel-x86_64"
-"<url>/art/storage/releases/rhcos-4.13/<release>/x86_64/rhcos-<release>-live-initramfs.x86_64.img"
-"<url>/art/storage/releases/rhcos-4.13/<release>/x86_64/rhcos-<release>-live-rootfs.x86_64.img"
+"<url>/art/storage/releases/rhcos-4.15-aarch64/<release>/aarch64/rhcos-<release>-live-kernel-aarch64"
+"<url>/art/storage/releases/rhcos-4.15-aarch64/<release>/aarch64/rhcos-<release>-live-initramfs.aarch64.img"
+"<url>/art/storage/releases/rhcos-4.15-aarch64/<release>/aarch64/rhcos-<release>-live-rootfs.aarch64.img"
+"<url>/art/storage/releases/rhcos-4.15-ppc64le/49.84.202110081256-0/ppc64le/rhcos-<release>-live-kernel-ppc64le"
+"<url>/art/storage/releases/rhcos-4.15-ppc64le/<release>/ppc64le/rhcos-<release>-live-initramfs.ppc64le.img"
+"<url>/art/storage/releases/rhcos-4.15-ppc64le/<release>/ppc64le/rhcos-<release>-live-rootfs.ppc64le.img"
+"<url>/art/storage/releases/rhcos-4.15-s390x/<release>/s390x/rhcos-<release>-live-kernel-s390x"
+"<url>/art/storage/releases/rhcos-4.15-s390x/<release>/s390x/rhcos-<release>-live-initramfs.s390x.img"
+"<url>/art/storage/releases/rhcos-4.15-s390x/<release>/s390x/rhcos-<release>-live-rootfs.s390x.img"
+"<url>/art/storage/releases/rhcos-4.15/<release>/x86_64/rhcos-<release>-live-kernel-x86_64"
+"<url>/art/storage/releases/rhcos-4.15/<release>/x86_64/rhcos-<release>-live-initramfs.x86_64.img"
+"<url>/art/storage/releases/rhcos-4.15/<release>/x86_64/rhcos-<release>-live-rootfs.x86_64.img"
 ----
 endif::openshift-origin[]
 ifdef::openshift-origin[]
diff --git a/modules/installation-user-infra-machines-static-network.adoc b/modules/installation-user-infra-machines-static-network.adoc
index c5038e5a4338..a100c4654027 100644
--- a/modules/installation-user-infra-machines-static-network.adoc
+++ b/modules/installation-user-infra-machines-static-network.adoc
@@ -33,7 +33,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :restricted:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="installation-user-infra-machines-static-network_{context}"]
 = Advanced {op-system} installation reference
 
@@ -61,7 +61,7 @@ The following information provides examples for configuring networking and bondi
 Ordering is important when adding the kernel arguments: `ip=`, `nameserver=`, and then `bond=`.
 ====
 
-The networking options are passed to the `dracut` tool during system boot. For more information about the networking options supported by `dracut`, see the `dracut.cmdline` manual page.
+The networking options are passed to the `dracut` tool during system boot. For more information about the networking options supported by `dracut`, see the link:https://www.man7.org/linux/man-pages/man7/dracut.cmdline.7.html[`dracut.cmdline` manual page].
 
 endif::ibm-z-kvm[]
 ifdef::ibm-z-kvm[]
@@ -314,6 +314,7 @@ ip=10.10.10.2::10.10.10.254:255.255.255.0:core0.example.com:bond0:none
 ----
 endif::ibm-z[]
 
+ifndef::ibm-power[]
 [discrete]
 === Using network teaming
 
@@ -335,6 +336,7 @@ Use the following example to configure a network team:
 team=team0:em1,em2
 ip=team0:dhcp
 ----
+endif::ibm-power[]
 endif::ibm-z-kvm[]
 
 ifndef::ibm-z,ibm-z-kvm,ibm-power[]
diff --git a/modules/installation-user-provisioned-validating-dns.adoc b/modules/installation-user-provisioned-validating-dns.adoc
index 8a5c168097c5..04c4febdfc8b 100644
--- a/modules/installation-user-provisioned-validating-dns.adoc
+++ b/modules/installation-user-provisioned-validating-dns.adoc
@@ -9,12 +9,12 @@
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
+// * installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
+// * installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc
+// * installing/installing_vmc/installing-vmc-user-infra.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-user-provisioned-validating-dns_{context}"]
 = Validating DNS resolution for user-provisioned infrastructure
 
@@ -45,7 +45,7 @@ $ dig +noall +answer @<nameserver_ip> api.<cluster_name>.<base_domain> <1>
 .Example output
 [source,terminal]
 ----
-api.ocp4.example.com.		0	IN	A	192.168.1.5
+api.ocp4.example.com.		604800	IN	A	192.168.1.5
 ----
 
 .. Perform a lookup against the Kubernetes internal API record name. Check that the result points to the IP address of the API load balancer:
@@ -58,7 +58,7 @@ $ dig +noall +answer @<nameserver_ip> api-int.<cluster_name>.<base_domain>
 .Example output
 [source,terminal]
 ----
-api-int.ocp4.example.com.		0	IN	A	192.168.1.5
+api-int.ocp4.example.com.		604800	IN	A	192.168.1.5
 ----
 
 .. Test an example `*.apps.<cluster_name>.<base_domain>` DNS wildcard lookup. All of the application wildcard lookups must resolve to the IP address of the application ingress load balancer:
@@ -71,7 +71,7 @@ $ dig +noall +answer @<nameserver_ip> random.apps.<cluster_name>.<base_domain>
 .Example output
 [source,terminal]
 ----
-random.apps.ocp4.example.com.		0	IN	A	192.168.1.5
+random.apps.ocp4.example.com.		604800	IN	A	192.168.1.5
 ----
 +
 [NOTE]
@@ -89,7 +89,7 @@ $ dig +noall +answer @<nameserver_ip> console-openshift-console.apps.<cluster_na
 .Example output
 [source,terminal]
 ----
-console-openshift-console.apps.ocp4.example.com. 0 IN	A 192.168.1.5
+console-openshift-console.apps.ocp4.example.com. 604800 IN	A 192.168.1.5
 ----
 
 .. Run a lookup against the bootstrap DNS record name. Check that the result points to the IP address of the bootstrap node:
@@ -102,7 +102,7 @@ $ dig +noall +answer @<nameserver_ip> bootstrap.<cluster_name>.<base_domain>
 .Example output
 [source,terminal]
 ----
-bootstrap.ocp4.example.com.		0	IN	A	192.168.1.96
+bootstrap.ocp4.example.com.		604800	IN	A	192.168.1.96
 ----
 
 .. Use this method to perform lookups against the DNS record names for the control plane and compute nodes. Check that the results correspond to the IP addresses of each node.
@@ -119,8 +119,8 @@ $ dig +noall +answer @<nameserver_ip> -x 192.168.1.5
 .Example output
 [source,terminal]
 ----
-5.1.168.192.in-addr.arpa. 0	IN	PTR	api-int.ocp4.example.com. <1>
-5.1.168.192.in-addr.arpa. 0	IN	PTR	api.ocp4.example.com. <2>
+5.1.168.192.in-addr.arpa. 604800	IN	PTR	api-int.ocp4.example.com. <1>
+5.1.168.192.in-addr.arpa. 604800	IN	PTR	api.ocp4.example.com. <2>
 ----
 +
 <1> Provides the record name for the Kubernetes internal API.
@@ -141,7 +141,7 @@ $ dig +noall +answer @<nameserver_ip> -x 192.168.1.96
 .Example output
 [source,terminal]
 ----
-96.1.168.192.in-addr.arpa. 0	IN	PTR	bootstrap.ocp4.example.com.
+96.1.168.192.in-addr.arpa. 604800	IN	PTR	bootstrap.ocp4.example.com.
 ----
 
 .. Use this method to perform reverse lookups against the IP addresses for the control plane and compute nodes. Check that the results correspond to the DNS record names of each node.
diff --git a/modules/installation-using-azure-managed-identities.adoc b/modules/installation-using-azure-managed-identities.adoc
new file mode 100644
index 000000000000..e97f0668f5e1
--- /dev/null
+++ b/modules/installation-using-azure-managed-identities.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_azure/installing-azure-account.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-using-azure-managed-identities_{context}"]
+= Using Azure managed identities
+
+The installation program requires an Azure identity to complete the installation. You can use either a system-assigned or user-assigned managed identity.
+
+If you are unable to use a managed identity, you can use a service principal.
+
+.Procedure
+
+. If you are using a system-assigned managed identity, enable it on the virtual machine that you will run the installation program from.
+. If you are using a user-assigned managed identity:
+.. Assign it to the virtual machine that you will run the installation program from.
+.. Record its client ID. You require this value when installing the cluster.
++
+For more information about viewing the details of a user-assigned managed identity, see the Microsoft Azure documentation for link:https:https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp#list-user-assigned-managed-identities[listing user-assigned managed identities].
+. Verify that the required permissions are assigned to the managed identity.
diff --git a/modules/installation-using-gcp-custom-machine-types.adoc b/modules/installation-using-gcp-custom-machine-types.adoc
index ed96036f8009..d9e9541fc3ee 100644
--- a/modules/installation-using-gcp-custom-machine-types.adoc
+++ b/modules/installation-using-gcp-custom-machine-types.adoc
@@ -25,7 +25,7 @@ ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisione
 :ipi:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-custom-machine-types_{context}"]
 = Using custom machine types
 Using a custom machine type to install a {product-title} cluster is supported.
diff --git a/modules/installation-vsphere-config-yaml.adoc b/modules/installation-vsphere-config-yaml.adoc
index 890b6a414c4b..40aaa9b7bb20 100644
--- a/modules/installation-vsphere-config-yaml.adoc
+++ b/modules/installation-vsphere-config-yaml.adoc
@@ -7,10 +7,12 @@
 ifeval::["{context}" == "installing-restricted-networks-vsphere"]
 :restricted:
 endif::[]
+// Verify the validity of the following ifdef statement in a later Jira
 ifdef::openshift-origin[]
 :restricted:
 endif::[]
 
+:_mod-docs-content-type: CONCEPT
 [id="installation-vsphere-config-yaml_{context}"]
 = Sample `install-config.yaml` file for VMware vSphere
 
@@ -25,46 +27,40 @@ apiVersion: v1
 baseDomain: example.com <1>
 compute: <2>
 - architecture: amd64
-  hyperthreading: Enabled <3>
   name: <worker_node>
   platform: {}
-  replicas: 0 <4>
+  replicas: 0 <3>
 controlPlane: <2>
   architecture: amd64
-  hyperthreading: Enabled <3>
   name: <parent_node>
   platform: {}
-  replicas: 3 <5>
+  replicas: 3 <4>
 metadata:
   creationTimestamp: null
-  name: test <6>
+  name: test <5>
 networking:
 ---
 platform:
   vsphere:
-    apiVIPs:
-    - 10.0.0.1
-    failureDomains: <7>
+    failureDomains: <6>
     - name: <failure_domain_name>
       region: <default_region_name>
       server: <fully_qualified_domain_name>
       topology:
         computeCluster: "/<datacenter>/host/<cluster>"
-        datacenter: <datacenter> <8>
-        datastore: "/<datacenter>/datastore/<datastore>"
+        datacenter: <datacenter> <7>
+        datastore: "/<datacenter>/datastore/<datastore>" <8>
         networks:
         - <VM_Network_name>
         resourcePool: "/<datacenter>/host/<cluster>/Resources/<resourcePool>" <9>
         folder: "/<datacenter_name>/vm/<folder_name>/<subfolder_name>" <10>
       zone: <default_zone_name>
-    ingressVIPs:
-    - 10.0.0.2
     vcenters:
     - datacenters:
       - <datacenter>
-      password: <password> <12>
+      password: <password> <11>
       port: 443
-      server: <fully_qualified_domain_name> <11>
+      server: <fully_qualified_domain_name> <12>
       user: administrator@vsphere.local
     diskType: thin <13>
 ifndef::restricted[]
@@ -101,11 +97,11 @@ additionalTrustBundle: | <17>
   -----END CERTIFICATE-----
 imageContentSources: <18>
 - mirrors:
-  - <local_registry>/<local_repository_name>/release
-  source: quay.io/openshift-release-dev/ocp-release
+  - <mirror_host_name>:<mirror_port>/<repo_name>/release
+  source: <source_image_1>
 - mirrors:
-  - <local_registry>/<local_repository_name>/release
-  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+  - <mirror_host_name>:<mirror_port>/<repo_name>/release-images
+  source: <source_image_2>
 endif::openshift-origin[]
 ifdef::openshift-origin[]
 additionalTrustBundle: | <16>
@@ -114,11 +110,11 @@ additionalTrustBundle: | <16>
   -----END CERTIFICATE-----
 imageContentSources: <17>
 - mirrors:
-  - <local_registry>/<local_repository_name>/release
-  source: quay.io/openshift-release-dev/ocp-release
+  - <mirror_host_name>:<mirror_port>/<repo_name>/release
+  source: <source_image_1>
 - mirrors:
-  - <local_registry>/<local_repository_name>/release
-  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+  - <mirror_host_name>:<mirror_port>/<repo_name>/release-images
+  source: <source_image_2>
 endif::openshift-origin[]
 endif::restricted[]
 ----
@@ -128,42 +124,41 @@ base and include the cluster name.
 sequence of mappings. To meet the requirements of the different data structures,
 the first line of the `compute` section must begin with a hyphen, `-`, and the
 first line of the `controlPlane` section must not. Both sections define a single machine pool, so only one control plane is used. {product-title} does not support defining multiple compute pools.
-<3> Whether to enable or disable simultaneous multithreading, or
-`hyperthreading`. By default, simultaneous multithreading is enabled
-to increase the performance of your machines' cores. You can disable it by
-setting the parameter value to `Disabled`. If you disable simultaneous
-multithreading in some cluster machines, you must disable it in all cluster
-machines.
-+
-[IMPORTANT]
-====
-If you disable simultaneous multithreading, ensure that your capacity planning
-accounts for the dramatically decreased machine performance.
-Your machines must use at least 8 CPUs and 32 GB of RAM if you disable
-simultaneous multithreading.
-====
-<4> You must set the value of the `replicas` parameter to `0`. This parameter
+<3> You must set the value of the `replicas` parameter to `0`. This parameter
 controls the number of workers that the cluster creates and manages for you,
 which are functions that the cluster does not perform when you
 use user-provisioned infrastructure. You must manually deploy worker
 machines for the cluster to use before you finish installing {product-title}.
-<5> The number of control plane machines that you add to the cluster. Because
+<4> The number of control plane machines that you add to the cluster. Because
 the cluster uses this values as the number of etcd endpoints in the cluster, the
 value must match the number of control plane machines that you deploy.
-<6> The cluster name that you specified in your DNS records.
-<7> Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
-<8> The vSphere datacenter.
-<9> Optional parameter. For installer-provisioned infrastructure, the absolute path of an existing resource pool where the installation program creates the virtual machines, for example, `/<datacenter_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`. If you do not specify a value, resources are installed in the root of the cluster `/example_datacenter/host/example_cluster/Resources`.
-<10> Optional parameter For installer-provisioned infrastructure, the absolute path of an existing folder where the installation program creates the virtual machines, for example, `/<datacenter_name>/vm/<folder_name>/<subfolder_name>`. If you do not provide this value, the installation program creates a top-level folder in the datacenter virtual machine folder that is named with the infrastructure ID. If you are providing the infrastructure for the cluster, omit this parameter.
-<11> The fully-qualified hostname or IP address of the vCenter server.
-<12> The password associated with the vSphere user.
+<5> The cluster name that you specified in your DNS records.
+<6> Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
+<7> The vSphere datacenter.
+<8> The path to the vSphere datastore that holds virtual machine files, templates, and ISO images.
++
+[IMPORTANT]
+====
+You can specify the path of any datastore that exists in a datastore cluster. By default, Storage vMotion is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage vMotion to avoid data loss issues for your {product-title} cluster.
+
+If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
+====
+<9> Optional: For installer-provisioned infrastructure, the absolute path of an existing resource pool where the installation program creates the virtual machines, for example, `/<datacenter_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`. If you do not specify a value, resources are installed in the root of the cluster `/example_datacenter/host/example_cluster/Resources`.
+<10> Optional: For installer-provisioned infrastructure, the absolute path of an existing folder where the installation program creates the virtual machines, for example, `/<datacenter_name>/vm/<folder_name>/<subfolder_name>`. If you do not provide this value, the installation program creates a top-level folder in the datacenter virtual machine folder that is named with the infrastructure ID. If you are providing the infrastructure for the cluster and you do not want to use the default `StorageClass` object, named `thin`, you can omit the `folder` parameter from the `install-config.yaml` file.
+<11> The password associated with the vSphere user.
+<12> The fully-qualified hostname or IP address of the vCenter server.
++
+[IMPORTANT]
+====
+The Cluster Cloud Controller Manager Operator performs a connectivity check on a provided hostname or IP address. Ensure that you specify a hostname or an IP address to a reachable vCenter server. If you provide metadata to a non-existent vCenter server, installation of the cluster fails at the bootstrap stage.
+====
 <13> The vSphere disk provisioning method.
 ifndef::openshift-origin[]
 <14> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 +
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 endif::openshift-origin[]
 ifndef::restricted[]
diff --git a/modules/installation-vsphere-encrypted-vms.adoc b/modules/installation-vsphere-encrypted-vms.adoc
index 639795ff923d..bc62ba17c4b6 100644
--- a/modules/installation-vsphere-encrypted-vms.adoc
+++ b/modules/installation-vsphere-encrypted-vms.adoc
@@ -1,11 +1,11 @@
 // module is included in the following assemblies:
-// ../installing/installing_vsphere/installing-vsphere.adoc
+// installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-vsphere-encrypted-vms_{context}"]
 = Requirements for encrypting virtual machines
 
-You can encrypt your virtual machines prior to installing {product-title} {product-version} by meeting the following requirements. 
+You can encrypt your virtual machines prior to installing {product-title} {product-version} by meeting the following requirements.
 
 * You have configured a Standard key provider in vSphere. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vsan.doc/GUID-AC06B3C3-901F-402E-B25F-1EE7809D1264.html[Adding a KMS to vCenter Server].
 +
@@ -17,4 +17,4 @@ The Native key provider in vCenter is not supported. For more information, see l
 * You have enabled host encryption mode on all of the ESXi hosts that are hosting the cluster. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A9E1F016-51B3-472F-B8DE-803F6BDB70BC.html[Enabling host encryption mode].
 * You have a vSphere account which has all cryptographic privileges enabled. For more information, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-660CCB35-847F-46B3-81CA-10DDDB9D7AA9.html[Cryptographic Operations Privileges].
 
-When you deploy the OVF template in the section titled "Installing RHCOS and starting the OpenShift Container Platform bootstrap process", select the option to "Encrypt this virtual machine" when you are selecting storage for the OVF template. After completing cluster installation, create a storage class that uses the encryption storage policy you used to encrypt the virtual machines. 
+When you deploy the OVF template in the section titled "Installing RHCOS and starting the OpenShift Container Platform bootstrap process", select the option to "Encrypt this virtual machine" when you are selecting storage for the OVF template. After completing cluster installation, create a storage class that uses the encryption storage policy you used to encrypt the virtual machines.
diff --git a/modules/installation-vsphere-infrastructure.adoc b/modules/installation-vsphere-infrastructure.adoc
index fabb8a339116..48623d227c52 100644
--- a/modules/installation-vsphere-infrastructure.adoc
+++ b/modules/installation-vsphere-infrastructure.adoc
@@ -1,12 +1,7 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
+// * installing/installing_vsphere/upi/upi-vpshere-installation-reqs.adoc
 
 [id="installation-vsphere-infrastructure_{context}"]
 = VMware vSphere infrastructure requirements
@@ -18,7 +13,7 @@ You must install the {product-title} cluster on a VMware vSphere version 7.0 Upd
 {product-title} version {product-version} supports VMware vSphere version 8.0.
 ====
 
-You can host the VMware vSphere infrastructure on-premise or on a link:https://cloud.vmware.com/providers[VMware Cloud Verified provider] that meets the requirements outlined in the following table:
+You can host the VMware vSphere infrastructure on-premise or on a link:https://cloud.vmware.com/providers[VMware Cloud Verified provider] that meets the requirements outlined in the following tables:
 
 .Version requirements for vSphere virtual environments
 [cols=2, options="header"]
@@ -29,13 +24,18 @@ You can host the VMware vSphere infrastructure on-premise or on a link:https://c
 |vCenter host   | 7.0 Update 2 or later
 |===
 
+[IMPORTANT]
+====
+You must ensure that the time on your ESXi hosts is synchronized before you install {product-title}. See link:https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcenterhost.doc/GUID-8756D419-A878-4AE0-9183-C6D5A91A8FB1.html[Edit Time Configuration for a Host] in the VMware documentation.
+====
+
 .Minimum supported vSphere version for VMware components
 |===
 |Component | Minimum supported versions |Description
 
 |Hypervisor
 |vSphere 7.0 Update 2 and later with virtual hardware version 15
-|This version is the minimum version that {op-system-first} supports. See the link:https://access.redhat.com/ecosystem/search/#/ecosystem/Red%20Hat%20Enterprise%20Linux?sort=sortTitle%20asc&vendors=VMware&category=Server[Red Hat Enterprise Linux 8 supported hypervisors list].
+|This version is the minimum version that {op-system-first} supports. For more information about supported hardware on the latest version of {op-system-base-full} that is compatible with {op-system}, see link:https://catalog.redhat.com/hardware/search[Hardware] on the Red Hat Customer Portal.
 
 |Storage with in-tree drivers
 |vSphere 7.0 Update 2 and later
@@ -48,5 +48,13 @@ You can host the VMware vSphere infrastructure on-premise or on a link:https://c
 
 [IMPORTANT]
 ====
-You must ensure that the time on your ESXi hosts is synchronized before you install {product-title}. See link:https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcenterhost.doc/GUID-8756D419-A878-4AE0-9183-C6D5A91A8FB1.html[Edit Time Configuration for a Host] in the VMware documentation.
+To ensure the best performance conditions for your cluster workloads that operate on {oci-first} and on the {ocvs-first} service, ensure volume performance units (VPUs) for your block volume are sized for your workloads.
+
+The following list provides some guidance in selecting the VPUs needed for specific performance needs:
+
+* Test or proof of concept environment: 100 GB, and 20 to 30 VPUs.
+* Base-production environment: 500 GB, and 60 VPUs.
+* Heavy-use production environment: More than 500 GB, and 100 or more VPUs.
+
+Consider allocating additional VPUs to give enough capacity for updates and scaling activities. See link:https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumeperformance.htm[Block Volume Performance Levels] in the Oracle documentation.
 ====
diff --git a/modules/installation-vsphere-installer-infra-requirements.adoc b/modules/installation-vsphere-installer-infra-requirements.adoc
index 6b9a7b2ba57f..7a76b57dd7e5 100644
--- a/modules/installation-vsphere-installer-infra-requirements.adoc
+++ b/modules/installation-vsphere-installer-infra-requirements.adoc
@@ -1,56 +1,40 @@
 // Module included in the following assemblies for vSphere:
 //
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 
-
-
-ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
-:restricted:
-endif::[]
-
-ifeval::["{context}" == "installing-vsphere"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-network-customizations"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:vsphere:
+// Note: The ifndef statements add content to IPI documents
+ifeval::["{context}" == "upi-vsphere-installation-reqs"]
+:upi:
 endif::[]
 
-
+:_mod-docs-content-type: REFERENCE
 [id="installation-vsphere-installer-infra-requirements_{context}"]
 = vCenter requirements
 
-ifndef::vsphere[]
+ifndef::upi[]
 Before you install an {product-title} cluster on your vCenter that uses infrastructure that the installer provisions, you must prepare your environment.
-endif::vsphere[]
+endif::upi[]
 
-ifdef::vsphere[]
+ifdef::upi[]
 Before you install an {product-title} cluster on your vCenter that uses infrastructure that you provided, you must prepare your environment.
-endif::vsphere[]
+endif::upi[]
 
 [discrete]
 [id="installation-vsphere-installer-infra-requirements-account_{context}"]
 == Required vCenter account privileges
 
-ifndef::vsphere[]
+ifndef::upi[]
 To install an {product-title} cluster in a vCenter, the installation program requires access to an account with privileges to read and create the required resources. Using an account that has global administrative privileges is the simplest way to access all of the necessary permissions.
 
 If you cannot use an account with global administrative privileges, you must create roles to grant the privileges necessary for {product-title} cluster installation. While most of the privileges are always required, some are required only if you plan for the installation program to provision a folder to contain the {product-title} cluster on your vCenter instance, which is the default behavior. You must create or amend vSphere roles for the specified objects to grant the required privileges.
 
 An additional role is required if the installation program is to create a vSphere virtual machine folder.
-endif::vsphere[]
+endif::upi[]
 
-ifdef::vsphere[]
+ifdef::upi[]
 To install an {product-title} cluster in a vCenter, your vSphere account must include privileges for reading and creating the required resources. Using an account that has global administrative privileges is the simplest way to access all of the necessary permissions.
-endif::vsphere[]
+endif::upi[]
 
 
 .Roles and privileges required for installation in vSphere API
@@ -92,7 +76,6 @@ endif::vsphere[]
 |If an existing resource pool is provided
 |
 [%hardbreaks]
-`Host.Config.Storage`
 `Resource.AssignVMToPool`
 `VApp.AssignResourcePool`
 `VApp.Import`
@@ -130,6 +113,7 @@ endif::vsphere[]
 `VirtualMachine.Config.Memory`
 `VirtualMachine.Config.RemoveDisk`
 `VirtualMachine.Config.Rename`
+`Host.Config.Storage`
 `VirtualMachine.Config.ResetGuestInfo`
 `VirtualMachine.Config.Resource`
 `VirtualMachine.Config.Settings`
@@ -146,12 +130,11 @@ endif::vsphere[]
 `VirtualMachine.Provisioning.DeployTemplate`
 
 |vSphere vCenter Datacenter
-|If the installation program creates the virtual machine folder. For UPI, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API.
+|If the installation program creates the virtual machine folder. For user-provisioned infrastructure, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API. See the "Minimum permissions for the Machine API" table. 
 |
 [%hardbreaks]
 `InventoryService.Tagging.ObjectAttachable`
 `Resource.AssignVMToPool`
-`VApp.Import`
 `VirtualMachine.Config.AddExistingDisk`
 `VirtualMachine.Config.AddNewDisk`
 `VirtualMachine.Config.AddRemoveDevice`
@@ -183,10 +166,11 @@ endif::vsphere[]
 |===
 ====
 
+
 .Roles and privileges required for installation in vCenter graphical user interface (GUI)
 [%collapsible]
 ====
-[cols="3a,3a,3a",options="header"]
+[cols="2a,3a,3a",options="header"]
 |===
 |vSphere object for role
 |When required
@@ -276,7 +260,7 @@ endif::vsphere[]
 `"Virtual machine".Provisioning."Deploy template"`
 
 |vSphere vCenter Datacenter
-|If the installation program creates the virtual machine folder. For UPI, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API.
+|If the installation program creates the virtual machine folder. For user-provisioned infrastructure, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API.
 |
 [%hardbreaks]
 `"vSphere Tagging"."Assign or Unassign vSphere Tag on Object"`
@@ -342,7 +326,7 @@ Additionally, the user requires some `ReadOnly` permissions, and some of the rol
 
 .2+|vSphere vCenter Cluster
 |Existing resource pool
-|True
+|False
 |`ReadOnly` permission
 
 |VMs in cluster root
@@ -378,35 +362,423 @@ Additionally, the user requires some `ReadOnly` permissions, and some of the rol
 
 For more information about creating an account with only the required privileges, see link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5372F580-5C23-4E9C-8A4E-EF1B4DD9033E.html[vSphere Permissions and User Management Tasks] in the vSphere documentation.
 
+[discrete]
+[id="installation-vsphere-installer-infra-minimum-requirements_{context}"]
+== Minimum required vCenter account privileges
+
+After you create a custom role and assign privileges to it, you can create permissions by selecting specific vSphere objects and then assigning the custom role to a user or group for each object. 
+
+Before you create permissions or request for the creation of permissions for a vSphere object, determine what minimum permissions apply to the vSphere object. By doing this task, you can ensure a basic interaction exists between a vSphere object and {product-title} architecture. 
+
+[IMPORTANT]
+====
+If you create a custom role and you do not assign privileges to it, the vSphere Server by default assigns a `Read Only` role to the custom role. Note that for the cloud provider API, the custom role only needs to inherit the privileges of the `Read Only` role.
+====
+
+Consider creating a custom role when an account with global administrative privileges does not meet your needs.
+
+[IMPORTANT]
+====
+Accounts that are not configured with the required privileges are unsupported. Installing an {product-title} cluster in a vCenter is tested against a full list of privileges as described in the "Required vCenter account privileges" section. By adhering to the full list of privileges, you can reduce the possibility of unexpected behaviors that might occur when creating a custom role with a restricted set of privileges. 
+====
+
+The following tables list the minimum permissions for a vSphere object that interacts with specific {product-title} architecture.
+`VApp.Import`
+
+ifndef::upi[]
+[id="installation-vsphere-minimum-permissions-ipi_{context}"]
+.Minimum permissions on installer-provisioned infrastructure
+[%collapsible]
+====
+[cols="4a,4a,3a",options="header"]
+|===
+|vSphere object for role
+|When required
+|Required privileges
+
+|vSphere vCenter
+|Always
+|
+[%hardbreaks]
+`Cns.Searchable`
+`InventoryService.Tagging.AttachTag`
+`InventoryService.Tagging.CreateCategory`
+`InventoryService.Tagging.CreateTag`
+`InventoryService.Tagging.DeleteCategory`
+`InventoryService.Tagging.DeleteTag`
+`InventoryService.Tagging.EditCategory`
+`InventoryService.Tagging.EditTag`
+`Sessions.ValidateSession`
+`StorageProfile.Update`
+`StorageProfile.View`
+
+|vSphere vCenter Cluster
+|If you intend to create VMs in the cluster root
+|
+[%hardbreaks]
+`Host.Config.Storage`
+`Resource.AssignVMToPool`
+`VApp.AssignResourcePool`
+`VApp.Import`
+`VirtualMachine.Config.AddNewDisk`
+
+|vSphere vCenter Resource Pool
+|If you provide an existing resource pool in the `install-config.yaml` file
+|
+[%hardbreaks]
+`Datastore.Browse`
+`Datastore.FileManagement`
+`Host.Config.Storage`
+`InventoryService.Tagging.ObjectAttachable`
+`Resource.AssignVMToPool`
+`VApp.AssignResourcePool`
+`VApp.Import`minimum`
+
+
+|vSphere Port Group
+|Always
+|
+[%hardbreaks]
+`Network.Assign`
+
+|Virtual Machine Folder
+|Always
+|
+[%hardbreaks]
+`InventoryService.Tagging.ObjectAttachable`
+`Resource.AssignVMToPool`
+`VApp.Import`
+`VirtualMachine.Config.AddExistingDisk`
+`VirtualMachine.Config.AddNewDisk`
+`VirtualMachine.Config.AddRemoveDevice`
+`VirtualMachine.Config.AdvancedConfig`
+`VirtualMachine.Config.Annotation`
+`VirtualMachine.Config.CPUCount`
+`VirtualMachine.Config.DiskExtend`
+`VirtualMachine.Config.DiskLease`
+`VirtualMachine.Config.EditDevice`
+`VirtualMachine.Config.Memory`
+`VirtualMachine.Config.RemoveDisk`
+`VirtualMachine.Config.Rename`
+`VirtualMachine.Config.ResetGuestInfo`
+`VirtualMachine.Config.Resource`
+`VirtualMachine.Config.Settings`
+`VirtualMachine.Config.UpgradeVirtualHardware`
+`VirtualMachine.Interact.GuestControl`
+`VirtualMachine.Interact.PowerOff`
+`VirtualMachine.Interact.PowerOn`
+`VirtualMachine.Interact.Reset`
+`VirtualMachine.Inventory.Create`
+`VirtualMachine.Inventory.CreateFromExisting`
+`VirtualMachine.Inventory.Delete`
+`VirtualMachine.Provisioning.Clone`
+`VirtualMachine.Provisioning.MarkAsTemplate`
+`VirtualMachine.Provisioning.DeployTemplate`
+
+|vSphere vCenter Datacenter
+|If the installation program creates the virtual machine folder. For user-provisioned infrastructure, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API. If your cluster does use the Machine API and you want to set the minimum set of permissions for the API, see the "Minimum permissions for the Machine API" table.
+|
+[%hardbreaks]
+`Folder.Create`
+`Folder.Delete`
+`InventoryService.Tagging.ObjectAttachable`
+`Resource.AssignVMToPool`
+`VApp.Import`
+`VirtualMachine.Config.AddExistingDisk`
+`VirtualMachine.Config.AddNewDisk`
+`VirtualMachine.Config.AddRemoveDevice`
+`VirtualMachine.Config.AdvancedConfig`
+`VirtualMachine.Config.Annotation`
+`VirtualMachine.Config.CPUCount`
+`VirtualMachine.Config.DiskExtend`
+`VirtualMachine.Config.DiskLease`
+`VirtualMachine.Config.EditDevice`
+`VirtualMachine.Config.Memory`
+`VirtualMachine.Config.RemoveDisk`
+`VirtualMachine.Config.Rename`
+`VirtualMachine.Config.ResetGuestInfo`
+`VirtualMachine.Config.Resource`
+`VirtualMachine.Config.Settings`
+`VirtualMachine.Config.UpgradeVirtualHardware`
+`VirtualMachine.Interact.GuestControl`
+`VirtualMachine.Interact.PowerOff`
+`VirtualMachine.Interact.PowerOn`
+`VirtualMachine.Interact.Reset`
+`VirtualMachine.Inventory.Create`
+`VirtualMachine.Inventory.CreateFromExisting`
+`VirtualMachine.Inventory.Delete`
+`VirtualMachine.Provisioning.Clone`
+`VirtualMachine.Provisioning.DeployTemplate`
+`VirtualMachine.Provisioning.MarkAsTemplate`
+|===
+====
+endif::upi[]
+
+[id="post-installation-vsphere-minimum-permissions_{context}"]
+.Minimum permissions for post-installation management of components
+[%collapsible]
+====
+[cols="4a,4a,3a",options="header"]
+|===
+|vSphere object for role
+|When required
+|Required privileges
+
+|vSphere vCenter
+|Always
+|
+[%hardbreaks]
+`Cns.Searchable`
+`InventoryService.Tagging.AttachTag`
+`InventoryService.Tagging.CreateCategory`
+`InventoryService.Tagging.CreateTag`
+`InventoryService.Tagging.DeleteCategory`
+`InventoryService.Tagging.DeleteTag`
+`InventoryService.Tagging.EditCategory`
+`InventoryService.Tagging.EditTag`
+`Sessions.ValidateSession`
+`StorageProfile.Update`
+`StorageProfile.View`
+
+|vSphere vCenter Cluster
+|If you intend to create VMs in the cluster root
+|
+[%hardbreaks]
+`Host.Config.Storage`
+`Resource.AssignVMToPool`
+
+|vSphere vCenter Resource Pool
+|If you provide an existing resource pool in the `install-config.yaml` file
+|
+[%hardbreaks]
+`Host.Config.Storage`
+
+|vSphere Datastore
+|Always
+|
+[%hardbreaks]
+`Datastore.AllocateSpace`
+`Datastore.Browse`
+`Datastore.FileManagement`
+`InventoryService.Tagging.ObjectAttachable`
+
+|vSphere Port Group
+|Always
+|
+[%hardbreaks]
+`Network.Assign`
+
+|Virtual Machine Folder
+|Always
+|
+[%hardbreaks]
+`VirtualMachine.Config.AddExistingDisk`
+`VirtualMachine.Config.AddRemoveDevice`
+`VirtualMachine.Config.AdvancedConfig`
+`VirtualMachine.Config.Annotation`
+`VirtualMachine.Config.CPUCount`
+`VirtualMachine.Config.DiskExtend`
+`VirtualMachine.Config.Memory`
+`VirtualMachine.Config.Settings`
+`VirtualMachine.Interact.PowerOff`
+`VirtualMachine.Interact.PowerOn`
+`VirtualMachine.Inventory.CreateFromExisting`
+`VirtualMachine.Inventory.Delete`
+`VirtualMachine.Provisioning.Clone`
+`VirtualMachine.Provisioning.DeployTemplate`
+
+|vSphere vCenter Datacenter
+|If the installation program creates the virtual machine folder. For user-provisioned infrastructure, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API. If your cluster does use the Machine API and you want to set the minimum set of permissions for the API, see the "Minimum permissions for the Machine API" table.
+|
+[%hardbreaks]
+`Resource.AssignVMToPool`
+`VirtualMachine.Config.AddExistingDisk`
+`VirtualMachine.Config.AddRemoveDevice`
+`VirtualMachine.Interact.PowerOff`
+`VirtualMachine.Interact.PowerOn`
+`VirtualMachine.Provisioning.DeployTemplate`
+|===
+====
+
+[id="installation-vsphere-minimum-permissions-storage_{context}"]
+.Minimum permissions for the storage components
+[%collapsible]
+====
+[cols="4a,4a,3a",options="header"]
+|===
+|vSphere object for role
+|When required
+|Required privileges
+
+|vSphere vCenter
+|Always
+|
+[%hardbreaks]
+`Cns.Searchable`
+`InventoryService.Tagging.CreateCategory`
+`InventoryService.Tagging.CreateTag`
+`InventoryService.Tagging.EditCategory`
+`InventoryService.Tagging.EditTag`
+`StorageProfile.Update`
+`StorageProfile.View`
+
+|vSphere vCenter Cluster
+|If you intend to create VMs in the cluster root
+|
+[%hardbreaks]
+`Host.Config.Storage`
+
+|vSphere vCenter Resource Pool
+|If you provide an existing resource pool in the `install-config.yaml` file
+|
+[%hardbreaks]
+`Host.Config.Storage`
+
+|vSphere Datastore
+|Always
+|
+[%hardbreaks]
+`Datastore.Browse`
+`Datastore.FileManagement`
+`InventoryService.Tagging.ObjectAttachable`
+
+|vSphere Port Group
+|Always
+|
+[%hardbreaks]
+`Read Only`
+
+|Virtual Machine Folder
+|Always
+|
+[%hardbreaks]
+`VirtualMachine.Config.AddExistingDisk`
+`VirtualMachine.Config.AddRemoveDevice`
+
+|vSphere vCenter Datacenter
+|If the installation program creates the virtual machine folder. For user-provisioned infrastructure, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API. If your cluster does use the Machine API and you want to set the minimum set of permissions for the API, see the "Minimum permissions for the Machine API" table. 
+|
+[%hardbreaks]
+`VirtualMachine.Config.AddExistingDisk`
+`VirtualMachine.Config.AddRemoveDevice`
+|===
+====
+
+[id="post-installation-vsphere-minimum-machine-api_{context}"]
+.Minimum permissions for the Machine API
+[%collapsible]
+====
+[cols="4a,4a,3a",options="header"]
+|===
+|vSphere object for role
+|When required
+|Required privileges
+
+|vSphere vCenter
+|Always
+|
+[%hardbreaks]
+`InventoryService.Tagging.AttachTag`
+`InventoryService.Tagging.CreateCategory`
+`InventoryService.Tagging.CreateTag`
+`InventoryService.Tagging.DeleteCategory`
+`InventoryService.Tagging.DeleteTag`
+`InventoryService.Tagging.EditCategory`
+`InventoryService.Tagging.EditTag`
+`Sessions.ValidateSession`
+`StorageProfile.Update`
+`StorageProfile.View`
+
+|vSphere vCenter Cluster
+|If you intend to create VMs in the cluster root
+|
+[%hardbreaks]
+`Resource.AssignVMToPool`
+
+|vSphere vCenter Resource Pool
+|If you provide an existing resource pool in the `install-config.yaml` file
+|
+[%hardbreaks]
+`Read Only`
+
+|vSphere Datastore
+|Always
+|
+[%hardbreaks]
+`Datastore.AllocateSpace`
+`Datastore.Browse`
+
+|vSphere Port Group
+|Always
+|
+[%hardbreaks]
+`Network.Assign`
+
+|Virtual Machine Folder
+|Always
+|
+[%hardbreaks]
+`VirtualMachine.Config.AddRemoveDevice`
+`VirtualMachine.Config.AdvancedConfig`
+`VirtualMachine.Config.Annotation`
+`VirtualMachine.Config.CPUCount`
+`VirtualMachine.Config.DiskExtend`
+`VirtualMachine.Config.Memory`
+`VirtualMachine.Config.Settings`
+`VirtualMachine.Interact.PowerOff`
+`VirtualMachine.Interact.PowerOn`
+`VirtualMachine.Inventory.CreateFromExisting`
+`VirtualMachine.Inventory.Delete`
+`VirtualMachine.Provisioning.Clone`
+`VirtualMachine.Provisioning.DeployTemplate`
+
+|vSphere vCenter Datacenter
+|If the installation program creates the virtual machine folder. For user-provisioned infrastructure, `VirtualMachine.Inventory.Create` and `VirtualMachine.Inventory.Delete` privileges are optional if your cluster does not use the Machine API.
+|
+[%hardbreaks]
+`Resource.AssignVMToPool`
+`VirtualMachine.Interact.PowerOff`
+`VirtualMachine.Interact.PowerOn`
+`VirtualMachine.Provisioning.DeployTemplate`
+|===
+====
+
 [discrete]
 [id="installation-vsphere-installer-infra-requirements-vmotion_{context}"]
 == Using {product-title} with vMotion
 
 If you intend on using vMotion in your vSphere environment, consider the following before installing an {product-title} cluster.
 
-* {product-title} generally supports compute-only vMotion. Using Storage vMotion can cause issues and is not supported.
+* {product-title} generally supports compute-only vMotion, where _generally_ implies that you meet all VMware best practices for vMotion.
 +
 --
-To help ensure the uptime of your compute and control plane nodes, it is recommended that you follow the VMware best practices for vMotion. It is also recommended to use VMware anti-affinity rules to improve the availability of {product-title} during maintenance or hardware issues.
+To help ensure the uptime of your compute and control plane nodes, ensure that you follow the VMware best practices for vMotion, and use VMware anti-affinity rules to improve the availability of {product-title} during maintenance or hardware issues.
 
 For more information about vMotion and anti-affinity rules, see the VMware vSphere documentation for  link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vcenterhost.doc/GUID-3B41119A-1276-404B-8BFB-A32409052449.html[vMotion networking requirements] and link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.resmgmt.doc/GUID-FBE46165-065C-48C2-B775-7ADA87FF9A20.html[VM anti-affinity rules].
 --
-* If you are using vSphere volumes in your pods, migrating a VM across datastores either manually or through Storage vMotion causes, invalid references within {product-title} persistent volume (PV) objects. These references prevent affected pods from starting up and can result in data loss.
-* Similarly, {product-title} does not support selective migration of VMDKs across datastores, using datastore clusters for VM provisioning or for dynamic or static provisioning of PVs, or using a datastore that is part of a datastore cluster for dynamic or static provisioning of PVs.
+* Using Storage vMotion can cause issues and is not supported. If you are using vSphere volumes in your pods, migrating a VM across datastores, either manually or through Storage vMotion, causes invalid references within {product-title} persistent volume (PV) objects that can result in data loss.
+* {product-title} does not support selective migration of VMDKs across datastores, using datastore clusters for VM provisioning or for dynamic or static provisioning of PVs, or using a datastore that is part of a datastore cluster for dynamic or static provisioning of PVs.
++
+[IMPORTANT]
+====
+You can specify the path of any datastore that exists in a datastore cluster. By default, Storage Distributed Resource Scheduler (SDRS), which uses Storage vMotion, is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage DRS to avoid data loss issues for your {product-title} cluster.
+
+If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
+====
 
 [discrete]
 [id="installation-vsphere-installer-infra-requirements-resources_{context}"]
 == Cluster resources
 
-ifndef::vsphere[]
+ifndef::upi[]
 When you deploy an {product-title} cluster that uses installer-provisioned infrastructure, the installation program must be able to create several resources in your vCenter instance.
 
 A standard {product-title} installation creates the following vCenter resources:
-endif::vsphere[]
+endif::upi[]
 
-ifdef::vsphere[]
+ifdef::upi[]
 When you deploy an {product-title} cluster that uses infrastructure that you provided, you must create the following resources in your vCenter instance:
-endif::vsphere[]
+endif::upi[]
 
 * 1 Folder
 * 1 Tag category
@@ -430,11 +802,19 @@ Available resources vary between clusters. The number of possible clusters withi
 [discrete]
 [id="installation-vsphere-installer-infra-requirements-networking_{context}"]
 == Networking requirements
+Use Dynamic Host Configuration Protocol (DHCP) for the network and ensure that the DHCP server is configured to provide persistent IP addresses to the cluster machines.
+
+[NOTE]
+====
+You do not need to use the DHCP for the network if you want to provision nodes with static IP addresses.
+====
+
+Configure the default gateway to use the DHCP server. All nodes must be in the same VLAN. You cannot scale the cluster using a second VLAN as a Day 2 operation.
+
+You must use the Dynamic Host Configuration Protocol (DHCP) for the network and ensure that the DHCP server is configured to provide persistent IP addresses to the cluster machines. In the DHCP lease, you must configure the DHCP to use the default gateway. All nodes must be in the same VLAN. You cannot scale the cluster using a second VLAN as a Day 2 operation.
+
+If you are installing to a restricted environment, the VM in your restricted network must have access to vCenter so that it can provision and manage nodes, persistent volume claims (PVCs), and other resources.
 
-You must use DHCP for the network and ensure that the DHCP server is configured to provide persistent IP addresses to the cluster machines. You must configure the default gateway to use the DHCP server. All nodes must be in the same VLAN. You cannot scale the cluster using a second VLAN as a Day 2 operation.
-ifdef::restricted[]
-The VM in your restricted network must have access to vCenter so that it can provision and manage nodes, persistent volume claims (PVCs), and other resources.
-endif::restricted[]
 Additionally, you must create the following networking resources before you install the {product-title} cluster:
 
 [NOTE]
@@ -442,17 +822,17 @@ Additionally, you must create the following networking resources before you inst
 It is recommended that each {product-title} node in the cluster must have access to a Network Time Protocol (NTP) server that is discoverable via DHCP. Installation is possible without an NTP server. However, asynchronous server clocks will cause errors, which NTP server prevents.
 ====
 
+ifndef::upi[]
 [discrete]
 [id="installation-vsphere-installer-infra-requirements-_{context}"]
 === Required IP Addresses
-ifndef::vsphere[]
-An installer-provisioned vSphere installation requires two static IP addresses:
+For a network that uses DHCP, an installer-provisioned vSphere installation requires two static IP addresses:
 
 * The **API** address is used to access the cluster API.
 * The **Ingress** address is used for cluster ingress traffic.
 
 You must provide these IP addresses to the installation program when you install the {product-title} cluster.
-endif::vsphere[]
+endif::upi[]
 
 [discrete]
 [id="installation-vsphere-installer-infra-requirements-dns-records_{context}"]
@@ -469,7 +849,7 @@ You must create DNS records for two static IP addresses in the appropriate DNS s
 
 |API VIP
 |`api.<cluster_name>.<base_domain>.`
-|This DNS A/AAAA or CNAME record must point to the load balancer
+|This DNS A/AAAA or CNAME (Canonical Name) record must point to the load balancer
 for the control plane machines. This record must be resolvable by both clients
 external to the cluster and from all the nodes within the cluster.
 
@@ -481,16 +861,6 @@ default. This record must be resolvable by both clients external to the cluster
 and from all the nodes within the cluster.
 |===
 
-ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
-:!restricted:
-endif::[]
-
-ifeval::["{context}" == "installing-vsphere"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-network-customizations"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:!vsphere:
+ifeval::["{context}" == "upi-vsphere-installation-reqs"]
+:!upi:
 endif::[]
diff --git a/modules/installation-vsphere-installer-infra-static-ip-nodes.adoc b/modules/installation-vsphere-installer-infra-static-ip-nodes.adoc
new file mode 100644
index 000000000000..58cd2eb68eea
--- /dev/null
+++ b/modules/installation-vsphere-installer-infra-static-ip-nodes.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
+
+:_mod-docs-content-type: CONCEPT
+[discrete]
+[id="installation-vsphere-installer-infra-static-ip-nodes_{context}"]
+== Static IP addresses for vSphere nodes
+
+You can provision bootstrap, control plane, and compute nodes to be configured with static IP addresses in environments where Dynamic Host Configuration Protocol (DHCP) does not exist. To configure this environment, you must provide values to the `platform.vsphere.hosts.role` parameter in the `install-config.yaml` file.
+
+:FeatureName: Static IP addresses for vSphere nodes
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+By default, the installation program is configured to use the DHCP for the network, but this network has limited configurable capabilities.
+
+After you define one or more machine pools in your `install-config.yaml` file, you can define network definitions for nodes on your network. Ensure that the number of network definitions matches the number of machine pools that you configured for your cluster.
+
+The following example shows a network configuration for a node with the role `compute`:
+
+[source,yaml]
+----
+---
+platform:
+  vsphere:
+    hosts:
+    - role: compute <1>
+      networkDevice:
+        ipAddrs:
+        - 192.168.204.10/24 <2>
+        gateway: 192.168.204.1 <3>
+        nameservers:
+        - 192.168.204.1 <4>
+---
+----
+<1> Valid network definition values include `bootstrap`, `control-plane`, and `compute`. You must list at least one `bootstrap` network definition in your `install-config.yaml` configuration file.
+<2> Lists IPv4, IPv6, or both IP addresses that the installation program passes to the network interface. The machine API controller assigns all configured IP addresses to the default network interface.
+<3> The default gateway for the network interface.
+<4> Lists up to 3 DNS nameservers.
++
+[IMPORTANT]
+====
+To enable the Technology Preview feature of static IP addresses for vSphere nodes for your cluster, you must include `featureSet:TechPreviewNoUpgrade` as the initial entry in the `install-config.yaml` file.
+====
+
+After you deployed your cluster to run nodes with static IP addresses, you can scale a machine to use one of these static IP addresses. Additionally, you can use a machine set to configure a machine to use one of the configured static IP addresses.
diff --git a/modules/installation-vsphere-installer-network-requirements.adoc b/modules/installation-vsphere-installer-network-requirements.adoc
index e995f7d23ad6..b5aee272a164 100644
--- a/modules/installation-vsphere-installer-network-requirements.adoc
+++ b/modules/installation-vsphere-installer-network-requirements.adoc
@@ -1,10 +1,8 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-vsphere-installer-network-requirements_{context}"]
 = Network connectivity requirements
 
diff --git a/modules/installation-vsphere-machines.adoc b/modules/installation-vsphere-machines.adoc
index f3c9204335c5..d331dc3015dc 100644
--- a/modules/installation-vsphere-machines.adoc
+++ b/modules/installation-vsphere-machines.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_vsphere/installing-vsphere.adoc
 // * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-vsphere-machines_{context}"]
 = Installing {op-system} and starting the {product-title} bootstrap process
 
@@ -79,7 +79,7 @@ If you plan to add more compute machines to your cluster after you finish instal
 ====
 
 ifndef::openshift-origin[]
-. Obtain the {op-system} OVA image. Images are available from the link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.13/[{op-system} image mirror] page.
+. Obtain the {op-system} OVA image. Images are available from the link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.15/[{op-system} image mirror] page.
 +
 [IMPORTANT]
 ====
@@ -130,6 +130,7 @@ It is recommended that you update the hardware version of the VM template to ver
 
 . After the template deploys, deploy a VM for a machine in the cluster.
 .. Right-click the template name and click *Clone* -> *Clone to Virtual Machine*.
+
 .. On the *Select a name and folder* tab, specify a name for the VM. You might include the machine type in the name, such as `control-plane-0` or `compute-1`.
 +
 [NOTE]
@@ -137,16 +138,23 @@ It is recommended that you update the hardware version of the VM template to ver
 Ensure that all virtual machine names across a vSphere installation are unique.
 ====
 .. On the *Select a name and folder* tab, select the name of the folder that you created for the cluster.
+
 .. On the *Select a compute resource* tab, select the name of a host in your datacenter.
 +
-.. Optional: On the *Select storage* tab, customize the storage options.
-.. On the *Select clone options*, select
-*Customize this virtual machine's hardware*.
-.. On the *Customize hardware* tab, click *VM Options* -> *Advanced*.
+.. On the *Select clone options* tab, select *Customize this virtual machine's hardware*.
+
+.. On the *Customize hardware* tab, click *Advanced Parameters*.
++
+[IMPORTANT]
+====
+The following configuration suggestions are for example purposes only. As a cluster administrator, you must configure resources according to the resource demands placed on your cluster. To best manage cluster resources, consider creating a resource pool from the cluster's root resource pool.
+====
++
 *** Optional: Override default DHCP networking in vSphere. To enable static IP networking:
 +
-... Set your static IP configuration:
+**** Set your static IP configuration:
 +
+.Example command
 [source,terminal]
 ----
 $ export IPCFG="ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none nameserver=srv1 [nameserver=srv2 [nameserver=srv3 [...]]]"
@@ -157,26 +165,28 @@ $ export IPCFG="ip=<ip>::<gateway>:<netmask>:<hostname>:<iface>:none nameserver=
 ----
 $ export IPCFG="ip=192.168.100.101::192.168.100.254:255.255.255.0:::none nameserver=8.8.8.8"
 ----
-
-... Set the `guestinfo.afterburn.initrd.network-kargs` property before booting a VM from an OVA in vSphere:
 +
+**** Set the `guestinfo.afterburn.initrd.network-kargs` property before you boot a VM from an OVA in vSphere:
++
+.Example command
 [source,terminal]
 ----
 $ govc vm.change -vm "<vm_name>" -e "guestinfo.afterburn.initrd.network-kargs=${IPCFG}"
 ----
 +
-*** Optional: In the event of cluster performance issues, from the *Latency Sensitivity* list, select *High*. Ensure that your VM's CPU and memory reservation have the following values:
-**** Memory reservation value must be equal to its configured memory size.
-**** CPU reservation value must be at least the number of low latency virtual CPUs multiplied by the measured physical CPU speed.
-*** Click *Edit Configuration*, and on the *Configuration Parameters* window, search the list of available parameters for steal clock accounting (`stealclock.enable`). If it is available, set its value to `TRUE`. Enabling steal clock accounting can help with troubleshooting cluster issues.
-*** Click *Add Configuration Params*. Define the following parameter names and values:
+*** Add the following configuration parameter names and values by specifying data in the *Attribute* and *Values* fields. Ensure that you select the *Add* button for each parameter that you create.
 **** `guestinfo.ignition.config.data`: Locate the base-64 encoded files that you created previously in this procedure, and paste the contents of the base64-encoded Ignition config file for this machine type.
 **** `guestinfo.ignition.config.data.encoding`: Specify `base64`.
 **** `disk.EnableUUID`: Specify `TRUE`.
 **** `stealclock.enable`: If this parameter was not defined, add it and specify `TRUE`.
+**** Create a child resource pool from the cluster's root resource pool. Perform resource allocation in this child resource pool.
+
 .. In the *Virtual Hardware* panel of the *Customize hardware* tab, modify the specified values as required. Ensure that the amount of RAM, CPU, and disk storage meets the minimum requirements for the
 machine type.
-.. Complete the configuration and power on the VM.
+
+.. Complete the remaining configuration steps. On clicking the *Finish* button, you have completed the cloning operation.
+.. From the *Virtual Machines* tab, right-click on your VM and then select *Power* -> *Power On*.
+
 .. Check the console output to verify that Ignition ran.
 +
 .Example command
@@ -185,7 +195,10 @@ machine type.
 Ignition: ran on 2022/03/14 14:48:33 UTC (this boot)
 Ignition: user-provided config was applied
 ----
-. Create the rest of the machines for your cluster by following the preceding steps for each machine.
+
+.Next steps
+
+* Create the rest of the machines for your cluster by following the preceding steps for each machine.
 +
 [IMPORTANT]
 ====
diff --git a/modules/installation-vsphere-regions-zones.adoc b/modules/installation-vsphere-regions-zones.adoc
index beb68fa3d7ba..f55a16eea96a 100644
--- a/modules/installation-vsphere-regions-zones.adoc
+++ b/modules/installation-vsphere-regions-zones.adoc
@@ -7,7 +7,7 @@
 //* installing/installing-restricted-networks-installer-provisioned-vsphere.adoc [IPI]
 //* installing/installing-restricted-networks-vsphere.adoc [IPI]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-vsphere-regions-zones_{context}"]
 = VMware vSphere region and zone enablement
 
diff --git a/modules/installing-aws-load-balancer-operator.adoc b/modules/installing-aws-load-balancer-operator.adoc
index 0ca0f1d6dbb5..d4f8b3cde5b9 100644
--- a/modules/installing-aws-load-balancer-operator.adoc
+++ b/modules/installing-aws-load-balancer-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-installing-aws-load-balancer-operator_{context}"]
 = Installing the AWS Load Balancer Operator
 
diff --git a/modules/installing-gcp-cluster-creation.adoc b/modules/installing-gcp-cluster-creation.adoc
new file mode 100644
index 000000000000..4e3309c576da
--- /dev/null
+++ b/modules/installing-gcp-cluster-creation.adoc
@@ -0,0 +1,62 @@
+// Module included in the following assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-gcp-cluster-creation_{context}"]
+= Configuring user-defined labels and tags for GCP
+
+.Prerequisites
+
+* The installation program requires that a service account includes a `TagUser` role, so that the program can create the {product-title} cluster with defined tags at both organization and project levels.
+
+.Procedure
+
+* Update the `install-config.yaml` file to define the list of desired labels and tags.
++
+[NOTE]
+====
+Labels and tags are defined during the `install-config.yaml` creation phase, and cannot be modified or updated with new labels and tags after cluster creation.
+====
++
+.Sample `install-config.yaml` file
++
+[source,yaml]
+----
+apiVersion: v1
+featureSet: TechPreviewNoUpgrade
+platform:
+ gcp:
+   userLabels: <1>
+   - key: <label_key><2>
+     value: <label_value><3>
+   userTags: <4>
+   - parentID: <OrganizationID/ProjectID><5>
+     key: <tag_key_short_name>
+     value: <tag_value_short_name>
+----
+<1> Adds keys and values as labels to the resources created on GCP.
+<2> Defines the label name.
+<3> Defines the label content.
+<4> Adds keys and values as tags to the resources created on GCP.
+<5> The ID of the hierarchical resource where the tags are defined, at the organization or the project level.
+
+The following are the requirements for user-defined labels:
+
+* A label key and value must have a minimum of 1 character and can have a maximum of 63 characters.
+* A label key and value must contain only lowercase letters, numeric characters, underscore (`_`), and dash (`-`).
+* A label key must start with a lowercase letter.
+* You can configure a maximum of 32 labels per resource. Each resource can have a maximum of 64 labels, and 32 labels are reserved for internal use by {product-title}.
+
+The following are the requirements for user-defined tags:
+
+* Tag key and tag value must already exist. {product-title} does not create the key and the value.
+* A tag `parentID` can be either `OrganizationID` or `ProjectID`:
+** `OrganizationID` must consist of decimal numbers without leading zeros.
+** `ProjectID` must be 6 to 30 characters in length, that includes only lowercase letters, numbers, and hyphens.
+** `ProjectID` must start with a letter, and cannot end with a hyphen.
+* A tag key must contain only uppercase and lowercase alphanumeric characters, hyphen (`-`), underscore (`_`), and period (`.`).
+* A tag value must contain only uppercase and lowercase alphanumeric characters, hyphen (`-`), underscore (`_`), period (`.`), at sign (`@`), percent sign (`%`), equals sign (`=`), plus (`+`), colon (`:`), comma (`,`), asterisk (`*`), pound sign (`$`), ampersand (`&`), parentheses (`()`), square braces (`[]`), curly braces (`{}`), and space.
+* A tag key and value must begin and end with an alphanumeric character.
+* Tag value must be one of the pre-defined values for the key.
+* You can configure a maximum of 50 tags.
+* There should be no tag key defined with the same value as any of the existing tag keys that will be inherited from the parent resource.
diff --git a/modules/installing-gcp-querying-labels-tags-gcp.adoc b/modules/installing-gcp-querying-labels-tags-gcp.adoc
new file mode 100644
index 000000000000..db451e61618c
--- /dev/null
+++ b/modules/installing-gcp-querying-labels-tags-gcp.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="installing-gcp-querying-labels-tags-gcp_{context}"]
+= Querying user-defined labels and tags for GCP
+
+After creating the {product-title} cluster, you can access the list of the labels and tags defined for the GCP resources  in the `infrastructures.config.openshift.io/cluster` object as shown in the following sample `infrastructure.yaml` file.
+
+.Sample `infrastructure.yaml` file
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Infrastructure
+metadata:
+ name: cluster
+spec:
+ platformSpec:
+   type: GCP
+status:
+ infrastructureName: <cluster_id><1>
+ platform: GCP
+ platformStatus:
+   gcp:
+     resourceLabels:
+     - key: <label_key>
+       value: <label_value>
+     resourceTags:
+     - key: <tag_key_short_name>
+       parentID: <OrganizationID/ProjectID>
+       value: <tag_value_short_name>
+   type: GCP
+----
+<1> The cluster ID that is generated during cluster installation.
+
+Along with the user-defined labels, resources have a label defined by the {product-title}. The format of the {product-title} labels is `kubernetes-io-cluster-<cluster_id>:owned`.
\ No newline at end of file
diff --git a/modules/installing-gcp-user-defined-labels-and-tags.adoc b/modules/installing-gcp-user-defined-labels-and-tags.adoc
new file mode 100644
index 000000000000..7bd227964bea
--- /dev/null
+++ b/modules/installing-gcp-user-defined-labels-and-tags.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="installing-gcp-user-defined-labels-and-tags_{context}"]
+= Managing user-defined labels and tags for GCP
+
+:FeatureName: Support for user-defined labels and tags for GCP
+include::snippets/technology-preview.adoc[]
+
+Google Cloud Platform (GCP) provides labels and tags that help to identify and organize the resources created for a specific {product-title} cluster, making them easier to manage.
+
+You can define labels and tags for each GCP resource only during {product-title} cluster installation.
+
+[IMPORTANT]
+====
+User-defined labels and tags are not supported for {product-title} clusters upgraded to {product-title} {product-version}.
+====
+
+.User-defined labels
+
+User-defined labels and {product-title} specific labels are applied only to resources created by {product-title} installation program and its core components such as:
+
+* GCP filestore CSI Driver Operator
+* GCP PD CSI Driver Operator
+* Image Registry Operator
+* Machine API provider for GCP
+
+User-defined labels and {product-title} specific labels are not applied on the resources created by any other operators or the Kubernetes in-tree components that create resources, for example, the Ingress load balancers.
+
+User-defined labels and {product-title} labels are available on the following GCP resources:
+
+* Compute disk
+* Compute instance
+* Compute image
+* Compute forwarding rule
+* DNS managed zone
+* Filestore instance
+* Storage bucket
+
+.Limitations to user-defined labels
+
+* Labels for `ComputeAddress` are supported in the GCP beta version. {product-title} does not add labels to the resource.
+
+.User-defined tags
+
+User-defined tags are attached to resources created by the {product-title} Image Registry Operator and not on the resources created by any other Operators or the Kubernetes in-tree components.
+
+User-defined tags are available on the following GCP resources:
+* Storage bucket
+
+.Limitations to the user-defined tags
+
+* Tags will not be attached to the following items:
+** Control plane instances and storage buckets created by the installation program
+** Compute instances created by the Machine API provider for GCP
+** Filestore instance resources created by the GCP filestore CSI driver Operator
+** Compute disk and compute image resources created by the GCP PD CSI driver Operator
+* Tags are not supported for buckets located in the following regions:
+** `us-east2`
+** `us-east3`
+* Image Registry Operator does not throw any error but skips processing tags when the buckets are created in the tags unsupported region.
+* Tags must not be restricted to particular service accounts, because Operators create and use service accounts with minimal roles.
+* {product-title} does not create any key and value resources of the tag.
+* {product-title} specific tags are not added to any resource.
+
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about identifying the `OrganizationID`, see: link:https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id[OrganizationID]
+* For more information about identifying the `ProjectID`, see: link:https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects[ProjectID]
+* For more information about labels, see link:https://cloud.google.com/resource-manager/docs/labels-overview[Labels Overview].
+* For more information about tags, see link:https://cloud.google.com/resource-manager/docs/tags/tags-overview[Tags Overview].
diff --git a/modules/installing-gitops-operator-in-web-console.adoc b/modules/installing-gitops-operator-in-web-console.adoc
index 2e2c0bdb4695..ccf482d82ee6 100644
--- a/modules/installing-gitops-operator-in-web-console.adoc
+++ b/modules/installing-gitops-operator-in-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * /cicd/gitops/installing-openshift-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-gitops-operator-in-web-console_{context}"]
 = Installing {gitops-title} Operator in web console
 
diff --git a/modules/installing-gitops-operator-using-cli.adoc b/modules/installing-gitops-operator-using-cli.adoc
index f888df6e505f..5187cd65600d 100644
--- a/modules/installing-gitops-operator-using-cli.adoc
+++ b/modules/installing-gitops-operator-using-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * /cicd/gitops/installing-openshift-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-gitops-operator-using-cli_{context}"]
 = Installing {gitops-title} Operator using CLI
 
@@ -26,7 +26,7 @@ spec:
   installPlanApproval: Automatic
   name: openshift-gitops-operator <2>
   source: redhat-operators <3>
-  sourceNamespace: openshift-marketplace <4> 
+  sourceNamespace: openshift-marketplace <4>
 ----
 <1> Specify the channel name from where you want to subscribe the Operator.
 <2> Specify the name of the Operator to subscribe to.
diff --git a/modules/installing-oadp-rosa-sts.adoc b/modules/installing-oadp-rosa-sts.adoc
new file mode 100644
index 000000000000..d8f14a87012b
--- /dev/null
+++ b/modules/installing-oadp-rosa-sts.adoc
@@ -0,0 +1,255 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-oadp-rosa-sts_{context}"]
+= Installing the OADP Operator and providing the IAM role
+
+AWS Security Token Service (AWS STS) is a global web service that provides short-term credentials for IAM or federated users. {product-title} (ROSA) with {sts-short} is the recommended credential mode for ROSA clusters. This document describes how to install {oadp-first} on ROSA with {aws-short} {sts-short}.
+
+
+[IMPORTANT]
+====
+Restic and Kopia are not supported in the OADP on ROSA with {aws-short} {sts-short} environment. Verify that the Restic and Kopia node agent is disabled.
+For backing up volumes, OADP on ROSA with {aws-short} {sts-short} supports only native snapshots and Container Storage Interface (CSI) snapshots.
+====
+
+[IMPORTANT]
+====
+In an Amazon ROSA cluster that uses STS authentication, restoring backed-up data in a different {aws-short} region is not supported.
+
+The Data Mover feature is not currently supported in ROSA clusters. You can use native {aws-short} S3 tools for moving data.
+====
+
+.Prerequisites
+
+* An {product-title} ROSA cluster with the required access and tokens. For instructions, see the previous procedure _Preparing AWS credentials for OADP_. If you plan to use two different clusters for backing up and restoring, you must prepare {aws-short} credentials, including `ROLE_ARN`, for each cluster.
+
+
+.Procedure
+
+. Create an {product-title} secret from your {aws-short} token file by entering the following commands:
+
+.. Create the credentials file:
++
+[source,terminal]
+----
+$ cat <<EOF > ${SCRATCH}/credentials
+  [default]
+  role_arn = ${ROLE_ARN}
+  web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+EOF
+----
+
+.. Create a namespace for OADP:
++
+[source,terminal]
+----
+$ oc create namespace openshift-adp
+----
+
+.. Create the {product-title} secret:
++
+[source,terminal]
+----
+$ oc -n openshift-adp create secret generic cloud-credentials \
+  --from-file=${SCRATCH}/credentials
+----
++
+[NOTE]
+====
+In {product-title} versions 4.14 and later, the OADP Operator supports a new standardized {sts-short} workflow through the Operator Lifecycle Manager (OLM)
+and Cloud Credentials Operator (CCO). In this workflow, you do not need to create the above
+secret, you only need to supply the role ARN during the installation of OLM-managed operators using the {product-title} web console, for more information see _Installing from OperatorHub using the web console_.
+
+The preceding secret is created automatically by CCO.
+====
+
+. Install the OADP Operator:
+.. In the {product-title} web console, browse to *Operators* -> *OperatorHub*.
+.. Search for the *OADP Operator*.
+.. In the *role_ARN* field, paste the role_arn that you created previously and click *Install*.
+
+. Create {aws-short} cloud storage using your {aws-short} credentials by entering the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+  apiVersion: oadp.openshift.io/v1alpha1
+  kind: CloudStorage
+  metadata:
+    name: ${CLUSTER_NAME}-oadp
+    namespace: openshift-adp
+  spec:
+    creationSecret:
+      key: credentials
+      name: cloud-credentials
+    enableSharedConfig: true
+    name: ${CLUSTER_NAME}-oadp
+    provider: aws
+    region: $REGION
+EOF
+----
+// bringing over from MOB docs
+. Check your application's storage default storage class by entering the following command:
++
+[source,terminal]
+----
+$ oc get pvc -n <namespace>
+----
+
++
+.Example output
+
++
+[source,terminal]
+----
+NAME     STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+applog   Bound    pvc-351791ae-b6ab-4e8b-88a4-30f73caf5ef8   1Gi        RWO            gp3-csi        4d19h
+mysql    Bound    pvc-16b8e009-a20a-4379-accc-bc81fedd0621   1Gi        RWO            gp3-csi        4d19h
+----
+
+
+. Get the storage class by running the following command:
++
+[source,terminal]
+----
+$ oc get storageclass
+----
+
++
+.Example output
++
+[source,terminal]
+----
+NAME                PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+gp2                 kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   true                   4d21h
+gp2-csi             ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   4d21h
+gp3                 ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   4d21h
+gp3-csi (default)   ebs.csi.aws.com         Delete          WaitForFirstConsumer   true                   4d21h
+----
++
+[NOTE]
+====
+The following storage classes will work:
+
+  * gp3-csi
+  * gp2-csi
+  * gp3
+  * gp2
+====
++
+If the application or applications that are being backed up are all using persistent volumes (PVs) with Container Storage Interface (CSI), it is advisable to include the CSI plugin in the OADP DPA configuration.
+
+. Create the `DataProtectionApplication` resource to configure the connection to the storage where the backups and volume snapshots are stored:
+
+.. If you are using only CSI volumes, deploy a Data Protection Application by entering the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+  apiVersion: oadp.openshift.io/v1alpha1
+  kind: DataProtectionApplication
+  metadata:
+    name: ${CLUSTER_NAME}-dpa
+    namespace: openshift-adp
+  spec:
+    backupImages: false
+    features:
+      dataMover:
+        enable: false
+    backupLocations:
+    - bucket:
+        cloudStorageRef:
+          name: ${CLUSTER_NAME}-oadp
+        credential:
+          key: credentials
+          name: cloud-credentials
+        default: true
+        config:
+          region: ${REGION}
+    configuration:
+      velero:
+        defaultPlugins:
+        - openshift
+        - aws
+        - csi
+      restic:
+        enable: false
+EOF
+----
+// . Create the `DataProtectionApplication` resource, which is used to configure the connection to the storage where the backups and volume snapshots are stored:
+
+.. If you are using CSI or non-CSI volumes, deploy a Data Protection Application by entering the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+  apiVersion: oadp.openshift.io/v1alpha1
+  kind: DataProtectionApplication
+  metadata:
+    name: ${CLUSTER_NAME}-dpa
+    namespace: openshift-adp
+  spec:
+    backupLocations:
+    - bucket:
+        cloudStorageRef:
+          name: ${CLUSTER_NAME}-oadp
+        credential:
+          key: credentials
+          name: cloud-credentials
+        default: true
+        config:
+          region: ${REGION}
+    configuration:
+      velero:
+        defaultPlugins:
+        - openshift
+        - aws
+      nodeAgent: <1>
+        enable: false
+        uploaderType: restic
+    snapshotLocations:
+      - velero:
+          config:
+            credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials <2>
+            enableSharedConfig: "true" <3>
+            profile: default <4>
+            region: ${REGION} <5>
+          provider: aws
+EOF
+----
+<1> See the following note.
+<2> The `credentialsFile` field is the mounted location of the bucket credential on the pod.
+<3> The `enableSharedConfig` field allows the `snapshotLocations` to share or reuse the credential defined for the bucket.
+<4> Use the profile name set in the {aws-short} credentials file.
+<5> Specify `region` as your {aws-short} region. This must be the same as the cluster region.
++
+You are now ready to back up and restore {product-title} applications, as described in _Backing up applications_.
+
+[NOTE]
+====
+The `enable` parameter of `restic` is set to `false` in this configuration, because OADP does not support Restic in ROSA environments.
+
+If you use OADP 1.2, replace this configuration:
+[source,terminal]
+
+----
+nodeAgent:
+  enable: false
+  uploaderType: restic
+----
+with the following configuration:
+
+[source,terminal]
+----
+restic:
+  enable: false
+----
+====
+
+[NOTE]
+====
+If you want to use two different clusters for backing up and restoring, the two clusters must have the same {aws-short} S3 storage names in both the cloud storage CR and the OADP `DataProtectionApplication` configuration.
+====
diff --git a/modules/installing-ocp-agent-ZTP.adoc b/modules/installing-ocp-agent-ZTP.adoc
new file mode 100644
index 000000000000..0450dee78718
--- /dev/null
+++ b/modules/installing-ocp-agent-ZTP.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-ocp-agent-ztp_{context}"]
+= Optional: Using ZTP manifests
+
+You can use {ztp-first} manifests to configure your installation beyond the options available through the `install-config.yaml` and `agent-config.yaml` files.
+
+[NOTE]
+====
+{ztp} manifests can be generated with or without configuring the `install-config.yaml` and `agent-config.yaml` files beforehand.
+If you chose to configure the `install-config.yaml` and `agent-config.yaml` files, the configurations will be imported to the ZTP cluster manifests when they are generated.
+====
+
+.Prerequisites
+
+* You have placed the `openshift-install` binary in a directory that is on your `PATH`.
+
+* Optional: You have created and configured the `install-config.yaml` and `agent-config.yaml` files.
+
+.Procedure
+
+. Use the following command to generate ZTP cluster manifests:
++
+[source,terminal]
+----
+$ openshift-install agent create cluster-manifests --dir <installation_directory>
+----
++
+[IMPORTANT]
+====
+If you have created the `install-config.yaml` and `agent-config.yaml` files, those files are deleted and replaced by the cluster manifests generated through this command.
+
+Any configurations made to the `install-config.yaml` and `agent-config.yaml` files are imported to the ZTP cluster manifests when you run the `openshift-install agent create cluster-manifests` command.
+====
+
+. Navigate to the `cluster-manifests` directory:
++
+[source,terminal]
+----
+$ cd <installation_directory>/cluster-manifests
+----
+
+. Configure the manifest files in the `cluster-manifests` directory.
+For sample files, see the "Sample GitOps ZTP custom resources" section.
+
+. Disconnected clusters: If you did not define mirror configuration in the `install-config.yaml` file before generating the ZTP manifests, perform the following steps:
+
+.. Navigate to the `mirror` directory:
++
+[source,terminal]
+----
+$ cd ../mirror
+----
+
+.. Configure the manifest files in the `mirror` directory.
\ No newline at end of file
diff --git a/modules/installing-ocp-agent-boot.adoc b/modules/installing-ocp-agent-boot.adoc
index b2db06ed2639..45cd8812b1ca 100644
--- a/modules/installing-ocp-agent-boot.adoc
+++ b/modules/installing-ocp-agent-boot.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * installing-with-agent/installing-with-agent.adoc
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-ocp-agent-boot_{context}"]
 = Creating and booting the agent image
 
@@ -10,160 +10,7 @@ Use this procedure to boot the agent image on your machines.
 
 .Procedure
 
-. Install `nmstate` dependency by running the following command:
-+
-[source,terminal]
-----
-$ sudo dnf install /usr/bin/nmstatectl -y
-----
-
-. Place the `openshift-install` binary in a directory that is on your PATH.
-
-. Create a directory to store the install configuration by running the following command:
-+
-[source,terminal]
-----
-$ mkdir ~/<directory_name>
-----
-
-+
-[NOTE]
-====
-This is the preferred method for the Agent-based installation. Using {ztp} manifests is optional.
-====
-
-. Create the `install-config.yaml` file:
-+
-[source,yaml]
-----
-cat << EOF > ./my-cluster/install-config.yaml
-apiVersion: v1
-baseDomain: test.example.com
-compute:
-  architecture: amd64 <1>
-  hyperthreading: Enabled
-  name: worker
-  replicas: 0
-controlPlane:
-  architecture: amd64
-  hyperthreading: Enabled
-  name: master
-  replicas: 1
-metadata:
-  name: sno-cluster <2>
-networking:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  machineNetwork:
-  - cidr: 192.168.111.0/16
-  networkType: OVNKubernetes <3>
-  serviceNetwork:
-  - 172.30.0.0/16
-platform:
-  none: {}
-pullSecret: '<pull_secret>' <4>
-sshKey: |
-  '<ssh_pub_key>' <5>
-  EOF
-----
-+
-<1> Specify the system architecture, valid values are `amd64` and `arm64`.
-<2> Required. Specify your cluster name.
-<3> State the cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
-<4> Specify your pull secret.
-<5> Specify your ssh public key.
-
-+
-[NOTE]
-====
-If you set the platform to `vSphere` or `baremetal`, you can configure IP address endpoints for cluster nodes in three ways:
-
-* IPv4
-* IPv6
-* IPv4 and IPv6 in parallel (dual-stack)
-
-IPv6 is supported only on bare metal platforms.
-====
-+
-.Example of dual-stack networking
-[source,yaml]
-----
-networking:
-  clusterNetwork:
-    - cidr: 172.21.0.0/16
-      hostPrefix: 23
-    - cidr: fd02::/48
-      hostPrefix: 64
-  machineNetwork:
-    - cidr: 192.168.11.0/16
-    - cidr: 2001:DB8::/32
-  serviceNetwork:
-    - 172.22.0.0/16
-    - fd03::/112
-  networkType: OVNKubernetes
-platform:
-  baremetal:
-    apiVIPs:
-    - 192.168.11.3
-    - 2001:DB8::4
-    ingressVIPs:
-    - 192.168.11.4
-    - 2001:DB8::5
-----
-
-. Create the `agent-config.yaml` file:
-+
-[source,yaml]
-----
-  cat > agent-config.yaml << EOF
-  apiVersion: v1alpha1
-  kind: AgentConfig
-  metadata:
-    name: sno-cluster
-  rendezvousIP: 192.168.111.80 <1>
-  hosts: <2>
-    - hostname: master-0 <3>
-      interfaces:
-        - name: eno1
-          macAddress: 00:ef:44:21:e6:a5
-      rootDeviceHints: <4>
-        deviceName: /dev/sdb
-      networkConfig: <5>
-        interfaces:
-          - name: eno1
-            type: ethernet
-            state: up
-            mac-address: 00:ef:44:21:e6:a5
-            ipv4:
-              enabled: true
-              address:
-                - ip: 192.168.111.80
-                  prefix-length: 23
-              dhcp: false
-        dns-resolver:
-          config:
-            server:
-              - 192.168.111.1
-        routes:
-          config:
-            - destination: 0.0.0.0/0
-              next-hop-address: 192.168.111.2
-              next-hop-interface: eno1
-              table-id: 254
-  EOF
-----
-+
-<1> This IP address is used to determine which node performs the bootstrapping process as well as running the `assisted-service` component.
-You must provide the rendezvous IP address when you do not specify at least one host's IP address in the `networkConfig` parameter. If this address is not provided, one IP address is selected from the provided hosts' `networkConfig`.
-<2> Host configuration is optional. The number of hosts defined must not exceed the total number of hosts defined in the `install-config.yaml` file, which is the sum of the values of the `compute.replicas` and `controlPlane.replicas` parameters.
-<3> The optional `hostname` parameter overrides the hostname obtained from either the Dynamic Host Configuration Protocol (DHCP) or a reverse DNS lookup. Each host must have a unique hostname supplied by one of these methods.
-<4> The `rootDeviceHints` parameter enables provisioning of the Red Hat Enterprise Linux CoreOS (RHCOS) image to a particular device. It examines the devices in the order it discovers them, and compares the discovered values with the hint values. It uses the first discovered device that matches the hint value.
-<5> Set this optional parameter to configure the network interface of a host in NMState format.
-
-+
 . Create the agent image by running the following command:
-
 +
 [source,terminal]
 ----
diff --git a/modules/installing-ocp-agent-download.adoc b/modules/installing-ocp-agent-download.adoc
index 45f41be54ca4..b2d999786857 100644
--- a/modules/installing-ocp-agent-download.adoc
+++ b/modules/installing-ocp-agent-download.adoc
@@ -1,15 +1,16 @@
 // Module included in the following assemblies:
 //
-// * installing-with-agent/installing-with-agent.adoc
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
+// * installing/installing_with_agent_based_installer/prepare-pxe-infra-agent.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-ocp-agent-retrieve_{context}"]
 = Downloading the Agent-based Installer
 
-.Procedure
-
 Use this procedure to download the Agent-based Installer and the CLI needed for your installation.
 
+.Procedure
+
 . Log in to the {product-title} web console using your login credentials.
 
 . Navigate to link:https://console.redhat.com/openshift/create/datacenter[Datacenter].
diff --git a/modules/installing-ocp-agent-encrypt.adoc b/modules/installing-ocp-agent-encrypt.adoc
new file mode 100644
index 000000000000..43f5f003a6db
--- /dev/null
+++ b/modules/installing-ocp-agent-encrypt.adoc
@@ -0,0 +1,56 @@
+// Module included in the following assemblies:
+//
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-ocp-agent-encrypt_{context}"]
+= Optional: Encrypting the disk
+
+Use this procedure to encrypt your disk or partition while installing {product-title} with the Agent-based Installer.
+
+.Prerequisites
+
+* You have created and configured the `install-config.yaml` and `agent-config.yaml` files, unless you are using ZTP manifests.
+
+* You have placed the `openshift-install` binary in a directory that is on your `PATH`.
+
+.Procedure
+
+. Use the following command to generate ZTP cluster manifests:
++
+[source,terminal]
+----
+$ openshift-install agent create cluster-manifests --dir <installation_directory>
+----
++
+[IMPORTANT]
+====
+If you have created the `install-config.yaml` and `agent-config.yaml` files, those files are deleted and replaced by the cluster manifests generated through this command.
+
+Any configurations made to the `install-config.yaml` and `agent-config.yaml` files are imported to the ZTP cluster manifests when you run the `openshift-install agent create cluster-manifests` command.
+====
++
+[NOTE]
+====
+If you have already generated ZTP manifests, skip this step.
+====
+
+. Navigate to the `cluster-manifests` directory:
++
+[source,terminal]
+----
+$ cd <installation_directory>/cluster-manifests
+----
+
+. Add the following section to the `agent-cluster-install.yaml` file:
++
+[source,yaml]
+----
+diskEncryption:
+    enableOn: all <1>
+    mode: tang <2>
+    tangServers: "server1": "http://tang-server-1.example.com:7500" <3>
+----
+<1> Specify which nodes to enable disk encryption on. Valid values are 'none', 'all', 'master', and 'worker'.
+<2> Specify which disk encryption mode to use. Valid values are 'tpmv2' and 'tang'.
+<3> Optional: If you are using Tang, specify the Tang servers.
\ No newline at end of file
diff --git a/modules/installing-ocp-agent-gather-log.adoc b/modules/installing-ocp-agent-gather-log.adoc
new file mode 100644
index 000000000000..b9060df1a1f6
--- /dev/null
+++ b/modules/installing-ocp-agent-gather-log.adoc
@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-ocp-agent-gather-log_{context}"]
+= Gathering log data from a failed Agent-based installation
+
+Use the following procedure to gather log data about a failed Agent-based installation to provide for a support case.
+
+.Prerequisites
+
+* You have configured a DNS record for the Kubernetes API server.
+
+.Procedure
+
+. Run the following command and collect the output:
++
+[source,terminal]
+----
+$ ./openshift-install --dir <install_directory> agent wait-for bootstrap-complete --log-level=debug
+----
++
+.Example error message
+[source,terminal]
+----
+...
+ERROR Bootstrap failed to complete: : bootstrap process timed out: context deadline exceeded
+----
+
+. If the output from the previous command indicates a failure, or if the bootstrap is not progressing, run the following command on node 0 and collect the output:
++
+[source,terminal]
+----
+$ ssh core@<node-ip> sudo /usr/local/bin/agent-gather -O > <local_tmp_path>/agent-gather.tar.xz
+----
++
+[NOTE]
+====
+You only need to gather data from node 0, but gathering this data from every node can be helpful.
+====
+
+. If the bootstrap completes and the cluster nodes reboot, run the following command and collect the output:
++
+[source,terminal]
+----
+$ ./openshift-install --dir <install_directory> agent wait-for install-complete --log-level=debug
+----
+
+. If the output from the previous command indicates a failure, perform the following steps:
+
+.. Export the `kubeconfig` file to your environment by running the following command:
++
+[source,terminal]
+----
+$ export KUBECONFIG=<install_directory>/auth/kubeconfig
+----
+
+.. To gather information for debugging, run the following command:
++
+[source,terminal]
+----
+$ oc adm must-gather
+----
+
+.. Create a compressed file from the `must-gather` directory that was just created in your working directory by running the following command:
++
+[source,terminal]
+----
+$ tar cvaf must-gather.tar.gz <must_gather_directory>
+----
+
+. Excluding the `/auth` subdirectory, attach the installation directory used during the deployment to your support case on the link:https://access.redhat.com[Red Hat Customer Portal].
+
+. Attach all other data gathered from this procedure to your support case.
\ No newline at end of file
diff --git a/modules/installing-ocp-agent-inputs.adoc b/modules/installing-ocp-agent-inputs.adoc
new file mode 100644
index 000000000000..81bc67f7c4ea
--- /dev/null
+++ b/modules/installing-ocp-agent-inputs.adoc
@@ -0,0 +1,198 @@
+// Module included in the following assemblies:
+//
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
+// *installing/installing_with_agent_based_installer/prepare-pxe-infra-agent.adoc
+
+ifeval::["{context}" == "prepare-pxe-assets-agent"]
+:pxe-boot:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-ocp-agent-inputs_{context}"]
+= Creating the preferred configuration inputs
+
+ifndef::pxe-boot[]
+Use this procedure to create the preferred configuration inputs used to create the agent image.
+endif::pxe-boot[]
+ifdef::pxe-boot[]
+Use this procedure to create the preferred configuration inputs used to create the PXE files.
+endif::pxe-boot[]
+
+.Procedure
+
+. Install `nmstate` dependency by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf install /usr/bin/nmstatectl -y
+----
+
+. Place the `openshift-install` binary in a directory that is on your PATH.
+
+. Create a directory to store the install configuration by running the following command:
++
+[source,terminal]
+----
+$ mkdir ~/<directory_name>
+----
+
++
+[NOTE]
+====
+This is the preferred method for the Agent-based installation. Using {ztp} manifests is optional.
+====
+
+. Create the `install-config.yaml` file:
++
+--
+[source,terminal]
+----
+$ cat << EOF > ./my-cluster/install-config.yaml
+apiVersion: v1
+baseDomain: test.example.com
+compute:
+- architecture: amd64 <1>
+  hyperthreading: Enabled
+  name: worker
+  replicas: 0
+controlPlane:
+  architecture: amd64
+  hyperthreading: Enabled
+  name: master
+  replicas: 1
+metadata:
+  name: sno-cluster <2>
+networking:
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 192.168.0.0/16
+  networkType: OVNKubernetes <3>
+  serviceNetwork:
+  - 172.30.0.0/16
+platform: <4>
+  none: {}
+pullSecret: '<pull_secret>' <5>
+sshKey: '<ssh_pub_key>' <6>
+EOF
+----
+<1> Specify the system architecture, valid values are `amd64` and `arm64`.
+<2> Required. Specify your cluster name.
+<3> Specify the cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
+<4> Specify your platform.
++
+[NOTE]
+====
+For bare metal platforms, host settings made in the platform section of the `install-config.yaml` file are used by default, unless they are overridden by configurations made in the `agent-config.yaml` file.
+====
+<5> Specify your pull secret.
+<6> Specify your SSH public key.
+--
++
+[NOTE]
+====
+If you set the platform to `vSphere` or `baremetal`, you can configure IP address endpoints for cluster nodes in three ways:
+
+* IPv4
+* IPv6
+* IPv4 and IPv6 in parallel (dual-stack)
+
+IPv6 is supported only on bare metal platforms.
+====
++
+.Example of dual-stack networking
+[source,yaml]
+----
+networking:
+  clusterNetwork:
+    - cidr: 172.21.0.0/16
+      hostPrefix: 23
+    - cidr: fd02::/48
+      hostPrefix: 64
+  machineNetwork:
+    - cidr: 192.168.11.0/16
+    - cidr: 2001:DB8::/32
+  serviceNetwork:
+    - 172.22.0.0/16
+    - fd03::/112
+  networkType: OVNKubernetes
+platform:
+  baremetal:
+    apiVIPs:
+    - 192.168.11.3
+    - 2001:DB8::4
+    ingressVIPs:
+    - 192.168.11.4
+    - 2001:DB8::5
+----
+
+. Create the `agent-config.yaml` file:
++
+[source,terminal]
+----
+$ cat > agent-config.yaml << EOF
+apiVersion: v1beta1
+kind: AgentConfig
+metadata:
+  name: sno-cluster
+rendezvousIP: 192.168.111.80 <1>
+hosts: <2>
+  - hostname: master-0 <3>
+    interfaces:
+      - name: eno1
+        macAddress: 00:ef:44:21:e6:a5
+    rootDeviceHints: <4>
+      deviceName: /dev/sdb
+    networkConfig: <5>
+      interfaces:
+        - name: eno1
+          type: ethernet
+          state: up
+          mac-address: 00:ef:44:21:e6:a5
+          ipv4:
+            enabled: true
+            address:
+              - ip: 192.168.111.80
+                prefix-length: 23
+            dhcp: false
+      dns-resolver:
+        config:
+          server:
+            - 192.168.111.1
+      routes:
+        config:
+          - destination: 0.0.0.0/0
+            next-hop-address: 192.168.111.2
+            next-hop-interface: eno1
+            table-id: 254
+EOF
+----
++
+<1> This IP address is used to determine which node performs the bootstrapping process as well as running the `assisted-service` component.
+You must provide the rendezvous IP address when you do not specify at least one host's IP address in the `networkConfig` parameter. If this address is not provided, one IP address is selected from the provided hosts' `networkConfig`.
+<2> Optional: Host configuration. The number of hosts defined must not exceed the total number of hosts defined in the `install-config.yaml` file, which is the sum of the values of the `compute.replicas` and `controlPlane.replicas` parameters.
+<3> Optional: Overrides the hostname obtained from either the Dynamic Host Configuration Protocol (DHCP) or a reverse DNS lookup. Each host must have a unique hostname supplied by one of these methods.
+<4> Enables provisioning of the {op-system-first} image to a particular device. The installation program examines the devices in the order it discovers them, and compares the discovered values with the hint values. It uses the first discovered device that matches the hint value.
+<5> Optional: Configures the network interface of a host in NMState format.
+
+ifdef::pxe-boot[]
+
+. Optional: To create an iPXE script, add the `bootArtifactsBaseURL` to the `agent-config.yaml` file:
++
+[source,yaml]
+----
+apiVersion: v1beta1
+kind: AgentConfig
+metadata:
+  name: sno-cluster
+rendezvousIP: 192.168.111.80
+bootArtifactsBaseURL: <asset_server_URL>
+----
++
+Where `<asset_server_URL>` is the URL of the server you will upload the PXE assets to.
+endif::pxe-boot[]
+
+ifeval::["{context}" == "prepare-pxe-assets-agent"]
+:!pxe-boot:
+endif::[]
diff --git a/modules/installing-ocp-agent-tui.adoc b/modules/installing-ocp-agent-tui.adoc
index 4d21bbc7476b..e4a189986cf3 100644
--- a/modules/installing-ocp-agent-tui.adoc
+++ b/modules/installing-ocp-agent-tui.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * installing-with-agent/installing-with-agent.adoc
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-ocp-agent-tui_{context}"]
 = Verifying that the current installation host can pull release images
 
diff --git a/modules/installing-ocp-agent-verify.adoc b/modules/installing-ocp-agent-verify.adoc
index b2eda98b065b..5bacbbc55d55 100644
--- a/modules/installing-ocp-agent-verify.adoc
+++ b/modules/installing-ocp-agent-verify.adoc
@@ -1,13 +1,17 @@
 // Module included in the following assemblies:
 //
-// * installing-with-agent/installing-with-agent.adoc
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-ocp-agent-verify_{context}"]
 = Tracking and verifying installation progress
 
 Use the following procedure to track installation progress and to verify a successful installation.
 
+.Prerequisites
+
+* You have configured a DNS record for the Kubernetes API server.
+
 .Procedure
 
 . Optional: To know when the bootstrap host (rendezvous host) reboots, run the following command:
@@ -66,14 +70,14 @@ If you are using the optional method of {ztp} manifests, you can configure IP ad
 IPv6 is supported only on bare metal platforms.
 ====
 .Example of dual-stack networking
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVIP: 192.168.11.3
 ingressVIP: 192.168.11.4
 clusterDeploymentRef:
   name: mycluster
 imageSetRef:
-  name: openshift-4.13
+  name: openshift-{product-version}
 networking:
   clusterNetwork:
   - cidr: 172.21.0.0/16
diff --git a/modules/installing-private-image-registry-private-azure.adoc b/modules/installing-private-image-registry-private-azure.adoc
new file mode 100644
index 000000000000..ae864b95ff2e
--- /dev/null
+++ b/modules/installing-private-image-registry-private-azure.adoc
@@ -0,0 +1,85 @@
+// Module included in the following assemblies:
+//
+//* registry/configuring_registry_storage-azure.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-private-image-registry-private-azure"]
+= Optional: Preparing a private Microsoft Azure cluster for a private image registry
+
+By installing a private image registry on a private Microsoft Azure cluster, you can create private storage endpoints. Private storage endpoints disable public facing endpoints to the registry's storage account, adding an extra layer of security to your {product-title} deployment.
+Use the following guide to prepare your private Microsoft Azure cluster for installation with a private image registry.
+
+.Prerequisites
+
+* You have access to an {product-title} account with cluster administrator access.
+
+* You have installed the OpenShift CLI (oc).
+
+* You have prepared an `install-config.yaml` that includes the following information:
+** The `publish` field is set to `Internal`
+
+* You have set the permissions for creating a private storage endpoint. For more information, see "Azure permissions for installer-provisioned infrastructure".
+
+.Procedure
+
+. If you have not previously created installation manifest files, do so by running the following command:
++
+[source,terminal]
+----
+$ ./openshift-install create manifests --dir <installation_directory>
+----
++
+This command displays the following messages:
++
+.Example output
+[source,terminal]
+----
+INFO Consuming Install Config from target directory
+INFO Manifests created in: <installation_directory>/manifests and <installation_directory>/openshift
+----
+
+. Create an image registry configuration object and pass in the `networkResourceGroupName`, `subnetName`, and `vnetName` provided by Microsoft Azure. For example:
++
+[source,terminal]
+----
+$ touch imageregistry-config.yaml
+----
++
+[source,yaml]
+----
+apiVersion: imageregistry.operator.openshift.io/v1
+kind: Config
+metadata:
+  name: cluster
+spec:
+  managementState: "Managed"
+  replicas: 2
+  rolloutStrategy: RollingUpdate
+  storage:
+    azure:
+      networkAccess:
+        internal:
+          networkResourceGroupName: <vnet_resource_group> <1>
+          subnetName: <subnet_name> <2>
+          vnetName: <vnet_name> <3>
+        type: Internal 
+----
+<1> Optional. If you have an existing VNet and subnet setup, replace `<vnet_resource_group>` with the resource group name that contains the existing virtual network (VNet).
+<2> Optional. If you have an existing VNet and subnet setup, replace `<subnet_name>` with the name of the existing compute subnet within the specified resource group.
+<3> Optional. If you have an existing VNet and subnet setup, replace `<vnet_name>` with the name of the existing virtual network (VNet) in the specified resource group.
++
+[NOTE]
+====
+The `imageregistry-config.yaml` file is consumed during the installation process. If desired, you must back it up before installation.
+====
+
+. Move the `imageregistry-config.yaml` file to the `<installation_directory/manifests>` folder by running the following command:
++
+[source,terminal]
+----
+$ mv imageregistry-config.yaml <installation_directory/manifests/>
+----
+
+.Next steps
+
+* After you have moved the `imageregistry-config.yaml` file to the `<installation_directory/manifests>` folder and set the required permissions, proceed to "Deploying the cluster".
\ No newline at end of file
diff --git a/modules/installing-rhv-accessing-ocp-web-console.adoc b/modules/installing-rhv-accessing-ocp-web-console.adoc
deleted file mode 100644
index 35d86db327dc..000000000000
--- a/modules/installing-rhv-accessing-ocp-web-console.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-
-:_content-type: PROCEDURE
-[id="installing-rhv-accessing-ocp-web-console_{context}"]
-= Accessing the {product-title} web console on {rh-virtualization}
-
-After the {product-title} cluster initializes, you can log in to the {product-title} web console.
-
-.Procedure
-. Optional: In the {rh-virtualization-first} Administration Portal, open *Compute* -> *Cluster*.
-. Verify that the installation program creates the virtual machines.
-. Return to the command line where the installation program is running. When the installation program finishes, it displays the user name and temporary password for logging into the {product-title} web console.
-. In a browser, open the URL of the {product-title} web console. The URL uses this format:
-+
-----
-console-openshift-console.apps.<clustername>.<basedomain> <1>
-----
-<1> For `<clustername>.<basedomain>`, specify the cluster name and base domain.
-+
-For example:
-+
-----
-console-openshift-console.apps.my-cluster.virtlab.example.com
-----
diff --git a/modules/installing-rhv-example-install-config-yaml.adoc b/modules/installing-rhv-example-install-config-yaml.adoc
deleted file mode 100644
index ed5c0fe71e0b..000000000000
--- a/modules/installing-rhv-example-install-config-yaml.adoc
+++ /dev/null
@@ -1,242 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-
-[id="installing-rhv-example-install-config-yaml_{context}"]
-= Example `install-config.yaml` files for {rh-virtualization-first}
-
-You can customize the {product-title} cluster the installation program creates by changing the parameters and parameter values in the `install-config.yaml` file.
-
-The following examples are specific to installing {product-title} on {rh-virtualization}.
-
-`install-config.yaml` is located in `<installation_directory>`, which you specified when you ran the following command.
-[source,terminal]
-----
-$ ./openshift-install create install-config --dir <installation_directory>
-----
-
-[NOTE]
-====
-* These example files are provided for reference only. You must obtain your
-`install-config.yaml` file by using the installation program.
-* Changing the `install-config.yaml` file can increase the resources your cluster requires. Verify that your {rh-virtualization} environment has those additional resources. Otherwise, the installation or cluster will fail.
-====
-
-[discrete]
-== Example default `install-config.yaml` file
-
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: example.com
-compute:
-- architecture: amd64
-  hyperthreading: Enabled
-  name: worker
-  platform:
-    ovirt:
-      sparse: false <1>
-      format: raw   <2>
-  replicas: 3
-controlPlane:
-  architecture: amd64
-  hyperthreading: Enabled
-  name: master
-  platform:
-      ovirt:
-        sparse: false <1>
-        format: raw   <2>
-  replicas: 3
-metadata:
-  creationTimestamp: null
-  name: my-cluster
-networking:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  machineNetwork:
-  - cidr: 10.0.0.0/16
-  networkType: OVNKubernetes <3>
-  serviceNetwork:
-  - 172.30.0.0/16
-platform:
-  ovirt:
-    api_vips: 
-      - 10.0.0.10
-    ingress_vips: 
-      - 10.0.0.11
-    ovirt_cluster_id: 68833f9f-e89c-4891-b768-e2ba0815b76b
-    ovirt_storage_domain_id: ed7b0f4e-0e96-492a-8fff-279213ee1468
-    ovirt_network_name: ovirtmgmt
-    vnicProfileID: 3fa86930-0be5-4052-b667-b79f0a729692
-publish: External
-pullSecret: '{"auths": ...}'
-sshKey: ssh-ed12345 AAAA...
-----
-
-<1> Setting this option to `false` enables preallocation of disks. The default is `true`. Setting `sparse` to `true` with `format` set to `raw` is not available for block storage domains. The `raw` format writes the entire virtual disk to the underlying physical disk.
-+
-[NOTE]
-====
-Preallocating disks on file storage domains writes zeroes to the file. This might not actually preallocate disks depending on the underlying storage.
-====
-<2> Can be set to `cow` or `raw`. The default is `cow`. The `cow` format is optimized for virtual machines.
-<3> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`.
-
-[NOTE]
-====
-In {product-title} 4.12 and later, the `api_vip` and `ingress_vip` configuration settings are deprecated. Instead, use a list format to enter values in the `api_vips` and `ingress_vips` configuration settings.
-====
-
-[discrete]
-== Example minimal `install-config.yaml` file
-
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: example.com
-metadata:
-  name: test-cluster
-platform:
-  ovirt:
-    api_vips: 
-      - 10.46.8.230
-    ingress_vips: 
-      - 10.46.8.232
-    ovirt_cluster_id: 68833f9f-e89c-4891-b768-e2ba0815b76b
-    ovirt_storage_domain_id: ed7b0f4e-0e96-492a-8fff-279213ee1468
-    ovirt_network_name: ovirtmgmt
-    vnicProfileID: 3fa86930-0be5-4052-b667-b79f0a729692
-pullSecret: '{"auths": ...}'
-sshKey: ssh-ed12345 AAAA...
-----
-
-[NOTE]
-====
-In {product-title} 4.12 and later, the `api_vip` and `ingress_vip` configuration settings are deprecated. Instead, use a list format to enter values in the `api_vips` and `ingress_vips` configuration settings.
-====
-
-[discrete]
-== Example Custom machine pools in an `install-config.yaml` file
-
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: example.com
-controlPlane:
-  name: master
-  platform:
-    ovirt:
-      cpu:
-        cores: 4
-        sockets: 2
-      memoryMB: 65536
-      osDisk:
-        sizeGB: 100
-      vmType: server
-  replicas: 3
-compute:
-- name: worker
-  platform:
-    ovirt:
-      cpu:
-        cores: 4
-        sockets: 4
-      memoryMB: 65536
-      osDisk:
-        sizeGB: 200
-      vmType: server
-  replicas: 5
-metadata:
-  name: test-cluster
-platform:
-  ovirt:
-    api_vips: 
-      - 10.46.8.230
-    ingress_vips: 
-      - 10.46.8.232
-    ovirt_cluster_id: 68833f9f-e89c-4891-b768-e2ba0815b76b
-    ovirt_storage_domain_id: ed7b0f4e-0e96-492a-8fff-279213ee1468
-    ovirt_network_name: ovirtmgmt
-    vnicProfileID: 3fa86930-0be5-4052-b667-b79f0a729692
-pullSecret: '{"auths": ...}'
-sshKey: ssh-ed25519 AAAA...
-----
-
-[NOTE]
-====
-In {product-title} 4.12 and later, the `api_vip` and `ingress_vip` configuration settings are deprecated. Instead, use a list format to enter values in the `api_vips` and `ingress_vips` configuration settings.
-====
-
-[discrete]
-== Example non-enforcing affinity group
-
-It is recommended to add a non-enforcing affinity group to distribute the control plane and workers, if possible, to use as much of the cluster as possible.
-
-[source,yaml]
-----
-platform:
-  ovirt:
-    affinityGroups:
-    - description: AffinityGroup to place each compute machine on a separate host
-      enforcing: true
-      name: compute
-      priority: 3
-    - description: AffinityGroup to place each control plane machine on a separate host
-      enforcing: true
-      name: controlplane
-      priority: 5
-    - description: AffinityGroup to place worker nodes and control plane nodes on separate hosts
-      enforcing: false
-      name: openshift
-      priority: 5
-compute:
-- architecture: amd64
-  hyperthreading: Enabled
-  name: worker
-  platform:
-    ovirt:
-      affinityGroupsNames:
-      - compute
-      - openshift
-  replicas: 3
-controlPlane:
-  architecture: amd64
-  hyperthreading: Enabled
-  name: master
-  platform:
-    ovirt:
-      affinityGroupsNames:
-      - controlplane
-      - openshift
-  replicas: 3
-----
-
-[discrete]
-== Example removing all affinity groups for a non-production lab setup
-
-For non-production lab setups, you must remove all affinity groups to concentrate the {product-title} cluster on the few hosts you have.
-
-[source,yaml]
-----
-platform:
-  ovirt:
-    affinityGroups: []
-compute:
-- architecture: amd64
-  hyperthreading: Enabled
-  name: worker
-  platform:
-    ovirt:
-      affinityGroupsNames: []
-  replicas: 3
-controlPlane:
-  architecture: amd64
-  hyperthreading: Enabled
-  name: master
-  platform:
-    ovirt:
-      affinityGroupsNames: []
-  replicas: 3
-----
diff --git a/modules/installing-rhv-insecure-mode.adoc b/modules/installing-rhv-insecure-mode.adoc
deleted file mode 100644
index a62b0117c593..000000000000
--- a/modules/installing-rhv-insecure-mode.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-
-:_content-type: PROCEDURE
-[id="installing-rhv-insecure-mode_{context}"]
-= Installing {product-title} on {rh-virtualization} in insecure mode
-
-By default, the installer creates a CA certificate, prompts you for confirmation, and stores the certificate to use during installation. You do not need to create or install one manually.
-
-Although it is not recommended, you can override this functionality and install {product-title} without verifying a certificate by installing {product-title} on {rh-virtualization} in *insecure* mode.
-
-[WARNING]
-====
-Installing in *insecure* mode is not recommended, because it enables a potential attacker to perform a Man-in-the-Middle attack and capture sensitive credentials on the network.
-====
-
-.Procedure
-
-. Create a file named `~/.ovirt/ovirt-config.yaml`.
-
-. Add the following content to `ovirt-config.yaml`:
-+
-ifndef::openshift-origin[]
-[source,terminal]
-----
-ovirt_url: https://ovirt.example.com/ovirt-engine/api <1>
-ovirt_fqdn: ovirt.example.com <2>
-ovirt_pem_url: ""
-ovirt_username: ocpadmin@internal
-ovirt_password: super-secret-password <3>
-ovirt_insecure: true
-----
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-[source,terminal]
-----
-ovirt_url: https://ovirt.example.com/ovirt-engine/api <1>
-ovirt_fqdn: ovirt.example.com <2>
-ovirt_pem_url: ""
-ovirt_username: admin@internal
-ovirt_password: super-secret-password <3>
-ovirt_insecure: true
-----
-endif::openshift-origin[]
-<1> Specify the hostname or address of your oVirt engine.
-<2> Specify the fully qualified domain name of your oVirt engine.
-<3> Specify the admin password for your oVirt engine.
-
-. Run the installer.
diff --git a/modules/installing-rhv-network-infrastructure-configuration-upi.adoc b/modules/installing-rhv-network-infrastructure-configuration-upi.adoc
deleted file mode 100644
index e57c140a689d..000000000000
--- a/modules/installing-rhv-network-infrastructure-configuration-upi.adoc
+++ /dev/null
@@ -1,44 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-
-[id="installing-rhv-network-infrastructure-configuration-upi_{context}"]
-= Network infrastructure configuration for installing {product-title} on {rh-virtualization-first}
-
-Before installing {product-title}, configure your network environment to meet the following requirements.
-
-When they boot, virtual machines must have IP addresses get the Ignition config files. Consider configuring DHCP to provide persistent IP addresses and hostnames to the cluster machines.
-// TBD - Day 0 versus day 2? Alternatives?
-
-.Firewall
-
-Configure your firewall so your cluster has access to required sites.
-
-.Network connectivity
-
-// TBD - What do we mean by "machine" here? Where do we configure this? Can this be done at this stage in the process?
-Configure your network to enable the following connections:
-
-* Grant every machine access to every other machine on ports `30000`-`32767`. This provides connectivity to {product-title} components.
-
-* Grant every machine access to reserved ports `10250`-`10259` and `9000`-`9999`.
-
-* Grant every machine access on ports `2379`-`2380`. This provides access to etcd, peers, and metrics on the control plane.
-
-* Grant every machine access to the Kubernetes API on port `6443`.
-
-.Load balancers
-
-Configure one or two (preferred) layer-4 load balancers:
-
-* Provide load balancing for ports `6443` and `22623` on the control plane and bootstrap machines. Port `6443` provides access to the Kubernetes API server and must be reachable both internally and externally. Port `22623` must be accessible to nodes within the cluster.
-
-* Provide load balancing for port `443` and `80` for machines that run the Ingress router, which are usually worker nodes in the default configuration. Both ports must be accessible from within and outside the cluster.
-
-.DNS
-
-Configure infrastructure-provided DNS to allow the correct resolution of the main components and services. If you use only one load balancer, these DNS records can point to the same IP address.
-
-* Create DNS records for `api.<cluster_name>.<base_domain>` (internal and external resolution) and `api-int.<cluster_name>.<base_domain>` (internal resolution) that point to the load balancer for the control plane machines.
-
-* Create a DNS record for `*.apps.<cluster_name>.<base_domain>` that points to the load balancer for the Ingress router. For example, ports `443` and `80` of the compute machines.
diff --git a/modules/installing-rhv-preparing-network-environment.adoc b/modules/installing-rhv-preparing-network-environment.adoc
deleted file mode 100644
index d2e6fd2b1aa8..000000000000
--- a/modules/installing-rhv-preparing-network-environment.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-
-:_content-type: PROCEDURE
-[id="installing-rhv-preparing-network-environment_{context}"]
-= Preparing the network environment on {rh-virtualization}
-
-Configure two static IP addresses for the {product-title} cluster and create DNS entries using these addresses.
-
-.Procedure
-
-. Reserve two static IP addresses
-.. On the network where you plan to install {product-title}, identify two static IP addresses that are outside the DHCP lease pool.
-.. Connect to a host on this network and verify that each of the IP addresses is not in use. For example, use Address Resolution Protocol (ARP) to check that none of the IP addresses have entries:
-+
-[source,terminal]
-----
-$ arp 10.35.1.19
-----
-+
-.Example output
-[source,terminal]
-----
-10.35.1.19 (10.35.1.19) -- no entry
-----
-
-.. Reserve two static IP addresses following the standard practices for your network environment.
-.. Record these IP addresses for future reference.
-
-. Create DNS entries for the {product-title} REST API and apps domain names using this format:
-+
-[source,dns]
-----
-api.<cluster-name>.<base-domain>   <ip-address> <1>
-*.apps.<cluster-name>.<base-domain>   <ip-address> <2>
-----
-<1> For `<cluster-name>`, `<base-domain>`, and `<ip-address>`, specify the cluster name, base domain, and static IP address of your {product-title} API.
-<2> Specify the cluster name, base domain, and static IP address of your {product-title} apps for Ingress and the load balancer.
-+
-For example:
-+
-[source,dns]
-----
-api.my-cluster.virtlab.example.com	10.35.1.19
-*.apps.my-cluster.virtlab.example.com	10.35.1.20
-----
diff --git a/modules/installing-rhv-requirements.adoc b/modules/installing-rhv-requirements.adoc
deleted file mode 100644
index 57ca048af5ef..000000000000
--- a/modules/installing-rhv-requirements.adoc
+++ /dev/null
@@ -1,65 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
-
-[id="installing-rhv-requirements_{context}"]
-= Requirements for the {rh-virtualization} environment
-
-To install and run an {product-title} version {product-version} cluster, the {rh-virtualization} environment must meet the following requirements.
-
-Not meeting these requirements can cause the installation or process to fail. Additionally, not meeting these requirements can cause the {product-title} cluster to fail days or weeks after installation.
-
-The following requirements for CPU, memory, and storage resources are based on *default* values multiplied by the default number of virtual machines the installation program creates. These resources must be available *in addition to* what the {rh-virtualization} environment uses for non-{product-title} operations.
-
-By default, the installation program creates seven virtual machines during the installation process. First, it creates a bootstrap virtual machine to provide temporary services and a control plane while it creates the rest of the {product-title} cluster. When the installation program finishes creating the cluster, deleting the bootstrap machine frees up its resources.
-
-If you increase the number of virtual machines in the {rh-virtualization} environment, you must increase the resources accordingly.
-
-.Requirements
-
-* The {rh-virtualization} version is 4.4.
-* The {rh-virtualization} environment has one data center whose state is *Up*.
-* The {rh-virtualization} data center contains an {rh-virtualization} cluster.
-* The {rh-virtualization} cluster has the following resources exclusively for the {product-title} cluster:
-** Minimum 28 vCPUs: four for each of the seven virtual machines created during installation.
-** 112 GiB RAM or more, including:
-*** 16 GiB or more for the bootstrap machine, which provides the temporary control plane.
-*** 16 GiB or more for each of the three control plane machines which provide the control plane.
-*** 16 GiB or more for each of the three compute machines, which run the application workloads.
-* The {rh-virtualization} storage domain must meet link:https://access.redhat.com/solutions/4770281[these etcd backend performance requirements].
-ifeval::["{context}" == "installing-rhv-default"]
-* For affinity group support:
-Three or more hosts in the {rh-virtualization} cluster. If necessary, you can disable affinity groups. For details, see _Example: Removing all affinity groups for a non-production lab setup_ in _Installing a cluster on {rh-virtualization} with customizations_
-endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-* For affinity group support:
-+
-One physical machine per worker or control plane. Workers and control planes can be on the same physical machine. For example, if you have three workers and three control planes, you need three physical machines. If you have four workers and three control planes, you need four physical machines.
-
-** For hard anti-affinity (default): A minimum of three physical machines. For more than three worker nodes, one physical machine per worker or control plane. Workers and control planes can be on the same physical machine.
-** For custom affinity groups: Ensure that the resources are appropriate for the affinity group rules that you define.
-////
-** Production setup: For hard anti-affinity, you need a minimum of three physical machines. For more than three worker nodes, one physical machine per worker or control plane. Workers and control planes can be on the same physical machine. For example, if you have three workers and three control planes, you need three physical machines. If you have four workers and three control planes, you need four physical machines.
-** Non-production setup, such as a lab: Remove all affinity groups to enable putting multiple workers or control planes on as few physical machines as possible. This setup does not guarantee redundancy so it is not appropriate for production.
-////
-endif::[]
-* In production environments, each virtual machine must have 120 GiB or more. Therefore, the storage domain must provide 840 GiB or more for the default {product-title} cluster. In resource-constrained or non-production environments, each virtual machine must have 32 GiB or more, so the storage domain must have 230 GiB or more for the default {product-title} cluster.
-* To download images from the Red Hat Ecosystem Catalog during installation and update procedures, the {rh-virtualization} cluster must have access to an internet connection. The Telemetry service also needs an internet connection to simplify the subscription and entitlement process.
-// TBD - What about the disconnected installation alternative?
-* The {rh-virtualization} cluster must have a virtual network with access to the REST API on the {rh-virtualization} {rh-virtualization-engine-name}. Ensure that DHCP is enabled on this network, because the VMs that the installer creates obtain their IP address by using DHCP.
-* A user account and group with the following least privileges for installing and managing an {product-title} cluster on the target {rh-virtualization} cluster:
-** `DiskOperator`
-** `DiskCreator`
-** `UserTemplateBasedVm`
-** `TemplateOwner`
-** `TemplateCreator`
-** `ClusterAdmin` on the target cluster
-
-
-[WARNING]
-====
-Apply the principle of least privilege: Avoid using an administrator account with `SuperUser` privileges on {rh-virtualization} during the installation process. The installation program saves the credentials you provide to a temporary `ovirt-config.yaml` file that might be compromised.
-====
diff --git a/modules/installing-rhv-setting-up-ca-certificate.adoc b/modules/installing-rhv-setting-up-ca-certificate.adoc
deleted file mode 100644
index c51b1f93722f..000000000000
--- a/modules/installing-rhv-setting-up-ca-certificate.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installing-rhv-setting-up-ca-certificate_{context}"]
-= Setting up the CA certificate for {rh-virtualization}
-
-Download the CA certificate from the {rh-virtualization-first} Manager and set it up on the installation machine.
-
-You can download the certificate from a webpage on the {rh-virtualization} {rh-virtualization-engine-name} or by using a `curl` command.
-
-Later, you provide the certificate to the installation program.
-
-.Procedure
-
-. Use either of these two methods to download the CA certificate:
-** Go to the {rh-virtualization-engine-name}'s webpage, `\https://<engine-fqdn>/ovirt-engine/`. Then, under *Downloads*, click the *CA Certificate* link.
-** Run the following command:
-+
-[source,terminal]
-----
-$ curl -k 'https://<engine-fqdn>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA' -o /tmp/ca.pem  <1>
-----
-<1> For `<engine-fqdn>`, specify the fully qualified domain name of the {rh-virtualization} {rh-virtualization-engine-name}, such as `rhv-env.virtlab.example.com`.
-
-. Configure the CA file to grant rootless user access to the {rh-virtualization-engine-name}. Set the CA file permissions to have an octal value of `0644` (symbolic value: `-rw-r--r--`):
-+
-[source,terminal]
-----
-$ sudo chmod 0644 /tmp/ca.pem
-----
-. For Linux, copy the CA certificate to the directory for server certificates. Use `-p` to preserve the permissions:
-+
-[source,terminal]
-----
-$ sudo cp -p /tmp/ca.pem /etc/pki/ca-trust/source/anchors/ca.pem
-----
-. Add the certificate to the certificate manager for your operating system:
-** For macOS, double-click the certificate file and use the *Keychain Access* utility to add the file to the *System* keychain.
-** For Linux, update the CA trust:
-+
-[source,terminal]
-----
-$ sudo update-ca-trust
-----
-+
-[NOTE]
-====
-If you use your own certificate authority, make sure the system trusts it.
-====
-
-[role="_additional-resources"]
-.Additional resources
-*To learn more, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html/rest_api_guide/documents-002_authentication_and_security[Authentication and Security] in the {rh-virtualization} documentation.
diff --git a/modules/installing-rhv-setting-up-installation-machine.adoc b/modules/installing-rhv-setting-up-installation-machine.adoc
deleted file mode 100644
index 10f0ba4b4c3c..000000000000
--- a/modules/installing-rhv-setting-up-installation-machine.adoc
+++ /dev/null
@@ -1,50 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-user-infra.adoc
-// * installing/installing-rhv-restricted-network.adoc
-
-:_content-type: PROCEDURE
-[id="installing-rhv-setting-up-installation-machine_{context}"]
-= Setting up the installation machine
-
-
-To run the binary `openshift-install` installation program and Ansible scripts, set up the {rh-virtualization} {rh-virtualization-engine-name} or an {op-system-base-full} computer with network access to the {rh-virtualization} environment and the REST API on the {rh-virtualization-engine-name}.
-
-// The following steps include creating an `ASSETS_DIR` environment variable, which the installation program uses to create a directory of asset files. Later, the installation process reuses this variable to locate these asset files.
-
-.Procedure
-
-. Update or install Python3 and Ansible. For example:
-+
-[source,terminal]
-----
-# dnf update python3 ansible
-----
-
-. link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/python_sdk_guide/chap-overview#Installing_the_Software_Development_Kit[Install the `python3-ovirt-engine-sdk4` package] to get the Python Software Development Kit.
-
-. Install the `ovirt.image-template` Ansible role. On the {rh-virtualization} {rh-virtualization-engine-name} and other {op-system-base-full} machines, this role is distributed as the `ovirt-ansible-image-template` package. For example, enter:
-+
-[source,terminal]
-----
-# dnf install ovirt-ansible-image-template
-----
-
-. Install the `ovirt.vm-infra` Ansible role. On the {rh-virtualization} {rh-virtualization-engine-name} and other {op-system-base} machines, this role is distributed as the `ovirt-ansible-vm-infra` package.
-+
-[source,terminal]
-----
-# dnf install ovirt-ansible-vm-infra
-----
-
-. Create an environment variable and assign an absolute or relative path to it. For example, enter:
-+
-[source,terminal]
-----
-$ export ASSETS_DIR=./wrk
-----
-+
-[NOTE]
-====
-The installation program uses this variable to create a directory where it saves important installation-related files. Later, the installation process reuses this variable to locate those asset files. Avoid deleting this assets directory; it is required for uninstalling the cluster.
-====
diff --git a/modules/installing-rhv-verifying-rhv-environment.adoc b/modules/installing-rhv-verifying-rhv-environment.adoc
deleted file mode 100644
index d5bbe488c525..000000000000
--- a/modules/installing-rhv-verifying-rhv-environment.adoc
+++ /dev/null
@@ -1,75 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_rhv/installing-rhv-customizations.adoc
-// * installing/installing_rhv/installing-rhv-default.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
-
-
-:_content-type: PROCEDURE
-[id="installing-rhv-verifying-rhv-environment_{context}"]
-= Verifying the requirements for the {rh-virtualization} environment
-
-Verify that the {rh-virtualization} environment meets the requirements to install and run an {product-title} cluster. Not meeting these requirements can cause failures.
-
-[IMPORTANT]
-====
-These requirements are based on the default resources the installation program uses to create control plane and compute machines. These resources include vCPUs, memory, and storage. If you change these resources or increase the number of {product-title} machines, adjust these requirements accordingly.
-====
-
-.Procedure
-
-. Check that the {rh-virtualization} version supports installation of {product-title} version {product-version}.
-.. In the {rh-virtualization} Administration Portal, click the *?* help icon in the upper-right corner and select *About*.
-.. In the window that opens, make a note of the **{rh-virtualization} Software Version**.
-.. Confirm that the {rh-virtualization} version is 4.4. For more information about supported version combinations, see link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization}].
-
-. Inspect the data center, cluster, and storage.
-.. In the {rh-virtualization} Administration Portal, click *Compute* -> *Data Centers*.
-.. Confirm that the data center where you plan to install {product-title} is accessible.
-.. Click the name of that data center.
-.. In the data center details, on the *Storage* tab, confirm the storage domain where you plan to install {product-title} is *Active*.
-.. Record the *Domain Name* for use later on.
-.. Confirm *Free Space* has at least 230 GiB.
-.. Confirm that the storage domain meets link:https://access.redhat.com/solutions/4770281[these etcd backend performance requirements], which you link:https://access.redhat.com/solutions/3780861[can measure by using the fio performance benchmarking tool].
-.. In the data center details, click the *Clusters* tab.
-.. Find the {rh-virtualization} cluster where you plan to install {product-title}. Record the cluster name for use later on.
-
-. Inspect the {rh-virtualization} host resources.
-.. In the {rh-virtualization} Administration Portal, click *Compute > Clusters*.
-.. Click the cluster where you plan to install {product-title}.
-.. In the cluster details, click the *Hosts* tab.
-.. Inspect the hosts and confirm they have a combined total of at least 28 *Logical CPU Cores* available _exclusively_ for the {product-title} cluster.
-.. Record the number of available *Logical CPU Cores* for use later on.
-.. Confirm that these CPU cores are distributed so that each of the seven virtual machines created during installation can have four cores.
-.. Confirm that, all together, the hosts have 112 GiB of *Max free Memory for scheduling new virtual machines* distributed to meet the requirements for each of the following {product-title} machines:
-** 16 GiB required for the bootstrap machine
-** 16 GiB required for each of the three control plane machines
-** 16 GiB for each of the three compute machines
-.. Record the amount of *Max free Memory for scheduling new virtual machines* for use later on.
-+
-. Verify that the virtual network for installing {product-title} has access to the {rh-virtualization} {rh-virtualization-engine-name}'s REST API. From a virtual machine on this network, use curl to reach the {rh-virtualization} {rh-virtualization-engine-name}'s REST API:
-+
-[source,terminal]
-----
-$ curl -k -u <username>@<profile>:<password> \ <1>
-https://<engine-fqdn>/ovirt-engine/api <2>
-----
-<1> For `<username>`, specify the user name of an {rh-virtualization} account with privileges to create and manage an {product-title} cluster on {rh-virtualization}. For `<profile>`, specify the login profile, which you can get by going to the {rh-virtualization} Administration Portal login page and reviewing the *Profile* dropdown list. For `<password>`, specify the password for that user name.
-<2> For `<engine-fqdn>`, specify the fully qualified domain name of the {rh-virtualization} environment.
-+
-For example:
-+
-ifndef::openshift-origin[]
-[source,terminal]
-----
-$ curl -k -u ocpadmin@internal:pw123 \
-https://rhv-env.virtlab.example.com/ovirt-engine/api
-----
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-[source,terminal]
-----
-$ curl -k -u admin@internal:pw123 \
-https://ovirtlab.example.com/ovirt-engine/api
-----
-endif::openshift-origin[]
diff --git a/modules/installing-with-usb-media.adoc b/modules/installing-with-usb-media.adoc
index 6ddc31e58025..59b937d16bda 100644
--- a/modules/installing-with-usb-media.adoc
+++ b/modules/installing-with-usb-media.adoc
@@ -2,7 +2,7 @@
 //
 // installing_on_prem_assisted/assisted-installer-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-with-usb-media_{context}"]
 = Creating an ISO image on a USB drive
 
diff --git a/modules/installing-wmco-using-cli.adoc b/modules/installing-wmco-using-cli.adoc
index 26c524e81e39..fdcbdb097ffb 100644
--- a/modules/installing-wmco-using-cli.adoc
+++ b/modules/installing-wmco-using-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/enabling-windows-container-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-wmco-using-cli_{context}"]
 = Installing the Windows Machine Config Operator using the CLI
 
@@ -99,7 +99,7 @@ spec:
 <4> Namespace of the catalog source. Use `openshift-marketplace` for the default OperatorHub catalog sources.
 
 .. Create the subscription:
-+ 
++
 [source,terminal]
 ----
 $ oc create -f <file-name>.yaml
diff --git a/modules/installing-wmco-using-web-console.adoc b/modules/installing-wmco-using-web-console.adoc
index ecedd07973dc..06545af44bfd 100644
--- a/modules/installing-wmco-using-web-console.adoc
+++ b/modules/installing-wmco-using-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/enabling-windows-container-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-wmco-using-web-console_{context}"]
 = Installing the Windows Machine Config Operator using the web console
 
diff --git a/modules/interacting-serverless-apps-http2-gRPC-up-to-4-9.adoc b/modules/interacting-serverless-apps-http2-gRPC-up-to-4-9.adoc
index 0fbdab288897..a2de9abd6066 100644
--- a/modules/interacting-serverless-apps-http2-gRPC-up-to-4-9.adoc
+++ b/modules/interacting-serverless-apps-http2-gRPC-up-to-4-9.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/knative-serving/external-ingress-routing/using-http2-gRPC.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="interacting-serverless-apps-http2-grpc-up-to-4-9_{context}"]
 = Interacting with a serverless application using HTTP2 and gRPC in {product-title} 4.9 and older
 
diff --git a/modules/interacting-serverless-apps-http2-gRPC.adoc b/modules/interacting-serverless-apps-http2-gRPC.adoc
index 94dca60949d7..cb827222a03e 100644
--- a/modules/interacting-serverless-apps-http2-gRPC.adoc
+++ b/modules/interacting-serverless-apps-http2-gRPC.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/knative-serving/external-ingress-routing/using-http2-gRPC.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="interacting-serverless-apps-http2-grpc_{context}"]
 = Interacting with a serverless application using HTTP2 and gRPC
 
diff --git a/modules/investigating-etcd-installation-issues.adoc b/modules/investigating-etcd-installation-issues.adoc
index 36fef0831551..3f68450eee44 100644
--- a/modules/investigating-etcd-installation-issues.adoc
+++ b/modules/investigating-etcd-installation-issues.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="investigating-etcd-installation-issues_{context}"]
 = Investigating etcd installation issues
 
@@ -10,7 +10,12 @@ If you experience etcd issues during installation, you can check etcd pod status
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * You have SSH access to your hosts.
 * You have the fully qualified domain names of the control plane nodes.
diff --git a/modules/investigating-kernel-crashes.adoc b/modules/investigating-kernel-crashes.adoc
index 435d702f9f96..fb9b5e88b5e4 100644
--- a/modules/investigating-kernel-crashes.adoc
+++ b/modules/investigating-kernel-crashes.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operating-system-issues.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="investigating-kernel-crashes"]
 = Investigating kernel crashes
 
diff --git a/modules/investigating-kubelet-api-installation-issues.adoc b/modules/investigating-kubelet-api-installation-issues.adoc
index 318b634d6586..6c634f35962f 100644
--- a/modules/investigating-kubelet-api-installation-issues.adoc
+++ b/modules/investigating-kubelet-api-installation-issues.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="investigating-kubelet-api-installation-issues_{context}"]
 = Investigating control plane node kubelet and API server issues
 
@@ -10,7 +10,12 @@ To investigate control plane node kubelet and API server issues during installat
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * You have SSH access to your hosts.
 * You have the fully qualified domain names of the control plane nodes.
diff --git a/modules/investigating-master-node-installation-issues.adoc b/modules/investigating-master-node-installation-issues.adoc
index 39f69cc8cddb..868beab5ae0f 100644
--- a/modules/investigating-master-node-installation-issues.adoc
+++ b/modules/investigating-master-node-installation-issues.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="investigating-master-node-installation-issues_{context}"]
 = Investigating control plane node installation issues
 
@@ -10,7 +10,12 @@ If you experience control plane node installation issues, determine the control
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * You have SSH access to your hosts.
 * You have the fully qualified domain names of the bootstrap and control plane nodes.
diff --git a/modules/investigating-why-windows-machine-compute-node.adoc b/modules/investigating-why-windows-machine-compute-node.adoc
index 340bca3d04a7..45f658bd556c 100644
--- a/modules/investigating-why-windows-machine-compute-node.adoc
+++ b/modules/investigating-why-windows-machine-compute-node.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="investigating-why-windows-machine-compute-node_{context}"]
 = Investigating why Windows Machine does not become compute node
 
diff --git a/modules/investigating-worker-node-installation-issues.adoc b/modules/investigating-worker-node-installation-issues.adoc
index 0050ee3a5593..b7befd525580 100644
--- a/modules/investigating-worker-node-installation-issues.adoc
+++ b/modules/investigating-worker-node-installation-issues.adoc
@@ -2,15 +2,20 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="investigating-worker-node-installation-issues_{context}"]
 = Investigating worker node installation issues
 
-If you experience worker node installation issues, you can review the worker node status. Collect `kubelet.service`, `crio.service` journald unit logs and the worker node container logs for visibility into the worker node agent, CRI-O container runtime and pod activity. Additionally, you can check the Ignition file and Machine API Operator functionality. If worker node post-installation configuration fails, check Machine Config Operator (MCO) and DNS functionality. You can also verify system clock synchronization between the bootstrap, master, and worker nodes, and validate certificates.
+If you experience worker node installation issues, you can review the worker node status. Collect `kubelet.service`, `crio.service` journald unit logs and the worker node container logs for visibility into the worker node agent, CRI-O container runtime and pod activity. Additionally, you can check the Ignition file and Machine API Operator functionality. If worker node postinstallation configuration fails, check Machine Config Operator (MCO) and DNS functionality. You can also verify system clock synchronization between the bootstrap, master, and worker nodes, and validate certificates.
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * You have SSH access to your hosts.
 * You have the fully qualified domain names of the bootstrap and worker nodes.
diff --git a/modules/ipi-install-additional-install-config-parameters.adoc b/modules/ipi-install-additional-install-config-parameters.adoc
index 54e2f5c90e59..eda5f6d87701 100644
--- a/modules/ipi-install-additional-install-config-parameters.adoc
+++ b/modules/ipi-install-additional-install-config-parameters.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="additional-install-config-parameters_{context}"]
 = Additional `install-config` parameters
 
@@ -24,13 +24,17 @@ and the `bmc` parameter for the `install-config.yaml` file.
 | `UEFI`
 | The boot mode for a node. Options are `legacy`, `UEFI`, and `UEFISecureBoot`. If `bootMode` is not set, Ironic sets it while inspecting the node.
 
+| `bootstrapExternalStaticDNS`
+|
+| The static network DNS of the bootstrap node. This can be useful in environments without a DHCP server.
+
 | `bootstrapExternalStaticIP`
 |
-| The static IP address for the bootstrap VM. You must set this value when deploying a cluster with static IP addresses when there is no DHCP server on the `baremetal` network.
+| The static IP address for the bootstrap VM. You must set this value when deploying a cluster with static IP addresses when there is no DHCP server on the bare-metal network.
 
 | `bootstrapExternalStaticGateway`
 |
-| The static IP address of the gateway for the bootstrap VM. You must set this value when deploying a cluster with static IP addresses when there is no DHCP server on the `baremetal` network.
+| The static IP address of the gateway for the bootstrap VM. You must set this value when deploying a cluster with static IP addresses when there is no DHCP server on the bare-metal network.
 
 | `sshKey`
 |
@@ -94,14 +98,14 @@ controlPlane:
 |
 |Replicas sets the number of control plane (master) nodes included as part of the {product-title} cluster.
 
-a| `provisioningNetworkInterface` |  | The name of the network interface on nodes connected to the `provisioning` network. For {product-title} 4.9 and later releases, use the `bootMACAddress` configuration setting to enable Ironic to identify the IP address of the NIC instead of using the `provisioningNetworkInterface` configuration setting to identify the name of the NIC.
+a| `provisioningNetworkInterface` |  | The name of the network interface on nodes connected to the provisioning network. For {product-title} 4.9 and later releases, use the `bootMACAddress` configuration setting to enable Ironic to identify the IP address of the NIC instead of using the `provisioningNetworkInterface` configuration setting to identify the name of the NIC.
 
 
 | `defaultMachinePlatform` | | The default configuration used for machine pools without a platform configuration.
 
 | `apiVIPs` | a| (Optional) The virtual IP address for Kubernetes API communication.
 
-This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `apiVIPs` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `api.<cluster_name>.<base_domain>` to derive the IP address from the DNS.
+This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or preconfigured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `apiVIPs` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `api.<cluster_name>.<base_domain>` to derive the IP address from the DNS.
 
 [NOTE]
 ====
@@ -113,7 +117,7 @@ Before {product-title} 4.12, the cluster installation program only accepted an I
 
 | `ingressVIPs` | a| (Optional) The virtual IP address for ingress traffic.
 
-This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIPs` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS.
+This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or preconfigured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIPs` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS.
 
 [NOTE]
 ====
@@ -132,27 +136,27 @@ Before {product-title} 4.12, the cluster installation program only accepted an I
 
 |`provisioningDHCPRange`
 |`172.22.0.10,172.22.0.100`
-|Defines the IP range for nodes on the `provisioning` network.
+|Defines the IP range for nodes on the provisioning network.
 
 a|`provisioningNetworkCIDR`
 |`172.22.0.0/24`
-|The CIDR for the network to use for provisioning. This option is required when not using the default address range on the `provisioning` network.
+|The CIDR for the network to use for provisioning. This option is required when not using the default address range on the provisioning network.
 
 |`clusterProvisioningIP`
 |The third IP address of the `provisioningNetworkCIDR`.
-|The IP address within the cluster where the provisioning services run. Defaults to the third IP address of the `provisioning` subnet. For example, `172.22.0.3`.
+|The IP address within the cluster where the provisioning services run. Defaults to the third IP address of the provisioning subnet. For example, `172.22.0.3`.
 
 |`bootstrapProvisioningIP`
 |The second IP address of the `provisioningNetworkCIDR`.
-|The IP address on the bootstrap VM where the provisioning services run while the installer is deploying the control plane (master) nodes. Defaults to the second IP address of the `provisioning` subnet. For example, `172.22.0.2` or `2620:52:0:1307::2`.
+|The IP address on the bootstrap VM where the provisioning services run while the installer is deploying the control plane (master) nodes. Defaults to the second IP address of the provisioning subnet. For example, `172.22.0.2` or `2620:52:0:1307::2`.
 
 | `externalBridge`
 | `baremetal`
-| The name of the `baremetal` bridge of the hypervisor attached to the `baremetal` network.
+| The name of the bare-metal bridge of the hypervisor attached to the bare-metal network.
 
 | `provisioningBridge`
 | `provisioning`
-| The name of the `provisioning` bridge on the `provisioner` host attached to the `provisioning` network.
+| The name of the provisioning bridge on the `provisioner` host attached to the provisioning network.
 
 |`architecture`
 |
@@ -169,9 +173,9 @@ a|`provisioningNetworkCIDR`
 
 | `provisioningNetwork`
 |
-| The `provisioningNetwork` configuration setting determines whether the cluster uses the `provisioning` network. If it does, the configuration setting also determines if the cluster manages the network.
+| The `provisioningNetwork` configuration setting determines whether the cluster uses the provisioning network. If it does, the configuration setting also determines if the cluster manages the network.
 
-`Disabled`: Set this parameter to `Disabled` to disable the requirement for a `provisioning` network. When set to `Disabled`, you must only use virtual media based provisioning, or bring up the cluster using the assisted installer. If `Disabled` and using power management, BMCs must be accessible from the `baremetal` network. If `Disabled`, you must provide two IP addresses on the `baremetal` network that are used for the provisioning services.
+`Disabled`: Set this parameter to `Disabled` to disable the requirement for a provisioning network. When set to `Disabled`, you must only use virtual media based provisioning, or bring up the cluster using the assisted installer. If `Disabled` and using power management, BMCs must be accessible from the bare-metal network. If `Disabled`, you must provide two IP addresses on the bare-metal network that are used for the provisioning services.
 
 `Managed`: Set this parameter to `Managed`, which is the default, to fully manage the provisioning network, including DHCP, TFTP, and so on.
 
@@ -217,11 +221,11 @@ The `hosts` parameter is a list of separate bare metal assets used to build the
 
 | `bootMACAddress`
 |
-a| The MAC address of the NIC that the host uses for the `provisioning` network. Ironic retrieves the IP address using the `bootMACAddress` configuration setting. Then, it binds to the host.
+a| The MAC address of the NIC that the host uses for the provisioning network. Ironic retrieves the IP address using the `bootMACAddress` configuration setting. Then, it binds to the host.
 
 [NOTE]
 ====
-You must provide a valid MAC address from the host if you disabled the `provisioning` network.
+You must provide a valid MAC address from the host if you disabled the provisioning network.
 ====
 
 | `networkConfig`
diff --git a/modules/ipi-install-bmc-addressing-for-dell-idrac.adoc b/modules/ipi-install-bmc-addressing-for-dell-idrac.adoc
index 70e64c820bad..0be425621e5b 100644
--- a/modules/ipi-install-bmc-addressing-for-dell-idrac.adoc
+++ b/modules/ipi-install-bmc-addressing-for-dell-idrac.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-configuration-files.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id='bmc-addressing-for-dell-idrac_{context}']
 = BMC addressing for Dell iDRAC
 
diff --git a/modules/ipi-install-bmc-addressing-for-fujitsu-irmc.adoc b/modules/ipi-install-bmc-addressing-for-fujitsu-irmc.adoc
index 0599b7fe6c3b..b5b9b48e0452 100644
--- a/modules/ipi-install-bmc-addressing-for-fujitsu-irmc.adoc
+++ b/modules/ipi-install-bmc-addressing-for-fujitsu-irmc.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-configuration-files.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id='bmc-addressing-for-fujitsu-irmc_{context}']
 = BMC addressing for Fujitsu iRMC
 
diff --git a/modules/ipi-install-bmc-addressing-for-hpe-ilo.adoc b/modules/ipi-install-bmc-addressing-for-hpe-ilo.adoc
index b73aba9d4e59..63c5a71b09ff 100644
--- a/modules/ipi-install-bmc-addressing-for-hpe-ilo.adoc
+++ b/modules/ipi-install-bmc-addressing-for-hpe-ilo.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-configuration-files.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id='bmc-addressing-for-hpe-ilo_{context}']
 = BMC addressing for HPE iLO
 
diff --git a/modules/ipi-install-bmc-addressing.adoc b/modules/ipi-install-bmc-addressing.adoc
index f025e2f7b06b..9d33bc5b688e 100644
--- a/modules/ipi-install-bmc-addressing.adoc
+++ b/modules/ipi-install-bmc-addressing.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-configuration-files.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id='bmc-addressing_{context}']
 = BMC addressing
 
@@ -77,25 +77,25 @@ You need to ensure that your BMC supports all of the redfish APIs before install
 List of redfish APIs::
 * Power on
 +
-[source, terminal]
+[source,terminal]
 ----
 curl -u $USER:$PASS -X POST -H'Content-Type: application/json' -H'Accept: application/json' -d '{"Action": "Reset", "ResetType": "On"}' https://$SERVER/redfish/v1/Systems/$SystemID/Actions/ComputerSystem.Reset
 ----
 * Power off
 +
-[source, terminal]
+[source,terminal]
 ----
 curl -u $USER:$PASS -X POST -H'Content-Type: application/json' -H'Accept: application/json' -d '{"Action": "Reset", "ResetType": "ForceOff"}' https://$SERVER/redfish/v1/Systems/$SystemID/Actions/ComputerSystem.Reset
 ----
-* Temporary boot using `pxe` 
+* Temporary boot using `pxe`
 +
-[source, terminal]
+[source,terminal]
 ----
 curl -u $USER:$PASS -X PATCH -H "Content-Type: application/json"  https://$Server/redfish/v1/Systems/$SystemID/ -d '{"Boot": {"BootSourceOverrideTarget": "pxe", "BootSourceOverrideEnabled": "Once"}}
 ----
 * Set BIOS boot mode using `Legacy` or `UEFI`
 +
-[source, terminal]
+[source,terminal]
 ----
 curl -u $USER:$PASS -X PATCH -H "Content-Type: application/json"  https://$Server/redfish/v1/Systems/$SystemID/ -d '{"Boot": {"BootSourceOverrideMode":"UEFI"}}
 ----
@@ -103,13 +103,13 @@ curl -u $USER:$PASS -X PATCH -H "Content-Type: application/json"  https://$Serve
 List of redfish-virtualmedia APIs::
 * Set temporary boot device using `cd` or `dvd`
 +
-[source, terminal]
+[source,terminal]
 ----
 curl -u $USER:$PASS -X PATCH -H "Content-Type: application/json" https://$Server/redfish/v1/Systems/$SystemID/ -d '{"Boot": {"BootSourceOverrideTarget": "cd", "BootSourceOverrideEnabled": "Once"}}'
 ----
 * Mount virtual media
 +
-[source, terminal]
+[source,terminal]
 ----
 curl -u $USER:$PASS -X PATCH -H "Content-Type: application/json" -H "If-Match: *" https://$Server/redfish/v1/Managers/$ManagerID/VirtualMedia/$VmediaId -d '{"Image": "https://example.com/test.iso", "TransferProtocolType": "HTTPS", "UserName": "", "Password":""}'
 ----
diff --git a/modules/ipi-install-checking-ntp-sync.adoc b/modules/ipi-install-checking-ntp-sync.adoc
new file mode 100644
index 000000000000..1038846c79e6
--- /dev/null
+++ b/modules/ipi-install-checking-ntp-sync.adoc
@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * list of assemblies where this module is included
+// ipi-install-installation-workflow.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="checking-ntp-sync_{context}"]
+= Checking NTP server synchronization
+
+The {product-title} installation program installs the `chrony` Network Time Protocol (NTP) service on the cluster nodes. To complete installation, each node must have access to an NTP time server. You can verify NTP server synchronization by using the `chrony` service.
+
+For disconnected clusters, you must configure the NTP servers on the control plane nodes. For more information see the _Additional resources_ section.
+
+.Prerequisites
+
+* You installed the `chrony` package on the target node.
+
+.Procedure
+
+. Log in to the node by using the `ssh` command.
+
+. View the NTP servers available to the node by running the following command:
++
+[source,terminal]
+----
+$ chronyc sources
+----
++
+.Example output
+[source,terminal]
+----
+MS Name/IP address         Stratum Poll Reach LastRx Last sample
+===============================================================================
+^+ time.cloudflare.com           3  10   377   187   -209us[ -209us] +/-   32ms
+^+ t1.time.ir2.yahoo.com         2  10   377   185  -4382us[-4382us] +/-   23ms
+^+ time.cloudflare.com           3  10   377   198   -996us[-1220us] +/-   33ms
+^* brenbox.westnet.ie            1  10   377   193  -9538us[-9761us] +/-   24ms
+----
+
+. Use the `ping` command to ensure that the node can access an NTP server, for example:
++
+[source,terminal]
+----
+$ ping time.cloudflare.com
+----
++
+.Example output
+[source,terminal]
+----
+PING time.cloudflare.com (162.159.200.123) 56(84) bytes of data.
+64 bytes from time.cloudflare.com (162.159.200.123): icmp_seq=1 ttl=54 time=32.3 ms
+64 bytes from time.cloudflare.com (162.159.200.123): icmp_seq=2 ttl=54 time=30.9 ms
+64 bytes from time.cloudflare.com (162.159.200.123): icmp_seq=3 ttl=54 time=36.7 ms
+...
+----
diff --git a/modules/ipi-install-configure-multiple-cluster-nodes.adoc b/modules/ipi-install-configure-multiple-cluster-nodes.adoc
index 4401d1b2a5f8..4e61e39affb2 100644
--- a/modules/ipi-install-configure-multiple-cluster-nodes.adoc
+++ b/modules/ipi-install-configure-multiple-cluster-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ipi-install-configure-multiple-cluster-nodes_{context}"]
 = Configuring multiple cluster nodes
 
diff --git a/modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc b/modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc
index e7a965141d3d..048a99ffeaa5 100644
--- a/modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc
+++ b/modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-custom
 :vSphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='configure-network-components-to-run-on-the-control-plane_{context}']
 = Configuring network components to run on the control plane
 
diff --git a/modules/ipi-install-configuring-host-dual-network-interfaces-in-the-install-config.yaml-file.adoc b/modules/ipi-install-configuring-host-dual-network-interfaces-in-the-install-config.yaml-file.adoc
index 88c0e5ed3cb1..64abbe326dfd 100644
--- a/modules/ipi-install-configuring-host-dual-network-interfaces-in-the-install-config.yaml-file.adoc
+++ b/modules/ipi-install-configuring-host-dual-network-interfaces-in-the-install-config.yaml-file.adoc
@@ -2,7 +2,7 @@
 //
 // installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-host-dual-network-interfaces-in-the-install-config-yaml-file_{context}"]
 = Optional: Configuring host network interfaces for dual port NIC
 
diff --git a/modules/ipi-install-configuring-host-network-interfaces-for-subnets.adoc b/modules/ipi-install-configuring-host-network-interfaces-for-subnets.adoc
new file mode 100644
index 000000000000..e4ee3e73889d
--- /dev/null
+++ b/modules/ipi-install-configuring-host-network-interfaces-for-subnets.adoc
@@ -0,0 +1,59 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ipi-install-configuring-host-network-interfaces-for-subnets_{context}"]
+= Configuring host network interfaces for subnets
+
+For edge computing scenarios, it can be beneficial to locate worker nodes closer to the edge. To locate remote worker nodes in subnets, you might use different network segments or subnets for the remote worker nodes than you used for the control plane subnet and local worker nodes. You can reduce latency for the edge and allow for enhanced scalability by setting up subnets for edge computing scenarios.
+
+If you have established different network segments or subnets for remote worker nodes as described in the section on "Establishing communication between subnets", you must specify the subnets in the `machineNetwork` configuration setting if the workers are using static IP addresses, bonds or other advanced networking. When setting the node IP address in the `networkConfig` parameter for each remote worker node, you must also specify the gateway and the DNS server for the subnet containing the control plane nodes when using static IP addresses. This ensures the remote worker nodes can reach the subnet containing the control plane nodes and that they can receive network traffic from the control plane.
+
+[IMPORTANT]
+====
+All control plane nodes must run in the same subnet. When using more than one subnet, you can also configure the Ingress VIP to run on the control plane nodes by using a manifest. See "Configuring network components to run on the control plane" for details.
+
+Deploying a cluster with multiple subnets requires using virtual media, such as `redfish-virtualmedia` and `idrac-virtualmedia`.
+====
+
+.Procedure
+
+. Add the subnets to the `machineNetwork` in the `install-config.yaml` file when using static IP addresses:
++
+[source,yaml]
+----
+networking:
+  machineNetwork:
+  - cidr: 10.0.0.0/24
+  - cidr: 192.168.0.0/24
+  networkType: OVNKubernetes
+----
+
+. Add the gateway and DNS configuration to the `networkConfig` parameter of each edge worker node using NMState syntax when using a static IP address or advanced networking such as bonds:
++
+[source,yaml]
+----
+networkConfig:
+  nmstate:
+    interfaces:
+    - name: <interface_name> <1>
+      type: ethernet
+      state: up
+      ipv4:
+        enabled: true
+        dhcp: false
+        address:
+        - ip: <node_ip> <2>
+          prefix-length: 24
+        gateway: <gateway_ip> <3>
+        dns-resolver:
+          config:
+            server:
+            - <dns_ip> <4>
+----
++
+<1> Replace `<interface_name>` with the interface name.
+<2> Replace `<node_ip>` with the IP address of the node.
+<3> Replace `<gateway_ip>` with the IP address of the gateway.
+<4> Replace `<dns_ip>` with the IP address of the DNS server.
diff --git a/modules/ipi-install-configuring-host-network-interfaces-in-the-install-config.yaml-file.adoc b/modules/ipi-install-configuring-host-network-interfaces-in-the-install-config.yaml-file.adoc
index e8ef61cd91ba..be0bb72bb00d 100644
--- a/modules/ipi-install-configuring-host-network-interfaces-in-the-install-config.yaml-file.adoc
+++ b/modules/ipi-install-configuring-host-network-interfaces-in-the-install-config.yaml-file.adoc
@@ -2,15 +2,15 @@
 //
 // installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-host-network-interfaces-in-the-install-config-yaml-file_{context}"]
 = Optional: Configuring host network interfaces
 
 Before installation, you can set the `networkConfig` configuration setting in the `install-config.yaml` file to configure host network interfaces using NMState.
 
-The most common use case for this functionality is to specify a static IP address on the `baremetal` network, but you can also configure other networks such as a storage network. This functionality supports other NMState features such as VLAN, VXLAN, bridges, bonds, routes, MTU, and DNS resolver settings.
+The most common use case for this functionality is to specify a static IP address on the bare-metal network, but you can also configure other networks such as a storage network. This functionality supports other NMState features such as VLAN, VXLAN, bridges, bonds, routes, MTU, and DNS resolver settings.
 
-.Prequisites
+.Prerequisites
 
 * Configure a `PTR` DNS record with a valid hostname for each node with a static IP address.
 * Install the NMState CLI (`nmstate`).
diff --git a/modules/ipi-install-configuring-managed-secure-boot-in-the-install-config-file.adoc b/modules/ipi-install-configuring-managed-secure-boot-in-the-install-config-file.adoc
index 6aa79c6131d0..ad760cccd10c 100644
--- a/modules/ipi-install-configuring-managed-secure-boot-in-the-install-config-file.adoc
+++ b/modules/ipi-install-configuring-managed-secure-boot-in-the-install-config-file.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-configuration-files.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-managed-secure-boot-in-the-install-config-file_{context}"]
 = Optional: Configuring managed Secure Boot
 
@@ -16,7 +16,7 @@ hosts:
     role: master
     bmc:
       address: redfish://<out_of_band_ip> <1>
-      username: <user>
+      username: <username>
       password: <password>
     bootMACAddress: <NIC1_mac_address>
     rootDeviceHints:
diff --git a/modules/ipi-install-configuring-networking.adoc b/modules/ipi-install-configuring-networking.adoc
index 04d71a4ca8a9..6a67e54d1d55 100644
--- a/modules/ipi-install-configuring-networking.adoc
+++ b/modules/ipi-install-configuring-networking.adoc
@@ -2,11 +2,11 @@
 //
 // ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-networking_{context}"]
 = Configuring networking
 
-Before installation, you must configure the networking on the provisioner node. Installer-provisioned clusters deploy with a `baremetal` bridge and network, and an optional `provisioning` bridge and network.
+Before installation, you must configure the networking on the provisioner node. Installer-provisioned clusters deploy with a bare-metal bridge and network, and an optional provisioning bridge and network.
 
 image::210_OpenShift_Baremetal_IPI_Deployment_updates_0122_1.png[Configure networking]
 
@@ -17,14 +17,14 @@ You can also configure networking from the web console.
 
 .Procedure
 
-. Export the `baremetal` network NIC name:
+. Export the bare-metal network NIC name:
 +
 [source,terminal]
 ----
 $ export PUB_CONN=<baremetal_nic_name>
 ----
 
-. Configure the `baremetal` network:
+. Configure the bare-metal network:
 +
 [NOTE]
 ====
@@ -45,14 +45,14 @@ $ sudo nohup bash -c "
 "
 ----
 
-. Optional: If you are deploying with a `provisioning` network, export the `provisioning` network NIC name:
+. Optional: If you are deploying with a provisioning network, export the provisioning network NIC name:
 +
 [source,terminal]
 ----
 $ export PROV_CONN=<prov_nic_name>
 ----
 
-. Optional: If you are deploying with a `provisioning` network, configure the `provisioning` network:
+. Optional: If you are deploying with a provisioning network, configure the provisioning network:
 +
 [source,terminal]
 ----
@@ -71,12 +71,12 @@ $ sudo nohup bash -c "
 ====
 The ssh connection might disconnect after executing these steps.
 
-The IPv6 address can be any address as long as it is not routable via the `baremetal` network.
+The IPv6 address can be any address as long as it is not routable via the bare-metal network.
 
 Ensure that UEFI is enabled and UEFI PXE settings are set to the IPv6 protocol when using IPv6 addressing.
 ====
 
-. Optional: If you are deploying with a `provisioning` network, configure the IPv4 address on the `provisioning` network connection:
+. Optional: If you are deploying with a provisioning network, configure the IPv4 address on the provisioning network connection:
 +
 [source,terminal]
 ----
diff --git a/modules/ipi-install-configuring-nodes.adoc b/modules/ipi-install-configuring-nodes.adoc
index 43dc661dc3e8..32105291de7e 100644
--- a/modules/ipi-install-configuring-nodes.adoc
+++ b/modules/ipi-install-configuring-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-nodes_{context}"]
 = Configuring nodes
 
@@ -25,7 +25,7 @@ While the cluster nodes can contain more than two NICs, the installation process
 | NIC2 | `baremetal` | `<baremetal_vlan>`
 |===
 
-ifndef::openshift-origin[The {op-system-base-full} 8.x installation process on the provisioner node might vary. To install {op-system-base-full} 8.x using a local Satellite server or a PXE server, PXE-enable NIC2.]
+ifndef::openshift-origin[The {op-system-base-full} {op-system-version} installation process on the provisioner node might vary. To install {op-system-base-full} {op-system-version} using a local Satellite server or a PXE server, PXE-enable NIC2.]
 ifdef::openshift-origin[The {op-system-first} installation process on the provisioner node might vary. To install {op-system} using a local Satellite server or a PXE server, PXE-enable NIC2.]
 
 [options="header"]
diff --git a/modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc b/modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc
index 586e449e88fa..28e59d63d1a7 100644
--- a/modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc
+++ b/modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc
@@ -3,7 +3,7 @@
 // installing/installing_bare_metal_ipi/ipi-install-configuration-files
 // installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-ntp-for-disconnected-clusters_{context}"]
 = Optional: Configuring NTP for disconnected clusters
 
@@ -31,11 +31,11 @@ image::152_OpenShift_Config_NTP_0421.png[Configuring NTP for disconnected cluste
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 .Butane config example
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-master-chrony-conf-override
   labels:
@@ -89,11 +89,11 @@ $ butane 99-master-chrony-conf-override.bu -o 99-master-chrony-conf-override.yam
 
 . Create a Butane config, `99-worker-chrony-conf-override.bu`, including the contents of the `chrony.conf` file for the worker nodes that references the NTP servers on the control plane nodes.
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 .Butane config example
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-worker-chrony-conf-override
   labels:
diff --git a/modules/ipi-install-configuring-storage-on-nodes.adoc b/modules/ipi-install-configuring-storage-on-nodes.adoc
index bbb02a91cea4..9fa2b68c17b0 100644
--- a/modules/ipi-install-configuring-storage-on-nodes.adoc
+++ b/modules/ipi-install-configuring-storage-on-nodes.adoc
@@ -3,7 +3,7 @@
 // * list of assemblies where this module is included
 // ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-storage-on-nodes_{context}"]
 = Optional: Configuring storage on nodes
 
diff --git a/modules/ipi-install-configuring-the-bios.adoc b/modules/ipi-install-configuring-the-bios.adoc
index d7b119137a1c..5a9891f29819 100644
--- a/modules/ipi-install-configuring-the-bios.adoc
+++ b/modules/ipi-install-configuring-the-bios.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-bios_{context}"]
 = Optional: Configuring the BIOS
 
diff --git a/modules/ipi-install-configuring-the-install-config-file.adoc b/modules/ipi-install-configuring-the-install-config-file.adoc
index cfb4a4bd7d39..a1a5beccfa0f 100644
--- a/modules/ipi-install-configuring-the-install-config-file.adoc
+++ b/modules/ipi-install-configuring-the-install-config-file.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-install-config-file_{context}"]
 = Configuring the install-config.yaml file
 
@@ -52,29 +52,29 @@ platform:
           password: <password>
         bootMACAddress: <NIC1_mac_address>
         rootDeviceHints:
-         deviceName: "/dev/disk/by-id/<disk_id>" <5>
+         deviceName: "<installation_disk_drive_path>" <5>
       - name: <openshift_master_1>
         role: master
         bmc:
-          address: ipmi://<out_of_band_ip> <4>
+          address: ipmi://<out_of_band_ip>
           username: <user>
           password: <password>
         bootMACAddress: <NIC1_mac_address>
         rootDeviceHints:
-         deviceName: "/dev/disk/by-id/<disk_id>" <5>
+         deviceName: "<installation_disk_drive_path>"
       - name: <openshift_master_2>
         role: master
         bmc:
-          address: ipmi://<out_of_band_ip> <4>
+          address: ipmi://<out_of_band_ip>
           username: <user>
           password: <password>
         bootMACAddress: <NIC1_mac_address>
         rootDeviceHints:
-         deviceName: "/dev/disk/by-id/<disk_id>" <5>
+         deviceName: "<installation_disk_drive_path>"
       - name: <openshift_worker_0>
         role: worker
         bmc:
-          address: ipmi://<out_of_band_ip> <4>
+          address: ipmi://<out_of_band_ip>
           username: <user>
           password: <password>
         bootMACAddress: <NIC1_mac_address>
@@ -86,22 +86,36 @@ platform:
           password: <password>
         bootMACAddress: <NIC1_mac_address>
         rootDeviceHints:
-         deviceName: "/dev/disk/by-id/<disk_id>" <5>
+         deviceName: "<installation_disk_drive_path>"
 pullSecret: '<pull_secret>'
 sshKey: '<ssh_pub_key>'
 ----
 +
+--
 <1> Scale the worker machines based on the number of worker nodes that are part of the {product-title} cluster. Valid options for the `replicas` value are `0` and integers greater than or equal to `2`. Set the number of replicas to `0` to deploy a three-node cluster, which contains only three control plane machines. A three-node cluster is a smaller, more resource-efficient cluster that can be used for testing, development, and production. You cannot install the cluster with only one worker.
-<2> When deploying a cluster with static IP addresses, you must set the `bootstrapExternalStaticIP` configuration setting to specify the static IP address of the bootstrap VM when there is no DHCP server on the `baremetal` network.
-<3> When deploying a cluster with static IP addresses, you must set the `bootstrapExternalStaticGateway` configuration setting to specify the gateway IP address for the bootstrap VM when there is no DHCP server on the `baremetal` network.
+<2> When deploying a cluster with static IP addresses, you must set the `bootstrapExternalStaticIP` configuration setting to specify the static IP address of the bootstrap VM when there is no DHCP server on the bare-metal network.
+<3> When deploying a cluster with static IP addresses, you must set the `bootstrapExternalStaticGateway` configuration setting to specify the gateway IP address for the bootstrap VM when there is no DHCP server on the bare-metal network.
 <4> See the BMC addressing sections for more options.
-<5> Set the path to the installation disk drive, for example, `/dev/disk/by-id/wwn-0x64cd98f04fde100024684cf3034da5c2`.
+<5> To set the path to the installation disk drive, enter the kernel name of the disk. For example, `/dev/sda`.
++
+[IMPORTANT]
+====
+Because the disk discovery order is not guaranteed, the kernel name of the disk can change across booting options for machines with multiple disks. For instance, `/dev/sda` becomes `/dev/sdb` and vice versa.
+To avoid this issue, you must use persistent disk attributes, such as the disk World Wide Name (WWN). To use the disk WWN, replace the `deviceName` parameter with the `wwnWithExtension` parameter. Depending on the parameter that you use, enter the disk name, for example, `/dev/sda` or the disk WWN, for example, `"0x64cd98f04fde100024684cf3034da5c2"`. Ensure that you enter the disk WWN value within quotes so that it is used as a string value and not a hexadecimal value.
+
+Failure to meet these requirements for the `rootDeviceHints` parameter might result in the following error:
+
+[source,text]
+----
+ironic-inspector inspection failed: No disks satisfied root device hints
+----
+====
 
 [NOTE]
 ====
-Before {product-title} 4.12, the cluster installation program only accepted an IPv4 address or and IPv6 address for the `apiVIP` and `ingressVIP` configuration settings. In {product-title} 4.12 and later, these configuration settings are deprecated. Instead, use a list format in the `apiVIPs` and `ingressVIPs` configuration settings to specify IPv4 addresses, IPv6 addresses or both IP address formats. 
+Before {product-title} 4.12, the cluster installation program only accepted an IPv4 address or and IPv6 address for the `apiVIP` and `ingressVIP` configuration settings. In {product-title} 4.12 and later, these configuration settings are deprecated. Instead, use a list format in the `apiVIPs` and `ingressVIPs` configuration settings to specify IPv4 addresses, IPv6 addresses or both IP address formats.
 ====
-
+--
 . Create a directory to store the cluster configuration:
 +
 [source,terminal]
diff --git a/modules/ipi-install-configuring-the-metal3-config-file.adoc b/modules/ipi-install-configuring-the-metal3-config-file.adoc
index c1a1e116c224..8c42d64f8d3a 100644
--- a/modules/ipi-install-configuring-the-metal3-config-file.adoc
+++ b/modules/ipi-install-configuring-the-metal3-config-file.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-metal3-config-file_{context}"]
 = Configuring the `metal3-config.yaml` file
 
diff --git a/modules/ipi-install-configuring-the-raid.adoc b/modules/ipi-install-configuring-the-raid.adoc
index e5cc66f3ba1d..183c1656a1d6 100644
--- a/modules/ipi-install-configuring-the-raid.adoc
+++ b/modules/ipi-install-configuring-the-raid.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-raid_{context}"]
 = Optional: Configuring the RAID
 
diff --git a/modules/ipi-install-creating-a-disconnected-registry.adoc b/modules/ipi-install-creating-a-disconnected-registry.adoc
index cf9ec762b2b6..94d37d6cbbe8 100644
--- a/modules/ipi-install-creating-a-disconnected-registry.adoc
+++ b/modules/ipi-install-creating-a-disconnected-registry.adoc
@@ -3,7 +3,7 @@
 // * list of assemblies where this module is included
 // install/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ipi-install-creating-a-disconnected-registry_{context}"]
 = Creating a disconnected registry
 
diff --git a/modules/ipi-install-creating-an-rhcos-images-cache.adoc b/modules/ipi-install-creating-an-rhcos-images-cache.adoc
index f96f6e62c9e3..b9c65a5bd9d2 100644
--- a/modules/ipi-install-creating-an-rhcos-images-cache.adoc
+++ b/modules/ipi-install-creating-an-rhcos-images-cache.adoc
@@ -2,7 +2,7 @@
 //
 //  *installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-creating-an-rhcos-images-cache_{context}"]
 = Optional: Creating an {op-system} images cache
 
diff --git a/modules/ipi-install-creating-the-openshift-manifests.adoc b/modules/ipi-install-creating-the-openshift-manifests.adoc
index a6df3631755d..42f230aeaa05 100644
--- a/modules/ipi-install-creating-the-openshift-manifests.adoc
+++ b/modules/ipi-install-creating-the-openshift-manifests.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-the-openshift-manifests_{context}"]
 = Creating the {product-title} manifests
 
diff --git a/modules/ipi-install-deploying-routers-on-worker-nodes.adoc b/modules/ipi-install-deploying-routers-on-worker-nodes.adoc
index 061049a4b502..c0066f4bfe6a 100644
--- a/modules/ipi-install-deploying-routers-on-worker-nodes.adoc
+++ b/modules/ipi-install-deploying-routers-on-worker-nodes.adoc
@@ -3,7 +3,7 @@
 // * list of assemblies where this module is included
 // ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-routers-on-worker-nodes_{context}"]
 = Optional: Deploying routers on worker nodes
 
diff --git a/modules/ipi-install-deploying-the-cluster-via-the-openshift-installer.adoc b/modules/ipi-install-deploying-the-cluster-via-the-openshift-installer.adoc
index 43409f23a30c..95d811cd15ea 100644
--- a/modules/ipi-install-deploying-the-cluster-via-the-openshift-installer.adoc
+++ b/modules/ipi-install-deploying-the-cluster-via-the-openshift-installer.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='deploying-the-cluster-via-the-openshift-installer_{context}']
 = Deploying the cluster via the {product-title} installer
 
diff --git a/modules/ipi-install-diagnosing-duplicate-mac-address.adoc b/modules/ipi-install-diagnosing-duplicate-mac-address.adoc
index f2641ee92e1e..13bc01cd9588 100644
--- a/modules/ipi-install-diagnosing-duplicate-mac-address.adoc
+++ b/modules/ipi-install-diagnosing-duplicate-mac-address.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-diagnosing-duplicate-mac-address_{context}"]
 = Diagnosing a duplicate MAC address when provisioning a new host in the cluster
 
diff --git a/modules/ipi-install-establishing-communication-between-subnets.adoc b/modules/ipi-install-establishing-communication-between-subnets.adoc
new file mode 100644
index 000000000000..a2ec0bdee552
--- /dev/null
+++ b/modules/ipi-install-establishing-communication-between-subnets.adoc
@@ -0,0 +1,155 @@
+// This module is included in the following assemblies:
+//
+// installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ipi-install-establishing-communication-between-subnets_{context}"]
+= Establishing communication between subnets
+
+In a typical {product-title} cluster setup, all nodes, including the control plane and worker nodes, reside in the same network. However, for edge computing scenarios, it can be beneficial to locate worker nodes closer to the edge. This often involves using different network segments or subnets for the remote worker nodes than the subnet used by the control plane and local worker nodes. Such a setup can reduce latency for the edge and allow for enhanced scalability. However, the network must be configured properly before installing {product-title} to ensure that the edge subnets containing the remote worker nodes can reach the subnet containing the control plane nodes and receive traffic from the control plane too.
+
+[IMPORTANT]
+====
+All control plane nodes must run in the same subnet. When using more than one subnet, you can also configure the Ingress VIP to run on the control plane nodes by using a manifest. See "Configuring network components to run on the control plane" for details.
+
+Deploying a cluster with multiple subnets requires using virtual media.
+====
+
+This procedure details the network configuration required to allow the remote worker nodes in the second subnet to communicate effectively with the control plane nodes in the first subnet and to allow the control plane nodes in the first subnet to communicate effectively with the remote worker nodes in the second subnet.
+
+In this procedure, the cluster spans two subnets:
+
+- The first subnet (`10.0.0.0`) contains the control plane and local worker nodes.
+- The second subnet (`192.168.0.0`) contains the edge worker nodes.
+
+.Procedure
+
+. Configure the first subnet to communicate with the second subnet:
+
+.. Log in as `root` to a control plane node by running the following command:
++
+[source,terminal]
+----
+$ sudo su -
+----
+
+.. Get the name of the network interface:
++
+[source,terminal]
+----
+# nmcli dev status
+----
+
+.. Add a route to the second subnet (`192.168.0.0`) via the gateway:
+s+
+[source,terminal]
+----
+# nmcli connection modify <interface_name> +ipv4.routes "192.168.0.0/24 via <gateway>"
+----
++
+Replace `<interface_name>` with the interface name. Replace `<gateway>` with the IP address of the actual gateway.
++
+.Example
++
+[source,terminal]
+----
+# nmcli connection modify eth0 +ipv4.routes "192.168.0.0/24 via 192.168.0.1"
+----
+
+.. Apply the changes:
++
+[source,terminal]
+----
+# nmcli connection up <interface_name>
+----
++
+Replace `<interface_name>` with the interface name.
+
+.. Verify the routing table to ensure the route has been added successfully:
++
+[source,terminal]
+----
+# ip route
+----
+
+.. Repeat the previous steps for each control plane node in the first subnet.
++
+[NOTE]
+====
+Adjust the commands to match your actual interface names and gateway.
+====
+
+. Configure the second subnet to communicate with the first subnet:
+
+.. Log in as `root` to a remote worker node:
++
+[source,terminal]
+----
+$ sudo su -
+----
+
+.. Get the name of the network interface:
++
+[source,terminal]
+----
+# nmcli dev status
+----
+
+.. Add a route to the first subnet (`10.0.0.0`) via the gateway:
++
+[source,terminal]
+----
+# nmcli connection modify <interface_name> +ipv4.routes "10.0.0.0/24 via <gateway>"
+----
++
+Replace `<interface_name>` with the interface name. Replace `<gateway>` with the IP address of the actual gateway.
++
+.Example
++
+[source,terminal]
+----
+# nmcli connection modify eth0 +ipv4.routes "10.0.0.0/24 via 10.0.0.1"
+----
+
+.. Apply the changes:
++
+[source,terminal]
+----
+# nmcli connection up <interface_name>
+----
++
+Replace `<interface_name>` with the interface name.
+
+.. Verify the routing table to ensure the route has been added successfully:
++
+[source,terminal]
+----
+# ip route
+----
+
+.. Repeat the previous steps for each worker node in the second subnet.
++
+[NOTE]
+====
+Adjust the commands to match your actual interface names and gateway.
+====
+
+. Once you have configured the networks, test the connectivity to ensure the remote worker nodes can reach the control plane nodes and the control plane nodes can reach the remote worker nodes.
+
+.. From the control plane nodes in the first subnet, ping a remote worker node in the second subnet:
++
+[source,terminal]
+----
+$ ping <remote_worker_node_ip_address>
+----
++
+If the ping is successful, it means the control plane nodes in the first subnet can reach the remote worker nodes in the second subnet. If you don't receive a response, review the network configurations and repeat the procedure for the node.
+
+.. From the remote worker nodes in the second subnet, ping a control plane node in the first subnet:
++
+[source,terminal]
+----
+$ ping <control_plane_node_ip_address>
+----
++
+If the ping is successful, it means the remote worker nodes in the second subnet can reach the control plane in the first subnet. If you don't receive a response, review the network configurations and repeat the procedure for the node.
diff --git a/modules/ipi-install-extracting-the-openshift-installer.adoc b/modules/ipi-install-extracting-the-openshift-installer.adoc
index 163f6743e738..84399c27bf94 100644
--- a/modules/ipi-install-extracting-the-openshift-installer.adoc
+++ b/modules/ipi-install-extracting-the-openshift-installer.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="extracting-the-openshift-installer_{context}"]
 = Extracting the {product-title} installer
 
diff --git a/modules/ipi-install-firmware-requirements-for-installing-with-virtual-media.adoc b/modules/ipi-install-firmware-requirements-for-installing-with-virtual-media.adoc
index 0ae303aab7e5..569b839e903a 100644
--- a/modules/ipi-install-firmware-requirements-for-installing-with-virtual-media.adoc
+++ b/modules/ipi-install-firmware-requirements-for-installing-with-virtual-media.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id='ipi-install-firmware-requirements-for-installing-with-virtual-media_{context}']
 = Firmware requirements for installing with virtual media
 
diff --git a/modules/ipi-install-following-the-installation.adoc b/modules/ipi-install-following-the-installation.adoc
index 2d2f4ca4ead5..ad31bfbf0237 100644
--- a/modules/ipi-install-following-the-installation.adoc
+++ b/modules/ipi-install-following-the-installation.adoc
@@ -2,7 +2,7 @@
 //
 //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-following-the-installation_{context}"]
 = Following the installation
 
diff --git a/modules/ipi-install-installing-rhel-on-the-provisioner-node.adoc b/modules/ipi-install-installing-rhel-on-the-provisioner-node.adoc
index 799a1c9ac08e..b2c810083465 100644
--- a/modules/ipi-install-installing-rhel-on-the-provisioner-node.adoc
+++ b/modules/ipi-install-installing-rhel-on-the-provisioner-node.adoc
@@ -3,7 +3,7 @@
 // * list of assemblies where this module is included
 // ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-rhel-on-the-provisioner-node_{context}"]
 = Installing {op-system-base} on the provisioner node
 
diff --git a/modules/ipi-install-ipv6-network-requirements.adoc b/modules/ipi-install-ipv6-network-requirements.adoc
index 65273f590ac0..fc8c5895a02b 100644
--- a/modules/ipi-install-ipv6-network-requirements.adoc
+++ b/modules/ipi-install-ipv6-network-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // ipi-install-prerequisites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ipi-install-ipv6-network-requirements_{context}"]
 = IPv6 Network Requirements
 
diff --git a/modules/ipi-install-mirroring-for-disconnected-registry.adoc b/modules/ipi-install-mirroring-for-disconnected-registry.adoc
index ff216870ccce..ef6cd88d1c78 100644
--- a/modules/ipi-install-mirroring-for-disconnected-registry.adoc
+++ b/modules/ipi-install-mirroring-for-disconnected-registry.adoc
@@ -3,7 +3,7 @@
 // * list of assemblies where this module is included
 // install/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-mirroring-for-disconnected-registry_{context}"]
 = Mirroring the {product-title} image repository for a disconnected registry
 
diff --git a/modules/ipi-install-modifying-install-config-for-dual-stack-network.adoc b/modules/ipi-install-modifying-install-config-for-dual-stack-network.adoc
index 5b92189d4b74..f1dd124bd38f 100644
--- a/modules/ipi-install-modifying-install-config-for-dual-stack-network.adoc
+++ b/modules/ipi-install-modifying-install-config-for-dual-stack-network.adoc
@@ -2,11 +2,12 @@
 //
 // ipi-install-configuration-files.adoc
 // installing-vsphere-installer-provisioned-network-customizations.adoc
+
 ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
-:vSphere:
+:vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='modifying-install-config-for-dual-stack-network_{context}']
 = Optional: Deploying with dual-stack networking
 
@@ -29,10 +30,11 @@ serviceNetwork:
 
 To provide an interface to the cluster for applications that use IPv4 and IPv6 addresses, configure IPv4 and IPv6 virtual IP (VIP) address endpoints for the Ingress VIP and API VIP services. To configure IPv4 and IPv6 address endpoints, edit the `apiVIPs` and `ingressVIPs` configuration settings in the `install-config.yaml` file . The `apiVIPs` and `ingressVIPs` configuration settings use a list format. The order of the list indicates the primary and secondary VIP address for each service.
 
+ifdef::vsphere[]
 [source,yaml]
 ----
 platform:
-  baremetal:
+  vsphere:
     apiVIPs:
       - <api_ipv4>
       - <api_ipv6>
@@ -40,20 +42,23 @@ platform:
       - <wildcard_ipv4>
       - <wildcard_ipv6>
 ----
+endif::[]
 
-ifdef::vSphere[]
-[IMPORTANT]
-====
-You can configure dual-stack networking on a single interface only.
-====
+ifndef::vsphere[]
+[source,yaml]
+----
+platform:
+  baremetal:
+    apiVIPs:
+      - <api_ipv4>
+      - <api_ipv6>
+    ingressVIPs:
+      - <wildcard_ipv4>
+      - <wildcard_ipv6>
+----
+endif::[]
 
 [NOTE]
 ====
-* In a vSphere cluster configured for dual-stack networking, the node custom resource object has only the IP address from the primary network listed in `Status.addresses` field.
-* In the pod that uses the host networking with dual-stack connectivity, the `Status.podIP` and `Status.podIPs` fields contain only the IP address from the primary network.
-====
-endif::vSphere[]
-
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
-:!vSphere:
-endif::[]
\ No newline at end of file
+For a cluster with dual-stack networking configuration, you must assign both IPv4 and IPv6 addresses to the same interface.
+====
\ No newline at end of file
diff --git a/modules/ipi-install-modifying-install-config-for-no-provisioning-network.adoc b/modules/ipi-install-modifying-install-config-for-no-provisioning-network.adoc
index 082a02d4e122..b1949cd90b1c 100644
--- a/modules/ipi-install-modifying-install-config-for-no-provisioning-network.adoc
+++ b/modules/ipi-install-modifying-install-config-for-no-provisioning-network.adoc
@@ -2,7 +2,7 @@
 //
 // ipi-install-configuration-files.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='modifying-install-config-for-no-provisioning-network_{context}']
 = Optional: Deploying with no provisioning network
 
@@ -12,9 +12,9 @@ To deploy an {product-title} cluster without a `provisioning` network, make the
 ----
 platform:
   baremetal:
-    apiVIPs: 
+    apiVIPs:
       - <api_VIP>
-    ingressVIPs: 
+    ingressVIPs:
       - <ingress_VIP>
     provisioningNetwork: "Disabled" <1>
 ----
diff --git a/modules/ipi-install-modifying-install-config-for-slaac-dual-stack-network.adoc b/modules/ipi-install-modifying-install-config-for-slaac-dual-stack-network.adoc
new file mode 100644
index 000000000000..511e12f76c15
--- /dev/null
+++ b/modules/ipi-install-modifying-install-config-for-slaac-dual-stack-network.adoc
@@ -0,0 +1,62 @@
+// This is included in the following assemblies:
+//
+// ipi-install-configuration-files.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id='ipi-install-modifying-install-config-for-slaac-dual-stack-network_{context}']
+= Optional: Configuring address generation modes for SLAAC in dual-stack networks
+
+For dual-stack clusters that use Stateless Address AutoConfiguration (SLAAC), you must specify a global value for the `ipv6.addr-gen-mode` network setting. You can set this value using NMState to configure the ramdisk and the cluster configuration files. If you don't configure a consistent `ipv6.addr-gen-mode` in these locations, IPv6 address mismatches can occur between CSR resources and `BareMetalHost` resources in the cluster.
+
+.Prerequisites
+
+* Install the NMState CLI (`nmstate`).
+
+.Procedure
+
+. Optional: Consider testing the NMState YAML syntax with the `nmstatectl gc` command before including it in the `install-config.yaml` file because the installation program will not check the NMState YAML syntax.
+
+.. Create an NMState YAML file:
++
+[source,yaml]
+----
+interfaces:
+- name: eth0
+  ipv6:
+    addr-gen-mode: <address_mode> <1>
+----
+<1> Replace `<address_mode>` with the type of address generation mode required for IPv6 addresses in the cluster. Valid values are `eui64`, `stable-privacy`, or `random`.
+
+.. Test the configuration file by running the following command:
++
+[source,terminal]
+----
+$ nmstatectl gc <nmstate_yaml_file> <1>
+----
+<1> Replace `<nmstate_yaml_file>` with the name of the test configuration file.
+
+. Add the NMState configuration to the `hosts.networkConfig` section within the install-config.yaml file:
++
+[source,yaml]
+----
+    hosts:
+      - name: openshift-master-0
+        role: master
+        bmc:
+          address: redfish+http://<out_of_band_ip>/redfish/v1/Systems/
+          username: <user>
+          password: <password>
+          disableCertificateVerification: null
+        bootMACAddress: <NIC1_mac_address>
+        bootMode: UEFI
+        rootDeviceHints:
+          deviceName: "/dev/sda"
+        networkConfig:
+          interfaces:
+          - name: eth0
+            ipv6:
+              addr-gen-mode: <address_mode> <1>
+...
+
+----
+<1> Replace `<address_mode>` with the type of address generation mode required for IPv6 addresses in the cluster. Valid values are `eui64`, `stable-privacy`, or `random`.
diff --git a/modules/ipi-install-network-requirements.adoc b/modules/ipi-install-network-requirements.adoc
index 6f7e3f8872ea..0bd7a8665ac2 100644
--- a/modules/ipi-install-network-requirements.adoc
+++ b/modules/ipi-install-network-requirements.adoc
@@ -2,21 +2,54 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: CONCEPT
-[id='network-requirements_{context}']
+:_mod-docs-content-type: CONCEPT
+[id="network-requirements_{context}"]
 = Network requirements
 
 Installer-provisioned installation of {product-title} involves several network requirements. First, installer-provisioned installation involves an optional non-routable `provisioning` network for provisioning the operating system on each bare metal node. Second, installer-provisioned installation involves a routable `baremetal` network.
 
 image::210_OpenShift_Baremetal_IPI_Deployment_updates_0122_2.png[Installer-provisioned networking]
 
+[id="network-requirements-ensuring-required-ports-are-open_{context}"]
+== Ensuring required ports are open
+
+Certain ports must be open between cluster nodes for installer-provisioned installations to complete successfully. In certain situations, such as using separate subnets for far edge worker nodes, you must ensure that the nodes in these subnets can communicate with nodes in the other subnets on the following required ports.
+
+.Required ports
+[options="header"]
+|====
+|Port|Description
+
+|`67`,`68` | When using a provisioning network, cluster nodes access the `dnsmasq` DHCP server over their provisioning network interfaces using ports `67` and `68`.
+
+| `69` | When using a provisioning network, cluster nodes communicate with the TFTP server on port `69` using their provisioning network interfaces. The TFTP server runs on the bootstrap VM. The bootstrap VM runs on the provisioner node.
+
+| `80` | When not using the image caching option or when using virtual media, the provisioner node must have port `80` open on the `baremetal` machine network interface to stream the {op-system-first} image from the provisioner node to the cluster nodes.
+
+| `123` | The cluster nodes must access the NTP server on port `123` using the `baremetal` machine network.
+
+|`5050`| The Ironic Inspector API runs on the control plane nodes and listens on port `5050`. The Inspector API is responsible for hardware introspection, which collects information about the hardware characteristics of the bare metal nodes.
+
+|`6180`| When deploying with virtual media and not using TLS, the provisioner node and the control plane nodes must have port `6180` open on the `baremetal` machine network interface so that the baseboard management controller (BMC) of the worker nodes can access the {op-system} image. Starting with {product-title} 4.13, the default HTTP port is `6180`.
+
+|`6183`| When deploying with virtual media and using TLS, the provisioner node and the control plane nodes must have port `6183` open on the `baremetal` machine network interface so that the BMC of the worker nodes can access the {op-system} image.
+
+|`6385`| The Ironic API server runs initially on the bootstrap VM and later on the control plane nodes and listens on port `6385`. The Ironic API allows clients to interact with Ironic for bare metal node provisioning and management, including operations like enrolling new nodes, managing their power state, deploying images, and cleaning the hardware.
+
+|`8080`| When using image caching without TLS, port `8080` must be open on the provisioner node and accessible by the BMC interfaces of the cluster nodes.
+
+|`8083`| When using the image caching option with TLS, port `8083` must be open on the provisioner node and accessible by the BMC interfaces of the cluster nodes.
+
+|`9999`| By default, the Ironic Python Agent (IPA) listens on TCP port `9999` for API calls from the Ironic conductor service. This port is used for communication between the bare metal node where IPA is running and the Ironic conductor service.
+
+|====
 
 [id="network-requirements-increase-mtu_{context}"]
 == Increase the network MTU
 
 Before deploying {product-title}, increase the network maximum transmission unit (MTU) to 1500 or more. If the MTU is lower than 1500, the Ironic image that is used to boot the node might fail to communicate with the Ironic inspector pod, and inspection will fail. If this occurs, installation stops because the nodes are not available for installation.
 
-[id='network-requirements-config-nics_{context}']
+[id="network-requirements-config-nics_{context}"]
 == Configuring NICs
 
 {product-title} deploys with two networks:
@@ -34,7 +67,7 @@ The `provisioning` network is optional, but it is required for PXE booting. If y
 When using a VLAN, each NIC must be on a separate VLAN corresponding to the appropriate network.
 ====
 
-[id='network-requirements-dns_{context}']
+[id="network-requirements-dns_{context}"]
 == DNS requirements
 
 Clients access the {product-title} cluster nodes over the `baremetal` network. A network administrator must configure a subdomain or subzone where the canonical name extension is the cluster name.
@@ -87,14 +120,14 @@ For example, `console-openshift-console.apps.<cluster_name>.<base_domain>` is us
 You can use the `dig` command to verify DNS resolution.
 ====
 
-[id='network-requirements-dhcp-reqs_{context}']
+[id="network-requirements-dhcp-reqs_{context}"]
 == Dynamic Host Configuration Protocol (DHCP) requirements
 
 By default, installer-provisioned installation deploys `ironic-dnsmasq` with DHCP enabled for the `provisioning` network. No other DHCP servers should be running on the `provisioning` network when the `provisioningNetwork` configuration setting is set to `managed`, which is the default value. If you have a DHCP server running on the `provisioning` network, you must set the `provisioningNetwork` configuration setting to `unmanaged` in the `install-config.yaml` file.
 
 Network administrators must reserve IP addresses for each node in the {product-title} cluster for the `baremetal` network on an external DHCP server.
 
-[id='network-requirements-reserving-ip-addresses_{context}']
+[id="network-requirements-reserving-ip-addresses_{context}"]
 == Reserving IP addresses for nodes with the DHCP server
 
 For the `baremetal` network, a network administrator must reserve a number of IP addresses, including:
@@ -111,7 +144,7 @@ For the `baremetal` network, a network administrator must reserve a number of IP
 [IMPORTANT]
 .Reserving IP addresses so they become static IP addresses
 ====
-Some administrators prefer to use static IP addresses so that each node's IP address remains constant in the absence of a DHCP server. To configure static IP addresses with NMState, see "(Optional) Configuring host network interfaces" in the "Setting up the environment for an OpenShift installation" section.
+Some administrators prefer to use static IP addresses so that each node's IP address remains constant in the absence of a DHCP server. To configure static IP addresses with NMState, see "(Optional) Configuring node network interfaces" in the "Setting up the environment for an OpenShift installation" section.
 ====
 
 [IMPORTANT]
@@ -146,7 +179,14 @@ The following table provides an exemplary embodiment of fully qualified domain n
 If you do not create DHCP reservations, the installer requires reverse DNS resolution to set the hostnames for the Kubernetes API node, the provisioner node, the control plane nodes, and the worker nodes.
 ====
 
-[id='network-requirements-ntp_{context}']
+[id="network-requirements-provisioner_{context}"]
+== Provisioner node requirements
+
+You must specify the MAC address for the provisioner node in your installation configuration. The `bootMacAddress` specification is typically associated with PXE network booting. However, the Ironic provisioning service also requires the `bootMacAddress` specification to identify nodes during the inspection of the cluster, or during node redeployment in the cluster.
+
+The provisioner node requires layer 2 connectivity for network booting, DHCP and DNS resolution, and local network communication. The provisioner node requires layer 3 connectivity for virtual media booting.
+
+[id="network-requirements-ntp_{context}"]
 == Network Time Protocol (NTP)
 
 Each {product-title} node in the cluster must have access to an NTP server. {product-title} nodes use NTP to synchronize their clocks. For example, cluster nodes use SSL certificates that require validation, which might fail if the date and time between the nodes are not in sync.
@@ -158,7 +198,7 @@ Define a consistent clock date and time format in each cluster node's BIOS setti
 
 You can reconfigure the control plane nodes to act as NTP servers on disconnected clusters, and reconfigure worker nodes to retrieve time from the control plane nodes.
 
-[id='network-requirements-out-of-band_{context}']
+[id="network-requirements-out-of-band_{context}"]
 == Port access for the out-of-band management IP address
 
-The out-of-band management IP address is on a separate network from the node. To ensure that the out-of-band management can communicate with the provisioner during installation, the out-of-band management IP address must be granted access to port `6180` on the bootstrap host and on the {product-title} control plane hosts. TLS port `6183` is required for virtual media installation, for example, via Redfish.
+The out-of-band management IP address is on a separate network from the node. To ensure that the out-of-band management can communicate with the provisioner node during installation, the out-of-band management IP address must be granted access to port `6180` on the provisioner node and on the {product-title} control plane nodes. TLS port `6183` is required for virtual media installation, for example, by using Redfish.
diff --git a/modules/ipi-install-node-requirements.adoc b/modules/ipi-install-node-requirements.adoc
index 68a0a5bf2447..aa4bc42b9793 100644
--- a/modules/ipi-install-node-requirements.adoc
+++ b/modules/ipi-install-node-requirements.adoc
@@ -2,15 +2,15 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="node-requirements_{context}"]
 = Node requirements
 
 Installer-provisioned installation involves a number of hardware node requirements:
 
-* *CPU architecture:* All nodes must use `x86_64` 
+* *CPU architecture:* All nodes must use `x86_64`
 ifndef::openshift-origin[]
-or `aarch64` 
+or `aarch64`
 endif::openshift-origin[]
 CPU architecture.
 * *Similar nodes:* Red Hat recommends nodes have an identical configuration per role. That is, Red Hat recommends nodes be the same brand and model with the same CPU, memory, and storage configuration.
@@ -18,7 +18,7 @@ CPU architecture.
 * *Baseboard Management Controller:* The `provisioner` node must be able to access the baseboard management controller (BMC) of each {product-title} cluster node. You may use IPMI, Redfish, or a proprietary protocol.
 
 ifndef::openshift-origin[]
-* *Latest generation:* Nodes must be of the most recent generation. Installer-provisioned installation relies on BMC protocols, which must be compatible across nodes. Additionally, {op-system-base} 8 ships with the most recent drivers for RAID controllers. Ensure that the nodes are recent enough to support {op-system-base} 8 for the `provisioner` node and {op-system} 8 for the control plane and worker nodes.
+* *Latest generation:* Nodes must be of the most recent generation. Installer-provisioned installation relies on BMC protocols, which must be compatible across nodes. Additionally, {op-system-base} {op-system-version} ships with the most recent drivers for RAID controllers. Ensure that the nodes are recent enough to support {op-system-base} {op-system-version} for the `provisioner` node and {op-system} {op-system-version} for the control plane and worker nodes.
 endif::[]
 ifdef::openshift-origin[]
 * *Latest generation:* Nodes must be of the most recent generation. Installer-provisioned installation relies on BMC protocols, which must be compatible across nodes. Additionally, {op-system-first} ships with the most recent drivers for RAID controllers. Ensure that the nodes are recent enough to support {op-system} for the `provisioner` node and {op-system} for the control plane and worker nodes.
@@ -38,6 +38,11 @@ Do not deploy a cluster with only one worker node, because the cluster will depl
 ====
 
 * *Network interfaces:* Each node must have at least one network interface for the routable `baremetal` network. Each node must have one network interface for a `provisioning` network when using the `provisioning` network for deployment. Using the `provisioning` network is the default configuration.
++
+[NOTE]
+====
+Only one network card (NIC) on the same subnet can route traffic through the gateway. By default, Address Resolution Protocol (ARP) uses the lowest numbered NIC. Use a single NIC for each node in the same subnet to ensure that network load balancing works as expected. When using multiple NICs for a node in the same subnet, use a single bond or team interface. Then add the other IP addresses to that interface in the form of an alias IP address. If you require fault tolerance or load balancing at the network interface level, use an alias IP address on the bond or team interface. Alternatively, you can disable a secondary NIC on the same subnet or ensure that it has no IP address.
+====
 
 * *Unified Extensible Firmware Interface (UEFI):* Installer-provisioned installation requires UEFI boot on all {product-title} nodes when using IPv6 addressing on the `provisioning` network. In addition, UEFI Device PXE Settings must be set to use the IPv6 protocol on the `provisioning` network NIC, but omitting the `provisioning` network removes this requirement.
 +
diff --git a/modules/ipi-install-out-of-band-management.adoc b/modules/ipi-install-out-of-band-management.adoc
index 7863712aa64b..d085832bea34 100644
--- a/modules/ipi-install-out-of-band-management.adoc
+++ b/modules/ipi-install-out-of-band-management.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="out-of-band-management_{context}"]
 = Out-of-band management
 
diff --git a/modules/ipi-install-preparing-a-disconnected-registry.adoc b/modules/ipi-install-preparing-a-disconnected-registry.adoc
index 68f20e6588e1..85d8031f2e71 100644
--- a/modules/ipi-install-preparing-a-disconnected-registry.adoc
+++ b/modules/ipi-install-preparing-a-disconnected-registry.adoc
@@ -3,7 +3,7 @@
 // * list of assemblies where this module is included
 // install/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-preparing-a-disconnected-registry_{context}"]
 = Preparing the registry node to host the mirrored registry
 
diff --git a/modules/ipi-install-preparing-the-bare-metal-node.adoc b/modules/ipi-install-preparing-the-bare-metal-node.adoc
index b49b44c714bc..59c78d8ada54 100644
--- a/modules/ipi-install-preparing-the-bare-metal-node.adoc
+++ b/modules/ipi-install-preparing-the-bare-metal-node.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='preparing-the-bare-metal-node_{context}']
 = Preparing the bare metal node
 
diff --git a/modules/ipi-install-preparing-the-provisioner-node-for-openshift-install.adoc b/modules/ipi-install-preparing-the-provisioner-node-for-openshift-install.adoc
index 18b1f46ca996..5451bb7b7936 100644
--- a/modules/ipi-install-preparing-the-provisioner-node-for-openshift-install.adoc
+++ b/modules/ipi-install-preparing-the-provisioner-node-for-openshift-install.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="preparing-the-provisioner-node-for-openshift-install_{context}"]
 = Preparing the provisioner node for {product-title} installation
 
@@ -54,7 +54,11 @@ ifndef::openshift-origin[]
 [source,terminal]
 ----
 $ sudo subscription-manager register --username=<user> --password=<pass> --auto-attach
-$ sudo subscription-manager repos --enable=rhel-8-for-<architecture>-appstream-rpms --enable=rhel-8-for-<architecture>-baseos-rpms
+----
++
+[source,terminal]
+----
+$ sudo subscription-manager repos --enable=rhel-9-for-<architecture>-appstream-rpms --enable=rhel-9-for-<architecture>-baseos-rpms
 ----
 +
 [NOTE]
diff --git a/modules/ipi-install-preparing-to-deploy-with-virtual-media-on-the-baremetal-network.adoc b/modules/ipi-install-preparing-to-deploy-with-virtual-media-on-the-baremetal-network.adoc
index 7d937598ef54..06d6dcd675fb 100644
--- a/modules/ipi-install-preparing-to-deploy-with-virtual-media-on-the-baremetal-network.adoc
+++ b/modules/ipi-install-preparing-to-deploy-with-virtual-media-on-the-baremetal-network.adoc
@@ -2,7 +2,7 @@
 //
 // installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="preparing-to-deploy-with-virtual-media-on-the-baremetal-network_{context}"]
 = Preparing to deploy with Virtual Media on the baremetal network
 
diff --git a/modules/ipi-install-provisioning-the-bare-metal-node.adoc b/modules/ipi-install-provisioning-the-bare-metal-node.adoc
index b13cd2292707..4797fd539702 100644
--- a/modules/ipi-install-provisioning-the-bare-metal-node.adoc
+++ b/modules/ipi-install-provisioning-the-bare-metal-node.adoc
@@ -2,7 +2,7 @@
 //
 // ipi-install-expanding-the-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='provisioning-the-bare-metal-node_{context}']
 = Provisioning the bare metal node
 
@@ -35,11 +35,11 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                                STATUS   ROLES           AGE     VERSION
-openshift-master-1.openshift.example.com            Ready    master          30h     v1.26.0
-openshift-master-2.openshift.example.com            Ready    master          30h     v1.26.0
-openshift-master-3.openshift.example.com            Ready    master          30h     v1.26.0
-openshift-worker-0.openshift.example.com            Ready    worker          30h     v1.26.0
-openshift-worker-1.openshift.example.com            Ready    worker          30h     v1.26.0
+openshift-master-1.openshift.example.com            Ready    master          30h     v1.28.5
+openshift-master-2.openshift.example.com            Ready    master          30h     v1.28.5
+openshift-master-3.openshift.example.com            Ready    master          30h     v1.28.5
+openshift-worker-0.openshift.example.com            Ready    worker          30h     v1.28.5
+openshift-worker-1.openshift.example.com            Ready    worker          30h     v1.28.5
 ----
 
 . Get the compute machine set.
@@ -99,12 +99,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                          STATUS   ROLES   AGE     VERSION
-openshift-master-1.openshift.example.com      Ready    master  30h     v1.26.0
-openshift-master-2.openshift.example.com      Ready    master  30h     v1.26.0
-openshift-master-3.openshift.example.com      Ready    master  30h     v1.26.0
-openshift-worker-0.openshift.example.com      Ready    worker  30h     v1.26.0
-openshift-worker-1.openshift.example.com      Ready    worker  30h     v1.26.0
-openshift-worker-<num>.openshift.example.com  Ready    worker  3m27s   v1.26.0
+openshift-master-1.openshift.example.com      Ready    master  30h     v1.28.5
+openshift-master-2.openshift.example.com      Ready    master  30h     v1.28.5
+openshift-master-3.openshift.example.com      Ready    master  30h     v1.28.5
+openshift-worker-0.openshift.example.com      Ready    worker  30h     v1.28.5
+openshift-worker-1.openshift.example.com      Ready    worker  30h     v1.28.5
+openshift-worker-<num>.openshift.example.com  Ready    worker  3m27s   v1.28.5
 ----
 +
 You can also check the kubelet.
diff --git a/modules/ipi-install-replacing-a-bare-metal-control-plane-node.adoc b/modules/ipi-install-replacing-a-bare-metal-control-plane-node.adoc
index 8da5280ff6f2..7c40916403ca 100644
--- a/modules/ipi-install-replacing-a-bare-metal-control-plane-node.adoc
+++ b/modules/ipi-install-replacing-a-bare-metal-control-plane-node.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="replacing-a-bare-metal-control-plane-node_{context}"]
 = Replacing a bare-metal control plane node
 
@@ -38,8 +38,8 @@ $ oc get clusteroperator baremetal
 .Example output
 [source,terminal]
 ----
-NAME        VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE  
-baremetal   4.12.0   True        False         False      3d15h 
+NAME        VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
+baremetal   4.15.0   True        False         False      3d15h
 ----
 
 . Remove the old `BareMetalHost` and `Machine` objects:
@@ -49,7 +49,7 @@ baremetal   4.12.0   True        False         False      3d15h
 $ oc delete bmh -n openshift-machine-api <host_name>
 $ oc delete machine -n openshift-machine-api <machine_name>
 ----
-+ 
++
 Replace `<host_name>` with the name of the host and `<machine_name>` with the name of the machine. The machine name appears under the `CONSUMER` field.
 +
 After you remove the `BareMetalHost` and `Machine` objects, then the machine controller automatically deletes the `Node` object.
@@ -62,7 +62,7 @@ $ cat <<EOF | oc apply -f -
 apiVersion: v1
 kind: Secret
 metadata:
-  name: control-plane-<num>-bmc-secret <1> 
+  name: control-plane-<num>-bmc-secret <1>
   namespace: openshift-machine-api
 data:
   username: <base64_of_uid> <2>
@@ -90,7 +90,7 @@ EOF
 <2> Replace `<base64_of_uid>` with the `base64` string of the user name.
 <3> Replace `<base64_of_pwd>` with the `base64` string of the password.
 <4> Replace `<protocol>` with the BMC protocol, such as `redfish`, `redfish-virtualmedia`, `idrac-virtualmedia`, or others. Replace `<bmc_ip>` with the IP address of the bare metal node's baseboard management controller. For additional BMC configuration options, see "BMC addressing" in the _Additional resources_ section.
-<5> Replace `<NIC1_mac_address>` with the MAC address of the bare metal node's first NIC. 
+<5> Replace `<NIC1_mac_address>` with the MAC address of the bare metal node's first NIC.
 +
 After the inspection is complete, the `BareMetalHost` object is created and available to be provisioned.
 
@@ -179,11 +179,11 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS      ROLES     AGE   VERSION
-control-plane-1.example.com    available   master    4m2s  v1.18.2
-control-plane-2.example.com    available   master    141m  v1.18.2
-control-plane-3.example.com    available   master    141m  v1.18.2
-compute-1.example.com          available   worker    87m   v1.18.2
-compute-2.example.com          available   worker    87m   v1.18.2
+control-plane-1.example.com    available   master    4m2s  v1.28.5
+control-plane-2.example.com    available   master    141m  v1.28.5
+control-plane-3.example.com    available   master    141m  v1.28.5
+compute-1.example.com          available   worker    87m   v1.28.5
+compute-2.example.com          available   worker    87m   v1.28.5
 ----
 +
 [NOTE]
diff --git a/modules/ipi-install-required-data-for-installation.adoc b/modules/ipi-install-required-data-for-installation.adoc
index 48fd7e320f6d..df5676285519 100644
--- a/modules/ipi-install-required-data-for-installation.adoc
+++ b/modules/ipi-install-required-data-for-installation.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="required-data-for-installation_{context}"]
 = Required data for installation
 
diff --git a/modules/ipi-install-retrieving-the-openshift-installer.adoc b/modules/ipi-install-retrieving-the-openshift-installer.adoc
index 2743d1c84238..7992778e39b8 100644
--- a/modules/ipi-install-retrieving-the-openshift-installer.adoc
+++ b/modules/ipi-install-retrieving-the-openshift-installer.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="retrieving-the-openshift-installer_{context}"]
 = Retrieving the {product-title} installer
 
diff --git a/modules/ipi-install-root-device-hints.adoc b/modules/ipi-install-root-device-hints.adoc
index 388c6ab5d3f9..3e479a126403 100644
--- a/modules/ipi-install-root-device-hints.adoc
+++ b/modules/ipi-install-root-device-hints.adoc
@@ -2,7 +2,7 @@
 //
 // ipi-install-configuration-files.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id='root-device-hints_{context}']
 = Root device hints
 
@@ -13,7 +13,7 @@ The `rootDeviceHints` parameter enables the installer to provision the {op-syste
 |===
 | Subfield | Description
 
-| `deviceName` | A string containing a Linux device name like `/dev/vda`. The hint must match the actual value exactly.
+| `deviceName` | A string containing a Linux device name such as `/dev/vda` or `/dev/disk/by-path/`. It is recommended to use the `/dev/disk/by-path/<device_path>` link to the storage location. The hint must match the actual value exactly.
 
 | `hctl` | A string containing a SCSI bus address like `0:0:0:0`. The hint must match the actual value exactly.
 
diff --git a/modules/ipi-install-setting-proxy-settings-within-install-config.adoc b/modules/ipi-install-setting-proxy-settings-within-install-config.adoc
index fff308ef7162..36b27c78f843 100644
--- a/modules/ipi-install-setting-proxy-settings-within-install-config.adoc
+++ b/modules/ipi-install-setting-proxy-settings-within-install-config.adoc
@@ -2,7 +2,7 @@
 //
 // ipi-install-configuration-files.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='ipi-install-setting-proxy-settings-within-install-config_{context}']
 = Optional: Setting proxy settings
 
diff --git a/modules/ipi-install-troubleshooting-api-not-accessible.adoc b/modules/ipi-install-troubleshooting-api-not-accessible.adoc
index ed203e72605f..617d5ca03de9 100644
--- a/modules/ipi-install-troubleshooting-api-not-accessible.adoc
+++ b/modules/ipi-install-troubleshooting-api-not-accessible.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-api-not-accessible_{context}"]
 
 = The API is not accessible
diff --git a/modules/ipi-install-troubleshooting-bootstrap-vm-cannot-boot.adoc b/modules/ipi-install-troubleshooting-bootstrap-vm-cannot-boot.adoc
index dd55ab5e9052..24ccd2025254 100644
--- a/modules/ipi-install-troubleshooting-bootstrap-vm-cannot-boot.adoc
+++ b/modules/ipi-install-troubleshooting-bootstrap-vm-cannot-boot.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-bootstrap-vm-cannot-boot_{context}"]
 = Bootstrap VM cannot boot up the cluster nodes
 
diff --git a/modules/ipi-install-troubleshooting-bootstrap-vm-inspecting-logs.adoc b/modules/ipi-install-troubleshooting-bootstrap-vm-inspecting-logs.adoc
index 89120f5c1e99..52797a246fec 100644
--- a/modules/ipi-install-troubleshooting-bootstrap-vm-inspecting-logs.adoc
+++ b/modules/ipi-install-troubleshooting-bootstrap-vm-inspecting-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-bootstrap-vm-inspecting-logs_{context}"]
 = Inspecting logs
 
diff --git a/modules/ipi-install-troubleshooting-bootstrap-vm.adoc b/modules/ipi-install-troubleshooting-bootstrap-vm.adoc
index f9cd18ec0651..94d70f846c5b 100644
--- a/modules/ipi-install-troubleshooting-bootstrap-vm.adoc
+++ b/modules/ipi-install-troubleshooting-bootstrap-vm.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-bootstrap-vm_{context}"]
 
 = Bootstrap VM issues
diff --git a/modules/ipi-install-troubleshooting-cleaning-up-previous-installations.adoc b/modules/ipi-install-troubleshooting-cleaning-up-previous-installations.adoc
index 182bec954f51..004649d66927 100644
--- a/modules/ipi-install-troubleshooting-cleaning-up-previous-installations.adoc
+++ b/modules/ipi-install-troubleshooting-cleaning-up-previous-installations.adoc
@@ -2,7 +2,7 @@
 //
 //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-cleaning-up-previous-installations_{context}"]
 = Cleaning up previous installations
 
diff --git a/modules/ipi-install-troubleshooting-cluster-nodes-will-not-pxe.adoc b/modules/ipi-install-troubleshooting-cluster-nodes-will-not-pxe.adoc
index 23c39ae3d428..de7c53a063ac 100644
--- a/modules/ipi-install-troubleshooting-cluster-nodes-will-not-pxe.adoc
+++ b/modules/ipi-install-troubleshooting-cluster-nodes-will-not-pxe.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-cluster-nodes-will-not-pxe_{context}"]
 
 = Cluster nodes will not PXE boot
diff --git a/modules/ipi-install-troubleshooting-failed-ignition-during-firstboot.adoc b/modules/ipi-install-troubleshooting-failed-ignition-during-firstboot.adoc
index 40a336071276..6de2d6ef87df 100644
--- a/modules/ipi-install-troubleshooting-failed-ignition-during-firstboot.adoc
+++ b/modules/ipi-install-troubleshooting-failed-ignition-during-firstboot.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-failed-ignition-during-firstboot_{context}"]
 
 = Failed Ignition during Firstboot
diff --git a/modules/ipi-install-troubleshooting-install-config.adoc b/modules/ipi-install-troubleshooting-install-config.adoc
index 1160649e453c..0aed8c55c365 100644
--- a/modules/ipi-install-troubleshooting-install-config.adoc
+++ b/modules/ipi-install-troubleshooting-install-config.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-install-config_{context}"]
 
 = Troubleshooting `install-config.yaml`
diff --git a/modules/ipi-install-troubleshooting-misc-issues.adoc b/modules/ipi-install-troubleshooting-misc-issues.adoc
index dbe414cf5597..d31b9c1e0195 100644
--- a/modules/ipi-install-troubleshooting-misc-issues.adoc
+++ b/modules/ipi-install-troubleshooting-misc-issues.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-misc-issues_{context}"]
 
 = Miscellaneous issues
@@ -77,6 +77,30 @@ $ kubectl -n openshift-network-operator logs -l "name=network-operator"
 +
 On high availability clusters with three or more control plane (master) nodes, the Operator will perform leader election and all other Operators will sleep. For additional details, see https://github.com/openshift/installer/blob/master/docs/user/troubleshooting.md[Troubleshooting].
 
+== Addressing the "No disk found with matching rootDeviceHints" error message
+
+After you deploy a cluster, you might receive the following error message:
+
+[source,text]
+----
+No disk found with matching rootDeviceHints
+----
+
+To address the `No disk found with matching rootDeviceHints` error message, a temporary workaround is to change the `rootDeviceHints` to `minSizeGigabytes: 300`.
+
+After you change the `rootDeviceHints` settings, boot the CoreOS and then verify the disk information by using the following command:
+
+[source,terminal]
+----
+$ udevadm info /dev/sda
+----
+
+If you are using DL360 Gen 10 servers, be aware that they have an SD-card slot that might be assigned the `/dev/sda` device name. If no SD card is present in the server, it can cause conflicts. Ensure that the SD card slot is disabled in the server's BIOS settings.
+
+If the `minSizeGigabytes` workaround is not fulfilling the requirements, you might need to revert `rootDeviceHints` back to `/dev/sda`. This change allows ironic images to boot successfully.
+
+An alternative approach to fixing this problem is by using the serial ID of the disk. However, be aware that finding the serial ID can be challenging and might make the configuration file less readable. If you choose this path, ensure that you gather the serial ID using the previously documented command and incorporate it into your configuration.
+
 == Cluster nodes not getting the correct IPv6 address over DHCP
 
 If the cluster nodes are not getting the correct IPv6 address over DHCP, check the following:
diff --git a/modules/ipi-install-troubleshooting-ntp-out-of-sync.adoc b/modules/ipi-install-troubleshooting-ntp-out-of-sync.adoc
index 1e1360621d41..0539d153fd32 100644
--- a/modules/ipi-install-troubleshooting-ntp-out-of-sync.adoc
+++ b/modules/ipi-install-troubleshooting-ntp-out-of-sync.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-ntp-out-of-sync_{context}"]
 
 = NTP out of sync
@@ -20,10 +20,10 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                         STATUS   ROLES    AGE   VERSION
-master-0.cloud.example.com   Ready    master   145m   v1.26.0
-master-1.cloud.example.com   Ready    master   135m   v1.26.0
-master-2.cloud.example.com   Ready    master   145m   v1.26.0
-worker-2.cloud.example.com   Ready    worker   100m   v1.26.0
+master-0.cloud.example.com   Ready    master   145m   v1.28.5
+master-1.cloud.example.com   Ready    master   135m   v1.28.5
+master-2.cloud.example.com   Ready    master   145m   v1.28.5
+worker-2.cloud.example.com   Ready    worker   100m   v1.28.5
 ----
 
 . Check for inconsistent timing delays due to clock drift. For example:
@@ -63,10 +63,10 @@ System clock synchronized: no
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-master-chrony
   labels:
diff --git a/modules/ipi-install-troubleshooting-registry-issues.adoc b/modules/ipi-install-troubleshooting-registry-issues.adoc
index b83ae03d4525..6133b48af74b 100644
--- a/modules/ipi-install-troubleshooting-registry-issues.adoc
+++ b/modules/ipi-install-troubleshooting-registry-issues.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-registry-issues_{context}"]
 
 = Issues with creating the registry
diff --git a/modules/ipi-install-troubleshooting-reviewing-the-installation.adoc b/modules/ipi-install-troubleshooting-reviewing-the-installation.adoc
index abb7fbaf0914..b1390a750f1b 100644
--- a/modules/ipi-install-troubleshooting-reviewing-the-installation.adoc
+++ b/modules/ipi-install-troubleshooting-reviewing-the-installation.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // //installing/installing_bare_metal_ipi/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-install-troubleshooting-reviewing-the-installation_{context}"]
 
 = Reviewing the installation
@@ -20,9 +20,9 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                   STATUS   ROLES           AGE  VERSION
-master-0.example.com   Ready    master,worker   4h   v1.26.0
-master-1.example.com   Ready    master,worker   4h   v1.26.0
-master-2.example.com   Ready    master,worker   4h   v1.26.0
+master-0.example.com   Ready    master,worker   4h   v1.28.5
+master-1.example.com   Ready    master,worker   4h   v1.28.5
+master-2.example.com   Ready    master,worker   4h   v1.28.5
 ----
 
 . Confirm the installer deployed all pods successfully. The following command
diff --git a/modules/ipi-install-troubleshooting_proc_worker-nodes-cannot-join-the-cluster.adoc b/modules/ipi-install-troubleshooting_proc_worker-nodes-cannot-join-the-cluster.adoc
index c083f4458a75..1fbd7ca33e59 100644
--- a/modules/ipi-install-troubleshooting_proc_worker-nodes-cannot-join-the-cluster.adoc
+++ b/modules/ipi-install-troubleshooting_proc_worker-nodes-cannot-join-the-cluster.adoc
@@ -1,12 +1,12 @@
-// This module is included in the following assemblies: 
+// This module is included in the following assemblies:
 //
 // installing/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="worker-nodes-cannot-join-the-cluster_{context}"]
 = Troubleshooting worker nodes that cannot join the cluster
 
-Installer-provisioned clusters deploy with a DNS server that includes a DNS entry for the `api-int.<cluster_name>.<base_domain>` URL. If the nodes within the cluster use an external or upstream DNS server to resolve the `api-int.<cluster_name>.<base_domain>` URL and there is no such entry, worker nodes might fail to join the cluster. Ensure that all nodes in the cluster can resolve the domain name. 
+Installer-provisioned clusters deploy with a DNS server that includes a DNS entry for the `api-int.<cluster_name>.<base_domain>` URL. If the nodes within the cluster use an external or upstream DNS server to resolve the `api-int.<cluster_name>.<base_domain>` URL and there is no such entry, worker nodes might fail to join the cluster. Ensure that all nodes in the cluster can resolve the domain name.
 
 .Procedure
 
@@ -24,7 +24,7 @@ address=/api-int.mycluster.example.com/192.168.1.10
 address=/api-int.mycluster.example.com/2001:0db8:85a3:0000:0000:8a2e:0370:7334
 ----
 
-. Add a DNS PTR record to internally identify the API load balancer. For example, when using dnsmasq, modify the `dnsmasq.conf` configuration file: 
+. Add a DNS PTR record to internally identify the API load balancer. For example, when using dnsmasq, modify the `dnsmasq.conf` configuration file:
 +
 [source,terminal,options="nowrap",role="white-space-pre"]
 ----
diff --git a/modules/ipi-install-troubleshooting_unable-to-discover-new-bare-metal-hosts-using-the-bmc.adoc b/modules/ipi-install-troubleshooting_unable-to-discover-new-bare-metal-hosts-using-the-bmc.adoc
index bef53349920d..caeb2318ceb0 100644
--- a/modules/ipi-install-troubleshooting_unable-to-discover-new-bare-metal-hosts-using-the-bmc.adoc
+++ b/modules/ipi-install-troubleshooting_unable-to-discover-new-bare-metal-hosts-using-the-bmc.adoc
@@ -1,21 +1,21 @@
-// This module is included in the following assemblies: 
+// This module is included in the following assemblies:
 //
 // installing/installing_bare_metal_ipi/ipi-install-troubleshooting.adoc
 
-:_content-type: PROC
+:_mod-docs-content-type: PROC
 [id="unable-to-discover-new-bare-metal-hosts-using-the-bmc_{context}"]
 = Unable to discover new bare metal hosts using the BMC
 
-In some cases, the installation program will not be able to discover the new bare metal hosts and issue an error, because it cannot mount the remote virtual media share. 
+In some cases, the installation program will not be able to discover the new bare metal hosts and issue an error, because it cannot mount the remote virtual media share.
 
-For example: 
+For example:
 
 [source,terminal]
 ----
-ProvisioningError 51s metal3-baremetal-controller Image provisioning failed: Deploy step deploy.deploy failed with BadRequestError: HTTP POST 
-https://<bmc_address>/redfish/v1/Managers/iDRAC.Embedded.1/VirtualMedia/CD/Actions/VirtualMedia.InsertMedia 
-returned code 400. 
-Base.1.8.GeneralError: A general error has occurred. See ExtendedInfo for more information 
+ProvisioningError 51s metal3-baremetal-controller Image provisioning failed: Deploy step deploy.deploy failed with BadRequestError: HTTP POST
+https://<bmc_address>/redfish/v1/Managers/iDRAC.Embedded.1/VirtualMedia/CD/Actions/VirtualMedia.InsertMedia
+returned code 400.
+Base.1.8.GeneralError: A general error has occurred. See ExtendedInfo for more information
 Extended information: [
   {
     "Message": "Unable to mount remote share https://<ironic_address>/redfish/boot-<uuid>.iso.",
@@ -38,5 +38,5 @@ In this situation, if you are using virtual media with an unknown certificate au
 
 [NOTE]
 ====
-This resolution was tested on {product-title} 4.11 with Dell iDRAC 9 and firmware version 5.10.50. 
+This resolution was tested on {product-title} 4.11 with Dell iDRAC 9 and firmware version 5.10.50.
 ====
diff --git a/modules/ipi-install-verifying-static-ip-address-configuration.adoc b/modules/ipi-install-verifying-static-ip-address-configuration.adoc
index 958bf09dc050..566dc8a1ae7a 100644
--- a/modules/ipi-install-verifying-static-ip-address-configuration.adoc
+++ b/modules/ipi-install-verifying-static-ip-address-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="verifying-static-ip-address-configuration_{context}"]
 = Verifying static IP address configuration
 
diff --git a/modules/ipi-modify-a-disconnected-registry-config-yaml.adoc b/modules/ipi-modify-a-disconnected-registry-config-yaml.adoc
index e0e5052ada63..eaf339cf0830 100644
--- a/modules/ipi-modify-a-disconnected-registry-config-yaml.adoc
+++ b/modules/ipi-modify-a-disconnected-registry-config-yaml.adoc
@@ -2,7 +2,7 @@
 
 // * installing-mirroring-creating-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-modify-a-disconnected-registry-config-yaml_{context}"]
 = Modify the install-config.yaml file to use the disconnected registry
 
diff --git a/modules/ipi-modify-install-config-for-a-disconnected-registry.adoc b/modules/ipi-modify-install-config-for-a-disconnected-registry.adoc
index 3738a2b24222..32025ce50d84 100644
--- a/modules/ipi-modify-install-config-for-a-disconnected-registry.adoc
+++ b/modules/ipi-modify-install-config-for-a-disconnected-registry.adoc
@@ -4,7 +4,7 @@
 // install/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ipi-modify-install-config-for-a-disconnected-registry_{context}"]
 = Modify the install-config.yaml file to use the disconnected registry
 
diff --git a/modules/ipi-verifying-nodes-after-installation.adoc b/modules/ipi-verifying-nodes-after-installation.adoc
index 2d3ca42e95e3..e40742f2fb36 100644
--- a/modules/ipi-verifying-nodes-after-installation.adoc
+++ b/modules/ipi-verifying-nodes-after-installation.adoc
@@ -6,7 +6,6 @@
 [id="ipi-verifying-nodes-after-installation_{context}"]
 = Verifying node state after installation
 
-[role="_abstract"]
 The {product-title} installation completes when the following installation health checks are successful:
 
 * The provisioner can access the {product-title} web console.
@@ -17,23 +16,21 @@ The {product-title} installation completes when the following installation healt
 
 [NOTE]
 ====
-After the installation completes, the specific cluster Operators responsible for the worker nodes continuously attempt to provision all worker nodes. It can take some time before all worker nodes report as `READY`. For installations on bare metal, wait a minimum of 60 minutes before troubleshooting a worker node. For installations on all other platforms, wait a minimum of 40 minutes before troubleshooting a worker node. A `DEGRADED` state for the cluster Operators responsible for the worker nodes depends on the Operators' own resources and not on the state of the nodes.
+After the installation completes, the specific cluster Operators responsible for the worker nodes continuously attempt to provision all worker nodes. Some time is required before all worker nodes report as `READY`. For installations on bare metal, wait a minimum of 60 minutes before troubleshooting a worker node. For installations on all other platforms, wait a minimum of 40 minutes before troubleshooting a worker node. A `DEGRADED` state for the cluster Operators responsible for the worker nodes depends on the Operators' own resources and not on the state of the nodes.
 ====
 
-After your installation completes, you can continue to monitor the condition of the nodes in your cluster by using the following steps.
+After your installation completes, you can continue to monitor the condition of the nodes in your cluster.
 
 .Prerequisites
 * The installation program resolves successfully in the terminal.
 
 .Procedure
 . Show the status of all worker nodes:
-
 +
 [source,terminal]
 ----
 $ oc get nodes
 ----
-
 +
 .Example output
 [source,terminal]
@@ -48,13 +45,11 @@ example-control3.example.com   Ready    master   55m   v1.21.6+bb8d50a
 ----
 
 . Show the phase of all worker machine nodes:
-
 +
 [source,terminal]
 ----
 $ oc get machines -A
 ----
-
 +
 .Example output
 [source,terminal]
diff --git a/modules/jaeger-architecture.adoc b/modules/jaeger-architecture.adoc
index ece0d2274de6..ea00a9d77150 100644
--- a/modules/jaeger-architecture.adoc
+++ b/modules/jaeger-architecture.adoc
@@ -4,7 +4,7 @@ This CONCEPT module included in the following assemblies:
 -service_mesh/v2x/ossm-architecture.adoc
 -rhbjaeger-architecture.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="jaeger-architecture_{context}"]
 = Distributed tracing architecture
 
diff --git a/modules/jt-comparison-of-jenkins-and-openshift-pipelines-concepts.adoc b/modules/jt-comparison-of-jenkins-and-openshift-pipelines-concepts.adoc
index 2a4606905b78..67994524a574 100644
--- a/modules/jt-comparison-of-jenkins-and-openshift-pipelines-concepts.adoc
+++ b/modules/jt-comparison-of-jenkins-and-openshift-pipelines-concepts.adoc
@@ -2,7 +2,7 @@
 //
 // jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="jt-comparison-of-jenkins-and-openshift-pipelines-concepts_{context}"]
 = Comparison of Jenkins and {pipelines-shortname} concepts
 
diff --git a/modules/jt-comparison-of-jenkins-openshift-pipelines-execution-models.adoc b/modules/jt-comparison-of-jenkins-openshift-pipelines-execution-models.adoc
index d1641e88d9b2..7fe47b5e87dc 100644
--- a/modules/jt-comparison-of-jenkins-openshift-pipelines-execution-models.adoc
+++ b/modules/jt-comparison-of-jenkins-openshift-pipelines-execution-models.adoc
@@ -2,7 +2,7 @@
 //
 // jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="jt-comparison-of-jenkins-openshift-pipelines-execution-models_{context}"]
 = Comparison of Jenkins and {pipelines-shortname} execution models
 
diff --git a/modules/jt-examples-of-common-use-cases.adoc b/modules/jt-examples-of-common-use-cases.adoc
index 5bfd8bb7d177..0e195964b002 100644
--- a/modules/jt-examples-of-common-use-cases.adoc
+++ b/modules/jt-examples-of-common-use-cases.adoc
@@ -1,4 +1,4 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 // Module included in the following assembly:
 //
 // jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
diff --git a/modules/jt-extending-openshift-pipelines-capabilities-using-custom-tasks-and-scripts.adoc b/modules/jt-extending-openshift-pipelines-capabilities-using-custom-tasks-and-scripts.adoc
index 2b9d69b55103..e59ed71214a5 100644
--- a/modules/jt-extending-openshift-pipelines-capabilities-using-custom-tasks-and-scripts.adoc
+++ b/modules/jt-extending-openshift-pipelines-capabilities-using-custom-tasks-and-scripts.adoc
@@ -2,7 +2,7 @@
 //
 // jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="jt-extending-openshift-pipelines-capabilities-using-custom-tasks-and-scripts_{context}"]
 = Extending {pipelines-shortname} capabilities using custom tasks and scripts
 
diff --git a/modules/jt-migrating-a-sample-pipeline-from-jenkins-to-openshift-pipelines.adoc b/modules/jt-migrating-a-sample-pipeline-from-jenkins-to-openshift-pipelines.adoc
index a998bda2f4dc..6ddf1d089e35 100644
--- a/modules/jt-migrating-a-sample-pipeline-from-jenkins-to-openshift-pipelines.adoc
+++ b/modules/jt-migrating-a-sample-pipeline-from-jenkins-to-openshift-pipelines.adoc
@@ -2,7 +2,7 @@
 //
 // jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="jt-migrating-a-sample-pipeline-from-jenkins-to-openshift-pipelines_{context}"]
 = Migrating a sample pipeline from Jenkins to {pipelines-shortname}
 
diff --git a/modules/jt-migrating-from-jenkins-plugins-to-openshift-pipelines-hub-tasks.adoc b/modules/jt-migrating-from-jenkins-plugins-to-openshift-pipelines-hub-tasks.adoc
index ac78bcabe8cc..c9f3da012cc2 100644
--- a/modules/jt-migrating-from-jenkins-plugins-to-openshift-pipelines-hub-tasks.adoc
+++ b/modules/jt-migrating-from-jenkins-plugins-to-openshift-pipelines-hub-tasks.adoc
@@ -2,7 +2,7 @@
 //
 // jenkins/migrating-from-jenkins-to-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="jt-migrating-from-jenkins-plugins-to-openshift-pipelines-hub-tasks_{context}"]
 = Migrating from Jenkins plugins to Tekton Hub tasks
diff --git a/modules/k8s-nmstate-deploying-nmstate-CLI.adoc b/modules/k8s-nmstate-deploying-nmstate-CLI.adoc
index 0d7607f198a3..19b8644f145f 100644
--- a/modules/k8s-nmstate-deploying-nmstate-CLI.adoc
+++ b/modules/k8s-nmstate-deploying-nmstate-CLI.adoc
@@ -2,7 +2,7 @@
 //
 // networking/k8s_nmstate/k8s-nmstate-about-the-kubernetes-nmstate-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-the-kubernetes-nmstate-operator-CLI_{context}"]
 = Installing the Kubernetes NMState Operator using the CLI
 
@@ -44,8 +44,7 @@ kind: OperatorGroup
 metadata:
   annotations:
     olm.providedAPIs: NMState.v1.nmstate.io
-  generateName: openshift-nmstate-
-  name: openshift-nmstate-tn6k8
+  name: openshift-nmstate
   namespace: openshift-nmstate
 spec:
   targetNamespaces:
@@ -96,8 +95,8 @@ oc get clusterserviceversion -n openshift-nmstate \
 ----
 +
 .Example output
-[source, terminal]
+[source, terminal,subs="attributes+"]
 ----
 Name                                             Phase
-kubernetes-nmstate-operator.4.13.0-202210210157   Succeeded
+kubernetes-nmstate-operator.{product-version}.0-202210210157   Succeeded
 ----
diff --git a/modules/k8s-nmstate-installing-the-kubernetes-nmstate-operator.adoc b/modules/k8s-nmstate-installing-the-kubernetes-nmstate-operator.adoc
index 79b432b6cf89..88754326aa49 100644
--- a/modules/k8s-nmstate-installing-the-kubernetes-nmstate-operator.adoc
+++ b/modules/k8s-nmstate-installing-the-kubernetes-nmstate-operator.adoc
@@ -1,10 +1,11 @@
 // This is included in the following assemblies:
 //
 // networking/k8s_nmstate/k8s-nmstate-about-the-kubernetes-nmstate-operator.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-the-kubernetes-nmstate-operator-web-console_{context}"]
-= Installing the Kubernetes NMState Operator using the web console
+= Installing the Kubernetes NMState Operator by using the web console
 
 You can install the Kubernetes NMState Operator by using the web console. After it is installed, the Operator can deploy the NMState State Controller as a daemon set across all of the cluster nodes.
 
diff --git a/modules/kmm-about-kmm.adoc b/modules/kmm-about-kmm.adoc
index 4638ca88eb76..5a0a3b76847a 100644
--- a/modules/kmm-about-kmm.adoc
+++ b/modules/kmm-about-kmm.adoc
@@ -2,13 +2,13 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-kmm_{context}"]
 = About the Kernel Module Management Operator
 
 The Kernel Module Management (KMM) Operator manages, builds, signs, and deploys out-of-tree kernel modules and device plugins on {product-title} clusters.
 
-KMM adds a new `Module` CRD which describes an out-of-tree kernel module and its associated device plugin. 
+KMM adds a new `Module` CRD which describes an out-of-tree kernel module and its associated device plugin.
 You can use `Module` resources to configure how to load the module, define `ModuleLoader` images for kernel versions, and include instructions for building and signing modules for specific kernel versions.
 
 KMM is designed to accommodate multiple kernel versions at once for any kernel module, allowing for seamless node upgrades and reduced application downtime.
\ No newline at end of file
diff --git a/modules/kmm-adding-the-keys-for-secureboot.adoc b/modules/kmm-adding-the-keys-for-secureboot.adoc
index 4d0a6cb80c39..c8a25f36d264 100644
--- a/modules/kmm-adding-the-keys-for-secureboot.adoc
+++ b/modules/kmm-adding-the-keys-for-secureboot.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-adding-the-keys-for-secureboot_{context}"]
 = Adding the keys for secureboot
 
diff --git a/modules/kmm-build-validation-stage.adoc b/modules/kmm-build-validation-stage.adoc
index dc4a8c7ab127..caf7e07aaa5e 100644
--- a/modules/kmm-build-validation-stage.adoc
+++ b/modules/kmm-build-validation-stage.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-build-validation-stage_{context}"]
 = Build validation stage
 
diff --git a/modules/kmm-building-a-moduleloader-image.adoc b/modules/kmm-building-a-moduleloader-image.adoc
index d2917dec9e3a..e6e60625bce7 100644
--- a/modules/kmm-building-a-moduleloader-image.adoc
+++ b/modules/kmm-building-a-moduleloader-image.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-building-a-moduleloader-image_{context}"]
 = Building a ModuleLoader image
 
diff --git a/modules/kmm-building-and-signing-a-moduleloader-container-image.adoc b/modules/kmm-building-and-signing-a-moduleloader-container-image.adoc
index f1358303135e..7da6d9666d21 100644
--- a/modules/kmm-building-and-signing-a-moduleloader-container-image.adoc
+++ b/modules/kmm-building-and-signing-a-moduleloader-container-image.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-building-and-signing-a-moduleloader-container-image_{context}"]
 = Building and signing a ModuleLoader container image
 
diff --git a/modules/kmm-building-in-cluster.adoc b/modules/kmm-building-in-cluster.adoc
index 36869593a0b3..415745733ba0 100644
--- a/modules/kmm-building-in-cluster.adoc
+++ b/modules/kmm-building-in-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-building-in-cluster_{context}"]
 
 = Building in the cluster
diff --git a/modules/kmm-checking-the-keys.adoc b/modules/kmm-checking-the-keys.adoc
index ef496b4632cd..76e0c058fd0d 100644
--- a/modules/kmm-checking-the-keys.adoc
+++ b/modules/kmm-checking-the-keys.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-checking-the-keys_{context}"]
 = Checking the keys
 
diff --git a/modules/kmm-configuring-the-lookup-path-on-nodes.adoc b/modules/kmm-configuring-the-lookup-path-on-nodes.adoc
index 99d0a0a7d38e..40eb09c121e9 100644
--- a/modules/kmm-configuring-the-lookup-path-on-nodes.adoc
+++ b/modules/kmm-configuring-the-lookup-path-on-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-configuring-the-lookup-path-on-nodes_{context}"]
 = Configuring the lookup path on nodes
 
diff --git a/modules/kmm-creating-module-cr.adoc b/modules/kmm-creating-module-cr.adoc
index 26e533005f5e..9345114e4d63 100644
--- a/modules/kmm-creating-module-cr.adoc
+++ b/modules/kmm-creating-module-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-creating-module-cr_{context}"]
 
 = The Module custom resource definition
diff --git a/modules/kmm-creating-moduleloader-image.adoc b/modules/kmm-creating-moduleloader-image.adoc
index d3bc271a203a..8a8cea465a35 100644
--- a/modules/kmm-creating-moduleloader-image.adoc
+++ b/modules/kmm-creating-moduleloader-image.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-creating-moduleloader-image_{context}"]
 = Using a ModuleLoader image
 
diff --git a/modules/kmm-customizing-upgrades-for-kernel-modules.adoc b/modules/kmm-customizing-upgrades-for-kernel-modules.adoc
new file mode 100644
index 000000000000..a456b9749bc3
--- /dev/null
+++ b/modules/kmm-customizing-upgrades-for-kernel-modules.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-customizing-upgrades-for-kernel-modules_{context}"]
+= Customizing upgrades for kernel modules
+
+Use this procedure to upgrade the kernel module while running maintenance operations on the node, including rebooting the node, if needed. To minimize the impact on the workloads running in the cluster, run the kernel upgrade process sequentially, one node at a time.
+
+[NOTE]
+====
+This procedure requires knowledge of the workload utilizing the kernel module and must be managed by the cluster administrator.
+====
+
+
+.Prerequisites
+
+* Before upgrading, set the `kmm.node.kubernetes.io/version-module.<module_namespace>.<module_name>=$moduleVersion` label on all the nodes that are used by the kernel module.
+
+* Terminate all user application workloads on the node or move them to another node.
+
+* Unload the currently loaded kernel module.
+
+* Ensure that the user workload (the application running in the cluster that is accessing kernel module) is not running on the node prior to kernel module unloading and that the workload is back running on the node after the new kernel module version has been loaded.
+
+.Procedure
+
+. Ensure that the device plugin managed by KMM on the node is unloaded.
+
+. Update the following fields in the `Module` custom resource (CR):
+- `containerImage` (to the appropriate kernel version)
+- `version`
++
+The update should be atomic; that is, both the `containerImage` and `version` fields must be updated simultaneously.
+
+. Terminate any workload using the kernel module on the node being upgraded.
+
+. Remove the `kmm.node.kubernetes.io/version-module.<module_namespace>.<module_name>` label on the node.
+Run the following command to unload the kernel module from the node:
++
+[source,terminal]
+----
+$ oc label node/<node_name> kmm.node.kubernetes.io/version-module.<module_namespace>.<module_name>-
+----
+
+. If required, as the cluster administrator, perform any additional maintenance required on the node for the kernel module upgrade.
++
+If no additional upgrading is needed, you can skip Steps 3 through 6 by updating the `kmm.node.kubernetes.io/version-module.<module-namespace>.<module-name>` label value to the new `$moduleVersion` as set in the `Module`.
+
+. Run the following command to add the `kmm.node.kubernetes.io/version-module.<module_namespace>.<module_name>=$moduleVersion` label to the node. The `$moduleVersion` must be equal to the new value of the `version` field in the `Module` CR.
++
+[source,terminal]
+----
+$ oc label node/<node_name> kmm.node.kubernetes.io/version-module.<module_namespace>.<module_name>=<desired_version>
+----
++
+[NOTE]
+====
+Because of Kubernetes limitations in label names, the combined length of `Module` name and namespace must not exceed 39 characters.
+====
+
+. Restore any workload that leverages the kernel module on the node.
+
+. Reload the device plugin managed by KMM on the node.
diff --git a/modules/kmm-day1-in-tree-module-replacement.adoc b/modules/kmm-day1-in-tree-module-replacement.adoc
new file mode 100644
index 000000000000..b4ad535505b5
--- /dev/null
+++ b/modules/kmm-day1-in-tree-module-replacement.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-day1-in-tree-module-replacement_{context}"]
+= In-tree module replacement
+
+The Day 1 functionality always tries to replace the in-tree kernel module with the OOT version. If the in-tree kernel module is not loaded, the flow is not affected; the service proceeds and loads the OOT kernel module.
diff --git a/modules/kmm-day1-kernel-module-image.adoc b/modules/kmm-day1-kernel-module-image.adoc
new file mode 100644
index 000000000000..2094cb7cb30f
--- /dev/null
+++ b/modules/kmm-day1-kernel-module-image.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-day1-kernel-module-image_{context}"]
+= The kernel module image
+
+The Day 1 functionality uses the same DTK based image leveraged by Day 2 KMM builds. The out-of-tree kernel module should be located under `/opt/lib/modules/${kernelVersion}`.
diff --git a/modules/kmm-day1-kernel-module-loading.adoc b/modules/kmm-day1-kernel-module-loading.adoc
new file mode 100644
index 000000000000..79352d41b775
--- /dev/null
+++ b/modules/kmm-day1-kernel-module-loading.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-day1-kernel-module-loading_{context}"]
+= Day 1 kernel module loading
+
+Kernel Module Management (KMM) is typically a Day 2 Operator. Kernel modules are loaded only after the complete initialization of a Linux (RHCOS) server. However, in some scenarios the kernel module must be loaded at an earlier stage. Day 1 functionality allows you to use the Machine Config Operator (MCO) to load kernel modules during the Linux `systemd` initialization stage.
diff --git a/modules/kmm-day1-machineconfigpool.adoc b/modules/kmm-day1-machineconfigpool.adoc
new file mode 100644
index 000000000000..cc7867f3aefd
--- /dev/null
+++ b/modules/kmm-day1-machineconfigpool.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-day1-machineconfigpool_{context}"]
+= The MachineConfigPool
+
+The `MachineConfigPool` identifies a collection of nodes that are affected by the applied MCO.
+
+[source,yaml]
+----
+kind: MachineConfigPool
+metadata:
+  name: sfc
+spec:
+  machineConfigSelector: <1>
+    matchExpressions:
+      - {key: machineconfiguration.openshift.io/role, operator: In, values: [worker, sfc]}
+  nodeSelector: <2>
+    matchLabels:
+      node-role.kubernetes.io/sfc: ""
+  paused: false
+  maxUnavailable: 1
+----
+<1> Matches the labels in the MachineConfig.
+<2> Matches the labels on the node.
+
+There are predefined `MachineConfigPools` in the OCP cluster:
+
+* `worker`: Targets all worker nodes in the cluster
+
+* `master`: Targets all master nodes in the cluster
+
+Define the following `MachineConfig` to target the master `MachineConfigPool`:
+
+[source,yaml]
+----
+metadata:
+  labels:
+    machineconfiguration.opensfhit.io/role: master
+----
+
+
+Define the following `MachineConfig` to target the worker `MachineConfigPool`:
+
+[source,yaml]
+----
+metadata:
+  labels:
+    machineconfiguration.opensfhit.io/role: worker
+----
diff --git a/modules/kmm-day1-mco-yaml-creation.adoc b/modules/kmm-day1-mco-yaml-creation.adoc
new file mode 100644
index 000000000000..1d1bbab2c844
--- /dev/null
+++ b/modules/kmm-day1-mco-yaml-creation.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-day1-mco-yaml-creation_{context}"]
+= MCO yaml creation
+
+KMM provides an API to create an MCO YAML manifest for the Day 1 functionality:
+
+[source,console]
+----
+ProduceMachineConfig(machineConfigName, machineConfigPoolRef, kernelModuleImage, kernelModuleName string) (string, error)
+----
+
+The returned output is a string representation of the MCO YAML manifest to be applied. It is up to the customer to apply this YAML.
+
+The parameters are:
+
+`machineConfigName`:: The name of the MCO YAML manifest. This parameter is set as the `name` parameter of the metadata of the MCO YAML manifest.
+
+`machineConfigPoolRef`:: The `MachineConfigPool` name used to identify the targeted nodes.
+
+`kernelModuleImage`:: The name of the container image that includes the OOT kernel module.
+
+`kernelModuleName`:: The name of the OOT kernel module. This parameter is used both to unload the in-tree kernel module (if loaded into the kernel) and to load the OOT kernel module.
+
+The API is located under `pkg/mcproducer` package of the KMM source code. The KMM operator does not need to be running to use the Day 1 functionality. You only need to import the `pkg/mcproducer` package into their operator/utility code, call the API, and apply the produced MCO YAML to the cluster.
diff --git a/modules/kmm-day1-oot-kernel-module-loading-flow.adoc b/modules/kmm-day1-oot-kernel-module-loading-flow.adoc
new file mode 100644
index 000000000000..b361f7268ff1
--- /dev/null
+++ b/modules/kmm-day1-oot-kernel-module-loading-flow.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-day1-oot-kernel-module-loading-flow_{context}"]
+= OOT kernel module loading flow
+
+The loading of the out-of-tree (OOT) kernel module leverages the Machine Config Operator (MCO). The flow sequence is as follows:
+
+.Procedure
+
+. Apply a `MachineConfig` resource to the existing running cluster. In order to identify the necessary nodes that need to be updated,
+you must create an appropriate `MachineConfigPool` resource.
+
+. MCO applies the reboots node by node. On any rebooted node, two new `systemd` services are deployed: `pull` service and `load` service.
+
+. The `load` service is configured to run prior to the `NetworkConfiguration` service. The service tries to pull a predefined kernel module image and then, using that image, to unload an in-tree module and load an OOT kernel module.
+
+. The `pull` service is configured to run after NetworkManager service. The service checks if the preconfigured kernel module image is located on the node's filesystem. If it is, the service exists normally, and the server continues with the boot process. If not, it pulls the image onto the node and reboots the node afterwards.
diff --git a/modules/kmm-day1-supported-use-cases.adoc b/modules/kmm-day1-supported-use-cases.adoc
new file mode 100644
index 000000000000..989f14b534d0
--- /dev/null
+++ b/modules/kmm-day1-supported-use-cases.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-day1-supported-use-cases_{context}"]
+= Day 1 supported use cases
+
+The Day 1 functionality supports a limited number of use cases. The main use case is to allow loading out-of-tree (OOT) kernel modules prior to NetworkManager service initialization. It does not support loading kernel module at the `initramfs` stage.
+
+The following are the conditions needed for Day 1 functionality:
+
+* The kernel module is not loaded in the kernel.
+
+* The in-tree kernel module is loaded into the kernel, but can be unloaded and replaced by the OOT kernel module. This means that the in-tree module is not referenced by any other kernel modules.
+
+* In order for Day 1 functionlity to work, the node must have a functional network interface, that is, an in-tree kernel driver for that interface. The OOT kernel module can be a network driver that will replace the functional network driver.
diff --git a/modules/kmm-debugging-and-troubleshooting.adoc b/modules/kmm-debugging-and-troubleshooting.adoc
index fca5f3b15d55..3932bcb1888d 100644
--- a/modules/kmm-debugging-and-troubleshooting.adoc
+++ b/modules/kmm-debugging-and-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-debugging-and-troubleshooting_{context}"]
 = Debugging and troubleshooting
 
diff --git a/modules/kmm-deploying-modules.adoc b/modules/kmm-deploying-modules.adoc
index 77731b3a910e..32249e0f9366 100644
--- a/modules/kmm-deploying-modules.adoc
+++ b/modules/kmm-deploying-modules.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-deploy-kernel-modules_{context}"]
 = Kernel module deployment
 
diff --git a/modules/kmm-example-cr.adoc b/modules/kmm-example-cr.adoc
index 49b506cdda9c..7ffda037c6f9 100644
--- a/modules/kmm-example-cr.adoc
+++ b/modules/kmm-example-cr.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-example-cr_{context}"]
 = Example PreflightValidationOCP resource
 
diff --git a/modules/kmm-example-module-cr.adoc b/modules/kmm-example-module-cr.adoc
index 1e9dfe79303b..ea0a85382dda 100644
--- a/modules/kmm-example-module-cr.adoc
+++ b/modules/kmm-example-module-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kmm-example-cr_{context}"]
 
 = Example Module CR
diff --git a/modules/kmm-firmware-support.adoc b/modules/kmm-firmware-support.adoc
index 4649590e412f..bbef6d1b9146 100644
--- a/modules/kmm-firmware-support.adoc
+++ b/modules/kmm-firmware-support.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-firmware-support_{context}"]
 = KMM firmware support
 
diff --git a/modules/kmm-gathering-data-for-kmm-hub.adoc b/modules/kmm-gathering-data-for-kmm-hub.adoc
index f5e26169a58b..512541d6e1dc 100644
--- a/modules/kmm-gathering-data-for-kmm-hub.adoc
+++ b/modules/kmm-gathering-data-for-kmm-hub.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-gathering-data-for-kmm-hub_{context}"]
 = Gathering data for KMM-Hub
 
diff --git a/modules/kmm-gathering-data-for-kmm.adoc b/modules/kmm-gathering-data-for-kmm.adoc
index 70ed121fbe67..f256b82308f8 100644
--- a/modules/kmm-gathering-data-for-kmm.adoc
+++ b/modules/kmm-gathering-data-for-kmm.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-gathering-data-for-kmm_{context}"]
 = Gathering data for KMM
 
diff --git a/modules/kmm-hub-hub-and-spoke.adoc b/modules/kmm-hub-hub-and-spoke.adoc
new file mode 100644
index 000000000000..2a31a73c4337
--- /dev/null
+++ b/modules/kmm-hub-hub-and-spoke.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-hub-hub-and-spoke_{context}"]
+= KMM hub and spoke
+
+In hub and spoke scenarios, many spoke clusters are connected to a central, powerful hub cluster. Kernel Module Management (KMM) depends on Red{nbsp}Hat Advanced Cluster Management (RHACM) to operate in hub and spoke environments.
+
+KMM is compatible with hub and spoke environments through decoupling KMM features. A `ManagedClusterModule` Custom Resource Definition (CRD) is provided to wrap the existing `Module` CRD and extend it to select Spoke clusters. Also provided is KMM-Hub, a new standalone controller that builds images and signs modules on the hub cluster.
+
+In hub and spoke setups, spokes are focused, resource-constrained clusters that are centrally managed by a hub cluster. Spokes run the single-cluster edition of KMM, with those resource-intensive features disabled. To adapt KMM to this environment, you should reduce the workload running on the spokes to the minimum, while the hub takes care of the expensive tasks.
+
+Building kernel module images and signing the `.ko` files, should run on the hub. The scheduling of the Module Loader and Device Plugin `DaemonSets` can only happen on the spokes.
diff --git a/modules/kmm-hub-installing-kmm-hub-creating-resources.adoc b/modules/kmm-hub-installing-kmm-hub-creating-resources.adoc
new file mode 100644
index 000000000000..83f671e68682
--- /dev/null
+++ b/modules/kmm-hub-installing-kmm-hub-creating-resources.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-hub-installing-kmm-hub-creating-resources_{context}"]
+= Installing KMM-Hub by creating KMM resources
+
+.Procedure
+
+* If you want to install KMM-Hub programmatically, you can use the following resources to create
+the `Namespace`, `OperatorGroup` and `Subscription` resources:
+
+[source,yaml]
+----
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-kmm-hub
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: kernel-module-management-hub
+  namespace: openshift-kmm-hub
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: kernel-module-management-hub
+  namespace: openshift-kmm-hub
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: kernel-module-management-hub
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+----
diff --git a/modules/kmm-hub-installing-kmm-hub-olm.adoc b/modules/kmm-hub-installing-kmm-hub-olm.adoc
new file mode 100644
index 000000000000..e60475ecce24
--- /dev/null
+++ b/modules/kmm-hub-installing-kmm-hub-olm.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-hub-installing-kmm-hub-olm_{context}"]
+= Installing KMM-Hub using the Operator Lifecycle Manager
+
+Use the *Operators* section of the OpenShift console to install KMM-Hub.
diff --git a/modules/kmm-hub-installing-kmm-hub.adoc b/modules/kmm-hub-installing-kmm-hub.adoc
new file mode 100644
index 000000000000..41f15602e397
--- /dev/null
+++ b/modules/kmm-hub-installing-kmm-hub.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-hub-installing-kmm-hub_{context}"]
+= Installing KMM-Hub
+
+You can use one of the following methods to install KMM-Hub:
+
+* Using the Operator Lifecycle Manager (OLM)
+* Creating KMM resources
diff --git a/modules/kmm-hub-kmm-hub.adoc b/modules/kmm-hub-kmm-hub.adoc
new file mode 100644
index 000000000000..25fdfb7108ad
--- /dev/null
+++ b/modules/kmm-hub-kmm-hub.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-hub-kmm-hub_{context}"]
+= KMM-Hub
+
+The KMM project provides KMM-Hub, an edition of KMM dedicated to hub clusters. KMM-Hub monitors all kernel versions running on the spokes and determines the nodes on the cluster that should receive a kernel module.
+
+KMM-Hub runs all compute-intensive tasks such as image builds and kmod signing, and prepares the trimmed-down `Module` to be transferred to the spokes through RHACM.
+
+[NOTE]
+====
+KMM-Hub cannot be used to load kernel modules on the hub cluster. Install the regular edition of KMM to load kernel modules.
+====
diff --git a/modules/kmm-hub-running-kmm-on-the-spoke.adoc b/modules/kmm-hub-running-kmm-on-the-spoke.adoc
new file mode 100644
index 000000000000..de989c9cb170
--- /dev/null
+++ b/modules/kmm-hub-running-kmm-on-the-spoke.adoc
@@ -0,0 +1,117 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-hub-running-kmm-on-the-spoke_{context}"]
+= Running KMM on the spoke
+
+After installing KMM on the spoke, no further action is required. Create a `ManagedClusterModule` object from the hub to deploy kernel modules on spoke clusters.
+
+.Procedure
+
+You can install KMM on the spokes cluster through a RHACM `Policy` object.
+In addition to installing KMM from the Operator hub and running it in a lightweight spoke mode,
+the `Policy` configures additional RBAC required for the RHACM agent to be able to manage `Module` resources.
+
+* Use the following RHACM policy to install KMM on spoke clusters:
++
+[source.yaml]
+[%collapsible]
+----
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: install-kmm
+spec:
+  remediationAction: enforce
+  disabled: false
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: install-kmm
+        spec:
+          severity: high
+          object-templates:
+          - complianceType: mustonlyhave
+            objectDefinition:
+              apiVersion: v1
+              kind: Namespace
+              metadata:
+                name: openshift-kmm
+          - complianceType: mustonlyhave
+            objectDefinition:
+              apiVersion: operators.coreos.com/v1
+              kind: OperatorGroup
+              metadata:
+                name: kmm
+                namespace: openshift-kmm
+              spec:
+                upgradeStrategy: Default
+          - complianceType: mustonlyhave
+            objectDefinition:
+              apiVersion: operators.coreos.com/v1alpha1
+              kind: Subscription
+              metadata:
+                name: kernel-module-management
+                namespace: openshift-kmm
+              spec:
+                channel: stable
+                config:
+                  env:
+                    - name: KMM_MANAGED
+                      value: "1"
+                installPlanApproval: Automatic
+                name: kernel-module-management
+                source: redhat-operators
+                sourceNamespace: openshift-marketplace
+          - complianceType: mustonlyhave
+            objectDefinition:
+              apiVersion: rbac.authorization.k8s.io/v1
+              kind: ClusterRole
+              metadata:
+                name: kmm-module-manager
+              rules:
+                - apiGroups: [kmm.sigs.x-k8s.io]
+                  resources: [modules]
+                  verbs: [create, delete, get, list, patch, update, watch]
+          - complianceType: mustonlyhave
+            objectDefinition:
+              apiVersion: rbac.authorization.k8s.io/v1
+              kind: ClusterRoleBinding
+              metadata:
+                name: klusterlet-kmm
+              subjects:
+              - kind: ServiceAccount
+                name: klusterlet-work-sa
+                namespace: open-cluster-management-agent
+              roleRef:
+                kind: ClusterRole
+                name: kmm-module-manager
+                apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps.open-cluster-management.io/v1
+kind: PlacementRule
+metadata:
+  name: all-managed-clusters
+spec:
+  clusterSelector: <1>
+    matchExpressions: []
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+  name: install-kmm
+placementRef:
+  apiGroup: apps.open-cluster-management.io
+  kind: PlacementRule
+  name: all-managed-clusters
+subjects:
+  - apiGroup: policy.open-cluster-management.io
+    kind: Policy
+    name: install-kmm
+----
+<1> The `spec.clusterSelector` field can be customized to target select clusters only.
diff --git a/modules/kmm-hub-using-the-managedclustermodule.adoc b/modules/kmm-hub-using-the-managedclustermodule.adoc
new file mode 100644
index 000000000000..f9fff29e2abc
--- /dev/null
+++ b/modules/kmm-hub-using-the-managedclustermodule.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-hub-using-the-managedclustermodule_{context}"]
+= Using the `ManagedClusterModule` CRD
+
+Use the `ManagedClusterModule` Custom Resource Definition (CRD) to configure the deployment of kernel modules on spoke clusters.
+This CRD is cluster-scoped, wraps a `Module` spec and adds the following additional fields:
+
+[source,yaml]
+----
+apiVersion: hub.kmm.sigs.x-k8s.io/v1beta1
+kind: ManagedClusterModule
+metadata:
+  name: <my-mcm>
+  # No namespace, because this resource is cluster-scoped.
+spec:
+  moduleSpec: <1>
+    selector: <2>
+      node-wants-my-mcm: 'true'
+
+  spokeNamespace: <some-namespace> <3>
+
+  selector: <4>
+    wants-my-mcm: 'true'
+----
+<1> `moduleSpec`: Contains `moduleLoader` and `devicePlugin` sections, similar to a `Module` resource.
+
+<2> Selects nodes within the `ManagedCluster`.
+<3> Specifies in which namespace the `Module` should be created.
+<4> Selects `ManagedCluster` objects.
+
+If build or signing instructions are present in `.spec.moduleSpec`, those pods are run on the hub cluster in the operator's namespace.
+
+When the `.spec.selector matches` one or more `ManagedCluster` resources, then KMM-Hub creates a `ManifestWork` resource in the corresponding namespace(s). `ManifestWork` contains a trimmed-down `Module` resource, with kernel mappings preserved but all `build` and `sign` subsections are removed. `containerImage` fields that contain image names ending with a tag are replaced with their digest equivalent.
diff --git a/modules/kmm-image-validation-stage.adoc b/modules/kmm-image-validation-stage.adoc
index e6591455ad6b..11d824a67d32 100644
--- a/modules/kmm-image-validation-stage.adoc
+++ b/modules/kmm-image-validation-stage.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-image-validation-stage_{context}"]
 = Image validation stage
 
diff --git a/modules/kmm-installation.adoc b/modules/kmm-installation.adoc
index fd18595fc29a..a55cb4143a1d 100644
--- a/modules/kmm-installation.adoc
+++ b/modules/kmm-installation.adoc
@@ -2,12 +2,12 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-install_{context}"]
 = Installing the Kernel Module Management Operator
 
 As a cluster administrator, you can install the Kernel Module Management (KMM) Operator by using the OpenShift CLI or the web console.
 
-The KMM Operator is supported on {product-title} 4.12 and later. 
+The KMM Operator is supported on {product-title} 4.12 and later.
 Installing KMM on version 4.11 does not require specific additional steps.
 For details on installing KMM on version 4.10 and earlier, see the section "Installing the Kernel Module Management Operator on earlier versions of {product-title}".
\ No newline at end of file
diff --git a/modules/kmm-installing-older-versions.adoc b/modules/kmm-installing-older-versions.adoc
index 42892f5e4f59..ba95040b79fc 100644
--- a/modules/kmm-installing-older-versions.adoc
+++ b/modules/kmm-installing-older-versions.adoc
@@ -2,12 +2,12 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-install-older-version_{context}"]
 = Installing the Kernel Module Management Operator on earlier versions of {product-title}
 
-The KMM Operator is supported on {product-title} 4.12 and later. 
-For version 4.10 and earlier, you must create a new `SecurityContextConstraint` object and bind it to the Operator's `ServiceAccount`. 
+The KMM Operator is supported on {product-title} 4.12 and later.
+For version 4.10 and earlier, you must create a new `SecurityContextConstraint` object and bind it to the Operator's `ServiceAccount`.
 As a cluster administrator, you can install the Kernel Module Management (KMM) Operator by using the OpenShift CLI.
 
 .Prerequisites
diff --git a/modules/kmm-installing-using-cli.adoc b/modules/kmm-installing-using-cli.adoc
index 5256434d6e3f..3ba4adff8dea 100644
--- a/modules/kmm-installing-using-cli.adoc
+++ b/modules/kmm-installing-using-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-install-using-cli_{context}"]
 = Installing the Kernel Module Management Operator by using the CLI
 
diff --git a/modules/kmm-installing-using-web-console.adoc b/modules/kmm-installing-using-web-console.adoc
index 11dbb369b7df..c9730b786834 100644
--- a/modules/kmm-installing-using-web-console.adoc
+++ b/modules/kmm-installing-using-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-install-using-web-console_{context}"]
 = Installing the Kernel Module Management Operator using the web console
 
@@ -16,8 +16,6 @@ As a cluster administrator, you can install the Kernel Module Management (KMM) O
 
 .. Select *Kernel Module Management Operator* from the list of available Operators, and then click *Install*.
 
-.. On the *Install Operator* page, select the *Installation mode* as *A specific namespace on the cluster*.
-
 .. From the *Installed Namespace* list, select the `openshift-kmm` namespace.
 
 ..  Click *Install*.
diff --git a/modules/kmm-must-gather-tool.adoc b/modules/kmm-must-gather-tool.adoc
index 6ae9fa0f0352..553949cb63bf 100644
--- a/modules/kmm-must-gather-tool.adoc
+++ b/modules/kmm-must-gather-tool.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-must-gather-tool_{context}"]
 = Using the must-gather tool
 
diff --git a/modules/kmm-preflight-validation-stages-per-module.adoc b/modules/kmm-preflight-validation-stages-per-module.adoc
index 9fda2f48bd4d..26ac8bc23237 100644
--- a/modules/kmm-preflight-validation-stages-per-module.adoc
+++ b/modules/kmm-preflight-validation-stages-per-module.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-preflight-validation-stages-per-module_{context}"]
 = Preflight validation stages per Module
 
diff --git a/modules/kmm-replacing-in-tree-modules-with-out-of-tree-modules.adoc b/modules/kmm-replacing-in-tree-modules-with-out-of-tree-modules.adoc
new file mode 100644
index 000000000000..3a674f1dfc06
--- /dev/null
+++ b/modules/kmm-replacing-in-tree-modules-with-out-of-tree-modules.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-replacing-in-tree-modules-with-out-of-tree-modules_{context}"]
+= Replacing in-tree modules with out-of-tree modules
+
+You can use Kernel Module Management (KMM) to build kernel modules that can be loaded or unloaded into the kernel on demand. These modules extend the functionality of the kernel without the need to reboot the system. Modules can be configured as built-in or dynamically loaded.
+
+Dynamically loaded modules include in-tree modules and out-of-tree (OOT) modules. In-tree modules are internal to the Linux kernel tree, that is, they are already part of the kernel. Out-of-tree modules are external to the Linux kernel tree. They are generally written for development and testing purposes, such as testing the new version of a kernel module that is shipped in-tree, or to deal with incompatibilities.
+
+Some modules loaded by KMM could replace in-tree modules already loaded on the node. To unload an in-tree module before loading your module, set the `.spec.moduleLoader.container.inTreeModuleToRemove` field. The following is an example for module replacement for all kernel mappings:
+
+[source,yaml]
+----
+# ...
+spec:
+  moduleLoader:
+    container:
+      modprobe:
+        moduleName: mod_a
+
+      inTreeModuleToRemove: mod_b
+----
+
+In this example, the `moduleLoader` pod uses `inTreeModuleToRemove` to unload the in-tree `mod_b` before loading `mod_a`
+from the `moduleLoader` image.
+When the `moduleLoader`pod is terminated and `mod_a` is unloaded, `mod_b` is not loaded again.
+
+The following is an example for module replacement for specific kernel mappings:
+
+[source,yaml]
+----
+# ...
+spec:
+  moduleLoader:
+    container:
+      kernelMappings:
+        - literal: 6.0.15-300.fc37.x86_64
+          containerImage: some.registry/org/my-kmod:6.0.15-300.fc37.x86_64
+          inTreeModuleToRemove: <module_name>
+----
diff --git a/modules/kmm-running-depmod.adoc b/modules/kmm-running-depmod.adoc
index 20355ad8d855..f1fba252388d 100644
--- a/modules/kmm-running-depmod.adoc
+++ b/modules/kmm-running-depmod.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-running-depmod_{context}"]
 
 = Running depmod
diff --git a/modules/kmm-security.adoc b/modules/kmm-security.adoc
index 86c674d4df3a..6a2d818178a8 100644
--- a/modules/kmm-security.adoc
+++ b/modules/kmm-security.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kmm-security_{context}"]
 = Security and permissions
 
diff --git a/modules/kmm-setting-soft-dependencies-between-kernel-modules.adoc b/modules/kmm-setting-soft-dependencies-between-kernel-modules.adoc
new file mode 100644
index 000000000000..5702ec6dca63
--- /dev/null
+++ b/modules/kmm-setting-soft-dependencies-between-kernel-modules.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-setting-soft-dependencies-between-kernel-modules_{context}"]
+= Set soft dependencies between kernel modules
+
+Some configurations require that several kernel modules be loaded in a specific order to work properly, even though the modules do not directly depend on each other through symbols.
+These are called soft dependencies.
+`depmod` is usually not aware of these dependencies, and they do not appear in the files it produces.
+For example, if `mod_a` has a soft dependency on `mod_b`, `modprobe mod_a` will not load `mod_b`.
+
+You can resolve these situations by declaring soft dependencies in the Module Custom Resource Definition (CRD) using the `modulesLoadingOrder` field.
+
+[source,yaml]
+----
+# ...
+spec:
+  moduleLoader:
+    container:
+      modprobe:
+        moduleName: mod_a
+        dirName: /opt
+        firmwarePath: /firmware
+        parameters:
+          - param=1
+        modulesLoadingOrder:
+          - mod_a
+          - mod_b
+----
+
+In the configuration above:
+
+* The loading order is `mod_b`, then `mod_a`.
+* The unloading order is `mod_a`, then `mod_b`.
+
+[NOTE]
+====
+The first value in the list, to be loaded last, must be equivalent to the `moduleName`.
+====
diff --git a/modules/kmm-sign-validation-stage.adoc b/modules/kmm-sign-validation-stage.adoc
index fec56f2b7b50..6a87ae084779 100644
--- a/modules/kmm-sign-validation-stage.adoc
+++ b/modules/kmm-sign-validation-stage.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-sign-validation-stage_{context}"]
 = Sign validation stage
 
diff --git a/modules/kmm-signing-a-prebuilt-driver-container.adoc b/modules/kmm-signing-a-prebuilt-driver-container.adoc
index cb17d0a58350..45c9dd62884d 100644
--- a/modules/kmm-signing-a-prebuilt-driver-container.adoc
+++ b/modules/kmm-signing-a-prebuilt-driver-container.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-signing-a-prebuilt-driver-container_{context}"]
 = Signing a pre-built driver container
 
diff --git a/modules/kmm-troubleshooting.adoc b/modules/kmm-troubleshooting.adoc
index f36ec9acd82a..e01e4842a42a 100644
--- a/modules/kmm-troubleshooting.adoc
+++ b/modules/kmm-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-troubleshooting_{context}"]
 = Troubleshooting KMM
 
diff --git a/modules/kmm-tuning-the-module-resource.adoc b/modules/kmm-tuning-the-module-resource.adoc
index 01122b9a57f4..6963c04d1daf 100644
--- a/modules/kmm-tuning-the-module-resource.adoc
+++ b/modules/kmm-tuning-the-module-resource.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-tuning-the-module-resource_{context}"]
 = Tuning the Module resource
 
diff --git a/modules/kmm-uninstalling-kmm.adoc b/modules/kmm-uninstalling-kmm.adoc
new file mode 100644
index 000000000000..1e3550147063
--- /dev/null
+++ b/modules/kmm-uninstalling-kmm.adoc
@@ -0,0 +1,10 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="kmm-uninstalling-kmmo_{context}"]
+= Uninstalling the Kernel Module Management Operator
+
+Use one of the following procedures to uninstall the Kernel Module Management (KMM) Operator, depending on how
+the KMM Operator was installed.
diff --git a/modules/kmm-uninstalling-kmmo-cli.adoc b/modules/kmm-uninstalling-kmmo-cli.adoc
new file mode 100644
index 000000000000..e4f625071a69
--- /dev/null
+++ b/modules/kmm-uninstalling-kmmo-cli.adoc
@@ -0,0 +1,21 @@
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-uninstalling-kmmo-cli_{context}"]
+= Uninstalling a CLI installation
+
+Use this command if the KMM Operator was installed using the OpenShift CLI.
+
+.Procedure
+
+* Run the following command to uninstall the KMM Operator:
++
+[source,terminal]
+----
+$ oc delete -k https://github.com/rh-ecosystem-edge/kernel-module-management/config/default
+----
++
+[NOTE]
+====
+Using this command deletes the ``Module`` CRD and all ``Module`` instances in the cluster.
+====
diff --git a/modules/kmm-uninstalling-kmmo-red-hat-catalog.adoc b/modules/kmm-uninstalling-kmmo-red-hat-catalog.adoc
new file mode 100644
index 000000000000..56c55d2ec30c
--- /dev/null
+++ b/modules/kmm-uninstalling-kmmo-red-hat-catalog.adoc
@@ -0,0 +1,18 @@
+// * hardware_enablement/kmm-kernel-module-management.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="kmm-uninstalling-kmmo-red-hat-catalog_{context}"]
+= Uninstalling a Red Hat catalog installation
+
+Use this procedure if KMM was installed from the Red Hat catalog.
+
+.Procedure
+
+Use the following method to uninstall the KMM Operator:
+
+* Use the OpenShift console under *Operators* --> *Installed Operators* to locate and uninstall the Operator.
+
+[NOTE]
+====
+Alternatively, you can delete the `Subscription` resource in the KMM namespace.
+====
diff --git a/modules/kmm-using-driver-toolkit.adoc b/modules/kmm-using-driver-toolkit.adoc
index 4ec01a876e35..1ee21e4df8b7 100644
--- a/modules/kmm-using-driver-toolkit.adoc
+++ b/modules/kmm-using-driver-toolkit.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kmm-using-driver-toolkit_{context}"]
 
 = Using the Driver Toolkit
diff --git a/modules/kmm-using-signing-with-kmm.adoc b/modules/kmm-using-signing-with-kmm.adoc
index 6a68e5d2176e..a86b5d04e5bb 100644
--- a/modules/kmm-using-signing-with-kmm.adoc
+++ b/modules/kmm-using-signing-with-kmm.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/kmm-kernel-module-management.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-using-signing-with-kmm_{context}"]
 = Using signing with Kernel Module Management (KMM)
 
diff --git a/modules/kmm-validation-kickoff.adoc b/modules/kmm-validation-kickoff.adoc
index 2a62e90d220b..906267f90490 100644
--- a/modules/kmm-validation-kickoff.adoc
+++ b/modules/kmm-validation-kickoff.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-validation-kickoff_{context}"]
 = Validation kickoff
 
diff --git a/modules/kmm-validation-lifecycle.adoc b/modules/kmm-validation-lifecycle.adoc
index e1b5359aac46..fa7e39a7462f 100644
--- a/modules/kmm-validation-lifecycle.adoc
+++ b/modules/kmm-validation-lifecycle.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-validation-lifecycle_{context}"]
 = Validation lifecycle
 
diff --git a/modules/kmm-validation-status.adoc b/modules/kmm-validation-status.adoc
index be88f2aa541b..f3d50623702e 100644
--- a/modules/kmm-validation-status.adoc
+++ b/modules/kmm-validation-status.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/kmm-preflight-validation.adoc
+// * updating/preparing_for_updates/kmm-preflight-validation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kmm-validation-status_{context}"]
 = Validation status
 
diff --git a/modules/kn-service-apply.adoc b/modules/kn-service-apply.adoc
index 28cbfdcc49bd..15cb6dcff221 100644
--- a/modules/kn-service-apply.adoc
+++ b/modules/kn-service-apply.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kn-service-apply_{context}"]
 = Applying service declarations
 
diff --git a/modules/kn-service-describe.adoc b/modules/kn-service-describe.adoc
index 55ea22ba6756..72e3e611499e 100644
--- a/modules/kn-service-describe.adoc
+++ b/modules/kn-service-describe.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kn-service-describe_{context}"]
 = Describing serverless applications by using the Knative CLI
 
diff --git a/modules/kn-service-offline-about.adoc b/modules/kn-service-offline-about.adoc
index 0fea06818825..b2bb1168970c 100644
--- a/modules/kn-service-offline-about.adoc
+++ b/modules/kn-service-offline-about.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kn-service-offline-about_{context}"]
 = About the Knative CLI offline mode
 
diff --git a/modules/kn-service-offline-create.adoc b/modules/kn-service-offline-create.adoc
index 5417ce8f3412..083bc254a9ce 100644
--- a/modules/kn-service-offline-create.adoc
+++ b/modules/kn-service-offline-create.adoc
@@ -3,7 +3,7 @@
 // * serverless/reference/kn-serving-ref.adoc
 // * serverless/develop/serverless-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-an-offline-service_{context}"]
 = Creating a service using offline mode
 
diff --git a/modules/kn-service-update.adoc b/modules/kn-service-update.adoc
index 194ae874d9fb..691115a9ae01 100644
--- a/modules/kn-service-update.adoc
+++ b/modules/kn-service-update.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kn-service-update_{context}"]
 = Updating serverless applications by using the Knative CLI
 
diff --git a/modules/kn-trigger-describe.adoc b/modules/kn-trigger-describe.adoc
index c0468b339f98..20e3e4f4ce75 100644
--- a/modules/kn-trigger-describe.adoc
+++ b/modules/kn-trigger-describe.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/triggers/describe-triggers-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kn-trigger-describe_{context}"]
 = Describing a trigger by using the Knative CLI
 
diff --git a/modules/kn-trigger-filtering.adoc b/modules/kn-trigger-filtering.adoc
index 1a8dd29bbbb1..27b469cfbfb0 100644
--- a/modules/kn-trigger-filtering.adoc
+++ b/modules/kn-trigger-filtering.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/triggers/filter-triggers-cli.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kn-trigger-filtering_{context}"]
 = Filtering events with triggers by using the Knative CLI
 // should be a procedure module but out of scope for this PR
diff --git a/modules/kn-trigger-list.adoc b/modules/kn-trigger-list.adoc
index 890e330e7d3b..92891c9527f6 100644
--- a/modules/kn-trigger-list.adoc
+++ b/modules/kn-trigger-list.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/triggers/list-triggers-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kn-trigger-list_{context}"]
 = Listing triggers by using the Knative CLI
 
diff --git a/modules/kn-trigger-update.adoc b/modules/kn-trigger-update.adoc
index ca44e9624ae8..15250337882b 100644
--- a/modules/kn-trigger-update.adoc
+++ b/modules/kn-trigger-update.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-triggers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="kn-trigger-update_{context}"]
 = Updating a trigger by using the Knative CLI
 
diff --git a/modules/knative-eventing-CR-system-deployments.adoc b/modules/knative-eventing-CR-system-deployments.adoc
index 3d5bc5d12655..e7d3527733ee 100644
--- a/modules/knative-eventing-CR-system-deployments.adoc
+++ b/modules/knative-eventing-CR-system-deployments.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/tuning/overriding-config-eventing.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="knative-eventing-CR-system-deployments_{context}"]
 = Overriding deployment configurations
 
diff --git a/modules/knative-service-cluster-local.adoc b/modules/knative-service-cluster-local.adoc
index 834950c7128b..050bc336fa4f 100644
--- a/modules/knative-service-cluster-local.adoc
+++ b/modules/knative-service-cluster-local.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/routing-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="knative-service-cluster-local_{context}"]
 = Setting cluster availability to cluster local
 
diff --git a/modules/knative-serving-CR-system-deployments.adoc b/modules/knative-serving-CR-system-deployments.adoc
index 35dba8b6e8e4..c948033810cb 100644
--- a/modules/knative-serving-CR-system-deployments.adoc
+++ b/modules/knative-serving-CR-system-deployments.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="knative-serving-CR-system-deployments_{context}"]
 = Overriding system deployment configurations
 
diff --git a/modules/knative-serving-controller-custom-certs-secrets.adoc b/modules/knative-serving-controller-custom-certs-secrets.adoc
index eac049b78366..ba4673fff8ac 100644
--- a/modules/knative-serving-controller-custom-certs-secrets.adoc
+++ b/modules/knative-serving-controller-custom-certs-secrets.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="knative-serving-controller-custom-certs-secrets_{context}"]
 = Configuring tag-to-digest resolution by using a secret
 
diff --git a/modules/kubernetes-about.adoc b/modules/kubernetes-about.adoc
index 1f364df7b1c0..1ed84826bda6 100644
--- a/modules/kubernetes-about.adoc
+++ b/modules/kubernetes-about.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_architecture/osd-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kubernetes-about_{context}"]
 = About Kubernetes
 
diff --git a/modules/kubernetes-components.adoc b/modules/kubernetes-components.adoc
index 8561bb265b08..ae6bb2376cdd 100644
--- a/modules/kubernetes-components.adoc
+++ b/modules/kubernetes-components.adoc
@@ -2,7 +2,7 @@
 //
 // * getting_started/kubernetes-overview.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="kubernetes-components_{context}"]
 = Kubernetes components
 
diff --git a/modules/kubernetes-conceptual-guidelines.adoc b/modules/kubernetes-conceptual-guidelines.adoc
index 74057633fb3b..293dbaf98120 100644
--- a/modules/kubernetes-conceptual-guidelines.adoc
+++ b/modules/kubernetes-conceptual-guidelines.adoc
@@ -2,7 +2,7 @@
 //
 // * getting_started/kubernetes-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kubernetes-conceptual-guidelines_{context}"]
 = Kubernetes conceptual guidelines
 
diff --git a/modules/kubernetes-resources.adoc b/modules/kubernetes-resources.adoc
index e022091f4bf3..000ba04d69aa 100644
--- a/modules/kubernetes-resources.adoc
+++ b/modules/kubernetes-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * getting_started/kubernetes-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kubernetes-resources_{context}"]
 = Kubernetes resources
 
diff --git a/modules/ldap-auto-syncing.adoc b/modules/ldap-auto-syncing.adoc
index 1fd35e086b7c..fd1a38638e01 100644
--- a/modules/ldap-auto-syncing.adoc
+++ b/modules/ldap-auto-syncing.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-auto-syncing_{context}"]
 = Automatically syncing LDAP groups
 
diff --git a/modules/ldap-syncing-about.adoc b/modules/ldap-syncing-about.adoc
index df00d8e75487..58432701c0d7 100644
--- a/modules/ldap-syncing-about.adoc
+++ b/modules/ldap-syncing-about.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ldap-syncing-about_{context}"]
 = About configuring LDAP sync
 
@@ -28,7 +28,7 @@ The LDAP client configuration section of the configuration defines the connectio
 ----
 url: ldap://10.0.0.0:389 <1>
 bindDN: cn=admin,dc=example,dc=com <2>
-bindPassword: password <3>
+bindPassword: <password> <3>
 insecure: false <4>
 ca: my-ldap-ca-bundle.crt <5>
 ----
diff --git a/modules/ldap-syncing-activedir.adoc b/modules/ldap-syncing-activedir.adoc
index 10e7782c2789..3e497003b9fa 100644
--- a/modules/ldap-syncing-activedir.adoc
+++ b/modules/ldap-syncing-activedir.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-activedir_{context}"]
 = Syncing groups using the Active Directory schema
 
@@ -48,6 +48,12 @@ during search and returned to the client, but not committed to the database.
 .Prerequisites
 
 * Create the configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-augmented-activedir.adoc b/modules/ldap-syncing-augmented-activedir.adoc
index de0a6d0e452d..3a0fb8ab0ac9 100644
--- a/modules/ldap-syncing-augmented-activedir.adoc
+++ b/modules/ldap-syncing-augmented-activedir.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-augmented-activedir_{context}"]
 = Syncing groups using the augmented Active Directory schema
 
@@ -58,6 +58,12 @@ member: cn=Jim,ou=users,dc=example,dc=com
 .Prerequisites
 
 * Create the configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-config-activedir.adoc b/modules/ldap-syncing-config-activedir.adoc
index e084bae8a645..3290c64f8963 100644
--- a/modules/ldap-syncing-config-activedir.adoc
+++ b/modules/ldap-syncing-config-activedir.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ldap-syncing-config-activedir_{context}"]
 = About the Active Directory configuration file
 
diff --git a/modules/ldap-syncing-config-augmented-activedir.adoc b/modules/ldap-syncing-config-augmented-activedir.adoc
index a8c1af7c51f0..b497d6491456 100644
--- a/modules/ldap-syncing-config-augmented-activedir.adoc
+++ b/modules/ldap-syncing-config-augmented-activedir.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ldap-syncing-config-augmented-activedir_{context}"]
 =  About the augmented Active Directory configuration file
 
diff --git a/modules/ldap-syncing-config-rfc2307.adoc b/modules/ldap-syncing-config-rfc2307.adoc
index 864187a36b6a..a74869808018 100644
--- a/modules/ldap-syncing-config-rfc2307.adoc
+++ b/modules/ldap-syncing-config-rfc2307.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ldap-syncing-config-rfc2307_{context}"]
 = About the RFC 2307 configuration file
 
diff --git a/modules/ldap-syncing-nesting.adoc b/modules/ldap-syncing-nesting.adoc
index 759391f4436c..3c6a8858002e 100644
--- a/modules/ldap-syncing-nesting.adoc
+++ b/modules/ldap-syncing-nesting.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-nesting_{context}"]
 == LDAP nested membership sync example
 
@@ -136,6 +136,12 @@ of https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx[`LDAP_MATCHIN
 .Prerequisites
 
 * Create the configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-rfc2307-user-defined-error.adoc b/modules/ldap-syncing-rfc2307-user-defined-error.adoc
index efed1ad1f4b2..312068c380c4 100644
--- a/modules/ldap-syncing-rfc2307-user-defined-error.adoc
+++ b/modules/ldap-syncing-rfc2307-user-defined-error.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-rfc2307-user-defined-error_{context}"]
 = Syncing groups using RFC 2307 with user-defined error tolerances
 
@@ -118,6 +118,12 @@ member of a group is out of scope.
 .Prerequisites
 
 * Create the configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-rfc2307-user-defined.adoc b/modules/ldap-syncing-rfc2307-user-defined.adoc
index b6030661fd6b..c9fbfc878d2c 100644
--- a/modules/ldap-syncing-rfc2307-user-defined.adoc
+++ b/modules/ldap-syncing-rfc2307-user-defined.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-rfc2307-user-defined_{context}"]
 = Syncing groups using the RFC2307 schema with user-defined name mappings
 
@@ -48,6 +48,12 @@ fine-grained  filtering, use the whitelist / blacklist method.
 .Prerequisites
 
 * Create the configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-rfc2307.adoc b/modules/ldap-syncing-rfc2307.adoc
index 3f2aa3bb074a..96acc2000e56 100644
--- a/modules/ldap-syncing-rfc2307.adoc
+++ b/modules/ldap-syncing-rfc2307.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-rfc2307_{context}"]
 = Syncing groups using the RFC 2307 schema
 
@@ -65,6 +65,12 @@ the group.
 .Prerequisites
 
 * Create the configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-running-all-ldap.adoc b/modules/ldap-syncing-running-all-ldap.adoc
index 6250c8612069..85f2bab40297 100644
--- a/modules/ldap-syncing-running-all-ldap.adoc
+++ b/modules/ldap-syncing-running-all-ldap.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing-groups.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-running-all-ldap_{context}"]
 = Syncing the LDAP server with {product-title}
 
@@ -11,6 +11,12 @@ You can sync all groups from the LDAP server with {product-title}.
 .Prerequisites
 
 * Create a sync configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-running-openshift.adoc b/modules/ldap-syncing-running-openshift.adoc
index de584140c0a6..ae21e4d78769 100644
--- a/modules/ldap-syncing-running-openshift.adoc
+++ b/modules/ldap-syncing-running-openshift.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing-groups.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-running-openshift_{context}"]
 = Syncing {product-title} groups with the LDAP server
 
@@ -12,6 +12,12 @@ LDAP server specified in the configuration file.
 .Prerequisites
 
 * Create a sync configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-running-subset.adoc b/modules/ldap-syncing-running-subset.adoc
index 0ce682af850a..d2a3d55faed7 100644
--- a/modules/ldap-syncing-running-subset.adoc
+++ b/modules/ldap-syncing-running-subset.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/ldap-syncing-groups.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ldap-syncing-running-subset_{context}"]
 = Syncing subgroups from the LDAP server with {product-title}
 
@@ -21,6 +21,12 @@ present in {product-title}.
 .Prerequisites
 
 * Create a sync configuration file.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/ldap-syncing-running.adoc b/modules/ldap-syncing-running.adoc
index 67b9c7e31a9f..1c92780034b8 100644
--- a/modules/ldap-syncing-running.adoc
+++ b/modules/ldap-syncing-running.adoc
@@ -5,7 +5,5 @@
 [id="ldap-syncing-running_{context}"]
 = Running LDAP sync
 
-Once you have created a sync configuration file,
-you can begin to sync. {product-title} allows administrators to perform a number of
-different sync types with the same server.
+Once you have created a sync configuration file, you can begin to sync. {product-title} allows administrators to perform a number of different sync types with the same server.
 
diff --git a/modules/life-cycle-dates.adoc b/modules/life-cycle-dates.adoc
index 8ed98f779707..9205f008bf85 100644
--- a/modules/life-cycle-dates.adoc
+++ b/modules/life-cycle-dates.adoc
@@ -1,7 +1,12 @@
 // Module included in the following assemblies:
 //
-// * osd_architecture/osd_policy/osd-life-cycle.adoc
 // * rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
+// * osd_architecture/osd_policy/osd-life-cycle.adoc
+
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:rosa-with-hcp:
+endif::[]
 
 [id="sd-life-cycle-dates_{context}"]
 = Life cycle dates
@@ -9,11 +14,20 @@
 [options="header"]
 |===
 |Version    |General availability   |End of life
+ifdef::rosa-with-hcp[]
+|4.14       |Dec 4, 2023            |Feb 28, 2025
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+|4.14       |Oct 31, 2023           |Feb 28, 2025
 |4.13       |May 17, 2023           |Sep 17, 2024
 |4.12       |Jan 17, 2023           |May 17, 2024
 |4.11       |Aug 10, 2022           |Dec 10, 2023
 |4.10       |Mar 10, 2022           |Sep 10, 2023
 |4.9        |Oct 18, 2021           |Dec 18, 2022
 |4.8        |Jul 27, 2021           |Sep 27, 2022
-
+endif::rosa-with-hcp[]
 |===
+
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/life-cycle-limited-support.adoc b/modules/life-cycle-limited-support.adoc
index 745c0189d9ae..ea0bda34c836 100644
--- a/modules/life-cycle-limited-support.adoc
+++ b/modules/life-cycle-limited-support.adoc
@@ -1,8 +1,13 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
 // * osd_architecture/osd_policy/osd-life-cycle.adoc
 
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:rosa-with-hcp:
+endif::[]
+
 [id="rosa-limited-support_{context}"]
 = Limited support status
 
@@ -10,10 +15,16 @@ When a cluster transitions to a _Limited Support_ status, Red Hat no longer proa
 
 A cluster might transition to a Limited Support status for many reasons, including the following scenarios:
 
+ifndef::rosa-with-hcp[]
 If you do not upgrade a cluster to a supported version before the end-of-life date:: Red Hat does not make any runtime or SLA guarantees for versions after their end-of-life date. To receive continued support, upgrade the cluster to a supported version prior to the end-of-life date. If you do not upgrade the cluster prior to the end-of-life date, the cluster transitions to a Limited Support status until it is upgraded to a supported version.
 +
 Red Hat provides commercially reasonable support to upgrade from an unsupported version to a supported version. However, if a supported upgrade path is no longer available, you might have to create a new cluster and migrate your workloads.
+endif::rosa-with-hcp[]
 
 If you remove or replace any native {product-title} components or any other component that is installed and managed by Red Hat:: If cluster administrator permissions were used, Red Hat is not responsible for any of your or your authorized users’ actions, including those that affect infrastructure services, service availability, or data loss. If Red Hat detects any such actions, the cluster might transition to a Limited Support status. Red Hat notifies you of the status change and you should either revert the action or create a support case to explore remediation steps that might require you to delete and recreate the cluster.
 
 If you have questions about a specific action that might cause a cluster to transition to a Limited Support status or need further assistance, open a support ticket.
+
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/life-cycle-mandatory-upgrades.adoc b/modules/life-cycle-mandatory-upgrades.adoc
index 93e6cf3b0e37..9ce1bfa86a32 100644
--- a/modules/life-cycle-mandatory-upgrades.adoc
+++ b/modules/life-cycle-mandatory-upgrades.adoc
@@ -1,13 +1,27 @@
 // Module included in the following assemblies:
 // * rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
 // * osd_architecture/osd_policy/osd-life-cycle.adoc
 
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:rosa-with-hcp:
+endif::[]
+
+:_mod-docs-content-type: REFERENCE
 [id="rosa-mandatory-upgrades_{context}"]
 = Mandatory upgrades
 
-In the event that a Critical or Important CVE, or other bug identified by Red Hat, significantly
-impacts the security or stability of the cluster, the customer must upgrade to the next supported
-patch release within two link:https://access.redhat.com/articles/2623321[business days].
+If a critical or important CVE, or other bug identified by Red Hat, significantly impacts the security or stability of the cluster, the customer must upgrade to the next supported patch release within two link:https://access.redhat.com/articles/2623321[business days].
+
+In extreme circumstances and based on Red Hat's assessment of the CVE criticality to the environment, Red Hat will notify customers that they have two link:https://access.redhat.com/articles/2623321[business days] to schedule or manually update their cluster to the latest, secure patch release. In the case that an update is not performed after two link:https://access.redhat.com/articles/2623321[business days], Red Hat will automatically update the
+ifdef::rosa-with-hcp[]
+cluster's control plane
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+cluster
+endif::rosa-with-hcp[]
+to the latest, secure patch release to mitigate potential security breach(es) or instability. Red Hat might, at its own discretion, temporarily delay an automated update if requested by a customer through a link:https://access.redhat.com/support[support case].
 
-In extreme circumstances and based on Red Hat's assessment of the CVE criticality to the
-environment, Red Hat will notify customers that they have two link:https://access.redhat.com/articles/2623321[business days] to schedule or manually update their cluster to the latest, secure patch release. In the case that an update has not been performed, Red Hat will automatically update the cluster to the latest, secure patch release to mitigate potential security breach(es) or instability. Red Hat may, at its own discretion, temporarily delay an automated update if requested by a customer through a link:https://access.redhat.com/support[support case].
\ No newline at end of file
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/life-cycle-minor-versions.adoc b/modules/life-cycle-minor-versions.adoc
index 114e4d59092e..b8e384c818f0 100644
--- a/modules/life-cycle-minor-versions.adoc
+++ b/modules/life-cycle-minor-versions.adoc
@@ -1,22 +1,36 @@
 // Module included in the following assemblies:
 // * rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
 // * osd_architecture/osd_policy/osd-life-cycle.adoc
 
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:rosa-with-hcp:
+endif::[]
+
 [id="rosa-minor-versions_{context}"]
 = Minor versions (x.Y.z)
 
-Starting with the 4.8 OpenShift Container Platform minor version, Red Hat supports all minor
-versions for at least a 14 month period following general availability of the given minor version. Patch
-versions are not affected by the support period.
+Starting with the 4.8 OpenShift Container Platform minor version, Red Hat supports all minor versions for at least a 16 month period following general availability of the given minor version. Patch versions are not affected by the support period.
 
-Customers are notified 60, 30, and 15 days prior to the end of the support period. Clusters must be upgraded to
-a supported minor version prior to the end of the support period, or the cluster will enter
-a "Limited Support" status.
+Customers are notified 60, 30, and 15 days before the end of the support period. Clusters must be upgraded to the latest patch version of the oldest supported minor version before the end of the support period, or
+ifdef::rosa-with-hcp[]
+Red Hat will automatically upgrade the control plane to the next supported minor version.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+the cluster will enter a "Limited Support" status.
+endif::rosa-with-hcp[]
 
 .Example
-. A customer's cluster is currently running on 4.8.14. The 4.8 minor version became generally
-  available on July 27, 2021.
-. On July 29, August 28, and September 12, 2022, the customer is notified that their cluster will enter "Limited Support" status
-  on September 27, 2022 if the cluster has not already been upgraded to a supported minor version.
-. The cluster must be upgraded to 4.9 or later by September 27, 2022.
+. A customer's cluster is currently running on 4.13.8. The 4.13 minor version became generally available on May 17, 2023.
+. On July 19, August 16, and September 2, 2024, the customer is notified that their cluster will enter "Limited Support" status on September 17, 2024 if the cluster has not already been upgraded to a supported minor version.
+. The cluster must be upgraded to 4.14 or later by September 17, 2024.
+ifdef::rosa-with-hcp[]
+. If the upgrade has not been performed, the cluster's control plane will be automatically upgraded to 4.14.26, and there will be no automatic upgrades to the cluster's worker nodes.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 . If the upgrade has not been performed, the cluster will be flagged as being in a "Limited Support" status.
+endif::rosa-with-hcp[]
+
+ifeval::["{context}" == "rosa-hcp-life-cycle"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/life-cycle-overview.adoc b/modules/life-cycle-overview.adoc
index b9fc3b5dfd0d..9a95f519572b 100644
--- a/modules/life-cycle-overview.adoc
+++ b/modules/life-cycle-overview.adoc
@@ -3,7 +3,7 @@
 // * rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
 // * osd_architecture/osd_policy/osd-life-cycle.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="life-cycle-overview_{context}"]
 = Overview
 
diff --git a/modules/listing-alerts-that-are-firing.adoc b/modules/listing-alerts-that-are-firing.adoc
index 7bf46e0fc18b..5d48212b247f 100644
--- a/modules/listing-alerts-that-are-firing.adoc
+++ b/modules/listing-alerts-that-are-firing.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="listing-alerts-that-are-firing_{context}"]
 = Listing alerts that are firing
 
diff --git a/modules/load-and-merge-rules.adoc b/modules/load-and-merge-rules.adoc
index c8d8beaa0256..ca388757ea66 100644
--- a/modules/load-and-merge-rules.adoc
+++ b/modules/load-and-merge-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/managing-cli-profiles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="load-and-merge-rules_{context}"]
 = Load and merge rules
 
diff --git a/modules/log-collection-rbac-permissions.adoc b/modules/log-collection-rbac-permissions.adoc
new file mode 100644
index 000000000000..9638c00224c9
--- /dev/null
+++ b/modules/log-collection-rbac-permissions.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="log-collection-rbac-permissions_{context}"]
+= Authorizing log collection RBAC permissions
+
+In logging 5.8 and later, the {clo} provides `collect-audit-logs`, `collect-application-logs`, and `collect-infrastructure-logs` cluster roles, which enable the collector to collect audit logs, application logs, and infrastructure logs respectively.
+
+You can authorize RBAC permissions for log collection by binding the required cluster roles to a service account.
+
+.Prerequisites
+
+* The {clo} is installed in the `openshift-logging` namespace.
+* You have administrator permissions.
+
+.Procedure
+
+. Create a service account for the collector. If you want to write logs to storage that requires a token for authentication, you must include a token in the service account.
+
+. Bind the appropriate cluster roles to the service account:
++
+.Example binding command
+[source,terminal]
+----
+$ oc adm policy add-cluster-role-to-user <cluster_role_name> system:serviceaccount:<namespace_name>:<service_account_name>
+----
diff --git a/modules/log-collector-resources-scheduling.adoc b/modules/log-collector-resources-scheduling.adoc
new file mode 100644
index 000000000000..913422529eae
--- /dev/null
+++ b/modules/log-collector-resources-scheduling.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="log-collector-resources-scheduling_{context}"]
+= Configuring resources and scheduling for logging collectors
+
+Administrators can modify the resources or scheduling of the collector by creating a `ClusterLogging` custom resource (CR) that is in the same namespace and has the same name as the `ClusterLogForwarder` CR that it supports.
+
+The applicable stanzas for the `ClusterLogging` CR when using multiple log forwarders in a deployment are `managmentState` and `collection`. All other stanzas are ignored.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have installed the {clo} version 5.8 or newer.
+* You have created a `ClusterLogForwarder` CR.
+
+.Procedure
+
+. Create a `ClusterLogging` CR that supports your existing `ClusterLogForwarder` CR:
++
+.Example `ClusterLogging` CR YAML
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+  name:  <name> # <1>
+  namespace: <namespace> # <2>
+spec:
+  managementState: "Managed"
+  collection:
+    type: "vector"
+    tolerations:
+    - key: "logging"
+      operator: "Exists"
+      effect: "NoExecute"
+      tolerationSeconds: 6000
+    resources:
+      limits:
+        memory: 1Gi
+      requests:
+        cpu: 100m
+        memory: 1Gi
+    nodeSelector:
+      collector: needed
+# ...
+----
+<1> The name must be the same name as the `ClusterLogForwarder` CR.
+<2> The namespace must be the same namespace as the `ClusterLogForwarder` CR.
+
+. Apply the `ClusterLogging` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/log-forwarding-collector-outputs.adoc b/modules/log-forwarding-collector-outputs.adoc
new file mode 100644
index 000000000000..9fbe6a37e15b
--- /dev/null
+++ b/modules/log-forwarding-collector-outputs.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="log-forwarding-collector-outputs_{context}"]
+= Collector outputs
+
+The following collector outputs are supported:
+
+.Supported outputs
+[options="header"]
+|==========================================================
+| Feature              | Fluentd  | Vector
+| Elasticsearch v6-v8  | &#10003; | &#10003;
+| Fluent forward       | &#10003; |
+| Syslog RFC3164       | &#10003; | &#10003; (Logging 5.7+)
+| Syslog RFC5424       | &#10003; | &#10003; (Logging 5.7+)
+| Kafka                | &#10003; | &#10003;
+| Amazon Cloudwatch    | &#10003; | &#10003;
+| Amazon Cloudwatch STS| &#10003; | &#10003;
+| Loki                 | &#10003; | &#10003;
+| HTTP                 | &#10003; | &#10003; (Logging 5.7+)
+| Google Cloud Logging | &#10003; | &#10003;
+| Splunk               |          | &#10003; (Logging 5.6+)
+|==========================================================
diff --git a/modules/log-forwarding-implementations.adoc b/modules/log-forwarding-implementations.adoc
new file mode 100644
index 000000000000..ff165f7ca8cf
--- /dev/null
+++ b/modules/log-forwarding-implementations.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="log-forwarding-implementations_{context}"]
+= Log forwarding implementations
+
+There are two log forwarding implementations available: the legacy implementation, and the multi log forwarder feature.
+
+[IMPORTANT]
+====
+Only the Vector collector is supported for use with the multi log forwarder feature. The Fluentd collector can only be used with legacy implementations.
+====
+
+[id="log-forwarding-implementations-legacy_{context}"]
+== Legacy implementation
+
+In legacy implementations, you can only use one log forwarder in your cluster. The `ClusterLogForwarder` resource in this mode must be named `instance`, and must be created in the `openshift-logging` namespace. The `ClusterLogForwarder` resource also requires a corresponding `ClusterLogging` resource named `instance` in the `openshift-logging` namespace.
+
+[id="log-forwarding-implementations-multi-clf_{context}"]
+== Multi log forwarder feature
+
+The multi log forwarder feature is available in logging 5.8 and later, and provides the following functionality:
+
+* Administrators can control which users are allowed to define log collection and which logs they are allowed to collect.
+* Users who have the required permissions are able to specify additional log collection configurations.
+* Administrators who are migrating from the deprecated Fluentd collector to the Vector collector can deploy a new log forwarder separately from their existing deployment. The existing and new log forwarders can operate simultaneously while workloads are being migrated.
+
+In multi log forwarder implementations, you are not required to create a corresponding `ClusterLogging` resource for your `ClusterLogForwarder` resource. You can create multiple `ClusterLogForwarder` resources using any name, in any namespace, with the following exceptions:
+
+* You cannot create a `ClusterLogForwarder` resource named `instance` in the `openshift-logging` namespace, because this is reserved for a log forwarder that supports the legacy workflow using the Fluentd collector.
+* You cannot create a `ClusterLogForwarder` resource named `collector` in the `openshift-logging` namespace, because this is reserved for the collector.
diff --git a/modules/logging-5.6-api-ref.adoc b/modules/logging-5.6-api-ref.adoc
index fc9789b1f48d..110587f80f10 100644
--- a/modules/logging-5.6-api-ref.adoc
+++ b/modules/logging-5.6-api-ref.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // Note: This content is automatically generated from source, do not edit.
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="logging-5-6-api-ref"]
 = Logging 5.6 API reference
 :toc:
diff --git a/modules/logging-architecture-overview.adoc b/modules/logging-architecture-overview.adoc
index 0e017d71cd7f..c0f76b856be5 100644
--- a/modules/logging-architecture-overview.adoc
+++ b/modules/logging-architecture-overview.adoc
@@ -1,24 +1,35 @@
 // Module included in the following assemblies:
 //
-//
+// * logging/cluster-logging.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="logging-architecture-overview_{context}"]
 = Logging architecture
 
-The {logging} consists of these logical components:
-
-* `Collector` - Reads container log data from each node and forwards log data to configured outputs.
+The major components of the {logging} are:
 
-* `Store` - Stores log data for analysis; the default output for the forwarder.
+Collector:: The collector is a daemonset that deploys pods to each {product-title} node. It collects log data from each node, transforms the data, and forwards it to configured outputs. You can use the Vector collector or the legacy Fluentd collector.
++
+--
+include::snippets/logging-fluentd-dep-snip.adoc[]
+--
 
-* `Visualization` - Graphical interface for searching, querying, and viewing stored logs.
+Log store:: The log store stores log data for analysis and is the default output for the log forwarder. You can use the default LokiStack log store, the legacy Elasticsearch log store, or forward logs to additional external log stores.
++
+--
+include::snippets/logging-elastic-dep-snip.adoc[]
+--
 
-These components are managed by Operators and Custom Resource (CR) YAML files.
+Visualization:: You can use a UI component to view a visual representation of your log data. The UI provides a graphical interface to search, query, and view stored logs. The {product-title} web console UI is provided by enabling the {product-title} console plugin.
++
+--
+include::snippets/logging-kibana-dep-snip.adoc[]
+--
 
-include::snippets/logging-log-types-snip.adoc[]
+{logging-uc} collects container logs and node logs. These are categorized into types:
 
+Application logs:: Container logs generated by user applications running in the cluster, except infrastructure container applications.
 
-The logging collector is a daemonset that deploys pods to each {product-title} node. System and infrastructure logs are generated by journald log messages from the operating system, the container runtime, and {product-title}.
+Infrastructure logs:: Container logs generated by infrastructure namespaces: `openshift*`, `kube*`, or `default`, as well as journald messages from nodes.
 
-Container logs are generated by containers running in pods running on the cluster. Each container generates a separate log stream. The collector collects the logs from these sources and forwards them internally or externally as configured in the `ClusterLogForwarder` custom resource.
+Audit logs:: Logs generated by auditd, the node audit system, which are stored in the */var/log/audit/audit.log* file, and logs from the `auditd`, `kube-apiserver`, `openshift-apiserver` services, as well as the `ovn` project if enabled.
diff --git a/modules/logging-audit-log-filtering.adoc b/modules/logging-audit-log-filtering.adoc
new file mode 100644
index 000000000000..c516ab16d281
--- /dev/null
+++ b/modules/logging-audit-log-filtering.adoc
@@ -0,0 +1,117 @@
+// Module included in the following assemblies:
+//logging/log_collection_forwarding/configuring-log-forwarding.adoc
+//
+:_mod-docs-content-type: CONCEPT
+[id="logging_audit_filtering_{context}"]
+= Overview of API audit filter
+OpenShift API servers generate audit events for each API call, detailing the request, response, and the identity of the requester, leading to large volumes of data. The API Audit filter uses rules to enable the exclusion of non-essential events and the reduction of event size, facilitating a more manageable audit trail. Rules are checked in order, checking stops at the first match. How much data is included in an event is determined by the value of the `level` field:
+
+* `None`: The event is dropped.
+* `Metadata`: Audit metadata is included, request and response bodies are removed.
+* `Request`: Audit metadata and the request body are included, the response body is removed.
+* `RequestResponse`: All data is included: metadata, request body and response body. The response body can be very large. For example, `oc get pods -A` generates a response body containing the YAML description of every pod in the cluster.
+
+In logging 5.8 and later, the `ClusterLogForwarder` custom resource (CR) uses the same format as the standard link:https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/#audit-policy[Kubernetes audit policy], while providing the following additional functions:
+
+Wildcards:: Names of users, groups, namespaces, and resources can have a leading or trailing `\*` asterisk character. For example, namespace `openshift-\*` matches `openshift-apiserver` or `openshift-authentication`. Resource `\*/status` matches `Pod/status` or `Deployment/status`.
+
+Default Rules:: Events that do not match any rule in the policy are filtered as follows:
+* Read-only system events such as `get`, `list`, `watch` are dropped.
+* Service account write events that occur within the same namespace as the service account are dropped.
+* All other events are forwarded, subject to any configured rate limits.
+
+To disable these defaults, either end your rules list with a rule that has only a `level` field or add an empty rule.
+
+Omit Response Codes:: A list of integer status codes to omit. You can drop events based on the HTTP status code in the response by using the `OmitResponseCodes` field, a list of HTTP status code for which no events are created. The default value is `[404, 409, 422, 429]`. If the value is an empty list, `[]`, then no status codes are omitted.
+
+The `ClusterLogForwarder` CR audit policy acts in addition to the {product-title} audit policy. The `ClusterLogForwarder` CR audit filter changes what the log collector forwards, and provides the ability to filter by verb, user, group, namespace, or resource. You can create multiple filters to send different summaries of the same audit stream to different places. For example, you can send a detailed stream to the local cluster log store, and a less detailed stream to a remote site.
+
+[NOTE]
+====
+The example provided is intended to illustrate the range of rules possible in an audit policy and is not a recommended configuration.
+====
+
+
+.Example audit policy
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  pipelines:
+    - name: my-pipeline
+      inputRefs: audit #<1>
+      filterRefs: my-policy #<2>
+      outputRefs: default
+  filters:
+    - name: my-policy
+      type: kubeAPIAudit
+      kubeAPIAudit:
+        # Don't generate audit events for all requests in RequestReceived stage.
+        omitStages:
+          - "RequestReceived"
+
+        rules:
+          # Log pod changes at RequestResponse level
+          - level: RequestResponse
+            resources:
+            - group: ""
+              resources: ["pods"]
+
+          # Log "pods/log", "pods/status" at Metadata level
+          - level: Metadata
+            resources:
+            - group: ""
+              resources: ["pods/log", "pods/status"]
+
+          # Don't log requests to a configmap called "controller-leader"
+          - level: None
+            resources:
+            - group: ""
+              resources: ["configmaps"]
+              resourceNames: ["controller-leader"]
+
+          # Don't log watch requests by the "system:kube-proxy" on endpoints or services
+          - level: None
+            users: ["system:kube-proxy"]
+            verbs: ["watch"]
+            resources:
+            - group: "" # core API group
+              resources: ["endpoints", "services"]
+
+          # Don't log authenticated requests to certain non-resource URL paths.
+          - level: None
+            userGroups: ["system:authenticated"]
+            nonResourceURLs:
+            - "/api*" # Wildcard matching.
+            - "/version"
+
+          # Log the request body of configmap changes in kube-system.
+          - level: Request
+            resources:
+            - group: "" # core API group
+              resources: ["configmaps"]
+            # This rule only applies to resources in the "kube-system" namespace.
+            # The empty string "" can be used to select non-namespaced resources.
+            namespaces: ["kube-system"]
+
+          # Log configmap and secret changes in all other namespaces at the Metadata level.
+          - level: Metadata
+            resources:
+            - group: "" # core API group
+              resources: ["secrets", "configmaps"]
+
+          # Log all other resources in core and extensions at the Request level.
+          - level: Request
+            resources:
+            - group: "" # core API group
+            - group: "extensions" # Version of group should NOT be included.
+
+          # A catch-all rule to log all other requests at the Metadata level.
+          - level: Metadata
+----
+<1> The log types that are collected. The value for this field can be `audit` for audit logs, `application` for application logs, `infrastructure` for infrastructure logs, or a named input that has been defined for your application.
+<2> The name of your audit policy.
diff --git a/modules/logging-common-terms.adoc b/modules/logging-common-terms.adoc
deleted file mode 100644
index 6683d0bec698..000000000000
--- a/modules/logging-common-terms.adoc
+++ /dev/null
@@ -1,87 +0,0 @@
-// Module included in the following assemblies:
-//
-// * logging/cluster-logging.adoc
-
-:_content-type: REFERENCE
-[id="openshift-logging-common-terms_{context}"]
-= Glossary of common terms for {product-title} Logging
-
-This glossary defines common terms that are used in the {product-title} Logging content.
-
-annotation::
-You can use annotations to attach metadata to objects.
-
-Cluster Logging Operator (CLO)::
-The Cluster Logging Operator provides a set of APIs to control the collection and forwarding of application, infrastructure, and audit logs.
-
-Custom Resource (CR)::
-A CR is an extension of the Kubernetes API. To configure {product-title} Logging and log forwarding, you can customize the `ClusterLogging` and the `ClusterLogForwarder` custom resources.
-
-event router::
-The event router is a pod that watches {product-title} events. It collects logs by using {product-title} Logging.
-
-Fluentd::
-Fluentd is a log collector that resides on each {product-title} node. It gathers application, infrastructure, and audit logs and forwards them to different outputs.
-
-garbage collection::
-Garbage collection is the process of cleaning up cluster resources, such as terminated containers and images that are not referenced by any running pods.
-
-Elasticsearch::
-Elasticsearch is a distributed search and analytics engine. {product-title} uses ELasticsearch as a default log store for {product-title} Logging.
-
-Elasticsearch Operator::
-Elasticsearch operator is used to run Elasticsearch cluster on top of {product-title}. The Elasticsearch Operator provides self-service for the Elasticsearch cluster operations and is used by {product-title} Logging.
-
-indexing::
-Indexing is a data structure technique that is used to quickly locate and access data. Indexing optimizes the performance by minimizing the amount of disk access required when a query is processed.
-
-JSON logging::
-{product-title} Logging Log Forwarding API enables you to parse JSON logs into a structured object and forward them to either {product-title} Logging-managed Elasticsearch or any other third-party system supported by the Log Forwarding API.
-
-Kibana::
-Kibana is a browser-based console interface to query, discover, and visualize your Elasticsearch data through histograms, line graphs, and pie charts.
-
-Kubernetes API server::
-Kubernetes API server validates and configures data for the API objects.
-
-Labels::
-Labels are key-value pairs that you can use to organize and select subsets of objects, such as a pod.
-
-Logging::
-With {product-title} Logging you can aggregate application, infrastructure, and audit logs throughout your cluster. You can also store them to a default log store, forward them to third party systems, and query and visualize the stored logs in the default log store.
-
-logging collector::
-A logging collector collects logs from the cluster, formats them, and forwards them to the log store or third party systems.
-
-log store::
-A log store is used to store aggregated logs. You can use the default Elasticsearch log store or forward logs to external log stores. The default log store is optimized and tested for short-term storage.
-
-log visualizer::
-Log visualizer is the user interface (UI) component you can use to view information such as logs, graphs, charts, and other metrics. The current implementation is Kibana.
-
-node::
-A node is a worker machine in the {product-title} cluster. A node is either a virtual machine (VM) or a physical machine.
-
-Operators::
-Operators are the preferred method of packaging, deploying, and managing a Kubernetes application in an {product-title} cluster. An Operator takes human operational knowledge and encodes it into software that is packaged and shared with customers.
-
-pod::
-A pod is the smallest logical unit in Kubernetes. A pod consists of one or more containers and runs on a worker node..
-
-Role-based access control (RBAC)::
-RBAC is a key security control to ensure that cluster users and workloads have access only to resources required to execute their roles.
-
-shards::
-Elasticsearch organizes the log data from Fluentd into datastores, or indices, then subdivides each index into multiple pieces called shards.
-
-taint::
-Taints ensure that pods are scheduled onto appropriate nodes. You can apply one or more taints on a node.
-
-toleration::
-You can apply tolerations to pods. Tolerations allow the scheduler to schedule pods with matching taints.
-
-web console::
-A user interface (UI) to manage {product-title}. 
-ifdef::openshift-rosa,openshift-dedicated[]
-The web console for {product-title} can be found at link:https://console.redhat.com/openshift[https://console.redhat.com/openshift].
-endif::[]
diff --git a/modules/logging-create-clf.adoc b/modules/logging-create-clf.adoc
new file mode 100644
index 000000000000..0af9dcc756b2
--- /dev/null
+++ b/modules/logging-create-clf.adoc
@@ -0,0 +1,68 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="logging-create-clf_{context}"]
+= Creating a log forwarder
+
+To create a log forwarder, you must create a `ClusterLogForwarder` CR that specifies the log input types that the service account can collect. You can also specify which outputs the logs can be forwarded to. If you are using the multi log forwarder feature, you must also reference the service account in the `ClusterLogForwarder` CR.
+
+If you are using the multi log forwarder feature on your cluster, you can create `ClusterLogForwarder` custom resources (CRs) in any namespace, using any name.
+If you are using a legacy implementation, the `ClusterLogForwarder` CR must be named `instance`, and must be created in the `openshift-logging` namespace.
+
+[IMPORTANT]
+====
+You need administrator permissions for the namespace where you create the `ClusterLogForwarder` CR.
+====
+
+.ClusterLogForwarder resource example
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
+spec:
+  serviceAccountName: <service_account_name> <3>
+  pipelines:
+   - inputRefs:
+     - <log_type> <4>
+     outputRefs:
+     - <output_name> <5>
+  outputs:
+  - name: <output_name> <6>
+    type: <output_type> <5>
+    url: <log_output_url> <7>
+# ...
+----
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> The log types that are collected. The value for this field can be `audit` for audit logs, `application` for application logs, `infrastructure` for infrastructure logs, or a named input that has been defined for your application.
+<5> The type of output that you want to forward logs to. The value of this field can be `default`, `loki`, `kafka`, `elasticsearch`, `fluentdForward`, `syslog`, or `cloudwatch`.
++
+[NOTE]
+====
+The `default` output type is not supported in mutli log forwarder implementations.
+====
+<6> A name for the output that you want to forward logs to.
+<7> The URL of the output that you want to forward logs to.
+
+// To be followed up on by adding input examples / docs:
+////
+spec:
+  inputs:
+  - name: chatty-app
+    type: application
+    selector:
+        matchLabels:
+          load: heavy
+  pipelines:
+  - inputRefs:
+    - chatty-app
+    - infrastructure
+  - outputRefs:
+    - default
+////
diff --git a/modules/logging-creating-new-group-cluster-admin-user-role.adoc b/modules/logging-creating-new-group-cluster-admin-user-role.adoc
new file mode 100644
index 000000000000..9abbbfe29dd9
--- /dev/null
+++ b/modules/logging-creating-new-group-cluster-admin-user-role.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+
+//  cluster-logging-loki.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-creating-new-group-cluster-admin-user-role_{context}"]
+= Creating a new group for the cluster-admin user role
+
+include::snippets/logging-clusteradmin-access-logs-snip.adoc[]
+
+Use the following procedure to create a new group for users with `cluster-admin` permissions.
+
+.Procedure
+
+. Enter the following command to create a new group:
++
+[source,terminal]
+----
+$ oc adm groups new cluster-admin
+----
+. Enter the following command to add the desired user to the `cluster-admin` group:
++
+[source,terminal]
+----
+$ oc adm groups add-users cluster-admin <username>
+----
+. Enter the following command to add `cluster-admin` user role to the group:
++
+[source,terminal]
+----
+$ oc adm policy add-cluster-role-to-group cluster-admin cluster-admin
+----
diff --git a/modules/logging-deploy-RHOL-console.adoc b/modules/logging-deploy-RHOL-console.adoc
deleted file mode 100644
index f48b24b12bb3..000000000000
--- a/modules/logging-deploy-RHOL-console.adoc
+++ /dev/null
@@ -1,71 +0,0 @@
-// Module included in the following assemblies:
-//
-// *
-
-
-:_content-type: PROCEDURE
-[id="logging-deploy-RHOL-console_{context}"]
-= Deploying Red Hat OpenShift Logging Operator using the web console
-
-You can use the {product-title} web console to deploy the Red Hat OpenShift Logging Operator.
-
-.Prerequisites
-
-include::snippets/logging-compatibility-snip.adoc[]
-
-.Procedure
-
-To deploy the Red Hat OpenShift Logging Operator using the {product-title} web console:
-
-. Install the Red Hat OpenShift Logging Operator:
-
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-
-.. Type *Logging* in the *Filter by keyword* field.
-
-.. Choose  *Red Hat OpenShift Logging* from the list of available Operators, and click *Install*.
-
-.. Select *stable* or *stable-5.y* as the *Update Channel*.
-+
---
-include::snippets/logging-stable-updates-snip.adoc[]
---
-.. Ensure that *A specific namespace on the cluster* is selected under *Installation Mode*.
-
-.. Ensure that *Operator recommended namespace* is *openshift-logging* under *Installed Namespace*.
-
-.. Select *Enable Operator recommended cluster monitoring on this Namespace*.
-
-.. Select an option for *Update approval*.
-+
-* The *Automatic* option allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
-+
-* The *Manual* option requires a user with appropriate credentials to approve the Operator update.
-
-.. Select *Enable* or *Disable* for the Console plugin.
-
-.. Click *Install*.
-
-. Verify that the *Red Hat OpenShift Logging Operator* is installed by switching to the *Operators* → *Installed Operators* page.
-
-.. Ensure that *Red Hat OpenShift Logging* is listed in the *openshift-logging* project with a *Status* of *Succeeded*.
-
-. Create a *ClusterLogging* instance.
-+
-[NOTE]
-====
-The form view of the web console does not include all available options. The *YAML view* is recommended for completing your setup.
-====
-+
-.. In the *collection* section, select a Collector Implementation.
-+
---
-include::snippets/logging-fluentd-dep-snip.adoc[]
---
-.. In the *logStore* section, select a type.
-+
---
-include::snippets/logging-elastic-dep-snip.adoc[]
---
-
-.. Click *Create*.
diff --git a/modules/logging-deploy-loki-console.adoc b/modules/logging-deploy-loki-console.adoc
deleted file mode 100644
index 81173c425c9c..000000000000
--- a/modules/logging-deploy-loki-console.adoc
+++ /dev/null
@@ -1,127 +0,0 @@
-// Module included in the following assemblies:
-//
-// *
-
-:_content-type: PROCEDURE
-[id="logging-deploy-loki-console_{context}"]
-= Deploying the Loki Operator using the web console
-
-You can use the {product-title} web console to install the Loki Operator.
-
-.Prerequisites
-
-* Supported Log Store (AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation)
-
-.Procedure
-
-To install the Loki Operator using the {product-title} web console:
-
-. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-
-. Type *Loki* in the *Filter by keyword* field.
-
-.. Choose *Loki Operator* from the list of available Operators, and click *Install*.
-
-. Select *stable* or *stable-5.y* as the *Update Channel*.
-+
---
-include::snippets/logging-stable-updates-snip.adoc[]
---
-. Ensure that *All namespaces on the cluster* is selected under *Installation Mode*.
-
-. Ensure that *openshift-operators-redhat* is selected under *Installed Namespace*.
-
-. Select *Enable Operator recommended cluster monitoring on this Namespace*.
-+
-This option sets the `openshift.io/cluster-monitoring: "true"` label in the Namespace object. You must select this option to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
-
-. Select an option for *Update approval*.
-+
-* The *Automatic* option allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
-+
-* The *Manual* option requires a user with appropriate credentials to approve the Operator update.
-
-. Click *Install*.
-
-. Verify that the *LokiOperator* installed by switching to the *Operators* → *Installed Operators* page.
-
-.. Ensure that *LokiOperator* is listed with *Status* as *Succeeded* in all the projects.
-
-+
-. Create a `Secret` YAML file that uses the `access_key_id` and `access_key_secret` fields to specify your credentials and `bucketnames`, `endpoint`, and `region` to define the object storage location. AWS is used in the following example:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: logging-loki-s3
-  namespace: openshift-logging
-stringData:
-  access_key_id: AKIAIOSFODNN7EXAMPLE
-  access_key_secret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-  bucketnames: s3-bucket-name
-  endpoint: https://s3.eu-central-1.amazonaws.com
-  region: eu-central-1
-----
-+
-. Select *Create instance* under LokiStack on the *Details* tab. Then select *YAML view*. Paste in the following template, subsituting values where appropriate.
-+
-[source,yaml]
-----
-  apiVersion: loki.grafana.com/v1
-  kind: LokiStack
-  metadata:
-    name: logging-loki <1>
-    namespace: openshift-logging
-  spec:
-    size: 1x.small <2>
-    storage:
-      schemas:
-      - version: v12
-        effectiveDate: '2022-06-01'
-      secret:
-        name: logging-loki-s3 <3>
-        type: s3 <4>
-    storageClassName: <storage_class_name> <5>
-    tenants:
-      mode: openshift-logging
-----
-<1> Name should be `logging-loki`.
-<2> Select your Loki deployment size.
-<3> Define the secret used for your log storage.
-<4> Define corresponding storage type.
-<5> Enter the name of an existing storage class for temporary storage. For best performance, specify a storage class that allocates block storage. Available storage classes for your cluster can be listed using `oc get storageclasses`.
-+
-.. Apply the configuration:
-+
-[source,terminal]
-----
-oc apply -f logging-loki.yaml
-----
-+
-. Create or edit a `ClusterLogging` CR:
-+
-[source,yaml]
-----
-  apiVersion: logging.openshift.io/v1
-  kind: ClusterLogging
-  metadata:
-    name: instance
-    namespace: openshift-logging
-  spec:
-    managementState: Managed
-    logStore:
-      type: lokistack
-      lokistack:
-        name: logging-loki
-      collection:
-        type: vector
-----
-+
-.. Apply the configuration:
-+
-[source,terminal]
-----
-oc apply -f cr-lokistack.yaml
-----
diff --git a/modules/logging-enabling-loki-alerts.adoc b/modules/logging-enabling-loki-alerts.adoc
new file mode 100644
index 000000000000..b36eaf8688dc
--- /dev/null
+++ b/modules/logging-enabling-loki-alerts.adoc
@@ -0,0 +1,107 @@
+// Module included in the following assemblies:
+//
+// logging/logging_alerts/custom-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-enabling-loki-alerts_{context}"]
+= Creating a log-based alerting rule with Loki
+
+The `AlertingRule` CR contains a set of specifications and webhook validation definitions to declare groups of alerting rules for a single `LokiStack` instance. In addition, the webhook validation definition provides support for rule validation conditions:
+
+* If an `AlertingRule` CR includes an invalid `interval` period, it is an invalid alerting rule
+* If an `AlertingRule` CR includes an invalid `for` period, it is an invalid alerting rule.
+* If an `AlertingRule` CR includes an invalid LogQL `expr`, it is an invalid alerting rule.
+* If an `AlertingRule` CR includes two groups with the same name, it is an invalid alerting rule.
+* If none of above applies, an alerting rule is considered valid.
+
+[options="header"]
+|================================================
+| Tenant type    | Valid namespaces for `AlertingRule` CRs
+| application    |
+| audit          | `openshift-logging`
+| infrastructure | `openshift-/\*`, `kube-/\*`, `default`
+|================================================
+
+.Prerequisites
+
+* {clo} 5.7 and later
+* {product-title} 4.13 and later
+
+.Procedure
+
+. Create an `AlertingRule` custom resource (CR):
++
+.Example infrastructure AlertingRule CR
+[source,yaml]
+----
+  apiVersion: loki.grafana.com/v1
+  kind: AlertingRule
+  metadata:
+    name: loki-operator-alerts
+    namespace: openshift-operators-redhat <1>
+    labels: <2>
+      openshift.io/<label_name>: "true"
+  spec:
+    tenantID: "infrastructure" <3>
+    groups:
+      - name: LokiOperatorHighReconciliationError
+        rules:
+          - alert: HighPercentageError
+            expr: | <4>
+              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"} |= "error" [1m])) by (job)
+                /
+              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"}[1m])) by (job)
+                > 0.01
+            for: 10s
+            labels:
+              severity: critical <5>
+            annotations:
+              summary: High Loki Operator Reconciliation Errors <6>
+              description: High Loki Operator Reconciliation Errors <7>
+----
+<1> The namespace where this `AlertingRule` CR is created must have a label matching the LokiStack `spec.rules.namespaceSelector` definition.
+<2> The `labels` block must match the LokiStack `spec.rules.selector` definition.
+<3> `AlertingRule` CRs for `infrastructure` tenants are only supported in the `openshift-\*`, `kube-\*`, or `default` namespaces.
+<4> The value for `kubernetes_namespace_name:` must match the value for `metadata.namespace`.
+<5> The value of this mandatory field must be `critical`, `warning`, or `info`.
+<6> This field is mandatory.
+<7> This field is mandatory.
++
+.Example application AlertingRule CR
+[source,yaml]
+----
+  apiVersion: loki.grafana.com/v1
+  kind: AlertingRule
+  metadata:
+    name: app-user-workload
+    namespace: app-ns <1>
+    labels: <2>
+      openshift.io/<label_name>: "true"
+  spec:
+    tenantID: "application"
+    groups:
+      - name: AppUserWorkloadHighError
+        rules:
+          - alert:
+            expr: | <3>
+            sum(rate({kubernetes_namespace_name="app-ns", kubernetes_pod_name=~"podName.*"} |= "error" [1m])) by (job)
+            for: 10s
+            labels:
+              severity: critical <4>
+            annotations:
+              summary:  <5>
+              description:  <6>
+----
+<1> The namespace where this `AlertingRule` CR is created must have a label matching the LokiStack `spec.rules.namespaceSelector` definition.
+<2> The `labels` block must match the LokiStack `spec.rules.selector` definition.
+<3> Value for `kubernetes_namespace_name:` must match the value for `metadata.namespace`.
+<4> The value of this mandatory field must be `critical`, `warning`, or `info`.
+<5> The value of this mandatory field is a summary of the rule.
+<6> The value of this mandatory field is a detailed description of the rule.
+
+. Apply the `AlertingRule` CR:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/logging-es-storage-considerations.adoc b/modules/logging-es-storage-considerations.adoc
new file mode 100644
index 000000000000..cf1d095bcad8
--- /dev/null
+++ b/modules/logging-es-storage-considerations.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-deploying.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="logging-es-storage-considerations_{context}"]
+= Storage considerations for Elasticsearch
+
+A persistent volume is required for each Elasticsearch deployment configuration. On {product-title} this is achieved using persistent volume claims (PVCs).
+
+[NOTE]
+====
+If you use a local volume for persistent storage, do not use a raw block volume, which is described with `volumeMode: block` in the `LocalVolume` object. Elasticsearch cannot use raw block volumes.
+====
+
+The OpenShift Elasticsearch Operator names the PVCs using the Elasticsearch resource name.
+
+Fluentd ships any logs from *systemd journal* and **/var/log/containers/*.log** to Elasticsearch.
+
+Elasticsearch requires sufficient memory to perform large merge operations. If it does not have enough memory, it becomes unresponsive. To avoid this problem, evaluate how much application log data you need, and allocate approximately double that amount of free storage capacity.
+
+By default, when storage capacity is 85% full, Elasticsearch stops allocating new data to the node. At 90%, Elasticsearch attempts to relocate existing shards from that node to other nodes if possible. But if no nodes have a free capacity below 85%, Elasticsearch effectively rejects creating new indices and becomes RED.
+
+[NOTE]
+====
+These low and high watermark values are Elasticsearch defaults in the current release. You can modify these default values. Although the alerts use the same default values, you cannot change these values in the alerts.
+====
diff --git a/modules/logging-feature-reference-5.6.adoc b/modules/logging-feature-reference-5.6.adoc
deleted file mode 100644
index 2e3d3411dbf2..000000000000
--- a/modules/logging-feature-reference-5.6.adoc
+++ /dev/null
@@ -1,102 +0,0 @@
-// Module is included in the following assemblies:
-//
-:_content-type: REFERENCE
-[id="logging-5-6-collector-ref_{context}"]
-
-= Collector features
-
-include::snippets/logging-outputs-5.6-snip.adoc[]
-
-.Log Sources
-[options="header"]
-|===============================================================
-| Feature                   | Fluentd  | Vector
-| App container logs        | &#10003; | &#10003;
-| App-specific routing      | &#10003; | &#10003;
-| App-specific routing by namespace | &#10003; | &#10003;
-| Infra container logs      | &#10003; | &#10003;
-| Infra journal logs        | &#10003; | &#10003;
-| Kube API audit logs       | &#10003; | &#10003;
-| OpenShift API audit logs  | &#10003; | &#10003;
-| Open Virtual Network (OVN) audit logs| &#10003; | &#10003;
-|===============================================================
-
-.Authorization and Authentication
-[options="header"]
-|=================================================================
-| Feature                     | Fluentd  | Vector
-| Elasticsearch certificates  | &#10003; | &#10003;
-| Elasticsearch username / password | &#10003; | &#10003;
-| Cloudwatch keys             | &#10003; | &#10003;
-| Cloudwatch STS              | &#10003; | &#10003;
-| Kafka certificates          | &#10003; | &#10003;
-| Kafka username / password   | &#10003; | &#10003;
-| Kafka SASL                  | &#10003; | &#10003;
-| Loki bearer token           | &#10003; | &#10003;
-|=================================================================
-
-.Normalizations and Transformations
-[options="header"]
-|============================================================================
-| Feature                                | Fluentd  | Vector
-| Viaq data model - app                  | &#10003; | &#10003;
-| Viaq data model - infra                | &#10003; | &#10003;
-| Viaq data model - infra(journal)       | &#10003; | &#10003;
-| Viaq data model - Linux audit          | &#10003; | &#10003;
-| Viaq data model - kube-apiserver audit | &#10003; | &#10003;
-| Viaq data model - OpenShift API audit  | &#10003; | &#10003;
-| Viaq data model - OVN                  | &#10003; | &#10003;
-| Loglevel Normalization                 | &#10003; | &#10003;
-| JSON parsing                           | &#10003; | &#10003;
-| Structured Index                       | &#10003; | &#10003;
-| Multiline error detection              | &#10003; |
-| Multicontainer / split indices         | &#10003; | &#10003;
-| Flatten labels                         | &#10003; | &#10003;
-| CLF static labels                      | &#10003; | &#10003;
-|============================================================================
-
-.Tuning
-[options="header"]
-|==========================================================
-| Feature                | Fluentd  | Vector
-| Fluentd readlinelimit  | &#10003; |
-| Fluentd buffer         | &#10003; |
-| - chunklimitsize       | &#10003; |
-| - totallimitsize       | &#10003; |
-| - overflowaction       | &#10003; |
-| - flushthreadcount     | &#10003; |
-| - flushmode            | &#10003; |
-| - flushinterval        | &#10003; |
-| - retrywait            | &#10003; |
-| - retrytype            | &#10003; |
-| - retrymaxinterval     | &#10003; |
-| - retrytimeout         | &#10003; |
-|==========================================================
-
-.Visibility
-[options="header"]
-|=====================================================
-| Feature         | Fluentd  | Vector
-| Metrics         | &#10003; | &#10003;
-| Dashboard       | &#10003; | &#10003;
-| Alerts          | &#10003; |
-|=====================================================
-
-.Miscellaneous
-[options="header"]
-|===========================================================
-| Feature               | Fluentd  | Vector
-| Global proxy support  | &#10003; | &#10003;
-| x86 support           | &#10003; | &#10003;
-| ARM support           | &#10003; | &#10003;
-| {ibmpowerProductName} support       | &#10003; | &#10003;
-| {ibmzProductName} support         | &#10003; | &#10003;
-| IPv6 support          | &#10003; | &#10003;
-| Log event buffering   | &#10003; |
-| Disconnected Cluster  | &#10003; | &#10003;
-|===========================================================
-
-
-[role="_additional-resources"]
-.Additional resources
-* link:https://vector.dev/docs/about/what-is-vector/[Vector Documentation]
diff --git a/modules/logging-fluentd-collector-alerts.adoc b/modules/logging-fluentd-collector-alerts.adoc
new file mode 100644
index 000000000000..5953f504886e
--- /dev/null
+++ b/modules/logging-fluentd-collector-alerts.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * logging/logging_alerts/default-logging-alerts.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="logging-fluentd-collector-alerts_{context}"]
+= Fluentd collector alerts
+
+The following alerts are generated by the legacy Fluentd log collector. You can view these alerts in the {product-title} web console.
+
+.Fluentd collector alerts
+[cols="2,2,2,1",options="header"]
+|===
+|Alert |Message |Description |Severity
+
+|`FluentDHighErrorRate`
+|`<value> of records have resulted in an error by fluentd <instance>.`
+|The number of FluentD output errors is high, by default more than 10 in the previous 15 minutes.
+|Warning
+
+|`FluentdNodeDown`
+|`Prometheus could not scrape fluentd <instance> for more than 10m.`
+|Fluentd is reporting that Prometheus could not scrape a specific Fluentd instance.
+|Critical
+
+|`FluentdQueueLengthIncreasing`
+|`In the last 1h, fluentd <instance> buffer queue length constantly increased more than 1. Current value is <value>.`
+|Fluentd is reporting that the queue size is increasing.
+|Warning
+
+|`FluentDVeryHighErrorRate`
+|`<value> of records have resulted in an error by fluentd <instance>.`
+|The number of FluentD output errors is very high, by default more than 25 in the previous 15 minutes.
+|Critical
+
+|===
diff --git a/modules/logging-forward-splunk.adoc b/modules/logging-forward-splunk.adoc
index 583fd4760bde..0d304595c5c6 100644
--- a/modules/logging-forward-splunk.adoc
+++ b/modules/logging-forward-splunk.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
-// cluster-logging-external.adoc
 //
+// * logging/log_collection_forwarding/configuring-log-forwarding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="logging-forward-splunk_{context}"]
 = Forwarding logs to Splunk
 
@@ -14,8 +14,8 @@ Using this feature with Fluentd is not supported.
 ====
 
 .Prerequisites
-* Red Hat OpenShift Logging Operator 5.6 and higher
-* ClusterLogging instance with vector specified as collector
+* {clo} 5.6 or later
+* A `ClusterLogging` instance with `vector` specified as the collector
 * Base64 encoded Splunk HEC token
 
 .Procedure
@@ -31,32 +31,34 @@ $ oc -n openshift-logging create secret generic vector-splunk-secret --from-lite
 +
 [source,yaml]
 ----
-  apiVersion: "logging.openshift.io/v1"
-  kind: "ClusterLogForwarder"
-  metadata:
-    name: "instance" <1>
-    namespace: "openshift-logging" <2>
-  spec:
-    outputs:
-      - name: splunk-receiver <3>
-        secret:
-          name: vector-splunk-secret <4>
-        type: splunk <5>
-        url: <http://your.splunk.hec.url:8088> <6>
-    pipelines: <7>
-      - inputRefs:
-          - application
-          - infrastructure
-        name: <8>
-        outputRefs:
-          - splunk-receiver <9>
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
+spec:
+  serviceAccountName: <service_account_name> <3>
+  outputs:
+    - name: splunk-receiver <4>
+      secret:
+        name: vector-splunk-secret <5>
+      type: splunk <6>
+      url: <http://your.splunk.hec.url:8088> <7>
+  pipelines: <8>
+    - inputRefs:
+        - application
+        - infrastructure
+      name: <9>
+      outputRefs:
+        - splunk-receiver <10>
 ----
-<1> The name of the ClusterLogForwarder CR must be `instance`.
-<2> The namespace for the ClusterLogForwarder CR must be `openshift-logging`.
-<3> Specify a name for the output.
-<4> Specify the name of the secret that contains your HEC token.
-<5> Specify the output type as `splunk`.
-<6> Specify the URL (including port) of your Splunk HEC.
-<7> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
-<8> Optional: Specify a name for the pipeline.
-<9> Specify the name of the output to use when forwarding logs with this pipeline.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the name of the secret that contains your HEC token.
+<6> Specify the output type as `splunk`.
+<7> Specify the URL (including port) of your Splunk HEC.
+<8> Specify which log types to forward by using the pipeline: `application`, `infrastructure`, or `audit`.
+<9> Optional: Specify a name for the pipeline.
+<10> Specify the name of the output to use when forwarding logs with this pipeline.
diff --git a/modules/logging-getting-started.adoc b/modules/logging-getting-started.adoc
deleted file mode 100644
index 305ad915a1c8..000000000000
--- a/modules/logging-getting-started.adoc
+++ /dev/null
@@ -1,45 +0,0 @@
-:_content-type: PROCEDURE
-[id="logging-getting-started_{context}"]
-= Getting started with logging
-
-This overview of the logging deployment process is provided for ease of reference. It is not a substitute for full documentation. For new installations, Vector and LokiStack are recommended.
-
---
-include::snippets/logging-under-construction-snip.adoc[]
---
-
---
-include::snippets/logging-compatibility-snip.adoc[]
---
-
-.Prerequisites
-* Log store preference: Elasticsearch or LokiStack
-* Collector implementation preference: Fluentd or Vector
-* Credentials for your log forwarding outputs
-
-.Procedure
-
---
-include::snippets/logging-elastic-dep-snip.adoc[]
---
-
-. Install the Operator for the log store you'd like to use.
-** For Elasticsearch, install the *OpenShift Elasticsearch Operator*.
-** For LokiStack, install the *Loki Operator*.
-+
-[NOTE]
-====
-If you have installed the Loki Operator, create a `LokiStack` custom resource (CR) instance as well.
-====
-
-. Install the *Red Hat OpenShift Logging* Operator.
-
-. Create a `ClusterLogging` CR instance.
-** Select your collector implementation.
-+
---
-include::snippets/logging-fluentd-dep-snip.adoc[]
---
-. Create a `ClusterLogForwarder` CR instance.
-
-. Create a secret for the selected output pipeline.
diff --git a/modules/logging-http-forward.adoc b/modules/logging-http-forward.adoc
index b0ddb49eef5a..86a9e98c1ae3 100644
--- a/modules/logging-http-forward.adoc
+++ b/modules/logging-http-forward.adoc
@@ -1,48 +1,52 @@
 // Module included in the following assemblies:
-// logging/cluster-logging-external
-// *
+//
+// * logging/log_collection_forwarding/configuring-log-forwarding.adoc
 
-:_content-type: PROCEDURE
-[id="logging-deploy-loki-console_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="logging-http-forward_{context}"]
 = Forwarding logs over HTTP
 
-Forwarding logs over HTTP is supported for both fluentd and vector collectors. To enable, specify `http` as the output type in the `ClusterLogForwarder` custom resource (CR).
+Forwarding logs over HTTP is supported for both the Fluentd and Vector log collectors. To enable, specify `http` as the output type in the `ClusterLogForwarder` custom resource (CR).
 
 .Procedure
 
-* Create or edit the ClusterLogForwarder Custom Resource (CR) using the template below:
-
+* Create or edit the `ClusterLogForwarder` CR using the template below:
++
 .Example ClusterLogForwarder CR
 [source,yaml]
 ----
-apiVersion: "logging.openshift.io/v1"
-kind: "ClusterLogForwarder"
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
 metadata:
-  name: "instance"
-  namespace: "openshift-logging"
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
 spec:
+  serviceAccountName: <service_account_name> <3>
   outputs:
     - name: httpout-app
       type: http
-      url: <1>
+      url: <4>
       http:
-        headers: <2>
+        headers: <5>
           h1: v1
           h2: v2
         method: POST
       secret:
-        name: <3>
+        name: <6>
       tls:
-        insecureSkipVerify: <4>
+        insecureSkipVerify: <7>
   pipelines:
     - name:
       inputRefs:
         - application
       outputRefs:
-        - <5>
+        - <8>
 ----
-<1> Destination address for logs.
-<2> Additional headers to send with the log record.
-<3> Secret name for destination credentials.
-<4> Values are either `true` or `false`.
-<5> This value should be the same as the output name.
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Destination address for logs.
+<5> Additional headers to send with the log record.
+<6> Secret name for destination credentials.
+<7> Values are either `true` or `false`.
+<8> This value should be the same as the output name.
diff --git a/modules/logging-in-by-using-the-web-console.adoc b/modules/logging-in-by-using-the-web-console.adoc
index 9a3766a16b03..9d56e25155e8 100644
--- a/modules/logging-in-by-using-the-web-console.adoc
+++ b/modules/logging-in-by-using-the-web-console.adoc
@@ -10,7 +10,7 @@
 // *installing/installing_aws/installing-restricted-networks-aws.adoc
 // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="logging-in-by-using-the-web-console_{context}"]
 = Logging in to the cluster by using the web console
 
diff --git a/modules/logging-in-to-the-argo-cd-instance-by-using-the-argo-cd-admin-account.adoc b/modules/logging-in-to-the-argo-cd-instance-by-using-the-argo-cd-admin-account.adoc
index 7bb09636703c..0371238031db 100644
--- a/modules/logging-in-to-the-argo-cd-instance-by-using-the-argo-cd-admin-account.adoc
+++ b/modules/logging-in-to-the-argo-cd-instance-by-using-the-argo-cd-admin-account.adoc
@@ -2,7 +2,7 @@
 //
 // * /cicd/gitops/installing-openshift-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="logging-in-to-the-argo-cd-instance-by-using-the-argo-cd-admin-account_{context}"]
 = Logging in to the Argo CD instance by using the Argo CD admin account
 
@@ -17,18 +17,18 @@
 
 . In the *Administrator* perspective of the web console, navigate to *Operators* -> *Installed Operators* to verify that the {gitops-title} Operator is installed.
 . Navigate to the {rh-app-icon} menu -> *OpenShift GitOps* -> *Cluster Argo CD*. The login page of the Argo CD UI is displayed in a new window.
-. Obtain the password for the Argo CD instance:
+. Optional: To log in with your {product-title} credentials, ensure you are a user of the `cluster-admins` group and then select the `LOG IN VIA OPENSHIFT` option in the Argo CD user interface.
++
+[NOTE]
+====
+To be a user of the `cluster-admins` group, use the `oc adm groups new cluster-admins <user>` command, where `<user>` is the default cluster role that you can bind to users and groups cluster-wide or locally.
+====
+. To log in with your username and password, obtain the password for the Argo CD instance:
 .. In the left panel of the console, use the perspective switcher to switch to the *Developer* perspective.
 .. Use the *Project* drop-down list and select the `openshift-gitops` project.
 .. Use the left navigation panel to navigate to the *Secrets* page.
 .. Select the *openshift-gitops-cluster* instance to display the password.
 .. Copy the password.
-+
-[NOTE]
-====
-To login with your {product-title} credentials, select the `LOG IN VIA OPENSHIFT` option in the Argo CD user interface.
-====
-
 . Use this password and `admin` as the username to log in to the Argo CD UI in the new window.
 
 [NOTE]
diff --git a/modules/logging-install-es-operator.adoc b/modules/logging-install-es-operator.adoc
new file mode 100644
index 000000000000..6aeb872b6c35
--- /dev/null
+++ b/modules/logging-install-es-operator.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-deploying.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-install-es-operator_{context}"]
+= Installing the OpenShift Elasticsearch Operator by using the web console
+
+The OpenShift Elasticsearch Operator creates and manages the Elasticsearch cluster used by OpenShift Logging.
+
+.Prerequisites
+
+* Elasticsearch is a memory-intensive application. Each Elasticsearch node needs at least 16GB of memory for both memory requests and limits, unless you specify otherwise in the `ClusterLogging` custom resource.
++
+The initial set of {product-title} nodes might not be large enough to support the Elasticsearch cluster. You must add additional nodes to the {product-title} cluster to run with the recommended or higher memory, up to a maximum of 64GB for each Elasticsearch node.
++
+Elasticsearch nodes can operate with a lower memory setting, though this is not recommended for production environments.
+
+* Ensure that you have the necessary persistent storage for Elasticsearch. Note that each Elasticsearch node
+requires its own storage volume.
++
+[NOTE]
+====
+If you use a local volume for persistent storage, do not use a raw block volume, which is described with `volumeMode: block` in the `LocalVolume` object. Elasticsearch cannot use raw block volumes.
+====
+
+.Procedure
+
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+. Click *OpenShift Elasticsearch Operator* from the list of available Operators, and click *Install*.
+. Ensure that the *All namespaces on the cluster* is selected under *Installation mode*.
+. Ensure that *openshift-operators-redhat* is selected under *Installed Namespace*.
++
+You must specify the `openshift-operators-redhat` namespace. The `openshift-operators` namespace might contain Community Operators, which are untrusted and could publish a metric with the same name as {product-title} metric, which would cause conflicts.
+
+. Select *Enable operator recommended cluster monitoring on this namespace*.
++
+This option sets the `openshift.io/cluster-monitoring: "true"` label in the `Namespace` object. You must select this option to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
+
+. Select *stable-5.x* as the *Update channel*.
+. Select an *Update approval* strategy:
++
+* The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
++
+* The *Manual* strategy requires a user with appropriate credentials to approve the Operator update.
+
+. Click *Install*.
+
+.Verification
+
+. Verify that the OpenShift Elasticsearch Operator installed by switching to the *Operators* → *Installed Operators* page.
+. Ensure that *OpenShift Elasticsearch Operator* is listed in all projects with a *Status* of *Succeeded*.
diff --git a/modules/logging-loki-alerts.adoc b/modules/logging-loki-alerts.adoc
deleted file mode 100644
index 770a603cbfce..000000000000
--- a/modules/logging-loki-alerts.adoc
+++ /dev/null
@@ -1,56 +0,0 @@
-// Module included in the following assemblies:
-// logging-5-7-configuration
-
-:_content-type: PROCEDURE
-[id="logging-loki-alerts_{context}"]
-= Enabling log based alerts with Loki
-Loki alerting rules use link:https://grafana.com/docs/loki/latest/logql/[LogQL] and follow link:https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules[Prometheus formatting]. You can set log based alerts by creating an `AlertingRule` custom resource (CR). `AlertingRule` CRs may be created for `application`, `audit`, or `infrastructure` tenants.
-
-[options="header"]
-|================================================
-| Tenant type    | Valid namespaces
-| application    |
-| audit          | `openshift-logging`
-| infrastructure | `openshift-/*`, `kube-/*`, `default`
-|================================================
-
-Application, Audit, and Infrastructure alerts are sent to the Cluster Monitoring Operator (CMO) Alertmanager in the `openshift-monitoring` namespace by default unless you have disabled the local `Alertmanager` instance.
-
-Application alerts are not sent to the CMO Alertmanager in the `openshift-user-workload-monitoring` namespace by default unless you have enabled a separate `Alertmanager` instance.
-
-The `AlertingRule` CR contains a set of specifications and webhook validation definitions to declare groups of alerting rules for a single LokiStack instance. In addition, the webhook validation definition provides support for rule validation conditions:
-
-* If an `AlertingRule` CR includes an invalid `interval` period, it is an invalid alerting rule
-* If an `AlertingRule` CR includes an invalid `for` period, it is an invalid alerting rule.
-* If an `AlertingRule` CR includes an invalid LogQL `expr`, it is an invalid alerting rule.
-* If an `AlertingRule` CR includes two groups with the same name, it is an invalid alerting rule.
-* If none of above applies, an `AlertingRule` is considered a valid alerting rule.
-
-.Prerequisites
-
-* {logging-title-uc} Operator 5.7 and later
-* {product-title} 4.13 and later
-
-.Procedure
-
-1. Create an AlertingRule CR:
-
---
-include::snippets/logging-create-apply-cr-snip.adoc[lines=9..12]
---
-
-2. Populate your AlertingRule CR using the appropriate example below:
-
---
-include::snippets/logging-alertingrule-inf-callouts-snip.adoc[]
---
-
---
-include::snippets/logging-alertingrule-app-callouts-snip.adoc[]
---
-
-3. Apply the CR.
-
---
-include::snippets/logging-create-apply-cr-snip.adoc[lines=14..17]
---
diff --git a/modules/logging-loki-cli-install.adoc b/modules/logging-loki-cli-install.adoc
new file mode 100644
index 000000000000..2cc717230ef8
--- /dev/null
+++ b/modules/logging-loki-cli-install.adoc
@@ -0,0 +1,50 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-cli-install_{context}"]
+= Installing {loki-op} by using the CLI
+
+To install and configure logging on your {product-title} cluster, additional Operators must be installed. This can be done from the {product-title} CLI.
+
+{Product-title} Operators use custom resources (CR) to manage applications and their components. High-level configuration and settings are provided by the user within a CR. The Operator translates high-level directives into low-level actions, based on best practices embedded within the Operator’s logic. A custom resource definition (CRD) defines a CR and lists all the configurations available to users of the Operator. Installing an Operator creates the CRDs, which are then used to generate CRs.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You installed the {oc-first}.
+* You have access to a supported object store. For example: AWS S3, Google Cloud Storage, Azure, Swift, Minio, or {rh-storage}.
+
+.Procedure
+
+. Create a `Subscription` object:
++
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: loki-operator
+  namespace: openshift-operators-redhat <1>
+spec:
+  charsion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: loki-operator
+  namespace: openshift-operators-redhat <1>
+spec:
+  channel: stable <2>
+  name: loki-operator
+  source: redhat-operators <3>
+  sourceNamespace: openshift-marketplace
+----
+<1> You must specify the `openshift-operators-redhat` namespace.
+<2> Specify `stable`, or `stable-5.<y>` as the channel.
+<3> Specify `redhat-operators`. If your {product-title} cluster is installed on a restricted network, also known as a disconnected cluster, specify the name of the `CatalogSource` object you created when you configured the Operator Lifecycle Manager (OLM).
+
+. Apply the `Subscription` object:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/logging-loki-gui-install.adoc b/modules/logging-loki-gui-install.adoc
new file mode 100644
index 000000000000..5060a2c9dbee
--- /dev/null
+++ b/modules/logging-loki-gui-install.adoc
@@ -0,0 +1,55 @@
+// Module is included in the following assemblies:
+//
+// logging/log_storage/installing-log-storage.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-gui-install_{context}"]
+= Installing the {loki-op} by using the {product-title} web console
+
+To install and configure logging on your {product-title} cluster, additional Operators must be installed. This can be done from the Operator Hub within the web console.
+
+{Product-title} Operators use custom resources (CR) to manage applications and their components. High-level configuration and settings are provided by the user within a CR. The Operator translates high-level directives into low-level actions, based on best practices embedded within the Operator’s logic. A custom resource definition (CRD) defines a CR and lists all the configurations available to users of the Operator. Installing an Operator creates the CRDs, which are then used to generate CRs.
+
+.Prerequisites
+
+* You have access to a supported object store (AWS S3, Google Cloud Storage, Azure, Swift, Minio, {rh-storage}).
+* You have administrator permissions.
+* You have access to the {product-title} web console.
+
+.Procedure
+
+. In the {product-title} web console *Administrator* perspective, go to *Operators* -> *OperatorHub*.
+
+. Type {loki-op} in the *Filter by keyword* field. Click *{loki-op}* in the list of available Operators, and then click *Install*.
++
+[IMPORTANT]
+====
+The Community {loki-op} is not supported by Red Hat.
+====
+
+. Select *stable* or *stable-x.y* as the *Update channel*.
++
+--
+include::snippets/logging-stable-updates-snip.adoc[]
+--
++
+The {loki-op} must be deployed to the global operator group namespace `openshift-operators-redhat`, so the *Installation mode* and *Installed Namespace* are already selected. If this namespace does not already exist, it is created for you.
+
+. Select *Enable operator-recommended cluster monitoring on this namespace.*
++
+This option sets the `openshift.io/cluster-monitoring: "true"` label in the `Namespace` object. You must select this option to ensure that cluster monitoring scrapes the `openshift-operators-redhat` namespace.
+
+. For *Update approval* select *Automatic*, then click *Install*.
++
+If the approval strategy in the subscription is set to *Automatic*, the update process initiates as soon as a new Operator version is available in the selected channel. If the approval strategy is set to *Manual*, you must manually approve pending updates.
+
+.Verification
+
+. Go to *Operators* -> *Installed Operators*.
+. Make sure the *openshift-logging* project is selected.
+. In the *Status* column, verify that you see green checkmarks with *InstallSucceeded* and the text *Up to date*.
+
+[NOTE]
+====
+An Operator might display a `Failed` status before the installation finishes. If the Operator install completes with an `InstallSucceeded` message, refresh the page.
+====
diff --git a/modules/logging-loki-log-access.adoc b/modules/logging-loki-log-access.adoc
new file mode 100644
index 000000000000..0f4218acd811
--- /dev/null
+++ b/modules/logging-loki-log-access.adoc
@@ -0,0 +1,95 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-log-access_{context}"]
+= Fine grained access for Loki logs
+
+In {logging} 5.8 and later, the {clo} does not grant all users access to logs by default. As an administrator, you must configure your users' access unless the Operator was upgraded and prior configurations are in place. Depending on your configuration and need, you can configure fine grain access to logs using the following:
+
+* Cluster wide policies
+* Namespace scoped policies
+* Creation of custom admin groups
+
+As an administrator, you need to create the role bindings and cluster role bindings appropriate for your deployment. The {clo} provides the following cluster roles:
+
+* `cluster-logging-application-view` grants permission to read application logs.
+* `cluster-logging-infrastructure-view` grants permission to read infrastructure logs.
+* `cluster-logging-audit-view` grants permission to read audit logs.
+
+If you have upgraded from a prior version, an additional cluster role `logging-application-logs-reader` and associated cluster role binding `logging-all-authenticated-application-logs-reader` provide backward compatibility, allowing any authenticated user read access in their namespaces.
+
+[NOTE]
+====
+Users with access by namespace must provide a namespace when querying application logs.
+====
+
+== Cluster wide access
+Cluster role binding resources reference cluster roles, and set permissions cluster wide.
+
+.Example ClusterRoleBinding
+[source,yaml]
+----
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: logging-all-application-logs-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-logging-application-view # <1>
+subjects: # <2>
+- kind: Group
+  name: system:authenticated
+  apiGroup: rbac.authorization.k8s.io
+----
+<1> Additional `ClusterRoles` are `cluster-logging-infrastructure-view`, and `cluster-logging-audit-view`.
+<2> Specifies the users or groups this object applies to.
+
+== Namespaced access
+
+`RoleBinding` resources can be used with `ClusterRole` objects to define the namespace a user or group has access to logs for.
+
+.Example RoleBinding
+[source,yaml]
+----
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: allow-read-logs
+  namespace: log-test-0 # <1>
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-logging-application-view
+subjects:
+- kind: User
+  apiGroup: rbac.authorization.k8s.io
+  name: testuser-0
+----
+<1> Specifies the namespace this `RoleBinding` applies to.
+
+== Custom admin group access
+
+If you have a large deployment with a number of users who require broader permissions, you can create a custom group using the `adminGroup` field. Users who are members of any group specified in the `adminGroups` field of the `LokiStack` CR are considered admins. Admin users have access to all application logs in all namespaces, if they also get assigned the `cluster-logging-application-view` role.
+
+.Example LokiStack CR
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki
+  namespace: openshift-logging
+spec:
+  tenants:
+    mode: openshift-logging # <1>
+    openshift:
+      adminGroups: # <2>
+      - cluster-admin
+      - custom-admin-group # <3>
+----
+<1> Custom admin groups are only available in this mode.
+<2> Entering an empty list `[]` value for this field disables admin groups.
+<3> Overrides the default groups (`system:cluster-admins`, `cluster-admin`, `dedicated-admin`)
diff --git a/modules/logging-loki-pod-placement.adoc b/modules/logging-loki-pod-placement.adoc
new file mode 100644
index 000000000000..ab8f89d7a5b3
--- /dev/null
+++ b/modules/logging-loki-pod-placement.adoc
@@ -0,0 +1,209 @@
+// Module included in the following assemblies:
+// logging/log_storage/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-pod-placement_{context}"]
+= Loki pod placement
+You can control which nodes the Loki pods run on, and prevent other workloads from using those nodes, by using tolerations or node selectors on the pods.
+
+You can apply tolerations to the log store pods with the LokiStack custom resource (CR) and apply taints to a node with the node specification. A taint on a node is a `key:value` pair that instructs the node to repel all pods that do not allow the taint. Using a specific `key:value` pair that is not on other pods ensures that only the log store pods can run on that node.
+
+.Example LokiStack with node selectors
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki
+  namespace: openshift-logging
+spec:
+# ...
+  template:
+    compactor: # <1>
+      nodeSelector:
+        node-role.kubernetes.io/infra: "" # <2>
+    distributor:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    gateway:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    indexGateway:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    ingester:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    querier:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    queryFrontend:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+    ruler:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+# ...
+----
+
+<1> Specifies the component pod type that applies to the node selector.
+<2> Specifies the pods that are moved to nodes containing the defined label.
+
+In the previous example configuration, all Loki pods are moved to nodes containing the `node-role.kubernetes.io/infra: ""` label.
+
+
+.Example LokiStack CR with node selectors and tolerations
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki
+  namespace: openshift-logging
+spec:
+# ...
+  template:
+    compactor:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    distributor:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    indexGateway:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    ingester:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    querier:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    queryFrontend:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    ruler:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+    gateway:
+      nodeSelector:
+        node-role.kubernetes.io/infra: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/infra
+        value: reserved
+      - effect: NoExecute
+        key: node-role.kubernetes.io/infra
+        value: reserved
+# ...
+----
+
+To configure the `nodeSelector` and `tolerations` fields of the LokiStack (CR), you can use the [command]`oc explain` command to view the description and fields for a particular resource:
+
+[source,terminal]
+----
+$ oc explain lokistack.spec.template
+----
+
+.Example output
+[source,text]
+----
+KIND:     LokiStack
+VERSION:  loki.grafana.com/v1
+
+RESOURCE: template <Object>
+
+DESCRIPTION:
+     Template defines the resource/limits/tolerations/nodeselectors per
+     component
+
+FIELDS:
+   compactor	<Object>
+     Compactor defines the compaction component spec.
+
+   distributor	<Object>
+     Distributor defines the distributor component spec.
+...
+----
+
+For more detailed information, you can add a specific field:
+
+[source,terminal]
+----
+$ oc explain lokistack.spec.template.compactor
+----
+
+.Example output
+[source,text]
+----
+KIND:     LokiStack
+VERSION:  loki.grafana.com/v1
+
+RESOURCE: compactor <Object>
+
+DESCRIPTION:
+     Compactor defines the compaction component spec.
+
+FIELDS:
+   nodeSelector	<map[string]string>
+     NodeSelector defines the labels required by a node to schedule the
+     component onto it.
+...
+----
diff --git a/modules/logging-loki-reliability-hardening.adoc b/modules/logging-loki-reliability-hardening.adoc
new file mode 100644
index 000000000000..92c5202dd5a8
--- /dev/null
+++ b/modules/logging-loki-reliability-hardening.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-reliability-hardening_{context}"]
+= Configuring Loki to tolerate node failure
+
+In the {logging} 5.8 and later versions, the {loki-op} supports setting pod anti-affinity rules to request that pods of the same component are scheduled on different available nodes in the cluster.
+
+include::snippets/about-pod-affinity.adoc[]
+
+The Operator sets default, preferred `podAntiAffinity` rules for all Loki components, which includes the `compactor`, `distributor`, `gateway`, `indexGateway`, `ingester`, `querier`, `queryFrontend`, and `ruler` components.
+
+You can override the preferred `podAntiAffinity` settings for Loki components by configuring required settings in the `requiredDuringSchedulingIgnoredDuringExecution` field:
+
+.Example user settings for the ingester component
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki
+  namespace: openshift-logging
+spec:
+# ...
+  template:
+    ingester:
+      podAntiAffinity:
+      # ...
+        requiredDuringSchedulingIgnoredDuringExecution: <1>
+        - labelSelector:
+            matchLabels: <2>
+              app.kubernetes.io/component: ingester
+          topologyKey: kubernetes.io/hostname
+# ...
+----
+<1> The stanza to define a required rule.
+<2> The key-value pair (label) that must be matched to apply the rule.
diff --git a/modules/logging-loki-restart-hardening.adoc b/modules/logging-loki-restart-hardening.adoc
new file mode 100644
index 000000000000..37d0eca9383e
--- /dev/null
+++ b/modules/logging-loki-restart-hardening.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-restart-hardening_{context}"]
+= LokiStack behavior during cluster restarts
+
+In logging version 5.8 and newer versions, when an {product-title} cluster is restarted, LokiStack ingestion and the query path continue to operate within the available CPU and memory resources available for the node. This means that there is no downtime for the LokiStack during {product-title} cluster updates. This behavior is achieved by using `PodDisruptionBudget` resources. The {loki-op} provisions `PodDisruptionBudget` resources for Loki, which determine the minimum number of pods that must be available per component to ensure normal operations under certain conditions.
diff --git a/modules/logging-loki-retention.adoc b/modules/logging-loki-retention.adoc
index c98b48be61e5..8018594714eb 100644
--- a/modules/logging-loki-retention.adoc
+++ b/modules/logging-loki-retention.adoc
@@ -1,18 +1,15 @@
 // Module included in the following assemblies:
 //
+// logging/cluster-logging-loki.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="logging-loki-retention_{context}"]
 = Enabling stream-based retention with Loki
 
 With Logging version 5.6 and higher, you can configure retention policies based on log streams. Rules for these may be set globally, per tenant, or both. If you configure both, tenant rules apply before global rules.
 
-. To enable stream-based retention,  create or edit the `LokiStack` custom resource (CR):
-
-include::snippets/logging-create-apply-cr-snip.adoc[lines=9..12]
-
-. You can refer to the examples below to configure your LokiStack CR.
-
+. To enable stream-based retention, create a `LokiStack` custom resource (CR):
++
 .Example global stream-based retention
 [source,yaml]
 ----
@@ -50,7 +47,7 @@ spec:
 <1> Sets retention policy for all log streams. *Note: This field does not impact the retention period for stored logs in object storage.*
 <2> Retention is enabled in the cluster when this block is added to the CR.
 <3> Contains the link:https://grafana.com/docs/loki/latest/logql/query_examples/#query-examples[LogQL query] used to define the log stream.
-
++
 .Example per-tenant stream-based retention
 [source,yaml]
 ----
@@ -94,9 +91,12 @@ spec:
 <1> Sets retention policy by tenant. Valid tenant types are `application`, `audit`, and `infrastructure`.
 <2> Contains the link:https://grafana.com/docs/loki/latest/logql/query_examples/#query-examples[LogQL query] used to define the log stream.
 
-. Then apply your configuration:
-
-include::snippets/logging-create-apply-cr-snip.adoc[lines=14..17]
+. Apply the `LokiStack` CR:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
 
 [NOTE]
 ====
diff --git a/modules/logging-loki-storage-aws.adoc b/modules/logging-loki-storage-aws.adoc
new file mode 100644
index 000000000000..ac3a0af0ba0d
--- /dev/null
+++ b/modules/logging-loki-storage-aws.adoc
@@ -0,0 +1,27 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-aws_{context}"]
+= AWS storage
+
+.Prerequisites
+
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+* You created a link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html[bucket] on AWS.
+* You created an link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_resource-based[AWS IAM Policy and IAM User].
+
+.Procedure
+
+* Create an object storage secret with the name `logging-loki-aws` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-aws \
+  --from-literal=bucketnames="<bucket_name>" \
+  --from-literal=endpoint="<aws_bucket_endpoint>" \
+  --from-literal=access_key_id="<aws_access_key_id>" \
+  --from-literal=access_key_secret="<aws_access_key_secret>" \
+  --from-literal=region="<aws_region_of_your_bucket>"
+----
diff --git a/modules/logging-loki-storage-azure.adoc b/modules/logging-loki-storage-azure.adoc
new file mode 100644
index 000000000000..d90a8dbe27ff
--- /dev/null
+++ b/modules/logging-loki-storage-azure.adoc
@@ -0,0 +1,26 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-azure_{context}"]
+= Azure storage
+
+.Prerequisites
+
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+* You created a link:https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction[bucket] on Azure.
+
+.Procedure
+
+* Create an object storage secret with the name `logging-loki-azure` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-azure \
+  --from-literal=container="<azure_container_name>" \
+  --from-literal=environment="<azure_environment>" \ # <1>
+  --from-literal=account_name="<azure_account_name>" \
+  --from-literal=account_key="<azure_account_key>"
+----
+<1> Supported environment values are `AzureGlobal`, `AzureChinaCloud`, `AzureGermanCloud`, or `AzureUSGovernment`.
diff --git a/modules/logging-loki-storage-gcp.adoc b/modules/logging-loki-storage-gcp.adoc
new file mode 100644
index 000000000000..3a8a254f74f1
--- /dev/null
+++ b/modules/logging-loki-storage-gcp.adoc
@@ -0,0 +1,27 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-gcp_{context}"]
+= Google Cloud Platform storage
+
+.Prerequisites
+
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+* You created a link:https://cloud.google.com/resource-manager/docs/creating-managing-projects[project] on Google Cloud Platform (GCP).
+* You created a link:https://cloud.google.com/storage/docs/creating-buckets[bucket] in the same project.
+* You created a link:https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account[service account] in the same project for GCP authentication.
+
+.Procedure
+
+. Copy the service account credentials received from GCP into a file called `key.json`.
+
+. Create an object storage secret with the name `logging-loki-gcs` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-gcs \
+  --from-literal=bucketname="<bucket_name>" \
+  --from-file=key.json="<path/to/key.json>"
+----
diff --git a/modules/logging-loki-storage-minio.adoc b/modules/logging-loki-storage-minio.adoc
new file mode 100644
index 000000000000..8013858b8db6
--- /dev/null
+++ b/modules/logging-loki-storage-minio.adoc
@@ -0,0 +1,26 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-minio_{context}"]
+= Minio storage
+
+.Prerequisites
+
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+* You have link:https://operator.min.io/[Minio] deployed on your cluster.
+* You created a link:https://docs.min.io/docs/minio-client-complete-guide.html[bucket] on Minio.
+
+.Procedure
+
+* Create an object storage secret with the name `logging-loki-minio` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-minio \
+  --from-literal=bucketnames="<bucket_name>" \
+  --from-literal=endpoint="<minio_bucket_endpoint>" \
+  --from-literal=access_key_id="<minio_access_key_id>" \
+  --from-literal=access_key_secret="<minio_access_key_secret>"
+----
diff --git a/modules/logging-loki-storage-odf.adoc b/modules/logging-loki-storage-odf.adoc
new file mode 100644
index 000000000000..c48197909c2d
--- /dev/null
+++ b/modules/logging-loki-storage-odf.adoc
@@ -0,0 +1,57 @@
+// Module is included in the following assemblies:
+// logging/cluster-logging-loki.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-odf_{context}"]
+= {rh-storage} storage
+
+.Prerequisites
+
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+* You deployed link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/[{rh-storage}].
+* You configured your {rh-storage} cluster link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.15/html/managing_and_allocating_storage_resources/adding-file-and-object-storage-to-an-existing-external-ocs-cluster[for object storage].
+
+.Procedure
+
+. Create an `ObjectBucketClaim` custom resource in the `openshift-logging` namespace:
++
+[source,yaml]
+----
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: loki-bucket-odf
+  namespace: openshift-logging
+spec:
+  generateBucketName: loki-bucket-odf
+  storageClassName: openshift-storage.noobaa.io
+----
+
+. Get bucket properties from the associated `ConfigMap` object by running the following command:
++
+[source,terminal]
+----
+BUCKET_HOST=$(oc get -n openshift-logging configmap loki-bucket-odf -o jsonpath='{.data.BUCKET_HOST}')
+BUCKET_NAME=$(oc get -n openshift-logging configmap loki-bucket-odf -o jsonpath='{.data.BUCKET_NAME}')
+BUCKET_PORT=$(oc get -n openshift-logging configmap loki-bucket-odf -o jsonpath='{.data.BUCKET_PORT}')
+----
+
+. Get bucket access key from the associated secret by running the following command:
++
+[source,terminal]
+----
+ACCESS_KEY_ID=$(oc get -n openshift-logging secret loki-bucket-odf -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)
+SECRET_ACCESS_KEY=$(oc get -n openshift-logging secret loki-bucket-odf -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)
+----
+
+. Create an object storage secret with the name `logging-loki-odf` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create -n openshift-logging secret generic logging-loki-odf \
+--from-literal=access_key_id="<access_key_id>" \
+--from-literal=access_key_secret="<secret_access_key>" \
+--from-literal=bucketnames="<bucket_name>" \
+--from-literal=endpoint="https://<bucket_host>:<bucket_port>"
+----
diff --git a/modules/logging-loki-storage-swift.adoc b/modules/logging-loki-storage-swift.adoc
new file mode 100644
index 000000000000..6fb97197b291
--- /dev/null
+++ b/modules/logging-loki-storage-swift.adoc
@@ -0,0 +1,51 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+//
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-storage-swift_{context}"]
+= Swift storage
+
+.Prerequisites
+
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+* You created a https://docs.openstack.org/newton/user-guide/cli-swift-create-containers.html[bucket] on Swift.
+
+.Procedure
+
+* Create an object storage secret with the name `logging-loki-swift` by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-swift \
+  --from-literal=auth_url="<swift_auth_url>" \
+  --from-literal=username="<swift_usernameclaim>" \
+  --from-literal=user_domain_name="<swift_user_domain_name>" \
+  --from-literal=user_domain_id="<swift_user_domain_id>" \
+  --from-literal=user_id="<swift_user_id>" \
+  --from-literal=password="<swift_password>" \
+  --from-literal=domain_id="<swift_domain_id>" \
+  --from-literal=domain_name="<swift_domain_name>" \
+  --from-literal=container_name="<swift_container_name>"
+----
+
+* You can optionally provide project-specific data, region, or both by running the following command:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc create secret generic logging-loki-swift \
+  --from-literal=auth_url="<swift_auth_url>" \
+  --from-literal=username="<swift_usernameclaim>" \
+  --from-literal=user_domain_name="<swift_user_domain_name>" \
+  --from-literal=user_domain_id="<swift_user_domain_id>" \
+  --from-literal=user_id="<swift_user_id>" \
+  --from-literal=password="<swift_password>" \
+  --from-literal=domain_id="<swift_domain_id>" \
+  --from-literal=domain_name="<swift_domain_name>" \
+  --from-literal=container_name="<swift_container_name>" \
+  --from-literal=project_id="<swift_project_id>" \
+  --from-literal=project_name="<swift_project_name>" \
+  --from-literal=project_domain_id="<swift_project_domain_id>" \
+  --from-literal=project_domain_name="<swift_project_domain_name>" \
+  --from-literal=region="<swift_region>"
+----
diff --git a/modules/logging-loki-storage.adoc b/modules/logging-loki-storage.adoc
new file mode 100644
index 000000000000..160339622f47
--- /dev/null
+++ b/modules/logging-loki-storage.adoc
@@ -0,0 +1,24 @@
+// Module is included in the following assemblies:
+// logging/log_storage/installing-log-storage.adoc
+//
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-storage_{context}"]
+= Loki object storage
+
+The {loki-op} supports link:https://aws.amazon.com/[AWS S3], as well as other S3 compatible object stores such as link:https://min.io/[Minio] and link:https://www.redhat.com/en/technologies/cloud-computing/openshift-data-foundation[{rh-storage}]. link:https://azure.microsoft.com[Azure], link:https://cloud.google.com/[GCS], and link:https://docs.openstack.org/swift/latest/[Swift] are also supported.
+
+The recommended nomenclature for Loki storage is `logging-loki-_<your_storage_provider>_`.
+
+The following table shows the `type` values within the `LokiStack` custom resource (CR) for each storage provider. For more information, see the section on your storage provider.
+
+[options="header"]
+.Secret type quick reference
+|===
+| Storage provider          | Secret `type` value
+| AWS                       | s3
+| Azure                     | azure
+| Google Cloud              | gcs
+| Minio                     | s3
+| OpenShift Data Foundation | s3
+| Swift                     | swift
+|===
diff --git a/modules/logging-loki-zone-aware-rep.adoc b/modules/logging-loki-zone-aware-rep.adoc
new file mode 100644
index 000000000000..be76d3519a95
--- /dev/null
+++ b/modules/logging-loki-zone-aware-rep.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="logging-loki-zone-aware-rep_{context}"]
+= Zone aware data replication
+
+In the {logging} 5.8 and later versions, the {loki-op} offers support for zone-aware data replication through pod topology spread constraints. Enabling this feature enhances reliability and safeguards against log loss in the event of a single zone failure. When configuring the deployment size as `1x.extra.small`, `1x.small`, or `1x.medium,` the `replication.factor` field is automatically set to 2.
+
+To ensure proper replication, you need to have at least as many availability zones as the replication factor specifies. While it is possible to have more availability zones than the replication factor, having fewer zones can lead to write failures. Each zone should host an equal number of instances for optimal operation.
+
+.Example LokiStack CR with zone replication enabled
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+ name: logging-loki
+ namespace: openshift-logging
+spec:
+ replicationFactor: 2 # <1>
+ replication:
+   factor: 2 # <2>
+   zones:
+   -  maxSkew: 1 # <3>
+      topologyKey: topology.kubernetes.io/zone # <4>
+----
+<1> Deprecated field, values entered are overwritten by `replication.factor`.
+<2> This value is automatically set when deployment size is selected at setup.
+<3> The maximum difference in number of pods between any two topology domains. The default is 1, and you cannot specify a value of 0.
+<4> Defines zones in the form of a topology key that corresponds to a node label.
diff --git a/modules/logging-loki-zone-fail-recovery.adoc b/modules/logging-loki-zone-fail-recovery.adoc
new file mode 100644
index 000000000000..c98bba2d8179
--- /dev/null
+++ b/modules/logging-loki-zone-fail-recovery.adoc
@@ -0,0 +1,87 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-loki.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-loki-zone-fail-recovery_{context}"]
+= Recovering Loki pods from failed zones
+
+In {product-title} a zone failure happens when specific availability zone resources become inaccessible. Availability zones are isolated areas within a cloud provider's data center, aimed at enhancing redundancy and fault tolerance. If your {product-title} cluster isn't configured to handle this, a zone failure can lead to service or data loss.
+
+Loki pods are part of a link:https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/[StatefulSet], and they come with Persistent Volume Claims (PVCs) provisioned by a `StorageClass` object. Each Loki pod and its PVCs reside in the same zone. When a zone failure occurs in a cluster, the StatefulSet controller automatically attempts to recover the affected pods in the failed zone.
+
+[WARNING]
+====
+The following procedure will delete the PVCs in the failed zone, and all data contained therein.  To avoid complete data loss the replication factor field of the `LokiStack` CR should always be set to a value greater than 1 to ensure that Loki is replicating.
+====
+
+.Prerequisites
+* Logging version 5.8 or later.
+* Verify your `LokiStack` CR has a replication factor greater than 1.
+* Zone failure detected by the control plane, and nodes in the failed zone are marked by cloud provider integration.
+
+The StatefulSet controller automatically attempts to reschedule pods in a failed zone. Because the associated PVCs are also in the failed zone, automatic rescheduling to a different zone does not work. You must manually delete the PVCs in the failed zone to allow successful re-creation of the stateful Loki Pod and its provisioned PVC in the new zone.
+
+
+.Procedure
+. List the pods in `Pending` status by running the following command:
++
+[source,terminal]
+----
+oc get pods --field-selector status.phase==Pending -n openshift-logging
+----
++
+.Example `oc get pods` output
+[source,terminal]
+----
+NAME                           READY   STATUS    RESTARTS   AGE # <1>
+logging-loki-index-gateway-1   0/1     Pending   0          17m
+logging-loki-ingester-1        0/1     Pending   0          16m
+logging-loki-ruler-1           0/1     Pending   0          16m
+----
+<1> These pods are in `Pending` status because their corresponding PVCs are in the failed zone.
+
+. List the PVCs in `Pending` status by running the following command:
++
+[source,terminal]
+----
+oc get pvc -o=json -n openshift-logging | jq '.items[] | select(.status.phase == "Pending") | .metadata.name' -r
+----
++
+.Example `oc get pvc` output
+[source,terminal]
+----
+storage-logging-loki-index-gateway-1
+storage-logging-loki-ingester-1
+wal-logging-loki-ingester-1
+storage-logging-loki-ruler-1
+wal-logging-loki-ruler-1
+----
+
+. Delete the PVC(s) for a pod by running the following command:
++
+[source,terminal]
+----
+oc delete pvc __<pvc_name>__  -n openshift-logging
+----
++
+. Then delete the pod(s) by running the following command:
++
+[source,terminal]
+----
+oc delete pod __<pod_name>__  -n openshift-logging
+----
+
+Once these objects have been successfully deleted, they should automatically be rescheduled in an available zone.
+
+[id="logging-loki-zone-fail-term-state_{context}"]
+== Troubleshooting PVC in a terminating state
+
+The PVCs might hang in the terminating state without being deleted, if PVC metadata finalizers are set to `kubernetes.io/pv-protection`. Removing the finalizers should allow the PVCs to delete successfully.
+
+. Remove the finalizer for each PVC by running the command below, then retry deletion.
++
+[source,terminal]
+----
+oc patch pvc __<pvc_name>__ -p '{"metadata":{"finalizers":null}}' -n openshift-logging
+----
diff --git a/modules/logging-multiline-except.adoc b/modules/logging-multiline-except.adoc
index 19efa8df840a..174c859e45d2 100644
--- a/modules/logging-multiline-except.adoc
+++ b/modules/logging-multiline-except.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="logging-multiline-except_{context}"]
 = Enabling multi-line exception detection
 
@@ -55,7 +55,7 @@ When log messages appear as a consecutive sequence forming an exception stack tr
 |Ruby | ✓ | ✓
 |Python | ✓ | ✓
 |Golang | ✓ | ✓
-|PHP | ✓ |
+|PHP | ✓ | ✓
 |Dart | ✓ | ✓
 |===
 
diff --git a/modules/logging-operator-upgrading-all-ns.adoc b/modules/logging-operator-upgrading-all-ns.adoc
new file mode 100644
index 000000000000..07bfc6b4801d
--- /dev/null
+++ b/modules/logging-operator-upgrading-all-ns.adoc
@@ -0,0 +1,67 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-upgrading.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-operator-upgrading-all-ns_{context}"]
+= Upgrading the {clo} to watch all namespaces
+
+In logging 5.7 and older versions, the {clo} only watches the `openshift-logging` namespace.
+If you want the {clo} to watch all namespaces on your cluster, you must redeploy the Operator. You can complete the following procedure to redeploy the Operator without deleting your logging components.
+
+.Prerequisites
+
+* You have installed the {oc-first}.
+* You have administrator permissions.
+
+.Procedure
+
+. Delete the subscription by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging delete subscription <subscription>
+----
+
+. Delete the Operator group by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-logging delete operatorgroup <operator_group_name>
+----
+
+. Delete the cluster service version (CSV) by running the following command:
++
+[source,terminal]
+----
+$ oc delete clusterserviceversion cluster-logging.<version>
+----
+
+. Redeploy the {clo} by following the "Installing Logging" documentation.
+
+.Verification
+
+* Check that the `targetNamespaces` field in the `OperatorGroup` resource is not present or is set to an empty string.
++
+To do this, run the following command and inspect the output:
++
+[source,terminal]
+----
+$ oc get operatorgroup <operator_group_name> -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-logging-f52cn
+  namespace: openshift-logging
+spec:
+  upgradeStrategy: Default
+status:
+  namespaces:
+  - ""
+# ...
+----
diff --git a/modules/logging-plugin-es-loki.adoc b/modules/logging-plugin-es-loki.adoc
new file mode 100644
index 000000000000..b5ed6a8ad0b5
--- /dev/null
+++ b/modules/logging-plugin-es-loki.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// * logging/log_visualization/log-visualization-ocp-console.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-plugin-es-loki_{context}"]
+= Configuring the {log-plug} when you have the Elasticsearch log store and LokiStack installed
+
+In {logging} version 5.8 and later, if the Elasticsearch log store is your default log store but you have also installed the LokiStack, you can enable the {log-plug} by using the following procedure.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have installed the {clo}, the {es-op}, and the {loki-op}.
+* You have installed the {oc-first}.
+* You have created a `ClusterLogging` custom resource (CR).
+
+.Procedure
+
+. Ensure that the {log-plug} is enabled by running the following command:
++
+[source,terminal]
+----
+$ oc get consoles.operator.openshift.io cluster -o yaml |grep logging-view-plugin  \
+|| oc patch consoles.operator.openshift.io cluster  --type=merge \
+--patch '{ "spec": { "plugins": ["logging-view-plugin"]}}'
+----
+
+. Add the `.metadata.annotations.logging.openshift.io/ocp-console-migration-target: lokistack-dev` annotation to the `ClusterLogging` CR, by running the following command:
++
+[source,terminal]
+----
+$ oc patch clusterlogging instance --type=merge --patch \
+'{ "metadata": { "annotations": { "logging.openshift.io/ocp-console-migration-target": "lokistack-dev" }}}' \
+-n openshift-logging
+----
++
+.Example output
+[source,terminal]
+----
+clusterlogging.logging.openshift.io/instance patched
+----
+
+.Verification
+
+* Verify that the annotation was added successfully, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc get clusterlogging instance \
+-o=jsonpath='{.metadata.annotations.logging\.openshift\.io/ocp-console-migration-target}' \
+-n openshift-logging
+----
++
+.Example output
+[source,terminal]
+----
+"lokistack-dev"
+----
+
+The {log-plug} pod is now deployed. You can view logging data by navigating to the {product-title} web console and viewing the *Observe* -> *Logs* page.
diff --git a/modules/logging-release-notes-5-7-8.adoc b/modules/logging-release-notes-5-7-8.adoc
new file mode 100644
index 000000000000..d1f23123b2d5
--- /dev/null
+++ b/modules/logging-release-notes-5-7-8.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+// cluster-logging-release-notes.adoc
+// logging-5-7-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="logging-release-notes-5-7-8_{context}"]
+= Logging 5.7.8
+This release includes link:https://access.redhat.com/errata/RHBA-2023:6730[OpenShift Logging Bug Fix Release 5.7.8].
+
+[id="logging-release-notes-5-7-8-bug-fixes"]
+== Bug fixes
+* Before this update, there was a potential conflict when the same name was used for the `outputRefs` and `inputRefs` parameters in the `ClusterLogForwarder` custom resource (CR). As a result, the collector pods entered in a `CrashLoopBackOff` status. With this update, the output labels contain the `OUTPUT_` prefix to ensure a distinction between output labels and pipeline names. (link:https://issues.redhat.com/browse/LOG-4383[LOG-4383])
+
+* Before this update, while configuring the JSON log parser, if you did not set the `structuredTypeKey` or `structuredTypeName` parameters for the Cluster Logging Operator, no alert would display about an invalid configuration. With this update, the Cluster Logging Operator informs you about the configuration issue. (link:https://issues.redhat.com/browse/LOG-4441[LOG-4441])
+
+* Before this update, if the `hecToken` key was missing or incorrect in the secret specified for a Splunk output, the validation failed because the Vector forwarded logs to Splunk without a token. With this update, if the `hecToken` key is missing or incorrect, the validation fails with the `A non-empty hecToken entry is required` error message. (link:https://issues.redhat.com/browse/LOG-4580[LOG-4580])
+
+* Before this update, selecting a date from the `Custom time range` for logs caused an error in the web console. With this update, you can select a date from the time range model in the web console successfully. (link:https://issues.redhat.com/browse/LOG-4684[LOG-4684])
+
+[id="logging-release-notes-5-7-8-CVEs"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2023-40217[CVE-2023-40217]
+* link:https://access.redhat.com/security/cve/CVE-2023-44487[CVE-2023-44487]
\ No newline at end of file
diff --git a/modules/logging-release-notes-5-8-0.adoc b/modules/logging-release-notes-5-8-0.adoc
new file mode 100644
index 000000000000..8aadf90aeee3
--- /dev/null
+++ b/modules/logging-release-notes-5-8-0.adoc
@@ -0,0 +1,65 @@
+//module included in logging-5-8-release-notes.adoc
+:content-type: REFERENCE
+[id="logging-release-notes-5-8-0_{context}"]
+= Logging 5.8.0
+This release includes link:https://access.redhat.com/errata/RHBA-2023:6139[OpenShift Logging Bug Fix Release 5.8.0] and link:https://access.redhat.com/errata/RHBA-2023:6134[OpenShift Logging Bug Fix Release 5.8.0 Kibana].
+
+[id="logging-release-notes-5-8-0-deprecation-notice"]
+== Deprecation notice
+In Logging 5.8, Elasticsearch, Fluentd, and Kibana are deprecated and are planned to be removed in Logging 6.0, which is expected to be shipped alongside a future release of {product-title}. Red Hat will provide critical and above CVE bug fixes and support for these components during the current release lifecycle, but these components will no longer receive feature enhancements. The Vector-based collector provided by the {clo} and LokiStack provided by the {loki-op} are the preferred Operators for log collection and storage. We encourage all users to adopt the Vector and Loki log stack, as this will be the stack that will be enhanced going forward.
+
+[id="logging-release-notes-5-8-0-enhancements"]
+== Enhancements
+
+[id="logging-release-notes-5-8-0-log-collection"]
+=== Log Collection
+* With this update, you can deploy multiple, isolated, and RBAC-protected `ClusterLogForwarder` custom resource (CR) instances in any namespace. This allows independent groups to forward desired logs to any destination while isolating their configuration from other collector deployments. (link:https://issues.redhat.com/browse/LOG-1343[LOG-1343])
++
+[IMPORTANT]
+====
+In order to support multi-cluster log forwarding in additional namespaces other than the `openshift-logging` namespace, you must update the {clo} to watch all namespaces. This functionality is supported by default in new {clo} version 5.8 installations.
+====
+
+* With this update, you can use the flow control or rate limiting mechanism to limit the volume of log data that can be collected or forwarded by dropping excess log records. The input limits prevent poorly-performing containers from overloading the {logging-uc} and the output limits put a ceiling on the rate of logs shipped to a given data store. (link:https://issues.redhat.com/browse/LOG-884[LOG-884])
+
+* With this update, you can configure the log collector to look for HTTP connections and receive logs as an HTTP server, also known as a webhook. (link:https://issues.redhat.com/browse/LOG-4562[LOG-4562])
+
+* With this update, you can configure audit polices to control which Kubernetes and OpenShift API server events are forwarded by the log collector. (link:https://issues.redhat.com/browse/LOG-3982[LOG-3982])
+
+[id="logging-release-notes-5-8-0-log-storage"]
+=== Log Storage
+* With this update, LokiStack administrators can have more fine-grained control over who can access which logs by granting access to logs on a namespace basis. (link:https://issues.redhat.com/browse/LOG-3841[LOG-3841])
+
+* With this update, the {loki-op} introduces `PodDisruptionBudget` configuration on LokiStack deployments to ensure normal operations during {product-title} cluster restarts by keeping ingestion and the query path available. (link:https://issues.redhat.com/browse/LOG-3839[LOG-3839])
+
+* With this update, the reliability of existing LokiStack installations are seamlessly improved by applying a set of default Affinity and Anti-Affinity policies.
+(link:https://issues.redhat.com/browse/LOG-3840[LOG-3840])
+
+* With this update, you can manage zone-aware data replication as an administrator in LokiStack, in order to enhance reliability in the event of a zone failure. (link:https://issues.redhat.com/browse/LOG-3266[LOG-3266])
+
+* With this update, a new supported small-scale LokiStack size of 1x.extra-small is introduced for {product-title} clusters hosting a few workloads and smaller ingestion volumes (up to 100GB/day). (link:https://issues.redhat.com/browse/LOG-4329[LOG-4329])
+
+* With this update, the LokiStack administrator has access to an official Loki dashboard to inspect the storage performance and the health of each component. (link:https://issues.redhat.com/browse/LOG-4327[LOG-4327])
+
+[id="logging-release-notes-5-8-0-log-console"]
+=== Log Console
+* With this update, you can enable the Logging Console Plugin when Elasticsearch is the default Log Store. (link:https://issues.redhat.com/browse/LOG-3856[LOG-3856])
+
+* With this update, {product-title} application owners can receive notifications for application log-based alerts on the {product-title} web console *Developer* perspective for {product-title} version 4.14 and later. (link:https://issues.redhat.com/browse/LOG-3548[LOG-3548])
+
+[id="logging-release-notes-5-8-0-known-issues"]
+== Known Issues
+* Currently, there is a flaw in handling multiplexed streams in the HTTP/2 protocol, where you can repeatedly make a request for a new multiplex stream and immediately send an `RST_STREAM` frame to cancel it. This created extra work for the server set up and tore down the streams, resulting in a denial of service due to server resource consumption. There is currently no workaround for this issue. (link:https://issues.redhat.com/browse/LOG-4609[LOG-4609])
+
+* Currently, when using  FluentD as the collector, the collector pod cannot start on the {product-title} IPv6-enabled cluster. The pod logs produce the `fluentd pod [error]: unexpected error error_class=SocketError error="getaddrinfo: Name or service not known` error. There is currently no workaround for this issue. (link:https://issues.redhat.com/browse/LOG-4706[LOG-4706])
+
+* Currently, the log alert is not available on an IPv6-enabled cluster. There is currently no workaround for this issue. (link:https://issues.redhat.com/browse/LOG-4709[LOG-4709])
+
+* Currently, `must-gather` cannot gather any logs on a FIPS-enabled cluster, because the required OpenSSL library is not available in the `cluster-logging-rhel9-operator`. There is currently no workaround for this issue. (link:https://issues.redhat.com/browse/LOG-4403[LOG-4403])
+
+* Currently, when deploying the {logging} version 5.8 on a FIPS-enabled cluster, the collector pods cannot start and are stuck in `CrashLoopBackOff` status, while using FluentD as a collector. There is currently no workaround for this issue. (link:https://issues.redhat.com/browse/LOG-3933[LOG-3933])
+
+
+[id="logging-release-notes-5-8-0-CVEs"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2023-40217[CVE-2023-40217]
diff --git a/modules/logging-release-notes-5-8-1.adoc b/modules/logging-release-notes-5-8-1.adoc
new file mode 100644
index 000000000000..78720d07d8ea
--- /dev/null
+++ b/modules/logging-release-notes-5-8-1.adoc
@@ -0,0 +1,126 @@
+//module included in logging-5-8-release-notes.adoc
+:content-type: REFERENCE
+[id="logging-release-notes-5-8-1_{context}"]
+= Logging 5.8.1
+This release includes link:https://access.redhat.com/errata/RHSA-2023:7720[OpenShift Logging Bug Fix Release 5.8.1] and link:https://access.redhat.com/errata/RHBA-2023:7717[OpenShift Logging Bug Fix Release 5.8.1 Kibana].
+
+[id="logging-release-notes-5-8-1-enhancements"]
+== Enhancements
+
+[id="logging-release-notes-5-8-1-log-collection"]
+=== Log Collection
+
+* With this update, while configuring Vector as a collector, you can add logic to the {clo} to use a token specified in the secret in place of the token associated with the service account. (link:https://issues.redhat.com/browse/LOG-4780[LOG-4780])
+
+* With this update, the *BoltDB Shipper* Loki dashboards are now renamed to *Index* dashboards. (link:https://issues.redhat.com/browse/LOG-4828[LOG-4828])
+
+[id="logging-release-notes-5-8-1-bug-fixes"]
+== Bug fixes
+
+* Before this update, the `ClusterLogForwarder` created empty indices after enabling the parsing of JSON logs, even when the rollover conditions were not met. With this update, the `ClusterLogForwarder` skips the rollover when the `write-index` is empty. (link:https://issues.redhat.com/browse/LOG-4452[LOG-4452])
+
+* Before this update, the Vector set the `default` log level incorrectly. With this update, the correct log level is set by improving the enhancement of regular expression, or `regexp`, for log level detection. (link:https://issues.redhat.com/browse/LOG-4480[LOG-4480])
+
+* Before this update, during the process of creating index patterns, the default alias was missing from the initial index in each log output. As a result, Kibana users were unable to create index patterns by using {es-op}. This update adds the missing aliases to {es-op}, resolving the issue. Kibana users can now create index patterns that include the `{app,infra,audit}-000001` indexes. (link:https://issues.redhat.com/browse/LOG-4683[LOG-4683])
+
+* Before this update, Fluentd collector pods were in a `CrashLoopBackOff` state due to binding of the Prometheus server on IPv6 clusters. With this update, the collectors work properly on IPv6 clusters. (link:https://issues.redhat.com/browse/LOG-4706[LOG-4706])
+
+* Before this update, the {clo} would undergo numerous reconciliations whenever there was a change in the `ClusterLogForwarder`. With this update, the {clo} disregards the status changes in the collector daemonsets that triggered the reconciliations. (link:https://issues.redhat.com/browse/LOG-4741[LOG-4741])
+
+* Before this update, the Vector log collector pods were stuck in the `CrashLoopBackOff` state on {ibm-power-title} machines. With this update, the Vector log collector pods start successfully on {ibm-power-title} architecture machines. (link:https://issues.redhat.com/browse/LOG-4768[LOG-4768])
+
+* Before this update, forwarding with a legacy forwarder to an internal LokiStack would produce SSL certificate errors using Fluentd collector pods. With this update, the log collector service account is used by default for authentication, using the associated token and `ca.crt`. (link:https://issues.redhat.com/browse/LOG-4791[LOG-4791])
+
+* Before this update, forwarding with a legacy forwarder to an internal LokiStack would produce SSL certificate errors using Vector collector pods. With this update, the log collector service account is used by default for authentication and also using the associated token and `ca.crt`. (link:https://issues.redhat.com/browse/LOG-4852[LOG-4852])
+
+* Before this fix, IPv6 addresses would not be parsed correctly after evaluating a host or multiple hosts for placeholders. With this update, IPv6 addresses are correctly parsed. (link:https://issues.redhat.com/browse/LOG-4811[LOG-4811])
+
+* Before this update, it was necessary to create a `ClusterRoleBinding` to collect audit permissions for HTTP receiver inputs. With this update, it is not necessary to create the `ClusterRoleBinding` because the endpoint already depends upon the cluster certificate authority. (link:https://issues.redhat.com/browse/LOG-4815[LOG-4815])
+
+* Before this update, the {loki-op} did not mount a custom CA bundle to the ruler pods. As a result, during the process to evaluate alerting or recording rules, object storage access failed. With this update, the {loki-op} mounts the custom CA bundle to all ruler pods. The ruler pods can download logs from object storage to evaluate alerting or recording rules. (link:https://issues.redhat.com/browse/LOG-4836[LOG-4836])
+
+* Before this update, while removing the `inputs.receiver` section in the `ClusterLogForwarder`, the HTTP input services and its associated secrets were not deleted. With this update, the HTTP input resources are deleted when not needed. (link:https://issues.redhat.com/browse/LOG-4612[LOG-4612])
+
+* Before this update, the `ClusterLogForwarder` indicated validation errors in the status, but the outputs and the pipeline status did not accurately reflect the specific issues. With this update, the pipeline status displays the validation failure reasons correctly in case of misconfigured outputs, inputs, or filters. (link:https://issues.redhat.com/browse/LOG-4821[LOG-4821])
+
+* Before this update, changing a `LogQL` query that used controls such as time range or severity changed the label matcher operator defining it like a regular expression. With this update, regular expression operators remain unchanged when updating the query. (link:https://issues.redhat.com/browse/LOG-4841[LOG-4841])
+
+[id="logging-release-notes-5-8-1-CVEs"]
+== CVEs
+
+* link:https://access.redhat.com/security/cve/CVE-2007-4559[CVE-2007-4559]
+* link:https://access.redhat.com/security/cve/CVE-2021-3468[CVE-2021-3468]
+* link:https://access.redhat.com/security/cve/CVE-2021-3502[CVE-2021-3502]
+* link:https://access.redhat.com/security/cve/CVE-2021-3826[CVE-2021-3826]
+* link:https://access.redhat.com/security/cve/CVE-2021-43618[CVE-2021-43618]
+* link:https://access.redhat.com/security/cve/CVE-2022-3523[CVE-2022-3523]
+* link:https://access.redhat.com/security/cve/CVE-2022-3565[CVE-2022-3565]
+* link:https://access.redhat.com/security/cve/CVE-2022-3594[CVE-2022-3594]
+* link:https://access.redhat.com/security/cve/CVE-2022-4285[CVE-2022-4285]
+* link:https://access.redhat.com/security/cve/CVE-2022-38457[CVE-2022-38457]
+* link:https://access.redhat.com/security/cve/CVE-2022-40133[CVE-2022-40133]
+* link:https://access.redhat.com/security/cve/CVE-2022-40982[CVE-2022-40982]
+* link:https://access.redhat.com/security/cve/CVE-2022-41862[CVE-2022-41862]
+* link:https://access.redhat.com/security/cve/CVE-2022-42895[CVE-2022-42895]
+* link:https://access.redhat.com/security/cve/CVE-2023-0597[CVE-2023-0597]
+* link:https://access.redhat.com/security/cve/CVE-2023-1073[CVE-2023-1073]
+* link:https://access.redhat.com/security/cve/CVE-2023-1074[CVE-2023-1074]
+* link:https://access.redhat.com/security/cve/CVE-2023-1075[CVE-2023-1075]
+* link:https://access.redhat.com/security/cve/CVE-2023-1076[CVE-2023-1076]
+* link:https://access.redhat.com/security/cve/CVE-2023-1079[CVE-2023-1079]
+* link:https://access.redhat.com/security/cve/CVE-2023-1206[CVE-2023-1206]
+* link:https://access.redhat.com/security/cve/CVE-2023-1249[CVE-2023-1249]
+* link:https://access.redhat.com/security/cve/CVE-2023-1252[CVE-2023-1252]
+* link:https://access.redhat.com/security/cve/CVE-2023-1652[CVE-2023-1652]
+* link:https://access.redhat.com/security/cve/CVE-2023-1855[CVE-2023-1855]
+* link:https://access.redhat.com/security/cve/CVE-2023-1981[CVE-2023-1981]
+* link:https://access.redhat.com/security/cve/CVE-2023-1989[CVE-2023-1989]
+* link:https://access.redhat.com/security/cve/CVE-2023-2731[CVE-2023-2731]
+* link:https://access.redhat.com/security/cve/CVE-2023-3138[CVE-2023-3138]
+* link:https://access.redhat.com/security/cve/CVE-2023-3141[CVE-2023-3141]
+* link:https://access.redhat.com/security/cve/CVE-2023-3161[CVE-2023-3161]
+* link:https://access.redhat.com/security/cve/CVE-2023-3212[CVE-2023-3212]
+* link:https://access.redhat.com/security/cve/CVE-2023-3268[CVE-2023-3268]
+* link:https://access.redhat.com/security/cve/CVE-2023-3316[CVE-2023-3316]
+* link:https://access.redhat.com/security/cve/CVE-2023-3358[CVE-2023-3358]
+* link:https://access.redhat.com/security/cve/CVE-2023-3576[CVE-2023-3576]
+* link:https://access.redhat.com/security/cve/CVE-2023-3609[CVE-2023-3609]
+* link:https://access.redhat.com/security/cve/CVE-2023-3772[CVE-2023-3772]
+* link:https://access.redhat.com/security/cve/CVE-2023-3773[CVE-2023-3773]
+* link:https://access.redhat.com/security/cve/CVE-2023-4016[CVE-2023-4016]
+* link:https://access.redhat.com/security/cve/CVE-2023-4128[CVE-2023-4128]
+* link:https://access.redhat.com/security/cve/CVE-2023-4155[CVE-2023-4155]
+* link:https://access.redhat.com/security/cve/CVE-2023-4194[CVE-2023-4194]
+* link:https://access.redhat.com/security/cve/CVE-2023-4206[CVE-2023-4206]
+* link:https://access.redhat.com/security/cve/CVE-2023-4207[CVE-2023-4207]
+* link:https://access.redhat.com/security/cve/CVE-2023-4208[CVE-2023-4208]
+* link:https://access.redhat.com/security/cve/CVE-2023-4273[CVE-2023-4273]
+* link:https://access.redhat.com/security/cve/CVE-2023-4641[CVE-2023-4641]
+* link:https://access.redhat.com/security/cve/CVE-2023-22745[CVE-2023-22745]
+* link:https://access.redhat.com/security/cve/CVE-2023-26545[CVE-2023-26545]
+* link:https://access.redhat.com/security/cve/CVE-2023-26965[CVE-2023-26965]
+* link:https://access.redhat.com/security/cve/CVE-2023-26966[CVE-2023-26966]
+* link:https://access.redhat.com/security/cve/CVE-2023-27522[CVE-2023-27522]
+* link:https://access.redhat.com/security/cve/CVE-2023-29491[CVE-2023-29491]
+* link:https://access.redhat.com/security/cve/CVE-2023-29499[CVE-2023-29499]
+* link:https://access.redhat.com/security/cve/CVE-2023-30456[CVE-2023-30456]
+* link:https://access.redhat.com/security/cve/CVE-2023-31486[CVE-2023-31486]
+* link:https://access.redhat.com/security/cve/CVE-2023-32324[CVE-2023-32324]
+* link:https://access.redhat.com/security/cve/CVE-2023-32573[CVE-2023-32573]
+* link:https://access.redhat.com/security/cve/CVE-2023-32611[CVE-2023-32611]
+* link:https://access.redhat.com/security/cve/CVE-2023-32665[CVE-2023-32665]
+* link:https://access.redhat.com/security/cve/CVE-2023-33203[CVE-2023-33203]
+* link:https://access.redhat.com/security/cve/CVE-2023-33285[CVE-2023-33285]
+* link:https://access.redhat.com/security/cve/CVE-2023-33951[CVE-2023-33951]
+* link:https://access.redhat.com/security/cve/CVE-2023-33952[CVE-2023-33952]
+* link:https://access.redhat.com/security/cve/CVE-2023-34241[CVE-2023-34241]
+* link:https://access.redhat.com/security/cve/CVE-2023-34410[CVE-2023-34410]
+* link:https://access.redhat.com/security/cve/CVE-2023-35825[CVE-2023-35825]
+* link:https://access.redhat.com/security/cve/CVE-2023-36054[CVE-2023-36054]
+* link:https://access.redhat.com/security/cve/CVE-2023-37369[CVE-2023-37369]
+* link:https://access.redhat.com/security/cve/CVE-2023-38197[CVE-2023-38197]
+* link:https://access.redhat.com/security/cve/CVE-2023-38545[CVE-2023-38545]
+* link:https://access.redhat.com/security/cve/CVE-2023-38546[CVE-2023-38546]
+* link:https://access.redhat.com/security/cve/CVE-2023-39191[CVE-2023-39191]
+* link:https://access.redhat.com/security/cve/CVE-2023-39975[CVE-2023-39975]
+* link:https://access.redhat.com/security/cve/CVE-2023-44487[CVE-2023-44487]
diff --git a/modules/logging-release-notes-5-8-2.adoc b/modules/logging-release-notes-5-8-2.adoc
new file mode 100644
index 000000000000..151e1cffaf60
--- /dev/null
+++ b/modules/logging-release-notes-5-8-2.adoc
@@ -0,0 +1,27 @@
+//module included in logging-5-8-release-notes.adoc
+:content-type: REFERENCE
+[id="logging-release-notes-5-8-2"]
+= Logging 5.8.2
+This release includes link:https://access.redhat.com/errata/RHSA-2024:0271[OpenShift Logging Bug Fix Release 5.8.2].
+
+[id="logging-release-notes-5-8-2-bug-fixes"]
+== Bug fixes
+* Before this update, the LokiStack ruler pods would not format the IPv6 pod IP in HTTP URLs used for cross pod communication, causing querying rules and alerts through the Prometheus-compatible API to fail. With this update, the LokiStack ruler pods encapsulate the IPv6 pod IP in square brackets, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4890[LOG-4890])
+
+* Before this update, the developer console logs did not account for the current namespace, resulting in query rejection for users without cluster-wide log access. With this update, namespace inclusion has been corrected, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4947[LOG-4947])
+
+* Before this update, the logging view plugin of the {Product-Title} web console did not allow for custom node placement and tolerations. With this update, defining custom node placements and tolerations has been added to the logging view plugin of the {Product-Title} web console. (link:https://issues.redhat.com/browse/LOG-4912[LOG-4912])
+
+////
+* Before this update, in {Product-Title} Release Candidate 4.15, the Loki ruler was not able to send alerts to  `Alertmanager` user workload monitoring due to a permissions issue. With this update, the Loki Operator RBAC permissions allow sending alerts to `Alertmanager`, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4951[LOG-4951])
+////
+
+[id="logging-release-notes-5-8-2-CVEs"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2022-44638[CVE-2022-44638]
+* link:https://access.redhat.com/security/cve/CVE-2023-1192[CVE-2023-1192]
+* link:https://access.redhat.com/security/cve/CVE-2023-5345[CVE-2023-5345]
+* link:https://access.redhat.com/security/cve/CVE-2023-20569[CVE-2023-20569]
+* link:https://access.redhat.com/security/cve/CVE-2023-26159[CVE-2023-26159]
+* link:https://access.redhat.com/security/cve/CVE-2023-39615[CVE-2023-39615]
+* link:https://access.redhat.com/security/cve/CVE-2023-45871[CVE-2023-45871]
diff --git a/modules/logging-rn-5.5.0.adoc b/modules/logging-rn-5.5.0.adoc
deleted file mode 100644
index f405f3935313..000000000000
--- a/modules/logging-rn-5.5.0.adoc
+++ /dev/null
@@ -1,47 +0,0 @@
-// Module included in the following assemblies:
-//logging-5-5-release-notes
-[id="logging-release-notes-5-5-0"]
-= Logging 5.5.0
-This release includes:link:https://access.redhat.com/errata/RHSA-2022:6051[OpenShift Logging Bug Fix Release 5.5.0].
-
-[id="logging-5-5-0-enhancements"]
-== Enhancements
-* With this update, you can forward structured logs from different containers within the same pod to different indices. To use this feature, you must configure the pipeline with multi-container support and annotate the pods. (link:https://issues.redhat.com/browse/LOG-1296[LOG-1296])
-
-[IMPORTANT]
-====
-JSON formatting of logs varies by application. Because creating too many indices impacts performance, limit your use of this feature to creating indices for logs that have incompatible JSON formats. Use queries to separate logs from different namespaces, or applications with compatible JSON formats.
-====
-
-* With this update, you can filter logs with Elasticsearch outputs by using the Kubernetes common labels, `app.kubernetes.io/component`, `app.kubernetes.io/managed-by`, `app.kubernetes.io/part-of`, and `app.kubernetes.io/version`. Non-Elasticsearch output types can use all labels included in `kubernetes.labels`. (link:https://issues.redhat.com/browse/LOG-2388[LOG-2388])
-
-* With this update, clusters with AWS Security Token Service (STS) enabled may use STS authentication to forward logs to Amazon CloudWatch. (link:https://issues.redhat.com/browse/LOG-1976[LOG-1976])
-
-* With this update, the 'LokiOperator' Operator and Vector collector move from Technical Preview to General Availability. Full feature parity with prior releases are pending, and some APIs remain Technical Previews. See the *Logging with the LokiStack* section for details.
-
-[id="logging-5-5-0-bug-fixes"]
-== Bug fixes
-* Before this update, clusters configured to forward logs to Amazon CloudWatch wrote rejected log files to temporary storage, causing cluster instability over time. With this update, chunk backup for all storage options has been disabled, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2746[LOG-2746])
-
-* Before this update, the Operator was using versions of some APIs that are deprecated and planned for removal in future versions of {product-title}. This update moves dependencies to the supported API versions. (link:https://issues.redhat.com/browse/LOG-2656[LOG-2656])
-
-* Before this update, multiple `ClusterLogForwarder` pipelines configured for multiline error detection caused the collector to go into a `crashloopbackoff` error state. This update fixes the issue where multiple configuration sections had the same unique ID. (link:https://issues.redhat.com/browse/LOG-2241[LOG-2241])
-
-* Before this update, the collector could not save non UTF-8 symbols to the Elasticsearch storage logs. With this update the collector encodes non UTF-8 symbols, resolving the issue. (link:https://issues.redhat.com/browse/LOG-2203[LOG-2203])
-
-* Before this update, non-latin characters displayed incorrectly in Kibana. With this update, Kibana displays all valid UTF-8 symbols correctly. (link:https://issues.redhat.com/browse/LOG-2784[LOG-2784])
-
-== CVEs
-[id="logging-5-5-0-CVEs"]
-* link:https://access.redhat.com/security/cve/CVE-2021-38561[CVE-2021-38561]
-* link:https://access.redhat.com/security/cve/CVE-2022-1012[CVE-2022-1012]
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-21698[CVE-2022-21698]
-* link:https://access.redhat.com/security/cve/CVE-2022-30631[CVE-2022-30631]
-* link:https://access.redhat.com/security/cve/CVE-2022-32250[CVE-2022-32250]
diff --git a/modules/logging-rn-5.5.1.adoc b/modules/logging-rn-5.5.1.adoc
deleted file mode 100644
index a12aee053f3c..000000000000
--- a/modules/logging-rn-5.5.1.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-// Module included in the following assemblies:
-//logging-5-5-release-notes
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-1"]
-= Logging 5.5.1
-This release includes link:https://access.redhat.com/errata/RHSA-2022:6344[OpenShift Logging Bug Fix Release 5.5.1].
-
-[id="logging-5-5-1-enhancements_{context}"]
-== Enhancements
-* This enhancement adds an *Aggregated Logs* tab to the *Pod Details* page of the {product-title} web console when the Logging Console Plug-in is in use. This enhancement is only available on {product-title} 4.10 and later. (link:https://issues.redhat.com/browse/LOG-2647[LOG-2647])
-
-* This enhancement adds Google Cloud Logging as an output option for log forwarding. (link:https://issues.redhat.com/browse/LOG-1482[LOG-1482])
-
-[id="logging-5-5-1-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, the Operator did not ensure that the pod was ready, which caused the cluster to reach an inoperable state during a cluster restart. With this update, the Operator marks new pods as ready before continuing to a new pod during a restart, which resolves the issue. (link:https://issues.redhat.com/browse/LOG-2745[LOG-2745])
-
-* Before this update, Fluentd would sometimes not recognize that the Kubernetes platform rotated the log file and would no longer read log messages. This update corrects that by setting the configuration parameter suggested by the upstream development team. (link:https://issues.redhat.com/browse/LOG-2995[LOG-2995])
-
-* Before this update, the addition of multi-line error detection caused internal routing to change and forward records to the wrong destination. With this update, the internal routing is correct. (link:https://issues.redhat.com/browse/LOG-2801[LOG-2801])
-
-* Before this update, changing the {product-title} web console's refresh interval created an error when the *Query* field was empty. With this update, changing the interval is not an available option when the *Query* field is empty. (link:https://issues.redhat.com/browse/LOG-2917[LOG-2917])
-
-[id="logging-5-5-1-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-1705[CVE-2022-1705]
-* link:https://access.redhat.com/security/cve/CVE-2022-2526[CVE-2022-2526]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-30631[CVE-2022-30631]
-* link:https://access.redhat.com/security/cve/CVE-2022-32148[CVE-2022-32148]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
diff --git a/modules/logging-rn-5.5.10.adoc b/modules/logging-rn-5.5.10.adoc
deleted file mode 100644
index 166f9fb37a46..000000000000
--- a/modules/logging-rn-5.5.10.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-//module included in logging-release-notes.adoc
-:content-type: REFERENCE
-[id="logging-release-notes-5-5-10{context}"]
-= Logging 5.5.10
-This release includes link:https://access.redhat.com/errata/RHBA-2023:1827[OpenShift Logging Bug Fix Release 5.5.10].
-
-[id="logging-5-5-10-bug-fixes"]
-== Bug fixes
-* Before this update, the logging view plugin of the OpenShift Web Console showed only an error text when the LokiStack was not reachable. After this update the plugin shows a proper error message with details on how to fix the unreachable LokiStack. (link:https://issues.redhat.com/browse/LOG-2874[LOG-2874])
-
-[id="logging-5-5-10-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* link:https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* link:https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* link:https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* link:https://access.redhat.com/security/cve/CVE-2023-0361[CVE-2023-0361]
-* link:https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/logging-rn-5.5.2.adoc b/modules/logging-rn-5.5.2.adoc
deleted file mode 100644
index e02c78703e31..000000000000
--- a/modules/logging-rn-5.5.2.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-// Module included in the following assemblies:
-//logging-5-5-release-notes
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-2_{context}"]
-= Logging 5.5.2
-This release includes link:https://access.redhat.com/errata/RHBA-2022:6559[OpenShift Logging Bug Fix Release 5.5.2].
-
-[id="logging-5-5-2-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, alerting rules for the Fluentd collector did not adhere to the {product-title} monitoring style guidelines. This update modifies those alerts to include the namespace label, resolving the issue. (link:https://issues.redhat.com/browse/LOG-1823[LOG-1823])
-
-* Before this update, the index management rollover script failed to generate a new index name whenever there was more than one hyphen character in the name of the index. With this update, index names generate correctly. (link:https://issues.redhat.com/browse/LOG-2644[LOG-2644])
-
-* Before this update, the Kibana route was setting a `caCertificate` value without a certificate present. With this update, no `caCertificate` value is set. (link:https://issues.redhat.com/browse/LOG-2661[LOG-2661])
-
-* Before this update, a change in the collector dependencies caused it to issue a warning message for unused parameters. With this update, removing unused configuration parameters resolves the issue. (link:https://issues.redhat.com/browse/LOG-2859[LOG-2859])
-
-* Before this update, pods created for deployments that Loki Operator created were mistakenly scheduled on nodes with non-Linux operating systems, if such nodes were available in the cluster the Operator was running in. With this update, the Operator attaches an additional node-selector to the pod definitions which only allows scheduling the pods on Linux-based nodes. (link:https://issues.redhat.com/browse/LOG-2895[LOG-2895])
-
-* Before this update,  the OpenShift Console Logs view did not filter logs by severity due to a LogQL parser issue in the LokiStack gateway. With this update, a parser fix resolves the issue and the OpenShift Console Logs view can filter by severity. (link:https://issues.redhat.com/browse/LOG-2908[LOG-2908])
-
-* Before this update, a refactoring of the Fluentd collector plugins removed the timestamp field for events. This update restores the timestamp field, sourced from the event's received time. (link:https://issues.redhat.com/browse/LOG-2923[LOG-2923])
-
-* Before this update, absence of a `level` field in audit logs caused an error in vector logs. With this update, the addition of a `level` field in the audit log record resolves the issue. (link:https://issues.redhat.com/browse/LOG-2961[LOG-2961])
-
-* Before this update, if you deleted the Kibana Custom Resource, the {product-title} web console continued displaying a link to Kibana. With this update, removing the Kibana Custom Resource also removes that link. (link:https://issues.redhat.com/browse/LOG-3053[LOG-3053])
-
-* Before this update, each rollover job created empty indices when the `ClusterLogForwarder` custom resource had JSON parsing defined. With this update, new indices are not empty. (link:https://issues.redhat.com/browse/LOG-3063[LOG-3063])
-
-* Before this update, when the user deleted the LokiStack after an update to Loki Operator 5.5 resources originally created by Loki Operator 5.4 remained. With this update, the resources' owner-references point to the 5.5 LokiStack. (link:https://issues.redhat.com/browse/LOG-2945[LOG-2945])
-
-* Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs. (link:https://issues.redhat.com/browse/LOG-2918[LOG-2918])
-
-* Before this update, users with cluster-admin privileges were not able to properly view infrastructure and audit logs using the logging console. With this update, the authorization check has been extended to also recognize users in cluster-admin and dedicated-admin groups as admins. (link:https://issues.redhat.com/browse/LOG-2970[LOG-2970])
-
-[id="logging-5-5-2-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2015-20107[CVE-2015-20107]
-* link:https://access.redhat.com/security/cve/CVE-2022-0391[CVE-2022-0391]
-* link:https://access.redhat.com/security/cve/CVE-2022-21123[CVE-2022-21123]
-* link:https://access.redhat.com/security/cve/CVE-2022-21125[CVE-2022-21125]
-* link:https://access.redhat.com/security/cve/CVE-2022-21166[CVE-2022-21166]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
diff --git a/modules/logging-rn-5.5.3.adoc b/modules/logging-rn-5.5.3.adoc
deleted file mode 100644
index f2c459d907d8..000000000000
--- a/modules/logging-rn-5.5.3.adoc
+++ /dev/null
@@ -1,37 +0,0 @@
-// Module included in the following assemblies:
-//logging-5-5-release-notes
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-3_{context}"]
-= Logging 5.5.3
-This release includes link:https://access.redhat.com/errata/RHBA-2022:6858[OpenShift Logging Bug Fix Release 5.5.3].
-
-[id="logging-5-5-3-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, log entries that had structured messages included the original message field, which made the entry larger. This update removes the message field for structured logs to reduce the increased size. (link:https://issues.redhat.com/browse/LOG-2759[LOG-2759])
-
-* Before this update, the collector configuration excluded logs from `collector`, `default-log-store`, and `visualization`  pods, but was unable to exclude logs archived in a `.gz` file. With this update, archived logs stored as `.gz` files of `collector`, `default-log-store`, and `visualization` pods are also excluded. (link:https://issues.redhat.com/browse/LOG-2844[LOG-2844])
-
-* Before this update, when requests to an unavailable pod were sent through the gateway, no alert would warn of the disruption. With this update, individual alerts will generate if the gateway has issues completing a write or read request. (link:https://issues.redhat.com/browse/LOG-2884[LOG-2884])
-
-* Before this update, pod metadata could be altered by fluent plugins because the values passed through the pipeline by reference. This update ensures each log message receives a copy of the pod metadata so each message processes independently. (link:https://issues.redhat.com/browse/LOG-3046[LOG-3046])
-
-* Before this update, selecting *unknown* severity in the OpenShift Console Logs view excluded logs with a `level=unknown` value. With this update, logs without level and with `level=unknown` values are visible when filtering by *unknown* severity. (link:https://issues.redhat.com/browse/LOG-3062[LOG-3062])
-
-* Before this update, log records sent to Elasticsearch had an extra field named `write-index` that contained the name of the index to which the logs needed to be sent. This field is not a part of the data model. After this update, this field is no longer sent. (link:https://issues.redhat.com/browse/LOG-3075[LOG-3075])
-
-* With the introduction of the new built-in link:https://cloud.redhat.com/blog/pod-security-admission-in-openshift-4.11[Pod Security Admission Controller], Pods not configured in accordance with the enforced security standards defined globally or on the namespace level cannot run. With this update, the Operator and collectors allow privileged execution and run without security audit warnings or errors. (link:https://issues.redhat.com/browse/LOG-3077[LOG-3077])
-
-* Before this update, the Operator removed any custom outputs defined in the `ClusterLogForwarder` custom resource when using LokiStack as the default log storage. With this update, the Operator merges custom outputs with the default outputs when processing the `ClusterLogForwarder` custom resource. (link:https://issues.redhat.com/browse/LOG-3095[LOG-3095])
-
-[id="logging-5-5-3-cves_{context}"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2015-20107[CVE-2015-20107]
-* link:https://access.redhat.com/security/cve/CVE-2022-0391[CVE-2022-0391]
-* link:https://access.redhat.com/security/cve/CVE-2022-2526[CVE-2022-2526]
-* link:https://access.redhat.com/security/cve/CVE-2022-21123[CVE-2022-21123]
-* link:https://access.redhat.com/security/cve/CVE-2022-21125[CVE-2022-21125]
-* link:https://access.redhat.com/security/cve/CVE-2022-21166[CVE-2022-21166]
-* link:https://access.redhat.com/security/cve/CVE-2022-29154[CVE-2022-29154]
-* link:https://access.redhat.com/security/cve/CVE-2022-32206[CVE-2022-32206]
-* link:https://access.redhat.com/security/cve/CVE-2022-32208[CVE-2022-32208]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
diff --git a/modules/logging-rn-5.5.4.adoc b/modules/logging-rn-5.5.4.adoc
deleted file mode 100644
index 96ff0ba57dd7..000000000000
--- a/modules/logging-rn-5.5.4.adoc
+++ /dev/null
@@ -1,42 +0,0 @@
-// Module included in the following assemblies:
-//logging-5-5-release-notes
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-4_{context}"]
-= Logging 5.5.4
-This release includes link:https://access.redhat.com/errata/RHSA-2022:7434[OpenShift Logging Bug Fix Release 5.5.4].
-
-[id="logging-5-5-4-bug-fixes"]
-== Bug fixes
-* Before this update, an error in the query parser of the logging view plugin caused parts of the logs query to disappear if the query contained curly brackets `{}`. This made the queries invalid, leading to errors being returned for valid queries. With this update, the parser correctly handles these queries. (link:https://issues.redhat.com/browse/LOG-3042[LOG-3042])
-
-* Before this update, the Operator could enter a loop of removing and recreating the collector daemonset while the Elasticsearch or Kibana deployments changed their status. With this update, a fix in the status handling of the Operator resolves the issue. (link:https://issues.redhat.com/browse/LOG-3049[LOG-3049])
-
-* Before this update, no alerts were implemented to support the collector implementation of Vector. This change adds Vector alerts and deploys separate alerts, depending upon the chosen collector implementation. (link:https://issues.redhat.com/browse/LOG-3127[LOG-3127])
-
-* Before this update, the secret creation component of the Elasticsearch Operator modified internal secrets constantly. With this update, the existing secret is properly handled. (link:https://issues.redhat.com/browse/LOG-3138[LOG-3138])
-
-* Before this update, a prior refactoring of the logging `must-gather` scripts removed the expected location for the artifacts. This update reverts that change to write artifacts to the `/must-gather` folder. (link:https://issues.redhat.com/browse/LOG-3213[LOG-3213])
-
-* Before this update, on certain clusters, the Prometheus exporter would bind on IPv4 instead of IPv6. After this update, Fluentd detects the IP version and binds to `0.0.0.0` for IPv4 or `[::]` for IPv6. (link:https://issues.redhat.com/browse/LOG-3162[LOG-3162])
-
-[id="logging-5-5-4-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2022-0494[CVE-2022-0494]
-* link:https://access.redhat.com/security/cve/CVE-2022-1353[CVE-2022-1353]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2588[CVE-2022-2588]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-23816[CVE-2022-23816]
-* link:https://access.redhat.com/security/cve/CVE-2022-23825[CVE-2022-23825]
-* link:https://access.redhat.com/security/cve/CVE-2022-29900[CVE-2022-29900]
-* link:https://access.redhat.com/security/cve/CVE-2022-29901[CVE-2022-29901]
-* link:https://access.redhat.com/security/cve/CVE-2022-32149[CVE-2022-32149]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-40674[CVE-2022-40674]
diff --git a/modules/logging-rn-5.5.5.adoc b/modules/logging-rn-5.5.5.adoc
deleted file mode 100644
index 63285a89387a..000000000000
--- a/modules/logging-rn-5.5.5.adoc
+++ /dev/null
@@ -1,94 +0,0 @@
-// Module included in the following assemblies:
-//logging-5-5-release-notes
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-5_{context}"]
-= Logging 5.5.5
-This release includes link:https://access.redhat.com/errata/RHSA-2022:8781[OpenShift Logging Bug Fix Release 5.5.5].
-
-[id="logging-5-5-5-bug-fixes"]
-== Bug fixes
-* Before this update, Kibana had a fixed `24h` OAuth cookie expiration time, which resulted in 401 errors in Kibana whenever the `accessTokenInactivityTimeout` field was set to a value lower than `24h`. With this update, Kibana's OAuth cookie expiration time synchronizes to the `accessTokenInactivityTimeout`, with a default value of `24h`. (link:https://issues.redhat.com/browse/LOG-3305[LOG-3305])
-
-* Before this update, Vector parsed the message field when JSON  parsing was enabled without also defining `structuredTypeKey` or `structuredTypeName` values. With this update, a value is required for either  `structuredTypeKey` or `structuredTypeName` when writing structured logs to Elasticsearch. (link:https://issues.redhat.com/browse/LOG-3284[LOG-3284])
-
-* Before this update, the `FluentdQueueLengthIncreasing` alert could fail to fire when there was a cardinality issue with the set of labels returned from this alert expression. This update reduces labels to only include those required for the alert. (https://issues.redhat.com/browse/LOG-3226[LOG-3226])
-
-* Before this update, Loki did not have support to reach an external storage in a disconnected cluster. With this update,  proxy environment variables and proxy trusted CA bundles are included in the container image to support these connections. (link:https://issues.redhat.com/browse/LOG-2860[LOG-2860])
-
-* Before this update, {product-title} web console users could not choose the `ConfigMap` object that includes the CA certificate for Loki, causing pods to operate without the CA. With this update, web console users can select the config map, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3310[LOG-3310])
-
-* Before this update, the CA key was used as volume name for mounting the CA into Loki, causing error states when the CA Key included non-conforming characters (such as dots). With this update, the volume name is standardized to an internal string which resolves the issue. (link:https://issues.redhat.com/browse/LOG-3332[LOG-3332])
-
-[id="logging-5-5-5-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2016-3709[CVE-2016-3709]
-* link:https://access.redhat.com/security/cve/CVE-2020-35525[CVE-2020-35525]
-* link:https://access.redhat.com/security/cve/CVE-2020-35527[CVE-2020-35527]
-* link:https://access.redhat.com/security/cve/CVE-2020-36516[CVE-2020-36516]
-* link:https://access.redhat.com/security/cve/CVE-2020-36558[CVE-2020-36558]
-* link:https://access.redhat.com/security/cve/CVE-2021-3640[CVE-2021-3640]
-* link:https://access.redhat.com/security/cve/CVE-2021-30002[CVE-2021-30002]
-* link:https://access.redhat.com/security/cve/CVE-2022-0168[CVE-2022-0168]
-* link:https://access.redhat.com/security/cve/CVE-2022-0561[CVE-2022-0561]
-* link:https://access.redhat.com/security/cve/CVE-2022-0562[CVE-2022-0562]
-* link:https://access.redhat.com/security/cve/CVE-2022-0617[CVE-2022-0617]
-* link:https://access.redhat.com/security/cve/CVE-2022-0854[CVE-2022-0854]
-* link:https://access.redhat.com/security/cve/CVE-2022-0865[CVE-2022-0865]
-* link:https://access.redhat.com/security/cve/CVE-2022-0891[CVE-2022-0891]
-* link:https://access.redhat.com/security/cve/CVE-2022-0908[CVE-2022-0908]
-* link:https://access.redhat.com/security/cve/CVE-2022-0909[CVE-2022-0909]
-* link:https://access.redhat.com/security/cve/CVE-2022-0924[CVE-2022-0924]
-* link:https://access.redhat.com/security/cve/CVE-2022-1016[CVE-2022-1016]
-* link:https://access.redhat.com/security/cve/CVE-2022-1048[CVE-2022-1048]
-* link:https://access.redhat.com/security/cve/CVE-2022-1055[CVE-2022-1055]
-* link:https://access.redhat.com/security/cve/CVE-2022-1184[CVE-2022-1184]
-* link:https://access.redhat.com/security/cve/CVE-2022-1292[CVE-2022-1292]
-* link:https://access.redhat.com/security/cve/CVE-2022-1304[CVE-2022-1304]
-* link:https://access.redhat.com/security/cve/CVE-2022-1355[CVE-2022-1355]
-* link:https://access.redhat.com/security/cve/CVE-2022-1586[CVE-2022-1586]
-* link:https://access.redhat.com/security/cve/CVE-2022-1785[CVE-2022-1785]
-* link:https://access.redhat.com/security/cve/CVE-2022-1852[CVE-2022-1852]
-* link:https://access.redhat.com/security/cve/CVE-2022-1897[CVE-2022-1897]
-* link:https://access.redhat.com/security/cve/CVE-2022-1927[CVE-2022-1927]
-* link:https://access.redhat.com/security/cve/CVE-2022-2068[CVE-2022-2068]
-* link:https://access.redhat.com/security/cve/CVE-2022-2078[CVE-2022-2078]
-* link:https://access.redhat.com/security/cve/CVE-2022-2097[CVE-2022-2097]
-* link:https://access.redhat.com/security/cve/CVE-2022-2509[CVE-2022-2509]
-* link:https://access.redhat.com/security/cve/CVE-2022-2586[CVE-2022-2586]
-* link:https://access.redhat.com/security/cve/CVE-2022-2639[CVE-2022-2639]
-* link:https://access.redhat.com/security/cve/CVE-2022-2938[CVE-2022-2938]
-* link:https://access.redhat.com/security/cve/CVE-2022-3515[CVE-2022-3515]
-* link:https://access.redhat.com/security/cve/CVE-2022-20368[CVE-2022-20368]
-* link:https://access.redhat.com/security/cve/CVE-2022-21499[CVE-2022-21499]
-* link:https://access.redhat.com/security/cve/CVE-2022-21618[CVE-2022-21618]
-* link:https://access.redhat.com/security/cve/CVE-2022-21619[CVE-2022-21619]
-* link:https://access.redhat.com/security/cve/CVE-2022-21624[CVE-2022-21624]
-* link:https://access.redhat.com/security/cve/CVE-2022-21626[CVE-2022-21626]
-* link:https://access.redhat.com/security/cve/CVE-2022-21628[CVE-2022-21628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22624[CVE-2022-22624]
-* link:https://access.redhat.com/security/cve/CVE-2022-22628[CVE-2022-22628]
-* link:https://access.redhat.com/security/cve/CVE-2022-22629[CVE-2022-22629]
-* link:https://access.redhat.com/security/cve/CVE-2022-22662[CVE-2022-22662]
-* link:https://access.redhat.com/security/cve/CVE-2022-22844[CVE-2022-22844]
-* link:https://access.redhat.com/security/cve/CVE-2022-23960[CVE-2022-23960]
-* link:https://access.redhat.com/security/cve/CVE-2022-24448[CVE-2022-24448]
-* link:https://access.redhat.com/security/cve/CVE-2022-25255[CVE-2022-25255]
-* link:https://access.redhat.com/security/cve/CVE-2022-26373[CVE-2022-26373]
-* link:https://access.redhat.com/security/cve/CVE-2022-26700[CVE-2022-26700]
-* link:https://access.redhat.com/security/cve/CVE-2022-26709[CVE-2022-26709]
-* link:https://access.redhat.com/security/cve/CVE-2022-26710[CVE-2022-26710]
-* link:https://access.redhat.com/security/cve/CVE-2022-26716[CVE-2022-26716]
-* link:https://access.redhat.com/security/cve/CVE-2022-26717[CVE-2022-26717]
-* link:https://access.redhat.com/security/cve/CVE-2022-26719[CVE-2022-26719]
-* link:https://access.redhat.com/security/cve/CVE-2022-27404[CVE-2022-27404]
-* link:https://access.redhat.com/security/cve/CVE-2022-27405[CVE-2022-27405]
-* link:https://access.redhat.com/security/cve/CVE-2022-27406[CVE-2022-27406]
-* link:https://access.redhat.com/security/cve/CVE-2022-27950[CVE-2022-27950]
-* link:https://access.redhat.com/security/cve/CVE-2022-28390[CVE-2022-28390]
-* link:https://access.redhat.com/security/cve/CVE-2022-28893[CVE-2022-28893]
-* link:https://access.redhat.com/security/cve/CVE-2022-29581[CVE-2022-29581]
-* link:https://access.redhat.com/security/cve/CVE-2022-30293[CVE-2022-30293]
-* link:https://access.redhat.com/security/cve/CVE-2022-34903[CVE-2022-34903]
-* link:https://access.redhat.com/security/cve/CVE-2022-36946[CVE-2022-36946]
-* link:https://access.redhat.com/security/cve/CVE-2022-37434[CVE-2022-37434]
-* link:https://access.redhat.com/security/cve/CVE-2022-39399[CVE-2022-39399]
diff --git a/modules/logging-rn-5.5.6.adoc b/modules/logging-rn-5.5.6.adoc
deleted file mode 100644
index 2dbc60c76f38..000000000000
--- a/modules/logging-rn-5.5.6.adoc
+++ /dev/null
@@ -1,49 +0,0 @@
-//module included in logging-5-5-release-notes.adoc
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-6_{context}"]
-= Logging 5.5.6
-This release includes link:https://access.redhat.com/errata/RHBA-2023:0386[OpenShift Logging Bug Fix Release 5.5.6].
-
-[id="logging-5-5-6-bug-fixes"]
-== Bug fixes
-* Before this update, the Pod Security admission controller added the label `podSecurityLabelSync = true` to the `openshift-logging` namespace. This resulted in our specified security labels being overwritten, and as a result Collector pods would not start. With this update, the label `podSecurityLabelSync = false` preserves security labels. Collector pods deploy as expected. (link:https://issues.redhat.com/browse/LOG-3340[LOG-3340])
-
-* Before this update, the Operator installed the console view plugin, even when it was not enabled on the cluster. This caused the Operator to crash. With this update, if an account for a cluster does not have the console view enabled, the Operator functions normally and does not install the console view. (link:https://issues.redhat.com/browse/LOG-3407[LOG-3407])
-
-* Before this update, a prior fix to support a regression where the status of the Elasticsearch deployment was not being updated caused the Operator to crash unless the `Red Hat Elasticsearch Operator` was deployed. With this update, that fix has been reverted so the Operator is now stable but re-introduces the previous issue related to the reported status. (link:https://issues.redhat.com/browse/LOG-3428[LOG-3428])
-
-* Before this update, the Loki Operator only deployed one replica of the LokiStack gateway regardless of the chosen stack size. With this update, the number of replicas is correctly configured according to the selected size. (link:https://issues.redhat.com/browse/LOG-3478[LOG-3478])
-
-* Before this update, records written to Elasticsearch would fail if multiple label keys had the same prefix and some keys included dots. With this update, underscores replace dots in label keys, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3341[LOG-3341])
-
-* Before this update, the logging view plugin contained an incompatible feature for certain versions of {product-title}. With this update, the correct release stream of the plugin resolves the issue. (link:https://issues.redhat.com/browse/LOG-3467[LOG-3467])
-
-* Before this update, the reconciliation of the `ClusterLogForwarder` custom resource would incorrectly report a degraded status of one or more pipelines causing the collector pods to restart every 8-10 seconds. With this update, reconciliation of the `ClusterLogForwarder` custom resource processes correctly, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3469[LOG-3469])
-
-* Before this change the spec for the `outputDefaults` field of the ClusterLogForwarder custom resource would apply the settings to every declared Elasticsearch output type. This change corrects the behavior to match the enhancement specification where the setting specifically applies to the default managed Elasticsearch store. (link:https://issues.redhat.com/browse/LOG-3342[LOG-3342])
-
-* Before this update, the OpenShift CLI (oc) `must-gather` script did not complete because the OpenShift CLI (oc) needs a folder with write permission to build its cache. With this update, the OpenShift CLI (oc) has write permissions to a folder, and the `must-gather` script completes successfully. (link:https://issues.redhat.com/browse/LOG-3472[LOG-3472])
-
-* Before this update, the Loki Operator webhook server caused TLS errors. With this update, the Loki Operator webhook PKI is managed by the Operator Lifecycle Manager's dynamic webhook management resolving the issue. (link:https://issues.redhat.com/browse/LOG-3511[LOG-3511])
-
-[id="logging-5-5-6-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* link:https://access.redhat.com/security/cve/CVE-2022-2056[CVE-2022-2056]
-* link:https://access.redhat.com/security/cve/CVE-2022-2057[CVE-2022-2057]
-* link:https://access.redhat.com/security/cve/CVE-2022-2058[CVE-2022-2058]
-* link:https://access.redhat.com/security/cve/CVE-2022-2519[CVE-2022-2519]
-* link:https://access.redhat.com/security/cve/CVE-2022-2520[CVE-2022-2520]
-* link:https://access.redhat.com/security/cve/CVE-2022-2521[CVE-2022-2521]
-* link:https://access.redhat.com/security/cve/CVE-2022-2867[CVE-2022-2867]
-* link:https://access.redhat.com/security/cve/CVE-2022-2868[CVE-2022-2868]
-* link:https://access.redhat.com/security/cve/CVE-2022-2869[CVE-2022-2869]
-* link:https://access.redhat.com/security/cve/CVE-2022-2953[CVE-2022-2953]
-* link:https://access.redhat.com/security/cve/CVE-2022-2964[CVE-2022-2964]
-* link:https://access.redhat.com/security/cve/CVE-2022-4139[CVE-2022-4139]
-* link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/logging-rn-5.5.7.adoc b/modules/logging-rn-5.5.7.adoc
deleted file mode 100644
index f91bbb44d4c0..000000000000
--- a/modules/logging-rn-5.5.7.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-//module included in logging-5-5-release-notes.adoc
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-7_{context}"]
-= Logging 5.5.7
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0633[OpenShift Logging Bug Fix Release 5.5.7].
-
-[id="logging-5-5-7-bug-fixes"]
-== Bug fixes
-* Before this update, the LokiStack Gateway Labels Enforcer generated parsing errors for valid LogQL queries when using combined label filters with boolean expressions. With this update, the LokiStack LogQL implementation supports label filters with boolean expression and resolves the issue. (link:https://issues.redhat.com/browse/LOG-3534[LOG-3534])
-
-* Before this update, the `ClusterLogForwarder` custom resource (CR) did not pass TLS credentials for syslog output to Fluentd, resulting in errors during forwarding. With this update, credentials pass correctly to Fluentd, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3533[LOG-3533])
-
-[id="logging-5-5-7-CVEs"]
-== CVEs
-link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-link:https://access.redhat.com/security/cve/CVE-2022-3821[CVE-2022-3821]
-link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/logging-rn-5.5.8.adoc b/modules/logging-rn-5.5.8.adoc
deleted file mode 100644
index 4ab12f6250fb..000000000000
--- a/modules/logging-rn-5.5.8.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-8_{context}"]
-= Logging 5.5.8
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0930[OpenShift Logging Bug Fix Release 5.5.8].
-
-[id="logging-5-5-8-bug-fixes"]
-== Bug fixes
-* Before this update, the `priority` field was missing from `systemd` logs due to an error in how the collector set `level` fields. With this update, these fields are set correctly, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3630[LOG-3630])
-
-[id="logging-5-5-8-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-10735[CVE-2020-10735]
-* link:https://access.redhat.com/security/cve/CVE-2021-28861[CVE-2021-28861]
-* link:https://access.redhat.com/security/cve/CVE-2022-2873[CVE-2022-2873]
-* link:https://access.redhat.com/security/cve/CVE-2022-4415[CVE-2022-4415]
-* link:https://access.redhat.com/security/cve/CVE-2022-24999[CVE-2022-24999]
-* link:https://access.redhat.com/security/cve/CVE-2022-40897[CVE-2022-40897]
-* link:https://access.redhat.com/security/cve/CVE-2022-41222[CVE-2022-41222]
-* link:https://access.redhat.com/security/cve/CVE-2022-41717[CVE-2022-41717]
-* link:https://access.redhat.com/security/cve/CVE-2022-43945[CVE-2022-43945]
-* link:https://access.redhat.com/security/cve/CVE-2022-45061[CVE-2022-45061]
-* link:https://access.redhat.com/security/cve/CVE-2022-48303[CVE-2022-48303]
diff --git a/modules/logging-rn-5.5.9.adoc b/modules/logging-rn-5.5.9.adoc
deleted file mode 100644
index 7bded1a43190..000000000000
--- a/modules/logging-rn-5.5.9.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-//module included in logging-5-5-release-notes.adoc
-:_content-type: REFERENCE
-[id="logging-release-notes-5-5-9_{context}"]
-= Logging 5.5.9
-This release includes link:https://access.redhat.com/errata/RHSA-2023:1310[OpenShift Logging Bug Fix Release 5.5.9].
-
-[id="logging-5-5-9-bug-fixes"]
-== Bug fixes
-* Before this update, a problem with the Fluentd collector caused it to not capture OAuth login events stored in `/var/log/auth-server/audit.log`. This led to incomplete collection of login events from the OAuth service. With this update, the Fluentd collector now resolves this issue by capturing all login events from the OAuth service, including those stored in `/var/log/auth-server/audit.log`, as expected.(link:https://issues.redhat.com/browse/LOG-3730[LOG-3730])
-
-* Before this update, when structured parsing was enabled and messages were forwarded to multiple destinations, they were not deep copied. This resulted in some of the received logs including the structured message, while others did not. With this update, the configuration generation has been modified to deep copy messages before JSON parsing. As a result, all received logs now have structured messages included, even when they are forwarded to multiple destinations.(link:https://issues.redhat.com/browse/LOG-3767[LOG-3767])
-
-[id="logging-5-5-9-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* link:https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* link:https://access.redhat.com/security/cve/CVE-2022-41717[CVE-2022-41717]
-* link:https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* link:https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* link:https://access.redhat.com/security/cve/CVE-2023-0767[CVE-2023-0767]
-* link:https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/logging-rn-5.6.0.adoc b/modules/logging-rn-5.6.0.adoc
deleted file mode 100644
index 338f8ea1e7cf..000000000000
--- a/modules/logging-rn-5.6.0.adoc
+++ /dev/null
@@ -1,86 +0,0 @@
-//included in cluster-logging-release-notes.adoc
-:_content-type: ASSEMBLY
-[id="logging-release-notes-5-6-0_{context}"]
-= Logging 5.6.0
-
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0264[OpenShift Logging Release 5.6].
-
-[id="logging-5-6-dep-notice_{context}"]
-== Deprecation notice
-In logging version 5.6, Fluentd is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to Fluentd, you can use Vector instead.
-
-[id="logging-5-6-enhancements_{context}"]
-== Enhancements
-* With this update, Logging is compliant with {product-title} cluster-wide cryptographic policies.
- (link:https://issues.redhat.com/browse/LOG-895[LOG-895])
-
-* With this update, you can declare per-tenant, per-stream, and global policies retention policies through the LokiStack custom resource, ordered by priority. (link:https://issues.redhat.com/browse/LOG-2695[LOG-2695])
-
-* With this update, Splunk is an available output option for log forwarding. (link:https://issues.redhat.com/browse/LOG-2913[LOG-2913])
-
-* With this update, Vector replaces Fluentd as the default Collector. (link:https://issues.redhat.com/browse/LOG-2222[LOG-2222])
-
-* With this update, the *Developer* role can access the per-project workload logs they are assigned to within the Log Console Plugin on clusters running {product-title} 4.11 and higher. (link:https://issues.redhat.com/browse/LOG-3388[LOG-3388])
-
-* With this update, logs from any source contain a field `openshift.cluster_id`, the unique identifier of the cluster in which the Operator is deployed. You can view the `clusterID` value with the command below. (link:https://issues.redhat.com/browse/LOG-2715[LOG-2715])
-
-include::snippets/logging-get-clusterid-snip.adoc[lines=9..12]
-
-[id="logging-5-6-known-issues_{context}"]
-== Known Issues
-* Before this update, Elasticsearch would reject logs if multiple label keys had the same prefix and some keys included the `.` character. This fixes the limitation of Elasticsearch by replacing `.` in the label keys with `_`. As a workaround for this issue, remove the labels that cause errors, or add a namespace to the label. (link:https://issues.redhat.com/browse/LOG-3463[LOG-3463])
-
-[id="logging-5-6-bug-fixes_{context}"]
-== Bug fixes
-* Before this update, if you deleted the Kibana Custom Resource, the {product-title} web console continued displaying a link to Kibana. With this update, removing the Kibana Custom Resource also removes that link. (link:https://issues.redhat.com/browse/LOG-2993[LOG-2993])
-
-* Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs. (link:https://issues.redhat.com/browse/LOG-3072[LOG-3072])
-
-* Before this update, the Operator removed any custom outputs defined in the `ClusterLogForwarder` custom resource when using LokiStack as the default log storage. With this update, the Operator merges custom outputs with the default outputs when processing the `ClusterLogForwarder` custom resource. (link:https://issues.redhat.com/browse/LOG-3090[LOG-3090])
-
-* Before this update, the CA key was used as the volume name for mounting the CA into Loki, causing error states when the CA Key included non-conforming characters, such as dots. With this update, the volume name is standardized to an internal string which resolves the issue. (link:https://issues.redhat.com/browse/LOG-3331[LOG-3331])
-
-* Before this update, a default value set within the LokiStack Custom Resource Definition, caused an inability to create a LokiStack instance without a `ReplicationFactor` of `1`. With this update,  the operator sets the actual value for the size used. (link:https://issues.redhat.com/browse/LOG-3296[LOG-3296])
-
-* Before this update, Vector parsed the message field when JSON parsing was enabled without also defining `structuredTypeKey` or `structuredTypeName` values. With this update, a value is required for either `structuredTypeKey` or `structuredTypeName` when writing structured logs to Elasticsearch. (link:https://issues.redhat.com/browse/LOG-3195[LOG-3195])
-
-* Before this update, the secret creation component of the Elasticsearch Operator modified internal secrets constantly. With this update, the existing secret is properly handled. (link:https://issues.redhat.com/browse/LOG-3161[LOG-3161])
-
-* Before this update, the Operator could enter a loop of removing and recreating the collector daemonset while the Elasticsearch or Kibana deployments changed their status. With this update, a fix in the status handling of the Operator resolves the issue. (link:https://issues.redhat.com/browse/LOG-3157[LOG-3157])
-
-* Before this update, Kibana had a fixed `24h` OAuth cookie expiration time, which resulted in 401 errors in Kibana whenever the `accessTokenInactivityTimeout` field was set to a value lower than `24h`. With this update, Kibana's OAuth cookie expiration time synchronizes to the `accessTokenInactivityTimeout`, with a default value of `24h`. (link:https://issues.redhat.com/browse/LOG-3129[LOG-3129])
-
-* Before this update, the Operators general pattern for reconciling resources was to try and create before attempting to get or update which would lead to constant HTTP 409 responses after creation.  With this update, Operators first attempt to retrieve an object and only create or update it if it is either missing or not as specified. (link:https://issues.redhat.com/browse/LOG-2919[LOG-2919])
-
-* Before this update, the `.level` and`.structure.level` fields in Fluentd could contain different values. With this update, the values are the same for each field. (link:https://issues.redhat.com/browse/LOG-2819[LOG-2819])
-
-* Before this update, the Operator did not wait for the population of the trusted CA bundle and deployed the collector a second time once the bundle updated.  With this update, the Operator waits briefly to see if the bundle has been populated before it continues the collector deployment. (link:https://issues.redhat.com/browse/LOG-2789[LOG-2789])
-
-* Before this update, logging telemetry info appeared twice when reviewing metrics.  With this update, logging telemetry info displays as expected. (link:https://issues.redhat.com/browse/LOG-2315[LOG-2315])
-
-* Before this update, Fluentd pod logs contained a warning message after enabling the JSON parsing addition. With this update, that warning message does not appear. (link:https://issues.redhat.com/browse/LOG-1806[LOG-1806])
-
-* Before this update, the `must-gather` script did not complete because `oc` needs a folder with write permission to build its cache. With this update, `oc` has write permissions to a folder, and the `must-gather` script completes successfully. (link:https://issues.redhat.com/browse/LOG-3446[LOG-3446])
-
-* Before this update the log collector SCC could be superseded by other SCCs on the cluster, rendering the collector unusable. This update sets the priority of the log collector SCC so that it takes precedence over the others. (link:https://issues.redhat.com/browse/LOG-3235[LOG-3235])
-
-* Before this update, Vector was missing the field `sequence`, which was added to fluentd as a way to deal with a lack of actual nanoseconds precision. With this update, the field `openshift.sequence` has been added to the event logs. (link:https://issues.redhat.com/browse/LOG-3106[LOG-3106])
-
-[id="logging-5-6-cves_{context}"]
-== CVEs
-* https://access.redhat.com/security/cve/CVE-2020-36518[CVE-2020-36518]
-* https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* https://access.redhat.com/security/cve/CVE-2022-2879[CVE-2022-2879]
-* https://access.redhat.com/security/cve/CVE-2022-2880[CVE-2022-2880]
-* https://access.redhat.com/security/cve/CVE-2022-27664[CVE-2022-27664]
-* https://access.redhat.com/security/cve/CVE-2022-32190[CVE-2022-32190]
-* https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* https://access.redhat.com/security/cve/CVE-2022-37601[CVE-2022-37601]
-* https://access.redhat.com/security/cve/CVE-2022-41715[CVE-2022-41715]
-* https://access.redhat.com/security/cve/CVE-2022-42003[CVE-2022-42003]
-* https://access.redhat.com/security/cve/CVE-2022-42004[CVE-2022-42004]
-* https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
diff --git a/modules/logging-rn-5.6.1.adoc b/modules/logging-rn-5.6.1.adoc
deleted file mode 100644
index f01a180b63b1..000000000000
--- a/modules/logging-rn-5.6.1.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="logging-release-notes-5-6-1_{context}"]
-= Logging 5.6.1
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0634[OpenShift Logging Bug Fix Release 5.6.1].
-
-[id="logging-5-6-1-bug-fixes"]
-== Bug fixes
-* Before this update, the compactor would report TLS certificate errors from communications with the querier when retention was active. With this update, the compactor and querier no longer communicate erroneously over HTTP. (link:https://issues.redhat.com/browse/LOG-3494[LOG-3494])
-
-* Before this update, the Loki Operator would not retry setting the status of the `LokiStack` CR, which caused stale status information. With this update, the Operator retries status information updates on conflict. (link:https://issues.redhat.com/browse/LOG-3496[LOG-3496])
-
-* Before this update, the Loki Operator Webhook server caused TLS errors when the `kube-apiserver-operator` Operator checked the webhook validity. With this update, the Loki Operator Webhook PKI is managed by the Operator Lifecycle Manager (OLM), resolving the issue. (link:https://issues.redhat.com/browse/LOG-3510[LOG-3510])
-
-* Before this update, the LokiStack Gateway Labels Enforcer generated parsing errors for valid LogQL queries when using combined label filters with boolean expressions. With this update, the LokiStack LogQL implementation supports label filters with boolean expression and resolves the issue. (link:https://issues.redhat.com/browse/LOG-3441[LOG-3441]), (link:https://issues.redhat.com/browse/LOG-3397[LOG-3397])
-
-* Before this update, records written to Elasticsearch would fail if multiple label keys had the same prefix and some keys included dots. With this update, underscores replace dots in label keys, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3463[LOG-3463])
-
-* Before this update, the `Red Hat OpenShift Logging` Operator was not available for {product-title} 4.10 clusters because of an incompatibility between {product-title} console and the logging-view-plugin.  With this update, the plugin is properly integrated with the {product-title} 4.10 admin console. (link:https://issues.redhat.com/browse/LOG-3447[LOG-3447])
-
-* Before this update the reconciliation of the `ClusterLogForwarder` custom resource would incorrectly report a degraded status of pipelines that reference the default logstore. With this update, the pipeline validates properly.(link:https://issues.redhat.com/browse/LOG-3477[LOG-3477])
-
-
-[id="logging-5-6-1-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2021-46848[CVE-2021-46848]
-* link:https://access.redhat.com/security/cve/CVE-2022-3821[CVE-2022-3821]
-* link:https://access.redhat.com/security/cve/CVE-2022-35737[CVE-2022-35737]
-* link:https://access.redhat.com/security/cve/CVE-2022-42010[CVE-2022-42010]
-* link:https://access.redhat.com/security/cve/CVE-2022-42011[CVE-2022-42011]
-* link:https://access.redhat.com/security/cve/CVE-2022-42012[CVE-2022-42012]
-* link:https://access.redhat.com/security/cve/CVE-2022-42898[CVE-2022-42898]
-* link:https://access.redhat.com/security/cve/CVE-2022-43680[CVE-2022-43680]
-* link:https://access.redhat.com/security/cve/CVE-2021-35065[CVE-2021-35065]
-* link:https://access.redhat.com/security/cve/CVE-2022-46175[CVE-2022-46175]
diff --git a/modules/logging-rn-5.6.2.adoc b/modules/logging-rn-5.6.2.adoc
deleted file mode 100644
index 99dc99ba7c57..000000000000
--- a/modules/logging-rn-5.6.2.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-//module included in cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="logging-release-notes-5-6-2_{context}"]
-= Logging 5.6.2
-This release includes link:https://access.redhat.com/errata/RHBA-2023:0793[OpenShift Logging Bug Fix Release 5.6.2].
-
-[id="logging-5-6-2-bug-fixes"]
-== Bug fixes
-* Before this update, the collector did not set `level` fields correctly based on priority for systemd logs. With this update, `level` fields are set correctly. (link:https://issues.redhat.com/browse/LOG-3429[LOG-3429])
-
-* Before this update, the Operator incorrectly generated incompatibility warnings on  {product-title} 4.12 or later. With this update, the Operator max {product-title} version value has been corrected, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3584[LOG-3584])
-
-* Before this update, creating a `ClusterLogForwarder` custom resource (CR) with an output value of `default` did not generate any errors. With this update, an error warning that this value is invalid generates appropriately. (link:https://issues.redhat.com/browse/LOG-3437[LOG-3437])
-
-* Before this update, when the `ClusterLogForwarder` custom resource (CR) had multiple pipelines configured with one output set as `default`, the collector pods restarted. With this update, the logic for output validation has been corrected, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3559[LOG-3559])
-
-* Before this update, collector pods restarted after being created. With this update, the deployed collector does not restart on its own. (link:https://issues.redhat.com/browse/LOG-3608[LOG-3608])
-
-* Before this update, patch releases removed previous versions of the Operators from the catalog. This made installing the old versions impossible. This update changes bundle configurations so that previous releases of the same minor version stay in the catalog. (link:https://issues.redhat.com/browse/LOG-3635[LOG-3635])
-
-[id="logging-5-6-2-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-23521[CVE-2022-23521]
-* link:https://access.redhat.com/security/cve/CVE-2022-40303[CVE-2022-40303]
-* link:https://access.redhat.com/security/cve/CVE-2022-40304[CVE-2022-40304]
-* link:https://access.redhat.com/security/cve/CVE-2022-41903[CVE-2022-41903]
-* link:https://access.redhat.com/security/cve/CVE-2022-47629[CVE-2022-47629]
-* link:https://access.redhat.com/security/cve/CVE-2023-21835[CVE-2023-21835]
-* link:https://access.redhat.com/security/cve/CVE-2023-21843[CVE-2023-21843]
diff --git a/modules/logging-rn-5.6.3.adoc b/modules/logging-rn-5.6.3.adoc
deleted file mode 100644
index b920287d4904..000000000000
--- a/modules/logging-rn-5.6.3.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: REFERENCE
-[id="logging-release-notes-5-6-3_{context}"]
-= Logging 5.6.3
-This release includes link:https://access.redhat.com/errata/RHSA-2023:0932[OpenShift Logging Bug Fix Release 5.6.3].
-
-[id="logging-5-6-3-bug-fixes"]
-== Bug fixes
-* Before this update, the operator stored gateway tenant secret information in a config map. With this update, the operator stores this information in a secret. (link:https://issues.redhat.com/browse/LOG-3717[LOG-3717])
-
-* Before this update, the Fluentd collector did not capture OAuth login events stored in `/var/log/auth-server/audit.log`. With this update, Fluentd captures these OAuth login events, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3729[LOG-3729])
-
-[id="logging-5-6-3-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2020-10735[CVE-2020-10735]
-* link:https://access.redhat.com/security/cve/CVE-2021-28861[CVE-2021-28861]
-* link:https://access.redhat.com/security/cve/CVE-2022-2873[CVE-2022-2873]
-* link:https://access.redhat.com/security/cve/CVE-2022-4415[CVE-2022-4415]
-* link:https://access.redhat.com/security/cve/CVE-2022-40897[CVE-2022-40897]
-* link:https://access.redhat.com/security/cve/CVE-2022-41222[CVE-2022-41222]
-* link:https://access.redhat.com/security/cve/CVE-2022-43945[CVE-2022-43945]
-* link:https://access.redhat.com/security/cve/CVE-2022-45061[CVE-2022-45061]
-* link:https://access.redhat.com/security/cve/CVE-2022-48303[CVE-2022-48303]
diff --git a/modules/logging-rn-5.6.4.adoc b/modules/logging-rn-5.6.4.adoc
deleted file mode 100644
index 14e09b280df6..000000000000
--- a/modules/logging-rn-5.6.4.adoc
+++ /dev/null
@@ -1,34 +0,0 @@
-//module included in logging-release-notes.adoc
-:_content-type: REFERENCE
-[id="logging-release-notes-5-6-4_{context}"]
-= Logging 5.6.4
-This release includes link:https://access.redhat.com/errata/RHBA-2023:1311[OpenShift Logging Bug Fix Release 5.6.4].
-
-[id="logging-5-6-4-bug-fixes"]
-== Bug fixes
-* Before this update, when LokiStack was deployed as the log store, the logs generated by Loki pods were collected and sent to LokiStack. With this update, the logs generated by Loki are excluded from collection and will not be stored. (link:https://issues.redhat.com/browse/LOG-3280[LOG-3280])
-
-* Before this update, when the query editor on the Logs page of the OpenShift Web Console was empty, the drop-down menus did not populate. With this update, if an empty query is attempted, an error message is displayed and the drop-down menus now populate as expected. (link:https://issues.redhat.com/browse/LOG-3454[LOG-3454])
-
-* Before this update, when the `tls.insecureSkipVerify` option was set to `true`, the Cluster Logging Operator would generate incorrect configuration. As a result, the operator would fail to send data to Elasticsearch when attempting to skip certificate validation. With this update, the Cluster Logging Operator generates the correct TLS configuration even when `tls.insecureSkipVerify` is enabled. As a result, data can be sent successfully to Elasticsearch even when attempting to skip certificate validation. (link:https://issues.redhat.com/browse/LOG-3475[LOG-3475])
-
-* Before this update, when structured parsing was enabled and messages were forwarded to multiple destinations, they were not deep copied. This resulted in some of the received logs including the structured message, while others did not. With this update, the configuration generation has been modified to deep copy messages before JSON parsing. As a result, all received messages now have structured messages included, even when they are forwarded to multiple destinations. (link:https://issues.redhat.com/browse/LOG-3640[LOG-3640])
-
-* Before this update, if the `collection` field contained `{}` it could result in the Operator crashing. With this update, the Operator will ignore this value, allowing the operator to continue running smoothly without interruption. (link:https://issues.redhat.com/browse/LOG-3733[LOG-3733])
-
-* Before this update, the `nodeSelector` attribute for the Gateway component of LokiStack did not have any effect. With this update, the `nodeSelector` attribute functions as expected. (link:https://issues.redhat.com/browse/LOG-3783[LOG-3783])
-
-* Before this update, the static LokiStack memberlist configuration relied solely on private IP networks. As a result, when the {product-title} cluster pod network was configured with a public IP range, the LokiStack pods would crashloop. With this update, the LokiStack administrator now has the option to use the pod network for the memberlist configuration. This resolves the issue and prevents the LokiStack pods from entering a crashloop state when the {product-title} cluster pod network is configured with a public IP range. (link:https://issues.redhat.com/browse/LOG-3814[LOG-3814])
-
-* Before this update, if the `tls.insecureSkipVerify` field was set to `true`, the Cluster Logging Operator would generate an incorrect configuration. As a result, the Operator would fail to send data to Elasticsearch when attempting to skip certificate validation. With this update, the Operator generates the correct TLS configuration even when `tls.insecureSkipVerify` is enabled. As a result, data can be sent successfully to Elasticsearch even when attempting to skip certificate validation. (link:https://issues.redhat.com/browse/LOG-3838[LOG-3838])
-
-* Before this update, if the Cluster Logging Operator (CLO) was installed without the Elasticsearch Operator, the CLO pod would continuously display an error message related to the deletion of Elasticsearch. With this update, the CLO now performs additional checks before displaying any error messages. As a result, error messages related to Elasticsearch deletion are no longer displayed in the absence of the Elasticsearch Operator.(link:https://issues.redhat.com/browse/LOG-3763[LOG-3763])
-
-[id="logging-5-6-4-CVEs"]
-== CVEs
-* https://access.redhat.com/security/cve/CVE-2022-4304[CVE-2022-4304]
-* https://access.redhat.com/security/cve/CVE-2022-4450[CVE-2022-4450]
-* https://access.redhat.com/security/cve/CVE-2023-0215[CVE-2023-0215]
-* https://access.redhat.com/security/cve/CVE-2023-0286[CVE-2023-0286]
-* https://access.redhat.com/security/cve/CVE-2023-0767[CVE-2023-0767]
-* https://access.redhat.com/security/cve/CVE-2023-23916[CVE-2023-23916]
diff --git a/modules/logging-rn-5.6.5.adoc b/modules/logging-rn-5.6.5.adoc
deleted file mode 100644
index fa8808ddec79..000000000000
--- a/modules/logging-rn-5.6.5.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-//module included in logging-release-notes.adoc
-:content-type: REFERENCE
-[id="logging-release-notes-5-6-5{context}"]
-= Logging 5.6.5
-This release includes link:https://access.redhat.com/errata/RHSA-2023:1953[OpenShift Logging Bug Fix Release 5.6.5].
-
-[id="logging-5-6-5-bug-fixes"]
-== Bug fixes
-* Before this update, the template definitions prevented Elasticsearch from indexing some labels and namespace_labels, causing issues with data ingestion. With this update, the fix replaces dots and slashes in labels to ensure proper ingestion, effectively resolving the issue. (link:https://issues.redhat.com/browse/LOG-3419[LOG-3419])
-
-* Before this update, if the Logs page of the OpenShift Web Console failed to connect to the LokiStack, a generic error message was displayed, providing no additional context or troubleshooting suggestions. With this update, the error message has been enhanced to include more specific details and recommendations for troubleshooting. (link:https://issues.redhat.com/browse/LOG-3750[LOG-3750])
-
-* Before this update, time range formats were not validated, leading to errors selecting a custom date range. With this update, time formats are now validated, enabling users to select a valid range. If an invalid time range format is selected, an error message is displayed to the user. (link:https://issues.redhat.com/browse/LOG-3583[LOG-3583])
-
-* Before this update, when searching logs in Loki, even if the length of an expression did not exceed 5120 characters, the query would fail in many cases. With this update, query authorization label matchers have been optimized, resolving the issue. (link:https://issues.redhat.com/browse/LOG-3480[LOG-3480])
-
-* Before this update, the Loki Operator failed to produce a memberlist configuration that was sufficient for locating all the components when using a memberlist for private IPs. With this update, the fix ensures that the generated configuration includes the advertised port, allowing for successful lookup of all components. (link:https://issues.redhat.com/browse/LOG-4008[LOG-4008])
-
-[id="logging-5-6-5-CVEs"]
-== CVEs
-* link:https://access.redhat.com/security/cve/CVE-2022-4269[CVE-2022-4269]
-* link:https://access.redhat.com/security/cve/CVE-2022-4378[CVE-2022-4378]
-* link:https://access.redhat.com/security/cve/CVE-2023-0266[CVE-2023-0266]
-* link:https://access.redhat.com/security/cve/CVE-2023-0361[CVE-2023-0361]
-* link:https://access.redhat.com/security/cve/CVE-2023-0386[CVE-2023-0386]
-* link:https://access.redhat.com/security/cve/CVE-2023-27539[CVE-2023-27539]
-* link:https://access.redhat.com/security/cve/CVE-2023-28120[CVE-2023-28120]
diff --git a/modules/logging-rn-5.7.1.adoc b/modules/logging-rn-5.7.1.adoc
index 2dafeada478d..2ce3a5752a24 100644
--- a/modules/logging-rn-5.7.1.adoc
+++ b/modules/logging-rn-5.7.1.adoc
@@ -2,7 +2,7 @@
 //
 // logging-5-7-release-notes.adoc
 // cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="logging-release-notes-5-7-1_{context}"]
 = Logging 5.7.1
 This release includes: link:https://access.redhat.com/errata/RHBA-2023:3197[OpenShift Logging Bug Fix Release 5.7.1].
diff --git a/modules/logging-rn-5.7.2.adoc b/modules/logging-rn-5.7.2.adoc
index 0e96a4163257..4b3d0617d894 100644
--- a/modules/logging-rn-5.7.2.adoc
+++ b/modules/logging-rn-5.7.2.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 // cluster-logging-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cluster-logging-release-notes-5-7-2_{context}"]
 = Logging 5.7.2
 This release includes link:https://access.redhat.com/errata/RHSA-2023:3495[OpenShift Logging Bug Fix Release 5.7.2].
diff --git a/modules/logging-rn-5.7.3.adoc b/modules/logging-rn-5.7.3.adoc
new file mode 100644
index 000000000000..f8dbc3852003
--- /dev/null
+++ b/modules/logging-rn-5.7.3.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+// cluster-logging-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="cluster-logging-release-notes-5-7-3_{context}"]
+= Logging 5.7.3
+This release includes link:https://access.redhat.com/errata/RHSA-2023:3998[OpenShift Logging Bug Fix Release 5.7.3].
+
+[id="openshift-logging-5-7-3-bug-fixes_{context}"]
+== Bug fixes
+* Before this update, when viewing logs within the {product-title} web console, cached files caused the data to not refresh. With this update the bootstrap files are not cached, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4100[LOG-4100])
+
+* Before this update, the {loki-op} reset errors in a way that made identifying configuration problems difficult to troubleshoot. With this update, errors persist until the configuration error is resolved. (link:https://issues.redhat.com/browse/LOG-4156[LOG-4156])
+
+* Before this update, the LokiStack ruler did not restart after changes were made to the `RulerConfig` custom resource (CR). With this update, the {loki-op} restarts the ruler pods after the `RulerConfig` CR is updated. (link:https://issues.redhat.com/browse/LOG-4161[LOG-4161])
+
+* Before this update, the vector collector terminated unexpectedly when input match label values contained a `/` character within the `ClusterLogForwarder`. This update resolves the issue by quoting the match label, enabling the collector to start and collect logs. (link:https://issues.redhat.com/browse/LOG-4176[LOG-4176])
+
+* Before this update, the {loki-op} terminated unexpectedly when a `LokiStack` CR defined tenant limits, but not global limits. With this update, the {loki-op} can process `LokiStack` CRs without global limits, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4198[LOG-4198])
+
+* Before this update, Fluentd did not send logs to an Elasticsearch cluster when the private key provided was passphrase-protected. With this update, Fluentd properly handles passphrase-protected private keys when establishing a connection with Elasticsearch. (link:https://issues.redhat.com/browse/LOG-4258[LOG-4258])
+
+* Before this update, clusters with more than 8,000 namespaces caused Elasticsearch to reject queries because the list of namespaces was larger than the `http.max_header_size` setting. With this update, the default value for header size has been increased, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4277[LOG-4277])
+
+* Before this update, label values containing a `/` character within the `ClusterLogForwarder` CR would cause the collector to terminate unexpectedly.
+With this update, slashes are replaced with underscores, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4095[LOG-4095])
+
+* Before this update, the Cluster Logging Operator terminated unexpectedly when set to an unmanaged state. With this update, a check to ensure that the `ClusterLogging` resource is in the correct Management state before initiating the reconciliation of the `ClusterLogForwarder` CR, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4177[LOG-4177])
+
+* Before this update, when viewing logs within the {product-title} web console, selecting a time range by dragging over the histogram didn't work on the aggregated logs view inside the pod detail. With this update, the time range can be selected by dragging on the histogram in this view. (link:https://issues.redhat.com/browse/LOG-4108[LOG-4108])
+
+* Before this update, when viewing logs within the {product-title} web console, queries longer than 30 seconds timed out. With this update, the timeout value can be configured in the configmap/logging-view-plugin. (link:https://issues.redhat.com/browse/LOG-3498[LOG-3498])
+
+* Before this update, when viewing logs within the {product-title} web console, clicking the *more data available* option loaded more log entries only the first time it was clicked. With this update, more entries are loaded with each click. (link:https://issues.redhat.com/browse/OU-188[OU-188])
+
+* Before this update, when viewing logs within the {product-title} web console, clicking the *streaming* option would only display the *streaming logs* message without showing the actual logs. With this update, both the message and the log stream are displayed correctly. (link:https://issues.redhat.com/browse/OU-166[OU-166])
+
+[id="openshift-logging-5-7-3-CVEs_{context}"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2020-24736[CVE-2020-24736]
+* link:https://access.redhat.com/security/cve/CVE-2022-48281[CVE-2022-48281]
+* link:https://access.redhat.com/security/cve/CVE-2023-1667[CVE-2023-1667]
+* link:https://access.redhat.com/security/cve/CVE-2023-2283[CVE-2023-2283]
+* link:https://access.redhat.com/security/cve/CVE-2023-24329[CVE-2023-24329]
+* link:https://access.redhat.com/security/cve/CVE-2023-26115[CVE-2023-26115]
+* link:https://access.redhat.com/security/cve/CVE-2023-26136[CVE-2023-26136]
+* link:https://access.redhat.com/security/cve/CVE-2023-26604[CVE-2023-26604]
+* link:https://access.redhat.com/security/cve/CVE-2023-28466[CVE-2023-28466]
diff --git a/modules/logging-rn-5.7.4.adoc b/modules/logging-rn-5.7.4.adoc
new file mode 100644
index 000000000000..4ec53012e9c5
--- /dev/null
+++ b/modules/logging-rn-5.7.4.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+// cluster-logging-release-notes.adoc
+// logging-5-7-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="cluster-logging-release-notes-5-7-4_{context}"]
+= Logging 5.7.4
+This release includes link:https://access.redhat.com/errata/RHSA-2023:4341[OpenShift Logging Bug Fix Release 5.7.4].
+
+[id="openshift-logging-5-7-4-bug-fixes_{context}"]
+== Bug fixes
+* Before this update, when forwarding logs to CloudWatch, a `namespaceUUID` value was not appended to the `logGroupName` field. With this update, the `namespaceUUID` value is included, so a `logGroupName` in CloudWatch appears as `logGroupName: vectorcw.b443fb9e-bd4c-4b6a-b9d3-c0097f9ed286`. (link:https://issues.redhat.com/browse/LOG-2701[LOG-2701])
+
+* Before this update, when forwarding logs over HTTP to an off-cluster destination, the Vector collector was unable to authenticate to the cluster-wide HTTP proxy even though correct credentials were provided in the proxy URL. With this update, the Vector log collector can now authenticate to the cluster-wide HTTP proxy. (link:https://issues.redhat.com/browse/LOG-3381[LOG-3381])
+
+* Before this update, the Operator would fail if the Fluentd collector was configured with Splunk as an output, due to this configuration being unsupported. With this update, configuration validation rejects unsupported outputs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4237[LOG-4237])
+
+* Before this update, when the Vector collector was updated an `enabled = true` value in the TLS configuration for AWS Cloudwatch logs and the GCP Stackdriver caused a configuration error. With this update, `enabled = true` value will be removed for these outputs, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4242[LOG-4242])
+
+* Before this update, the Vector collector occasionally panicked with the following error message in its log:
+`thread 'vector-worker' panicked at 'all branches are disabled and there is no else branch', src/kubernetes/reflector.rs:26:9`. With this update, the error has been resolved. (link:https://issues.redhat.com/browse/LOG-4275[LOG-4275])
+
+* Before this update, an issue in the {loki-op} caused the `alert-manager` configuration for the application tenant to disappear if the Operator was configured with additional options for that tenant. With this update, the generated Loki configuration now contains both the custom and the auto-generated configuration. (link:https://issues.redhat.com/browse/LOG-4361[LOG-4361])
+
+* Before this update, when multiple roles were used to authenticate using STS with AWS Cloudwatch forwarding, a recent update caused the credentials to be non-unique. With this update, multiple combinations of STS roles and static credentials can once again be used to authenticate with AWS Cloudwatch. (link:https://issues.redhat.com/browse/LOG-4368[LOG-4368])
+
+* Before this update, Loki filtered label values for active streams but did not remove duplicates, making Grafana's Label Browser unusable. With this update, Loki filters out duplicate label values for active streams, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4389[LOG-4389])
+
+* Pipelines with no `name` field specified in the `ClusterLogForwarder` custom resource (CR) stopped working after upgrading to OpenShift Logging 5.7. With this update, the error has been resolved. (link:https://issues.redhat.com/browse/LOG-4120[LOG-4120])
+
+// Release notes text field empty. * (link:https://issues.redhat.com/browse/LOG-4302[LOG-4302])
+// Release notes text field empty. * (link:https://issues.redhat.com/browse/LOG-4015[LOG-4015])
+// Release notes text field empty. * (link:https://issues.redhat.com/browse/LOG-4372[LOG-4372])
+
+[id="openshift-logging-5-7-4-CVEs_{context}"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2022-25883[CVE-2022-25883]
+* link:https://access.redhat.com/security/cve/CVE-2023-22796[CVE-2023-22796]
diff --git a/modules/logging-rn-5.7.6.adoc b/modules/logging-rn-5.7.6.adoc
new file mode 100644
index 000000000000..6281f6e1aaa6
--- /dev/null
+++ b/modules/logging-rn-5.7.6.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+// cluster-logging-release-notes.adoc
+// logging-5-7-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="cluster-logging-release-notes-5-7-6_{context}"]
+= Logging 5.7.6
+This release includes link:https://access.redhat.com/errata/RHSA-2023:4933[OpenShift Logging Bug Fix Release 5.7.6].
+
+[id="openshift-logging-5-7-6-bug-fixes_{context}"]
+== Bug fixes
+* Before this update, the collector relied on the default configuration settings for reading the container log lines. As a result, the collector did not read the rotated files efficiently. With this update, there is an increase in the number of bytes read, which allows the collector to efficiently process rotated files. (link:https://issues.redhat.com/browse/LOG-4501[LOG-4501])
+
+* Before this update, when users pasted a URL with predefined filters, some filters did not reflect. With this update, the UI reflects all the filters in the URL. (link:https://issues.redhat.com/browse/LOG-4459[LOG-4459])
+
+* Before this update, forwarding to Loki using custom labels generated an error when switching from Fluentd to Vector. With this update, the Vector configuration sanitizes labels in the same way as Fluentd to ensure the collector starts and correctly processes labels. (link:https://issues.redhat.com/browse/LOG-4460[LOG-4460])
+
+* Before this update, the Observability Logs console search field did not accept special characters that it should escape. With this update, it is escaping special characters properly in the query. (link:https://issues.redhat.com/browse/LOG-4456[LOG-4456])
+
+* Before this update, the following warning message appeared while sending logs to Splunk: `Timestamp was not found.` With this update, the change overrides the name of the log field used to retrieve the Timestamp and sends it to Splunk without warning. (link:https://issues.redhat.com/browse/LOG-4413[LOG-4413])
+
+* Before this update, the CPU and memory usage of Vector was increasing over time. With this update, the Vector configuration now contains the `expire_metrics_secs=60` setting to limit the lifetime of the metrics and cap the associated CPU usage and memory footprint. (link:https://issues.redhat.com/browse/LOG-4171[LOG-4171])
+
+* Before this update, the LokiStack gateway cached authorized requests very broadly. As a result, this caused wrong authorization results. With this update, LokiStack gateway caches on a more fine-grained basis which resolves this issue. (link:https://issues.redhat.com/browse/LOG-4393[LOG-4393])
+
+* Before this update, the Fluentd runtime image included builder tools which were unnecessary at runtime. With this update, the builder tools are removed, resolving the issue. (link:https://issues.redhat.com/browse/LOG-4467[LOG-4467])
+
+[id="openshift-logging-5-7-6-CVEs_{context}"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2023-3899[CVE-2023-3899]
+* link:https://access.redhat.com/security/cve/CVE-2023-4456[CVE-2023-4456]
+* link:https://access.redhat.com/security/cve/CVE-2023-32360[CVE-2023-32360]
+* link:https://access.redhat.com/security/cve/CVE-2023-34969[CVE-2023-34969]
\ No newline at end of file
diff --git a/modules/logging-rn-5.7.7.adoc b/modules/logging-rn-5.7.7.adoc
new file mode 100644
index 000000000000..e925c1984f5f
--- /dev/null
+++ b/modules/logging-rn-5.7.7.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+// cluster-logging-release-notes.adoc
+// logging-5-7-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="cluster-logging-release-notes-5-7-7_{context}"]
+= Logging 5.7.7
+This release includes link:https://access.redhat.com/errata/RHSA-2023:5530[OpenShift Logging Bug Fix Release 5.7.7].
+
+[id="openshift-logging-5-7-7-bug-fixes_{context}"]
+== Bug fixes
+* Before this update, FluentD normalized the logs emitted by the EventRouter differently from Vector. With this update, the Vector produces log records in a consistent format. (link:https://issues.redhat.com/browse/LOG-4178[LOG-4178])
+
+* Before this update, there was an error in the query used for the *FluentD Buffer Availability* graph in the metrics dashboard created by the Cluster Logging Operator as it showed the minimum buffer usage. With this update, the graph shows the maximum buffer usage and is now renamed to *FluentD Buffer Usage*. (link:https://issues.redhat.com/browse/LOG-4555[LOG-4555])
+
+* Before this update, deploying a LokiStack on IPv6-only or dual-stack {product-title} clusters caused the LokiStack memberlist registration to fail. As a result, the distributor pods went into a crash loop. With this update, an administrator can enable IPv6 by setting the `lokistack.spec.hashRing.memberlist.enableIPv6:` value to `true`, which resolves the issue. (link:https://issues.redhat.com/browse/LOG-4569[LOG-4569])
+
+* Before this update, the log collector relied on the default configuration settings for reading the container log lines. As a result, the log collector did not read the rotated files efficiently. With this update, there is an increase in the number of bytes read, which allows the log collector to efficiently process rotated files. (link:https://issues.redhat.com/browse/LOG-4575[LOG-4575])
+
+* Before this update, the unused metrics in the Event Router caused the container to fail due to excessive memory usage. With this update, there is reduction in the memory usage of the Event Router by removing the unused metrics. (link:https://issues.redhat.com/browse/LOG-4686[LOG-4686])
+
+[id="openshift-logging-5-7-7-CVEs_{context}"]
+== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2023-0800[CVE-2023-0800]
+* link:https://access.redhat.com/security/cve/CVE-2023-0801[CVE-2023-0801]
+* link:https://access.redhat.com/security/cve/CVE-2023-0802[CVE-2023-0802]
+* link:https://access.redhat.com/security/cve/CVE-2023-0803[CVE-2023-0803]
+* link:https://access.redhat.com/security/cve/CVE-2023-0804[CVE-2023-0804]
+* link:https://access.redhat.com/security/cve/CVE-2023-2002[CVE-2023-2002]
+* link:https://access.redhat.com/security/cve/CVE-2023-3090[CVE-2023-3090]
+* link:https://access.redhat.com/security/cve/CVE-2023-3390[CVE-2023-3390]
+* link:https://access.redhat.com/security/cve/CVE-2023-3776[CVE-2023-3776]
+* link:https://access.redhat.com/security/cve/CVE-2023-4004[CVE-2023-4004]
+* link:https://access.redhat.com/security/cve/CVE-2023-4527[CVE-2023-4527]
+* link:https://access.redhat.com/security/cve/CVE-2023-4806[CVE-2023-4806]
+* link:https://access.redhat.com/security/cve/CVE-2023-4813[CVE-2023-4813]
+* link:https://access.redhat.com/security/cve/CVE-2023-4863[CVE-2023-4863]
+* link:https://access.redhat.com/security/cve/CVE-2023-4911[CVE-2023-4911]
+* link:https://access.redhat.com/security/cve/CVE-2023-5129[CVE-2023-5129]
+* link:https://access.redhat.com/security/cve/CVE-2023-20593[CVE-2023-20593]
+* link:https://access.redhat.com/security/cve/CVE-2023-29491[CVE-2023-29491]
+* link:https://access.redhat.com/security/cve/CVE-2023-30630[CVE-2023-30630]
+* link:https://access.redhat.com/security/cve/CVE-2023-35001[CVE-2023-35001]
+* link:https://access.redhat.com/security/cve/CVE-2023-35788[CVE-2023-35788]
\ No newline at end of file
diff --git a/modules/logging-set-input-rate-limit.adoc b/modules/logging-set-input-rate-limit.adoc
new file mode 100644
index 000000000000..cdef0861cb5f
--- /dev/null
+++ b/modules/logging-set-input-rate-limit.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * logging/performance_reliability/logging-flow-control-mechanisms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-set-input-rate-limit_{context}"]
+= Configuring log forwarder input rate limits
+
+You can limit the rate of incoming logs that are collected by configuring the `ClusterLogForwarder` custom resource (CR). You can set input limits on a per-container or per-namespace basis.
+
+.Prerequisites
+
+* You have installed the {clo}.
+* You have administrator permissions.
+
+.Procedure
+
+. Add a `maxRecordsPerSecond` limit value to the `ClusterLogForwarder` CR for a specified input.
++
+The following examples show how to configure input rate limits for different scenarios:
++
+.Example `ClusterLogForwarder` CR that sets a per-container limit for containers with certain labels
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+# ...
+spec:
+# ...
+  inputs:
+    - name: <input_name> <1>
+      application:
+        selector:
+          matchLabels: { example: label } <2>
+      limitPerContainer:
+          maxRecordsPerSecond: 0 <3>
+# ...
+----
+<1> The input name.
+<2> A list of labels. If these labels match labels that are applied to a pod, the per-container limit specified in the `maxRecordsPerSecond` field is applied to those containers.
+<3> Configures the rate limit. Setting the `maxRecordsPerSecond` field to `0` means that no logs are collected for the container. Setting the `maxRecordsPerSecond` field to some other value means that a maximum of that number of records per second are collected for the container.
++
+.Example `ClusterLogForwarder` CR that sets a per-container limit for containers in selected namespaces
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+# ...
+spec:
+# ...
+  inputs:
+    - name: <input_name> <1>
+      application:
+        namespaces: [ example-ns-1, example-ns-2 ] <2>
+      limitPerContainer:
+        maxRecordsPerSecond: 10 <3>
+    - name: <input_name>
+      application:
+        namespaces: [ test ]
+      limitPerContainer:
+          maxRecordsPerSecond: 1000
+# ...
+----
+<1> The input name.
+<2> A list of namespaces. The per-container limit specified in the `maxRecordsPerSecond` field is applied to all containers in the namespaces listed.
+<3> Configures the rate limit. Setting the `maxRecordsPerSecond` field to `10` means that a maximum of 10 records per second are collected for each container in the namespaces listed.
+
+. Apply the `ClusterLogForwarder` CR:
++
+.Example command
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/logging-set-output-rate-limit.adoc b/modules/logging-set-output-rate-limit.adoc
new file mode 100644
index 000000000000..e9ed96d38af9
--- /dev/null
+++ b/modules/logging-set-output-rate-limit.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * logging/performance_reliability/logging-flow-control-mechanisms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-set-output-rate-limit_{context}"]
+= Configuring log forwarder output rate limits
+
+You can limit the rate of outbound logs to a specified output by configuring the `ClusterLogForwarder` custom resource (CR).
+
+.Prerequisites
+
+* You have installed the {clo}.
+* You have administrator permissions.
+
+.Procedure
+
+. Add a `maxRecordsPerSecond` limit value to the `ClusterLogForwarder` CR for a specified output.
++
+The following example shows how to configure a per collector output rate limit for a Kafka broker output named `kafka-example`:
++
+.Example `ClusterLogForwarder` CR
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+# ...
+spec:
+# ...
+  outputs:
+    - name: kafka-example <1>
+      type: kafka <2>
+      limit:
+        maxRecordsPerSecond: 1000000 <3>
+# ...
+----
+<1> The output name.
+<2> The type of output.
+<3> The log output rate limit. This value sets the maximum link:https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/[Quantity] of logs that can be sent to the Kafka broker per second. This value is not set by default. The default behavior is best effort, and records are dropped if the log forwarder cannot keep up. If this value is `0`, no logs are forwarded.
+
+. Apply the `ClusterLogForwarder` CR:
++
+.Example command
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
diff --git a/modules/logging-support-considerations.adoc b/modules/logging-support-considerations.adoc
deleted file mode 100644
index bbb45e65e44b..000000000000
--- a/modules/logging-support-considerations.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-// Module included in the following assemblies:
-// logging/v5_6/logging-5-6-architecture.adoc
-
-:_content-type: CONCEPT
-[id="logging-support-considerations_{context}"]
-= Support considerations for logging
-
-include::snippets/logging-compatibility-snip.adoc[]
-
-include::snippets/logging-supported-config-snip.adoc[]
-
-The following modifications are explicitly not supported:
-
-* *Deploying logging to namespaces not specified in the documentation.*
-* *Installing custom Elasticsearch, Kibana, Fluentd, or Loki instances on {product-title}.*
-* *Changes to the Kibana Custom Resource (CR) or Elasticsearch CR.*
-* *Changes to secrets or config maps not specified in the documentation.*
-
-The {logging-title} is an opinionated collector and normalizer of application, infrastructure, and audit logs. It is intended to be used for forwarding logs to various supported systems.
-
-The {logging-title} is not:
-
-* A high scale log collection system
-* Security Information and Event Monitoring (SIEM) compliant
-* Historical or long term log retention or storage
-* A guaranteed log sink
-* Secure storage - audit logs are not stored by default
diff --git a/modules/logging-upgrading-clo.adoc b/modules/logging-upgrading-clo.adoc
new file mode 100644
index 000000000000..7a53b16352b0
--- /dev/null
+++ b/modules/logging-upgrading-clo.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-upgrading.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-upgrading-clo_{context}"]
+= Updating the {clo}
+
+To update the {clo} to a new major release version, you must modify the update channel for the Operator subscription.
+
+.Prerequisites
+
+* You have installed the {clo}.
+* You have administrator permissions.
+* You have access to the {product-title} web console and are viewing the *Administrator* perspective.
+
+.Procedure
+
+. Navigate to *Operators* -> *Installed Operators*.
+
+. Select the *openshift-logging* project.
+
+. Click the *Red Hat OpenShift Logging* Operator.
+
+. Click *Subscription*. In the *Subscription details* section, click the *Update channel* link. This link text might be *stable* or *stable-5.y*, depending on your current update channel.
+
+. In the *Change Subscription Update Channel* window, select the latest major version update channel, *stable-5.y*, and click *Save*. Note the `cluster-logging.v5.y.z` version.
+
+.Verification
+
+. Wait for a few seconds, then click *Operators* -> *Installed Operators*. Verify that the {clo} version matches the latest `cluster-logging.v5.y.z` version.
+
+. On the *Operators* -> *Installed Operators* page, wait for the *Status* field to report *Succeeded*.
diff --git a/modules/logging-upgrading-loki.adoc b/modules/logging-upgrading-loki.adoc
new file mode 100644
index 000000000000..8a63436b185b
--- /dev/null
+++ b/modules/logging-upgrading-loki.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-upgrading.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-upgrading-loki_{context}"]
+= Updating the {loki-op}
+
+To update the {loki-op} to a new major release version, you must modify the update channel for the Operator subscription.
+
+.Prerequisites
+
+* You have installed the {loki-op}.
+* You have administrator permissions.
+* You have access to the {product-title} web console and are viewing the *Administrator* perspective.
+
+.Procedure
+
+. Navigate to *Operators* -> *Installed Operators*.
+
+. Select the *openshift-operators-redhat* project.
+
+. Click the *{loki-op}*.
+
+. Click *Subscription*. In the *Subscription details* section, click the *Update channel* link. This link text might be *stable* or *stable-5.y*, depending on your current update channel.
+
+. In the *Change Subscription Update Channel* window, select the latest major version update channel, *stable-5.y*, and click *Save*. Note the `loki-operator.v5.y.z` version.
+
+.Verification
+
+. Wait for a few seconds, then click *Operators* -> *Installed Operators*. Verify that the {loki-op} version matches the latest `loki-operator.v5.y.z` version.
+
+. On the *Operators* -> *Installed Operators* page, wait for the *Status* field to report *Succeeded*.
diff --git a/modules/logging-vector-collector-alerts.adoc b/modules/logging-vector-collector-alerts.adoc
new file mode 100644
index 000000000000..1f4a643f46da
--- /dev/null
+++ b/modules/logging-vector-collector-alerts.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * logging/logging_alerts/default-logging-alerts.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="logging-vector-collector-alerts_{context}"]
+= Vector collector alerts
+
+In logging 5.7 and later versions, the following alerts are generated by the Vector collector. You can view these alerts in the {product-title} web console.
+
+.Vector collector alerts
+[cols="2,2,2,1",options="header"]
+|===
+|Alert |Message |Description |Severity
+
+|`CollectorHighErrorRate`
+|`<value> of records have resulted in an error by vector <instance>.`
+|The number of vector output errors is high, by default more than 10 in the previous 15 minutes.
+|Warning
+
+|`CollectorNodeDown`
+|`Prometheus could not scrape vector <instance> for more than 10m.`
+|Vector is reporting that Prometheus could not scrape a specific Vector instance.
+|Critical
+
+|`CollectorVeryHighErrorRate`
+|`<value> of records have resulted in an error by vector <instance>.`
+|The number of Vector component errors are very high, by default more than 25 in the previous 15 minutes.
+|Critical
+
+|`FluentdQueueLengthIncreasing`
+|`In the last 1h, fluentd <instance> buffer queue length constantly increased more than 1. Current value is <value>.`
+|Fluentd is reporting that the queue size is increasing.
+|Warning
+
+|===
diff --git a/modules/logging-vector-fluentd-feature-comparison.adoc b/modules/logging-vector-fluentd-feature-comparison.adoc
new file mode 100644
index 000000000000..03052043c2ff
--- /dev/null
+++ b/modules/logging-vector-fluentd-feature-comparison.adoc
@@ -0,0 +1,96 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="logging-vector-fluentd-feature-comparison_{context}"]
+= Log collector features by type
+
+.Log Sources
+[options="header"]
+|===============================================================
+| Feature                   | Fluentd  | Vector
+| App container logs        | &#10003; | &#10003;
+| App-specific routing      | &#10003; | &#10003;
+| App-specific routing by namespace | &#10003; | &#10003;
+| Infra container logs      | &#10003; | &#10003;
+| Infra journal logs        | &#10003; | &#10003;
+| Kube API audit logs       | &#10003; | &#10003;
+| OpenShift API audit logs  | &#10003; | &#10003;
+| Open Virtual Network (OVN) audit logs| &#10003; | &#10003;
+|===============================================================
+
+.Authorization and Authentication
+[options="header"]
+|=================================================================
+| Feature                     | Fluentd  | Vector
+| Elasticsearch certificates  | &#10003; | &#10003;
+| Elasticsearch username / password | &#10003; | &#10003;
+| Amazon Cloudwatch keys      | &#10003; | &#10003;
+| Amazon Cloudwatch STS       | &#10003; | &#10003;
+| Kafka certificates          | &#10003; | &#10003;
+| Kafka username / password   | &#10003; | &#10003;
+| Kafka SASL                  | &#10003; | &#10003;
+| Loki bearer token           | &#10003; | &#10003;
+|=================================================================
+
+.Normalizations and Transformations
+[options="header"]
+|============================================================================
+| Feature                                | Fluentd  | Vector
+| Viaq data model - app                  | &#10003; | &#10003;
+| Viaq data model - infra                | &#10003; | &#10003;
+| Viaq data model - infra(journal)       | &#10003; | &#10003;
+| Viaq data model - Linux audit          | &#10003; | &#10003;
+| Viaq data model - kube-apiserver audit | &#10003; | &#10003;
+| Viaq data model - OpenShift API audit  | &#10003; | &#10003;
+| Viaq data model - OVN                  | &#10003; | &#10003;
+| Loglevel Normalization                 | &#10003; | &#10003;
+| JSON parsing                           | &#10003; | &#10003;
+| Structured Index                       | &#10003; | &#10003;
+| Multiline error detection              | &#10003; | &#10003;
+| Multicontainer / split indices         | &#10003; | &#10003;
+| Flatten labels                         | &#10003; | &#10003;
+| CLF static labels                      | &#10003; | &#10003;
+|============================================================================
+
+.Tuning
+[options="header"]
+|==========================================================
+| Feature                | Fluentd  | Vector
+| Fluentd readlinelimit  | &#10003; |
+| Fluentd buffer         | &#10003; |
+| - chunklimitsize       | &#10003; |
+| - totallimitsize       | &#10003; |
+| - overflowaction       | &#10003; |
+| - flushthreadcount     | &#10003; |
+| - flushmode            | &#10003; |
+| - flushinterval        | &#10003; |
+| - retrywait            | &#10003; |
+| - retrytype            | &#10003; |
+| - retrymaxinterval     | &#10003; |
+| - retrytimeout         | &#10003; |
+|==========================================================
+
+.Visibility
+[options="header"]
+|=====================================================
+| Feature         | Fluentd  | Vector
+| Metrics         | &#10003; | &#10003;
+| Dashboard       | &#10003; | &#10003;
+| Alerts          | &#10003; | &#10003;
+|=====================================================
+
+.Miscellaneous
+[options="header"]
+|===========================================================
+| Feature               | Fluentd  | Vector
+| Global proxy support  | &#10003; | &#10003;
+| x86 support           | &#10003; | &#10003;
+| ARM support           | &#10003; | &#10003;
+| {ibm-power-name} support       | &#10003; | &#10003;
+| {ibm-z-name} support         | &#10003; | &#10003;
+| IPv6 support          | &#10003; | &#10003;
+| Log event buffering   | &#10003; |
+| Disconnected Cluster  | &#10003; | &#10003;
+|===========================================================
diff --git a/modules/loki-create-object-storage-secret-cli.adoc b/modules/loki-create-object-storage-secret-cli.adoc
new file mode 100644
index 000000000000..c2f1d3170b55
--- /dev/null
+++ b/modules/loki-create-object-storage-secret-cli.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * list assemblies
+
+:_mod-docs-content-type: PROCEDURE
+[id="loki-create-object-storage-secret-cli_{context}"]
+= Creating a secret for Loki object storage by using the CLI
+
+To configure Loki object storage, you must create a secret. You can do this by using the {oc-first}.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You installed the {loki-op}.
+* You installed the {oc-first}.
+
+.Procedure
+
+* Create a secret in the directory that contains your certificate and key files by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic -n openshift-logging <your_secret_name> \
+ --from-file=tls.key=<your_key_file>
+ --from-file=tls.crt=<your_crt_file>
+ --from-file=ca-bundle.crt=<your_bundle_file>
+ --from-literal=username=<your_username>
+ --from-literal=password=<your_password>
+----
+
+[NOTE]
+====
+Use generic or opaque secrets for best results.
+====
+
+.Verification
+
+* Verify that a secret was created by running the following command:
++
+[source,terminal]
+----
+$ oc get secrets
+----
diff --git a/modules/loki-create-object-storage-secret-console.adoc b/modules/loki-create-object-storage-secret-console.adoc
new file mode 100644
index 000000000000..15a988c31907
--- /dev/null
+++ b/modules/loki-create-object-storage-secret-console.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * list assemblies
+
+:_mod-docs-content-type: PROCEDURE
+[id="loki-create-object-storage-secret-console_{context}"]
+= Creating a secret for Loki object storage by using the web console
+
+To configure Loki object storage, you must create a secret. You can create a secret by using the {product-title} web console.
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have access to the {product-title} web console.
+* You installed the {loki-op}.
+
+.Procedure
+
+. Go to *Workloads* -> *Secrets* in the *Administrator* perspective of the {product-title} web console.
+
+. From the *Create* drop-down list, select *From YAML*.
+
+. Create a secret that uses the `access_key_id` and `access_key_secret` fields to specify your credentials and the `bucketnames`, `endpoint`, and `region` fields to define the object storage location. AWS is used in the following example:
++
+.Example `Secret` object
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: logging-loki-s3
+  namespace: openshift-logging
+stringData:
+  access_key_id: AKIAIOSFODNN7EXAMPLE
+  access_key_secret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+  bucketnames: s3-bucket-name
+  endpoint: https://s3.eu-central-1.amazonaws.com
+  region: eu-central-1
+----
diff --git a/modules/loki-deployment-sizing.adoc b/modules/loki-deployment-sizing.adoc
new file mode 100644
index 000000000000..d18773285f3e
--- /dev/null
+++ b/modules/loki-deployment-sizing.adoc
@@ -0,0 +1,87 @@
+// Module is included in the following assemblies:
+// * logging/log_storage/installing-log-storage.adoc
+// * network_observability/installing-operators.adoc
+
+ifeval::["{context}" == "installing-log-storage"]
+:restricted:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
+[id="loki-deployment-sizing_{context}"]
+= Loki deployment sizing
+
+Sizing for Loki follows the format of `<N>x.<size>` where the value `<N>` is number of instances and `<size>` specifies performance capabilities.
+
+.Loki sizing
+[cols="1h,4*",options="header"]
+|===
+|
+|1x.demo
+|1x.extra-small
+|1x.small
+|1x.medium
+
+|Data transfer
+|Demo use only
+|100GB/day
+|500GB/day
+|2TB/day
+
+|Queries per second (QPS)
+|Demo use only
+|1-25 QPS at 200ms
+|25-50 QPS at 200ms
+|25-75 QPS at 200ms
+
+|Replication factor
+|None
+|2
+|2
+|2
+
+|Total CPU requests
+|None
+|14 vCPUs
+|34 vCPUs
+|54 vCPUs
+
+ifdef::restricted[]
+|Total CPU requests if using the ruler
+|None
+|16 vCPUs
+|42 vCPUs
+|70 vCPUs
+endif::restricted[]
+
+|Total memory requests
+|None
+|31Gi
+|67Gi
+|139Gi
+
+ifdef::restricted[]
+|Total memory requests if using the ruler
+|None
+|35Gi
+|83Gi
+|171Gi
+endif::restricted[]
+
+|Total disk requests
+|40Gi
+|430Gi
+|430Gi
+|590Gi
+
+ifdef::restricted[]
+|Total disk requests if using the ruler
+|80Gi
+|750Gi
+|750Gi
+|910Gi
+endif::restricted[]
+|===
+
+ifeval::["{context}" == "installing-log-storage"]
+:!restricted:
+endif::[]
diff --git a/modules/loki-rate-limit-errors.adoc b/modules/loki-rate-limit-errors.adoc
new file mode 100644
index 000000000000..953edd53a341
--- /dev/null
+++ b/modules/loki-rate-limit-errors.adoc
@@ -0,0 +1,84 @@
+// Module is included in the following assemblies:
+// * logging/cluster-logging-loki.adoc
+// * logging/log_collection_forwarding/log-forwarding.adoc
+// * logging/troubleshooting/log-forwarding-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="loki-rate-limit-errors_{context}"]
+= Troubleshooting Loki rate limit errors
+
+If the Log Forwarder API forwards a large block of messages that exceeds the rate limit to Loki, Loki generates rate limit (`429`) errors.
+
+These errors can occur during normal operation. For example, when adding the {logging} to a cluster that already has some logs, rate limit errors might occur while the {logging} tries to ingest all of the existing log entries. In this case, if the rate of addition of new logs is less than the total rate limit, the historical data is eventually ingested, and the rate limit errors are resolved without requiring user intervention.
+
+In cases where the rate limit errors continue to occur, you can fix the issue by modifying the `LokiStack` custom resource (CR).
+
+[IMPORTANT]
+====
+The `LokiStack` CR is not available on Grafana-hosted Loki. This topic does not apply to Grafana-hosted Loki servers.
+====
+
+.Conditions
+
+* The Log Forwarder API is configured to forward logs to Loki.
+
+* Your system sends a block of messages that is larger than 2 MB to Loki. For example:
++
+[source,text]
+----
+"values":[["1630410392689800468","{\"kind\":\"Event\",\"apiVersion\":\
+.......
+......
+......
+......
+\"received_at\":\"2021-08-31T11:46:32.800278+00:00\",\"version\":\"1.7.4 1.6.0\"}},\"@timestamp\":\"2021-08-31T11:46:32.799692+00:00\",\"viaq_index_name\":\"audit-write\",\"viaq_msg_id\":\"MzFjYjJkZjItNjY0MC00YWU4LWIwMTEtNGNmM2E5ZmViMGU4\",\"log_type\":\"audit\"}"]]}]}
+----
+
+* After you enter `oc logs -n openshift-logging -l component=collector`, the collector logs in your cluster show a line containing one of the following error messages:
++
+[source,text]
+----
+429 Too Many Requests Ingestion rate limit exceeded
+----
++
+.Example Vector error message
+[source,text]
+----
+2023-08-25T16:08:49.301780Z  WARN sink{component_kind="sink" component_id=default_loki_infra component_type=loki component_name=default_loki_infra}: vector::sinks::util::retries: Retrying after error. error=Server responded with an error: 429 Too Many Requests internal_log_rate_limit=true
+----
++
+.Example Fluentd error message
+[source,text]
+----
+2023-08-30 14:52:15 +0000 [warn]: [default_loki_infra] failed to flush the buffer. retry_times=2 next_retry_time=2023-08-30 14:52:19 +0000 chunk="604251225bf5378ed1567231a1c03b8b" error_class=Fluent::Plugin::LokiOutput::LogPostError error="429 Too Many Requests Ingestion rate limit exceeded for user infrastructure (limit: 4194304 bytes/sec) while attempting to ingest '4082' lines totaling '7820025' bytes, reduce log volume or contact your Loki administrator to see if the limit can be increased\n"
+----
++
+The error is also visible on the receiving end. For example, in the LokiStack ingester pod:
++
+.Example Loki ingester error message
+[source,text]
+----
+level=warn ts=2023-08-30T14:57:34.155592243Z caller=grpc_logging.go:43 duration=1.434942ms method=/logproto.Pusher/Push err="rpc error: code = Code(429) desc = entry with timestamp 2023-08-30 14:57:32.012778399 +0000 UTC ignored, reason: 'Per stream rate limit exceeded (limit: 3MB/sec) while attempting to ingest for stream
+----
+
+.Procedure
+
+* Update the `ingestionBurstSize` and `ingestionRate` fields in the `LokiStack` CR:
++
+[source,yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: logging-loki
+  namespace: openshift-logging
+spec:
+  limits:
+    global:
+      ingestion:
+        ingestionBurstSize: 16 # <1>
+        ingestionRate: 8 # <2>
+# ...
+----
+<1> The `ingestionBurstSize` field defines the maximum local rate-limited sample size per distributor replica in MB. This value is a hard limit. Set this value to at least the maximum logs size expected in a single push request. Single requests that are larger than the `ingestionBurstSize` value are not permitted.
+<2> The `ingestionRate` field is a soft limit on the maximum amount of ingested samples per second in MB. Rate limit errors occur if the rate of logs exceeds the limit, but the collector retries sending the logs. As long as the total average is lower than the limit, the system recovers and errors are resolved without user intervention.
diff --git a/modules/loki-rbac-permissions.adoc b/modules/loki-rbac-permissions.adoc
new file mode 100644
index 000000000000..14306d103690
--- /dev/null
+++ b/modules/loki-rbac-permissions.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * logging/logging_alerts/custom-logging-alerts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="loki-rbac-permissions_{context}"]
+= Authorizing Loki rules RBAC permissions
+
+// May need to re-add this after 5.8 release - check with eng later
+// In logging 5.7 and later, the Cluster Logging Operator provides `alertingrule-editor-role` and `recordingrule-editor-role` cluster roles, which enable users to modify alerting and recording rules for the LokiStack.
+
+Administrators can allow users to create and manage their own alerting rules by creating a `ClusterRole` object and binding this role to usernames. The `ClusterRole` object defines the necessary role-based access control (RBAC) permissions for users.
+
+.Prerequisites
+
+* The {clo} is installed in the `openshift-logging` namespace.
+* You have administrator permissions.
+
+.Procedure
+
+. Create a cluster role that defines the necessary RBAC permissions.
+. Bind the appropriate cluster roles to the username:
++
+.Example binding command
+[source,terminal]
+----
+$ oc adm policy add-role-to-user <cluster_role_name> -n <namespace> <username>
+----
diff --git a/modules/lvms-adding-a-storage-class.adoc b/modules/lvms-adding-a-storage-class.adoc
new file mode 100644
index 000000000000..faa2e9101cd1
--- /dev/null
+++ b/modules/lvms-adding-a-storage-class.adoc
@@ -0,0 +1,55 @@
+// This module is included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="adding-a-storage-class_{context}"]
+= Adding a storage class
+
+You can add a storage class to an {product-title} cluster. A storage class describes a class of storage in the cluster and how the cluster dynamically provisions the persistent volumes (PVs) when the user specifies the storage class. A storage class describes the type of device classes, the quality-of-service level, the filesystem type, and other details.
+
+.Procedure
+
+. Create a YAML file:
++
+[source,yaml]
+----
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: lvm-storageclass
+parameters:
+  csi.storage.k8s.io/fstype: ext4
+  topolvm.io/device-class: vg1
+provisioner: topolvm.io
+reclaimPolicy: Delete
+allowVolumeExpansion: true
+volumeBindingMode: WaitForFirstConsumer
+----
++
+Save the file by using a name similar to the storage class name. For example, `lvm-storageclass.yaml`.
+
+. Apply the YAML file by using the `oc` command:
++
+[source,terminal]
+----
+$ oc apply -f <file_name> <1>
+----
+<1> Replace `<file_name>` with the name of the YAML file. For example, `lvm-storageclass.yaml`.
++
+The cluster will create the storage class.
+
+. Verify that the cluster created the storage class by using the following command:
++
+[source,terminal]
+----
+$ oc get storageclass <name> <1>
+----
+<1> Replace `<name>` with the name of the storage class. For example, `lvm-storageclass`.
++
+.Example output
+[source,terminal,options="nowrap",role="white-space-pre"]
+----
+NAME              PROVISIONER  RECLAIMPOLICY  VOLUMEBINDINGMODE     ALLOWVOLUMEEXPANSION  AGE
+lvm-storageclass  topolvm.io   Delete         WaitForFirstConsumer  true                  1s
+----
diff --git a/modules/lvms-creating-logical-volume-manager-cluster.adoc b/modules/lvms-creating-logical-volume-manager-cluster.adoc
index 0d2e586cf5d8..0c94fab3fdb9 100644
--- a/modules/lvms-creating-logical-volume-manager-cluster.adoc
+++ b/modules/lvms-creating-logical-volume-manager-cluster.adoc
@@ -2,12 +2,12 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-creating-lvms-cluster_{context}"]
-= Creating a Logical Volume Manager cluster on a {sno} worker node
+= Creating a Logical Volume Manager cluster on a worker node
 
-You can configure a {sno} worker node as a Logical Volume Manager cluster.
-On the control-plane {sno} node, {lvms} detects and uses the additional worker nodes when the new nodes become active in the cluster.
+You can configure a worker node as a Logical Volume Manager cluster.
+On the control-plane node, {lvms} detects and uses the additional worker nodes when the new nodes become active in the cluster.
 
 [NOTE]
 ====
@@ -17,7 +17,7 @@ When you create a Logical Volume Manager cluster, `StorageClass` and `LVMVolumeG
 `LVMVolumeGroup` CRs provide the back-end storage for the persistent volumes that you create.
 ====
 
-Perform the following procedure to create a Logical Volume Manager cluster on a {sno} worker node.
+Perform the following procedure to create a Logical Volume Manager cluster on a worker node.
 
 [NOTE]
 ====
@@ -30,12 +30,17 @@ You also can perform the same task by using the {product-title} web console.
 
 * You have logged in as a user with `cluster-admin` privileges.
 
-* You installed {lvms} in a {sno} cluster and have installed a worker node for use in the {sno} cluster.
+* You installed {lvms} in a cluster and have installed a worker node for use in the cluster.
 
 .Procedure
 
 . Create the `LVMCluster` custom resource (CR).
-
++
+[IMPORTANT]
+=====
+You can only create a single instance of the `LVMCluster` custom resource (CR) on an {product-title} cluster.
+=====
++
 .. Save the following YAML in the `lvmcluster.yaml` file:
 +
 [source,yaml]
@@ -47,30 +52,42 @@ metadata:
 spec:
   storage:
     deviceClasses:  <1>
-      - name: vg1
-        default: true <2>
-        deviceSelector:
+      - name: vg1 <2>
+        fstype: ext4 <3>
+        default: true <4>
+        deviceSelector: <5>
           paths:
           - /dev/disk/by-path/pci-0000:87:00.0-nvme-1
           - /dev/disk/by-path/pci-0000:88:00.0-nvme-1
+          - /dev/md/md-var
+          optionalPaths:
+          - /dev/disk/by-path/pci-0000:89:00.0-nvme-1
+          - /dev/disk/by-path/pci-0000:90:00.0-nvme-1
+          forceWipeDevicesAndDestroyAllData: true <6>
         thinPoolConfig:
           name: thin-pool-1
           sizePercent: 90
           overprovisionRatio: 10
-        nodeSelector: <3>
+        nodeSelector: <7>
           nodeSelectorTerms:
             - matchExpressions:
-                - key: app
-              operator: In
-              Values:
+              - key: app
+                operator: In
+                values:
                 - test1
 ----
 <1> To create multiple device storage classes in the cluster, create a YAML array under `deviceClasses` for each required storage class.
+If you add or remove a `deviceClass`, then the update reflects in the cluster only after deleting and recreating the `TopoLVM-Node` pod.
 Configure the local device paths of the disks as an array of values in the `deviceSelector` field.
 When configuring multiple device classes, you must specify the device path for each device.
-<2> Mandatory: The `LVMCluster` resource must contain a single default storage class. Set `default: false` for secondary device storage classes.
-If you are upgrading the `LVMCluster` resource from a previous version, you must specify a single default device class.
-<3> Optional: To control what worker nodes the `LVMCluster` CR is applied to, specify a set of node selector labels.
+<2> Specify a name for the LVM volume group (VG). To recover VGs from the previous {lvms} installation, you must set this field to the name of the VG that you want to recover. 
+You can only recover the VGs but not the logical volume associated with the VG.
+<3> Set `fstype` to `ext4` or `xfs`. By default, it is set to `xfs` if the setting is not specified.
+<4> Mandatory: The `LVMCluster` resource must contain a single default storage class. Set `default: false` for secondary device storage classes.
+If you are updating the `LVMCluster` resource from a previous version, you must specify a single default device class.
+<5> Optional. To control or restrict the volume group to your preferred devices, you can manually specify the local paths of the devices in the `deviceSelector` section of the `LVMCluster` YAML. The `paths` section refers to devices the `LVMCluster` adds, which means those paths must exist. The `optionalPaths` section refers to devices the `LVMCluster` might add. You must specify at least one of `paths` or `optionalPaths` when specifying the `deviceSelector` section. If you specify `paths`, it is not mandatory to specify `optionalPaths`. If you specify `optionalPaths`, it is not mandatory to specify `paths` but at least one optional path must be present on the node. If you do not specify any paths, then the `LVMCluster` adds the unused devices on the node. After a device is added to the `LVMCluster`, it cannot be removed.
+<6> Optional: To force wipe the selected disks, set `forceWipeDevicesAndDestroyAllData` to `true`. This parameter is set to `false` by default.
+<7> Optional: To control what worker nodes the `LVMCluster` CR is applied to, specify a set of node selector labels.
 The specified labels must be present on the node in order for the `LVMCluster` to be scheduled on that node.
 
 .. Create the `LVMCluster` CR:
@@ -91,6 +108,22 @@ The `LVMCluster` resource creates the following system-managed CRs:
 `LVMVolumeGroup`:: Tracks individual volume groups across multiple nodes.
 `LVMVolumeGroupNodeStatus`:: Tracks the status of the volume groups on a node.
 
+To recover VGs from the previous {lvms} installation, ensure that the following conditions are met:
+
+* VGs must not be corrupted.
+* VGs must have the `lvms` tag. For more information on adding tags to LVMS objects, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_logical_volumes/grouping-lvm-objects-with-tags_configuring-and-managing-logical-volumes#doc-wrapper[Grouping LVM objects with tags].
+
+[NOTE]
+====
+Wiping the disk can lead to inconsistencies in data integrity if any of the following conditions is met:
+
+* The disk is being used as swap space.
+* The disk is part of the Redundant Array of Independent Disks (RAID).
+* The disk is mounted.
+
+In this case, you must manually wipe the disk.
+====
+
 .Verification
 
 Verify that the `LVMCluster` resource has created the `StorageClass`, `LVMVolumeGroup`, and `LVMVolumeGroupNodeStatus` CRs.
@@ -203,4 +236,4 @@ spec:
         - /dev/nvme2n1
       name: vg1
       status: Ready
-----
+----
\ No newline at end of file
diff --git a/modules/lvms-creating-volume-clones-in-single-node-openshift.adoc b/modules/lvms-creating-volume-clones-in-single-node-openshift.adoc
index 50ed30840998..7f61ea1f16ad 100644
--- a/modules/lvms-creating-volume-clones-in-single-node-openshift.adoc
+++ b/modules/lvms-creating-volume-clones-in-single-node-openshift.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-creating-volume-clones-in-single-node-openshift_{context}"]
-= Creating volume clones in {sno}
+= Creating volume clones
 
 You create a clone of a volume to make a point-in-time copy of the data.
 A persistent volume claim (PVC) cannot be cloned with a different size.
@@ -19,6 +19,7 @@ The cloned PVC has write access.
 * You ensured that the PVC is in `Bound` state. This is required for a consistent snapshot.
 * You ensured that the `StorageClass` is the same as that of the source PVC.
 
+
 .Procedure
 
 . Identify the storage class of the source PVC.
diff --git a/modules/lvms-creating-volume-snapshots-in-single-node-openshift.adoc b/modules/lvms-creating-volume-snapshots-in-single-node-openshift.adoc
index 5445e38d9af2..c1f9fc6aa0d0 100644
--- a/modules/lvms-creating-volume-snapshots-in-single-node-openshift.adoc
+++ b/modules/lvms-creating-volume-snapshots-in-single-node-openshift.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-creating-volume-snapshots-in-single-node-openshift_{context}"]
-= Creating volume snapshots in {sno}
+= Creating volume snapshots
 
 You can create volume snapshots based on the available capacity of the thin pool and the overprovisioning limits.
 {lvms} creates a `VolumeSnapshotClass` with the `lvms-<deviceclass-name>` name.
@@ -16,7 +16,7 @@ You can create volume snapshots based on the available capacity of the thin pool
 
 .Procedure
 
-. Log in to the {sno} for which you need to run the `oc` command.
+. Log in to the {product-title} by running the `oc` command.
 . Save the following YAML to a file with a name such as `lvms-vol-snapshot.yaml`.
 +
 .Example YAML to create a volume snapshot
diff --git a/modules/lvms-deleting-cloned-volumes-in-single-node-openshift.adoc b/modules/lvms-deleting-cloned-volumes-in-single-node-openshift.adoc
index 598f40752947..4d957d919d00 100644
--- a/modules/lvms-deleting-cloned-volumes-in-single-node-openshift.adoc
+++ b/modules/lvms-deleting-cloned-volumes-in-single-node-openshift.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-deleting-cloned-volumes-in-single-node-openshift_{context}"]
-= Deleting cloned volumes in {sno}
+= Deleting cloned volumes
 
 You can delete cloned volumes.
 
diff --git a/modules/lvms-deleting-volume-snapshots-in-single-node-openshift.adoc b/modules/lvms-deleting-volume-snapshots-in-single-node-openshift.adoc
index f553c6cf9738..47509d00a16d 100644
--- a/modules/lvms-deleting-volume-snapshots-in-single-node-openshift.adoc
+++ b/modules/lvms-deleting-volume-snapshots-in-single-node-openshift.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-deleting-volume-snapshots-in-single-node-openshift_{context}"]
-= Deleting volume snapshots in {sno}
+= Deleting volume snapshots
 
 You can delete volume snapshots resources and persistent volume claims (PVCs).
 
diff --git a/modules/lvms-download-log-files-and-diagnostics.adoc b/modules/lvms-download-log-files-and-diagnostics.adoc
index 1768028dacff..455316637008 100644
--- a/modules/lvms-download-log-files-and-diagnostics.adoc
+++ b/modules/lvms-download-log-files-and-diagnostics.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-dowloading-log-files-and-diagnostics_{context}"]
 = Downloading log files and diagnostic information using must-gather
 
@@ -12,5 +12,5 @@ When {lvms} is unable to automatically resolve a problem, use the must-gather to
 +
 [source,terminal,subs="attributes+"]
 ----
-$ oc adm must-gather --image=registry.redhat.io/lvms4/lvms-must-gather-rhel8:v{product-version} --dest-dir=<directory-name>
+$ oc adm must-gather --image=registry.redhat.io/lvms4/lvms-must-gather-rhel9:v{product-version} --dest-dir=<directory-name>
 ----
\ No newline at end of file
diff --git a/modules/lvms-installing-logical-volume-manager-operator-disconnected-environment.adoc b/modules/lvms-installing-logical-volume-manager-operator-disconnected-environment.adoc
index 4847691b2d23..0eca2df10fec 100644
--- a/modules/lvms-installing-logical-volume-manager-operator-disconnected-environment.adoc
+++ b/modules/lvms-installing-logical-volume-manager-operator-disconnected-environment.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-installing-lvms-disconnected-env_{context}"]
 = Installing {lvms} in a disconnected environment
 
diff --git a/modules/lvms-installing-logical-volume-manager-operator-using-cli.adoc b/modules/lvms-installing-logical-volume-manager-operator-using-cli.adoc
index 862bf6c959ef..7f9b78bc3e5d 100644
--- a/modules/lvms-installing-logical-volume-manager-operator-using-cli.adoc
+++ b/modules/lvms-installing-logical-volume-manager-operator-using-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-lvms-operator-cli_{context}"]
 = Installing {lvms} with the CLI
 
@@ -88,46 +88,6 @@ spec:
 $ oc create -f lvms-sub.yaml
 ----
 
-. Create the `LVMCluster` resource:
-
-.. Save the following YAML in the `lvmcluster.yaml` file:
-+
-[source,yaml]
-----
-apiVersion: lvm.topolvm.io/v1alpha1
-kind: LVMCluster
-metadata:
- name: my-lvmcluster
- namespace: openshift-storage
-spec:
- storage:
-   deviceClasses:
-   - name: vg1
-     deviceSelector:
-       paths:
-       - /dev/disk/by-path/pci-0000:87:00.0-nvme-1
-       - /dev/disk/by-path/pci-0000:88:00.0-nvme-1
-     thinPoolConfig:
-       name: thin-pool-1
-       sizePercent: 90
-       overprovisionRatio: 10
-     nodeSelector:
-       nodeSelectorTerms:
-       - matchExpressions:
-        - key: app
-          operator: In
-          values:
-          - test1
-----
-
-.. Create the `LVMCluster` CR:
-+
-[source,yaml]
-----
-$ oc create -f lvmcluster.yaml
-----
-
-
 . To verify that the Operator is installed, enter the following command:
 +
 [source,terminal]
diff --git a/modules/lvms-installing-logical-volume-manager-operator-using-openshift-web-console.adoc b/modules/lvms-installing-logical-volume-manager-operator-using-openshift-web-console.adoc
index 7450e0c86024..ef9c14e504db 100644
--- a/modules/lvms-installing-logical-volume-manager-operator-using-openshift-web-console.adoc
+++ b/modules/lvms-installing-logical-volume-manager-operator-using-openshift-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-installing-lvms-with-web-console_{context}"]
 = Installing {lvms} with the web console
 
@@ -10,7 +10,7 @@ You can install {lvms-first} by using the Red Hat {product-title} OperatorHub.
 
 .Prerequisites
 
-* You have access to the {sno} cluster.
+* You have access to the cluster.
 * You are using an account with the `cluster-admin` and Operator installation permissions.
 
 .Procedure
@@ -26,7 +26,7 @@ You can install {lvms-first} by using the Red Hat {product-title} OperatorHub.
    If the `openshift-storage` namespace does not exist, it is created during the operator installation.
 .. *Approval Strategy* as *Automatic* or *Manual*.
 +
-If you select *Automatic* updates, then the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention.
+If you select *Automatic* updates, then the Operator Lifecycle Manager (OLM) automatically updates the running instance of your Operator without any intervention.
 +
 If you select *Manual* updates, then the OLM creates an update request.
 As a cluster administrator, you must then manually approve that update request to update the Operator to a newer version.
diff --git a/modules/lvms-installing-logical-volume-manager-operator-using-rhacm.adoc b/modules/lvms-installing-logical-volume-manager-operator-using-rhacm.adoc
index 59b2a2ae563c..745f52920f77 100644
--- a/modules/lvms-installing-logical-volume-manager-operator-using-rhacm.adoc
+++ b/modules/lvms-installing-logical-volume-manager-operator-using-rhacm.adoc
@@ -2,18 +2,18 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-installing-odf-logical-volume-manager-operator-using-rhacm_{context}"]
 = Installing {lvms} using {rh-rhacm}
 
-{lvms} is deployed on {sno} clusters using {rh-rhacm-first}.
+{lvms} is deployed on the clusters using {rh-rhacm-first}.
 You create a `Policy` object on {rh-rhacm} that deploys and configures the Operator when it is applied to managed clusters which match the selector specified in the `PlacementRule` resource.
 The policy is also applied to clusters that are imported later and satisfy the placement rule.
 
 .Prerequisites
 * Access to the {rh-rhacm} cluster using an account with `cluster-admin` and Operator installation permissions.
-* Dedicated disks on each {sno} cluster to be used by {lvms}.
-* The {sno} cluster needs to be managed by {rh-rhacm}, either imported or created.
+* Dedicated disks on each cluster to be used by {lvms}.
+* The cluster needs to be managed by {rh-rhacm}, either imported or created.
 
 .Procedure
 
@@ -135,6 +135,9 @@ spec:
                        paths:
                        - /dev/disk/by-path/pci-0000:87:00.0-nvme-1
                        - /dev/disk/by-path/pci-0000:88:00.0-nvme-1
+                       optionalPaths:
+                       - /dev/disk/by-path/pci-0000:89:00.0-nvme-1
+                       - /dev/disk/by-path/pci-0000:90:00.0-nvme-1
                      thinPoolConfig:
                        name: thin-pool-1
                        sizePercent: 90
@@ -149,8 +152,8 @@ spec:
         remediationAction: enforce
         severity: low
 ----
-<1> Replace the key and value in `PlacementRule.spec.clusterSelector` to match the labels set on the {sno} clusters on which you want to install {lvms}.
-<2> To control or restrict the volume group to your preferred disks, you can manually specify the local paths of the disks in the `deviceSelector` section of the `LVMCluster` YAML.
+<1> Replace the key and value in `PlacementRule.spec.clusterSelector` to match the labels set on the clusters on which you want to install {lvms}.
+<2> Optional. To control or restrict the volume group to your preferred devices, you can manually specify the local paths of the devices in the `deviceSelector` section of the `LVMCluster` YAML. The `paths` section refers to devices the `LVMCluster` adds, which means those paths must exist. The `optionalPaths` section refers to devices the `LVMCluster` might add. You must specify at least one of `paths` or `optionalPaths` when specifying the `deviceSelector` section. If you specify `paths`, it is not mandatory to specify `optionalPaths`. If you specify `optionalPaths`, it is not mandatory to specify `paths` but at least one optional path must be present on the node. If you do not specify any paths, it will add all unused devices on the node.
 <3> To add a node filter, which is a subset of the additional worker nodes, specify the required filter in the `nodeSelector` section. {lvms} detects and uses the additional worker nodes when the new nodes show up.
 +
 --
@@ -171,9 +174,9 @@ This `nodeSelector` node filter matching is not the same as the pod label matchi
 +
 This creates a `Policy`, a `PlacementRule`, and a `PlacementBinding` object in the `lvms-policy-ns` namespace.
 The policy creates a `Namespace`, `OperatorGroup`, `Subscription`, and `LVMCluster` resource on the clusters that match the placement rule.
-This deploys the Operator on the {sno} clusters which match the selection criteria and configures it to set up the required resources to provision storage.
+This deploys the Operator on the clusters which match the selection criteria and configures it to set up the required resources to provision storage.
 The Operator uses all the disks specified in the `LVMCluster` CR.
-If no disks are specified, the Operator uses all the unused disks on the {sno} node.
+If no disks are specified, the Operator uses all the unused disks on the node.
 +
 [IMPORTANT]
 ====
diff --git a/modules/lvms-integrating-software-raid-arrays.adoc b/modules/lvms-integrating-software-raid-arrays.adoc
new file mode 100644
index 000000000000..4d94f1880318
--- /dev/null
+++ b/modules/lvms-integrating-software-raid-arrays.adoc
@@ -0,0 +1,62 @@
+// Module included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="lvms-integrating-software-raid-arrays_{context}"]
+= Integrating software RAID arrays with LVM Storage
+
+You can create the Redundant Array of Independent Disks (RAID) array by using the `mdadm` utility, and integrate the RAID array with {lvms}. Logical Volume Manager (LVM) does not support creating a software RAID.
+
+You can integrate the RAID array with {lvms} while creating the `LVMCluster` custom resource (CR).
+
+.Prerequisites
+
+* You created a software RAID during the {product-title} installation.
++
+[IMPORTANT]
+====
+You can only create the RAID array during the installation of {product-title}.
+====
+
+* You have installed {lvms}.
+
+.Procedure
+
+. Open the `LVMCluster` CR YAML file.
++
+[NOTE]
+====
+If you have created the `LVMCluster` CR, edit the existing `LVMCluster` CR YAML file.
+====
+
+. Add the path to the RAID array in the `deviceSelector` field of the `LVMCluster` CR YAML file.
++
+.Example of RAID array paths in deviceSelector field
+[source,yaml]
+----
+apiVersion: lvm.topolvm.io/v1alpha1
+kind: LVMCluster
+metadata:
+  name: my-lvmcluster
+spec:
+  storage:
+    deviceClasses:
+# ...
+      deviceSelector:  <1>
+        paths:
+        - /dev/md/md-var  <2>
+        - /dev/md0  <3>
+        optionalPaths:
+# ...
+----
+<1> Contains the paths to the devices that are used to create the LVM volume group. You can specify the device paths in the `paths` field, the `optionalPaths` field, or both. You cannot remove or replace a device after adding it to the LVM volume group.
+<2> Example of a path to the RAID array that was created by using the `mdadm` utility. In this example, `md-var` is the RAID array.
+<3> In this device path example, `md0` is the RAID array
+
+. Save the `LVMCluster` CR YAML file.
+
+[NOTE]
+====
+If you do not add the path to the RAID array in the `deviceSelector` field, the {lvms} Operator does not recognize the RAID array.
+====
\ No newline at end of file
diff --git a/modules/lvms-limitations-for-creating-snapshots-and-clones.adoc b/modules/lvms-limitations-for-creating-snapshots-and-clones.adoc
new file mode 100644
index 000000000000..f82074533040
--- /dev/null
+++ b/modules/lvms-limitations-for-creating-snapshots-and-clones.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="lvms-limitations-for-creating-snapshots-and-clones_{context}"]
+= Limitations for creating volume snapshots and volume clones
+
+{lvms} has the following limitations for creating volume snapshots and volume clones in multi-node topology:
+
+* Creating volume snapshots and volume clones is based on the LVM thin pool capabilities.
+* The node must have additional storage after creating a volume snapshot and volume clone for further updating the original data source.
+* You can create volume snapshots and volume clones only on the node where you have deployed the original data source.
+* Pods relying on the persistent volume claim (PVC) that uses the snapshot data and clone data can be scheduled only on the node where you have deployed the original data source.
+* If the PVC is not present and available before creating a volume snapshot or volume clone, then the scheduler in multi-node {product-title} clusters does not provision the volume snapshots and volume clones on the node where you have deployed the original data source.
diff --git a/modules/lvms-monitoring-logical-volume-manager-operator.adoc b/modules/lvms-monitoring-logical-volume-manager-operator.adoc
index b53405cf920e..b91e39a16e6a 100644
--- a/modules/lvms-monitoring-logical-volume-manager-operator.adoc
+++ b/modules/lvms-monitoring-logical-volume-manager-operator.adoc
@@ -2,12 +2,11 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-monitoring-using-lvms_{context}"]
 = Monitoring {lvms}
 
-When {lvms} is installed using the {product-title} Web Console, you can monitor the cluster by using the *Block and File* dashboard in the console by default.
-However, when you use {rh-rhacm} to install {lvms}, you need to configure {rh-rhacm} Observability to monitor all the {sno} clusters from one place.
+When you use {rh-rhacm} to install {lvms}, you must configure {rh-rhacm} Observability to monitor all the clusters from one place.
 
 [id="lvms-monitoring-using-lvms-metrics_{context}"]
 == Metrics
diff --git a/modules/lvms-provisioning-storage-using-logical-volume-manager-operator.adoc b/modules/lvms-provisioning-storage-using-logical-volume-manager-operator.adoc
index ba8d6630f09b..93cfdb07fb57 100644
--- a/modules/lvms-provisioning-storage-using-logical-volume-manager-operator.adoc
+++ b/modules/lvms-provisioning-storage-using-logical-volume-manager-operator.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-provisioning-storage-using-lvms_{context}"]
 = Provisioning storage using {lvms}
 
diff --git a/modules/lvms-reference-file.adoc b/modules/lvms-reference-file.adoc
index e2a62503b872..11f0e5fa0fc0 100644
--- a/modules/lvms-reference-file.adoc
+++ b/modules/lvms-reference-file.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="lvms-reference-file_{context}"]
 = {lvms} reference YAML file
 
@@ -36,37 +36,41 @@ spec:
         paths:
         - /dev/disk/by-path/pci-0000:87:00.0-nvme-1
         - /dev/disk/by-path/pci-0000:88:00.0-nvme-1
+        optionalPaths:
         - /dev/disk/by-path/pci-0000:89:00.0-nvme-1
-      thinPoolConfig: <6>
-        name: thin-pool-1 <7>
-        sizePercent: 90 <8>
-        overprovisionRatio: 10 <9>
+        - /dev/disk/by-path/pci-0000:90:00.0-nvme-1
+        forceWipeDevicesAndDestroyAllData: true <6>
+      thinPoolConfig: <7>
+        name: thin-pool-1 <8>
+        sizePercent: 90 <9>
+        overprovisionRatio: 10 <10>
 status:
-    deviceClassStatuses: <10>
+    deviceClassStatuses: <11>
     - name: vg1
-      nodeStatus: <11>
-      - devices: <12>
+      nodeStatus: <12>
+      - devices: <13>
         - /dev/nvme0n1
         - /dev/nvme1n1
         - /dev/nvme2n1
-        node: my-node.example.com <13>
-        status: Ready <14>
-    ready: true <15>
-    state: Ready <16>
+        node: my-node.example.com <14>
+        status: Ready <15>
+    ready: true <16>
+    state: Ready <17>
 ----
 <1> The LVM volume groups to be created on the cluster. Currently, only a single `deviceClass` is supported.
 <2> The name of the LVM volume group to be created on the nodes.
 <3> The nodes on which to create the LVM volume group. If the field is empty, all nodes are considered.
 <4> A list of node selector requirements.
 <5> A list of device paths which is used to create the LVM volume group. If this field is empty, all unused disks on the node will be used.
-<6> The LVM thin pool configuration.
-<7> The name of the thin pool to be created in the LVM volume group.
-<8> The percentage of remaining space in the LVM volume group that should be used for creating the thin pool.
-<9> The factor by which additional storage can be provisioned compared to the available storage in the thin pool.
-<10> The status of the `deviceClass`.
-<11> The status of the LVM volume group on each node.
-<12> The list of devices used to create the LVM volume group.
-<13> The node on which the `deviceClass` was created.
-<14> The status of the LVM volume group on the node.
-<15> This field is deprecated.
-<16> The status of the `LVMCluster`.
+<6> To force wipe the selected disks, set this parameter to `true`. This parameter is set to `false` by default.
+<7> The LVM thin pool configuration.
+<8> The name of the thin pool to be created in the LVM volume group.
+<9> The percentage of remaining space in the LVM volume group that should be used for creating the thin pool.
+<10> The factor by which additional storage can be provisioned compared to the available storage in the thin pool.
+<11> The status of the `deviceClass`.
+<12> The status of the LVM volume group on each node.
+<13> The list of devices used to create the LVM volume group.
+<14> The node on which the `deviceClass` was created.
+<15> The status of the LVM volume group on the node.
+<16> This field is deprecated.
+<17> The status of the `LVMCluster`.
diff --git a/modules/lvms-restoring-volume-snapshots-in-single-node-openshift.adoc b/modules/lvms-restoring-volume-snapshots-in-single-node-openshift.adoc
index e8fe9e93d04d..6c3843233898 100644
--- a/modules/lvms-restoring-volume-snapshots-in-single-node-openshift.adoc
+++ b/modules/lvms-restoring-volume-snapshots-in-single-node-openshift.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-restoring-volume-snapshots-in-single-node-openshift_{context}"]
-= Restoring volume snapshots in {sno}
+= Restoring volume snapshots
 
 When you restore a volume snapshot, a new persistent volume claim (PVC) is created.
 The restored PVC is independent of the volume snapshot and the source PVC.
diff --git a/modules/lvms-scaling-storage-expand-pvc.adoc b/modules/lvms-scaling-storage-expand-pvc.adoc
index e1a2bf689a12..0f6751e59724 100644
--- a/modules/lvms-scaling-storage-expand-pvc.adoc
+++ b/modules/lvms-scaling-storage-expand-pvc.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-scaling-expand-pvc_{context}"]
 = Expanding PVCs
 
diff --git a/modules/lvms-scaling-storage-of-single-node-open-concept.adoc b/modules/lvms-scaling-storage-of-single-node-open-concept.adoc
index ea46fc692f85..12aaadb5e81f 100644
--- a/modules/lvms-scaling-storage-of-single-node-open-concept.adoc
+++ b/modules/lvms-scaling-storage-of-single-node-open-concept.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="lvms-scaling-storage-of-single-node-openshift-cluster-con_{context}"]
-= Scaling storage of {sno} clusters
+= Scaling storage of clusters
 
-The {product-title} supports additional worker nodes for {sno} clusters on bare-metal user-provisioned infrastructure.
+The {product-title} supports additional worker nodes for clusters on bare-metal user-provisioned infrastructure.
 {lvms} detects and uses the new additional worker nodes when the nodes show up.
\ No newline at end of file
diff --git a/modules/lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm.adoc b/modules/lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm.adoc
index 7cf76fdceb84..2a31ca95bb97 100644
--- a/modules/lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm.adoc
+++ b/modules/lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm.adoc
@@ -2,28 +2,27 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm_{context}"]
-= Scaling up storage by adding capacity to your {sno} cluster using {rh-rhacm}
+= Scaling up storage by adding capacity to your cluster using {rh-rhacm}
 
-You can scale the storage capacity of your configured worker nodes on a {sno} cluster using {rh-rhacm}.
+You can scale the storage capacity of your configured worker nodes on a cluster using {rh-rhacm}.
 
 .Prerequisites
 
-* You have access to the {rh-rhacm} cluster using an account with `cluster-admin` privilages.
-* You have additional unused disks on each {sno} cluster to be used by {lvms}.
+* You have access to the {rh-rhacm} cluster using an account with `cluster-admin` privileges.
+* You have additional unused devices on each cluster that {lvms} can use.
 
 .Procedure
 
 . Log in to the {rh-rhacm} CLI using your {product-title} credentials.
-. Find the disk that you want to add. The disk to be added needs to match with the device name and path of the existing disks.
-. To add capacity to the {sno} cluster, edit the `deviceSelector` section of the existing policy YAML, for example, `policy-lvms-operator.yaml`.
+. Find the device that you want to add. The device to be added needs to match with the device name and path of the existing devices.
+. To add capacity to the cluster, edit the `deviceSelector` section of the existing policy YAML, for example, `policy-lvms-operator.yaml`.
 
 +
 [NOTE]
 ====
-In case the `deviceSelector` field is not included during the `LVMCluster` creation, it is not possible to add the `deviceSelector` section to the CR.
-You need to remove the `LVMCluster` and then recreate from the new CR.
+In case the `deviceSelector` field is not included during the `LVMCluster` creation, it is not possible to add the `deviceSelector` section to the CR. You need to remove the `LVMCluster` and then recreate it from the new CR.
 ====
 
 +
@@ -130,11 +129,13 @@ spec:
                    deviceClasses:
                    - name: vg1
                      default: true
-                     deviceSelector:
+                     deviceSelector: <1>
                        paths:
                        - /dev/disk/by-path/pci-0000:87:00.0-nvme-1
                        - /dev/disk/by-path/pci-0000:88:00.0-nvme-1
-                       - /dev/disk/by-path/pci-0000:89:00.0-nvme-1 # new disk is added
+                       optionalPaths:
+                       - /dev/disk/by-path/pci-0000:89:00.0-nvme-1
+                       - /dev/disk/by-path/pci-0000:90:00.0-nvme-1
                      thinPoolConfig:
                        name: thin-pool-1
                        sizePercent: 90
@@ -149,6 +150,7 @@ spec:
         remediationAction: enforce
         severity: low
 ----
+<1> Optional. To control or restrict the volume group to your preferred devices, you can manually specify the local paths of the devices in the `deviceSelector` section of the `LVMCluster` YAML. The `paths` section refers to devices the `LVMCluster` adds, which means those paths must exist. The `optionalPaths` section refers to devices the `LVMCluster` might add. You must specify at least one of `paths` or `optionalPaths` when specifying the `deviceSelector` section. If you specify `paths`, it is not mandatory to specify `optionalPaths`. If you specify `optionalPaths`, it is not mandatory to specify `paths` but at least one optional path must be present on the node. If you do not specify any paths, it will add all unused devices on the node.
 
 . Edit the policy by running the following command:
 +
diff --git a/modules/lvms-scaling-storage-of-single-node-openshift-cluster.adoc b/modules/lvms-scaling-storage-of-single-node-openshift-cluster.adoc
index 94cba88a5737..4a1948af4157 100644
--- a/modules/lvms-scaling-storage-of-single-node-openshift-cluster.adoc
+++ b/modules/lvms-scaling-storage-of-single-node-openshift-cluster.adoc
@@ -2,19 +2,19 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-scaling-storage-of-single-node-openshift-cluster_{context}"]
-= Scaling up storage by adding capacity to your {sno} cluster
+= Scaling up storage by adding capacity to your cluster
 
-To scale the storage capacity of your configured worker nodes on a {sno} cluster, you can increase the capacity by adding disks.
+To scale the storage capacity of your configured worker nodes on a cluster, you can increase the capacity by adding disks.
 
 .Prerequisites
 
-* You have additional unused disks on each {sno} cluster to be used by {lvms}.
+* You have additional unused disks on each cluster to be used by {lvms}.
 
 .Procedure
 
-. Log in to {product-title} console of the {sno} cluster.
+. Log in to {product-title} console of the cluster.
 . From the *Operators* -> *Installed Operators* page, click on the *LVM Storage Operator* in the `openshift-storage` namespace.
 . Click on the *LVMCluster* tab to list the `LVMCluster` CR created on the cluster.
 . Select *Edit LVMCluster* from the *Actions* drop-down menu.
@@ -40,15 +40,16 @@ spec:
     deviceClasses:
     - name: vg1
       default: true
-      deviceSelector:
+      deviceSelector: <1>
         paths:
-        - /dev/disk/by-path/pci-0000:87:00.0-nvme-1 <1>
+        - /dev/disk/by-path/pci-0000:87:00.0-nvme-1
         - /dev/disk/by-path/pci-0000:88:00.0-nvme-1
-        - /dev/disk/by-path/pci-0000:89:00.0-nvme-1 <2>
+        optionalPaths:
+        - /dev/disk/by-path/pci-0000:89:00.0-nvme-1
+        - /dev/disk/by-path/pci-0000:90:00.0-nvme-1
       thinPoolConfig:
         name: thin-pool-1
         sizePercent: 90
         overprovisionRatio: 10
 ----
-<1> The path can be added by name (`/dev/sdb`) or by path.
-<2> A new disk is added.
+<1> Optional. To control or restrict the volume group to your preferred devices, you can manually specify the local paths of the devices in the `deviceSelector` section of the `LVMCluster` YAML. The `paths` section refers to devices the `LVMCluster` adds, which means those paths must exist. The `optionalPaths` section refers to devices the `LVMCluster` might add. You must specify at least one of `paths` or `optionalPaths` when specifying the `deviceSelector` section. If you specify `paths`, it is not mandatory to specify `optionalPaths`. If you specify `optionalPaths`, it is not mandatory to specify `paths` but at least one optional path must be present on the node. If you do not specify any paths, it will add all unused devices on the node.
diff --git a/modules/lvms-troubleshooting-investigating-a-pvc-stuck-in-the-pending-state.adoc b/modules/lvms-troubleshooting-investigating-a-pvc-stuck-in-the-pending-state.adoc
new file mode 100644
index 000000000000..b9c981fcf33e
--- /dev/null
+++ b/modules/lvms-troubleshooting-investigating-a-pvc-stuck-in-the-pending-state.adoc
@@ -0,0 +1,49 @@
+// This module is included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="investigating-a-pvc-stuck-in-the-pending-state_{context}"]
+= Investigating a PVC stuck in the Pending state
+
+A persistent volume claim (PVC) can get stuck in a `Pending` state for a number of reasons. For example:
+
+- Insufficient computing resources
+- Network problems
+- Mismatched storage class or node selector
+- No available volumes
+- The node with the persistent volume (PV) is in a `Not Ready` state
+
+Identify the cause by using the `oc describe` command to review details about the stuck PVC.
+
+.Procedure
+
+. Retrieve the list of PVCs by running the following command:
++
+[source,terminal]
+----
+$ oc get pvc
+----
++
+.Example output
+[source,terminal]
+----
+NAME        STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+lvms-test   Pending                                      lvms-vg1       11s
+----
+
+. Inspect the events associated with a PVC stuck in the `Pending` state by running the following command:
++
+[source,terminal]
+----
+$ oc describe pvc <pvc_name> <1>
+----
+<1> Replace `<pvc_name>` with the name of the PVC. For example, `lvms-vg1`.
++
+.Example output
+[source,terminal]
+----
+Type     Reason              Age               From                         Message
+----     ------              ----              ----                         -------
+Warning  ProvisioningFailed  4s (x2 over 17s)  persistentvolume-controller  storageclass.storage.k8s.io "lvms-vg1" not found
+----
\ No newline at end of file
diff --git a/modules/lvms-troubleshooting-performing-a-forced-cleanup.adoc b/modules/lvms-troubleshooting-performing-a-forced-cleanup.adoc
new file mode 100644
index 000000000000..8e53ef18ccf4
--- /dev/null
+++ b/modules/lvms-troubleshooting-performing-a-forced-cleanup.adoc
@@ -0,0 +1,97 @@
+// This module is included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="performing-a-forced-cleanup_{context}"]
+= Performing a forced cleanup
+
+If disk- or node-related problems persist after you complete the troubleshooting procedures, it might be necessary to perform a forced cleanup procedure. A forced cleanup is used to comprehensively address persistent issues and ensure the proper functioning of the LVMS.
+
+.Prerequisites
+
+. All of the persistent volume claims (PVCs) created using the logical volume manager storage (LVMS) driver have been removed.
+
+. The pods using those PVCs have been stopped.
+
+
+.Procedure
+
+. Switch to the `openshift-storage` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc project openshift-storage
+----
+
+. Ensure there is no `Logical Volume` custom resource (CR) remaining by running the following command:
++
+[source,terminal]
+----
+$ oc get logicalvolume
+----
++
+.Example output
+[source,terminal]
+----
+No resources found
+----
+
+.. If there are any `LogicalVolume` CRs remaining, remove their finalizers by running the following command:
++
+[source,terminal]
+----
+$ oc patch logicalvolume <name> -p '{"metadata":{"finalizers":[]}}' --type=merge <1>
+----
+<1> Replace `<name>` with the name of the CR.
+
+.. After removing their finalizers, delete the CRs by running the following command:
++
+[source,terminal]
+----
+$ oc delete logicalvolume <name> <1>
+----
+<1> Replace `<name>` with the name of the CR.
+
+. Make sure there are no `LVMVolumeGroup` CRs left by running the following command:
++
+[source,terminal]
+----
+$ oc get lvmvolumegroup
+----
++
+.Example output
+[source,terminal]
+----
+No resources found
+----
+
+.. If there are any `LVMVolumeGroup` CRs left, remove their finalizers by running the following command:
++
+[source,terminal]
+----
+$ oc patch lvmvolumegroup <name> -p '{"metadata":{"finalizers":[]}}' --type=merge <1>
+----
+<1> Replace `<name>` with the name of the CR.
+
+.. After removing their finalizers, delete the CRs by running the following command:
++
+[source,terminal]
+----
+$ oc delete lvmvolumegroup <name> <1>
+----
+<1> Replace `<name>` with the name of the CR.
+
+. Remove any `LVMVolumeGroupNodeStatus` CRs by running the following command:
++
+[source,terminal]
+----
+$ oc delete lvmvolumegroupnodestatus --all
+----
+
+. Remove the `LVMCluster` CR by running the following command:
++
+[source,terminal]
+----
+$ oc delete lvmcluster --all
+----
diff --git a/modules/lvms-troubleshooting-recovering-from-disk-failure.adoc b/modules/lvms-troubleshooting-recovering-from-disk-failure.adoc
new file mode 100644
index 000000000000..cdac4763e914
--- /dev/null
+++ b/modules/lvms-troubleshooting-recovering-from-disk-failure.adoc
@@ -0,0 +1,33 @@
+// This module is included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="recovering-from-disk-failure_{context}"]
+= Recovering from disk failure
+
+If you see a failure message while inspecting the events associated with the persistent volume claim (PVC), there might be a problem with the underlying volume or disk. Disk and volume provisioning issues often result with a generic error first, such as `Failed to provision volume with StorageClass <storage_class_name>`. A second, more specific error message usually follows.
+
+.Procedure
+
+. Inspect the events associated with a PVC by running the following command:
++
+[source,terminal]
+----
+$ oc describe pvc <pvc_name> <1>
+----
+<1> Replace `<pvc_name>` with the name of the PVC. Here are some examples of disk or volume failure error messages and their causes:
++
+- *Failed to check volume existence:* Indicates a problem in verifying whether the volume already exists. Volume verification failure can be caused by network connectivity problems or other failures.
++
+- *Failed to bind volume:* Failure to bind a volume can happen if the persistent volume (PV) that is available does not match the requirements of the PVC.
++
+- *FailedMount or FailedUnMount:* This error indicates problems when trying to mount the volume to a node or unmount a volume from a node. If the disk has failed, this error might appear when a pod tries to use the PVC.
++
+- *Volume is already exclusively attached to one node and can't be attached to another:* This error can appear with storage solutions that do not support `ReadWriteMany` access modes.
+
+. Establish a direct connection to the host where the problem is occurring.
+
+. Resolve the disk issue.
+
+After you have resolved the issue with the disk, you might need to perform the forced cleanup procedure if failure messages persist or reoccur.
\ No newline at end of file
diff --git a/modules/lvms-troubleshooting-recovering-from-missing-lvms-or-operator-components.adoc b/modules/lvms-troubleshooting-recovering-from-missing-lvms-or-operator-components.adoc
new file mode 100644
index 000000000000..dc9d1db062b3
--- /dev/null
+++ b/modules/lvms-troubleshooting-recovering-from-missing-lvms-or-operator-components.adoc
@@ -0,0 +1,77 @@
+// This module is included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="recovering-from-missing-lvms-or-operator-components_{context}"]
+= Recovering from missing LVMS or Operator components
+
+If you encounter a storage class "not found" error, check the `LVMCluster` resource and ensure that all the logical volume manager storage (LVMS) pods are running. You can create an `LVMCluster` resource if it does not exist.
+
+.Procedure
+
+. Verify the presence of the LVMCluster resource by running the following command:
++
+[source,terminal]
+----
+$ oc get lvmcluster -n openshift-storage
+----
++
+.Example output
+[source,terminal]
+----
+NAME            AGE
+my-lvmcluster   65m
+----
+
+. If the cluster doesn't have an `LVMCluster` resource, create one by running the following command:
++
+[source,terminal]
+----
+$ oc create -n openshift-storage -f <custom_resource> <1>
+----
+<1> Replace `<custom_resource>` with a custom resource URL or file tailored to your requirements.
++
+.Example custom resource
+[source,yaml,options="nowrap",role="white-space-pre"]
+----
+apiVersion: lvm.topolvm.io/v1alpha1
+kind: LVMCluster
+metadata:
+  name: my-lvmcluster
+spec:
+  storage:
+    deviceClasses:
+    - name: vg1
+      default: true
+      thinPoolConfig:
+        name: thin-pool-1
+        sizePercent: 90
+        overprovisionRatio: 10
+----
+
+. Check that all the pods from LVMS are in the `Running` state in the `openshift-storage` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n openshift-storage
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                  READY   STATUS    RESTARTS      AGE
+lvms-operator-7b9fb858cb-6nsml        3/3     Running   0             70m
+topolvm-controller-5dd9cf78b5-7wwr2   5/5     Running   0             66m
+topolvm-node-dr26h                    4/4     Running   0             66m
+vg-manager-r6zdv                      1/1     Running   0             66m
+----
++
+The expected output is one running instance of `lvms-operator` and `vg-manager`. One instance of `topolvm-controller` and `topolvm-node` is expected for each node.
++
+If `topolvm-node` is stuck in the `Init` state, there is a failure to locate an available disk for LVMS to use. To retrieve the information necessary to troubleshoot, review the logs of the `vg-manager` pod by running the following command:
++
+[source,terminal]
+----
+$ oc logs -l app.kubernetes.io/component=vg-manager -n openshift-storage
+----
diff --git a/modules/lvms-troubleshooting-recovering-from-node-failure.adoc b/modules/lvms-troubleshooting-recovering-from-node-failure.adoc
new file mode 100644
index 000000000000..17ab0696ae58
--- /dev/null
+++ b/modules/lvms-troubleshooting-recovering-from-node-failure.adoc
@@ -0,0 +1,34 @@
+// This module is included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="recovering-from-node-failure_{context}"]
+= Recovering from node failure
+
+Sometimes a persistent volume claim (PVC) is stuck in a `Pending` state because a particular node in the cluster has failed. To identify the failed node, you can examine the restart count of the `topolvm-node` pod. An increased restart count indicates potential problems with the underlying node, which may require further investigation and troubleshooting.
+
+.Procedure
+
+* Examine the restart count of the `topolvm-node` pod instances by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n openshift-storage
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                  READY   STATUS    RESTARTS      AGE
+lvms-operator-7b9fb858cb-6nsml        3/3     Running   0             70m
+topolvm-controller-5dd9cf78b5-7wwr2   5/5     Running   0             66m
+topolvm-node-dr26h                    4/4     Running   0             66m
+topolvm-node-54as8                    4/4     Running   0             66m
+topolvm-node-78fft                    4/4     Running   17 (8s ago)   66m
+vg-manager-r6zdv                      1/1     Running   0             66m
+vg-manager-990ut                      1/1     Running   0             66m
+vg-manager-an118                      1/1     Running   0             66m
+----
++
+After you resolve any issues with the node, you might need to perform the forced cleanup procedure if the PVC is still stuck in a `Pending` state.
\ No newline at end of file
diff --git a/modules/lvms-uninstalling-logical-volume-manager-operator-using-openshift-web-console.adoc b/modules/lvms-uninstalling-logical-volume-manager-operator-using-openshift-web-console.adoc
index 18d6507bc792..afa028c8620f 100644
--- a/modules/lvms-uninstalling-logical-volume-manager-operator-using-openshift-web-console.adoc
+++ b/modules/lvms-uninstalling-logical-volume-manager-operator-using-openshift-web-console.adoc
@@ -2,11 +2,11 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-unstalling-lvms-with-web-console_{context}"]
-= Uninstalling {lvms} installed using the OpenShift Web Console
+= Uninstalling {lvms} using the web console
 
-You can unstall {lvms} using the Red Hat OpenShift Container Platform Web Console.
+You can uninstall {lvms} using the {product-title} web console.
 
 .Prerequisites
 
@@ -14,7 +14,7 @@ You can unstall {lvms} using the Red Hat OpenShift Container Platform Web Consol
 * You deleted the persistent volume claims (PVCs) and persistent volumes (PVs) provisioned using {lvms}.
 * You deleted all volume snapshots provisioned by {lvms}.
 * You verified that no logical volume resources exist by using the `oc get logicalvolume` command.
-* You have access to the {sno} cluster using an account with `cluster-admin` permissions.
+* You have access to the cluster using an account with `cluster-admin` permissions.
 
 .Procedure
 
diff --git a/modules/lvms-uninstalling-logical-volume-manager-operator-using-rhacm.adoc b/modules/lvms-uninstalling-logical-volume-manager-operator-using-rhacm.adoc
index a1b84ea72735..fc5bc5ca04a5 100644
--- a/modules/lvms-uninstalling-logical-volume-manager-operator-using-rhacm.adoc
+++ b/modules/lvms-uninstalling-logical-volume-manager-operator-using-rhacm.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-uninstalling-lvms-rhacm_{context}"]
 = Uninstalling {lvms} installed using {rh-rhacm}
 
diff --git a/modules/lvms-unsupported-devices.adoc b/modules/lvms-unsupported-devices.adoc
new file mode 100644
index 000000000000..efa73ce1e2e5
--- /dev/null
+++ b/modules/lvms-unsupported-devices.adoc
@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="lvms-unsupported-devices_{context}"]
+= Devices not supported by {lvms}
+
+When you are adding the paths to the devices in the `deviceSelector` section of the `LVMCluster` YAML, ensure that the devices are supported by {lvms}. If you add paths to the unsupported devices, then {lvms} excludes the devices to avoid complexity in managing logical volumes.
+
+If you do not specify any device path in the `deviceSelector`, then {lvms} adds only the unused devices that it supports. 
+
+[NOTE]
+====
+To get information about the devices, run the following command:
+[source,terminal]
+----
+$ lsblk --paths --json -o \
+NAME,ROTA,TYPE,SIZE,MODEL,VENDOR,RO,STATE,KNAME,SERIAL,PARTLABEL,FSTYPE
+----
+====
+
+{lvms} does not support the following devices:
+
+Read-only devices:: Devices with the `ro` parameter set to `true`.
+
+Suspended devices:: Devices with the `state` parameter set to `suspended`.
+
+ROM devices:: Devices with the `type` parameter set to `rom`.
+
+LVM partition devices:: Devices with the `type` parameter set to `lvm`. 
+
+Devices with invalid partition labels:: Devices with the `partlabel` parameter set to `bios`, `boot`, or `reserved`.
+
+Devices with an invalid filesystem:: Devices with the `fstype` parameter set to any value other than `null` or `LVM2_member`.
++
+[IMPORTANT]
+====
+{lvms} supports devices with `fstype` parameter set to `LVM2_member` only if the devices do not contain children devices.
+====
+
+Devices that are part of another volume group:: To get the information about the volume groups of the device, run the following command:
++
+[source, terminal]
+----
+$ pvs <device-name> <1>
+----
+<1> Replace `<device-name>` with the device name.
+
+Devices with bind mounts:: To get the mount points of a device, run the following command:
++
+[source, terminal]
+----
+$ cat /proc/1/mountinfo | grep <device-name> <1>
+----
+<1> Replace `<device-name>` with the device name.
+
+Devices that contain children devices::
+
+[NOTE]
+====
+It is recommended to wipe the device before using it in {lvms} to prevent unexpected behavior.
+====
diff --git a/modules/lvms-upgrading-lvms-on-sno.adoc b/modules/lvms-upgrading-lvms-on-sno.adoc
index 105cffccb88a..edf4995517ba 100644
--- a/modules/lvms-upgrading-lvms-on-sno.adoc
+++ b/modules/lvms-upgrading-lvms-on-sno.adoc
@@ -2,21 +2,63 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="lvms-upgrading-lvms-on-sno_{context}"]
-= Upgrading {lvms} on {sno} clusters
+= Updating {lvms} on clusters
 
-Currently, it is not possible to upgrade from {rh-storage} Logical Volume Manager Operator 4.11 to {lvms} 4.12 on {sno} clusters.
+You can update the {lvms-first} Operator to ensure compatibility with your {product-title} version.
 
-[IMPORTANT]
-====
-The data will not be preserved during this process.
-====
+.Prerequisites
+
+* You have updated your cluster.
+
+* You have installed a previous version of the {lvms} Operator.
+
+* You have installed the OpenShift CLI (`oc`).
+
+* You have logged in as a user with `cluster-admin` privileges.
 
 .Procedure
 
-. Back up any data that you want to preserve on the persistent volume claims (PVCs).
-. Delete all PVCs provisioned by the {rh-storage} Logical Volume Manager Operator and their pods.
-. Reinstall {lvms} on {product-title} 4.12.
-. Recreate the workloads.
-. Copy the backup data to the PVCs created after upgrading to 4.12.
\ No newline at end of file
+. Update the `Subscription` resource for the {lvms} Operator by running the following command:
++
+[source,terminal]
+----
+$ oc patch subscription lvms-operator -n openshift-storage --type merge --patch '{"spec":{"channel":"<update-channel>"}}' <1>
+----
+<1> Replace `<update-channel>` with the version of the {lvms} Operator that you want to install, for example `stable-{product-version}`.
+
+. View the update events to check that the installation is complete by running the following command:
++
+[source,terminal]
+----
+$ oc get events -n openshift-storage
+----
++
+.Example output
+[source,terminal, subs="attributes"]
+----
+...
+8m13s       Normal    RequirementsUnknown   clusterserviceversion/lvms-operator.v{product-version}   requirements not yet checked
+8m11s       Normal    RequirementsNotMet    clusterserviceversion/lvms-operator.v{product-version}   one or more requirements couldn't be found
+7m50s       Normal    AllRequirementsMet    clusterserviceversion/lvms-operator.v{product-version}   all requirements found, attempting install
+7m50s       Normal    InstallSucceeded      clusterserviceversion/lvms-operator.v{product-version}   waiting for install components to report healthy
+7m49s       Normal    InstallWaiting        clusterserviceversion/lvms-operator.v{product-version}   installing: waiting for deployment lvms-operator to become ready: deployment "lvms-operator" waiting for 1 outdated replica(s) to be terminated
+7m39s       Normal    InstallSucceeded      clusterserviceversion/lvms-operator.v{product-version}   install strategy completed with no errors
+...
+----
+
+.Verification
+
+* Verify the version of the {lvms} Operator by running the following command:
++
+[source,terminal]
+----
+$ oc get subscription lvms-operator -n openshift-storage -o jsonpath='{.status.installedCSV}'
+----
++
+.Example output
+[source,terminal, subs="attributes"]
+----
+lvms-operator.v{product-version}
+----
\ No newline at end of file
diff --git a/modules/lvms-volume-clones-in-single-node-openshift.adoc b/modules/lvms-volume-clones-in-single-node-openshift.adoc
index 44bfc5d2241e..dc55d15a3f22 100644
--- a/modules/lvms-volume-clones-in-single-node-openshift.adoc
+++ b/modules/lvms-volume-clones-in-single-node-openshift.adoc
@@ -2,8 +2,8 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="lvms-volume-cloning-for-single-node-openshift-cluster_{context}"]
-= Volume cloning for {sno}
+= Volume cloning
 
 A clone is a duplicate of an existing storage volume that can be used like any standard volume.
\ No newline at end of file
diff --git a/modules/lvms-volume-snapshots-in-single-node-openshift.adoc b/modules/lvms-volume-snapshots-in-single-node-openshift.adoc
index 188216ca7d89..8bd3e00b7e10 100644
--- a/modules/lvms-volume-snapshots-in-single-node-openshift.adoc
+++ b/modules/lvms-volume-snapshots-in-single-node-openshift.adoc
@@ -2,9 +2,9 @@
 //
 // storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="lvms-volume-snapsot-for-sno_{context}"]
-= Volume snapshots for {sno}
+= Volume snapshots
 
 You can take volume snapshots of persistent volumes (PVs) that are provisioned by {lvms}.
 You can also create volume snapshots of the cloned volumes. Volume snapshots help you to do the following:
diff --git a/modules/machine-about-lifecycle.adoc b/modules/machine-about-lifecycle.adoc
new file mode 100644
index 000000000000..f2a59410747e
--- /dev/null
+++ b/modules/machine-about-lifecycle.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * machine_management/machine-phases-lifecycle.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="machine-about-lifecycle_{context}"]
+= The machine lifecycle
+
+The lifecycle begins with the request to provision a machine and continues until the machine no longer exists.
+
+//.Machine lifecycle
+//image::to-do-machine-lifecycle.png["The sequence of events in the machine lifecycle."]
+
+The machine lifecycle proceeds in the following order. Interruptions due to errors or lifecycle hooks are not included in this overview.
+
+. There is a request to provision a new machine for one of the following reasons:
+** A cluster administrator scales a machine set such that it requires additional machines.
+** An autoscaling policy scales machine set such that it requires additional machines.
+** A machine that is managed by a machine set fails or is deleted and the machine set creates a replacement to maintain the required number of machines.
+
+. The machine enters the `Provisioning` phase.
+
+. The infrastructure provider creates an instance for the machine.
+
+. The machine has a provider ID or address and enters the `Provisioned` phase.
+
+. The Ignition configuration file is processed.
+
+. The kubelet issues a certificate signing request (CSR).
+
+. The cluster machine approver approves the CSR.
+
+. The machine becomes a node and enters the `Running` phase.
+
+. An existing machine is slated for deletion for one of the following reasons:
+** A user with `cluster-admin` permissions uses the `oc delete machine` command.
+** The machine gets a `machine.openshift.io/delete-machine` annotation.
+** The machine set that manages the machine marks it for deletion to reduce the replica count as part of reconciliation.
+** The cluster autoscaler identifies a node that is unnecessary to meet the deployment needs of the cluster.
+** A machine health check is configured to replace an unhealthy machine.
+
+. The machine enters the `Deleting` phase, in which it is marked for deletion but is still present in the API.
+
+. The machine controller removes the instance from the infrastructure provider.
+
+. The machine controller deletes the `Node` object.
\ No newline at end of file
diff --git a/modules/machine-about-phases.adoc b/modules/machine-about-phases.adoc
new file mode 100644
index 000000000000..b524020e4f2b
--- /dev/null
+++ b/modules/machine-about-phases.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * machine_management/machine-phases-lifecycle.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="machine-about-phases_{context}"]
+= Machine phases
+
+As a machine moves through its lifecycle, it passes through different phases. Each phase is a basic representation of the state of the machine.
+
+`Provisioning`:: There is a request to provision a new machine. The machine does not yet exist and does not have an instance, a provider ID, or an address.
+
+`Provisioned`:: The machine exists and has a provider ID or an address. The cloud provider has created an instance for the machine. The machine has not yet become a node and the `status.nodeRef` section of the machine object is not yet populated.
+
+`Running`:: The machine exists and has a provider ID or address. Ignition has run successfully and the cluster machine approver has approved a certificate signing request (CSR). The machine has become a node and the `status.nodeRef` section of the machine object contains node details.
+
+`Deleting`:: There is a request to delete the machine. The machine object has a `DeletionTimestamp` field that indicates the time of the deletion request.
+
+`Failed`:: There is an unrecoverable problem with the machine. This can happen, for example, if the cloud provider deletes the instance for the machine.
\ No newline at end of file
diff --git a/modules/machine-adding-aws-compute-cloudformation.adoc b/modules/machine-adding-aws-compute-cloudformation.adoc
index eeafd8a953ed..5e38cd4d3ed1 100644
--- a/modules/machine-adding-aws-compute-cloudformation.adoc
+++ b/modules/machine-adding-aws-compute-cloudformation.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/user_infra/adding-aws-compute-user-infra.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-adding-aws-compute-cloudformation_{context}"]
 = Adding more compute machines to your AWS cluster by using CloudFormation templates
 
diff --git a/modules/machine-api-capability.adoc b/modules/machine-api-capability.adoc
new file mode 100644
index 000000000000..5d6c226b6a4c
--- /dev/null
+++ b/modules/machine-api-capability.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * installing/cluster-capabilities.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="machine-api-capability_{context}"]
+= Machine API capability
+
+[discrete]
+== Purpose
+
+The `machine-api-operator`, `cluster-autoscaler-operator`, and `cluster-control-plane-machine-set-operator` Operators provide the features for the `MachineAPI` capability. You can disable this capability only if you install a cluster with user-provisioned infrastructure.
+
+The Machine API capability is responsible for all machine configuration and management in the cluster. If you disable the Machine API capability during installation, you need to manage all machine-related tasks manually.
diff --git a/modules/machine-api-overview.adoc b/modules/machine-api-overview.adoc
index 132270d780de..5731f3270468 100644
--- a/modules/machine-api-overview.adoc
+++ b/modules/machine-api-overview.adoc
@@ -11,8 +11,9 @@
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc
+// * windows_containers/creating_windows_machinesets/creating-windows-machineset-nutanix.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-api-overview_{context}"]
 = Machine API overview
 
@@ -22,7 +23,7 @@ For {product-title} {product-version} clusters, the Machine API performs all nod
 
 The two primary resources are:
 
-Machines:: A fundamental unit that describes the host for a node. A machine has a `providerSpec` specification, which describes the types of compute nodes that are offered for different cloud platforms. For example, a machine type for a worker node on Amazon Web Services (AWS) might define a specific machine type and required metadata.
+Machines:: A fundamental unit that describes the host for a node. A machine has a `providerSpec` specification, which describes the types of compute nodes that are offered for different cloud platforms. For example, a machine type for a compute node might define a specific machine type and required metadata.
 
 Machine sets:: `MachineSet` resources are groups of compute machines. Compute machine sets are to compute machines as replica sets are to pods. If you need more compute machines or must scale them down, you change the `replicas` field on the `MachineSet` resource to meet your compute need.
 +
diff --git a/modules/machine-autoscaler-about.adoc b/modules/machine-autoscaler-about.adoc
index 8799cfb61101..61ed8808a0e8 100644
--- a/modules/machine-autoscaler-about.adoc
+++ b/modules/machine-autoscaler-about.adoc
@@ -3,7 +3,7 @@
 // * machine_management/applying-autoscaling.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-autoscaler-about_{context}"]
 = About the machine autoscaler
 
diff --git a/modules/machine-autoscaler-cr.adoc b/modules/machine-autoscaler-cr.adoc
index b78861a2c98e..e33afbd0dd32 100644
--- a/modules/machine-autoscaler-cr.adoc
+++ b/modules/machine-autoscaler-cr.adoc
@@ -3,9 +3,9 @@
 // * machine_management/applying-autoscaling.adoc
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machine-autoscaler-cr_{context}"]
-= MachineAutoscaler resource definition
+= Machine autoscaler resource definition
 
 This `MachineAutoscaler` resource definition shows the parameters and sample values for the machine autoscaler.
 
diff --git a/modules/machine-config-drift-detection.adoc b/modules/machine-config-drift-detection.adoc
index 34d7ad6e846e..6866e93b4aac 100644
--- a/modules/machine-config-drift-detection.adoc
+++ b/modules/machine-config-drift-detection.adoc
@@ -2,11 +2,11 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-config-drift-detection_{context}"]
 = Understanding configuration drift detection
 
-There might be situations when the on-disk state of a node differs from what is configured in the machine config. This is known as _configuration drift_. For example, a cluster admin might manually modify a file, a systemd unit file, or a file permission that was configured through a machine config. This causes configuration drift. Configuration drift can cause problems between nodes in a Machine Config Pool or when the machine configs are updated.  
+There might be situations when the on-disk state of a node differs from what is configured in the machine config. This is known as _configuration drift_. For example, a cluster admin might manually modify a file, a systemd unit file, or a file permission that was configured through a machine config. This causes configuration drift. Configuration drift can cause problems between nodes in a Machine Config Pool or when the machine configs are updated.
 
 The Machine Config Operator (MCO) uses the Machine Config Daemon (MCD) to check nodes for configuration drift on a regular basis. If detected, the MCO sets the node and the machine config pool (MCP) to `Degraded` and reports the error. A degraded node is online and operational, but, it cannot be updated.
 
@@ -21,7 +21,7 @@ The MCD performs configuration drift detection upon each of the following condit
 If you apply a new machine config to the nodes, the MCD temporarily shuts down configuration drift detection. This shutdown is needed because the new machine config necessarily differs from the machine config on the nodes. After the new machine config is applied, the MCD restarts detecting configuration drift using the new machine config.
 ====
 
-When performing configuration drift detection, the MCD validates that the file contents and permissions fully match what the currently-applied machine config specifies. Typically, the MCD detects configuration drift in less than a second after the detection is triggered. 
+When performing configuration drift detection, the MCD validates that the file contents and permissions fully match what the currently-applied machine config specifies. Typically, the MCD detects configuration drift in less than a second after the detection is triggered.
 
 If the MCD detects configuration drift, the MCD performs the following tasks:
 
@@ -101,6 +101,6 @@ contents or change the file permissions.
 +
 [NOTE]
 ====
-Generating a force file on a node causes that node to reboot. 
+Generating a force file on a node causes that node to reboot.
 ====
 
diff --git a/modules/machine-config-overview.adoc b/modules/machine-config-overview.adoc
index 948baf52b32e..390cbea8c32b 100644
--- a/modules/machine-config-overview.adoc
+++ b/modules/machine-config-overview.adoc
@@ -3,12 +3,14 @@
 // * operators/operator-reference.adoc
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-config-overview-{context}"]
 = Machine config overview
 
 The Machine Config Operator (MCO) manages updates to systemd, CRI-O and Kubelet, the kernel, Network Manager and other system features. It also offers a `MachineConfig` CRD that can write configuration files onto the host (see link:https://github.com/openshift/machine-config-operator#machine-config-operator[machine-config-operator]). Understanding what MCO does and how it interacts with other components is critical to making advanced, system-level changes to an {product-title} cluster. Here are some things you should know about MCO, machine configs, and how they are used:
 
+* Machine configs are processed alphabetically, in lexicographically increasing order, of their name. The render controller uses the first machine config in the list as the base and appends the rest to the base machine config.
+
 * A machine config can make a specific change to a file or service on the operating system of each system representing a pool of {product-title} nodes.
 
 * MCO applies changes to operating systems in pools of machines. All {product-title} clusters start with worker and control plane node pools. By adding more role labels, you can configure custom pools of nodes. For example, you can set up a custom pool of worker nodes that includes particular hardware features needed by an application. However, examples in this section focus on changes to the default pool types.
@@ -21,7 +23,7 @@ A node can have multiple labels applied that indicate its type, such as `master`
 * After a machine config change, the MCO updates the affected nodes alphabetically by zone, based on the `topology.kubernetes.io/zone` label. If a zone has more than one node, the oldest nodes are updated first. For nodes that do not use zones, such as in bare metal deployments, the nodes are upgraded by age, with the oldest nodes updated first. The MCO updates the number of nodes as specified by the `maxUnavailable` field on the machine configuration pool at a time.
 
 * Some machine configuration must be in place before {product-title} is installed to disk. In most cases, this can be accomplished by creating
-a machine config that is injected directly into the {product-title} installer process, instead of running as a post-installation machine config. In other cases, you might need to do bare metal installation where you pass kernel arguments at {product-title} installer startup, to do such things as setting per-node individual IP addresses or advanced disk partitioning.
+a machine config that is injected directly into the {product-title} installer process, instead of running as a postinstallation machine config. In other cases, you might need to do bare metal installation where you pass kernel arguments at {product-title} installer startup, to do such things as setting per-node individual IP addresses or advanced disk partitioning.
 
 * MCO manages items that are set in machine configs. Manual changes you do to your systems will not be overwritten by MCO, unless MCO is explicitly told to manage a conflicting file. In other words, MCO only makes specific updates you request, it does not claim control over the whole node.
 
@@ -46,21 +48,21 @@ The kinds of components that MCO can change include:
 * **config**: Create Ignition config objects (see the link:https://coreos.github.io/ignition/configuration-v3_2/[Ignition configuration specification]) to do things like modify files, systemd services, and other features on {product-title} machines, including:
 - **Configuration files**: Create or overwrite files in the `/var` or `/etc` directory.
 - **systemd units**: Create and set the status of a systemd service or add to an existing systemd service by dropping in additional settings.
-- **users and groups**: Change SSH keys in the passwd section post-installation.
+- **users and groups**: Change SSH keys in the passwd section postinstallation.
 +
 [IMPORTANT]
 ====
-* Changing SSH keys by using a machine config is supported only for the `core` user. 
+* Changing SSH keys by using a machine config is supported only for the `core` user.
 * Adding new users by using a machine config is not supported.
 ====
 * **kernelArguments**: Add arguments to the kernel command line when {product-title} nodes boot.
-* **kernelType**: Optionally identify a non-standard kernel to use instead of the standard kernel. Use `realtime` to use the RT kernel (for RAN). This is only supported on select platforms.
+* **kernelType**: Optionally identify a non-standard kernel to use instead of the standard kernel. Use `realtime` to use the RT kernel (for RAN). This is only supported on select platforms. Use the `64k-pages` parameter to enable the 64k page size kernel. This setting is exclusive to machines with 64-bit ARM architectures.
 ifndef::openshift-origin[]
-* **fips**: Enable link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#using-the-system-wide-cryptographic-policies_security-hardening[FIPS] mode. FIPS should be set at installation-time setting and not a post-installation procedure.
+* **fips**: Enable link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#using-the-system-wide-cryptographic-policies_security-hardening[FIPS] mode. FIPS should be set at installation-time setting and not a postinstallation procedure.
 
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on `x86_64`, `ppc64le`, and `s390x` architectures.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 endif::openshift-origin[]
 * **extensions**: Extend {op-system} features by adding selected pre-packaged software. For this feature, available extensions include link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#protecting-systems-against-intrusive-usb-devices_security-hardening[usbguard] and kernel modules.
@@ -68,7 +70,7 @@ endif::openshift-origin[]
 
 The MCO is not the only Operator that can change operating system components on {product-title} nodes. Other Operators can modify operating system-level features as well. One example is the Node Tuning Operator, which allows you to do node-level tuning through Tuned daemon profiles.
 
-Tasks for the MCO configuration that can be done post-installation are included in the following procedures. See descriptions of {op-system} bare metal installation for system configuration tasks that must be done during or before {product-title} installation.
+Tasks for the MCO configuration that can be done postinstallation are included in the following procedures. See descriptions of {op-system} bare metal installation for system configuration tasks that must be done during or before {product-title} installation.
 
 There might be situations where the configuration on a node does not fully match what the currently-applied machine config specifies. This state is called _configuration drift_. The Machine Config Daemon (MCD) regularly checks the nodes for configuration drift. If the MCD detects configuration drift, the MCO marks the node `degraded` until an administrator corrects the node configuration. A degraded node is online and operational, but, it cannot be updated. For more information on configuration drift, see _Understanding configuration drift detection_.
 
diff --git a/modules/machine-delete.adoc b/modules/machine-delete.adoc
index b7d5422a0589..67399cb2d212 100644
--- a/modules/machine-delete.adoc
+++ b/modules/machine-delete.adoc
@@ -3,7 +3,7 @@
 // * machine_management/deleting-machine.adoc
 // * windows_containers/removing-windows-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-delete_{context}"]
 = Deleting a specific machine
 
diff --git a/modules/machine-determine-phase-cli.adoc b/modules/machine-determine-phase-cli.adoc
new file mode 100644
index 000000000000..c937a7b132ca
--- /dev/null
+++ b/modules/machine-determine-phase-cli.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * machine_management/machine-phases-lifecycle.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="machine-determine-phase-cli_{context}"]
+= Determining the phase of a machine by using the CLI
+
+You can find the phase of a machine by using the {oc-first}.
+
+.Prerequisites
+
+* You have access to an {product-title} cluster using an account with `cluster-admin` permissions.
+* You have installed the `oc` CLI.
+
+.Procedure
+
+* List the machines on the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc get machine -n openshift-machine-api
+----
++
+.Example output
++
+[source,text]
+----
+NAME                                      PHASE     TYPE         REGION      ZONE         AGE
+mycluster-5kbsp-master-0                  Running   m6i.xlarge   us-west-1   us-west-1a   4h55m
+mycluster-5kbsp-master-1                  Running   m6i.xlarge   us-west-1   us-west-1b   4h55m
+mycluster-5kbsp-master-2                  Running   m6i.xlarge   us-west-1   us-west-1a   4h55m
+mycluster-5kbsp-worker-us-west-1a-fmx8t   Running   m6i.xlarge   us-west-1   us-west-1a   4h51m
+mycluster-5kbsp-worker-us-west-1a-m889l   Running   m6i.xlarge   us-west-1   us-west-1a   4h51m
+mycluster-5kbsp-worker-us-west-1b-c8qzm   Running   m6i.xlarge   us-west-1   us-west-1b   4h51m
+----
++
+The `PHASE` column of the output contains the phase of each machine.
\ No newline at end of file
diff --git a/modules/machine-determine-phase-gui.adoc b/modules/machine-determine-phase-gui.adoc
new file mode 100644
index 000000000000..43c6befb59db
--- /dev/null
+++ b/modules/machine-determine-phase-gui.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * machine_management/machine-phases-lifecycle.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="machine-determine-phase-gui_{context}"]
+= Determining the phase of a machine by using the web console
+
+You can find the phase of a machine by using the {product-title} web console.
+
+.Prerequisites
+
+* You have access to an {product-title} cluster using an account with `cluster-admin` permissions.
+
+.Procedure
+
+. Log in to the web console as a user with the `cluster-admin` role.
+
+. Navigate to *Compute* -> *Machines*.
+
+. On the *Machines* page, select the name of the machine that you want to find the phase of.
+
+. On the *Machine details* page, select the *YAML* tab.
+
+. In the YAML block, find the value of the `status.phase` field.
++
+.Example YAML snippet
++
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: Machine
+metadata:
+  name: mycluster-5kbsp-worker-us-west-1a-fmx8t
+# ...
+status:
+  phase: Running # <1>
+----
+<1> In this example, the phase is `Running`.
\ No newline at end of file
diff --git a/modules/machine-edge-pool-review-nodes.adoc b/modules/machine-edge-pool-review-nodes.adoc
index de108e5aaa10..2029d16dd66a 100644
--- a/modules/machine-edge-pool-review-nodes.adoc
+++ b/modules/machine-edge-pool-review-nodes.adoc
@@ -1,7 +1,8 @@
 // Module included in the following assemblies
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-edge-pool-review-nodes_{context}"]
 = Verifying nodes that were created with edge compute pool
 
@@ -28,7 +29,7 @@ cluster-7xw5g-worker-us-east-1c       1         1         1       1           3h
 +
 [source,terminal]
 ----
-$ oc get machines -n openshift-machine-api 
+$ oc get machines -n openshift-machine-api
 ----
 +
 .Example output
diff --git a/modules/machine-health-checks-about.adoc b/modules/machine-health-checks-about.adoc
index d669e0ce68e2..00067a848118 100644
--- a/modules/machine-health-checks-about.adoc
+++ b/modules/machine-health-checks-about.adoc
@@ -3,13 +3,13 @@
 // * machine_management/deploying-machine-health-checks.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-health-checks-about_{context}"]
 = About machine health checks
 
 [NOTE]
 ====
-You can only apply a machine health check to control plane machines on clusters that use control plane machine sets.
+You can only apply a machine health check to machines that are managed by compute machine sets or control plane machine sets.
 ====
 
 To monitor machine health, create a resource to define the configuration for a controller. Set a condition to check, such as staying in the `NotReady` status for five minutes or displaying a permanent condition in the node-problem-detector, and a label for the set of machines to monitor.
diff --git a/modules/machine-health-checks-creating.adoc b/modules/machine-health-checks-creating.adoc
index 74f5f4ce891e..f3b6f269f8cf 100644
--- a/modules/machine-health-checks-creating.adoc
+++ b/modules/machine-health-checks-creating.adoc
@@ -3,7 +3,7 @@
 // * machine_management/deploying-machine-health-checks.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-health-checks-creating_{context}"]
 = Creating a machine health check resource
 
@@ -11,7 +11,7 @@ You can create a `MachineHealthCheck` resource for machine sets in your cluster.
 
 [NOTE]
 ====
-You can only apply a machine health check to control plane machines on clusters that use control plane machine sets.
+You can only apply a machine health check to machines that are managed by compute machine sets or control plane machine sets.
 ====
 
 .Prerequisites
diff --git a/modules/machine-health-checks-pausing-web-console.adoc b/modules/machine-health-checks-pausing-web-console.adoc
index 5638634d320c..d6713bbd040c 100644
--- a/modules/machine-health-checks-pausing-web-console.adoc
+++ b/modules/machine-health-checks-pausing-web-console.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 
-// * updating/updating-cluster-within-minor.adoc
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-health-checks-pausing-web-console_{context}"]
 = Pausing a MachineHealthCheck resource by using the web console
 
diff --git a/modules/machine-health-checks-pausing.adoc b/modules/machine-health-checks-pausing.adoc
index 7e7fd69e06ce..cbfab5129066 100644
--- a/modules/machine-health-checks-pausing.adoc
+++ b/modules/machine-health-checks-pausing.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 
-// * updating/updating-cluster-cli.adoc
-// * updating/updating-cluster-within-minor.adoc
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating_a_cluster/updating-cluster-cli.adoc
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-health-checks-pausing_{context}"]
 = Pausing a MachineHealthCheck resource
 
diff --git a/modules/machine-lifecycle-hook-deletion-etcd.adoc b/modules/machine-lifecycle-hook-deletion-etcd.adoc
index f01a1677df45..218ce5cdd08b 100644
--- a/modules/machine-lifecycle-hook-deletion-etcd.adoc
+++ b/modules/machine-lifecycle-hook-deletion-etcd.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/deleting-machine.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-lifecycle-hook-deletion-etcd_{context}"]
 = Quorum protection with machine lifecycle hooks
 
diff --git a/modules/machine-lifecycle-hook-deletion-format.adoc b/modules/machine-lifecycle-hook-deletion-format.adoc
index 442e40aef11d..e5a40cac70a7 100644
--- a/modules/machine-lifecycle-hook-deletion-format.adoc
+++ b/modules/machine-lifecycle-hook-deletion-format.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/deleting-machine.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machine-lifecycle-hook-deletion-format_{context}"]
 = Deletion lifecycle hook configuration
 
diff --git a/modules/machine-lifecycle-hook-deletion-uses.adoc b/modules/machine-lifecycle-hook-deletion-uses.adoc
index ca7c3846cefe..8fa8910d02ef 100644
--- a/modules/machine-lifecycle-hook-deletion-uses.adoc
+++ b/modules/machine-lifecycle-hook-deletion-uses.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/deleting-machine.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-lifecycle-hook-deletion-uses_{context}"]
 = Machine deletion lifecycle hook examples for Operator developers
 
diff --git a/modules/machine-lifecycle-hook-deletion.adoc b/modules/machine-lifecycle-hook-deletion.adoc
index 336c62a81a4f..581eb52339d5 100644
--- a/modules/machine-lifecycle-hook-deletion.adoc
+++ b/modules/machine-lifecycle-hook-deletion.adoc
@@ -5,7 +5,7 @@
 
 //Placement considerations: Is this general info? Does it go with deletion docs? CPMS docs? etcd docs? Possibly some combo of those, or perhaps etcd as an example of a use case?
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-lifecycle-hook-deletion_{context}"]
 = Lifecycle hooks for the machine deletion phase
 
diff --git a/modules/machine-node-custom-partition.adoc b/modules/machine-node-custom-partition.adoc
index dd35e1c92c23..5d23fb6dd2c7 100644
--- a/modules/machine-node-custom-partition.adoc
+++ b/modules/machine-node-custom-partition.adoc
@@ -4,7 +4,7 @@
 // * machine_management/
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-node-custom-partition_{context}"]
 = Adding a new {op-system} worker node with a custom `/var` partition in AWS
 
@@ -114,7 +114,7 @@ $ oc get secret worker-user-data --template='{{index .data.disableTemplating | b
 $ oc create secret generic worker-user-data-x5 --from-file=userData=userData.txt --from-file=disableTemplating=disableTemplating.txt
 ----
 
-. Create a new compute machine set for the new node: 
+. Create a new compute machine set for the new node:
 
 .. Create a new compute machine set YAML file, similar to the following, which is configured for AWS. Add the required partitions and the newly-created user data secret:
 +
@@ -236,13 +236,13 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS   ROLES    AGE     VERSION
-ip-10-0-128-78.ec2.internal    Ready    worker   117m    v1.26.0
-ip-10-0-146-113.ec2.internal   Ready    master   127m    v1.26.0
-ip-10-0-153-35.ec2.internal    Ready    worker   118m    v1.26.0
-ip-10-0-176-58.ec2.internal    Ready    master   126m    v1.26.0
-ip-10-0-217-135.ec2.internal   Ready    worker   2m57s   v1.26.0 <1>
-ip-10-0-225-248.ec2.internal   Ready    master   127m    v1.26.0
-ip-10-0-245-59.ec2.internal    Ready    worker   116m    v1.26.0
+ip-10-0-128-78.ec2.internal    Ready    worker   117m    v1.28.5
+ip-10-0-146-113.ec2.internal   Ready    master   127m    v1.28.5
+ip-10-0-153-35.ec2.internal    Ready    worker   118m    v1.28.5
+ip-10-0-176-58.ec2.internal    Ready    master   126m    v1.28.5
+ip-10-0-217-135.ec2.internal   Ready    worker   2m57s   v1.28.5 <1>
+ip-10-0-225-248.ec2.internal   Ready    master   127m    v1.28.5
+ip-10-0-245-59.ec2.internal    Ready    worker   116m    v1.28.5
 ----
 <1> This is new new node.
 
diff --git a/modules/machine-user-infra-machines-ibm-z-kvm.adoc b/modules/machine-user-infra-machines-ibm-z-kvm.adoc
new file mode 100644
index 000000000000..72471a526914
--- /dev/null
+++ b/modules/machine-user-infra-machines-ibm-z-kvm.adoc
@@ -0,0 +1,132 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z-kvm.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="machine-user-infra-machines-ibm-z-kvm_{context}"]
+= Creating {op-system} machines using `virt-install`
+
+You can create more {op-system-first} compute machines for your cluster by using `virt-install`.
+
+.Prerequisites
+
+* You have at least one LPAR running on {op-system-base} 8.7 or later with KVM, referred to as {op-system-base} KVM host in this procedure.
+* The KVM/QEMU hypervisor is installed on the {op-system-base} KVM host.
+* You have a domain name server (DNS) that can perform hostname and reverse lookup for the nodes.
+* An HTTP or HTTPS server is set up.
+
+.Procedure
+// Step 1 is a workaround for https://issues.redhat.com/browse/OCPBUGS-18394
+// Can be removed when bug is fixed.
+. Disable UDP aggregation.
++
+Currently, UDP aggregation is not supported on {ibm-z-name} and is not automatically deactivated on multi-architecture compute clusters with an `x86_64` control plane and additional `s390x` compute machines. To ensure that the addtional compute nodes are added to the cluster correctly, you must manually disable UDP aggregation.
+
+.. Create a YAML file `udp-aggregation-config.yaml` with the following content:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+data:
+  disable-udp-aggregation: "true"
+metadata:
+  name: udp-aggregation-config
+  namespace: openshift-network-operator
+----
+
+.. Create the ConfigMap resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f udp-aggregation-config.yaml
+----
+
+. Extract the Ignition config file from the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc extract -n openshift-machine-api secret/worker-user-data-managed --keys=userData --to=- > worker.ign
+----
+
+. Upload the `worker.ign` Ignition config file you exported from your cluster to your HTTP server. Note the URL of this file.
+
+. You can validate that the Ignition file is available on the URL. The following example gets the Ignition config file for the compute node:
++
+[source,terminal]
+----
+$ curl -k http://<HTTP_server>/worker.ign
+----
+
+. Download the {op-system-base} live `kernel`, `initramfs`, and `rootfs` files by running the following commands:
++
+[source,terminal]
+----
+ $ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' \
+| jq -r '.architectures.s390x.artifacts.metal.formats.pxe.kernel.location')
+----
++
+[source,terminal]
+----
+$ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' \
+| jq -r '.architectures.s390x.artifacts.metal.formats.pxe.initramfs.location')
+----
++
+[source,terminal]
+----
+$ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' \
+| jq -r '.architectures.s390x.artifacts.metal.formats.pxe.rootfs.location')
+----
+
+. Move the downloaded {op-system-base} live `kernel`, `initramfs` and `rootfs` files to an HTTP or HTTPS server before you launch `virt-install`.
+
+. Create the new KVM guest nodes using the {op-system-base} `kernel`, `initramfs`, and Ignition files; the new disk image; and adjusted parm line arguments.
++
+--
+[source,terminal]
+----
+$ virt-install \
+   --connect qemu:///system \
+   --name <vm_name> \
+   --autostart \
+   --os-variant rhel9.2 \ <1>
+   --cpu host \
+   --vcpus <vcpus> \
+   --memory <memory_mb> \
+   --disk <vm_name>.qcow2,size=<image_size> \
+   --network network=<virt_network_parm> \
+   --location <media_location>,kernel=<rhcos_kernel>,initrd=<rhcos_initrd> \ <2>
+   --extra-args "rd.neednet=1" \
+   --extra-args "coreos.inst.install_dev=/dev/vda" \
+   --extra-args "coreos.inst.ignition_url=<worker_ign>" \ <3>
+   --extra-args "coreos.live.rootfs_url=<rhcos_rootfs>" \ <4>
+   --extra-args "ip=<ip>::<default_gateway>:<subnet_mask_length>:<hostname>::none:<MTU>" \ <5>
+   --extra-args "nameserver=<dns>" \
+   --extra-args "console=ttysclp0" \
+   --noautoconsole \
+   --wait
+----
+<1> For `os-variant`, specify the {op-system-base} version for the {op-system} compute machine. `rhel9.2` is the recommended version. To query the supported {op-system-base} version of your operating system, run the following command:
++
+[source,terminal]
+----
+$ osinfo-query os -f short-id
+----
++
+[NOTE]
+====
+The `os-variant` is case sensitive.
+====
++
+<2> For `--location`, specify the location of the kernel/initrd on the HTTP or HTTPS server.
+<3> For `coreos.inst.ignition_url=`, specify the `worker.ign` Ignition file for the machine role. Only HTTP and HTTPS protocols are supported.
+<4> For `coreos.live.rootfs_url=`, specify the matching rootfs artifact for the `kernel` and `initramfs` you are booting. Only HTTP and HTTPS protocols are supported.
+<5> Optional: For `hostname`, specify the fully qualified hostname of the client machine.
+--
++
+[NOTE]
+====
+If you are using HAProxy as a load balancer, update your HAProxy rules for `ingress-router-443` and `ingress-router-80` in the `/etc/haproxy/haproxy.cfg` configuration file.
+====
+
+. Continue to create more compute machines for your cluster.
\ No newline at end of file
diff --git a/modules/machine-user-infra-machines-ibm-z.adoc b/modules/machine-user-infra-machines-ibm-z.adoc
new file mode 100644
index 000000000000..d303036e488b
--- /dev/null
+++ b/modules/machine-user-infra-machines-ibm-z.adoc
@@ -0,0 +1,173 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="machine-user-infra-machines-ibm-z_{context}"]
+= Creating {op-system} machines on {ibm-z-title} with z/VM
+
+You can create more {op-system-first} compute machines running on {ibm-z-name} with z/VM and attach them to your existing cluster.
+
+.Prerequisites
+
+* You have a domain name server (DNS) that can perform hostname and reverse lookup for the nodes.
+* You have an HTTP or HTTPS server running on your provisioning machine that is accessible to the machines you create.
+
+.Procedure
+// Step 1 is a workaround for https://issues.redhat.com/browse/OCPBUGS-18394
+// Can be removed when bug is fixed.
+. Disable UDP aggregation.
++
+Currently, UDP aggregation is not supported on {ibm-z-name} and is not automatically deactivated on multi-architecture compute clusters with an `x86_64` control plane and additional `s390x` compute machines. To ensure that the addtional compute nodes are added to the cluster correctly, you must manually disable UDP aggregation.
+
+.. Create a YAML file `udp-aggregation-config.yaml` with the following content:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+data:
+  disable-udp-aggregation: "true"
+metadata:
+  name: udp-aggregation-config
+  namespace: openshift-network-operator
+----
+
+.. Create the ConfigMap resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f udp-aggregation-config.yaml
+----
+
+. Extract the Ignition config file from the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc extract -n openshift-machine-api secret/worker-user-data-managed --keys=userData --to=- > worker.ign
+----
+
+. Upload the `worker.ign` Ignition config file you exported from your cluster to your HTTP server. Note the URL of this file.
+
+. You can validate that the Ignition file is available on the URL. The following example gets the Ignition config file for the compute node:
++
+[source,terminal]
+----
+$ curl -k http://<HTTP_server>/worker.ign
+----
+
+. Download the {op-system-base} live `kernel`, `initramfs`, and `rootfs` files by running the following commands:
++
+[source,terminal]
+----
+$ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' \
+| jq -r '.architectures.s390x.artifacts.metal.formats.pxe.kernel.location')
+----
++
+[source,terminal]
+----
+$ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' \
+| jq -r '.architectures.s390x.artifacts.metal.formats.pxe.initramfs.location')
+----
++
+[source,terminal]
+----
+$ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' \
+| jq -r '.architectures.s390x.artifacts.metal.formats.pxe.rootfs.location')
+----
+
+. Move the downloaded {op-system-base} live `kernel`, `initramfs`, and `rootfs` files to an HTTP or HTTPS server that is accessible from the z/VM guest you want to add.
+
+. Create a parameter file for the z/VM guest. The following parameters are specific for the virtual machine:
+** Optional: To specify a static IP address, add an `ip=` parameter with the following entries, with each separated by a colon:
+... The IP address for the machine.
+... An empty string.
+... The gateway.
+... The netmask.
+... The machine host and domain name in the form `hostname.domainname`. Omit this value to let {op-system} decide.
+... The network interface name. Omit this value to let {op-system} decide.
+... The value `none`.
+** For `coreos.inst.ignition_url=`, specify the URL to the `worker.ign` file. Only HTTP and HTTPS protocols are supported.
+** For `coreos.live.rootfs_url=`, specify the matching rootfs artifact for the `kernel` and `initramfs` you are booting. Only HTTP and HTTPS protocols are supported.
+
+** For installations on DASD-type disks, complete the following tasks:
+... For `coreos.inst.install_dev=`, specify `/dev/dasda`.
+... Use `rd.dasd=` to specify the DASD where {op-system} is to be installed.
+... Leave all other parameters unchanged.
++
+The following is an example parameter file, `additional-worker-dasd.parm`:
++
+[source,terminal]
+----
+rd.neednet=1 \
+console=ttysclp0 \
+coreos.inst.install_dev=/dev/dasda \
+coreos.live.rootfs_url=http://cl1.provide.example.com:8080/assets/rhcos-live-rootfs.s390x.img \
+coreos.inst.ignition_url=http://cl1.provide.example.com:8080/ignition/worker.ign \
+ip=172.18.78.2::172.18.78.1:255.255.255.0:::none nameserver=172.18.78.1 \
+rd.znet=qeth,0.0.bdf0,0.0.bdf1,0.0.bdf2,layer2=1,portno=0 \
+zfcp.allow_lun_scan=0 \
+rd.dasd=0.0.3490
+----
++
+Write all options in the parameter file as a single line and make sure that you have no newline characters.
+
+** For installations on FCP-type disks, complete the following tasks:
+... Use `rd.zfcp=<adapter>,<wwpn>,<lun>` to specify the FCP disk where {op-system} is to be installed. For multipathing, repeat this step for each additional path.
++
+[NOTE]
+====
+When you install with multiple paths, you must enable multipathing directly after the installation, not at a later point in time, as this can cause problems.
+====
+... Set the install device as: `coreos.inst.install_dev=/dev/sda`.
++
+[NOTE]
+====
+If additional LUNs are configured with NPIV, FCP requires `zfcp.allow_lun_scan=0`. If you must enable `zfcp.allow_lun_scan=1` because you use a CSI driver, for example, you must configure your NPIV so that each node cannot access the boot partition of another node.
+====
+... Leave all other parameters unchanged.
++
+[IMPORTANT]
+====
+Additional postinstallation steps are required to fully enable multipathing. For more information, see “Enabling multipathing with kernel arguments on {op-system}" in _Postinstallation machine configuration tasks_.
+====
+// Add xref once it's allowed.
++
+The following is an example parameter file, `additional-worker-fcp.parm` for a worker node with multipathing:
++
+[source,terminal]
+----
+rd.neednet=1 \
+console=ttysclp0 \
+coreos.inst.install_dev=/dev/sda \
+coreos.live.rootfs_url=http://cl1.provide.example.com:8080/assets/rhcos-live-rootfs.s390x.img \
+coreos.inst.ignition_url=http://cl1.provide.example.com:8080/ignition/worker.ign \
+ip=172.18.78.2::172.18.78.1:255.255.255.0:::none nameserver=172.18.78.1 \
+rd.znet=qeth,0.0.bdf0,0.0.bdf1,0.0.bdf2,layer2=1,portno=0 \
+zfcp.allow_lun_scan=0 \
+rd.zfcp=0.0.1987,0x50050763070bc5e3,0x4008400B00000000 \
+rd.zfcp=0.0.19C7,0x50050763070bc5e3,0x4008400B00000000 \
+rd.zfcp=0.0.1987,0x50050763071bc5e3,0x4008400B00000000 \
+rd.zfcp=0.0.19C7,0x50050763071bc5e3,0x4008400B00000000
+----
++
+Write all options in the parameter file as a single line and make sure that you have no newline characters.
+
+. Transfer the `initramfs`, `kernel`, parameter files, and {op-system} images to z/VM, for example, by using FTP. For details about how to transfer the files with FTP and boot from the virtual reader, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-installing-zvm-s390[Installing under Z/VM].
+. Punch the files to the virtual reader of the z/VM guest virtual machine.
++
+See link:https://www.ibm.com/docs/en/zvm/latest?topic=commands-punch[PUNCH] in {ibm-name} Documentation.
++
+[TIP]
+====
+You can use the CP PUNCH command or, if you use Linux, the **vmur** command to transfer files between two z/VM guest virtual machines.
+====
++
+. Log in to CMS on the bootstrap machine.
+. IPL the bootstrap machine from the reader by running the following command:
++
+----
+$ ipl c
+----
++
+See link:https://www.ibm.com/docs/en/zvm/latest?topic=commands-ipl[IPL] in {ibm-name} Documentation.
diff --git a/modules/machine-user-infra-machines-iso.adoc b/modules/machine-user-infra-machines-iso.adoc
index b292a2c0ab5f..52bc3f67bbe3 100644
--- a/modules/machine-user-infra-machines-iso.adoc
+++ b/modules/machine-user-infra-machines-iso.adoc
@@ -2,20 +2,30 @@
 //
 // * machine_management/user_infra/adding-bare-metal-compute-user-infra.adoc
 // * post_installation_configuration/node-tasks.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc
+
 ifeval::["{context}" == "multi-architecture-configuration"]
 :multi:
 endif::[]
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:ibm-power:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-user-infra-machines-iso_{context}"]
 = Creating {op-system} machines using an ISO image
 
+ifndef::ibm-power[]
 You can create more {op-system-first} compute machines for your bare metal cluster by using an ISO image to create the machines.
+endif::ibm-power[]
+ifdef::ibm-power[]
+You can create more {op-system-first} compute machines for your cluster by using an ISO image to create the machines.
+endif::ibm-power[]
 
 .Prerequisites
 
 * Obtain the URL of the Ignition config file for the compute machines for your cluster. You uploaded this file to your HTTP server during installation.
-* You must have the OpenShift CLI (`oc`)  installed. 
+* You must have the OpenShift CLI (`oc`)  installed.
 
 .Procedure
 
@@ -26,13 +36,13 @@ You can create more {op-system-first} compute machines for your bare metal clust
 $ oc extract -n openshift-machine-api secret/worker-user-data-managed --keys=userData --to=- > worker.ign
 ----
 
-. Upload the `worker.ign` Ignition config file you exported from your cluster to your HTTP server. Note the URLs of these files. 
+. Upload the `worker.ign` Ignition config file you exported from your cluster to your HTTP server. Note the URLs of these files.
 
-. You can validate that the ignition files are available on the URLs. The following example gets the Ignition config files for the compute node: 
+. You can validate that the ignition files are available on the URLs. The following example gets the Ignition config files for the compute node:
 +
 [source,terminal]
 ----
-$ curl -k http://<HTTP_server>/worker.ign 
+$ curl -k http://<HTTP_server>/worker.ign
 ----
 
 . You can access the ISO image for booting your new machine by running to following command:
@@ -85,4 +95,7 @@ Ensure that the installation is successful on each node before commencing with t
 
 ifeval::["{context}" == "multi-architecture-configuration"]
 :!multi:
+endif::[]
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:!ibm-power:
 endif::[]
\ No newline at end of file
diff --git a/modules/machine-user-infra-machines-pxe.adoc b/modules/machine-user-infra-machines-pxe.adoc
index 9707599f42a4..bc6e4cf78624 100644
--- a/modules/machine-user-infra-machines-pxe.adoc
+++ b/modules/machine-user-infra-machines-pxe.adoc
@@ -3,8 +3,13 @@
 // * machine_management/user_infra/adding-bare-metal-compute-user-infra.adoc
 // * post_installation_configuration/node-tasks.adoc
 // * post_installation_configuration/multi-architecture-configuration.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:ibm-power:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="machine-user-infra-machines-pxe_{context}"]
 = Creating {op-system} machines by PXE or iPXE booting
 
@@ -39,7 +44,12 @@ LABEL pxeboot
 This configuration does not enable serial console access on machines with a graphical console. To configure a different console, add one or more `console=` arguments to the `APPEND` line. For example, add `console=tty0 console=ttyS0` to set the first PC serial port as the primary console and the graphical console as a secondary console. For more information, see link:https://access.redhat.com/articles/7212[How does one set up a serial terminal and/or console in Red Hat Enterprise Linux?].
 ====
 
+ifndef::ibm-power[]
 ** For iPXE (`x86_64` + `aarch64`):
+endif::ibm-power[]
+ifdef::ibm-power[]
+** For iPXE (`x86_64` + `ppc64le`):
+endif::ibm-power[]
 +
 ----
 kernel http://<HTTP_server>/rhcos-<version>-live-kernel-<architecture> initrd=main coreos.live.rootfs_url=http://<HTTP_server>/rhcos-<version>-live-rootfs.<architecture>.img coreos.inst.install_dev=/dev/sda coreos.inst.ignition_url=http://<HTTP_server>/worker.ign <1> <2>
@@ -63,10 +73,20 @@ This configuration does not enable serial console access on machines with a grap
 +
 [NOTE]
 ====
+ifndef::ibm-power[]
 To network boot the CoreOS `kernel` on `aarch64` architecture, you need to use a version of iPXE build with the `IMAGE_GZIP` option enabled. See link:https://ipxe.org/buildcfg/image_gzip[`IMAGE_GZIP` option in iPXE].
+endif::ibm-power[]
+ifdef::ibm-power[]
+To network boot the CoreOS `kernel` on `ppc64le` architecture, you need to use a version of iPXE build with the `IMAGE_GZIP` option enabled. See link:https://ipxe.org/buildcfg/image_gzip[`IMAGE_GZIP` option in iPXE].
+endif::ibm-power[]
 ====
 
+ifndef::ibm-power[]
 ** For PXE (with UEFI and GRUB as second stage) on `aarch64`:
+endif::ibm-power[]
+ifdef::ibm-power[]
+** For PXE (with UEFI and GRUB as second stage) on `ppc64le`:
+endif::ibm-power[]
 +
 ----
 menuentry 'Install CoreOS' {
@@ -81,4 +101,8 @@ The `coreos.live.rootfs_url` parameter value is the location of the `rootfs` fil
 For example, to use DHCP on a NIC that is named `eno1`, set `ip=eno1:dhcp`.
 <3> Specify the location of the `initramfs` file that you uploaded to your TFTP server.
 
-. Use the PXE or iPXE infrastructure to create the required compute machines for your cluster.
\ No newline at end of file
+. Use the PXE or iPXE infrastructure to create the required compute machines for your cluster.
+
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:!ibm-power:
+endif::[]
\ No newline at end of file
diff --git a/modules/machine-user-provisioned-limitations.adoc b/modules/machine-user-provisioned-limitations.adoc
index 814eb8bfcf7d..16f9c3fa13ad 100644
--- a/modules/machine-user-provisioned-limitations.adoc
+++ b/modules/machine-user-provisioned-limitations.adoc
@@ -6,7 +6,6 @@
 // * machine_management/creating_machinesets/creating-machineset-azure-stack-hub.adoc
 // * machine_management/creating_machinesets/creating-machineset-gcp.adoc
 // * machine_management/creating_machinesets/creating-machineset-osp.adoc
-// * machine_management/creating_machinesets/creating-machineset-rhv.adoc
 // * machine_management/creating_machinesets/creating-machineset-vsphere.adoc
 // * machine_management/deploying-machine-health-checks.adoc
 // * machine_management/manually-scaling-machinesets.adoc
diff --git a/modules/machine-user-provisioned-rhv.adoc b/modules/machine-user-provisioned-rhv.adoc
deleted file mode 100644
index 9da834d1a7a3..000000000000
--- a/modules/machine-user-provisioned-rhv.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-// * machine_management/user_infra/adding-rhv-compute-user-infra.adoc
-
-:_content-type: PROCEDURE
-[id="machine-user-provisioned-rhv_{context}"]
-= Adding more compute machines to a cluster on {rh-virtualization}
-
-.Procedure
-
-. Modify the `inventory.yml` file to include the new workers.
-. Run the `create-templates-and-vms` Ansible playbook to create the disks and virtual machines:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml create-templates-and-vms.yml
-----
-. Run the `workers.yml` Ansible playbook to start the virtual machines:
-+
-[source,terminal]
-----
-$ ansible-playbook -i inventory.yml workers.yml
-----
-. CSRs for new workers joining the cluster must be approved by the administrator.
-The following command helps to approve all pending requests:
-+
-[source,terminal]
-----
-$ oc get csr -ojson | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs oc adm certificate approve
-----
diff --git a/modules/machine-vsphere-machines.adoc b/modules/machine-vsphere-machines.adoc
index 9597ef6458c2..5845fff76fc4 100644
--- a/modules/machine-vsphere-machines.adoc
+++ b/modules/machine-vsphere-machines.adoc
@@ -9,12 +9,14 @@ ifeval::["{context}" == "installing-vsphere"]
 :three-node-cluster:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machine-vsphere-machines_{context}"]
 = Adding more compute machines to a cluster in vSphere
 
 You can add more compute machines to a user-provisioned {product-title} cluster on VMware vSphere.
 
+After your vSphere template deploys in your {product-title} cluster, you can deploy a virtual machine (VM) for a machine in that cluster.
+
 ifdef::three-node-cluster[]
 [NOTE]
 ====
@@ -29,28 +31,38 @@ endif::three-node-cluster[]
 
 .Procedure
 
-. After the template deploys, deploy a VM for a machine in the cluster.
-.. Right-click the template's name and click *Clone* -> *Clone to Virtual Machine*.
-.. On the *Select a name and folder* tab, specify a name for the VM. You might include the machine type in the name, such as `compute-1`.
+. Right-click the template's name and click *Clone* -> *Clone to Virtual Machine*.
+
+. On the *Select a name and folder* tab, specify a name for the VM. You might include the machine type in the name, such as `compute-1`.
 +
 [NOTE]
 ====
 Ensure that all virtual machine names across a vSphere installation are unique.
 ====
-.. On the *Select a name and folder* tab, select the name of the folder that you created for the cluster.
-.. On the *Select a compute resource* tab, select the name of a host in your datacenter.
-.. Optional: On the *Select storage* tab, customize the storage options.
-.. On the *Select clone options*, select *Customize this virtual machine's hardware*.
-.. On the *Customize hardware* tab, click *VM Options* -> *Advanced*.
-*** From the *Latency Sensitivity* list, select *High*.
-*** Click *Edit Configuration*, and on the *Configuration Parameters* window, click *Add Configuration Params*. Define the following parameter names and values:
-**** `guestinfo.ignition.config.data`: Paste the contents of the base64-encoded compute Ignition config file for this machine type.
-**** `guestinfo.ignition.config.data.encoding`: Specify `base64`.
-**** `disk.EnableUUID`: Specify `TRUE`.
-.. In the *Virtual Hardware* panel of the *Customize hardware* tab, modify the specified values as required. Ensure that the amount of RAM, CPU, and disk storage meets the minimum requirements for the machine type. Also, make sure to select the correct network under *Add network adapter* if there are multiple networks available.
-.. Complete the configuration and power on the VM.
-
-. Continue to create more compute machines for your cluster.
+
+. On the *Select a name and folder* tab, select the name of the folder that you created for the cluster.
+
+. On the *Select a compute resource* tab, select the name of a host in your datacenter.
+
+. On the *Select storage* tab, select storage for your configuration and disk files.
+
+. On the *Select clone options* tab, select *Customize this virtual machine's hardware*.
+
+. On the *Customize hardware* tab, click *Advanced Parameters*.
+** Add the following configuration parameter names and values by specifying data in the *Attribute* and *Values* fields. Ensure that you select the *Add* button for each parameter that you create.
+*** `guestinfo.ignition.config.data`: Paste the contents of the base64-encoded compute Ignition config file for this machine type.
+*** `guestinfo.ignition.config.data.encoding`: Specify `base64`.
+*** `disk.EnableUUID`: Specify `TRUE`.
+
+. In the *Virtual Hardware* panel of the *Customize hardware* tab, modify the specified values as required. Ensure that the amount of RAM, CPU, and disk storage meets the minimum requirements for the machine type. If many networks exist, select *Add New Device* > *Network Adapter*, and then enter your network information in the fields provided by the *New Network* menu item.
+
+. Complete the remaining configuration steps. On clicking the *Finish* button, you have completed the cloning operation.
+
+. From the *Virtual Machines* tab, right-click on your VM and then select *Power* -> *Power On*.
+
+.Next steps
+
+* Continue to create more compute machines for your cluster.
 
 ifeval::["{context}" == "installing-vsphere"]
 :!three-node-cluster:
diff --git a/modules/machineconfig-modify-journald.adoc b/modules/machineconfig-modify-journald.adoc
index 4c0612576329..14f5ad12155b 100644
--- a/modules/machineconfig-modify-journald.adoc
+++ b/modules/machineconfig-modify-journald.adoc
@@ -3,7 +3,7 @@
 // * installing/post_installation_configuration/machine-configuration-tasks.adoc
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineconfig-modify-journald_{context}"]
 = Configuring journald settings
 
@@ -24,10 +24,10 @@ This procedure describes how to modify `journald` rate limiting settings in the
 See "Creating machine configs with Butane" for information about Butane.
 ====
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 40-worker-custom-journald
   labels:
diff --git a/modules/machines-edge-machine-pool.adoc b/modules/machines-edge-machine-pool.adoc
deleted file mode 100644
index 5054d3529c72..000000000000
--- a/modules/machines-edge-machine-pool.adoc
+++ /dev/null
@@ -1,105 +0,0 @@
-// Module included in the following assemblies
-// * installing/installing_aws/installing-aws-localzone.adoc
-
-:_content-type: CONCEPT
-[id="machines-edge-machine-pool_{context}"]
-= The edge compute pool for AWS Local Zones
-
-{product-title} 4.12 introduced a new compute pool, _edge_, that is designed for use in remote zones. The edge compute pool configuration is common between AWS Local Zone locations. However, due to the type and size limitations of resources like EC2 and EBS on Local Zone resources, the default instance type that is created can vary from the traditional worker pool.
-
-The default Elastic Block Store (EBS) for Local Zone locations is `gp2`, which differs from the regular worker pool. The instance type used for each Local Zone on edge compute pool also might differ from worker pools, depending on the instance offerings on the zone.
-
-The edge compute pool creates new labels that developers can use to deploy applications onto AWS Local Zone nodes. The new labels are:
-
-* `node-role.kubernetes.io/edge=''`
-* `machine.openshift.io/zone-type=local-zone`
-* `machine.openshift.io/zone-group=$ZONE_GROUP_NAME`
-
-
-By default, the system creates the edge compute pool manifests only if users add AWS Local Zone subnet IDs to the list `platform.aws.subnets`.
-
-The edge compute pool's machine sets have a `NoSchedule taint` by default to prevent regular workloads from being spread out on those machines. Users can only run user workloads if the tolerations are defined on the pod spec. 
-
-The following examples show `install-config.yaml` files that use the edge machine pool. 
-
-.Configuration that uses an edge pool with default settings
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: devcluster.openshift.com
-metadata:
-  name: ipi-localzone
-platform:
-  aws:
-    region: us-west-2
-    subnets:
-      - publicSubnetId-1
-      - publicSubnetId-2
-      - publicSubnetId-3
-      - privateSubnetId-1
-      - privateSubnetId-2
-      - privateSubnetId-3
-      - publicSubnetId-LocalZone-1
-  pullSecret: '{"auths": ...}'
-sshKey: ssh-ed25519 AAAA...
-----
-
-.Configuration that uses an edge pool with a custom instance type
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: devcluster.openshift.com
-metadata:
-  name: ipi-localzone
-compute:
-- name: edge
-  platform:
-    aws:
-      type: m5.4xlarge
-platform:
-  aws:
-    region: us-west-2
-    subnets:
-      - publicSubnetId-1
-      - publicSubnetId-2
-      - publicSubnetId-3
-      - privateSubnetId-1
-      - privateSubnetId-2
-      - privateSubnetId-3
-      - publicSubnetId-LocalZone-1
-pullSecret: '{"auths": ...}'
-sshKey: ssh-ed25519 AAAA...
-----
-
-Instance types differ between locations. To verify availability in the Local Zone in which the cluster will run, see the AWS documentation.
-
-.Configuration that uses an edge pool with a custom EBS type
-[source,yaml]
-----
-apiVersion: v1
-baseDomain: devcluster.openshift.com
-metadata:
-  name: ipi-localzone
-compute:
-- name: edge
-  platform:
-    aws:
-      rootVolume:
-        type: gp3
-        size: 120
-platform:
-  aws:
-    region: us-west-2
-    subnets:
-    - publicSubnetId-1
-    - publicSubnetId-2
-    - publicSubnetId-3
-    - privateSubnetId-1
-    - privateSubnetId-2
-    - privateSubnetId-3
-    - publicSubnetId-LocalZone-1
-pullSecret: '{"auths": ...}'
-sshKey: ssh-ed25519 AAAA...
-----
-
-EBS types differ between locations. Check the AWS documentation to verify availability in the Local Zone in which the cluster will run.
\ No newline at end of file
diff --git a/modules/machineset-aws-existing-placement-group.adoc b/modules/machineset-aws-existing-placement-group.adoc
new file mode 100644
index 000000000000..eebea84da576
--- /dev/null
+++ b/modules/machineset-aws-existing-placement-group.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * machine_management/creating-machinesets/creating-machineset-aws.adoc
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+ifeval::["{context}" == "cpmso-using"]
+:cpmso:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="machineset-aws-existing-placement-group_{context}"]
+= Assigning machines to placement groups for Elastic Fabric Adapter instances by using machine sets
+
+You can configure a machine set to deploy machines on link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html[Elastic Fabric Adapter] (EFA) instances within an existing AWS placement group.
+
+EFA instances do not require placement groups, and you can use placement groups for purposes other than configuring an EFA. This example uses both to demonstrate a configuration that can improve network performance for machines within the specified placement group.
+
+.Prerequisites
+
+* You created a placement group in the AWS console.
++
+[NOTE]
+====
+Ensure that the link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html#limitations-placement-groups[rules and limitations] for the type of placement group that you create are compatible with your intended use case.
+ifdef::cpmso[]
+The control plane machine set spreads the control plane machines across multiple failure domains when possible. To use placement groups for the control plane, you must use a placement group type that can span multiple Availability Zones.
+endif::cpmso[]
+====
+
+.Procedure
+
+. In a text editor, open the YAML file for an existing machine set or create a new one.
+
+. Edit the following lines under the `providerSpec` field:
++
+[source,yaml]
+----
+ifndef::cpmso[]
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+endif::cpmso[]
+ifdef::cpmso[]
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+endif::cpmso[]
+# ...
+spec:
+  template:
+    spec:
+      providerSpec:
+        value:
+          instanceType: <supported_instance_type> # <1>
+          networkInterfaceType: EFA # <2>
+          placement:
+            availabilityZone: <zone> # <3>
+            region: <region> # <4>
+          placementGroupName: <placement_group> # <5>
+# ...
+----
+<1> Specify an instance type that link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html#efa-instance-types[supports EFAs].
+<2> Specify the `EFA` network interface type.
+<3> Specify the zone, for example, `us-east-1a`.
+<4> Specify the region, for example, `us-east-1`.
+<5> Specify the name of the existing AWS placement group to deploy machines in.
+
+.Verification
+
+* In the AWS console, find a machine that the machine set created and verify the following in the machine properties:
+
+** The placement group field has the value that you specified for the `placementGroupName` parameter in the machine set.
+
+** The interface type field indicates that it uses an EFA.
+
+ifeval::["{context}" == "cpmso-using"]
+:!cpmso:
+endif::[]
diff --git a/modules/machineset-azure-boot-diagnostics.adoc b/modules/machineset-azure-boot-diagnostics.adoc
index 32dc230dac8a..648e6c091a31 100644
--- a/modules/machineset-azure-boot-diagnostics.adoc
+++ b/modules/machineset-azure-boot-diagnostics.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "creating-machineset-azure-stack-hub"]
 :ash:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-azure-boot-diagnostics_{context}"]
 = Enabling Azure boot diagnostics
 
@@ -49,7 +49,7 @@ providerSpec:
 ----
 +
 <1> Specifies an Azure Unmanaged storage account.
-<2> Replace `<storage-account>` with the name of your storage account. 
+<2> Replace `<storage-account>` with the name of your storage account.
 +
 [NOTE]
 ====
diff --git a/modules/machineset-azure-confidential-vms.adoc b/modules/machineset-azure-confidential-vms.adoc
new file mode 100644
index 000000000000..cc3e9e562419
--- /dev/null
+++ b/modules/machineset-azure-confidential-vms.adoc
@@ -0,0 +1,91 @@
+// Module included in the following assemblies:
+//
+// * machine_management/creating_machinesets/creating-machineset-azure.adoc
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+ifeval::["{context}" == "cpmso-using"]
+:cpmso:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="machineset-azure-confidential-vms_{context}"]
+= Configuring Azure confidential virtual machines by using machine sets
+
+:FeatureName: Using Azure confidential virtual machines
+include::snippets/technology-preview.adoc[]
+
+{product-title} {product-version} supports Azure confidential virtual machines (VMs).
+
+[NOTE]
+====
+Confidential VMs are currently not supported on 64-bit ARM architectures.
+====
+
+By editing the machine set YAML file, you can configure the confidential VM options that a machine set uses for machines that it deploys. For example, you can configure these machines to use UEFI security features such as Secure Boot or a dedicated virtual Trusted Platform Module (vTPM) instance.
+
+ifdef::cpmso[]
+[WARNING]
+====
+Not all instance types support confidential VMs. Do not change the instance type for a control plane machine set that is configured to use confidential VMs to a type that is incompatible. Using an incompatible instance type can cause your cluster to become unstable.
+====
+endif::cpmso[]
+
+For more information about related features and functionality, see the Microsoft Azure documentation about link:https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview[Confidential virtual machines].
+
+.Procedure
+
+. In a text editor, open the YAML file for an existing machine set or create a new one.
+
+. Edit the following section under the `providerSpec` field:
++
+--
+.Sample configuration
+[source,yaml]
+----
+ifndef::cpmso[]
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+endif::cpmso[]
+ifdef::cpmso[]
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+endif::cpmso[]
+# ...
+spec:
+  template:
+    spec:
+      providerSpec:
+        value:
+          osDisk:
+            # ...
+            managedDisk:
+              securityProfile: # <1>
+                securityEncryptionType: VMGuestStateOnly # <2>
+            # ...
+          securityProfile: # <3>
+            settings:
+                securityType: ConfidentialVM # <4>
+                confidentialVM:
+                  uefiSettings: # <5>
+                    secureBoot: Disabled # <6>
+                    virtualizedTrustedPlatformModule: Enabled # <7>
+          vmSize: Standard_DC16ads_v5 # <8>
+# ...
+----
+<1> Specifies security profile settings for the managed disk when using a confidential VM.
+<2> Enables encryption of the Azure VM Guest State (VMGS) blob. This setting requires the use of vTPM.
+<3> Specifies security profile settings for the confidential VM.
+<4> Enables the use of confidential VMs. This value is required for all valid configurations.
+<5> Specifies which UEFI security features to use. This section is required for all valid configurations.
+<6> Disables UEFI Secure Boot.
+<7> Enables the use of a vTPM.
+<8> Specifies an instance type that supports confidential VMs.
+--
+
+.Verification
+
+* On the Azure portal, review the details for a machine deployed by the machine set and verify that the confidential VM options match the values that you configured.
+
+ifeval::["{context}" == "cpmso-using"]
+:!cpmso:
+endif::[]
\ No newline at end of file
diff --git a/modules/machineset-azure-enabling-accelerated-networking-existing.adoc b/modules/machineset-azure-enabling-accelerated-networking-existing.adoc
index 2778984e7e23..c83598cf0368 100644
--- a/modules/machineset-azure-enabling-accelerated-networking-existing.adoc
+++ b/modules/machineset-azure-enabling-accelerated-networking-existing.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-azure-enabling-accelerated-networking-existing_{context}"]
 = Enabling Accelerated Networking on an existing Microsoft Azure cluster
 
diff --git a/modules/machineset-azure-trusted-launch.adoc b/modules/machineset-azure-trusted-launch.adoc
new file mode 100644
index 000000000000..70444fef4d93
--- /dev/null
+++ b/modules/machineset-azure-trusted-launch.adoc
@@ -0,0 +1,111 @@
+// Module included in the following assemblies:
+//
+// * machine_management/creating_machinesets/creating-machineset-azure.adoc
+// * machine_management/control_plane_machine_management/cpmso-using.adoc
+
+ifeval::["{context}" == "cpmso-using"]
+:cpmso:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="machineset-azure-trusted-launch_{context}"]
+= Configuring trusted launch for Azure virtual machines by using machine sets
+
+:FeatureName: Using trusted launch for Azure virtual machines
+include::snippets/technology-preview.adoc[]
+
+{product-title} {product-version} supports trusted launch for Azure virtual machines (VMs). By editing the machine set YAML file, you can configure the trusted launch options that a machine set uses for machines that it deploys. For example, you can configure these machines to use UEFI security features such as Secure Boot or a dedicated virtual Trusted Platform Module (vTPM) instance.
+
+[NOTE]
+====
+Some feature combinations result in an invalid configuration.
+====
+
+.UEFI feature combination compatibility
+|====
+|Secure Boot^[1]^ |vTPM^[2]^ |Valid configuration
+
+|Enabled
+|Enabled
+|Yes
+
+|Enabled
+|Disabled
+|Yes
+
+|Enabled
+|Omitted
+|Yes
+
+|Disabled
+|Enabled
+|Yes
+
+|Omitted
+|Enabled
+|Yes
+
+|Disabled
+|Disabled
+|No
+
+|Omitted
+|Disabled
+|No
+
+|Omitted
+|Omitted
+|No
+|====
+[.small]
+--
+1. Using the `secureBoot` field.
+2. Using the `virtualizedTrustedPlatformModule` field.
+--
+
+For more information about related features and functionality, see the Microsoft Azure documentation about link:https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch[Trusted launch for Azure virtual machines].
+
+.Procedure
+
+. In a text editor, open the YAML file for an existing machine set or create a new one.
+
+. Edit the following section under the `providerSpec` field to provide a valid configuration:
++
+.Sample valid configuration with UEFI Secure Boot and vTPM enabled
+[source,yaml]
+----
+ifndef::cpmso[]
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+endif::cpmso[]
+ifdef::cpmso[]
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+endif::cpmso[]
+# ...
+spec:
+  template:
+    spec:
+      providerSpec:
+        value:
+          securityProfile:
+            settings:
+              securityType: TrustedLaunch # <1>
+              trustedLaunch:
+                uefiSettings: # <2>
+                  secureBoot: Enabled # <3>
+                  virtualizedTrustedPlatformModule: Enabled # <4>
+# ...
+----
+<1> Enables the use of trusted launch for Azure virtual machines. This value is required for all valid configurations.
+<2> Specifies which UEFI security features to use. This section is required for all valid configurations.
+<3> Enables UEFI Secure Boot.
+<4> Enables the use of a vTPM.
+
+.Verification
+
+* On the Azure portal, review the details for a machine deployed by the machine set and verify that the trusted launch options match the values that you configured.
+
+ifeval::["{context}" == "cpmso-using"]
+:!cpmso:
+endif::[]
\ No newline at end of file
diff --git a/modules/machineset-azure-ultra-disk.adoc b/modules/machineset-azure-ultra-disk.adoc
index 3e3dfb8ca1ad..a971fb0fa899 100644
--- a/modules/machineset-azure-ultra-disk.adoc
+++ b/modules/machineset-azure-ultra-disk.adoc
@@ -18,7 +18,7 @@ ifeval::["{context}" == "persistent-storage-csi-azure"]
 :pvc:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machineset-azure-ultra-disk_{context}"]
 ifdef::mapi,cpmso[= Machine sets that deploy machines with ultra disks as data disks]
 ifdef::pvc[= Machine sets that deploy machines with ultra disks using PVCs]
@@ -35,7 +35,7 @@ Data disks do not support the ability to specify disk throughput or disk IOPS. Y
 endif::mapi[]
 
 ifdef::pvc[]
-Both the in-tree plugin and CSI driver support using PVCs to enable ultra disks. You can also deploy machines with ultra disks as data disks without creating a PVC. 
+Both the in-tree plugin and CSI driver support using PVCs to enable ultra disks. You can also deploy machines with ultra disks as data disks without creating a PVC.
 endif::pvc[]
 
 ifeval::["{context}" == "creating-machineset-azure"]
diff --git a/modules/machineset-creating-azure-ephemeral-os.adoc b/modules/machineset-creating-azure-ephemeral-os.adoc
index 8e8ce1361688..4f85f5945758 100644
--- a/modules/machineset-creating-azure-ephemeral-os.adoc
+++ b/modules/machineset-creating-azure-ephemeral-os.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/creating_machinesets/creating-machineset-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-creating-azure-ephemeral-os_{context}"]
 = Creating machines on Ephemeral OS disks by using compute machine sets
 
diff --git a/modules/machineset-creating-azure-ultra-disk.adoc b/modules/machineset-creating-azure-ultra-disk.adoc
index da0527115f74..dfa7dba9d8fb 100644
--- a/modules/machineset-creating-azure-ultra-disk.adoc
+++ b/modules/machineset-creating-azure-ultra-disk.adoc
@@ -21,7 +21,7 @@ endif::[]
 ifdef::mapi[:machine-role: worker]
 ifdef::cpmso[:machine-role: master]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-creating-azure-ultra-disk_{context}"]
 = Creating machines with ultra disks by using machine sets
 
@@ -45,9 +45,9 @@ get secret <role>-user-data \ <1>
 <1> Replace `<role>` with `{machine-role}`.
 <2> Specify `userData.txt` as the name of the new custom secret.
 
-. In a text editor, open the `userData.txt` file and locate the final `}` character in the file. 
+. In a text editor, open the `userData.txt` file and locate the final `}` character in the file.
 
-.. On the immediately preceding line, add a `,`. 
+.. On the immediately preceding line, add a `,`.
 
 .. Create a new line after the `,` and add the following configuration details:
 +
diff --git a/modules/machineset-creating-dedicated-instances.adoc b/modules/machineset-creating-dedicated-instances.adoc
index 6e3e5906c376..b35a1df66fd1 100644
--- a/modules/machineset-creating-dedicated-instances.adoc
+++ b/modules/machineset-creating-dedicated-instances.adoc
@@ -3,7 +3,7 @@
 // * machine_management/creating_machinesets/creating-machineset-aws.adoc
 // * machine_management/control_plane_machine_management/cpmso-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-creating-dedicated-instance_{context}"]
 = Creating Dedicated Instances by using machine sets
 
diff --git a/modules/machineset-creating-imds-options.adoc b/modules/machineset-creating-imds-options.adoc
index 491a6560848a..61863c96200a 100644
--- a/modules/machineset-creating-imds-options.adoc
+++ b/modules/machineset-creating-imds-options.adoc
@@ -3,12 +3,15 @@
 // * machine_management/creating_machinesets/creating-machineset-aws.adoc
 // * machine_management/control_plane_machine_management/cpmso-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-creating-imds-options_{context}"]
 = Configuring IMDS by using machine sets
 
 You can specify whether to require the use of IMDSv2 by adding or editing the value of `metadataServiceOptions.authentication` in the machine set YAML file for your machines.
 
+.Prerequisites
+* To use IMDSv2, your AWS cluster must have been created with {product-title} version 4.7 or later.
+
 .Procedure
 * Add or edit the following lines under the `providerSpec` field:
 +
diff --git a/modules/machineset-creating-non-guaranteed-instances.adoc b/modules/machineset-creating-non-guaranteed-instances.adoc
index 3e8c675a16ed..250dfea630bc 100644
--- a/modules/machineset-creating-non-guaranteed-instances.adoc
+++ b/modules/machineset-creating-non-guaranteed-instances.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "creating-machineset-gcp"]
 :gcp:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-creating-non-guaranteed-instance_{context}"]
 ifdef::aws[= Creating Spot Instances by using compute machine sets]
 ifdef::azure[= Creating Spot VMs by using compute machine sets]
diff --git a/modules/machineset-creating.adoc b/modules/machineset-creating.adoc
index ce229cf44627..90481e2f54de 100644
--- a/modules/machineset-creating.adoc
+++ b/modules/machineset-creating.adoc
@@ -7,11 +7,14 @@
 // * machine_management/creating_machinesets/creating-machineset-gcp.adoc
 // * machine_management/creating_machinesets/creating-machineset-osp.adoc
 // * machine_management/creating_machinesets/creating-machineset-vsphere.adoc
-// * post_installation_configuration/cluster-tasks.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc
+// * post_installation_configuration/cluster-tasks.adoc
+// * post_installation_configuration/installation-creating-aws-subnet-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
+// * windows_containers/creating_windows_machinesets/creating-windows-machineset-nutanix.adoc
 
 ifeval::["{context}" == "creating-windows-machineset-aws"]
 :win:
@@ -28,8 +31,11 @@ endif::[]
 ifeval::["{context}" == "creating-machineset-vsphere"]
 :vsphere:
 endif::[]
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:localzone:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-creating_{context}"]
 = Creating a compute machine set
 
@@ -198,17 +204,22 @@ $ oc get machineset -n openshift-machine-api
 .Example output
 [source,terminal]
 ----
+ifdef::win,localzone[]
+NAME                                       DESIRED   CURRENT   READY   AVAILABLE   AGE
 ifdef::win[]
-NAME                                      DESIRED   CURRENT   READY   AVAILABLE   AGE
-agl030519-vplxk-windows-worker-us-east-1a    1         1         1       1        11m
-agl030519-vplxk-worker-us-east-1a            1         1         1       1        55m
-agl030519-vplxk-worker-us-east-1b            1         1         1       1        55m
-agl030519-vplxk-worker-us-east-1c            1         1         1       1        55m
-agl030519-vplxk-worker-us-east-1d            0         0                          55m
-agl030519-vplxk-worker-us-east-1e            0         0                          55m
-agl030519-vplxk-worker-us-east-1f            0         0                          55m
+agl030519-vplxk-windows-worker-us-east-1a  1         1         1       1           11m
 endif::win[]
-ifndef::win[]
+ifdef::localzone[]
+agl030519-vplxk-edge-us-east-1-nyc-1a      1         1         1       1           11m
+endif::localzone[]
+agl030519-vplxk-worker-us-east-1a          1         1         1       1           55m
+agl030519-vplxk-worker-us-east-1b          1         1         1       1           55m
+agl030519-vplxk-worker-us-east-1c          1         1         1       1           55m
+agl030519-vplxk-worker-us-east-1d          0         0                             55m
+agl030519-vplxk-worker-us-east-1e          0         0                             55m
+agl030519-vplxk-worker-us-east-1f          0         0                             55m
+endif::win,localzone[]
+ifndef::win,localzone[]
 NAME                                DESIRED   CURRENT   READY   AVAILABLE   AGE
 agl030519-vplxk-infra-us-east-1a    1         1         1       1           11m
 agl030519-vplxk-worker-us-east-1a   1         1         1       1           55m
@@ -217,11 +228,30 @@ agl030519-vplxk-worker-us-east-1c   1         1         1       1           55m
 agl030519-vplxk-worker-us-east-1d   0         0                             55m
 agl030519-vplxk-worker-us-east-1e   0         0                             55m
 agl030519-vplxk-worker-us-east-1f   0         0                             55m
-endif::win[]
+endif::win,localzone[]
 ----
 +
 When the new compute machine set is available, the `DESIRED` and `CURRENT` values match. If the compute machine set is not available, wait a few minutes and run the command again.
 
+ifdef::localzone[]
+* Optional: To check nodes that were created by the edge machine, run the following command:
++
+[source,terminal]
+----
+$ oc get nodes -l node-role.kubernetes.io/edge
+----
++
+.Example output
+[source,terminal]
+----
+NAME                           STATUS   ROLES         AGE    VERSION
+ip-10-0-207-188.ec2.internal   Ready    edge,worker   172m   v1.25.2+d2e245f
+----
+endif::localzone[]
+
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:!localzone:
+endif::[]
 ifeval::["{context}" == "creating-machineset-vsphere"]
 :!vsphere:
 endif::[]
diff --git a/modules/machineset-customer-managed-encryption-azure.adoc b/modules/machineset-customer-managed-encryption-azure.adoc
index 95b7a3b2f72d..ffb386e024b0 100644
--- a/modules/machineset-customer-managed-encryption-azure.adoc
+++ b/modules/machineset-customer-managed-encryption-azure.adoc
@@ -4,7 +4,7 @@
 // * machine_management/creating_machinesets/creating-machineset-azure-stack-hub.adoc
 // * machine_management/control_plane_machine_management/cpmso-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-enabling-customer-managed-encryption-azure_{context}"]
 = Enabling customer-managed encryption keys for a machine set
 
diff --git a/modules/machineset-gcp-confidential-vm.adoc b/modules/machineset-gcp-confidential-vm.adoc
index 6a3934bb4806..525b77811851 100644
--- a/modules/machineset-gcp-confidential-vm.adoc
+++ b/modules/machineset-gcp-confidential-vm.adoc
@@ -7,16 +7,22 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-gcp-confidential-vm_{context}"]
 = Configuring Confidential VM by using machine sets
 
 By editing the machine set YAML file, you can configure the Confidential VM options that a machine set uses for machines that it deploys.
 
-For more information about Confidential Compute features, functionality, and compatibility, see the GCP Compute Engine documentation about link:https://cloud.google.com/compute/confidential-vm/docs/about-cvm[Confidential VM].
+For more information about Confidential VM features, functions, and compatibility, see the GCP Compute Engine documentation about link:https://cloud.google.com/confidential-computing/confidential-vm/docs/about-cvm#confidential-vm[Confidential VM].
 
-:FeatureName: Confidential Computing
-include::snippets/technology-preview.adoc[]
+[NOTE]
+====
+Confidential VMs are currently not supported on 64-bit ARM architectures.
+====
+[IMPORTANT]
+====
+{product-title} {product-version} does not support some Confidential Compute features, such as Confidential VMs with AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP).
+====
 
 .Procedure
 
diff --git a/modules/machineset-gcp-enabling-customer-managed-encryption.adoc b/modules/machineset-gcp-enabling-customer-managed-encryption.adoc
index 63ae3426096f..5a8a65c4ca33 100644
--- a/modules/machineset-gcp-enabling-customer-managed-encryption.adoc
+++ b/modules/machineset-gcp-enabling-customer-managed-encryption.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-gcp-enabling-customer-managed-encryption_{context}"]
 = Enabling customer-managed encryption keys for a machine set
 
diff --git a/modules/machineset-gcp-enabling-gpu-support.adoc b/modules/machineset-gcp-enabling-gpu-support.adoc
index bbfa71d28a3e..0a1845201b5e 100644
--- a/modules/machineset-gcp-enabling-gpu-support.adoc
+++ b/modules/machineset-gcp-enabling-gpu-support.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/creating_machinesets/creating-machineset-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-gcp-enabling-gpu-support_{context}"]
 = Enabling GPU support for a compute machine set
 
diff --git a/modules/machineset-gcp-pd-disk-types.adoc b/modules/machineset-gcp-pd-disk-types.adoc
index 658936d28ee7..d74fca934888 100644
--- a/modules/machineset-gcp-pd-disk-types.adoc
+++ b/modules/machineset-gcp-pd-disk-types.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-gcp-pd-disk-types_{context}"]
 = Configuring persistent disk types by using machine sets
 
diff --git a/modules/machineset-gcp-shielded-vms.adoc b/modules/machineset-gcp-shielded-vms.adoc
index f317f022f247..f10db3be00c2 100644
--- a/modules/machineset-gcp-shielded-vms.adoc
+++ b/modules/machineset-gcp-shielded-vms.adoc
@@ -6,7 +6,7 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-gcp-shielded-vms_{context}"]
 = Configuring Shielded VM options by using machine sets
 
@@ -30,7 +30,7 @@ ifdef::cpmso[]
 apiVersion: machine.openshift.io/v1
 kind: ControlPlaneMachineSet
 endif::cpmso[]
-...
+# ...
 spec:
   template:
     spec:
@@ -40,19 +40,19 @@ spec:
             integrityMonitoring: Enabled <2>
             secureBoot: Disabled <3>
             virtualizedTrustedPlatformModule: Enabled <4>
-...
+# ...
 ----
 +
 --
 <1> In this section, specify any Shielded VM options that you want.
-<2> Specify whether UEFI Secure Boot is enabled. Valid values are `Disabled` or `Enabled`.
-<3> Specify whether integrity monitoring is enabled. Valid values are `Disabled` or `Enabled`.
+<2> Specify whether integrity monitoring is enabled. Valid values are `Disabled` or `Enabled`.
 +
 [NOTE]
 ====
 When integrity monitoring is enabled, you must not disable virtual trusted platform module (vTPM).
 ====
 
+<3> Specify whether UEFI Secure Boot is enabled. Valid values are `Disabled` or `Enabled`.
 <4> Specify whether vTPM is enabled. Valid values are `Disabled` or `Enabled`.
 --
 
diff --git a/modules/machineset-imds-options.adoc b/modules/machineset-imds-options.adoc
index 4d094864db34..62e10873aa82 100644
--- a/modules/machineset-imds-options.adoc
+++ b/modules/machineset-imds-options.adoc
@@ -7,13 +7,18 @@ ifeval::["{context}" == "cpmso-using"]
 :cpmso:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machineset-imds-options_{context}"]
 = Machine set options for the Amazon EC2 Instance Metadata Service
 
 You can use machine sets to create machines that use a specific version of the Amazon EC2 Instance Metadata Service (IMDS). Machine sets can create machines that allow the use of both IMDSv1 and link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html[IMDSv2] or machines that require the use of IMDSv2.
 
-To change the IMDS configuration for existing machines, edit the machine set YAML file that manages those machines. 
+[NOTE]
+====
+Using IMDSv2 is only supported on AWS clusters that were created with {product-title} version 4.7 or later.
+====
+
+To change the IMDS configuration for existing machines, edit the machine set YAML file that manages those machines.
 ifndef::cpmso[]
 To deploy new compute machines with your preferred IMDS configuration, create a compute machine set YAML file with the appropriate values.
 endif::cpmso[]
diff --git a/modules/machineset-manually-scaling.adoc b/modules/machineset-manually-scaling.adoc
index 3d1689066cab..d4ec9f68eb45 100644
--- a/modules/machineset-manually-scaling.adoc
+++ b/modules/machineset-manually-scaling.adoc
@@ -4,7 +4,7 @@
 // * post_installation_configuration/cluster-tasks.adoc
 // * windows_containers/scheduling-windows-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-manually-scaling_{context}"]
 = Scaling a compute machine set manually
 
diff --git a/modules/machineset-migrating-compute-nodes-to-diff-sd-rhv.adoc b/modules/machineset-migrating-compute-nodes-to-diff-sd-rhv.adoc
deleted file mode 100644
index 44995f5c5701..000000000000
--- a/modules/machineset-migrating-compute-nodes-to-diff-sd-rhv.adoc
+++ /dev/null
@@ -1,54 +0,0 @@
-// Module included in the following assemblies:
-//
-// * machine_management/modifying-machineset.adoc
-:_content-type: PROCEDURE
-[id="machineset-migrating-compute-nodes-to-diff-sd-rhv_{context}"]
-= Migrating compute nodes to a different storage domain in {rh-virtualization}
-
-.Prerequisites
-
-* You are logged in to the {rh-virtualization-engine-name}.
-* You have the name of the target storage domain.
-
-.Procedure
-
-. Identify the virtual machine template by running the following command:
-+
-[source,terminal]
-----
-$ oc get -o jsonpath='{.items[0].spec.template.spec.providerSpec.value.template_name}{"\n"}' machineset -A
-----
-
-. Create a new virtual machine in the {rh-virtualization-engine-name}, based on the template you identified. Leave all other settings unchanged. For details, see  link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Creating_a_Virtual_Machine_Based_on_a_Template[Creating a Virtual Machine Based on a Template] in the Red Hat Virtualization _Virtual Machine Management Guide_.
-+
-[TIP]
-====
-You do not need to start the new virtual machine.
-====
-
-. Create a new template from the new virtual machine. Specify the target storage domain under *Target*. For details, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Creating_a_template_from_an_existing_virtual_machine[Creating a Template] in the Red Hat Virtualization _Virtual Machine Management Guide_.
-
-. Add a new compute machine set to the {product-title} cluster with the new template.
-.. Get the details of the current compute machine set by running the following command:
-+
-[source,terminal]
-----
-$ oc get machineset -o yaml
-----
-.. Use these details to create a compute machine set. For more information see _Creating a compute machine set_.
-+
-Enter the new virtual machine template name in the *template_name* field. Use the same template name you used in the *New template* dialog in the {rh-virtualization-engine-name}.
-.. Note the names of both the old and new compute machine sets. You need to refer to them in subsequent steps.
-
-. Migrate the workloads.
-.. Scale up the new compute machine set. For details on manually scaling compute machine sets, see _Scaling a compute machine set manually_.
-+
-{product-title} moves the pods to an available worker when the old machine is removed.
-.. Scale down the old compute machine set.
-
-. Remove the old compute machine set by running the following command:
-+
-[source,terminal]
-----
-$ oc delete machineset <machineset-name>
-----
diff --git a/modules/machineset-migrating-control-plane-nodes-to-diff-sd-rhv.adoc b/modules/machineset-migrating-control-plane-nodes-to-diff-sd-rhv.adoc
deleted file mode 100644
index a055de6ce19d..000000000000
--- a/modules/machineset-migrating-control-plane-nodes-to-diff-sd-rhv.adoc
+++ /dev/null
@@ -1,42 +0,0 @@
-// Module included in the following assemblies:
-//
-// * machine_management/modifying-machineset.adoc
-:_content-type: PROCEDURE
-[id="machineset-migrating-control-plane-nodes-to-diff-sd-rhv_{context}"]
-= Migrating control plane nodes to a different storage domain on {rh-virtualization}
-
-{product-title} does not manage control plane nodes, so they are easier to migrate than compute nodes. You can migrate them like any other virtual machine on {rh-virtualization-first}.
-
-Perform this procedure for each node separately.
-
-.Prerequisites
-
-* You are logged in to the {rh-virtualization-engine-name}.
-* You have identified the control plane nodes. They are labeled *master* in the {rh-virtualization-engine-name}.
-
-.Procedure
-
-. Select the virtual machine labeled *master*.
-
-. Shut down the virtual machine.
-
-. Click the *Disks* tab.
-
-. Click the virtual machine's disk.
-
-. Click *More Actions*{kebab} and select *Move*.
-
-. Select the target storage domain and wait for the migration process to complete.
-
-. Start the virtual machine.
-
-. Verify that the {product-title} cluster is stable:
-+
-[source,terminal]
-----
-$ oc get nodes
-----
-+
-The output should display the node with the status `Ready`.
-
-. Repeat this procedure for each control plane node.
diff --git a/modules/machineset-modifying.adoc b/modules/machineset-modifying.adoc
index 1577648e58ce..533e10e89e0a 100644
--- a/modules/machineset-modifying.adoc
+++ b/modules/machineset-modifying.adoc
@@ -3,23 +3,27 @@
 //
 // * machine_management/modifying-machineset.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-modifying_{context}"]
-= Modifying a compute machine set
+= Modifying a compute machine set by using the CLI
 
-To make changes to a compute machine set, edit the `MachineSet` YAML. Then, remove all machines associated with the compute machine set by deleting each machine or scaling down the compute machine set to `0` replicas. Then, scale the replicas back to the desired number. Changes you make to a compute machine set do not affect existing machines.
+When you modify a compute machine set, your changes only apply to compute machines that are created after you save the updated `MachineSet` custom resource (CR).
+The changes do not affect existing machines.
+You can replace the existing machines with new ones that reflect the updated configuration by scaling the compute machine set.
 
 If you need to scale a compute machine set without making other changes, you do not need to delete the machines.
 
 [NOTE]
 ====
-By default, the {product-title} router pods are deployed on workers. Because the router is required to access some cluster resources, including the web console, do not scale the compute machine set to `0` unless you first relocate the router pods.
+By default, the {product-title} router pods are deployed on compute machines.
+Because the router is required to access some cluster resources, including the web console, do not scale the compute machine set to `0` unless you first relocate the router pods.
 ====
 
 .Prerequisites
 
-* Install an {product-title} cluster and the `oc` command line.
-* Log in to `oc` as a user with `cluster-admin` permission.
+* Your {product-title} cluster uses the Machine API.
+
+* You are logged in to the cluster as an administrator by using the {oc-first}.
 
 .Procedure
 
@@ -27,69 +31,119 @@ By default, the {product-title} router pods are deployed on workers. Because the
 +
 [source,terminal]
 ----
-$ oc edit machineset <machineset> -n openshift-machine-api
+$ oc edit machineset <machine_set_name> -n openshift-machine-api
 ----
 
-. Scale down the compute machine set to `0` by running one of the following commands:
+. Note the value of the `spec.replicas` field, as you need it when scaling the machine set to apply the changes.
++
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  name: <machine_set_name>
+  namespace: openshift-machine-api
+spec:
+  replicas: 2 # <1>
+# ...
+----
+<1> The examples in this procedure show a compute machine set that has a `replicas` value of `2`.
+
+. Update the compute machine set CR with the configuration options that you want and save your changes.
+
+. List the machines that are managed by the updated compute machine set by running the following command:
 +
 [source,terminal]
 ----
-$ oc scale --replicas=0 machineset <machineset> -n openshift-machine-api
+$ oc get -n openshift-machine-api machines -l machine.openshift.io/cluster-api-machineset=<machine_set_name>
 ----
 +
-Or:
+.Example output
+[source,text]
+----
+NAME                        PHASE     TYPE         REGION      ZONE         AGE
+<machine_name_original_1>   Running   m6i.xlarge   us-west-1   us-west-1a   4h
+<machine_name_original_2>   Running   m6i.xlarge   us-west-1   us-west-1a   4h
+----
+
+. For each machine that is managed by the updated compute machine set, set the `delete` annotation by running the following command:
 +
 [source,terminal]
 ----
-$ oc edit machineset <machineset> -n openshift-machine-api
+$ oc annotate machine/<machine_name_original_1> \
+  -n openshift-machine-api \
+  machine.openshift.io/delete-machine="true"
 ----
+
+. Scale the compute machine set to twice the number of replicas by running the following command:
 +
-[TIP]
-====
-You can alternatively apply the following YAML to scale the compute machine set:
+[source,terminal]
+----
+$ oc scale --replicas=4 \// <1>
+  machineset <machine_set_name> \
+  -n openshift-machine-api
+----
+<1> The original example value of `2` is doubled to `4`.
 
-[source,yaml]
+. List the machines that are managed by the updated compute machine set by running the following command:
++
+[source,terminal]
 ----
-apiVersion: machine.openshift.io/v1beta1
-kind: MachineSet
-metadata:
-  name: <machineset>
-  namespace: openshift-machine-api
-spec:
-  replicas: 0
+$ oc get -n openshift-machine-api machines -l machine.openshift.io/cluster-api-machineset=<machine_set_name>
+----
++
+.Example output
+[source,text]
+----
+NAME                        PHASE          TYPE         REGION      ZONE         AGE
+<machine_name_original_1>   Running        m6i.xlarge   us-west-1   us-west-1a   4h
+<machine_name_original_2>   Running        m6i.xlarge   us-west-1   us-west-1a   4h
+<machine_name_updated_1>    Provisioned    m6i.xlarge   us-west-1   us-west-1a   55s
+<machine_name_updated_2>    Provisioning   m6i.xlarge   us-west-1   us-west-1a   55s
 ----
-====
 +
-Wait for the machines to be removed.
+When the new machines are in the `Running` phase, you can scale the compute machine set to the original number of replicas.
 
-. Scale up the compute machine set as needed by running one of the following commands:
+. Scale the compute machine set to the original number of replicas by running the following command:
 +
 [source,terminal]
 ----
-$ oc scale --replicas=2 machineset <machineset> -n openshift-machine-api
+$ oc scale --replicas=2 \// <1>
+  machineset <machine_set_name> \
+  -n openshift-machine-api
 ----
-+
-Or:
+<1> The original example value of `2`.
+
+.Verification
+
+* To verify that the compute machines without the updated configuration are deleted, list the machines that are managed by the updated compute machine set by running the following command:
 +
 [source,terminal]
 ----
-$ oc edit machineset <machineset> -n openshift-machine-api
+$ oc get -n openshift-machine-api machines -l machine.openshift.io/cluster-api-machineset=<machine_set_name>
 ----
 +
-[TIP]
-====
-You can alternatively apply the following YAML to scale the compute machine set:
-
-[source,yaml]
+.Example output while deletion is in progress
+[source,text]
 ----
-apiVersion: machine.openshift.io/v1beta1
-kind: MachineSet
-metadata:
-  name: <machineset>
-  namespace: openshift-machine-api
-spec:
-  replicas: 2
+NAME                        PHASE           TYPE         REGION      ZONE         AGE
+<machine_name_original_1>   Deleting        m6i.xlarge   us-west-1   us-west-1a   4h
+<machine_name_original_2>   Deleting        m6i.xlarge   us-west-1   us-west-1a   4h
+<machine_name_updated_1>    Running         m6i.xlarge   us-west-1   us-west-1a   5m41s
+<machine_name_updated_2>    Running         m6i.xlarge   us-west-1   us-west-1a   5m41s
 ----
-====
 +
-Wait for the machines to start. The new machines contain changes you made to the compute machine set.
+.Example output when deletion is complete
+[source,text]
+----
+NAME                        PHASE           TYPE         REGION      ZONE         AGE
+<machine_name_updated_1>    Running         m6i.xlarge   us-west-1   us-west-1a   6m30s
+<machine_name_updated_2>    Running         m6i.xlarge   us-west-1   us-west-1a   6m30s
+----
+
+* To verify that a machine created by the updated machine set has the correct configuration, examine the relevant fields in the CR for one of the new machines by running the following command:
++
+[source,terminal]
+----
+$ oc describe machine <machine_name_updated_1> -n openshift-machine-api
+----
\ No newline at end of file
diff --git a/modules/machineset-osp-adding-bare-metal.adoc b/modules/machineset-osp-adding-bare-metal.adoc
index 6da48fa2149c..51d8cba613dd 100644
--- a/modules/machineset-osp-adding-bare-metal.adoc
+++ b/modules/machineset-osp-adding-bare-metal.adoc
@@ -2,17 +2,12 @@
 = Adding bare-metal compute machines to a {rh-openstack} cluster
 // TODO
 // Mothballed
-// Reintroduce when feature is available. 
+// Reintroduce when feature is available.
 You can add bare-metal compute machines to an {product-title} cluster after you deploy it
 on {rh-openstack-first}. In this configuration, all machines are attached to an
 existing, installer-provisioned network, and traffic between control plane and
 compute machines is routed between subnets.
 
-[NOTE]
-====
-Bare-metal compute machines are not supported on clusters that use Kuryr.
-====
-
 .Prerequisites
 
 * The {rh-openstack} link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/bare_metal_provisioning/index[Bare Metal service (Ironic)] is enabled and accessible by using the {rh-openstack} Compute API.
diff --git a/modules/machineset-troubleshooting-azure-ultra-disk.adoc b/modules/machineset-troubleshooting-azure-ultra-disk.adoc
index 95d66a111092..c87048ac49a9 100644
--- a/modules/machineset-troubleshooting-azure-ultra-disk.adoc
+++ b/modules/machineset-troubleshooting-azure-ultra-disk.adoc
@@ -18,7 +18,7 @@ ifeval::["{context}" == "persistent-storage-csi-azure"]
 :pvc:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-troubleshooting-azure-ultra-disk_{context}"]
 = Troubleshooting resources for machine sets that enable ultra disks
 
diff --git a/modules/machineset-upi-reqs-ignition-config.adoc b/modules/machineset-upi-reqs-ignition-config.adoc
index e8b18c958013..a5541ed18e25 100644
--- a/modules/machineset-upi-reqs-ignition-config.adoc
+++ b/modules/machineset-upi-reqs-ignition-config.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "creating-machineset-vsphere"]
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-upi-reqs-ignition-config_{context}"]
 = Satisfying Ignition configuration requirements
 
diff --git a/modules/machineset-upi-reqs-infra-id.adoc b/modules/machineset-upi-reqs-infra-id.adoc
index f18f4e82ea41..7e7c89cbb713 100644
--- a/modules/machineset-upi-reqs-infra-id.adoc
+++ b/modules/machineset-upi-reqs-infra-id.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "creating-machineset-vsphere"]
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-upi-reqs-infra-id_{context}"]
 = Obtaining the infrastructure ID
 
diff --git a/modules/machineset-upi-reqs-vsphere-creds.adoc b/modules/machineset-upi-reqs-vsphere-creds.adoc
index 50b1c9e0cb2a..defd709a30c5 100644
--- a/modules/machineset-upi-reqs-vsphere-creds.adoc
+++ b/modules/machineset-upi-reqs-vsphere-creds.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/creating_machinesets/creating-machineset-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="machineset-upi-reqs-vsphere-creds_{context}"]
 = Satisfying vSphere credentials requirements
 
diff --git a/modules/machineset-yaml-alibaba-usage-stats.adoc b/modules/machineset-yaml-alibaba-usage-stats.adoc
index aeda5ceb0a96..24e4efee92b6 100644
--- a/modules/machineset-yaml-alibaba-usage-stats.adoc
+++ b/modules/machineset-yaml-alibaba-usage-stats.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-alibaba-usage-stats_{context}"]
 = Machine set parameters for Alibaba Cloud usage statistics
 
diff --git a/modules/machineset-yaml-alibaba.adoc b/modules/machineset-yaml-alibaba.adoc
index 12122580b1d3..7026c7f21646 100644
--- a/modules/machineset-yaml-alibaba.adoc
+++ b/modules/machineset-yaml-alibaba.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-alibaba_{context}"]
 = Sample YAML for a compute machine set custom resource on Alibaba Cloud
 
diff --git a/modules/machineset-yaml-aws.adoc b/modules/machineset-yaml-aws.adoc
index 912b1a17578c..3d5809df81ab 100644
--- a/modules/machineset-yaml-aws.adoc
+++ b/modules/machineset-yaml-aws.adoc
@@ -2,22 +2,32 @@
 //
 // * machine_management/creating-infrastructure-machinesets.adoc
 // * machine_management/creating_machinesets/creating-machineset-aws.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:edge:
+endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-aws_{context}"]
 =  Sample YAML for a compute machine set custom resource on AWS
 
+ifndef::edge[]
 This sample YAML defines a compute machine set that runs in the `us-east-1a` Amazon Web Services (AWS) zone and creates nodes that are labeled with
-ifndef::infra[`node-role.kubernetes.io/<role>: ""`.]
+endif::edge[]
+ifndef::infra,edge[`node-role.kubernetes.io/<role>: ""`.]
 ifdef::infra[`node-role.kubernetes.io/infra: ""`.]
+ifdef::edge[]
+This sample YAML defines a compute machine set that runs in the `us-east-1-nyc-1a` Amazon Web Services (AWS) zone and creates nodes that are labeled with `node-role.kubernetes.io/edge: ""`.
+endif::[]
 
 In this sample, `<infrastructure_id>` is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
-ifndef::infra[`<role>`]
+ifndef::infra,edge[`<role>`]
 ifdef::infra[`<infra>`]
+ifdef::edge[`<edge>`]
 is the node label to add.
 
 [source,yaml]
@@ -27,21 +37,27 @@ kind: MachineSet
 metadata:
   labels:
     machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
-ifndef::infra[]
+ifndef::infra,edge[]
   name: <infrastructure_id>-<role>-<zone> <2>
-endif::infra[]
+endif::infra,edge[]
 ifdef::infra[]
   name: <infrastructure_id>-infra-<zone> <2>
 endif::infra[]
+ifdef::edge[]
+  name: <infrastructure_id>-edge-<zone> <2>
+endif::edge[]
   namespace: openshift-machine-api
 spec:
   replicas: 1
   selector:
     matchLabels:
       machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
-ifndef::infra[]
+ifdef::edge[]
+      machine.openshift.io/cluster-api-machineset: <infrastructure_id>-edge-<zone>
+endif::edge[]
+ifndef::infra,edge[]
       machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<zone> <2>
-endif::infra[]
+endif::infra,edge[]
 ifdef::infra[]
       machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<zone> <2>
 endif::infra[]
@@ -49,34 +65,41 @@ endif::infra[]
     metadata:
       labels:
         machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
-ifndef::infra[]
+ifndef::infra,edge[]
         machine.openshift.io/cluster-api-machine-role: <role> <3>
         machine.openshift.io/cluster-api-machine-type: <role> <3>
-endif::infra[]
+        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<zone> <2>
+endif::infra,edge[]
 ifdef::infra[]
         machine.openshift.io/cluster-api-machine-role: infra <3>
         machine.openshift.io/cluster-api-machine-type: infra <3>
-endif::infra[]
-ifndef::infra[]
-        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<zone> <2>
-endif::infra[]
-ifdef::infra[]
         machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<zone> <2>
 endif::infra[]
+ifdef::edge[]
+        machine.openshift.io/cluster-api-machine-role: edge <3>
+        machine.openshift.io/cluster-api-machine-type: edge <3>
+        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-edge-<zone> <2>
+endif::edge[]
     spec:
       metadata:
         labels:
-ifndef::infra[]
+ifndef::infra,edge[]
           node-role.kubernetes.io/<role>: "" <3>
-endif::infra[]
+endif::infra,edge[]
 ifdef::infra[]
           node-role.kubernetes.io/infra: "" <3>
 endif::infra[]
+ifdef::edge[]
+          machine.openshift.io/parent-zone-name: <value_of_ParentZoneName>
+          machine.openshift.io/zone-group: <value_of_GroupName>
+          machine.openshift.io/zone-type: <value_of_ZoneType>
+          node-role.kubernetes.io/edge: "" <3>
+endif::edge[]
       providerSpec:
         value:
           ami:
             id: ami-046fe691f52a953f9 <4>
-          apiVersion: awsproviderconfig.openshift.io/v1beta1
+          apiVersion: machine.openshift.io/v1beta1
           blockDevices:
             - ebs:
                 iops: 0
@@ -98,10 +121,16 @@ endif::infra[]
                   values:
                     - <infrastructure_id>-worker-sg <1>
           subnet:
+ifndef::edge[]
             filters:
               - name: tag:Name
                 values:
                   - <infrastructure_id>-private-<zone> <8>
+endif::edge[]
+ifdef::edge[]
+              id: <value_of_PublicSubnetIds> <8>
+          publicIp: true
+endif::edge[]
           tags:
             - name: kubernetes.io/cluster/<infrastructure_id> <1>
               value: owned
@@ -109,11 +138,16 @@ endif::infra[]
               value: <custom_tag_value> <5>
           userDataSecret:
             name: worker-user-data
-ifdef::infra[]
+ifdef::infra,edge[]
       taints: <9>
+ifdef::infra[]
         - key: node-role.kubernetes.io/infra
-          effect: NoSchedule
 endif::infra[]
+ifdef::edge[]
+        - key: node-role.kubernetes.io/edge
+endif::edge[]
+          effect: NoSchedule
+endif::infra,edge[]
 ----
 <1> Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
 +
@@ -121,14 +155,18 @@ endif::infra[]
 ----
 $ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
 ----
-ifndef::infra[]
+ifndef::infra,edge[]
 <2> Specify the infrastructure ID, role node label, and zone.
 <3> Specify the role node label to add.
-endif::infra[]
+endif::infra,edge[]
 ifdef::infra[]
 <2> Specify the infrastructure ID, `infra` role node label, and zone.
 <3> Specify the `infra` role node label.
 endif::infra[]
+ifdef::edge[]
+<2> Specify the infrastructure ID, `edge` role node label, and zone name.
+<3> Specify the `edge` role node label.
+endif::edge[]
 <4> Specify a valid {op-system-first} Amazon
 Machine Image (AMI) for your AWS zone for your {product-title} nodes. If you want to use an AWS Marketplace image, you must complete the {product-title} subscription from the link:https://aws.amazon.com/marketplace/fulfillment?productId=59ead7de-2540-4653-a8b0-fa7926d5c845[AWS Marketplace] to obtain an AMI ID for your region.
 +
@@ -145,19 +183,31 @@ $ oc -n openshift-machine-api \
 Custom tags can also be specified during installation in the `install-config.yml` file. If the `install-config.yml` file and the machine set include a tag with the same `name` data, the value for the tag from the machine set takes priority over the value for the tag in the `install-config.yml` file.
 ====
 
+ifndef::edge[]
 <6> Specify the zone, for example, `us-east-1a`.
+endif::edge[]
+ifdef::edge[]
+<6> Specify the zone name, for example, `us-east-1-nyc-1a`.
+endif::edge[]
 <7> Specify the region, for example, `us-east-1`.
+ifndef::edge[]
 <8> Specify the infrastructure ID and zone.
-
-ifdef::infra[]
-<9> Specify a taint to prevent user workloads from being scheduled on infra nodes.
+endif::edge[]
+ifdef::edge[]
+<8> The ID of the public subnet that you created in AWS Local Zones. You created this public subnet ID on completing the procedure for "Creating a subnet in AWS Local Zones".
+endif::edge[]
+ifdef::infra,edge[]
+<9> Specify a taint to prevent user workloads from being scheduled on
+ifdef::infra[`infra`]
+ifdef::edge[`edge`]
+nodes.
 +
 [NOTE]
 ====
 After adding the `NoSchedule` taint on the infrastructure node, existing DNS pods running on that node are marked as `misscheduled`. You must either delete or link:https://access.redhat.com/solutions/6592171[add toleration on `misscheduled` DNS pods].
 ====
 
-endif::infra[]
+endif::infra,edge[]
 
 ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :!infra:
@@ -165,3 +215,6 @@ endif::[]
 ifeval::["{context}" == "cluster-tasks"]
 :!infra:
 endif::[]
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:!edge:
+endif::[]
diff --git a/modules/machineset-yaml-azure-stack-hub.adoc b/modules/machineset-yaml-azure-stack-hub.adoc
index f59418d73527..06372efe6cd1 100644
--- a/modules/machineset-yaml-azure-stack-hub.adoc
+++ b/modules/machineset-yaml-azure-stack-hub.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-azure-stack-hub_{context}"]
 = Sample YAML for a compute machine set custom resource on Azure Stack Hub
 
diff --git a/modules/machineset-yaml-azure.adoc b/modules/machineset-yaml-azure.adoc
index 369e2bb34d22..ca2a83ca87ed 100644
--- a/modules/machineset-yaml-azure.adoc
+++ b/modules/machineset-yaml-azure.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-azure_{context}"]
 = Sample YAML for a compute machine set custom resource on Azure
 
@@ -68,7 +68,7 @@ endif::infra[]
       metadata:
         creationTimestamp: null
         labels:
-          machine.openshift.io/cluster-api-machineset: <machineset_name> <4>
+          machine.openshift.io/cluster-api-machineset: <machineset_name>
 ifndef::infra[]
           node-role.kubernetes.io/<role>: "" <2>
 endif::infra[]
@@ -81,15 +81,15 @@ endif::infra[]
           credentialsSecret:
             name: azure-cloud-credentials
             namespace: openshift-machine-api
-          image: <5>
+          image: <4>
             offer: ""
             publisher: ""
-            resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> <6>
+            resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> <5>
             sku: ""
             version: ""
           internalLoadBalancer: ""
           kind: AzureMachineProviderSpec
-          location: <region> <7>
+          location: <region> <6>
           managedIdentity: <infrastructure_id>-identity <1>
           metadata:
             creationTimestamp: null
@@ -106,16 +106,16 @@ endif::infra[]
           sshPrivateKey: ""
           sshPublicKey: ""
           tags:
-            - name: <custom_tag_name> <9>
-              value: <custom_tag_value> <9>
+            - name: <custom_tag_name> <8>
+              value: <custom_tag_value> <8>
           subnet: <infrastructure_id>-<role>-subnet <1> <2>
           userDataSecret:
             name: worker-user-data <2>
           vmSize: Standard_D4s_v3
           vnet: <infrastructure_id>-vnet <1>
-          zone: "1" <8>
+          zone: "1" <7>
 ifdef::infra[]
-      taints: <10>
+      taints: <9>
       - key: node-role.kubernetes.io/infra
         effect: NoSchedule
 endif::infra[]
@@ -151,14 +151,13 @@ ifdef::infra[]
 <2> Specify the `<infra>` node label.
 <3> Specify the infrastructure ID, `<infra>` node label, and region.
 endif::infra[]
-<4> Optional: Specify the compute machine set name to enable the use of availability sets. This setting only applies to new compute machines.
-<5> Specify the image details for your compute machine set. If you want to use an Azure Marketplace image, see "Selecting an Azure Marketplace image".
-<6> Specify an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a `-gen2` suffix, while V1 images have the same name without the suffix.
-<7> Specify the region to place machines on.
-<8> Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify.
-<9> Optional: Specify custom tags in your machine set. Provide the tag name in `<custom_tag_name>` field and the corresponding tag value in `<custom_tag_value>` field.
+<4> Specify the image details for your compute machine set. If you want to use an Azure Marketplace image, see "Selecting an Azure Marketplace image".
+<5> Specify an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a `-gen2` suffix, while V1 images have the same name without the suffix.
+<6> Specify the region to place machines on.
+<7> Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify.
+<8> Optional: Specify custom tags in your machine set. Provide the tag name in `<custom_tag_name>` field and the corresponding tag value in `<custom_tag_value>` field.
 ifdef::infra[]
-<10> Specify a taint to prevent user workloads from being scheduled on infra nodes.
+<9> Specify a taint to prevent user workloads from being scheduled on infra nodes.
 +
 [NOTE]
 ====
diff --git a/modules/machineset-yaml-baremetal.adoc b/modules/machineset-yaml-baremetal.adoc
index 9eaed6d51bde..b86f342302f4 100644
--- a/modules/machineset-yaml-baremetal.adoc
+++ b/modules/machineset-yaml-baremetal.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-vsphere_{context}"]
 = Sample YAML for a compute machine set custom resource on bare metal
 
diff --git a/modules/machineset-yaml-gcp.adoc b/modules/machineset-yaml-gcp.adoc
index 5855c0e1e950..1ed231920038 100644
--- a/modules/machineset-yaml-gcp.adoc
+++ b/modules/machineset-yaml-gcp.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-gcp_{context}"]
 =  Sample YAML for a compute machine set custom resource on GCP
 
@@ -133,9 +133,9 @@ endif::infra[]
 To use a GCP Marketplace image, specify the offer to use:
 +
 --
-* {product-title}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-ocp-48-x86-64-202210040145`
-* {opp}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-opp-48-x86-64-202206140145`
-* {oke}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-oke-48-x86-64-202206140145`
+* {product-title}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-ocp-413-x86-64-202305021736`
+* {opp}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-opp-413-x86-64-202305021736`
+* {oke}: `\https://www.googleapis.com/compute/v1/projects/redhat-marketplace-public/global/images/redhat-coreos-oke-413-x86-64-202305021736`
 --
 <4> Optional: Specify custom metadata in the form of a `key:value` pair. For example use cases, see the GCP documentation for link:https://cloud.google.com/compute/docs/metadata/setting-custom-metadata[setting custom metadata].
 <5> For `<project_name>`, specify the name of the GCP project that you use for your cluster.
diff --git a/modules/machineset-yaml-ibm-cloud.adoc b/modules/machineset-yaml-ibm-cloud.adoc
index ad09b45644a7..b47709208ad0 100644
--- a/modules/machineset-yaml-ibm-cloud.adoc
+++ b/modules/machineset-yaml-ibm-cloud.adoc
@@ -7,11 +7,11 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-ibm-cloud_{context}"]
-= Sample YAML for a compute machine set custom resource on IBM Cloud
+= Sample YAML for a compute machine set custom resource on {ibm-cloud-title}
 
-This sample YAML defines a compute machine set that runs in a specified IBM Cloud zone in a region and creates nodes that are labeled with
+This sample YAML defines a compute machine set that runs in a specified {ibm-cloud-name} zone in a region and creates nodes that are labeled with
 ifndef::infra[`node-role.kubernetes.io/<role>: ""`.]
 ifdef::infra[`node-role.kubernetes.io/infra: ""`.]
 
@@ -113,7 +113,7 @@ ifdef::infra[]
 endif::infra[]
 <4> The custom {op-system-first} image that was used for cluster installation.
 <5> The infrastructure ID and zone within your region to place machines on. Be sure that your region supports the zone that you specify.
-<6> Specify the link:https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[IBM Cloud instance profile].
+<6> Specify the link:https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[{ibm-cloud-name} instance profile].
 <7> Specify the region to place machines on.
 <8> The resource group that machine resources are placed in. This is either an existing resource group specified at installation time, or an installer-created resource group named based on the infrastructure ID.
 <9> The VPC name.
diff --git a/modules/machineset-yaml-ibm-power-vs.adoc b/modules/machineset-yaml-ibm-power-vs.adoc
index 233b30b15633..eacd60ff1265 100644
--- a/modules/machineset-yaml-ibm-power-vs.adoc
+++ b/modules/machineset-yaml-ibm-power-vs.adoc
@@ -2,11 +2,11 @@
 //
 // * machine_management/creating_machinesets/creating-machineset-ibm-power-vs.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-ibm-power-vs_{context}"]
-= Sample YAML for a compute machine set custom resource on {ibmpowerProductName} Virtual Server
+= Sample YAML for a compute machine set custom resource on {ibm-power-server-title}
 
-This sample YAML file defines a compute machine set that runs in a specified {ibmpowerProductName} Virtual Server zone in a region and creates nodes that are labeled with `node-role.kubernetes.io/<role>: ""`.
+This sample YAML file defines a compute machine set that runs in a specified {ibm-power-server-name} zone in a region and creates nodes that are labeled with `node-role.kubernetes.io/<role>: ""`.
 
 In this sample, `<infrastructure_id>` is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and `<role>` is the node label to add.
 
@@ -43,7 +43,7 @@ spec:
           apiVersion: machine.openshift.io/v1
           credentialsSecret:
             name: powervs-credentials
-          image: 
+          image:
             name: rhcos-<infrastructure_id> <4>
             type: Name
           keyPairName: <infrastructure_id>-key
diff --git a/modules/machineset-yaml-nutanix.adoc b/modules/machineset-yaml-nutanix.adoc
index cd690a5746f3..0ec2248ad5a9 100644
--- a/modules/machineset-yaml-nutanix.adoc
+++ b/modules/machineset-yaml-nutanix.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-nutanix_{context}"]
 = Sample YAML for a compute machine set custom resource on Nutanix
 
@@ -99,7 +99,7 @@ endif::infra[]
             type: uuid
             uuid: <cluster_uuid>
           credentialsSecret:
-            name: nutanix-creds-secret
+            name: nutanix-credentials
           image:
             name: <infrastructure_id>-rhcos <8>
             type: name
diff --git a/modules/machineset-yaml-osp-sr-iov-port-security.adoc b/modules/machineset-yaml-osp-sr-iov-port-security.adoc
index c4cd0510b447..a6a35ef5b043 100644
--- a/modules/machineset-yaml-osp-sr-iov-port-security.adoc
+++ b/modules/machineset-yaml-osp-sr-iov-port-security.adoc
@@ -56,7 +56,7 @@ spec:
           image: <glance_image_name_or_location>
           kind: OpenstackProviderSpec
           ports:
-            - allowedAddressPairs: <1> 
+            - allowedAddressPairs: <1>
               - ipAddress: <API_VIP_port_IP>
               - ipAddress: <ingress_VIP_port_IP>
               fixedIPs:
@@ -94,40 +94,4 @@ Trunking is enabled for ports that are created by entries in the networks and su
 You can enable trunking for each port.
 
 Optionally, you can add tags to ports as part of their `tags` lists.
-====
-
-If your cluster uses Kuryr and the {rh-openstack} SR-IOV network has port security disabled, the primary port for compute machines must have:
-
-* The value of the `spec.template.spec.providerSpec.value.networks.portSecurityEnabled` parameter set to `false`.
-
-* For each subnet, the value of the `spec.template.spec.providerSpec.value.networks.subnets.portSecurityEnabled` parameter set to `false`.
-
-* The value of `spec.template.spec.providerSpec.value.securityGroups` set to empty: `[]`.
-
-.An example section of a compute machine set for a cluster on Kuryr that uses SR-IOV and has port security disabled
-[source,yaml]
-----
-...
-          networks:
-            - subnets:
-              - uuid: <machines_subnet_UUID>
-                portSecurityEnabled: false
-              portSecurityEnabled: false
-          securityGroups: []
-...
-----
-
-In that case, you can apply the compute security group to the primary VM interface after the VM is created. For example, from a command line:
-[source,terminal]
-----
-$ openstack port set --enable-port-security --security-group <infrastructure_id>-<node_role> <main_port_ID>
-----
-
-[IMPORTANT]
-====
-After you deploy compute machines that are SR-IOV-capable, you must label them as such. For example, from a command line, enter:
-[source,terminal]
-----
-$ oc label node <NODE_NAME> feature.node.kubernetes.io/network-sriov.capable="true"
-----
 ====
\ No newline at end of file
diff --git a/modules/machineset-yaml-osp.adoc b/modules/machineset-yaml-osp.adoc
index 70a7daf68d2e..c9c6f15180e3 100644
--- a/modules/machineset-yaml-osp.adoc
+++ b/modules/machineset-yaml-osp.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-osp_{context}"]
 =  Sample YAML for a compute machine set custom resource on {rh-openstack}
 
diff --git a/modules/machineset-yaml-rhv.adoc b/modules/machineset-yaml-rhv.adoc
deleted file mode 100644
index 904ffbdb1500..000000000000
--- a/modules/machineset-yaml-rhv.adoc
+++ /dev/null
@@ -1,133 +0,0 @@
-// Module included in the following assemblies:
-//
-// * machine_management/creating-infrastructure-machinesets.adoc
-// * machine_management/creating_machinesets/creating-machineset-rhv.adoc
-
-[id="machineset-yaml-rhv_{context}"]
-=  Sample YAML for a compute machine set custom resource on {rh-virtualization}
-
-This sample YAML defines a compute machine set that runs on {rh-virtualization} and creates nodes that are labeled with `node-role.kubernetes.io/<node_role>: ""`.
-
-In this sample, `<infrastructure_id>` is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and `<role>` is the node label to add.
-
-[source,yaml,subs="+quotes"]
-----
-apiVersion: machine.openshift.io/v1beta1
-kind: MachineSet
-metadata:
-  labels:
-    machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
-    machine.openshift.io/cluster-api-machine-role: <role> <2>
-    machine.openshift.io/cluster-api-machine-type: <role> <2>
-  name: <infrastructure_id>-<role> <3>
-  namespace: openshift-machine-api
-spec:
-  replicas: <number_of_replicas> <4>
-  Selector: <5>
-    matchLabels:
-      machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
-      machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role> <3>
-  template:
-    metadata:
-      labels:
-        machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
-        machine.openshift.io/cluster-api-machine-role: <role> <2>
-        machine.openshift.io/cluster-api-machine-type: <role> <2>
-        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role> <3>
-    spec:
-      metadata:
-        labels:
-          node-role.kubernetes.io/<role>: "" <2>
-      providerSpec:
-        value:
-          apiVersion: ovirtproviderconfig.machine.openshift.io/v1beta1
-          cluster_id: <ovirt_cluster_id> <6>
-          template_name: <ovirt_template_name> <7>
-          sparse: <boolean_value> <8>
-          format: <raw_or_cow> <9>
-          cpu: <10>
-            sockets: <number_of_sockets> <11>
-            cores: <number_of_cores> <12>
-            threads: <number_of_threads> <13>
-          memory_mb: <memory_size> <14>
-          guaranteed_memory_mb:  <memory_size> <15>
-          os_disk: <16>
-            size_gb: <disk_size> <17>
-            storage_domain_id: <storage_domain_UUID> <18>
-          network_interfaces: <19>
-            vnic_profile_id:  <vnic_profile_id> <20>
-          credentialsSecret:
-            name: ovirt-credentials <21>
-          kind: OvirtMachineProviderSpec
-          type: <workload_type> <22>
-          auto_pinning_policy: <auto_pinning_policy> <23>
-          hugepages: <hugepages> <24>
-          affinityGroupsNames:
-            - compute <25>
-          userDataSecret:
-            name: worker-user-data
-----
-<1> Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI (`oc`) installed, you can obtain the infrastructure ID by running the following command:
-+
-[source,terminal]
-----
-$ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
-----
-
-<2> Specify the node label to add.
-
-<3> Specify the infrastructure ID and node label. These two strings together cannot be longer than 35 characters.
-
-<4> Specify the number of machines to create.
-
-<5> Selector for the machines.
-
-<6> Specify the UUID for the {rh-virtualization} cluster to which this VM instance belongs.
-
-<7> Specify the {rh-virtualization} VM template to use to create the machine.
-
-<8> Setting this option to `false` enables preallocation of disks. The default is `true`. Setting `sparse` to `true` with `format` set to `raw` is not available for block storage domains. The `raw` format writes the entire virtual disk to the underlying physical disk.
-
-<9> Can be set to `cow` or `raw`. The default is `cow`. The `cow` format is optimized for virtual machines.
-+
-[NOTE]
-====
-Preallocating disks on file storage domains writes zeroes to the file. This might not actually preallocate disks depending on the underlying storage.
-====
-<10> Optional: The CPU field contains the CPU configuration, including sockets, cores, and threads.
-
-<11> Optional: Specify the number of sockets for a VM.
-
-<12> Optional: Specify the number of cores per socket.
-
-<13> Optional: Specify the number of threads per core.
-
-<14> Optional: Specify the size of a VM's memory in MiB.
-
-<15> Optional: Specify the size of a virtual machine's guaranteed memory in MiB. This is the amount of memory that is guaranteed not to be drained by the ballooning mechanism. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide#memory_ballooning[Memory Ballooning] and link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide#Cluster_Optimization_Settings_Explained[Optimization Settings Explained].
-+
-[NOTE]
-====
-If you are using a version earlier than {rh-virtualization} 4.4.8, see link:https://access.redhat.com/articles/6454811[Guaranteed memory requirements for OpenShift on Red Hat Virtualization clusters].
-====
-<16> Optional: Root disk of the node.
-
-<17> Optional: Specify the size of the bootable disk in GiB.
-
-<18> Optional: Specify the UUID of the storage domain for the compute node's disks. If none is provided, the compute node is created on the same storage domain as the control nodes. (default)
-
-<19> Optional: List of the network interfaces of the VM. If you include this parameter, {product-title} discards all network interfaces from the template and creates new ones.
-
-<20> Optional: Specify the vNIC profile ID.
-
-<21> Specify the name of the secret object that holds the {rh-virtualization} credentials.
-
-<22> Optional: Specify the workload type for which the instance is optimized. This value affects the `{rh-virtualization} VM` parameter. Supported values: `desktop`, `server` (default), `high_performance`. `high_performance` improves performance on the VM. Limitations exist, for example, you cannot access the VM with a graphical console. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_.
-<23> Optional: AutoPinningPolicy defines the policy that automatically sets CPU and NUMA settings, including pinning to the host for this instance. Supported values: `none`, `resize_and_pin`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Setting_NUMA_Nodes[Setting NUMA Nodes] in the _Virtual Machine Management Guide_.
-<24> Optional: Hugepages is the size in KiB for defining hugepages in a VM. Supported values: `2048` or `1048576`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_Huge_Pages[Configuring Huge Pages] in the _Virtual Machine Management Guide_.
-<25> Optional: A list of affinity group names to be applied to the VMs. The affinity groups must exist in oVirt.
-
-[NOTE]
-====
-Because {rh-virtualization} uses a template when creating a VM, if you do not specify a value for an optional parameter, {rh-virtualization} uses the value for that parameter that is specified in the template.
-====
diff --git a/modules/machineset-yaml-vsphere.adoc b/modules/machineset-yaml-vsphere.adoc
index bad3dd990311..5ec8fd7caa4c 100644
--- a/modules/machineset-yaml-vsphere.adoc
+++ b/modules/machineset-yaml-vsphere.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "creating-infrastructure-machinesets"]
 :infra:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="machineset-yaml-vsphere_{context}"]
 = Sample YAML for a compute machine set custom resource on vSphere
 
diff --git a/modules/making-open-source-more-inclusive.adoc b/modules/making-open-source-more-inclusive.adoc
index 413b3ee7953b..027e67067113 100644
--- a/modules/making-open-source-more-inclusive.adoc
+++ b/modules/making-open-source-more-inclusive.adoc
@@ -1,4 +1,18 @@
-:_module-type: CONCEPT
+// Module included in the following assemblies:
+//
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-0.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-1.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-2.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-3.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-4.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-5.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-6.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-7.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-8.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-3-0.adoc
+
+:_mod-docs-content-type: CONCEPT
 
 [id="making-open-source-more-inclusive_{context}"]
 = Making open source more inclusive
diff --git a/modules/managing-dedicated-administrators.adoc b/modules/managing-dedicated-administrators.adoc
index bf1179bb7a67..8b4babeb72ed 100644
--- a/modules/managing-dedicated-administrators.adoc
+++ b/modules/managing-dedicated-administrators.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd-admin-roles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="managing-dedicated-administrators_{context}"]
 =  Managing {product-title} administrators
 
diff --git a/modules/manual-configuration-of-cli-profiles.adoc b/modules/manual-configuration-of-cli-profiles.adoc
index 82c1567578ce..3d68804f6c5e 100644
--- a/modules/manual-configuration-of-cli-profiles.adoc
+++ b/modules/manual-configuration-of-cli-profiles.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/openshift_cli/managing-cli-profiles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="manual-configuration-of-cli-profiles_{context}"]
 = Manual configuration of CLI profiles
 
diff --git a/modules/manually-configure-iam-nutanix.adoc b/modules/manually-configure-iam-nutanix.adoc
index 24cc6c72979a..f2208ede5586 100644
--- a/modules/manually-configure-iam-nutanix.adoc
+++ b/modules/manually-configure-iam-nutanix.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_nutanix/configuring-iam-nutanix.adoc
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-create-iam-nutanix_{context}"]
 = Configuring IAM for Nutanix
 
@@ -37,16 +37,27 @@ credentials:
 <2> Specify the Prism Central credentials.
 <3> Optional: Specify the Prism Element credentials.
 
-. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
+. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm release extract --credentials-requests --cloud=nutanix \//
---to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
-quay.io/<path_to>/ocp-release:<version>
+$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
+
+. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
 +
-<1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects. If the specified directory does not exist, this command creates it.
+[source,terminal]
+----
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
+  --to=<path_to_directory_for_credentials_requests> <3>
+----
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the location of the `install-config.yaml` file.
+<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
 +
 .Sample `CredentialsRequest` object
 [source,yaml]
@@ -69,30 +80,19 @@ quay.io/<path_to>/ocp-release:<version>
       namespace: openshift-machine-api
 ----
 
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on Nutanix
-+
-[source,terminal]
-----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-----
-+
-<1> The Machine API Operator CR is required.
-
-. Use the `ccoctl` tool to process all of the `CredentialsRequest` objects in the `credrequests` directory by running the following command:
+. Use the `ccoctl` tool to process all `CredentialsRequest` objects by running the following command:
 +
 [source,terminal]
 ----
 $ ccoctl nutanix create-shared-secrets \
---credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <1>
---output-dir=<ccoctl_output_dir> \// <2>
---credentials-source-filepath=<path_to_credentials_file> <3>
+  --credentials-requests-dir=<path_to_credentials_requests_directory> \// <1>
+  --output-dir=<ccoctl_output_dir> \// <2>
+  --credentials-source-filepath=<path_to_credentials_file> <3>
 ----
 +
 <1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects.
-<2> Specify the directory that contains the files of the component credentials secrets, under the `manifests` directory. By default, the `ccoctl` tool creates objects in the directory in which the commands are run. To create the objects in a different directory, use the `--output-dir` flag.
-<3> Optional: Specify the directory that contains the credentials data YAML file. By default, `ccoctl` expects this file to be in `<home_directory>/.nutanix/credentials`. To specify a different directory, use the `--credentials-source-filepath` flag.
+<2> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+<3> Optional: Specify the directory that contains the credentials data YAML file. By default, `ccoctl` expects this file to be in `<home_directory>/.nutanix/credentials`.
 
 . Edit the `install-config.yaml` configuration file so that the `credentialsMode` parameter is set to `Manual`.
 +
@@ -131,22 +131,21 @@ $ ls ./<installation_directory>/manifests
 ----
 +
 .Example output
-+
-[source,terminal]
-----
-total 64
--rw-r----- 1 <user> <user> 2335 Jul  8 12:22 cluster-config.yaml
--rw-r----- 1 <user> <user>  161 Jul  8 12:22 cluster-dns-02-config.yml
--rw-r----- 1 <user> <user>  864 Jul  8 12:22 cluster-infrastructure-02-config.yml
--rw-r----- 1 <user> <user>  191 Jul  8 12:22 cluster-ingress-02-config.yml
--rw-r----- 1 <user> <user> 9607 Jul  8 12:22 cluster-network-01-crd.yml
--rw-r----- 1 <user> <user>  272 Jul  8 12:22 cluster-network-02-config.yml
--rw-r----- 1 <user> <user>  142 Jul  8 12:22 cluster-proxy-01-config.yaml
--rw-r----- 1 <user> <user>  171 Jul  8 12:22 cluster-scheduler-02-config.yml
--rw-r----- 1 <user> <user>  200 Jul  8 12:22 cvo-overrides.yaml
--rw-r----- 1 <user> <user>  118 Jul  8 12:22 kube-cloud-config.yaml
--rw-r----- 1 <user> <user> 1304 Jul  8 12:22 kube-system-configmap-root-ca.yaml
--rw-r----- 1 <user> <user> 4090 Jul  8 12:22 machine-config-server-tls-secret.yaml
--rw-r----- 1 <user> <user> 3961 Jul  8 12:22 openshift-config-secret-pull-secret.yaml
--rw------- 1 <user> <user>  283 Jul  8 12:24 openshift-machine-api-nutanix-credentials-credentials.yaml
+[source,text]
+----
+cluster-config.yaml
+cluster-dns-02-config.yml
+cluster-infrastructure-02-config.yml
+cluster-ingress-02-config.yml
+cluster-network-01-crd.yml
+cluster-network-02-config.yml
+cluster-proxy-01-config.yaml
+cluster-scheduler-02-config.yml
+cvo-overrides.yaml
+kube-cloud-config.yaml
+kube-system-configmap-root-ca.yaml
+machine-config-server-tls-secret.yaml
+openshift-config-secret-pull-secret.yaml
+openshift-cloud-controller-manager-nutanix-credentials-credentials.yaml
+openshift-machine-api-nutanix-credentials-credentials.yaml
 ----
diff --git a/modules/manually-create-iam-ibm-cloud.adoc b/modules/manually-create-iam-ibm-cloud.adoc
index 03d6744488c9..8e68a5815d97 100644
--- a/modules/manually-create-iam-ibm-cloud.adoc
+++ b/modules/manually-create-iam-ibm-cloud.adoc
@@ -8,6 +8,7 @@
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 
 ifeval::["{context}" == "installing-ibm-cloud-customizations"]
 :ibm-vpc:
@@ -33,14 +34,17 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :ibm-power-vs:
 endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:ibm-vpc:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-create-iam-ibm-cloud_{context}"]
 = Manually creating IAM
 
 Installing the cluster requires that the Cloud Credential Operator (CCO) operate in manual mode. While the installation program configures the CCO for manual mode, you must specify the identity and access management secrets for you cloud provider.
 
-You can use the Cloud Credential Operator (CCO) utility (`ccoctl`) to create the required IBM Cloud VPC resources.
+You can use the Cloud Credential Operator (CCO) utility (`ccoctl`) to create the required {ibm-cloud-name} resources.
 
 .Prerequisites
 
@@ -75,22 +79,27 @@ endif::ibm-power-vs[]
 $ openshift-install create manifests --dir <installation_directory>
 ----
 
-. From the directory that contains the installation program, obtain the {product-title} release image that your `openshift-install` binary is built to use:
+. From the directory that contains the installation program, set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
 [source,terminal]
 ----
 $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
 
-. Extract the `CredentialsRequest` objects from the {product-title} release image:
+. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm release extract --cloud=<provider_name> --credentials-requests $RELEASE_IMAGE \ <1>
-    --to=<path_to_credential_requests_directory> <2>
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
+  --to=<path_to_directory_for_credentials_requests> <3>
 ----
-<1> The name of the provider. For example: `ibmcloud` or `powervs`.
-<2> The directory where the credential requests will be stored.
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the location of the `install-config.yaml` file.
+<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
 +
 This command creates a YAML file for each `CredentialsRequest` object.
 +
@@ -129,39 +138,20 @@ This command creates a YAML file for each `CredentialsRequest` object.
         - crn:v1:bluemix:public:iam::::role:Viewer
 ----
 
-ifndef::ibm-power-vs[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on IBM Cloud VPC
-+
-[source,terminal]
-----
-0000_26_cloud-controller-manager-operator_15_credentialsrequest-ibm.yaml <1>
-0000_30_machine-api-operator_00_credentials-request.yaml <2>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request-ibmcos.yaml <3>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <4>
-0000_50_cluster-storage-operator_03_credentials_request_ibm.yaml <5>
-----
-<1> The Cloud Controller Manager Operator CR is required.
-<2> The Machine API Operator CR is required.
-<3> The Image Registry Operator CR is required.
-<4> The Ingress Operator CR is required.
-<5> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::ibm-power-vs[]
-
 . Create the service ID for each credential request, assign the policies defined, create an API key, and generate the secret:
 +
 [source,terminal]
 ----
 $ ccoctl ibmcloud create-service-id \
-    --credentials-requests-dir <path_to_credential_requests_directory> \ <1>
-    --name <cluster_name> \ <2>
-    --output-dir <installation_directory> \
-    --resource-group-name <resource_group_name> <3>
-----
-<1> The directory where the credential requests are stored.
-<2> The name of the {product-title} cluster.
-<3> Optional: The name of the resource group used for scoping the access policies.
+  --credentials-requests-dir=<path_to_credential_requests_directory> \// <1>
+  --name=<cluster_name> \// <2>
+  --output-dir=<installation_directory> \// <3>
+  --resource-group-name=<resource_group_name> <4>
+----
+<1> Specify the directory containing the files for the component `CredentialsRequest` objects.
+<2> Specify the name of the {product-title} cluster.
+<3> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
+<4> Optional: Specify the name of the resource group used for scoping the access policies.
 +
 --
 [NOTE]
@@ -170,10 +160,18 @@ If your cluster uses Technology Preview features that are enabled by the `TechPr
 
 If an incorrect resource group name is provided, the installation fails during the bootstrap phase. To find the correct resource group name, run the following command:
 
+ifdef::ibm-vpc[]
 [source,terminal]
 ----
 $ grep resourceGroupName <installation_directory>/manifests/cluster-infrastructure-02-config.yml
 ----
+endif::ibm-vpc[]
+ifdef::ibm-power-vs[]
+[source,terminal]
+----
+$ grep resourceGroup <installation_directory>/manifests/cluster-infrastructure-02-config.yml
+----
+endif::ibm-power-vs[]
 ====
 --
 
@@ -204,4 +202,7 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power-vs"]
 endif::[]
 ifeval::["{context}" == "installing-ibm-powervs-vpc"]
 :!ibm-power-vs:
-endif::[]
\ No newline at end of file
+endif::[]
+ifeval::["{context}" == "installing-ibm-cloud-restricted"]
+:!ibm-vpc:
+endif::[]
diff --git a/modules/manually-create-identity-access-management.adoc b/modules/manually-create-identity-access-management.adoc
index eb7b414c6fff..1979f99b823b 100644
--- a/modules/manually-create-identity-access-management.adoc
+++ b/modules/manually-create-identity-access-management.adoc
@@ -1,39 +1,146 @@
 // Module included in the following assemblies:
 //
-// * installing/installing_aws/manually-creating-iam.adoc
-// * installing/installing_azure/manually-creating-iam-azure.adoc
-// * installing/installing_gcp/manually-creating-iam-gcp.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
+//
+// AWS assemblies:
+// * installing/installing_aws/installing-aws-customizations.adoc
+// * installing/installing_aws/installing-aws-network-customizations.adoc
+// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
+// * installing/installing_aws/installing-aws-vpc.adoc
+// * installing/installing_aws/installing-aws-private.adoc
+// * installing/installing_aws/installing-aws-government-region.adoc
+// * installing/installing_aws/installing-aws-secret-region.adoc
+// * installing/installing_aws/installing-aws-china.adoc
+// * installing/installing_aws/installing-aws-localzone.adoc
+// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
+//
+// GCP assemblies:
+// * installing/installing_gcp/installing-gcp-customizations.adoc
+// * installing/installing_gcp/installing-gcp-network-customizations.adoc
+// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
+// * installing/installing_gcp/installing-gcp-vpc.adoc
+// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
+// * installing/installing_gcp/installing-gcp-private.adoc
+//
+// Azure assemblies
+// * installing/installing_azure/installing-azure-customizations.adoc
+// * installing/installing_azure/installing-azure-government-region.adoc
+// * installing/installing_azure/installing-azure-network-customizations.adoc
+// * installing/installing_azure/installing-azure-private.adoc
+// * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
 
-ifeval::["{context}" == "manually-creating-iam-aws"]
+//Platforms that must manually create IAM
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash:
+:cco-manual-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
+:ash:
+:cco-manual-mode:
+endif::[]
+
+//AWS install assemblies
+ifeval::["{context}" == "installing-aws-customizations"]
 :aws:
 :cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "manually-creating-iam-azure"]
-:azure:
+ifeval::["{context}" == "installing-aws-network-customizations"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-vpc"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-private"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-government-region"]
+:aws:
 :cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "manually-creating-iam-gcp"]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-china-region"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-localzone"]
+:aws:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
+:aws:
+:cco-multi-mode:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
 :google-cloud-platform:
 :cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-default"]
-:ash:
-:cco-manual-mode:
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:google-cloud-platform:
+:cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
-:ash:
-:cco-manual-mode:
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:google-cloud-platform:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:google-cloud-platform:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:google-cloud-platform:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:google-cloud-platform:
+:cco-multi-mode:
 endif::[]
 
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:azure:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-government-region"]
+:azure:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:azure:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:azure:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:azure:
+:cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:azure:
+:cco-multi-mode:
+endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-create-iam_{context}"]
 
 //For providers that support multiple modes of operation
 ifdef::cco-multi-mode[]
-= Manually create IAM
+= Manually creating long-term credentials
 endif::cco-multi-mode[]
 
 //For providers who only support manual mode
@@ -53,33 +160,42 @@ endif::cco-manual-mode[]
 
 .Procedure
 
-ifdef::cco-multi-mode[]
-. Change to the directory that contains the installation program and create the `install-config.yaml` file by running the following command:
-+
-[source,terminal]
-----
-$ openshift-install create install-config --dir <installation_directory>
-----
+ifdef::google-cloud-platform[]
+. Add the following granular permissions to the GCP account that the installation program uses:
 +
-where `<installation_directory>` is the directory in which the installation program creates files.
+.Required GCP permissions
+[%collapsible]
+====
+* compute.machineTypes.list
+* compute.regions.list
+* compute.zones.list
+* dns.changes.create
+* dns.changes.get
+* dns.managedZones.create
+* dns.managedZones.delete
+* dns.managedZones.get
+* dns.managedZones.list
+* dns.networks.bindPrivateDNSZone
+* dns.resourceRecordSets.create
+* dns.resourceRecordSets.delete
+* dns.resourceRecordSets.list
+====
+endif::google-cloud-platform[]
 
-. Edit the `install-config.yaml` configuration file so that it contains the `credentialsMode` parameter set to `Manual`.
+ifdef::cco-multi-mode[]
+. If you did not set the `credentialsMode` parameter in the `install-config.yaml` configuration file to `Manual`, modify the value as shown:
 +
-.Example `install-config.yaml` configuration file
+.Sample configuration file snippet
 [source,yaml]
 ----
 apiVersion: v1
-baseDomain: cluster1.example.com
-credentialsMode: Manual <1>
-compute:
-- architecture: amd64
-  hyperthreading: Enabled
-...
+baseDomain: example.com
+credentialsMode: Manual
+# ...
 ----
-<1> This line is added to set the `credentialsMode` parameter to `Manual`.
 endif::cco-multi-mode[]
 
-. Generate the manifests by running the following command from the directory that contains the installation program:
+. If you have not previously created installation manifest files, do so by running the following command:
 +
 [source,terminal]
 ----
@@ -88,35 +204,27 @@ $ openshift-install create manifests --dir <installation_directory>
 +
 where `<installation_directory>` is the directory in which the installation program creates files.
 
-. From the directory that contains the installation program, obtain details of the {product-title} release image that your `openshift-install` binary is built to use by running the following command:
-+
-[source,terminal]
-----
-$ openshift-install version
-----
+. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
 +
-.Example output
 [source,terminal]
 ----
-release image quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64
+$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
 
-. Locate all `CredentialsRequest` objects in this release image that target the cloud you are deploying on by running the following command:
+. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 \
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
   --credentials-requests \
-ifdef::aws[]
-  --cloud=aws
-endif::aws[]
-ifdef::azure,ash[]
-  --cloud=azure
-endif::azure,ash[]
-ifdef::google-cloud-platform[]
-  --cloud=gcp
-endif::google-cloud-platform[]
+  --included \// <1>
+  --install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
+  --to=<path_to_directory_for_credentials_requests> <3>
 ----
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
+<2> Specify the location of the `install-config.yaml` file.
+<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
 +
 This command creates a YAML file for each `CredentialsRequest` object.
 +
@@ -126,7 +234,7 @@ This command creates a YAML file for each `CredentialsRequest` object.
 apiVersion: cloudcredential.openshift.io/v1
 kind: CredentialsRequest
 metadata:
-  name: <component-credentials-request>
+  name: <component_credentials_request>
   namespace: openshift-cloud-credential-operator
   ...
 spec:
@@ -165,7 +273,7 @@ endif::google-cloud-platform[]
 apiVersion: cloudcredential.openshift.io/v1
 kind: CredentialsRequest
 metadata:
-  name: <component-credentials-request>
+  name: <component_credentials_request>
   namespace: openshift-cloud-credential-operator
   ...
 spec:
@@ -194,8 +302,8 @@ ifdef::gcp[]
 endif::gcp[]
       ...
   secretRef:
-    name: <component-secret>
-    namespace: <component-namespace>
+    name: <component_secret>
+    namespace: <component_namespace>
   ...
 ----
 +
@@ -205,8 +313,8 @@ endif::gcp[]
 apiVersion: v1
 kind: Secret
 metadata:
-  name: <component-secret>
-  namespace: <component-namespace>
+  name: <component_secret>
+  namespace: <component_namespace>
 ifdef::aws[]
 data:
   aws_access_key_id: <base64_encoded_aws_access_key_id>
@@ -227,61 +335,118 @@ data:
   service_account.json: <base64_encoded_gcp_service_account_file>
 endif::google-cloud-platform[]
 ----
-+
-[IMPORTANT]
-====
-The release image includes `CredentialsRequest` objects for Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set. You can identify these objects by their use of the `release.openshift.io/feature-set: TechPreviewNoUpgrade` annotation.
 
-* If you are not using any of these features, do not create secrets for these objects. Creating secrets for Technology Preview features that you are not using can cause the installation to fail.
-
-* If you are using any of these features, you must create secrets for the corresponding objects.
-====
-
-** To find `CredentialsRequest` objects with the `TechPreviewNoUpgrade` annotation, run the following command:
-+
-[source,terminal]
-----
-$ grep "release.openshift.io/feature-set" *
-----
-+
-.Example output
-[source,terminal]
-----
-0000_30_capi-operator_00_credentials-request.yaml:  release.openshift.io/feature-set: TechPreviewNoUpgrade
-----
-// Right now, only the CAPI Operator is an issue, but it might make sense to update `0000_30_capi-operator_00_credentials-request.yaml` to `<tech_preview_credentials_request>.yaml` for the future.
-
-ifdef::cco-multi-mode[]
-. From the directory that contains the installation program, proceed with your cluster creation:
-+
-[source,terminal]
-----
-$ openshift-install create cluster --dir <installation_directory>
-----
-endif::cco-multi-mode[]
-+
 [IMPORTANT]
 ====
 Before upgrading a cluster that uses manually maintained credentials, you must ensure that the CCO is in an upgradeable state.
 ====
 
-ifeval::["{context}" == "manually-creating-iam-aws"]
+//Platforms that must manually create IAM
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash:
+:!cco-manual-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
+:!ash:
+:!cco-manual-mode:
+endif::[]
+
+//AWS install assemblies
+ifeval::["{context}" == "installing-aws-customizations"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-network-customizations"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-vpc"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-private"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-government-region"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-secret-region"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-china-region"]
 :!aws:
 :!cco-multi-mode:
 endif::[]
+ifeval::["{context}" == "installing-aws-localzone"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
+:!aws:
+:!cco-multi-mode:
+endif::[]
+
+//GCP install assemblies
+ifeval::["{context}" == "installing-gcp-customizations"]
+:!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-network-customizations"]
+:!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
+:!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-vpc"]
+:!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-shared-vpc"]
+:!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-gcp-private"]
+:!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+
+//Azure will also be moved as part of work on `ccoctl` support for Azure
 ifeval::["{context}" == "manually-creating-iam-azure"]
 :!azure:
 :!cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "manually-creating-iam-gcp"]
-:!google-cloud-platform:
+
+//global Azure install assemblies
+ifeval::["{context}" == "installing-azure-customizations"]
+:!azure:
 :!cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-default"]
-:!ash:
-:!cco-manual-mode:
+ifeval::["{context}" == "installing-azure-government-region"]
+:!azure:
+:!cco-multi-mode:
 endif::[]
-ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
-:!ash:
-:!cco-manual-mode:
+ifeval::["{context}" == "installing-azure-network-customizations"]
+:!azure:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-private"]
+:!azure:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-vnet"]
+:!azure:
+:!cco-multi-mode:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
+:!azure:
+:!cco-multi-mode:
+endif::[]
\ No newline at end of file
diff --git a/modules/manually-creating-alibaba-manifests.adoc b/modules/manually-creating-alibaba-manifests.adoc
index 73c33a04f39e..ff53ae53c69a 100644
--- a/modules/manually-creating-alibaba-manifests.adoc
+++ b/modules/manually-creating-alibaba-manifests.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
 // * installing/installing_alibaba/installing-alibaba-vpc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-creating-alibaba-manifests_{context}"]
 = Generating the required installation manifests
 
diff --git a/modules/manually-creating-alibaba-ram-user.adoc b/modules/manually-creating-alibaba-ram-user.adoc
index 160b4e6e62f4..881c889c1a6c 100644
--- a/modules/manually-creating-alibaba-ram-user.adoc
+++ b/modules/manually-creating-alibaba-ram-user.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_alibaba/manually-creating-alibaba-ram.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-creating-alibaba-ram-user_{context}"]
 = Creating the required RAM user
 
@@ -14,7 +14,7 @@ When you configure the RAM user, be sure to consider the following requirements:
 
 * The user must have an Alibaba Cloud AccessKey ID and AccessKey secret pair.
 
-** For a new user, you can select `Open API Access` for the Access Mode when creating the user. This mode generates the required AccessKey pair. 
+** For a new user, you can select `Open API Access` for the Access Mode when creating the user. This mode generates the required AccessKey pair.
 ** For an existing user, you can add an AccessKey pair or you can link:https://www.alibabacloud.com/help/en/doc-detail/53045.htm[obtain the AccessKey pair] for that user.
 +
 [NOTE]
@@ -33,7 +33,7 @@ type = access_key                  # Certification type: access_key
 access_key_id = LTAI5t8cefXKmt                # Key <1>
 access_key_secret = wYx56mszAN4Uunfh            # Secret
 ----
-<1> Add your AccessKeyID and AccessKeySecret here. 
+<1> Add your AccessKeyID and AccessKeySecret here.
 
 * The RAM user must have the `AdministratorAccess` policy to ensure that the account has sufficient permission to create the {product-title} cluster. This policy grants permissions to manage all Alibaba Cloud resources.
 +
diff --git a/modules/manually-gathering-logs-with-ssh.adoc b/modules/manually-gathering-logs-with-ssh.adoc
index e9bb19b2378a..6139c584470b 100644
--- a/modules/manually-gathering-logs-with-ssh.adoc
+++ b/modules/manually-gathering-logs-with-ssh.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/installing-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-manually-gathering-logs-with-SSH_{context}"]
 = Manually gathering logs with SSH access to your host(s)
 
diff --git a/modules/manually-gathering-logs-without-ssh.adoc b/modules/manually-gathering-logs-without-ssh.adoc
index a4ccaefcb7ce..65a82a8f707e 100644
--- a/modules/manually-gathering-logs-without-ssh.adoc
+++ b/modules/manually-gathering-logs-without-ssh.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/installing-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-manually-gathering-logs-without-SSH_{context}"]
 = Manually gathering logs without SSH access to your host(s)
 
diff --git a/modules/manually-maintained-credentials-upgrade-extract.adoc b/modules/manually-maintained-credentials-upgrade-extract.adoc
new file mode 100644
index 000000000000..f1d721468f62
--- /dev/null
+++ b/modules/manually-maintained-credentials-upgrade-extract.adoc
@@ -0,0 +1,108 @@
+// Module included in the following assemblies:
+//
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="cco-ccoctl-upgrading-extracting_{context}"]
+= Extracting and preparing credentials request resources
+
+Before updating a cluster that uses the Cloud Credential Operator (CCO) in manual mode, you must extract and prepare the `CredentialsRequest` custom resources (CRs) for the new release.
+
+.Prerequisites
+
+* Install the {oc-first} that matches the version for your updated version.
+* Log in to the cluster as user with `cluster-admin` privileges.
+
+.Procedure
+
+. Obtain the pull spec for the update that you want to apply by running the following command:
++
+[source,terminal]
+----
+$ oc adm upgrade
+----
++
+The output of this command includes pull specs for the available updates similar to the following:
++
+.Partial example output
+[source,text]
+----
+...
+Recommended updates:
+
+VERSION IMAGE
+4.15.0  quay.io/openshift-release-dev/ocp-release@sha256:6a899c54dda6b844bb12a247e324a0f6cde367e880b73ba110c056df6d018032
+...
+----
+
+. Set a `$RELEASE_IMAGE` variable with the release image that you want to use by running the following command:
++
+[source,terminal]
+----
+$ RELEASE_IMAGE=<update_pull_spec>
+----
++
+where `<update_pull_spec>` is the pull spec for the release image that you want to use. For example:
++
+[source,text]
+----
+quay.io/openshift-release-dev/ocp-release@sha256:6a899c54dda6b844bb12a247e324a0f6cde367e880b73ba110c056df6d018032
+----
+
+. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
++
+[source,terminal]
+----
+$ oc adm release extract \
+  --from=$RELEASE_IMAGE \
+  --credentials-requests \
+  --included \// <1>
+  --to=<path_to_directory_for_credentials_requests> <2>
+----
+<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires for the target release.
+<2> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
++
+This command creates a YAML file for each `CredentialsRequest` object.
+
+. For each `CredentialsRequest` CR in the release image, ensure that a namespace that matches the text in the `spec.secretRef.namespace` field exists in the cluster. This field is where the generated secrets that hold the credentials configuration are stored.
++
+.Sample AWS `CredentialsRequest` object
+[source,yaml]
+----
+apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: cloud-credential-operator-iam-ro
+  namespace: openshift-cloud-credential-operator
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: AWSProviderSpec
+    statementEntries:
+    - effect: Allow
+      action:
+      - iam:GetUser
+      - iam:GetUserPolicy
+      - iam:ListAccessKeys
+      resource: "*"
+  secretRef:
+    name: cloud-credential-operator-iam-ro-creds
+    namespace: openshift-cloud-credential-operator <1>
+----
+<1> This field indicates the namespace which must exist to hold the generated secret.
++
+The `CredentialsRequest` CRs for other platforms have a similar format with different platform-specific values.
+
+. For any `CredentialsRequest` CR for which the cluster does not already have a namespace with the name specified in `spec.secretRef.namespace`, create the namespace by running the following command:
++
+[source,terminal]
+----
+$ oc create namespace <component_namespace>
+----
+
+.Next steps
+
+* If the cloud credential management for your cluster was configured using the CCO utility (`ccoctl`), configure the `ccoctl` utility for a cluster update and use it to update your cloud provider resources.
+
+* If your cluster was not configured with the `ccoctl` utility, manually update your cloud provider resources.
\ No newline at end of file
diff --git a/modules/manually-maintained-credentials-upgrade.adoc b/modules/manually-maintained-credentials-upgrade.adoc
index db0f8eea87d4..50678b6e00d6 100644
--- a/modules/manually-maintained-credentials-upgrade.adoc
+++ b/modules/manually-maintained-credentials-upgrade.adoc
@@ -1,73 +1,154 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-within-minor.adoc
-// * updating/updating-cluster-cli.adoc
+// * updating/preparing_for_updates/preparing-manual-creds-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="manually-maintained-credentials-upgrade_{context}"]
-= Updating cloud provider resources with manually maintained credentials
+= Manually updating cloud provider resources
 
-Before upgrading a cluster with manually maintained credentials, you must create any new credentials for the release image that you are upgrading to. You must also review the required permissions for existing credentials and accommodate any new permissions requirements in the new release for those components.
+Before upgrading a cluster with manually maintained credentials, you must create secrets for any new credentials for the release image that you are upgrading to. You must also review the required permissions for existing credentials and accommodate any new permissions requirements in the new release for those components.
+
+.Prerequisites
+
+* You have extracted the `CredentialsRequest` custom resources (CRs) from the {product-title} release image and ensured that a namespace that matches the text in the `spec.secretRef.namespace` field exists in the cluster.
 
 .Procedure
 
-. Extract and examine the `CredentialsRequest` custom resource for the new release.
+. Create YAML files with secrets for any `CredentialsRequest` custom resources that the new release image adds. The secrets must be stored using the namespace and secret name defined in the `spec.secretRef` for each `CredentialsRequest` object.
 +
-The "Manually creating IAM" section of the installation content for your cloud provider explains how to obtain and use the credentials required for your cloud.
+.Sample AWS YAML files
+[%collapsible]
+====
+.Sample AWS `CredentialsRequest` object with secrets
+[source,yaml]
+----
+apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: <component_credentials_request>
+  namespace: openshift-cloud-credential-operator
+  ...
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: AWSProviderSpec
+    statementEntries:
+    - effect: Allow
+      action:
+      - s3:CreateBucket
+      - s3:DeleteBucket
+      resource: "*"
+      ...
+  secretRef:
+    name: <component_secret>
+    namespace: <component_namespace>
+  ...
+----
 
-. Update the manually maintained credentials on your cluster:
+.Sample AWS `Secret` object
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <component_secret>
+  namespace: <component_namespace>
+data:
+  aws_access_key_id: <base64_encoded_aws_access_key_id>
+  aws_secret_access_key: <base64_encoded_aws_secret_access_key>
+----
+====
 +
---
-* Create new secrets for any `CredentialsRequest` custom resources that are added by the new release image.
-* If the `CredentialsRequest` custom resources for any existing credentials that are stored in secrets have changed permissions requirements, update the permissions as required.
---
+.Sample Azure YAML files
+[%collapsible]
+====
+[NOTE]
+=====
+Global Azure and Azure Stack Hub use the same `CredentialsRequest` object and secret formats.
+=====
+.Sample Azure `CredentialsRequest` object with secrets
+[source,yaml]
+----
+apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: <component_credentials_request>
+  namespace: openshift-cloud-credential-operator
+  ...
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: AzureProviderSpec
+    roleBindings:
+    - role: Contributor
+      ...
+  secretRef:
+    name: <component_secret>
+    namespace: <component_namespace>
+  ...
+----
 
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on AWS
-+
-[source,terminal]
+.Sample Azure `Secret` object
+[source,yaml]
 ----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cloud-credential-operator_05-iam-ro-credentialsrequest.yaml <2>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request.yaml <3>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <4>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <5>
-0000_50_cluster-storage-operator_03_credentials_request_aws.yaml <6>
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <component_secret>
+  namespace: <component_namespace>
+data:
+  azure_subscription_id: <base64_encoded_azure_subscription_id>
+  azure_client_id: <base64_encoded_azure_client_id>
+  azure_client_secret: <base64_encoded_azure_client_secret>
+  azure_tenant_id: <base64_encoded_azure_tenant_id>
+  azure_resource_prefix: <base64_encoded_azure_resource_prefix>
+  azure_resourcegroup: <base64_encoded_azure_resourcegroup>
+  azure_region: <base64_encoded_azure_region>
 ----
+====
 +
---
-<1> The Machine API Operator CR is required.
-<2> The Cloud Credential Operator CR is required.
-<3> The Image Registry Operator CR is required.
-<4> The Ingress Operator CR is required.
-<5> The Network Operator CR is required.
-<6> The Storage Operator CR is an optional component and might be disabled in your cluster.
---
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on GCP
-+
-[source,terminal]
+.Sample GCP YAML files
+[%collapsible]
+====
+.Sample GCP `CredentialsRequest` object with secrets
+[source,yaml]
 ----
-0000_26_cloud-controller-manager-operator_16_credentialsrequest-gcp.yaml <1>
-0000_30_machine-api-operator_00_credentials-request.yaml <2>
-0000_50_cloud-credential-operator_05-gcp-ro-credentialsrequest.yaml <3>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request-gcs.yaml <4>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <5>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <6>
-0000_50_cluster-storage-operator_03_credentials_request_gcp.yaml <7>
+apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: <component_credentials_request>
+  namespace: openshift-cloud-credential-operator
+  ...
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: GCPProviderSpec
+      predefinedRoles:
+      - roles/iam.securityReviewer
+      - roles/iam.roleViewer
+      skipServiceCheck: true
+      ...
+  secretRef:
+    name: <component_secret>
+    namespace: <component_namespace>
+  ...
 ----
-+
---
-<1> The Cloud Controller Manager Operator CR is required.
-<2> The Machine API Operator CR is required.
-<3> The Cloud Credential Operator CR is required.
-<4> The Image Registry Operator CR is required.
-<5> The Ingress Operator CR is required.
-<6> The Network Operator CR is required.
-<7> The Storage Operator CR is an optional component and might be disabled in your cluster.
---
+
+.Sample GCP `Secret` object
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <component_secret>
+  namespace: <component_namespace>
+data:
+  service_account.json: <base64_encoded_gcp_service_account_file>
+----
+====
+
+. If the `CredentialsRequest` custom resources for any existing credentials that are stored in secrets have changed permissions requirements, update the permissions as required.
 
 .Next steps
 * Update the `upgradeable-to` annotation to indicate that the cluster is ready to upgrade.
diff --git a/modules/manually-removing-cloud-creds.adoc b/modules/manually-removing-cloud-creds.adoc
index 9c9647f0416f..f54d5230e329 100644
--- a/modules/manually-removing-cloud-creds.adoc
+++ b/modules/manually-removing-cloud-creds.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-removing-cloud-creds_{context}"]
 = Removing cloud provider credentials
 
diff --git a/modules/manually-rotating-cloud-creds.adoc b/modules/manually-rotating-cloud-creds.adoc
index 11fa1e97e6d8..fe7a878bd205 100644
--- a/modules/manually-rotating-cloud-creds.adoc
+++ b/modules/manually-rotating-cloud-creds.adoc
@@ -14,9 +14,10 @@ ifeval::["{context}" == "cco-mode-passthrough"]
 :passthrough:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="manually-rotating-cloud-creds_{context}"]
-= Rotating cloud provider credentials manually
+ifdef::post-install[= Rotating cloud provider credentials manually]
+ifndef::post-install[= Maintaining cloud provider credentials]
 
 If your cloud provider credentials are changed for any reason, you must manually update the secret that the Cloud Credential Operator (CCO) uses to manage cloud provider credentials.
 
@@ -38,7 +39,7 @@ ifndef::passthrough[]
 endif::passthrough[]
 
 ifndef::mint[]
-** For passthrough mode, Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), {rh-openstack-first}, {rh-virtualization-first}, and VMware vSphere are supported.
+** For passthrough mode, Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), {rh-openstack-first}, and VMware vSphere are supported.
 endif::mint[]
 
 * You have changed the credentials that are used to interface with your cloud provider.
@@ -71,9 +72,6 @@ ifndef::mint[]
 |{rh-openstack}
 |`openstack-credentials`
 
-|{rh-virtualization}
-|`ovirt-credentials`
-
 |VMware vSphere
 |`vsphere-creds`
 endif::mint[]
diff --git a/modules/metallb-installing-using-web-console.adoc b/modules/metallb-installing-using-web-console.adoc
index db37fc2a52f5..93093f0481e0 100644
--- a/modules/metallb-installing-using-web-console.adoc
+++ b/modules/metallb-installing-using-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-operator-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-the-metallb-operator-using-web-console_{context}"]
 = Installing the MetalLB Operator from the OperatorHub using the web console
 
diff --git a/modules/metering-use-mysql-or-postgresql-for-hive.adoc b/modules/metering-use-mysql-or-postgresql-for-hive.adoc
index 7135166249b1..305ed1b07930 100644
--- a/modules/metering-use-mysql-or-postgresql-for-hive.adoc
+++ b/modules/metering-use-mysql-or-postgresql-for-hive.adoc
@@ -19,7 +19,7 @@ Create your MySQL or Postgres instance with a user name and password. Then creat
 +
 [source,terminal]
 ----
-$ oc --namespace openshift-metering create secret generic <YOUR_SECRETNAME> --from-literal=username=<YOUR_DATABASE_USERNAME> --from-literal=password=<YOUR_DATABASE_PASSWORD>
+$ oc --namespace openshift-metering create secret generic <YOUR_SECRETNAME> --from-literal=username=<database_username> --from-literal=password=<database_password>
 ----
 +
 * Create a secret by using a YAML file. For example:
@@ -29,10 +29,10 @@ $ oc --namespace openshift-metering create secret generic <YOUR_SECRETNAME> --fr
 apiVersion: v1
 kind: Secret
 metadata:
-  name: <YOUR_SECRETNAME> <1>
+  name: <secret_name> <1>
 data:
-  username: <BASE64_ENCODED_DATABASE_USERNAME> <2>
-  password: <BASE64_ENCODED_DATABASE_PASSWORD> <3>
+  username: <base64_encoded_database_username> <2>
+  password: <base64_encoded_database_password> <3>
 ----
 <1> The name of the secret.
 <2> Base64 encoded database user name.
@@ -81,8 +81,8 @@ spec:
         db:
           url: "jdbc:postgresql://postgresql.example.com:5432/hive_metastore"
           driver: "org.postgresql.Driver"
-          username: "REPLACEME"
-          password: "REPLACEME"
+          username: "<username>"
+          password: "<password>"
 ----
 +
 You can pass additional JDBC parameters using the `spec.hive.config.url`. For more details, see the link:https://jdbc.postgresql.org/documentation/head/connect.html#connection-parameters[PostgreSQL JDBC driver documentation].
diff --git a/modules/mgmt-power-remediation-baremetal-about.adoc b/modules/mgmt-power-remediation-baremetal-about.adoc
index 88b871f42c63..c4aad7605a06 100644
--- a/modules/mgmt-power-remediation-baremetal-about.adoc
+++ b/modules/mgmt-power-remediation-baremetal-about.adoc
@@ -2,7 +2,7 @@
 
 // * machine_management/mgmt-power-remediation-baremetal
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mgmt-power-remediation-baremetal-about_{context}"]
 = About power-based remediation of bare metal
 In a bare metal cluster, remediation of nodes is critical to ensuring the overall health of the cluster. Physically remediating a cluster can be challenging and any delay in putting the machine into a safe or an operational state increases the time the cluster remains in a degraded state, and the risk that subsequent failures might bring the cluster offline. Power-based remediation helps counter such challenges.
@@ -138,7 +138,7 @@ spec:
       machine.openshift.io/cluster-api-machine-role: <role>
       machine.openshift.io/cluster-api-machine-type: <role>
       machine.openshift.io/cluster-api-machineset: <cluster_name>-<label>-<zone>
-  selector:
+  remediationTemplate:
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: Metal3RemediationTemplate
     name: metal3-remediation-template
diff --git a/modules/microshift-about-sos-reports.adoc b/modules/microshift-about-sos-reports.adoc
index f36187496d0b..77d809ffec52 100644
--- a/modules/microshift-about-sos-reports.adoc
+++ b/modules/microshift-about-sos-reports.adoc
@@ -2,13 +2,13 @@
 
 // * microshift_support/microshift-sos-report
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-microshift-sos-reports_{context}"]
-= About {product-title} sos reports
+= About sos reports
 
-The `sos` tool is composed of different plugins that will help you gather information from different applications. A {product-title} specific plugin has been added from sos version 4.5.1, and it can gather the following data:
+The `sos` tool is composed of different plugins that help you gather information from different applications. A {microshift-short}-specific plugin has been added from sos version 4.5.1, and it can gather the following data:
 
-* {product-title} configuration and version
+* {microshift-short} configuration and version
 * YAML output for cluster-wide and system namespaced resources
 * OVN-Kubernetes information
 
diff --git a/modules/microshift-about.adoc b/modules/microshift-about.adoc
index e53218fb6e92..8108f6b92964 100644
--- a/modules/microshift-about.adoc
+++ b/modules/microshift-about.adoc
@@ -5,7 +5,7 @@
 [id="con-about-microshift_{context}"]
 = About {product-title}
 
-Working with resource-constrained field environments and hardware presents many challenges not experienced with cloud computing. {product-title} enables you to solve problems for edge devices by:
+Working with resource-constrained field environments and hardware presents many challenges not experienced with cloud computing. {microshift-short} enables you to solve problems for edge devices by:
 
 * Running the same Kubernetes workloads you run in the cloud, but at the edge.
 * Overcoming the operational challenge of minimal system resources.
@@ -13,4 +13,4 @@ Working with resource-constrained field environments and hardware presents many
 * Meeting the physical constraint of hard-to-access locations by installing your system images directly on edge devices.
 * Building on and integrating with edge-optimized operating systems such as {op-system-ostree-first}.
 
-{product-title} has the simplicity of single-node deployment with the functions and services you need for computing in resource-constrained locations. You can have many deployments on different hosts, creating the specific system image needed for each of your applications.
+{microshift-short} has the simplicity of single-node deployment with the functions and services you need for computing in resource-constrained locations. You can have many deployments on different hosts, creating the specific system image needed for each of your applications.
diff --git a/modules/microshift-accessing-cluster-locally.adoc b/modules/microshift-accessing-cluster-locally.adoc
index c9126296e922..18240063db5e 100644
--- a/modules/microshift-accessing-cluster-locally.adoc
+++ b/modules/microshift-accessing-cluster-locally.adoc
@@ -4,11 +4,11 @@
 // microshift/microshift_install/microshift-embed-in-rpm-ostree.adoc
 // microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-microshift-cluster-locally_{context}"]
-= Accessing the {product-title} cluster locally
+= Accessing the {microshift-short} cluster locally
 
-Use the following procedure to access the {product-title} cluster locally by using a `kubeconfig` file.
+Use the following procedure to access the {microshift-short} cluster locally by using a `kubeconfig` file.
 
 .Prerequisites
 
@@ -39,7 +39,7 @@ $ chmod go-r ~/.kube/config
 
 .Verification
 
-* Verify that {product-title} is running by entering the following command:
+* Verify that {microshift-short} is running by entering the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/microshift-accessing-cluster-open-firewall.adoc b/modules/microshift-accessing-cluster-open-firewall.adoc
index 41e102916b83..a444d69130ac 100644
--- a/modules/microshift-accessing-cluster-open-firewall.adoc
+++ b/modules/microshift-accessing-cluster-open-firewall.adoc
@@ -4,13 +4,13 @@
 // microshift/microshift_install/microshift-embed-in-rpm-ostree.adoc
 // microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-accessing-cluster-open-firewall_{context}"]
-= Opening the firewall for remote access to the {product-title} cluster
+= Opening the firewall for remote access to the {microshift-short} cluster
 
-Use the following procedure to open the firewall so that a remote user can access the {product-title} cluster. This procedure must be completed before a workstation user can access the cluster remotely.
+Use the following procedure to open the firewall so that a remote user can access the {microshift-short} cluster. This procedure must be completed before a workstation user can access the cluster remotely.
 
-For this procedure, `user@microshift` is the user on the {product-title} host machine and is responsible for setting up that machine so that it can be accessed by a remote user on a separate workstation.
+For this procedure, `user@microshift` is the user on the {microshift-short} host machine and is responsible for setting up that machine so that it can be accessed by a remote user on a separate workstation.
 
 .Prerequisites
 
@@ -20,7 +20,7 @@ For this procedure, `user@microshift` is the user on the {product-title} host ma
 
 .Procedure
 
-* As `user@microshift` on the {product-title} host, open the firewall port for the Kubernetes API server (`6443/tcp`) by running the following command:
+* As `user@microshift` on the {microshift-short} host, open the firewall port for the Kubernetes API server (`6443/tcp`) by running the following command:
 +
 [source,terminal]
 ----
@@ -29,7 +29,7 @@ For this procedure, `user@microshift` is the user on the {product-title} host ma
 
 .Verification
 
-* As `user@microshift`, verify that {product-title} is running by entering the following command:
+* As `user@microshift`, verify that {microshift-short} is running by entering the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/microshift-accessing-cluster-remotely.adoc b/modules/microshift-accessing-cluster-remotely.adoc
index 7c6fcf68cf66..fba4cfcdaf96 100644
--- a/modules/microshift-accessing-cluster-remotely.adoc
+++ b/modules/microshift-accessing-cluster-remotely.adoc
@@ -4,13 +4,13 @@
 // microshift/microshift_install/microshift-embed-in-rpm-ostree.adoc
 // microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-microshift-cluster-remotely_{context}"]
-= Accessing the {product-title} cluster remotely
+= Accessing the {microshift-short} cluster remotely
 
-Use the following procedure to access the {product-title} cluster from a remote workstation by using a `kubeconfig` file.
+Use the following procedure to access the {microshift-short} cluster from a remote workstation by using a `kubeconfig` file.
 
-The `user@workstation` login is used to access the host machine remotely. The `<user>` value in the procedure is the name of the user that `user@workstation` logs in with to the {product-title} host.
+The `user@workstation` login is used to access the host machine remotely. The `<user>` value in the procedure is the name of the user that `user@workstation` logs in with to the {microshift-short} host.
 
 .Prerequisites
 
@@ -27,20 +27,25 @@ The `user@workstation` login is used to access the host machine remotely. The `<
 [user@workstation]$ mkdir -p ~/.kube/
 ----
 
-. As `user@workstation`, set a variable for the hostname of your {product-title} host by running the following command:
+. As `user@workstation`, set a variable for the hostname of your {microshift-short} host by running the following command:
 +
 [source,terminal,subs="attributes+"]
 ----
-[user@workstation]$ MICROSHIFT_MACHINE=<name or IP address of {product-title} machine>
+[user@workstation]$ MICROSHIFT_MACHINE=<name or IP address of {microshift-short} machine>
 ----
 
-. As `user@workstation`, copy the generated `kubeconfig` file that contains the host name or IP address you want to connect with from the {op-system} machine running {product-title} to your local machine by running the following command:
+. As `user@workstation`, copy the generated `kubeconfig` file that contains the host name or IP address you want to connect with from the {op-system} machine running {microshift-short} to your local machine by running the following command:
 +
 [source,terminal]
 ----
 [user@workstation]$ ssh <user>@$MICROSHIFT_MACHINE "sudo cat /var/lib/microshift/resources/kubeadmin/$MICROSHIFT_MACHINE/kubeconfig" > ~/.kube/config
 ----
 
+[NOTE]
+====
+To generate `kubeconfig` files for this step, see the "Generating additional kubeconfig files for remote access" link in the additional resources section.
+====
+
 . As `user@workstation`, update the permissions on your `~/.kube/config` file by running the following command:
 +
 [source,terminal]
@@ -50,7 +55,7 @@ $ chmod go-r ~/.kube/config
 
 .Verification
 
-* As `user@workstation`, verify that {product-title} is running by entering the following command:
+* As `user@workstation`, verify that {microshift-short} is running by entering the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/microshift-accessing.adoc b/modules/microshift-accessing.adoc
index 1846875894d3..9409399f38e9 100644
--- a/modules/microshift-accessing.adoc
+++ b/modules/microshift-accessing.adoc
@@ -3,8 +3,8 @@
 // microshift/microshift_install/microshift-install-rpm.adoc
 // microshift/microshift_install/microshift-embed-in-rpm-ostree.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="accessing-microshift-cluster_{context}"]
-= How to access the {product-title} cluster
+= How to access the {microshift-short} cluster
 
-Use the procedures in this section to access the {product-title} cluster, either from the same machine running the {product-title} service or remotely from a workstation. You can use this access to observe and administrate workloads. When using these steps, choose the `kubeconfig` file that contains the host name or IP address you want to connect with and place it in the relevant directory. As listed in each procedure, you use the {OCP} CLI tool (`oc`) for cluster activities.
+Use the procedures in this section to access the {microshift-short} cluster, either from the same machine running the {microshift-short} service or remotely from a workstation. You can use this access to observe and administrate workloads. When using these steps, choose the `kubeconfig` file that contains the host name or IP address you want to connect with and place it in the relevant directory. As listed in each procedure, you use the {OCP} CLI tool (`oc`) for cluster activities.
diff --git a/modules/microshift-add-blueprint-build-iso.adoc b/modules/microshift-add-blueprint-build-iso.adoc
index 3736e5735d81..0f235db57452 100644
--- a/modules/microshift-add-blueprint-build-iso.adoc
+++ b/modules/microshift-add-blueprint-build-iso.adoc
@@ -2,7 +2,7 @@
 //
 // microshift/microshift-embed-into-rpm-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-add-blueprint-build-iso_{context}"]
 = Add the blueprint to Image Builder and build the ISO
 
@@ -16,9 +16,9 @@ $ sudo composer-cli blueprints push microshift-installer.toml
 
 . Start the `ostree` ISO build by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ BUILDID=$(sudo composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
+$ BUILDID=$(sudo composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/{op-system-version-major}/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
 ----
 +
 This command also returns the identification (ID) of the build for monitoring.
diff --git a/modules/microshift-adding-app-rpms-to-blueprint.adoc b/modules/microshift-adding-app-rpms-to-blueprint.adoc
new file mode 100644
index 000000000000..4f899188b286
--- /dev/null
+++ b/modules/microshift-adding-app-rpms-to-blueprint.adoc
@@ -0,0 +1,86 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embedding-apps-tutorial.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-adding-app-rpms-to-blueprint_{context}"]
+= Adding application RPMs to a blueprint
+
+To add application RPMs to a blueprint, you must create a local repository that Image Builder can use to create the ISO. With this procedure, the required container images for your workload can be pulled over the network.
+
+.Prerequisites
+
+* You have root access to the host.
+* Workload or application RPMs exist in the `~/rpmbuild/RPMS` directory.
+
+.Procedure
+
+. Create a local RPM repository by running the following command:
++
+[source,terminal]
+----
+$ createrepo ~/rpmbuild/RPMS/
+----
+
+. Give Image Builder access to the RPM repository by running the following command:
++
+[source,terminal]
+----
+$ sudo chmod a+rx ~
+----
++
+[NOTE]
+====
+You must ensure that Image Builder has all of the necessary permissions to access all of the files needed for image building, or the build cannot proceed.
+====
++
+. Create the blueprint file, `repo-local-rpmbuild.toml` using the following template:
++
+[source,toml]
+----
+id = "local-rpm-build"
+name = "RPMs build locally"
+type = "yum-baseurl"
+url = "file://<path>/rpmbuild/RPMS" <1>
+check_gpg = false
+check_ssl = false
+system = false
+----
+<1> Specify part of the path to create a location that you choose. Use this path in the later commands to set up the repository and copy the RPMs.
+
+. Add the repository as a source for Image Builder by running the following command:
++
+[source,terminal]
+----
+$ sudo composer-cli sources add repo-local-rpmbuild.toml
+----
+
+. Add the RPM to your blueprint, by adding the following lines:
++
+[source,toml]
+----
+…
+[[packages]]
+name = "<application_workload_manifests>" <1>
+version = "*"
+…
+----
+<1> Add the name of your workload here.
+
+. Push the updated blueprint to Image Builder by running the following command:
++
+[source,terminal]
+----
+$ sudo composer-cli blueprints push repo-local-rpmbuild.toml
+----
+
+. At this point, you can either run Image Builder to create the ISO, or embed the container images for offline use.
+
+.. To create the ISO, start Image Builder by running the following command:
++
+[source,terminal]
+----
+$ sudo composer-cli compose start-ostree repo-local-rpmbuild edge-commit
+----
+
+In this scenario, the container images are pulled over the network by the edge device during startup.
\ No newline at end of file
diff --git a/modules/microshift-adding-olm-to-blueprint.adoc b/modules/microshift-adding-olm-to-blueprint.adoc
new file mode 100644
index 000000000000..b32d5a2c7f62
--- /dev/null
+++ b/modules/microshift-adding-olm-to-blueprint.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * microshift/microshift-update-rpms-ostree.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-adding-olm-to-blueprint_{context}"]
+== Adding the Operator Lifecycle Manager (OLM) service to a blueprint 
+
+When you install {microshift-short}, the Operator Lifecycle Manager (OLM) package is not installed by default. You can add the `microshift-olm` package in the ostree blueprint to enable OLM in {microshift-short}.
+
+. Edit your ostree blueprint by running the following example command:
++
+[source,terminal]
+[subs="+quotes"]
+----
+$ vi _<microshift_blueprint.toml>_ <1>
+----
+<1> Specify the name of the blueprint file you used when adding the MicroShift service.
+
+. Add the following example text to your ostree blueprint:
++
+[source,text]
+----
+[[packages]]
+name = "microshift-olm"
+version = "*"
+----
+. To apply the manifest from the package to an active cluster, you must build a new OSTree system then deploy it on the machine. To update your OSTree system, use the instruction's in "Applying updates on an OSTree system"
\ No newline at end of file
diff --git a/modules/microshift-adding-repos-to-image-builder.adoc b/modules/microshift-adding-repos-to-image-builder.adoc
index 2cfc47cbb113..ef572b11bef2 100644
--- a/modules/microshift-adding-repos-to-image-builder.adoc
+++ b/modules/microshift-adding-repos-to-image-builder.adoc
@@ -1,29 +1,31 @@
 // Module included in the following assemblies:
 //
-// microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-update-rpms-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-microshift-repos-image-builder_{context}"]
-= Adding {product-title} repositories to Image Builder
+= Adding {microshift-short} repositories to Image Builder
 
-Use the following procedure to add the {product-title} repositories to Image Builder on your build host.
+Use the following procedure to add the {microshift-short} repositories to Image Builder on your build host.
 
 .Prerequisites
+
 * Your build host meets the Image Builder system requirements.
 * You have installed and set up Image Builder and the `composer-cli` tool.
 * You have root-user access to your build host.
 
 .Procedure
 
-. Create an Image Builder configuration file for adding the `rhocp-4.13` RPM repository source required to pull {product-title} RPMs by running the following command:
+. Create an Image Builder configuration file for adding the `{rpm-repo-version}` RPM repository source required to pull {microshift-short} RPMs by running the following command:
 +
-[source,terminal]
+[source,text,subs="attributes+"]
 ----
-$ cat > rhocp-4.13.toml <<EOF
-id = "rhocp-4.13"
-name = "Red Hat OpenShift Container Platform 4.13 for RHEL 9"
+cat > {rpm-repo-version}.toml <<EOF
+id = "{rpm-repo-version}"
+name = "Red Hat OpenShift Container Platform {ocp-version} for RHEL {op-system-version-major}"
 type = "yum-baseurl"
-url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/rhocp/4.13/os"
+url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/rhocp/{ocp-version}/os"
 check_gpg = true
 check_ssl = true
 system = false
@@ -33,9 +35,9 @@ EOF
 
 . Create an Image Builder configuration file for adding the `fast-datapath` RPM repository by running the following command:
 +
-[source,terminal]
+[source,text,subs="attributes+"]
 ----
-$ cat > fast-datapath.toml <<EOF
+cat > fast-datapath.toml <<EOF
 id = "fast-datapath"
 name = "Fast Datapath for RHEL 9"
 type = "yum-baseurl"
@@ -49,9 +51,9 @@ EOF
 
 . Add the sources to the Image Builder by running the following commands:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ sudo composer-cli sources add rhocp-4.13.toml
+$ sudo composer-cli sources add {rpm-repo-version}.toml
 ----
 +
 [source,terminal]
@@ -70,10 +72,10 @@ $ sudo composer-cli sources list
 +
 .Example output
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 appstream
 baseos
 fast-datapath
-rhocp-4.13
+{rpm-repo-version}
 ----
\ No newline at end of file
diff --git a/modules/microshift-adding-service-to-blueprint.adoc b/modules/microshift-adding-service-to-blueprint.adoc
index cf159bc7ee5d..96deaa63dd42 100644
--- a/modules/microshift-adding-service-to-blueprint.adoc
+++ b/modules/microshift-adding-service-to-blueprint.adoc
@@ -1,23 +1,34 @@
 // Module included in the following assemblies:
 //
-// microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-update-rpms-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-microshift-service-to-blueprint_{context}"]
-= Adding the {product-title} service to a blueprint
+= Adding the {microshift-short} service to a blueprint
 
-Adding the {product-title} RPM package to an Image Builder blueprint enables the build of a {op-system-ostree} image with {product-title} embedded.
+Adding the {microshift-short} RPM package to an Image Builder blueprint enables the build of a {op-system-ostree} image with {microshift-short} embedded.
+
+* Start with step 1 to create your own minimal blueprint file which results in a faster {microshift-short} installation.
+* Start with step 2 to use the generated blueprint for installation which includes all the RPM packages and container images. This is a longer installation process, but a faster start up because container references are accessed locally.
++
+[IMPORTANT]
+====
+* Replace _<microshift_blueprint.toml>_ in the following procedures with the name of the TOML file you are using.
+* Replace _<microshift_blueprint>_ in the following procedures with the name you want to use for your blueprint.
+====
 
 .Procedure
 
-. Use the following example to create your blueprint:
+. Use the following example to create your own blueprint file:
 +
-.Image Builder blueprint example
+.Custom Image Builder blueprint example
 +
-[source,terminal]
+[source,text]
+[subs="+quotes"]
 ----
-$ cat > minimal-microshift.toml <<EOF
-name = "minimal-microshift"
+cat > _<microshift_blueprint.toml>_ <<EOF <1>
+name = "_<microshift_blueprint>_" <2>
 
 description = ""
 version = "0.0.1"
@@ -28,53 +39,94 @@ groups = []
 name = "microshift"
 version = "*"
 
-[[packages]]
-name = "microshift-greenboot" <1>
-version = "*"
-
 [customizations.services]
 enabled = ["microshift"]
 EOF
 ----
-[.small]
-<1> Optional `microshift-greenboot` RPM. For more information, read the "Greenboot health check" guide in the "Running Applications" section.
+<1> _<microshift_blueprint.toml>_ is the name of the TOML file.
+<2> _<microshift_blueprint>_ is the name of your blueprint.
 +
 [NOTE]
 ====
-The wildcard `*` in the commands uses the latest {product-title} RPMs. If you need a specific version, substitute the wildcard for the version you want. For example, insert `4.13.1` to download the {product-title} 4.13.1 RPMs.
+The wildcard `*` in the commands uses the latest {microshift-short} RPMs. If you need a specific version, substitute the wildcard for the version you want. For example, insert `4.15.0` to download the {microshift-short} 4.15.0 RPMs.
 ====
 
+. Optional. Use the blueprint installed in the `/usr/share/microshift/blueprint` directory that is specific to your platform architecture. See the following example snippet for an explanation of the blueprint sections:
++
+.Generated Image Builder blueprint example snippet
++
+[source,text]
+----
+name = "microshift_blueprint"
+description = "MicroShift 4.15.1 on x86_64 platform"
+version = "0.0.1"
+modules = []
+groups = []
+
+[[packages]] <1>
+name = "microshift"
+version = "4.15.1"
+...
+...
+
+[customizations.services] <2>
+enabled = ["microshift"]
+
+[customizations.firewall]
+ports = ["22:tcp", "80:tcp", "443:tcp", "5353:udp", "6443:tcp", "30000-32767:tcp", "30000-32767:udp"]
+...
+...
+
+[[containers]] <3>
+source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f41e79c17e8b41f1b0a5a32c3e2dd7cd15b8274554d3f1ba12b2598a347475f4"
+
+[[containers]]
+source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dbc65f1fba7d92b36cf7514cd130fe83a9bd211005ddb23a8dc479e0eea645fd"
+...
+…
+EOF
+----
+<1> References for all non-optional {microshift-short} RPM packages using the same version compatible with the `microshift-release-info` RPM.
+<2> References for automatically enabling {microshift-short} on system startup and applying default networking settings.
+<3> References for all non-optional {microshift-short} container images necessary for an offline deployment.
+
 . Add the blueprint to the Image Builder by running the following command:
 +
 [source,terminal]
+[subs="+quotes"]
 ----
-$ sudo composer-cli blueprints push minimal-microshift.toml
+$ sudo composer-cli blueprints push __<microshift_blueprint.toml>__ <1>
 ----
+<1> Replace _<microshift_blueprint.toml>_ with the name of your TOML file.
 
 .Verification
 
-. Verify the Image Builder configuration listing only {product-title} packages by running the following command:
+. Verify the Image Builder configuration listing only {microshift-short} packages by running the following command:
 +
 [source,terminal]
+[subs="+quotes"]
 ----
-$ sudo composer-cli blueprints depsolve minimal-microshift | grep microshift
+$ sudo composer-cli blueprints depsolve __<microshift_blueprint>__ | grep microshift <1>
 ----
+<1> Replace _<microshift_blueprint>_ with the name of your blueprint.
 +
 .Example output
 +
 [source,terminal]
 ----
-blueprint: minimal-microshift v0.0.1
-    microshift-greenboot-4.13.1-202305250827.p0.g4105d3b.assembly.4.13.1.el9.noarch
-    microshift-networking-4.13.1-202305250827.p0.g4105d3b.assembly.4.13.1.el9.x86_64
-    microshift-release-info-4.13.1-202305250827.p0.g4105d3b.assembly.4.13.1.el9.noarch
-    microshift-4.13.1-202305250827.p0.g4105d3b.assembly.4.13.1.el9.x86_64
-    microshift-selinux-4.13.1-202305250827.p0.g4105d3b.assembly.4.13.1.el9.noarch
+blueprint: microshift_blueprint v0.0.1
+    microshift-greenboot-4.15.1-202305250827.p0.g4105d3b.assembly.4.15.1.el9.noarch
+    microshift-networking-4.15.1-202305250827.p0.g4105d3b.assembly.4.15.1.el9.x86_64
+    microshift-release-info-4.15.1-202305250827.p0.g4105d3b.assembly.4.15.1.el9.noarch
+    microshift-4.15.1-202305250827.p0.g4105d3b.assembly.4.15.1.el9.x86_64
+    microshift-selinux-4.15.1-202305250827.p0.g4105d3b.assembly.4.15.1.el9.noarch
 ----
-
+//need updated example output
 . Optional: Verify the Image Builder configuration listing all components to be installed by running the following command:
 +
 [source,terminal]
+[subs="+quotes"]
 ----
-$ sudo composer-cli blueprints depsolve minimal-microshift
+$ sudo composer-cli blueprints depsolve __<microshift_blueprint>__ <1>
 ----
+<1> Replace _<microshift_blueprint>_ with the name of your blueprint.
\ No newline at end of file
diff --git a/modules/microshift-applying-manifests-example.adoc b/modules/microshift-applying-manifests-example.adoc
index 428af1b94c5d..56552ac862b3 100644
--- a/modules/microshift-applying-manifests-example.adoc
+++ b/modules/microshift-applying-manifests-example.adoc
@@ -1,10 +1,11 @@
 // Module included in the following assemblies:
 //
-// * microshift/running_applications/microshift-operators.adoc
+// * microshift/running_applications/microshift-applications.adoc
 
-:_content-type: PROCEDURE
-[id="microshift-manifests-example_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-applying-manifests-example_{context}"]
 = Using manifests example
+
 This example demonstrates automatic deployment of a BusyBox container using `kustomize` manifests in the `/etc/microshift/manifests` directory.
 
 .Procedure
@@ -26,10 +27,9 @@ $ sudo mkdir -p ${MANIFEST_DIR}
 +
 .. Place the YAML file in the directory:
 +
-[source,terminal]
+[source,text]
 ----
-$ sudo tee ${MANIFEST_DIR}/busybox.yaml &>/dev/null <<EOF
-
+sudo tee ${MANIFEST_DIR}/busybox.yaml &>/dev/null <<EOF
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -38,7 +38,8 @@ metadata:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: busybox-deployment
+  name: busybox
+  namespace: busybox-deployment
 spec:
   selector:
     matchLabels:
@@ -51,9 +52,7 @@ spec:
       containers:
       - name: busybox
         image: BUSYBOX_IMAGE
-        command:
-          - sleep
-          - "3600"
+        command: [ "/bin/sh", "-c", "while true ; do date; sleep 3600; done;" ]
 EOF
 ----
 
@@ -61,10 +60,9 @@ EOF
 +
 .. Place the YAML file in the directory:
 +
-[source,terminal]
+[source,text]
 ----
-$ sudo tee ${MANIFEST_DIR}/kustomization.yaml &>/dev/null <<EOF
----
+sudo tee ${MANIFEST_DIR}/kustomization.yaml &>/dev/null <<EOF
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: busybox
@@ -72,11 +70,11 @@ resources:
   - busybox.yaml
 images:
   - name: BUSYBOX_IMAGE
-    newName: registry.k8s.io/busybox
+    newName: busybox:1.35
 EOF
 ----
 
-. Restart {product-title} to apply the manifests by running the following command:
+. Restart {microshift-short} to apply the manifests by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/microshift-backing-up-manually.adoc b/modules/microshift-backing-up-manually.adoc
new file mode 100644
index 000000000000..a4c67278875d
--- /dev/null
+++ b/modules/microshift-backing-up-manually.adoc
@@ -0,0 +1,45 @@
+//Module included in the following assemblies:
+//
+// * microshift_updating/microshift-update-options.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-backing-up-manually_{context}"]
+= Backing up {microshift-short} data manually
+
+You can back up {microshift-short} data manually at any time. Back up your data before system updates to preserve it for use if an update fails or for other system trouble. Automated backups are created in the `/var/lib/microshift-backups` directory. You can use this directory for manually backing up and restoring data by specifying it in each command. When you create a backup, you must use the entire file path for the output file.
+
+.Prerequisites
+
+* You have root access to the host.
+* {microshift-short} is stopped.
+
+.Procedure
+
+. Manually create a backup by using the parent directory and specifying a name, such as `/var/lib/microshift-backups/<my_manual_backup>`, by running the following command:
++
+[source,terminal]
+----
+$ sudo microshift backup /var/lib/microshift-backups/<my_manual_backup>
+----
+Replace `<my_manual_backup>` with the backup name that you want to use.
++
+.Example output
++
+[source,terminal]
+----
+??? I1017 07:38:16.770506    5900 data_manager.go:92] "Copying data to backup directory" storage="/var/lib/microshift-backups" name="test" data="/var/lib/microshift"
+??? I1017 07:38:16.770713    5900 data_manager.go:227] "Starting copy" cmd="/bin/cp --verbose --recursive --preserve --reflink=auto /var/lib/microshift /var/lib/microshift-backups/test"
+??? I1017 07:38:16.776162    5900 data_manager.go:241] "Finished copy" cmd="/bin/cp --verbose --recursive --preserve --reflink=auto /var/lib/microshift /var/lib/microshift-backups/test"
+??? I1017 07:38:16.776256    5900 data_manager.go:125] "Copied data to backup directory" backup="/var/lib/microshift-backups/test" data="/var/lib/microshift"
+----
+
+. Optional: Manually create a backup in a specific parent directory with a custom name by running the following command:
++
+[source,terminal]
+----
+$ sudo microshift backup /mnt/<other_backups_location>/<another_manual_backup>
+----
+Replace `<other_backups_location>` with the directory you want to use and `<my_manual_backup>` with the backup name you want to use.
+
+.Verification
+* You can verify that the backup exists by viewing the data in the directory you chose. For example, `/var/lib/microshift-backups/<my_manual_backup>/` or `/mnt/<other_backups_location>/<another_manual_backup>`.
diff --git a/modules/microshift-blocking-nodeport-access.adoc b/modules/microshift-blocking-nodeport-access.adoc
index 09ad9db37f3e..4126def3d0df 100644
--- a/modules/microshift-blocking-nodeport-access.adoc
+++ b/modules/microshift-blocking-nodeport-access.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-blocking-nodeport-access_{context}"]
 = Blocking external access to the NodePort service on a specific host interface
 
@@ -20,18 +20,21 @@ OVN-Kubernetes does not restrict the host interface where a NodePort service can
 ----
 # export NODEPORT=30700
 ----
+
 . Change the `INTERFACE_IP` value to the IP address from the host interface that you want to block. For example:
 +
 [source,terminal]
 ----
 # export INTERFACE_IP=192.168.150.33
 ----
+
 . Insert a new rule in the `nat` table PREROUTING chain to drop all packets that match the destination port and IP address. For example:
 +
 [source,terminal]
 ----
 $ sudo nft -a insert rule ip nat PREROUTING tcp dport $NODEPORT ip daddr $INTERFACE_IP drop
 ----
+
 . List the new rule by running the following command:
 +
 [source,terminal]
@@ -52,6 +55,7 @@ table ip nat {
 ====
 Note the `handle` number of the newly added rule. You need to remove the `handle` number in the following step.
 ====
+
 . Remove the custom rule with the following sample command:
 +
 [source,terminal]
diff --git a/modules/microshift-building-apps-rpms.adoc b/modules/microshift-building-apps-rpms.adoc
new file mode 100644
index 000000000000..2834b1b98f74
--- /dev/null
+++ b/modules/microshift-building-apps-rpms.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embedding-apps-tutorial.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-building-apps-rpms_{context}"]
+= Building the RPM package for the application manifests
+
+To build your own RPMs, you must create a spec file that adds the application manifests to the RPM package. The following is an example procedure. As long as the application RPMs and other elements needed for image building are accessible to Image Builder, you can use the method that you prefer.
+
+.Prerequisites
+* You have set up a {op-system-ostree-first} {op-system-version} build host that meets the Image Builder system requirements.
+* You have root access to the host.
+* The file tree required to build RPM packages was created.
+
+.Procedure
+
+. In the `~/rpmbuild/SPECS` directory, create a file such as `<application_workload_manifests.spec>` using the following template:
++
+.Example spec file
+[source,terminal]
+----
+Name: <application_workload_manifests>
+Version: 0.0.1
+Release: 1%{?dist}
+Summary: Adds workload manifests to microshift
+BuildArch: noarch
+License: GPL
+Source0: %{name}-%{version}.tar.gz
+#Requires: microshift
+%description
+Adds workload manifests to microshift
+%prep
+%autosetup
+%install <1>
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/%{_prefix}/lib/microshift/manifests
+cp -pr ~/manifests $RPM_BUILD_ROOT/%{_prefix}/lib/microshift/
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%{_prefix}/lib/microshift/manifests/**
+%changelog
+* <DDD MM DD YYYY username@domain - V major.minor.patch>
+- <your_change_log_comment>
+----
+<1> The `%install` section creates the target directory inside the RPM package, `/usr/lib/microshift/manifests/`
+and copies the manifests from the source home directory, `~/manifests`.
++
+[IMPORTANT]
+====
+All of the required YAML files must be in the source home directory `~/manifests`, including a `kustomize.yaml` file if you are using kustomize.
+====
+
+. Build your RPM package in the `~/rpmbuild/RPMS` directory by running the following command:
++
+[source,terminal]
+----
+$ rpmbuild -bb ~/rpmbuild/SPECS/<application_workload_manifests.spec>
+----
diff --git a/modules/microshift-ca-adding-bundle-ostree.adoc b/modules/microshift-ca-adding-bundle-ostree.adoc
new file mode 100644
index 000000000000..6904c03b2a62
--- /dev/null
+++ b/modules/microshift-ca-adding-bundle-ostree.adoc
@@ -0,0 +1,62 @@
+//Module included in the following assemblies:
+//
+//* microshift_install/microshift-embed-in-rpm-ostree.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-ca-adding-bundle-ostree_{context}"]
+= Adding a certificate authority bundle to an rpm-ostree image
+You can include additional trusted certificate authorities (CAs) to the {op-system-ostree-first} `rpm-ostree` image by adding them to the blueprint that you use to create the image. Using the following procedure sets up additional CAs to be trusted by the operating system when pulling images from an image registry.
+
+[NOTE]
+====
+This procedure requires you to configure the CA bundle customizations in the blueprint, and then add steps to your kickstart file to enable the bundle. In the following steps, `data` is the key, and `<value>` represents the PEM-encoded certificate.
+====
+
+.Prerequisites
+
+* You have root user access to your build host.
+* Your build host meets the Image Builder system requirements.
+* You have installed and set up Image Builder and the `composer-cli` tool.
+
+.Procedure
+
+. Add the following custom values to your blueprint to add a directory.
+
+.. Add instructions to your blueprint on the host where the image is built to create the directory, for example, `/etc/pki/ca-trust/source/anchors/` for your certificate bundles.
++
+[source,terminal]
+----
+[[customizations.directories]]
+path = "/etc/pki/ca-trust/source/anchors"
+----
+
+.. After the image has booted, create the certificate bundles, for example, `/etc/pki/ca-trust/source/anchors/cert1.pem`:
++
+[source,terminal]
+----
+[[customizations.files]]
+path = "/etc/pki/ca-trust/source/anchors/cert1.pem"
+data = "<value>"
+----
+
+. To enable the certificate bundle in the system-wide trust store configuration, use the `update-ca-trust` command on the host where the image you are using has booted, for example:
++
+[source,terminal]
+----
+$ sudo update-ca-trust
+----
+
+[NOTE]
+====
+The `update-ca-trust` command might be included in the `%post` section of a kickstart file used for MicroShift host installation so that all the necessary certificate trust is enabled on the first boot. You must configure the CA bundle customizations in the blueprint before adding steps to your kickstart file to enable the bundle.
+
+[source,terminal]
+----
+%post
+# Update certificate trust storage in case new certificates were
+# installed at /etc/pki/ca-trust/source/anchors directory
+update-ca-trust
+%end
+----
+====
diff --git a/modules/microshift-ca-adding-bundle.adoc b/modules/microshift-ca-adding-bundle.adoc
new file mode 100644
index 000000000000..42664dabbb64
--- /dev/null
+++ b/modules/microshift-ca-adding-bundle.adoc
@@ -0,0 +1,9 @@
+//Module included in the following assemblies:
+//
+//* microshift_install/microshift-embed-in-rpm-ostree.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-ca-adding-bundle_{context}"]
+= Adding a certificate authority bundle
+
+{microshift-short} uses the host trust bundle when clients evaluate server certificates. You can also use a customized security certificate chain to improve the compatibility of your endpoint certificates with clients specific to your deployments. To do this, you can add a certificate authority (CA) bundle with root and intermediate certificates to the {op-system-ostree-first} system-wide trust store.
diff --git a/modules/microshift-certificate-lifetime.adoc b/modules/microshift-certificate-lifetime.adoc
index e6bd6ac28c75..3088de5a0f22 100644
--- a/modules/microshift-certificate-lifetime.adoc
+++ b/modules/microshift-certificate-lifetime.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift/microshift-things-to-know.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-certificate-lifetime_{context}"]
 = Security certificate lifetime
 
-{product-title} certificates are separated into two basic groups:
+{microshift-short} certificates are separated into two basic groups:
 
 . Short-lived certificates having certificate validity of one year.
 . Long-lived certificates having certificate validity of 10 years.
@@ -17,7 +17,7 @@ An example of a long-lived certificate is the client certificate for `system:adm
 
 [id="microshift-certificate-rotation_{context}"]
 == Certificate rotation
-Certificates that are expired or close to their expiration dates need to be rotated to ensure continued {product-title} operation. When {product-title} restarts for any reason, certificates that are close to expiring are rotated. A certificate that is set to expire imminently, or has expired, can cause an automatic {product-title} restart to perform a rotation.
+Certificates that are expired or close to their expiration dates need to be rotated to ensure continued {microshift-short} operation. When {microshift-short} restarts for any reason, certificates that are close to expiring are rotated. A certificate that is set to expire imminently, or has expired, can cause an automatic {microshift-short} restart to perform a rotation.
 
 [NOTE]
 ====
@@ -26,26 +26,26 @@ If the rotated certificate is a Certificate Authority, all of the certificates i
 
 [id="microshift-st-certificate-rotation_{context}"]
 === Short-term certificates
-The following situations describe {product-title} actions during short-term certificate lifetimes:
+The following situations describe {microshift-short} actions during short-term certificate lifetimes:
 
 . No rotation:
 .. When a short-term certificate is up to 5 months old, no rotation occurs.
 
 . Rotation at restart:
-.. When a short-term certificate is 5 to 8 months old, it is rotated when {product-title} starts or restarts.
+.. When a short-term certificate is 5 to 8 months old, it is rotated when {microshift-short} starts or restarts.
 
 . Automatic restart for rotation:
-.. When a short-term certificate is more than 8 months old, {product-title} can automatically restart to rotate and apply a new certificate.
+.. When a short-term certificate is more than 8 months old, {microshift-short} can automatically restart to rotate and apply a new certificate.
 
 [id="microshift-lt-certificate-rotation_{context}"]
 === Long-term certificates
-The following situations describe {product-title} actions during long-term certificate lifetimes:
+The following situations describe {microshift-short} actions during long-term certificate lifetimes:
 
 . No rotation:
 .. When a long-term certificate is up to 8.5 years old, no rotation occurs.
 
 . Rotation at restart:
-.. When a long-term certificate is 8.5 to 9 years old, it is rotated when {product-title} starts or restarts.
+.. When a long-term certificate is 8.5 to 9 years old, it is rotated when {microshift-short} starts or restarts.
 
 . Automatic restart for rotation:
-.. When a long-term certificate is more than 9 years old, {product-title} can automatically restart to rotate and apply a new certificate.
+.. When a long-term certificate is more than 9 years old, {microshift-short} can automatically restart to rotate and apply a new certificate.
diff --git a/modules/microshift-check-cluster-status.adoc b/modules/microshift-check-cluster-status.adoc
new file mode 100644
index 000000000000..7c42fc63d6d2
--- /dev/null
+++ b/modules/microshift-check-cluster-status.adoc
@@ -0,0 +1,38 @@
+//Module included in the following assemblies:
+//
+//*  microshift_troubleshooting/microshift-troubleshoot-cluster
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-check-cluster-status_{context}"]
+= Checking the status of a cluster
+
+You can check the status of a {microshift-short} cluster or see active pods by running a simple command. Given in the following procedure are three commands you can use to check cluster status. You can choose to run one, two, or all commands to help you retrieve the information you need to troubleshoot the cluster.
+
+.Procedure
+* You can check the system status, which returns the cluster status, by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl status microshift
+----
++
+If {microshift-short} is failing to start, this command returns the logs from the previous run.
+
+* Optional: You can view the logs by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -u microshift
+----
+
+[NOTE]
+====
+The default configuration of the `systemd` journal service stores data in a volatile directory. To persist system logs across system starts and restarts, enable log persistence and set limits on the maximum journal data size.
+====
+
+* Optional: If {microshift-short} is running, you can see active pods by entering the following command:
++
+[source,terminal]
+----
+$ oc get pods -A
+----
\ No newline at end of file
diff --git a/modules/microshift-check-journal-logs-updates.adoc b/modules/microshift-check-journal-logs-updates.adoc
new file mode 100644
index 000000000000..79d18535a285
--- /dev/null
+++ b/modules/microshift-check-journal-logs-updates.adoc
@@ -0,0 +1,53 @@
+//Module included in the following assemblies:
+//
+//* microshift_troubleshooting/microshift-updates-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-check-journal-logs-updates_{context}"]
+= Checking journal logs after updates
+
+In some cases, {microshift-short} might fail to update. In these events, it is helpful to understand failure types and how to troubleshoot them. The journal logs can assist in diagnosing update failures.
+
+[NOTE]
+====
+The default configuration of the `systemd` journal service stores data in a volatile directory. To persist system logs across system starts and restarts, enable log persistence and set limits on the maximum journal data size.
+====
+
+.Procedure
+
+* Check the {microshift-short} journal logs by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -u microshift
+----
+
+* Check the Greenboot journal logs by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -u greenboot-healthcheck
+----
+
+* Check the journal logs for a boot of a specific service by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl --boot <boot> -u <service-name>
+----
+
+* Examining the comprehensive logs of a specific boot uses two steps. First list the boots, then select the one you want from the list you obtained:
+
+** List the boots present in the journal logs by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl --list-boots
+----
+
+** Check the journal logs for the boot you want by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl --boot <-my-boot-number>
+----
diff --git a/modules/microshift-cli-oc-about.adoc b/modules/microshift-cli-oc-about.adoc
index 192c97f6de17..02ce5b7c4b3c 100644
--- a/modules/microshift-cli-oc-about.adoc
+++ b/modules/microshift-cli-oc-about.adoc
@@ -2,12 +2,17 @@
 //
 // * microshift-cli_ref/microshift-cli-using-oc.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-cli-oc-about_{context}"]
 = About the OpenShift CLI
 
-With the OpenShift command-line interface (CLI), the `oc` command, you can deploy and manage {product-title} projects from a terminal. The CLI `oc` tool is ideal in the following situations:
+With the OpenShift command-line interface (CLI), the `oc` command, you can deploy and manage {microshift-short} projects from a terminal. The CLI `oc` tool is ideal in the following situations:
 
 * Working directly with project source code
 * Scripting {product-title} operations
 * Managing projects while restricted by bandwidth resources
+
+[NOTE]
+====
+A `kubeconfig` file must exist for the cluster to be accessible. The values are applied from built-in default values or a `config.yaml`, if one was created.
+====
diff --git a/modules/microshift-cli-oc-get-help.adoc b/modules/microshift-cli-oc-get-help.adoc
index e28c3517aecb..cf2999bdea00 100644
--- a/modules/microshift-cli-oc-get-help.adoc
+++ b/modules/microshift-cli-oc-get-help.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_cli_ref/microshift_cli_getting_help.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cli-getting-help_{context}"]
 = Getting help
 
-You can get help with CLI commands and {product-title} resources in the following ways.
+You can get help with CLI commands and {microshift-short} resources in the following ways.
 
 * Use `oc help --flag` to get information about a specific CLI command:
 +
@@ -56,6 +56,3 @@ FIELDS:
 
 ...
 ----
-//removed reference to oc help, as I thought this would just create noise for the MicroShift user
-//are these other two ways viable for MicroShift?
-//are there better examples for MicroShift use cases?
\ No newline at end of file
diff --git a/modules/microshift-cni-customization-matrix.adoc b/modules/microshift-cni-customization-matrix.adoc
new file mode 100644
index 000000000000..22608bb7ea19
--- /dev/null
+++ b/modules/microshift-cni-customization-matrix.adoc
@@ -0,0 +1,48 @@
+
+:_mod-docs-content-type: REFERENCE
+[id="microshift-nw-customization-matrix_{context}"]
+= {microshift-short} networking customization matrix
+
+The following table summarizes the status of networking features and capabilities that are either present as defaults, supported for configuration, or not available with the {microshift-short} service:
+
+.{microshift-short} networking capabilities and customization status
+[cols="50%,20%,30%",options="header"]
+|===
+|Network feature|Availability|Customization supported
+
+|Advertise address|Yes|Yes ^[1]^
+
+|Kubernetes network policy|Yes|Yes
+
+|Kubernetes network policy logs|Not available|N/A
+
+|Load balancing|Yes|Yes
+
+|Multicast DNS|Yes|Yes ^[2]^
+
+|Network proxies|Yes ^[3]^|CRI-O
+
+|Network performance|Yes|MTU configuration
+
+|Egress IPs|Not available|N/A
+
+|Egress firewall|Not available|N/A
+
+|Egress router|Not available|N/A
+
+|Firewall|No ^[4]^|Yes
+
+|Hardware offloading|Not available|N/A
+
+|Hybrid networking|Not available|N/A
+
+|IPsec encryption for intra-cluster communication|Not available|N/A
+
+|IPv6|Not available ^[5]^|N/A
+|===
+
+1. If unset, the default value is set to the next immediate subnet after the service network. For example, when the service network is `10.43.0.0/16`, the `advertiseAddress` is set to `10.44.0.0/32`.
+2. You can use the multicast DNS protocol (mDNS) to allow name resolution and service discovery within a Local Area Network (LAN) using multicast exposed on the `5353/UDP` port.
+3. There is no built-in transparent proxying of egress traffic in {microshift-short}. Egress must be manually configured.
+4. Setting up the firewalld service is supported by {op-system-ostree}.
+5. IPv6 is not available in any configuration.
diff --git a/modules/microshift-cni.adoc b/modules/microshift-cni.adoc
deleted file mode 100644
index 9fb3427552cf..000000000000
--- a/modules/microshift-cni.adoc
+++ /dev/null
@@ -1,118 +0,0 @@
-// Module included in the following assemblies:
-//
-// * microshift_networking/microshift-understanding networking.adoc
-
-:_content-type: CONCEPT
-[id="microshift-cni_{context}"]
-= About the OVN-Kubernetes network plugin
-
-OVN-Kubernetes is the default networking solution for {product-title} deployments. OVN-Kubernetes is a virtualized network for pods and services that is based on Open Virtual Network (OVN). The OVN-Kubernetes Container Network Interface (CNI) plugin is the network plugin for the cluster. A cluster that uses the OVN-Kubernetes network plugin also runs Open vSwitch (OVS) on the node. OVN configures OVS on the node to implement the declared network configuration.
-
-[id="microshift-network-topology_{context}"]
-== Network topology
-OVN-Kubernetes provides an overlay-based networking implementation. This overlay includes an OVS-based implementation of Service and NetworkPolicy. The overlay network uses the Geneve (Generic Network Virtualization Encapsulation) tunnel protocol. The pod maximum transmission unit (MTU) for the Geneve tunnel is set to a smaller value than the MTU of the physical interface on the host. This smaller MTU makes room for the required information that is added to the tunnel header before it is transmitted.
-
-OVS runs as a systemd service on the {product-title} node. The OVS RPM package is installed as a dependency to the `microshift-networking` RPM package. OVS is started immediately when the `microshift-networking` RPM is installed.
-
-.{product-title} network topology
-image:317_RHbM_OVN_topology_0323.png[title="{product-title} uses an overlay-based networking implementation, details follow."]
-
-[id="microshift-description-ovn-logical-components_{context}"]
-=== Description of the OVN logical components of the virtualized network
-OVN node switch::
-A virtual switch named `<node-name>`. The OVN node switch is named according to the hostname of the node.
-** In this example, the `node-name` is `microshift-dev`.
-
-OVN cluster router::
-A virtual router named `ovn_cluster_router`, also known as the distributed router.
-** In this example, the cluster network is `10.42.0.0/16`.
-
-OVN join switch::
-A virtual switch named `join`.
-
-OVN gateway router::
-A virtual router named `GR_<node-name>`, also known as the external gateway router.
-
-OVN external switch::
-A virtual switch named `ext_<node-name>.`
-
-[id="microshift-description-connections-network-topology_{context}"]
-=== Description of the connections in the network topology figure
-* The north-south traffic between the network service device `enp1s0` and the OVN external switch `ext_microshift-dev`, is provided through the OVS patch port by the gateway bridge `br-ex`.
-* The OVN gateway router `GR_microshift-dev` is connected to the external network switch `ext_microshift-dev` through the logical router port 4. Port 4 is attached with the node IP address 192.168.122.14.
-* The join switch `join` connects the OVN gateway router `GR_microshift-dev` to the OVN cluster router `ovn_cluster_router`. The IP address range is 100.62.0.0/16.
-** The OVN gateway router `GR_microshift-dev` connects to the OVN join switch `join` through the logical router port 3. Port 3 attaches with the internal IP address 100.64.0.2.
-** The OVN cluster router `ovn_cluster_router` connects to the join switch `join` through the logical router port 2. Port 2 attaches with the internal IP address 100.64.0.1.
-* The OVN cluster router `ovn_cluster_router` connects to the node switch `microshift-dev` through the logical router port 1. Port 1 is attached with the OVN cluster network IP address 10.42.0.1.
-* The east-west traffic between the pods and the network service is provided by the OVN cluster router `ovn_cluster_router` and the node switch `microshift-dev`. The IP address range is 10.42.0.0/24.
-* The east-west traffic between pods is provided by the node switch `microshift-dev` without network address translation (NAT).
-* The north-south traffic between the pods and the external network is provided by the OVN cluster router `ovn_cluster_router` and the host network. This router is connected through the `ovn-kubernetes` management port `ovn-k8s-mp0`, with the IP address 10.42.0.2.
-* All the pods are connected to the OVN node switch through their interfaces.
-** In this example, Pod 1 and Pod 2 are connected to the node switch through `Interface 1` and `Interface 2`.
-
-[id="microshift-ip-forward_{context}"]
-== IP forward
-The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a cluster fails if `ip_forward` is disabled.
-
-[id="microshift-network-performance_{context}"]
-== Network performance optimizations
-By default, three performance optimizations are applied to OVS services to minimize resource consumption:
-
-* CPU affinity to `ovs-vswitchd.service` and `ovsdb-server.service`
-* `no-mlockall` to `openvswitch.service`
-* Limit handler and `revalidator` threads to `ovs-vswitchd.service`
-
-[id="microshift-network-features_{context}"]
-== Network features
-Networking features available with {product-title} {product-version} include:
-
-* Kubernetes network policy
-* Dynamic node IP
-* Cluster network on specified host interface
-
-Networking features not available with {product-title} {product-version}:
-
-* Egress IP/firewall/qos: disabled
-* Hybrid networking: not supported
-* IPsec: not supported
-* Hardware offload: not supported
-
-//Q: are there immutable network settings we should tell users about?
-[id="microshift-network-comps-svcs_{context}"]
-== {product-title} networking components and services
-This brief overview describes networking components and their operation in {product-title}. The `microshift-networking` RPM is a package that automatically pulls in any networking-related dependencies and systemd services to initialize networking, for example, the `microshift-ovs-init` systemd service.
-
-NetworkManager::
-NetworkManager is required to set up the initial gateway bridge on the {product-title} node. The NetworkManager and `NetworkManager-ovs` RPM packages are installed as dependencies to the `microshift-networking` RPM package, which contains the necessary configuration files. NetworkManager in {product-title} uses the `keyfile` plugin and is restarted after installation of the `microshift-networking` RPM package.
-
-microshift-ovs-init::
-The `microshift-ovs-init.service` is installed by the `microshift-networking` RPM package as a dependent systemd service to microshift.service. It is responsible for setting up the OVS gateway bridge.
-
-OVN containers::
-Two OVN-Kubernetes daemon sets are rendered and applied by {product-title}.
-
-* *ovnkube-master*
-Includes the `northd`, `nbdb`, `sbdb` and `ovnkube-master` containers.
-
-* *ovnkube-node*
-The ovnkube-node includes the OVN-Controller container.
-+
-After {product-title} boots, the OVN-Kubernetes daemon sets are deployed in the `openshift-ovn-kubernetes` namespace.
-
-Packaging::
-OVN-Kubernetes manifests and startup logic are built into {product-title}. The systemd services and configurations included in `microshift-networking` RPM are:
-
-* `/etc/NetworkManager/conf.d/microshift-nm.conf` for NetworkManager.service
-* `/etc/systemd/system/ovs-vswitchd.service.d/microshift-cpuaffinity.conf` for ovs-vswitchd.service
-* `/etc/systemd/system/ovsdb-server.service.d/microshift-cpuaffinity.conf`
-* `/usr/bin/configure-ovs-microshift.sh` for microshift-ovs-init.service
-* `/usr/bin/configure-ovs.sh` for microshift-ovs-init.service
-* `/etc/crio/crio.conf.d/microshift-ovn.conf` for CRI-O service
-
-[id="microshift-bridge-mapping_{context}"]
-== Bridge mappings
-Bridge mappings allow provider network traffic to reach the physical network. Traffic leaves the provider network and arrives at the `br-int` bridge. A patch port between `br-int` and `br-ex` then allows the traffic to traverse to and from the provider network and the edge network. Kubernetes pods are connected to the `br-int` bridge through virtual ethernet pair: one end of the virtual ethernet pair is attached to the pod namespace, and the other end is attached to the `br-int` bridge.
-
-[id="microshift-primary-gateway-interface_{context}"]
-=== Primary gateway interface
-You can specify the desired host interface name in the `ovn.yaml` config file as `gatewayInterface`. The specified interface is added in OVS bridge br-ex which acts as gateway bridge for the CNI network.
diff --git a/modules/microshift-config-cli-manifests.adoc b/modules/microshift-config-cli-manifests.adoc
index 95cc498aaaec..ce3910306fde 100644
--- a/modules/microshift-config-cli-manifests.adoc
+++ b/modules/microshift-config-cli-manifests.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift/using-config-tools.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-config-cli-manifests_{context}"]
 = Using CLI tools and creating manifests
 
-Configure your {product-title} using the supported command line (CLI) arguments and environment variables.
+Configure your {microshift-short} using the supported command line (CLI) arguments and environment variables.
 
 [id="microshift-config-cli-environ-vars_{context}"]
 == Supported command-line arguments and environment variables
diff --git a/modules/microshift-config-etcd.adoc b/modules/microshift-config-etcd.adoc
index ee1128700489..8aa0d43226c9 100644
--- a/modules/microshift-config-etcd.adoc
+++ b/modules/microshift-config-etcd.adoc
@@ -2,9 +2,9 @@
 //
 //* microshift_support/microshift-etcd.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-config-etcd_{context}"]
-= Configuring the memoryLimitMB value to set parameters for the {product-title} etcd server
+= Configuring the memoryLimitMB value to set parameters for the etcd server
 
 By default, etcd will use as much memory as necessary to handle the load on the system. In some memory constrained systems, it might be necessary to limit the amount of memory etcd is allowed to use at a given time.
 
@@ -20,21 +20,21 @@ etcd:
 +
 [NOTE]
 ====
-The minimum permissible value for `memoryLimitMB` on {product-title} is 128 MB. Values close to the minimum value are more likely to impact etcd performance. The lower the limit, the longer etcd takes to respond to queries. If the limit is too low or the etcd usage is high, queries time out.
+The minimum permissible value for `memoryLimitMB` on {microshift-short} is 128 MB. Values close to the minimum value are more likely to impact etcd performance. The lower the limit, the longer etcd takes to respond to queries. If the limit is too low or the etcd usage is high, queries time out.
 ====
 
 .Verification
 
-. After modifying the `memoryLimitMB` value in `/etc/microshift/config.yaml`, restart {product-title} by running the following command:
+. After modifying the `memoryLimitMB` value in `/etc/microshift/config.yaml`, restart {microshift-short} by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl restart microshift
 ----
 
 . Verify the new `memoryLimitMB` value is in use by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ systemctl show --property=MemoryHigh microshift-etcd.scope
 ----
diff --git a/modules/microshift-config-nodeport-limits.adoc b/modules/microshift-config-nodeport-limits.adoc
index 9bf50baee284..33e3b505c92a 100644
--- a/modules/microshift-config-nodeport-limits.adoc
+++ b/modules/microshift-config-nodeport-limits.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift/using-config-tools.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-nodeport-range-limits_{context}"]
 = Extending the port range for NodePort services
 
@@ -10,14 +10,14 @@ The `serviceNodePortRange` setting extends the port range available to NodePort
 
 [IMPORTANT]
 ====
-NodePorts can overlap with system ports, causing a malfunction of the system or {product-title}.
+NodePorts can overlap with system ports, causing a malfunction of the system or {microshift-short}.
 ====
 
 Consider the following when configuring the NodePort service ranges:
 
 * Do not create any NodePort service without an explicit `nodePort` selection. When an explicit `nodePort` is not specified, the port is assigned randomly by the `kube-apiserver` and cannot be predicted.
 
-* Do not create any NodePort service for any system service port, {product-title} port, or other services you expose on your device `HostNetwork`.
+* Do not create any NodePort service for any system service port, {microshift-short} port, or other services you expose on your device `HostNetwork`.
 
 * Table one specifies ports to avoid when extending the port range:
 +
diff --git a/modules/microshift-config-yaml.adoc b/modules/microshift-config-yaml.adoc
index a53845a4b49d..dee37073ea54 100644
--- a/modules/microshift-config-yaml.adoc
+++ b/modules/microshift-config-yaml.adoc
@@ -2,45 +2,17 @@
 //
 // * microshift/using-config-tools.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-config-yaml_{context}"]
 = Using a YAML configuration file
 
-{product-title} searches for a configuration file in the user-specific directory, `~/.microshift/config.yaml`, then the system-wide `/etc/microshift/config.yaml` directory. You must create the configuration file and specify any settings that should override the defaults before starting {product-title}.
+On start up, {microshift-short} searches the system-wide `/etc/microshift/` directory for a configuration file named `config.yaml`. To use custom configurations, you must create the configuration file and specify any settings that are expected to override the defaults before starting {microshift-short}.
 
-[id="microshift-yaml-default_{context}"]
-== Default settings
-If you do not create a `config.yaml` file, the default values are used. The following example configuration contains the default settings. You must change any settings that should override the defaults before starting {product-title}.
-
-.Default YAML file example
-[source,yaml]
-----
-dns:
-  baseDomain: microshift.example.com <1>
-network:
-  clusterNetwork:
-    - cidr: 10.42.0.0/16 <2>
-  serviceNetwork:
-    - 10.43.0.0/16 <3>
-  serviceNodePortRange: 30000-32767 <4>
-node:
-  hostnameOverride: "" <5>
-  nodeIP: "" <6>
-apiServer:
-  subjectAltNames: [] <7>
-debugging:
-  logLevel: "Normal" <8>
-----
-<1> Base domain of the cluster. All managed DNS records will be subdomains of this base.
-<2> A block of IP addresses from which Pod IP addresses are allocated.
-<3> A block of virtual IP addresses for Kubernetes services.
-<4> The port range allowed for Kubernetes services of type NodePort.
-<5> The name of the node. The default value is the hostname.
-<6> The IP address of the node. The default value is the IP address of the default route.
-<7> Subject Alternative Names for API server certificates.
-<8> Log verbosity. Valid values for this field are `Normal`, `Debug`, `Trace`, or `TraceAll`.
+[id="microshift-yaml-custom_{context}"]
+== Custom settings
+To create custom configurations, you must create a `config.yaml` file in the `/etc/microshift/` directory, and then change any settings that are expected to override the defaults before starting or restarting {microshift-short}.
 
 [IMPORTANT]
 ====
-Restart {product-title} after changing any configuration settings to have them take effect. {product-title} reads the configuration file only on start.
+Restart {microshift-short} after changing any configuration settings to have them take effect. The `config.yaml` file is read only when {microshift-short} starts.
 ====
diff --git a/modules/microshift-configuring-hosts-for-mirror.adoc b/modules/microshift-configuring-hosts-for-mirror.adoc
new file mode 100644
index 000000000000..2bf752f9cbf0
--- /dev/null
+++ b/modules/microshift-configuring-hosts-for-mirror.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+// * microshift/running_applications/microshift-deploy-with-mirror-registry.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-configuring-hosts-for-mirror_{context}"]
+= Configuring hosts for mirror registry access
+
+To configure a {microshift-short} host to use a mirror registry, you must give the {microshift-short} host access to the registry by creating a configuration file that maps the Red Hat registry host names to the mirror.
+
+.Prerequisites
+* Your mirror host has access to the internet.
+* The mirror host can access the mirror registry.
+* You configured the mirror registry for use in your restricted network.
+* You downloaded the pull secret and modified it to include authentication to your mirror repository.
+
+.Procedure
+. Log into your {microshift-short} host.
+
+. Enable the SSL certificate trust on any host accessing the mirror registry by completing the following steps:
+
+.. Copy the `rootCA.pem` file from the mirror registry, for example, `<registry_path>/quay-rootCA`, to the {microshift-short} host at the `/etc/pki/ca-trust/source/anchors` directory.
+.. Enable the certificate in the system-wide trust store configuration by running the following command:
++
+[source,terminal]
+----
+$ sudo update-ca-trust
+----
+
+. Create the `/etc/containers/registries.conf.d/999-microshift-mirror.conf` configuration file that maps the Red Hat registry host names to the mirror registry:
++
+.Example mirror configuration file
+[source,terminal]
+----
+[[registry]]
+    prefix = ""
+    location = "<registry_host>:<port>" <1>
+    mirror-by-digest-only = true
+    insecure = false
+
+[[registry]]
+    prefix = ""
+    location = "quay.io"
+    mirror-by-digest-only = true
+[[registry.mirror]]
+    location = "<registry_host>:<port>"
+    insecure = false
+
+[[registry]]
+    prefix = ""
+    location = "registry.redhat.io"
+    mirror-by-digest-only = true
+[[registry.mirror]]
+    location = "<registry_host>:<port>"
+    insecure = false
+
+[[registry]]
+    prefix = ""
+    location = "registry.access.redhat.com"
+    mirror-by-digest-only = true
+[[registry.mirror]]
+    location = "<registry_host>:<port>"
+    insecure = false
+----
+<1> Replace `<registry_host>:<port>` with the host name and port of your mirror registry server, for example, `<microshift-quay:8443>`.
+
+. Enable the {microshift-short} service by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl enable microshift
+----
+
+. Reboot the host by running the following command:
++
+[source,terminal]
+----
+$ sudo reboot
+----
diff --git a/modules/microshift-configuring-ovn.adoc b/modules/microshift-configuring-ovn.adoc
index 51ee910b4918..0ebe62c239e7 100644
--- a/modules/microshift-configuring-ovn.adoc
+++ b/modules/microshift-configuring-ovn.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-config-OVN-K_{context}"]
 = Creating an OVN-Kubernetes configuration file
 
-{product-title} uses built-in default OVN-Kubernetes values if an OVN-Kubernetes configuration file is not created. You can write an OVN-Kubernetes configuration file to `/etc/microshift/ovn.yaml`. An example file is provided for your configuration.
+{microshift-short} uses built-in default OVN-Kubernetes values if an OVN-Kubernetes configuration file is not created. You can write an OVN-Kubernetes configuration file to `/etc/microshift/ovn.yaml`. An example file is provided for your configuration.
 
 .Procedure
 
@@ -21,23 +21,19 @@ $ sudo cp /etc/microshift/ovn.yaml.default /etc/microshift/ovn.yaml
 +
 [source, yaml]
 ----
-$ cat /etc/microshift/ovn.yaml.default
+$ cat /etc/microshift/ovn.yaml
 ----
 +
-.Example 'yaml' configuration file with default values
-
+.Example YAML file with default maximum transmission unit (MTU) value
++
 [source,yaml]
 ----
-ovsInit:
-  disableOVSInit: false
-  gatewayInterface: "" <1>
 mtu: 1400
 ----
-<1> The default value is an empty string that means "not-specified." The CNI network plugin auto-detects to interface with the default route.
 
-. To customize your configuration, use the following table that lists the valid values you can use:
+. To customize your configuration, you can change the MTU value. The table that follows provides details:
 +
-.Supported optional OVN-Kubernetes configurations for {product-title}
+.Supported optional OVN-Kubernetes configurations for {microshift-short}
 
 [cols="5",options="header"]
 |===
@@ -47,18 +43,6 @@ mtu: 1400
 |Description
 |Example
 
-|`ovsInit.disableOVSInit`
-|bool
-|false
-|Skip configuring OVS bridge `br-ex` in `microshift-ovs-init.service`
-|true ^[1]^
-
-|`ovsInit.gatewayInterface`
-|Alpha
-|eth0
-|Ingress that is the API gateway
-|eth0
-
 |mtu
 |uint32
 |auto
@@ -66,27 +50,14 @@ mtu: 1400
 |1300
 |===
 +
-[.small]
---
-1. The OVS bridge is required. When `disableOVSInit` is true, OVS bridge `br-ex` must be configured manually.
-+
 [IMPORTANT]
 ====
 If you change the `mtu` configuration value in the `ovn.yaml` file, you must restart the host that {product-title} is running on to apply the updated setting.
 ====
---
-
++
 .Example custom `ovn.yaml` configuration file
-
++
 [source, yaml]
 ----
-ovsInit:
-  disableOVSInit: true
-  gatewayInterface: eth0
 mtu: 1300
 ----
-
-[IMPORTANT]
-====
-When `disableOVSInit` is set to true in the `ovn.yaml` config file, the `br-ex` OVS bridge must be manually configured.
-====
diff --git a/modules/microshift-creating-ostree-iso.adoc b/modules/microshift-creating-ostree-iso.adoc
index bb49b8bce4d0..8a122d138303 100644
--- a/modules/microshift-creating-ostree-iso.adoc
+++ b/modules/microshift-creating-ostree-iso.adoc
@@ -1,26 +1,27 @@
 // Module included in the following assemblies:
 //
-// microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-update-rpms-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-creating-ostree-iso_{context}"]
-= Creating the {op-system-ostree-first} image
+= Creating the {op-system-ostree} image
 
-Use the following procedure to create the ISO. The {op-system-ostree} Installer image pulls the commit from the running container and creates an installable boot ISO with a Kickstart file configured to use the embedded OSTree commit.
+Use the following procedure to create the ISO. The {op-system-ostree} Installer image pulls the commit from the running container and creates an installable boot ISO with a Kickstart file configured to use the embedded `rpm-ostree` commit.
 
 .Prerequisites
 * Your build host meets the Image Builder system requirements.
 * You have installed and set up Image Builder and the `composer-cli` tool.
 * You have root-user access to your build host.
-* You have the `podman` tool.
+* You have installed the `podman` tool.
 
 .Procedure
 
 . Start an `ostree` container image build by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ BUILDID=$(sudo composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" minimal-microshift edge-container | awk '{print $2}')
+$ BUILDID=$(sudo composer-cli compose start-ostree --ref "rhel/{op-system-version-major}/$(uname -m)/edge" minimal-microshift edge-container | awk '{print $2}')
 ----
 +
 This command also returns the identification (ID) of the build for monitoring.
@@ -94,9 +95,9 @@ This command also returns the ID of the container saved in the `IMAGEID` variabl
 
 . Generate the installer blueprint file by running the following command:
 +
-[source,terminal]
+[source,text]
 ----
-$ cat > microshift-installer.toml <<EOF
+cat > microshift-installer.toml <<EOF
 name = "microshift-installer"
 
 description = ""
@@ -105,4 +106,4 @@ modules = []
 groups = []
 packages = []
 EOF
-----
\ No newline at end of file
+----
diff --git a/modules/microshift-cri-o-container-runtime.adoc b/modules/microshift-cri-o-container-runtime.adoc
index f79ea297f283..dab74868130b 100644
--- a/modules/microshift-cri-o-container-runtime.adoc
+++ b/modules/microshift-cri-o-container-runtime.adoc
@@ -2,33 +2,69 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-CRI-O-container-engine_{context}"]
 = Using a proxy in the CRI-O container runtime
 
-To use an HTTP(S) proxy in `CRI-O`, you need to set the `HTTP_PROXY` and `HTTPS_PROXY` environment variables. You can also set the `NO_PROXY` variable to exclude a list of hosts from being proxied.
+To use an HTTP(S) proxy in `CRI-O`, you must add a `Service` section to the configuration file and set the `HTTP_PROXY` and `HTTPS_PROXY` environment variables. You can also set the `NO_PROXY` variable to exclude a list of hosts from being proxied.
 
 .Procedure
 
+. Create the directory for the configuration file if it does not exist:
++
+[source,terminal]
+----
+$ sudo mkdir /etc/systemd/system/crio.service.d/
+----
+
 . Add the following settings to the `/etc/systemd/system/crio.service.d/00-proxy.conf` file:
 +
-[source, config]
+[source,config]
 ----
+[Service]
 Environment=NO_PROXY="localhost,127.0.0.1"
 Environment=HTTP_PROXY="http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_PORT/"
 Environment=HTTPS_PROXY="http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_PORT/"
 ----
++
+[IMPORTANT]
+====
+You must define the `Service` section of the configuration file for the environment variables or the proxy settings fail to apply.
+====
 
 . Reload the configuration settings:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl daemon-reload
 ----
 
-. Restart the CRI-O service to apply the settings:
+. Restart the CRI-O service:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl restart crio
 ----
+
+. Restart the {microshift-short} service to apply the settings:
++
+[source,terminal]
+----
+$ sudo systemctl restart microshift
+----
+
+.Verification
+
+. Verify that pods are started by running the following command and examining the output:
++
+[source,terminal]
+----
+$ oc get all -A
+----
+
+. Verify that {microshift-short} is able to pull container images by running the following command and examining the output:
++
+[source,terminal]
+----
+$ sudo crictl images
+----
diff --git a/modules/microshift-default-settings.adoc b/modules/microshift-default-settings.adoc
new file mode 100644
index 000000000000..c5d164a2f88c
--- /dev/null
+++ b/modules/microshift-default-settings.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * microshift_configuring/microshift-using-config-tools.adoc
+// * microshift_networking/
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-yaml-default_{context}"]
+= Default settings
+
+If you do not create a `config.yaml` file, default values are used. The following example shows the default configuration settings.
+
+*  To see the default values, run the following command:
++
+[source,terminal]
+----
+$ microshift show-config
+----
++
+.Default values example output in YAML form
+[source,yaml]
+----
+dns:
+  baseDomain: microshift.example.com <1>
+network:
+  clusterNetwork:
+    - 10.42.0.0/16 <2>
+  serviceNetwork:
+    - 10.43.0.0/16 <3>
+  serviceNodePortRange: 30000-32767 <4>
+node:
+  hostnameOverride: "" <5>
+  nodeIP: "" <6>
+apiServer:
+  advertiseAddress: 10.44.0.0/32 <7>
+  subjectAltNames: [] <8>
+debugging:
+  logLevel: "Normal" <9>
+----
+<1> Base domain of the cluster. All managed DNS records will be subdomains of this base.
+<2> A block of IP addresses from which Pod IP addresses are allocated.
+<3> A block of virtual IP addresses for Kubernetes services.
+<4> The port range allowed for Kubernetes services of type NodePort.
+<5> The name of the node. The default value is the hostname.
+<6> The IP address of the node. The default value is the IP address of the default route.
+<7> A string that specifies the IP address from which the API server is advertised to members of the cluster. The default value is calculated based on the address of the service network.
+<8> Subject Alternative Names for API server certificates.
+<9> Log verbosity. Valid values for this field are `Normal`, `Debug`, `Trace`, or `TraceAll`.
\ No newline at end of file
diff --git a/modules/microshift-deploying-a-load-balancer.adoc b/modules/microshift-deploying-a-load-balancer.adoc
index 205aca8d4029..f054c26af4e9 100644
--- a/modules/microshift-deploying-a-load-balancer.adoc
+++ b/modules/microshift-deploying-a-load-balancer.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-deploying-a-load-balancer_{context}"]
 = Deploying a load balancer for a workload
 
-{product-title} offers a built-in implementation of network load balancers. The following example procedure uses the node IP address as the external IP address for the `LoadBalancer` service configuration file.
+{microshift-short} has a built-in implementation of network load balancers. The following example procedure uses the node IP address as the external IP address for the `LoadBalancer` service configuration file. You can use this example as guidance for how to deploy load balancers for your workloads.
 
 .Prerequisites
 
diff --git a/modules/microshift-disconnected-host-con.adoc b/modules/microshift-disconnected-host-con.adoc
new file mode 100644
index 000000000000..c6f5457df185
--- /dev/null
+++ b/modules/microshift-disconnected-host-con.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-disconnected-network-config.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-disconnected-host-preparation_{context}"]
+= Preparing networking for fully disconnected hosts
+
+Use the procedure that follows to start and run {microshift-short} clusters on devices running fully disconnected operating systems. A {microshift-short} host is considered fully disconnected if it has no external network connectivity.
+
+Typically this means that the device does not have an attached network interface controller (NIC) to provide a subnet. These steps can also be completed on a host with a NIC that is removed after setup. You can also automate these steps on a host that does not have a NIC by using the `%post` phase of a Kickstart file.
+
+[IMPORTANT]
+====
+Configuring networking settings for disconnected environments is necessary because {microshift-short} requires a network device to support cluster communication. To meet this requirement, you must configure {microshift-short} networking settings to use the "fake" IP address you assign to the system loopback device during setup.
+====
+
+[id="microshift-disconnected-host-procedure-summary{context}"]
+== Procedure summary
+
+To run {microshift-short} on a disconnected host, the following steps are required:
+
+Prepare the host::
+* Stop {microshift-short} if it is currently running and clean up changes the service has made to the network.
+* Set a persistent hostname.
+* Add a “fake” IP address on the loopback interface.
+* Configure DNS to use the fake IP as local name server.
+* Add an entry for the hostname to `/etc/hosts`.
+
+Update the {microshift-short} configuration::
+* Define the `nodeIP` parameter as the new loopback IP address.
+* Set the `.node.hostnameOverride` parameter to the persistent hostname.
+
+For the changes to take effect::
+* Disable the default NIC if attached.
+* Restart the host or device.
+
+After starting, {microshift-short} runs using the loopback device for within-cluster communication.
diff --git a/modules/microshift-disconnected-host-procedure.adoc b/modules/microshift-disconnected-host-procedure.adoc
new file mode 100644
index 000000000000..0ec6e9638726
--- /dev/null
+++ b/modules/microshift-disconnected-host-procedure.adoc
@@ -0,0 +1,120 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-disconnected-network-config.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-disconnected-host-network-config_{context}"]
+= Configuring the networking settings for fully disconnected hosts
+
+To configure the networking settings for running {microshift-short} on a fully disconnected host, you must prepare the host, update the networking configuration, then restart to apply the new settings. All commands are executed from the host CLI.
+
+.Prerequisites
+* RHEL 9 or newer.
+* {microshift-short} 4.14 or newer.
+* Access to the host CLI.
+* A valid IP address chosen to avoid both internal and potential future external IP conflicts when running {microshift-short}.
+* {microshift-short} networking settings are set to defaults.
+
+[IMPORTANT]
+====
+The following procedure is for use cases in which access to the {microshift-short} cluster is not required after devices are deployed in the field. There is no remote cluster access after the network connection is removed.
+====
+
+.Procedure
+
+. Add a fake IP address to the loopback interface by running the following command:
++
+[source,terminal]
+----
+$ IP="10.44.0.1" <1>
+$ sudo nmcli con add type loopback con-name stable-microshift ifname lo ip4 ${IP}/32
+----
+<1> The fake IP address used in this example is “10.44.0.1”.
++
+[NOTE]
+====
+Any valid IP works if it avoids both internal {microshift-short} and potential future external IP conflicts. This can be any subnet that does not collide with the {microshift-short} node subnet or is be accessed by other services on the device.
+====
+
+. Configure the DNS interface to use the local name server by setting modifying the settings to ignore automatic DNS and reset it to the local name server:
++
+.. Bypass the automatic DNS by running the following command:
++
+[source,terminal]
+----
+$ sudo nmcli conn modify stable-microshift ipv4.ignore-auto-dns yes
+----
++
+.. Point the DNS interface to use the local name server:
++
+[source,terminal]
+----
+$ sudo nmcli conn modify stable-microshift ipv4.dns "10.44.1.1"
+----
+
+. Get the hostname of the device by running the following command:
++
+[source,terminal]
+----
+$ NAME="$(hostnamectl hostname)"
+----
+
+. Add an entry for the hostname of the node in the `/etc/hosts` file by running the following command:
++
+[source,terminal]
+----
+$ echo "$IP $NAME" | sudo tee -a /etc/hosts >/dev/null
+----
+
+. Update the {microshift-short} configuration file by adding the following YAML snippet to `/etc/microshift/config.yaml`:
++
+[source,terminal]
+----
+sudo tee /etc/microshift/config.yaml > /dev/null <<EOF
+node:
+  hostnameOverride: hostnameOverride: $(echo $NAME)
+  nodeIP: $(echo $IP)
+EOF
+----
+
+. {microshift-short} is now ready to use the loopback device for cluster communications. Finish preparing the device for offline use.
+
+.. If the device currently has a NIC attached, disconnect the device from the network.
+.. Shut down the device and disconnect the NIC.
+.. Restart the device for the offline configuration to take effect.
+
+. Restart the {microshift-short} host to apply the configuration changes by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl reboot <1>
+----
+<1> This step restarts the cluster. Wait for the greenboot health check to report the system healthy before implementing verification.
+
+.Verification
+
+At this point, network access to the {microshift-short} host has been severed. If you have access to the host terminal, you can use the host CLI to verify that the cluster has started in a stable state.
+
+. Verify that the {microshift-short} cluster is running by entering the following command:
++
+[source,terminal]
+----
+$ export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig
+$ sudo -E oc get pods -A
+----
++
+.Example output
+[source,terminal]
+----
+NAMESPACE                  NAME                                       READY   STATUS    RESTARTS      AGE
+kube-system                csi-snapshot-controller-74d566564f-66n2f   1/1     Running   0             1m
+kube-system                csi-snapshot-webhook-69bdff8879-xs6mb      1/1     Running   0             1m
+openshift-dns              dns-default-dxglm                          2/2     Running   0             1m
+openshift-dns              node-resolver-dbf5v                        1/1     Running   0             1m
+openshift-ingress          router-default-8575d888d8-xmq9p            1/1     Running   0             1m
+openshift-ovn-kubernetes   ovnkube-master-gcsx8                       4/4     Running   1             1m
+openshift-ovn-kubernetes   ovnkube-node-757mf                         1/1     Running   1             1m
+openshift-service-ca       service-ca-7d7c579f54-68jt4                1/1     Running   0             1m
+openshift-storage          topolvm-controller-6d777f795b-bx22r        5/5     Running   0             1m
+openshift-storage          topolvm-node-fcf8l                         4/4     Running   0             1m
+----
diff --git a/modules/microshift-download-iso-prep-for-use.adoc b/modules/microshift-download-iso-prep-for-use.adoc
index dd7675fc1281..e42ee4b1053b 100644
--- a/modules/microshift-download-iso-prep-for-use.adoc
+++ b/modules/microshift-download-iso-prep-for-use.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
-// microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-embed-into-rpm-ostree.adoc
+// * microshift/microshift-update-rpms-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-download-iso-prep-for-use_{context}"]
 = Download the ISO and prepare it for use
 
diff --git a/modules/microshift-downloading-container-images.adoc b/modules/microshift-downloading-container-images.adoc
new file mode 100644
index 000000000000..274f08208912
--- /dev/null
+++ b/modules/microshift-downloading-container-images.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * microshift/running_applications/microshift-deploy-with-mirror-registry.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-downloading-container-images_{context}"]
+= Downloading container images
+
+After you have located the container list and completed the mirroring prerequisites, download the container images to a host with internet access.
+
+.Prerequisites
+
+* You are logged into a host with access to the internet.
+* You have ensured that the `.pull-secret-mirror.json` file and `microshift-containers` directory contents are available locally.
+
+.Procedure
+
+. Install the `skopeo` tool used for copying the container images by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf install -y skopeo
+----
+
+. Set the environment variable that points to the pull secret file:
++
+[source,terminal]
+----
+$ PULL_SECRET_FILE=~/.pull-secret-mirror.json
+----
+
+. Set the environment variable that points to the list of container images:
++
+[source,terminal]
+----
+$ IMAGE_LIST_FILE=~/microshift-container-refs.txt
+----
+
+. Set the environment variable that points to the destination directory for storing the downloaded data:
++
+[source,terminal]
+----
+$ IMAGE_LOCAL_DIR=~/microshift-containers
+----
+
+. Run the following script to download the container images to the `${IMAGE_LOCAL_DIR}` directory:
++
+[source,terminal]
+----
+while read -r src_img ; do
+   # Remove the source registry prefix
+   dst_img=$(echo "${src_img}" | cut -d '/' -f 2-)
+
+   # Run the image download command
+   echo "Downloading '${src_img}' to '${IMAGE_LOCAL_DIR}'"
+   mkdir -p "${IMAGE_LOCAL_DIR}/${dst_img}"
+   skopeo copy --all --quiet \
+      --preserve-digests \
+      --authfile "${PULL_SECRET_FILE}" \
+      docker://"${src_img}" dir://"${IMAGE_LOCAL_DIR}/${dst_img}"
+
+done < "${IMAGE_LIST_FILE}"
+----
+
+. Transfer the image set to the target environment, such as air-gapped site. Then you can upload the image set into the mirror registry.
\ No newline at end of file
diff --git a/modules/microshift-embed-app-rpms-tutorial.adoc b/modules/microshift-embed-app-rpms-tutorial.adoc
new file mode 100644
index 000000000000..8614bf8a3480
--- /dev/null
+++ b/modules/microshift-embed-app-rpms-tutorial.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embedding-apps-tutorial.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-embed-app-rpms-tutorial_{context}"]
+= Embed application RPMs tutorial
+
+The following tutorial reviews the {microshift-short} installation steps and adds a description of the workflow for embedding applications. If you are already familiar with `rpm-ostree` systems such as {op-system-ostree-first} and {microshift-short}, you can go straight to the procedures.
+
+[id="microshift-installation-workflow-review_{context}"]
+== Installation workflow review
+Embedding applications requires a similar workflow to embedding {microshift-short} into a {op-system-ostree} image.
+
+* The following image shows how system artifacts such as RPMs, containers, and files are added to a blueprint and used by the image composer to create an ostree commit.
+* The ostree commit then can follow either the ISO path or the repository path to edge devices.
+* The ISO path can be used for disconnected environments, while the repository path is often used in places were the network is usually connected.
+
+.Embedding {microshift-short} workflow
+image:468_RHbM_install_workflow_1023_1.png[title="Embedding MicroShift in a RHEL for Edge image workflow."]
+
+Reviewing these steps can help you understand the steps needed to embed an application:
+
+. To embed {microshift-short} on {op-system-ostree}, you added the {microshift-short} repositories to Image Builder.
+
+. You created a blueprint that declared all the RPMs, container images, files and customizations you needed, including the addition of {microshift-short}.
+
+. You added the blueprint to Image Builder and ran a build with the Image Builder CLI tool (`composer-cli`). This step created `rpm-ostree` commits, which were used to create the container image. This image contained {op-system-ostree}.
+
+. You added the installer blueprint to Image Builder to create an `rpm-ostree` image (ISO) to boot from. This build contained both {op-system-ostree} and {microshift-short}.
+
+. You downloaded the ISO with {microshift-short} embedded, prepared it for use, provisioned it, then installed it onto your edge devices.
+
+[id="microshift-embed-app-rpms-workflow_{context}"]
+== Embed application RPMs workflow
+
+After you have set up a build host that meets the Image Builder requirements, you can add your application in the form of a directory of manifests to the image. After those steps, the simplest way to embed your application or workload into a new ISO is to create your own RPMs that include the manifests. Your application RPMs contain all of the configuration files describing your deployment.
+
+The following "Embedding applications workflow" image shows how Kubernetes application manifests and RPM spec files are combined in a single application RPM build. This build becomes the RPM artifact included in the workflow for embedding {microshift-short} in an ostree commit.
+
+.Embedding applications workflow
+image:468_RHbM_install_workflow_1023_2.png[title="Embedding applications workflow."]
+
+The following procedures use the `rpmbuild` tool to create a specification file and local repository. The specification file defines how the package is built, moving your application manifests to the correct location inside the RPM package for {microshift-short} to pick them up. That RPM package is then embedded in the ISO.
diff --git a/modules/microshift-embed-images-offline-use.adoc b/modules/microshift-embed-images-offline-use.adoc
new file mode 100644
index 000000000000..e82295077231
--- /dev/null
+++ b/modules/microshift-embed-images-offline-use.adoc
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embed-microshift-apps-on-rhel-edge.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-embed-images-offline-use_{context}"]
+= Embedding workload container images for offline use
+
+To embed container images in devices at the edge that do not have any network connection, you must create a new container, mount the ISO, and then copy the contents into the file system.
+
+.Prerequisites
+
+* You have root access to the host.
+* Application RPMs have been added to a blueprint.
+
+.Procedure
+
+. Render the manifests, extract all of the container image references, and translate the application image to blueprint container sources by running the following command:
++
+[source,terminal]
+----
+$ oc kustomize ~/manifests | grep "image:" | grep -oE '[^ ]+$' | while read line; do echo -e "[[containers]]\nsource = \"${line}\"\n"; done >><my_blueprint>.toml
+----
+
+. Push the updated blueprint to Image Builder by running the following command:
++
+[source, terminal]
+----
+$ sudo composer-cli blueprints push <my_blueprint>.toml
+----
+
+. If your workload containers are located in a private repository, you must provide Image Builder with the necessary pull secrets:
+
+.. Set the `auth_file_path` in the `[containers]` section of the `osbuilder worker` configuration in the `/etc/osbuild-worker/osbuild-worker.toml` file to point to the pull secret.
+
+.. If needed, create a directory and file for the pull secret, for example:
++
+.Example directory and file
++
+[source,terminal]
+----
+[containers]
+auth_file_path = "/<path>/pull-secret.json" <1>
+----
+<1> Use the custom location previously set for copying and retrieving images.
+
+. Build the container image by running the following command:
++
+[source,terminal]
+----
+$ sudo composer-cli compose start-ostree <my_blueprint> edge-commit
+----
+
+. Proceed with your preferred `rpm-ostree` image flow, such as waiting for the build to complete, exporting the image and integrating it into your `rpm-ostree` repository or creating a bootable ISO.
diff --git a/modules/microshift-embed-microshift-build-image.adoc b/modules/microshift-embed-microshift-build-image.adoc
new file mode 100644
index 000000000000..9db1fd6f35ea
--- /dev/null
+++ b/modules/microshift-embed-microshift-build-image.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embed-microshift-offline-deploy.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-embed-microshift-build-image-offline-deployment_{context}"]
+= Build and use the rpm-ostree image for offline deployments
+
+You can use Image Builder to create `rpm-ostree` system images with embedded {microshift-short} container images. To embed container images, you must add the image references to your Image Builder blueprint. You can create the commit and ISO as needed for your use case.
+
+Add the prerequisites listed here to the ones that are included in the procedures that follow.
+
+[id="microshift-embed-microshift-build-image-offline-deployment-prereqs_{context}"]
+== Additional prerequisites for offline deployments
+
+* You have created and updated a {op-system-ostree} image blueprint for offline use. The following procedures use the example of a blueprint created with container images. You must use the updated blueprint you created in the "Embedding MicroShift containers for offline deployments" procedure.
+* You have updated the `/etc/osbuild-worker/osbuild-worker.toml` configuration file for offline use.
+
+[IMPORTANT]
+====
+Replace `minimal-microshift.toml` in the following procedures with the name of the TOML you updated for offline use, <my_blueprint_name>.
+====
diff --git a/modules/microshift-embed-microshift-image-offline-deploy.adoc b/modules/microshift-embed-microshift-image-offline-deploy.adoc
new file mode 100644
index 000000000000..33ca895a6227
--- /dev/null
+++ b/modules/microshift-embed-microshift-image-offline-deploy.adoc
@@ -0,0 +1,117 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embed-microshift-offline-deploy.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-embed-microshift-image-offline-deployment_{context}"]
+= Embedding {microshift-short} containers for offline deployments
+
+You can use Image Builder to create `rpm-ostree` system images with embedded {microshift-short} container images. To embed container images, you must add the image references to your Image Builder blueprint.
+
+.Prerequisites
+
+* You have root-user access to your build host.
+* Your build host meets the Image Builder system requirements.
+* You have installed and set up Image Builder and the `composer-cli` tool.
+* You have created a {op-system-ostree} image blueprint.
+* You have installed jq.
+
+.Procedure
+
+. Get the exact list of container image references used by the {microshift-short} version you are deploying. You can either install the `microshift-release-info` RPM package by following step 2 or download and unpack the RPM by following step 3.
+
+. To install the `microshift-release-info` RPM package:
+
+.. Install the `microshift-release-info` RPM package by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf install -y microshift-release-info-<release_version>
+----
+Replace `<release_version>` with the numerical value of the release you are deploying, using the entire version number, such as `4.15.0`.
+
+.. List the contents of the `/usr/share/microshift/release` directory to verify the presence of the release information files by running the following command:
++
+[source,terminal]
+----
+$ ls /usr/share/microshift/release
+----
++
+.Example output
+[source,terminal]
+----
+release-x86_64.json
+release-aarch64.json
+----
++
+If you installed the `microshift-release-info` RPM, you can proceed to step 4.
+
+. If you did not complete step 2, download and unpack the `microshift-release-info` RPM without installing it:
+
+.. Download the RPM package by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf download microshift-release-info-<release_version>
+----
+Replace `<release_version>` with the numerical value of the release you are deploying, using the entire version number, such as `4.15.0`.
++
+.Example rpm
+[source,terminal]
+----
+microshift-release-info-4.15.0.*.el9.noarch.rpm <1>
+----
+<1> The `*` represents the date and commit ID. Your output should contain both, for example `-202311101230.p0.g7dc6a00.assembly.4.15.0`.
+
+.. Unpack the RPM package without installing it by running the following command:
++
+[source,terminal]
+----
+$ rpm2cpio <my_microshift_release_info> | cpio -idmv <1>
+./usr/share/microshift/release/release-aarch64.json
+./usr/share/microshift/release/release-x86_64.json
+----
+<1> Replace `<my_microshift_release_info>` with the name of the RPM package from the previous step.
+
+. Define the location of your JSON file, which contains the container reference information, by running the following command:
++
+[source,terminal]
+----
+$ RELEASE_FILE=</path/to/your/release-$(uname -m).json>
+----
+Replace `</path/to/your/release-$(uname -m).json>` with the full path to your JSON file. Be sure to use the file needed for your architecture.
+
+. Define the location of your TOML file, which contains instructions for building the image, by running the following command:
++
+[source,terminal]
+----
+$ BLUEPRINT_FILE=</path/to/your/blueprint.toml>
+----
+Replace `</path/to/your/blueprint.toml>` with the full path to your JSON file.
+
+. Generate and then embed the container image references in your blueprint TOML file by running the following command:
++
+[source,terminal]
+----
+$  jq -r '.images | .[] | ("[[containers]]\nsource = \"" + . + "\"\n")' "${RELEASE_FILE}" >> "${BLUEPRINT_FILE}"
+----
++
+.Example resulting `<my_blueprint.toml>` fragment showing container references
+[source,terminal]
+----
+[[containers]]
+source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82cfef91557f9a70cff5a90accba45841a37524e9b93f98a97b20f6b2b69e5db"
+
+[[containers]]
+source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82cfef91557f9a70cff5a90accba45841a37524e9b93f98a97b20f6b2b69e5db"
+----
+
+. You can manually embed any container image by adding it to the Image Builder blueprint using the following example:
++
+.Example section for manually embedding container image to Image Builder
+[source,terminal]
+----
+[[containers]]
+source = "<my_image_pullspec_with_tag_or_digest>"
+----
+Replace `<my_image_pullspec_with_tag_or_digest>` with the exact reference to a container image used by the {microshift-short} version you are deploying.
diff --git a/modules/microshift-embed-microshift-update-osbuilder-worker.adoc b/modules/microshift-embed-microshift-update-osbuilder-worker.adoc
new file mode 100644
index 000000000000..51efbafc5798
--- /dev/null
+++ b/modules/microshift-embed-microshift-update-osbuilder-worker.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embed-microshift-offline-deploy.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-embed-microshift-update-osbuilder-worker_{context}"]
+= Updating osbuilder worker configuration to prepare for image building
+
+After you have updated the blueprint, you must update the osbuilder worker configuration to prepare for building the image with embedded {microshift-short} containers.
+
+.Prerequisites
+
+* You have root-user access to your build host.
+* Your build host meets the Image Builder system requirements.
+* You have installed and set up Image Builder and the `composer-cli` tool.
+
+[NOTE]
+====
+You can create an `/etc/osbuild-worker/osbuild-worker.toml` directory and configuration file if they do not exist.
+====
+
+.Procedure
+
+. Add a pull secret for authenticating to the registry by setting the `auth_file_path` in the `[containers]` section of the `/etc/osbuild-worker/osbuild-worker.toml` osbuilder worker configuration file:
++
+[source,terminal]
+----
+[containers]
+auth_file_path = "/etc/osbuild-worker/pull-secret.json"
+----
+
+. Restart the `osbuild-worker` to apply configuration changes by restarting the host. Restarting the host ensures that all `osbuild-worker` services currently running are restarted.
diff --git a/modules/microshift-etcd-version.adoc b/modules/microshift-etcd-version.adoc
new file mode 100644
index 000000000000..9e3f7aabd5d4
--- /dev/null
+++ b/modules/microshift-etcd-version.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * microshift_troubleshooting/microshift-version.adoc
+// * microshift_support/microshift-etcd.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-version-etcd_{context}"]
+= Checking the etcd version
+
+You can get the version information for the etcd database included with your {microshift-short}.
+
+.Procedure
+
+* To display the base database version information, run the following command:
++
+[source,terminal]
+----
+$ microshift-etcd version
+----
++
+.Example output
+[source,terminal,subs="attributes+"]
+----
+microshift-etcd Version: 4.15.1
+Base etcd Version: 3.5.10
+----
+
+* To display the full database version information, run the following command:
++
+[source,terminal]
+----
+$ microshift-etcd version -o json
+----
++
+.Example output
+[source,terminal,subs="attributes+"]
+----
+{
+  "major": "4",
+  "minor": "15",
+  "gitVersion": "4.15.1",
+  "gitCommit": "2e182312718cc9d267ec71f37dc2fbe2eed01ee2",
+  "gitTreeState": "clean",
+  "buildDate": "2024-01-09T06:51:40Z",
+  "goVersion": "go1.20.10",
+  "compiler": "gc",
+  "platform": "linux/amd64",
+  "patch": "",
+  "etcdVersion": "3.5.10"
+}
+----
\ No newline at end of file
diff --git a/modules/microshift-exposed-audit-ports-hostnetwork.adoc b/modules/microshift-exposed-audit-ports-hostnetwork.adoc
new file mode 100644
index 000000000000..d0bc51d62b53
--- /dev/null
+++ b/modules/microshift-exposed-audit-ports-hostnetwork.adoc
@@ -0,0 +1,68 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-networking-settings.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-exposed-audit-ports-hostnetwork_{context}"]
+
+== hostNetwork
+
+When a pod is configured with the `hostNetwork:true` setting, the pod is running in the host network namespace. This configuration can independently open host ports. {microshift-short} component logs cannot be used to track this case, the ports are subject to firewalld rules. If the port opens in firewalld, you can view the port opening in the firewalld debug log.
+
+.Prerequisites 
+
+* You have root user access to your build host.
+
+.Procedure
+
+. Optional: You can check that the `hostNetwork:true` parameter is set in your ovnkube-node pod by using the following example command:
++
+[source,terminal]
+----
+$ sudo oc get pod -n openshift-ovn-kubernetes <ovnkube-node-pod-name> -o json | jq -r '.spec.hostNetwork' true
+----
+
+. Enable debug in the firewalld log by running the following command:
++
+[source,terminal]
+----
+$ sudo vi /etc/sysconfig/firewalld
+FIREWALLD_ARGS=--debug=10
+----
+
+. Restart the firewalld service:
++
+[source,terminal]
+----
+$ sudo systemctl restart firewalld.service
+----
+
+. To verify that the debug option was added properly, run the following command:
++
+[source,terminal]
+----
+$ sudo systemd-cgls -u firewalld.service
+----
++
+The firewalld debug log is stored in the `/var/log/firewalld` path.
++
+.Example logs for when the port open rule is added:
+[source,terminal]
+----
+2023-06-28 10:46:37 DEBUG1: config.getZoneByName('public')
+2023-06-28 10:46:37 DEBUG1: config.zone.7.addPort('8080', 'tcp')
+2023-06-28 10:46:37 DEBUG1: config.zone.7.getSettings()
+2023-06-28 10:46:37 DEBUG1: config.zone.7.update('...')
+2023-06-28 10:46:37 DEBUG1: config.zone.7.Updated('public')
+----
++
+.Example logs for when the port open rule is removed:
+[source,terminal]
+----
+2023-06-28 10:47:57 DEBUG1: config.getZoneByName('public')
+2023-06-28 10:47:57 DEBUG2: config.zone.7.Introspect()
+2023-06-28 10:47:57 DEBUG1: config.zone.7.removePort('8080', 'tcp')
+2023-06-28 10:47:57 DEBUG1: config.zone.7.getSettings()
+2023-06-28 10:47:57 DEBUG1: config.zone.7.update('...')
+2023-06-28 10:47:57 DEBUG1: config.zone.7.Updated('public')
+----
\ No newline at end of file
diff --git a/modules/microshift-exposed-audit-ports-hostport.adoc b/modules/microshift-exposed-audit-ports-hostport.adoc
new file mode 100644
index 000000000000..34388bc3ecda
--- /dev/null
+++ b/modules/microshift-exposed-audit-ports-hostport.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-networking-settings.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-exposed-audit-ports-hostport_{context}"]
+== hostPort
+
+You can access the hostPort setting logs in {microshift-short}. The following logs are examples for the hostPort setting:
+
+.Procedure
+
+* You can access the logs by running the following command: 
++
+[source,terminal]
+----
+$ journalctl -u crio | grep "local port"
+----
++
+.Example CRI-O logs when the host port is opened:
+[source,terminal]
+----
+$ Jun 25 16:27:37 rhel92 crio[77216]: time="2023-06-25 16:27:37.033003098+08:00" level=info msg="Opened local port tcp:443"
+----
++
+.Example CRI-O logs when the host port is closed:
+[source,terminal]
+----
+$ Jun 25 16:24:11 rhel92 crio[77216]: time="2023-06-25 16:24:11.342088450+08:00" level=info msg="Closing host port tcp:443"
+----
diff --git a/modules/microshift-exposed-audit-ports-loadbalancer.adoc b/modules/microshift-exposed-audit-ports-loadbalancer.adoc
new file mode 100644
index 000000000000..863fa7c4742e
--- /dev/null
+++ b/modules/microshift-exposed-audit-ports-loadbalancer.adoc
@@ -0,0 +1,62 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-networking-settings.adoc
+
+:_mod-docs-content-type: PROCEDURE 
+[id="microshift-exposed-audit-ports-loadbalancer_{context}"]
+
+== NodePort and LoadBalancer service
+
+OVN-Kubernetes opens host ports for `NodePort` and `LoadBalancer` service types. These services add iptables rules that take the ingress traffic from the host port and forwards it to the clusterIP. Logs for the `NodePort` and `LoadBalancer` services are presented in the following examples:
+
+.Procedure 
+
+. To access the name of your `ovnkube-master` pods, run the following command: 
++
+[source,terminal]
+----
+$ oc get pods -n openshift-ovn-kubernetes | awk '/ovnkube-master/{print $1}'
+----
++
+.Example `ovnkube-master` pod name
+[source,terminal]
+----
+ovnkube-master-n2shv
+----
+
+. You can access the `NodePort` and `LoadBalancer` services logs using your `ovnkube-master` pod and running the following example command:
++
+[source,terminal]
+----
+$ oc logs -n openshift-ovn-kubernetes <ovnkube-master-pod-name> ovnkube-master | grep -E "OVN-KUBE-NODEPORT|OVN-KUBE-EXTERNALIP"
+----
++
+--
+*NodePort service:*
+
+.Example logs in the ovnkube-master container of the ovnkube-master pod when a host port is open:
+[source,terminal]
+----
+$ I0625 09:07:00.992980 2118395 iptables.go:27] Adding rule in table: nat, chain: OVN-KUBE-NODEPORT with args: "-p TCP -m addrtype --dst-type LOCAL --dport 32718 -j DNAT --to-destination 10.96.178.142:8081" for protocol: 0
+----
+
+.Example logs in the ovnkube-master container of the ovnkube-master pod when a host port is closed:
+[source,terminal]
+----
+$ Deleting rule in table: nat, chain: OVN-KUBE-NODEPORT with args: "-p TCP -m addrtype --dst-type LOCAL --dport 32718 -j DNAT --to-destination 10.96.178.142:8081" for protocol: 0
+----
+
+*LoadBalancer service:*
+
+.Example logs in the ovnkube-master container of the ovnkube-master pod when a host port is open:
+[source,terminal]
+----
+$ I0625 09:34:10.406067  128902 iptables.go:27] Adding rule in table: nat, chain: OVN-KUBE-EXTERNALIP with args: "-p TCP -d 172.16.47.129 --dport 8081 -j DNAT --to-destination 10.43.114.94:8081" for protocol: 0
+----
+
+.Example logs in the ovnkube-master container of the ovnkube-master pod when a host port is closed:
+[source,terminal]
+----
+$ I0625 09:37:00.976953  128902 iptables.go:63] Deleting rule in table: nat, chain: OVN-KUBE-EXTERNALIP with args: "-p TCP -d 172.16.47.129 --dport 8081 -j DNAT --to-destination 10.43.114.94:8081" for protocol: 0
+----
+--
\ No newline at end of file
diff --git a/modules/microshift-exposed-audit-ports.adoc b/modules/microshift-exposed-audit-ports.adoc
new file mode 100644
index 000000000000..3c4edb07ca82
--- /dev/null
+++ b/modules/microshift-exposed-audit-ports.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-networking-settings.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-exposed-audit-ports_{context}"]
+= Auditing exposed network ports 
+
+On {microshift-short}, the host port can be opened by a workload in the following cases. You can check logs to view the network services.
\ No newline at end of file
diff --git a/modules/microshift-fips-rpm-system.adoc b/modules/microshift-fips-rpm-system.adoc
new file mode 100644
index 000000000000..9731742c1263
--- /dev/null
+++ b/modules/microshift-fips-rpm-system.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * microshift_install/microshift-fips.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-fips-rpm-system_{context}"]
+= FIPS mode with {op-system-base} RPM-based installations
+
+Using FIPS with {microshift-short} requires enabling the cryptographic module self-checks in your {op-system-base-full} installation. After the host operating system has been configured to start with the FIPS modules, {microshift-short} containers are automatically enabled to run in FIPS mode.
+
+* When {op-system-base} is started in FIPS mode, {microshift-short} core components use the {op-system} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 validation on only the x86_64 architectures.
+
+* You must enable FIPS mode when you install {op-system-base} {op-system-version-major} on the machines that you plan to use as worker machines.
++
+[IMPORTANT]
+====
+Because FIPS must be enabled before the operating system that your cluster uses starts for the first time, you cannot enable FIPS after you deploy a cluster.
+====
+
+* {microshift-short} uses a FIPS-compatible Golang compiler.
+
+* FIPS is supported in the CRI-O container runtime.
+
+[id="microshift-fips-limitations_{context}"]
+== Limitations
+
+* TLS implementation FIPS support is not complete.
+
+* The FIPS implementation does not offer a single function that both computes hash functions and validates the keys that are based on that hash. This limitation continues to be evaluated for improvement in future {microshift-short} releases.
+
+[id="microshift-fips-install_{context}"]
+== Installing {op-system-base} in FIPS mode
+
+To install {op-system-base} with FIPS, follow the guidance in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode] of the {op-system-base} documentation.
\ No newline at end of file
diff --git a/modules/microshift-firewall-about.adoc b/modules/microshift-firewall-about.adoc
index d5a6475f33ca..034b8f1ab61f 100644
--- a/modules/microshift-firewall-about.adoc
+++ b/modules/microshift-firewall-about.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-firewall-about_{context}"]
 = About network traffic through the firewall
 
-Firewalld is a networking service that runs in the background and responds to connection requests, creating a dynamic customizable host-based firewall. If you are using {op-system-ostree-first} with {product-title}, firewalld should already be installed and you just need to configure it. Details are provided in procedures that follow. Overall, you must explicitly allow the following OVN-Kubernetes traffic when the `firewalld` service is running:
+Firewalld is a networking service that runs in the background and responds to connection requests, creating a dynamic customizable host-based firewall. If you are using {op-system-ostree-first} with {microshift-short}, firewalld should already be installed and you just need to configure it. Details are provided in procedures that follow. Overall, you must explicitly allow the following OVN-Kubernetes traffic when the `firewalld` service is running:
 
 CNI pod to CNI pod::
 CNI pod to Host-Network pod
@@ -17,9 +17,9 @@ The Kubernetes pod that uses the CNI network
 
 Host-Network pod::
 The Kubernetes pod that uses host network
-You can configure the `firewalld` service by using the following procedures. In most cases, firewalld is part of {rhel} installations. If you do not have firewalld, you can install it with the simple procedure in this section.
+You can configure the `firewalld` service by using the following procedures. In most cases, firewalld is part of {op-system-ostree} installations. If you do not have firewalld, you can install it with the simple procedure in this section.
 
 [IMPORTANT]
 ====
-{product-title} pods must have access to the internal CoreDNS component and API servers.
+{microshift-short} pods must have access to the internal CoreDNS component and API servers.
 ====
\ No newline at end of file
diff --git a/modules/microshift-firewall-allow-traffic.adoc b/modules/microshift-firewall-allow-traffic.adoc
index 79d1723fb7fc..4036bfbd51dc 100644
--- a/modules/microshift-firewall-allow-traffic.adoc
+++ b/modules/microshift-firewall-allow-traffic.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-firewall-allow-traffic_{context}"]
 = Allowing network traffic through the firewall
 
@@ -28,7 +28,7 @@ $ sudo firewall-offline-cmd --permanent --zone=trusted --add-source=<custom IP r
 
 . To allow internal traffic from pods through the network gateway, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo firewall-offline-cmd --permanent --zone=trusted --add-source=169.254.169.1
 ----
diff --git a/modules/microshift-firewall-apply-settings.adoc b/modules/microshift-firewall-apply-settings.adoc
index 9bcfb36f8fc0..c47eb52254b6 100644
--- a/modules/microshift-firewall-apply-settings.adoc
+++ b/modules/microshift-firewall-apply-settings.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-firewall-applying-settings_{context}"]
 == Applying firewall settings
 
diff --git a/modules/microshift-firewall-known-issue.adoc b/modules/microshift-firewall-known-issue.adoc
index 45b0a44c7e20..2f7692383e07 100644
--- a/modules/microshift-firewall-known-issue.adoc
+++ b/modules/microshift-firewall-known-issue.adoc
@@ -2,10 +2,8 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-firewall-known-issue_{context}"]
 = Known firewall issue
 
-* To avoid breaking traffic flows with a firewall reload or restart, execute firewall commands before starting {product-title}. The CNI driver in {product-title} makes use of iptable rules for some traffic flows, such as those using the NodePort service. The iptable rules are generated and inserted by the CNI driver, but are deleted when the firewall reloads or restarts. The absence of the iptable rules breaks traffic flows. If firewall commands have to be executed after {product-title} is running, manually restart `ovnkube-master` pod in the `openshift-ovn-kubernetes` namespace to reset the rules controlled by the CNI driver.
-
-//Revise and use the unused ki-cni-iptables-deleted procedure in release notes? Need to verify status for 4.14
\ No newline at end of file
+* To avoid breaking traffic flows with a firewall reload or restart, execute firewall commands before starting {op-system}. The CNI driver in {microshift-short} makes use of iptable rules for some traffic flows, such as those using the NodePort service. The iptable rules are generated and inserted by the CNI driver, but are deleted when the firewall reloads or restarts. The absence of the iptable rules breaks traffic flows. If firewall commands have to be executed after {microshift-short} is running, manually restart `ovnkube-master` pod in the `openshift-ovn-kubernetes` namespace to reset the rules controlled by the CNI driver.
diff --git a/modules/microshift-firewall-opt-settings.adoc b/modules/microshift-firewall-opt-settings.adoc
index cbb6dee775b0..d98b0b5cfb54 100644
--- a/modules/microshift-firewall-opt-settings.adoc
+++ b/modules/microshift-firewall-opt-settings.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-firewall-optional-settings_{context}"]
 = Using optional port settings
 
-The {product-title} firewall service allows optional port settings.
+The {microshift-short} firewall service allows optional port settings.
 
 .Procedure
 
@@ -47,25 +47,25 @@ $ sudo firewall-cmd --permanent --zone=public --add-port=<port number>/<port pro
 |HTTPS API port for the {product-title} API.
 |===
 
-The following are examples of commands used when requiring external access through the firewall to services running on {product-title}, such as port 6443 for the API server, for example, ports 80 and 443 for applications exposed through the router.
+The following are examples of commands used when requiring external access through the firewall to services running on {microshift-short}, such as port 6443 for the API server, for example, ports 80 and 443 for applications exposed through the router.
 
 .Example commands
 
-* Configuring a port for the {product-title} API server:
+* Configuring a port for the {microshift-short} API server:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
 ----
 
 * Configuring ports for applications exposed through the router:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
 ----
diff --git a/modules/microshift-firewall-req-settings.adoc b/modules/microshift-firewall-req-settings.adoc
index 37418ac36275..96c635237c22 100644
--- a/modules/microshift-firewall-req-settings.adoc
+++ b/modules/microshift-firewall-req-settings.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-firewall-req-settings_{context}"]
 = Required firewall settings
 
@@ -30,14 +30,14 @@ The following are examples of commands for settings that are mandatory for firew
 
 * Configure host network pod access to other pods:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16
 ----
 
 * Configure host network pod access to services backed by Host endpoints, such as the {product-title} API:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1
 ----
diff --git a/modules/microshift-firewall-update-for-service.adoc b/modules/microshift-firewall-update-for-service.adoc
new file mode 100644
index 000000000000..b36e0443c921
--- /dev/null
+++ b/modules/microshift-firewall-update-for-service.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-firewall.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-firewall-update-for-service_{context}"]
+= Overview of firewall ports when a service is exposed
+
+Firewalld is often active when you run services on {microshift-short}. This can disrupt certain services on {microshift-short} because traffic to the ports might be blocked by the firewall. You must ensure that the necessary firewall ports are open if you want certain services to be accessible from outside the host. There are several options for opening your ports:
+
+* Services of the `NodePort` and `LoadBalancer` type are automatically available with OVN-Kubernetes.
++
+In these cases, OVN-Kubernetes adds iptables rules so the traffic to the node IP address is delivered to the relevant ports. This is done using the PREROUTING rule chain and is then forwarded to the OVN-K to bypass the firewalld rules for local host ports and services. Iptables and firewalld are backed by nftables in {op-system} {op-system-version-major}. The nftables rules, which the iptables generates, always have priority over the rules that the firewalld generates.
+
+* Pods with the `HostPort` parameter settings are automatically available. This also includes the `router-default` pod, which uses ports 80 and 443.
++
+For `HostPort` pods, the CRI-O config sets up iptables DNAT (Destination Network Address Translation) to the pod's IP address and port.
+
+These methods function for clients whether they are on the same host or on a remote host. The iptables rules, which are added by OVN-Kubernetes and CRI-O, attach to the PREROUTING and OUTPUT chains. The local traffic goes through the OUTPUT chain with the interface set to the `lo` type. The DNAT runs before it hits filler rules in the INPUT chain.
+
+Because the {microshift-short} API server does not run in CRI-O, it is subject to the firewall configurations. You can open port 6443 in the firewall to access the API server in your {microshift-short} cluster.
\ No newline at end of file
diff --git a/modules/microshift-firewall-verify-settings.adoc b/modules/microshift-firewall-verify-settings.adoc
index 4bda23d144d0..ce645b4c7d87 100644
--- a/modules/microshift-firewall-verify-settings.adoc
+++ b/modules/microshift-firewall-verify-settings.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-firewall-verifying-settings_{context}"]
 = Verifying firewall settings
 
diff --git a/modules/microshift-firewalld-install.adoc b/modules/microshift-firewalld-install.adoc
index 8f211360333b..ebafd820770f 100644
--- a/modules/microshift-firewalld-install.adoc
+++ b/modules/microshift-firewalld-install.adoc
@@ -2,13 +2,13 @@
 //
 // * microshift_networking/microshift-firewall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-firewall-install_{context}"]
 = Installing the firewalld service
 
 If you are using {op-system-ostree}, firewalld should be installed. To use the service, you can simply configure it. The following procedure can be used if you do not have firewalld, but want to use it.
 
-Install and run the `firewalld` service for {product-title} by using the following steps.
+Install and run the `firewalld` service for {microshift-short} by using the following steps.
 
 .Procedure
 
diff --git a/modules/microshift-gathering-sos-report.adoc b/modules/microshift-gathering-sos-report.adoc
index a1f7766d939d..1e60142bb107 100644
--- a/modules/microshift-gathering-sos-report.adoc
+++ b/modules/microshift-gathering-sos-report.adoc
@@ -2,9 +2,9 @@
 
 // * microshift_support/microshift-sos-report
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="gathering-data-microshift-sos-report_{context}"]
-= Gathering data from a {product-title} sos report
+= Gathering data from an sos report
 
 .Prerequisites
 
@@ -18,7 +18,7 @@
 +
 [source,terminal]
 ----
-$ sos report --batch --clean --all-logs --profile microshift
+$ microshift-sos-report
 ----
 +
 .Example output
diff --git a/modules/microshift-get-mirror-reg-container-image-list.adoc b/modules/microshift-get-mirror-reg-container-image-list.adoc
new file mode 100644
index 000000000000..e0ecd3c9b6d3
--- /dev/null
+++ b/modules/microshift-get-mirror-reg-container-image-list.adoc
@@ -0,0 +1,60 @@
+// Module included in the following assemblies:
+//
+// * microshift/running_applications/microshift-deploy-with-mirror-registry.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-get-mirror-reg-container-image-list_{context}"]
+= Getting the {microshift-short} mirror registry container image list
+
+To use a mirror registry, you must know which container image references are used by a specific version of {microshift-short}. These references are provided in the `release-<arch>.json` files that are part of the `microshift-release-info` RPM package.
+
+.Prerequisites
+
+* You have installed jq.
+
+.Procedure
+
+. Access the list of container image references by using one of the following methods:
+
+** If the package is installed on the {microshift-short} host, get the location of the files by running the following command:
++
+[source,terminal]
+----
+$ rpm -ql microshift-release-info
+----
++
+.Example output
+[source,text]
+----
+/usr/share/microshift/release/release-x86_64.json
+----
+
+** If the package is not installed on a {microshift-short} host, download and unpack the RPM package without installing it by running the following command:
++
+[source,terminal]
+----
+$ rpm2cpio microshift-release-info*.noarch.rpm | cpio -idmv
+----
++
+.Example output
+[source,text]
+----
+/usr/share/microshift/release/release-x86_64.json
+----
+
+. Extract the list of container images into the `microshift-container-refs.txt` file by running the following commands:
++
+[source,terminal]
+----
+$ RELEASE_FILE=/usr/share/microshift/release/release-$(uname -m).json
+----
++
+[source,terminal]
+----
+$ jq -r '.images | .[]' ${RELEASE_FILE} > microshift-container-refs.txt
+----
+
+[NOTE]
+====
+After the `microshift-container-refs.txt` file is created with the {microshift-short} container image list, you can append the file with other user-specific image references before running the mirroring procedure.
+====
\ No newline at end of file
diff --git a/modules/microshift-greenboot-check-status.adoc b/modules/microshift-greenboot-check-status.adoc
new file mode 100644
index 000000000000..ac1e53a58860
--- /dev/null
+++ b/modules/microshift-greenboot-check-status.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * microshift_running applications/checking-greenboot-scripts-status.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-greenboot-check-status_{context}"]
+= Checking the status of Greenboot health checks
+
+Check the status of Greenboot health checks before making changes to the system or during troubleshooting. You can use any of the following commands to help you ensure that Greenboot scripts have finished running.
+
+.Procedure
+
+* To see a report of health check status, use the following command:
++
+[source,terminal]
+----
+$ systemctl show --property=SubState --value greenboot-healthcheck.service
+----
++
+** An output of `start` means that Greenboot checks are still running.
+** An output of `exited` means that checks have passed and Greenboot has exited. Greenboot runs the scripts in the `green.d` directory when the system is a healthy state.
+** An output of `failed` means that checks have not passed. Greenboot runs the scripts in `red.d` directory when the system is in this state and might restart the system.
+
+* To see a report showing the numerical exit code of the service where `0` means success and non-zero values mean a failure occurred, use the following command:
++
+[source,terminal]
+----
+$ systemctl show --property=ExecMainStatus --value greenboot-healthcheck.service
+----
+
+* To see a report showing a message about boot status, such as `Boot Status is GREEN - Health Check SUCCESS`, use the following command:
++
+[source,terminal]
+----
+$ cat /run/motd.d/boot-status
+----
diff --git a/modules/microshift-greenboot-check-update.adoc b/modules/microshift-greenboot-check-update.adoc
index c5aa5054c513..e87ef0d71e0c 100644
--- a/modules/microshift-greenboot-check-update.adoc
+++ b/modules/microshift-greenboot-check-update.adoc
@@ -2,26 +2,25 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="greenboot-check-updates_{context}"]
-= Checking updates with a health script
+= Checking updates with a health check script
 
-Access the output of health check scripts in the system log after an update by using the following procedure.
+Access the output of Greenboot health check scripts in the system log after an update by using the following procedure.
 
 .Procedure
 
 * To access the result of update checks, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo grub2-editenv - list | grep ^boot_success
 ----
 
 .Example output for a successful update
-
-[source, terminal]
+[source,terminal]
 ----
 boot_success=1
 ----
 
-If your command returns `boot_success=0`, either the greenboot health check is still running, or the update is a failure.
\ No newline at end of file
+If your command returns `boot_success=0`, either the Greenboot health check is still running, or the update is a failure.
\ No newline at end of file
diff --git a/modules/microshift-greenboot-create-health-check-script.adoc b/modules/microshift-greenboot-create-health-check-script.adoc
index 6a61c7e9beb0..9c3186d9039a 100644
--- a/modules/microshift-greenboot-create-health-check-script.adoc
+++ b/modules/microshift-greenboot-create-health-check-script.adoc
@@ -1,57 +1,113 @@
-// Module included in the following assemblies:
+//Updated title and ID:
+//Module included in the following assemblies:
 //
-// * microshift_running applications/microshift-greenboot.adoc
+//* microshift_running_apps/microshift-greenboot-workload-scripts.adoc
 
-:_content-type: PROCEDURE
-[id="microshift-greenboot-create-health-check-script_{context}"]
-= Creating a health check script
+:_mod-docs-content-type: CONCEPT
+[id="microshift-greenboot-app-health-check-script_{context}"]
+= How to create a health check script for your application
 
-You can create a health check script for installed workloads by placing them in the `/etc/greenboot/check/required.d` directory. The following procedure provides an example of installing the busybox application and creating a health check script for busybox. You can use this example as a general guide for creating health check scripts for your applications.
+You can create workload or application health check scripts in the text editor of your choice using the example in this documentation. Save the scripts in the `/etc/greenboot/check/required.d` directory. When a script in the `/etc/greenboot/check/required.d` directory exits with an error, Greenboot triggers a reboot in an attempt to heal the system.
 
-.Prerequisite
+[NOTE]
+====
+Any script in the `/etc/greenboot/check/required.d` directory triggers a reboot if it exits with an error.
+====
 
-* You have installed a workload. For this example, the busybox application is used as a workload. The "Additional resources" section that follows this procedure has a link to instructions on deploying workloads using manifests.
+If your health check logic requires any post-check steps, you can also create additional scripts and save them in the relevant greenboot directories. For example:
 
-.Procedure
+* You can also place shell scripts you want to run after a boot has been declared successful in `/etc/greenboot/green.d`.
+* You can place shell scripts you want to run after a boot has been declared failed in `/etc/greenboot/red.d`. For example, if you have steps to heal the system before restarting, you can create scripts for your use case and place them in the `/etc/greenboot/red.d` directory.
 
-. To create a health check script, run the following command:
-+
-[source, terminal]
-----
-$ SCRIPT_FILE=/etc/greenboot/check/required.d/50_busybox_running_check.sh
-sudo curl -s https://raw.githubusercontent.com/openshift/microshift/3b7f6025cd77bd1bf827416fd026783ead82b7c8/docs/config/busybox_running_check.sh \
-  -o ${SCRIPT_FILE} && echo SUCCESS || echo ERROR
-sudo chmod 755 ${SCRIPT_FILE}
-----
-+
-In this example, the script verifies that busybox is running as expected. You can replace `/etc/greenboot/check/required.d/50_busybox_running_check.sh` with your own workload details.
-+
-[NOTE]
+[id="microshift-greenboot-about-workload-health-check-script-example_{context}"]
+== About the workload health check script example
+
+The following example uses the {microshift-short} health check script as a template. You can use this example with the provided libraries as a guide for creating basic health check scripts for your applications.
+
+[id="microshift-greenboot-app-health-check-basic-prereqs_{context}"]
+=== Basic prerequisites for creating a health check script
+
+* The workload must be installed.
+* You must have root access.
+
+[id="microshift-greenboot-app-health-check-ex-reqs_{context}"]
+=== Example and functional requirements
+
+You can start with the following example health check script. Modify it for your use case. In your workload health check script, you must complete the following minimum steps:
+
+* Set the environment variables.
+* Define the user workload namespaces.
+* List the expected pod count.
+
+[IMPORTANT]
 ====
-In this example, the {product-title} core service health checks run before the user workload health checks.
+Choose a name prefix for your application that ensures it runs after the `40_microshift_running_check.sh` script, which implements the {product-title} health check procedure for its core services.
 ====
 
-. To test that your script is running as expected:
+.Example workload health check script
+[source, bash]
+----
+# #!/bin/bash
+set -e
 
-.. Restart the system.
+SCRIPT_NAME=$(basename $0)
+PODS_NS_LIST=(<user_workload_namespace1> <user_workload_namespace2>)
+PODS_CT_LIST=(<user_workload_namespace1_pod_count> <user_workload_namespace2_pod_count>)
+# Update these two lines with at least one namespace and the pod counts that are specific to your workloads. Use the kubernetes <namespace> where your workload is deployed.
 
-.. Once the system has restarted, run the following command:
-+
-[source, terminal]
-----
-$ sudo journalctl -o cat -u greenboot-healthcheck.service
-----
-+
-.Example output for the busybox health check script
-+
-[source, terminal]
-----
-...
-...
-STARTED
-Waiting 300s for pod image(s) from the 'busybox' namespace to be downloaded
-Waiting 300s for 1 pod(s) from the 'busybox' namespace to be in 'Ready' state
-Checking pod restart count in the 'busybox' namespace
-FINISHED
-Script '50_busybox_running_check.sh' SUCCESS
+# Set Greenboot to read and execute the workload health check functions library.
+source /usr/share/microshift/functions/greenboot.sh
+
+# Set the exit handler to log the exit status.
+trap 'script_exit' EXIT
+
+# Set the script exit handler to log a `FAILURE` or `FINISHED` message depending on the exit status of the last command.
+# args: None
+# return: None
+function script_exit() {
+    [ "$?" -ne 0 ] && status=FAILURE || status=FINISHED
+    echo $status
+}
+
+# Set the system to automatically stop the script if the user running it is not 'root'.
+if [ $(id -u) -ne 0 ] ; then
+    echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges"
+    exit 1
+fi
+
+echo "STARTED"
+
+# Set the script to stop without reporting an error if the MicroShift service is not running.
+if [ $(systemctl is-enabled microshift.service 2>/dev/null) != "enabled" ] ; then
+    echo "MicroShift service is not enabled. Exiting..."
+    exit 0
+fi
+
+# Set the wait timeout for the current check based on the boot counter.
+WAIT_TIMEOUT_SECS=$(get_wait_timeout)
+
+# Set the script to wait for the pod images to be downloaded.
+for i in ${!PODS_NS_LIST[@]}; do
+    CHECK_PODS_NS=${PODS_NS_LIST[$i]}
+
+    echo "Waiting ${WAIT_TIMEOUT_SECS}s for pod image(s) from the ${CHECK_PODS_NS} namespace to be downloaded"
+    wait_for ${WAIT_TIMEOUT_SECS} namespace_images_downloaded
+done
+
+# Set the script to wait for pods to enter ready state.
+for i in ${!PODS_NS_LIST[@]}; do
+    CHECK_PODS_NS=${PODS_NS_LIST[$i]}
+    CHECK_PODS_CT=${PODS_CT_LIST[$i]}
+
+    echo "Waiting ${WAIT_TIMEOUT_SECS}s for ${CHECK_PODS_CT} pod(s) from the ${CHECK_PODS_NS} namespace to be in 'Ready' state"
+    wait_for ${WAIT_TIMEOUT_SECS} namespace_pods_ready
+done
+
+# Verify that pods are not restarting by running, which could indicate a crash loop.
+for i in ${!PODS_NS_LIST[@]}; do
+    CHECK_PODS_NS=${PODS_NS_LIST[$i]}
+
+    echo "Checking pod restart count in the ${CHECK_PODS_NS} namespace"
+    namespace_pods_not_restarting ${CHECK_PODS_NS}
+done
 ----
diff --git a/modules/microshift-greenboot-dir-structure.adoc b/modules/microshift-greenboot-dir-structure.adoc
index c4d8aceedd11..e1f99c972e7e 100644
--- a/modules/microshift-greenboot-dir-structure.adoc
+++ b/modules/microshift-greenboot-dir-structure.adoc
@@ -2,17 +2,17 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-greenboot-dir-structure_{context}"]
-= How greenboot uses directories to run scripts
+= How Greenboot uses directories to run scripts
 
 Health check scripts run from four `/etc/greenboot` directories. These scripts run in alphabetical order. Keep this in mind when you configure the scripts for your workloads.
 
-When the system starts, greenboot runs the scripts in the `required.d` and `wanted.d` directories. Depending on the outcome of those scripts, greenboot continues the startup or attempts a rollback as follows:
+When the system starts, Greenboot runs the scripts in the `required.d` and `wanted.d` directories. Depending on the outcome of those scripts, Greenboot continues the startup or attempts a rollback as follows:
 
-. System as expected: When all of the scripts in the `required.d` directory are successful, greenboot runs any scripts present in the `/etc/greenboot/green.d` directory.
+. System as expected: When all of the scripts in the `required.d` directory are successfully run, Greenboot runs any scripts present in the `/etc/greenboot/green.d` directory.
 
-. System trouble: If any of the scripts in the `required.d` directory fail, greenboot runs any prerollback scripts present in the `red.d` directory, then restarts the system.
+. System trouble: If any of the scripts in the `required.d` directory fail, Greenboot runs any prerollback scripts present in the `red.d` directory, then restarts the system.
 
 [NOTE]
 ====
@@ -26,16 +26,16 @@ Returning a nonzero exit code from any script means that script has failed. Gree
 
 * `/etc/greenboot/check/required.d` contains the health checks that must not fail.
 
-** If the scripts fail, greenboot retries them three times by default. You can configure the number of retries in the `/etc/greenboot/greenboot.conf` file by setting the `GREENBOOT_MAX_BOOTS` parameter to the desired number of retries.
+** If the scripts fail, Greenboot retries them three times by default. You can configure the number of retries in the `/etc/greenboot/greenboot.conf` file by setting the `GREENBOOT_MAX_BOOTS` parameter to the desired number of retries.
 
-** After all retries fail, greenboot automatically initiates a rollback if one is available. If a rollback is not available, the system log output shows that manual intervention is required.
+** After all retries fail, Greenboot automatically initiates a rollback if one is available. If a rollback is not available, the system log output shows that manual intervention is required.
 
-** The `40_microshift_running_check.sh` health check script for {product-title} is installed into this directory.
+** The `40_microshift_running_check.sh` health check script for {microshift-short} is installed into this directory.
 
 * `/etc/greenboot/check/wanted.d` contains health scripts that are allowed to fail without causing the system to be rolled back.
 
-** If any of these scripts fail, greenboot logs the failure but does not initiate a rollback.
+** If any of these scripts fail, Greenboot logs the failure but does not initiate a rollback.
 
-* `/etc/greenboot/green.d` contains scripts that run after greenboot has declared the start successful.
+* `/etc/greenboot/green.d` contains scripts that run after Greenboot has declared the start successful.
 
-* `/etc/greenboot/red.d` contains scripts that run after greenboot has declared the startup as failed, including the `40_microshift_pre_rollback.sh` prerollback script. This script is executed right before a system rollback. The script performs {product-title} pod and OVN-Kubernetes cleanup to avoid potential conflicts after the system is rolled back to a previous version.
+* `/etc/greenboot/red.d` contains scripts that run after Greenboot has declared the startup as failed, including the `40_microshift_pre_rollback.sh` prerollback script. This script is executed right before a system rollback. The script performs {microshift-short} pod and OVN-Kubernetes cleanup to avoid potential conflicts after the system is rolled back to a previous version.
diff --git a/modules/microshift-greenboot-health-check-log.adoc b/modules/microshift-greenboot-health-check-log.adoc
index 55241751b17f..9b75bea60e13 100644
--- a/modules/microshift-greenboot-health-check-log.adoc
+++ b/modules/microshift-greenboot-health-check-log.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-greenboot-access-health-check_{context}"]
 = Accessing health check output in the system log
 
@@ -12,13 +12,13 @@ You can manually access the output of health checks in the system log by using t
 
 * To access the results of a health check, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo journalctl -o cat -u greenboot-healthcheck.service
 ----
 
 .Example output of a failed health check
-[source, terminal]
+[source,terminal]
 ----
 ...
 ...
diff --git a/modules/microshift-greenboot-how-workload-health-check-scripts-work.adoc b/modules/microshift-greenboot-how-workload-health-check-scripts-work.adoc
new file mode 100644
index 000000000000..a53cbf301d27
--- /dev/null
+++ b/modules/microshift-greenboot-how-workload-health-check-scripts-work.adoc
@@ -0,0 +1,26 @@
+//Module included in the following assemblies:
+//
+//* microshift_running_apps/microshift-greenboot-workload-scripts.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-greenboot-how-workload-health-check-scripts-work_{context}"]
+= How workload health check scripts work
+
+The workload or application health check script described in this tutorial uses the {microshift-short} health check functions that are available in the `/usr/share/microshift/functions/greenboot.sh` file. This enables you to reuse procedures already implemented for the {microshift-short} core services.
+
+The script starts by running checks that the basic functions of the workload are operating as expected. To run the script successfully:
+
+* Execute the script from a root user account.
+* Enable the {microshift-short} service.
+
+The health check performs the following actions:
+
+* Gets a wait timeout of the current boot cycle for the `wait_for` function.
+* Calls the `namespace_images_downloaded` function to wait until pod images are available.
+* Calls the `namespace_pods_ready` function to wait until pods are ready.
+* Calls the `namespace_pods_not_restarting` function to verify pods are not restarting.
+
+[NOTE]
+====
+Restarting pods can indicate a crash loop.
+====
\ No newline at end of file
diff --git a/modules/microshift-greenboot-included-health-checks.adoc b/modules/microshift-greenboot-included-health-checks.adoc
new file mode 100644
index 000000000000..61a0bc8b5277
--- /dev/null
+++ b/modules/microshift-greenboot-included-health-checks.adoc
@@ -0,0 +1,25 @@
+//Module included in the following assemblies:
+//
+//* microshift_running_apps/microshift-greenboot-workload-scripts.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-greenboot-included-health-checks_{context}"]
+= Included greenboot health checks
+
+Health check scripts are available in `/usr/lib/greenboot/check`, a read-only directory in RPM-OSTree systems. The following health checks are included with the `greenboot-default-health-checks` framework.
+
+* Check if repository URLs are still DNS solvable:
++
+This script is under `/usr/lib/greenboot/check/required.d/01_repository_dns_check.sh` and ensures that DNS queries to repository URLs are still available.
+
+* Check if update platforms are still reachable:
++
+This script is under `/usr/lib/greenboot/check/wanted.d/01_update_platform_check.sh` and tries to connect and get a 2XX or 3XX HTTP code from the update platforms defined in `/etc/ostree/remotes.d`.
+
+* Check if the current boot has been triggered by the hardware watchdog:
++
+This script is under `/usr/lib/greenboot/check/required.d/02_watchdog.sh` and checks whether the current boot has been watchdog-triggered or not.
+
+** If the watchdog-triggered reboot occurs within the grace period, the current boot is marked as red. Greenboot does not trigger a rollback to the previous deployment.
+** If the watchdog-triggered reboot occurs after the grace period, the current boot is not marked as red. Greenboot does not trigger a rollback to the previous deployment.
+** A 24-hour grace period is enabled by default. This grace period can be either disabled by modifying `GREENBOOT_WATCHDOG_CHECK_ENABLED` in `/etc/greenboot/greenboot.conf to false`, or configured by changing the `GREENBOOT_WATCHDOG_GRACE_PERIOD=number_of_hours` variable value in `/etc/greenboot/greenboot.conf`.
diff --git a/modules/microshift-greenboot-microshift-health-script.adoc b/modules/microshift-greenboot-microshift-health-script.adoc
index 80bbbd733646..355bf28150ca 100644
--- a/modules/microshift-greenboot-microshift-health-script.adoc
+++ b/modules/microshift-greenboot-microshift-health-script.adoc
@@ -2,15 +2,15 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-health-script_{context}"]
-= The {product-title} health script
+= The {microshift-short} health check script
 
-The `40_microshift_running_check.sh` health check script only performs validation of core {product-title} services. Install your customized workload validation scripts in the greenboot directories to ensure successful application operations after system updates. Scripts run in alphabetical order.
+The `40_microshift_running_check.sh` health check script only performs validation of core {microshift-short} services. Install your customized workload health check scripts in the Greenboot directories to ensure successful application operations after system updates. Scripts run in alphabetical order.
 
-{product-title} health checks are listed in the following table:
+{microshift-short} health checks are listed in the following table:
 
-.Validation statuses and outcome for {product-title}
+.Validation statuses and outcome for {microshift-short}
 
 [cols="3", options="header"]
 |===
@@ -51,7 +51,7 @@ The `40_microshift_running_check.sh` health check script only performs validatio
 |`exit 1`
 |===
 
-[id="validation-wait-period"]
+[id="validation-wait-period_{context}"]
 == Validation wait period
 The wait period in each validation is five minutes by default. After the wait period, if the validation has not succeeded, it is declared a failure. This wait period is incrementally increased by the base wait period after each boot in the verification loop.
 
diff --git a/modules/microshift-greenboot-prerollback-log.adoc b/modules/microshift-greenboot-prerollback-log.adoc
index da151df88842..6bcfd8a36255 100644
--- a/modules/microshift-greenboot-prerollback-log.adoc
+++ b/modules/microshift-greenboot-prerollback-log.adoc
@@ -3,7 +3,7 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-greenboot-access-prerollback-check_{context}"]
 = Accessing prerollback health check output in the system log
 
@@ -13,14 +13,13 @@ You can access the output of health check scripts in the system log. For example
 
 * To access the results of a prerollback script, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo journalctl -o cat -u redboot-task-runner.service
 ----
 
 .Example output of a prerollback script
-
-[source, terminal]
+[source,terminal]
 ----
 ...
 ...
diff --git a/modules/microshift-greenboot-systemd-journal-data.adoc b/modules/microshift-greenboot-systemd-journal-data.adoc
index a0675cc07857..fee536f64019 100644
--- a/modules/microshift-greenboot-systemd-journal-data.adoc
+++ b/modules/microshift-greenboot-systemd-journal-data.adoc
@@ -2,24 +2,24 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-greenboot-systemd-journal-data_{context}"]
 = Enabling systemd journal service data persistency
 
-The default configuration of the `systemd` journal service stores the data in the volatile `/run/log/journal` directory. To persist system logs across system starts and restarts, you must enable log persistence and set limits on the maximal journal data size.
+The default configuration of the `systemd` journal service stores the data in the volatile `/run/log/journal` directory. To view system logs across system starts and restarts, you must enable log persistence and set limits on the maximal journal data size.
 
 .Procedure
 
 . Make the directory by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo mkdir -p /etc/systemd/journald.conf.d
 ----
 
 . Create the configuration file by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 cat <<EOF | sudo tee /etc/systemd/journald.conf.d/microshift.conf &>/dev/null
 [Journal]
diff --git a/modules/microshift-greenboot-testing-workload-script.adoc b/modules/microshift-greenboot-testing-workload-script.adoc
new file mode 100644
index 000000000000..19098475af2b
--- /dev/null
+++ b/modules/microshift-greenboot-testing-workload-script.adoc
@@ -0,0 +1,51 @@
+//Module included in the following assemblies:
+//
+//* microshift_running_apps/microshift-greenboot-workload-scripts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-greenboot-test-workload-health-check-script_{context}"]
+= Testing a workload health check script
+
+.Prerequisites
+
+* You have root access.
+* You have installed a workload.
+* You have created a health check script for the workload.
+* The {product-title} service is enabled.
+
+.Procedure
+
+. To test that Greenboot is running a health check script file, reboot the host by running the following command:
++
+[source,terminal]
+----
+$ sudo reboot
+----
+
+. Examine the output of Greenboot health checks by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -o cat -u greenboot-healthcheck.service
+----
++
+[NOTE]
+====
+{microshift-short} core service health checks run before the workload health checks.
+====
++
+.Example output
+[source,terminal]
+----
+GRUB boot variables:
+boot_success=0
+boot_indeterminate=0
+Greenboot variables:
+GREENBOOT_WATCHDOG_CHECK_ENABLED=true
+...
+...
+FINISHED
+Script '40_microshift_running_check.sh' SUCCESS
+Running Wanted Health Check Scripts...
+Finished greenboot Health Checks Runner.
+----
diff --git a/modules/microshift-greenboot-updates-workloads.adoc b/modules/microshift-greenboot-updates-workloads.adoc
index 6a78a5696bfe..8d27906e01e6 100644
--- a/modules/microshift-greenboot-updates-workloads.adoc
+++ b/modules/microshift-greenboot-updates-workloads.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-greenboot-updates-workloads_{context}"]
 = Updates and third-party workloads
 
-Health checks are especially useful after an update. You can examine the output of greenboot health checks and determine whether the update was declared valid. This health check can help you determine if the system is working properly.
+Health checks are especially useful after an update. You can examine the output of Greenboot health checks and determine whether the update was declared valid. This health check can help you determine if the system is working properly.
 
 Health check scripts for updates are installed into the `/etc/greenboot/check/required.d` directory and are automatically executed during each system start. Exiting scripts with a nonzero status means the system start is declared as failed.
 
diff --git a/modules/microshift-greenboot-workloads-validation.adoc b/modules/microshift-greenboot-workloads-validation.adoc
index becaf8b7dac2..c921b8d52b1b 100644
--- a/modules/microshift-greenboot-workloads-validation.adoc
+++ b/modules/microshift-greenboot-workloads-validation.adoc
@@ -2,23 +2,23 @@
 //
 // * microshift_running applications/microshift-greenboot.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-greenboot-workloads-validation_{context}"]
 = Checking the results of an update
 
-After a successful start, greenboot sets the variable `boot_success=` to `1` in GRUB. You can view the overall status of system health checks after an update in the system log by using the following procedure.
+After a successful start, Greenboot sets the variable `boot_success=` to `1` in GRUB. You can view the overall status of system health checks after an update in the system log by using the following procedure.
 
 .Procedure
 
 * To access the overall status of system health checks, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo grub2-editenv - list | grep ^boot_success
 ----
 
 .Example output for a successful system start
-[source, terminal]
+[source,terminal]
 ----
 boot_success=1
 ----
\ No newline at end of file
diff --git a/modules/microshift-http-proxy.adoc b/modules/microshift-http-proxy.adoc
index df03d3f87bfa..d1708e4c1b9d 100644
--- a/modules/microshift-http-proxy.adoc
+++ b/modules/microshift-http-proxy.adoc
@@ -2,12 +2,12 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-http-proxy_{context}"]
-= Deploying {product-title} behind an HTTP(S) proxy
+= Deploying {microshift-short} behind an HTTP(S) proxy
 
-Deploy a {product-title} cluster behind an HTTP(S) proxy when you want to add basic anonymity and security measures to your pods.
+Deploy a {microshift-short} cluster behind an HTTP(S) proxy when you want to add basic anonymity and security measures to your pods.
 
-You must configure the host operating system to use the proxy service with all components initiating HTTP(S) requests when deploying {product-title} behind a proxy.
+You must configure the host operating system to use the proxy service with all components initiating HTTP(S) requests when deploying {microshift-short} behind a proxy.
 
-All the user-specific workloads or pods with egress traffic, such as accessing cloud services, must be configured to use the proxy. There is no built-in transparent proxying of egress traffic in {product-title}.
+All the user-specific workloads or pods with egress traffic, such as accessing cloud services, must be configured to use the proxy. There is no built-in transparent proxying of egress traffic in {microshift-short}.
diff --git a/modules/microshift-install-rpm-before.adoc b/modules/microshift-install-rpm-before.adoc
index 253e3a160dd7..9a4f45fa123b 100644
--- a/modules/microshift-install-rpm-before.adoc
+++ b/modules/microshift-install-rpm-before.adoc
@@ -2,10 +2,25 @@
 //
 // microshift/microshift-install-rpm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-install-rpm-before_{context}"]
-= Before installing {product-title} from an RPM package
+= Before installing {microshift-short} from an RPM package
 
-{product-title} uses the logical volume manager storage (LVMS) Container Storage Interface (CSI) plugin for providing storage to persistent volumes (PVs). LVMS relies on the Linux logical volume manager (LVM) to dynamically manage the backing logical volumes (LVs) for PVs. For this reason, your machine must have an LVM volume group (VG) with unused space in which LVMS can create the LVs for your workload's PVs.
+Preparation of the host machine is recommended prior to installing {microshift-short} for memory configuration and FIPS mode.
+
+[id="microshift-configuring-volume-groups_{context}"]
+== Configuring volume groups
+
+{microshift-short} uses the logical volume manager storage (LVMS) Container Storage Interface (CSI) plugin for providing storage to persistent volumes (PVs). LVMS relies on the Linux logical volume manager (LVM) to dynamically manage the backing logical volumes (LVs) for PVs. For this reason, your machine must have an LVM volume group (VG) with unused space in which LVMS can create the LVs for your workload's PVs.
 
 To configure a volume group (VG) that allows LVMS to create the LVs for your workload's PVs, lower the *Desired Size* of your root volume during the installation of {op-system}. Lowering the size of your root volume allows unallocated space on the disk for additional LVs created by LVMS at runtime.
+
+[id="microshift-prepare-for-fips-mode_{context}"]
+== Prepare for FIPS mode
+
+If your use case requires running {microshift-short} containers in FIPS mode, you must install {op-system-base} with FIPS enabled. After the worker machine is configured to run in FIPS mode, your {microshift-short} containers are automatically configured to also run in FIPS mode.
+
+[IMPORTANT]
+====
+Because FIPS must be enabled before the operating system that your cluster uses starts for the first time, you cannot enable FIPS after you deploy a cluster.
+====
\ No newline at end of file
diff --git a/modules/microshift-install-rpm-preparing.adoc b/modules/microshift-install-rpm-preparing.adoc
index ba63a7ada34b..7c1c8559e757 100644
--- a/modules/microshift-install-rpm-preparing.adoc
+++ b/modules/microshift-install-rpm-preparing.adoc
@@ -2,15 +2,15 @@
 //
 // microshift/microshift-install-rpm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-install-rpm-preparing_{context}"]
-= Preparing to install {product-title} from an RPM package
+= Preparing to install {microshift-short} from an RPM package
 
 Configure your {op-system} machine to have a logical volume manager (LVM) volume group (VG) with sufficient capacity for the persistent volumes (PVs) of your workload.
 
 .Prerequisites
 
-* The system requirements for installing {product-title} have been met.
+* The system requirements for installing {microshift-short} have been met.
 * You have root user access to your machine.
 * You have configured your LVM VG with the capacity needed for the PVs of your workload.
 
diff --git a/modules/microshift-install-rpms-olm.adoc b/modules/microshift-install-rpms-olm.adoc
new file mode 100644
index 000000000000..db7276db9f79
--- /dev/null
+++ b/modules/microshift-install-rpms-olm.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// microshift/microshift-install-rpm.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-installing-with-olm-from-rpm-package_{context}"]
+== Installing the Operator Lifecycle Manager (OLM) from an RPM package
+
+When you install {microshift-short}, the Operator Lifecycle Manager (OLM) package is not installed by default. You can install the OLM on your {microshift-short} instance using a RPM package. 
+
+.Procedure 
+
+. Install the OLM package by running the following command: 
++
+[source,terminal]
+----
+$ sudo dnf install microshift-olm
+----
+
+. To apply the manifest from the package to an active cluster, run the following command: 
++
+[source,terminal]
+----
+$ sudo systemctl restart microshift
+----
\ No newline at end of file
diff --git a/modules/microshift-install-rpms.adoc b/modules/microshift-install-rpms.adoc
index 584e142a9b11..e83a9697867f 100644
--- a/modules/microshift-install-rpms.adoc
+++ b/modules/microshift-install-rpms.adoc
@@ -2,7 +2,7 @@
 //
 // microshift/microshift-install-rpm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-microshift-from-rpm-package_{context}"]
 = Installing {product-title} from an RPM package
 
@@ -20,8 +20,8 @@ Use the following procedure to install {product-title} from an RPM package.
 [source,terminal,subs="attributes+"]
 ----
 $ sudo subscription-manager repos \
-    --enable rhocp-{ocp-version}-for-{rhel-major}-$(uname -i)-rpms \
-    --enable fast-datapath-for-{rhel-major}-$(uname -i)-rpms
+    --enable rhocp-{ocp-version}-for-{rhel-major}-$(uname -m)-rpms \
+    --enable fast-datapath-for-{rhel-major}-$(uname -m)-rpms
 ----
 
 . Install {product-title} by running the following command:
@@ -31,13 +31,6 @@ $ sudo subscription-manager repos \
 $ sudo dnf install -y microshift
 ----
 
-. Optional: Install greenboot for {product-title} by running the following command:
-+
-[source,terminal]
-----
-$ sudo dnf install -y microshift-greenboot
-----
-
 . Download your installation pull secret from the https://console.redhat.com/openshift/install/pull-secret[Red Hat Hybrid Cloud Console] to a temporary folder, for example, `$HOME/openshift-pull-secret`. This pull secret allows you to authenticate with the container registries that serve the container images used by {product-title}.
 
 . To copy the pull secret to the `/etc/crio` folder of your {op-system} machine, run the following command:
diff --git a/modules/microshift-install-system-requirements.adoc b/modules/microshift-install-system-requirements.adoc
index 29d45234faec..10795d86ef63 100644
--- a/modules/microshift-install-system-requirements.adoc
+++ b/modules/microshift-install-system-requirements.adoc
@@ -2,16 +2,15 @@
 //
 // microshift/microshift-install-rpm.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="microshift-install-system-requirements_{context}"]
-= System requirements for installing {product-title}
+= System requirements for installing {microshift-short}
 
-The following conditions must be met prior to installing {product-title}:
+The following conditions must be met prior to installing {microshift-short}:
 
-* {op-system} {op-system-version}
-* 2 CPU cores
-* 2 GB RAM for {product-title} or 3 GB RAM, required by {op-system} for networked-based HTTPs or FTP installations
-* 10 GB of storage
-* You have an active {product-title} subscription on your Red Hat account. If you do not have a subscription, contact your sales representative for more information.
-* You have a subscription that includes {product-title} RPMs.
+* A supported version of {op-system} or {op-system-ostree}.
+* 2 CPU cores.
+* 2 GB RAM for {microshift-short} or 3 GB RAM, required by {op-system} for networked-based HTTPs or FTP installations.
+* 10 GB of storage.
+* You have an active {microshift-short} subscription on your Red Hat account. If you do not have a subscription, contact your sales representative for more information.
 * You have a Logical Volume Manager (LVM) Volume Group (VG) with sufficient capacity for the Persistent Volumes (PVs) of your workload.
diff --git a/modules/microshift-k8s-apis.adoc b/modules/microshift-k8s-apis.adoc
index cfe4e4ef110e..5d57d7eb65fb 100644
--- a/modules/microshift-k8s-apis.adoc
+++ b/modules/microshift-k8s-apis.adoc
@@ -2,8 +2,8 @@
 //
 // * microshift_troubleshooting/microshift-version.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-k8s-apis_{context}"]
-= {product-title} Kubernetes APIs
+= {microshift-short} Kubernetes APIs
 
-The Kubernetes API is fully accessible within {product-title} and can be managed with the `kubectl` command-line tool or the {OCP} CLI tool (`oc`). The `oc` binary is compatible with `kubectl` and offers a set of features that can be used with {product-title}. Using these command-line tools with {product-title} can help you access all of the resources you need to work with your deployments.
\ No newline at end of file
+The Kubernetes API is fully accessible within {microshift-short} and can be managed with the `kubectl` command-line tool or the {OCP} CLI tool (`oc`). The `oc` binary is compatible with `kubectl` and offers a set of features that can be used with {microshift-short}. Using these command-line tools with {microshift-short} can help you access all of the resources you need to work with your deployments.
\ No newline at end of file
diff --git a/modules/microshift-ki-cni-iptables-deleted.adoc b/modules/microshift-ki-cni-iptables-deleted.adoc
index ebb47c1a9e88..a93466e2db2f 100644
--- a/modules/microshift-ki-cni-iptables-deleted.adoc
+++ b/modules/microshift-ki-cni-iptables-deleted.adoc
@@ -2,7 +2,7 @@
 //
 // * this module is unused as of the 4.13 release; it can be kept for the procedure of deleting the ovnkube master pod if the iptables flush issue with the firewall persists
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-ki-cni-iptables-deleted_{context}"]
 = Reloading the firewall deletes iptable rules
 
@@ -25,14 +25,14 @@ Run the commands listed in each step that follows to restore the iptable rules.
 
 . Find the name of the ovnkube-master pod that you want to restart by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ pod=$(oc get pods -n openshift-ovn-kubernetes | grep ovnkube-master | awk -F " " '{print $1}')
 ----
 
 . Delete the ovnkube-master pod:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ovn-kubernetes delete pod $pod
 ----
@@ -41,7 +41,7 @@ This command causes the daemon set pod to be automatically restarted, causing a
 
 . Confirm that the iptables have reconciled by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo iptables-save | grep NODEPORT
 :OVN-KUBE-NODEPORT - [0:0]
@@ -53,7 +53,7 @@ $ sudo iptables-save | grep NODEPORT
 
 . You can also confirm that a new ovnkube-master pod has been started by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n openshift-ovn-kubernetes
 ----
diff --git a/modules/microshift-kubeconfig-generating-remote-kcfiles.adoc b/modules/microshift-kubeconfig-generating-remote-kcfiles.adoc
index 25abc420ba44..68597b34200e 100644
--- a/modules/microshift-kubeconfig-generating-remote-kcfiles.adoc
+++ b/modules/microshift-kubeconfig-generating-remote-kcfiles.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="generating-additional-kubeconfig-files_{context}"]
 = Generating additional kubeconfig files for remote access
 
@@ -10,23 +10,23 @@ You can generate additional `kubeconfig` files to use if you need more host name
 
 [IMPORTANT]
 ====
-You must restart {product-title} for configuration changes to be implemented.
+You must restart {microshift-short} for configuration changes to be implemented.
 ====
 
 .Prerequisites
 
-* You have created a `config.yaml` for {product-title}.
+* You have created a `config.yaml` for {microshift-short}.
 
 .Procedure
 
-. (Optional) You can show the contents of the `config.yaml` by running the following command:
+. Optional: You can show the contents of the `config.yaml`. Run the following command:
 +
 [source,terminal]
 ----
 $ cat /etc/microshift/config.yaml
 ----
 
-. (Optional) You can show the contents of the remote-access `kubeconfig` file, by running the following command:
+. Optional: You can show the contents of the remote-access `kubeconfig` file. Run the following command:
 +
 [source,terminal]
 ----
@@ -57,7 +57,7 @@ apiServer:
 <2> DNS name
 <3> IP address or range
 
-. Restart {product-title} to apply configuration changes and auto-generate the `kubeconfig` files you need by running the following command:
+. Restart {microshift-short} to apply configuration changes and auto-generate the `kubeconfig` files you need by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/microshift-kubeconfig-local-access.adoc b/modules/microshift-kubeconfig-local-access.adoc
index 234029111d40..b559a3168f83 100644
--- a/modules/microshift-kubeconfig-local-access.adoc
+++ b/modules/microshift-kubeconfig-local-access.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-kubeconfig-local-access_{context}"]
 = Local access kubeconfig file
 
diff --git a/modules/microshift-kubeconfig-overview.adoc b/modules/microshift-kubeconfig-overview.adoc
index a336ea2d255a..fe992ba6c364 100644
--- a/modules/microshift-kubeconfig-overview.adoc
+++ b/modules/microshift-kubeconfig-overview.adoc
@@ -2,15 +2,15 @@
 //
 // * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="kubeconfig-files-overview_{context}"]
 = Kubeconfig files for configuring cluster access
 
-The two categories of `kubeconfig` files used in {product-title} are local access and remote access. Every time {product-title} starts, a set of `kubeconfig` files for local and remote access to the API server are generated. These files are generated in the `/var/lib/microshift/resources/kubeadmin/` directory using preexisting configuration information.
+The two categories of `kubeconfig` files used in {microshift-short} are local access and remote access. Every time {microshift-short} starts, a set of `kubeconfig` files for local and remote access to the API server are generated. These files are generated in the `/var/lib/microshift/resources/kubeadmin/` directory using preexisting configuration information.
 
 Each access type requires a different authentication certificate signed by different Certificate Authorities (CAs). The generation of multiple `kubeconfig` files accommodates this need.
 
-You can use the appropriate `kubeconfig` file for the access type needed in each case to provide authentication details. The contents of {product-title} `kubeconfig` files are determined by either default built-in values or a `config.yaml` file.
+You can use the appropriate `kubeconfig` file for the access type needed in each case to provide authentication details. The contents of {microshift-short} `kubeconfig` files are determined by either default built-in values or a `config.yaml` file.
 
 [NOTE]
 ====
@@ -32,4 +32,4 @@ A `kubeconfig` file must exist for the cluster to be accessible. The values are
 <1> Local host name. The main IP address of the host is always the default.
 <2> Subject Alternative Names for API server certificates.
 <3> DNS name.
-<4> {product-title} host name.
+<4> {microshift-short} host name.
diff --git a/modules/microshift-kubeconfig-remote-con.adoc b/modules/microshift-kubeconfig-remote-con.adoc
index 44ca66fc5e8d..4dabe5442df5 100644
--- a/modules/microshift-kubeconfig-remote-con.adoc
+++ b/modules/microshift-kubeconfig-remote-con.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift/microshift_configuring/microshift-cluster-access-kubeconfig.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="remote-access-con_{context}"]
 = Remote access kubeconfig files
 
-When a {product-title} cluster connects to the API server from an external source, a certificate with all of the alternative names in the SAN field is used for validation. {product-title} generates a default `kubeconfig` for external access using the `hostname` value. The defaults are set in the `<node.hostnameOverride>`, `<node.nodeIP>` and `api.<dns.baseDomain>` parameter values of the default `kubeconfig` file.
+When a {microshift-short} cluster connects to the API server from an external source, a certificate with all of the alternative names in the SAN field is used for validation. {microshift-short} generates a default `kubeconfig` for external access using the `hostname` value. The defaults are set in the `<node.hostnameOverride>`, `<node.nodeIP>` and `api.<dns.baseDomain>` parameter values of the default `kubeconfig` file.
 
 The `/var/lib/microshift/resources/kubeadmin/<hostname>/kubeconfig` file uses the `hostname` of the machine, or `node.hostnameOverride` if that option is set, to reach the API server. The CA of the `kubeconfig` file is able to validate certificates when accessed externally.
 
diff --git a/modules/microshift-lvm-thin-volumes.adoc b/modules/microshift-lvm-thin-volumes.adoc
new file mode 100644
index 000000000000..a35a763b48a7
--- /dev/null
+++ b/modules/microshift-lvm-thin-volumes.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * microshift_storage/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-lvm-thin-volumes_{context}"]
+= About LVM thin volumes
+
+To use advanced storage features such as creating volume snapshots or volume cloning, you must perform the following actions:
+
+* Configure both the logical volume manager storage (LVMS) provider and the cluster.
+* Provision a logical volume manager (LVM) thin-pool on the {op-system-ostree} host.
+* Attach LVM thin-pools to a volume group.
+
+[IMPORTANT]
+====
+To create Container Storage Interface (CSI) snapshots, you must configure thin volumes on the {op-system-ostree} host. The CSI does not support volume shrinking.
+====
+
+For LVMS to manage thin logical volumes (LVs), a thin-pool `device-class` array must be specified in the `etc/lvmd.yaml` configuration file. Multiple thin-pool device classes are permitted.
+
+If additional storage pools are configured with device classes, then additional storage classes must also exist to expose the storage pools to users and workloads. To enable dynamic provisioning on a thin-pool, a `StorageClass` resource must be present on the cluster. The `StorageClass` resource specifies the source `device-class` array in the `topolvm.io/device-class` parameter.
+
+.Example `lvmd.yaml` file that specifies a single device class for a thin-pool
+[source, yaml]
+----
+socket-name: <1>
+device-classes: <2>
+  - name: thin <3>
+    default: true
+    spare-gb: 0 <4>
+    thin-pool:
+      name: thin
+      overprovision-ratio: 10 <5>
+    type: thin <6>
+    volume-group: ssd <7>
+----
+<1> String. The UNIX domain socket endpoint of gRPC. Defaults to `/run/lvmd/lvmd.socket`.
+<2> A list of maps for the settings for each `device-class`.
+<3> String. The unique name of the `device-class`.
+<4> Unsigned 64-bit integer. Storage capacity in GB to be left unallocated in the volume group. Defaults to `0`.
+<5> If you have multiple thin-provisioned devices that share the same pool, then these devices can be over-provisioned. Over-provisioning requires a float value of 1 or greater.
+<6> Thin provisioning is required to create volume snapshots.
+<7> String. The group where the `device-class` creates the logical volumes.
+
+[IMPORTANT]
+====
+When multiple PVCs are created simultaneously, a race condition prevents LVMS from accurately tracking the allocated space and preserving the storage capacity for a device class. Use separate volume groups and device classes to protect the storage of highly dynamic workloads from each other.
+====
\ No newline at end of file
diff --git a/modules/microshift-lvmd-yaml-creating.adoc b/modules/microshift-lvmd-yaml-creating.adoc
index 6a75da025913..266460c4c128 100644
--- a/modules/microshift-lvmd-yaml-creating.adoc
+++ b/modules/microshift-lvmd-yaml-creating.adoc
@@ -2,17 +2,17 @@
 //
 // * microshift_storage/microshift-storage-plugin-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-lvmd-yaml-creating_{context}"]
 = Creating an LVMS configuration file
 
-When {product-title} runs, it uses LVMS configuration from `/etc/microshift/lvmd.yaml`, if provided. You must place any configuration files that you create into the `/etc/microshift/` directory.
+When {microshift-short} runs, it uses LVMS configuration from `/etc/microshift/lvmd.yaml`, if provided. You must place any configuration files that you create into the `/etc/microshift/` directory.
 
 .Procedure
 
 * To create the `lvmd.yaml` configuration file, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo cp /etc/microshift/lvmd.yaml.default /etc/microshift/lvmd.yaml
 ----
diff --git a/modules/microshift-lvms-config-example-basic.adoc b/modules/microshift-lvms-config-example-basic.adoc
index 3b32a967f012..270851e3b5c5 100644
--- a/modules/microshift-lvms-config-example-basic.adoc
+++ b/modules/microshift-lvms-config-example-basic.adoc
@@ -2,16 +2,20 @@
 //
 // * microshift_storage/microshift-storage-plugin-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-lvmd-config-example-basic_{context}"]
 = Basic LVMS configuration example
 
-{product-title} supports passing through your LVM configuration and allows you to specify custom volume groups, thin volume provisioning parameters, and reserved unallocated volume group space. You can edit the LVMS configuration file you created at any time. You must restart {product-title} to deploy configuration changes after editing the file.
+{microshift-short} supports passing through your LVM configuration and allows you to specify custom volume groups, thin volume provisioning parameters, and reserved unallocated volume group space. You can edit the LVMS configuration file you created at any time. You must restart {microshift-short} to deploy configuration changes after editing the file.
+
+[NOTE]
+====
+If you need to take volume snapshots, you must use thin provisioning in your `lvmd.conf` file. If you do not need to take volume snapshots, you can use thick volumes.
+====
 
 The following `lvmd.yaml` example file shows a basic LVMS configuration:
 
 .LVMS configuration example
-
 [source,yaml]
 ----
 socket-name: <1>
@@ -25,7 +29,7 @@ device-classes: <2>
 <2> A list of maps for the settings for each `device-class`.
 <3> String. The name of the `device-class`.
 <4> String. The group where the `device-class` creates the logical volumes.
-<5> Unsigned 64-bit integer. Storage capacity in GiB to be left unallocated in the volume group. Defaults to `0`.
+<5> Unsigned 64-bit integer. Storage capacity in GB to be left unallocated in the volume group. Defaults to `0`.
 <6> Boolean. Indicates that the `device-class` is used by default. Defaults to `false`. At least one value must be entered in the YAML file values when this is set to `true`.
 
 [IMPORTANT]
diff --git a/modules/microshift-lvms-deployment.adoc b/modules/microshift-lvms-deployment.adoc
index 7673e01d687d..0c00a1b5c78a 100644
--- a/modules/microshift-lvms-deployment.adoc
+++ b/modules/microshift-lvms-deployment.adoc
@@ -2,10 +2,10 @@
 //
 // * microshift_storage/microshift-storage-plugin-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-lvms-deployment_{context}"]
 = LVMS deployment
 
-LVMS is automatically deployed on to the cluster in the `openshift-storage` namespace after {product-title} starts.
+LVMS is automatically deployed on to the cluster in the `openshift-storage` namespace after {microshift-short} starts.
 
 LVMS uses `StorageCapacity` tracking to ensure that pods with an LVMS PVC are not scheduled if the requested storage is greater than the free storage of the volume group. For more information about `StorageCapacity` tracking, read link:https://kubernetes.io/docs/concepts/storage/storage-capacity/[Storage Capacity].
\ No newline at end of file
diff --git a/modules/microshift-lvms-system-requirements.adoc b/modules/microshift-lvms-system-requirements.adoc
index e8db08078234..95a2bddc4480 100644
--- a/modules/microshift-lvms-system-requirements.adoc
+++ b/modules/microshift-lvms-system-requirements.adoc
@@ -2,24 +2,27 @@
 //
 // * microshift_storage/microshift-storage-plugin-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-lvms-system-requirements_{context}"]
 = LVMS system requirements
 
-Using LVMS in {product-title} requires the following system specifications.
+Using LVMS in {microshift-short} requires the following system specifications.
 
 [id="lvms-volume-group-name_{context}"]
 == Volume group name
 
-The default integration of LVMS selects the default volume group (VG) dynamically. If there are no volume groups on the {product-title} host, LVMS is disabled.
+If you did not configure LVMS in an `lvmd.yaml` YAML file placed in the `/etc/microshift/` directory, {microshift-short} attempts to assign a default volume group (VG) dynamically by running the `vgs` command. 
+* {microshift-short} assigns a default VG when only one VG is found. 
+* If more than one VG is present, the VG named `microshift` is assigned as the default. 
+* If a VG named `microshift` does not exist, LVMS is not deployed.
 
-If there is only one VG on the {product-title} host, that VG is used. If there are multiple volume groups, the group `microshift` is used. If the `microshift` group is not found, LVMS is disabled.
+If there are no volume groups on the {microshift-short} host, LVMS is disabled.
 
 If you want to use a specific VG, LVMS must be configured to select that VG. You can change the default name of the VG in the configuration file. For details, read the "Configuring the LVMS" section of this document.
 
 You can change the default name of the VG in the configuration file. For details, read the "Configuring the LVMS" section of this document.
 
-Prior to launching, the `lvmd.yaml` configuration file must specify an existing VG on the node with sufficient capacity for workload storage. If the VG does not exist, the node controller fails to start and enters a `CrashLoopBackoff` state.
+After {microshift-short} starts, you can update the `lvmd.yaml` to include or remove VGs. To implement changes, you must restart {microshift-short}. If the `lvmd.yaml` is deleted, {microshift-short} attempts to find a default VG again.
 
 [id="lvms-volume-size-increments_{context}"]
 == Volume size increments
diff --git a/modules/microshift-lvms-using.adoc b/modules/microshift-lvms-using.adoc
index 2ba49899258e..47b27359d8a0 100644
--- a/modules/microshift-lvms-using.adoc
+++ b/modules/microshift-lvms-using.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_storage/microshift-storage-plugin-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-lvms-using_{context}"]
 = Using the LVMS
 
diff --git a/modules/microshift-mDNS.adoc b/modules/microshift-mDNS.adoc
index a4d57253a67f..6c3d62b7e0d2 100644
--- a/modules/microshift-mDNS.adoc
+++ b/modules/microshift-mDNS.adoc
@@ -2,10 +2,10 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-mDNS_{context}"]
 = The multicast DNS protocol
 
 You can use the multicast DNS protocol (mDNS) to allow name resolution and service discovery within a Local Area Network (LAN) using multicast exposed on the `5353/UDP` port.
 
-{product-title} includes an embedded mDNS server for deployment scenarios in which the authoritative DNS server cannot be reconfigured to point clients to services on {product-title}. The embedded DNS server allows `.local` domains exposed by {product-title} to be discovered by other elements on the LAN.
+{microshift-short} includes an embedded mDNS server for deployment scenarios in which the authoritative DNS server cannot be reconfigured to point clients to services on {microshift-short}. The embedded DNS server allows `.local` domains exposed by {microshift-short} to be discovered by other elements on the LAN.
diff --git a/modules/microshift-making-storage-migration-request.adoc b/modules/microshift-making-storage-migration-request.adoc
new file mode 100644
index 000000000000..a417ef7581d7
--- /dev/null
+++ b/modules/microshift-making-storage-migration-request.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * microshift_storage/microshift-storage-migration.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-making-storage-migration-request_{context}"]
+= Making a storage migration request
+
+Storage migration is the process of updating stored data to the latest storage version, for example from `v1beta1` to `v1beta2`. To update your storage version, use the following procedure.
+
+.Procedure
+
+* Either you or any controller that has support for the `StorageVersionMigration` API must trigger a migration request. Use the following example request for reference:
++
+.Example request
++
+[source,terminal]
+----
+apiVersion: migration.k8s.io/v1alpha1
+kind: StorageVersionMigration
+metadata:
+  name: snapshot-v1
+spec:
+  resource:
+    group: snapshot.storage.k8s.io
+    resource: volumesnapshotclasses <1>
+    version: v1 <2>
+----
+<1> You must use the plural name of the resource.
+<2> Version being updated to.
+
+*  The progress of the migration is posted to the `StorageVersionMigration` status.
+
+[NOTE]
+====
+* Failures can occur because of a misnamed group or resource.
+* Migration failures can also occur when there is an incompatibility between the previous and latest versions.
+====
\ No newline at end of file
diff --git a/modules/microshift-manifests-override-paths.adoc b/modules/microshift-manifests-override-paths.adoc
new file mode 100644
index 000000000000..ccd68db1071e
--- /dev/null
+++ b/modules/microshift-manifests-override-paths.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * microshift//running_applications/microshift-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-manifests-override-paths_{context}"]
+= Override the list of manifest paths
+
+You can override the list of default manifest paths by using a new single path, or by using a new glob pattern for multiple files. Use the following procedure to customize your manifest paths.
+
+.Procedure
+
+. Override the list of default paths by inserting your own values and running one of the following commands:
+
+.. Set `manifests.kustomizePaths` to `<++"++/opt/alternate/path++"++>` in the configuration file for a single path.
+
+.. Set `kustomizePaths` to `,++"++/opt/alternative/path.d/++*"++.` in the configuration file for a glob pattern.
++
+[source,terminal]
+----
+manifests:
+    kustomizePaths:
+        - <location> <1>
+----
+<1> Set each location entry to an exact path by using `++"++/opt/alternate/path++"++` or a glob pattern by using `++"++/opt/alternative/path.d/++*"++`.
+
+. To disable loading manifests, set the configuration option to an empty list.
++
+[source,terminal]
+----
+manifests:
+    kustomizePaths: []
+----
++
+[NOTE]
+====
+The configuration file overrides the defaults entirely. If the `kustomizePaths` value is set, only the values in the configuration file are used. Setting the value to an empty list disables manifest loading.
+====
\ No newline at end of file
diff --git a/modules/microshift-manifests-overview.adoc b/modules/microshift-manifests-overview.adoc
index c9af8ad7f757..f16e925ddfa1 100644
--- a/modules/microshift-manifests-overview.adoc
+++ b/modules/microshift-manifests-overview.adoc
@@ -1,12 +1,36 @@
 // Module included in the following assemblies:
 //
-// * microshift/using-config-tools.adoc
+// * microshift//running_applications/microshift-applications.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-manifests-overview_{context}"]
-= How manifests work with kustomize
+= How Kustomize works with manifests to deploy applications
 
-The `kustomize` configuration management tool is integrated with {product-title}. At every start, {product-title} searches the `/etc/microshift/manifests` and `/usr/lib/microshift/` manifest directories for a `kustomization.yaml` file. If it finds one, {product-title} automatically runs the equivalent of the `kubectl apply -k` command to apply the identified manifests to the cluster.
+The `kustomize` configuration management tool is integrated with {microshift-short}. You can use Kustomize and the {oc-first} together to apply customizations to your application manifests and deploy those applications to a {microshift-short} cluster.
+
+* A `kustomization.yaml` file is a specification of resources plus customizations.
+* Kustomize uses a `kustomization.yaml` file to load a resource, such as an application, then applies any changes you want to that application manifest and produces a copy of the manifest with the changes overlaid.
+* Using a manifest copy with an overlay keeps the original configuration file for your application intact, while enabling you to deploy iterations and customizations of your applications efficiently.
+* You can then deploy the application in your {microshift-short} cluster with an `oc` command.
+
+[id="how-microshift-uses-manifests"]
+== How {microshift-short} uses manifests
+At every start, {microshift-short} searches the following manifest directories for Kustomize manifest files:
+
+* `/etc/microshift/manifests`
+* `/etc/microshift/manifests.d/++*++`
+* `/usr/lib/microshift/
+* `/usr/lib/microshift/manifests.d/++*++`
+
+{microshift-short} automatically runs the equivalent of the `kubectl apply -k` command to apply the manifests to the cluster if any of the following file types exists in the searched directories:
+
+* `kustomization.yaml`
+* `kustomization.yml`
+* `Kustomization`
+
+This automatic loading from multiple directories means you can manage {microshift-short} workloads with the flexibility of having different workloads run independently of each other.
+
+.{microshift-short} manifest directories
 
 [cols="2",options="header"]
 |===
@@ -16,6 +40,12 @@ The `kustomize` configuration management tool is integrated with {product-title}
 |`/etc/microshift/manifests`
 |Read-write location for configuration management systems or development.
 
+|`/etc/microshift/manifests.d/*`
+|Read-write location for configuration management systems or development.
+
 |`/usr/lib/microshift/manifests`
 |Read-only location for embedding configuration manifests on OSTree-based systems.
+
+|`/usr/lib/microshift/manifestsd./*`
+|Read-only location for embedding configuration manifests on OSTree-based systems.
 |===
\ No newline at end of file
diff --git a/modules/microshift-mirror-container-images.adoc b/modules/microshift-mirror-container-images.adoc
new file mode 100644
index 000000000000..cf6750d41850
--- /dev/null
+++ b/modules/microshift-mirror-container-images.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * microshift/running_applications/microshift-deploy-with-mirror-registry.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-mirror-container-images_{context}"]
+= Mirror container images into an existing registry
+
+Using a custom air-gapped container registry, or mirror, is necessary with certain user environments and workload requirements. Mirroring allows for the transfer of container images and updates to air-gapped environments where they can be installed on a {microshift-short} instance.
+
+To create an air-gapped mirror registry for {microshift-short} containers, you must complete the following steps:
+
+* Get the container image list to be mirrored.
+* Configure the mirroring prerequisites.
+* Download images on a host with the internet access.
+* Copy the downloaded image directory to an air-gapped site.
+* Upload images to a mirror registry in an air-gapped site.
+* Configure your {microshift-short} hosts to use the mirror registry.
diff --git a/modules/microshift-mirroring-prereqs.adoc b/modules/microshift-mirroring-prereqs.adoc
new file mode 100644
index 000000000000..12e9d925e239
--- /dev/null
+++ b/modules/microshift-mirroring-prereqs.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * microshift/running_applications/microshift-deploy-with-mirror-registry.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-configuring-mirroring-prereqs_{context}"]
+= Configuring mirroring prerequisites
+
+You must create a container image registry credentials file that allows the mirroring of images from your internet-connected mirror host to your air-gapped mirror. Follow the instructions in the "Configuring credentials that allow images to be mirrored" link provided in the "Additional resources" section. These instructions guide you to create a `~/.pull-secret-mirror.json` file on the mirror registry host that includes the user credentials for accessing the mirror.
+
+[id="microshift-example-mirror-pull-secret-entry_{context}"]
+== Example mirror registry pull secret entry
+
+For example, the following section is added to the pull secret file for the `microshift_quay:8443` mirror registry using `microshift:microshift` as username and password.
+
+.Example mirror registry section for pull secret file
+[source,terminal]
+----
+"<microshift_quay:8443>": { <1>
+    "auth": "<microshift_auth>", <2>
+    "email": "<microshift_quay@example.com>" <3>
+},
+----
+<1> Replace the `<registry_host>:<port>` value `microshift_quay:8443` with the host name and port of your mirror registry server.
+<2> Replace the `<microshift_auth>` value with the user password.
+<3> Replace the `</microshift_quay@example.com>` value with the user email.
\ No newline at end of file
diff --git a/modules/microshift-nodeport-unreachable-workaround.adoc b/modules/microshift-nodeport-unreachable-workaround.adoc
index 4bef2a62fce3..36b886e5101e 100644
--- a/modules/microshift-nodeport-unreachable-workaround.adoc
+++ b/modules/microshift-nodeport-unreachable-workaround.adoc
@@ -2,11 +2,11 @@
 //
 // * module may be unused in 4.13
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-nodeport-unreachable-workaround_{context}"]
 = Manually restarting the `ovnkube-master` pod to resume node port traffic
 
-After you install {product-title}, NodePort service traffic might stop. To troubleshoot this issue, manually restart the `ovnkube-master` pod in the `openshift-ovn-kubernetes` namespace.
+After you install {microshift-short}, NodePort service traffic might stop. To troubleshoot this issue, manually restart the `ovnkube-master` pod in the `openshift-ovn-kubernetes` namespace.
 
 .Prerequisites
 
@@ -17,25 +17,25 @@ After you install {product-title}, NodePort service traffic might stop. To troub
 
 .Procedure
 
-Run the commands listed in each step that follows to restore the `NodePort` service traffic after you install{product-title}:
+Run the commands listed in each step that follows to restore the `NodePort` service traffic after you install {microshift-short}:
 
 . Find the name of the ovn-master pod that you want to restart by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ pod=$(oc get pods -n openshift-ovn-kubernetes | grep ovnkube-master | awk -F " " '{print $1}')
 ----
 
 . Force a restart of the of the ovnkube-master pod by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ovn-kubernetes delete pod $pod
 ----
 
 . Optional: To confirm that the ovnkube-master pod restarted, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n openshift-ovn-kubernetes
 ----
diff --git a/modules/microshift-nw-advertise-address.adoc b/modules/microshift-nw-advertise-address.adoc
new file mode 100644
index 000000000000..4c1fe893618a
--- /dev/null
+++ b/modules/microshift-nw-advertise-address.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * microshift/using-config-tools.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-yaml-advertiseAddress_{context}"]
+= Configuring the advertise address network flag
+
+The `apiserver.advertiseAddress` flag specifies the IP address on which to advertise the API server to members of the cluster. This address must be reachable by the cluster. You can set a custom IP address here, but you must also add the IP address to a host interface. Customizing this parameter preempts {microshift-short} from adding a default IP address to the `br-ex` network interface.
+
+[IMPORTANT]
+====
+If you customize the `advertiseAddress` IP address, make sure it is reachable by the cluster when {microshift-short} starts by adding the IP address to a host interface.
+====
+
+If unset, the default value is set to the next immediate subnet after the service network. For example, when the service network is `10.43.0.0/16`, the `advertiseAddress` is set to `10.44.0.0/32`.
\ No newline at end of file
diff --git a/modules/microshift-nw-components-svcs.adoc b/modules/microshift-nw-components-svcs.adoc
new file mode 100644
index 000000000000..6dda23f1cb41
--- /dev/null
+++ b/modules/microshift-nw-components-svcs.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-cni.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-network-comps-svcs_{context}"]
+= {microshift-short} networking components and services
+This brief overview describes networking components and their operation in {microshift-short}. The `microshift-networking` RPM is a package that automatically pulls in any networking-related dependencies and systemd services to initialize networking, for example, the `microshift-ovs-init` systemd service.
+
+NetworkManager::
+NetworkManager is required to set up the initial gateway bridge on the {microshift-short} node. The NetworkManager and `NetworkManager-ovs` RPM packages are installed as dependencies to the `microshift-networking` RPM package, which contains the necessary configuration files. NetworkManager in {microshift-short} uses the `keyfile` plugin and is restarted after installation of the `microshift-networking` RPM package.
+
+microshift-ovs-init::
+The `microshift-ovs-init.service` is installed by the `microshift-networking` RPM package as a dependent systemd service to `microshift.service`. It is responsible for setting up the OVS gateway bridge.
+
+OVN containers::
+Two OVN-Kubernetes daemon sets are rendered and applied by {microshift-short}.
+
+* *ovnkube-master*
+Includes the `northd`, `nbdb`, `sbdb` and `ovnkube-master` containers.
+
+* *ovnkube-node*
+The ovnkube-node includes the OVN-Controller container.
++
+After {microshift-short} starts, the OVN-Kubernetes daemon sets are deployed in the `openshift-ovn-kubernetes` namespace.
+
+Packaging::
+OVN-Kubernetes manifests and startup logic are built into {microshift-short}. The systemd services and configurations included in the `microshift-networking` RPM are:
+
+* `/etc/NetworkManager/conf.d/microshift-nm.conf` for `NetworkManager.service`
+* `/etc/systemd/system/ovs-vswitchd.service.d/microshift-cpuaffinity.conf` for `ovs-vswitchd.service`
+* `/etc/systemd/system/ovsdb-server.service.d/microshift-cpuaffinity.conf` for `ovs-server.service`
+* `/usr/bin/configure-ovs-microshift.sh` for `microshift-ovs-init.service`
+* `/usr/bin/configure-ovs.sh` for `microshift-ovs-init.service`
+* `/etc/crio/crio.conf.d/microshift-ovn.conf` for the CRI-O service
\ No newline at end of file
diff --git a/modules/microshift-nw-topology.adoc b/modules/microshift-nw-topology.adoc
new file mode 100644
index 000000000000..17be15b352f0
--- /dev/null
+++ b/modules/microshift-nw-topology.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-cni.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-network-topology_{context}"]
+= Network topology
+OVN-Kubernetes provides an overlay-based networking implementation. This overlay includes an OVS-based implementation of Service and NetworkPolicy. The overlay network uses the Geneve (Generic Network Virtualization Encapsulation) tunnel protocol. The pod maximum transmission unit (MTU) for the Geneve tunnel is set to the default route MTU if it is not configured.
+
+To configure the MTU, you must must set an equal-to or less-than value than the MTU of the physical interface on the host. A less-than value for the MTU makes room for the required information that is added to the tunnel header before it is transmitted.
+
+OVS runs as a systemd service on the {microshift-short} node. The OVS RPM package is installed as a dependency to the `microshift-networking` RPM package. OVS is started immediately when the `microshift-networking` RPM is installed.
+
+.{product-title} network topology
+image:317_RHbM_OVN_topology_0923.png[title="{microshift-short} uses an overlay-based networking implementation, details follow."]
+
+[id="microshift-description-ovn-logical-components_{context}"]
+== Description of the OVN logical components of the virtualized network
+OVN node switch::
+A virtual switch named `<node-name>`. The OVN node switch is named according to the hostname of the node.
+** In this example, the `node-name` is `microshift-dev`.
+
+OVN cluster router::
+A virtual router named `ovn_cluster_router`, also known as the distributed router.
+** In this example, the cluster network is `10.42.0.0/16`.
+
+OVN join switch::
+A virtual switch named `join`.
+
+OVN gateway router::
+A virtual router named `GR_<node-name>`, also known as the external gateway router.
+
+OVN external switch::
+A virtual switch named `ext_<node-name>.`
+
+[id="microshift-description-connections-network-topology_{context}"]
+== Description of the connections in the network topology figure
+* The north-south traffic between the network service and the OVN external switch `ext_microshift-dev` is provided through the host kernel by the gateway bridge `br-ex`.
+* The OVN gateway router `GR_microshift-dev` is connected to the external network switch `ext_microshift-dev` through the logical router port 4. Port 4 is attached with the node IP address 192.168.122.14.
+* The join switch `join` connects the OVN gateway router `GR_microshift-dev` to the OVN cluster router `ovn_cluster_router`. The IP address range is 100.62.0.0/16.
+** The OVN gateway router `GR_microshift-dev` connects to the OVN join switch `join` through the logical router port 3. Port 3 attaches with the internal IP address 100.64.0.2.
+** The OVN cluster router `ovn_cluster_router` connects to the join switch `join` through the logical router port 2. Port 2 attaches with the internal IP address 100.64.0.1.
+* The OVN cluster router `ovn_cluster_router` connects to the node switch `microshift-dev` through the logical router port 1. Port 1 is attached with the OVN cluster network IP address 10.42.0.1.
+* The east-west traffic between the pods and the network service is provided by the OVN cluster router `ovn_cluster_router` and the node switch `microshift-dev`. The IP address range is 10.42.0.0/24.
+* The east-west traffic between pods is provided by the node switch `microshift-dev` without network address translation (NAT).
+* The north-south traffic between the pods and the external network is provided by the OVN cluster router `ovn_cluster_router` and the host network. This router is connected through the `ovn-kubernetes` management port `ovn-k8s-mp0`, with the IP address 10.42.0.2.
+* All the pods are connected to the OVN node switch through their interfaces.
+** In this example, Pod 1 and Pod 2 are connected to the node switch through `Interface 1` and `Interface 2`.
diff --git a/modules/microshift-observe-debug-etcd-server.adoc b/modules/microshift-observe-debug-etcd-server.adoc
index 943f7d3550ef..705152198795 100644
--- a/modules/microshift-observe-debug-etcd-server.adoc
+++ b/modules/microshift-observe-debug-etcd-server.adoc
@@ -2,15 +2,15 @@
 //
 //* microshift_support/microshift-etcd.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-observe-debug-etcd-server_{context}"]
-= Observe and debug the {product-title} etcd server
+= Observe and debug the {microshift-short} etcd server
 
 You can gather `journalctl` logs to observe and debug the etcd server logs.
 
 .Prerequisites
 
-* The {product-title} service is running.
+* The {microshift-short} service is running.
 
 .Procedure
 
@@ -23,5 +23,5 @@ $ sudo journalctl -u microshift-etcd.scope
 +
 [NOTE]
 ====
-{product-title} logs can be accessed separately from etcd logs using the `journalctl -u microshift` command.
+{microshift-short} logs can be accessed separately from etcd logs using the `journalctl -u microshift` command.
 ====
\ No newline at end of file
diff --git a/modules/microshift-oc-adm-by-example-content.adoc b/modules/microshift-oc-adm-by-example-content.adoc
index 670459b44c64..d1311e3e2eaf 100644
--- a/modules/microshift-oc-adm-by-example-content.adoc
+++ b/modules/microshift-oc-adm-by-example-content.adoc
@@ -2,117 +2,31 @@
 // This template is for admin ('oc adm ...') commands
 // Uses 'source,bash' for proper syntax highlighting for comments in examples
 
-:_content-type: REFERENCE
-[id="microshift-oc-cli-admin_{context}"]
+:_mod-docs-content-type: REFERENCE
+[id="microshift-cli-admin_{context}"]
 = OpenShift CLI (oc) administrator commands
 
-//IMPORTANT: QE'd and hand-edited for relevance to MicroShift; use this version to check auto-generated files for 4.14
 
-//== oc adm build-chain
-
-== oc adm catalog mirror
-Mirror an operator-registry catalog
-
-.Example usage
-[source,bash,options="nowrap"]
-----
-  # Mirror an operator-registry image and its contents to a registry
-  oc adm catalog mirror quay.io/my/image:latest myregistry.com
-
-  # Mirror an operator-registry image and its contents to a particular namespace in a registry
-  oc adm catalog mirror quay.io/my/image:latest myregistry.com/my-namespace
-
-  # Mirror to an airgapped registry by first mirroring to files
-  oc adm catalog mirror quay.io/my/image:latest file:///local/index
-  oc adm catalog mirror file:///local/index/my/image:latest my-airgapped-registry.com
-
-  # Configure a cluster to use a mirrored registry
-  oc apply -f manifests/imageContentSourcePolicy.yaml
-
-  # Edit the mirroring mappings and mirror with "oc image mirror" manually
-  oc adm catalog mirror --manifests-only quay.io/my/image:latest myregistry.com
-  oc image mirror -f manifests/mapping.txt
-
-  # Delete all ImageContentSourcePolicies generated by oc adm catalog mirror
-  oc delete imagecontentsourcepolicy -l operators.openshift.org/catalog=true
-----
-
-//== oc adm certificate approve
-//== oc adm certificate deny
-//== oc adm cordon
-//== oc adm create-bootstrap-project-template
-//== oc adm create-error-template
-//== oc adm create-login-template
-//== oc adm create-provider-selection-template
-//== oc adm drain
-//== oc adm groups add-users
-//== oc adm groups new
-//== oc adm groups prune
-//== oc adm groups remove-users
-//== oc adm groups sync
 
 == oc adm inspect
 Collect debugging data for a given resource
-//NOTE: This was hand-edited per QE in 4.13. This section is correct as is.
-.Example usage
-[source,bash,options="nowrap"]
-----
-  # Collect debugging data for the "microshift-apiserver"
-  oc adm inspect service/kubernetes
-
-  # Collect debugging data for the "microshift-apiserver" and "toptlvm-apiserver"
-  oc adm inspect service/kubernetes crd/logicalvolumes.topolvm.io
-
-  # Collect debugging data for services
-   oc adm inspect service
-
-  # Collect debugging data for all clusterversions
-  oc adm inspect service,crd
-----
-
-== oc adm migrate icsp
-Update imagecontentsourcepolicy file(s) to imagedigestmirrorset file(s).
 
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # update the imagecontentsourcepolicy.yaml to new imagedigestmirrorset file under directory mydir
-  oc adm migrate icsp imagecontentsourcepolicy.yaml --dest-dir mydir
-----
-
-//== oc adm migrate template-instances
-//== oc adm must-gather
-//== oc adm new-project
-
-
-//== oc adm node-logs
-Display and filter node logs
+  # Collect debugging data for a kubernetes service
+  oc adm inspect service/kubernetes
 
-.Example usage
-[source,bash,options="nowrap"]
-----
-  # Show kubelet logs from all masters
-  oc adm node-logs --role master -u kubelet
+  # Collect debugging data for a node
+  oc adm inspect node/<node_name>
 
-  # See what logs are available in masters in /var/logs
-  oc adm node-logs --role master --path=/
+  # Collect debugging data for logicalvolumes in a CRD
+  oc adm inspect crd/logicalvolumes.topolvm.io
 
-  # Display cron log file from all masters
-  oc adm node-logs --role master --path=cron
+  # Collect debugging data for routes.route.openshift.io in a CRD
+  oc adm inspect crd/routes.route.openshift.io
 ----
 
-//== oc adm pod-network isolate-projects
-//== oc adm pod-network join-projects
-//== oc adm pod-network make-projects-global
-//== oc adm policy add-role-to-user
-//== oc adm policy add-scc-to-group
-//== oc adm policy add-scc-to-user
-//== oc adm policy scc-review
-//== oc adm policy scc-subject-review
-//== oc adm prune builds
-//== oc adm prune deployments
-//== oc adm prune groups
-//== oc adm prune images
 
 
 == oc adm release extract
@@ -128,7 +42,7 @@ Extract the contents of an update payload to disk
   oc adm release extract --credentials-requests --cloud=aws
 
   # Use git to check out the source code for the current cluster release to DIR from linux/s390x image
-  # Note: Wildcard filter is not supported. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported; pass a single os/arch to extract
   oc adm release extract --git=DIR quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x
 ----
 
@@ -153,43 +67,14 @@ Display information about a release
   oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --pullspecs
 
   # Show information about linux/s390x image
-  # Note: Wildcard filter is not supported. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported; pass a single os/arch to extract
   oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x
 ----
 
 
 
-== oc adm release mirror
-Mirror a release to a different image registry location
-
-.Example usage
-[source,bash,options="nowrap"]
-----
-  # Perform a dry run showing what would be mirrored, including the mirror objects
-  oc adm release mirror 4.11.0 --to myregistry.local/openshift/release \
-  --release-image-signature-to-dir /tmp/releases --dry-run
-
-  # Mirror a release into the current directory
-  oc adm release mirror 4.11.0 --to file://openshift/release \
-  --release-image-signature-to-dir /tmp/releases
-
-  # Mirror a release to another directory in the default location
-  oc adm release mirror 4.11.0 --to-dir /tmp/releases
-
-  # Upload a release from the current directory to another server
-  oc adm release mirror --from file://openshift/release --to myregistry.com/openshift/release \
-  --release-image-signature-to-dir /tmp/releases
-
-  # Mirror the 4.11.0 release to repository registry.example.com and apply signatures to connected cluster
-  oc adm release mirror --from=quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64 \
-  --to=registry.example.com/your/repository --apply-release-image-signature
-----
-
-
-//== oc adm release new
-
 == oc adm taint
-Update the taints on one or more nodes
+Update the taints on nodes
 
 .Example usage
 [source,bash,options="nowrap"]
@@ -212,30 +97,3 @@ Update the taints on one or more nodes
 ----
 
 
-//== oc adm top images
-//== oc adm top imagestreams
-//== oc adm top node
-
-
-== oc adm top pod
-Display resource (CPU/memory) usage of pods
-
-.Example usage
-[source,bash,options="nowrap"]
-----
-  # Show metrics for all pods in the default namespace
-  oc adm top pod
-
-  # Show metrics for all pods in the given namespace
-  oc adm top pod --namespace=NAMESPACE
-
-  # Show metrics for a given pod and its containers
-  oc adm top pod POD_NAME --containers
-
-  # Show metrics for the pods defined by label name=myLabel
-  oc adm top pod -l name=myLabel
-----
-
-//== oc adm uncordon
-//== oc adm upgrade
-//== oc adm verify-image-signature
diff --git a/modules/microshift-oc-apis-errors.adoc b/modules/microshift-oc-apis-errors.adoc
index 63b4b9abfc96..9482f2acb0e3 100644
--- a/modules/microshift-oc-apis-errors.adoc
+++ b/modules/microshift-oc-apis-errors.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift-cli-using-oc/microshift-oc-apis-errors.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="microshift-oc-apis-errors_{context}"]
 = oc command errors in {product-title}
 
@@ -12,21 +12,21 @@ Not all OpenShift CLI (oc) tool commands are relevant for {product-title} deploy
 
 For example, when the following `new-project` command is run:
 
-[source, terminal]
+[source,terminal]
 ----
 $ oc new-project test
 ----
 
 The following error message can be generated:
 
-[source, terminal]
+[source,terminal]
 ----
 Error from server (NotFound): the server could not find the requested resource (get projectrequests.project.openshift.io)
 ----
 
 And when the `get projects` command is run, another error can be generated as follows:
 
-[source, terminal]
+[source,terminal]
 ----
 $ oc get projects
 error: the server doesn't have a resource type "projects"
diff --git a/modules/microshift-oc-by-example-content.adoc b/modules/microshift-oc-by-example-content.adoc
index aae63daafda0..c6c7d599602a 100644
--- a/modules/microshift-oc-by-example-content.adoc
+++ b/modules/microshift-oc-by-example-content.adoc
@@ -2,11 +2,11 @@
 // This template is for non-admin (not 'oc adm ...') commands
 // Uses 'source,bash' for proper syntax highlighting for comments in examples
 
-:_content-type: REFERENCE
-[id="microshift-oc-cli-developer_{context}"]
+:_mod-docs-content-type: REFERENCE
+[id="microshift-cli-developer_{context}"]
 = OpenShift CLI (oc) developer commands
 
-//NOTE: this is the autogenerated version, one command edited out
+
 
 == oc annotate
 Update the annotations on a resource
@@ -187,6 +187,11 @@ Check whether an action is allowed
   # Check to see if I can list deployments in my current namespace
   oc auth can-i list deployments.apps
 
+  # Check to see if service account "foo" of namespace "dev" can list pods
+  # in the namespace "prod".
+  # You must be allowed to use impersonation for the global option "--as".
+  oc auth can-i list pods --as=system:serviceaccount:dev:foo -n prod
+
   # Check to see if I can do everything in my current namespace ("*" means all)
   oc auth can-i '*' '*'
 
@@ -215,8 +220,22 @@ Reconciles rules for RBAC role, role binding, cluster role, and cluster role bin
   oc auth reconcile -f my-rbac-rules.yaml
 ----
 
-//== oc autoscale
-//removed, does not apply to MicroShift
+
+
+== oc auth whoami
+Experimental: Check self subject attributes
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Get your subject attributes.
+  oc auth whoami
+
+  # Get your subject attributes in JSON format.
+  oc auth whoami -o json
+----
+
+
 
 == oc cluster-info
 Display cluster information
@@ -394,6 +413,48 @@ Display users defined in the kubeconfig
 
 
 
+== oc config new-admin-kubeconfig
+Generate, make the server trust, and display a new admin.kubeconfig.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Generate a new admin kubeconfig
+  oc config new-admin-kubeconfig
+----
+
+
+
+== oc config new-kubelet-bootstrap-kubeconfig
+Generate, make the server trust, and display a new kubelet /etc/kubernetes/kubeconfig.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Generate a new kubelet bootstrap kubeconfig
+  oc config new-kubelet-bootstrap-kubeconfig
+----
+
+
+
+== oc config refresh-ca-bundle
+Update the OpenShift CA bundle by contacting the apiserver.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Refresh the CA bundle for the current context's cluster
+  oc config refresh-ca-bundle
+
+  # Refresh the CA bundle for the cluster named e2e in your kubeconfig
+  oc config refresh-ca-bundle e2e
+
+  # Print the CA bundle from the current OpenShift cluster's apiserver.
+  oc config refresh-ca-bundle --dry-run
+----
+
+
+
 == oc config rename-context
 Rename a context from the kubeconfig file
 
@@ -853,6 +914,9 @@ Create a role binding for a particular role or cluster role
 ----
   # Create a role binding for user1, user2, and group1 using the admin cluster role
   oc create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
+
+  # Create a role binding for serviceaccount monitoring:sa-dev using the admin role
+  oc create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev
 ----
 
 
@@ -1378,8 +1442,14 @@ Add layers to images and push them to a registry
   oc image append --from-dir v2 --to myregistry.com/myimage:latest layer.tar.gz
 
   # Add a new layer to a multi-architecture image for an os/arch that is different from the system's os/arch
-  # Note: Wildcard filter is not supported with append. Pass a single os/arch to append
+  # Note: The first image in the manifest list that matches the filter will be returned when --keep-manifest-list is not specified
   oc image append --from docker.io/library/busybox:latest --filter-by-os=linux/s390x --to myregistry.com/myimage:latest layer.tar.gz
+
+  # Add a new layer to a multi-architecture image for all the os/arch manifests when keep-manifest-list is specified
+  oc image append --from docker.io/library/busybox:latest --keep-manifest-list --to myregistry.com/myimage:latest layer.tar.gz
+
+  # Add a new layer to a multi-architecture image for all the os/arch manifests that is specified by the filter, while preserving the manifestlist
+  oc image append --from docker.io/library/busybox:latest --filter-by-os=linux/s390x --keep-manifest-list --to myregistry.com/myimage:latest layer.tar.gz
 ----
 
 
@@ -1397,7 +1467,7 @@ Copy files from an image to the file system
   oc image extract docker.io/library/busybox:latest --path /:/tmp/busybox
 
   # Extract the busybox image into the current directory for linux/s390x platform
-  # Note: Wildcard filter is not supported with extract. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported with extract; pass a single os/arch to extract
   oc image extract docker.io/library/busybox:latest --filter-by-os=linux/s390x
 
   # Extract a single file from the image into the current directory
@@ -1505,12 +1575,20 @@ Mirror images from one repository to another
   # Note the above command is equivalent to
   oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
   --filter-by-os=.*
+
+  # Copy specific os/arch manifest of a multi-architecture image
+  # Run 'oc image info myregistry.com/myimage:latest' to see available os/arch for multi-arch images
+  # Note that the target registry may reject a manifest list if the platform specific images do not all
+  # exist. You must use a registry with sparse registry support enabled.
+  oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
+  --filter-by-os=os/arch \
+  --keep-manifest-list=true
 ----
 
 
 
 == oc kustomize
-Build a kustomization target from a directory or URL.
+Build a kustomization target from a directory or URL
 
 .Example usage
 [source,bash,options="nowrap"]
@@ -1594,7 +1672,7 @@ Observe changes to resources and react to them (experimental)
   oc observe services --template '{ .spec.clusterIP }' -- register_dns.sh
 
   # Observe changes to services filtered by a label selector
-  oc observe namespaces -l regist-dns=true --template '{ .spec.clusterIP }' -- register_dns.sh
+  oc observe services -l regist-dns=true --template '{ .spec.clusterIP }' -- register_dns.sh
 ----
 
 
@@ -1924,7 +2002,7 @@ Start a shell session in a container
   oc rsh dc/docker-registry cat config.yml
 
   # Open a shell session on the container named 'index' inside a pod of your job
-  oc rsh -c index job/sheduled
+  oc rsh -c index job/scheduled
 ----
 
 
@@ -2098,10 +2176,10 @@ Update the image of a pod template
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # Set a deployment configs's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
+  # Set a deployment config's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
   oc set image dc/nginx busybox=busybox nginx=nginx:1.9.1
 
-  # Set a deployment configs's app container image to the image referenced by the imagestream tag 'openshift/ruby:2.3'.
+  # Set a deployment config's app container image to the image referenced by the imagestream tag 'openshift/ruby:2.3'.
   oc set image dc/myapp app=openshift/ruby:2.3 --source=imagestreamtag
 
   # Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'
@@ -2110,7 +2188,7 @@ Update the image of a pod template
   # Update image of all containers of daemonset abc to 'nginx:1.9.1'
   oc set image daemonset abc *=nginx:1.9.1
 
-  # Print result (in yaml format) of updating nginx container image from local file, without hitting the server
+  # Print result (in YAML format) of updating nginx container image from local file, without hitting the server
   oc set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
 ----
 
@@ -2280,7 +2358,7 @@ Update volumes on a pod template
   # /var/lib/myapp
   oc set volume dc/myapp --add --mount-path=/var/lib/myapp
 
-  # Use an existing persistent volume claim (pvc) to overwrite an existing volume 'v1'
+  # Use an existing persistent volume claim (PVC) to overwrite an existing volume 'v1'
   oc set volume dc/myapp --add --name=v1 -t pvc --claim-name=pvc1 --overwrite
 
   # Remove volume 'v1' from deployment config 'myapp'
diff --git a/modules/microshift-ovs-snapshot.adoc b/modules/microshift-ovs-snapshot.adoc
index e89775f08094..71b4d66de83f 100644
--- a/modules/microshift-ovs-snapshot.adoc
+++ b/modules/microshift-ovs-snapshot.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-OVS-snapshot_{context}"]
 = Getting a snapshot of OVS interfaces from a running cluster
 
@@ -10,28 +10,25 @@ A snapshot represents the state and data of OVS interfaces at a specific point i
 
 .Procedure
 
-* To see a snapshot of OVS interfaces from a running {product-title} cluster, use the following command:
-
-[source, terminal]
+* To see a snapshot of OVS interfaces from a running {microshift-short} cluster, use the following command:
++
+[source,terminal]
 ----
 $ sudo ovs-vsctl show
 ----
-
++
 .Example OVS interfaces in a running cluster
-[source, terminal]
+[source,terminal]
 ----
 9d9f5ea2-9d9d-4e34-bbd2-dbac154fdc93
     Bridge br-ex
-        Port enp1s0
-            Interface enp1s0
-                type: system
         Port br-ex
             Interface br-ex
                 type: internal
         Port patch-br-ex_localhost.localdomain-to-br-int <1>
             Interface patch-br-ex_localhost.localdomain-to-br-int
                 type: patch
-                options: {peer=patch-br-int-to-br-ex_localhost.localdomain} <1>
+                options: {peer=patch-br-int-to-br-ex_localhost.localdomain} <2>
     Bridge br-int
         fail_mode: secure
         datapath_type: system
@@ -40,19 +37,22 @@ $ sudo ovs-vsctl show
                 type: patch
                 options: {peer=patch-br-ex_localhost.localdomain-to-br-int}
         Port eebee1ce5568761
-            Interface eebee1ce5568761 <2>
+            Interface eebee1ce5568761 <3>
         Port b47b1995ada84f4
-            Interface b47b1995ada84f4 <2>
+            Interface b47b1995ada84f4 <4>
         Port "3031f43d67c167f"
-            Interface "3031f43d67c167f" <2>
+            Interface "3031f43d67c167f" <5>
         Port br-int
             Interface br-int
                 type: internal
-        Port ovn-k8s-mp0 <3>
+        Port ovn-k8s-mp0 <6>
             Interface ovn-k8s-mp0
                 type: internal
     ovs_version: "2.17.3"
 ----
 <1> The `patch-br-ex_localhost.localdomain-to-br-int` and `patch-br-int-to-br-ex_localhost.localdomain` are OVS patch ports that connect `br-ex` and `br-int`.
-<2> The pod interfaces `eebee1ce5568761`, `b47b1995ada84f4` and `3031f43d67c167f` are named with the first 15 bits of pod sandbox ID and are plugged in the `br-int` bridge.
-<3> The OVS internal port for hairpin traffic,`ovn-k8s-mp0` is created by the `ovnkube-master` container.
\ No newline at end of file
+<2> The `patch-br-ex_localhost.localdomain-to-br-int` and `patch-br-int-to-br-ex_localhost.localdomain` are OVS patch ports that connect `br-ex` and `br-int`.
+<3> The pod interface `eebee1ce5568761` is named with the first 15 bits of the pod sandbox ID and is plugged into the `br-int` bridge.
+<4> The pod interface `b47b1995ada84f4` is named with the first 15 bits of the pod sandbox ID and is plugged into the `br-int` bridge.
+<5> The pod interface `3031f43d67c167f` is named with the first 15 bits of the pod sandbox ID and is plugged into the `br-int` bridge.
+<6> The OVS internal port for hairpin traffic,`ovn-k8s-mp0` is created by the `ovnkube-master` container.
\ No newline at end of file
diff --git a/modules/microshift-preparing-for-image-building.adoc b/modules/microshift-preparing-for-image-building.adoc
index a63aaa3a3444..876a950ceef7 100644
--- a/modules/microshift-preparing-for-image-building.adoc
+++ b/modules/microshift-preparing-for-image-building.adoc
@@ -2,17 +2,12 @@
 //
 // microshift_install/microshift-embed-rpm-ostree.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="preparing-for-image-building_{context}"]
 = Preparing for image building
 
 Read link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images[Composing, installing, and managing RHEL for Edge images].
 
-[IMPORTANT]
-====
-{product-title} {ocp-version} deployments have only been tested with {op-system-ostree-first} {op-system-version}. Other versions of {op-system} are not supported.
-====
-
 To build an {op-system-ostree-first} {op-system-version} image for a given CPU architecture, you need a {op-system} {op-system-version} build host of the same CPU architecture that meets the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/setting-up-image-builder_composing-installing-managing-rhel-for-edge-images#edge-image-builder-system-requirements_setting-up-image-builder[Image Builder system requirements].
 
 Follow the instructions in link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/setting-up-image-builder_composing-installing-managing-rhel-for-edge-images#edge-installing-image-builder_setting-up-image-builder[Installing Image Builder] to install Image Builder and the `composer-cli` tool.
diff --git a/modules/microshift-preparing-to-make-app-rpms.adoc b/modules/microshift-preparing-to-make-app-rpms.adoc
new file mode 100644
index 000000000000..1a263dd014b1
--- /dev/null
+++ b/modules/microshift-preparing-to-make-app-rpms.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// microshift_running_applications/embedding-apps-tutorial.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-preparing-to-make-app-rpms_{context}"]
+= Preparing to make application RPMs
+
+To build your own RPMs, choose a tool of your choice, such as the `rpmbuild` tool, and initialize the RPM build tree in your home directory. The following is an example procedure. As long as your RPMs are accessible to Image Builder, you can use the method you prefer to build the application RPMs.
+
+.Prerequisites
+
+* You have set up a {op-system-ostree-first} {op-system-version} build host that meets the Image Builder system requirements.
+* You have root access to the host.
+
+.Procedure
+
+. Install the `rpmbuild` tool and create the yum repository for it by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf install rpmdevtools rpmlint yum-utils createrepo
+----
+
+. Create the file tree you need to build RPM packages by running the following command:
++
+[source,terminal]
+----
+$ rpmdev-setuptree
+----
+
+.Verification
+
+* List the directories to confirm creation by running the following command:
++
+[source,terminal]
+----
+$ ls ~/rpmbuild/
+----
++
+.Example output
+[source,terminal]
+----
+BUILD RPMS SOURCES SPECS SRPMS
+----
diff --git a/modules/microshift-provide-feedback-jira-link.adoc b/modules/microshift-provide-feedback-jira-link.adoc
new file mode 100644
index 000000000000..0f00917d93f5
--- /dev/null
+++ b/modules/microshift-provide-feedback-jira-link.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// microshift_support/
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-provide-feedback-jira-link_{context}"]
+= Providing documentation feedback
+
+To report an error or to improve our documentation, log in to your link:https://issues.redhat.com[Red Hat Jira account] and submit a link:https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332330&issuetype=1&components=12370455&priority=10200&summary=[Jira issue].
\ No newline at end of file
diff --git a/modules/microshift-provisioning-ostree.adoc b/modules/microshift-provisioning-ostree.adoc
index b66cd1c768e2..ede52de0a323 100644
--- a/modules/microshift-provisioning-ostree.adoc
+++ b/modules/microshift-provisioning-ostree.adoc
@@ -2,18 +2,18 @@
 //
 // microshift/microshift-embed-into-rpm-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="provisioning-a-machine_{context}"]
-= Provisioning a machine for {product-title}
+= Provisioning a machine for {microshift-short}
 
 Provision a machine with your {op-system-ostree} image by using the procedures from the {op-system-ostree} documentation.
 
-To use {product-title}, you must provision the system so that it meets the following requirements:
+To use {microshift-short}, you must provision the system so that it meets the following requirements:
 
-* The machine you are provisioning must meet the system requirements for installing {product-title}.
+* The machine you are provisioning must meet the system requirements for installing {microshift-short}.
 * The file system must have a logical volume manager (LVM) volume group (VG) with sufficient capacity for the persistent volumes (PVs) of your workload.
 * A pull secret from the https://console.redhat.com/openshift/install/pull-secret[Red Hat Hybrid Cloud Console] must be present as `/etc/crio/openshift-pull-secret` and have root user-only read/write permissions.
-* The firewall must be configured with {product-title}'s required firewall settings.
+* The firewall must be configured with the required settings.
 
 [NOTE]
 ====
@@ -35,7 +35,6 @@ For more information, read "Additional resources."
 . In the main section of the Kickstart file, update the setup of the filesystem such that it contains an LVM volume group called `rhel` with at least 10GB system root. Leave free space for the LVMS CSI driver to use for storing the data for your workloads.
 +
 .Example kickstart snippet for configuring the filesystem
-+
 [source,text]
 ----
 # Partition disk such that it contains an LVM volume group called `rhel` with a
@@ -70,7 +69,6 @@ user --name=user \
 . In the `%post` section of the Kickstart file, add your pull secret and the mandatory firewall rules.
 +
 .Example Kickstart snippet for adding the pull secret and firewall rules
-
 [source,terminal]
 ----
 %post --log=/var/log/anaconda/post-install.log --erroronfail
diff --git a/modules/microshift-restart-ovnkube-master.adoc b/modules/microshift-restart-ovnkube-master.adoc
index 63c3b05de1a1..d27f0011f462 100644
--- a/modules/microshift-restart-ovnkube-master.adoc
+++ b/modules/microshift-restart-ovnkube-master.adoc
@@ -2,7 +2,7 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-restart-ovnkube-master_{context}"]
 = Restarting the ovnkube-master pod
 
@@ -21,31 +21,29 @@ Use the following steps to restart the `ovnkube-master` pod.
 
 . Access the remote cluster by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ export KUBECONFIG=$PWD/kubeconfig
 ----
 
 . Find the name of the `ovnkube-master` pod that you want to restart by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ pod=$(oc get pods -n openshift-ovn-kubernetes | awk -F " " '/ovnkube-master/{print $1}')
 ----
 
 . Delete the `ovnkube-master` pod by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ovn-kubernetes delete pod $pod
 ----
 
 . Confirm that a new `ovnkube-master` pod is running by using the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n openshift-ovn-kubernetes
 ----
 The listing of the running pods shows a new `ovnkube-master` pod name and age.
-
-//.Example output needs to be added here
\ No newline at end of file
diff --git a/modules/microshift-restoring-data-backups.adoc b/modules/microshift-restoring-data-backups.adoc
new file mode 100644
index 000000000000..dcd2fd78e07c
--- /dev/null
+++ b/modules/microshift-restoring-data-backups.adoc
@@ -0,0 +1,53 @@
+//Module included in the following assemblies:
+//
+// * microshift_updating/microshift-update-options.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-restoring-data-backups-manually_{context}"]
+= Restoring {microshift-short} data backups manually
+
+You can restore {microshift-short} data from a backup manually. Backups can be restored after updates, or after other system events that remove or damage required data. Automated backups are in the `/var/lib/microshift-backups` directory by default. You can use this directory for manually backing up and restoring data by specifying it in each command. When you restore a backup, you must use the entire file path.
+
+[NOTE]
+====
+On an `rpm-ostree` system, {microshift-short} backs up and restores data automatically.
+====
+
+.Prerequisites
+
+* Root access to the host.
+* Full path of the data backup file.
+* {microshift-short} is stopped.
+
+.Procedure
+
+. Manually restore {microshift-short} data by using the full file path of the backup you want to restore by running the following command:
++
+[source,terminal]
+----
+$ sudo microshift restore /var/lib/microshift-backups/<my_manual_backup>
+----
+Replace `<my_manual_backup>` with the backup name that you used. Optional: You can also restore automatic `ostree` backups using the full file path.
++
+.Example output
++
+[source,terminal]
+----
+??? I1017 07:39:52.055165    6007 data_manager.go:131] "Copying backup to data directory" storage="/var/lib/microshift-backups" name="test" data="/var/lib/microshift"
+??? I1017 07:39:52.055243    6007 data_manager.go:154] "Renaming existing data dir" data="/var/lib/microshift" renamedTo="/var/lib/microshift.saved"
+??? I1017 07:39:52.055326    6007 data_manager.go:227] "Starting copy" cmd="/bin/cp --verbose --recursive --preserve --reflink=auto /var/lib/microshift-backups/test /var/lib/microshift"
+??? I1017 07:39:52.061363    6007 data_manager.go:241] "Finished copy" cmd="/bin/cp --verbose --recursive --preserve --reflink=auto /var/lib/microshift-backups/test /var/lib/microshift"
+??? I1017 07:39:52.061404    6007 data_manager.go:175] "Removing temporary data directory" path="/var/lib/microshift.saved"
+??? I1017 07:39:52.063745    6007 data_manager.go:180] "Copied backup to data directory" name="test" data="/var/lib/microshift"
+----
+
+. Optional. Manually restore data from a customized directory by using the full file path of the backup. Run the following command:
++
+[source,terminal]
+----
+$ sudo microshift restore /<mnt>/<other_backups_location>/<another_manual_backup>
+----
+Replace `<other_backups_location>` with the directory you used and `<my_manual_backup>` with the backup name you used when creating the backup you are restoring.
++
+.Verification
+* Verify that your backup is restored by restarting {microshift-short} and checking the data.
\ No newline at end of file
diff --git a/modules/microshift-rpm-ostree-https.adoc b/modules/microshift-rpm-ostree-https.adoc
index 3a0c47e36a16..11fbb0778686 100644
--- a/modules/microshift-rpm-ostree-https.adoc
+++ b/modules/microshift-rpm-ostree-https.adoc
@@ -2,18 +2,19 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-rpm-ostree-https_{context}"]
 = Using the RPM-OStree HTTP(S) proxy
 
-To use the HTTP(S) proxy in RPM-OStree, set the `http_proxy environment` variable for the `rpm-ostreed` service.
+To use the HTTP(S) proxy in RPM-OStree, you must add a `Service` section to the configuration file and set the `http_proxy environment` variable for the `rpm-ostreed` service.
 
 .Procedure
 
-. Add this setting to the `/etc/systemd/system/rpm-ostreed.service.d/00-proxy.conf` file by running the following command:
+. Add this setting to the `/etc/systemd/system/rpm-ostreed.service.d/00-proxy.conf` file:
 +
-[source, terminal]
+[source,terminal]
 ----
+[Service]
 Environment="http_proxy=http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_PORT/"
 ----
 
@@ -21,13 +22,13 @@ Environment="http_proxy=http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_
 
 .. Reload the configuration settings by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl daemon-reload
 ----
-.. Restart the rpm-ostree service by running the following command:
+.. Restart the `rpm-ostreed` service by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl restart rpm-ostreed.service
 ----
diff --git a/modules/microshift-security-context-constraints-opting.adoc b/modules/microshift-security-context-constraints-opting.adoc
new file mode 100644
index 000000000000..56c5fa7838a4
--- /dev/null
+++ b/modules/microshift-security-context-constraints-opting.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * microshift_running_apps/microshift-authentication.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-security-context-constraints-opting_{context}"]
+= Controlling pod security admission synchronization
+
+You can enable automatic pod security admission synchronization for most namespaces.
+
+System defaults are not enforced when the `security.openshift.io/scc.podSecurityLabelSync` field is empty or set to `false`. You must set the label to `true` for synchronization to occur.
+
+[IMPORTANT]
+====
+Namespaces that are defined as part of the cluster payload have pod security admission synchronization disabled permanently. These namespaces include:
+
+* `default`
+* `kube-node-lease`
+* `kube-system`
+* `kube-public`
+* `openshift`
+* All system-created namespaces that are prefixed with `openshift-`, except for `openshift-operators`
+By default, all namespaces that have an `openshift-` prefix are not synchronized. You can enable synchronization for any user-created [x-]`openshift-*` namespaces. You cannot enable synchronization for any system-created [x-]`openshift-*` namespaces, except for `openshift-operators`.
+
+If an Operator is installed in a user-created `openshift-*` namespace, synchronization is turned on by default after a cluster service version (CSV) is created in the namespace. The synchronized label inherits the permissions of the service accounts in the namespace.
+====
+
+.Procedure
+
+* To enable pod security admission label synchronization in a namespace, set the value of the `security.openshift.io/scc.podSecurityLabelSync` label to `true`.
++
+Run the following command:
++
+[source,terminal]
+----
+$ oc label namespace <namespace> security.openshift.io/scc.podSecurityLabelSync=true
+----
+
+[NOTE]
+====
+You can use the --overwrite flag to reverse the effects of the pod security label synchronization in a namespace.
+====
diff --git a/modules/microshift-security-context-constraints.adoc b/modules/microshift-security-context-constraints.adoc
new file mode 100644
index 000000000000..dfff1cb4e2ec
--- /dev/null
+++ b/modules/microshift-security-context-constraints.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * microshift_running_apps/microshift-authentication.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-security-context-constraints_{context}"]
+
+= Security context constraint synchronization with pod security standards
+
+{microshift-short} includes link:https://kubernetes.io/docs/concepts/security/pod-security-admission[Kubernetes pod security admission].
+
+In addition to the global pod security admission control configuration, a controller exists that applies pod security admission control `warn` and `audit` labels to namespaces according to the security context constraint (SCC) permissions of the service accounts that are in a given namespace.
+
+[IMPORTANT]
+====
+Namespaces that are defined as part of the cluster payload have pod security admission synchronization disabled permanently. You can enable pod security admission synchronization on other namespaces as necessary. If an Operator is installed in a user-created `openshift-*` namespace, synchronization is turned on by default after a cluster service version (CSV) is created in the namespace.
+====
+
+The controller examines `ServiceAccount` object permissions to use security context constraints in each namespace. Security context constraints (SCCs) are mapped to pod security profiles based on their field values; the controller uses these translated profiles. Pod security admission `warn` and `audit` labels are set to the most privileged pod security profile found in the namespace to prevent warnings and audit logging as pods are created.
+
+Namespace labeling is based on consideration of namespace-local service account privileges.
+
+Applying pods directly might use the SCC privileges of the user who runs the pod. However, user privileges are not considered during automatic labeling.
diff --git a/modules/microshift-service-starting.adoc b/modules/microshift-service-starting.adoc
index 27f291aa9c0e..ad7ab07580a5 100644
--- a/modules/microshift-service-starting.adoc
+++ b/modules/microshift-service-starting.adoc
@@ -2,33 +2,33 @@
 //
 // microshift/microshift-install-rpm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="starting-microshift_service_{context}"]
-= Starting the {product-title} service
+= Starting the {microshift-short} service
 
-Use the following procedure to start the {product-title} service.
+Use the following procedure to start the {microshift-short} service.
 
 .Prerequisites
 
-* You have installed {product-title} from an RPM package.
+* You have installed {microshift-short} from an RPM package.
 
 .Procedure
 
-. As a root user, start the {product-title} service by entering the following command:
+. As a root user, start the {microshift-short} service by entering the following command:
 +
 [source,terminal]
 ----
 $ sudo systemctl start microshift
 ----
 
-. Optional: To configure your {op-system} machine to start {product-title} when your machine starts, enter the following command:
+. Optional: To configure your {op-system} machine to start {microshift-short} when your machine starts, enter the following command:
 +
 [source,terminal]
 ----
 $ sudo systemctl enable microshift
 ----
 
-. Optional: To disable {product-title} from automatically starting when your machine starts, enter the following command:
+. Optional: To disable {microshift-short} from automatically starting when your machine starts, enter the following command:
 +
 [source,terminal]
 ----
@@ -37,6 +37,5 @@ $ sudo systemctl disable microshift
 +
 [NOTE]
 ====
-The first time that the {product-title} service starts, it downloads and initializes {product-title}'s container images. As a result, it can take several minutes for {product-title} to start the first time that the service is deployed.
-Boot time is reduced for subsequent starts of the {product-title} service.
+The first time that the {microshift-short} service starts, it downloads and initializes the container images for {microshift-short}. As a result, it can take several minutes for {microshift-short} to start the first time that the service is deployed. Boot time is reduced for subsequent starts of the {microshift-short} service.
 ====
\ No newline at end of file
diff --git a/modules/microshift-service-stopping.adoc b/modules/microshift-service-stopping.adoc
index 90af8bba53b6..49b7015bc936 100644
--- a/modules/microshift-service-stopping.adoc
+++ b/modules/microshift-service-stopping.adoc
@@ -1,27 +1,28 @@
 // Module included in the following assemblies:
 //
-// microshift/microshift-install-rpm.adoc
+// * microshift/microshift-install-rpm.adoc
+// * microshift/microshift-update-rpms-ostree.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="stopping-microshift-service_{context}"]
-= Stopping the {product-title} service
+= Stopping the {microshift-short} service
 
-Use the following procedure to stop the {product-title} service.
+Use the following procedure to stop the {microshift-short} service.
 
 .Prerequisites
 
-* The {product-title} service is running.
+* The {microshift-short} service is running.
 
 .Procedure
 
-. Enter the following command to stop the {product-title} service:
+. Enter the following command to stop the {microshift-short} service:
 +
 [source,terminal]
 ----
 $ sudo systemctl stop microshift
 ----
 
-. Workloads deployed on {product-title} will continue running even after the {product-title} service has been stopped. Enter the following command to display running workloads:
+. Workloads deployed on {microshift-short} might continue running even after the {microshift-short} service has been stopped. Enter the following command to display running workloads:
 +
 [source,terminal]
 ----
diff --git a/modules/microshift-storage-about-vol-snapshots.adoc b/modules/microshift-storage-about-vol-snapshots.adoc
new file mode 100644
index 000000000000..ad2630decf5d
--- /dev/null
+++ b/modules/microshift-storage-about-vol-snapshots.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// microshift/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="about-volume-snapshots_{context}"]
+= About volume snapshots
+
+You can use volume snapshots with logical volume manager (LVM) thin volumes to help protect against data loss from applications running in a {microshift-short} cluster. {microshift-short} only supports the logical volume manager storage (LVMS) Container Storage Interface (CSI) provider.
+
+[NOTE]
+====
+LVMS only supports the `volumeBindingMode` of the storage class being set to `WaitForFirstConsumer`. This setting means the storage volume is not provisioned until a pod is ready to mount it.
+====
+
+.Example workload that deploys a single pod and PVC
+[source,terminal]
+----
+$ oc apply -f - <<EOF
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: test-claim-thin
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: topolvm-provisioner-thin
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: base
+spec:
+  containers:
+  - command:
+	    - nginx
+	    - -g
+	    - 'daemon off;'
+    image: registry.redhat.io/rhel8/nginx-122@sha256:908ebb0dec0d669caaf4145a8a21e04fdf9ebffbba5fd4562ce5ab388bf41ab2
+    name: test-container
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+    volumeMounts:
+    - mountPath: /vol
+      name: test-vol
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+  volumes:
+  - name: test-vol
+    persistentVolumeClaim:
+      claimName: test-claim-thin
+EOF
+----
diff --git a/modules/microshift-storage-backup-volume-snapshots.adoc b/modules/microshift-storage-backup-volume-snapshots.adoc
new file mode 100644
index 000000000000..9efadaeda3d6
--- /dev/null
+++ b/modules/microshift-storage-backup-volume-snapshots.adoc
@@ -0,0 +1,84 @@
+// Module included in the following assemblies:
+//
+// microshift/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-storage-backup-vol-snaps_{context}"]
+= Backing up a volume snapshot
+
+Snapshots of data from applications running on a {microshift-short} cluster are created as read-only logical volumes (LVs) located on the same devices as the original data. You must manually mount local volumes before they can be copied as persistent volumes (PVs) and used as backup copies. To use a snapshot of a {microshift-short} storage volume as a backup, find it on the local host and then move it to a secure location.
+
+To find specific snapshots and copy them, use the following procedure.
+
+.Prerequisites
+
+* You have root access to the host machine.
+* You have an existing volume snapshot.
+
+.Procedure
+
+. Get the name of the volume snapshot by running the following command:
++
+[source,terminal]
+----
+$ oc get volumesnapshot -n <namespace> <snapshot_name> -o 'jsonpath={.status.volumeSnapshotContentName}'
+----
+
+. Get the unique identity of the volume created on the storage backend by using the following command and inserting the name retrieved in the previous step:
++
+[source,terminal]
+----
+$ oc get volumesnapshotcontent snapcontent-<retrieved_volume_identity> -o 'jsonpath={.status.snapshotHandle}'
+----
+
+. Display the snapshots by using the unique identity of the volume you retrieved in the previous step to determine which one you want to backup by running the following command:
++
+[source,terminal]
+----
+$ sudo lvdisplay <retrieved_snapshot_handle>
+----
++
+.Example output
+[source,terminal]
+----
+--- Logical volume ---
+LV Path                /dev/rhel/732e45ff-f220-49ce-859e-87ccca26b14c
+LV Name                732e45ff-f220-49ce-859e-87ccca26b14c
+VG Name                rhel
+LV UUID                6Ojwc0-YTfp-nKJ3-F9FO-PvMR-Ic7b-LzNGSx
+LV Write Access        read only
+LV Creation host, time rhel-92.lab.local, 2023-08-07 14:45:26 -0500
+LV Pool name           thinpool
+LV Thin origin name    a2d2dcdc-747e-4572-8c83-56cd873d3b07
+LV Status              available
+# open                 0
+LV Size                1.00 GiB
+Mapped size            1.04%
+Current LE             256
+Segments               1
+Allocation             inherit
+Read ahead sectors     auto
+- currently set to     256
+Block device           253:11
+----
+
+. Create a directory to use for mounting the LV by running the following command:
++
+[source,terminal]
+----
+$ sudo mkdir /mnt/snapshot
+----
+
+. Mount the LV using the device name for the retrieved snapshot handle by running the following command:
++
+[source,terminal]
+----
+$ sudo mount /dev/<retrieved_snapshot_handle> /mnt/snapshot
+----
+
+. Copy the files from the mounted location and store them in a secure location by running the following command:
++
+[source,terminal]
+----
+$ sudo cp -r /mnt/snapshot <destination>
+----
\ No newline at end of file
diff --git a/modules/microshift-storage-classes.adoc b/modules/microshift-storage-classes.adoc
new file mode 100644
index 000000000000..0c27b5d3248a
--- /dev/null
+++ b/modules/microshift-storage-classes.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// microshift/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-storage-classes_{context}"]
+= Storage classes
+
+Storage classes provide the workload layer interface for selecting a device class. The following storage class parameters are supported in {microshift-short}:
+
+* The `csi.storage.k8s.io/fstype` parameter selects the file system types. Both `xfs` and `ext4` file system types are supported.
+* The `topolvm.io/device-class` parameter is the name of the device class. If a device class is not provided, the default device class is assumed.
+
+Multiple storage classes can refer to the same device class. You can provide varying sets of parameters for the same backing device class, such as `xfs` and `ext4` variants.
+
+.Example {microshift-short} default storage class resource
+[source,yaml]
+----
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true" <1>
+  name: topolvm-provisioner
+parameters:
+  "csi.storage.k8s.io/fstype": "xfs" <2>
+provisioner: topolvm.io <3>
+reclaimPolicy: Delete
+volumeBindingMode: WaitForFirstConsumer <4>
+allowVolumeExpansion: <5>
+----
+<1> An example of the default storage class. If a PVC does not specify a storage class, this class is assumed. There can only be one default storage class in a cluster. Having no value assigned to this annotation is also supported.
+<2> Specifies which file system to provision on the volume. Options are "xfs" and "ext4".
+<3> Identifies which provisioner should manage this class.
+<4> Specifies whether to provision the volume before a client pod is present or immediately. Options are `WaitForFirstConsumer` and `Immediate`. `WaitForFirstConsumer` is recommended to ensure that storage is only provisioned for pods that can be scheduled.
+<5> Specifies if PVCs provisioned from the `StorageClass` permit expansion. The {microshift-short} LVMS CSI plugin does support volume expansion, but if this value is set to `false`, expansion is blocked.
\ No newline at end of file
diff --git a/modules/microshift-storage-creating-vol-snapshot.adoc b/modules/microshift-storage-creating-vol-snapshot.adoc
new file mode 100644
index 000000000000..24fe217a73ab
--- /dev/null
+++ b/modules/microshift-storage-creating-vol-snapshot.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// microshift/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-a-volume-snapshotting_{context}"]
+= Creating a volume snapshot
+
+To create a snapshot of a {microshift-short} storage volume, you must first configure {op-system-ostree} and the cluster. In the following example procedure, the pod that the source volume is mounted to is deleted. Deleting the pod prevents data from being written to it during snapshot creation. Ensuring that no data is being written during a snapshot is crucial to creating a viable snapshot.
+
+.Prerequisites
+* User has root access to a {microshift-short} cluster.
+* A {microshift-short} cluster is running.
+* A device class defines an LVM thin-pool.
+* A `volumeSnapshotClass` specifies `driver: topolvm.io`.
+* Any workload attached to the source PVC is paused or deleted. This helps avoid data corruption.
+
+[IMPORTANT]
+====
+All writes to the volume must be halted while you are creating the snapshot. If you do not halt writes, your data might be corrupted.
+====
+
+.Procedure
+
+. Prevent data from being written to the volume during snapshotting by using one of the two following steps:
+
+.. Delete the pod to ensure that no data is written to the volume during snapshotting by running the following command:
++
+[source,terminal]
+----
+$ oc delete my-pod
+----
+
+.. Scale the replica count to zero on a pod that is managed with a replication controller. Setting the count to zero prevents the instant creation of a new pod when one is deleted.
+
+. After all writes to the volume are halted, run a command similar to the example that follows. Insert your own configuration details.
++
+.Example snapshot configuration
++
+[source,terminal]
+----
+# oc apply -f <<EOF
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshot # <1>
+metadata:
+  name: <snapshot_name> # <2>
+spec:
+  volumeSnapshotClassName: topolvm-snapclass # <3>
+  source:
+    persistentVolumeClaimName: test-claim-thin # <4>
+EOF
+----
+<1> Create a `VolumeSnapshot` object.
+<2> The name that you specify for the snapshot.
+<3> Specify the desired name of the `VolumeSnapshotClass` object.
+<4> Specify either `persistentVolumeClaimName` or `volumeSnapshotContentName`. In this example, a snapshot is created from a PVC named `test-claim-thin`.
+
+. Wait for the storage driver to finish creating the snapshot by running the following command:
++
+[source,terminal]
+----
+$ oc wait volumesnapshot/<snapshot_name> --for=jsonpath\='{.status.readyToUse}=true'
+----
+
+.Next steps
+
+. When the `volumeSnapshot` object is in a `ReadyToUse` state, you can restore it as a volume for future PVCs. Restart the pod or scale the replica count back up to the desired number.
+
+. After you have created the volume snapshot, you can remount the source PVC to a new pod.
+
+[IMPORTANT]
+====
+Volume snapshots are located on the same devices as the original data. To use the volume snapshots as backups, move the snapshots to a secure location.
+====
\ No newline at end of file
diff --git a/modules/microshift-storage-device-classes.adoc b/modules/microshift-storage-device-classes.adoc
new file mode 100644
index 000000000000..edf980b721ab
--- /dev/null
+++ b/modules/microshift-storage-device-classes.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * microshift_storage/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-storage-device-classes_{context}"]
+= Device classes
+
+You can create custom device classes by adding a `device-classes` array to your logical volume manager storage (LVMS) configuration. Add the array to the `/etc/microshift/lvmd.yaml` configuration file. A single device class must be set as the default. You must restart {microshift-short} for configuration changes to take effect.
+
+[WARNING]
+====
+Removing a device class while there are still persistent volumes or `VolumeSnapshotContent` objects connected to that device class breaks both thick and thin provisioning.
+====
+
+You can define multiple device classes in the `device-classes` array. These classes can be a mix of thick and thin volume configurations.
+
+.Example of a mixed `device-class` array
+[source,terminal]
+----
+socket-name: /run/topolvm/lvmd.sock
+device-classes:
+  - name: ssd
+    volume-group: ssd-vg
+    spare-gb: 0 <1>
+    default: true
+  - name: hdd
+    volume-group: hdd-vg
+    spare-gb: 0
+  - name: thin
+    spare-gb: 0
+    thin-pool:
+      name: thin
+      overprovision-ratio: 10
+    type: thin
+    volume-group: ssd
+  - name: striped
+    volume-group: multi-pv-vg
+    spare-gb: 0
+    stripe: 2
+    stripe-size: "64"
+    lvcreate-options:<2>
+----
+<1> When you set the spare capacity to anything other than `0`, more space can be allocated than expected.
+<2> Extra arguments to pass to the `lvcreate` command, such as `--type=<type>`. Neither {microshift-short} nor the LVMS verifies `lvcreate-options` values. These optional values are passed as is to the `lvcreate` command. Ensure that the options specified here are correct.
diff --git a/modules/microshift-storage-vol-snapshot-class.adoc b/modules/microshift-storage-vol-snapshot-class.adoc
new file mode 100644
index 000000000000..7fb7157389d1
--- /dev/null
+++ b/modules/microshift-storage-vol-snapshot-class.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// microshift/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-volume-snapshot-classes_{context}"]
+= Volume snapshot classes
+
+Snapshotting is a CSI storage feature supported by LVMS. To enable dynamic snapshotting, at least one `VolumeSnapshotClass` configuration file must be present on the cluster.
+
+[IMPORTANT]
+====
+You must enable thin logical volumes to take logical volume snapshots.
+====
+
+.Example `VolumeSnapshotClass` configuration file
+[source,yaml]
+----
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: topolvm-snapclass
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true" <1>
+driver: topolvm.io <2>
+deletionPolicy: Delete <3>
+----
+<1> Determines which `VolumeSnapshotClass` configuration file to use when none is specified by `VolumeSnapshot`, which is a request for snapshot of a volume by a user.
+<2> Identifies which snapshot provisioner should manage the requests for snapshots of a volume by a user for this class.
+<3> Determines whether `VolumeSnapshotContent` objects and the backing snapshots are kept or deleted when a bound `VolumeSnapshot` is deleted. Valid values are `Retain` or `Delete`.
diff --git a/modules/microshift-storage-vol-snapshot-restore.adoc b/modules/microshift-storage-vol-snapshot-restore.adoc
new file mode 100644
index 000000000000..2ea64402a2e8
--- /dev/null
+++ b/modules/microshift-storage-vol-snapshot-restore.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+// microshift/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="restoring-vol-snapshot-microshift_{context}"]
+= Restoring a volume snapshot
+
+The following workflow demonstrates snapshot restoration. In this example, the verification steps are also given to ensure that data written to a source persistent volume claim (PVC) is preserved and restored on a new PVC.
+
+[IMPORTANT]
+====
+A snapshot must be restored to a PVC of exactly the same size as the source volume of the snapshot. You can resize the PVC after the snapshot is restored successfully if a larger PVC is needed.
+====
+
+.Procedure
+
+. Restore a snapshot by specifying the `VolumeSnapshot` object as the data source in a persistent volume claim by entering the following command:
++
+[source,terminal]
+----
+$ oc apply -f <<EOF
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: snapshot-restore
+spec:
+  accessModes:
+  - ReadWriteOnce
+  dataSource:
+    apiGroup: snapshot.storage.k8s.io
+    kind: VolumeSnapshot
+    name: my-snap
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: topolvm-provisioner-thin
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: base
+spec:
+  containers:
+  - command:
+      - nginx
+	    - -g
+	    - 'daemon off;'
+    image: registry.redhat.io/rhel8/nginx-122@sha256:908ebb0dec0d669caaf4145a8a21e04fdf9ebffbba5fd4562ce5ab388bf41ab2
+    name: test-container
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+    volumeMounts:
+    - mountPath: /vol
+      name: test-vol
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+  volumes:
+  - name: test-vol
+    persistentVolumeClaim:
+      claimName: snapshot-restore
+EOF
+----
+
+.Verification
+
+. Wait for the pod to reach the `Ready` state:
++
+[source,terminal]
+----
+$ oc wait --for=condition=Ready pod/base
+----
+
+. When the new pod is ready, verify that the data from your application is correct in the snapshot.
\ No newline at end of file
diff --git a/modules/microshift-storage-volume-cloning.adoc b/modules/microshift-storage-volume-cloning.adoc
new file mode 100644
index 000000000000..c62ca38303a1
--- /dev/null
+++ b/modules/microshift-storage-volume-cloning.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * microshift_storage/volume-snapshots-microshift.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-storage-volume-cloning_{context}"]
+= About LVM volume cloning
+
+The logical volume manager storage (LVMS) supports persistent volume claim (PVC) cloning for logical volume manager (LVM) thin volumes. A clone is a duplicate of an existing volume that can be used like any other volume. When provisioned, an exact duplicate of the original volume is created if the data source references a source PVC in the same namespace. After a cloned PVC is created, it is considered a new object and completely separate from the source PVC. The clone represents the data from the source at the moment in time it was created.
+
+[NOTE]
+====
+Cloning is only possible when the source and destination PVCs are in the same namespace. To create PVC clones, you must configure thin volumes on the {op-system-ostree} host.
+====
diff --git a/modules/microshift-submitting-a-case.adoc b/modules/microshift-submitting-a-case.adoc
new file mode 100644
index 000000000000..7d4c9bdcae8a
--- /dev/null
+++ b/modules/microshift-submitting-a-case.adoc
@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * microshift_support/microshift-getting-support.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-support-submitting-a-case_{context}"]
+= Submitting a support case
+
+.Prerequisites
+
+* The {microshift-short} service is running.
+* You have installed the OpenShift CLI (`oc`).
+* You have a Red Hat Customer Portal account.
+* You have a Red Hat Standard or Premium subscription.
+
+.Procedure
+
+. Log in to link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
+
+. Click *Get support*.
+
+. On the *Cases* tab of the *Customer Support* page:
+
+.. Optional: Change the pre-filled account and owner details if needed.
+
+.. Select the appropriate category for your issue, such as *Bug or Defect*, and click *Continue*.
+
+. Enter the following information:
+
+.. In the *Summary* field, enter a concise but descriptive problem summary and further details about the symptoms being experienced, as well as your expectations.
+
+.. Select *{op-system-bundle}* from the *Product* drop-down menu.
+
+.. Select *{rhde-version}* from the *Version* drop-down.
+
+. Review the list of suggested Red Hat Knowledgebase solutions for a potential match against the problem that is being reported. If the suggested articles do not address the issue, click *Continue*.
+
+. Review the updated list of suggested Red Hat Knowledgebase solutions for a potential match against the problem that is being reported. The list is refined as you provide more information during the case creation process. If the suggested articles do not address the issue, click *Continue*.
+
+. Ensure that the account information presented is as expected, and if not, amend accordingly.
+
+. Complete the following questions where prompted. Include which type of install type you are using, either RPM or embedded-image. Click *Continue*:
++
+* What are you experiencing? What are you expecting to happen?
+* Define the value or impact to you or the business.
+* Where are you experiencing this behavior? What environment?
+* When does this behavior occur? Frequency? Repeatedly? At certain times?
+
+. Upload relevant diagnostic data files and click *Continue*. Include data gathered using the `sos` tool or etcd as a starting point, plus any issue-specific data that is not collected in those logs.
+
+. Add relevant case management details and click *Continue*.
+
+. Preview the case details and click *Submit*.
diff --git a/modules/microshift-troubleshooting-nodeport.adoc b/modules/microshift-troubleshooting-nodeport.adoc
index 9c7b9553638f..9ca60ffdcf97 100644
--- a/modules/microshift-troubleshooting-nodeport.adoc
+++ b/modules/microshift-troubleshooting-nodeport.adoc
@@ -2,7 +2,7 @@
 //
 // * module may be unused in 4.13
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-troubleshooting-nodeport_{context}"]
 = Troubleshooting the NodePort service iptable rules
 
@@ -12,13 +12,13 @@ OVN-Kubernetes sets up an iptable chain in the network address translation (NAT)
 
 . View the iptable rules for the NodePort service by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ iptables-save | grep NODEPORT
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 -A OUTPUT -j OVN-KUBE-NODEPORT
 -A OVN-KUBE-NODEPORT -p tcp -m addrtype --dst-type LOCAL -m tcp --dport 30326 -j DNAT --to-destination 10.43.95.170:80
@@ -27,13 +27,13 @@ OVN-Kubernetes configures the `OVN-KUBE-NODEPORT` iptable chain in the NAT table
 
 . Route the packet through the network with routing rules by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ ip route
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 10.43.0.0/16 via 192.168.122.1 dev br-ex mtu 1400
 ----
diff --git a/modules/microshift-undo-network-config.adoc b/modules/microshift-undo-network-config.adoc
new file mode 100644
index 000000000000..a33e150e56a6
--- /dev/null
+++ b/modules/microshift-undo-network-config.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * microshift_networking/microshift-disconnected-network-config.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-undo-network-config_{context}"]
+= Restoring {microshift-short} networking settings to default
+
+You can remove networking customizations and return the network to default settings by stopping {microshift-short} and running a clean-up script.
+
+.Prerequisites
+* RHEL 9 or newer.
+* MicroShift 4.14 or newer.
+* Access to the host CLI.
+
+.Procedure
+
+. Stop the {microshift-short} service by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl stop microshift
+----
+
+. Stop the `kubepods.slice` systemd unit by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl stop kubepods.slice
+----
+
+. {microshift-short} installs a helper script to undo network changes made by OVN-K. Run the cleanup script by entering the following command:
++
+[source,terminal]
+----
+$ sudo /usr/bin/microshift-cleanup-data --ovn
+----
+
+//Q: any sample output? what should we see when we run the script?
\ No newline at end of file
diff --git a/modules/microshift-updates-troubleshooting.adoc b/modules/microshift-updates-troubleshooting.adoc
new file mode 100644
index 000000000000..2ba121914649
--- /dev/null
+++ b/modules/microshift-updates-troubleshooting.adoc
@@ -0,0 +1,48 @@
+//Module included in the following assemblies:
+//
+//* microshift_troubleshooting/microshift-updates-troubleshooting.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-troubleshooting-updates_{context}"]
+= Troubleshooting {microshift-short} updates
+
+In some cases, {microshift-short} might fail to update. In these events, it is helpful to understand failure types and how to troubleshoot them.
+
+[id="microshift-update-path-blocked-by-version-sequence_{context}"]
+== Update path is blocked by {microshift-short} version sequence
+{microshift-short} requires serial updates. Attempting to update {microshift-short} by skipping a minor version fails:
+
+* For example, if your current version is `4.14.5`, but you try to update from that version to `4.16.0`, the message, `executable (4.16.0) is too recent compared to existing data (4.14.5): version difference is 2, maximum allowed difference is 1` appears and {microshift-short} fails to start.
+
+In this example, you must first update `4.14.5` to a version of `4.15`, and then you can upgrade to `4.16.0`.
+
+[id="microshift-update-path-blocked-by-version-incompatibility_{context}"]
+== Update path is blocked by version incompatibility
+RPM dependency errors result if a {microshift-short} update is incompatible with the version of {op-system-ostree-first} or {op-system-base-full}.
+
+Check the following compatibility table:
+
+include::snippets/microshift-rhde-compatibility-table-snip.adoc[leveloffset=+2]
+
+Check the following update paths:
+
+*{product-title} update paths*
+
+* Generally Available Version 4.14.0 to 4.14.z on {op-system-ostree} 9.2
+* Generally Available Version 4.14.0 to 4.14.z on {op-system} 9.2
+
+[id="microshift-ostree-update-failed_{context}"]
+== OSTree update failed
+If you updated on an OSTree system, the Greenboot health check automatically logs and acts on system health. A failure can be indicated by a system rollback by Greenboot. In cases where the update failed, but Greenboot did not complete a system rollback, you can troubleshoot using the {op-system-ostree} documentation linked in the "Additional resources" section that follows this content.
+
+Checking the Greenboot logs manually::
+* Manually check the Greenboot logs to verify system health by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl restart --no-block greenboot-healthcheck && sudo journalctl -fu greenboot-healthcheck
+----
+
+[id="microshift-rpm-update-failed_{context}"]
+== Manual RPM update failed
+If you updated by using RPMs on a non-OSTree system, an update failure can be indicated by Greenboot, but the health checks are only informative. Checking the system logs is the next step in troubleshooting a manual RPM update failure. You can use Greenboot and `sos report` to check both the {microshift-short} update and the host system.
diff --git a/modules/microshift-updating-rpms-ostree.adoc b/modules/microshift-updating-rpms-ostree.adoc
new file mode 100644
index 000000000000..d3e689631cbf
--- /dev/null
+++ b/modules/microshift-updating-rpms-ostree.adoc
@@ -0,0 +1,65 @@
+//Module included in the following assemblies:
+//
+//*  microshift_updating/microshift-update-rpms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-updates-rpms-ostree_{context}"]
+= Applying updates on an OSTree system
+
+To update {microshift-short} on an `rpm-ostree` system such as {op-system-ostree-first}, embed the new version of {microshift-short} on a new operating system image. The steps you use depends on how your existing deployment is set up. The following procedure outlines the general steps you can take, with links to the {op-system-ostree} documentation. The {op-system-ostree} documentation is your resource for specific details on building an updated operating system image. Back up and system rollback are automatic with this update type.
+
+[NOTE]
+====
+You can also use this workflow to update applications running in the {microshift-short} cluster. Ensure compatibility between the application and the adjacent versions of {microshift-short} and {op-system-ostree} before starting an update.
+====
+
+.Prerequisites
+
+* The system requirements for installing {microshift-short} have been met.
+* You have root user access to the host.
+* The version of {microshift-short} you have is compatible with the {op-system-ostree} image you are preparing to use.
+
+[NOTE]
+====
+You cannot downgrade {microshift-short} with this process. Downgrades are not supported.
+====
+
+.Procedure
+
+. Create an Image Builder configuration file for adding the `{rpm-repo-version}` RPM repository source required to pull {microshift-short} RPMs by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ cat > {rpm-repo-version}.toml <<EOF
+id = "{rpm-repo-version}"
+name = "Red Hat OpenShift Container Platform {ocp-version} for RHEL {op-system-version-major}"
+type = "yum-baseurl"
+url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/rhocp/{ocp-version}/os"
+check_gpg = true
+check_ssl = true
+system = false
+rhsm = true
+EOF
+----
+
+. Add the update RPM source to the Image Builder by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ sudo composer-cli sources add {rpm-repo-version}.toml
+----
+
+. Build a new image of {op-system-ostree} that contains the new version of {microshift-short}. To determine the steps required, use the following documentation:
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/managing-rhel-for-edge-images_composing-installing-managing-rhel-for-edge-images#proc_building-a-commit-update_managing-rhel-for-edge-images[Building a RHEL for Edge commit update]
+
+. Update the host to use the new image of {op-system-ostree}. To determine the steps required, use the following documentation:
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/managing-rhel-for-edge-images_composing-installing-managing-rhel-for-edge-images#how-are-rhel-for-edge-image-updates-deployed_managing-rhel-for-edge-images[Deploying RHEL for Edge image updates]
+
+. Reboot the host to apply updates by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl reboot
+----
diff --git a/modules/microshift-updating-rpms-y.adoc b/modules/microshift-updating-rpms-y.adoc
new file mode 100644
index 000000000000..a43ae5b6c500
--- /dev/null
+++ b/modules/microshift-updating-rpms-y.adoc
@@ -0,0 +1,72 @@
+//Module included in the following assemblies:
+//
+//*  microshift_updating/microshift-update-rpms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-updating-rpms_{context}"]
+= Applying minor-version updates with RPMs
+
+Updating a {microshift-short} minor version on non `rpm-ostree` systems such as {op-system-base-full} requires downloading then updating the RPMs. For example, use the following procedure to update from 4.14 to 4.15.
+
+[IMPORTANT]
+====
+You can only update {microshift-short} from one version to the next in sequence. Jumping minor versions is not supported. For example, must update 4.14 to 4.15.
+====
+
+.Prerequisites
+* The system requirements for installing {microshift-short} have been met.
+* You have root user access to the host.
+* The version of {microshift-short} you have is compatible to upgrade to the version you are preparing to use.
+* You have verified that your host operating system is compatible with the version of {microshift-short} you are preparing to install.
+* You have completed a system backup.
+
+[NOTE]
+====
+You cannot downgrade {microshift-short} with this process. Downgrades are not supported.
+====
+
+.Procedure
+
+. Enable the {microshift-short} repositories by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ sudo subscription-manager repos \
+    --enable rhocp-{ocp-version}-for-{rhel-major}-$(uname -m)-rpms \
+    --enable fast-datapath-for-{rhel-major}-$(uname -m)-rpms
+----
+
+. Update the {microshift-short} RPMs by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf update microshift
+----
+
+. Reboot the host to apply updates by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl reboot
+----
+
+[NOTE]
+====
+The system health check runs on this update type, but does not perform any actions. If the update fails, an error message appears with the instruction to check the logs.
+====
+
+.Verification
+
+. Check if the health checks exited with a successful boot by running the following command:
++
+[source,terminal]
+----
+$ sudo systemctl status greenboot-healthcheck
+----
+
+. Check the health check logs by running the following command:
++
+[source,terminal]
+----
+$ sudo journalctl -u greenboot-healthcheck
+----
\ No newline at end of file
diff --git a/modules/microshift-updating-rpms-z.adoc b/modules/microshift-updating-rpms-z.adoc
new file mode 100644
index 000000000000..a6e4eb26bcb4
--- /dev/null
+++ b/modules/microshift-updating-rpms-z.adoc
@@ -0,0 +1,34 @@
+//Module included in the following assemblies:
+//
+//*  microshift_updating/microshift-update-rpms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-applying-patch-updates-rpms_{context}"]
+= Applying patch updates using RPMs
+
+Updating {microshift-short} on non `rpm-ostree` systems such as {op-system-base-full} requires downloading then updating the RPMs. A system reboot is not required for patch updates. For example, use the following procedure to upgrade from 4.14.0 to 4.14.1.
+
+.Prerequisites
+* The system requirements for installing {microshift-short} have been met.
+* You have root user access to the host.
+* The version of {microshift-short} you have is compatible to upgrade to the version you are preparing to use.
+* You have verified that your host operating system is compatible with the version of {microshift-short} you are preparing to install.
+* You have completed a system backup.
+
+[NOTE]
+====
+You cannot downgrade {microshift-short} with this process. Downgrades are not supported.
+====
+
+.Procedure
+* Update the {microshift-short} RPMs by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf update microshift
+----
+
+[NOTE]
+====
+The system health check runs on this update type, but does not perform any actions. If the update fails, an error message appears with the instruction to check the logs.
+====
\ No newline at end of file
diff --git a/modules/microshift-upload-cont2-mirror-script.adoc b/modules/microshift-upload-cont2-mirror-script.adoc
new file mode 100644
index 000000000000..d0bd0d378f18
--- /dev/null
+++ b/modules/microshift-upload-cont2-mirror-script.adoc
@@ -0,0 +1,27 @@
+[source,sh]
+----
+# Use timestamp and counter as a tag on the target images to avoid
+# their overwrite by the 'latest' automatic tagging
+image_tag=mirror-$(date +%y%m%d%H%M%S)
+image_cnt=1
+
+pushd "${IMAGE_LOCAL_DIR}" >/dev/null
+while read -r src_manifest ; do
+   # Remove the manifest.json file name
+   src_img=$(dirname "${src_manifest}")
+   # Add the target registry prefix and remove SHA
+   dst_img="${TARGET_REGISTRY}/${src_img}"
+   dst_img=$(echo "${dst_img}" | awk -F'@' '{print $1}')
+
+   # Run the image upload command
+   echo "Uploading '${src_img}' to '${dst_img}'"
+   skopeo copy --all --quiet \
+      --preserve-digests \
+      --authfile "${IMAGE_PULL_FILE}" \
+      dir://"${IMAGE_LOCAL_DIR}/${src_img}" docker://"${dst_img}:${image_tag}-${image_cnt}"
+   # Increment the counter
+   (( image_cnt += 1 ))
+
+done < <(find . -type f -name manifest.json -printf '%P\n')
+popd >/dev/null
+----
\ No newline at end of file
diff --git a/modules/microshift-uploading-images-to-mirror.adoc b/modules/microshift-uploading-images-to-mirror.adoc
new file mode 100644
index 000000000000..078f6e9c40b4
--- /dev/null
+++ b/modules/microshift-uploading-images-to-mirror.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * microshift/running_applications/microshift-deploy-with-mirror-registry.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-uploading-container-images-to-mirror_{context}"]
+= Uploading container images to a mirror registry
+
+To use your container images at an air-gapped site, upload them to the mirror registry using the following procedure.
+
+.Prerequisites
+
+* You are logged into a host with access to `microshift-quay`.
+* The `.pull-secret-mirror.json` file is available locally.
+* The `microshift-containers` directory contents are available locally.
+
+.Procedure
+
+. Install the `skopeo` tool used for copying the container images by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf install -y skopeo
+----
+
+. Set the environment variables pointing to the pull secret file:
++
+[source,terminal]
+----
+$ IMAGE_PULL_FILE=~/.pull-secret-mirror.json
+----
+
+. Set the environment variables pointing to the local container image directory:
++
+[source,terminal]
+----
+$ IMAGE_LOCAL_DIR=~/microshift-containers
+----
+
+. Set the environment variables pointing to the mirror registry URL for uploading the container images:
++
+[source,terminal]
+----
+$ TARGET_REGISTRY=<registry_host>:<port> <1>
+----
+<1> Replace `<registry_host>:<port>` with the host name and port of your mirror registry server.
+
+. Run the following script to upload the container images to the `${TARGET_REGISTRY}` mirror registry:
++
+[source,terminal]
+----
+image_tag=mirror-$(date +%y%m%d%H%M%S)
+image_cnt=1
+   # Uses timestamp and counter as a tag on the target images to avoid
+   # their overwrite by the 'latest' automatic tagging
+
+pushd "${IMAGE_LOCAL_DIR}" >/dev/null
+while read -r src_manifest ; do
+   # Remove the manifest.json file name
+   src_img=$(dirname "${src_manifest}")
+   # Add the target registry prefix and remove SHA
+   dst_img="${TARGET_REGISTRY}/${src_img}"
+   dst_img=$(echo "${dst_img}" | awk -F'@' '{print $1}')
+
+   # Run the image upload command
+   echo "Uploading '${src_img}' to '${dst_img}'"
+   skopeo copy --all --quiet \
+      --preserve-digests \
+      --authfile "${IMAGE_PULL_FILE}" \
+      dir://"${IMAGE_LOCAL_DIR}/${src_img}" docker://"${dst_img}:${image_tag}-${image_cnt}"
+   # Increment the counter
+   (( image_cnt += 1 ))
+
+done < <(find . -type f -name manifest.json -printf '%P\n')
+popd >/dev/null
+----
diff --git a/modules/microshift-version-api.adoc b/modules/microshift-version-api.adoc
index 3804db194a1e..2051c21d501b 100644
--- a/modules/microshift-version-api.adoc
+++ b/modules/microshift-version-api.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_troubleshooting/microshift-version.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-version-api_{context}"]
-= Checking the {product-title} version using the API
+= Checking the {microshift-short} version using the API
 
-To begin troubleshooting, you must know your {product-title} version. One way to get this information is by using the API.
+To begin troubleshooting, you must know your {microshift-short} version. One way to get this information is by using the API.
 
 .Procedure
 
@@ -23,11 +23,12 @@ $ oc get configmap -n kube-public microshift-version -o yaml
 apiVersion: v1
 data:
   major: "4"
-  minor: "10"
-  version: 4.10.0-0.microshift-e6980e25
+  minor: "13"
+  version: 4.13.8-0.microshift-fa441af87431
 kind: ConfigMap
 metadata:
-  creationTimestamp: "2022-08-08T21:06:11Z"
+  creationTimestamp: "2023-08-03T21:06:11Z"
   name: microshift-version
   namespace: kube-public
 ----
+//update output to 4.14
\ No newline at end of file
diff --git a/modules/microshift-version-cli.adoc b/modules/microshift-version-cli.adoc
index 378efcd0b984..6fa4913058ff 100644
--- a/modules/microshift-version-cli.adoc
+++ b/modules/microshift-version-cli.adoc
@@ -2,11 +2,11 @@
 //
 // * microshift_troubleshooting/microshift-version.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="microshift-version-cli_{context}"]
-= Checking the {product-title} version using the command-line interface
+= Checking the version using the command-line interface
 
-To begin troubleshooting, you must know your {product-title} version. One way to get this information is by using the CLI.
+To begin troubleshooting, you must know your {microshift-short} version. One way to get this information is by using the CLI.
 
 .Procedure
 
diff --git a/modules/microshift-viewing-audit-logs.adoc b/modules/microshift-viewing-audit-logs.adoc
new file mode 100644
index 000000000000..b4b63984ce8f
--- /dev/null
+++ b/modules/microshift-viewing-audit-logs.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+//microshift_troubleshooting/microshift-audit-logs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-security-context-constraints-alert-eval_{context}"]
+= Identifying pod security violations through audit logs
+
+You can identify pod security admission violations on a workload by viewing the server audit logs. The following procedure shows you how to access the audit logs and parse them to find pod security admission violations in a workload.
+
+.Prerequisites
+
+* You have installed `jq`.
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+. To retrieve the node name, run the following command:
++
+[source,terminal]
+----
+$ <node_name>=$(oc get node -ojsonpath='{.items[0].metadata.name}')
+----
+. To view the audit logs, run the following command:
++
+[source,terminal]
+----
+$ oc adm node-logs <node_name> --path=kube-apiserver/
+----
++
+.Example output
+[source,terminal]
+----
+rhel-92.lab.local audit-2023-08-18T18-25-41.663.log
+rhel-92.lab.local audit-2023-08-19T11-21-29.225.log
+rhel-92.lab.local audit-2023-08-20T04-16-09.622.log
+rhel-92.lab.local audit-2023-08-20T21-11-41.163.log
+rhel-92.lab.local audit-2023-08-21T14-06-10.402.log
+rhel-92.lab.local audit-2023-08-22T06-35-10.392.log
+rhel-92.lab.local audit-2023-08-22T23-26-27.667.log
+rhel-92.lab.local audit-2023-08-23T16-52-15.456.log
+rhel-92.lab.local audit-2023-08-24T07-31-55.238.log
+----
+
+. To parse the affected audit logs, enter the following command:
++
+[source,terminal]
+----
+$ oc adm node-logs <node_name> --path=kube-apiserver/audit.log \
+  | jq -r 'select((.annotations["pod-security.kubernetes.io/audit-violations"] != null) and (.objectRef.resource=="pods")) | .objectRef.namespace + " " + .objectRef.name + " " + .objectRef.resource' \
+  | sort | uniq -c
+----
\ No newline at end of file
diff --git a/modules/microshift-viewing-security-context.adoc b/modules/microshift-viewing-security-context.adoc
new file mode 100644
index 000000000000..773e966c285c
--- /dev/null
+++ b/modules/microshift-viewing-security-context.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * microshift_running_apps/microshift-authentication.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-viewing-security-context_{context}"]
+= Viewing security context constraints in a namespace
+
+You can view the security context constraints (SCC) permissions in a given namespace.
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+* To view the security context constraints in your namespace, run the following command:
++
+[source,terminal]
+----
+oc get --show-labels namespace <namespace>
+----
diff --git a/modules/migrating-custom-types-pkg-apis.adoc b/modules/migrating-custom-types-pkg-apis.adoc
index 66ed79cd92f0..4a2e159a0963 100644
--- a/modules/migrating-custom-types-pkg-apis.adoc
+++ b/modules/migrating-custom-types-pkg-apis.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migrating-custom-types-from-pkg-apis_{context}"]
 = Migrating custom types from pkg/apis
 
@@ -22,6 +22,7 @@ Operator SDK
 .. Create the API for your custom resource (CR) in the new project with
 `operator-sdk add api --api-version=<apiversion> --kind=<kind>`:
 +
+[source,terminal]
 ----
 $ cd memcached-operator
 $ operator-sdk add api --api-version=cache.example.com/v1alpha1 --kind=Memcached
@@ -51,6 +52,7 @@ project's `pkg/apis/<group>/<version>/<kind>_types.go` file.
 .. Each `<kind>_types.go` file has an `init()` function. Be sure not to remove that
 since that registers the type with the Manager's scheme:
 +
+[source,golang]
 ----
 func init() {
 	SchemeBuilder.Register(&Memcached{}, &MemcachedList{})
diff --git a/modules/migrating-reconcile-code.adoc b/modules/migrating-reconcile-code.adoc
index 8af974a056bb..aef9419ca718 100644
--- a/modules/migrating-reconcile-code.adoc
+++ b/modules/migrating-reconcile-code.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migrating-reconcile-code_{context}"]
 = Migrating reconcile code
 
@@ -22,6 +22,7 @@ Operator SDK
 In v0.0.x projects, resources to be watched were previously defined in
 `cmd/<operator-name>/main.go`:
 +
+[source,golang]
 ----
 sdk.Watch("cache.example.com/v1alpha1", "Memcached", "default", time.Duration(5)*time.Second)
 ----
@@ -32,6 +33,7 @@ to watch resources:
 
 .. Add a controller to watch your CR type with `operator-sdk add controller --api-version=<apiversion> --kind=<kind>`.
 +
+[source,terminal]
 ----
 $ operator-sdk add controller --api-version=cache.example.com/v1alpha1 --kind=Memcached
 
@@ -45,6 +47,7 @@ pkg/controller/
 
 .. Inspect the `add()` function in your `pkg/controller/<kind>/<kind>_controller.go` file:
 +
+[source,golang]
 ----
 import (
     cachev1alpha1 "github.com/example-inc/memcached-operator/pkg/apis/cache/v1alpha1"
@@ -75,13 +78,14 @@ documentation and the Kubernetes
 link:https://github.com/kubernetes/community/blob/master/contributors/devel/sig-api-machinery/controllers.md[controller conventions]
 documentation for more details.
 +
-If your operator is watching more than one CR type, you can do one of the
+If your Operator is watching more than one CR type, you can do one of the
 following depending on your application:
 +
 --
 ** If the CR is owned by your primary CR, watch it as a secondary resource in
 the same controller to trigger the reconcile loop for the primary resource.
 +
+[source,golang]
 ----
 // Watch for changes to the primary resource Memcached
     err = c.Watch(&source.Kind{Type: &cachev1alpha1.Memcached{}}, &handler.EnqueueRequestForObject{})
@@ -95,10 +99,12 @@ the same controller to trigger the reconcile loop for the primary resource.
 
 ** Add a new controller to watch and reconcile the CR independently of the other CR.
 +
+[source,terminal]
 ----
 $ operator-sdk add controller --api-version=app.example.com/v1alpha1 --kind=AppService
 ----
 +
+[source,golang]
 ----
   // Watch for changes to the primary resource AppService
     err = c.Watch(&source.Kind{Type: &appv1alpha1.AppService{}}, &handler.EnqueueRequestForObject{})
@@ -116,12 +122,14 @@ difference in the arguments and return values:
 --
 - Reconcile:
 +
+[source,golang]
 ----
     func (r *ReconcileMemcached) Reconcile(request reconcile.Request) (reconcile.Result, error)
 ----
 
 - Handle:
 +
+[source,golang]
 ----
     func (h *Handler) Handle(ctx context.Context, event sdk.Event) error
 ----
@@ -130,7 +138,7 @@ difference in the arguments and return values:
 Instead of receiving an `sdk.Event` (with the object), the `Reconcile()`
 function receives a
 link:https://godoc.org/github.com/kubernetes-sigs/controller-runtime/pkg/reconcile#Request[Request]
-(`Name`/`Namespace` key) to lookup the object.
+(`Name`/`Namespace` key) to look up the object.
 +
 If the `Reconcile()` function returns an error, the controller will requeue and
 retry the `Request`. If no error is returned, then depending on the
@@ -138,11 +146,12 @@ link:https://godoc.org/github.com/kubernetes-sigs/controller-runtime/pkg/reconci
 the controller will either not retry the `Request`, immediately retry, or retry
 after a specified duration.
 
-.. Copy the code from the old project's `Handle()` function over the existing code
+.. Copy the code from the old project's `Handle()` function to the existing code
 in your controller's `Reconcile()` function. Be sure to keep the initial section
 in the `Reconcile()` code that looks up the object for the `Request` and checks
 to see if it is deleted.
 +
+[source,golang]
 ----
 import (
     apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -182,6 +191,7 @@ field for `reconcile.Result`. This will cause the controller to requeue the
 `Request` and trigger the reconcile after the desired duration. Note that the
 default value of `0` means no requeue.
 +
+[source,golang]
 ----
 reconcilePeriod := 30 * time.Second
 reconcileResult := reconcile.Result{RequeueAfter: reconcilePeriod}
@@ -203,6 +213,7 @@ See the examples below and the `controller-runtime`
 link:https://sdk.operatorframework.io/docs/building-operators/golang/references/client/[client API documentation]
 in the `operator-sdk` project for more details:
 +
+[source,golang]
 ----
 // Create
 dep := &appsv1.Deployment{...}
@@ -237,9 +248,9 @@ dep := &appsv1.Deployment{}
 err = r.client.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, dep)
 ----
 
-.. Copy and initialize any other fields that you may have had in your `Handler`
-struct into the `Reconcile<Kind>` struct:
+.. Copy and initialize any other fields from your `Handler` struct into the `Reconcile<Kind>` struct:
 +
+[source,golang]
 ----
 // newReconciler returns a new reconcile.Reconciler
 func newReconciler(mgr manager.Manager) reconcile.Reconciler {
@@ -257,31 +268,29 @@ type ReconcileMemcached struct {
 
 . *Copy changes from `main.go`.*
 +
-The main function for a v0.1.0 operator in `cmd/manager/main.go` sets up the
+The main function for a v0.1.0 Operator in `cmd/manager/main.go` sets up the
 link:https://godoc.org/github.com/kubernetes-sigs/controller-runtime/pkg/manager[Manager],
-which registers the custom resources and starts all the controllers.
+which registers the custom resources and starts all of the controllers.
 +
-There is no requirement to migrate the SDK functions `sdk.Watch()`,`sdk.Handle()`, and
-`sdk.Run()` from the old `main.go` since that logic is now defined in a
+There is no requirement to migrate the SDK functions `sdk.Watch()`,`sdk.Handle()`, and `sdk.Run()` from the old `main.go` since that logic is now defined in a
 controller.
 +
 However, if there are any Operator-specific flags or settings defined in the old
-`main.go` file, copy those over.
+`main.go` file, copy them over.
 +
 If you have any third party resource types registered with the SDK's scheme, see
 link:https://sdk.operatorframework.io/docs/building-operators/golang/advanced-topics/#adding-3rd-party-resources-to-your-operator[Advanced Topics]
-in the `operator-sdk` project for how to register those with the Manager's
+in the `operator-sdk` project for how to register them with the Manager's
 scheme in the new project.
 
-. *Copy user defined files.*
+. *Copy user-defined files.*
 +
-If there are any user defined `pkgs`, scripts, or documentation in the older
-project, copy these files into the new project.
+If there are any user-defined `pkgs`, scripts, or documentation in the older
+project, copy those files into the new project.
 
 . *Copy changes to deployment manifests.*
 +
-For any updates made to the following manifests in the old project, copy over
-the changes to their corresponding files in the new project. Be careful not to
+For any updates made to the following manifests in the old project, copy the changes to their corresponding files in the new project. Be careful not to
 directly overwrite the files, but inspect and make any changes necessary:
 +
 --
@@ -293,13 +302,12 @@ directly overwrite the files, but inspect and make any changes necessary:
 * `deploy/crd.yaml` to `deploy/crds/<group>_<version>_<kind>_crd.yaml`
 --
 
-. *Copy user defined dependencies.*
+. *Copy user-defined dependencies.*
 +
-For any user defined dependencies added to the old project's `Gopkg.toml`, copy
+For any user-defined dependencies added to the old project's `Gopkg.toml`, copy
 and append them to the new project's `Gopkg.toml`. Run `dep ensure` to update
 the vendor in the new project.
 
 . *Confirm your changes.*
 +
-At this point, you should be able to build and run your Operator to verify that
-it works.
+Build and run your Operator to verify that it works.
diff --git a/modules/migrating-to-multi-arch-cli.adoc b/modules/migrating-to-multi-arch-cli.adoc
index cbce33068c38..4248aa267009 100644
--- a/modules/migrating-to-multi-arch-cli.adoc
+++ b/modules/migrating-to-multi-arch-cli.adoc
@@ -1,20 +1,20 @@
 // Module included in the following assemblies:
 //
-// * updating/migrating-to-multi-payload.adoc
+// * updating/updating_a_cluster/migrating-to-multi-payload.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migrating-to-multi-arch-cli_{context}"]
 = Migrating to a cluster with multi-architecture compute machines using the CLI
 
 .Prerequisites
 
 * You have access to the cluster as a user with the `cluster-admin` role.
-* Your {product-title} version is up to date to at least version 4.13.0. 
+* Your {product-title} version is up to date to at least version 4.13.0.
 +
 For more information on how to update your cluster version, see _Updating a cluster using the web console_ or _Updating a cluster using the CLI_.
 * You have installed the OpenShift CLI (`oc`) that matches the version for your current cluster.
-* Your `oc` client is updated to at least verion 4.13.0. 
-* Your {product-title} cluster is installed on either the AWS or Azure platform. 
+* Your `oc` client is updated to at least verion 4.13.0.
+* Your {product-title} cluster is installed on AWS, Azure, GCP, bare metal or IBM P/Z platforms.
 +
 For more information on selecting a supported platform for your cluster installation, see _Selecting a cluster installation type_.
 
@@ -33,19 +33,21 @@ If the `RetrievedUpates` condition is `False`, you can find supplemental informa
 ----
 $ oc adm upgrade
 ----
-+ 
++
 For more information about cluster version condition types, see _Understanding cluster version condition types_.
 
-. If the condition `RetrievedUpdates` is `False`, change the channel to `stable-<4.y>` or `fast-<4.y>` with the following command: 
+ifndef::openshift-origin[]
+. If the condition `RetrievedUpdates` is `False`, change the channel to `stable-<4.y>` or `fast-<4.y>` with the following command:
 +
 [source,terminal]
 ----
 $ oc adm upgrade channel <channel>
 ----
 +
-After setting the channel, verify if `RetrievedUpdates` is `True`. 
+After setting the channel, verify if `RetrievedUpdates` is `True`.
 +
 For more information about channels, see _Understanding update channels and releases_.
+endif::openshift-origin[]
 
 . Migrate to the multi-architecture payload with following command:
 +
@@ -54,7 +56,7 @@ For more information about channels, see _Understanding update channels and rele
 $ oc adm upgrade --to-multi-arch
 ----
 
-.Verification 
+.Verification
 
 * You can monitor the migration by running the following command:
 +
@@ -69,11 +71,11 @@ Machine launches may fail as the cluster settles into the new state. To notice a
 ====
 +
 //commenting this section out until https://issues.redhat.com/browse/OCPBUGS-8256 is resolved:
-//For `oc get co`, expect `AVAILABLE=True`, `PROGRESSING=False`, and `DEGRADED=False` on all cluster Operators. 
+//For `oc get co`, expect `AVAILABLE=True`, `PROGRESSING=False`, and `DEGRADED=False` on all cluster Operators.
 +
-//For `oc get mcp`, expect `UPDATED=True`, `UPDATING=False`, and `DEGRADED=False` on all machine config pools. 
+//For `oc get mcp`, expect `UPDATED=True`, `UPDATING=False`, and `DEGRADED=False` on all machine config pools.
 +
-//For `oc adm upgrade`, here is an example of a response: 
+//For `oc adm upgrade`, here is an example of a response:
 +
 //[source,terminal]
 //----
diff --git a/modules/migration-about-configuring-proxies.adoc b/modules/migration-about-configuring-proxies.adoc
index 33011101e3f3..1ba43cf4e236 100644
--- a/modules/migration-about-configuring-proxies.adoc
+++ b/modules/migration-about-configuring-proxies.adoc
@@ -5,7 +5,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="migration-about-configuring-proxies_{context}"]
 = Proxy configuration
 
diff --git a/modules/migration-about-mtc-custom-resources.adoc b/modules/migration-about-mtc-custom-resources.adoc
index c9912e60f89d..b2ceecf91982 100644
--- a/modules/migration-about-mtc-custom-resources.adoc
+++ b/modules/migration-about-mtc-custom-resources.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="migration-about-mtc-custom-resources_{context}"]
 = About {mtc-short} custom resources
 
diff --git a/modules/migration-accessing-performance-metrics.adoc b/modules/migration-accessing-performance-metrics.adoc
index b72a16ddef01..c89883eedc02 100644
--- a/modules/migration-accessing-performance-metrics.adoc
+++ b/modules/migration-accessing-performance-metrics.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration-toolkit-for-containers/troubleshooting-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-accessing-performance-metrics_{context}"]
 = Accessing performance metrics
 
diff --git a/modules/migration-adding-cluster-to-cam.adoc b/modules/migration-adding-cluster-to-cam.adoc
index d91bf3b690ff..c2e1dc5945fb 100644
--- a/modules/migration-adding-cluster-to-cam.adoc
+++ b/modules/migration-adding-cluster-to-cam.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
 // * migration_toolkit_for_containers/migrating-applications-with-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-adding-cluster-to-cam_{context}"]
 = Adding a cluster to the {mtc-short} web console
 
diff --git a/modules/migration-adding-replication-repository-to-cam.adoc b/modules/migration-adding-replication-repository-to-cam.adoc
index e2f3c6c13af9..58392f132af6 100644
--- a/modules/migration-adding-replication-repository-to-cam.adoc
+++ b/modules/migration-adding-replication-repository-to-cam.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
 // * migration_toolkit_for_containers/migrating-applications-with-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-adding-replication-repository-to-cam_{context}"]
 = Adding a replication repository to the {mtc-short} web console
 
diff --git a/modules/migration-changing-migration-plan-limits.adoc b/modules/migration-changing-migration-plan-limits.adoc
index 53c959c85783..a9d2306afd5d 100644
--- a/modules/migration-changing-migration-plan-limits.adoc
+++ b/modules/migration-changing-migration-plan-limits.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-changing-migration-plan-limits_{context}"]
 = Increasing limits for large migrations
 
diff --git a/modules/migration-combining-must-gather.adoc b/modules/migration-combining-must-gather.adoc
new file mode 100644
index 000000000000..2271e1c8c6b3
--- /dev/null
+++ b/modules/migration-combining-must-gather.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="migration-combining-must-gather_{context}"]
+= Combining options when using the must-gather tool
+
+Currently, it is not possible to combine must-gather scripts, for example specifying a timeout threshold while permitting insecure TLS connections. In some situations, you can get around this limitation by setting up internal variables on the must-gather command line, such as the following example:
+
+[source,terminal]
+----
+oc adm must-gather --image=registry.redhat.io/oadp/oadp-mustgather-rhel9:v1.3 -- skip_tls=true /usr/bin/gather_with_timeout <timeout_value_in_seconds>
+----
+
+In this example, set the `skip_tls` variable before running the `gather_with_timeout` script. The result is a combination of `gather_with_timeout` and `gather_without_tls`.
+
+The only other variables that you can specify this way are the following:
+
+* `logs_since`, with a default value of `72h`
+* `request_timeout`, with a default value of `0s`
+
+If `DataProtectionApplication` custom resource (CR) is configured with `s3Url` and `insecureSkipTLS: true`, the CR does not collect the necessary logs because of a missing CA certificate. To collect those logs, run the `must-gather` command with the following option:
+
+[source,terminal]
+----
+$ oc adm must-gather --image=registry.redhat.io/oadp/oadp-mustgather-rhel9:v1.3 -- /usr/bin/gather_without_tls true
+----
\ No newline at end of file
diff --git a/modules/migration-compatibility-guidelines.adoc b/modules/migration-compatibility-guidelines.adoc
index ec4f873b6e9d..c19fa325223a 100644
--- a/modules/migration-compatibility-guidelines.adoc
+++ b/modules/migration-compatibility-guidelines.adoc
@@ -5,7 +5,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="migration-compatibility-guidelines_{context}"]
 = Compatibility guidelines
 
@@ -20,29 +20,35 @@ modern operator:: The {mtc-short} Operator designed for modern platforms.
 control cluster:: The cluster that runs the {mtc-short} controller and GUI.
 remote cluster:: A source or destination cluster for a migration that runs Velero. The Control Cluster communicates with Remote clusters via the Velero API to drive migrations.
 
+You must use the compatible {mtc-short} version for migrating your {product-title} clusters. For the migration to succeed both your source cluster and the destination cluster must use the same version of MTC.
 
-[cols="1,2,2", options="header"]
-.{mtc-short} compatibility: Migrating from a legacy platform
+MTC 1.7 supports migrations from {product-title} 3.11 to 4.8.
+
+MTC 1.8 only supports migrations from {product-title} 4.9 and later.
+
+.{mtc-short} compatibility: Migrating from a legacy or a modern platform
 |===
-||{product-title} 4.5 or earlier |{product-title} 4.6 or later
-|Stable {mtc-short} version a|{mtc-short} {mtc-version}._z_
+|Details |{product-title} 3.11 |{product-title} 4.0 to 4.5 |{product-title} 4.6 to 4.8 |{product-title} 4.9 or later
 
-Legacy {mtc-version} operator: Install manually with the `operator.yml` file.
-[IMPORTANT]
-====
-This cluster cannot be the control cluster.
-====
+|Stable {mtc-short} version
+|{mtc-short} v.1.7._z_
+|{mtc-short} v.1.7._z_
+|{mtc-short} v.1.7._z_
+|{mtc-short} v.1.8._z_
 
-|{mtc-short} {mtc-version}._z_
+|Installation
+|
+|Legacy {mtc-short} v.1.7._z_ operator: Install manually with the `operator.yml` file.
 
-Install with OLM, release channel `release-v1.7`
+[*IMPORTANT*]
+This cluster cannot be the control cluster.
+|Install with OLM, release channel `release-v1.7`
+|Install with OLM, release channel `release-v1.8`
 |===
 
-[NOTE]
-====
 Edge cases exist in which network restrictions prevent modern clusters from connecting to other clusters involved in the migration. For example, when migrating from an {product-title} 3.11 cluster on premises to a modern {product-title} cluster in the cloud, where the modern cluster cannot connect to the {product-title} 3.11 cluster.
 
-With {mtc-short} {mtc-version}, if one of the remote clusters is unable to communicate with the control cluster because of network restrictions, use the `crane tunnel-api` command.
+With {mtc-short} v.1.7._z_, if one of the remote clusters is unable to communicate with the control cluster because of network restrictions, use the `crane tunnel-api` command.
 
 With the stable {mtc-short} release, although you should always designate the most modern cluster as the control cluster, in this specific case it is possible to designate the legacy cluster as the control cluster and push workloads to the remote cluster.
-====
+
diff --git a/modules/migration-configuring-aws-s3.adoc b/modules/migration-configuring-aws-s3.adoc
index e6475d03a955..e00dc67d1eb2 100644
--- a/modules/migration-configuring-aws-s3.adoc
+++ b/modules/migration-configuring-aws-s3.adoc
@@ -4,7 +4,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-configuring-aws-s3_{context}"]
 = Configuring Amazon Web Services
 
diff --git a/modules/migration-configuring-azure.adoc b/modules/migration-configuring-azure.adoc
index 4d796c263a85..480c2a57bc8e 100644
--- a/modules/migration-configuring-azure.adoc
+++ b/modules/migration-configuring-azure.adoc
@@ -4,7 +4,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-configuring-azure_{context}"]
 = Configuring Microsoft Azure
 
@@ -12,7 +12,7 @@ ifdef::installing-3-4,installing-mtc[]
 You configure a Microsoft Azure Blob storage container as a replication repository for the {mtc-full} ({mtc-short}).
 endif::[]
 ifdef::installing-oadp-azure[]
-You configure a Microsoft Azure for the OpenShift API for Data Protection (OADP).
+You configure Microsoft Azure for the OpenShift API for Data Protection (OADP).
 endif::[]
 
 .Prerequisites
diff --git a/modules/migration-configuring-gcp.adoc b/modules/migration-configuring-gcp.adoc
index 717183e21aec..f6cf68cbedfd 100644
--- a/modules/migration-configuring-gcp.adoc
+++ b/modules/migration-configuring-gcp.adoc
@@ -4,7 +4,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-configuring-gcp_{context}"]
 = Configuring Google Cloud Platform
 
diff --git a/modules/migration-configuring-mcg.adoc b/modules/migration-configuring-mcg.adoc
index 111708250880..181530cbcf94 100644
--- a/modules/migration-configuring-mcg.adoc
+++ b/modules/migration-configuring-mcg.adoc
@@ -6,7 +6,7 @@
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-configuring-mcg_{context}"]
 = Retrieving Multicloud Object Gateway credentials
 
diff --git a/modules/migration-configuring-proxies.adoc b/modules/migration-configuring-proxies.adoc
index 0af1804f9719..8b4a39fbd52a 100644
--- a/modules/migration-configuring-proxies.adoc
+++ b/modules/migration-configuring-proxies.adoc
@@ -5,7 +5,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-configuring-proxies_{context}"]
 = Configuring proxies
 
diff --git a/modules/migration-converting-storage-classes.adoc b/modules/migration-converting-storage-classes.adoc
index f10ca7ee3c9c..5eade4c03cb4 100644
--- a/modules/migration-converting-storage-classes.adoc
+++ b/modules/migration-converting-storage-classes.adoc
@@ -2,7 +2,7 @@
 //
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-converting-storage-classes_{context}"]
 = Converting storage classes in the {mtc-short} web console
 
diff --git a/modules/migration-creating-migration-plan-cam.adoc b/modules/migration-creating-migration-plan-cam.adoc
index 20c03538d93f..267f3d10d96a 100644
--- a/modules/migration-creating-migration-plan-cam.adoc
+++ b/modules/migration-creating-migration-plan-cam.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
 // * migration_toolkit_for_containers/migrating-applications-with-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-creating-migration-plan-cam_{context}"]
 = Creating a migration plan in the {mtc-short} web console
 
diff --git a/modules/migration-creating-registry-route-for-dim.adoc b/modules/migration-creating-registry-route-for-dim.adoc
index 78d185fae9d7..d84a838e59e4 100644
--- a/modules/migration-creating-registry-route-for-dim.adoc
+++ b/modules/migration-creating-registry-route-for-dim.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-creating-registry-route-for-dim_{context}"]
 = Creating a registry route for direct image migration
 
diff --git a/modules/migration-debugging-velero-admission-webhooks-ibm-appconnect.adoc b/modules/migration-debugging-velero-admission-webhooks-ibm-appconnect.adoc
index 644a194a2e73..2b81d5ef8a1e 100644
--- a/modules/migration-debugging-velero-admission-webhooks-ibm-appconnect.adoc
+++ b/modules/migration-debugging-velero-admission-webhooks-ibm-appconnect.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-debugging-velero-admission-webhooks-ibm-appconnect_{context}"]
-= Restoring IBM AppConnect resources
+= Restoring {ibm-title} AppConnect resources
 
-If you experience issues when you use Velero to a restore an IBM AppConnect resource that has an admission webhook, you can run the checks in this procedure.
+If you experience issues when you use Velero to a restore an {ibm-name} AppConnect resource that has an admission webhook, you can run the checks in this procedure.
 
 .Procedure
 
@@ -16,6 +16,6 @@ If you experience issues when you use Velero to a restore an IBM AppConnect reso
 $ oc get mutatingwebhookconfigurations
 ----
 
-. Examine the YAML file of each `kind: MutatingWebhookConfiguration` to ensure that none of its rules block creation of the objects that are experiencing issues. For more information, see link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#rulewithoperations-v1-admissionregistration-k8s-io[the official Kuberbetes documentation].
+. Examine the YAML file of each `kind: MutatingWebhookConfiguration` to ensure that none of its rules block creation of the objects that are experiencing issues. For more information, see link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#rulewithoperations-v1-admissionregistration-k8s-io[the official Kubernetes documentation].
 
 . Check that any `spec.version` in `type: Configuration.appconnect.ibm.com/v1beta1` used at backup time is supported by the installed Operator.
diff --git a/modules/migration-debugging-velero-admission-webhooks-knative.adoc b/modules/migration-debugging-velero-admission-webhooks-knative.adoc
index bc8b81cd6a30..489975700820 100644
--- a/modules/migration-debugging-velero-admission-webhooks-knative.adoc
+++ b/modules/migration-debugging-velero-admission-webhooks-knative.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-debugging-velero-admission-webhooks-knative_{context}"]
 = Restoring Knative resources
 
diff --git a/modules/migration-dvm-error-node-selectors.adoc b/modules/migration-dvm-error-node-selectors.adoc
index 1ee856e96fea..1db5c7f6f8eb 100644
--- a/modules/migration-dvm-error-node-selectors.adoc
+++ b/modules/migration-dvm-error-node-selectors.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-dvm-error-node-selectors_{context}"]
 = Direct volume migration does not complete
 
diff --git a/modules/migration-editing-pvs-in-migplan.adoc b/modules/migration-editing-pvs-in-migplan.adoc
index 2a6549e687e7..31c412dffcfb 100644
--- a/modules/migration-editing-pvs-in-migplan.adoc
+++ b/modules/migration-editing-pvs-in-migplan.adoc
@@ -3,7 +3,7 @@
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-editing-pvs-in-migplan_{context}"]
 = Editing persistent volume attributes
 
diff --git a/modules/migration-enabling-cached-kubernetes-clients.adoc b/modules/migration-enabling-cached-kubernetes-clients.adoc
index fb9d34cf24d9..71b11761fabc 100644
--- a/modules/migration-enabling-cached-kubernetes-clients.adoc
+++ b/modules/migration-enabling-cached-kubernetes-clients.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-enabling-cached-kubernetes-clients_{context}"]
 = Enabling cached Kubernetes clients
 
diff --git a/modules/migration-enabling-pv-resizing-dvm.adoc b/modules/migration-enabling-pv-resizing-dvm.adoc
index f846d3726a1f..2c8eb45222e8 100644
--- a/modules/migration-enabling-pv-resizing-dvm.adoc
+++ b/modules/migration-enabling-pv-resizing-dvm.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-enabling-pv-resizing-dvm_{context}"]
 = Enabling persistent volume resizing for direct volume migration
 
diff --git a/modules/migration-error-messages.adoc b/modules/migration-error-messages.adoc
index 156f6a7e4e95..d576f7a6863c 100644
--- a/modules/migration-error-messages.adoc
+++ b/modules/migration-error-messages.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-error-messages_{context}"]
 = Error messages and resolutions
 
diff --git a/modules/migration-excluding-pvcs.adoc b/modules/migration-excluding-pvcs.adoc
index 5e5237919457..20206ccef935 100644
--- a/modules/migration-excluding-pvcs.adoc
+++ b/modules/migration-excluding-pvcs.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-excluding-pvcs_{context}"]
 = Excluding persistent volume claims
 
diff --git a/modules/migration-excluding-resources.adoc b/modules/migration-excluding-resources.adoc
index ab198f82fc46..2f48bfaab58c 100644
--- a/modules/migration-excluding-resources.adoc
+++ b/modules/migration-excluding-resources.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-excluding-resources_{context}"]
 = Excluding resources
 
diff --git a/modules/migration-installing-legacy-operator.adoc b/modules/migration-installing-legacy-operator.adoc
index 245dae30d026..646bd3c6e42c 100644
--- a/modules/migration-installing-legacy-operator.adoc
+++ b/modules/migration-installing-legacy-operator.adoc
@@ -5,7 +5,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-installing-legacy-operator_{context}"]
 ifdef::installing-3-4,installing-restricted-3-4[]
 = Installing the legacy {mtc-full} Operator on {product-title} 3
@@ -43,18 +43,16 @@ $ podman login registry.redhat.io
 
 . Download the `operator.yml` file by entering the following command:
 +
-[source,terminal,subs="attributes+"]
+[source,terminal]
 ----
-$ podman cp $(podman create \
-  registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator:v{mtc-version}):/operator.yml ./
+podman cp $(podman create registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator:v1.7):/operator.yml ./
 ----
 
 . Download the `controller.yml` file by entering the following command:
 +
-[source,terminal,subs="attributes+"]
+[source,terminal]
 ----
-$ podman cp $(podman create \
-  registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator:v{mtc-version}):/controller.yml ./
+podman cp $(podman create registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator:v1.7):/controller.yml ./
 ----
 
 ifdef::installing-restricted-3-4,installing-mtc-restricted[]
diff --git a/modules/migration-installing-mtc-on-ocp-4.adoc b/modules/migration-installing-mtc-on-ocp-4.adoc
index a90274050c4b..0056c3829f09 100644
--- a/modules/migration-installing-mtc-on-ocp-4.adoc
+++ b/modules/migration-installing-mtc-on-ocp-4.adoc
@@ -5,7 +5,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-installing-mtc-on-ocp-4_{context}"]
 = Installing the {mtc-full} Operator on {product-title} {product-version}
 
diff --git a/modules/migration-isolating-dns-domain-of-target-cluster-from-clients.adoc b/modules/migration-isolating-dns-domain-of-target-cluster-from-clients.adoc
index 6bf58a8a1204..385bcabbc3ad 100644
--- a/modules/migration-isolating-dns-domain-of-target-cluster-from-clients.adoc
+++ b/modules/migration-isolating-dns-domain-of-target-cluster-from-clients.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/planning-considerations-3-4.adoc
 // * migration_toolkit_for_containers/network-considerations-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-isolating-dns-domain-of-target-cluster-from-clients_{context}"]
 = Isolating the DNS domain of the target cluster from the clients
 
diff --git a/modules/migration-kubernetes-objects.adoc b/modules/migration-kubernetes-objects.adoc
index 8b1437a9bc2a..c531cdc0ba60 100644
--- a/modules/migration-kubernetes-objects.adoc
+++ b/modules/migration-kubernetes-objects.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-kubernetes-objects_{context}"]
 = Performing a state migration of Kubernetes objects by using the {mtc-short} API
 
diff --git a/modules/migration-launching-cam.adoc b/modules/migration-launching-cam.adoc
index e5ea2129b27c..8477d24356bc 100644
--- a/modules/migration-launching-cam.adoc
+++ b/modules/migration-launching-cam.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
 // * migration_toolkit_for_containers/migrating-applications-with-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-launching-cam_{context}"]
 = Launching the {mtc-short} web console
 
diff --git a/modules/migration-mapping-pvcs.adoc b/modules/migration-mapping-pvcs.adoc
index a080f04c7e1b..b08215d526a6 100644
--- a/modules/migration-mapping-pvcs.adoc
+++ b/modules/migration-mapping-pvcs.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-mapping-pvcs_{context}"]
 = Mapping persistent volume claims
 
diff --git a/modules/migration-migrating-applications-api.adoc b/modules/migration-migrating-applications-api.adoc
index 7740ed42099e..347bb98efd87 100644
--- a/modules/migration-migrating-applications-api.adoc
+++ b/modules/migration-migrating-applications-api.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-migrating-applications-api_{context}"]
 = Migrating an application by using the {mtc-short} API
 
diff --git a/modules/migration-migrating-on-prem-to-cloud.adoc b/modules/migration-migrating-on-prem-to-cloud.adoc
index 11a64f547221..00abb5b0149f 100644
--- a/modules/migration-migrating-on-prem-to-cloud.adoc
+++ b/modules/migration-migrating-on-prem-to-cloud.adoc
@@ -2,7 +2,7 @@
 //
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-migrating-applications-on-prem-to-cloud_{context}"]
 = Migrating an application from on-premises to a cloud-based cluster
 
diff --git a/modules/migration-mtc-release-notes-1-5.adoc b/modules/migration-mtc-release-notes-1-5.adoc
index a3f308fd936f..88ca89e45438 100644
--- a/modules/migration-mtc-release-notes-1-5.adoc
+++ b/modules/migration-mtc-release-notes-1-5.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * migration_toolkit_for_containers/mtc-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="migration-mtc-release-notes-1-5_{context}"]
 = {mtc-full} 1.5 release notes
 
diff --git a/modules/migration-mtc-release-notes-1-6.adoc b/modules/migration-mtc-release-notes-1-6.adoc
index 33dae42d221e..41b62b030039 100644
--- a/modules/migration-mtc-release-notes-1-6.adoc
+++ b/modules/migration-mtc-release-notes-1-6.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * migration_toolkit_for_containers/mtc-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="migration-mtc-release-notes-1-6_{context}"]
 = {mtc-full} 1.6 release notes
 
diff --git a/modules/migration-mtc-release-notes-1-7-01.adoc b/modules/migration-mtc-release-notes-1-7-01.adoc
new file mode 100644
index 000000000000..e79955986392
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-01.adoc
@@ -0,0 +1,35 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-01_{context}"]
+= {mtc-full} 1.7.1 release notes
+
+[id="resolved-issues-1-7-01_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+[id="known-issues-1-7-01_{context}"]
+== Known issues
+
+This release has the following known issues:
+
+.Incorrect DNS validation for destination namespace
+MigPlan cannot be validated because the destination namespace starts with a non-alphabetic character. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2102231[*BZ#2102231*])
+
+.Cloud propagation phase in migration controller is not functioning due to missing labels on Velero pods
+The Cloud propagation phase in the migration controller is not functioning due to missing labels on Velero pods. The `EnsureCloudSecretPropagated` phase in the migration controller waits until replication repository secrets are propagated on both sides. As this label is missing on Velero pods, the phase is not functioning as expected. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2088026[*BZ#2088026*])
+
+.Default CPU requests on Velero/Restic are too demanding when making scheduling fail in certain environments
+Default CPU requests on Velero/Restic are too demanding when making scheduling fail in certain environments. Default CPU requests for Velero and Restic Pods are set to 500m. These values are high. The resources can be configured in DPA using the `podConfig` field for Velero and Restic. Migration operator should set CPU requests to a lower value, such as 100m, so that Velero and Restic pods can be scheduled in resource constrained environments MTC often operates in. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2088022[*BZ#2088022*])
+
+.Warning is displayed on persistentVolumes page after editing storage class conversion plan
+A warning is displayed on the *persistentVolumes* page after editing the storage class conversion plan. When editing the existing migration plan, a warning is displayed on the UI `At least one PVC must be selected for Storage Class Conversion`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2079549[*BZ#2079549*])
+
+.Velero pod log missing from downloaded logs
+When downloading a compressed (.zip) folder for all logs, the velero pod is missing. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2076599[*BZ#2076599*])
+
+.Velero pod log missing from UI drop down
+After a migration is performed, the velero pod log is not included in the logs provided in the dropdown list. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2076593[*BZ#2076593*])
diff --git a/modules/migration-mtc-release-notes-1-7-02.adoc b/modules/migration-mtc-release-notes-1-7-02.adoc
new file mode 100644
index 000000000000..d10ee1fcdcba
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-02.adoc
@@ -0,0 +1,62 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-02_{context}"]
+= {mtc-full} 1.7.2 release notes
+
+[id="resolved-issues-1-7-02_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.MTC UI does not display logs correctly
+In previous releases, the MTC UI did not display logs correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2062266[*BZ#2062266*])
+
+.StorageClass conversion plan adding migstorage reference in migplan
+In previous releases, StorageClass conversion plans had a `migstorage` reference even though it was not being used. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2078459[*BZ#2078459*])
+
+.Velero pod log missing from downloaded logs
+In previous releases, when downloading a compressed (.zip) folder for all logs, the velero pod was missing. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2076599[*BZ#2076599*])
+
+.Velero pod log missing from UI drop down
+In previous releases, after a migration was performed, the velero pod log was not included in the logs provided in the dropdown list. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2076593[*BZ#2076593*])
+
+.Rsync options logs not visible in log-reader pod
+In previous releases, when trying to set any valid or invalid rsync options in the `migrationcontroller`, the log-reader was not showing any logs regarding the invalid options or about the rsync command being used. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2079252[*BZ#2079252*])
+
+.Default CPU requests on Velero/Restic are too demanding and fail in certain environments
+In previous releases, the default CPU requests on Velero/Restic were too demanding and fail in certain environments. Default CPU requests for Velero and Restic Pods are set to 500m. These values were high. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2088022[*BZ#2088022*])
+
+
+
+
+[id="known-issues-1-7-02_{context}"]
+== Known issues
+
+This release has the following known issues:
+
+.Updating the replication repository to a different storage provider type is not respected by the UI
+After updating the replication repository to a different type and clicking *Update Repository*, it shows connection successful, but the UI is not updated with the correct details. When clicking on the *Edit* button again, it still shows the old replication repository information.
+
+Furthermore, when trying to update the replication repository again, it still shows the old replication details. When selecting the new repository, it also shows all the information you entered previously and the *Update repository* is not enabled, as if there are no changes to be submitted. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2102020[*BZ#2102020*])
+
+.Migrations fails because the backup is not found
+Migration fails at the restore stage because of initial backup has not been found. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2104874[*BZ#2104874*])
+
+.Update Cluster button is not enabled when updating Azure resource group
+When updating the remote cluster, selecting the *Azure resource group* checkbox, and adding a resource group does not enable the *Update cluster* option. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2098594[*BZ#2098594*])
+
+.Error pop-up in UI on deleting migstorage resource
+When creating a `backupStorage` credential secret in {OCP}, if the `migstorage` is removed from the UI, a 404 error is returned and the underlying secret is not removed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2100828[*BZ#2100828*])
+
+.Miganalytic resource displaying resource count as 0 in UI
+After creating a migplan from backend, the Miganalytic resource displays the resource count as `0` in UI. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2102139[*BZ#2102139*])
+
+.Registry validation fails when two trailing slashes are added to the Exposed route host to image registry
+After adding two trailing slashes, meaning `//`, to the exposed registry route, the MigCluster resource is showing the status as `connected`. When creating a migplan from backend with DIM, the plans move to the `unready` status. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2104864[*BZ#2104864*])
+
+.Service Account Token not visible while editing source cluster
+When editing the source cluster that has been added and is in *Connected* state, in the UI, the service account token is not visible in the field. To save the wizard, you have to fetch the token again and provide details inside the field. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2097668[*BZ#2097668*])
+
diff --git a/modules/migration-mtc-release-notes-1-7-03.adoc b/modules/migration-mtc-release-notes-1-7-03.adoc
new file mode 100644
index 000000000000..50d8ebaef74c
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-03.adoc
@@ -0,0 +1,26 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-03_{context}"]
+= {mtc-full} 1.7.3 release notes
+
+[id="resolved-issues-1-7-03_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.Correct DNS validation for destination namespace
+In previous releases, the MigPlan could not  be validated if the destination namespace started with a non-alphabetic character. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2102231[*BZ#2102231*])
+
+.Deselecting all PVCs from UI still results in an attempted PVC transfer
+In previous releases, while doing a full migration, unselecting the persistent volume claims (PVCs) would not skip selecting the PVCs and still try to migrate them. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2106073[*BZ#2106073*])
+
+.Incorrect DNS validation for destination namespace
+In previous releases, MigPlan could not be validated because the destination namespace started with a non-alphabetic character. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2102231[*BZ#2102231*])
+
+[id="known-issues-1-7-03_{context}"]
+== Known issues
+
+There are no known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-7-04.adoc b/modules/migration-mtc-release-notes-1-7-04.adoc
new file mode 100644
index 000000000000..de7c101a4861
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-04.adoc
@@ -0,0 +1,20 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-04_{context}"]
+= {mtc-full} 1.7.4 release notes
+
+[id="resolved-issues-1-7-04_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+
+[id="known-issues-1-7-04_{context}"]
+== Known issues
+
+.Rollback missing out deletion of some resources from the target cluster
+On performing the roll back of an application from the MTC UI, some resources are not being deleted from the target cluster and the roll back is showing a status as successfully completed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2126880[*BZ#2126880*])
+
diff --git a/modules/migration-mtc-release-notes-1-7-05.adoc b/modules/migration-mtc-release-notes-1-7-05.adoc
new file mode 100644
index 000000000000..172d6283bd89
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-05.adoc
@@ -0,0 +1,27 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-05_{context}"]
+= {mtc-full} 1.7.5 release notes
+
+[id="resolved-issues-1-7-05_{context}"]
+== Resolved issues
+
+This release has the following major resolved issue:
+
+.Direct Volume Migration is failing as rsync pod on source cluster move into Error state
+In previous release, migration succeeded with warnings but Direct Volume Migration failed with rsync pod on source namespace going into error state. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2132978[**BZ#2132978*])
+
+
+[id="known-issues-1-7-05_{context}"]
+== Known issues
+
+This release has the following known issues:
+
+.Velero image cannot be overridden in the MTC operator
+In previous releases, it was not possible to override the velero image using the `velero_image_fqin` parameter in the `MigrationController` Custom Resource (CR). (link:https://bugzilla.redhat.com/show_bug.cgi?id=2143389[*BZ#2143389*])
+
+.When editing a MigHook in the UI, the page might fail to reload
+The UI might fail to reload when editing a hook if there is a network connection issue. After the network connection is restored, the page will fail to reload until the cache is cleared. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2140208[*BZ#2140208*])
diff --git a/modules/migration-mtc-release-notes-1-7-06.adoc b/modules/migration-mtc-release-notes-1-7-06.adoc
new file mode 100644
index 000000000000..e547a1157fff
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-06.adoc
@@ -0,0 +1,30 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-06_{context}"]
+= {mtc-full} 1.7.6 release notes
+
+[id="new-features-1-7-6_{context}"]
+== New features
+
+.Implement proposed changes for DVM support with PSA in Red Hat OpenShift Container Platform 4.12
+With the incoming enforcement of Pod Security Admission (PSA) in {OCP} 4.12 the default pod would run with a `restricted` profile. This `restricted` profile would mean workloads to migrate would be in violation of this policy and no longer work as of now. The following enhancement outlines the changes that would be required to remain compatible with OCP 4.12. (link:https://issues.redhat.com/browse/MIG-1240[*MIG-1240*])
+
+[id="resolved-issues-1-7-06_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.Unable to create Storage Class Conversion plan due to missing cronjob error in Red Hat OpenShift Platform 4.12
+In previous releases, on the persistent volumes page, an error is thrown that a CronJob is not available in version `batch/v1beta1`, and when clicking on cancel, the migplan is created with status `Not ready`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2143628[*BZ#2143628*])
+
+
+[id="known-issues-1-7-06_{context}"]
+== Known issues
+
+This release has the following known issue:
+
+.Conflict conditions are cleared briefly after they are created
+When creating a new state migration plan that will result in a conflict error, that error is cleared shorty after it is displayed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2144299[*BZ#2144299*])
diff --git a/modules/migration-mtc-release-notes-1-7-07.adoc b/modules/migration-mtc-release-notes-1-7-07.adoc
new file mode 100644
index 000000000000..553b9a39991c
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-07.adoc
@@ -0,0 +1,18 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-07_{context}"]
+= {mtc-full} 1.7.7 release notes
+
+[id="resolved-issues-1-7-07_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+[id="known-issues-1-7-07_{context}"]
+== Known issues
+
+There are no known issues in this release.
+
diff --git a/modules/migration-mtc-release-notes-1-7-08.adoc b/modules/migration-mtc-release-notes-1-7-08.adoc
new file mode 100644
index 000000000000..b991f81a2628
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-08.adoc
@@ -0,0 +1,29 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-08_{context}"]
+= {mtc-full} 1.7.8 release notes
+
+[id="resolved-issues-1-7-08_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.Velero image cannot be overridden in the MTC operator
+In previous releases, it was not possible to override the velero image using the `velero_image_fqin` parameter in the `MigrationController` Custom Resource (CR). (link:https://bugzilla.redhat.com/show_bug.cgi?id=2143389[*BZ#2143389*])
+
+.Adding a MigCluster from the UI fails when the domain name has more than six characters
+In previous releases, adding a MigCluster from the UI failed when the domain name had more than six characters. The UI code expected a domain name of between two and six characters. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2152149[*BZ#2152149*])
+
+.UI fails to render the Migrations' page: Cannot read properties of undefined (reading 'name')
+In previous releases, the UI failed to render the Migrations' page, returning `Cannot read properties of undefined (reading 'name')`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2163485[*BZ#2163485*])
+
+.Creating DPA resource fails on Red Hat OpenShift Container Platform 4.6 clusters
+In previous releases, when deploying MTC on an {OCP} 4.6 cluster, the DPA failed to be created according to the logs, which resulted in some pods missing. From the logs in the migration-controller in the OCP 4.6 cluster, it indicated that an unexpected `null` value was passed, which caused the error. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2173742[*BZ#2173742*])
+
+[id="known-issues-1-7-08_{context}"]
+== Known issues
+
+There are no known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-7-09.adoc b/modules/migration-mtc-release-notes-1-7-09.adoc
new file mode 100644
index 000000000000..4036e3497771
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-09.adoc
@@ -0,0 +1,22 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-09_{context}"]
+= {mtc-full} 1.7.9 release notes
+
+[id="resolved-issues-1-7-09_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+
+[id="known-issues-1-7-09_{context}"]
+== Known issues
+
+This release has the following known issue:
+
+.Adjust rsync options in DVM
+
+In this release, users are unable to prevent absolute symlinks from being manipulated by rsync during direct volume migration (DVM). (link:https://bugzilla.redhat.com/show_bug.cgi?id=2204461[*BZ#2204461*])
diff --git a/modules/migration-mtc-release-notes-1-7-10.adoc b/modules/migration-mtc-release-notes-1-7-10.adoc
index ff1c4b6f11a2..c84fa07654c9 100644
--- a/modules/migration-mtc-release-notes-1-7-10.adoc
+++ b/modules/migration-mtc-release-notes-1-7-10.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * migration_toolkit_for_containers/mtc-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="migration-mtc-release-notes-1-7-10_{context}"]
 = {mtc-full} 1.7.10 release notes
 
@@ -11,5 +11,11 @@
 
 This release has the following major resolved issue:
 
-* In this release, you can prevent absolute symlinks from being manipulated by Rsync in the course of direct volume migration (DVM). Running DVM in privileged mode preserves absolute symlinks inside the persistent volume claims (PVCs). To switch to privileged mode, in the `MigrationController` CR, set the `migration_rsync_privileged` spec to `true`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2204461[*BZ#2204461*])
+.Adjust rsync options in DVM
 
+In this release, you can prevent absolute symlinks from being manipulated by Rsync in the course of direct volume migration (DVM). Running DVM in privileged mode preserves absolute symlinks inside the persistent volume claims (PVCs). To switch to privileged mode, in the `MigrationController` CR, set the `migration_rsync_privileged` spec to `true`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2204461[*BZ#2204461*])
+
+[id="known-issues-1-7-10_{context}"]
+== Known issues
+
+There are no known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-7-11.adoc b/modules/migration-mtc-release-notes-1-7-11.adoc
new file mode 100644
index 000000000000..3ecbd709028e
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-11.adoc
@@ -0,0 +1,19 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-11_{context}"]
+= {mtc-full} 1.7.11 release notes
+
+[id="resolved-issues-1-7-11_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+[id="known-issues-1-7-11_{context}"]
+== Known issues
+
+There are no known issues in this release.
+
+
diff --git a/modules/migration-mtc-release-notes-1-7-12.adoc b/modules/migration-mtc-release-notes-1-7-12.adoc
new file mode 100644
index 000000000000..7e5bb99ae38c
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-12.adoc
@@ -0,0 +1,26 @@
+
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-12_{context}"]
+= {mtc-full} 1.7.12 release notes
+
+[id="resolved-issues-1-7-12_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+
+[id="known-issues-1-7-12_{context}"]
+== Known issues
+
+This release has the following known issues:
+
+.Error code 504 is displayed on the Migration details page
+
+On the *Migration details* page, at first, the `migration details` are displayed without any issues. However, after sometime, the details disappear, and a `504` error is returned. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2231106[*BZ#2231106*])
+
+.Old restic pods are not removed when upgrading MTC 1.7.x to MTC 1.8
+
+On upgrading the MTC operator from 1.7.x to 1.8.x, the old restic pods are not removed. After the upgrade, both restic and node-agent pods are visible in the namespace. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2236829[*BZ#2236829*])
diff --git a/modules/migration-mtc-release-notes-1-7-13.adoc b/modules/migration-mtc-release-notes-1-7-13.adoc
new file mode 100644
index 000000000000..2ce3a6c1c2e5
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-13.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-13_{context}"]
+= {mtc-full} 1.7.13 release notes
+
+[id="resolved-issues-1-7-13_{context}"]
+== Resolved issues
+
+There are no major resolved issues in this release.
+
+
+[id="known-issues-1-7-13_{context}"]
+== Known issues
+
+There are no major known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-7-14.adoc b/modules/migration-mtc-release-notes-1-7-14.adoc
new file mode 100644
index 000000000000..42a2d2a4e479
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-7-14.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-7-14_{context}"]
+= {mtc-full} 1.7.14 release notes
+
+[id="resolved-issues-1-7-14_{context}"]
+== Resolved issues
+
+This release has the following resolved issues:
+
+.CVE-2023-39325 CVE-2023-44487: various flaws
+
+A flaw was found in the handling of multiplexed streams in the HTTP/2 protocol, which is utilized by {mtc-full} ({mtc-short}). A client could repeatedly make a request for a new multiplex stream then immediately send an `RST_STREAM` frame to cancel those requests. This activity created additional workloads for the server in terms of setting up and dismantling streams, but avoided any server-side limitations on the maximum number of active streams per connection. As a result, a denial of service occurred due to server resource consumption.
+
+* link:https://bugzilla.redhat.com/show_bug.cgi?id=2243564[(BZ#2243564)]
+* link:https://bugzilla.redhat.com/show_bug.cgi?id=2244013[(BZ#2244013)]
+* link:https://bugzilla.redhat.com/show_bug.cgi?id=2244014[(BZ#2244014)]
+* link:https://bugzilla.redhat.com/show_bug.cgi?id=2244015[(BZ#2244015)]
+* link:https://bugzilla.redhat.com/show_bug.cgi?id=2244016[(BZ#2244016)]
+* link:https://bugzilla.redhat.com/show_bug.cgi?id=2244017[(BZ#2244017)]
+
+To resolve this issue, upgrade to {mtc-short} 1.7.14.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2023-44487[(CVE-2023-44487)] and link:https://access.redhat.com/security/cve/cve-2023-39325[(CVE-2023-39325)].
+
+.CVE-2023-39318 CVE-2023-39319 CVE-2023-39321: various flaws
+
+* link:https://access.redhat.com/security/cve/cve-2023-39318[(CVE-2023-39318)]: A flaw was discovered in Golang, utilized by {mtc-short}. The `html/template` package did not properly handle HTML-like `""` comment tokens, or the hashbang `"#!"` comment tokens, in `<script>` contexts. This flaw could cause the template parser to improperly interpret the contents of `<script>` contexts, causing actions to be improperly escaped.
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238062[(BZ#2238062)]  
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238088[(BZ#2238088)]
+* link:https://access.redhat.com/security/cve/cve-2023-39319[(CVE-2023-39319)]: A flaw was discovered in Golang, utilized by {mtc-short}. The `html/template` package did not apply the proper rules for handling occurrences of `"<script"`, `"<!--"`, and `"</script"` within JavaScript literals in <script> contexts. This could cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. 
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238062[(BZ#2238062)]  
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238088[(BZ#2238088)]
+* link:https://access.redhat.com/security/cve/cve-2023-39321[(CVE-2023-39321)]: A flaw was discovered in Golang, utilized by {mtc-short}. Processing an incomplete post-handshake message for a QUIC connection could cause a panic.
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238062[(BZ#2238062)]  
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238088[(BZ#2238088)]
+* link:https://access.redhat.com/security/cve/cve-2023-39322[(CVE-2023-3932)]: A flaw was discovered in Golang, utilized by {mtc-short}. Connections using the QUIC transport protocol did not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. 
+** link:https://bugzilla.redhat.com/show_bug.cgi?id=2238088[(BZ#2238088)]
+
+To resolve these issues, upgrade to {mtc-short} 1.7.14.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2023-39318[(CVE-2023-39318)], link:https://access.redhat.com/security/cve/cve-2023-39319[(CVE-2023-39319)], and link:https://access.redhat.com/security/cve/cve-2023-39321[(CVE-2023-39321)].
+
+[id="known-issues-1-7-14_{context}"]
+== Known issues
+
+There are no major known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-7.adoc b/modules/migration-mtc-release-notes-1-7.adoc
index 4f4aa81c8ab4..3a65e934a716 100644
--- a/modules/migration-mtc-release-notes-1-7.adoc
+++ b/modules/migration-mtc-release-notes-1-7.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * migration_toolkit_for_containers/mtc-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="migration-mtc-release-notes-1-7_{context}"]
 = {mtc-full} 1.7 release notes
 
@@ -25,3 +25,4 @@ This release has the following known issues:
 * `MigPlan` custom resource does not display a warning when an AWS gp2 PVC has no available space. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1963927[*BZ#1963927*])
 * Direct and indirect data transfers do not work if the destination storage is a PV that is dynamically provisioned by the AWS Elastic File System (EFS). This is due to limitations of the AWS EFS Container Storage Interface (CSI) driver. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2085097[*BZ#2085097*])
 * Block storage for IBM Cloud must be in the same availability zone. See the link:https://cloud.ibm.com/docs/vpc?topic=vpc-block-storage-vpc-faq[IBM FAQ for block storage for virtual private cloud].
+* MTC 1.7.6 cannot migrate cron jobs from source clusters that support `v1beta1` cron jobs to clusters of {product-title} 4.12 and later, which do not support `v1beta1` cron jobs. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2149119[*BZ#2149119*])
diff --git a/modules/migration-mtc-release-notes-1-8-1.adoc b/modules/migration-mtc-release-notes-1-8-1.adoc
new file mode 100644
index 000000000000..83647c2455bd
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-8-1.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-8-1_{context}"]
+= {mtc-full} 1.8.1 release notes
+
+[id="resolved-issues-1-8-1_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work
+
+A flaw was found in handling multiplexed streams in the HTTP/2 protocol, which is used by {mtc-full} ({mtc-short}). A client could repeatedly make a request for a new multiplex stream and immediately send an `RST_STREAM` frame to cancel it. This creates additional workload for the server in terms of setting up and dismantling streams, while avoiding any server-side limitations on the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. link:https://bugzilla.redhat.com/show_bug.cgi?id=2245079[(BZ#2245079)]
+
+It is advised to update to {mtc-short} 1.8.1 or later, which resolve this issue.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2023-39325[(CVE-2023-39325)] and link:https://access.redhat.com/security/cve/cve-2023-44487[(CVE-2023-44487)]
+
+
+
+[id="known-issues-1-8-1_{context}"]
+== Known issues
+
+There are no major known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-8-2.adoc b/modules/migration-mtc-release-notes-1-8-2.adoc
new file mode 100644
index 000000000000..1b85d147a05b
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-8-2.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-8-2_{context}"]
+= {mtc-full} 1.8.2 release notes
+
+[id="resolved-issues-1-8-2_{context}"]
+== Resolved issues
+
+This release has the following major resolved issues:
+
+.Backup phase fails after setting custom CA replication repository
+
+In previous releases of {mtc-full} ({mtc-short}), after editing the replication repository, adding a custom CA certificate, successfully connecting the repository, and triggering a migration, a failure occurred during the backup phase.
+
+.CVE-2023-26136: tough-cookie package before 4.1.3 are vulnerable to Prototype Pollution
+
+In previous releases of ({mtc-short}), versions before 4.1.3 of the `tough-cookie` package used in {mtc-short} were vulnerable to prototype pollution. This vulnerability occurred because CookieJar did not handle cookies properly when the value of the `rejectPublicSuffixes` was set to `false`.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2023-26136[(CVE-2023-26136)]
+
+.CVE-2022-25883 openshift-migration-ui-container: nodejs-semver: Regular expression denial of service
+
+In previous releases of ({mtc-short}), versions of the `semver` package before 7.5.2, used in {mtc-short}, were vulnerable to Regular Expression Denial of Service (ReDoS) from the function `newRange`, when untrusted user data was provided as a range.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2022-25883[(CVE-2022-25883)]
+
+
+[id="known-issues-1-8-2_{context}"]
+== Known issues
+
+There are no major known issues in this release.
diff --git a/modules/migration-mtc-release-notes-1-8.adoc b/modules/migration-mtc-release-notes-1-8.adoc
new file mode 100644
index 000000000000..5a5c61a9ce42
--- /dev/null
+++ b/modules/migration-mtc-release-notes-1-8.adoc
@@ -0,0 +1,91 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/mtc-release-notes.adoc
+:_mod-docs-content-type: REFERENCE
+[id="migration-mtc-release-notes-1-8_{context}"]
+= {mtc-full} 1.8 release notes
+
+[id="resolved-issues-1-8_{context}"]
+== Resolved issues
+
+This release has the following resolved issues:
+
+.Indirect migration is stuck on backup stage
+
+In previous releases, an indirect migration became stuck at the backup stage, due to `InvalidImageName` error.
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=2233097[*BZ#2233097*])
+
+.PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore
+
+In previous releases, on performing an indirect migration, the migration became stuck at the `Stage Restore` step, waiting for the `podvolumerestore` to be completed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2233868[*BZ#2233868*])
+
+.Migrated application unable to pull image from internal registry on target cluster
+
+In previous releases, on migrating an application to the target cluster, the migrated application failed to pull the image from the internal image registry resulting in an `application failure`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2233103[*BZ#2233103*])
+
+.Migration failing on Azure due to authorization issue
+
+In previous releases, on an Azure cluster, when backing up to Azure storage, the migration failed at the `Backup` stage. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2238974[*BZ#2238974*])
+
+[id="known-issues-1-8_{context}"]
+== Known issues
+
+This release has the following known issues:
+
+.Old Restic pods are not getting removed on upgrading MTC 1.7.x -> 1.8.x
+
+In this release, on upgrading the MTC Operator from 1.7.x to 1.8.x, the old Restic pods are not being removed. Therefore after the upgrade, both Restic and node-agent pods are visible in the namespace. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2236829[*BZ#2236829*])
+
+.Migrated builder pod fails to push to image registry
+
+In this release, on migrating an application including a `BuildConfig` from a source to target cluster, builder pod results in `error`, failing to push the image to the image registry. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2234781[*BZ#2234781*])
+
+.[UI] CA bundle file field is not properly cleared
+
+In this release, after enabling `Require SSL verification` and adding content to the CA bundle file for an MCG NooBaa bucket in MigStorage, the connection fails as expected. However, when reverting these changes by removing the CA bundle content and clearing `Require SSL verification`, the connection still fails. The issue is only resolved by deleting and re-adding the repository. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2240052[*BZ#2240052*])
+
+
+.Backup phase fails after setting custom CA replication repository
+
+In ({mtc-short}), after editing the replication repository, adding a custom CA certificate, successfully connecting the repository, and triggering a migration, a failure occurs during the backup phase.
+
+This issue is resolved in {mtc-short} 1.8.2.
+
+
+.CVE-2023-26136: tough-cookie package before 4.1.3 are vulnerable to Prototype Pollution
+
+Versions before 4.1.3 of the `tough-cookie` package, used in {mtc-short}, are vulnerable to prototype pollution. This vulnerability occurs because CookieJar does not handle cookies properly when the value of the `rejectPublicSuffixes` is set to `false`.
+
+This issue is resolved in {mtc-short} 1.8.2.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2023-26136[(CVE-2023-26136)]
+
+
+.CVE-2022-25883 openshift-migration-ui-container: nodejs-semver: Regular expression denial of service
+
+In previous releases of ({mtc-short}), versions of the `semver` package before 7.5.2, used in {mtc-short}, are vulnerable to Regular Expression Denial of Service (ReDoS) from the function `newRange`, when untrusted user data is provided as a range.
+
+This issue is resolved in {mtc-short} 1.8.2.
+
+For more details, see link:https://access.redhat.com/security/cve/cve-2022-25883[(CVE-2022-25883)]
+
+
+[id="technical-changes-1-8_{context}"]
+== Technical changes
+
+This release has the following technical changes:
+
+* Migration from {product-title} 3 to {product-title} 4 requires a legacy {mtc-full} ({mtc-short}) Operator and {mtc-short} 1.7.x.
+* Migration from {mtc-short} 1.7.x to {mtc-short} 1.8.x is not supported.
+* You must use {mtc-short} 1.7.x to migrate anything with a source of {product-title} 4.9 or earlier.
+** {mtc-short} 1.7.x must be used on both source and destination.
+* MTC 1.8.x only supports migrations from {product-title} 4.10 or later to {product-title} 4.10 or later. For migrations only involving cluster versions 4.10 and later, either 1.7.x or 1.8.x might be used. However, but it must be the same MTC 1.Y.z on both source and destination.
+** Migration from source {mtc-short} 1.7.x to destination {mtc-short} 1.8.x is unsupported.
+** Migration from source {mtc-short} 1.8.x to destination {mtc-short} 1.7.x is unsupported.
+** Migration from source {mtc-short} 1.7.x to destination {mtc-short} 1.7.x is supported.
+** Migration from source {mtc-short} 1.8.x to destination {mtc-short} 1.8.x is supported.
+* MTC 1.8.x by default installs OADP 1.2.x.
+* Upgrading from {mtc-short} 1.7.x to {mtc-short} 1.8.0, requires manually changing the OADP channel to 1.2. If this is not done, the upgrade of the Operator fails.
+
+
+
diff --git a/modules/migration-partial-failure-velero.adoc b/modules/migration-partial-failure-velero.adoc
index 11e62b6aa62a..35a00fbac01e 100644
--- a/modules/migration-partial-failure-velero.adoc
+++ b/modules/migration-partial-failure-velero.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-partial-failure-velero_{context}"]
 = Debugging a partial migration failure
 
diff --git a/modules/migration-rolling-back-migration-cli.adoc b/modules/migration-rolling-back-migration-cli.adoc
index 57423b077db5..25eef94bab1f 100644
--- a/modules/migration-rolling-back-migration-cli.adoc
+++ b/modules/migration-rolling-back-migration-cli.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-rolling-back-migration-cli_{context}"]
 = Rolling back a migration from the command line interface
 
diff --git a/modules/migration-rolling-back-migration-manually.adoc b/modules/migration-rolling-back-migration-manually.adoc
index 899ffaa64fa1..c992800311d9 100644
--- a/modules/migration-rolling-back-migration-manually.adoc
+++ b/modules/migration-rolling-back-migration-manually.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-rolling-back-migration-manually_{context}"]
 = Rolling back a migration manually
 
diff --git a/modules/migration-rolling-back-migration-web-console.adoc b/modules/migration-rolling-back-migration-web-console.adoc
index 65bd906a8c79..15411a24a2de 100644
--- a/modules/migration-rolling-back-migration-web-console.adoc
+++ b/modules/migration-rolling-back-migration-web-console.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-rolling-back-migration-web-console_{context}"]
 = Rolling back a migration by using the {mtc-short} web console
 
diff --git a/modules/migration-running-migration-plan-cam.adoc b/modules/migration-running-migration-plan-cam.adoc
index c52eadf49742..8f4301563663 100644
--- a/modules/migration-running-migration-plan-cam.adoc
+++ b/modules/migration-running-migration-plan-cam.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
 // * migration_toolkit_for_containers/migrating-applications-with-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-running-migration-plan-cam_{context}"]
 = Running a migration plan in the {mtc-short} web console
 
diff --git a/modules/migration-setting-up-target-cluster-to-accept-source-dns-domain.adoc b/modules/migration-setting-up-target-cluster-to-accept-source-dns-domain.adoc
index 45ce02067538..d6f0c9aef053 100644
--- a/modules/migration-setting-up-target-cluster-to-accept-source-dns-domain.adoc
+++ b/modules/migration-setting-up-target-cluster-to-accept-source-dns-domain.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/planning-considerations-3-4.adoc
 // * migration_toolkit_for_containers/network-considerations-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-setting-up-target-cluster-to-accept-source-dns-domain_{context}"]
 = Setting up the target cluster to accept the source DNS domain
 
diff --git a/modules/migration-state-migration-cli.adoc b/modules/migration-state-migration-cli.adoc
index 24d85daa9dbe..2cd981dd4438 100644
--- a/modules/migration-state-migration-cli.adoc
+++ b/modules/migration-state-migration-cli.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/advanced-migration-options-3-4.adoc
 // * migration_toolkit_for_containers/advanced-migration-options-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-state-migration-cli_{context}"]
 = State migration
 
diff --git a/modules/migration-understanding-data-copy-methods.adoc b/modules/migration-understanding-data-copy-methods.adoc
index 4b9504108ccd..11593d6cb39c 100644
--- a/modules/migration-understanding-data-copy-methods.adoc
+++ b/modules/migration-understanding-data-copy-methods.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/migrating-applications-3-4.adoc
 // * migration_toolkit_for_containers/migrating-applications-with-mtc.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="migration-understanding-data-copy-methods_{context}"]
 = About data copy methods
 
diff --git a/modules/migration-uninstalling-mtc-clean-up.adoc b/modules/migration-uninstalling-mtc-clean-up.adoc
index 807a880686bf..ef9434f3e0c6 100644
--- a/modules/migration-uninstalling-mtc-clean-up.adoc
+++ b/modules/migration-uninstalling-mtc-clean-up.adoc
@@ -4,7 +4,7 @@
 // * migration_toolkit_for_containers/installing-mtc.adoc
 // * migration_toolkit_for_containers/installing-mtc-restricted.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-uninstalling-mtc-clean-up_{context}"]
 = Uninstalling {mtc-short} and deleting resources
 
diff --git a/modules/migration-updating-deprecated-internal-images.adoc b/modules/migration-updating-deprecated-internal-images.adoc
index c7743b8be913..05db06943c56 100644
--- a/modules/migration-updating-deprecated-internal-images.adoc
+++ b/modules/migration-updating-deprecated-internal-images.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-updating-deprecated-internal-images_{context}"]
 = Updating deprecated internal images
 
diff --git a/modules/migration-upgrading-from-mtc-1-3.adoc b/modules/migration-upgrading-from-mtc-1-3.adoc
index 876dd906a959..60e982e687e1 100644
--- a/modules/migration-upgrading-from-mtc-1-3.adoc
+++ b/modules/migration-upgrading-from-mtc-1-3.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/upgrading-3-4.adoc
 // * migration_toolkit_for_containers/upgrading-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-upgrading-from-mtc-1-3_{context}"]
 = Upgrading {mtc-short} 1.3 to {mtc-version}
 
@@ -11,6 +11,13 @@ If you are upgrading {mtc-full} ({mtc-short}) version 1.3.x to {mtc-version}, yo
 
 Because the `indirectImageMigration` and `indirectVolumeMigration` parameters do not exist in {mtc-short} 1.3, their default value in version 1.4 is `false`, which means that direct image migration and direct volume migration are enabled. Because the direct migration requirements are not fulfilled, the migration plan cannot reach a `Ready` state unless these parameter values are changed to `true`.
 
+[IMPORTANT]
+
+====
+* Migrating from {product-title} 3 to {product-title} 4 requires a legacy {mtc-short} Operator and {mtc-short} 1.7.x.
+* Upgrading MTC 1.7.x to 1.8.x requires manually updating the OADP channel from `stable-1.0` to `stable-1.2` in order to successfully complete the upgrade from 1.7.x to 1.8.x.
+====
+
 .Prerequisites
 
 * You must be logged in as a user with `cluster-admin` privileges.
diff --git a/modules/migration-upgrading-mtc-on-ocp-4.adoc b/modules/migration-upgrading-mtc-on-ocp-4.adoc
index f6b3395cc2a4..b174b0e0fa10 100644
--- a/modules/migration-upgrading-mtc-on-ocp-4.adoc
+++ b/modules/migration-upgrading-mtc-on-ocp-4.adoc
@@ -3,12 +3,28 @@
 // * migrating_from_ocp_3_to_4/upgrading-3-4.adoc
 // * migration_toolkit_for_containers/upgrading-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-upgrading-mtc-on-ocp-4_{context}"]
 = Upgrading the {mtc-full} on {product-title} {product-version}
 
 You can upgrade the {mtc-full} ({mtc-short}) on {product-title} {product-version} by using the Operator Lifecycle Manager.
 
+[IMPORTANT]
+====
+When upgrading the {mtc-short} by using the Operator Lifecycle Manager, you must use a supported migration path.
+====
+
+.Migration paths
+* Migrating from {product-title} 3 to {product-title} 4 requires a legacy {mtc-short} Operator and {mtc-short} 1.7.x.
+* Migrating from {mtc-short} 1.7.x to {mtc-short} 1.8.x is not supported.
+* You must use {mtc-short} 1.7.x to migrate anything with a source of {product-title} 4.9 or earlier.
+** {mtc-short} 1.7.x must be used on both source and destination.
+* MTC 1.8.x only supports migrations from {product-title} 4.10 or later to {product-title} 4.10 or later. For migrations only involving cluster versions 4.10 and later, either 1.7.x or 1.8.x may be used. However, it must be the same MTC version on both source & destination.
+** Migration from source {mtc-short} 1.7.x to destination {mtc-short} 1.8.x is unsupported.
+** Migration from source {mtc-short} 1.8.x to destination {mtc-short} 1.7.x is unsupported.
+** Migration from source {mtc-short} 1.7.x to destination {mtc-short} 1.7.x is supported.
+** Migration from source {mtc-short} 1.8.x to destination {mtc-short} 1.8.x is supported
+
 .Prerequisites
 
 * You must be logged in as a user with `cluster-admin` privileges.
diff --git a/modules/migration-upgrading-mtc-with-legacy-operator.adoc b/modules/migration-upgrading-mtc-with-legacy-operator.adoc
index 25f4b7dda2c5..6a3ec4381c7b 100644
--- a/modules/migration-upgrading-mtc-with-legacy-operator.adoc
+++ b/modules/migration-upgrading-mtc-with-legacy-operator.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/upgrading-3-4.adoc
 // * migration_toolkit_for_containers/upgrading-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-upgrading-mtc-with-legacy-operator_{context}"]
 ifdef::upgrading-3-4[]
 = Upgrading the {mtc-full} on {product-title} 3
diff --git a/modules/migration-using-mig-log-reader.adoc b/modules/migration-using-mig-log-reader.adoc
index 28a1fbe4d35e..a360f7607972 100644
--- a/modules/migration-using-mig-log-reader.adoc
+++ b/modules/migration-using-mig-log-reader.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-using-mig-log-reader_{context}"]
 = Using the migration log reader
 
diff --git a/modules/migration-using-mtc-crs-for-troubleshooting.adoc b/modules/migration-using-mtc-crs-for-troubleshooting.adoc
index 3332e271f866..7daef68df087 100644
--- a/modules/migration-using-mtc-crs-for-troubleshooting.adoc
+++ b/modules/migration-using-mtc-crs-for-troubleshooting.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-using-mtc-crs-for-troubleshooting_{context}"]
 = Using {mtc-short} custom resources for troubleshooting
 
diff --git a/modules/migration-using-must-gather.adoc b/modules/migration-using-must-gather.adoc
index 77422e3feb36..0fa491b166fa 100644
--- a/modules/migration-using-must-gather.adoc
+++ b/modules/migration-using-must-gather.adoc
@@ -4,7 +4,7 @@
 // * migration_toolkit_for_containers/troubleshooting-mtc.adoc
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-using-must-gather_{context}"]
 = Using the must-gather tool
 
@@ -28,6 +28,8 @@ endif::[]
 
 * You must be logged in to the {product-title} cluster as a user with the `cluster-admin` role.
 * You must have the OpenShift CLI (`oc`) installed.
+* You must use {op-system-base-full} 8.x with OADP 1.2.
+* You must use {op-system-base-full} {op-system-version} with OADP 1.3.
 
 .Procedure
 
@@ -40,10 +42,18 @@ endif::[]
 ifdef::oadp-troubleshooting[]
 * Full `must-gather` data collection, including Prometheus metrics:
 endif::[]
+.. For OADP 1.2, use the following command:
 +
-[source,terminal,subs="attributes+"]
+[source,terminal]
+----
+oc adm must-gather --image=registry.redhat.io/oadp/oadp-mustgather-rhel8:v1.2
+----
++
+.. For OADP 1.3, use the following command:
++
+[source,terminal]
 ----
-$ oc adm must-gather --image={must-gather}
+oc adm must-gather --image=registry.redhat.io/oadp/oadp-mustgather-rhel9:v1.3
 ----
 +
 The data is saved as `must-gather/must-gather.tar.gz`. You can upload this file to a support case on the link:https://access.redhat.com/[Red Hat Customer Portal].
@@ -73,49 +83,17 @@ endif::[]
 ifdef::oadp-troubleshooting[]
 * Prometheus metrics data dump:
 endif::[]
-+
-[source,terminal,subs="attributes+"]
-----
-$ oc adm must-gather --image={must-gather} \
-  -- /usr/bin/gather_metrics_dump
-----
-+
-This operation can take a long time. The data is saved as `must-gather/metrics/prom_data.tar.gz`.
-
-[discrete]
-[id="viewing-data-with-prometheus-console_{context}"]
-== Viewing metrics data with the Prometheus console
-
-You can view the metrics data with the Prometheus console.
-
-.Procedure
-
-. Decompress the `prom_data.tar.gz` file:
+.. For OADP 1.2, use the following command:
 +
 [source,terminal]
 ----
-$ tar -xvzf must-gather/metrics/prom_data.tar.gz
+oc adm must-gather --image=registry.redhat.io/oadp/oadp-mustgather-rhel8:v1.2 -- /usr/bin/gather_metrics_dump
 ----
-
-. Create a local Prometheus instance:
+.. For OADP 1.3, use the following command:
 +
 [source,terminal]
 ----
-$ make prometheus-run
-----
-+
-The command outputs the Prometheus URL.
-+
-.Output
-[source,terminal]
-----
-Started Prometheus on http://localhost:9090
+oc adm must-gather --image=registry.redhat.io/oadp/oadp-mustgather-rhel9:v1.3 -- /usr/bin/gather_metrics_dump
 ----
+This operation can take a long time. The data is saved as `must-gather/metrics/prom_data.tar.gz`.
 
-. Launch a web browser and navigate to the URL to view the data by using the Prometheus web console.
-. After you have viewed the data, delete the Prometheus instance and data:
-+
-[source,terminal]
-----
-$ make prometheus-cleanup
-----
diff --git a/modules/migration-viewing-migration-plan-log.adoc b/modules/migration-viewing-migration-plan-log.adoc
index ac0189105ffc..550dc4a9fdfe 100644
--- a/modules/migration-viewing-migration-plan-log.adoc
+++ b/modules/migration-viewing-migration-plan-log.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-viewing-migration-plan-log_{context}"]
 = Viewing a migration plan log
 
diff --git a/modules/migration-viewing-migration-plan-resources.adoc b/modules/migration-viewing-migration-plan-resources.adoc
index 099b72944d0a..30944eaacc65 100644
--- a/modules/migration-viewing-migration-plan-resources.adoc
+++ b/modules/migration-viewing-migration-plan-resources.adoc
@@ -3,7 +3,7 @@
 // * migrating_from_ocp_3_to_4/troubleshooting-3-4.adoc
 // * migration_toolkit_for_containers/troubleshooting-mtc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migration-viewing-migration-plan-resources_{context}"]
 = Viewing migration plan resources
 
diff --git a/modules/minimum-ibm-power-system-requirements.adoc b/modules/minimum-ibm-power-system-requirements.adoc
index 397e5b2cb32f..d9e8ffd61409 100644
--- a/modules/minimum-ibm-power-system-requirements.adoc
+++ b/modules/minimum-ibm-power-system-requirements.adoc
@@ -3,37 +3,37 @@
 // * installing/installing_ibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="minimum-ibm-power-system-requirements_{context}"]
-= Minimum IBM Power requirements
+= Minimum {ibm-power-title} requirements
 
-You can install {product-title} version {product-version} on the following IBM hardware:
+You can install {product-title} version {product-version} on the following {ibm-name} hardware:
 
-* IBM Power9 or Power10 processor-based systems
+* {ibm-power-name}9 or {ibm-power-name}10 processor-based systems
 
 [NOTE]
 ====
-Support for {op-system} functionality for all IBM Power8 models, IBM Power AC922, IBM Power IC922, and IBM Power LC922 is deprecated in {product-title} {product-version}. Red Hat recommends that you use later hardware models.
+Support for {op-system} functionality for all {ibm-power-name}8 models, {ibm-power-name} AC922, {ibm-power-name} IC922, and {ibm-power-name} LC922 is deprecated in {product-title} {product-version}. Red Hat recommends that you use later hardware models.
 ====
 
 [discrete]
 == Hardware requirements
 
-* Six IBM Power bare metal servers or six LPARs across multiple PowerVM servers
+* Six logical partitions (LPARs) across multiple PowerVM servers
 
 [discrete]
 == Operating system requirements
 
-* One instance of an IBM Power9 or Power10 processor-based system
+* One instance of an {ibm-power-name}9 or Power10 processor-based system
 
-On your IBM Power instance, set up:
+On your {ibm-power-name} instance, set up:
 
-* Three guest virtual machines for {product-title} control plane machines
-* Two guest virtual machines for {product-title} compute machines
-* One guest virtual machine for the temporary {product-title} bootstrap machine
+* Three LPARs for {product-title} control plane machines
+* Two LPARs for {product-title} compute machines
+* One LPAR for the temporary {product-title} bootstrap machine
 
 [discrete]
-== Disk storage for the IBM Power guest virtual machines
+== Disk storage for the {ibm-power-title} guest virtual machines
 
 * Local storage, or storage provisioned by the Virtual I/O Server using vSCSI, NPIV (N-Port ID Virtualization) or SSP (shared storage pools)
 
@@ -42,7 +42,7 @@ On your IBM Power instance, set up:
 
 * Dedicated physical adapter, or SR-IOV virtual function
 * Available by the Virtual I/O Server using Shared Ethernet Adapter
-* Virtualized by the Virtual I/O Server using IBM vNIC
+* Virtualized by the Virtual I/O Server using {ibm-name} vNIC
 
 [discrete]
 == Storage / main memory
diff --git a/modules/minimum-ibm-z-system-requirements.adoc b/modules/minimum-ibm-z-system-requirements.adoc
index 5a2f0744ef49..c3be720deb7d 100644
--- a/modules/minimum-ibm-z-system-requirements.adoc
+++ b/modules/minimum-ibm-z-system-requirements.adoc
@@ -3,14 +3,14 @@
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="minimum-ibm-z-system-requirements_{context}"]
-= Minimum {ibmzProductName} system environment
+= Minimum {ibm-z-title} system environment
 
-You can install {product-title} version {product-version} on the following IBM hardware:
+You can install {product-title} version {product-version} on the following {ibm-name} hardware:
 
-* IBM z16 (all models), IBM z15 (all models), IBM z14 (all models)
-* {linuxoneProductName} 4 (all models), {linuxoneProductName} III (all models), {linuxoneProductName} Emperor II, {linuxoneProductName} Rockhopper II
+* {ibm-name} z16 (all models), {ibm-name} z15 (all models), {ibm-name} z14 (all models)
+* {ibm-linuxone-name} 4 (all models), {ibm-linuxone-name} III (all models), {ibm-linuxone-name} Emperor II, {ibm-linuxone-name} Rockhopper II
 
 [discrete]
 == Hardware requirements
@@ -20,7 +20,7 @@ You can install {product-title} version {product-version} on the following IBM h
 
 [NOTE]
 ====
-You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of {ibmzProductName}. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every {product-title} cluster.
+You can use dedicated or shared IFLs to assign sufficient compute resources. Resource sharing is one of the key strengths of {ibm-z-name}. However, you must adjust capacity correctly on each hypervisor layer and ensure sufficient resources for every {product-title} cluster.
 ====
 
 [IMPORTANT]
@@ -31,7 +31,7 @@ Since the overall performance of the cluster can be impacted, the LPARs that are
 [discrete]
 == Operating system requirements
 
-* One instance of z/VM 7.1 or later
+* One instance of z/VM 7.2 or later
 
 On your z/VM instance, set up:
 
@@ -40,9 +40,9 @@ On your z/VM instance, set up:
 * One guest virtual machine for the temporary {product-title} bootstrap machine
 
 [discrete]
-== {ibmzProductName} network connectivity requirements
+== {ibm-z-title} network connectivity requirements
 
-To install on {ibmzProductName} under z/VM, you require a single z/VM virtual NIC in layer 2 mode. You also need:
+To install on {ibm-z-name} under z/VM, you require a single z/VM virtual NIC in layer 2 mode. You also need:
 
 *   A direct-attached OSA or RoCE network adapter
 *   A z/VM VSwitch set up. For a preferred setup, use OSA link aggregation.
diff --git a/modules/minimum-required-permissions-ipi-azure.adoc b/modules/minimum-required-permissions-ipi-azure.adoc
index abb45058008e..7f5d7f49da17 100644
--- a/modules/minimum-required-permissions-ipi-azure.adoc
+++ b/modules/minimum-required-permissions-ipi-azure.adoc
@@ -2,12 +2,20 @@
 //
 // * installing/installing_azure/installing-azure-account.adoc
 
+:_mod-docs-content-type: CONCEPT
 [id="minimum-required-permissions-ipi-azure_{context}"]
 = Required Azure permissions for installer-provisioned infrastructure
 
-When you assign `Contributor` and `User Access Administrator` roles to the service principal, you automatically grant all the required permissions.
+The installation program requires access to an Azure service principal or managed identity with the necessary permissions to deploy the cluster and to maintain its daily operation. These permissions must be granted to the Azure subscription that is associated with the identity.
 
-If your organization's security policies require a more restrictive set of permissions, you can create a link:https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles[custom role] with the necessary permissions. The following permissions are required for creating an {product-title} cluster on Microsoft Azure.
+The following options are available to you:
+
+* You can assign the identity the `Contributor` and `User Access Administrator` roles. Assigning these roles is the quickest way to grant all of the required permissions.
++
+For more information about assigning roles, see the Azure documentation for link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[managing access to Azure resources using the Azure portal].
+* If your organization's security policies require a more restrictive set of permissions, you can create a link:https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles[custom role] with the necessary permissions.
+
+The following permissions are required for creating an {product-title} cluster on Microsoft Azure.
 
 .Required permissions for creating authorization resources
 [%collapsible]
@@ -138,6 +146,17 @@ The following permissions are not required to create the private {product-title}
 * `Microsoft.Storage/storageAccounts/write`
 ====
 
+.Optional permissions for creating a private storage endpoint for the image registry
+[%collapsible]
+====
+* `Microsoft.Network/privateEndpoints/write`
+* `Microsoft.Network/privateEndpoints/read`
+* `Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write`
+* `Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read`
+* `Microsoft.Network/privateDnsZones/join/action`
+* `Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action`
+====
+
 .Optional permissions for creating marketplace virtual machine resources
 [%collapsible]
 ====
@@ -168,6 +187,13 @@ The following permissions are not required to create the private {product-title}
 * `Microsoft.Features/providers/features/register/action`
 ====
 
+.Optional permissions for installing a cluster using the `NatGateway` outbound type
+[%collapsible]
+====
+* `Microsoft.Network/natGateways/read`
+* `Microsoft.Network/natGateways/write`
+====
+
 .Optional permissions for installing a private cluster with Azure Network Address Translation (NAT)
 [%collapsible]
 ====
@@ -277,4 +303,4 @@ The following permissions are not required to delete a private {product-title} c
 To install {product-title} on Azure, you must scope the permissions to your subscription. Later, you can re-scope these permissions to the installer created resource group. If the public DNS zone is present in a different resource group, then the network DNS zone related permissions must always be applied to your subscription. By default, the {product-title} installation program assigns the Azure identity the `Contributor` role.
 
 You can scope all the permissions to your subscription when deleting an {product-title} cluster.
-====
\ No newline at end of file
+====
diff --git a/modules/minimum-required-permissions-ipi-gcp.adoc b/modules/minimum-required-permissions-ipi-gcp.adoc
index 95b55c8ecdc1..949e513126b1 100644
--- a/modules/minimum-required-permissions-ipi-gcp.adoc
+++ b/modules/minimum-required-permissions-ipi-gcp.adoc
@@ -95,6 +95,7 @@ If your organization’s security policies require a more restrictive set of per
 * `compute.disks.create`
 * `compute.disks.get`
 * `compute.disks.list`
+* `compute.disks.setLabels`
 * `compute.instanceGroups.create`
 * `compute.instanceGroups.delete`
 * `compute.instanceGroups.get`
diff --git a/modules/minimum-required-permissions-upi-azure.adoc b/modules/minimum-required-permissions-upi-azure.adoc
index cf53674d87de..110c1cbf814a 100644
--- a/modules/minimum-required-permissions-upi-azure.adoc
+++ b/modules/minimum-required-permissions-upi-azure.adoc
@@ -1,13 +1,21 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 [id="minimum-required-permissions-upi-azure_{context}"]
 = Required Azure permissions for user-provisioned infrastructure
 
-When you assign `Contributor` and `User Access Administrator` roles to the service principal, you automatically grant all the required permissions.
+The installation program requires access to an Azure service principal or managed identity with the necessary permissions to deploy the cluster and to maintain its daily operation. These permissions must be granted to the Azure subscription that is associated with the identity.
 
-If your organization's security policies require a more restrictive set of permissions, you can create a link:https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles[custom role] with the necessary permissions. The following permissions are required for creating an {product-title} cluster on Microsoft Azure.
+The following options are available to you:
+
+* You can assign the identity the `Contributor` and `User Access Administrator` roles. Assigning these roles is the quickest way to grant all of the required permissions.
++
+For more information about assigning roles, see the Azure documentation for link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[managing access to Azure resources using the Azure portal].
+* If your organization's security policies require a more restrictive set of permissions, you can create a link:https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles[custom role] with the necessary permissions.
+
+The following permissions are required for creating an {product-title} cluster on Microsoft Azure.
 
 .Required permissions for creating authorization resources
 [%collapsible]
@@ -239,4 +247,4 @@ The following permissions are required for deleting an {product-title} cluster o
 To install {product-title} on Azure, you must scope the permissions related to resource group creation to your subscription. After the resource group is created, you can scope the rest of the permissions to the created resource group. If the public DNS zone is present in a different resource group, then the network DNS zone related permissions must always be applied to your subscription.
 
 You can scope all the permissions to your subscription when deleting an {product-title} cluster.
-====
\ No newline at end of file
+====
diff --git a/modules/mirror-registry-flags.adoc b/modules/mirror-registry-flags.adoc
index 21550b310bfc..cb8b0d2709e4 100644
--- a/modules/mirror-registry-flags.adoc
+++ b/modules/mirror-registry-flags.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * installing/disconnected_install/installing-mirroring-installation-images.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
 [id="mirror-registry-flags_{context}"]
 = Mirror registry for Red Hat OpenShift flags
diff --git a/modules/mirror-registry-introduction.adoc b/modules/mirror-registry-introduction.adoc
index fadcda05ea4d..f22df2d3cf9b 100644
--- a/modules/mirror-registry-introduction.adoc
+++ b/modules/mirror-registry-introduction.adoc
@@ -7,12 +7,28 @@
 
 For disconnected deployments of {product-title}, a container registry is required to carry out the installation of the clusters. To run a production-grade registry service on such a cluster, you must create a separate registry deployment to install the first cluster. The _mirror registry for Red Hat OpenShift_ addresses this need and is included in every OpenShift subscription. It is available for download on the link:https://console.redhat.com/openshift/downloads#tool-mirror-registry[OpenShift console *Downloads*] page.
 
-The _mirror registry for Red Hat OpenShift_ allows users to install a small-scale version of Red Hat Quay and its required components using the `mirror-registry` command line interface (CLI) tool. The _mirror registry for Red Hat OpenShift_ is deployed automatically with pre-configured local storage and a local database. It also includes auto-generated user credentials and access permissions with a single set of inputs and no additional configuration choices to get started.
+The _mirror registry for Red Hat OpenShift_ allows users to install a small-scale version of Red Hat Quay and its required components using the `mirror-registry` command line interface (CLI) tool. The _mirror registry for Red Hat OpenShift_ is deployed automatically with preconfigured local storage and a local database. It also includes auto-generated user credentials and access permissions with a single set of inputs and no additional configuration choices to get started.
 
 The _mirror registry for Red Hat OpenShift_ provides a pre-determined network configuration and reports deployed component credentials and access URLs upon success. A limited set of optional configuration inputs like fully qualified domain name (FQDN) services, superuser name and password, and custom TLS certificates are also provided. This provides users with a container registry so that they can easily create an offline mirror of all {product-title} release content when running {product-title} in restricted network environments.
 
-The _mirror registry for Red Hat OpenShift_ is limited to hosting images that are required to install a disconnected {product-title} cluster, such as Release images or Red Hat Operator images. It uses local storage on your {op-system-base-full} machine, and storage supported by {op-system-base} is supported by the _mirror registry for Red Hat OpenShift_. Content built by customers should not be hosted by the _mirror registry for Red Hat OpenShift_.
+Use of the _mirror registry for Red Hat OpenShift_ is optional if another container registry is already available in the install environment.
 
-Unlike Red Hat Quay, the _mirror registry for Red Hat OpenShift_ is not a highly-available registry and only local file system storage is supported. Using the _mirror registry for Red Hat OpenShift_ with more than one cluster is discouraged, because multiple clusters can create a single point of failure when updating your cluster fleet. It is advised to leverage the _mirror registry for Red Hat OpenShift_ to install a cluster that can host a production-grade, highly-available registry such as Red Hat Quay, which can serve {product-title} content to other clusters.
+[id="mirror-registry-limitations_{context}"]
+== Mirror registry for Red Hat OpenShift limitations
 
-Use of the _mirror registry for Red Hat OpenShift_ is optional if another container registry is already available in the install environment.
+The following limitations apply to the _mirror registry for Red Hat OpenShift_:
+
+* The _mirror registry for Red Hat OpenShift_ is not a highly-available registry and only local file system storage is supported. It is not intended to replace {quay} or the internal image registry for {product-title}.
+
+* The _mirror registry for Red Hat OpenShift_ is only supported for hosting images that are required to install a disconnected {product-title} cluster, such as Release images or Red Hat Operator images. It uses local storage on your {op-system-base-full} machine, and storage supported by {op-system-base} is supported by the _mirror registry for Red Hat OpenShift_.
++
+[NOTE]
+====
+Because the _mirror registry for Red Hat OpenShift_ uses local storage, you should remain aware of the storage usage consumed when mirroring images and use {quay}'s garbage collection feature to mitigate potential issues. For more information about this feature, see "{quay} garbage collection".
+====
+
+* Support for Red Hat product images that are pushed to the _mirror registry for Red Hat OpenShift_ for bootstrapping purposes are covered by valid subscriptions for each respective product. A list of exceptions to further enable the bootstrap experience can be found on the link:https://www.redhat.com/en/resources/self-managed-openshift-sizing-subscription-guide[Self-managed Red Hat OpenShift sizing and subscription guide].
+
+* Content built by customers should not be hosted by the _mirror registry for Red Hat OpenShift_.
+
+* Using the _mirror registry for Red Hat OpenShift_ with more than one cluster is discouraged because multiple clusters can create a single point of failure when updating your cluster fleet. It is advised to leverage the _mirror registry for Red Hat OpenShift_ to install a cluster that can host a production-grade, highly-available registry such as {quay}, which can serve {product-title} content to other clusters.
diff --git a/modules/mirror-registry-localhost-update.adoc b/modules/mirror-registry-localhost-update.adoc
index 4bac23925806..cd5d758c585c 100644
--- a/modules/mirror-registry-localhost-update.adoc
+++ b/modules/mirror-registry-localhost-update.adoc
@@ -1,8 +1,8 @@
 // module included in the following assembly:
 //
-// * installing-mirroring-creating-registry.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mirror-registry-localhost-update_{context}"]
 = Updating mirror registry for Red Hat OpenShift from a local host
 
@@ -33,7 +33,7 @@ $ sudo ./mirror-registry upgrade -v
 * Users who upgrade _mirror registry for Red Hat OpenShift_ with the `./mirror-registry upgrade -v` flag must include the same credentials used when creating their mirror registry. For example, if you installed the _mirror registry for Red Hat OpenShift_ with `--quayHostname <host_example_com>` and `--quayRoot <example_directory_name>`, you must include that string to properly upgrade the mirror registry.
 ====
 
-* If you are upgrading the _mirror registry for Red Hat OpenShift_ from 1.2.z -> 1.3.0 and you used a specified directory in your 1.2.z deployment, you must pass in the new `--pgStorage`and `--quayStorage` flags. For example:
+* If you are upgrading the _mirror registry for Red Hat OpenShift_ from 1.2.z -> 1.3.0 and you used a specified directory in your 1.2.z deployment, you must pass in the new `--pgStorage` and `--quayStorage` flags. For example:
 +
 [source,terminal]
 ----
diff --git a/modules/mirror-registry-localhost.adoc b/modules/mirror-registry-localhost.adoc
index abce498ce3a2..8f2406b76fee 100644
--- a/modules/mirror-registry-localhost.adoc
+++ b/modules/mirror-registry-localhost.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/disconnected_install/installing-mirroring-installation-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mirror-registry-localhost_{context}"]
 = Mirroring on a local host with mirror registry for Red Hat OpenShift
 
diff --git a/modules/mirror-registry-release-notes.adoc b/modules/mirror-registry-release-notes.adoc
index c92934a4d27f..9ec6c34f0624 100644
--- a/modules/mirror-registry-release-notes.adoc
+++ b/modules/mirror-registry-release-notes.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * installing/disconnected_install/installing-mirroring-installation-images.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
 [id="mirror-registry-release-notes_{context}"]
 = Mirror registry for Red Hat OpenShift release notes
@@ -9,7 +9,51 @@ The _mirror registry for Red Hat OpenShift_ is a small and streamlined container
 
 These release notes track the development of the _mirror registry for Red Hat OpenShift_ in {product-title}.
 
-For an overview of the _mirror registry for Red Hat OpenShift_, see xref:../../installing/disconnected_install/installing-mirroring-creating-registry.html#mirror-registry-flags_installing-mirroring-creating-registry[Creating a mirror registry with mirror registry for Red Hat OpenShift].
+For an overview of the _mirror registry for Red Hat OpenShift_, see xref:../../installing/disconnected_install/installing-mirroring-creating-registry.adoc#mirror-registry-flags_installing-mirroring-creating-registry[Creating a mirror registry with mirror registry for Red Hat OpenShift].
+
+[id="mirror-registry-for-openshift-1-3-10"]
+== Mirror registry for Red Hat OpenShift 1.3.10
+
+Issued: 2023-12-07
+
+_Mirror registry for Red Hat OpenShift_ is now available with Red Hat Quay 3.8.14.
+
+The following advisory is available for the _mirror registry for Red Hat OpenShift_:
+
+* link:https://access.redhat.com/errata/RHBA-2023:7628[RHBA-2023:7628 - mirror registry for Red Hat OpenShift 1.3.10]
+
+[id="mirror-registry-for-openshift-1-3-9"]
+== Mirror registry for Red Hat OpenShift 1.3.9
+
+Issued: 2023-09-19
+
+_Mirror registry for Red Hat OpenShift_ is now available with Red Hat Quay 3.8.12.
+
+The following advisory is available for the _mirror registry for Red Hat OpenShift_:
+
+* link:https://access.redhat.com/errata/RHBA-2023:5241[RHBA-2023:5241 - mirror registry for Red Hat OpenShift 1.3.9]
+
+[id="mirror-registry-for-openshift-1-3-8"]
+== Mirror registry for Red Hat OpenShift 1.3.8
+
+Issued: 2023-08-16
+
+_Mirror registry for Red Hat OpenShift_ is now available with Red Hat Quay 3.8.11.
+
+The following advisory is available for the _mirror registry for Red Hat OpenShift_:
+
+* link:https://access.redhat.com/errata/RHBA-2023:4622[RHBA-2023:4622 - mirror registry for Red Hat OpenShift 1.3.8]
+
+[id="mirror-registry-for-openshift-1-3-7"]
+== Mirror registry for Red Hat OpenShift 1.3.7
+
+Issued: 2023-07-19
+
+_Mirror registry for Red Hat OpenShift_ is now available with Red Hat Quay 3.8.10.
+
+The following advisory is available for the _mirror registry for Red Hat OpenShift_:
+
+* link:https://access.redhat.com/errata/RHBA-2023:4087[RHBA-2023:4087 - mirror registry for Red Hat OpenShift 1.3.7]
 
 [id="mirror-registry-for-openshift-1-3-6"]
 == Mirror registry for Red Hat OpenShift 1.3.6
@@ -96,9 +140,9 @@ The following advisory is available for the _mirror registry for Red Hat OpenShi
 +
 IPv6 is currently unsupported on _mirror registry for Red Hat OpenShift_ remote host installations.
 
-* A new feature flag, `--quayStorage`, has been added. With this flag, users with root privileges can manually set the location of their Quay persistent storage.
+* A new feature flag, `--quayStorage`, has been added. By specifying this flag, you can manually set the location for the Quay persistent storage.
 
-* A new feature flag, `--pgStorage`, has been added. With this flag, users with root privileges can manually set the location of their Postgres persistent storage.
+* A new feature flag, `--pgStorage`, has been added. By specifying this flag, you can manually set the location for the Postgres persistent storage.
 
 * Previously, users were required to have root privileges (`sudo`) to install _mirror registry for Red Hat OpenShift_. With this update, `sudo` is no longer required to install _mirror registry for Red Hat OpenShift_.
 +
diff --git a/modules/mirror-registry-remote-host-update.adoc b/modules/mirror-registry-remote-host-update.adoc
index b2c956df7355..dfae54c7f65c 100644
--- a/modules/mirror-registry-remote-host-update.adoc
+++ b/modules/mirror-registry-remote-host-update.adoc
@@ -1,8 +1,8 @@
 // module included in the following assembly:
 //
-// * installing-mirroring-creating-registry.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mirror-registry-remote-host-update_{context}"]
 = Updating mirror registry for Red Hat OpenShift from a remote host
 
diff --git a/modules/mirror-registry-remote.adoc b/modules/mirror-registry-remote.adoc
index f8f0a157d4fe..50257dc048d1 100644
--- a/modules/mirror-registry-remote.adoc
+++ b/modules/mirror-registry-remote.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * installing/disconnected_install/installing-mirroring-installation-images.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mirror-registry-remote_{context}"]
 = Mirroring on a remote host with mirror registry for Red Hat OpenShift
 
diff --git a/modules/mirror-registry-ssl-cert-replace.adoc b/modules/mirror-registry-ssl-cert-replace.adoc
new file mode 100644
index 000000000000..c9b9be91f1ef
--- /dev/null
+++ b/modules/mirror-registry-ssl-cert-replace.adoc
@@ -0,0 +1,62 @@
+// module included in the following assembly:
+//
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="mirror-registry-ssl-cert-replace_{context}"]
+= Replacing mirror registry for Red Hat OpenShift SSL/TLS certificates
+
+In some cases, you might want to update your SSL/TLS certificates for the _mirror registry for Red Hat OpenShift_. This is useful in the following scenarios:
+
+* If you are replacing the current _mirror registry for Red Hat OpenShift_ certificate.
+* If you are using the same certificate as the previous _mirror registry for Red Hat OpenShift_ installation.
+* If you are periodically updating the _mirror registry for Red Hat OpenShift_ certificate.
+
+Use the following procedure to replace _mirror registry for Red Hat OpenShift_ SSL/TLS certificates.
+
+.Prerequisites
+
+* You have downloaded the `./mirror-registry` binary from the link:https://console.redhat.com/openshift/downloads#tool-mirror-registry[OpenShift console *Downloads*] page.
+
+.Procedure
+
+. Enter the following command to install the _mirror registry for Red Hat OpenShift_:
++
+[source,terminal]
+----
+$ ./mirror-registry install \
+--quayHostname <host_example_com> \
+--quayRoot <example_directory_name>
+----
++
+This installs the _mirror registry for Red Hat OpenShift_ to the `$HOME/quay-install` directory.
+
+. Prepare a new certificate authority (CA) bundle and generate new `ssl.key` and `ssl.crt` key files. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/index#introduction-using-ssl[Using SSL/TLS].
+
+. Assign `/$HOME/quay-install` an environment variable, for example, `QUAY`, by entering the following command:
++
+[source,terminal]
+----
+$ export QUAY=/$HOME/quay-install
+----
+
+. Copy the new `ssl.crt` file to the `/$HOME/quay-install` directory by entering the following command:
++
+[source,terminal]
+----
+$ cp ~/ssl.crt $QUAY/quay-config
+----
+
+. Copy the new `ssl.key` file to the `/$HOME/quay-install` directory by entering the following command:
++
+[source,terminal]
+----
+$ cp ~/ssl.key $QUAY/quay-config
+----
+
+. Restart the `quay-app` application pod by entering the following command:
++
+[source,terminal]
+----
+$ systemctl restart quay-app
+----
diff --git a/modules/mirror-registry-troubleshooting.adoc b/modules/mirror-registry-troubleshooting.adoc
index 2cc9ce2e25de..188955ba077b 100644
--- a/modules/mirror-registry-troubleshooting.adoc
+++ b/modules/mirror-registry-troubleshooting.adoc
@@ -1,8 +1,8 @@
 // module included in the following assembly:
 //
-// * installing-mirroring-creating-registry.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="mirror-registry-troubleshooting_{context}"]
 = Troubleshooting mirror registry for Red Hat OpenShift
 
diff --git a/modules/mirror-registry-uninstall.adoc b/modules/mirror-registry-uninstall.adoc
index 25689cf1a712..8745e4f8eaef 100644
--- a/modules/mirror-registry-uninstall.adoc
+++ b/modules/mirror-registry-uninstall.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * installing/disconnected_install/installing-mirroring-installation-images.adoc
+// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
 
 [id="uninstalling-mirror-registry_{context}"]
 = Uninstalling the mirror registry for Red Hat OpenShift
diff --git a/modules/modify-rhsso-requests-limits.adoc b/modules/modify-rhsso-requests-limits.adoc
index 61f80062d69d..8dd266bd297b 100644
--- a/modules/modify-rhsso-requests-limits.adoc
+++ b/modules/modify-rhsso-requests-limits.adoc
@@ -2,7 +2,7 @@
 //
 // * installing-red-hat-openshift-gitops
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-rhsso-resource-requests-limits_{context}"]
 = Modifying RHSSO resource requests/limits
 
diff --git a/modules/modify-unavailable-workers.adoc b/modules/modify-unavailable-workers.adoc
index 30f58b3e238d..92816d570891 100644
--- a/modules/modify-unavailable-workers.adoc
+++ b/modules/modify-unavailable-workers.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modify-unavailable-workers_{context}"]
 = Modifying the number of unavailable worker nodes
 
diff --git a/modules/modifying-an-existing-ingress-controller.adoc b/modules/modifying-an-existing-ingress-controller.adoc
index b6cfa72989cd..a833f1f981d5 100644
--- a/modules/modifying-an-existing-ingress-controller.adoc
+++ b/modules/modifying-an-existing-ingress-controller.adoc
@@ -2,7 +2,7 @@
 //
 // *ingress-controller-dnsmgt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-an-existing-ingress-controller_{context}"]
 = Modifying an existing Ingress Controller
 
diff --git a/modules/modifying-kubelet-as-one-time-scenario.adoc b/modules/modifying-kubelet-as-one-time-scenario.adoc
index 9850b8922bf5..d700e2450196 100644
--- a/modules/modifying-kubelet-as-one-time-scenario.adoc
+++ b/modules/modifying-kubelet-as-one-time-scenario.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-kubelet-one-time_{context}"]
 = Modifying the kubelet as a one-time scenario
 
@@ -17,7 +17,7 @@ $ oc debug node/<node>
 ----
 $ chroot /host
 ----
-+ 
++
 Alternatively, it is possible to SSH to the node and become root.
 
 . After access is established, check the default log level:
diff --git a/modules/modifying-template-for-new-projects.adoc b/modules/modifying-template-for-new-projects.adoc
index 5526d8bd6db9..6823cb67df3f 100644
--- a/modules/modifying-template-for-new-projects.adoc
+++ b/modules/modifying-template-for-new-projects.adoc
@@ -3,7 +3,7 @@
 // * applications/projects/configuring-project-creation.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-template-for-new-projects_{context}"]
 = Modifying the template for new projects
 
diff --git a/modules/monitoring-about-cluster-monitoring.adoc b/modules/monitoring-about-cluster-monitoring.adoc
index 80596811f776..e33f660f151e 100644
--- a/modules/monitoring-about-cluster-monitoring.adoc
+++ b/modules/monitoring-about-cluster-monitoring.adoc
@@ -6,7 +6,7 @@
 // can be re-used in associated products but the title is not
 // included in the existing OpenShift assembly.
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-openshift-monitoring_{context}"]
 ifeval::["{context}" == "understanding-the-monitoring-stack"]
 :ocp-monitoring:
@@ -17,7 +17,7 @@ ifndef::ocp-monitoring[]
 endif::ocp-monitoring[]
 :ocp-monitoring!:
 
-{product-title} includes a pre-configured, pre-installed, and self-updating monitoring stack that provides *monitoring for core platform components*. {product-title} delivers monitoring best practices out of the box. A set of alerts are included by default that immediately notify cluster administrators about issues with a cluster. Default dashboards in the {product-title} web console include visual representations of cluster metrics to help you to quickly understand the state of your cluster.
+{product-title} includes a preconfigured, preinstalled, and self-updating monitoring stack that provides *monitoring for core platform components*. {product-title} delivers monitoring best practices out of the box. A set of alerts are included by default that immediately notify cluster administrators about issues with a cluster. Default dashboards in the {product-title} web console include visual representations of cluster metrics to help you to quickly understand the state of your cluster.
 
 After installing {product-title} {product-version}, cluster administrators can optionally enable *monitoring for user-defined projects*. By using this feature, cluster administrators, developers, and other users can specify how services and pods are monitored in their own projects. You can then query metrics, review dashboards, and manage alerting rules and silences for your own projects in the {product-title} web console.
 
diff --git a/modules/monitoring-about-creating-alerting-rules-for-user-defined-projects.adoc b/modules/monitoring-about-creating-alerting-rules-for-user-defined-projects.adoc
new file mode 100644
index 000000000000..de1f3c1360dc
--- /dev/null
+++ b/modules/monitoring-about-creating-alerting-rules-for-user-defined-projects.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * monitoring/managing-alerts.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="about-creating-alerting-rules-for-user-defined-projects_{context}"]
+= About creating alerting rules for user-defined projects
+
+If you create alerting rules for a user-defined project, consider the following key behaviors and important limitations when you define the new rules:
+
+* A user-defined alerting rule can include metrics exposed by its own project in addition to the default metrics from core platform monitoring. 
+You cannot include metrics from another user-defined project.
++
+For example, an alerting rule for the `ns1` user-defined project can use metrics exposed by the `ns1` project in addition to core platform metrics, such as CPU and memory metrics.
+However, the rule cannot include metrics from a different `ns2` user-defined project.
+
+* To reduce latency and to minimize the load on core platform monitoring components, you can add the `openshift.io/prometheus-rule-evaluation-scope: leaf-prometheus` label to a rule.
+This label forces only the Prometheus instance deployed in the `openshift-user-workload-monitoring` project to evaluate the alerting rule and prevents the Thanos Ruler instance from doing so.
++
+[IMPORTANT]
+====
+If an alerting rule has this label, your alerting rule can use only those metrics exposed by your user-defined project.
+Alerting rules you create based on default platform metrics might not trigger alerts.
+====
diff --git a/modules/monitoring-about-querying-metrics.adoc b/modules/monitoring-about-querying-metrics.adoc
index 23bfa6832cdc..5528e47a9af2 100644
--- a/modules/monitoring-about-querying-metrics.adoc
+++ b/modules/monitoring-about-querying-metrics.adoc
@@ -1,14 +1,19 @@
 // Module included in the following assemblies:
 //
-// * monitoring/querying-metrics.adoc
+// * monitoring/managing-metrics.adoc
 // * virt/support/virt-prometheus-queries.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-querying-metrics_{context}"]
-= About querying metrics
+= Querying metrics
 
 The {product-title} monitoring dashboard enables you to run Prometheus Query Language (PromQL) queries to examine metrics visualized on a plot. This functionality provides information about the state of a cluster and any user-defined workloads that you are monitoring.
 
-As a *cluster administrator*, you can query metrics for all core {product-title} and user-defined projects.
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator, you can query metrics for all core {product-title} and user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As a `dedicated-admin`, you can query one or more namespaces at a time for metrics about user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
 
-As a *developer*, you must specify a project name when querying metrics. You must have the required privileges to view metrics for the selected project.
+As a developer, you must specify a project name when querying metrics. You must have the required privileges to view metrics for the selected project.
diff --git a/modules/monitoring-about-specifying-limits-and-requests-for-monitoring-components.adoc b/modules/monitoring-about-specifying-limits-and-requests-for-monitoring-components.adoc
new file mode 100644
index 000000000000..145e7d8bfbd9
--- /dev/null
+++ b/modules/monitoring-about-specifying-limits-and-requests-for-monitoring-components.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * monitoring/configuring-the-monitoring-stack.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="about-specifying-limits-and-requests-for-monitoring-components_{context}"]
+= About specifying limits and requests for monitoring components
+
+You can configure resource limits and request settings for core platform monitoring components and for the components that monitor user-defined projects, including the following components:
+
+* Alertmanager (for core platform monitoring and for user-defined projects)
+* kube-state-metrics
+* monitoring-plugin
+* node-exporter
+* openshift-state-metrics
+* Prometheus (for core platform monitoring and for user-defined projects)
+* Prometheus Adapter
+* Prometheus Operator and its admission webhook service
+* Telemeter Client
+* Thanos Querier
+* Thanos Ruler
+
+By defining resource limits, you limit a container's resource usage, which prevents the container from exceeding the specified maximum values for CPU and memory resources.
+
+By defining resource requests, you specify that a container can be scheduled only on a node that has enough CPU and memory resources available to match the requested resources.
+
+
diff --git a/modules/monitoring-accessing-alerting-rules-for-your-project.adoc b/modules/monitoring-accessing-alerting-rules-for-your-project.adoc
index 91d9d5a4b3ba..81dd2f2dde44 100644
--- a/modules/monitoring-accessing-alerting-rules-for-your-project.adoc
+++ b/modules/monitoring-accessing-alerting-rules-for-your-project.adoc
@@ -2,21 +2,21 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-alerting-rules-for-your-project_{context}"]
 = Accessing alerting rules for user-defined projects
 
-To list alerting rules for a user-defined project, you must have been assigned the `monitoring-rules-view` role for the project.
+To list alerting rules for a user-defined project, you must have been assigned the `monitoring-rules-view` cluster role for the project.
 
 .Prerequisites
 
 * You have enabled monitoring for user-defined projects.
-* You are logged in as a user that has the `monitoring-rules-view` role for your project.
+* You are logged in as a user that has the `monitoring-rules-view` cluster role for your project.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
-. You can list alerting rules in `<project>`:
+. To list alerting rules in `<project>`:
 +
 [source,terminal]
 ----
diff --git a/modules/monitoring-accessing-the-alerting-ui.adoc b/modules/monitoring-accessing-the-alerting-ui.adoc
index f76b00f83387..5be04330c0fe 100644
--- a/modules/monitoring-accessing-the-alerting-ui.adoc
+++ b/modules/monitoring-accessing-the-alerting-ui.adoc
@@ -1,9 +1,10 @@
 // Module included in the following assemblies:
 //
 // * monitoring/managing-alerts.adoc
+// * logging/logging_alerts/log-storage-alerts.adoc
 
-:_content-type: PROCEDURE
-[id="accessing_the_alerting_ui_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="monitoring-accessing-the-alerting-ui_{context}"]
 = Accessing the Alerting UI in the Administrator and Developer perspectives
 
 The Alerting UI is accessible through the Administrator perspective and the Developer perspective in the {product-title} web console.
@@ -16,5 +17,5 @@ The Alerting UI is accessible through the Administrator perspective and the Deve
 
 [NOTE]
 ====
-In the Developer perspective, you can select from core {product-title} and user-defined projects that you have access to in the *Project:* list. However, alerts, silences, and alerting rules relating to core {product-title} projects are not displayed if you do not have `cluster-admin` privileges.
+In the *Developer* perspective, you can select from core {product-title} and user-defined projects that you have access to in the *Project:* list. However, alerts, silences, and alerting rules relating to core {product-title} projects are not displayed if you are not logged in as a cluster administrator.
 ====
diff --git a/modules/monitoring-accessing-the-metrics-targets-page.adoc b/modules/monitoring-accessing-the-metrics-targets-page.adoc
deleted file mode 100644
index d9df69a494b8..000000000000
--- a/modules/monitoring-accessing-the-metrics-targets-page.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/managing-metrics-targets.adoc
-
-:_content-type: PROCEDURE
-[id="monitoring-accessing-the-metrics-targets-page_{context}"]
-= Accessing the Metrics Targets page in the Administrator perspective
-
-You can view the *Metrics Targets* page in the *Administrator* perspective in the {product-title} web console.
-
-.Prerequisites
-
-* You have access to the cluster as an administrator for the project for which you want to view metrics targets.
-
-.Procedure
-
-* In the *Administrator* perspective, select *Observe* -> *Targets*. 
-The *Metrics Targets* page opens with a list of all service endpoint targets that are being scraped for metrics.
-
diff --git a/modules/monitoring-accessing-third-party-monitoring-web-service-apis.adoc b/modules/monitoring-accessing-third-party-monitoring-web-service-apis.adoc
index a28c016b9e7b..18c6fc9c337c 100644
--- a/modules/monitoring-accessing-third-party-monitoring-web-service-apis.adoc
+++ b/modules/monitoring-accessing-third-party-monitoring-web-service-apis.adoc
@@ -2,12 +2,12 @@
 //
 // * monitoring/accessing-third-party-monitoring-uis-and-apis.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-third-party-monitoring-web-service-apis_{context}"]
 = Accessing third-party monitoring web service APIs
 
 [role="_abstract"]
-You can directly access third-party web service APIs from the command line for the following monitoring stack components: Prometheus, Alertmanager, Thanos Ruler, and Thanos Querier. 
+You can directly access third-party web service APIs from the command line for the following monitoring stack components: Prometheus, Alertmanager, Thanos Ruler, and Thanos Querier.
 
 The following example commands show how to query the service API receivers for Alertmanager.
 This example requires that the associated user account be bound against the `monitoring-alertmanager-edit` role in the `openshift-monitoring` namespace and that the account has the privilege to view the route.
diff --git a/modules/monitoring-adding-a-secret-to-the-alertmanager-configuration.adoc b/modules/monitoring-adding-a-secret-to-the-alertmanager-configuration.adoc
index 79aecb07de1f..150b4534118d 100644
--- a/modules/monitoring-adding-a-secret-to-the-alertmanager-configuration.adoc
+++ b/modules/monitoring-adding-a-secret-to-the-alertmanager-configuration.adoc
@@ -2,39 +2,51 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="monitoring-adding-a-secret-to-the-alertmanager-configuration_{context}"]
 = Adding a secret to the Alertmanager configuration
 
+ifndef::openshift-dedicated,openshift-rosa[]
 You can add secrets to the Alertmanager configuration for core platform monitoring components by editing the `cluster-monitoring-config` config map in the `openshift-monitoring` project.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
 You can add secrets to the Alertmanager configuration for user-defined projects by editing the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` project.
+endif::openshift-dedicated,openshift-rosa[]
 
 After you add a secret to the config map, the secret is mounted as a volume at `/etc/alertmanager/secrets/<secret_name>` within the `alertmanager` container for the Alertmanager pods.
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components in the `openshift-monitoring` project*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` config map.
 ** You have created the secret to be configured in Alertmanager in the `openshift-monitoring` project.
 * *If you are configuring components that monitor user-defined projects*:
 ** A cluster administrator has enabled monitoring for user-defined projects.
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the secret to be configured in Alertmanager in the `openshift-user-workload-monitoring` project.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+* You have created the secret to be configured in Alertmanager in the `openshift-user-workload-monitoring` project.
+endif::openshift-dedicated,openshift-rosa[]
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
-. To add a secret configuration to Alertmanager for core platform monitoring, edit the `cluster-monitoring-config` config map in the `openshift-monitoring` project:
+. Edit the `ConfigMap` object.
+ifndef::openshift-dedicated,openshift-rosa[]
+** *To add a secret configuration to Alertmanager for core platform monitoring*:
+.. Edit the `cluster-monitoring-config` config map in the `openshift-monitoring` project:
 +
 [source,terminal]
 ----
 $ oc -n openshift-monitoring edit configmap cluster-monitoring-config
 ----
 
-. Add a `secrets:` section under `data/config.yaml/alertmanagerMain`.
-
-. Add the configuration details for the secret in this section:
+.. Add a `secrets:` section under `data/config.yaml/alertmanagerMain` with the following configuration:
 +
 [source,yaml]
 ----
@@ -50,10 +62,8 @@ data:
       - <secret_name_1> <2>
       - <secret_name_2>
 ----
-<1> This section contains the secrets to be mounted into Alertmanager.
-The secrets must be located within the same namespace as the Alertmanager object.
-<2> The name of the `Secret` object that contains authentication credentials for the receiver.
-If you add multiple secrets, place each one on a new line.
+<1> This section contains the secrets to be mounted into Alertmanager. The secrets must be located within the same namespace as the Alertmanager object.
+<2> The name of the `Secret` object that contains authentication credentials for the receiver. If you add multiple secrets, place each one on a new line.
 +
 The following sample config map settings configure Alertmanager to use two `Secret` objects named `test-secret-basic-auth` and `test-secret-api-token`:
 +
@@ -72,7 +82,36 @@ data:
       - test-secret-api-token
 ----
 
-. Optional: To add the secrets for use by Alertmanager in user-defined projects, add the secret names under `data/config.yaml/alertmanager/secrets` in the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` project:
+** *To add a secret configuration to Alertmanager for user-defined project monitoring*:
+endif::openshift-dedicated,openshift-rosa[]
+
+.. Edit the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` project:
++
+[source,terminal]
+----
+$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
+----
+
+.. Add a `secrets:` section under `data/config.yaml/alertmanager/secrets` with the following configuration:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+    alertmanager:
+      secrets: <1>
+      - <secret_name_1> <2>
+      - <secret_name_2>
+----
+<1> This section contains the secrets to be mounted into Alertmanager. The secrets must be located within the same namespace as the Alertmanager object.
+<2> The name of the `Secret` object that contains authentication credentials for the receiver. If you add multiple secrets, place each one on a new line.
++
+The following sample config map settings configure Alertmanager to use two `Secret` objects named `test-secret` and `test-secret-api-token`:
 +
 [source,yaml]
 ----
@@ -89,12 +128,13 @@ data:
       - test-secret
       - test-api-receiver-token
 ----
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
-. Save the file to apply the changes to the `ConfigMap` object. 
-The new configuration is applied automatically.
+. Save the file to apply the changes to the `ConfigMap` object. The new configuration is applied automatically.
 
diff --git a/modules/monitoring-adding-cluster-id-labels-to-metrics.adoc b/modules/monitoring-adding-cluster-id-labels-to-metrics.adoc
index b9886b154b4d..f9c3bce966fd 100644
--- a/modules/monitoring-adding-cluster-id-labels-to-metrics.adoc
+++ b/modules/monitoring-adding-cluster-id-labels-to-metrics.adoc
@@ -2,12 +2,11 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="adding-cluster-id-labels-to-metrics_{context}"]
 = Adding cluster ID labels to metrics
 
-If you manage multiple {product-title} clusters and use the remote write feature to send metrics data from these clusters to an external storage location, you can add cluster ID labels to identify the metrics data coming from different clusters. 
-You can then query these labels to identify the source cluster for a metric and distinguish that data from similar metrics data sent by other clusters.
+If you manage multiple {product-title} clusters and use the remote write feature to send metrics data from these clusters to an external storage location, you can add cluster ID labels to identify the metrics data coming from different clusters. You can then query these labels to identify the source cluster for a metric and distinguish that data from similar metrics data sent by other clusters.
 
 This way, if you manage many clusters for multiple customers and send metrics data to a single centralized storage system, you can use cluster ID labels to query metrics for a particular cluster or customer.
 
diff --git a/modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc b/modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc
index a4c34ba4c924..102342520b5c 100644
--- a/modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc
+++ b/modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc
@@ -2,20 +2,21 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing_{context}"]
-= Applying a custom configuration to Alertmanager for user-defined alert routing 
+= Applying a custom configuration to Alertmanager for user-defined alert routing
 
 If you have enabled a separate instance of Alertmanager dedicated to user-defined alert routing, you can overwrite the configuration for this instance of Alertmanager by editing the `alertmanager-user-workload` secret in the `openshift-user-workload-monitoring` namespace.
 
 .Prerequisites
 
 ifdef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` or `dedicated-admin` role.
+* You have access to the cluster as a user with the `dedicated-admin` role.
 endif::[]
 ifndef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 endif::[]
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
@@ -35,7 +36,7 @@ route:
   group_by:
   - name: Default
   routes:
-  - matchers: 
+  - matchers:
     - "service = prometheus-example-monitor" <1>
     receiver: <receiver> <2>
 receivers:
diff --git a/modules/monitoring-applying-custom-alertmanager-configuration.adoc b/modules/monitoring-applying-custom-alertmanager-configuration.adoc
index ae32b0002a93..80a55976c3fe 100644
--- a/modules/monitoring-applying-custom-alertmanager-configuration.adoc
+++ b/modules/monitoring-applying-custom-alertmanager-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="applying-custom-alertmanager-configuration_{context}"]
 = Applying a custom Alertmanager configuration
 
@@ -10,7 +10,7 @@ You can overwrite the default Alertmanager configuration by editing the `alertma
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 
 .Procedure
 
diff --git a/modules/monitoring-assigning-tolerations-to-monitoring-components.adoc b/modules/monitoring-assigning-tolerations-to-monitoring-components.adoc
index 3adb5c3c8790..d63a6dfe02fa 100644
--- a/modules/monitoring-assigning-tolerations-to-monitoring-components.adoc
+++ b/modules/monitoring-assigning-tolerations-to-monitoring-components.adoc
@@ -2,25 +2,38 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="assigning-tolerations-to-monitoring-components_{context}"]
 = Assigning tolerations to monitoring components
 
+ifndef::openshift-dedicated,openshift-rosa[]
 You can assign tolerations to any of the monitoring stack components to enable moving them to tainted nodes.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+You can assign tolerations to the components that monitor user-defined projects, to enable moving them to tainted worker nodes. Scheduling is not permitted on control plane or infrastructure nodes.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists in the `openshift-user-workload-monitoring` namespace. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
 . Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To assign tolerations to a component that monitors core {product-title} projects*:
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -67,6 +80,7 @@ data:
 ----
 
 ** *To assign tolerations to a component that monitors user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -94,7 +108,7 @@ Substitute `<component>` and `<toleration_specification>` accordingly.
 +
 For example, `oc adm taint nodes node1 key1=value1:NoSchedule` adds a taint to `node1` with the key `key1` and the value `value1`. This prevents monitoring components from deploying pods on `node1` unless a toleration is configured for that taint. The following example configures the `thanosRuler` component to tolerate the example taint:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -112,11 +126,13 @@ data:
 ----
 
 . Save the file to apply the changes. The new component placement configuration is applied automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-attaching-additional-labels-to-your-time-series-and-alerts.adoc b/modules/monitoring-attaching-additional-labels-to-your-time-series-and-alerts.adoc
index 6d8ed830140c..8262f380dc33 100644
--- a/modules/monitoring-attaching-additional-labels-to-your-time-series-and-alerts.adoc
+++ b/modules/monitoring-attaching-additional-labels-to-your-time-series-and-alerts.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="attaching-additional-labels-to-your-time-series-and-alerts_{context}"]
 = Attaching additional labels to your time series and alerts
 
@@ -10,17 +10,24 @@ Using the external labels feature of Prometheus, you can attach custom labels to
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
 . Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To attach custom labels to all time series and alerts leaving the Prometheus instance that monitors core {product-title} projects*:
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -70,6 +77,7 @@ data:
 ----
 
 ** *To attach custom labels to all time series and alerts leaving the Prometheus instance that monitors user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -123,11 +131,13 @@ data:
 ----
 
 . Save the file to apply the changes. The new configuration is applied automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-choosing-a-metrics-collection-profile.adoc b/modules/monitoring-choosing-a-metrics-collection-profile.adoc
index 7ba65b9c70e6..16a710b50532 100644
--- a/modules/monitoring-choosing-a-metrics-collection-profile.adoc
+++ b/modules/monitoring-choosing-a-metrics-collection-profile.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="choosing-a-metrics-collection-profile_{context}"]
 = Choosing a metrics collection profile
 
@@ -13,7 +13,7 @@ To choose a metrics collection profile for core {product-title} monitoring compo
 * You have installed the OpenShift CLI (`oc`).
 * You have enabled Technology Preview features by using the `FeatureGate` custom resource (CR).
 * You have created the `cluster-monitoring-config` `ConfigMap` object.
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 
 [WARNING]
 ====
@@ -46,7 +46,7 @@ data:
 ----
 +
 <1> The name of the metrics collection profile.
-The available values are `full` or `minimal`. 
+The available values are `full` or `minimal`.
 If you do not specify a value or if the `collectionProfile` key name does not exist in the config map, the default setting of `full` is used.
 +
 The following example sets the metrics collection profile to `minimal` for the core platform instance of Prometheus:
diff --git a/modules/monitoring-common-terms.adoc b/modules/monitoring-common-terms.adoc
index 6d2fba5dceb5..ed21ca782de9 100644
--- a/modules/monitoring-common-terms.adoc
+++ b/modules/monitoring-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/monitoring-overview.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-monitoring-common-terms_{context}"]
 = Glossary of common terms for {product-title} monitoring
 
@@ -81,7 +81,16 @@ Silences::
 A silence can be applied to an alert to prevent notifications from being sent when the conditions for an alert are true. You can mute an alert after the initial notification, while you work on resolving the underlying issue.
 
 storage::
-{product-title} supports many types of storage, both for on-premise and cloud providers. You can manage container storage for persistent and non-persistent data in an {product-title} cluster.
+ifndef::openshift-dedicated,openshift-rosa[]
+{product-title} supports many types of storage, both for on-premise and cloud providers.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated[]
+{product-title} supports many types of storage on AWS and GCP.
+endif::openshift-dedicated[]
+ifdef::openshift-rosa[]
+{product-title} supports many types of storage on AWS.
+endif::openshift-rosa[]
+You can manage container storage for persistent and non-persistent data in an {product-title} cluster.
 
 Thanos Ruler::
 The Thanos Ruler is a rule evaluation engine for Prometheus that is deployed as a separate process. In {product-title}, Thanos Ruler provides rule and alerting evaluation for the monitoring of user-defined projects.
diff --git a/modules/monitoring-components-for-monitoring-user-defined-projects.adoc b/modules/monitoring-components-for-monitoring-user-defined-projects.adoc
index 2e4e21174d52..ecae7a7f6b4e 100644
--- a/modules/monitoring-components-for-monitoring-user-defined-projects.adoc
+++ b/modules/monitoring-components-for-monitoring-user-defined-projects.adoc
@@ -2,11 +2,15 @@
 //
 // * monitoring/monitoring-overview.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="components-for-monitoring-user-defined-projects_{context}"]
 = Components for monitoring user-defined projects
 
-{product-title} {product-version} includes an optional enhancement to the monitoring stack that enables you to monitor services and pods in user-defined projects. This feature includes the following components:
+{product-title}
+ifndef::openshift-dedicated,openshift-rosa[]
+{product-version}
+endif::openshift-dedicated,openshift-rosa[]
+includes an optional enhancement to the monitoring stack that enables you to monitor services and pods in user-defined projects. This feature includes the following components:
 
 .Components for monitoring user-defined projects
 [options="header"]
@@ -21,16 +25,22 @@
 |Prometheus is the monitoring system through which monitoring is provided for user-defined projects. Prometheus sends alerts to Alertmanager for processing.
 
 |Thanos Ruler
-|The Thanos Ruler is a rule evaluation engine for Prometheus that is deployed as a separate process. In {product-title} {product-version}, Thanos Ruler provides rule and alerting evaluation for the monitoring of user-defined projects.
+|The Thanos Ruler is a rule evaluation engine for Prometheus that is deployed as a separate process. In {product-title}
+ifndef::openshift-dedicated,openshift-rosa[]
+{product-version}
+endif::openshift-dedicated,openshift-rosa[]
+, Thanos Ruler provides rule and alerting evaluation for the monitoring of user-defined projects.
 
 |Alertmanager
 |The Alertmanager service handles alerts received from Prometheus and Thanos Ruler. Alertmanager is also responsible for sending user-defined alerts to external notification systems. Deploying this service is optional.
 
 |===
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 The components in the preceding table are deployed after monitoring is enabled for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
-All of the components in the monitoring stack are monitored by the stack and are automatically updated when {product-title} is updated.
+All of these components are monitored by the stack and are automatically updated when {product-title} is updated.
diff --git a/modules/monitoring-configurable-monitoring-components.adoc b/modules/monitoring-configurable-monitoring-components.adoc
index 94a44004b692..c4f2245703cc 100644
--- a/modules/monitoring-configurable-monitoring-components.adoc
+++ b/modules/monitoring-configurable-monitoring-components.adoc
@@ -5,8 +5,20 @@
 [id="configurable-monitoring-components_{context}"]
 = Configurable monitoring components
 
-This table shows the monitoring components you can configure and the keys used to specify the components in the `cluster-monitoring-config` and `user-workload-monitoring-config` `ConfigMap` objects:
+This table shows the monitoring components you can configure and the keys used to specify the components in the 
+ifndef::openshift-dedicated,openshift-rosa[]
+`cluster-monitoring-config` and 
+endif::openshift-dedicated,openshift-rosa[]
+`user-workload-monitoring-config` `ConfigMap` objects.
 
+ifdef::openshift-dedicated,openshift-rosa[]
+[WARNING]
+====
+Do not modify the monitoring components in the `cluster-monitoring-config` `ConfigMap` object. Red Hat Site Reliability Engineers (SRE) use these components to monitor the core cluster components and Kubernetes services.
+====
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
 .Configurable monitoring components
 [options="header"]
 |====
@@ -15,6 +27,7 @@ This table shows the monitoring components you can configure and the keys used t
 |Prometheus |`prometheusK8s` |`prometheus`
 |Alertmanager |`alertmanagerMain` | `alertmanager`
 |kube-state-metrics |`kubeStateMetrics` |
+|monitoring-plugin | `monitoringPlugin` |
 |openshift-state-metrics |`openshiftStateMetrics` |
 |Telemeter Client |`telemeterClient` |
 |Prometheus Adapter |`k8sPrometheusAdapter` |
@@ -26,3 +39,16 @@ This table shows the monitoring components you can configure and the keys used t
 ====
 The Prometheus key is called `prometheusK8s` in the `cluster-monitoring-config` `ConfigMap` object and `prometheus` in the `user-workload-monitoring-config` `ConfigMap` object.
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+.Configurable monitoring components
+[options="header"]
+|===
+|Component |user-workload-monitoring-config config map key
+|Alertmanager |`alertmanager`
+|Prometheus Operator |`prometheusOperator`
+|Prometheus |`prometheus`
+|Thanos Ruler |`thanosRuler`
+|===
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-configuring-a-local-persistent-volume-claim.adoc b/modules/monitoring-configuring-a-local-persistent-volume-claim.adoc
index ff10904d8d84..9f8999d8bad4 100644
--- a/modules/monitoring-configuring-a-local-persistent-volume-claim.adoc
+++ b/modules/monitoring-configuring-a-local-persistent-volume-claim.adoc
@@ -2,25 +2,37 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-a-local-persistent-volume-claim_{context}"]
+ifndef::openshift-dedicated,openshift-rosa[]
 = Configuring a local persistent volume claim
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+= Configuring a persistent volume claim
+endif::openshift-dedicated,openshift-rosa[]
 
 For monitoring components to use a persistent volume (PV), you must configure a persistent volume claim (PVC).
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
 . Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To configure a PVC for a component that monitors core {product-title} projects*:
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -53,7 +65,7 @@ See the link:https://kubernetes.io/docs/concepts/storage/persistent-volumes/#per
 +
 The following example configures a PVC that claims local persistent storage for the Prometheus instance that monitors core {product-title} components:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -62,20 +74,20 @@ metadata:
   namespace: openshift-monitoring
 data:
   config.yaml: |
-    *prometheusK8s*:
+    prometheusK8s:
       volumeClaimTemplate:
         spec:
-          storageClassName: *local-storage*
+          storageClassName: local-storage
           resources:
             requests:
-              storage: *40Gi*
+              storage: 40Gi
 ----
 +
 In the above example, the storage class created by the Local Storage Operator is called `local-storage`.
 +
 The following example configures a PVC that claims local persistent storage for Alertmanager:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -84,16 +96,17 @@ metadata:
   namespace: openshift-monitoring
 data:
   config.yaml: |
-    *alertmanagerMain*:
+    alertmanagerMain:
       volumeClaimTemplate:
         spec:
-          storageClassName: *local-storage*
+          storageClassName: local-storage
           resources:
             requests:
-              storage: *10Gi*
+              storage: 10Gi
 ----
 
 ** *To configure a PVC for a component that monitors user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -123,9 +136,13 @@ data:
 +
 See the link:https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims[Kubernetes documentation on PersistentVolumeClaims] for information on how to specify `volumeClaimTemplate`.
 +
-The following example configures a PVC that claims local persistent storage for the Prometheus instance that monitors user-defined projects:
+The following example configures a PVC that claims
+ifndef::openshift-dedicated,openshift-rosa[]
+local
+endif::openshift-dedicated,openshift-rosa[]
+persistent storage for the Prometheus instance that monitors user-defined projects:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -134,20 +151,34 @@ metadata:
   namespace: openshift-user-workload-monitoring
 data:
   config.yaml: |
-    *prometheus*:
+    prometheus:
       volumeClaimTemplate:
         spec:
-          storageClassName: *local-storage*
+ifndef::openshift-dedicated,openshift-rosa[]
+          storageClassName: local-storage
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+          storageClassName: gp3
+endif::openshift-dedicated,openshift-rosa[]
           resources:
             requests:
-              storage: *40Gi*
+              storage: 40Gi
 ----
 +
+ifndef::openshift-dedicated,openshift-rosa[]
 In the above example, the storage class created by the Local Storage Operator is called `local-storage`.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+The above example uses the `gp3` storage class.
+endif::openshift-dedicated,openshift-rosa[]
 +
-The following example configures a PVC that claims local persistent storage for Thanos Ruler:
+The following example configures a PVC that claims
+ifndef::openshift-dedicated,openshift-rosa[]
+local
+endif::openshift-dedicated,openshift-rosa[]
+persistent storage for Thanos Ruler:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -156,13 +187,18 @@ metadata:
   namespace: openshift-user-workload-monitoring
 data:
   config.yaml: |
-    *thanosRuler*:
+    thanosRuler:
       volumeClaimTemplate:
         spec:
-          storageClassName: *local-storage*
+ifndef::openshift-dedicated,openshift-rosa[]
+          storageClassName: local-storage
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+          storageClassName: gp3
+endif::openshift-dedicated,openshift-rosa[]
           resources:
             requests:
-              storage: *10Gi*
+              storage: 10Gi
 ----
 +
 [NOTE]
@@ -171,13 +207,17 @@ Storage requirements for the `thanosRuler` component depend on the number of rul
 ====
 
 . Save the file to apply the changes. The pods affected by the new configuration are restarted automatically and the new storage configuration is applied.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
 When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
 ====
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-configuring-alert-receivers.adoc b/modules/monitoring-configuring-alert-receivers.adoc
index 0fa3e5052af5..03d26dca1a3c 100644
--- a/modules/monitoring-configuring-alert-receivers.adoc
+++ b/modules/monitoring-configuring-alert-receivers.adoc
@@ -3,7 +3,7 @@
 // * monitoring/managing-alerts.adoc
 // * post_installation_configuration/configuring-alert-notifications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-alert-receivers_{context}"]
 = Configuring alert receivers
 
@@ -11,7 +11,7 @@ You can configure alert receivers to ensure that you learn about important issue
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 
 .Procedure
 
diff --git a/modules/monitoring-configuring-cluster-for-application-monitoring.adoc b/modules/monitoring-configuring-cluster-for-application-monitoring.adoc
index 6b349617193c..9ac6604a7a2f 100644
--- a/modules/monitoring-configuring-cluster-for-application-monitoring.adoc
+++ b/modules/monitoring-configuring-cluster-for-application-monitoring.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/application-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-cluster-for-application-monitoring_{context}"]
 = Configuring cluster for application monitoring
 
diff --git a/modules/monitoring-configuring-external-alertmanagers.adoc b/modules/monitoring-configuring-external-alertmanagers.adoc
index 9a2d9e0ebcdc..acccc17d1b26 100644
--- a/modules/monitoring-configuring-external-alertmanagers.adoc
+++ b/modules/monitoring-configuring-external-alertmanagers.adoc
@@ -2,28 +2,40 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="monitoring-configuring-external-alertmanagers_{context}"]
 = Configuring external Alertmanager instances
 
 The {product-title} monitoring stack includes a local Alertmanager instance that routes alerts from Prometheus.
-You can add external Alertmanager instances by configuring the `cluster-monitoring-config` config map in either the `openshift-monitoring` project or the `user-workload-monitoring-config` project.
+ifndef::openshift-dedicated,openshift-rosa[]
+You can add external Alertmanager instances to route alerts for core {product-title} projects or user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+You can add external Alertmanager instances to route alerts for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
 
 If you add the same external Alertmanager configuration for multiple clusters and disable the local instance for each cluster, you can then manage alert routing for multiple clusters by using a single external Alertmanager instance.
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components in the `openshift-monitoring` project*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` config map.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` config map.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
 . Edit the `ConfigMap` object.
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To configure additional Alertmanagers for routing alerts from core {product-title} projects*:
 .. Edit the `cluster-monitoring-config` config map in the `openshift-monitoring` project:
 +
@@ -51,7 +63,7 @@ data:
 ----
 +
 For `<alertmanager_specification>`, substitute authentication and other configuration details for additional Alertmanager instances.
-Currently supported authentication methods are bearer token (`bearerToken`) and client TLS (`tlsConfig`). 
+Currently supported authentication methods are bearer token (`bearerToken`) and client TLS (`tlsConfig`).
 The following sample config map configures an additional Alertmanager using a bearer token with client TLS authentication:
 +
 [source,yaml]
@@ -73,13 +85,13 @@ data:
           name: alertmanager-bearer-token
           key: token
         tlsConfig:
-          key: 
+          key:
             name: alertmanager-tls
             key: tls.key
-          cert: 
+          cert:
             name: alertmanager-tls
             key: tls.crt
-          ca: 
+          ca:
             name: alertmanager-tls
             key: tls.ca
         staticConfigs:
@@ -88,6 +100,7 @@ data:
 ----
 
 ** *To configure additional Alertmanager instances for routing alerts from user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 
 .. Edit the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` project:
 +
@@ -116,9 +129,7 @@ data:
 +
 For `<component>`, substitute one of two supported external Alertmanager components: `prometheus` or `thanosRuler`.
 +
-For `<alertmanager_specification>`, substitute authentication and other configuration details for additional Alertmanager instances.
-Currently supported authentication methods are bearer token (`bearerToken`) and client TLS (`tlsConfig`). 
-The following sample config map configures an additional Alertmanager using Thanos Ruler with a bearer token and client TLS authentication:
+For `<alertmanager_specification>`, substitute authentication and other configuration details for additional Alertmanager instances. Currently supported authentication methods are bearer token (`bearerToken`) and client TLS (`tlsConfig`). The following sample config map configures an additional Alertmanager using Thanos Ruler with a bearer token and client TLS authentication:
 +
 [source,yaml]
 ----
@@ -129,36 +140,39 @@ metadata:
   namespace: openshift-user-workload-monitoring
 data:
   config.yaml: |
-   thanosRuler:
-     additionalAlertmanagerConfigs:
-    - scheme: https
-      pathPrefix: /
-      timeout: "30s"
-      apiVersion: v1
-      bearerToken:
-        name: alertmanager-bearer-token
-        key: token
-      tlsConfig:
-        key: 
-          name: alertmanager-tls
-          key: tls.key
-        cert: 
-          name: alertmanager-tls
-          key: tls.crt
-        ca: 
-          name: alertmanager-tls
-          key: tls.ca
-      staticConfigs:
-      - external-alertmanager1-remote.com
-      - external-alertmanager1-remote2.com
+    thanosRuler:
+      additionalAlertmanagerConfigs:
+      - scheme: https
+        pathPrefix: /
+        timeout: "30s"
+        apiVersion: v1
+        bearerToken:
+          name: alertmanager-bearer-token
+          key: token
+        tlsConfig:
+          key:
+            name: alertmanager-tls
+            key: tls.key
+          cert:
+            name: alertmanager-tls
+            key: tls.crt
+          ca:
+            name: alertmanager-tls
+            key: tls.ca
+        staticConfigs:
+        - external-alertmanager1-remote.com
+        - external-alertmanager1-remote2.com
 ----
+
+. Save the file to apply the changes to the `ConfigMap` object. The new component placement configuration is applied automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
-. Save the file to apply the changes to the `ConfigMap` object. 
-The new component placement configuration is applied automatically.
+. Save the file to apply the changes to the `ConfigMap` object. The new component placement configuration is applied automatically.
 
 
diff --git a/modules/monitoring-configuring-metrics-collection-profiles.adoc b/modules/monitoring-configuring-metrics-collection-profiles.adoc
index 9d3e0597c1c4..a4fb05373702 100644
--- a/modules/monitoring-configuring-metrics-collection-profiles.adoc
+++ b/modules/monitoring-configuring-metrics-collection-profiles.adoc
@@ -2,27 +2,27 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-metrics-collection-profiles_{context}"]
 = Configuring metrics collection profiles
- 
+
 [IMPORTANT]
 ====
 [subs="attributes+"]
 Using a metrics collection profile is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete.
-Red Hat does not recommend using them in production. 
+Red Hat does not recommend using them in production.
 These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
 
 For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview[https://access.redhat.com/support/offerings/techpreview].
 ====
 
-By default, Prometheus collects metrics exposed by all default metrics targets in {product-title} components. 
+By default, Prometheus collects metrics exposed by all default metrics targets in {product-title} components.
 However, you might want Prometheus to collect fewer metrics from a cluster in certain scenarios:
 
 * If cluster administrators require only alert, telemetry, and console metrics and do not require other metrics to be available.
-* If a cluster increases in size, and the increased size of the default metrics data collected now requires a significant increase in CPU and memory resources. 
+* If a cluster increases in size, and the increased size of the default metrics data collected now requires a significant increase in CPU and memory resources.
 
-You can use a metrics collection profile to collect either the default amount of metrics data or a minimal amount of metrics data. 
+You can use a metrics collection profile to collect either the default amount of metrics data or a minimal amount of metrics data.
 When you collect minimal metrics data, basic monitoring features such as alerting continue to work.
 At the same time, the CPU and memory resources required by Prometheus decrease.
 
diff --git a/modules/monitoring-configuring-monitoring-for-an-application.adoc b/modules/monitoring-configuring-monitoring-for-an-application.adoc
index 50bd5bf07256..badf1b7fcb4b 100644
--- a/modules/monitoring-configuring-monitoring-for-an-application.adoc
+++ b/modules/monitoring-configuring-monitoring-for-an-application.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/application-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-monitoring-for-an-application_{context}"]
 = Configuring monitoring for an application
 
diff --git a/modules/monitoring-configuring-persistent-storage.adoc b/modules/monitoring-configuring-persistent-storage.adoc
index 4fbe4e21a0f7..8c9d5e190c86 100644
--- a/modules/monitoring-configuring-persistent-storage.adoc
+++ b/modules/monitoring-configuring-persistent-storage.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring_persistent_storage_{context}"]
 = Configuring persistent storage
 
@@ -11,6 +11,11 @@ Running cluster monitoring with persistent storage means that your metrics are s
 [id="persistent-storage-prerequisites"]
 == Persistent storage prerequisites
 
+ifdef::openshift-dedicated,openshift-rosa[]
+* Use the block type of storage.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
 * Dedicate sufficient local persistent storage to ensure that the disk does not become full. How much storage you need depends on the number of pods.
 
 * Verify that you have a persistent volume (PV) ready to be claimed by the persistent volume claim (PVC), one PV for each replica. Because Prometheus and Alertmanager both have two replicas, you need four PVs to support the entire monitoring stack. The PVs are available from the Local Storage Operator, but not if you have enabled dynamically provisioned storage.
@@ -27,4 +32,5 @@ If you use a local volume for persistent storage, do not use a raw block volume,
 Prometheus does not support file systems that are not POSIX compliant.
 For example, some NFS file system implementations are not POSIX compliant.
 If you want to use an NFS file system for storage, verify with the vendor that their NFS implementation is fully POSIX compliant.
-====
\ No newline at end of file
+====
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-configuring-pod-topology-spread-constraints-for-monitoring.adoc b/modules/monitoring-configuring-pod-topology-spread-constraints-for-monitoring.adoc
index d917cfa5020b..878a657fb83d 100644
--- a/modules/monitoring-configuring-pod-topology-spread-constraints-for-monitoring.adoc
+++ b/modules/monitoring-configuring-pod-topology-spread-constraints-for-monitoring.adoc
@@ -2,11 +2,18 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring_pod_topology_spread_constraintsfor_monitoring_{context}"]
 = Configuring pod topology spread constraints for monitoring
 
-You can use pod topology spread constraints to control how Prometheus, Thanos Ruler, and Alertmanager pods are spread across a network topology when {product-title} pods are deployed in multiple availability zones.
+You can use pod topology spread constraints to control how
+ifndef::openshift-dedicated,openshift-rosa[]
+Prometheus, Thanos Ruler, and Alertmanager
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Thanos Ruler
+endif::openshift-dedicated,openshift-rosa[]
+pods are spread across a network topology when {product-title} pods are deployed in multiple availability zones.
 
 Pod topology spread constraints are suitable for controlling pod scheduling within hierarchical topologies in which nodes are spread across different infrastructure levels, such as regions and zones within those regions.
-Additionally, by being able to schedule pods in different zones, you can improve network latency in certain scenarios. 
\ No newline at end of file
+Additionally, by being able to schedule pods in different zones, you can improve network latency in certain scenarios.
\ No newline at end of file
diff --git a/modules/monitoring-configuring-remote-write-storage.adoc b/modules/monitoring-configuring-remote-write-storage.adoc
index e0960a3843da..09df4fe549d8 100644
--- a/modules/monitoring-configuring-remote-write-storage.adoc
+++ b/modules/monitoring-configuring-remote-write-storage.adoc
@@ -2,27 +2,36 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring_remote_write_storage_{context}"]
 = Configuring remote write storage
 
 [role="_abstract"]
-You can configure remote write storage to enable Prometheus to send ingested metrics to remote systems for long-term storage.
-Doing so has no impact on how or for how long Prometheus stores metrics.
+You can configure remote write storage to enable Prometheus to send ingested metrics to remote systems for long-term storage. Doing so has no impact on how or for how long Prometheus stores metrics.
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components:*
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects:*
-** You have access to the cluster as a user with the `cluster-admin` role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
-* You have set up a remote write compatible endpoint (such as Thanos) and know the endpoint URL.
-See the link:https://prometheus.io/docs/operating/integrations/#remote-endpoints-and-storage[Prometheus remote endpoints and storage documentation] for information about endpoints that are compatible with the remote write feature.
-* You have set up authentication credentials in a `Secret` object for the remote write endpoint.
-You must create the secret in the same namespace as the Prometheus object for which you configure remote write:  the `openshift-monitoring` namespace for default platform monitoring or the `openshift-user-workload-monitoring` namespace for user workload monitoring.
+* You have set up a remote write compatible endpoint (such as Thanos) and know the endpoint URL. See the link:https://prometheus.io/docs/operating/integrations/#remote-endpoints-and-storage[Prometheus remote endpoints and storage documentation] for information about endpoints that are compatible with the remote write feature.
+* You have set up authentication credentials in a `Secret` object for the remote write endpoint. You must create the secret in the
+ifndef::openshift-dedicated,openshift-rosa[]
+same namespace as the Prometheus object for which you configure remote write: the `openshift-monitoring` namespace for default platform monitoring or the `openshift-user-workload-monitoring` namespace for user workload monitoring.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`openshift-user-workload-monitoring` namespace.
+endif::openshift-dedicated,openshift-rosa[]
 
 +
 [CAUTION]
@@ -32,24 +41,19 @@ To reduce security risks, use HTTPS and authentication to send metrics to an end
 
 .Procedure
 
-Follow these steps to configure remote write for default platform monitoring in the `cluster-monitoring-config` config map in the `openshift-monitoring` namespace.
-
-[NOTE]
-====
-If you configure remote write for the Prometheus instance that monitors user-defined projects, make similar edits to the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
-Note that the Prometheus config map component is called `prometheus` in the `user-workload-monitoring-config` `ConfigMap` object and not `prometheusK8s`, as it is in the `cluster-monitoring-config` `ConfigMap` object.
-====
-
-. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
+. Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
+** *To configure remote write for the Prometheus instance that monitors core {product-title} projects*:
+.. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
 [source,terminal]
 ----
 $ oc -n openshift-monitoring edit configmap cluster-monitoring-config
 ----
 
-. Add a `remoteWrite:` section under `data/config.yaml/prometheusK8s`.
+.. Add a `remoteWrite:` section under `data/config.yaml/prometheusK8s`.
 
-. Add an endpoint URL and authentication credentials in this section:
+.. Add an endpoint URL and authentication credentials in this section:
 +
 [source,yaml]
 ----
@@ -71,7 +75,7 @@ data:
 Currently supported authentication methods are AWS Signature Version 4, authentication using HTTP in an `Authorization` request header, Basic authentication, OAuth 2.0, and TLS client.
 See _Supported remote write authentication settings_ for sample configurations of supported authentication methods.
 
-. Add write relabel configuration values after the authentication credentials:
+.. Add write relabel configuration values after the authentication credentials:
 +
 [source,yaml]
 ----
@@ -115,13 +119,91 @@ data:
 +
 See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabel_config documentation] for information about write relabel configuration options.
 
-. Save the file to apply the changes to the `ConfigMap` object.
-The pods affected by the new configuration restart automatically.
+** *To configure remote write for the Prometheus instance that monitors user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
+.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
++
+[source,terminal]
+----
+$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
+----
+
+.. Add a `remoteWrite:` section under `data/config.yaml/prometheus`.
+
+.. Add an endpoint URL and authentication credentials in this section:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+    prometheus:
+      remoteWrite:
+      - url: "https://remote-write-endpoint.example.com" <1>
+        <endpoint_authentication_credentials> <2>
+----
++
+<1> The URL of the remote write endpoint.
+<2> The authentication method and credentials for the endpoint.
+Currently supported authentication methods are AWS Signature Version 4, authentication using HTTP an `Authorization` request header, basic authentication, OAuth 2.0, and TLS client.
+See _Supported remote write authentication settings_ below for sample configurations of supported authentication methods.
+
+.. Add write relabel configuration values after the authentication credentials:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+    prometheus:
+      remoteWrite:
+      - url: "https://remote-write-endpoint.example.com"
+        <endpoint_authentication_credentials>
+        <write_relabel_configs> <1>
+----
+<1> The write relabel configuration settings.
++
+For `<write_relabel_configs>` substitute a list of write relabel configurations for metrics that you want to send to the remote endpoint.
++
+The following sample shows how to forward a single metric called `my_metric`:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+    prometheus:
+      remoteWrite:
+      - url: "https://remote-write-endpoint.example.com"
+        writeRelabelConfigs:
+        - sourceLabels: [__name__]
+          regex: 'my_metric'
+          action: keep
+
+----
++
+See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabel_config documentation] for information about write relabel configuration options.
+
+. Save the file to apply the changes. The pods affected by the new configuration restart automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-configuring-secrets-for-alertmanager.adoc b/modules/monitoring-configuring-secrets-for-alertmanager.adoc
index c0100a3dc852..7438e1e92b51 100644
--- a/modules/monitoring-configuring-secrets-for-alertmanager.adoc
+++ b/modules/monitoring-configuring-secrets-for-alertmanager.adoc
@@ -2,13 +2,13 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="monitoring-configuring-secrets-for-alertmanager_{context}"]
 = Configuring secrets for Alertmanager
 
 The {product-title} monitoring stack includes Alertmanager, which routes alerts from Prometheus to endpoint receivers.
 If you need to authenticate with a receiver so that Alertmanager can send alerts to it, you can configure Alertmanager to use a secret that contains authentication credentials for the receiver.
 
-For example, you can configure Alertmanager to use a secret to authenticate with an endpoint receiver that requires a certificate issued by a private Certificate Authority (CA). 
+For example, you can configure Alertmanager to use a secret to authenticate with an endpoint receiver that requires a certificate issued by a private Certificate Authority (CA).
 You can also configure Alertmanager to use a secret to authenticate with a receiver that requires a password file for Basic HTTP authentication.
 In either case, authentication details are contained in the `Secret` object rather than in the `ConfigMap` object.
diff --git a/modules/monitoring-configuring-the-monitoring-stack.adoc b/modules/monitoring-configuring-the-monitoring-stack.adoc
index 17cd79436b99..c13683c787e8 100644
--- a/modules/monitoring-configuring-the-monitoring-stack.adoc
+++ b/modules/monitoring-configuring-the-monitoring-stack.adoc
@@ -2,25 +2,37 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-the-monitoring-stack_{context}"]
 = Configuring the monitoring stack
 
+ifndef::openshift-dedicated,openshift-rosa[]
 In {product-title} {product-version}, you can configure the monitoring stack using the `cluster-monitoring-config` or `user-workload-monitoring-config` `ConfigMap` objects. Config maps configure the Cluster Monitoring Operator (CMO), which in turn configures the components of the stack.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+In {product-title}, you can configure the stack that monitors workloads for user-defined projects by using the `user-workload-monitoring-config` `ConfigMap` object. Config maps configure the Cluster Monitoring Operator (CMO), which in turn configures the components of the stack.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
 . Edit the `ConfigMap` object.
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To configure core {product-title} monitoring components*:
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -69,6 +81,7 @@ data:
 <1> Defines the Prometheus component and the subsequent lines define its configuration.
 
 ** *To configure components that monitor user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -115,18 +128,22 @@ data:
 <2> Configures a twenty-four hour data retention period for the Prometheus instance that monitors user-defined projects.
 <3> Defines a minimum resource request of 200 millicores for the Prometheus container.
 <4> Defines a minimum pod resource request of 2 GiB of memory for the Prometheus container.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 The Prometheus config map component is called `prometheusK8s` in the `cluster-monitoring-config` `ConfigMap` object and `prometheus` in the `user-workload-monitoring-config` `ConfigMap` object.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
 . Save the file to apply the changes to the `ConfigMap` object. The pods affected by the new configuration are restarted automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-creating-a-monitoringstack-object-for-cluster-observability-operator.adoc b/modules/monitoring-creating-a-monitoringstack-object-for-cluster-observability-operator.adoc
new file mode 100644
index 000000000000..2f5aa2263117
--- /dev/null
+++ b/modules/monitoring-creating-a-monitoringstack-object-for-cluster-observability-operator.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// monitoring/cluster-observability-operator/configuring-the-cluster-observability-operator-to-monitor-a-service.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-a-monitoringstack-object-for-cluster-observability-operator_{context}"]
+= Creating a MonitoringStack object for the {coo-full}
+
+To scrape the metrics data exposed by the target `prometheus-coo-example-app` service, create a `MonitoringStack` object that references the `ServiceMonitor` object you created in the "Specifying how a service is monitored for {coo-full}" section.
+This `MonitoringStack` object can then discover the service and scrape the exposed metrics data from it.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with administrative permissions for the namespace.
+* You have installed the {coo-full}.
+* You have deployed the `prometheus-coo-example-app` sample service in the `ns1-coo` namespace.
+* You have created a `ServiceMonitor` object named `prometheus-coo-example-monitor` in the `ns1-coo` namespace.
+
+.Procedure
+
+. Create a YAML file for the `MonitoringStack` object configuration. For this example, name the file `example-coo-monitoring-stack.yaml`.
+
+. Add the following `MonitoringStack` object configuration details:
++
+.Example `MonitoringStack` object
++
+[source,yaml]
+----
+apiVersion: monitoring.rhobs/v1alpha1
+kind: MonitoringStack
+metadata:
+  name: example-coo-monitoring-stack
+  namespace: ns1-coo
+spec:
+  logLevel: debug
+  retention: 1d
+  resourceSelector:
+    matchLabels:
+      k8s-app: prometheus-coo-example-monitor
+----
+
+. Apply the `MonitoringStack` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f example-coo-monitoring-stack.yaml
+----
+
+. Verify that the `MonitoringStack` object is available by running the following command and inspecting the output:
++
+[source,terminal]
+----
+$ oc -n ns1-coo get monitoringstack
+----
++
+.Example output
+[source,terminal]
+----
+NAME                         AGE
+example-coo-monitoring-stack   81m
+----
diff --git a/modules/monitoring-creating-alert-routing-for-user-defined-projects.adoc b/modules/monitoring-creating-alert-routing-for-user-defined-projects.adoc
index 3c36507169a9..f4002a428689 100644
--- a/modules/monitoring-creating-alert-routing-for-user-defined-projects.adoc
+++ b/modules/monitoring-creating-alert-routing-for-user-defined-projects.adoc
@@ -2,18 +2,23 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-alert-routing-for-user-defined-projects_{context}"]
 = Creating alert routing for user-defined projects
 
 [role="_abstract"]
-If you are a non-administrator user who has been given the `alert-routing-edit` role, you can create or edit alert routing for user-defined projects. 
+If you are a non-administrator user who has been given the `alert-routing-edit` cluster role, you can create or edit alert routing for user-defined projects.
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * A cluster administrator has enabled monitoring for user-defined projects.
 * A cluster administrator has enabled alert routing for user-defined projects.
-* You are logged in as a user that has the `alert-routing-edit` role for the project for which you want to create alert routing.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Alert routing has been enabled for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+* You are logged in as a user that has the `alert-routing-edit` cluster role for the project for which you want to create alert routing.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc b/modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc
index bf7b6517f9b3..8e13e87e2e23 100644
--- a/modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc
+++ b/modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc
@@ -2,16 +2,16 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-alerting-rules-for-user-defined-projects_{context}"]
 = Creating alerting rules for user-defined projects
 
-You can create alerting rules for user-defined projects. Those alerting rules will fire alerts based on the values of chosen metrics.
+You can create alerting rules for user-defined projects. Those alerting rules will trigger alerts based on the values of the chosen metrics.
 
 .Prerequisites
 
 * You have enabled monitoring for user-defined projects.
-* You are logged in as a user that has the `monitoring-rules-edit` role for the project where you want to create an alerting rule.
+* You are logged in as a user that has the `monitoring-rules-edit` cluster role for the project where you want to create an alerting rule.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -41,15 +41,6 @@ spec:
 ----
 +
 This configuration creates an alerting rule named `example-alert`. The alerting rule fires an alert when the `version` metric exposed by the sample service becomes `0`.
-+
-[IMPORTANT]
-====
-A user-defined alerting rule can include metrics for its own project and cluster metrics. You cannot include metrics for another user-defined project.
-
-For example, an alerting rule for the user-defined project `ns1` can have metrics from `ns1` and cluster metrics, such as the CPU and memory metrics. However, the rule cannot include metrics from `ns2`.
-
-Additionally, you cannot create alerting rules for the `openshift-*` core {product-title} projects. {product-title} monitoring by default provides a set of alerting rules for these projects.
-====
 
 . Apply the configuration file to the cluster:
 +
@@ -57,5 +48,3 @@ Additionally, you cannot create alerting rules for the `openshift-*` core {produ
 ----
 $ oc apply -f example-app-alerting-rule.yaml
 ----
-+
-It takes some time to create the alerting rule.
diff --git a/modules/monitoring-creating-alerting-rules.adoc b/modules/monitoring-creating-alerting-rules.adoc
index fa547c42c4d5..6aef5fced3a3 100644
--- a/modules/monitoring-creating-alerting-rules.adoc
+++ b/modules/monitoring-creating-alerting-rules.adoc
@@ -10,7 +10,7 @@ For user-defined projects you can create alerting rules. Those alerting rules wi
 .Prerequisites
 
 * You have enabled monitoring for user-defined projects.
-* You are logged in as a user that has the `monitoring-rules-edit` role for the project where you want to create an alerting rule.
+* You are logged in as a user that has the `monitoring-rules-edit` cluster role for the project where you want to create an alerting rule.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/monitoring-creating-cluster-id-labels-for-metrics.adoc b/modules/monitoring-creating-cluster-id-labels-for-metrics.adoc
index e3daed86803e..424e44043c84 100644
--- a/modules/monitoring-creating-cluster-id-labels-for-metrics.adoc
+++ b/modules/monitoring-creating-cluster-id-labels-for-metrics.adoc
@@ -2,43 +2,60 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-cluster-id-labels-for-metrics_{context}"]
 = Creating cluster ID labels for metrics
 
+ifndef::openshift-dedicated,openshift-rosa[]
 You can create cluster ID labels for metrics for default platform monitoring and for user workload monitoring.
 
-For default platform monitoring, you add cluster ID labels for metrics in the `write_relabel` settings for remote write storage in the `cluster-monitoring-config` config map in the `openshift-monitoring` namespace. 
+For default platform monitoring, you add cluster ID labels for metrics in the `write_relabel` settings for remote write storage in the `cluster-monitoring-config` config map in the `openshift-monitoring` namespace.
 
 For user workload monitoring, you edit the settings in the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
 
-.Prerequsites
+[NOTE]
+====
+When Prometheus scrapes user workload targets that expose a `namespace` label, the system stores this label as `exported_namespace`. 
+This behavior ensures that the final namespace label value is equal to the namespace of the target pod.
+You cannot override this default configuration by setting the value of the `honorLabels` field to `true` for `PodMonitor` or `ServiceMonitor` objects.
+====
 
-* You have installed the OpenShift CLI (`oc`).
-* You have configured remote write storage.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+You can create cluster ID labels for metrics by editing the settings in the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
+endif::openshift-dedicated,openshift-rosa[]
+
+.Prerequisites
+
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring default platform monitoring components:*
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects:*
-** You have access to the cluster as a user with the `cluster-admin` role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` ConfigMap object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
+* You have installed the OpenShift CLI (`oc`).
+* You have configured remote write storage.
 
 .Procedure
 
-. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
+. Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
+** *To create cluster ID labels for core {product-title} metrics:*
+.. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
 [source,terminal]
 ----
 $ oc -n openshift-monitoring edit configmap cluster-monitoring-config
 ----
-+
-[NOTE]
-====
-If you configure cluster ID labels for metrics for the Prometheus instance that monitors user-defined projects, edit the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace. 
-Note that the Prometheus component is called `prometheus` in this config map and not `prometheusK8s`, which is the name used in the `cluster-monitoring-config` config map. 
-====
 
-. In the `writeRelabelConfigs:` section under `data/config.yaml/prometheusK8s/remoteWrite`, add cluster ID relabel configuration values:
+.. In the `writeRelabelConfigs:` section under `data/config.yaml/prometheusK8s/remoteWrite`, add cluster ID relabel configuration values:
 +
 [source,yaml]
 ----
@@ -80,12 +97,66 @@ data:
           action: replace <3>
 ----
 <1> The system initially applies a temporary cluster ID source label named `+++__tmp_openshift_cluster_id__+++`. This temporary label gets replaced by the cluster ID label name that you specify.
-<2> Specify the name of the cluster ID label for metrics sent to remote write storage. 
+<2> Specify the name of the cluster ID label for metrics sent to remote write storage.
 If you use a label name that already exists for a metric, that value is overwritten with the name of this cluster ID label.
 For the label name, do not use `+++__tmp_openshift_cluster_id__+++`. The final relabeling step removes labels that use this name.
-<3> The `replace` write relabel action replaces the temporary label with the target label for outgoing metrics. 
+<3> The `replace` write relabel action replaces the temporary label with the target label for outgoing metrics.
 This action is the default and is applied if no action is specified.
 
+** *To create cluster ID labels for user-defined project metrics:*
+endif::openshift-dedicated,openshift-rosa[]
+.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
++
+[source,terminal]
+----
+$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
+----
+
+.. In the `writeRelabelConfigs:` section under `data/config.yaml/prometheus/remoteWrite`, add cluster ID relabel configuration values:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+    prometheus:
+      remoteWrite:
+      - url: "https://remote-write-endpoint.example.com"
+        <endpoint_authentication_credentials>
+        writeRelabelConfigs: <1>
+          - <relabel_config> <2>
+----
+<1> Add a list of write relabel configurations for metrics that you want to send to the remote endpoint.
+<2> Substitute the label configuration for the metrics sent to the remote write endpoint.
++
+The following sample shows how to forward a metric with the cluster ID label `cluster_id` in user-workload monitoring:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+    prometheus:
+      remoteWrite:
+      - url: "https://remote-write-endpoint.example.com"
+        writeRelabelConfigs:
+        - sourceLabels:
+          - __tmp_openshift_cluster_id__ <1>
+          targetLabel: cluster_id <2>
+          action: replace <3>
+----
+<1> The system initially applies a temporary cluster ID source label named `+++__tmp_openshift_cluster_id__+++`. This temporary label gets replaced by the cluster ID label name that you specify.
+<2> Specify the name of the cluster ID label for metrics sent to remote write storage. If you use a label name that already exists for a metric, that value is overwritten with the name of this cluster ID label. For the label name, do not use `+++__tmp_openshift_cluster_id__+++`. The final relabeling step removes labels that use this name.
+<3> The `replace` write relabel action replaces the temporary label with the target label for outgoing metrics. This action is the default and is applied if no action is specified.
+
 . Save the file to apply the changes to the `ConfigMap` object.
 The pods affected by the updated configuration automatically restart.
 +
diff --git a/modules/monitoring-creating-cluster-monitoring-configmap.adoc b/modules/monitoring-creating-cluster-monitoring-configmap.adoc
index 6f3caa351848..ae62c8e709a5 100644
--- a/modules/monitoring-creating-cluster-monitoring-configmap.adoc
+++ b/modules/monitoring-creating-cluster-monitoring-configmap.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-cluster-monitoring-configmap_{context}"]
 = Creating a cluster monitoring config map
 
@@ -15,7 +15,7 @@ When you save your changes to the `cluster-monitoring-config` `ConfigMap` object
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/monitoring-creating-new-alerting-rules.adoc b/modules/monitoring-creating-new-alerting-rules.adoc
index 7162658479c7..9a848acea269 100644
--- a/modules/monitoring-creating-new-alerting-rules.adoc
+++ b/modules/monitoring-creating-new-alerting-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-new-alerting-rules_{context}"]
 = Creating new alerting rules
 
@@ -16,10 +16,8 @@ If you create a customized `AlertingRule` resource based on an existing platform
 
 .Prerequisites
 
-* You are logged in as a user that has the `cluster-admin` role.
+* You have access to the cluster as a user that has the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
-* You have enabled Technology Preview features, and all nodes in the cluster are ready.
-
 
 .Procedure
 
diff --git a/modules/monitoring-creating-scrape-sample-alerts.adoc b/modules/monitoring-creating-scrape-sample-alerts.adoc
index 9d08dd229135..4e55e7363b45 100644
--- a/modules/monitoring-creating-scrape-sample-alerts.adoc
+++ b/modules/monitoring-creating-scrape-sample-alerts.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-scrape-sample-alerts_{context}"]
 = Creating scrape sample alerts
 
@@ -13,7 +13,7 @@ You can create alerts that notify you when:
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+* You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 * You have enabled monitoring for user-defined projects.
 * You have created the `user-workload-monitoring-config` `ConfigMap` object.
 * You have limited the number of samples that can be accepted per target scrape in user-defined projects, by using `enforcedSampleLimit`.
diff --git a/modules/monitoring-creating-user-defined-workload-monitoring-configmap.adoc b/modules/monitoring-creating-user-defined-workload-monitoring-configmap.adoc
index 3bb6dbf3e524..e5e732b872c2 100644
--- a/modules/monitoring-creating-user-defined-workload-monitoring-configmap.adoc
+++ b/modules/monitoring-creating-user-defined-workload-monitoring-configmap.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-user-defined-workload-monitoring-configmap_{context}"]
 = Creating a user-defined workload monitoring config map
 
@@ -15,7 +15,7 @@ When you save your changes to the `user-workload-monitoring-config` `ConfigMap`
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/monitoring-default-monitoring-components.adoc b/modules/monitoring-default-monitoring-components.adoc
index 7b3337276a5c..8ddd728fa01f 100644
--- a/modules/monitoring-default-monitoring-components.adoc
+++ b/modules/monitoring-default-monitoring-components.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/monitoring-overview.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="default-monitoring-components_{context}"]
 = Default monitoring components
 
@@ -29,14 +29,18 @@ By default, the {product-title} {product-version} monitoring stack includes thes
 |Alertmanager
 |The Alertmanager service handles alerts received from Prometheus. Alertmanager is also responsible for sending the alerts to external notification systems.
 
-|`kube-state-metrics` agent
-|The `kube-state-metrics` exporter agent (KSM in the preceding diagram) converts Kubernetes objects to metrics that Prometheus can use.
+|kube-state-metrics agent
+|The kube-state-metrics exporter agent (KSM in the preceding diagram) converts Kubernetes objects to metrics that Prometheus can use.
 
-|`openshift-state-metrics` agent
-|The `openshift-state-metrics` exporter (OSM in the preceding diagram) expands upon `kube-state-metrics` by adding metrics for {product-title}-specific resources.
+|monitoring-plugin
+|The monitoring-plugin dynamic plugin component deploys the monitoring pages in the *Observe* section of the {product-title} web console. 
+You can use Cluster Monitoring Operator (CMO) config map settings to manage monitoring-plugin resources for the web console pages.
 
-|`node-exporter` agent
-|The `node-exporter` agent (NE in the preceding diagram) collects metrics about every node in a cluster. The `node-exporter` agent is deployed on every node.
+|openshift-state-metrics agent
+|The openshift-state-metrics exporter (OSM in the preceding diagram) expands upon kube-state-metrics by adding metrics for {product-title}-specific resources.
+
+|node-exporter agent
+|The node-exporter agent (NE in the preceding diagram) collects metrics about every node in a cluster. The node-exporter agent is deployed on every node.
 
 |Thanos Querier
 |Thanos Querier aggregates and optionally deduplicates core {product-title} metrics and metrics for user-defined projects under a single, multi-tenant interface.
diff --git a/modules/monitoring-default-monitoring-targets.adoc b/modules/monitoring-default-monitoring-targets.adoc
index 36fd27d30986..f4f319014776 100644
--- a/modules/monitoring-default-monitoring-targets.adoc
+++ b/modules/monitoring-default-monitoring-targets.adoc
@@ -2,11 +2,17 @@
 //
 // * monitoring/monitoring-overview.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="default-monitoring-targets_{context}"]
 = Default monitoring targets
 
+ifndef::openshift-dedicated,openshift-rosa[]
 In addition to the components of the stack itself, the default monitoring stack monitors:
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+Red Hat Site Reliability Engineers (SRE) monitor the following platform targets in your {product-title} cluster:
+endif::openshift-dedicated,openshift-rosa[]
 
 * CoreDNS
 * Elasticsearch (if Logging is installed)
@@ -21,7 +27,9 @@ In addition to the components of the stack itself, the default monitoring stack
 * OpenShift API server
 * OpenShift Controller Manager
 * Operator Lifecycle Manager (OLM)
+* Vector (if Logging is installed)
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 Each {product-title} component is responsible for its monitoring configuration. For problems with the monitoring of an {product-title} component, open a
@@ -29,3 +37,4 @@ link:https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332330&
 ====
 
 Other {product-title} framework components might be exposing metrics as well. For details, see their respective documentation.
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-deploying-a-sample-service-for-cluster-observability-operator.adoc b/modules/monitoring-deploying-a-sample-service-for-cluster-observability-operator.adoc
new file mode 100644
index 000000000000..3bb8417efb97
--- /dev/null
+++ b/modules/monitoring-deploying-a-sample-service-for-cluster-observability-operator.adoc
@@ -0,0 +1,88 @@
+// Module included in the following assemblies:
+//
+// monitoring/cluster-observability-operator/configuring-the-cluster-observability-operator-to-monitor-a-service.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="deploying-a-sample-service-for-cluster-observability-operator_{context}"]
+= Deploying a sample service for {coo-full}
+
+This configuration deploys a sample service named `prometheus-coo-example-app` in the user-defined `ns1-coo` project. 
+The service exposes the custom `version` metric.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with administrative permissions for the namespace.
+
+.Procedure
+
+. Create a YAML file named `prometheus-coo-example-app.yaml` that contains the following configuration details for a namespace, deployment, and service:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ns1-coo
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: prometheus-coo-example-app
+  name: prometheus-coo-example-app
+  namespace: ns1-coo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prometheus-coo-example-app
+  template:
+    metadata:
+      labels:
+        app: prometheus-coo-example-app
+    spec:
+      containers:
+      - image: ghcr.io/rhobs/prometheus-example-app:0.4.1
+        imagePullPolicy: IfNotPresent
+        name: prometheus-coo-example-app
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: prometheus-coo-example-app
+  name: prometheus-coo-example-app
+  namespace: ns1-coo
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+    name: web
+  selector:
+    app: prometheus-coo-example-app
+  type: ClusterIP
+----
+
+. Save the file.
+
+. Apply the configuration to the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f prometheus-coo-example-app.yaml
+----
+
+. Verify that the pod is running by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc -n -ns1-coo get pod
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                      READY     STATUS    RESTARTS   AGE
+prometheus-coo-example-app-0927545cb7-anskj   1/1       Running   0          81m
+----
diff --git a/modules/monitoring-deploying-a-sample-service.adoc b/modules/monitoring-deploying-a-sample-service.adoc
index 70718cf632f7..fbd81a648491 100644
--- a/modules/monitoring-deploying-a-sample-service.adoc
+++ b/modules/monitoring-deploying-a-sample-service.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploying-a-sample-service_{context}"]
 = Deploying a sample service
 
diff --git a/modules/monitoring-determining-why-prometheus-is-consuming-disk-space.adoc b/modules/monitoring-determining-why-prometheus-is-consuming-disk-space.adoc
index 088506f8131a..c70521c2aadf 100644
--- a/modules/monitoring-determining-why-prometheus-is-consuming-disk-space.adoc
+++ b/modules/monitoring-determining-why-prometheus-is-consuming-disk-space.adoc
@@ -3,7 +3,7 @@
 // * monitoring/troubleshooting-monitoring-issues.adoc
 // * support/troubleshooting/investigating-monitoring-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="determining-why-prometheus-is-consuming-disk-space_{context}"]
 = Determining why Prometheus is consuming a lot of disk space
 
@@ -28,7 +28,12 @@ Using attributes that are bound to a limited set of possible values reduces the
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -47,7 +52,13 @@ topk(10,count by (job)({__name__=~".+"}))
 
 ** *If the metrics relate to a core {product-title} project*, create a Red Hat support case on the link:https://access.redhat.com/[Red Hat Customer Portal].
 
-. Review the TSDB status using the Prometheus HTTP API by running the following commands as a cluster administrator:
+. Review the TSDB status using the Prometheus HTTP API by running the following commands as a
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrator:
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin`:
+endif::openshift-dedicated,openshift-rosa[]
 +
 [source,terminal]
 ----
@@ -74,5 +85,3 @@ $ curl -H "Authorization: Bearer $token" -k "https://$host/api/v1/status/tsdb"
 ----
 "status": "success",
 ----
-
-
diff --git a/modules/monitoring-disabling-monitoring-for-user-defined-projects.adoc b/modules/monitoring-disabling-monitoring-for-user-defined-projects.adoc
index 9d173f9baeda..1b1109e6fee5 100644
--- a/modules/monitoring-disabling-monitoring-for-user-defined-projects.adoc
+++ b/modules/monitoring-disabling-monitoring-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-monitoring-for-user-defined-projects_{context}"]
 = Disabling monitoring for user-defined projects
 
diff --git a/modules/monitoring-disabling-the-local-alertmanager.adoc b/modules/monitoring-disabling-the-local-alertmanager.adoc
index 07a0b2967398..f110b124beb0 100644
--- a/modules/monitoring-disabling-the-local-alertmanager.adoc
+++ b/modules/monitoring-disabling-the-local-alertmanager.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="monitoring-disabling-the-local-alertmanager_{context}"]
 = Disabling the local Alertmanager
 
@@ -12,7 +12,7 @@ If you do not need the local Alertmanager, you can disable it by configuring the
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have created the `cluster-monitoring-config` config map.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/monitoring-editing-silences.adoc b/modules/monitoring-editing-silences.adoc
index f4713ffb1b51..0847971d7894 100644
--- a/modules/monitoring-editing-silences.adoc
+++ b/modules/monitoring-editing-silences.adoc
@@ -2,34 +2,44 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="editing-silences_{context}"]
 = Editing silences
 
-You can edit a silence, which will expire the existing silence and create a new one with the changed configuration.
+You can edit a silence, which expires the existing silence and creates a new one with the changed configuration.
+
+.Prerequisites
+
+ifndef::openshift-dedicated,openshift-rosa[]
+* If you are a cluster administrator, you have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* If you are a cluster administrator, you have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* If you are a non-administrator user, you have access to the cluster as a user with the following user roles:
+** The `cluster-monitoring-view` cluster role, which allows you to access Alertmanager.
+** The `monitoring-alertmanager-edit` role, which permits you to create and silence alerts in the *Administrator* perspective in the web console.
+** The `monitoring-rules-edit` cluster role, which permits you to create and silence alerts in the *Developer* perspective in the web console.
 
 .Procedure
 
 To edit a silence in the *Administrator* perspective:
 
-. Navigate to the *Observe* -> *Alerting* -> *Silences* page.
+. Go to *Observe* -> *Alerting* -> *Silences*.
 
-. For the silence you want to modify, select the {kebab} in the last column and choose *Edit silence*.
+. For the silence you want to modify, click {kebab} and select *Edit silence*.
 +
-Alternatively, you can select *Actions* -> *Edit Silence* in the *Silence Details* page for a silence.
+Alternatively, you can click *Actions* and select *Edit silence* on the *Silence details* page for a silence.
 
-. In the *Edit Silence* page, enter your changes and select *Silence*. This will expire the existing silence and create one with the chosen configuration.
+. On the *Edit silence* page, make changes and click *Silence*. Doing so expires the existing silence and creates one with the updated configuration.
 
 To edit a silence in the *Developer* perspective:
 
-. Navigate to the *Observe* -> *<project_name>* -> *Alerts* page.
-
-. Expand the details for an alert by selecting *>* to the left of the alert name. Select the name of the alert in the expanded view to open the *Alert Details* page for the alert.
+. Go to *Observe* -> *<project_name>* -> *Silences*.
 
-. Select the name of a silence in the *Silenced By* section in that page to navigate to the *Silence Details* page for the silence.
-
-. Select the name of a silence to navigate to its *Silence Details* page.
+. For the silence you want to modify, click {kebab} and select *Edit silence*.
++
+Alternatively, you can click *Actions* and select *Edit silence* on the *Silence details* page for a silence.
 
-. Select *Actions* -> *Edit Silence* in the *Silence Details* page for a silence.
+. On the *Edit silence* page, make changes and click *Silence*. Doing so expires the existing silence and creates one with the updated configuration.
 
-. In the *Edit Silence* page, enter your changes and select *Silence*. This will expire the existing silence and create one with the chosen configuration.
diff --git a/modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc b/modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc
index c7acc2363281..88ce3686e0fd 100644
--- a/modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc
+++ b/modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc
@@ -1,11 +1,8 @@
 // Module included in the following assemblies:
 //
 // * monitoring/enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/rosa-enabling-alert-routing-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing_{context}"]
 = Enabling a separate Alertmanager instance for user-defined alert routing
 
@@ -20,12 +17,13 @@ In these cases, you can optionally enable a separate instance of Alertmanager to
 .Prerequisites
 
 ifdef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` or `dedicated-admin` role.
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
 endif::[]
 ifndef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` role.
-endif::[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have enabled monitoring for user-defined projects in the `cluster-monitoring-config` config map for the `openshift-monitoring` namespace.
+endif::[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -48,11 +46,11 @@ metadata:
   namespace: openshift-user-workload-monitoring
 data:
   config.yaml: |
-    alertmanager: 
+    alertmanager:
       enabled: true <1>
       enableAlertmanagerConfig: true <2>
 ----
-<1> Set the `enabled` value to `true` to enable a dedicated instance of the Alertmanager for user-defined projects in a cluster. Set the value to `false` or omit the key entirely to disable the Alertmanager for user-defined projects. 
+<1> Set the `enabled` value to `true` to enable a dedicated instance of the Alertmanager for user-defined projects in a cluster. Set the value to `false` or omit the key entirely to disable the Alertmanager for user-defined projects.
 If you set this value to `false` or if the key is omitted, user-defined alerts are routed to the default platform Alertmanager instance.
 <2> Set the `enableAlertmanagerConfig` value to `true` to enable users to define their own alert routing configurations with `AlertmanagerConfig` objects.
 +
@@ -60,6 +58,7 @@ If you set this value to `false` or if the key is omitted, user-defined alerts a
 
 .Verification
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * Verify that the `user-workload` Alertmanager instance has started:
 +
 [source,terminal]
@@ -74,3 +73,24 @@ If you set this value to `false` or if the key is omitted, user-defined alerts a
 NAME            VERSION   REPLICAS   AGE
 user-workload   0.24.0    2          100s
 ----
+endif::openshift-dedicated,openshift-rosa[]
+
+// In ROSA/OSD, a dedicated-admin doesn't have permission to view the alertmanager resource.
+ifdef::openshift-dedicated,openshift-rosa[]
+* Verify that the `alert-manager-user-workload` pods are running:
++
+[source,terminal]
+----
+# oc -n openshift-user-workload-monitoring get pods
+----
++
+.Example output
++
+[source,terminal]
+----
+NAME                                   READY   STATUS    RESTARTS   AGE
+alertmanager-user-workload-0           6/6     Running   0          38s
+alertmanager-user-workload-1           6/6     Running   0          38s
+...
+----
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-enabling-monitoring-for-user-defined-projects.adoc b/modules/monitoring-enabling-monitoring-for-user-defined-projects.adoc
index 41f9aa4ea3bb..6c448f754823 100644
--- a/modules/monitoring-enabling-monitoring-for-user-defined-projects.adoc
+++ b/modules/monitoring-enabling-monitoring-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-monitoring-for-user-defined-projects_{context}"]
 = Enabling monitoring for user-defined projects
 
@@ -15,12 +15,12 @@ In {product-title} {product-version} you must remove any custom Prometheus insta
 
 [NOTE]
 ====
-You must have access to the cluster as a user with the `cluster-admin` role to enable monitoring for user-defined projects in {product-title}. Cluster administrators can then optionally grant users permission to configure the components that are responsible for monitoring user-defined projects.
+You must have access to the cluster as a user with the `cluster-admin` cluster role to enable monitoring for user-defined projects in {product-title}. Cluster administrators can then optionally grant users permission to configure the components that are responsible for monitoring user-defined projects.
 ====
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
 * You have created the `cluster-monitoring-config` `ConfigMap` object.
 * You have optionally created and configured the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project. You can add configuration options to this `ConfigMap` object for the components that monitor user-defined projects.
diff --git a/modules/monitoring-enabling-query-logging-for-thanos-querier.adoc b/modules/monitoring-enabling-query-logging-for-thanos-querier.adoc
index af0aa654c556..3b40852b6e55 100644
--- a/modules/monitoring-enabling-query-logging-for-thanos-querier.adoc
+++ b/modules/monitoring-enabling-query-logging-for-thanos-querier.adoc
@@ -2,9 +2,9 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-query-logging-for-thanos-querier_{context}"]
-= Enabling query logging for Thanos Querier 
+= Enabling query logging for Thanos Querier
 
 [role="_abstract"]
 For default platform monitoring in the `openshift-monitoring` project, you can enable the Cluster Monitoring Operator to log all queries run by Thanos Querier.
@@ -17,7 +17,7 @@ Because log rotation is not supported, only enable this feature temporarily when
 .Prerequisites
 
 * You have installed the OpenShift CLI (`oc`).
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have created the `cluster-monitoring-config` `ConfigMap` object.
 
 .Procedure
@@ -45,7 +45,7 @@ data:
     thanosQuerier:
       enableRequestLogging: <value> <1>
       logLevel: <value> <2>
-      
+
 
 ----
 <1> Set the value to `true` to enable logging and `false` to disable logging. The default value is `false`.
diff --git a/modules/monitoring-enabling-the-platform-alertmanager-instance-for-user-defined-alert-routing.adoc b/modules/monitoring-enabling-the-platform-alertmanager-instance-for-user-defined-alert-routing.adoc
index 1769eb2fc62a..3403a890cf30 100644
--- a/modules/monitoring-enabling-the-platform-alertmanager-instance-for-user-defined-alert-routing.adoc
+++ b/modules/monitoring-enabling-the-platform-alertmanager-instance-for-user-defined-alert-routing.adoc
@@ -2,15 +2,15 @@
 //
 // * monitoring/enabling-alert-routing-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-the-platform-alertmanager-instance-for-user-defined-alert-routing_{context}"]
 = Enabling the platform Alertmanager instance for user-defined alert routing
 
-You can allow users to create user-defined alert routing configurations that use the main platform instance of Alertmanager. 
+You can allow users to create user-defined alert routing configurations that use the main platform instance of Alertmanager.
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -33,7 +33,7 @@ metadata:
   namespace: openshift-monitoring
 data:
   config.yaml: |
-    alertmanagerMain: 
+    alertmanagerMain:
       enableUserAlertmanagerConfig: true <1>
 ----
 <1> Set the `enableUserAlertmanagerConfig` value to `true` to allow users to create user-defined alert routing configurations that use the main platform instance of Alertmanager.
diff --git a/modules/monitoring-example-remote-write-authentication-settings.adoc b/modules/monitoring-example-remote-write-authentication-settings.adoc
new file mode 100644
index 000000000000..09d1bb584e94
--- /dev/null
+++ b/modules/monitoring-example-remote-write-authentication-settings.adoc
@@ -0,0 +1,286 @@
+// Module included in the following assemblies:
+//
+// * monitoring/configuring-the-monitoring-stack.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="example-remote-write-authentication-settings_{context}"]
+= Example remote write authentication settings
+
+// Set attributes to distinguish between cluster monitoring examples and user workload monitoring examples.
+ifndef::openshift-dedicated,openshift-rosa[]
+:configmap-name: cluster-monitoring-config
+:namespace-name: openshift-monitoring
+:prometheus-instance: prometheusK8s
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+:configmap-name: user-workload-monitoring-config
+:namespace-name: openshift-user-workload-monitoring
+:prometheus-instance: prometheus
+endif::openshift-dedicated,openshift-rosa[]
+
+The following samples show different authentication settings you can use to connect to a remote write endpoint. Each sample also shows how to configure a corresponding `Secret` object that contains authentication credentials and other relevant settings. Each sample configures authentication for use with
+ifndef::openshift-dedicated,openshift-rosa[]
+default platform monitoring
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+monitoring user-defined projects
+endif::openshift-dedicated,openshift-rosa[]
+in the `{namespace-name}` namespace.
+
+.Sample YAML for AWS Signature Version 4 authentication
+====
+The following shows the settings for a `sigv4` secret named `sigv4-credentials` in the `{namespace-name}` namespace.
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sigv4-credentials
+  namespace: {namespace-name}
+stringData:
+  accessKey: <AWS_access_key> <1>
+  secretKey: <AWS_secret_key> <2>
+type: Opaque
+----
+<1> The AWS API access key.
+<2> The AWS API secret key.
+
+The following shows sample AWS Signature Version 4 remote write authentication settings that use a `Secret` object named `sigv4-credentials` in the `{namespace-name}` namespace:
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {configmap-name}
+  namespace: {namespace-name}
+data:
+  config.yaml: |
+    {prometheus-instance}:
+      remoteWrite:
+      - url: "https://authorization.example.com/api/write"
+        sigv4:
+          region: <AWS_region> <1>
+          accessKey:
+            name: sigv4-credentials <2>
+            key: accessKey <3>
+          secretKey:
+            name: sigv4-credentials <2>
+            key: secretKey <4>
+          profile: <AWS_profile_name> <5>
+          roleArn: <AWS_role_arn> <6>
+----
+<1> The AWS region.
+<2> The name of the `Secret` object containing the AWS API access credentials.
+<3> The key that contains the AWS API access key in the specified `Secret` object.
+<4> The key that contains the AWS API secret key in the specified `Secret` object.
+<5> The name of the AWS profile that is being used to authenticate.
+<6> The unique identifier for the Amazon Resource Name (ARN) assigned to your role.
+====
+
+.Sample YAML for basic authentication
+====
+The following shows sample basic authentication settings for a `Secret` object named `rw-basic-auth` in the `{namespace-name}` namespace:
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rw-basic-auth
+  namespace: {namespace-name}
+stringData:
+  user: <basic_username> <1>
+  password: <basic_password> <2>
+type: Opaque
+----
+<1> The username.
+<2> The password.
+
+The following sample shows a `basicAuth` remote write configuration that uses a `Secret` object named `rw-basic-auth` in the `{namespace-name}` namespace.
+It assumes that you have already set up authentication credentials for the endpoint.
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {configmap-name}
+  namespace: {namespace-name}
+data:
+  config.yaml: |
+    {prometheus-instance}:
+      remoteWrite:
+      - url: "https://basicauth.example.com/api/write"
+        basicAuth:
+          username:
+            name: rw-basic-auth <1>
+            key: user <2>
+          password:
+            name: rw-basic-auth <1>
+            key: password <3>
+----
+<1> The name of the `Secret` object that contains the authentication credentials.
+<2> The key that contains the username  in the specified `Secret` object.
+<3> The key that contains the password in the specified `Secret` object.
+====
+
+.Sample YAML for authentication with a bearer token using a `Secret` Object
+====
+The following shows bearer token settings for a `Secret` object named `rw-bearer-auth` in the `{namespace-name}` namespace:
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rw-bearer-auth
+  namespace: {namespace-name}
+stringData:
+  token: <authentication_token> <1>
+type: Opaque
+----
+<1> The authentication token.
+
+The following shows sample bearer token config map settings that use a `Secret` object named `rw-bearer-auth` in the `{namespace-name}` namespace:
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {configmap-name}
+  namespace: {namespace-name}
+data:
+  config.yaml: |
+    enableUserWorkload: true
+    {prometheus-instance}:
+      remoteWrite:
+      - url: "https://authorization.example.com/api/write"
+        authorization:
+          type: Bearer <1>
+          credentials:
+            name: rw-bearer-auth <2>
+            key: token <3>
+----
+<1> The authentication type of the request. The default value is `Bearer`.
+<2> The name of the `Secret` object that contains the authentication credentials.
+<3> The key that contains the authentication token in the specified `Secret` object.
+====
+
+.Sample YAML for OAuth 2.0 authentication
+====
+The following shows sample OAuth 2.0 settings for a `Secret` object named `oauth2-credentials` in the `{namespace-name}` namespace:
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: oauth2-credentials
+  namespace: {namespace-name}
+stringData:
+  id: <oauth2_id> <1>
+  secret: <oauth2_secret> <2>
+  token: <oauth2_authentication_token> <3>
+type: Opaque
+----
+<1> The Oauth 2.0 ID.
+<2> The OAuth 2.0 secret.
+<3> The OAuth 2.0 token.
+
+The following shows an `oauth2` remote write authentication sample configuration that uses a `Secret` object named `oauth2-credentials` in the `{namespace-name}` namespace:
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {configmap-name}
+  namespace: {namespace-name}
+data:
+  config.yaml: |
+    {prometheus-instance}:
+      remoteWrite:
+      - url: "https://test.example.com/api/write"
+        oauth2:
+          clientId:
+            secret:
+              name: oauth2-credentials <1>
+              key: id <2>
+          clientSecret:
+            name: oauth2-credentials <1>
+            key: secret <2>
+          tokenUrl: https://example.com/oauth2/token <3>
+          scopes: <4>
+          - <scope_1>
+          - <scope_2>
+          endpointParams: <5>
+            param1: <parameter_1>
+            param2: <parameter_2>
+----
+<1> The name of the corresponding `Secret` object. Note that `ClientId` can alternatively refer to a `ConfigMap` object, although `clientSecret` must refer to a `Secret` object.
+<2> The key that contains the OAuth 2.0 credentials in the specified `Secret` object.
+<3> The URL used to fetch a token with the specified `clientId` and `clientSecret`.
+<4> The OAuth 2.0 scopes for the authorization request. These scopes limit what data the tokens can access.
+<5> The OAuth 2.0 authorization request parameters required for the authorization server.
+====
+
+.Sample YAML for TLS client authentication
+====
+The following shows sample TLS client settings for a `tls` `Secret` object named `mtls-bundle` in the `{namespace-name}` namespace.
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mtls-bundle
+  namespace: {namespace-name}
+data:
+  ca.crt: <ca_cert> <1>
+  client.crt: <client_cert> <2>
+  client.key: <client_key> <3>
+type: tls
+----
+<1> The CA certificate in the Prometheus container with which to validate the server certificate.
+<2> The client certificate for authentication with the server.
+<3> The client key.
+
+The following sample shows a `tlsConfig` remote write authentication configuration that uses a TLS `Secret` object named `mtls-bundle`.
+
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {configmap-name}
+  namespace: {namespace-name}
+data:
+  config.yaml: |
+    {prometheus-instance}:
+      remoteWrite:
+      - url: "https://remote-write-endpoint.example.com"
+        tlsConfig:
+          ca:
+            secret:
+              name: mtls-bundle <1>
+              key: ca.crt <2>
+          cert:
+            secret:
+              name: mtls-bundle <1>
+              key: client.crt <3>
+          keySecret:
+            name: mtls-bundle <1>
+            key: client.key <4>
+----
+<1> The name of the corresponding `Secret` object that contains the TLS authentication credentials. Note that `ca` and `cert` can alternatively refer to a `ConfigMap` object, though `keySecret` must refer to a `Secret` object.
+<2> The key in the specified `Secret` object that contains the CA certificate for the endpoint.
+<3> The key in the specified `Secret` object that contains the client certificate for the endpoint.
+<4> The key in the specified `Secret` object that contains the client key secret.
+====
+
+// Unset the source code block attributes just to be safe.
+:!namespace-name:
+:!prometheus-instance:
diff --git a/modules/monitoring-excluding-a-user-defined-project-from-monitoring.adoc b/modules/monitoring-excluding-a-user-defined-project-from-monitoring.adoc
index 03cee1925775..f2ee399d14b1 100644
--- a/modules/monitoring-excluding-a-user-defined-project-from-monitoring.adoc
+++ b/modules/monitoring-excluding-a-user-defined-project-from-monitoring.adoc
@@ -1,12 +1,13 @@
 // Module included in the following assemblies:
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
+// * monitoring/sd-disabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="excluding-a-user-defined-project-from-monitoring_{context}"]
 = Excluding a user-defined project from monitoring
 
-Individual user-defined projects can be excluded from user workload monitoring. To do so, simply add the `openshift.io/user-monitoring` label to the project's namespace with a value of `false`.
+Individual user-defined projects can be excluded from user workload monitoring. To do so, add the `openshift.io/user-monitoring` label to the project's namespace with a value of `false`.
 
 .Procedure
 
diff --git a/modules/monitoring-expiring-silences.adoc b/modules/monitoring-expiring-silences.adoc
index 069a41f4a917..516209484f65 100644
--- a/modules/monitoring-expiring-silences.adoc
+++ b/modules/monitoring-expiring-silences.adoc
@@ -2,30 +2,49 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="expiring-silences_{context}"]
 = Expiring silences
 
-You can expire a silence. Expiring a silence deactivates it forever.
+You can expire a single silence or multiple silences. Expiring a silence deactivates it permanently.
+
+[NOTE]
+====
+You cannot delete expired, silenced alerts.
+Expired silences older than 120 hours are garbage collected.
+====
+
+.Prerequisites
+
+ifndef::openshift-dedicated,openshift-rosa[]
+* If you are a cluster administrator, you have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* If you are a cluster administrator, you have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* If you are a non-administrator user, you have access to the cluster as a user with the following user roles:
+** The `cluster-monitoring-view` cluster role, which allows you to access Alertmanager.
+** The `monitoring-alertmanager-edit` role, which permits you to create and silence alerts in the *Administrator* perspective in the web console.
+** The `monitoring-rules-edit` cluster role, which permits you to create and silence alerts in the *Developer* perspective in the web console.
 
 .Procedure
 
-To expire a silence in the *Administrator* perspective:
+To expire a silence or silences in the *Administrator* perspective:
+
+. Go to *Observe* -> *Alerting* -> *Silences*.
 
-. Navigate to the *Observe* -> *Alerting* -> *Silences* page.
+. For the silence or silences you want to expire, select the checkbox in the corresponding row.
 
-. For the silence you want to modify, select the {kebab} in the last column and choose *Expire silence*.
+. Click *Expire 1 silence* to expire a single selected silence or *Expire _<n>_ silences* to expire multiple selected silences, where _<n>_ is the number of silences you selected.
 +
-Alternatively, you can select *Actions* -> *Expire Silence* in the *Silence Details* page for a silence.
+Alternatively, to expire a single silence you can click *Actions* and select *Expire silence* on the *Silence details* page for a silence.
 
 To expire a silence in the *Developer* perspective:
 
-. Navigate to the *Observe* -> *<project_name>* -> *Alerts* page.
+. Go to *Observe* -> *<project_name>* -> *Silences*.
 
-. Expand the details for an alert by selecting *>* to the left of the alert name. Select the name of the alert in the expanded view to open the *Alert Details* page for the alert.
+. For the silence or silences you want to expire, select the checkbox in the corresponding row.
 
-. Select the name of a silence in the *Silenced By* section in that page to navigate to the *Silence Details* page for the silence.
-
-. Select the name of a silence to navigate to its *Silence Details* page.
-
-. Select *Actions* -> *Expire Silence* in the *Silence Details* page for a silence.
+. Click *Expire 1 silence* to expire a single selected silence or *Expire _<n>_ silences* to expire multiple selected silences, where _<n>_ is the number of silences you selected.
++
+Alternatively, to expire a single silence you can click *Actions* and select *Expire silence* on the *Silence details* page for a silence.
diff --git a/modules/monitoring-exploring-the-visualized-metrics.adoc b/modules/monitoring-exploring-the-visualized-metrics.adoc
index dc6be6a615d3..f82961f830cb 100644
--- a/modules/monitoring-exploring-the-visualized-metrics.adoc
+++ b/modules/monitoring-exploring-the-visualized-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="exploring-the-visualized-metrics_{context}"]
 = Exploring the visualized metrics
 
@@ -12,37 +12,37 @@ After running the queries, the metrics are displayed on an interactive plot. The
 
 In the *Administrator* perspective:
 
-. Initially, all metrics from all enabled queries are shown on the plot. You can select which metrics are shown.
+* Initially, all metrics from all enabled queries are shown on the plot. You can select which metrics are shown.
 +
 [NOTE]
 ====
 By default, the query table shows an expanded view that lists every metric and its current value. You can select *˅* to minimize the expanded view for a query.
 ====
 
-* To hide all metrics from a query, click {kebab} for the query and click *Hide all series*.
+** To hide all metrics from a query, click {kebab} for the query and click *Hide all series*.
 
-* To hide a specific metric, go to the query table and click the colored square near the metric name.
+** To hide a specific metric, go to the query table and click the colored square near the metric name.
 
-. To zoom into the plot and change the time range, do one of the following:
+* To zoom into the plot and change the time range, do one of the following:
 
-* Visually select the time range by clicking and dragging on the plot horizontally.
+** Visually select the time range by clicking and dragging on the plot horizontally.
 
-* Use the menu in the left upper corner to select the time range.
+** Use the menu in the left upper corner to select the time range.
 
-. To reset the time range, select *Reset Zoom*.
+* To reset the time range, select *Reset Zoom*.
 
-. To display outputs for all queries at a specific point in time, hold the mouse cursor on the plot at that point. The query outputs will appear in a pop-up box.
+* To display outputs for all queries at a specific point in time, hold the mouse cursor on the plot at that point. The query outputs will appear in a pop-up box.
 
 . To hide the plot, select *Hide Graph*.
 
 In the *Developer* perspective:
 
-. To zoom into the plot and change the time range, do one of the following:
+* To zoom into the plot and change the time range, do one of the following:
 
-* Visually select the time range by clicking and dragging on the plot horizontally.
+** Visually select the time range by clicking and dragging on the plot horizontally.
 
-* Use the menu in the left upper corner to select the time range.
+** Use the menu in the left upper corner to select the time range.
 
-. To reset the time range, select *Reset Zoom*.
+* To reset the time range, select *Reset Zoom*.
 
-. To display outputs for all queries at a specific point in time, hold the mouse cursor on the plot at that point. The query outputs will appear in a pop-up box.
+* To display outputs for all queries at a specific point in time, hold the mouse cursor on the plot at that point. The query outputs will appear in a pop-up box.
diff --git a/modules/monitoring-getting-detailed-information-about-a-target.adoc b/modules/monitoring-getting-detailed-information-about-a-target.adoc
index 15f6b2f71d6f..44b9110c2246 100644
--- a/modules/monitoring-getting-detailed-information-about-a-target.adoc
+++ b/modules/monitoring-getting-detailed-information-about-a-target.adoc
@@ -1,30 +1,68 @@
 // Module included in the following assemblies:
 //
-// * monitoring/managing-metrics-targets.adoc
+// * monitoring/managing-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-detailed-information-about-a-target_{context}"]
-= Getting detailed information about a target
+= Getting detailed information about a metrics target
 
-On the **Target details** page, you can view detailed information about a metric target.
+In the *Administrator* perspective in the {product-title} web console, you can use the *Metrics targets* page to view, search, and filter the endpoints that are currently targeted for scraping, which helps you to identify and troubleshoot problems. For example, you can view the current status of targeted endpoints to see when {product-title} Monitoring is not able to scrape metrics from a targeted component.
+
+ifndef::openshift-dedicated,openshift-rosa[]
+The *Metrics targets* page shows targets for default {product-title} projects and for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+The *Metrics targets* page shows targets for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * You have access to the cluster as an administrator for the project for which you want to view metrics targets.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
-*To view detailed information about a target in the Administrator perspective*:
+. In the *Administrator* perspective, select *Observe* -> *Targets*. The *Metrics targets* page opens with a list of all service endpoint targets that are being scraped for metrics.
++
+--
+This page shows details about targets for default {product-title} and user-defined projects. This page lists the following information for each target:
+
+* Service endpoint URL being scraped
+* ServiceMonitor component being monitored
+* The **up** or **down** status of the target
+* Namespace
+* Last scrape time
+* Duration of the last scrape
+--
+
+. Optional: The list of metrics targets can be long. To find a specific target, do any of the following:
++
+|===
+|Option |Description
+
+|Filter the targets by status and source.
+a|Select filters in the *Filter* list.
 
-. Open the {product-title} web console and navigate to *Observe* -> *Targets*.
+The following filtering options are available:
 
-. Optional: Filter the targets by status and source by selecting filters in the *Filter* list.
+* **Status** filters:
+** **Up**. The target is currently up and being actively scraped for metrics.
+** **Down**. The target is currently down and not being scraped for metrics.
 
-. Optional: Search for a target by name or label by using the *Text* or *Label* field next to the search box.
+* **Source** filters:
+** **Platform**. Platform-level targets relate only to default Red Hat OpenShift Service on AWS projects. These projects provide core Red Hat OpenShift Service on AWS functionality.
+** **User**. User targets relate to user-defined projects. These projects are user-created and can be customized.
 
-. Optional: Sort the targets by clicking one or more of the *Endpoint*, *Status*, *Namespace*, *Last Scrape*, and *Scrape Duration* column headers.
+|Search for a target by name or label. |Enter a search term in the **Text** or **Label** field next to the search box.
 
-. Click the URL in the *Endpoint* column for a target to navigate to its *Target details* page. This page provides information about the target, including:
+|Sort the targets. |Click one or more of the **Endpoint Status**, **Namespace**, **Last Scrape**, and **Scrape Duration** column headers.
+|===
+
+. Click the URL in the **Endpoint** column for a target to navigate to its **Target details** page. This page provides information about the target, including the following:
 +
 --
 ** The endpoint URL being scraped for metrics
@@ -34,4 +72,3 @@ On the **Target details** page, you can view detailed information about a metric
 ** Labels attached to the target
 ** The most recent time that the target was scraped for metrics
 --
-
diff --git a/modules/monitoring-getting-information-about-alerts-silences-and-alerting-rules.adoc b/modules/monitoring-getting-information-about-alerts-silences-and-alerting-rules.adoc
index 7c1d4253cdee..62daf5e05496 100644
--- a/modules/monitoring-getting-information-about-alerts-silences-and-alerting-rules.adoc
+++ b/modules/monitoring-getting-information-about-alerts-silences-and-alerting-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="getting-information-about-alerts-silences-and-alerting-rules_{context}"]
 = Getting information about alerts, silences, and alerting rules
 
diff --git a/modules/monitoring-granting-user-permissions-using-the-cli.adoc b/modules/monitoring-granting-user-permissions-using-the-cli.adoc
index 2612064c6260..56e7e68eea3d 100644
--- a/modules/monitoring-granting-user-permissions-using-the-cli.adoc
+++ b/modules/monitoring-granting-user-permissions-using-the-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="granting-user-permissions-using-the-cli_{context}"]
 = Granting user permissions by using the CLI
 
@@ -10,7 +10,7 @@ You can grant users permissions to monitor their own projects, by using the Open
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * The user account that you are assigning the role to already exists.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/monitoring-granting-user-permissions-using-the-web-console.adoc b/modules/monitoring-granting-user-permissions-using-the-web-console.adoc
index 7a1c51032390..b5384895a417 100644
--- a/modules/monitoring-granting-user-permissions-using-the-web-console.adoc
+++ b/modules/monitoring-granting-user-permissions-using-the-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="granting-user-permissions-using-the-web-console_{context}"]
 = Granting user permissions by using the web console
 
@@ -10,12 +10,12 @@ You can grant users permissions to monitor their own projects, by using the {pro
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * The user account that you are assigning the role to already exists.
 
 .Procedure
 
-. In the *Administrator* perspective within the {product-title} web console, navigate to *User Management* -> *Role Bindings* -> *Create Binding*.
+. In the *Administrator* perspective within the {product-title} web console, navigate to *User Management* -> *RoleBindings* -> *Create binding*.
 
 . In the *Binding Type* section, select the "Namespace Role Binding" type.
 
diff --git a/modules/monitoring-granting-users-permission-to-configure-alert-routing-for-user-defined-projects.adoc b/modules/monitoring-granting-users-permission-to-configure-alert-routing-for-user-defined-projects.adoc
index 0032bd3a2fb8..cd9ab1546eee 100644
--- a/modules/monitoring-granting-users-permission-to-configure-alert-routing-for-user-defined-projects.adoc
+++ b/modules/monitoring-granting-users-permission-to-configure-alert-routing-for-user-defined-projects.adoc
@@ -1,11 +1,8 @@
 // Module included in the following assemblies:
 //
 // * monitoring/enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/rosa-enabling-alert-routing-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="granting-users-permission-to-configure-alert-routing-for-user-defined-projects_{context}"]
 = Granting users permission to configure alert routing for user-defined projects
 
@@ -15,21 +12,22 @@ You can grant users permission to configure alert routing for user-defined proje
 .Prerequisites
 
 ifdef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` or `dedicated-admin` role.
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
 endif::[]
 ifndef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
+* You have enabled monitoring for user-defined projects in the `cluster-monitoring-config` config map for the `openshift-monitoring` namespace.
 endif::[]
 * The user account that you are assigning the role to already exists.
 * You have installed the OpenShift CLI (`oc`).
-* You have enabled monitoring for user-defined projects.
 
 .Procedure
 
-* Assign the `alert-routing-edit` role to a user in the user-defined project:
+* Assign the `alert-routing-edit` cluster role to a user in the user-defined project:
 +
 [source,terminal]
 ----
 $ oc -n <namespace> adm policy add-role-to-user alert-routing-edit <user> <1>
 ----
-<1> For `<namespace>`, substitute the namespace for the user-defined project, such as `ns1`. For `<user>`, substitute the username for the account to which you want to assign the role.
\ No newline at end of file
+<1> For `<namespace>`, substitute the namespace for the user-defined project, such as `ns1`. For `<user>`, substitute the username for the account to which you want to assign the role.
diff --git a/modules/monitoring-granting-users-permission-to-configure-monitoring-for-user-defined-projects.adoc b/modules/monitoring-granting-users-permission-to-configure-monitoring-for-user-defined-projects.adoc
index 3f79d319117c..0cf6b909f986 100644
--- a/modules/monitoring-granting-users-permission-to-configure-monitoring-for-user-defined-projects.adoc
+++ b/modules/monitoring-granting-users-permission-to-configure-monitoring-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="granting-users-permission-to-configure-monitoring-for-user-defined-projects_{context}"]
 = Granting users permission to configure monitoring for user-defined projects
 
@@ -10,7 +10,7 @@ You can grant users permission to configure monitoring for user-defined projects
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * The user account that you are assigning the role to already exists.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/monitoring-granting-users-permission-to-monitor-user-defined-projects.adoc b/modules/monitoring-granting-users-permission-to-monitor-user-defined-projects.adoc
index 2dd0f346d301..eb432b6f7120 100644
--- a/modules/monitoring-granting-users-permission-to-monitor-user-defined-projects.adoc
+++ b/modules/monitoring-granting-users-permission-to-monitor-user-defined-projects.adoc
@@ -9,11 +9,11 @@ Cluster administrators can monitor all core {product-title} and user-defined pro
 
 Cluster administrators can grant developers and other users permission to monitor their own projects. Privileges are granted by assigning one of the following monitoring roles:
 
-* The *monitoring-rules-view* role provides read access to `PrometheusRule` custom resources for a project.
+* The *monitoring-rules-view* cluster role provides read access to `PrometheusRule` custom resources for a project.
 
-* The *monitoring-rules-edit* role grants a user permission to create, modify, and deleting `PrometheusRule` custom resources for a project.
+* The *monitoring-rules-edit* cluster role grants a user permission to create, modify, and deleting `PrometheusRule` custom resources for a project.
 
-* The *monitoring-edit* role grants the same privileges as the `monitoring-rules-edit` role. Additionally, it enables a user to create new scrape targets for services or pods. With this role, you can also create, modify, and delete `ServiceMonitor` and `PodMonitor` resources.
+* The *monitoring-edit* cluster role grants the same privileges as the `monitoring-rules-edit` cluster role. Additionally, it enables a user to create new scrape targets for services or pods. With this role, you can also create, modify, and delete `ServiceMonitor` and `PodMonitor` resources.
 
 You can also grant users permission to configure the components that are responsible for monitoring user-defined projects:
 
@@ -21,6 +21,6 @@ You can also grant users permission to configure the components that are respons
 
 You can also grant users permission to configure alert routing for user-defined projects:
 
-* The **alert-routing-edit** role grants a user permission to create, update, and delete `AlertmanagerConfig` custom resources for a project.
+* The **alert-routing-edit** cluster role grants a user permission to create, update, and delete `AlertmanagerConfig` custom resources for a project.
 
 This section provides details on how to assign these roles by using the {product-title} web console or the CLI.
diff --git a/modules/monitoring-installation-progress.adoc b/modules/monitoring-installation-progress.adoc
index c7ca4ac5fada..d5bcd114b121 100644
--- a/modules/monitoring-installation-progress.adoc
+++ b/modules/monitoring-installation-progress.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="monitoring-installation-progress_{context}"]
 = Monitoring installation progress
 
@@ -10,7 +10,7 @@ You can monitor high-level installation, bootstrap, and control plane logs as an
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
 * You have SSH access to your hosts.
 * You have the fully qualified domain names of the bootstrap and control plane nodes.
diff --git a/modules/monitoring-investigating-why-user-defined-metrics-are-unavailable.adoc b/modules/monitoring-investigating-why-user-defined-metrics-are-unavailable.adoc
index d8272a40cb24..72e02e615b0d 100644
--- a/modules/monitoring-investigating-why-user-defined-metrics-are-unavailable.adoc
+++ b/modules/monitoring-investigating-why-user-defined-metrics-are-unavailable.adoc
@@ -3,15 +3,20 @@
 // * monitoring/troubleshooting-monitoring-issues.adoc
 // * support/troubleshooting/investigating-monitoring-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="investigating-why-user-defined-metrics-are-unavailable_{context}"]
-= Investigating why user-defined metrics are unavailable
+= Investigating why user-defined project metrics are unavailable
 
 `ServiceMonitor` resources enable you to determine how to use the metrics exposed by a service in user-defined projects. Follow the steps outlined in this procedure if you have created a `ServiceMonitor` resource but cannot see any corresponding metrics in the Metrics UI.
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * You have enabled and configured monitoring for user-defined workloads.
 * You have created the `user-workload-monitoring-config` `ConfigMap` object.
@@ -43,6 +48,9 @@ $ oc -n ns1 get servicemonitor prometheus-example-monitor -o yaml
 +
 .Example output
 ----
+apiVersion: v1
+kind: Service
+# ...
 spec:
   endpoints:
   - interval: 30s
@@ -51,6 +59,7 @@ spec:
   selector:
     matchLabels:
       app: prometheus-example-app
+# ...
 ----
 +
 [NOTE]
@@ -119,6 +128,7 @@ data:
   config.yaml: |
     prometheusOperator:
       logLevel: debug
+# ...
 ----
 +
 .. Save the file to apply the changes.
diff --git a/modules/monitoring-limiting-scrape-samples-in-user-defined-projects.adoc b/modules/monitoring-limiting-scrape-samples-in-user-defined-projects.adoc
index e998e3cf762e..c0a8a2a523ee 100644
--- a/modules/monitoring-limiting-scrape-samples-in-user-defined-projects.adoc
+++ b/modules/monitoring-limiting-scrape-samples-in-user-defined-projects.adoc
@@ -2,22 +2,27 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="controlling-the-impact-of-unbound-attributes-in-user-defined-projects_{context}"]
 = Controlling the impact of unbound metrics attributes in user-defined projects
 
 Developers can create labels to define attributes for metrics in the form of key-value pairs. The number of potential key-value pairs corresponds to the number of possible values for an attribute. An attribute that has an unlimited number of potential values is called an unbound attribute. For example, a `customer_id` attribute is unbound because it has an infinite number of possible values.
 
-Every assigned key-value pair has a unique time series. Using many unbound attributes in labels can create exponentially more time series, which can impact Prometheus performance and available disk space.
+Every assigned key-value pair has a unique time series. The use of many unbound attributes in labels can result in an exponential increase in the number of time series created. This can impact Prometheus performance and can consume a lot of disk space.
 
-Cluster administrators can use the following measures to control the impact of unbound metrics attributes in user-defined projects:
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+A `dedicated-admin`
+endif::openshift-dedicated,openshift-rosa[]
+can use the following measures to control the impact of unbound metrics attributes in user-defined projects:
 
 * Limit the number of samples that can be accepted per target scrape in user-defined projects
-* Limit the number of scraped labels, the length of label names, and the length of label values.
+* Limit the number of scraped labels, the length of label names, and the length of label values
 * Create alerts that fire when a scrape sample threshold is reached or when the target cannot be scraped
 
 [NOTE]
 ====
-To prevent issues caused by adding many unbound attributes, limit the number of scrape samples, label names, and unbound attributes you define for metrics. 
-Also reduce the number of potential key-value pair combinations by using attributes that are bound to a limited set of possible values.
+Limiting scrape samples can help prevent the issues caused by adding many unbound attributes to labels. Developers can also prevent the underlying cause by limiting the number of unbound attributes that they define for metrics. Using attributes that are bound to a limited set of possible values reduces the number of potential key-value pair combinations.
 ====
diff --git a/modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc b/modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc
index 72b0a9773f1a..248e5b94b11a 100644
--- a/modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc
+++ b/modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc
@@ -2,16 +2,22 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="listing-alerting-rules-for-all-projects-in-a-single-view_{context}"]
 = Listing alerting rules for all projects in a single view
 
-As a cluster administrator, you can list alerting rules for core {product-title} and user-defined projects together in a single view.
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator,
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As a `dedicated-admin`,
+endif::openshift-dedicated,openshift-rosa[]
+you can list alerting rules for core {product-title} and user-defined projects together in a single view.
 
 .Prerequisites
 
 ifdef::openshift-rosa,openshift-dedicated[]
-* You have access to the cluster as a user with the `cluster-admin` or `dedicated-admin` role.
+* You have access to the cluster as a user with the `dedicated-admin` role.
 endif::[]
 ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
@@ -20,7 +26,7 @@ endif::[]
 
 .Procedure
 
-. In the *Administrator* perspective, navigate to *Observe* -> *Alerting* -> *Alerting Rules*.
+. In the *Administrator* perspective, navigate to *Observe* -> *Alerting* -> *Alerting rules*.
 
 . Select the *Platform* and *User* sources in the *Filter* drop-down menu.
 +
diff --git a/modules/monitoring-maintenance-and-support.adoc b/modules/monitoring-maintenance-and-support.adoc
index 92eeba9c4ca6..76a0e12309fe 100644
--- a/modules/monitoring-maintenance-and-support.adoc
+++ b/modules/monitoring-maintenance-and-support.adoc
@@ -6,3 +6,10 @@
 = Maintenance and support for monitoring
 
 The supported way of configuring {product-title} Monitoring is by configuring it using the options described in this document. *Do not use other configurations, as they are unsupported.* Configuration paradigms might change across Prometheus releases, and such cases can only be handled gracefully if all configuration possibilities are controlled. If you use configurations other than those described in this section, your changes will disappear because the `cluster-monitoring-operator` reconciles any differences. The Operator resets everything to the defined state by default and by design.
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[IMPORTANT]
+====
+Installing another Prometheus instance is not supported by the Red Hat Site Reliability Engineers (SRE).
+====
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc b/modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc
index df6bdca8becf..d5d6b05b6c0a 100644
--- a/modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc
+++ b/modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc
@@ -3,7 +3,7 @@
 // * monitoring/managing-alerts.adoc
 //
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="managing-alerting-rules-for-user-defined-projects_{context}"]
 = Managing alerting rules for user-defined projects
 
@@ -14,7 +14,7 @@ In {product-title} {product-version}, you can create, view, edit, and remove ale
 ifdef::openshift-rosa,openshift-dedicated[]
 [IMPORTANT]
 ====
-Managing alerting rules for user-defined projects is only available in {product-title} version 4.11 and later. 
+Managing alerting rules for user-defined projects is only available in {product-title} version 4.11 and later.
 ====
 endif::[]
 
diff --git a/modules/monitoring-managing-core-platform-alerting-rules.adoc b/modules/monitoring-managing-core-platform-alerting-rules.adoc
index 6e48d29a780f..8af0edfcf4e0 100644
--- a/modules/monitoring-managing-core-platform-alerting-rules.adoc
+++ b/modules/monitoring-managing-core-platform-alerting-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="managing-core-platform-alerting-rules_{context}"]
 = Managing alerting rules for core platform monitoring
 
diff --git a/modules/monitoring-managing-silences.adoc b/modules/monitoring-managing-silences.adoc
index 3105ac00560d..32f285ea3d2f 100644
--- a/modules/monitoring-managing-silences.adoc
+++ b/modules/monitoring-managing-silences.adoc
@@ -2,12 +2,15 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="managing-silences_{context}"]
 = Managing silences
 
-You can create a silence to stop receiving notifications about an alert when it is firing. It might be useful to silence an alert after being first notified, while you resolve the underlying issue.
+You can create a silence for an alert in the {product-title} web console in both the *Administrator* and *Developer* perspectives.
+After you create a silence, you will not receive notifications about an alert when the alert fires.
+
+Creating silences is useful in scenarios where you have received an initial alert notification, and you do not want to receive further notifications during the time in which you resolve the underlying issue causing the alert to fire.
 
 When creating a silence, you must specify whether it becomes active immediately or at a later time. You must also set a duration period after which the silence expires.
 
-You can view, edit, and expire existing silences.
+After you create silences, you can view, edit, and expire them.
diff --git a/modules/monitoring-modifying-core-platform-alerting-rules.adoc b/modules/monitoring-modifying-core-platform-alerting-rules.adoc
index ce36780344ac..26ae2c5e8a48 100644
--- a/modules/monitoring-modifying-core-platform-alerting-rules.adoc
+++ b/modules/monitoring-modifying-core-platform-alerting-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-core-platform-alerting-rules_{context}"]
 = Modifying core platform alerting rules
 
@@ -11,10 +11,8 @@ For example, you can change the severity label of an alert, add a custom label,
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
-* You have enabled Technology Preview features, and all nodes in the cluster are ready.
-
 
 .Procedure
 
diff --git a/modules/monitoring-modifying-retention-time-and-size-for-prometheus-metrics-data.adoc b/modules/monitoring-modifying-retention-time-and-size-for-prometheus-metrics-data.adoc
index ac5564e1e37e..9ce1ab7b1a9e 100644
--- a/modules/monitoring-modifying-retention-time-and-size-for-prometheus-metrics-data.adoc
+++ b/modules/monitoring-modifying-retention-time-and-size-for-prometheus-metrics-data.adoc
@@ -2,22 +2,26 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-retention-time-and-size-for-prometheus-metrics-data_{context}"]
 = Modifying the retention time and size for Prometheus metrics data
 
-By default, Prometheus automatically retains metrics data for 15 days.
-You can modify the retention time to change how soon data is deleted by specifying a time value in the `retention` field.
-You can also configure the maximum amount of disk space the retained metrics data uses by specifying a size value in the `retentionSize` field.
-If the data reaches this size limit, Prometheus deletes the oldest data first until the disk space used is again below the limit.
+By default, Prometheus automatically retains metrics data for 11 days. You can modify the retention time for
+ifndef::openshift-dedicated,openshift-rosa[]
+Prometheus
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+the Prometheus instance that monitors user-defined projects,
+endif::openshift-dedicated,openshift-rosa[]
+to change how soon the data is deleted. You can also set the maximum amount of disk space the retained metrics data uses. If the data reaches this size limit, Prometheus deletes the oldest data first until the disk space used is again below the limit.
 
 Note the following behaviors of these data retention settings:
 
-* The size-based retention policy applies to all data block directories in the `/prometheus` directory, including persistent blocks, write-ahead log (WAL) data, and m-mapped chunks. 
-* Data in the `/wal` and `/head_chunks` directories counts toward the retention size limit, but Prometheus never purges data from these directories based on size- or time-based retention policies. 
+* The size-based retention policy applies to all data block directories in the `/prometheus` directory, including persistent blocks, write-ahead log (WAL) data, and m-mapped chunks.
+* Data in the `/wal` and `/head_chunks` directories counts toward the retention size limit, but Prometheus never purges data from these directories based on size- or time-based retention policies.
 Thus, if you set a retention size limit lower than the maximum size set for the `/wal` and `/head_chunks` directories, you have configured the system not to retain any data blocks in the `/prometheus` data directories.
 * The size-based retention policy is applied only when Prometheus cuts a new data block, which occurs every two hours after the WAL contains at least three hours of data.
-* If you do not explicitly define values for either `retention` or `retentionSize`, retention time defaults to 15 days, and retention size is not set.
+* If you do not explicitly define values for either `retention` or `retentionSize`, retention time defaults to 11 days, and retention size is not set.
 * If you define values for both `retention` and `retentionSize`, both values apply.
 If any data blocks exceed the defined retention time or the defined size limit, Prometheus purges these data blocks.
 * If you define a value for `retentionSize` and do not define `retention`, only the `retentionSize` value applies.
@@ -25,24 +29,25 @@ If any data blocks exceed the defined retention time or the defined size limit,
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects*:
 ** A cluster administrator has enabled monitoring for user-defined projects.
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
-[WARNING]
-====
-Saving changes to a monitoring config map might restart monitoring processes and redeploy the pods and other resources in the related project.
-The running monitoring processes in that project might also restart.
-====
-
 .Procedure
 
 . Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To modify the retention time and size for the Prometheus instance that monitors core {product-title} projects*:
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -72,7 +77,7 @@ data:
 +
 The following example sets the retention time to 24 hours and the retention size to 10 gigabytes for the Prometheus instance that monitors core {product-title} components:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -82,11 +87,12 @@ metadata:
 data:
   config.yaml: |
     prometheusK8s:
-      retention: *24h*
-      retentionSize: *10GB*
+      retention: 24h
+      retentionSize: 10GB
 ----
 
 ** *To modify the retention time and size for the Prometheus instance that monitors user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -116,7 +122,7 @@ You can also combine time values for specific times, such as `1h30m15s`.
 +
 The following example sets the retention time to 24 hours and the retention size to 10 gigabytes for the Prometheus instance that monitors user-defined projects:
 +
-[source,yaml,subs=quotes]
+[source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
@@ -126,8 +132,13 @@ metadata:
 data:
   config.yaml: |
     prometheus:
-      retention: *24h*
-      retentionSize: *10GB*
+      retention: 24h
+      retentionSize: 10GB
 ----
 
 . Save the file to apply the changes. The pods affected by the new configuration restart automatically.
++
+[WARNING]
+====
+When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
+====
diff --git a/modules/monitoring-modifying-the-retention-time-for-thanos-ruler-metrics-data.adoc b/modules/monitoring-modifying-the-retention-time-for-thanos-ruler-metrics-data.adoc
index 83d9728d5e6f..5f810a2f5ab2 100644
--- a/modules/monitoring-modifying-the-retention-time-for-thanos-ruler-metrics-data.adoc
+++ b/modules/monitoring-modifying-the-retention-time-for-thanos-ruler-metrics-data.adoc
@@ -2,25 +2,24 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-the-retention-time-for-thanos-ruler-metrics-data_{context}"]
 = Modifying the retention time for Thanos Ruler metrics data
 
-By default, for user-defined projects, Thanos Ruler automatically retains metrics data for 24 hours.
-You can modify the retention time to change how long this data is retained by specifying a time value in the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
+By default, for user-defined projects, Thanos Ruler automatically retains metrics data for 24 hours. You can modify the retention time to change how long this data is retained by specifying a time value in the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 * A cluster administrator has enabled monitoring for user-defined projects.
-* You have access to the cluster as a user with the `cluster-admin` role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 * You have created the `user-workload-monitoring-config` `ConfigMap` object.
-
-[WARNING]
-====
-Saving changes to a monitoring config map might restart monitoring processes and redeploy the pods and other resources in the related project.
-The running monitoring processes in that project might also restart.
-====
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
@@ -66,3 +65,9 @@ data:
 ----
 
 . Save the file to apply the changes. The pods affected by the new configuration automatically restart.
++
+[WARNING]
+====
+Saving changes to a monitoring config map might restart monitoring processes and redeploy the pods and other resources in the related project.
+The running monitoring processes in that project might also restart.
+====
diff --git a/modules/monitoring-moving-monitoring-components-to-different-nodes.adoc b/modules/monitoring-moving-monitoring-components-to-different-nodes.adoc
index d0224e5adb1c..accaf808e47c 100644
--- a/modules/monitoring-moving-monitoring-components-to-different-nodes.adoc
+++ b/modules/monitoring-moving-monitoring-components-to-different-nodes.adoc
@@ -2,25 +2,36 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="moving-monitoring-components-to-different-nodes_{context}"]
 = Moving monitoring components to different nodes
 
+ifndef::openshift-dedicated,openshift-rosa[]
 To specify the nodes in your cluster on which monitoring stack components will run, configure the `nodeSelector` constraint in the component's `ConfigMap` object to match labels assigned to the nodes.
 
 [NOTE]
 ====
 You cannot add a node selector constraint directly to an existing scheduled pod.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
-.Prerequisites
+ifdef::openshift-dedicated,openshift-rosa[]
+You can move any of the components that monitor workloads for user-defined projects to specific worker nodes. It is not permitted to move components to control plane or infrastructure nodes.
+endif::openshift-dedicated,openshift-rosa[]
 
+.Prerequisites
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -32,6 +43,7 @@ You cannot add a node selector constraint directly to an existing scheduled pod.
 $ oc label nodes <node-name> <node-label>
 ----
 . Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To move a component that monitors core {product-title} projects*:
 
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
@@ -69,6 +81,7 @@ If monitoring components remain in a `Pending` state after configuring the `node
 ====
 
 ** *To move a component that monitors user-defined projects*:
+endif::openshift-dedicated,openshift-rosa[]
 
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
@@ -106,11 +119,13 @@ If monitoring components remain in a `Pending` state after configuring the `node
 
 . Save the file to apply the changes.
 The components specified in the new configuration are moved to the new nodes automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc b/modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc
index f4d98537bba3..f4626df8e13e 100644
--- a/modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc
+++ b/modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="Optimizing-alerting-for-user-defined-projects_{context}"]
 = Optimizing alerting for user-defined projects
 
@@ -17,10 +17,3 @@ You can optimize alerting for your own projects by considering the following rec
 * *Provide clear alert messaging*. State the symptom and recommended actions in the alert message.
 
 * *Include severity levels in your alerting rules*. The severity of an alert depends on how you need to react if the reported symptom occurs. For example, a critical alert should be triggered if a symptom requires immediate attention by an individual or a critical response team.
-
-* *Optimize alert routing*. Deploy an alerting rule directly on the Prometheus instance in the `openshift-user-workload-monitoring` project if the rule does not query default {product-title} metrics. This reduces latency for alerting rules and minimizes the load on monitoring components.
-+
-[WARNING]
-====
-Default {product-title} metrics for user-defined projects provide information about CPU and memory usage, bandwidth statistics, and packet rate information. Those metrics cannot be included in an alerting rule if you route the rule directly to the Prometheus instance in the `openshift-user-workload-monitoring` project. Alerting rule optimization should be used only if you have read the documentation and have a comprehensive understanding of the monitoring architecture.
-====
diff --git a/modules/monitoring-querying-metrics-by-using-the-federation-endpoint-for-prometheus.adoc b/modules/monitoring-querying-metrics-by-using-the-federation-endpoint-for-prometheus.adoc
index 9aaf27668057..dd87bf492597 100644
--- a/modules/monitoring-querying-metrics-by-using-the-federation-endpoint-for-prometheus.adoc
+++ b/modules/monitoring-querying-metrics-by-using-the-federation-endpoint-for-prometheus.adoc
@@ -2,26 +2,26 @@
 //
 // * monitoring/accessing-third-party-monitoring-apis.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="monitoring-querying-metrics-by-using-the-federation-endpoint-for-prometheus_{context}"]
 = Querying metrics by using the federation endpoint for Prometheus
 
 You can use the federation endpoint to scrape platform and user-defined metrics from a network location outside the cluster.
-To do so, access the Prometheus `/federate` endpoint for the cluster via an {product-title} route. 
+To do so, access the Prometheus `/federate` endpoint for the cluster via an {product-title} route.
 
 [WARNING]
 ====
-A delay in retrieving metrics data occurs when you use federation. 
+A delay in retrieving metrics data occurs when you use federation.
 This delay can affect the accuracy and timeliness of the scraped metrics.
 
 Using the federation endpoint can also degrade the performance and scalability of your cluster, especially if you use the federation endpoint to retrieve large amounts of metrics data.
 To avoid these issues, follow these recommendations:
 
 * Do not try to retrieve all metrics data via the federation endpoint.
-Query it only when you want to retrieve a limited, aggregated data set. 
-For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation. 
+Query it only when you want to retrieve a limited, aggregated data set.
+For example, retrieving fewer than 1,000 samples for each request helps minimize the risk of performance degradation.
 
-* Avoid querying the federation endpoint frequently. 
+* Avoid querying the federation endpoint frequently.
 Limit queries to a maximum of one every 30 seconds.
 
 If you need to forward large amounts of data outside the cluster, use remote write instead. For more information, see the _Configuring remote write storage_ section.
@@ -31,7 +31,7 @@ If you need to forward large amounts of data outside the cluster, use remote wri
 
 * You have installed the OpenShift CLI (`oc`).
 * You have obtained the host URL for the {product-title} route.
-* You have access to the cluster as a user with the `cluster-monitoring-view` role or have obtained a bearer token with `get` permission on the `namespaces` resource.
+* You have access to the cluster as a user with the `cluster-monitoring-view` cluster role or have obtained a bearer token with `get` permission on the `namespaces` resource.
 +
 [NOTE]
 ====
@@ -47,13 +47,13 @@ You can only use bearer token authentication to access the federation endpoint.
 $ token=`oc whoami -t`
 ----
 
-. Query metrics from the `/federate` route. 
+. Query metrics from the `/federate` route.
 The following example queries `up` metrics:
 +
 [source,terminal]
 ----
 $ curl -G -s -k -H "Authorization: Bearer $token" \
-    'https:/<federation_host>/federate' \ <1>
+    'https://<federation_host>/federate' \ <1>
     --data-urlencode 'match[]=up'
 ----
 +
diff --git a/modules/monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc b/modules/monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc
index 7a6f02cc65dc..1c909cde5746 100644
--- a/modules/monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc
+++ b/modules/monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc
@@ -3,50 +3,90 @@
 // * monitoring/managing-metrics.adoc
 // * virt/support/virt-prometheus-queries.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-metrics-for-all-projects-as-an-administrator_{context}"]
 = Querying metrics for all projects as a cluster administrator
 
-As a cluster administrator or as a user with view permissions for all projects, you can access metrics for all default {product-title} and user-defined projects in the Metrics UI.
+As a
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin`
+endif::openshift-dedicated,openshift-rosa[]
+or as a user with view permissions for all projects, you can access metrics for all default {product-title} and user-defined projects in the Metrics UI.
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+Only dedicated administrators have access to the third-party UIs provided with {product-title} monitoring.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role or with view permissions for all projects.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role or with view permissions for all projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role or with view permissions for all projects.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
-. Select the *Administrator* perspective in the {product-title} web console.
-
-. Select *Observe* -> *Metrics*.
-
-. Select *Insert Metric at Cursor* to view a list of predefined queries.
+. From the *Administrator* perspective in the {product-title} web console, select *Observe* -> *Metrics*.
 
-. To create a custom query, add your Prometheus Query Language (PromQL) query to the *Expression* field.
+. To add one or more queries, do any of the following:
 +
-[NOTE]
-====
-As you type a PromQL expression, autocomplete suggestions appear in a drop-down list.
-These suggestions include functions, metrics, labels, and time tokens.
-You can use the keyboard arrows to select one of these suggested items and then press Enter to add the item to your expression.
-You can also move your mouse pointer over a suggested item to view a brief description of that item.
-====
+|===
+|Option |Description
 
-. To add multiple queries, select *Add Query*.
+|Create a custom query.
+|Add your Prometheus Query Language (PromQL) query to the *Expression* field.
 
-. To duplicate an existing query, select {kebab} next to the query, then choose *Duplicate query*.
+As you type a PromQL expression, autocomplete suggestions appear in a drop-down list. These suggestions include functions, metrics, labels, and time tokens.
+You can use the keyboard arrows to select one of these suggested items and then press Enter to add the item to your expression. You can also move your mouse pointer over a suggested item to view a brief description of that item.
 
-. To delete a query, select {kebab} next to the query, then choose *Delete query*.
+|Add multiple queries. |Select *Add query*.
 
-. To disable a query from being run, select {kebab} next to the query and choose *Disable query*.
+|Duplicate an existing query. |Select the Options menu {kebab} next to the query, then choose *Duplicate query*.
 
-. To run queries that you created, select *Run Queries*. 
-The metrics from the queries are visualized on the plot. 
-If a query is invalid, the UI shows an error message.
+|Disable a query from being run. |Select the Options menu {kebab} next to the query and choose *Disable query*.
+|===
+
+. To run queries that you created, select *Run queries*. The metrics from the queries are visualized on the plot. If a query is invalid, the UI shows an error message.
 +
 [NOTE]
 ====
 Queries that operate on large amounts of data might time out or overload the browser when drawing time series graphs. To avoid this, select *Hide graph* and calibrate your query using only the metrics table. Then, after finding a feasible query, enable the plot to draw the graphs.
 ====
++
+[NOTE]
+====
+By default, the query table shows an expanded view that lists every metric and its current value. You can select *˅* to minimize the expanded view for a query.
+====
 
 . Optional: The page URL now contains the queries you ran. To use this set of queries again in the future, save this URL.
+
+. Explore the visualized metrics. Initially, all metrics from all enabled queries are shown on the plot. You can select which metrics are shown by doing any of the following:
++
+|===
+|Option |Description
+
+|Hide all metrics from a query. |Click the Options menu {kebab} for the query and click *Hide all series*.
+
+|Hide a specific metric. |Go to the query table and click the colored square near the metric name.
+
+|Zoom into the plot and change the time range.
+a|Either:
+
+* Visually select the time range by clicking and dragging on the plot horizontally.
+* Use the menu in the left upper corner to select the time range.
+
+|Reset the time range. |Select *Reset zoom*.
+
+|Display outputs for all queries at a specific point in time. |Hold the mouse cursor on the plot at that point. The query outputs will appear in a pop-up box.
+
+|Hide the plot. |Select *Hide graph*.
+|===
diff --git a/modules/monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc b/modules/monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc
index 09619992b465..2f7cdbf216d9 100644
--- a/modules/monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc
+++ b/modules/monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc
@@ -3,7 +3,7 @@
 // * monitoring/managing-metrics.adoc
 // * virt/support/virt-prometheus-queries.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-metrics-for-user-defined-projects-as-a-developer_{context}"]
 = Querying metrics for user-defined projects as a developer
 
@@ -13,7 +13,10 @@ In the *Developer* perspective, the Metrics UI includes some predefined CPU, mem
 
 [NOTE]
 ====
-Developers can only use the *Developer* perspective and not the *Administrator* perspective. As a developer, you can only query metrics for one project at a time in the *Observe* --> *Metrics* page in the web console for your user-defined project.
+Developers can only use the *Developer* perspective and not the *Administrator* perspective. As a developer, you can only query metrics for one project at a time.
+ifdef::openshift-dedicated,openshift-rosa[]
+Developers cannot access the third-party UIs provided with {product-title} monitoring.
+endif::openshift-dedicated,openshift-rosa[]
 ====
 
 .Prerequisites
@@ -25,20 +28,29 @@ Developers can only use the *Developer* perspective and not the *Administrator*
 
 .Procedure
 
-. Select the *Developer* perspective in the {product-title} web console.
-
-. Select *Observe* -> *Metrics*.
+. From the *Developer* perspective in the {product-title} web console, select *Observe* -> *Metrics*.
 
 . Select the project that you want to view metrics for in the *Project:* list.
 
-. Select a query from the *Select query* list, or create a custom PromQL query based on the selected query by selecting *Show PromQL*.
-
-. Optional: Select *Custom query* from the *Select query* list to enter a new query. 
-As you type, autocomplete suggestions appear in a drop-down list.
-These suggestions include functions and metrics.
-Click a suggested item to select it.
+. Select a query from the *Select query* list, or create a custom PromQL query based on the selected query by selecting *Show PromQL*. The metrics from the queries are visualized on the plot.
 +
 [NOTE]
 ====
-In the *Developer* perspective, you can only run one query at a time.
+In the Developer perspective, you can only run one query at a time.
 ====
+
+. Explore the visualized metrics by doing any of the following:
++
+|===
+|Option |Description
+
+|Zoom into the plot and change the time range.
+a|Either:
+
+* Visually select the time range by clicking and dragging on the plot horizontally.
+* Use the menu in the left upper corner to select the time range.
+
+|Reset the time range. |Select *Reset zoom*.
+
+|Display outputs for all queries at a specific point in time. |Hold the mouse cursor on the plot at that point. The query outputs appear in a pop-up box.
+|===
diff --git a/modules/monitoring-reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics.adoc b/modules/monitoring-reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics.adoc
deleted file mode 100644
index b06a7a95e77d..000000000000
--- a/modules/monitoring-reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics.adoc
+++ /dev/null
@@ -1,54 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/managing-alerts.adoc
-
-:_content-type: PROCEDURE
-[id="reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics_{context}"]
-= Reducing latency for alerting rules that do not query platform metrics
-
-If an alerting rule for a user-defined project does not query default cluster metrics, you can deploy the rule directly on the Prometheus instance in the `openshift-user-workload-monitoring` project. This reduces latency for alerting rules by bypassing Thanos Ruler when it is not required. This also helps to minimize the overall load on monitoring components.
-
-[WARNING]
-====
-Default {product-title} metrics for user-defined projects provide information about CPU and memory usage, bandwidth statistics, and packet rate information. Those metrics cannot be included in an alerting rule if you deploy the rule directly to the Prometheus instance in the `openshift-user-workload-monitoring` project. The procedure outlined in this section should only be used if you have read the documentation and have a comprehensive understanding of the monitoring architecture.
-====
-
-.Prerequisites
-
-* You have enabled monitoring for user-defined projects.
-* You are logged in as a user that has the `monitoring-rules-edit` role for the project where you want to create an alerting rule.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. Create a YAML file for alerting rules. In this example, it is called `example-app-alerting-rule.yaml`.
-
-. Add an alerting rule configuration to the YAML file that includes a label with the key `openshift.io/prometheus-rule-evaluation-scope` and value `leaf-prometheus`. For example:
-+
-[source,yaml]
-----
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: example-alert
-  namespace: ns1
-  labels:
-    openshift.io/prometheus-rule-evaluation-scope: leaf-prometheus
-spec:
-  groups:
-  - name: example
-    rules:
-    - alert: VersionAlert
-      expr: version{job="prometheus-example-app"} == 0
-----
-
-If that label is present, the alerting rule is deployed on the Prometheus instance in the `openshift-user-workload-monitoring` project. If the label is not present, the alerting rule is deployed to Thanos Ruler.
-
-. Apply the configuration file to the cluster:
-+
-[source,terminal]
-----
-$ oc apply -f example-app-alerting-rule.yaml
-----
-+
-It takes some time to create the alerting rule.
diff --git a/modules/monitoring-removing-alerting-rules-for-user-defined-projects.adoc b/modules/monitoring-removing-alerting-rules-for-user-defined-projects.adoc
index e0545c48947c..41d63cdbd914 100644
--- a/modules/monitoring-removing-alerting-rules-for-user-defined-projects.adoc
+++ b/modules/monitoring-removing-alerting-rules-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="removing-alerting-rules-for-user-defined-projects_{context}"]
 = Removing alerting rules for user-defined projects
 
@@ -11,7 +11,7 @@ You can remove alerting rules for user-defined projects.
 .Prerequisites
 
 * You have enabled monitoring for user-defined projects.
-* You are logged in as a user that has the `monitoring-rules-edit` role for the project where you want to create an alerting rule.
+* You are logged in as a user that has the `monitoring-rules-edit` cluster role for the project where you want to create an alerting rule.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/monitoring-resizing-a-persistent-storage-volume.adoc b/modules/monitoring-resizing-a-persistent-storage-volume.adoc
index 3066634191c9..776ee16ae03f 100644
--- a/modules/monitoring-resizing-a-persistent-storage-volume.adoc
+++ b/modules/monitoring-resizing-a-persistent-storage-volume.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resizing-a-persistent-storage-volume_{context}"]
 = Resizing a persistent storage volume
 
@@ -11,17 +11,17 @@ Therefore, even if you update the `storage` field for an existing persistent vol
 
 However, resizing a PV is still possible by using a manual process. If you want to resize a PV for a monitoring component such as Prometheus, Thanos Ruler, or Alertmanager, you can update the appropriate config map in which the component is configured. Then, patch the PVC, and delete and orphan the pods.
 Orphaning the pods recreates the `StatefulSet` resource immediately and automatically updates the size of the volumes mounted in the pods with the new PVC settings.
-No service disruption occurs during this process. 
+No service disruption occurs during this process.
 
 .Prerequisites
 
 * You have installed the OpenShift CLI (`oc`).
 * *If you are configuring core {product-title} monitoring components*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 ** You have configured at least one PVC for core {product-title} monitoring components.
 * *If you are configuring components that monitor user-defined projects*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
 ** You have configured at least one PVC for components that monitor user-defined projects.
 
diff --git a/modules/monitoring-reviewing-monitoring-dashboards-admin.adoc b/modules/monitoring-reviewing-monitoring-dashboards-admin.adoc
index 453a14c66588..046e20d36a90 100644
--- a/modules/monitoring-reviewing-monitoring-dashboards-admin.adoc
+++ b/modules/monitoring-reviewing-monitoring-dashboards-admin.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/reviewing-monitoring-dashboards.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-monitoring-dashboards-admin_{context}"]
 = Reviewing monitoring dashboards as a cluster administrator
 
@@ -10,7 +10,12 @@ In the *Administrator* perspective, you can view dashboards relating to core {pr
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/monitoring-reviewing-monitoring-dashboards-developer.adoc b/modules/monitoring-reviewing-monitoring-dashboards-developer.adoc
index f2cc191d4a2d..1bcd8019e94e 100644
--- a/modules/monitoring-reviewing-monitoring-dashboards-developer.adoc
+++ b/modules/monitoring-reviewing-monitoring-dashboards-developer.adoc
@@ -2,15 +2,15 @@
 //
 // * monitoring/reviewing-monitoring-dashboards.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-monitoring-dashboards-developer_{context}"]
 = Reviewing monitoring dashboards as a developer
 
-Use the Developer perspective to view Kubernetes compute resources dashboards of a selected project.
+In the *Developer* perspective, you can view dashboards relating to a selected project. You must have access to monitor a project to view dashboard information for it.
 
 .Prerequisites
 
-* You have access to the cluster as a developer or as a user. 
+* You have access to the cluster as a developer or as a user.
 * You have view permissions for the project that you are viewing the dashboard for.
 
 .Procedure
diff --git a/modules/monitoring-searching-alerts-silences-and-alerting-rules.adoc b/modules/monitoring-searching-alerts-silences-and-alerting-rules.adoc
index 46747994a405..af600b6931fd 100644
--- a/modules/monitoring-searching-alerts-silences-and-alerting-rules.adoc
+++ b/modules/monitoring-searching-alerts-silences-and-alerting-rules.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="searching-alerts-silences-and-alerting-rules_{context}"]
 = Searching and filtering alerts, silences, and alerting rules
 
@@ -29,7 +29,7 @@ You can filter by alert state, severity, and source. By default, only *Platform*
 
 * *Source* filters:
 ** *Platform*. Platform-level alerts relate only to default {product-title} projects. These projects provide core {product-title} functionality.
-** *User*. User alerts relate to user-defined projects. These alerts are user-created and are customizable. User-defined workload monitoring can be enabled post-installation to provide observability into your own workloads.
+** *User*. User alerts relate to user-defined projects. These alerts are user-created and are customizable. User-defined workload monitoring can be enabled postinstallation to provide observability into your own workloads.
 
 [discrete]
 == Understanding silence filters
@@ -65,7 +65,7 @@ You can filter alerting rules by alert state, severity, and source. By default,
 
 * *Source* filters:
 ** *Platform*. Platform-level alerting rules relate only to default {product-title} projects. These projects provide core {product-title} functionality.
-** *User*. User-defined workload alerting rules relate to user-defined projects. These alerting rules are user-created and are customizable. User-defined workload monitoring can be enabled post-installation to provide observability into your own workloads.
+** *User*. User-defined workload alerting rules relate to user-defined projects. These alerting rules are user-created and are customizable. User-defined workload monitoring can be enabled postinstallation to provide observability into your own workloads.
 
 [discrete]
 == Searching and filtering alerts, silences, and alerting rules in the Developer perspective
diff --git a/modules/monitoring-searching-and-filtering-metrics-targets.adoc b/modules/monitoring-searching-and-filtering-metrics-targets.adoc
deleted file mode 100644
index 1253dc9909cf..000000000000
--- a/modules/monitoring-searching-and-filtering-metrics-targets.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/managing-metrics-targets.adoc
-
-:_content-type: CONCEPT
-[id="monitoring-searching-and-filtering-metrics-targets_{context}"]
-= Searching and filtering metrics targets
-
-The list of metrics targets can be long. You can filter and search these targets based on various criteria.
-
-In the *Administrator* perspective, the *Metrics Targets* page provides details about targets for default {product-title} and user-defined projects.
-This page lists the following information for each target:
-
-* the service endpoint URL being scraped
-* the ServiceMonitor component being monitored
-* the up or down status of the target
-* the namespace
-* the last scrape time
-* the duration of the last scrape
-
-You can filter the list of targets by status and source. The following filtering options are available:
-
-* *Status* filters:
-** *Up*. The target is currently up and being actively scraped for metrics.
-** *Down*. The target is currently down and not being scraped for metrics.
-
-* *Source* filters:
-** *Platform*. Platform-level targets relate only to default {product-title} projects. These projects provide core {product-title} functionality.
-** *User*. User targets relate to user-defined projects. These projects are user-created and can be customized. 
-
-You can also use the search box to find a target by target name or label.
-Select *Text* or *Label* from the search box menu to limit your search.
\ No newline at end of file
diff --git a/modules/monitoring-sending-notifications-to-external-systems.adoc b/modules/monitoring-sending-notifications-to-external-systems.adoc
index 2eef40f01fac..36702c78d520 100644
--- a/modules/monitoring-sending-notifications-to-external-systems.adoc
+++ b/modules/monitoring-sending-notifications-to-external-systems.adoc
@@ -3,7 +3,7 @@
 // * monitoring/managing-alerts.adoc
 // * post_installation_configuration/configuring-alert-notifications.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sending-notifications-to-external-systems_{context}"]
 = Sending notifications to external systems
 
diff --git a/modules/monitoring-setting-audit-log-levels-for-the-prometheus-adapter.adoc b/modules/monitoring-setting-audit-log-levels-for-the-prometheus-adapter.adoc
index a561ed83d0b5..6ef8c67f0749 100644
--- a/modules/monitoring-setting-audit-log-levels-for-the-prometheus-adapter.adoc
+++ b/modules/monitoring-setting-audit-log-levels-for-the-prometheus-adapter.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-audit-log-levels-for-the-prometheus-adapter_{context}"]
 = Setting audit log levels for the Prometheus Adapter
 
@@ -12,7 +12,7 @@ In default platform monitoring, you can configure the audit log level for the Pr
 .Prerequisites
 
 * You have installed the OpenShift CLI (`oc`).
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have created the `cluster-monitoring-config` `ConfigMap` object.
 
 .Procedure
@@ -41,7 +41,7 @@ data:
       audit:
         profile: <audit_log_level> <1>
 ----
-<1> The audit log level to apply to the Prometheus Adapter. 
+<1> The audit log level to apply to the Prometheus Adapter.
 
 . Set the audit log level by using one of the following values for the `profile:` parameter:
 +
diff --git a/modules/monitoring-setting-log-levels-for-monitoring-components.adoc b/modules/monitoring-setting-log-levels-for-monitoring-components.adoc
index 70846659137c..3c84901640af 100644
--- a/modules/monitoring-setting-log-levels-for-monitoring-components.adoc
+++ b/modules/monitoring-setting-log-levels-for-monitoring-components.adoc
@@ -2,13 +2,23 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-log-levels-for-monitoring-components_{context}"]
 = Setting log levels for monitoring components
 
-You can configure the log level for Alertmanager, Prometheus Operator, Prometheus, Thanos Querier, and Thanos Ruler.
+You can configure the log level for
+ifndef::openshift-dedicated,openshift-rosa[]
+Alertmanager, Prometheus Operator, Prometheus, Thanos Querier, and Thanos Ruler.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Alertmanager, Prometheus Operator, Prometheus, and Thanos Ruler.
+endif::openshift-dedicated,openshift-rosa[]
 
-The following log levels can be applied to the relevant component in the `cluster-monitoring-config` and `user-workload-monitoring-config` `ConfigMap` objects:
+The following log levels can be applied to the relevant component in the
+ifndef::openshift-dedicated,openshift-rosa[]
+`cluster-monitoring-config` and
+endif::openshift-dedicated,openshift-rosa[]
+`user-workload-monitoring-config` `ConfigMap` objects:
 
 * `debug`. Log debug, informational, warning, and error messages.
 * `info`. Log informational, warning, and error messages.
@@ -19,17 +29,24 @@ The default log level is `info`.
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are setting a log level for Alertmanager, Prometheus Operator, Prometheus, or Thanos Querier in the `openshift-monitoring` project*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are setting a log level for Prometheus Operator, Prometheus, or Thanos Ruler in the `openshift-user-workload-monitoring` project*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
 . Edit the `ConfigMap` object:
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To set a log level for a component in the `openshift-monitoring` project*:
 .. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -55,10 +72,12 @@ data:
 <1> The monitoring stack component for which you are setting a log level.
 For default platform monitoring, available component values are `prometheusK8s`, `alertmanagerMain`, `prometheusOperator`, and `thanosQuerier`.
 <2> The log level to set for the component.
-The available values are `error`, `warn`, `info`, and `debug`. 
+The available values are `error`, `warn`, `info`, and `debug`.
 The default value is `info`.
 
 ** *To set a log level for a component in the `openshift-user-workload-monitoring` project*:
+endif::openshift-dedicated,openshift-rosa[]
+
 .. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -81,17 +100,17 @@ data:
       logLevel: <log_level> <2>
 ----
 <1> The monitoring stack component for which you are setting a log level.
-For user workload monitoring, available component values are `prometheus`, `prometheusOperator`, and `thanosRuler`.
-<2> The log level to set for the component.
-The available values are `error`, `warn`, `info`, and `debug`. 
-The default value is `info`.
+For user workload monitoring, available component values are `alertmanager`, `prometheus`, `prometheusOperator`, and `thanosRuler`.
+<2> The log level to apply to the component. The available values are `error`, `warn`, `info`, and `debug`. The default value is `info`.
 
-. Save the file to apply the changes. The pods for the component restarts automatically when you apply the log-level change.
+. Save the file to apply the changes. The pods for the component restart automatically when you apply the log-level change.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
@@ -102,7 +121,7 @@ When changes are saved to a monitoring config map, the pods and other resources
 +
 [source,terminal]
 ----
-$ oc -n openshift-user-workload-monitoring get deploy prometheus-operator -o yaml |  grep "log-level"
+$ oc -n openshift-user-workload-monitoring get deploy prometheus-operator -o yaml | grep "log-level"
 ----
 +
 .Example output
@@ -120,5 +139,5 @@ $ oc -n openshift-user-workload-monitoring get pods
 +
 [NOTE]
 ====
-If an unrecognized `loglevel` value is included in the `ConfigMap` object, the pods for the component might not restart successfully.
+If an unrecognized `logLevel` value is included in the `ConfigMap` object, the pods for the component might not restart successfully.
 ====
diff --git a/modules/monitoring-setting-query-log-file-for-prometheus.adoc b/modules/monitoring-setting-query-log-file-for-prometheus.adoc
index ded1516498df..f50343cf37f7 100644
--- a/modules/monitoring-setting-query-log-file-for-prometheus.adoc
+++ b/modules/monitoring-setting-query-log-file-for-prometheus.adoc
@@ -2,12 +2,15 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-query-log-file-for-prometheus_{context}"]
 = Enabling the query log file for Prometheus
 
 [role="_abstract"]
-You can configure Prometheus to write all queries that have been run by the engine to a log file. You can do so for default platform monitoring and for user-defined workload monitoring.
+You can configure Prometheus to write all queries that have been run by the engine to a log file.
+ifndef::openshift-dedicated,openshift-rosa[]
+You can do so for default platform monitoring and for user-defined workload monitoring.
+endif::openshift-dedicated,openshift-rosa[]
 
 [IMPORTANT]
 ====
@@ -16,16 +19,23 @@ Because log rotation is not supported, only enable this feature temporarily when
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
+ifndef::openshift-dedicated,openshift-rosa[]
 * *If you are enabling the query log file feature for Prometheus in the `openshift-monitoring` project*:
-** You have access to the cluster as a user with the `cluster-admin` role.
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
 ** You have created the `cluster-monitoring-config` `ConfigMap` object.
 * *If you are enabling the query log file feature for Prometheus in the `openshift-user-workload-monitoring` project*:
-** You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 ** You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` ConfigMap object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
+ifndef::openshift-dedicated,openshift-rosa[]
 ** *To set the query log file for Prometheus in the `openshift-monitoring` project*:
 . Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` project:
 +
@@ -77,6 +87,7 @@ Revert the setting in the config map after you have examined the logged query in
 ====
 
 ** *To set the query log file for Prometheus in the `openshift-user-workload-monitoring` project*:
+endif::openshift-dedicated,openshift-rosa[]
 . Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
 +
 [source,terminal]
@@ -101,11 +112,13 @@ data:
 <1> The full path to the file in which queries will be logged.
 +
 . Save the file to apply the changes.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-setting-scrape-sample-and-label-limits-for-user-defined-projects.adoc b/modules/monitoring-setting-scrape-sample-and-label-limits-for-user-defined-projects.adoc
index 0c9465489d00..0637411290a6 100644
--- a/modules/monitoring-setting-scrape-sample-and-label-limits-for-user-defined-projects.adoc
+++ b/modules/monitoring-setting-scrape-sample-and-label-limits-for-user-defined-projects.adoc
@@ -2,12 +2,11 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-scrape-sample-and-label-limits-for-user-defined-projects_{context}"]
 = Setting scrape sample and label limits for user-defined projects
 
-You can limit the number of samples that can be accepted per target scrape in user-defined projects.
-You can also limit the number of scraped labels, the length of label names, and the length of label values.
+You can limit the number of samples that can be accepted per target scrape in user-defined projects. You can also limit the number of scraped labels, the length of label names, and the length of label values.
 
 [WARNING]
 ====
@@ -16,8 +15,14 @@ If you set sample or label limits, no further sample data is ingested for that t
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 * You have enabled monitoring for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -61,7 +66,7 @@ data:
       enforcedLabelNameLengthLimit: 50 <2>
       enforcedLabelValueLengthLimit: 600 <3>
 ----
-<1> Specifies the maximum number of labels per scrape. 
+<1> Specifies the maximum number of labels per scrape.
 The default value is `0`, which specifies no limit.
 <2> Specifies the maximum length in characters of a label name.
 The default value is `0`, which specifies no limit.
@@ -69,11 +74,13 @@ The default value is `0`, which specifies no limit.
 The default value is `0`, which specifies no limit.
 
 . Save the file to apply the changes. The limits are applied automatically.
+ifndef::openshift-dedicated,openshift-rosa[]
 +
 [NOTE]
 ====
 Configurations applied to the `user-workload-monitoring-config` `ConfigMap` object are not activated unless a cluster administrator has enabled monitoring for user-defined projects.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 +
 [WARNING]
 ====
diff --git a/modules/monitoring-setting-the-body-size-limit-for-metrics-scraping.adoc b/modules/monitoring-setting-the-body-size-limit-for-metrics-scraping.adoc
index b15cdb3d1ce9..15d3b715e28e 100644
--- a/modules/monitoring-setting-the-body-size-limit-for-metrics-scraping.adoc
+++ b/modules/monitoring-setting-the-body-size-limit-for-metrics-scraping.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-the-body-size-limit-for-metrics-scraping_{context}"]
 = Setting the body size limit for metrics scraping
 
@@ -20,7 +20,7 @@ Prometheus then considers this target to be down and sets its `up` metric value
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -56,6 +56,6 @@ You can also set the value to `automatic` to calculate the limit automatically b
 +
 [WARNING]
 ====
-When you save changes to a `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed. 
+When you save changes to a `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed.
 The running monitoring processes in that project might also restart.
 ====
diff --git a/modules/monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc b/modules/monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc
index 29d2c1fe72ee..c6c89e3ecba6 100644
--- a/modules/monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc
+++ b/modules/monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-metrics.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="setting-up-metrics-collection-for-user-defined-projects_{context}"]
 = Setting up metrics collection for user-defined projects
 
diff --git a/modules/monitoring-setting-up-pod-topology-spread-constraints-for-alertmanager.adoc b/modules/monitoring-setting-up-pod-topology-spread-constraints-for-alertmanager.adoc
index 8fd3a6622401..16cc65935027 100644
--- a/modules/monitoring-setting-up-pod-topology-spread-constraints-for-alertmanager.adoc
+++ b/modules/monitoring-setting-up-pod-topology-spread-constraints-for-alertmanager.adoc
@@ -2,20 +2,20 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-up-pod-topology-spread-constraints-for-alertmanager_{context}"]
 = Setting up pod topology spread constraints for Alertmanager
 
-For core {product-title} platform monitoring, you can set up pod topology spread constraints for Alertmanager to fine tune how pod replicas are scheduled to nodes across zones. 
+For core {product-title} platform monitoring, you can set up pod topology spread constraints for Alertmanager to fine tune how pod replicas are scheduled to nodes across zones.
 Doing so helps ensure that Alertmanager pods are highly available and run more efficiently, because workloads are spread across nodes in different data centers or hierarchical infrastructure zones.
 
 You configure pod topology spread constraints for Alertmanager in the `cluster-monitoring-config` config map.
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have created the `cluster-monitoring-config` `ConfigMap` object.
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
@@ -42,12 +42,12 @@ data:
       - maxSkew: 1 <1>
         topologyKey: monitoring <2>
         whenUnsatisfiable: DoNotSchedule <3>
-        labelSelector: 
+        labelSelector:
           matchLabels: <4>
             app.kubernetes.io/name: alertmanager
 ----
-<1> Specify a numeric value for `maxSkew`, which defines the degree to which pods are allowed to be unevenly distributed. 
-This field is required, and the value must be greater than zero. 
+<1> Specify a numeric value for `maxSkew`, which defines the degree to which pods are allowed to be unevenly distributed.
+This field is required, and the value must be greater than zero.
 The value specified has a different effect depending on what value you specify for `whenUnsatisfiable`.
 <2> Specify a key of node labels for `topologyKey`.
 This field is required.
@@ -56,7 +56,7 @@ The scheduler will try to put a balanced number of pods into each domain.
 <3> Specify a value for `whenUnsatisfiable`.
 This field is required.
 Available options are `DoNotSchedule` and `ScheduleAnyway`.
-Specify `DoNotSchedule` if you want the `maxSkew` value to define the maximum difference allowed between the number of matching pods in the target topology and the global minimum. 
+Specify `DoNotSchedule` if you want the `maxSkew` value to define the maximum difference allowed between the number of matching pods in the target topology and the global minimum.
 Specify `ScheduleAnyway` if you want the scheduler to still schedule the pod but to give higher priority to nodes that might reduce the skew.
 <4> Specify a value for `matchLabels`. This value is used to identify the set of matching pods to which to apply the constraints.
 
@@ -64,6 +64,6 @@ Specify `ScheduleAnyway` if you want the scheduler to still schedule the pod but
 +
 [WARNING]
 ====
-When you save changes to the `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed. 
+When you save changes to the `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed.
 The running monitoring processes in that project might also restart.
 ====
diff --git a/modules/monitoring-setting-up-pod-topology-spread-constraints-for-prometheus.adoc b/modules/monitoring-setting-up-pod-topology-spread-constraints-for-prometheus.adoc
index 3593b46f3336..df9ed8fefa94 100644
--- a/modules/monitoring-setting-up-pod-topology-spread-constraints-for-prometheus.adoc
+++ b/modules/monitoring-setting-up-pod-topology-spread-constraints-for-prometheus.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-up-pod-topology-spread-constraints-for-prometheus_{context}"]
 = Setting up pod topology spread constraints for Prometheus
 
@@ -13,9 +13,9 @@ You configure pod topology spread constraints for Prometheus in the `cluster-mon
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
 * You have created the `cluster-monitoring-config` `ConfigMap` object.
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
@@ -42,12 +42,12 @@ data:
       - maxSkew: 1 <1>
         topologyKey: monitoring <2>
         whenUnsatisfiable: DoNotSchedule <3>
-        labelSelector: 
+        labelSelector:
           matchLabels: <4>
             app.kubernetes.io/name: prometheus
 ----
-<1> Specify a numeric value for `maxSkew`, which defines the degree to which pods are allowed to be unevenly distributed. 
-This field is required, and the value must be greater than zero. 
+<1> Specify a numeric value for `maxSkew`, which defines the degree to which pods are allowed to be unevenly distributed.
+This field is required, and the value must be greater than zero.
 The value specified has a different effect depending on what value you specify for `whenUnsatisfiable`.
 <2> Specify a key of node labels for `topologyKey`.
 This field is required.
@@ -56,7 +56,7 @@ The scheduler will try to put a balanced number of pods into each domain.
 <3> Specify a value for `whenUnsatisfiable`.
 This field is required.
 Available options are `DoNotSchedule` and `ScheduleAnyway`.
-Specify `DoNotSchedule` if you want the `maxSkew` value to define the maximum difference allowed between the number of matching pods in the target topology and the global minimum. 
+Specify `DoNotSchedule` if you want the `maxSkew` value to define the maximum difference allowed between the number of matching pods in the target topology and the global minimum.
 Specify `ScheduleAnyway` if you want the scheduler to still schedule the pod but to give higher priority to nodes that might reduce the skew.
 <4> Specify a value for `matchLabels`. This value is used to identify the set of matching pods to which to apply the constraints.
 
@@ -64,6 +64,6 @@ Specify `ScheduleAnyway` if you want the scheduler to still schedule the pod but
 +
 [WARNING]
 ====
-When you save changes to the `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed. 
+When you save changes to the `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed.
 The running monitoring processes in that project might also restart.
 ====
diff --git a/modules/monitoring-setting-up-pod-topology-spread-constraints-for-thanos-ruler.adoc b/modules/monitoring-setting-up-pod-topology-spread-constraints-for-thanos-ruler.adoc
index 31f67dfc8214..9427ced52470 100644
--- a/modules/monitoring-setting-up-pod-topology-spread-constraints-for-thanos-ruler.adoc
+++ b/modules/monitoring-setting-up-pod-topology-spread-constraints-for-thanos-ruler.adoc
@@ -2,21 +2,27 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-up-pod-topology-spread-constraints-for-thanos-ruler_{context}"]
 = Setting up pod topology spread constraints for Thanos Ruler
 
-For user-defined monitoring, you can set up pod topology spread constraints for Thanos Ruler to fine tune how pod replicas are scheduled to nodes across zones. 
+For user-defined monitoring, you can set up pod topology spread constraints for Thanos Ruler to fine tune how pod replicas are scheduled to nodes across zones.
 Doing so helps ensure that Thanos Ruler pods are highly available and run more efficiently, because workloads are spread across nodes in different data centers or hierarchical infrastructure zones.
 
 You configure pod topology spread constraints for Thanos Ruler in the `user-workload-monitoring-config` config map.
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
+ifndef::openshift-dedicated,openshift-rosa[]
 * A cluster administrator has enabled monitoring for user-defined projects.
-* You have access to the cluster as a user with the `cluster-admin` role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+* You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
 * You have created the `user-workload-monitoring-config` `ConfigMap` object.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+* The `user-workload-monitoring-config` `ConfigMap` object exists. This object is created by default when the cluster is created.
+endif::openshift-dedicated,openshift-rosa[]
+* You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
@@ -47,24 +53,15 @@ data:
           matchLabels: <4>
             app.kubernetes.io/name: thanos-ruler
 ----
-<1> Specify a numeric value for `maxSkew`, which defines the degree to which pods are allowed to be unevenly distributed. 
-This field is required, and the value must be greater than zero. 
-The value specified has a different effect depending on what value you specify for `whenUnsatisfiable`.
-<2> Specify a key of node labels for `topologyKey`.
-This field is required.
-Nodes that have a label with this key and identical values are considered to be in the same topology.
-The scheduler will try to put a balanced number of pods into each domain.
-<3> Specify a value for `whenUnsatisfiable`.
-This field is required.
-Available options are `DoNotSchedule` and `ScheduleAnyway`.
-Specify `DoNotSchedule` if you want the `maxSkew` value to define the maximum difference allowed between the number of matching pods in the target topology and the global minimum. 
-Specify `ScheduleAnyway` if you want the scheduler to still schedule the pod but to give higher priority to nodes that might reduce the skew.
+<1> Specify a numeric value for `maxSkew`, which defines the degree to which pods are allowed to be unevenly distributed. This field is required, and the value must be greater than zero. The value specified has a different effect depending on what value you specify for `whenUnsatisfiable`.
+<2> Specify a key of node labels for `topologyKey`. This field is required. Nodes that have a label with this key and identical values are considered to be in the same topology. The scheduler will try to put a balanced number of pods into each domain.
+<3> Specify a value for `whenUnsatisfiable`. This field is required. Available options are `DoNotSchedule` and `ScheduleAnyway`. Specify `DoNotSchedule` if you want the `maxSkew` value to define the maximum difference allowed between the number of matching pods in the target topology and the global minimum.  Specify `ScheduleAnyway` if you want the scheduler to still schedule the pod but to give higher priority to nodes that might reduce the skew.
 <4> Specify a value for `matchLabels`. This value is used to identify the set of matching pods to which to apply the constraints.
 
 . Save the file to apply the changes automatically.
 +
 [WARNING]
 ====
-When you save changes to the `user-workload-monitoring-config` config map, the pods and other resources in the `openshift-user-workload-monitoring` project might be redeployed. 
+When you save changes to the `user-workload-monitoring-config` config map, the pods and other resources in the `openshift-user-workload-monitoring` project might be redeployed.
 The running monitoring processes in that project might also restart.
 ====
diff --git a/modules/monitoring-silencing-alerts.adoc b/modules/monitoring-silencing-alerts.adoc
index 9ef15af65809..8d0f0761bf7c 100644
--- a/modules/monitoring-silencing-alerts.adoc
+++ b/modules/monitoring-silencing-alerts.adoc
@@ -2,56 +2,87 @@
 //
 // * monitoring/managing-alerts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="silencing-alerts_{context}"]
 = Silencing alerts
 
-You can either silence a specific alert or silence alerts that match a specification that you define.
+You can silence a specific alert or silence alerts that match a specification that you define.
 
 .Prerequisites
 
-* You are a cluster administrator and have access to the cluster as a user with the `cluster-admin` cluster role.
-* You are a non-administator user and have access to the cluster as a user with the following user roles:
+ifndef::openshift-dedicated,openshift-rosa[]
+* If you are a cluster administrator, you have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* If you are a cluster administrator, you have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* If you are a non-administrator user, you have access to the cluster as a user with the following user roles:
 ** The `cluster-monitoring-view` cluster role, which allows you to access Alertmanager.
 ** The `monitoring-alertmanager-edit` role, which permits you to create and silence alerts in the *Administrator* perspective in the web console.
-** The `monitoring-rules-edit` role, which permits you to create and silence alerts in the *Developer* perspective in the web console.
+** The `monitoring-rules-edit` cluster role, which permits you to create and silence alerts in the *Developer* perspective in the web console.
 
 .Procedure
 
-To silence a specific alert:
+To silence a specific alert in the *Administrator* perspective:
 
-* In the *Administrator* perspective:
+. Go to *Observe* -> *Alerting* -> *Alerts* in the {product-title} web console.
 
-. Navigate to the *Observe* -> *Alerting* -> *Alerts* page of the {product-title} web console.
+. For the alert that you want to silence, click {kebab} and select *Silence alert* to open the *Silence alert* page with a default configuration for the chosen alert.
 
-. For the alert that you want to silence, select the {kebab} in the right-hand column and select *Silence Alert*. The *Silence Alert* form will appear with a pre-populated specification for the chosen alert.
+. Optional: Change the default configuration details for the silence.
++
+[NOTE]
+====
+You must add a comment before saving a silence.
+====
 
-. Optional: Modify the silence.
+. To save the silence, click *Silence*.
 
-. You must add a comment before creating the silence.
+To silence a specific alert in the *Developer* perspective:
 
-. To create the silence, select *Silence*.
+. Go to *Observe* -> *<project_name>* -> *Alerts* in the {product-title} web console.
 
-* In the *Developer* perspective:
+. If necessary, expand the details for the alert by selecting *>* next to the alert name.
 
-. Navigate to the *Observe* -> *<project_name>* -> *Alerts* page in the {product-title} web console.
+. Click the alert message in the expanded view to open the *Alert details* page for the alert.
 
-. Expand the details for an alert by selecting *>* to the left of the alert name. Select the name of the alert in the expanded view to open the *Alert Details* page for the alert.
+. Click *Silence alert* to open the *Silence alert* page with a default configuration for the alert.
 
-. Select *Silence Alert*. The *Silence Alert* form will appear with a prepopulated specification for the chosen alert.
+. Optional: Change the default configuration details for the silence.
++
+[NOTE]
+====
+You must add a comment before saving a silence.
+====
 
-. Optional: Modify the silence.
+. To save the silence, click *Silence*.
 
-. You must add a comment before creating the silence.
+To silence a set of alerts by creating a silence configuration in the *Administrator* perspective:
 
-. To create the silence, select *Silence*.
+. Go to *Observe* -> *Alerting* -> *Silences* in the {product-title} web console.
 
-To silence a set of alerts by creating an alert specification in the *Administrator* perspective:
+. Click *Create silence*.
 
-. Navigate to the *Observe* -> *Alerting* -> *Silences* page in the {product-title} web console.
+. On the *Create silence* page, set the schedule, duration, and label details for an alert.
++
+[NOTE]
+====
+You must add a comment before saving a silence.
+====
 
-. Select *Create Silence*.
+. To create silences for alerts that match the labels that you entered, click *Silence*.
 
-. Set the schedule, duration, and label details for an alert in the *Create Silence* form. You must also add a comment for the silence.
+To silence a set of alerts by creating a silence configuration in the *Developer* perspective:
 
-. To create silences for alerts that match the label sectors that you entered in the previous step, select *Silence*.
+. Go to *Observe* -> *<project_name>* -> *Silences* in the {product-title} web console.
+
+. Click *Create silence*.
+
+. On the *Create silence* page, set the duration and label details for an alert.
++
+[NOTE]
+====
+You must add a comment before saving a silence.
+====
+
+. To create silences for alerts that match the labels that you entered, click *Silence*.
diff --git a/modules/monitoring-specifying-how-a-service-is-monitored-by-cluster-observability-operator.adoc b/modules/monitoring-specifying-how-a-service-is-monitored-by-cluster-observability-operator.adoc
new file mode 100644
index 000000000000..508fbcef6449
--- /dev/null
+++ b/modules/monitoring-specifying-how-a-service-is-monitored-by-cluster-observability-operator.adoc
@@ -0,0 +1,71 @@
+// Module included in the following assemblies:
+//
+// monitoring/cluster-observability-operator/configuring-the-cluster-observability-operator-to-monitor-a-service.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="specifying-how-a-service-is-monitored-by-cluster-observability-operator_{context}"]
+= Specifying how a service is monitored by {coo-full}
+
+To use the metrics exposed by the sample service you created in the "Deploying a sample service for {coo-full}" section, you must configure monitoring components to scrape metrics from the `/metrics` endpoint. 
+
+You can create this configuration by using a `ServiceMonitor` object that specifies how the service is to be monitored, or a `PodMonitor` object that specifies how a pod is to be monitored. 
+The `ServiceMonitor` object requires a `Service` object. The `PodMonitor` object does not, which enables the `MonitoringStack` object to scrape metrics directly from the metrics endpoint exposed by a pod.
+
+This procedure shows how to create a `ServiceMonitor` object for a sample service named `prometheus-coo-example-app` in the `ns1-coo` namespace.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` cluster role or as a user with administrative permissions for the namespace.
+* You have installed the {coo-full}.
+* You have deployed the `prometheus-coo-example-app` sample service in the `ns1-coo` namespace.
++
+[NOTE]
+====
+The `prometheus-coo-example-app` sample service does not support TLS authentication. 
+====
+
+.Procedure
+
+. Create a YAML file named `example-coo-app-service-monitor.yaml` that contains the following `ServiceMonitor` object configuration details:
++
+[source,yaml]
+----
+apiVersion: monitoring.rhobs/v1alpha1
+kind: ServiceMonitor
+metadata:
+  labels:
+    k8s-app: prometheus-coo-example-monitor
+  name: prometheus-coo-example-monitor
+  namespace: ns1-coo
+spec:
+  endpoints:
+  - interval: 30s
+    port: web
+    scheme: http
+  selector:
+    matchLabels:
+      app: prometheus-coo-example-app
+----
++
+This configuration defines a `ServiceMonitor` object that the `MonitoringStack` object will reference to scrape the metrics data exposed by the `prometheus-coo-example-app` sample service.
+
+. Apply the configuration to the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f example-app-service-monitor.yaml
+----
+
+. Verify that the `ServiceMonitor` resource is created by running the following command and observing the output:
++
+[source,terminal]
+----
+$ oc -n ns1-coo get servicemonitor
+----
++
+.Example output
+[source,terminal]
+----
+NAME                         AGE
+prometheus-coo-example-monitor   81m
+----
diff --git a/modules/monitoring-specifying-how-a-service-is-monitored.adoc b/modules/monitoring-specifying-how-a-service-is-monitored.adoc
index 182b2bc7dd12..609c6166f888 100644
--- a/modules/monitoring-specifying-how-a-service-is-monitored.adoc
+++ b/modules/monitoring-specifying-how-a-service-is-monitored.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/managing-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specifying-how-a-service-is-monitored_{context}"]
 = Specifying how a service is monitored
 
@@ -13,8 +13,13 @@ This procedure shows you how to create a `ServiceMonitor` resource for a service
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role or the `monitoring-edit` role.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` cluster role or the `monitoring-edit` cluster role.
 * You have enabled monitoring for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role or the `monitoring-edit` role.
+endif::openshift-dedicated,openshift-rosa[]
 * For this example, you have deployed the `prometheus-example-app` sample service in the `ns1` project.
 +
 [NOTE]
@@ -48,7 +53,7 @@ spec:
 ----
 +
 This defines a `ServiceMonitor` resource that scrapes the metrics exposed by the `prometheus-example-app` sample service, which includes the `version` metric.
-+ 
++
 [NOTE]
 ====
 A `ServiceMonitor` resource in a user-defined namespace can only discover services in the same namespace. That is, the `namespaceSelector` field of the `ServiceMonitor` resource is always ignored.
diff --git a/modules/monitoring-specifying-limits-and-requests-for-monitoring-components.adoc b/modules/monitoring-specifying-limits-and-requests-for-monitoring-components.adoc
new file mode 100644
index 000000000000..f0479d13f459
--- /dev/null
+++ b/modules/monitoring-specifying-limits-and-requests-for-monitoring-components.adoc
@@ -0,0 +1,148 @@
+// Module included in the following assemblies:
+//
+// * monitoring/configuring-the-monitoring-stack.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="specifying-limits-and-resource-requests-for-monitoring-components_{context}"]
+= Specifying limits and requests for monitoring components 
+
+To configure CPU and memory resources, specify values for resource limits and requests in the appropriate `ConfigMap` object for the namespace in which the monitoring component is located:
+
+* The `cluster-monitoring-config` config map in the `openshift-monitoring` namespace for core platform monitoring
+* The `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace for components that monitor user-defined projects
+
+.Prerequisites
+
+* *If you are configuring core platform monitoring components*:
+** You have access to the cluster as a user with the `cluster-admin` cluster role.
+** You have created a `ConfigMap` object named `cluster-monitoring-config`.
+* *If you are configuring components that monitor user-defined projects*:
+** You have access to the cluster as a user with the `cluster-admin` cluster role, or as a user with the `user-workload-monitoring-config-edit` role in the `openshift-user-workload-monitoring` project.
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. To configure core platform monitoring components, edit the `cluster-monitoring-config` config map object in the `openshift-monitoring` namespace:
++
+[source,terminal]
+----
+$ oc -n openshift-monitoring edit configmap cluster-monitoring-config
+----
+
+. Add values to define resource limits and requests for each core platform monitoring component you want to configure.
++
+[IMPORTANT]
+====
+Make sure that the value set for a limit is always higher than the value set for a request.
+Otherwise, an error will occur, and the container will not run.
+====
++
+.Example
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-monitoring-config
+  namespace: openshift-monitoring
+data:
+  config.yaml: |
+    alertmanagerMain:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    prometheusK8s:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 3Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    prometheusOperator:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    k8sPrometheusAdapter:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    kubeStateMetrics:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    telemeterClient:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    openshiftStateMetrics:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    thanosQuerier:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    nodeExporter:
+      resources:
+        limits:
+          cpu: 50m
+          memory: 150Mi
+        requests:
+          cpu: 20m
+          memory: 50Mi
+    monitoringPlugin:
+      resources:
+        limits:
+          cpu: 500m
+          memory: 1Gi
+        requests:
+          cpu: 200m
+          memory: 500Mi
+    prometheusOperatorAdmissionWebhook:
+      resources:
+        limits:
+          cpu: 50m
+          memory: 100Mi
+        requests:
+          cpu: 20m
+          memory: 50Mi
+----
+
+. Save the file to apply the changes automatically.
++
+[IMPORTANT]
+====
+When you save changes to the `cluster-monitoring-config` config map, the pods and other resources in the `openshift-monitoring` project might be redeployed.
+The running monitoring processes in that project might also restart.
+====
+
diff --git a/modules/monitoring-support-considerations.adoc b/modules/monitoring-support-considerations.adoc
index 7b68ac992639..afe0960c6ccc 100644
--- a/modules/monitoring-support-considerations.adoc
+++ b/modules/monitoring-support-considerations.adoc
@@ -2,29 +2,35 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="support-considerations_{context}"]
 = Support considerations for monitoring
 
 The following modifications are explicitly not supported:
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * *Creating additional `ServiceMonitor`, `PodMonitor`, and `PrometheusRule` objects in the `openshift-&#42;` and `kube-&#42;` projects.*
 * *Modifying any resources or objects deployed in the `openshift-monitoring` or `openshift-user-workload-monitoring` projects.* The resources created by the {product-title} monitoring stack are not meant to be used by any other resources, as there are no guarantees about their backward compatibility.
 +
 [NOTE]
 ====
-The Alertmanager configuration is deployed as a secret resource in the `openshift-monitoring` namespace. 
-If you have enabled a separate Alertmanager instance for user-defined alert routing, an Alertmanager configuration is also deployed as a secret resource in the `openshift-user-workload-monitoring` namespace. 
-To configure additional routes for any instance of Alertmanager, you need to decode, modify, and then encode that secret. 
+The Alertmanager configuration is deployed as a secret resource in the `openshift-monitoring` namespace.
+If you have enabled a separate Alertmanager instance for user-defined alert routing, an Alertmanager configuration is also deployed as a secret resource in the `openshift-user-workload-monitoring` namespace.
+To configure additional routes for any instance of Alertmanager, you need to decode, modify, and then encode that secret.
 This procedure is a supported exception to the preceding statement.
 ====
 +
 * *Modifying resources of the stack.* The {product-title} monitoring stack ensures its resources are always in the state it expects them to be. If they are modified, the stack will reset them.
 * *Deploying user-defined workloads to `openshift-&#42;`, and `kube-&#42;` projects.* These projects are reserved for Red Hat provided components and they should not be used for user-defined workloads.
-* *Installing custom Prometheus instances on {product-title}.* A custom instance is a Prometheus custom resource (CR) managed by the Prometheus Operator.
 * *Enabling symptom based monitoring by using the `Probe` custom resource definition (CRD) in Prometheus Operator.*
 
 [NOTE]
 ====
 Backward compatibility for metrics, recording rules, or alerting rules is not guaranteed.
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+* *Installing custom Prometheus instances on {product-title}.* A custom instance is a Prometheus custom resource (CR) managed by the Prometheus Operator.
+ifdef::openshift-dedicated,openshift-rosa[]
+* *Modifying the default platform monitoring components.* You should not modify any of the components defined in the `cluster-monitoring-config` config map. Red Hat SRE uses these components to monitor the core cluster components and Kubernetes services.
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/monitoring-supported-remote-write-authentication-settings.adoc b/modules/monitoring-supported-remote-write-authentication-settings.adoc
index 4ea59cca00fa..f217b9e82d75 100644
--- a/modules/monitoring-supported-remote-write-authentication-settings.adoc
+++ b/modules/monitoring-supported-remote-write-authentication-settings.adoc
@@ -2,13 +2,11 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="supported_remote_write_authentication_settings_{context}"]
 = Supported remote write authentication settings
 
-You can use different methods to authenticate with a remote write endpoint.
-Currently supported authentication methods are AWS Signature Version 4, Basic authentication, authentication using HTTP in an `Authorization` request header, OAuth 2.0, and TLS client.
-The following table provides details about supported authentication methods for use with remote write.
+You can use different methods to authenticate with a remote write endpoint. Currently supported authentication methods are AWS Signature Version 4, basic authentication, authorization, OAuth 2.0, and TLS client. The following table provides details about supported authentication methods for use with remote write.
 
 [options="header"]
 |===
@@ -30,285 +28,3 @@ You cannot use this method simultaneously with authorization, AWS Signature Vers
 The sample configuration assumes that you have already created a CA certificate file, a client certificate file, and a client key file.
 
 |===
-
-== Config map location for authentication settings
-The following shows the location of the authentication configuration in the `ConfigMap` object for default platform monitoring.
-
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    prometheusK8s:
-      remoteWrite:
-      - url: "https://remote-write-endpoint.example.com" <1>
-        <endpoint_authentication_details> <2>
-----
-<1> The URL of the remote write endpoint.
-<2> The required configuration details for the authentication method for the endpoint.
-Currently supported authentication methods are Amazon Web Services (AWS) Signature Version 4, authentication using HTTP in an `Authorization` request header, Basic authentication, OAuth 2.0, and TLS client.
-
-[NOTE]
-====
-If you configure remote write for the Prometheus instance that monitors user-defined projects, edit the `user-workload-monitoring-config` config map in the `openshift-user-workload-monitoring` namespace.
-Note that the Prometheus config map component is called `prometheus` in the `user-workload-monitoring-config` `ConfigMap` object and not `prometheusK8s`, as it is in the `cluster-monitoring-config` `ConfigMap` object.
-====
-
-== Example remote write authentication settings
-
-The following samples show different authentication settings you can use to connect to a remote write endpoint.
-Each sample also shows how to configure a corresponding `Secret` object that contains authentication credentials and other relevant settings.
-Each sample configures authentication for use with default platform monitoring in the `openshift-monitoring` namespace.
-
-.Sample YAML for AWS Signature Version 4 authentication
-
-The following shows the settings for a `sigv4` secret named `sigv4-credentials` in the `openshift-monitoring` namespace.
-
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: sigv4-credentials
-  namespace: openshift-monitoring
-stringData:
-  accessKey: <AWS_access_key> <1>
-  secretKey: <AWS_secret_key> <2>
-type: Opaque
-----
-<1> The AWS API access key.
-<2> The AWS API secret key.
-
-The following shows sample AWS Signature Version 4 remote write authentication settings that use a `Secret` object named `sigv4-credentials` in the `openshift-monitoring` namespace:
-
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    prometheusK8s:
-      remoteWrite:
-      - url: "https://authorization.example.com/api/write"
-        sigv4:
-          region: <AWS_region> <1>
-          accessKey:
-            name: sigv4-credentials <2>
-            key: accessKey <3>
-          secretKey:
-            name: sigv4-credentials <2>
-            key: secretKey <4>
-          profile: <AWS_profile_name> <5>
-          roleArn: <AWS_role_arn> <6>
-----
-<1> The AWS region.
-<2> The name of the `Secret` object containing the AWS API access credentials.
-<3> The key that contains the AWS API access key in the specified `Secret` object.
-<4> The key that contains the AWS API secret key in the specified `Secret` object.
-<5> The name of the AWS profile that is being used to authenticate.
-<6> The unique identifier for the Amazon Resource Name (ARN) assigned to your role.
-
-.Sample YAML for Basic authentication
-
-The following shows sample Basic authentication settings for a `Secret` object named `rw-basic-auth` in the `openshift-monitoring` namespace:
-
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rw-basic-auth
-  namespace: openshift-monitoring
-stringData:
-  user: <basic_username> <1>
-  password: <basic_password> <2>
-type: Opaque
-----
-<1> The username.
-<2> The password.
-
-The following sample shows a `basicAuth` remote write configuration that uses a `Secret` object named `rw-basic-auth` in the `openshift-monitoring` namespace.
-It assumes that you have already set up authentication credentials for the endpoint.
-
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    prometheusK8s:
-      remoteWrite:
-      - url: "https://basicauth.example.com/api/write"
-        basicAuth:
-          username:
-            name: rw-basic-auth <1>
-            key: user <2>
-          password:
-            name: rw-basic-auth <1>
-            key: password <3>
-----
-<1> The name of the `Secret` object that contains the authentication credentials.
-<2> The key that contains the username  in the specified `Secret` object.
-<3> The key that contains the password in the specified `Secret` object.
-
-.Sample YAML for authentication with a bearer token using a `Secret` Object
-
-The following shows bearer token settings for a `Secret` object named `rw-bearer-auth` in the `openshift-monitoring` namespace:
-
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rw-bearer-auth
-  namespace: openshift-monitoring
-stringData:
-  token: <authentication_token> <1>
-type: Opaque
-----
-<1> The authentication token.
-
-The following shows sample bearer token config map settings that use a `Secret` object named `rw-bearer-auth` in the `openshift-monitoring` namespace:
-
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    enableUserWorkload: true
-    prometheusK8s:
-      remoteWrite:
-      - url: "https://authorization.example.com/api/write"
-        authorization:
-          type: Bearer <1>
-          credentials:
-            name: rw-bearer-auth <2>
-            key: token <3>
-----
-<1> The authentication type of the request. The default value is `Bearer`.
-<2> The name of the `Secret` object that contains the authentication credentials.
-<3> The key that contains the authentication token in the specified `Secret` object.
-
-.Sample YAML for OAuth 2.0 authentication
-
-The following shows sample OAuth 2.0 settings for a `Secret` object named `oauth2-credentials` in the `openshift-monitoring` namespace:
-
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: oauth2-credentials
-  namespace: openshift-monitoring
-stringData:
-  id: <oauth2_id> <1>
-  secret: <oauth2_secret> <2>
-  token: <oauth2_authentication_token> <3>
-type: Opaque
-----
-<1> The Oauth 2.0 ID.
-<2> The OAuth 2.0 secret.
-<3> The OAuth 2.0 token.
-
-The following shows an `oauth2` remote write authentication sample configuration that uses a `Secret` object named `oauth2-credentials` in the `openshift-monitoring` namespace:
-
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    prometheusK8s:
-      remoteWrite:
-      - url: "https://test.example.com/api/write"
-        oauth2:
-          clientId:
-            secret:
-              name: oauth2-credentials <1>
-              key: id <2>
-          clientSecret:
-            name: oauth2-credentials <1>
-            key: secret <2>
-          tokenUrl: https://example.com/oauth2/token <3>
-          scopes: <4>
-          - <scope_1>
-          - <scope_2>
-          endpointParams: <5>
-            param1: <parameter_1>
-            param2: <parameter_2>
-----
-<1> The name of the corresponding `Secret` object. Note that `ClientId` can alternatively refer to a `ConfigMap` object, although `clientSecret` must refer to a `Secret` object.
-<2> The key that contains the OAuth 2.0 credentials in the specified `Secret` object.
-<3> The URL used to fetch a token with the specified `clientId` and `clientSecret`.
-<4> The OAuth 2.0 scopes for the authorization request. These scopes limit what data the tokens can access.
-<5> The OAuth 2.0 authorization request parameters required for the authorization server.
-
-.Sample YAML for TLS client authentication
-
-The following shows sample TLS client settings for a `tls` `Secret` object named `mtls-bundle` in the `openshift-monitoring` namespace.
-
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mtls-bundle
-  namespace: openshift-monitoring
-data:
-  ca.crt: <ca_cert> <1>
-  client.crt: <client_cert> <2>
-  client.key: <client_key> <3>
-type: tls
-----
-<1> The CA certificate in the Prometheus container with which to validate the server certificate.
-<2> The client certificate for authentication with the server.
-<3> The client key.
-
-The following sample shows a `tlsConfig` remote write authentication configuration that uses a TLS `Secret` object named `mtls-bundle`.
-
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    prometheusK8s:
-      remoteWrite:
-      - url: "https://remote-write-endpoint.example.com"
-        tlsConfig:
-          ca:
-            secret:
-              name: mtls-bundle <1>
-              key: ca.crt <2>
-          cert:
-            secret:
-              name: mtls-bundle <1>
-              key: client.crt <3>
-          keySecret:
-            name: mtls-bundle <1>
-            key: client.key <4>
-----
-<1> The name of the corresponding `Secret` object that contains the TLS authentication credentials. Note that `ca` and `cert` can alternatively refer to a `ConfigMap` object, though `keySecret` must refer to a `Secret` object.
-<2> The key in the specified `Secret` object that contains the CA certificate for the endpoint.
-<3> The key in the specified `Secret` object that contains the client certificate for the endpoint.
-<4> The key in the specified `Secret` object that contains the client key secret.
diff --git a/modules/monitoring-targets-for-user-defined-projects.adoc b/modules/monitoring-targets-for-user-defined-projects.adoc
index 4d78d9a1f89c..eafabcff967f 100644
--- a/modules/monitoring-targets-for-user-defined-projects.adoc
+++ b/modules/monitoring-targets-for-user-defined-projects.adoc
@@ -2,11 +2,17 @@
 //
 // * monitoring/monitoring-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="monitoring-targets-for-user-defined-projects_{context}"]
 = Monitoring targets for user-defined projects
 
+ifndef::openshift-dedicated,openshift-rosa[]
 When monitoring is enabled for user-defined projects, you can monitor:
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+Monitoring is enabled by default for {product-title} user-defined projects. You can monitor:
+endif::openshift-dedicated,openshift-rosa[]
 
 * Metrics provided through service endpoints in user-defined projects.
 * Pods running in user-defined projects.
diff --git a/modules/monitoring-tips-for-optimizing-alerting-rules-for-core-platform-monitoring.adoc b/modules/monitoring-tips-for-optimizing-alerting-rules-for-core-platform-monitoring.adoc
new file mode 100644
index 000000000000..d982b0b09ad1
--- /dev/null
+++ b/modules/monitoring-tips-for-optimizing-alerting-rules-for-core-platform-monitoring.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * monitoring/managing-alerts.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="tips-for-optimizing-alerting-rules-for-core-platform-monitoring_{context}"]
+= Tips for optimizing alerting rules for core platform monitoring
+
+If you customize core platform alerting rules to meet your organization's specific needs, follow these guidelines to help ensure that the customized rules are efficient and effective.
+
+* *Minimize the number of new rules*.
+Create only rules that are essential to your specific requirements.
+By minimizing the number of rules, you create a more manageable and focused alerting system in your monitoring environment.
+
+* *Focus on symptoms rather than causes*.
+Create rules that notify users of symptoms instead of underlying causes.
+This approach ensures that users are promptly notified of a relevant symptom so that they can investigate the root cause after an alert has triggered.
+This tactic also significantly reduces the overall number of rules you need to create.
+
+* *Plan and assess your needs before implementing changes*.
+First, decide what symptoms are important and what actions you want users to take if these symptoms occur.
+Then, assess existing rules and decide if you can modify any of them to meet your needs instead of creating entirely new rules for each symptom.
+By modifying existing rules and creating new ones judiciously, you help to streamline your alerting system.
+
+* *Provide clear alert messaging*.
+When you create alert messages, describe the symptom, possible causes, and recommended actions.
+Include unambiguous, concise explanations along with troubleshooting steps or links to more information.
+Doing so helps users quickly assess the situation and respond appropriately.
+
+* *Include severity levels*.
+Assign severity levels to your rules to indicate how a user needs to react when a symptom occurs and triggers an alert.
+For example, classifying an alert as *Critical* signals that an individual or a critical response team needs to respond immediately.
+By defining severity levels, you help users know how to respond to an alert and help ensure that the most urgent issues receive prompt attention.
diff --git a/modules/monitoring-understanding-alert-routing-for-user-defined-projects.adoc b/modules/monitoring-understanding-alert-routing-for-user-defined-projects.adoc
index 9d8ceb688823..edb2e2dfbb20 100644
--- a/modules/monitoring-understanding-alert-routing-for-user-defined-projects.adoc
+++ b/modules/monitoring-understanding-alert-routing-for-user-defined-projects.adoc
@@ -2,29 +2,43 @@
 //
 // * monitoring/enabling-alert-routing-for-user-defined-projects.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-alert-routing-for-user-defined-projects_{context}"]
 = Understanding alert routing for user-defined projects
 
 [role="_abstract"]
-As a cluster administrator, you can enable alert routing for user-defined projects. 
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator, you can enable alert routing for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As a `dedicated-admin`, you can enable alert routing for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
 With this feature, you can allow users with the **alert-routing-edit** role to configure alert notification routing and receivers for user-defined projects.
+ifndef::openshift-dedicated,openshift-rosa[]
 These notifications are routed by the default Alertmanager instance or, if enabled, an optional Alertmanager instance dedicated to user-defined monitoring.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+These notifications are routed by an Alertmanager instance dedicated to user-defined monitoring.
+endif::openshift-dedicated,openshift-rosa[]
 
 Users can then create and configure user-defined alert routing by creating or editing the `AlertmanagerConfig` objects for their user-defined projects without the help of an administrator.
 
+ifndef::openshift-dedicated,openshift-rosa[]
 After a user has defined alert routing for a user-defined project, user-defined alert notifications are routed as follows:
 
 * To the `alertmanager-main` pods in the `openshift-monitoring` namespace if using the default platform Alertmanager instance.
 
-* To the `alertmanager-user-workload` pods in the `openshift-user-workload-monitoring` namespace if you have enabled a separate instance of Alertmanager for user-defined projects. 
+* To the `alertmanager-user-workload` pods in the `openshift-user-workload-monitoring` namespace if you have enabled a separate instance of Alertmanager for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+After a user has defined alert routing for a user-defined project, user-defined alert notifications are routed to the `alertmanager-user-workload` pods in the `openshift-user-workload-monitoring` namespace.
+endif::openshift-dedicated,openshift-rosa[]
 
 [NOTE]
 ====
 The following are limitations of alert routing for user-defined projects:
 
-* For user-defined alerting rules, user-defined routing is scoped to the namespace in which the resource is defined.
-For example, a routing configuration in namespace `ns1` only applies to `PrometheusRules` resources in the same namespace.
+* For user-defined alerting rules, user-defined routing is scoped to the namespace in which the resource is defined. For example, a routing configuration in namespace `ns1` only applies to `PrometheusRules` resources in the same namespace.
 
 * When a namespace is excluded from user-defined monitoring, `AlertmanagerConfig` resources in the namespace cease to be part of the Alertmanager configuration.
-====
\ No newline at end of file
+====
diff --git a/modules/monitoring-understanding-metrics.adoc b/modules/monitoring-understanding-metrics.adoc
index cbca81148aa9..a66146f6142b 100644
--- a/modules/monitoring-understanding-metrics.adoc
+++ b/modules/monitoring-understanding-metrics.adoc
@@ -2,16 +2,22 @@
 //
 // * monitoring/managing-metrics.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-metrics_{context}"]
 = Understanding metrics
 
 [role="_abstract"]
-In {product-title} {product-version}, cluster components are monitored by scraping metrics exposed through service endpoints. You can also configure metrics collection for user-defined projects.
+ifndef::openshift-dedicated,openshift-rosa[]
+In {product-title} {product-version},
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+In {product-title},
+endif::openshift-dedicated,openshift-rosa[]
+cluster components are monitored by scraping metrics exposed through service endpoints. You can also configure metrics collection for user-defined projects. Metrics enable you to monitor how cluster components and your own workloads are performing.
 
 You can define the metrics that you want to provide for your own workloads by using Prometheus client libraries at the application level.
 
-In {product-title}, metrics are exposed through an HTTP service endpoint under the `/metrics` canonical name. You can list all available metrics for a service by running a `curl` query against `\http://<endpoint>/metrics`. For instance, you can expose a route to the `prometheus-example-app` example service and then run the following to view all of its available metrics:
+In {product-title}, metrics are exposed through an HTTP service endpoint under the `/metrics` canonical name. You can list all available metrics for a service by running a `curl` query against `\http://<endpoint>/metrics`. For instance, you can expose a route to the `prometheus-example-app` example application and then run the following to view all of its available metrics:
 
 [source,terminal]
 ----
diff --git a/modules/monitoring-understanding-the-cluster-observability-operator.adoc b/modules/monitoring-understanding-the-cluster-observability-operator.adoc
new file mode 100644
index 000000000000..87dbb82efaab
--- /dev/null
+++ b/modules/monitoring-understanding-the-cluster-observability-operator.adoc
@@ -0,0 +1,32 @@
+//Module included in the following assemblies:
+//
+// monitoring/cluster_observability_operator/cluster-observability-operator-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="understanding-the-cluster-observability-operator_{context}"]
+= Understanding the {coo-full}
+
+A default monitoring stack created by the {coo-first} includes a highly available Prometheus instance capable of sending metrics to an external endpoint by using remote write.
+
+Each {coo-short} stack also includes an optional Thanos Querier component, which you can use to query a highly available Prometheus instance from a central location, and an optional Alertmanager component, which you can use to set up alert configurations for different services.
+
+[id="advantages-of-using-cluster-observability-operator_{context}"]
+== Advantages of using the {coo-full}
+
+The `MonitoringStack` CRD used by the {coo-short} offers an opinionated default monitoring configuration for {coo-short}-deployed monitoring components, but you can customize it to suit more complex requirements.
+
+Deploying a {coo-short}-managed monitoring stack can help meet monitoring needs that are difficult or impossible to address by using the core platform monitoring stack deployed by the Cluster Monitoring Operator (CMO).
+A monitoring stack deployed using {coo-short} has the following advantages over core platform and user workload monitoring:
+
+Extendability:: Users can add more metrics to a {coo-short}-deployed monitoring stack, which is not possible with core platform monitoring without losing support.
+In addition, {coo-short}-managed stacks can receive certain cluster-specific metrics from core platform monitoring by using federation.
+Multi-tenancy support:: The {coo-short} can create a monitoring stack per user namespace.
+You can also deploy multiple stacks per namespace or a single stack for multiple namespaces.
+For example, cluster administrators, SRE teams, and development teams can all deploy their own monitoring stacks on a single cluster, rather than having to use a single shared stack of monitoring components.
+Users on different teams can then independently configure features such as separate alerts, alert routing, and alert receivers for their applications and services.
+Scalability:: You can create {coo-short}-managed monitoring stacks as needed.
+Multiple monitoring stacks can run on a single cluster, which can facilitate the monitoring of very large clusters by using manual sharding. This ability addresses cases where the number of metrics exceeds the monitoring capabilities of a single Prometheus instance.
+Flexibility:: Deploying the {coo-short} with Operator Lifecycle Manager (OLM) decouples {coo-short} releases from {product-title} release cycles.
+This method of deployment enables faster release iterations and the ability to respond rapidly to changing requirements and issues.
+Additionally, by deploying a {coo-short}-managed monitoring stack, users can manage alerting rules independently of {product-title} release cycles.
+Highly customizable:: The {coo-short} can delegate ownership of single configurable fields in custom resources to users by using Server-Side Apply (SSA), which enhances customization.
diff --git a/modules/monitoring-understanding-the-monitoring-stack.adoc b/modules/monitoring-understanding-the-monitoring-stack.adoc
index 0d3208e2eab5..5de4d5d9624c 100644
--- a/modules/monitoring-understanding-the-monitoring-stack.adoc
+++ b/modules/monitoring-understanding-the-monitoring-stack.adoc
@@ -7,14 +7,33 @@
 // can be re-used in associated products but the title is not
 // included in the existing OpenShift assembly.
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-the-monitoring-stack_{context}"]
 = Understanding the monitoring stack
 
-The {product-title} monitoring stack is based on the link:https://prometheus.io/[Prometheus] open source project and its wider ecosystem. The monitoring stack includes the following:
+The {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+monitoring stack is based on the link:https://prometheus.io/[Prometheus] open source project and its wider ecosystem. The monitoring stack includes the following:
 
-* *Default platform monitoring components*. A set of platform monitoring components are installed in the `openshift-monitoring` project by default during an {product-title} installation. This provides monitoring for core {product-title} components including Kubernetes services. The default monitoring stack also enables remote health monitoring for clusters. These components are illustrated in the *Installed by default* section in the following diagram.
+* *Default platform monitoring components*.
+ifndef::openshift-dedicated,openshift-rosa[]
+A set of platform monitoring components are installed in the `openshift-monitoring` project by default during an OpenShift Container Platform installation. This provides monitoring for core cluster components including Kubernetes services. The default monitoring stack also enables remote health monitoring for clusters.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+A set of platform monitoring components are installed in the `openshift-monitoring` project by default during a {product-title} installation. Red Hat Site Reliability Engineers (SRE) use these components to monitor core cluster components including Kubernetes services. This includes critical metrics, such as CPU and memory, collected from all of the workloads in every namespace.
+endif::openshift-dedicated,openshift-rosa[]
++
+These components are illustrated in the *Installed by default* section in the following diagram.
 
-* *Components for monitoring user-defined projects*. After optionally enabling monitoring for user-defined projects, additional monitoring components are installed in the `openshift-user-workload-monitoring` project. This provides monitoring for user-defined projects. These components are illustrated in the *User* section in the following diagram.
+* *Components for monitoring user-defined projects*.
+ifndef::openshift-dedicated,openshift-rosa[]
+After optionally enabling monitoring for user-defined projects, additional monitoring components are installed in the `openshift-user-workload-monitoring` project. This provides monitoring for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+A set of user-defined project monitoring components are installed in the `openshift-user-workload-monitoring` project by default during a {product-title} installation. You can use these components to monitor services and pods in user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+These components are illustrated in the *User* section in the following diagram.
 
 image:monitoring-architecture.png[{product-title} monitoring architecture]
diff --git a/modules/monitoring-uninstalling-cluster-observability-operator-using-the-web-console.adoc b/modules/monitoring-uninstalling-cluster-observability-operator-using-the-web-console.adoc
new file mode 100644
index 000000000000..4327ec36667e
--- /dev/null
+++ b/modules/monitoring-uninstalling-cluster-observability-operator-using-the-web-console.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+
+// * monitoring/cluster_observability_operator/installing-the-cluster-observability-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="uninstalling-the-cluster-observability-operator-using-the-web-console_{context}"]
+= Uninstalling the {coo-full} using the web console
+If you have installed the {coo-first} by using OperatorHub, you can uninstall it in the {product-title} web console.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` cluster role.
+* You have logged in to the {product-title} web console.
+
+.Procedure
+
+. Go to *Operators* -> *Installed Operators*.
+
+. Locate the *{coo-full}* entry in the list.
+
+. Click {kebab} for this entry and select *Uninstall Operator*.
diff --git a/modules/monitoring-unmanaged-monitoring-operators.adoc b/modules/monitoring-unmanaged-monitoring-operators.adoc
index 9d3ba3631ece..9436195cc9de 100644
--- a/modules/monitoring-unmanaged-monitoring-operators.adoc
+++ b/modules/monitoring-unmanaged-monitoring-operators.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="unmanaged-monitoring-operators_{context}"]
 = Support policy for monitoring Operators
 
diff --git a/modules/monitoring-using-node-selectors-to-move-monitoring-components.adoc b/modules/monitoring-using-node-selectors-to-move-monitoring-components.adoc
index f1143b82555b..fcac608997e8 100644
--- a/modules/monitoring-using-node-selectors-to-move-monitoring-components.adoc
+++ b/modules/monitoring-using-node-selectors-to-move-monitoring-components.adoc
@@ -2,7 +2,7 @@
 //
 // * monitoring/configuring-the-monitoring-stack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="using-node-selectors-to-move-monitoring-components_{context}"]
 = Using node selectors to move monitoring components
 
diff --git a/modules/monitoring-viewing-a-list-of-available-metrics.adoc b/modules/monitoring-viewing-a-list-of-available-metrics.adoc
index a498d167c843..2c7682e58711 100644
--- a/modules/monitoring-viewing-a-list-of-available-metrics.adoc
+++ b/modules/monitoring-viewing-a-list-of-available-metrics.adoc
@@ -2,14 +2,14 @@
 //
 // * monitoring/managing-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-a-list-of-available-metrics_{context}"]
 = Viewing a list of available metrics
 
 As a cluster administrator or as a user with view permissions for all projects, you can view a list of metrics available in a cluster and output the list in JSON format.
 
 .Prerequisites
-* You are a cluster administrator, or you have access to the cluster as a user with the `cluster-monitoring-view` role.
+* You are a cluster administrator, or you have access to the cluster as a user with the `cluster-monitoring-view` cluster role.
 * You have installed the {product-title} CLI (`oc`).
 * You have obtained the {product-title} API route for Thanos Querier.
 * You are able to get a bearer token by using the `oc whoami -t` command.
diff --git a/modules/move-etcd-different-disk.adoc b/modules/move-etcd-different-disk.adoc
index affb0b3f5804..2b6ccb356d03 100644
--- a/modules/move-etcd-different-disk.adoc
+++ b/modules/move-etcd-different-disk.adoc
@@ -2,28 +2,42 @@
 //
 // * scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="move-etcd-different-disk_{context}"]
 = Moving etcd to a different disk
 
 You can move etcd from a shared disk to a separate disk to prevent or resolve performance issues.
 
-.Prerequisites
-
-*  The `MachineConfigPool` must match `metadata.labels[machineconfiguration.openshift.io/role]`. This applies to a controller, worker, or a custom pool.
-*  The node's auxiliary storage device, such as `/dev/sdb`, must match the sdb. Change this reference in all places in the file.
+The Machine Config Operator (MCO) is responsible for mounting a secondary disk for {product-title} {product-version} container storage.
 
 [NOTE]
 ====
 This procedure does not move parts of the root file system, such as `/var/`, to another disk or partition on an installed node.
 ====
 
-The Machine Config Operator (MCO) is responsible for mounting a secondary disk for an {product-title} {product-version} container storage.
+.Prerequisites
 
-Use the following steps to move etcd to a different device:
+* You have installed the {oc-first}.
+* You have access to the cluster with `cluster-admin` privileges.
+* The `MachineConfigPool` must match `metadata.labels[machineconfiguration.openshift.io/role]`. This applies to a controller, worker, or a custom pool.
 
 .Procedure
-.  Create a `machineconfig` YAML file named `etcd-mc.yml` and add the following information:
+
+. Attach the new disk to the cluster and verify that the disk is detected in the node by using the `lsblk` command in a debug shell:
++
+[source,terminal]
+----
+$ oc debug node/<node_name>
+----
++
+[source,terminal]
+----
+# lsblk
+----
++
+Note the device name of the new disk reported by the `lsblk` command.
+
+. Create a `MachineConfig` YAML file named `etcd-mc.yml` with contents such as the following, replacing instances of `<new_disk_name>` with the noted device name:
 +
 [source,yaml]
 ----
@@ -41,31 +55,31 @@ spec:
       units:
       - contents: |
           [Unit]
-          Description=Make File System on /dev/sdb
+          Description=Make File System on /dev/<new_disk_name>
           DefaultDependencies=no
-          BindsTo=dev-sdb.device
-          After=dev-sdb.device var.mount
-          Before=systemd-fsck@dev-sdb.service
+          BindsTo=dev-<new_disk_name>.device
+          After=dev-<new_disk_name>.device var.mount
+          Before=systemd-fsck@dev-<new_disk_name>.service
 
           [Service]
           Type=oneshot
           RemainAfterExit=yes
-          ExecStart=/usr/lib/systemd/systemd-makefs xfs /dev/sdb
+          ExecStart=/usr/lib/systemd/systemd-makefs xfs /dev/<new_disk_name>
           TimeoutSec=0
 
           [Install]
           WantedBy=var-lib-containers.mount
         enabled: true
-        name: systemd-mkfs@dev-sdb.service
+        name: systemd-mkfs@dev-<new_disk_name>.service
       - contents: |
           [Unit]
-          Description=Mount /dev/sdb to /var/lib/etcd
+          Description=Mount /dev/<new_disk_name> to /var/lib/etcd
           Before=local-fs.target
-          Requires=systemd-mkfs@dev-sdb.service
-          After=systemd-mkfs@dev-sdb.service var.mount
+          Requires=systemd-mkfs@dev-<new_disk_name>.service
+          After=systemd-mkfs@dev-<new_disk_name>.service var.mount
 
           [Mount]
-          What=/dev/sdb
+          What=/dev/<new_disk_name>
           Where=/var/lib/etcd
           Type=xfs
           Options=defaults,prjquota
@@ -111,42 +125,29 @@ spec:
           WantedBy=multi-user.target graphical.target
         enabled: true
         name: restorecon-var-lib-etcd.service
-
 ----
 
-. Create the machine configuration by entering the following commands:
+. Log in to the cluster as a user with `cluster-admin` privileges and create the machine configuration:
 +
 [source,terminal]
 ----
-$ oc login -u ${ADMIN} -p ${ADMINPASSWORD} ${API}
-... output omitted ...
+$ oc login -u <username> -p <password>
 ----
 +
 [source,terminal]
 ----
 $ oc create -f etcd-mc.yml
-machineconfig.machineconfiguration.openshift.io/98-var-lib-etcd created
-----
-+
-[source,terminal]
-----
-$ oc login -u ${ADMIN} -p ${ADMINPASSWORD} ${API}
- [... output omitted ...]
-----
-+
-[source, terminal]
-----
-$ oc create -f etcd-mc.yml machineconfig.machineconfiguration.openshift.io/98-var-lib-etcd created
 ----
 +
 The nodes are updated and rebooted. After the reboot completes, the following events occur:
 +
-*  An XFS file system is created on the specified disk.
-*  The disk mounts to `/var/lib/etc`.
-*  The content from `/sysroot/ostree/deploy/rhcos/var/lib/etcd` syncs to `/var/lib/etcd`.
-*  A restore of `SELinux` labels is forced for `/var/lib/etcd`.
-*  The old content is not removed.
-.  After the nodes are on a separate disk, update the machine configuration file, `etcd-mc.yml` with the following information:
+* An XFS file system is created on the specified disk.
+* The disk mounts to `/var/lib/etcd`.
+* The content from `/sysroot/ostree/deploy/rhcos/var/lib/etcd` syncs to `/var/lib/etcd`.
+* A restore of `SELinux` labels is forced for `/var/lib/etcd`.
+* The old content is not removed.
+
+. After the nodes are on a separate disk, update the `etcd-mc.yml` file with contents such as the following, replacing instances of `<new_disk_name>` with the noted device name:
 +
 [source,yaml]
 ----
@@ -164,13 +165,12 @@ spec:
       units:
       - contents: |
           [Unit]
-          Description=Mount /dev/sdb to /var/lib/etcd
+          Description=Mount /dev/<new_disk_name> to /var/lib/etcd
           Before=local-fs.target
-          Requires=systemd-mkfs@dev-sdb.service
-          After=systemd-mkfs@dev-sdb.service var.mount
+          After=var.mount
 
           [Mount]
-          What=/dev/sdb
+          What=/dev/<new_disk_name>
           Where=/var/lib/etcd
           Type=xfs
           Options=defaults,prjquota
@@ -180,11 +180,31 @@ spec:
         enabled: true
         name: var-lib-etcd.mount
 ----
-. Apply the modified version that removes the logic for creating and syncing the device by entering the following command:
+
+. Apply the modified version that removes the logic for creating and syncing the device to prevent the nodes from rebooting:
 +
 [source,terminal]
 ----
 $ oc replace -f etcd-mc.yml
 ----
+
+.Verification steps
+
+* Run the `grep <new_disk_name> /proc/mounts` command in a debug shell for the node to ensure that the disk mounted:
 +
-The previous step prevents the nodes from rebooting.
+[source,terminal]
+----
+$ oc debug node/<node_name>
+----
++
+[source,terminal]
+----
+# grep <new_disk_name> /proc/mounts
+----
++
+.Example output
++
+[source,terminal]
+----
+/dev/nvme1n1 /var/lib/etcd xfs rw,seclabel,relatime,attr2,inode64,logbufs=8,logbsize=32k,prjquota 0 0
+----
diff --git a/modules/multi-architecture-creating-arm64-bootimage.adoc b/modules/multi-architecture-creating-arm64-bootimage.adoc
index 369af56226b5..114e0f214329 100644
--- a/modules/multi-architecture-creating-arm64-bootimage.adoc
+++ b/modules/multi-architecture-creating-arm64-bootimage.adoc
@@ -2,33 +2,33 @@
 //
 //post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="multi-architecture-creating-arm64-bootimage_{context}"]
 
 = Creating an ARM64 boot image using the Azure image gallery
- 
-The following procedure describes how to manually generate an ARM64 boot image. 
- 
+
+The following procedure describes how to manually generate an ARM64 boot image.
+
 .Prerequisites
 
 * You installed the Azure CLI (`az`).
-* You created a single-architecture Azure installer-provisioned cluster with the multi-architecture installer binary. 
+* You created a single-architecture Azure installer-provisioned cluster with the multi-architecture installer binary.
 
 .Procedure
-. Log in to your Azure account: 
+. Log in to your Azure account:
 +
 [source,terminal]
 ----
 $ az login
 ----
-. Create a storage account and upload the `arm64` virtual hard disk (VHD) to your storage account. The {product-title} installation program creates a resource group, however, the boot image can also be uploaded to a custom named resource group: 
+. Create a storage account and upload the `arm64` virtual hard disk (VHD) to your storage account. The {product-title} installation program creates a resource group, however, the boot image can also be uploaded to a custom named resource group:
 +
 [source,terminal]
 ----
 $ az storage account create -n ${STORAGE_ACCOUNT_NAME} -g ${RESOURCE_GROUP} -l westus --sku Standard_LRS <1>
 ----
 +
-<1> The `westus` object is an example region. 
+<1> The `westus` object is an example region.
 +
 . Create a storage container using the storage account you generated:
 +
@@ -50,7 +50,7 @@ $ RHCOS_VHD_ORIGIN_URL=$(oc -n openshift-machine-config-operator get configmap/c
 ----
 $ BLOB_NAME=rhcos-$(oc -n openshift-machine-config-operator get configmap/coreos-bootimages -o jsonpath='{.data.stream}' | jq -r '.architectures.aarch64."rhel-coreos-extensions"."azure-disk".release')-azure.aarch64.vhd
 ----
-. Generate a shared access signature (SAS) token. Use this token to upload the {op-system} VHD to your storage container with the following commands: 
+. Generate a shared access signature (SAS) token. Use this token to upload the {op-system} VHD to your storage container with the following commands:
 +
 [source,terminal]
 ----
@@ -63,7 +63,7 @@ $ sas=`az storage container generate-sas -n ${CONTAINER_NAME} --account-name ${S
 ----
 . Copy the {op-system} VHD into the storage container:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ az storage blob copy start --account-name ${STORAGE_ACCOUNT_NAME} --sas-token "$sas" \
  --source-uri "${RHCOS_VHD_ORIGIN_URL}" \
@@ -92,21 +92,21 @@ $ az storage blob show -c ${CONTAINER_NAME} -n ${BLOB_NAME} --account-name ${STO
 }
 ----
 +
-<1> If the status parameter displays the `success` object, the copying process is complete. 
- 
+<1> If the status parameter displays the `success` object, the copying process is complete.
+
 . Create an image gallery using the following command:
 +
 [source,terminal]
 ----
 $ az sig create --resource-group ${RESOURCE_GROUP} --gallery-name ${GALLERY_NAME}
 ----
-Use the image gallery to create an image definition. In the following example command, `rhcos-arm64` is the name of the image definition. 
+Use the image gallery to create an image definition. In the following example command, `rhcos-arm64` is the name of the image definition.
 +
 [source,terminal]
 ----
 $ az sig image-definition create --resource-group ${RESOURCE_GROUP} --gallery-name ${GALLERY_NAME} --gallery-image-definition rhcos-arm64 --publisher RedHat --offer arm --sku arm64 --os-type linux --architecture Arm64 --hyper-v-generation V2
 ----
-. To get the URL of the VHD and set it to `RHCOS_VHD_URL` as the file name, run the following command: 
+. To get the URL of the VHD and set it to `RHCOS_VHD_URL` as the file name, run the following command:
 +
 [source,terminal]
 ----
@@ -118,7 +118,7 @@ $ RHCOS_VHD_URL=$(az storage blob url --account-name ${STORAGE_ACCOUNT_NAME} -c
 ----
 $ az sig image-version create --resource-group ${RESOURCE_GROUP} --gallery-name ${GALLERY_NAME} --gallery-image-definition rhcos-arm64 --gallery-image-version 1.0.0 --os-vhd-storage-account ${STORAGE_ACCOUNT_NAME} --os-vhd-uri ${RHCOS_VHD_URL}
 ----
-. Your `arm64` boot image is now generated. You can access the ID of your image with the following command: 
+. Your `arm64` boot image is now generated. You can access the ID of your image with the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/multi-architecture-enabling-64k-pages.adoc b/modules/multi-architecture-enabling-64k-pages.adoc
new file mode 100644
index 000000000000..43a14439473b
--- /dev/null
+++ b/modules/multi-architecture-enabling-64k-pages.adoc
@@ -0,0 +1,101 @@
+//Module included in the following assemblies
+//
+//post_installation_configuration/multi-architecture-configuration.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="multi-architecture-enabling-64k-pages_{context}"]
+
+= Enabling 64k pages on the {op-system-first} kernel 
+
+You can enable the 64k memory page in the {op-system-first} kernel on the 64-bit ARM compute machines in your cluster. The 64k page size kernel specification can be used for large GPU or high memory workloads. This is done using the Machine Config Operator (MCO) which uses a machine config pool to update the kernel. To enable 64k page sizes, you must dedicate a machine config pool for ARM64 to enable on the kernel.
+
+[IMPORTANT]
+====
+Using 64k pages is exclusive to 64-bit ARM architecture compute nodes or clusters installed on 64-bit ARM machines. If you configure the 64k pages kernel on a machine config pool using 64-bit x86 machines, the machine config pool and MCO will degrade.
+====
+
+.Prerequisites: 
+* You installed the OpenShift CLI (`oc`).
+* You created a cluster with compute nodes of different architecture on one of the supported platforms.
+
+.Procedure: 
+
+. Label the nodes where you want to run the 64k page size kernel:
+[source,terminal]
++
+----
+$ oc label node <node_name> <label>
+----
++
+.Example command 
+[source,terminal]
+----
+$ oc label node worker-arm64-01 node-role.kubernetes.io/worker-64k-pages=
+----
+
+. Create a machine config pool that contains the worker role that uses the ARM64 architecture and the `worker-64k-pages` role:
+[source,yaml]
++
+----
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfigPool
+metadata:
+  name: worker-64k-pages
+spec:
+  machineConfigSelector:
+    matchExpressions:
+      - key: machineconfiguration.openshift.io/role
+        operator: In
+        values:
+        - worker
+        - worker-64k-pages
+  nodeSelector:
+    matchLabels:
+      node-role.kubernetes.io/worker-64k-pages: ""
+      kubernetes.io/arch: arm64
+----
+
+. Create a machine config on your compute node to enable `64k-pages` with the `64k-pages` parameter. 
++
+[source,terminal]
+----
+$ oc create -f <filename>.yaml
+----
++
+.Example MachineConfig
+[source,yaml]
+----
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: "worker-64k-pages" <1>
+  name: 99-worker-64kpages  
+spec:
+  kernelType: 64k-pages <2>
+----
+<1> Specify the value of the `machineconfiguration.openshift.io/role` label in the custom machine config pool. The example MachineConfig uses the `worker-64k-pages` label to enable 64k pages in the `worker-64k-pages` pool. 
+<2> Specify your desired kernel type. Valid values are `64k-pages` and `default`
++
+[NOTE]
+====
+The `64k-pages` type is supported on only 64-bit ARM architecture based compute nodes. The `realtime` type is supported on only 64-bit x86 architecture based compute nodes.
+====
+
+.Verification 
+
+* To view your new `worker-64k-pages` machine config pool, run the following command:
++
+[source,terminal]
+----
+$ oc get mcp
+----
++
+.Example output 
+[source,terminal]
+----
+NAME     CONFIG                                                                UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
+master   rendered-master-9d55ac9a91127c36314e1efe7d77fbf8                      True      False      False      3              3                   3                     0                      361d
+worker   rendered-worker-e7b61751c4a5b7ff995d64b967c421ff                      True      False      False      7              7                   7                     0                      361d
+worker-64k-pages  rendered-worker-64k-pages-e7b61751c4a5b7ff995d64b967c421ff   True      False      False      2              2                   2                     0                      35m
+----
\ No newline at end of file
diff --git a/modules/multi-architecture-import-imagestreams.adoc b/modules/multi-architecture-import-imagestreams.adoc
index 6f07c7f6fd75..4a64a466c0c7 100644
--- a/modules/multi-architecture-import-imagestreams.adoc
+++ b/modules/multi-architecture-import-imagestreams.adoc
@@ -2,18 +2,18 @@
 //
 //post_installation_configuration/multi-architecture-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="multi-architecture-import-imagestreams_{context}"]
 
-= Importing manifest lists in image streams on your multi-architecture compute machines 
+= Importing manifest lists in image streams on your multi-architecture compute machines
 
 On an {product-title} {product-version} cluster with multi-architecture compute machines, the image streams in the cluster do not import manifest lists automatically. You must manually change the default `importMode` option to the `PreserveOriginal` option in order to import the manifest list.
 
-.Prerequisites 
+.Prerequisites
 
 * You installed the {product-title} CLI (`oc`).
 
-.Procedure 
+.Procedure
 
 * The following example command shows how to patch the `ImageStream` cli-artifacts so that the `cli-artifacts:latest` image stream tag is imported as a manifest list.
 +
@@ -22,17 +22,17 @@ On an {product-title} {product-version} cluster with multi-architecture compute
 $ oc patch is/cli-artifacts -n openshift -p '{"spec":{"tags":[{"name":"latest","importPolicy":{"importMode":"PreserveOriginal"}}]}}'
 ----
 
-.Verification 
+.Verification
 
-* You can check that the manifest lists imported properly by inspecting the image stream tag. The following command will list the individual architecture manifests for a particular tag. 
+* You can check that the manifest lists imported properly by inspecting the image stream tag. The following command will list the individual architecture manifests for a particular tag.
 +
 [source,terminal]
 ----
 $ oc get istag cli-artifacts:latest -n openshift -oyaml
 ----
 
-+ 
-If the `dockerImageManifests` object is present, then the manifest list import was successful. 
++
+If the `dockerImageManifests` object is present, then the manifest list import was successful.
 
 +
 .Example output of the `dockerImageManifests` object
diff --git a/modules/multi-architecture-modify-machine-set-aws.adoc b/modules/multi-architecture-modify-machine-set-aws.adoc
index 3a1c26b53ff7..f4038ad6838f 100644
--- a/modules/multi-architecture-modify-machine-set-aws.adoc
+++ b/modules/multi-architecture-modify-machine-set-aws.adoc
@@ -2,21 +2,21 @@
 //
 //post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="multi-architecture-modify-machine-set-aws_{context}"]
 
-= Adding an ARM64 compute machine set to your cluster 
+= Adding an ARM64 compute machine set to your cluster
 
 To configure a cluster with multi-architecture compute machines, you must create a AWS ARM64 compute machine set. This adds ARM64 compute nodes to your cluster so that your cluster has multi-architecture compute machines.
 
-.Prerequisites 
+.Prerequisites
 
-* You installed the OpenShift CLI (`oc`). 
+* You installed the OpenShift CLI (`oc`).
 * You used the installation program to create an AMD64 single-architecture AWS cluster with the multi-architecture installer binary.
 
 
 .Procedure
-* Create and modify a compute machine set, this will control the ARM64 compute nodes in your cluster. 
+* Create and modify a compute machine set, this will control the ARM64 compute nodes in your cluster.
 +
 --
 [source,terminal]
@@ -31,7 +31,7 @@ apiVersion: machine.openshift.io/v1beta1
 kind: MachineSet
 metadata:
   labels:
-    machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1> 
+    machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
   name: <infrastructure_id>-aws-arm64-machine-set-0 <1>
   namespace: openshift-machine-api
 spec:
@@ -43,14 +43,14 @@ spec:
   template:
     metadata:
       labels:
-        machine.openshift.io/cluster-api-cluster: <infrastructure_id> 
-        machine.openshift.io/cluster-api-machine-role: <role> <3> 
-        machine.openshift.io/cluster-api-machine-type: <role> <3> 
+        machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+        machine.openshift.io/cluster-api-machine-role: <role> <3>
+        machine.openshift.io/cluster-api-machine-type: <role> <3>
         machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<zone> <2>
     spec:
       metadata:
         labels:
-          node-role.kubernetes.io/<role>: "" 
+          node-role.kubernetes.io/<role>: ""
       providerSpec:
         value:
           ami:
@@ -66,11 +66,11 @@ spec:
           deviceIndex: 0
           iamInstanceProfile:
             id: <infrastructure_id>-worker-profile <1>
-          instanceType: m6g.xlarge <5> 
+          instanceType: m6g.xlarge <5>
           kind: AWSMachineProviderConfig
           placement:
             availabilityZone: us-east-1a <6>
-            region: <region> <7> 
+            region: <region> <7>
           securityGroups:
             - filters:
                 - name: tag:Name
@@ -80,12 +80,12 @@ spec:
             filters:
               - name: tag:Name
                 values:
-                  - <infrastructure_id>-private-<zone>  
+                  - <infrastructure_id>-private-<zone>
           tags:
             - name: kubernetes.io/cluster/<infrastructure_id> <1>
               value: owned
-            - name: <custom_tag_name> 
-              value: <custom_tag_value> 
+            - name: <custom_tag_name>
+              value: <custom_tag_value>
           userDataSecret:
             name: worker-user-data
 ----
@@ -95,23 +95,23 @@ spec:
 ----
 $ oc get -o jsonpath=‘{.status.infrastructureName}{“\n”}’ infrastructure cluster
 ----
-<2> Specify the infrastructure ID, role node label, and zone.	
+<2> Specify the infrastructure ID, role node label, and zone.
 <3> Specify the role node label to add.
-<4> Specify an ARM64 supported Red Hat Enterprise Linux CoreOS (RHCOS) Amazon Machine Image (AMI) for your AWS zone for your OpenShift Container Platform nodes. 
+<4> Specify an ARM64 supported Red Hat Enterprise Linux CoreOS (RHCOS) Amazon Machine Image (AMI) for your AWS zone for your OpenShift Container Platform nodes.
 +
 [source,terminal]
 ----
-$ oc get configmap/coreos-bootimages /
-	  -n openshift-machine-config-operator /
-	  -o jsonpath='{.data.stream}' | jq /
+$ oc get configmap/coreos-bootimages \
+	  -n openshift-machine-config-operator \
+	  -o jsonpath='{.data.stream}' | jq \
 	  -r '.architectures.<arch>.images.aws.regions."<region>".image'
 ----
 <5> Specify an ARM64 supported machine type. For more information, refer to "Tested instance types for AWS 64-bit ARM"
-<6> Specify the zone, for example `us-east-1a`. Ensure that the zone you select offers 64-bit ARM machines. 
+<6> Specify the zone, for example `us-east-1a`. Ensure that the zone you select offers 64-bit ARM machines.
 <7> Specify the region, for example, `us-east-1`. Ensure that the zone you select offers 64-bit ARM machines.
 --
 
-.Verification 
+.Verification
 
 . View the list of compute machine sets by entering the following command:
 +
@@ -119,7 +119,7 @@ $ oc get configmap/coreos-bootimages /
 ----
 $ oc get machineset -n openshift-machine-api
 ----
-You can then see your created ARM64 machine set. 
+You can then see your created ARM64 machine set.
 +
 .Example output
 [source,terminal]
@@ -130,6 +130,6 @@ NAME                                                DESIRED  CURRENT  READY  AVA
 . You can check that the nodes are ready and scheduable with the following command:
 +
 [source,terminal]
----- 
+----
 $ oc get nodes
 ----
\ No newline at end of file
diff --git a/modules/multi-architecture-modify-machine-set-gcp.adoc b/modules/multi-architecture-modify-machine-set-gcp.adoc
new file mode 100644
index 000000000000..2fbdabede970
--- /dev/null
+++ b/modules/multi-architecture-modify-machine-set-gcp.adoc
@@ -0,0 +1,149 @@
+//Module included in the following assembly
+//
+//post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-gcp.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="multi-architecture-modify-machine-set-gcp_{context}"]
+= Adding an ARM64 compute machine set to your GCP cluster
+
+To configure a cluster with multi-architecture compute machines, you must create a GCP ARM64 compute machine set. This adds ARM64 compute nodes to your cluster.
+
+.Prerequisites
+
+* You installed the {oc-first}.
+* You used the installation program to create an AMD64 single-architecture AWS cluster with the multi-architecture installer binary.
+
+.Procedure
+* Create and modify a compute machine set, this controls the ARM64 compute nodes in your cluster:
++
+[source,terminal]
+----
+$ oc create -f gcp-arm64-machine-set-0.yaml
+----
++
+--
+.Sample GCP YAML compute machine set to deploy an ARM64 compute node
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  labels:
+    machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
+  name: <infrastructure_id>-w-a
+  namespace: openshift-machine-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+      machine.openshift.io/cluster-api-machineset: <infrastructure_id>-w-a
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+        machine.openshift.io/cluster-api-machine-role: <role> <2>
+        machine.openshift.io/cluster-api-machine-type: <role>
+        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-w-a
+    spec:
+      metadata:
+        labels:
+          node-role.kubernetes.io/<role>: ""
+      providerSpec:
+        value:
+          apiVersion: gcpprovider.openshift.io/v1beta1
+          canIPForward: false
+          credentialsSecret:
+            name: gcp-cloud-credentials
+          deletionProtection: false
+          disks:
+          - autoDelete: true
+            boot: true
+            image: <path_to_image> <3>
+            labels: null
+            sizeGb: 128
+            type: pd-ssd
+          gcpMetadata: <4>
+          - key: <custom_metadata_key>
+            value: <custom_metadata_value>
+          kind: GCPMachineProviderSpec
+          machineType: n1-standard-4 <5>
+          metadata:
+            creationTimestamp: null
+          networkInterfaces:
+          - network: <infrastructure_id>-network
+            subnetwork: <infrastructure_id>-worker-subnet
+          projectID: <project_name> <6>
+          region: us-central1 <7>
+          serviceAccounts:
+          - email: <infrastructure_id>-w@<project_name>.iam.gserviceaccount.com
+            scopes:
+            - https://www.googleapis.com/auth/cloud-platform
+          tags:
+            - <infrastructure_id>-worker
+          userDataSecret:
+            name: worker-user-data
+          zone: us-central1-a
+----
+<1> Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. You can obtain the infrastructure ID by running the following command:
++
+[source,terminal]
+----
+$ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
+----
+<2> Specify the role node label to add.
+<3> Specify the path to the image that is used in current compute machine sets. You need the project and image name for your path to image.
++
+To access the project and image name, run the following command:
++
+[source,terminal]
+----
+$ oc get configmap/coreos-bootimages \
+  -n openshift-machine-config-operator \
+  -o jsonpath='{.data.stream}' | jq \
+  -r '.architectures.aarch64.images.gcp'
+----
++
+.Example output
+[source,terminal]
+----
+  "gcp": {
+    "release": "415.92.202309142014-0",
+    "project": "rhcos-cloud",
+    "name": "rhcos-415-92-202309142014-0-gcp-aarch64"
+  }
+----
+Use the `project` and `name` parameters from the output to create the path to image field in your machine set. The path to the image should follow the following format:
++
+[source,terminal]
+----
+$ projects/<project>/global/images/<image_name>
+----
+<4> Optional: Specify custom metadata in the form of a `key:value` pair. For example use cases, see the GCP documentation for link:https://cloud.google.com/compute/docs/metadata/setting-custom-metadata[setting custom metadata].
+<5> Specify an ARM64 supported machine type. For more information, refer to _Tested instance types for GCP on 64-bit ARM infrastructures_ in "Additional resources".
+<6> Specify the name of the GCP project that you use for your cluster.
+<7> Specify the region, for example, `us-central1`. Ensure that the zone you select offers 64-bit ARM machines.
+--
+
+.Verification
+. View the list of compute machine sets by entering the following command:
++
+[source,terminal]
+----
+$ oc get machineset -n openshift-machine-api
+----
+You can then see your created ARM64 machine set.
++
+.Example output
+[source,terminal]
+----
+NAME                                                DESIRED  CURRENT  READY  AVAILABLE  AGE
+<infrastructure_id>-gcp-arm64-machine-set-0                   2        2      2          2  10m
+----
+. You can check that the nodes are ready and scheduable with the following command:
++
+[source,terminal]
+----
+$ oc get nodes
+----
\ No newline at end of file
diff --git a/modules/multi-architecture-modify-machine-set.adoc b/modules/multi-architecture-modify-machine-set.adoc
index 0557e97eb1d7..28db16583220 100644
--- a/modules/multi-architecture-modify-machine-set.adoc
+++ b/modules/multi-architecture-modify-machine-set.adoc
@@ -2,16 +2,16 @@
 //
 //post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="multi-architecture-modify-machine-set_{context}"]
 
-= Adding a multi-architecture compute machine set to your cluster  
+= Adding a multi-architecture compute machine set to your cluster
 
-To add ARM64 compute nodes to your cluster, you must create an Azure compute machine set that uses the ARM64 boot image. To create your own custom compute machine set on Azure, see "Creating a compute machine set on Azure". 
+To add ARM64 compute nodes to your cluster, you must create an Azure compute machine set that uses the ARM64 boot image. To create your own custom compute machine set on Azure, see "Creating a compute machine set on Azure".
 
-.Prerequisites 
+.Prerequisites
 
-* You installed the OpenShift CLI (`oc`). 
+* You installed the OpenShift CLI (`oc`).
 
 .Procedure
 * Create a compute machine set and modify the `resourceID` and `vmSize` parameters with the following command. This compute machine set will control the `arm64` worker nodes in your cluster:
@@ -20,7 +20,7 @@ To add ARM64 compute nodes to your cluster, you must create an Azure compute mac
 ----
 $ oc create -f arm64-machine-set-0.yaml
 ----
-.Sample YAML compute machine set with `arm64` boot image 
+.Sample YAML compute machine set with `arm64` boot image
 +
 [source,yaml]
 ----
@@ -81,12 +81,12 @@ spec:
           vmSize: Standard_D4ps_v5 <2>
           vnet: <infrastructure_id>-vnet
           zone: "<zone>"
----- 
+----
 <1> Set the `resourceID` parameter to the `arm64` boot image.
 <2> Set the `vmSize` parameter to the instance type used in your installation. Some example instance types are `Standard_D4ps_v5` or `D8ps`.
 
 .Verification
-. Verify that the new ARM64 machines are running by entering the following command: 
+. Verify that the new ARM64 machines are running by entering the following command:
 +
 [source,terminal]
 ----
@@ -101,7 +101,7 @@ NAME                                                DESIRED  CURRENT  READY  AVA
 ----
 . You can check that the nodes are ready and scheduable with the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
-$ oc get nodes 
+$ oc get nodes
 ----
\ No newline at end of file
diff --git a/modules/multi-architecture-scheduling-examples.adoc b/modules/multi-architecture-scheduling-examples.adoc
new file mode 100644
index 000000000000..252de47f968b
--- /dev/null
+++ b/modules/multi-architecture-scheduling-examples.adoc
@@ -0,0 +1,139 @@
+// Module included in the following assembly
+//
+//post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-compute-managing.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="multi-architecture-scheduling-examples_{context}"]
+
+= Sample multi-architecture node workload deployments
+
+Before you schedule workloads on a cluster with compute nodes of different architectures, consider the following use cases:
+
+Using node affinity to schedule workloads on a node:: You can allow a workload to be scheduled on only a set of nodes with architectures supported by its images, you can set the `spec.affinity.nodeAffinity` field in your pod's template specification.
++
+.Example deployment with the `nodeAffinity` set to certain architectures
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata: # ...
+spec:
+   # ...
+  template:
+     # ...
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/arch
+                operator: In
+                values: <1>
+                - amd64
+                - arm64
+----
+<1> Specify the supported architectures. Valid values include `amd64`,`arm64`, or both values.
+
+Tainting every node for a specific architecture:: You can taint a node to avoid workloads that are not compatible with its architecture to be scheduled on that node. In the case where your cluster is using a `MachineSet` object, you can add parameters to the `.spec.template.spec.taints` field to avoid workloads being scheduled on nodes with non-supported architectures.
+
+* Before you can taint a node, you must scale down the `MachineSet` object or remove available machines. You can scale down the machine set by using one of following commands:
++
+[source,terminal]
+----
+$ oc scale --replicas=0 machineset <machineset> -n openshift-machine-api
+----
++
+Or:
++
+[source,terminal]
+----
+$ oc edit machineset <machineset> -n openshift-machine-api
+----
+For more information on scaling machine sets, see "Modifying a compute machine set".
+
++
+--
+.Example `MachineSet` with a taint set
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata: # ...
+spec:
+  # ...
+  template:
+    # ...
+    spec:
+      # ...
+      taints:
+      - effect: NoSchedule
+        key: multi-arch.openshift.io/arch
+        value: arm64
+----
+You can also set a taint on a specific node by running the following command:
+[source,terminal]
+----
+$ oc adm taint nodes <node-name> multi-arch.openshift.io/arch=arm64:NoSchedule
+----
+--
+
+Creating a default toleration:: You can annotate a namespace so all of the workloads get the same default toleration by running the following command:
++
+[source,terminal]
+----
+$ oc annotate namespace my-namespace \
+  'scheduler.alpha.kubernetes.io/defaultTolerations'='[{"operator": "Exists", "effect": "NoSchedule", "key": "multi-arch.openshift.io/arch"}]'
+----
+
+Tolerating architecture taints in workloads:: On a node with a defined taint, workloads will not be scheduled on that node. However, you can allow them to be scheduled by setting a toleration in the pod's specification.
++
+.Example deployment with a toleration
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata: # ...
+spec:
+  # ...
+  template:
+    # ...
+    spec:
+      tolerations:
+      - key: "multi-arch.openshift.io/arch"
+        value: "arm64"
+        operator: "Equal"
+        effect: "NoSchedule"
+----
++
+This example deployment can also be allowed on nodes with the `multi-arch.openshift.io/arch=arm64` taint specified.
+
+Using node affinity with taints and tolerations:: When a scheduler computes the set of nodes to schedule a pod, tolerations can broaden the set while node affinity restricts the set. If you set a taint to the nodes of a specific architecture, the following example toleration is required for scheduling pods.
++
+.Example deployment with a node affinity and toleration set.
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata: # ...
+spec:
+  # ...
+  template:
+    # ...
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/arch
+                operator: In
+                values:
+                - amd64
+                - arm64
+      tolerations:
+      - key: "multi-arch.openshift.io/arch"
+        value: "arm64"
+        operator: "Equal"
+        effect: "NoSchedule"
+----
\ No newline at end of file
diff --git a/modules/multi-architecture-scheduling-overview.adoc b/modules/multi-architecture-scheduling-overview.adoc
new file mode 100644
index 000000000000..4bc4c782604a
--- /dev/null
+++ b/modules/multi-architecture-scheduling-overview.adoc
@@ -0,0 +1,13 @@
+// module included in the following assembly
+//
+//post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-compute-managing.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="multi-architecture-scheduling-overview_{context}"]
+= Scheduling workloads on clusters with multi-architecture compute machines
+
+Before deploying a workload onto a cluster with compute nodes of different architectures, you must configure your compute node scheduling process so the pods in your cluster are correctly assigned.
+
+You can schedule workloads onto multi-architecture nodes for your cluster in several ways. For example, you can use a node affinity or a node selector to select the node you want the pod to schedule onto. You can also use scheduling mechanisms, like taints and tolderations, when using node affinity or node selector to correctly schedule workloads.
+
+
diff --git a/modules/multi-architecture-verifying-cluster-compatibility.adoc b/modules/multi-architecture-verifying-cluster-compatibility.adoc
index fe3399d3902c..1b132abcda14 100644
--- a/modules/multi-architecture-verifying-cluster-compatibility.adoc
+++ b/modules/multi-architecture-verifying-cluster-compatibility.adoc
@@ -1,34 +1,59 @@
 // Module included in the following assemblies:
 
-// * post_installation_configuration/multi-architecture-configuration.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-aws.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-azure.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-bare-metal.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-gcp.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z-kvm.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z.adoc
+// * post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:ibm-power:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="multi-architecture-verifying-cluster-compatibility_{context}"]
 
-= Verifying cluster compatibility 
+= Verifying cluster compatibility
 
-Before you can start adding compute nodes of different architectures to your cluster, you must verify that your cluster is multi-architecture compatible. 
+Before you can start adding compute nodes of different architectures to your cluster, you must verify that your cluster is multi-architecture compatible.
 
 .Prerequisites
 
 * You installed the OpenShift CLI (`oc`)
 
-.Procedure 
+ifdef::ibm-power[]
+[NOTE]
+====
+When using multiple architectures, hosts for {product-title} nodes must share the same storage layer. If they do not have the same storage layer, use a storage provider such as `nfs-provisioner`.
+====
+
+[NOTE]
+====
+You should limit the number of network hops between the compute and control plane as much as possible.
+====
+endif::ibm-power[]
+
+.Procedure
 
 * You can check that your cluster uses the architecture payload by running the following command:
 +
 [source,terminal]
 ----
-$ oc adm release info -o json | jq .metadata.metadata
+$ oc adm release info -o jsonpath="{ .metadata.metadata}"
 ----
 
-.Verification 
+.Verification
 
-. If you see the following output, then your cluster is using the multi-architecture payload: 
+. If you see the following output, then your cluster is using the multi-architecture payload:
 +
 [source,terminal]
 ----
-$ "release.openshift.io/architecture": "multi"
+{
+ "release.openshift.io/architecture": "multi",
+ "url": "https://access.redhat.com/errata/<errata_version>"
+}
 ----
 You can then begin adding multi-arch compute nodes to your cluster.
 
@@ -36,6 +61,16 @@ You can then begin adding multi-arch compute nodes to your cluster.
 +
 [source,terminal]
 ----
-$ null
+{
+ "url": "https://access.redhat.com/errata/<errata_version>"
+}
 ----
-To migrate your cluster to one that supports multi-architecture compute machines, follow the procedure in "Migrating to a cluster with multi-architecture compute machines". 
\ No newline at end of file
++
+[IMPORTANT]
+====
+To migrate your cluster so the cluster supports multi-architecture compute machines, follow the procedure in xref:../../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
+====
+
+ifeval::["{context}" == "creating-multi-arch-compute-nodes-ibm-power"]
+:!ibm-power:
+endif::[]
\ No newline at end of file
diff --git a/modules/multi-cluster-about.adoc b/modules/multi-cluster-about.adoc
index 9d6bdcb7af74..dc3a0a99e94c 100644
--- a/modules/multi-cluster-about.adoc
+++ b/modules/multi-cluster-about.adoc
@@ -2,7 +2,7 @@
 //
 // * assemblies/web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="multi-cluster-about_{context}"]
 = Multicluster console
 
diff --git a/modules/nbde-backing-up-server-keys.adoc b/modules/nbde-backing-up-server-keys.adoc
index 6b282b5fb548..96433fec39a3 100644
--- a/modules/nbde-backing-up-server-keys.adoc
+++ b/modules/nbde-backing-up-server-keys.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-backing-up-server-keys_{context}"]
 = Backing up keys for a Tang server
 
diff --git a/modules/nbde-compromise-of-key-material.adoc b/modules/nbde-compromise-of-key-material.adoc
index 9dc0dcf0006a..45066f2d6677 100644
--- a/modules/nbde-compromise-of-key-material.adoc
+++ b/modules/nbde-compromise-of-key-material.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-compromise-of-key-material_{context}"]
 = Rekeying compromised key material
 
diff --git a/modules/nbde-deciding-the-number-of-tang-servers-to-use.adoc b/modules/nbde-deciding-the-number-of-tang-servers-to-use.adoc
index 0e85bc4ceca5..844fd08eac86 100644
--- a/modules/nbde-deciding-the-number-of-tang-servers-to-use.adoc
+++ b/modules/nbde-deciding-the-number-of-tang-servers-to-use.adoc
@@ -21,4 +21,4 @@ There are two ways Tang servers handle key material:
 ** You can scale an individual Tang server behind a load balancer.
 ** All Tang servers must be available during client node setup or key rotation.
 ** When a client node boots using the default configuration, the Clevis client contacts all Tang servers. Only _n_ Tang servers must be online to proceed with decryption. The default value for _n_ is 1.
-** Red Hat does not support post-installation configuration that changes the behavior of the Tang servers.
+** Red Hat does not support postinstallation configuration that changes the behavior of the Tang servers.
diff --git a/modules/nbde-deleting-old-tang-server-keys.adoc b/modules/nbde-deleting-old-tang-server-keys.adoc
index 86bebb5120d0..7184e502de80 100644
--- a/modules/nbde-deleting-old-tang-server-keys.adoc
+++ b/modules/nbde-deleting-old-tang-server-keys.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-deleting-old-tang-server-keys_{context}"]
 = Deleting old Tang server keys
 
diff --git a/modules/nbde-generating-a-new-tang-server-key.adoc b/modules/nbde-generating-a-new-tang-server-key.adoc
index 74b57bbf109e..d3b1f825f9db 100644
--- a/modules/nbde-generating-a-new-tang-server-key.adoc
+++ b/modules/nbde-generating-a-new-tang-server-key.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-generating-a-new-tang-server-key_{context}"]
 = Generating a new Tang server key
 
diff --git a/modules/nbde-installing-a-tang-server.adoc b/modules/nbde-installing-a-tang-server.adoc
deleted file mode 100644
index 04cea976fd05..000000000000
--- a/modules/nbde-installing-a-tang-server.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Module included in the following assemblies:
-//
-// security/nbde-implementation-guide.adoc
-
-:_content-type: PROCEDURE
-[id="nbde-installing-a-tang-server_{context}"]
-= Installing a Tang server
-
-.Procedure
-
-* You can install a Tang server on a {op-system-base-full} machine using either of the following commands:
-
-** Install the Tang server by using the `yum` command:
-+
-[source,terminal]
-----
-$ sudo yum install tang
-----
-
-** Install the Tang server by using the `dnf` command:
-+
-[source,terminal]
-----
-$ sudo dnf install tang
-----
-
-[NOTE]
-====
-Installation can also be containerized and is very lightweight.
-====
diff --git a/modules/nbde-loss-of-client-connectivity.adoc b/modules/nbde-loss-of-client-connectivity.adoc
index 1c803c9e4ef0..4108a5242ddf 100644
--- a/modules/nbde-loss-of-client-connectivity.adoc
+++ b/modules/nbde-loss-of-client-connectivity.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-loss-of-client-connectivity_{context}"]
 = Planning for a loss of client network connectivity
 
diff --git a/modules/nbde-openshift-installation-with-nbde.adoc b/modules/nbde-openshift-installation-with-nbde.adoc
deleted file mode 100644
index 05fb3eb334df..000000000000
--- a/modules/nbde-openshift-installation-with-nbde.adoc
+++ /dev/null
@@ -1,8 +0,0 @@
-// Module included in the following assemblies:
-//
-// security/nbde-implementation-guide.adoc
-
-[id="nbde-openshift-installation-with-nbde_{context}"]
-= Installation considerations with Network-Bound Disk Encryption
-
-Network-Bound Disk Encryption (NBDE) must be enabled when a cluster node is installed. However, you can change the disk encryption policy at any time after it was initialized at installation.
diff --git a/modules/nbde-recovering-network-connectivity-manually.adoc b/modules/nbde-recovering-network-connectivity-manually.adoc
index 873b44134f8a..712d415d86c6 100644
--- a/modules/nbde-recovering-network-connectivity-manually.adoc
+++ b/modules/nbde-recovering-network-connectivity-manually.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-recovering-network-connectivity-manually_{context}"]
 = Recovering network connectivity manually
 
diff --git a/modules/nbde-recovering-server-keys.adoc b/modules/nbde-recovering-server-keys.adoc
index 51266e86ebf7..2998b1ffbfe1 100644
--- a/modules/nbde-recovering-server-keys.adoc
+++ b/modules/nbde-recovering-server-keys.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-recovering-server-keys_{context}"]
 = Recovering keys for a Tang server
 
diff --git a/modules/nbde-rekeying-all-nbde-nodes.adoc b/modules/nbde-rekeying-all-nbde-nodes.adoc
index c1482905ce89..73db05eea2e5 100644
--- a/modules/nbde-rekeying-all-nbde-nodes.adoc
+++ b/modules/nbde-rekeying-all-nbde-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-rekeying-all-nbde-nodes_{context}"]
 = Rekeying all NBDE nodes
 
diff --git a/modules/nbde-rekeying-tang-servers.adoc b/modules/nbde-rekeying-tang-servers.adoc
index 42e19398b830..32e3bd198310 100644
--- a/modules/nbde-rekeying-tang-servers.adoc
+++ b/modules/nbde-rekeying-tang-servers.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-rekeying-tang-servers_{context}"]
 = Rekeying Tang servers
 
diff --git a/modules/nbde-tang-server-operator-deploying.adoc b/modules/nbde-tang-server-operator-deploying.adoc
new file mode 100644
index 000000000000..877c15c11053
--- /dev/null
+++ b/modules/nbde-tang-server-operator-deploying.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="deploying-nbde-tang-server_{context}"]
+= Deploying a Tang server using the NBDE Tang Server Operator
+
+You can deploy and quickly configure one or more Tang servers using the NBDE Tang Server Operator in the web console.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+* You have installed the NBDE Tang Server Operator on your OCP cluster.
+
+.Procedure
+
+. In the {product-title} web console, navigate to *Operators* -> *OperatorHub*.
+. Select *Project*, and click *Create Project*:
++
+image::nbde-tang-server-operator-07-create-project.png[Create Project in the web console]
+. On the `Create Project` page, fill in the required information, for example:
++
+image::nbde-tang-server-operator-09-project-values.png[Example values on the Create Project page]
+. Click *Create*.
+. NBDE Tang Server replicas require a Persistent Volume Claim (PVC) for storing encryption keys. In the web console, navigate to *Storage* -> *PersistentVolumeClaims*:
++
+image::nbde-tang-server-operator-11-pvc.png[PersistentVolumeClaims in the Storage menu]
+. On the following `PersistentVolumeClaims` screen, click *Create PersistentVolumeClaim*.
+. On the `Create PersistentVolumeClaim` page, select a storage that fits your deployment scenario. Consider how often you want to rotate the encryption keys. Name your PVC and choose the claimed storage capacity, for example:
++
+image::nbde-tang-server-operator-13-create-pvc.png[Create PersistentVolumeClaims page]
+. Navigate to *Operators* -> *Installed Operators*, and click *NBDE Tang Server*.
+. Click *Create instance*.
++
+image::nbde-tang-server-operator-15-create-instance.png[Create NBDE Tang Server instance]
+. On the `Create TangServer` page, choose the name of the Tang Server instance, amount of replicas, and specify the name of the previously created Persistent Volume Claim, for example:
++
+image::nbde-tang-server-operator-17-create-tangserver.png[Create TangServer page]
+. After you enter the required values a change settings that differ from the default values in your scenario, click *Create*.
+
diff --git a/modules/nbde-tang-server-operator-identifying-url-cli.adoc b/modules/nbde-tang-server-operator-identifying-url-cli.adoc
new file mode 100644
index 000000000000..d48efd04a3c8
--- /dev/null
+++ b/modules/nbde-tang-server-operator-identifying-url-cli.adoc
@@ -0,0 +1,60 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-identifying-url.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="identifying-url-nbde-tang-server-operator-using-cli_{context}"]
+= Identifying URL of the NBDE Tang Server Operator using CLI
+
+You can identify the URLs of Tang servers deployed with the NBDE Tang Server Operator from the OperatorHub by using the CLI. After you identify the URLs, you use the `clevis luks bind` command on your clients containing LUKS-encrypted volumes that you want to unlock automatically by using keys advertised by the Tang servers. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#configuring-manual-enrollment-of-volumes-using-clevis_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Configuring manual enrollment of LUKS-encrypted volumes] section in the RHEL 9 Security hardening document for detailed steps describing the configuration of clients with Clevis.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+* You have installed the OpenShift CLI (`oc`).
+* You deployed a Tang server by using the NBDE Tang Server Operator on your OpenShift cluster.
+
+.Procedure
+
+. List details about your Tang server, for example:
++
+[source,terminal]
+----
+$ oc -n nbde describe tangserver
+----
++
+.Example output
+[source,terminal]
+----
+…
+Spec:
+…
+Status:
+  Ready:                 1
+  Running:               1
+  Service External URL:  http://34.28.173.205:7500/adv
+  Tang Server Error:     No
+Events:
+…
+----
+
+. Use the value of the `Service External URL:` item without the `/adv` part. In this example, the URL of the Tang server is `\http://34.28.173.205:7500`.
+
+.Verification
+
+* You can check that the Tang server is advertising by using `curl`, `wget`, or similar tools, for example:
++
+[source,terminal]
+----
+$ curl 2> /dev/null http://34.28.173.205:7500/adv  | jq
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "payload": "eyJrZXlzIj…eSJdfV19",
+  "protected": "eyJhbGciOiJFUzUxMiIsImN0eSI6Imp3ay1zZXQranNvbiJ9",
+  "signature": "AUB0qSFx0FJLeTU…aV_GYWlDx50vCXKNyMMCRx"
+}
+----
diff --git a/modules/nbde-tang-server-operator-identifying-url-web-console.adoc b/modules/nbde-tang-server-operator-identifying-url-web-console.adoc
new file mode 100644
index 000000000000..a76e13573828
--- /dev/null
+++ b/modules/nbde-tang-server-operator-identifying-url-web-console.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-identifying-url.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="identifying-url-nbde-tang-server-operator-using-web-console_{context}"]
+= Identifying URL of the NBDE Tang Server Operator using the web console
+
+You can identify the URLs of Tang servers deployed with the NBDE Tang Server Operator from the OperatorHub by using the {product-title} web console. After you identify the URLs, you use the `clevis luks bind` command on your clients containing LUKS-encrypted volumes that you want to unlock automatically by using keys advertised by the Tang servers. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#configuring-manual-enrollment-of-volumes-using-clevis_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Configuring manual enrollment of LUKS-encrypted volumes] section in the RHEL 9 Security hardening document for detailed steps describing the configuration of clients with Clevis.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+* You deployed a Tang server by using the NBDE Tang Server Operator on your OpenShift cluster.
+
+.Procedure
+
+. In the {product-title} web console, navigate to *Operators* -> *Installed Operators* -> *Tang Server*.
+
+. On the NBDE Tang Server Operator details page, select *Tang Server*.
++
+image::nbde-tang-server-operator-19-tangserver-details.png[NBDE Tang Server Operator details]
+
+. The list of Tang servers deployed and available for your cluster appears. Click the name of the Tang server you want to bind with a Clevis client.
+
+. The web console displays an overview of the selected Tang server. You can find the URL of your Tang server in the `Tang Server External Url` section of the screen:
++
+image::nbde-tang-server-operator-21-tangserver-overview.png[NBDE Tang Server Operator overview of a Tang server]
++
+In this example, the URL of the Tang server is `\http://34.28.173.205:7500`.
+
+.Verification
+
+* You can check that the Tang server is advertising by using `curl`, `wget`, or similar tools, for example:
++
+[source,terminal]
+----
+$ curl 2> /dev/null http://34.28.173.205:7500/adv  | jq
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "payload": "eyJrZXlzIj…eSJdfV19",
+  "protected": "eyJhbGciOiJFUzUxMiIsImN0eSI6Imp3ay1zZXQranNvbiJ9",
+  "signature": "AUB0qSFx0FJLeTU…aV_GYWlDx50vCXKNyMMCRx"
+}
+----
diff --git a/modules/nbde-tang-server-operator-installing-cli.adoc b/modules/nbde-tang-server-operator-installing-cli.adoc
new file mode 100644
index 000000000000..01bd72941367
--- /dev/null
+++ b/modules/nbde-tang-server-operator-installing-cli.adoc
@@ -0,0 +1,77 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-installing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-nbde-tang-server-operator-using-cli_{context}"]
+= Installing the NBDE Tang Server Operator using CLI
+
+You can install the NBDE Tang Server Operator from the OperatorHub using the CLI.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Use the following command to list available Operators on OperatorHub, and limit the output to Tang-related results:
++
+[source,terminal]
+----
+$ oc get packagemanifests -n openshift-marketplace | grep tang
+----
++
+.Example output
+[source,terminal]
+----
+tang-operator           Red Hat
+----
++
+In this case, the corresponding packagemanifest name is `tang-operator`.
+
+. Create a `Subscription` object YAML file to subscribe a namespace to the NBDE Tang Server Operator, for example, `tang-operator.yaml`:
++
+.Example subscription YAML for tang-operator
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: tang-operator
+  namespace: openshift-operators
+spec:
+  channel: stable <1>
+  installPlanApproval: Automatic
+  name: tang-operator <2>
+  source: redhat-operators <3>
+  sourceNamespace: openshift-marketplace <4> 
+----
+<1> Specify the channel name from where you want to subscribe the Operator.
+<2> Specify the name of the Operator to subscribe to.
+<3> Specify the name of the CatalogSource that provides the Operator.
+<4> The namespace of the CatalogSource. Use `openshift-marketplace` for the default OperatorHub CatalogSources.
+
+. Apply the `Subscription` to the cluster:
++
+[source,terminal]
+----
+$ oc apply -f tang-operator.yaml
+----
+
+
+.Verification
+
+* Check that the NBDE Tang Server Operator controller runs in the `openshift-operators` namespace:
++
+[source,terminal]
+----
+$ oc -n openshift-operators get pods
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                                READY   STATUS    RESTARTS   AGE
+tang-operator-controller-manager-694b754bd6-4zk7x   2/2     Running   0          12s
+----
diff --git a/modules/nbde-tang-server-operator-installing-web-console.adoc b/modules/nbde-tang-server-operator-installing-web-console.adoc
new file mode 100644
index 000000000000..473dccb60e89
--- /dev/null
+++ b/modules/nbde-tang-server-operator-installing-web-console.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-installing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-nbde-tang-server-operator-using-web-console_{context}"]
+= Installing the NBDE Tang Server Operator using the web console
+
+You can install the NBDE Tang Server Operator from the OperatorHub using the web console.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+
+.Procedure
+
+. In the {product-title} web console, navigate to *Operators* -> *OperatorHub*.
+. Search for the NBDE Tang Server Operator:
++
+image::nbde-tang-server-operator-01-operatorhub.png[NBDE Tang Server Operator in OperatorHub]
+. Click *Install*.
+. On the *Operator Installation* screen, keep the *Update channel*, *Version*, *Installation mode*, *Installed Namespace*, and *Update approval* fields on the default values. 
+. After you confirm the installation options by clicking *Install*, the console displays the installation confirmation.
++
+image::nbde-tang-server-operator-03-confirmation.png[Confirmation of a NBDE Tang Server Operator installation]
+
+.Verification
+
+. Navigate to the *Operators* -> *Installed Operators* page.
+. Check that the NBDE Tang Server Operator is installed and its status is `Succeeded`.
++
+image::nbde-tang-server-operator-05-succeeded.png[NBDE Tang Server Operator status]
+
diff --git a/modules/nbde-tang-server-operator-removing-hidden-keys.adoc b/modules/nbde-tang-server-operator-removing-hidden-keys.adoc
new file mode 100644
index 000000000000..30e2f5c64c20
--- /dev/null
+++ b/modules/nbde-tang-server-operator-removing-hidden-keys.adoc
@@ -0,0 +1,95 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="deleting-hidden-keys-with-nbde-tang-server-operator_{context}"]
+= Deleting hidden keys with the NBDE Tang Server Operator
+
+After you rotate your Tang server keys, the previously active keys become hidden and are no longer advertised by the Tang instance. You can use the NBDE Tang Server Operator to remove encryption keys no longer used.
+
+WARNING:: Do not remove any hidden keys unless you are sure that all bound Clevis clients already use new keys.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+* You deployed a Tang server using the NBDE Tang Server Operator on your OpenShift cluster.
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. List the existing keys on your Tang server, for example:
++
+[source,terminal]
+----
+$ oc -n nbde describe tangserver
+----
++
+.Example output
+[source,terminal]
+----
+…
+Status:
+  Active Keys:
+	File Name:  	PvYQKtrTuYsMV2AomUeHrUWkCGg.jwk
+	Generated:  	2022-02-08 15:44:17.030090484 +0000
+	sha1:	    	PvYQKtrTuYsMV2AomUeHrUWkCGg
+	sha256:	    	QS82aXnPKA4XpfHr3umbA0r2iTbRcpWQ0VI2Qdhi6xg
+…
+----
+. Create a YAML file for removing all hidden keys, for example, `hidden-keys-deletion-tangserver.yaml`:
++
+.Example hidden-keys-deletion YAML for tang-operator
+[source,yaml]
+----
+apiVersion: daemons.redhat.com/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver
+  namespace: nbde
+  finalizers:
+    - finalizer.daemons.tangserver.redhat.com
+spec:
+  replicas: 1
+  hiddenKeys: [] <1>
+----
+<1> The empty array as the value of the `hiddenKeys` entry indicates you want to preserve no hidden keys on your Tang server.
+
+. Apply the YAML file:
++
+[source,terminal]
+----
+$ oc apply -f hidden-keys-deletion-tangserver.yaml
+----
+
+.Verification
+
+. After a certain amount of time depending on your configuration, check that the previous active key still exists, but no hidden key is available, for example:
++
+[source,terminal]
+----
+$ oc -n nbde describe tangserver
+----
++
+.Example output
+[source,terminal]
+----
+…
+Spec:
+  Hidden Keys:
+    sha1:    PvYQKtrTuYsMV2AomUeHrUWkCGg
+  Replicas:  1
+Status:
+  Active Keys:
+    File Name:  T-0wx1HusMeWx4WMOk4eK97Q5u4dY5tamdDs7_ughnY.jwk
+    Generated:  2023-10-25 15:38:18.134939752 +0000
+    sha1:       vVxkNCNq7gygeeA9zrHrbc3_NZ4
+    sha256:     T-0wx1HusMeWx4WMOk4eK97Q5u4dY5tamdDs7_ughnY
+Status:
+  Ready:                 1
+  Running:               1
+  Service External URL:  http://35.222.247.84:7500/adv
+  Tang Server Error:     No
+Events:
+…
+----
diff --git a/modules/nbde-tang-server-operator-rotating-keys.adoc b/modules/nbde-tang-server-operator-rotating-keys.adoc
new file mode 100644
index 000000000000..66801fdfe387
--- /dev/null
+++ b/modules/nbde-tang-server-operator-rotating-keys.adoc
@@ -0,0 +1,94 @@
+// Module included in the following assemblies:
+//
+// * security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rotating-keys-using-nbde-tang-server-operator_{context}"]
+= Rotating keys using the NBDE Tang Server Operator
+
+With the NBDE Tang Server Operator, you also can rotate your Tang server keys. The precise interval at which you should rotate them depends on your application, key sizes, and institutional policy.
+
+.Prerequisites
+
+* You must have `cluster-admin` privileges on an {product-title} cluster.
+* You deployed a Tang server using the NBDE Tang Server Operator on your OpenShift cluster.
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. List the existing keys on your Tang server, for example:
++
+[source,terminal]
+----
+$ oc -n nbde describe tangserver
+----
++
+.Example output
+[source,terminal]
+----
+…
+Status:
+  Active Keys:
+	File Name:  	QS82aXnPKA4XpfHr3umbA0r2iTbRcpWQ0VI2Qdhi6xg
+	Generated:  	2022-02-08 15:44:17.030090484 +0000
+	sha1:       	PvYQKtrTuYsMV2AomUeHrUWkCGg
+	sha256:     	QS82aXnPKA4XpfHr3umbA0r2iTbRcpWQ0VI2Qdhi6xg
+…	
+----
+. Create a YAML file for moving your active keys to hidden keys, for example, `minimal-keyretrieve-rotate-tangserver.yaml`:
++
+.Example key-rotation YAML for tang-operator
+[source,yaml]
+----
+apiVersion: daemons.redhat.com/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver
+  namespace: nbde
+  finalizers:
+    - finalizer.daemons.tangserver.redhat.com
+spec:
+  replicas: 1
+  hiddenKeys:
+    - sha1: "PvYQKtrTuYsMV2AomUeHrUWkCGg" <1>
+----
+<1> Specify the SHA-1 thumbprint of your active key to rotate it.
+
+. Apply the YAML file:
++
+[source,terminal]
+----
+$ oc apply -f minimal-keyretrieve-rotate-tangserver.yaml
+----
+
+.Verification
+
+. After a certain amount of time depending on your configuration, check that the previous `activeKey` value is the new `hiddenKey` value and the `activeKey` key file is newly generated, for example:
++
+[source,terminal]
+----
+$ oc -n nbde describe tangserver
+----
++
+.Example output
+[source,terminal]
+----
+…
+Spec:
+  Hidden Keys:
+    sha1:    PvYQKtrTuYsMV2AomUeHrUWkCGg
+  Replicas:  1
+Status:
+  Active Keys:
+    File Name:  T-0wx1HusMeWx4WMOk4eK97Q5u4dY5tamdDs7_ughnY.jwk
+    Generated:  2023-10-25 15:38:18.134939752 +0000
+    sha1:       vVxkNCNq7gygeeA9zrHrbc3_NZ4
+    sha256:     T-0wx1HusMeWx4WMOk4eK97Q5u4dY5tamdDs7_ughnY
+  Hidden Keys:
+    File Name:           .QS82aXnPKA4XpfHr3umbA0r2iTbRcpWQ0VI2Qdhi6xg.jwk
+    Generated:           2023-10-25 15:37:29.126928965 +0000
+    Hidden:              2023-10-25 15:38:13.515467436 +0000
+    sha1:                PvYQKtrTuYsMV2AomUeHrUWkCGg
+    sha256:              QS82aXnPKA4XpfHr3umbA0r2iTbRcpWQ0VI2Qdhi6xg
+…
+----
diff --git a/modules/nbde-troubleshooting-permanent-error-conditions.adoc b/modules/nbde-troubleshooting-permanent-error-conditions.adoc
index 6eff8c522f47..f6a4fa38cf58 100644
--- a/modules/nbde-troubleshooting-permanent-error-conditions.adoc
+++ b/modules/nbde-troubleshooting-permanent-error-conditions.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-troubleshooting-permanent-error-conditions_{context}"]
 = Troubleshooting permanent rekeying errors for Tang servers
 
diff --git a/modules/nbde-troubleshooting-temporary-error-conditions.adoc b/modules/nbde-troubleshooting-temporary-error-conditions.adoc
index 06a7f5db8275..43528940410a 100644
--- a/modules/nbde-troubleshooting-temporary-error-conditions.adoc
+++ b/modules/nbde-troubleshooting-temporary-error-conditions.adoc
@@ -2,7 +2,7 @@
 //
 // security/nbde-implementation-guide.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nbde-troubleshooting-temporary-error-conditions_{context}"]
 = Troubleshooting temporary rekeying errors for Tang servers
 
diff --git a/modules/nbde-using-tang-servers-for-disk-encryption.adoc b/modules/nbde-using-tang-servers-for-disk-encryption.adoc
index 3e1394dabf20..cc04dce21b51 100644
--- a/modules/nbde-using-tang-servers-for-disk-encryption.adoc
+++ b/modules/nbde-using-tang-servers-for-disk-encryption.adoc
@@ -7,6 +7,8 @@
 
 The following components and technologies implement Network-Bound Disk Encryption (NBDE).
 
+[[fig-NBDE-Clevis-Tang]]
+.NBDE scheme when using a LUKS1-encrypted volume. The luksmeta package is not used for LUKS2 volumes.
 image::179_OpenShift_NBDE_implementation_0821_3.png[Network-Bound Disk Encryption (NBDE), Clevis framework, Tang server]
 
 _Tang_ is a server for binding data to network presence. It makes a node containing the data available when the node is bound to a certain secure network. Tang is stateless and does not require Transport Layer Security (TLS) or authentication. Unlike escrow-based solutions, where the key server stores all encryption keys and has knowledge of every encryption key, Tang never interacts with any node keys, so it never gains any identifying information from the node.
diff --git a/modules/network-observability-SRIOV-configuration.adoc b/modules/network-observability-SRIOV-configuration.adoc
new file mode 100644
index 000000000000..c4cdacaf2767
--- /dev/null
+++ b/modules/network-observability-SRIOV-configuration.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * network_observability/configuring-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-SR-IOV-config_{context}"]
+= Configuring monitoring for SR-IOV interface traffic
+In order to collect traffic from a cluster with a Single Root I/O Virtualization (SR-IOV) device, you must set the `FlowCollector` `spec.agent.ebpf.privileged` field to `true`. Then, the eBPF agent monitors other network namespaces in addition to the host network namespaces, which are monitored by default. When a pod with a virtual functions (VF) interface is created, a new network namespace is created. With `SRIOVNetwork` policy `IPAM` configurations specified, the VF interface is migrated from the host network namespace to the pod network namespace.
+
+.Prerequisites
+* Access to an {product-title} cluster with a SR-IOV device.
+* The `SRIOVNetwork` custom resource (CR) `spec.ipam` configuration must be set with an IP address from the range that the interface lists or from other plugins.
+
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster* and then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource. A sample configuration is as follows:
++
+[id="network-observability-flowcollector-configuring-SRIOV-monitoring{context}"]
+.Configure `FlowCollector` for SR-IOV monitoring
+[source,yaml]
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  namespace: netobserv
+  deploymentModel: DIRECT
+  agent:
+    type: EBPF
+    ebpf:
+      privileged: true   <1>
+----
+<1> The `spec.agent.ebpf.privileged` field value must be set to `true` to enable SR-IOV monitoring.
\ No newline at end of file
diff --git a/modules/network-observability-architecture.adoc b/modules/network-observability-architecture.adoc
new file mode 100644
index 000000000000..3dd454a7e18f
--- /dev/null
+++ b/modules/network-observability-architecture.adoc
@@ -0,0 +1,17 @@
+//Module included in the following assemblies:
+//
+// network_observability/understanding-network-observability.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-architecture_{context}"]
+= Network Observablity Operator architecture
+
+The Network Observability Operator provides the `FlowCollector` API, which is instantiated at installation and configured to reconcile the `eBPF agent`, the `flowlogs-pipeline`, and the `netobserv-plugin` components. Only a single `FlowCollector` per cluster is supported.
+
+The `eBPF agent` runs on each cluster node with some privileges to collect network flows. The `flowlogs-pipeline` receives the network flows data and enriches the data with Kubernetes identifiers. If you are using Loki, the `flowlogs-pipeline` sends flow logs data to Loki for storing and indexing. The `netobserv-plugin`, which is a dynamic {product-title} web console plugin, queries Loki to fetch network flows data. Cluster-admins can view the data in the web console.
+
+image::network-observability-architecture.png[Network Observability eBPF export architecture]
+
+If you are using the Kafka option, the eBPF agent sends the network flow data to Kafka, and the `flowlogs-pipeline` reads from the Kafka topic before sending to Loki, as shown in the following diagram.
+
+image::network-observability-arch-kafka-FLP.png[Network Observability using Kafka]
\ No newline at end of file
diff --git a/modules/network-observability-auth-multi-tenancy.adoc b/modules/network-observability-auth-multi-tenancy.adoc
index a41a3d39761c..886295259acc 100644
--- a/modules/network-observability-auth-multi-tenancy.adoc
+++ b/modules/network-observability-auth-multi-tenancy.adoc
@@ -2,61 +2,16 @@
 
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-auth-mutli-tenancy_{context}"]
-= Configure authorization and multi-tenancy
-Define `ClusterRole` and `ClusterRoleBinding`. The `netobserv-reader` `ClusterRole` enables multi-tenancy and allows individual user access, or group access, to the flows stored in Loki. You can create a YAML file to define these roles.  
+= Configuring authorization and multi-tenancy
+Define `ClusterRole` and `ClusterRoleBinding`. The `netobserv-reader` `ClusterRole` enables multi-tenancy and allows individual user access, or group access, to the flows stored in Loki. You can create a YAML file to define these roles.
 
 .Procedure
 
-. Using the web console, click the Import icon, *+*. 
-. Drop your YAML file into the editor and click *Create*: 
+. Using the web console, click the Import icon, *+*.
+. Drop your YAML file into the editor and click *Create*:
 +
-[source, yaml]
-----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: netobserv-reader    <1>
-rules:
-- apiGroups:
-  - 'loki.grafana.com'
-  resources:
-  - network
-  resourceNames:
-  - logs
-  verbs:
-  - 'get'
-...
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: netobserv-writer
-rules:
-- apiGroups:
-  - 'loki.grafana.com'
-  resources:
-  - network
-  resourceNames:
-  - logs
-  verbs:
-  - 'create'
-...
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: netobserv-writer-flp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: netobserv-writer
-subjects:
-- kind: ServiceAccount
-  name: flowlogs-pipeline    <2>
-  namespace: netobserv
-- kind: ServiceAccount
-  name: flowlogs-pipeline-transformer
-  namespace: netobserv
-----
-<1> This role can be used for multi-tenancy. 
-<2> The `flowlogs-pipeline` writes to Loki. If you are using Kafka, this value is `flowlogs-pipeline-transformer`.
\ No newline at end of file
+include::snippets/network-observability-clusterrole-reader.adoc[]
+include::snippets/network-observability-clusterrole-writer.adoc[]
+include::snippets/network-observability-clusterrolebinding.adoc[]
\ No newline at end of file
diff --git a/modules/network-observability-configuring-FLP-sampling.adoc b/modules/network-observability-configuring-FLP-sampling.adoc
index 3a0961603d7f..d62118e2559a 100644
--- a/modules/network-observability-configuring-FLP-sampling.adoc
+++ b/modules/network-observability-configuring-FLP-sampling.adoc
@@ -2,7 +2,7 @@
 
 // * networking/network_observability/configuring-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-config-FLP-sampling_{context}"]
 
 = Updating the Flow Collector resource
diff --git a/modules/network-observability-configuring-options-overview.adoc b/modules/network-observability-configuring-options-overview.adoc
index b44a12382e0c..15e4671414fa 100644
--- a/modules/network-observability-configuring-options-overview.adoc
+++ b/modules/network-observability-configuring-options-overview.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="network-observability-configuring-options-overview_{context}"]
 = Configuring advanced options for the Overview view
 You can customize the graphical view by using advanced options. To access the advanced options, click *Show advanced options*.You can configure the details in the graph by using the *Display options* drop-down menu. The options available are:
diff --git a/modules/network-observability-configuring-options-topology.adoc b/modules/network-observability-configuring-options-topology.adoc
index c03257a98c29..9f7822e81218 100644
--- a/modules/network-observability-configuring-options-topology.adoc
+++ b/modules/network-observability-configuring-options-topology.adoc
@@ -2,13 +2,13 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="network-observability-configuring-options-topology_{context}"]
 = Configuring the advanced options for the Topology view
 You can customize and export the view by using *Show advanced options*. The advanced options view has the following features:
 
-* *Find in view*: To search the required components in the view. 
-* *Display options*: To configure the following options: 
+* *Find in view*: To search the required components in the view.
+* *Display options*: To configure the following options:
 +
 ** *Layout*: To select the layout of the graphical representation. The default value is *ColaNoForce*.
 ** *Scope*: To select the scope of components between which the network traffic flows. The default value is *Namespace*.
diff --git a/modules/network-observability-configuring-options-trafficflow.adoc b/modules/network-observability-configuring-options-trafficflow.adoc
index 3ae03ccb2e64..5946eb1e7fc2 100644
--- a/modules/network-observability-configuring-options-trafficflow.adoc
+++ b/modules/network-observability-configuring-options-trafficflow.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-configuring-options-trafficflow_{context}"]
 = Configuring advanced options for the Traffic flows view
 You can customize and export the view by using *Show advanced options*.
@@ -18,6 +18,6 @@ You can export data from the *Traffic flows* view.
 
 .Procedure
 
-. Click *Export data*. 
+. Click *Export data*.
 . In the pop-up window, you can select the *Export all data* checkbox to export all the data, and clear the checkbox to select the required fields to be exported.
 . Click *Export*.
\ No newline at end of file
diff --git a/modules/network-observability-configuring-quickfilters-flowcollector.adoc b/modules/network-observability-configuring-quickfilters-flowcollector.adoc
index 7e3a8f7824d9..314afa7b6237 100644
--- a/modules/network-observability-configuring-quickfilters-flowcollector.adoc
+++ b/modules/network-observability-configuring-quickfilters-flowcollector.adoc
@@ -2,11 +2,11 @@
 
 // * networking/network_observability/configuring-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-config-quick-filters_{context}"]
 = Configuring quick filters
 
-You can modify the filters in the `FlowCollector` resource. Exact matches are possible using double-quotes around values. Otherwise, partial matches are used for textual values. The bang (!) character, placed at the end of a key, means negation. See the sample `FlowCollector` resource for more context about modifying the YAML. 
+You can modify the filters in the `FlowCollector` resource. Exact matches are possible using double-quotes around values. Otherwise, partial matches are used for textual values. The bang (!) character, placed at the end of a key, means negation. See the sample `FlowCollector` resource for more context about modifying the YAML.
 
 [NOTE]
 ====
diff --git a/modules/network-observability-create-network-policy.adoc b/modules/network-observability-create-network-policy.adoc
new file mode 100644
index 000000000000..d8c97aed8874
--- /dev/null
+++ b/modules/network-observability-create-network-policy.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+
+// * networking/network_observability/network-observability-network-policy.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-network-policy_{context}"]
+= Creating a network policy for Network Observability
+You might need to create a network policy to secure ingress traffic to the `netobserv` namespace. In the web console, you can create a network policy using the form view.
+
+.Procedure
+. Navigate to *Networking* -> *NetworkPolicies*.
+. Select the `netobserv` project from the *Project* dropdown menu.
+. Name the policy. For this example, the policy name is `allow-ingress`.
+. Click *Add ingress rule* three times to create three ingress rules.
+. Specify the following in the form:
+.. Make the following specifications for the first *Ingress rule*:
+... From the *Add allowed source* dropdown menu, select *Allow pods from the same namespace*.
+.. Make the following specifications for the second *Ingress rule*:
+... From the *Add allowed source* dropdown menu, select *Allow pods from inside the cluster*.
+... Click *+ Add namespace selector*.
+... Add the label, `kubernetes.io/metadata.name`, and the selector, `openshift-console`.
+.. Make the following specifications for the third *Ingress rule*:
+... From the *Add allowed source* dropdown menu, select *Allow pods from inside the cluster*.
+... Click *+ Add namespace selector*.
+... Add the label, `kubernetes.io/metadata.name`, and the selector, `openshift-monitoring`.
+
+.Verification
+. Navigate to *Observe* -> *Network Traffic*.
+. View the *Traffic Flows* tab, or any tab, to verify that the data is displayed.
+. Navigate to *Observe* -> *Dashboards*. In the NetObserv/Health selection, verify that the flows are being ingested and sent to Loki, which is represented in the first graph.
\ No newline at end of file
diff --git a/modules/network-observability-disabling-health-alerts.adoc b/modules/network-observability-disabling-health-alerts.adoc
index 3f370b7435a6..256b3b5fd4be 100644
--- a/modules/network-observability-disabling-health-alerts.adoc
+++ b/modules/network-observability-disabling-health-alerts.adoc
@@ -2,14 +2,14 @@
 //
 // * network_observability/network-observability-operator-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-disable-alerts_{context}"]
 = Disabling health alerts
 You can opt out of health alerting by editing the `FlowCollector` resource:
 
 . In the web console, navigate to *Operators* -> *Installed Operators*.
-. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. 
-. Select *cluster* then select the *YAML* tab. 
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster* then select the *YAML* tab.
 . Add `spec.processor.metrics.disableAlerts` to disable health alerts, as in the following YAML sample:
 [source,yaml]
 ----
@@ -22,4 +22,4 @@ spec:
     metrics:
       disableAlerts: [NetObservLokiError, NetObservNoFlows] <1>
 ----
-<1> You can specify one or a list with both types of alerts to disable. 
\ No newline at end of file
+<1> You can specify one or a list with both types of alerts to disable.
\ No newline at end of file
diff --git a/modules/network-observability-dns-overview.adoc b/modules/network-observability-dns-overview.adoc
new file mode 100644
index 000000000000..dac32c630360
--- /dev/null
+++ b/modules/network-observability-dns-overview.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-dns-overview_{context}"]
+= DNS tracking
+You can configure graphical representation of Domain Name System (DNS) tracking of network flows in the *Overview* view. Using DNS tracking with extended Berkeley Packet Filter (eBPF) tracepoint hooks can serve various purposes:
+
+* Network Monitoring: Gain insights into DNS queries and responses, helping network administrators identify unusual patterns, potential bottlenecks, or performance issues.
+
+* Security Analysis: Detect suspicious DNS activities, such as domain name generation algorithms (DGA) used by malware, or identify unauthorized DNS resolutions that might indicate a security breach.
+
+* Troubleshooting: Debug DNS-related issues by tracing DNS resolution steps, tracking latency, and identifying misconfigurations.
+
+When DNS tracking is enabled, you can see the following metrics represented in a chart in the *Overview*. See the _Additional Resources_ in this section for more information about enabling and working with this view.
+
+* Top 5 average DNS latencies
+* Top 5 DNS response code
+* Top 5 DNS response code stacked with total
+
+This feature is supported for IPv4 and IPv6 UDP protocol.
\ No newline at end of file
diff --git a/modules/network-observability-dns-tracking.adoc b/modules/network-observability-dns-tracking.adoc
new file mode 100644
index 000000000000..64f7ab8803d0
--- /dev/null
+++ b/modules/network-observability-dns-tracking.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-dns-tracking_{context}"]
+= Working with DNS tracking
+Using DNS tracking, you can monitor your network, conduct security analysis, and troubleshoot DNS issues. You can track DNS by editing the `FlowCollector` to the specifications in the following YAML example.
+
+[IMPORTANT]
+====
+CPU and memory usage increases are observed in the eBPF agent when this feature is enabled.
+====
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster* then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource. A sample configuration is as follows:
++
+[id="network-observability-flowcollector-configuring-dns_{context}"]
+.Configure `FlowCollector` for DNS tracking
+[source, yaml]
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  namespace: netobserv
+  deploymentModel: DIRECT
+  agent:
+    type: EBPF
+    ebpf:
+      features:
+       - DNSTracking           <1>
+      privileged: true         <2>
+----
+<1> You can set the `spec.agent.ebpf.features` parameter list to enable DNS tracking of each network flow in the web console.
+<2> Note that the `spec.agent.ebpf.privileged` specification value must be `true` for DNS tracking to be enabled.
+
+. When you refresh the *Network Traffic* page, there are new DNS representations you can choose to view in the *Overview* and *Traffic Flow* views and new filters you can apply.
+.. Select new DNS choices in *Manage panels* to display graphical visualizations and DNS metrics in the *Overview*.
+.. Select new choices in *Manage columns* to add DNS columns to the *Traffic Flows* view.
+.. Filter on specific DNS metrics, such as *DNS Id*, *DNS Latency* and *DNS Response Code*, and see more information from the side panel.
\ No newline at end of file
diff --git a/modules/network-observability-enriched-flows-kafka.adoc b/modules/network-observability-enriched-flows-kafka.adoc
deleted file mode 100644
index 8d47bc6c7a82..000000000000
--- a/modules/network-observability-enriched-flows-kafka.adoc
+++ /dev/null
@@ -1,39 +0,0 @@
-// Module included in the following assemblies:
-//
-// network_observability/configuring-operator.adoc
-
-:_content-type: PROCEDURE
-[id="network-observability-enriched-flows-kafka_{context}"]
-= Export enriched network flow data
-
-You can send network flows to Kafka, so that they can be consumed by any processor or storage that supports Kafka input, such as Splunk, Elasticsearch, or Fluentd.
-
-.Prerequisites
-* Installed Kafka
-
-.Procedure
-
-. In the web console, navigate to *Operators* -> *Installed Operators*.
-. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. 
-. Select *cluster* and then select the *YAML* tab.
-. Edit the `FlowCollector` to configure `spec.exporters` as follows:
-+
-[source,yaml]
-----
-apiVersion: flows.netobserv.io/v1alpha1
-kind: FlowCollector
-metadata:
-  name: cluster
-spec:
-  exporters:
-  - type: KAFKA
-      kafka:
-        address: "kafka-cluster-kafka-bootstrap.netobserv"
-        topic: netobserv-flows-export   <1>
-        tls: 
-          enable: false                 <2>
-  
-----
-<1> The Network Observability Operator exports all flows to the configured Kafka topic.
-<2> You can encrypt all communications to and from Kafka with SSL/TLS or mTLS. When enabled, the Kafka CA certificate must be available as a ConfigMap or a Secret, both in the namespace where the `flowlogs-pipeline` processor component is deployed (default: netobserv). It must be referenced with `spec.exporters.tls.caCert`. When using mTLS, client secrets must be available in these namespaces as well (they can be generated for instance using the AMQ Streams User Operator) and referenced with `spec.exporters.tls.userCert`.
-. After configuration, network flows data can be sent to an available output in a JSON format. For more information, see _Network flows format reference_
\ No newline at end of file
diff --git a/modules/network-observability-enriched-flows.adoc b/modules/network-observability-enriched-flows.adoc
new file mode 100644
index 000000000000..95bbed7bdeb5
--- /dev/null
+++ b/modules/network-observability-enriched-flows.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// network_observability/configuring-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-enriched-flows_{context}"]
+= Export enriched network flow data
+
+You can send network flows to Kafka, IPFIX, or both at the same time. Any processor or storage that supports Kafka or IPFIX input, such as Splunk, Elasticsearch, or Fluentd, can consume the enriched network flow data.
+
+.Prerequisites
+* Your Kafka or IPFIX collector endpoint(s) are available from Network Observability `flowlogs-pipeline` pods.
+
+.Procedure
+
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster* and then select the *YAML* tab.
+. Edit the `FlowCollector` to configure `spec.exporters` as follows:
++
+[source,yaml]
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  exporters:
+  - type: KAFKA                         <3>
+      kafka:
+        address: "kafka-cluster-kafka-bootstrap.netobserv"
+        topic: netobserv-flows-export   <1>
+        tls:
+          enable: false                 <2>
+  - type: IPFIX                         <3>
+      ipfix:
+        targetHost: "ipfix-collector.ipfix.svc.cluster.local"
+        targetPort: 4739
+        transport: tcp or udp           <4>
+
+
+----
+<1> The Network Observability Operator exports all flows to the configured Kafka topic.
+<2> You can encrypt all communications to and from Kafka with SSL/TLS or mTLS. When enabled, the Kafka CA certificate must be available as a ConfigMap or a Secret, both in the namespace where the `flowlogs-pipeline` processor component is deployed (default: netobserv). It must be referenced with `spec.exporters.tls.caCert`. When using mTLS, client secrets must be available in these namespaces as well (they can be generated for instance using the AMQ Streams User Operator) and referenced with `spec.exporters.tls.userCert`.
+<3> You can export flows to IPFIX instead of or in conjunction with exporting flows to Kafka.
+<4> You have the option to specify transport. The default value is `tcp` but you can also specify `udp`.
+. After configuration, network flows data can be sent to an available output in a JSON format. For more information, see _Network flows format reference_.
diff --git a/modules/network-observability-flowcollector-api-specifications.adoc b/modules/network-observability-flowcollector-api-specifications.adoc
index 5ec9eac0d9f7..69659b2728c3 100644
--- a/modules/network-observability-flowcollector-api-specifications.adoc
+++ b/modules/network-observability-flowcollector-api-specifications.adoc
@@ -1,7 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-// Module included in the following assemblies:
-// networking/network_observability/flowcollector-api.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="network-observability-flowcollector-api-specifications_{context}"]
 = FlowCollector API specifications
 
@@ -37,9 +35,9 @@ Type::
 
 | `spec`
 | `object`
-| `FlowCollectorSpec` defines the desired state of the FlowCollector resource.  +
+| Defines the desired state of the FlowCollector resource.  +
  +
- *: the mention of _"unsupported"_, or _"deprecated"_ for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for instance, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only.
+ *: the mention of "unsupported", or "deprecated" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only.
 
 |===
 == .metadata
@@ -59,17 +57,14 @@ Type::
 Description::
 +
 --
-`FlowCollectorSpec` defines the desired state of the FlowCollector resource.  +
+Defines the desired state of the FlowCollector resource.  +
  +
- *: the mention of _"unsupported"_, or _"deprecated"_ for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for instance, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only.
+ *: the mention of "unsupported", or "deprecated" for a feature throughout this document means that this feature is not officially supported by Red Hat. It might have been, for example, contributed by the community and accepted without a formal agreement for maintenance. The product maintainers might provide some support for these features as a best effort only.
 --
 
 Type::
   `object`
 
-Required::
-  - `agent`
-  - `deploymentModel`
 
 
 
@@ -106,7 +101,7 @@ Required::
 
 | `namespace`
 | `string`
-| Namespace where NetObserv pods are deployed. If empty, the namespace of the operator is going to be used.
+| Namespace where Network Observability pods are deployed.
 
 | `processor`
 | `object`
@@ -123,8 +118,6 @@ Agent configuration for flows extraction.
 Type::
   `object`
 
-Required::
-  - `type`
 
 
 
@@ -138,13 +131,13 @@ Required::
 
 | `ipfix`
 | `object`
-| `ipfix` - _deprecated (*)_ - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type` is set to `IPFIX`.
+| `ipfix` [deprecated (*)] - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type` is set to `IPFIX`.
 
 | `type`
 | `string`
 | `type` selects the flows tracing agent. Possible values are: +
- - `EBPF` (default) to use NetObserv eBPF agent. +
- - `IPFIX` - _deprecated (*)_ - to use the legacy IPFIX collector. +
+ - `EBPF` (default) to use Network Observability eBPF agent. +
+ - `IPFIX` [deprecated (*)] - to use the legacy IPFIX collector. +
  `EBPF` is recommended as it offers better performances and should work regardless of the CNI installed on the cluster. `IPFIX` works with OVN-Kubernetes CNI (other CNIs could work if they support exporting IPFIX, but they would require manual configuration).
 
 |===
@@ -167,7 +160,7 @@ Type::
 
 | `cacheActiveTimeout`
 | `string`
-| `cacheActiveTimeout` is the max period during which the reporter will aggregate flows before sending. Increasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load, however you can expect higher memory consumption and an increased latency in the flow collection.
+| `cacheActiveTimeout` is the max period during which the reporter aggregates flows before sending. Increasing `cacheMaxFlows` and `cacheActiveTimeout` can decrease the network traffic overhead and the CPU load, however you can expect higher memory consumption and an increased latency in the flow collection.
 
 | `cacheMaxFlows`
 | `integer`
@@ -179,7 +172,15 @@ Type::
 
 | `excludeInterfaces`
 | `array (string)`
-| `excludeInterfaces` contains the interface names that will be excluded from flow tracing. An entry is enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string.
+| `excludeInterfaces` contains the interface names that are excluded from flow tracing. An entry is enclosed by slashes, such as `/br-/` and is matched as a regular expression. Otherwise it is matched as a case-sensitive string.
+
+| `features`
+| `array (string)`
+| List of additional features to enable. They are all disabled by default. Enabling additional features might have performance impacts. Possible values are: +
+ - `PacketDrop`: enable the packets drop flows logging feature. This feature requires mounting the kernel debug filesystem, so the eBPF pod has to run as privileged. If the `spec.agent.eBPF.privileged` parameter is not set, an error is reported. +
+ - `DNSTracking`: enable the DNS tracking feature. This feature requires mounting the kernel debug filesystem hence the eBPF pod has to run as privileged. If the `spec.agent.eBPF.privileged` parameter is not set, an error is reported. +
+ - `FlowRTT` [unsupported (*)]: enable flow latency (RTT) calculations in the eBPF agent during TCP handshakes. This feature better works with `sampling` set to 1. +
+
 
 | `imagePullPolicy`
 | `string`
@@ -187,7 +188,7 @@ Type::
 
 | `interfaces`
 | `array (string)`
-| `interfaces` contains the interface names from where flows will be collected. If empty, the agent will fetch all the interfaces in the system, excepting the ones listed in ExcludeInterfaces. An entry is enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string.
+| `interfaces` contains the interface names from where flows are collected. If empty, the agent fetches all the interfaces in the system, excepting the ones listed in ExcludeInterfaces. An entry is enclosed by slashes, such as `/br-/`, is matched as a regular expression. Otherwise it is matched as a case-sensitive string.
 
 | `kafkaBatchSize`
 | `integer`
@@ -195,11 +196,11 @@ Type::
 
 | `logLevel`
 | `string`
-| `logLevel` defines the log level for the NetObserv eBPF Agent
+| `logLevel` defines the log level for the Network Observability eBPF Agent
 
 | `privileged`
 | `boolean`
-| Privileged mode for the eBPF Agent container. In general this setting can be ignored or set to false: in that case, the operator will set granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, to enable its correct operation. If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF is in use, then you can turn on this mode for more global privileges.
+| Privileged mode for the eBPF Agent container. In general this setting can be ignored or set to false: in that case, the operator sets granular capabilities (BPF, PERFMON, NET_ADMIN, SYS_RESOURCE) to the container, to enable its correct operation. If for some reason these capabilities cannot be set, such as if an old kernel version not knowing CAP_BPF is in use, then you can turn on this mode for more global privileges.
 
 | `resources`
 | `object`
@@ -255,14 +256,14 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 == .spec.agent.ipfix
 Description::
 +
 --
-`ipfix` - _deprecated (*)_ - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type` is set to `IPFIX`.
+`ipfix` [deprecated (*)] - describes the settings related to the IPFIX-based flow reporter when `spec.agent.type` is set to `IPFIX`.
 --
 
 Type::
@@ -277,11 +278,11 @@ Type::
 
 | `cacheActiveTimeout`
 | `string`
-| `cacheActiveTimeout` is the max period during which the reporter will aggregate flows before sending
+| `cacheActiveTimeout` is the max period during which the reporter aggregates flows before sending.
 
 | `cacheMaxFlows`
 | `integer`
-| `cacheMaxFlows` is the max number of flows in an aggregate; when reached, the reporter sends the flows
+| `cacheMaxFlows` is the max number of flows in an aggregate; when reached, the reporter sends the flows.
 
 | `clusterNetworkOperator`
 | `object`
@@ -373,6 +374,10 @@ Type::
 | `object`
 | `autoscaler` spec of a horizontal pod autoscaler to set up for the plugin Deployment. Refer to HorizontalPodAutoscaler documentation (autoscaling/v2).
 
+| `enable`
+| `boolean`
+| enable the console plugin deployment. spec.Loki.enable must also be true
+
 | `imagePullPolicy`
 | `string`
 | `imagePullPolicy` is the Kubernetes pull policy for the image defined above
@@ -488,7 +493,7 @@ Required::
 
 | `name`
 | `string`
-| Name of the filter, that will be displayed in Console
+| Name of the filter, that is displayed in the Console
 
 |===
 == .spec.consolePlugin.resources
@@ -514,7 +519,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 == .spec.exporters
@@ -551,7 +556,7 @@ Required::
 
 | `ipfix`
 | `object`
-| IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to. _Unsupported (*)_.
+| IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to.
 
 | `kafka`
 | `object`
@@ -559,14 +564,14 @@ Required::
 
 | `type`
 | `string`
-| `type` selects the type of exporters. The available options are `KAFKA` and `IPFIX`. `IPFIX` is _unsupported (*)_.
+| `type` selects the type of exporters. The available options are `KAFKA` and `IPFIX`.
 
 |===
 == .spec.exporters[].ipfix
 Description::
 +
 --
-IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to. _Unsupported (*)_.
+IPFIX configuration, such as the IP address and port to send enriched IPFIX flows to.
 --
 
 Type::
@@ -619,20 +624,122 @@ Required::
 | `string`
 | Address of the Kafka server
 
+| `sasl`
+| `object`
+| SASL authentication configuration. [Unsupported (*)].
+
 | `tls`
 | `object`
-| TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. Note that, when eBPF agents are used, the Kafka certificate needs to be copied in the agent namespace (by default it is `netobserv-privileged`).
+| TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
 
 | `topic`
 | `string`
-| Kafka topic to use. It must exist, NetObserv will not create it.
+| Kafka topic to use. It must exist. Network Observability does not create it.
+
+|===
+== .spec.exporters[].kafka.sasl
+Description::
++
+--
+SASL authentication configuration. [Unsupported (*)].
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientIDReference`
+| `object`
+| Reference to the secret or config map containing the client ID
+
+| `clientSecretReference`
+| `object`
+| Reference to the secret or config map containing the client secret
+
+| `type`
+| `string`
+| Type of SASL authentication to use, or `DISABLED` if SASL is not used
+
+|===
+== .spec.exporters[].kafka.sasl.clientIDReference
+Description::
++
+--
+Reference to the secret or config map containing the client ID
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `file`
+| `string`
+| File name within the config map or secret
+
+| `name`
+| `string`
+| Name of the config map or secret containing the file
+
+| `namespace`
+| `string`
+| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+| `type`
+| `string`
+| Type for the file reference: "configmap" or "secret"
+
+|===
+== .spec.exporters[].kafka.sasl.clientSecretReference
+Description::
++
+--
+Reference to the secret or config map containing the client secret
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `file`
+| `string`
+| File name within the config map or secret
+
+| `name`
+| `string`
+| Name of the config map or secret containing the file
+
+| `namespace`
+| `string`
+| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+| `type`
+| `string`
+| Type for the file reference: "configmap" or "secret"
 
 |===
 == .spec.exporters[].kafka.tls
 Description::
 +
 --
-TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. Note that, when eBPF agents are used, the Kafka certificate needs to be copied in the agent namespace (by default it is `netobserv-privileged`).
+TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
 --
 
 Type::
@@ -693,7 +800,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -731,7 +838,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -762,20 +869,122 @@ Required::
 | `string`
 | Address of the Kafka server
 
+| `sasl`
+| `object`
+| SASL authentication configuration. [Unsupported (*)].
+
 | `tls`
 | `object`
-| TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. Note that, when eBPF agents are used, the Kafka certificate needs to be copied in the agent namespace (by default it is `netobserv-privileged`).
+| TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
 
 | `topic`
 | `string`
-| Kafka topic to use. It must exist, NetObserv will not create it.
+| Kafka topic to use. It must exist, Network Observability does not create it.
+
+|===
+== .spec.kafka.sasl
+Description::
++
+--
+SASL authentication configuration. [Unsupported (*)].
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientIDReference`
+| `object`
+| Reference to the secret or config map containing the client ID
+
+| `clientSecretReference`
+| `object`
+| Reference to the secret or config map containing the client secret
+
+| `type`
+| `string`
+| Type of SASL authentication to use, or `DISABLED` if SASL is not used
+
+|===
+== .spec.kafka.sasl.clientIDReference
+Description::
++
+--
+Reference to the secret or config map containing the client ID
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `file`
+| `string`
+| File name within the config map or secret
+
+| `name`
+| `string`
+| Name of the config map or secret containing the file
+
+| `namespace`
+| `string`
+| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+| `type`
+| `string`
+| Type for the file reference: "configmap" or "secret"
+
+|===
+== .spec.kafka.sasl.clientSecretReference
+Description::
++
+--
+Reference to the secret or config map containing the client secret
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `file`
+| `string`
+| File name within the config map or secret
+
+| `name`
+| `string`
+| Name of the config map or secret containing the file
+
+| `namespace`
+| `string`
+| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+| `type`
+| `string`
+| Type for the file reference: "configmap" or "secret"
 
 |===
 == .spec.kafka.tls
 Description::
 +
 --
-TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093. Note that, when eBPF agents are used, the Kafka certificate needs to be copied in the agent namespace (by default it is `netobserv-privileged`).
+TLS client configuration. When using TLS, verify that the address matches the Kafka port used for TLS, generally 9093.
 --
 
 Type::
@@ -836,7 +1045,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -874,7 +1083,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -901,9 +1110,9 @@ Type::
 | `authToken`
 | `string`
 | `authToken` describes the way to get a token to authenticate to Loki. +
- - `DISABLED` will not send any token with the request. +
- - `FORWARD` will forward the user token for authorization. +
- - `HOST` - _deprecated (*)_ - will use the local pod service account to authenticate to Loki. +
+ - `DISABLED` does not send any token with the request. +
+ - `FORWARD` forwards the user token for authorization. +
+ - `HOST` [deprecated (*)] - uses the local pod service account to authenticate to Loki. +
  When using the Loki Operator, this must be set to `FORWARD`.
 
 | `batchSize`
@@ -914,6 +1123,10 @@ Type::
 | `string`
 | `batchWait` is the maximum time to wait before sending a batch.
 
+| `enable`
+| `boolean`
+| Set to `enable` to store flows to Loki. It is required for the {product-title} Console plugin installation.
+
 | `maxBackoff`
 | `string`
 | `maxBackoff` is the maximum backoff time for client connection between retries.
@@ -928,7 +1141,7 @@ Type::
 
 | `querierUrl`
 | `string`
-| `querierURL` specifies the address of the Loki querier service, in case it is different from the Loki ingester URL. If empty, the URL value will be used (assuming that the Loki ingester and querier are in the same server). When using the Loki Operator, do not set it, since ingestion and queries use the Loki gateway.
+| `querierURL` specifies the address of the Loki querier service, in case it is different from the Loki ingester URL. If empty, the URL value is used (assuming that the Loki ingester and querier are in the same server). When using the Loki Operator, do not set it, since ingestion and queries use the Loki gateway.
 
 | `staticLabels`
 | `object (string)`
@@ -940,7 +1153,7 @@ Type::
 
 | `statusUrl`
 | `string`
-| `statusURL` specifies the address of the Loki `/ready`, `/metrics` and `/config` endpoints, in case it is different from the Loki querier URL. If empty, the `querierURL` value will be used. This is useful to show error messages and some context in the frontend. When using the Loki Operator, set it to the Loki HTTP query frontend service, for example https://loki-query-frontend-http.netobserv.svc:3100/. `statusTLS` configuration will be used when `statusUrl` is set.
+| `statusURL` specifies the address of the Loki `/ready`, `/metrics` and `/config` endpoints, in case it is different from the Loki querier URL. If empty, the `querierURL` value is used. This is useful to show error messages and some context in the frontend. When using the Loki Operator, set it to the Loki HTTP query frontend service, for example https://loki-query-frontend-http.netobserv.svc:3100/. `statusTLS` configuration is used when `statusUrl` is set.
 
 | `tenantID`
 | `string`
@@ -1024,7 +1237,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -1062,7 +1275,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -1134,7 +1347,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -1172,7 +1385,7 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
@@ -1196,6 +1409,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `clusterName`
+| `string`
+| `clusterName` is the name of the cluster to appear in the flows data. This is useful in a multi-cluster context. When using {product-title}, leave empty to make it automatically determined.
+
 | `conversationEndTimeout`
 | `string`
 | `conversationEndTimeout` is the time to wait after a network flow is received, to consider the conversation ended. This delay is ignored when a FIN packet is collected for TCP flows (see `conversationTerminatingTimeout` instead).
@@ -1234,7 +1451,7 @@ Type::
 
 | `kafkaConsumerBatchSize`
 | `integer`
-| `kafkaConsumerBatchSize` indicates to the broker the maximum batch size, in bytes, that the consumer will accept. Ignored when not using Kafka. Default: 10MB.
+| `kafkaConsumerBatchSize` indicates to the broker the maximum batch size, in bytes, that the consumer accepts. Ignored when not using Kafka. Default: 10MB.
 
 | `kafkaConsumerQueueCapacity`
 | `integer`
@@ -1335,7 +1552,7 @@ Type::
 
 | `ignoreTags`
 | `array (string)`
-| `ignoreTags` is a list of tags to specify which metrics to ignore. Each metric is associated with a list of tags. More details in https://github.com/netobserv/network-observability-operator/tree/main/controllers/flowlogspipeline/metrics_definitions . Available tags are: `egress`, `ingress`, `flows`, `bytes`, `packets`, `namespaces`, `nodes`, `workloads`.
+| `ignoreTags` is a list of tags to specify which metrics to ignore. Each metric is associated with a list of tags. More details in https://github.com/netobserv/network-observability-operator/tree/main/controllers/flowlogspipeline/metrics_definitions . Available tags are: `egress`, `ingress`, `flows`, `bytes`, `packets`, `namespaces`, `nodes`, `workloads`, `nodes-flows`, `namespaces-flows`, `workloads-flows`. Namespace-based metrics are covered by both `workloads` and `namespaces` tags, hence it is recommended to always ignore one of them (`workloads` offering a finer granularity).
 
 | `server`
 | `object`
@@ -1385,10 +1602,18 @@ Type::
 |===
 | Property | Type | Description
 
+| `insecureSkipVerify`
+| `boolean`
+| `insecureSkipVerify` allows skipping client-side verification of the provided certificate. If set to true, the `providedCaFile` field is ignored.
+
 | `provided`
 | `object`
 | TLS configuration when `type` is set to `PROVIDED`.
 
+| `providedCaFile`
+| `object`
+| Reference to the CA file when `type` is set to `PROVIDED`.
+
 | `type`
 | `string`
 | Select the type of TLS configuration: +
@@ -1426,12 +1651,46 @@ Type::
 
 | `namespace`
 | `string`
-| Namespace of the config map or secret containing certificates. If omitted, assumes the same namespace as where NetObserv is deployed. If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
+| Namespace of the config map or secret containing certificates. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
 
 | `type`
 | `string`
 | Type for the certificate reference: `configmap` or `secret`
 
+|===
+== .spec.processor.metrics.server.tls.providedCaFile
+Description::
++
+--
+Reference to the CA file when `type` is set to `PROVIDED`.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `file`
+| `string`
+| File name within the config map or secret
+
+| `name`
+| `string`
+| Name of the config map or secret containing the file
+
+| `namespace`
+| `string`
+| Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where Network Observability is deployed. If the namespace is different, the config map or the secret is copied so that it can be mounted as required.
+
+| `type`
+| `string`
+| Type for the file reference: "configmap" or "secret"
+
 |===
 == .spec.processor.resources
 Description::
@@ -1456,6 +1715,6 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
-|===
+|===
\ No newline at end of file
diff --git a/modules/network-observability-flowcollector-kafka-config.adoc b/modules/network-observability-flowcollector-kafka-config.adoc
index b8bbb50bee60..7d7603889817 100644
--- a/modules/network-observability-flowcollector-kafka-config.adoc
+++ b/modules/network-observability-flowcollector-kafka-config.adoc
@@ -2,17 +2,32 @@
 
 // * networking/network_observability/configuring-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-flowcollector-kafka-config_{context}"]
 = Configuring the Flow Collector resource with Kafka
-You can configure the `FlowCollector` resource to use Kafka. A Kafka instance needs to be running, and a Kafka topic dedicated to {product-title} Network Observability must be created in that instance. For more information, refer to your Kafka documentation, such as link:https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/html/using_amq_streams_on_openshift/using-the-topic-operator-str[Kafka documentation with AMQ Streams].
+You can configure the `FlowCollector` resource to use Kafka for high-throughput and low-latency data feeds. A Kafka instance needs to be running, and a Kafka topic dedicated to {product-title} Network Observability must be created in that instance. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/html/using_amq_streams_on_openshift/using-the-topic-operator-str[Kafka documentation with AMQ Streams].
 
-The following example shows how to modify the `FlowCollector` resource for {product-title} Network Observability operator to use Kafka:
+.Prerequisites
+* Kafka is installed. Red Hat supports Kafka with AMQ Streams Operator.
+
+.Procedure
+. In the web console, navigate to *Operators* → *Installed Operators*.
+
+. Under the *Provided APIs* heading for the Network Observability Operator, select *Flow Collector*.
+
+. Select the cluster and then click the *YAML* tab.
+
+. Modify the `FlowCollector` resource for {product-title} Network Observability Operator to use Kafka, as shown in the following sample YAML:
 
 .Sample Kafka configuration in `FlowCollector` resource
 [id="network-observability-flowcollector-configuring-kafka-sample_{context}"]
 [source, yaml]
 ----
+apiVersion: flows.netobserv.io/v1beta1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
   deploymentModel: KAFKA                                    <1>
   kafka:
     address: "kafka-cluster-kafka-bootstrap.netobserv"      <2>
diff --git a/modules/network-observability-flowcollector-view.adoc b/modules/network-observability-flowcollector-view.adoc
index 4c6491df9df4..87857cebccac 100644
--- a/modules/network-observability-flowcollector-view.adoc
+++ b/modules/network-observability-flowcollector-view.adoc
@@ -2,15 +2,15 @@
 
 // * networking/network_observability/configuring-operators.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-flowcollector-view_{context}"]
-= View the FlowCollector resource 
-You can view and edit YAML directly in the {product-title} web console. 
+= View the FlowCollector resource
+You can view and edit YAML directly in the {product-title} web console.
 
 .Procedure
 . In the web console, navigate to *Operators* -> *Installed Operators*.
-. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. 
-. Select *cluster* then select the *YAML* tab. There, you can modify the `FlowCollector` resource to configure the Network Observability operator. 
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster* then select the *YAML* tab. There, you can modify the `FlowCollector` resource to configure the Network Observability operator.
 
 The following example shows a sample `FlowCollector` resource for {product-title} Network Observability operator:
 [id="network-observability-flowcollector-configuring-about-sample_{context}"]
@@ -57,6 +57,7 @@ spec:
         type: configmap
         name: loki-gateway-ca-bundle
         certFile: service-ca.crt
+        namespace: loki-namespace          #  <5>
   consolePlugin:
     register: true
     logLevel: info
@@ -64,7 +65,7 @@ spec:
       enable: true
       portNames:
         "3100": loki
-    quickFilters:                             <5>
+    quickFilters:                             <6>
     - name: Applications
       filter:
         src_namespace!: 'openshift-,netobserv'
@@ -86,5 +87,6 @@ spec:
 <1> The Agent specification, `spec.agent.type`, must be `EBPF`. eBPF is the only {product-title} supported option.
 <2> You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. Lower sampling values might consume a large amount of computational, memory and storage resources. You can mitigate this by specifying a sampling ratio value. A value of 100 means 1 flow every 100 is sampled. A value of 0 or 1 means all flows are captured. The lower the value, the increase in returned flows and the accuracy of derived metrics. By default, eBPF sampling is set to a value of 50, so 1 flow every 50 is sampled. Note that more sampled flows also means more storage needed. It is recommend to start with default values and refine empirically, to determine which setting your cluster can manage.
 <3> The optional specifications `spec.processor.logTypes`, `spec.processor.conversationHeartbeatInterval`, and `spec.processor.conversationEndTimeout` can be set to enable conversation tracking. When enabled, conversation events are queryable in the web console. The values for `spec.processor.logTypes` are as follows: `FLOWS` `CONVERSATIONS`, `ENDED_CONVERSATIONS`, or `ALL`. Storage requirements are highest for `ALL` and lowest for `ENDED_CONVERSATIONS`.
-<4> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the Loki Operator section. If you used another installation method for Loki, specify the appropriate client information for your install.
-<5> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.
+<4> The Loki specification, `spec.loki`, specifies the Loki client. The default values match the Loki install paths mentioned in the Installing the {loki-op} section. If you used another installation method for Loki, specify the appropriate client information for your install.
+<5> The original certificates are copied to the Network Observability instance namespace and watched for updates. When not provided, the namespace defaults to be the same as "spec.namespace". If you chose to install Loki in a different namespace, you must specify it in the `spec.loki.tls.caCert.namespace` field.   Similarly, the `spec.exporters.kafka.tls.caCert.namespace` field is available for Kafka installed in a different namespace.
+<6> The `spec.quickFilters` specification defines filters that show up in the web console. The `Application` filter keys,`src_namespace` and `dst_namespace`, are negated (`!`), so the `Application` filter shows all traffic that _does not_ originate from, or have a destination to, any `openshift-` or `netobserv` namespaces. For more information, see Configuring quick filters below.
diff --git a/modules/network-observability-flows-format.adoc b/modules/network-observability-flows-format.adoc
index 3efb80076797..46217a6e0b99 100644
--- a/modules/network-observability-flows-format.adoc
+++ b/modules/network-observability-flows-format.adoc
@@ -1,18 +1,17 @@
-// Automatically generated by 'hack/asciidoc-flows-gen.sh'. Do not edit.
-// Module included in the following assemblies:
-// json-flows-format-reference.adoc
-
-:_content-type: REFERENCE
+// Automatically generated by 'hack/asciidoc-flows-gen.sh'. Do not edit, or make the NETOBSERV team aware of the editions.
+:_mod-docs-content-type: REFERENCE
 [id="network-observability-flows-format_{context}"]
 = Network Flows format reference
+
+This is the specification of the network flows format, used both internally and when exporting flows to Kafka.
+
 The document is organized in two main categories: _Labels_ and regular _Fields_. This distinction only matters when querying Loki. This is because _Labels_, unlike _Fields_, must be used in link:https://grafana.com/docs/loki/latest/logql/log_queries/#log-stream-selector[stream selectors].
 
-If you are reading this specification as a reference for the Kafka export feature, you must treat all _Labels_ and _Fields_ as regualr fields and ignore any distinctions between them that are specific to Loki.
+If you are reading this specification as a reference for the Kafka export feature, you must treat all _Labels_ and _Fields_ as regular fields and ignore any distinctions between them that are specific to Loki.
 
 
 == Labels
 
-'''
 
 SrcK8S_Namespace::
 
@@ -48,7 +47,7 @@ Destination owner, such as Deployment, StatefulSet, etc.
 
 FlowDirection::
 
-• *FlowDirection*: see the following section, _Enumeration: FlowDirection_ for more details.
+• *FlowDirection*: `FlowDirection` (see the following section, Enumeration: FlowDirection)
 
 Flow direction from the node observation point
 
@@ -61,9 +60,9 @@ _RecordType::
 Type of record: 'flowLog' for regular flow logs, or 'allConnections',
 'newConnection', 'heartbeat', 'endConnection' for conversation tracking
 
+
 == Fields
 
-'''
 
 SrcAddr::
 
@@ -131,7 +130,7 @@ Kind of the destination matched Kubernetes object, such as Pod name, Service nam
 
 SrcPort::
 
-• *SrcPort*: `number`
+• `Optional` *SrcPort*: `number`
 
 Source port
 
@@ -139,7 +138,7 @@ Source port
 
 DstPort::
 
-• *DstPort*: `number`
+• `Optional` *DstPort*: `number`
 
 Destination port
 
@@ -208,12 +207,28 @@ Interface::
 Network interface
 
 '''
-Packets::
 
-• *Packets*: `number`
+IfDirection::
 
-Number of packets in this flow
+• `Optional` *IfDirection*: `InterfaceDirection` (see the following section, Enumeration: InterfaceDirection)
 
+Flow direction from the network interface observation point
+
+'''
+
+Flags::
+
+• `Optional` *Flags*: `number`
+
+TCP flags
+
+'''
+
+Packets::
+
+• `Optional` *Packets*: `number`
+
+Number of packets
 
 '''
 
@@ -235,9 +250,9 @@ In conversation tracking, B to A packets counter per conversation
 
 Bytes::
 
-• *Bytes*: `number`
+• `Optional` *Bytes*: `number`
 
-Number of bytes in this flow
+Number of bytes
 
 '''
 
@@ -257,6 +272,126 @@ In conversation tracking, B to A bytes counter per conversation
 
 '''
 
+IcmpType::
+
+• `Optional` *IcmpType*: `number`
+
+ICMP type
+
+'''
+
+IcmpCode::
+
+• `Optional` *IcmpCode*: `number`
+
+ICMP code
+
+'''
+
+PktDropLatestState::
+
+• `Optional` *PktDropLatestState*: `string`
+
+Pkt TCP state for drops
+
+'''
+
+PktDropLatestDropCause::
+
+• `Optional` *PktDropLatestDropCause*: `string`
+
+Pkt cause for drops
+
+'''
+
+PktDropLatestFlags::
+
+• `Optional` *PktDropLatestFlags*: `number`
+
+Pkt TCP flags for drops
+
+'''
+
+PktDropPackets::
+
+• `Optional` *PktDropPackets*: `number`
+
+Number of packets dropped by the kernel
+
+'''
+
+PktDropPackets_AB::
+
+• `Optional` *PktDropPackets_AB*: `number`
+
+In conversation tracking, A to B packets dropped counter per conversation
+
+'''
+
+PktDropPackets_BA::
+
+• `Optional` *PktDropPackets_BA*: `number`
+
+In conversation tracking, B to A packets dropped counter per conversation
+
+'''
+
+PktDropBytes::
+
+• `Optional` *PktDropBytes*: `number`
+
+Number of bytes dropped by the kernel
+
+'''
+
+PktDropBytes_AB::
+
+• `Optional` *PktDropBytes_AB*: `number`
+
+In conversation tracking, A to B bytes dropped counter per conversation
+
+'''
+
+PktDropBytes_BA::
+
+• `Optional` *PktDropBytes_BA*: `number`
+
+In conversation tracking, B to A bytes dropped counter per conversation
+
+'''
+
+DnsId::
+
+• `Optional` *DnsId*: `number`
+
+DNS record id
+
+'''
+
+DnsFlags::
+
+• `Optional` *DnsFlags*: `number`
+
+DNS flags for DNS record
+
+'''
+
+DnsFlagsResponseCode::
+
+• `Optional` *DnsFlagsResponseCode*: `string`
+
+Parsed DNS header RCODEs name
+
+'''
+
+DnsLatencyMs::
+
+• `Optional` *DnsLatencyMs*: `number`
+
+Calculated time between response and request, in milliseconds
+
+'''
+
 TimeFlowStartMs::
 
 • *TimeFlowStartMs*: `number`
@@ -281,6 +416,14 @@ Timestamp when this flow was received and processed by the flow collector, in se
 
 '''
 
+TimeFlowRttNs::
+
+• `Optional` *TimeFlowRttNs*: `number`
+
+Flow Round Trip Time (RTT) in nanoseconds
+
+'''
+
 _HashId::
 
 • `Optional` *_HashId*: `string`
@@ -303,15 +446,15 @@ numFlowLogs::
 
 In conversation tracking, a counter of flow logs per conversation
 
+
 == Enumeration: FlowDirection
 
-'''
 
 Ingress::
 
 • *Ingress* = `"0"`
 
-Incoming traffic, from node observation point
+Incoming traffic, from the node observation point
 
 '''
 
@@ -319,4 +462,12 @@ Egress::
 
 • *Egress* = `"1"`
 
-Outgoing traffic, from node observation point
\ No newline at end of file
+Outgoing traffic, from the node observation point
+
+'''
+
+Inner::
+
+• *Inner* = `"2"`
+
+Inner traffic, with the same source and destination node
\ No newline at end of file
diff --git a/modules/network-observability-histogram-trafficflow.adoc b/modules/network-observability-histogram-trafficflow.adoc
index bd8d89d1f4e9..9f27392c5017 100644
--- a/modules/network-observability-histogram-trafficflow.adoc
+++ b/modules/network-observability-histogram-trafficflow.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-histogram-trafficflow_{context}"]
 == Using the histogram
 You can click *Show histogram* to display a toolbar view for visualizing the history of flows as a bar chart. The histogram shows the number of logs over time. You can select a part of the histogram to filter the network flow data in the table that follows the toolbar.
\ No newline at end of file
diff --git a/modules/network-observability-kafka-option.adoc b/modules/network-observability-kafka-option.adoc
index e7ead259281d..354b119eaf7a 100644
--- a/modules/network-observability-kafka-option.adoc
+++ b/modules/network-observability-kafka-option.adoc
@@ -2,12 +2,12 @@
 
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-kafka-option_{context}"]
 = Installing Kafka (optional)
-The Kafka Operator is supported for large scale environments. You can install the Kafka Operator as link:https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2[Red Hat AMQ Streams] from the Operator Hub, just as the Loki Operator and Network Observability Operator were installed. 
+The Kafka Operator is supported for large scale environments. Kafka provides high-throughput and low-latency data feeds for forwarding network flow data in a more resilient, scalable way. You can install the Kafka Operator as link:https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.2[Red Hat AMQ Streams] from the Operator Hub, just as the {loki-op} and Network Observability Operator were installed. Refer to "Configuring the FlowCollector resource with Kafka" to configure Kafka as a storage option.
 
 [NOTE]
 ====
-To uninstall Kafka, refer to the uninstallation process that corresponds with the method you used to install.  
-====
\ No newline at end of file
+To uninstall Kafka, refer to the uninstallation process that corresponds with the method you used to install.
+====
diff --git a/modules/network-observability-loki-install.adoc b/modules/network-observability-loki-install.adoc
index 817b39f47b5a..87d871e877df 100644
--- a/modules/network-observability-loki-install.adoc
+++ b/modules/network-observability-loki-install.adoc
@@ -2,59 +2,27 @@
 
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-loki-installation_{context}"]
-= Installing the Loki Operator
-It is recommended to install link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7], This version provides the ability to create a LokiStack instance using the `openshift-network` tenant configuration mode. It also provides fully automatic, in-cluster authentication and authorization support for Network Observability.
+= Installing the {loki-op}
+The link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[{loki-op} versions 5.7+] are the supported {loki-op} versions for Network Observabilty; these versions provide the ability to create a `LokiStack` instance using the `openshift-network` tenant configuration mode and provide fully-automatic, in-cluster authentication and authorization support for Network Observability. There are several ways you can install Loki. One way is by using the {product-title} web console Operator Hub.
 
 .Prerequisites
 
 * Supported Log Store (AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation)
-* {product-title} 4.10+.
-* Linux Kernel 4.18+.
-
-//* <Any Loki install prerequisites for using with Network Observability operator?>
-
-There are several ways you can install Loki. One way you can install the Loki Operator is by using the {product-title} web console Operator Hub. 
-
+* {product-title} 4.10+
+* Linux Kernel 4.18+
 
 .Procedure
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+. Choose  *{loki-op}* from the list of available Operators, and click *Install*.
+. Under *Installation Mode*, select *All namespaces on the cluster*.
 
-. Install the `Loki Operator` Operator:
-
-.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
-
-.. Choose  *Loki Operator* from the list of available Operators, and click *Install*.
-
-.. Under *Installation Mode*, select *All namespaces on the cluster*.
-
-.. Verify that you installed the Loki Operator. Visit the *Operators* → *Installed Operators* page and look for *Loki Operator*.
-
-.. Verify that *Loki Operator* is listed with *Status* as *Succeeded* in all the projects.
-+
-. Create a `Secret` YAML file. You can create this secret in the web console or CLI. 
-.. Using the web console, navigate to the *Project* -> *All Projects* dropdown and select *Create Project*. Name the project `netobserv` and click *Create*.
-.. Navigate to the Import icon ,*+*, in the top right corner. Drop your YAML file into the editor. It is important to create this YAML file in the `netobserv` namespace that uses the `access_key_id` and `access_key_secret` to specify your credentials. 
-
-.. Once you create the secret, you should see it listed under *Workloads* -> *Secrets* in the web console.
-+
-The following shows an example secret YAML file:
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: loki-s3
-  namespace: netobserv
-stringData:
-  access_key_id: QUtJQUlPU0ZPRE5ON0VYQU1QTEUK
-  access_key_secret: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo=
-  bucketnames: s3-bucket-name
-  endpoint: https://s3.eu-central-1.amazonaws.com
-  region: eu-central-1
-----
+.Verification
+. Verify that you installed the {loki-op}. Visit the *Operators* → *Installed Operators* page and look for *{loki-op}*.
+. Verify that *{loki-op}* is listed with *Status* as *Succeeded* in all the projects.
 
 [IMPORTANT]
 ====
-To uninstall Loki, refer to the uninstallation process that corresponds with the method you used to install Loki. You might have remaining `ClusterRoles` and `ClusterRoleBindings`, data stored in object store, and persistent volume that must be removed. 
-====
\ No newline at end of file
+To uninstall Loki, refer to the uninstallation process that corresponds with the method you used to install Loki. You might have remaining `ClusterRoles` and `ClusterRoleBindings`, data stored in object store, and persistent volume that must be removed.
+====
diff --git a/modules/network-observability-loki-secret.adoc b/modules/network-observability-loki-secret.adoc
new file mode 100644
index 000000000000..85841f22e0ea
--- /dev/null
+++ b/modules/network-observability-loki-secret.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+
+// * networking/network_observability/installing-operators.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-loki-secret_{context}"]
+= Creating a secret for Loki storage
+The {loki-op} supports a few log storage options, such as AWS S3, Google Cloud Storage, Azure, Swift, Minio, OpenShift Data Foundation. The following example shows how to create a secret for AWS S3 storage. The secret created in this example, `loki-s3`, is referenced in "Creating a LokiStack resource". You can create this secret in the web console or CLI.
+
+. Using the web console, navigate to the *Project* -> *All Projects* dropdown and select *Create Project*. Name the project `netobserv` and click *Create*.
+. Navigate to the Import icon, *+*, in the top right corner. Paste your YAML file into the editor.
++
+The following shows an example secret YAML file for S3 storage:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: loki-s3
+  namespace: netobserv   <1>
+stringData:
+  access_key_id: QUtJQUlPU0ZPRE5ON0VYQU1QTEUK
+  access_key_secret: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo=
+  bucketnames: s3-bucket-name
+  endpoint: https://s3.eu-central-1.amazonaws.com
+  region: eu-central-1
+----
+<1> The installation examples in this documentation use the same namespace, `netobserv`, across all components. You can optionally use a different namespace for the different components
+
+.Verification
+* Once you create the secret, you should see it listed under *Workloads* -> *Secrets* in the web console.
diff --git a/modules/network-observability-lokistack-create.adoc b/modules/network-observability-lokistack-create.adoc
index 0c54fdeb9829..8fab5ab2de44 100644
--- a/modules/network-observability-lokistack-create.adoc
+++ b/modules/network-observability-lokistack-create.adoc
@@ -2,63 +2,47 @@
 
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-lokistack-create_{context}"]
-= Create a LokiStack custom resource 
-It is recommended to deploy the LokiStack in the same namespace referenced by the FlowCollector specification, `spec.namespace`. You can use the web console or CLI to create a namespace, or new project. 
+= Creating a LokiStack custom resource
+
+You can deploy a LokiStack using the web console or CLI to create a namespace, or new project.
+
+include::snippets/logging-clusteradmin-access-logs-snip.adoc[]
+For more information about creating a `cluster-admin` group, see the "Additional resources" section.
 
 .Procedure
 
 . Navigate to *Operators* -> *Installed Operators*, viewing *All projects* from the *Project* dropdown.
-. Look for *Loki Operator*. In the details, under *Provided APIs*, select *LokiStack*.
-. Click *Create LokiStack*. 
+. Look for *{loki-op}*. In the details, under *Provided APIs*, select *LokiStack*.
+. Click *Create LokiStack*.
 . Ensure the following fields are specified in either *Form View* or *YAML view*:
 +
 [source,yaml]
 ----
-  apiVersion: loki.grafana.com/v1
-  kind: LokiStack
-  metadata:
-    name: loki
-    namespace: netobserv
-  spec:
-    size: 1x.small
-    storage:
-      schemas:
-      - version: v12
-        effectiveDate: '2022-06-01'
-      secret:
-        name: loki-s3
-        type: s3
-    storageClassName: gp3  <1>
-    tenants:
-      mode: openshift-network
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: loki
+  namespace: netobserv   <1>
+spec:
+  size: 1x.small
+  storage:
+    schemas:
+    - version: v12
+      effectiveDate: '2022-06-01'
+    secret:
+      name: loki-s3
+      type: s3
+  storageClassName: gp3  <2>
+  tenants:
+    mode: openshift-network
 ----
-<1> Use a storage class name that is available on the cluster for `ReadWriteOnce` access mode. You can use `oc get storageclasses` to see what is available on your cluster.
+<1> The installation examples in this documentation use the same namespace, `netobserv`, across all components. You can optionally use a different namespace.
+<2> Use a storage class name that is available on the cluster for `ReadWriteOnce` access mode. You can use `oc get storageclasses` to see what is available on your cluster.
 +
 [IMPORTANT]
 ====
-You must not reuse the same LokiStack that is used for cluster logging.
+You must not reuse the same `LokiStack` that is used for cluster logging.
 ====
-. Click *Create*. 
-
-[id="deployment-sizing_{context}"]
-== Deployment Sizing
-Sizing for Loki follows the format of `N<x>._<size>_` where the value `<N>` is the number of instances and `<size>` specifies performance capabilities.
-
-[NOTE]
-====
-1x.extra-small is for demo purposes only, and is not supported. 
-====
-
-.Loki Sizing
-[options="header"]
-|========================================================================================
-|                              | 1x.extra-small  | 1x.small            | 1x.medium
-| *Data transfer*              | Demo use only.  | 500GB/day           | 2TB/day
-| *Queries per second (QPS)*   | Demo use only.  | 25-50 QPS at 200ms  | 25-75 QPS at 200ms
-| *Replication factor*         | None            | 2                   | 3
-| *Total CPU requests*         | 5 vCPUs         | 36 vCPUs            | 54 vCPUs
-| *Total Memory requests*      | 7.5Gi           | 63Gi                | 139Gi
-| *Total Disk requests*        | 150Gi           | 300Gi               | 450Gi
-|========================================================================================
\ No newline at end of file
+. Click *Create*.
diff --git a/modules/network-observability-lokistack-ingestion-query.adoc b/modules/network-observability-lokistack-ingestion-query.adoc
index fadae2fef93f..d63dea3b7357 100644
--- a/modules/network-observability-lokistack-ingestion-query.adoc
+++ b/modules/network-observability-lokistack-ingestion-query.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 
 // * networking/network_observability/installing-operators.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-lokistack-configuring-ingestion{context}"]
 
 = LokiStack ingestion limits and health alerts
@@ -23,4 +23,4 @@ spec:
         maxEntriesLimitPerQuery: 10000
         maxQuerySeries: 3000
 ----
-For more information about these settings, see the link:https://loki-operator.dev/docs/api.md/#loki-grafana-com-v1-IngestionLimitSpec[LokiStack API reference]. 
\ No newline at end of file
+For more information about these settings, see the link:https://loki-operator.dev/docs/api.md/#loki-grafana-com-v1-IngestionLimitSpec[LokiStack API reference].
\ No newline at end of file
diff --git a/modules/network-observability-multitenancy.adoc b/modules/network-observability-multitenancy.adoc
index b5ca0e1445bb..2db482202e8c 100644
--- a/modules/network-observability-multitenancy.adoc
+++ b/modules/network-observability-multitenancy.adoc
@@ -2,24 +2,24 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-multi-tenancy{context}"]
-= Enable multi-tenancy in Network Observability
+= Enabling multi-tenancy in Network Observability
 Multi-tenancy in the Network Observability Operator allows and restricts individual user access, or group access, to the flows stored in Loki. Access is enabled for project admins. Project admins who have limited access to some namespaces can access flows for only those namespaces.
 
 .Prerequisite
-* You have installed link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7] 
+* You have installed link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[{loki-op} version 5.7]
 * The `FlowCollector` `spec.loki.authToken` configuration must be set to `FORWARD`.
 * You must be logged in as a project administrator
 
 .Procedure
 
-. Authorize reading permission to `user1` by running the following command: 
+. Authorize reading permission to `user1` by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc adm policy add-cluster-role-to-user netobserv-reader user1
 ----
 +
 Now, the data is restricted to only allowed user namespaces. For example, a user that has access to a single namespace can see all the flows internal to this namespace, as well as flows going from and to this namespace.
-Project admins have access to the Administrator perspective in the {product-title} console to access the Network Flows Traffic page.
\ No newline at end of file
+Project admins have access to the Administrator perspective in the {product-title} console to access the Network Flows Traffic page.
diff --git a/modules/network-observability-operator-install.adoc b/modules/network-observability-operator-install.adoc
index cd3b90d4954d..f1aefc4fc4cc 100644
--- a/modules/network-observability-operator-install.adoc
+++ b/modules/network-observability-operator-install.adoc
@@ -2,16 +2,23 @@
 
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-operator-installation_{context}"]
 = Installing the Network Observability Operator
 You can install the Network Observability Operator using the {product-title} web console Operator Hub. When you install the Operator,  it provides the `FlowCollector` custom resource definition (CRD). You can set specifications in the web console when you create the  `FlowCollector`.
 
+[IMPORTANT]
+====
+The actual memory consumption of the Operator depends on your cluster size and the number of resources deployed. Memory consumption might need to be adjusted accordingly. For more information refer to "Network Observability controller manager pod runs out of memory" in the "Important Flow Collector configuration considerations" section.
+====
+
 .Prerequisites
 
-* Installed Loki. It is recommended to install Loki using the link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7].
+* If you choose to use Loki, install the link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[{loki-op} version 5.7+].
+* You must have `cluster-admin` privileges.
 * One of the following supported architectures is required: `amd64`, `ppc64le`, `arm64`, or `s390x`.
-* Any CPU supported by Red Hat Enterprise Linux (RHEL) 9
+* Any CPU supported by Red Hat Enterprise Linux (RHEL) 9.
+* Must be configured with OVN-Kubernetes or OpenShift SDN as the main network plugin, and optionally using secondary interfaces, such as Multus and SR-IOV.
 
 [NOTE]
 ====
@@ -24,25 +31,19 @@ This documentation assumes that your `LokiStack` instance name is `loki`. Using
 . Choose  *Network Observability Operator* from the list of available Operators in the *OperatorHub*, and click *Install*.
 . Select the checkbox `Enable Operator recommended cluster monitoring on this Namespace`.
 . Navigate to *Operators* -> *Installed Operators*. Under Provided APIs for Network Observability, select the *Flow Collector* link.
-.. Navigate to the *Flow Collector* tab, and click *Create FlowCollector*. Make the following selections in the form view:
+. Navigate to the *Flow Collector* tab, and click *Create FlowCollector*. Make the following selections in the form view:
+.. *spec.agent.ebpf.Sampling*: Specify a sampling size for flows. Lower sampling sizes will have higher impact on resource utilization. For more information, see the "FlowCollector API reference", `spec.agent.ebpf`.
+.. If you are using Loki, set the following specifications:
+... *spec.loki.enable*: Select the check box to enable storing flows in Loki.
+... *spec.loki.url*: Since authentication is specified separately, this URL needs to be updated to `https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network`. The first part of the URL, "loki", must match the name of your `LokiStack`.
+... *spec.loki.authToken*: Select the `FORWARD` value.
+... *spec.loki.statusUrl*: Set this to `https://loki-query-frontend-http.netobserv.svc:3100/`. The first part of the URL, "loki", must match the name of your `LokiStack`.
+... *spec.loki.tls.enable*: Select the checkbox to enable TLS.
+... *spec.loki.statusTls*: The `enable` value is false by default.
 +
-* *spec.agent.ebpf.Sampling* : Specify a sampling size for flows. Lower sampling sizes will have higher impact on resource utilization. For more information, see the `FlowCollector` API reference, under spec.agent.ebpf.
-* *spec.deploymentModel*: If you are using Kafka, verify Kafka is selected.
-* *spec.exporters*: If you are using Kafka, you can optionally send network flows to Kafka, so that they can be consumed by any processor or storage that supports Kafka input, such as Splunk, Elasticsearch, or Fluentd. To do this, set the following specifications:
-** Set the *type* to `KAFKA`.
-** Set the *address* as `kafka-cluster-kafka-bootstrap.netobserv`.
-** Set the *topic* as `netobserv-flows-export`. The Operator exports all flows to the configured Kafka topic.
-** Set the following *tls* specifications:
-*** *certFile*: `service-ca.crt`, *name*: `kafka-gateway-ca-bundle`, and *type*: `configmap`.
-+
-You can also configure this option at a later time by directly editing the YAML. For more information, see _Export enriched network flow data_.
-* *loki.url*: Since authentication is specified separately, this URL needs to be updated to `https://loki-gateway-http.netobserv.svc:8080/api/logs/v1/network`. The first part of the URL, "loki", should match the name of your LokiStack.
-* *loki.statusUrl*: Set this to `https://loki-query-frontend-http.netobserv.svc:3100/`. The first part of the URL, "loki", should match the name of your LokiStack.
-* *loki.authToken*: Select the `FORWARD` value.
-* *tls.enable*: Verify that the box is checked so it is enabled.
-* *statusTls*: The `enable` value is false by default.
-+
-For the first part of the certificate reference names: `loki-gateway-ca-bundle`, `loki-ca-bundle`, and `loki-query-frontend-http`,`loki`, should match the name of your `LokiStack`.
+For the first part of the certificate reference names: `loki-gateway-ca-bundle`, `loki-ca-bundle`, and `loki-query-frontend-http`,`loki`, must match the name of your `LokiStack`.
+.. Optional: If you are in a large-scale environment, consider configuring the `FlowCollector` with Kafka for forwarding data in a more resilient, scalable way. See "Configuring the Flow Collector resource with Kafka storage" in the "Important Flow Collector configuration considerations" section.
+.. Optional: Configure other optional settings before the next step of creating the `FlowCollector`. For example, if you choose not to use Loki, then you can configure exporting flows to Kafka or IPFIX. See "Export enriched network flow data to Kafka and IPFIX" and more in the "Important Flow Collector configuration considerations" section.
 .. Click *Create*.
 
 .Verification
@@ -53,6 +54,5 @@ In the absence of *Application Traffic* within the {product-title} cluster, defa
 
 [IMPORTANT]
 ====
-If you installed Loki using the Loki Operator, it is advised not to use `querierUrl`, as it can break the console access to Loki. If you installed Loki using another type of Loki installation, this does not apply.
+If you installed Loki using the {loki-op}, it is advised not to use `querierUrl`, as it can break the console access to Loki. If you installed Loki using another type of Loki installation, this does not apply.
 ====
-
diff --git a/modules/network-observability-operator-uninstall.adoc b/modules/network-observability-operator-uninstall.adoc
index 03fcd54f59a3..bf02ca9fc84a 100644
--- a/modules/network-observability-operator-uninstall.adoc
+++ b/modules/network-observability-operator-uninstall.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-operator-uninstall_{context}"]
 = Uninstalling the Network Observability Operator
 
@@ -25,5 +25,5 @@ You can uninstall the Network Observability Operator using the {product-title} w
 +
 [IMPORTANT]
 ====
-The Loki Operator and Kafka remain if they were installed and must be removed separately. Additionally, you might have remaining data stored in an object store, and a persistent volume that must be removed.
+The {loki-op} and Kafka remain if they were installed and must be removed separately. Additionally, you might have remaining data stored in an object store, and a persistent volume that must be removed.
 ====
diff --git a/modules/network-observability-overview.adoc b/modules/network-observability-overview.adoc
index 7a0df2056ae7..4391e808a671 100644
--- a/modules/network-observability-overview.adoc
+++ b/modules/network-observability-overview.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-overview_{context}"]
 = Observing the network traffic from the Overview view
 The *Overview* view displays the overall aggregated metrics of the network traffic flow on the cluster. As an administrator, you can monitor the statistics with the available display options.
\ No newline at end of file
diff --git a/modules/network-observability-packet-drops.adoc b/modules/network-observability-packet-drops.adoc
new file mode 100644
index 000000000000..39db08507e83
--- /dev/null
+++ b/modules/network-observability-packet-drops.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-packet-drops_{context}"]
+= Working with packet drops
+Packet loss occurs when one or more packets of network flow data fail to reach their destination. You can track these drops by editing the `FlowCollector` to the specifications in the following YAML example.
+
+[IMPORTANT]
+====
+CPU and memory usage increases when this feature is enabled.
+====
+
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster*, and then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource for packet drops, for example:
++
+[id="network-observability-flowcollector-configuring-pkt-drop_{context}"]
+.Example `FlowCollector` configuration
+[source, yaml]
+----
+apiVersion: flows.netobserv.io/v1alpha1
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+  namespace: netobserv
+  deploymentModel: DIRECT
+  agent:
+    type: EBPF
+    ebpf:
+      features:
+       - PacketDrop            <1>
+      privileged: true         <2>
+----
+<1> You can start reporting the packet drops of each network flow by listing the `PacketDrop` parameter in the `spec.agent.ebpf.features` specification list.
+<2> The `spec.agent.ebpf.privileged` specification value must be `true` for packet drop tracking.
+
+.Verification
+* When you refresh the *Network Traffic* page, the *Overview*, *Traffic Flow*, and *Topology* views display new information about packet drops:
+.. Select new choices in *Manage panels* to choose which graphical visualizations of packet drops to display in the *Overview*.
+.. Select new choices in *Manage columns* to choose which packet drop information to display in the *Traffic flows* table.
+... In the *Traffic Flows* view, you can also expand the side panel to view more information about packet drops. Host drops are prefixed with `SKB_DROP` and OVS drops are prefixed with `OVS_DROP`.
+.. In the *Topology* view, red lines are displayed where drops are present.
\ No newline at end of file
diff --git a/modules/network-observability-pktdrop-overview.adoc b/modules/network-observability-pktdrop-overview.adoc
new file mode 100644
index 000000000000..3fab301e9a8a
--- /dev/null
+++ b/modules/network-observability-pktdrop-overview.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-pktdrop-overview_{context}"]
+= Packet drop tracking
+You can configure graphical representation of network flow records with packet loss in the *Overview* view. By employing eBPF tracepoint hooks, you can gain valuable insights into packet drops for TCP, UDP, SCTP, ICMPv4, and ICMPv6 protocols, which can result in the following actions:
+
+* Identification: Pinpoint the exact locations and network paths where packet drops are occurring. Determine whether specific devices, interfaces, or routes are more prone to drops.
+
+* Root cause analysis: Examine the data collected by the eBPF program to understand the causes of packet drops. For example, are they a result of congestion, buffer issues, or specific network events?
+
+* Performance optimization: With a clearer picture of packet drops, you can take steps to optimize network performance, such as adjust buffer sizes, reconfigure routing paths, or implement Quality of Service (QoS) measures.
+
+When packet drop tracking is enabled, you can see the following metrics represented in a chart in the *Overview*.
+
+* Top X flow dropped rates stacked
+* Total dropped rate
+* Top X dropped state
+* Top X dropped cause
+* Top X flow dropped rates stacked with total
+
+Two kinds of packet drops are detected by Network Observability: host drops and OVS drops. Host drops are prefixed with `SKB_DROP` and OVS drops are prefixed with `OVS_DROP`. Dropped flows are shown in the side panel of the *Traffic flows* table along with a link to a description of each drop type. Examples of host drop reasons are as follows:
+
+* `SKB_DROP_REASON_NO_SOCKET`: the packet dropped due to a missing socket.
+* `SKB_DROP_REASON_TCP_CSUM`: the packet dropped due to a TCP checksum error.
+
+Examples of OVS drops reasons are as follows:
+
+* `OVS_DROP_LAST_ACTION`: OVS packets dropped due to an implicit drop action, for example due to a configured network policy.
+* `OVS_DROP_IP_TTL`: OVS packets dropped due to an expired IP TTL.
+
+See the _Additional Resources_ of this section for more information about enabling and working with packet drop tracking.
\ No newline at end of file
diff --git a/modules/network-observability-quickfilter.adoc b/modules/network-observability-quickfilter.adoc
index 54510a71492a..8bb28fbdbdfb 100644
--- a/modules/network-observability-quickfilter.adoc
+++ b/modules/network-observability-quickfilter.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="network-observability-quickfilter{context}"]
 = Filtering the network traffic
 By default, the Network Traffic page displays the traffic flow data in the cluster based on the default filters configured in the `FlowCollector` instance. You can use the filter options to observe the required data by changing the preset filter.
@@ -10,20 +10,28 @@ By default, the Network Traffic page displays the traffic flow data in the clust
 Query Options::
 You can use *Query Options* to optimize the search results, as listed below:
 
-** *Log Type*: The available options *Conversation* and *Flows* provide the ability to query flows by log type, such as flow log, new conversation, completed conversation, and a heartbeat, which is a periodic record with updates for long conversations. A conversation is an aggregation of flows between the same peers.  
-** *Reporter Node*: Every flow can be reported from both source and destination nodes. For cluster ingress, the flow is reported from the destination node and for cluster egress, the flow is reported from the source node. You can select either *Source* or *Destination*. The option *Both* is disabled for the *Overview* and *Topology* view. The default selected value is *Destination*.
+** *Log Type*: The available options *Conversation* and *Flows* provide the ability to query flows by log type, such as flow log, new conversation, completed conversation, and a heartbeat, which is a periodic record with updates for long conversations. A conversation is an aggregation of flows between the same peers.
+** *Duplicated flows*: A flow might be reported from several interfaces, and from both source and destination nodes, making it appear in the data several times. By selecting this query option, you can choose to show duplicated flows. Duplicated flows have the same sources and destinations, including ports, and also have the same protocols, with the exception of `Interface` and `Direction` fields. Duplicates are hidden by default. Use the *Direction* filter in the *Common* section of the dropdown list to switch between ingress and egress traffic.
 ** *Match filters*: You can determine the relation between different filter parameters selected in the advanced filter. The available options are *Match all* and *Match any*. *Match all*  provides results that match all the values, and *Match any* provides results that match any of the values entered. The default value is *Match all*.
+** *Drops filter*: You can view different levels of dropped packets with the following query options:
+*** *Fully dropped* shows flow records with fully dropped packets.
+*** *Containing drops* shows flow records that contain drops but can be sent.
+*** *Without drops* shows records that contain sent packets.
+*** *All* shows all the aforementioned records.
+
 ** *Limit*: The data limit for internal backend queries. Depending upon the matching and the filter settings, the number of traffic flow data is displayed within the specified limit.
 
 Quick filters::
-The default values in *Quick filters* drop-down menu are defined in the `FlowCollector` configuration. You can modify the options from console. 
+The default values in *Quick filters* drop-down menu are defined in the `FlowCollector` configuration. You can modify the options from console.
 
 Advanced filters::
-You can set the advanced filters by providing the parameter to be filtered and its corresponding text value. The section *Common* in the parameter drop-down list filters the results that match either *Source* or *Destination*. To enable or disable the applied filter, you can click on the applied filter listed below the filter options.
+You can set the advanced filters, *Common*, *Source*, or *Destination*, by selecting the parameter to be filtered from the dropdown list. The flow data is filtered based on the selection. To enable or disable the applied filter, you can click on the applied filter listed below the filter options.
+
+You can toggle between image:arrow-up-long-solid.png[,10] *One way* and image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back and forth* filtering. The image:arrow-up-long-solid.png[,10] *One way* filter shows only *Source* and *Destination* traffic according to your filter selections. You can use *Swap* to change the directional view of the *Source* and *Destination* traffic. The image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back and forth* filter includes return traffic with the *Source* and *Destination* filters. The directional flow of network traffic is shown in the *Direction* column in the Traffic flows table as `Ingress`or `Egress` for inter-node traffic and `Inner`for traffic inside a single node.
+
+You can click *Reset defaults* to remove the existing filters, and apply the filter defined in `FlowCollector` configuration.
 
 [NOTE]
 ====
 To understand the rules of specifying the text value, click *Learn More*.
 ====
-
-You can click *Reset default filter* to remove the existing filters, and apply the filter defined in `FlowCollector` configuration.
\ No newline at end of file
diff --git a/modules/network-observability-rate-limit-alert.adoc b/modules/network-observability-rate-limit-alert.adoc
new file mode 100644
index 000000000000..c0e7725e9809
--- /dev/null
+++ b/modules/network-observability-rate-limit-alert.adoc
@@ -0,0 +1,30 @@
+//
+// network_observability/configuring-operator.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-netobserv-dashboard-rate-limit-alerts_{context}"]
+= Creating Loki rate limit alerts for the NetObserv dashboard
+You can create custom rules for the *Netobserv* dashboard metrics to trigger alerts when Loki rate limits have been reached.
+
+An example of an alerting rule configuration YAML file is as follows:
+[source,yaml]
+----
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: loki-alerts
+  namespace: openshift-operators-redhat
+spec:
+  groups:
+  - name: LokiRateLimitAlerts
+    rules:
+    - alert: LokiTenantRateLimit
+      annotations:
+        message: |-
+          {{ $labels.job }} {{ $labels.route }} is experiencing 429 errors.
+        summary: "At any number of requests are responded with the rate limit error code."
+      expr: sum(irate(loki_request_duration_seconds_count{status_code="429"}[1m])) by (job, namespace, route) / sum(irate(loki_request_duration_seconds_count[1m])) by (job, namespace, route) * 100 > 0
+      for: 10s
+      labels:
+        severity: warning
+----
\ No newline at end of file
diff --git a/modules/network-observability-resource-recommendations.adoc b/modules/network-observability-resource-recommendations.adoc
new file mode 100644
index 000000000000..e95ed3a4c9a2
--- /dev/null
+++ b/modules/network-observability-resource-recommendations.adoc
@@ -0,0 +1,20 @@
+//module included in the following assemblies:
+// * network_observability/configuring_operator.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="network-observability-resource-recommendations_{context}"]
+= Resource management and performance considerations
+
+The amount of resources required by Network Observability depends on the size of your cluster and your requirements for the cluster to ingest and store observability data. To manage resources and set performance criteria for your cluster, consider configuring the following settings. Configuring these settings might meet your optimal setup and observability needs.
+
+The following settings can help you manage resources and performance from the outset:
+
+eBPF Sampling:: You can set the Sampling specification, `spec.agent.ebpf.sampling`, to manage resources. Smaller sampling values might consume a large amount of computational, memory and storage resources. You can mitigate this by specifying a sampling ratio value. A value of `100` means 1 flow every 100 is sampled. A value of `0` or `1` means all flows are captured. Smaller values result in an increase in returned flows and the accuracy of derived metrics. By default, eBPF sampling is set to a value of 50, so 1 flow every 50 is sampled. Note that more sampled flows also means more storage needed. Consider starting with the default values and refine empirically, in order to determine which setting your cluster can manage.
+
+Restricting or excluding interfaces::  Reduce the overall observed traffic by setting the values for `spec.agent.ebpf.interfaces` and `spec.agent.ebpf.excludeInterfaces`. By default, the agent fetches all the interfaces in the system, except the ones listed in `excludeInterfaces` and `lo` (local interface). Note that the interface names might vary according to the Container Network Interface (CNI) used.
+
+The following settings can be used to fine-tune performance after the Network Observability has been running for a while:
+
+Resource requirements and limits:: Adapt the resource requirements and limits to the load and memory usage you expect on your cluster by using the `spec.agent.ebpf.resources` and `spec.processor.resources` specifications. The default limits of 800MB might be sufficient for most medium-sized clusters.
+
+Cache max flows timeout:: Control how often flows are reported by the agents by using the eBPF agent's `spec.agent.ebpf.cacheMaxFlows` and `spec.agent.ebpf.cacheActiveTimeout` specifications. A larger value results in less traffic being generated by the agents, which correlates with a lower CPU load. However, a larger value leads to a slightly higher memory consumption, and might generate more latency in the flow collection.
\ No newline at end of file
diff --git a/modules/network-observability-resources-table.adoc b/modules/network-observability-resources-table.adoc
new file mode 100644
index 000000000000..6667c08cffe7
--- /dev/null
+++ b/modules/network-observability-resources-table.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+// * network_observability/configuring_operator.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="network-observability-resources-table_{context}"]
+= Resource considerations
+The following table outlines examples of resource considerations for clusters with certain workload sizes.
+
+[IMPORTANT]
+====
+The examples outlined in the table demonstrate scenarios that are tailored to specific workloads. Consider each example only as a baseline from which adjustments can be made to accommodate your workload needs.
+====
+
+.Resource recommendations
+[options="header"]
+|===
+|                                     | Extra small (10 nodes) | Small (25 nodes)  | Medium (65 nodes) ^[2]^ | Large (120 nodes) ^[2]^
+| *Worker Node vCPU and memory*       | 4 vCPUs\| 16GiB mem ^[1]^ | 16 vCPUs\| 64GiB mem ^[1]^ | 16 vCPUs\| 64GiB mem  ^[1]^  |16 vCPUs\| 64GiB Mem ^[1]^
+| *LokiStack size*                    | `1x.extra-small`         | `1x.small`          | `1x.small`           | `1x.medium`
+| *Network Observability controller memory limit* | 400Mi (default)        | 400Mi (default)   | 400Mi (default)    | 800Mi
+| *eBPF sampling rate*                | 50 (default)           | 50 (default)      | 50 (default)       | 50 (default)
+| *eBPF memory limit*                 | 800Mi (default)        | 800Mi (default)   | 2000Mi             | 800Mi (default)
+| *FLP memory limit*                     | 800Mi (default)        | 800Mi (default)   | 800Mi (default)    | 800Mi (default)
+| *FLP Kafka partitions*              | N/A                    | 48                | 48                 | 48
+| *Kafka consumer replicas*           | N/A                    | 24                | 24                 | 24
+| *Kafka brokers*                     | N/A                    | 3 (default)       | 3 (default)        | 3 (default)
+|===
+[.small]
+--
+1. Tested with AWS M6i instances.
+2. In addition to this worker and its controller, 3 infra nodes (size `M6i.12xlarge`) and 1 workload node (size `M6i.8xlarge`) were tested.
+--
\ No newline at end of file
diff --git a/modules/network-observability-roles-create.adoc b/modules/network-observability-roles-create.adoc
index 3cd41e348a0e..79c67982ff61 100644
--- a/modules/network-observability-roles-create.adoc
+++ b/modules/network-observability-roles-create.adoc
@@ -2,15 +2,15 @@
 
 // * networking/network_observability/installing-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-roles-create_{context}"]
 = Create roles for authentication and authorization
 Specify authentication and authorization configurations by defining `ClusterRole` and `ClusterRoleBinding`. You can create a YAML file to define these roles.
 
 .Procedure
 
-. Using the web console, click the Import icon, *+*. 
-. Drop your YAML file into the editor and click *Create*: 
+. Using the web console, click the Import icon, *+*.
+. Drop your YAML file into the editor and click *Create*:
 +
 [source, yaml]
 ----
diff --git a/modules/network-observability-sample-network-policy-YAML.adoc b/modules/network-observability-sample-network-policy-YAML.adoc
new file mode 100644
index 000000000000..b030a85c6621
--- /dev/null
+++ b/modules/network-observability-sample-network-policy-YAML.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+
+// * networking/network_observability/network-observability-network-policy.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="network-observability-sample-network-policy_{context}"]
+= Example network policy
+The following annotates an example `NetworkPolicy` object for the `netobserv` namespace:
+
+[id="network-observability-network-policy-sample_{context}"]
+.Sample network policy
+[source, yaml]
+----
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-ingress
+  namespace: netobserv
+spec:
+  podSelector: {}            <1>
+  ingress:
+    - from:
+        - podSelector: {}    <2>
+          namespaceSelector: <3>
+            matchLabels:
+              kubernetes.io/metadata.name: openshift-console
+        - podSelector: {}
+          namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: openshift-monitoring
+  policyTypes:
+    - Ingress
+status: {}
+----
+<1> A selector that describes the pods to which the policy applies. The policy object can only select pods in the project that defines the `NetworkPolicy` object. In this documentation, it would be the project in which the Network Observability Operator is installed, which is the `netobserv` project.
+<2> A selector that matches the pods from which the policy object allows ingress traffic. The default is that the selector matches pods in the same namespace as the `NetworkPolicy`.
+<3> When the `namespaceSelector` is specified, the selector matches pods in the specified namespace.
\ No newline at end of file
diff --git a/modules/network-observability-topology.adoc b/modules/network-observability-topology.adoc
index c8d2268f1335..04bb2023355f 100644
--- a/modules/network-observability-topology.adoc
+++ b/modules/network-observability-topology.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-topology_{context}"]
 = Observing the network traffic from the Topology view
 The *Topology* view provides a graphical representation of the network flows and the amount of traffic. As an administrator, you can monitor the traffic data across the application by using the *Topology* view.
\ No newline at end of file
diff --git a/modules/network-observability-trafficflow.adoc b/modules/network-observability-trafficflow.adoc
index 25258977955e..dfe7f4937321 100644
--- a/modules/network-observability-trafficflow.adoc
+++ b/modules/network-observability-trafficflow.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="network-observability-trafficflow_{context}"]
 = Observing the network traffic from the Traffic flows view
 The *Traffic flows* view displays the data of the network flows and the amount of traffic in a table. As an administrator, you can monitor the amount of traffic across the application by using the traffic flow table.
\ No newline at end of file
diff --git a/modules/network-observability-viewing-alerts.adoc b/modules/network-observability-viewing-alerts.adoc
index f238f78928bb..1e1ab8051448 100644
--- a/modules/network-observability-viewing-alerts.adoc
+++ b/modules/network-observability-viewing-alerts.adoc
@@ -2,14 +2,16 @@
 //
 // * network_observability/network-observability-operator-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-alert-dashboard_{context}"]
 = Viewing health information
 
-You can access metrics about health and resource useage of the Network Observability Operator from the *Dashboards* page in the web console. A health alert banner that directs you to the dashboard can appear on the *Network Traffic* and *Home* pages in the event that an alert is triggered. Alerts are generated in the following cases:
+You can access metrics about health and resource usage of the Network Observability Operator from the *Dashboards* page in the web console. A health alert banner that directs you to the dashboard can appear on the *Network Traffic* and *Home* pages in the event that an alert is triggered. Alerts are generated in the following cases:
 
-* The *NetObservLokiError* alert occurs if the `flowlogs-pipeline` workload is dropping flows because of Loki errors, such as if the Loki ingestion rate limit has been reached.
-* The *NetObservNoFlows* alert occurs if no flows are ingested for a certain amount of time..Prerequisites
+* The `NetObservLokiError` alert occurs if the `flowlogs-pipeline` workload is dropping flows because of Loki errors, such as if the Loki ingestion rate limit has been reached.
+* The `NetObservNoFlows` alert occurs if no flows are ingested for a certain amount of time.
+
+.Prerequisites
 
 * You have the Network Observability Operator installed.
 * You have access to the cluster as a user with the `cluster-admin` role or with view permissions for all projects.
@@ -17,5 +19,5 @@ You can access metrics about health and resource useage of the Network Observabi
 .Procedure
 
 . From the *Administrator* perspective in the web console, navigate to *Observe* → *Dashboards*.
-. From the *Dashboards* dropdown, select *Netobserv/Health*. 
-Metrics about the health of the Operator are displayed on the page. 
\ No newline at end of file
+. From the *Dashboards* dropdown, select *Netobserv/Health*.
+Metrics about the health of the Operator are displayed on the page.
\ No newline at end of file
diff --git a/modules/network-observability-without-loki.adoc b/modules/network-observability-without-loki.adoc
new file mode 100644
index 000000000000..9883f4d4f093
--- /dev/null
+++ b/modules/network-observability-without-loki.adoc
@@ -0,0 +1,19 @@
+// module included in the following assemblies:
+// networking/network_observability/installing-operators.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="network-observability-without-loki_{context}"]
+= Network Observability without Loki
+You can use Network Observability without Loki by not performing the Loki installation steps and skipping directly to "Installing the Network Observability Operator". If you only want to export flows to a Kafka consumer or IPFIX collector, or you only need dashboard metrics, then you do not need to install Loki or provide storage for Loki.  Without Loki, there won't be a Network Traffic panel under Observe, which means there is no overview charts, flow table, or topology. The following table compares available features with and without Loki:
+
+.Comparison of feature availability with and without Loki
+[options="header"]
+|===
+|                                     | *With Loki* | *Without Loki*
+| *Exporters*                         | image:check-solid.png[,10]  | image:check-solid.png[,10]
+| *Flow-based metrics and dashboards*             | image:check-solid.png[,10] | image:check-solid.png[,10]
+| *Traffic Flow Overview, Table and Topology views* | image:check-solid.png[,10] | image:x-solid.png[,10]
+| *Quick Filters*                     | image:check-solid.png[,10] | image:x-solid.png[,10]
+| *{product-title} console Network Traffic tab integration* | image:check-solid.png[,10] | image:x-solid.png[,10]
+|===
+
diff --git a/modules/network-observability-working-with-conversations.adoc b/modules/network-observability-working-with-conversations.adoc
index 41e5411d5113..bad355acdfc1 100644
--- a/modules/network-observability-working-with-conversations.adoc
+++ b/modules/network-observability-working-with-conversations.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-working-with-conversations_{context}"]
 = Working with conversation tracking
 As an administrator, you can you can group network flows that are part of the same conversation. A conversation is defined as a grouping of peers that are identified by their IP addresses, ports, and protocols, resulting in an unique *Conversation Id*. You can query conversation events in the web console. These events are represented in the web console as follows:
@@ -15,7 +15,7 @@ As an administrator, you can you can group network flows that are part of the sa
 
 .Procedure
 . In the web console, navigate to *Operators* -> *Installed Operators*.
-. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*. 
+. Under the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
 . Select *cluster* then select the *YAML* tab.
 . Configure the `FlowCollector` custom resource so that `spec.processor.logTypes`, `conversationEndTimeout`, and `conversationHeartbeatInterval` parameters are set according to your observation needs. A sample configuration is as follows:
 +
@@ -39,7 +39,7 @@ spec:
 +
 [NOTE]
 ====
-If you update the `logType` option, the flows from the previous selection do not clear from the console plugin. For example, if you initially set `logType` to `CONVERSATIONS` for a span of time until 10 AM and then move to `ENDED_CONVERSATIONS`, the console plugin shows all conversation events before 10 AM and only ended conversations after 10 AM. 
+If you update the `logType` option, the flows from the previous selection do not clear from the console plugin. For example, if you initially set `logType` to `CONVERSATIONS` for a span of time until 10 AM and then move to `ENDED_CONVERSATIONS`, the console plugin shows all conversation events before 10 AM and only ended conversations after 10 AM.
 ====
 . Refresh the *Network Traffic* page on the *Traffic flows* tab. Notice there are two new columns, *Event/Type* and *Conversation Id*. All the *Event/Type* fields are `Flow` when *Flow* is the selected query option.
 . Select *Query Options* and choose the *Log Type*, *Conversation*. Now the *Event/Type* shows all of the desired conversation events.
diff --git a/modules/network-observability-working-with-overview.adoc b/modules/network-observability-working-with-overview.adoc
index 7c2ebd78b5b9..24e80a287979 100644
--- a/modules/network-observability-working-with-overview.adoc
+++ b/modules/network-observability-working-with-overview.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-working-with-overview_{context}"]
 = Working with the Overview view
 As an administrator, you can navigate to the *Overview* view to see the graphical representation of the flow rate statistics.
diff --git a/modules/network-observability-working-with-topology.adoc b/modules/network-observability-working-with-topology.adoc
index 3bd72ebd242b..b4f4f758b4b0 100644
--- a/modules/network-observability-working-with-topology.adoc
+++ b/modules/network-observability-working-with-topology.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-working-with-topology_{context}"]
 = Working with the Topology view
 As an administrator, you can navigate to the *Topology* view to see the details and metrics of the component.
diff --git a/modules/network-observability-working-with-trafficflow.adoc b/modules/network-observability-working-with-trafficflow.adoc
index bb9ca4b5082e..e31911dd46ed 100644
--- a/modules/network-observability-working-with-trafficflow.adoc
+++ b/modules/network-observability-working-with-trafficflow.adoc
@@ -2,7 +2,7 @@
 //
 // network_observability/observing-network-traffic.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-working-with-trafficflow_{context}"]
 = Working with the Traffic flows view
 As an administrator, you can navigate to *Traffic flows* table to see network flow information.
diff --git a/modules/networking-osp-enabling-metadata.adoc b/modules/networking-osp-enabling-metadata.adoc
index 418982cdd2a5..054228b149cf 100644
--- a/modules/networking-osp-enabling-metadata.adoc
+++ b/modules/networking-osp-enabling-metadata.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="networking-osp-enabling-metadata_{context}"]
 = Enabling the {rh-openstack} metadata service as a mountable drive
 
diff --git a/modules/networking-osp-enabling-vfio-noiommu.adoc b/modules/networking-osp-enabling-vfio-noiommu.adoc
index 0e6058fcdf30..0b2cfbdde14e 100644
--- a/modules/networking-osp-enabling-vfio-noiommu.adoc
+++ b/modules/networking-osp-enabling-vfio-noiommu.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_openstack/installing-openstack-user.adoc
-// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="networking-osp-enabling-vfio-noiommu_{context}"]
 = Enabling the No-IOMMU feature for the {rh-openstack} VFIO driver
 
diff --git a/modules/nfd-rules-about.adoc b/modules/nfd-rules-about.adoc
new file mode 100644
index 000000000000..eed3021a6618
--- /dev/null
+++ b/modules/nfd-rules-about.adoc
@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/psap-node-feature-discovery-operator.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nfd-rules-about_{context}"]
+= About the NodeFeatureRule custom resource
+
+`NodeFeatureRule` objects are a `NodeFeatureDiscovery` custom resource designed for rule-based custom labeling of nodes. Some use cases include application-specific labeling or distribution by hardware vendors to create specific labels for their devices.
+
+`NodeFeatureRule` objects provide a method to create vendor- or application-specific labels and taints. It uses a flexible rule-based mechanism for creating labels and optionally taints based on node features.
\ No newline at end of file
diff --git a/modules/nfd-rules-using.adoc b/modules/nfd-rules-using.adoc
new file mode 100644
index 000000000000..f50bf11628db
--- /dev/null
+++ b/modules/nfd-rules-using.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * hardware_enablement/psap-node-feature-discovery-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nfd-rules-using_{context}"]
+= Using the NodeFeatureRule custom resource
+
+Create a `NodeFeatureRule` object to label nodes if a set of rules match the conditions.
+
+.Procedure
+
+. Create a custom resource file named `nodefeaturerule.yaml` that contains the following text:
++
+[source,yaml]
+----
+apiVersion: nfd.openshift.io/v1
+kind: NodeFeatureRule
+metadata:
+  name: example-rule
+spec:
+  rules:
+    - name: "example rule"
+      labels:
+        "example-custom-feature": "true"
+      # Label is created if all of the rules below match
+      matchFeatures:
+        # Match if "veth" kernel module is loaded
+        - feature: kernel.loadedmodule
+          matchExpressions:
+            veth: {op: Exists}
+        # Match if any PCI device with vendor 8086 exists in the system
+        - feature: pci.device
+          matchExpressions:
+            vendor: {op: In, value: ["8086"]}
+----
++
+This custom resource specifies that labelling occurs when the `veth` module is loaded and any PCI device with vendor code `8086` exists in the cluster.
+
+. Apply the `nodefeaturerule.yaml` file to your cluster by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/v0.13.6/examples/nodefeaturerule.yaml
+----
+The example applies the feature label on nodes with the `veth` module loaded and any PCI device with vendor code `8086` exists.
++
+[NOTE]
+====
+A relabeling delay of up to 1 minute might occur.
+====
\ No newline at end of file
diff --git a/modules/node-observability-create-custom-resource.adoc b/modules/node-observability-create-custom-resource.adoc
index 2309ea140fe6..1f4e81587d4a 100644
--- a/modules/node-observability-create-custom-resource.adoc
+++ b/modules/node-observability-create-custom-resource.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/understanding-node-observability-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-node-observability-custom-resource_{context}"]
 = Creating the Node Observability custom resource
 
diff --git a/modules/node-observability-high-level-workflow.adoc b/modules/node-observability-high-level-workflow.adoc
index 2a4c68aa2d8e..9821ebfc296b 100644
--- a/modules/node-observability-high-level-workflow.adoc
+++ b/modules/node-observability-high-level-workflow.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/understanding-node-observability-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="workflow-node-observability-operator_{context}"]
 = Workflow of the Node Observability Operator
 
diff --git a/modules/node-observability-install-cli.adoc b/modules/node-observability-install-cli.adoc
index 14d4bcbb99b1..e937544f218e 100644
--- a/modules/node-observability-install-cli.adoc
+++ b/modules/node-observability-install-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/understanding-node-observability-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-node-observability-using-cli_{context}"]
 = Installing the Node Observability Operator using the CLI
 
diff --git a/modules/node-observability-install-web-console.adoc b/modules/node-observability-install-web-console.adoc
index 40fd247c25bb..147740c9ed46 100644
--- a/modules/node-observability-install-web-console.adoc
+++ b/modules/node-observability-install-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/understanding-node-observability-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-node-observability-using-web-console_{context}"]
 = Installing the Node Observability Operator using the web console
 
diff --git a/modules/node-observability-installation.adoc b/modules/node-observability-installation.adoc
index 245faa8664a4..c9f0c813ad13 100644
--- a/modules/node-observability-installation.adoc
+++ b/modules/node-observability-installation.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/understanding-node-observability-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="install-node-observability-operator_{context}"]
 = Installing the Node Observability Operator
 The Node Observability Operator is not installed in {product-title} by default. You can install the Node Observability Operator by using the {product-title} CLI or the web console.
diff --git a/modules/node-observability-run-profiling-query.adoc b/modules/node-observability-run-profiling-query.adoc
index eaf91c4cf275..f0760c4ee6fa 100644
--- a/modules/node-observability-run-profiling-query.adoc
+++ b/modules/node-observability-run-profiling-query.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/understanding-node-observability-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-profiling-query_{context}"]
 = Running the profiling query
 
diff --git a/modules/node-observability-scripting-cr.adoc b/modules/node-observability-scripting-cr.adoc
new file mode 100644
index 000000000000..55b7ee154c28
--- /dev/null
+++ b/modules/node-observability-scripting-cr.adoc
@@ -0,0 +1,86 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/node-observability-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="node-observability-scripting-cr_{context}"]
+= Creating the Node Observability custom resource for scripting
+
+You must create and run the `NodeObservability` custom resource (CR) before you run the scripting. When you run the `NodeObservability` CR, it enables the agent in scripting mode on the compute nodes matching the `nodeSelector` label. 
+
+.Prerequisites
+* You have installed the Node Observability Operator.
+* You have installed the {oc-first}.
+* You have access to the cluster with `cluster-admin` privileges.
+
+.Procedure
+
+. Log in to the {product-title} cluster by running the following command:
++
+[source,terminal]
+----
+$ oc login -u kubeadmin https://<host_name>:6443
+----
+
+. Switch to the `node-observability-operator` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc project node-observability-operator
+----
+
+. Create a file named `nodeobservability.yaml` that contains the following content:
++
+[source,yaml]
+----
+    apiVersion: nodeobservability.olm.openshift.io/v1alpha2
+    kind: NodeObservability
+    metadata:
+      name: cluster <1>
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: <node_hostname> <2>
+      type: scripting <3>
+----
+<1> You must specify the name as `cluster` because there should be only one `NodeObservability` CR per cluster.
+<2> Specify the nodes on which the Node Observability agent must be deployed.
+<3> To deploy the agent in scripting mode, you must set the type to `scripting`.
+
+
+. Create the `NodeObservability` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f nodeobservability.yaml
+----
+
++
+.Example output
+[source,terminal]
+----
+nodeobservability.olm.openshift.io/cluster created
+----
+
+. Review the status of the `NodeObservability` CR by running the following command:
++
+[source,terminal]
+----
+$ oc get nob/cluster -o yaml | yq '.status.conditions'
+----
+
++
+.Example output
+[source,terminal]
+----
+conditions:
+  conditions:
+  - lastTransitionTime: "2022-07-05T07:33:54Z"
+    message: 'DaemonSet node-observability-ds ready: true NodeObservabilityScripting
+      ready: true'
+    reason: Ready
+    status: "True"
+    type: Ready
+----
+
++
+The `NodeObservability` CR run is completed when the `reason` is `Ready` and `status` is `"True"`.
\ No newline at end of file
diff --git a/modules/node-observability-scripting.adoc b/modules/node-observability-scripting.adoc
new file mode 100644
index 000000000000..f667147e5371
--- /dev/null
+++ b/modules/node-observability-scripting.adoc
@@ -0,0 +1,105 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/node-observability-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="node-observability-scripting_{context}"]
+= Configuring Node Observability Operator scripting
+
+.Prerequisites
+
+* You have installed the Node Observability Operator.
+* You have created the `NodeObservability` custom resource (CR).
+* You have access to the cluster with `cluster-admin` privileges.
+
+.Procedure
+
+. Create a file named `nodeobservabilityrun-script.yaml` that contains the following content:
++
+[source,yaml]
+----
+apiVersion: nodeobservability.olm.openshift.io/v1alpha2
+kind: NodeObservabilityRun
+metadata:
+  name: nodeobservabilityrun-script
+  namespace: node-observability-operator
+spec:
+  nodeObservabilityRef:
+    name: cluster
+    type: scripting
+----
++
+[IMPORTANT]
+====
+You can request only the following scripts:
+
+* `metrics.sh`
+* `network-metrics.sh` (uses `monitor.sh`)
+====
+
+. Trigger the scripting by creating the `NodeObservabilityRun` resource with the following command:
++
+[source,terminal]
+----
+$ oc apply -f nodeobservabilityrun-script.yaml
+----
+
+. Review the status of the `NodeObservabilityRun` scripting by running the following command:
++
+[source,terminal]
+----
+$ oc get nodeobservabilityrun nodeobservabilityrun-script -o yaml  | yq '.status.conditions'
+----
+
++
+.Example output
+[source,terminal]
+----
+Status:
+  Agents:
+    Ip:    10.128.2.252
+    Name:  node-observability-agent-n2fpm
+    Port:  8443
+    Ip:    10.131.0.186
+    Name:  node-observability-agent-wcc8p
+    Port:  8443
+  Conditions:
+    Conditions:
+      Last Transition Time:  2023-12-19T15:10:51Z
+      Message:               Ready to start profiling
+      Reason:                Ready
+      Status:                True
+      Type:                  Ready
+      Last Transition Time:  2023-12-19T15:11:01Z
+      Message:               Profiling query done
+      Reason:                Finished
+      Status:                True
+      Type:                  Finished
+  Finished Timestamp:        2023-12-19T15:11:01Z
+  Start Timestamp:           2023-12-19T15:10:51Z
+----
+
++
+The scripting is complete once `Status` is `True` and `Type` is `Finished`.
+
+. Retrieve the scripting data from the root path of the container by running the following bash script:
++
+[source,bash]
+----
+#!/bin/bash
+
+RUN=$(oc get nodeobservabilityrun --no-headers | awk '{print $1}')
+
+for a in $(oc get nodeobservabilityruns.nodeobservability.olm.openshift.io/${RUN} -o json | jq .status.agents[].name); do
+  echo "agent ${a}"
+  agent=$(echo ${a} | tr -d "\"\'\`")
+  base_dir=$(oc exec "${agent}" -c node-observability-agent -- bash -c "ls -t | grep node-observability-agent" | head -1)
+  echo "${base_dir}"
+  mkdir -p "/tmp/${agent}"
+  for p in $(oc exec "${agent}" -c node-observability-agent -- bash -c "ls ${base_dir}"); do
+    f="/${base_dir}/${p}"
+    echo "copying ${f} to /tmp/${agent}/${p}"
+    oc exec "${agent}" -c node-observability-agent -- cat ${f} > "/tmp/${agent}/${p}"
+  done
+done
+----
\ No newline at end of file
diff --git a/modules/node-tuning-hosted-cluster.adoc b/modules/node-tuning-hosted-cluster.adoc
index d6e22bd5e8d2..bbe5a2729e1e 100644
--- a/modules/node-tuning-hosted-cluster.adoc
+++ b/modules/node-tuning-hosted-cluster.adoc
@@ -2,15 +2,12 @@
 //
 // * scalability_and_performance/using-node-tuning-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="node-tuning-hosted-cluster_{context}"]
 = Configuring node tuning in a hosted cluster
 
 //# Manage node-level tuning with the Node Tuning Operator
 
-:FeatureName: Hosted control planes
-include::snippets/technology-preview.adoc[]
-
 To set node-level tuning on the nodes in your hosted cluster, you can use the Node Tuning Operator. In hosted control planes, you can configure node tuning by creating config maps that contain `Tuned` objects and referencing those config maps in your node pools.
 
 .Procedure
@@ -52,8 +49,8 @@ If you do not add any labels to an entry in the `spec.recommend` section of the
 
 . Create the `ConfigMap` object in the management cluster:
 +
-[source, terminal]
-----   
+[source,terminal]
+----
 $ oc --kubeconfig="$MGMT_KUBECONFIG" create -f tuned-1.yaml
 ----
 
@@ -89,7 +86,7 @@ Now that you have created the `ConfigMap` object that contains a `Tuned` manifes
 +
 [source,terminal]
 ----
-$ oc --kubeconfig="$HC_KUBECONFIG" get Tuneds -n openshift-cluster-node-tuning-operator
+$ oc --kubeconfig="$HC_KUBECONFIG" get tuned.tuned.openshift.io -n openshift-cluster-node-tuning-operator
 ----
 +
 .Example output
@@ -100,12 +97,12 @@ default    7m36s
 rendered   7m36s
 tuned-1    65s
 ----
-   
+
 . List the `Profile` objects in the hosted cluster:
 +
 [source,terminal]
 ----
-$ oc --kubeconfig="$HC_KUBECONFIG" get Profiles -n openshift-cluster-node-tuning-operator
+$ oc --kubeconfig="$HC_KUBECONFIG" get profile.tuned.openshift.io -n openshift-cluster-node-tuning-operator
 ----
 +
 .Example output
diff --git a/modules/node-tuning-operator-supported-tuned-daemon-plug-ins.adoc b/modules/node-tuning-operator-supported-tuned-daemon-plug-ins.adoc
index 524e9480b7b5..785f46c3b17f 100644
--- a/modules/node-tuning-operator-supported-tuned-daemon-plug-ins.adoc
+++ b/modules/node-tuning-operator-supported-tuned-daemon-plug-ins.adoc
@@ -2,6 +2,7 @@
 //
 // * scalability_and_performance/using-node-tuning-operator.adoc
 // * post_installation_configuration/node-tasks.adoc
+// * nodes/nodes/nodes-node-tuning-operator
 
 [id="supported-tuned-daemon-plug-ins_{context}"]
 = Supported TuneD daemon plugins
@@ -33,13 +34,13 @@ that is not supported. The following TuneD plugins are currently not supported:
 * systemd
 
 
-[WARNING]
+[NOTE]
 ====
-The TuneD bootloader plugin is currently supported on {op-system-first} 8.x worker nodes. For {op-system-base-full} 7.x worker nodes, the TuneD bootloader plugin is currently not supported.
+The TuneD bootloader plugin only supports {op-system-first} worker nodes.
 ====
 
-See
-link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/monitoring_and_managing_system_status_and_performance/customizing-tuned-profiles_monitoring-and-managing-system-status-and-performance#available-tuned-plug-ins_customizing-tuned-profiles[Available
-TuneD Plugins] and
-link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/monitoring_and_managing_system_status_and_performance/getting-started-with-tuned_monitoring-and-managing-system-status-and-performance[Getting
-Started with TuneD] for more information.
+.Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/monitoring_and_managing_system_status_and_performance/customizing-tuned-profiles_monitoring-and-managing-system-status-and-performance#available-tuned-plug-ins_customizing-tuned-profiles[Available TuneD Plugins]
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/monitoring_and_managing_system_status_and_performance/getting-started-with-tuned_monitoring-and-managing-system-status-and-performance[Getting Started with TuneD]
diff --git a/modules/node-tuning-operator.adoc b/modules/node-tuning-operator.adoc
index 847043db7165..de240decea56 100644
--- a/modules/node-tuning-operator.adoc
+++ b/modules/node-tuning-operator.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "cluster-capabilities"]
 :cluster-caps:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-node-tuning-operator_{context}"]
 ifdef::operators[]
 = Node Tuning Operator
@@ -44,7 +44,9 @@ The Operator manages the containerized TuneD daemon for {product-title} as a Kub
 
 Node-level settings applied by the containerized TuneD daemon are rolled back on an event that triggers a profile change or when the containerized TuneD daemon is terminated gracefully by receiving and handling a termination signal.
 
-The Node Tuning Operator uses the Performance Profile controller to implement automatic tuning to achieve low latency performance for {product-title} applications. The cluster administrator configures a performance profile to define node-level settings such as the following:
+The Node Tuning Operator uses the Performance Profile controller to implement automatic tuning to achieve low latency performance for {product-title} applications.
+
+The cluster administrator configures a performance profile to define node-level settings such as the following:
 
 * Updating the kernel to kernel-rt.
 * Choosing CPUs for housekeeping.
@@ -52,7 +54,7 @@ The Node Tuning Operator uses the Performance Profile controller to implement au
 
 [NOTE]
 ====
-Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performace profiles.
+Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performance profiles.
 ====
 
 The Node Tuning Operator is part of a standard {product-title} installation in version 4.1 and later.
diff --git a/modules/nodes-application-secrets-using.adoc b/modules/nodes-application-secrets-using.adoc
index 58c7e03a9273..42182a6364a2 100644
--- a/modules/nodes-application-secrets-using.adoc
+++ b/modules/nodes-application-secrets-using.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-application-secrets-creating-using-sa_{context}"]
 = Creating and using secrets
 
@@ -44,7 +44,7 @@ $ oc apply -f service-account-token-secret.yaml
 +
 [source,terminal]
 -----
-$ oc get secret <sa_token_secret> -o jsonpath='{.data.token}' | base64 --decode) <1>
+$ oc get secret <sa_token_secret> -o jsonpath='{.data.token}' | base64 --decode <1>
 -----
 +
 .Example output
diff --git a/modules/nodes-cluster-enabling-features-about.adoc b/modules/nodes-cluster-enabling-features-about.adoc
index 88c1f845e48a..7b1433dd1649 100644
--- a/modules/nodes-cluster-enabling-features-about.adoc
+++ b/modules/nodes-cluster-enabling-features-about.adoc
@@ -2,7 +2,7 @@
 //
 // nodes/clusters/nodes-cluster-enabling-features.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-enabling-features-about_{context}"]
 = Understanding feature gates
 
@@ -21,15 +21,22 @@ The following Technology Preview features are enabled by this feature set:
 +
 --
 ** External cloud providers. Enables support for external cloud providers for clusters on vSphere, AWS, Azure, and GCP. Support for OpenStack is GA. This is an internal feature that most users do not need to interact with. (`ExternalCloudProvider`)
-** Shared Resources CSI Driver and Build CSI Volumes in OpenShift Builds. Enables the Container Storage Interface (CSI). (`CSIDriverSharedResource`)
-** CSI volumes. Enables CSI volume support for the {product-title} build system. (`BuildCSIVolumes`)
+** Shared Resources CSI Driver in OpenShift Builds. Enables the Container Storage Interface (CSI). (`CSIDriverSharedResource`)
 ** Swap memory on nodes. Enables swap memory use for {product-title} workloads on a per-node basis. (`NodeSwap`)
 ** OpenStack Machine API Provider. This gate has no effect and is planned to be removed from this feature set in a future release. (`MachineAPIProviderOpenStack`)
 ** Insights Operator. Enables the Insights Operator, which gathers {product-title} configuration data and sends it to Red Hat. (`InsightsConfigAPI`)
 ** Retroactive Default Storage Class. Enables {product-title} to retroactively assign the default storage class to PVCs if there was no default storage class when the PVC was created.(`RetroactiveDefaultStorageClass`)
-** Pod disruption budget (PDB) unhealthy pod eviction policy. Enables support for specifying how unhealthy pods are considered for eviction when using PDBs. (`PDBUnhealthyPodEvictionPolicy`)
 ** Dynamic Resource Allocation API. Enables a new API for requesting and sharing resources between pods and containers. This is an internal feature that most users do not need to interact with. (`DynamicResourceAllocation`)
 ** Pod security admission enforcement. Enables the restricted enforcement mode for pod security admission. Instead of only logging a warning, pods are rejected if they violate pod security standards. (`OpenShiftPodSecurityAdmission`)
+** StatefulSet pod availability upgrading limits. Enables users to define the maximum number of statefulset pods unavailable during updates which reduces application downtime. (`MaxUnavailableStatefulSet`)
+** Admin Network Policy and Baseline Admin Network Policy. Enables `AdminNetworkPolicy` and `BaselineAdminNetworkPolicy` resources, which are part of the Network Policy V2 API, in clusters running the OVN-Kubernetes CNI plugin. Cluster administrators can apply cluster-scoped policies and safeguards for an entire cluster before namespaces are created. Network administrators can secure clusters by enforcing network traffic controls that cannot be overridden by users. Network administrators can enforce optional baseline network traffic controls that can be overridden by users in the cluster, if necessary. Currently, these APIs support only expressing policies for intra-cluster traffic. (`AdminNetworkPolicy`)
+** `MatchConditions` is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of `matchConditions` matches all requests. (`admissionWebhookMatchConditions`)
+** Gateway API. To enable the {product-title} Gateway API, set the value of the `enabled` field to `true` in the `techPreview.gatewayAPI` specification of the `ServiceMeshControlPlane` resource.(`gateGatewayAPI`)
+** `sigstoreImageVerification`
+** `gcpLabelsTags`
+** `vSphereStaticIPs`
+** `routeExternalCertificate`
+** `automatedEtcdBackup`
 --
 
 ////
diff --git a/modules/nodes-cluster-enabling-features-cli.adoc b/modules/nodes-cluster-enabling-features-cli.adoc
index 8eddd396ca88..468c6dff672a 100644
--- a/modules/nodes-cluster-enabling-features-cli.adoc
+++ b/modules/nodes-cluster-enabling-features-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cluster/nodes-cluster-enabling-features.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-enabling-features-cli_{context}"]
 = Enabling feature sets using the CLI
 
@@ -36,6 +36,7 @@ apiVersion: config.openshift.io/v1
 kind: FeatureGate
 metadata:
   name: cluster <1>
+# ...
 spec:
   featureSet: TechPreviewNoUpgrade <2>
 ----
diff --git a/modules/nodes-cluster-enabling-features-console.adoc b/modules/nodes-cluster-enabling-features-console.adoc
index 316ddf01d001..4fc2755cd7f1 100644
--- a/modules/nodes-cluster-enabling-features-console.adoc
+++ b/modules/nodes-cluster-enabling-features-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/clusters/nodes-cluster-enabling-features.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-enabling-features-console_{context}"]
 = Enabling feature sets using the web console
 
@@ -35,8 +35,7 @@ apiVersion: config.openshift.io/v1
 kind: FeatureGate
 metadata:
   name: cluster <1>
-....
-
+# ...
 spec:
   featureSet: TechPreviewNoUpgrade <2>
 ----
diff --git a/modules/nodes-cluster-enabling-features-install.adoc b/modules/nodes-cluster-enabling-features-install.adoc
index c231b806ae54..5f3c9b0b7687 100644
--- a/modules/nodes-cluster-enabling-features-install.adoc
+++ b/modules/nodes-cluster-enabling-features-install.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cluster/nodes-cluster-enabling-features.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-enabling-features-install_{context}"]
 = Enabling feature sets at installation
 
diff --git a/modules/nodes-cluster-limit-ranges-about.adoc b/modules/nodes-cluster-limit-ranges-about.adoc
index 83270f88e963..47253e879edd 100644
--- a/modules/nodes-cluster-limit-ranges-about.adoc
+++ b/modules/nodes-cluster-limit-ranges-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cluster/limit-ranges.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-limit-ranges-about_{context}"]
 = About limit ranges
 
diff --git a/modules/nodes-cluster-limit-ranges-creating.adoc b/modules/nodes-cluster-limit-ranges-creating.adoc
index 8899988e3947..e82b4d70f40d 100644
--- a/modules/nodes-cluster-limit-ranges-creating.adoc
+++ b/modules/nodes-cluster-limit-ranges-creating.adoc
@@ -64,6 +64,7 @@ spec:
 
 . Create the object:
 +
+[source,terminal]
 ----
 $ oc create -f <limit_range_file> -n <project> <1>
 ----
diff --git a/modules/nodes-cluster-limit-ranges-deleting.adoc b/modules/nodes-cluster-limit-ranges-deleting.adoc
index 24b63725ae3d..b23d30252026 100644
--- a/modules/nodes-cluster-limit-ranges-deleting.adoc
+++ b/modules/nodes-cluster-limit-ranges-deleting.adoc
@@ -8,8 +8,9 @@
 
 To remove any active `LimitRange` object to no longer enforce the limits in a project:
 
-. Run the following command:
+* Run the following command:
 +
+[source,terminal]
 ----
 $ oc delete limits <limit_name>
 ----
diff --git a/modules/nodes-cluster-limit-ranges-limits.adoc b/modules/nodes-cluster-limit-ranges-limits.adoc
index d232cbb849ea..770e063afe57 100644
--- a/modules/nodes-cluster-limit-ranges-limits.adoc
+++ b/modules/nodes-cluster-limit-ranges-limits.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cluster/limit-ranges.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-limit-ranges-limits_{context}"]
 = About component limits
 
diff --git a/modules/nodes-cluster-limit-ranges-viewing.adoc b/modules/nodes-cluster-limit-ranges-viewing.adoc
index 550e5b321b88..49c9457d9f7a 100644
--- a/modules/nodes-cluster-limit-ranges-viewing.adoc
+++ b/modules/nodes-cluster-limit-ranges-viewing.adoc
@@ -13,10 +13,12 @@ You can also use the CLI to view limit range details:
 . Get the list of `LimitRange` object defined in the project. For example, for a
 project called *demoproject*:
 +
+[source,terminal]
 ----
 $ oc get limits -n demoproject
 ----
 +
+[source,terminal]
 ----
 NAME              CREATED AT
 resource-limits   2020-07-15T17:14:23Z
@@ -25,10 +27,14 @@ resource-limits   2020-07-15T17:14:23Z
 . Describe the `LimitRange` object you are interested in, for example the
 `resource-limits` limit range:
 +
+
+[source,terminal]
 ----
 $ oc describe limits resource-limits -n demoproject
 ----
 +
+
+[source,terminal]
 ----
 Name:                           resource-limits
 Namespace:                      demoproject
diff --git a/modules/nodes-cluster-overcommit-about.adoc b/modules/nodes-cluster-overcommit-about.adoc
index fe23c4e45218..00510dcb0d3b 100644
--- a/modules/nodes-cluster-overcommit-about.adoc
+++ b/modules/nodes-cluster-overcommit-about.adoc
@@ -2,14 +2,14 @@
 //
 // * nodes/nodes-cluster-overcommit.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-overcommit-about_{context}"]
 = Understanding overcommitment
 
 Requests and limits enable administrators to allow and manage the overcommitment of resources on a node. The scheduler uses requests for scheduling your container and providing a minimum service guarantee. Limits constrain the amount of compute resource that may be consumed on your node.
 
 {product-title} administrators can control the level of overcommit and manage container density on nodes by configuring masters to override the ratio between request and limit set on developer containers. In conjunction with a per-project `LimitRange` object specifying limits and defaults, this adjusts the container limit and request to achieve the desired level of overcommit.
-	
+
 [NOTE]
 ====
 That these overrides have no effect if no limits have been set on containers. Create a `LimitRange` object with default limits, per individual project, or in the project template, to ensure that the overrides apply.
diff --git a/modules/nodes-cluster-overcommit-configure-nodes.adoc b/modules/nodes-cluster-overcommit-configure-nodes.adoc
index 6e32a4e41fc6..7518a1d6bef3 100644
--- a/modules/nodes-cluster-overcommit-configure-nodes.adoc
+++ b/modules/nodes-cluster-overcommit-configure-nodes.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-overcommit-configure-nodes_{context}"]
 = Understanding nodes overcommitment
 
@@ -32,7 +32,9 @@ $ sysctl -a |grep commit
 .Example output
 [source,terminal]
 ----
-vm.overcommit_memory = 1
+#...
+vm.overcommit_memory = 0
+#...
 ----
 
 [source,terminal]
@@ -43,7 +45,9 @@ $ sysctl -a |grep panic
 .Example output
 [source,terminal]
 ----
+#...
 vm.panic_on_oom = 0
+#...
 ----
 
 [NOTE]
diff --git a/modules/nodes-cluster-overcommit-node-disable.adoc b/modules/nodes-cluster-overcommit-node-disable.adoc
index 5008a034fccd..a428777f8de9 100644
--- a/modules/nodes-cluster-overcommit-node-disable.adoc
+++ b/modules/nodes-cluster-overcommit-node-disable.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-overcommit-node-disable_{context}"]
 = Disabling overcommitment for a node
 
diff --git a/modules/nodes-cluster-overcommit-node-enforcing.adoc b/modules/nodes-cluster-overcommit-node-enforcing.adoc
index 36eef517fc6e..4d5738731f05 100644
--- a/modules/nodes-cluster-overcommit-node-enforcing.adoc
+++ b/modules/nodes-cluster-overcommit-node-enforcing.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-overcommit-node-enforcing_{context}"]
 
 = Disabling or enforcing CPU limits using CPU CFS quotas
@@ -18,7 +18,7 @@ If you disable CPU limit enforcement, it is important to understand the impact o
 
 .Prerequisites
 
-. Obtain the label associated with the static `MachineConfigPool` CRD for the type of node you want to configure by entering the following command:
+* Obtain the label associated with the static `MachineConfigPool` CRD for the type of node you want to configure by entering the following command:
 +
 [source,terminal]
 ----
@@ -50,6 +50,7 @@ metadata:
 ====
 If the label is not present, add a key/value pair such as:
 
+[source,terminal]
 ----
 $ oc label machineconfigpool worker custom-kubelet=small-pods
 ----
@@ -71,12 +72,11 @@ spec:
     matchLabels:
       pools.operator.machineconfiguration.openshift.io/worker: "" <2>
   kubeletConfig:
-    cpuCfsQuota: <3>
-      - "true"
+    cpuCfsQuota: false <3>
 ----
 <1> Assign a name to CR.
 <2> Specify the label from the machine config pool.
-<3> Set the `cpuCfsQuota` parameter to `true`.
+<3> Set the `cpuCfsQuota` parameter to `false`.
 
 . Run the following command to create the CR:
 +
diff --git a/modules/nodes-cluster-overcommit-node-resources.adoc b/modules/nodes-cluster-overcommit-node-resources.adoc
index 2ad225ce529f..6b4260222b0e 100644
--- a/modules/nodes-cluster-overcommit-node-resources.adoc
+++ b/modules/nodes-cluster-overcommit-node-resources.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-overcommit-node-resources_{context}"]
 
 = Reserving resources for system processes
diff --git a/modules/nodes-cluster-overcommit-project-disable.adoc b/modules/nodes-cluster-overcommit-project-disable.adoc
index c6ed79327f1b..f5668961fcb8 100644
--- a/modules/nodes-cluster-overcommit-project-disable.adoc
+++ b/modules/nodes-cluster-overcommit-project-disable.adoc
@@ -3,29 +3,33 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-overcommit-project-disable_{context}"]
 = Disabling overcommitment for a project
 
-When enabled, overcommitment can be disabled per-project.
-For example, you can allow infrastructure components to be configured independently of overcommitment.
+When enabled, overcommitment can be disabled per-project. For example, you can allow infrastructure components to be configured independently of overcommitment.
 
 .Procedure
 
 To disable overcommitment in a project:
 
-. Edit the project object file
+ifndef::openshift-rosa,openshift-dedicated[]
+. Create or edit the namespace object file.
+endif::openshift-rosa,openshift-dedicated[]
+// Invalid value: "false": field is immutable, try updating the namespace
+ifdef::openshift-rosa,openshift-dedicated[]
+. Edit the namespace object file.
+endif::openshift-rosa,openshift-dedicated[]
 
 . Add the following annotation:
 +
 [source,yaml]
 ----
-quota.openshift.io/cluster-resource-override-enabled: "false"
-----
-
-. Create the project object:
-+
-[source,terminal]
-----
-$ oc create -f <file-name>.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    quota.openshift.io/cluster-resource-override-enabled: "false" <1>
+# ...
 ----
+<1> Setting this annotation to `false` disables overcommit for this namespace.
diff --git a/modules/nodes-cluster-overcommit-qos-about.adoc b/modules/nodes-cluster-overcommit-qos-about.adoc
index 2ad8cb3fe5b9..896713d64fee 100644
--- a/modules/nodes-cluster-overcommit-qos-about.adoc
+++ b/modules/nodes-cluster-overcommit-qos-about.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-overcommit-qos-about_{context}"]
 = Understanding overcomitment and quality of service classes
 
diff --git a/modules/nodes-cluster-overcommit-resources-containers.adoc b/modules/nodes-cluster-overcommit-resources-containers.adoc
index 63f5143808d2..7576aff29ede 100644
--- a/modules/nodes-cluster-overcommit-resources-containers.adoc
+++ b/modules/nodes-cluster-overcommit-resources-containers.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-overcommit-reserving-memory_{context}"]
 = Understanding compute resources and containers
 The node-enforced behavior for compute resources is specific to the resource
diff --git a/modules/nodes-cluster-resource-configure-about.adoc b/modules/nodes-cluster-resource-configure-about.adoc
index 4967ccf670ae..b052e0ce5b70 100644
--- a/modules/nodes-cluster-resource-configure-about.adoc
+++ b/modules/nodes-cluster-resource-configure-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-cluster-resource-configure.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-resource-configure-about_{context}"]
 = Understanding managing application memory
 
@@ -45,9 +45,9 @@ Note the following about memory requests and memory limits:
 
   - The cluster administrator can assign quota or assign default values for the memory limit value.
 
-  - The minimum memory limit is 12 MB. If a container fails to start due to a `Cannot allocate memory` pod event, the memory limit is too low. 
+  - The minimum memory limit is 12 MB. If a container fails to start due to a `Cannot allocate memory` pod event, the memory limit is too low.
 Either increase or remove the memory limit. Removing the limit allows pods to consume unbounded node resources.
- 
+
 [id="nodes-cluster-resource-configure-about-memory_{context}"]
 == Managing application memory strategy
 
diff --git a/modules/nodes-cluster-resource-configure-evicted.adoc b/modules/nodes-cluster-resource-configure-evicted.adoc
index 54771fbab4d2..96071afb45de 100644
--- a/modules/nodes-cluster-resource-configure-evicted.adoc
+++ b/modules/nodes-cluster-resource-configure-evicted.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-cluster-resource-configure.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-resource-configure-evicted_{context}"]
 = Understanding pod eviction
 
diff --git a/modules/nodes-cluster-resource-configure-jdk.adoc b/modules/nodes-cluster-resource-configure-jdk.adoc
index 40b55ff1e2a8..886e7b343418 100644
--- a/modules/nodes-cluster-resource-configure-jdk.adoc
+++ b/modules/nodes-cluster-resource-configure-jdk.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-cluster-resource-configure.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-resource-configure-jdk_{context}"]
 = Understanding OpenJDK settings for {product-title}
 
@@ -36,7 +36,7 @@ override this behavior, especially if a container memory limit is also set.
 
 There are at least two ways the above can be achieved:
 
-. If the container memory limit is set and the experimental options are
+* If the container memory limit is set and the experimental options are
    supported by the JVM, set `-XX:+UnlockExperimentalVMOptions
    -XX:+UseCGroupMemoryLimitForHeap`.
 +
@@ -48,7 +48,7 @@ The `UseCGroupMemoryLimitForHeap` option has been removed in JDK 11. Use `-XX:+U
 This sets `-XX:MaxRAM` to the container memory limit, and the maximum heap size
 (`-XX:MaxHeapSize` / `-Xmx`) to 1/`-XX:MaxRAMFraction` (1/4 by default).
 
-. Directly override one of `-XX:MaxRAM`, `-XX:MaxHeapSize` or `-Xmx`.
+* Directly override one of `-XX:MaxRAM`, `-XX:MaxHeapSize` or `-Xmx`.
 +
 This option involves hard-coding a value, but has the advantage of allowing a
 safety margin to be calculated.
diff --git a/modules/nodes-cluster-resource-configure-oom.adoc b/modules/nodes-cluster-resource-configure-oom.adoc
index aa5ba1a93664..605bf3366d58 100644
--- a/modules/nodes-cluster-resource-configure-oom.adoc
+++ b/modules/nodes-cluster-resource-configure-oom.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-cluster-resource-configure.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-resource-configure-oom_{context}"]
 = Understanding OOM kill policy
 
@@ -32,6 +32,11 @@ follows:
 [source,terminal]
 ----
 $ grep '^oom_kill ' /sys/fs/cgroup/memory/memory.oom_control
+----
++
+.Example output
+[source,terminal]
+----
 oom_kill 0
 ----
 
@@ -39,7 +44,7 @@ oom_kill 0
 +
 [source,terminal]
 ----
-$ sed -e '' </dev/zero 
+$ sed -e '' </dev/zero
 ----
 +
 .Example output
@@ -68,6 +73,11 @@ The `137` code indicates the container process exited with code 137, indicating
 [source,terminal]
 ----
 $ grep '^oom_kill ' /sys/fs/cgroup/memory/memory.oom_control
+----
++
+.Example output
+[source,terminal]
+----
 oom_kill 1
 ----
 +
diff --git a/modules/nodes-cluster-resource-configure-request-limit.adoc b/modules/nodes-cluster-resource-configure-request-limit.adoc
index d32987fd14d3..bbd4bdceef09 100644
--- a/modules/nodes-cluster-resource-configure-request-limit.adoc
+++ b/modules/nodes-cluster-resource-configure-request-limit.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-cluster-resource-configure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-resource-configure-request-limit_{context}"]
 = Finding the memory request and limit from within a pod
 
@@ -12,6 +12,8 @@ within a pod should use the Downward API.
 .Procedure
 
 . Configure the pod to add the `MEMORY_REQUEST` and `MEMORY_LIMIT` stanzas:
+
+.. Create a YAML file similar to the following:
 +
 [source,yaml]
 ----
@@ -46,13 +48,15 @@ spec:
 <1> Add this stanza to discover the application memory request value.
 <2> Add this stanza to discover the application memory limit value.
 
-. Create the pod:
+.. Create the pod by running the following command:
 +
 [source,terminal]
 ----
 $ oc create -f <file-name>.yaml
 ----
 
+.Verification
+
 . Access the pod using a remote shell:
 +
 [source,terminal]
diff --git a/modules/nodes-cluster-resource-configure.adoc b/modules/nodes-cluster-resource-configure.adoc
index f9e449647264..faac3fbc1ee7 100644
--- a/modules/nodes-cluster-resource-configure.adoc
+++ b/modules/nodes-cluster-resource-configure.adoc
@@ -3,7 +3,7 @@
 // * nodes/clusters/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-resource-configure_{context}"]
 = Configuring cluster-level overcommit
 
@@ -34,6 +34,7 @@ spec:
       memoryRequestToLimitPercent: 50 <1>
       cpuRequestToLimitPercent: 25 <2>
       limitCPUToMemoryPercent: 200 <3>
+# ...
 ----
 <1> Optional. Specify the percentage to override the container memory limit, if used, between 1-100. The default is 50.
 <2> Optional. Specify the percentage to override the container CPU limit, if used, between 1-100. The default is 25.
@@ -47,11 +48,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
 
- ...
+# ...
 
   labels:
     clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: "true" <1>
 
- ...
+# ...
 ----
 <1> Add this label to each project.
diff --git a/modules/nodes-cluster-resource-levels-about.adoc b/modules/nodes-cluster-resource-levels-about.adoc
index a259b7cccbc9..2a9299ad412d 100644
--- a/modules/nodes-cluster-resource-levels-about.adoc
+++ b/modules/nodes-cluster-resource-levels-about.adoc
@@ -2,11 +2,11 @@
 //
 // * nodes/nodes-cluster-resource-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-resource-levels-about_{context}"]
-= Understanding the {product-title} cluster capacity tool 
+= Understanding the OpenShift Cluster Capacity Tool
 
-The cluster capacity tool simulates a sequence of scheduling decisions to
+The OpenShift Cluster Capacity Tool simulates a sequence of scheduling decisions to
 determine how many instances of an input pod can be scheduled on the cluster
 before it is exhausted of resources to provide a more accurate estimation.
 
@@ -23,6 +23,6 @@ on its selection and affinity criteria. As a result, the estimation of which
 remaining pods a cluster can schedule can be difficult.
 ====
 
-You can run the cluster capacity analysis tool as a stand-alone utility from 
-the command line, or as a job in a pod inside an {product-title} cluster. 
-Running it as job inside of a pod enables you to run it multiple times without intervention.
+You can run the OpenShift Cluster Capacity Tool as a stand-alone utility from
+the command line, or as a job in a pod inside an {product-title} cluster.
+Running the tool as job inside of a pod enables you to run it multiple times without intervention.
diff --git a/modules/nodes-cluster-resource-levels-command.adoc b/modules/nodes-cluster-resource-levels-command.adoc
index a23a24648dc1..1e061d2706d5 100644
--- a/modules/nodes-cluster-resource-levels-command.adoc
+++ b/modules/nodes-cluster-resource-levels-command.adoc
@@ -2,22 +2,24 @@
 //
 // * nodes/nodes-cluster-resource-levels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-resource-levels-command_{context}"]
-= Running the cluster capacity tool on the command line
+= Running the OpenShift Cluster Capacity Tool on the command line
 
-You can run the {product-title} cluster capacity tool from the command line
+You can run the OpenShift Cluster Capacity Tool from the command line
 to estimate the number of pods that can be scheduled onto your cluster.
 
+You create a sample pod spec file, which the tool uses for estimating resource usage. The pod spec specifies its resource
+requirements as `limits` or `requests`. The cluster capacity tool takes the
+pod's resource requirements into account for its estimation analysis.
+
 .Prerequisites
 
-* Run the link:https://catalog.redhat.com/software/containers/openshift4/ose-cluster-capacity/5cca0324d70cc57c44ae8eb6?container-tabs=overview[OpenShift Cluster Capacity Tool], which is available as a container image from the Red Hat Ecosystem Catalog.
+. Run the link:https://catalog.redhat.com/software/containers/openshift4/ose-cluster-capacity/5cca0324d70cc57c44ae8eb6?container-tabs=overview[OpenShift Cluster Capacity Tool], which is available as a container image from the Red Hat Ecosystem Catalog.
 
-* Create a sample `Pod` spec file, which the tool uses for estimating resource usage. The `podspec` specifies its resource
-requirements as `limits` or `requests`. The cluster capacity tool takes the
-pod's resource requirements into account for its estimation analysis.
-+
-An example of the `Pod` spec input is:
+. Create a sample pod spec file:
+
+.. Create a YAML file similar to the following:
 +
 [source,yaml]
 ----
@@ -42,6 +44,18 @@ spec:
         memory: 100Mi
 ----
 
+.. Create the cluster role:
++
+[source,terminal]
+----
+$ oc create -f <file_name>.yaml
+----
+For example:
++
+[source,terminal]
+----
+$ oc create -f pod-spec.yaml
+----
 
 .Procedure
 
@@ -66,10 +80,17 @@ $ podman pull registry.redhat.io/openshift4/ose-cluster-capacity
 [source,terminal]
 ----
 $ podman run -v $HOME/.kube:/kube:Z -v $(pwd):/cc:Z  ose-cluster-capacity \
-/bin/cluster-capacity --kubeconfig /kube/config --podspec /cc/pod-spec.yaml \
---verbose <1>
+/bin/cluster-capacity --kubeconfig /kube/config --<pod_spec>.yaml /cc/<pod_spec>.yaml \
+--verbose
 ----
-<1> You can also add the `--verbose` option to output a detailed description of how many pods can be scheduled on each node in the cluster.
++
+--
+where:
+
+<pod_spec>.yaml:: Specifies the pod spec to use.
+
+verbose:: Outputs a detailed description of how many pods can be scheduled on each node in the cluster.
+--
 +
 .Example output
 [source,terminal]
diff --git a/modules/nodes-cluster-resource-levels-job.adoc b/modules/nodes-cluster-resource-levels-job.adoc
index 8ef5171faa19..9c915fc91bb7 100644
--- a/modules/nodes-cluster-resource-levels-job.adoc
+++ b/modules/nodes-cluster-resource-levels-job.adoc
@@ -2,31 +2,25 @@
 //
 // * nodes/nodes-cluster-resource-levels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-resource-levels-job_{context}"]
-= Running the cluster capacity tool as a job inside a pod
+= Running the OpenShift Cluster Capacity Tool as a job inside a pod
 
-Running the cluster capacity tool as a job inside of a pod has the advantage of
-being able to be run multiple times without needing user intervention. Running
-the cluster capacity tool as a job involves using a `ConfigMap` object.
+Running the OpenShift Cluster Capacity Tool as a job inside of a pod allows you to run the tool multiple times without needing user intervention. You run the OpenShift Cluster Capacity Tool as a job by using a `ConfigMap` object.
 
 .Prerequisites
 
-Download and install link:https://github.com/kubernetes-incubator/cluster-capacity[the cluster capacity tool].
+Download and install link:https://github.com/openshift/cluster-capacity[OpenShift Cluster Capacity Tool].
 
 .Procedure
 
 To run the cluster capacity tool:
 
 . Create the cluster role:
+
+.. Create a YAML file similar to the following:
 +
-[source,terminal]
-----
-$ cat << EOF| oc create -f -
-----
-+
-.Example output
-[source,terminal]
+[source,yaml]
 ----
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -45,25 +39,43 @@ rules:
 - apiGroups: ["storage.k8s.io"]
   resources: ["storageclasses"]
   verbs: ["get", "watch", "list"]
-EOF
 ----
 
-. Create the service account:
+.. Create the cluster role by running the following command:
++
+[source,terminal]
+----
+$ oc create -f <file_name>.yaml
+----
+For example:
 +
 [source,terminal]
 ----
 $ oc create sa cluster-capacity-sa
 ----
 
+. Create the service account:
++
+[source,terminal]
+----
+$ oc create sa cluster-capacity-sa -n default
+----
+
 . Add the role to the service account:
 +
 [source,terminal]
 ----
 $ oc adm policy add-cluster-role-to-user cluster-capacity-role \
-    system:serviceaccount:default:cluster-capacity-sa
+    system:serviceaccount:<namespace>:cluster-capacity-sa
 ----
++
+where:
+
+<namespace>:: Specifies the namespace where the pod is located.
 
-. Define and create the `Pod` spec:
+. Define and create the pod spec:
+
+.. Create a YAML file similar to the following:
 +
 [source,yaml]
 ----
@@ -88,18 +100,33 @@ spec:
         memory: 100Mi
 ----
 
-. The cluster capacity analysis is mounted in a volume using a
-`ConfigMap` object named `cluster-capacity-configmap` to mount input pod spec file
-`pod.yaml` into a volume `test-volume` at the path `/test-pod`.
+.. Create the pod by running the following command:
 +
-If you haven't created a `ConfigMap` object, create one before creating the job:
+[source,terminal]
+----
+$ oc create -f <file_name>.yaml
+----
 +
+For example:
++
+[source,terminal]
+----
+$ oc create -f pod.yaml
+----
+
+. Created a config map object by running the following command:
++
+[source,terminal]
 ----
 $ oc create configmap cluster-capacity-configmap \
     --from-file=pod.yaml=pod.yaml
 ----
++
+The cluster capacity analysis is mounted in a volume using a config map object named `cluster-capacity-configmap` to mount the input pod spec file `pod.yaml` into a volume `test-volume` at the path `/test-pod`.
 
 . Create the job using the below example of a job specification file:
+
+.. Create a YAML file similar to the following:
 +
 [source,yaml]
 ----
@@ -136,20 +163,19 @@ spec:
           configMap:
             name: cluster-capacity-configmap
 ----
-<1> A required environment variable letting the cluster capacity tool
- know that it is running inside a cluster as a pod.
+<1> A required environment variable letting the cluster capacity tool know that it is running inside a cluster as a pod.
  +
-The `pod.yaml` key of the `ConfigMap` object is the same as the `Pod` spec file
-name, though it is not required. By doing this, the input pod spec file can be
-accessed inside the pod as `/test-pod/pod.yaml`.
+The `pod.yaml` key of the `ConfigMap` object is the same as the `Pod` spec file name, though it is not required. By doing this, the input pod spec file can be accessed inside the pod as `/test-pod/pod.yaml`.
 
-. Run the cluster capacity image as a job in a pod:
+.. Run the cluster capacity image as a job in a pod by running the following command:
 +
 [source,terminal]
 ----
 $ oc create -f cluster-capacity-job.yaml
 ----
 
+.Verification
+
 . Check the job logs to find the number of pods that can be scheduled in the
  cluster:
 +
diff --git a/modules/nodes-cluster-resource-override-deploy-cli.adoc b/modules/nodes-cluster-resource-override-deploy-cli.adoc
index 787cb387cae9..7191bf474c2c 100644
--- a/modules/nodes-cluster-resource-override-deploy-cli.adoc
+++ b/modules/nodes-cluster-resource-override-deploy-cli.adoc
@@ -3,7 +3,7 @@
 // * nodes/clusters/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-resource-override-deploy-cli_{context}"]
 = Installing the Cluster Resource Override Operator using the CLI
 
@@ -77,7 +77,7 @@ $ oc create -f cro-og.yaml
 
 .. Create a `Subscription` object YAML file (for example, cro-sub.yaml) for the Cluster Resource Override Operator:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -85,7 +85,7 @@ metadata:
   name: clusterresourceoverride
   namespace: clusterresourceoverride-operator
 spec:
-  channel: "4.13"
+  channel: "{product-version}"
   name: clusterresourceoverride
   source: redhat-operators
   sourceNamespace: openshift-marketplace
@@ -180,16 +180,16 @@ spec:
       memoryRequestToLimitPercent: 50
 status:
 
-....
+# ...
 
     mutatingWebhookConfigurationRef: <1>
-      apiVersion: admissionregistration.k8s.io/v1beta1
+      apiVersion: admissionregistration.k8s.io/v1
       kind: MutatingWebhookConfiguration
       name: clusterresourceoverrides.admission.autoscaling.openshift.io
       resourceVersion: "127621"
       uid: 98b3b8ae-d5ce-462b-8ab5-a729ea8f38f3
 
-....
+# ...
 ----
 <1> Reference to the `ClusterResourceOverride` admission webhook.
 
@@ -205,10 +205,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
 
-....
+# ...
 
   labels:
     clusterresourceoverrides.admission.autoscaling.openshift.io: enabled <1>
+# ...
 ----
 <1> Add the `clusterresourceoverrides.admission.autoscaling.openshift.io: enabled` label to the Namespace.
 ////
diff --git a/modules/nodes-cluster-resource-override-deploy-console.adoc b/modules/nodes-cluster-resource-override-deploy-console.adoc
index 600c1ba5e840..4b29cb8efb0b 100644
--- a/modules/nodes-cluster-resource-override-deploy-console.adoc
+++ b/modules/nodes-cluster-resource-override-deploy-console.adoc
@@ -2,11 +2,11 @@
 //
 // * nodes/clusters/nodes-cluster-overcommit.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-resource-override-deploy-console_{context}"]
 = Installing the Cluster Resource Override Operator using the web console
 
-You can use the {product-title} web console to install the Cluster Resource Override Operator to help control overcommit in your cluster.  
+You can use the {product-title} web console to install the Cluster Resource Override Operator to help control overcommit in your cluster.
 
 .Prerequisites
 
@@ -29,7 +29,7 @@ To install the Cluster Resource Override Operator using the {product-title} web
 
 .. Choose  *ClusterResourceOverride Operator* from the list of available Operators and click *Install*.
 
-.. On the *Install Operator* page, make sure *A specific Namespace on the cluster* is selected for *Installation Mode*. 
+.. On the *Install Operator* page, make sure *A specific Namespace on the cluster* is selected for *Installation Mode*.
 
 .. Make sure *clusterresourceoverride-operator* is selected for *Installed Namespace*.
 
@@ -39,9 +39,9 @@ To install the Cluster Resource Override Operator using the {product-title} web
 
 . On the *Installed Operators* page, click *ClusterResourceOverride*.
 
-.. On the *ClusterResourceOverride Operator* details page, click *Create Instance*.
+.. On the *ClusterResourceOverride Operator* details page, click *Create ClusterResourceOverride*.
 
-.. On the *Create ClusterResourceOverride* page, edit the YAML template to set the overcommit values as needed:
+.. On the *Create ClusterResourceOverride* page, click *YAML view* and edit the YAML template to set the overcommit values as needed:
 +
 [source,yaml]
 ----
@@ -55,6 +55,7 @@ spec:
       memoryRequestToLimitPercent: 50 <2>
       cpuRequestToLimitPercent: 25 <3>
       limitCPUToMemoryPercent: 200 <4>
+# ...
 ----
 <1> The name must be `cluster`.
 <2> Optional. Specify the percentage to override the container memory limit, if used, between 1-100. The default is 50.
@@ -91,16 +92,16 @@ spec:
       memoryRequestToLimitPercent: 50
 status:
 
-....
+# ...
 
     mutatingWebhookConfigurationRef: <1>
-      apiVersion: admissionregistration.k8s.io/v1beta1
+      apiVersion: admissionregistration.k8s.io/v1
       kind: MutatingWebhookConfiguration
       name: clusterresourceoverrides.admission.autoscaling.openshift.io
       resourceVersion: "127621"
       uid: 98b3b8ae-d5ce-462b-8ab5-a729ea8f38f3
 
-....
+# ...
 
 ----
 <1> Reference to the `ClusterResourceOverride` admission webhook.
@@ -119,10 +120,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
 
-....
+# ...
 
   labels:
     clusterresourceoverrides.admission.autoscaling.openshift.io: enabled <1>
----- 
+# ...
+----
 <1> Add the `clusterresourceoverrides.admission.autoscaling.openshift.io: enabled` label to the Namespace.
 ////
diff --git a/modules/nodes-cluster-resource-override.adoc b/modules/nodes-cluster-resource-override.adoc
index 21d2dd30723d..85840f218b70 100644
--- a/modules/nodes-cluster-resource-override.adoc
+++ b/modules/nodes-cluster-resource-override.adoc
@@ -25,6 +25,7 @@ spec:
       memoryRequestToLimitPercent: 50 <2>
       cpuRequestToLimitPercent: 25 <3>
       limitCPUToMemoryPercent: 200 <4>
+# ...
 ----
 <1> The name must be `cluster`.
 <2> Optional. If a container memory limit has been specified or defaulted, the memory request is overridden to this percentage of the limit, between 1-100. The default is 50.
@@ -47,12 +48,12 @@ apiVersion: v1
 kind: Namespace
 metadata:
 
-....
+# ...
 
   labels:
     clusterresourceoverrides.admission.autoscaling.openshift.io/enabled: "true"
 
-....
+# ...
 ----
 
 The Operator watches for the `ClusterResourceOverride` CR and ensures that the `ClusterResourceOverride` admission webhook is installed into the same namespace as the operator.
diff --git a/modules/nodes-cluster-worker-latency-profiles-about.adoc b/modules/nodes-cluster-worker-latency-profiles-about.adoc
index f9a4e3ce7486..eb223099c5cc 100644
--- a/modules/nodes-cluster-worker-latency-profiles-about.adoc
+++ b/modules/nodes-cluster-worker-latency-profiles-about.adoc
@@ -1,40 +1,45 @@
 // Module included in the following assemblies:
 //
-// * nodes/clusters/nodes-cluster-worker-latency-profiles
-// * nodes/edge/nodes-edge-remote-workers. ??
-// * post_installation_configuration/cluster-tasks ??
+// scalability_and_performance/scaling-worker-latency-profiles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-cluster-worker-latency-profiles-about_{context}"]
 = Understanding worker latency profiles
 
-Worker latency profiles are multiple sets of carefully-tuned values for the `node-status-update-frequency`, `node-monitor-grace-period`, `default-not-ready-toleration-seconds` and `default-unreachable-toleration-seconds` parameters. These parameters let you control the reaction of the cluster to latency issues without needing to determine the best values manually.
+Worker latency profiles are four different categories of carefully-tuned parameters. The four parameters which implement these values are `node-status-update-frequency`, `node-monitor-grace-period`, `default-not-ready-toleration-seconds` and `default-unreachable-toleration-seconds`. These parameters can use values which allow you control the reaction of the cluster to latency issues without needing to determine the best values using manual methods.
+
+[IMPORTANT]
+====
+Setting these parameters manually is not supported. Incorrect parameter settings adversely affect cluster stability.
+====
 
 All worker latency profiles configure the following parameters:
 
 --
-* `node-status-update-frequency`. Specifies the amount of time in seconds that a kubelet updates its status to the Kubernetes Controller Manager Operator.
-*  `node-monitor-grace-period`.  Specifies the amount of time in seconds that the Kubernetes Controller Manager Operator waits for an update from a kubelet before marking the node unhealthy and adding the `node.kubernetes.io/not-ready` or `node.kubernetes.io/unreachable` taint to the node.
-* `default-not-ready-toleration-seconds`. Specifies the amount of time in seconds after marking a node unhealthy that the Kubernetes Controller Manager Operator waits before evicting pods from that node. 
-* `default-unreachable-toleration-seconds`. Specifies the amount of time in seconds after marking a node unreachable that the Kubernetes Controller Manager Operator waits before evicting pods from that node.
+node-status-update-frequency:: Specifies how often the kubelet posts node status to the API server.
+node-monitor-grace-period::  Specifies the amount of time in seconds that the Kubernetes Controller Manager waits for an update from a kubelet before marking the node unhealthy and adding the `node.kubernetes.io/not-ready` or `node.kubernetes.io/unreachable` taint to the node.
+default-not-ready-toleration-seconds:: Specifies the amount of time in seconds after marking a node unhealthy that the Kube API Server Operator waits before evicting pods from that node.
+default-unreachable-toleration-seconds:: Specifies the amount of time in seconds after marking a node unreachable that the Kube API Server Operator waits before evicting pods from that node.
 --
 
-[IMPORTANT]
-====
-Manually modifying the `node-monitor-grace-period` parameter is not supported.
-====
-
 The following Operators monitor the changes to the worker latency profiles and respond accordingly:
 
 * The Machine Config Operator (MCO) updates the `node-status-update-frequency` parameter on the worker nodes.
-* The Kubernetes Controller Manager Operator updates the `node-monitor-grace-period` parameter on the control plane nodes.
-* The Kubernetes API Server Operator updates the `default-not-ready-toleration-seconds` and `default-unreachable-toleration-seconds` parameters on the control plance nodes.
+* The Kubernetes Controller Manager updates the `node-monitor-grace-period` parameter on the control plane nodes.
+* The Kubernetes API Server Operator updates the `default-not-ready-toleration-seconds` and `default-unreachable-toleration-seconds` parameters on the control plane nodes.
 
-While the default configuration works in most cases, {product-title} offers two other worker latency profiles for situations where the network is experiencing higher latency than usual. The three worker latency profiles are described in the following sections:
+ifndef::openshift-rosa,openshift-dedicated[]
+Although the default configuration works in most cases, {product-title} offers two other worker latency profiles for situations where the network is experiencing higher latency than usual. The three worker latency profiles are described in the following sections:
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+Although the default configuration works in most cases, {product-title} offers a second worker latency profile for situations where the network is experiencing higher latency than usual. The two worker latency profiles are described in the following sections:
+endif::openshift-rosa,openshift-dedicated[]
 
-Default worker latency profile:: With the `Default` profile, each kubelet reports its node status to the Kubelet Controller Manager Operator (kube controller) every 10 seconds. The Kubelet Controller Manager Operator checks the kubelet for a status every 5 seconds. 
+Default worker latency profile:: With the `Default` profile, each `Kubelet` updates it's status every 10 seconds (`node-status-update-frequency`). The `Kube Controller Manager` checks the statuses of `Kubelet` every 5 seconds (`node-monitor-grace-period`).
++
+The Kubernetes Controller Manager waits 40 seconds for a status update from `Kubelet` before considering the `Kubelet` unhealthy. If no status is made available to the Kubernetes Controller Manager, it then marks the node with the `node.kubernetes.io/not-ready` or `node.kubernetes.io/unreachable` taint and evicts the pods on that node.
 +
-The Kubernetes Controller Manager Operator waits 40 seconds for a status update before considering that node unhealthy. It marks the node with the `node.kubernetes.io/not-ready` or `node.kubernetes.io/unreachable` taint and evicts the pods on that node. If a pod on that node has the `NoExecute` toleration, the pod gets evicted in 300 seconds. If the pod has the `tolerationSeconds` parameter, the eviction waits for the period specified by that parameter.
+If a pod on that node has the `NoExecute` taint, the pod is run according to `tolerationSeconds`. If the pod has no taint, it will be evicted in 300 seconds (`default-not-ready-toleration-seconds` and `default-unreachable-toleration-seconds` settings of the `Kube API Server`).
 +
 [cols="2,1,2,1"]
 |===
@@ -49,11 +54,11 @@ The Kubernetes Controller Manager Operator waits 40 seconds for a status update
 | `node-monitor-grace-period`
 | 40s
 
-| Kubernetes API Server
+| Kubernetes API Server Operator
 | `default-not-ready-toleration-seconds`
 | 300s
 
-| Kubernetes API Server
+| Kubernetes API Server Operator
 | `default-unreachable-toleration-seconds`
 | 300s
 
@@ -61,9 +66,9 @@ The Kubernetes Controller Manager Operator waits 40 seconds for a status update
 
 Medium worker latency profile:: Use the `MediumUpdateAverageReaction` profile if the network latency is slightly higher than usual.
 +
-The `MediumUpdateAverageReaction` profile reduces the frequency of kubelet updates to 20 seconds and changes the period that the Kubernetes Controller Manager Operator waits for those updates to 2 minutes. The pod eviction period for a pod on that node is reduced to 60 seconds. If the pod has the `tolerationSeconds` parameter, the eviction waits for the period specified by that parameter.
+The `MediumUpdateAverageReaction` profile reduces the frequency of kubelet updates to 20 seconds and changes the period that the Kubernetes Controller Manager waits for those updates to 2 minutes. The pod eviction period for a pod on that node is reduced to 60 seconds. If the pod has the `tolerationSeconds` parameter, the eviction waits for the period specified by that parameter.
 +
-The Kubernetes Controller Manager Operator waits for 2 minutes to consider a node unhealthy. In another minute, the eviction process starts.
+The Kubernetes Controller Manager waits for 2 minutes to consider a node unhealthy. In another minute, the eviction process starts.
 +
 [cols="2,1,2,1"]
 |===
@@ -78,27 +83,29 @@ The Kubernetes Controller Manager Operator waits for 2 minutes to consider a nod
 | `node-monitor-grace-period`
 | 2m
 
-| Kubernetes API Server
+| Kubernetes API Server Operator
 | `default-not-ready-toleration-seconds`
 | 60s
 
-| Kubernetes API Server
+| Kubernetes API Server Operator
 | `default-unreachable-toleration-seconds`
 | 60s
 
 |===
 
+ifndef::openshift-rosa,openshift-dedicated[]
+
 Low worker latency profile:: Use the `LowUpdateSlowReaction` profile if the network latency is extremely high.
 +
-The `LowUpdateSlowReaction` profile reduces the frequency of kubelet updates to 1 minute and changes the period that the Kubernetes Controller Manager Operator waits for those updates to 5 minutes. The pod eviction period for a pod on that node is reduced to 60 seconds. If the pod has the `tolerationSeconds` parameter, the eviction waits for the period specified by that parameter.
+The `LowUpdateSlowReaction` profile reduces the frequency of kubelet updates to 1 minute and changes the period that the Kubernetes Controller Manager waits for those updates to 5 minutes. The pod eviction period for a pod on that node is reduced to 60 seconds. If the pod has the `tolerationSeconds` parameter, the eviction waits for the period specified by that parameter.
 +
-The Kubernetes Controller Manager Operator waits for 5 minutes to consider a node unhealthy. In another minute, the eviction process starts.
+The Kubernetes Controller Manager waits for 5 minutes to consider a node unhealthy. In another minute, the eviction process starts.
 +
 [cols="2,1,2,1"]
 |===
 | Profile | Component | Parameter | Value
 
-.4+| LowUpdateSlowReaction  
+.4+| LowUpdateSlowReaction
 | kubelet
 | `node-status-update-frequency`
 | 1m
@@ -107,13 +114,13 @@ The Kubernetes Controller Manager Operator waits for 5 minutes to consider a nod
 | `node-monitor-grace-period`
 | 5m
 
-| Kubernetes API Server
+| Kubernetes API Server Operator
 | `default-not-ready-toleration-seconds`
 | 60s
 
-| Kubernetes API Server
+| Kubernetes API Server Operator
 | `default-unreachable-toleration-seconds`
 | 60s
 
 |===
-
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/nodes-cluster-worker-latency-profiles-examining.adoc b/modules/nodes-cluster-worker-latency-profiles-examining.adoc
new file mode 100644
index 000000000000..cde14729522e
--- /dev/null
+++ b/modules/nodes-cluster-worker-latency-profiles-examining.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// scalability_and_performance/scaling-worker-latency-profiles.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-cluster-worker-latency-profiles-examining_{context}"]
+= Example steps for displaying resulting values of workerLatencyProfile
+
+You can display the values in the `workerLatencyProfile` with the following commands.
+
+.Verification
+
+. Check the `default-not-ready-toleration-seconds` and `default-unreachable-toleration-seconds` fields output by the Kube API Server:
++
+[source,terminal]
+----
+$ oc get KubeAPIServer -o yaml | grep -A 1 default-
+----
++
+.Example output
+[source,terminal]
+----
+default-not-ready-toleration-seconds:
+- "300"
+default-unreachable-toleration-seconds:
+- "300"
+----
+
+. Check the values of the `node-monitor-grace-period` field from the Kube Controller Manager:
++
+[source,terminal]
+----
+$ oc get KubeControllerManager -o yaml | grep -A 1 node-monitor
+----
++
+.Example output
+[source,terminal]
+----
+node-monitor-grace-period:
+- 40s
+----
+
+. Check the `nodeStatusUpdateFrequency` value from the Kubelet. Set the directory `/host` as the root directory within the debug shell. By changing the root directory to `/host`, you can run binaries contained in the host’s executable paths:
++
+[source,terminal]
+----
+$ oc debug node/<worker-node-name>
+$ chroot /host
+# cat /etc/kubernetes/kubelet.conf|grep nodeStatusUpdateFrequency
+----
++
+.Example output
+[source,terminal]
+----
+  “nodeStatusUpdateFrequency”: “10s”
+----
+
+These outputs validate the set of timing variables for the Worker Latency Profile.
\ No newline at end of file
diff --git a/modules/nodes-cluster-worker-latency-profiles-using-at-creation.adoc b/modules/nodes-cluster-worker-latency-profiles-using-at-creation.adoc
new file mode 100644
index 000000000000..7162b08f20f2
--- /dev/null
+++ b/modules/nodes-cluster-worker-latency-profiles-using-at-creation.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/scaling-worker-latency-profiles.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-cluster-worker-latency-profiles-using-at-creation_{context}"]
+= Implementing worker latency profiles at cluster creation
+
+[IMPORTANT]
+====
+To edit the configuration of the installer, you will first need to use the command `openshift-install create manifests` to create the default node manifest as well as other manifest YAML files. This file structure must exist before we can add workerLatencyProfile. The platform on which you are installing may have varying requirements. Refer to the Installing section of the documentation for your specific platform.
+====
+
+The `workerLatencyProfile` must be added to the manifest in the following sequence:
+
+. Create the manifest needed to build the cluster, using a folder name appropriate for your installation.
+. Create a YAML file to define `config.node`. The file must be in the `manifests` directory.
+. When defining `workerLatencyProfile` in the manifest for the first time, specify any of the profiles at cluster creation time: `Default`, `MediumUpdateAverageReaction` or `LowUpdateSlowReaction`.
+
+.Verification
+* Here is an example manifest creation showing the `spec.workerLatencyProfile` `Default` value in the manifest file:
++
+[source,terminal]
+----
+$ openshift-install create manifests --dir=<cluster-install-dir>
+----
+* Edit the manifest and add the value. In this example we use `vi` to show an example manifest file with the "Default" `workerLatencyProfile` value added:
++
+[source,terminal]
+----
+$ vi <cluster-install-dir>/manifests/config-node-default-profile.yaml
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Node
+metadata:
+name: cluster
+spec:
+workerLatencyProfile: "Default"
+----
\ No newline at end of file
diff --git a/modules/nodes-cluster-worker-latency-profiles-using.adoc b/modules/nodes-cluster-worker-latency-profiles-using.adoc
index efd647903ae2..83e40b86562a 100644
--- a/modules/nodes-cluster-worker-latency-profiles-using.adoc
+++ b/modules/nodes-cluster-worker-latency-profiles-using.adoc
@@ -1,17 +1,14 @@
 // Module included in the following assemblies:
 //
-// * nodes/clusters/nodes-cluster-worker-latency-profiles
-// * Need to determine if these are good locations: 
-// * nodes/edge/nodes-edge-remote-workers
-// * post_installation_configuration/cluster-tasks
+// scalability_and_performance/scaling-worker-latency-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cluster-worker-latency-profiles-using_{context}"]
-= Using worker latency profiles
+= Using and changing worker latency profiles
 
-To implement a worker latency profile to deal with network latency, edit the `node.config` object to add the name of the profile. You can change the profile at any time as latency increases or decreases. 
+To change a worker latency profile to deal with network latency, edit the `node.config` object to add the name of the profile. You can change the profile at any time as latency increases or decreases.
 
-You must move one worker latency profile at a time. For example, you cannot move directly from the `Default` profile to the `LowUpdateSlowReaction` worker latency profile. You must move from the `default` worker latency profile to the `MediumUpdateAverageReaction` profile first, then to `LowUpdateSlowReaction`. Similarly, when returning to the default profile, you must move from the low profile to the medium profile first, then to the default.
+You must move one worker latency profile at a time. For example, you cannot move directly from the `Default` profile to the `LowUpdateSlowReaction` worker latency profile. You must move from the `Default` worker latency profile to the `MediumUpdateAverageReaction` profile first, then to `LowUpdateSlowReaction`. Similarly, when returning to the `Default` profile, you must move from the low profile to the medium profile first, then to `Default`.
 
 [NOTE]
 ====
@@ -57,41 +54,11 @@ metadata:
 spec:
   workerLatencyProfile: MediumUpdateAverageReaction <1>
 
- ...
+# ...
 ----
 <1> Specifies the medium worker latency policy.
 +
 Scheduling on each worker node is disabled as the change is being applied.
-+
-When all nodes return to the `Ready` condition, you can use the following command to look in the Kubernetes Controller Manager to ensure it was applied:
-+
-[source,terminal]
-----
-$ oc get KubeControllerManager -o yaml | grep -i workerlatency -A 5 -B 5
-----
-+
-.Example output
-[source,terminal]
-----
- ...
-    - lastTransitionTime: "2022-07-11T19:47:10Z"
-      reason: ProfileUpdated
-      status: "False"
-      type: WorkerLatencyProfileProgressing
-    - lastTransitionTime: "2022-07-11T19:47:10Z" <1>
-      message: all static pod revision(s) have updated latency profile
-      reason: ProfileUpdated
-      status: "True"
-      type: WorkerLatencyProfileComplete
-    - lastTransitionTime: "2022-07-11T19:20:11Z"
-      reason: AsExpected
-      status: "False"
-      type: WorkerLatencyProfileDegraded
-    - lastTransitionTime: "2022-07-11T19:20:36Z"
-      status: "False"
- ...
-----
-<1> Specifies that the profile is applied and active.
 
 . Optional: Move to the low worker latency profile:
 
@@ -128,11 +95,42 @@ metadata:
 spec:
   workerLatencyProfile: LowUpdateSlowReaction <1>
 
- ...
+# ...
 ----
-<1> Specifies to use the low worker latency policy.
-+
+<1> Specifies use of the low worker latency policy.
+
 Scheduling on each worker node is disabled as the change is being applied.
 
-To change the low profile to medium or change the medium to low, edit the `node.config` object and set the `spec.workerLatencyProfile` parameter to the appropriate value.
+.Verification
+
+* When all nodes return to the `Ready` condition, you can use the following command to look in the Kubernetes Controller Manager to ensure it was applied:
++
+[source,terminal]
+----
+$ oc get KubeControllerManager -o yaml | grep -i workerlatency -A 5 -B 5
+----
++
+.Example output
+[source,terminal]
+----
+# ...
+    - lastTransitionTime: "2022-07-11T19:47:10Z"
+      reason: ProfileUpdated
+      status: "False"
+      type: WorkerLatencyProfileProgressing
+    - lastTransitionTime: "2022-07-11T19:47:10Z" <1>
+      message: all static pod revision(s) have updated latency profile
+      reason: ProfileUpdated
+      status: "True"
+      type: WorkerLatencyProfileComplete
+    - lastTransitionTime: "2022-07-11T19:20:11Z"
+      reason: AsExpected
+      status: "False"
+      type: WorkerLatencyProfileDegraded
+    - lastTransitionTime: "2022-07-11T19:20:36Z"
+      status: "False"
+# ...
+----
+<1> Specifies that the profile is applied and active.
 
+To change the medium profile to default or change the default to medium, edit the `node.config` object and set the `spec.workerLatencyProfile` parameter to the appropriate value.
\ No newline at end of file
diff --git a/modules/nodes-clusters-cgroups-2-install.adoc b/modules/nodes-clusters-cgroups-2-install.adoc
index f4da4d2408b4..50d66ffd61ec 100644
--- a/modules/nodes-clusters-cgroups-2-install.adoc
+++ b/modules/nodes-clusters-cgroups-2-install.adoc
@@ -2,25 +2,25 @@
 //
 // * install/install_config/enabling-cgroup-v2
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-clusters-cgroups-2-install_{context}"]
-= Enabling Linux cgroup v2 during installation
+= Enabling Linux cgroup v1 during installation
 
-You can enable Linux control group version 2 (cgroup v2) when you install a cluster by creating installation manifests.
+You can enable Linux control group version 1 (cgroup v1) when you install a cluster by creating installation manifests.
 
-.Procedure 
+.Procedure
 
-. Create or edit the `node.config` object to specify the `v2` cgroup: 
+. Create or edit the `node.config` object to specify the `v1` cgroup:
 +
 [source,yaml]
 ----
-apiVersion: config.openshift.io/v1
+apiVersion: config.openshift.io/v2
 kind: Node
 metadata:
   name: cluster
   spec:
-    cgroupMode: "v2"
+    cgroupMode: "v1"
 ----
 
-. Proceed with the installation as usual. 
+. Proceed with the installation as usual.
 
diff --git a/modules/nodes-clusters-cgroups-2.adoc b/modules/nodes-clusters-cgroups-2.adoc
index 7e9498c0ffa4..7d4968eb53e9 100644
--- a/modules/nodes-clusters-cgroups-2.adoc
+++ b/modules/nodes-clusters-cgroups-2.adoc
@@ -10,25 +10,34 @@ ifeval::["{context}" == "post-install-cluster-tasks"]
 :post:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-clusters-cgroups-2_{context}"]
 = Configuring Linux cgroup
 
+ifndef::openshift-origin[]
 ifdef::post[]
-link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 1] (cgroup v1) is enabled by default. You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster by editing the `node.config` object. Enabling cgroup v2 in {product-title} disables all cgroup version 1 controllers and hierarchies in your cluster. 
+As of {product-title} 4.14, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. If you are using cgroup v1 on {product-title} 4.13 or earlier, migrating to {product-title} 4.14 or later will not automatically update your cgroup configuration to version 2. A fresh installation of {product-title} 4.14 or later will use cgroup v2 by default. However, you can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/index.html[Linux control group version 1] (cgroup v1) upon installation. 
+endif::post[]
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+ifdef::post[]
+{product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster.
+endif::post[]
+endif::openshift-origin[]
 
-cgroup v2 is the next version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation.
+ifdef::post[]
+cgroup v2 is the current version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation. However, cgroup v2 has different CPU, memory, and I/O management characteristics than cgroup v1. Therefore, some workloads might experience slight differences in memory or CPU usage on clusters that run cgroup v2.
 
-You can change between cgroup v1 and cgroup v2, as needed.  For more information, see "Configuring the Linux cgroup on your nodes" in the "Additional resources" of this section. 
+You can change between cgroup v1 and cgroup v2, as needed. Enabling cgroup v1 in {product-title} disables all cgroup v2 controllers and hierarchies in your cluster. 
 endif::post[]
 
 ifdef::nodes[]
-You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1.html[Linux control group version 1] (cgroup v1) or link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2)  by editing the `node.config` object. The default is cgroup v1.
+You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/index.html[Linux control group version 1] (cgroup v1) or link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2)  by editing the `node.config` object. The default is cgroup v2.
 endif::nodes[]
 
 [NOTE]
 ====
-Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performace profiles. 
+Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performance profiles.
 ====
 
 .Prerequisites
@@ -37,7 +46,7 @@ Currently, disabling CPU load balancing is not supported by cgroup v2. As a resu
 
 .Procedure
 
-. Enable cgroup v2 on nodes:
+. Enable cgroup v1 on nodes:
 
 .. Edit the `node.config` object:
 +
@@ -47,12 +56,12 @@ $ oc edit nodes.config/cluster
 ----
 
 ifdef::post[]
-.. Add `spec.cgroupMode: "v2"`:
+.. Add `spec.cgroupMode: "v1"`:
 +
 .Example `node.config` object
 [source,yaml]
 ----
-apiVersion: config.openshift.io/v1
+apiVersion: config.openshift.io/v2
 kind: Node
 metadata:
   annotations:
@@ -64,17 +73,17 @@ metadata:
   generation: 1
   name: cluster
   ownerReferences:
-  - apiVersion: config.openshift.io/v1
+  - apiVersion: config.openshift.io/v2
     kind: ClusterVersion
     name: version
     uid: 36282574-bf9f-409e-a6cd-3032939293eb
   resourceVersion: "1865"
   uid: 0c0f7a4c-4307-4187-b591-6155695ac85b
 spec:
-  cgroupMode: "v2" <1>
+  cgroupMode: "v1" <1>
 ...
 ----
-<1> Enables cgroup v2.
+<1> Enables cgroup v1.
 endif::post[]
 
 ifdef::nodes[]
@@ -83,7 +92,7 @@ ifdef::nodes[]
 .Example `node.config` object
 [source,yaml]
 ----
-apiVersion: config.openshift.io/v1
+apiVersion: config.openshift.io/v2
 kind: Node
 metadata:
   annotations:
@@ -95,17 +104,17 @@ metadata:
   generation: 1
   name: cluster
   ownerReferences:
-  - apiVersion: config.openshift.io/v1
+  - apiVersion: config.openshift.io/v2
     kind: ClusterVersion
     name: version
     uid: 36282574-bf9f-409e-a6cd-3032939293eb
   resourceVersion: "1865"
   uid: 0c0f7a4c-4307-4187-b591-6155695ac85b
 spec:
-  cgroupMode: "v2" <1>
+  cgroupMode: "v1" <1>
 ...
 ----
-<1> Specify `v2` to enable cgroup v2 or `v1` for cgroup v1.
+<1> Specify `v1` to enable cgroup v1 or `v2` for cgroup v2.
 endif::nodes[]
 
 .Verification
@@ -148,10 +157,10 @@ $ oc describe mc <name>
 ----
 +
 ifdef::nodes[]
-.Example output for cgroup v1
+.Example output for cgroup v2
 [source,terminal]
 ----
-apiVersion: machineconfiguration.openshift.io/v1
+apiVersion: machineconfiguration.openshift.io/v2
 kind: MachineConfig
 metadata:
   labels:
@@ -159,17 +168,19 @@ metadata:
   name: 05-worker-kernelarg-selinuxpermissive
 spec:
   kernelArguments:
-    systemd.unified_cgroup_hierarchy=0 <1>
-    systemd.legacy_systemd_cgroup_controller=1 <2>
+    systemd_unified_cgroup_hierarchy=1 <1>
+    cgroup_no_v1="all" <2>
+    psi=1 <3>
 ----
-<1> Enables cgroup v1 in systemd.
-<2> Disables cgroup v2.
+<1> Enables cgroup v2 in systemd.
+<2> Disables cgroup v1.
+<3> Enables the Linux Pressure Stall Information (PSI) feature.
 +
 endif::nodes[]
-.Example output for cgroup v2
+.Example output for cgroup v1
 [source,terminal]
 ----
-apiVersion: machineconfiguration.openshift.io/v1
+apiVersion: machineconfiguration.openshift.io/v2
 kind: MachineConfig
 metadata:
   labels:
@@ -177,13 +188,11 @@ metadata:
   name: 05-worker-kernelarg-selinuxpermissive
 spec:
   kernelArguments:
-  - systemd_unified_cgroup_hierarchy=1 <1>
-  - cgroup_no_v1="all" <2>
-  - psi=1 <3>
+    systemd.unified_cgroup_hierarchy=0 <1>
+    systemd.legacy_systemd_cgroup_controller=1 <2>
 ----
-<1> Enables cgroup v2 in systemd.
-<2> Disables cgroup v1.
-<3> Enables the Linux Pressure Stall Information (PSI) feature.
+<1> Disables cgroup v2.
+<2> Enables cgroup v1 in systemd.
 
 . Check the nodes to see that scheduling on the nodes is disabled. This indicates that the change is being applied:
 +
@@ -196,12 +205,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                       STATUS                     ROLES    AGE   VERSION
-ci-ln-fm1qnwt-72292-99kt6-master-0         Ready,SchedulingDisabled   master   58m   v1.26.0
-ci-ln-fm1qnwt-72292-99kt6-master-1         Ready                      master   58m   v1.26.0
-ci-ln-fm1qnwt-72292-99kt6-master-2         Ready                      master   58m   v1.26.0
-ci-ln-fm1qnwt-72292-99kt6-worker-a-h5gt4   Ready,SchedulingDisabled   worker   48m   v1.26.0
-ci-ln-fm1qnwt-72292-99kt6-worker-b-7vtmd   Ready                      worker   48m   v1.26.0
-ci-ln-fm1qnwt-72292-99kt6-worker-c-rhzkv   Ready                      worker   48m   v1.26.0
+ci-ln-fm1qnwt-72292-99kt6-master-0         Ready,SchedulingDisabled   master   58m   v1.28.5
+ci-ln-fm1qnwt-72292-99kt6-master-1         Ready                      master   58m   v1.28.5
+ci-ln-fm1qnwt-72292-99kt6-master-2         Ready                      master   58m   v1.28.5
+ci-ln-fm1qnwt-72292-99kt6-worker-a-h5gt4   Ready,SchedulingDisabled   worker   48m   v1.28.5
+ci-ln-fm1qnwt-72292-99kt6-worker-b-7vtmd   Ready                      worker   48m   v1.28.5
+ci-ln-fm1qnwt-72292-99kt6-worker-c-rhzkv   Ready                      worker   48m   v1.28.5
 ----
 
 . After a node returns to the `Ready` state, start a debug session for that node:
@@ -219,7 +228,7 @@ sh-4.4# chroot /host
 ----
 
 ifdef::post[]
-. Check that the `sys/fs/cgroup/cgroup2fs` file is present on your nodes. This file is created by cgroup v2:
+. Check that the `sys/fs/cgroup/cgroup2fs` file is present on your nodes. This file is created by cgroup v1:
 +
 [source,terminal]
 ----
@@ -240,16 +249,16 @@ ifdef::nodes[]
 $ stat -c %T -f /sys/fs/cgroup
 ----
 +
-.Example output for cgroup v1
+.Example output for cgroup v2
 [source,terminal]
 ----
-tmp2fs
+cgroup2fs
 ----
 +
-.Example output for cgroup v2
+.Example output for cgroup v1
 [source,terminal]
 ----
-cgroup2fs
+tmpfs
 ----
 endif::nodes[]
 
diff --git a/modules/nodes-clusters-cgroups-okd-configure.adoc b/modules/nodes-clusters-cgroups-okd-configure.adoc
deleted file mode 100644
index 0067ab623339..000000000000
--- a/modules/nodes-clusters-cgroups-okd-configure.adoc
+++ /dev/null
@@ -1,147 +0,0 @@
-// Module included in the following assemblies:
-//
-// * nodes/clusters/nodes-cluster-cgroups-okd.adoc
-// * post_installation_configuration/cluster-tasks.adoc
-
-
-ifeval::["{context}" == "nodes-cluster-cgroups-2"]
-:node:
-endif::[]
-ifeval::["{context}" == "post-install-cluster-tasks"]
-:post:
-endif::[]
-
-ifdef::post[]
-:_content-type: PROCEDURE
-[id="nodes-clusters-cgroups-okd-configure_{context}"]
-= Configuring the Linux cgroup version on your nodes
-
-By default, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. You can switch to link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1.html[Linux control group version 1] (cgroup v1), if needed, by using a machine config. Enabling cgroup v1 in {product-title} disables the cgroup v2 controllers and hierarchies in your cluster.
-
-cgroup v2 is the next version of the kernel link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/resource_management_guide/ch01[control group] and offers multiple improvements. However, it can have some unwanted effects on your nodes.
-endif::post[]
-
-ifdef::node[]
-:_content-type: PROCEDURE
-[id="nodes-clusters-cgroups-okd-configure_{context}"]
-= Configuring Linux cgroup
-
-You can switch to Linux control group version 1 (cgroup v1), if needed, by using a machine config. Enabling cgroup v1 in {product-title} disables the cgroup v2 controllers and hierarchies in your cluster.
-endif::node[]
-
-.Prerequisites
-* Have administrative privilege to a working {product-title} cluster.
-
-.Procedure
-
-. Create a `MachineConfig` object file that identifies the kernel argument (for example, `worker-cgroup-v1.yaml`)
-+
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: worker <1>
-  name: worker-cgroup-v1 <2>
-spec:
-  config:
-    ignition:
-      version: 3.2.0
-  kernelArguments:
-    - systemd.unified_cgroup_hierarchy=0 <3>
-----
-+
-<1> Applies the new kernel argument only to worker nodes.
-<2> Applies a name to the machine config.
-<3> Configures cgroup v1 on the associated nodes.
-
-. Create the new machine config:
-+
-[source,terminal]
-----
-$ oc create -f 05-worker-cgroup-v1.yaml
-----
-
-. Check to see that the new machine config was added:
-+
-[source,terminal]
-----
-$ oc get MachineConfig
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                                               GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
-00-master                                          52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-00-worker                                          52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-01-master-container-runtime                        52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-01-master-kubelet                                  52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-01-worker-container-runtime                        52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-01-worker-kubelet                                  52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-99-worker-cgroup-v1                                                                           3.2.0             105s
-99-master-generated-registries                     52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-99-master-ssh                                                                                 3.2.0             40m
-99-worker-generated-registries                     52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-99-worker-ssh                                                                                 3.2.0             40m
-rendered-master-23e785de7587df95a4b517e0647e5ab7   52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-rendered-master-c5e92d98103061c4818cfcefcf462770   60746a843e7ef8855ae00f2ffcb655c53e0e8296   3.2.0             115s
-rendered-worker-5d596d9293ca3ea80c896a1191735bb1   52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
-----
-
-. Check the nodes:
-+
-[source,terminal]
-----
-$ oc get nodes
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                           STATUS                     ROLES    AGE   VERSION
-ip-10-0-136-161.ec2.internal   Ready                      worker   28m   v1.26.0
-ip-10-0-136-243.ec2.internal   Ready                      master   34m   v1.26.0
-ip-10-0-141-105.ec2.internal   Ready,SchedulingDisabled   worker   28m   v1.26.0
-ip-10-0-142-249.ec2.internal   Ready                      master   34m   v1.26.0
-ip-10-0-153-11.ec2.internal    Ready                      worker   28m   v1.26.0
-ip-10-0-153-150.ec2.internal   Ready                      master   34m   v1.26.0
-----
-+
-You can see that the command disables scheduling on each worker node.
-
-. After a node returns to the `Ready` state, start a debug session for that node:
-+
-[source,terminal]
-----
-$ oc debug node/<node_name>
-----
-
-. Set `/host` as the root directory within the debug shell:
-+
-[source,terminal]
-----
-sh-4.4# chroot /host
-----
-
-. Check that the `sys/fs/cgroup/cgroup2fs` file has been moved to the `tmpfs` file system:
-+
-[source,terminal]
-----
-$ stat -c %T -f /sys/fs/cgroup
-----
-+
-.Example output
-+
-[source,terminal]
-----
-tmpfs
-----
-
-ifeval::["{context}" == "nodes-cluster-cgroups-2"]
-:!node:
-endif::[]
-ifeval::["{context}" == "post-install-cluster-tasks"]
-:!post:
-endif::[]
diff --git a/modules/nodes-cma-autoscaling-custom-audit.adoc b/modules/nodes-cma-autoscaling-custom-audit.adoc
index d2a89a9034ad..ee4d72adaef1 100644
--- a/modules/nodes-cma-autoscaling-custom-audit.adoc
+++ b/modules/nodes-cma-autoscaling-custom-audit.adoc
@@ -2,11 +2,11 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-audit-log.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-audit_{context}"]
 = Configuring audit logging
 
-You can configure auditing for the Custom Metrics Autoscaler Operator by editing the `KedaController` custom resource. The logs are sent to an audit log file on a volume that is secured by using a persistent volume claim in the `KedaController` CR. 
+You can configure auditing for the Custom Metrics Autoscaler Operator by editing the `KedaController` custom resource. The logs are sent to an audit log file on a volume that is secured by using a persistent volume claim in the `KedaController` CR.
 
 // You can view the audit log file directly or use the `oc adm must-gather` CLI. The `oc adm must-gather` CLI collects the log along with other information from your cluster that is most likely needed for debugging issues, such as resource definitions and service logs.
 
@@ -18,6 +18,7 @@ You can configure auditing for the Custom Metrics Autoscaler Operator by editing
 
 . Edit the `KedaController` custom resource to add the `auditConfig` stanza:
 +
+ifndef::openshift-rosa,openshift-dedicated[]
 [source,yaml]
 ----
 kind: KedaController
@@ -42,6 +43,33 @@ spec:
         maxBackup: "1"
         maxSize: "50"
 ----
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[source,yaml]
+----
+kind: KedaController
+apiVersion: keda.sh/v1alpha1
+metadata:
+  name: keda
+  namespace: keda
+spec:
+# ...
+  metricsServer:
+# ...
+    auditConfig:
+      logFormat: "json" <1>
+      logOutputVolumeClaim: "pvc-audit-log" <2>
+      policy:
+        rules: <3>
+        - level: Metadata
+        omitStages: "RequestReceived" <4>
+        omitManagedFields: false <5>
+      lifetime: <6>
+        maxAge: "2"
+        maxBackup: "1"
+        maxSize: "50"
+----
+endif::openshift-rosa,openshift-dedicated[]
 <1> Specifies the output format of the audit log, either `legacy` or `json`.
 <2> Specifies an existing persistent volume claim for storing the log data. All requests coming to the API server are logged to this persistent volume claim. If you leave this field empty, the log data is sent to stdout.
 <3> Specifies which events should be recorded and what data they should include:
@@ -67,17 +95,25 @@ spec:
 [source,terminal]
 ----
 oc adm must-gather -- /usr/bin/gather_audit_logs
----- 
+----
 ////
 
 . View the audit log file directly:
 
 .. Obtain the name of the `keda-metrics-apiserver-*` pod:
 +
+ifndef::openshift-rosa,openshift-dedicated[]
 [source,terminal]
 ----
 oc get pod -n openshift-keda
 ----
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[source,terminal]
+----
+oc get pod -n keda
+----
+endif::openshift-rosa,openshift-dedicated[]
 +
 .Example output
 +
@@ -109,7 +145,7 @@ $ oc logs keda-metrics-apiserver-65c7cc44fd-rrl4r|grep -i metadata
 [source,terminal]
 ----
  ...
-{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"4c81d41b-3dab-4675-90ce-20b87ce24013","stage":"ResponseComplete","requestURI":"/healthz","verb":"get","user":{"username":"system:anonymous","groups":["system:unauthenticated"]},"sourceIPs":["10.131.0.1"],"userAgent":"kube-probe/1.26","responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-02-16T13:00:03.554567Z","stageTimestamp":"2023-02-16T13:00:03.555032Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
+{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"4c81d41b-3dab-4675-90ce-20b87ce24013","stage":"ResponseComplete","requestURI":"/healthz","verb":"get","user":{"username":"system:anonymous","groups":["system:unauthenticated"]},"sourceIPs":["10.131.0.1"],"userAgent":"kube-probe/1.28","responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-02-16T13:00:03.554567Z","stageTimestamp":"2023-02-16T13:00:03.555032Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
  ...
 ----
 
@@ -117,6 +153,7 @@ $ oc logs keda-metrics-apiserver-65c7cc44fd-rrl4r|grep -i metadata
 +
 .. Use a command similar to the following to log into the `keda-metrics-apiserver-*` pod:
 +
+ifndef::openshift-rosa,openshift-dedicated[]
 [source,terminal]
 ----
 $ oc rsh pod/keda-metrics-apiserver-<hash> -n openshift-keda
@@ -128,8 +165,22 @@ For example:
 ----
 $ oc rsh pod/keda-metrics-apiserver-65c7cc44fd-rrl4r -n openshift-keda
 ----
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[source,terminal]
+----
+$ oc rsh pod/keda-metrics-apiserver-<hash> -n keda
+----
++
+For example:
++
+[source,terminal]
+----
+$ oc rsh pod/keda-metrics-apiserver-65c7cc44fd-rrl4r -n keda
+----
+endif::openshift-rosa,openshift-dedicated[]
 
-.. Change to the `/var/audit-policy/` directory: 
+.. Change to the `/var/audit-policy/` directory:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-cma-autoscaling-custom-creating-job.adoc b/modules/nodes-cma-autoscaling-custom-creating-job.adoc
index 4a512bcf4720..59e2de91fbc8 100644
--- a/modules/nodes-cma-autoscaling-custom-creating-job.adoc
+++ b/modules/nodes-cma-autoscaling-custom-creating-job.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-adding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-creating-job_{context}"]
 = Adding a custom metrics autoscaler to a job
 
@@ -13,7 +13,7 @@ include::snippets/technology-preview.adoc[]
 
 .Prerequisites
 
-* The Custom Metrics Autoscaler Operator must be installed. 
+* The Custom Metrics Autoscaler Operator must be installed.
 
 .Procedure
 
@@ -55,26 +55,18 @@ spec:
       - "Ready"
       - "PodScheduled"
       - "AnyOtherCustomPodCondition"
-    multipleScalersCalculation : "max" 
+    multipleScalersCalculation : "max"
   triggers:
   - type: prometheus <13>
     metadata:
       serverAddress: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092
-      namespace: kedatest 
+      namespace: kedatest
       metricName: http_requests_total
       threshold: '5'
       query: sum(rate(http_requests_total{job="test-app"}[1m]))
       authModes: "bearer"
-  - authenticationRef: <14>
-      name: prom-triggerauthentication
-    metadata:
-      name: prom-triggerauthentication
-     type: object
-  - authenticationRef: <15>
-      name: prom-cluster-triggerauthentication
-    metadata:
+    authenticationRef: <14>
       name: prom-cluster-triggerauthentication
-    type: object
 ----
 <1> Specifies the maximum duration the job can run.
 <2> Specifies the number of retries for a job. The default is `6`.
@@ -89,29 +81,25 @@ spec:
 <7> Optional: Specifies the interval in seconds to check each trigger on. The default is `30`.
 <8> Optional: Specifies the number of successful finished jobs should be kept. The default is `100`.
 <9> Optional: Specifies how many failed jobs should be kept. The default is `100`.
-<10> Optional: Specifies the name of the container in the target resource, from which the custom autoscaler gets environment variables holding secrets and so forth. The default is `.spec.template.spec.containers[0]`.  
+<10> Optional: Specifies the name of the container in the target resource, from which the custom autoscaler gets environment variables holding secrets and so forth. The default is `.spec.template.spec.containers[0]`.
 <11> Optional: Specifies whether existing jobs are terminated whenever a scaled job is being updated:
 +
 --
-* `default`: The autoscaler terminates an existing job if its associated scaled job is updated. The autoscaler recreates the job with the latest specs. 
+* `default`: The autoscaler terminates an existing job if its associated scaled job is updated. The autoscaler recreates the job with the latest specs.
 * `gradual`: The autoscaler does not terminate an existing job if its associated scaled job is updated. The autoscaler creates new jobs with the latest specs.
 --
 +
 <12> Optional: Specifies a scaling strategy: `default`, `custom`, or `accurate`. The default is `default`. For more information, see the link in the "Additional resources" section that follows.
 <13> Specifies the trigger to use as the basis for scaling, as described in the "Understanding the custom metrics autoscaler triggers" section.
-<14> Optional: Specifies a trigger authentication, as described in the "Creating a custom metrics autoscaler trigger authentication" section.
-<15> Optional: Specifies a cluster trigger authentication, as described in the "Creating a custom metrics autoscaler trigger authentication" section.
-+
-[NOTE]
-====
-It is not necessary to specify both a namespace trigger authentication and a cluster trigger authentication.
-====
+<14> Optional: Specifies a trigger authentication or a cluster trigger authentication. For more information, see _Understanding the custom metrics autoscaler trigger authentication_ in the _Additional resources_ section.
+* Enter `TriggerAuthentication` to use a trigger authentication. This is the default.
+* Enter `ClusterTriggerAuthentication` to use a cluster trigger authentication.
 
-. Create the custom metrics autoscaler:
+. Create the custom metrics autoscaler by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc create -f <filename>.yaml
 ----
 
 .Verification
@@ -137,8 +125,8 @@ Note the following fields in the output:
 * `AUTHENTICATION`: Indicates the name of any trigger authentication being used.
 * `READY`: Indicates whether the scaled object is ready to start scaling:
 ** If `True`, the scaled object is ready.
-** If `False`, the scaled object is not ready because of a problem in one or more of the objects you created. 
+** If `False`, the scaled object is not ready because of a problem in one or more of the objects you created.
 * `ACTIVE`: Indicates whether scaling is taking place:
 ** If `True`, scaling is taking place.
-** If `False`, scaling is not taking place because there are no metrics or there is a problem in one or more of the objects you created. 
+** If `False`, scaling is not taking place because there are no metrics or there is a problem in one or more of the objects you created.
 --
diff --git a/modules/nodes-cma-autoscaling-custom-creating-workload.adoc b/modules/nodes-cma-autoscaling-custom-creating-workload.adoc
index f3f4b427e185..238ba80c1802 100644
--- a/modules/nodes-cma-autoscaling-custom-creating-workload.adoc
+++ b/modules/nodes-cma-autoscaling-custom-creating-workload.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-adding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-creating-workload_{context}"]
 = Adding a custom metrics autoscaler to a workload
 
@@ -10,9 +10,9 @@ You can create a custom metrics autoscaler for a workload that is created by a `
 
 .Prerequisites
 
-* The Custom Metrics Autoscaler Operator must be installed. 
+* The Custom Metrics Autoscaler Operator must be installed.
 
-* If you use a custom metrics autoscaler for scaling based on CPU or memory: 
+* If you use a custom metrics autoscaler for scaling based on CPU or memory:
 
 ** Your cluster administrator must have properly configured cluster metrics. You can use the `oc describe PodMetrics <pod-name>` command to determine if metrics are configured. If metrics are configured, the output appears similar to the following, with CPU and Memory displayed under Usage.
 +
@@ -90,14 +90,14 @@ spec:
   minReplicaCount: 0 <9>
   metricsServer: <10>
     auditConfig:
-      logFormat: "json" 
-      logOutputVolumeClaim: "persistentVolumeClaimName" 
+      logFormat: "json"
+      logOutputVolumeClaim: "persistentVolumeClaimName"
       policy:
-        rules: 
+        rules:
         - level: Metadata
-        omitStages: "RequestReceived" 
-        omitManagedFields: false 
-      lifetime: 
+        omitStages: "RequestReceived"
+        omitManagedFields: false
+      lifetime:
         maxAge: "2"
         maxBackup: "1"
         maxSize: "50"
@@ -105,9 +105,9 @@ spec:
     failureThreshold: 3
     replicas: 6
   pollingInterval: 30 <12>
-  advanced: 
+  advanced:
     restoreToOriginalReplicaCount: false <13>
-    horizontalPodAutoscalerConfig: 
+    horizontalPodAutoscalerConfig:
       name: keda-hpa-scale-down <14>
       behavior: <15>
         scaleDown:
@@ -120,51 +120,40 @@ spec:
   - type: prometheus <16>
     metadata:
       serverAddress: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092
-      namespace: kedatest 
+      namespace: kedatest
       metricName: http_requests_total
       threshold: '5'
       query: sum(rate(http_requests_total{job="test-app"}[1m]))
       authModes: basic
-  - authenticationRef: <17>
+    authenticationRef: <17>
       name: prom-triggerauthentication
-    metadata:
-      name: prom-triggerauthentication
-    type: object
-  - authenticationRef: <18>
-      name: prom-cluster-triggerauthentication
-    metadata:
-      name: prom-cluster-triggerauthentication
-    type: object
+      kind: TriggerAuthentication
 ----
 <1> Optional: Specifies that the Custom Metrics Autoscaler Operator is to scale the replicas to the specified value and stop autoscaling, as described in the "Pausing the custom metrics autoscaler for a workload" section.
-<2> Specifies a name for this custom metrics autoscaler. 
+<2> Specifies a name for this custom metrics autoscaler.
 <3> Optional: Specifies the API version of the target resource. The default is `apps/v1`.
-<4> Specifies the name of the object that you want to scale. 
+<4> Specifies the name of the object that you want to scale.
 <5> Specifies the `kind` as `Deployment`, `StatefulSet` or `CustomResource`.
 <6> Optional: Specifies the name of the container in the target resource, from which the custom metrics autoscaler gets environment variables holding secrets and so forth. The default is `.spec.template.spec.containers[0]`.
 <7> Optional. Specifies the period in seconds to wait after the last trigger is reported before scaling the deployment back to `0` if the `minReplicaCount` is set to `0`. The default is `300`.
 <8> Optional: Specifies the maximum number of replicas when scaling up. The default is `100`.
 <9> Optional: Specifies the minimum number of replicas when scaling down.
-<10> Optional: Specifies the parameters for audit logs. as described in the "Configuring audit logging" section.  
-<11> Optional: Specifies the number of replicas to fall back to if a scaler fails to get metrics from the source for the number of times defined by the `failureThreshold` parameter. For more information on fallback behavior, see the link:https://keda.sh/docs/2.7/concepts/scaling-deployments/#fallback[KEDA documentation]. 
+<10> Optional: Specifies the parameters for audit logs. as described in the "Configuring audit logging" section.
+<11> Optional: Specifies the number of replicas to fall back to if a scaler fails to get metrics from the source for the number of times defined by the `failureThreshold` parameter. For more information on fallback behavior, see the link:https://keda.sh/docs/2.7/concepts/scaling-deployments/#fallback[KEDA documentation].
 <12> Optional: Specifies the interval in seconds to check each trigger on. The default is `30`.
 <13> Optional: Specifies whether to scale back the target resource to the original replica count after the scaled object is deleted. The default is `false`, which keeps the replica count as it is when the scaled object is deleted.
 <14> Optional: Specifies a name for the horizontal pod autoscaler. The default is `keda-hpa-{scaled-object-name}`.
 <15> Optional: Specifies a scaling policy to use to control the rate to scale pods up or down, as described in the "Scaling policies" section.
 <16> Specifies the trigger to use as the basis for scaling, as described in the "Understanding the custom metrics autoscaler triggers" section. This example uses {product-title} monitoring.
-<17> Optional: Specifies a trigger authentication, as described in the "Creating a custom metrics autoscaler trigger authentication" section.
-<18> Optional: Specifies a cluster trigger authentication, as described in the "Creating a custom metrics autoscaler trigger authentication" section.
-+
-[NOTE]
-====
-It is not necessary to specify both a namespace trigger authentication and a cluster trigger authentication.
-====
+<17> Optional: Specifies a trigger authentication or a cluster trigger authentication. For more information, see _Understanding the custom metrics autoscaler trigger authentication_ in the _Additional resources_ section.
+* Enter `TriggerAuthentication` to use a trigger authentication. This is the default.
+* Enter `ClusterTriggerAuthentication` to use a cluster trigger authentication.
 
-. Create the custom metrics autoscaler:
+. Create the custom metrics autoscaler by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc create -f <filename>.yaml
 ----
 
 .Verification
@@ -190,12 +179,12 @@ Note the following fields in the output:
 * `AUTHENTICATION`: Indicates the name of any trigger authentication being used.
 * `READY`: Indicates whether the scaled object is ready to start scaling:
 ** If `True`, the scaled object is ready.
-** If `False`, the scaled object is not ready because of a problem in one or more of the objects you created. 
+** If `False`, the scaled object is not ready because of a problem in one or more of the objects you created.
 * `ACTIVE`: Indicates whether scaling is taking place:
 ** If `True`, scaling is taking place.
-** If `False`, scaling is not taking place because there are no metrics or there is a problem in one or more of the objects you created. 
+** If `False`, scaling is not taking place because there are no metrics or there is a problem in one or more of the objects you created.
 * `FALLBACK`: Indicates whether the custom metrics autoscaler is able to get metrics from the source
-** If `False`, the custom metrics autoscaler is getting metrics. 
+** If `False`, the custom metrics autoscaler is getting metrics.
 ** If `True`, the custom metrics autoscaler is getting metrics because there are no metrics or there is a problem in one or more of the objects you created.
 --
 
diff --git a/modules/nodes-cma-autoscaling-custom-gather.adoc b/modules/nodes-cma-autoscaling-custom-gather.adoc
index 8ce3479d4a1f..c975745839ff 100644
--- a/modules/nodes-cma-autoscaling-custom-gather.adoc
+++ b/modules/nodes-cma-autoscaling-custom-gather.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-debugging.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-debugging-gather_{context}"]
 = Gathering debugging data
 
@@ -23,12 +23,19 @@ The standard {product-title} `must-gather` command, `oc adm must-gather`, does n
 
 .Prerequisites
 
-* Access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * The {product-title} CLI (`oc`) installed.
 
 .Procedure
 
+// Hide note from ROSA/OSD, as restricted is not supported.
 . Navigate to the directory where you want to store the `must-gather` data.
+ifndef::openshift-rosa,openshift-dedicated[]
 +
 [NOTE]
 ====
@@ -39,11 +46,12 @@ If your cluster is using a restricted network, you must take additional steps. I
 $ oc import-image is/must-gather -n openshift
 ----
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 . Perform one of the following:
 +
 --
-* To get only the Custom Metrics Autoscaler Operator `must-gather` data, use the following command: 
+* To get only the Custom Metrics Autoscaler Operator `must-gather` data, use the following command:
 +
 [source,terminal]
 ----
@@ -54,7 +62,7 @@ $ oc adm must-gather --image="$(oc get packagemanifests openshift-custom-metrics
 +
 The custom image for the `must-gather` command is pulled directly from the Operator package manifests, so that it works on any cluster where the Custom Metric Autoscaler Operator is available.
 
-* To gather the default `must-gather` data in addition to the Custom Metric Autoscaler Operator information: 
+* To gather the default `must-gather` data in addition to the Custom Metric Autoscaler Operator information:
 
 .. Use the following command to obtain the Custom Metrics Autoscaler Operator image and set it as an environment variable:
 +
@@ -74,6 +82,7 @@ $ oc adm must-gather --image-stream=openshift/must-gather --image=${IMAGE}
 --
 +
 .Example must-gather output for the Custom Metric Autoscaler:
+ifndef::openshift-rosa,openshift-dedicated[]
 [%collapsible]
 ====
 [source,terminal]
@@ -157,6 +166,92 @@ $ oc adm must-gather --image-stream=openshift/must-gather --image=${IMAGE}
         └── routes.yaml
 ----
 ====
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[%collapsible]
+====
+[source,terminal]
+----
+└── keda
+    ├── apps
+    │   ├── daemonsets.yaml
+    │   ├── deployments.yaml
+    │   ├── replicasets.yaml
+    │   └── statefulsets.yaml
+    ├── apps.openshift.io
+    │   └── deploymentconfigs.yaml
+    ├── autoscaling
+    │   └── horizontalpodautoscalers.yaml
+    ├── batch
+    │   ├── cronjobs.yaml
+    │   └── jobs.yaml
+    ├── build.openshift.io
+    │   ├── buildconfigs.yaml
+    │   └── builds.yaml
+    ├── core
+    │   ├── configmaps.yaml
+    │   ├── endpoints.yaml
+    │   ├── events.yaml
+    │   ├── persistentvolumeclaims.yaml
+    │   ├── pods.yaml
+    │   ├── replicationcontrollers.yaml
+    │   ├── secrets.yaml
+    │   └── services.yaml
+    ├── discovery.k8s.io
+    │   └── endpointslices.yaml
+    ├── image.openshift.io
+    │   └── imagestreams.yaml
+    ├── k8s.ovn.org
+    │   ├── egressfirewalls.yaml
+    │   └── egressqoses.yaml
+    ├── keda.sh
+    │   ├── kedacontrollers
+    │   │   └── keda.yaml
+    │   ├── scaledobjects
+    │   │   └── example-scaledobject.yaml
+    │   └── triggerauthentications
+    │       └── example-triggerauthentication.yaml
+    ├── monitoring.coreos.com
+    │   └── servicemonitors.yaml
+    ├── networking.k8s.io
+    │   └── networkpolicies.yaml
+    ├── keda.yaml
+    ├── pods
+    │   ├── custom-metrics-autoscaler-operator-58bd9f458-ptgwx
+    │   │   ├── custom-metrics-autoscaler-operator
+    │   │   │   └── custom-metrics-autoscaler-operator
+    │   │   │       └── logs
+    │   │   │           ├── current.log
+    │   │   │           ├── previous.insecure.log
+    │   │   │           └── previous.log
+    │   │   └── custom-metrics-autoscaler-operator-58bd9f458-ptgwx.yaml
+    │   ├── custom-metrics-autoscaler-operator-58bd9f458-thbsh
+    │   │   └── custom-metrics-autoscaler-operator
+    │   │       └── custom-metrics-autoscaler-operator
+    │   │           └── logs
+    │   ├── keda-metrics-apiserver-65c7cc44fd-6wq4g
+    │   │   ├── keda-metrics-apiserver
+    │   │   │   └── keda-metrics-apiserver
+    │   │   │       └── logs
+    │   │   │           ├── current.log
+    │   │   │           ├── previous.insecure.log
+    │   │   │           └── previous.log
+    │   │   └── keda-metrics-apiserver-65c7cc44fd-6wq4g.yaml
+    │   └── keda-operator-776cbb6768-fb6m5
+    │       ├── keda-operator
+    │       │   └── keda-operator
+    │       │       └── logs
+    │       │           ├── current.log
+    │       │           ├── previous.insecure.log
+    │       │           └── previous.log
+    │       └── keda-operator-776cbb6768-fb6m5.yaml
+    ├── policy
+    │   └── poddisruptionbudgets.yaml
+    └── route.openshift.io
+        └── routes.yaml
+----
+====
+endif::openshift-rosa,openshift-dedicated[]
 
 ifndef::openshift-origin[]
 . Create a compressed file from the `must-gather` directory that was created in your working directory. For example, on a computer that uses a Linux
diff --git a/modules/nodes-cma-autoscaling-custom-install.adoc b/modules/nodes-cma-autoscaling-custom-install.adoc
index 43ae8c4b1142..3ca413c846cc 100644
--- a/modules/nodes-cma-autoscaling-custom-install.adoc
+++ b/modules/nodes-cma-autoscaling-custom-install.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-install_{context}"]
 = Installing the custom metrics autoscaler
 
@@ -40,7 +40,7 @@ $ oc delete crd triggerauthentications.keda.k8s.io
 . On the *Install Operator* page, ensure that the *All namespaces on the cluster (default)* option
 is selected for *Installation Mode*. This installs the Operator in all namespaces.
 
-. Ensure that the *openshift-keda* namespace is selected for *Installed Namespace*. {product-title} creates the namespace, if not present in your cluster.  
+. Ensure that the *openshift-keda* namespace is selected for *Installed Namespace*. {product-title} creates the namespace, if not present in your cluster.
 
 . Click *Install*.
 
@@ -104,7 +104,7 @@ spec:
       policy:
         rules:
         - level: Metadata
-        omitStages: "RequestReceived"
+        omitStages: ["RequestReceived"]
         omitManagedFields: false
       lifetime:
         maxAge: "2"
@@ -116,6 +116,6 @@ spec:
 <2> Specifies the level of verbosity for the Custom Metrics Autoscaler Operator log messages. The allowed values are `debug`, `info`, `error`. The default is `info`.
 <3> Specifies the logging format for the Custom Metrics Autoscaler Operator log messages. The allowed values are `console` or `json`. The default is `console`.
 <4> Specifies the logging level for the Custom Metrics Autoscaler Metrics Server. The allowed values are `0` for `info` and `4` or `debug`. The default is `0`.
-<5> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section. 
+<5> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section.
 
-.. Click *Create* to create the KEDAController.
+.. Click *Create* to create the KEDA controller.
diff --git a/modules/nodes-cma-autoscaling-custom-metrics-access.adoc b/modules/nodes-cma-autoscaling-custom-metrics-access.adoc
index d50e1a435d6b..745d5f14e7a7 100644
--- a/modules/nodes-cma-autoscaling-custom-metrics-access.adoc
+++ b/modules/nodes-cma-autoscaling-custom-metrics-access.adoc
@@ -3,7 +3,7 @@
 // * nodes/cma/nodes-cma-autoscaling-custom-metrics.adoc
 // Modeled after migration-accessing-performance-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-metrics-access_{context}"]
 = Accessing performance metrics
 
diff --git a/modules/nodes-cma-autoscaling-custom-metrics-provided.adoc b/modules/nodes-cma-autoscaling-custom-metrics-provided.adoc
index cc384ff875e6..96c88146fd31 100644
--- a/modules/nodes-cma-autoscaling-custom-metrics-provided.adoc
+++ b/modules/nodes-cma-autoscaling-custom-metrics-provided.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nodes-cma-autoscaling-custom-metrics-provided_{context}"]
 = Provided Operator metrics
 
diff --git a/modules/nodes-cma-autoscaling-custom-pausing-restart.adoc b/modules/nodes-cma-autoscaling-custom-pausing-restart.adoc
index ad08c2afe605..a61c0e1ce66f 100644
--- a/modules/nodes-cma-autoscaling-custom-pausing-restart.adoc
+++ b/modules/nodes-cma-autoscaling-custom-pausing-restart.adoc
@@ -2,11 +2,11 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-pausing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-pausing-restart_{context}"]
 = Restarting the custom metrics autoscaler for a scaled object
 
-You can restart a paused custom metrics autoscaler by removing the `autoscaling.keda.sh/paused-replicas` annotation for that `ScaledObject`. 
+You can restart a paused custom metrics autoscaler by removing the `autoscaling.keda.sh/paused-replicas` annotation for that `ScaledObject`.
 
 [source,yaml]
 ----
@@ -24,7 +24,7 @@ metadata:
 +
 [source,terminal]
 ----
-$ oc edit ScaledObject scaledobject 
+$ oc edit ScaledObject scaledobject
 ----
 
 . Remove the `autoscaling.keda.sh/paused-replicas` annotation.
diff --git a/modules/nodes-cma-autoscaling-custom-pausing-workload.adoc b/modules/nodes-cma-autoscaling-custom-pausing-workload.adoc
index 7d27b861cb24..a01bcaf112e4 100644
--- a/modules/nodes-cma-autoscaling-custom-pausing-workload.adoc
+++ b/modules/nodes-cma-autoscaling-custom-pausing-workload.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-pausing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-pausing-workload_{context}"]
 = Pausing a custom metrics autoscaler
 
@@ -24,7 +24,7 @@ metadata:
 +
 [source,terminal]
 ----
-$ oc edit ScaledObject scaledobject 
+$ oc edit ScaledObject scaledobject
 ----
 
 . Add the `autoscaling.keda.sh/paused-replicas` annotation with any value:
diff --git a/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc b/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc
index 528a8f00134f..b5d6eded08a8 100644
--- a/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc
+++ b/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-prometheus-config_{context}"]
 = Configuring the custom metrics autoscaler to use {product-title} monitoring
 
diff --git a/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc b/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc
index 31b7e260c870..65bafa1ef8cd 100644
--- a/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc
+++ b/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-trigger-auth-using_{context}"]
 = Using trigger authentications
 
@@ -10,7 +10,7 @@ You use trigger authentications and cluster trigger authentications by using a c
 
 .Prerequisites
 
-* The Custom Metrics Autoscaler Operator must be installed. 
+* The Custom Metrics Autoscaler Operator must be installed.
 
 * If you are using a secret, the `Secret` object must exist, for example:
 +
@@ -54,12 +54,14 @@ spec:
 +
 [source,terminal]
 ----
-$ oc create -f <file-name>.yaml
+$ oc create -f <filename>.yaml
 ----
 
-. Create or edit a `ScaledObject` YAML file:
+. Create or edit a `ScaledObject` YAML file that uses the trigger authentication:
+
+.. Create a YAML file that defines the object by running the following command:
 +
-.Example scaled object
+.Example scaled object with a trigger authentication
 [source,yaml,options="nowrap"]
 ----
 apiVersion: keda.sh/v1alpha1
@@ -74,8 +76,7 @@ spec:
   minReplicaCount: 0
   pollingInterval: 30
   triggers:
-  - authenticationRef:  
-    type: prometheus
+  - type: prometheus
     metadata:
       serverAddress: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092
       namespace: kedatest # replace <NAMESPACE>
@@ -83,29 +84,46 @@ spec:
       threshold: '5'
       query: sum(rate(http_requests_total{job="test-app"}[1m]))
       authModes: "basic"
-    - authenticationRef: <1>
-        name: prom-triggerauthentication
-      metadata:
-        name: prom-triggerauthentication
-      type: object
-    - authenticationRef: <2>
-        name: prom-cluster-triggerauthentication
-        kind: ClusterTriggerAuthentication
-      metadata:
-        name: prom-cluster-triggerauthentication
-      type: object
+    authenticationRef:
+      name: prom-triggerauthentication <1>
+      kind: TriggerAuthentication <2>
 ----
-<1> Optional: Specify a trigger authentication.
-<2> Optional: Specify a cluster trigger authentication. You must include the `kind: ClusterTriggerAuthentication` parameter.
+<1> Specify the name of your trigger authentication object.
+<2> Specify `TriggerAuthentication`. `TriggerAuthentication` is the default.
 +
-[NOTE]
-====
-It is not necessary to specify both a namespace trigger authentication and a cluster trigger authentication.
-====
+.Example scaled object with a cluster trigger authentication
+[source,yaml,options="nowrap"]
+----
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: scaledobject
+  namespace: my-namespace
+spec:
+  scaleTargetRef:
+    name: example-deployment
+  maxReplicaCount: 100
+  minReplicaCount: 0
+  pollingInterval: 30
+  triggers:
+  - type: prometheus
+    metadata:
+      serverAddress: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092
+      namespace: kedatest # replace <NAMESPACE>
+      metricName: http_requests_total
+      threshold: '5'
+      query: sum(rate(http_requests_total{job="test-app"}[1m]))
+      authModes: "basic"
+    authenticationRef:
+      name: prom-cluster-triggerauthentication <1>
+      kind: ClusterTriggerAuthentication <2>
+----
+<1> Specify the name of your trigger authentication object.
+<2> Specify `ClusterTriggerAuthentication`.
 
-. Create the object. For example:
+.. Create the scaled object by running the following command:
 +
 [source,terminal]
 ----
-$ oc apply -f <file-name>
+$ oc apply -f <filename>
 ----
diff --git a/modules/nodes-cma-autoscaling-custom-trigger-cpu.adoc b/modules/nodes-cma-autoscaling-custom-trigger-cpu.adoc
index d9a61a8e7080..1b980e018b96 100644
--- a/modules/nodes-cma-autoscaling-custom-trigger-cpu.adoc
+++ b/modules/nodes-cma-autoscaling-custom-trigger-cpu.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-trigger-cpu_{context}"]
 = Understanding the CPU trigger
 
@@ -31,12 +31,11 @@ spec:
     metricType: Utilization <2>
     metadata:
       value: '60' <3>
-      containerName: api <4>
-
+  minReplicaCount: 1 <4>
 ----
 <1> Specifies CPU as the trigger type.
 <2> Specifies the type of metric to use, either `Utilization` or `AverageValue`.
 <3> Specifies the value that triggers scaling. Must be specified as a quoted string value.
 * When using `Utilization`, the target value is the average of the resource metrics across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
 * When using `AverageValue`, the target value is the average of the metrics across all relevant pods.
-<4> Optional: Specifies an individual container to scale, based on the memory utilization of only that container, rather than the entire pod. In this example, only the container named `api` is to be scaled.
+<4> Specifies the minimum number of replicas when scaling down. For a CPU trigger, enter a value of `1` or greater, because the HPA cannot scale to zero if you are using only CPU metrics.
diff --git a/modules/nodes-cma-autoscaling-custom-trigger-kafka.adoc b/modules/nodes-cma-autoscaling-custom-trigger-kafka.adoc
index 9babaced121a..24be5b89f682 100644
--- a/modules/nodes-cma-autoscaling-custom-trigger-kafka.adoc
+++ b/modules/nodes-cma-autoscaling-custom-trigger-kafka.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-trigger-kafka_{context}"]
 = Understanding the Kafka trigger
 
diff --git a/modules/nodes-cma-autoscaling-custom-trigger-memory.adoc b/modules/nodes-cma-autoscaling-custom-trigger-memory.adoc
index 25ec0d2b2ea9..bfebbfd4efa5 100644
--- a/modules/nodes-cma-autoscaling-custom-trigger-memory.adoc
+++ b/modules/nodes-cma-autoscaling-custom-trigger-memory.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-trigger-memory_{context}"]
 = Understanding the memory trigger
 
diff --git a/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc b/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc
index c1f432d698f1..980727140e07 100644
--- a/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc
+++ b/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc
@@ -2,11 +2,11 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-trigger-prom_{context}"]
 = Understanding the Prometheus trigger
 
-You can scale pods based on Prometheus metrics, which can use the installed {product-title} monitoring or an external Prometheus server as the metrics source. See "Additional resources" for information on the configurations required to use the {product-title} monitoring as a source for metrics. 
+You can scale pods based on Prometheus metrics, which can use the installed {product-title} monitoring or an external Prometheus server as the metrics source. See "Additional resources" for information on the configurations required to use the {product-title} monitoring as a source for metrics.
 
 [NOTE]
 ====
@@ -43,7 +43,7 @@ spec:
 <5> Specifies the value that triggers scaling. Must be specified as a quoted string value.
 <6> Specifies the Prometheus query to use.
 <7> Specifies the authentication method to use. Prometheus scalers support bearer authentication (`bearer`), basic authentication (`basic`), or TLS authentication (`tls`). You configure the specific authentication parameters in a trigger authentication, as discussed in a following section. As needed, you can also use a secret.
-<8> Optional: Passes the `X-Scope-OrgID` header to multi-tenant link:https://cortexmetrics.io/[Cortex] or link:https://grafana.com/oss/mimir/[Mimir] storage for Prometheus. This parameter is required only with multi-tenant Prometheus storage, to indicate which data Prometheus should return. 
+<8> Optional: Passes the `X-Scope-OrgID` header to multi-tenant link:https://cortexmetrics.io/[Cortex] or link:https://grafana.com/oss/mimir/[Mimir] storage for Prometheus. This parameter is required only with multi-tenant Prometheus storage, to indicate which data Prometheus should return.
 <9> Optional: Specifies how the trigger should proceed if the Prometheus target is lost.
      * If `true`, the trigger continues to operate if the Prometheus target is lost. This is the default behavior.
      * If `false`, the trigger returns an error if the Prometheus target is lost.
diff --git a/modules/nodes-cma-autoscaling-custom-uninstalling.adoc b/modules/nodes-cma-autoscaling-custom-uninstalling.adoc
index da6fc74c9226..c92d170bd7f8 100644
--- a/modules/nodes-cma-autoscaling-custom-uninstalling.adoc
+++ b/modules/nodes-cma-autoscaling-custom-uninstalling.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/cma/nodes-cma-autoscaling-custom-uninstall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-cma-autoscaling-custom-uninstalling_{context}"]
 = Uninstalling the Custom Metrics Autoscaler Operator
 
@@ -16,7 +16,12 @@ Use the following procedure to remove the custom metrics autoscaler from your {p
 
 . In the {product-title} web console, click *Operators* -> *Installed Operators*.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Switch to the *openshift-keda* project.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+. Switch to the *keda* project.
+endif::openshift-rosa,openshift-dedicated[]
 
 . Remove the `KedaController` custom resource.
 
@@ -24,19 +29,19 @@ Use the following procedure to remove the custom metrics autoscaler from your {p
 
 .. Find the custom resource, and then click *Delete KedaController*.
 
-.. Click *Uninstall*. 
+.. Click *Uninstall*.
 
-. Remove the Custom Metrics Autoscaler Operator: 
+. Remove the Custom Metrics Autoscaler Operator:
 
-.. Click *Operators* -> *Installed Operators*. 
+.. Click *Operators* -> *Installed Operators*.
 
 .. Find the *CustomMetricsAutoscaler*  Operator and click the *Options* menu {kebab} and select *Uninstall Operator*.
 
-.. Click *Uninstall*. 
+.. Click *Uninstall*.
 
 . Optional: Use the OpenShift CLI to remove the custom metrics autoscaler components:
 
-.. Delete the custom metrics autoscaler CRDs: 
+.. Delete the custom metrics autoscaler CRDs:
 +
 --
 * `clustertriggerauthentications.keda.sh`
@@ -53,7 +58,7 @@ $ oc delete crd clustertriggerauthentications.keda.sh kedacontrollers.keda.sh sc
 +
 Deleting the CRDs removes the associated roles, cluster roles, and role bindings. However, there might be a few cluster roles that must be manually deleted.
 
-.. List any custom metrics autoscaler cluster roles: 
+.. List any custom metrics autoscaler cluster roles:
 +
 [source,terminal]
 ----
@@ -67,7 +72,7 @@ $ oc get clusterrole | grep keda.sh
 $ oc delete clusterrole.keda.sh-v1alpha1-admin
 ----
 
-.. List any custom metrics autoscaler cluster role bindings: 
+.. List any custom metrics autoscaler cluster role bindings:
 +
 [source,terminal]
 ----
@@ -83,14 +88,30 @@ $ oc delete clusterrolebinding.keda.sh-v1alpha1-admin
 
 . Delete the custom metrics autoscaler project:
 +
+ifndef::openshift-rosa,openshift-dedicated[]
 [source,terminal]
 ----
 $ oc delete project openshift-keda
 ----
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[source,terminal]
+----
+$ oc delete project keda
+----
+endif::openshift-rosa,openshift-dedicated[]
 
 . Delete the Cluster Metric Autoscaler Operator:
 +
+ifndef::openshift-rosa,openshift-dedicated[]
+[source,terminal]
+----
+$ oc delete operator/openshift-custom-metrics-autoscaler-operator.openshift-keda
+----
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
 [source,terminal]
 ----
-$ oc delete operator/openshift-custom-metrics-autoscaler-operator.openshift-keda 
+$ oc delete operator/openshift-custom-metrics-autoscaler-operator.keda
 ----
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/modules/nodes-containers-copying-files-about.adoc b/modules/nodes-containers-copying-files-about.adoc
index c8d242210c82..320685c5c72b 100644
--- a/modules/nodes-containers-copying-files-about.adoc
+++ b/modules/nodes-containers-copying-files-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-copying-files.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-copying-files-about_{context}"]
 = Understanding how to copy files
 
@@ -19,15 +19,15 @@ $ oc rsync <source> <destination> [-c <container>]
 Specifying the Copy Source::
 The source argument of the `oc rsync` command must point to either a local
 directory or a pod directory. Individual files are not supported.
-
++
 When specifying a pod directory the directory name must be prefixed with the pod
 name:
-
++
 [source,terminal]
 ----
 <pod name>:<dir>
 ----
-
++
 If the directory name ends in a path separator (`/`), only the contents of the directory are copied to the destination. Otherwise, the
 directory and its contents are copied to the destination.
 
@@ -44,11 +44,11 @@ Continuous Syncing on File Change::
 Using the `--watch` option causes the command to monitor the source path for any
 file system changes, and synchronizes changes when they occur. With this
 argument, the command runs forever.
-
++
 Synchronization occurs after short quiet periods to ensure a
 rapidly changing file system does not result in continuous synchronization
 calls.
-
++
 When using the `--watch` option, the behavior is effectively the same as
 manually invoking `oc rsync` repeatedly, including any arguments normally passed
 to `oc rsync`. Therefore, you can control the behavior via the same flags used
diff --git a/modules/nodes-containers-copying-files-procedure.adoc b/modules/nodes-containers-copying-files-procedure.adoc
index b8c343eaaf0a..91ef7b4bc972 100644
--- a/modules/nodes-containers-copying-files-procedure.adoc
+++ b/modules/nodes-containers-copying-files-procedure.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-copying-files.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-copying-files-procedure_{context}"]
 = Copying files to and from containers
 
@@ -12,19 +12,18 @@ Support for copying local files to or from a container is built into the CLI.
 
 When working with `oc rsync`, note the following:
 
-rsync must be installed::
-The `oc rsync` command uses the local `rsync` tool if present on the client
+* rsync must be installed. The `oc rsync` command uses the local `rsync` tool, if present on the client
 machine and the remote container.
-
++
 If `rsync` is not found locally or in the remote container, a *tar* archive
 is created locally and sent to the container where the *tar* utility is used to
 extract the files. If *tar* is not available in the remote container, the
 copy will fail.
-
++
 The *tar* copy method does not provide the same functionality as `oc rsync`. For
 example, `oc rsync` creates the destination directory if it does not exist and
 only sends files that are different between the source and the destination.
-
++
 [NOTE]
 ====
 In Windows, the `cwRsync` client should be installed and added to the PATH for
diff --git a/modules/nodes-containers-copying-files-rsync.adoc b/modules/nodes-containers-copying-files-rsync.adoc
index fe98c17f0d06..b9d008ee9b5a 100644
--- a/modules/nodes-containers-copying-files-rsync.adoc
+++ b/modules/nodes-containers-copying-files-rsync.adoc
@@ -13,7 +13,7 @@ environment variable as a workaround, as follows:
 
 [source,terminal]
 ----
-$ rsync --rsh='oc rsh' --exclude-from=FILE SRC POD:DEST
+$ rsync --rsh='oc rsh' --exclude-from=<file_name> <local-dir> <pod-name>:/<remote-dir>
 ----
 
 or:
@@ -29,7 +29,7 @@ Then, run the rsync command:
 
 [source,terminal]
 ----
-$ rsync --exclude-from=FILE SRC POD:DEST
+$ rsync --exclude-from=<file_name> <local-dir> <pod-name>:/<remote-dir>
 ----
 
 Both of the above examples configure standard `rsync` to use `oc rsh` as its
diff --git a/modules/nodes-containers-downward-api-container-configmaps.adoc b/modules/nodes-containers-downward-api-container-configmaps.adoc
index f348a38ca3b5..dae07e08fe4b 100644
--- a/modules/nodes-containers-downward-api-container-configmaps.adoc
+++ b/modules/nodes-containers-downward-api-container-configmaps.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-configmaps_{context}"]
 = Consuming configuration maps using the Downward API
 
@@ -11,7 +11,9 @@ so image and application authors can create an image for specific environments.
 
 .Procedure
 
-. Create a `*_configmap.yaml_*` file:
+. Create a config map with the values to inject:
+
+.. Create a `*_configmap.yaml_*` file similar to the following:
 +
 [source,yaml]
 ----
@@ -23,14 +25,16 @@ data:
   mykey: myvalue
 ----
 
-. Create a `ConfigMap` object from the `*_configmap.yaml_*` file:
+.. Create the config map from the `configmap.yaml` file:
 +
 [source,terminal]
 ----
 $ oc create -f configmap.yaml
 ----
 
-. Create a `*_pod.yaml_*` file that references the above `ConfigMap` object:
+. Create a pod that references the above config map:
+
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -50,16 +54,19 @@ spec:
               name: myconfigmap
               key: mykey
   restartPolicy: Always
+# ...
 ----
 
-. Create the pod from the `*_pod.yaml_*` file:
+.. Create the pod from the `pod.yaml` file:
 +
 [source,terminal]
 ----
 $ oc create -f pod.yaml
 ----
 
-. Check the container's logs for the `MY_CONFIGMAP_VALUE` value:
+.Verification
+
+* Check the container's logs for the `MY_CONFIGMAP_VALUE` value:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-envars.adoc b/modules/nodes-containers-downward-api-container-envars.adoc
index b8f8e5f88a43..62b2383cdda6 100644
--- a/modules/nodes-containers-downward-api-container-envars.adoc
+++ b/modules/nodes-containers-downward-api-container-envars.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-envars_{context}"]
 = Referencing environment variables
 
@@ -13,7 +13,9 @@ string.
 
 .Procedure
 
-. Create a `*_pod.yaml_*` file that references an existing `environment variable`:
+. Create a pod that references an existing environment variable:
+
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -32,16 +34,19 @@ spec:
         - name: MY_ENV_VAR_REF_ENV
           value: $(MY_EXISTING_ENV)
   restartPolicy: Never
+# ...
 ----
 
-. Create the pod from the `*_pod.yaml_*` file:
+.. Create the pod from the `*_pod.yaml_*` file:
 +
 [source,terminal]
 ----
 $ oc create -f pod.yaml
 ----
 
-. Check the container's logs for the `MY_ENV_VAR_REF_ENV` value:
+.Verification
+
+* Check the container's logs for the `MY_ENV_VAR_REF_ENV` value:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-escaping.adoc b/modules/nodes-containers-downward-api-container-escaping.adoc
index 8b097db421a2..a0e65537e54b 100644
--- a/modules/nodes-containers-downward-api-container-escaping.adoc
+++ b/modules/nodes-containers-downward-api-container-escaping.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-escaping_{context}"]
 = Escaping environment variable references
 
@@ -12,7 +12,9 @@ of the provided value.
 
 .Procedure
 
-. Create a `*_pod.yaml_*` file that references an existing `environment variable`:
+. Create a pod that references an existing environment variable:
+
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -29,16 +31,19 @@ spec:
         - name: MY_NEW_ENV
           value: $$(SOME_OTHER_ENV)
   restartPolicy: Never
+# ...
 ----
 
-. Create the pod from the `*_pod.yaml_*` file:
+.. Create the pod from the `*_pod.yaml_*` file:
 +
 [source,terminal]
 ----
 $ oc create -f pod.yaml
 ----
 
-. Check the container's logs for the `MY_NEW_ENV` value:
+.Verification
+
+* Check the container's logs for the `MY_NEW_ENV` value:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-resources-envars.adoc b/modules/nodes-containers-downward-api-container-resources-envars.adoc
index 152fc70bad32..04a737856e48 100644
--- a/modules/nodes-containers-downward-api-container-resources-envars.adoc
+++ b/modules/nodes-containers-downward-api-container-resources-envars.adoc
@@ -2,24 +2,35 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-resources-envars_{context}"]
 = Consuming container resources using environment variables
 
 When creating pods, you can use the Downward API to inject information about
 computing resource requests and limits using environment variables.
 
+When creating the pod configuration, specify environment variables that
+correspond to the contents of the `resources` field in the `*spec.container*`
+field.
+
+[NOTE]
+====
+If the resource limits are not included in the container configuration, the
+downward API defaults to the node's CPU and memory allocatable values.
+====
+
 .Procedure
 
-To use environment variables:
+. Create a new pod spec that contains the resources you want to inject:
 
-. When creating a pod configuration, specify environment variables that
-correspond to the contents of the `resources` field in the `*spec.container*`
-field:
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
-....
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-env-test-pod
 spec:
   containers:
     - name: test-container
@@ -49,13 +60,10 @@ spec:
           valueFrom:
             resourceFieldRef:
               resource: limits.memory
-....
+# ...
 ----
-+
-If the resource limits are not included in the container configuration, the
-downward API defaults to the node's CPU and memory allocatable values.
 
-. Create the pod from the `*_pod.yaml_*` file:
+.. Create the pod from the `pod.yaml` file:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-resources-plugin.adoc b/modules/nodes-containers-downward-api-container-resources-plugin.adoc
index 2ad3bc32171d..e2d8c97041df 100644
--- a/modules/nodes-containers-downward-api-container-resources-plugin.adoc
+++ b/modules/nodes-containers-downward-api-container-resources-plugin.adoc
@@ -2,24 +2,35 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-resources-plugin_{context}"]
 = Consuming container resources using a volume plugin
 
 When creating pods, you can use the Downward API to inject information about
 computing resource requests and limits using a volume plugin.
 
+When creating the pod configuration, use the `spec.volumes.downwardAPI.items`
+field to describe the desired resources that correspond to the
+`spec.resources` field.
+
+[NOTE]
+====
+If the resource limits are not included in the container configuration, the
+Downward API defaults to the node's CPU and memory allocatable values.
+====
+
 .Procedure
 
-To use the Volume Plugin:
+. Create a new pod spec that contains the resources you want to inject:
 
-. When creating a pod configuration, use the `spec.volumes.downwardAPI.items`
-field to describe the desired resources that correspond to the
-`spec.resources` field:
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
-....
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dapi-env-test-pod
 spec:
   containers:
     - name: client-container
@@ -56,13 +67,10 @@ spec:
             resourceFieldRef:
               containerName: client-container
               resource: requests.memory
-....
+# ...
 ----
-+
-If the resource limits are not included in the container configuration, the
-Downward API defaults to the node's CPU and memory allocatable values.
 
-. Create the pod from the `*_volume-pod.yaml_*` file:
+.. Create the pod from the `*_volume-pod.yaml_*` file:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-resources.adoc b/modules/nodes-containers-downward-api-container-resources.adoc
index 904a741cdc2e..54015ce48679 100644
--- a/modules/nodes-containers-downward-api-container-resources.adoc
+++ b/modules/nodes-containers-downward-api-container-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-downward-api-container-resources-api_{context}"]
 = Understanding how to consume container resources using the Downward API
 
diff --git a/modules/nodes-containers-downward-api-container-secrets.adoc b/modules/nodes-containers-downward-api-container-secrets.adoc
index e03f16b8a414..6aaea6cb5e37 100644
--- a/modules/nodes-containers-downward-api-container-secrets.adoc
+++ b/modules/nodes-containers-downward-api-container-secrets.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-secrets_{context}"]
 = Consuming secrets using the Downward API
 
@@ -12,7 +12,9 @@ for specific environments.
 
 .Procedure
 
-. Create a `secret.yaml` file:
+. Create a secret to inject:
+
+.. Create a `secret.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -21,19 +23,21 @@ kind: Secret
 metadata:
   name: mysecret
 data:
-  password: cGFzc3dvcmQ=
-  username: ZGV2ZWxvcGVy
+  password: <password>
+  username: <username>
 type: kubernetes.io/basic-auth
 ----
 
-. Create a `Secret` object from the `secret.yaml` file:
+.. Create the secret object from the `secret.yaml` file:
 +
 [source,terminal]
 ----
 $ oc create -f secret.yaml
 ----
 
-. Create a `pod.yaml` file that references the `username` field from the above `Secret` object:
+. Create a pod that references the `username` field from the above `Secret` object:
+
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -53,16 +57,19 @@ spec:
               name: mysecret
               key: username
   restartPolicy: Never
+# ...
 ----
 
-. Create the pod from the `pod.yaml` file:
+.. Create the pod from the `pod.yaml` file:
 +
 [source,terminal]
 ----
 $ oc create -f pod.yaml
 ----
 
-. Check the container's logs for the `MY_SECRET_USERNAME` value:
+.Verification
+
+* Check the container's logs for the `MY_SECRET_USERNAME` value:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-values-envars.adoc b/modules/nodes-containers-downward-api-container-values-envars.adoc
index 5921710eaae4..5ddc6273a69e 100644
--- a/modules/nodes-containers-downward-api-container-values-envars.adoc
+++ b/modules/nodes-containers-downward-api-container-values-envars.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-values-envars_{context}"]
 = Consuming container values using environment variables
 
@@ -20,9 +20,9 @@ supported using environment variables are:
 
 .Procedure
 
-To use environment variables
+. Create a new pod spec that contains the environment variables you want the container to consume:
 
-. Create a `pod.yaml` file:
+.. Create a `pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -45,16 +45,19 @@ spec:
             fieldRef:
               fieldPath: metadata.namespace
   restartPolicy: Never
+# ...
 ----
 
-. Create the pod from the `pod.yaml` file:
+.. Create the pod from the `pod.yaml` file:
 +
 [source,terminal]
 ----
 $ oc create -f pod.yaml
 ----
 
-. Check the container's logs for the `MY_POD_NAME` and `MY_POD_NAMESPACE`
+.Verification
+
+* Check the container's logs for the `MY_POD_NAME` and `MY_POD_NAMESPACE`
 values:
 +
 [source,terminal]
diff --git a/modules/nodes-containers-downward-api-container-values-plugin.adoc b/modules/nodes-containers-downward-api-container-values-plugin.adoc
index 4843dc15bd79..8f6e7ed7a1a8 100644
--- a/modules/nodes-containers-downward-api-container-values-plugin.adoc
+++ b/modules/nodes-containers-downward-api-container-values-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-downward-api-container-values-plugin_{context}"]
 = Consuming container values using a volume plugin
 
@@ -22,7 +22,9 @@ Containers can consume:
 
 To use the volume plugin:
 
-. Create a `volume-pod.yaml` file:
+. Create a new pod spec that contains the environment variables you want the container to consume:
+
+.. Create a `volume-pod.yaml` file similar to the following:
 +
 [source,yaml]
 ----
@@ -64,16 +66,19 @@ spec:
           fieldPath: metadata.annotations
         path: pod_annotations
   restartPolicy: Never
+# ...
 ----
 
-. Create the pod from the `volume-pod.yaml` file:
+.. Create the pod from the `volume-pod.yaml` file:
 +
 [source,terminal]
 ----
 $ oc create -f volume-pod.yaml
 ----
 
-. Check the container's logs and verify the presence of the configured fields:
+.Verification
+
+* Check the container's logs and verify the presence of the configured fields:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-downward-api-container-values.adoc b/modules/nodes-containers-downward-api-container-values.adoc
index 0e2c16c77f6f..3de107878ad4 100644
--- a/modules/nodes-containers-downward-api-container-values.adoc
+++ b/modules/nodes-containers-downward-api-container-values.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-downward-api.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-downward-api-container-values_{context}"]
 = Understanding how to consume container values using the downward API
 
@@ -13,7 +13,7 @@ Depending on the method you choose, containers can consume:
 
 * Pod project/namespace
 
-* Pod annotations 
+* Pod annotations
 
 * Pod labels
 
diff --git a/modules/nodes-containers-events-about.adoc b/modules/nodes-containers-events-about.adoc
index 26a6578b82bf..1f1f146328eb 100644
--- a/modules/nodes-containers-events-about.adoc
+++ b/modules/nodes-containers-events-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-events.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-events-about_{context}"]
 = Understanding events
 
diff --git a/modules/nodes-containers-events-viewing.adoc b/modules/nodes-containers-events-viewing.adoc
index 0566cb69a7ee..caf95ccbb422 100644
--- a/modules/nodes-containers-events-viewing.adoc
+++ b/modules/nodes-containers-events-viewing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-events.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-events-viewing-cli_{context}"]
 = Viewing events using the CLI
 
diff --git a/modules/nodes-containers-init-about.adoc b/modules/nodes-containers-init-about.adoc
index d53885929513..53cdb6c9fec1 100644
--- a/modules/nodes-containers-init-about.adoc
+++ b/modules/nodes-containers-init-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-init.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-init-about_{context}"]
 = Understanding Init Containers
 
diff --git a/modules/nodes-containers-init-creating.adoc b/modules/nodes-containers-init-creating.adoc
index b14fe6f26343..ea8d5cadca22 100644
--- a/modules/nodes-containers-init-creating.adoc
+++ b/modules/nodes-containers-init-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-init.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-init-creating_{context}"]
 = Creating Init Containers
 
@@ -10,7 +10,9 @@ The following example outlines a simple pod which has two Init Containers. The f
 
 .Procedure
 
-. Create a YAML file for the Init Container:
+. Create the pod for the Init Container:
+
+.. Create a YAML file similar to the following:
 +
 [source,yaml]
 ----
@@ -32,52 +34,57 @@ spec:
   - name: init-mydb
     image: registry.access.redhat.com/ubi9/ubi:latest
     command: ['sh', '-c', 'until getent hosts mydb; do echo waiting for mydb; sleep 2; done;']
+# ...
 ----
 
-. Create a YAML file for the `myservice` service.
+.. Create the pod:
 +
-[source,yaml]
+[source,terminal]
 ----
-kind: Service
-apiVersion: v1
-metadata:
-  name: myservice
-spec:
-  ports:
-  - protocol: TCP
-    port: 80
-    targetPort: 9376
+$ oc create -f myapp.yaml
 ----
 
-. Create a YAML file for the `mydb` service.
+.. View the status of the pod:
++
+[source,terminal]
+----
+$ oc get pods
+----
++
+.Example output
+[source,terminal]
+----
+NAME                          READY     STATUS              RESTARTS   AGE
+myapp-pod                     0/1       Init:0/2            0          5s
+----
++
+The pod status, `Init:0/2`, indicates it is waiting for the two services.
+
+. Create the `myservice` service.
+
+.. Create a YAML file similar to the following:
 +
 [source,yaml]
 ----
 kind: Service
 apiVersion: v1
 metadata:
-  name: mydb
+  name: myservice
 spec:
   ports:
   - protocol: TCP
     port: 80
-    targetPort: 9377
+    targetPort: 9376
 ----
 
-. Run the following command to create the `myapp-pod`:
-+
-[source,terminal]
-----
-$ oc create -f myapp.yaml
-----
+.. Create the pod:
 +
-.Example output
 [source,terminal]
 ----
-pod/myapp-pod created
+$ oc create -f myservice.yaml
 ----
 
-. View the status of the pod:
+.. View the status of the pod:
 +
 [source,terminal]
 ----
@@ -88,24 +95,36 @@ $ oc get pods
 [source,terminal]
 ----
 NAME                          READY     STATUS              RESTARTS   AGE
-myapp-pod                     0/1       Init:0/2            0          5s
+myapp-pod                     0/1       Init:1/2            0          5s
 ----
 +
-Note that the pod status indicates it is waiting
+The pod status, `Init:1/2`, indicates it is waiting for one service, in this case the `mydb` service.
 
-. Run the following commands to create the services:
+. Create the `mydb` service:
+
+.. Create a YAML file similar to the following:
 +
-[source,terminal]
+[source,yaml]
 ----
-$ oc create -f mydb.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: mydb
+spec:
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9377
 ----
+
+.. Create the pod:
 +
 [source,terminal]
 ----
-$ oc create -f myservice.yaml
+$ oc create -f mydb.yaml
 ----
 
-. View the status of the pod:
+.. View the status of the pod:
 +
 [source,terminal]
 ----
@@ -118,3 +137,5 @@ $ oc get pods
 NAME                          READY     STATUS              RESTARTS   AGE
 myapp-pod                     1/1       Running             0          2m
 ----
++
+The pod status indicated that it is no longer waiting for the services and is running.
diff --git a/modules/nodes-containers-port-forwarding-about.adoc b/modules/nodes-containers-port-forwarding-about.adoc
index 194e3f392a49..74c14e200f14 100644
--- a/modules/nodes-containers-port-forwarding-about.adoc
+++ b/modules/nodes-containers-port-forwarding-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-port-forwarding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-port-forwarding-about_{context}"]
 = Understanding port forwarding
 
@@ -29,10 +29,10 @@ the pod.
 `:5000` or `0:5000`:: The client selects a free local port and forwards to 5000
 in the pod.
 
-{product-title} handles port-forward requests from clients. Upon receiving a request, {product-title} upgrades the response and waits for the client 
+{product-title} handles port-forward requests from clients. Upon receiving a request, {product-title} upgrades the response and waits for the client
 to create port-forwarding streams. When {product-title} receives a new stream, it copies data between the stream and the pod's port.
 
-Architecturally, there are options for forwarding to a pod's port. The supported {product-title} implementation invokes `nsenter` directly on the node host 
-to enter the pod's network namespace, then invokes `socat` to copy data between the stream and the pod's port. However, a custom implementation could 
+Architecturally, there are options for forwarding to a pod's port. The supported {product-title} implementation invokes `nsenter` directly on the node host
+to enter the pod's network namespace, then invokes `socat` to copy data between the stream and the pod's port. However, a custom implementation could
 include running a _helper_ pod that then runs `nsenter` and `socat`, so that those binaries are not required to be installed on the host.
 
diff --git a/modules/nodes-containers-port-forwarding-using.adoc b/modules/nodes-containers-port-forwarding-using.adoc
index 44d831f1a559..05243ca710be 100644
--- a/modules/nodes-containers-port-forwarding-using.adoc
+++ b/modules/nodes-containers-port-forwarding-using.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-port-forwarding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-port-forwarding-using_{context}"]
 = Using port forwarding
 
diff --git a/modules/nodes-containers-projected-volumes-about.adoc b/modules/nodes-containers-projected-volumes-about.adoc
index 8a950d79a845..60b0f4b1e788 100644
--- a/modules/nodes-containers-projected-volumes-about.adoc
+++ b/modules/nodes-containers-projected-volumes-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-projected-volumes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-projected-volumes-about_{context}"]
 = Understanding projected volumes
 
diff --git a/modules/nodes-containers-projected-volumes-creating.adoc b/modules/nodes-containers-projected-volumes-creating.adoc
index 23495c719b40..57355e15f3f6 100644
--- a/modules/nodes-containers-projected-volumes-creating.adoc
+++ b/modules/nodes-containers-projected-volumes-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-projected-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-projected-volumes-creating_{context}"]
 = Configuring a Projected Volume for a Pod
 
@@ -10,53 +10,55 @@ When creating projected volumes, consider the volume file path situations descri
 
 The following example shows how to use a projected volume to mount an existing secret volume source. The steps can be used to create a user name and password secrets from local files. You then create a pod that runs one container, using a projected volume to mount the secrets into the same shared directory.
 
-.Procedure
-
-To use a projected volume to mount an existing secret volume source.
+The user name and password values can be any valid string that is *base64* encoded.
 
-. Create files containing the secrets, entering the following, replacing the password and user information as appropriate:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mysecret
-type: Opaque
-data:
-  pass: MWYyZDFlMmU2N2Rm
-  user: YWRtaW4=
-----
-+
-The `user` and `pass` values can be any valid string that is *base64* encoded.
-+
 The following example shows `admin` in base64:
-+
+
 [source,terminal]
 ----
 $ echo -n "admin" | base64
 ----
-+
+
 .Example output
 [source,terminal]
 ----
 YWRtaW4=
 ----
-+
-The following example shows the password `1f2d1e2e67df` in base64:.
-+
+
+The following example shows the password `1f2d1e2e67df` in base64:
+
 [source,terminal]
 ----
 $ echo -n "1f2d1e2e67df" | base64
 ----
-+
+
 .Example output
 [source,terminal]
 ----
 MWYyZDFlMmU2N2Rm
 ----
 
-. Use the following command to create the secrets:
+.Procedure
+
+To use a projected volume to mount an existing secret volume source.
+
+. Create the secret:
+
+.. Create a YAML file similar to the following, replacing the password and user information as appropriate:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysecret
+type: Opaque
+data:
+  pass: MWYyZDFlMmU2N2Rm
+  user: YWRtaW4=
+----
++
+.. Use the following command to create the secret:
 +
 [source,terminal]
 ----
@@ -76,7 +78,7 @@ $ oc create -f secret.yaml
 secret "mysecret" created
 ----
 
-. You can check that the secret was created using the following commands:
+.. You can check that the secret was created using the following commands:
 +
 [source,terminal]
 ----
@@ -126,11 +128,12 @@ metadata:
 type: Opaque
 ----
 
-. Create a pod configuration file similar to the following that includes a `volumes` section:
+. Create a pod with a projected volume.
+
+.. Create a YAML file similar to the following, including a `volumes` section:
 +
 [source,yaml]
 ----
-apiVersion: v1
 kind: Pod
 metadata:
   name: test-projected-volume
@@ -145,18 +148,21 @@ spec:
     - name: all-in-one
       mountPath: "/projected-volume"
       readOnly: true
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
   volumes:
   - name: all-in-one
     projected:
       sources:
-      - secret:      <1>
-          name: user
-      - secret:      <1>
-          name: pass
+      - secret:
+          name: mysecret <1>
 ----
 <1> The name of the secret you created.
 
-. Create the pod from the configuration file:
+.. Create the pod from the configuration file:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-remote-commands-about.adoc b/modules/nodes-containers-remote-commands-about.adoc
index 78b3c0edf252..8e50c2bea5b2 100644
--- a/modules/nodes-containers-remote-commands-about.adoc
+++ b/modules/nodes-containers-remote-commands-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-remote-commands.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-remote-commands-about_{context}"]
 = Executing remote commands in containers
 
@@ -14,7 +14,7 @@ To run a command in a container:
 
 [source,terminal]
 ----
-$ oc exec <pod> [-c <container>] <command> [<arg_1> ... <arg_n>]
+$ oc exec <pod> [-c <container>] -- <command> [<arg_1> ... <arg_n>]
 ----
 
 For example:
diff --git a/modules/nodes-containers-remote-commands-protocol.adoc b/modules/nodes-containers-remote-commands-protocol.adoc
index 8767ff06e1c1..cc253b65793b 100644
--- a/modules/nodes-containers-remote-commands-protocol.adoc
+++ b/modules/nodes-containers-remote-commands-protocol.adoc
@@ -8,7 +8,7 @@
 Clients initiate the execution of a remote command in a container by issuing a
 request to the Kubernetes API server:
 
-[source, terminal]
+[source,terminal]
 ----
 /proxy/nodes/<node_name>/exec/<namespace>/<pod>/<container>?command=<command>
 ----
@@ -23,7 +23,7 @@ In the above URL:
 
 For example:
 
-[source, terminal]
+[source,terminal]
 ----
 /proxy/nodes/node123.openshift.com/exec/myns/mypod/mycontainer?command=date
 ----
diff --git a/modules/nodes-containers-start-pod-safe-sysctls.adoc b/modules/nodes-containers-start-pod-safe-sysctls.adoc
index 998363d5c84a..e2487ba991c9 100644
--- a/modules/nodes-containers-start-pod-safe-sysctls.adoc
+++ b/modules/nodes-containers-start-pod-safe-sysctls.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-starting-pod-safe-sysctls_{context}"]
 = Starting a pod with safe sysctls
 
@@ -52,7 +52,7 @@ spec:
       capabilities: <4>
         drop: ["ALL"]
   securityContext:
-    runAsNonRoot: true <5> 
+    runAsNonRoot: true <5>
     seccompProfile: <6>
       type: RuntimeDefault
     sysctls:
@@ -68,8 +68,8 @@ spec:
 <1> `runAsUser` controls which user ID the container is run with.
 <2> `runAsGroup` controls which primary group ID the containers is run with.
 <3> `allowPrivilegeEscalation` determines if a pod can request to allow privilege escalation. If unspecified, it defaults to true. This boolean directly controls whether the `no_new_privs` flag gets set on the container process.
-<4> `capabilities` permit privileged actions without giving full root access. This policy ensures all capabilities are dropped from the pod. 
-<5> `runAsNonRoot: true` requires that the container will run with a user with any UID other than 0. 
+<4> `capabilities` permit privileged actions without giving full root access. This policy ensures all capabilities are dropped from the pod.
+<5> `runAsNonRoot: true` requires that the container will run with a user with any UID other than 0.
 <6> `RuntimeDefault` enables the default seccomp profile for a pod or container workload.
 
 . Create the pod by running the following command:
diff --git a/modules/nodes-containers-sysctls-about.adoc b/modules/nodes-containers-sysctls-about.adoc
index 0b61b954b1e8..f568706517cb 100644
--- a/modules/nodes-containers-sysctls-about.adoc
+++ b/modules/nodes-containers-sysctls-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-sysctls-about_{context}"]
 = About sysctls
 
diff --git a/modules/nodes-containers-sysctls-setting.adoc b/modules/nodes-containers-sysctls-setting.adoc
index a8865c964ccf..47fd03fd60ec 100644
--- a/modules/nodes-containers-sysctls-setting.adoc
+++ b/modules/nodes-containers-sysctls-setting.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-starting-pod-with-unsafe-sysctls_{context}"]
 = Starting a pod with unsafe sysctls
 
@@ -32,15 +32,15 @@ spec:
   - name: podexample
     image: centos
     command: ["bin/bash", "-c", "sleep INF"]
-    securityContext: 
-      runAsUser: 2000 
-      runAsGroup: 3000 
-      allowPrivilegeEscalation: false 
-      capabilities: 
+    securityContext:
+      runAsUser: 2000
+      runAsGroup: 3000
+      allowPrivilegeEscalation: false
+      capabilities:
         drop: ["ALL"]
   securityContext:
-    runAsNonRoot: true 
-    seccompProfile: 
+    runAsNonRoot: true
+    seccompProfile:
       type: RuntimeDefault
     sysctls:
     - name: kernel.shm_rmid_forced
@@ -59,7 +59,7 @@ $ oc apply -f sysctl-example-unsafe.yaml
 ----
 
 . Verify that the pod is scheduled but does not deploy because unsafe sysctls are not allowed for the node using the following command:
-+  
++
 [source,terminal]
 ----
 $ oc get pod
diff --git a/modules/nodes-containers-sysctls-unsafe.adoc b/modules/nodes-containers-sysctls-unsafe.adoc
index 89d48cc9fbdd..0dd62a4614a1 100644
--- a/modules/nodes-containers-sysctls-unsafe.adoc
+++ b/modules/nodes-containers-sysctls-unsafe.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-sysctls-unsafe_{context}"]
 = Enabling unsafe sysctls
 
diff --git a/modules/nodes-containers-volumes-about.adoc b/modules/nodes-containers-volumes-about.adoc
index 6100524a7e93..0b0b5c26341d 100644
--- a/modules/nodes-containers-volumes-about.adoc
+++ b/modules/nodes-containers-volumes-about.adoc
@@ -2,14 +2,14 @@
 //
 // * nodes/nodes-containers-volumes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-containers-volumes-about_{context}"]
-= Understanding volumes 
+= Understanding volumes
 
 Volumes are mounted file systems available to pods and their
 containers which may be backed by a number of host-local or network attached
 storage endpoints. Containers are not persistent by default; on restart, their contents are
-cleared. 
+cleared.
 
 To ensure that the file system on the volume contains no errors and, if errors
 are present, to repair them when possible, {product-title} invokes the `fsck`
diff --git a/modules/nodes-containers-volumes-adding.adoc b/modules/nodes-containers-volumes-adding.adoc
index 3242c0f37187..a3a1d8704a98 100644
--- a/modules/nodes-containers-volumes-adding.adoc
+++ b/modules/nodes-containers-volumes-adding.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-volumes-adding_{context}"]
 = Adding volumes to a pod
 
@@ -38,11 +38,11 @@ character.
 |`'*'`
 
 |`-m, --mount-path`
-|Mount path inside the selected containers. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system if the container is sufficiently privileged, such as the host `/dev/pts` files. It is safe to mount the host by using `/host`. 
+|Mount path inside the selected containers. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system if the container is sufficiently privileged, such as the host `/dev/pts` files. It is safe to mount the host by using `/host`.
 |
 
 |`--path`
-|Host path. Mandatory parameter for `--type=hostPath`. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system if the container is sufficiently privileged, such as the host `/dev/pts` files. It is safe to mount the host by using `/host`.  
+|Host path. Mandatory parameter for `--type=hostPath`. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system if the container is sufficiently privileged, such as the host `/dev/pts` files. It is safe to mount the host by using `/host`.
 |
 
 |`--secret-name`
diff --git a/modules/nodes-containers-volumes-listing.adoc b/modules/nodes-containers-volumes-listing.adoc
index 2e5625f797f1..595c62b9103e 100644
--- a/modules/nodes-containers-volumes-listing.adoc
+++ b/modules/nodes-containers-volumes-listing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-volumes-listing_{context}"]
 = Listing volumes and volume mounts in a pod
 
diff --git a/modules/nodes-containers-volumes-removing.adoc b/modules/nodes-containers-volumes-removing.adoc
index 3adf7683fb04..b1659b31fb09 100644
--- a/modules/nodes-containers-volumes-removing.adoc
+++ b/modules/nodes-containers-volumes-removing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-volumes-removing_{context}"]
 = Removing volumes and volume mounts from a pod
 
diff --git a/modules/nodes-containers-volumes-subpath.adoc b/modules/nodes-containers-volumes-subpath.adoc
index 9ed550fe71f8..2a63ccd16d3b 100644
--- a/modules/nodes-containers-volumes-subpath.adoc
+++ b/modules/nodes-containers-volumes-subpath.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-volumes-subpath_{context}"]
 = Configuring volumes for multiple uses in a pod
 
@@ -10,9 +10,14 @@ You can configure a volume to allows you to share one volume for
 multiple uses in a single pod using the `volumeMounts.subPath` property to specify a `subPath` value inside a volume
 instead of the volume's root.
 
+[NOTE]
+====
+You cannot add a `subPath` parameter to an existing scheduled pod.
+====
+
 .Procedure
 
-. View the list of files in the volume, run the `oc rsh` command:
+. To view the list of files in the volume, run the `oc rsh` command:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-containers-volumes-updating.adoc b/modules/nodes-containers-volumes-updating.adoc
index 5f082dcb0efc..7b91d1283005 100644
--- a/modules/nodes-containers-volumes-updating.adoc
+++ b/modules/nodes-containers-volumes-updating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-containers-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-containers-volumes-updating_{context}"]
 = Updating volumes and volume mounts in a pod
 
diff --git a/modules/nodes-control-plane-osp-migrating.adoc b/modules/nodes-control-plane-osp-migrating.adoc
index 0c75476b09dd..5def9138a5d0 100644
--- a/modules/nodes-control-plane-osp-migrating.adoc
+++ b/modules/nodes-control-plane-osp-migrating.adoc
@@ -2,11 +2,18 @@
 //
 // * nodes/nodes/nodes-nodes-working.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-control-plane-osp-migrating_{context}"]
-= Migrating control plane nodes from one RHOSP host to another
+= Migrating control plane nodes from one RHOSP host to another manually
 
-You can run a script that moves a control plane node from one {rh-openstack-first} node to another.
+If control plane machine sets are not enabled on your cluster, you can run a script that moves a control plane node from one {rh-openstack-first} node to another.
+
+[NOTE]
+====
+Control plane machine sets are not enabled on clusters that run on user-provisioned infrastructure.
+
+For information about control plane machine sets, see "Managing control plane machines with control plane machine sets".
+====
 
 .Prerequisites
 
diff --git a/modules/nodes-dashboard-using-about.adoc b/modules/nodes-dashboard-using-about.adoc
new file mode 100644
index 000000000000..d09be16240e8
--- /dev/null
+++ b/modules/nodes-dashboard-using-about.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-about_{context}"]
+= About the node metrics dashboard
+
+The node metrics dashboard enables administrative and support team members to monitor metrics related to pod scaling, including scaling limits used to diagnose and troubleshoot scaling issues. Particularly, you can use the visual analytics displayed through the dashboard to monitor workload distributions across nodes. Insights gained from these analytics help you determine the health of your CRI-O and Kubelet system components as well as identify potential sources of excessive or imbalanced resource consumption and system instability.
+
+The dashboard displays visual analytics widgets organized into the following categories:
+
+Critical:: Includes visualizations that can help you identify node issues that could result in system instability and inefficiency
+Outliers:: Includes histograms that visualize processes with runtime durations that fall outside of the 95th percentile
+Average durations:: Helps you track change in the time that system components take to process operations
+Number of operations:: Displays visualizations that help you identify changes in the number of operations being run, which in turn helps you determine the load balance and efficiency of your system
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-accessing.adoc b/modules/nodes-dashboard-using-accessing.adoc
new file mode 100644
index 000000000000..5f42142f7d70
--- /dev/null
+++ b/modules/nodes-dashboard-using-accessing.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-dashboard-using-accessing_{context}"]
+= Accessing the node metrics dashboard
+
+You can access the node metrics dashboard from the *Administrator* perspective.
+
+.Procedure
+
+. Expand the *Observe* menu option and select *Dashboards*.
+. Under the *Dashboard* filter, select *Node cluster*.
+
+[NOTE]
+====
+If no data appears in the visualizations under the *Critical* category, no critical anomalies were detected. The dashboard is working as intended.
+====
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-cpu-crio.adoc b/modules/nodes-dashboard-using-identify-critical-cpu-crio.adoc
new file mode 100644
index 000000000000..bd98c44abbb6
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-cpu-crio.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-cpu-crio"]
+= Nodes with CRI-O system reserved CPU utilization > 50%
+
+The *Nodes with CRI-O system reserved CPU utilization > 50%* query identifies nodes where the CRI-O system reserved CPU utilization has exceeded 50% in the last 5 minutes. The query monitors CPU resource consumption by CRI-O, your container runtime, on a per-node basis.
+
+.Example default query
+----
+sum by (node) (rate(container_cpu_usage_seconds_total{id="/system.slice/crio.service"}[5m]) * 100) / sum by (node) (kube_node_status_capacity{resource="cpu"} - kube_node_status_allocatable{resource="cpu"}) >= 50
+----
+
+This query allows for quick identification of abnormal start times that could negatively impact pod performance. If this query returns a high value, your pod start times are slower than usual, which suggests potential issues with the kubelet, pod configuration, or resources.
+
+Investigate further by checking your pod configurations and allocated resources. Make sure that they align with your system capabilities. If you still see high start times, explore metrics panels from other categories on the dashboard to determine the state of your system components.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-cpu-kubelet.adoc b/modules/nodes-dashboard-using-identify-critical-cpu-kubelet.adoc
new file mode 100644
index 000000000000..f4edb4fbdb1c
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-cpu-kubelet.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-cpu-kubelet_{context}"]
+= Nodes with Kubelet system reserved CPU utilization > 50%
+
+The *Nodes with Kubelet system reserved CPU utilization > 50%* query calculates the percentage of the CPU that the Kubelet system is currently using from system reserved.
+
+.Example default query
+----
+sum by (node) (rate(container_cpu_usage_seconds_total{id="/system.slice/kubelet.service"}[5m]) * 100) / sum by (node) (kube_node_status_capacity{resource="cpu"} - kube_node_status_allocatable{resource="cpu"}) >= 50
+----
+
+The Kubelet uses the system reserved CPU for its own operations and for running critical system services. For the node's health, it is important to ensure that system reserve CPU usage does not exceed the 50% threshold. Exceeding this limit could indicate heavy utilization or load on the Kubelet, which affects node stability and potentially the performance of the entire Kubernetes cluster.
+
+If any node is displayed in this metric, the Kubelet and the system overall are under heavy load. You can reduce overload on a particular node by balancing the load across other nodes in the cluster. Check other query metrics under the *Outliers*, *Average durations*, and *Number of operations* categories to gain further insights and take necessary corrective action.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-cpu.adoc b/modules/nodes-dashboard-using-identify-critical-cpu.adoc
new file mode 100644
index 000000000000..d5ebb476e0cb
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-cpu.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-cpu"]
+= Nodes with System Reserved CPU Utilization > 80%
+
+The *Nodes with system reserved CPU utilization > 80%* query identifies nodes where the system-reserved CPU utilization is more than 80%. The query focuses on the system-reserved capacity to calculate the rate of CPU usage in the last 5 minutes and compares that to the CPU resources available on the nodes. If the ratio exceeds 80%, the node's result is displayed in the metric.
+
+.Example default query
+----
+sum by (node) (rate(container_cpu_usage_seconds_total{id="/system.slice"}[5m]) * 100) / sum by (node) (kube_node_status_capacity{resource="cpu"} - kube_node_status_allocatable{resource="cpu"}) >= 80
+----
+
+This query indicates a critical level of system-reserved CPU usage, which can lead to resource exhaustion. High system-reserved CPU usage can result in the inability of the system processes (including the Kubelet and CRI-O) to adequately manage resources on the node. This query can indicate excessive system processes or misconfigured CPU allocation.
+
+Potential corrective measures include rebalancing workloads to other nodes or increasing the CPU resources allocated to the nodes. Investigate the cause of the high system CPU utilization and review the corresponding metrics in the *Outliers*, *Average durations*, and *Number of operations* categories for additional insights into the node's behavior.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-memory-crio.adoc b/modules/nodes-dashboard-using-identify-critical-memory-crio.adoc
new file mode 100644
index 000000000000..9e834254d94e
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-memory-crio.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-memory-crio_{context}"]
+= Nodes with CRI-O system reserved memory utilization > 50%
+
+The *Nodes with CRI-O system reserved memory utilization > 50%* query calculates all nodes where the percentage of used memory reserved for the CRI-O system is greater than or equal to 50%. In this case, memory usage is defined by the resident set size (RSS), which is the portion of the CRI-O system's memory held in RAM.
+
+.Example default query
+----
+sum by (node) (container_memory_rss{id="/system.slice/crio.service"}) / sum by (node) (kube_node_status_capacity{resource="memory"} - kube_node_status_allocatable{resource="memory"}) * 100 >= 50
+----
+
+This query helps you monitor the status of memory reserved for the CRI-O system on each node. High utilization could indicate a lack of available resources and potential performance issues. If the memory reserved for the CRI-O system exceeds the advised limit of 50%, it indicates that half of the system reserved memory is being used by CRI-O on a node.
+
+Check memory allocation and usage and assess whether memory resources need to be shifted or increased to prevent possible node instability. You can also examine the metrics under the *Outliers*, *Average durations*, and *Number of operations* categories to gain further insights.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-memory-kubelet.adoc b/modules/nodes-dashboard-using-identify-critical-memory-kubelet.adoc
new file mode 100644
index 000000000000..87726d3d17d6
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-memory-kubelet.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-memory-kubelet_{context}"]
+= Nodes with Kubelet system reserved memory utilization > 50%
+
+The *Nodes with Kubelet system reserved memory utilization > 50%* query indicates nodes where the Kubelet's system reserved memory utilization exceeds 50%. The query examines the memory that the Kubelet process itself is consuming on a node.
+
+.Example default query
+----
+sum by (node) (container_memory_rss{id="/system.slice/kubelet.service"}) / sum by (node) (kube_node_status_capacity{resource="memory"} - kube_node_status_allocatable{resource="memory"}) * 100 >= 50
+----
+
+This query helps you identify any possible memory pressure situations in your nodes that could affect the stability and efficiency of node operations. Kubelet memory utilization that consistently exceeds 50% of the system reserved memory, indicate that the system reserved settings are not configured properly and that there is a high risk of the node becoming unstable.
+
+If this metric is highlighted, review your configuration policy and consider adjusting the system reserved settings or the resource limits settings for the Kubelet. Additionally, if your Kubelet memory utilization consistently exceeds half of your total reserved system memory, examine metrics under the *Outliers*, *Average durations*, and *Number of operations* categories to gain further insights for more precise diagnostics.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-memory.adoc b/modules/nodes-dashboard-using-identify-critical-memory.adoc
new file mode 100644
index 000000000000..ad76a4f84c10
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-memory.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-memory_{context}"]
+= Nodes with system reserved memory utilization > 80%
+
+The *Nodes with system reserved memory utilization > 80%* query calculates the percentage of system reserved memory that is utilized for each node. The calculation divides the total resident set size (RSS) by the total memory capacity of the node subtracted from the allocatable memory. RSS is the portion of the system's memory occupied by a process that is held in main memory (RAM). Nodes are flagged if their resulting value equals or exceeds an 80% threshold.
+
+.Example default query
+----
+sum by (node) (container_memory_rss{id="/system.slice"}) / sum by (node) (kube_node_status_capacity{resource="memory"} - kube_node_status_allocatable{resource="memory"}) * 100 >= 80
+----
+
+System reserved memory is crucial for a Kubernetes node as it is utilized to run system daemons and Kubernetes system daemons. System reserved memory utilization that exceeds 80% indicates that the system and Kubernetes daemons are consuming too much memory and can suggest node instability that could affect the performance of running pods. Excessive memory consumption can cause Out-of-Memory (OOM) killers that can terminate critical system processes to free up memory.
+
+If a node is flagged by this metric, identify which system or Kubernetes processes are consuming excessive memory and take appropriate actions to mitigate the situation. These actions may include scaling back non-critical processes, optimizing program configurations to reduce memory usage, or upgrading node systems to hardware with greater memory capacity. You can also review the metrics under the *Outliers*, *Average durations*, and *Number of operations* categories to gain further insights into node performance.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-pulls.adoc b/modules/nodes-dashboard-using-identify-critical-pulls.adoc
new file mode 100644
index 000000000000..dc7894dc2783
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-pulls.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-pulls_{context}"]
+= Failure rate for image pulls in the last hour
+
+The *Failure rate for image pulls in the last hour* query divides the total number of failed image pulls by the sum of successful and failed image pulls to provide a ratio of failures.
+
+.Example default query
+----
+rate(container_runtime_crio_image_pulls_failure_total[1h]) / (rate(container_runtime_crio_image_pulls_success_total[1h]) + rate(container_runtime_crio_image_pulls_failure_total[1h]))
+----
+
+Understanding the failure rate of image pulls is crucial for maintaining the health of the node. A high failure rate might indicate networking issues, storage problems, misconfigurations, or other issues that could disrupt pod density and the deployment of new containers.
+
+If the outcome of this query is high, investigate possible causes such as network connections, the availability of remote repositories, node storage, and the accuracy of image references. You can also review the metrics under the *Outliers*, *Average durations*, and *Number of operations* categories to gain further insights.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify-critical-top3.adoc b/modules/nodes-dashboard-using-identify-critical-top3.adoc
new file mode 100644
index 000000000000..f363bcddd07f
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify-critical-top3.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify-critical-top3_{context}"]
+= Top 3 containers with the most OOM kills in the last day
+
+The *Top 3 containers with the most OOM kills in the last day* query fetches details regarding the top three containers that have experienced the most Out-Of-Memory (OOM) kills in the previous day.
+
+.Example default query
+----
+topk(3, sum(increase(container_runtime_crio_containers_oom_count_total[1d])) by (name))
+----
+
+OOM kills force the system to terminate some processes due to low memory. Frequent OOM kills can hinder the functionality of the node and even the entire Kubernetes ecosystem. Containers experiencing frequent OOM kills might be consuming more memory than they should, which causes system instability.
+
+Use this metric to identify containers that are experiencing frequent OOM kills and investigate why these containers are consuming an excessive amount of memory. Adjust the resource allocation if necessary and consider resizing the containers based on their memory usage. You can also review the metrics under the *Outliers*, *Average durations*, and *Number of operations* categories to gain further insights into the health and stability of your nodes.
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-identify.adoc b/modules/nodes-dashboard-using-identify.adoc
new file mode 100644
index 000000000000..9b45380cc874
--- /dev/null
+++ b/modules/nodes-dashboard-using-identify.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-dashboard-using-identify_{context}"]
+= Identify metrics for indicating optimal node resource usage
+
+The node metrics dashboard is organized into four categories: *Critical*, *Outliers*, *Average durations*, and *Number of Operations*. The metrics in the *Critical* category help you indicate optimal node resource usage. These metrics include:
+
+* Top 3 containers with the most OOM kills in the last day
+* Failure rate for image pulls in the last hour
+* Nodes with system reserved memory utilization > 80%
+* Nodes with Kubelet system reserved memory utilization > 50%
+* Nodes with CRI-O system reserved memory utilization > 50%
+* Nodes with system reserved CPU utilization > 80%
+* Nodes with Kubelet system reserved CPU utilization > 50%
+* Nodes with CRI-O system reserved CPU utilization > 50%
\ No newline at end of file
diff --git a/modules/nodes-dashboard-using-queries.adoc b/modules/nodes-dashboard-using-queries.adoc
new file mode 100644
index 000000000000..dcb7eca87478
--- /dev/null
+++ b/modules/nodes-dashboard-using-queries.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-dashboard-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-dashboard-using-queries_{context}"]
+= Customizing dashboard queries
+
+You can customize the default queries used to build the node metrics dashboard.
+
+.Procedure
+
+. Choose a metric and click *Inspect* to navigate into the data. This page displays the metric in detail, including an expanded visualization of the results of the query, the Prometheus query used to analyze the data, and the data subset used in the query.
+. Make any required changes to the query parameters.
+. Optional: Click *Add query* to run additional queries against the data.
+. Click *Run query* to rerun the query using your specified parameters.
\ No newline at end of file
diff --git a/modules/nodes-descheduler-about.adoc b/modules/nodes-descheduler-about.adoc
index 0af8c240f1e0..a34a139cf19f 100644
--- a/modules/nodes-descheduler-about.adoc
+++ b/modules/nodes-descheduler-about.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * nodes/scheduling/nodes-descheduler.adoc
+// * nodes/scheduling/descheduler/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-descheduler-about_{context}"]
 = About the descheduler
 
diff --git a/modules/nodes-descheduler-configuring-interval.adoc b/modules/nodes-descheduler-configuring-interval.adoc
index 49de51dd4c78..5a11902f4ae2 100644
--- a/modules/nodes-descheduler-configuring-interval.adoc
+++ b/modules/nodes-descheduler-configuring-interval.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * nodes/scheduling/nodes-descheduler.adoc
+// * nodes/scheduling/descheduler/nodes-descheduler-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-descheduler-configuring-interval_{context}"]
 = Configuring the descheduler interval
 
@@ -10,7 +10,12 @@ You can configure the amount of time between descheduler runs. The default is 36
 
 .Prerequisites
 
-* Cluster administrator privileges
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
diff --git a/modules/nodes-descheduler-configuring-profiles.adoc b/modules/nodes-descheduler-configuring-profiles.adoc
index c3364dae5a2b..15eafdcc89f2 100644
--- a/modules/nodes-descheduler-configuring-profiles.adoc
+++ b/modules/nodes-descheduler-configuring-profiles.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * nodes/scheduling/nodes-descheduler.adoc
+// * nodes/scheduling/descheduler/nodes-descheduler-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-descheduler-configuring-profiles_{context}"]
 = Configuring descheduler profiles
 
@@ -10,7 +10,12 @@ You can configure which profiles the descheduler uses to evict pods.
 
 .Prerequisites
 
-* Cluster administrator privileges
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
diff --git a/modules/nodes-descheduler-installing.adoc b/modules/nodes-descheduler-installing.adoc
index f9af8364aa64..b8ba56c96ca1 100644
--- a/modules/nodes-descheduler-installing.adoc
+++ b/modules/nodes-descheduler-installing.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * nodes/scheduling/nodes-descheduler.adoc
+// * nodes/scheduling/descheduler/nodes-descheduler-configuring.adoc
 
-ifeval::["{context}" == "nodes-descheduler"]
+ifeval::["{context}" == "nodes-descheduler-about"]
 :nodes:
 endif::[]
 
@@ -10,11 +10,11 @@ ifeval::["{context}" == "virt-enabling-descheduler-evictions"]
 :virt:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-descheduler-installing_{context}"]
 = Installing the descheduler
 
-The descheduler is not available by default. To enable the descheduler, you must install the Kube Descheduler Operator from OperatorHub and enable one or more descheduler profiles.
+The descheduler is not available by default. To enable the descheduler, you must install the {descheduler-operator} from OperatorHub and enable one or more descheduler profiles.
 
 By default, the descheduler runs in predictive mode, which means that it only simulates pod evictions. You must change the mode to automatic for the descheduler to perform the pod evictions.
 
@@ -25,7 +25,12 @@ If you have enabled hosted control planes in your cluster, set a custom priority
 
 .Prerequisites
 
-* Cluster administrator privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Access to the {product-title} web console.
 ifdef::openshift-origin[]
 * Ensure that you have downloaded the {cluster-manager-url-pull} as shown in _Obtaining the installation program_ in the installation documentation for your platform.
@@ -36,18 +41,18 @@ endif::[]
 .Procedure
 
 . Log in to the {product-title} web console.
-. Create the required namespace for the Kube Descheduler Operator.
+. Create the required namespace for the {descheduler-operator}.
 .. Navigate to *Administration* -> *Namespaces* and click *Create Namespace*.
 .. Enter `openshift-kube-descheduler-operator` in the *Name* field, enter `openshift.io/cluster-monitoring=true` in the *Labels* field to enable descheduler metrics, and click *Create*.
-. Install the Kube Descheduler Operator.
+. Install the {descheduler-operator}.
 .. Navigate to *Operators* -> *OperatorHub*.
-.. Type *Kube Descheduler Operator* into the filter box.
-.. Select the *Kube Descheduler Operator* and click *Install*.
+.. Type *{descheduler-operator}* into the filter box.
+.. Select the *{descheduler-operator}* and click *Install*.
 .. On the *Install Operator* page, select *A specific namespace on the cluster*. Select *openshift-kube-descheduler-operator* from the drop-down menu.
 .. Adjust the values for the *Update Channel* and *Approval Strategy* to the desired values.
 .. Click *Install*.
 . Create a descheduler instance.
-.. From the *Operators* -> *Installed Operators* page, click the *Kube Descheduler Operator*.
+.. From the *Operators* -> *Installed Operators* page, click the *{descheduler-operator}*.
 .. Select the *Kube Descheduler* tab and click *Create KubeDescheduler*.
 .. Edit the settings as necessary.
 ... To evict pods instead of simulating the evictions, change the *Mode* field to *Automatic*.
@@ -100,7 +105,7 @@ This setting is experimental and should not be used in a production environment.
 You can also configure the profiles and settings for the descheduler later using the OpenShift CLI (`oc`). If you did not adjust the profiles when creating the descheduler instance from the web console, the `AffinityAndTaints` profile is enabled by default.
 endif::nodes[]
 
-ifeval::["{context}" == "nodes-descheduler"]
+ifeval::["{context}" == "nodes-descheduler-about"]
 :!nodes:
 endif::[]
 
diff --git a/modules/nodes-descheduler-profiles.adoc b/modules/nodes-descheduler-profiles.adoc
index 4ed2771d7d58..1bc86cb1736f 100644
--- a/modules/nodes-descheduler-profiles.adoc
+++ b/modules/nodes-descheduler-profiles.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * nodes/scheduling/nodes-descheduler.adoc
+// * nodes/scheduling/descheduler/index.adoc
 
-ifeval::["{context}" == "nodes-descheduler"]
+ifeval::["{context}" == "nodes-descheduler-about"]
 :nodes:
 endif::[]
 
@@ -10,7 +10,7 @@ ifeval::["{context}" == "virt-enabling-descheduler-evictions"]
 :virt:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nodes-descheduler-profiles_{context}"]
 = Descheduler profiles
 ifdef::nodes[]
@@ -73,7 +73,7 @@ Use the Technology Preview `DevPreviewLongLifecycle` profile to enable the desch
 ** A node is considered overutilized if its usage is above 50% for any of the thresholds (CPU, memory, and number of pods).
 endif::virt[]
 
-ifeval::["{context}" == "nodes-descheduler"]
+ifeval::["{context}" == "nodes-descheduler-about"]
 :!nodes:
 endif::[]
 
diff --git a/modules/nodes-descheduler-uninstalling.adoc b/modules/nodes-descheduler-uninstalling.adoc
index b36a732aac77..64ccb0344748 100644
--- a/modules/nodes-descheduler-uninstalling.adoc
+++ b/modules/nodes-descheduler-uninstalling.adoc
@@ -1,29 +1,34 @@
 // Module included in the following assemblies:
 //
-// * nodes/scheduling/nodes-descheduler.adoc
+// * nodes/scheduling/descheduler/nodes-descheduler-uninstalling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-descheduler-uninstalling_{context}"]
 = Uninstalling the descheduler
 
-You can remove the descheduler from your cluster by removing the descheduler instance and uninstalling the Kube Descheduler Operator. This procedure also cleans up the `KubeDescheduler` CRD and `openshift-kube-descheduler-operator` namespace.
+You can remove the descheduler from your cluster by removing the descheduler instance and uninstalling the {descheduler-operator}. This procedure also cleans up the `KubeDescheduler` CRD and `openshift-kube-descheduler-operator` namespace.
 
 .Prerequisites
 
-* Cluster administrator privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Access to the {product-title} web console.
 
 .Procedure
 
 . Log in to the {product-title} web console.
 . Delete the descheduler instance.
-.. From the *Operators* -> *Installed Operators* page, click *Kube Descheduler Operator*.
+.. From the *Operators* -> *Installed Operators* page, click *{descheduler-operator}*.
 .. Select the *Kube Descheduler* tab.
 .. Click the Options menu {kebab} next to the *cluster* entry and select *Delete KubeDescheduler*.
 .. In the confirmation dialog, click *Delete*.
-. Uninstall the Kube Descheduler Operator.
+. Uninstall the {descheduler-operator}.
 .. Navigate to *Operators* -> *Installed Operators*.
-.. Click the Options menu {kebab} next to the *Kube Descheduler Operator* entry and select *Uninstall Operator*.
+.. Click the Options menu {kebab} next to the *{descheduler-operator}* entry and select *Uninstall Operator*.
 .. In the confirmation dialog, click *Uninstall*.
 . Delete the `openshift-kube-descheduler-operator` namespace.
 .. Navigate to *Administration* -> *Namespaces*.
diff --git a/modules/nodes-edge-remote-workers-strategies.adoc b/modules/nodes-edge-remote-workers-strategies.adoc
index 21b7f79513a3..979bcd4acad6 100644
--- a/modules/nodes-edge-remote-workers-strategies.adoc
+++ b/modules/nodes-edge-remote-workers-strategies.adoc
@@ -112,15 +112,13 @@ spec:
 <2> Specify the frequency that the kubelet checks the status of a node associated with this `MachineConfig` object. The default value is `10s`. If you change this default, the `node-status-report-frequency` value is changed to the same value.
 <3> Specify the frequency that the kubelet reports the status of a node associated with this `MachineConfig` object. The default value is `1m`.
 
-The `node-status-update-frequency` parameter works with the `node-monitor-grace-period` and `pod-eviction-timeout` parameters.
+The `node-status-update-frequency` parameter works with the `node-monitor-grace-period` parameter.
 
 * The `node-monitor-grace-period` parameter specifies how long {product-title} waits after a node associated with a `MachineConfig` object is marked `Unhealthy` if the controller manager does not receive the node heartbeat. Workloads on the node continue to run after this time. If the remote worker node rejoins the cluster after `node-monitor-grace-period` expires, pods continue to run. New pods can be scheduled to that node. The `node-monitor-grace-period` interval is `40s`. The `node-status-update-frequency` value must be lower than the `node-monitor-grace-period` value.
 
-* The `pod-eviction-timeout` parameter specifies the amount of time {product-title} waits after marking a node that is associated with a `MachineConfig` object as `Unreachable` to start marking pods for eviction. Evicted pods are rescheduled on other nodes. If the remote worker node rejoins the cluster after `pod-eviction-timeout` expires, the pods running on the remote worker node are terminated because the node controller has evicted the pods on-premise. Pods can then be rescheduled to that node. The `pod-eviction-timeout` interval is `5m0s`.
-
 [NOTE]
 ====
-Modifying the `node-monitor-grace-period` and `pod-eviction-timeout` parameters is not supported.
+Modifying the `node-monitor-grace-period` parameter is not supported.
 ====
 
 --
@@ -133,7 +131,12 @@ A taint with the `NoExecute` effect affects pods that are running on the node in
 
 * Pods that do not tolerate the taint are queued for eviction.
 * Pods that tolerate the taint without specifying a `tolerationSeconds` value in their toleration specification remain bound forever.
-* Pods that tolerate the taint with a specified `tolerationSeconds` value remain bound for the specified amount of time.  After the time elapses, the pods are queued for eviction.
+* Pods that tolerate the taint with a specified `tolerationSeconds` value remain bound for the specified amount of time. After the time elapses, the pods are queued for eviction.
+
+[NOTE]
+====
+Unless tolerations are explicitly set, Kubernetes automatically adds a toleration for `node.kubernetes.io/not-ready` and `node.kubernetes.io/unreachable` with `tolerationSeconds=300`, meaning that pods remain bound for 5 minutes if either of these taints is detected. 
+====
 
 You can delay or avoid pod eviction by configuring pods tolerations with the `NoExecute` effect for the `node.kubernetes.io/unreachable` and `node.kubernetes.io/not-ready` taints.
 
@@ -148,14 +151,14 @@ tolerations:
 - key: "node.kubernetes.io/not-ready"
   operator: "Exists"
   effect: "NoExecute" <2>
-  tolerationSeconds: 600
+  tolerationSeconds: 600 <3>
 ...
 ----
 <1> The `NoExecute` effect without `tolerationSeconds` lets pods remain forever if the control plane cannot reach the node.
 <2> The `NoExecute` effect with `tolerationSeconds`: 600 lets pods remain for 10 minutes if the control plane marks the node as `Unhealthy`.
+<3> You can specify your own `tolerationSeconds` value.
 
-{product-title} uses the `tolerationSeconds` value after the `pod-eviction-timeout` value elapses.
-
+[id="nodes-edge-remote-workers-strategies-objects_{context}"]
 Other types of {product-title} objects::
 You can use replica sets, deployments, and replication controllers. The scheduler can reschedule these pods onto other nodes after the node is disconnected for five minutes. Rescheduling onto other nodes can be beneficial for some workloads, such as REST APIs, where an administrator can guarantee a specific number of pods are running and accessible.
 
diff --git a/modules/nodes-namespaced-nodelevel-sysctls.adoc b/modules/nodes-namespaced-nodelevel-sysctls.adoc
index 7806fb8dffba..9798037e2d02 100644
--- a/modules/nodes-namespaced-nodelevel-sysctls.adoc
+++ b/modules/nodes-namespaced-nodelevel-sysctls.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="namespaced-and-node-level-sysctls"]
 = Namespaced and node-level sysctls
diff --git a/modules/nodes-nodes-audit-config-about.adoc b/modules/nodes-nodes-audit-config-about.adoc
index 4fc2c3a453bd..135af14a6bd3 100644
--- a/modules/nodes-nodes-audit-config-about.adoc
+++ b/modules/nodes-nodes-audit-config-about.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-policy-config.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-audit-log-profiles_{context}"]
 = About audit log policy profiles
 
@@ -19,13 +19,13 @@ Audit log profiles define how to log requests that come to the OpenShift API ser
 |Logs only metadata for read and write requests; does not log request bodies except for OAuth access token requests. This is the default policy.
 
 |`WriteRequestBodies`
-|In addition to logging metadata for all requests, logs request bodies for every write request to the API servers (`create`, `update`, `patch`). This profile has more resource overhead than the `Default` profile. ^[1]^
+|In addition to logging metadata for all requests, logs request bodies for every write request to the API servers (`create`, `update`, `patch`, `delete`, `deletecollection`). This profile has more resource overhead than the `Default` profile. ^[1]^
 
 |`AllRequestBodies`
 |In addition to logging metadata for all requests, logs request bodies for  every read and write request to the API servers (`get`, `list`, `create`, `update`, `patch`). This profile has the most resource overhead. ^[1]^
 
 |`None`
-|No requests are logged; even OAuth access token requests and OAuth authorize token requests are not logged.
+|No requests are logged; even OAuth access token requests and OAuth authorize token requests are not logged. Custom rules are ignored when this profile is set.
 
 [WARNING]
 ====
diff --git a/modules/nodes-nodes-audit-log-basic-viewing.adoc b/modules/nodes-nodes-audit-log-basic-viewing.adoc
index 8d62dbf17fd0..d58d3b46a997 100644
--- a/modules/nodes-nodes-audit-log-basic-viewing.adoc
+++ b/modules/nodes-nodes-audit-log-basic-viewing.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-view.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-audit-log-basic-viewing_{context}"]
 = Viewing the audit logs
 
diff --git a/modules/nodes-nodes-audit-log-basic.adoc b/modules/nodes-nodes-audit-log-basic.adoc
index fb011fcfa2b7..9a36ba54a8d9 100644
--- a/modules/nodes-nodes-audit-log-basic.adoc
+++ b/modules/nodes-nodes-audit-log-basic.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-view.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-audit-log-basic_{context}"]
 = About the API audit log
 
diff --git a/modules/nodes-nodes-audit-policy-custom.adoc b/modules/nodes-nodes-audit-policy-custom.adoc
index 22068f1a196d..e7c6bd52f8fb 100644
--- a/modules/nodes-nodes-audit-policy-custom.adoc
+++ b/modules/nodes-nodes-audit-policy-custom.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-audit-policy-custom_{context}"]
 = Configuring the audit log policy with custom rules
 
@@ -10,6 +10,11 @@ You can configure an audit log policy that defines custom rules. You can specify
 
 These custom rules take precedence over the top-level profile field. The custom rules are evaluated from top to bottom, and the first that matches is applied.
 
+[IMPORTANT]
+====
+Custom rules are ignored if the top-level profile field is set to `None`.
+====
+
 .Prerequisites
 
 * You have access to the cluster as a user with the `cluster-admin` role.
@@ -41,11 +46,11 @@ spec:
     profile: Default                    <2>
 ----
 <1> Add one or more groups and specify the profile to use for that group. These custom rules take precedence over the top-level profile field. The custom rules are evaluated from top to bottom, and the first that matches is applied.
-<2> Set to `Default`, `WriteRequestBodies`, `AllRequestBodies`, or `None`. If you do not set this top-level `audit.profile` field, it defaults to the `Default` profile.
+<2> Set to `Default`, `WriteRequestBodies`, or `AllRequestBodies`. If you do not set this top-level profile field, it defaults to the `Default` profile.
 +
 [WARNING]
 ====
-It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.
+Do not set the top-level profile field to `None` if you want to use custom rules. Custom rules are ignored if the top-level profile field is set to `None`.
 ====
 
 . Save the file to apply the changes.
diff --git a/modules/nodes-nodes-audit-policy-disable.adoc b/modules/nodes-nodes-audit-policy-disable.adoc
index 08720210ab3f..444ea0f9da44 100644
--- a/modules/nodes-nodes-audit-policy-disable.adoc
+++ b/modules/nodes-nodes-audit-policy-disable.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-audit-policy-disable_{context}"]
 = Disabling audit logging
 
diff --git a/modules/nodes-nodes-audit-policy.adoc b/modules/nodes-nodes-audit-policy.adoc
index f638a6b27ad3..53222121e23f 100644
--- a/modules/nodes-nodes-audit-policy.adoc
+++ b/modules/nodes-nodes-audit-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-audit-policy_{context}"]
 = Configuring the audit log policy
 
diff --git a/modules/nodes-nodes-cluster-timeout-graceful-shutdown.adoc b/modules/nodes-nodes-cluster-timeout-graceful-shutdown.adoc
index 57a1c19dd214..ebec6c914703 100644
--- a/modules/nodes-nodes-cluster-timeout-graceful-shutdown.adoc
+++ b/modules/nodes-nodes-cluster-timeout-graceful-shutdown.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assembly:
 // * nodes/nodes-nodes-graceful-shutdown
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-cluster-timeout-graceful-shutdown_{context}"]
 = About graceful node shutdown
 
-During a graceful node shutdown, the kubelet sends a termination signal to pods running on the node and postpones the node shutdown until all the pods evicted. If a node unexpectedly shuts down, the graceful node shutdown feature minimizes interruption to workloads running on these pods. 
+During a graceful node shutdown, the kubelet sends a termination signal to pods running on the node and postpones the node shutdown until all the pods evicted. If a node unexpectedly shuts down, the graceful node shutdown feature minimizes interruption to workloads running on these pods.
 
 During a graceful node shutdown, the kubelet stops pods in two phases:
 
@@ -17,9 +17,9 @@ You can define shutdown grace periods for regular and critical pods by configuri
 * `shutdownGracePeriod`: Specifies the total duration for pod termination for regular and critical pods.
 * `shutdownGracePeriodCriticalPods`: Specifies the duration for critical pod termination. This value must be less than the `shutdownGracePeriod` value.
 
-For example, if the `shutdownGracePeriod` value is `30s`, and the `shutdownGracePeriodCriticalPods` value is `10s`, the kubelet delays the node shutdown by 30 seconds. During the shutdown, the first 20 (30-10) seconds are reserved for gracefully shutting down regular pods, and the last 10 seconds are reserved for gracefully shutting down critical pods. 
+For example, if the `shutdownGracePeriod` value is `30s`, and the `shutdownGracePeriodCriticalPods` value is `10s`, the kubelet delays the node shutdown by 30 seconds. During the shutdown, the first 20 (30-10) seconds are reserved for gracefully shutting down regular pods, and the last 10 seconds are reserved for gracefully shutting down critical pods.
 
-To define a critical pod, assign a pod priority value greater than or equal to `2000000000`. To define a regular pod, assign a pod priority value of less than `2000000000`. 
+To define a critical pod, assign a pod priority value greater than or equal to `2000000000`. To define a regular pod, assign a pod priority value of less than `2000000000`.
 
-For more information about how to define a priority value for pods, see the _Additional resources_ section. 
+For more information about how to define a priority value for pods, see the _Additional resources_ section.
 
diff --git a/modules/nodes-nodes-configuring-graceful-shutdown.adoc b/modules/nodes-nodes-configuring-graceful-shutdown.adoc
index bbedc21481f3..1a600003e398 100644
--- a/modules/nodes-nodes-configuring-graceful-shutdown.adoc
+++ b/modules/nodes-nodes-configuring-graceful-shutdown.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assembly:
 // * nodes/nodes-nodes-graceful-shutdown
 
-:_content-type: PROCEDURE
-[id="nodes-nodes-activating-graceful-shutdown_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-nodes-configuring-graceful-shutdown_{context}"]
 = Configuring graceful node shutdown
 
 To configure graceful node shutdown, create a `KubeletConfig` custom resource (CR) to specify a shutdown grace period for pods on a set of nodes. The graceful node shutdown feature minimizes interruption to workloads that run on these pods.
@@ -14,7 +14,12 @@ If you do not configure graceful node shutdown, the default grace period is `0`
 
 .Prerequisites
 
-* You have access to the cluster with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have defined priority classes for pods that require critical or regular classification.
 
 .Procedure
@@ -35,6 +40,7 @@ spec:
   kubeletConfig:
     shutdownGracePeriod: "3m" <2>
     shutdownGracePeriodCriticalPods: "2m" <3>
+#...
 ----
 <1> This example applies shutdown grace periods to nodes with the `worker` role.
 <2> Define a time period for regular pods to shut down.
@@ -109,7 +115,7 @@ $ cat /etc/kubernetes/kubelet.conf
 .Example output
 [source,terminal]
 ----
-...
+#...
 “memorySwap”: {},
  “containerLogMaxSize”: “50Mi”,
  “logging”: {
@@ -124,6 +130,7 @@ $ cat /etc/kubernetes/kubelet.conf
  “shutdownGracePeriod”: “10m0s”, <1>
  “shutdownGracePeriodCriticalPods”: “3m0s”
 }
+#...
 ----
 +
 <1> Ensure that the log messages for `shutdownGracePeriodRequested` and `shutdownGracePeriodCriticalPods` match the values set in the `KubeletConfig` CR.
diff --git a/modules/nodes-nodes-garbage-collection-configuring.adoc b/modules/nodes-nodes-garbage-collection-configuring.adoc
index 7c1f863c8c29..cbafb7fb5759 100644
--- a/modules/nodes-nodes-garbage-collection-configuring.adoc
+++ b/modules/nodes-nodes-garbage-collection-configuring.adoc
@@ -4,7 +4,7 @@
 // * nodes/nodes-nodes-garbage-collection.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-garbage-collection-configuring_{context}"]
 = Configuring garbage collection for containers and images
 
@@ -21,7 +21,7 @@ You can configure any combination of the following:
 * Hard eviction for containers
 * Eviction for images
 
-Container garbage collection removes terminated containers. Image garbage collection removes images that are not referenced by any running pods. 
+Container garbage collection removes terminated containers. Image garbage collection removes images that are not referenced by any running pods.
 
 .Prerequisites
 
@@ -50,6 +50,7 @@ metadata:
   labels:
     pools.operator.machineconfiguration.openshift.io/worker: "" <1>
   name: worker
+#...
 ----
 <1> The label appears under Labels.
 +
@@ -105,6 +106,7 @@ spec:
     imageMinimumGCAge: 5m <8>
     imageGCHighThresholdPercent: 80 <9>
     imageGCLowThresholdPercent: 75 <10>
+#...
 ----
 <1> Name for the object.
 <2> Specify the label from the machine config pool.
diff --git a/modules/nodes-nodes-garbage-collection-containers.adoc b/modules/nodes-nodes-garbage-collection-containers.adoc
index 197c41f49ab0..57eb24fa1160 100644
--- a/modules/nodes-nodes-garbage-collection-containers.adoc
+++ b/modules/nodes-nodes-garbage-collection-containers.adoc
@@ -4,7 +4,7 @@
 // * post_installation_configuration/node-tasks.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-garbage-collection-containers_{context}"]
 = Understanding how terminated containers are removed through garbage collection
 
@@ -22,11 +22,11 @@ The following table lists the eviction thresholds:
 |===
 | Node condition | Eviction signal | Description
 
-| MemoryPressure 
-| `memory.available` 
+| MemoryPressure
+| `memory.available`
 | The available memory on the node.
 
-| DiskPressure 
+| DiskPressure
 a| * `nodefs.available`
   * `nodefs.inodesFree`
   * `imagefs.available`
diff --git a/modules/nodes-nodes-garbage-collection-images.adoc b/modules/nodes-nodes-garbage-collection-images.adoc
index e10b1be67d93..b526de2a2fe6 100644
--- a/modules/nodes-nodes-garbage-collection-images.adoc
+++ b/modules/nodes-nodes-garbage-collection-images.adoc
@@ -3,13 +3,13 @@
 // * nodes/nodes-nodes-garbage-collection.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-garbage-collection-images_{context}"]
 = Understanding how images are removed through garbage collection
 
 Image garbage collection removes images that are not referenced by any running pods.
 
-{produt-title} determines which images to remove from a node based on the disk usage that is reported by *cAdvisor*.
+{product-title} determines which images to remove from a node based on the disk usage that is reported by *cAdvisor*.
 
 The policy for image garbage collection is based on two conditions:
 
diff --git a/modules/nodes-nodes-jobs-about.adoc b/modules/nodes-nodes-jobs-about.adoc
index bfee9acd2a29..fc879db5cffa 100644
--- a/modules/nodes-nodes-jobs-about.adoc
+++ b/modules/nodes-nodes-jobs-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-jobs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-jobs-about_{context}"]
 = Understanding jobs and cron jobs
 
@@ -15,17 +15,17 @@ There are two possible resource types that allow creating run-once objects in {p
 
 Job::
 A regular job is a run-once object that creates a task and ensures the job finishes.
-
++
 There are three main types of task suitable to run as a job:
-
++
 * Non-parallel jobs:
 ** A job that starts only one pod, unless the pod fails.
 ** The job is complete as soon as its pod terminates successfully.
-
++
 * Parallel jobs with a fixed completion count:
 ** a job that starts multiple pods.
 ** The job represents the overall task and is complete when there is one successful pod for each value in the range `1` to the `completions` value.
-
++
 * Parallel jobs with a work queue:
 ** A job with multiple parallel worker processes in a given pod.
 ** {product-title} coordinates pods to determine what each should work on or use an external queue service.
@@ -33,21 +33,21 @@ There are three main types of task suitable to run as a job:
 ** When any pod from the job terminates with success, no new pods are created.
 ** When at least one pod has terminated with success and all pods are terminated, the job is successfully completed.
 ** When any pod has exited with success, no other pod should be doing any work for this task or writing any output. Pods should all be in the process of exiting.
-
++
 For more information about how to make use of the different types of job, see link:https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#job-patterns[Job Patterns] in the Kubernetes documentation.
 
 Cron job::
 
 A job can be scheduled to run multiple times, using a cron job.
-
++
 A _cron job_ builds on a regular job by allowing you to specify
 how the job should be run. Cron jobs are part of the
 link:http://kubernetes.io/docs/user-guide/cron-jobs[Kubernetes] API, which
 can be managed with `oc` commands like other object types.
-
++
 Cron jobs are useful for creating periodic and recurring tasks, like running backups or sending emails.
 Cron jobs can also schedule individual tasks for a specific time, such as if you want to schedule a job for a low activity period. A cron job creates a `Job` object based on the timezone configured on the control plane node that runs the cronjob controller.
-
++
 [WARNING]
 ====
 A cron job creates a `Job` object approximately once per execution time of its
@@ -100,6 +100,7 @@ to configure history limits so that old jobs and their pods are properly cleaned
 
 * `.spec.failedJobsHistoryLimit`. The number of failed finished jobs to retain (defaults to 1).
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [TIP]
 ====
 * Delete cron jobs that you no longer need:
@@ -113,6 +114,7 @@ Doing this prevents them from generating unnecessary artifacts.
 
 * You can suspend further executions by setting the `spec.suspend` to true.  All subsequent executions are suspended until you reset to `false`.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="jobs-limits_{context}"]
 == Known limitations
diff --git a/modules/nodes-nodes-jobs-creating-cron.adoc b/modules/nodes-nodes-jobs-creating-cron.adoc
index 91b4f2e7f7cf..f5f0fdb0b57e 100644
--- a/modules/nodes-nodes-jobs-creating-cron.adoc
+++ b/modules/nodes-nodes-jobs-creating-cron.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-jobs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-jobs-creating-cron_{context}"]
 = Creating cron jobs
 
@@ -14,6 +14,7 @@ To create a cron job:
 
 . Create a YAML file similar to the following:
 +
+ifndef::openshift-rosa,openshift-dedicated[]
 [source,yaml]
 ----
 apiVersion: batch/v1
@@ -40,10 +41,11 @@ spec:
             image: perl
             command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
           restartPolicy: OnFailure <10>
+#...
 ----
 +
 <1> Schedule for the job specified in link:https://en.wikipedia.org/wiki/Cron[cron format]. In this example, the job will run every minute.
-<2> An optional time zone for the schedule. See link:https://en.wikipedia.org/wiki/List_of_tz_database_time_zones[List of tz database time zones] for valid options. If not specified, the Kubernetes controller manager interprets the schedule relative to its local time zone. This setting is offered as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview].
+<2> An optional time zone for the schedule. See link:https://en.wikipedia.org/wiki/List_of_tz_database_time_zones[List of tz database time zones] for valid options. If not specified, the Kubernetes controller manager interprets the schedule relative to its local time zone.
 <3> An optional concurrency policy, specifying how to treat concurrent jobs within a cron job. Only one of the following concurrent policies may be specified. If not specified, this defaults to allowing concurrent executions.
 * `Allow` allows cron jobs to run concurrently.
 * `Forbid` forbids concurrent runs, skipping the next run if the previous has not
@@ -60,6 +62,52 @@ all subsequent executions will be suspended.
 <8> Job template. This is similar to the job example.
 <9> Sets a label for jobs spawned by this cron job.
 <10> The restart policy of the pod. This does not apply to the job controller.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[source,yaml]
+----
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: pi
+spec:
+  schedule: "*/1 * * * *"          <1>
+  concurrencyPolicy: "Replace"     <2>
+  startingDeadlineSeconds: 200     <3>
+  suspend: true                    <4>
+  successfulJobsHistoryLimit: 3    <5>
+  failedJobsHistoryLimit: 1        <6>
+  jobTemplate:                     <7>
+    spec:
+      template:
+        metadata:
+          labels:                  <8>
+            parent: "cronjobpi"
+        spec:
+          containers:
+          - name: pi
+            image: perl
+            command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
+          restartPolicy: OnFailure <9>
+----
++
+<1> Schedule for the job specified in link:https://en.wikipedia.org/wiki/Cron[cron format]. In this example, the job will run every minute.
+<2> An optional concurrency policy, specifying how to treat concurrent jobs within a cron job. Only one of the following concurrent policies may be specified. If not specified, this defaults to allowing concurrent executions.
+* `Allow` allows cron jobs to run concurrently.
+* `Forbid` forbids concurrent runs, skipping the next run if the previous has not
+finished yet.
+* `Replace` cancels the currently running job and replaces
+it with a new one.
+<3> An optional deadline (in seconds) for starting the job if it misses its
+scheduled time for any reason. Missed jobs executions will be counted as failed
+ones. If not specified, there is no deadline.
+<4> An optional flag allowing the suspension of a cron job. If set to `true`,
+all subsequent executions will be suspended.
+<5> The number of successful finished jobs to retain (defaults to 3).
+<6> The number of failed finished jobs to retain (defaults to 1).
+<7> Job template. This is similar to the job example.
+<8> Sets a label for jobs spawned by this cron job.
+<9> The restart policy of the pod. This does not apply to the job controller.
 +
 [NOTE]
 ====
@@ -68,6 +116,7 @@ These fields specify how many completed and failed jobs should be kept.  By defa
 set to `3` and `1` respectively.  Setting a limit to `0` corresponds to keeping none of the corresponding
 kind of jobs after they finish.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 . Create the cron job:
 +
diff --git a/modules/nodes-nodes-jobs-creating.adoc b/modules/nodes-nodes-jobs-creating.adoc
index 1e69f002bcc1..573d71609bf9 100644
--- a/modules/nodes-nodes-jobs-creating.adoc
+++ b/modules/nodes-nodes-jobs-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-jobs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-jobs-creating_{context}"]
 = Creating jobs
 
@@ -34,6 +34,7 @@ spec:
         image: perl
         command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
       restartPolicy: OnFailure    <6>
+#...
 ----
 <1> Optional: Specify how many pod replicas a job should run in parallel; defaults to `1`.
 * For non-parallel jobs, leave unset. When unset, defaults to `1`.
diff --git a/modules/nodes-nodes-kernel-arguments.adoc b/modules/nodes-nodes-kernel-arguments.adoc
index 3e88677148c6..9aeb39e19454 100644
--- a/modules/nodes-nodes-kernel-arguments.adoc
+++ b/modules/nodes-nodes-kernel-arguments.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-nodes-managing.adoc
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-kernel-arguments_{context}"]
 = Adding kernel arguments to nodes
 
@@ -117,6 +117,7 @@ spec:
   kernelArguments:
     - enforcing=0 <3>
       systemd.unified_cgroup_hierarchy=0 <4>
+#...
 ----
 +
 <1> Applies the new kernel argument only to worker nodes.
@@ -170,12 +171,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS                     ROLES    AGE   VERSION
-ip-10-0-136-161.ec2.internal   Ready                      worker   28m   v1.26.0
-ip-10-0-136-243.ec2.internal   Ready                      master   34m   v1.26.0
-ip-10-0-141-105.ec2.internal   Ready,SchedulingDisabled   worker   28m   v1.26.0
-ip-10-0-142-249.ec2.internal   Ready                      master   34m   v1.26.0
-ip-10-0-153-11.ec2.internal    Ready                      worker   28m   v1.26.0
-ip-10-0-153-150.ec2.internal   Ready                      master   34m   v1.26.0
+ip-10-0-136-161.ec2.internal   Ready                      worker   28m   v1.28.5
+ip-10-0-136-243.ec2.internal   Ready                      master   34m   v1.28.5
+ip-10-0-141-105.ec2.internal   Ready,SchedulingDisabled   worker   28m   v1.28.5
+ip-10-0-142-249.ec2.internal   Ready                      master   34m   v1.28.5
+ip-10-0-153-11.ec2.internal    Ready                      worker   28m   v1.28.5
+ip-10-0-153-150.ec2.internal   Ready                      master   34m   v1.28.5
 ----
 +
 You can see that scheduling on each worker node is disabled as the change is being applied.
diff --git a/modules/nodes-nodes-managing-about.adoc b/modules/nodes-nodes-managing-about.adoc
index 69551ea5392c..e8d5bb901b77 100644
--- a/modules/nodes-nodes-managing-about.adoc
+++ b/modules/nodes-nodes-managing-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-managing-about_{context}"]
 = Modifying nodes
 
@@ -66,6 +66,7 @@ spec:
     systemReserved:
       cpu: 2000m
       memory: 1Gi
+#...
 ----
 <1> Assign a name to CR.
 <2> Specify the label to apply the configuration change, this is the label you added to the machine config pool.
diff --git a/modules/nodes-nodes-managing-max-pods-proc.adoc b/modules/nodes-nodes-managing-max-pods-proc.adoc
index 24581aa55e8b..98be45d452bd 100644
--- a/modules/nodes-nodes-managing-max-pods-proc.adoc
+++ b/modules/nodes-nodes-managing-max-pods-proc.adoc
@@ -3,8 +3,8 @@
 // * nodes/nodes-nodes-managing-max-pods.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
-[id="nodes-nodes-managing-max-pods-about_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-nodes-managing-max-pods-proc_{context}"]
 = Configuring the maximum number of pods per node
 
 Two parameters control the maximum number of pods that can be scheduled to a node: `podsPerCore` and `maxPods`. If you use both options, the lower of the two limits the number of pods on a node.
@@ -38,6 +38,7 @@ metadata:
   labels:
     pools.operator.machineconfiguration.openshift.io/worker: "" <1>
   name: worker
+#...
 ----
 <1> The label appears under Labels.
 +
@@ -68,6 +69,7 @@ spec:
   kubeletConfig:
     podsPerCore: 10 <3>
     maxPods: 250 <4>
+#...
 ----
 <1> Assign a name to CR.
 <2> Specify the label from the machine config pool.
diff --git a/modules/nodes-nodes-rebooting-affinity.adoc b/modules/nodes-nodes-rebooting-affinity.adoc
index bef8c7ee5196..46b6f36098f5 100644
--- a/modules/nodes-nodes-rebooting-affinity.adoc
+++ b/modules/nodes-nodes-rebooting-affinity.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-rebooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-rebooting-affinity_{context}"]
 = Rebooting a node using pod anti-affinity
 
@@ -39,6 +39,7 @@ spec:
               values:
               - default
           topologyKey: kubernetes.io/hostname
+#...
 ----
 <1> Stanza to configure pod anti-affinity.
 <2> Defines a preferred rule.
diff --git a/modules/nodes-nodes-rebooting-gracefully.adoc b/modules/nodes-nodes-rebooting-gracefully.adoc
index 25a13768dd4a..d168da39f383 100644
--- a/modules/nodes-nodes-rebooting-gracefully.adoc
+++ b/modules/nodes-nodes-rebooting-gracefully.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-rebooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-rebooting-gracefully_{context}"]
 = Rebooting a node gracefully
 
@@ -13,7 +13,7 @@ Before rebooting a node, it is recommended to backup etcd data to avoid any data
 For {sno} clusters that require users to perform the `oc login` command rather than having the certificates in `kubeconfig` file to manage the cluster, the `oc adm` commands might not be available after cordoning and draining the node. This is because the `openshift-oauth-apiserver` pod is not running due to the cordon. You can use SSH to access the nodes as indicated in the following procedure.
 
 In a {sno} cluster, pods cannot be rescheduled when cordoning and draining. However, doing so gives the pods, especially your workload pods, time to properly stop and release associated resources.
-==== 
+====
 
 .Procedure
 
@@ -45,7 +45,7 @@ In this case, run the drain command again, adding the `disable-eviction` flag, w
 +
 [source,terminal]
 ----
-$ oc adm drain <node1> --ignore-daemonsets --delete-emptydir-data --force --disable-eviction 
+$ oc adm drain <node1> --ignore-daemonsets --delete-emptydir-data --force --disable-eviction
 ----
 
 . Access the node in debug mode:
diff --git a/modules/nodes-nodes-rebooting-infrastructure.adoc b/modules/nodes-nodes-rebooting-infrastructure.adoc
index 02fc4113dc8f..3b4725aeb2fa 100644
--- a/modules/nodes-nodes-rebooting-infrastructure.adoc
+++ b/modules/nodes-nodes-rebooting-infrastructure.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-rebooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-rebooting-infrastructure_{context}"]
 = About rebooting nodes running critical infrastructure
 
diff --git a/modules/nodes-nodes-rebooting-router.adoc b/modules/nodes-nodes-rebooting-router.adoc
index c0ec07e1c576..dfb7c7b7489f 100644
--- a/modules/nodes-nodes-rebooting-router.adoc
+++ b/modules/nodes-nodes-rebooting-router.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-rebooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-rebooting-router_{context}"]
 = Understanding how to reboot nodes running routers
 
@@ -10,7 +10,7 @@ In most cases, a pod running an {product-title} router exposes a host port.
 
 The `PodFitsPorts` scheduler predicate ensures that no router pods using the
 same port can run on the same node, and pod anti-affinity is achieved. If the
-routers are relying on IP failover for high availability, there is nothing else that is needed. 
+routers are relying on IP failover for high availability, there is nothing else that is needed.
 
 For router pods relying on an external service such as AWS Elastic Load Balancing for high
 availability, it is that service's responsibility to react to router pod restarts.
diff --git a/modules/nodes-nodes-resources-configuring-about.adoc b/modules/nodes-nodes-resources-configuring-about.adoc
index 30cb67cdc5fd..8ce04718f9f1 100644
--- a/modules/nodes-nodes-resources-configuring-about.adoc
+++ b/modules/nodes-nodes-resources-configuring-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-resources-configuring.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-resources-configuring-about_{context}"]
 = Understanding how to allocate resources for nodes
 
diff --git a/modules/nodes-nodes-resources-configuring-auto.adoc b/modules/nodes-nodes-resources-configuring-auto.adoc
index 00920919f0a7..b60b045fb916 100644
--- a/modules/nodes-nodes-resources-configuring-auto.adoc
+++ b/modules/nodes-nodes-resources-configuring-auto.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-resources-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-resources-configuring-auto_{context}"]
 = Automatically allocating resources for nodes
 
@@ -41,7 +41,7 @@ metadata:
   labels:
     pools.operator.machineconfiguration.openshift.io/worker: "" <1>
   name: worker
- ...
+#...
 ----
 <1> The label appears under `Labels`.
 +
@@ -70,6 +70,7 @@ spec:
   machineConfigPoolSelector:
     matchLabels:
       pools.operator.machineconfiguration.openshift.io/worker: "" <3>
+#...
 ----
 <1> Assign a name to CR.
 <2> Add the `autoSizingReserved` parameter set to `true` to allow {product-title} to automatically determine and allocate the `system-reserved` resources on the nodes associated with the specified label. To disable automatic allocation on those nodes, set this parameter to `false`.
diff --git a/modules/nodes-nodes-resources-configuring-setting.adoc b/modules/nodes-nodes-resources-configuring-setting.adoc
index 6f38c84fcd96..711bd71b50d9 100644
--- a/modules/nodes-nodes-resources-configuring-setting.adoc
+++ b/modules/nodes-nodes-resources-configuring-setting.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-resources-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-resources-configuring-setting_{context}"]
 = Manually allocating resources for nodes
 
@@ -45,6 +45,7 @@ metadata:
   labels:
     pools.operator.machineconfiguration.openshift.io/worker: "" <1>
   name: worker
+#...
 ----
 <1> The label appears under Labels.
 +
@@ -76,6 +77,7 @@ spec:
     systemReserved: <3>
       cpu: 1000m
       memory: 1Gi
+#...
 ----
 <1> Assign a name to CR.
 <2> Specify the label from the machine config pool.
diff --git a/modules/nodes-nodes-resources-cpus-reserve.adoc b/modules/nodes-nodes-resources-cpus-reserve.adoc
index ea660634fdbb..6339fa8fcd58 100644
--- a/modules/nodes-nodes-resources-cpus-reserve.adoc
+++ b/modules/nodes-nodes-resources-cpus-reserve.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-resources-cpus
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-resources-cpus-reserve_{context}"]
 = Reserving CPUs for nodes
 
@@ -28,30 +28,31 @@ $ oc describe machineconfigpool worker
 [source,yaml]
 ----
 Name:         worker
-Namespace:    
+Namespace:
 Labels:       machineconfiguration.openshift.io/mco-built-in=
               pools.operator.machineconfiguration.openshift.io/worker= <1>
 Annotations:  <none>
 API Version:  machineconfiguration.openshift.io/v1
 Kind:         MachineConfigPool
-...
+#...
 ----
-<1> Get the MCP label. 
+<1> Get the MCP label.
 
 . Create a YAML file for the `KubeletConfig` CR:
 +
 [source,yaml]
----- 
+----
 apiVersion: machineconfiguration.openshift.io/v1
 kind: KubeletConfig
 metadata:
-  name: set-reserved-cpus <1>  
+  name: set-reserved-cpus <1>
 spec:
   kubeletConfig:
     reservedSystemCPUs: "0,1,2,3" <2>
   machineConfigPoolSelector:
     matchLabels:
       pools.operator.machineconfiguration.openshift.io/worker: "" <3>
+#...
 ----
 <1> Specify a name for the CR.
 <2> Specify the core IDs of the CPUs you want to reserve for the nodes associated with the MCP.
diff --git a/modules/nodes-nodes-rtkernel-arguments.adoc b/modules/nodes-nodes-rtkernel-arguments.adoc
index d966d3c6e8ce..905923eb3a77 100644
--- a/modules/nodes-nodes-rtkernel-arguments.adoc
+++ b/modules/nodes-nodes-rtkernel-arguments.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes/nodes-nodes-managing.adoc
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-rtkernel-arguments_{context}"]
 = Adding a real-time kernel to nodes
 
@@ -58,9 +58,9 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                        STATUS  ROLES    AGE   VERSION
-ip-10-0-143-147.us-east-2.compute.internal  Ready   worker   103m  v1.26.0
-ip-10-0-146-92.us-east-2.compute.internal   Ready   worker   101m  v1.26.0
-ip-10-0-169-2.us-east-2.compute.internal    Ready   worker   102m  v1.26.0
+ip-10-0-143-147.us-east-2.compute.internal  Ready   worker   103m  v1.28.5
+ip-10-0-146-92.us-east-2.compute.internal   Ready   worker   101m  v1.28.5
+ip-10-0-169-2.us-east-2.compute.internal    Ready   worker   102m  v1.28.5
 ----
 +
 [source,terminal]
diff --git a/modules/nodes-nodes-swap-memory.adoc b/modules/nodes-nodes-swap-memory.adoc
index 2a964d22fe4f..5b2c332516bf 100644
--- a/modules/nodes-nodes-swap-memory.adoc
+++ b/modules/nodes-nodes-swap-memory.adoc
@@ -1,4 +1,8 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * nodes/nodes/nodes-nodes-managing.:_mod-docs-content-type: PROCEDURE
+
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-swap-memory_{context}"]
 
 = Enabling swap memory use on nodes
@@ -63,6 +67,7 @@ spec:
     failSwapOn: false <1>
     memorySwap:
       swapBehavior: LimitedSwap <2>
+#...
 ----
 <1> Set to `false` to enable swap memory use on the associated nodes. Set to `true` to disable swap memory use.
 <2> Specify the swap memory behavior. If unspecified, the default is `LimitedSwap`.
diff --git a/modules/nodes-nodes-viewing-listing-pods.adoc b/modules/nodes-nodes-viewing-listing-pods.adoc
index e785bf067464..58ca543de8ef 100644
--- a/modules/nodes-nodes-viewing-listing-pods.adoc
+++ b/modules/nodes-nodes-viewing-listing-pods.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-viewing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-viewing-listing-pods_{context}"]
 = Listing pods on a node in your cluster
 
diff --git a/modules/nodes-nodes-viewing-listing.adoc b/modules/nodes-nodes-viewing-listing.adoc
index c0aa76a8b151..db4aa5480a8e 100644
--- a/modules/nodes-nodes-viewing-listing.adoc
+++ b/modules/nodes-nodes-viewing-listing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-viewing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-viewing-listing_{context}"]
 = About listing all the nodes in a cluster
 
@@ -26,9 +26,9 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                   STATUS    ROLES     AGE       VERSION
-master.example.com     Ready     master    7h        v1.26.0
-node1.example.com      Ready     worker    7h        v1.26.0
-node2.example.com      Ready     worker    7h        v1.26.0
+master.example.com     Ready     master    7h        v1.28.5
+node1.example.com      Ready     worker    7h        v1.28.5
+node2.example.com      Ready     worker    7h        v1.28.5
 ----
 +
 The following example is a cluster with one unhealthy node:
@@ -42,9 +42,9 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                   STATUS                      ROLES     AGE       VERSION
-master.example.com     Ready                       master    7h        v1.26.0
-node1.example.com      NotReady,SchedulingDisabled worker    7h        v1.26.0
-node2.example.com      Ready                       worker    7h        v1.26.0
+master.example.com     Ready                       master    7h        v1.28.5
+node1.example.com      NotReady,SchedulingDisabled worker    7h        v1.28.5
+node2.example.com      Ready                       worker    7h        v1.28.5
 ----
 +
 The conditions that trigger a `NotReady` status are shown later in this section.
@@ -60,9 +60,9 @@ $ oc get nodes -o wide
 [source,terminal]
 ----
 NAME                STATUS   ROLES    AGE    VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                                                       KERNEL-VERSION                 CONTAINER-RUNTIME
-master.example.com  Ready    master   171m   v1.26.0   10.0.129.108   <none>        Red Hat Enterprise Linux CoreOS 48.83.202103210901-0 (Ootpa)   4.18.0-240.15.1.el8_3.x86_64   cri-o://1.26.0-30.rhaos4.10.gitf2f339d.el8-dev
-node1.example.com   Ready    worker   72m    v1.26.0   10.0.129.222   <none>        Red Hat Enterprise Linux CoreOS 48.83.202103210901-0 (Ootpa)   4.18.0-240.15.1.el8_3.x86_64   cri-o://1.26.0-30.rhaos4.10.gitf2f339d.el8-dev
-node2.example.com   Ready    worker   164m   v1.26.0   10.0.142.150   <none>        Red Hat Enterprise Linux CoreOS 48.83.202103210901-0 (Ootpa)   4.18.0-240.15.1.el8_3.x86_64   cri-o://1.26.0-30.rhaos4.10.gitf2f339d.el8-dev
+master.example.com  Ready    master   171m   v1.28.5   10.0.129.108   <none>        Red Hat Enterprise Linux CoreOS 48.83.202103210901-0 (Ootpa)   4.18.0-240.15.1.el8_3.x86_64   cri-o://1.28.5-30.rhaos4.10.gitf2f339d.el8-dev
+node1.example.com   Ready    worker   72m    v1.28.5   10.0.129.222   <none>        Red Hat Enterprise Linux CoreOS 48.83.202103210901-0 (Ootpa)   4.18.0-240.15.1.el8_3.x86_64   cri-o://1.28.5-30.rhaos4.10.gitf2f339d.el8-dev
+node2.example.com   Ready    worker   164m   v1.28.5   10.0.142.150   <none>        Red Hat Enterprise Linux CoreOS 48.83.202103210901-0 (Ootpa)   4.18.0-240.15.1.el8_3.x86_64   cri-o://1.28.5-30.rhaos4.10.gitf2f339d.el8-dev
 ----
 
 * The following command lists information about a single node:
@@ -83,7 +83,7 @@ $ oc get node node1.example.com
 [source,terminal]
 ----
 NAME                   STATUS    ROLES     AGE       VERSION
-node1.example.com      Ready     worker    7h        v1.26.0
+node1.example.com      Ready     worker    7h        v1.28.5
 ----
 
 * The following command provides more detailed information about a specific node, including the reason for
@@ -158,9 +158,9 @@ System Info:    <9>
  OS Image:                                Red Hat Enterprise Linux CoreOS 410.8.20190520.0 (Ootpa)
  Operating System:                        linux
  Architecture:                            amd64
- Container Runtime Version:               cri-o://1.26.0-0.6.dev.rhaos4.3.git9ad059b.el8-rc2
- Kubelet Version:                         v1.26.0
- Kube-Proxy Version:                      v1.26.0
+ Container Runtime Version:               cri-o://1.28.5-0.6.dev.rhaos4.3.git9ad059b.el8-rc2
+ Kubelet Version:                         v1.28.5
+ Kube-Proxy Version:                      v1.28.5
 PodCIDR:                                  10.128.4.0/24
 ProviderID:                               aws:///us-east-2a/i-04e87b31dc6b3e171
 Non-terminated Pods:                      (12 in total)  <10>
@@ -195,7 +195,7 @@ Events:     <11>
   Normal   NodeHasSufficientDisk    6d (x6 over 6d)    kubelet, m01.example.com  Node m01.example.com status is now: NodeHasSufficientDisk
   Normal   NodeHasSufficientPID     6d                 kubelet, m01.example.com  Node m01.example.com status is now: NodeHasSufficientPID
   Normal   Starting                 6d                 kubelet, m01.example.com  Starting kubelet.
- ...
+#...
 ----
 <1> The name of the node.
 <2> The role of the node, either `master` or `worker`.
diff --git a/modules/nodes-nodes-viewing-memory.adoc b/modules/nodes-nodes-viewing-memory.adoc
index a1934174f5cb..5ddc6a916414 100644
--- a/modules/nodes-nodes-viewing-memory.adoc
+++ b/modules/nodes-nodes-viewing-memory.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-viewing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-viewing-memory_{context}"]
 = Viewing memory and CPU usage statistics on your nodes
 
@@ -28,14 +28,14 @@ $ oc adm top nodes
 .Example output
 [source,terminal]
 ----
-NAME                                   CPU(cores)   CPU%      MEMORY(bytes)   MEMORY%   
-ip-10-0-12-143.ec2.compute.internal    1503m        100%      4533Mi          61%       
-ip-10-0-132-16.ec2.compute.internal    76m          5%        1391Mi          18%       
-ip-10-0-140-137.ec2.compute.internal   398m         26%       2473Mi          33%       
-ip-10-0-142-44.ec2.compute.internal    656m         43%       6119Mi          82%       
-ip-10-0-146-165.ec2.compute.internal   188m         12%       3367Mi          45%       
-ip-10-0-19-62.ec2.compute.internal     896m         59%       5754Mi          77%       
-ip-10-0-44-193.ec2.compute.internal    632m         42%       5349Mi          72%    
+NAME                                   CPU(cores)   CPU%      MEMORY(bytes)   MEMORY%
+ip-10-0-12-143.ec2.compute.internal    1503m        100%      4533Mi          61%
+ip-10-0-132-16.ec2.compute.internal    76m          5%        1391Mi          18%
+ip-10-0-140-137.ec2.compute.internal   398m         26%       2473Mi          33%
+ip-10-0-142-44.ec2.compute.internal    656m         43%       6119Mi          82%
+ip-10-0-146-165.ec2.compute.internal   188m         12%       3367Mi          45%
+ip-10-0-19-62.ec2.compute.internal     896m         59%       5754Mi          77%
+ip-10-0-44-193.ec2.compute.internal    632m         42%       5349Mi          72%
 ----
 
 * To view the usage statistics for nodes with labels:
diff --git a/modules/nodes-nodes-working-deleting-bare-metal.adoc b/modules/nodes-nodes-working-deleting-bare-metal.adoc
index ba93251a1a83..a78bfc30268b 100644
--- a/modules/nodes-nodes-working-deleting-bare-metal.adoc
+++ b/modules/nodes-nodes-working-deleting-bare-metal.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-nodes-working.adoc
 // * virt/virtual_machines/virt-triggering-vm-failover-resolving-failed-node.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-working-deleting-bare-metal_{context}"]
 = Deleting nodes from a bare metal cluster
 
diff --git a/modules/nodes-nodes-working-deleting.adoc b/modules/nodes-nodes-working-deleting.adoc
index dab38934d229..d6fdbba51a1f 100644
--- a/modules/nodes-nodes-working-deleting.adoc
+++ b/modules/nodes-nodes-working-deleting.adoc
@@ -2,63 +2,63 @@
 //
 // * nodes/nodes-nodes-working.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-working-deleting_{context}"]
 = Deleting nodes from a cluster
 
-When you delete a node using the CLI, the node object is deleted in Kubernetes,
-but the pods that exist on the node are not deleted. Any bare pods not
-backed by a replication controller become inaccessible to {product-title}.
-Pods backed by replication controllers are rescheduled to other available
-nodes. You must delete local manifest pods.
+To delete a node from the {product-title} cluster, scale down the appropriate `MachineSet` object.
 
-.Procedure
+[IMPORTANT]
+====
+When a cluster is integrated with a cloud provider, you must delete the corresponding machine to delete a node. Do not try to use the `oc delete node` command for this task.
+====
 
-To delete a node from the {product-title} cluster, edit the appropriate `MachineSet` object:
+When you delete a node by using the CLI, the node object is deleted in Kubernetes, but the pods that exist on the node are not deleted. Any bare pods that are not backed by a replication controller become inaccessible to {product-title}. Pods backed by replication controllers are rescheduled to other available nodes. You must delete local manifest pods.
 
 [NOTE]
 ====
-If you are running cluster on bare metal, you cannot delete a node by editing
-`MachineSet` objects. Compute machine sets are only available when a cluster is integrated with a cloud provider. Instead you must unschedule and drain the node before manually
-deleting it.
+If you are running cluster on bare metal, you cannot delete a node by editing `MachineSet` objects. Compute machine sets are only available when a cluster is integrated with a cloud provider. Instead you must unschedule and drain the node before manually deleting it.
 ====
 
-. View the compute machine sets that are in the cluster:
+.Procedure
+
+. View the compute machine sets that are in the cluster by running the following command:
 +
 [source,terminal]
 ----
 $ oc get machinesets -n openshift-machine-api
 ----
 +
-The compute machine sets are listed in the form of <clusterid>-worker-<aws-region-az>.
+The compute machine sets are listed in the form of `<cluster-id>-worker-<aws-region-az>`.
+
+. Scale down the compute machine set by using one of the following methods:
 
-. Scale the compute machine set:
+** Specify the number of replicas to scale down to by running the following command:
 +
 [source,terminal]
 ----
-$ oc scale --replicas=2 machineset <machineset> -n openshift-machine-api
+$ oc scale --replicas=2 machineset <machine-set-name> -n openshift-machine-api
 ----
-+
-Or:
+
+** Edit the compute machine set custom resource by running the following command:
 +
 [source,terminal]
 ----
-$ oc edit machineset <machineset> -n openshift-machine-api
+$ oc edit machineset <machine-set-name> -n openshift-machine-api
 ----
 +
-[TIP]
-====
-You can alternatively apply the following YAML to scale the compute machine set:
-
+.Example output
 [source,yaml]
 ----
 apiVersion: machine.openshift.io/v1beta1
 kind: MachineSet
 metadata:
-  name: <machineset>
+  # ...
+  name: <machine-set-name>
   namespace: openshift-machine-api
+  # ...
 spec:
-  replicas: 2
+  replicas: 2 # <1>
+  # ...
 ----
-====
-
+<1> Specify the number of replicas to scale down to.
\ No newline at end of file
diff --git a/modules/nodes-nodes-working-evacuating.adoc b/modules/nodes-nodes-working-evacuating.adoc
index b8371f3c3fed..207e1c851eca 100644
--- a/modules/nodes-nodes-working-evacuating.adoc
+++ b/modules/nodes-nodes-working-evacuating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-working.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-working-evacuating_{context}"]
 = Understanding how to evacuate pods on nodes
 
@@ -44,7 +44,7 @@ $ oc get node <node1>
 [source,terminal]
 ----
 NAME        STATUS                     ROLES     AGE       VERSION
-<node1>     Ready,SchedulingDisabled   worker    1d        v1.26.0
+<node1>     Ready,SchedulingDisabled   worker    1d        v1.28.5
 ----
 
 . Evacuate the pods using one of the following methods:
diff --git a/modules/nodes-nodes-working-marking.adoc b/modules/nodes-nodes-working-marking.adoc
index ffae51ce3ae1..6fda48df5633 100644
--- a/modules/nodes-nodes-working-marking.adoc
+++ b/modules/nodes-nodes-working-marking.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-working.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-working-marking_{context}"]
 = Understanding how to mark nodes as unschedulable or schedulable
 
diff --git a/modules/nodes-nodes-working-master-schedulable.adoc b/modules/nodes-nodes-working-master-schedulable.adoc
index c57aa4ac6461..861a0c7f02c2 100644
--- a/modules/nodes-nodes-working-master-schedulable.adoc
+++ b/modules/nodes-nodes-working-master-schedulable.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-nodes-working-master-schedulable_{context}"]
 = Configuring control plane nodes as schedulable
 
@@ -50,6 +50,7 @@ metadata:
 spec:
   mastersSchedulable: false <1>
 status: {}
+#...
 ----
 <1> Set to `true` to allow control plane nodes to be schedulable, or `false` to
 disallow control plane nodes to be schedulable.
diff --git a/modules/nodes-nodes-working-setting-booleans.adoc b/modules/nodes-nodes-working-setting-booleans.adoc
index 8b3956c7582d..5d47d3c9385f 100644
--- a/modules/nodes-nodes-working-setting-booleans.adoc
+++ b/modules/nodes-nodes-working-setting-booleans.adoc
@@ -3,8 +3,8 @@
 // * nodes/nodes/nodes-nodes-managing.adoc
 
 
-:_content-type: PROCEDURE
-[id="nodes-nodes-working-setting-booleans"]
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-nodes-working-setting-booleans_{context}"]
 
 = Setting SELinux booleans
 
@@ -46,6 +46,7 @@ spec:
           WantedBy=multi-user.target graphical.target
         enabled: true
         name: setsebool.service
+#...
 ----
 +
 
diff --git a/modules/nodes-nodes-working-updating.adoc b/modules/nodes-nodes-working-updating.adoc
index 96ad8dff6ffa..d574c8997a92 100644
--- a/modules/nodes-nodes-working-updating.adoc
+++ b/modules/nodes-nodes-working-updating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-nodes-working.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-nodes-working-updating_{context}"]
 = Understanding how to update labels on nodes
 
@@ -43,6 +43,7 @@ metadata:
   name: webconsole-7f7f6
   labels:
     unhealthy: 'true'
+#...
 ----
 ====
 
diff --git a/modules/nodes-pods-about.adoc b/modules/nodes-pods-about.adoc
index 8eb2edf2bc25..5966ac196759 100644
--- a/modules/nodes-pods-about.adoc
+++ b/modules/nodes-pods-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-using.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-about_{context}"]
 = About pods
 
diff --git a/modules/nodes-pods-autoscaling-about.adoc b/modules/nodes-pods-autoscaling-about.adoc
index 7bbc20670e92..7ebcdb319f8d 100644
--- a/modules/nodes-pods-autoscaling-about.adoc
+++ b/modules/nodes-pods-autoscaling-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-autoscaling-about_{context}"]
 = Understanding horizontal pod autoscalers
 
diff --git a/modules/nodes-pods-autoscaling-best-practices-hpa.adoc b/modules/nodes-pods-autoscaling-best-practices-hpa.adoc
index 5dcd323b0680..501ed4ff60d2 100644
--- a/modules/nodes-pods-autoscaling-best-practices-hpa.adoc
+++ b/modules/nodes-pods-autoscaling-best-practices-hpa.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-autoscaling-best-practices-hpa_{context}"]
 = Best practices
 
diff --git a/modules/nodes-pods-autoscaling-creating-cpu.adoc b/modules/nodes-pods-autoscaling-creating-cpu.adoc
index aa68d7a75ccb..875eb4b6f870 100644
--- a/modules/nodes-pods-autoscaling-creating-cpu.adoc
+++ b/modules/nodes-pods-autoscaling-creating-cpu.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-autoscaling-creating-cpu_{context}"]
 = Creating a horizontal pod autoscaler for CPU utilization by using the CLI
 
diff --git a/modules/nodes-pods-autoscaling-creating-memory.adoc b/modules/nodes-pods-autoscaling-creating-memory.adoc
index 4867c2f42612..ea886504b14e 100644
--- a/modules/nodes-pods-autoscaling-creating-memory.adoc
+++ b/modules/nodes-pods-autoscaling-creating-memory.adoc
@@ -2,14 +2,14 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-autoscaling-creating-memory_{context}"]
 
 = Creating a horizontal pod autoscaler object for memory utilization by using the CLI
 
-Using the {product-title} CLI, you can create a horizontal pod autoscaler (HPA) to automatically scale an existing 
-`Deployment`, `DeploymentConfig`, `ReplicaSet`, `ReplicationController`, or `StatefulSet` object. The HPA  
-scales the pods associated with that object to maintain the average memory utilization you specify, either a direct value or a percentage 
+Using the {product-title} CLI, you can create a horizontal pod autoscaler (HPA) to automatically scale an existing
+`Deployment`, `DeploymentConfig`, `ReplicaSet`, `ReplicationController`, or `StatefulSet` object. The HPA
+scales the pods associated with that object to maintain the average memory utilization you specify, either a direct value or a percentage
 of requested memory.
 
 [NOTE]
@@ -107,7 +107,7 @@ spec:
 * For a `Deployment`, `ReplicaSet`, or `Statefulset` object, use `apps/v1`.
 * For a `ReplicationController`, use `v1`.
 * For a `DeploymentConfig`, use `apps.openshift.io/v1`.
-<4> Specify the type of object. The object must be a `Deployment`, `DeploymentConfig`, 
+<4> Specify the type of object. The object must be a `Deployment`, `DeploymentConfig`,
 `ReplicaSet`, `ReplicationController`, or `StatefulSet`.
 <5> Specify the name of the object to scale. The object must exist.
 <6> Specify the minimum number of replicas when scaling down.
@@ -159,7 +159,7 @@ spec:
 * For a ReplicationController, use `v1`.
 * For a DeploymentConfig, use `apps.openshift.io/v1`.
 * For a Deployment, ReplicaSet, Statefulset object, use `apps/v1`.
-<4> Specify the type of object. The object must be a `Deployment`, `DeploymentConfig`, 
+<4> Specify the type of object. The object must be a `Deployment`, `DeploymentConfig`,
 `ReplicaSet`, `ReplicationController`, or `StatefulSet`.
 <5> Specify the name of the object to scale. The object must exist.
 <6> Specify the minimum number of replicas when scaling down.
diff --git a/modules/nodes-pods-autoscaling-creating-web-console.adoc b/modules/nodes-pods-autoscaling-creating-web-console.adoc
index 60b04bb7357e..2ae3a6bf08c6 100644
--- a/modules/nodes-pods-autoscaling-creating-web-console.adoc
+++ b/modules/nodes-pods-autoscaling-creating-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-autoscaling-creating-web-console_{context}"]
 = Creating a horizontal pod autoscaler by using the web console
 
diff --git a/modules/nodes-pods-autoscaling-custom-rn-210.adoc b/modules/nodes-pods-autoscaling-custom-rn-210.adoc
index 94169b4dcd2a..9f0cb8737862 100644
--- a/modules/nodes-pods-autoscaling-custom-rn-210.adoc
+++ b/modules/nodes-pods-autoscaling-custom-rn-210.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-custom.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-autoscaling-custom-rn_{context}"]
 = Custom Metrics Autoscaler Operator release notes
 
@@ -52,9 +52,9 @@ This release of the Custom Metrics Autoscaler Operator 2.10 provides new feature
 === New features and enhancements
 
 [id="nodes-pods-autoscaling-custom-rn-210-ga_{context}"]
-==== Custom Metrics Autoscaler Operator general availability 
+==== Custom Metrics Autoscaler Operator general availability
 
-The Custom Metrics Autoscaler Operator is now generally available as of Custom Metrics Autoscaler Operator version 2.10. 
+The Custom Metrics Autoscaler Operator is now generally available as of Custom Metrics Autoscaler Operator version 2.10.
 
 :FeatureName: Scaling by using a scaled job
 include::snippets/technology-preview.adoc[]
@@ -62,7 +62,7 @@ include::snippets/technology-preview.adoc[]
 [id="nodes-pods-autoscaling-custom-rn-210-metrics_{context}"]
 ==== Custom Metrics Autoscaler Operator metrics
 
-You can now use the Prometheus Query Language (PromQL) to query metrics from the Custom Metrics Autoscaler Operator. 
+You can now use the Prometheus Query Language (PromQL) to query metrics from the Custom Metrics Autoscaler Operator.
 
 [id="nodes-pods-autoscaling-custom-rn-210-pause_{context}"]
 ==== Pausing the custom metrics autoscaling for scaled objects
diff --git a/modules/nodes-pods-autoscaling-requests-and-limits-hpa.adoc b/modules/nodes-pods-autoscaling-requests-and-limits-hpa.adoc
index 6d301a7efc7b..f4949f7e1d6b 100644
--- a/modules/nodes-pods-autoscaling-requests-and-limits-hpa.adoc
+++ b/modules/nodes-pods-autoscaling-requests-and-limits-hpa.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-autoscaling-requests-and-limits-hpa_{context}"]
 = About requests and limits
 
diff --git a/modules/nodes-pods-autoscaling-status-about.adoc b/modules/nodes-pods-autoscaling-status-about.adoc
index 387d306c4f7d..71117fafca11 100644
--- a/modules/nodes-pods-autoscaling-status-about.adoc
+++ b/modules/nodes-pods-autoscaling-status-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-autoscaling-status-about_{context}"]
 
 = Understanding horizontal pod autoscaler status conditions by using the CLI
diff --git a/modules/nodes-pods-autoscaling-status-viewing.adoc b/modules/nodes-pods-autoscaling-status-viewing.adoc
index 423a4a71612a..ddbaee75d139 100644
--- a/modules/nodes-pods-autoscaling-status-viewing.adoc
+++ b/modules/nodes-pods-autoscaling-status-viewing.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-autoscaling-status-viewing_{context}"]
 
 = Viewing horizontal pod autoscaler status conditions by using the CLI
diff --git a/modules/nodes-pods-autoscaling-workflow-hpa.adoc b/modules/nodes-pods-autoscaling-workflow-hpa.adoc
index fd99c110bea9..9a15a781a5cc 100644
--- a/modules/nodes-pods-autoscaling-workflow-hpa.adoc
+++ b/modules/nodes-pods-autoscaling-workflow-hpa.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-about.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-autoscaling-workflow-hpa_{context}"]
 = How does the HPA work?
 
diff --git a/modules/nodes-pods-configmap-create-from-console.adoc b/modules/nodes-pods-configmap-create-from-console.adoc
index e31dceade16e..dde5f66a0fee 100644
--- a/modules/nodes-pods-configmap-create-from-console.adoc
+++ b/modules/nodes-pods-configmap-create-from-console.adoc
@@ -2,7 +2,7 @@
 //
 //* authentication/configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmap-create-from-console_{context}"]
 = Creating a config map in the {product-title} web console
 
diff --git a/modules/nodes-pods-configmap-create.adoc b/modules/nodes-pods-configmap-create.adoc
index a10fcdf60ef5..432a8dd5976c 100644
--- a/modules/nodes-pods-configmap-create.adoc
+++ b/modules/nodes-pods-configmap-create.adoc
@@ -2,7 +2,7 @@
 //
 //* authentication/configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmap-create_{context}"]
 = Creating a config map by using the CLI
 
diff --git a/modules/nodes-pods-configmap-creating-from-directories.adoc b/modules/nodes-pods-configmap-creating-from-directories.adoc
index f48e06346b9e..65913aaa95ac 100644
--- a/modules/nodes-pods-configmap-creating-from-directories.adoc
+++ b/modules/nodes-pods-configmap-creating-from-directories.adoc
@@ -1,30 +1,50 @@
 // Module included in the following assemblies:
 //
-//* authentication/configmaps.adoc
+//* nodes/pods/nodes-pods-configmap.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmap-creating-from-directories_{context}"]
 = Creating a config map from a directory
 
-You can create a config map from a directory. This method allows you to use multiple files within a directory to create a config map.
+You can create a config map from a directory by using the `--from-file` flag. This method allows you to use multiple files within a directory to create a config map.
 
-.Procedure
+Each file in the directory is used to populate a key in the config map, where the name of the key is the file name, and the value of the key is the content of the file.
 
-The following example procedure outlines how to create a config map from a directory.
+For example, the following command creates a config map with the contents of the `example-files` directory:
 
-. Start with a directory with some files that already contain the data with which you want to populate a config map:
-+
 [source,terminal]
 ----
-$ ls example-files
+$ oc create configmap game-config --from-file=example-files/
 ----
-+
+
+View the keys in the config map:
+
+[source,terminal]
+----
+$ oc describe configmaps game-config
+----
+
 .Example output
 [source,terminal]
 ----
-game.properties
-ui.properties
+Name:           game-config
+Namespace:      default
+Labels:         <none>
+Annotations:    <none>
+
+Data
+
+game.properties:        158 bytes
+ui.properties:          83 bytes
 ----
+
+You can see that the two keys in the map are created from the file names in the directory specified in the command. The content of those keys might be large, so the output of `oc describe` only shows the names of the keys and their sizes.
+
+.Prerequisite
+
+* You must have a directory with files that contain the data you want to populate a config map with.
++
+The following procedure uses these example files: `game.properties` and `ui.properties`:
 +
 [source,terminal]
 ----
@@ -57,40 +77,19 @@ allow.textmode=true
 how.nice.to.look=fairlyNice
 ----
 
-. Create a config map holding the content of each file in this directory by entering the following command:
+.Procedure
+
+* Create a config map holding the content of each file in this directory by entering the following command:
 +
 [source,terminal]
 ----
 $ oc create configmap game-config \
     --from-file=example-files/
 ----
-+
-When the `--from-file` option points to a directory, each file directly in that directory is used to populate a key in the config map, where the name of the key is the file name, and the value of the key is the content of the file.
-+
-For example, the previous command creates the following config map:
-+
-[source,terminal]
-----
-$ oc describe configmaps game-config
-----
-+
-.Example output
-[source,terminal]
-----
-Name:           game-config
-Namespace:      default
-Labels:         <none>
-Annotations:    <none>
 
-Data
+.Verification
 
-game.properties:        158 bytes
-ui.properties:          83 bytes
-----
-+
-You can see that the two keys in the map are created from the file names in the directory specified in the command. Because the content of those keys might be large, the output of `oc describe` only shows the names of the keys and their sizes.
-+
-. Enter the `oc get` command for the object with the `-o` option to see the values of the keys:
+* Enter the `oc get` command for the object with the `-o` option to see the values of the keys:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-pods-configmap-creating-from-files.adoc b/modules/nodes-pods-configmap-creating-from-files.adoc
index c4cd3cf355ec..cc8c2c3f040d 100644
--- a/modules/nodes-pods-configmap-creating-from-files.adoc
+++ b/modules/nodes-pods-configmap-creating-from-files.adoc
@@ -2,24 +2,64 @@
 //
 //* authentication/configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmap-creating-from-files_{context}"]
 = Creating a config map from a file
 
-You can create a config map from a file.
+You can create a config map from a file by using the `--from-file` flag. You can pass the `--from-file` option multiple times to the CLI.
 
-.Procedure
+You can also specify the key to set in a config map for content imported from a file by passing a `key=value` expression to the `--from-file` option. For example:
 
-The following example procedure outlines how to create a config map from a file.
+[source,terminal]
+----
+$ oc create configmap game-config-3 --from-file=game-special-key=example-files/game.properties
+----
 
 [NOTE]
 ====
 If you create a config map from a file, you can include files containing non-UTF8 data that are placed in this field without corrupting the non-UTF8 data. {product-title} detects binary files and transparently encodes the file as `MIME`. On the server, the `MIME` payload is decoded and stored without corrupting the data.
 ====
 
-You can pass the `--from-file` option multiple times to the CLI. The following example yields equivalent results to the creating from directories example.
+.Prerequisite
+
+* You must have a directory with files that contain the data you want to populate a config map with.
++
+The following procedure uses these example files: `game.properties` and `ui.properties`:
++
+[source,terminal]
+----
+$ cat example-files/game.properties
+----
++
+.Example output
+[source,terminal]
+----
+enemies=aliens
+lives=3
+enemies.cheat=true
+enemies.cheat.level=noGoodRotten
+secret.code.passphrase=UUDDLRLRBABAS
+secret.code.allowed=true
+secret.code.lives=30
+----
++
+[source,terminal]
+----
+$ cat example-files/ui.properties
+----
++
+.Example output
+[source,terminal]
+----
+color.good=purple
+color.bad=yellow
+allow.textmode=true
+how.nice.to.look=fairlyNice
+----
+
+.Procedure
 
-. Create a config map by specifying a specific file:
+* Create a config map by specifying a specific file:
 +
 [source,terminal]
 ----
@@ -27,8 +67,18 @@ $ oc create configmap game-config-2 \
     --from-file=example-files/game.properties \
     --from-file=example-files/ui.properties
 ----
+
+* Create a config map by specifying a key-value pair:
 +
-. Verify the results:
+[source,terminal]
+----
+$ oc create configmap game-config-3 \
+    --from-file=game-special-key=example-files/game.properties
+----
+
+.Verification
+
+* Enter the `oc get` command for the object with the `-o` option to see the values of the keys from the file:
 +
 [source,terminal]
 ----
@@ -63,17 +113,7 @@ metadata:
   uid: b4952dc3-d670-11e5-8cd0-68f728db1985
 ----
 
-You can specify the key to set in a config map for content imported from a file. This can be set by passing a `key=value` expression to the `--from-file` option. For example:
-
-. Create a config map by specifying a key-value pair:
-+
-[source,terminal]
-----
-$ oc create configmap game-config-3 \
-    --from-file=game-special-key=example-files/game.properties
-----
-
-. Verify the results:
+* Enter the `oc get` command for the object with the `-o` option to see the values of the keys from the key-value pair:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-pods-configmap-creating-from-literal-values.adoc b/modules/nodes-pods-configmap-creating-from-literal-values.adoc
index 7b2dfd0a8378..9ee46a7e36c8 100644
--- a/modules/nodes-pods-configmap-creating-from-literal-values.adoc
+++ b/modules/nodes-pods-configmap-creating-from-literal-values.adoc
@@ -2,17 +2,17 @@
 //
 //* authentication/configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmap-creating-from-literal-values_{context}"]
 = Creating a config map from literal values
 
 You can supply literal values for a config map.
 
-.Procedure
+The `--from-literal` option takes a `key=value` syntax, which allows literal values to be supplied directly on the command line.
 
-The `--from-literal` option takes a `key=value` syntax that allows literal values to be supplied directly on the command line.
+.Procedure
 
-. Create a config map by specifying a literal value:
+* Create a config map by specifying a literal value:
 +
 [source,terminal]
 ----
@@ -21,7 +21,9 @@ $ oc create configmap special-config \
     --from-literal=special.type=charm
 ----
 
-. Verify the results:
+.Verification
+
+* Enter the `oc get` command for the object with the `-o` option to see the values of the keys:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-pods-configmap-overview.adoc b/modules/nodes-pods-configmap-overview.adoc
index ccdb6ad98075..d8899b9ae7a7 100644
--- a/modules/nodes-pods-configmap-overview.adoc
+++ b/modules/nodes-pods-configmap-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/configmaps.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-configmap-overview_{context}"]
 = Understanding config maps
 
diff --git a/modules/nodes-pods-configmaps-use-case-consuming-in-env-vars.adoc b/modules/nodes-pods-configmaps-use-case-consuming-in-env-vars.adoc
index a401baf54b83..17ad53c5449b 100644
--- a/modules/nodes-pods-configmaps-use-case-consuming-in-env-vars.adoc
+++ b/modules/nodes-pods-configmaps-use-case-consuming-in-env-vars.adoc
@@ -2,7 +2,7 @@
 //
 //* authentication/configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmaps-use-case-consuming-in-env-vars_{context}"]
 = Populating environment variables in containers by using config maps
 
diff --git a/modules/nodes-pods-configmaps-use-case-consuming-in-volumes.adoc b/modules/nodes-pods-configmaps-use-case-consuming-in-volumes.adoc
index de787a5373a5..ced7c0723e5a 100644
--- a/modules/nodes-pods-configmaps-use-case-consuming-in-volumes.adoc
+++ b/modules/nodes-pods-configmaps-use-case-consuming-in-volumes.adoc
@@ -2,7 +2,7 @@
 //
 //* authentication/configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmaps-use-case-consuming-in-volumes_{context}"]
 = Injecting content into a volume by using config maps
 
@@ -80,7 +80,7 @@ spec:
           path: path/to/special-key <1>
   restartPolicy: Never
 ----
-<1> Path to config map key. 
+<1> Path to config map key.
 +
 When this pod is run, the output of the cat command will be:
 +
diff --git a/modules/nodes-pods-configmaps-use-case-setting-command-line-arguments.adoc b/modules/nodes-pods-configmaps-use-case-setting-command-line-arguments.adoc
index 2308bed67823..d9c02be80596 100644
--- a/modules/nodes-pods-configmaps-use-case-setting-command-line-arguments.adoc
+++ b/modules/nodes-pods-configmaps-use-case-setting-command-line-arguments.adoc
@@ -3,7 +3,7 @@
 //* nodes/pods/configmaps.adoc
 //* applications/config-maps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configmaps-use-case-setting-command-line-arguments_{context}"]
 = Setting command-line arguments for container commands with config maps
 
diff --git a/modules/nodes-pods-configuring-bandwidth.adoc b/modules/nodes-pods-configuring-bandwidth.adoc
index 881466c105a3..398113e5251a 100644
--- a/modules/nodes-pods-configuring-bandwidth.adoc
+++ b/modules/nodes-pods-configuring-bandwidth.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-pods-configuring.adoc
 // * nodes/nodes-cluster-pods-configuring
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configuring-bandwidth_{context}"]
 = Limiting the bandwidth available to pods
 
diff --git a/modules/nodes-pods-configuring-pod-critical.adoc b/modules/nodes-pods-configuring-pod-critical.adoc
index 9506fbc651fa..ed6ed20d2da5 100644
--- a/modules/nodes-pods-configuring-pod-critical.adoc
+++ b/modules/nodes-pods-configuring-pod-critical.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-pods-configuring.adoc
 // * nodes/nodes-cluster-pods-configuring
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-configuring-critical_{context}"]
 = Preventing pod removal using critical pods
 
diff --git a/modules/nodes-pods-configuring-reducing.adoc b/modules/nodes-pods-configuring-reducing.adoc
index c78a43bd24da..d374de61ec0f 100644
--- a/modules/nodes-pods-configuring-reducing.adoc
+++ b/modules/nodes-pods-configuring-reducing.adoc
@@ -3,13 +3,13 @@
 // * nodes/nodes-pods-configuring.adoc
 // * nodes/nodes-cluster-pods-configuring
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nodes-pods-configuring-reducing_{context}"]
 = Reducing pod timeouts when using persistent volumes with high file counts
 
 If a storage volume contains many files (~1,000,000 or greater), you might experience pod timeouts.
 
-This can occur because, when volumes are mounted, {product-title} recursively changes the ownership and permissions of the contents of each volume in order to match the `fsGroup` specified in a pod's `securityContext`. For large volumes, checking and changing the ownership and permissions can be time consuming, resulting in a very slow pod startup. 
+This can occur because, when volumes are mounted, {product-title} recursively changes the ownership and permissions of the contents of each volume in order to match the `fsGroup` specified in a pod's `securityContext`. For large volumes, checking and changing the ownership and permissions can be time consuming, resulting in a very slow pod startup.
 
 You can reduce this delay by applying one of the following workarounds:
 
diff --git a/modules/nodes-pods-daemonsets-creating.adoc b/modules/nodes-pods-daemonsets-creating.adoc
index f6085d5f64c9..9a5ee927f78e 100644
--- a/modules/nodes-pods-daemonsets-creating.adoc
+++ b/modules/nodes-pods-daemonsets-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-daemonsets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-daemonsets-creating_{context}"]
 = Creating daemonsets
 
@@ -32,15 +32,18 @@ metadata:
   name: <namespace>
   annotations:
     openshift.io/node-selector: ''
+#...
 ----
 ====
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * If you are creating a new project, overwrite the default node selector:
 +
 [source,terminal]
 ----
 $ oc adm new-project <name> --node-selector=""
 ----
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
@@ -76,6 +79,7 @@ spec:
         terminationMessagePath: /dev/termination-log
       serviceAccount: default
       terminationGracePeriodSeconds: 10
+#...
 ----
 <1> The label selector that determines which pods belong to the daemon set.
 <2> The pod template's label selector. Must match the label selector above.
diff --git a/modules/nodes-pods-plugins-about.adoc b/modules/nodes-pods-plugins-about.adoc
index 0169494a1e90..6f0e003c442e 100644
--- a/modules/nodes-pods-plugins-about.adoc
+++ b/modules/nodes-pods-plugins-about.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-pods-plugin.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-plugins-about_{context}"]
 = Understanding device plugins
 
@@ -42,7 +42,7 @@ service DevicePlugin {
 
       // PreStartcontainer is called, if indicated by Device Plug-in during
       // registration phase, before each container start. Device plug-in
-      // can run device specific operations such as reseting the device
+      // can run device specific operations such as resetting the device
       // before making devices available to the container
       rpc PreStartcontainer(PreStartcontainerRequest) returns (PreStartcontainerResponse) {}
 }
@@ -54,7 +54,7 @@ service DevicePlugin {
 * link:https://github.com/NVIDIA/k8s-device-plugin[Nvidia official GPU device plugin]
 * link:https://github.com/vikaschoudhary16/sfc-device-plugin[Solarflare device plugin]
 * link:https://github.com/kubevirt/kubernetes-device-plugins[KubeVirt device plugins: vfio and kvm]
-* link:https://github.com/ibm-s390-cloud/k8s-cex-dev-plugin[Kubernetes device plugin for IBM Crypto Express (CEX) cards]
+* link:https://github.com/ibm-s390-cloud/k8s-cex-dev-plugin[Kubernetes device plugin for {ibm-name} Crypto Express (CEX) cards]
 
 
 [NOTE]
diff --git a/modules/nodes-pods-plugins-device-mgr.adoc b/modules/nodes-pods-plugins-device-mgr.adoc
index 33c13b467113..602f49bb89f0 100644
--- a/modules/nodes-pods-plugins-device-mgr.adoc
+++ b/modules/nodes-pods-plugins-device-mgr.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-pods-plugins.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-plugins-device-mgr_{context}"]
 = Understanding the Device Manager
 
diff --git a/modules/nodes-pods-plugins-install.adoc b/modules/nodes-pods-plugins-install.adoc
index 37159dc3490f..239f89d1ebd6 100644
--- a/modules/nodes-pods-plugins-install.adoc
+++ b/modules/nodes-pods-plugins-install.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-pods-plugins.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-plugins-install_{context}"]
 = Enabling Device Manager
 
diff --git a/modules/nodes-pods-pod-disruption-about.adoc b/modules/nodes-pods-pod-disruption-about.adoc
index 26fd08de0956..d6ad9ff1849c 100644
--- a/modules/nodes-pods-pod-disruption-about.adoc
+++ b/modules/nodes-pods-pod-disruption-about.adoc
@@ -4,15 +4,11 @@
 // * nodes/nodes-cluster-pods-configuring
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: CONCEPT
-[id="nodes-pods-configuring-pod-distruption-about_{context}"]
+:_mod-docs-content-type: CONCEPT
+[id="nodes-pods-pod-distruption-about_{context}"]
 = Understanding how to use pod disruption budgets to specify the number of pods that must be up
 
-A _pod disruption budget_ is part of the
-link:http://kubernetes.io/docs/admin/disruptions/[Kubernetes] API, which can be
-managed with `oc` commands like other object types. They
-allow the specification of safety constraints on pods during operations, such as
-draining a node for maintenance.
+A _pod disruption budget_ allows the specification of safety constraints on pods during operations, such as draining a node for maintenance.
 
 `PodDisruptionBudget` is an API object that specifies the minimum number or
 percentage of replicas that must be up at a time. Setting these in projects can
diff --git a/modules/nodes-pods-pod-disruption-configuring.adoc b/modules/nodes-pods-pod-disruption-configuring.adoc
index a02427df4f5f..4d9e355a2bed 100644
--- a/modules/nodes-pods-pod-disruption-configuring.adoc
+++ b/modules/nodes-pods-pod-disruption-configuring.adoc
@@ -4,7 +4,7 @@
 // * nodes/nodes-cluster-pods-configuring
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-pod-disruption-configuring_{context}"]
 = Specifying the number of pods that must be up with pod disruption budgets
 
diff --git a/modules/nodes-pods-priority-about.adoc b/modules/nodes-pods-priority-about.adoc
index 49de51bd3b16..9e3c1b6c7c30 100644
--- a/modules/nodes-pods-priority-about.adoc
+++ b/modules/nodes-pods-priority-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-priority.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-priority-about_{context}"]
 = Understanding pod priority
 
diff --git a/modules/nodes-pods-priority-configuring.adoc b/modules/nodes-pods-priority-configuring.adoc
index 3e6dd2654328..17c41fd64e0d 100644
--- a/modules/nodes-pods-priority-configuring.adoc
+++ b/modules/nodes-pods-priority-configuring.adoc
@@ -2,14 +2,27 @@
 //
 // * nodes/nodes-pods-priority.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-priority-configuring_{context}"]
 = Configuring priority and preemption
 
-You apply pod priority and preemption by creating a priority class object and associating pods to the priority using the
-`priorityClassName` in your `Pod` specs.
+You apply pod priority and preemption by creating a priority class object and associating pods to the priority by using the
+`priorityClassName` in your pod specs.
 
-.Sample priority class object
+[NOTE]
+====
+You cannot add a priority class directly to an existing scheduled pod.
+====
+
+.Procedure
+
+To configure your cluster to use priority and preemption:
+
+ifndef::openshift-rosa,openshift-dedicated[]
+. Create one or more priority classes:
+
+.. Create a YAML file similar to the following:
++
 [source,yaml]
 ----
 apiVersion: scheduling.k8s.io/v1
@@ -23,23 +36,70 @@ description: "This priority class should be used for XYZ service pods only." <5>
 ----
 <1> The name of the priority class object.
 <2> The priority value of the object.
-<3> Optional field that indicates whether this priority class is preempting or non-preempting. The preemption policy defaults to `PreemptLowerPriority`, which allows pods of that priority class to preempt lower-priority pods. If the preemption policy is set to `Never`, pods in that priority class are non-preempting.
-<4> Optional field that indicates whether this priority class should be used for pods without a priority class name specified. This field is `false` by default. Only one priority class with `globalDefault` set to `true` can exist in the cluster. If there is no priority class with `globalDefault:true`, the priority of pods with no priority class name is zero. Adding a priority class with `globalDefault:true` affects only pods created after the priority class is added and does not change the priorities of existing pods.
-<5> Optional arbitrary text string that describes which pods developers should use with this priority class.
-
-.Procedure
+<3> Optional. Specifies whether this priority class is preempting or non-preempting. The preemption policy defaults to `PreemptLowerPriority`, which allows pods of that priority class to preempt lower-priority pods. If the preemption policy is set to `Never`, pods in that priority class are non-preempting.
+<4> Optional. Specifies whether this priority class should be used for pods without a priority class name specified. This field is `false` by default. Only one priority class with `globalDefault` set to `true` can exist in the cluster. If there is no priority class with `globalDefault:true`, the priority of pods with no priority class name is zero. Adding a priority class with `globalDefault:true` affects only pods created after the priority class is added and does not change the priorities of existing pods.
+<5> Optional. Describes which pods developers should use with this priority class. Enter an arbitrary text string.
 
-To configure your cluster to use priority and preemption:
-
-. Create one or more priority classes:
+.. Create the priority class:
++
+[source,terminal]
+----
+$ oc create -f <file-name>.yaml
+----
 
-.. Specify a name and value for the priority.
+. Create a pod spec to include the name of a priority class:
+// ROSA/OSD cannot create new priority classes. Must use the defaults.
+.. Create a YAML file similar to the following:
++
+ifndef::openshift-rosa,openshift-dedicated[]
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  labels:
+    env: test
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
+  priorityClassName: high-priority <1>
+----
+<1> Specify the priority class to use with this pod.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  labels:
+    env: test
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
+  priorityClassName: system-cluster-critical <1>
+----
+<1> Specify the priority class to use with this pod.
+endif::openshift-rosa,openshift-dedicated[]
 
-.. Optionally specify the `globalDefault` field in the priority class and a description.
+.. Create the pod:
++
+[source,terminal]
+----
+$ oc create -f <file-name>.yaml
+----
+endif::openshift-rosa,openshift-dedicated[]
 
-. Create a `Pod` spec or edit existing pods to include the name of a priority class, similar to the following:
+ifdef::openshift-rosa,openshift-dedicated[]
+// ROSA/OSD cannot create new priority classes. Must use the defaults.
+. Define a pod spec to include the name of a priority class by creating a YAML file similar to the following:
 +
-.Sample `Pod` spec with priority class name
 [source,yaml]
 ----
 apiVersion: v1
@@ -53,7 +113,7 @@ spec:
   - name: nginx
     image: nginx
     imagePullPolicy: IfNotPresent
-  priorityClassName: high-priority <1>
+  priorityClassName: system-cluster-critical <1>
 ----
 <1> Specify the priority class to use with this pod.
 
@@ -63,5 +123,6 @@ spec:
 ----
 $ oc create -f <file-name>.yaml
 ----
+endif::openshift-rosa,openshift-dedicated[]
 +
 You can add the priority name directly to the pod configuration or to a pod template.
diff --git a/modules/nodes-pods-priority-preempt-about.adoc b/modules/nodes-pods-priority-preempt-about.adoc
index 664714e651b0..7f22396de52c 100644
--- a/modules/nodes-pods-priority-preempt-about.adoc
+++ b/modules/nodes-pods-priority-preempt-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-priority.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-priority-preempt-about_{context}"]
 = Understanding pod preemption
 
diff --git a/modules/nodes-pods-secrets-about.adoc b/modules/nodes-pods-secrets-about.adoc
index f8a2a00616d8..b4902a6ed595 100644
--- a/modules/nodes-pods-secrets-about.adoc
+++ b/modules/nodes-pods-secrets-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-secrets-about_{context}"]
 = Understanding secrets
 
@@ -29,8 +29,8 @@ metadata:
   namespace: my-namespace
 type: Opaque <1>
 data: <2>
-  username: dmFsdWUtMQ0K <3>
-  password: dmFsdWUtMg0KDQo=
+  username: <username> <3>
+  password: <password>
 stringData: <4>
   hostname: myapp.mydomain.com <5>
 ----
@@ -84,7 +84,3 @@ For examples of different secret types, see the code samples in _Using Secrets_.
 == Secret data keys
 
 Secret keys must be in a DNS subdomain.
-
-// remove this snippet for 4.12+
-
-include::snippets/service-account-auto-secret-removed.adoc[]
diff --git a/modules/nodes-pods-secrets-certificates-about.adoc b/modules/nodes-pods-secrets-certificates-about.adoc
index 34d8b86b2dff..0b3811d7f8b5 100644
--- a/modules/nodes-pods-secrets-certificates-about.adoc
+++ b/modules/nodes-pods-secrets-certificates-about.adoc
@@ -2,19 +2,19 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-secrets-certificates-about_{context}"]
 = About using signed certificates with secrets
 
 To secure communication to your service, you can configure {product-title} to generate a signed
-serving certificate/key pair that you can add into a secret in a project. 
+serving certificate/key pair that you can add into a secret in a project.
 
 A _service serving certificate secret_ is intended to support complex middleware
 applications that need out-of-the-box certificates. It has the same settings as
 the server certificates generated by the administrator tooling for nodes and
 masters.
 
-.Service `Pod` spec configured for a service serving certificates secret. 
+.Service `Pod` spec configured for a service serving certificates secret.
 
 [source,yaml]
 ----
diff --git a/modules/nodes-pods-secrets-certificates-creating.adoc b/modules/nodes-pods-secrets-certificates-creating.adoc
index d242b1856d22..d08a64b527a2 100644
--- a/modules/nodes-pods-secrets-certificates-creating.adoc
+++ b/modules/nodes-pods-secrets-certificates-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-certificates-creating_{context}"]
 = Generating signed certificates for use with secrets
 
@@ -47,7 +47,7 @@ $ oc create -f <file-name>.yaml
 
 . View the secret to make sure it was created:
 
-.. View a list of all secrets: 
+.. View a list of all secrets:
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-pods-secrets-creating-basic.adoc b/modules/nodes-pods-secrets-creating-basic.adoc
index 104c6c022921..6c702e6ed580 100644
--- a/modules/nodes-pods-secrets-creating-basic.adoc
+++ b/modules/nodes-pods-secrets-creating-basic.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-creating-basic_{context}"]
 = Creating a basic authentication secret
 
@@ -31,7 +31,7 @@ type: kubernetes.io/basic-auth <1>
 data:
 stringData: <2>
   username: admin
-  password: t0p-Secret
+  password: <password>
 ----
 <1> Specifies a basic authentication secret.
 <2> Specifies the basic authentication values to use.
diff --git a/modules/nodes-pods-secrets-creating-docker.adoc b/modules/nodes-pods-secrets-creating-docker.adoc
index c6aab4b8e53c..e621840a3322 100644
--- a/modules/nodes-pods-secrets-creating-docker.adoc
+++ b/modules/nodes-pods-secrets-creating-docker.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-creating-docker_{context}"]
 = Creating a Docker configuration secret
 
diff --git a/modules/nodes-pods-secrets-creating-opaque.adoc b/modules/nodes-pods-secrets-creating-opaque.adoc
index 7423b1881753..4d890941d273 100644
--- a/modules/nodes-pods-secrets-creating-opaque.adoc
+++ b/modules/nodes-pods-secrets-creating-opaque.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-creating-opaque_{context}"]
 = Creating an opaque secret
 
@@ -22,8 +22,8 @@ metadata:
   name: mysecret
 type: Opaque <1>
 data:
-  username: dXNlci1uYW1l
-  password: cGFzc3dvcmQ=
+  username: <username>
+  password: <password>
 ----
 <1> Specifies an opaque secret.
 
diff --git a/modules/nodes-pods-secrets-creating-sa.adoc b/modules/nodes-pods-secrets-creating-sa.adoc
index a20ea49ca11f..5443175bbd03 100644
--- a/modules/nodes-pods-secrets-creating-sa.adoc
+++ b/modules/nodes-pods-secrets-creating-sa.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-creating-sa_{context}"]
 = Creating a service account token secret
 
diff --git a/modules/nodes-pods-secrets-creating-ssh.adoc b/modules/nodes-pods-secrets-creating-ssh.adoc
index 018067cd650a..7ba5c8130526 100644
--- a/modules/nodes-pods-secrets-creating-ssh.adoc
+++ b/modules/nodes-pods-secrets-creating-ssh.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-creating-ssh_{context}"]
 = Creating an SSH authentication secret
 
diff --git a/modules/nodes-pods-secrets-creating-tls.adoc b/modules/nodes-pods-secrets-creating-tls.adoc
index 1ca4e88f6d5d..c48c4ecfe960 100644
--- a/modules/nodes-pods-secrets-creating-tls.adoc
+++ b/modules/nodes-pods-secrets-creating-tls.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-secrets-creating-tls_{context}"]
 = Creating a TLS secret
 
diff --git a/modules/nodes-pods-secrets-creating-web-console-secrets.adoc b/modules/nodes-pods-secrets-creating-web-console-secrets.adoc
new file mode 100644
index 000000000000..768e42274bec
--- /dev/null
+++ b/modules/nodes-pods-secrets-creating-web-console-secrets.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-pods-secrets-creating-web-console-secrets_{context}"]
+= Creating a secret using the web console
+
+You can create secrets using the web console.
+
+.Procedure
+
+. Navigate to *Workloads* -> *Secrets*.
+. Click *Create* -> *From YAML*.
+.. Edit the YAML manually to your specifications, or drag and drop a file into the YAML editor.
+For example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: example
+  namespace: <namespace>
+type: Opaque <1>
+data:
+  username: <base64 encoded username>
+  password: <base64 encoded password>
+stringData: <2>
+  hostname: myapp.mydomain.com
+----
+<1> This example specifies an opaque secret; however, you may see other secret types such as service account token secret, basic authentication secret, SSH authentication secret, or a secret that uses Docker configuration.
+<2> Entries in the `stringData` map are converted to base64 and the entry will then be moved to the `data` map automatically. This field is write-only; the value will only be returned via the `data` field.
+
+. Click *Create*.
+. Click *Add Secret to workload*.
+.. From the drop-down menu, select the workload to add.
+.. Click *Save*.
diff --git a/modules/nodes-pods-secrets-creating.adoc b/modules/nodes-pods-secrets-creating.adoc
index d7dd4b366adb..27161135de54 100644
--- a/modules/nodes-pods-secrets-creating.adoc
+++ b/modules/nodes-pods-secrets-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-secrets-creating_{context}"]
 = Understanding how to create secrets
 
@@ -22,8 +22,8 @@ metadata:
   name: test-secret
 type: Opaque <1>
 data: <2>
-  username: dmFsdWUtMQ0K
-  password: dmFsdWUtMQ0KDQo=
+  username: <username>
+  password: <password>
 stringData: <3>
   hostname: myapp.mydomain.com
   secret.properties: |
@@ -75,7 +75,7 @@ spec:
         secretName: test-secret <4>
   restartPolicy: Never
 ----
-<1> Add a `volumeMounts` field to each container that needs the secret. 
+<1> Add a `volumeMounts` field to each container that needs the secret.
 <2> Specifies an unused directory name where you would like the secret to appear. Each key in the secret data map becomes the filename under `mountPath`.
 <3> Set to `true`.  If true, this instructs the driver to provide a read-only volume.
 <4> Specifies the name of the secret.
diff --git a/modules/nodes-pods-secrets-updating.adoc b/modules/nodes-pods-secrets-updating.adoc
index a92dd475672d..f3ab35672903 100644
--- a/modules/nodes-pods-secrets-updating.adoc
+++ b/modules/nodes-pods-secrets-updating.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-secrets.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-secrets-updating_{context}"]
 = Understanding how to update secrets
 
diff --git a/modules/nodes-pods-using-about.adoc b/modules/nodes-pods-using-about.adoc
index 6e7070ac1ce7..e55e45e40c92 100644
--- a/modules/nodes-pods-using-about.adoc
+++ b/modules/nodes-pods-using-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-using.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-using-about_{context}"]
 = Understanding pods
 
diff --git a/modules/nodes-pods-vertical-autoscaler-about.adoc b/modules/nodes-pods-vertical-autoscaler-about.adoc
index 27217b1c6fa6..76c3ffc99909 100644
--- a/modules/nodes-pods-vertical-autoscaler-about.adoc
+++ b/modules/nodes-pods-vertical-autoscaler-about.adoc
@@ -2,11 +2,22 @@
 //
 // * nodes/nodes-vertical-autoscaler.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-vertical-autoscaler-about_{context}"]
 = About the Vertical Pod Autoscaler Operator
 
-The Vertical Pod Autoscaler Operator (VPA) is implemented as an API resource and a custom resource (CR). The CR determines the actions the Vertical Pod Autoscaler Operator should take with the pods associated with a specific workload object, such as a daemon set, replication controller, and so forth, in a project.
+The Vertical Pod Autoscaler Operator (VPA) is implemented as an API resource and a custom resource (CR). The CR determines the actions that the VPA Operator should take with the pods associated with a specific workload object, such as a daemon set, replication controller, and so forth, in a project.
+
+The VPA Operator consists of three components, each of which has its own pod in the VPA namespace:
+
+Recommender::
+The VPA recommender monitors the current and past resource consumption and, based on this data, determines the optimal CPU and memory resources for the pods in the associated workload object.
+
+Updater:: 
+The VPA updater checks if the pods in the associated workload object have the correct resources. If the resources are correct, the updater takes no action. If the resources are not correct, the updater kills the pod so that they can be recreated by their controllers with the updated requests.
+
+Admission controller:: 
+The VPA admission controller sets the correct resource requests on each new pod in the associated workload object, whether the pod is new or was recreated by its controller due to the VPA updater actions.
 
 You can use the default recommender or use your own alternative recommender to autoscale based on your own algorithms.
 
diff --git a/modules/nodes-pods-vertical-autoscaler-configuring.adoc b/modules/nodes-pods-vertical-autoscaler-configuring.adoc
index ebc64fdc95c8..c045670dee04 100644
--- a/modules/nodes-pods-vertical-autoscaler-configuring.adoc
+++ b/modules/nodes-pods-vertical-autoscaler-configuring.adoc
@@ -2,11 +2,11 @@
 //
 // * nodes/nodes-vertical-autoscaler.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-vertical-autoscaler-configuring_{context}"]
 = Using the Vertical Pod Autoscaler Operator
 
-You can use the Vertical Pod Autoscaler Operator (VPA) by creating a VPA custom resource (CR). The CR indicates which pods it should analyze and determines the actions the VPA should take with those pods. 
+You can use the Vertical Pod Autoscaler Operator (VPA) by creating a VPA custom resource (CR). The CR indicates which pods it should analyze and determines the actions the VPA should take with those pods.
 
 .Prerequisites
 
@@ -46,9 +46,9 @@ spec:
 <2> Specify the name of an existing workload object you want this VPA to manage.
 <3> Specify the VPA mode:
 * `auto` to automatically apply the recommended resources on pods associated with the controller. The VPA terminates existing pods and creates new pods with the recommended resource limits and requests.
-* `recreate` to automatically apply the recommended resources on pods associated with the workload object. The VPA terminates existing pods and creates new pods with the recommended resource limits and requests. The `recreate` mode should be used rarely, only if you need to ensure that the pods are restarted whenever the resource request changes. 
+* `recreate` to automatically apply the recommended resources on pods associated with the workload object. The VPA terminates existing pods and creates new pods with the recommended resource limits and requests. The `recreate` mode should be used rarely, only if you need to ensure that the pods are restarted whenever the resource request changes.
 * `initial` to automatically apply the recommended resources when pods associated with the workload object are created. The VPA does not update the pods as it learns new resource recommendations.
-* `off` to only generate resource recommendations for the pods associated with the workload object. The VPA does not update the pods as it learns new resource recommendations and does not apply the recommendations to new pods. 
+* `off` to only generate resource recommendations for the pods associated with the workload object. The VPA does not update the pods as it learns new resource recommendations and does not apply the recommendations to new pods.
 <4> Optional. Specify the containers you want to opt-out and set the mode to `Off`.
 <5> Optional. Specify an alternative recommender.
 
@@ -109,7 +109,7 @@ status:
 
 ...
 ----
-<1> `lowerBound` is the minimum recommended resource levels. 
-<2> `target` is the recommended resource levels. 
-<3> `upperBound` is the highest recommended resource levels. 
-<4> `uncappedTarget` is the most recent resource recommendations. 
+<1> `lowerBound` is the minimum recommended resource levels.
+<2> `target` is the recommended resource levels.
+<3> `upperBound` is the highest recommended resource levels.
+<4> `uncappedTarget` is the most recent resource recommendations.
diff --git a/modules/nodes-pods-vertical-autoscaler-custom.adoc b/modules/nodes-pods-vertical-autoscaler-custom.adoc
index 457a3b89da3a..a91fbe0fac9d 100644
--- a/modules/nodes-pods-vertical-autoscaler-custom.adoc
+++ b/modules/nodes-pods-vertical-autoscaler-custom.adoc
@@ -2,13 +2,13 @@
 //
 // * nodes/nodes-vertical-autoscaler.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-vertical-autoscaler-custom_{context}"]
-= Using an alternative recommender 
+= Using an alternative recommender
 
-You can use your own recommender to autoscale based on your own algorithms. If you do not specify an alternative recommender, {product-title} uses the default recommender, which suggests CPU and memory requests based on historical usage. Because there is no universal recommendation policy that applies to all types of workloads, you might want to create and deploy different recommenders for specific workloads. 
+You can use your own recommender to autoscale based on your own algorithms. If you do not specify an alternative recommender, {product-title} uses the default recommender, which suggests CPU and memory requests based on historical usage. Because there is no universal recommendation policy that applies to all types of workloads, you might want to create and deploy different recommenders for specific workloads.
 
-For example, the default recommender might not accurately predict future resource usage when containers exhibit certain resource behaviors, such as cyclical patterns that alternate between usage spikes and idling as used by monitoring applications, or recurring and repeating patterns used with deep learning applications. Using the default recommender with these usage behaviors might result in significant over-provisioning and Out of Memory (OOM) kills for your applications. 
+For example, the default recommender might not accurately predict future resource usage when containers exhibit certain resource behaviors, such as cyclical patterns that alternate between usage spikes and idling as used by monitoring applications, or recurring and repeating patterns used with deep learning applications. Using the default recommender with these usage behaviors might result in significant over-provisioning and Out of Memory (OOM) kills for your applications.
 
 // intro paragraph based on https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler/enhancements/3919-customized-recommender-vpa
 
@@ -19,7 +19,7 @@ Instructions for how to create a recommender are beyond the scope of this docume
 
 .Procedure
 
-To use an alternative recommender for your pods: 
+To use an alternative recommender for your pods:
 
 . Create a service account for the alternative recommender and bind that service account to the required cluster role:
 +
@@ -70,8 +70,8 @@ subjects:
   name: alt-vpa-recommender-sa
   namespace: <namespace_name>
 ----
-<1> Creates a service accocunt for the recommender in the namespace where the recommender is deployed. 
-<2> Binds the recommender service account to the `metrics-reader` role. Specify the namespace where the recommender is to be deployed. 
+<1> Creates a service accocunt for the recommender in the namespace where the recommender is deployed.
+<2> Binds the recommender service account to the `metrics-reader` role. Specify the namespace where the recommender is to be deployed.
 <3> Binds the recommender service account to the `vpa-actor` role. Specify the namespace where the recommender is to be deployed.
 <4> Binds the recommender service account to the `vpa-target-reader` role. Specify the namespace where the recommender is to be deployed.
 
@@ -122,7 +122,7 @@ spec:
 +
 --
 <1> Creates a container for your alternative recommender.
-<2> Specifies your recommender image. 
+<2> Specifies your recommender image.
 <3> Associates the service account that you created for the recommender.
 --
 +
@@ -130,7 +130,7 @@ A new pod is created for the alternative recommender in the same namespace.
 +
 [source,terminal]
 ----
-$ oc get pods 
+$ oc get pods
 ----
 +
 .Example output
@@ -159,7 +159,7 @@ spec:
   targetRef:
     apiVersion: "apps/v1"
     kind:       Deployment <2>
-    name:       frontend 
+    name:       frontend
 ----
 <1> Specifies the name of the alternative recommender deployment.
 <2> Specifies the name of an existing workload object you want this VPA to manage.
diff --git a/modules/nodes-pods-vertical-autoscaler-install.adoc b/modules/nodes-pods-vertical-autoscaler-install.adoc
index 30840e9e2f99..bc4717abb8c6 100644
--- a/modules/nodes-pods-vertical-autoscaler-install.adoc
+++ b/modules/nodes-pods-vertical-autoscaler-install.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-vertical-autoscaler.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-vertical-autoscaler-install_{context}"]
 = Installing the Vertical Pod Autoscaler Operator
 
diff --git a/modules/nodes-pods-vertical-autoscaler-tuning.adoc b/modules/nodes-pods-vertical-autoscaler-tuning.adoc
new file mode 100644
index 000000000000..ecfd6392a3ae
--- /dev/null
+++ b/modules/nodes-pods-vertical-autoscaler-tuning.adoc
@@ -0,0 +1,162 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-vertical-autoscaler.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-pods-vertical-autoscaler-tuning_{context}"]
+= Performance tuning the VPA Operator
+
+As a cluster administrator, you can tune the performance of your Vertical Pod Autoscaler Operator (VPA) to limit the rate at which the VPA makes requests of the Kubernetes API server and to specify the CPU and memory resources for the VPA recommender, updater, and admission controller component pods.
+
+Additionally, you can configure the VPA Operator to monitor only those workloads that are being managed by a VPA custom resource (CR). By default, the VPA Operator monitors every workload in the cluster. This allows the VPA Operator to accrue and store 8 days of historical data for all workloads, which the Operator can use if a new VPA CR is created for a workload. However, this causes the VPA Operator to use significant CPU and memory, which could cause the Operator to fail, particularly on larger clusters. By configuring the VPA Operator to monitor only workloads with a VPA CR, you can save on CPU and memory resources. One trade-off is that if you have a workload that has been running, and you create a VPA CR to manage that workload, the VPA Operator does not have any historical data for that workload. As a result, the initial recommendations are not as useful as those after the workload had been running for some time.
+
+These tunings allow you to ensure the VPA has sufficient resources to operate at peak efficiency and to prevent throttling and a possible delay in pod admissions. 
+
+You can perform the following tunings on the VPA components by editing the `VerticalPodAutoscalerController` custom resource (CR):
+
+* To prevent throttling and pod admission delays, set the queries-per-second (QPS) and burst rates for VPA requests of the Kubernetes API server by using the `kube-api-qps` and `kube-api-burst` parameters.
+
+* To ensure sufficient CPU and memory, set the CPU and memory requests for VPA component pods by using the standard `cpu` and `memory` resource requests.
+
+* To configure the VPA Operator to monitor only workloads that are being managed by a VPA CR, set the `memory-saver` parameter to `true` for the recommender component.
+
+The following example VPA controller CR sets the VPA API QPS and burts rates, configures the component pod resource requests, and sets `memory-saver` to `true` for the recommender:
+
+.Example `VerticalPodAutoscalerController` CR
+[source,yaml]
+----
+apiVersion: autoscaling.openshift.io/v1
+kind: VerticalPodAutoscalerController
+metadata:
+  name: default
+  namespace: openshift-vertical-pod-autoscaler
+spec:
+  deploymentOverrides:
+    admission: <1>
+      container:
+        args: <2>
+          - '--kube-api-qps=30.0'
+          - '--kube-api-burst=40.0'
+        resources:
+          requests: <3>
+            cpu: 40m
+            memory: 40Mi
+    recommender: <4>
+      container:
+        args:
+          - '--kube-api-qps=20.0'
+          - '--kube-api-burst=60.0'
+          - '--memory-saver=true' <5>
+        resources:
+          requests:
+            cpu: 60m
+            memory: 60Mi
+    updater: <6>
+      container:
+        args:
+          - '--kube-api-qps=20.0'
+          - '--kube-api-burst=80.0'
+        resources:
+          requests:
+            cpu: 80m
+            memory: 80Mi
+  minReplicas: 2
+  podMinCPUMillicores: 25
+  podMinMemoryMb: 250
+  recommendationOnly: false
+  safetyMarginFraction: 0.15
+----
+<1> Specifies the tuning parameters for the VPA admission controller.
+<2> Specifies the API QPS and burst rates for the VPA admission controller.
++	
+--
+* `kube-api-qps`: Specifies the queries per second (QPS) limit when making requests to Kubernetes API server. The default is `5.0`.
+* `kube-api-burst`: Specifies the burst limit when making requests to Kubernetes API server. The default is `10.0`.
+--
+<3> Specifies the CPU and memory requests for the VPA admission controller pod.
+<4> Specifies the tuning parameters for the VPA recommender.
+<5> Specifies that the VPA Operator monitors only workloads with a VPA CR. The default is `false`.
+<6> Specifies the tuning parameters for the VPA updater.
+
+You can verify that the settings were applied to each VPA component pod.
+
+.Example updater pod
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: vpa-updater-default-d65ffb9dc-hgw44
+  namespace: openshift-vertical-pod-autoscaler
+# ...
+spec:
+  containers:
+  - args:
+    - --logtostderr
+    - --v=1
+    - --min-replicas=2
+    - --kube-api-qps=20.0
+    - --kube-api-burst=80.0
+# ...
+    resources:
+      requests:
+        cpu: 80m
+        memory: 80Mi
+# ...
+----
+
+.Example admission controller pod
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: vpa-admission-plugin-default-756999448c-l7tsd
+  namespace: openshift-vertical-pod-autoscaler
+# ...
+spec:
+  containers:
+  - args:
+    - --logtostderr
+    - --v=1
+    - --tls-cert-file=/data/tls-certs/tls.crt
+    - --tls-private-key=/data/tls-certs/tls.key
+    - --client-ca-file=/data/tls-ca-certs/service-ca.crt
+    - --webhook-timeout-seconds=10
+    - --kube-api-qps=30.0
+    - --kube-api-burst=40.0
+# ...
+    resources:
+      requests:
+        cpu: 40m
+        memory: 40Mi
+# ...
+----
+
+.Example recommender pod
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: vpa-recommender-default-74c979dbbc-znrd2
+  namespace: openshift-vertical-pod-autoscaler
+# ...
+spec:
+  containers:
+  - args:
+    - --logtostderr
+    - --v=1
+    - --recommendation-margin-fraction=0.15
+    - --pod-recommendation-min-cpu-millicores=25
+    - --pod-recommendation-min-memory-mb=250
+    - --kube-api-qps=20.0
+    - --kube-api-burst=60.0
+    - --memory-saver=true
+# ...
+    resources:
+      requests:
+        cpu: 60m
+        memory: 60Mi
+# ...
+----
diff --git a/modules/nodes-pods-vertical-autoscaler-uninstall.adoc b/modules/nodes-pods-vertical-autoscaler-uninstall.adoc
index 0e1570adf43f..30400912e615 100644
--- a/modules/nodes-pods-vertical-autoscaler-uninstall.adoc
+++ b/modules/nodes-pods-vertical-autoscaler-uninstall.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-vertical-autoscaler.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-vertical-autoscaler-uninstall_{context}"]
 = Uninstalling the Vertical Pod Autoscaler Operator
 
@@ -13,7 +13,7 @@ You can remove the Vertical Pod Autoscaler Operator (VPA) from your {product-tit
 You can remove a specific VPA CR by using the `oc delete vpa <vpa-name>` command. The same actions apply for resource requests as uninstalling the vertical pod autoscaler.
 ====
 
-After removing the VPA Operator, it is recommended that you remove the other components associated with the Operator to avoid potential issues. 
+After removing the VPA Operator, it is recommended that you remove the other components associated with the Operator to avoid potential issues.
 
 .Prerequisites
 
@@ -33,7 +33,7 @@ After removing the VPA Operator, it is recommended that you remove the other com
 
 . Optional: Use the OpenShift CLI to remove the VPA components:
 
-.. Delete the VPA namespace: 
+.. Delete the VPA namespace:
 +
 [source,terminal]
 ----
@@ -57,7 +57,7 @@ $ oc delete crd verticalpodautoscalercontrollers.autoscaling.openshift.io
 $ oc delete crd verticalpodautoscalers.autoscaling.k8s.io
 ----
 +
-Deleting the CRDs removes the associated roles, cluster roles, and role bindings. 
+Deleting the CRDs removes the associated roles, cluster roles, and role bindings.
 +
 [NOTE]
 ====
diff --git a/modules/nodes-pods-vertical-autoscaler-using-about.adoc b/modules/nodes-pods-vertical-autoscaler-using-about.adoc
index 1d891f767a25..5637a135d6c6 100644
--- a/modules/nodes-pods-vertical-autoscaler-using-about.adoc
+++ b/modules/nodes-pods-vertical-autoscaler-using-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-vertical-autoscaler.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-pods-vertical-autoscaler-using-about_{context}"]
 = About Using the Vertical Pod Autoscaler Operator
 
@@ -97,11 +97,11 @@ The VPA uses the `lowerBound` and `upperBound` values to determine if a pod need
 
 By default, workload objects must specify a minimum of two replicas in order for the VPA to automatically delete and update their pods. As a result, workload objects that specify fewer than two replicas are not automatically acted upon by the VPA. The VPA does update new pods from these workload objects if the pods are restarted by some process external to the VPA.  You can change this cluster-wide minimum value by modifying the `minReplicas` parameter in the `VerticalPodAutoscalerController` custom resource (CR).
 
-For example, if you set `minReplicas` to `3`, the VPA does not delete and update pods for workload objects that specify fewer than three replicas.  
+For example, if you set `minReplicas` to `3`, the VPA does not delete and update pods for workload objects that specify fewer than three replicas.
 
 [NOTE]
 ====
-If you set `minReplicas` to `1`, the VPA can delete the only pod for a workload object that specifies only one replica. You should use this setting with one-replica objects only if your workload can tolerate downtime whenever the VPA deletes a pod to adjust its resources. To avoid unwanted downtime with one-replica objects, configure the VPA CRs with the `podUpdatePolicy` set to `Initial`, which automatically updates the pod only when it is restarted by some process external to the VPA, or `Off`, which allows you to update the pod manually at an appropriate time for your application. 
+If you set `minReplicas` to `1`, the VPA can delete the only pod for a workload object that specifies only one replica. You should use this setting with one-replica objects only if your workload can tolerate downtime whenever the VPA deletes a pod to adjust its resources. To avoid unwanted downtime with one-replica objects, configure the VPA CRs with the `podUpdatePolicy` set to `Initial`, which automatically updates the pod only when it is restarted by some process external to the VPA, or `Off`, which allows you to update the pod manually at an appropriate time for your application.
 ====
 
 .Example `VerticalPodAutoscalerController` object
@@ -160,7 +160,9 @@ spec:
 
 [NOTE]
 ====
-There must be operating pods in the project before the VPA can determine recommended resources and apply the recommendations to new pods.
+Before a VPA can determine recommendations for resources and apply the recommended resources to new pods, operating pods must exist and be running in the project.
+
+If a workload's resource usage, such as CPU and memory, is consistent, the VPA can determine recommendations for resources in a few minutes. If a workload's resource usage is inconsistent, the VPA must collect metrics at various resource usage intervals for the VPA to make an accurate recommendation.
 ====
 
 [id="nodes-pods-vertical-autoscaler-using-pod_{context}"]
@@ -190,7 +192,9 @@ spec:
 
 [NOTE]
 ====
-There must be operating pods in the project before a VPA can determine recommended resources and apply the recommendations to new pods.
+Before a VPA can determine recommended resources and apply the recommendations to new pods, operating pods must exist and be running in the project.
+
+To obtain the most accurate recommendations from the VPA, wait at least 8 days for the pods to run and for the VPA to stabilize.
 ====
 
 [id="nodes-pods-vertical-autoscaler-using-manual_{context}"]
@@ -230,7 +234,9 @@ With the recommendations, you can edit the workload object to add CPU and memory
 
 [NOTE]
 ====
-There must be operating pods in the project before a VPA can determine recommended resources.
+Before a VPA can determine recommended resources and apply the recommendations to new pods, operating pods must exist and be running in the project.
+
+To obtain the most accurate recommendations from the VPA, wait at least 8 days for the pods to run and for the VPA to stabilize.
 ====
 
 [id="nodes-pods-vertical-autoscaler-using-exempt_{context}"]
diff --git a/modules/nodes-pods-viewing-project.adoc b/modules/nodes-pods-viewing-project.adoc
index 7b2ec0af3efa..95c3e34e9dfb 100644
--- a/modules/nodes-pods-viewing-project.adoc
+++ b/modules/nodes-pods-viewing-project.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-viewing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-viewing-project_{context}"]
 = Viewing pods in a project
 
diff --git a/modules/nodes-pods-viewing-usage.adoc b/modules/nodes-pods-viewing-usage.adoc
index afbb45e5cf34..4d43317b0cc5 100644
--- a/modules/nodes-pods-viewing-usage.adoc
+++ b/modules/nodes-pods-viewing-usage.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-viewing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-pods-viewing-usage_{context}"]
 = Viewing pod usage statistics
 
@@ -37,11 +37,11 @@ $ oc adm top pods -n openshift-console
 .Example output
 [source,terminal]
 ----
-NAME                         CPU(cores)   MEMORY(bytes)   
-console-7f58c69899-q8c8k     0m           22Mi            
-console-7f58c69899-xhbgg     0m           25Mi            
-downloads-594fcccf94-bcxk8   3m           18Mi            
-downloads-594fcccf94-kv4p6   2m           15Mi            
+NAME                         CPU(cores)   MEMORY(bytes)
+console-7f58c69899-q8c8k     0m           22Mi
+console-7f58c69899-xhbgg     0m           25Mi
+downloads-594fcccf94-bcxk8   3m           18Mi
+downloads-594fcccf94-kv4p6   2m           15Mi
 ----
 
 . Run the following command to view the usage statistics for pods with labels:
diff --git a/modules/nodes-qos-about-swap.adoc b/modules/nodes-qos-about-swap.adoc
index 14baa3cb2460..af852cec1766 100644
--- a/modules/nodes-qos-about-swap.adoc
+++ b/modules/nodes-qos-about-swap.adoc
@@ -3,7 +3,7 @@
 // * nodes/nodes-cluster-overcommit.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-qos-about-swap_{context}"]
 = Understanding swap memory and QOS
 
diff --git a/modules/nodes-rwn_con_adding-remote-worker-nodes.adoc b/modules/nodes-rwn_con_adding-remote-worker-nodes.adoc
new file mode 100644
index 000000000000..6658979a996b
--- /dev/null
+++ b/modules/nodes-rwn_con_adding-remote-worker-nodes.adoc
@@ -0,0 +1,19 @@
+// This module is included in the following assemblies:
+//
+// nodes/edge/nodes-edge-remote-workers.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-rwn_con_adding-remote-worker-nodes_{context}"]
+= Adding remote worker nodes
+
+Adding remote worker nodes to a cluster involves some additional considerations.
+
+* You must ensure that a route or a default gateway is in place to route traffic between the control plane and every remote worker node.
+
+* You must place the Ingress VIP on the control plane.
+
+* Adding remote worker nodes with user-provisioned infrastructure is identical to adding other worker nodes.
+
+* To add remote worker nodes to an installer-provisioned cluster at install time, specify the subnet for each worker node in the `install-config.yaml` file before installation. There are no additional settings required for the DHCP server. You must use virtual media, because the remote worker nodes will not have access to the local provisioning network.
+
+* To add remote worker nodes to an installer-provisioned cluster deployed with a provisioning network, ensure that `virtualMediaViaExternalNetwork` flag is set to `true` in the `install-config.yaml` file so that it will add the nodes using virtual media. Remote worker nodes will not have access to the local provisioning network. They must be deployed with virtual media rather than PXE. Additionally, specify each subnet for each group of remote worker nodes and the control plane nodes in the DHCP server.
\ No newline at end of file
diff --git a/modules/nodes-safe-sysctls-list.adoc b/modules/nodes-safe-sysctls-list.adoc
index c0e19fa3fcdd..4e067444cd9c 100644
--- a/modules/nodes-safe-sysctls-list.adoc
+++ b/modules/nodes-safe-sysctls-list.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="safe_and_unsafe_sysctls_{context}"]
 = Safe and unsafe sysctls
 
diff --git a/modules/nodes-scheduler-default-about.adoc b/modules/nodes-scheduler-default-about.adoc
index 902766828b8a..e7061ffc43d5 100644
--- a/modules/nodes-scheduler-default-about.adoc
+++ b/modules/nodes-scheduler-default-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-default.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-default-about_{context}"]
 = Understanding default scheduling
 
diff --git a/modules/nodes-scheduler-node-affinity-about.adoc b/modules/nodes-scheduler-node-affinity-about.adoc
index d702b6fb6633..97c19f631bf2 100644
--- a/modules/nodes-scheduler-node-affinity-about.adoc
+++ b/modules/nodes-scheduler-node-affinity-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-affinity.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-node-affinity-about_{context}"]
 = Understanding node affinity
 
@@ -44,6 +44,7 @@ spec:
   containers:
   - name: with-node-affinity
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 <1> The stanza to configure node affinity.
@@ -75,6 +76,7 @@ spec:
   containers:
   - name: with-node-affinity
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 <1> The stanza to configure node affinity.
@@ -97,4 +99,3 @@ If you are using node affinity and node selectors in the same pod configuration,
 
 * If you specify multiple `matchExpressions` associated with `nodeSelectorTerms`, then the pod can be scheduled onto a node only if all `matchExpressions` are satisfied.
 ====
-
diff --git a/modules/nodes-scheduler-node-affinity-configuring-preferred.adoc b/modules/nodes-scheduler-node-affinity-configuring-preferred.adoc
index f7896d085a2f..3520b5203695 100644
--- a/modules/nodes-scheduler-node-affinity-configuring-preferred.adoc
+++ b/modules/nodes-scheduler-node-affinity-configuring-preferred.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-affinity.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-node-affinity-configuring-preferred_{context}"]
 = Configuring a preferred node affinity rule
 
@@ -12,39 +12,52 @@ Preferred rules specify that, if the rule is met, the scheduler tries to enforce
 
 The following steps demonstrate a simple configuration that creates a node and a pod that the scheduler tries to place on the node.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Add a label to a node using the `oc label node` command:
 +
 [source,terminal]
 ----
 $ oc label node node1 e2e-az-name=e2e-az3
 ----
+endif::openshift-rosa,openshift-dedicated[]
 
-. In the `Pod` spec, use the `nodeAffinity` stanza to configure the `preferredDuringSchedulingIgnoredDuringExecution` parameter:
+. Create a pod with a specific label:
 +
-.. Specify a weight for the node, as a number 1-100. The node with highest weight is preferred.
+.. Create a YAML file with the following content:
 +
-.. Specify the key and values that must be met. If you want the new pod to be scheduled on the node you edited, use the same `key` and `value` parameters as the label in the node:
+[NOTE]
+====
+You cannot add an affinity directly to a scheduled pod.
+====
 +
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: s1
 spec:
-  affinity:
+  affinity: <1>
     nodeAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-      - weight: 1
+      preferredDuringSchedulingIgnoredDuringExecution: <2>
+      - weight: <3>
         preference:
           matchExpressions:
-          - key: e2e-az-name
-            operator: In
+          - key: e2e-az-name <4>
             values:
             - e2e-az3
+            operator: In <5>
+#...
 ----
-+
-.. Specify an `operator`. The operator can be `In`, `NotIn`, `Exists`, `DoesNotExist`, `Lt`, or `Gt`. For example, use the Operator `In` to require the label to be in the node.
+<1> Adds a pod affinity.
+<2> Configures the `preferredDuringSchedulingIgnoredDuringExecution` parameter.
+<3> Specifies a weight for the node, as a number 1-100. The node with highest weight is preferred.
+<4> Specifies the `key` and `values` that must be met. If you want the new pod to be scheduled on the node you edited, use the same `key` and `values` parameters as the label in the node.
+<5> Specifies an `operator`. The operator can be `In`, `NotIn`, `Exists`, or `DoesNotExist`. For example, use the operator `In` to require the label to be in the node.
 
-. Create the pod.
+.. Create the pod.
 +
 [source,terminal]
 ----
-$ oc create -f e2e-az3.yaml
+$ oc create -f <file-name>.yaml
 ----
diff --git a/modules/nodes-scheduler-node-affinity-configuring-required.adoc b/modules/nodes-scheduler-node-affinity-configuring-required.adoc
index b110069c4aa2..2ef700549bb7 100644
--- a/modules/nodes-scheduler-node-affinity-configuring-required.adoc
+++ b/modules/nodes-scheduler-node-affinity-configuring-required.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-affinity.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-node-affinity-configuring-required_{context}"]
 =  Configuring a required node affinity rule
 
@@ -12,6 +12,7 @@ Required rules *must* be met before a pod can be scheduled on a node.
 
 The following steps demonstrate a simple configuration that creates a node and a pod that the scheduler is required to place on the node.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Add a label to a node using the `oc label node` command:
 +
 [source,terminal]
@@ -31,34 +32,48 @@ metadata:
   name: <node_name>
   labels:
     e2e-az-name: e2e-az1
+#...
 ----
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
-. In the `Pod` spec, use the `nodeAffinity` stanza to configure the `requiredDuringSchedulingIgnoredDuringExecution` parameter:
+. Create a pod with a specific label in the pod spec:
 +
-.. Specify the key and values that must be met. If you want the new pod to be scheduled on the node you edited, use the same `key` and `value` parameters as the label in the node.
+.. Create a YAML file with the following content:
 +
-.. Specify an `operator`. The operator can be `In`, `NotIn`, `Exists`, `DoesNotExist`, `Lt`, or `Gt`. For example, use the operator `In` to require the label to be in the node:
+[NOTE]
+====
+You cannot add an affinity directly to a scheduled pod.
+====
 +
 .Example output
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: s1
 spec:
-  affinity:
+  affinity: <1>
     nodeAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
+      requiredDuringSchedulingIgnoredDuringExecution: <2>
         nodeSelectorTerms:
         - matchExpressions:
-          - key: e2e-az-name
-            operator: In
+          - key: e2e-az-name <3>
             values:
             - e2e-az1
             - e2e-az2
+            operator: In <4>
+#...
 ----
+<1> Adds a pod affinity.
+<2> Configures the `requiredDuringSchedulingIgnoredDuringExecution` parameter.
+<3> Specifies the `key` and `values` that must be met. If you want the new pod to be scheduled on the node you edited, use the same `key` and `values` parameters as the label in the node.
+<4> Specifies an `operator`. The operator can be `In`, `NotIn`, `Exists`, or `DoesNotExist`. For example, use the operator `In` to require the label to be in the node.
 
-. Create the pod:
+.. Create the pod:
 +
 [source,terminal]
 ----
-$ oc create -f e2e-az2.yaml
+$ oc create -f <file-name>.yaml
 ----
diff --git a/modules/nodes-scheduler-node-affinity-example.adoc b/modules/nodes-scheduler-node-affinity-example.adoc
index 9913b2a85349..eebe95819dfd 100644
--- a/modules/nodes-scheduler-node-affinity-example.adoc
+++ b/modules/nodes-scheduler-node-affinity-example.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-affinity.adoc
 
-[id="nodes-scheduler-node-affinity-examples_{context}"]
+[id="nodes-scheduler-node-affinity-example_{context}"]
 = Sample node affinity rules
 
 The following examples demonstrate node affinity.
@@ -31,6 +31,7 @@ metadata:
   name: <node_name>
   labels:
     zone: us
+#...
 ----
 ====
 
@@ -61,6 +62,7 @@ spec:
               operator: In
               values:
               - us
+#...
 ----
 
 * The pod-s1 pod can be scheduled on Node1:
@@ -101,6 +103,7 @@ metadata:
   name: <node_name>
   labels:
     zone: emea
+#...
 ----
 ====
 
@@ -131,6 +134,7 @@ spec:
               operator: In
               values:
               - us
+#...
 ----
 
 * The pod-s1 pod cannot be scheduled on Node1:
diff --git a/modules/nodes-scheduler-node-selectors-about.adoc b/modules/nodes-scheduler-node-selectors-about.adoc
index 4bde277c6a16..30ce7e2b8bae 100644
--- a/modules/nodes-scheduler-node-selectors-about.adoc
+++ b/modules/nodes-scheduler-node-selectors-about.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
 // * nodes/nodes-scheduler-node-selector.adoc
+// * logging/scheduling_resources/logging-node-selectors.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-node-selectors-about_{context}"]
 = About node selectors
 
@@ -62,6 +63,7 @@ metadata:
     kubernetes.io/arch: amd64
     region: east <1>
     type: user-node
+#...
 ----
 <1> Labels to match the pod node selector.
 endif::openshift-origin[]
@@ -72,7 +74,7 @@ ifdef::openshift-origin[]
 kind: Node
 apiVersion: v1
 metadata:
-  name: ip-10-0-131-14.ec2.internal
+  name: s1
   selfLink: /api/v1/nodes/ip-10-0-131-14.ec2.internal
   uid: 7bc2580a-8b8e-11e9-8e01-021ab4174c74
   resourceVersion: '478704'
@@ -89,6 +91,7 @@ metadata:
     kubernetes.io/arch: amd64
     region: east <1>
     type: user-node
+#...
 ----
 <1> Labels to match the pod node selector.
 endif::openshift-origin[]
@@ -100,13 +103,14 @@ A pod has the `type: user-node,region: east` node selector:
 ----
 apiVersion: v1
 kind: Pod
-
-....
-
+metadata:
+  name: s1
+#...
 spec:
   nodeSelector: <1>
     region: east
     type: user-node
+#...
 ----
 <1> Node selectors to match the node label. The node must have a label for each node selector.
 +
@@ -126,11 +130,10 @@ apiVersion: config.openshift.io/v1
 kind: Scheduler
 metadata:
   name: cluster
-...
-
+#...
 spec:
   defaultNodeSelector: type=user-node,region=east
-...
+#...
 ----
 +
 A node in that cluster has the `type=user-node,region=east` labels:
@@ -142,11 +145,11 @@ apiVersion: v1
 kind: Node
 metadata:
   name: ci-ln-qg1il3k-f76d1-hlmhl-worker-b-df2s4
-...
+#...
   labels:
     region: east
     type: user-node
-...
+#...
 ----
 +
 .Example `Pod` object with a node selector
@@ -154,12 +157,13 @@ metadata:
 ----
 apiVersion: v1
 kind: Pod
-...
-
+metadata:
+  name: s1
+#...
 spec:
   nodeSelector:
     region: east
-...
+#...
 ----
 +
 When you create the pod using the example pod spec in the example cluster, the pod is created with the cluster-wide node selector and is scheduled on the labeled node:
@@ -192,7 +196,7 @@ metadata:
   name: east-region
   annotations:
     openshift.io/node-selector: "region=east"
-...
+#...
 ----
 +
 The following node has the `type=user-node,region=east` labels:
@@ -204,11 +208,11 @@ apiVersion: v1
 kind: Node
 metadata:
   name: ci-ln-qg1il3k-f76d1-hlmhl-worker-b-df2s4
-...
+#...
   labels:
     region: east
     type: user-node
-...
+#...
 ----
 +
 When you create the pod using the example pod spec in this example project, the pod is created with the project node selectors and is scheduled on the labeled node:
@@ -220,12 +224,12 @@ apiVersion: v1
 kind: Pod
 metadata:
   namespace: east-region
-...
+#...
 spec:
   nodeSelector:
     region: east
     type: user-node
-...
+#...
 ----
 +
 [source,terminal]
@@ -242,11 +246,11 @@ A pod in the project is not created or scheduled if the pod contains different n
 ----
 apiVersion: v1
 kind: Pod
-...
-
+metadata:
+  name: west-region
+#...
 spec:
   nodeSelector:
     region: west
-
-....
+#...
 ----
diff --git a/modules/nodes-scheduler-node-selectors-cluster.adoc b/modules/nodes-scheduler-node-selectors-cluster.adoc
index fc067b819761..07b97624993c 100644
--- a/modules/nodes-scheduler-node-selectors-cluster.adoc
+++ b/modules/nodes-scheduler-node-selectors-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-selector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-node-selectors-cluster_{context}"]
 = Creating default cluster-wide node selectors
 
@@ -145,7 +145,7 @@ $ oc get nodes -l type=user-node
 [source,terminal]
 ----
 NAME                                       STATUS   ROLES    AGE   VERSION
-ci-ln-l8nry52-f76d1-hl7m7-worker-c-vmqzp   Ready    worker   61s   v1.26.0
+ci-ln-l8nry52-f76d1-hl7m7-worker-c-vmqzp   Ready    worker   61s   v1.28.5
 ----
 
 * Add labels directly to a node:
@@ -198,5 +198,5 @@ $ oc get nodes -l type=user-node,region=east
 [source,terminal]
 ----
 NAME                                       STATUS   ROLES    AGE   VERSION
-ci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49   Ready    worker   17m   v1.26.0
+ci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49   Ready    worker   17m   v1.28.5
 ----
diff --git a/modules/nodes-scheduler-node-selectors-pod.adoc b/modules/nodes-scheduler-node-selectors-pod.adoc
index 73226624edd3..d709b797ffdc 100644
--- a/modules/nodes-scheduler-node-selectors-pod.adoc
+++ b/modules/nodes-scheduler-node-selectors-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-selector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-node-selectors-pod_{context}"]
 = Using node selectors to control pod placement
 
@@ -24,21 +24,33 @@ To add a node selector to existing pods, determine the controlling object for th
 For example, the `router-default-66d5cf9464-m2g75` pod is controlled by the `router-default-66d5cf9464`
 replica set:
 
+[source,terminal]
 ----
 $ oc describe pod router-default-66d5cf9464-7pwkc
+----
 
+.Example output
+[source,terminal]
+----
+kind: Pod
+apiVersion: v1
+metadata:
+# ...
 Name:               router-default-66d5cf9464-7pwkc
 Namespace:          openshift-ingress
-
 # ...
-
 Controlled By:      ReplicaSet/router-default-66d5cf9464
 # ...
 ----
 
 The web console lists the controlling object under `ownerReferences` in the pod YAML:
 
+[source,terminal]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: router-default-66d5cf9464-7pwkc
 # ...
   ownerReferences:
     - apiVersion: apps/v1
@@ -52,18 +64,21 @@ The web console lists the controlling object under `ownerReferences` in the pod
 
 .Procedure
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Add labels to a node by using a compute machine set or editing the node directly:
 
 * Use a `MachineSet` object to add labels to nodes managed by the compute machine set when a node is created:
 
 .. Run the following command to add labels to a `MachineSet` object:
 +
+[source,terminal]
 ----
 $ oc patch MachineSet <name> --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"<key>"="<value>","<key>"="<value>"}}]'  -n openshift-machine-api
 ----
 +
 For example:
 +
+[source,terminal]
 ----
 $ oc patch MachineSet abc612-msrtw-worker-us-east-1c  --type='json' -p='[{"op":"add","path":"/spec/template/spec/metadata/labels", "value":{"type":"user-node","region":"east"}}]'  -n openshift-machine-api
 ----
@@ -77,7 +92,7 @@ You can alternatively apply the following YAML to add labels to a compute machin
 apiVersion: machine.openshift.io/v1beta1
 kind: MachineSet
 metadata:
-  name: <machineset>
+  name: xf2bd-infra-us-east-2a
   namespace: openshift-machine-api
 spec:
   template:
@@ -86,6 +101,7 @@ spec:
         labels:
           region: "east"
           type: "user-node"
+# ...
 ----
 ====
 
@@ -93,13 +109,14 @@ spec:
 +
 For example:
 +
+[source,terminal]
 ----
 $ oc edit MachineSet abc612-msrtw-worker-us-east-1c -n openshift-machine-api
 ----
 +
 .Example `MachineSet` object
-[source,yaml]
 +
+[source,yaml]
 ----
 apiVersion: machine.openshift.io/v1beta1
 kind: MachineSet
@@ -144,10 +161,11 @@ You can alternatively apply the following YAML to add labels to a node:
 kind: Node
 apiVersion: v1
 metadata:
-  name: <node_name>
+  name: hello-node-6fbccf8d9
   labels:
     type: "user-node"
     region: "east"
+# ...
 ----
 ====
 
@@ -162,7 +180,7 @@ $ oc get nodes -l type=user-node,region=east
 [source,terminal]
 ----
 NAME                          STATUS   ROLES    AGE   VERSION
-ip-10-0-142-25.ec2.internal   Ready    worker   17m   v1.26.0
+ip-10-0-142-25.ec2.internal   Ready    worker   17m   v1.28.5
 ----
 
 . Add the matching node selector to a pod:
@@ -173,13 +191,12 @@ ip-10-0-142-25.ec2.internal   Ready    worker   17m   v1.26.0
 [source,yaml]
 ----
 kind: ReplicaSet
-
+apiVersion: apps/v1
+metadata:
+  name: hello-node-6fbccf8d9
 # ...
-
 spec:
-
 # ...
-
   template:
     metadata:
       creationTimestamp: null
@@ -191,6 +208,7 @@ spec:
         kubernetes.io/os: linux
         node-role.kubernetes.io/worker: ''
         type: user-node <1>
+# ...
 ----
 <1> Add the node selector.
 
@@ -201,16 +219,70 @@ spec:
 ----
 apiVersion: v1
 kind: Pod
-
+metadata:
+  name: hello-node-6fbccf8d9
+# ...
+spec:
+  nodeSelector:
+    region: east
+    type: user-node
+# ...
+----
++
+[NOTE]
+====
+You cannot add a node selector directly to an existing scheduled pod.
+====
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Add the matching node selector to a pod:
++
+** To add a node selector to existing and future pods, add a node selector to the controlling object for the pods:
++
+.Example `ReplicaSet` object with labels
+[source,yaml]
+----
+kind: ReplicaSet
+apiVersion: apps/v1
+metadata:
+  name: hello-node-6fbccf8d9
 # ...
+spec:
+# ...
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default
+        pod-template-hash: 66d5cf9464
+    spec:
+      nodeSelector:
+        kubernetes.io/os: linux
+        node-role.kubernetes.io/worker: ''
+        type: user-node <1>
+# ...
+----
+<1> Add the node selector.
 
+** To add a node selector to a specific, new pod, add the selector to the `Pod` object directly:
++
+.Example `Pod` object with a node selector
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: hello-node-6fbccf8d9
+# ...
 spec:
   nodeSelector:
     region: east
     type: user-node
+# ...
 ----
 +
 [NOTE]
 ====
 You cannot add a node selector directly to an existing scheduled pod.
 ====
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/nodes-scheduler-node-selectors-project.adoc b/modules/nodes-scheduler-node-selectors-project.adoc
index 4591bf1505c8..f683e5367389 100644
--- a/modules/nodes-scheduler-node-selectors-project.adoc
+++ b/modules/nodes-scheduler-node-selectors-project.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-node-selector.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-node-selectors-project_{context}"]
 = Creating project-wide node selectors
 
@@ -161,7 +161,7 @@ $ oc get nodes -l type=user-node
 [source,terminal]
 ----
 NAME                                       STATUS   ROLES    AGE   VERSION
-ci-ln-l8nry52-f76d1-hl7m7-worker-c-vmqzp   Ready    worker   61s   v1.26.0
+ci-ln-l8nry52-f76d1-hl7m7-worker-c-vmqzp   Ready    worker   61s   v1.28.5
 ----
 
 * Add labels directly to a node:
@@ -214,5 +214,5 @@ $ oc get nodes -l type=user-node,region=east
 [source,terminal]
 ----
 NAME                                       STATUS   ROLES    AGE   VERSION
-ci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49   Ready    worker   17m   v1.26.0
+ci-ln-l8nry52-f76d1-hl7m7-worker-b-tgq49   Ready    worker   17m   v1.28.5
 ----
diff --git a/modules/nodes-scheduler-pod-affinity-about.adoc b/modules/nodes-scheduler-pod-affinity-about.adoc
index 5e6a7fb7715b..8f4f0d43b1e6 100644
--- a/modules/nodes-scheduler-pod-affinity-about.adoc
+++ b/modules/nodes-scheduler-pod-affinity-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-scheduler-pod-affinity.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-pod-affinity-about_{context}"]
 = Understanding pod affinity
 
diff --git a/modules/nodes-scheduler-pod-affinity-configuring.adoc b/modules/nodes-scheduler-pod-affinity-configuring.adoc
index 9e61b1e5dd3f..c27cedd2ddde 100644
--- a/modules/nodes-scheduler-pod-affinity-configuring.adoc
+++ b/modules/nodes-scheduler-pod-affinity-configuring.adoc
@@ -2,19 +2,25 @@
 //
 // * nodes/nodes-scheduler-pod-affinity.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-pod-affinity-configuring_{context}"]
 = Configuring a pod affinity rule
 
 The following steps demonstrate a simple two-pod configuration that creates pod with a label and a pod that uses affinity to allow scheduling with that pod.
 
+[NOTE]
+====
+You cannot add an affinity directly to a scheduled pod.
+====
+
 .Procedure
 
-. Create a pod with a specific label in the `Pod` spec:
+. Create a pod with a specific label in the pod spec:
 +
-[source,terminal]
+.. Create a YAML file with the following content:
++
+[source,yaml]
 ----
-$ cat team4.yaml
 apiVersion: v1
 kind: Pod
 metadata:
@@ -26,31 +32,48 @@ spec:
   - name: security-s1
     image: docker.io/ocpqe/hello-pod
 ----
-
-. When creating other pods, edit the `Pod` spec as follows:
 +
-.. Use the `podAffinity` stanza to configure the `requiredDuringSchedulingIgnoredDuringExecution` parameter or `preferredDuringSchedulingIgnoredDuringExecution` parameter:
+.. Create the pod.
 +
-.. Specify the key and value that must be met. If you want the new pod to be scheduled with the other pod, use the same `key` and `value` parameters as the label on the first pod.
+[source,terminal]
+----
+$ oc create -f <pod-spec>.yaml
+----
+
+. When creating other pods, configure the following parameters to add the affinity:
++
+.. Create a YAML file with the following content:
 +
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-s1-east
+#...
+spec
+  affinity <1>
     podAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
+      requiredDuringSchedulingIgnoredDuringExecution: <2>
       - labelSelector:
           matchExpressions:
-          - key: security
-            operator: In
+          - key: security <3>
             values:
             - S1
-        topologyKey: topology.kubernetes.io/zone
+            operator: In <4>
+        topologyKey: topology.kubernetes.io/zone <5>
+#...
 ----
 +
-.. Specify an `operator`. The operator can be `In`, `NotIn`, `Exists`, or `DoesNotExist`. For example, use the operator `In` to require the label to be in the node.
-+
-.. Specify a `topologyKey`, which is a prepopulated link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#interlude-built-in-node-labels[Kubernetes label] that the system uses to denote such a topology domain.
+--
+<1> Adds a pod affinity.
+<2> Configures the `requiredDuringSchedulingIgnoredDuringExecution` parameter or the `preferredDuringSchedulingIgnoredDuringExecution` parameter.
+<3> Specifies the `key` and `values` that must be met. If you want the new pod to be scheduled with the other pod, use the same `key` and `values` parameters as the label on the first pod.
+<4> Specifies an `operator`. The operator can be `In`, `NotIn`, `Exists`, or `DoesNotExist`. For example, use the operator `In` to require the label to be in the node.
+<5> Specify a `topologyKey`, which is a prepopulated link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#interlude-built-in-node-labels[Kubernetes label] that the system uses to denote such a topology domain.
+--
 
-. Create the pod.
+.. Create the pod.
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-scheduler-pod-affinity-example.adoc b/modules/nodes-scheduler-pod-affinity-example.adoc
index 1773b2049479..fbfee0760f81 100644
--- a/modules/nodes-scheduler-pod-affinity-example.adoc
+++ b/modules/nodes-scheduler-pod-affinity-example.adoc
@@ -14,30 +14,31 @@ The following example demonstrates pod affinity for pods with matching labels an
 
 * The pod *team4* has the label `team:4`.
 +
-[source,terminal]
+[source,yaml]
 ----
-$ cat team4.yaml
 apiVersion: v1
 kind: Pod
 metadata:
   name: team4
   labels:
      team: "4"
+#...
 spec:
   containers:
   - name: ocp
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 * The pod *team4a* has the label selector `team:4` under `podAffinity`.
 +
 [source,yaml]
 ----
-$ cat pod-team4a.yaml
 apiVersion: v1
 kind: Pod
 metadata:
   name: team4a
+#...
 spec:
   affinity:
     podAffinity:
@@ -52,6 +53,7 @@ spec:
   containers:
   - name: pod-affinity
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 * The *team4a* pod is scheduled on the same node as the *team4* pod.
@@ -63,30 +65,31 @@ The following example demonstrates pod anti-affinity for pods with matching labe
 
 * The pod *pod-s1* has the label `security:s1`.
 +
-[source,terminal]
+[source,yaml]
 ----
-cat pod-s1.yaml
 apiVersion: v1
 kind: Pod
 metadata:
   name: pod-s1
   labels:
     security: s1
+#...
 spec:
   containers:
   - name: ocp
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 * The pod *pod-s2* has the label selector `security:s1` under `podAntiAffinity`.
 +
 [source,yaml]
 ----
-cat pod-s2.yaml
 apiVersion: v1
 kind: Pod
 metadata:
   name: pod-s2
+#...
 spec:
   affinity:
     podAntiAffinity:
@@ -101,6 +104,7 @@ spec:
   containers:
   - name: pod-antiaffinity
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 * The pod *pod-s2* cannot be scheduled on the same node as `pod-s1`.
@@ -112,30 +116,31 @@ The following example demonstrates pod affinity for pods without matching labels
 
 * The pod *pod-s1* has the label `security:s1`.
 +
-[source,terminal]
+[source,yaml]
 ----
-$ cat pod-s1.yaml
 apiVersion: v1
 kind: Pod
 metadata:
   name: pod-s1
   labels:
     security: s1
+#...
 spec:
   containers:
   - name: ocp
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 * The pod *pod-s2* has the label selector `security:s2`.
 +
-[source,terminal]
+[source,yaml]
 ----
-$ cat pod-s2.yaml
 apiVersion: v1
 kind: Pod
 metadata:
   name: pod-s2
+#...
 spec:
   affinity:
     podAffinity:
@@ -150,6 +155,7 @@ spec:
   containers:
   - name: pod-affinity
     image: docker.io/ocpqe/hello-pod
+#...
 ----
 
 * The pod *pod-s2* is not scheduled unless there is a node with a pod that has the `security:s2` label. If there is no other pod with that label, the new pod remains in a pending state:
diff --git a/modules/nodes-scheduler-pod-anti-affinity-configuring.adoc b/modules/nodes-scheduler-pod-anti-affinity-configuring.adoc
index 395a78424cef..e6ec71cf8a5e 100644
--- a/modules/nodes-scheduler-pod-anti-affinity-configuring.adoc
+++ b/modules/nodes-scheduler-pod-anti-affinity-configuring.adoc
@@ -2,61 +2,78 @@
 //
 // * nodes/nodes-scheduler-pod-affinity.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-pod-anti-affinity-configuring_{context}"]
 = Configuring a pod anti-affinity rule
 
 The following steps demonstrate a simple two-pod configuration that creates pod with a label and a pod that uses an anti-affinity preferred rule to attempt to prevent scheduling with that pod.
 
+[NOTE]
+====
+You cannot add an affinity directly to a scheduled pod.
+====
+
 .Procedure
 
-. Create a pod with a specific label in the `Pod` spec:
+. Create a pod with a specific label in the pod spec:
++
+.. Create a YAML file with the following content:
 +
 [source,yaml]
 ----
-$ cat team4.yaml
 apiVersion: v1
 kind: Pod
 metadata:
-  name: security-s2
+  name: security-s1
   labels:
-    security: S2
+    security: S1
 spec:
   containers:
-  - name: security-s2
+  - name: security-s1
     image: docker.io/ocpqe/hello-pod
 ----
-
-. When creating other pods, edit the `Pod` spec to set the following parameters:
-
-. Use the `podAntiAffinity` stanza to configure the `requiredDuringSchedulingIgnoredDuringExecution` parameter or `preferredDuringSchedulingIgnoredDuringExecution` parameter:
 +
-.. Specify a weight for the node, 1-100. The node that with highest weight is preferred.
+.. Create the pod.
++
+[source,terminal]
+----
+$ oc create -f <pod-spec>.yaml
+----
+
+. When creating other pods, configure the following parameters:
 +
-.. Specify the key and values that must be met. If you want the new pod to not be scheduled with the other pod, use the same `key` and `value` parameters as the label on the first pod.
+.. Create a YAML file with the following content:
 +
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-s2-east
+#...
+spec
+  affinity <1>
     podAntiAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-      - weight: 100
+      preferredDuringSchedulingIgnoredDuringExecution: <2>
+      - weight: 100 <3>
         podAffinityTerm:
           labelSelector:
             matchExpressions:
-            - key: security
-              operator: In
+            - key: security <4>
               values:
-              - S2
-          topologyKey: kubernetes.io/hostname
+              - S1
+              operator: In <5>
+          topologyKey: kubernetes.io/hostname <6>
+#...
 ----
-+
-.. For a preferred rule, specify a weight, 1-100.
-+
-.. Specify an `operator`. The operator can be `In`, `NotIn`, `Exists`, or `DoesNotExist`. For example, use the operator `In` to require the label to be in the node.
-
-. Specify a `topologyKey`, which is a prepopulated link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#interlude-built-in-node-labels[Kubernetes label] that the system uses to denote such a topology domain.
+<1> Adds a pod anti-affinity.
+<2> Configures the `requiredDuringSchedulingIgnoredDuringExecution` parameter or the `preferredDuringSchedulingIgnoredDuringExecution` parameter.
+<3> For a preferred rule, specifies a weight for the node, 1-100. The node that with highest weight is preferred.
+<4> Specifies the `key` and `values` that must be met. If you want the new pod to not be scheduled with the other pod, use the same `key` and `values` parameters as the label on the first pod.
+<5> Specifies an `operator`. The operator can be `In`, `NotIn`, `Exists`, or `DoesNotExist`. For example, use the operator `In` to require the label to be in the node.
+<6> Specifies a `topologyKey`, which is a prepopulated link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#interlude-built-in-node-labels[Kubernetes label] that the system uses to denote such a topology domain.
 
-. Create the pod.
+.. Create the pod.
 +
 [source,terminal]
 ----
diff --git a/modules/nodes-scheduler-pod-topology-spread-constraints-about.adoc b/modules/nodes-scheduler-pod-topology-spread-constraints-about.adoc
index 205a0a621a23..304205a82cc0 100644
--- a/modules/nodes-scheduler-pod-topology-spread-constraints-about.adoc
+++ b/modules/nodes-scheduler-pod-topology-spread-constraints-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-pod-topology-spread-constraints-about_{context}"]
 = About pod topology spread constraints
 
diff --git a/modules/nodes-scheduler-pod-topology-spread-constraints-configuring.adoc b/modules/nodes-scheduler-pod-topology-spread-constraints-configuring.adoc
index ca4c36679621..256aebc5ee16 100644
--- a/modules/nodes-scheduler-pod-topology-spread-constraints-configuring.adoc
+++ b/modules/nodes-scheduler-pod-topology-spread-constraints-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-pod-topology-spread-constraints-configuring_{context}"]
 = Configuring pod topology spread constraints
 
@@ -12,7 +12,13 @@ You can specify multiple pod topology spread constraints, but you must ensure th
 
 .Prerequisites
 
-* A cluster administrator has added the required labels to nodes.
+ifndef::openshift-rosa,openshift-dedicated[]
+* A user with the `cluster-admin` role has added the required labels to nodes.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* A user with the `dedicated-admin` role has added the required labels to nodes.
+endif::openshift-rosa,openshift-dedicated[]
+
 
 .Procedure
 
@@ -26,7 +32,7 @@ kind: Pod
 metadata:
   name: my-pod
   labels:
-    foo: bar
+    region: us-east
 spec:
   topologySpreadConstraints:
   - maxSkew: 1 <1>
@@ -34,7 +40,7 @@ spec:
     whenUnsatisfiable: DoNotSchedule <3>
     labelSelector: <4>
       matchLabels:
-        foo: bar <5>
+        region: us-east <5>
     matchLabelKeys:
       - my-pod-label <6>
   containers:
@@ -46,7 +52,7 @@ spec:
 <3> How to handle a pod if it does not satisfy the spread constraint. The default is `DoNotSchedule`, which tells the scheduler not to schedule the pod. Set to `ScheduleAnyway` to still schedule the pod, but the scheduler prioritizes honoring the skew to not make the cluster more imbalanced.
 <4> Pods that match this label selector are counted and recognized as a group when spreading to satisfy the constraint. Be sure to specify a label selector, otherwise no pods can be matched.
 <5> Be sure that this `Pod` spec also sets its labels to match this label selector if you want it to be counted properly in the future.
-<6> A list of pod label keys to select which pods to calculate spreading over. 
+<6> A list of pod label keys to select which pods to calculate spreading over.
 
 . Create the pod:
 +
diff --git a/modules/nodes-scheduler-pod-topology-spread-constraints-examples.adoc b/modules/nodes-scheduler-pod-topology-spread-constraints-examples.adoc
index cc440e1bc29e..41910b09b374 100644
--- a/modules/nodes-scheduler-pod-topology-spread-constraints-examples.adoc
+++ b/modules/nodes-scheduler-pod-topology-spread-constraints-examples.adoc
@@ -12,7 +12,7 @@ The following examples demonstrate pod topology spread constraint configurations
 
 // TODO: Add a diagram?
 
-This example `Pod` spec defines one pod topology spread constraint. It matches on pods labeled `foo:bar`, distributes among zones, specifies a skew of `1`, and does not schedule the pod if it does not meet these requirements.
+This example `Pod` spec defines one pod topology spread constraint. It matches on pods labeled `region: us-east`, distributes among zones, specifies a skew of `1`, and does not schedule the pod if it does not meet these requirements.
 
 [source,yaml]
 ----
@@ -21,7 +21,7 @@ apiVersion: v1
 metadata:
   name: my-pod
   labels:
-    foo: bar
+    region: us-east
 spec:
   topologySpreadConstraints:
   - maxSkew: 1
@@ -29,7 +29,7 @@ spec:
     whenUnsatisfiable: DoNotSchedule
     labelSelector:
       matchLabels:
-        foo: bar
+        region: us-east
   containers:
   - image: "docker.io/ocpqe/hello-pod"
     name: hello-pod
@@ -40,7 +40,7 @@ spec:
 
 // TODO: Add a diagram?
 
-This example `Pod` spec defines two pod topology spread constraints. Both match on pods labeled `foo:bar`, specify a skew of `1`, and do not schedule the pod if it does not meet these requirements.
+This example `Pod` spec defines two pod topology spread constraints. Both match on pods labeled `region: us-east`, specify a skew of `1`, and do not schedule the pod if it does not meet these requirements.
 
 The first constraint distributes pods based on a user-defined label `node`, and the second constraint distributes pods based on a user-defined label `rack`. Both constraints must be met for the pod to be scheduled.
 
@@ -51,7 +51,7 @@ apiVersion: v1
 metadata:
   name: my-pod-2
   labels:
-    foo: bar
+    region: us-east
 spec:
   topologySpreadConstraints:
   - maxSkew: 1
@@ -59,13 +59,13 @@ spec:
     whenUnsatisfiable: DoNotSchedule
     labelSelector:
       matchLabels:
-        foo: bar
+        region: us-east
   - maxSkew: 1
     topologyKey: rack
     whenUnsatisfiable: DoNotSchedule
     labelSelector:
       matchLabels:
-        foo: bar
+        region: us-east
   containers:
   - image: "docker.io/ocpqe/hello-pod"
     name: hello-pod
diff --git a/modules/nodes-scheduler-profiles-about.adoc b/modules/nodes-scheduler-profiles-about.adoc
index 4bdf6e840b25..922000fdba11 100644
--- a/modules/nodes-scheduler-profiles-about.adoc
+++ b/modules/nodes-scheduler-profiles-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/nodes-scheduler-profiles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-profiles-about_{context}"]
 = About scheduler profiles
 
diff --git a/modules/nodes-scheduler-profiles-configuring.adoc b/modules/nodes-scheduler-profiles-configuring.adoc
index d0bdba1379fd..c55f7d3e5b56 100644
--- a/modules/nodes-scheduler-profiles-configuring.adoc
+++ b/modules/nodes-scheduler-profiles-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/nodes-scheduler-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-profiles-configuring_{context}"]
 = Configuring a scheduler profile
 
@@ -28,14 +28,12 @@ $ oc edit scheduler cluster
 apiVersion: config.openshift.io/v1
 kind: Scheduler
 metadata:
-  ...
   name: cluster
-  resourceVersion: "601"
-  selfLink: /apis/config.openshift.io/v1/schedulers/cluster
-  uid: b351d6d0-d06f-4a99-a26b-87af62e79f59
+#...
 spec:
   mastersSchedulable: false
   profile: HighNodeUtilization <1>
+#...
 ----
 <1> Set to `LowNodeUtilization`, `HighNodeUtilization`, or `NoScoring`.
 
diff --git a/modules/nodes-scheduler-taints-tolerations-about.adoc b/modules/nodes-scheduler-taints-tolerations-about.adoc
index b5d290f130e2..fc457a148376 100644
--- a/modules/nodes-scheduler-taints-tolerations-about.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-about.adoc
@@ -2,9 +2,17 @@
 //
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
+// * logging/scheduling_resources/logging-taints-tolerations.adoc
 
+ifeval::["{context}" == "nodes-scheduler-taints-tolerations"]
+:nodes-scheduler-taints-tolerations:
+endif::[]
 
-:_content-type: CONCEPT
+ifeval::["{context}" == "node-tasks"]
+:node-tasks:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
 [id="nodes-scheduler-taints-tolerations-about_{context}"]
 = Understanding taints and tolerations
 
@@ -15,17 +23,27 @@ You apply taints to a node through the `Node` specification (`NodeSpec`) and app
 .Example taint in a node specification
 [source,yaml]
 ----
+apiVersion: v1
+kind: Node
+metadata:
+  name: my-node
+#...
 spec:
   taints:
   - effect: NoExecute
     key: key1
     value: value1
-....
+#...
 ----
 
 .Example toleration in a `Pod` spec
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key1"
@@ -33,10 +51,9 @@ spec:
     value: "value1"
     effect: "NoExecute"
     tolerationSeconds: 3600
-....
+#...
 ----
 
-
 Taints and tolerations consist of a key, value, and effect.
 
 [id="taint-components-table_{context}"]
@@ -94,12 +111,13 @@ metadata:
   annotations:
     machine.openshift.io/machine: openshift-machine-api/ci-ln-62s7gtb-f76d1-v8jxv-master-0
     machineconfiguration.openshift.io/currentConfig: rendered-master-cdc1ab7da414629332cc4c3926e6e59c
-...
+  name: my-node
+#...
 spec:
   taints:
   - effect: NoSchedule
     key: node-role.kubernetes.io/master
-...
+#...
 ----
 --
 
@@ -130,6 +148,7 @@ The following taints are built into {product-title}:
 {product-title} does not set a default pid.available `evictionHard`.
 ====
 
+ifdef::nodes-scheduler-taints-tolerations,node-tasks[]
 
 [id="nodes-scheduler-taints-tolerations-about-seconds_{context}"]
 == Understanding how to use toleration seconds to delay pod evictions
@@ -139,6 +158,11 @@ You can specify how long a pod can remain bound to a node before being evicted b
 .Example output
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key1"
@@ -146,6 +170,7 @@ spec:
     value: "value1"
     effect: "NoExecute"
     tolerationSeconds: 3600
+#...
 ----
 
 Here, if this pod is running but does not have a matching toleration, the pod stays bound to the node for 3,600 seconds and then be evicted. If the taint is removed before that time, the pod is not evicted.
@@ -191,6 +216,11 @@ $ oc adm taint nodes node1 key2=value2:NoSchedule
 +
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key1"
@@ -201,6 +231,7 @@ spec:
     operator: "Equal"
     value: "value1"
     effect: "NoExecute"
+#...
 ----
 
 In this case, the pod cannot be scheduled onto the node, because there is no toleration matching the third taint. The pod continues running if it is already running on the node when the taint is added, because the third taint is the only
@@ -252,6 +283,11 @@ For more information, see link:https://kubernetes.io/docs/concepts/architecture/
 
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: node.kubernetes.io/not-ready
@@ -262,6 +298,7 @@ spec:
     operator: Exists
     effect: NoExecute
     tolerationSeconds: 300
+#...
 ----
 
 <1> These tolerations ensure that the default pod behavior is to remain bound for five minutes after one of these node conditions problems is detected.
@@ -278,13 +315,29 @@ As a result, daemon set pods are never evicted because of these node conditions.
 [id="nodes-scheduler-taints-tolerations-all_{context}"]
 == Tolerating all taints
 
-You can configure a pod to tolerate all taints by adding an `operator: "Exists"` toleration with no `key` and `value` parameters.
+You can configure a pod to tolerate all taints by adding an `operator: "Exists"` toleration with no `key` and `values` parameters.
 Pods with this toleration are not removed from a node that has taints.
 
 .`Pod` spec for tolerating all taints
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - operator: "Exists"
+#...
 ----
+
+endif::nodes-scheduler-taints-tolerations,node-tasks[]
+
+ifeval::["{context}" == "nodes-scheduler-taints-tolerations"]
+:!nodes-scheduler-taints-tolerations:
+endif::[]
+
+ifeval::["{context}" == "node-tasks"]
+:!node-tasks:
+endif::[]
diff --git a/modules/nodes-scheduler-taints-tolerations-adding-machineset.adoc b/modules/nodes-scheduler-taints-tolerations-adding-machineset.adoc
index 73c88558d9fa..efcb037fe075 100644
--- a/modules/nodes-scheduler-taints-tolerations-adding-machineset.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-adding-machineset.adoc
@@ -3,7 +3,7 @@
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-taints-tolerations-adding-machineset_{context}"]
 = Adding taints and tolerations using a compute machine set
 
@@ -16,6 +16,11 @@ You can add taints to nodes using a compute machine set. All nodes associated wi
 .Sample pod configuration file with `Equal` operator
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key1" <1>
@@ -23,6 +28,7 @@ spec:
     operator: "Equal"
     effect: "NoExecute"
     tolerationSeconds: 3600 <2>
+#...
 ----
 <1> The toleration parameters, as described in the *Taint and toleration components* table.
 <2> The `tolerationSeconds` parameter specifies how long a pod is bound to a node before being evicted.
@@ -32,12 +38,18 @@ For example:
 .Sample pod configuration file with `Exists` operator
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key1"
     operator: "Exists"
     effect: "NoExecute"
     tolerationSeconds: 3600
+#...
 ----
 
 . Add the taint to the `MachineSet` object:
@@ -54,16 +66,21 @@ $ oc edit machineset <machineset>
 .Example taint in a compute machine set specification
 [source,yaml]
 ----
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  name: my-machineset
+#...
 spec:
-....
+#...
   template:
-....
+#...
     spec:
       taints:
       - effect: NoExecute
         key: key1
         value: value1
-....
+#...
 ----
 +
 This example places a taint that has the key `key1`, value `value1`, and taint effect `NoExecute` on the nodes.
diff --git a/modules/nodes-scheduler-taints-tolerations-adding.adoc b/modules/nodes-scheduler-taints-tolerations-adding.adoc
index 43f3c24f3f40..2854dd966b9f 100644
--- a/modules/nodes-scheduler-taints-tolerations-adding.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-adding.adoc
@@ -3,7 +3,7 @@
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-taints-tolerations-adding_{context}"]
 = Adding taints and tolerations
 
@@ -16,6 +16,11 @@ You add tolerations to pods and taints to nodes to allow the node to control whi
 .Sample pod configuration file with an Equal operator
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key1" <1>
@@ -23,6 +28,7 @@ spec:
     operator: "Equal"
     effect: "NoExecute"
     tolerationSeconds: 3600 <2>
+#...
 ----
 <1> The toleration parameters, as described in the *Taint and toleration components* table.
 <2> The `tolerationSeconds` parameter specifies how long a pod can remain bound to a node before being evicted.
@@ -32,12 +38,18 @@ For example:
 .Sample pod configuration file with an Exists operator
 [source,yaml]
 ----
-spec: 
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
+spec:
    tolerations:
     - key: "key1"
       operator: "Exists" <1>
       effect: "NoExecute"
       tolerationSeconds: 3600
+#...
 ----
 <1> The `Exists` operator does not take a `value`.
 +
@@ -73,12 +85,13 @@ metadata:
   annotations:
     machine.openshift.io/machine: openshift-machine-api/ci-ln-62s7gtb-f76d1-v8jxv-master-0
     machineconfiguration.openshift.io/currentConfig: rendered-master-cdc1ab7da414629332cc4c3926e6e59c
-...
+  name: my-node
+#...
 spec:
   taints:
   - effect: NoSchedule
     key: node-role.kubernetes.io/master
-...
+#...
 ----
 ====
 +
diff --git a/modules/nodes-scheduler-taints-tolerations-binding.adoc b/modules/nodes-scheduler-taints-tolerations-binding.adoc
index b7fdfef3e8b8..71766b13348c 100644
--- a/modules/nodes-scheduler-taints-tolerations-binding.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-binding.adoc
@@ -3,7 +3,7 @@
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-taints-tolerations-bindings_{context}"]
 = Binding a user to a node using taints and tolerations
 
@@ -33,14 +33,14 @@ You can alternatively apply the following YAML to add the taint:
 kind: Node
 apiVersion: v1
 metadata:
-  name: <node_name>
-  labels:
-    ...
+  name: my-node
+#...
 spec:
   taints:
     - key: dedicated
       value: groupName
       effect: NoSchedule
+#...
 ----
 ====
 
diff --git a/modules/nodes-scheduler-taints-tolerations-projects.adoc b/modules/nodes-scheduler-taints-tolerations-projects.adoc
index a10398e03048..36ea66071c37 100644
--- a/modules/nodes-scheduler-taints-tolerations-projects.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-projects.adoc
@@ -3,7 +3,7 @@
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-taints-tolerations-projects_{context}"]
 = Creating a project with a node selector and toleration
 
diff --git a/modules/nodes-scheduler-taints-tolerations-removing.adoc b/modules/nodes-scheduler-taints-tolerations-removing.adoc
index 9abb6239580d..0c57a278da72 100644
--- a/modules/nodes-scheduler-taints-tolerations-removing.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-removing.adoc
@@ -3,7 +3,7 @@
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-taints-tolerations-removing_{context}"]
 = Removing taints and tolerations
 
@@ -37,10 +37,16 @@ node/ip-10-0-132-248.ec2.internal untainted
 +
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
   - key: "key2"
     operator: "Exists"
     effect: "NoExecute"
     tolerationSeconds: 3600
+#...
 ----
diff --git a/modules/nodes-scheduler-taints-tolerations-special.adoc b/modules/nodes-scheduler-taints-tolerations-special.adoc
index 50e3ed0d2c2b..e69b3c5e2271 100644
--- a/modules/nodes-scheduler-taints-tolerations-special.adoc
+++ b/modules/nodes-scheduler-taints-tolerations-special.adoc
@@ -3,7 +3,7 @@
 // * nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-scheduler-taints-tolerations-special_{context}"]
 = Controlling nodes with special hardware using taints and tolerations
 
@@ -21,6 +21,11 @@ For example:
 +
 [source,yaml]
 ----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+#...
 spec:
   tolerations:
     - key: "disktype"
@@ -28,6 +33,7 @@ spec:
       operator: "Equal"
       effect: "NoSchedule"
       tolerationSeconds: 3600
+#...
 ----
 
 . Taint the nodes that have the specialized hardware using one of the following commands:
@@ -53,13 +59,13 @@ You can alternatively apply the following YAML to add the taint:
 kind: Node
 apiVersion: v1
 metadata:
-  name: <node_name>
-  labels:
-    ...
+  name: my_node
+#...
 spec:
   taints:
     - key: disktype
       value: ssd
       effect: PreferNoSchedule
+#...
 ----
 ====
diff --git a/modules/nodes-secondary-scheduler-about.adoc b/modules/nodes-secondary-scheduler-about.adoc
index 7ba5e5df588f..118158fbee2f 100644
--- a/modules/nodes-secondary-scheduler-about.adoc
+++ b/modules/nodes-secondary-scheduler-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/secondary_scheduler/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nodes-secondary-scheduler-about_{context}"]
 = About the {secondary-scheduler-operator}
 
diff --git a/modules/nodes-secondary-scheduler-configuring-console.adoc b/modules/nodes-secondary-scheduler-configuring-console.adoc
index bf62a7975660..9a795afd1213 100644
--- a/modules/nodes-secondary-scheduler-configuring-console.adoc
+++ b/modules/nodes-secondary-scheduler-configuring-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-secondary-scheduler-configuring-console_{context}"]
 = Deploying a secondary scheduler
 
@@ -10,7 +10,12 @@ After you have installed the {secondary-scheduler-operator}, you can deploy a se
 
 .Prerequisities
 
-* You have access to the cluster with `cluster-admin` privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have access to the {product-title} web console.
 * The {secondary-scheduler-operator-full} is installed.
 
diff --git a/modules/nodes-secondary-scheduler-install-console.adoc b/modules/nodes-secondary-scheduler-install-console.adoc
index 9ad09a354e1d..b199a19906e4 100644
--- a/modules/nodes-secondary-scheduler-install-console.adoc
+++ b/modules/nodes-secondary-scheduler-install-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-secondary-scheduler-install-console_{context}"]
 = Installing the {secondary-scheduler-operator}
 
@@ -10,7 +10,12 @@ You can use the web console to install the {secondary-scheduler-operator-full}.
 
 .Prerequisites
 
-* You have access to the cluster with `cluster-admin` privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have access to the {product-title} web console.
 
 .Procedure
diff --git a/modules/nodes-secondary-scheduler-pod-console.adoc b/modules/nodes-secondary-scheduler-pod-console.adoc
index 5cee14ee1ffb..b42084a9d141 100644
--- a/modules/nodes-secondary-scheduler-pod-console.adoc
+++ b/modules/nodes-secondary-scheduler-pod-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-secondary-scheduler-pod-console_{context}"]
 = Scheduling a pod using the secondary scheduler
 
@@ -10,7 +10,12 @@ To schedule a pod using the secondary scheduler, set the `schedulerName` field i
 
 .Prerequisities
 
-* You have access to the cluster with `cluster-admin` privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have access to the {product-title} web console.
 * The {secondary-scheduler-operator-full} is installed.
 * A secondary scheduler is configured.
diff --git a/modules/nodes-secondary-scheduler-remove-resources-console.adoc b/modules/nodes-secondary-scheduler-remove-resources-console.adoc
index 96266181d9ac..5ddef51fad36 100644
--- a/modules/nodes-secondary-scheduler-remove-resources-console.adoc
+++ b/modules/nodes-secondary-scheduler-remove-resources-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-uninstalling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-secondary-scheduler-remove-resources-console_{context}"]
 = Removing {secondary-scheduler-operator} resources
 
@@ -10,7 +10,12 @@ Optionally, after uninstalling the {secondary-scheduler-operator-full}, you can
 
 .Prerequisites
 
-* You have access to the cluster with `cluster-admin` privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have access to the {product-title} web console.
 
 .Procedure
diff --git a/modules/nodes-secondary-scheduler-uninstall-console.adoc b/modules/nodes-secondary-scheduler-uninstall-console.adoc
index e5138ea2f7f4..4ed59ce23cdd 100644
--- a/modules/nodes-secondary-scheduler-uninstall-console.adoc
+++ b/modules/nodes-secondary-scheduler-uninstall-console.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-uninstalling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nodes-secondary-scheduler-uninstall-console_{context}"]
 = Uninstalling the {secondary-scheduler-operator}
 
@@ -10,7 +10,12 @@ You can uninstall the {secondary-scheduler-operator-full} by using the web conso
 
 .Prerequisites
 
-* You have access to the cluster with `cluster-admin` privileges.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have access to the {product-title} web console.
 * The {secondary-scheduler-operator-full} is installed.
 
diff --git a/modules/nodes-vsphere-machine-set-concept-static-ip.adoc b/modules/nodes-vsphere-machine-set-concept-static-ip.adoc
new file mode 100644
index 000000000000..449cb213357b
--- /dev/null
+++ b/modules/nodes-vsphere-machine-set-concept-static-ip.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/node-tasks.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nodes-vsphere-machine-set-concept-static-ip_{context}"]
+= Machine set scaling of machines with configured static IP addresses
+
+You can use a machine set to scale machines with configured static IP addresses.
+
+:FeatureName: Static IP addresses for vSphere nodes
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+After you configure a machine set to request a static IP address for a machine, the machine controller creates an `IPAddressClaim` resource in the `openshift-machine-api` namespace. The external controller then creates an `IPAddress` resource and binds any static IP addresses to the `IPAddressClaim` resource.
+
+[IMPORTANT]
+====
+Your organization might use numerous types of IP address management (IPAM) services. If you want to enable a particular IPAM service on {product-title}, you might need to manually create the `IPAddressClaim` resource in a YAML definition and then bind a static IP address to this resource by entering the following command in your `oc` CLI:
+
+[source, terminal]
+----
+$ oc create -f <ipaddressclaim_filename>
+----
+====
+
+The following demonstrates an example of an `IPAddressClaim` resource:
+
+[source, yaml]
+----
+kind: IPAddressClaim
+metadata:
+  finalizers:
+  - machine.openshift.io/ip-claim-protection
+  name: cluster-dev-9n5wg-worker-0-m7529-claim-0-0
+  namespace: openshift-machine-api
+spec:
+  poolRef:
+    apiGroup: ipamcontroller.example.io
+    kind: IPPool
+    name: static-ci-pool
+status: {}
+----
+
+The machine controller updates the machine with a status of `IPAddressClaimed` to indicate that a static IP address has succesfully bound to the `IPAddressClaim` resource. The machine controller applies the same status to a machine with multiple `IPAddressClaim` resources that each contain a bound static IP address.The machine controller then creates a virtual machine and applies static IP addresses to any nodes listed in the `providerSpec` of a machine's configuration.
diff --git a/modules/nodes-vsphere-machine-set-scaling-static-ip.adoc b/modules/nodes-vsphere-machine-set-scaling-static-ip.adoc
new file mode 100644
index 000000000000..d131d2d1fdab
--- /dev/null
+++ b/modules/nodes-vsphere-machine-set-scaling-static-ip.adoc
@@ -0,0 +1,158 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/node-tasks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-vsphere-machine-set-scaling-static-ip_{context}"]
+= Using a machine set to scale machines with configured static IP addresses
+
+You can use a machine set to scale machines with configured static IP addresses.
+
+:FeatureName: Static IP addresses for vSphere nodes
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+The example in the procedure demonstrates the use of controllers for scaling machines in a machine set.
+
+.Prerequisites
+
+* You included `featureSet:TechPreviewNoUpgrade` as the initial entry in the `install-config.yaml` file.
+* You deployed a cluster that runs at least one node with a configured static IP address.
+
+.Procedure
+. Configure a machine set by specifying IP pool information in the `network.devices.addressesFromPools` schema of the machine set's YAML file:
++
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  annotations:
+    machine.openshift.io/memoryMb: "8192"
+    machine.openshift.io/vCPU: "4"
+  labels:
+    machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+  name: <infrastructure_id>-<role>
+  namespace: openshift-machine-api
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+      machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
+  template:
+    metadata:
+      labels:
+        ipam: "true"
+        machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+        machine.openshift.io/cluster-api-machine-role: worker
+        machine.openshift.io/cluster-api-machine-type: worker
+        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
+    spec:
+      lifecycleHooks: {}
+      metadata: {}
+      providerSpec:
+        value:
+          apiVersion: machine.openshift.io/v1beta1
+          credentialsSecret:
+            name: vsphere-cloud-credentials
+          diskGiB: 120
+          kind: VSphereMachineProviderSpec
+          memoryMiB: 8192
+          metadata: {}
+          network:
+            devices:
+            - addressesFromPools: <1>
+              - group: ipamcontroller.example.io
+                name: static-ci-pool
+                resource: IPPool
+              nameservers:
+              - "192.168.204.1" <2>
+              networkName: qe-segment-204
+          numCPUs: 4
+          numCoresPerSocket: 2
+          snapshot: ""
+          template: rvanderp4-dev-9n5wg-rhcos-generated-region-generated-zone
+          userDataSecret:
+            name: worker-user-data
+          workspace:
+            datacenter: IBMCdatacenter
+            datastore: /IBMCdatacenter/datastore/vsanDatastore
+            folder: /IBMCdatacenter/vm/rvanderp4-dev-9n5wg
+            resourcePool: /IBMCdatacenter/host/IBMCcluster//Resources
+            server: vcenter.ibmc.devcluster.openshift.com
+----
+<1> Specifies an IP pool, which lists a static IP address or a range of static IP addresses. The IP Pool can either be a reference to a custom resource definition (CRD) or a resource supported by the `IPAddressClaims` resource handler. The machine controller accesses static IP addresses listed in the machine set's configuration and then allocates each address to each machine.
+<2> Lists a nameserver. You must specify a nameserver for nodes that receive static IP address, because the Dynamic Host Configuration Protocol (DHCP) network configuration does not support static IP addresses.
+
+. Scale the machine set by entering the following commands in your `oc` CLI:
++
+[source, terminal]
+----
+$ oc scale --replicas=2 machineset <machineset> -n openshift-machine-api
+----
++
+Or:
++
+[source, terminal]
+----
+$ oc edit machineset <machineset> -n openshift-machine-api
+----
++
+After each machine is scaled up, the machine controller creates an `IPAddresssClaim` resource.
+
+. Optional: Check that the `IPAddressClaim` resource exists in the `openshift-machine-api` namespace by entering the following command:
++
+[source, terminal]
+----
+$ oc get ipaddressclaims.ipam.cluster.x-k8s.io -n openshift-machine-api
+----
++
+.Example `oc` CLI output that lists two IP pools listed in the `openshift-machine-api` namespace
+[source, terminal]
+----
+NAME                                         POOL NAME        POOL KIND
+cluster-dev-9n5wg-worker-0-m7529-claim-0-0   static-ci-pool   IPPool
+cluster-dev-9n5wg-worker-0-wdqkt-claim-0-0   static-ci-pool   IPPool
+----
+
+. Create an `IPAddress` resource by entering the following command:
++
+[source, terminal]
+----
+$ oc create -f ipaddress.yaml
+----
++
+The following example shows an `IPAddress` resource with defined network configuration information and one defined static IP address:
++
+[source,yaml]
+----
+apiVersion: ipam.cluster.x-k8s.io/v1alpha1
+kind: IPAddress
+metadata:
+  name: cluster-dev-9n5wg-worker-0-m7529-ipaddress-0-0
+  namespace: openshift-machine-api
+spec:
+  address: 192.168.204.129
+  claimRef: <1>
+    name: cluster-dev-9n5wg-worker-0-m7529-claim-0-0
+  gateway: 192.168.204.1
+  poolRef: <2>
+    apiGroup: ipamcontroller.example.io
+    kind: IPPool
+    name: static-ci-pool
+  prefix: 23
+----
+<1> The name of the target `IPAddressClaim` resource.
+<2> Details information about the static IP address or addresses from your nodes.
++
+[NOTE]
+====
+By default, the external controller automatically scans any resources in the machine set for recognizable address pool types. When the external controller finds `kind: IPPool` defined in the `IPAddress` resource, the controller binds any static IP addresses to the `IPAddressClaim` resource.
+====
+
+. Update the `IPAddressClaim` status with a reference to the `IPAddress` resource:
++
+[source, terminal]
+----
+$ oc --type=merge patch IPAddressClaim cluster-dev-9n5wg-worker-0-m7529-claim-0-0 -p='{"status":{"addressRef": {"name": "cluster-dev-9n5wg-worker-0-m7529-ipaddress-0-0"}}}' -n openshift-machine-api --subresource=status
+----
diff --git a/modules/nodes-vsphere-scaling-machines-static-ip.adoc b/modules/nodes-vsphere-scaling-machines-static-ip.adoc
new file mode 100644
index 000000000000..d7888231f1f8
--- /dev/null
+++ b/modules/nodes-vsphere-scaling-machines-static-ip.adoc
@@ -0,0 +1,82 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/node-tasks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-vsphere-scaling-machines-static-ip_{context}"]
+= Scaling machines to use static IP addresses
+
+You can scale additional machine sets to use pre-defined static IP addresses on your cluster. For this configuration, you need to create a machine resource YAML file and then define static IP addresses in this file.
+
+:FeatureName: Static IP addresses for vSphere nodes
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+.Prerequisites
+
+* You included `featureSet:TechPreviewNoUpgrade` as the initial entry in the `install-config.yaml` file.
+* You deployed a cluster that runs at least one node with a configured static IP address.
+
+.Procedure
+
+. Create a machine resource YAML file and define static IP address network information in the `network` parameter.
++
+.Example of a machine resource YAML file with static IP address information defined in the `network` parameter.
++
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: Machine
+metadata:
+  creationTimestamp: null
+  labels:
+    machine.openshift.io/cluster-api-cluster: <infrastructure_id>
+    machine.openshift.io/cluster-api-machine-role: <role>
+    machine.openshift.io/cluster-api-machine-type: <role>
+    machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
+  name: <infrastructure_id>-<role>
+  namespace: openshift-machine-api
+spec:
+  lifecycleHooks: {}
+  metadata: {}
+  providerSpec:
+    value:
+      apiVersion: machine.openshift.io/v1beta1
+      credentialsSecret:
+        name: vsphere-cloud-credentials
+      diskGiB: 120
+      kind: VSphereMachineProviderSpec
+      memoryMiB: 8192
+      metadata:
+        creationTimestamp: null
+      network:
+        devices:
+        - gateway: 192.168.204.1 <1>
+          ipAddrs:
+          - 192.168.204.8/24 <2>
+          nameservers: <3>
+          - 192.168.204.1
+          networkName: qe-segment-204
+      numCPUs: 4
+      numCoresPerSocket: 2
+      snapshot: ""
+      template: <vm_template_name>
+      userDataSecret:
+        name: worker-user-data
+      workspace:
+        datacenter: <vcenter_datacenter_name>
+        datastore: <vcenter_datastore_name>
+        folder: <vcenter_vm_folder_path>
+        resourcepool: <vsphere_resource_pool>
+        server: <vcenter_server_ip>
+status: {}
+----
+<1> The IP address for the default gateway for the network interface.
+<2> Lists IPv4, IPv6, or both IP addresses that installation program passes to the network interface. Both IP families must use the same network interface for the default network.
+<3> Lists a DNS nameserver. You can define up to 3 DNS nameservers. Consider defining more than one DNS nameserver to take advantage of DNS resolution if that one DNS nameserver becomes unreachable.
+
+* Create a `machine` custom resource (CR) by entering the following command in your terminal:
++
+[source, terminal]
+----
+$ oc create -f <file_name>.yaml
+----
diff --git a/modules/nutanix-entitlements.adoc b/modules/nutanix-entitlements.adoc
index 309b7517b252..2d4a7b4128c5 100644
--- a/modules/nutanix-entitlements.adoc
+++ b/modules/nutanix-entitlements.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nutanix-entitlements_{context}"]
 = Internet access for Prism Central
 
diff --git a/modules/nvidia-gpu-admin-dashboard-installing.adoc b/modules/nvidia-gpu-admin-dashboard-installing.adoc
deleted file mode 100644
index f613931960a0..000000000000
--- a/modules/nvidia-gpu-admin-dashboard-installing.adoc
+++ /dev/null
@@ -1,136 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/nvidia-gpu-admin-dashboard.adoc
-
-:_content-type: PROCEDURE
-[id="nvidia-gpu-admin-dashboard-installing_{context}"]
-= Installing the NVIDIA GPU administration dashboard
-
-Install the NVIDIA GPU plugin by using Helm on the OpenShift Container Platform (OCP) Console to add GPU capabilities.
-
-The OpenShift Console NVIDIA GPU plugin works as a remote bundle for the OCP console. To run the OpenShift Console NVIDIA GPU plugin
-an instance of the OCP console must be running.
-
-
-.Prerequisites
-
-* Red Hat OpenShift 4.11+
-* NVIDIA GPU operator
-* link:https://helm.sh/docs/intro/install/[Helm]
-
-
-.Procedure
-
-Use the following procedure to install the OpenShift Console NVIDIA GPU plugin.
-
-. Add the Helm repository:
-+
-[source,terminal]
-----
-$ helm repo add rh-ecosystem-edge https://rh-ecosystem-edge.github.io/console-plugin-nvidia-gpu
-----
-+
-[source,terminal]
-----
-$ helm repo update
-----
-
-. Install the Helm chart in the default NVIDIA GPU operator namespace:
-+
-[source,terminal]
-----
-$ helm install -n nvidia-gpu-operator console-plugin-nvidia-gpu rh-ecosystem-edge/console-plugin-nvidia-gpu
-----
-+
-.Example output
-+
-[source,terminal]
-----
-NAME: console-plugin-nvidia-gpu
-LAST DEPLOYED: Tue Aug 23 15:37:35 2022
-NAMESPACE: nvidia-gpu-operator
-STATUS: deployed
-REVISION: 1
-NOTES:
-View the Console Plugin NVIDIA GPU deployed resources by running the following command:
-
-$ oc -n {{ .Release.Namespace }} get all -l app.kubernetes.io/name=console-plugin-nvidia-gpu
-
-Enable the plugin by running the following command:
-
-# Check if a plugins field is specified
-$ oc get consoles.operator.openshift.io cluster --output=jsonpath="{.spec.plugins}"
-
-# if not, then run the following command to enable the plugin
-$ oc patch consoles.operator.openshift.io cluster --patch '{ "spec": { "plugins": ["console-plugin-nvidia-gpu"] } }' --type=merge
-
-# if yes, then run the following command to enable the plugin
-$ oc patch consoles.operator.openshift.io cluster --patch '[{"op": "add", "path": "/spec/plugins/-", "value": "console-plugin-nvidia-gpu" }]' --type=json
-
-# add the required DCGM Exporter metrics ConfigMap to the existing NVIDIA operator ClusterPolicy CR:
-oc patch clusterpolicies.nvidia.com gpu-cluster-policy --patch '{ "spec": { "dcgmExporter": { "config": { "name": "console-plugin-nvidia-gpu" } } } }' --type=merge
-
-----
-+
-The dashboard relies mostly on Prometheus metrics exposed by the NVIDIA DCGM Exporter, but the default exposed metrics are not enough for the dashboard to render the required gauges. Therefore, the DGCM exporter is configured to expose a custom set of metrics, as shown here.
-+
-[source,yaml]
-----
-apiVersion: v1
-data:
-  dcgm-metrics.csv: |
-    DCGM_FI_PROF_GR_ENGINE_ACTIVE, gauge, gpu utilization.
-    DCGM_FI_DEV_MEM_COPY_UTIL, gauge, mem utilization.
-    DCGM_FI_DEV_ENC_UTIL, gauge, enc utilization.
-    DCGM_FI_DEV_DEC_UTIL, gauge, dec utilization.
-    DCGM_FI_DEV_POWER_USAGE, gauge, power usage.
-    DCGM_FI_DEV_POWER_MGMT_LIMIT_MAX, gauge, power mgmt limit.
-    DCGM_FI_DEV_GPU_TEMP, gauge, gpu temp.
-    DCGM_FI_DEV_SM_CLOCK, gauge, sm clock.
-    DCGM_FI_DEV_MAX_SM_CLOCK, gauge, max sm clock.
-    DCGM_FI_DEV_MEM_CLOCK, gauge, mem clock.
-    DCGM_FI_DEV_MAX_MEM_CLOCK, gauge, max mem clock.
-kind: ConfigMap
-metadata:
-  annotations:
-    meta.helm.sh/release-name: console-plugin-nvidia-gpu
-    meta.helm.sh/release-namespace: nvidia-gpu-operator
-  creationTimestamp: "2022-10-26T19:46:41Z"
-  labels:
-    app.kubernetes.io/component: console-plugin-nvidia-gpu
-    app.kubernetes.io/instance: console-plugin-nvidia-gpu
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: console-plugin-nvidia-gpu
-    app.kubernetes.io/part-of: console-plugin-nvidia-gpu
-    app.kubernetes.io/version: latest
-    helm.sh/chart: console-plugin-nvidia-gpu-0.2.3
-  name: console-plugin-nvidia-gpu
-  namespace: nvidia-gpu-operator
-  resourceVersion: "19096623"
-  uid: 96cdf700-dd27-437b-897d-5cbb1c255068
-----
-+
-Install the ConfigMap and edit the NVIDIA Operator ClusterPolicy CR to add that ConfigMap in the DCGM exporter configuration. The installation of the ConfigMap is done by the new version of the Console Plugin NVIDIA GPU Helm Chart, but the ClusterPolicy CR editing is done by the user.
-
-. View the deployed resources:
-+
-[source,terminal]
-----
-$ oc -n nvidia-gpu-operator get all -l app.kubernetes.io/name=console-plugin-nvidia-gpu
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                                             READY   STATUS    RESTARTS   AGE
-pod/console-plugin-nvidia-gpu-7dc9cfb5df-ztksx   1/1     Running   0          2m6s
-
-NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
-service/console-plugin-nvidia-gpu   ClusterIP   172.30.240.138   <none>        9443/TCP   2m6s
-
-NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/console-plugin-nvidia-gpu   1/1     1            1           2m6s
-
-NAME                                                   DESIRED   CURRENT   READY   AGE
-replicaset.apps/console-plugin-nvidia-gpu-7dc9cfb5df   1         1         1       2m6s
-----
diff --git a/modules/nvidia-gpu-admin-dashboard-introduction.adoc b/modules/nvidia-gpu-admin-dashboard-introduction.adoc
deleted file mode 100644
index 8c3cb76a9ff3..000000000000
--- a/modules/nvidia-gpu-admin-dashboard-introduction.adoc
+++ /dev/null
@@ -1,14 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/nvidia-gpu-admin-dashboard.adoc
-
-:_content-type: CONCEPT
-[id="nvidia-gpu-admin-dashboard-introduction_{context}"]
-= Introduction
-
-The OpenShift Console NVIDIA GPU plugin is a dedicated administration dashboard for NVIDIA GPU usage visualization
-in the OpenShift Container Platform (OCP) Console. The visualizations in the administration dashboard provide guidance on how to
-best optimize GPU resources in clusters, such as when a GPU is under- or over-utilized.
-
-The OpenShift Console NVIDIA GPU plugin works as a remote bundle for the OCP console.
-To run the plugin the OCP console must be running.
diff --git a/modules/nvidia-gpu-admin-dashboard-using.adoc b/modules/nvidia-gpu-admin-dashboard-using.adoc
deleted file mode 100644
index 24179938c6e2..000000000000
--- a/modules/nvidia-gpu-admin-dashboard-using.adoc
+++ /dev/null
@@ -1,59 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/nvidia-gpu-admin-dashboard.adoc
-
-:_content-type: PROCEDURE
-[id="nvidia-gpu-admin-dashboard-using_{context}"]
-= Using the NVIDIA GPU administration dashboard
-
-After deploying the OpenShift Console NVIDIA GPU plugin, log in to the OpenShift Container Platform web console using your login credentials to access the *Administrator* perspective.
-
-To view the changes, you need to refresh the console to see the **GPUs** tab under **Compute**.
-
-
-== Viewing the cluster GPU overview
-
-You can view the status of your cluster GPUs in the Overview page by selecting
-Overview in the Home section.
-
-The Overview page provides information about the cluster GPUs, including:
-
-* Details about the GPU providers
-* Status of the GPUs
-* Cluster utilization of the GPUs
-
-== Viewing the GPUs dashboard
-
-You can view the NVIDIA GPU administration dashboard by selecting GPUs
-in the Compute section of the OpenShift Console.
-
-
-Charts on the GPUs dashboard include:
-
-* *GPU utilization*: Shows the ratio of time the graphics engine is active and is based on the ``DCGM_FI_PROF_GR_ENGINE_ACTIVE`` metric.
-
-* *Memory utilization*: Shows the memory being used by the GPU and is based on the ``DCGM_FI_DEV_MEM_COPY_UTIL`` metric.
-
-* *Encoder utilization*: Shows the video encoder rate of utilization and is based on the ``DCGM_FI_DEV_ENC_UTIL`` metric.
-
-* *Decoder utilization*: *Encoder utilization*: Shows the video decoder rate of utilization and is based on the ``DCGM_FI_DEV_DEC_UTIL`` metric.
-
-* *Power consumption*: Shows the average power usage of the GPU in Watts and is based on the ``DCGM_FI_DEV_POWER_USAGE`` metric.
-
-* *GPU temperature*: Shows the current GPU temperature and is based on the ``DCGM_FI_DEV_GPU_TEMP`` metric. The maximum is set to ``110``, which is an empirical number, as the actual number is not exposed via a metric.
-
-* *GPU clock speed*: Shows the average clock speed utilized by the GPU and is based on the ``DCGM_FI_DEV_SM_CLOCK`` metric.
-
-* *Memory clock speed*: Shows the average clock speed utilized by memory and is based on the ``DCGM_FI_DEV_MEM_CLOCK`` metric.
-
-== Viewing the GPU Metrics
-
-You can view the metrics for the GPUs by selecting the metric at the bottom of
-each GPU to view the Metrics page.
-
-On the Metrics page, you can:
-
-* Specify a refresh rate for the metrics
-* Add, run, disable, and delete queries
-* Insert Metrics
-* Reset the zoom view
diff --git a/modules/nvidia-gpu-aws-adding-a-gpu-node.adoc b/modules/nvidia-gpu-aws-adding-a-gpu-node.adoc
index 03dc70d96b73..c1fd056ff9ab 100644
--- a/modules/nvidia-gpu-aws-adding-a-gpu-node.adoc
+++ b/modules/nvidia-gpu-aws-adding-a-gpu-node.adoc
@@ -2,28 +2,17 @@
 //
 //  * machine_management/creating-machinesets/creating-machineset-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nvidia-gpu-aws-adding-a-gpu-node_{context}"]
 = Adding a GPU node to an existing {product-title} cluster
 
 You can copy and modify a default compute machine set configuration to create a GPU-enabled machine set and machines for the AWS EC2 cloud provider.
 
-The following table lists the validated instance types:
+For more information about the supported instance types, see the following NVIDIA documentation:
 
-[cols="1,1,1,1"]
-|===
-|Instance type |NVIDIA GPU accelerator |Maximum number of GPUs |Architecture
+* link:https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/platform-support.html[NVIDIA GPU Operator Community support matrix]
 
-|`p4d.24xlarge`
-|A100
-|8
-|x86
-
-|`g4dn.xlarge`
-|T4
-|1
-|x86
-|===
+* link:https://docs.nvidia.com/ai-enterprise/latest/product-support-matrix/index.html[NVIDIA AI Enterprise support matrix]
 
 .Procedure
 
@@ -39,12 +28,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                        STATUS   ROLES                  AGE     VERSION
-ip-10-0-52-50.us-east-2.compute.internal    Ready    worker                 3d17h   v1.26.0
-ip-10-0-58-24.us-east-2.compute.internal    Ready    control-plane,master   3d17h   v1.26.0
-ip-10-0-68-148.us-east-2.compute.internal   Ready    worker                 3d17h   v1.26.0
-ip-10-0-68-68.us-east-2.compute.internal    Ready    control-plane,master   3d17h   v1.26.0
-ip-10-0-72-170.us-east-2.compute.internal   Ready    control-plane,master   3d17h   v1.26.0
-ip-10-0-74-50.us-east-2.compute.internal    Ready    worker                 3d17h   v1.26.0
+ip-10-0-52-50.us-east-2.compute.internal    Ready    worker                 3d17h   v1.28.5
+ip-10-0-58-24.us-east-2.compute.internal    Ready    control-plane,master   3d17h   v1.28.5
+ip-10-0-68-148.us-east-2.compute.internal   Ready    worker                 3d17h   v1.28.5
+ip-10-0-68-68.us-east-2.compute.internal    Ready    control-plane,master   3d17h   v1.28.5
+ip-10-0-72-170.us-east-2.compute.internal   Ready    control-plane,master   3d17h   v1.28.5
+ip-10-0-74-50.us-east-2.compute.internal    Ready    worker                 3d17h   v1.28.5
 ----
 
 . View the machines and machine sets that exist in the `openshift-machine-api` namespace by running the following command. Each compute machine set is associated with a different availability zone within the AWS region. The installer automatically load balances compute machines across availability zones.
diff --git a/modules/nvidia-gpu-aws-deploying-the-node-feature-discovery-operator.adoc b/modules/nvidia-gpu-aws-deploying-the-node-feature-discovery-operator.adoc
index c9d6b00936c1..b5d819142b1c 100644
--- a/modules/nvidia-gpu-aws-deploying-the-node-feature-discovery-operator.adoc
+++ b/modules/nvidia-gpu-aws-deploying-the-node-feature-discovery-operator.adoc
@@ -4,7 +4,7 @@
 //  * machine_management/creating_machinesets/creating-machineset-gcp.adoc
 //  * machine_management/creating_machinesets/creating-machineset-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nvidia-gpu-aws-deploying-the-node-feature-discovery-operator_{context}"]
 = Deploying the Node Feature Discovery Operator
 
diff --git a/modules/nvidia-gpu-azure-adding-a-gpu-node.adoc b/modules/nvidia-gpu-azure-adding-a-gpu-node.adoc
index 31d71d583eb9..ac65c0b05488 100644
--- a/modules/nvidia-gpu-azure-adding-a-gpu-node.adoc
+++ b/modules/nvidia-gpu-azure-adding-a-gpu-node.adoc
@@ -2,7 +2,7 @@
 //
 //  * machine_management/creating-machinesets/creating-machineset-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nvidia-gpu-aws-adding-a-gpu-node_{context}"]
 = Adding a GPU node to an existing {product-title} cluster
 
@@ -346,13 +346,13 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                                STATUS   ROLES                  AGE     VERSION
-myclustername-master-0                              Ready    control-plane,master   6h39m   v1.26.0
-myclustername-master-1                              Ready    control-plane,master   6h41m   v1.26.0
-myclustername-master-2                              Ready    control-plane,master   6h39m   v1.26.0
-myclustername-nc4ast4-gpu-worker-centralus1-w9bqn   Ready    worker                 14m     v1.26.0
-myclustername-worker-centralus1-rbh6b               Ready    worker                 6h29m   v1.26.0
-myclustername-worker-centralus2-dbz7w               Ready    worker                 6h29m   v1.26.0
-myclustername-worker-centralus3-p9b8c               Ready    worker                 6h31m   v1.26.0
+myclustername-master-0                              Ready    control-plane,master   6h39m   v1.28.5
+myclustername-master-1                              Ready    control-plane,master   6h41m   v1.28.5
+myclustername-master-2                              Ready    control-plane,master   6h39m   v1.28.5
+myclustername-nc4ast4-gpu-worker-centralus1-w9bqn   Ready    worker                 14m     v1.28.5
+myclustername-worker-centralus1-rbh6b               Ready    worker                 6h29m   v1.28.5
+myclustername-worker-centralus2-dbz7w               Ready    worker                 6h29m   v1.28.5
+myclustername-worker-centralus3-p9b8c               Ready    worker                 6h31m   v1.28.5
 ----
 
 . View the list of compute machine sets:
diff --git a/modules/nvidia-gpu-bare-metal.adoc b/modules/nvidia-gpu-bare-metal.adoc
new file mode 100644
index 000000000000..deb65bb46385
--- /dev/null
+++ b/modules/nvidia-gpu-bare-metal.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-bare-metal_{context}"]
+= GPUs and bare metal
+
+You can deploy {product-title} on an NVIDIA-certified bare metal server but with some limitations:
+
+* Control plane nodes can be CPU nodes.
+
+* Worker nodes must be GPU nodes, provided that AI/ML workloads are executed on these worker nodes.
++
+In addition, the worker nodes can host one or more GPUs, but they must be of the same type. For example, a node can have two NVIDIA A100 GPUs, but a node with one A100 GPU and one T4 GPU is not supported. The NVIDIA Device Plugin for Kubernetes does not support mixing different GPU models on the same node.
+
+* When using OpenShift, note that one or three or more servers are required. Clusters with two servers are not supported. The single server deployment is called single node openShift (SNO) and using this configuration results in a non-high availability OpenShift environment.
+
+You can choose one of the following methods to access the containerized GPUs:
+
+* GPU passthrough
+* Multi-Instance GPU (MIG)
diff --git a/modules/nvidia-gpu-csps.adoc b/modules/nvidia-gpu-csps.adoc
new file mode 100644
index 000000000000..f4ad3ce96f8e
--- /dev/null
+++ b/modules/nvidia-gpu-csps.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-csps_{context}"]
+= GPUs and CSPs
+
+You can deploy {product-title} to one of the major cloud service providers (CSPs): Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure.
+
+Two modes of operation are available: a fully managed deployment and a self-managed deployment.
+
+* In a fully managed deployment, everything is automated by Red Hat in collaboration with CSP. You can request an OpenShift instance through the CSP web console, and the cluster is automatically created and fully managed by Red Hat. You do not have to worry about node failures or errors in the environment. Red Hat is fully responsible for maintaining the uptime of the cluster. The fully managed services are available on AWS and Azure. For AWS, the OpenShift service is called ROSA (Red Hat OpenShift Service on AWS). For Azure, the service is called Azure Red Hat OpenShift.
+
+* In a self-managed deployment, you are responsible for instantiating and maintaining the OpenShift cluster. Red Hat provides the OpenShift-install utility to support the deployment of the OpenShift cluster in this case. The self-managed services are available globally to all CSPs.
+
+It is important that this compute instance is a GPU-accelerated compute instance and that the GPU type matches the list of supported GPUs from NVIDIA AI Enterprise. For example, T4, V100, and A100 are part of this list.
+
+You can choose one of the following methods to access the containerized GPUs:
+
+* GPU passthrough to access and use GPU hardware within a virtual machine (VM).
+
+* GPU (vGPU) time slicing when the entire GPU is not required.
diff --git a/modules/nvidia-gpu-cuda-mps.adoc b/modules/nvidia-gpu-cuda-mps.adoc
new file mode 100644
index 000000000000..3827eac60d1b
--- /dev/null
+++ b/modules/nvidia-gpu-cuda-mps.adoc
@@ -0,0 +1,10 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-cuda-mps_{context}"]
+= CUDA Multi-Process Service
+
+CUDA Multi-Process Service (MPS) allows a single GPU to use multiple CUDA processes. The processes run in parallel on the GPU, eliminating saturation of the GPU compute resources. MPS also enables concurrent execution, or overlapping, of kernel operations and memory copying from different processes to
+enhance utilization.
diff --git a/modules/nvidia-gpu-cuda-streams.adoc b/modules/nvidia-gpu-cuda-streams.adoc
new file mode 100644
index 000000000000..654e63c9261e
--- /dev/null
+++ b/modules/nvidia-gpu-cuda-streams.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-cuda-streams_{context}"]
+= CUDA streams
+
+Compute Unified Device Architecture (CUDA) is a parallel computing platform and programming model developed by NVIDIA for general computing on GPUs.
+
+A stream is a sequence of operations that executes in issue-order on the GPU. CUDA commands are typically executed sequentially in a default stream and a task does not start until a preceding task has completed.
+
+Asynchronous processing of operations across different streams allows for parallel execution of tasks. A task issued in one stream runs before, during, or after another task is issued into another stream. This allows the GPU to run multiple tasks simultaneously in no prescribed order, leading to improved performance.
diff --git a/modules/nvidia-gpu-enablement.adoc b/modules/nvidia-gpu-enablement.adoc
new file mode 100644
index 000000000000..c554e5b68aa6
--- /dev/null
+++ b/modules/nvidia-gpu-enablement.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-enablement_{context}"]
+= NVIDIA GPU enablement
+
+The following diagram shows how the GPU architecture is enabled for OpenShift:
+
+
+.NVIDIA GPU enablement
+image::512_OpenShift_NVIDIA_GPU_enablement_1223.png[NVIDIA GPU enablement]
+
+[NOTE]
+====
+MIG is only supported with A30, A100, A100X, A800, AX800, H100, H200, and H800.
+====
diff --git a/modules/nvidia-gpu-features.adoc b/modules/nvidia-gpu-features.adoc
new file mode 100644
index 000000000000..dc80c1fba232
--- /dev/null
+++ b/modules/nvidia-gpu-features.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-features_{context}"]
+= NVIDIA GPU features for {product-title}
+
+// NVIDIA GPU Operator::
+// The NVIDIA GPU Operator is a Kubernetes Operator that enables {product-title} {VirtProductName} to expose GPUs to virtualized workloads running on {product-title}.
+// It allows users to easily provision and manage GPU-enabled virtual machines, providing them with the ability to run complex artificial intelligence/machine learning (AI/ML) workloads on the same platform as their other workloads.
+// It also provides an easy way to scale the GPU capacity of their infrastructure, allowing for rapid growth of GPU-based workloads.
+
+NVIDIA Container Toolkit::
+NVIDIA Container Toolkit enables you to create and run GPU-accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to use NVIDIA GPUs.
+
+NVIDIA AI Enterprise::
+NVIDIA AI Enterprise is an end-to-end, cloud-native suite of AI and data analytics software optimized, certified, and supported with NVIDIA-Certified systems.
++
+NVIDIA AI Enterprise includes support for Red Hat {product-title}. The following installation methods are supported:
++
+* {product-title} on bare metal or VMware vSphere with GPU Passthrough.
+
+* {product-title} on VMware vSphere with NVIDIA vGPU.
+
+GPU Feature Discovery::
+NVIDIA GPU Feature Discovery for Kubernetes is a software component that enables you to automatically generate labels for the GPUs available on a node. GPU Feature Discovery uses node feature discovery (NFD) to perform this labeling.
++
+The Node Feature Discovery Operator (NFD) manages the discovery of hardware features and configurations in an OpenShift Container Platform cluster by labeling nodes with hardware-specific information. NFD labels the host with node-specific attributes, such as PCI cards, kernel, OS version, and so on.
++
+You can find the NFD Operator in the Operator Hub by searching for “Node Feature Discovery”.
+
+
+NVIDIA GPU Operator with OpenShift Virtualization::
+Up until this point, the GPU Operator only provisioned worker nodes to run GPU-accelerated containers. Now, the GPU Operator can also be used to provision worker nodes for running GPU-accelerated virtual machines (VMs).
++
+You can configure the GPU Operator to deploy different software components to worker nodes depending on which GPU workload is configured to run on those nodes.
+
+GPU Monitoring dashboard::
+You can install a monitoring dashboard to display GPU usage information on the cluster *Observe* page in the {product-title} web console. GPU utilization information includes the number of available GPUs, power consumption (in watts), temperature (in degrees Celsius), utilization (in percent), and other metrics for each GPU.
diff --git a/modules/nvidia-gpu-gcp-adding-a-gpu-node.adoc b/modules/nvidia-gpu-gcp-adding-a-gpu-node.adoc
index 63b548621230..13b3cb0e09be 100644
--- a/modules/nvidia-gpu-gcp-adding-a-gpu-node.adoc
+++ b/modules/nvidia-gpu-gcp-adding-a-gpu-node.adoc
@@ -2,7 +2,7 @@
 //
 //  * machine_management/creating-machinesets/creating-machineset-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nvidia-gpu-gcp-adding-a-gpu-node_{context}"]
 = Adding a GPU node to an existing {product-title} cluster
 
@@ -156,13 +156,13 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                                                             STATUS     ROLES                  AGE     VERSION
-myclustername-2pt9p-master-0.c.openshift-qe.internal             Ready      control-plane,master   8h      v1.26.0
-myclustername-2pt9p-master-1.c.openshift-qe.internal             Ready      control-plane,master   8h      v1.26.0
-myclustername-2pt9p-master-2.c.openshift-qe.internal             Ready      control-plane,master   8h      v1.26.0
-myclustername-2pt9p-worker-a-mxtnz.c.openshift-qe.internal       Ready      worker                 8h      v1.26.0
-myclustername-2pt9p-worker-b-9pzzn.c.openshift-qe.internal       Ready      worker                 8h      v1.26.0
-myclustername-2pt9p-worker-c-6pbg6.c.openshift-qe.internal       Ready      worker                 8h      v1.26.0
-myclustername-2pt9p-worker-gpu-a-wxcr6.c.openshift-qe.internal   Ready      worker                 4h35m   v1.26.0
+myclustername-2pt9p-master-0.c.openshift-qe.internal             Ready      control-plane,master   8h      v1.28.5
+myclustername-2pt9p-master-1.c.openshift-qe.internal             Ready      control-plane,master   8h      v1.28.5
+myclustername-2pt9p-master-2.c.openshift-qe.internal             Ready      control-plane,master   8h      v1.28.5
+myclustername-2pt9p-worker-a-mxtnz.c.openshift-qe.internal       Ready      worker                 8h      v1.28.5
+myclustername-2pt9p-worker-b-9pzzn.c.openshift-qe.internal       Ready      worker                 8h      v1.28.5
+myclustername-2pt9p-worker-c-6pbg6.c.openshift-qe.internal       Ready      worker                 8h      v1.28.5
+myclustername-2pt9p-worker-gpu-a-wxcr6.c.openshift-qe.internal   Ready      worker                 4h35m   v1.28.5
 ----
 
 . View the machines and machine sets that exist in the `openshift-machine-api` namespace by running the following command. Each compute machine set is associated with a different availability zone within the GCP region. The installer automatically load balances compute machines across availability zones.
@@ -211,16 +211,16 @@ $ oc get machineset myclustername-2pt9p-worker-a -n openshift-machine-api -o jso
 * Rename the machine set `name` by inserting the substring `gpu` in `metadata.name` and in both instances of `machine.openshift.io/cluster-api-machineset`.
 * Change the `machineType` of the new `MachineSet` definition to `a2-highgpu-1g`, which includes an NVIDIA A100 GPU.
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-jq .spec.template.spec.providerSpec.value.machineType ocp_4.13_machineset-a2-highgpu-1g.json
+jq .spec.template.spec.providerSpec.value.machineType ocp_{product-version}_machineset-a2-highgpu-1g.json
 
 "a2-highgpu-1g"
 ----
 +
-The `<output_file.json>` file is saved as `ocp_4.13_machineset-a2-highgpu-1g.json`.
+The `<output_file.json>` file is saved as `ocp_{product-version}_machineset-a2-highgpu-1g.json`.
 
-. Update the following fields in `ocp_4.13_machineset-a2-highgpu-1g.json`:
+. Update the following fields in `ocp_{product-version}_machineset-a2-highgpu-1g.json`:
 +
 * Change `.metadata.name` to a name containing `gpu`.
 
@@ -242,9 +242,9 @@ to match the new `.metadata.name`.
 
 . To verify your changes, perform a `diff` of the original compute definition and the new GPU-enabled node definition by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get machineset/myclustername-2pt9p-worker-a -n openshift-machine-api -o json | diff ocp_4.13_machineset-a2-highgpu-1g.json -
+$ oc get machineset/myclustername-2pt9p-worker-a -n openshift-machine-api -o json | diff ocp_{product-version}_machineset-a2-highgpu-1g.json -
 ----
 +
 .Example output
@@ -272,9 +272,9 @@ $ oc get machineset/myclustername-2pt9p-worker-a -n openshift-machine-api -o jso
 
 . Create the GPU-enabled compute machine set from the definition file by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc create -f ocp_4.13_machineset-a2-highgpu-1g.json
+$ oc create -f ocp_{product-version}_machineset-a2-highgpu-1g.json
 ----
 +
 .Example output
diff --git a/modules/nvidia-gpu-kvm.adoc b/modules/nvidia-gpu-kvm.adoc
new file mode 100644
index 000000000000..97f5c6f8a4e3
--- /dev/null
+++ b/modules/nvidia-gpu-kvm.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-kvm_{context}"]
+= GPUs and Red Hat KVM
+
+You can use {product-title} on an NVIDIA-certified kernel-based virtual machine (KVM) server.
+
+Similar to bare-metal deployments, one or three or more servers are required. Clusters with two servers are not supported.
+
+However, unlike bare-metal deployments, you can use different types of GPUs in the server. This is because you can assign these GPUs to different VMs that act as Kubernetes nodes. The only limitation is that a Kubernetes node must have the same set of GPU types at its own level.
+
+You can choose one of the following methods to access the containerized GPUs:
+
+* GPU passthrough for accessing and using GPU hardware within a virtual machine (VM)
+
+* GPU (vGPU) time-slicing when not all of the GPU is needed
+
+To enable the vGPU capability, a special driver must be installed at the host level. This driver is delivered as a RPM package. This host driver is not required at all for GPU passthrough allocation.
diff --git a/modules/nvidia-gpu-mig-gpu.adoc b/modules/nvidia-gpu-mig-gpu.adoc
new file mode 100644
index 000000000000..80e34cd76776
--- /dev/null
+++ b/modules/nvidia-gpu-mig-gpu.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-mig-gpu_{context}"]
+= Multi-instance GPU
+
+Using Multi-instance GPU (MIG), you can split GPU compute units and memory into multiple MIG instances. Each of these instances represents a standalone GPU device from a system perspective and can be connected to any application, container, or virtual machine running on the node. The software that uses the GPU treats each of these MIG instances as an individual GPU.
+
+MIG is useful when you have an application that does not require the full power of an entire GPU. The MIG feature of the new NVIDIA Ampere architecture enables you to split your hardware resources into multiple GPU instances, each of which is available to the operating system as an independent CUDA-enabled GPU.
+
+NVIDIA GPU Operator version 1.7.0 and higher provides MIG support for the A100 and A30 Ampere cards. These GPU instances are designed to support up to seven multiple independent CUDA applications so that they operate completely isolated with dedicated hardware resources.
diff --git a/modules/nvidia-gpu-prerequisites.adoc b/modules/nvidia-gpu-prerequisites.adoc
new file mode 100644
index 000000000000..94111d0ba08e
--- /dev/null
+++ b/modules/nvidia-gpu-prerequisites.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-prerequisites_{context}"]
+= NVIDIA GPU prerequisites
+
+* A working OpenShift cluster with at least one GPU worker node.
+
+* Access to the OpenShift cluster as a `cluster-admin` to perform the required steps.
+
+* OpenShift CLI (`oc`) is installed.
+
+* The node feature discovery (NFD) Operator is installed and a `nodefeaturediscovery` instance is created.
diff --git a/modules/nvidia-gpu-red-hat-device-edge.adoc b/modules/nvidia-gpu-red-hat-device-edge.adoc
new file mode 100644
index 000000000000..e91a916ad355
--- /dev/null
+++ b/modules/nvidia-gpu-red-hat-device-edge.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-red-hat-device-edge_{context}"]
+= GPUs and Red Hat Device Edge
+
+Red Hat Device Edge provides access to MicroShift. MicroShift provides the simplicity of a single-node deployment with the functionality and services you need for resource-constrained (edge) computing. Red Hat Device Edge meets the needs of bare-metal, virtual, containerized, or Kubernetes workloads deployed in resource-constrained environments.
+
+You can enable NVIDIA GPUs on containers in a Red Hat Device Edge environment.
+
+You use GPU passthrough to access the containerized GPUs.
diff --git a/modules/nvidia-gpu-sharing-methods.adoc b/modules/nvidia-gpu-sharing-methods.adoc
new file mode 100644
index 000000000000..41658f2a3ff9
--- /dev/null
+++ b/modules/nvidia-gpu-sharing-methods.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-sharing-methods_{context}"]
+= GPU sharing methods
+
+Red{nbsp}Hat and NVIDIA have developed GPU concurrency and sharing mechanisms to simplify GPU-accelerated computing on an enterprise-level {product-title} cluster.
+
+Applications typically have different compute requirements that can leave GPUs underutilized. Providing the right amount of compute resources for each workload is critical to reduce deployment cost and maximize GPU utilization.
+
+Concurrency mechanisms for improving GPU utilization exist that range from programming model APIs to system software and hardware partitioning, including virtualization. The following list shows the GPU concurrency mechanisms:
+
+* Compute Unified Device Architecture (CUDA) streams
+* Time-slicing
+* CUDA Multi-Process Service (MPS)
+* Multi-instance GPU (MIG)
+* Virtualization with vGPU
+
+Consider the following GPU sharing suggestions when using the GPU concurrency mechanisms for different {product-title} scenarios:
+
+Bare metal:: vGPU is not available. Consider using MIG-enabled cards.
+VMs:: vGPU is the best choice.
+Older NVIDIA cards with no MIG on bare metal:: Consider using time-slicing.
+VMs with multiple GPUs and you want passthrough and vGPU:: Consider using separate VMs.
+Bare metal with {VirtProductName} and multiple GPUs:: Consider using pass-through for hosted VMs and time-slicing for containers.
diff --git a/modules/nvidia-gpu-time-slicing.adoc b/modules/nvidia-gpu-time-slicing.adoc
new file mode 100644
index 000000000000..382d626e0ffb
--- /dev/null
+++ b/modules/nvidia-gpu-time-slicing.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-time-slicing_{context}"]
+= Time-slicing
+
+GPU time-slicing interleaves workloads scheduled on overloaded GPUs when you are running multiple CUDA applications.
+
+You can enable time-slicing of GPUs on Kubernetes by defining a set of replicas for a GPU, each of which can be independently distributed to a pod to run workloads on. Unlike multi-instance GPU (MIG), there is no memory or fault isolation between replicas, but for some workloads this is better than not sharing at all. Internally, GPU time-slicing is used to multiplex workloads from replicas of the same underlying GPU.
+
+You can apply a cluster-wide default configuration for time-slicing. You can also apply node-specific configurations. For example, you can apply a time-slicing configuration only to nodes with Tesla T4 GPUs and not modify nodes with other GPU models.
+
+You can combine these two approaches by applying a cluster-wide default configuration and then labeling nodes to give those nodes a node-specific configuration.
diff --git a/modules/nvidia-gpu-virtualization-with-gpu.adoc b/modules/nvidia-gpu-virtualization-with-gpu.adoc
new file mode 100644
index 000000000000..bba1ccf13e10
--- /dev/null
+++ b/modules/nvidia-gpu-virtualization-with-gpu.adoc
@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-virtualization-with-gpu_{context}"]
+= Virtualization with vGPU
+
+Virtual machines (VMs) can directly access a single physical GPU using NVIDIA vGPU. You can create virtual GPUs that can be shared by VMs across the enterprise and accessed by other devices.
+
+This capability combines the power of GPU performance with the management and security benefits provided by vGPU. Additional benefits provided by vGPU includes proactive management and monitoring for your VM environment, workload balancing for mixed VDI and compute workloads, and resource sharing across multiple VMs.
diff --git a/modules/nvidia-gpu-virtualization.adoc b/modules/nvidia-gpu-virtualization.adoc
new file mode 100644
index 000000000000..9b70d95c9001
--- /dev/null
+++ b/modules/nvidia-gpu-virtualization.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-virtualization_{context}"]
+= GPUs and virtualization
+
+Many developers and enterprises are moving to containerized applications and serverless infrastructures, but there is still a lot of interest in developing and maintaining applications that run on virtual machines (VMs). Red Hat OpenShift Virtualization provides this capability, enabling enterprises to incorporate VMs into containerized workflows within clusters.
+
+You can choose one of the following methods to connect the worker nodes to the GPUs:
+
+* GPU passthrough to access and use GPU hardware within a virtual machine (VM).
+
+* GPU (vGPU) time-slicing, when GPU compute capacity is not saturated by workloads.
diff --git a/modules/nvidia-gpu-vsphere.adoc b/modules/nvidia-gpu-vsphere.adoc
new file mode 100644
index 000000000000..997177bfb32c
--- /dev/null
+++ b/modules/nvidia-gpu-vsphere.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * architecture/nvidia-gpu-architecture-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nvidia-gpu-vsphere_{context}"]
+= GPUs and vSphere
+
+You can deploy {product-title} on an NVIDIA-certified VMware vSphere server that can host different GPU types.
+
+An NVIDIA GPU driver must be installed in the hypervisor in case vGPU instances are used by the VMs. For VMware vSphere, this host driver is provided in the form of a VIB file.
+
+The maximum number of vGPUS that can be allocated to worker node VMs depends on the version of vSphere:
+
+* vSphere 7.0: maximum 4 vGPU per VM
+* vSphere 8.0: maximum 8 vGPU per VM
++
+[NOTE]
+====
+vSphere 8.0 introduced support for multiple full or fractional heterogenous profiles associated with a VM.
+====
+
+You can choose one of the following methods to attach the worker nodes to the GPUs:
+
+* GPU passthrough for accessing and using GPU hardware within a virtual machine (VM)
+
+* GPU (vGPU) time-slicing, when not all of the GPU is needed
+
+Similar to bare metal deployments, one or three or more servers are required. Clusters with two servers are not supported.
diff --git a/modules/nw-about-configuring-master-interface-container.adoc b/modules/nw-about-configuring-master-interface-container.adoc
new file mode 100644
index 000000000000..81fbef538d86
--- /dev/null
+++ b/modules/nw-about-configuring-master-interface-container.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-additional-network.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="nw-about-configuring-master-interface-container_{context}"]
+= About configuring the master interface in the container network namespace
+
+In {product-title} 4.14 and later, the ability to allow users to create a MAC-VLAN, IP-VLAN, and VLAN subinterface based on a master interface in a container namespace is now generally available.
+
+This feature allows you to create the master interfaces as part of the pod network configuration in a separate network attachment definition. You can then base the VLAN, MACVLAN, or IPVLAN on this interface without requiring the knowledge of the network configuration of the node.
+
+To ensure the use of a container namespace master interface, specify the `linkInContainer` and set the value to `true` in the VLAN, MACVLAN, or IPVLAN plugin configuration depending on the particular type of additional network.
\ No newline at end of file
diff --git a/modules/nw-about-multicast.adoc b/modules/nw-about-multicast.adoc
index 1f4298e4b6df..d62a2b15345f 100644
--- a/modules/nw-about-multicast.adoc
+++ b/modules/nw-about-multicast.adoc
@@ -12,7 +12,7 @@ ifeval::["{context}" == "ovn-kubernetes-enabling-multicast"]
 :sdn: OVN-Kubernetes
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-about-multicast_{context}"]
 = About multicast
 
@@ -20,8 +20,8 @@ With IP multicast, data is broadcast to many IP addresses simultaneously.
 
 [IMPORTANT]
 ====
-At this time, multicast is best used for low-bandwidth coordination or service
-discovery and not a high-bandwidth solution.
+* At this time, multicast is best used for low-bandwidth coordination or service discovery and not a high-bandwidth solution.
+* By default, network policies affect all connections in a namespace. However, multicast is unaffected by network policies. If multicast is enabled in the same namespace as your network policies, it is always allowed, even if there is a `deny-all` network policy. Cluster administrators should consider the implications to the exemption of multicast from network policies before enabling it.
 ====
 
 Multicast traffic between {product-title} pods is disabled by default. If you are using the {sdn} network plugin, you can enable multicast on a per-project basis.
@@ -49,4 +49,4 @@ ifeval::["{context}" == "ovn-kubernetes-enabling-multicast"]
 endif::[]
 ifdef::sdn[]
 :!sdn:
-endif::sdn[]
+endif::sdn[]
\ No newline at end of file
diff --git a/modules/nw-annotating-a-route-with-a-cookie-name.adoc b/modules/nw-annotating-a-route-with-a-cookie-name.adoc
index 8310c87042e1..fd79f251f24b 100644
--- a/modules/nw-annotating-a-route-with-a-cookie-name.adoc
+++ b/modules/nw-annotating-a-route-with-a-cookie-name.adoc
@@ -6,7 +6,7 @@
 //
 // * networking/configuring-routing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-annotating-a-route-with-a-cookie-name_{context}"]
 = Annotating a route with a cookie
 
diff --git a/modules/nw-autoscaling-ingress-controller.adoc b/modules/nw-autoscaling-ingress-controller.adoc
index 345619e23666..c37d8d2bac81 100644
--- a/modules/nw-autoscaling-ingress-controller.adoc
+++ b/modules/nw-autoscaling-ingress-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-controller-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-autoscaling-ingress-controller_{context}"]
 = Autoscaling an Ingress Controller
 
@@ -12,40 +12,9 @@ Automatically scale an Ingress Controller to dynamically meet routing performanc
 . You have the OpenShift CLI (`oc`) installed.
 . You have access to an {product-title} cluster as a user with the `cluster-admin` role.
 . You have the Custom Metrics Autoscaler Operator installed.
+. You are in the `openshift-ingress-operator` project namespace.
 
 .Procedure
-. Create a project in the `openshift-ingress-operator` namespace by running the following command:
-+
-[source,terminal]
-----
-$ oc project openshift-ingress-operator
-----
-
-. Enable OpenShift monitoring for user-defined projects by creating and applying a config map:
-
-.. Create a new `ConfigMap` object, `cluster-monitoring-config.yaml`:
-+
-.cluster-monitoring-config.yaml
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    enableUserWorkload: true <1>
-----
-+
-<1> When set to `true`, the `enableUserWorkload` parameter enables monitoring for user-defined projects in a cluster.
-
-.. Apply the config map by running the following command:
-+
-[source,terminal]
-----
-$ oc apply -f cluster-monitoring-config.yaml
-----
 
 . Create a service account to authenticate with Thanos by running the following command:
 +
@@ -148,7 +117,7 @@ $ oc apply -f thanos-metrics-reader.yaml
 +
 [source,terminal]
 ----
-$ oc adm policy add-role-to-user thanos-metrics-reader -z thanos --role=namespace=openshift-ingress-operator
+$ oc adm policy add-role-to-user thanos-metrics-reader -z thanos --role-namespace=openshift-ingress-operator
 ----
 +
 [source,terminal]
@@ -184,7 +153,7 @@ spec:
   - type: prometheus
     metricType: AverageValue
     metadata:
-      serverAddress: https://<example-cluster>:9091 <3>
+      serverAddress: https://thanos-querier.openshift-monitoring.svc.cluster.local:9091 <3>
       namespace: openshift-ingress-operator <4>
       metricName: 'kube-node-role'
       threshold: '1'
@@ -195,7 +164,7 @@ spec:
 ----
 <1> The custom resource that you are targeting. In this case, the Ingress Controller.
 <2> Optional: The maximum number of replicas. If you omit this field, the default maximum is set to 100 replicas.
-<3> The cluster address and port.
+<3> The Thanos service endpoint in the `openshift-monitoring` namespace.
 <4> The Ingress Operator namespace.
 <5> This expression evaluates to however many worker nodes are present in the deployed cluster.
 +
diff --git a/modules/nw-aws-load-balancer-logs.adoc b/modules/nw-aws-load-balancer-logs.adoc
index 6d7617456654..81a3c159dd86 100644
--- a/modules/nw-aws-load-balancer-logs.adoc
+++ b/modules/nw-aws-load-balancer-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-load-balancer-operator-logs_{context}"]
 = AWS Load Balancer Operator logs
 
diff --git a/modules/nw-aws-load-balancer-operator-considerations.adoc b/modules/nw-aws-load-balancer-operator-considerations.adoc
new file mode 100644
index 000000000000..e184414e560e
--- /dev/null
+++ b/modules/nw-aws-load-balancer-operator-considerations.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+// * networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="nw-aws-load-balancer-operator-considerations_{context}"]
+= AWS Load Balancer Operator considerations
+
+Review the following limitations before installing and using the AWS Load Balancer Operator.
+
+* The IP traffic mode only works on AWS Elastic Kubernetes Service (EKS). The AWS Load Balancer Operator disables the IP traffic mode for the AWS Load Balancer Controller. As a result of disabling the IP traffic mode, the AWS Load Balancer Controller cannot use the pod readiness gate.
+
+* The AWS Load Balancer Operator adds command-line flags such as `--disable-ingress-class-annotation` and `--disable-ingress-group-name-annotation` to the AWS Load Balancer Controller. Therefore, the AWS Load Balancer Operator does not allow using the `kubernetes.io/ingress.class` and `alb.ingress.kubernetes.io/group.name` annotations in the `Ingress` resource.
\ No newline at end of file
diff --git a/modules/nw-aws-load-balancer-operator.adoc b/modules/nw-aws-load-balancer-operator.adoc
index de98c601bbf4..aa03d1be26db 100644
--- a/modules/nw-aws-load-balancer-operator.adoc
+++ b/modules/nw-aws-load-balancer-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-load-balancer-operator_{context}"]
 = AWS Load Balancer Operator
 
@@ -13,10 +13,6 @@ The AWS Load Balancer Operator can tag the public subnets if the `kubernetes.io/
 
 The AWS Load Balancer Operator supports the Kubernetes service resource of type `LoadBalancer` by using Network Load Balancer (NLB) with the `instance` target type only.
 
-.Prerequisites
-
-* You must have the AWS credentials secret. The credentials are used to provide subnet tagging and VPC discovery.
-
 .Procedure
 
 . You can deploy the AWS Load Balancer Operator on demand from the OperatorHub, by creating a `Subscription` object:
diff --git a/modules/nw-aws-nlb-existing-cluster.adoc b/modules/nw-aws-nlb-existing-cluster.adoc
index 46e48635cf40..89e9465ece6b 100644
--- a/modules/nw-aws-nlb-existing-cluster.adoc
+++ b/modules/nw-aws-nlb-existing-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-nlb-existing-cluster_{context}"]
 = Configuring an Ingress Controller Network Load Balancer on an existing AWS cluster
 
diff --git a/modules/nw-aws-nlb-new-cluster.adoc b/modules/nw-aws-nlb-new-cluster.adoc
index ab845fbadc59..9a79b5fec4a3 100644
--- a/modules/nw-aws-nlb-new-cluster.adoc
+++ b/modules/nw-aws-nlb-new-cluster.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-network-customizations.adoc
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-nlb-new-cluster_{context}"]
 = Configuring an Ingress Controller Network Load Balancer on a new AWS cluster
 
diff --git a/modules/nw-aws-replacing-clb-with-nlb.adoc b/modules/nw-aws-replacing-clb-with-nlb.adoc
index cbef3e3b62c2..479cc982bcd4 100644
--- a/modules/nw-aws-replacing-clb-with-nlb.adoc
+++ b/modules/nw-aws-replacing-clb-with-nlb.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-replacing-clb-with-nlb_{context}"]
 = Replacing Ingress Controller Classic Load Balancer with Network Load Balancer
 
diff --git a/modules/nw-aws-switching-clb-with-nlb.adoc b/modules/nw-aws-switching-clb-with-nlb.adoc
index 5816c64c1d6d..e98f668a975b 100644
--- a/modules/nw-aws-switching-clb-with-nlb.adoc
+++ b/modules/nw-aws-switching-clb-with-nlb.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-switching-clb-with-nlb_{context}"]
 = Switching the Ingress Controller from using a Classic Load Balancer to a Network Load Balancer
 
diff --git a/modules/nw-aws-switching-nlb-with-clb.adoc b/modules/nw-aws-switching-nlb-with-clb.adoc
index 81f988756e60..8c8d9fe81320 100644
--- a/modules/nw-aws-switching-nlb-with-clb.adoc
+++ b/modules/nw-aws-switching-nlb-with-clb.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-aws-switching-nlb-with-clb_{context}"]
 = Switching the Ingress Controller from using a Network Load Balancer to a Classic Load Balancer
 
diff --git a/modules/nw-cfg-config-all-multi-cni.adoc b/modules/nw-cfg-config-all-multi-cni.adoc
new file mode 100644
index 000000000000..a85962e707e3
--- /dev/null
+++ b/modules/nw-cfg-config-all-multi-cni.adoc
@@ -0,0 +1,165 @@
+// Module included in the following assemblies:
+//
+// * networking/setting-interface-level-network-sysctls.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="nw-enabling-all-multi-cni_{context}"]
+= Enabling all-multicast mode by using the tuning CNI
+
+You can enable all-multicast mode by using the tuning Container Network Interface (CNI) meta plugin.
+
+The following procedure describes how to configure the tuning CNI to enable the all-multicast mode.
+
+.Procedure
+
+. Create a network attachment definition, such as `tuning-example.yaml`, with the following content:
++
+[source,yaml]
+----
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: <name> <1>
+  namespace: default <2>
+spec:
+  config: '{
+    "cniVersion": "0.4.0", <3>
+    "name": "<name>", <4>
+    "plugins": [{
+       "type": "<main_CNI_plugin>" <5>
+      },
+      {
+       "type": "tuning", <6>
+       "allmulti": true <7>
+        }
+      }
+     ]
+}
+----
+<1> Specifies the name for the additional network attachment to create. The name must be unique within the specified namespace.
+<2> Specifies the namespace that the object is associated with.
+<3> Specifies the CNI specification version.
+<4> Specifies the name for the configuration. Match the configuration name to the name value of the network attachment definition.
+<5> Specifies the name of the main CNI plugin to configure.
+<6> Specifies the name of the CNI meta plugin.
+<7> Changes the all-multicast mode of interface. If enabled, all multicast packets on the network will be received by the interface.
++
+An example YAML file is shown here:
++
+[source,yaml]
+----
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: setallmulti
+  namespace: default
+spec:
+  config: '{
+    "cniVersion": "0.4.0",
+    "name": "setallmulti",
+    "plugins": [
+      {
+        "type": "bridge"
+      },
+      {
+        "type": "tuning",
+        "allmulti": true
+      }
+    ]
+  }'
+----
+
+. Apply the settings specified in the YAML file by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f tuning-allmulti.yaml
+----
++
+.Example output
+[source,terminal]
+----
+networkattachmentdefinition.k8s.cni.cncf.io/setallmulti created
+----
+
+. Create a pod with a network attachment definition similar to that specified in the following `examplepod.yaml` sample file:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: allmultipod
+  namespace: default
+  annotations:
+    k8s.v1.cni.cncf.io/networks: setallmulti <1>
+spec:
+  containers:
+  - name: podexample
+    image: centos
+    command: ["/bin/bash", "-c", "sleep INF"]
+    securityContext:
+      runAsUser: 2000 <2>
+      runAsGroup: 3000 <3>
+      allowPrivilegeEscalation: false <4>
+      capabilities: <5>
+        drop: ["ALL"]
+  securityContext:
+    runAsNonRoot: true <6>
+    seccompProfile: <7>
+      type: RuntimeDefault
+----
+<1> Specifies the name of the configured `NetworkAttachmentDefinition`.
+<2> Specifies the user ID the container is run with.
+<3> Specifies which primary group ID the containers is run with.
+<4> Specifies if a pod can request privilege escalation. If unspecified, it defaults to `true`. This boolean directly controls whether the `no_new_privs` flag gets set on the container process.
+<5> Specifies the container capabilities. The `drop: ["ALL"]` statement indicates that all Linux capabilities are dropped from the pod, providing a more restrictive security profile.
+<6> Specifies that the container will run with a user with any UID other than 0.
+<7> Specifies the container's seccomp profile. In this case, the type is set to `RuntimeDefault`. Seccomp is a Linux kernel feature that restricts the system calls available to a process, enhancing security by minimizing the attack surface.
+
+. Apply the settings specified in the YAML file by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f examplepod.yaml
+----
+
+. Verify that the pod is created by running the following command:
++
+[source,terminal]
+----
+$ oc get pod
+----
++
+.Example output
+[source,terminal]
+----
+NAME          READY   STATUS    RESTARTS   AGE
+allmultipod   1/1     Running   0          23s
+----
+
+. Log in to the pod by running the following command:
++
+[source,terminal]
+----
+$ oc rsh allmultipod
+----
+
+. List all the interfaces associated with the pod by running the following command:
++
+[source,terminal]
+----
+sh-4.4# ip link
+----
++
+.Example output
+[source,terminal]
+----
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+2: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8901 qdisc noqueue state UP mode DEFAULT group default
+    link/ether 0a:58:0a:83:00:10 brd ff:ff:ff:ff:ff:ff link-netnsid 0 <1>
+3: net1@if24: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
+    link/ether ee:9b:66:a4:ec:1d brd ff:ff:ff:ff:ff:ff link-netnsid 0 <2>
+----
+<1> `eth0@if22` is the primary interface
+<2> `net1@if24` is the secondary interface configured with the network-attachment-definition that supports the all-multicast mode (ALLMULTI flag)
\ No newline at end of file
diff --git a/modules/nw-cfg-tuning-interface-cni.adoc b/modules/nw-cfg-tuning-interface-cni.adoc
index a74479ff4eee..0b9d7bd1109d 100644
--- a/modules/nw-cfg-tuning-interface-cni.adoc
+++ b/modules/nw-cfg-tuning-interface-cni.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
 // * networking/setting-interface-level-network-sysctls.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-tuning-cni_{context}"]
-= Configuring the tuning CNI
+= Configuring system controls by using the tuning CNI
 
-The following procedure configures the tuning CNI to change the interface-level network `net.ipv4.conf.IFNAME.accept_redirects` sysctl. This example enables accepting and sending ICMP-redirected packets.
+The following procedure configures the tuning CNI to change the interface-level network `net.ipv4.conf.IFNAME.accept_redirects` sysctl. This example enables accepting and sending ICMP-redirected packets. In the tuning CNI meta plugin configuration, the interface name is represented by the `IFNAME` token and is replaced with the actual name of the interface at runtime.
 
 .Procedure
 
@@ -22,7 +22,7 @@ spec:
   config: '{
     "cniVersion": "0.4.0", <3>
     "name": "<name>", <4>
-    "plugins": [{  
+    "plugins": [{
        "type": "<main_CNI_plugin>" <5>
       },
       {
@@ -38,11 +38,11 @@ spec:
 <2> Specifies the namespace that the object is associated with.
 <3> Specifies the CNI specification version.
 <4> Specifies the name for the configuration. It is recommended to match the configuration name to the name value of the network attachment definition.
-<5> Specifies the name of the main CNI plugin to configure.  
+<5> Specifies the name of the main CNI plugin to configure.
 <6> Specifies the name of the CNI meta plugin.
-<7> Specifies the sysctl to set.
+<7> Specifies the sysctl to set. The interface name is represented by the `IFNAME` token and is replaced with the actual name of the interface at runtime.
 +
-An example yaml file is shown here: 
+An example YAML file is shown here:
 +
 [source,yaml]
 ----
@@ -68,7 +68,7 @@ spec:
 }'
 ----
 
-. Apply the yaml by running the following command:
+. Apply the YAML by running the following command:
 +
 [source,terminal]
 ----
@@ -112,8 +112,8 @@ spec:
 <2> `runAsUser` controls which user ID the container is run with.
 <3> `runAsGroup` controls which primary group ID the containers is run with.
 <4> `allowPrivilegeEscalation` determines if a pod can request to allow privilege escalation. If unspecified, it defaults to true. This boolean directly controls whether the `no_new_privs` flag gets set on the container process.
-<5> `capabilities` permit privileged actions without giving full root access. This policy ensures all capabilities are dropped from the pod. 
-<6> `runAsNonRoot: true` requires that the container will run with a user with any UID other than 0. 
+<5> `capabilities` permit privileged actions without giving full root access. This policy ensures all capabilities are dropped from the pod.
+<6> `runAsNonRoot: true` requires that the container will run with a user with any UID other than 0.
 <7> `RuntimeDefault` enables the default seccomp profile for a pod or container workload.
 
 . Apply the yaml by running the following command:
@@ -148,7 +148,7 @@ $ oc rsh tunepod
 +
 [source,terminal]
 ----
-sh-4.4# sysctl net.ipv4.conf.net1.accept_redirects 
+sh-4.4# sysctl net.ipv4.conf.net1.accept_redirects
 ----
 +
 .Expected output
diff --git a/modules/nw-cluster-mtu-change-about.adoc b/modules/nw-cluster-mtu-change-about.adoc
index 0520651c6e2b..47e7c5ae0486 100644
--- a/modules/nw-cluster-mtu-change-about.adoc
+++ b/modules/nw-cluster-mtu-change-about.adoc
@@ -1,17 +1,18 @@
 // Module included in the following assemblies:
 //
 // * networking/changing-cluster-network-mtu.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-cluster-mtu-change-about_{context}"]
 = About the cluster MTU
 
-During installation the maximum transmission unit (MTU) for the cluster network is detected automatically based on the MTU of the primary network interface of nodes in the cluster. You do not normally need to override the detected MTU.
+During installation the maximum transmission unit (MTU) for the cluster network is detected automatically based on the MTU of the primary network interface of nodes in the cluster. You do not usually need to override the detected MTU.
 
 You might want to change the MTU of the cluster network for several reasons:
 
-* The MTU detected during cluster installation is not correct for your infrastructure
-* Your cluster infrastructure now requires a different MTU, such as from the addition of nodes that need a different MTU for optimal performance
+* The MTU detected during cluster installation is not correct for your infrastructure.
+* Your cluster infrastructure now requires a different MTU, such as from the addition of nodes that need a different MTU for optimal performance.
 
 You can change the cluster MTU for only the OVN-Kubernetes and OpenShift SDN cluster network plugins.
 
diff --git a/modules/nw-cluster-mtu-change.adoc b/modules/nw-cluster-mtu-change.adoc
index 40fc583387c8..d369be5a2467 100644
--- a/modules/nw-cluster-mtu-change.adoc
+++ b/modules/nw-cluster-mtu-change.adoc
@@ -1,14 +1,21 @@
 // Module included in the following assemblies:
 //
 // * networking/changing-cluster-network-mtu.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:localzone:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="nw-cluster-mtu-change_{context}"]
 = Changing the cluster MTU
 
 As a cluster administrator, you can change the maximum transmission unit (MTU) for your cluster. The migration is disruptive and nodes in your cluster might be temporarily unavailable as the MTU update rolls out.
 
+ifndef::localzone[]
 The following procedure describes how to change the cluster MTU by using either machine configs, DHCP, or an ISO. If you use the DHCP or ISO approach, you must refer to configuration artifacts that you kept after installing your cluster to complete the procedure.
+endif::localzone[]
 
 .Prerequisites
 
@@ -44,6 +51,7 @@ Status:
 ...
 ----
 
+ifndef::localzone[]
 . Prepare your configuration for the hardware MTU:
 
 ** If your hardware MTU is specified with DHCP, update your DHCP configuration such as with the following dnsmasq configuration:
@@ -158,6 +166,7 @@ $ for manifest in control-plane-interface worker-interface; do
     butane --files-dir . $manifest.bu > $manifest.yaml
   done
 ----
+endif::localzone[]
 
 . To begin the MTU migration, specify the migration configuration by entering the following command. The Machine Config Operator performs a rolling reboot of the nodes in the cluster in preparation for the MTU change.
 +
@@ -238,6 +247,7 @@ The machine config must include the following update to the systemd configuratio
 ExecStart=/usr/local/bin/mtu-migration.sh
 ----
 
+ifndef::localzone[]
 . Update the underlying network interface MTU value:
 
 ** If you are specifying the new MTU with a NetworkManager connection configuration, enter the following command. The MachineConfig Operator automatically performs a rolling reboot of the nodes in your cluster.
@@ -303,6 +313,7 @@ where `<config_name>` is the name of the machine config from the `machineconfigu
 If the machine config is successfully deployed, the previous output contains the `/etc/NetworkManager/system-connections/<connection_name>` file path.
 +
 The machine config must not contain the `ExecStart=/usr/local/bin/mtu-migration.sh` line.
+endif::localzone[]
 
 . To finalize the MTU migration, enter one of the following commands:
 ** If you are using the OVN-Kubernetes network plugin:
@@ -334,8 +345,27 @@ where:
 `<mtu>`:: Specifies the new cluster network MTU that you specified with `<overlay_to>`.
 --
 
+. After finalizing the MTU migration, each MCP node is rebooted one by one. You must wait until all the nodes are updated. Check the machine config pool status by entering the following command:
++
+[source,terminal]
+----
+$ oc get mcp
+----
++
+A successfully updated node has the following status: `UPDATED=true`, `UPDATING=false`, `DEGRADED=false`.
+
 .Verification
 
+ifdef::localzone[]
+* Verify that the node in your cluster uses the MTU that you specified in the previous procedure by entering the following command:
++
+[source,terminal]
+----
+$ oc describe network.config cluster
+----
+endif::localzone[]
+
+ifndef::localzone[]
 You can verify that a node in your cluster uses an MTU that you specified in the previous procedure.
 
 . To get the current MTU for the cluster network, enter the following command:
@@ -373,3 +403,8 @@ where:
 ----
 ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8051
 ----
+endif::localzone[]
+
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:!localzone:
+endif::[]
diff --git a/modules/nw-cluster-network-operator.adoc b/modules/nw-cluster-network-operator.adoc
index 0b2433d77540..e6dd744c0320 100644
--- a/modules/nw-cluster-network-operator.adoc
+++ b/modules/nw-cluster-network-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/cluster-network-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-cluster-network-operator_{context}"]
 = Cluster Network Operator
 
diff --git a/modules/nw-cluster-network-range-edit.adoc b/modules/nw-cluster-network-range-edit.adoc
index d850af29408d..817d93ced893 100644
--- a/modules/nw-cluster-network-range-edit.adoc
+++ b/modules/nw-cluster-network-range-edit.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-cluster-network-range.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-cluster-network-range-edit_{context}"]
 = Expanding the cluster network IP address range
 
diff --git a/modules/nw-cno-logs.adoc b/modules/nw-cno-logs.adoc
index 75b226149f44..41a67ba7630b 100644
--- a/modules/nw-cno-logs.adoc
+++ b/modules/nw-cno-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/cluster-network-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-cno-logs_{context}"]
 = Viewing Cluster Network Operator logs
 
diff --git a/modules/nw-cno-status.adoc b/modules/nw-cno-status.adoc
index d3d44e0869b7..620df078d252 100644
--- a/modules/nw-cno-status.adoc
+++ b/modules/nw-cno-status.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/cluster-network-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-cno-status_{context}"]
 = Viewing Cluster Network Operator status
 
diff --git a/modules/nw-cno-view.adoc b/modules/nw-cno-view.adoc
index 8b449fbcf1c7..e113f2d7232a 100644
--- a/modules/nw-cno-view.adoc
+++ b/modules/nw-cno-view.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/cluster-network-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-cno-view_{context}"]
 = Viewing the cluster network configuration
 
diff --git a/modules/nw-columbiaville-ptp-config-refererence.adoc b/modules/nw-columbiaville-ptp-config-refererence.adoc
index b0d297d7e54b..6a465bc77fcd 100644
--- a/modules/nw-columbiaville-ptp-config-refererence.adoc
+++ b/modules/nw-columbiaville-ptp-config-refererence.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-columbiaville-ptp-config-refererence_{context}"]
 = Intel Columbiaville E800 series NIC as PTP ordinary clock reference
 
-The following table describes the changes that you must make to the reference PTP configuration in order to use Intel Columbiaville E800 series NICs as ordinary clocks. Make the changes in a `PtpConfig` custom resource (CR) that you apply to the cluster.
+The following table describes the changes that you must make to the reference PTP configuration to use Intel Columbiaville E800 series NICs as ordinary clocks. Make the changes in a `PtpConfig` custom resource (CR) that you apply to the cluster.
 
 .Recommended PTP settings for Intel Columbiaville NIC
 [options="header"]
@@ -21,6 +21,3 @@ The following table describes the changes that you must make to the reference PT
 ====
 For `phc2sysOpts`, `-m` prints messages to `stdout`. The `linuxptp-daemon` `DaemonSet` parses the logs and generates Prometheus metrics.
 ====
-
-
-
diff --git a/modules/nw-configure-ingress-access-logging.adoc b/modules/nw-configure-ingress-access-logging.adoc
index bbc1fb899516..5918589a55ad 100644
--- a/modules/nw-configure-ingress-access-logging.adoc
+++ b/modules/nw-configure-ingress-access-logging.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configure-ingress-access-logging_{context}"]
 = Configuring Ingress access logging
 
@@ -116,3 +116,47 @@ spec:
   logging:
     access: null
 ----
+
+Allow the Ingress Controller to modify the HAProxy log length when using a sidecar.
+
+* Use `spec.logging.access.destination.syslog.maxLength` if you are using `spec.logging.access.destination.type: Syslog`.
+
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+spec:
+  replicas: 2
+  logging:
+    access:
+      destination:
+        type: Syslog
+        syslog:
+          address: 1.2.3.4
+          maxLength: 4096
+          port: 10514
+----
+* Use `spec.logging.access.destination.container.maxLength` if you are using `spec.logging.access.destination.type: Container`.
+
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+spec:
+  replicas: 2
+  logging:
+    access:
+      destination:
+        type: Container
+        container:
+          maxLength: 8192
+----
+
diff --git a/modules/nw-configure-sysctl-interface-sriov-network-bonded.adoc b/modules/nw-configure-sysctl-interface-sriov-network-bonded.adoc
index 19d7abe3373f..8c033ae398d9 100644
--- a/modules/nw-configure-sysctl-interface-sriov-network-bonded.adoc
+++ b/modules/nw-configure-sysctl-interface-sriov-network-bonded.adoc
@@ -2,7 +2,7 @@
 //
 //networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-sysctl-on-bonded-sriov-network_{context}"]
 = Configuring sysctl on a bonded SR-IOV network
 
diff --git a/modules/nw-configure-sysctl-interface-sriov-network.adoc b/modules/nw-configure-sysctl-interface-sriov-network.adoc
index 0ca2aee4cb93..190746423964 100644
--- a/modules/nw-configure-sysctl-interface-sriov-network.adoc
+++ b/modules/nw-configure-sysctl-interface-sriov-network.adoc
@@ -2,9 +2,9 @@
 //
 //networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-sysctl-on-sriov-network_{context}"]
-= Configuring sysctl on a SR-IOV network 
+= Configuring sysctl on a SR-IOV network
 
 You can set interface specific `sysctl` settings on virtual interfaces created by SR-IOV by adding the tuning configuration to the optional `metaPlugins` parameter of the `SriovNetwork` resource.
 
@@ -44,7 +44,7 @@ spec:
       "capabilities":{
         "mac":true
       },
-      "sysctl":{ 
+      "sysctl":{
          "net.ipv4.conf.IFNAME.accept_redirects": "1"
       }
     }
@@ -55,7 +55,7 @@ spec:
 <4> The target namespace for the `SriovNetwork` object. Only pods in the target namespace can attach to the additional network.
 <5> A configuration object for the IPAM CNI plugin as a YAML block scalar. The plugin manages IP address assignment for the attachment definition.
 <6> Optional: Set capabilities for the additional network. You can specify `"{ "ips": true }"` to enable IP address support or `"{ "mac": true }"` to enable MAC address support.
-<7> Optional: The metaPlugins parameter is used to add additional capabilities to the device. In this use case set the `type` field to `tuning`. Specify the interface-level network `sysctl` you want to set in the `sysctl` field. 
+<7> Optional: The metaPlugins parameter is used to add additional capabilities to the device. In this use case set the `type` field to `tuning`. Specify the interface-level network `sysctl` you want to set in the `sysctl` field.
 
 . Create the `SriovNetwork` resource:
 +
@@ -72,7 +72,7 @@ $ oc create -f sriov-network-interface-sysctl.yaml
 ----
 $ oc get network-attachment-definitions -n <namespace> <1>
 ----
-<1> Replace `<namespace>` with the value for `networkNamespace` that you specified in the `SriovNetwork` object. For example, `sysctl-tuning-test`. 
+<1> Replace `<namespace>` with the value for `networkNamespace` that you specified in the `SriovNetwork` object. For example, `sysctl-tuning-test`.
 +
 .Example output
 [source,terminal]
@@ -102,11 +102,11 @@ metadata:
   annotations:
     k8s.v1.cni.cncf.io/networks: |-
       [
-        { 
+        {
           "name": "onevalidflag",  <1>
           "mac": "0a:56:0a:83:04:0c", <2>
           "ips": ["10.100.100.200/24"] <3>
-       } 
+       }
       ]
 spec:
   containers:
@@ -114,21 +114,21 @@ spec:
     image: centos
     command: ["/bin/bash", "-c", "sleep INF"]
     securityContext:
-      runAsUser: 2000 
-      runAsGroup: 3000 
-      allowPrivilegeEscalation: false 
-      capabilities: 
+      runAsUser: 2000
+      runAsGroup: 3000
+      allowPrivilegeEscalation: false
+      capabilities:
         drop: ["ALL"]
   securityContext:
-    runAsNonRoot: true 
-    seccompProfile: 
+    runAsNonRoot: true
+    seccompProfile:
       type: RuntimeDefault
 ----
 <1> The name of the SR-IOV network attachment definition CR.
 <2> Optional: The MAC address for the SR-IOV device that is allocated from the resource type defined in the SR-IOV network attachment definition CR. To use this feature, you also must specify `{ "mac": true }` in the SriovNetwork object.
 <3> Optional: IP addresses for the SR-IOV device that are allocated from the resource type defined in the SR-IOV network attachment definition CR. Both IPv4 and IPv6 addresses are supported. To use this feature, you also must specify `{ "ips": true }` in the `SriovNetwork` object.
 
-. Create the `Pod` CR: 
+. Create the `Pod` CR:
 +
 [source,terminal]
 ----
@@ -161,7 +161,7 @@ $ oc rsh -n sysctl-tuning-test tunepod
 +
 [source,terminal]
 ----
-$ sysctl net.ipv4.conf.net1.accept_redirects 
+$ sysctl net.ipv4.conf.net1.accept_redirects
 ----
 +
 .Example output
diff --git a/modules/nw-configuring-clb-timeouts.adoc b/modules/nw-configuring-clb-timeouts.adoc
index 0737e2c9d6e3..c49de76a27a6 100644
--- a/modules/nw-configuring-clb-timeouts.adoc
+++ b/modules/nw-configuring-clb-timeouts.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-clb-timeouts_{context}"]
 = Configuring Classic Load Balancer timeouts
 
diff --git a/modules/nw-configuring-elb-timeouts-aws-classic.adoc b/modules/nw-configuring-elb-timeouts-aws-classic.adoc
index 33f71564a00e..fe25ffd7dfc7 100644
--- a/modules/nw-configuring-elb-timeouts-aws-classic.adoc
+++ b/modules/nw-configuring-elb-timeouts-aws-classic.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-configuring-elb-timeouts-aws-classic_{context}"]
 = Configuring Classic Load Balancer timeouts on AWS
 
diff --git a/modules/nw-configuring-high-performance-multicast-with-sriov.adoc b/modules/nw-configuring-high-performance-multicast-with-sriov.adoc
index 9db8457b3a3d..f10f04ca1735 100644
--- a/modules/nw-configuring-high-performance-multicast-with-sriov.adoc
+++ b/modules/nw-configuring-high-performance-multicast-with-sriov.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-sriov-multicast.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-using-an-sriov-interface-for-multicast_{context}"]
 = Configuring an SR-IOV interface for multicast
 
diff --git a/modules/nw-configuring-ingress-cluster-traffic-aws-networking-load-balancer.adoc b/modules/nw-configuring-ingress-cluster-traffic-aws-networking-load-balancer.adoc
index fd38c9e86b8f..6f13d20be644 100644
--- a/modules/nw-configuring-ingress-cluster-traffic-aws-networking-load-balancer.adoc
+++ b/modules/nw-configuring-ingress-cluster-traffic-aws-networking-load-balancer.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-configuring-ingress-cluster-traffic-aws-network-load-balancer_{context}"]
 = Configuring ingress cluster traffic on AWS using a Network Load Balancer
 
diff --git a/modules/nw-configuring-lb-allowed-source-ranges-migration.adoc b/modules/nw-configuring-lb-allowed-source-ranges-migration.adoc
index e21d8121bcb2..880e72f8e3f3 100644
--- a/modules/nw-configuring-lb-allowed-source-ranges-migration.adoc
+++ b/modules/nw-configuring-lb-allowed-source-ranges-migration.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer-allowed-source-ranges.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-lb-allowed-source-ranges-migration_{context}"]
 = Migrating to load balancer allowed source ranges
 
@@ -53,7 +53,7 @@ spec:
 ...
 ----
 
-. Update your cluster to {product-title} 4.13.
+. Update your cluster to {product-title} {product-version}.
 
 . Set the allowed source ranges API for the `ingresscontroller` by running the following command:
 +
diff --git a/modules/nw-configuring-lb-allowed-source-ranges.adoc b/modules/nw-configuring-lb-allowed-source-ranges.adoc
index c23cb56376ad..a07d6f45372f 100644
--- a/modules/nw-configuring-lb-allowed-source-ranges.adoc
+++ b/modules/nw-configuring-lb-allowed-source-ranges.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer-allowed-source-ranges.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-lb-allowed-source-ranges_{context}"]
 = Configuring load balancer allowed source ranges
 
diff --git a/modules/nw-configuring-route-timeouts.adoc b/modules/nw-configuring-route-timeouts.adoc
index 2a99c4cb1c69..5eb7d06b22f3 100644
--- a/modules/nw-configuring-route-timeouts.adoc
+++ b/modules/nw-configuring-route-timeouts.adoc
@@ -3,7 +3,7 @@
 // * networking/configuring-routing.adoc
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-route-timeouts_{context}"]
 = Configuring route timeouts
 
diff --git a/modules/nw-configuring-router-compression.adoc b/modules/nw-configuring-router-compression.adoc
index 7d5c4964cd6f..12b964a4270f 100644
--- a/modules/nw-configuring-router-compression.adoc
+++ b/modules/nw-configuring-router-compression.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress_operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-configuring-router-compression_{context}"]
 = Using router compression
 
diff --git a/modules/nw-control-dns-records-public-aws-with-VPC.adoc b/modules/nw-control-dns-records-public-aws-with-VPC.adoc
new file mode 100644
index 000000000000..283525c1d633
--- /dev/null
+++ b/modules/nw-control-dns-records-public-aws-with-VPC.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+// * networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-control-dns-records-public-aws-with-VPC_{context}"]
+= Creating DNS records in a different AWS Account using a shared VPC
+
+You can use the ExternalDNS Operator to create DNS records in a different AWS account using a shared Virtual Private Cloud (VPC). By using a shared VPC, an organization can connect resources from multiple projects to a common VPC network. Organizations can then use VPC sharing to use a single Route 53 instance across multiple AWS accounts.
+
+.Prerequisites
+* You have created two Amazon AWS accounts: one with a VPC and a Route 53 private hosted zone configured (Account A), and another for installing a cluster (Account B).
+* You have created an IAM Policy and IAM Role with the appropriate permissions in Account A for Account B to create DNS records in the Route 53 hosted zone of Account A.
+* You have installed a cluster in Account B into the existing VPC for Account A.
+* You have installed the ExternalDNS Operator in the cluster in Account B.
+
+.Procedure
+
+. Get the Role ARN of the IAM Role that you created to allow Account B to access Account A's Route 53 hosted zone by running the following command:
++
+[source,terminal]
+----
+$ aws --profile account-a iam get-role --role-name user-rol1 | head -1
+----
++
+.Example output
++
+[source,terminal]
+----
+ROLE	arn:aws:iam::1234567890123:role/user-rol1	2023-09-14T17:21:54+00:00	3600	/	AROA3SGB2ZRKRT5NISNJN	user-rol1
+----
+
+. Locate the private hosted zone to use with Account A's credentials by running the following command:
++
+[source,terminal]
+----
+$ aws --profile account-a route53 list-hosted-zones | grep testextdnsoperator.apacshift.support
+----
++
+.Example output
++
+[source,terminal]
+----
+HOSTEDZONES	terraform	/hostedzone/Z02355203TNN1XXXX1J6O	testextdnsoperator.apacshift.support. 5
+----
+
+. Create the `ExternalDNS` object by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF | oc create -f -
+apiVersion: externaldns.olm.openshift.io/v1beta1
+kind: ExternalDNS
+metadata:
+  name: sample-aws 
+spec:
+  domains:
+  - filterType: Include   
+    matchType: Exact   
+    name: testextdnsoperator.apacshift.support 
+  provider:
+    type: AWS
+    aws: 
+      assumeRole: 
+        arn: arn:aws:iam::12345678901234:role/user-rol1 <1>
+  source:  
+    type: OpenShiftRoute 
+    openshiftRouteOptions:
+      routerName: default 
+EOF
+----
+<1> Specify the Role ARN  to have DNS records created in Account A.
+
+. Check the records created for OpenShift Container Platform (OCP) routes by using the following command:
++
+[source,terminal]
+----
+$ aws --profile account-a route53 list-resource-record-sets --hosted-zone-id Z02355203TNN1XXXX1J6O --query "ResourceRecordSets[?Type == 'CNAME']" | grep console-openshift-console
+----
diff --git a/modules/nw-control-dns-records-public-hosted-zone-aws.adoc b/modules/nw-control-dns-records-public-hosted-zone-aws.adoc
index f38880090381..6a6596f70c28 100644
--- a/modules/nw-control-dns-records-public-hosted-zone-aws.adoc
+++ b/modules/nw-control-dns-records-public-hosted-zone-aws.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-control-dns-records-public-hosted-zone-aws_{context}"]
 = Creating DNS records on an public hosted zone for AWS by using Red Hat External DNS Operator
 
diff --git a/modules/nw-control-dns-records-public-hosted-zone-azure.adoc b/modules/nw-control-dns-records-public-hosted-zone-azure.adoc
index 930c4adbb38a..f3f1806519de 100644
--- a/modules/nw-control-dns-records-public-hosted-zone-azure.adoc
+++ b/modules/nw-control-dns-records-public-hosted-zone-azure.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/external_dns_operator/nw-creating-dns-records-on-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-control-dns-records-public-hosted-zone-azure_{context}"]
 = Creating DNS records on an public DNS zone for Azure by using Red Hat External DNS Operator
 
diff --git a/modules/nw-control-dns-records-public-hosted-zone-infoblox.adoc b/modules/nw-control-dns-records-public-hosted-zone-infoblox.adoc
index 5032b48c78bf..9eb07ceef928 100644
--- a/modules/nw-control-dns-records-public-hosted-zone-infoblox.adoc
+++ b/modules/nw-control-dns-records-public-hosted-zone-infoblox.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/external_dns_operator/nw-creating-dns-records-on-infoblox.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-control-dns-records-public-dns-zone-infoblox_{context}"]
 = Creating DNS records on a public DNS zone on Infoblox
 
diff --git a/modules/nw-control-dns-records-public-managed-zone-gcp.adoc b/modules/nw-control-dns-records-public-managed-zone-gcp.adoc
index 6dafc2d07bc1..7b9c1fcece44 100644
--- a/modules/nw-control-dns-records-public-managed-zone-gcp.adoc
+++ b/modules/nw-control-dns-records-public-managed-zone-gcp.adoc
@@ -3,7 +3,7 @@
 //
 // * networking/external_dns_operator/nw-creating-dns-records-on-gcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-control-dns-records-public-managed-zone-gcp_{context}"]
 = Creating DNS records on an public managed zone for GCP by using Red Hat External DNS Operator
 
diff --git a/modules/nw-controlling-dns-pod-placement.adoc b/modules/nw-controlling-dns-pod-placement.adoc
index 1f5545827549..7dd7f5b29dea 100644
--- a/modules/nw-controlling-dns-pod-placement.adoc
+++ b/modules/nw-controlling-dns-pod-placement.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-controlling-dns-pod-placement_{context}"]
 = Controlling DNS pod placement
 
@@ -22,7 +22,7 @@ As a cluster administrator, you can use a custom node selector to configure the
 
 . Modify the DNS Operator object named `default`:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc edit dns.operator/default
 ----
diff --git a/modules/nw-create-load-balancer-service.adoc b/modules/nw-create-load-balancer-service.adoc
index f25eb133e4a5..09facd72ce55 100644
--- a/modules/nw-create-load-balancer-service.adoc
+++ b/modules/nw-create-load-balancer-service.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/getting-traffic-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-create-load-balancer-service_{context}"]
 = Creating a load balancer service
 
@@ -11,6 +11,7 @@ Use the following procedure to create a load balancer service.
 .Prerequisites
 
 * Make sure that the project and service you want to expose exist.
+* Your cloud provider supports load balancers.
 
 .Procedure
 
diff --git a/modules/nw-creating-a-route.adoc b/modules/nw-creating-a-route.adoc
index 5e0258482de3..b7fffcc2a249 100644
--- a/modules/nw-creating-a-route.adoc
+++ b/modules/nw-creating-a-route.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-creating-a-route_{context}"]
 = Creating an HTTP-based route
 
diff --git a/modules/nw-creating-project-and-service.adoc b/modules/nw-creating-project-and-service.adoc
index f4ee611e2dac..1777ef80a4ec 100644
--- a/modules/nw-creating-project-and-service.adoc
+++ b/modules/nw-creating-project-and-service.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-creating-project-and-service_{context}"]
 = Creating a project and service
 
diff --git a/modules/nw-customize-ingress-error-pages.adoc b/modules/nw-customize-ingress-error-pages.adoc
index 77f67256250e..e047043f5ac3 100644
--- a/modules/nw-customize-ingress-error-pages.adoc
+++ b/modules/nw-customize-ingress-error-pages.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 // * networking/ingress-controller-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-customize-ingress-error-pages_{context}"]
 = Customizing HAProxy error code response pages
 
diff --git a/modules/nw-disabling-hsts.adoc b/modules/nw-disabling-hsts.adoc
index 4e1a175445fc..f2b8467b6c2a 100644
--- a/modules/nw-disabling-hsts.adoc
+++ b/modules/nw-disabling-hsts.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/configuring-routing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-disabling-hsts_{context}"]
 = Disabling HTTP Strict Transport Security per-route
 
diff --git a/modules/nw-disabling-multicast.adoc b/modules/nw-disabling-multicast.adoc
index 4e664ed33376..84588f660477 100644
--- a/modules/nw-disabling-multicast.adoc
+++ b/modules/nw-disabling-multicast.adoc
@@ -12,7 +12,7 @@ ifeval::["{context}" == "ovn-kubernetes-disabling-multicast"]
 :annotation: k8s.ovn.org/multicast-enabled-
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-disabling-multicast_{context}"]
 = Disabling multicast between pods
 
diff --git a/modules/nw-dns-cache-tuning.adoc b/modules/nw-dns-cache-tuning.adoc
index c32236b2173b..0bcd1a485879 100644
--- a/modules/nw-dns-cache-tuning.adoc
+++ b/modules/nw-dns-cache-tuning.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-cache-tuning_{context}"]
 = Tuning the CoreDNS cache
 
diff --git a/modules/nw-dns-forward.adoc b/modules/nw-dns-forward.adoc
index bd25799c0ee3..1dd367019c7c 100644
--- a/modules/nw-dns-forward.adoc
+++ b/modules/nw-dns-forward.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-forward_{context}"]
 = Using DNS forwarding
 
@@ -34,7 +34,16 @@ A DNS forwarding configuration for the default domain can have both the default
 $ oc edit dns.operator/default
 ----
 +
-This allows the Operator to create and update the config map named `dns-default` with additional server configuration blocks based on `Server`. If none of the servers have a zone that matches the query, then name resolution falls back to the upstream DNS servers.
+After you issue the previous command, the Operator creates and updates the config map named `dns-default` with additional server configuration blocks based on `Server`.
+ifdef::openshift-rosa,openshift-dedicated[]
++
+[IMPORTANT]
+====
+When specifying values for the `zones` parameter, ensure that you only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.
+====
++
+endif::[]
+If none of the servers have a zone that matches the query, then name resolution falls back to the upstream DNS servers.
 +
 .Configuring DNS forwarding
 [source,yaml]
@@ -63,14 +72,6 @@ spec:
 ----
 <1> Must comply with the `rfc6335` service name syntax.
 <2> Must conform to the definition of a subdomain in the `rfc1123` service name syntax. The cluster domain, `cluster.local`, is an invalid subdomain for the `zones` field.
-ifdef::openshift-rosa,openshift-dedicated[]
-+
-[IMPORTANT]
-====
-Only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.
-====
-+
-endif::[]
 <3> Defines the policy to select upstream resolvers. Default value is `Random`. You can also use the values `RoundRobin`, and `Sequential`.
 <4> A maximum of 15 `upstreams` is allowed per `forwardPlugin`.
 <5> Optional. You can use it to override the default policy and forward DNS resolution to the specified DNS resolvers (upstream resolvers) for the default domain. If you do not provide any upstream resolvers, the DNS name queries go to the servers in `/etc/resolv.conf`.
@@ -79,8 +80,17 @@ endif::[]
 <8> You can specify two types of `upstreams` - `SystemResolvConf` and `Network`. `SystemResolvConf` configures the upstream to use `/etc/resolv.conf` and `Network` defines a `Networkresolver`. You can specify one or both.
 <9> If the specified type is `Network`, you must provide an IP address. The `address` field must be a valid IPv4 or IPv6 address.
 <10> If the specified type is `Network`, you can optionally provide a port. The `port` field must have a value between `1` and `65535`. If you do not specify a port for the upstream, by default port 853 is tried.
+
+. Optional: When working in a highly regulated environment, you might need the ability to secure DNS traffic when forwarding requests to upstream resolvers so that you can ensure additional DNS traffic and data privacy.
+ifdef::openshift-rosa,openshift-dedicated[]
 +
-When working in a highly regulated environment, you might need the ability to secure DNS traffic when forwarding requests to upstream resolvers so that you can ensure additional DNS traffic and data privacy. Cluster administrators can configure transport layer security (TLS) for forwarded DNS queries.
+[IMPORTANT]
+====
+When specifying values for the `zones` parameter, ensure that you only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.
+====
++
+endif::[]
+Cluster administrators can configure transport layer security (TLS) for forwarded DNS queries.
 +
 .Configuring DNS forwarding with TLS
 [source,yaml]
@@ -119,14 +129,6 @@ spec:
 ----
 <1> Must comply with the `rfc6335` service name syntax.
 <2> Must conform to the definition of a subdomain in the `rfc1123` service name syntax. The cluster domain, `cluster.local`, is an invalid subdomain for the `zones` field. The cluster domain, `cluster.local`, is an invalid `subdomain` for `zones`.
-ifdef::openshift-rosa,openshift-dedicated[]
-+
-[IMPORTANT]
-====
-Only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.
-====
-+
-endif::[]
 <3> When configuring TLS for forwarded DNS queries, set the `transport` field to have the value `TLS`.
 By default, CoreDNS caches forwarded connections for 10 seconds. CoreDNS will hold a TCP connection open for those 10 seconds if no request is issued. With large clusters, ensure that your DNS server is aware that it might get many new connections to hold open because you can initiate a connection per node. Set up your DNS hierarchy accordingly to avoid performance issues.
 <4> When configuring TLS for forwarded DNS queries, this is a mandatory server name used as part of the server name indication (SNI) to validate the upstream TLS server certificate.
@@ -141,7 +143,9 @@ By default, CoreDNS caches forwarded connections for 10 seconds. CoreDNS will ho
 ====
 If `servers` is undefined or invalid, the config map only contains the default server.
 ====
-+
+
+.Verification
+
 . View the config map:
 +
 [source,terminal]
diff --git a/modules/nw-dns-loglevel.adoc b/modules/nw-dns-loglevel.adoc
index b6c6690e201f..e530c9597b87 100644
--- a/modules/nw-dns-loglevel.adoc
+++ b/modules/nw-dns-loglevel.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-loglevel_{context}"]
 = Setting the CoreDNS log level
 
diff --git a/modules/nw-dns-operator-logs.adoc b/modules/nw-dns-operator-logs.adoc
index e4eae4181953..783bd474c9ad 100644
--- a/modules/nw-dns-operator-logs.adoc
+++ b/modules/nw-dns-operator-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * dns/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-operator-logs_{context}"]
 = DNS Operator logs
 
diff --git a/modules/nw-dns-operator-managementState.adoc b/modules/nw-dns-operator-managementState.adoc
index 3d2b205442a9..5b4907318031 100644
--- a/modules/nw-dns-operator-managementState.adoc
+++ b/modules/nw-dns-operator-managementState.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-operator-managementState_{context}"]
 = Changing the DNS Operator managementState
 
diff --git a/modules/nw-dns-operator-status.adoc b/modules/nw-dns-operator-status.adoc
index afc53db18877..5f46df26dbcf 100644
--- a/modules/nw-dns-operator-status.adoc
+++ b/modules/nw-dns-operator-status.adoc
@@ -2,7 +2,7 @@
 //
 // * dns/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-operator-status_{context}"]
 = DNS Operator status
 
diff --git a/modules/nw-dns-operator.adoc b/modules/nw-dns-operator.adoc
index 402f15955c3c..258da1be7cb1 100644
--- a/modules/nw-dns-operator.adoc
+++ b/modules/nw-dns-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/dns/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-operator_{context}"]
 = DNS Operator
 
diff --git a/modules/nw-dns-operatorloglevel.adoc b/modules/nw-dns-operatorloglevel.adoc
index 59b2dc8b4e07..3942ea4ec498 100644
--- a/modules/nw-dns-operatorloglevel.adoc
+++ b/modules/nw-dns-operatorloglevel.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-operatorloglevel_{context}"]
 = Setting the CoreDNS Operator log level
 
diff --git a/modules/nw-dns-view.adoc b/modules/nw-dns-view.adoc
index 3e6643c227aa..9f543bbd0b3e 100644
--- a/modules/nw-dns-view.adoc
+++ b/modules/nw-dns-view.adoc
@@ -2,7 +2,7 @@
 //
 // * dns/dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dns-view_{context}"]
 = View the default DNS
 
diff --git a/modules/nw-dual-stack-convert-back-single-stack.adoc b/modules/nw-dual-stack-convert-back-single-stack.adoc
index 85061f3b5d4f..d14bf195b932 100644
--- a/modules/nw-dual-stack-convert-back-single-stack.adoc
+++ b/modules/nw-dual-stack-convert-back-single-stack.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dual-stack-convert-back-single-stack_{context}"]
 = Converting to a single-stack cluster network
 
diff --git a/modules/nw-dual-stack-convert.adoc b/modules/nw-dual-stack-convert.adoc
index d409d8bca5a1..083d160c9977 100644
--- a/modules/nw-dual-stack-convert.adoc
+++ b/modules/nw-dual-stack-convert.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-dual-stack-convert_{context}"]
 = Converting to a dual-stack cluster network
 
diff --git a/modules/nw-egress-ips-about.adoc b/modules/nw-egress-ips-about.adoc
index f35cd4e235ac..234de81fdd2a 100644
--- a/modules/nw-egress-ips-about.adoc
+++ b/modules/nw-egress-ips-about.adoc
@@ -48,9 +48,9 @@ Support for the egress IP address functionality on various platforms is summariz
 | Amazon Web Services (AWS) | Yes
 | Google Cloud Platform (GCP) | Yes
 | Microsoft Azure | Yes
-| {ibmzProductName} and {linuxoneProductName} | Yes
-| {ibmzProductName} and {linuxoneProductName} for {op-system-base-full} KVM | Yes
-| {ibmpowerProductName} | Yes
+| {ibm-z-name} and {ibm-linuxone-name} | Yes
+| {ibm-z-name} and {ibm-linuxone-name} for {op-system-base-full} KVM | Yes
+| {ibm-power-name} | Yes
 | Nutanix | Yes
 
 |===
@@ -134,7 +134,7 @@ On GCP, the networking model implements additional node IP addresses through IP
 
 The following capacity limits exist for IP aliasing assignment:
 
-- Per node, the maximum number of IP aliases, both IPv4 and IPv6, is 10.
+- Per node, the maximum number of IP aliases, both IPv4 and IPv6, is 100.
 - Per VPC, the maximum number of IP aliases is unspecified, but {product-title} scalability testing reveals the maximum to be approximately 15,000.
 
 For more information, see link:https://cloud.google.com/vpc/docs/quota#per_instance[Per instance] quotas and link:https://cloud.google.com/vpc/docs/alias-ip[Alias IP ranges overview].
@@ -149,6 +149,61 @@ On Azure, the following capacity limits exist for IP address assignment:
 
 For more information, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#networking-limits[Networking limits].
 
+[id="nw-egress-ips-multi-nic-considerations_{context}"]
+== Considerations for using an egress IP on additional network interfaces
+
+In {product-title}, egress IPs provide administrators a way to control network traffic. Egress IPs can be used with the `br-ex`, or primary, network interface, which is a Linux bridge interface associated with Open vSwitch, or they can be used with additional network interfaces. 
+
+You can inspect your network interface type by running the following command:
+
+[source,terminal]
+----
+$ ip -details link show
+----
+
+The primary network interface is assigned a node IP address which also contains a subnet mask. Information for this node IP address can be retrieved from the Kubernetes node object for each node within your cluster by inspecting the `k8s.ovn.org/node-primary-ifaddr` annotation. In an IPv4 cluster, this annotation is similar to the following example: `"k8s.ovn.org/node-primary-ifaddr: {"ipv4":"192.168.111.23/24"}"`.
+
+If the egress IP is not within the subnet of the primary network interface subnet, you can use an egress IP on another Linux network interface that is not of the primary network interface type. By doing so, {product-title} administrators are provided with a greater level of control over networking aspects such as routing, addressing, segmentation, and security policies. This feature provides users with the option to route workload traffic over specific network interfaces for purposes such as traffic segmentation or meeting specialized requirements.
+
+If the egress IP is not within the subnet of the primary network interface, then the selection of another network interface for egress traffic might occur if they are present on a node. 
+
+You can determine which other network interfaces might support egress IPs by inspecting the `k8s.ovn.org/host-cidrs` Kubernetes node annotation. This annotation contains the addresses and subnet mask found for the primary network interface. It also contains additional network interface addresses and subnet mask information. These addresses and subnet masks are assigned to network interfaces that use the link:https://networklessons.com/cisco/ccna-200-301/longest-prefix-match-routing[longest prefix match routing] mechanism to determine which network interface supports the egress IP. 
+
+[NOTE]
+====
+OVN-Kubernetes provides a mechanism to control and direct outbound network traffic from specific namespaces and pods. This ensures that it exits the cluster through a particular network interface and with a specific egress IP address.
+====
+
+[discrete]
+[id="nw-egress-ips-multi-nic-requirements_{context}"]
+=== Requirements for assigning an egress IP to a network interface that is not the primary network interface
+
+For users who want an egress IP and traffic to be routed over a particular interface that is not the primary network interface, the following conditions must be met:
+
+* {product-title} is installed on a bare metal cluster. This feature is disabled within cloud or hypervisor environments.
+
+* Your {product-title} pods are not configured as host-networked.
+
+* If a network interface is removed or if the IP address and subnet mask which allows the egress IP to be hosted on the interface is removed, then the egress IP is reconfigured. Consequently, it could be assigned to another node and interface.
+
+* The Egress IP must be IPv4. IPv6 is currently unsupported.
+
+* IP forwarding must be enabled for the network interface. To enable IP forwarding, you can use the `oc edit network.operator` command and edit the object like the following example:
++
+[source,yaml]
+----
+# ...
+spec:
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  defaultNetwork:
+    ovnKubernetesConfig:
+      gatewayConfig:
+        ipForwarding: Global
+# ...
+----
+
 ifdef::openshift-sdn[]
 [id="nw-egress-ips-limitations_{context}"]
 == Limitations
diff --git a/modules/nw-egress-ips-assign.adoc b/modules/nw-egress-ips-assign.adoc
index 65016d0af160..57d12f5cc746 100644
--- a/modules/nw-egress-ips-assign.adoc
+++ b/modules/nw-egress-ips-assign.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/assigning-egress-ips-ovn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-ips-assign_{context}"]
 = Assigning an egress IP address to a namespace
 
diff --git a/modules/nw-egress-ips-automatic.adoc b/modules/nw-egress-ips-automatic.adoc
index da546e003a08..38e17a6a92a0 100644
--- a/modules/nw-egress-ips-automatic.adoc
+++ b/modules/nw-egress-ips-automatic.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/assigning-egress-ips.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-ips-automatic_{context}"]
 = Configuring automatically assigned egress IP addresses for a namespace
 
diff --git a/modules/nw-egress-ips-config-object.adoc b/modules/nw-egress-ips-config-object.adoc
index 80c7b3849276..b7b30589d5bd 100644
--- a/modules/nw-egress-ips-config-object.adoc
+++ b/modules/nw-egress-ips-config-object.adoc
@@ -12,10 +12,11 @@ The following YAML describes changing the `reachabilityTotalTimeoutSeconds` from
 
 [source,yaml]
 ----
-apiVersion: k8s.ovn.org/v1
-kind: EgressIP
-  name: networks.operator.openshift.io
-  spec:
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
   clusterNetwork:
   - cidr: 10.128.0.0/14
     hostPrefix: 23
diff --git a/modules/nw-egress-ips-node.adoc b/modules/nw-egress-ips-node.adoc
index 0ca5b534f2da..e54871b65856 100644
--- a/modules/nw-egress-ips-node.adoc
+++ b/modules/nw-egress-ips-node.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-ips-node_{context}"]
 = Labeling a node to host egress IP addresses
 
diff --git a/modules/nw-egress-ips-static.adoc b/modules/nw-egress-ips-static.adoc
index e6c9abb904e0..f1e907e5f4b7 100644
--- a/modules/nw-egress-ips-static.adoc
+++ b/modules/nw-egress-ips-static.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/assigning-egress-ips.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-ips-static_{context}"]
 = Configuring manually assigned egress IP addresses for a namespace
 
diff --git a/modules/nw-egress-router-about.adoc b/modules/nw-egress-router-about.adoc
index 73489d748510..24b4af7a7451 100644
--- a/modules/nw-egress-router-about.adoc
+++ b/modules/nw-egress-router-about.adoc
@@ -18,7 +18,7 @@ ifeval::["{context}" == "using-an-egress-router"]
 :openshift-sdn:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-egress-router-about_{context}"]
 = About an egress router pod
 
@@ -39,7 +39,7 @@ The egress router image is not compatible with Amazon AWS, Azure Cloud, or any o
 
 In _redirect mode_, an egress router pod configures `iptables` rules to redirect traffic from its own IP address to one or more destination IP addresses. Client pods that need to use the reserved source IP address must be configured to access the service for the egress router rather than connecting directly to the destination IP. You can access the destination service and port from the application pod by using the `curl` command. For example:
 
-[source, terminal]
+[source,terminal]
 ----
 $ curl <router_service_IP> <port>
 ----
@@ -104,10 +104,6 @@ $ openstack port set --allowed-address \
   ip_address=<ip_address>,mac_address=<mac_address> <neutron_port_uuid>
 ----
 
-{rh-virtualization-first}::
-
-If you are using link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/administration_guide/chap-logical_networks#Explanation_of_Settings_in_the_VM_Interface_Profile_Window[{rh-virtualization}], you must select *No Network Filter* for the Virtual network interface controller (vNIC).
-
 VMware vSphere::
 
 If you are using VMware vSphere, see the link:https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-3507432E-AFEA-4B6B-B404-17A020575358.html[VMware documentation for securing vSphere standard switches]. View and change VMware vSphere default settings by selecting the host virtual switch from the vSphere Web Client.
diff --git a/modules/nw-egress-router-configmap.adoc b/modules/nw-egress-router-configmap.adoc
index c2d2d7157195..96eea697bf2c 100644
--- a/modules/nw-egress-router-configmap.adoc
+++ b/modules/nw-egress-router-configmap.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/configuring-egress-router-configmap.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-egress-router-configmap_{context}"]
 = Configuring an egress router destination mappings with a config map
 
diff --git a/modules/nw-egress-router-dns-mode.adoc b/modules/nw-egress-router-dns-mode.adoc
index c96bcda547fe..c403b86e18bf 100644
--- a/modules/nw-egress-router-dns-mode.adoc
+++ b/modules/nw-egress-router-dns-mode.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/deploying-egress-router-dns-redirection.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-router-dns-mode_{context}"]
 = Deploying an egress router pod in DNS proxy mode
 
diff --git a/modules/nw-egress-router-http-proxy-mode.adoc b/modules/nw-egress-router-http-proxy-mode.adoc
index d33192aa8231..0b55be133e97 100644
--- a/modules/nw-egress-router-http-proxy-mode.adoc
+++ b/modules/nw-egress-router-http-proxy-mode.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/deploying-egress-router-http-redirection.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-router-http-proxy-mode_{context}"]
 = Deploying an egress router pod in HTTP proxy mode
 
diff --git a/modules/nw-egress-router-redirect-mode-ovn.adoc b/modules/nw-egress-router-redirect-mode-ovn.adoc
index b369240276f7..2edd4215de1b 100644
--- a/modules/nw-egress-router-redirect-mode-ovn.adoc
+++ b/modules/nw-egress-router-redirect-mode-ovn.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/deploying-egress-router-ovn-redirection.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-router-redirect-mode-ovn_{context}"]
 = Deploying an egress router in redirect mode
 
diff --git a/modules/nw-egress-router-redirect-mode.adoc b/modules/nw-egress-router-redirect-mode.adoc
index 242aa0f6f8e2..15a51e208163 100644
--- a/modules/nw-egress-router-redirect-mode.adoc
+++ b/modules/nw-egress-router-redirect-mode.adoc
@@ -2,13 +2,13 @@
 //
 // * networking/openshift_sdn/deploying-egress-router-layer3-redirection.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egress-router-redirect-mode_{context}"]
 = Deploying an egress router pod in redirect mode
 
 In _redirect mode_, an egress router pod sets up iptables rules to redirect traffic from its own IP address to one or more destination IP addresses. Client pods that need to use the reserved source IP address must be configured to access the service for the egress router rather than connecting directly to the destination IP. You can access the destination service and port from the application pod by using the `curl` command. For example:
 
-[source, terminal]
+[source,terminal]
 ----
 $ curl <router_service_IP> <port>
 ----
diff --git a/modules/nw-egress-service-cr.adoc b/modules/nw-egress-service-cr.adoc
new file mode 100644
index 000000000000..d2e2f956b50a
--- /dev/null
+++ b/modules/nw-egress-service-cr.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="nw-egress-service-ovn-cr_{context}"]
+= Egress service custom resource
+
+Define the configuration for an egress service in an `EgressService` custom resource. The following YAML describes the fields for the configuration of an egress service:
+
+[source,yaml]
+----
+apiVersion: k8s.ovn.org/v1
+kind: EgressService
+metadata:
+  name: <egress_service_name> <1>
+  namespace: <namespace> <2>
+spec:
+  sourceIPBy: <egress_traffic_ip> <3>
+  nodeSelector: <4>
+    matchLabels:
+      node-role.kubernetes.io/<role>: ""
+  network: <egress_traffic_network> <5>
+----
+<1> Specify the name for the egress service. The name of the `EgressService` resource must match the name of the load-balancer service that you want to modify.
+<2> Specify the namespace for the egress service. The namespace for the `EgressService` must match the namespace of the load-balancer service that you want to modify. The egress service is namespace-scoped.
+<3> Specify the source IP address of egress traffic for pods behind a service. Valid values are `LoadBalancerIP` or `Network`. Use the `LoadBalancerIP` value to assign the `LoadBalancer` service ingress IP address as the source IP address for egress traffic. Specify `Network` to assign the network interface IP address as the source IP address for egress traffic.
+<4> Optional: If you use the `LoadBalancerIP` value for the `sourceIPBy` specification, a single node handles the `LoadBalancer` service traffic. Use the `nodeSelector` field to limit which node can be assigned this task. When a node is selected to handle the service traffic, OVN-Kubernetes labels the node in the following format: `egress-service.k8s.ovn.org/<svc-namespace>-<svc-name>: ""`. When the `nodeSelector` field is not specified, any node can manage the `LoadBalancer` service traffic.
+<5> Optional: Specify the routing table for egress traffic. If you do not include the `network` specification, the egress service uses the default host network.
+
+.Example egress service specification
+[source,yaml]
+----
+apiVersion: k8s.ovn.org/v1
+kind: EgressService
+metadata:
+  name: test-egress-service
+  namespace: test-namespace
+spec:
+  sourceIPBy: "LoadBalancerIP"
+  nodeSelector:
+    matchLabels:
+      vrf: "true"
+  network: "2"
+----
diff --git a/modules/nw-egress-service-ovn.adoc b/modules/nw-egress-service-ovn.adoc
new file mode 100644
index 000000000000..cd51a56189c4
--- /dev/null
+++ b/modules/nw-egress-service-ovn.adoc
@@ -0,0 +1,124 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-egress-service-ovn_{context}"]
+= Deploying an egress service
+
+You can deploy an egress service to manage egress traffic for pods behind a `LoadBalancer` service.
+
+The following example configures the egress traffic to have the same source IP address as the ingress IP address of the `LoadBalancer` service.
+
+.Prerequisites
+
+* Install the OpenShift CLI (`oc`).
+* Log in as a user with `cluster-admin` privileges.
+* You configured MetalLB `BGPPeer` resources.
+
+.Procedure
+
+. Create an `IPAddressPool` CR with the desired IP for the service:
+
+.. Create a file, such as `ip-addr-pool.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: example-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 172.19.0.100/32
+----
+
+.. Apply the configuration for the IP address pool by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f ip-addr-pool.yaml
+----
+
+. Create `Service` and `EgressService` CRs:
+
+.. Create a file, such as `service-egress-service.yaml`, with content like the following example:
++
+[source,yaml,subs="+quotes,+macros"]
+----
+apiVersion: v1
+kind: Service
+metadata:
+  name: example-service
+  namespace: example-namespace
+  annotations:
+    metallb.universe.tf/address-pool: example-pool <1>
+spec:
+  selector:
+    app: example
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: LoadBalancer
+---
+apiVersion: k8s.ovn.org/v1
+kind: EgressService
+metadata:
+  name: example-service
+  namespace: example-namespace
+spec:
+  sourceIPBy: "LoadBalancerIP" <2>
+  nodeSelector: <3>
+    matchLabels:
+      node-role.kubernetes.io/worker: ""
+----
+<1> The `LoadBalancer` service uses the IP address assigned by MetalLB from the `example-pool` IP address pool.
+<2> This example uses the `LoadBalancerIP` value to assign the ingress IP address of the `LoadBalancer` service as the source IP address of egress traffic.
+<3> When you specify the `LoadBalancerIP` value, a single node handles the `LoadBalancer` service's traffic. In this example, only nodes with the `worker` label can be selected to handle the traffic. When a node is selected, OVN-Kubernetes labels the node in the following format `egress-service.k8s.ovn.org/<svc-namespace>-<svc-name>: ""`.
++
+[NOTE]
+====
+If you use the `sourceIPBy: "LoadBalancerIP"` setting, you must specify the load-balancer node in the `BGPAdvertisement` custom resource (CR).
+====
+
+.. Apply the configuration for the service and egress service by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f service-egress-service.yaml
+----
+
+. Create a `BGPAdvertisement` CR to advertise the service:
+
+.. Create a file, such as `service-bgp-advertisement.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: example-bgp-adv
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - example-pool
+  nodeSelector:
+  - matchLabels:
+      egress-service.k8s.ovn.org/example-namespace-example-service: "" <1>
+----
+<1> In this example, the `EgressService` CR configures the source IP address for egress traffic to use the load-balancer service IP address. Therefore, you must specify the load-balancer node for return traffic to use the same return path for the traffic originating from the pod.
+
+.Verification
+
+ . Verify that you can access the application endpoint of the pods running behind the MetalLB service by running the following command:
++
+[source,terminal]
+----
+$ curl <external_ip_address>:<port_number> <1>
+----
+<1> Update the external IP address and port number to suit your application endpoint.
+
+. If you assigned the `LoadBalancer` service's ingress IP address as the source IP address for egress traffic, verify this configuration by using tools such as `tcpdump` to analyze packets received at the external client.
diff --git a/modules/nw-egressnetworkpolicy-about.adoc b/modules/nw-egressnetworkpolicy-about.adoc
index 3285d07ec9d9..43d9d8d04d42 100644
--- a/modules/nw-egressnetworkpolicy-about.adoc
+++ b/modules/nw-egressnetworkpolicy-about.adoc
@@ -96,6 +96,13 @@ Egress firewall rules do not apply to traffic that goes through routers. Any use
 An egress firewall has the following limitations:
 
 * No project can have more than one {kind} object.
+ifdef::openshift-sdn[]
++
+[IMPORTANT]
+====
+The creation of more than one {kind} object is allowed, however it should not be done. When you create more than one {kind} object, the following message is returned: `dropping all rules`. In actuality, all external traffic is dropped, which can cause security risks for your organization.
+====
+endif::openshift-sdn[]
 
 ifdef::ovn[]
 * A maximum of one {kind} object with a maximum of 8,000 rules can be defined per project.
@@ -114,7 +121,7 @@ ifdef::openshift-sdn[]
   - Projects merged by using the `oc adm pod-network join-projects` command cannot use an egress firewall in any of the joined projects.
 endif::openshift-sdn[]
 
-Violating any of these restrictions results in a broken egress firewall for the project, and might cause all external network traffic to be dropped.
+Violating any of these restrictions results in a broken egress firewall for the project. Consequently, all external network traffic is dropped, which can cause security risks for your organization.
 
 An Egress Firewall resource can be created in the `kube-node-lease`, `kube-public`, `kube-system`, `openshift` and `openshift-` projects.
 
@@ -141,9 +148,9 @@ endif::ovn[]
 
 [NOTE]
 ====
-The egress firewall always allows pods access to the external interface of the node that the pod is on for DNS resolution.
+Using DNS names in your egress firewall policy does not affect local DNS resolution through CoreDNS.
 
-If you use domain names in your egress firewall policy and your DNS resolution is not handled by a DNS server on the local node, then you must add egress firewall rules that allow access to your DNS server's IP addresses. if you are using domain names in your pods.
+However, if your egress firewall policy uses domain names, and an external DNS server handles DNS resolution for an affected pod, you must include egress firewall rules that permit access to the IP addresses of your DNS server.
 ====
 
 ifdef::ovn[]
diff --git a/modules/nw-egressnetworkpolicy-create.adoc b/modules/nw-egressnetworkpolicy-create.adoc
index c4b614187a4e..16a0c745da2c 100644
--- a/modules/nw-egressnetworkpolicy-create.adoc
+++ b/modules/nw-egressnetworkpolicy-create.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "configuring-egress-firewall-ovn"]
 :cni: OVN-Kubernetes
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-create_{context}"]
 = Creating an egress firewall policy object
 
diff --git a/modules/nw-egressnetworkpolicy-delete.adoc b/modules/nw-egressnetworkpolicy-delete.adoc
index 06c8f09efd6f..35c8f8c4c152 100644
--- a/modules/nw-egressnetworkpolicy-delete.adoc
+++ b/modules/nw-egressnetworkpolicy-delete.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "removing-egress-firewall-ovn"]
 :cni: OVN-Kubernetes
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egressnetworkpolicy-delete_{context}"]
 = Removing an {kind} object
 
diff --git a/modules/nw-egressnetworkpolicy-edit.adoc b/modules/nw-egressnetworkpolicy-edit.adoc
index 592d57846e53..95d44e0a7755 100644
--- a/modules/nw-egressnetworkpolicy-edit.adoc
+++ b/modules/nw-egressnetworkpolicy-edit.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "editing-egress-firewall-ovn"]
 :cni: OVN-Kubernetes
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egressnetworkpolicy-edit_{context}"]
 = Editing an {kind} object
 
diff --git a/modules/nw-egressnetworkpolicy-object.adoc b/modules/nw-egressnetworkpolicy-object.adoc
index 8a7960606ac4..1f9c1ad1535f 100644
--- a/modules/nw-egressnetworkpolicy-object.adoc
+++ b/modules/nw-egressnetworkpolicy-object.adoc
@@ -151,10 +151,10 @@ spec:
 
 As a cluster administrator, you can allow or deny egress traffic to nodes in your cluster by specifying a label using `nodeSelector`. Labels can be applied to one or more nodes. The following is an example with the `region=east` label:
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
-apiVersion: v1
-kind: Pod
+apiVersion: {api}
+kind: EgressFirewall
 metadata:
   name: default
 spec:
diff --git a/modules/nw-egressnetworkpolicy-view.adoc b/modules/nw-egressnetworkpolicy-view.adoc
index 7b7605f034f9..2acd7f1f3c4e 100644
--- a/modules/nw-egressnetworkpolicy-view.adoc
+++ b/modules/nw-egressnetworkpolicy-view.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "viewing-egress-firewall-ovn"]
 :cni: OVN-Kubernetes
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-egressnetworkpolicy-view_{context}"]
 = Viewing an {kind} object
 
diff --git a/modules/nw-enable-all-multicast-mode-sriov-network.adoc b/modules/nw-enable-all-multicast-mode-sriov-network.adoc
new file mode 100644
index 000000000000..dc1c8056fcc5
--- /dev/null
+++ b/modules/nw-enable-all-multicast-mode-sriov-network.adoc
@@ -0,0 +1,240 @@
+// Module included in the following assemblies:
+//
+//networking/hardware_networks/configuring-sriov-device.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="enabling-all-multicast-sriov-network_{context}"]
+= Enabling the all-multicast mode on an SR-IOV network
+
+You can enable the all-multicast mode on an SR-IOV interface by:
+
+* Adding the tuning configuration to the `metaPlugins` parameter of the `SriovNetwork` resource
+* Setting the `allmulti` field to `true` in the tuning configuration
++
+[NOTE]
+====
+Ensure that you create the virtual function (VF) with trust enabled.
+====
+
+The SR-IOV Network Operator manages additional network definitions. When you specify an additional SR-IOV network to create, the SR-IOV Network Operator creates the `NetworkAttachmentDefinition` custom resource (CR) automatically.
+
+[NOTE]
+====
+Do not edit `NetworkAttachmentDefinition` custom resources that the SR-IOV Network Operator manages. Doing so might disrupt network traffic on your additional network.
+====
+
+Enable the all-multicast mode on a SR-IOV network by following this guidance.
+
+.Prerequisites
+
+* You have installed the {product-title} CLI (oc).
+* You are logged in to the {product-title} cluster as a user with `cluster-admin` privileges.
+* You have installed the SR-IOV Network Operator.
+* You have configured an appropriate `SriovNetworkNodePolicy` object.
+
+.Procedure
+
+.  Create a YAML file with the following settings that defines a `SriovNetworkNodePolicy` object for a Mellanox ConnectX-5 device. Save the YAML file as `sriovnetpolicy-mlx.yaml`.
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+  name: sriovnetpolicy-mlx
+  namespace: openshift-sriov-network-operator
+spec:
+  deviceType: netdevice
+  nicSelector:
+    deviceID: "1017"
+    pfNames:
+      - ens8f0np0#0-9
+    rootDevices:
+      - 0000:d8:00.0
+    vendor: "15b3"
+  nodeSelector:
+    feature.node.kubernetes.io/network-sriov.capable: "true"
+  numVfs: 10
+  priority: 99
+  resourceName: resourcemlx
+----
+
+. Optional: If the SR-IOV capable cluster nodes are not already labeled, add the `SriovNetworkNodePolicy.Spec.NodeSelector` label. For more information about labeling nodes, see "Understanding how to update labels on nodes".
+
+. Create the `SriovNetworkNodePolicy` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sriovnetpolicy-mlx.yaml
+----
++
+After applying the configuration update, all the pods in the `sriov-network-operator` namespace automatically move to a `Running` status.
+
+. Create the `enable-allmulti-test` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc create namespace enable-allmulti-test
+----
+
+. Create the `SriovNetwork` custom resource (CR) for the additional SR-IOV network attachment and insert the `metaPlugins` configuration, as in the following example CR YAML, and save the file as `sriov-enable-all-multicast.yaml`.
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetwork
+metadata:
+  name: enableallmulti <1>
+  namespace: openshift-sriov-network-operator <2>
+spec:
+  resourceName: enableallmulti <3>
+  networkNamespace: enable-allmulti-test <4>
+  ipam: '{ "type": "static" }' <5>
+  capabilities: '{ "mac": true, "ips": true }' <6>
+  trust: "on" <7>
+  metaPlugins : | <8>
+    {
+      "type": "tuning",
+      "capabilities":{
+        "mac":true
+      },
+      "allmulti": true
+      }
+    }
+----
+<1> Specify a name for the object. The SR-IOV Network Operator creates a `NetworkAttachmentDefinition` object with the same name.
+<2> Specify the namespace where the SR-IOV Network Operator is installed.
+<3> Specify a value for the `spec.resourceName` parameter from the `SriovNetworkNodePolicy` object that defines the SR-IOV hardware for this additional network.
+<4> Specify the target namespace for the `SriovNetwork` object. Only pods in the target namespace can attach to the additional network.
+<5> Specify a configuration object for the IPAM CNI plugin as a YAML block scalar. The plugin manages IP address assignment for the attachment definition.
+<6> Optional: Set capabilities for the additional network. You can specify `"{ "ips": true }"` to enable IP address support or `"{ "mac": true }"` to enable MAC address support.
+<7> Specify the trust mode of the virtual function. This must be set to "on".
+<8> Add more capabilities to the device by using the `metaPlugins` parameter. In this use case, set the `type` field to `tuning`, and add the `allmulti` field and set it to `true`.
+
+. Create the `SriovNetwork` resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sriov-enable-all-multicast.yaml
+----
+
+.Verification of the `NetworkAttachmentDefinition` CR
+
+* Confirm that the SR-IOV Network Operator created the `NetworkAttachmentDefinition` CR by running the following command:
++
+[source,terminal]
+----
+$ oc get network-attachment-definitions -n <namespace> <1>
+----
+<1> Replace `<namespace>` with the value for `networkNamespace` that you specified in the `SriovNetwork` object. For this example, that is `enable-allmulti-test`.
++
+.Example output
+[source,terminal]
+----
+NAME                                  AGE
+enableallmulti                        14m
+----
++
+[NOTE]
+====
+There might be a delay before the SR-IOV Network Operator creates the CR.
+====
+
+. Display information about the SR-IOV network resources by running the following command:
++
+[source,terminal]
+----
+$ oc get sriovnetwork -n openshift-sriov-network-operator
+----
+
+.Verification of the additional SR-IOV network attachment
+
+To verify that the tuning CNI is correctly configured and that the additional SR-IOV network attachment is attached, follow these steps:
+
+. Create a `Pod` CR. Save the following sample YAML in a file named `examplepod.yaml`:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: samplepod
+  namespace: enable-allmulti-test
+  annotations:
+    k8s.v1.cni.cncf.io/networks: |-
+      [
+        {
+          "name": "enableallmulti",  <1>
+          "mac": "0a:56:0a:83:04:0c", <2>
+          "ips": ["10.100.100.200/24"] <3>
+       }
+      ]
+spec:
+  containers:
+  - name: podexample
+    image: centos
+    command: ["/bin/bash", "-c", "sleep INF"]
+    securityContext:
+      runAsUser: 2000
+      runAsGroup: 3000
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop: ["ALL"]
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+----
+<1> Specify the name of the SR-IOV network attachment definition CR.
+<2> Optional: Specify the MAC address for the SR-IOV device that is allocated from the resource type defined in the SR-IOV network attachment definition CR. To use this feature, you also must specify `{"mac": true}` in the SriovNetwork object.
+<3> Optional: Specify the IP addresses for the SR-IOV device that are allocated from the resource type defined in the SR-IOV network attachment definition CR. Both IPv4 and IPv6 addresses are supported. To use this feature, you also must specify `{ "ips": true }` in the `SriovNetwork` object.
+
+. Create the `Pod` CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f examplepod.yaml
+----
+
+. Verify that the pod is created by running the following command:
++
+[source,terminal]
+----
+$ oc get pod -n enable-allmulti-test
+----
++
+.Example output
++
+[source,terminal]
+----
+NAME       READY   STATUS    RESTARTS   AGE
+samplepod  1/1     Running   0          47s
+----
+
+. Log in to the pod by running the following command:
++
+[source,terminal]
+----
+$ oc rsh -n enable-allmulti-test samplepod
+----
+
+. List all the interfaces associated with the pod by running the following command:
++
+[source,terminal]
+----
+sh-4.4# ip link
+----
++
+.Example output
+[source,terminal]
+----
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+2: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8901 qdisc noqueue state UP mode DEFAULT group default
+    link/ether 0a:58:0a:83:00:10 brd ff:ff:ff:ff:ff:ff link-netnsid 0 <1>
+3: net1@if24: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
+    link/ether ee:9b:66:a4:ec:1d brd ff:ff:ff:ff:ff:ff link-netnsid 0 <2>
+----
++
+<1> `eth0@if22` is the primary interface
+<2> `net1@if24` is the secondary interface configured with the network-attachment-definition that supports the all-multicast mode (`ALLMULTI` flag)
diff --git a/modules/nw-enabling-a-provisioning-network-after-installation.adoc b/modules/nw-enabling-a-provisioning-network-after-installation.adoc
index e023a49b0a70..7f0b1c799c39 100644
--- a/modules/nw-enabling-a-provisioning-network-after-installation.adoc
+++ b/modules/nw-enabling-a-provisioning-network-after-installation.adoc
@@ -2,7 +2,7 @@
 //
 // ipi-install-post-installation-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-a-provisioning-network-after-installation_{context}"]
 
 = Enabling a provisioning network after installation
diff --git a/modules/nw-enabling-hsts-per-route.adoc b/modules/nw-enabling-hsts-per-route.adoc
index a804929a9bd5..2c0db08e6594 100644
--- a/modules/nw-enabling-hsts-per-route.adoc
+++ b/modules/nw-enabling-hsts-per-route.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/configuring-routing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-enabling-hsts-per-route_{context}"]
 = Enabling HTTP Strict Transport Security per-route
 
@@ -18,14 +18,14 @@ HTTP strict transport security (HSTS) is implemented in the HAProxy template and
 +
 [source,terminal]
 ----
-$ oc annotate route <route_name> -n <namespace> --overwrite=true "haproxy.router.openshift.io/hsts_header"="max-age=31536000;\ <1> 
+$ oc annotate route <route_name> -n <namespace> --overwrite=true "haproxy.router.openshift.io/hsts_header"="max-age=31536000;\ <1>
 includeSubDomains;preload"
 ----
 <1> In this example, the maximum age is set to `31536000` ms, which is approximately eight and a half hours.
 +
 [NOTE]
 ====
-In this example, the equal sign (`=`) is in quotes. This is required to properly execute the annotate command. 
+In this example, the equal sign (`=`) is in quotes. This is required to properly execute the annotate command.
 ====
 +
 .Example route configured with an annotation
diff --git a/modules/nw-enabling-multicast.adoc b/modules/nw-enabling-multicast.adoc
index 3b0fd7eb0a2b..678062e7bd0d 100644
--- a/modules/nw-enabling-multicast.adoc
+++ b/modules/nw-enabling-multicast.adoc
@@ -12,7 +12,7 @@ ifeval::["{context}" == "ovn-kubernetes-enabling-multicast"]
 :annotation: k8s.ovn.org/multicast-enabled=true
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-enabling-multicast_{context}"]
 = Enabling multicast between pods
 
diff --git a/modules/nw-enforcing-hsts-per-domain.adoc b/modules/nw-enforcing-hsts-per-domain.adoc
index 0deb2bc0eede..54d388270375 100644
--- a/modules/nw-enforcing-hsts-per-domain.adoc
+++ b/modules/nw-enforcing-hsts-per-domain.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/configuring-routing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-enforcing-hsts-per-domain_{context}"]
 = Enforcing HTTP Strict Transport Security per-domain
 
diff --git a/modules/nw-exposing-router-metrics.adoc b/modules/nw-exposing-router-metrics.adoc
index 0c2e03fb2103..86f91b6589b7 100644
--- a/modules/nw-exposing-router-metrics.adoc
+++ b/modules/nw-exposing-router-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress_operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-exposing-router-metrics_{context}"]
 = Exposing router metrics
 
diff --git a/modules/nw-exposing-service.adoc b/modules/nw-exposing-service.adoc
index 25d8ff7af9b9..d79676bc6988 100644
--- a/modules/nw-exposing-service.adoc
+++ b/modules/nw-exposing-service.adoc
@@ -6,7 +6,7 @@ ifeval::["{context}" == "configuring-ingress-cluster-traffic-nodeport"]
 :nodeport:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-exposing-service_{context}"]
 = Exposing the service by creating a route
 
diff --git a/modules/nw-external-dns-operator-configuration-parameters.adoc b/modules/nw-external-dns-operator-configuration-parameters.adoc
index 837c69723557..4b949bfac926 100644
--- a/modules/nw-external-dns-operator-configuration-parameters.adoc
+++ b/modules/nw-external-dns-operator-configuration-parameters.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/external_dns_operator/nw-configuration-parameters.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-external-dns-operator-configuration-parameters_{context}"]
 = External DNS Operator configuration parameters
 
diff --git a/modules/nw-external-dns-operator-logs.adoc b/modules/nw-external-dns-operator-logs.adoc
index 2b9baa602187..fe5d728cb282 100644
--- a/modules/nw-external-dns-operator-logs.adoc
+++ b/modules/nw-external-dns-operator-logs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/understanding-external-dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-external-dns-operator-logs_{context}"]
 = External DNS Operator logs
 
@@ -18,7 +18,7 @@ $ oc logs -n external-dns-operator deployment/external-dns-operator -c external-
 
 == External DNS Operator domain name limitations
 
-External DNS Operator uses the TXT registry, which follows the new format and adds the prefix for the TXT records. This reduces the maximum length of the domain name for the TXT records. A DNS record cannot be present without a corresponding TXT record, so the domain name of the DNS record must follow the same limit as the TXT records. For example, DNS record is `<domain-name-from-source>` and the TXT record is `external-dns-<record-type>-<domain-name-from-source>`. 
+External DNS Operator uses the TXT registry, which follows the new format and adds the prefix for the TXT records. This reduces the maximum length of the domain name for the TXT records. A DNS record cannot be present without a corresponding TXT record, so the domain name of the DNS record must follow the same limit as the TXT records. For example, DNS record is `<domain-name-from-source>` and the TXT record is `external-dns-<record-type>-<domain-name-from-source>`.
 
 The domain name of the DNS records generated by External DNS Operator has the following limitations:
 
diff --git a/modules/nw-external-dns-operator.adoc b/modules/nw-external-dns-operator.adoc
index 944dafed1667..9d95a138f7d9 100644
--- a/modules/nw-external-dns-operator.adoc
+++ b/modules/nw-external-dns-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/understanding-external-dns-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-external-dns-operator_{context}"]
 = External DNS Operator
 
@@ -28,7 +28,7 @@ install-zcvlr
 +
 [source,terminal]
 ----
-$ oc -n external-dns-operator get ip <install_plan_name> -o yaml | yq .status.phase'
+$ oc -n external-dns-operator get ip <install_plan_name> -o yaml | yq '.status.phase'
 ----
 +
 .Example output
diff --git a/modules/nw-externalip-about.adoc b/modules/nw-externalip-about.adoc
index 039f58c6344e..98aab09949db 100644
--- a/modules/nw-externalip-about.adoc
+++ b/modules/nw-externalip-about.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-externalip-about_{context}"]
 = About ExternalIP
 
diff --git a/modules/nw-externalip-configuring.adoc b/modules/nw-externalip-configuring.adoc
index 755310c6b36b..aebf02434831 100644
--- a/modules/nw-externalip-configuring.adoc
+++ b/modules/nw-externalip-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-externalip-configuring_{context}"]
 = Configure external IP address blocks for your cluster
 
diff --git a/modules/nw-gcp-installing-global-access-configuration.adoc b/modules/nw-gcp-installing-global-access-configuration.adoc
index a80654601917..bdbcc755b615 100644
--- a/modules/nw-gcp-installing-global-access-configuration.adoc
+++ b/modules/nw-gcp-installing-global-access-configuration.adoc
@@ -3,7 +3,7 @@
 // * installing/installing-gcp-vpc.adoc
 // * installing/installing-restricted-networks-gcp
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-gcp-global-access-configuration_{context}"]
 = Create an Ingress Controller with global access on GCP
 You can create an Ingress Controller that has global access to a Google Cloud Platform (GCP) cluster. Global access is only available to Ingress Controllers using internal load balancers.
diff --git a/modules/nw-how-nw-iface-selected.adoc b/modules/nw-how-nw-iface-selected.adoc
index 8ba5a4c8526c..985b4875334b 100644
--- a/modules/nw-how-nw-iface-selected.adoc
+++ b/modules/nw-how-nw-iface-selected.adoc
@@ -2,11 +2,11 @@
 //
 // * support/troubleshooting/troubleshooting-network-issues.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-how-nw-iface-selected_{context}"]
 = How the network interface is selected
 
-For installations on bare metal or with virtual machines that have more than one network interface controller (NIC), the NIC that {product-title} uses for communication with the Kubernetes API server is determined by the `nodeip-configuration.service` service unit that is run by systemd when the node boots. The `nodeip-configuration.service` selects the IP from the interface associated with the default route. 
+For installations on bare metal or with virtual machines that have more than one network interface controller (NIC), the NIC that {product-title} uses for communication with the Kubernetes API server is determined by the `nodeip-configuration.service` service unit that is run by systemd when the node boots. The `nodeip-configuration.service` selects the IP from the interface associated with the default route.
 
 After the `nodeip-configuration.service` service determines the correct NIC, the service creates the `/etc/systemd/system/kubelet.service.d/20-nodenet.conf` file. The `20-nodenet.conf` file sets the `KUBELET_NODE_IP` environment variable to the IP address that the service selected.
 
diff --git a/modules/nw-http-header-configuration.adoc b/modules/nw-http-header-configuration.adoc
new file mode 100644
index 000000000000..77ea3831ce06
--- /dev/null
+++ b/modules/nw-http-header-configuration.adoc
@@ -0,0 +1,122 @@
+// Module included in the following assemblies:
+//
+// * networking/ingress-operator.adoc
+// * networking/route-configuration.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nw-http-header-configuration_{context}"]
+= HTTP header configuration
+
+{product-title} provides different methods for working with HTTP headers. When setting or deleting headers, you can use specific fields in the Ingress Controller or an individual route to modify request and response headers. You can also set certain headers by using route annotations. The various ways of configuring headers can present challenges when working together.
+
+[NOTE]
+====
+You can only set or delete headers within an `IngressController` or `Route` CR, you cannot append them. If an HTTP header is set with a value, that value must be complete and not require appending in the future. In situations where it makes sense to append a header, such as the X-Forwarded-For header, use the `spec.httpHeaders.forwardedHeaderPolicy` field, instead of `spec.httpHeaders.actions`.
+====
+
+[id="nw-http-header-configuration-order_{context}"]
+== Order of precedence
+
+When the same HTTP header is modified both in the Ingress Controller and in a route, HAProxy prioritizes the actions in certain ways depending on whether it is a request or response header.
+
+* For HTTP response headers, actions specified in the Ingress Controller are executed after the actions specified in a route. This means that the actions specified in the Ingress Controller take precedence.
+
+* For HTTP request headers, actions specified in a route are executed after the actions specified in the Ingress Controller. This means that the actions specified in the route take precedence.
+
+For example, a cluster administrator sets the X-Frame-Options response header with the value `DENY` in the Ingress Controller using the following configuration:
+
+.Example `IngressController` spec
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+# ...
+spec:
+  httpHeaders:
+    actions:
+      response:
+      - name: X-Frame-Options
+        action:
+          type: Set
+          set:
+            value: DENY
+----
+
+A route owner sets the same response header that the cluster administrator set in the Ingress Controller, but with the value `SAMEORIGIN` using the following configuration:
+
+.Example `Route` spec
+[source,yaml]
+----
+apiVersion: route.openshift.io/v1
+kind: Route
+# ...
+spec:
+  httpHeaders:
+    actions:
+      response:
+      - name: X-Frame-Options
+        action:
+          type: Set
+          set:
+            value: SAMEORIGIN
+----
+
+When both the `IngressController` spec and `Route` spec are configuring the X-Frame-Options header, then the value set for this header at the global level in the Ingress Controller will take precedence, even if a specific route allows frames.
+
+This prioritzation occurs because the `haproxy.config` file uses the following logic, where the Ingress Controller is considered the front end and individual routes are considered the back end. The header value `DENY` applied to the front end configurations overrides the same header with the value `SAMEORIGIN` that is set in the back end:
+
+[source,text]
+----
+frontend public
+  http-response set-header X-Frame-Options 'DENY'
+
+frontend fe_sni
+  http-response set-header X-Frame-Options 'DENY'
+
+frontend fe_no_sni
+  http-response set-header X-Frame-Options 'DENY'
+
+backend be_secure:openshift-monitoring:alertmanager-main
+  http-response set-header X-Frame-Options 'SAMEORIGIN'
+----
+
+Additionally, any actions defined in either the Ingress Controller or a route override values set using route annotations.
+
+[id="nw-http-header-configuration-special-cases_{context}"]
+== Special case headers
+
+The following headers are either prevented entirely from being set or deleted, or allowed under specific circumstances:
+
+.Special case header configuration options
+[cols="5*a",options="header"]
+|===
+|Header name |Configurable using `IngressController` spec |Configurable using `Route` spec |Reason for disallowment |Configurable using another method
+
+|`proxy`
+|No
+|No
+|The `proxy` HTTP request header can be used to exploit vulnerable CGI applications by injecting the header value into the `HTTP_PROXY` environment variable. The `proxy` HTTP request header is also non-standard and prone to error during configuration.
+|No
+
+|`host`
+|No
+|Yes
+|When the `host` HTTP request header is set using the `IngressController` CR, HAProxy can fail when looking up the correct route.
+|No
+
+|`strict-transport-security`
+|No
+|No
+|The `strict-transport-security` HTTP response header is already handled using route annotations and does not need a separate implementation.
+|Yes: the `haproxy.router.openshift.io/hsts_header` route annotation
+
+|`cookie` and `set-cookie`
+|No
+|No
+|The cookies that HAProxy sets are used for session tracking to map client connections to particular back-end servers. Allowing these headers to be set could interfere with HAProxy's session affinity and restrict HAProxy's ownership of a cookie.
+|Yes:
+
+* the `haproxy.router.openshift.io/disable_cookie` route annotation
+* the `haproxy.router.openshift.io/cookie_name` route annotation
+
+|===
diff --git a/modules/nw-http2-haproxy.adoc b/modules/nw-http2-haproxy.adoc
index 997646b4f340..a2f450b3a744 100644
--- a/modules/nw-http2-haproxy.adoc
+++ b/modules/nw-http2-haproxy.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-http2-haproxy_{context}"]
 = Enabling HTTP/2 Ingress connectivity
 
diff --git a/modules/nw-infw-operator-config-object.adoc b/modules/nw-infw-operator-config-object.adoc
index f628e32d14af..3b49e5cf645c 100644
--- a/modules/nw-infw-operator-config-object.adoc
+++ b/modules/nw-infw-operator-config-object.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-infw-operator-config-object_{context}"]
 == Ingress Node Firewall configuration object
 
diff --git a/modules/nw-infw-operator-cr.adoc b/modules/nw-infw-operator-cr.adoc
index 1c884bb8a4f0..0e87fc0a4fcb 100644
--- a/modules/nw-infw-operator-cr.adoc
+++ b/modules/nw-infw-operator-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-infw-operator-cr_{context}"]
 = Ingress Node Firewall Operator
 
@@ -16,5 +16,5 @@ The Ingress Node Firewall Operator supports only stateless firewall rules.
 
 Network interface controllers (NICs) that do not support native XDP drivers will run at a lower performance.
 
-For {product-title} 4.14, you must run Ingress Node Firewall Operator on {op-system-base} 9.0 or later.
+For {product-title} 4.14 or later, you must run Ingress Node Firewall Operator on {op-system-base} 9.0 or later.
 ====
diff --git a/modules/nw-infw-operator-deploying.adoc b/modules/nw-infw-operator-deploying.adoc
index 20ea6d25f2c5..902f3c3b76bf 100644
--- a/modules/nw-infw-operator-deploying.adoc
+++ b/modules/nw-infw-operator-deploying.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-infw-operator-deploying_{context}"]
 = Deploying Ingress Node Firewall Operator
 
diff --git a/modules/nw-infw-operator-installing.adoc b/modules/nw-infw-operator-installing.adoc
index 570437bda391..2bd22f62682b 100644
--- a/modules/nw-infw-operator-installing.adoc
+++ b/modules/nw-infw-operator-installing.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-infw-operator_{context}"]
 = Installing the Ingress Node Firewall Operator
 
@@ -76,10 +76,10 @@ $ oc get ip -n openshift-ingress-node-firewall
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME            CSV                                         APPROVAL    APPROVED
-install-5cvnz   ingress-node-firewall.4.13.0-202211122336   Automatic   true
+install-5cvnz   ingress-node-firewall.{product-version}.0-202211122336   Automatic   true
 ----
 
 . To verify the version of the Operator, enter the following command:
@@ -91,10 +91,10 @@ $ oc get csv -n openshift-ingress-node-firewall
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                                        DISPLAY                          VERSION               REPLACES                                    PHASE
-ingress-node-firewall.4.13.0-202211122336   Ingress Node Firewall Operator   4.13.0-202211122336   ingress-node-firewall.4.13.0-202211102047   Succeeded
+ingress-node-firewall.{product-version}.0-202211122336   Ingress Node Firewall Operator   {product-version}.0-202211122336   ingress-node-firewall.{product-version}.0-202211102047   Succeeded
 ----
 
 [id="install-operator-web-console_{context}"]
diff --git a/modules/nw-infw-operator-rules-object.adoc b/modules/nw-infw-operator-rules-object.adoc
index fda29d25c955..a8d3fbab21ca 100644
--- a/modules/nw-infw-operator-rules-object.adoc
+++ b/modules/nw-infw-operator-rules-object.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ingress-node-firewall-operator-rules-object_{context}"]
 = Ingress Node Firewall rules object
 
@@ -83,7 +83,7 @@ spec:
   - eth0
   nodeSelector:
     matchLabels:
-      <do_node_ingress_firewall>: 'true'
+      <ingress_firewall_label_name>: <label_value> <1>
   ingress:
   - sourceCIDRs:
        - 172.16.0.0/12
@@ -110,6 +110,7 @@ spec:
           icmpType: 128 #ICMPV6 Echo request
       action: Deny
 ----
+<1> A <label_name> and a <label_value> must exist on the node and must match the `nodeselector` label and value applied to the nodes you want the `ingressfirewallconfig` CR to run on. The <label_value> can be `true` or `false`. By using `nodeSelector` labels, you can target separate groups of nodes to apply different rules to using the `ingressfirewallconfig` CR.
 
 [discrete]
 [id="nw-ingress-node-firewall-zero-trust-example-cr_{context}"]
@@ -136,10 +137,10 @@ spec:
  - eth1 <1>
  nodeSelector:
    matchLabels:
-     <do_node_ingress_firewall>: 'true'
+     <ingress_firewall_label_name>: <label_value> <2>
  ingress:
  - sourceCIDRs:
-      - 0.0.0.0/0 <2>
+      - 0.0.0.0/0 <3>
    rules:
    - order: 10
      protocolConfig:
@@ -148,8 +149,9 @@ spec:
          ports: 22
      action: Allow
    - order: 20
-     action: Deny <3>
+     action: Deny <4>
 ----
-<1> Multi-interface cluster
-<2> `0.0.0.0/0` set to match any CIDR
-<3> `action` set to `deny`
+<1> Network-interface cluster
+<2> The <label_name> and <label_value> needs to match the `nodeSelector` label and value applied to the specific nodes with which you wish to apply the `ingressfirewallconfig` CR.
+<3> `0.0.0.0/0` set to match any CIDR
+<4> `action` set to `Deny`
\ No newline at end of file
diff --git a/modules/nw-infw-operator-troubleshooting.adoc b/modules/nw-infw-operator-troubleshooting.adoc
index 5e185d6f2e10..39eae22026e5 100644
--- a/modules/nw-infw-operator-troubleshooting.adoc
+++ b/modules/nw-infw-operator-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-infw-operator-troubleshooting_{context}"]
 = Troubleshooting the Ingress Node Firewall Operator
 
diff --git a/modules/nw-infw-operator-viewing.adoc b/modules/nw-infw-operator-viewing.adoc
index 2f7faaec6fe6..6d3671c30a3e 100644
--- a/modules/nw-infw-operator-viewing.adoc
+++ b/modules/nw-infw-operator-viewing.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-node-firewall-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-infw-operator-viewing_{context}"]
 = Viewing Ingress Node Firewall Operator rules
 
diff --git a/modules/nw-ingress-configuring-application-domain.adoc b/modules/nw-ingress-configuring-application-domain.adoc
index 28014dc2daf6..9ecea63231bc 100644
--- a/modules/nw-ingress-configuring-application-domain.adoc
+++ b/modules/nw-ingress-configuring-application-domain.adoc
@@ -3,7 +3,7 @@
 // * ingress/configure-ingress-operator.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-configuring-application-domain_{context}"]
 = Specifying an alternative cluster domain using the appsDomain option
 
diff --git a/modules/nw-ingress-controller-config-tuningoptions-healthcheckinterval.adoc b/modules/nw-ingress-controller-config-tuningoptions-healthcheckinterval.adoc
index 24c909f3dbd7..a6dadd609de9 100644
--- a/modules/nw-ingress-controller-config-tuningoptions-healthcheckinterval.adoc
+++ b/modules/nw-ingress-controller-config-tuningoptions-healthcheckinterval.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-controller-config-tuningoptions-healthcheckinterval_{context}"]
 = Setting the Ingress Controller health check interval
 A cluster administrator can set the health check interval to define how long the router waits between two consecutive health checks. This value is applied globally as a default for all routes. The default value is 5 seconds.
diff --git a/modules/nw-ingress-controller-configuration-gcp-global-access.adoc b/modules/nw-ingress-controller-configuration-gcp-global-access.adoc
index 009c1c521a3a..87ad7e968abc 100644
--- a/modules/nw-ingress-controller-configuration-gcp-global-access.adoc
+++ b/modules/nw-ingress-controller-configuration-gcp-global-access.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-controller-configuration-gcp-global-access_{context}"]
 = Configuring global access for an Ingress Controller on GCP
 
diff --git a/modules/nw-ingress-controller-configuration-parameters.adoc b/modules/nw-ingress-controller-configuration-parameters.adoc
index 7f410ca4622d..9159db068533 100644
--- a/modules/nw-ingress-controller-configuration-parameters.adoc
+++ b/modules/nw-ingress-controller-configuration-parameters.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * ingress/configure-ingress-operator.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-ingress-controller-configuration-parameters_{context}"]
 = Ingress Controller configuration parameters
 
@@ -31,18 +31,31 @@ If empty, the default value is `ingress.config.openshift.io/cluster` `.spec.doma
 |`endpointPublishingStrategy`
 |`endpointPublishingStrategy` is used to publish the Ingress Controller endpoints to other networks, enable load balancer integrations, and provide access to other systems.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 On GCP, AWS, and Azure you can configure the following `endpointPublishingStrategy` fields:
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+You can configure the following `endpointPublishingStrategy` fields:
+endif::openshift-rosa,openshift-dedicated[]
 
 * `loadBalancer.scope`
 * `loadBalancer.allowedSourceRanges`
 
 If not set, the default value is based on `infrastructure.config.openshift.io/cluster` `.status.platform`:
 
+ifdef::openshift-rosa,openshift-dedicated[]
 * Amazon Web Services (AWS): `LoadBalancerService` (with External scope)
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-dedicated[]
+* Google Cloud Platform (GCP): `LoadBalancerService` (with External scope)
+endif::openshift-dedicated[]
+ifndef::openshift-rosa,openshift-dedicated[]
 * Azure: `LoadBalancerService` (with External scope)
 * Google Cloud Platform (GCP): `LoadBalancerService` (with External scope)
 * Bare metal: `NodePortService`
 * Other: `HostNetwork`
+endif::openshift-rosa,openshift-dedicated[]
 +
 [NOTE]
 ====
@@ -70,17 +83,18 @@ spec:
 +
 [NOTE]
 ====
-On {rh-openstack-first}, the `LoadBalancerService` endpoint publishing strategy is only supported if a cloud provider is configured to create health monitors. For {rh-openstack} 16.1 and 16.2, this strategy is only possible if you use the Amphora Octavia provider.
+On {rh-openstack-first}, the `LoadBalancerService` endpoint publishing strategy is only supported if a cloud provider is configured to create health monitors. For {rh-openstack} 16.2, this strategy is only possible if you use the Amphora Octavia provider.
 
 For more information, see the "Setting cloud provider options" section of the {rh-openstack} installation documentation.
 ====
-
+ifndef::openshift-rosa[]
 For most platforms, the `endpointPublishingStrategy` value can be updated. On GCP, you can configure the following `endpointPublishingStrategy` fields:
 
 * `loadBalancer.scope`
 * `loadbalancer.providerParameters.gcp.clientAccess`
 * `hostNetwork.protocol`
 * `nodePort.protocol`
+endif::openshift-rosa[]
 
 |`defaultCertificate`
 |The `defaultCertificate` value is a reference to a secret that contains the default certificate that is served by the Ingress Controller. When Routes do not specify their own certificate, `defaultCertificate` is used.
@@ -199,6 +213,12 @@ These adjustments are only applied to cleartext, edge-terminated, and re-encrypt
 
 For request headers, these adjustments are applied only for routes that have the `haproxy.router.openshift.io/h1-adjust-case=true` annotation. For response headers, these adjustments are applied to all HTTP responses. If this field is empty, no request headers are adjusted.
 
+`actions` specifies options for performing certain actions on headers. Headers cannot be set or deleted for TLS passthrough connections. The `actions` field has additional subfields `spec.httpHeader.actions.response` and `spec.httpHeader.actions.request`:
+
+* The `response` subfield specifies a list of HTTP response headers to set or delete.
+
+* The `request` subfield specifies a list of HTTP request headers to set or delete.
+
 |`httpCompression`
 |`httpCompression` defines the policy for HTTP traffic compression.
 
diff --git a/modules/nw-ingress-controller-configuration-proxy-protocol.adoc b/modules/nw-ingress-controller-configuration-proxy-protocol.adoc
index 896bfc99334d..51cf5c859671 100644
--- a/modules/nw-ingress-controller-configuration-proxy-protocol.adoc
+++ b/modules/nw-ingress-controller-configuration-proxy-protocol.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-controller-configuration-proxy-protocol_{context}"]
 = Configuring the PROXY protocol for an Ingress Controller
 
diff --git a/modules/nw-ingress-controller-status.adoc b/modules/nw-ingress-controller-status.adoc
index c2b910b9784e..1f16cbfa1f7c 100644
--- a/modules/nw-ingress-controller-status.adoc
+++ b/modules/nw-ingress-controller-status.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-controller-status_{context}"]
 = View Ingress Controller status
 
diff --git a/modules/nw-ingress-converting-http-header-case.adoc b/modules/nw-ingress-converting-http-header-case.adoc
index 287aa22802fc..393fab8df555 100644
--- a/modules/nw-ingress-converting-http-header-case.adoc
+++ b/modules/nw-ingress-converting-http-header-case.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-converting-http-header-case_{context}"]
 = Converting HTTP header case
 
diff --git a/modules/nw-ingress-creating-a-passthrough-route.adoc b/modules/nw-ingress-creating-a-passthrough-route.adoc
index ec45c3be094e..128e06ef2cd0 100644
--- a/modules/nw-ingress-creating-a-passthrough-route.adoc
+++ b/modules/nw-ingress-creating-a-passthrough-route.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/routes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-creating-a-passthrough-route_{context}"]
 = Creating a passthrough route
 
diff --git a/modules/nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate.adoc b/modules/nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate.adoc
index d4bd84a054e8..510ee2fda137 100644
--- a/modules/nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate.adoc
+++ b/modules/nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/routes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate_{context}"]
 = Creating a re-encrypt route with a custom certificate
 
diff --git a/modules/nw-ingress-creating-a-route-via-an-ingress.adoc b/modules/nw-ingress-creating-a-route-via-an-ingress.adoc
index 12546b2badd1..c731b15abbad 100644
--- a/modules/nw-ingress-creating-a-route-via-an-ingress.adoc
+++ b/modules/nw-ingress-creating-a-route-via-an-ingress.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-creating-a-route-via-an-ingress_{context}"]
 = Creating a route through an Ingress object
 
diff --git a/modules/nw-ingress-creating-an-edge-route-with-a-custom-certificate.adoc b/modules/nw-ingress-creating-an-edge-route-with-a-custom-certificate.adoc
index 660238fe0ea1..f6a9bcd82f95 100644
--- a/modules/nw-ingress-creating-an-edge-route-with-a-custom-certificate.adoc
+++ b/modules/nw-ingress-creating-an-edge-route-with-a-custom-certificate.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/routes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-creating-an-edge-route-with-a-custom-certificate_{context}"]
 = Creating an edge route with a custom certificate
 
diff --git a/modules/nw-ingress-custom-default-certificate-remove.adoc b/modules/nw-ingress-custom-default-certificate-remove.adoc
index d01aeec6a384..9e5854ff945f 100644
--- a/modules/nw-ingress-custom-default-certificate-remove.adoc
+++ b/modules/nw-ingress-custom-default-certificate-remove.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-custom-default-certificate-remove_{context}"]
 = Removing a custom default certificate
 
diff --git a/modules/nw-ingress-default-internal.adoc b/modules/nw-ingress-default-internal.adoc
index 63e8c4e84418..0df24123fdf5 100644
--- a/modules/nw-ingress-default-internal.adoc
+++ b/modules/nw-ingress-default-internal.adoc
@@ -2,17 +2,19 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-default-internal_{context}"]
 = Configuring the default Ingress Controller for your cluster to be internal
 
 You can configure the `default` Ingress Controller for your cluster to be internal by deleting and recreating it.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [WARNING]
 ====
 If your cloud provider is Microsoft Azure, you must have at least one public load balancer that points to your nodes.
 If you do not, all of your nodes will lose egress connectivity to the internet.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [IMPORTANT]
 ====
diff --git a/modules/nw-ingress-edge-route-default-certificate.adoc b/modules/nw-ingress-edge-route-default-certificate.adoc
index 196603364b24..cb78131f0ede 100644
--- a/modules/nw-ingress-edge-route-default-certificate.adoc
+++ b/modules/nw-ingress-edge-route-default-certificate.adoc
@@ -2,7 +2,7 @@
 //
 // networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-edge-route-with-default-certificate_{context}"]
 = Creating a route using the default certificate through an Ingress object
 
diff --git a/modules/nw-ingress-operator-logs.adoc b/modules/nw-ingress-operator-logs.adoc
index aac450dba5a0..3264a58ee66b 100644
--- a/modules/nw-ingress-operator-logs.adoc
+++ b/modules/nw-ingress-operator-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-operator-logs_{context}"]
 = View Ingress Controller logs
 
diff --git a/modules/nw-ingress-operator-status.adoc b/modules/nw-ingress-operator-status.adoc
index 032c28538148..13f1e8916479 100644
--- a/modules/nw-ingress-operator-status.adoc
+++ b/modules/nw-ingress-operator-status.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-operator-status_{context}"]
 = View Ingress Operator status
 
diff --git a/modules/nw-ingress-reencrypt-route-custom-cert.adoc b/modules/nw-ingress-reencrypt-route-custom-cert.adoc
index 07dd109a715c..b76816bd9c80 100644
--- a/modules/nw-ingress-reencrypt-route-custom-cert.adoc
+++ b/modules/nw-ingress-reencrypt-route-custom-cert.adoc
@@ -2,7 +2,7 @@
 //
 // networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-re-encrypt-route-with-custom-certificate_{context}"]
 = Creating a route using the destination CA certificate in the Ingress annotation
 
diff --git a/modules/nw-ingress-set-or-delete-http-headers.adoc b/modules/nw-ingress-set-or-delete-http-headers.adoc
new file mode 100644
index 000000000000..42edce0ba2de
--- /dev/null
+++ b/modules/nw-ingress-set-or-delete-http-headers.adoc
@@ -0,0 +1,60 @@
+// Module included in the following assemblies:
+//
+// * networking/ingress-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-ingress-set-or-delete-http-headers_{context}"]
+= Setting or deleting HTTP request and response headers in an Ingress Controller
+
+You can set or delete certain HTTP request and response headers for compliance purposes or other reasons. You can set or delete these headers either for all routes served by an Ingress Controller or for specific routes.
+
+For example, you might want to migrate an application running on your cluster to use mutual TLS, which requires that your application checks for an X-Forwarded-Client-Cert request header, but the {product-title} default Ingress Controller provides an X-SSL-Client-Der request header.
+
+The following procedure modifies the Ingress Controller to set the X-Forwarded-Client-Cert request header, and delete the X-SSL-Client-Der request header.
+
+.Prerequisites
+* You have installed the OpenShift CLI (`oc`).
+* You have access to an {product-title} cluster as a user with the `cluster-admin` role.
+
+.Procedure
+. Edit the Ingress Controller resource:
++
+[source,terminal]
+----
+$ oc -n openshift-ingress-operator edit ingresscontroller/default
+----
+
+. Replace the X-SSL-Client-Der HTTP request header with the X-Forwarded-Client-Cert HTTP request header:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+spec:
+  httpHeaders:
+    actions: <1>
+      request: <2>
+      - name: X-Forwarded-Client-Cert <3>
+        action:
+          type: Set <4>
+          set:
+           value: "%{+Q}[ssl_c_der,base64]" <5>
+      - name: X-SSL-Client-Der
+        action:
+          type: Delete
+----
+<1> The list of actions you want to perform on the HTTP headers.
+<2> The type of header you want to change. In this case, a request header.
+<3> The name of the header you want to change. For a list of available headers you can set or delete, see _HTTP header configuration_.
+<4> The type of action being taken on the header. This field can have the value `Set` or `Delete`.
+<5> When setting HTTP headers, you must provide a `value`. The value can be a string from a list of available directives for that header, for example `DENY`, or it can be a dynamic value that will be interpreted using HAProxy's dynamic value syntax. In this case, a dynamic value is added.
++
+[NOTE]
+====
+For setting dynamic header values for HTTP responses, allowed sample fetchers are `res.hdr` and `ssl_c_der`. For setting dynamic header values for HTTP requests, allowed sample fetchers are `req.hdr` and `ssl_c_der`. Both request and response dynamic values can use the `lower` and `base64` converters.
+====
+
+. Save the file to apply the changes.
diff --git a/modules/nw-ingress-setting-a-custom-default-certificate.adoc b/modules/nw-ingress-setting-a-custom-default-certificate.adoc
index 6202959a8ded..960976ced9d8 100644
--- a/modules/nw-ingress-setting-a-custom-default-certificate.adoc
+++ b/modules/nw-ingress-setting-a-custom-default-certificate.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-setting-a-custom-default-certificate_{context}"]
 = Setting a custom default certificate
 
diff --git a/modules/nw-ingress-setting-internal-lb.adoc b/modules/nw-ingress-setting-internal-lb.adoc
index f1b0e3a79090..6c2ff2d56be2 100644
--- a/modules/nw-ingress-setting-internal-lb.adoc
+++ b/modules/nw-ingress-setting-internal-lb.adoc
@@ -2,18 +2,20 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-setting-internal-lb_{context}"]
 = Configuring an Ingress Controller to use an internal load balancer
 
 When creating an Ingress Controller on cloud platforms, the Ingress Controller is published by a public cloud load balancer by default.
 As an administrator, you can create an Ingress Controller that uses an internal cloud load balancer.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [WARNING]
 ====
 If your cloud provider is Microsoft Azure, you must have at least one public load balancer that points to your nodes.
 If you do not, all of your nodes will lose egress connectivity to the internet.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [IMPORTANT]
 ====
diff --git a/modules/nw-ingress-setting-max-connections.adoc b/modules/nw-ingress-setting-max-connections.adoc
index 1d89fb64116a..8cc7bbd28395 100644
--- a/modules/nw-ingress-setting-max-connections.adoc
+++ b/modules/nw-ingress-setting-max-connections.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-setting-max-connections_{context}"]
 = Setting the Ingress Controller maximum connections
 A cluster administrator can set the maximum number of simultaneous connections for OpenShift router deployments. You can patch an existing Ingress Controller to increase the maximum number of connections.
diff --git a/modules/nw-ingress-setting-thread-count.adoc b/modules/nw-ingress-setting-thread-count.adoc
index a6d8f475c170..802f801592f4 100644
--- a/modules/nw-ingress-setting-thread-count.adoc
+++ b/modules/nw-ingress-setting-thread-count.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-setting-thread-count_{context}"]
 = Setting Ingress Controller thread count
 A cluster administrator can set the thread count to increase the amount of incoming connections a cluster can handle. You can patch an existing Ingress Controller to increase the amount of threads.
diff --git a/modules/nw-ingress-sharding-default.adoc b/modules/nw-ingress-sharding-default.adoc
index 67f213003d9c..4b3b22c8fa9d 100644
--- a/modules/nw-ingress-sharding-default.adoc
+++ b/modules/nw-ingress-sharding-default.adoc
@@ -3,7 +3,7 @@
 // * ingress-operator.adoc
 // * networking/ingress-sharding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-sharding-default_{context}"]
 = Sharding the default Ingress Controller
 
@@ -34,22 +34,20 @@ $ oc edit ingresscontroller -n openshift-ingress-operator default
 +
 [source,yaml]
 ----
-apiVersion: v1
-items:
-- apiVersion: operator.openshift.io/v1
-  kind: IngressController
-  metadata:
-    name: default
-    namespace: openshift-ingress-operator
-  spec:
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+spec:
   namespaceSelector:
     matchExpressions:
-    - key: type
-      operator: NotIn
-      values:
-      - finance
-      - ops
-      - dev
+      - key: type
+        operator: NotIn
+        values:
+          - finance
+          - ops
+          - dev
 ----
 
 The default Ingress Controller will no longer serve the namespaces labeled `name:finance`, `name:ops`, and `name:dev`.
diff --git a/modules/nw-ingress-sharding-dns.adoc b/modules/nw-ingress-sharding-dns.adoc
index 12f65ba26267..39799e553886 100644
--- a/modules/nw-ingress-sharding-dns.adoc
+++ b/modules/nw-ingress-sharding-dns.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-sharding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ingress-sharding-dns_{context}"]
 = Ingress sharding and DNS
 
diff --git a/modules/nw-ingress-sharding-namespace-labels.adoc b/modules/nw-ingress-sharding-namespace-labels.adoc
index f459b3837b8b..c1cbfb75913a 100644
--- a/modules/nw-ingress-sharding-namespace-labels.adoc
+++ b/modules/nw-ingress-sharding-namespace-labels.adoc
@@ -3,7 +3,7 @@
 // * configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc
 // * ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-sharding-namespace-labels_{context}"]
 = Configuring Ingress Controller sharding by using namespace labels
 
@@ -31,27 +31,20 @@ to another.
 .Example output
 [source,yaml]
 ----
-apiVersion: v1
-items:
-- apiVersion: operator.openshift.io/v1
-  kind: IngressController
-  metadata:
-    name: sharded
-    namespace: openshift-ingress-operator
-  spec:
-    domain: <apps-sharded.basedomain.example.net> <1>
-    nodePlacement:
-      nodeSelector:
-        matchLabels:
-          node-role.kubernetes.io/worker: ""
-    namespaceSelector:
-      matchLabels:
-        type: sharded
-  status: {}
-kind: List
+apiVersion: operator.openshift.io/v1
+kind: IngressController
 metadata:
-  resourceVersion: ""
-  selfLink: ""
+  name: sharded
+  namespace: openshift-ingress-operator
+spec:
+  domain: <apps-sharded.basedomain.example.net> <1>
+  nodePlacement:
+    nodeSelector:
+      matchLabels:
+        node-role.kubernetes.io/worker: ""
+  namespaceSelector:
+    matchLabels:
+      type: sharded
 ----
 <1> Specify a domain to be used by the Ingress Controller. This domain must be different from the default Ingress Controller domain.
 
diff --git a/modules/nw-ingress-sharding-route-configuration.adoc b/modules/nw-ingress-sharding-route-configuration.adoc
index 43ebe274f459..60047112bea0 100644
--- a/modules/nw-ingress-sharding-route-configuration.adoc
+++ b/modules/nw-ingress-sharding-route-configuration.adoc
@@ -3,7 +3,7 @@
 // * configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc
 // * networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-sharding-route-configuration_{context}"]
 = Creating a route for Ingress Controller sharding
 
diff --git a/modules/nw-ingress-sharding-route-labels.adoc b/modules/nw-ingress-sharding-route-labels.adoc
index 888a8b0d2598..b921750afd72 100644
--- a/modules/nw-ingress-sharding-route-labels.adoc
+++ b/modules/nw-ingress-sharding-route-labels.adoc
@@ -3,7 +3,7 @@
 // * configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-sharding-route-labels_{context}"]
 = Configuring Ingress Controller sharding by using route labels
 
@@ -26,27 +26,20 @@ to another.
 [source,terminal]
 ----
 # cat router-internal.yaml
-apiVersion: v1
-items:
-- apiVersion: operator.openshift.io/v1
-  kind: IngressController
-  metadata:
-    name: sharded
-    namespace: openshift-ingress-operator
-  spec:
-    domain: <apps-sharded.basedomain.example.net> <1>
-    nodePlacement:
-      nodeSelector:
-        matchLabels:
-          node-role.kubernetes.io/worker: ""
-    routeSelector:
-      matchLabels:
-        type: sharded
-  status: {}
-kind: List
+apiVersion: operator.openshift.io/v1
+kind: IngressController
 metadata:
-  resourceVersion: ""
-  selfLink: ""
+  name: sharded
+  namespace: openshift-ingress-operator
+spec:
+  domain: <apps-sharded.basedomain.example.net> <1>
+  nodePlacement:
+    nodeSelector:
+      matchLabels:
+        node-role.kubernetes.io/worker: ""
+  routeSelector:
+    matchLabels:
+      type: sharded
 ----
 <1> Specify a domain to be used by the Ingress Controller. This domain must be different from the default Ingress Controller domain.
 
diff --git a/modules/nw-ingress-sharding.adoc b/modules/nw-ingress-sharding.adoc
index 813aa5ff7095..b01118f59f2c 100644
--- a/modules/nw-ingress-sharding.adoc
+++ b/modules/nw-ingress-sharding.adoc
@@ -3,7 +3,7 @@
 // * ingress-operator.adoc
 // * networking/ingress-sharding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ingress-sharding_{context}"]
 = Ingress Controller sharding
 
@@ -37,19 +37,17 @@ An Ingress Controller `finops-router` is configured with the label selector `spe
 .Example YAML definition for `finops-router`
 [source,yaml]
 ----
-apiVersion: v1
-items:
-- apiVersion: operator.openshift.io/v1
-  kind: IngressController
-  metadata:
-    name: finops-router
-    namespace: openshift-ingress-operator
-  spec:
-    namespaceSelector:
-      matchLabels:
-        name:
-          - finance
-          - ops
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: finops-router
+  namespace: openshift-ingress-operator
+spec:
+  namespaceSelector:
+    matchLabels:
+      name:
+        - finance
+        - ops
 ----
 
 A second Ingress Controller `dev-router` is configured with the label selector `spec.namespaceSelector.matchLabels.name` set to `dev`:
@@ -57,17 +55,15 @@ A second Ingress Controller `dev-router` is configured with the label selector `
 .Example YAML definition for `dev-router`
 [source,yaml]
 ----
-apiVersion: v1
-items:
-- apiVersion: operator.openshift.io/v1
-  kind: IngressController
-  metadata:
-    name: dev-router
-    namespace: openshift-ingress-operator
-  spec:
-    namespaceSelector:
-      matchLabels:
-        name: dev
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: dev-router
+  namespace: openshift-ingress-operator
+spec:
+  namespaceSelector:
+    matchLabels:
+      name: dev
 ----
 
 If all application routes are in separate namespaces, each labeled with `name:finance`, `name:ops`, and `name:dev` respectively, this configuration effectively distributes your routes between the two Ingress Controllers. {product-title} routes for console, authentication, and other purposes should not be handled.
@@ -86,19 +82,17 @@ In addition to `finops-router` and `dev-router` in the example above, you also h
 .Example YAML definition for `devops-router`
 [source,yaml]
 ----
-apiVersion: v1
-items:
-- apiVersion: operator.openshift.io/v1
-  kind: IngressController
-  metadata:
-    name: devops-router
-    namespace: openshift-ingress-operator
-  spec:
-    namespaceSelector:
-      matchLabels:
-        name:
-          - dev
-          - ops
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: devops-router
+  namespace: openshift-ingress-operator
+spec:
+  namespaceSelector:
+    matchLabels:
+      name:
+        - dev
+        - ops
 ----
 The routes in the namespaces labeled `name:dev` and `name:ops` are now serviced by two different Ingress Controllers. With this configuration, you have overlapping subsets of routes.
 
diff --git a/modules/nw-ingress-view.adoc b/modules/nw-ingress-view.adoc
index 7573634821ba..24f764601c43 100644
--- a/modules/nw-ingress-view.adoc
+++ b/modules/nw-ingress-view.adoc
@@ -2,7 +2,7 @@
 //
 // * ingress/configure-ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-view_{context}"]
 = View the default Ingress Controller
 
diff --git a/modules/nw-installing-external-dns-operator.adoc b/modules/nw-installing-external-dns-operator.adoc
index 712b943b775a..9b29b4908754 100644
--- a/modules/nw-installing-external-dns-operator.adoc
+++ b/modules/nw-installing-external-dns-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/external_dns_operator/nw-installing-external-dns-operator-on-cloud-providers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-installing-external-dns-operator_{context}"]
 = Installing the External DNS Operator
 
diff --git a/modules/nw-ipfailover-configuration.adoc b/modules/nw-ipfailover-configuration.adoc
index 366ff4864b55..803c9dc50149 100644
--- a/modules/nw-ipfailover-configuration.adoc
+++ b/modules/nw-ipfailover-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ipfailover-configuration_{context}"]
 = Configuring IP failover
 
diff --git a/modules/nw-ipfailover-configuring-check-notify-scripts.adoc b/modules/nw-ipfailover-configuring-check-notify-scripts.adoc
index a234b69730fb..c24fbb30efbb 100644
--- a/modules/nw-ipfailover-configuring-check-notify-scripts.adoc
+++ b/modules/nw-ipfailover-configuring-check-notify-scripts.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ipfailover-configuring-check-notify-scripts_{context}"]
 = Configuring check and notify scripts
 
diff --git a/modules/nw-ipfailover-configuring-more-than-254.adoc b/modules/nw-ipfailover-configuring-more-than-254.adoc
index cf0617026015..02b9a993e880 100644
--- a/modules/nw-ipfailover-configuring-more-than-254.adoc
+++ b/modules/nw-ipfailover-configuring-more-than-254.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ipfailover-configuring-more-than-254_{context}"]
 = Configuring IP failover for more than 254 addresses
 
diff --git a/modules/nw-ipfailover-configuring-vrrp-preemption.adoc b/modules/nw-ipfailover-configuring-vrrp-preemption.adoc
index 992aec10681e..f478a393fa58 100644
--- a/modules/nw-ipfailover-configuring-vrrp-preemption.adoc
+++ b/modules/nw-ipfailover-configuring-vrrp-preemption.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ipfailover-configuring-vrrp-preemption_{context}"]
 = Configuring VRRP preemption
 
diff --git a/modules/nw-ipfailover-remove.adoc b/modules/nw-ipfailover-remove.adoc
index d25344a2f4bb..413e46e347cb 100644
--- a/modules/nw-ipfailover-remove.adoc
+++ b/modules/nw-ipfailover-remove.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ipfailover-remove_{context}"]
 = Removing IP failover
 
diff --git a/modules/nw-ipfailover-virtual-ip-addresses-concept.adoc b/modules/nw-ipfailover-virtual-ip-addresses-concept.adoc
index 2e86a9d792ad..221c82fc4573 100644
--- a/modules/nw-ipfailover-virtual-ip-addresses-concept.adoc
+++ b/modules/nw-ipfailover-virtual-ip-addresses-concept.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ipfailover-virtual-ip-addresses-concept_{context}"]
 = About virtual IP addresses
 
diff --git a/modules/nw-ipfailover-vrrp-ip-offset.adoc b/modules/nw-ipfailover-vrrp-ip-offset.adoc
index 81ca434896c2..6c326fb16675 100644
--- a/modules/nw-ipfailover-vrrp-ip-offset.adoc
+++ b/modules/nw-ipfailover-vrrp-ip-offset.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ipfailover.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ipfailover-vrrp-ip-offset_{context}"]
 = About VRRP ID offset
 
diff --git a/modules/nw-kube-proxy-configuring.adoc b/modules/nw-kube-proxy-configuring.adoc
index 6f2e9e650a62..f78261b44ada 100644
--- a/modules/nw-kube-proxy-configuring.adoc
+++ b/modules/nw-kube-proxy-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/configuring-kube-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-kube-proxy-configuring_{context}"]
 = Modifying the kube-proxy configuration
 
diff --git a/modules/nw-kube-proxy-sync.adoc b/modules/nw-kube-proxy-sync.adoc
index 87c4eb5f1704..f543d62e0def 100644
--- a/modules/nw-kube-proxy-sync.adoc
+++ b/modules/nw-kube-proxy-sync.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/openshift_sdn/configuring-kube-proxy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-kube-proxy-sync_{context}"]
 = About iptables rules synchronization
 
diff --git a/modules/nw-kuryr-cleanup.adoc b/modules/nw-kuryr-cleanup.adoc
deleted file mode 100644
index 0b81aa753912..000000000000
--- a/modules/nw-kuryr-cleanup.adoc
+++ /dev/null
@@ -1,289 +0,0 @@
-// Module included in the following assemblies:
-//
-// * networking/ovn_kubernetes_network_provider/migrate-from-kuryr-sdn.adoc
-
-:_content-type: PROCEDURE
-[id="nw-kuryr-cleanup_{context}"]
-= Cleaning up resources after migration
-
-After migration from the Kuryr network plugin to the OVN-Kubernetes network
-plugin, you must clean up the resources that Kuryr created previously.
-
-[NOTE]
-====
-The clean up process relies on a Python virtual environment to ensure that the package versions that you use support tags for Octavia objects. You do not need a virtual environment if you are certain that your environment uses at minimum:
-* `openstacksdk` version 0.54.0
-* `python-openstackclient` version 5.5.0
-* `python-octaviaclient` version 2.3.0 
-====
-
-.Prerequisites
-
-* You installed the {product-title} CLI (`oc`).
-* You installed a Python interpreter.
-* You installed the `openstacksdk` Python package.
-* You installed the `openstack` CLI.
-* You have access to the underlying {rh-openstack} cloud.
-* You can access the cluster as a user with the `cluster-admin` role.
-
-.Procedure
-. Create a clean-up Python virtual environment:
-.. Create a temporary directory for your environment. For example:
-+
-[source,terminal]
-----
-$ python3 -m venv /tmp/venv
-----
-+
-The virtual environment located in `/tmp/venv` directory is used in all clean up examples.
-.. Enter the virtual environment. For example:
-+
-[source,terminal]
-----
-$ source /tmp/venv/bin/activate
-----
-.. Upgrade the `pip` command in the virtual environment by running the following command:
-+
-[source,terminal]
-----
-(venv) $ pip install pip --upgrade
-----
-.. Install the required Python packages by running the following command:
-+
-[source,terminal]
-----
-(venv) $ pip install openstacksdk==0.54.0 python-openstackclient==5.5.0 python-octaviaclient==2.3.0
-----
-
-. In your terminal, set variables to cluster and Kuryr identifiers by running the following commands:
-
-.. Set the cluster ID:
-+
-[source,terminal]
-----
-(venv) $ CLUSTERID=$(oc get infrastructure.config.openshift.io cluster -o=jsonpath='{.status.infrastructureName}')
-----
-
-.. Set the cluster tag:
-+
-[source,terminal]
-----
-(venv) $ CLUSTERTAG="openshiftClusterID=${CLUSTERID}"
-----
-.. Set the router ID:
-+
-[source,terminal]
-----
-(venv) $ ROUTERID=$(oc get kuryrnetwork -A --no-headers -o custom-columns=":status.routerId"|head -n 1)
-----
-
-. Create a Bash function that removes finalizers from specified resources by running the following command:
-+
-[source,terminal]
-----
-(venv) $ function REMFIN {
-    local resource=$1
-    local finalizer=$2
-    for res in $(oc get $resource -A --template='{{range $i,$p := .items}}{{ $p.metadata.name }}|{{ $p.metadata.namespace }}{{"\n"}}{{end}}'); do
-        name=${res%%|*}
-        ns=${res##*|}
-        yaml=$(oc get -n $ns $resource $name -o yaml)
-        if echo "${yaml}" | grep -q "${finalizer}"; then
-            echo "${yaml}" | grep -v  "${finalizer}" | oc replace -n $ns $resource $name -f -
-        fi
-    done
-}
-----
-+
-The function takes two parameters: the first parameter is name of the resource, and the second parameter is the finalizer to remove.
-The named resource is removed from the cluster and its definition is replaced with copied data, excluding the specified finalizer.
-
-. To remove Kuryr finalizers from services, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN services kuryr.openstack.org/service-finalizer
-----
-
-. To remove the Kuryr `service-subnet-gateway-ip` service, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ if $(oc get -n openshift-kuryr service service-subnet-gateway-ip &>/dev/null); then
-    oc -n openshift-kuryr delete service service-subnet-gateway-ip
-fi
-----
-
-. To remove all tagged {rh-openstack} load balancers from Octavia, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ for lb in $(openstack loadbalancer list --tags $CLUSTERTAG -f value -c id); do
-    openstack loadbalancer delete --cascade $lb
-done
-----
-
-. To remove Kuryr finalizers from all `KuryrLoadBalancer` CRs, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN kuryrloadbalancers.openstack.org kuryr.openstack.org/kuryrloadbalancer-finalizers
-----
-
-. To remove the `openshift-kuryr` namespace, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ oc delete namespace openshift-kuryr
-----
-
-. To remove the Kuryr service subnet from the router, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ openstack router remove subnet $ROUTERID ${CLUSTERID}-kuryr-service-subnet
-----
-
-. To remove the Kuryr service network, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ openstack network delete ${CLUSTERID}-kuryr-service-network
-----
-
-. To remove Kuryr finalizers from all pods, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN pods kuryr.openstack.org/pod-finalizer
-----
-
-. To remove Kuryr finalizers from all `KuryrPort` CRs, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN kuryrports.openstack.org kuryr.openstack.org/kuryrport-finalizer
-----
-This command deletes the `KuryrPort` CRs.
-
-. To remove Kuryr finalizers from network policies, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN networkpolicy kuryr.openstack.org/networkpolicy-finalizer
-----
-
-. To remove Kuryr finalizers from remaining network policies, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN kuryrnetworkpolicies.openstack.org kuryr.openstack.org/networkpolicy-finalizer
-----
-
-. To remove subports that Kuryr created from trunks, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ read -ra trunks <<< $(python -c "import openstack; n = openstack.connect().network; print(' '.join([x.id for x in n.trunks(any_tags='$CLUSTERTAG')]))") && \
-i=0 && \
-for trunk in "${trunks[@]}"; do
-    i=$((i+1))
-    echo "Processing trunk $trunk, ${i}/${#trunks[@]}."
-    subports=()
-    for subport in $(python -c "import openstack; n = openstack.connect().network; print(' '.join([x['port_id'] for x in n.get_trunk('$trunk').sub_ports if '$CLUSTERTAG' in n.get_port(x['port_id']).tags]))"); do
-        subports+=("$subport");
-    done
-    args=()
-    for sub in "${subports[@]}" ; do
-        args+=("--subport $sub")
-    done
-    if [ ${#args[@]} -gt 0 ]; then
-        openstack network trunk unset ${args[*]} $trunk
-    fi
-done
-----
-
-. To retrieve all networks and subnets from `KuryrNetwork` CRs and remove ports, router interfaces and the network itself, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ mapfile -t kuryrnetworks < <(oc get kuryrnetwork -A --template='{{range $i,$p := .items}}{{ $p.status.netId }}|{{ $p.status.subnetId }}{{"\n"}}{{end}}') && \
-i=0 && \
-for kn in "${kuryrnetworks[@]}"; do
-    i=$((i+1))
-    netID=${kn%%|*}
-    subnetID=${kn##*|}
-    echo "Processing network $netID, ${i}/${#kuryrnetworks[@]}"
-    # Remove all ports from the network.
-    for port in $(python -c "import openstack; n = openstack.connect().network; print(' '.join([x.id for x in n.ports(network_id='$netID') if x.device_owner != 'network:router_interface']))"); do
-        ( openstack port delete $port ) &
-
-        # Only allow 20 jobs in parallel.
-        if [[ $(jobs -r -p | wc -l) -ge 20 ]]; then
-            wait -n
-        fi
-    done
-    wait
-
-    # Remove the subnet from the router.
-    openstack router remove subnet $ROUTERID $subnetID
-
-    # Remove the network.
-    openstack network delete $netID
-done
-----
-
-. To remove the Kuryr security group, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ openstack security group delete ${CLUSTERID}-kuryr-pods-security-group
-----
-
-. To remove all tagged subnet pools, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ for subnetpool in $(openstack subnet pool list --tags $CLUSTERTAG -f value -c ID); do
-    openstack subnet pool delete $subnetpool
-done
-----
-
-. To check that all of the networks based on `KuryrNetwork` CRs were removed, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ networks=$(oc get kuryrnetwork -A --no-headers -o custom-columns=":status.netId") && \
-for existingNet in $(openstack network list --tags $CLUSTERTAG -f value -c ID); do
-    if [[ $networks =~ $existingNet ]]; then
-        echo "Network still exists: $existingNet"
-    fi
-done
-----
-+
-If the command returns any existing networks, intestigate and remove them before you continue.
-
-. To remove security groups that are related to network policy, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ for sgid in $(openstack security group list -f value -c ID -c Description | grep 'Kuryr-Kubernetes Network Policy' | cut -f 1 -d ' '); do
-    openstack security group delete $sgid
-done
-----
-
-. To remove finalizers from `KuryrNetwork` CRs, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ REMFIN kuryrnetworks.openstack.org kuryrnetwork.finalizers.kuryr.openstack.org
-----
-
-. To remove the Kuryr router, enter the following command:
-+
-[source,terminal]
-----
-(venv) $ if $(python3 -c "import sys; import openstack; n = openstack.connect().network; r = n.get_router('$ROUTERID'); sys.exit(0) if r.description != 'Created By OpenShift Installer' else sys.exit(1)"); then
-    openstack router delete $ROUTERID
-fi
-----
diff --git a/modules/nw-kuryr-migration-about.adoc b/modules/nw-kuryr-migration-about.adoc
deleted file mode 100644
index 9f6662c3274a..000000000000
--- a/modules/nw-kuryr-migration-about.adoc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Module included in the following assemblies:
-//
-// * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
-
-:_content-type: CONCEPT
-[id="nw-kuryr-ovn-kubernetes-migration-about_{context}"]
-= Migration to the OVN-Kubernetes network provider
-
-You can manually migrate a cluster that runs on {rh-openstack-first} to the OVN-Kubernetes network provider.
-
-[IMPORTANT]
-====
-Migration to OVN-Kubernetes is a one-way process.
-During migration, your cluster will be unreachable for a brief time.
-====
-
-[id="considerations-kuryr-migrating-network-provider_{context}"]
-== Considerations when migrating to the OVN-Kubernetes network provider
-
-Kubernetes namespaces are kept by Kuryr in separate {rh-openstack} networking service (Neutron) subnets. Those subnets and the IP addresses that are assigned to individual pods are not preserved during the migration.
-
-[id="how-the-kuryr-migration-process-works_{context}"]
-== How the migration process works
-
-The following table summarizes the migration process by relating the steps that you perform with the actions that your cluster and Operators take.
-
-.The Kuryr to OVN-Kubernetes migration process
-[cols="1,1a",options="header"]
-|===
-
-|User-initiated steps|Migration activity
-
-|
-Set the `migration` field of the `Network.operator.openshift.io` custom resource (CR) named `cluster` to `OVNKubernetes`. Verify that the value of the `migration` field prints the `null` value before setting it to another value.
-|
-Cluster Network Operator (CNO):: Updates the status of the `Network.config.openshift.io` CR named `cluster` accordingly.
-Machine Config Operator (MCO):: Deploys an update to the systemd configuration that is required by OVN-Kubernetes. By default, the MCO updates a single machine per pool at a time. As a result, large clusters have longer migration times.
-
-|Update the `networkType` field of the `Network.config.openshift.io` CR.
-|
-CNO:: Performs the following actions:
-+
---
-* Destroys the Kuryr control plane pods: Kuryr CNIs and the Kuryr controller.
-* Deploys the OVN-Kubernetes control plane pods.
-* Updates the Multus objects to reflect the new network plugin.
---
-
-|
-Reboot each node in the cluster.
-|
-Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the OVN-Kubernetes cluster network.
-
-|
-Clean up remaining resources Kuryr controlled.
-|
-Cluster:: Holds {rh-openstack} resources that need to be freed, as well as {product-title} resources to configure.
-|===
diff --git a/modules/nw-kuryr-migration.adoc b/modules/nw-kuryr-migration.adoc
deleted file mode 100644
index 7f014a692da6..000000000000
--- a/modules/nw-kuryr-migration.adoc
+++ /dev/null
@@ -1,346 +0,0 @@
-// Module included in the following assemblies:
-//
-// * networking/ovn_kubernetes_network_provider/migrate-from-kuryr-sdn.adoc
-
-:_content-type: PROCEDURE
-[id="nw-kuryr-migration_{context}"]
-= Migrating to the OVN-Kubernetes network plugin
-
-As a cluster administrator, you can change the network plugin for your cluster to OVN-Kubernetes.
-
-[IMPORTANT]
-====
-During the migration, you must reboot every node in your cluster.
-Your cluster is unavailable and workloads might be interrupted.
-Perform the migration only if an interruption in service is acceptable.
-====
-
-.Prerequisites
-
-* You installed the OpenShift CLI (`oc`).
-* You have access to the cluster as a user with the `cluster-admin` role.
-* You have a recent backup of the etcd database is available.
-* You can manually reboot each node.
-* The cluster you plan to migrate is in a known good state, without any errors.
-* You installed the Python interpreter.
-* You installed the `openstacksdk` python package.
-* You installed the `openstack` CLI tool.
-* You have access to the underlying {rh-openstack} cloud.
-
-.Procedure
-
-. Back up the configuration for the cluster network by running the following command:
-+
-[source,terminal]
-----
-$ oc get Network.config.openshift.io cluster -o yaml > cluster-kuryr.yaml
-----
-
-. To set the `CLUSTERID` variable, run the following command:
-+
-[source,terminal]
-----
-$ CLUSTERID=$(oc get infrastructure.config.openshift.io cluster -o=jsonpath='{.status.infrastructureName}')
-----
-
-. To prepare all the nodes for the migration, set the `migration` field on the Cluster Network Operator configuration object by running the following command:
-+
-[source,terminal]
-----
-$ oc patch Network.operator.openshift.io cluster --type='merge' \
-  --patch '{ "spec": { "migration": { "networkType": "OVNKubernetes" } } }'
-----
-+
-[NOTE]
-====
-This step does not deploy OVN-Kubernetes immediately. Specifying the `migration` field triggers the Machine Config Operator (MCO) to apply new machine configs to all the nodes in the cluster. This prepares the cluster for the OVN-Kubernetes deployment.
-====
-
-. Optional: Customize the following settings for OVN-Kubernetes for your network infrastructure requirements:
-+
---
-* Maximum transmission unit (MTU)
-* Geneve (Generic Network Virtualization Encapsulation) overlay network port
-* OVN-Kubernetes IPv4 internal subnet
-* OVN-Kubernetes IPv6 internal subnet
---
-+
-To customize these settings, enter and customize the following command:
-+
-[source,terminal]
-----
-$ oc patch Network.operator.openshift.io cluster --type=merge \
-  --patch '{
-    "spec":{
-      "defaultNetwork":{
-        "ovnKubernetesConfig":{
-          "mtu":<mtu>,
-          "genevePort":<port>,
-          "v4InternalSubnet":"<ipv4_subnet>",
-          "v6InternalSubnet":"<ipv6_subnet>"
-    }}}}'
-----
-+
-where:
-+
---
-`mtu`::
-Specifies the MTU for the Geneve overlay network. This value is normally configured automatically, but if the nodes in your cluster do not all use the same MTU, then you must set this explicitly to `100` less than the smallest node MTU value.
-`port`::
-Specifies the UDP port for the Geneve overlay network. If a value is not specified, the default is `6081`. The port cannot be the same as the VXLAN port that is used by Kuryr. The default value for the VXLAN port is `4789`.
-`ipv4_subnet`::
-Specifies an IPv4 address range for internal use by OVN-Kubernetes. You must ensure that the IP address range does not overlap with any other subnet used by your {product-title} installation. The IP address range must be larger than the maximum number of nodes that can be added to the cluster. The default value is `100.64.0.0/16`.
-`ipv6_subnet`::
-Specifies an IPv6 address range for internal use by OVN-Kubernetes. You must ensure that the IP address range does not overlap with any other subnet used by your {product-title} installation. The IP address range must be larger than the maximum number of nodes that can be added to the cluster. The default value is `fd98::/48`.
---
-+
-If you do not need to change the default value, omit the key from the patch.
-+
-.Example patch command to update `mtu` field
-[source,terminal]
-----
-$ oc patch Network.operator.openshift.io cluster --type=merge \
-  --patch '{
-    "spec":{
-      "defaultNetwork":{
-        "ovnKubernetesConfig":{
-          "mtu":1200
-    }}}}'
-----
-
-. Check the machine config pool status by entering the following command:
-+
-[source,terminal]
-----
-$ oc get mcp
-----
-+
-While the MCO updates machines in each machine config pool, it reboots each node one by one. You must wait until all the nodes are updated before continuing.
-+
-A successfully updated node has the following status: `UPDATED=true`, `UPDATING=false`, `DEGRADED=false`.
-+
-[NOTE]
-====
-By default, the MCO updates one machine per pool at a time. Large clusters take more time to migrate than small clusters.
-====
-
-. Confirm the status of the new machine configuration on the hosts:
-
-.. To list the machine configuration state and the name of the applied machine configuration, enter the following command:
-+
-[source,terminal]
-----
-$ oc describe node | egrep "hostname|machineconfig"
-----
-+
-.Example output
-[source,terminal]
-----
-kubernetes.io/hostname=master-0
-machineconfiguration.openshift.io/currentConfig: rendered-master-c53e221d9d24e1c8bb6ee89dd3d8ad7b <2>
-machineconfiguration.openshift.io/desiredConfig: rendered-master-c53e221d9d24e1c8bb6ee89dd3d8ad7b <3>
-machineconfiguration.openshift.io/reason:
-machineconfiguration.openshift.io/state: Done
-----
-
-.. Review the output from the previous step. The following statements must be true:
-+
---
- * The value of `machineconfiguration.openshift.io/state` field is `Done`.
- * The value of the `machineconfiguration.openshift.io/currentConfig` field is equal to the value of the `machineconfiguration.openshift.io/desiredConfig` field.
---
-
-.. To confirm that the machine config is correct, enter the following command:
-+
-[source,terminal]
-----
-$ oc get machineconfig <config_name> -o yaml | grep ExecStart
-----
-+
-where:
-
-<config_name>:: Specifies the name of the machine config from the `machineconfiguration.openshift.io/currentConfig` field.
-+
-The machine config must include the following update to the systemd configuration:
-+
-.Example output
-[source,plain]
-----
-ExecStart=/usr/local/bin/configure-ovs.sh OVNKubernetes
-----
-
-.. If a node is stuck in the `NotReady` state, investigate the machine config daemon pod logs and resolve any errors:
-
-... To list the pods, enter the following command:
-+
-[source,terminal]
-----
-$ oc get pod -n openshift-machine-config-operator
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                                         READY   STATUS    RESTARTS   AGE
-machine-config-controller-75f756f89d-sjp8b   1/1     Running   0          37m
-machine-config-daemon-5cf4b                  2/2     Running   0          43h
-machine-config-daemon-7wzcd                  2/2     Running   0          43h
-machine-config-daemon-fc946                  2/2     Running   0          43h
-machine-config-daemon-g2v28                  2/2     Running   0          43h
-machine-config-daemon-gcl4f                  2/2     Running   0          43h
-machine-config-daemon-l5tnv                  2/2     Running   0          43h
-machine-config-operator-79d9c55d5-hth92      1/1     Running   0          37m
-machine-config-server-bsc8h                  1/1     Running   0          43h
-machine-config-server-hklrm                  1/1     Running   0          43h
-machine-config-server-k9rtx                  1/1     Running   0          43h
-----
-+
-The names for the config daemon pods are in the following format: `machine-config-daemon-<seq>`. The `<seq>` value is a random five character alphanumeric sequence.
-
-... Display the pod log for the first machine config daemon pod shown in the previous output by enter the following command:
-+
-[source,terminal]
-----
-$ oc logs <pod> -n openshift-machine-config-operator
-----
-+
-where:
-
-<pod>:: Specifies the name of a machine config daemon pod.
-
-... Resolve any errors in the logs shown by the output from the previous command.
-
-. To start the migration, configure the OVN-Kubernetes network plugin by using one of the following commands:
-
-** To specify the network provider without changing the cluster network IP address block, enter the following command:
-+
-[source,terminal]
-----
-$ oc patch Network.config.openshift.io cluster \
-  --type='merge' --patch '{ "spec": { "networkType": "OVNKubernetes" } }'
-----
-
-** To specify a different cluster network IP address block, enter the following command:
-+
-[source,terminal]
-----
-$ oc patch Network.config.openshift.io cluster \
-  --type='merge' --patch '{
-    "spec": {
-      "clusterNetwork": [
-        {
-          "cidr": "<cidr>",
-          "hostPrefix": "<prefix>"
-        }
-      ]
-      "networkType": "OVNKubernetes"
-    }
-  }'
-----
-+
-where:
-
-<cidr>:: Specifies a CIDR block.
-<prefix>:: Specifies a slice of the CIDR block that is apportioned to each node in your cluster.
-+
-[IMPORTANT]
-====
-You cannot change the service network address block during the migration.
-
-You cannot use any CIDR block that overlaps with the `100.64.0.0/16` CIDR block because the OVN-Kubernetes network provider uses this block internally.
-====
-
-. Verify that the Multus daemon set rollout is complete by entering the following command:
-+
-[source,terminal]
-----
-$ oc -n openshift-multus rollout status daemonset/multus
-----
-+
-The name of the Multus pods is in the form of `multus-<xxxxx>`, where `<xxxxx>` is a random sequence of letters. It might take several moments for the pods to restart.
-+
-.Example output
-[source,text]
-----
-Waiting for daemon set "multus" rollout to finish: 1 out of 6 new pods have been updated...
-...
-Waiting for daemon set "multus" rollout to finish: 5 of 6 updated pods are available...
-daemon set "multus" successfully rolled out
-----
-
-. To complete the migration, reboot each node in your cluster. For example, you can use a bash script similar to the following example. The script assumes that you can connect to each host by using `ssh` and that you have configured `sudo` to not prompt for a password:
-+
-[source,bash]
-----
-#!/bin/bash
-
-for ip in $(oc get nodes  -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}')
-do
-   echo "reboot node $ip"
-   ssh -o StrictHostKeyChecking=no core@$ip sudo shutdown -r -t 3
-done
-----
-+
-[NOTE]
-====
-If SSH access is not available, you can use the `openstack` command:
-[source,terminal]
-----
-$ for name in $(openstack server list --name ${CLUSTERID}\* -f value -c Name); do openstack server reboot $name; done
-----
-Alternatively, you might be able to to reboot each node through the management portal for
-your infrastructure provider. Otherwise, contact the appropriate authority to
-either gain access to the virtual machines through SSH or the management
-portal and OpenStack client.
-====
-
-.Verification
-. Confirm that the migration succeeded, and then remove the migration resources:
-
-.. To confirm that the network plugin is OVN-Kubernetes, enter the following command.
-+
-[source,terminal]
-----
-$ oc get network.config/cluster -o jsonpath='{.status.networkType}{"\n"}'
-----
-+
-The value of `status.networkType` must be `OVNKubernetes`.
-
-.. To confirm that the cluster nodes are in the `Ready` state, enter the following command:
-+
-[source,terminal]
-----
-$ oc get nodes
-----
-
-.. To confirm that your pods are not in an error state, enter the following command:
-+
-[source,terminal]
-----
-$ oc get pods --all-namespaces -o wide --sort-by='{.spec.nodeName}'
-----
-+
-If pods on a node are in an error state, reboot that node.
-
-.. To confirm that all of the cluster Operators are not in an abnormal state, enter the following command:
-+
-[source,terminal]
-----
-$ oc get co
-----
-+
-The status of every cluster Operator must be the following: `AVAILABLE="True"`, `PROGRESSING="False"`, `DEGRADED="False"`. If a cluster Operator is not available or degraded, check the logs for the cluster Operator for more information.
-+
-[IMPORTANT]
-====
-Do not proceed if any of the previous verification steps indicate errors.
-You might encounter pods that have a `Terminating` state due to finalizers that are removed during clean up. They are not an error indication.
-====
-+
-. If the migration completed and your cluster is in a good state, remove the migration configuration from the CNO configuration object by entering the following command:
-+
-[source,terminal]
-----
-$ oc patch Network.operator.openshift.io cluster --type='merge' \
-  --patch '{ "spec": { "migration": null } }'
-----
diff --git a/modules/nw-label-nodes-with-sriov.adoc b/modules/nw-label-nodes-with-sriov.adoc
index 09a3d176ef25..878789e0b98a 100644
--- a/modules/nw-label-nodes-with-sriov.adoc
+++ b/modules/nw-label-nodes-with-sriov.adoc
@@ -2,13 +2,13 @@
 //
 // * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-labeling-sriov-enabled-nodes_{context}"]
 = Labeling nodes with an SR-IOV enabled NIC
 
-If you want to enable SR-IOV on only SR-IOV capable nodes there are a couple of ways to do this: 
+If you want to enable SR-IOV on only SR-IOV capable nodes there are a couple of ways to do this:
 
-. Install the Node Feature Discovery (NFD) Operator. NFD detects the presence of SR-IOV enabled NICs and labels the nodes with `node.alpha.kubernetes-incubator.io/nfd-network-sriov.capable = true`. 
+. Install the Node Feature Discovery (NFD) Operator. NFD detects the presence of SR-IOV enabled NICs and labels the nodes with `node.alpha.kubernetes-incubator.io/nfd-network-sriov.capable = true`.
 
 . Examine the `SriovNetworkNodeState` CR for each node. The `interfaces` stanza includes a list of all of the SR-IOV devices discovered by the SR-IOV Network Operator on the worker node. Label each node with `feature.node.kubernetes.io/network-sriov.capable: "true"` by using the following command:
 +
@@ -19,5 +19,5 @@ $ oc label node <node_name> feature.node.kubernetes.io/network-sriov.capable="tr
 +
 [NOTE]
 ====
-You can label the nodes with whatever name you want. 
+You can label the nodes with whatever name you want.
 ====
diff --git a/modules/nw-metalLB-basic-upgrade-operator.adoc b/modules/nw-metalLB-basic-upgrade-operator.adoc
index 7f2dd5458892..740172a3e071 100644
--- a/modules/nw-metalLB-basic-upgrade-operator.adoc
+++ b/modules/nw-metalLB-basic-upgrade-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-upgrading-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="upgrading-metallb-operator_{context}"]
 = Upgrading the MetalLB Operator
@@ -59,5 +59,5 @@ $ oc get csv -n metallb-system
 [source,terminal,subs="attributes+"]
 ----
 NAME                                   DISPLAY            VERSION               REPLACES   PHASE
-metallb-operator.4.{product-version}.0-202207051316   MetalLB Operator   4.{product-version}.0-202207051316              Succeeded
+metallb-operator.{product-version}.0-202207051316   MetalLB Operator   {product-version}.0-202207051316              Succeeded
 ----
diff --git a/modules/nw-metalLB-monitor-upgrading.adoc b/modules/nw-metalLB-monitor-upgrading.adoc
index 7ae9ad826dba..52df31b1db5f 100644
--- a/modules/nw-metalLB-monitor-upgrading.adoc
+++ b/modules/nw-metalLB-monitor-upgrading.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-upgrading-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="metalLB-operator-monitoring-upgrade-status_{context}"]
 = Monitoring upgrade status
@@ -31,11 +31,11 @@ $ oc get csv
 
 . Review the output, checking the `PHASE` field. For example:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 VERSION     REPLACES                                         PHASE
-4.13.0      metallb-operator.4.13-nnnnnnnnnnnn               Installing
-4.13.0                                                       Replacing
+{product-version}.0      metallb-operator.{product-version}-nnnnnnnnnnnn               Installing
+{product-version}.0                                                       Replacing
 ----
 
 . Run `get csv` again to verify the output:
@@ -46,8 +46,8 @@ $ oc get csv
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                                 DISPLAY                      VERSION   REPLACES                            PHASE
-metallb-operator.4.13-nnnnnnnnnnnn   MetalLB   4.13.0     metallb-operator.v4.13.0   Succeeded
+metallb-operator.{product-version}-nnnnnnnnnnnn   MetalLB   {product-version}.0     metallb-operator.v{product-version}.0   Succeeded
 ----
diff --git a/modules/nw-metallb-addresspool-cr.adoc b/modules/nw-metallb-addresspool-cr.adoc
index 4a2da073278e..7452cde9f8aa 100644
--- a/modules/nw-metallb-addresspool-cr.adoc
+++ b/modules/nw-metallb-addresspool-cr.adoc
@@ -2,13 +2,13 @@
 //
 // * networking/metallb/metallb-configure-address-pools.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-metallb-ipaddresspool-cr_{context}"]
 = About the IPAddressPool custom resource
 
 [NOTE]
 ====
-The address pool custom resource definition (CRD) and API documented in "Load balancing with MetalLB" in {product-title} 4.10 can still be used in {product-version}. However, the enhanced functionality associated with advertising an IP address from an `IPAddressPool` with layer 2 protocols, or the BGP protocol, is not supported when using the `AddressPool` CRD. 
+The address pool custom resource definition (CRD) and API documented in "Load balancing with MetalLB" in {product-title} 4.10 can still be used in {product-version}. However, the enhanced functionality associated with advertising an IP address from an `IPAddressPool` with layer 2 protocols, or the BGP protocol, is not supported when using the `AddressPool` CRD.
 ====
 
 The fields for the `IPAddressPool` custom resource are described in the following tables.
@@ -48,6 +48,10 @@ Specify each range in CIDR notation or as starting and ending IP addresses separ
 Specify `false` if you want explicitly request an IP address from this pool with the `metallb.universe.tf/address-pool` annotation.
 The default value is `true`.
 
+|`spec.avoidBuggyIPs`
+|`boolean`
+|Optional: This ensures when enabled that IP addresses ending .0 and .255 are not allocated from the pool. The default value is `false`. Some older consumer network equipment mistakenly block IP addresses ending in .0 and .255.
+
 |===
 
 You can assign IP addresses from an `IPAddressPool` to services and namespaces by configuring the `spec.serviceAllocation` specification.
@@ -74,6 +78,6 @@ You can assign IP addresses from an `IPAddressPool` to services and namespaces b
 
 |`serviceSelectors`
 |`array (LabelSelector)`
-|Optional: Specifies service labels that you can assign to IP addresses from an address pool by using label selectors in a list format. 
+|Optional: Specifies service labels that you can assign to IP addresses from an address pool by using label selectors in a list format.
 
 |===
diff --git a/modules/nw-metallb-advertise-address-pool-with-bgp-advanced.adoc b/modules/nw-metallb-advertise-address-pool-with-bgp-advanced.adoc
index 9c34407fee78..3ad9f74507f5 100644
--- a/modules/nw-metallb-advertise-address-pool-with-bgp-advanced.adoc
+++ b/modules/nw-metallb-advertise-address-pool-with-bgp-advanced.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-advertise-an-advanced-address-pool-configuration-bgp_{context}"]
 = Example: Advertise an advanced address pool configuration with BGP
 
diff --git a/modules/nw-metallb-advertise-address-pool-with-bgp.adoc b/modules/nw-metallb-advertise-address-pool-with-bgp.adoc
index 28b6cb675f31..c3b832e8870c 100644
--- a/modules/nw-metallb-advertise-address-pool-with-bgp.adoc
+++ b/modules/nw-metallb-advertise-address-pool-with-bgp.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="nw-metallb-advertise-a-basic-address-pool-configuration-bgp_{context}"]
 = Example: Advertise a basic address pool configuration with BGP
diff --git a/modules/nw-metallb-advertise-ip-pools-from-node-subset.adoc b/modules/nw-metallb-advertise-ip-pools-from-node-subset.adoc
index a2516e9e9b7b..d003821353c8 100644
--- a/modules/nw-metallb-advertise-ip-pools-from-node-subset.adoc
+++ b/modules/nw-metallb-advertise-ip-pools-from-node-subset.adoc
@@ -2,18 +2,18 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="nw-metallb-advertise-ip-pools-to-node-subset_{context}"]
-= Advertising an IP address pool from a subset of nodes 
+= Advertising an IP address pool from a subset of nodes
 
-To advertise an IP address from an IP addresses pool, from a specific set of nodes only, use the `.spec.nodeSelector` specification in the BGPAdvertisement custom resource. This specification associates a pool of IP addresses with a set of nodes in the cluster. This is useful when you have nodes on different subnets in a cluster and you want to advertise an IP addresses from an address pool from a specific subnet, for example a public-facing subnet only. 
+To advertise an IP address from an IP addresses pool, from a specific set of nodes only, use the `.spec.nodeSelector` specification in the BGPAdvertisement custom resource. This specification associates a pool of IP addresses with a set of nodes in the cluster. This is useful when you have nodes on different subnets in a cluster and you want to advertise an IP addresses from an address pool from a specific subnet, for example a public-facing subnet only.
 
 .Prerequisites
 
 * Install the OpenShift CLI (`oc`).
 * Log in as a user with `cluster-admin` privileges.
- 
+
 .Procedure
 
 . Create an IP address pool by using a custom resource:
diff --git a/modules/nw-metallb-bfdprofile-cr.adoc b/modules/nw-metallb-bfdprofile-cr.adoc
index aa82d97ffe30..72603f23ac80 100644
--- a/modules/nw-metallb-bfdprofile-cr.adoc
+++ b/modules/nw-metallb-bfdprofile-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-bfd-profiles.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-metallb-bfdprofile-cr_{context}"]
 = About the BFD profile custom resource
 
diff --git a/modules/nw-metallb-bgp.adoc b/modules/nw-metallb-bgp.adoc
index a7f6450a26f5..bfd7dae1737e 100644
--- a/modules/nw-metallb-bgp.adoc
+++ b/modules/nw-metallb-bgp.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-metallb.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-metallb-bgp_{context}"]
 = MetalLB concepts for BGP mode
 
@@ -46,7 +46,7 @@ However, you can configure MetalLB to start BGP sessions with peers that belong
 
 * All the nodes with a `speaker` pod that advertises the load balancer IP address can receive traffic for the service.
 
-** If the external traffic policy for the service is set to `cluster`, all the nodes where a speaker pod is running advertise the `203.0.113.200` load balancer IP address and all the nodes with a `speaker` pod can receive traffic for the service. The host prefix is advertised to the router peer only if the external traffic policy is set to cluster. 
+** If the external traffic policy for the service is set to `cluster`, all the nodes where a speaker pod is running advertise the `203.0.113.200` load balancer IP address and all the nodes with a `speaker` pod can receive traffic for the service. The host prefix is advertised to the router peer only if the external traffic policy is set to cluster.
 
 ** If the external traffic policy for the service is set to `local`, then all the nodes where a `speaker` pod is running and at least an endpoint of the service is running can advertise the `203.0.113.200` load balancer IP address. Only those nodes can receive traffic for the service. In the preceding graphic, nodes 2 and 3 would advertise `203.0.113.200`.
 
diff --git a/modules/nw-metallb-bgpadvertisement-cr.adoc b/modules/nw-metallb-bgpadvertisement-cr.adoc
index 8cbc3366d6fb..0bfb2fd3faaa 100644
--- a/modules/nw-metallb-bgpadvertisement-cr.adoc
+++ b/modules/nw-metallb-bgpadvertisement-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-metallb-bgpadvertisement-cr_{context}"]
 = About the BGPAdvertisement custom resource
 
@@ -48,7 +48,7 @@ Well-known communities must be specified as 16-bit values:
 +
 [NOTE]
 ====
-You can also use community objects that are created along with the strings. 
+You can also use community objects that are created along with the strings.
 ====
 
 |`spec.localPref`
diff --git a/modules/nw-metallb-bgppeer-cr.adoc b/modules/nw-metallb-bgppeer-cr.adoc
index e9f69cdcc641..795eddd76a40 100644
--- a/modules/nw-metallb-bgppeer-cr.adoc
+++ b/modules/nw-metallb-bgppeer-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-bgp-peers.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-metallb-bgppeer-cr_{context}"]
 = About the BGP peer custom resource
 
diff --git a/modules/nw-metallb-community-cr.adoc b/modules/nw-metallb-community-cr.adoc
index 9ab2aa679b21..25bfa02c104f 100644
--- a/modules/nw-metallb-community-cr.adoc
+++ b/modules/nw-metallb-community-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-community-alias.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-metallb-community-cr_{context}"]
 = About the community custom resource
 
diff --git a/modules/nw-metallb-configure-address-pool.adoc b/modules/nw-metallb-configure-address-pool.adoc
index f18ea8cd3617..4a2050a7b07e 100644
--- a/modules/nw-metallb-configure-address-pool.adoc
+++ b/modules/nw-metallb-configure-address-pool.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-address-pool_{context}"]
 = Configuring an address pool
 
@@ -28,7 +28,7 @@ spec:
   - 203.0.113.1-203.0.113.10
   - 203.0.113.65-203.0.113.75
 ----
-<1> This label assigned to the `IPAddressPool` can be referenced by the `ipAddressPoolSelectors` in the `BGPAdvertisement` CRD to associate the `IPAddressPool` with the advertisement. 
+<1> This label assigned to the `IPAddressPool` can be referenced by the `ipAddressPoolSelectors` in the `BGPAdvertisement` CRD to associate the `IPAddressPool` with the advertisement.
 
 . Apply the configuration for the IP address pool:
 +
diff --git a/modules/nw-metallb-configure-bfdprofle.adoc b/modules/nw-metallb-configure-bfdprofle.adoc
index 6421eaf4402f..32af2e41277c 100644
--- a/modules/nw-metallb-configure-bfdprofle.adoc
+++ b/modules/nw-metallb-configure-bfdprofle.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-bfd-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-bfdprofile_{context}"]
 = Configuring a BFD profile
 
diff --git a/modules/nw-metallb-configure-bgp-advertisement-advanced.adoc b/modules/nw-metallb-configure-bgp-advertisement-advanced.adoc
index 5855fedb6b05..96567bffc9d4 100644
--- a/modules/nw-metallb-configure-bgp-advertisement-advanced.adoc
+++ b/modules/nw-metallb-configure-bgp-advertisement-advanced.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-metallb-configure-BGP-advertisement-advanced-use-case_{context}"]
 = Configuring MetalLB with a BGP advertisement and an advanced use case
 
diff --git a/modules/nw-metallb-configure-bgp-advertisement.adoc b/modules/nw-metallb-configure-bgp-advertisement.adoc
index 4b9a49e2d642..c9663bd56b69 100644
--- a/modules/nw-metallb-configure-bgp-advertisement.adoc
+++ b/modules/nw-metallb-configure-bgp-advertisement.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-metallb-configure-BGP-advertisement-basic-use-case_{context}"]
 = Configuring MetalLB with a BGP advertisement and a basic use case
 
diff --git a/modules/nw-metallb-configure-bgppeer.adoc b/modules/nw-metallb-configure-bgppeer.adoc
index 54c334d5d94b..7f85ec7d6acd 100644
--- a/modules/nw-metallb-configure-bgppeer.adoc
+++ b/modules/nw-metallb-configure-bgppeer.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-bgp-peers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-bgppeer_{context}"]
 = Configuring a BGP peer
 
diff --git a/modules/nw-metallb-configure-community-bgp-advertisement.adoc b/modules/nw-metallb-configure-community-bgp-advertisement.adoc
index 839c0904dfd3..28343d1e0f32 100644
--- a/modules/nw-metallb-configure-community-bgp-advertisement.adoc
+++ b/modules/nw-metallb-configure-community-bgp-advertisement.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-community-alias.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-BGP-advertisement-community-alias_{context}"]
 = Configuring MetalLB with a BGP advertisement and community alias
 
diff --git a/modules/nw-metallb-configure-l2-advertisement-interface.adoc b/modules/nw-metallb-configure-l2-advertisement-interface.adoc
index 99b995dba647..74f21a5843f5 100644
--- a/modules/nw-metallb-configure-l2-advertisement-interface.adoc
+++ b/modules/nw-metallb-configure-l2-advertisement-interface.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-with-L2-advertisement-interface_{context}"]
 = Configuring MetalLB with an L2 advertisement for selected interfaces
 
diff --git a/modules/nw-metallb-configure-l2-advertisement-label.adoc b/modules/nw-metallb-configure-l2-advertisement-label.adoc
index be83f5fefc95..b9ba2bb0261e 100644
--- a/modules/nw-metallb-configure-l2-advertisement-label.adoc
+++ b/modules/nw-metallb-configure-l2-advertisement-label.adoc
@@ -2,13 +2,13 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-with-L2-advertisement-label_{context}"]
 = Configuring MetalLB with a L2 advertisement and label
 
-The `ipAddressPoolSelectors` field in the `BGPAdvertisement` and `L2Advertisement` custom resource definitions is used to associate the `IPAddressPool` to the advertisement based on the label assigned to the `IPAddressPool` instead of the name itself. 
+The `ipAddressPoolSelectors` field in the `BGPAdvertisement` and `L2Advertisement` custom resource definitions is used to associate the `IPAddressPool` to the advertisement based on the label assigned to the `IPAddressPool` instead of the name itself.
 
-This example shows how to configure MetalLB so that the `IPAddressPool` is advertised with the L2 protocol by configuring the `ipAddressPoolSelectors` field. 
+This example shows how to configure MetalLB so that the `IPAddressPool` is advertised with the L2 protocol by configuring the `ipAddressPoolSelectors` field.
 
 .Prerequisites
 
diff --git a/modules/nw-metallb-configure-l2-advertisement.adoc b/modules/nw-metallb-configure-l2-advertisement.adoc
index 973a1e509f6d..a363050b982c 100644
--- a/modules/nw-metallb-configure-l2-advertisement.adoc
+++ b/modules/nw-metallb-configure-l2-advertisement.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-with-L2-advertisement_{context}"]
 = Configuring MetalLB with an L2 advertisement
 
diff --git a/modules/nw-metallb-configure-return-traffic-proc.adoc b/modules/nw-metallb-configure-return-traffic-proc.adoc
new file mode 100644
index 000000000000..51b53195940b
--- /dev/null
+++ b/modules/nw-metallb-configure-return-traffic-proc.adoc
@@ -0,0 +1,203 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-metallb-configure-return-traffic-proc_{context}"]
+= Configuring symmetric routing by using VRFs with MetalLB
+
+You can configure symmetric network routing for applications behind a MetalLB service that require the same ingress and egress network paths.
+
+This example associates a VRF routing table with MetalLB and an egress service to enable symmetric routing for ingress and egress traffic for pods behind a `LoadBalancer` service.
+
+[NOTE]
+====
+* If you use the `sourceIPBy: "LoadBalancerIP"` setting in the `EgressService` CR, you must specify the load-balancer node in the `BGPAdvertisement` custom resource (CR).
+
+* You can use the `sourceIPBy: "Network"` setting on clusters that use OVN-Kubernetes configured with the `gatewayConfig.routingViaHost` specification set to `true` only. Additionally, if you use the `sourceIPBy: "Network"` setting, you must schedule the application workload on nodes configured with the network VRF instance.
+====
+
+.Prerequisites
+
+* Install the OpenShift CLI (`oc`).
+* Log in as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Create a `NodeNetworkConfigurationPolicy` CR to define the VRF instance:
+
+.. Create a file, such as `node-network-vrf.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: vrfpolicy <1>
+spec:
+  nodeSelector:
+    vrf: "true" <2>
+  maxUnavailable: 3
+  desiredState:
+    interfaces:
+      - name: ens4vrf <3>
+        type: vrf <4>
+        state: up
+        vrf:
+          port:
+            - ens4 <5>
+          route-table-id: 2 <6>
+    routes: <7>
+      config:
+        - destination: 0.0.0.0/0
+          metric: 150
+          next-hop-address: 192.168.130.1
+          next-hop-interface: ens4
+          table-id: 2
+    route-rules: <8>
+      config:
+        - ip-to: 172.30.0.0/16
+          priority: 998
+          route-table: 254
+        - ip-to: 10.132.0.0/14
+          priority: 998
+          route-table: 254
+----
+<1> The name of the policy.
+<2> This example applies the policy to all nodes with the label `vrf:true`.
+<3> The name of the interface.
+<4> The type of interface. This example creates a VRF instance.
+<5> The node interface that the VRF attaches to.
+<6> The name of the route table ID for the VRF.
+<7> Defines the configuration for network routes. The `next-hop-address` field defines the IP address of the next hop for the route. The `next-hop-interface` field defines the outgoing interface for the route. In this example, the VRF routing table is `2`, which references the ID that you define in the `EgressService` CR.
+<8> Defines additional route rules. The `ip-to` fields must match the `Cluster Network` CIDR and `Service Network` CIDR. You can view the values for these CIDR address specifications by running the following command: `oc describe network.config/cluster`.
+
+.. Apply the policy by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f node-network-vrf.yaml
+----
+
+. Create a `BGPPeer` custom resource (CR):
+
+.. Create a file, such as `frr-via-vrf.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta2
+kind: BGPPeer
+metadata:
+  name: frrviavrf
+  namespace: metallb-system
+spec:
+  myASN: 100
+  peerASN: 200
+  peerAddress: 192.168.130.1
+  vrf: ens4vrf <1>
+----
+<1> Specifies the VRF instance to associate with the BGP peer. MetalLB can advertise services and make routing decisions based on the routing information in the VRF.
+
+.. Apply the configuration for the BGP peer by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f frr-via-vrf.yaml
+----
+
+. Create an `IPAddressPool` CR:
+
+.. Create a file, such as `first-pool.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: first-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 192.169.10.0/32
+----
+
+.. Apply the configuration for the IP address pool by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f first-pool.yaml
+----
+
+. Create a `BGPAdvertisement` CR:
+
+.. Create a file, such as `first-adv.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: first-adv
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - first-pool
+  peers:
+    - frrviavrf <1>
+  nodeSelectors:
+    - matchLabels:
+        egress-service.k8s.ovn.org/test-server1: "" <2>
+----
+<1> In this example, MetalLB advertises a range of IP addresses from the `first-pool` IP address pool to the `frrviavrf` BGP peer.
+<2> In this example, the `EgressService` CR configures the source IP address for egress traffic to use the load-balancer service IP address. Therefore, you must specify the load-balancer node for return traffic to use the same return path for the traffic originating from the pod.
+
+.. Apply the configuration for the BGP advertisement by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f first-adv.yaml
+----
+
+. Create an `EgressService` CR:
+
+.. Create a file, such as `egress-service.yaml`, with content like the following example:
++
+[source,yaml,options="nowrap",role="white-space-pre"]
+----
+apiVersion: k8s.ovn.org/v1
+kind: EgressService
+metadata:
+  name: server1 <1>
+  namespace: test <2>
+spec:
+  sourceIPBy: "LoadBalancerIP" <3>
+  nodeSelector:
+    matchLabels:
+      vrf: "true" <4>
+  network: "2" <5>
+----
+<1> Specify the name for the egress service. The name of the `EgressService` resource must match the name of the load-balancer service that you want to modify.
+<2> Specify the namespace for the egress service. The namespace for the `EgressService` must match the namespace of the load-balancer service that you want to modify. The egress service is namespace-scoped.
+<3> This example assigns the `LoadBalancer` service ingress IP address as the source IP address for egress traffic.
+<4> If you specify `LoadBalancer` for the `sourceIPBy` specification, a single node handles the `LoadBalancer` service traffic. In this example, only a node with the label `vrf: "true"` can handle the service traffic. If you do not specify a node, OVN-Kubernetes selects a worker node to handle the service traffic. When a node is selected, OVN-Kubernetes labels the node in the following format: `egress-service.k8s.ovn.org/<svc_namespace>-<svc_name>: ""`.
+<5> Specify the routing table for egress traffic.
+
+.. Apply the configuration for the egress service by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f egress-service.yaml
+----
+
+.Verification
+
+. Verify that you can access the application endpoint of the pods running behind the MetalLB service by running the following command:
++
+[source,terminal]
+----
+$ curl <external_ip_address>:<port_number> <1>
+----
+<1> Update the external IP address and port number to suit your application endpoint.
+
+. Optional: If you assigned the `LoadBalancer` service ingress IP address as the source IP address for egress traffic, verify this configuration by using tools such as `tcpdump` to analyze packets received at the external client.
+
diff --git a/modules/nw-metallb-configure-specificpools-to-bgppeer.adoc b/modules/nw-metallb-configure-specificpools-to-bgppeer.adoc
index d8513b9af989..17e03843c3b9 100644
--- a/modules/nw-metallb-configure-specificpools-to-bgppeer.adoc
+++ b/modules/nw-metallb-configure-specificpools-to-bgppeer.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-bgp-peers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-example-assign-specific-address-pools-specific-bgp-peers_{context}"]
 = Configure a specific set of BGP peers for a given address pool
 
diff --git a/modules/nw-metallb-configure-svc.adoc b/modules/nw-metallb-configure-svc.adoc
index a13da551b649..046008865097 100644
--- a/modules/nw-metallb-configure-svc.adoc
+++ b/modules/nw-metallb-configure-svc.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/nw-metalb-configure-svc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-configure-svc_{context}"]
 = Configuring a service with MetalLB
 
diff --git a/modules/nw-metallb-configure-vrf-bgppeer.adoc b/modules/nw-metallb-configure-vrf-bgppeer.adoc
new file mode 100644
index 000000000000..56bab10eafb9
--- /dev/null
+++ b/modules/nw-metallb-configure-vrf-bgppeer.adoc
@@ -0,0 +1,214 @@
+// Module included in the following assemblies:
+//
+// * networking/metallb/metallb-configure-bgp-peers.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-metallb-bgp-peer-vrf_{context}"]
+= Exposing a service through a network VRF
+
+You can expose a service through a virtual routing and forwarding (VRF) instance by associating a VRF on a network interface with a BGP peer.
+
+:FeatureName: Exposing a service through a VRF on a BGP peer
+include::snippets/technology-preview.adoc[]
+
+By using a VRF on a network interface to expose a service through a BGP peer, you can segregate traffic to the service, configure independent routing decisions, and enable multi-tenancy support on a network interface.
+
+[NOTE]
+====
+By establishing a BGP session through an interface belonging to a network VRF, MetalLB can advertise services through that interface and enable external traffic to reach the service through this interface. However, the network VRF routing table is different from the default VRF routing table used by OVN-Kubernetes. Therefore, the traffic cannot reach the OVN-Kubernetes network infrastructure.
+
+To enable the traffic directed to the service to reach the OVN-Kubernetes network infrastructure, you must configure routing rules to define the next hops for network traffic. See the `NodeNetworkConfigurationPolicy` resource in "Managing symmetric routing with MetalLB" in the _Additional resources_ section for more information.
+====
+
+These are the high-level steps to expose a service through a network VRF with a BGP peer:
+
+. Define a BGP peer and add a network VRF instance.
+. Specify an IP address pool for MetalLB.
+. Configure a BGP route advertisement for MetalLB to advertise a route using the specified IP address pool and the BGP peer associated with the VRF instance.
+. Deploy a service to test the configuration.
+
+.Prerequisites
+
+* You installed the OpenShift CLI (`oc`).
+* You logged in as a user with `cluster-admin` privileges.
+* You defined a `NodeNetworkConfigurationPolicy` to associate a Virtual Routing and Forwarding (VRF) instance with a network interface. For more information about completing this prerequisite, see the _Additional resources_ section.
+* You installed MetalLB on your cluster.
+
+.Procedure
+
+. Create a `BGPPeer` custom resources (CR):
+
+.. Create a file, such as `frrviavrf.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta2
+kind: BGPPeer
+metadata:
+  name: frrviavrf
+  namespace: metallb-system
+spec:
+  myASN: 100
+  peerASN: 200
+  peerAddress: 192.168.130.1
+  vrf: ens4vrf <1>
+----
+<1> Specifies the network VRF instance to associate with the BGP peer. MetalLB can advertise services and make routing decisions based on the routing information in the VRF.
++
+[NOTE]
+====
+You must configure this network VRF instance in a `NodeNetworkConfigurationPolicy` CR. See the _Additional resources_ for more information.
+====
+
+.. Apply the configuration for the BGP peer by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f frrviavrf.yaml
+----
+
+. Create an `IPAddressPool` CR:
+
+.. Create a file, such as `first-pool.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: first-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 192.169.10.0/32
+----
+
+.. Apply the configuration for the IP address pool by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f first-pool.yaml
+----
+
+. Create a `BGPAdvertisement` CR:
+
+.. Create a file, such as `first-adv.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: first-adv
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - first-pool
+  peers:
+    - frrviavrf <1>
+----
+<1> In this example, MetalLB advertises a range of IP addresses from the `first-pool` IP address pool to the `frrviavrf` BGP peer.
+
+.. Apply the configuration for the BGP advertisement by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f first-adv.yaml
+----
+
+. Create a `Namespace`, `Deployment`, and `Service` CR:
+
+.. Create a file, such as `deploy-service.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: server
+  namespace: test
+spec:
+  selector:
+    matchLabels:
+      app: server
+  template:
+    metadata:
+      labels:
+        app: server
+    spec:
+      containers:
+      - name: server
+        image: registry.redhat.io/ubi9/ubi
+        ports:
+        - name: http
+          containerPort: 30100
+        command: ["/bin/sh", "-c"]
+        args: ["sleep INF"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: server1
+  namespace: test
+spec:
+  ports:
+  - name: http
+    port: 30100
+    protocol: TCP
+    targetPort: 30100
+  selector:
+    app: server
+  type: LoadBalancer
+----
+
+.. Apply the configuration for the namespace, deployment, and service by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f deploy-service.yaml
+----
+
+.Verification
+
+. Identify a MetalLB speaker pod by running the following command:
++
+[source,terminal]
+----
+$ oc get -n metallb-system pods -l component=speaker
+----
++
+.Example output
+[source,terminal]
+----
+NAME            READY   STATUS    RESTARTS   AGE
+speaker-c6c5f   6/6     Running   0          69m
+----
+
+. Verify that the state of the BGP session is `Established` in the speaker pod by running the following command, replacing the variables to match your configuration:
++
+[source,terminal]
+----
+$ oc exec -n metallb-system <speaker_pod> -c frr -- vtysh -c "show bgp vrf <vrf_name> neigh"
+----
++
+.Example output
+[source,terminal]
+----
+BGP neighbor is 192.168.30.1, remote AS 200, local AS 100, external link
+  BGP version 4, remote router ID 192.168.30.1, local router ID 192.168.30.71
+  BGP state = Established, up for 04:20:09
+
+...
+----
+
+. Verify that the service is advertised correctly by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n metallb-system <speaker_pod> -c frr -- vtysh -c "show bgp vrf <vrf_name> ipv4"
+----
\ No newline at end of file
diff --git a/modules/nw-metallb-example-bgppeer.adoc b/modules/nw-metallb-example-bgppeer.adoc
index 48d1bdb0325c..4c51a723e577 100644
--- a/modules/nw-metallb-example-bgppeer.adoc
+++ b/modules/nw-metallb-example-bgppeer.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-configure-bgp-peers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-example-bgppeer_{context}"]
 = Example BGP peer configurations
 
diff --git a/modules/nw-metallb-infra-considerations.adoc b/modules/nw-metallb-infra-considerations.adoc
index 3f4457a945a5..b45d3cc4a83e 100644
--- a/modules/nw-metallb-infra-considerations.adoc
+++ b/modules/nw-metallb-infra-considerations.adoc
@@ -13,11 +13,10 @@ For example, the following infrastructures can benefit from adding the MetalLB O
 
 * VMware vSphere
 
-* {ibmzProductName} and {linuxoneProductName}
+* {ibm-z-name} and {ibm-linuxone-name}
 
-* {ibmzProductName} and {linuxoneProductName} for {op-system-base-full} KVM
+* {ibm-z-name} and {ibm-linuxone-name} for {op-system-base-full} KVM
 
-* {ibmpowerProductName}
-
-MetalLB Operator and MetalLB are supported with the OpenShift SDN and OVN-Kubernetes network providers.
+* {ibm-power-name}
 
+MetalLB Operator and MetalLB are supported with the OpenShift SDN and OVN-Kubernetes network providers.
\ No newline at end of file
diff --git a/modules/nw-metallb-installing-operator-cli.adoc b/modules/nw-metallb-installing-operator-cli.adoc
index fb7712863de7..c4e5e1a4dc45 100644
--- a/modules/nw-metallb-installing-operator-cli.adoc
+++ b/modules/nw-metallb-installing-operator-cli.adoc
@@ -2,13 +2,13 @@
 //
 // * networking/metallb/metallb-operator-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-installing-operator-cli_{context}"]
 = Installing from OperatorHub using the CLI
 
 Instead of using the {product-title} web console, you can install an Operator from OperatorHub using the CLI. You can use the OpenShift CLI (`oc`) to install the MetalLB Operator.
 
-It is recommended that when using the CLI you install the Operator in the `metallb-system` namespace. 
+It is recommended that when using the CLI you install the Operator in the `metallb-system` namespace.
 
 .Prerequisites
 
@@ -66,9 +66,9 @@ apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: metallb-operator-sub
-  namespace: metallb-system 
+  namespace: metallb-system
 spec:
-  channel: stable 
+  channel: stable
   name: metallb-operator
   source: redhat-operators <1>
   sourceNamespace: openshift-marketplace
@@ -89,9 +89,9 @@ $ oc create -f metallb-sub.yaml
 $ oc label ns metallb-system "openshift.io/cluster-monitoring=true"
 ----
 
-.Verification 
+.Verification
 
-The verification steps assume the MetalLB Operator is installed in the `metallb-system` namespace. 
+The verification steps assume the MetalLB Operator is installed in the `metallb-system` namespace.
 
 . Confirm the install plan is in the namespace:
 +
@@ -109,7 +109,7 @@ install-wzg94   metallb-operator.{product-version}.0-nnnnnnnnnnnn   Automatic
 +
 [NOTE]
 ====
-Installation of the Operator might take a few seconds. 
+Installation of the Operator might take a few seconds.
 ====
 
 . To verify that the Operator is installed, enter the following command:
diff --git a/modules/nw-metallb-l2padvertisement-cr.adoc b/modules/nw-metallb-l2padvertisement-cr.adoc
index 740cd40de8cc..669e3ced41b3 100644
--- a/modules/nw-metallb-l2padvertisement-cr.adoc
+++ b/modules/nw-metallb-l2padvertisement-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-advertising-ipaddresspool.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-metallb-l2padvertisement-cr_{context}"]
 = About the L2Advertisement custom resource
 
diff --git a/modules/nw-metallb-layer2-limitations.adoc b/modules/nw-metallb-layer2-limitations.adoc
index 058df875bdb8..3e398f63673b 100644
--- a/modules/nw-metallb-layer2-limitations.adoc
+++ b/modules/nw-metallb-layer2-limitations.adoc
@@ -34,3 +34,9 @@ The old node can continue to forward traffic for outdated clients until their ca
 
 During an unplanned failover, the service IPs are unreachable until the outdated clients refresh their cache entries.
 
+[id="additional_network_and_metallb_limitation_{context}"]
+== Additional Network and MetalLB cannot use same network
+
+Using the same VLAN for both MetalLB and an additional network interface set up on a source pod might result in a connection failure. This occurs when both the MetalLB IP and the source pod reside on the same node.
+
+To avoid connection failures, place the MetalLB IP in a different subnet from the one where the source pod resides. This configuration ensures that traffic from the source pod will take the default gateway. Consequently, the traffic can effectively reach its destination by using the OVN overlay network, ensuring that the connection functions as intended.
\ No newline at end of file
diff --git a/modules/nw-metallb-layer2.adoc b/modules/nw-metallb-layer2.adoc
index b2162982b7b8..8ee0449c8dd8 100644
--- a/modules/nw-metallb-layer2.adoc
+++ b/modules/nw-metallb-layer2.adoc
@@ -2,17 +2,17 @@
 //
 // * networking/metallb/about-metallb.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="nw-metallb-layer2_{context}"]
 = MetalLB concepts for layer 2 mode
 
-In layer 2 mode, the `speaker` pod on one node announces the external IP address for a service to the host network. 
-From a network perspective, the node appears to have multiple IP addresses assigned to a network interface. 
+In layer 2 mode, the `speaker` pod on one node announces the external IP address for a service to the host network.
+From a network perspective, the node appears to have multiple IP addresses assigned to a network interface.
 
 [NOTE]
 ====
-In layer 2 mode, MetalLB relies on ARP and NDP. These protocols implement local address resolution within a specific subnet. In this context, the client must be able to reach the VIP assigned by MetalLB that exists on the same subnet as the nodes announcing the service in order for MetalLB to work. 
+In layer 2 mode, MetalLB relies on ARP and NDP. These protocols implement local address resolution within a specific subnet. In this context, the client must be able to reach the VIP assigned by MetalLB that exists on the same subnet as the nodes announcing the service in order for MetalLB to work.
 ====
 
 The `speaker` pod responds to ARP requests for IPv4 services and NDP requests for IPv6.
diff --git a/modules/nw-metallb-levels.adoc b/modules/nw-metallb-levels.adoc
index 8d3fc6975cc1..55322b345966 100644
--- a/modules/nw-metallb-levels.adoc
+++ b/modules/nw-metallb-levels.adoc
@@ -2,12 +2,12 @@
 // Epic CNF-3274 (4.11)
 // * networking/metallb/metallb-troubleshoot-support.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="frr-log-levels_{context}"]
 = FRRouting (FRR) log levels
 
-The following table describes the FRR logging levels. 
+The following table describes the FRR logging levels.
 
 .Log levels
 [cols="30%,70%",options="header"]
diff --git a/modules/nw-metallb-loglevel.adoc b/modules/nw-metallb-loglevel.adoc
index 799c21b15e2b..77e30b1850d9 100644
--- a/modules/nw-metallb-loglevel.adoc
+++ b/modules/nw-metallb-loglevel.adoc
@@ -2,12 +2,12 @@
 //
 // * networking/metallb/metallb-troubleshoot-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="nw-metallb-setting-metalb-logging-levels_{context}"]
 = Setting the MetalLB logging levels
 
-MetalLB uses FRRouting (FRR) in a container with the default setting of `info` generates a lot of logging. You can control the verbosity of the logs generated by setting the `logLevel` as illustrated in this example. 
+MetalLB uses FRRouting (FRR) in a container with the default setting of `info` generates a lot of logging. You can control the verbosity of the logs generated by setting the `logLevel` as illustrated in this example.
 
 Gain a deeper insight into MetalLB by setting the `logLevel` to `debug` as follows:
 
diff --git a/modules/nw-metallb-metrics.adoc b/modules/nw-metallb-metrics.adoc
index fc72248f188e..d96403bfa006 100644
--- a/modules/nw-metallb-metrics.adoc
+++ b/modules/nw-metallb-metrics.adoc
@@ -5,26 +5,78 @@
 [id="nw-metallb-metrics_{context}"]
 = MetalLB metrics for BGP and BFD
 
-{product-title} captures the following metrics that are related to MetalLB and BGP peers and BFD profiles:
+{product-title} captures the following metrics for MetalLB that relate to BGP peers and BFD profiles.
 
-* `metallb_bfd_control_packet_input` counts the number of BFD control packets received from each BFD peer.
+.MetalLB BFD metrics
+[cols="30%,70%",options="header"]
+|===
+| Name | Description
 
-* `metallb_bfd_control_packet_output` counts the number of BFD control packets sent to each BFD peer.
+| `metallb_bfd_control_packet_input`
+| Counts the number of BFD control packets received from each BFD peer.
 
-* `metallb_bfd_echo_packet_input` counts the number of BFD echo packets received from each BFD peer.
+| `metallb_bfd_control_packet_output`
+| Counts the number of BFD control packets sent to each BFD peer.
 
-* `metallb_bfd_echo_packet_output` counts the number of BFD echo packets sent to each BFD peer.
+| `metallb_bfd_echo_packet_input`
+| Counts the number of BFD echo packets received from each BFD peer.
 
-* `metallb_bfd_session_down_events` counts the number of times the BFD session with a peer entered the `down` state.
+| `metallb_bfd_echo_packet_output`
+| Counts the number of BFD echo packets sent to each BFD.
 
-* `metallb_bfd_session_up` indicates the connection state with a BFD peer. `1` indicates the session is `up` and `0` indicates the session is `down`.
+| `metallb_bfd_session_down_events`
+| Counts the number of times the BFD session with a peer entered the `down` state.
 
-* `metallb_bfd_session_up_events` counts the number of times the BFD session with a peer entered the `up` state.
+| `metallb_bfd_session_up`
+| Indicates the connection state with a BFD peer. `1` indicates the session is `up` and `0` indicates the session is `down`.
 
-* `metallb_bfd_zebra_notifications` counts the number of BFD Zebra notifications for each BFD peer.
+| `metallb_bfd_session_up_events`
+| Counts the number of times the BFD session with a peer entered the `up` state.
 
-* `metallb_bgp_announced_prefixes_total` counts the number of load balancer IP address prefixes that are advertised to BGP peers. The terms _prefix_ and _aggregated route_ have the same meaning.
+| `metallb_bfd_zebra_notifications`
+| Counts the number of BFD Zebra notifications for each BFD peer.
 
-* `metallb_bgp_session_up` indicates the connection state with a BGP peer. `1` indicates the session is `up` and `0` indicates the session is `down`.
+|===
 
-* `metallb_bgp_updates_total` counts the number of BGP `update` messages that were sent to a BGP peer.
+.MetalLB BGP metrics
+[cols="30%,70%",options="header"]
+|===
+| Name | Description
+
+| `metallb_bgp_announced_prefixes_total`
+| Counts the number of load balancer IP address prefixes that are advertised to BGP peers. The terms _prefix_ and _aggregated route_ have the same meaning.
+
+| `metallb_bgp_session_up`
+| Indicates the connection state with a BGP peer. `1` indicates the session is `up` and `0` indicates the session is `down`.
+
+| `metallb_bgp_updates_total`
+| Counts the number of BGP update messages sent to each BGP peer.
+
+| `metallb_bgp_opens_sent`
+| Counts the number of BGP open messages sent to each BGP peer.
+
+| `metallb_bgp_opens_received`
+| Counts the number of BGP open messages received from each BGP peer.
+
+| `metallb_bgp_notifications_sent`
+| Counts the number of BGP notification messages sent to each BGP peer.
+
+| `metallb_bgp_updates_total_received`
+| Counts the number of BGP update messages received from each BGP peer.
+
+| `metallb_bgp_keepalives_sent`
+| Counts the number of BGP keepalive messages sent to each BGP peer.
+
+| `metallb_bgp_keepalives_received`
+| Counts the number of BGP keepalive messages received from each BGP peer.
+
+| `metallb_bgp_route_refresh_sent`
+| Counts the number of BGP route refresh messages sent to each BGP peer.
+
+| `metallb_bgp_total_sent`
+| Counts the number of total BGP messages sent to each BGP peer.
+
+| `metallb_bgp_total_received`
+| Counts the number of total BGP messages received from each BGP peer.
+
+|===
diff --git a/modules/nw-metallb-operator-initial-config.adoc b/modules/nw-metallb-operator-initial-config.adoc
index 523c06feec9f..81ebb5855d4c 100644
--- a/modules/nw-metallb-operator-initial-config.adoc
+++ b/modules/nw-metallb-operator-initial-config.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/metallb-operator-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-metallb-operator-initial-config_{context}"]
 = Starting MetalLB on your cluster
 
@@ -19,7 +19,7 @@ After you install the Operator, you need to configure a single instance of a Met
 
 .Procedure
 
-This procedure assumes the MetalLB Operator is installed in the `metallb-system` namespace. If you installed using the web console substitute `openshift-operators` for the namespace. 
+This procedure assumes the MetalLB Operator is installed in the `metallb-system` namespace. If you installed using the web console substitute `openshift-operators` for the namespace.
 
 . Create a single instance of a MetalLB custom resource:
 +
diff --git a/modules/nw-metallb-operator-setting-pod-priority-affinity.adoc b/modules/nw-metallb-operator-setting-pod-priority-affinity.adoc
index b8f032176ec3..612ece1e2477 100644
--- a/modules/nw-metallb-operator-setting-pod-priority-affinity.adoc
+++ b/modules/nw-metallb-operator-setting-pod-priority-affinity.adoc
@@ -5,9 +5,9 @@
 [id="nw-metallb-operator-setting-pod-priority-affinity_{context}"]
 = Configuring pod priority and pod affinity in a MetalLB deployment
 
-You can optionally assign pod priority and pod affinity rules to `controller` and `speaker` pods by configuring the `MetalLB` custom resource. The pod priority indicates the relative importance of a pod on a node and schedules the pod based on this priority. Set a high priority on your `controller` or `speaker` pod to ensure scheduling priority over other pods on the node. 
+You can optionally assign pod priority and pod affinity rules to `controller` and `speaker` pods by configuring the `MetalLB` custom resource. The pod priority indicates the relative importance of a pod on a node and schedules the pod based on this priority. Set a high priority on your `controller` or `speaker` pod to ensure scheduling priority over other pods on the node.
 
-Pod affinity manages relationships among pods. Assign pod affinity to the `controller` or `speaker` pods to control on what node the scheduler places the pod in the context of pod relationships. For example, you can allow pods with logically related workloads on the same node, or ensure pods with conflicting workloads are on separate nodes. 
+Pod affinity manages relationships among pods. Assign pod affinity to the `controller` or `speaker` pods to control on what node the scheduler places the pod in the context of pod relationships. For example, you can use pod affinity rules to ensure that certain pods are located on the same node or nodes, which can help improve network communication and reduce latency between those components.
 
 .Prerequisites
 
@@ -15,8 +15,10 @@ Pod affinity manages relationships among pods. Assign pod affinity to the `contr
 
 * You have installed the MetalLB Operator.
 
+* You have started the MetalLB Operator on your cluster.
+
 .Procedure
-. Create a `PriorityClass` custom resource, such as `myPriorityClass.yaml`, to configure the priority level. This example uses a high-priority class:
+. Create a `PriorityClass` custom resource, such as `myPriorityClass.yaml`, to configure the priority level. This example defines a `PriorityClass` named `high-priority` with a value of `1000000`. Pods that are assigned this priority class are considered higher priority during scheduling compared to pods with lower priority classes:
 +
 [source,yaml]
 ----
@@ -34,7 +36,7 @@ value: 1000000
 $ oc apply -f myPriorityClass.yaml
 ----
 
-. Create a `MetalLB` custom resource, such as `MetalLBPodConfig.yaml`, to specify the `priorityClassName` and `podAffinity` values: 
+. Create a `MetalLB` custom resource, such as `MetalLBPodConfig.yaml`, to specify the `priorityClassName` and `podAffinity` values:
 +
 [source,yaml]
 ----
@@ -46,12 +48,17 @@ metadata:
 spec:
   logLevel: debug
   controllerConfig:
-    priorityClassName: high-priority
-    runtimeClassName: myclass
+    priorityClassName: high-priority <1>
+    affinity:
+      podAffinity: <2>
+        requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+             app: metallb
+          topologyKey: kubernetes.io/hostname
   speakerConfig:
     priorityClassName: high-priority
-    runtimeClassName: myclass
-  affinity:
+    affinity:
       podAffinity:
         requiredDuringSchedulingIgnoredDuringExecution:
         - labelSelector:
@@ -59,6 +66,9 @@ spec:
              app: metallb
           topologyKey: kubernetes.io/hostname
 ----
++
+<1> Specifies the priority class for the MetalLB controller pods. In this case, it is set to `high-priority`.
+<2> Specifies that you are configuring pod affinity rules. These rules dictate how pods are scheduled in relation to other pods or nodes. This configuration instructs the scheduler to schedule pods that have the label `app: metallb` onto nodes that share the same hostname. This helps to co-locate MetalLB-related pods on the same nodes, potentially optimizing network communication, latency, and resource usage between these pods.
 
 . Apply the `MetalLB` custom resource configuration:
 +
@@ -68,16 +78,27 @@ $ oc apply -f MetalLBPodConfig.yaml
 ----
 
 .Verification
-* To view the priority class that you assigned to pods in a namespace, run the following command, replacing `<namespace>` with your target namespace:
+* To view the priority class that you assigned to pods in the `metallb-system` namespace, run the following command:
 +
 [source,bash]
 ----
-$ oc get pods -n <namespace> -o custom-columns=NAME:.metadata.name,PRIORITY:.spec.priorityClassName
+$ oc get pods -n metallb-system -o custom-columns=NAME:.metadata.name,PRIORITY:.spec.priorityClassName
+----
++
+.Example output
++
+[source,terminal]
+----
+NAME                                                 PRIORITY
+controller-584f5c8cd8-5zbvg                          high-priority
+metallb-operator-controller-manager-9c8d9985-szkqg   <none>
+metallb-operator-webhook-server-c895594d4-shjgx      <none>
+speaker-dddf7                                        high-priority
 ----
 
-* To verify that the scheduler placed pods according to pod affinity rules, view the metadata for the pod's node by running the following command, replacing `<namespace>` with your target namespace:
+* To verify that the scheduler placed pods according to pod affinity rules, view the metadata for the pod's node or nodes by running the following command:
 +
 [source,bash]
 ----
-$ oc get pod -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -n <namespace>
+$ oc get pod -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -n metallb-system
 ----
diff --git a/modules/nw-metallb-operator-setting-runtimeclass.adoc b/modules/nw-metallb-operator-setting-runtimeclass.adoc
index fd93d9e475a9..89984687194b 100644
--- a/modules/nw-metallb-operator-setting-runtimeclass.adoc
+++ b/modules/nw-metallb-operator-setting-runtimeclass.adoc
@@ -5,7 +5,7 @@
 [id="nw-metallb-operator-setting-runtimeclass_{context}"]
 = Configuring a container runtime class in a MetalLB deployment
 
-You can optionally assign a container runtime class to `controller` and `speaker` pods by configuring the `MetalLB` custom resource. For example, for Windows workloads, you can assign a Windows runtime class to the pod, which uses this runtime class for all containers in the pod.  
+You can optionally assign a container runtime class to `controller` and `speaker` pods by configuring the MetalLB custom resource. For example, for Windows workloads, you can assign a Windows runtime class to the pod, which uses this runtime class for all containers in the pod.
 
 .Prerequisites
 
@@ -21,7 +21,7 @@ You can optionally assign a container runtime class to `controller` and `speaker
 apiVersion: node.k8s.io/v1
 kind: RuntimeClass
 metadata:
-  name: myclass 
+  name: myclass
 handler: myconfiguration
 ----
 
@@ -32,7 +32,7 @@ handler: myconfiguration
 $ oc apply -f myRuntimeClass.yaml
 ----
 
-. Create a `MetalLB` custom resource, such as `MetalLBRuntime.yaml`, to specify the `runtimeClassName` value: 
+. Create a `MetalLB` custom resource, such as `MetalLBRuntime.yaml`, to specify the `runtimeClassName` value:
 +
 [source,yaml]
 ----
@@ -47,12 +47,12 @@ spec:
     runtimeClassName: myclass
     annotations: <1>
       controller: demo
-  speakerConfig: 
+  speakerConfig:
     runtimeClassName: myclass
     annotations: <1>
       speaker: demo
 ----
-<1> This example uses `annotations` to add metadata such as build release information or GitHub pull request information. You can populate annotations with characters not permitted in labels. However, you cannot use annotations to identify or select objects. 
+<1> This example uses `annotations` to add metadata such as build release information or GitHub pull request information. You can populate annotations with characters that are not permitted in labels. However, you cannot use annotations to identify or select objects.
 
 . Apply the `MetalLB` custom resource configuration:
 +
diff --git a/modules/nw-metallb-when-metallb.adoc b/modules/nw-metallb-when-metallb.adoc
index 812c15707c7b..e6342bad0979 100644
--- a/modules/nw-metallb-when-metallb.adoc
+++ b/modules/nw-metallb-when-metallb.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/metallb/about-metallb.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-metallb-when-metallb_{context}"]
 = When to use MetalLB
 
diff --git a/modules/nw-modifying-operator-install-config.adoc b/modules/nw-modifying-operator-install-config.adoc
index 785c88635cbd..cc79f52c33a3 100644
--- a/modules/nw-modifying-operator-install-config.adoc
+++ b/modules/nw-modifying-operator-install-config.adoc
@@ -18,7 +18,7 @@ ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
 :ibm-cloud:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-nwoperator-config-startup_{context}"]
 = Specifying advanced network configuration
 
@@ -55,9 +55,7 @@ metadata:
 spec:
 ----
 
-. Specify the advanced network configuration for your cluster in the `cluster-network-03-config.yml` file, such as in the following
-ifndef::ibm-cloud[examples:]
-ifdef::ibm-cloud[example:]
+. Specify the advanced network configuration for your cluster in the `cluster-network-03-config.yml` file, such as in the following examples:
 +
 --
 .Specify a different VXLAN port for the OpenShift SDN network provider
@@ -73,7 +71,6 @@ spec:
       vxlanPort: 4800
 ----
 
-ifndef::ibm-cloud[]
 .Enable IPsec for the OVN-Kubernetes network provider
 [source,yaml]
 ----
@@ -86,7 +83,6 @@ spec:
     ovnKubernetesConfig:
       ipsecConfig: {}
 ----
-endif::ibm-cloud[]
 --
 
 . Optional: Back up the `manifests/cluster-network-03-config.yml` file. The
diff --git a/modules/nw-multi-network-policy-differences.adoc b/modules/nw-multi-network-policy-differences.adoc
index d4197775b2ba..6acf8c31643d 100644
--- a/modules/nw-multi-network-policy-differences.adoc
+++ b/modules/nw-multi-network-policy-differences.adoc
@@ -1,3 +1,8 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-multi-network-policy.adoc
+
+:_mod-docs-content-type: CONCEPT
 [id="nw-multi-network-policy-differences_{context}"]
 = Differences between multi-network policy and network policy
 
diff --git a/modules/nw-multi-network-policy-enable.adoc b/modules/nw-multi-network-policy-enable.adoc
index ae2d77ca2dc3..b0d360047187 100644
--- a/modules/nw-multi-network-policy-enable.adoc
+++ b/modules/nw-multi-network-policy-enable.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/configuring-multi-network-policy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multi-network-policy-enable_{context}"]
 = Enabling multi-network policy for the cluster
 
diff --git a/modules/nw-multi-network-policy-ipv6-suppport.adoc b/modules/nw-multi-network-policy-ipv6-suppport.adoc
new file mode 100644
index 000000000000..a688434c2404
--- /dev/null
+++ b/modules/nw-multi-network-policy-ipv6-suppport.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-multi-network-policy.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nw-multi-network-policy-ipv6-support_{context}"]
+= Supporting multi-network policies in IPv6 networks
+
+The ICMPv6 Neighbor Discovery Protocol (NDP) is a set of messages and processes that enable devices to discover and maintain information about neighboring nodes. NDP plays a crucial role in IPv6 networks, facilitating the interaction between devices on the same link.
+
+The Cluster Network Operator (CNO) deploys the iptables implementation of multi-network policy when the `useMultiNetworkPolicy` parameter is set to `true`.
+
+To support multi-network policies in IPv6 networks the Cluster Network Operator deploys the following set of rules in every pod affected by a multi-network policy:
+
+.Multi-network policy custom rules
+
+[source,yaml]
+----
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: multi-networkpolicy-custom-rules
+  namespace: openshift-multus
+data:
+
+  custom-v6-rules.txt: |
+    # accept NDP
+    -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT <1>
+    -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT <2>
+    # accept RA/RS
+    -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT <3>
+    -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT <4>
+----
+
+<1> This rule allows incoming ICMPv6 neighbor solicitation messages, which are part of the neighbor discovery protocol (NDP). These messages help determine the link-layer addresses of neighboring nodes.
+<2> This rule allows incoming ICMPv6 neighbor advertisement messages, which are part of NDP and provide information about the link-layer address of the sender.
+<3> This rule permits incoming ICMPv6 router solicitation messages. Hosts use these messages to request router configuration information.
+<4> This rule allows incoming ICMPv6 router advertisement messages, which give configuration information to hosts.
+
+[NOTE]
+====
+You cannot edit these predefined rules.
+====
+
+These rules collectively enable essential ICMPv6 traffic for correct network functioning, including address resolution and router communication in an IPv6 environment. With these rules in place and a multi-network policy denying traffic, applications are not expected to experience connectivity issues.
\ No newline at end of file
diff --git a/modules/nw-multitenant-global.adoc b/modules/nw-multitenant-global.adoc
index d3642b8f4533..5a1f86f7fd2c 100644
--- a/modules/nw-multitenant-global.adoc
+++ b/modules/nw-multitenant-global.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/multitenant-isolation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multitenant-global_{context}"]
 = Disabling network isolation for a project
 
diff --git a/modules/nw-multitenant-isolation.adoc b/modules/nw-multitenant-isolation.adoc
index e8fdcfc0058d..c7bb9217f718 100644
--- a/modules/nw-multitenant-isolation.adoc
+++ b/modules/nw-multitenant-isolation.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/multitenant-isolation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multitenant-isolation_{context}"]
 = Isolating a project
 
diff --git a/modules/nw-multitenant-joining.adoc b/modules/nw-multitenant-joining.adoc
index 692527438a7b..47a883dbb50b 100644
--- a/modules/nw-multitenant-joining.adoc
+++ b/modules/nw-multitenant-joining.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/multitenant-isolation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multitenant-joining_{context}"]
 = Joining projects
 
diff --git a/modules/nw-multus-add-pod.adoc b/modules/nw-multus-add-pod.adoc
index 9c76da35cfaf..9815c8b22054 100644
--- a/modules/nw-multus-add-pod.adoc
+++ b/modules/nw-multus-add-pod.adoc
@@ -17,7 +17,7 @@ ifeval::["{product-version}" == "4.5"]
 :bz:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-add-pod_{context}"]
 = Adding a pod to an additional network
 
diff --git a/modules/nw-multus-advanced-annotations.adoc b/modules/nw-multus-advanced-annotations.adoc
index e6bbe5d2738e..90b794ee29e3 100644
--- a/modules/nw-multus-advanced-annotations.adoc
+++ b/modules/nw-multus-advanced-annotations.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/attaching-pod.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-advanced-annotations_{context}"]
 = Specifying pod-specific addressing and routing options
 
@@ -55,14 +55,14 @@ kind: Pod
 metadata:
   name: example-pod
   annotations:
-    k8s.v1.cni.cncf.io/networks: '
+    k8s.v1.cni.cncf.io/networks: '[
     {
       "name": "net1"
     },
     {
       "name": "net2", <1>
       "default-route": ["192.0.2.1"] <2>
-    }'
+    }]'
 spec:
   containers:
   - name: example-pod
diff --git a/modules/nw-multus-bridge-object.adoc b/modules/nw-multus-bridge-object.adoc
index 3829d4ec17b5..fd5ed56d188e 100644
--- a/modules/nw-multus-bridge-object.adoc
+++ b/modules/nw-multus-bridge-object.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-multus-bridge-object_{context}"]
 = Configuration for a bridge additional network
 
diff --git a/modules/nw-multus-configure-dualstack-ip-address.adoc b/modules/nw-multus-configure-dualstack-ip-address.adoc
new file mode 100644
index 000000000000..63f8a1c0569e
--- /dev/null
+++ b/modules/nw-multus-configure-dualstack-ip-address.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-additional-network.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="nw-multus-configure-dualstack-ip-address_{context}"]
+= Creating a configuration for assignment of dual-stack IP addresses dynamically
+
+Dual-stack IP address assignment can be configured with the `ipRanges` parameter for:
+
+* IPv4 addresses
+* IPv6 addresses
+* multiple IP address assignment
+
+.Procedure
+
+. Set `type` to `whereabouts`.
+
+. Use `ipRanges` to allocate IP addresses as shown in the following example:
++
+[source,yaml]
+----
+cniVersion: operator.openshift.io/v1
+kind: Network
+=metadata:
+  name: cluster
+spec:
+  additionalNetworks:
+  - name: whereabouts-shim
+    namespace: default
+    type: Raw
+    rawCNIConfig: |-
+      {
+       "name": "whereabouts-dual-stack",
+       "cniVersion": "0.3.1,
+       "type": "bridge",
+       "ipam": {
+         "type": "whereabouts",
+         "ipRanges": [
+                  {"range": "192.168.10.0/24"},
+                  {"range": "2001:db8::/64"}
+              ]
+       }
+      }
+
+----
+
+. Attach network to a pod. For more information, see "Adding a pod to an additional network".
+
+. Verify that all IP addresses are assigned.
+
+. Run the following command to ensure the IP addresses are assigned as metadata.
++
+[source,yaml]
+----
+$ oc exec -it mypod -- ip a
+----
\ No newline at end of file
diff --git a/modules/nw-multus-create-master-interface-bridge-cni.adoc b/modules/nw-multus-create-master-interface-bridge-cni.adoc
new file mode 100644
index 000000000000..a804e0df5db2
--- /dev/null
+++ b/modules/nw-multus-create-master-interface-bridge-cni.adoc
@@ -0,0 +1,213 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-additional-network.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-multus-create-master-interface-bridge-cni_{context}"]
+= Creating a subinterface based on a bridge master interface in a container namespace
+
+Creating a subinterface can be applied to other types of interfaces. Follow this procedure to create a subinterface based on a bridge master interface in a container namespace.
+
+.Prerequisites
+* You have installed the OpenShift CLI (`oc`).
+* You are logged in to the {product-title} cluster as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Create a dedicated container namespace where you want to deploy your pod by running the following command:
++
+[source,terminal]
+----
+$ oc new-project test-namespace
+----
+
+. Using the following YAML example, create a bridge `NetworkAttachmentDefinition` custom resource (CR) file named `bridge-nad.yaml`:
++
+[source,yaml]
+----
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: bridge-network
+spec:
+  config: '{
+    "cniVersion": "0.4.0",
+    "name": "bridge-network",
+    "type": "bridge",
+    "bridge": "br-001",
+    "isGateway": true,
+    "ipMasq": true,
+    "hairpinMode": true,
+    "ipam": {
+      "type": "host-local",
+      "subnet": "10.0.0.0/24",
+      "routes": [{"dst": "0.0.0.0/0"}]
+    }
+  }'
+----
+
+. Run the following command to apply the `NetworkAttachmentDefinition` CR to your {product-title} cluster:
++
+[source,terminal]
+----
+$ oc apply -f bridge-nad.yaml
+----
+
+.  Verify that the `NetworkAttachmentDefinition` CR has been created successfully by running the following command:
++
+[source,terminal]
+----
+$ oc get network-attachment-definitions
+----
++
+.Example output
+
+[source,terminal]
+----
+NAME             AGE
+bridge-network   15s
+----
+
+. Using the following YAML example, create a file named `ipvlan-additional-network-configuration.yaml` for the IPVLAN additional network configuration:
++
+[source,yaml]
+----
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: ipvlan-net
+  namespace: test-namespace
+spec:
+  config: '{
+    "cniVersion": "0.3.1",
+    "name": "ipvlan-net",
+    "type": "ipvlan",
+    "master": "ext0", <1>
+    "mode": "l3",
+    "linkInContainer": true, <2>
+    "ipam": {"type": "whereabouts", "ipRanges": [{"range": "10.0.0.0/24"}]}
+  }'
+----
++
+<1> Specifies the ethernet interface to associate with the network attachment. This is subsequently configured in the pod networks annotation.
+<2> Specifies that the master interface is in the container network namespace.
+
+. Apply the YAML file by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f ipvlan-additional-network-configuration.yaml
+----
+
+. Verify that the `NetworkAttachmentDefinition` CR has been created successfully by running the following command:
++
+[source,terminal]
+----
+$ oc get network-attachment-definitions
+----
++
+.Example output
+
+[source,terminal]
+----
+NAME             AGE
+bridge-network   87s
+ipvlan-net       9s
+----
+
+. Using the following YAML example, create a file named `pod-a.yaml` for the pod definition:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-a
+  namespace: test-namespace
+  annotations:
+    k8s.v1.cni.cncf.io/networks: '[
+      {
+        "name": "bridge-network",
+        "interface": "ext0" <1>
+      },
+      {
+        "name": "ipvlan-net",
+        "interface": "ext1"
+      }
+    ]'
+spec:
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+  containers:
+  - name: test-pod
+    image: quay.io/openshifttest/hello-sdn@sha256:c89445416459e7adea9a5a416b3365ed3d74f2491beb904d61dc8d1eb89a72a4
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop: [ALL]
+----
++
+<1> Specifies the name to be used as the master for the IPVLAN interface.
+
+. Apply the YAML file by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f pod-a.yaml
+----
+
+. Verify that the pod is running by using the following command:
++
+[source,terminal]
+----
+$ oc get pod -n test-namespace
+----
++
+.Example output
++
+[source,terminal]
+----
+NAME    READY   STATUS    RESTARTS   AGE
+pod-a   1/1     Running   0          2m36s
+----
+
+. Show network interface information about the `pod-a` resource within the `test-namespace` by running the following command:
++
+[source,terminal]
+----
+$ oc exec -n test-namespace pod-a -- ip a
+----
++
+.Example output
++
+[source,terminal]
+----
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host
+       valid_lft forever preferred_lft forever
+3: eth0@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default
+    link/ether 0a:58:0a:d9:00:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
+    inet 10.217.0.93/23 brd 10.217.1.255 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::488b:91ff:fe84:a94b/64 scope link
+       valid_lft forever preferred_lft forever
+4: ext0@if107: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
+    link/ether be:da:bd:7e:f4:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
+    inet 10.0.0.2/24 brd 10.0.0.255 scope global ext0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::bcda:bdff:fe7e:f437/64 scope link
+       valid_lft forever preferred_lft forever
+5: ext1@ext0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
+    link/ether be:da:bd:7e:f4:37 brd ff:ff:ff:ff:ff:ff
+    inet 10.0.0.1/24 brd 10.0.0.255 scope global ext1
+       valid_lft forever preferred_lft forever
+    inet6 fe80::beda:bd00:17e:f437/64 scope link
+       valid_lft forever preferred_lft forever
+----
++
+This output shows that the network interface `ext1` is associated with the physical interface `ext0`.
\ No newline at end of file
diff --git a/modules/nw-multus-create-multiple-vlans-sriov.adoc b/modules/nw-multus-create-multiple-vlans-sriov.adoc
new file mode 100644
index 000000000000..85825b2cb717
--- /dev/null
+++ b/modules/nw-multus-create-multiple-vlans-sriov.adoc
@@ -0,0 +1,263 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-additional-network.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-multus-create-multiple-vlans-sriov_{context}"]
+= Creating multiple VLANs on SR-IOV VFs
+
+An example use case for utilizing this feature is to create multiple VLANs based on SR-IOV VFs. To do so, begin by creating an SR-IOV network and then define the network attachments for the VLAN interfaces.
+
+The following example shows how to configure the setup illustrated in this diagram.
+
+.Creating VLANs
+image::345_OpenShift_config_additional_network_0823.png[Creating VLANs]
+
+.Prerequisites
+* You installed the OpenShift CLI (`oc`).
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have installed the SR-IOV Network Operator.
+
+.Procedure
+
+. Create a dedicated container namespace where you want to deploy your pod by using the following command:
++
+[source,terminal]
+----
+$ oc new-project test-namespace
+----
+. Create an SR-IOV node policy:
+
+.. Create an `SriovNetworkNodePolicy` object, and then save the YAML in the `sriov-node-network-policy.yaml` file:
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+ name: sriovnic
+ namespace: openshift-sriov-network-operator
+spec:
+ deviceType: netdevice
+ isRdma: false
+ needVhostNet: true
+ nicSelector:
+   vendor: "15b3" <1>
+   deviceID: "101b" <2>
+   rootDevices: ["00:05.0"]
+ numVfs: 10
+ priority: 99
+ resourceName: sriovnic
+ nodeSelector:
+    feature.node.kubernetes.io/network-sriov.capable: "true"
+----
++
+[NOTE]
+====
+The SR-IOV network node policy configuration example, with the setting `deviceType: netdevice`, is tailored specifically for Mellanox Network Interface Cards (NICs).
+====
++
+<1> The vendor hexadecimal code of the SR-IOV network device. The value `15b3` is associated with a Mellanox NIC.
+<2> The device hexadecimal code of the SR-IOV network device.
+
+.. Apply the YAML by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f sriov-node-network-policy.yaml
+----
++
+[NOTE]
+====
+Applying this might take some time due to the node requiring a reboot.
+====
+
+. Create an SR-IOV network:
+
+.. Create the `SriovNetwork` custom resource (CR) for the additional SR-IOV network attachment as in the following example CR. Save the YAML as the file `sriov-network-attachment.yaml`:
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetwork
+metadata:
+ name: sriov-network
+ namespace: openshift-sriov-network-operator
+spec:
+ networkNamespace: test-namespace
+ resourceName: sriovnic
+ spoofChk: "off"
+ trust: "on"
+----
+
+.. Apply the YAML by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f sriov-network-attachment.yaml
+----
+
+. Create the VLAN additional network:
+
+.. Using the following YAML example, create a file named `ipvlan100-additional-network-configuration.yaml`:
++
+[source,yaml]
+----
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: vlan-100
+  namespace: test-namespace
+spec:
+  config: |
+    {
+      "cniVersion": "0.4.0",
+      "name": "vlan-100",
+      "plugins": [
+        {
+          "type": "vlan",
+          "master": "ext0", <1>
+          "mtu": 1500,
+          "vlanId": 100,
+          "linkInContainer": true, <2>
+          "ipam": {"type": "whereabouts", "ipRanges": [{"range": "1.1.1.0/24"}]}
+        }
+      ]
+    }
+----
++
+<1> The VLAN configuration needs to specify the master name. This can be configured in the pod networks annotation.
+<2> The `linkInContainer` parameter must be specified.
+
+.. Apply the YAML file by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f vlan100-additional-network-configuration.yaml
+----
+
+. Create a pod definition by using the earlier specified networks:
+
+..  Using the following YAML example, create a file named `pod-a.yaml` file:
++
+[NOTE]
+====
+The manifest below includes 2 resources:
+
+* Namespace with security labels
+* Pod definition with appropriate network annotation
+====
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-namespace
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
+    security.openshift.io/scc.podSecurityLabelSync: "false"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-pod
+  namespace: test-namespace
+  annotations:
+    k8s.v1.cni.cncf.io/networks: '[
+      {
+        "name": "sriov-network",
+        "namespace": "test-namespace",
+        "interface": "ext0" <1>
+      },
+      {
+        "name": "vlan-100",
+        "namespace": "test-namespace",
+        "interface": "ext0.100"
+      }
+    ]'
+spec:
+  securityContext:
+    runAsNonRoot: true
+  containers:
+    - name: nginx-container
+      image: nginxinc/nginx-unprivileged:latest
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop: ["ALL"]
+      ports:
+        - containerPort: 80
+      seccompProfile:
+        type: "RuntimeDefault"
+----
++
+<1> The name to be used as the master for the VLAN interface.
+
+.. Apply the YAML file by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f pod-a.yaml
+----
+
+. Get detailed information about the `nginx-pod` within the `test-namespace` by running the following command:
++
+[source,terminal]
+----
+$ oc describe pods nginx-pod -n test-namespace
+----
++
+.Example output
++
+[source,terminal]
+----
+Name:         nginx-pod
+Namespace:    test-namespace
+Priority:     0
+Node:         worker-1/10.46.186.105
+Start Time:   Mon, 14 Aug 2023 16:23:13 -0400
+Labels:       <none>
+Annotations:  k8s.ovn.org/pod-networks:
+                {"default":{"ip_addresses":["10.131.0.26/23"],"mac_address":"0a:58:0a:83:00:1a","gateway_ips":["10.131.0.1"],"routes":[{"dest":"10.128.0.0...
+              k8s.v1.cni.cncf.io/network-status:
+                [{
+                    "name": "ovn-kubernetes",
+                    "interface": "eth0",
+                    "ips": [
+                        "10.131.0.26"
+                    ],
+                    "mac": "0a:58:0a:83:00:1a",
+                    "default": true,
+                    "dns": {}
+                },{
+                    "name": "test-namespace/sriov-network",
+                    "interface": "ext0",
+                    "mac": "6e:a7:5e:3f:49:1b",
+                    "dns": {},
+                    "device-info": {
+                        "type": "pci",
+                        "version": "1.0.0",
+                        "pci": {
+                            "pci-address": "0000:d8:00.2"
+                        }
+                    }
+                },{
+                    "name": "test-namespace/vlan-100",
+                    "interface": "ext0.100",
+                    "ips": [
+                        "1.1.1.1"
+                    ],
+                    "mac": "6e:a7:5e:3f:49:1b",
+                    "dns": {}
+                }]
+              k8s.v1.cni.cncf.io/networks:
+                [ { "name": "sriov-network", "namespace": "test-namespace", "interface": "ext0" }, { "name": "vlan-100", "namespace": "test-namespace", "i...
+              openshift.io/scc: privileged
+Status:       Running
+IP:           10.131.0.26
+IPs:
+  IP:  10.131.0.26
+----
diff --git a/modules/nw-multus-create-network-apply.adoc b/modules/nw-multus-create-network-apply.adoc
index 8c6103480ee9..b1b9c9c99e2a 100644
--- a/modules/nw-multus-create-network-apply.adoc
+++ b/modules/nw-multus-create-network-apply.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-create-network-apply_{context}"]
 = Creating an additional network attachment by applying a YAML manifest
 
diff --git a/modules/nw-multus-create-network.adoc b/modules/nw-multus-create-network.adoc
index b5b2177a7ddf..68553224159d 100644
--- a/modules/nw-multus-create-network.adoc
+++ b/modules/nw-multus-create-network.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-create-network_{context}"]
 = Creating an additional network attachment with the Cluster Network Operator
 
diff --git a/modules/nw-multus-delete-network.adoc b/modules/nw-multus-delete-network.adoc
index 857ad601aaa1..f4fe4f506c5c 100644
--- a/modules/nw-multus-delete-network.adoc
+++ b/modules/nw-multus-delete-network.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/remove-additional-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-delete-network_{context}"]
 = Removing an additional network attachment definition
 
diff --git a/modules/nw-multus-edit-network.adoc b/modules/nw-multus-edit-network.adoc
index 457177ba2039..88cb7fc34820 100644
--- a/modules/nw-multus-edit-network.adoc
+++ b/modules/nw-multus-edit-network.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/edit-additional-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-edit-network_{context}"]
 = Modifying an additional network attachment definition
 
diff --git a/modules/nw-multus-host-device-object.adoc b/modules/nw-multus-host-device-object.adoc
index 1e70eb1e4145..bd4d62c02c93 100644
--- a/modules/nw-multus-host-device-object.adoc
+++ b/modules/nw-multus-host-device-object.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-multus-host-device-object_{context}"]
 = Configuration for a host device additional network
 
diff --git a/modules/nw-multus-ipam-object.adoc b/modules/nw-multus-ipam-object.adoc
index b6d21ba540a4..06a39f88727c 100644
--- a/modules/nw-multus-ipam-object.adoc
+++ b/modules/nw-multus-ipam-object.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
 // * networking/hardware_networks/configuring-sriov-net-attach.adoc
-// * virt/virtual_machines/vm_networking/virt-defining-an-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
 // Because the Cluster Network Operator abstracts the configuration for
 // Macvlan, including IPAM configuration, this must be provided as YAML
@@ -13,7 +13,7 @@ ifeval::["{context}" == "configuring-sriov-net-attach"]
 :sr-iov:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-multus-ipam-object_{context}"]
 = Configuration of IP address assignment for an additional network
 
@@ -240,3 +240,74 @@ Whereabouts can be used for both IPv4 and IPv6 addresses.
 ifdef::sr-iov[]
 :!sr-iov:
 endif::[]
+
+[id="nw-multus-creating-whereabouts-reconciler-daemon-set_{context}"]
+== Creating a Whereabouts reconciler daemon set
+
+The Whereabouts reconciler is responsible for managing dynamic IP address assignments for the pods within a cluster using the Whereabouts IP Address Management (IPAM) solution. It ensures that each pods gets a unique IP address from the specified IP address range. It also handles IP address releases when pods are deleted or scaled down.
+
+[NOTE]
+====
+You can also use a `NetworkAttachmentDefinition` custom resource for dynamic IP address assignment.
+====
+
+The Whereabouts reconciler daemon set is automatically created when you configure an additional network through the Cluster Network Operator. It is not automatically created when you configure an additional network from a YAML manifest.
+
+To trigger the deployment of the Whereabouts reconciler daemonset, you must manually create a `whereabouts-shim` network attachment by editing the Cluster Network Operator custom resource file.
+
+Use the following procedure to deploy the Whereabouts reconciler daemonset.
+
+.Procedure
+
+. Edit the `Network.operator.openshift.io` custom resource (CR) by running the following command:
++
+[source,terminal]
+----
+$ oc edit network.operator.openshift.io cluster
+----
+
+. Modify the `additionalNetworks` parameter in the CR to add the `whereabouts-shim` network attachment definition. For example:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
+  additionalNetworks:
+  - name: whereabouts-shim
+    namespace: default
+    rawCNIConfig: |-
+      {
+       "name": "whereabouts-shim",
+       "cniVersion": "0.3.1",
+       "type": "bridge",
+       "ipam": {
+         "type": "whereabouts"
+       }
+      }
+    type: Raw
+----
+
+. Save the file and exit the text editor.
+
+. Verify that the `whereabouts-reconciler` daemon set deployed successfully by running the following command:
++
+[source,terminal]
+----
+$ oc get all -n openshift-multus | grep whereabouts-reconciler
+----
++
+.Example output
++
+[source,terminal]
+----
+pod/whereabouts-reconciler-jnp6g 1/1 Running 0 6s
+pod/whereabouts-reconciler-k76gg 1/1 Running 0 6s
+pod/whereabouts-reconciler-k86t9 1/1 Running 0 6s
+pod/whereabouts-reconciler-p4sxw 1/1 Running 0 6s
+pod/whereabouts-reconciler-rvfdv 1/1 Running 0 6s
+pod/whereabouts-reconciler-svzw9 1/1 Running 0 6s
+daemonset.apps/whereabouts-reconciler 6 6 6 6 6 kubernetes.io/os=linux 6s
+----
\ No newline at end of file
diff --git a/modules/nw-multus-ipvlan-object.adoc b/modules/nw-multus-ipvlan-object.adoc
index bc71af986bd7..d754233e9966 100644
--- a/modules/nw-multus-ipvlan-object.adoc
+++ b/modules/nw-multus-ipvlan-object.adoc
@@ -4,7 +4,7 @@
 
 //37.1. IPVLAN overview
 // https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/getting-started-with-ipvlan_configuring-and-managing-networking#ipvlan-overview_getting-started-with-ipvlan
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="nw-multus-ipvlan-object_{context}"]
 = Configuration for an IPVLAN additional network
@@ -44,6 +44,10 @@ The following object describes the configuration parameters for the IPVLAN CNI p
 |`integer`
 |Optional: Set the maximum transmission unit (MTU) to the specified value. The default value is automatically set by the kernel.
 
+|`linkInContainer`
+|`boolean`
+|Optional: Specifies whether the master interface is in the container network namespace or the main network namespace. Set the value to `true` to request the use of a container namespace master interface.
+
 |====
 
 [NOTE]
@@ -65,6 +69,7 @@ The following example configures an additional network named `ipvlan-net`:
   "name": "ipvlan-net",
   "type": "ipvlan",
   "master": "eth1",
+  "linkInContainer": false,
   "mode": "l3",
   "ipam": {
     "type": "static",
diff --git a/modules/nw-multus-macvlan-object.adoc b/modules/nw-multus-macvlan-object.adoc
index b9a75cbb8b23..5f6c357b4ba7 100644
--- a/modules/nw-multus-macvlan-object.adoc
+++ b/modules/nw-multus-macvlan-object.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-additional-network.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-multus-macvlan-object_{context}"]
 = Configuration for a MACVLAN additional network
 
@@ -40,6 +40,10 @@ The following object describes the configuration parameters for the macvlan CNI
 |`string`
 |Optional: The maximum transmission unit (MTU) to the specified value. The default value is automatically set by the kernel.
 
+|`linkInContainer`
+|`boolean`
+|Optional: Specifies whether the master interface is in the container network namespace or the main network namespace. Set the value to `true` to request the use of a container namespace master interface.
+
 |====
 
 [NOTE]
@@ -59,6 +63,7 @@ The following example configures an additional network named `macvlan-net`:
   "name": "macvlan-net",
   "type": "macvlan",
   "master": "eth1",
+  "linkInContainer": false,
   "mode": "bridge",
   "ipam": {
     "type": "dhcp"
diff --git a/modules/nw-multus-remove-pod.adoc b/modules/nw-multus-remove-pod.adoc
index 4fbe7471a544..b22b5157c303 100644
--- a/modules/nw-multus-remove-pod.adoc
+++ b/modules/nw-multus-remove-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/multiple_networks/removing-pod.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-multus-remove-pod_{context}"]
 = Removing a pod from an additional network
 
diff --git a/modules/nw-multus-tap-object.adoc b/modules/nw-multus-tap-object.adoc
new file mode 100644
index 000000000000..1648b3f7f6d2
--- /dev/null
+++ b/modules/nw-multus-tap-object.adoc
@@ -0,0 +1,160 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple_networks/configuring-additional-network.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="nw-multus-tap-object_{context}"]
+= Configuration for a TAP additional network
+
+The following object describes the configuration parameters for the TAP CNI
+plugin:
+
+.TAP CNI plugin JSON configuration object
+[cols=".^2,.^2,.^6",options="header"]
+|====
+|Field|Type|Description
+
+|`cniVersion`
+|`string`
+|The CNI specification version. The `0.3.1` value is required.
+
+|`name`
+|`string`
+|The value for the `name` parameter you provided previously for the CNO configuration.
+
+|`type`
+|`string`
+|The name of the CNI plugin to configure: `tap`.
+
+|`mac`
+|`string`
+|Optional: Request the specified MAC address for the interface.
+
+|`mtu`
+|`integer`
+|Optional: Set the maximum transmission unit (MTU) to the specified value. The default value is automatically set by the kernel.
+
+|`selinuxcontext`
+|`string`
+a|Optional: The SELinux context to associate with the tap device.
+
+[NOTE]
+====
+The value `system_u:system_r:container_t:s0` is required for {product-title}.
+====
+
+|`multiQueue`
+|`boolean`
+|Optional: Set to `true` to enable multi-queue.
+
+|`owner`
+|`integer`
+|Optional: The user owning the tap device.
+
+|`group`
+|`integer`
+|Optional: The group owning the tap device.
+
+|`bridge`
+|`string`
+|Optional: Set the tap device as a port of an already existing bridge.
+|====
+
+[id="nw-multus-tap-config-example_{context}"]
+== Tap configuration example
+
+The following example configures an additional network named `mynet`:
+
+[source,json]
+----
+{
+ "name": "mynet",
+ "cniVersion": "0.3.1",
+ "type": "tap",
+ "mac": "00:11:22:33:44:55",
+ "mtu": 1500,
+ "selinuxcontext": "system_u:system_r:container_t:s0",
+ "multiQueue": true,
+ "owner": 0,
+ "group": 0
+ "bridge": "br1"
+}
+----
+
+[id="nw-multus-enable-container_use_devices_{context}"]
+
+== Setting SELinux boolean for the TAP CNI plugin
+
+To create the tap device with the `container_t` SELinux context, enable the `container_use_devices` boolean on the host by using the Machine Config Operator (MCO).
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Create a new YAML file named, such as `setsebool-container-use-devices.yaml`, with the following details:
++
+[source, yaml]
+----
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-worker-setsebool
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+      - enabled: true
+        name: setsebool.service
+        contents: |
+          [Unit]
+          Description=Set SELinux boolean for the TAP CNI plugin
+          Before=kubelet.service
+
+          [Service]
+          Type=oneshot
+          ExecStart=/usr/sbin/setsebool container_use_devices=on
+          RemainAfterExit=true
+
+          [Install]
+          WantedBy=multi-user.target graphical.target
+----
++
+
+. Create the new `MachineConfig` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f setsebool-container-use-devices.yaml
+----
++
+[NOTE]
+====
+Applying any changes to the `MachineConfig` object causes all affected nodes to gracefully reboot after the change is applied. This update can take some time to be applied.
+====
++
+. Verify the change is applied by running the following command:
++
+[source,terminal]
+----
+$ oc get machineconfigpools
+----
++
+.Expected output
++
+[source,terminal,options="nowrap",role="white-space-pre"]
+----
+NAME        CONFIG                                                UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
+master      rendered-master-e5e0c8e8be9194e7c5a882e047379cfa      True      False      False      3              3                   3                     0                      7d2h
+worker      rendered-worker-d6c9ca107fba6cd76cdcbfcedcafa0f2      True      False      False      3              3                   3                     0                      7d
+----
++
+[NOTE]
+====
+All nodes should be in the updated and ready state.
+====
diff --git a/modules/nw-multus-vlan-object.adoc b/modules/nw-multus-vlan-object.adoc
index d1c23a3b753a..180f8ee797b0 100644
--- a/modules/nw-multus-vlan-object.adoc
+++ b/modules/nw-multus-vlan-object.adoc
@@ -4,7 +4,7 @@
 
 //37.1. VLAN overview
 //
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-multus-vlan-object_{context}"]
 = Configuration for an VLAN additional network
 
@@ -49,7 +49,7 @@ The following object describes the configuration parameters for the VLAN CNI plu
 
 |`linkInContainer`
 |`boolean`
-|Optional: Specifies if the master interface is in the container network namespace or the main network namespace.
+|Optional: Specifies whether the master interface is in the container network namespace or the main network namespace. Set the value to `true` to request the use of a container namespace master interface.
 
 |====
 
diff --git a/modules/nw-mutual-tls-auth.adoc b/modules/nw-mutual-tls-auth.adoc
index 407b4789be94..2a7db9c7f441 100644
--- a/modules/nw-mutual-tls-auth.adoc
+++ b/modules/nw-mutual-tls-auth.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ingress-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id=nw-mutual-tls-auth_{context}]
 = Configuring mutual TLS authentication
 
diff --git a/modules/nw-network-flows-create.adoc b/modules/nw-network-flows-create.adoc
index 0b95c1d4debd..36135faa3f48 100644
--- a/modules/nw-network-flows-create.adoc
+++ b/modules/nw-network-flows-create.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/tracking-network-flows.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-network-flows-create_{context}"]
 = Adding destinations for network flows collectors
 
@@ -65,7 +65,7 @@ $ for pod in $(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-node -o js
   do ;
     echo;
     echo $pod;
-    oc -n openshift-ovn-kubernetes exec -c ovnkube-node $pod \
+    oc -n openshift-ovn-kubernetes exec -c ovnkube-controller $pod \
       -- bash -c 'for type in ipfix sflow netflow ; do ovs-vsctl find $type ; done';
 done
 ----
diff --git a/modules/nw-network-flows-delete.adoc b/modules/nw-network-flows-delete.adoc
index 3581197329ed..bc1bfbc9cefc 100644
--- a/modules/nw-network-flows-delete.adoc
+++ b/modules/nw-network-flows-delete.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/tracking-network-flows.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-network-flows-delete_{context}"]
 = Deleting all destinations for network flows collectors
 
diff --git a/modules/nw-network-observability-operator.adoc b/modules/nw-network-observability-operator.adoc
index 8fb8ec331221..f07d20ef1933 100644
--- a/modules/nw-network-observability-operator.adoc
+++ b/modules/nw-network-observability-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/network_observability/understanding-network-observability-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-network-observability-operator_{context}"]
 = Viewing statuses
 
@@ -62,7 +62,7 @@ netobserv-ebpf-agent-xf5jh   1/1     Running   0          151m
 
 `netobserv-ebpf-agent` pods monitor network interfaces of the nodes to get flows and send them to `flowlogs-pipeline` pods.
 
-. If you are using a Loki Operator, check the status of pods running in the `openshift-operators-redhat` namespace by entering the following command:
+. If you are using the {loki-op}, check the status of pods running in the `openshift-operators-redhat` namespace by entering the following command:
 +
 [source,terminal]
 ----
@@ -87,4 +87,4 @@ lokistack-querier-66747dc666-cjr45                  1/1     Running   0
 lokistack-querier-66747dc666-xh8rq                  1/1     Running   0          18h
 lokistack-query-frontend-85c6db4fbd-b2xfb           1/1     Running   0          18h
 lokistack-query-frontend-85c6db4fbd-jm94f           1/1     Running   0          18h
-----
\ No newline at end of file
+----
diff --git a/modules/nw-networking-glossary-terms.adoc b/modules/nw-networking-glossary-terms.adoc
index 1acfc747451e..48a133d1403d 100644
--- a/modules/nw-networking-glossary-terms.adoc
+++ b/modules/nw-networking-glossary-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/understanding-networking.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-networking-glossary-terms_{context}"]
 = Glossary of common terms for {product-title} networking
 
diff --git a/modules/nw-networkpolicy-about.adoc b/modules/nw-networkpolicy-about.adoc
index eaa91fd2b69b..9fd94366fada 100644
--- a/modules/nw-networkpolicy-about.adoc
+++ b/modules/nw-networkpolicy-about.adoc
@@ -3,7 +3,7 @@
 // * networking/network_policy/about-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-networkpolicy-about_{context}"]
 = About network policy
 
@@ -21,7 +21,7 @@ By default, all pods in a project are accessible from other pods and network end
 
 If a pod is matched by selectors in one or more `NetworkPolicy` objects, then the pod will accept only connections that are allowed by at least one of those `NetworkPolicy` objects. A pod that is not selected by any `NetworkPolicy` objects is fully accessible.
 
-A network policy applies to only the TCP, UDP, and SCTP protocols. Other protocols are not affected.
+A network policy applies to only the TCP, UDP, ICMP, and SCTP protocols. Other protocols are not affected.
 
 The following example `NetworkPolicy` objects demonstrate supporting different scenarios:
 
@@ -144,12 +144,12 @@ spec:
   - from:
     - namespaceSelector:
         matchLabels:
-          policy-group.network.openshift.io/ingress:""<1>
+          policy-group.network.openshift.io/ingress: ""<1>
   podSelector: {}
   policyTypes:
   - Ingress
 ----
-<1> `policy-group.network.openshift.io/ingress:""` label supports both Openshift-SDN and OVN-Kubernetes.
+<1> `policy-group.network.openshift.io/ingress:""` label supports both OpenShift-SDN and OVN-Kubernetes.
 
 
 [id="nw-networkpolicy-allow-from-hostnetwork_{context}"]
@@ -168,8 +168,8 @@ spec:
   - from:
     - namespaceSelector:
         matchLabels:
-          policy-group.network.openshift.io/host-network:""
+          policy-group.network.openshift.io/host-network: ""
   podSelector: {}
   policyTypes:
   - Ingress
-----
\ No newline at end of file
+----
diff --git a/modules/nw-networkpolicy-allow-application-all-namespaces.adoc b/modules/nw-networkpolicy-allow-application-all-namespaces.adoc
index 0e8181e1862d..3d485d1726b0 100644
--- a/modules/nw-networkpolicy-allow-application-all-namespaces.adoc
+++ b/modules/nw-networkpolicy-allow-application-all-namespaces.adoc
@@ -1,22 +1,20 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-multi-network-policy.adoc
+// * networking/network_policy/creating-network-policy.adoc
+
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-allow-traffic-from-all-applications_{context}"]
 = Creating a {name} policy allowing traffic to an application from all namespaces
 
-
 [NOTE]
 ====
 If you log in with a user with the `cluster-admin` role, then you can create a network policy in any namespace in the cluster.
@@ -26,14 +24,7 @@ Follow this procedure to configure a policy that allows traffic from all pods in
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace that the {name} policy applies to.
@@ -145,4 +136,10 @@ Commercial support is available at
 <p><em>Thank you for using nginx.</em></p>
 </body>
 </html>
-----
\ No newline at end of file
+----
+
+ifdef::multi[]
+:!multi:
+endif::multi[]
+:!name:
+:!role:
diff --git a/modules/nw-networkpolicy-allow-application-particular-namespace.adoc b/modules/nw-networkpolicy-allow-application-particular-namespace.adoc
index 72ca4ed291ed..f540bcad2479 100644
--- a/modules/nw-networkpolicy-allow-application-particular-namespace.adoc
+++ b/modules/nw-networkpolicy-allow-application-particular-namespace.adoc
@@ -1,18 +1,17 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-multi-network-policy.adoc
+// * networking/network_policy/creating-network-policy.adoc
+
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-allow-traffic-from-a-namespace_{context}"]
 = Creating a {name} policy allowing traffic to an application from a namespace
 
@@ -28,14 +27,7 @@ Follow this procedure to configure a policy that allows traffic to a pod with th
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace that the {name} policy applies to.
@@ -195,4 +187,8 @@ Commercial support is available at
 </html>
 ----
 
-
+ifdef::multi[]
+:!multi:
+endif::multi[]
+:!name:
+:!role:
diff --git a/modules/nw-networkpolicy-allow-external-clients.adoc b/modules/nw-networkpolicy-allow-external-clients.adoc
index 1b69f0d6ea5a..1eb97514e8d5 100644
--- a/modules/nw-networkpolicy-allow-external-clients.adoc
+++ b/modules/nw-networkpolicy-allow-external-clients.adoc
@@ -1,18 +1,17 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-multi-network-policy.adoc
+// * networking/network_policy/creating-network-policy.adoc
+
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-allow-external-clients_{context}"]
 = Creating a {name} policy to allow traffic from external clients
 
@@ -27,14 +26,7 @@ Follow this procedure to configure a policy that allows external service from th
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace that the {name} policy applies to.
@@ -91,4 +83,10 @@ endif::multi[]
 
 This policy allows traffic from all resources, including external traffic as illustrated in the following diagram:
 
-image::292_OpenShift_Configuring_multi-network_policy_1122.png[Allow traffic from external clients]
\ No newline at end of file
+image::292_OpenShift_Configuring_multi-network_policy_1122.png[Allow traffic from external clients]
+
+ifdef::multi[]
+:!multi:
+endif::multi[]
+:!name:
+:!role:
diff --git a/modules/nw-networkpolicy-audit-concept.adoc b/modules/nw-networkpolicy-audit-concept.adoc
index 5b133c262735..20bfc0104f8d 100644
--- a/modules/nw-networkpolicy-audit-concept.adoc
+++ b/modules/nw-networkpolicy-audit-concept.adoc
@@ -1,3 +1,8 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
+
+:_mod-docs-content-type: CONCEPT
 [id="nw-networkpolicy-audit-concept_{context}"]
 = Audit logging
 
@@ -28,7 +33,9 @@ The logging format is compatible with syslog as defined by RFC5424. The syslog f
 .Example ACL deny log entry for a network policy
 [source,text]
 ----
-2021-06-13T19:33:11.590Z|00005|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:80:02:39,dl_dst=0a:58:0a:80:02:37,nw_src=10.128.2.57,nw_dst=10.128.2.55,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
+2023-11-02T16:28:54.139Z|00004|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:Ingress", verdict=drop, severity=alert, direction=to-lport: tcp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:01,dl_dst=0a:58:0a:81:02:23,nw_src=10.131.0.39,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=62,nw_frag=no,tp_src=58496,tp_dst=8080,tcp_flags=syn
+2023-11-02T16:28:55.187Z|00005|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:Ingress", verdict=drop, severity=alert, direction=to-lport: tcp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:01,dl_dst=0a:58:0a:81:02:23,nw_src=10.131.0.39,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=62,nw_frag=no,tp_src=58496,tp_dst=8080,tcp_flags=syn
+2023-11-02T16:28:57.235Z|00006|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:Ingress", verdict=drop, severity=alert, direction=to-lport: tcp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:01,dl_dst=0a:58:0a:81:02:23,nw_src=10.131.0.39,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=62,nw_frag=no,tp_src=58496,tp_dst=8080,tcp_flags=syn
 ----
 
 The following table describes namespace annotation values:
diff --git a/modules/nw-networkpolicy-audit-configure.adoc b/modules/nw-networkpolicy-audit-configure.adoc
index 2578b105c5f3..5549dba1cfe2 100644
--- a/modules/nw-networkpolicy-audit-configure.adoc
+++ b/modules/nw-networkpolicy-audit-configure.adoc
@@ -1,4 +1,8 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-audit-configure_{context}"]
 = Configuring egress firewall and network policy auditing for a cluster
 
@@ -62,18 +66,6 @@ EOF
 namespace/verify-audit-logging created
 ----
 
-.. Enable audit logging:
-+
-[source,terminal]
-----
-$ oc annotate namespace verify-audit-logging k8s.ovn.org/acl-logging='{ "deny": "alert", "allow": "alert" }'
-----
-+
-[source,text]
-----
-namespace/verify-audit-logging annotated
-----
-
 .. Create network policies for the namespace:
 +
 [source,terminal]
@@ -94,19 +86,20 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: allow-from-same-namespace
+  namespace: verify-audit-logging
 spec:
   podSelector: {}
-  policyTypes: 
+  policyTypes:
    - Ingress
    - Egress
   ingress:
     - from:
         - podSelector: {}
-  egress: 
-    - to: 
-       - namespaceSelector: 
-          matchLabels: 
-            namespace: verify-audit-logging
+  egress:
+    - to:
+       - namespaceSelector:
+          matchLabels:
+            kubernetes.io/metadata.name: verify-audit-logging
 EOF
 ----
 +
@@ -220,10 +213,12 @@ $ for pod in $(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-node --no-
 .Example output
 [source,text]
 ----
-Defaulting container name to ovn-controller.
-Use 'oc describe pod/ovnkube-node-hdb8v -n openshift-ovn-kubernetes' to see all of the containers in this pod.
-2021-06-13T19:33:11.590Z|00005|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:80:02:39,dl_dst=0a:58:0a:80:02:37,nw_src=10.128.2.57,nw_dst=10.128.2.55,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
-2021-06-13T19:33:12.614Z|00006|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:80:02:39,dl_dst=0a:58:0a:80:02:37,nw_src=10.128.2.57,nw_dst=10.128.2.55,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
-2021-06-13T19:44:10.037Z|00007|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_allow-from-same-namespace_0", verdict=allow, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:80:02:3b,dl_dst=0a:58:0a:80:02:3a,nw_src=10.128.2.59,nw_dst=10.128.2.58,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
-2021-06-13T19:44:11.037Z|00008|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_allow-from-same-namespace_0", verdict=allow, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:80:02:3b,dl_dst=0a:58:0a:80:02:3a,nw_src=10.128.2.59,nw_dst=10.128.2.58,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
+2023-11-02T16:28:54.139Z|00004|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:Ingress", verdict=drop, severity=alert, direction=to-lport: tcp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:01,dl_dst=0a:58:0a:81:02:23,nw_src=10.131.0.39,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=62,nw_frag=no,tp_src=58496,tp_dst=8080,tcp_flags=syn
+2023-11-02T16:28:55.187Z|00005|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:Ingress", verdict=drop, severity=alert, direction=to-lport: tcp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:01,dl_dst=0a:58:0a:81:02:23,nw_src=10.131.0.39,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=62,nw_frag=no,tp_src=58496,tp_dst=8080,tcp_flags=syn
+2023-11-02T16:28:57.235Z|00006|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:Ingress", verdict=drop, severity=alert, direction=to-lport: tcp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:01,dl_dst=0a:58:0a:81:02:23,nw_src=10.131.0.39,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=62,nw_frag=no,tp_src=58496,tp_dst=8080,tcp_flags=syn
+2023-11-02T16:49:57.909Z|00028|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Egress:0", verdict=allow, severity=alert, direction=from-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+2023-11-02T16:49:57.909Z|00029|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Ingress:0", verdict=allow, severity=alert, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+2023-11-02T16:49:58.932Z|00030|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Egress:0", verdict=allow, severity=alert, direction=from-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+2023-11-02T16:49:58.932Z|00031|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Ingress:0", verdict=allow, severity=alert, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+
 ----
diff --git a/modules/nw-networkpolicy-audit-disable.adoc b/modules/nw-networkpolicy-audit-disable.adoc
index 4274e77b9d41..51aaf39d4a29 100644
--- a/modules/nw-networkpolicy-audit-disable.adoc
+++ b/modules/nw-networkpolicy-audit-disable.adoc
@@ -1,4 +1,8 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-audit-disable_{context}"]
 = Disabling egress firewall and network policy audit logging for a namespace
 
diff --git a/modules/nw-networkpolicy-audit-enable.adoc b/modules/nw-networkpolicy-audit-enable.adoc
index 844f1e9ee099..b8c9b91e4e62 100644
--- a/modules/nw-networkpolicy-audit-enable.adoc
+++ b/modules/nw-networkpolicy-audit-enable.adoc
@@ -1,4 +1,8 @@
-:_content-type: PROCEDURE
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-audit-enable_{context}"]
 = Enabling egress firewall and network policy audit logging for a namespace
 
@@ -64,5 +68,9 @@ $ for pod in $(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-node --no-
 .Example output
 [source,text]
 ----
-2021-06-13T19:33:11.590Z|00005|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:80:02:39,dl_dst=0a:58:0a:80:02:37,nw_src=10.128.2.57,nw_dst=10.128.2.55,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
+2023-11-02T16:49:57.909Z|00028|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Egress:0", verdict=allow, severity=alert, direction=from-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+2023-11-02T16:49:57.909Z|00029|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Ingress:0", verdict=allow, severity=alert, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+2023-11-02T16:49:58.932Z|00030|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Egress:0", verdict=allow, severity=alert, direction=from-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+2023-11-02T16:49:58.932Z|00031|acl_log(ovn_pinctrl0)|INFO|name="NP:verify-audit-logging:allow-from-same-namespace:Ingress:0", verdict=allow, severity=alert, direction=to-lport: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:22,dl_dst=0a:58:0a:81:02:23,nw_src=10.129.2.34,nw_dst=10.129.2.35,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0
+
 ----
diff --git a/modules/nw-networkpolicy-create-cli.adoc b/modules/nw-networkpolicy-create-cli.adoc
index 91202ad4ad12..0fbb7ab83394 100644
--- a/modules/nw-networkpolicy-create-cli.adoc
+++ b/modules/nw-networkpolicy-create-cli.adoc
@@ -6,16 +6,13 @@
 
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-create-cli_{context}"]
 = Creating a {name} policy using the CLI
 
@@ -30,14 +27,7 @@ endif::multi[]
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace that the {name} policy applies to.
@@ -239,9 +229,6 @@ multinetworkpolicy.k8s.cni.cncf.io/deny-by-default created
 endif::multi[]
 ----
 
-ifdef::ovn[]
-:!ovn:
-endif::ovn[]
 ifdef::multi[]
 :!multi:
 endif::multi[]
diff --git a/modules/nw-networkpolicy-create-ocm.adoc b/modules/nw-networkpolicy-create-ocm.adoc
index ada7415a1bcd..3aeaeacb6202 100644
--- a/modules/nw-networkpolicy-create-ocm.adoc
+++ b/modules/nw-networkpolicy-create-ocm.adoc
@@ -1,9 +1,10 @@
 // Module included in the following assemblies:
 //
 // * networking/network_policy/creating-network-policy.adoc
+// * networking/multiple_networks/configuring-multi-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-create-ocm_{context}"]
 = Creating a network policy using {cluster-manager}
 
@@ -33,7 +34,7 @@ To define granular rules describing the ingress or egress network traffic allowe
 
 . Optional: You can provide the label and selector for a specific pod if this policy applies only to one or more specific pods. If you do not select a specific pod, then this policy will be applicable to all pods on the cluster.
 
-. Optional: You can block all ingress and egress traffic by using the *Deny all ingress traffic* or *Deny all egress traffic* checkboxes. 
+. Optional: You can block all ingress and egress traffic by using the *Deny all ingress traffic* or *Deny all egress traffic* checkboxes.
 
 . You can also add any combination of ingress and egress rules, allowing you to specify the port, namespace, or IP blocks you want to approve.
 
diff --git a/modules/nw-networkpolicy-delete-cli.adoc b/modules/nw-networkpolicy-delete-cli.adoc
index c082bf78a5e0..5626c94cb738 100644
--- a/modules/nw-networkpolicy-delete-cli.adoc
+++ b/modules/nw-networkpolicy-delete-cli.adoc
@@ -1,20 +1,17 @@
 // Module included in the following assemblies:
 //
 // * networking/network_policy/deleting-network-policy.adoc
-// * post_installation_configuration/network-configuration.adoc
+// * networking/multiple_networks/configuring-multi-network-policy.adoc
 
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-delete-cli_{context}"]
 = Deleting a {name} policy using the CLI
 
@@ -29,14 +26,7 @@ endif::multi[]
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace where the {name} policy exists.
@@ -68,9 +58,6 @@ multinetworkpolicy.k8s.cni.cncf.io/default-deny deleted
 endif::multi[]
 ----
 
-ifdef::ovn[]
-:!ovn:
-endif::ovn[]
 ifdef::multi[]
 :!multi:
 endif::multi[]
diff --git a/modules/nw-networkpolicy-delete-ocm.adoc b/modules/nw-networkpolicy-delete-ocm.adoc
index f38af5d7523c..47c9010389d1 100644
--- a/modules/nw-networkpolicy-delete-ocm.adoc
+++ b/modules/nw-networkpolicy-delete-ocm.adoc
@@ -3,7 +3,7 @@
 // * networking/network_policy/deleting-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-delete-ocm_{context}"]
 = Deleting a network policy using {cluster-manager}
 
diff --git a/modules/nw-networkpolicy-deny-all-allowed.adoc b/modules/nw-networkpolicy-deny-all-allowed.adoc
index 6dee79f875c8..ba181b51b00b 100644
--- a/modules/nw-networkpolicy-deny-all-allowed.adoc
+++ b/modules/nw-networkpolicy-deny-all-allowed.adoc
@@ -1,18 +1,17 @@
 // Module included in the following assemblies:
 //
 // * networking/multiple_networks/configuring-multi-network-policy.adoc
+// * networking/network_policy/creating-network-policy.adoc
+
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-deny-all-multi-network-policy_{context}"]
 = Creating a default deny all {name} policy
 
@@ -25,14 +24,7 @@ If you log in with a user with the `cluster-admin` role, then you can create a n
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace that the {name} policy applies to.
@@ -68,8 +60,8 @@ endif::multi[]
 ----
 ifdef::multi[]
 <1> `namespace: default` deploys this policy to the `default` namespace.
-<2> `podSelector:` is empty, this means it matches all the pods. Therefore, the policy applies to all pods in the default namespace.
-<3> `network_name`: specifies the name of a network attachment definition.
+<2> `network_name`: specifies the name of a network attachment definition.
+<3> `podSelector:` is empty, this means it matches all the pods. Therefore, the policy applies to all pods in the default namespace.
 <4> There are no `ingress` rules specified. This causes incoming traffic to be dropped to all pods.
 endif::multi[]
 ifndef::multi[]
@@ -94,4 +86,10 @@ endif::multi[]
 ifdef::multi[]
 multinetworkpolicy.k8s.cni.cncf.io/deny-by-default created
 endif::multi[]
-----
\ No newline at end of file
+----
+
+ifdef::multi[]
+:!multi:
+endif::multi[]
+:!name:
+:!role:
diff --git a/modules/nw-networkpolicy-edit.adoc b/modules/nw-networkpolicy-edit.adoc
index 85d3c0397ab9..ff89f4f133ef 100644
--- a/modules/nw-networkpolicy-edit.adoc
+++ b/modules/nw-networkpolicy-edit.adoc
@@ -4,16 +4,13 @@
 
 :name: network
 :role: admin
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
 ifeval::["{context}" == "configuring-multi-network-policy"]
 :multi:
 :name: multi-network
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-edit_{context}"]
 = Editing a {name} policy
 
@@ -28,14 +25,7 @@ endif::multi[]
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-This mode is the default for OpenShift SDN.
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `{role}` privileges.
 * You are working in the namespace where the {name} policy exists.
@@ -99,9 +89,6 @@ where:
 `<namespace>`:: Optional: Specifies the namespace if the object is defined in a different namespace than the current namespace.
 --
 
-ifdef::ovn[]
-:!ovn:
-endif::ovn[]
 ifdef::multi[]
 :!multi:
 endif::multi[]
diff --git a/modules/nw-networkpolicy-multitenant-isolation.adoc b/modules/nw-networkpolicy-multitenant-isolation.adoc
index a32e080e9301..1af29fdaf64c 100644
--- a/modules/nw-networkpolicy-multitenant-isolation.adoc
+++ b/modules/nw-networkpolicy-multitenant-isolation.adoc
@@ -3,11 +3,7 @@
 // * networking/network_policy/multitenant-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-ifeval::[{product-version} >= 4.6]
-:ovn:
-endif::[]
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-multitenant-isolation_{context}"]
 = Configuring multitenant isolation by using network policy
 
@@ -16,13 +12,7 @@ project namespaces.
 
 .Prerequisites
 
-* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as
-ifndef::ovn[]
-the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
-ifdef::ovn[]
-the OVN-Kubernetes network provider or the OpenShift SDN network provider with `mode: NetworkPolicy` set.
-endif::ovn[]
+* Your cluster uses a network plugin that supports `NetworkPolicy` objects, such as the OVN-Kubernetes network plugin or the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You are logged in to the cluster with a user with `admin` privileges.
@@ -157,7 +147,3 @@ Spec:
   Not affecting egress traffic
   Policy Types: Ingress
 ----
-
-ifdef::ovn[]
-:!ovn:
-endif::ovn[]
diff --git a/modules/nw-networkpolicy-object.adoc b/modules/nw-networkpolicy-object.adoc
index bd324ecf3cf1..07cce68a97b4 100644
--- a/modules/nw-networkpolicy-object.adoc
+++ b/modules/nw-networkpolicy-object.adoc
@@ -5,8 +5,8 @@
 // * networking/network_policy/editing-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
+:_mod-docs-content-type: REFERENCE
 [id="nw-networkpolicy-object_{context}"]
-
 = Example NetworkPolicy object
 
 The following annotates an example NetworkPolicy object:
diff --git a/modules/nw-networkpolicy-optimize-ovn.adoc b/modules/nw-networkpolicy-optimize-ovn.adoc
index b917316a3772..401531bcd426 100644
--- a/modules/nw-networkpolicy-optimize-ovn.adoc
+++ b/modules/nw-networkpolicy-optimize-ovn.adoc
@@ -3,11 +3,11 @@
 // * networking/network_policy/about-network-policy.adoc
 
 [id="nw-networkpolicy-optimize-ovn_{context}"]
-= Optimizations for network policy with OpenShift OVN
+= Optimizations for network policy with OVN-Kubernetes network plugin
 
 When designing your network policy, refer to the following guidelines:
 
-* For network policies with the same `spec.podSelector` spec,  it is more efficient to use one network policy with multiple `ingress` or `egress` rules, than multiple network policies with subsets of `ingress` or `egress` rules.
+* For network policies with the same `spec.podSelector` spec, it is more efficient to use one network policy with multiple `ingress` or `egress` rules, than multiple network policies with subsets of `ingress` or `egress` rules.
 
 * Every `ingress` or `egress` rule based on the `podSelector` or `namespaceSelector` spec generates the number of OVS flows proportional to `number of pods selected by network policy + number of pods selected by ingress or egress rule`. Therefore, it is preferable to use the `podSelector` or `namespaceSelector` spec that can select as many pods as you need in one rule, instead of creating individual rules for every pod.
 +
@@ -18,18 +18,18 @@ For example, the following policy contains two rules:
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
- name: test-network-policy
+  name: test-network-policy
 spec:
   podSelector: {}
   ingress:
-    - from:
-       - podSelector:
-           matchLabels:
-             role: frontend
-    - from:
-       - podSelector:
-           matchLabels:
-             role: backend
+  - from:
+    - podSelector:
+        matchLabels:
+          role: frontend
+  - from:
+    - podSelector:
+        matchLabels:
+          role: backend
 ----
 +
 The following policy expresses those same two rules as one:
@@ -39,60 +39,66 @@ The following policy expresses those same two rules as one:
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
- name: test-network-policy
+  name: test-network-policy
 spec:
   podSelector: {}
   ingress:
-    - from:
-       - podSelector:
-           matchExpressions:
-             - {key: role, operator: In, values: [frontend, backend]}
+  - from:
+    - podSelector:
+        matchExpressions:
+        - {key: role, operator: In, values: [frontend, backend]}
 ----
 +
 The same guideline applies to the `spec.podSelector` spec. If you have the same `ingress` or `egress` rules for different network policies, it might be more efficient to create one network policy with a common `spec.podSelector` spec. For example, the following two policies have different rules:
 +
 [source,yaml]
 ----
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
- name: policy1
+  name: policy1
 spec:
- podSelector:
-   matchLabels:
-     role: db
+  podSelector:
+    matchLabels:
+      role: db
   ingress:
-    - from:
-       - podSelector:
-           matchLabels:
-             role: frontend
-
+  - from:
+    - podSelector:
+        matchLabels:
+          role: frontend
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
- name: policy2
+  name: policy2
 spec:
- podSelector:
-   matchLabels:
-     role: client
+  podSelector:
+    matchLabels:
+      role: client
   ingress:
-    - from:
-       - podSelector:
-           matchLabels:
-             role: frontend
+  - from:
+    - podSelector:
+        matchLabels:
+          role: frontend
 ----
 +
 The following network policy expresses those same two rules as one:
 +
 [source,yaml]
 ----
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
- name: policy3
+  name: policy3
 spec:
- podSelector:
-   matchExpressions:
-     - {key: role, operator: In, values: [db, client]}
+  podSelector:
+    matchExpressions:
+    - {key: role, operator: In, values: [db, client]}
   ingress:
-    - from:
-       - podSelector:
-           matchLabels:
-             role: frontend
+  - from:
+    - podSelector:
+        matchLabels:
+          role: frontend
 ----
 +
 You can apply this optimization when only multiple selectors are expressed as one. In cases where selectors are based on different labels, it may not be possible to apply this optimization. In those cases, consider applying some new labels for network policy optimization specifically.
diff --git a/modules/nw-networkpolicy-project-defaults.adoc b/modules/nw-networkpolicy-project-defaults.adoc
index c5bc56cd1347..ee005167c36a 100644
--- a/modules/nw-networkpolicy-project-defaults.adoc
+++ b/modules/nw-networkpolicy-project-defaults.adoc
@@ -4,7 +4,7 @@
 // * networking/configuring-networkpolicy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-project-defaults_{context}"]
 = Adding network policies to the new project template
 
@@ -13,7 +13,7 @@ As a cluster administrator, you can add network policies to the default template
 
 .Prerequisites
 
-* Your cluster uses a default CNI network provider that supports `NetworkPolicy` objects, such as the OpenShift SDN network provider with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
+* Your cluster uses a default CNI network plugin that supports `NetworkPolicy` objects, such as the OpenShift SDN network plugin with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
 * You installed the OpenShift CLI (`oc`).
 * You must log in to the cluster with a user with `cluster-admin` privileges.
 * You must have created a custom default project template for new projects.
diff --git a/modules/nw-networkpolicy-view-cli.adoc b/modules/nw-networkpolicy-view-cli.adoc
index 49c5ab312f29..331257d1526c 100644
--- a/modules/nw-networkpolicy-view-cli.adoc
+++ b/modules/nw-networkpolicy-view-cli.adoc
@@ -2,6 +2,7 @@
 //
 // * networking/network_policy/viewing-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
+// * networking/multiple_networks/configuring-multi-network-policy.adoc
 
 :name: network
 :role: admin
@@ -11,7 +12,7 @@ ifeval::["{context}" == "configuring-multi-network-policy"]
 :role: cluster-admin
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-view-cli_{context}"]
 = Viewing {name} policies using the CLI
 
diff --git a/modules/nw-networkpolicy-view-ocm.adoc b/modules/nw-networkpolicy-view-ocm.adoc
index cf86706fd5cb..c34718e6a4f1 100644
--- a/modules/nw-networkpolicy-view-ocm.adoc
+++ b/modules/nw-networkpolicy-view-ocm.adoc
@@ -3,7 +3,7 @@
 // * networking/network_policy/viewing-network-policy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-networkpolicy-view-ocm_{context}"]
 = Viewing network policies using {cluster-manager}
 
diff --git a/modules/nw-nodeport-service-range-edit.adoc b/modules/nw-nodeport-service-range-edit.adoc
index d070c441744a..5a2e4acdc7ac 100644
--- a/modules/nw-nodeport-service-range-edit.adoc
+++ b/modules/nw-nodeport-service-range-edit.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-node-port-service-range.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-nodeport-service-range-edit_{context}"]
 = Expanding the node port range
 
diff --git a/modules/nw-openstack-external-ccm.adoc b/modules/nw-openstack-external-ccm.adoc
index 0e2bee7135f6..e1e9b2fcea80 100644
--- a/modules/nw-openstack-external-ccm.adoc
+++ b/modules/nw-openstack-external-ccm.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_openstack/installing-openstack-cloud-config-reference.adoc
 // TODO: GitHub link clearance.
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-openstack-external-ccm_{context}"]
 = The OpenStack Cloud Controller Manager
 
@@ -36,9 +36,7 @@ cloud = openstack
 ...
 
 [LoadBalancer]
-use-octavia = true
-enabled = true <1>
+enabled = true
 ----
-<1> If the network is configured to use Kuryr, this value is `false`.
 
 The `clouds-value` value, `/etc/openstack/secret/clouds.yaml`, is mapped to the `openstack-cloud-credentials` config in the `openshift-cloud-controller-manager` namespace. You can modify the {rh-openstack} cloud in this file as you do any other `clouds.yaml` file.
diff --git a/modules/nw-openstack-hw-offload-testpmd-pod.adoc b/modules/nw-openstack-hw-offload-testpmd-pod.adoc
index b0fc3353da4b..f5f904bd39d0 100644
--- a/modules/nw-openstack-hw-offload-testpmd-pod.adoc
+++ b/modules/nw-openstack-hw-offload-testpmd-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-openstack-hw-offload-testpmd-pod_{context}"]
 = A test pod template for clusters that use OVS hardware offloading on OpenStack
 
@@ -39,7 +39,7 @@ spec:
         cpu: '2'
         memory: 1000Mi
     volumeMounts:
-      - mountPath: /dev/hugepages
+      - mountPath: /mnt/huge
         name: hugepage
         readOnly: False
   volumes:
diff --git a/modules/nw-openstack-ovs-dpdk-testpmd-pod.adoc b/modules/nw-openstack-ovs-dpdk-testpmd-pod.adoc
index 01cb9021e1b7..8bccf40e356b 100644
--- a/modules/nw-openstack-ovs-dpdk-testpmd-pod.adoc
+++ b/modules/nw-openstack-ovs-dpdk-testpmd-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-openstack-ovs-dpdk-testpmd-pod_{context}"]
 = A test pod template for clusters that use OVS-DPDK on OpenStack
 
@@ -42,7 +42,7 @@ spec:
         memory: 1000Mi
         openshift.io/dpdk1: 1
     volumeMounts:
-      - mountPath: /dev/hugepages
+      - mountPath: /mnt/huge
         name: hugepage
         readOnly: False
   runtimeClassName: performance-cnf-performanceprofile <2>
diff --git a/modules/nw-openstack-sr-iov-testpmd-pod.adoc b/modules/nw-openstack-sr-iov-testpmd-pod.adoc
index 28dc31f2a6c5..730149155727 100644
--- a/modules/nw-openstack-sr-iov-testpmd-pod.adoc
+++ b/modules/nw-openstack-sr-iov-testpmd-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/add-pod.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-openstack-ovs-sr-iov-testpmd-pod_{context}"]
 = A test pod template for clusters that use SR-IOV on OpenStack
 
diff --git a/modules/nw-operator-cr.adoc b/modules/nw-operator-cr.adoc
index 06f301bc3ab2..5f70267dc8ce 100644
--- a/modules/nw-operator-cr.adoc
+++ b/modules/nw-operator-cr.adoc
@@ -36,13 +36,13 @@ ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
 :ibm-cloud:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-operator-cr_{context}"]
 = Cluster Network Operator configuration
 
 The configuration for the cluster network is specified as part of the Cluster Network Operator (CNO) configuration and stored in a custom resource (CR) object that is named `cluster`. The CR specifies the fields for the `Network` API in the `operator.openshift.io` API group.
 
-The CNO configuration inherits the following fields during cluster installation from the `Network` API in the `Network.config.openshift.io` API group and these fields cannot be changed:
+The CNO configuration inherits the following fields during cluster installation from the `Network` API in the `Network.config.openshift.io` API group:
 
 `clusterNetwork`:: IP address pools from which pod IP addresses are allocated.
 `serviceNetwork`:: IP address pool for services.
@@ -52,7 +52,7 @@ The CNO configuration inherits the following fields during cluster installation
 ifdef::post-install-network-configuration,operator[]
 [NOTE]
 ====
-After cluster installation, you cannot modify the fields listed in the previous section.
+After cluster installation, you can only modify the `clusterNetwork` IP address range. The default network type can only be changed from OpenShift SDN to OVN-Kubernetes through migration.
 ====
 endif::[]
 ifndef::post-install-network-configuration[]
@@ -87,13 +87,6 @@ spec:
     hostPrefix: 23
 ----
 
-ifdef::operator[]
-This value is ready-only and inherited from the `Network.config.openshift.io` object named `cluster` during cluster installation.
-endif::operator[]
-ifndef::operator[]
-You can customize this field only in the `install-config.yaml` file before you create the manifests. The value is read-only in the manifest file.
-endif::operator[]
-
 |`spec.serviceNetwork`
 |`array`
 |A block of IP addresses for services. The OpenShift SDN and OVN-Kubernetes network plugins support only a single IP address block for the service network. For example:
@@ -137,7 +130,7 @@ The values for the `defaultNetwork` object are defined in the following table:
 
 |`type`
 |`string`
-|Either `OpenShiftSDN` or `OVNKubernetes`. The {openshift-networking} network plugin is selected during installation. This value cannot be changed after cluster installation.
+|Either `OpenShiftSDN` or `OVNKubernetes`. The {openshift-networking} network plugin is selected during installation. You can change this value by migrating from OpenShift SDN to OVN-Kubernetes. 
 [NOTE]
 ====
 {product-title} uses the OVN-Kubernetes network plugin by default.
@@ -208,13 +201,6 @@ endif::operator[]
 
 |====
 
-ifdef::operator[]
-[NOTE]
-====
-You can only change the configuration for your cluster network plugin during cluster installation.
-====
-endif::operator[]
-
 .Example OpenShift SDN configuration
 [source,yaml]
 ----
@@ -261,7 +247,6 @@ ifdef::operator[]
 The UDP port for the Geneve overlay network.
 endif::operator[]
 
-ifndef::ibm-cloud[]
 |`ipsecConfig`
 |`object`
 |
@@ -271,7 +256,6 @@ endif::operator[]
 ifdef::operator[]
 If the field is present, IPsec is enabled for the cluster.
 endif::operator[]
-endif::ibm-cloud[]
 
 |`policyAuditConfig`
 |`object`
@@ -283,14 +267,12 @@ endif::ibm-cloud[]
 
 [NOTE]
 ====
- While migrating egress traffic, you can expect some disruption to workloads and service traffic until the Cluster Network Operator (CNO) successfully rolls out the changes.
+While migrating egress traffic, you can expect some disruption to workloads and service traffic until the Cluster Network Operator (CNO) successfully rolls out the changes.
 ====
 
 |`v4InternalSubnet`
 |
-If your existing network infrastructure overlaps with the `100.64.0.0/16` IPv4 subnet, you can specify a different IP address range for internal use by OVN-Kubernetes. You must ensure that the IP address range does not overlap with any other subnet used by your {product-title} installation. The IP address range must be larger than the maximum number of nodes that can be added to the cluster.
-
-For example, if the `clusterNetwork.cidr` is `10.128.0.0/14` and the `clusterNetwork.hostPrefix` is `/23`, then the maximum number of nodes is `2^(23-14)=512`. An IP address is also required for the gateway, network, and broadcast addresses. Therefore the internal IP address range must be at least a `/24`.
+If your existing network infrastructure overlaps with the `100.64.0.0/16` IPv4 subnet, you can specify a different IP address range for internal use by OVN-Kubernetes. You must ensure that the IP address range does not overlap with any other subnet used by your {product-title} installation. The IP address range must be larger than the maximum number of nodes that can be added to the cluster. For example, if the `clusterNetwork.cidr` value is `10.128.0.0/14` and the `clusterNetwork.hostPrefix` value is `/23`, then the maximum number of nodes is `2^(23-14)=512`.
 
 This field cannot be changed after installation.
 |The default value is `100.64.0.0/16`.
@@ -303,13 +285,6 @@ This field cannot be changed after installation.
 | The default value is `fd98::/48`.
 |====
 
-ifdef::ibm-cloud[]
-[NOTE]
-====
-IPsec for the OVN-Kubernetes network plugin is not supported when installing a cluster on IBM Cloud.
-====
-endif::ibm-cloud[]
-
 // tag::policy-audit[]
 .`policyAuditConfig` object
 [cols=".^2,.^2,.^6a",options="header"]
@@ -357,14 +332,12 @@ The default value is `false`.
 This field has an interaction with the Open vSwitch hardware offloading feature.
 If you set this field to `true`, you do not receive the performance benefits of the offloading because egress traffic is processed by the host networking stack.
 
+|`ipForwarding`
+|`object`
+|You can control IP forwarding for all traffic on OVN-Kubernetes managed interfaces by using the `ipForwarding` specification in the `Network` resource. Specify `Restricted` to only allow IP forwarding for Kubernetes related traffic. Specify `Global` to allow forwarding of all IP traffic. For new installations, the default is `Restricted`. For updates to {product-title} 4.14 or later, the default is `Global`.
+
 |====
 
-ifdef::operator[]
-[NOTE]
-====
-You can only change the configuration for your cluster network plugin during cluster installation, except for the `gatewayConfig` field that can be changed at runtime as a post-installation activity.
-====
-endif::operator[]
 
 .Example OVN-Kubernetes configuration with IPSec enabled
 [source,yaml]
@@ -374,14 +347,12 @@ defaultNetwork:
   ovnKubernetesConfig:
     mtu: 1400
     genevePort: 6081
-ifndef::ibm-cloud[]
     ipsecConfig: {}
-endif::ibm-cloud[]
 ----
 
 [discrete]
 [id="nw-operator-cr-kubeproxyconfig_{context}"]
-=== kubeProxyConfig object configuration
+=== kubeProxyConfig object configuration (OpenShiftSDN container network interface only)
 
 The values for the `kubeProxyConfig` object are defined in the following table:
 
@@ -428,24 +399,15 @@ kind: Network
 metadata:
   name: cluster
 spec:
-  clusterNetwork: <1>
+  clusterNetwork: 
   - cidr: 10.128.0.0/14
     hostPrefix: 23
-  serviceNetwork: <1>
+  serviceNetwork: 
   - 172.30.0.0/16
-  defaultNetwork: <1>
-    type: OpenShiftSDN
-    openshiftSDNConfig:
-      mode: NetworkPolicy
-      mtu: 1450
-      vxlanPort: 4789
-  kubeProxyConfig:
-    iptablesSyncPeriod: 30s
-    proxyArguments:
-      iptables-min-sync-period:
-      - 0s
+  networkType: OVNKubernetes 
+      clusterNetworkMTU: 8900
+    
 ----
-<1> Configured only during cluster installation.
 endif::operator[]
 endif::post-install-network-configuration[]
 
@@ -453,7 +415,7 @@ ifeval::["{context}" == "cluster-network-operator"]
 :!operator:
 endif::[]
 
-ifdef::post-install-network-configuration[]
+ifeval::["{context}" == "post-install-network-configuration"]
 :!post-install-network-configuration:
 endif::[]
 ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
diff --git a/modules/nw-osp-configuring-external-load-balancer.adoc b/modules/nw-osp-configuring-external-load-balancer.adoc
index ed66a61487a2..4a5fc3c1782b 100644
--- a/modules/nw-osp-configuring-external-load-balancer.adoc
+++ b/modules/nw-osp-configuring-external-load-balancer.adoc
@@ -1,13 +1,11 @@
 // Module included in the following assemblies:
-// TODO
-// * networking/TBD
-// * networking/load-balancing-openstack.adoc
-// * installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc jowilkin
-// * installing/installing-vsphere-installer-provisioned.adoc
-// * installing/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing-restricted-networks-installer-provisioned-vsphere.adoc
 
+// * networking/load-balancing-openstack.adoc ( Load balancing on OpenStack)
+// * installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc (Post-installation configuration)
+// * installing/installing-vsphere-installer-provisioned.adoc(Installing a cluster)
+// * installing/installing-vsphere-installer-provisioned-customizations.adoc (Installing a cluster on vSphere with customizations)
+// * installing/installing-vsphere-installer-provisioned-network-customizations.adoc (Installing a cluster on vSphere with network customizations)
+// * installing/installing-restricted-networks-installer-provisioned-vsphere.adoc (Installing a cluster on vSphere in a restricted network)
 
 ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
 :vsphere:
@@ -22,7 +20,7 @@ ifeval::["{context}" == installing-restricted-networks-installer-provisioned-vsp
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-osp-configuring-external-load-balancer_{context}"]
 = Configuring an external load balancer
 
@@ -32,82 +30,169 @@ on {rh-openstack-first}
 endif::[]
 to use an external load balancer in place of the default load balancer.
 
-You can also configure an {product-title} cluster to use an external load balancer that supports multiple subnets. If you use multiple subnets, you can explicitly list all the IP addresses in any networks that are used by your load balancer targets. This configuration can reduce maintenance overhead because you can create and destroy nodes within those networks without reconfiguring the load balancer targets.
-
-If you deploy your ingress pods by using a machine set on a smaller network, such as a `/27` or `/28`, you can simplify your load balancer targets.
-
-[NOTE]
+[IMPORTANT]
 ====
-You do not need to specify API and Ingress static addresses for your installation program. If you choose this configuration, you must take additional actions to define network targets that accept an IP address from each referenced vSphere subnet.
+Configuring an external load balancer depends on your vendor's load balancer.
+
+The information and examples in this section are for guideline purposes only. Consult the vendor documentation for more specific information about the vendor's load balancer.
 ====
 
-.Prerequisites
+Red Hat supports the following services for an external load balancer:
 
-* On your load balancer, TCP over ports 6443, 443, and 80 must be reachable by all users of your system that are located outside the cluster.
+* Ingress Controller
+* OpenShift API
+* OpenShift MachineConfig API
 
-* Load balance the application ports, 443 and 80, between all the compute nodes.
+You can choose whether you want to configure one or all of these services for an external load balancer. Configuring only the Ingress Controller service is a common configuration option. To better understand each service, view the following diagrams:
 
-* Load balance the API port, 6443, between each of the control plane nodes.
+.Example network workflow that shows an Ingress Controller operating in an {product-title} environment
+image::external-load-balancer-default.png[An image that shows an example network workflow of an Ingress Controller operating in an {product-title} environment.]
 
-* On your load balancer, port 22623, which is used to serve ignition startup configurations to nodes, is not exposed outside of the cluster.
+.Example network workflow that shows an OpenShift API operating in an {product-title} environment
+image::external-load-balancer-openshift-api.png[An image that shows an example network workflow of an OpenShift API operating in an {product-title} environment.]
 
-* Your load balancer can access the required ports on each node in your cluster. You can ensure this level of access by completing the following actions:
-** The API load balancer can access ports 22623 and 6443 on the control plane nodes.
-** The ingress load balancer can access ports 443 and 80 on the nodes where the ingress pods are located.
+.Example network workflow that shows an OpenShift MachineConfig API operating in an {product-title} environment
+image::external-load-balancer-machine-config-api.png[An image that shows an example network workflow of an OpenShift MachineConfig API operating in an {product-title} environment.]
 
-ifdef::vsphere[]
-* Optional: If you are using multiple networks, you can create targets for every IP address in the network that can host nodes. This configuration can reduce the maintenance overhead of your cluster.
-endif::vsphere[]
+The following configuration options are supported for external load balancers:
 
-[IMPORTANT]
+* Use a node selector to map the Ingress Controller to a specific set of nodes. You must assign a static IP address to each node in this set, or configure each node to receive the same IP address from the Dynamic Host Configuration Protocol (DHCP). Infrastructure nodes commonly receive this type of configuration.
+
+* Target all IP addresses on a subnet. This configuration can reduce maintenance overhead, because you can create and destroy nodes within those networks without reconfiguring the load balancer targets. If you deploy your ingress pods by using a machine set on a smaller network, such as a `/27` or `/28`, you can simplify your load balancer targets.
++
+[TIP]
 ====
-External load balancing services and the control plane nodes must run on the same L2 network, and on the same VLAN when using VLANs to route traffic between the load balancing services and the control plane nodes.
+You can list all IP addresses that exist in a network by checking the machine config pool's resources.
 ====
 
+.Considerations
+
+* For a front-end IP address, you can use the same IP address for the front-end IP address, the Ingress Controller's load balancer, and API load balancer. Check the vendor's documentation for this capability.
+
+* For a back-end IP address, ensure that an IP address for an {product-title} control plane node does not change during the lifetime of the external load balancer. You can achieve this by completing one of the following actions:
+** Assign a static IP address to each control plane node.
+** Configure each node to receive the same IP address from the DHCP every time the node requests a DHCP lease. Depending on the vendor, the DHCP lease might be in the form of an IP reservation or a static DHCP assignment.
+
+* Manually define each node that runs the Ingress Controller in the external load balancer for the Ingress Controller back-end service. For example, if the Ingress Controller moves to an undefined node, a connection outage can occur.
+
+.OpenShift API prerequisites
+
+* You defined a front-end IP address.
+* TCP ports 6443 and 22623 are exposed on the front-end IP address of your load balancer. Check the following items:
+** Port 6443 provides access to the OpenShift API service.
+** Port 22623 can provide ignition startup configurations to nodes.
+* The front-end IP address and port 6443 are reachable by all users of your system with a location external to your {product-title} cluster.
+* The front-end IP address and port 22623 are reachable only by {product-title} nodes.
+* The load balancer backend can communicate with {product-title} control plane nodes on port 6443 and 22623.
+
+.Ingress Controller prerequisites
+
+* You defined a front-end IP address.
+* TCP ports 443 and 80 are exposed on the front-end IP address of your load balancer.
+* The front-end IP address, port 80 and port 443 are be reachable by all users of your system with a location external to your {product-title} cluster.
+* The front-end IP address, port 80 and port 443 are reachable to all nodes that operate in your {product-title} cluster.
+* The load balancer backend can communicate with {product-title} nodes that run the Ingress Controller on ports 80, 443, and 1936.
+
+.Prerequisite for health check URL specifications
+
+You can configure most load balancers by setting health check URLs that determine if a service is available or unavailable. {product-title} provides these health checks for the OpenShift API, Machine Configuration API, and Ingress Controller backend services.
+
+The following examples demonstrate health check specifications for the previously listed backend services:
+
+.Example of a Kubernetes API health check specification
+
+[source,terminal]
+----
+Path: HTTPS:6443/readyz
+Healthy threshold: 2
+Unhealthy threshold: 2
+Timeout: 10
+Interval: 10
+----
+
+.Example of a Machine Config API health check specification
+
+[source,terminal]
+----
+Path: HTTPS:22623/healthz
+Healthy threshold: 2
+Unhealthy threshold: 2
+Timeout: 10
+Interval: 10
+----
+
+.Example of an Ingress Controller health check specification
+
+[source,terminal]
+----
+Path: HTTP:1936/healthz/ready
+Healthy threshold: 2
+Unhealthy threshold: 2
+Timeout: 5
+Interval: 10
+----
+
 .Procedure
 
-. Enable access to the cluster from your load balancer on ports 6443, 443, and 80.
+. Configure the HAProxy Ingress Controller, so that you can enable access to the cluster from your load balancer on ports 6443, 443, and 80:
 +
-As an example, note this HAProxy configuration:
-+
-.A section of a sample HAProxy configuration
-[source,text]
+.Example HAProxy configuration
+[source,terminal]
 ----
-...
+#...
 listen my-cluster-api-6443
-    bind 0.0.0.0:6443
+    bind 192.168.1.100:6443
     mode tcp
     balance roundrobin
-    server my-cluster-master-2 192.0.2.2:6443 check
-    server my-cluster-master-0 192.0.2.3:6443 check
-    server my-cluster-master-1 192.0.2.1:6443 check
+  option httpchk
+  http-check connect
+  http-check send meth GET uri /readyz
+  http-check expect status 200
+    server my-cluster-master-2 192.168.1.101:6443 check inter 10s rise 2 fall 2
+    server my-cluster-master-0 192.168.1.102:6443 check inter 10s rise 2 fall 2
+    server my-cluster-master-1 192.168.1.103:6443 check inter 10s rise 2 fall 2
+
+listen my-cluster-machine-config-api-22623
+    bind 192.168.1.1000.0.0.0:22623
+    mode tcp
+    balance roundrobin
+  option httpchk
+  http-check connect
+  http-check send meth GET uri /healthz
+  http-check expect status 200
+    server my-cluster-master-2 192.0168.21.2101:22623 check inter 10s rise 2 fall 2
+    server my-cluster-master-0 192.168.1.1020.2.3:22623 check inter 10s rise 2 fall 2
+    server my-cluster-master-1 192.168.1.1030.2.1:22623 check inter 10s rise 2 fall 2
+
 listen my-cluster-apps-443
-        bind 0.0.0.0:443
+        bind 192.168.1.100:443
         mode tcp
         balance roundrobin
-        server my-cluster-worker-0 192.0.2.6:443 check
-        server my-cluster-worker-1 192.0.2.5:443 check
-        server my-cluster-worker-2 192.0.2.4:443 check
+    option httpchk
+    http-check connect
+    http-check send meth GET uri /healthz/ready
+    http-check expect status 200
+        server my-cluster-worker-0 192.168.1.111:443 check port 1936 inter 10s rise 2 fall 2
+        server my-cluster-worker-1 192.168.1.112:443 check port 1936 inter 10s rise 2 fall 2
+        server my-cluster-worker-2 192.168.1.113:443 check port 1936 inter 10s rise 2 fall 2
+
 listen my-cluster-apps-80
-        bind 0.0.0.0:80
+        bind 192.168.1.100:80
         mode tcp
         balance roundrobin
-        server my-cluster-worker-0 192.0.2.7:80 check
-        server my-cluster-worker-1 192.0.2.9:80 check
-        server my-cluster-worker-2 192.0.2.8:80 check
+    option httpchk
+    http-check connect
+    http-check send meth GET uri /healthz/ready
+    http-check expect status 200
+        server my-cluster-worker-0 192.168.1.111:80 check port 1936 inter 10s rise 2 fall 2
+        server my-cluster-worker-1 192.168.1.112:80 check port 1936 inter 10s rise 2 fall 2
+        server my-cluster-worker-2 192.168.1.113:80 check port 1936 inter 10s rise 2 fall 2
+# ...
 ----
 
-. Add records to your DNS server for the cluster API and apps over the load balancer. For example:
+. Use the `curl` CLI command to verify that the external load balancer and its resources are operational:
 +
-[source,dns]
-----
-<load_balancer_ip_address> api.<cluster_name>.<base_domain>
-<load_balancer_ip_address> apps.<cluster_name>.<base_domain>
-----
-
-. From a command line, use `curl` to verify that the external load balancer and DNS configuration are operational.
-
-.. Verify that the cluster API is accessible:
+.. Verify that the cluster machine configuration API is accessible to the Kubernetes API server resource, by running the following command and observing the response:
 +
 [source,terminal]
 ----
@@ -130,20 +215,133 @@ If the configuration is correct, you receive a JSON object in response:
   "platform": "linux/amd64"
 }
 ----
++
+.. Verify that the cluster machine configuration API is accessible to the Machine config server resource, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ curl -v https://<loadbalancer_ip_address>:22623/healthz --insecure
+----
++
+If the configuration is correct, the output from the command shows the following response:
++
+[source,terminal]
+----
+HTTP/1.1 200 OK
+Content-Length: 0
+----
++
+.. Verify that the controller is accessible to the Ingress Controller resource on port 80, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ curl -I -L -H "Host: console-openshift-console.apps.<cluster_name>.<base_domain>" http://<load_balancer_front_end_IP_address>
+----
++
+If the configuration is correct, the output from the command shows the following response:
++
+[source,terminal]
+----
+HTTP/1.1 302 Found
+content-length: 0
+location: https://console-openshift-console.apps.ocp4.private.opequon.net/
+cache-control: no-cache
+----
++
+.. Verify that the controller is accessible to the Ingress Controller resource on port 443, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ curl -I -L --insecure --resolve console-openshift-console.apps.<cluster_name>.<base_domain>:443:<Load Balancer Front End IP Address> https://console-openshift-console.apps.<cluster_name>.<base_domain>
+----
++
+If the configuration is correct, the output from the command shows the following response:
++
+[source,terminal]
+----
+HTTP/1.1 200 OK
+referrer-policy: strict-origin-when-cross-origin
+set-cookie: csrf-token=UlYWOyQ62LWjw2h003xtYSKlh1a0Py2hhctw0WmV2YEdhJjFyQwWcGBsja261dGLgaYO0nxzVErhiXt6QepA7g==; Path=/; Secure; SameSite=Lax
+x-content-type-options: nosniff
+x-dns-prefetch-control: off
+x-frame-options: DENY
+x-xss-protection: 1; mode=block
+date: Wed, 04 Oct 2023 16:29:38 GMT
+content-type: text/html; charset=utf-8
+set-cookie: 1e2670d92730b515ce3a1bb65da45062=1bf5e9573c9a2760c964ed1659cc1673; path=/; HttpOnly; Secure; SameSite=None
+cache-control: private
+----
 
-.. Verify that cluster applications are accessible:
+. Configure the DNS records for your cluster to target the front-end IP addresses of the external load balancer. You must update records to your DNS server for the cluster API and applications over the load balancer.
++
+.Examples of modified DNS records
++
+[source,dns]
+----
+<load_balancer_ip_address>  A  api.<cluster_name>.<base_domain>
+A record pointing to Load Balancer Front End
+----
++
+[source,dns]
+----
+<load_balancer_ip_address>   A apps.<cluster_name>.<base_domain>
+A record pointing to Load Balancer Front End
+----
 +
-[NOTE]
+[IMPORTANT]
 ====
-You can also verify application accessibility by opening the {product-title} console in a web browser.
+DNS propagation might take some time for each DNS record to become available. Ensure that each DNS record propagates before validating each record.
 ====
+
+. Use the `curl` CLI command to verify that the external load balancer and DNS record configuration are operational:
 +
-[source, terminal]
+.. Verify that you can access the cluster API, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ curl https://api.<cluster_name>.<base_domain>:6443/version --insecure
+----
++
+If the configuration is correct, you receive a JSON object in response:
++
+[source,json]
+----
+{
+  "major": "1",
+  "minor": "11+",
+  "gitVersion": "v1.11.0+ad103ed",
+  "gitCommit": "ad103ed",
+  "gitTreeState": "clean",
+  "buildDate": "2019-01-09T06:44:10Z",
+  "goVersion": "go1.10.3",
+  "compiler": "gc",
+  "platform": "linux/amd64"
+  }
+----
++
+.. Verify that you can access the cluster machine configuration, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ curl -v https://api.<cluster_name>.<base_domain>:22623/healthz --insecure
+----
++
+If the configuration is correct, the output from the command shows the following response:
++
+[source,terminal]
+----
+HTTP/1.1 200 OK
+Content-Length: 0
+----
++
+.. Verify that you can access each cluster application on port, by running the following command and observing the output:
++
+[source,terminal]
 ----
 $ curl http://console-openshift-console.apps.<cluster_name>.<base_domain> -I -L --insecure
 ----
 +
-If the configuration is correct, you receive an HTTP response:
+If the configuration is correct, the output from the command shows the following response:
 +
 [source,terminal]
 ----
@@ -162,3 +360,40 @@ content-type: text/html; charset=utf-8
 set-cookie: 1e2670d92730b515ce3a1bb65da45062=9b714eb87e93cf34853e87a92d6894be; path=/; HttpOnly; Secure; SameSite=None
 cache-control: private
 ----
++
+.. Verify that you can access each cluster application on port 443, by running the following command and observing the output:
++
+[source,terminal]
+----
+$ curl https://console-openshift-console.apps.<cluster_name>.<base_domain> -I -L --insecure
+----
++
+If the configuration is correct, the output from the command shows the following response:
++
+[source,terminal]
+----
+HTTP/1.1 200 OK
+referrer-policy: strict-origin-when-cross-origin
+set-cookie: csrf-token=UlYWOyQ62LWjw2h003xtYSKlh1a0Py2hhctw0WmV2YEdhJjFyQwWcGBsja261dGLgaYO0nxzVErhiXt6QepA7g==; Path=/; Secure; SameSite=Lax
+x-content-type-options: nosniff
+x-dns-prefetch-control: off
+x-frame-options: DENY
+x-xss-protection: 1; mode=block
+date: Wed, 04 Oct 2023 16:29:38 GMT
+content-type: text/html; charset=utf-8
+set-cookie: 1e2670d92730b515ce3a1bb65da45062=1bf5e9573c9a2760c964ed1659cc1673; path=/; HttpOnly; Secure; SameSite=None
+cache-control: private
+----
+
+ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
+:!vsphere:
+endif::[]
+ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
+:!vsphere:
+endif::[]
+ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
+:!vsphere:
+endif::[]
+ifeval::["{context}" == installing-restricted-networks-installer-provisioned-vsphere]
+:!vsphere:
+endif::[]
diff --git a/modules/nw-osp-enabling-ovs-offload.adoc b/modules/nw-osp-enabling-ovs-offload.adoc
index 16630d619b8f..1e5eb3709e5a 100644
--- a/modules/nw-osp-enabling-ovs-offload.adoc
+++ b/modules/nw-osp-enabling-ovs-offload.adoc
@@ -2,20 +2,25 @@
 //
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-osp-enabling-ovs-offload_{context}"]
 = Enabling OVS hardware offloading
 
-For clusters that run on {rh-openstack-first}, you can enable link:https://www.openvswitch.org/[Open vSwitch (OVS)] hardware offloading. 
+For clusters that run on {rh-openstack-first}, you can enable link:https://www.openvswitch.org/[Open vSwitch (OVS)] hardware offloading.
 
-OVS is a multi-layer virtual switch that enables large-scale, multi-server network virtualization. 
+OVS is a multi-layer virtual switch that enables large-scale, multi-server network virtualization.
 
 .Prerequisites
 
 * You installed a cluster on {rh-openstack} that is configured for single-root input/output virtualization (SR-IOV).
-* You installed the SR-IOV Network Operator on your cluster. 
+* You installed the SR-IOV Network Operator on your cluster.
 * You created two `hw-offload` type virtual function (VF) interfaces on your cluster.
 
+[NOTE]
+====
+Application layer gateway flows are broken in {product-title} version 4.10, 4.11, and 4.12. Also, you cannot offload the application layer gateway flow for {product-title} version 4.13. 
+====
+
 .Procedure
 
 . Create an `SriovNetworkNodePolicy` policy for the two `hw-offload` type VF interfaces that are on your cluster:
@@ -97,7 +102,7 @@ spec:
     config: '{ "cniVersion":"0.3.1", "name":"hwoffload10","type":"host-device","device":"ens5"
     }'
 ----
- 
+
 . Use the interfaces that you created with a pod. For example:
 +
 .A pod that uses the two OVS offload interfaces
@@ -118,4 +123,4 @@ spec:
   containers:
   - name: dpdk-testpmd
     image: quay.io/krister/centos8_nfv-container-dpdk-testpmd:latest
-----
+----
\ No newline at end of file
diff --git a/modules/nw-osp-hardware-offload-attaching-network.adoc b/modules/nw-osp-hardware-offload-attaching-network.adoc
index d70666274acf..9c1dea97b9a4 100644
--- a/modules/nw-osp-hardware-offload-attaching-network.adoc
+++ b/modules/nw-osp-hardware-offload-attaching-network.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-osp-hardware-offload-attaching-network_{context}"]
 = Attaching an OVS hardware offloading network
 
@@ -11,7 +11,7 @@ You can attach an Open vSwitch (OVS) hardware offloading network to your cluster
 .Prerequisites
 
 * Your cluster is installed and running.
-* You provisioned an OVS hardware offloading network on {rh-openstack-first} to use with your cluster. 
+* You provisioned an OVS hardware offloading network on {rh-openstack-first} to use with your cluster.
 
 .Procedure
 
diff --git a/modules/nw-osp-loadbalancer-etp-local.adoc b/modules/nw-osp-loadbalancer-etp-local.adoc
index a6e09f5fcb9c..ffb18d00d9ad 100644
--- a/modules/nw-osp-loadbalancer-etp-local.adoc
+++ b/modules/nw-osp-loadbalancer-etp-local.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/nw-osp-loadbalancer-limitations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-osp-loadbalancer-etp-local_{context}"]
 = Local external traffic policies
 
@@ -9,6 +9,6 @@ You can set the external traffic policy (ETP) parameter, `.spec.externalTrafficP
 
 Having the `ETP` option set to `Local` requires that health monitors be created for the load balancer. Without health monitors, traffic can be routed to a node that doesn't have a functional endpoint, which causes the connection to drop. To force Cloud Provider OpenStack to create health monitors, you must set the value of the `create-monitor` option in the cloud provider configuration to `true`.
 
-In {rh-openstack} 16.1 and 16.2, the OVN Octavia provider does not support health monitors. Therefore, setting the ETP to local is unsupported.
+In {rh-openstack} 16.2, the OVN Octavia provider does not support health monitors. Therefore, setting the ETP to local is unsupported.
 
-In {rh-openstack} 16.1 and 16.2, the Amphora Octavia provider does not support HTTP monitors on UDP pools. As a result, UDP load balancer services have `UDP-CONNECT` monitors created instead. Due to implementation details, this configuration only functions properly with the OVN-Kubernetes CNI plugin. When the OpenShift SDN CNI plugin is used, the UDP services alive nodes are detected unreliably.
\ No newline at end of file
+In {rh-openstack} 16.2, the Amphora Octavia provider does not support HTTP monitors on UDP pools. As a result, UDP load balancer services have `UDP-CONNECT` monitors created instead. Due to implementation details, this configuration only functions properly with the OVN-Kubernetes CNI plugin. When the OpenShift SDN CNI plugin is used, the UDP services alive nodes are detected unreliably. This issue also affects the OVN Octavia provider in any {rh-openstack} version because the driver does not support HTTP health monitors.
diff --git a/modules/nw-osp-loadbalancer-limitations.adoc b/modules/nw-osp-loadbalancer-limitations.adoc
index 463840ba836e..b011351dd1c3 100644
--- a/modules/nw-osp-loadbalancer-limitations.adoc
+++ b/modules/nw-osp-loadbalancer-limitations.adoc
@@ -2,7 +2,7 @@
 // * networking/load-balancing-openstack.adoc
 // For thinking and reviewing, adding to networking/load-balancing-openstack.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-osp-loadbalancer-limitations_{context}"]
 = Limitations of load balancer services
 
diff --git a/modules/nw-osp-loadbalancer-source-ranges.adoc b/modules/nw-osp-loadbalancer-source-ranges.adoc
deleted file mode 100644
index a82b94c8bb6a..000000000000
--- a/modules/nw-osp-loadbalancer-source-ranges.adoc
+++ /dev/null
@@ -1,8 +0,0 @@
-// Module included in the following assemblies:
-// * networking/nw-osp-loadbalancer-limitations.adoc
-
-:_content-type: CONCEPT
-[id="nw-osp-loadbalancer-source-ranges_{context}"]
-= Load balancer source ranges
-
-Use the `.spec.loadBalancerSourceRanges` property to restrict the traffic that can pass through the load balancer according to source IP. This property is supported for use with the Amphora Octavia provider only. If your cluster uses the OVN Octavia provider, the option is ignored and traffic is unrestricted.
\ No newline at end of file
diff --git a/modules/nw-osp-pod-adding-connections-ipv6.adoc b/modules/nw-osp-pod-adding-connections-ipv6.adoc
index 8c7914e2e1c4..000fd454c716 100644
--- a/modules/nw-osp-pod-adding-connections-ipv6.adoc
+++ b/modules/nw-osp-pod-adding-connections-ipv6.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-osp-pod-adding-connections-ipv6_{context}"]
 = Adding IPv6 connectivity to pods on {rh-openstack}
 
@@ -41,7 +41,7 @@ DHCPv6 is not supported by Multus.
 
 . Save your changes and quit the text editor to commit your changes.
 
-.Verification 
+.Verification
 
 * On a command line, enter the following command:
 +
@@ -57,4 +57,4 @@ NAMESPACE       NAME            AGE
 ipv6            ipv6            21h
 ----
 
-You can now create pods that have secondary IPv6 connections. 
+You can now create pods that have secondary IPv6 connections.
diff --git a/modules/nw-osp-pod-connections-ipv6.adoc b/modules/nw-osp-pod-connections-ipv6.adoc
index fe724dd67aa9..675fb64fd2be 100644
--- a/modules/nw-osp-pod-connections-ipv6.adoc
+++ b/modules/nw-osp-pod-connections-ipv6.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-osp-pod-connections-ipv6_{context}"]
 = Enabling IPv6 connectivity to pods on {rh-openstack}
 
@@ -27,7 +27,7 @@ Only the following IPv6 additional network configurations are supported:
 $ openstack port set --no-security-group --disable-port-security <compute_ipv6_port>
 ----
 +
-IMPORTANT: This command removes security groups from the port and disables port security. Traffic restrictions are removed entirely from the port.  
+IMPORTANT: This command removes security groups from the port and disables port security. Traffic restrictions are removed entirely from the port.
 
 where:
 
diff --git a/modules/nw-osp-pod-creating-ipv6.adoc b/modules/nw-osp-pod-creating-ipv6.adoc
index 2669ccbce67e..1801b83000e5 100644
--- a/modules/nw-osp-pod-creating-ipv6.adoc
+++ b/modules/nw-osp-pod-creating-ipv6.adoc
@@ -2,11 +2,11 @@
 //
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-osp-pod-creating-ipv6_{context}"]
 = Create pods that have IPv6 connectivity on {rh-openstack}
 
-After you enable IPv6 connectivty for pods and add it to them, create pods that have secondary IPv6 connections. 
+After you enable IPv6 connectivty for pods and add it to them, create pods that have secondary IPv6 connections.
 
 .Procedure
 
@@ -21,12 +21,12 @@ metadata:
   namespace: ipv6
 spec:
   affinity:
-    podAntiAffinity: 
+    podAntiAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
             matchExpressions:
             - key: app
-              operator: In 
+              operator: In
               values:
               - hello-openshift
   replicas: 2
diff --git a/modules/nw-ovn-ipsec-certificates.adoc b/modules/nw-ovn-ipsec-certificates.adoc
index 224b3c9bc0c8..992d899228fa 100644
--- a/modules/nw-ovn-ipsec-certificates.adoc
+++ b/modules/nw-ovn-ipsec-certificates.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/about-ipsec-ovn.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ovn-ipsec-certificates_{context}"]
 = Security certificate generation and rotation
 
diff --git a/modules/nw-ovn-ipsec-disable.adoc b/modules/nw-ovn-ipsec-disable.adoc
index 916716850484..5c4eb5914ad9 100644
--- a/modules/nw-ovn-ipsec-disable.adoc
+++ b/modules/nw-ovn-ipsec-disable.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-ipsec-disable_{context}"]
 = Disabling IPsec encryption
 
diff --git a/modules/nw-ovn-ipsec-enable.adoc b/modules/nw-ovn-ipsec-enable.adoc
index c8a3ce4f92f8..1f0c1221a82d 100644
--- a/modules/nw-ovn-ipsec-enable.adoc
+++ b/modules/nw-ovn-ipsec-enable.adoc
@@ -2,16 +2,16 @@
 //
 // * networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-ipsec-enable_{context}"]
-= Enabling IPsec encryption
+= Enabling pod-to-pod IPsec encryption
 
-As a cluster administrator, you can enable IPsec encryption after cluster installation.
+As a cluster administrator, you can enable pod-to-pod IPsec encryption after cluster installation.
 
 .Prerequisites
 
-* Install the OpenShift CLI (`oc`).
-* Log in to the cluster with a user with `cluster-admin` privileges.
+* Install the {oc-first}.
+* You are logged in to the cluster as a user with `cluster-admin` privileges.
 * You have reduced the size of your cluster MTU by `46` bytes to allow for the overhead of the IPsec ESP header.
 
 .Procedure
diff --git a/modules/nw-ovn-ipsec-encryption.adoc b/modules/nw-ovn-ipsec-encryption.adoc
index 162622914bdc..df411a497fde 100644
--- a/modules/nw-ovn-ipsec-encryption.adoc
+++ b/modules/nw-ovn-ipsec-encryption.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/about-ipsec-ovn.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ovn-ipsec-encryption_{context}"]
 = Encryption protocol and IPsec mode
 
diff --git a/modules/nw-ovn-ipsec-north-south-enable.adoc b/modules/nw-ovn-ipsec-north-south-enable.adoc
new file mode 100644
index 000000000000..8ee3cf4e7156
--- /dev/null
+++ b/modules/nw-ovn-ipsec-north-south-enable.adoc
@@ -0,0 +1,148 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-ovn-ipsec-north-south-enable_{context}"]
+= Enabling IPsec encryption for external IPsec endpoints
+
+// This procedure requests installing Butane to prepare the machine config
+
+As a cluster administrator, you can enable IPsec encryption between the cluster and external IPsec endpoints. Because this procedure uses Butane to create machine configs, you must have the `butane` command installed.
+
+[NOTE]
+====
+After you apply the machine config, the Machine Config Operator reboots affected nodes in your cluster to rollout the new machine config.
+====
+
+.Prerequisites
+
+* Install the {oc-first}.
+* You are logged in to the cluster as a user with `cluster-admin` privileges.
+* You have reduced the size of your cluster MTU by `46` bytes to allow for the overhead of the IPsec ESP header.
+* You have installed the `butane` utility.
+* You have an existing PKCS#12 certificate for the IPsec endpoint and a CA cert in PEM format.
+
+.Procedure
+
+As a cluster administrator, you can enable IPsec support for external IPsec endpoints.
+
+. Create an IPsec configuration file named `ipsec-endpoint-config.conf`. The configuration is consumed in the next step. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/securing_networks/configuring-a-vpn-with-ipsec_securing-networks#configuring-a-vpn-with-ipsec_securing-networks[Libreswan as an IPsec VPN implementation].
+
+. Provide the following certificate files to add to the Network Security Services (NSS) database on each host. These files are imported as part of the Butane configuration in subsequent steps.
++
+--
+* `left_server.p12`: The certificate bundle for the IPsec endpoints
+* `ca.pem`: The certificate authority that you signed your certificates with
+--
+
+. Create a machine config to apply the IPsec configuration to your cluster by using the following two steps:
+
+.. To add the IPsec configuration, create Butane config files for the control plane and worker nodes with the following contents:
++
+[source,terminal,subs="attributes+"]
+----
+$ for role in master worker; do
+  cat >> "99-ipsec-$\{role}-endpoint-config.bu" <<-EOF
+  variant: openshift
+  version: {product-version}.0
+  metadata:
+    name: 99-$\{role}-import-certs-enable-svc-os-ext
+    labels:
+      machineconfiguration.openshift.io/role: $role
+  openshift:
+    extensions:
+      - ipsec
+  systemd:
+    units:
+    - name: ipsec-import.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Import external certs into ipsec NSS
+        Before=ipsec.service
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/local/bin/ipsec-addcert.sh
+        RemainAfterExit=false
+        StandardOutput=journal
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: ipsecenabler.service
+      enabled: true
+      contents: |
+        [Service]
+        Type=oneshot
+        ExecStart=systemctl enable --now ipsec.service
+
+        [Install]
+        WantedBy=multi-user.target
+  storage:
+    files:
+    - path: /etc/ipsec.d/ipsec-endpoint-config.conf
+      mode: 0400
+      overwrite: true
+      contents:
+        local: ipsec-endpoint-config.conf
+    - path: /etc/pki/certs/ca.pem
+      mode: 0400
+      overwrite: true
+      contents:
+        local: ca.pem
+    - path: /etc/pki/certs/left_server.p12
+      mode: 0400
+      overwrite: true
+      contents:
+        local: left_server.p12
+    - path: /usr/local/bin/ipsec-addcert.sh
+      mode: 0740
+      overwrite: true
+      contents:
+        inline: |
+          #!/bin/bash -e
+          echo "importing cert to NSS"
+          certutil -A -n "CA" -t "CT,C,C" -d /var/lib/ipsec/nss/ -i /etc/pki/certs/ca.pem
+          pk12util -W "" -i /etc/pki/certs/left_server.p12 -d /var/lib/ipsec/nss/
+          certutil -M -n "left_server" -t "u,u,u" -d /var/lib/ipsec/nss/
+EOF
+done
+----
+
+.. To transform the Butane files that you created in the previous step into machine configs, enter the following command:
++
+[source,terminal]
+----
+$ for role in master worker; do
+  butane 99-ipsec-${role}-endpoint-config.bu -o ./99-ipsec-$role-endpoint-config.yaml
+done
+----
+
+. To apply the machine configs to your cluster, enter the following command:
++
+[source,terminal]
+----
+$ for role in master worker; do
+  oc apply -f 99-ipsec-${role}-endpoint-config.yaml
+done
+----
++
+[IMPORTANT]
+====
+As the Machine Config Operator (MCO) updates machines in each machine config pool, it reboots each node one by one. You must wait until all the nodes are updated before external IPsec connectivity is available.
+====
+
+. Check the machine config pool status by entering the following command:
++
+[source,terminal]
+----
+$ oc get mcp
+----
++
+A successfully updated node has the following status: `UPDATED=true`, `UPDATING=false`, `DEGRADED=false`.
++
+[NOTE]
+====
+By default, the MCO updates one machine per pool at a time, causing the total time the migration takes to increase with the size of the cluster.
+====
diff --git a/modules/nw-ovn-ipsec-traffic.adoc b/modules/nw-ovn-ipsec-traffic.adoc
index 2711b2260132..1c39f3c7b2f6 100644
--- a/modules/nw-ovn-ipsec-traffic.adoc
+++ b/modules/nw-ovn-ipsec-traffic.adoc
@@ -2,9 +2,9 @@
 //
 // * networking/ovn_kubernetes_network_provider/about-ipsec-ovn.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ovn-ipsec-traffic_{context}"]
-= Types of network traffic flows encrypted by IPsec
+= Types of network traffic flows encrypted by pod-to-pod IPsec
 
 With IPsec enabled, only the following network traffic flows between pods are encrypted:
 
@@ -20,30 +20,3 @@ The following traffic flows are not encrypted:
 The encrypted and unencrypted flows are illustrated in the following diagram:
 
 image::nw-ipsec-encryption.png[IPsec encrypted and unencrypted traffic flows]
-
-== Network connectivity requirements when IPsec is enabled
-
-You must configure the network connectivity between machines to allow {product-title} cluster
-components to communicate. Each machine must be able to resolve the hostnames
-of all other machines in the cluster.
-
-.Ports used for all-machine to all-machine communications
-[cols="2a,2a,5a",options="header"]
-|===
-
-|Protocol
-|Port
-|Description
-
-.2+|UDP
-|`500`
-|IPsec IKE packets
-
-|`4500`
-|IPsec NAT-T packets
-
-|ESP
-|N/A
-|IPsec Encapsulating Security Payload (ESP)
-
-|===
diff --git a/modules/nw-ovn-ipsec-verification.adoc b/modules/nw-ovn-ipsec-verification.adoc
index ae43a1a3f762..57ed092ba3b1 100644
--- a/modules/nw-ovn-ipsec-verification.adoc
+++ b/modules/nw-ovn-ipsec-verification.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/about-ipsec-ovn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-ipsec-verification_{context}"]
 = Verifying that IPsec is enabled
 
@@ -10,30 +10,29 @@ As a cluster administrator, you can verify that IPsec is enabled.
 
 .Verification
 
-. To find the names of the OVN-Kubernetes control plane pods, enter the following command:
+. To find the names of the OVN-Kubernetes data plane pods, enter the following command:
 +
 [source,terminal]
 ----
-$ oc get pods -n openshift-ovn-kubernetes | grep ovnkube-master
+$ oc get pods -n openshift-ovn-kubernetes -l=app=ovnkube-node
 ----
 +
 .Example output
 [source,terminal]
 ----
-ovnkube-master-4496s        1/1     Running   0          6h39m
-ovnkube-master-d6cht        1/1     Running   0          6h42m
-ovnkube-master-skblc        1/1     Running   0          6h51m
-ovnkube-master-vf8rf        1/1     Running   0          6h51m
-ovnkube-master-w7hjr        1/1     Running   0          6h51m
-ovnkube-master-zsk7x        1/1     Running   0          6h42m
+ovnkube-node-5xqbf                       8/8     Running   0              28m
+ovnkube-node-6mwcx                       8/8     Running   0              29m
+ovnkube-node-ck5fr                       8/8     Running   0              31m
+ovnkube-node-fr4ld                       8/8     Running   0              26m
+ovnkube-node-wgs4l                       8/8     Running   0              33m
+ovnkube-node-zfvcl                       8/8     Running   0              34m
 ----
 
 . Verify that IPsec is enabled on your cluster:
 +
 [source,terminal]
 ----
-$ oc -n openshift-ovn-kubernetes -c nbdb rsh ovnkube-master-<XXXXX> \
-  ovn-nbctl --no-leader-only get nb_global . ipsec
+$ oc -n openshift-ovn-kubernetes -c nbdb rsh ovnkube-node-<XXXXX> ovn-nbctl --no-leader-only get nb_global . ipsec
 ----
 +
 --
diff --git a/modules/nw-ovn-kubernetes-alerts-cli.adoc b/modules/nw-ovn-kubernetes-alerts-cli.adoc
index 29b4cd4a1f50..399beddd34a3 100644
--- a/modules/nw-ovn-kubernetes-alerts-cli.adoc
+++ b/modules/nw-ovn-kubernetes-alerts-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-alerts-cli_{context}"]
 = Viewing OVN-Kubernetes alerts in the CLI
 
@@ -26,14 +26,11 @@ $ ALERT_MANAGER=$(oc get route alertmanager-main -n openshift-monitoring \
 -o jsonpath='{@.spec.host}')
 ----
 
-.. Issue a `curl` request to the alert manager route API with the correct authorization details requesting specific fields by running the following command:
+.. Issue a `curl` request to the alert manager route API by running the following command, replacing `$ALERT_MANAGER` with the URL of your `Alertmanager` instance:
 +
 [source,terminal]
 ----
-$ curl -s -k -H "Authorization: Bearer \
-$(oc create token prometheus-k8s -n openshift-monitoring)" \
-https://$ALERT_MANAGER/api/v1/alerts \
-| jq '.data[] | "\(.labels.severity) \(.labels.alertname) \(.labels.pod) \(.labels.container) \(.labels.endpoint) \(.labels.instance)"'
+$ curl -s -k -H "Authorization: Bearer $(oc create token prometheus-k8s -n openshift-monitoring)" https://$ALERT_MANAGER/api/v1/alerts | jq '.data[] | "\(.labels.severity) \(.labels.alertname) \(.labels.pod) \(.labels.container) \(.labels.endpoint) \(.labels.instance)"'
 ----
 
 . View alerting rules by running the following command:
diff --git a/modules/nw-ovn-kubernetes-alerts-console.adoc b/modules/nw-ovn-kubernetes-alerts-console.adoc
index 8103a483643b..2c2363e069df 100644
--- a/modules/nw-ovn-kubernetes-alerts-console.adoc
+++ b/modules/nw-ovn-kubernetes-alerts-console.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-alerts-console_{context}"]
 = Viewing OVN-Kubernetes alerts in the console
 
diff --git a/modules/nw-ovn-kubernetes-change-log-levels.adoc b/modules/nw-ovn-kubernetes-change-log-levels.adoc
index 15e71013da3f..7a90a37fb3b6 100644
--- a/modules/nw-ovn-kubernetes-change-log-levels.adoc
+++ b/modules/nw-ovn-kubernetes-change-log-levels.adoc
@@ -2,11 +2,11 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-change-log-levels_{context}"]
 = Changing the OVN-Kubernetes log levels
 
-The default log level for OVN-Kubernetes is 2. To debug OVN-Kubernetes set the log level to 5.
+The default log level for OVN-Kubernetes is 4. To debug OVN-Kubernetes, set the log level to 5.
 Follow this procedure to increase the log level of the OVN-Kubernetes to help you debug an issue.
 
 .Prerequisites
@@ -26,16 +26,16 @@ $ oc get po -o wide -n openshift-ovn-kubernetes
 .Example output
 [source,terminal]
 ----
-NAME                   READY   STATUS    RESTARTS      AGE   IP             NODE                           NOMINATED NODE   READINESS GATES
-ovnkube-master-84nc9   6/6     Running   0             50m   10.0.134.156   ip-10-0-134-156.ec2.internal   <none>           <none>
-ovnkube-master-gmlqv   6/6     Running   0             50m   10.0.209.180   ip-10-0-209-180.ec2.internal   <none>           <none>
-ovnkube-master-nhts2   6/6     Running   1 (48m ago)   50m   10.0.147.31    ip-10-0-147-31.ec2.internal    <none>           <none>
-ovnkube-node-2cbh8     5/5     Running   0             43m   10.0.217.114   ip-10-0-217-114.ec2.internal   <none>           <none>
-ovnkube-node-6fvzl     5/5     Running   0             50m   10.0.147.31    ip-10-0-147-31.ec2.internal    <none>           <none>
-ovnkube-node-f4lzz     5/5     Running   0             24m   10.0.146.76    ip-10-0-146-76.ec2.internal    <none>           <none>
-ovnkube-node-jf67d     5/5     Running   0             50m   10.0.209.180   ip-10-0-209-180.ec2.internal   <none>           <none>
-ovnkube-node-np9mf     5/5     Running   0             40m   10.0.165.191   ip-10-0-165-191.ec2.internal   <none>           <none>
-ovnkube-node-qjldg     5/5     Running   0             50m   10.0.134.156   ip-10-0-134-156.ec2.internal   <none>           <none>
+NAME                                     READY   STATUS    RESTARTS       AGE    IP           NODE                                       NOMINATED NODE   READINESS GATES
+ovnkube-control-plane-65497d4548-9ptdr   2/2     Running   2 (128m ago)   147m   10.0.0.3     ci-ln-3njdr9b-72292-5nwkp-master-0         <none>           <none>
+ovnkube-control-plane-65497d4548-j6zfk   2/2     Running   0              147m   10.0.0.5     ci-ln-3njdr9b-72292-5nwkp-master-2         <none>           <none>
+ovnkube-control-plane-65497d4548-k7xqt   2/2     Running   0              147m   10.0.0.4     ci-ln-3njdr9b-72292-5nwkp-master-1         <none>           <none>
+ovnkube-node-5dx44                       8/8     Running   0              146m   10.0.0.3     ci-ln-3njdr9b-72292-5nwkp-master-0         <none>           <none>
+ovnkube-node-dpfn4                       8/8     Running   0              146m   10.0.0.4     ci-ln-3njdr9b-72292-5nwkp-master-1         <none>           <none>
+ovnkube-node-kwc9l                       8/8     Running   0              134m   10.0.128.2   ci-ln-3njdr9b-72292-5nwkp-worker-a-2fjcj   <none>           <none>
+ovnkube-node-mcrhl                       8/8     Running   0              134m   10.0.128.4   ci-ln-3njdr9b-72292-5nwkp-worker-c-v9x5v   <none>           <none>
+ovnkube-node-nsct4                       8/8     Running   0              146m   10.0.0.5     ci-ln-3njdr9b-72292-5nwkp-master-2         <none>           <none>
+ovnkube-node-zrj9f                       8/8     Running   0              134m   10.0.128.3   ci-ln-3njdr9b-72292-5nwkp-worker-b-v78h7   <none>           <none>
 ----
 
 . Create a `ConfigMap` file similar to the following example and use a filename such as `env-overrides.yaml`:
@@ -49,12 +49,12 @@ metadata:
   name: env-overrides
   namespace: openshift-ovn-kubernetes
 data:
-  ip-10-0-217-114.ec2.internal: | <1>
+  ci-ln-3njdr9b-72292-5nwkp-master-0: | <1>
     # This sets the log level for the ovn-kubernetes node process:
     OVN_KUBE_LOG_LEVEL=5
     # You might also/instead want to enable debug logging for ovn-controller:
     OVN_LOG_LEVEL=dbg
-  ip-10-0-209-180.ec2.internal: |
+  ci-ln-3njdr9b-72292-5nwkp-master-2: |
     # This sets the log level for the ovn-kubernetes node process:
     OVN_KUBE_LOG_LEVEL=5
     # You might also/instead want to enable debug logging for ovn-controller:
@@ -72,7 +72,7 @@ data:
 +
 [source,terminal]
 ----
-$ oc create configmap env-overrides.yaml -n openshift-ovn-kubernetes
+$ oc apply -n openshift-ovn-kubernetes -f env-overrides.yaml
 ----
 +
 .Example output
@@ -86,16 +86,66 @@ configmap/env-overrides.yaml created
 [source,terminal]
 ----
 $ oc delete pod -n openshift-ovn-kubernetes \
---field-selector spec.nodeName=ip-10-0-217-114.ec2.internal -l app=ovnkube-node
+--field-selector spec.nodeName=ci-ln-3njdr9b-72292-5nwkp-master-0 -l app=ovnkube-node
 ----
 +
 [source,terminal]
 ----
 $ oc delete pod -n openshift-ovn-kubernetes \
---field-selector spec.nodeName=ip-10-0-209-180.ec2.internal -l app=ovnkube-node
+--field-selector spec.nodeName=ci-ln-3njdr9b-72292-5nwkp-master-2 -l app=ovnkube-node
 ----
 +
 [source,terminal]
 ----
-$ oc delete pod -n openshift-ovn-kubernetes -l app=ovnkube-master
+$ oc delete pod -n openshift-ovn-kubernetes -l app=ovnkube-node
+----
+
+. To verify that the `ConfigMap`file has been applied to all nodes for a specific pod, run the following command:
++
+[source,terminal]
+----
+$ oc logs -n openshift-ovn-kubernetes --all-containers --prefix ovnkube-node-<xxxx> | grep -E -m 10 '(Logging config:|vconsole|DBG)'
+----
++
+where:
+
+`<XXXX>`:: Specifies the random sequence of letters for a pod from the previous step.
++
+.Example output
+[source,terminal]
+----
+[pod/ovnkube-node-2cpjc/sbdb] + exec /usr/share/ovn/scripts/ovn-ctl --no-monitor '--ovn-sb-log=-vconsole:info -vfile:off -vPATTERN:console:%D{%Y-%m-%dT%H:%M:%S.###Z}|%05N|%c%T|%p|%m' run_sb_ovsdb
+[pod/ovnkube-node-2cpjc/ovnkube-controller] I1012 14:39:59.984506   35767 config.go:2247] Logging config: {File: CNIFile:/var/log/ovn-kubernetes/ovn-k8s-cni-overlay.log LibovsdbFile:/var/log/ovnkube/libovsdb.log Level:5 LogFileMaxSize:100 LogFileMaxBackups:5 LogFileMaxAge:0 ACLLoggingRateLimit:20}
+[pod/ovnkube-node-2cpjc/northd] + exec ovn-northd --no-chdir -vconsole:info -vfile:off '-vPATTERN:console:%D{%Y-%m-%dT%H:%M:%S.###Z}|%05N|%c%T|%p|%m' --pidfile /var/run/ovn/ovn-northd.pid --n-threads=1
+[pod/ovnkube-node-2cpjc/nbdb] + exec /usr/share/ovn/scripts/ovn-ctl --no-monitor '--ovn-nb-log=-vconsole:info -vfile:off -vPATTERN:console:%D{%Y-%m-%dT%H:%M:%S.###Z}|%05N|%c%T|%p|%m' run_nb_ovsdb
+[pod/ovnkube-node-2cpjc/ovn-controller] 2023-10-12T14:39:54.552Z|00002|hmap|DBG|lib/shash.c:114: 1 bucket with 6+ nodes, including 1 bucket with 6 nodes (32 nodes total across 32 buckets)
+[pod/ovnkube-node-2cpjc/ovn-controller] 2023-10-12T14:39:54.553Z|00003|hmap|DBG|lib/shash.c:114: 1 bucket with 6+ nodes, including 1 bucket with 6 nodes (64 nodes total across 64 buckets)
+[pod/ovnkube-node-2cpjc/ovn-controller] 2023-10-12T14:39:54.553Z|00004|hmap|DBG|lib/shash.c:114: 1 bucket with 6+ nodes, including 1 bucket with 7 nodes (32 nodes total across 32 buckets)
+[pod/ovnkube-node-2cpjc/ovn-controller] 2023-10-12T14:39:54.553Z|00005|reconnect|DBG|unix:/var/run/openvswitch/db.sock: entering BACKOFF
+[pod/ovnkube-node-2cpjc/ovn-controller] 2023-10-12T14:39:54.553Z|00007|reconnect|DBG|unix:/var/run/openvswitch/db.sock: entering CONNECTING
+[pod/ovnkube-node-2cpjc/ovn-controller] 2023-10-12T14:39:54.553Z|00008|ovsdb_cs|DBG|unix:/var/run/openvswitch/db.sock: SERVER_SCHEMA_REQUESTED -> SERVER_SCHEMA_REQUESTED at lib/ovsdb-cs.c:423
+----
+
+. Optional: Check the `ConfigMap` file has been applied by running the following command:
++
+[source,terminal]
+----
+for f in $(oc -n openshift-ovn-kubernetes get po -l 'app=ovnkube-node' --no-headers -o custom-columns=N:.metadata.name) ; do echo "---- $f ----" ; oc -n openshift-ovn-kubernetes exec -c ovnkube-controller $f --  pgrep -a -f  init-ovnkube-controller | grep -P -o '^.*loglevel\s+\d' ; done
+----
++
+.Example output
+[source,terminal]
+----
+---- ovnkube-node-2dt57 ----
+60981 /usr/bin/ovnkube --init-ovnkube-controller xpst8-worker-c-vmh5n.c.openshift-qe.internal --init-node xpst8-worker-c-vmh5n.c.openshift-qe.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 4
+---- ovnkube-node-4zznh ----
+178034 /usr/bin/ovnkube --init-ovnkube-controller xpst8-master-2.c.openshift-qe.internal --init-node xpst8-master-2.c.openshift-qe.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 4
+---- ovnkube-node-548sx ----
+77499 /usr/bin/ovnkube --init-ovnkube-controller xpst8-worker-a-fjtnb.c.openshift-qe.internal --init-node xpst8-worker-a-fjtnb.c.openshift-qe.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 4
+---- ovnkube-node-6btrf ----
+73781 /usr/bin/ovnkube --init-ovnkube-controller xpst8-worker-b-p8rww.c.openshift-qe.internal --init-node xpst8-worker-b-p8rww.c.openshift-qe.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 4
+---- ovnkube-node-fkc9r ----
+130707 /usr/bin/ovnkube --init-ovnkube-controller xpst8-master-0.c.openshift-qe.internal --init-node xpst8-master-0.c.openshift-qe.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 5
+---- ovnkube-node-tk9l4 ----
+181328 /usr/bin/ovnkube --init-ovnkube-controller xpst8-master-1.c.openshift-qe.internal --init-node xpst8-master-1.c.openshift-qe.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 4
 ----
\ No newline at end of file
diff --git a/modules/nw-ovn-kubernetes-examine-nb-database-contents-ref.adoc b/modules/nw-ovn-kubernetes-examine-nb-database-contents-ref.adoc
index 41646644ddaa..4a293bf0fd16 100644
--- a/modules/nw-ovn-kubernetes-examine-nb-database-contents-ref.adoc
+++ b/modules/nw-ovn-kubernetes-examine-nb-database-contents-ref.adoc
@@ -2,19 +2,25 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-ovn-kubernetes-examine-nb-database-contents-ref_{context}"]
 = Command line arguments for ovn-nbctl to examine northbound database contents
 
 The following table describes the command line arguments that can be used with `ovn-nbctl` to examine the contents of the northbound database.
 
+
+[NOTE]
+====
+Open a remote shell in the pod you want to view the contents of and then run the `ovn-nbctl` commands.
+====
+
 .Command line arguments to examine northbound database contents
 [cols="30%,70%",options="header"]
 |===
 |Argument |Description
 
 |`ovn-nbctl show`
-|An overview of the northbound database contents.
+|An overview of the northbound database contents as seen from a specific node.
 
 |`ovn-nbctl show <switch_or_router>`
 |Show the details associated with the specified switch or router.
diff --git a/modules/nw-ovn-kubernetes-examine-sb-database-contents-ref.adoc b/modules/nw-ovn-kubernetes-examine-sb-database-contents-ref.adoc
index 33fdf440df87..0cb3f168b538 100644
--- a/modules/nw-ovn-kubernetes-examine-sb-database-contents-ref.adoc
+++ b/modules/nw-ovn-kubernetes-examine-sb-database-contents-ref.adoc
@@ -2,19 +2,24 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-ovn-kubernetes-examine-sb-database-contents-ref_{context}"]
 = Command line arguments for ovn-sbctl to examine southbound database contents
 
 The following table describes the command line arguments that can be used with `ovn-sbctl` to examine the contents of the southbound database.
 
+[NOTE]
+====
+Open a remote shell in the pod you wish to view the contents of and then run the `ovn-sbctl` commands.
+====
+
 .Command line arguments to examine southbound database contents
 [cols="30%,70%",options="header"]
 |===
 |Argument |Description
 
 |`ovn-sbctl show`
-|Overview of the southbound database contents.
+|An overview of the southbound database contents as seen from a specific node.
 
 |`ovn-sbctl list Port_Binding <port>`
 |List the contents of southbound database for a the specified port .
diff --git a/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc b/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc
index 322df391a71b..94488f58f83a 100644
--- a/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc
+++ b/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-install-ovnkube-trace-local_{context}"]
 = Installing the ovnkube-trace on local host
 
@@ -14,20 +14,24 @@ The `ovnkube-trace` tool traces packet simulations for arbitrary UDP or TCP traf
 * You are logged in to the cluster with a user with `cluster-admin` privileges.
 
 .Procedure
-
 . Create a pod variable by using the following command:
 +
 [source,terminal]
 ----
-$  POD=$(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-master -o name | head -1 | awk -F '/' '{print $NF}')
+$  POD=$(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-control-plane -o name | head -1 | awk -F '/' '{print $NF}')
 ----
 
-. Run the following command on your local host to copy the binary from the `ovnkube-master` pods:
+. Run the following command on your local host to copy the binary from the `ovnkube-control-plane` pods:
 +
 [source,terminal]
 ----
-$  oc cp -n openshift-ovn-kubernetes $POD:/usr/bin/ovnkube-trace ovnkube-trace
+$  oc cp -n openshift-ovn-kubernetes $POD:/usr/bin/ovnkube-trace -c ovnkube-cluster-manager ovnkube-trace
 ----
++
+[NOTE]
+====
+If you are using {op-system-base-full} 8 to run the `ovnkube-trace` tool, you must copy the file `/usr/lib/rhel8/ovnkube-trace` to your local host.
+====
 
 . Make `ovnkube-trace` executable by running the following command:
 +
@@ -47,8 +51,9 @@ $  ./ovnkube-trace -help
 +
 [source,terminal]
 ----
-I0111 15:05:27.973305  204872 ovs.go:90] Maximum command line arguments set to: 191102
 Usage of ./ovnkube-trace:
+  -addr-family string
+    	Address family (ip4 or ip6) to be used for tracing (default "ip4")
   -dst string
     	dest: destination pod name
   -dst-ip string
diff --git a/modules/nw-ovn-kubernetes-installing-network-tools.adoc b/modules/nw-ovn-kubernetes-installing-network-tools.adoc
index 755207cc1ee3..01bf191ec6bd 100644
--- a/modules/nw-ovn-kubernetes-installing-network-tools.adoc
+++ b/modules/nw-ovn-kubernetes-installing-network-tools.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-installing-network-tools_{context}"]
 = Installing network-tools on local host
 
diff --git a/modules/nw-ovn-kubernetes-list-database-contents.adoc b/modules/nw-ovn-kubernetes-list-database-contents.adoc
index a2f7f08f5c47..6e19253c1bf9 100644
--- a/modules/nw-ovn-kubernetes-list-database-contents.adoc
+++ b/modules/nw-ovn-kubernetes-list-database-contents.adoc
@@ -2,12 +2,11 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-list-database-contents_{context}"]
 = Listing the OVN-Kubernetes northbound database contents
 
-To understand logic flow rules you need to examine the northbound database and understand what objects are there to see how they are translated into logic flow rules.
-The up to date information is present on the OVN Raft leader and this procedure describes how to find the Raft leader and subsequently query it to list the OVN northbound database contents.
+Each node is controlled by the `ovnkube-controller` container running in the `ovnkube-node` pod on that node. To understand the OVN logical networking entities you need to examine the northbound database that is running as a container inside the `ovnkube-node` pod on that node to see what objects are in the node you wish to see.
 
 .Prerequisites
 
@@ -16,14 +15,12 @@ The up to date information is present on the OVN Raft leader and this procedure
 
 .Procedure
 
-. Find the OVN Raft leader for the northbound database.
-+
 [NOTE]
 ====
-The Raft leader stores the most up to date information.
+To run ovn `nbctl` or `sbctl` commands in a cluster you must open a remote shell into the `nbdb` or `sbdb` containers on the relevant node
 ====
 
-.. List the pods by running the following command:
+. List pods by running the following command:
 +
 [source,terminal]
 ----
@@ -33,109 +30,71 @@ $ oc get po -n openshift-ovn-kubernetes
 .Example output
 [source,terminal]
 ----
-NAME                   READY   STATUS    RESTARTS       AGE
-ovnkube-master-7j97q   6/6     Running   2 (148m ago)   149m
-ovnkube-master-gt4ms   6/6     Running   1 (140m ago)   147m
-ovnkube-master-mk6p6   6/6     Running   0              148m
-ovnkube-node-8qvtr     5/5     Running   0              149m
-ovnkube-node-fqdc9     5/5     Running   0              149m
-ovnkube-node-tlfwv     5/5     Running   0              149m
-ovnkube-node-wlwkn     5/5     Running   0              142m
+NAME                                     READY   STATUS    RESTARTS      AGE
+ovnkube-control-plane-8444dff7f9-4lh9k   2/2     Running   0             27m
+ovnkube-control-plane-8444dff7f9-5rjh9   2/2     Running   0             27m
+ovnkube-control-plane-8444dff7f9-k64b7   2/2     Running   2 (11m ago)   27m
+ovnkube-node-55xs2                       8/8     Running   0             26m
+ovnkube-node-7r84r                       8/8     Running   0             16m
+ovnkube-node-bqq8p                       8/8     Running   0             17m
+ovnkube-node-mkj4f                       8/8     Running   0             26m
+ovnkube-node-mlr8k                       8/8     Running   0             26m
+ovnkube-node-wqn2m                       8/8     Running   0             16m
 ----
 
-.. Choose one of the master pods at random and run the following command:
+. Optional: To list the pods with node information, run the following command:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes ovnkube-master-7j97q \
--- /usr/bin/ovn-appctl -t /var/run/ovn/ovnnb_db.ctl \
---timeout=3 cluster/status OVN_Northbound
+$ oc get pods -n openshift-ovn-kubernetes -owide
 ----
 +
 .Example output
 [source,terminal]
 ----
-Defaulted container "northd" out of: northd, nbdb, kube-rbac-proxy, sbdb, ovnkube-master, ovn-dbchecker
-1c57
-Name: OVN_Northbound
-Cluster ID: c48a (c48aa5c0-a704-4c77-a066-24fe99d9b338)
-Server ID: 1c57 (1c57b6fc-2849-49b7-8679-fbf18bafe339)
-Address: ssl:10.0.147.219:9643
-Status: cluster member
-Role: follower <1>
-Term: 5
-Leader: 2b4f <2>
-Vote: unknown
-
-Election timer: 10000
-Log: [2, 3018]
-Entries not yet committed: 0
-Entries not yet applied: 0
-Connections: ->0000 ->0000 <-8844 <-2b4f
-Disconnections: 0
-Servers:
-    1c57 (1c57 at ssl:10.0.147.219:9643) (self)
-    8844 (8844 at ssl:10.0.163.212:9643) last msg 8928047 ms ago
-    2b4f (2b4f at ssl:10.0.242.240:9643) last msg 620 ms ago <3>
-----
-+
-<1> This pod is identified as a follower
-<2> The leader is identified as `2b4f`
-<3> The `2b4f` is on IP address `10.0.242.240`
-
-.. Find the `ovnkube-master` pod running on IP Address `10.0.242.240` using the following command:
-+
-[source,terminal]
-----
-$ oc get po -o wide -n openshift-ovn-kubernetes | grep 10.0.242.240 | grep -v ovnkube-node
+NAME                                     READY   STATUS    RESTARTS      AGE   IP           NODE                                       NOMINATED NODE   READINESS GATES
+ovnkube-control-plane-8444dff7f9-4lh9k   2/2     Running   0             27m   10.0.0.3     ci-ln-t487nnb-72292-mdcnq-master-1         <none>           <none>
+ovnkube-control-plane-8444dff7f9-5rjh9   2/2     Running   0             27m   10.0.0.4     ci-ln-t487nnb-72292-mdcnq-master-2         <none>           <none>
+ovnkube-control-plane-8444dff7f9-k64b7   2/2     Running   2 (12m ago)   27m   10.0.0.5     ci-ln-t487nnb-72292-mdcnq-master-0         <none>           <none>
+ovnkube-node-55xs2                       8/8     Running   0             26m   10.0.0.4     ci-ln-t487nnb-72292-mdcnq-master-2         <none>           <none>
+ovnkube-node-7r84r                       8/8     Running   0             17m   10.0.128.3   ci-ln-t487nnb-72292-mdcnq-worker-b-wbz7z   <none>           <none>
+ovnkube-node-bqq8p                       8/8     Running   0             17m   10.0.128.2   ci-ln-t487nnb-72292-mdcnq-worker-a-lh7ms   <none>           <none>
+ovnkube-node-mkj4f                       8/8     Running   0             27m   10.0.0.5     ci-ln-t487nnb-72292-mdcnq-master-0         <none>           <none>
+ovnkube-node-mlr8k                       8/8     Running   0             27m   10.0.0.3     ci-ln-t487nnb-72292-mdcnq-master-1         <none>           <none>
+ovnkube-node-wqn2m                       8/8     Running   0             17m   10.0.128.4   ci-ln-t487nnb-72292-mdcnq-worker-c-przlm   <none>           <none>
 ----
+
+. Navigate into a pod to look at the northbound database by running the following command:
 +
-.Example output
 [source,terminal]
 ----
-ovnkube-master-gt4ms   6/6     Running             1 (143m ago)   150m   10.0.242.240   ip-10-0-242-240.ec2.internal   <none>           <none>
+$ oc rsh -c nbdb -n openshift-ovn-kubernetes ovnkube-node-55xs2
 ----
-+
-The `ovnkube-master-gt4ms` pod runs on IP Address 10.0.242.240.
 
 . Run the following command to show all the objects in the northbound database:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-gt4ms \
--c northd -- ovn-nbctl show
+$ ovn-nbctl show
 ----
 +
 The output is too long to list here. The list includes the NAT rules, logical switches, load balancers and so on.
 +
-Run the following command to display the options available with the command `ovn-nbctl`:
-+
-[source,terminal]
-----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-mk6p6 \
--c northd ovn-nbctl --help
-----
-+
-You can narrow down and focus on specific components by using some of the following commands:
+You can narrow down and focus on specific components by using some of the following optional commands:
 
-. Run the following command to show the list of logical routers:
+.. Run the following command to show the list of logical routers:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-gt4ms \
+$ oc exec -n openshift-ovn-kubernetes -it ovnkube-node-55xs2 \
 -c northd -- ovn-nbctl lr-list
 ----
 +
 .Example output
 [source,terminal]
 ----
-f971f1f3-5112-402f-9d1e-48f1d091ff04 (GR_ip-10-0-145-205.ec2.internal)
-69c992d8-a4cf-429e-81a3-5361209ffe44 (GR_ip-10-0-147-219.ec2.internal)
-7d164271-af9e-4283-b84a-48f2a44851cd (GR_ip-10-0-163-212.ec2.internal)
-111052e3-c395-408b-97b2-8dd0a20a29a5 (GR_ip-10-0-165-9.ec2.internal)
-ed50ce33-df5d-48e8-8862-2df6a59169a0 (GR_ip-10-0-209-170.ec2.internal)
-f44e2a96-8d1e-4a4d-abae-ed8728ac6851 (GR_ip-10-0-242-240.ec2.internal)
-ef3d0057-e557-4b1a-b3c6-fcc3463790b0 (ovn_cluster_router)
+45339f4f-7d0b-41d0-b5f9-9fca9ce40ce6 (GR_ci-ln-t487nnb-72292-mdcnq-master-2)
+96a0a0f0-e7ed-4fec-8393-3195563de1b8 (ovn_cluster_router)
 ----
 +
 [NOTE]
@@ -143,30 +102,21 @@ ef3d0057-e557-4b1a-b3c6-fcc3463790b0 (ovn_cluster_router)
 From this output you can see there is router on each node plus an `ovn_cluster_router`.
 ====
 
-. Run the following command to show the list of logical switches:
+.. Run the following command to show the list of logical switches:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-gt4ms \
--c northd -- ovn-nbctl ls-list
+$ oc exec -n openshift-ovn-kubernetes -it ovnkube-node-55xs2 \
+-c nbdb -- ovn-nbctl ls-list
 ----
 +
 .Example output
 [source,terminal]
 ----
-82808c5c-b3bc-414a-bb59-8fec4b07eb14 (ext_ip-10-0-145-205.ec2.internal)
-3d22444f-0272-4c51-afc6-de9e03db3291 (ext_ip-10-0-147-219.ec2.internal)
-bf73b9df-59ab-4c58-a456-ce8205b34ac5 (ext_ip-10-0-163-212.ec2.internal)
-bee1e8d0-ec87-45eb-b98b-63f9ec213e5e (ext_ip-10-0-165-9.ec2.internal)
-812f08f2-6476-4abf-9a78-635f8516f95e (ext_ip-10-0-209-170.ec2.internal)
-f65e710b-32f9-482b-8eab-8d96a44799c1 (ext_ip-10-0-242-240.ec2.internal)
-84dad700-afb8-4129-86f9-923a1ddeace9 (ip-10-0-145-205.ec2.internal)
-1b7b448b-e36c-4ca3-9f38-4a2cf6814bfd (ip-10-0-147-219.ec2.internal)
-d92d1f56-2606-4f23-8b6a-4396a78951de (ip-10-0-163-212.ec2.internal)
-6864a6b2-de15-4de3-92d8-f95014b6f28f (ip-10-0-165-9.ec2.internal)
-c26bf618-4d7e-4afd-804f-1a2cbc96ec6d (ip-10-0-209-170.ec2.internal)
-ab9a4526-44ed-4f82-ae1c-e20da04947d9 (ip-10-0-242-240.ec2.internal)
-a8588aba-21da-4276-ba0f-9d68e88911f0 (join)
+bdd7dc3d-d848-4a74-b293-cc15128ea614 (ci-ln-t487nnb-72292-mdcnq-master-2)
+b349292d-ee03-4914-935f-1940b6cb91e5 (ext_ci-ln-t487nnb-72292-mdcnq-master-2)
+0aac0754-ea32-4e33-b086-35eeabf0a140 (join)
+992509d7-2c3f-4432-88db-c179e43592e5 (transit_switch)
 ----
 +
 [NOTE]
@@ -174,55 +124,53 @@ a8588aba-21da-4276-ba0f-9d68e88911f0 (join)
 From this output you can see there is an ext switch for each node plus switches with the node name itself and a join switch.
 ====
 
-. Run the following command to show the list of load balancers:
+.. Run the following command to show the list of load balancers:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-gt4ms \
--c northd -- ovn-nbctl lb-list
+$ oc exec -n openshift-ovn-kubernetes -it ovnkube-node-55xs2 \
+-c nbdb -- ovn-nbctl lb-list
 ----
 +
 .Example output
 [source,terminal]
 ----
 UUID                                    LB                  PROTO      VIP                     IPs
-f0fb50f9-4968-4b55-908c-616bae4db0a2    Service_default/    tcp        172.30.0.1:443          10.0.147.219:6443,10.0.163.212:6443,169.254.169.2:6443
-0dc42012-4f5b-432e-ae01-2cc4bfe81b00    Service_default/    tcp        172.30.0.1:443          10.0.147.219:6443,169.254.169.2:6443,10.0.242.240:6443
-f7fff5d5-5eff-4a40-98b1-3a4ba8f7f69c    Service_default/    tcp        172.30.0.1:443          169.254.169.2:6443,10.0.163.212:6443,10.0.242.240:6443
-12fe57a0-50a4-4a1b-ac10-5f288badee07    Service_default/    tcp        172.30.0.1:443          10.0.147.219:6443,10.0.163.212:6443,10.0.242.240:6443
-3f137fbf-0b78-4875-ba44-fbf89f254cf7    Service_openshif    tcp        172.30.23.153:443       10.130.0.14:8443
-174199fe-0562-4141-b410-12094db922a7    Service_openshif    tcp        172.30.69.51:50051      10.130.0.84:50051
-5ee2d4bd-c9e2-4d16-a6df-f54cd17c9ac3    Service_openshif    tcp        172.30.143.87:9001      10.0.145.205:9001,10.0.147.219:9001,10.0.163.212:9001,10.0.165.9:9001,10.0.209.170:9001,10.0.242.240:9001
-a056ae3d-83f8-45bc-9c80-ef89bce7b162    Service_openshif    tcp        172.30.164.74:443       10.0.147.219:6443,10.0.163.212:6443,10.0.242.240:6443
-bac51f3d-9a6f-4f5e-ac02-28fd343a332a    Service_openshif    tcp        172.30.0.10:53          10.131.0.6:5353
-                                                            tcp        172.30.0.10:9154        10.131.0.6:9154
-48105bbc-51d7-4178-b975-417433f9c20a    Service_openshif    tcp        172.30.26.159:2379      10.0.147.219:2379,169.254.169.2:2379,10.0.242.240:2379
-                                                            tcp        172.30.26.159:9979      10.0.147.219:9979,169.254.169.2:9979,10.0.242.240:9979
-7de2b8fc-342a-415f-ac13-1a493f4e39c0    Service_openshif    tcp        172.30.53.219:443       10.128.0.7:8443
-                                                            tcp        172.30.53.219:9192      10.128.0.7:9192
-2cef36bc-d720-4afb-8d95-9350eff1d27a    Service_openshif    tcp        172.30.81.66:443        10.128.0.23:8443
-365cb6fb-e15e-45a4-a55b-21868b3cf513    Service_openshif    tcp        172.30.96.51:50051      10.130.0.19:50051
-41691cbb-ec55-4cdb-8431-afce679c5e8d    Service_openshif    tcp        172.30.98.218:9099      169.254.169.2:9099
-82df10ba-8143-400b-977a-8f5f416a4541    Service_openshif    tcp        172.30.26.159:2379      10.0.147.219:2379,10.0.163.212:2379,169.254.169.2:2379
-                                                            tcp        172.30.26.159:9979      10.0.147.219:9979,10.0.163.212:9979,169.254.169.2:9979
-debe7f3a-39a8-490e-bc0a-ebbfafdffb16    Service_openshif    tcp        172.30.23.244:443       10.128.0.48:8443,10.129.0.27:8443,10.130.0.45:8443
-8a749239-02d9-4dc2-8737-716528e0da7b    Service_openshif    tcp        172.30.124.255:8443     10.128.0.14:8443
-880c7c78-c790-403d-a3cb-9f06592717a3    Service_openshif    tcp        172.30.0.10:53          10.130.0.20:5353
-                                                            tcp        172.30.0.10:9154        10.130.0.20:9154
-d2f39078-6751-4311-a161-815bbaf7f9c7    Service_openshif    tcp        172.30.26.159:2379      169.254.169.2:2379,10.0.163.212:2379,10.0.242.240:2379
-                                                            tcp        172.30.26.159:9979      169.254.169.2:9979,10.0.163.212:9979,10.0.242.240:9979
-30948278-602b-455c-934a-28e64c46de12    Service_openshif    tcp        172.30.157.35:9443      10.130.0.43:9443
-2cc7e376-7c02-4a82-89e8-dfa1e23fb003    Service_openshif    tcp        172.30.159.212:17698    10.128.0.48:17698,10.129.0.27:17698,10.130.0.45:17698
-e7d22d35-61c2-40c2-bc30-265cff8ed18d    Service_openshif    tcp        172.30.143.87:9001      10.0.145.205:9001,10.0.147.219:9001,10.0.163.212:9001,10.0.165.9:9001,10.0.209.170:9001,169.254.169.2:9001
-75164e75-e0c5-40fb-9636-bfdbf4223a02    Service_openshif    tcp        172.30.150.68:1936      10.129.4.8:1936,10.131.0.10:1936
-                                                            tcp        172.30.150.68:443       10.129.4.8:443,10.131.0.10:443
-                                                            tcp        172.30.150.68:80        10.129.4.8:80,10.131.0.10:80
-7bc4ee74-dccf-47e9-9149-b011f09aff39    Service_openshif    tcp        172.30.164.74:443       10.0.147.219:6443,10.0.163.212:6443,169.254.169.2:6443
-0db59e74-1cc6-470c-bf44-57c520e0aa8f    Service_openshif    tcp        10.0.163.212:31460
-                                                            tcp        10.0.163.212:32361
-c300e134-018c-49af-9f84-9deb1d0715f8    Service_openshif    tcp        172.30.42.244:50051     10.130.0.47:50051
-5e352773-429b-4881-afb3-a13b7ba8b081    Service_openshif    tcp        172.30.244.66:443       10.129.0.8:8443,10.130.0.8:8443
-54b82d32-1939-4465-a87d-f26321442a7a    Service_openshif    tcp        172.30.12.9:8443        10.128.0.35:8443
+7c84c673-ed2a-4436-9a1f-9bc5dd181eea    Service_default/    tcp        172.30.0.1:443          10.0.0.3:6443,169.254.169.2:6443,10.0.0.5:6443
+4d663fd9-ddc8-4271-b333-4c0e279e20bb    Service_default/    tcp        172.30.0.1:443          10.0.0.3:6443,10.0.0.4:6443,10.0.0.5:6443
+292eb07f-b82f-4962-868a-4f541d250bca    Service_openshif    tcp        172.30.105.247:443      10.129.0.12:8443
+034b5a7f-bb6a-45e9-8e6d-573a82dc5ee3    Service_openshif    tcp        172.30.192.38:443       10.0.0.3:10259,10.0.0.4:10259,10.0.0.5:10259
+a68bb53e-be84-48df-bd38-bdd82fcd4026    Service_openshif    tcp        172.30.161.125:8443     10.129.0.32:8443
+6cc21b3d-2c54-4c94-8ff5-d8e017269c2e    Service_openshif    tcp        172.30.3.144:443        10.129.0.22:8443
+37996ffd-7268-4862-a27f-61cd62e09c32    Service_openshif    tcp        172.30.181.107:443      10.129.0.18:8443
+81d4da3c-f811-411f-ae0c-bc6713d0861d    Service_openshif    tcp        172.30.228.23:443       10.129.0.29:8443
+ac5a4f3b-b6ba-4ceb-82d0-d84f2c41306e    Service_openshif    tcp        172.30.14.240:9443      10.129.0.36:9443
+c88979fb-1ef5-414b-90ac-43b579351ac9    Service_openshif    tcp        172.30.231.192:9001     10.128.0.5:9001,10.128.2.5:9001,10.129.0.5:9001,10.129.2.4:9001,10.130.0.3:9001,10.131.0.3:9001
+fcb0a3fb-4a77-4230-a84a-be45dce757e8    Service_openshif    tcp        172.30.189.92:443       10.130.0.17:8440
+67ef3e7b-ceb9-4bf0-8d96-b43bde4c9151    Service_openshif    tcp        172.30.67.218:443       10.129.0.9:8443
+d0032fba-7d5e-424a-af25-4ab9b5d46e81    Service_openshif    tcp        172.30.102.137:2379     10.0.0.3:2379,10.0.0.4:2379,10.0.0.5:2379
+                                                            tcp        172.30.102.137:9979     10.0.0.3:9979,10.0.0.4:9979,10.0.0.5:9979
+7361c537-3eec-4e6c-bc0c-0522d182abd4    Service_openshif    tcp        172.30.198.215:9001     10.0.0.3:9001,10.0.0.4:9001,10.0.0.5:9001,10.0.128.2:9001,10.0.128.3:9001,10.0.128.4:9001
+0296c437-1259-410b-a6fd-81c310ad0af5    Service_openshif    tcp        172.30.198.215:9001     10.0.0.3:9001,169.254.169.2:9001,10.0.0.5:9001,10.0.128.2:9001,10.0.128.3:9001,10.0.128.4:9001
+5d5679f5-45b8-479d-9f7c-08b123c688b8    Service_openshif    tcp        172.30.38.253:17698     10.128.0.52:17698,10.129.0.84:17698,10.130.0.60:17698
+2adcbab4-d1c9-447d-9573-b5dc9f2efbfa    Service_openshif    tcp        172.30.148.52:443       10.0.0.4:9202,10.0.0.5:9202
+                                                            tcp        172.30.148.52:444       10.0.0.4:9203,10.0.0.5:9203
+                                                            tcp        172.30.148.52:445       10.0.0.4:9204,10.0.0.5:9204
+                                                            tcp        172.30.148.52:446       10.0.0.4:9205,10.0.0.5:9205
+2a33a6d7-af1b-4892-87cc-326a380b809b    Service_openshif    tcp        172.30.67.219:9091      10.129.2.16:9091,10.131.0.16:9091
+                                                            tcp        172.30.67.219:9092      10.129.2.16:9092,10.131.0.16:9092
+                                                            tcp        172.30.67.219:9093      10.129.2.16:9093,10.131.0.16:9093
+                                                            tcp        172.30.67.219:9094      10.129.2.16:9094,10.131.0.16:9094
+f56f59d7-231a-4974-99b3-792e2741ec8d    Service_openshif    tcp        172.30.89.212:443       10.128.0.41:8443,10.129.0.68:8443,10.130.0.44:8443
+08c2c6d7-d217-4b96-b5d8-c80c4e258116    Service_openshif    tcp        172.30.102.137:2379     10.0.0.3:2379,169.254.169.2:2379,10.0.0.5:2379
+                                                            tcp        172.30.102.137:9979     10.0.0.3:9979,169.254.169.2:9979,10.0.0.5:9979
+60a69c56-fc6a-4de6-bd88-3f2af5ba5665    Service_openshif    tcp        172.30.10.193:443       10.129.0.25:8443
+ab1ef694-0826-4671-a22c-565fc2d282ec    Service_openshif    tcp        172.30.196.123:443      10.128.0.33:8443,10.129.0.64:8443,10.130.0.37:8443
+b1fb34d3-0944-4770-9ee3-2683e7a630e2    Service_openshif    tcp        172.30.158.93:8443      10.129.0.13:8443
+95811c11-56e2-4877-be1e-c78ccb3a82a9    Service_openshif    tcp        172.30.46.85:9001       10.130.0.16:9001
+4baba1d1-b873-4535-884c-3f6fc07a50fd    Service_openshif    tcp        172.30.28.87:443        10.129.0.26:8443
+6c2e1c90-f0ca-484e-8a8e-40e71442110a    Service_openshif    udp        172.30.0.10:53          10.128.0.13:5353,10.128.2.6:5353,10.129.0.39:5353,10.129.2.6:5353,10.130.0.11:5353,10.131.0.9:5353
+
 ----
 +
 [NOTE]
@@ -230,4 +178,10 @@ c300e134-018c-49af-9f84-9deb1d0715f8    Service_openshif    tcp        172.30.42
 From this truncated output you can see there are many OVN-Kubernetes load balancers. Load balancers in OVN-Kubernetes are representations of services.
 ====
 
-
+. Run the following command to display the options available with the command `ovn-nbctl`:
++
+[source,terminal]
+----
+$ oc exec -n openshift-ovn-kubernetes -it ovnkube-node-55xs2 \
+-c nbdb ovn-nbctl --help
+----
\ No newline at end of file
diff --git a/modules/nw-ovn-kubernetes-list-resources.adoc b/modules/nw-ovn-kubernetes-list-resources.adoc
index 022860dcb204..032af05c518b 100644
--- a/modules/nw-ovn-kubernetes-list-resources.adoc
+++ b/modules/nw-ovn-kubernetes-list-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-list-resources_{context}"]
 = Listing all resources in the OVN-Kubernetes project
 
@@ -25,75 +25,74 @@ $ oc get all,ep,cm -n openshift-ovn-kubernetes
 .Example output
 [source,terminal]
 ----
-NAME                       READY   STATUS    RESTARTS      AGE
-pod/ovnkube-master-9g7zt   6/6     Running   1 (48m ago)   57m
-pod/ovnkube-master-lqs4v   6/6     Running   0             57m
-pod/ovnkube-master-vxhtq   6/6     Running   0             57m
-pod/ovnkube-node-9k9kc     5/5     Running   0             57m
-pod/ovnkube-node-jg52r     5/5     Running   0             51m
-pod/ovnkube-node-k8wf7     5/5     Running   0             57m
-pod/ovnkube-node-tlwk6     5/5     Running   0             47m
-pod/ovnkube-node-xsvnk     5/5     Running   0             57m
+Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+
+NAME                                         READY   STATUS    RESTARTS       AGE
+pod/ovnkube-control-plane-65c6f55656-6d55h   2/2     Running   0              114m
+pod/ovnkube-control-plane-65c6f55656-fd7vw   2/2     Running   2 (104m ago)   114m
+pod/ovnkube-control-plane-65c6f55656-vtqtm   2/2     Running   0              114m
+pod/ovnkube-node-bcvts                       8/8     Running   0              113m
+pod/ovnkube-node-drgvv                       8/8     Running   0              113m
+pod/ovnkube-node-f2pxt                       8/8     Running   0              113m
+pod/ovnkube-node-frqsb                       8/8     Running   0              105m
+pod/ovnkube-node-lbxkk                       8/8     Running   0              105m
+pod/ovnkube-node-tt7bx                       8/8     Running   1 (102m ago)   105m
 
-NAME                            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)             AGE
-service/ovn-kubernetes-master   ClusterIP   None         <none>        9102/TCP            57m
-service/ovn-kubernetes-node     ClusterIP   None         <none>        9103/TCP,9105/TCP   57m
-service/ovnkube-db              ClusterIP   None         <none>        9641/TCP,9642/TCP   57m
+NAME                                   TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)             AGE
+service/ovn-kubernetes-control-plane   ClusterIP   None         <none>        9108/TCP            114m
+service/ovn-kubernetes-node            ClusterIP   None         <none>        9103/TCP,9105/TCP   114m
 
-NAME                            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                                                 AGE
-daemonset.apps/ovnkube-master   3         3         3       3            3           beta.kubernetes.io/os=linux,node-role.kubernetes.io/master=   57m
-daemonset.apps/ovnkube-node     5         5         5       5            5           beta.kubernetes.io/os=linux                                   57m
+NAME                          DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
+daemonset.apps/ovnkube-node   6         6         6       6            6           beta.kubernetes.io/os=linux   114m
 
-NAME                              ENDPOINTS                                                        AGE
-endpoints/ovn-kubernetes-master   10.0.132.11:9102,10.0.151.18:9102,10.0.192.45:9102               57m
-endpoints/ovn-kubernetes-node     10.0.132.11:9105,10.0.143.72:9105,10.0.151.18:9105 + 7 more...   57m
-endpoints/ovnkube-db              10.0.132.11:9642,10.0.151.18:9642,10.0.192.45:9642 + 3 more...   57m
+NAME                                    READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/ovnkube-control-plane   3/3     3            3           114m
+
+NAME                                               DESIRED   CURRENT   READY   AGE
+replicaset.apps/ovnkube-control-plane-65c6f55656   3         3         3       114m
+
+NAME                                     ENDPOINTS                                               AGE
+endpoints/ovn-kubernetes-control-plane   10.0.0.3:9108,10.0.0.4:9108,10.0.0.5:9108               114m
+endpoints/ovn-kubernetes-node            10.0.0.3:9105,10.0.0.4:9105,10.0.0.5:9105 + 9 more...   114m
 
 NAME                                 DATA   AGE
-configmap/control-plane-status       1      55m
-configmap/kube-root-ca.crt           1      57m
-configmap/openshift-service-ca.crt   1      57m
-configmap/ovn-ca                     1      57m
-configmap/ovn-kubernetes-master      0      55m
-configmap/ovnkube-config             1      57m
-configmap/signer-ca                  1      57m
+configmap/control-plane-status       1      113m
+configmap/kube-root-ca.crt           1      114m
+configmap/openshift-service-ca.crt   1      114m
+configmap/ovn-ca                     1      114m
+configmap/ovnkube-config             1      114m
+configmap/signer-ca                  1      114m
+
 ----
 +
-There are three `ovnkube-masters` that run on the control plane nodes, and two daemon sets used to deploy the `ovnkube-master` and `ovnkube-node` pods.
 There is one `ovnkube-node` pod for each node in the cluster.
-In this example, there are 5, and since there is one `ovnkube-node` per node in the cluster, there are five nodes in the cluster.
-The `ovnkube-config` `ConfigMap` has the {product-title} OVN-Kubernetes configurations started by online-master and `ovnkube-node`.
-The `ovn-kubernetes-master` `ConfigMap` has the information of the current online master leader.
+The `ovnkube-config` config map has the {product-title} OVN-Kubernetes configurations.
++
 
-. List all the containers in the `ovnkube-master` pods by running the following command:
+. List all of the containers in the `ovnkube-node` pods by running the following command:
 +
 [source,terminal]
 ----
-$ oc get pods ovnkube-master-9g7zt \
--o jsonpath='{.spec.containers[*].name}' -n openshift-ovn-kubernetes
+$ oc get pods ovnkube-node-bcvts -o jsonpath='{.spec.containers[*].name}' -n openshift-ovn-kubernetes
 ----
 .Expected output
 +
 [source,terminal]
 ----
-northd nbdb kube-rbac-proxy sbdb ovnkube-master ovn-dbchecker
+ovn-controller ovn-acl-logging kube-rbac-proxy-node kube-rbac-proxy-ovn-metrics northd nbdb sbdb ovnkube-controller
 ----
-+
-The `ovnkube-master` pod is made up of several containers.
-It is responsible for hosting the northbound database (`nbdb` container), the southbound database (`sbdb` container), watching for cluster events for pods, egressIP, namespaces, services, endpoints, egress firewall, and network policy and writing them to the northbound database (`ovnkube-master` pod), as well as managing pod subnet allocation to nodes.
+The `ovnkube-node` pod is made up of several containers. It is responsible for hosting the northbound database (`nbdb` container), the southbound database (`sbdb` container), the north daemon (`northd` container), `ovn-controller` and the `ovnkube-controller`container. The `ovnkube-controller` container watches for API objects like pods, egress IPs, namespaces, services, endpoints, egress firewall, and network policies. It is also responsible for allocating pod IP from the available subnet pool for that node.
 
-. List all the containers in the `ovnkube-node` pods by running the following command:
+. List all the containers in the `ovnkube-control-plane` pods by running the following command:
 +
 [source,terminal]
 ----
-$ oc get pods ovnkube-node-jg52r \
--o jsonpath='{.spec.containers[*].name}' -n openshift-ovn-kubernetes
+$ oc get pods ovnkube-control-plane-65c6f55656-6d55h -o jsonpath='{.spec.containers[*].name}' -n openshift-ovn-kubernetes
 ----
 .Expected output
 +
 [source,terminal]
 ----
-ovn-controller ovn-acl-logging kube-rbac-proxy kube-rbac-proxy-ovn-metrics ovnkube-node
+kube-rbac-proxy ovnkube-cluster-manager
 ----
 +
-The `ovnkube-node` pod has a container (`ovn-controller`) that resides on each {product-title} node. Each node’s `ovn-controller` connects the OVN northbound to the OVN southbound database to learn about the OVN configuration. The `ovn-controller` connects southbound to `ovs-vswitchd` as an OpenFlow controller, for control over network traffic, and to the local `ovsdb-server` to allow it to monitor and control Open vSwitch configuration.
\ No newline at end of file
+The `ovnkube-control-plane` pod has a container (`ovnkube-cluster-manager`) that resides on each {product-title} node. The `ovnkube-cluster-manager` container allocates pod subnet, transit switch subnet IP and join switch subnet IP to each node in the cluster. The `kube-rbac-proxy` container monitors metrics for the `ovnkube-cluster-manager` container.
diff --git a/modules/nw-ovn-kubernetes-list-southbound-database-contents.adoc b/modules/nw-ovn-kubernetes-list-southbound-database-contents.adoc
index edb4541048cf..34292d035d14 100644
--- a/modules/nw-ovn-kubernetes-list-southbound-database-contents.adoc
+++ b/modules/nw-ovn-kubernetes-list-southbound-database-contents.adoc
@@ -2,12 +2,11 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-list-southbound-database-contents_{context}"]
 = Listing the OVN-Kubernetes southbound database contents
 
-Logic flow rules are stored in the southbound database that is a representation of your infrastructure.
-The up to date information is present on the OVN Raft leader and this procedure describes how to find the Raft leader and query it to list the OVN southbound database contents.
+Each node is controlled by the `ovnkube-controller` container running in the `ovnkube-node` pod on that node. To understand the OVN logical networking entities you need to examine the northbound database that is running as a container inside the `ovnkube-node` pod on that node to see what objects are in the node you wish to see.
 
 .Prerequisites
 
@@ -16,14 +15,12 @@ The up to date information is present on the OVN Raft leader and this procedure
 
 .Procedure
 
-. Find the OVN Raft leader for the southbound database.
-+
 [NOTE]
 ====
-The Raft leader stores the most up to date information.
+To run ovn `nbctl` or `sbctl` commands in a cluster you must open a remote shell into the `nbdb` or `sbdb` containers on the relevant node
 ====
 
-.. List the pods by running the following command:
+. List the pods by running the following command:
 +
 [source,terminal]
 ----
@@ -33,105 +30,110 @@ $ oc get po -n openshift-ovn-kubernetes
 .Example output
 [source,terminal]
 ----
-NAME                   READY   STATUS    RESTARTS       AGE
-ovnkube-master-7j97q   6/6     Running   2 (134m ago)   135m
-ovnkube-master-gt4ms   6/6     Running   1 (126m ago)   133m
-ovnkube-master-mk6p6   6/6     Running   0              134m
-ovnkube-node-8qvtr     5/5     Running   0              135m
-ovnkube-node-bqztb     5/5     Running   0              117m
-ovnkube-node-fqdc9     5/5     Running   0              135m
-ovnkube-node-tlfwv     5/5     Running   0              135m
-ovnkube-node-wlwkn     5/5     Running   0              128m
+NAME                                     READY   STATUS    RESTARTS      AGE
+ovnkube-control-plane-8444dff7f9-4lh9k   2/2     Running   0             27m
+ovnkube-control-plane-8444dff7f9-5rjh9   2/2     Running   0             27m
+ovnkube-control-plane-8444dff7f9-k64b7   2/2     Running   2 (11m ago)   27m
+ovnkube-node-55xs2                       8/8     Running   0             26m
+ovnkube-node-7r84r                       8/8     Running   0             16m
+ovnkube-node-bqq8p                       8/8     Running   0             17m
+ovnkube-node-mkj4f                       8/8     Running   0             26m
+ovnkube-node-mlr8k                       8/8     Running   0             26m
+ovnkube-node-wqn2m                       8/8     Running   0             16m
 ----
 
-.. Choose one of the master pods at random and run the following command to find the OVN southbound Raft leader:
+. Optional: To list the pods with node information, run the following command:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes ovnkube-master-7j97q \
--- /usr/bin/ovn-appctl -t /var/run/ovn/ovnsb_db.ctl \
---timeout=3 cluster/status OVN_Southbound
+$ oc get pods -n openshift-ovn-kubernetes -owide
 ----
 +
 .Example output
 [source,terminal]
 ----
-Defaulted container "northd" out of: northd, nbdb, kube-rbac-proxy, sbdb, ovnkube-master, ovn-dbchecker
-1930
-Name: OVN_Southbound
-Cluster ID: f772 (f77273c0-7986-42dd-bd3c-a9f18e25701f)
-Server ID: 1930 (1930f4b7-314b-406f-9dcb-b81fe2729ae1)
-Address: ssl:10.0.147.219:9644
-Status: cluster member
-Role: follower <1>
-Term: 3
-Leader: 7081 <2>
-Vote: unknown
-
-Election timer: 16000
-Log: [2, 2423]
-Entries not yet committed: 0
-Entries not yet applied: 0
-Connections: ->0000 ->7145 <-7081 <-7145
-Disconnections: 0
-Servers:
-    7081 (7081 at ssl:10.0.163.212:9644) last msg 59 ms ago <3>
-    1930 (1930 at ssl:10.0.147.219:9644) (self)
-    7145 (7145 at ssl:10.0.242.240:9644) last msg 7871735 ms ago
+NAME                                     READY   STATUS    RESTARTS      AGE   IP           NODE                                       NOMINATED NODE   READINESS GATES
+ovnkube-control-plane-8444dff7f9-4lh9k   2/2     Running   0             27m   10.0.0.3     ci-ln-t487nnb-72292-mdcnq-master-1         <none>           <none>
+ovnkube-control-plane-8444dff7f9-5rjh9   2/2     Running   0             27m   10.0.0.4     ci-ln-t487nnb-72292-mdcnq-master-2         <none>           <none>
+ovnkube-control-plane-8444dff7f9-k64b7   2/2     Running   2 (12m ago)   27m   10.0.0.5     ci-ln-t487nnb-72292-mdcnq-master-0         <none>           <none>
+ovnkube-node-55xs2                       8/8     Running   0             26m   10.0.0.4     ci-ln-t487nnb-72292-mdcnq-master-2         <none>           <none>
+ovnkube-node-7r84r                       8/8     Running   0             17m   10.0.128.3   ci-ln-t487nnb-72292-mdcnq-worker-b-wbz7z   <none>           <none>
+ovnkube-node-bqq8p                       8/8     Running   0             17m   10.0.128.2   ci-ln-t487nnb-72292-mdcnq-worker-a-lh7ms   <none>           <none>
+ovnkube-node-mkj4f                       8/8     Running   0             27m   10.0.0.5     ci-ln-t487nnb-72292-mdcnq-master-0         <none>           <none>
+ovnkube-node-mlr8k                       8/8     Running   0             27m   10.0.0.3     ci-ln-t487nnb-72292-mdcnq-master-1         <none>           <none>
+ovnkube-node-wqn2m                       8/8     Running   0             17m   10.0.128.4   ci-ln-t487nnb-72292-mdcnq-worker-c-przlm   <none>           <none>
 ----
-+
-<1> This pod is identified as a follower
-<2> The leader is identified as `7081`
-<3> The `7081` is on IP address `10.0.163.212`
 
-.. Find the `ovnkube-master` pod running on IP Address `10.0.163.212` using the following command:
+. Navigate into a pod to look at the southbound database:
 +
 [source,terminal]
 ----
-$ oc get po -o wide -n openshift-ovn-kubernetes | grep 10.0.163.212 | grep -v ovnkube-node
+$ oc rsh -c sbdb -n openshift-ovn-kubernetes ovnkube-node-55xs2
 ----
-+
-.Example output
-[source,terminal]
-----
-ovnkube-master-mk6p6   6/6     Running   0              136m   10.0.163.212   ip-10-0-163-212.ec2.internal   <none>           <none>
-----
-+
-The `ovnkube-master-mk6p6` pod runs on IP Address 10.0.163.212.
 
-. Run the following command to show all the information stored in the southbound database:
+. Run the following command to show all the objects in the southbound database:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-mk6p6 \
--c northd -- ovn-sbctl show
+$ ovn-sbctl show
 ----
+
 +
 .Example output
 +
 [source,terminal]
 ----
-Chassis "8ca57b28-9834-45f0-99b0-96486c22e1be"
-    hostname: ip-10-0-156-16.ec2.internal
+Chassis "5db31703-35e9-413b-8cdf-69e7eecb41f7"
+    hostname: ci-ln-9gp362t-72292-v2p94-worker-a-8bmwz
+    Encap geneve
+        ip: "10.0.128.4"
+        options: {csum="true"}
+    Port_Binding tstor-ci-ln-9gp362t-72292-v2p94-worker-a-8bmwz
+Chassis "070debed-99b7-4bce-b17d-17e720b7f8bc"
+    hostname: ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Encap geneve
+        ip: "10.0.128.2"
+        options: {csum="true"}
+    Port_Binding k8s-ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Port_Binding rtoe-GR_ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Port_Binding openshift-monitoring_alertmanager-main-1
+    Port_Binding rtoj-GR_ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Port_Binding etor-GR_ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Port_Binding cr-rtos-ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Port_Binding openshift-e2e-loki_loki-promtail-qcrcz
+    Port_Binding jtor-GR_ci-ln-9gp362t-72292-v2p94-worker-b-svmp6
+    Port_Binding openshift-multus_network-metrics-daemon-mkd4t
+    Port_Binding openshift-ingress-canary_ingress-canary-xtvj4
+    Port_Binding openshift-ingress_router-default-6c76cbc498-pvlqk
+    Port_Binding openshift-dns_dns-default-zz582
+    Port_Binding openshift-monitoring_thanos-querier-57585899f5-lbf4f
+    Port_Binding openshift-network-diagnostics_network-check-target-tn228
+    Port_Binding openshift-monitoring_prometheus-k8s-0
+    Port_Binding openshift-image-registry_image-registry-68899bd877-xqxjj
+Chassis "179ba069-0af1-401c-b044-e5ba90f60fea"
+    hostname: ci-ln-9gp362t-72292-v2p94-master-0
     Encap geneve
-        ip: "10.0.156.16"
+        ip: "10.0.0.5"
         options: {csum="true"}
-    Port_Binding k8s-ip-10-0-156-16.ec2.internal
-    Port_Binding etor-GR_ip-10-0-156-16.ec2.internal
-    Port_Binding jtor-GR_ip-10-0-156-16.ec2.internal
-    Port_Binding openshift-ingress-canary_ingress-canary-hsblx
-    Port_Binding rtoj-GR_ip-10-0-156-16.ec2.internal
-    Port_Binding openshift-monitoring_prometheus-adapter-658fc5967-9l46x
-    Port_Binding rtoe-GR_ip-10-0-156-16.ec2.internal
-    Port_Binding openshift-multus_network-metrics-daemon-77nvz
-    Port_Binding openshift-ingress_router-default-64fd8c67c7-df598
-    Port_Binding openshift-dns_dns-default-ttpcq
-    Port_Binding openshift-monitoring_alertmanager-main-0
-    Port_Binding openshift-e2e-loki_loki-promtail-g2pbh
-    Port_Binding openshift-network-diagnostics_network-check-target-m6tn4
-    Port_Binding openshift-monitoring_thanos-querier-75b5cf8dcb-qf8qj
-    Port_Binding cr-rtos-ip-10-0-156-16.ec2.internal
-    Port_Binding openshift-image-registry_image-registry-7b7bc44566-mp9b8
+    Port_Binding tstor-ci-ln-9gp362t-72292-v2p94-master-0
+Chassis "68c954f2-5a76-47be-9e84-1cb13bd9dab9"
+    hostname: ci-ln-9gp362t-72292-v2p94-worker-c-mjf9w
+    Encap geneve
+        ip: "10.0.128.3"
+        options: {csum="true"}
+    Port_Binding tstor-ci-ln-9gp362t-72292-v2p94-worker-c-mjf9w
+Chassis "2de65d9e-9abf-4b6e-a51d-a1e038b4d8af"
+    hostname: ci-ln-9gp362t-72292-v2p94-master-2
+    Encap geneve
+        ip: "10.0.0.4"
+        options: {csum="true"}
+    Port_Binding tstor-ci-ln-9gp362t-72292-v2p94-master-2
+Chassis "1d371cb8-5e21-44fd-9025-c4b162cc4247"
+    hostname: ci-ln-9gp362t-72292-v2p94-master-1
+    Encap geneve
+        ip: "10.0.0.3"
+        options: {csum="true"}
+    Port_Binding tstor-ci-ln-9gp362t-72292-v2p94-master-1
 ----
 +
 This detailed output shows the chassis and the ports that are attached to the chassis which in this case are all of the router ports and anything that runs like host networking.
@@ -141,10 +143,11 @@ Their IP address is translated into the IP address of the node that the pod is r
 In addition to the chassis information the southbound database has all the logic flows and those logic flows are then sent to the `ovn-controller` running on each of the nodes.
 The `ovn-controller` translates the logic flows into open flow rules and ultimately programs `OpenvSwitch` so that your pods can then follow open flow rules and make it out of the network.
 +
-Run the following command to display the options available with the command `ovn-sbctl`:
+
+. Run the following command to display the options available with the command `ovn-sbctl`:
 +
 [source,terminal]
 ----
-$ oc exec -n openshift-ovn-kubernetes -it ovnkube-master-mk6p6 \
--c northd -- ovn-sbctl --help
-----
+$ oc exec -n openshift-ovn-kubernetes -it ovnkube-node-55xs2 \
+-c sbdb ovn-sbctl --help
+----
\ No newline at end of file
diff --git a/modules/nw-ovn-kubernetes-logs-cli.adoc b/modules/nw-ovn-kubernetes-logs-cli.adoc
index d1856121d7f9..719ccf317601 100644
--- a/modules/nw-ovn-kubernetes-logs-cli.adoc
+++ b/modules/nw-ovn-kubernetes-logs-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-logs-cli_{context}"]
 = Viewing the OVN-Kubernetes logs using the CLI
 
@@ -36,32 +36,32 @@ For example:
 +
 [source,terminal]
 ----
-$ oc logs ovnkube-master-7h4q7 -n openshift-ovn-kubernetes
+$ oc logs ovnkube-node-5dx44 -n openshift-ovn-kubernetes
 ----
 +
 [source,terminal]
 ----
-$ oc logs -f ovnkube-master-7h4q7 -n openshift-ovn-kubernetes -c ovn-dbchecker
+$ oc logs -f ovnkube-node-5dx44 -c ovnkube-controller -n openshift-ovn-kubernetes
 ----
 +
 The contents of log files are printed out.
 
-. Examine the most recent entries in all the containers in the `ovnkube-master` pods:
+. Examine the most recent entries in all the containers in the `ovnkube-node` pods:
 +
 [source,terminal]
 ----
-$ for p in $(oc get pods --selector app=ovnkube-master -n openshift-ovn-kubernetes \
+$ for p in $(oc get pods --selector app=ovnkube-node -n openshift-ovn-kubernetes \
 -o jsonpath='{range.items[*]}{" "}{.metadata.name}'); \
 do echo === $p ===; for container in $(oc get pods -n openshift-ovn-kubernetes $p \
 -o json | jq -r '.status.containerStatuses[] | .name');do echo ---$container---; \
 oc logs -c $container $p -n openshift-ovn-kubernetes --tail=5; done; done
 ----
 
-. View the last 5 lines of every log in every container in an `ovnkube-master` pod using the following command:
+. View the last 5 lines of every log in every container in an `ovnkube-node` pod using the following command:
 +
 [source,terminal]
 ----
-$ oc logs -l app=ovnkube-master -n openshift-ovn-kubernetes --all-containers --tail 5
+$ oc logs -l app=ovnkube-node -n openshift-ovn-kubernetes --all-containers --tail 5
 ----
 
 
diff --git a/modules/nw-ovn-kubernetes-logs-console.adoc b/modules/nw-ovn-kubernetes-logs-console.adoc
index ee59160b01cc..03516acdf224 100644
--- a/modules/nw-ovn-kubernetes-logs-console.adoc
+++ b/modules/nw-ovn-kubernetes-logs-console.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-logs-console_{context}"]
 = Viewing the OVN-Kubernetes logs using the web console
 
diff --git a/modules/nw-ovn-kubernetes-matrix.adoc b/modules/nw-ovn-kubernetes-matrix.adoc
index 3008cc157118..2c9ca49852f7 100644
--- a/modules/nw-ovn-kubernetes-matrix.adoc
+++ b/modules/nw-ovn-kubernetes-matrix.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-ovn-kubernetes-matrix_{context}"]
 = Supported network plugin feature matrix
 
@@ -24,7 +24,7 @@ ifeval::["{context}" == "about-ovn-kubernetes"]
 
 |IPsec encryption for intra-cluster communication|Supported|Not supported
 
-|IPv6|Supported ^[3]^|Not supported
+|IPv6|Supported ^[3]^ ^[4]^|Not supported
 
 |Kubernetes network policy|Supported|Supported
 
@@ -47,7 +47,7 @@ ifeval::["{context}" == "about-openshift-sdn"]
 
 |IPsec encryption|Not supported|Supported
 
-|IPv6|Not supported|Supported ^[3]^
+|IPv6|Not supported|Supported ^[3]^ ^[4]^
 
 |Kubernetes network policy|Supported|Supported
 
@@ -64,5 +64,7 @@ endif::[]
 
 2. Egress router for OVN-Kubernetes supports only redirect mode.
 
-3. IPv6 is supported only on bare metal, IBM Power, and {ibmzProductName} clusters.
+3. IPv6 is supported only on bare metal, vSphere, {ibm-power-name}, and {ibm-z-name} clusters.
+
+4. IPv6 single stack is not supported on {ibm-power-name} and {ibm-z-name} clusters.
 --
diff --git a/modules/nw-ovn-kubernetes-migration-about.adoc b/modules/nw-ovn-kubernetes-migration-about.adoc
index 86b8506759c1..b6bd40aa86a1 100644
--- a/modules/nw-ovn-kubernetes-migration-about.adoc
+++ b/modules/nw-ovn-kubernetes-migration-about.adoc
@@ -12,15 +12,16 @@ A migration to the OVN-Kubernetes network plugin is supported on the following p
 * Bare metal hardware
 * Amazon Web Services (AWS)
 * Google Cloud Platform (GCP)
-* IBM Cloud
+* {ibm-cloud-name}
 * Microsoft Azure
 * {rh-openstack-first}
-* {rh-virtualization-first}
 * VMware vSphere
 
 [IMPORTANT]
 ====
 Migrating to or from the OVN-Kubernetes network plugin is not supported for managed OpenShift cloud services such as {product-dedicated}, Azure Red Hat OpenShift(ARO), and Red Hat OpenShift Service on AWS (ROSA).
+
+Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin is not supported on Nutanix.
 ====
 
 [id="considerations-migrating-ovn-kubernetes-network-provider_{context}"]
diff --git a/modules/nw-ovn-kubernetes-migration.adoc b/modules/nw-ovn-kubernetes-migration.adoc
index 7e843bd4d5ae..7bac28001d1a 100644
--- a/modules/nw-ovn-kubernetes-migration.adoc
+++ b/modules/nw-ovn-kubernetes-migration.adoc
@@ -3,7 +3,7 @@
 // * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
 // * networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-migration_{context}"]
 = Migrating to the OVN-Kubernetes network plugin
 
@@ -24,6 +24,7 @@ Perform the migration only when an interruption in service is acceptable.
 * A recent backup of the etcd database is available.
 * A reboot can be triggered manually for each node.
 * The cluster is in a known good state, without any errors.
+* On all cloud platforms after updating software, a security group rule must be in place to allow UDP packets on port `6081` for all nodes.
 
 .Procedure
 
@@ -83,7 +84,15 @@ where:
 . Optional: You can customize the following settings for OVN-Kubernetes to meet your network infrastructure requirements:
 +
 --
-* Maximum transmission unit (MTU)
+* Maximum transmission unit (MTU). Consider the following before customizing the MTU for this optional step:
+** If you use the default MTU, and you want to keep the default MTU during migration, this step can be ignored. 
+** If you used a custom MTU, and you want to keep the custom MTU during migration, you must declare the custom MTU value in this step.
+** This step does not work if you want to change the MTU value during migration. Instead, you must first follow the instructions for "Changing the cluster MTU". You can then keep the custom MTU value by performing this procedure and declaring the custom MTU value in this step. 
++
+[NOTE]
+====
+OpenShift-SDN and OVN-Kubernetes have different overlay overhead. MTU values should be selected by following the guidelines found on the "MTU value selection" page.
+====
 * Geneve (Generic Network Virtualization Encapsulation) overlay network port
 * OVN-Kubernetes IPv4 internal subnet
 * OVN-Kubernetes IPv6 internal subnet
diff --git a/modules/nw-ovn-kubernetes-pod-connectivity-checks.adoc b/modules/nw-ovn-kubernetes-pod-connectivity-checks.adoc
index 4ca2c16a5dcb..08a6af2ebca7 100644
--- a/modules/nw-ovn-kubernetes-pod-connectivity-checks.adoc
+++ b/modules/nw-ovn-kubernetes-pod-connectivity-checks.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-pod-connectivity-checks_{context}"]
 = Checking the OVN-Kubernetes pod network connectivity
 
diff --git a/modules/nw-ovn-kubernetes-readiness-probes.adoc b/modules/nw-ovn-kubernetes-readiness-probes.adoc
index ad9945939059..43f83e1af601 100644
--- a/modules/nw-ovn-kubernetes-readiness-probes.adoc
+++ b/modules/nw-ovn-kubernetes-readiness-probes.adoc
@@ -2,11 +2,11 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-readiness-probes_{context}"]
 = Monitoring OVN-Kubernetes health by using readiness probes
 
-The `ovnkube-master` and `ovnkube-node` pods have containers configured with readiness probes.
+The `ovnkube-control-plane` and `ovnkube-node` pods have containers configured with readiness probes.
 
 .Prerequisites
 
@@ -16,25 +16,18 @@ The `ovnkube-master` and `ovnkube-node` pods have containers configured with rea
 
 .Procedure
 
-. Review the details of the `ovnkube-master` readiness probe by running the following command:
+. Review the details of the `ovnkube-node` readiness probe by running the following command:
 +
 [source,terminal]
 ----
-$ oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-master \
+$ oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-node \
 -o json | jq '.items[0].spec.containers[] | .name,.readinessProbe'
 ----
 +
-The readiness probe for the northbound and southbound database containers in the `ovnkube-master` pod checks for the health of the Raft cluster hosting the databases.
+The readiness probe for the northbound and southbound database containers in the `ovnkube-node` pod checks for the health of the databases and the `ovnkube-controller` container.
 
-. Review the details of the `ovnkube-node` readiness probe by running the following command:
-+
-[source,terminal]
-----
-$ oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-master \
--o json | jq '.items[0].spec.containers[] | .name,.readinessProbe'
-----
 +
-The `ovnkube-node` container in the `ovnkube-node` pod has a readiness probe to verify the presence of the ovn-kubernetes CNI configuration file, the absence of which would indicate that the pod is not running or is not ready to accept requests to configure pods.
+The `ovnkube-node` container in the `ovnkube-node` pod has a readiness probe to verify the presence of the OVN-Kubernetes CNI configuration file, the absence of which would indicate that the pod is not running or is not ready to accept requests to configure pods.
 
 . Show all events including the probe failures, for the namespace by using the following command:
 +
@@ -43,11 +36,11 @@ The `ovnkube-node` container in the `ovnkube-node` pod has a readiness probe to
 $ oc get events -n openshift-ovn-kubernetes
 ----
 
-. Show the events for just this pod:
+. Show the events for just a specific pod:
 +
 [source,terminal]
 ----
-$ oc describe pod ovnkube-master-tp2z8 -n openshift-ovn-kubernetes
+$ oc describe pod ovnkube-node-9lqfk -n openshift-ovn-kubernetes
 ----
 
 . Show the messages and statuses from the cluster network operator:
@@ -57,11 +50,11 @@ $ oc describe pod ovnkube-master-tp2z8 -n openshift-ovn-kubernetes
 $ oc get co/network -o json | jq '.status.conditions[]'
 ----
 
-. Show the `ready` status of each container in `ovnkube-master` pods by running the following script:
+. Show the `ready` status of each container in `ovnkube-node` pods by running the following script:
 +
 [source,terminal]
 ----
-$ for p in $(oc get pods --selector app=ovnkube-master -n openshift-ovn-kubernetes \
+$ for p in $(oc get pods --selector app=ovnkube-node -n openshift-ovn-kubernetes \
 -o jsonpath='{range.items[*]}{" "}{.metadata.name}'); do echo === $p ===;  \
 oc get pods -n openshift-ovn-kubernetes $p -o json | jq '.status.containerStatuses[] | .name, .ready'; \
 done
diff --git a/modules/nw-ovn-kubernetes-resources-con.adoc b/modules/nw-ovn-kubernetes-resources-con.adoc
index 3de27a8dc9cf..6d9247335ad8 100644
--- a/modules/nw-ovn-kubernetes-resources-con.adoc
+++ b/modules/nw-ovn-kubernetes-resources-con.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: Procedure
+:_mod-docs-content-type: Procedure
 [id="nw-kubernetes-resources-con_{context}"]
 = Resources in the OVN-Kubernetes project
 
diff --git a/modules/nw-ovn-kubernetes-rollback.adoc b/modules/nw-ovn-kubernetes-rollback.adoc
index 09d2e0e1b41f..b80fe13f63d3 100644
--- a/modules/nw-ovn-kubernetes-rollback.adoc
+++ b/modules/nw-ovn-kubernetes-rollback.adoc
@@ -4,7 +4,7 @@
 // * networking/openshift_sdn/migrate-to-openshift-sdn.adoc
 
 // This procedure applies to both a roll back and a migration
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-rollback_{context}"]
 = Migrating to the OpenShift SDN network plugin
 
@@ -14,7 +14,7 @@ During the migration you must reboot every node in your cluster.
 ifeval::["{context}" == "rollback-to-openshift-sdn"]
 [IMPORTANT]
 ====
-Only rollback to OpenShift SDN if the migration to OVN-Kubernetes fails.
+Rollback to OpenShift SDN if the migration to OVN-Kubernetes fails.
 ====
 endif::[]
 
@@ -127,7 +127,7 @@ The MTU for the VXLAN overlay network. This value is normally configured automat
 The UDP port for the VXLAN overlay network. If a value is not specified, the default is `4789`. The port cannot be the same as the Geneve port that is used by OVN-Kubernetes. The default value for the Geneve port is `6081`.
 --
 +
-.Example patch command 
+.Example patch command
 [source,terminal]
 ----
 $ oc patch Network.operator.openshift.io cluster --type=merge \
diff --git a/modules/nw-ovn-kubernetes-running-network-tools.adoc b/modules/nw-ovn-kubernetes-running-network-tools.adoc
index 09dd8b749d82..feb93561ef41 100644
--- a/modules/nw-ovn-kubernetes-running-network-tools.adoc
+++ b/modules/nw-ovn-kubernetes-running-network-tools.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-running-network-tools_{context}"]
 = Running network-tools
 
@@ -16,6 +16,13 @@ Get information about the logical switches and routers by running `network-tools
 
 .Procedure
 
+. Open a remote shell into a pod by running the following command:
++
+[source,terminal]
+----
+$ oc rsh -n openshift-ovn-kubernetes ovnkube-node-2hsbt
+----
+
 . List the routers by running the following command:
 +
 [source,terminal]
@@ -27,13 +34,8 @@ $ ./debug-scripts/network-tools ovn-db-run-command ovn-nbctl lr-list
 +
 [source,terminal]
 ----
-Leader pod is ovnkube-master-vslqm
-5351ddd1-f181-4e77-afc6-b48b0a9df953 (GR_helix13.lab.eng.tlv2.redhat.com)
-ccf9349e-1948-4df8-954e-39fb0c2d4d06 (GR_helix14.lab.eng.tlv2.redhat.com)
-e426b918-75a8-4220-9e76-20b7758f92b7 (GR_hlxcl7-master-0.hlxcl7.lab.eng.tlv2.redhat.com)
-dded77c8-0cc3-4b99-8420-56cd2ae6a840 (GR_hlxcl7-master-1.hlxcl7.lab.eng.tlv2.redhat.com)
-4f6747e6-e7ba-4e0c-8dcd-94c8efa51798 (GR_hlxcl7-master-2.hlxcl7.lab.eng.tlv2.redhat.com)
-52232654-336e-4952-98b9-0b8601e370b4 (ovn_cluster_router)
+944a7b53-7948-4ad2-a494-82b55eeccf87 (GR_ci-ln-54932yb-72292-kd676-worker-c-rzj99)
+84bd4a4c-4b0b-4a47-b0cf-a2c32709fc53 (ovn_cluster_router)
 ----
 
 . List the localnet ports by running the following command:
@@ -48,41 +50,18 @@ ovn-sbctl find Port_Binding type=localnet
 +
 [source,terminal]
 ----
-Leader pod is ovnkube-master-vslqm
-_uuid               : 3de79191-cca8-4c28-be5a-a228f0f9ebfc
+_uuid               : d05298f5-805b-4838-9224-1211afc2f199
 additional_chassis  : []
 additional_encap    : []
 chassis             : []
-datapath            : 3f1a4928-7ff5-471f-9092-fe5f5c67d15c
+datapath            : f3c2c959-743b-4037-854d-26627902597c
 encap               : []
 external_ids        : {}
 gateway_chassis     : []
 ha_chassis_group    : []
-logical_port        : br-ex_helix13.lab.eng.tlv2.redhat.com
-mac                 : [unknown]
-nat_addresses       : []
-options             : {network_name=physnet}
-parent_port         : []
-port_security       : []
-requested_additional_chassis: []
-requested_chassis   : []
-tag                 : []
-tunnel_key          : 2
-type                : localnet
-up                  : false
-virtual_parent      : []
-
-_uuid               : dbe21daf-9594-4849-b8f0-5efbfa09a455
-additional_chassis  : []
-additional_encap    : []
-chassis             : []
-datapath            : db2a6067-fe7c-4d11-95a7-ff2321329e11
-encap               : []
-external_ids        : {}
-gateway_chassis     : []
-ha_chassis_group    : []
-logical_port        : br-ex_hlxcl7-master-2.hlxcl7.lab.eng.tlv2.redhat.com
+logical_port        : br-ex_ci-ln-54932yb-72292-kd676-worker-c-rzj99
 mac                 : [unknown]
+mirror_rules        : []
 nat_addresses       : []
 options             : {network_name=physnet}
 parent_port         : []
@@ -110,20 +89,20 @@ ovn-sbctl find Port_Binding type=l3gateway
 +
 [source,terminal]
 ----
-Leader pod is ovnkube-master-vslqm
-_uuid               : 9314dc80-39e1-4af7-9cc0-ae8a9708ed59
+_uuid               : 5207a1f3-1cf3-42f1-83e9-387bbb06b03c
 additional_chassis  : []
 additional_encap    : []
-chassis             : 336a923d-99e8-4e71-89a6-12564fde5760
-datapath            : db2a6067-fe7c-4d11-95a7-ff2321329e11
+chassis             : ca6eb600-3a10-4372-a83e-e0d957c4cd92
+datapath            : f3c2c959-743b-4037-854d-26627902597c
 encap               : []
 external_ids        : {}
 gateway_chassis     : []
 ha_chassis_group    : []
-logical_port        : etor-GR_hlxcl7-master-2.hlxcl7.lab.eng.tlv2.redhat.com
-mac                 : ["52:54:00:3e:95:d3"]
-nat_addresses       : ["52:54:00:3e:95:d3 10.46.56.77"]
-options             : {l3gateway-chassis="7eb1f1c3-87c2-4f68-8e89-60f5ca810971", peer=rtoe-GR_hlxcl7-master-2.hlxcl7.lab.eng.tlv2.redhat.com}
+logical_port        : etor-GR_ci-ln-54932yb-72292-kd676-worker-c-rzj99
+mac                 : ["42:01:0a:00:80:04"]
+mirror_rules        : []
+nat_addresses       : ["42:01:0a:00:80:04 10.0.128.4"]
+options             : {l3gateway-chassis="84737c36-b383-4c83-92c5-2bd5b3c7e772", peer=rtoe-GR_ci-ln-54932yb-72292-kd676-worker-c-rzj99}
 parent_port         : []
 port_security       : []
 requested_additional_chassis: []
@@ -134,25 +113,26 @@ type                : l3gateway
 up                  : true
 virtual_parent      : []
 
-_uuid               : ad7eb303-b411-4e9f-8d36-d07f1f268e27
+_uuid               : 6088d647-84f2-43f2-b53f-c9d379042679
 additional_chassis  : []
 additional_encap    : []
-chassis             : f41453b8-29c5-4f39-b86b-e82cf344bce4
-datapath            : 082e7a60-d9c7-464b-b6ec-117d3426645a
+chassis             : ca6eb600-3a10-4372-a83e-e0d957c4cd92
+datapath            : dc9cea00-d94a-41b8-bdb0-89d42d13aa2e
 encap               : []
 external_ids        : {}
 gateway_chassis     : []
 ha_chassis_group    : []
-logical_port        : etor-GR_helix14.lab.eng.tlv2.redhat.com
-mac                 : ["34:48:ed:f3:e2:2c"]
-nat_addresses       : ["34:48:ed:f3:e2:2c 10.46.56.14"]
-options             : {l3gateway-chassis="2e8abe3a-cb94-4593-9037-f5f9596325e2", peer=rtoe-GR_helix14.lab.eng.tlv2.redhat.com}
+logical_port        : jtor-GR_ci-ln-54932yb-72292-kd676-worker-c-rzj99
+mac                 : [router]
+mirror_rules        : []
+nat_addresses       : []
+options             : {l3gateway-chassis="84737c36-b383-4c83-92c5-2bd5b3c7e772", peer=rtoj-GR_ci-ln-54932yb-72292-kd676-worker-c-rzj99}
 parent_port         : []
 port_security       : []
 requested_additional_chassis: []
 requested_chassis   : []
 tag                 : []
-tunnel_key          : 1
+tunnel_key          : 2
 type                : l3gateway
 up                  : true
 virtual_parent      : []
@@ -172,52 +152,52 @@ ovn-sbctl find Port_Binding type=patch
 +
 [source,terminal]
 ----
-Leader pod is ovnkube-master-vslqm
-_uuid               : c48b1380-ff26-4965-a644-6bd5b5946c61
+_uuid               : 785fb8b6-ee5a-4792-a415-5b1cb855dac2
 additional_chassis  : []
 additional_encap    : []
 chassis             : []
-datapath            : 72734d65-fae1-4bd9-a1ee-1bf4e085a060
+datapath            : f1ddd1cc-dc0d-43b4-90ca-12651305acec
 encap               : []
 external_ids        : {}
 gateway_chassis     : []
 ha_chassis_group    : []
-logical_port        : jtor-ovn_cluster_router
+logical_port        : stor-ci-ln-54932yb-72292-kd676-worker-c-rzj99
 mac                 : [router]
-nat_addresses       : []
-options             : {peer=rtoj-ovn_cluster_router}
+mirror_rules        : []
+nat_addresses       : ["0a:58:0a:80:02:01 10.128.2.1 is_chassis_resident(\"cr-rtos-ci-ln-54932yb-72292-kd676-worker-c-rzj99\")"]
+options             : {peer=rtos-ci-ln-54932yb-72292-kd676-worker-c-rzj99}
 parent_port         : []
 port_security       : []
 requested_additional_chassis: []
 requested_chassis   : []
 tag                 : []
-tunnel_key          : 4
+tunnel_key          : 1
 type                : patch
 up                  : false
 virtual_parent      : []
 
-_uuid               : 5df51302-f3cd-415b-a059-ac24389938f7
+_uuid               : c01ff587-21a5-40b4-8244-4cd0425e5d9a
 additional_chassis  : []
 additional_encap    : []
 chassis             : []
-datapath            : 0551c90f-e891-4909-8e9e-acc7909e06d0
+datapath            : f6795586-bf92-4f84-9222-efe4ac6a7734
 encap               : []
 external_ids        : {}
 gateway_chassis     : []
 ha_chassis_group    : []
-logical_port        : rtos-hlxcl7-master-1.hlxcl7.lab.eng.tlv2.redhat.com
-mac                 : ["0a:58:0a:82:00:01 10.130.0.1/23"]
+logical_port        : rtoj-ovn_cluster_router
+mac                 : ["0a:58:64:40:00:01 100.64.0.1/16"]
+mirror_rules        : []
 nat_addresses       : []
-options             : {chassis-redirect-port=cr-rtos-hlxcl7-master-1.hlxcl7.lab.eng.tlv2.redhat.com, peer=stor-hlxcl7-master-1.hlxcl7.lab.eng.tlv2.redhat.com}
+options             : {peer=jtor-ovn_cluster_router}
 parent_port         : []
 port_security       : []
 requested_additional_chassis: []
 requested_chassis   : []
 tag                 : []
-tunnel_key          : 4
+tunnel_key          : 1
 type                : patch
 up                  : false
 virtual_parent      : []
-
 [...]
 ----
\ No newline at end of file
diff --git a/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc b/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc
index 32892372ed7a..d46af117ac4b 100644
--- a/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc
+++ b/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ovn-kubernetes-running-ovnkube-trace_{context}"]
 = Running ovnkube-trace
 
@@ -24,7 +24,7 @@ This example illustrates how to test the DNS resolution from a deployed pod to t
 +
 [source,terminal]
 ----
-$ oc run web --namespace=default --image=nginx --labels="app=web" --expose --port=80
+$ oc run web --namespace=default --image=quay.io/openshifttest/nginx --labels="app=web" --expose --port=80
 ----
 
 . List the pods running in the `openshift-dns` namespace:
@@ -39,21 +39,21 @@ oc get pods -n openshift-dns
 [source,terminal]
 ----
 NAME                  READY   STATUS    RESTARTS   AGE
-dns-default-467qw     2/2     Running   0          49m
-dns-default-6prvx     2/2     Running   0          53m
-dns-default-fkqr8     2/2     Running   0          53m
-dns-default-qv2rg     2/2     Running   0          49m
-dns-default-s29vr     2/2     Running   0          49m
-dns-default-vdsbn     2/2     Running   0          53m
-node-resolver-6thtt   1/1     Running   0          53m
-node-resolver-7ksdn   1/1     Running   0          49m
-node-resolver-8sthh   1/1     Running   0          53m
-node-resolver-c5ksw   1/1     Running   0          50m
-node-resolver-gbvdp   1/1     Running   0          53m
-node-resolver-sxhkd   1/1     Running   0          50m
-----
-
-. Run the following `ovn-kube-trace` command to verify DNS resolution is working:
+dns-default-8s42x     2/2     Running   0          5h8m
+dns-default-mdw6r     2/2     Running   0          4h58m
+dns-default-p8t5h     2/2     Running   0          4h58m
+dns-default-rl6nk     2/2     Running   0          5h8m
+dns-default-xbgqx     2/2     Running   0          5h8m
+dns-default-zv8f6     2/2     Running   0          4h58m
+node-resolver-62jjb   1/1     Running   0          5h8m
+node-resolver-8z4cj   1/1     Running   0          4h59m
+node-resolver-bq244   1/1     Running   0          5h8m
+node-resolver-hc58n   1/1     Running   0          4h59m
+node-resolver-lm6z4   1/1     Running   0          5h8m
+node-resolver-zfx5k   1/1     Running   0          5h
+----
+
+. Run the following `ovnkube-trace` command to verify DNS resolution is working:
 +
 [source,terminal]
 ----
@@ -61,7 +61,7 @@ $ ./ovnkube-trace \
   -src-namespace default \ <1>
   -src web \ <2>
   -dst-namespace openshift-dns \ <3>
-  -dst dns-default-467qw \ <4>
+  -dst dns-default-p8t5h \ <4>
   -udp -dst-port 53 \ <5>
   -loglevel 0 <6>
 ----
@@ -71,24 +71,37 @@ $ ./ovnkube-trace \
 <3> Namespace of destination pod
 <4> Destination pod name
 <5> Use the `udp` transport protocol. Port 53 is the port the DNS service uses.
-<6> Set the log level to 1 (0 is minimal and 5 is debug)
+<6> Set the log level to 0 (0 is minimal and 5 is debug)
 +
-.Expected output
+.Example output if the `src&dst` pod lands on the same node:
 [source,terminal]
 ----
-I0116 10:19:35.601303   17900 ovs.go:90] Maximum command line arguments set to: 191102
-ovn-trace source pod to destination pod indicates success from web to dns-default-467qw
-ovn-trace destination pod to source pod indicates success from dns-default-467qw to web
-ovs-appctl ofproto/trace source pod to destination pod indicates success from web to dns-default-467qw
-ovs-appctl ofproto/trace destination pod to source pod indicates success from dns-default-467qw to web
-ovn-detrace source pod to destination pod indicates success from web to dns-default-467qw
-ovn-detrace destination pod to source pod indicates success from dns-default-467qw to web
+ovn-trace source pod to destination pod indicates success from web to dns-default-p8t5h
+ovn-trace destination pod to source pod indicates success from dns-default-p8t5h to web
+ovs-appctl ofproto/trace source pod to destination pod indicates success from web to dns-default-p8t5h
+ovs-appctl ofproto/trace destination pod to source pod indicates success from dns-default-p8t5h to web
+ovn-detrace source pod to destination pod indicates success from web to dns-default-p8t5h
+ovn-detrace destination pod to source pod indicates success from dns-default-p8t5h to web
+----
++
+.Example output if the `src&dst` pod lands on a different node:
+[source,terminal]
+----
+ovn-trace source pod to destination pod indicates success from web to dns-default-8s42x
+ovn-trace (remote) source pod to destination pod indicates success from web to dns-default-8s42x
+ovn-trace destination pod to source pod indicates success from dns-default-8s42x to web
+ovn-trace (remote) destination pod to source pod indicates success from dns-default-8s42x to web
+ovs-appctl ofproto/trace source pod to destination pod indicates success from web to dns-default-8s42x
+ovs-appctl ofproto/trace destination pod to source pod indicates success from dns-default-8s42x to web
+ovn-detrace source pod to destination pod indicates success from web to dns-default-8s42x
+ovn-detrace destination pod to source pod indicates success from dns-default-8s42x to web
+
 ----
 +
 The ouput indicates success from the deployed pod to the DNS port and also indicates that it is
 successful going back in the other direction. So you know bi-directional traffic is supported on UDP port 53 if my web pod wants to do dns resolution from core DNS.
 
-If for example that did not work and you wanted to get the `ovn-trace`, the `ovs-appctl ofproto/trace` and `ovn-detrace`, and more debug type information increase the log level to 2 and run the command again as follows:
+If for example that did not work and you wanted to get the `ovn-trace`, the `ovs-appctl` of `proto/trace` and `ovn-detrace`, and more debug type information increase the log level to 2 and run the command again as follows:
 
 [source,terminal]
 ----
@@ -140,7 +153,7 @@ networkpolicy.networking.k8s.io/deny-by-default created
 +
 [source,terminal]
 ----
-$ oc run web --namespace=default --image=nginx --labels="app=web" --expose --port=80
+$ oc run web --namespace=default --image=quay.io/openshifttest/nginx --labels="app=web" --expose --port=80
 ----
 
 . Run the following command to create the `prod` namespace:
@@ -179,14 +192,11 @@ $ ./ovnkube-trace \
  -loglevel 0
 ----
 +
-.Expected output
-
+.Example output
 [source,terminal]
 ----
-I0116 14:20:47.380775   50822 ovs.go:90] Maximum command line arguments set to: 191102
 ovn-trace source pod to destination pod indicates failure from test-6459 to web
 ----
-
 . Increase the log level to 2 to expose the reason for the failure by running the following command:
 +
 [source,terminal]
@@ -200,21 +210,29 @@ $ ./ovnkube-trace \
  -loglevel 2
 ----
 +
-.Expected output
-
+.Example output
 [source,terminal]
 ----
-ct_lb_mark /* default (use --ct to customize) */
+...
 ------------------------------------------------
- 3. ls_out_acl_hint (northd.c:6092): !ct.new && ct.est && !ct.rpl && ct_mark.blocked == 0, priority 4, uuid 32d45ad4
+ 3. ls_out_acl_hint (northd.c:7454): !ct.new && ct.est && !ct.rpl && ct_mark.blocked == 0, priority 4, uuid 12efc456
     reg0[8] = 1;
     reg0[10] = 1;
     next;
- 4. ls_out_acl (northd.c:6435): reg0[10] == 1 && (outport == @a16982411286042166782_ingressDefaultDeny), priority 2000, uuid f730a887 <1>
-    ct_commit { ct_mark.blocked = 1; };
+ 5. ls_out_acl_action (northd.c:7835): reg8[30..31] == 0, priority 500, uuid 69372c5d
+    reg8[30..31] = 1;
+    next(4);
+ 5. ls_out_acl_action (northd.c:7835): reg8[30..31] == 1, priority 500, uuid 2fa0af89
+    reg8[30..31] = 2;
+    next(4);
+ 4. ls_out_acl_eval (northd.c:7691): reg8[30..31] == 2 && reg0[10] == 1 && (outport == @a16982411286042166782_ingressDefaultDeny), priority 2000, uuid 447d0dab
+    reg8[17] = 1;
+    ct_commit { ct_mark.blocked = 1; }; <1>
+    next;
+...
 ----
 +
-<1> Ingress traffic is blocked due to the default deny policy being in place
+<1> Ingress traffic is blocked due to the default deny policy being in place.
 
 . Create a policy that allows traffic from all pods in a particular namespaces with a label `purpose=production`. Save the YAML in the `web-allow-prod.yaml` file:
 +
@@ -261,7 +279,6 @@ $ ./ovnkube-trace \
 .Expected output
 [source,terminal]
 ----
-I0116 14:25:44.055207   51695 ovs.go:90] Maximum command line arguments set to: 191102
 ovn-trace source pod to destination pod indicates success from test-6459 to web
 ovn-trace destination pod to source pod indicates success from web to test-6459
 ovs-appctl ofproto/trace source pod to destination pod indicates success from test-6459 to web
@@ -270,7 +287,7 @@ ovn-detrace source pod to destination pod indicates success from test-6459 to we
 ovn-detrace destination pod to source pod indicates success from web to test-6459
 ----
 
-. In the open shell run the following command:
+. Run the following command in the shell that was opened in step six to connect nginx to the web-server:
 +
 [source,terminal]
 ----
@@ -286,9 +303,11 @@ ovn-detrace destination pod to source pod indicates success from web to test-645
 <head>
 <title>Welcome to nginx!</title>
 <style>
-html { color-scheme: light dark; }
-body { width: 35em; margin: 0 auto;
-font-family: Tahoma, Verdana, Arial, sans-serif; }
+  body {
+    width: 35em;
+    margin: 0 auto;
+    font-family: Tahoma, Verdana, Arial, sans-serif;
+  }
 </style>
 </head>
 <body>
diff --git a/modules/nw-ovn-kubernetes-session-affinity.adoc b/modules/nw-ovn-kubernetes-session-affinity.adoc
index f1a1f5a669f8..b4cbfec20fa8 100644
--- a/modules/nw-ovn-kubernetes-session-affinity.adoc
+++ b/modules/nw-ovn-kubernetes-session-affinity.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-ovn-kubernetes-session-affinity_{context}"]
 = Session affinity
 Session affinity is a feature that applies to Kubernetes `Service` objects. You can use _session affinity_ if you want to ensure that each time you connect to a <service_VIP>:<Port>, the traffic is always load balanced to the same back end. For more information, including how to set session affinity based on a client's IP address, see link:https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity[Session affinity].
diff --git a/modules/nw-own-ipsec-required-ports.adoc b/modules/nw-own-ipsec-required-ports.adoc
new file mode 100644
index 000000000000..bf6ff5c595bf
--- /dev/null
+++ b/modules/nw-own-ipsec-required-ports.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/about-ipsec-ovn.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-connectivity-requirements-ipsec_{context}"]
+= Network connectivity requirements when IPsec is enabled
+
+You must configure the network connectivity between machines to allow {product-title} cluster components to communicate. Each machine must be able to resolve the hostnames of all other machines in the cluster.
+
+.Ports used for all-machine to all-machine communications
+[cols="2a,2a,5a",options="header"]
+|===
+
+|Protocol
+|Port
+|Description
+
+.2+|UDP
+|`500`
+|IPsec IKE packets
+
+|`4500`
+|IPsec NAT-T packets
+
+|ESP
+|N/A
+|IPsec Encapsulating Security Payload (ESP)
+
+|===
diff --git a/modules/nw-pod-network-connectivity-verify.adoc b/modules/nw-pod-network-connectivity-verify.adoc
index c70d2d42dae0..ed47b4432cf4 100644
--- a/modules/nw-pod-network-connectivity-verify.adoc
+++ b/modules/nw-pod-network-connectivity-verify.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/verifying-connectivity-endpoint.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-pod-network-connectivity-verify_{context}"]
 = Verifying network connectivity for an endpoint
 
@@ -25,25 +25,25 @@ $ oc get podnetworkconnectivitycheck -n openshift-network-diagnostics
 .Example output
 [source,terminal]
 ----
-NAME                                                                                                                                AGE
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0   75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-1   73m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-2   75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-service-cluster                               75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-default-service-cluster                                 75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-load-balancer-api-external                                         75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-load-balancer-api-internal                                         75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-master-0            75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-master-1            75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-master-2            75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh      74m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-worker-c-n8mbf      74m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-worker-d-4hnrz      74m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-service-cluster                               75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0    75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-1    75m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-2    74m
-network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-service-cluster                                75m
+NAME                                                                                                                                AGE
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0   75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-1   73m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-2   75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-service-cluster                               75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-default-service-cluster                                 75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-load-balancer-api-external                                         75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-load-balancer-api-internal                                         75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-master-0            75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-master-1            75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-master-2            75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh      74m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-worker-c-n8mbf      74m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-ci-ln-x5sv9rb-f76d1-4rzrp-worker-d-4hnrz      74m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-network-check-target-service-cluster                               75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0    75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-1    75m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-2    74m
+network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apiserver-service-cluster                                75m
 ----
 
 . View the connection test logs:
@@ -64,143 +64,143 @@ where `<name>` specifies the name of the `PodNetworkConnectivityCheck` object.
 apiVersion: controlplane.operator.openshift.io/v1alpha1
 kind: PodNetworkConnectivityCheck
 metadata:
-  name: network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0
-  namespace: openshift-network-diagnostics
+  name: network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0
+  namespace: openshift-network-diagnostics
   ...
 spec:
-  sourcePod: network-check-source-7c88f6d9f-hmg2f
-  targetEndpoint: 10.0.0.4:6443
-  tlsClientCert:
-    name: ""
+  sourcePod: network-check-source-7c88f6d9f-hmg2f
+  targetEndpoint: 10.0.0.4:6443
+  tlsClientCert:
+    name: ""
 status:
-  conditions:
-  - lastTransitionTime: "2021-01-13T20:11:34Z"
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnectSuccess
-    status: "True"
-    type: Reachable
-  failures:
-  - latency: 2.241775ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: failed
-      to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443: connect:
-      connection refused'
-    reason: TCPConnectError
-    success: false
-    time: "2021-01-13T20:10:34Z"
-  - latency: 2.582129ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: failed
-      to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443: connect:
-      connection refused'
-    reason: TCPConnectError
-    success: false
-    time: "2021-01-13T20:09:34Z"
-  - latency: 3.483578ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: failed
-      to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443: connect:
-      connection refused'
-    reason: TCPConnectError
-    success: false
-    time: "2021-01-13T20:08:34Z"
-  outages:
-  - end: "2021-01-13T20:11:34Z"
-    endLogs:
-    - latency: 2.032018ms
-      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
-        tcp connection to 10.0.0.4:6443 succeeded'
-      reason: TCPConnect
-      success: true
-      time: "2021-01-13T20:11:34Z"
-    - latency: 2.241775ms
-      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
-        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
-        connect: connection refused'
-      reason: TCPConnectError
-      success: false
-      time: "2021-01-13T20:10:34Z"
-    - latency: 2.582129ms
-      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
-        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
-        connect: connection refused'
-      reason: TCPConnectError
-      success: false
-      time: "2021-01-13T20:09:34Z"
-    - latency: 3.483578ms
-      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
-        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
-        connect: connection refused'
-      reason: TCPConnectError
-      success: false
-      time: "2021-01-13T20:08:34Z"
-    message: Connectivity restored after 2m59.999789186s
-    start: "2021-01-13T20:08:34Z"
-    startLogs:
-    - latency: 3.483578ms
-      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
-        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
-        connect: connection refused'
-      reason: TCPConnectError
-      success: false
-      time: "2021-01-13T20:08:34Z"
-  successes:
-  - latency: 2.845865ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:14:34Z"
-  - latency: 2.926345ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:13:34Z"
-  - latency: 2.895796ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:12:34Z"
-  - latency: 2.696844ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:11:34Z"
-  - latency: 1.502064ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:10:34Z"
-  - latency: 1.388857ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:09:34Z"
-  - latency: 1.906383ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:08:34Z"
-  - latency: 2.089073ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:07:34Z"
-  - latency: 2.156994ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:06:34Z"
-  - latency: 1.777043ms
-    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
-      connection to 10.0.0.4:6443 succeeded'
-    reason: TCPConnect
-    success: true
-    time: "2021-01-13T21:05:34Z"
+  conditions:
+  - lastTransitionTime: "2021-01-13T20:11:34Z"
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnectSuccess
+    status: "True"
+    type: Reachable
+  failures:
+  - latency: 2.241775ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: failed
+      to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443: connect:
+      connection refused'
+    reason: TCPConnectError
+    success: false
+    time: "2021-01-13T20:10:34Z"
+  - latency: 2.582129ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: failed
+      to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443: connect:
+      connection refused'
+    reason: TCPConnectError
+    success: false
+    time: "2021-01-13T20:09:34Z"
+  - latency: 3.483578ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: failed
+      to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443: connect:
+      connection refused'
+    reason: TCPConnectError
+    success: false
+    time: "2021-01-13T20:08:34Z"
+  outages:
+  - end: "2021-01-13T20:11:34Z"
+    endLogs:
+    - latency: 2.032018ms
+      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
+        tcp connection to 10.0.0.4:6443 succeeded'
+      reason: TCPConnect
+      success: true
+      time: "2021-01-13T20:11:34Z"
+    - latency: 2.241775ms
+      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
+        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
+        connect: connection refused'
+      reason: TCPConnectError
+      success: false
+      time: "2021-01-13T20:10:34Z"
+    - latency: 2.582129ms
+      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
+        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
+        connect: connection refused'
+      reason: TCPConnectError
+      success: false
+      time: "2021-01-13T20:09:34Z"
+    - latency: 3.483578ms
+      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
+        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
+        connect: connection refused'
+      reason: TCPConnectError
+      success: false
+      time: "2021-01-13T20:08:34Z"
+    message: Connectivity restored after 2m59.999789186s
+    start: "2021-01-13T20:08:34Z"
+    startLogs:
+    - latency: 3.483578ms
+      message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0:
+        failed to establish a TCP connection to 10.0.0.4:6443: dial tcp 10.0.0.4:6443:
+        connect: connection refused'
+      reason: TCPConnectError
+      success: false
+      time: "2021-01-13T20:08:34Z"
+  successes:
+  - latency: 2.845865ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:14:34Z"
+  - latency: 2.926345ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:13:34Z"
+  - latency: 2.895796ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:12:34Z"
+  - latency: 2.696844ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:11:34Z"
+  - latency: 1.502064ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:10:34Z"
+  - latency: 1.388857ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:09:34Z"
+  - latency: 1.906383ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:08:34Z"
+  - latency: 2.089073ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:07:34Z"
+  - latency: 2.156994ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:06:34Z"
+  - latency: 1.777043ms
+    message: 'kubernetes-apiserver-endpoint-ci-ln-x5sv9rb-f76d1-4rzrp-master-0: tcp
+      connection to 10.0.0.4:6443 succeeded'
+    reason: TCPConnect
+    success: true
+    time: "2021-01-13T21:05:34Z"
 ----
diff --git a/modules/nw-proxy-configure-object.adoc b/modules/nw-proxy-configure-object.adoc
index 656153fa2844..85c4e7966b57 100644
--- a/modules/nw-proxy-configure-object.adoc
+++ b/modules/nw-proxy-configure-object.adoc
@@ -4,7 +4,7 @@
 // * networking/enable-cluster-wide-proxy.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-proxy-configure-object_{context}"]
 = Enabling the cluster-wide proxy
 
diff --git a/modules/nw-proxy-remove.adoc b/modules/nw-proxy-remove.adoc
index de59671acf90..f72a9e6824a4 100644
--- a/modules/nw-proxy-remove.adoc
+++ b/modules/nw-proxy-remove.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/enable-cluster-wide-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-proxy-remove_{context}"]
 = Removing the cluster-wide proxy
 
diff --git a/modules/nw-ptp-configuring-linuxptp-services-as-boundary-clock.adoc b/modules/nw-ptp-configuring-linuxptp-services-as-boundary-clock.adoc
index e9e748c7541a..0b0200a60927 100644
--- a/modules/nw-ptp-configuring-linuxptp-services-as-boundary-clock.adoc
+++ b/modules/nw-ptp-configuring-linuxptp-services-as-boundary-clock.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-linuxptp-services-as-boundary-clock_{context}"]
 = Configuring linuxptp services as a boundary clock
 
@@ -28,142 +28,16 @@ See "Configuring the PTP fast event notifications publisher" for more informatio
 
 . Create the following `PtpConfig` CR, and then save the YAML in the `boundary-clock-ptp-config.yaml` file.
 +
-.Recommended PTP boundary clock configuration
+.Example PTP boundary clock configuration
 [source,yaml]
 ----
----
-apiVersion: ptp.openshift.io/v1
-kind: PtpConfig
-metadata:
-  name: boundary-clock-ptp-config
-  namespace: openshift-ptp
-spec:
-  profile:
-  - name: boundary-clock
-    phc2sysOpts: "-a -r -n 24"
-    ptp4lOpts: "-2"
-    ptpSchedulingPolicy: SCHED_FIFO
-    ptpSchedulingPriority: 10
-    ptp4lConf: |
-      [<interface_1>]
-      masterOnly 0
-      [<interface_2>]
-      masterOnly 1
-      [<interface_3>]
-      masterOnly 1
-      [<interface_4>]
-      masterOnly 1
-      [global]
-      #
-      # Default Data Set
-      #
-      twoStepFlag 1
-      slaveOnly 0
-      priority1 128
-      priority2 128
-      domainNumber 24
-      clockClass 248
-      clockAccuracy 0xFE
-      offsetScaledLogVariance 0xFFFF
-      free_running 0
-      freq_est_interval 1
-      dscp_event 0
-      dscp_general 0
-      dataset_comparison G.8275.x
-      G.8275.defaultDS.localPriority 128
-      #
-      # Port Data Set
-      #
-      logAnnounceInterval -3
-      logSyncInterval -4
-      logMinDelayReqInterval -4
-      logMinPdelayReqInterval -4
-      announceReceiptTimeout 3
-      syncReceiptTimeout 0
-      delayAsymmetry 0
-      fault_reset_interval 4
-      neighborPropDelayThresh 20000000
-      masterOnly 0
-      G.8275.portDS.localPriority 128
-      #
-      # Run time options
-      #
-      assume_two_step 0
-      logging_level 6
-      path_trace_enabled 0
-      follow_up_info 0
-      hybrid_e2e 0
-      inhibit_multicast_service 0
-      net_sync_monitor 0
-      tc_spanning_tree 0
-      tx_timestamp_timeout 50
-      unicast_listen 0
-      unicast_master_table 0
-      unicast_req_duration 3600
-      use_syslog 1
-      verbose 0
-      summary_interval 0
-      kernel_leap 1
-      check_fup_sync 0
-      #
-      # Servo Options
-      #
-      pi_proportional_const 0.0
-      pi_integral_const 0.0
-      pi_proportional_scale 0.0
-      pi_proportional_exponent -0.3
-      pi_proportional_norm_max 0.7
-      pi_integral_scale 0.0
-      pi_integral_exponent 0.4
-      pi_integral_norm_max 0.3
-      step_threshold 2.0
-      first_step_threshold 0.00002
-      max_frequency 900000000
-      clock_servo pi
-      sanity_freq_limit 200000000
-      ntpshm_segment 0
-      #
-      # Transport options
-      #
-      transportSpecific 0x0
-      ptp_dst_mac 01:1B:19:00:00:00
-      p2p_dst_mac 01:80:C2:00:00:0E
-      udp_ttl 1
-      udp6_scope 0x0E
-      uds_address /var/run/ptp4l
-      #
-      # Default interface options
-      #
-      clock_type BC
-      network_transport L2
-      delay_mechanism E2E
-      time_stamping hardware
-      tsproc_mode filter
-      delay_filter moving_median
-      delay_filter_length 10
-      egressLatency 0
-      ingressLatency 0
-      boundary_clock_jbod 0
-      #
-      # Clock description
-      #
-      productDescription ;;
-      revisionData ;;
-      manufacturerIdentity 00:00:00
-      userDescription ;
-      timeSource 0xA0
-  recommend:
-  - profile: boundary-clock
-    priority: 4
-    match:
-    - nodeLabel: node-role.kubernetes.io/master
-      nodeName: <nodename>
+include::snippets/ptp_PtpConfigBoundary.yaml[]
 ----
 +
 .PTP boundary clock CR configuration options
 [cols="1,3" options="header"]
 |====
-|Custom resource field
+|CR field
 |Description
 
 |`name`
@@ -215,13 +89,15 @@ spec:
 |Specify the `priority` with an integer value between `0` and `99`. A larger number gets lower priority, so a priority of `99` is lower than a priority of `10`. If a node can be matched with multiple profiles according to rules defined in the `match` field, the profile with the higher priority is applied to that node.
 
 |`.recommend.match`
-|Specify `.recommend.match` rules with `nodeLabel` or `nodeName`.
+|Specify `.recommend.match` rules with `nodeLabel` or `nodeName` values.
 
 |`.recommend.match.nodeLabel`
-|Update `nodeLabel` with the `key` of `node.Labels` from the node object by using the `oc get nodes --show-labels` command. For example: `node-role.kubernetes.io/worker`.
+|Set `nodeLabel` with the `key` of the `node.Labels` field from the node object by using the `oc get nodes --show-labels` command.
+For example, `node-role.kubernetes.io/worker`.
 
-|`.recommend.match.nodeLabel`
-|Update `nodeName` with value of `node.Name` from the node object by using the `oc get nodes` command. For example: `compute-0.example.com`.
+|`.recommend.match.nodeName`
+|Set `nodeName` with the value of the `node.Name` field from the node object by using the `oc get nodes` command.
+For example, `compute-1.example.com`.
 |====
 
 . Create the CR by running the following command:
diff --git a/modules/nw-ptp-configuring-linuxptp-services-as-grandmaster-clock.adoc b/modules/nw-ptp-configuring-linuxptp-services-as-grandmaster-clock.adoc
index d8d1f7833833..4dd03b8ac302 100644
--- a/modules/nw-ptp-configuring-linuxptp-services-as-grandmaster-clock.adoc
+++ b/modules/nw-ptp-configuring-linuxptp-services-as-grandmaster-clock.adoc
@@ -1,26 +1,27 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-linuxptp-services-as-grandmaster-clock_{context}"]
 = Configuring linuxptp services as a grandmaster clock
 
-You can configure the `linuxptp` services (`ptp4l`, `phc2sys`, `ts2phc`) as grandmaster clock by creating a `PtpConfig` custom resource (CR) that configures the host NIC.
+You can configure the `linuxptp` services (`ptp4l`, `phc2sys`, `ts2phc`) as grandmaster clock (T-GM) by creating a `PtpConfig` custom resource (CR) that configures the host NIC.
 
 The `ts2phc` utility allows you to synchronize the system clock with the PTP grandmaster clock so that the node can stream precision clock signal to downstream PTP ordinary clocks and boundary clocks.
 
 [NOTE]
 ====
-Use the following example `PtpConfig` CR as the basis to configure `linuxptp` services as the grandmaster clock for your particular hardware and environment.
-This example CR does not configure PTP fast events. To configure PTP fast events, set appropriate values for `ptp4lOpts`, `ptp4lConf`, and `ptpClockThreshold`.
+Use the following example `PtpConfig` CR as the basis to configure `linuxptp` services as T-GM for an Intel Westport Channel E810-XXVDA4T network interface.
+
+To configure PTP fast events, set appropriate values for `ptp4lOpts`, `ptp4lConf`, and `ptpClockThreshold`.
 `ptpClockThreshold` is used only when events are enabled.
 See "Configuring the PTP fast event notifications publisher" for more information.
 ====
 
 .Prerequisites
 
-* Install an Intel Westport Channel network interface in the bare-metal cluster host.
+* For T-GM clocks in production environments, install an Intel E810 Westport Channel NIC in the bare-metal cluster host.
 
 * Install the OpenShift CLI (`oc`).
 
@@ -30,11 +31,38 @@ See "Configuring the PTP fast event notifications publisher" for more informatio
 
 .Procedure
 
-. Create the `PtpConfig` resource. For example:
+. Create the `PtpConfig` CR. For example:
+
+.. Depending on your requirements, use one of the following T-GM configurations for your deployment.
+Save the YAML in the `grandmaster-clock-ptp-config.yaml` file:
++
+.Example PTP grandmaster clock configuration
+[%collapsible]
+=====
+[source,yaml]
+----
+include::snippets/ptp_PtpConfigGmWpc.yaml[]
+----
 
-.. Save the following YAML in the `grandmaster-clock-ptp-config.yaml` file:
+[NOTE]
+====
+The example PTP grandmaster clock configuration is for test purposes only and is not intended for production.
+====
+=====
 +
-include::snippets/grandmaster-clock-ptp-config.adoc[]
+.PTP grandmaster clock configuration for E810 NIC
+[%collapsible]
+====
+[source,yaml]
+----
+include::snippets/ptp_PtpConfigGmWpc.yaml[]
+----
+====
++
+[NOTE]
+====
+For E810 Westport Channel NICs, set the value for `ts2phc.nmea_serialport` to `/dev/gnss0`.
+====
 
 .. Create the CR by running the following command:
 +
diff --git a/modules/nw-ptp-configuring-linuxptp-services-as-ordinary-clock.adoc b/modules/nw-ptp-configuring-linuxptp-services-as-ordinary-clock.adoc
index 3687d309b47f..481bf1dc0316 100644
--- a/modules/nw-ptp-configuring-linuxptp-services-as-ordinary-clock.adoc
+++ b/modules/nw-ptp-configuring-linuxptp-services-as-ordinary-clock.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-linuxptp-services-as-ordinary-clock_{context}"]
 = Configuring linuxptp services as an ordinary clock
 
@@ -27,134 +27,16 @@ See "Configuring the PTP fast event notifications publisher" for more informatio
 . Create the following `PtpConfig` CR, and then save the YAML in the `ordinary-clock-ptp-config.yaml` file.
 +
 [[ptp-ordinary-clock]]
-.Recommended PTP ordinary clock configuration
+.Example PTP ordinary clock configuration
 [source,yaml]
 ----
-apiVersion: ptp.openshift.io/v1
-kind: PtpConfig
-metadata:
-  name: ordinary-clock-ptp-config
-  namespace: openshift-ptp
-  spec:
-    profile:
-      - name: ordinary-clock
-        interface: "<interface_name>"
-        phc2sysOpts: "-a -r -n 24"
-        ptp4lOpts: "-2 -s"
-        ptpSchedulingPolicy: SCHED_FIFO
-        ptpSchedulingPriority: 10
-        ptp4lConf: |
-          [global]
-          #
-          # Default Data Set
-          #
-          twoStepFlag 1
-          slaveOnly 1
-          priority1 128
-          priority2 128
-          domainNumber 24
-          clockClass 255
-          clockAccuracy 0xFE
-          offsetScaledLogVariance 0xFFFF
-          free_running 0
-          freq_est_interval 1
-          dscp_event 0
-          dscp_general 0
-          dataset_comparison G.8275.x
-          G.8275.defaultDS.localPriority 128
-          #
-          # Port Data Set
-          #
-          logAnnounceInterval -3
-          logSyncInterval -4
-          logMinDelayReqInterval -4
-          logMinPdelayReqInterval -4
-          announceReceiptTimeout 3
-          syncReceiptTimeout 0
-          delayAsymmetry 0
-          fault_reset_interval 4
-          neighborPropDelayThresh 20000000
-          masterOnly 0
-          G.8275.portDS.localPriority 128
-          #
-          # Run time options
-          #
-          assume_two_step 0
-          logging_level 6
-          path_trace_enabled 0
-          follow_up_info 0
-          hybrid_e2e 0
-          inhibit_multicast_service 0
-          net_sync_monitor 0
-          tc_spanning_tree 0
-          tx_timestamp_timeout 50
-          unicast_listen 0
-          unicast_master_table 0
-          unicast_req_duration 3600
-          use_syslog 1
-          verbose 0
-          summary_interval 0
-          kernel_leap 1
-          check_fup_sync 0
-          #
-          # Servo Options
-          #
-          pi_proportional_const 0.0
-          pi_integral_const 0.0
-          pi_proportional_scale 0.0
-          pi_proportional_exponent -0.3
-          pi_proportional_norm_max 0.7
-          pi_integral_scale 0.0
-          pi_integral_exponent 0.4
-          pi_integral_norm_max 0.3
-          step_threshold 2.0
-          first_step_threshold 0.00002
-          max_frequency 900000000
-          clock_servo pi
-          sanity_freq_limit 200000000
-          ntpshm_segment 0
-          #
-          # Transport options
-          #
-          transportSpecific 0x0
-          ptp_dst_mac 01:1B:19:00:00:00
-          p2p_dst_mac 01:80:C2:00:00:0E
-          udp_ttl 1
-          udp6_scope 0x0E
-          uds_address /var/run/ptp4l
-          #
-          # Default interface options
-          #
-          clock_type OC
-          network_transport L2
-          delay_mechanism E2E
-          time_stamping hardware
-          tsproc_mode filter
-          delay_filter moving_median
-          delay_filter_length 10
-          egressLatency 0
-          ingressLatency 0
-          boundary_clock_jbod 0
-          #
-          # Clock description
-          #
-          productDescription ;;
-          revisionData ;;
-          manufacturerIdentity 00:00:00
-          userDescription ;
-          timeSource 0xA0
-      recommend:
-      - profile: ordinary-clock
-        priority: 4
-        match:
-        - nodeLabel: "node-role.kubernetes.io/worker"
-          nodeName: "<node_name>"
+include::snippets/ptp_PtpConfigOrdinaryClock.yaml[]
 ----
 +
 .PTP ordinary clock CR configuration options
 [cols="1,3" options="header"]
 |====
-|Custom resource field
+|CR field
 |Description
 
 |`name`
@@ -200,13 +82,15 @@ metadata:
 |Set `.recommend.priority` to `0` for ordinary clock.
 
 |`.recommend.match`
-|Specify `.recommend.match` rules with `nodeLabel` or `nodeName`.
+|Specify `.recommend.match` rules with `nodeLabel` or `nodeName` values.
 
 |`.recommend.match.nodeLabel`
-|Update `nodeLabel` with the `key` of `node.Labels` from the node object by using the `oc get nodes --show-labels` command. For example: `node-role.kubernetes.io/worker`.
+|Set `nodeLabel` with the `key` of the `node.Labels` field from the node object by using the `oc get nodes --show-labels` command.
+For example, `node-role.kubernetes.io/worker`.
 
-|`.recommend.match.nodeLabel`
-|Update `nodeName` with value of `node.Name` from the node object by using the `oc get nodes` command. For example: `compute-0.example.com`.
+|`.recommend.match.nodeName`
+|Set `nodeName` with the value of the `node.Name` field from the node object by using the `oc get nodes` command.
+For example, `compute-1.example.com`.
 |====
 
 . Create the `PtpConfig` CR by running the following command:
diff --git a/modules/nw-ptp-device-discovery.adoc b/modules/nw-ptp-device-discovery.adoc
index 8f9a54706b0d..00c9583cedfc 100644
--- a/modules/nw-ptp-device-discovery.adoc
+++ b/modules/nw-ptp-device-discovery.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="discover-ptp-devices_{context}"]
 = Discovering PTP capable network devices in your cluster
 
@@ -40,4 +40,3 @@ items:
 ----
 <1> The value for the `name` parameter is the same as the name of the parent node.
 <2> The `devices` collection includes a list of the PTP capable devices that the PTP Operator discovers for the node.
-
diff --git a/modules/nw-ptp-e810-hardware-configuration-reference.adoc b/modules/nw-ptp-e810-hardware-configuration-reference.adoc
new file mode 100644
index 000000000000..7a46319ef59c
--- /dev/null
+++ b/modules/nw-ptp-e810-hardware-configuration-reference.adoc
@@ -0,0 +1,100 @@
+// Module included in the following assemblies:
+//
+// * networking/ptp/configuring-ptp.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="nw-ptp-wpc-hardware-pins-reference_{context}"]
+= Intel Westport Channel E810 hardware configuration reference
+
+Use this information to understand how to use the link:https://github.com/openshift/linuxptp-daemon/blob/release-4.15/addons/intel/e810.go[Intel E810-XXVDA4T hardware plugin] to configure the E810 network interface as PTP grandmaster clock.
+Hardware pin configuration determines how the network interface interacts with other components and devices in the system.
+The E810-XXVDA4T NIC has four connectors for external 1PPS signals: `SMA1`, `SMA2`, `U.FL1`, and `U.FL2`.
+
+.Intel E810 NIC hardware connectors configuration
+[width="90%", options="header"]
+|====
+|Hardware pin|Recommended setting|Description
+|`U.FL1`|`0 1`|Disables the `U.FL1` connector input.
+The `U.FL1` connector is output-only.
+|`U.FL2`|`0 2`|Disables the `U.FL2` connector output.
+The `U.FL2` connector is input-only.
+|`SMA1`|`0 1`|Disables the `SMA1` connector input.
+The `SMA1` connector is bidirectional.
+|`SMA2`|`0 2`|Disables the `SMA2` connector output.
+The `SMA2` connector is bidirectional.
+|====
+
+[NOTE]
+====
+`SMA1` and `U.FL1` connectors share channel one.
+`SMA2` and `U.FL2` connectors share channel two.
+====
+
+Set `spec.profile.plugins.e810.ublxCmds` parameters to configure the GNSS clock in the `PtpConfig` custom resource (CR).
+Each of these `ublxCmds` stanzas correspond to a configuration that is applied to the host NIC by using `ubxtool` commands.
+For example:
+
+[source,yaml]
+----
+ublxCmds:
+  - args: #ubxtool -P 29.20 -z CFG-HW-ANT_CFG_VOLTCTRL,1
+      - "-P"
+      - "29.20"
+      - "-z"
+      - "CFG-HW-ANT_CFG_VOLTCTRL,1"
+    reportOutput: false
+----
+
+The following table describes the equivalent `ubxtool` commands:
+
+.Intel E810 ublxCmds configuration
+[width="90%", options="header"]
+|====
+|ubxtool command|Description
+|`ubxtool -P 29.20 -z CFG-HW-ANT_CFG_VOLTCTRL,1`|Enables antenna voltage control. Enables antenna status to be reported in the `UBX-MON-RF` and `UBX-INF-NOTICE` log messages.
+|`ubxtool -P 29.20 -e GPS`|Enables the antenna to receive GPS signals.
+|`ubxtool -P 29.20 -d Galileo`|Configures the antenna to receive signal from the Galileo GPS satellite.
+|`ubxtool -P 29.20 -d GLONASS`|Disables the antenna from receiving signal from the GLONASS GPS satellite.
+|`ubxtool -P 29.20 -d BeiDou`|Disables the antenna from receiving signal from the BeiDou GPS satellite.
+|`ubxtool -P 29.20 -d SBAS`|Disables the antenna from receiving signal from the SBAS GPS satellite.
+|`ubxtool -P 29.20 -t -w 5 -v 1 -e SURVEYIN,600,50000`| Configures the GNSS receiver survey-in process to improve its initial position estimate. This can take up to 24 hours to achieve an optimal result.
+|`ubxtool -P 29.20 -p MON-HW`|Runs a single automated scan of the hardware and reports on the NIC state and configuration settings.
+|====
+
+The E810 plugin implements the following interfaces:
+
+.E810 plugin interfaces
+[cols="1,3", width="90%", options="header"]
+|====
+|Interface
+|Description
+
+|`OnPTPConfigChangeE810`
+|Runs whenever you update the `PtpConfig` CR.
+The function parses the plugin options and applies the required configurations to the network device pins based on the configuration data.
+
+|`AfterRunPTPCommandE810`
+|Runs after launching the PTP processes and running the `gpspipe` PTP command.
+The function processes the plugin options and runs `ubxtool` commands, storing the output in the plugin-specific data.
+
+|`PopulateHwConfigE810`
+|Populates the `NodePtpDevice` CR based on hardware-specific data in the `PtpConfig` CR.
+|====
+
+The E810 plugin has the following structs and variables:
+
+.E810 plugin structs and variables
+[cols="1,3", width="90%", options="header"]
+|====
+|Struct
+|Description
+
+|`E810Opts`
+|Represents options for the E810 plugin, including boolean flags and a map of network device pins.
+
+|`E810UblxCmds`
+|Represents configurations for `ubxtool` commands with a boolean flag and a slice of strings for command arguments.
+
+|`E810PluginData`
+|Holds plugin-specific data used during plugin execution.
+|====
diff --git a/modules/nw-ptp-grandmaster-clock-class-reference.adoc b/modules/nw-ptp-grandmaster-clock-class-reference.adoc
new file mode 100644
index 000000000000..d242538b2211
--- /dev/null
+++ b/modules/nw-ptp-grandmaster-clock-class-reference.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * networking/ptp/configuring-ptp.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="nw-ptp-grandmaster-clock-class-reference_{context}"]
+= Grandmaster clock class sync state reference
+
+The following table describes the PTP grandmaster clock (T-GM) `gm.ClockClass` states.
+Clock class states categorize T-GM clocks based on their accuracy and stability with regard to the Primary Reference Time Clock (PRTC) or other timing source.
+
+Holdover specification is the amount of time a PTP clock can maintain synchronization without receiving updates from the primary time source.
+
+.T-GM clock class states
+[cols="1,3" options="header"]
+|====
+|Clock class state
+|Description
+
+|`gm.ClockClass 6`
+|T-GM clock is connected to a PRTC in `LOCKED` mode.
+For example, the PRTC is traceable to a GNSS time source.
+
+|`gm.ClockClass 7`
+|T-GM clock is in `HOLDOVER` mode, and within holdover specification.
+The clock source might not be traceable to a category 1 frequency source.
+
+|`gm.ClockClass 140`
+|T-GM clock is in `HOLDOVER` mode, is out of holdover specification, but it is still traceable to the category 1 frequency source.
+
+|`gm.ClockClass 248`
+|T-GM clock is in `FREERUN` mode.
+|====
+
+For more information, see link:https://www.itu.int/rec/T-REC-G.8275.1-202211-I/en["Phase/time traceability information", ITU-T G.8275.1/Y.1369.1 Recommendations].
diff --git a/modules/nw-ptp-grandmaster-clock-configuration-reference.adoc b/modules/nw-ptp-grandmaster-clock-configuration-reference.adoc
index c21198686e4b..9a4b003f89fe 100644
--- a/modules/nw-ptp-grandmaster-clock-configuration-reference.adoc
+++ b/modules/nw-ptp-grandmaster-clock-configuration-reference.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-ptp-grandmaster-clock-configuration-reference_{context}"]
 = Grandmaster clock PtpConfig configuration reference
 
-The following reference information describes the configuration options for the `PtpConfig` custom resource (CR) that configures the `linuxptp` services (`ptp4l`, `phc2sys`, `ts2phc`) as grandmaster clock.
+The following reference information describes the configuration options for the `PtpConfig` custom resource (CR) that configures the `linuxptp` services (`ptp4l`, `phc2sys`, `ts2phc`) as a grandmaster clock.
 
 .PtpConfig configuration options for PTP Grandmaster clock
 [cols="1,3" options="header"]
@@ -25,7 +25,7 @@ For the Intel Westport Channel NIC, when `enableDefaultConfig` is true, The PTP
 The options should not include the network interface name `-i <interface>` and service config file `-f /etc/ptp4l.conf` because the network interface name and the service config file are automatically appended.
 
 |`ptp4lConf`
-|Specify the required configuration to start `ptp4l` as grandmaster clock.
+|Specify the required configuration to start `ptp4l` as a grandmaster clock.
 For example, the `ens2f1` interface synchronizes downstream connected devices.
 For grandmaster clocks, set `clockClass` to `6` and set `clockAccuracy` to `0x27`.
 Set `timeSource` to `0x20` for when receiving the timing signal from a Global navigation satellite system (GNSS).
@@ -89,14 +89,13 @@ A larger number gets lower priority, so a priority of `99` is lower than a prior
 If a node can be matched with multiple profiles according to rules defined in the `match` field, the profile with the higher priority is applied to that node.
 
 |`.recommend.match`
-|Specify `.recommend.match` rules with `nodeLabel` or `nodeName`.
+|Specify `.recommend.match` rules with `nodeLabel` or `nodeName` values.
 
 |`.recommend.match.nodeLabel`
-|Set `nodeLabel` with the `key` of `node.Labels` from the node object by using the `oc
-get nodes --show-labels` command.
-For example: `node-role.kubernetes.io/worker`.
+|Set `nodeLabel` with the `key` of the `node.Labels` field from the node object by using the `oc get nodes --show-labels` command.
+For example, `node-role.kubernetes.io/worker`.
 
 |`.recommend.match.nodeName`
-|Set `nodeName` with value of `node.Name` from the node object by using the `oc get nodes` command.
-For example: `compute-1.example.com`.
+|Set `nodeName` with the value of the `node.Name` field from the node object by using the `oc get nodes` command.
+For example, `compute-1.example.com`.
 |====
diff --git a/modules/nw-ptp-installing-operator-cli.adoc b/modules/nw-ptp-installing-operator-cli.adoc
index b3acec10665a..04b89578bde7 100644
--- a/modules/nw-ptp-installing-operator-cli.adoc
+++ b/modules/nw-ptp-installing-operator-cli.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/about-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-ptp-operator-cli_{context}"]
 = Installing the PTP Operator using the CLI
 
@@ -96,8 +96,8 @@ $ oc get csv -n openshift-ptp -o custom-columns=Name:.metadata.name,Phase:.statu
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 Name                         Phase
-4.13.0-202301261535          Succeeded
+{product-version}.0-202301261535          Succeeded
 ----
diff --git a/modules/nw-ptp-installing-operator-web-console.adoc b/modules/nw-ptp-installing-operator-web-console.adoc
index 262b28af6ecc..8e32081f6790 100644
--- a/modules/nw-ptp-installing-operator-web-console.adoc
+++ b/modules/nw-ptp-installing-operator-web-console.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/about-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="install-ptp-operator-web-console_{context}"]
-= Installing the PTP Operator using the web console
+= Installing the PTP Operator by using the web console
 
-As a cluster administrator, you can install the PTP Operator using the web console.
+As a cluster administrator, you can install the PTP Operator by using the web console.
 
 [NOTE]
 ====
@@ -40,8 +40,5 @@ If the installation later succeeds with an *InstallSucceeded* message, you can i
 If the Operator does not appear as installed, to troubleshoot further:
 
 +
-* Go to the *Operators* -> *Installed Operators* page and inspect
-the *Operator Subscriptions* and *Install Plans* tabs for any failure or errors
-under *Status*.
-* Go to the *Workloads* -> *Pods* page and check the logs for pods in the
-`openshift-ptp` project.
+* Go to the *Operators* -> *Installed Operators* page and inspect the *Operator Subscriptions* and *Install Plans* tabs for any failure or errors under *Status*.
+* Go to the *Workloads* -> *Pods* page and check the logs for pods in the `openshift-ptp` project.
diff --git a/modules/nw-ptp-introduction.adoc b/modules/nw-ptp-introduction.adoc
index ec5f06993b1e..19f04afc3410 100644
--- a/modules/nw-ptp-introduction.adoc
+++ b/modules/nw-ptp-introduction.adoc
@@ -1,29 +1,31 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/about-ptp.adoc
 
-:_content-type: CONCEPT
-[id="ptp-introduction_{context}"]
-= About PTP
+:_mod-docs-content-type: CONCEPT
+[id="ptp-elements_{context}"]
+= Elements of a PTP domain
 
-Precision Time Protocol (PTP) is used to synchronize clocks in a network. When used in conjunction with hardware support, PTP is capable of sub-microsecond accuracy, and is more accurate than Network Time Protocol (NTP).
+PTP is used to synchronize multiple nodes connected in a network, with clocks for each node.
+The clocks synchronized by PTP are organized in a leader-follower hierarchy.
+The hierarchy is created and updated automatically by the best master clock (BMC) algorithm, which runs on every clock.
+Follower clocks are synchronized to leader clocks, and follower clocks can themselves be the source for other downstream clocks.
 
-[id="ptp-elements_{context}"]
-== Elements of a PTP domain
+.PTP nodes in the network
+image::319_OpenShift_PTP_bare-metal_OCP_nodes_1123_PTP_network.png[Diagram showing a PTP grandmaster clock, boundary clock, and ordinary clock syncing from a GPS satellite that is connected to the PTP grandmaster clock. The boundary and ordinary clocks are synced to the grandmaster clock.]
 
-PTP is used to synchronize multiple nodes connected in a network, with clocks for each node. The clocks synchronized by PTP are organized in a source-destination hierarchy.
-The hierarchy is created and updated automatically by the best master clock (BMC) algorithm, which runs on every clock. Destination clocks are synchronized to source clocks, and destination clocks can themselves be the source for other downstream clocks.
 The three primary types of PTP clocks are described below.
 
 Grandmaster clock:: The grandmaster clock provides standard time information to other clocks across the network and ensures accurate and stable synchronisation. It writes time stamps and responds to time requests from other clocks. Grandmaster clocks synchronize to a Global Navigation Satellite System (GNSS) time source. The Grandmaster clock is the authoritative source of time in the network and is responsible for providing time synchronization to all other devices.
 
-Ordinary clock:: The ordinary clock has a single port connection that can play the role of source or destination clock, depending on its position in the network. The ordinary clock can read and write time stamps.
-
 Boundary clock:: The boundary clock has ports in two or more communication paths and can be a source and a destination to other destination clocks at the same time. The boundary clock works as a destination clock upstream. The destination clock receives the timing message, adjusts for delay, and then creates a new source time signal to pass down the network. The boundary clock produces a new timing packet that is still correctly synced with the source clock and can reduce the number of connected devices reporting directly to the source clock.
 
+Ordinary clock:: The ordinary clock has a single port connection that can play the role of source or destination clock, depending on its position in the network. The ordinary clock can read and write timestamps.
+
+[discrete]
 [id="ptp-advantages-over-ntp_{context}"]
 == Advantages of PTP over NTP
 
 One of the main advantages that PTP has over NTP is the hardware support present in various network interface controllers (NIC) and network switches. The specialized hardware allows PTP to account for delays in message transfer and improves the accuracy of time synchronization. To achieve the best possible accuracy, it is recommended that all networking components between PTP clocks are PTP hardware enabled.
 
-Hardware-based PTP provides optimal accuracy, since the NIC can time stamp the PTP packets at the exact moment they are sent and received. Compare this to software-based PTP, which requires additional processing of the PTP packets by the operating system.
+Hardware-based PTP provides optimal accuracy, since the NIC can timestamp the PTP packets at the exact moment they are sent and received. Compare this to software-based PTP, which requires additional processing of the PTP packets by the operating system.
diff --git a/modules/nw-ptp-operator-metrics-reference.adoc b/modules/nw-ptp-operator-metrics-reference.adoc
new file mode 100644
index 000000000000..2626be7952cd
--- /dev/null
+++ b/modules/nw-ptp-operator-metrics-reference.adoc
@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// * networking/ptp/using-ptp-events.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="nw-ptp-operator-metrics-reference_{context}"]
+= PTP fast event metrics reference
+
+The following table describes the PTP fast events metrics that are available from cluster nodes where the `linuxptp-daemon` service is running.
+
+[NOTE]
+====
+Some of the following metrics are applicable for PTP grandmaster clocks (T-GM) only.
+====
+
+.PTP fast event metrics
+[cols="1,4,3", options="header"]
+|====
+|Metric
+|Description
+|Example
+
+|`openshift_ptp_clock_class`
+|Returns the PTP clock class for the interface.
+Possible values for PTP clock class are `6` (`LOCKED`), `7` (`HOLDOVER` within specification), `140` (`HOLDOVER` outside specification), and `248` (`FREERUN`).
+Applicable to T-GM clocks only.
+|`openshift_ptp_clock_class {node="compute-1.example.com", process="ptp4l"} 6`
+
+|`openshift_ptp_clock_state`
+|Returns the current PTP clock state for the interface.
+Possible values for PTP clock state are `FREERUN`, `LOCKED`, or `HOLDOVER`.
+|`openshift_ptp_clock_state {iface="CLOCK_REALTIME", node="compute-1.example.com", process="phc2sys"} 1`
+
+|`openshift_ptp_delay_ns`
+|Returns the delay in nanoseconds between the primary clock sending the timing packet and the secondary clock receiving the timing packet.
+|`openshift_ptp_delay_ns {from="master", iface="ens2fx", node="compute-1.example.com", process="ts2phc"} 0`
+
+|`openshift_ptp_frequency_adjustment_ns`
+|Returns the frequency adjustment in nanoseconds between 2 PTP clocks.
+For example, between the upstream clock and the NIC, between the system clock and the NIC, or between the PTP hardware clock (`phc`) and the NIC.
+Applicable to T-GM clocks only.
+|`openshift_ptp_frequency_adjustment_ns {from="phc", iface="CLOCK_REALTIME", node="compute-1.example.com", process="phc2sys"} -6768`
+
+|`openshift_ptp_interface_role`
+|Describes the configured PTP clock role for the interface.
+Possible values are 0 (`PASSIVE`), 1 (`SLAVE`), 2 (`MASTER`), 3 (`FAULTY`), 4 (`UNKNOWN`), or 5 (`LISTENING`).
+
+|`openshift_ptp_interface_role {iface="ens2f0", node="compute-1.example.com", process="ptp4l"} 2`
+
+|`openshift_ptp_max_offset_ns`
+|Returns the maximum offset in nanoseconds between 2 clocks or interfaces.
+For example, between the upstream GNSS clock and the NIC (`ts2phc`), or between the PTP hardware clock (`phc`) and the system clock (`phc2sys`).
+Applicable to T-GM clocks only.
+|`openshift_ptp_max_offset_ns {from="master", iface="ens2fx", node="compute-1.example.com", process="ts2phc"} 1.038099569e+09`
+
+|`openshift_ptp_offset_ns`
+|Returns the offset in nanoseconds between the DPLL clock or the GNSS clock source and the NIC hardware clock.
+Applicable to T-GM clocks only.
+|`openshift_ptp_offset_ns {from="phc", iface="CLOCK_REALTIME", node="compute-1.example.com", process="phc2sys"} -9`
+
+|`openshift_ptp_process_restart_count`
+|Returns a count of the number of times the `ptp4l` process was restarted.
+|`openshift_ptp_process_restart_count {config="ptp4l.0.config", node="compute-1.example.com",process="phc2sys"} 1`
+
+|`openshift_ptp_process_status`
+|Returns a status code that shows whether the PTP process is running or not.
+|`openshift_ptp_process_status {config="ptp4l.0.config", node="compute-1.example.com",process="phc2sys"} 1`
+
+|`openshift_ptp_threshold`
+a|Returns values for `HoldOverTimeout`, `MaxOffsetThreshold`, and `MinOffsetThreshold`.
+
+* `holdOverTimeout` is the time value in seconds before the PTP clock event state changes to `FREERUN` when the PTP master clock is disconnected.
+* `maxOffsetThreshold` and `minOffsetThreshold` are offset values in nanoseconds that compare against the values for `CLOCK_REALTIME` (`phc2sys`) or master offset (`ptp4l`) values that you configure in the `PtpConfig` CR for the NIC.
+|`openshift_ptp_threshold {node="compute-1.example.com", profile="grandmaster", threshold="HoldOverTimeout"} 5`
+|====
diff --git a/modules/nw-rfhe-creating-bmc-event-sub.adoc b/modules/nw-rfhe-creating-bmc-event-sub.adoc
index 78edf2a58473..3b07e7e5f24a 100644
--- a/modules/nw-rfhe-creating-bmc-event-sub.adoc
+++ b/modules/nw-rfhe-creating-bmc-event-sub.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-rfhe-creating-bmc-event-sub_{context}"]
 = Subscribing to bare-metal events
 
diff --git a/modules/nw-rfhe-creating-hardware-event.adoc b/modules/nw-rfhe-creating-hardware-event.adoc
index d654e240afa9..a8e2a90a3a2c 100644
--- a/modules/nw-rfhe-creating-hardware-event.adoc
+++ b/modules/nw-rfhe-creating-hardware-event.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-rfhe-creating-hardware-event_{context}"]
 = Creating the bare-metal event and Secret CRs
 
@@ -18,15 +18,6 @@ To start using bare-metal events, create the `HardwareEvent` custom resource (CR
 
 * You have created a `BMCEventSubscription` CR for the BMC Redfish hardware.
 
-* You have configured dynamic volume provisioning in the cluster or you have manually created `StorageClass`, `LocalVolume`, and `PersistentVolume` CRs to persist the events subscription.
-+
-[NOTE]
-====
-When you enable dynamic volume provisioning in the cluster, a `PersistentVolume` resource is automatically created for the `PersistentVolumeClaim` that the {redfish-operator} deploys.
-
-For more information about manually creating persistent storage in the cluster, see "Persistent storage using local volumes".
-====
-
 .Procedure
 
 . Create the `HardwareEvent` custom resource (CR):
@@ -47,25 +38,20 @@ metadata:
 spec:
   nodeSelector:
     node-role.kubernetes.io/hw-event: "" <1>
-  storageType: "example-storage-class" <2>
-  logLevel: "debug" <3>
-  msgParserTimeout: "10" <4>
+  logLevel: "debug" <2>
+  msgParserTimeout: "10" <3>
 ----
 +
 --
 <1> Required. Use the `nodeSelector` field to target nodes with the specified label, for example, `node-role.kubernetes.io/hw-event: ""`.
-<2> The value of `storageType` is used to populate the `StorageClassName` field for the `PersistentVolumeClaim` (`PVC`) resource that the {redfish-operator} automatically deploys.
-The `PVC` resource is used to persist consumer event subscriptions.
 +
 [NOTE]
 ====
 In {product-title} 4.13 or later, you do not need to set the `spec.transportHost` field in the `HardwareEvent` resource when you use HTTP transport for bare-metal events.
 Set `transportHost` only when you use AMQP transport for bare-metal events.
-
-The value that you set for `.spec.storageType` in the `HardwareEvent` CR must match the `storageClassName` that is set in the `PersistentVolume` CR.
 ====
-<3> Optional. The default value is `debug`. Sets the log level in `hw-event-proxy` logs. The following log levels are available: `fatal`, `error`, `warning`, `info`, `debug`, `trace`.
-<4> Optional. Sets the timeout value in milliseconds for the Message Parser. If a message parsing request is not responded to within the timeout duration, the original hardware event message is passed to the cloud native event framework. The default value is 10.
+<2> Optional. The default value is `debug`. Sets the log level in `hw-event-proxy` logs. The following log levels are available: `fatal`, `error`, `warning`, `info`, `debug`, `trace`.
+<3> Optional. Sets the timeout value in milliseconds for the Message Parser. If a message parsing request is not responded to within the timeout duration, the original hardware event message is passed to the cloud native event framework. The default value is 10.
 --
 
 .. Apply the `HardwareEvent` CR in the cluster:
diff --git a/modules/nw-rfhe-installing-operator-cli.adoc b/modules/nw-rfhe-installing-operator-cli.adoc
index 32acbe7aa69e..007c4cd3bc1d 100644
--- a/modules/nw-rfhe-installing-operator-cli.adoc
+++ b/modules/nw-rfhe-installing-operator-cli.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-rfhe-installing-operator-cli_{context}"]
 = Installing the {redfish-operator} using the CLI
 
diff --git a/modules/nw-rfhe-installing-operator-web-console.adoc b/modules/nw-rfhe-installing-operator-web-console.adoc
index 02a43f89cdb7..645f18f8ea93 100644
--- a/modules/nw-rfhe-installing-operator-web-console.adoc
+++ b/modules/nw-rfhe-installing-operator-web-console.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-rfhe-installing-operator-web-console_{context}"]
 = Installing the {redfish-operator} using the web console
 
diff --git a/modules/nw-rfhe-introduction.adoc b/modules/nw-rfhe-introduction.adoc
index 24428b7c0f62..b2a793dd4f68 100644
--- a/modules/nw-rfhe-introduction.adoc
+++ b/modules/nw-rfhe-introduction.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-rfhe-introduction_{context}"]
 = How bare-metal events work
 
diff --git a/modules/nw-rfhe-quering-redfish-hardware-event-subs.adoc b/modules/nw-rfhe-quering-redfish-hardware-event-subs.adoc
index e71d0deaf97f..00dcdc41e04b 100644
--- a/modules/nw-rfhe-quering-redfish-hardware-event-subs.adoc
+++ b/modules/nw-rfhe-quering-redfish-hardware-event-subs.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * monitoring/using-rfhe.adoc
+// * scalability_and_performance/using-rfhe.adoc
 
 :_module-type: PROCEDURE
 [id="nw-rfhe-querying-redfish-hardware-event-subs_{context}"]
diff --git a/modules/nw-rosa-proxy-remove-cli.adoc b/modules/nw-rosa-proxy-remove-cli.adoc
index 07a878b0a033..8f02ffa481ad 100644
--- a/modules/nw-rosa-proxy-remove-cli.adoc
+++ b/modules/nw-rosa-proxy-remove-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/enable-cluster-wide-proxy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-rosa-proxy-remove-cli_{context}"]
 = Removing the cluster-wide proxy using CLI
 
@@ -45,12 +45,12 @@ $ rosa describe cluster -c <cluster_name>
 +
 Before removal, the proxy IP displays in a proxy section:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 Name:                       <cluster_name>
 ID:                         <cluster_internal_id>
 External ID:                <cluster_external_id>
-OpenShift Version:          4.13.0
+OpenShift Version:          {product-version}.0
 Channel Group:              stable
 DNS:                        <dns>
 AWS Account:                <aws_account_id>
@@ -75,12 +75,12 @@ Additional trust bundle:    REDACTED
 +
 After removing the proxy, the proxy section is removed:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 Name:                       <cluster_name>
 ID:                         <cluster_internal_id>
 External ID:                <cluster_external_id>
-OpenShift Version:          4.13.0
+OpenShift Version:          {product-version}.0
 Channel Group:              stable
 DNS:                        <dns>
 AWS Account:                <aws_account_id>
diff --git a/modules/nw-route-admission-policy.adoc b/modules/nw-route-admission-policy.adoc
index de2fe5ceaa72..5140ad3355de 100644
--- a/modules/nw-route-admission-policy.adoc
+++ b/modules/nw-route-admission-policy.adoc
@@ -3,7 +3,7 @@
 // * ingress/configure-ingress-operator.adoc
 // * networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-route-admission-policy_{context}"]
 = Configuring the route admission policy
 
diff --git a/modules/nw-route-set-or-delete-http-headers.adoc b/modules/nw-route-set-or-delete-http-headers.adoc
new file mode 100644
index 000000000000..4322252709cf
--- /dev/null
+++ b/modules/nw-route-set-or-delete-http-headers.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * networking/route-configuration.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-route-set-or-delete-http-headers_{context}"]
+= Setting or deleting HTTP request and response headers in a route
+
+You can set or delete certain HTTP request and response headers for compliance purposes or other reasons. You can set or delete these headers either for all routes served by an Ingress Controller or for specific routes.
+
+For example, you might want to enable a web application to serve content in alternate locations for specific routes if that content is written in multiple languages, even if there is a default global location specified by the Ingress Controller serving the routes.
+
+The following procedure creates a route that sets the Content-Location HTTP request header so that the URL associated with the application, `\https://app.example.com`, directs to the location `\https://app.example.com/lang/en-us`. Directing application traffic to this location means that anyone using that specific route is accessing web content written in American English.
+
+.Prerequisites
+* You have installed the OpenShift CLI (`oc`).
+* You are logged into an {product-title} cluster as a project administrator.
+* You have a web application that exposes a port and an HTTP or TLS endpoint listening for traffic on the port.
+
+.Procedure
+. Create a route definition and save it in a file called `app-example-route.yaml`:
++
+.YAML definition of the created route with HTTP header directives
+[source,yaml]
+----
+apiVersion: route.openshift.io/v1
+kind: Route
+# ...
+spec:
+  host: app.example.com
+  tls:
+    termination: edge
+  to:
+    kind: Service
+    name: app-example
+  httpHeaders:
+    actions: <1>
+      response: <2>
+      - name: Content-Location <3>
+        action:
+          type: Set <4>
+          set:
+            value: /lang/en-us <5>
+----
+<1> The list of actions you want to perform on the HTTP headers.
+<2> The type of header you want to change. In this case, a response header.
+<3> The name of the header you want to change. For a list of available headers you can set or delete, see _HTTP header configuration_.
+<4> The type of action being taken on the header. This field can have the value `Set` or `Delete`.
+<5> When setting HTTP headers, you must provide a `value`. The value can be a string from a list of available directives for that header, for example `DENY`, or it can be a dynamic value that will be interpreted using HAProxy's dynamic value syntax. In this case, the value is set to the relative location of the content.
+
+. Create a route to your existing web application using the newly created route definition:
++
+[source,terminal]
+----
+$ oc -n app-example create -f app-example-route.yaml
+----
+
+For HTTP request headers, the actions specified in the route definitions are executed after any actions performed on HTTP request headers in the Ingress Controller. This means that any values set for those request headers in a route will take precedence over the ones set in the Ingress Controller. For more information on the processing order of HTTP headers, see _HTTP header configuration_.
diff --git a/modules/nw-route-specific-annotations.adoc b/modules/nw-route-specific-annotations.adoc
index 24d4b645f282..29ebc56c2ae9 100644
--- a/modules/nw-route-specific-annotations.adoc
+++ b/modules/nw-route-specific-annotations.adoc
@@ -19,7 +19,7 @@ To create a whitelist with multiple source IPs or subnets, use a space-delimited
 [cols="3*", options="header"]
 |===
 |Variable | Description | Environment variable used as default
-|`haproxy.router.openshift.io/balance`| Sets the load-balancing algorithm. Available options are `random`, `source`, `roundrobin`, and `leastconn`.  The default value is `random`.| `ROUTER_TCP_BALANCE_SCHEME` for passthrough routes. Otherwise, use `ROUTER_LOAD_BALANCE_ALGORITHM`.
+|`haproxy.router.openshift.io/balance`| Sets the load-balancing algorithm. Available options are `random`, `source`, `roundrobin`, and `leastconn`.  The default value is `source` for TLS passthrough routes. For all other routes, the default is `random`. |`ROUTER_TCP_BALANCE_SCHEME` for passthrough routes. Otherwise, use `ROUTER_LOAD_BALANCE_ALGORITHM`.
 |`haproxy.router.openshift.io/disable_cookies`| Disables the use of cookies to track related connections. If set to `'true'` or `'TRUE'`, the balance algorithm is used to choose which back-end serves connections for each incoming HTTP request. |
 |`router.openshift.io/cookie_name`| Specifies an optional cookie to use for
 this route. The name must consist of any combination of upper and lower case letters, digits, "_",
@@ -27,21 +27,22 @@ and "-". The default is the hashed internal key name for the route. |
 |`haproxy.router.openshift.io/pod-concurrent-connections`| Sets the maximum number of connections that are allowed to a backing pod from a router. +
 Note: If there are multiple pods, each can have this many connections.  If you have multiple routers, there is no coordination among them, each may connect this many times. If not set, or set to 0, there is no limit. |
 |`haproxy.router.openshift.io/rate-limit-connections`| Setting `'true'` or `'TRUE'` enables rate limiting functionality which is implemented through stick-tables on the specific backend per route. +
-Note: Using this annotation provides basic protection against distributed denial-of-service (DDoS) attacks. |
+Note: Using this annotation provides basic protection against denial-of-service attacks. |
 |`haproxy.router.openshift.io/rate-limit-connections.concurrent-tcp`| Limits the number of concurrent TCP connections made through the same source IP address. It accepts a numeric value. +
-Note: Using this annotation provides basic protection against distributed denial-of-service (DDoS) attacks. |
+Note: Using this annotation provides basic protection against denial-of-service attacks. |
 |`haproxy.router.openshift.io/rate-limit-connections.rate-http`| Limits the rate at which a client with the same source IP address can make HTTP requests. It accepts a numeric value.  +
-Note: Using this annotation provides basic protection against distributed denial-of-service (DDoS) attacks. |
+Note: Using this annotation provides basic protection against denial-of-service attacks. |
 |`haproxy.router.openshift.io/rate-limit-connections.rate-tcp`| Limits the rate at which a client with the same source IP address can make TCP connections. It accepts a numeric value.  +
-Note: Using this annotation provides basic protection against distributed denial-of-service (DDoS) attacks. |
+Note: Using this annotation provides basic protection against denial-of-service attacks. |
 |`haproxy.router.openshift.io/timeout` | Sets a server-side timeout for the route. (TimeUnits) | `ROUTER_DEFAULT_SERVER_TIMEOUT`
 |`haproxy.router.openshift.io/timeout-tunnel` | This timeout applies to a tunnel connection, for example, WebSocket over cleartext, edge, reencrypt, or passthrough routes. With cleartext, edge, or reencrypt route types, this annotation is applied as a timeout tunnel with the existing timeout value. For the passthrough route types, the annotation takes precedence over any existing timeout value set. | `ROUTER_DEFAULT_TUNNEL_TIMEOUT`
 |`ingresses.config/cluster ingress.operator.openshift.io/hard-stop-after` | You can set either an IngressController or the ingress config . This annotation redeploys the router and configures the HA proxy to emit the haproxy `hard-stop-after` global option, which defines the maximum time allowed to perform a clean soft-stop. | `ROUTER_HARD_STOP_AFTER`
 |`router.openshift.io/haproxy.health.check.interval`| Sets the interval for the back-end health checks. (TimeUnits) | `ROUTER_BACKEND_CHECK_INTERVAL`
 |`haproxy.router.openshift.io/ip_whitelist`
-| Sets a whitelist for the route. The whitelist is a space-separated list of IP addresses and CIDR ranges for the approved source addresses. Requests from IP addresses that are not in the whitelist are dropped.
+| Sets an allowlist for the route. The allowlist is a space-separated list of IP addresses and CIDR ranges for the approved source addresses. Requests from IP addresses that are not in the allowlist are dropped.
+
+The maximum number of IP addresses and CIDR ranges directly visible in the `haproxy.config` file is 61. [^1^] |
 
-The maximum number of IP addresses and CIDR ranges allowed in a whitelist is 61.|
 |`haproxy.router.openshift.io/hsts_header` | Sets a Strict-Transport-Security header for the edge terminated or re-encrypt route. |
 |`haproxy.router.openshift.io/log-send-hostname` | Sets the `hostname` field in the Syslog header. Uses the hostname of the system. `log-send-hostname` is enabled by default if any Ingress API logging method, such as sidecar or Syslog facility, is enabled for the router. |
 |`haproxy.router.openshift.io/rewrite-target` | Sets the rewrite path of the request on the backend. |
@@ -66,6 +67,15 @@ This value is applicable to re-encrypt and edge routes only. For more informatio
 `if-none`: sets the header if it is not already set.| `ROUTER_SET_FORWARDED_HEADERS`
 
 |===
+[.small]
+--
+1. If the number of IP addresses and CIDR ranges in an allowlist exceeds 61, they are written into a separate file that is then referenced from `haproxy.config`. This file is stored in the `var/lib/haproxy/router/whitelists` folder.
++
+[NOTE]
+====
+To ensure that the addresses are written to the allowlist, check that the full list of CIDR ranges are listed in the Ingress Controller configuration file. The etcd object size limit restricts how large a route annotation can be. Because of this, it creates a threshold for the maximum number of IP addresses and CIDR ranges that you can include in an allowlist.
+====
+--
 
 [NOTE]
 ====
diff --git a/modules/nw-router-configuring-dual-stack.adoc b/modules/nw-router-configuring-dual-stack.adoc
index 2f4cf741dbf6..7ddc886ac75f 100644
--- a/modules/nw-router-configuring-dual-stack.adoc
+++ b/modules/nw-router-configuring-dual-stack.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/routes/route-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-router-configuring-dual-stack_{context}"]
 = Configuring the {product-title} Ingress Controller for dual-stack networking
 
diff --git a/modules/nw-running-dpdk-rootless-tap.adoc b/modules/nw-running-dpdk-rootless-tap.adoc
new file mode 100644
index 000000000000..8c2f3a9769cc
--- /dev/null
+++ b/modules/nw-running-dpdk-rootless-tap.adoc
@@ -0,0 +1,235 @@
+// Module included in the following assemblies:
+//
+// * networking/hardware_networks/using-dpdk-and-rdma.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-running-dpdk-rootless-tap_{context}"]
+= Using the TAP CNI to run a rootless DPDK workload with kernel access
+
+DPDK applications can use `virtio-user` as an exception path to inject certain types of packets, such as log messages, into the kernel for processing. For more information about this feature, see link:https://doc.dpdk.org/guides/howto/virtio_user_as_exception_path.html[Virtio_user as Exception Path].
+
+In OpenShift Container Platform version 4.14 and later, you can use non-privileged pods to run DPDK applications alongside the tap CNI plugin. To enable this functionality, you need to mount the `vhost-net` device by setting the `needVhostNet` parameter to `true` within the `SriovNetworkNodePolicy` object.
+
+.DPDK and TAP example configuration
+image::348_OpenShift_rootless_DPDK_0923.png[DPDK and TAP plugin]
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+* You have installed the SR-IOV Network Operator.
+* You are logged in as a user with `cluster-admin` privileges.
+* Ensure that `setsebools container_use_devices=on` is set as root on all nodes.
++
+[NOTE]
+====
+Use the Machine Config Operator to set this SELinux boolean.
+====
+
+.Procedure
+
+. Create a file, such as `test-namespace.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-namespace
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
+    security.openshift.io/scc.podSecurityLabelSync: "false"
+----
+
+. Create the new `Namespace` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f test-namespace.yaml
+----
+
+. Create a file, such as `sriov-node-network-policy.yaml`, with content like the following example::
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+ name: sriovnic
+ namespace: openshift-sriov-network-operator
+spec:
+ deviceType: netdevice <1>
+ isRdma: true <2>
+ needVhostNet: true <3>
+ nicSelector:
+   vendor: "15b3" <4>
+   deviceID: "101b" <5>
+   rootDevices: ["00:05.0"]
+ numVfs: 10
+ priority: 99
+ resourceName: sriovnic
+ nodeSelector:
+    feature.node.kubernetes.io/network-sriov.capable: "true"
+----
+<1> This indicates that the profile is tailored specifically for Mellanox Network Interface Controllers (NICs).
+<2> Setting `isRdma` to `true` is only required for a Mellanox NIC.
+<3> This mounts the `/dev/net/tun` and `/dev/vhost-net` devices into the container so the application can create a tap device and connect the tap device to the DPDK workload.
+<4> The vendor hexadecimal code of the SR-IOV network device. The value 15b3 is associated with a Mellanox NIC.
+<5> The device hexadecimal code of the SR-IOV network device.
+
+. Create the `SriovNetworkNodePolicy` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sriov-node-network-policy.yaml
+----
+
+. Create the following `SriovNetwork` object, and then save the YAML in the `sriov-network-attachment.yaml` file:
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetwork
+metadata:
+ name: sriov-network
+ namespace: openshift-sriov-network-operator
+spec:
+ networkNamespace: test-namespace
+ resourceName: sriovnic
+ spoofChk: "off"
+ trust: "on"
+----
++
+[NOTE]
+=====
+See the "Configuring SR-IOV additional network" section for a detailed explanation on each option in `SriovNetwork`.
+=====
++
+An optional library, `app-netutil`, provides several API methods for gathering network information about a container's parent pod.
+
+. Create the `SriovNetwork` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sriov-network-attachment.yaml
+----
+
+. Create a file, such as `tap-example.yaml`, that defines a network attachment definition, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: tap-one
+ namespace: test-namespace <1>
+spec:
+ config: '{
+   "cniVersion": "0.4.0",
+   "name": "tap",
+   "plugins": [
+     {
+        "type": "tap",
+        "multiQueue": true,
+        "selinuxcontext": "system_u:system_r:container_t:s0"
+     },
+     {
+       "type":"tuning",
+       "capabilities":{
+         "mac":true
+       }
+     }
+   ]
+ }'
+----
+<1> Specify the same `target_namespace` where the `SriovNetwork` object is created.
+
+. Create the `NetworkAttachmentDefinition` object by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f tap-example.yaml
+----
+
+. Create a file, such as `dpdk-pod-rootless.yaml`, with content like the following example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dpdk-app
+  namespace: test-namespace <1>
+  annotations:
+    k8s.v1.cni.cncf.io/networks: '[
+      {"name": "sriov-network", "namespace": "test-namespace"},
+      {"name": "tap-one", "interface": "ext0", "namespace": "test-namespace"}]'
+spec:
+  nodeSelector:
+    kubernetes.io/hostname: "worker-0"
+  securityContext:
+      fsGroup: 1001 <2>
+      runAsGroup: 1001 <3>
+      seccompProfile:
+        type: RuntimeDefault
+  containers:
+  - name: testpmd
+    image: <DPDK_image> <4>
+    securityContext:
+      capabilities:
+        drop: ["ALL"] <5>
+        add: <6>
+          - IPC_LOCK
+          - NET_RAW #for mlx only <7>
+      runAsUser: 1001 <8>
+      privileged: false <9>
+      allowPrivilegeEscalation: true <10>
+      runAsNonRoot: true <11>
+    volumeMounts:
+    - mountPath: /mnt/huge <12>
+      name: hugepages
+    resources:
+      limits:
+        openshift.io/sriovnic: "1" <13>
+        memory: "1Gi"
+        cpu: "4" <14>
+        hugepages-1Gi: "4Gi" <15>
+      requests:
+        openshift.io/sriovnic: "1"
+        memory: "1Gi"
+        cpu: "4"
+        hugepages-1Gi: "4Gi"
+    command: ["sleep", "infinity"]
+  runtimeClassName: performance-cnf-performanceprofile <16>
+  volumes:
+  - name: hugepages
+    emptyDir:
+      medium: HugePages
+----
++
+--
+<1> Specify the same `target_namespace` in which the `SriovNetwork` object is created. If you want to create the pod in a different namespace, change `target_namespace` in both the `Pod` spec and the `SriovNetwork` object.
+<2> Sets the group ownership of volume-mounted directories and files created in those volumes.
+<3> Specify the primary group ID used for running the container.
+<4> Specify the DPDK image that contains your application and the DPDK library used by application.
+<5> Removing all capabilities (`ALL`) from the container's securityContext means that the container has no special privileges beyond what is necessary for normal operation.
+<6> Specify additional capabilities required by the application inside the container for hugepage allocation, system resource allocation, and network interface access. These capabilities must also be set in the binary file by using the `setcap` command.
+<7> Mellanox network interface controller (NIC) requires the `NET_RAW` capability.
+<8> Specify the user ID used for running the container.
+<9> This setting indicates that the container or containers within the pod should not be granted privileged access to the host system.
+<10>  This setting allows a container to escalate its privileges beyond the initial non-root privileges it might have been assigned.
+<11> This setting ensures that the container runs with a non-root user. This helps enforce the principle of least privilege, limiting the potential impact of compromising the container and reducing the attack surface.
+<12> Mount a hugepage volume to the DPDK pod under `/mnt/huge`. The hugepage volume is backed by the emptyDir volume type with the medium being `Hugepages`.
+<13> Optional: Specify the number of DPDK devices allocated for the DPDK pod. If not explicitly specified, this resource request and limit is automatically added by the SR-IOV network resource injector. The SR-IOV network resource injector is an admission controller component managed by SR-IOV Operator. It is enabled by default and can be disabled by setting the `enableInjector` option to `false` in the default `SriovOperatorConfig` CR.
+<14> Specify the number of CPUs. The DPDK pod usually requires exclusive CPUs to be allocated from the kubelet. This is achieved by setting CPU Manager policy to `static` and creating a pod with `Guaranteed` QoS.
+<15> Specify hugepage size `hugepages-1Gi` or `hugepages-2Mi` and the quantity of hugepages that will be allocated to the DPDK pod. Configure `2Mi` and `1Gi` hugepages separately. Configuring `1Gi` hugepage requires adding kernel arguments to Nodes. For example, adding kernel arguments `default_hugepagesz=1GB`, `hugepagesz=1G` and `hugepages=16` will result in `16*1Gi` hugepages be allocated during system boot.
+<16> If your performance profile is not named `cnf-performance profile`, replace that string with the correct performance profile name.
+--
++
+. Create the DPDK pod by running the following command:
++
+[source,terminal]
+----
+$ oc create -f dpdk-pod-rootless.yaml
+----
\ No newline at end of file
diff --git a/modules/nw-scaling-ingress-controller.adoc b/modules/nw-scaling-ingress-controller.adoc
index be3ffd99fe76..87f539683c46 100644
--- a/modules/nw-scaling-ingress-controller.adoc
+++ b/modules/nw-scaling-ingress-controller.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 // * networking/ingress-controller-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-ingress-controller-configuration_{context}"]
 = Scaling an Ingress Controller
 
diff --git a/modules/nw-sctp-enabling.adoc b/modules/nw-sctp-enabling.adoc
index e8ebb7cd8ced..fc5e8c1c155e 100644
--- a/modules/nw-sctp-enabling.adoc
+++ b/modules/nw-sctp-enabling.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/using-sctp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sctp-enabling_{context}"]
 = Enabling Stream Control Transmission Protocol (SCTP)
 
diff --git a/modules/nw-sctp-verifying.adoc b/modules/nw-sctp-verifying.adoc
index 7b48290232b6..40ba65317c39 100644
--- a/modules/nw-sctp-verifying.adoc
+++ b/modules/nw-sctp-verifying.adoc
@@ -8,7 +8,7 @@ ifdef::openshift-origin[]
 :image: fedora:31
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sctp-verifying_{context}"]
 = Verifying Stream Control Transmission Protocol (SCTP) is enabled
 
diff --git a/modules/nw-secondary-ext-gw-about.adoc b/modules/nw-secondary-ext-gw-about.adoc
new file mode 100644
index 000000000000..1a3fbb97306c
--- /dev/null
+++ b/modules/nw-secondary-ext-gw-about.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-secondary-ext-gw-about_{context}"]
+= How {product-title} determines the external gateway IP address
+
+You configure a secondary external gateway with the `AdminPolicyBasedExternalRoute` custom resource from the the `k8s.ovn.org` API group. The custom resource (CR) supports static and dynamic approaches to specifying an external gateway's IP address. Each namespace that a `AdminPolicyBasedExternalRoute` CR targets cannot be selected by any other `AdminPolicyBasedExternalRoute` CR. A namespace cannot have concurrent secondary external gateways.
+
+Static assignment:: You specify an IP address directly.
+Dynamic assignment:: You specify an IP address indirectly, with namespace and pod selectors, and an optional network attachment definition.
++
+--
+- If the name of a network attachment definition is provided, the external gateway IP address of the network attachment is used.
+- If the name of a network attachment definition is not provided, the external gateway IP address for the pod itself is used. However, this approach works only if the pod is configured with `hostNetwork` set to `true`.
+--
diff --git a/modules/nw-secondary-ext-gw-configure.adoc b/modules/nw-secondary-ext-gw-configure.adoc
new file mode 100644
index 000000000000..4ec48689730d
--- /dev/null
+++ b/modules/nw-secondary-ext-gw-configure.adoc
@@ -0,0 +1,143 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-secondary-ext-gw-configure_{context}"]
+= Configure a secondary external gateway
+
+You can configure a secondary external gateway for a namespace in your cluster.
+
+.Prerequisites
+
+* You installed the OpenShift CLI (`oc`).
+* You are logged in to the cluster with a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Create a YAML file that contains an `AdminPolicyBasedExternalRoute` object.
+. To create an admin policy based external route, enter the following command:
++
+[source,terminal]
+----
+$ oc create -f <file>.yaml
+----
++
+--
+where:
+
+`<file>`:: Specifies the name of the YAML file that you created in the previous step.
+--
++
+.Example output
+[source,text]
+----
+adminpolicybasedexternalroute.k8s.ovn.org/default-route-policy created
+----
+
+. To confirm that the admin policy based external route was created, enter the following command:
++
+[source,terminal]
+----
+$ oc describe apbexternalroute <name> | tail -n 6
+----
++
+--
+where:
+
+`<name>`:: Specifies the name of the `AdminPolicyBasedExternalRoute` object.
+--
++
+.Example output
+[source,text]
+----
+Status:
+  Last Transition Time:  2023-04-24T15:09:01Z
+  Messages:
+  Configured external gateway IPs: 172.18.0.8
+  Status:  Success
+Events:  <none>
+----
+
+////
+.Verification
+
+If you created an `AdminPolicyBasedExternalRoute` object that selects a host-network pod IP address as the secondary external gateway, you can confirm that the next hop is correct for a pod with the following steps:
+
+. To get the IP address of the pod, enter the following command:
++
+[source,terminal]
+----
+oc get pods/<pod_name> -n <namespace> -o wide
+----
++
+--
+where:
+
+`<pod_name>`:: Specifies the name of the pod.
+`<namespace>`:: Specifies the namespace of the pod.
+--
++
+.Example output
+[source,text]
+----
+NAMESPACE  NAME   READY   STATUS      RESTARTS      AGE   IP            NODE      NOMINATED NODE   READINESS GATES
+ns1        pod1   1/1     Running     1 (37m ago)   41m   10.130.0.8    node1     <none>           <none>
+----
+
+. Confirm that the IP address from the previous step is available as an external gateway.
+
+.. To find the the OVN-Kubernetes control plane pod that manages the next hop for the pod, enter the following command:
++
+[source,terminal]
+----
+$ oc get pod -n openshift-ovn-kubernetes \
+  --field-selector spec.nodeName=<node_name> \
+  -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | \
+    grep ovnkube-node-
+----
++
+--
+where:
+
+`<node_name>`:: Specifies the name of the node from the `NODE` column that the pod from the previous step is running on.
+--
++
+.Example output
+[source,text]
+----
+ovnkube-node-rpt55
+----
+
+.. To confirm that the OVN-Kubernetes node pod includes the correct next hop, enter the following command:
++
+[source,terminal]
+----
+$ oc exec -t <pod_name> -n openshift-ovn-kubernetes  -c nbdb \
+    -- ovn-nbctl lr-route-list GR_ovn-work | grep <pod_ip> -A 6 -B 4
+
+oc exec -ti <pod_name> -n openshift-ovn-kubernetes -c nbdb -- ovn-nbctl lr-route-list GR_<node_name> | grep <pod_id> -A6 -B4
+----
++
+--
+where:
+
+`<pod_name>`:: Specifies the name of the OVN-Kubernetes node pod from the previous step.
+`<node_name>`:: Specifies the name of the cluster node that the OVN-Kubernetes node pod is running on.
+`<pod_ip>`:: Specifies the name of the pod IP address.
+--
++
+.Example output
+[source,text]
+----
+IPv4 Routes
+Route Table
+
+:
+10.128.2.206 172.18.0.10 src-ip rtoe-GR_worker-0-1 ecmp-symmetric-reply bfd
+10.128.3.229 172.18.0.10 src-ip rtoe-GR_worker-0-1 ecmp-symmetric-reply bfd
+169.254.169.0/29 169.254.169.4 dst-ip rtoe-GR_worker-0-1
+10.128.0.0/14 100.64.0.1 dst-ip
+0.0.0.0/0 192.168.123.1 dst-ip rtoe-GR_worker-0-1
+----
+////
diff --git a/modules/nw-secondary-ext-gw-object.adoc b/modules/nw-secondary-ext-gw-object.adoc
new file mode 100644
index 000000000000..b73b10b75f7e
--- /dev/null
+++ b/modules/nw-secondary-ext-gw-object.adoc
@@ -0,0 +1,180 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nw-secondary-ext-gw-object_{context}"]
+= AdminPolicyBasedExternalRoute object configuration
+
+You can define an `AdminPolicyBasedExternalRoute` object, which is cluster scoped, with the following properties. A namespace can be selected by only one `AdminPolicyBasedExternalRoute` CR at a time.
+
+.`AdminPolicyBasedExternalRoute` object
+[cols=".^3,.^2,.^5a",options="header"]
+
+|====
+|Field|Type|Description
+
+|`metadata.name`
+|`string`
+|
+Specifies the name of the  `AdminPolicyBasedExternalRoute` object.
+
+|`spec.from`
+|`string`
+|
+Specifies a namespace selector that the routing polices apply to. Only `namespaceSelector` is supported for external traffic. For example:
+
+[source,yaml]
+----
+from:
+  namespaceSelector:
+    matchLabels:
+      kubernetes.io/metadata.name: novxlan-externalgw-ecmp-4059
+----
+
+A namespace can be targeted by only one `AdminPolicyBasedExternalRoute` CR. If a namespace is selected by more than one `AdminPolicyBasedExternalRoute` CR, a `failed` error status occurs on the second and subsequent CRs targeting the same namespace.
+
+|`spec.nextHops`
+|`object`
+|
+Specifies the destinations where the packets are forwarded to. Must be either or both of `static` and `dynamic`. You must have at least one next hop defined.
+
+|====
+
+
+.`nextHops` object
+[cols=".^3,.^2,.^5a",options="header"]
+|====
+|Field|Type|Description
+
+|`static`
+|`array`
+| Specifies an array of static IP addresses.
+
+|`dynamic`
+|`array`
+| Specifies an array of pod selectors corresponding to pods configured with a network attachment definition to use as the external gateway target.
+
+|====
+
+
+.`nextHops.static` object
+[cols=".^3,.^2,.^5a",options="header"]
+|====
+|Field|Type|Description
+
+|`ip`
+|`string`
+| Specifies either an IPv4 or IPv6 address of the next destination hop.
+
+|`bfdEnabled`
+|`boolean`
+|Optional: Specifies whether Bi-Directional Forwarding Detection (BFD) is supported by the network. The default value is `false`.
+
+|====
+
+.`nextHops.dynamic` object
+[cols=".^3,.^2,.^5a",options="header"]
+|====
+|Field|Type|Description
+
+|`podSelector`
+|`string`
+|
+Specifies a [set-based](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) label selector to filter the pods in the namespace that match this network configuration.
+
+|`namespaceSelector`
+|`string`
+| Specifies a `set-based` selector to filter the namespaces that the `podSelector` applies to. You must specify a value for this field.
+
+
+|`bfdEnabled`
+|`boolean`
+|Optional: Specifies whether Bi-Directional Forwarding Detection (BFD) is supported by the network. The default value is `false`.
+
+|`networkAttachmentName`
+|`string`
+|
+Optional: Specifies the name of a network attachment definition. The name must match the list of logical networks associated with the pod. If this field is not specified, the host network of the pod is used. However, the pod must be configure as a host network pod to use the host network.
+
+|====
+
+[id="example-secondary-external-gateway-configurations_{context}"]
+== Example secondary external gateway configurations
+
+In the following example, the `AdminPolicyBasedExternalRoute` object configures two static IP addresses as external gateways for pods in namespaces with the `kubernetes.io/metadata.name: novxlan-externalgw-ecmp-4059` label.
+
+[source,yaml]
+----
+apiVersion: k8s.ovn.org/v1
+kind: AdminPolicyBasedExternalRoute
+metadata:
+  name: default-route-policy
+spec:
+  from:
+    namespaceSelector:
+      matchLabels:
+        kubernetes.io/metadata.name: novxlan-externalgw-ecmp-4059
+  nextHops:
+    static:
+    - ip: "172.18.0.8"
+    - ip: "172.18.0.9"
+----
+
+In the following example, the `AdminPolicyBasedExternalRoute` object configures a dynamic external gateway. The IP addresses used for the external gateway are derived from the additional network attachments associated with each of the selected pods.
+
+[source,yaml]
+----
+apiVersion: k8s.ovn.org/v1
+kind: AdminPolicyBasedExternalRoute
+metadata:
+  name: shadow-traffic-policy
+spec:
+  from:
+    namespaceSelector:
+      matchLabels:
+        externalTraffic: ""
+  nextHops:
+    dynamic:
+    - podSelector:
+        matchLabels:
+          gatewayPod: ""
+      namespaceSelector:
+        matchLabels:
+          shadowTraffic: ""
+      networkAttachmentName: shadow-gateway
+    - podSelector:
+        matchLabels:
+          gigabyteGW: ""
+      namespaceSelector:
+        matchLabels:
+          gatewayNamespace: ""
+      networkAttachmentName: gateway
+----
+
+In the following example, the `AdminPolicyBasedExternalRoute` object configures both static and dynamic external gateways.
+
+[source,yaml]
+----
+apiVersion: k8s.ovn.org/v1
+kind: AdminPolicyBasedExternalRoute
+metadata:
+  name: multi-hop-policy
+spec:
+  from:
+    namespaceSelector:
+      matchLabels:
+        trafficType: "egress"
+  nextHops:
+    static:
+    - ip: "172.18.0.8"
+    - ip: "172.18.0.9"
+    dynamic:
+    - podSelector:
+        matchLabels:
+          gatewayPod: ""
+      namespaceSelector:
+        matchLabels:
+          egressTraffic: ""
+      networkAttachmentName: gigabyte
+----
diff --git a/modules/nw-secondary-ext-gw-status.adoc b/modules/nw-secondary-ext-gw-status.adoc
new file mode 100644
index 000000000000..d251761e3f9e
--- /dev/null
+++ b/modules/nw-secondary-ext-gw-status.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nw-secondary-ext-gw-status_{context}"]
+= View the status of a secondary external gateway
+
+You can view the status of a secondary external gateway that is configured for your cluster. The `status` field for the `AdminPolicyBasedExternalRoute` custom resource reports recent status messages whenever you update the resource, subject to a few limitations:
+
+- Namespaces impacted are not reported in status messages
+- Pods selected as part of a dynamic next hop configuration do not trigger status updates as a result of pod lifecycle events, such as pod termination
+
+.Prerequisites
+
+* You installed the OpenShift CLI (`oc`).
+* You are logged in to the cluster with a user with `cluster-admin` privileges.
+
+.Procedure
+
+* To access the status logs for a secondary external gateway, enter the following command:
++
+[source,terminal]
+----
+$ oc get adminpolicybasedexternalroutes <name> -o yaml
+----
++
+--
+where:
+
+`<name>`:: Specifies the name of an `AdminPolicyBasedExternalRoute` object.
+--
++
+.Example output
+[source,text]
+----
+...
+Status:
+  Last Transition Time:  2023-04-24T14:49:45Z
+  Messages:
+    Configured external gateway IPs: 172.18.0.8,172.18.0.9
+    Configured external gateway IPs: 172.18.0.8
+  Status:  Success
+Events: <none>
+----
diff --git a/modules/nw-service-externalip-create.adoc b/modules/nw-service-externalip-create.adoc
index a742680278d4..72ef56709946 100644
--- a/modules/nw-service-externalip-create.adoc
+++ b/modules/nw-service-externalip-create.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-service-external-ip.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-service-externalip-create_{context}"]
 = Attaching an ExternalIP to a service
 
diff --git a/modules/nw-sriov-about-all-multi-cast-mode.adoc b/modules/nw-sriov-about-all-multi-cast-mode.adoc
new file mode 100644
index 000000000000..94cb592ed6da
--- /dev/null
+++ b/modules/nw-sriov-about-all-multi-cast-mode.adoc
@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nw-about-all-multi-cast-mode_{context}"]
+= About all-multicast mode
+
+Enabling all-multicast mode, particularly in the context of rootless applications, is critical. If you do not enable this mode, you would be required to grant the `NET_ADMIN` capability to the pod's Security Context Constraints (SCC). If you were to allow the `NET_ADMIN` capability to grant the pod privileges to make changes that extend beyond its specific requirements, you could potentially expose security vulnerabilities.
+
+The tuning CNI plugin supports changing several interface attributes, including all-multicast mode. By enabling this mode, you can allow applications running on Virtual Functions (VFs) that are configured on a SR-IOV network device to receive multicast traffic from applications on other VFs, whether attached to the same or different physical functions.
\ No newline at end of file
diff --git a/modules/nw-sriov-about-all-multi-cast_mode.adoc b/modules/nw-sriov-about-all-multi-cast_mode.adoc
new file mode 100644
index 000000000000..39598acaffbc
--- /dev/null
+++ b/modules/nw-sriov-about-all-multi-cast_mode.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="nw-about-all-one-sysctl-flag_{context}"]
+= Setting one sysctl flag
+
+You can set interface-level network `sysctl` settings for a pod connected to a SR-IOV network device.
+
+In this example, `net.ipv4.conf.IFNAME.accept_redirects` is set to `1` on the created virtual interfaces.
+
+The `sysctl-tuning-test` namespace is used in this example.
+
+* Use the following command to create the `sysctl-tuning-test` namespace:
++
+----
+$ oc create namespace sysctl-tuning-test
+----
+
diff --git a/modules/nw-sriov-add-pod-runtimeconfig.adoc b/modules/nw-sriov-add-pod-runtimeconfig.adoc
index e470d091654c..907e257a13ac 100644
--- a/modules/nw-sriov-add-pod-runtimeconfig.adoc
+++ b/modules/nw-sriov-add-pod-runtimeconfig.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * virt/node_network/virt-configuring-sr-iov-network.adoc
-// * virt/virtual_machines/vm_networking/virt-defining-an-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
 // Deprecating in OCP; This is identical in practice to adding a pod
 // to an additional network.
diff --git a/modules/nw-sriov-cfg-bond-interface-with-virtual-functions.adoc b/modules/nw-sriov-cfg-bond-interface-with-virtual-functions.adoc
index a029417056b6..cbd1d4df2b67 100644
--- a/modules/nw-sriov-cfg-bond-interface-with-virtual-functions.adoc
+++ b/modules/nw-sriov-cfg-bond-interface-with-virtual-functions.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * networking/hardware_networks/configuring-sriov-operator.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-cfg-bond-interface-with-virtual-functions_{context}"]
 = Configuring a bond interface from two SR-IOV interfaces
 
diff --git a/modules/nw-sriov-concept-dpdk-line-rate.adoc b/modules/nw-sriov-concept-dpdk-line-rate.adoc
index a6698c796aeb..7eadf0495782 100644
--- a/modules/nw-sriov-concept-dpdk-line-rate.adoc
+++ b/modules/nw-sriov-concept-dpdk-line-rate.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-sriov-example-dpdk-line-rate_{context}"]
 = Overview of achieving a specific DPDK line rate
 
diff --git a/modules/nw-sriov-configure-exclude-topology-manager.adoc b/modules/nw-sriov-configure-exclude-topology-manager.adoc
index 28a9bcb5b6b2..57625725b637 100644
--- a/modules/nw-sriov-configure-exclude-topology-manager.adoc
+++ b/modules/nw-sriov-configure-exclude-topology-manager.adoc
@@ -2,9 +2,9 @@
 //
 // * networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-configure-exclude-topology-manager_{context}"]
-= Excluding the SR-IOV network topology for NUMA-aware scheduling 
+= Excluding the SR-IOV network topology for NUMA-aware scheduling
 
 To exclude advertising the SR-IOV network resource's Non-Uniform Memory Access (NUMA) node to the Topology Manager, you can configure the `excludeTopology` specification in the `SriovNetworkNodePolicy` custom resource. Use this configuration for more flexible SR-IOV network deployments during NUMA-aware pod scheduling.
 
@@ -45,7 +45,7 @@ spec:
 +
 [NOTE]
 ====
-If multiple `SriovNetworkNodePolicy` resources target the same SR-IOV network resource, the `SriovNetworkNodePolicy` resources must have the same value as the `excludeTopology` specification. Otherwise, the conflicting policy is rejected. 
+If multiple `SriovNetworkNodePolicy` resources target the same SR-IOV network resource, the `SriovNetworkNodePolicy` resources must have the same value as the `excludeTopology` specification. Otherwise, the conflicting policy is rejected.
 ====
 
 .. Create the `SriovNetworkNodePolicy` resource by running the following command:
@@ -77,11 +77,11 @@ spec:
   networkNamespace: <namespace> <3>
   ipam: |- <4>
     {
-      "type": "<ipam_type>", 
+      "type": "<ipam_type>",
     }
 ----
-<1> Replace `sriov-numa-0-network` with the name for the SR-IOV network resource. 
-<2> Specify the resource name for the `SriovNetworkNodePolicy` CR from the previous step. This YAML uses a sample `resourceName` value. 
+<1> Replace `sriov-numa-0-network` with the name for the SR-IOV network resource.
+<2> Specify the resource name for the `SriovNetworkNodePolicy` CR from the previous step. This YAML uses a sample `resourceName` value.
 <3> Enter the namespace for your SR-IOV network resource.
 <4> Enter the IP address management configuration for the SR-IOV network.
 
@@ -118,7 +118,7 @@ metadata:
 spec:
   containers:
   - name: <container_name>
-    image: <image> 
+    image: <image>
     imagePullPolicy: IfNotPresent
     command: ["sleep", "infinity"]
 ----
@@ -155,7 +155,7 @@ test-deployment-sriov-76cbbf4756-k9v72   1/1     Running   0          45h
 
 . Open a debug session with the target pod to verify that the SR-IOV network resources are deployed to a different node than the memory and CPU resources.
 
-.. Open a debug session with the pod by running the follow command, replacing <pod_name> with the target pod name. 
+.. Open a debug session with the pod by running the following command, replacing <pod_name> with the target pod name.
 +
 [source,terminal]
 ----
@@ -211,6 +211,5 @@ In this example, CPUs 1,3,5, and 7 are allocated to `NUMA node1` but the SR-IOV
 
 [NOTE]
 ====
-If the `excludeTopology` specification is set to `True`, it is possible that the required resources exist in the same NUMA node. 
+If the `excludeTopology` specification is set to `True`, it is possible that the required resources exist in the same NUMA node.
 ====
-
diff --git a/modules/nw-sriov-configuring-device.adoc b/modules/nw-sriov-configuring-device.adoc
index 1d88803c2485..a21d47175085 100644
--- a/modules/nw-sriov-configuring-device.adoc
+++ b/modules/nw-sriov-configuring-device.adoc
@@ -1,17 +1,21 @@
 // Module included in the following assemblies:
 //
 // * networking/hardware_networks/configuring-sriov-device.adoc
-// * virt/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
 ifeval::["{context}" == "configuring-sriov-device"]
 :ocp-sriov:
 endif::[]
 
-ifeval::["{context}" == "virt-attaching-vm-to-sriov-network"]
+ifeval::["{context}" == "virt-connecting-vm-to-sriov"]
+:virt-sriov:
+endif::[]
+ifeval::["{context}" == "virt-post-install-network-config"]
 :virt-sriov:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-configuring-device_{context}"]
 = Configuring SR-IOV network devices
 
@@ -105,3 +109,11 @@ After applying the configuration update, all the pods in `sriov-network-operator
 ----
 $ oc get sriovnetworknodestates -n openshift-sriov-network-operator <node_name> -o jsonpath='{.status.syncStatus}'
 ----
+
+ifdef::virt-sriov[]
+:!virt-sriov:
+endif::[]
+
+ifdef::ocp-sriov[]
+:!ocp-sriov:
+endif::[]
diff --git a/modules/nw-sriov-configuring-operator.adoc b/modules/nw-sriov-configuring-operator.adoc
index a2a886c010dc..de673af9da40 100644
--- a/modules/nw-sriov-configuring-operator.adoc
+++ b/modules/nw-sriov-configuring-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/configuring-sriov-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-configuring-operator_{context}"]
 = Configuring the SR-IOV Network Operator
 
@@ -110,8 +110,10 @@ Admission Controller application. It provides the following capabilities:
 
 By default the SR-IOV Network Operator Admission Controller webhook is enabled by the Operator and runs as a daemon set on all control plane nodes.
 
-NOTE: Use caution when disabling the SR-IOV Network Operator Admission Controller webhook. You can disable the webhook under specific circumstances, such as troubleshooting, or if you want to use unsupported devices.
-
+[NOTE]
+====
+Use caution when disabling the SR-IOV Network Operator Admission Controller webhook. You can disable the webhook under specific circumstances, such as troubleshooting, or if you want to use unsupported devices. For information about configuring unsupported devices, see link:https://access.redhat.com/articles/7010183[Configuring the SR-IOV Network Operator to use an unsupported NIC].
+====
 
 The following is an example of the Operator Admission Controller webhook pods running in a cluster with three control plane nodes:
 
diff --git a/modules/nw-sriov-create-object.adoc b/modules/nw-sriov-create-object.adoc
index 16aa95b9d685..b315cb501ba9 100644
--- a/modules/nw-sriov-create-object.adoc
+++ b/modules/nw-sriov-create-object.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-sriov-create-object_{context}"]
 = Example SR-IOV network operator
 
diff --git a/modules/nw-sriov-device-discovery.adoc b/modules/nw-sriov-device-discovery.adoc
index 3bed8380c191..a67d3cd3ef76 100644
--- a/modules/nw-sriov-device-discovery.adoc
+++ b/modules/nw-sriov-device-discovery.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * networking/hardware_networks/about-sriov.adoc
-// * virt/virtual_machines/vm_networking/virt-configuring-sriov-device-for-vms.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
 [id="discover-sr-iov-devices_{context}"]
 = Automated discovery of SR-IOV network devices
diff --git a/modules/nw-sriov-dpdk-base-workload.adoc b/modules/nw-sriov-dpdk-base-workload.adoc
index 0ab92f1e769c..9b51fb0d31c6 100644
--- a/modules/nw-sriov-dpdk-base-workload.adoc
+++ b/modules/nw-sriov-dpdk-base-workload.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-sriov-dpdk-base-workload_{context}"]
 = Example DPDK base workload
 
diff --git a/modules/nw-sriov-dpdk-example-intel.adoc b/modules/nw-sriov-dpdk-example-intel.adoc
index 053d79ad4960..a637f2982601 100644
--- a/modules/nw-sriov-dpdk-example-intel.adoc
+++ b/modules/nw-sriov-dpdk-example-intel.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="example-vf-use-in-dpdk-mode-intel_{context}"]
 = Using a virtual function in DPDK mode with an Intel NIC
 
@@ -108,7 +108,7 @@ spec:
       capabilities:
         add: ["IPC_LOCK","SYS_RESOURCE","NET_RAW"] <3>
     volumeMounts:
-    - mountPath: /dev/hugepages <4>
+    - mountPath: /mnt/huge <4>
       name: hugepage
     resources:
       limits:
@@ -130,7 +130,7 @@ spec:
 <1> Specify the same `target_namespace` where the `SriovNetwork` object `intel-dpdk-network` is created. If you would like to create the pod in a different namespace, change `target_namespace` in both the `Pod` spec and the `SriovNetwork` object.
 <2> Specify the DPDK image which includes your application and the DPDK library used by application.
 <3> Specify additional capabilities required by the application inside the container for hugepage allocation, system resource allocation, and network interface access.
-<4> Mount a hugepage volume to the DPDK pod under `/dev/hugepages`. The hugepage volume is backed by the emptyDir volume type with the medium being `Hugepages`.
+<4> Mount a hugepage volume to the DPDK pod under `/mnt/huge`. The hugepage volume is backed by the emptyDir volume type with the medium being `Hugepages`.
 <5> Optional: Specify the number of DPDK devices allocated to DPDK pod. This resource request and limit, if not explicitly specified, will be automatically added by the SR-IOV network resource injector. The SR-IOV network resource injector is an admission controller component managed by the SR-IOV Operator. It is enabled by default and can be disabled by setting `enableInjector` option to `false` in the default `SriovOperatorConfig` CR.
 <6> Specify the number of CPUs. The DPDK pod usually requires exclusive CPUs to be allocated from the kubelet. This is achieved by setting CPU Manager policy to `static` and creating a pod with `Guaranteed` QoS.
 <7> Specify hugepage size `hugepages-1Gi` or `hugepages-2Mi` and the quantity of hugepages that will be allocated to the DPDK pod. Configure `2Mi` and `1Gi` hugepages separately. Configuring `1Gi` hugepage requires adding kernel arguments to Nodes. For example, adding kernel arguments `default_hugepagesz=1GB`, `hugepagesz=1G` and `hugepages=16` will result in `16*1Gi` hugepages be allocated during system boot.
diff --git a/modules/nw-sriov-dpdk-example-mellanox.adoc b/modules/nw-sriov-dpdk-example-mellanox.adoc
index 0ccf1d350e4f..f9572e83522f 100644
--- a/modules/nw-sriov-dpdk-example-mellanox.adoc
+++ b/modules/nw-sriov-dpdk-example-mellanox.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="example-vf-use-in-dpdk-mode-mellanox_{context}"]
 = Using a virtual function in DPDK mode with a Mellanox NIC
 
@@ -113,7 +113,7 @@ spec:
       capabilities:
         add: ["IPC_LOCK","SYS_RESOURCE","NET_RAW"] <3>
     volumeMounts:
-    - mountPath: /dev/hugepages <4>
+    - mountPath: /mnt/huge <4>
       name: hugepage
     resources:
       limits:
@@ -135,7 +135,7 @@ spec:
 <1> Specify the same `target_namespace` where `SriovNetwork` object `mlx-dpdk-network` is created. To create the pod in a different namespace, change `target_namespace` in both the `Pod` spec and `SriovNetwork` object.
 <2> Specify the DPDK image which includes your application and the DPDK library used by the application.
 <3> Specify additional capabilities required by the application inside the container for hugepage allocation, system resource allocation, and network interface access.
-<4> Mount the hugepage volume to the DPDK pod under `/dev/hugepages`. The hugepage volume is backed by the `emptyDir` volume type with the medium being `Hugepages`.
+<4> Mount the hugepage volume to the DPDK pod under `/mnt/huge`. The hugepage volume is backed by the `emptyDir` volume type with the medium being `Hugepages`.
 <5> Optional: Specify the number of DPDK devices allocated for the DPDK pod. If not explicitly specified, this resource request and limit is automatically added by the SR-IOV network resource injector. The SR-IOV network resource injector is an admission controller component managed by SR-IOV Operator. It is enabled by default and can be disabled by setting the `enableInjector` option to `false` in the default `SriovOperatorConfig` CR.
 <6> Specify the number of CPUs. The DPDK pod usually requires that exclusive CPUs be allocated from the kubelet. To do this, set the CPU Manager policy to `static` and create a pod with `Guaranteed` Quality of Service (QoS).
 <7> Specify hugepage size `hugepages-1Gi` or `hugepages-2Mi` and the quantity of hugepages that will be allocated to the DPDK pod. Configure `2Mi` and `1Gi` hugepages separately. Configuring `1Gi` hugepages requires adding kernel arguments to Nodes.
diff --git a/modules/nw-sriov-dpdk-running-testpmd.adoc b/modules/nw-sriov-dpdk-running-testpmd.adoc
index 8f01f461904a..84f8132fd89b 100644
--- a/modules/nw-sriov-dpdk-running-testpmd.adoc
+++ b/modules/nw-sriov-dpdk-running-testpmd.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-sriov-dpdk-running-testpmd_{context}"]
 = Example testpmd script
 
diff --git a/modules/nw-sriov-dual-nic-con.adoc b/modules/nw-sriov-dual-nic-con.adoc
index 98bf49fc615e..be6397fbe949 100644
--- a/modules/nw-sriov-dual-nic-con.adoc
+++ b/modules/nw-sriov-dual-nic-con.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-sriov-dual-nic-con_{context}"]
 = NIC partitioning for SR-IOV devices (Technology Preview)
 
diff --git a/modules/nw-sriov-example-dpdk-line-rate.adoc b/modules/nw-sriov-example-dpdk-line-rate.adoc
index f4944d09d551..4d4d3396b691 100644
--- a/modules/nw-sriov-example-dpdk-line-rate.adoc
+++ b/modules/nw-sriov-example-dpdk-line-rate.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-example-dpdk-line-rate_{context}"]
 = Using SR-IOV and the Node Tuning Operator to achieve a DPDK line rate
 You can use the Node Tuning Operator to configure isolated CPUs, hugepages, and a topology scheduler.
diff --git a/modules/nw-sriov-exclude-topology-manager.adoc b/modules/nw-sriov-exclude-topology-manager.adoc
index 891aaa4c33c6..dfb1942004de 100644
--- a/modules/nw-sriov-exclude-topology-manager.adoc
+++ b/modules/nw-sriov-exclude-topology-manager.adoc
@@ -2,12 +2,12 @@
 //
 // * networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-sriov-exclude-topology-manager_{context}"]
-= Exclude the SR-IOV network topology for NUMA-aware scheduling 
+= Exclude the SR-IOV network topology for NUMA-aware scheduling
 
-You can exclude advertising the Non-Uniform Memory Access (NUMA) node for the SR-IOV network to the Topology Manager for more flexible SR-IOV network deployments during NUMA-aware pod scheduling. 
+You can exclude advertising the Non-Uniform Memory Access (NUMA) node for the SR-IOV network to the Topology Manager for more flexible SR-IOV network deployments during NUMA-aware pod scheduling.
 
-In some scenarios, it is a priority to maximize CPU and memory resources for a pod on a single NUMA node. By not providing a hint to the Topology Manager about the NUMA node for the pod's SR-IOV network resource, the Topology Manager can deploy the SR-IOV network resource and the pod CPU and memory resources to different NUMA nodes. This can add to network latency because of the data transfer between NUMA nodes. However, it is acceptable in scenarios when workloads require optimal CPU and memory performance. 
+In some scenarios, it is a priority to maximize CPU and memory resources for a pod on a single NUMA node. By not providing a hint to the Topology Manager about the NUMA node for the pod's SR-IOV network resource, the Topology Manager can deploy the SR-IOV network resource and the pod CPU and memory resources to different NUMA nodes. This can add to network latency because of the data transfer between NUMA nodes. However, it is acceptable in scenarios when workloads require optimal CPU and memory performance.
 
-For example, consider a compute node, `compute-1`, that features two NUMA nodes: `numa0` and `numa1`. The SR-IOV-enabled NIC is present on `numa0`. The CPUs available for pod scheduling are present on `numa1` only. By setting the `excludeTopology` specification to `true`, the Topology Manager can assign CPU and memory resources for the pod to `numa1` and can assign the SR-IOV network resource for the same pod to `numa0`. This is only possible when you set the `excludeTopology` specification to `true`. Otherwise, the Topology Manager attempts to place all resources on the same NUMA node. 
+For example, consider a compute node, `compute-1`, that features two NUMA nodes: `numa0` and `numa1`. The SR-IOV-enabled NIC is present on `numa0`. The CPUs available for pod scheduling are present on `numa1` only. By setting the `excludeTopology` specification to `true`, the Topology Manager can assign CPU and memory resources for the pod to `numa1` and can assign the SR-IOV network resource for the same pod to `numa0`. This is only possible when you set the `excludeTopology` specification to `true`. Otherwise, the Topology Manager attempts to place all resources on the same NUMA node.
diff --git a/modules/nw-sriov-hwol-about-hardware-offloading.adoc b/modules/nw-sriov-hwol-about-hardware-offloading.adoc
index 4989903ba665..f60a6171eb14 100644
--- a/modules/nw-sriov-hwol-about-hardware-offloading.adoc
+++ b/modules/nw-sriov-hwol-about-hardware-offloading.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-hardware-offloading_{context}"]
 = About hardware offloading
 
diff --git a/modules/nw-sriov-hwol-adding-network-attachment-definitions-to-pods.adoc b/modules/nw-sriov-hwol-adding-network-attachment-definitions-to-pods.adoc
index ad6f68c0c61e..fdf07e37e860 100644
--- a/modules/nw-sriov-hwol-adding-network-attachment-definitions-to-pods.adoc
+++ b/modules/nw-sriov-hwol-adding-network-attachment-definitions-to-pods.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-network-attachment-definition-to-pods_{context}"]
 = Adding the network attachment definition to your pods
 
diff --git a/modules/nw-sriov-hwol-configuring-machine-config-pool.adoc b/modules/nw-sriov-hwol-configuring-machine-config-pool.adoc
index 639e56cb8175..5c7850861cb4 100644
--- a/modules/nw-sriov-hwol-configuring-machine-config-pool.adoc
+++ b/modules/nw-sriov-hwol-configuring-machine-config-pool.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-machine-config-pool_{context}"]
 = Configuring a machine config pool for hardware offloading
 
@@ -62,13 +62,13 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME       STATUS   ROLES                   AGE   VERSION
-master-0   Ready    master                  2d    v1.26.0
-master-1   Ready    master                  2d    v1.26.0
-master-2   Ready    master                  2d    v1.26.0
-worker-0   Ready    worker                  2d    v1.26.0
-worker-1   Ready    worker                  2d    v1.26.0
-worker-2   Ready    mcp-offloading,worker   47h   v1.26.0
-worker-3   Ready    mcp-offloading,worker   47h   v1.26.0
+master-0   Ready    master                  2d    v1.28.5
+master-1   Ready    master                  2d    v1.28.5
+master-2   Ready    master                  2d    v1.28.5
+worker-0   Ready    worker                  2d    v1.28.5
+worker-1   Ready    worker                  2d    v1.28.5
+worker-2   Ready    mcp-offloading,worker   47h   v1.28.5
+worker-3   Ready    mcp-offloading,worker   47h   v1.28.5
 ----
 --
 
diff --git a/modules/nw-sriov-hwol-creating-network-attachment-definition.adoc b/modules/nw-sriov-hwol-creating-network-attachment-definition.adoc
index 013856ed5644..0fb354dfb64f 100644
--- a/modules/nw-sriov-hwol-creating-network-attachment-definition.adoc
+++ b/modules/nw-sriov-hwol-creating-network-attachment-definition.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-network-attachment-definition_{context}"]
 = Creating a network attachment definition
 
diff --git a/modules/nw-sriov-hwol-creating-sriov-policy.adoc b/modules/nw-sriov-hwol-creating-sriov-policy.adoc
index 3acf04825546..554c711994d3 100644
--- a/modules/nw-sriov-hwol-creating-sriov-policy.adoc
+++ b/modules/nw-sriov-hwol-creating-sriov-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configure-sriov-node-policy_{context}"]
 = Configuring the SR-IOV network node policy
 
diff --git a/modules/nw-sriov-hwol-improving-network-traffic-performance.adoc b/modules/nw-sriov-hwol-improving-network-traffic-performance.adoc
new file mode 100644
index 000000000000..d5d34a7afebf
--- /dev/null
+++ b/modules/nw-sriov-hwol-improving-network-traffic-performance.adoc
@@ -0,0 +1,122 @@
+// Module included in the following assemblies:
+//
+// * networking/hardware_networks/configuring-hardware-offloading.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="improving-network-traffic-performance-using-vf_{context}"]
+= Improving network traffic performance using a virtual function
+
+Follow this procedure to assign a virtual function to the OVN-Kubernetes management port and increase its network traffic performance.
+
+This procedure results in the creation of two pools: the first has a virtual function used by OVN-Kubernetes, and the second comprises the remaining virtual functions.
+
+.Prerequisites
+
+* You installed the OpenShift CLI (`oc`).
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Add the `network.operator.openshift.io/smart-nic` label to each worker node with a SmartNIC present by running the following command:
++
+[source,terminal]
+----
+$ oc label node <node-name> network.operator.openshift.io/smart-nic=
+----
++
+Use the `oc get nodes` command to get a list of the available nodes.
+
+. Create a policy named `sriov-node-mgmt-vf-policy.yaml` for the management port with content such as the following example:
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+  name: sriov-node-mgmt-vf-policy
+  namespace: openshift-sriov-network-operator
+spec:
+  deviceType: netdevice
+  eSwitchMode: "switchdev"
+  nicSelector:
+    deviceID: "1019"
+    rootDevices:
+    - 0000:d8:00.0
+    vendor: "15b3"
+    pfNames:
+    - ens8f0#0-0 <.>
+  nodeSelector:
+    network.operator.openshift.io/smart-nic: ""
+  numVfs: 6 <.>
+  priority: 5
+  resourceName: mgmtvf
+----
+<.> Replace this device with the appropriate network device for your use case. The `#0-0` part of the `pfNames` value reserves a single virtual function used by OVN-Kubernetes.
+<.> The value provided here is an example. Replace this value with one that meets your requirements. For more information, see _SR-IOV network node configuration object_ in the _Additional resources_ section.
+
+. Create a policy named `sriov-node-policy.yaml` with content such as the following example:
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+  name: sriov-node-policy
+  namespace: openshift-sriov-network-operator
+spec:
+  deviceType: netdevice
+  eSwitchMode: "switchdev"
+  nicSelector:
+    deviceID: "1019"
+    rootDevices:
+    - 0000:d8:00.0
+    vendor: "15b3"
+    pfNames:
+    - ens8f0#1-5 <.>
+  nodeSelector:
+    network.operator.openshift.io/smart-nic: ""
+  numVfs: 6 <.>
+  priority: 5
+  resourceName: mlxnics
+----
+<.> Replace this device with the appropriate network device for your use case.
+<.> The value provided here is an example. Replace this value with the value specified in the `sriov-node-mgmt-vf-policy.yaml` file. For more information, see _SR-IOV network node configuration object_ in the _Additional resources_ section.
++
+[NOTE]
+====
+The `sriov-node-mgmt-vf-policy.yaml` file has different values for the `pfNames` and `resourceName` keys than the `sriov-node-policy.yaml` file.
+====
+
+. Apply the configuration for both policies:
++
+[source,terminal]
+----
+$ oc create -f sriov-node-policy.yaml
+----
++
+[source,terminal]
+----
+$ oc create -f sriov-node-mgmt-vf-policy.yaml
+----
+
+. Create a Cluster Network Operator (CNO) ConfigMap in the cluster for the management configuration:
+
+.. Create a ConfigMap named `hardware-offload-config.yaml` with the following contents:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: hardware-offload-config
+    namespace: openshift-network-operator
+data:
+    mgmt-port-resource-name: openshift.io/mgmtvf
+----
+
+.. Apply the configuration for the ConfigMap:
++
+[source,terminal]
+----
+$ oc create -f hardware-offload-config.yaml
+----
\ No newline at end of file
diff --git a/modules/nw-sriov-hwol-ref-openstack-sriov-policy.adoc b/modules/nw-sriov-hwol-ref-openstack-sriov-policy.adoc
index c0c04fb8dabf..6d636cc2a19a 100644
--- a/modules/nw-sriov-hwol-ref-openstack-sriov-policy.adoc
+++ b/modules/nw-sriov-hwol-ref-openstack-sriov-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-hwol-ref-openstack-sriov-policy_{context}"]
 = An example SR-IOV network node policy for OpenStack
 
@@ -17,7 +17,7 @@ metadata:
   name: ${name}
   namespace: openshift-sriov-network-operator
 spec:
-  deviceType: switchdev 
+  deviceType: switchdev
   isRdma: true
   nicSelector:
     netFilter: openstack/NetworkID:${net_id}
diff --git a/modules/nw-sriov-hwol-supported-devices.adoc b/modules/nw-sriov-hwol-supported-devices.adoc
index 1999212c8080..419745871d7c 100644
--- a/modules/nw-sriov-hwol-supported-devices.adoc
+++ b/modules/nw-sriov-hwol-supported-devices.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-hardware-offloading.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="supported_devices_{context}"]
 = Supported devices
 
@@ -23,18 +23,12 @@ Hardware offloading is supported on the following network interface controllers:
 |15b3
 |1019
 
-|Mellanox 
+|Mellanox
 |MT2892 Family [ConnectX&#8209;6 Dx]
 |15b3
 |101d
-|===
-
-.Technology Preview network interface controllers
-[cols="1,2,1,1"]
-|===
-|Manufacturer |Model |Vendor ID | Device ID
 
-|Mellanox 
+|Mellanox
 |MT2894 Family [ConnectX-6 Lx]
 |15b3
 |101f
@@ -44,6 +38,3 @@ Hardware offloading is supported on the following network interface controllers:
 |15b3
 |a2d6
 |===
-
-:FeatureName: Using a ConnectX-6 Lx or BlueField-2 in ConnectX-6 NIC mode device
-include::snippets/technology-preview.adoc[]
diff --git a/modules/nw-sriov-installing-operator.adoc b/modules/nw-sriov-installing-operator.adoc
index aea6af35b4c8..b573d0a47941 100644
--- a/modules/nw-sriov-installing-operator.adoc
+++ b/modules/nw-sriov-installing-operator.adoc
@@ -1,12 +1,13 @@
 // Module included in the following assemblies:
 //
 // * networking/hardware_networks/installing-sriov-operator.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-sr-iov-operator_{context}"]
-= Installing SR-IOV Network Operator
+= Installing the SR-IOV Network Operator
 
-As a cluster administrator, you can install the SR-IOV Network Operator by using the {product-title} CLI or the web console.
+As a cluster administrator, you can install the Single Root I/O Virtualization (SR-IOV) Network Operator by using the {product-title} CLI or the web console.
 
 [id="install-operator-cli_{context}"]
 == CLI: Installing the SR-IOV Network Operator
@@ -89,10 +90,10 @@ $ oc get csv -n openshift-sriov-network-operator \
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 Name                                         Phase
-sriov-network-operator.4.13.0-202310121402   Succeeded
+sriov-network-operator.{product-version}.0-202310121402   Succeeded
 ----
 
 [id="install-operator-web-console_{context}"]
diff --git a/modules/nw-sriov-interface-level-sysctl-basic-node-policy.adoc b/modules/nw-sriov-interface-level-sysctl-basic-node-policy.adoc
index a93feb2806c2..25f73a2f3ac9 100644
--- a/modules/nw-sriov-interface-level-sysctl-basic-node-policy.adoc
+++ b/modules/nw-sriov-interface-level-sysctl-basic-node-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-basic-example-setting-one-sysctl-flag-node-policy_{context}"]
 = Setting one sysctl flag on nodes with SR-IOV network devices
 
diff --git a/modules/nw-sriov-interface-level-sysctl-basic.adoc b/modules/nw-sriov-interface-level-sysctl-basic.adoc
index 2e1f2eb494cb..26bceacddb17 100644
--- a/modules/nw-sriov-interface-level-sysctl-basic.adoc
+++ b/modules/nw-sriov-interface-level-sysctl-basic.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-setting-one-sysctl-flag_{context}"]
 = Setting one sysctl flag
 
@@ -10,7 +10,7 @@ You can set interface-level network `sysctl` settings for a pod connected to a S
 
 In this example, `net.ipv4.conf.IFNAME.accept_redirects` is set to `1` on the created virtual interfaces.
 
-The `sysctl-tuning-test` is a namespace used in this example. 
+The `sysctl-tuning-test` is a namespace used in this example.
 
 * Use the following command to create the `sysctl-tuning-test` namespace:
 +
diff --git a/modules/nw-sriov-interface-level-sysctl-bonded-node-policy.adoc b/modules/nw-sriov-interface-level-sysctl-bonded-node-policy.adoc
index a2609fe3ea73..18f73c55f784 100644
--- a/modules/nw-sriov-interface-level-sysctl-bonded-node-policy.adoc
+++ b/modules/nw-sriov-interface-level-sysctl-bonded-node-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-setting-all-sysctls-flag-node-policy-bonded_{context}"]
 = Setting all sysctl flag on nodes with bonded SR-IOV network devices
 
diff --git a/modules/nw-sriov-interface-level-sysctl-bonded.adoc b/modules/nw-sriov-interface-level-sysctl-bonded.adoc
index 4a7943f79f0e..57ae917da6df 100644
--- a/modules/nw-sriov-interface-level-sysctl-bonded.adoc
+++ b/modules/nw-sriov-interface-level-sysctl-bonded.adoc
@@ -2,15 +2,15 @@
 //
 // * networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-configure-sysctl-settings-flag-bonded_{context}"]
 = Configuring sysctl settings for pods associated with bonded SR-IOV interface flag
 
 You can set interface-level network `sysctl` settings for a pod connected to a bonded SR-IOV network device.
 
-In this example, the specific network interface-level `sysctl` settings that can be configured are set on the bonded interface.  
+In this example, the specific network interface-level `sysctl` settings that can be configured are set on the bonded interface.
 
-The `sysctl-tuning-test` is a namespace used in this example. 
+The `sysctl-tuning-test` is a namespace used in this example.
 
 * Use the following command to create the `sysctl-tuning-test` namespace:
 +
diff --git a/modules/nw-sriov-network-attachment.adoc b/modules/nw-sriov-network-attachment.adoc
index e54e7a2a42c9..1cae16bbcb5f 100644
--- a/modules/nw-sriov-network-attachment.adoc
+++ b/modules/nw-sriov-network-attachment.adoc
@@ -1,7 +1,8 @@
 // Module included in the following assemblies:
 //
 // * networking/hardware_networks/configuring-sriov-net-attach.adoc
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
 // Note: IB does not support ipam with `type=dhcp`.
 
@@ -17,13 +18,13 @@ ifeval::["{context}" == "configuring-sriov-ib-attach"]
 :object: pods
 endif::[]
 
-ifeval::["{context}" == "virt-attaching-vm-to-sriov-network"]
+ifeval::["{context}" == "virt-connecting-vm-to-sriov"]
 :rs: SriovNetwork
 :virt-sriov-net:
 :object: pods or virtual machines
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 ifdef::ocp-sriov-net[]
 [id="nw-sriov-network-attachment_{context}"]
 = Configuring SR-IOV additional network
@@ -191,10 +192,10 @@ ifdef::rs[]
 :!rs:
 endif::[]
 
-ifdef::virt-sriov-net[]
+ifeval::["{context}" == "virt-connecting-vm-to-sriov"]
 :!virt-sriov-net:
 endif::[]
 
-ifdef::ocp-sriov-net[]
+ifeval::["{context}" == "configuring-sriov-net-attach"]
 :!ocp-sriov-net:
 endif::[]
diff --git a/modules/nw-sriov-network-object.adoc b/modules/nw-sriov-network-object.adoc
index 95479a491ded..f5b87bad4d7a 100644
--- a/modules/nw-sriov-network-object.adoc
+++ b/modules/nw-sriov-network-object.adoc
@@ -13,7 +13,7 @@ ifeval::["{context}" == "configuring-sriov-net-attach"]
 :object: pods
 endif::[]
 
-ifeval::["{context}" == "virt-defining-an-sriov-network"]
+ifeval::["{context}" == "virt-connecting-vm-to-sriov"]
 :virt-sriov-net:
 :object: pods or virtual machines
 endif::[]
@@ -85,9 +85,9 @@ endif::ocp-sriov-net[]
 ifdef::object[]
 :object!:
 endif::[]
-ifdef::ocp-sriov-net[]
+ifeval::["{context}" == "configuring-sriov-net-attach"]
 :ocp-sriov-net!:
 endif::[]
-ifdef::virt-sriov-net[]
+ifeval::["{context}" == "virt-connecting-vm-to-sriov"]
 :virt-sriov-net!:
 endif::[]
diff --git a/modules/nw-sriov-network-operator.adoc b/modules/nw-sriov-network-operator.adoc
index f5ba2b29c69d..0be25c2c2f1e 100644
--- a/modules/nw-sriov-network-operator.adoc
+++ b/modules/nw-sriov-network-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-sriov-network-operator_{context}"]
 = Example SR-IOV Network Operator for virtual functions
 
diff --git a/modules/nw-sriov-networknodepolicy-object.adoc b/modules/nw-sriov-networknodepolicy-object.adoc
index 22ef6effcc72..ba68b570fe95 100644
--- a/modules/nw-sriov-networknodepolicy-object.adoc
+++ b/modules/nw-sriov-networknodepolicy-object.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/configuring-sriov-device.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nw-sriov-networknodepolicy-object_{context}"]
 = SR-IOV network node configuration object
 
@@ -34,7 +34,7 @@ spec:
   deviceType: <device_type> <15>
   isRdma: false <16>
   linkType: <link_type> <17>
-  eSwitchMode: "switchdev" <18>
+  eSwitchMode: <mode> <18>
   excludeTopology: false <19>
 ----
 <1> The name for the custom resource object.
@@ -46,10 +46,22 @@ spec:
 When specifying a name, be sure to use the accepted syntax expression `^[a-zA-Z0-9_]+$` in the `resourceName`.
 
 <4> The node selector specifies the nodes to configure. Only SR-IOV network devices on the selected nodes are configured. The SR-IOV Container Network Interface (CNI) plugin and device plugin are deployed on selected nodes only.
++
+[IMPORTANT]
+====
+The SR-IOV Network Operator applies node network configuration policies to nodes in sequence. Before applying node network configuration policies, the SR-IOV Network Operator checks if the machine config pool (MCP) for a node is in an unhealthy state such as `Degraded` or `Updating`. If a node is in an unhealthy MCP, the process of applying node network configuration policies to all targeted nodes in the cluster pauses until the MCP returns to a healthy state.
+
+To avoid a node in an unhealthy MCP from blocking the application of node network configuration policies to other nodes, including nodes in other MCPs, you must create a separate node network configuration policy for each MCP.
+====
 
 <5> Optional: The priority is an integer value between `0` and `99`. A smaller value receives higher priority. For example, a priority of `10` is a higher priority than `99`. The default value is `99`.
 
 <6> Optional: The maximum transmission unit (MTU) of the virtual function. The maximum MTU value can vary for different network interface controller (NIC) models.
++
+[IMPORTANT]
+====
+If you want to create virtual function on the default network interface, ensure that the MTU is set to a value that matches the cluster MTU.
+====
 
 <7> Optional: Set `needVhostNet` to `true` to mount the `/dev/vhost-net` device in the pod. Use the mounted `/dev/vhost-net` device with Data Plane Development Kit (DPDK) to forward traffic to the kernel network stack.
 
@@ -85,7 +97,11 @@ When `linkType` is set to `ib`, `isRdma` is automatically set to `true` by the S
 +
 Do not set linkType to 'eth' for SriovNetworkNodePolicy, because this can lead to an incorrect number of available devices reported by the device plugin.
 
-<18> Optional: To enable hardware offloading, the 'eSwitchMode' field must be set to `"switchdev"`.
+<18> Optional: The NIC device mode. The only allowed values are `legacy` or `switchdev`.
++
+When `eSwitchMode` is set to `legacy`, the default SR-IOV behavior is enabled.
++
+When `eSwitchMode` is set to `switchdev`, hardware offloading is enabled. 
 
 <19> Optional: To exclude advertising an SR-IOV network resource's NUMA node to the Topology Manager, set the value to `true`. The default value is `false`.
 
diff --git a/modules/nw-sriov-operator-uninstall.adoc b/modules/nw-sriov-operator-uninstall.adoc
index 6fdd82688b1c..38c426bd873d 100644
--- a/modules/nw-sriov-operator-uninstall.adoc
+++ b/modules/nw-sriov-operator-uninstall.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/uninstalling-sriov-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-operator-uninstall_{context}"]
 = Uninstalling the SR-IOV Network Operator
 
diff --git a/modules/nw-sriov-rdma-example-mellanox.adoc b/modules/nw-sriov-rdma-example-mellanox.adoc
index 0708321b94e5..0da3470b92e1 100644
--- a/modules/nw-sriov-rdma-example-mellanox.adoc
+++ b/modules/nw-sriov-rdma-example-mellanox.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/using-dpdk-and-rdma.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="example-vf-use-in-rdma-mode-mellanox_{context}"]
 = Using a virtual function in RDMA mode with a Mellanox NIC
 // Extract content for TP notice
@@ -115,7 +115,7 @@ spec:
       capabilities:
         add: ["IPC_LOCK","SYS_RESOURCE","NET_RAW"] <3>
     volumeMounts:
-    - mountPath: /dev/hugepages <4>
+    - mountPath: /mnt/huge <4>
       name: hugepage
     resources:
       limits:
@@ -135,7 +135,7 @@ spec:
 <1> Specify the same `target_namespace` where `SriovNetwork` object `mlx-rdma-network` is created. If you would like to create the pod in a different namespace, change `target_namespace` in both `Pod` spec and `SriovNetwork` object.
 <2> Specify the RDMA image which includes your application and RDMA library used by application.
 <3> Specify additional capabilities required by the application inside the container for hugepage allocation, system resource allocation, and network interface access.
-<4> Mount the hugepage volume to RDMA pod under `/dev/hugepages`. The hugepage volume is backed by the emptyDir volume type with the medium being `Hugepages`.
+<4> Mount the hugepage volume to RDMA pod under `/mnt/huge`. The hugepage volume is backed by the emptyDir volume type with the medium being `Hugepages`.
 <5> Specify number of CPUs. The RDMA pod usually requires exclusive CPUs be allocated from the kubelet. This is achieved by setting CPU Manager policy to `static` and create pod with `Guaranteed` QoS.
 <6> Specify hugepage size `hugepages-1Gi` or `hugepages-2Mi` and the quantity of hugepages that will be allocated to the RDMA pod. Configure `2Mi` and `1Gi` hugepages separately. Configuring `1Gi` hugepage requires adding kernel arguments to Nodes.
 
diff --git a/modules/nw-sriov-supported-devices.adoc b/modules/nw-sriov-supported-devices.adoc
index 5e32c692686a..ec0d12482a9a 100644
--- a/modules/nw-sriov-supported-devices.adoc
+++ b/modules/nw-sriov-supported-devices.adoc
@@ -22,11 +22,26 @@
 |14e4
 |1750
 
+|Broadcom
+|BCM57504
+|14e4
+|1751
+
 |Intel
 |X710
 |8086
 |1572
 
+|Intel
+|X710 Backplane
+|8086
+|1581
+
+|Intel
+|X710 Base T
+|8086
+|15ff
+
 |Intel
 |XL710
 |8086
diff --git a/modules/nw-sriov-topology-manager.adoc b/modules/nw-sriov-topology-manager.adoc
index c0cab370957b..8301ebe74076 100644
--- a/modules/nw-sriov-topology-manager.adoc
+++ b/modules/nw-sriov-topology-manager.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/add-pod.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-sriov-topology-manager_{context}"]
 = Creating a non-uniform memory access (NUMA) aligned SR-IOV pod
 
@@ -16,7 +16,7 @@ You can create a NUMA aligned SR-IOV pod by restricting SR-IOV and the CPU resou
 +
 [NOTE]
 ====
-When `single-numa-node` is unable to satisfy the request, you can configure the Topology Manager policy to `restricted`. For more flexible SR-IOV network resource scheduling, see _Excluding SR-IOV network topology during NUMA-aware scheduling_ in the _Additional resources_ section. 
+When `single-numa-node` is unable to satisfy the request, you can configure the Topology Manager policy to `restricted`. For more flexible SR-IOV network resource scheduling, see _Excluding SR-IOV network topology during NUMA-aware scheduling_ in the _Additional resources_ section.
 ====
 
 .Procedure
diff --git a/modules/nw-throughput-troubleshoot.adoc b/modules/nw-throughput-troubleshoot.adoc
index 75c4295341d0..6059d43c3cde 100644
--- a/modules/nw-throughput-troubleshoot.adoc
+++ b/modules/nw-throughput-troubleshoot.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 // * networking/routes/route-configuration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="nw-throughput-troubleshoot_{context}"]
 = Throughput issue troubleshooting methods
 
diff --git a/modules/nw-using-ingress-forwarded.adoc b/modules/nw-using-ingress-forwarded.adoc
index db2a0f0950e1..1c4e74099de4 100644
--- a/modules/nw-using-ingress-forwarded.adoc
+++ b/modules/nw-using-ingress-forwarded.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ingress-controller
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-using-ingress-forwarded_{context}"]
 = Using X-Forwarded headers
 
diff --git a/modules/nw-view-status-configuration-network-observability-operator.adoc b/modules/nw-view-status-configuration-network-observability-operator.adoc
index 6f68da51b9f5..cb2eda1737de 100644
--- a/modules/nw-view-status-configuration-network-observability-operator.adoc
+++ b/modules/nw-view-status-configuration-network-observability-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * networking/network_observability/understanding-network-observability-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nw-status-configuration-network-observability-operator_{context}"]
 = Viewing Network Observability Operator status and configuration
 
diff --git a/modules/oadp-1-3-backing-csi-snapshots.adoc b/modules/oadp-1-3-backing-csi-snapshots.adoc
new file mode 100644
index 000000000000..289a515e0646
--- /dev/null
+++ b/modules/oadp-1-3-backing-csi-snapshots.adoc
@@ -0,0 +1,108 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/oadp-backup-restore-csi-snapshots.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-1-3-backing-csi-snapshots_{context}"]
+= Backing up persistent volumes with CSI snapshots
+
+You can use the OADP Data Mover to back up Container Storage Interface (CSI) volume snapshots to a remote object store.
+
+.Prerequisites
+
+* You have access to the cluster with the `cluster-admin` role.
+* You have installed the OADP Operator.
+* You have included the CSI plugin and enabled the node agent in the `DataProtectionApplication` custom resource (CR).
+* You have an application with persistent volumes running in a separate namespace.
+* You have added the `metadata.labels.velero.io/csi-volumesnapshot-class: "true"` key-value pair to the `VolumeSnapshotClass` CR.
+
+.Procedure
+
+. Create a YAML file for the `Backup` object, as in the following example:
++
+.Example `Backup` CR
+[source,yaml]
+----
+kind: Backup
+apiVersion: velero.io/v1
+metadata:
+  name: backup
+  namespace: openshift-adp
+spec:
+  csiSnapshotTimeout: 10m0s
+  defaultVolumesToFsBackup: false
+  includedNamespaces:
+  - mysql-persistent
+  itemOperationTimeout: 4h0m0s
+  snapshotMoveData: true <1>
+  storageLocation: default
+  ttl: 720h0m0s
+  volumeSnapshotLocations:
+  - dpa-sample-1
+# ...
+----
+<1> Set to `true` to enable movement of CSI snapshots to remote object storage.
+
+. Apply the manifest:
++
+[source,terminal]
+----
+$ oc create -f backup.yaml
+----
++
+A `DataUpload` CR is created after the snapshot creation is complete.
+
+.Verification
+* Verify that the snapshot data is successfully transferred to the remote object store by monitoring the `status.phase` field of the `DataUpload` CR.  Possible values are `In Progress`, `Completed`, `Failed`, or `Canceled`. The object store is configured in the `backupLocations` stanza of the `DataProtectionApplication` CR.
+
+** Run the following command to get a list of all `DataUpload` objects:
++
+[source,terminal]
+----
+$ oc get datauploads -A
+----
++
+.Example output
+[source,terminal]
+----
+NAMESPACE       NAME                  STATUS      STARTED   BYTES DONE   TOTAL BYTES   STORAGE LOCATION   AGE     NODE
+openshift-adp   backup-test-1-sw76b   Completed   9m47s     108104082    108104082     dpa-sample-1       9m47s   ip-10-0-150-57.us-west-2.compute.internal
+openshift-adp   mongo-block-7dtpf     Completed   14m       1073741824   1073741824    dpa-sample-1       14m     ip-10-0-150-57.us-west-2.compute.internal
+----
+
+** Check the value of the `status.phase` field of the specific `DataUpload` object by running the following command:
++
+[source,terminal]
+----
+$ oc get datauploads <dataupload_name> -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: velero.io/v2alpha1
+kind: DataUpload
+metadata:
+  name: backup-test-1-sw76b
+  namespace: openshift-adp
+spec:
+  backupStorageLocation: dpa-sample-1
+  csiSnapshot:
+    snapshotClass: ""
+    storageClass: gp3-csi
+    volumeSnapshot: velero-mysql-fq8sl
+  operationTimeout: 10m0s
+  snapshotType: CSI
+  sourceNamespace: mysql-persistent
+  sourcePVC: mysql
+status:
+  completionTimestamp: "2023-11-02T16:57:02Z"
+  node: ip-10-0-150-57.us-west-2.compute.internal
+  path: /host_pods/15116bac-cc01-4d9b-8ee7-609c3bef6bde/volumes/kubernetes.io~csi/pvc-eead8167-556b-461a-b3ec-441749e291c4/mount
+  phase: Completed <1>
+  progress:
+    bytesDone: 108104082
+    totalBytes: 108104082
+  snapshotID: 8da1c5febf25225f4577ada2aeb9f899
+  startTimestamp: "2023-11-02T16:56:22Z"
+----
+<1> Indicates that snapshot data is successfully transferred to the remote object store.
diff --git a/modules/oadp-1-3-restoring-csi-snapshots.adoc b/modules/oadp-1-3-restoring-csi-snapshots.adoc
new file mode 100644
index 000000000000..3e492ff22d7f
--- /dev/null
+++ b/modules/oadp-1-3-restoring-csi-snapshots.adoc
@@ -0,0 +1,97 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp_built_in_data_mover/oadp-backup-restore-csi-snapshots.adoc           
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-1-3-restoring-csi-snapshots_{context}"]
+= Restoring CSI volume snapshots
+
+You can restore a volume snapshot by creating a `Restore` CR.
+
+[NOTE]
+====
+You cannot restore Volsync backups from OADP 1.2 with the OAPD 1.3 built-in Data Mover. It is recommended to do a file system backup of all of your workloads with Restic prior to upgrading to OADP 1.3. 
+====
+
+.Prerequisites
+
+* You have access to the cluster with the `cluster-admin` role.
+* You have an OADP `Backup` CR from which to restore the data.
+
+.Procedure
+
+. Create a YAML file for the `Restore`  CR, as in the following example:
++
+.Example `Restore` CR
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: restore
+  namespace: openshift-adp
+spec:
+  backupName: <backup>  
+# ...
+----
+
+. Apply the manifest:
++
+[source,terminal]
+----
+$ oc create -f restore.yaml
+----
++
+A `DataDownload` CR is created when the restore starts. 
+
+.Verification
+* You can monitor the status of the restore process by checking the `status.phase` field of the `DataDownload` CR. Possible values are `In Progress`, `Completed`, `Failed`, or `Canceled`.
+
+** To get a list of all `DataDownload` objects, run the following command:
++
+[source,terminal]
+----
+$ oc get datadownloads -A
+----
++
+.Example output
+[source,terminal]
+----
+NAMESPACE       NAME                   STATUS      STARTED   BYTES DONE   TOTAL BYTES   STORAGE LOCATION   AGE     NODE
+openshift-adp   restore-test-1-sk7lg   Completed   7m11s     108104082    108104082     dpa-sample-1       7m11s   ip-10-0-150-57.us-west-2.compute.internal
+----
+
+** Enter the following command to check the value of the `status.phase` field of the specific `DataDownload` object:
++
+[source,terminal]
+----
+$ oc get datadownloads <datadownload_name> -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: velero.io/v2alpha1
+kind: DataDownload
+metadata:
+  name: restore-test-1-sk7lg
+  namespace: openshift-adp
+spec:
+  backupStorageLocation: dpa-sample-1
+  operationTimeout: 10m0s
+  snapshotID: 8da1c5febf25225f4577ada2aeb9f899
+  sourceNamespace: mysql-persistent
+  targetVolume:
+    namespace: mysql-persistent
+    pv: ""
+    pvc: mysql
+status:
+  completionTimestamp: "2023-11-02T17:01:24Z"
+  node: ip-10-0-150-57.us-west-2.compute.internal
+  phase: Completed <1>
+  progress:
+    bytesDone: 108104082
+    totalBytes: 108104082
+  startTimestamp: "2023-11-02T17:00:52Z"
+----
+<1> Indicates that the CSI snapshot data is successfully restored.
\ No newline at end of file
diff --git a/modules/oadp-about-backing-and-restoring-from-cluster-to-cluster.adoc b/modules/oadp-about-backing-and-restoring-from-cluster-to-cluster.adoc
index aa913c89d17e..2f3e8c8e335b 100644
--- a/modules/oadp-about-backing-and-restoring-from-cluster-to-cluster.adoc
+++ b/modules/oadp-about-backing-and-restoring-from-cluster-to-cluster.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-about-backing-and-restoring-from-cluster-to-cluster_{context}"]
 = About backing up data from one cluster and restoring it on another cluster
 
@@ -24,7 +24,7 @@ You must exclude Operators from the backup of an application for backup and rest
 [id="oadp-cluster-to-cluster-velero_{context}"]
 == Use of Velero
 
-Velero, which OADP is built upon, does not natively support migrating persistent volume snapshots across cloud providers. To migrate volume snapshot data between cloud platforms, you must _either_ enable the Velero Restic file system backup option, which backs up volume contents at the filesystem level, _or_ use the OADP Data Mover for CSI snapshots.
+Velero, which OADP is built upon, does not natively support migrating persistent volume snapshots across cloud providers. To migrate volume snapshot data between cloud platforms, you must _either_ enable the Velero Restic file system backup option, which backs up volume contents at the file system level, _or_ use the OADP Data Mover for CSI snapshots.
 
 [NOTE]
 ====
@@ -32,50 +32,6 @@ In OADP 1.1 and earlier, the Velero Restic file system backup option is called `
 In OADP 1.2 and later, the Velero Restic file system backup option is called `file-system-backup`.
 ====
 
-[NOTE]
-====
-Velero's file system backup feature supports both Kopia and Restic, but currently OADP supports only Restic.
-====
-
 * You must also use Velero's link:https://velero.io/docs/main/file-system-backup/[File System Backup] to migrate data between AWS regions or between Microsoft Azure regions.
 * Velero does not support restoring data to a cluster with an _earlier_ Kubernetes version than the source cluster.
 * It is theoretically possible to migrate workloads to a destination with a _later_ Kubernetes version than the source, but you must consider the compatibility of API groups between clusters for each custom resource. If a Kubernetes version upgrade breaks the compatibility of core or native API groups, you must first update the impacted custom resources.
-
-[id="oadp-cluster-to-cluster-uid-and-gid-ranges_{context}"]
-== UID and GID ranges
-
-When you back up data from one cluster and restore it to another cluster,  there are potential issues that might arise with UID (User ID) and GID (Group ID) ranges. The following section explains these potential issues and mitigations:
-
-Summary of issues::
-The UID and GID ranges of the namespace might change on the destination cluster. OADP does not back up and restore OpenShift UID range metadata. If the backed application requires a specific UID, ensure the range is available when restored. For more information about OpenShift's UID and GID ranges, see link:https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids[A Guide to OpenShift and UIDs].
-
-Detailed description of issues::
-When you create a namespace in {product-title} by using the shell command `oc create namespace`, {product-title} assigns the namespace a unique User ID (UID) range from its available pool of UIDs, a Supplemental Group (GID) range, and unique SELinux MCS labels. This information is stored in the `metadata.annotations` field of the cluster. This information is part of the Security Context Constraints (SCC) annotations, which comprise the following components:
-
-* `openshift.io/sa.scc.mcs`
-* `openshift.io/sa.scc.supplemental-groups`
-* `openshift.io/sa.scc.uid-range`
-
-+
-When you use OADP to restore the namespace, it automatically uses the information in `metadata.annotations` without resetting it for the destination cluster. As a result, the workload might not have access to the backed up data if one of the following is true:
-
-* There is a pre-existing namespace with different SCC annotations, for example, on a different cluster. In this case, at backup time, OADP reuses the pre-existing namespace instead of the namespace you are trying to restore.
-* The backup used a label selector, but the namespace where workloads run on does not have the label on it. In this case, OADP does not back up the namespace, but instead creates a new namespace during restore that does not include the annotations of the namespace you backed up. This causes a new UID range to be assigned to the namespace.
-+
-This might be an issue for customer workloads if {product-title} assigns a pod a `securityContext` UID based on namespace annotations that have changed from the time the persistent volume data was backed up.
-* The container UID no longer matches the UID of the file owner.
-* An error occurs because {product-title} did not modify the UID range of the destination cluster to match the data of the backup cluster. As a result, the backup cluster has a different UID than the destination cluster, which means the application cannot read or write data to the destination cluster.
-
-Mitigations::
-
-You can use one or more of the following mitigations to resolve the UID and GID range issues:
-
-* Simple mitigations:
-
-** If you use a label selector in the `Backup` CR to filter the objects to include in the backup, be sure to add this label selector to the namespace that contains the workspace.
-** Remove any pre-existing version of a namespace on the destination cluster before attempting to restore a namespace with the same name.
-
-* Advanced mitigations:
-** Fix UID ranges after migration by performing steps 1-4 of link:https://access.redhat.com/articles/6844071[Fixing UID ranges after migration]. Step 1 is optional.
-
-For an in-depth discussion of UID and GID ranges in {product-title} with an emphasis on overcoming issues in backing up data on one cluster and restoring it on another, see link:https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids[A Guide to OpenShift and UIDs].
diff --git a/modules/oadp-about-backup-snapshot-locations-secrets.adoc b/modules/oadp-about-backup-snapshot-locations-secrets.adoc
index 777f8d7da208..009789520870 100644
--- a/modules/oadp-about-backup-snapshot-locations-secrets.adoc
+++ b/modules/oadp-about-backup-snapshot-locations-secrets.adoc
@@ -6,7 +6,7 @@
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-about-backup-snapshot-locations_{context}"]
 = About backup and snapshot locations and their secrets
 
@@ -16,7 +16,7 @@ You specify backup and snapshot locations and their secrets in the `DataProtecti
 [discrete]
 == Backup locations
 
-You specify S3-compatible object storage, such as Multicloud Object Gateway, Noobaa, or Minio, as a backup location.
+You specify AWS S3-compatible object storage, such as Multicloud Object Gateway or MinIO, as a backup location.
 
 Velero backs up {product-title} resources, Kubernetes objects, and internal images as an archive file on object storage.
 
@@ -28,7 +28,7 @@ If you use your cloud provider's native snapshot API to back up persistent volum
 
 If you use Container Storage Interface (CSI) snapshots, you do not need to specify a snapshot location because you will create a `VolumeSnapshotClass` CR to register the CSI driver.
 
-If you use Restic, you do not need to specify a snapshot location because Restic backs up the file system on object storage.
+If you use File System Backup (FSB), you do not need to specify a snapshot location because FSB backs up the file system on object storage.
 
 [id="secrets_{context}"]
 [discrete]
diff --git a/modules/oadp-about-enable-api-group-versions.adoc b/modules/oadp-about-enable-api-group-versions.adoc
index 62b1df888c38..593bd1508d24 100644
--- a/modules/oadp-about-enable-api-group-versions.adoc
+++ b/modules/oadp-about-enable-api-group-versions.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-about-enable-api-group-versions_{context}"]
 = About Enable API Group Versions
 
diff --git a/modules/oadp-backing-and-restoring-from-cluster-to-cluster.adoc b/modules/oadp-backing-and-restoring-from-cluster-to-cluster.adoc
index 83edbc71bdd7..1e061f15d169 100644
--- a/modules/oadp-backing-and-restoring-from-cluster-to-cluster.adoc
+++ b/modules/oadp-backing-and-restoring-from-cluster-to-cluster.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-backing-and-restoring-from-cluster-to-cluster_{context}"]
 = Backing up data from one cluster and restoring it to another cluster
 
@@ -11,7 +11,7 @@ In general, you back up data from one {product-title} cluster and restore it on
 
 .Prerequisites
 
-* All relevant prerequisites for backing up and restoring on your platform (for example, AWS, Microsoft Azure, GCP, and so on), especially the prerequisites for for the Data Protection Application (DPA), are described in the relevant sections of this guide.
+* All relevant prerequisites for backing up and restoring on your platform (for example, AWS, Microsoft Azure, GCP, and so on), especially the prerequisites for the Data Protection Application (DPA), are described in the relevant sections of this guide.
 
 .Procedure
 
diff --git a/modules/oadp-backing-up-applications-restic.adoc b/modules/oadp-backing-up-applications-restic.adoc
index 01777409bc5d..a60ad5387ddf 100644
--- a/modules/oadp-backing-up-applications-restic.adoc
+++ b/modules/oadp-backing-up-applications-restic.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-backing-up-applications-restic_{context}"]
 = Backing up applications with Restic
 
@@ -35,7 +35,7 @@ metadata:
     velero.io/storage-location: default
   namespace: openshift-adp
 spec:
-  defaultVolumesToRestic: true <1>
+  defaultVolumesToFsBackup: true <1>
 ...
 ----
-<1> Add `defaultVolumesToRestic: true` to the `spec` block.
+<1> In OADP version 1.2 and later, add the `defaultVolumesToFsBackup: true` setting within the `spec` block. In OADP version 1.1, add `defaultVolumesToRestic: true`.
\ No newline at end of file
diff --git a/modules/oadp-backing-up-dpa-configuration-1-2-0.adoc b/modules/oadp-backing-up-dpa-configuration-1-2-0.adoc
new file mode 100644
index 000000000000..87fc14baa92c
--- /dev/null
+++ b/modules/oadp-backing-up-dpa-configuration-1-2-0.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-backing-up-dpa-configuration-1-2-0_{context}"]
+= Backing up the DPA configuration
+
+You must back up your current `DataProtectionApplication` (DPA) configuration.
+
+.Procedure
+* Save your current DPA configuration by running the following command:
++
+.Example
+[source,terminal]
+----
+$ oc get dpa -n openshift-adp -o yaml > dpa.orig.backup
+----
+
diff --git a/modules/oadp-backing-up-dpa-configuration-1-3-0.adoc b/modules/oadp-backing-up-dpa-configuration-1-3-0.adoc
new file mode 100644
index 000000000000..9dab3f01eae0
--- /dev/null
+++ b/modules/oadp-backing-up-dpa-configuration-1-3-0.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-3.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-backing-up-dpa-configuration-1-3-0_{context}"]
+= Backing up the DPA configuration
+
+You must back up your current `DataProtectionApplication` (DPA) configuration.
+
+.Procedure
+* Save your current DPA configuration by running the following command:
++
+.Example
+[source,terminal]
+----
+$ oc get dpa -n openshift-adp -o yaml > dpa.orig.backup
+----
diff --git a/modules/oadp-backing-up-opt-in.adoc b/modules/oadp-backing-up-opt-in.adoc
new file mode 100644
index 000000000000..8b8725b93dae
--- /dev/null
+++ b/modules/oadp-backing-up-opt-in.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
+
+[id="oadp-backing-up-opt-in_{context}"]
+:_mod-docs-content-type: PROCEDURE
+= Backing up pod volumes by using the opt-in method
+
+You can use the opt-in method to specify which volumes need to be backed up by File System Backup (FSB). You can do this by using the `backup.velero.io/backup-volumes` command.
+
+.Procedure
+
+* On each pod that contains one or more volumes that you want to back up, enter the following command:
++
+[source,terminal]
+----
+$ oc -n <your_pod_namespace> annotate pod/<your_pod_name> \
+  backup.velero.io/backup-volumes=<your_volume_name_1>, \ <your_volume_name_2>>,...,<your_volume_name_n>
+----
++
+where:
+
+`<your_volume_name_x>`:: specifies the name of the xth volume in the pod specification.
\ No newline at end of file
diff --git a/modules/oadp-backing-up-opt-out.adoc b/modules/oadp-backing-up-opt-out.adoc
new file mode 100644
index 000000000000..5e13dea645b6
--- /dev/null
+++ b/modules/oadp-backing-up-opt-out.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
+
+[id="oadp-backing-up-opt-out_{context}"]
+:_mod-docs-content-type: PROCEDURE
+= Backing up pod volumes by using the opt-out method
+
+When using the opt-out approach, all pod volumes are backed up by using File System Backup (FSB), although there are some exceptions:
+
+* Volumes that mount the default service account token, secrets, and configuration maps.
+
+* `hostPath` volumes
+
+You can use the opt-out method to specify which volumes *not* to back up. You can do this by using the `backup.velero.io/backup-volumes-excludes` command.
+
+.Procedure
+
+* On each pod that contains one or more volumes that you do not want to back up, run the following command:
++
+[source,terminal]
+----
+$ oc -n <your_pod_namespace> annotate pod/<your_pod_name> \
+  backup.velero.io/backup-volumes-excludes=<your_volume_name_1>, \ <your_volume_name_2>>,...,<your_volume_name_n>
+----
++
+where:
+
+`<your_volume_name_x>`:: specifies the name of the xth volume in the pod specification.
+
+[NOTE]
+====
+You can enable this behavior for all Velero backups by running the `velero install` command with the `--default-volumes-to-fs-backup` flag.
+====
diff --git a/modules/oadp-backing-up-pvs-csi.adoc b/modules/oadp-backing-up-pvs-csi.adoc
index d3a6aed2e121..c4e09f1fc868 100644
--- a/modules/oadp-backing-up-pvs-csi.adoc
+++ b/modules/oadp-backing-up-pvs-csi.adoc
@@ -2,9 +2,10 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-backing-up-pvs-csi_{context}"]
 = Backing up persistent volumes with CSI snapshots
+:context: backing-up-applications
 
 You back up persistent volumes with Container Storage Interface (CSI) snapshots by editing the `VolumeSnapshotClass` custom resource (CR) of the cloud storage before you create the `Backup` CR.
 
diff --git a/modules/oadp-backup-restore-cr-issues.adoc b/modules/oadp-backup-restore-cr-issues.adoc
index 472e692dfea3..361b1e8ce3bf 100644
--- a/modules/oadp-backup-restore-cr-issues.adoc
+++ b/modules/oadp-backup-restore-cr-issues.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-backup-restore-cr-issues_{context}"]
 = Backup and Restore CR issues
 
@@ -55,12 +55,12 @@ You do not need to clean up the backup location because a `Backup` CR in progres
 [id="backup-cr-remains-partiallyfailed_{context}"]
 == Backup CR status remains in PartiallyFailed
 
-The status of a `Backup` CR without Restic in use remains in the `PartiallyFailed` phase and does not complete. A snapshot of the affiliated PVC is not created. 
+The status of a `Backup` CR without Restic in use remains in the `PartiallyFailed` phase and does not complete. A snapshot of the affiliated PVC is not created.
 
 .Cause
 
 If the backup is created based on the CSI snapshot class, but the label is missing, CSI snapshot plugin fails to create a snapshot. As a result, the `Velero` pod logs an error similar to the following:
-+
+
 [source,text]
 ----
 time="2023-02-17T16:33:13Z" level=error msg="Error backing up item" backup=openshift-adp/user1-backup-check5 error="error executing custom action (groupResource=persistentvolumeclaims, namespace=busy1, name=pvc1-user1): rpc error: code = Unknown desc = failed to get volumesnapshotclass for storageclass ocs-storagecluster-ceph-rbd: failed to get volumesnapshotclass for provisioner openshift-storage.rbd.csi.ceph.com, ensure that the desired volumesnapshot class has the velero.io/csi-volumesnapshot-class label" logSource="/remote-source/velero/app/pkg/backup/backup.go:417" name=busybox-79799557b5-vprq
@@ -84,4 +84,4 @@ $ oc delete backup <backup> -n openshift-adp
 $ oc label volumesnapshotclass/<snapclass_name> velero.io/csi-volumesnapshot-class=true
 ----
 
-. Create a new `Backup` CR.
\ No newline at end of file
+. Create a new `Backup` CR.
diff --git a/modules/oadp-backup-restore-for-large-usage.adoc b/modules/oadp-backup-restore-for-large-usage.adoc
new file mode 100644
index 000000000000..f070e7a33999
--- /dev/null
+++ b/modules/oadp-backup-restore-for-large-usage.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+// * backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-backup-restore-for-large-usage_{context}"]
+= NodeAgent CPU for large usage
+
+Testing shows that increasing `NodeAgent` CPU can significantly improve backup and restore times when using {oadp-first}.
+
+[IMPORTANT]
+====
+It is not recommended to use Kopia without limits in production environments on nodes running production workloads due to Kopia’s aggressive consumption of resources. However, running Kopia with limits that are too low results in CPU limiting and slow backups and restore situations. Testing showed that running Kopia with 20 cores and 32 Gi memory supported backup and restore operations of over 100 GB of data, multiple namespaces, or over 2000 pods in a single namespace.
+====
+
+Testing detected no CPU limiting or memory saturation with these resource specifications.
+
+You can set these limits in Ceph MDS pods by following the procedure in https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.14/html/troubleshooting_openshift_data_foundation/changing-resources-for-the-openshift-data-foundation-components_rhodf#changing_the_cpu_and_memory_resources_on_the_rook_ceph_pods[Changing the CPU and memory resources on the rook-ceph pods].
+
+You need to add the following lines to the storage cluster Custom Resource (CR) to set the limits:
+
+[source,yaml]
+----
+   resources:
+     mds:
+       limits:
+         cpu: "3"
+         memory: 128Gi
+       requests:
+         cpu: "3"
+         memory: 8Gi
+----
\ No newline at end of file
diff --git a/modules/oadp-ceph-cephfs-back-up-dba.adoc b/modules/oadp-ceph-cephfs-back-up-dba.adoc
index c403e45515ab..d1348cf2aa29 100644
--- a/modules/oadp-ceph-cephfs-back-up-dba.adoc
+++ b/modules/oadp-ceph-cephfs-back-up-dba.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-cephfs-back-up-dba_{context}"]
 = Creating a DPA for use with CephFS storage
 
diff --git a/modules/oadp-ceph-cephfs-back-up.adoc b/modules/oadp-ceph-cephfs-back-up.adoc
index 5cb6eac7277f..3ef1374cc079 100644
--- a/modules/oadp-ceph-cephfs-back-up.adoc
+++ b/modules/oadp-ceph-cephfs-back-up.adoc
@@ -9,7 +9,7 @@ ifeval::["{context}" == "split"]
 :split:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-cephfs-back-up_{context}"]
 
 ifdef::cephfs[]
@@ -44,7 +44,7 @@ spec:
 . Monitor the progress of the `VolumeSnapshotBackup` CRs by completing the following steps:
 .. To check the progress of all the `VolumeSnapshotBackup` CRs, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get vsb -n <app_ns>
 ----
diff --git a/modules/oadp-ceph-cephfs-restore.adoc b/modules/oadp-ceph-cephfs-restore.adoc
index f87a3e875565..8e1b84963319 100644
--- a/modules/oadp-ceph-cephfs-restore.adoc
+++ b/modules/oadp-ceph-cephfs-restore.adoc
@@ -9,7 +9,7 @@ ifeval::["{context}" == "split"]
 :split:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-cephfs-restore_{context}"]
 
 ifdef::cephfs[]
@@ -56,7 +56,7 @@ spec:
 . Monitor the progress of the `VolumeSnapshotRestore` CRs by doing the following:
 .. To check the progress of all the `VolumeSnapshotRestore` CRs, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get vsr -n <app_ns>
 ----
diff --git a/modules/oadp-ceph-preparing-cephfs-crs.adoc b/modules/oadp-ceph-preparing-cephfs-crs.adoc
index 7b5effec9ce2..b6207da8227d 100644
--- a/modules/oadp-ceph-preparing-cephfs-crs.adoc
+++ b/modules/oadp-ceph-preparing-cephfs-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-preparing-cephfs-crs_{context}"]
 = Defining CephFS custom resources for use with OADP 1.2 Data Mover
 
diff --git a/modules/oadp-ceph-preparing-cephrbd-crs.adoc b/modules/oadp-ceph-preparing-cephrbd-crs.adoc
index 65d287de3e82..914264139387 100644
--- a/modules/oadp-ceph-preparing-cephrbd-crs.adoc
+++ b/modules/oadp-ceph-preparing-cephrbd-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-preparing-cephrbd-crs_{context}"]
 = Defining CephRBD custom resources for use with OADP 1.2 Data Mover
 
diff --git a/modules/oadp-ceph-preparing-crs-additional.adoc b/modules/oadp-ceph-preparing-crs-additional.adoc
index 80f77b37c533..b2d0921876ec 100644
--- a/modules/oadp-ceph-preparing-crs-additional.adoc
+++ b/modules/oadp-ceph-preparing-crs-additional.adoc
@@ -2,14 +2,14 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-preparing-crs-additional_{context}"]
 = Defining additional custom resources for use with OADP 1.2 Data Mover
 
 After you redefine the default `StorageClass` and CephRBD `VolumeSnapshotClass` custom resources (CRs), you must create the following CRs:
 
 * A CephFS `StorageClass` CR defined to use the shallow copy feature
-* A Rustic `Secret` CR
+* A Restic `Secret` CR
 
 .Procedure
 
diff --git a/modules/oadp-ceph-prerequisites.adoc b/modules/oadp-ceph-prerequisites.adoc
index 487fce00ec29..7cdd2e9679c4 100644
--- a/modules/oadp-ceph-prerequisites.adoc
+++ b/modules/oadp-ceph-prerequisites.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-ceph-prerequisites_{context}"]
 = Prerequisites for using OADP 1.2 Data Mover with Ceph storage
 
@@ -13,4 +13,4 @@ The following prerequisites apply to all back up and restore operations of data
 * You have installed the OADP Operator.
 * You have created a secret `cloud-credentials` in the namespace `openshift-adp.`
 * You have installed {rh-storage-first}.
-* You have installed the latest VolSync Operator using the Operator Lifecycle Manager.
+* You have installed the latest VolSync Operator by using Operator Lifecycle Manager.
diff --git a/modules/oadp-ceph-split-back-up-dba.adoc b/modules/oadp-ceph-split-back-up-dba.adoc
index 4b6a71446db1..b80f52a70c29 100644
--- a/modules/oadp-ceph-split-back-up-dba.adoc
+++ b/modules/oadp-ceph-split-back-up-dba.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-ceph-split-back-up-dba_{context}"]
 = Creating a DPA for use with split volumes
 
diff --git a/modules/oadp-checking-api-group-versions.adoc b/modules/oadp-checking-api-group-versions.adoc
index 06f947e437b5..f1a0d7d02a3f 100644
--- a/modules/oadp-checking-api-group-versions.adoc
+++ b/modules/oadp-checking-api-group-versions.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-checking-api-group-versions_{context}"]
 = Listing the Kubernetes API group versions on a cluster
 
diff --git a/modules/oadp-cleaning-up-after-data-mover-snapshots.adoc b/modules/oadp-cleaning-up-after-data-mover-snapshots.adoc
index 9a989255968d..eca45811502d 100644
--- a/modules/oadp-cleaning-up-after-data-mover-snapshots.adoc
+++ b/modules/oadp-cleaning-up-after-data-mover-snapshots.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-cleaning-up-after-data-mover-snapshots_{context}"]
 = Deleting snapshots in a bucket
 
diff --git a/modules/oadp-cluster-to-cluster-uid-and-gid-ranges.adoc b/modules/oadp-cluster-to-cluster-uid-and-gid-ranges.adoc
new file mode 100644
index 000000000000..1cf63d0be585
--- /dev/null
+++ b/modules/oadp-cluster-to-cluster-uid-and-gid-ranges.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
+
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-cluster-to-cluster-uid-and-gid-ranges_{context}"]
+= UID and GID ranges
+
+If you back up data from one cluster and restore it to another cluster,  problems might occur with UID (User ID) and GID (Group ID) ranges. The following section explains these potential issues and mitigations:
+
+Summary of the issues::
+The namespace UID and GID ranges might change depending on the destination cluster. OADP does not back up and restore OpenShift UID range metadata. If the backed up application requires a specific UID, ensure the range is availableupon restore. For more information about OpenShift's UID and GID ranges, see link:https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids[A Guide to OpenShift and UIDs].
+
+Detailed description of the issues::
+When you create a namespace in {product-title} by using the shell command `oc create namespace`, {product-title} assigns the namespace a unique User ID (UID) range from its available pool of UIDs, a Supplemental Group (GID) range, and unique SELinux MCS labels. This information is stored in the `metadata.annotations` field of the cluster. This information is part of the Security Context Constraints (SCC) annotations, which comprise of the following components:
+
+* `openshift.io/sa.scc.mcs`
+* `openshift.io/sa.scc.supplemental-groups`
+* `openshift.io/sa.scc.uid-range`
+
+When you use OADP to restore the namespace, it automatically uses the information in `metadata.annotations` without resetting it for the destination cluster. As a result, the workload might not have access to the backed up data if any of the following is true:
+
+* There is an existing namespace with other SCC annotations, for example, on another cluster. In this case, OADP uses the existing namespace during the backup instead of the namespace you want to restore.
+* A label selector was used during the backup, but the namespace in which the workloads are executed does not have the label. In this case, OADP does not back up the namespace, but creates a new namespace during the restore that does not contain the annotations of the backed up namespace. This results in a new UID range being assigned to the namespace.
++
+This can be an issue for customer workloads if {product-title} assigns a pod a `securityContext` UID to a pod based on namespace annotations that have changed since the persistent volume data was backed up.
+* The UID of the container no longer matches the UID of the file owner.
+* An error occurs because {product-title} has not changed the UID range of the destination cluster to match the backup cluster data. As a result, the backup cluster has a different UID than the destination cluster, which means that the application cannot read or write data on the destination cluster.
+
+Mitigations::
+
+You can use one or more of the following mitigations to resolve the UID and GID range issues:
+
+* Simple mitigations:
+
+** If you use a label selector in the `Backup` CR to filter the objects to include in the backup, be sure to add this label selector to the namespace that contains the workspace.
+** Remove any pre-existing version of a namespace on the destination cluster before attempting to restore a namespace with the same name.
+
+* Advanced mitigations:
+** Fix UID ranges after migration by link:https://access.redhat.com/articles/6844071[Resolving overlapping UID ranges in OpenShift namespaces after migration]. Step 1 is optional.
+
+For an in-depth discussion of UID and GID ranges in {product-title} with an emphasis on overcoming issues in backing up data on one cluster and restoring it on another, see link:https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids[A Guide to OpenShift and UIDs].
diff --git a/modules/oadp-configuring-noobaa-for-dr.adoc b/modules/oadp-configuring-noobaa-for-dr.adoc
index 43282d529270..27f32b328a70 100644
--- a/modules/oadp-configuring-noobaa-for-dr.adoc
+++ b/modules/oadp-configuring-noobaa-for-dr.adoc
@@ -2,17 +2,19 @@
 //
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-configuring-noobaa-for-dr_{context}"]
-= Configuring NooBaa for disaster recovery on {rh-storage}
+= Configuring Multicloud Object Gateway (MCG) for disaster recovery on {rh-storage}
 
-If you use cluster storage for your NooBaa bucket `backupStorageLocation` on {rh-storage}, configure NooBaa as an external object store.
+If you use cluster storage for your MCG bucket `backupStorageLocation` on {rh-storage}, configure MCG as an external object store.
 
 [WARNING]
 ====
-Failure to configure NooBaa as an external object store might lead to backups not being available.
+Failure to configure MCG as an external object store might lead to backups not being available.
 ====
 
+include::snippets/snip-noobaa-and-mcg.adoc[]
+
 .Procedure
 
-* Configure NooBaa as an external object store as described in link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.11/html/managing_hybrid_and_multicloud_resources/adding-storage-resources-for-hybrid-or-multicloud_rhodf#doc-wrapper[Adding storage resources for hybrid or Multicloud].
+* Configure MCG as an external object store as described in link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/managing_hybrid_and_multicloud_resources/adding-storage-resources-for-hybrid-or-multicloud_rhodf#doc-wrapper[Adding storage resources for hybrid or Multicloud].
diff --git a/modules/oadp-configuring-velero-plugins.adoc b/modules/oadp-configuring-velero-plugins.adoc
index 0bbf58a055cc..0d2537d41550 100644
--- a/modules/oadp-configuring-velero-plugins.adoc
+++ b/modules/oadp-configuring-velero-plugins.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-configuring-velero-plugins_{context}"]
 = About OADP Velero plugins
 
diff --git a/modules/oadp-converting-dpa-to-new-version-1-3-0.adoc b/modules/oadp-converting-dpa-to-new-version-1-3-0.adoc
new file mode 100644
index 000000000000..9bcee537033e
--- /dev/null
+++ b/modules/oadp-converting-dpa-to-new-version-1-3-0.adoc
@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-3.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-converting-dpa-to-new-version-1-3-0_{context}"]
+= Converting DPA to the new version
+
+If you need to move backups off cluster with the Data Mover, reconfigure the `DataProtectionApplication` (DPA) manifest as follows.
+
+.Procedure
+. Click *Operators* → *Installed Operators* and select the OADP Operator.
+. In the *Provided APIs* section, click *View more*.
+. Click *Create instance* in the *DataProtectionApplication* box.
+. Click *YAML View* to display the current DPA parameters.
++
+.Example current DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    features:
+      dataMover:
+      enable: true
+      credentialName: dm-credentials
+    velero:
+      defaultPlugins:
+      - vsm
+      - csi
+      - openshift
+# ...
+----
+
+. Update the DPA parameters:
+* Remove the `features.dataMover` key and values from the DPA.
+* Remove the VolumeSnapshotMover (VSM) plugin.
+* Add the `nodeAgent` key and values.
++
+.Example updated DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: kopia
+    velero:
+      defaultPlugins:
+      - csi
+      - openshift
+# ...
+----
+
+. Wait for the DPA to reconcile successfully.
diff --git a/modules/oadp-converting-to-new-dpa-1-2-0.adoc b/modules/oadp-converting-to-new-dpa-1-2-0.adoc
new file mode 100644
index 000000000000..ae99c4a61089
--- /dev/null
+++ b/modules/oadp-converting-to-new-dpa-1-2-0.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-converting-to-new-dpa-1-2-0_{context}"]
+= Converting DPA to the new version
+
+If you use the fields that were updated in the `spec.configuration.velero.args` stanza, you must configure your `DataProtectionApplication` (DPA) manifest to use the new parameter names.
+
+.Procedure
+
+. Click *Operators* → *Installed Operators* and select the OADP Operator.
+. Select *Provided APIs*, click *Create instance* in the *DataProtectionApplication* box.
+. Click *YAML View* to display the current DPA parameters.
++
+.Example current DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    velero:
+      args:
+        default-volumes-to-restic: true
+        default-restic-prune-frequency: 6000
+        restic-timeout: 600
+# ...
+----
+
+. Update the DPA parameters:
+. Update the DPA parameter names without changing their values:
+.. Change the `default-volumes-to-restic` key to `default-volumes-to-fs-backup`.
+.. Change the `default-restic-prune-frequency` key to `default-repo-maintain-frequency`.
+.. Change the `restic-timeout` key to `fs-backup-timeout`.
+
++
+.Example updated DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    velero:
+      args:
+        default-volumes-to-fs-backup: true
+        default-repo-maintain-frequency: 6000
+        fs-backup-timeout: 600
+# ...
+----
+
+. Wait for the DPA to reconcile successfully.
diff --git a/modules/oadp-creating-alerting-rule.adoc b/modules/oadp-creating-alerting-rule.adoc
new file mode 100644
index 000000000000..6a3b31cf4407
--- /dev/null
+++ b/modules/oadp-creating-alerting-rule.adoc
@@ -0,0 +1,66 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="creating-alerting-rules_{context}"]
+= Creating an alerting rule
+
+The {product-title} monitoring stack allows to receive Alerts configured using Alerting Rules. To create an Alerting rule for the OADP project, use one of the Metrics which are scraped with the user workload monitoring.
+
+.Procedure
+
+. Create a `PrometheusRule` YAML file with the sample `OADPBackupFailing` alert and save it as `4_create_oadp_alert_rule.yaml`.
++
+.Sample `OADPBackupFailing` alert
+[source,yaml]
++
+----
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: sample-oadp-alert
+  namespace: openshift-adp
+spec:
+  groups:
+  - name: sample-oadp-backup-alert
+    rules:
+    - alert: OADPBackupFailing
+      annotations:
+        description: 'OADP had {{$value | humanize}} backup failures over the last 2 hours.'
+        summary: OADP has issues creating backups
+      expr: |
+        increase(velero_backup_failure_total{job="openshift-adp-velero-metrics-svc"}[2h]) > 0
+      for: 5m
+      labels:
+        severity: warning
+----
++
+In this sample, the Alert displays under the following conditions:
++
+* There is an increase of new failing backups during the 2 last hours that is greater than 0 and the state persists for at least 5 minutes.
+* If the time of the first increase is less than 5 minutes, the Alert will be in a `Pending` state, after which it will turn into a `Firing` state.
++
+. Apply the `4_create_oadp_alert_rule.yaml` file, which creates the `PrometheusRule` object in the `openshift-adp` namespace:
++
+[source,terminal]
+----
+$ oc apply -f 4_create_oadp_alert_rule.yaml
+----
++
+.Example output
+[source,terminal]
+----
+prometheusrule.monitoring.coreos.com/sample-oadp-alert created
+----
+
+.Verification
+* After the Alert is triggered, you can view it in the following ways:
+** In the *Developer* perspective, select the *Observe* menu.
+** In the *Administrator* perspective under the *Observe* -> *Alerting* menu, select *User* in the *Filter* box. Otherwise, by default only the *Platform* Alerts are displayed.
++
+.OADP backup failing alert
+
+image::oadp-backup-failing-alert.png[OADP backup failing alert]
+
+
diff --git a/modules/oadp-creating-backup-cr.adoc b/modules/oadp-creating-backup-cr.adoc
index 1dcb826fdd40..a0297da2b5a2 100644
--- a/modules/oadp-creating-backup-cr.adoc
+++ b/modules/oadp-creating-backup-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-creating-backup-cr_{context}"]
 = Creating a Backup CR
 
diff --git a/modules/oadp-creating-backup-hooks.adoc b/modules/oadp-creating-backup-hooks.adoc
index e3b25887f2a7..9a7323fcb882 100644
--- a/modules/oadp-creating-backup-hooks.adoc
+++ b/modules/oadp-creating-backup-hooks.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-creating-backup-hooks_{context}"]
 = Creating backup hooks
 
diff --git a/modules/oadp-creating-default-secret.adoc b/modules/oadp-creating-default-secret.adoc
index b50694a4de03..1d25811a6034 100644
--- a/modules/oadp-creating-default-secret.adoc
+++ b/modules/oadp-creating-default-secret.adoc
@@ -6,7 +6,7 @@
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-creating-default-secret_{context}"]
 = Creating a default Secret
 
diff --git a/modules/oadp-creating-object-bucket-claim.adoc b/modules/oadp-creating-object-bucket-claim.adoc
new file mode 100644
index 000000000000..a1c31251d403
--- /dev/null
+++ b/modules/oadp-creating-object-bucket-claim.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-creating-object-bucket-claim_{context}"]
+= Creating an Object Bucket Claim for disaster recovery on {rh-storage}
+
+If you use cluster storage for your Multicloud Object Gateway (MCG) bucket `backupStorageLocation` on {rh-storage}, create an Object Bucket Claim (OBC) using the OpenShift Web Console.
+
+[WARNING]
+====
+Failure to configure an Object Bucket Claim (OBC) might lead to backups not being available.
+====
+
+include::snippets/snip-noobaa-and-mcg.adoc[]
+
+.Procedure
+
+* Create an Object Bucket Claim (OBC) using the OpenShift web console as described in link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/managing_hybrid_and_multicloud_resources/object-bucket-claim#creating-an-object-bucket-claim-using-the-openshift-web-console_rhodf[Creating an Object Bucket Claim using the OpenShift Web Console].
diff --git a/modules/oadp-creating-restore-cr.adoc b/modules/oadp-creating-restore-cr.adoc
index 13b807f4bab3..e628369e8e32 100644
--- a/modules/oadp-creating-restore-cr.adoc
+++ b/modules/oadp-creating-restore-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-creating-restore-cr_{context}"]
 = Creating a Restore CR
 
@@ -13,7 +13,7 @@ You restore a `Backup` custom resource (CR) by creating a `Restore` CR.
 * You must install the OpenShift API for Data Protection (OADP) Operator.
 * The `DataProtectionApplication` CR must be in a `Ready` state.
 * You must have a Velero `Backup` CR.
-* Adjust the requested size so the persistent volume (PV) capacity matches the requested size at backup time.
+* The persistent volume (PV) capacity must match the requested size at backup time. Adjust the requested size if needed.
 
 .Procedure
 
@@ -40,7 +40,7 @@ spec:
 ----
 <1> Name of the `Backup` CR.
 <2> Optional: Specify an array of resources to include in the restore process. Resources might be shortcuts (for example, `po` for `pods`) or fully-qualified. If unspecified, all resources are included.
-<3> Optional: The `restorePVs` parameter can be set to `false` in order to turn off restore of `PersistentVolumes` from `VolumeSnapshot` of Container Storage Interface (CSI) snapshots, or from native snapshots when `VolumeSnaphshotLocation` is configured.
+<3> Optional: The `restorePVs` parameter can be set to `false` to turn off restore of `PersistentVolumes` from `VolumeSnapshot` of Container Storage Interface (CSI) snapshots or from native snapshots when `VolumeSnapshotLocation` is configured.
 
 . Verify that the status of the `Restore` CR is `Completed` by entering the following command:
 +
@@ -66,7 +66,7 @@ $ bash dc-restic-post-restore.sh <restore-name>
 +
 [NOTE]
 ====
-In the course of the restore process, the OADP Velero plug-ins scale down the `DeploymentConfig` objects and restore the pods as standalone pods to prevent the cluster from deleting the restored `DeploymentConfig` pods immediately on restore and to allow Restic and post-restore hooks to complete their actions on the restored pods. The cleanup script removes these disconnected pods and scale any `DeploymentConfig` objects back up to the appropriate number of replicas.
+During the restore process, the OADP Velero plug-ins scale down the `DeploymentConfig` objects and restore the pods as standalone pods. This is done to prevent the cluster from deleting the restored `DeploymentConfig` pods immediately on restore and to allow Restic and post-restore hooks to complete their actions on the restored pods. The cleanup script shown below removes these disconnected pods and scales any `DeploymentConfig` objects back up to the appropriate number of replicas.
 ====
 +
 .`dc-restic-post-restore.sh` cleanup script
diff --git a/modules/oadp-creating-restore-hooks.adoc b/modules/oadp-creating-restore-hooks.adoc
index dd40d05b0c35..1ffc8cd0e25a 100644
--- a/modules/oadp-creating-restore-hooks.adoc
+++ b/modules/oadp-creating-restore-hooks.adoc
@@ -2,11 +2,11 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-creating-restore-hooks_{context}"]
 = Creating restore hooks
 
-You create restore hooks to run commands in a container in a pod while restoring your application by editing the `Restore` custom resource (CR).
+You create restore hooks to run commands in a container in a pod by editing the `Restore` custom resource (CR).
 
 You can create two types of restore hooks:
 
@@ -67,7 +67,7 @@ spec:
 <1> Optional: Array of namespaces to which the hook applies. If this value is not specified, the hook applies to all namespaces.
 <2> Currently, pods are the only supported resource that hooks can apply to.
 <3> Optional: This hook only applies to objects matching the label selector.
-<4> Optional: Timeout specifies the maximum amount of time Velero waits for `initContainers` to complete.
+<4> Optional: Timeout specifies the maximum length of time Velero waits for `initContainers` to complete.
 <5> Optional: If the container is not specified, the command runs in the first container in the pod.
 <6> This is the entrypoint for the init container being added.
 <7> Optional: How long to wait for a container to become ready. This should be long enough for the container to start and for any preceding hooks in the same container to complete. If not set, the restore process waits indefinitely.
diff --git a/modules/oadp-creating-service-monitor.adoc b/modules/oadp-creating-service-monitor.adoc
new file mode 100644
index 000000000000..cfe547bb8067
--- /dev/null
+++ b/modules/oadp-creating-service-monitor.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-creating-service-monitor_{context}"]
+= Creating OADP service monitor
+
+OADP provides an `openshift-adp-velero-metrics-svc` service which is created when the DPA is configured. The service monitor used by the user workload monitoring must point to the defined service.
+
+Get details about the service by running the following commands:
+
+.Procedure
+
+. Ensure the `openshift-adp-velero-metrics-svc` service exists. It should contain `app.kubernetes.io/name=velero` label, which will be used as selector for the `ServiceMonitor` object.
+
++
+[source,terminal]
+----
+$ oc get svc -n openshift-adp -l app.kubernetes.io/name=velero
+----
++
+.Example output
+[source,terminal]
+----
+NAME                               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
+openshift-adp-velero-metrics-svc   ClusterIP   172.30.38.244   <none>        8085/TCP   1h
+----
++
+. Create a `ServiceMonitor` YAML file that matches the existing service label, and save the file as `3_create_oadp_service_monitor.yaml`. The service monitor is created in the `openshift-adp` namespace where the `openshift-adp-velero-metrics-svc` service resides.
++
+.Example `ServiceMonitor` object
+[source,yaml]
++
+----
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app: oadp-service-monitor
+  name: oadp-service-monitor
+  namespace: openshift-adp
+spec:
+  endpoints:
+  - interval: 30s
+    path: /metrics
+    targetPort: 8085
+    scheme: http
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "velero"
+----
++
+. Apply the `3_create_oadp_service_monitor.yaml` file:
++
+[source,terminal]
+----
+$ oc apply -f 3_create_oadp_service_monitor.yaml
+----
++
+.Example output
+[source,terminal]
+----
+servicemonitor.monitoring.coreos.com/oadp-service-monitor created
+----
+
+.Verification
+
+* Confirm that the new service monitor is in an *Up* state by using the *Administrator* perspective of the {product-title} web console:
+.. Navigate to the *Observe* -> *Targets* page.
+.. Ensure the *Filter* is unselected or that the *User* source is selected and type `openshift-adp` in the `Text` search field.
+.. Verify that the status for the *Status* for the service monitor is *Up*.
++
+.OADP metrics targets
+
+image::oadp-metrics-targets.png[OADP metrics targets]
diff --git a/modules/oadp-csi-snapshot-timeouts.adoc b/modules/oadp-csi-snapshot-timeouts.adoc
new file mode 100644
index 000000000000..175a043f8eb6
--- /dev/null
+++ b/modules/oadp-csi-snapshot-timeouts.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="csisnapshot-timeout_{context}"]
+= CSI snapshot timeout
+
+`CSISnapshotTimeout` specifies the time during creation to wait until  the `CSI VolumeSnapshot` status becomes `ReadyToUse`, before returning error as timeout. The default value is `10m`.
+
+Use the `CSISnapshotTimeout`  for the following scenarios:
+
+* With the CSI plugin.
+* For very large storage volumes that may take longer than 10 minutes to snapshot. Adjust this timeout if timeouts are found in the logs.
+
+[NOTE]
+====
+Typically, the default value for `CSISnapshotTimeout` does not require adjustment, because the default setting can accommodate large storage volumes.
+====
+
+.Procedure
+* Edit the values in the `spec.csiSnapshotTimeout` block of the `Backup` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+ name: <backup_name>
+spec:
+ csiSnapshotTimeout: 10m
+# ...
+----
diff --git a/modules/oadp-datamover-timeouts.adoc b/modules/oadp-datamover-timeouts.adoc
new file mode 100644
index 000000000000..f0d0d77823d2
--- /dev/null
+++ b/modules/oadp-datamover-timeouts.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="datamover-timeout_{context}"]
+= Data Mover timeout
+
+`timeout` is a user-supplied timeout to complete `VolumeSnapshotBackup` and `VolumeSnapshotRestore`. The default value is `10m`.
+
+Use the Data Mover `timeout` for the following scenarios:
+
+* If creation of `VolumeSnapshotBackups` (VSBs) and `VolumeSnapshotRestores` (VSRs), times out after 10 minutes.
+* For large scale environments with total PV data usage that is greater than 500GB. Set the timeout for `1h`.
+* With the `VolumeSnapshotMover` (VSM) plugin.
+* Only with OADP 1.1.x.
+
+.Procedure
+* Edit the values in the `spec.features.dataMover.timeout` block of the `DataProtectionApplication` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+ name: <dpa_name>
+spec:
+  features:
+    dataMover:
+      timeout: 10m
+# ...
+----
diff --git a/modules/oadp-debugging-oc-cli.adoc b/modules/oadp-debugging-oc-cli.adoc
index caab87d62170..e4d15c9d93b6 100644
--- a/modules/oadp-debugging-oc-cli.adoc
+++ b/modules/oadp-debugging-oc-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="oadp-debugging-oc-cli_{context}"]
 = Debugging Velero resources with the OpenShift CLI tool
 
diff --git a/modules/oadp-deleting-backups.adoc b/modules/oadp-deleting-backups.adoc
index a57a3ceec11a..574ad47db1ed 100644
--- a/modules/oadp-deleting-backups.adoc
+++ b/modules/oadp-deleting-backups.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-deleting-backups_{context}"]
 = Deleting backups
 
diff --git a/modules/oadp-deleting-cluster-resources-following-failure.adoc b/modules/oadp-deleting-cluster-resources-following-failure.adoc
index 7969abd70531..86baf0dda3ec 100644
--- a/modules/oadp-deleting-cluster-resources-following-failure.adoc
+++ b/modules/oadp-deleting-cluster-resources-following-failure.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-deleting-cluster-resources-following-failure_{context}"]
 = Deleting cluster resources following a partially successful or a failed backup and restore that used Data Mover
 
diff --git a/modules/oadp-deleting-cluster-resources-following-success.adoc b/modules/oadp-deleting-cluster-resources-following-success.adoc
index 51684fd00652..de2341041004 100644
--- a/modules/oadp-deleting-cluster-resources-following-success.adoc
+++ b/modules/oadp-deleting-cluster-resources-following-success.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-deleting-cluster-resources-following-success_{context}"]
 = Deleting cluster resources following a successful backup and restore that used Data Mover
 
diff --git a/modules/oadp-enabling-csi-dpa.adoc b/modules/oadp-enabling-csi-dpa.adoc
index 6ce140f0d1fb..373453d9898d 100644
--- a/modules/oadp-enabling-csi-dpa.adoc
+++ b/modules/oadp-enabling-csi-dpa.adoc
@@ -6,7 +6,7 @@
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-enabling-csi-dpa_{context}"]
 = Enabling CSI in the DataProtectionApplication CR
 
diff --git a/modules/oadp-features.adoc b/modules/oadp-features.adoc
index 6bbfd22b7d86..87bd9b395e1a 100644
--- a/modules/oadp-features.adoc
+++ b/modules/oadp-features.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-features_{context}"]
 = OADP features
 
@@ -21,7 +21,7 @@ You must exclude Operators from the backup of an application for backup and rest
 
 
 Restore::
-You can restore resources and PVs from a backup. You can restore all objects in a backup or filter the restored objects by namespace, PV, or label.
+You can restore resources and PVs from a backup. You can restore all objects in a backup or filter the objects by namespace, PV, or label.
 
 +
 [NOTE]
diff --git a/modules/oadp-fips.adoc b/modules/oadp-fips.adoc
new file mode 100644
index 000000000000..2fa1eee1a3f4
--- /dev/null
+++ b/modules/oadp-fips.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
+
+
+:_content-type: CONCEPT
+[id="oadp-fips_{context}"]
+= OADP and FIPS
+
+Federal Information Processing Standards (FIPS) are a set of computer security standards developed by the United States federal government in line with the Federal Information Security Management Act (FISMA).
+
+{oadp-first} has been tested and works on FIPS-enabled {product-title} clusters.
diff --git a/modules/oadp-gcp-wif-cloud-authentication.adoc b/modules/oadp-gcp-wif-cloud-authentication.adoc
new file mode 100644
index 000000000000..be54d21955f1
--- /dev/null
+++ b/modules/oadp-gcp-wif-cloud-authentication.adoc
@@ -0,0 +1,98 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-gcp-wif-cloud-authentication_{context}"]
+= Google workload identity federation cloud authentication
+
+Applications running outside Google Cloud use service account keys, such as usernames and passwords, to gain access to Google Cloud resources. These service account keys might become a security risk if they are not properly managed.
+
+With Google's workload identity federation, you can use Identity and Access Management (IAM) to offer IAM roles, including the ability to impersonate service accounts, to external identities. This eliminates the maintenance and security risks associated with service account keys.
+
+Workload identity federation handles encrypting and decrypting certificates, extracting user attributes, and validation. Identity federation externalizes authentication, passing it over to Security Token Services (STS), and reduces the demands on individual developers. Authorization and controlling access to resources remain the responsibility of the application.
+
+[NOTE]
+====
+Google workload identity federation is available for OADP 1.3.x and later.
+====
+
+[NOTE]
+====
+For backing up volumes, OADP on GCP with Google workload identity federation authentication supports only CSI snapshots.
+====
+
+If you do not use Google workload identity federation cloud authentication, continue to _Installing the Data Protection Application_.
+
+.Prerequisites
+
+* You have installed a cluster in manual mode with link:https://docs.openshift.com/container-platform/4.15/installing/installing_gcp/installing-gcp-customizations.html#installing-gcp-with-short-term-creds_installing-gcp-customizations[GCP Workload Identity configured].
+* You have access to the Cloud Credential Operator utility (`ccoctl`) and to the associated workload identity pool.
+
+.Procedure
+
+. Create an `oadp-credrequest` directory by running the following command:
++
+[source,terminal]
+----
+$ mkdir -p oadp-credrequest
+----
+. Create a `CredentialsRequest.yaml` file as following:
++
+[source,yaml]
+----
+echo 'apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: oadp-operator-credentials
+  namespace: openshift-cloud-credential-operator
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: GCPProviderSpec
+    permissions:
+    - compute.disks.get
+    - compute.disks.create
+    - compute.disks.createSnapshot
+    - compute.snapshots.get
+    - compute.snapshots.create
+    - compute.snapshots.useReadOnly
+    - compute.snapshots.delete
+    - compute.zones.get
+    - storage.objects.create
+    - storage.objects.delete
+    - storage.objects.get
+    - storage.objects.list
+    - iam.serviceAccounts.signBlob
+    skipServiceCheck: true
+  secretRef:
+    name: cloud-credentials-gcp
+    namespace: <OPERATOR_INSTALL_NS>
+  serviceAccountNames:
+  - velero
+' > oadp-credrequest/credrequest.yaml
+----
+. Use the `ccoctl` utility to process the `CredentialsRequest` objects in the `oadp-credrequest` directory by running the following command:
++
+[source,terminal]
+----
+$ ccoctl gcp create-service-accounts \
+    --name=<name> \
+    --project=<gcp_project_id> \
+    --credentials-requests-dir=oadp-credrequest \
+    --workload-identity-pool=<pool_id> \
+    --workload-identity-provider=<provider_id>
+----
+The `manifests/openshift-adp-cloud-credentials-gcp-credentials.yaml` file is now available to use in the following steps.
+. Create a namespace by running the following command:
++
+[source,terminal]
+----
+$ oc create namespace <OPERATOR_INSTALL_NS>
+----
+. Apply the credentials to the namespace by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f manifests/openshift-adp-cloud-credentials-gcp-credentials.yaml
+----
diff --git a/modules/oadp-ibm-power-test-support.adoc b/modules/oadp-ibm-power-test-support.adoc
index 6db93c853eba..5d10dd8445d6 100644
--- a/modules/oadp-ibm-power-test-support.adoc
+++ b/modules/oadp-ibm-power-test-support.adoc
@@ -2,8 +2,8 @@
 //
 // * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-ibm-power-test-matrix_{context}"]
-= OADP support for target backup locations using IBM Power
+= OADP support for target backup locations using {ibm-power-title}
 
-IBM Power running with {product-title} 4.11 and 4.12, and OpenShift API for Data Protection (OADP) 1.1.2 was tested successfully against an AWS S3 backup location target. Although the test involved only an AWS S3 target, Red Hat supports running IBM Power with {product-title} 4.11 and 4.12, and OADP 1.1.2 against all non-AWS S3 backup location targets as well.
+{ibm-power-name} running with {product-title} 4.11 and 4.12, and OpenShift API for Data Protection (OADP) 1.1.2 was tested successfully against an AWS S3 backup location target. Although the test involved only an AWS S3 target, Red Hat supports running {ibm-power-name} with {product-title} 4.11 and 4.12, and OADP 1.1.2 against all non-AWS S3 backup location targets as well.
diff --git a/modules/oadp-ibm-z-test-support.adoc b/modules/oadp-ibm-z-test-support.adoc
index 72e6855c95aa..f1a9dba1c0ac 100644
--- a/modules/oadp-ibm-z-test-support.adoc
+++ b/modules/oadp-ibm-z-test-support.adoc
@@ -2,8 +2,8 @@
 //
 // * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-ibm-z-test-support_{context}"]
-= OADP testing and support for target backup locations using {ibmzProductName}
+= OADP testing and support for target backup locations using {ibm-z-title}
 
-{ibmzProductName} running with {product-title} 4.11 and 4.12, and OpenShift API for Data Protection (OADP) 1.1.2 was tested successfully against an AWS S3 backup location target. Although the test involved only an AWS S3 target, Red Hat supports running {ibmzProductName} with {product-title} 4.11 and 4.12, and OADP 1.1.2 against all non-AWS S3 backup location targets as well.
+{ibm-z-name} running with {product-title} 4.11 and 4.12, and OpenShift API for Data Protection (OADP) 1.1.2 was tested successfully against an AWS S3 backup location target. Although the test involved only an AWS S3 target, Red Hat supports running {ibm-z-name} with {product-title} 4.11 and 4.12, and OADP 1.1.2 against all non-AWS S3 backup location targets as well.
diff --git a/modules/oadp-installation-issues.adoc b/modules/oadp-installation-issues.adoc
index e9dfe57965ed..d12e08e3b587 100644
--- a/modules/oadp-installation-issues.adoc
+++ b/modules/oadp-installation-issues.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-installation-issues_{context}"]
 = Installation issues
 
diff --git a/modules/oadp-installing-dpa-1-2-and-earlier.adoc b/modules/oadp-installing-dpa-1-2-and-earlier.adoc
new file mode 100644
index 000000000000..c082e815f50e
--- /dev/null
+++ b/modules/oadp-installing-dpa-1-2-and-earlier.adoc
@@ -0,0 +1,409 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-installing-dpa-1-2-and-earlier_{context}"]
+= Installing the Data Protection Application 1.2 and earlier
+
+You install the Data Protection Application (DPA) by creating an instance of the `DataProtectionApplication` API.
+
+.Prerequisites
+
+* You must install the OADP Operator.
+* You must configure object storage as a backup location.
+* If you use snapshots to back up PVs, your cloud provider must support either a native snapshot API or Container Storage Interface (CSI) snapshots.
+* If the backup and snapshot locations use the same credentials, you must create a `Secret` with the default name, `{credentials}`.
+ifdef::installing-oadp-azure,installing-oadp-gcp,installing-oadp-mcg,installing-oadp-ocs,virt-installing-configuring-oadp[]
+* If the backup and snapshot locations use different credentials, you must create two `Secrets`:
+
+** `Secret` with a custom name for the backup location. You add this `Secret` to the `DataProtectionApplication` CR.
+** `Secret` with another custom name for the snapshot location. You add this `Secret` to the `DataProtectionApplication` CR.
+endif::[]
+ifdef::installing-oadp-aws[]
+* If the backup and snapshot locations use different credentials, you must create a `Secret` with the default name, `{credentials}`, which contains separate profiles for the backup and snapshot location credentials.
+endif::[]
++
+[NOTE]
+====
+If you do not want to specify backup or snapshot locations during the installation, you can create a default `Secret` with an empty `credentials-velero` file. If there is no default `Secret`, the installation will fail.
+====
++
+[NOTE]
+====
+Velero creates a secret named `velero-repo-credentials` in the OADP namespace, which contains a default backup repository password.
+You can update the secret with your own password encoded as base64 *before* you run your first backup targeted to the backup repository. The value of the key to update is `Data[repository-password]`.
+
+After you create your DPA, the first time that you run a backup targeted to the backup repository, Velero creates a backup repository whose secret is `velero-repo-credentials`, which contains either the default password or the one you replaced it with.
+If you update the secret password *after* the first backup, the new password will not match the password in `velero-repo-credentials`, and therefore, Velero will not be able to connect with the older backups.
+====
+
+.Procedure
+
+. Click *Operators* -> *Installed Operators* and select the OADP Operator.
+. Under *Provided APIs*, click *Create instance* in the *DataProtectionApplication* box.
+
+. Click *YAML View* and update the parameters of the `DataProtectionApplication` manifest:
+ifdef::installing-oadp-aws[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - openshift <1>
+        - aws
+      resourceTimeout: 10m <2>
+    restic:
+      enable: true <3>
+      podConfig:
+        nodeSelector: <node_selector> <4>
+  backupLocations:
+    - name: default
+      velero:
+        provider: {provider}
+        default: true
+        objectStorage:
+          bucket: <bucket_name> <5>
+          prefix: <prefix> <6>
+        config:
+          region: <region>
+          profile: "default"
+        credential:
+          key: cloud
+          name: {credentials} <7>
+  snapshotLocations: <8>
+    - name: default
+      velero:
+        provider: {provider}
+        config:
+          region: <region> <9>
+          profile: "default"
+----
+<1> The `openshift` plugin is mandatory.
+<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<3> Set this value to `false` if you want to disable the Restic installation. Restic deploys a daemon set, which means that Restic pods run on each working node. In OADP version 1.2 and later, you can configure Restic for backups by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR. In OADP version 1.1, add `spec.defaultVolumesToRestic: true` to the `Backup` CR.
+<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
+<5> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<6> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+<7> Specify the name of the `Secret` object that you created. If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
+<8> Specify a snapshot location, unless you use CSI snapshots or Restic to back up PVs.
+<9> The snapshot location must be in the same region as the PVs.
+endif::[]
+ifdef::installing-oadp-azure[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - azure
+        - openshift <1>
+      resourceTimeout: 10m <2>
+    restic:
+      enable: true <3>
+      podConfig:
+        nodeSelector: <node_selector> <4>
+  backupLocations:
+    - velero:
+        config:
+          resourceGroup: <azure_resource_group> <5>
+          storageAccount: <azure_storage_account_id> <6>
+          subscriptionId: <azure_subscription_id> <7>
+          storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY
+        credential:
+          key: cloud
+          name: {credentials}  <8>
+        provider: {provider}
+        default: true
+        objectStorage:
+          bucket: <bucket_name> <9>
+          prefix: <prefix> <10>
+  snapshotLocations: <11>
+    - velero:
+        config:
+          resourceGroup: <azure_resource_group>
+          subscriptionId: <azure_subscription_id>
+          incremental: "true"
+        name: default
+        provider: {provider}
+----
+<1> The `openshift` plugin is mandatory.
+<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<3> Set this value to `false` if you want to disable the Restic installation. Restic deploys a daemon set, which means that Restic pods run on each working node. In OADP version 1.2 and later, you can configure Restic for backups by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR. In OADP version 1.1, add `spec.defaultVolumesToRestic: true` to the `Backup` CR.
+<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
+<5> Specify the Azure resource group.
+<6> Specify the Azure storage account ID.
+<7> Specify the Azure subscription ID.
+<8> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
+<9> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<10> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+<11> You do not need to specify a snapshot location if you use CSI snapshots or Restic to back up PVs.
+endif::[]
+ifdef::installing-oadp-gcp[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - gcp
+        - openshift <1>
+      resourceTimeout: 10m <2>
+    restic:
+      enable: true <3>
+      podConfig:
+        nodeSelector: <node_selector> <4>
+  backupLocations:
+    - velero:
+        provider: {provider}
+        default: true
+        credential:
+          key: cloud <5>
+          name: {credentials} <6>
+        objectStorage:
+          bucket: <bucket_name> <7>
+          prefix: <prefix> <8>
+  snapshotLocations: <9>
+    - velero:
+        provider: {provider}
+        default: true
+        config:
+          project: <project>
+          snapshotLocation: us-west1 <10>
+----
+<1> The `openshift` plugin is mandatory.
+<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<3> Set this value to `false` if you want to disable the Restic installation. Restic deploys a daemon set, which means that Restic pods run on each working node. In OADP version 1.2 and later, you can configure Restic for backups by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR. In OADP version 1.1, add `spec.defaultVolumesToRestic: true` to the `Backup` CR.
+<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
+<5> Secret key that contains credentials. For Google workload identity federation cloud authentication use `service_account.json`.
+<6> Secret name that contains credentials. If you do not specify this value, the default name, `{credentials}`, is used.
+<7> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<8> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+<9> Specify a snapshot location, unless you use CSI snapshots or Restic to back up PVs.
+<10> The snapshot location must be in the same region as the PVs.
+endif::[]
+ifdef::installing-oadp-mcg[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - aws
+        - openshift <1>
+      resourceTimeout: 10m <2>
+    restic:
+      enable: true <3>
+      podConfig:
+        nodeSelector: <node_selector> <4>
+  backupLocations:
+    - velero:
+        config:
+          profile: "default"
+          region: minio
+          s3Url: <url> <5>
+          insecureSkipTLSVerify: "true"
+          s3ForcePathStyle: "true"
+        provider: {provider}
+        default: true
+        credential:
+          key: cloud
+          name: {credentials} <6>
+        objectStorage:
+          bucket: <bucket_name> <7>
+          prefix: <prefix> <8>
+----
+<1> The `openshift` plugin is mandatory.
+<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<3> Set this value to `false` if you want to disable the Restic installation. Restic deploys a daemon set, which means that Restic pods run on each working node. In OADP version 1.2 and later, you can configure Restic for backups by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR. In OADP version 1.1, add `spec.defaultVolumesToRestic: true` to the `Backup` CR.
+<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
+<5> Specify the URL of the S3 endpoint.
+<6> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
+<7> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<8> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+endif::[]
+ifdef::installing-oadp-ocs[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - kubevirt <1>
+        - gcp <2>
+        - csi <3>
+        - openshift <4>
+      resourceTimeout: 10m <5>
+    restic:
+      enable: true <6>
+      podConfig:
+        nodeSelector: <node_selector> <7>
+  backupLocations:
+    - velero:
+        provider: {provider} <8>
+        default: true
+        credential:
+          key: cloud
+          name: <default_secret> <9>
+        objectStorage:
+          bucket: <bucket_name> <10>
+          prefix: <prefix> <11>
+----
+<1> Optional: The `kubevirt` plugin is used with {VirtProductName}.
+<2> Specify the default plugin for the backup provider, for example, `gcp`, if appropriate.
+<3> Specify the `csi` default plugin if you use CSI snapshots to back up PVs. The `csi` plugin uses the link:https://{velero-domain}/docs/main/csi/[Velero CSI beta snapshot APIs]. You do not need to configure a snapshot location.
+<4> The `openshift` plugin is mandatory.
+<5> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<6> Set this value to `false` if you want to disable the Restic installation. Restic deploys a daemon set, which means that Restic pods run on each working node. In OADP version 1.2 and later, you can configure Restic for backups by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR. In OADP version 1.1, add `spec.defaultVolumesToRestic: true` to the `Backup` CR.
+<7> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
+<8> Specify the backup provider.
+<9> Specify the correct default name for the `Secret`, for example, `cloud-credentials-gcp`, if you use a default plugin for the backup provider. If specifying a custom name, then the custom name is used for the backup location. If you do not specify a `Secret` name, the default name is used.
+<10> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<11> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+endif::[]
+ifdef::virt-installing-configuring-oadp[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - kubevirt <1>
+        - gcp <2>
+        - csi <3>
+        - openshift <4>
+      resourceTimeout: 10m <5>
+    restic:
+      enable: true <6>
+      podConfig:
+        nodeSelector: <node_selector> <7>
+  backupLocations:
+    - velero:
+        provider: {provider} <8>
+        default: true
+        credential:
+          key: cloud
+          name: <default_secret> <9>
+        objectStorage:
+          bucket: <bucket_name> <10>
+          prefix: <prefix> <11>
+----
+<1> The `kubevirt` plugin is mandatory for {VirtProductName}.
+<2> Specify the plugin for the backup provider, for example, `gcp`, if it exists.
+<3> The `csi` plugin is mandatory for backing up PVs with CSI snapshots. The `csi` plugin uses the link:https://{velero-domain}/docs/main/csi/[Velero CSI beta snapshot APIs]. You do not need to configure a snapshot location.
+<4> The `openshift` plugin is mandatory.
+<5> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<6> Set this value to `false` if you want to disable the Restic installation. Restic deploys a daemon set, which means that Restic pods run on each working node. In OADP version 1.2 and later, you can configure Restic for backups by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR. In OADP version 1.1, add `spec.defaultVolumesToRestic: true` to the `Backup` CR.
+<7> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
+<8> Specify the backup provider.
+<9> Specify the correct default name for the `Secret`, for example, `cloud-credentials-gcp`, if you use a default plugin for the backup provider. If specifying a custom name, then the custom name is used for the backup location. If you do not specify a `Secret` name, the default name is used.
+<10> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<11> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+endif::[]
+
+. Click *Create*.
+
+[id="verifying-oadp-installation-1-2_{context}"]
+== Verifying the installation
+
+. Verify the installation by viewing the {oadp-first} resources by running the following command:
++
+[source,terminal]
+----
+$ oc get all -n openshift-adp
+----
++
+.Example output
++
+----
+NAME                                                     READY   STATUS    RESTARTS   AGE
+pod/oadp-operator-controller-manager-67d9494d47-6l8z8    2/2     Running   0          2m8s
+pod/restic-9cq4q                                         1/1     Running   0          94s
+pod/restic-m4lts                                         1/1     Running   0          94s
+pod/restic-pv4kr                                         1/1     Running   0          95s
+pod/velero-588db7f655-n842v                              1/1     Running   0          95s
+
+NAME                                                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
+service/oadp-operator-controller-manager-metrics-service   ClusterIP   172.30.70.140    <none>        8443/TCP   2m8s
+
+NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+daemonset.apps/restic   3         3         3       3            3           <none>          96s
+
+NAME                                                READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/oadp-operator-controller-manager    1/1     1            1           2m9s
+deployment.apps/velero                              1/1     1            1           96s
+
+NAME                                                           DESIRED   CURRENT   READY   AGE
+replicaset.apps/oadp-operator-controller-manager-67d9494d47    1         1         1       2m9s
+replicaset.apps/velero-588db7f655                              1         1         1       96s
+----
+
+.  Verify that the `DataProtectionApplication` (DPA) is reconciled by running the following command:
++
+[source,terminal]
+----
+$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'
+----
+.Example output
+[source,yaml]
++
+----
+{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}
+----
+
+. Verify the `type` is set to `Reconciled`.
+
+. Verify the backup storage location and confirm that the `PHASE` is `Available` by running the following command:
++
+[source,terminal]
+----
+$ oc get backupStorageLocation -n openshift-adp
+----
+.Example output
+[source,yaml]
++
+----
+NAME           PHASE       LAST VALIDATED   AGE     DEFAULT
+dpa-sample-1   Available   1s               3d16h   true
+----
diff --git a/modules/oadp-installing-dpa-1-3.adoc b/modules/oadp-installing-dpa-1-3.adoc
new file mode 100644
index 000000000000..a0144e41419a
--- /dev/null
+++ b/modules/oadp-installing-dpa-1-3.adoc
@@ -0,0 +1,425 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-installing-dpa-1-3_{context}"]
+= Installing the Data Protection Application 1.3
+
+You install the Data Protection Application (DPA) by creating an instance of the `DataProtectionApplication` API.
+
+.Prerequisites
+
+* You must install the OADP Operator.
+* You must configure object storage as a backup location.
+* If you use snapshots to back up PVs, your cloud provider must support either a native snapshot API or Container Storage Interface (CSI) snapshots.
+* If the backup and snapshot locations use the same credentials, you must create a `Secret` with the default name, `{credentials}`.
+ifdef::installing-oadp-azure,installing-oadp-gcp,installing-oadp-mcg,installing-oadp-ocs,virt-installing-configuring-oadp[]
+* If the backup and snapshot locations use different credentials, you must create two `Secrets`:
+
+** `Secret` with a custom name for the backup location. You add this `Secret` to the `DataProtectionApplication` CR.
+** `Secret` with another custom name for the snapshot location. You add this `Secret` to the `DataProtectionApplication` CR.
+endif::[]
+ifdef::installing-oadp-aws[]
+* If the backup and snapshot locations use different credentials, you must create a `Secret` with the default name, `{credentials}`, which contains separate profiles for the backup and snapshot location credentials.
+endif::[]
++
+[NOTE]
+====
+If you do not want to specify backup or snapshot locations during the installation, you can create a default `Secret` with an empty `credentials-velero` file. If there is no default `Secret`, the installation will fail.
+====
+
+.Procedure
+
+. Click *Operators* -> *Installed Operators* and select the OADP Operator.
+. Under *Provided APIs*, click *Create instance* in the *DataProtectionApplication* box.
+
+. Click *YAML View* and update the parameters of the `DataProtectionApplication` manifest:
+ifdef::installing-oadp-aws[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp <1>
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - openshift <2>
+        - aws
+      resourceTimeout: 10m <3>
+    nodeAgent: <4>
+      enable: true <5>
+      uploaderType: kopia <6>
+      podConfig:
+        nodeSelector: <node_selector> <7>
+  backupLocations:
+    - name: default
+      velero:
+        provider: {provider}
+        default: true
+        objectStorage:
+          bucket: <bucket_name> <8>
+          prefix: <prefix> <9>
+        config:
+          region: <region>
+          profile: "default"
+        credential:
+          key: cloud
+          name: {credentials} <10>
+  snapshotLocations: <11>
+    - name: default
+      velero:
+        provider: {provider}
+        config:
+          region: <region> <12>
+          profile: "default"
+----
+<1> The default namespace for OADP is `openshift-adp`. The namespace is a variable and is configurable.
+<2> The `openshift` plugin is mandatory.
+<3> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<4> The administrative agent that routes the administrative requests to servers.
+<5> Set this value to `true` if you want to enable `nodeAgent` and perform File System Backup.
+<6> Enter `kopia` or `restic` as your uploader. You cannot change the selection after the installation. For the Built-in DataMover you must use Kopia. The `nodeAgent` deploys a daemon set, which means that the `nodeAgent` pods run on each working node. You can configure File System Backup by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR.
+<7> Specify the nodes on which Kopia or Restic are available. By default, Kopia or Restic run on all nodes.
+<8> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<9> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+<10> Specify the name of the `Secret` object that you created. If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
+<11> Specify a snapshot location, unless you use CSI snapshots or a File System Backup (FSB) to back up PVs.
+<12> The snapshot location must be in the same region as the PVs.
+endif::[]
+ifdef::installing-oadp-azure[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp <1>
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - azure
+        - openshift <2>
+      resourceTimeout: 10m <3>
+    nodeAgent: <4>
+      enable: true <5>
+      uploaderType: kopia <6>
+      podConfig:
+        nodeSelector: <node_selector> <7>
+  backupLocations:
+    - velero:
+        config:
+          resourceGroup: <azure_resource_group> <8>
+          storageAccount: <azure_storage_account_id> <9>
+          subscriptionId: <azure_subscription_id> <10>
+          storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY
+        credential:
+          key: cloud
+          name: {credentials}  <11>
+        provider: {provider}
+        default: true
+        objectStorage:
+          bucket: <bucket_name> <12>
+          prefix: <prefix> <13>
+  snapshotLocations: <14>
+    - velero:
+        config:
+          resourceGroup: <azure_resource_group>
+          subscriptionId: <azure_subscription_id>
+          incremental: "true"
+        name: default
+        provider: {provider}
+----
+<1> The default namespace for OADP is `openshift-adp`. The namespace is a variable and is configurable.
+<2> The `openshift` plugin is mandatory.
+<3> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<4> The administrative agent that routes the administrative requests to servers.
+<5> Set this value to `true` if you want to enable `nodeAgent` and perform File System Backup.
+<6> Enter `kopia` or `restic` as your uploader. You cannot change the selection after the installation. For the Built-in DataMover you must use Kopia. The `nodeAgent` deploys a daemon set, which means that the `nodeAgent` pods run on each working node. You can configure File System Backup by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR.
+<7> Specify the nodes on which Kopia or Restic are available. By default, Kopia or Restic run on all nodes.
+<8> Specify the Azure resource group.
+<9> Specify the Azure storage account ID.
+<10> Specify the Azure subscription ID.
+<11> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
+<12> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<13> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+<14> You do not need to specify a snapshot location if you use CSI snapshots or Restic to back up PVs.
+endif::[]
+ifdef::installing-oadp-gcp[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: <OPERATOR_INSTALL_NS> <1>
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - gcp
+        - openshift <2>
+      resourceTimeout: 10m <3>
+    nodeAgent: <4>
+      enable: true <5>
+      uploaderType: kopia <6>
+      podConfig:
+        nodeSelector: <node_selector> <7>
+  backupLocations:
+    - velero:
+        provider: {provider}
+        default: true
+        credential:
+          key: cloud <8>
+          name: {credentials} <9>
+        objectStorage:
+          bucket: <bucket_name> <10>
+          prefix: <prefix> <11>
+  snapshotLocations: <12>
+    - velero:
+        provider: {provider}
+        default: true
+        config:
+          project: <project>
+          snapshotLocation: us-west1 <13>
+----
+<1> The default namespace for OADP is `openshift-adp`. The namespace is a variable and is configurable.
+<2> The `openshift` plugin is mandatory.
+<3> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<4> The administrative agent that routes the administrative requests to servers.
+<5> Set this value to `true` if you want to enable `nodeAgent` and perform File System Backup.
+<6> Enter `kopia` or `restic` as your uploader. You cannot change the selection after the installation. For the Built-in DataMover you must use Kopia. The `nodeAgent` deploys a daemon set, which means that the `nodeAgent` pods run on each working node. You can configure File System Backup by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR.
+<7> Specify the nodes on which Kopia or Restic are available. By default, Kopia or Restic run on all nodes.
+<8> Secret key that contains credentials. For Google workload identity federation cloud authentication use `service_account.json`.
+<9> Secret name that contains credentials. If you do not specify this value, the default name, `{credentials}`, is used.
+<10> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<11> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+<12> Specify a snapshot location, unless you use CSI snapshots or Restic to back up PVs.
+<13> The snapshot location must be in the same region as the PVs.
+endif::[]
+ifdef::installing-oadp-mcg[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp <1>
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - aws
+        - openshift <2>
+      resourceTimeout: 10m <3>
+    nodeAgent: <4>
+      enable: true <5>
+      uploaderType: kopia <6>
+      podConfig:
+        nodeSelector: <node_selector> <7>
+  backupLocations:
+    - velero:
+        config:
+          profile: "default"
+          region: minio
+          s3Url: <url> <8>
+          insecureSkipTLSVerify: "true"
+          s3ForcePathStyle: "true"
+        provider: {provider}
+        default: true
+        credential:
+          key: cloud
+          name: {credentials} <9>
+        objectStorage:
+          bucket: <bucket_name> <10>
+          prefix: <prefix> <11>
+----
+<1> The default namespace for OADP is `openshift-adp`. The namespace is a variable and is configurable.
+<2> The `openshift` plugin is mandatory.
+<3> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<4> The administrative agent that routes the administrative requests to servers.
+<5> Set this value to `true` if you want to enable `nodeAgent` and perform File System Backup.
+<6> Enter `kopia` or `restic` as your uploader. You cannot change the selection after the installation. For the Built-in DataMover you must use Kopia. The `nodeAgent` deploys a daemon set, which means that the `nodeAgent` pods run on each working node. You can configure File System Backup by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR.
+<7> Specify the nodes on which Kopia or Restic are available. By default, Kopia or Restic run on all nodes.
+<8> Specify the URL of the S3 endpoint.
+<9> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
+<10> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<11> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+endif::[]
+ifdef::installing-oadp-ocs[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp <1>
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - kubevirt <2>
+        - gcp <3>
+        - csi <4>
+        - openshift <5>
+      resourceTimeout: 10m <6>
+    nodeAgent: <7>
+      enable: true <8>
+      uploaderType: kopia <9>
+      podConfig:
+        nodeSelector: <node_selector> <10>
+  backupLocations:
+    - velero:
+        provider: {provider} <11>
+        default: true
+        credential:
+          key: cloud
+          name: <default_secret> <12>
+        objectStorage:
+          bucket: <bucket_name> <13>
+          prefix: <prefix> <14>
+----
+<1> The default namespace for OADP is `openshift-adp`. The namespace is a variable and is configurable.
+<2> Optional: The `kubevirt` plugin is used with {VirtProductName}.
+<32> Specify the default plugin for the backup provider, for example, `gcp`, if appropriate.
+<4> Specify the `csi` default plugin if you use CSI snapshots to back up PVs. The `csi` plugin uses the link:https://{velero-domain}/docs/main/csi/[Velero CSI beta snapshot APIs]. You do not need to configure a snapshot location.
+<5> The `openshift` plugin is mandatory.
+<6> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<7> The administrative agent that routes the administrative requests to servers.
+<8> Set this value to `true` if you want to enable `nodeAgent` and perform File System Backup.
+<9> Enter `kopia` or `restic` as your uploader. You cannot change the selection after the installation. For the Built-in DataMover you must use Kopia. The `nodeAgent` deploys a daemon set, which means that the `nodeAgent` pods run on each working node. You can configure File System Backup by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR.
+<10> Specify the nodes on which Kopia or Restic are available. By default, Kopia or Restic run on all nodes.
+<11> Specify the backup provider.
+<12> Specify the correct default name for the `Secret`, for example, `cloud-credentials-gcp`, if you use a default plugin for the backup provider. If specifying a custom name, then the custom name is used for the backup location. If you do not specify a `Secret` name, the default name is used.
+<13> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<14> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+endif::[]
+ifdef::virt-installing-configuring-oadp[]
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: <dpa_sample>
+  namespace: openshift-adp <1>
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+        - kubevirt <2>
+        - gcp <3>
+        - csi <4>
+        - openshift <5>
+      resourceTimeout: 10m <6>
+    nodeAgent: <7>
+      enable: true <8>
+      uploaderType: kopia <9>
+      podConfig:
+        nodeSelector: <node_selector> <10>
+  backupLocations:
+    - velero:
+        provider: {provider} <11>
+        default: true
+        credential:
+          key: cloud
+          name: <default_secret> <12>
+        objectStorage:
+          bucket: <bucket_name> <13>
+          prefix: <prefix> <14>
+----
+<1> The default namespace for OADP is `openshift-adp`. The namespace is a variable and is configurable.
+<2> The `kubevirt` plugin is mandatory for {VirtProductName}.
+<3> Specify the plugin for the backup provider, for example, `gcp`, if it exists.
+<4> The `csi` plugin is mandatory for backing up PVs with CSI snapshots. The `csi` plugin uses the link:https://{velero-domain}/docs/main/csi/[Velero CSI beta snapshot APIs]. You do not need to configure a snapshot location.
+<5> The `openshift` plugin is mandatory.
+<6> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
+<7> The administrative agent that routes the administrative requests to servers.
+<8> Set this value to `true` if you want to enable `nodeAgent` and perform File System Backup.
+<9> Enter `kopia` or `restic` as your uploader. You cannot change the selection after the installation. For the Built-in DataMover you must use Kopia. The `nodeAgent` deploys a daemon set, which means that the `nodeAgent` pods run on each working node. You can configure File System Backup by adding `spec.defaultVolumesToFsBackup: true` to the `Backup` CR.
+<10> Specify the nodes on which Kopia or Restic are available. By default, Kopia or Restic run on all nodes.
+<11> Specify the backup provider.
+<12> Specify the correct default name for the `Secret`, for example, `cloud-credentials-gcp`, if you use a default plugin for the backup provider. If specifying a custom name, then the custom name is used for the backup location. If you do not specify a `Secret` name, the default name is used.
+<13> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
+<14> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
+endif::[]
+
+. Click *Create*.
+
+[id="verifying-oadp-installation-1-3_{context}"]
+== Verifying the installation
+
+. Verify the installation by viewing the {oadp-first} resources by running the following command:
++
+[source,terminal]
+----
+$ oc get all -n openshift-adp
+----
++
+.Example output
++
+----
+NAME                                                     READY   STATUS    RESTARTS   AGE
+pod/oadp-operator-controller-manager-67d9494d47-6l8z8    2/2     Running   0          2m8s
+pod/node-agent-9cq4q                                     1/1     Running   0          94s
+pod/node-agent-m4lts                                     1/1     Running   0          94s
+pod/node-agent-pv4kr                                     1/1     Running   0          95s
+pod/velero-588db7f655-n842v                              1/1     Running   0          95s
+
+NAME                                                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
+service/oadp-operator-controller-manager-metrics-service   ClusterIP   172.30.70.140    <none>        8443/TCP   2m8s
+service/openshift-adp-velero-metrics-svc                   ClusterIP   172.30.10.0      <none>        8085/TCP   8h
+
+NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+daemonset.apps/node-agent    3         3         3       3            3           <none>          96s
+
+NAME                                                READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/oadp-operator-controller-manager    1/1     1            1           2m9s
+deployment.apps/velero                              1/1     1            1           96s
+
+NAME                                                           DESIRED   CURRENT   READY   AGE
+replicaset.apps/oadp-operator-controller-manager-67d9494d47    1         1         1       2m9s
+replicaset.apps/velero-588db7f655                              1         1         1       96s
+----
+
+. Verify that the `DataProtectionApplication` (DPA) is reconciled by running the following command:
++
+[source,terminal]
+----
+$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'
+----
+.Example output
+[source,yaml]
++
+----
+{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}
+----
+
+. Verify the `type` is set to `Reconciled`.
+
+. Verify the backup storage location and confirm that the `PHASE` is `Available` by running the following command:
++
+[source,terminal]
+----
+$ oc get backupStorageLocation -n openshift-adp
+----
+.Example output
+[source,yaml]
++
+----
+NAME           PHASE       LAST VALIDATED   AGE     DEFAULT
+dpa-sample-1   Available   1s               3d16h   true
+----
diff --git a/modules/oadp-installing-dpa.adoc b/modules/oadp-installing-dpa.adoc
deleted file mode 100644
index dc49f3b9ead5..000000000000
--- a/modules/oadp-installing-dpa.adoc
+++ /dev/null
@@ -1,366 +0,0 @@
-// Module included in the following assemblies:
-//
-// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
-// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
-// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
-// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
-// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
-
-:_content-type: PROCEDURE
-[id="oadp-installing-dpa_{context}"]
-= Installing the Data Protection Application
-
-You install the Data Protection Application (DPA) by creating an instance of the `DataProtectionApplication` API.
-
-.Prerequisites
-
-* You must install the OADP Operator.
-* You must configure object storage as a backup location.
-* If you use snapshots to back up PVs, your cloud provider must support either a native snapshot API or Container Storage Interface (CSI) snapshots.
-* If the backup and snapshot locations use the same credentials, you must create a `Secret` with the default name, `{credentials}`.
-ifdef::installing-oadp-azure,installing-oadp-gcp,installing-oadp-mcg,installing-oadp-ocs,virt-installing-configuring-oadp[]
-* If the backup and snapshot locations use different credentials, you must create two `Secrets`:
-
-** `Secret` with a custom name for the backup location. You add this `Secret` to the `DataProtectionApplication` CR.
-** `Secret` with the default name, `{credentials}`, for the snapshot location. This `Secret` is not referenced in the `DataProtectionApplication` CR.
-endif::[]
-ifdef::installing-oadp-aws[]
-* If the backup and snapshot locations use different credentials, you must create a `Secret` with the default name, `{credentials}`, which contains separate profiles for the backup and snapshot location credentials.
-endif::[]
-+
-[NOTE]
-====
-If you do not want to specify backup or snapshot locations during the installation, you can create a default `Secret` with an empty `credentials-velero` file. If there is no default `Secret`, the installation will fail.
-====
-
-.Procedure
-
-. Click *Operators* -> *Installed Operators* and select the OADP Operator.
-. Under *Provided APIs*, click *Create instance* in the *DataProtectionApplication* box.
-
-. Click *YAML View* and update the parameters of the `DataProtectionApplication` manifest:
-ifdef::installing-oadp-aws[]
-+
-[source,yaml,subs="attributes+"]
-----
-apiVersion: oadp.openshift.io/v1beta1
-kind: DataProtectionApplication
-metadata:
-  name: <dpa_sample>
-  namespace: openshift-adp
-spec:
-  configuration:
-    velero:
-      defaultPlugins:
-        - openshift <1>
-        - aws
-      resourceTimeout: 10m <2>
-    restic:
-      enable: true <3>
-      podConfig:
-        nodeSelector: <node_selector> <4>
-  backupLocations:
-    - name: default
-      velero:
-        provider: {provider}
-        default: true
-        objectStorage:
-          bucket: <bucket_name> <5>
-          prefix: <prefix> <6>
-        config:
-          region: <region>
-          profile: "default"
-        credential:
-          key: cloud
-          name: {credentials} <7>
-  snapshotLocations: <8>
-    - name: default
-      velero:
-        provider: {provider}
-        config:
-          region: <region> <9>
-          profile: "default"
-----
-<1> The `openshift` plugin is mandatory.
-<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
-<3> Set to `false`, if you want to disable the Restic installation. Restic deploys a daemon set, which means that each worker node has `Restic` pods running. You can configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR.
-<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
-<5> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
-<6> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
-<7> Specify the name of the `Secret` object that you created. If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
-<8> Specify a snapshot location, unless you use CSI snapshots or Restic to back up PVs.
-<9> The snapshot location must be in the same region as the PVs.
-endif::[]
-ifdef::installing-oadp-azure[]
-+
-[source,yaml,subs="attributes+"]
-----
-apiVersion: oadp.openshift.io/v1beta1
-kind: DataProtectionApplication
-metadata:
-  name: <dpa_sample>
-  namespace: openshift-adp
-spec:
-  configuration:
-    velero:
-      defaultPlugins:
-        - azure
-        - openshift <1>
-      resourceTimeout: 10m <2>
-    restic:
-      enable: true <3>
-      podConfig:
-        nodeSelector: <node_selector> <4>
-  backupLocations:
-    - velero:
-        config:
-          resourceGroup: <azure_resource_group> <5>
-          storageAccount: <azure_storage_account_id> <6>
-          subscriptionId: <azure_subscription_id> <7>
-          storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY
-        credential:
-          key: cloud
-          name: {credentials}  <8>
-        provider: {provider}
-        default: true
-        objectStorage:
-          bucket: <bucket_name> <9>
-          prefix: <prefix> <10>
-  snapshotLocations: <11>
-    - velero:
-        config:
-          resourceGroup: <azure_resource_group>
-          subscriptionId: <azure_subscription_id>
-          incremental: "true"
-        name: default
-        provider: {provider}
-----
-<1> The `openshift` plugin is mandatory.
-<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
-<3> Set to `false`, if you want to disable the Restic installation. Restic deploys a daemon set, which means that each worker node has `Restic` pods running. You can configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR.
-<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
-<5> Specify the Azure resource group.
-<6> Specify the Azure storage account ID.
-<7> Specify the Azure subscription ID.
-<8> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
-<9> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
-<10> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
-<11> You do not need to specify a snapshot location if you use CSI snapshots or Restic to back up PVs.
-endif::[]
-ifdef::installing-oadp-gcp[]
-+
-[source,yaml,subs="attributes+"]
-----
-apiVersion: oadp.openshift.io/v1beta1
-kind: DataProtectionApplication
-metadata:
-  name: <dpa_sample>
-  namespace: openshift-adp
-spec:
-  configuration:
-    velero:
-      defaultPlugins:
-        - gcp
-        - openshift <1>
-      resourceTimeout: 10m <2>
-    restic:
-      enable: true <3>
-      podConfig:
-        nodeSelector: <node_selector> <4>
-  backupLocations:
-    - velero:
-        provider: {provider}
-        default: true
-        credential:
-          key: cloud
-          name: {credentials} <5>
-        objectStorage:
-          bucket: <bucket_name> <6>
-          prefix: <prefix> <7>
-  snapshotLocations: <8>
-    - velero:
-        provider: {provider}
-        default: true
-        config:
-          project: <project>
-          snapshotLocation: us-west1 <9>
-----
-<1> The `openshift` plugin is mandatory.
-<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
-<3> Set to `false`, if you want to disable the Restic installation. Restic deploys a daemon set, which means that each worker node has `Restic` pods running. You can configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR.
-<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
-<5> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
-<6> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
-<7> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
-<8> Specify a snapshot location, unless you use CSI snapshots or Restic to back up PVs.
-<9> The snapshot location must be in the same region as the PVs.
-endif::[]
-ifdef::installing-oadp-mcg[]
-+
-[source,yaml,subs="attributes+"]
-----
-apiVersion: oadp.openshift.io/v1beta1
-kind: DataProtectionApplication
-metadata:
-  name: <dpa_sample>
-  namespace: openshift-adp
-spec:
-  configuration:
-    velero:
-      defaultPlugins:
-        - aws
-        - openshift <1>
-      resourceTimeout: 10m <2>
-    restic:
-      enable: true <3>
-      podConfig:
-        nodeSelector: <node_selector> <4>
-  backupLocations:
-    - velero:
-        config:
-          profile: "default"
-          region: minio
-          s3Url: <url> <5>
-          insecureSkipTLSVerify: "true"
-          s3ForcePathStyle: "true"
-        provider: {provider}
-        default: true
-        credential:
-          key: cloud
-          name: {credentials} <6>
-        objectStorage:
-          bucket: <bucket_name> <7>
-          prefix: <prefix> <8>
-----
-<1> The `openshift` plugin is mandatory.
-<2> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
-<3> Set to `false`, if you want to disable the Restic installation. Restic deploys a daemon set, which means that each worker node has `Restic` pods running. You can configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR.
-<4> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
-<5> Specify the URL of the S3 endpoint.
-<6> If you do not specify this value, the default name, `{credentials}`, is used. If you specify a custom name, the custom name is used for the backup location.
-<7> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
-<8> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
-endif::[]
-ifdef::installing-oadp-ocs[]
-+
-[source,yaml,subs="attributes+"]
-----
-apiVersion: oadp.openshift.io/v1beta1
-kind: DataProtectionApplication
-metadata:
-  name: <dpa_sample>
-  namespace: openshift-adp
-spec:
-  configuration:
-    velero:
-      defaultPlugins:
-        - kubevirt <1>
-        - gcp <2>
-        - csi <3>
-        - openshift <4>
-      resourceTimeout: 10m <5>
-    restic:
-      enable: true <6>
-      podConfig:
-        nodeSelector: <node_selector> <7>
-  backupLocations:
-    - velero:
-        provider: {provider} <8>
-        default: true
-        credential:
-          key: cloud
-          name: <default_secret> <9>
-        objectStorage:
-          bucket: <bucket_name> <10>
-          prefix: <prefix> <11>
-----
-<1> Optional: The `kubevirt` plugin is used with {VirtProductName}.
-<2> Specify the default plugin for the backup provider, for example, `gcp`, if appropriate.
-<3> Specify the `csi` default plugin if you use CSI snapshots to back up PVs. The `csi` plugin uses the link:https://{velero-domain}/docs/main/csi/[Velero CSI beta snapshot APIs]. You do not need to configure a snapshot location.
-<4> The `openshift` plugin is mandatory.
-<5> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
-<6> Set to `false`, if you want to disable the Restic installation. Restic deploys a daemon set, which means that each worker node has `Restic` pods running. You can configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR.
-<7> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
-<8> Specify the backup provider.
-<9> Specify the correct default name for the `Secret`, for example, `cloud-credentials-gcp`, if you use a default plugin for the backup provider. If specifying a custom name, then the custom name is used for the backup location. If you do not specify a `Secret` name, the default name is used.
-<10> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
-<11> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
-endif::[]
-ifdef::virt-installing-configuring-oadp[]
-+
-[source,yaml,subs="attributes+"]
-----
-apiVersion: oadp.openshift.io/v1beta1
-kind: DataProtectionApplication
-metadata:
-  name: <dpa_sample>
-  namespace: openshift-adp
-spec:
-  configuration:
-    velero:
-      defaultPlugins:
-        - kubevirt <1>
-        - gcp <2>
-        - csi <3>
-        - openshift <4>
-      resourceTimeout: 10m <5>
-    restic:
-      enable: true <6>
-      podConfig:
-        nodeSelector: <node_selector> <7>
-  backupLocations:
-    - velero:
-        provider: {provider} <8>
-        default: true
-        credential:
-          key: cloud
-          name: <default_secret> <9>
-        objectStorage:
-          bucket: <bucket_name> <10>
-          prefix: <prefix> <11>
-----
-<1> The `kubevirt` plugin is mandatory for {VirtProductName}.
-<2> Specify the plugin for the backup provider, for example, `gcp`, if it exists.
-<3> The `csi` plugin is mandatory for backing up PVs with CSI snapshots. The `csi` plugin uses the link:https://{velero-domain}/docs/main/csi/[Velero CSI beta snapshot APIs]. You do not need to configure a snapshot location.
-<4> The `openshift` plugin is mandatory.
-<5> Specify how many minutes to wait for several Velero resources before timeout occurs, such as Velero CRD availability, volumeSnapshot deletion, and backup repository availability. The default is 10m.
-<6> Set to `false`, if you want to disable the Restic installation. Restic deploys a daemon set, which means that each worker node has `Restic` pods running. You can configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR.
-<7> Specify on which nodes Restic is available. By default, Restic runs on all nodes.
-<8> Specify the backup provider.
-<9> Specify the correct default name for the `Secret`, for example, `cloud-credentials-gcp`, if you use a default plugin for the backup provider. If specifying a custom name, then the custom name is used for the backup location. If you do not specify a `Secret` name, the default name is used.
-<10> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix.
-<11> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes.
-endif::[]
-
-. Click *Create*.
-. Verify the installation by viewing the OADP resources:
-+
-[source,terminal]
-----
-$ oc get all -n openshift-adp
-----
-+
-.Example output
-+
-----
-NAME                                                     READY   STATUS    RESTARTS   AGE
-pod/oadp-operator-controller-manager-67d9494d47-6l8z8    2/2     Running   0          2m8s
-pod/restic-9cq4q                                         1/1     Running   0          94s
-pod/restic-m4lts                                         1/1     Running   0          94s
-pod/restic-pv4kr                                         1/1     Running   0          95s
-pod/velero-588db7f655-n842v                              1/1     Running   0          95s
-
-NAME                                                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
-service/oadp-operator-controller-manager-metrics-service   ClusterIP   172.30.70.140    <none>        8443/TCP   2m8s
-
-NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
-daemonset.apps/restic   3         3         3       3            3           <none>          96s
-
-NAME                                                READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/oadp-operator-controller-manager    1/1     1            1           2m9s
-deployment.apps/velero                              1/1     1            1           96s
-
-NAME                                                           DESIRED   CURRENT   READY   AGE
-replicaset.apps/oadp-operator-controller-manager-67d9494d47    1         1         1       2m9s
-replicaset.apps/velero-588db7f655                              1         1         1       96s
-----
\ No newline at end of file
diff --git a/modules/oadp-installing-oadp-rosa-sts.adoc b/modules/oadp-installing-oadp-rosa-sts.adoc
index fab13ae93ece..1c87ae4cea70 100644
--- a/modules/oadp-installing-oadp-rosa-sts.adoc
+++ b/modules/oadp-installing-oadp-rosa-sts.adoc
@@ -2,29 +2,38 @@
 //
 // * rosa_backing_up_and_restoring_applications/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-installing-oadp-rosa-sts_{context}"]
-= Installing OADP on {product-title} with AWS STS
+= Installing the OADP Operator and providing the IAM role
 
 AWS Security Token Service (AWS STS) is a global web service that provides short-term credentials for IAM or federated users. {product-title} (ROSA) with STS is the recommended credential mode for ROSA clusters. This document describes how to install OpenShift API for Data Protection (OADP) on (ROSA) with AWS STS.
 
+
 [IMPORTANT]
 ====
-Restic is not supported in the OADP on ROSA with AWS STS environment. Ensure the Restic service is disabled. Use native snapshots to backup volumes. See _Known Issues_ for more information.
+Restic and Kopia are not supported in the OADP on ROSA with AWS STS environment. Make sure that the Restic/Kopia node agent is disabled.
+For backing up volumes, OADP on ROSA with AWS STS supports only native snapshots and CSI snapshots. See _Known Issues_ for more information.
+====
+
+[IMPORTANT]
+====
+In an Amazon ROSA cluster using STS authentication, restoring backed-up data in a different AWS region is not supported.
+
+The Data Mover feature is not currently supported in ROSA clusters. You can use native AWS S3 tools for moving data.
 ====
 
 .Prerequisites
 
-* A ROSA OpenShift Cluster with the required access and tokens.
-* link:https://docs.openshift.com/container-platform/4.13/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.html#oadp-creating-default-secret_installing-oadp-aws[A default Secret], if your backup and snapshot locations use the same credentials, or if you do not require a snapshot location.
+* A {openshift-rosa} cluster with the required access and tokens. For instructions, see the procedure in "Preparing AWS credentials". If you plan to use two different clusters for backing up and restoring, you need to prepare AWS credentials, including `ROLE_ARN`, for each cluster.
+
 
 .Procedure
 
-. Create an Openshift secret from your AWS token file by entering the following commands:
+. Create an OpenShift secret from your AWS token file by entering the following commands.
 
 .. Create the credentials file:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ cat <<EOF > ${SCRATCH}/credentials
 [default]
@@ -33,13 +42,28 @@ web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
 EOF
 ----
 
+.. Create a namespace for OADP:
++
+[source,terminal]
+----
+$ oc create namespace openshift-adp
+----
+
 .. Create the OpenShift secret:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-adp create secret generic cloud-credentials \
   --from-file=${SCRATCH}/credentials
 ----
++
+[NOTE]
+====
+In {product-title} versions 4.15 and later, the OADP Operator supports a new standardized STS workflow through the Operator Lifecycle Manager (OLM)
+and Cloud Credentials Operator (CCO). In this workflow, you do not need to create the above
+secret, you only need to supply the role ARN during link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/operators/user-tasks#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[the installation of OLM-managed operators via the the {product-title} web console].
+The above secret is created automatically via CCO.
+====
 
 . Install the OADP Operator.
 .. In the {product-title} web console, navigate to Operators *->* OperatorHub.
@@ -66,7 +90,7 @@ spec:
 EOF
 ----
 
-. Create the `DataProtectionApplication resource`, which is used to configure the connection to the storage where the backups and volume snapshots will be stored:
+. Create the `DataProtectionApplication` resource, which is used to configure the connection to the storage where the backups and volume snapshots are stored:
 +
 [source,terminal]
 ----
@@ -84,44 +108,58 @@ spec:
       credential:
         key: credentials
         name: cloud-credentials
+      prefix: velero
       default: true
+      config:
+        region: ${REGION}
   configuration:
     velero:
       defaultPlugins:
       - openshift
       - aws
-      restic:
-        enable: false
-  volumeSnapshots:
-  - velero:
-      config:
-        credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials
-        enableSharedConfig: "true"
-        region: ${REGION}
-      provider: aws
+    nodeAgent: <1>
+      enable: false
+      uploaderType: restic
+  snapshotLocations:
+    - velero:
+        config:
+          credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials <2>
+          enableSharedConfig: "true" <3>
+          profile: default <4>
+          region: ${REGION} <5>
+        provider: aws
 EOF
 ----
+<1> See the first note below.
+<2> The `credentialsFile` field is the mounted location of the bucket credential on the pod.
+<3> The `enableSharedConfig` field allows the `snapshotLocations` to share or reuse the credential defined for the bucket.
+<4> Use the profile name set in the AWS credentials file.
+<5> Specify `region` as your AWS region. This must be the same as the cluster region.
 +
+You are now ready to backup and restore OpenShift applications, as described in the link:https://docs.openshift.com/container-platform/4.11/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.html[OADP documentation].
+
 [NOTE]
 ====
 The `enable` parameter of `restic` is set to `false` in this configuration because OADP does not support Restic in ROSA environments.
-====
-+
-You are now ready to backup and restore OpenShift applications, as described in the link:https://docs.openshift.com/container-platform/4.11/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.html[OADP documentation].
 
-== Known Issues
-.Restic is not supported or recommended
+If you are using OADP 1.2, replace this configuration:
+[source,terminal]
 
-* link:https://issues.redhat.com/browse/OADP-1054[CloudStorage: openshift-adp-controller-manager crashloop seg fault with Restic enabled]
-* link:https://issues.redhat.com/browse/OADP-1057[Cloudstorage API: CSI Backup of an app with internal images partially fails with plugin panicked error]
-* (Affects OADP 1.1.x_ only): link:https://issues.redhat.com/browse/OADP-1055[CloudStorage: bucket is removed on CS CR delete, although it doesn't have "oadp.openshift.io/cloudstorage-delete": "true"]
+----
+nodeAgent:
+  enable: false
+  uploaderType: restic
+----
+with the following:
 
-[role="_additional-resources"]
-.Additional resources
+[source,terminal]
+----
+restic:
+  enable: false
+----
+====
 
-* link:https://docs.openshift.com/rosa/rosa_architecture/rosa-understanding.html[Understanding ROSA with STS]
-* link:https://docs.openshift.com/rosa/rosa_getting_started/rosa-sts-getting-started-workflow.html[Getting started with ROSA STS]
-* link:https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.html[Creating a ROSA cluster with STS]
-* link:https://docs.openshift.com/container-platform/4.13/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html[About installing OADP]
-* link:https://docs.openshift.com/container-platform/4.13/storage/container_storage_interface/persistent-storage-csi.html[Configuring CSI volumes]
-* link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-sdpolicy-storage_rosa-service-definition[ROSA storage options]
+[NOTE]
+====
+If you want to use two different clusters for backing up and restoring, the two clusters must have identical AWS S3 storage names in both the cloudstorage CR and the OADP `DataProtectionApplication` configuration.
+====
\ No newline at end of file
diff --git a/modules/oadp-installing-operator.adoc b/modules/oadp-installing-operator.adoc
index 1e0b2f944133..34dbe6561a64 100644
--- a/modules/oadp-installing-operator.adoc
+++ b/modules/oadp-installing-operator.adoc
@@ -6,7 +6,7 @@
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-installing-operator_{context}"]
 = Installing the OADP Operator
 
diff --git a/modules/oadp-item-backup-timeouts.adoc b/modules/oadp-item-backup-timeouts.adoc
new file mode 100644
index 000000000000..f7c698831131
--- /dev/null
+++ b/modules/oadp-item-backup-timeouts.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="item-operation-timeout-backup_{context}"]
+= Item operation timeout - backup
+
+`ItemOperationTimeout` specifies the time used to wait for asynchronous
+`BackupItemAction` operations. The default value is `1h`.
+
+Use the backup `ItemOperationTimeout` for the following scenarios:
+
+* Only with Data Mover 1.2.x.
+* For Data Mover uploads and downloads to or from the `BackupStorageLocation`. If the backup action is not completed when the timeout is reached, it will be marked as failed. If Data Mover operations are failing due to timeout issues, because of large storage volume sizes, then this timeout setting may need to be increased.
+
+.Procedure
+* Edit the values in the `Backup.spec.itemOperationTimeout` block of the `Backup` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+ name: <backup_name>
+spec:
+ itemOperationTimeout: 1h
+# ...
+----
+
diff --git a/modules/oadp-item-restore-timeouts.adoc b/modules/oadp-item-restore-timeouts.adoc
new file mode 100644
index 000000000000..504b60578c37
--- /dev/null
+++ b/modules/oadp-item-restore-timeouts.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="item-operation-timeout-restore_{context}"]
+= Item operation timeout - restore
+
+`ItemOperationTimeout` specifies the time that is used to wait for `RestoreItemAction` operations. The default value is `1h`.
+
+Use the restore `ItemOperationTimeout` for the following scenarios:
+
+* Only with Data Mover 1.2.x.
+* For Data Mover uploads and downloads to or from the `BackupStorageLocation`. If the restore action is not completed when the timeout is reached, it will be marked as failed. If Data Mover operations are failing due to timeout issues, because of large storage volume sizes, then this timeout setting may need to be increased.
+
+.Procedure
+* Edit the values in the `Restore.spec.itemOperationTimeout` block of the `Restore` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+ name: <restore_name>
+spec:
+ itemOperationTimeout: 1h
+# ...
+----
+
diff --git a/modules/oadp-list-of-metrics.adoc b/modules/oadp-list-of-metrics.adoc
new file mode 100644
index 000000000000..aeb2b92c974b
--- /dev/null
+++ b/modules/oadp-list-of-metrics.adoc
@@ -0,0 +1,179 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="list-of-metrics_{context}"]
+= List of available metrics
+
+These are the list of metrics provided by the OADP together with their https://prometheus.io/docs/concepts/metric_types/[Types].
+
+|===
+|Metric name |Description |Type
+
+|`kopia_content_cache_hit_bytes`
+|Number of bytes retrieved from the cache
+|Counter
+
+|`kopia_content_cache_hit_count`
+|Number of times content was retrieved from the cache
+|Counter
+
+|`kopia_content_cache_malformed`
+|Number of times malformed content was read from the cache
+|Counter
+
+|`kopia_content_cache_miss_count`
+|Number of times content was not found in the cache and fetched
+|Counter
+
+|`kopia_content_cache_missed_bytes`
+|Number of bytes retrieved from the underlying storage
+|Counter
+
+|`kopia_content_cache_miss_error_count`
+|Number of times content could not be found in the underlying storage
+|Counter
+
+|`kopia_content_cache_store_error_count`
+|Number of times content could not be saved in the cache
+|Counter
+
+|`kopia_content_get_bytes`
+|Number of bytes retrieved using `GetContent()`
+|Counter
+
+|`kopia_content_get_count`
+|Number of times `GetContent()` was called
+|Counter
+
+|`kopia_content_get_error_count`
+|Number of times `GetContent()` was called and the result was an error
+|Counter
+
+|`kopia_content_get_not_found_count`
+|Number of times `GetContent()` was called and the result was not found
+|Counter
+
+|`kopia_content_write_bytes`
+|Number of bytes passed to `WriteContent()`
+|Counter
+
+|`kopia_content_write_count`
+|Number of times `WriteContent()` was called
+|Counter
+
+|`velero_backup_attempt_total`
+|Total number of attempted backups
+|Counter
+
+|`velero_backup_deletion_attempt_total`
+|Total number of attempted backup deletions
+|Counter
+
+|`velero_backup_deletion_failure_total`
+|Total number of failed backup deletions
+|Counter
+
+|`velero_backup_deletion_success_total`
+|Total number of successful backup deletions
+|Counter
+
+|`velero_backup_duration_seconds`
+|Time taken to complete backup, in seconds
+|Histogram
+
+|`velero_backup_failure_total`
+|Total number of failed backups
+|Counter
+
+|`velero_backup_items_errors`
+|Total number of errors encountered during backup
+|Gauge
+
+|`velero_backup_items_total`
+|Total number of items backed up
+|Gauge
+
+|`velero_backup_last_status`
+|Last status of the backup. A value of 1 is success, 0.
+|Gauge
+
+|`velero_backup_last_successful_timestamp`
+|Last time a backup ran successfully, Unix timestamp in seconds
+|Gauge
+
+|`velero_backup_partial_failure_total`
+|Total number of partially failed backups
+|Counter
+
+|`velero_backup_success_total`
+|Total number of successful backups
+|Counter
+
+|`velero_backup_tarball_size_bytes`
+|Size, in bytes, of a backup
+|Gauge
+
+|`velero_backup_total`
+|Current number of existent backups
+|Gauge
+
+|`velero_backup_validation_failure_total`
+|Total number of validation failed backups
+|Counter
+
+|`velero_backup_warning_total`
+|Total number of warned backups
+|Counter
+
+|`velero_csi_snapshot_attempt_total`
+|Total number of CSI attempted volume snapshots
+|Counter
+
+|`velero_csi_snapshot_failure_total`
+|Total number of CSI failed volume snapshots
+|Counter
+
+|`velero_csi_snapshot_success_total`
+|Total number of CSI successful volume snapshots
+|Counter
+
+|`velero_restore_attempt_total`
+|Total number of attempted restores
+|Counter
+
+|`velero_restore_failed_total`
+|Total number of failed restores
+|Counter
+
+|`velero_restore_partial_failure_total`
+|Total number of partially failed restores
+|Counter
+
+|`velero_restore_success_total`
+|Total number of successful restores
+|Counter
+
+|`velero_restore_total`
+|Current number of existent restores
+|Gauge
+
+|`velero_restore_validation_failed_total`
+|Total number of failed restores failing validations
+|Counter
+
+|`velero_volume_snapshot_attempt_total`
+|Total number of attempted volume snapshots
+|Counter
+
+|`velero_volume_snapshot_failure_total`
+|Total number of failed volume snapshots
+|Counter
+
+|`velero_volume_snapshot_success_total`
+|Total number of successful volume snapshots
+|Counter
+
+|===
+
diff --git a/modules/oadp-monitoring-setup.adoc b/modules/oadp-monitoring-setup.adoc
new file mode 100644
index 000000000000..6234d9ff96a3
--- /dev/null
+++ b/modules/oadp-monitoring-setup.adoc
@@ -0,0 +1,94 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-monitoring-setup-monitor_{context}"]
+= OADP monitoring setup
+
+The OADP Operator leverages an OpenShift User Workload Monitoring provided by the OpenShift Monitoring Stack for retrieving metrics from the Velero service endpoint. The monitoring stack allows creating user-defined Alerting Rules or querying metrics by using the OpenShift Metrics query front end.
+
+With enabled User Workload Monitoring, it is possible to configure and use any Prometheus-compatible third-party UI, such as Grafana, to visualize Velero metrics.
+
+Monitoring metrics requires enabling monitoring for the user-defined projects and creating a `ServiceMonitor` resource to scrape those metrics from the already enabled OADP service endpoint that resides in the `openshift-adp` namespace.
+
+.Prerequisites
+* You have access to an {product-title} cluster using an account with `cluster-admin` permissions.
+* You have created a cluster monitoring config map.
+
+.Procedure
+
+. Edit the `cluster-monitoring-config` `ConfigMap` object in the `openshift-monitoring` namespace:
++
+[source,terminal]
+----
+$ oc edit configmap cluster-monitoring-config -n openshift-monitoring
+----
+
+. Add or enable the `enableUserWorkload` option in the `data` section's `config.yaml` field:
++
+[source,yaml]
+----
+apiVersion: v1
+data:
+  config.yaml: |
+    enableUserWorkload: true <1>
+kind: ConfigMap
+metadata:
+# ...
+----
+<1> Add this option or set to `true`
+
+. Wait a short period of time to verify the User Workload Monitoring Setup by checking if the following components are up and running in the `openshift-user-workload-monitoring` namespace:
++
+[source,terminal]
+----
+$ oc get pods -n openshift-user-workload-monitoring
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                   READY   STATUS    RESTARTS   AGE
+prometheus-operator-6844b4b99c-b57j9   2/2     Running   0          43s
+prometheus-user-workload-0             5/5     Running   0          32s
+prometheus-user-workload-1             5/5     Running   0          32s
+thanos-ruler-user-workload-0           3/3     Running   0          32s
+thanos-ruler-user-workload-1           3/3     Running   0          32s
+----
++
+. Verify the existence of the `user-workload-monitoring-config` ConfigMap in the `openshift-user-workload-monitoring`. If it exists, skip the remaining steps in this procedure.
++
+[source,terminal]
+----
+$ oc get configmap user-workload-monitoring-config -n openshift-user-workload-monitoring
+----
++
+.Example output
+[source,terminal]
+----
+Error from server (NotFound): configmaps "user-workload-monitoring-config" not found
+----
++
+. Create a `user-workload-monitoring-config` `ConfigMap` object for the User Workload Monitoring, and save it under the `2_configure_user_workload_monitoring.yaml` file name:
++
+.Example output
+[source,yaml]
++
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: user-workload-monitoring-config
+  namespace: openshift-user-workload-monitoring
+data:
+  config.yaml: |
+----
++
+. Apply the `2_configure_user_workload_monitoring.yaml` file:
++
+[source,terminal]
+----
+$ oc apply -f 2_configure_user_workload_monitoring.yaml
+configmap/user-workload-monitoring-config created
+----
diff --git a/modules/oadp-monitoring.adoc b/modules/oadp-monitoring.adoc
new file mode 100644
index 000000000000..4237364048b4
--- /dev/null
+++ b/modules/oadp-monitoring.adoc
@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-monitoring_{context}"]
+= OADP Monitoring
+
+The {product-title} provides a monitoring stack that allows users and administrators to effectively monitor and manage their clusters, as well as monitor and analyze the workload performance of user applications and services running on the clusters, including receiving alerts if an event occurs.
+
+
diff --git a/modules/oadp-odf-cpu-memory-requirements.adoc b/modules/oadp-odf-cpu-memory-requirements.adoc
new file mode 100644
index 000000000000..a0c42261a9bb
--- /dev/null
+++ b/modules/oadp-odf-cpu-memory-requirements.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-odf-cpu-memory-requirements_{context}"]
+= Adjusting Ceph CPU and memory requirements based on collected data
+
+The following recommendations are based on observations of performance made in the scale and performance lab. The changes are specifically related to {odf-first}. If working with {odf-short}, consult the appropriate tuning guides for official recommendations.
+
+[id="oadp-odf-config-cpu-memory-requirements_{context}"]
+== CPU and memory requirement for configurations
+
+Backup and restore operations require large amounts of CephFS `PersistentVolumes` (PVs). To avoid Ceph MDS pods restarting with an `out-of-memory` (OOM) error, the following configuration is suggested:
+
+|===
+| Configuration types | Request | Max limit
+
+| CPU
+| Request changed to 3
+| Max limit to 3
+
+| Memory
+| Request changed to 8 Gi
+| Max limit to 128 Gi
+|===
\ No newline at end of file
diff --git a/modules/oadp-operator-issues.adoc b/modules/oadp-operator-issues.adoc
new file mode 100644
index 000000000000..b35f5ab274cb
--- /dev/null
+++ b/modules/oadp-operator-issues.adoc
@@ -0,0 +1,93 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-operator-issues_{context}"]
+= OADP Operator issues
+
+The {oadp-first} Operator might encounter issues caused by problems it is not able to resolve.
+
+[id="oadp-operator-fails-silently_{context}"]
+== OADP Operator fails silently
+
+The S3 buckets of an OADP Operator might be empty, but when you run the command `oc get po -n <OADP_Operator_namespace>`, you see that the Operator has a status of `Running`.  In such a case, the Operator is said to have _failed silently_ because it incorrectly reports that it is running.
+
+.Cause
+
+The problem is caused when cloud credentials provide insufficient permissions.
+
+.Solution
+
+Retrieve a list of backup storage locations (BSLs) and check the manifest of each BSL for credential issues.
+
+.Procedure
+
+. Run one of the following commands to retrieve a list of BSLs:
+
+.. Using the OpenShift CLI:
++
+[source,terminal]
+----
+$ oc get backupstoragelocation -A
+----
+
+.. Using the Velero CLI:
++
+[source,terminal]
+----
+$ velero backup-location get -n <OADP_Operator_namespace>
+----
+
+. Using the list of BSLs, run the following command to display the manifest of each BSL, and examine each manifest for an error.
++
+[source,terminal]
+----
+$ oc get backupstoragelocation -n <namespace> -o yaml
+----
+
+.Example result
+
+[source, yaml]
+----
+apiVersion: v1
+items:
+- apiVersion: velero.io/v1
+  kind: BackupStorageLocation
+  metadata:
+    creationTimestamp: "2023-11-03T19:49:04Z"
+    generation: 9703
+    name: example-dpa-1
+    namespace: openshift-adp-operator
+    ownerReferences:
+    - apiVersion: oadp.openshift.io/v1alpha1
+      blockOwnerDeletion: true
+      controller: true
+      kind: DataProtectionApplication
+      name: example-dpa
+      uid: 0beeeaff-0287-4f32-bcb1-2e3c921b6e82
+    resourceVersion: "24273698"
+    uid: ba37cd15-cf17-4f7d-bf03-8af8655cea83
+  spec:
+    config:
+      enableSharedConfig: "true"
+      region: us-west-2
+    credential:
+      key: credentials
+      name: cloud-credentials
+    default: true
+    objectStorage:
+      bucket: example-oadp-operator
+      prefix: example
+    provider: aws
+  status:
+    lastValidationTime: "2023-11-10T22:06:46Z"
+    message: "BackupStorageLocation \"example-dpa-1\" is unavailable: rpc
+      error: code = Unknown desc = WebIdentityErr: failed to retrieve credentials\ncaused
+      by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n\tstatus
+      code: 403, request id: d3f2e099-70a0-467b-997e-ff62345e3b54"
+    phase: Unavailable
+kind: List
+metadata:
+  resourceVersion: ""
+----
diff --git a/modules/oadp-plugins-receiving-eof-message.adoc b/modules/oadp-plugins-receiving-eof-message.adoc
new file mode 100644
index 000000000000..a180969362c4
--- /dev/null
+++ b/modules/oadp-plugins-receiving-eof-message.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-plugins-receiving-eof-message_{context}"]
+
+= Velero plugins returning "received EOF, stopping recv loop" message
+
+[NOTE]
+====
+Velero plugins are started as separate processes. After the Velero operation has completed, either successfully or not, they exit. Receiving a `received EOF, stopping recv loop` message in the debug logs indicates that a plugin operation has completed. It does not mean that an error has occurred.
+====
diff --git a/modules/oadp-plugins.adoc b/modules/oadp-plugins.adoc
index 0fbed2e6f5bb..a30cd39c4167 100644
--- a/modules/oadp-plugins.adoc
+++ b/modules/oadp-plugins.adoc
@@ -2,11 +2,11 @@
 //
 // * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-plugins_{context}"]
 = OADP plugins
 
-The OpenShift API for Data Protection (OADP) provides default Velero plugins that are integrated with storage providers to support backup and snapshot operations. You can create link:https://{velero-domain}/docs/v{velero-version}/custom-plugins/[custom plugins] based on the Velero plugins.
+The {oadp-first} provides default Velero plugins that are integrated with storage providers to support backup and snapshot operations. You can create link:https://{velero-domain}/docs/v{velero-version}/custom-plugins/[custom plugins] based on the Velero plugins.
 
 OADP also provides plugins for {product-title} resource backups, OpenShift Virtualization resource backups, and Container Storage Interface (CSI) snapshots.
 
@@ -29,10 +29,15 @@ OADP also provides plugins for {product-title} resource backups, OpenShift Virtu
 |`kubevirt` |Backs up and restores OpenShift Virtualization resources. ^[2]^ |Object store
 
 |`csi` |Backs up and restores volumes with CSI snapshots. ^[3]^ |Cloud storage that supports CSI snapshots
+
+|`vsm` |VolumeSnapshotMover relocates snapshots from the cluster into an object store to be used during a restore process to recover stateful applications, in situations such as cluster deletion. ^[4]^ |Object store
 |===
 [.small]
 --
 1. Mandatory.
 2. Virtual machine disks are backed up with CSI snapshots or Restic.
-3. The `csi` plugin uses the link:https://velero.io/docs/main/csi/[Velero CSI beta snapshot API].
+3. The `csi` plugin uses the Kubernetes CSI snapshot API.
+* OADP 1.1 or later uses `snapshot.storage.k8s.io/v1`
+* OADP 1.0 uses `snapshot.storage.k8s.io/v1beta1`
+4. OADP 1.2 only.
 --
diff --git a/modules/oadp-pod-crash-set-resource-request-restic.adoc b/modules/oadp-pod-crash-set-resource-request-restic.adoc
index 94043e3463d8..e195834f1ab2 100644
--- a/modules/oadp-pod-crash-set-resource-request-restic.adoc
+++ b/modules/oadp-pod-crash-set-resource-request-restic.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-pod-crash-resource-request-retics_{context}"]
 = Setting resource requests for a Restic pod
 
@@ -22,8 +22,9 @@ kind: DataProtectionApplication
 configuration:
   restic:
     podConfig:
-      resourceAllocations:
+      resourceAllocations: <1>
         requests:
-          cpu: 500m
-          memory: 256Mi
+          cpu: 1000m
+          memory: 16Gi
 ----
+<1> The `resourceAllocations` listed are for average usage.
\ No newline at end of file
diff --git a/modules/oadp-pod-crash-set-resource-request-velero.adoc b/modules/oadp-pod-crash-set-resource-request-velero.adoc
index 23d8427e4106..eb06b152eeaa 100644
--- a/modules/oadp-pod-crash-set-resource-request-velero.adoc
+++ b/modules/oadp-pod-crash-set-resource-request-velero.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-pod-crash-resource-request-velero_{context}"]
 = Setting resource requests for a Velero pod
 
@@ -22,8 +22,9 @@ kind: DataProtectionApplication
 configuration:
   velero:
     podConfig:
-      resourceAllocations:
+      resourceAllocations: <1>
         requests:
-          cpu: 500m
+          cpu: 200m
           memory: 256Mi
 ----
+<1> The `resourceAllocations` listed are for average usage.
\ No newline at end of file
diff --git a/modules/oadp-pod-volume-backup.adoc b/modules/oadp-pod-volume-backup.adoc
new file mode 100644
index 000000000000..95c25c9db543
--- /dev/null
+++ b/modules/oadp-pod-volume-backup.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
+
+[id="oadp-pod-volume-backup_{context}"]
+:_mod-docs-content-type: CONCEPT
+= About determining which pod volumes to back up
+
+Before you start a backup operation by using File System Backup (FSB), you must specify which pods contain a volume that you want to back up. Velero refers to this process as "discovering" the appropriate pod volumes.
+
+Velero supports two approaches for determining pod volumes:
+
+* *Opt-in approach*: The opt-in approach requires that you actively indicate that you want to include - _opt-in_ - a volume in a backup. You do this by labelling each pod that contains a volume to be backed up with the name of the volume. When Velero finds a persistent volume (PV), it checks the pod that mounted the volume. If the pod is labelled with the name of the volume, Velero backs up the pod.
+* *Opt-out approach*: With the opt-out approach, you must actively specify that you want to exclude a volume from a backup. You do this by labelling each pod that contains a volume you do not want to back up with the name of the volume. When Velero finds a PV, it checks the pod that mounted the volume. If the pod is labelled with the volume's name, Velero does not back up the pod.
+
+[id=pod-volume-limitations_{context}]
+== Limitations
+
+* FSB does not support backing up and restoring `hostpath` volumes. However, FSB does support backing up and restoring local volumes.
+* Velero uses a static, common encryption key for all backup repositories it creates. *This static key means that anyone who can access your backup storage can also decrypt your backup data*. It is essential that you limit access to backup storage.
+* For PVCs, every incremental backup chain is maintained across pod reschedules.
++
+For pod volumes that are _not_ PVCs, such as `emptyDir` volumes, if
+a pod is deleted or recreated, for example, by a `ReplicaSet` or a deployment, the next backup of those volumes will be a full backup and not an incremental backup. It is assumed that the lifecycle of a pod volume is defined by its pod.
+* Even though backup data can be kept incrementally, backing up large files, such as a database, can take a long time. This is because FSB uses deduplication to find the difference that needs to be backed up.
+* FSB reads and writes data from volumes by accessing the file system of the node on which the pod is running. For this reason, FSB can only back up volumes that are mounted from a pod and not directly from a PVC. Some Velero users have overcome this limitation by running a staging pod, such as a BusyBox or Alpine container with an infinite sleep, to mount these PVC and PV pairs before performing a Velero backup..
+* FSB expects volumes to be mounted under `<hostPath>/<pod UID>`, with
+`<hostPath>` being configurable. Some Kubernetes systems, for example,
+vCluster, do not mount volumes under the `<pod UID>` subdirectory, and
+VFSB does not work with them as expected.
diff --git a/modules/oadp-preparing-aws-credentials.adoc b/modules/oadp-preparing-aws-credentials.adoc
new file mode 100644
index 000000000000..0aba74e1861b
--- /dev/null
+++ b/modules/oadp-preparing-aws-credentials.adoc
@@ -0,0 +1,171 @@
+// Module included in the following assemblies:
+//
+// * rosa_backing_up_and_restoring_applications/backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-preparing-aws-credentials_{context}"]
+= Preparing AWS credentials
+
+An AWS account must be ready to accept an OADP installation.
+
+.Procedure
+. Create the following environment variables by running the following commands:
++
+[NOTE]
+====
+Change the cluster name to match your ROSA cluster, and ensure you are logged into the cluster as an administrator. Ensure that all fields are outputted correctly before continuing.
+====
++
+[source,terminal]
+----
+$ export CLUSTER_NAME=my-cluster <1>
+export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
+export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
+export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
+export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+export CLUSTER_VERSION=$(rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.')
+export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
+export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
+mkdir -p ${SCRATCH}
+echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
+${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
++
+<1> Replace `my-cluster` with your ROSA cluster name.
+
+. On the AWS account, create an IAM policy to allow access to S3.
+
+.. Check to see if the policy exists by running the following command:
++
+[source,terminal]
+----
+$ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='RosaOadpVer1'].{ARN:Arn}" --output text) <1>
+----
++
+<1> Replace `RosaOadp` with your policy name.
+
+..  Use the following command to create the policy JSON file and then create the policy in ROSA.
++
+[NOTE]
+====
+If the policy ARN is not found, the command will create the policy. If the policy ARN already exists, the `if` statement will intentionally skip the policy creation.
+====
++
+[source,terminal]
+----
+$ if [[ -z "${POLICY_ARN}" ]]; then
+cat << EOF > ${SCRATCH}/policy.json <1>
+{
+"Version": "2012-10-17",
+"Statement": [
+  {
+    "Effect": "Allow",
+    "Action": [
+      "s3:CreateBucket",
+      "s3:DeleteBucket",
+      "s3:PutBucketTagging",
+      "s3:GetBucketTagging",
+      "s3:PutEncryptionConfiguration",
+      "s3:GetEncryptionConfiguration",
+      "s3:PutLifecycleConfiguration",
+      "s3:GetLifecycleConfiguration",
+      "s3:GetBucketLocation",
+      "s3:ListBucket",
+      "s3:GetObject",
+      "s3:PutObject",
+      "s3:DeleteObject",
+      "s3:ListBucketMultipartUploads",
+      "s3:AbortMultipartUpload",
+      "s3:ListMultipartUploadParts",
+      "ec2:DescribeSnapshots",
+      "ec2:DescribeVolumes",
+      "ec2:DescribeVolumeAttribute",
+      "ec2:DescribeVolumesModifications",
+      "ec2:DescribeVolumeStatus",
+      "ec2:CreateTags",
+      "ec2:CreateVolume",
+      "ec2:CreateSnapshot",
+      "ec2:DeleteSnapshot"
+    ],
+    "Resource": "*"
+  }
+ ]}
+EOF
+
+POLICY_ARN=$(aws iam create-policy --policy-name "RosaOadpVer1" \
+--policy-document file:///${SCRATCH}/policy.json --query Policy.Arn \
+--tags Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-oadp Key=operator_name,Value=openshift-oadp \
+--output text)
+fi
+----
++
+<1> `SCRATCH` is a name for a temporary directory created for the environment variables.
+
+.. View the policy ARN by running the following command:
++
+[source,terminal]
+----
+$ echo ${POLICY_ARN}
+----
+
+
+. Create an IAM role trust policy for the cluster:
+
+.. Create the trust policy file by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF > ${SCRATCH}/trust-policy.json
+{
+    "Version": "2012-10-17",
+    "Statement": [{
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT}"
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity",
+      "Condition": {
+        "StringEquals": {
+          "${OIDC_ENDPOINT}:sub": [
+            "system:serviceaccount:openshift-adp:openshift-adp-controller-manager",
+            "system:serviceaccount:openshift-adp:velero"]
+        }
+      }
+    }]
+}
+EOF
+----
+
+.. Create the role by running the following command:
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name \
+  "${ROLE_NAME}" \
+  --assume-role-policy-document file://${SCRATCH}/trust-policy.json \
+  --tags Key=rosa_cluster_id,Value=${ROSA_CLUSTER_ID}
+Key=rosa_openshift_version,Value=${CLUSTER_VERSION}
+Key=rosa_role_prefix,Value=ManagedOpenShift
+Key=operator_namespace,Value=openshift-adp
+Key=operator_name,Value=openshift-oadp \
+   --query Role.Arn --output text)
+----
+
+.. View the role ARN by running the following command:
++
+[source,terminal]
+----
+$ echo ${ROLE_ARN}
+----
+
+. Attach the IAM policy to the IAM role by running the following command:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy --role-name "${ROLE_NAME}" \
+  --policy-arn ${POLICY_ARN}
+----
+
+.Next steps
+
+* Continue to _Installing the OADP Operator and providing the IAM role_.
diff --git a/modules/oadp-release-notes-1-1-1.adoc b/modules/oadp-release-notes-1-1-1.adoc
index da19f92d1c28..509634591a43 100644
--- a/modules/oadp-release-notes-1-1-1.adoc
+++ b/modules/oadp-release-notes-1-1-1.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * backup_and_restore/oadp-release-notes.adoc
-:_content-type: REFERENCE
+// * backup_and_restore/oadp-release-notes-1-1.adoc
+:_mod-docs-content-type: REFERENCE
 [id="migration-oadp-release-notes-1-1-1_{context}"]
 = OADP 1.1.1 release notes
 
@@ -15,6 +15,16 @@ Before you install OADP 1.1.1, it is recommended to either install VolSync 0.5.1
 
 This release has the following known issues:
 
+* Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
++
+The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list].
++
+It is advised to upgrade to OADP 1.1.7 or 1.2.3, which resolve this issue.
++
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
++
+
+
 * OADP currently does not support backup and restore of AWS EFS volumes using restic in Velero (link:https://issues.redhat.com/browse/OADP-778[*OADP-778*]).
 
 * CSI backups might fail due to a Ceph limitation of `VolumeSnapshotContent` snapshots per PVC.
diff --git a/modules/oadp-release-notes-1-1-2.adoc b/modules/oadp-release-notes-1-1-2.adoc
index 25cb4b935c87..5ebb7257d327 100644
--- a/modules/oadp-release-notes-1-1-2.adoc
+++ b/modules/oadp-release-notes-1-1-2.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * backup_and_restore/oadp-release-notes.adoc
+// * backup_and_restore/oadp-release-notes-1-1.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="migration-oadp-release-notes-1-1-2_{context}"]
 = OADP 1.1.2 release notes
 
@@ -29,9 +29,9 @@ In this release, Velero has been upgraded from version 1.9.2 to version link:htt
 In this release, Restic has been upgraded from version 0.13.1 to version link:https://github.com/restic/restic/releases/tag/v0.14.0[0.14.0].
 
 [id="fixed-bugs_{context}"]
-== Fixed bugs
+== Resolved issues
 
-The following bugs have been fixed in this release:
+The following issues have been resolved in this release:
 
 * link:https://issues.redhat.com/browse/OADP-1150[OADP-1150]
 * link:https://issues.redhat.com/browse/OADP-290[OADP-290]
@@ -53,4 +53,4 @@ You can create many snapshots of the same persistent volume claim (PVC) but cann
 ** For RADOS Block Device (RBD), you can create up to 512 snapshots for each PVC. (link:https://issues.redhat.com/browse/OADP-975[*OADP-975*])
 --
 +
-For more information, see https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.11/html/managing_and_allocating_storage_resources/volume-snapshots_rhodf[Volume Snapshots].
+For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.11/html/managing_and_allocating_storage_resources/volume-snapshots_rhodf[Volume Snapshots].
diff --git a/modules/oadp-release-notes-1-1-3.adoc b/modules/oadp-release-notes-1-1-3.adoc
new file mode 100644
index 000000000000..74df038ab582
--- /dev/null
+++ b/modules/oadp-release-notes-1-1-3.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-1.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-1-3_{context}"]
+= OADP 1.1.3 release notes
+
+The OADP 1.1.3 release notes lists any new features, resolved issues and bugs, and known issues.
+
+[id="new-features1.1.3_{context}"]
+== New features
+
+This version of OADP is a service release. No new features are added to this version.
+
+[id="resolved-issues1.1.3_{context}"]
+== Resolved issues
+
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12418876[OADP 1.1.3 resolved issues] in Jira.
+
+[id="known-issues1.1.3_{context}"]
+== Known issues
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-1057?filter=12421175[OADP 1.1.3 known issues] in Jira.
+
+
diff --git a/modules/oadp-release-notes-1-1-4.adoc b/modules/oadp-release-notes-1-1-4.adoc
index 21343b5453a3..0c97f602ddd9 100644
--- a/modules/oadp-release-notes-1-1-4.adoc
+++ b/modules/oadp-release-notes-1-1-4.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * backup_and_restore/oadp-release-notes.adoc
+// * backup_and_restore/oadp-release-notes-1-1.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="migration-oadp-release-notes-1-1-4_{context}"]
 = OADP 1.1.4 release notes
 
@@ -14,9 +14,27 @@ The OADP 1.1.4 release notes lists any new features, resolved issues and bugs, a
 This version of OADP is a service release. No new features are added to this version.
 
 [id="resolved-issues1.1.4_{context}"]
-== Fixed bugs
+== Resolved issues
 
-The following bugs have been fixed in this release:
+.Add support for all the velero deployment server arguments
+
+In previous releases of OADP, OADP did not facilitate the support of all the upstream Velero server arguments. This issue has been resolved in OADP 1.1.4 and all the upstream Velero server arguments are supported. link:https://issues.redhat.com/browse/OADP-1557[OADP-1557]
+
+
+.Data Mover can restore from an incorrect snapshot when there was more than one VSR for the restore name and pvc name
+
+In previous releases of OADP, OADP Data Mover could restore from an incorrect snapshot if there was more than one Volume Snapshot Restore (VSR) resource in the cluster for the same Velero `restore` name and PersistentVolumeClaim (pvc) name. link:https://issues.redhat.com/browse/OADP-1822[OADP-1822]
+
+
+.Cloud Storage API BSLs need OwnerReference
+
+In previous releases of OADP, ACM BackupSchedules failed validation because of a missing `OwnerReference` on Backup Storage Locations (BSLs) created with `dpa.spec.backupLocations.bucket`. link:https://issues.redhat.com/browse/OADP-1511[OADP-1511]
+
+
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/browse/OADP-1557?filter=12420906[OADP 1.1.4 resolved issues] in Jira.
+
+////
+The following issues have been resolved in this release:
 
 * link:https://issues.redhat.com/browse/OADP-1557[OADP-1557]
 * link:https://issues.redhat.com/browse/OADP-1822[OADP-1822]
@@ -27,14 +45,23 @@ The following bugs have been fixed in this release:
 * link:https://issues.redhat.com/browse/OADP-1390[OADP-1390]
 * link:https://issues.redhat.com/browse/OADP-1650[OADP-1650]
 * link:https://issues.redhat.com/browse/OADP-1487[OADP-1487]
-
+////
 
 [id="known-issues1.1.4_{context}"]
 == Known issues
 
 This release has the following known issues:
 
-* OADP backups might fail because a UID/GID range might have changed on the cluster where the application has been restored, with the result that OADP does not back up and restore {product-title} UID/GID range metadata. To avoid the issue, if the backed application requires a specific UUID, ensure the range is available when restored. An additional workaround is to allow OADP to create the namespace in the restore operation.
+.OADP backups might fail because a UID/GID range might have changed on the cluster
+
+OADP backups might fail because a UID/GID range might have changed on the cluster where the application has been restored, with the result that OADP does not back up and restore {product-title} UID/GID range metadata. To avoid the issue, if the backed application requires a specific UUID, ensure the range is available when restored. An additional workaround is to allow OADP to create the namespace in the restore operation.
+
+.A restoration might fail if ArgoCD is used during the process due to a label used by ArgoCD
+
+A restoration might fail if ArgoCD is used during the process due to a label used by ArgoCD, `app.kubernetes.io/instance`. This label identifies which resources ArgoCD needs to manage, which can create a conflict with OADP's procedure for managing resources on restoration. To work around this issue, set `.spec.resourceTrackingMethod` on the ArgoCD YAML to `annotation+label` or `annotation`. If the issue continues to persist, then disable ArgoCD before beginning to restore, and enable it again when restoration is finished.
+
+.OADP Velero plugins returning "received EOF, stopping recv loop" message
 
-* A restoration might fail if ArgoCD is used during the process due to a label used by ArgoCD, `app.kubernetes.io/instance`. This label identifies which resources ArgoCD needs to manage, which can create a conflict with OADP's procedure for managing resources on restoration. To work around this issue, set `.spec.resourceTrackingMethod` on the ArgoCD YAML to `annotation+label` or `annotation`. If the issue continues to persist, then disable ArgoCD before beginning to restore, and enable it again when restoration is finished.
+Velero plugins are started as separate processes. When the Velero operation has completed, either successfully or not, they exit. Therefore if you see a `received EOF, stopping recv loop` messages in debug logs, it does not mean an error occurred. The message indicates that a plugin operation has completed. link:https://issues.redhat.com/browse/OADP-2176[OADP-2176]
 
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-1057?filter=12420908[OADP 1.1.4 known issues] in Jira.
diff --git a/modules/oadp-release-notes-1-1-5.adoc b/modules/oadp-release-notes-1-1-5.adoc
new file mode 100644
index 000000000000..bb702ba48886
--- /dev/null
+++ b/modules/oadp-release-notes-1-1-5.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-1.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-1-5_{context}"]
+= OADP 1.1.5 release notes
+
+The OADP 1.1.5 release notes lists any new features, resolved issues and bugs, and known issues.
+
+[id="new-features1.1.5_{context}"]
+== New features
+
+This version of OADP is a service release. No new features are added to this version.
+
+[id="resolved-issues1.1.5_{context}"]
+== Resolved issues
+
+// as there are only CVEs listed, I think I am ok to go with just a filter
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12418875[OADP 1.1.5 resolved issues] in Jira.
+
+
+[id="known-issues1.1.5_{context}"]
+== Known issues
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-1057?filter=12421178[OADP 1.1.5 known issues] in Jira.
+
diff --git a/modules/oadp-release-notes-1-1-6.adoc b/modules/oadp-release-notes-1-1-6.adoc
new file mode 100644
index 000000000000..58fc9829a5f5
--- /dev/null
+++ b/modules/oadp-release-notes-1-1-6.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-1.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-1-6_{context}"]
+= OADP 1.1.6 release notes
+
+The OADP 1.1.6 release notes lists any new features, resolved issues and bugs, and known issues.
+
+[id="resolved-issues1.1.6_{context}"]
+== Resolved issues
+
+.Restic restore partially failing due to Pod Security standard
+
+OCP 4.14 introduced pod security standards that meant the `privileged` profile is `enforced`. In previous releases of OADP, this profile caused the pod to receive `permission denied` errors. This issue was caused because of the restore order. The pod was created before the security context constraints (SCC) resource. As this pod violated the pod security standard, the pod was denied and subsequently failed. link:https://issues.redhat.com/browse/OADP-2420[OADP-2420]
+
+
+.Restore partially failing for job resource
+
+In previous releases of OADP, the restore of job resource was partially failing in OCP 4.14. This issue was not seen in older OCP versions. The issue was caused by an additional label being to the job resource, which was not present in older OCP versions. link:https://issues.redhat.com/browse/OADP-2530[OADP-2530]
+
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12420897[OADP 1.1.6 resolved issues] in Jira.
+
+
+[id="known-issues1.1.6_{context}"]
+== Known issues
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-2688?filter=12421263[OADP 1.1.6 known issues] in Jira.
+
+
diff --git a/modules/oadp-release-notes-1-1-7.adoc b/modules/oadp-release-notes-1-1-7.adoc
new file mode 100644
index 000000000000..8d73f8c4c333
--- /dev/null
+++ b/modules/oadp-release-notes-1-1-7.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-1.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-1-7_{context}"]
+= OADP 1.1.7 release notes
+
+The OADP 1.1.7 release notes lists any resolved issues and known issues.
+
+
+[id="resolved-issues1.1.7_{context}"]
+== Resolved issues
+
+The following highlighted issues are resolved in OADP 1.1.7:
+
+.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+
+In previous releases of OADP 1.1, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list].
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
+
+For a complete list of all issues resolved in the release of OADP 1.1.7, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.1.7 resolved issues] in Jira.
+
+
+[id="known-issues1.1.7_{context}"]
+== Known issues
+
+There are no known issues in the release of OADP 1.1.7.
+
+
+
diff --git a/modules/oadp-release-notes-1-2-0.adoc b/modules/oadp-release-notes-1-2-0.adoc
index 7403883eede7..e1b6593a661a 100644
--- a/modules/oadp-release-notes-1-2-0.adoc
+++ b/modules/oadp-release-notes-1-2-0.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * backup_and_restore/oadp-release-notes.adoc
+// * backup_and_restore/oadp-release-notes-1-2.adoc
 
-:_content-type: REFERENCE
-[id="migration-oadp-release-notes-1-2-0_{context}"]
+:_mod-docs-content-type: REFERENCE
+[id="oadp-release-notes-1-2-0_{context}"]
 = OADP 1.2.0 release notes
 
 The OADP 1.2.0 release notes include information about new features, bug fixes, and known issues.
@@ -11,71 +11,74 @@ The OADP 1.2.0 release notes include information about new features, bug fixes,
 [id="new-features_{context}"]
 == New features
 
-.link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/backup_and_restore/application-backup-and-restore#installing-oadp-aws[Resource timeouts]
-The new `resourceTimeout` option specifies the timeout duration in minutes for waiting on various Velero resources. This option applies to resources such as Velero CRD availability, `volumeSnapshot` deletion, and backup repository availability. The default duration is ten minutes.
+.Resource timeouts
+The new `resourceTimeout` option specifies the timeout duration in minutes for waiting on various Velero resources. This option applies to resources such as Velero CRD availability, `volumeSnapshot` deletion, and backup repository availability. The default duration is 10 minutes.
 
-.link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/backup_and_restore/application-backup-and-restore#oadp-s3-compatible-backup-storage-providers_about-installing-oadp[AWS S3 compatible backup storage providers]
+.AWS S3 compatible backup storage providers
 You can back up objects and snapshots on AWS S3 compatible providers.
 
+
 [id="new-features-tech-preview-1-2-0_{context}"]
 === Technical preview features
 
-.link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/backup_and_restore/application-backup-and-restore#installing-and-configuring-oadp[Data Mover]
+.Data Mover
 The OADP Data Mover enables you to back up Container Storage Interface (CSI) volume snapshots to a remote object store. When you enable Data Mover, you can restore stateful applications using CSI volume snapshots pulled from the object store in case of accidental cluster deletion, cluster failure, or data corruption.
 
 :FeatureName: OADP Data Mover
 include::snippets/technology-preview.adoc[]
 
 [id="fixed-bugs-1-2-0_{context}"]
-== Fixed bugs
-
-The following bugs have been fixed in this release:
-
-* link:https://issues.redhat.com/browse/OADP-144[OADP-144]
-* link:https://issues.redhat.com/browse/OADP-639[OADP-639]
-* link:https://issues.redhat.com/browse/OADP-1741[OADP-1741]
-* link:https://issues.redhat.com/browse/OADP-1152[OADP-1152]
-* link:https://issues.redhat.com/browse/OADP-1143[OADP-1143]
-* link:https://issues.redhat.com/browse/OADP-1931[OADP-1931]
-* link:https://issues.redhat.com/browse/OADP-148[OADP-148]
-* link:https://issues.redhat.com/browse/OADP-1067[OADP-1067]
-* link:https://issues.redhat.com/browse/OADP-1332[OADP-1332]
-* link:https://issues.redhat.com/browse/OADP-1164[OADP-1164]
-* link:https://issues.redhat.com/browse/OADP-1105[OADP-1105]
-* link:https://issues.redhat.com/browse/OADP-2009[OADP-2009]
-* link:https://issues.redhat.com/browse/OADP-1370[OADP-1370]
-* link:https://issues.redhat.com/browse/OADP-969[OADP-969]
-* link:https://issues.redhat.com/browse/OADP-1672[OADP-1672]
-* link:https://issues.redhat.com/browse/OADP-1151[OADP-1151]
-* link:https://issues.redhat.com/browse/OADP-988[OADP-988]
-* link:https://issues.redhat.com/browse/OADP-1941[OADP-1941]
-* link:https://issues.redhat.com/browse/OADP-1830[OADP-1830]
-* link:https://issues.redhat.com/browse/OADP-1821[OADP-1821]
-* link:https://issues.redhat.com/browse/OADP-1783[OADP-1783]
-* link:https://issues.redhat.com/browse/OADP-1719[OADP-1719]
-* link:https://issues.redhat.com/browse/OADP-1833[OADP-1833]
-* link:https://issues.redhat.com/browse/OADP-1872[OADP-1872]
-* link:https://issues.redhat.com/browse/OADP-2047[OADP-2047]
-* link:https://issues.redhat.com/browse/OADP-1932[OADP-1932]
-* link:https://issues.redhat.com/browse/OADP-1844[OADP-1844]
-* link:https://issues.redhat.com/browse/OADP-1182[OADP-1182]
-* link:https://issues.redhat.com/browse/OADP-1183[OADP-1183]
-* link:https://issues.redhat.com/browse/OADP-1798[OADP-1798]
-* link:https://issues.redhat.com/browse/OADP-1726[OADP-1726]
-* link:https://issues.redhat.com/browse/OADP-821[OADP-821]
-* link:https://issues.redhat.com/browse/OADP-1833[OADP-1781]
-* link:https://issues.redhat.com/browse/OADP-697[OADP-697]
-* link:https://issues.redhat.com/browse/OADP-1281[OADP-1281]
-* link:https://issues.redhat.com/browse/OADP-1077[OADP-1077]
-* link:https://issues.redhat.com/browse/OADP-1076[OADP-1076]
-* link:https://issues.redhat.com/browse/OADP-1670[OADP-1670]
-* link:https://issues.redhat.com/browse/OADP-1307[OADP-1307]
-* link:https://issues.redhat.com/browse/OADP-1640[OADP-1640]
-* link:https://issues.redhat.com/browse/OADP-1987[OADP-1987]
-* link:https://issues.redhat.com/browse/OADP-1934[OADP-1934]
+== Resolved issues
+
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12418878[OADP 1.2.0 resolved issues] in Jira.
 
 [id="known-issues-1-2-0_{context}"]
 == Known issues
 
-This release does not have any known issues.
+The following issues have been highlighted as known issues in the release of OADP 1.2.0:
+
+.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+
+The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption.
+
+It is advised to upgrade to OADP 1.2.3, which resolves this issue.
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
+
+.An incorrect hostname can be created when changing a hostname in a generated route.
+
+By default, the {product-title} cluster makes sure that the `openshift.io/host.generated: true` annotation is turned on and fills in the field for both the routes that are generated and those that are not generated.
+
+You cannot modify the value for the `.spec.host` field based on the base domain name of your cluster in the generated and non-generated routes.
+
+If you modify the value for the `.spec.host` field, it is not possible to restore the default value that was generated by the {product-title} cluster. After you restore your {product-title} cluster, the Operator resets the value for the field.
+
+[id="Upgrade-notes-1-2-0_{context}"]
+== Upgrade notes
+
+[NOTE]
+====
+Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, then to 1.3.
+====
+
+[id="changes-oadp-1-1-to-1-2_{context}"]
+=== Changes from OADP 1.1 to 1.2
+
+The Velero server was updated from version 1.9 to 1.11.
+
+In OADP 1.2, the `DataProtectionApplication` (DPA) configuration `spec.configuration.velero.args` has the following changes:
+
+* The `default-volumes-to-restic` field was renamed to `default-volumes-to-fs-backup`. If you use `spec.velero`, you must add it again with the new name to your DPA after upgrading OADP.
+
+* The `default-volumes-to-restic` field was renamed to `default-volumes-to-fs-backup`. If you use `spec.velero`, you must add it again with the new name to your DPA after upgrading OADP.
+
+* The `restic-timeout` field was renamed to `fs-backup-timeout`. If you use `spec.velero`, you must add it again with the new name to your DPA after upgrading OADP.
+
+* The `restic` daemon set was renamed to `node-agent`. OADP automatically updates the name of the daemon set.
+
+* The custom resource definition `resticrepositories.velero.io` was renamed to `backuprepositories.velero.io`.
+
+* The custom resource definition `resticrepositories.velero.io` can be removed from the cluster.
 
+[id="upgrade-steps-1-2-0_{context}"]
+=== Upgrading steps
diff --git a/modules/oadp-release-notes-1-2-1.adoc b/modules/oadp-release-notes-1-2-1.adoc
new file mode 100644
index 000000000000..41e7d5e4283e
--- /dev/null
+++ b/modules/oadp-release-notes-1-2-1.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-2-1_{context}"]
+= OADP 1.2.1 release notes
+
+
+[id="new-features-1-2-1_{context}"]
+== New features
+
+There are no new features in the release of {oadp-first} 1.2.1.
+
+// :FeatureName: OADP Data Mover
+// include::snippets/technology-preview.adoc[]
+
+[id="resolved-issues-1-2-1_{context}"]
+== Resolved issues
+
+For a complete list of all issues resolved in the release of OADP 1.2.1, see the list of link:https://issues.redhat.com/issues/?filter=12417849[OADP 1.2.1 resolved issues] in Jira.
+
+// Jira filter - project = OADP AND issuetype = Bug AND status in (Verified, "Release Pending", Closed) AND priority in (Blocker, Critical, Major) AND fixVersion = "OADP 1.2.1" AND component != Documentation
+
+[id="known-issues-1-2-1_{context}"]
+== Known issues
+
+The following issues have been highlighted as known issues in the release of OADP 1.2.1:
+
+.DataMover Restic retain and prune policies do not work as expected
+
+The retention and prune features provided by VolSync and Restic are not working as expected. Because there is no working option to set the prune interval on VolSync replication, you have to manage and prune remotely stored backups on S3 storage outside of OADP. For more details, see:
+
+* link:https://issues.redhat.com/browse/OADP-2052[OADP-2052]
+* link:https://issues.redhat.com/browse/OADP-2048[OADP-2048]
+* link:https://issues.redhat.com/browse/OADP-2175[OADP-2175]
+* link:https://issues.redhat.com/browse/OADP-1690[OADP-1690]
+
+:FeatureName: OADP Data Mover
+include::snippets/technology-preview.adoc[]
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-2257?filter=12418892[OADP 1.2.1 known issues] in Jira.
+
+// Jira filter - project = OADP AND issuetype = Bug AND status not in (Verified, "Release Pending", Closed) AND affectedVersion = "OADP 1.2.1"
+// or
+// project = OADP AND issuetype = Bug AND status not in (Verified, "Release Pending", Closed) AND (affectedVersion <= "OADP 1.2.1" and affectedVersion >= "OADP 1.2.0")
diff --git a/modules/oadp-release-notes-1-2-2.adoc b/modules/oadp-release-notes-1-2-2.adoc
new file mode 100644
index 000000000000..853b73e05a65
--- /dev/null
+++ b/modules/oadp-release-notes-1-2-2.adoc
@@ -0,0 +1,89 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-2-2_{context}"]
+= OADP 1.2.2 release notes
+
+
+[id="new-features-1-2-2_{context}"]
+== New features
+
+There are no new features in the release of {oadp-first} 1.2.2.
+
+// :FeatureName: OADP Data Mover
+// include::snippets/technology-preview.adoc[]
+
+[id="resolved-issues-1-2-2_{context}"]
+== Resolved issues
+
+The following highlighted issues are resolved in OADP 1.2.2:
+
+
+.Restic restore partially failed due to a Pod Security standard
+
+In previous releases of OADP 1.2, {OCP} 4.14 enforced a pod security admission (PSA) policy that hindered the readiness of pods during a Restic restore process.
+
+This issue has been resolved in the release of OADP 1.2.2, and also OADP 1.1.6. Therefore, it is recommended that users upgrade to these releases.
+
+For more information, see link:https://docs.openshift.com/container-platform/4.14/backup_and_restore/application_backup_and_restore/troubleshooting.html#oadp-restic-restore-failing-psa-policy_oadp-troubleshooting[Restic restore partially failing on OCP 4.14 due to changed PSA policy]. link:https://issues.redhat.com/browse/OADP-2094[(OADP-2094)]
+
+
+.Backup of an app with internal images partially failed with plugin panicked error
+
+In previous releases of OADP 1.2, the backup of an application with internal images partially failed with plugin panicked error returned. The backup partially fails with this error in the Velero logs:
+
+[source,terminal]
+----
+time="2022-11-23T15:40:46Z" level=info msg="1 errors encountered backup up item" backup=openshift-adp/django-persistent-67a5b83d-6b44-11ed-9cba-902e163f806c logSource="/remote-source/velero/app/pkg/backup/backup.go:413" name=django-psql-persistent
+time="2022-11-23T15:40:46Z" level=error msg="Error backing up item" backup=openshift-adp/django-persistent-67a5b83d-6b44-11ed-9cba-902e163f8
+----
+
+This issue has been resolved in OADP 1.2.2. link:https://issues.redhat.com/browse/OADP-1057[(OADP-1057)].
+
+
+.ACM cluster restore was not functioning as expected due to restore order
+
+In previous releases of OADP 1.2, ACM cluster restore was not functioning as expected due to restore order. ACM applications were removed and re-created on managed clusters after restore activation. link:https://issues.redhat.com/browse/OADP-2505[(OADP-2505)]
+
+
+.VM's using filesystemOverhead failed when backing up and restoring due to volume size mismatch
+
+In previous releases of OADP 1.2, due to storage provider implementation choices, whenever there was a difference between the application persistent volume claims (PVCs) storage request and the snapshot size of the same PVC, VM's using filesystemOverhead failed when backing up and restoring. This issue has been resolved in the Data Mover of OADP 1.2.2. link:https://issues.redhat.com/browse/OADP-2144[(OADP-2144)]
+
+
+.OADP did not contain an option to set VolSync replication source prune interval
+
+In previous releases of OADP 1.2, there was no option to set the VolSync replication source `pruneInterval`. link:https://issues.redhat.com/browse/OADP-2052[(OADP-2052)]
+
+
+.Possible pod volume backup failure if Velero was installed in multiple namespaces
+
+In previous releases of OADP 1.2, there was a possibility of pod volume backup failure if Velero was installed in multiple namespaces. link:https://issues.redhat.com/browse/OADP-2409[(OADP-2409)]
+
+
+.Backup Storage Locations moved to unavailable phase when VSL uses custom secret
+
+In previous releases of OADP 1.2, Backup Storage Locations moved to unavailable phase when Volume Snapshot Location used custom secret. link:https://issues.redhat.com/browse/OADP-1737[(OADP-1737)]
+
+
+For a complete list of all issues resolved in the release of OADP 1.2.2, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.2.2 resolved issues] in Jira.
+
+
+[id="known-issues-1-2-2_{context}"]
+== Known issues
+
+The following issues have been highlighted as known issues in the release of OADP 1.2.2:
+
+.Must-gather command fails to remove ClusterRoleBinding resources
+
+The `oc adm must-gather` command fails to remove `ClusterRoleBinding` resources, which are left on cluster due to admission webhook. Therefore, requests for the removal of the `ClusterRoleBinding` resources are denied. link:https://issues.redhat.com/browse/OADP-2773[(OADP-27730)]
+
+[source,terminal]
+----
+admission webhook "clusterrolebindings-validation.managed.openshift.io" denied the request: Deleting ClusterRoleBinding must-gather-p7vwj is not allowed
+----
+
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-2773?filter=12422263[OADP 1.2.2 known issues] in Jira.
diff --git a/modules/oadp-release-notes-1-2-3.adoc b/modules/oadp-release-notes-1-2-3.adoc
new file mode 100644
index 000000000000..bf7bd0748e31
--- /dev/null
+++ b/modules/oadp-release-notes-1-2-3.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="migration-oadp-release-notes-1-2-3_{context}"]
+= OADP 1.2.3 release notes
+
+
+[id="new-features-1-2-3_{context}"]
+== New features
+
+There are no new features in the release of {oadp-first} 1.2.3.
+
+// :FeatureName: OADP Data Mover
+// include::snippets/technology-preview.adoc[]
+
+[id="resolved-issues-1-2-3_{context}"]
+== Resolved issues
+
+The following highlighted issues are resolved in OADP 1.2.3:
+
+
+.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+
+In previous releases of OADP 1.2, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list].
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
+
+
+For a complete list of all issues resolved in the release of OADP 1.2.3, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.2.3 resolved issues] in Jira.
+
+
+[id="known-issues-1-2-3_{context}"]
+== Known issues
+
+There are no known issues in the release of OADP 1.2.3.
+
diff --git a/modules/oadp-release-notes-1-3-0.adoc b/modules/oadp-release-notes-1-3-0.adoc
new file mode 100644
index 000000000000..062d5a5133cd
--- /dev/null
+++ b/modules/oadp-release-notes-1-3-0.adoc
@@ -0,0 +1,156 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-3.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="oadp-release-notes-1-3-0_{context}"]
+= OADP 1.3.0 release notes
+
+The {oadp-first} 1.3.0 release notes lists new features, resolved issues and bugs, and known issues.
+
+[id="new-features-1-3-0_{context}"]
+== New features
+
+.Velero built-in DataMover
+
+OADP 1.3 includes a built-in Data Mover that you can use to move Container Storage Interface (CSI) volume snapshots to a remote object store. The built-in Data Mover allows you to restore stateful applications from the remote object store if a failure, accidental deletion, or corruption of the cluster occurs. It uses Kopia as the uploader mechanism to read the snapshot data and to write to the Unified Repository.
+
+
+:FeatureName: Velero built-in DataMover
+include::snippets/technology-preview.adoc[]
+
+.Backing up applications with File System Backup: Kopia or Restic
+
+Velero’s File System Backup (FSB) supports two backup libraries: the Restic path and the Kopia path.
+
+Velero allows users to select between the two paths.
+
+For backup, specify the path during the installation through the `uploader-type` flag. The valid value is either `restic` or `kopia`. This field defaults to `kopia` if the value is not specified. The selection cannot be changed after the installation.
+
+.GCP Cloud authentication
+
+Google Cloud Platform (GCP) authentication enables you to use short-lived Google credentials.
+
+GCP with Workload Identity Federation enables you to use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This eliminates the maintenance and security risks associated with service account keys.
+
+.AWS ROSA STS authentication
+
+You can use {oadp-first} with {product-rosa} (ROSA) clusters to backup and restore application data.
+
+ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to speed up the building and delivering of differentiating experiences to your customers.
+
+You can subscribe to the service directly from your AWS account.
+
+After the clusters are created, you can operate your clusters by using the OpenShift web console. The ROSA service also uses OpenShift APIs and command-line interface (CLI) tools.
+
+[id="resolved-issues-1-3-0_{context}"]
+== Resolved issues
+
+.ACM applications were removed and re-created on managed clusters after restore
+Applications on managed clusters were deleted and re-created upon restore activation. {oadp-full} (OADP 1.2) backup and restore process is faster than the older versions. The OADP performance change caused this behavior when restoring ACM resources. Therefore, some resources were restored before other resources, which caused the removal of the applications from managed clusters.
+link:https://issues.redhat.com/browse/OADP-2686[OADP-2686]
+
+
+.Restic restore was partially failing due to Pod Security standard
+
+During interoperability testing, {product-title} 4.14 had the pod Security mode set to `enforce`, which caused the pod to be denied. This was caused due to the restore order. The pod was getting created before the security context constraints (SCC) resource, since the pod violated the `podSecurity` standard, it denied the pod. When setting the restore priority field on the Velero server, restore is successful. link:https://issues.redhat.com/browse/OADP-2688[OADP-2688]
+
+.Possible pod volume backup failure if Velero is installed in several namespaces
+
+There was a regresssion in Pod Volume Backup (PVB) functionality when Velero was installed in several namespaces. The PVB controller was not properly limiting itself to PVBs in its own namespace.
+link:https://issues.redhat.com/browse/OADP-2308[OADP-2308]
+
+.OADP Velero plugins returning "received EOF, stopping recv loop" message
+
+In OADP, Velero plugins were started as separate processes. When the Velero operation completes, either successfully or not, they exit. Therefore, if you see a `received EOF, stopping recv loop` messages in debug logs, it does not mean an error occurred, it means that a plugin operation has completed. link:https://issues.redhat.com/browse/OADP-2176[OADP-2176]
+
+.CVE-2023-39325 Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+In previous releases of OADP, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption.
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)]
+
+
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12422837[OADP 1.3.0 resolved issues] in Jira.
+
+[id="known-issues-1-3-0_{context}"]
+== Known issues
+
+.CSI plugin errors on nil pointer when csiSnapshotTimeout is set to a short duration
+The CSI plugin errors on nil pointer when `csiSnapshotTimeout` is set to a short duration. Sometimes it succeeds to complete the snapshot within a short duration, but often it panics with the backup `PartiallyFailed` with the following error: `plugin panicked: runtime error: invalid memory address or nil pointer dereference`.
+
+.Backup is marked as PartiallyFailed when volumeSnapshotContent CR has an error
+If any of the `VolumeSnapshotContent` CRs have an error related to removing the `VolumeSnapshotBeingCreated` annotation, it moves the backup to the `WaitingForPluginOperationsPartiallyFailed` phase. link:https://issues.redhat.com/browse/OADP-2871[OADP-2871]
+
+.Performance issues when restoring 30,000 resources for the first time
+When restoring 30,000 resources for the first time, without an existing-resource-policy, it takes twice as long to restore them, than it takes during the second and third try with an existing-resource-policy set to `update`. link:https://issues.redhat.com/browse/OADP-3071[OADP-3071]
+
+.Post restore hooks might start running before Datadownload operation has released the related PV
+Due to the asynchronous nature of the Data Mover operation, a post-hook might be attempted before the related pods persistent volumes (PVs) are released by the Data Mover persistent volume claim (PVC).
+
+
+.GCP-Workload Identity Federation VSL backup PartiallyFailed
+VSL backup `PartiallyFailed` when GCP workload identity is configured on GCP.
+
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/issues/?filter=12422838[OADP 1.3.0 known issues] in Jira.
+
+[id="upgrade-notes-1-3-0_{context}"]
+== Upgrade notes
+
+[NOTE]
+====
+Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, and then to 1.3.
+====
+
+[id="changes-oadp-1-2-to-1-3_{context}"]
+=== Changes from OADP 1.2 to 1.3
+
+The Velero server has been updated from version 1.11 to 1.12.
+
+{oadp-first} 1.3 uses the Velero built-in Data Mover instead of the VolumeSnapshotMover (VSM) or the Volsync Data Mover.
+
+This changes the following:
+
+* The `spec.features.dataMover` field and the VSM plugin are not compatible with OADP 1.3, and you must remove the configuration from the `DataProtectionApplication` (DPA) configuration.
+
+* The Volsync Operator is no longer required for Data Mover functionality, and you can remove it.
+
+* The custom resource definitions `volumesnapshotbackups.datamover.oadp.openshift.io` and `volumesnapshotrestores.datamover.oadp.openshift.io` are no longer required, and you can remove them.
+
+* The secrets used for the OADP-1.2 Data Mover are no longer required, and you can remove them.
+
+OADP 1.3 supports Kopia, which is an alternative file system backup tool to Restic.
+
+* To employ Kopia, use the new `spec.configuration.nodeAgent` field as shown in the following example:
++
+.Example
+[source,yaml]
+----
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: kopia
+# ...
+----
+
+* The `spec.configuration.restic` field is deprecated in OADP 1.3 and will be removed in a future version of OADP. To avoid seeing deprecation warnings, remove the `restic` key and its values, and use the following new syntax:
++
+.Example
+[source,yaml]
+----
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: restic
+# ...
+----
+
+[NOTE]
+====
+In a future OADP release, it is planned that the `kopia` tool will become the default `uploaderType` value.
+====
+
+[id="upgrade-steps-1-3-0_{context}"]
+=== Upgrading steps
diff --git a/modules/oadp-restic-issues.adoc b/modules/oadp-restic-issues.adoc
index 4d272712e7c8..0936e77c6ea8 100644
--- a/modules/oadp-restic-issues.adoc
+++ b/modules/oadp-restic-issues.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-restic-issues_{context}"]
 = Restic issues
 
diff --git a/modules/oadp-restic-restore-failing-psa-policy.adoc b/modules/oadp-restic-restore-failing-psa-policy.adoc
new file mode 100644
index 000000000000..b67f0fc98fe1
--- /dev/null
+++ b/modules/oadp-restic-restore-failing-psa-policy.adoc
@@ -0,0 +1,74 @@
+:_mod-docs-content-type: PROCEDURE
+[id="oadp-restic-restore-failing-psa-policy_{context}"]
+= Restic restore partially failing on OCP 4.14 due to changed PSA policy
+
+{ocp} 4.14 enforces a Pod Security Admission (PSA) policy that can hinder the readiness of pods during a Restic restore process. 
+
+If a `SecurityContextConstraints` (SCC) resource is not found when a pod is created, and the PSA policy on the pod is not set up to meet the required standards, pod admission is denied. 
+
+This issue arises due to the resource restore order of Velero.
+
+.Sample error
+[source,text]
+----
+\"level=error\" in line#2273: time=\"2023-06-12T06:50:04Z\"
+level=error msg=\"error restoring mysql-869f9f44f6-tp5lv: pods\\\
+"mysql-869f9f44f6-tp5lv\\\" is forbidden: violates PodSecurity\\\
+"restricted:v1.24\\\": privil eged (container \\\"mysql\\\
+" must not set securityContext.privileged=true),
+allowPrivilegeEscalation != false (containers \\\
+"restic-wait\\\", \\\"mysql\\\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers \\\
+"restic-wait\\\", \\\"mysql\\\" must set securityContext.capabilities.drop=[\\\"ALL\\\"]), seccompProfile (pod or containers \\\
+"restic-wait\\\", \\\"mysql\\\" must set securityContext.seccompProfile.type to \\\
+"RuntimeDefault\\\" or \\\"Localhost\\\")\" logSource=\"/remote-source/velero/app/pkg/restore/restore.go:1388\" restore=openshift-adp/todolist-backup-0780518c-08ed-11ee-805c-0a580a80e92c\n
+velero container contains \"level=error\" in line#2447: time=\"2023-06-12T06:50:05Z\"
+level=error msg=\"Namespace todolist-mariadb,
+resource restore error: error restoring pods/todolist-mariadb/mysql-869f9f44f6-tp5lv: pods \\\
+"mysql-869f9f44f6-tp5lv\\\" is forbidden: violates PodSecurity \\\"restricted:v1.24\\\": privileged (container \\\
+"mysql\\\" must not set securityContext.privileged=true),
+allowPrivilegeEscalation != false (containers \\\
+"restic-wait\\\",\\\"mysql\\\" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers \\\
+"restic-wait\\\", \\\"mysql\\\" must set securityContext.capabilities.drop=[\\\"ALL\\\"]), seccompProfile (pod or containers \\\
+"restic-wait\\\", \\\"mysql\\\" must set securityContext.seccompProfile.type to \\\
+"RuntimeDefault\\\" or \\\"Localhost\\\")\"
+logSource=\"/remote-source/velero/app/pkg/controller/restore_controller.go:510\"
+restore=openshift-adp/todolist-backup-0780518c-08ed-11ee-805c-0a580a80e92c\n]",
+----
+
+.Solution
+
+. In your DPA custom resource (CR), check or set the `restore-resource-priorities` field on the Velero server to ensure that `securitycontextconstraints` is listed in order before `pods` in the list of resources:
++
+[source,terminal]
+----
+$ oc get dpa -o yaml
+----
++
+.Example DPA CR
+[source,yaml]
+----
+# ...
+configuration:
+  restic:
+    enable: true
+  velero:
+    args:
+      restore-resource-priorities: 'securitycontextconstraints,customresourcedefinitions,namespaces,storageclasses,volumesnapshotclass.snapshot.storage.k8s.io,volumesnapshotcontents.snapshot.storage.k8s.io,volumesnapshots.snapshot.storage.k8s.io,datauploads.velero.io,persistentvolumes,persistentvolumeclaims,serviceaccounts,secrets,configmaps,limitranges,pods,replicasets.apps,clusterclasses.cluster.x-k8s.io,endpoints,services,-,clusterbootstraps.run.tanzu.vmware.com,clusters.cluster.x-k8s.io,clusterresourcesets.addons.cluster.x-k8s.io' <1>
+    defaultPlugins:
+    - gcp
+    - openshift
+----
+<1> If you have an existing restore resource priority list, ensure you combine that existing list with the complete list.
+
+. Ensure that the security standards for the application pods are aligned, as provided in link:https://access.redhat.com/solutions/7002730[Fixing PodSecurity Admission warnings for deployments], to prevent deployment warnings. If the application is not aligned with security standards, an error can occur regardless of the SCC. 
+
+[NOTE]
+====
+This solution is temporary, and ongoing discussions are in progress to address it. 
+====
+
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://access.redhat.com/solutions/7002730[Fixing PodSecurity Admission warnings for deployments]
diff --git a/modules/oadp-restic-timeouts.adoc b/modules/oadp-restic-timeouts.adoc
new file mode 100644
index 000000000000..5aa05467d74f
--- /dev/null
+++ b/modules/oadp-restic-timeouts.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="restic-timeout_{context}"]
+= Restic timeout
+
+`timeout` defines the Restic timeout. The default value is `1h`.
+
+Use the Restic `timeout` for the following scenarios:
+
+* For Restic backups with total PV data usage that is greater than 500GB.
+* If backups are timing out with the following error:
++
+[source,terminal]
+----
+level=error msg="Error backing up item" backup=velero/monitoring error="timed out waiting for all PodVolumeBackups to complete"
+----
+
+.Procedure
+* Edit the values in the `spec.configuration.restic.timeout` block of the `DataProtectionApplication` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+ name: <dpa_name>
+spec:
+  configuration:
+    restic:
+      timeout: 1h
+# ...
+----
diff --git a/modules/oadp-s3-compatible-backup-storage-providers.adoc b/modules/oadp-s3-compatible-backup-storage-providers.adoc
index d75b6191ac29..02c2628b4e91 100644
--- a/modules/oadp-s3-compatible-backup-storage-providers.adoc
+++ b/modules/oadp-s3-compatible-backup-storage-providers.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oadp-s3-compatible-backup-storage-providers_{context}"]
 = AWS S3 compatible backup storage providers
 
@@ -11,10 +11,10 @@ OADP is compatible with many object storage providers for use with different bac
 [id="oadp-s3-compatible-backup-storage-providers-supported"]
 == Supported backup storage providers
 
-The following AWS S3 compatible object storage providers, are fully supported by OADP through the AWS plugin for use as backup storage locations:
+The following AWS S3 compatible object storage providers are fully supported by OADP through the AWS plugin for use as backup storage locations:
 
 * MinIO
-* Multicloud Object Gateway (MCG) with NooBaa
+* Multicloud Object Gateway (MCG)
 * Amazon Web Services (AWS) S3
 
 [NOTE]
@@ -30,15 +30,17 @@ The following compatible object storage providers are supported and have their o
 
 The following AWS S3 compatible object storage providers, are known to work with Velero through the AWS plugin, for use as backup storage locations, however, they are unsupported and have not been tested by Red Hat:
 
-* IBM Cloud
+* {ibm-cloud-name}
 * Oracle Cloud
 * DigitalOcean
-* NooBaa
+* NooBaa, unless installed using Multicloud Object Gateway (MCG)
 * Tencent Cloud
 * Ceph RADOS v12.2.7
 * Quobyte
 * Cloudian HyperStore
 
+include::snippets/snip-noobaa-and-mcg.adoc[]
+
 [id="oadp-s3-compatible-backup-storage-providers-known-limitations"]
 == Backup storage providers with known limitations
 
diff --git a/modules/oadp-scheduling-backups.adoc b/modules/oadp-scheduling-backups.adoc
deleted file mode 100644
index 6cebfd5e977c..000000000000
--- a/modules/oadp-scheduling-backups.adoc
+++ /dev/null
@@ -1,71 +0,0 @@
-// Module included in the following assemblies:
-//
-// * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
-
-:_content-type: PROCEDURE
-[id="oadp-scheduling-backups_{context}"]
-= Scheduling backups
-
-You schedule backups by creating a `Schedule` custom resource (CR) instead of a `Backup` CR.
-
-[WARNING]
-====
-Leave enough time in your backup schedule for a backup to finish before another backup is created.
-
-For example, if a backup of a namespace typically takes 10 minutes, do not schedule backups more frequently than every 15 minutes.
-====
-
-.Prerequisites
-
-* You must install the OpenShift API for Data Protection (OADP) Operator.
-* The `DataProtectionApplication` CR must be in a `Ready` state.
-
-.Procedure
-
-. Retrieve the `backupStorageLocations` CRs:
-+
-[source,terminal]
-----
-$ oc get backupStorageLocations -n openshift-adp
-----
-+
-.Example output
-+
-[source,terminal]
-----
-NAMESPACE       NAME              PHASE       LAST VALIDATED   AGE   DEFAULT
-openshift-adp   velero-sample-1   Available   11s              31m
-----
-
-. Create a `Schedule` CR, as in the following example:
-+
-[source,yaml]
-----
-$ cat << EOF | oc apply -f -
-apiVersion: velero.io/v1
-kind: Schedule
-metadata:
-  name: <schedule>
-  namespace: openshift-adp
-spec:
-  schedule: 0 7 * * * <1>
-  template:
-    hooks: {}
-    includedNamespaces:
-    - <namespace> <2>
-    storageLocation: <velero-sample-1> <3>
-    defaultVolumesToRestic: true <4>
-    ttl: 720h0m0s
-EOF
-----
-<1> `cron` expression to schedule the backup, for example, `0 7 * * *` to perform a backup every day at 7:00.
-<2> Array of namespaces to back up.
-<3> Name of the `backupStorageLocations` CR.
-<4> Optional: Add the `defaultVolumesToRestic: true` key-value pair if you are backing up volumes with Restic.
-
-. Verify that the status of the `Schedule` CR is `Completed` after the scheduled backup runs:
-+
-[source,terminal]
-----
-$ oc get schedule -n openshift-adp <schedule> -o jsonpath='{.status.phase}'
-----
diff --git a/modules/oadp-secrets-for-different-credentials.adoc b/modules/oadp-secrets-for-different-credentials.adoc
index eabe57192b09..1e87c83b7731 100644
--- a/modules/oadp-secrets-for-different-credentials.adoc
+++ b/modules/oadp-secrets-for-different-credentials.adoc
@@ -6,7 +6,7 @@
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
 // * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-secrets-for-different-credentials_{context}"]
 ifdef::installing-oadp-aws[]
 = Creating profiles for different credentials
diff --git a/modules/oadp-self-signed-certificate.adoc b/modules/oadp-self-signed-certificate.adoc
index 3472eb4b234b..a670cb99fd01 100644
--- a/modules/oadp-self-signed-certificate.adoc
+++ b/modules/oadp-self-signed-certificate.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/configuring-oadp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-self-signed-certificate_{context}"]
 = Enabling self-signed CA certificates
 
@@ -18,7 +18,7 @@ You must enable a self-signed CA certificate for object storage by editing the `
 +
 [source,yaml]
 ----
-apiVersion: oadp.openshift.io/v1beta1
+apiVersion: oadp.openshift.io/v1alpha1
 kind: DataProtectionApplication
 metadata:
   name: <dpa_sample>
diff --git a/modules/oadp-setting-resource-limits-and-requests.adoc b/modules/oadp-setting-resource-limits-and-requests.adoc
index f1f376705e56..17c366b88d56 100644
--- a/modules/oadp-setting-resource-limits-and-requests.adoc
+++ b/modules/oadp-setting-resource-limits-and-requests.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/configuring-oadp.adoc
 // * virt/backup_restore/virt-installing-configuring-oadp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-setting-resource-limits-and-requests_{context}"]
 = Setting Velero CPU and memory resource allocations
 
@@ -19,7 +19,7 @@ You set the CPU and memory resource allocations for the `Velero` pod by editing
 +
 [source,yaml]
 ----
-apiVersion: oadp.openshift.io/v1beta1
+apiVersion: oadp.openshift.io/v1alpha1
 kind: DataProtectionApplication
 metadata:
   name: <dpa_sample>
@@ -29,12 +29,20 @@ spec:
     velero:
       podConfig:
         nodeSelector: <node selector> <1>
-        resourceAllocations:
+        resourceAllocations: <2>
           limits:
             cpu: "1"
-            memory: 512Mi
+            memory: 1024Mi
           requests:
-            cpu: 500m
+            cpu: 200m
             memory: 256Mi
 ----
 <1> Specify the node selector to be supplied to Velero podSpec.
+<2> The `resourceAllocations` listed are for average usage.
+
+[NOTE]
+====
+Kopia is an option in OADP 1.3 and later releases. You can use Kopia for file system backups, and Kopia is your only option for Data Mover cases with the built-in Data Mover.
+
+Kopia is more resource intensive than Restic, and you might need to adjust the CPU and memory requirements accordingly.
+====
\ No newline at end of file
diff --git a/modules/oadp-supported-architecture.adoc b/modules/oadp-supported-architecture.adoc
new file mode 100644
index 000000000000..fe21cfb2f6d5
--- /dev/null
+++ b/modules/oadp-supported-architecture.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-supported-architecture_{context}"]
+= Supported architectures for OADP
+
+
+
+{oadp-first} supports the following architectures:
+
+* AMD64
+* ARM64
+* PPC64le
+* s390x
+
+[NOTE]
+====
+OADP 1.2.0 and later versions support the ARM64 architecture.
+====
diff --git a/modules/oadp-timeouts.adoc b/modules/oadp-timeouts.adoc
new file mode 100644
index 000000000000..a13de9895dbe
--- /dev/null
+++ b/modules/oadp-timeouts.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="oadp-timeouts_{context}"]
+= OADP timeouts
+
+Extending a timeout allows complex or resource-intensive processes to complete successfully without premature termination. This configuration can reduce the likelihood of errors, retries, or failures.
+
+Ensure that you balance timeout extensions in a logical manner so that you do not configure excessively long timeouts that might hide underlying issues in the process. Carefully consider and monitor an appropriate timeout value that meets the needs of the process and the overall system performance.
+
+The following are various OADP timeouts, with instructions of how and when to implement these parameters:
+
diff --git a/modules/oadp-upgrade-from-oadp-data-mover-1-2-0.adoc b/modules/oadp-upgrade-from-oadp-data-mover-1-2-0.adoc
new file mode 100644
index 000000000000..967f6dcc455f
--- /dev/null
+++ b/modules/oadp-upgrade-from-oadp-data-mover-1-2-0.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-3.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-upgrade-from-oadp-data-mover-1-2-0_{context}"]
+= Upgrading from OADP 1.2 Technology Preview Data Mover
+
+{oadp-first} 1.2 Data Mover backups *cannot* be restored with OADP 1.3. To prevent a gap in the data protection of your applications, complete the following steps before upgrading to OADP 1.3:
+
+.Procedure
+
+. If your cluster backups are sufficient and Container Storage Interface (CSI) storage is available,
+back up the applications with a CSI backup.
+. If you require off cluster backups:
+.. Back up the applications with a file system backup that uses the `--default-volumes-to-fs-backup=true or backup.spec.defaultVolumesToFsBackup` options.
+.. Back up the applications with your object storage plugins, for example, `velero-plugin-for-aws`.
+
+[NOTE]
+====
+To restore OADP 1.2 Data Mover backup, you must uninstall OADP, and install and configure OADP 1.2.
+====
diff --git a/modules/oadp-upgrading-oadp-operator-1-2-0.adoc b/modules/oadp-upgrading-oadp-operator-1-2-0.adoc
new file mode 100644
index 000000000000..9173e7b4d9a5
--- /dev/null
+++ b/modules/oadp-upgrading-oadp-operator-1-2-0.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-upgrading-dpa-operator-1-2-0_{context}"]
+= Upgrading the OADP Operator
+
+Use the following sequence when upgrading the {oadp-first} Operator.
+
+.Procedure
+. Change your subscription channel for the OADP Operator from `stable-1.1` to `stable-1.2`.
+. Allow time for the Operator and containers to update and restart.
+
+
+
diff --git a/modules/oadp-upgrading-oadp-operator-1-3-0.adoc b/modules/oadp-upgrading-oadp-operator-1-3-0.adoc
new file mode 100644
index 000000000000..7bf632e9ab3d
--- /dev/null
+++ b/modules/oadp-upgrading-oadp-operator-1-3-0.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-3.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-upgrading-dpa-operator-1-3-0_{context}"]
+= Upgrading the OADP Operator
+
+Use the following sequence when upgrading the {oadp-first} Operator.
+
+.Procedure
+
+. Change your subscription channel for the OADP Operator from `stable-1.2` to `stable-1.3`.
+. Allow time for the Operator and containers to update and restart.
+
+
diff --git a/modules/oadp-using-data-mover-for-csi-snapshots.adoc b/modules/oadp-using-data-mover-for-csi-snapshots.adoc
index d029d7dda7a8..d7aa80d43a23 100644
--- a/modules/oadp-using-data-mover-for-csi-snapshots.adoc
+++ b/modules/oadp-using-data-mover-for-csi-snapshots.adoc
@@ -2,20 +2,21 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-using-data-mover-for-csi-snapshots_{context}"]
 = Using Data Mover for CSI snapshots
 
 :FeatureName: Data Mover for CSI snapshots
 
-The OADP Data Mover enables customers to back up Container Storage Interface (CSI) volume snapshots to a remote object store. When Data Mover is enabled, you can restore stateful applications, using CSI volume snapshots pulled from the object store if a failure, accidental deletion, or corruption of the cluster occurs.
+The OADP Data Mover enables customers to back up Container Storage Interface (CSI) volume snapshots to a remote object store.
+
+When Data Mover is enabled, you can restore stateful applications, using CSI volume snapshots pulled from the object store if a failure, accidental deletion, or corruption of the cluster occurs.
 
 The Data Mover solution uses the Restic option of VolSync.
 
 Data Mover supports backup and restore of CSI volume snapshots only.
 
-In OADP 1.2 Data Mover `VolumeSnapshotBackups` (VSBs) and `VolumeSnapshotRestores` (VSRs) are queued using the VolumeSnapshotMover (VSM). The VSM's performance is improved by specifying a concurrent number of VSBs and VSRs simultaneously `InProgress`. After all async plugin operations are complete, the backup is marked as complete.
-
+In OADP 1.2 Data Mover, `VolumeSnapshotBackups` (VSBs) and `VolumeSnapshotRestores` (VSRs) are queued by using the VolumeSnapshotMover (VSM). The VSM's performance is improved by specifying a concurrent number of VSBs and VSRs simultaneously `InProgress`. After all async plugin operations are complete, the backup is marked as complete.
 
 [NOTE]
 ====
@@ -60,11 +61,9 @@ In {product-title} version 4.12 or later, verify that this is the only default `
 [NOTE]
 ====
 In OADP 1.1 the above setting is mandatory.
-
-In OADP 1.2 the `privileged-movers` setting is not required in most scenarios. The restoring container permissions should be adequate for the Volsync copy. In some user scenarios, there may be permission errors that the `privileged-mover`= `true` setting should resolve.
 ====
 
-* You have installed the VolSync Operator by using the Operator Lifecycle Manager (OLM).
+* You have installed the VolSync Operator by using Operator Lifecycle Manager (OLM).
 +
 [NOTE]
 ====
@@ -75,7 +74,7 @@ The VolSync Operator is required for using OADP Data Mover.
 
 .Procedure
 
-. Configure a Restic secret by creating a `.yaml` file as following:
+. Configure a Restic secret by creating a `.yaml` file:
 +
 [source,yaml]
 ----
@@ -83,18 +82,19 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: <secret_name>
-  namespace: openshift-adp
 type: Opaque
 stringData:
-  RESTIC_PASSWORD: <secure_restic_password>
+# The repository encryption key
+  RESTIC_PASSWORD: my-secure-restic-password
 ----
 +
+. Create a DPA CR similar to the following example. The default plugins include CSI.
+. Add the restic secret name from the step above to your DPA CR as `spec.features.dataMover.credentialName`. If this step is not completed, then it will default to the secret name `dm-credential`.
++
 [NOTE]
 ====
-By default, the Operator looks for a secret named `dm-credential`. If you are using a different name, you need to specify the name through a Data Protection Application (DPA) CR using `dpa.spec.features.dataMover.credentialName`.
+In this DPA, the `CSI` and `VSM` are included as `defaultPlugins`. Also included is the `dataMover.enable` flag.
 ====
-
-. Create a DPA CR similar to the following example. The default plugins include CSI.
 +
 .Example Data Protection Application (DPA) CR
 [source,yaml]
@@ -105,6 +105,19 @@ metadata:
   name: velero-sample
   namespace: openshift-adp
 spec:
+  features:
+    dataMover:
+      enable: true
+      credentialName: <secret-name>
+      maxConcurrentBackupVolumes: "3" <1>
+      maxConcurrentRestoreVolumes: "3" <2>
+      pruneInterval: "14" <3>
+      volumeOptionsForStorageClasses: <4>
+        gp2-csi-copy-1:
+          destinationVolumeOptions:
+            storageClassName: csi-copy-2
+          sourceVolumeOptions:
+            storageClassName: csi-copy-1
   backupLocations:
     - velero:
         config:
@@ -120,42 +133,19 @@ spec:
         provider: aws
   configuration:
     restic:
-      enable: <true_or_false>
+      enable: false
     velero:
-       itemOperationSyncFrequency: "10s"
-       defaultPlugins:
+      defaultPlugins:
         - openshift
         - aws
         - csi
-        - vsm <1>
-  features:
-    dataMover:
-      credentialName: restic-secret
-      enable: true
-      maxConcurrentBackupVolumes: "3" <2>
-      maxConcurrentRestoreVolumes: "3" <3>
-      pruneInterval: "14" <4>
-      volumeOptions: <5>
-      sourceVolumeOptions:
-          accessMode: ReadOnlyMany
-          cacheAccessMode: ReadWriteOnce
-          cacheCapacity: 2Gi
-      destinationVolumeOptions:
-          storageClass: other-storageclass-name
-          cacheAccessMode: ReadWriteMany
-  snapshotLocations:
-    - velero:
-        config:
-          profile: default
-          region: us-west-2
-        provider: aws
-
+        - vsm <5>
 ----
-<1> OADP 1.2 only.
-<2> OADP 1.2 only. Optional: Specify the upper limit of the number of snapshots allowed to be queued for backup. The default value is 10.
-<3> OADP 1.2 only. Optional: Specify the upper limit of the number of snapshots allowed to be queued for restore. The default value is 10.
-<4> OADP 1.2 only. Optional: Specify the number of days, between running Restic pruning on the repository. The prune operation repacks the data to free space, but it can also generate significant I/O traffic as a part of the process. Setting this option allows a trade-off between storage consumption, from no longer referenced data, and access costs.
-<5> OADP 1.2 only. Optional: Specify VolumeSync volume options for backup and restore.
+<1> OADP 1.2 only. Optional: Specify the upper limit of the number of snapshots allowed to be queued for backup. The default value is 10.
+<2> OADP 1.2 only. Optional: Specify the upper limit of the number of snapshots allowed to be queued for restore. The default value is 10.
+<3> OADP 1.2 only. Optional: Specify the number of days, between running Restic pruning on the repository. The prune operation repacks the data to free space, but it can also generate significant I/O traffic as a part of the process. Setting this option allows a trade-off between storage consumption, from no longer referenced data, and access costs.
+<4> OADP 1.2 only. Optional: Specify VolumeSync volume options for backup and restore.
+<5> OADP 1.2 only.
 
 +
 The OADP Operator installs two custom resource definitions (CRDs), `VolumeSnapshotBackup` and `VolumeSnapshotRestore`.
@@ -199,7 +189,7 @@ spec:
 <1> Specify the namespace where the volume snapshot exists.
 <2> Specify the namespace where the Operator is installed. The default is `openshift-adp`.
 
-. You can back up a volume snapshot by performing the following steps:
+. Back up a volume snapshot by performing the following steps:
 
 .. Create a backup CR:
 +
@@ -236,7 +226,7 @@ A snapshot is created in the object store was configured in the DPA.
 If the status of the `VolumeSnapshotBackup` CR becomes `Failed`, refer to the Velero logs for troubleshooting.
 ====
 
-. You can restore a volume snapshot by performing the following steps:
+. Restore a volume snapshot by performing the following steps:
 
 .. Delete the application namespace and the `volumeSnapshotContent` that was created by the Velero CSI plugin.
 
diff --git a/modules/oadp-using-enable-api-group-versions.adoc b/modules/oadp-using-enable-api-group-versions.adoc
index b8a5d589ace4..9a9b4e4ed63d 100644
--- a/modules/oadp-using-enable-api-group-versions.adoc
+++ b/modules/oadp-using-enable-api-group-versions.adoc
@@ -3,7 +3,7 @@
 // * backup_and_restore/application_backup_and_restore/advanced-topics.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oadp-using-enable-api-group-versions_{context}"]
 = Using Enable API Group Versions
 
diff --git a/modules/oadp-velero-cpu-memory-requirements.adoc b/modules/oadp-velero-cpu-memory-requirements.adoc
new file mode 100644
index 000000000000..d0a21c0f8296
--- /dev/null
+++ b/modules/oadp-velero-cpu-memory-requirements.adoc
@@ -0,0 +1,78 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="oadp-velero-cpu-memory-requirements_{context}"]
+= Velero CPU and memory requirements based on collected data
+
+The following recommendations are based on observations of performance made in the scale and performance lab. The backup and restore resources can be impacted by the type of plugin, the amount of resources required by that backup or restore, and the respective data contained in the persistent volumes (PVs) related to those resources.
+
+
+== CPU and memory requirement for configurations
+|===
+|Configuration types | ^[1]^ Average usage |^[2]^ Large usage |resourceTimeouts
+
+|CSI
+|Velero:
+
+CPU- Request 200m, Limits 1000m
+
+Memory - Request 256Mi, Limits 1024Mi
+
+|Velero:
+
+CPU- Request 200m, Limits 2000m
+
+
+Memory- Request  256Mi, Limits 2048Mi
+
+|N/A
+
+|Restic
+|^[3]^ Restic:
+
+CPU- Request 1000m, Limits 2000m
+
+Memory - Request 16Gi, Limits 32Gi
+
+
+|^[4]^ Restic:
+
+CPU - Request 2000m, Limits 8000m
+
+
+Memory - Request 16Gi, Limits 40Gi
+
+
+|900m
+
+
+
+|^[5]^ Data Mover
+|N/A
+|N/A
+|10m - average usage
+
+60m - large usage
+|===
+
+[.small]
+--
+1. Average usage - use these settings for most usage situations.
+
+2. Large usage - use these settings for large usage situations, such as a large PV (500GB Usage), multiple namespaces (100+), or many pods within a single namespace (2000 pods+), and for optimal performance for backup and restore involving large datasets.
+
+3. Restic resource usage corresponds to the amount of data, and type of data. For example, many small files or large amounts of data can cause Restic to use large amounts of resources. The https://velero.io/docs/v1.11/customize-installation/#customize-resource-requests-and-limits/[Velero] documentation references 500m as a supplied default, for most of our testing we found a 200m request suitable with 1000m limit.  As cited in the Velero documentation, exact CPU and memory usage is dependent on the scale of files and directories, in addition to environmental limitations.
+
+4. Increasing the CPU has a significant impact on improving backup and restore times.
+
+5. Data Mover - Data Mover default resourceTimeout is 10m. Our tests show that for restoring a large PV (500GB usage), it is required to increase the resourceTimeout to 60m.
+--
+
+[NOTE]
+====
+The resource requirements listed throughout the guide are for average usage only. For large usage, adjust the settings as described in the table above.
+====
+
+
diff --git a/modules/oadp-velero-default-timeouts.adoc b/modules/oadp-velero-default-timeouts.adoc
new file mode 100644
index 000000000000..6362ea8e4670
--- /dev/null
+++ b/modules/oadp-velero-default-timeouts.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="velero-default-item-operation-timeout_{context}"]
+= Velero default item operation timeout
+
+`defaultItemOperationTimeout` defines how long to wait on asynchronous `BackupItemActions` and `RestoreItemActions` to complete before timing out. The default value is `1h`.
+
+Use the `defaultItemOperationTimeout` for the following scenarios:
+
+* Only with Data Mover 1.2.x.
+* To specify the amount of time a particular backup or restore should wait for the Asynchronous actions to complete. In the context of OADP features, this value is used for the Asynchronous actions involved in the Container Storage Interface (CSI) Data Mover feature.
+* When `defaultItemOperationTimeout` is defined in the Data Protection Application (DPA)  using the `defaultItemOperationTimeout`, it applies to both backup and restore operations. You can use `itemOperationTimeout` to define only the backup or only the restore of those CRs, as described in the following "Item operation timeout - restore", and "Item operation timeout - backup" sections.
+
+.Procedure
+* Edit the values in the `spec.configuration.velero.defaultItemOperationTimeout` block of the `DataProtectionApplication` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+ name: <dpa_name>
+spec:
+  configuration:
+    velero:
+      defaultItemOperationTimeout: 1h
+# ...
+----
+
diff --git a/modules/oadp-velero-timeouts.adoc b/modules/oadp-velero-timeouts.adoc
new file mode 100644
index 000000000000..7daa58918e6c
--- /dev/null
+++ b/modules/oadp-velero-timeouts.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="velero-timeout_{context}"]
+= Velero resource timeout
+
+`resourceTimeout` defines how long to wait for several Velero resources before timeout occurs, such as Velero custom resource definition (CRD) availability, `volumeSnapshot` deletion, and repository availability. The default is `10m`.
+
+Use the `resourceTimeout` for the following scenarios:
+
+* For backups with total PV data usage that is greater than 1TB. This parameter is used as a timeout value when Velero tries to clean up or delete the Container Storage Interface (CSI) snapshots, before marking the backup as complete.
+** A sub-task of this cleanup tries to patch VSC and this timeout can be used for that task.
++
+* To create or ensure a backup repository is ready for filesystem based backups for Restic or Kopia.
+* To check if the Velero CRD is available in the cluster before restoring the custom resource (CR) or resource from the backup.
+
+.Procedure
+* Edit the values in the `spec.configuration.velero.resourceTimeout` block of the `DataProtectionApplication` CR manifest, as in the following example:
++
+[source,yaml]
+----
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+ name: <dpa_name>
+spec:
+  configuration:
+    velero:
+      resourceTimeout: 10m
+# ...
+----
diff --git a/modules/oadp-verifying-upgrade-1-2-0.adoc b/modules/oadp-verifying-upgrade-1-2-0.adoc
new file mode 100644
index 000000000000..e323e17af272
--- /dev/null
+++ b/modules/oadp-verifying-upgrade-1-2-0.adoc
@@ -0,0 +1,73 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-2.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="verifying-upgrade-1-2-0_{context}"]
+= Verifying the upgrade
+
+Use the following procedure to verify the upgrade.
+
+.Procedure
+
+. Verify the installation by viewing the {oadp-first} resources by running the following command:
++
+[source,terminal]
+----
+$ oc get all -n openshift-adp
+----
++
+.Example output
++
+----
+NAME                                                     READY   STATUS    RESTARTS   AGE
+pod/oadp-operator-controller-manager-67d9494d47-6l8z8    2/2     Running   0          2m8s
+pod/restic-9cq4q                                         1/1     Running   0          94s
+pod/restic-m4lts                                         1/1     Running   0          94s
+pod/restic-pv4kr                                         1/1     Running   0          95s
+pod/velero-588db7f655-n842v                              1/1     Running   0          95s
+
+NAME                                                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
+service/oadp-operator-controller-manager-metrics-service   ClusterIP   172.30.70.140    <none>        8443/TCP   2m8s
+
+NAME                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+daemonset.apps/restic   3         3         3       3            3           <none>          96s
+
+NAME                                                READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/oadp-operator-controller-manager    1/1     1            1           2m9s
+deployment.apps/velero                              1/1     1            1           96s
+
+NAME                                                           DESIRED   CURRENT   READY   AGE
+replicaset.apps/oadp-operator-controller-manager-67d9494d47    1         1         1       2m9s
+replicaset.apps/velero-588db7f655                              1         1         1       96s
+----
+
+. Verify that the `DataProtectionApplication` (DPA) is reconciled by running the following command:
++
+[source,terminal]
+----
+$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'
+----
+.Example output
+[source,yaml]
++
+----
+{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}
+----
+
+. Verify the `type` is set to `Reconciled`.
+
+. Verify the backup storage location and confirm that the `PHASE` is `Available` by running the following command:
++
+[source,terminal]
+----
+$ oc get backupStorageLocation -n openshift-adp
+----
+.Example output
+[source,yaml]
++
+----
+NAME           PHASE       LAST VALIDATED   AGE     DEFAULT
+dpa-sample-1   Available   1s               3d16h   true
+----
diff --git a/modules/oadp-verifying-upgrade-1-3-0.adoc b/modules/oadp-verifying-upgrade-1-3-0.adoc
new file mode 100644
index 000000000000..c80c646b7d28
--- /dev/null
+++ b/modules/oadp-verifying-upgrade-1-3-0.adoc
@@ -0,0 +1,98 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes-1-3.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="verifying-upgrade-1-3-0_{context}"]
+= Verifying the upgrade
+
+Use the following procedure to verify the upgrade.
+
+.Procedure
+. Verify the installation by viewing the {oadp-first} resources by running the following command:
++
+[source,terminal]
+----
+$ oc get all -n openshift-adp
+----
++
+.Example output
++
+----
+NAME                                                     READY   STATUS    RESTARTS   AGE
+pod/oadp-operator-controller-manager-67d9494d47-6l8z8    2/2     Running   0          2m8s
+pod/node-agent-9cq4q                                     1/1     Running   0          94s
+pod/node-agent-m4lts                                     1/1     Running   0          94s
+pod/node-agent-pv4kr                                     1/1     Running   0          95s
+pod/velero-588db7f655-n842v                              1/1     Running   0          95s
+
+NAME                                                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
+service/oadp-operator-controller-manager-metrics-service   ClusterIP   172.30.70.140    <none>        8443/TCP   2m8s
+service/openshift-adp-velero-metrics-svc                   ClusterIP   172.30.10.0      <none>        8085/TCP   8h
+
+NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+daemonset.apps/node-agent    3         3         3       3            3           <none>          96s
+
+NAME                                                READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/oadp-operator-controller-manager    1/1     1            1           2m9s
+deployment.apps/velero                              1/1     1            1           96s
+
+NAME                                                           DESIRED   CURRENT   READY   AGE
+replicaset.apps/oadp-operator-controller-manager-67d9494d47    1         1         1       2m9s
+replicaset.apps/velero-588db7f655                              1         1         1       96s
+----
+
+. Verify that the `DataProtectionApplication` (DPA) is reconciled by running the following command:
++
+[source,terminal]
+----
+$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}'
+----
+.Example output
+[source,yaml]
++
+----
+{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]}
+----
+
+. Verify the `type` is set to `Reconciled`.
+
+. Verify the backup storage location and confirm that the `PHASE` is `Available` by running the following command:
++
+[source,terminal]
+----
+$ oc get backupStorageLocation -n openshift-adp
+----
+.Example output
+[source,yaml]
++
+----
+NAME           PHASE       LAST VALIDATED   AGE     DEFAULT
+dpa-sample-1   Available   1s               3d16h   true
+----
+
+In OADP 1.3 you can start data movement off cluster per backup versus creating a `DataProtectionApplication` (DPA) configuration.
+
+.Example
+[source,terminal]
+----
+$ velero backup create example-backup --include-namespaces mysql-persistent --snapshot-move-data=true
+----
+
+.Example
+[source,yaml]
+----
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: example-backup
+  namespace: openshift-adp
+spec:
+  snapshotMoveData: true
+  includedNamespaces:
+  - mysql-persistent
+  storageLocation: dpa-sample-1
+  ttl: 720h0m0s
+# ...
+----
diff --git a/modules/oadp-viewing-metrics-ui.adoc b/modules/oadp-viewing-metrics-ui.adoc
new file mode 100644
index 000000000000..f5e80bcc8cdf
--- /dev/null
+++ b/modules/oadp-viewing-metrics-ui.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="viewing-metrics-observe-ui_{context}"]
+= Viewing metrics using the Observe UI
+
+You can view metrics in the {product-title} web console from the *Administrator* or *Developer* perspective, which must have access to the `openshift-adp` project.
+
+.Procedure
+
+* Navigate to the *Observe* -> *Metrics* page:
+** If you are using the *Developer* perspective, follow these steps:
+.. Select *Custom query*, or click on the *Show PromQL* link.
+.. Type the query and click *Enter*.
+** If you are using the *Administrator* perspective, type the expression in the text field and select *Run Queries*.
++
+.OADP metrics query
+image::oadp-metrics-query.png[OADP metrics query]
+
+
+
diff --git a/modules/oauth-configuring-internal-oauth.adoc b/modules/oauth-configuring-internal-oauth.adoc
index e135a3fcd417..72be6f4eb15f 100644
--- a/modules/oauth-configuring-internal-oauth.adoc
+++ b/modules/oauth-configuring-internal-oauth.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/configuring-internal-oauth.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-configuring-internal-oauth_{context}"]
 = Configuring the internal OAuth server's token duration
 
diff --git a/modules/oauth-configuring-token-inactivity-timeout-clients.adoc b/modules/oauth-configuring-token-inactivity-timeout-clients.adoc
index ff38749a940a..ea9b71bc4156 100644
--- a/modules/oauth-configuring-token-inactivity-timeout-clients.adoc
+++ b/modules/oauth-configuring-token-inactivity-timeout-clients.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/configuring-oauth-clients.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-token-inactivity-timeout_{context}"]
 = Configuring token inactivity timeout for an OAuth client
 
diff --git a/modules/oauth-configuring-token-inactivity-timeout.adoc b/modules/oauth-configuring-token-inactivity-timeout.adoc
index 6c693ce59bbb..402ae6dfc9cd 100644
--- a/modules/oauth-configuring-token-inactivity-timeout.adoc
+++ b/modules/oauth-configuring-token-inactivity-timeout.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/understanding-internal-oauth.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-token-inactivity-timeout_{context}"]
 = Configuring token inactivity timeout for the internal OAuth server
 
@@ -55,10 +55,10 @@ $ oc get clusteroperators authentication
 Do not continue to the next step until `PROGRESSING` is listed as `False`, as shown in the following output:
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME             VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
-authentication   4.13.0    True        False         False      145m
+authentication   {product-version}.0    True        False         False      145m
 ----
 
 . Check that a new revision of the Kubernetes API server pods has rolled out. This will take several minutes.
@@ -71,10 +71,10 @@ $ oc get clusteroperators kube-apiserver
 Do not continue to the next step until `PROGRESSING` is listed as `False`, as shown in the following output:
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME             VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE
-kube-apiserver   4.13.0     True        False         False      145m
+kube-apiserver   {product-version}.0     True        False         False      145m
 ----
 +
 If `PROGRESSING` is showing `True`, wait a few minutes and try again.
diff --git a/modules/oauth-customizing-the-oauth-server-URL.adoc b/modules/oauth-customizing-the-oauth-server-URL.adoc
index 668c24a36370..9f346eabcdef 100755
--- a/modules/oauth-customizing-the-oauth-server-URL.adoc
+++ b/modules/oauth-customizing-the-oauth-server-URL.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/configuring-internal-oauth.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="customizing-the-oauth-server-url_{context}"]
 = Customizing the internal OAuth server URL
 
diff --git a/modules/oauth-default-clients.adoc b/modules/oauth-default-clients.adoc
index 33a59aa0558f..ad7a6e97dae4 100644
--- a/modules/oauth-default-clients.adoc
+++ b/modules/oauth-default-clients.adoc
@@ -18,6 +18,9 @@ The following OAuth clients are automatically created when starting the {product
 |`openshift-challenging-client`
 |Requests tokens with a user-agent that can handle `WWW-Authenticate` challenges.
 
+|`openshift-cli-client`
+| Requests tokens by using a local HTTP server fetching an authorization code grant.
+
 |===
 [.small]
 --
diff --git a/modules/oauth-delete-tokens.adoc b/modules/oauth-delete-tokens.adoc
index 351f27570856..59f8538969ba 100644
--- a/modules/oauth-delete-tokens.adoc
+++ b/modules/oauth-delete-tokens.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/managing-oauth-access-tokens.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-delete-tokens_{context}"]
 = Deleting user-owned OAuth access tokens
 
diff --git a/modules/oauth-list-tokens.adoc b/modules/oauth-list-tokens.adoc
index 908b6da10680..cbd890af0816 100644
--- a/modules/oauth-list-tokens.adoc
+++ b/modules/oauth-list-tokens.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/managing-oauth-access-tokens.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-list-tokens_{context}"]
 = Listing user-owned OAuth access tokens
 
diff --git a/modules/oauth-register-additional-client.adoc b/modules/oauth-register-additional-client.adoc
index 9ee0b80f974a..6aad92063308 100644
--- a/modules/oauth-register-additional-client.adoc
+++ b/modules/oauth-register-additional-client.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/configuring-oauth-clients.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-register-additional-client_{context}"]
 = Registering an additional OAuth client
 
diff --git a/modules/oauth-view-details-tokens.adoc b/modules/oauth-view-details-tokens.adoc
index 5c382f416cdb..27fb1ed4f43b 100644
--- a/modules/oauth-view-details-tokens.adoc
+++ b/modules/oauth-view-details-tokens.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/managing-oauth-access-tokens.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oauth-view-details-tokens_{context}"]
 = Viewing the details of a user-owned OAuth access token
 
diff --git a/modules/oc-adm-by-example-content.adoc b/modules/oc-adm-by-example-content.adoc
index f8e56acc9dc2..468bdfe2f5c3 100644
--- a/modules/oc-adm-by-example-content.adoc
+++ b/modules/oc-adm-by-example-content.adoc
@@ -2,7 +2,7 @@
 // This template is for admin ('oc adm ...') commands
 // Uses 'source,bash' for proper syntax highlighting for comments in examples
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-cli-admin_{context}"]
 = OpenShift CLI (oc) administrator commands
 
@@ -16,10 +16,10 @@ Output the inputs and dependencies of your builds
 ----
   # Build the dependency tree for the 'latest' tag in <image-stream>
   oc adm build-chain <image-stream>
-  
+
   # Build the dependency tree for the 'v2' tag in dot format and visualize it via the dot utility
   oc adm build-chain <image-stream>:v2 -o dot | dot -T svg -o deps.svg
-  
+
   # Build the dependency tree across all namespaces for the specified image stream tag found in the 'test' namespace
   oc adm build-chain <image-stream> -n test --all
 ----
@@ -34,23 +34,23 @@ Mirror an operator-registry catalog
 ----
   # Mirror an operator-registry image and its contents to a registry
   oc adm catalog mirror quay.io/my/image:latest myregistry.com
-  
+
   # Mirror an operator-registry image and its contents to a particular namespace in a registry
   oc adm catalog mirror quay.io/my/image:latest myregistry.com/my-namespace
-  
+
   # Mirror to an airgapped registry by first mirroring to files
   oc adm catalog mirror quay.io/my/image:latest file:///local/index
   oc adm catalog mirror file:///local/index/my/image:latest my-airgapped-registry.com
-  
+
   # Configure a cluster to use a mirrored registry
-  oc apply -f manifests/imageContentSourcePolicy.yaml
-  
+  oc apply -f manifests/imageDigestMirrorSet.yaml
+
   # Edit the mirroring mappings and mirror with "oc image mirror" manually
   oc adm catalog mirror --manifests-only quay.io/my/image:latest myregistry.com
   oc image mirror -f manifests/mapping.txt
-  
-  # Delete all ImageContentSourcePolicies generated by oc adm catalog mirror
-  oc delete imagecontentsourcepolicy -l operators.openshift.org/catalog=true
+
+  # Delete all ImageDigestMirrorSets generated by oc adm catalog mirror
+  oc delete imagedigestmirrorset -l operators.openshift.org/catalog=true
 ----
 
 
@@ -79,6 +79,10 @@ Deny a certificate signing request
 
 
 
+== oc adm copy-to-node
+Copies specified files to the node.
+
+
 == oc adm cordon
 Mark node as unschedulable
 
@@ -147,7 +151,7 @@ Drain node in preparation for maintenance
 ----
   # Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set on it
   oc adm drain foo --force
-  
+
   # As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set, and use a grace period of 15 minutes
   oc adm drain foo --grace-period=900
 ----
@@ -174,10 +178,10 @@ Create a new group
 ----
   # Add a group with no users
   oc adm groups new my-group
-  
+
   # Add a group with two users
   oc adm groups new my-group user1 user2
-  
+
   # Add a group with one user and shorter output
   oc adm groups new my-group user1 -o name
 ----
@@ -192,14 +196,14 @@ Remove old OpenShift groups referencing missing records from an external provide
 ----
   # Prune all orphaned groups
   oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Prune all orphaned groups except the ones from the blacklist file
-  oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist file
-  oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist
+
+  # Prune all orphaned groups except the ones from the denylist file
+  oc adm groups prune --blacklist=/path/to/denylist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+
+  # Prune all orphaned groups from a list of specific groups specified in an allowlist file
+  oc adm groups prune --whitelist=/path/to/allowlist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+
+  # Prune all orphaned groups from a list of specific groups specified in a list
   oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
 ----
 
@@ -225,16 +229,16 @@ Sync OpenShift groups with records from an external provider
 ----
   # Sync all groups with an LDAP server
   oc adm groups sync --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
+
   # Sync all groups except the ones from the blacklist file with an LDAP server
   oc adm groups sync --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Sync specific groups specified in a whitelist file with an LDAP server
-  oc adm groups sync --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm
-  
+
+  # Sync specific groups specified in an allowlist file with an LDAP server
+  oc adm groups sync --whitelist=/path/to/allowlist.txt --sync-config=/path/to/sync-config.yaml --confirm
+
   # Sync all OpenShift groups that have been synced previously with an LDAP server
   oc adm groups sync --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
+
   # Sync specific OpenShift groups if they have been synced previously with an LDAP server
   oc adm groups sync groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm
 ----
@@ -249,13 +253,13 @@ Collect debugging data for a given resource
 ----
   # Collect debugging data for the "openshift-apiserver" clusteroperator
   oc adm inspect clusteroperator/openshift-apiserver
-  
+
   # Collect debugging data for the "openshift-apiserver" and "kube-apiserver" clusteroperators
   oc adm inspect clusteroperator/openshift-apiserver clusteroperator/kube-apiserver
-  
+
   # Collect debugging data for all clusteroperators
   oc adm inspect clusteroperator
-  
+
   # Collect debugging data for all clusteroperators and clusterversions
   oc adm inspect clusteroperators,clusterversions
 ----
@@ -263,12 +267,12 @@ Collect debugging data for a given resource
 
 
 == oc adm migrate icsp
-Update imagecontentsourcepolicy file(s) to imagedigestmirrorset file(s).
+Update imagecontentsourcepolicy file(s) to imagedigestmirrorset file(s)
 
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # update the imagecontentsourcepolicy.yaml to new imagedigestmirrorset file under directory mydir
+  # Update the imagecontentsourcepolicy.yaml file to a new imagedigestmirrorset file under the mydir directory
   oc adm migrate icsp imagecontentsourcepolicy.yaml --dest-dir mydir
 ----
 
@@ -282,7 +286,7 @@ Update template instances to point to the latest group-version-kinds
 ----
   # Perform a dry-run of updating all objects
   oc adm migrate template-instances
-  
+
   # To actually perform the update, the confirm flag must be appended
   oc adm migrate template-instances --confirm
 ----
@@ -297,20 +301,20 @@ Launch a new instance of a pod for gathering debug information
 ----
   # Gather information using the default plug-in image and command, writing into ./must-gather.local.<rand>
   oc adm must-gather
-  
+
   # Gather information with a specific local folder to copy to
   oc adm must-gather --dest-dir=/local/directory
-  
+
   # Gather audit information
   oc adm must-gather -- /usr/bin/gather_audit_logs
-  
+
   # Gather information using multiple plug-in images
   oc adm must-gather --image=quay.io/kubevirt/must-gather --image=quay.io/openshift/origin-must-gather
-  
+
   # Gather information using a specific image stream plug-in
   oc adm must-gather --image-stream=openshift/must-gather:latest
-  
-  # Gather information using a specific image, command, and pod-dir
+
+  # Gather information using a specific image, command, and pod directory
   oc adm must-gather --image=my/image:tag --source-dir=/pod/directory -- myspecial-command.sh
 ----
 
@@ -336,16 +340,71 @@ Display and filter node logs
 ----
   # Show kubelet logs from all masters
   oc adm node-logs --role master -u kubelet
-  
-  # See what logs are available in masters in /var/logs
+
+  # See what logs are available in masters in /var/log
   oc adm node-logs --role master --path=/
-  
+
   # Display cron log file from all masters
   oc adm node-logs --role master --path=cron
 ----
 
 
 
+== oc adm ocp-certificates monitor-certificates
+Watch platform certificates.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Watch platform certificates.
+  oc adm ocp-certificates monitor-certificates
+----
+
+
+
+== oc adm ocp-certificates regenerate-leaf
+Regenerate client and serving certificates of an OpenShift cluster
+
+
+
+== oc adm ocp-certificates regenerate-machine-config-server-serving-cert
+Regenerate the machine config operator certificates in an OpenShift cluster
+
+
+
+== oc adm ocp-certificates regenerate-top-level
+Regenerate the top level certificates in an OpenShift cluster
+
+
+
+
+== oc adm ocp-certificates remove-old-trust
+Remove old CAs from ConfigMaps representing platform trust bundles in an OpenShift cluster
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  #  Remove only CA certificates created before a certain date from all trust bundles
+  oc adm ocp-certificates remove-old-trust configmaps -A --all --created-before 2023-06-05T14:44:06Z
+----
+
+
+
+== oc adm ocp-certificates update-ignition-ca-bundle-for-machine-config-server
+Update user-data secrets in an OpenShift cluster to use updated MCO certfs
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Regenerate the MCO certs without modifying user-data secrets
+  oc adm certificates regenerate-machine-config-server-serving-cert --update-ignition=false
+
+  # Update the user-data secrets to use new MCS certs
+  oc adm certificates update-ignition-ca-bundle-for-machine-config-server
+----
+
+
+
 == oc adm pod-network isolate-projects
 Isolate project network
 
@@ -354,7 +413,7 @@ Isolate project network
 ----
   # Provide isolation for project p1
   oc adm pod-network isolate-projects <p1>
-  
+
   # Allow all projects with label name=top-secret to have their own isolated project network
   oc adm pod-network isolate-projects --selector='name=top-secret'
 ----
@@ -369,7 +428,7 @@ Join project network
 ----
   # Allow project p2 to use project p1 network
   oc adm pod-network join-projects --to=<p1> <p2>
-  
+
   # Allow all projects with label name=top-secret to use project p1 network
   oc adm pod-network join-projects --to=<p1> --selector='name=top-secret'
 ----
@@ -384,7 +443,7 @@ Make project network global
 ----
   # Allow project p1 to access all pods in the cluster and vice versa
   oc adm pod-network make-projects-global <p1>
-  
+
   # Allow all projects with label name=share to access all pods in the cluster and vice versa
   oc adm pod-network make-projects-global --selector='name=share'
 ----
@@ -399,7 +458,7 @@ Add a role to users or service accounts for the current project
 ----
   # Add the 'view' role to user1 for the current project
   oc adm policy add-role-to-user view user1
-  
+
   # Add the 'edit' role to serviceaccount1 for the current project
   oc adm policy add-role-to-user edit -z serviceaccount1
 ----
@@ -426,7 +485,7 @@ Add a security context constraint to users or a service account
 ----
   # Add the 'restricted' security context constraint to user1 and user2
   oc adm policy add-scc-to-user restricted user1 user2
-  
+
   # Add the 'privileged' security context constraint to serviceaccount1 in the current namespace
   oc adm policy add-scc-to-user privileged -z serviceaccount1
 ----
@@ -442,13 +501,13 @@ Check which service account can create a pod
   # Check whether service accounts sa1 and sa2 can admit a pod with a template pod spec specified in my_resource.yaml
   # Service Account specified in myresource.yaml file is ignored
   oc adm policy scc-review -z sa1,sa2 -f my_resource.yaml
-  
+
   # Check whether service accounts system:serviceaccount:bob:default can admit a pod with a template pod spec specified in my_resource.yaml
   oc adm policy scc-review -z system:serviceaccount:bob:default -f my_resource.yaml
-  
+
   # Check whether the service account specified in my_resource_with_sa.yaml can admit the pod
   oc adm policy scc-review -f my_resource_with_sa.yaml
-  
+
   # Check whether the default service account can admit the pod; default is taken since no service account is defined in myresource_with_no_sa.yaml
   oc adm policy scc-review -f myresource_with_no_sa.yaml
 ----
@@ -463,10 +522,10 @@ Check whether a user or a service account can create a pod
 ----
   # Check whether user bob can create a pod specified in myresource.yaml
   oc adm policy scc-subject-review -u bob -f myresource.yaml
-  
+
   # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml
   oc adm policy scc-subject-review -u bob -g projectAdmin -f myresource.yaml
-  
+
   # Check whether a service account specified in the pod template spec in myresourcewithsa.yaml can create the pod
   oc adm policy scc-subject-review -f myresourcewithsa.yaml
 ----
@@ -482,7 +541,7 @@ Remove old completed and failed builds
   # Dry run deleting older completed and failed builds and also including
   # all builds whose associated build config no longer exists
   oc adm prune builds --orphans
-  
+
   # To actually perform the prune operation, the confirm flag must be appended
   oc adm prune builds --orphans --confirm
 ----
@@ -497,7 +556,7 @@ Remove old completed and failed deployment configs
 ----
   # Dry run deleting all but the last complete deployment for every deployment config
   oc adm prune deployments --keep-complete=1
-  
+
   # To actually perform the prune operation, the confirm flag must be appended
   oc adm prune deployments --keep-complete=1 --confirm
 ----
@@ -512,14 +571,14 @@ Remove old OpenShift groups referencing missing records from an external provide
 ----
   # Prune all orphaned groups
   oc adm prune groups --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Prune all orphaned groups except the ones from the blacklist file
-  oc adm prune groups --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist file
-  oc adm prune groups --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
-  
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist
+
+  # Prune all orphaned groups except the ones from the denylist file
+  oc adm prune groups --blacklist=/path/to/denylist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+
+  # Prune all orphaned groups from a list of specific groups specified in an allowlist file
+  oc adm prune groups --whitelist=/path/to/allowlist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+
+  # Prune all orphaned groups from a list of specific groups specified in a list
   oc adm prune groups groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
 ----
 
@@ -534,26 +593,44 @@ Remove unreferenced images
   # See what the prune command would delete if only images and their referrers were more than an hour old
   # and obsoleted by 3 newer revisions under the same tag were considered
   oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m
-  
+
   # To actually perform the prune operation, the confirm flag must be appended
   oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m --confirm
-  
+
   # See what the prune command would delete if we are interested in removing images
   # exceeding currently set limit ranges ('openshift.io/Image')
   oc adm prune images --prune-over-size-limit
-  
+
   # To actually perform the prune operation, the confirm flag must be appended
   oc adm prune images --prune-over-size-limit --confirm
-  
-  # Force the insecure http protocol with the particular registry host name
+
+  # Force the insecure HTTP protocol with the particular registry host name
   oc adm prune images --registry-url=http://registry.example.org --confirm
-  
+
   # Force a secure connection with a custom certificate authority to the particular registry host name
   oc adm prune images --registry-url=registry.example.org --certificate-authority=/path/to/custom/ca.crt --confirm
 ----
 
 
 
+== oc adm reboot-machine-config-pool
+Initiate reboot of the specified MachineConfigPool.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Reboot all MachineConfigPools
+  oc adm reboot-machine-config-pool mcp/worker mcp/master
+
+  # Reboot all MachineConfigPools that inherit from worker.  This include all custom MachineConfigPools and infra.
+  oc adm reboot-machine-config-pool mcp/worker
+
+  # Reboot masters
+  oc adm reboot-machine-config-pool mcp/master
+----
+
+
+
 == oc adm release extract
 Extract the contents of an update payload to disk
 
@@ -562,12 +639,12 @@ Extract the contents of an update payload to disk
 ----
   # Use git to check out the source code for the current cluster release to DIR
   oc adm release extract --git=DIR
-  
+
   # Extract cloud credential requests for AWS
   oc adm release extract --credentials-requests --cloud=aws
-  
+
   # Use git to check out the source code for the current cluster release to DIR from linux/s390x image
-  # Note: Wildcard filter is not supported. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported; pass a single os/arch to extract
   oc adm release extract --git=DIR quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x
 ----
 
@@ -581,18 +658,18 @@ Display information about a release
 ----
   # Show information about the cluster's current release
   oc adm release info
-  
+
   # Show the source code that comprises a release
   oc adm release info 4.11.2 --commit-urls
-  
+
   # Show the source code difference between two releases
   oc adm release info 4.11.0 4.11.2 --commits
-  
+
   # Show where the images referenced by the release are located
   oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --pullspecs
-  
+
   # Show information about linux/s390x image
-  # Note: Wildcard filter is not supported. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported; pass a single os/arch to extract
   oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x
 ----
 
@@ -607,18 +684,18 @@ Mirror a release to a different image registry location
   # Perform a dry run showing what would be mirrored, including the mirror objects
   oc adm release mirror 4.11.0 --to myregistry.local/openshift/release \
   --release-image-signature-to-dir /tmp/releases --dry-run
-  
+
   # Mirror a release into the current directory
   oc adm release mirror 4.11.0 --to file://openshift/release \
   --release-image-signature-to-dir /tmp/releases
-  
+
   # Mirror a release to another directory in the default location
   oc adm release mirror 4.11.0 --to-dir /tmp/releases
-  
+
   # Upload a release from the current directory to another server
   oc adm release mirror --from file://openshift/release --to myregistry.com/openshift/release \
   --release-image-signature-to-dir /tmp/releases
-  
+
   # Mirror the 4.11.0 release to repository registry.example.com and apply signatures to connected cluster
   oc adm release mirror --from=quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64 \
   --to=registry.example.com/your/repository --apply-release-image-signature
@@ -632,23 +709,28 @@ Create a new OpenShift release
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # Create a release from the latest origin images and push to a DockerHub repo
+  # Create a release from the latest origin images and push to a DockerHub repository
   oc adm release new --from-image-stream=4.11 -n origin --to-image docker.io/mycompany/myrepo:latest
-  
+
   # Create a new release with updated metadata from a previous release
   oc adm release new --from-release registry.ci.openshift.org/origin/release:v4.11 --name 4.11.1 \
   --previous 4.11.0 --metadata ... --to-image docker.io/mycompany/myrepo:latest
-  
+
   # Create a new release and override a single image
   oc adm release new --from-release registry.ci.openshift.org/origin/release:v4.11 \
   cli=docker.io/mycompany/cli:latest --to-image docker.io/mycompany/myrepo:latest
-  
+
   # Run a verification pass to ensure the release can be reproduced
   oc adm release new --from-release registry.ci.openshift.org/origin/release:v4.11
 ----
 
 
 
+== oc adm restart-kubelet
+Restarts kubelet on the specified nodes
+
+
+
 == oc adm taint
 Update the taints on one or more nodes
 
@@ -658,16 +740,16 @@ Update the taints on one or more nodes
   # Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'
   # If a taint with that key and effect already exists, its value is replaced as specified
   oc adm taint nodes foo dedicated=special-user:NoSchedule
-  
+
   # Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists
   oc adm taint nodes foo dedicated:NoSchedule-
-  
+
   # Remove from node 'foo' all the taints with key 'dedicated'
   oc adm taint nodes foo dedicated-
-  
+
   # Add a taint with key 'dedicated' on nodes having label mylabel=X
   oc adm taint node -l myLabel=X  dedicated=foo:PreferNoSchedule
-  
+
   # Add to node 'foo' a taint with key 'bar' and no value
   oc adm taint nodes foo bar:NoSchedule
 ----
@@ -706,7 +788,7 @@ Display resource (CPU/memory) usage of nodes
 ----
   # Show metrics for all nodes
   oc adm top node
-  
+
   # Show metrics for a given node
   oc adm top node NODE_NAME
 ----
@@ -721,13 +803,13 @@ Display resource (CPU/memory) usage of pods
 ----
   # Show metrics for all pods in the default namespace
   oc adm top pod
-  
+
   # Show metrics for all pods in the given namespace
   oc adm top pod --namespace=NAMESPACE
-  
+
   # Show metrics for a given pod and its containers
   oc adm top pod POD_NAME --containers
-  
+
   # Show metrics for the pods defined by label name=myLabel
   oc adm top pod -l name=myLabel
 ----
@@ -752,9 +834,9 @@ Upgrade a cluster or adjust the upgrade channel
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # Review the available cluster updates
+  # View the update status and available cluster updates
   oc adm upgrade
-  
+
   # Update to the latest version
   oc adm upgrade --to-latest=true
 ----
@@ -770,18 +852,42 @@ Verify the image identity contained in the image signature
   # Verify the image signature and identity using the local GPG keychain
   oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \
   --expected-identity=registry.local:5000/foo/bar:v1
-  
+
   # Verify the image signature and identity using the local GPG keychain and save the status
   oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \
   --expected-identity=registry.local:5000/foo/bar:v1 --save
-  
+
   # Verify the image signature and identity via exposed registry route
   oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \
   --expected-identity=registry.local:5000/foo/bar:v1 \
   --registry-url=docker-registry.foo.com
-  
+
   # Remove all signature verifications from the image
   oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 --remove-all
 ----
 
 
+
+== oc adm wait-for-node-reboot
+Wait for nodes to reboot after running `oc adm reboot-machine-config-pool`
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Wait for all nodes to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/worker mcp/master'
+  oc adm wait-for-node-reboot nodes --all
+
+  # Wait for masters to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/master'
+  oc adm wait-for-node-reboot nodes -l node-role.kubernetes.io/master
+
+  # Wait for masters to complete a specific reboot
+  oc adm wait-for-node-reboot nodes -l node-role.kubernetes.io/master --reboot-number=4
+----
+
+
+
+== oc adm wait-for-stable-cluster
+wait for the platform operators to become stable
+
+
+
diff --git a/modules/oc-by-example-content.adoc b/modules/oc-by-example-content.adoc
index 21f2ef4f8bde..5fa14d228281 100644
--- a/modules/oc-by-example-content.adoc
+++ b/modules/oc-by-example-content.adoc
@@ -2,7 +2,7 @@
 // This template is for non-admin (not 'oc adm ...') commands
 // Uses 'source,bash' for proper syntax highlighting for comments in examples
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-cli-developer_{context}"]
 = OpenShift CLI (oc) developer commands
 
@@ -17,19 +17,19 @@ Update the annotations on a resource
   # Update pod 'foo' with the annotation 'description' and the value 'my frontend'
   # If the same annotation is set multiple times, only the last value will be applied
   oc annotate pods foo description='my frontend'
-  
+
   # Update a pod identified by type and name in "pod.json"
   oc annotate -f pod.json description='my frontend'
-  
+
   # Update pod 'foo' with the annotation 'description' and the value 'my frontend running nginx', overwriting any existing value
   oc annotate --overwrite pods foo description='my frontend running nginx'
-  
+
   # Update all pods in the namespace
   oc annotate pods --all description='my frontend running nginx'
-  
+
   # Update pod 'foo' only if the resource is unchanged from version 1
   oc annotate pods foo description='my frontend running nginx' --resource-version=1
-  
+
   # Update pod 'foo' by removing an annotation named 'description' if it exists
   # Does not require the --overwrite flag
   oc annotate pods foo description-
@@ -45,19 +45,19 @@ Print the supported API resources on the server
 ----
   # Print the supported API resources
   oc api-resources
-  
+
   # Print the supported API resources with more information
   oc api-resources -o wide
-  
+
   # Print the supported API resources sorted by a column
   oc api-resources --sort-by=name
-  
+
   # Print the supported namespaced resources
   oc api-resources --namespaced=true
-  
+
   # Print the supported non-namespaced resources
   oc api-resources --namespaced=false
-  
+
   # Print the supported API resources with a specific APIGroup
   oc api-resources --api-group=rbac.authorization.k8s.io
 ----
@@ -84,20 +84,20 @@ Apply a configuration to a resource by file name or stdin
 ----
   # Apply the configuration in pod.json to a pod
   oc apply -f ./pod.json
-  
+
   # Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
   oc apply -k dir/
-  
+
   # Apply the JSON passed into stdin to a pod
   cat pod.json | oc apply -f -
-  
+
   # Apply the configuration from all files that end with '.json' - i.e. expand wildcard characters in file names
   oc apply -f '*.json'
-  
+
   # Note: --prune is still in Alpha
   # Apply the configuration in manifest.yaml that matches label app=nginx and delete all other resources that are not in the file and match label app=nginx
   oc apply --prune -f manifest.yaml -l app=nginx
-  
+
   # Apply the configuration in manifest.yaml and delete all the other config maps that are not in the file
   oc apply --prune -f manifest.yaml --all --prune-allowlist=core/v1/ConfigMap
 ----
@@ -112,7 +112,7 @@ Edit latest last-applied-configuration annotations of a resource/object
 ----
   # Edit the last-applied-configuration annotations by type/name in YAML
   oc apply edit-last-applied deployment/nginx
-  
+
   # Edit the last-applied-configuration annotations by file in JSON
   oc apply edit-last-applied -f deploy.yaml -o json
 ----
@@ -127,10 +127,10 @@ Set the last-applied-configuration annotation on a live object to match the cont
 ----
   # Set the last-applied-configuration of a resource to match the contents of a file
   oc apply set-last-applied -f deploy.yaml
-  
+
   # Execute set-last-applied against each configuration file in a directory
   oc apply set-last-applied -f path/
-  
+
   # Set the last-applied-configuration of a resource to match the contents of a file; will create the annotation if it does not already exist
   oc apply set-last-applied -f deploy.yaml --create-annotation=true
 ----
@@ -145,7 +145,7 @@ View the latest last-applied-configuration annotations of a resource/object
 ----
   # View the last-applied-configuration annotations by type/name in YAML
   oc apply view-last-applied deployment/nginx
-  
+
   # View the last-applied-configuration annotations by file in JSON
   oc apply view-last-applied -f deploy.yaml -o json
 ----
@@ -161,14 +161,14 @@ Attach to a running container
   # Get output from running pod mypod; use the 'oc.kubernetes.io/default-container' annotation
   # for selecting the container to be attached or the first container in the pod will be chosen
   oc attach mypod
-  
+
   # Get output from ruby-container from pod mypod
   oc attach mypod -c ruby-container
-  
+
   # Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod
   # and sends stdout/stderr from 'bash' back to the client
   oc attach mypod -c ruby-container -i -t
-  
+
   # Get output from the first pod of a replica set named nginx
   oc attach rs/nginx
 ----
@@ -183,22 +183,27 @@ Check whether an action is allowed
 ----
   # Check to see if I can create pods in any namespace
   oc auth can-i create pods --all-namespaces
-  
+
   # Check to see if I can list deployments in my current namespace
   oc auth can-i list deployments.apps
-  
+
+  # Check to see if service account "foo" of namespace "dev" can list pods
+  # in the namespace "prod".
+  # You must be allowed to use impersonation for the global option "--as".
+  oc auth can-i list pods --as=system:serviceaccount:dev:foo -n prod
+
   # Check to see if I can do everything in my current namespace ("*" means all)
   oc auth can-i '*' '*'
-  
+
   # Check to see if I can get the job named "bar" in namespace "foo"
   oc auth can-i list jobs.batch/bar -n foo
-  
+
   # Check to see if I can read pod logs
   oc auth can-i get pods --subresource=log
-  
+
   # Check to see if I can access the URL /logs/
   oc auth can-i get /logs/
-  
+
   # List all allowed actions in namespace "foo"
   oc auth can-i --list --namespace=foo
 ----
@@ -217,6 +222,21 @@ Reconciles rules for RBAC role, role binding, cluster role, and cluster role bin
 
 
 
+== oc auth whoami
+Experimental: Check self subject attributes
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Get your subject attributes.
+  oc auth whoami
+
+  # Get your subject attributes in JSON format.
+  oc auth whoami -o json
+----
+
+
+
 == oc autoscale
 Autoscale a deployment config, deployment, replica set, stateful set, or replication controller
 
@@ -225,7 +245,7 @@ Autoscale a deployment config, deployment, replica set, stateful set, or replica
 ----
   # Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used
   oc autoscale deployment foo --min=2 --max=10
-  
+
   # Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%
   oc autoscale rc foo --max=5 --cpu-percent=80
 ----
@@ -240,16 +260,16 @@ Cancel running, pending, or new builds
 ----
   # Cancel the build with the given name
   oc cancel-build ruby-build-2
-  
+
   # Cancel the named build and print the build logs
   oc cancel-build ruby-build-2 --dump-logs
-  
+
   # Cancel the named build and create a new one with the same parameters
   oc cancel-build ruby-build-2 --restart
-  
+
   # Cancel multiple builds
   oc cancel-build ruby-build-1 ruby-build-2 ruby-build-3
-  
+
   # Cancel all builds created from the 'ruby-build' build config that are in the 'new' state
   oc cancel-build bc/ruby-build --state=new
 ----
@@ -276,13 +296,13 @@ Dump relevant information for debugging and diagnosis
 ----
   # Dump current cluster state to stdout
   oc cluster-info dump
-  
+
   # Dump current cluster state to /path/to/cluster-state
   oc cluster-info dump --output-directory=/path/to/cluster-state
-  
+
   # Dump all namespaces to stdout
   oc cluster-info dump --all-namespaces
-  
+
   # Dump a set of namespaces to /path/to/cluster-state
   oc cluster-info dump --namespaces default,kube-system --output-directory=/path/to/cluster-state
 ----
@@ -303,8 +323,8 @@ Output shell completion code for the specified shell (bash, zsh, fish, or powers
   ## If oc is installed via homebrew, this should start working immediately
   ## If you've installed via other means, you may need add the completion to your completion directory
   oc completion bash > $(brew --prefix)/etc/bash_completion.d/oc
-  
-  
+
+
   # Installing bash completion on Linux
   ## If bash-completion is not installed on Linux, install the 'bash-completion' package
   ## via your distribution's package manager.
@@ -317,18 +337,18 @@ Output shell completion code for the specified shell (bash, zsh, fish, or powers
   source '$HOME/.kube/completion.bash.inc'
   " >> $HOME/.bash_profile
   source $HOME/.bash_profile
-  
+
   # Load the oc completion code for zsh[1] into the current shell
   source <(oc completion zsh)
   # Set the oc completion code for zsh[1] to autoload on startup
   oc completion zsh > "${fpath[1]}/_oc"
-  
-  
+
+
   # Load the oc completion code for fish[2] into the current shell
   oc completion fish | source
   # To load completions for each session, execute once:
   oc completion fish > ~/.config/fish/completions/oc.fish
-  
+
   # Load the oc completion code for powershell into the current shell
   oc completion powershell | Out-String | Invoke-Expression
   # Set oc completion code for powershell to run on startup
@@ -413,7 +433,7 @@ Describe one or many contexts
 ----
   # List all the contexts in your kubeconfig file
   oc config get-contexts
-  
+
   # Describe one context in your kubeconfig file
   oc config get-contexts my-context
 ----
@@ -432,6 +452,48 @@ Display users defined in the kubeconfig
 
 
 
+== oc config new-admin-kubeconfig
+Generate, make the server trust, and display a new admin.kubeconfig.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Generate a new admin kubeconfig
+  oc config new-admin-kubeconfig
+----
+
+
+
+== oc config new-kubelet-bootstrap-kubeconfig
+Generate, make the server trust, and display a new kubelet /etc/kubernetes/kubeconfig.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Generate a new kubelet bootstrap kubeconfig
+  oc config new-kubelet-bootstrap-kubeconfig
+----
+
+
+
+== oc config refresh-ca-bundle
+Update the OpenShift CA bundle by contacting the apiserver.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Refresh the CA bundle for the current context's cluster
+  oc config refresh-ca-bundle
+
+  # Refresh the CA bundle for the cluster named e2e in your kubeconfig
+  oc config refresh-ca-bundle e2e
+
+  # Print the CA bundle from the current OpenShift cluster's apiserver.
+  oc config refresh-ca-bundle --dry-run
+----
+
+
+
 == oc config rename-context
 Rename a context from the kubeconfig file
 
@@ -452,13 +514,13 @@ Set an individual value in a kubeconfig file
 ----
   # Set the server field on the my-cluster cluster to https://1.2.3.4
   oc config set clusters.my-cluster.server https://1.2.3.4
-  
+
   # Set the certificate-authority-data field on the my-cluster cluster
   oc config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -)
-  
+
   # Set the cluster field in the my-context context to my-cluster
   oc config set contexts.my-context.cluster my-cluster
-  
+
   # Set the client-key-data field in the cluster-admin user using --set-raw-bytes option
   oc config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true
 ----
@@ -473,16 +535,16 @@ Set a cluster entry in kubeconfig
 ----
   # Set only the server field on the e2e cluster entry without touching other values
   oc config set-cluster e2e --server=https://1.2.3.4
-  
+
   # Embed certificate authority data for the e2e cluster entry
   oc config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt
-  
+
   # Disable cert checking for the e2e cluster entry
   oc config set-cluster e2e --insecure-skip-tls-verify=true
-  
+
   # Set custom TLS server name to use for validation for the e2e cluster entry
   oc config set-cluster e2e --tls-server-name=my-cluster-name
-  
+
   # Set proxy url for the e2e cluster entry
   oc config set-cluster e2e --proxy-url=https://1.2.3.4
 ----
@@ -510,31 +572,31 @@ Set a user entry in kubeconfig
   # Set only the "client-key" field on the "cluster-admin"
   # entry, without touching other values
   oc config set-credentials cluster-admin --client-key=~/.kube/admin.key
-  
+
   # Set basic auth for the "cluster-admin" entry
   oc config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
-  
+
   # Embed client certificate data in the "cluster-admin" entry
   oc config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true
-  
+
   # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
   oc config set-credentials cluster-admin --auth-provider=gcp
-  
+
   # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
   oc config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
-  
+
   # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
   oc config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
-  
+
   # Enable new exec auth plugin for the "cluster-admin" entry
   oc config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1
-  
+
   # Define new exec auth plugin args for the "cluster-admin" entry
   oc config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
-  
+
   # Create or update exec auth plugin environment variables for the "cluster-admin" entry
   oc config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
-  
+
   # Remove exec auth plugin environment variables for the "cluster-admin" entry
   oc config set-credentials cluster-admin --exec-env=var-to-remove-
 ----
@@ -549,7 +611,7 @@ Unset an individual value in a kubeconfig file
 ----
   # Unset the current-context
   oc config unset current-context
-  
+
   # Unset namespace in foo context
   oc config unset contexts.foo.namespace
 ----
@@ -576,10 +638,10 @@ Display merged kubeconfig settings or a specified kubeconfig file
 ----
   # Show merged kubeconfig settings
   oc config view
-  
+
   # Show merged kubeconfig settings and raw certificate data and exposed secrets
   oc config view --raw
-  
+
   # Get the password for the e2e user
   oc config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
 ----
@@ -598,22 +660,22 @@ Copy files and directories to and from containers
   #
   # For advanced use cases, such as symlinks, wildcard expansion or
   # file mode preservation, consider using 'oc exec'.
-  
+
   # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace <some-namespace>
   tar cf - /tmp/foo | oc exec -i -n <some-namespace> <some-pod> -- tar xf - -C /tmp/bar
-  
+
   # Copy /tmp/foo from a remote pod to /tmp/bar locally
   oc exec -n <some-namespace> <some-pod> -- tar cf - /tmp/foo | tar xf - -C /tmp/bar
-  
+
   # Copy /tmp/foo_dir local directory to /tmp/bar_dir in a remote pod in the default namespace
   oc cp /tmp/foo_dir <some-pod>:/tmp/bar_dir
-  
+
   # Copy /tmp/foo local file to /tmp/bar in a remote pod in a specific container
   oc cp /tmp/foo <some-pod>:/tmp/bar -c <specific-container>
-  
+
   # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace <some-namespace>
   oc cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar
-  
+
   # Copy /tmp/foo from a remote pod to /tmp/bar locally
   oc cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
 ----
@@ -628,10 +690,10 @@ Create a resource from a file or from stdin
 ----
   # Create a pod using the data in pod.json
   oc create -f ./pod.json
-  
+
   # Create a pod based on the JSON passed into stdin
   cat pod.json | oc create -f -
-  
+
   # Edit the data in registry.yaml in JSON then create the resource using the edited data
   oc create -f registry.yaml --edit -o json
 ----
@@ -670,19 +732,19 @@ Create a cluster role
 ----
   # Create a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
   oc create clusterrole pod-reader --verb=get,list,watch --resource=pods
-  
+
   # Create a cluster role named "pod-reader" with ResourceName specified
   oc create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
-  
+
   # Create a cluster role named "foo" with API Group specified
   oc create clusterrole foo --verb=get,list,watch --resource=rs.apps
-  
+
   # Create a cluster role named "foo" with SubResource specified
   oc create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
-  
+
   # Create a cluster role name "foo" with NonResourceURL specified
   oc create clusterrole "foo" --verb=get --non-resource-url=/logs/*
-  
+
   # Create a cluster role name "monitoring" with AggregationRule specified
   oc create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"
 ----
@@ -709,16 +771,16 @@ Create a config map from a local file, directory or literal value
 ----
   # Create a new config map named my-config based on folder bar
   oc create configmap my-config --from-file=path/to/bar
-  
+
   # Create a new config map named my-config with specified keys instead of file basenames on disk
   oc create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
-  
+
   # Create a new config map named my-config with key1=config1 and key2=config2
   oc create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
-  
+
   # Create a new config map named my-config from the key=value pairs in the file
   oc create configmap my-config --from-file=path/to/bar
-  
+
   # Create a new config map named my-config from an env file
   oc create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env
 ----
@@ -733,7 +795,7 @@ Create a cron job with the specified name
 ----
   # Create a cron job
   oc create cronjob my-job --image=busybox --schedule="*/1 * * * *"
-  
+
   # Create a cron job with a command
   oc create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date
 ----
@@ -748,13 +810,13 @@ Create a deployment with the specified name
 ----
   # Create a deployment named my-dep that runs the busybox image
   oc create deployment my-dep --image=busybox
-  
+
   # Create a deployment with a command
   oc create deployment my-dep --image=busybox -- date
-  
+
   # Create a deployment named my-dep that runs the nginx image with 3 replicas
   oc create deployment my-dep --image=nginx --replicas=3
-  
+
   # Create a deployment named my-dep that runs the busybox image and expose port 5701
   oc create deployment my-dep --image=busybox --port=5701
 ----
@@ -818,34 +880,34 @@ Create an ingress with the specified name
   # Create a single ingress called 'simple' that directs requests to foo.com/bar to svc
   # svc1:8080 with a tls secret "my-cert"
   oc create ingress simple --rule="foo.com/bar=svc1:8080,tls=my-cert"
-  
+
   # Create a catch all ingress of "/path" pointing to service svc:port and Ingress Class as "otheringress"
   oc create ingress catch-all --class=otheringress --rule="/path=svc:port"
-  
+
   # Create an ingress with two annotations: ingress.annotation1 and ingress.annotations2
   oc create ingress annotated --class=default --rule="foo.com/bar=svc:port" \
   --annotation ingress.annotation1=foo \
   --annotation ingress.annotation2=bla
-  
+
   # Create an ingress with the same host and multiple paths
   oc create ingress multipath --class=default \
   --rule="foo.com/=svc:port" \
   --rule="foo.com/admin/=svcadmin:portadmin"
-  
+
   # Create an ingress with multiple hosts and the pathType as Prefix
   oc create ingress ingress1 --class=default \
   --rule="foo.com/path*=svc:8080" \
   --rule="bar.com/admin*=svc2:http"
-  
+
   # Create an ingress with TLS enabled using the default ingress certificate and different path types
   oc create ingress ingtls --class=default \
   --rule="foo.com/=svc:https,tls" \
   --rule="foo.com/path/subpath*=othersvc:8080"
-  
+
   # Create an ingress with TLS enabled using a specific secret and pathType as Prefix
   oc create ingress ingsecret --class=default \
   --rule="foo.com/*=svc:8080,tls=secret1"
-  
+
   # Create an ingress with a default backend
   oc create ingress ingdefault --class=default \
   --default-backend=defaultsvc:http \
@@ -862,10 +924,10 @@ Create a job with the specified name
 ----
   # Create a job
   oc create job my-job --image=busybox
-  
+
   # Create a job with a command
   oc create job my-job --image=busybox -- date
-  
+
   # Create a job from a cron job named "a-cronjob"
   oc create job test-job --from=cronjob/a-cronjob
 ----
@@ -893,7 +955,7 @@ Create a pod disruption budget with the specified name
   # Create a pod disruption budget named my-pdb that will select all pods with the app=rails label
   # and require at least one of them being available at any point in time
   oc create poddisruptionbudget my-pdb --selector=app=rails --min-available=1
-  
+
   # Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label
   # and require at least half of the pods selected to be available at any point in time
   oc create pdb my-pdb --selector=app=nginx --min-available=50%
@@ -909,10 +971,10 @@ Create a priority class with the specified name
 ----
   # Create a priority class named high-priority
   oc create priorityclass high-priority --value=1000 --description="high priority"
-  
+
   # Create a priority class named default-priority that is considered as the global default priority
   oc create priorityclass default-priority --value=1000 --global-default=true --description="default priority"
-  
+
   # Create a priority class named high-priority that cannot preempt pods with lower priority
   oc create priorityclass high-priority --value=1000 --description="high priority" --preemption-policy="Never"
 ----
@@ -927,7 +989,7 @@ Create a quota with the specified name
 ----
   # Create a new resource quota named my-quota
   oc create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
-  
+
   # Create a new resource quota named best-effort
   oc create quota best-effort --hard=pods=100 --scopes=BestEffort
 ----
@@ -942,13 +1004,13 @@ Create a role with single rule
 ----
   # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
   oc create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
-  
+
   # Create a role named "pod-reader" with ResourceName specified
   oc create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
-  
+
   # Create a role named "foo" with API Group specified
   oc create role foo --verb=get,list,watch --resource=rs.apps
-  
+
   # Create a role named "foo" with SubResource specified
   oc create role foo --verb=get,list,watch --resource=pods,pods/status
 ----
@@ -963,6 +1025,9 @@ Create a role binding for a particular role or cluster role
 ----
   # Create a role binding for user1, user2, and group1 using the admin cluster role
   oc create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
+
+  # Create a role binding for serviceaccount monitoring:sa-dev using the admin role
+  oc create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev
 ----
 
 
@@ -975,7 +1040,7 @@ Create a route that uses edge TLS termination
 ----
   # Create an edge route named "my-route" that exposes the frontend service
   oc create route edge my-route --service=frontend
-  
+
   # Create an edge route that exposes the frontend service and specify a path
   # If the route name is omitted, the service name will be used
   oc create route edge --service=frontend --path /assets
@@ -991,7 +1056,7 @@ Create a route that uses passthrough TLS termination
 ----
   # Create a passthrough route named "my-route" that exposes the frontend service
   oc create route passthrough my-route --service=frontend
-  
+
   # Create a passthrough route that exposes the frontend service and specify
   # a host name. If the route name is omitted, the service name will be used
   oc create route passthrough --service=frontend --hostname=www.example.com
@@ -1007,7 +1072,7 @@ Create a route that uses reencrypt TLS termination
 ----
   # Create a route named "my-route" that exposes the frontend service
   oc create route reencrypt my-route --service=frontend --dest-ca-cert cert.cert
-  
+
   # Create a reencrypt route that exposes the frontend service, letting the
   # route name default to the service name and the destination CA certificate
   # default to the service CA
@@ -1024,7 +1089,7 @@ Create a secret for use with a Docker registry
 ----
   # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
   oc create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
-  
+
   # Create a new secret named my-secret from ~/.docker/config.json
   oc create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json
 ----
@@ -1039,16 +1104,16 @@ Create a secret from a local file, directory, or literal value
 ----
   # Create a new secret named my-secret with keys for each file in folder bar
   oc create secret generic my-secret --from-file=path/to/bar
-  
+
   # Create a new secret named my-secret with specified keys instead of names on disk
   oc create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
-  
+
   # Create a new secret named my-secret with key1=supersecret and key2=topsecret
   oc create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
-  
+
   # Create a new secret named my-secret using a combination of a file and a literal
   oc create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
-  
+
   # Create a new secret named my-secret from env files
   oc create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env
 ----
@@ -1075,7 +1140,7 @@ Create a ClusterIP service
 ----
   # Create a new ClusterIP service named my-cs
   oc create service clusterip my-cs --tcp=5678:8080
-  
+
   # Create a new ClusterIP service named my-cs (in headless mode)
   oc create service clusterip my-cs --clusterip="None"
 ----
@@ -1138,19 +1203,19 @@ Request a service account token
 ----
   # Request a token to authenticate to the kube-apiserver as the service account "myapp" in the current namespace
   oc create token myapp
-  
+
   # Request a token for a service account in a custom namespace
   oc create token myapp --namespace myns
-  
+
   # Request a token with a custom expiration
   oc create token myapp --duration 10m
-  
+
   # Request a token with a custom audience
   oc create token myapp --audience https://example.com
-  
+
   # Request a token bound to an instance of a Secret object
   oc create token myapp --bound-object-kind Secret --bound-object-name mysecret
-  
+
   # Request a token bound to an instance of a Secret object with a specific uid
   oc create token myapp --bound-object-kind Secret --bound-object-name mysecret --bound-object-uid 0d4691ed-659b-4935-a832-355f77ee47cc
 ----
@@ -1189,25 +1254,25 @@ Launch a new instance of a pod for debugging
 ----
   # Start a shell session into a pod using the OpenShift tools image
   oc debug
-  
+
   # Debug a currently running deployment by creating a new pod
   oc debug deploy/test
-  
+
   # Debug a node as an administrator
   oc debug node/master-1
-  
+
   # Launch a shell in a pod using the provided image stream tag
   oc debug istag/mysql:latest -n openshift
-  
+
   # Test running a job as a non-root user
   oc debug job/test --as-user=1000000
-  
+
   # Debug a specific failing container by running the env command in the 'second' container
   oc debug daemonset/test -c second -- /bin/env
-  
+
   # See the pod that would be created to debug
   oc debug mypod-9xbc -o yaml
-  
+
   # Debug a resource but launch the debug pod in another namespace
   # Note: Not all resources can be debugged using --to-namespace without modification. For example,
   # volumes and service accounts are namespace-dependent. Add '-o yaml' to output the debug pod definition
@@ -1225,28 +1290,28 @@ Delete resources by file names, stdin, resources and names, or by resources and
 ----
   # Delete a pod using the type and name specified in pod.json
   oc delete -f ./pod.json
-  
+
   # Delete resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
   oc delete -k dir
-  
+
   # Delete resources from all files that end with '.json' - i.e. expand wildcard characters in file names
   oc delete -f '*.json'
-  
+
   # Delete a pod based on the type and name in the JSON passed into stdin
   cat pod.json | oc delete -f -
-  
+
   # Delete pods and services with same names "baz" and "foo"
   oc delete pod,service baz foo
-  
+
   # Delete pods and services with label name=myLabel
   oc delete pods,services -l name=myLabel
-  
+
   # Delete a pod with minimal delay
   oc delete pod foo --now
-  
+
   # Force delete a pod on a dead node
   oc delete pod foo --force
-  
+
   # Delete all pods
   oc delete pods --all
 ----
@@ -1261,19 +1326,19 @@ Show details of a specific resource or group of resources
 ----
   # Describe a node
   oc describe nodes kubernetes-node-emt8.c.myproject.internal
-  
+
   # Describe a pod
   oc describe pods/nginx
-  
+
   # Describe a pod identified by type and name in "pod.json"
   oc describe -f pod.json
-  
+
   # Describe all pods
   oc describe pods
-  
+
   # Describe pods by label name=myLabel
   oc describe po -l name=myLabel
-  
+
   # Describe all pods managed by the 'frontend' replication controller
   # (rc-created pods get the name of the rc as a prefix in the pod name)
   oc describe pods frontend
@@ -1289,7 +1354,7 @@ Diff the live version against a would-be applied version
 ----
   # Diff resources included in pod.json
   oc diff -f pod.json
-  
+
   # Diff file read from stdin
   cat service.yaml | oc diff -f -
 ----
@@ -1304,16 +1369,16 @@ Edit a resource on the server
 ----
   # Edit the service named 'registry'
   oc edit svc/registry
-  
+
   # Use an alternative editor
   KUBE_EDITOR="nano" oc edit svc/registry
-  
+
   # Edit the job 'myjob' in JSON using the v1 API format
   oc edit job.v1.batch/myjob -o json
-  
+
   # Edit the deployment 'mydeployment' in YAML and save the modified config in its annotation
   oc edit deployment/mydeployment -o yaml --save-config
-  
+
   # Edit the deployment/mydeployment's status subresource
   oc edit deployment mydeployment --subresource='status'
 ----
@@ -1328,16 +1393,16 @@ List events
 ----
   # List recent events in the default namespace.
   oc events
-  
+
   # List recent events in all namespaces.
   oc events --all-namespaces
-  
+
   # List recent events for the specified pod, then wait for more events and list them as they arrive.
   oc events --for pod/web-pod-13je7 --watch
-  
+
   # List recent events in given format. Supported ones, apart from default, are json and yaml.
   oc events -oyaml
-  
+
   # List recent only events in given event types
   oc events --types=Warning,Normal
 ----
@@ -1352,24 +1417,24 @@ Execute a command in a container
 ----
   # Get output from running the 'date' command from pod mypod, using the first container by default
   oc exec mypod -- date
-  
+
   # Get output from running the 'date' command in ruby-container from pod mypod
   oc exec mypod -c ruby-container -- date
-  
+
   # Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod
   # and sends stdout/stderr from 'bash' back to the client
   oc exec mypod -c ruby-container -i -t -- bash -il
-  
+
   # List contents of /usr from the first container of pod mypod and sort by modification time
   # If the command you want to execute in the pod has any flags in common (e.g. -i),
   # you must use two dashes (--) to separate your command's flags/arguments
   # Also note, do not surround your command and its flags/arguments with quotes
   # unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr")
   oc exec mypod -i -t -- ls -t /usr
-  
+
   # Get output from running 'date' command from the first pod of the deployment mydeployment, using the first container by default
   oc exec deploy/mydeployment -- date
-  
+
   # Get output from running 'date' command from the first pod of the service myservice, using the first container by default
   oc exec svc/myservice -- date
 ----
@@ -1384,7 +1449,7 @@ Get documentation for a resource
 ----
   # Get the documentation of the resource and its fields
   oc explain pods
-  
+
   # Get the documentation of a specific field of a resource
   oc explain pods.spec.containers
 ----
@@ -1399,20 +1464,20 @@ Expose a replicated application as a service or route
 ----
   # Create a route based on service nginx. The new route will reuse nginx's labels
   oc expose service nginx
-  
+
   # Create a route and specify your own label and route name
   oc expose service nginx -l name=myroute --name=fromdowntown
-  
+
   # Create a route and specify a host name
   oc expose service nginx --hostname=www.example.com
-  
+
   # Create a route with a wildcard
   oc expose service nginx --hostname=x.example.com --wildcard-policy=Subdomain
   # This would be equivalent to *.example.com. NOTE: only hosts are matched by the wildcard; subdomains would not be included
-  
+
   # Expose a deployment configuration as a service and use the specified port
   oc expose dc ruby-hello-world --port=8080
-  
+
   # Expose a service as a route in the specified path
   oc expose service nginx --path=/nginx
 ----
@@ -1427,13 +1492,13 @@ Extract secrets or config maps to disk
 ----
   # Extract the secret "test" to the current directory
   oc extract secret/test
-  
+
   # Extract the config map "nginx" to the /tmp directory
   oc extract configmap/nginx --to=/tmp
-  
+
   # Extract the config map "nginx" to STDOUT
   oc extract configmap/nginx --to=-
-  
+
   # Extract only the key "nginx.conf" from config map "nginx" to the /tmp directory
   oc extract configmap/nginx --to=/tmp --keys=nginx.conf
 ----
@@ -1448,37 +1513,37 @@ Display one or many resources
 ----
   # List all pods in ps output format
   oc get pods
-  
+
   # List all pods in ps output format with more information (such as node name)
   oc get pods -o wide
-  
+
   # List a single replication controller with specified NAME in ps output format
   oc get replicationcontroller web
-  
+
   # List deployments in JSON output format, in the "v1" version of the "apps" API group
   oc get deployments.v1.apps -o json
-  
+
   # List a single pod in JSON output format
   oc get -o json pod web-pod-13je7
-  
+
   # List a pod identified by type and name specified in "pod.yaml" in JSON output format
   oc get -f pod.yaml -o json
-  
+
   # List resources from a directory with kustomization.yaml - e.g. dir/kustomization.yaml
   oc get -k dir/
-  
+
   # Return only the phase value of the specified pod
   oc get -o template pod/web-pod-13je7 --template={{.status.phase}}
-  
+
   # List resource information in custom columns
   oc get pod test-pod -o custom-columns=CONTAINER:.spec.containers[0].name,IMAGE:.spec.containers[0].image
-  
+
   # List all replication controllers and services together in ps output format
   oc get rc,services
-  
+
   # List one or more resources by their type and names
   oc get rc/web service/frontend pods/web-pod-13je7
-  
+
   # List status subresource for a single pod.
   oc get pod web-pod-13je7 --subresource status
 ----
@@ -1505,27 +1570,33 @@ Add layers to images and push them to a registry
 ----
   # Remove the entrypoint on the mysql:latest image
   oc image append --from mysql:latest --to myregistry.com/myimage:latest --image '{"Entrypoint":null}'
-  
+
   # Add a new layer to the image
   oc image append --from mysql:latest --to myregistry.com/myimage:latest layer.tar.gz
-  
+
   # Add a new layer to the image and store the result on disk
   # This results in $(pwd)/v2/mysql/blobs,manifests
   oc image append --from mysql:latest --to file://mysql:local layer.tar.gz
-  
+
   # Add a new layer to the image and store the result on disk in a designated directory
   # This will result in $(pwd)/mysql-local/v2/mysql/blobs,manifests
   oc image append --from mysql:latest --to file://mysql:local --dir mysql-local layer.tar.gz
-  
+
   # Add a new layer to an image that is stored on disk (~/mysql-local/v2/image exists)
   oc image append --from-dir ~/mysql-local --to myregistry.com/myimage:latest layer.tar.gz
-  
+
   # Add a new layer to an image that was mirrored to the current directory on disk ($(pwd)/v2/image exists)
   oc image append --from-dir v2 --to myregistry.com/myimage:latest layer.tar.gz
-  
+
   # Add a new layer to a multi-architecture image for an os/arch that is different from the system's os/arch
-  # Note: Wildcard filter is not supported with append. Pass a single os/arch to append
+  # Note: The first image in the manifest list that matches the filter will be returned when --keep-manifest-list is not specified
   oc image append --from docker.io/library/busybox:latest --filter-by-os=linux/s390x --to myregistry.com/myimage:latest layer.tar.gz
+
+  # Add a new layer to a multi-architecture image for all the os/arch manifests when keep-manifest-list is specified
+  oc image append --from docker.io/library/busybox:latest --keep-manifest-list --to myregistry.com/myimage:latest layer.tar.gz
+
+  # Add a new layer to a multi-architecture image for all the os/arch manifests that is specified by the filter, while preserving the manifestlist
+  oc image append --from docker.io/library/busybox:latest --filter-by-os=linux/s390x --keep-manifest-list --to myregistry.com/myimage:latest layer.tar.gz
 ----
 
 
@@ -1538,41 +1609,41 @@ Copy files from an image to the file system
 ----
   # Extract the busybox image into the current directory
   oc image extract docker.io/library/busybox:latest
-  
+
   # Extract the busybox image into a designated directory (must exist)
   oc image extract docker.io/library/busybox:latest --path /:/tmp/busybox
-  
+
   # Extract the busybox image into the current directory for linux/s390x platform
-  # Note: Wildcard filter is not supported with extract. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported with extract; pass a single os/arch to extract
   oc image extract docker.io/library/busybox:latest --filter-by-os=linux/s390x
-  
+
   # Extract a single file from the image into the current directory
   oc image extract docker.io/library/centos:7 --path /bin/bash:.
-  
+
   # Extract all .repo files from the image's /etc/yum.repos.d/ folder into the current directory
   oc image extract docker.io/library/centos:7 --path /etc/yum.repos.d/*.repo:.
-  
+
   # Extract all .repo files from the image's /etc/yum.repos.d/ folder into a designated directory (must exist)
   # This results in /tmp/yum.repos.d/*.repo on local system
   oc image extract docker.io/library/centos:7 --path /etc/yum.repos.d/*.repo:/tmp/yum.repos.d
-  
+
   # Extract an image stored on disk into the current directory ($(pwd)/v2/busybox/blobs,manifests exists)
   # --confirm is required because the current directory is not empty
   oc image extract file://busybox:local --confirm
-  
+
   # Extract an image stored on disk in a directory other than $(pwd)/v2 into the current directory
   # --confirm is required because the current directory is not empty ($(pwd)/busybox-mirror-dir/v2/busybox exists)
   oc image extract file://busybox:local --dir busybox-mirror-dir --confirm
-  
+
   # Extract an image stored on disk in a directory other than $(pwd)/v2 into a designated directory (must exist)
   oc image extract file://busybox:local --dir busybox-mirror-dir --path /:/tmp/busybox
-  
+
   # Extract the last layer in the image
   oc image extract docker.io/library/centos:7[-1]
-  
+
   # Extract the first three layers of the image
   oc image extract docker.io/library/centos:7[:3]
-  
+
   # Extract the last three layers of the image
   oc image extract docker.io/library/centos:7[-3:]
 ----
@@ -1587,13 +1658,13 @@ Display information about an image
 ----
   # Show information about an image
   oc image info quay.io/openshift/cli:latest
-  
+
   # Show information about images matching a wildcard
   oc image info quay.io/openshift/cli:4.*
-  
+
   # Show information about a file mirrored to disk under DIR
   oc image info --dir=DIR file://library/busybox:latest
-  
+
   # Select which image from a multi-OS image to show
   oc image info library/busybox:latest --filter-by-os=linux/arm64
 ----
@@ -1608,49 +1679,57 @@ Mirror images from one repository to another
 ----
   # Copy image to another tag
   oc image mirror myregistry.com/myimage:latest myregistry.com/myimage:stable
-  
+
   # Copy image to another registry
   oc image mirror myregistry.com/myimage:latest docker.io/myrepository/myimage:stable
-  
+
   # Copy all tags starting with mysql to the destination repository
   oc image mirror myregistry.com/myimage:mysql* docker.io/myrepository/myimage
-  
+
   # Copy image to disk, creating a directory structure that can be served as a registry
   oc image mirror myregistry.com/myimage:latest file://myrepository/myimage:latest
-  
+
   # Copy image to S3 (pull from <bucket>.s3.amazonaws.com/image:latest)
   oc image mirror myregistry.com/myimage:latest s3://s3.amazonaws.com/<region>/<bucket>/image:latest
-  
+
   # Copy image to S3 without setting a tag (pull via @<digest>)
   oc image mirror myregistry.com/myimage:latest s3://s3.amazonaws.com/<region>/<bucket>/image
-  
+
   # Copy image to multiple locations
   oc image mirror myregistry.com/myimage:latest docker.io/myrepository/myimage:stable \
   docker.io/myrepository/myimage:dev
-  
+
   # Copy multiple images
   oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
   myregistry.com/myimage:new=myregistry.com/other:target
-  
+
   # Copy manifest list of a multi-architecture image, even if only a single image is found
   oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
   --keep-manifest-list=true
-  
+
   # Copy specific os/arch manifest of a multi-architecture image
   # Run 'oc image info myregistry.com/myimage:latest' to see available os/arch for multi-arch images
   # Note that with multi-arch images, this results in a new manifest list digest that includes only
   # the filtered manifests
   oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
   --filter-by-os=os/arch
-  
+
   # Copy all os/arch manifests of a multi-architecture image
   # Run 'oc image info myregistry.com/myimage:latest' to see list of os/arch manifests that will be mirrored
   oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
   --keep-manifest-list=true
-  
+
   # Note the above command is equivalent to
   oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
   --filter-by-os=.*
+
+  # Copy specific os/arch manifest of a multi-architecture image
+  # Run 'oc image info myregistry.com/myimage:latest' to see available os/arch for multi-arch images
+  # Note that the target registry may reject a manifest list if the platform specific images do not all
+  # exist. You must use a registry with sparse registry support enabled.
+  oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \
+  --filter-by-os=os/arch \
+  --keep-manifest-list=true
 ----
 
 
@@ -1663,22 +1742,22 @@ Import images from a container image registry
 ----
   # Import tag latest into a new image stream
   oc import-image mystream --from=registry.io/repo/image:latest --confirm
-  
+
   # Update imported data for tag latest in an already existing image stream
   oc import-image mystream
-  
+
   # Update imported data for tag stable in an already existing image stream
   oc import-image mystream:stable
-  
+
   # Update imported data for all tags in an existing image stream
   oc import-image mystream --all
-  
-  # Update imported data for a tag which points to a manifest list to include the full manifest list
+
+  # Update imported data for a tag that points to a manifest list to include the full manifest list
   oc import-image mystream --import-mode=PreserveOriginal
-  
+
   # Import all tags into a new image stream
   oc import-image mystream --from=registry.io/repo/image --all --confirm
-  
+
   # Import all tags into a new image stream using a custom timeout
   oc --request-timeout=5m import-image mystream --from=registry.io/repo/image --all --confirm
 ----
@@ -1686,17 +1765,17 @@ Import images from a container image registry
 
 
 == oc kustomize
-Build a kustomization target from a directory or URL.
+Build a kustomization target from a directory or URL
 
 .Example usage
 [source,bash,options="nowrap"]
 ----
   # Build the current working directory
   oc kustomize
-  
+
   # Build some shared configuration directory
   oc kustomize /home/config/production
-  
+
   # Build from github
   oc kustomize https://github.com/kubernetes-sigs/kustomize.git/examples/helloWorld?ref=v1.0.6
 ----
@@ -1711,19 +1790,19 @@ Update the labels on a resource
 ----
   # Update pod 'foo' with the label 'unhealthy' and the value 'true'
   oc label pods foo unhealthy=true
-  
+
   # Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value
   oc label --overwrite pods foo status=unhealthy
-  
+
   # Update all pods in the namespace
   oc label pods --all status=unhealthy
-  
+
   # Update a pod identified by the type and name in "pod.json"
   oc label -f pod.json status=unhealthy
-  
+
   # Update pod 'foo' only if the resource is unchanged from version 1
   oc label pods foo status=unhealthy --resource-version=1
-  
+
   # Update pod 'foo' by removing a label named 'bar' if it exists
   # Does not require the --overwrite flag
   oc label pods foo bar-
@@ -1739,12 +1818,15 @@ Log in to a server
 ----
   # Log in interactively
   oc login --username=myuser
-  
+
   # Log in to the given server with the given certificate authority file
   oc login localhost:8443 --certificate-authority=/path/to/cert.crt
-  
+
   # Log in to the given server with the given credentials (will not prompt interactively)
   oc login localhost:8443 --username=myuser --password=mypass
+
+  # Log in to the given server through a browser
+  oc login localhost:8443 --web --callback-port 8280
 ----
 
 
@@ -1769,18 +1851,18 @@ Print the logs for a container in a pod
 ----
   # Start streaming the logs of the most recent build of the openldap build config
   oc logs -f bc/openldap
-  
+
   # Start streaming the logs of the latest deployment of the mysql deployment config
   oc logs -f dc/mysql
-  
+
   # Get the logs of the first deployment for the mysql deployment config. Note that logs
   # from older deployments may not exist either because the deployment was successful
   # or due to deployment pruning or manual deletion of the deployment
   oc logs --version=1 dc/mysql
-  
+
   # Return a snapshot of ruby-container logs from pod backend
   oc logs backend -c ruby-container
-  
+
   # Start streaming of ruby-container logs from pod backend
   oc logs -f pod/backend -c ruby-container
 ----
@@ -1795,44 +1877,47 @@ Create a new application
 ----
   # List all local templates and image streams that can be used to create an app
   oc new-app --list
-  
+
   # Create an application based on the source code in the current git repository (with a public remote) and a container image
   oc new-app . --image=registry/repo/langimage
-  
+
   # Create an application myapp with Docker based build strategy expecting binary input
   oc new-app  --strategy=docker --binary --name myapp
-  
+
   # Create a Ruby application based on the provided [image]~[source code] combination
   oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
-  
+
   # Use the public container registry MySQL image to create an app. Generated artifacts will be labeled with db=mysql
   oc new-app mysql MYSQL_USER=user MYSQL_PASSWORD=pass MYSQL_DATABASE=testdb -l db=mysql
-  
+
   # Use a MySQL image in a private registry to create an app and override application artifacts' names
   oc new-app --image=myregistry.com/mycompany/mysql --name=private
-  
+
+  # Use an image with the full manifest list to create an app and override application artifacts' names
+  oc new-app --image=myregistry.com/mycompany/image --name=private --import-mode=PreserveOriginal
+
   # Create an application from a remote repository using its beta4 branch
   oc new-app https://github.com/openshift/ruby-hello-world#beta4
-  
+
   # Create an application based on a stored template, explicitly setting a parameter value
   oc new-app --template=ruby-helloworld-sample --param=MYSQL_USER=admin
-  
+
   # Create an application from a remote repository and specify a context directory
   oc new-app https://github.com/youruser/yourgitrepo --context-dir=src/build
-  
+
   # Create an application from a remote private repository and specify which existing secret to use
   oc new-app https://github.com/youruser/yourgitrepo --source-secret=yoursecret
-  
+
   # Create an application based on a template file, explicitly setting a parameter value
   oc new-app --file=./example/myapp/template.json --param=MYSQL_USER=admin
-  
+
   # Search all templates, image streams, and container images for the ones that match "ruby"
   oc new-app --search ruby
-  
+
   # Search for "ruby", but only in stored templates (--template, --image-stream and --image
   # can be used to filter search results)
   oc new-app --search --template=ruby
-  
+
   # Search for "ruby" in stored templates and print the output as YAML
   oc new-app --search --template=ruby --output=yaml
 ----
@@ -1848,28 +1933,31 @@ Create a new build configuration
   # Create a build config based on the source code in the current git repository (with a public
   # remote) and a container image
   oc new-build . --image=repo/langimage
-  
+
   # Create a NodeJS build config based on the provided [image]~[source code] combination
   oc new-build centos/nodejs-8-centos7~https://github.com/sclorg/nodejs-ex.git
-  
+
   # Create a build config from a remote repository using its beta2 branch
   oc new-build https://github.com/openshift/ruby-hello-world#beta2
-  
+
   # Create a build config using a Dockerfile specified as an argument
   oc new-build -D $'FROM centos:7\nRUN yum install -y httpd'
-  
+
   # Create a build config from a remote repository and add custom environment variables
   oc new-build https://github.com/openshift/ruby-hello-world -e RACK_ENV=development
-  
+
   # Create a build config from a remote private repository and specify which existing secret to use
   oc new-build https://github.com/youruser/yourgitrepo --source-secret=yoursecret
-  
+
+  # Create a build config using  an image with the full manifest list to create an app and override application artifacts' names
+  oc new-build --image=myregistry.com/mycompany/image --name=private --import-mode=PreserveOriginal
+
   # Create a build config from a remote repository and inject the npmrc into a build
   oc new-build https://github.com/openshift/ruby-hello-world --build-secret npmrc:.npmrc
-  
+
   # Create a build config from a remote repository and inject environment data into a build
   oc new-build https://github.com/openshift/ruby-hello-world --build-config-map env:config
-  
+
   # Create a build config that gets its input from a remote repository and another container image
   oc new-build https://github.com/openshift/ruby-hello-world --source-image=openshift/jenkins-1-centos7 --source-image-path=/var/lib/jenkins:tmp
 ----
@@ -1884,7 +1972,7 @@ Request a new project
 ----
   # Create a new project with minimal information
   oc new-project web-team-dev
-  
+
   # Create a new project with a display name and description
   oc new-project web-team-dev --display-name="Web Team Development" --description="Development project for the web team."
 ----
@@ -1899,12 +1987,12 @@ Observe changes to resources and react to them (experimental)
 ----
   # Observe changes to services
   oc observe services
-  
+
   # Observe changes to services, including the clusterIP and invoke a script for each
   oc observe services --template '{ .spec.clusterIP }' -- register_dns.sh
-  
+
   # Observe changes to services filtered by a label selector
-  oc observe namespaces -l regist-dns=true --template '{ .spec.clusterIP }' -- register_dns.sh
+  oc observe services -l regist-dns=true --template '{ .spec.clusterIP }' -- register_dns.sh
 ----
 
 
@@ -1917,19 +2005,19 @@ Update fields of a resource
 ----
   # Partially update a node using a strategic merge patch, specifying the patch as JSON
   oc patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
-  
+
   # Partially update a node using a strategic merge patch, specifying the patch as YAML
   oc patch node k8s-node-1 -p $'spec:\n unschedulable: true'
-  
+
   # Partially update a node identified by the type and name specified in "node.json" using strategic merge patch
   oc patch -f node.json -p '{"spec":{"unschedulable":true}}'
-  
+
   # Update a container's image; spec.containers[*].name is required because it's a merge key
   oc patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
-  
+
   # Update a container's image using a JSON patch with positional arrays
   oc patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
-  
+
   # Update a deployment's replicas through the scale subresource using a merge patch.
   oc patch deployment nginx-deployment --subresource='scale' --type='merge' -p '{"spec":{"replicas":2}}'
 ----
@@ -1956,7 +2044,7 @@ Add a role to users or service accounts for the current project
 ----
   # Add the 'view' role to user1 for the current project
   oc policy add-role-to-user view user1
-  
+
   # Add the 'edit' role to serviceaccount1 for the current project
   oc policy add-role-to-user edit -z serviceaccount1
 ----
@@ -1972,13 +2060,13 @@ Check which service account can create a pod
   # Check whether service accounts sa1 and sa2 can admit a pod with a template pod spec specified in my_resource.yaml
   # Service Account specified in myresource.yaml file is ignored
   oc policy scc-review -z sa1,sa2 -f my_resource.yaml
-  
+
   # Check whether service accounts system:serviceaccount:bob:default can admit a pod with a template pod spec specified in my_resource.yaml
   oc policy scc-review -z system:serviceaccount:bob:default -f my_resource.yaml
-  
+
   # Check whether the service account specified in my_resource_with_sa.yaml can admit the pod
   oc policy scc-review -f my_resource_with_sa.yaml
-  
+
   # Check whether the default service account can admit the pod; default is taken since no service account is defined in myresource_with_no_sa.yaml
   oc policy scc-review -f myresource_with_no_sa.yaml
 ----
@@ -1993,10 +2081,10 @@ Check whether a user or a service account can create a pod
 ----
   # Check whether user bob can create a pod specified in myresource.yaml
   oc policy scc-subject-review -u bob -f myresource.yaml
-  
+
   # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml
   oc policy scc-subject-review -u bob -g projectAdmin -f myresource.yaml
-  
+
   # Check whether a service account specified in the pod template spec in myresourcewithsa.yaml can create the pod
   oc policy scc-subject-review -f myresourcewithsa.yaml
 ----
@@ -2011,22 +2099,22 @@ Forward one or more local ports to a pod
 ----
   # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
   oc port-forward pod/mypod 5000 6000
-  
+
   # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the deployment
   oc port-forward deployment/mydeployment 5000 6000
-  
+
   # Listen on port 8443 locally, forwarding to the targetPort of the service's port named "https" in a pod selected by the service
   oc port-forward service/myservice 8443:https
-  
+
   # Listen on port 8888 locally, forwarding to 5000 in the pod
   oc port-forward pod/mypod 8888:5000
-  
+
   # Listen on port 8888 on all addresses, forwarding to 5000 in the pod
   oc port-forward --address 0.0.0.0 pod/mypod 8888:5000
-  
+
   # Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod
   oc port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000
-  
+
   # Listen on a random port locally, forwarding to 5000 in the pod
   oc port-forward pod/mypod :5000
 ----
@@ -2041,22 +2129,22 @@ Process a template into list of resources
 ----
   # Convert the template.json file into a resource list and pass to create
   oc process -f template.json | oc create -f -
-  
+
   # Process a file locally instead of contacting the server
   oc process -f template.json --local -o yaml
-  
+
   # Process template while passing a user-defined label
   oc process -f template.json -l name=mytemplate
-  
+
   # Convert a stored template into a resource list
   oc process foo
-  
+
   # Convert a stored template into a resource list by setting/overriding parameter values
   oc process foo PARM1=VALUE1 PARM2=VALUE2
-  
+
   # Convert a template stored in different namespace into a resource list
   oc process openshift//foo
-  
+
   # Convert template.json into a resource list
   cat template.json | oc process -f -
 ----
@@ -2071,7 +2159,7 @@ Switch to another project
 ----
   # Switch to the 'myapp' project
   oc project myapp
-  
+
   # Display the project currently in use
   oc project
 ----
@@ -2098,22 +2186,22 @@ Run a proxy to the Kubernetes API server
 ----
   # To proxy all of the Kubernetes API and nothing else
   oc proxy --api-prefix=/
-  
+
   # To proxy only part of the Kubernetes API and also some static files
   # You can get pods info with 'curl localhost:8001/api/v1/pods'
   oc proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
-  
+
   # To proxy the entire Kubernetes API at a different root
   # You can get pods info with 'curl localhost:8001/custom/api/v1/pods'
   oc proxy --api-prefix=/custom/
-  
+
   # Run a proxy to the Kubernetes API server on port 8011, serving static content from ./local/www/
   oc proxy --port=8011 --www=./local/www/
-  
+
   # Run a proxy to the Kubernetes API server on an arbitrary local port
   # The chosen port for the server will be output to stdout
   oc proxy --port=0
-  
+
   # Run a proxy to the Kubernetes API server, changing the API prefix to k8s-api
   # This makes e.g. the pods API available at localhost:8001/k8s-api/v1/pods/
   oc proxy --api-prefix=/k8s-api
@@ -2141,7 +2229,7 @@ Log in to the integrated registry
 ----
   # Log in to the integrated registry
   oc registry login
-  
+
   # Log in to different registry using BASIC auth credentials
   oc registry login --registry quay.io/myregistry --auth-basic=USER:PASS
 ----
@@ -2156,13 +2244,13 @@ Replace a resource by file name or stdin
 ----
   # Replace a pod using the data in pod.json
   oc replace -f ./pod.json
-  
+
   # Replace a pod based on the JSON passed into stdin
   cat pod.json | oc replace -f -
-  
+
   # Update a single-container pod's image version (tag) to v4
   oc get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | oc replace -f -
-  
+
   # Force replace, delete and then re-create the resource
   oc replace --force -f ./pod.json
 ----
@@ -2177,16 +2265,16 @@ Revert part of an application back to a previous deployment
 ----
   # Perform a rollback to the last successfully completed deployment for a deployment config
   oc rollback frontend
-  
+
   # See what a rollback to version 3 will look like, but do not perform the rollback
   oc rollback frontend --to-version=3 --dry-run
-  
+
   # Perform a rollback to a specific deployment
   oc rollback frontend-2
-  
+
   # Perform the rollback manually by piping the JSON of the new config back to oc
   oc rollback frontend -o json | oc replace dc/frontend -f -
-  
+
   # Print the updated deployment configuration in JSON format instead of performing the rollback
   oc rollback frontend -o json
 ----
@@ -2213,7 +2301,7 @@ View rollout history
 ----
   # View the rollout history of a deployment
   oc rollout history dc/nginx
-  
+
   # View the details of deployment revision 3
   oc rollout history dc/nginx --revision=3
 ----
@@ -2228,7 +2316,7 @@ Start a new rollout for a deployment config with the latest state from its trigg
 ----
   # Start a new rollout based on the latest images defined in the image change triggers
   oc rollout latest dc/nginx
-  
+
   # Print the rolled out deployment config
   oc rollout latest dc/nginx -o json
 ----
@@ -2257,10 +2345,10 @@ Restart a resource
 ----
   # Restart a deployment
   oc rollout restart deployment/nginx
-  
+
   # Restart a daemon set
   oc rollout restart daemonset/abc
-  
+
   # Restart deployments with the app=nginx label
   oc rollout restart deployment --selector=app=nginx
 ----
@@ -2312,7 +2400,7 @@ Undo a previous rollout
 ----
   # Roll back to the previous deployment
   oc rollout undo dc/nginx
-  
+
   # Roll back to deployment revision 3. The replication controller for that version must exist
   oc rollout undo dc/nginx --to-revision=3
 ----
@@ -2327,19 +2415,19 @@ Start a shell session in a container
 ----
   # Open a shell session on the first container in pod 'foo'
   oc rsh foo
-  
+
   # Open a shell session on the first container in pod 'foo' and namespace 'bar'
   # (Note that oc client specific arguments must come before the resource name and its arguments)
   oc rsh -n bar foo
-  
+
   # Run the command 'cat /etc/resolv.conf' inside pod 'foo'
   oc rsh foo cat /etc/resolv.conf
-  
+
   # See the configuration of your internal registry
   oc rsh dc/docker-registry cat config.yml
-  
+
   # Open a shell session on the container named 'index' inside a pod of your job
-  oc rsh -c index job/sheduled
+  oc rsh -c index job/scheduled
 ----
 
 
@@ -2352,7 +2440,7 @@ Copy files between a local file system and a pod
 ----
   # Synchronize a local directory with a pod directory
   oc rsync ./local/dir/ POD:/remote/dir
-  
+
   # Synchronize a pod directory with a local directory
   oc rsync POD:/remote/dir/ ./local/dir
 ----
@@ -2367,28 +2455,28 @@ Run a particular image on the cluster
 ----
   # Start a nginx pod
   oc run nginx --image=nginx
-  
+
   # Start a hazelcast pod and let the container expose port 5701
   oc run hazelcast --image=hazelcast/hazelcast --port=5701
-  
+
   # Start a hazelcast pod and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container
   oc run hazelcast --image=hazelcast/hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
-  
+
   # Start a hazelcast pod and set labels "app=hazelcast" and "env=prod" in the container
   oc run hazelcast --image=hazelcast/hazelcast --labels="app=hazelcast,env=prod"
-  
+
   # Dry run; print the corresponding API objects without creating them
   oc run nginx --image=nginx --dry-run=client
-  
+
   # Start a nginx pod, but overload the spec with a partial set of values parsed from JSON
   oc run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
-  
+
   # Start a busybox pod and keep it in the foreground, don't restart it if it exits
   oc run -i -t busybox --image=busybox --restart=Never
-  
+
   # Start the nginx pod using the default command, but use custom arguments (arg1 .. argN) for that command
   oc run nginx --image=nginx -- <arg1> <arg2> ... <argN>
-  
+
   # Start the nginx pod using a different command and custom arguments
   oc run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
 ----
@@ -2403,16 +2491,16 @@ Set a new size for a deployment, replica set, or replication controller
 ----
   # Scale a replica set named 'foo' to 3
   oc scale --replicas=3 rs/foo
-  
+
   # Scale a resource identified by type and name specified in "foo.yaml" to 3
   oc scale --replicas=3 -f foo.yaml
-  
+
   # If the deployment named mysql's current size is 2, scale mysql to 3
   oc scale --current-replicas=2 --replicas=3 deployment/mysql
-  
+
   # Scale multiple replication controllers
   oc scale --replicas=5 rc/foo rc/bar rc/baz
-  
+
   # Scale stateful set named 'web' to 3
   oc scale --replicas=3 statefulset/web
 ----
@@ -2427,7 +2515,7 @@ Link secrets to a service account
 ----
   # Add an image pull secret to a service account to automatically use it for pulling pod images
   oc secrets link serviceaccount-name pull-secret --for=pull
-  
+
   # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images
   oc secrets link builder builder-image-secret --for=pull,mount
 ----
@@ -2454,10 +2542,10 @@ Update a build hook on a build config
 ----
   # Clear post-commit hook on a build config
   oc set build-hook bc/mybuild --post-commit --remove
-  
+
   # Set the post-commit hook to execute a test suite using a new entrypoint
   oc set build-hook bc/mybuild --post-commit --command -- /bin/bash -c /var/lib/test-image.sh
-  
+
   # Set the post-commit hook to execute a shell script
   oc set build-hook bc/mybuild --post-commit --script="/var/lib/test-image.sh param1 param2 && /var/lib/done.sh"
 ----
@@ -2472,13 +2560,13 @@ Update a build secret on a build config
 ----
   # Clear the push secret on a build config
   oc set build-secret --push --remove bc/mybuild
-  
+
   # Set the pull secret on a build config
   oc set build-secret --pull bc/mybuild mysecret
-  
+
   # Set the push and pull secret on a build config
   oc set build-secret --push --pull bc/mybuild mysecret
-  
+
   # Set the source secret on a set of build configs matching a selector
   oc set build-secret --source -l app=myapp gitsecret
 ----
@@ -2493,13 +2581,13 @@ Update the data within a config map or secret
 ----
   # Set the 'password' key of a secret
   oc set data secret/foo password=this_is_secret
-  
+
   # Remove the 'password' key from a secret
   oc set data secret/foo password-
-  
+
   # Update the 'haproxy.conf' key of a config map from a file on disk
   oc set data configmap/bar --from-file=../haproxy.conf
-  
+
   # Update a secret with the contents of a directory, one key per file
   oc set data secret/foo --from-file=secret-dir
 ----
@@ -2514,11 +2602,11 @@ Update a deployment hook on a deployment config
 ----
   # Clear pre and post hooks on a deployment config
   oc set deployment-hook dc/myapp --remove --pre --post
-  
+
   # Set the pre deployment hook to execute a db migration command for an application
   # using the data volume from the application
   oc set deployment-hook dc/myapp --pre --volumes=data -- /var/lib/migrate-db.sh
-  
+
   # Set a mid deployment hook along with additional environment variables
   oc set deployment-hook dc/myapp --mid --volumes=data -e VAR1=value1 -e VAR2=value2 -- /var/lib/prepare-deploy.sh
 ----
@@ -2533,32 +2621,32 @@ Update environment variables on a pod template
 ----
   # Update deployment config 'myapp' with a new environment variable
   oc set env dc/myapp STORAGE_DIR=/local
-  
+
   # List the environment variables defined on a build config 'sample-build'
   oc set env bc/sample-build --list
-  
+
   # List the environment variables defined on all pods
   oc set env pods --all --list
-  
+
   # Output modified build config in YAML
   oc set env bc/sample-build STORAGE_DIR=/data -o yaml
-  
+
   # Update all containers in all replication controllers in the project to have ENV=prod
   oc set env rc --all ENV=prod
-  
+
   # Import environment from a secret
   oc set env --from=secret/mysecret dc/myapp
-  
+
   # Import environment from a config map with a prefix
   oc set env --from=configmap/myconfigmap --prefix=MYSQL_ dc/myapp
-  
+
   # Remove the environment variable ENV from container 'c1' in all deployment configs
   oc set env dc --all --containers="c1" ENV-
-  
+
   # Remove the environment variable ENV from a deployment config definition on disk and
   # update the deployment config on the server
   oc set env -f dc.json ENV-
-  
+
   # Set some of the local shell environment into a deployment config on the server
   oc set env | grep RAILS_ | oc env -e - dc/myapp
 ----
@@ -2571,19 +2659,19 @@ Update the image of a pod template
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # Set a deployment configs's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
+  # Set a deployment config's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
   oc set image dc/nginx busybox=busybox nginx=nginx:1.9.1
-  
-  # Set a deployment configs's app container image to the image referenced by the imagestream tag 'openshift/ruby:2.3'.
+
+  # Set a deployment config's app container image to the image referenced by the imagestream tag 'openshift/ruby:2.3'.
   oc set image dc/myapp app=openshift/ruby:2.3 --source=imagestreamtag
-  
+
   # Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'
   oc set image deployments,rc nginx=nginx:1.9.1 --all
-  
+
   # Update image of all containers of daemonset abc to 'nginx:1.9.1'
   oc set image daemonset abc *=nginx:1.9.1
-  
-  # Print result (in yaml format) of updating nginx container image from local file, without hitting the server
+
+  # Print result (in YAML format) of updating nginx container image from local file, without hitting the server
   oc set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
 ----
 
@@ -2597,19 +2685,19 @@ Change how images are resolved when deploying applications
 ----
   # Print all of the image streams and whether they resolve local names
   oc set image-lookup
-  
+
   # Use local name lookup on image stream mysql
   oc set image-lookup mysql
-  
+
   # Force a deployment to use local name lookup
   oc set image-lookup deploy/mysql
-  
+
   # Show the current status of the deployment lookup
   oc set image-lookup deploy/mysql --list
-  
+
   # Disable local name lookup on image stream mysql
   oc set image-lookup mysql --enabled=false
-  
+
   # Set local name lookup on all image streams
   oc set image-lookup --all
 ----
@@ -2624,22 +2712,22 @@ Update a probe on a pod template
 ----
   # Clear both readiness and liveness probes off all containers
   oc set probe dc/myapp --remove --readiness --liveness
-  
+
   # Set an exec action as a liveness probe to run 'echo ok'
   oc set probe dc/myapp --liveness -- echo ok
-  
+
   # Set a readiness probe to try to open a TCP socket on 3306
   oc set probe rc/mysql --readiness --open-tcp=3306
-  
+
   # Set an HTTP startup probe for port 8080 and path /healthz over HTTP on the pod IP
   oc set probe dc/webapp --startup --get-url=http://:8080/healthz
-  
+
   # Set an HTTP readiness probe for port 8080 and path /healthz over HTTP on the pod IP
   oc set probe dc/webapp --readiness --get-url=http://:8080/healthz
-  
+
   # Set an HTTP readiness probe over HTTPS on 127.0.0.1 for a hostNetwork pod
   oc set probe dc/router --readiness --get-url=https://127.0.0.1:1936/stats
-  
+
   # Set only the initial-delay-seconds field on all deployments
   oc set probe dc --all --readiness --initial-delay-seconds=30
 ----
@@ -2654,13 +2742,13 @@ Update resource requests/limits on objects with pod templates
 ----
   # Set a deployments nginx container CPU limits to "200m and memory to 512Mi"
   oc set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
-  
+
   # Set the resource request and limits for all containers in nginx
   oc set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi
-  
+
   # Remove the resource requests for resources on containers in nginx
   oc set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0
-  
+
   # Print the result (in YAML format) of updating nginx container limits locally, without hitting the server
   oc set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml
 ----
@@ -2675,19 +2763,19 @@ Update the backends for a route
 ----
   # Print the backends on the route 'web'
   oc set route-backends web
-  
+
   # Set two backend services on route 'web' with 2/3rds of traffic going to 'a'
   oc set route-backends web a=2 b=1
-  
+
   # Increase the traffic percentage going to b by 10%% relative to a
   oc set route-backends web --adjust b=+10%%
-  
+
   # Set traffic percentage going to b to 10%% of the traffic going to a
   oc set route-backends web --adjust b=10%%
-  
+
   # Set weight of b to 10
   oc set route-backends web --adjust b=10
-  
+
   # Set the weight to all backends to zero
   oc set route-backends web --zero
 ----
@@ -2715,7 +2803,7 @@ Update the service account of a resource
 ----
   # Set deployment nginx-deployment's service account to serviceaccount1
   oc set serviceaccount deployment nginx-deployment serviceaccount1
-  
+
   # Print the result (in YAML format) of updated nginx deployment with service account from a local file, without hitting the API server
   oc set sa -f nginx-deployment.yaml serviceaccount1 --local --dry-run -o yaml
 ----
@@ -2730,10 +2818,10 @@ Update the user, group, or service account in a role binding or cluster role bin
 ----
   # Update a cluster role binding for serviceaccount1
   oc set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
-  
+
   # Update a role binding for user1, user2, and group1
   oc set subject rolebinding admin --user=user1 --user=user2 --group=group1
-  
+
   # Print the result (in YAML format) of updating role binding subjects locally, without hitting the server
   oc create rolebinding admin --role=admin --user=admin -o yaml --dry-run | oc set subject --local -f - --user=foo -o yaml
 ----
@@ -2748,26 +2836,26 @@ Update the triggers on one or more objects
 ----
   # Print the triggers on the deployment config 'myapp'
   oc set triggers dc/myapp
-  
+
   # Set all triggers to manual
   oc set triggers dc/myapp --manual
-  
+
   # Enable all automatic triggers
   oc set triggers dc/myapp --auto
-  
+
   # Reset the GitHub webhook on a build to a new, generated secret
   oc set triggers bc/webapp --from-github
   oc set triggers bc/webapp --from-webhook
-  
+
   # Remove all triggers
   oc set triggers bc/webapp --remove-all
-  
+
   # Stop triggering on config change
   oc set triggers dc/myapp --from-config --remove
-  
+
   # Add an image trigger to a build config
   oc set triggers bc/webapp --from-image=namespace1/image:latest
-  
+
   # Add an image trigger to a stateful set on the main container
   oc set triggers statefulset/db --from-image=namespace1/image:latest -c main
 ----
@@ -2782,27 +2870,27 @@ Update volumes on a pod template
 ----
   # List volumes defined on all deployment configs in the current project
   oc set volume dc --all
-  
+
   # Add a new empty dir volume to deployment config (dc) 'myapp' mounted under
   # /var/lib/myapp
   oc set volume dc/myapp --add --mount-path=/var/lib/myapp
-  
-  # Use an existing persistent volume claim (pvc) to overwrite an existing volume 'v1'
+
+  # Use an existing persistent volume claim (PVC) to overwrite an existing volume 'v1'
   oc set volume dc/myapp --add --name=v1 -t pvc --claim-name=pvc1 --overwrite
-  
+
   # Remove volume 'v1' from deployment config 'myapp'
   oc set volume dc/myapp --remove --name=v1
-  
+
   # Create a new persistent volume claim that overwrites an existing volume 'v1'
   oc set volume dc/myapp --add --name=v1 -t pvc --claim-size=1G --overwrite
-  
+
   # Change the mount point for volume 'v1' to /data
   oc set volume dc/myapp --add --name=v1 -m /data --overwrite
-  
+
   # Modify the deployment config by removing volume mount "v1" from container "c1"
   # (and by removing the volume "v1" if no other containers have volume mounts that reference it)
   oc set volume dc/myapp --remove --name=v1 --containers=c1
-  
+
   # Add new volume based on a more complex volume source (AWS EBS, GCE PD,
   # Ceph, Gluster, NFS, ISCSI, ...)
   oc set volume dc/myapp --add -m /data --source=<json-string>
@@ -2818,20 +2906,20 @@ Start a new build
 ----
   # Starts build from build config "hello-world"
   oc start-build hello-world
-  
+
   # Starts build from a previous build "hello-world-1"
   oc start-build --from-build=hello-world-1
-  
+
   # Use the contents of a directory as build input
   oc start-build hello-world --from-dir=src/
-  
+
   # Send the contents of a Git repository to the server from tag 'v2'
   oc start-build hello-world --from-repo=../hello-world --commit=v2
-  
+
   # Start a new build for build config "hello-world" and watch the logs until the build
   # completes or fails
   oc start-build hello-world --follow
-  
+
   # Start a new build for build config "hello-world" and wait until the build completes. It
   # exits with a non-zero return code if the build fails
   oc start-build hello-world --wait
@@ -2847,10 +2935,10 @@ Show an overview of the current project
 ----
   # See an overview of the current project
   oc status
-  
+
   # Export the overview of the current project in an svg file
   oc status -o dot | dot -T svg -o project.svg
-  
+
   # See an overview of the current project including details for any identified issues
   oc status --suggest
 ----
@@ -2865,19 +2953,19 @@ Tag existing images into image streams
 ----
   # Tag the current image for the image stream 'openshift/ruby' and tag '2.0' into the image stream 'yourproject/ruby with tag 'tip'
   oc tag openshift/ruby:2.0 yourproject/ruby:tip
-  
+
   # Tag a specific image
   oc tag openshift/ruby@sha256:6b646fa6bf5e5e4c7fa41056c27910e679c03ebe7f93e361e6515a9da7e258cc yourproject/ruby:tip
-  
+
   # Tag an external container image
   oc tag --source=docker openshift/origin-control-plane:latest yourproject/ruby:tip
-  
+
   # Tag an external container image and request pullthrough for it
   oc tag --source=docker openshift/origin-control-plane:latest yourproject/ruby:tip --reference-policy=local
-  
+
   # Tag an external container image and include the full manifest list
   oc tag --source=docker openshift/origin-control-plane:latest yourproject/ruby:tip --import-mode=PreserveOriginal
-  
+
   # Remove the specified spec tag from an image stream
   oc tag openshift/origin-control-plane:latest -d
 ----
@@ -2892,10 +2980,10 @@ Print the client and server version information
 ----
   # Print the OpenShift client, kube-apiserver, and openshift-apiserver version information for the current context
   oc version
-  
+
   # Print the OpenShift client, kube-apiserver, and openshift-apiserver version numbers for the current context
   oc version --short
-  
+
   # Print the OpenShift client version information for the current context
   oc version --client
 ----
@@ -2910,13 +2998,13 @@ Experimental: Wait for a specific condition on one or many resources
 ----
   # Wait for the pod "busybox1" to contain the status condition of type "Ready"
   oc wait --for=condition=Ready pod/busybox1
-  
+
   # The default value of status condition is true; you can wait for other targets after an equal delimiter (compared after Unicode simple case folding, which is a more general form of case-insensitivity):
   oc wait --for=condition=Ready=false pod/busybox1
-  
+
   # Wait for the pod "busybox1" to contain the status phase to be "Running".
   oc wait --for=jsonpath='{.status.phase}'=Running pod/busybox1
-  
+
   # Wait for the pod "busybox1" to be deleted, with a timeout of 60s, after having issued the "delete" command
   oc delete pod/busybox1
   oc wait --for=delete pod/busybox1 --timeout=60s
diff --git a/modules/oc-compliance-fetching-compliance-remediation-details.adoc b/modules/oc-compliance-fetching-compliance-remediation-details.adoc
index 128365ec5944..8adb98262371 100644
--- a/modules/oc-compliance-fetching-compliance-remediation-details.adoc
+++ b/modules/oc-compliance-fetching-compliance-remediation-details.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="fetching-compliance-remediation-details_{context}"]
 = Fetching compliance remediation details
 
diff --git a/modules/oc-compliance-fetching-raw-results.adoc b/modules/oc-compliance-fetching-raw-results.adoc
index 7fa44f9e00e3..f993449af71d 100644
--- a/modules/oc-compliance-fetching-raw-results.adoc
+++ b/modules/oc-compliance-fetching-raw-results.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="fetching-raw-results_{context}"]
 = Fetching raw results
 
diff --git a/modules/oc-compliance-installing.adoc b/modules/oc-compliance-installing.adoc
index 589a1e69e1b2..7b305b57405d 100644
--- a/modules/oc-compliance-installing.adoc
+++ b/modules/oc-compliance-installing.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-oc-compliance_{context}"]
 = Installing the oc-compliance plugin
 
diff --git a/modules/oc-compliance-printing-controls.adoc b/modules/oc-compliance-printing-controls.adoc
index 418e9cec9e87..c0c1b363823f 100644
--- a/modules/oc-compliance-printing-controls.adoc
+++ b/modules/oc-compliance-printing-controls.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="printing-controls_{context}"]
 = Printing controls
 
diff --git a/modules/oc-compliance-rerunning-scans.adoc b/modules/oc-compliance-rerunning-scans.adoc
index 96472183b5bf..7c9be9f2b86f 100644
--- a/modules/oc-compliance-rerunning-scans.adoc
+++ b/modules/oc-compliance-rerunning-scans.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="re-running-scans_{context}"]
 = Re-running scans
 
diff --git a/modules/oc-compliance-using-scan-setting-bindings.adoc b/modules/oc-compliance-using-scan-setting-bindings.adoc
index edbb92e3761e..751775ee06b9 100644
--- a/modules/oc-compliance-using-scan-setting-bindings.adoc
+++ b/modules/oc-compliance-using-scan-setting-bindings.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-scan-setting-bindings_{context}"]
 = Using ScanSettingBinding custom resources
 
diff --git a/modules/oc-compliance-viewing-compliance-check-result-details.adoc b/modules/oc-compliance-viewing-compliance-check-result-details.adoc
index 0f9b65c57a72..9560be1ea1e8 100644
--- a/modules/oc-compliance-viewing-compliance-check-result-details.adoc
+++ b/modules/oc-compliance-viewing-compliance-check-result-details.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc
+// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-compliance-remediation-details_{context}"]
 = Viewing ComplianceCheckResult object details
 
diff --git a/modules/oc-mirror-about.adoc b/modules/oc-mirror-about.adoc
index 348c1ba13bbf..c1a11793e17e 100644
--- a/modules/oc-mirror-about.adoc
+++ b/modules/oc-mirror-about.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="installation-oc-mirror-about_{context}"]
 = About the oc-mirror plugin
 
diff --git a/modules/oc-mirror-command-reference.adoc b/modules/oc-mirror-command-reference.adoc
index 228849fbb935..dc5257f7c8a7 100644
--- a/modules/oc-mirror-command-reference.adoc
+++ b/modules/oc-mirror-command-reference.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="oc-mirror-command-reference_{context}"]
 = Command reference for oc-mirror
 
@@ -65,9 +65,6 @@ The following tables describe the `oc mirror` subcommands and flags:
 |`--ignore-history`
 |Ignore past mirrors when downloading images and packing layers. Disables incremental mirroring and might download more data.
 
-|`--include-local-oci-catalogs`
-|Enable mirroring for local OCI catalogs on disk to the target mirror registry.
-
 |`--manifests-only`
 |Generate manifests for `ImageContentSourcePolicy` objects to configure a cluster to use the mirror registry, but do not actually mirror any images. To use this flag, you must pass in an image set archive with the `--from` flag.
 
@@ -107,12 +104,7 @@ The following tables describe the `oc mirror` subcommands and flags:
 |`--source-use-http`
 |Use plain HTTP for the source registry.
 
-|`--use-oci-feature`
-|Enable mirroring for local OCI catalogs on disk to the target mirror registry.
-
-The `--use-oci-feature` flag is deprecated. Use the `--include-local-oci-catalogs` flag instead.
-
 |`-v`, `--verbose` `<int>`
 |Specify the number for the log level verbosity. Valid values are `0` - `9`. The default is `0`.
 
-|===
+|===
\ No newline at end of file
diff --git a/modules/oc-mirror-creating-image-set-config.adoc b/modules/oc-mirror-creating-image-set-config.adoc
index 3e744dbaa821..fbc04b196dac 100644
--- a/modules/oc-mirror-creating-image-set-config.adoc
+++ b/modules/oc-mirror-creating-image-set-config.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-creating-image-set-config_{context}"]
 = Creating the image set configuration
 
@@ -32,7 +32,7 @@ $ oc mirror init --registry example.com/mirror/oc-mirror-metadata > imageset-con
 
 . Edit the file and adjust the settings as necessary:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 kind: ImageSetConfiguration
 apiVersion: mirror.openshift.io/v1alpha2
@@ -44,11 +44,11 @@ storageConfig:                                                      <2>
 mirror:
   platform:
     channels:
-    - name: stable-4.13                                             <4>
+    - name: stable-{product-version}                                             <4>
       type: ocp
     graph: true                                                     <5>
   operators:
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13  <6>
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}  <6>
     packages:
     - name: serverless-operator                                     <7>
       channels:
@@ -67,6 +67,11 @@ mirror:
 <8> Specify only certain channels of the Operator packages to include in the image set. You must always include the default channel for the Operator package even if you do not use the bundles in that channel. You can find the default channel by running the following command: `oc mirror list operators --catalog=<catalog_name> --package=<package_name>`.
 <9> Specify any additional images to include in image set.
 +
+[NOTE]
+====
+The `graph: true` field also mirrors the `ubi-micro` image along with other mirrored images.
+====
++
 See _Image set configuration parameters_ for the full list of parameters and _Image set configuration examples_ for various mirroring use cases.
 
 . Save the updated file.
diff --git a/modules/oc-mirror-differential-updates.adoc b/modules/oc-mirror-differential-updates.adoc
index 2c11d7e404a4..a62492b1e847 100644
--- a/modules/oc-mirror-differential-updates.adoc
+++ b/modules/oc-mirror-differential-updates.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-differential-updates_{context}"]
 = Updating your mirror registry content
 
diff --git a/modules/oc-mirror-disk-to-mirror.adoc b/modules/oc-mirror-disk-to-mirror.adoc
index 505f39ce8949..7164bf5da7d5 100644
--- a/modules/oc-mirror-disk-to-mirror.adoc
+++ b/modules/oc-mirror-disk-to-mirror.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-disk-to-mirror_{context}"]
 = Mirroring from disk to mirror
 
@@ -42,3 +42,8 @@ This command updates the mirror registry with the image set and generates the `I
 .Next steps
 
 * Configure your cluster to use the resources generated by oc-mirror.
+
+.Troubleshooting
+
+* link:https://access.redhat.com/solutions/7032017[Unable to retrieve source image].
+
diff --git a/modules/oc-mirror-dry-run.adoc b/modules/oc-mirror-dry-run.adoc
index af159838d3ef..9c1e2a6af250 100644
--- a/modules/oc-mirror-dry-run.adoc
+++ b/modules/oc-mirror-dry-run.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-dry-run_{context}"]
 = Performing a dry run
 
diff --git a/modules/oc-mirror-image-set-config-examples.adoc b/modules/oc-mirror-image-set-config-examples.adoc
index 6193a193baf1..48b36c90c79a 100644
--- a/modules/oc-mirror-image-set-config-examples.adoc
+++ b/modules/oc-mirror-image-set-config-examples.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="oc-mirror-image-set-examples_{context}"]
 = Image set configuration examples
 
@@ -36,11 +36,11 @@ mirror:
 // Moved to second; unchanged
 [discrete]
 [id="oc-mirror-image-set-examples-minimum-to-latest_{context}"]
-== Use case: Including all versions of {product-title} from a minimum to the latest
+== Use case: Including all versions of {product-title} from a minimum to the latest version for multi-architecture releases
 
-The following `ImageSetConfiguration` file uses a registry storage backend and includes all {product-title} versions starting at a minimum version of `4.10.10` to the latest version in the channel.
+The following `ImageSetConfiguration` file uses a registry storage backend and includes all {product-title} versions starting at a minimum version of `4.13.4` to the latest version in the channel. On every invocation of oc-mirror with this image set configuration, the latest release of the `stable-4.13` channel is evaluated, so running oc-mirror at regular intervals ensures that you automatically receive the latest releases of {product-title} images.
 
-On every invocation of oc-mirror with this image set configuration, the latest release of the `stable-4.10` channel is evaluated, so running oc-mirror at regular intervals ensures that you automatically receive the latest releases of {product-title} images.
+By setting the value of `platform.architectures` to `multi`, you can ensure that the mirroring is supported for multi-architecture releases.
 
 .Example `ImageSetConfiguration` file
 [source,yaml]
@@ -53,9 +53,12 @@ storageConfig:
     skipTLS: false
 mirror:
   platform:
+    architectures:
+      - "multi"
     channels:
-      - name: stable-4.10
-        minVersion: 4.10.10
+      - name: stable-4.13
+        minVersion: 4.13.4
+        maxVersion: 4.13.6
 ----
 
 // Updated:
@@ -77,7 +80,7 @@ To receive all Operator versions in a specified range, you can set the `mirror.o
 ====
 
 .Example `ImageSetConfiguration` file
-[source,yaml]
+[source,yaml,subs=attributes+]
 ----
 apiVersion: mirror.openshift.io/v1alpha2
 kind: ImageSetConfiguration
@@ -86,7 +89,7 @@ storageConfig:
     path: /home/user/metadata
 mirror:
   operators:
-    - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+    - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
       packages:
         - name: rhacs-operator
           channels:
@@ -105,7 +108,7 @@ To specify a maximum version instead of the latest, set the `mirror.operators.pa
 The following `ImageSetConfiguration` file uses a local storage backend and includes the Nutanix CSI Operator, the OpenShift Update Service (OSUS) graph image, and an additional Red Hat Universal Base Image (UBI).
 
 .Example `ImageSetConfiguration` file
-[source,yaml]
+[source,yaml,subs=attributes+]
 ----
 kind: ImageSetConfiguration
 apiVersion: mirror.openshift.io/v1alpha2
@@ -120,7 +123,7 @@ mirror:
       type: ocp
     graph: true
   operators:
-  - catalog: registry.redhat.io/redhat/certified-operator-index:v4.11
+  - catalog: registry.redhat.io/redhat/certified-operator-index:v{product-version}
     packages:
     - name: nutanixcsioperator
       channels:
@@ -142,7 +145,7 @@ You can find the default channel by running the following command: `oc mirror li
 ====
 
 .Example `ImageSetConfiguration` file
-[source,yaml]
+[source,yaml,subs=attributes+]
 ----
 apiVersion: mirror.openshift.io/v1alpha2
 kind: ImageSetConfiguration
@@ -152,7 +155,7 @@ storageConfig:
     skipTLS: false
 mirror:
   operators:
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
     packages:
     - name: elasticsearch-operator
       channels:
@@ -168,7 +171,7 @@ mirror:
 The following `ImageSetConfiguration` file sets the `mirror.operators.full` field to `true` to include all versions for an entire Operator catalog.
 
 .Example `ImageSetConfiguration` file
-[source,yaml]
+[source,yaml,subs=attributes+]
 ----
 apiVersion: mirror.openshift.io/v1alpha2
 kind: ImageSetConfiguration
@@ -178,7 +181,7 @@ storageConfig:
     skipTLS: false
 mirror:
   operators:
-    - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+    - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
       full: true
 ----
 
@@ -195,7 +198,7 @@ By default, for each Operator in the catalog, oc-mirror includes the latest Oper
 This example also uses the `targetCatalog` field to specify an alternative namespace and name to mirror the catalog as.
 
 .Example `ImageSetConfiguration` file
-[source,yaml]
+[source,yaml,subs=attributes+]
 ----
 apiVersion: mirror.openshift.io/v1alpha2
 kind: ImageSetConfiguration
@@ -205,7 +208,7 @@ storageConfig:
     skipTLS: false
 mirror:
   operators:
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
     targetCatalog: my-namespace/my-operator-catalog
 ----
 
@@ -217,7 +220,7 @@ mirror:
 The following `ImageSetConfiguration` file uses a registry storage backend and includes helm charts and an additional Red Hat Universal Base Image (UBI).
 
 .Example `ImageSetConfiguration` file
-[source,yaml]
+[source,yaml,subs=attributes+]
 ----
 apiVersion: mirror.openshift.io/v1alpha2
 kind: ImageSetConfiguration
@@ -231,9 +234,9 @@ mirror:
    architectures:
      - "s390x"
    channels:
-     - name: stable-4.13
+     - name: stable-{product-version}
  operators:
-   - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+   - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
  helm:
    repositories:
      - name: redhat-helm-charts
diff --git a/modules/oc-mirror-imageset-config-params.adoc b/modules/oc-mirror-imageset-config-params.adoc
index 63a91b2dfa06..822857b6029f 100644
--- a/modules/oc-mirror-imageset-config-params.adoc
+++ b/modules/oc-mirror-imageset-config-params.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="oc-mirror-imageset-config-params_{context}"]
 = Image set configuration parameters
 
@@ -109,10 +109,10 @@ repositories:
 |The Operators configuration of the image set.
 |Array of objects. For example:
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 operators:
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
     packages:
       - name: elasticsearch-operator
         minVersion: '2.4.0'
@@ -120,7 +120,7 @@ operators:
 
 |`mirror.operators.catalog`
 |The Operator catalog to include in the image set.
-|String. For example: `registry.redhat.io/redhat/redhat-operator-index:v4.13`.
+|String. For example: `registry.redhat.io/redhat/redhat-operator-index:v4.15`.
 
 |`mirror.operators.full`
 |When `true`, downloads the full catalog, Operator package, or Operator channel.
@@ -130,10 +130,10 @@ operators:
 |The Operator packages configuration.
 |Array of objects. For example:
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 operators:
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
     packages:
       - name: elasticsearch-operator
         minVersion: '5.2.3-31'
@@ -149,10 +149,10 @@ operators:
 
 |`mirror.operators.packages.channels.name`
 |The Operator channel name, unique within a package, to include in the image set.
-|String. For example: `fast` or `stable-v4.13`.
+|String. For example: `fast` or `stable-v4.15`.
 
 |`mirror.operators.packages.channels.maxVersion`
-|The highest version of the Operator mirror across all channels in which it exists.
+|The highest version of the Operator mirror across all channels in which it exists. See the following note for further information.
 |String. For example: `5.2.3-31`
 
 |`mirror.operators.packages.channels.minBundle`
@@ -160,15 +160,15 @@ operators:
 |String. For example: `bundleName`
 
 |`mirror.operators.packages.channels.minVersion`
-|The lowest version of the Operator to mirror across all channels in which it exists.
+|The lowest version of the Operator to mirror across all channels in which it exists. See the following note for further information.
 |String. For example: `5.2.3-31`
 
 |`mirror.operators.packages.maxVersion`
-|The highest version of the Operator to mirror across all channels in which it exists.
+|The highest version of the Operator to mirror across all channels in which it exists. See the following note for further information.
 |String. For example: `5.2.3-31`.
 
 |`mirror.operators.packages.minVersion`
-|The lowest version of the Operator to mirror across all channels in which it exists.
+|The lowest version of the Operator to mirror across all channels in which it exists. See the following note for further information.
 |String. For example: `5.2.3-31`.
 
 |`mirror.operators.skipDependencies`
@@ -203,17 +203,22 @@ The `targetName` parameter is deprecated. Use the `targetCatalog` parameter inst
 architectures:
   - amd64
   - arm64
+  - multi
+  - ppc64le
+  - s390x
 ----
 
+The default value is `amd64`. The value `multi` ensures that the mirroring is supported for all available architectures, eliminating the need to specify individual architectures.
+
 |`mirror.platform.channels`
 |The platform channel configuration of the image set.
 |Array of objects. For example:
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 channels:
   - name: stable-4.10
-  - name: stable-4.13
+  - name: stable-{product-version}
 ----
 
 |`mirror.platform.channels.full`
@@ -222,7 +227,7 @@ channels:
 
 |`mirror.platform.channels.name`
 |The name of the release channel.
-|String. For example: `stable-4.13`
+|String. For example: `stable-4.15`
 
 |`mirror.platform.channels.minVersion`
 |The minimum version of the referenced platform to be mirrored.
@@ -230,7 +235,7 @@ channels:
 
 |`mirror.platform.channels.maxVersion`
 |The highest version of the referenced platform to be mirrored.
-|String. For example: `4.13.1`
+|String. For example: `4.15.1`
 
 |`mirror.platform.channels.shortestPath`
 |Toggles shortest path mirroring or full range mirroring.
@@ -269,3 +274,12 @@ channels:
 |Boolean. The default value is `false`.
 
 |===
+
+[NOTE]
+====
+Using the `minVersion` and `maxVersion` properties to filter for a specific Operator version range can result in a multiple channel heads error. The error message will state that there are `multiple channel heads`. This is because when the filter is applied, the update graph of the operator is truncated.
+
+The Operator Lifecycle Manager requires that every operator channel contains versions that form an update graph with exactly one end point, that is, the latest version of the operator. When applying the filter range that graph can turn into two or more separate graphs or a graph that has more than one end point.
+
+To avoid this error, do not filter out the latest version of an operator. If you still run into the error, depending on the operator, either the `maxVersion` property needs to be increased or the `minVersion` property needs to be decreased. Because every operator graph can be different, you might need to adjust these values, according to the procedure, until the error is gone.
+====
diff --git a/modules/oc-mirror-installing-plugin.adoc b/modules/oc-mirror-installing-plugin.adoc
index ba4cb13a7cc5..af617d5b234d 100644
--- a/modules/oc-mirror-installing-plugin.adoc
+++ b/modules/oc-mirror-installing-plugin.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installation-oc-mirror-installing-plugin_{context}"]
 = Installing the oc-mirror OpenShift CLI plugin
 
diff --git a/modules/oc-mirror-mirror-to-disk.adoc b/modules/oc-mirror-mirror-to-disk.adoc
index 0af7e2678620..831b0937c974 100644
--- a/modules/oc-mirror-mirror-to-disk.adoc
+++ b/modules/oc-mirror-mirror-to-disk.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-mirror-to-disk_{context}"]
 = Mirroring from mirror to disk
 
@@ -68,3 +68,8 @@ mirror_seq1_000000.tar
 .Next steps
 
 * Transfer the image set .tar file to the disconnected environment.
+
+.Troubleshooting
+
+* link:https://access.redhat.com/solutions/7032017[Unable to retrieve source image].
+
diff --git a/modules/oc-mirror-mirror-to-mirror.adoc b/modules/oc-mirror-mirror-to-mirror.adoc
index 7fea603a15a7..9cee4adbed04 100644
--- a/modules/oc-mirror-mirror-to-mirror.adoc
+++ b/modules/oc-mirror-mirror-to-mirror.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-mirror-to-mirror_{context}"]
 = Mirroring from mirror to mirror
 
@@ -40,9 +40,18 @@ $ oc mirror --config=./imageset-config.yaml \// <1>
 . Navigate into the `oc-mirror-workspace/` directory that was generated.
 . Navigate into the results directory, for example, `results-1639608409/`.
 . Verify that YAML files are present for the `ImageContentSourcePolicy` and `CatalogSource` resources.
+
+[NOTE]
+====
+The `repositoryDigestMirrors` section of the `ImageContentSourcePolicy` YAML file is used for the `install-config.yaml` file during installation.
+====
 +
 // TODO: Test and get some better wording/example output.
 
 .Next steps
 
 * Configure your cluster to use the resources generated by oc-mirror.
+
+.Troubleshooting
+
+* link:https://access.redhat.com/solutions/7032017[Unable to retrieve source image].
diff --git a/modules/oc-mirror-oci-format.adoc b/modules/oc-mirror-oci-format.adoc
index 78b420a3d0ed..a716103c9c28 100644
--- a/modules/oc-mirror-oci-format.adoc
+++ b/modules/oc-mirror-oci-format.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-oci-format_{context}"]
 = Including local OCI Operator catalogs
 
@@ -37,7 +37,7 @@ If you used the Technology Preview OCI local catalogs feature for the oc-mirror
 +
 The following example image set configuration mirrors an OCI catalog on disk along with an {product-title} release and a UBI image from `registry.redhat.io`.
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 kind: ImageSetConfiguration
 apiVersion: mirror.openshift.io/v1alpha2
@@ -47,7 +47,7 @@ storageConfig:
 mirror:
   platform:
     channels:
-    - name: stable-4.13                                                      <2>
+    - name: stable-{product-version}                                                      <2>
       type: ocp
     graph: false
   operators:
@@ -55,7 +55,7 @@ mirror:
     targetCatalog: my-namespace/redhat-operator-index                        <4>
     packages:
     - name: aws-load-balancer-operator
-  - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13           <5>
+  - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version}           <5>
     packages:
     - name: rhacs-operator
   additionalImages:
@@ -73,12 +73,10 @@ mirror:
 [source,terminal]
 ----
 $ oc mirror --config=./imageset-config.yaml \ <1>
-  --include-local-oci-catalogs                <2>
-  docker://registry.example:5000              <3>
+  docker://registry.example:5000              <2>
 ----
 <1> Pass in the image set configuration file. This procedure assumes that it is named `imageset-config.yaml`.
-<2> Use the `--include-local-oci-catalogs` flag to enable mirroring local OCI catalogs along with other remote content.
-<3> Specify the registry to mirror the content to. The registry must start with `docker://`. If you specify a top-level namespace for the mirror registry, you must also use this same namespace on subsequent executions.
+<2> Specify the registry to mirror the content to. The registry must start with `docker://`. If you specify a top-level namespace for the mirror registry, you must also use this same namespace on subsequent executions.
 +
 Optionally, you can specify other flags to adjust the behavior of the OCI feature:
 +
diff --git a/modules/oc-mirror-support.adoc b/modules/oc-mirror-support.adoc
index a1588f3c080d..10af68e17c20 100644
--- a/modules/oc-mirror-support.adoc
+++ b/modules/oc-mirror-support.adoc
@@ -1,14 +1,19 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oc-mirror-support_{context}"]
 = oc-mirror compatibility and support
 
 The oc-mirror plugin supports mirroring {product-title} payload images and Operator catalogs for {product-title} versions 4.10 and later.
 
+[NOTE]
+====
+On `aarch64`, `ppc64le`, and `s390x` architectures the oc-mirror plugin is only supported for {product-title} versions 4.14 and later.
+====
+
 Use the latest available version of the oc-mirror plugin regardless of which versions of {product-title} you need to mirror.
 
 // TODO: Remove this in 4.14
diff --git a/modules/oc-mirror-updating-cluster-manifests.adoc b/modules/oc-mirror-updating-cluster-manifests.adoc
index 0c8cf51eae86..920e7e45c342 100644
--- a/modules/oc-mirror-updating-cluster-manifests.adoc
+++ b/modules/oc-mirror-updating-cluster-manifests.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-updating-cluster-manifests_{context}"]
 = Configuring your cluster to use the resources generated by oc-mirror
 
@@ -27,12 +27,17 @@ The `ImageContentSourcePolicy` resource associates the mirror registry with the
 $ oc apply -f ./oc-mirror-workspace/results-1639608409/
 ----
 
-. Apply the release image signatures to the cluster by running the following command:
+. If you mirrored release images, apply the release image signatures to the cluster by running the following command:
 +
 [source,terminal]
 ----
 $ oc apply -f ./oc-mirror-workspace/results-1639608409/release-signatures/
 ----
++
+[NOTE]
+====
+If you are mirroring Operators instead of clusters, you do not need to run `$ oc apply -f ./oc-mirror-workspace/results-1639608409/release-signatures/`. Running that command will return an error, as there are no release image signatures to apply.
+====
 
 // TODO: Any example output to show?
 
diff --git a/modules/oc-mirror-updating-registry-about.adoc b/modules/oc-mirror-updating-registry-about.adoc
index aee26dcb5126..9bc8f913f103 100644
--- a/modules/oc-mirror-updating-registry-about.adoc
+++ b/modules/oc-mirror-updating-registry-about.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * installing/disconnected_install/installing-mirroring-disconnected.adoc
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="oc-mirror-updating-registry-about_{context}"]
 = About updating your mirror registry content
 
diff --git a/modules/oc-mirror-updating-restricted-cluster-manifests.adoc b/modules/oc-mirror-updating-restricted-cluster-manifests.adoc
index 6deb4835beac..a4f44c57b7ff 100644
--- a/modules/oc-mirror-updating-restricted-cluster-manifests.adoc
+++ b/modules/oc-mirror-updating-restricted-cluster-manifests.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="oc-mirror-updating-cluster-manifests_{context}"]
 = Installing the policy resources into the cluster
 
diff --git a/modules/ocm-accesscontrol-tab.adoc b/modules/ocm-accesscontrol-tab.adoc
index 50bf9e84328d..7240b70cc578 100644
--- a/modules/ocm-accesscontrol-tab.adoc
+++ b/modules/ocm-accesscontrol-tab.adoc
@@ -2,7 +2,7 @@
 //
 // ocm/ocm-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ocm-accesscontrol-tab_{context}"]
 = Access control tab
 
diff --git a/modules/ocm-accessing.adoc b/modules/ocm-accessing.adoc
index 5f9709b9e18e..0f13dbf3fc43 100644
--- a/modules/ocm-accessing.adoc
+++ b/modules/ocm-accessing.adoc
@@ -2,7 +2,7 @@
 //
 // ocm/ocm-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-ocm_{context}"]
 = Accessing {cluster-manager-first}
 
diff --git a/modules/ocm-cluster-history.adoc b/modules/ocm-cluster-history.adoc
index 00399d2b3ec9..89b8f4526d7d 100644
--- a/modules/ocm-cluster-history.adoc
+++ b/modules/ocm-cluster-history.adoc
@@ -2,7 +2,7 @@
 //
 // ocm/ocm-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ocm-cluster-history-tab_{context}"]
 = Cluster history tab
 
diff --git a/modules/ocm-disabling-autoscaling-nodes.adoc b/modules/ocm-disabling-autoscaling-nodes.adoc
index 9965dba3f09c..70297df41531 100644
--- a/modules/ocm-disabling-autoscaling-nodes.adoc
+++ b/modules/ocm-disabling-autoscaling-nodes.adoc
@@ -4,7 +4,7 @@
 // * nodes/nodes-about-autoscaling-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ocm-disabling-autoscaling_{context}"]
 = Disabling autoscaling nodes in an existing cluster using {cluster-manager-first}
 
diff --git a/modules/ocm-enabling-autoscaling-nodes.adoc b/modules/ocm-enabling-autoscaling-nodes.adoc
index 3358b0a17144..50f021aaa3ed 100644
--- a/modules/ocm-enabling-autoscaling-nodes.adoc
+++ b/modules/ocm-enabling-autoscaling-nodes.adoc
@@ -4,7 +4,7 @@
 // * nodes/nodes-about-autoscaling-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ocm-enabling-autoscaling_{context}"]
 = Enabling autoscaling nodes in an existing cluster using {cluster-manager-first}
 
diff --git a/modules/ocm-networking-tab-adding-ingress.adoc b/modules/ocm-networking-tab-adding-ingress.adoc
index 7bfc8aaeabf5..4789de47a85c 100644
--- a/modules/ocm-networking-tab-adding-ingress.adoc
+++ b/modules/ocm-networking-tab-adding-ingress.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // ocm/ocm-overview.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ocm-networking-tab-adding-ingress_{context}"]
 = Adding a network Ingress to your {product-title} cluster
 
@@ -15,8 +15,8 @@ You can add a network Ingress to your cluster from the {cluster-manager-url} web
 .Procedure
 
 . From the **Networking** tab in {cluster-manager}, click the **Additional application router** toggle to enable the Ingress. There are two options you can add to the additional router:
-.. **Make router private**: This checkbox allows you to control cluster privacy. By default, your Ingress router is publicly exposed and allows anyone access. You can limit access to applications or websites you run on your cluster by selecting this checkbox. For example, if you only want internal employees to access this cluster, then using this option requires a private connection, such as a virtual private network (VPN) or virtual private cloud (VPC) peering connection. 
-.. **Label match for additional router**: This field provides a way to target the specific route you want exposed in this additional Ingress router. By default, the router exposes all routes. If you leave this field blank, these routes stay exposed. 
+.. **Make router private**: This checkbox allows you to control cluster privacy. By default, your Ingress router is publicly exposed and allows anyone access. You can limit access to applications or websites you run on your cluster by selecting this checkbox. For example, if you only want internal employees to access this cluster, then using this option requires a private connection, such as a virtual private network (VPN) or virtual private cloud (VPC) peering connection.
+.. **Label match for additional router**: This field provides a way to target the specific route you want exposed in this additional Ingress router. By default, the router exposes all routes. If you leave this field blank, these routes stay exposed.
 +
 A commonly used setup has a private default router, which means any applications deployed require a VPN or VPC peering to access. You can create an additional public router with a label match of  `route=external`. Then, if you add the `route=external` label to additional routes, the additional router matches this label and exposes it for public use.
 . Click **Change settings** to confirm that you want to add the network Ingress.
\ No newline at end of file
diff --git a/modules/ocm-networking-tab-concept.adoc b/modules/ocm-networking-tab-concept.adoc
index 81c8c03396d7..db1ec94dc0af 100644
--- a/modules/ocm-networking-tab-concept.adoc
+++ b/modules/ocm-networking-tab-concept.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // ocm/ocm-overview.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ocm-networking-tab_{context}"]
 = Networking tab
 
diff --git a/modules/ocm-overview-tab.adoc b/modules/ocm-overview-tab.adoc
index 3c7e22299050..2fa0044cde07 100644
--- a/modules/ocm-overview-tab.adoc
+++ b/modules/ocm-overview-tab.adoc
@@ -2,7 +2,7 @@
 //
 // ocm/ocm-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ocm-overview-tab_{context}"]
 = Overview tab
 
@@ -26,5 +26,5 @@ The **Overview** tab provides information about how your cluster was configured:
 * **Nodes** shows the actual and desired nodes on the cluster. These numbers might not match due to cluster scaling.
 * **Network** field shows the address and prefixes for network connectivity.
 * **Resource usage** section of the tab displays the resources in use with a graph.
-* **Advisor recommendations** section gives insight in relation to security, performance, availability, and stablility. This section requires the use of remote health functionality. See link:https://docs.openshift.com/container-platform/4.9/support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.html[Using Insights to identify issues with your cluster].
+* **Advisor recommendations** section gives insight in relation to security, performance, availability, and stablility. This section requires the use of remote health functionality. See _Using Insights to identify issues with your cluster_ in the _Additional resources_ section.
 * **Cluster history** section shows everything that has been done with the cluster including creation and when a new version is identified.
diff --git a/modules/odc-access-web-terminal.adoc b/modules/odc-access-web-terminal.adoc
index 42635cffd274..047e891c9c34 100644
--- a/modules/odc-access-web-terminal.adoc
+++ b/modules/odc-access-web-terminal.adoc
@@ -2,11 +2,11 @@
 //
 // web_console/web_terminal/odc-using-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-access-web-terminal_{context}"]
 = Accessing the web terminal
 
-After the {web-terminal-op} is installed, you can access the web terminal.
+After the {web-terminal-op} is installed, you can access the web terminal. After the web terminal is initialized, you can use the preinstalled CLI tools like `oc`, `kubectl`, `odo`, `kn`, `tkn`, `helm`, and `subctl` in the web terminal.
 You can re-run commands by selecting them from the list of commands you have run in the terminal. These commands persist across multiple terminal sessions.
 The web terminal remains open until you close it or until you close the browser window or tab.
 
@@ -19,14 +19,27 @@ The web terminal remains open until you close it or until you close the browser
 
 . To launch the web terminal, click the command line terminal icon (image:odc-wto-icon.png[title="wto icon"]) in the masthead of the console. A web terminal instance is displayed in the *Command line terminal* pane. This instance is automatically logged in with your credentials.
 
-. Select the project where the `DevWorkspace` CR must be created from the *Project* drop-down list. By default, the current project is selected.
+. If a project has not been selected in the current session, select the project where the `DevWorkspace` CR must be created from the *Project* drop-down list. By default, the current project is selected.
 +
 [NOTE]
 ====
 * The `DevWorkspace` CR is created only if it does not already exist.
-* The `openshift-terminal` project is the default project used for cluster administrators. They do not have the option to choose another project.
+ifndef::openshift-rosa,openshift-dedicated[]
+* The `openshift-terminal` project is the default project used for cluster administrators. They do not have the option to choose another project.  The {web-terminal-op} installs the DevWorkspace Operator as a dependency.
+endif::openshift-rosa,openshift-dedicated[]
 ====
 
-. Click *Start* to initialize the web terminal using the selected project. After the web terminal is initialized, you can use the preinstalled CLI tools like `oc`, `kubectl`, `odo`, `kn`, `tkn`, `helm`, `kubens`, `subctl`, and `kubectx` in the web terminal.
+ifndef::openshift-rosa,openshift-dedicated[]
+. Optional: Set the web terminal timeout for the current session:
+.. Click Timeout.
+.. In the field that appears, enter the timeout value.
+.. From the drop-down list, select a timeout interval of *Seconds*, *Minutes*, *Hours*, or *Milliseconds*.
+
+. Optional: Select a custom image for the web terminal to use.
+.. Click Image.
+.. In the field that appears, enter the URL of the image that you want to use.
+endif::openshift-rosa,openshift-dedicated[]
+
+. Click *Start* to initialize the web terminal using the selected project.
 
 . Click *+* to open multiple tabs within the web terminal in the console.
diff --git a/modules/odc-accessing-perspectives.adoc b/modules/odc-accessing-perspectives.adoc
index 3b5b05b1e1ff..e08aa38514e7 100644
--- a/modules/odc-accessing-perspectives.adoc
+++ b/modules/odc-accessing-perspectives.adoc
@@ -2,7 +2,7 @@
 //
 // web_console/web-console-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="accessing-perspectives_{context}"]
 = Accessing the Perspectives
 
@@ -13,7 +13,7 @@ You can access the *Administrator* and *Developer* perspective from the web cons
 To access a perspective, ensure that you have logged in to the web console. Your default perspective is automatically determined by the permission of the users. The *Administrator* perspective is selected for users with access to all projects, while the *Developer* perspective is selected for users with limited access to their own projects
 
 .Additional Resources
-See link:https://docs.openshift.com/container-platform/4.13/web_console/adding-user-preferences.html[Adding User Preferences] for more information on changing perspectives.
+See link:https://docs.openshift.com/container-platform/4.15/web_console/adding-user-preferences.html[Adding User Preferences] for more information on changing perspectives.
 
 
 .Procedure
diff --git a/modules/odc-adding-a-GitHub-repository-containing-pipelines.adoc b/modules/odc-adding-a-GitHub-repository-containing-pipelines.adoc
index ee12c3e10306..7e44653980ad 100644
--- a/modules/odc-adding-a-GitHub-repository-containing-pipelines.adoc
+++ b/modules/odc-adding-a-GitHub-repository-containing-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-adding-a-GitHub-repository-containing-pipelines_{context}"]
 
 = Adding a GitHub repository containing pipelines
diff --git a/modules/odc-adding-components-to-an-existing-project.adoc b/modules/odc-adding-components-to-an-existing-project.adoc
index 6765825372ee..c85eec90e301 100644
--- a/modules/odc-adding-components-to-an-existing-project.adoc
+++ b/modules/odc-adding-components-to-an-existing-project.adoc
@@ -2,7 +2,7 @@
 //
 // applications/application_life_cycle_management/odc-viewing-application-composition-using-topology-view.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-adding-components-to-an-existing-project_{context}"]
 = Adding components to an existing project
 
diff --git a/modules/odc-adding-health-checks.adoc b/modules/odc-adding-health-checks.adoc
index 266cdbb3724a..64ce0ccc0bbd 100644
--- a/modules/odc-adding-health-checks.adoc
+++ b/modules/odc-adding-health-checks.adoc
@@ -2,7 +2,7 @@
 //
 // applications/application-health
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-adding-health-checks"]
 = Adding health checks using the Developer perspective
 
diff --git a/modules/odc-adding-services-to-application.adoc b/modules/odc-adding-services-to-application.adoc
index c68cc38bafb5..29bd6961e172 100644
--- a/modules/odc-adding-services-to-application.adoc
+++ b/modules/odc-adding-services-to-application.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-adding-services-to-your-application_{context}"]
 = Adding services to your application
 
diff --git a/modules/odc-configure-web-terminal-image-session.adoc b/modules/odc-configure-web-terminal-image-session.adoc
index bd304d1851c6..53cbc68fafe7 100644
--- a/modules/odc-configure-web-terminal-image-session.adoc
+++ b/modules/odc-configure-web-terminal-image-session.adoc
@@ -3,7 +3,7 @@
 //
 // * web_console/web_terminal/configuring-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-configure-web-terminal-image-session_{context}"]
 = Configuring the web terminal image for a session
 
diff --git a/modules/odc-configure-web-terminal-timeout-session.adoc b/modules/odc-configure-web-terminal-timeout-session.adoc
index fb269bc3f07f..4a25f4544771 100644
--- a/modules/odc-configure-web-terminal-timeout-session.adoc
+++ b/modules/odc-configure-web-terminal-timeout-session.adoc
@@ -3,7 +3,7 @@
 //
 // * web_console/web_terminal/configuring-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-configure-web-terminal-timeout-session_{context}"]
 = Configuring the web terminal timeout for a session
 
@@ -17,6 +17,11 @@ You can change the default timeout period for the web terminal for your current
 .Procedure
 
 . Click the web terminal icon (image:odc-wto-icon.png[title="web terminal icon"]).
-. Click *Timeout* to display advanced configuration options for the web terminal timeout.
-. Set a value for the timeout. From the drop-down list, select a time interval of *Seconds*, *Minutes*, *Hours*, or *Milliseconds*.
-. Click *Start* to begin a terminal instance using the specified timeout setting.
\ No newline at end of file
+. Optional: Set the web terminal timeout for the current session:
+.. Click Timeout.
+.. In the field that appears, enter the timeout value.
+.. From the drop-down list, select a timeout interval of *Seconds*, *Minutes*, *Hours*, or *Milliseconds*.
+. Optional: Select a custom image for the web terminal to use.
+.. Click Image. 
+.. In the field that appears, enter the URL of the image that you want to use.
+. Click *Start* to begin a terminal instance using the specified timeout setting.
diff --git a/modules/odc-creating-a-binding-connection-between-components.adoc b/modules/odc-creating-a-binding-connection-between-components.adoc
index 4dc6e56bd084..656e29b56237 100644
--- a/modules/odc-creating-a-binding-connection-between-components.adoc
+++ b/modules/odc-creating-a-binding-connection-between-components.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-creating-a-binding-connection-between-components_{context}"]
 = Creating a binding connection between components
 
diff --git a/modules/odc-creating-a-visual-connection-between-components.adoc b/modules/odc-creating-a-visual-connection-between-components.adoc
index 3561578dfd62..4f78ab43e6b6 100644
--- a/modules/odc-creating-a-visual-connection-between-components.adoc
+++ b/modules/odc-creating-a-visual-connection-between-components.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-creating-a-visual-connection-between-components_{context}"]
 = Creating a visual connection between components
 
diff --git a/modules/odc-creating-apiserversource.adoc b/modules/odc-creating-apiserversource.adoc
index 0d7df2d8c78f..70be14af9652 100644
--- a/modules/odc-creating-apiserversource.adoc
+++ b/modules/odc-creating-apiserversource.adoc
@@ -2,11 +2,11 @@
 //
 // * serverless/eventing/event-sources/serverless-apiserversource.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-creating-apiserversource_{context}"]
 = Creating an API server source by using the web console
 
-After Knative Eventing is installed on your cluster, you can create an API server source by using the web console. Using the {product-title} web console provides a streamlined and intuitive user interface to create an event source. 
+After Knative Eventing is installed on your cluster, you can create an API server source by using the web console. Using the {product-title} web console provides a streamlined and intuitive user interface to create an event source.
 
 .Prerequisites
 
diff --git a/modules/odc-creating-helm-releases-using-developer-perspective.adoc b/modules/odc-creating-helm-releases-using-developer-perspective.adoc
index e52d0e47bc48..a42ca4e69f9e 100644
--- a/modules/odc-creating-helm-releases-using-developer-perspective.adoc
+++ b/modules/odc-creating-helm-releases-using-developer-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-creating-helm-releases-using-developer-perspective_{context}"]
 = Creating Helm releases using the Developer perspective
 
@@ -27,9 +27,9 @@ image::odc_helm_chart_devcatalog_new.png[]
 Where available, you can switch between the *YAML View* and *Form View*. The data is persisted when switching between the views.
 ====
 +
-.. Click *Create* to create a Helm release. The web console displays the new release in the *Topology* view. 
+.. Click *Create* to create a Helm release. The web console displays the new release in the *Topology* view.
 +
-If a Helm chart has release notes, the web console displays them. 
+If a Helm chart has release notes, the web console displays them.
 +
 If a Helm chart creates workloads, the web console displays them on the *Topology* or *Helm release details* page. The workloads are `DaemonSet`, `CronJob`, `Pod`, `Deployment`, and `DeploymentConfig`.
 
diff --git a/modules/odc-creating-projects-using-developer-perspective.adoc b/modules/odc-creating-projects-using-developer-perspective.adoc
index 78715d61c548..bd7d0b8907e6 100644
--- a/modules/odc-creating-projects-using-developer-perspective.adoc
+++ b/modules/odc-creating-projects-using-developer-perspective.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-creating-projects-using-developer-perspective_{context}"]
 = Creating a project using the Developer perspective in the web console
 
@@ -13,11 +13,6 @@ You can use the *Developer* perspective in the {product-title} web console to cr
 Projects starting with `openshift-` and `kube-` are considered critical by {product-title}. As such, {product-title} does not allow you to create projects starting with `openshift-` or `kube-` using the *Developer* perspective. Cluster administrators can create these projects using the `oc adm new-project` command.
 ====
 
-[NOTE]
-====
-You cannot assign an SCC to pods created in one of the default namespaces: `default`, `kube-system`, `kube-public`, `openshift-node`, `openshift-infra`, and `openshift`. You cannot use these namespaces for running pods or services.
-====
-
 .Prerequisites
 
 * Ensure that you have the appropriate roles and permissions to create projects, applications, and other workloads in {product-title}.
diff --git a/modules/odc-creating-sample-applications.adoc b/modules/odc-creating-sample-applications.adoc
index 8b16bdd63637..9edba2db99d8 100644
--- a/modules/odc-creating-sample-applications.adoc
+++ b/modules/odc-creating-sample-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-creating-sample-applications_{context}"]
 = Creating Sample applications
 
diff --git a/modules/odc-creating-vms.adoc b/modules/odc-creating-vms.adoc
deleted file mode 100644
index fbb717996b9c..000000000000
--- a/modules/odc-creating-vms.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-create-vms.adoc
-
-:_content-type: PROCEDURE
-[id="odc-creating-vms_{context}"]
-= Using the Developer perspective to create a virtual machine
-
-You can create a virtual machine by using the *Developer* perspective of the {product-title} web console.
-
-.Prerequisites
-
-* A cluster administrator has installed the {VirtProductName} Operator in your cluster.
-* You have logged in to the {product-title} web console and are in the *Developer* perspective.
-
-.Procedure
-
-. In the *+Add* view, click the *Virtual Machines* tile to see the *Create new VirtualMachine* page.
-
-. Select a virtual machine type from the *Template catalog*.
-
-. Click *Quick create VirtualMachine* to create a virtual machine with no further input, or click *Customize VirtualMachine* to see the *Customize Template parameters* page.
-+
-[NOTE]
-====
-For Microsoft Windows virtual machines, only the *Customize VirtualMachine* option is available.
-====
-
-. If you choose to customize your virtual machine, you can modify *Storage* and *Optional Parameters* settings on the *Customize Template parameters* page. When you have finished customizing your virtual machine settings, click *Next* to see the *Review and create VirtualMachine* page. Review your settings, then click *Create VirtualMachine*.
-
-. You can view virtual machines that you have created in the *Topology* view.
-** Select your virtual machine in the graph view to see the details panel.
-** Click the *List view* icon (image:odc_list_view_icon.png[title="List view icon"]) to see a list of all your virtual machines, and use the *Graph view* icon (image:odc_topology_view_icon.png[title="Topology view icon"]) to switch back to the graph view.
\ No newline at end of file
diff --git a/modules/odc-customizing-a-perspective-using-YAML-view.adoc b/modules/odc-customizing-a-perspective-using-YAML-view.adoc
index fd589fb1ff6d..6762f462d5e0 100644
--- a/modules/odc-customizing-a-perspective-using-YAML-view.adoc
+++ b/modules/odc-customizing-a-perspective-using-YAML-view.adoc
@@ -2,9 +2,9 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-customizing-a-perspective-using-YAML-view_{context}"]
-= Customizing a perspective using YAML view 
+= Customizing a perspective using YAML view
 
 .Prerequisites
 * You must have administrator privileges.
@@ -12,20 +12,20 @@
 .Procedure
 . In the *Administrator* perspective, navigate to *Administration* -> *Cluster Settings*.
 . Select the *Configuration* tab and click the *Console (operator.openshift.io)* resource.
-. Click the *YAML* tab and make your customization: 
+. Click the *YAML* tab and make your customization:
 .. To enable or disable a perspective, insert the snippet for *Add user perspectives* and edit the YAML code as needed:
-+ 
++
 [source,yaml]
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 spec:
   customization:
     perspectives:
       - id: admin
-        visibility: 
+        visibility:
           state: Enabled
       - id: dev
         visibility:
@@ -37,13 +37,13 @@ spec:
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 spec:
   customization:
     perspectives:
       - id: admin
-        requiresAccessReview: 
+        requiresAccessReview:
           - group: rbac.authorization.k8s.io
             resource: clusterroles
             verb: list
@@ -51,20 +51,20 @@ spec:
         state: Enabled
 ----
 .. To customize a perspective based on your needs, create your own YAML snippet:
-+  
++
 [source,yaml]
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 spec:
   customization:
     perspectives:
       - id: admin
-        visibility: 
+        visibility:
           state: AccessReview
-          accessReview: 
+          accessReview:
             missing:
               - resource: deployment
                 verb: list
diff --git a/modules/odc-customizing-a-perspective-using-form-view.adoc b/modules/odc-customizing-a-perspective-using-form-view.adoc
index 1232b2d453d8..999e3016fa21 100644
--- a/modules/odc-customizing-a-perspective-using-form-view.adoc
+++ b/modules/odc-customizing-a-perspective-using-form-view.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-customizing-a-perspective-using-form-view_{context}"]
 = Customizing a perspective using form view
 
diff --git a/modules/odc-customizing-user-perspectives.adoc b/modules/odc-customizing-user-perspectives.adoc
index 4171ca8dcee4..3766e24988ed 100644
--- a/modules/odc-customizing-user-perspectives.adoc
+++ b/modules/odc-customizing-user-perspectives.adoc
@@ -2,18 +2,18 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odc-customizing-user-perspectives_{context}"]
-= Customizing user perspectives 
+= Customizing user perspectives
 
-The {product-title} web console provides two perspectives by default, *Administrator* and *Developer*. You might have more perspectives available depending on installed console plugins. As a cluster administrator, you can show or hide a perspective for all users or for a specific user role. Customizing  perspectives ensures that users can view only the perspectives that are applicable to their role and tasks. For example, you can hide the *Administrator* perspective from unprivileged users so that they cannot manage cluster resources, users, and projects. Similarly, you can show the *Developer* perspective to users with the developer role so that they can create, deploy, and monitor applications. 
+The {product-title} web console provides two perspectives by default, *Administrator* and *Developer*. You might have more perspectives available depending on installed console plugins. As a cluster administrator, you can show or hide a perspective for all users or for a specific user role. Customizing  perspectives ensures that users can view only the perspectives that are applicable to their role and tasks. For example, you can hide the *Administrator* perspective from unprivileged users so that they cannot manage cluster resources, users, and projects. Similarly, you can show the *Developer* perspective to users with the developer role so that they can create, deploy, and monitor applications.
 
-You can also customize the perspective visibility for users based on role-based access control (RBAC). For example, if you customize a perspective for monitoring purposes, which requires specific permissions, you can define that the perspective is visible only to users with required permissions. 
+You can also customize the perspective visibility for users based on role-based access control (RBAC). For example, if you customize a perspective for monitoring purposes, which requires specific permissions, you can define that the perspective is visible only to users with required permissions.
 
 Each perspective includes the following mandatory parameters, which you can edit in the YAML view:
 
 * `id`: Defines the ID of the perspective to show or hide
-* `visibility`: Defines the state of the perspective along with access review checks, if needed 
+* `visibility`: Defines the state of the perspective along with access review checks, if needed
 * `state`: Defines whether the perspective is enabled, disabled, or needs an access review check
 
 [NOTE]
diff --git a/modules/odc-deleting-helm-release.adoc b/modules/odc-deleting-helm-release.adoc
index 9b6f21fe327e..a6901a962308 100644
--- a/modules/odc-deleting-helm-release.adoc
+++ b/modules/odc-deleting-helm-release.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-deleting-helm-release_{context}"]
 = Deleting a Helm release
 
diff --git a/modules/odc-deploying-container-image.adoc b/modules/odc-deploying-container-image.adoc
index 1f4ca9656d00..828ac6dc12ac 100644
--- a/modules/odc-deploying-container-image.adoc
+++ b/modules/odc-deploying-container-image.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-deploying-container-image_{context}"]
 = Creating applications by deploying container image
 
diff --git a/modules/odc-deploying-java-applications.adoc b/modules/odc-deploying-java-applications.adoc
index a8b18fc3d3aa..65c928b00ac3 100644
--- a/modules/odc-deploying-java-applications.adoc
+++ b/modules/odc-deploying-java-applications.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-deploying-java-applications_{context}"]
 = Deploying a Java application by uploading a JAR file
 
@@ -33,7 +33,7 @@ You can use the web console *Developer* perspective to upload a JAR file by usin
 
 . In the *Name* field, enter a unique component name for the associated resources.
 
-. Optional: Use the *Resource type* drop-down list to change the resource type. 
+. Optional: Use the *Resource type* drop-down list to change the resource type.
 
 . In the *Advanced options* menu, click *Create a Route to the Application* to configure a public URL for your deployed application.
 
diff --git a/modules/odc-discovering-and-identifying-operator-backed-bindable-services.adoc b/modules/odc-discovering-and-identifying-operator-backed-bindable-services.adoc
index 354d7216d9d6..a48500b55dbd 100644
--- a/modules/odc-discovering-and-identifying-operator-backed-bindable-services.adoc
+++ b/modules/odc-discovering-and-identifying-operator-backed-bindable-services.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-discovering-and-identifying-operator-backed-bindable-services_{context}"]
 = Discovering and identifying Operator-backed bindable services
 
diff --git a/modules/odc-editing-application-configuration-using-developer-perspective.adoc b/modules/odc-editing-application-configuration-using-developer-perspective.adoc
index 68d14e84c2e5..bed87e1eeea0 100644
--- a/modules/odc-editing-application-configuration-using-developer-perspective.adoc
+++ b/modules/odc-editing-application-configuration-using-developer-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-editing-application-configuration-using-developer-perspective_{context}"]
 = Editing the application configuration using the Developer perspective
 
diff --git a/modules/odc-editing-deployments.adoc b/modules/odc-editing-deployments.adoc
index fd6ffb330dc3..7094a6cdaaad 100644
--- a/modules/odc-editing-deployments.adoc
+++ b/modules/odc-editing-deployments.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-editing-deployments_{context}"]
 = Editing a deployment by using the Developer perspective
 
diff --git a/modules/odc-editing-health-checks.adoc b/modules/odc-editing-health-checks.adoc
index 4eca4db4905a..0712c8003ab7 100644
--- a/modules/odc-editing-health-checks.adoc
+++ b/modules/odc-editing-health-checks.adoc
@@ -2,7 +2,7 @@
 //
 // applications/application-health
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-editing-health-checks"]
 = Editing health checks using the Developer perspective
 
@@ -31,7 +31,7 @@ You can use the *Topology* view to edit health checks added to your application,
 [NOTE]
 ====
 The `Timeout` value must be lower than the `Period` value. The `Timeout` default value is `1`. The `Period` default value is `10`.
-==== 
+====
 .. Click the check mark at the bottom of the form. The *Liveness Probe Added* message is displayed.
 
 . Click *Save* to save your modifications and add the additional probes to your container. You are redirected to the *Topology* view.
diff --git a/modules/odc-editing-source-code-using-developer-perspective.adoc b/modules/odc-editing-source-code-using-developer-perspective.adoc
index 803b939c4b27..4f30a07eee75 100644
--- a/modules/odc-editing-source-code-using-developer-perspective.adoc
+++ b/modules/odc-editing-source-code-using-developer-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-editing-source-code-using-developer-perspective_{context}"]
 = Editing the source code of an application using the Developer perspective
 
diff --git a/modules/odc-grouping-multiple-components.adoc b/modules/odc-grouping-multiple-components.adoc
index cb3d7c82d9e9..186be9b2c2f5 100644
--- a/modules/odc-grouping-multiple-components.adoc
+++ b/modules/odc-grouping-multiple-components.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-grouping-multiple-components_{context}"]
 = Grouping multiple components within an application
 
diff --git a/modules/odc-image-vulnerabilities-breakdown.adoc b/modules/odc-image-vulnerabilities-breakdown.adoc
index 858384d85e81..1be2de654f80 100644
--- a/modules/odc-image-vulnerabilities-breakdown.adoc
+++ b/modules/odc-image-vulnerabilities-breakdown.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odc-image-vulnerabilities-breakdown_{context}"]
 = Image vulnerabilities breakdown
 
diff --git a/modules/odc-importing-codebase-from-git-to-create-application.adoc b/modules/odc-importing-codebase-from-git-to-create-application.adoc
index 59dcf963fef0..6c685f8a539d 100644
--- a/modules/odc-importing-codebase-from-git-to-create-application.adoc
+++ b/modules/odc-importing-codebase-from-git-to-create-application.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-importing-codebase-from-git-to-create-application_{context}"]
 = Importing a codebase from Git to create an application
 
@@ -22,7 +22,7 @@ The following procedure walks you through the *From Git* option in the *Develope
 * *Source Secret* to create a *Secret Name* with credentials for pulling your source code from a private repository.
 
 . Optional: You can import a `Devfile`, a `Dockerfile`, `Builder Image`, or a `Serverless Function` through your Git repository to further customize your deployment.
-* If your Git repository contains a `Devfile`, a `Dockerfile`, a `Builder Image`, or a `func.yaml`, it is automatically detected and populated on the respective path fields. 
+* If your Git repository contains a `Devfile`, a `Dockerfile`, a `Builder Image`, or a `func.yaml`, it is automatically detected and populated on the respective path fields.
 * If a `Devfile`, a `Dockerfile`, or a `Builder Image` are detected in the same repository, the `Devfile` is selected by default.
 * If `func.yaml` is detected in the Git repository, the *Import Strategy* changes to `Serverless Function`.
 * Alternatively, you can create a serverless function by clicking *Create Serverless function* in the *+Add* view using the Git repository URL.
diff --git a/modules/odc-monitoring-health-checks.adoc b/modules/odc-monitoring-health-checks.adoc
index bc8418043473..b620b29c7d25 100644
--- a/modules/odc-monitoring-health-checks.adoc
+++ b/modules/odc-monitoring-health-checks.adoc
@@ -2,7 +2,7 @@
 //
 // applications/application-health
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-monitoring-health-checks"]
 = Monitoring health check failures using the Developer perspective
 
diff --git a/modules/odc-monitoring-your-app-vulnerabilities.adoc b/modules/odc-monitoring-your-app-vulnerabilities.adoc
index cb9b1e104df5..943214faefa3 100644
--- a/modules/odc-monitoring-your-app-vulnerabilities.adoc
+++ b/modules/odc-monitoring-your-app-vulnerabilities.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-monitoring-your-application-image-vulnerabilities-metrics_{context}"]
 = Monitoring your application and image vulnerabilities metrics
 
diff --git a/modules/odc-monitoring-your-application-metrics.adoc b/modules/odc-monitoring-your-application-metrics.adoc
index 14d5741ae108..672594bfce92 100644
--- a/modules/odc-monitoring-your-application-metrics.adoc
+++ b/modules/odc-monitoring-your-application-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-monitoring-your-application-metrics_{context}"]
 = Monitoring your application metrics
 
diff --git a/modules/odc-monitoring-your-project-metrics.adoc b/modules/odc-monitoring-your-project-metrics.adoc
index d922cca20cf4..7675d112bdfc 100644
--- a/modules/odc-monitoring-your-project-metrics.adoc
+++ b/modules/odc-monitoring-your-project-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-monitoring-your-project-metrics_{context}"]
 = Monitoring your project metrics
 
@@ -15,7 +15,7 @@ After you create applications in your project and deploy them, you can use the *
 . Optional: Use the *Dashboard* tab to see graphs depicting the following application metrics:
 +
 --
-* CPU usage 
+* CPU usage
 * Memory usage
 * Bandwidth consumption
 * Network-related information such as the rate of transmitted and received packets and the rate of dropped packets.
diff --git a/modules/odc-providing-project-permissions-using-developer-perspective.adoc b/modules/odc-providing-project-permissions-using-developer-perspective.adoc
index b4c3b81e5bcc..bd64cb20adb7 100644
--- a/modules/odc-providing-project-permissions-using-developer-perspective.adoc
+++ b/modules/odc-providing-project-permissions-using-developer-perspective.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-providing-project-permissions-using-developer-perspective_{context}"]
 = Providing access permissions to your project using the Developer perspective
 
diff --git a/modules/odc-removing-services-from-application.adoc b/modules/odc-removing-services-from-application.adoc
index 278b08f12986..e3f0a7ac964f 100644
--- a/modules/odc-removing-services-from-application.adoc
+++ b/modules/odc-removing-services-from-application.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-removing-services-from-your-application_{context}"]
 = Removing services from your application
 
diff --git a/modules/odc-rolling-back-helm-release.adoc b/modules/odc-rolling-back-helm-release.adoc
index 28d7dd3fc37e..4899a0f9cd81 100644
--- a/modules/odc-rolling-back-helm-release.adoc
+++ b/modules/odc-rolling-back-helm-release.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-rolling-back-helm-release_{context}"]
 = Rolling back a Helm release
 
diff --git a/modules/odc-setting-user-preferences.adoc b/modules/odc-setting-user-preferences.adoc
index 6a34d7c0f093..c0dfb3e4d6a6 100644
--- a/modules/odc-setting-user-preferences.adoc
+++ b/modules/odc-setting-user-preferences.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // *web_console/adding-user-preferences.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-setting-user-preferences_{context}"]
 = Setting user preferences
 
@@ -12,11 +12,13 @@ You can set the default user preferences for your cluster.
 . Log in to the {product-title} web console using your login credentials.
 . Use the masthead to access the user preferences under the user profile.
 . In the *General* section:
+.. In the **Theme** field, you can set the theme that you want to work in. The console defaults to the selected theme each time you log in. 
 .. In the *Perspective* field, you can set the default perspective you want to be logged in to. You can select the *Administrator* or the *Developer* perspective as required. If a perspective is not selected, you are logged into the perspective you last visited.
-.. In the *Project* field, select a project you want to work in. The console will default to the project every time you log in.
+.. In the *Project* field, select a project you want to work in. The console defaults to the project every time you log in.
 .. In the *Topology* field, you can set the topology view to default to the graph or list view. If not selected, the console defaults to the last view you used.
 .. In the *Create/Edit resource method* field, you can set a preference for creating or editing a resource. If both the form and YAML options are available, the console defaults to your selection.
 . In the *Language* section, select *Default browser language* to use the default browser language settings. Otherwise, select the language that you want to use for the console.
+. In the *Notifications* section, you can toggle display notifications created by users for specific projects on the *Overview* page or notification drawer.  
 . In the *Applications* section:
 .. You can view the default *Resource type*. For example, if the {ServerlessOperatorName} is installed, the default resource type is *Serverless Deployment*. Otherwise, the default resource type is *Deployment*.
-.. You can select another resource type to be the default resource type from the *Resource Type* field. 
+.. You can select another resource type to be the default resource type from the *Resource Type* field.
diff --git a/modules/odc-splitting-traffic-between-revisions-using-developer-perspective.adoc b/modules/odc-splitting-traffic-between-revisions-using-developer-perspective.adoc
index 54a747f172d1..1b701b565e44 100644
--- a/modules/odc-splitting-traffic-between-revisions-using-developer-perspective.adoc
+++ b/modules/odc-splitting-traffic-between-revisions-using-developer-perspective.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-traffic-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-splitting-traffic-between-revisions-using-developer-perspective_{context}"]
 = Managing traffic between revisions by using the {product-title} web console
 
diff --git a/modules/odc-starting-recreate-deployment.adoc b/modules/odc-starting-recreate-deployment.adoc
index e43a1b4fa9de..3f7c6d8f443a 100644
--- a/modules/odc-starting-recreate-deployment.adoc
+++ b/modules/odc-starting-recreate-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-starting-recreate-deployment_{context}"]
 = Starting a recreate deployment using the Developer perspective
 
diff --git a/modules/odc-starting-rolling-deployment.adoc b/modules/odc-starting-rolling-deployment.adoc
index 8aab6eee4d26..992a1501ee57 100644
--- a/modules/odc-starting-rolling-deployment.adoc
+++ b/modules/odc-starting-rolling-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/deployment-strategies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-starting-rolling-deployment_{context}"]
 = Starting a rolling deployment using the Developer perspective
 
diff --git a/modules/odc-upgrading-helm-release.adoc b/modules/odc-upgrading-helm-release.adoc
index 050569b6b4c0..f670a48c4885 100644
--- a/modules/odc-upgrading-helm-release.adoc
+++ b/modules/odc-upgrading-helm-release.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-upgrading-helm-release_{context}"]
 = Upgrading a Helm release
 
diff --git a/modules/odc-using-quickstarts.adoc b/modules/odc-using-quickstarts.adoc
index 3689b4133438..104d30f8459e 100644
--- a/modules/odc-using-quickstarts.adoc
+++ b/modules/odc-using-quickstarts.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-using-quickstarts_{context}"]
 = Creating applications using Quick Starts
 
diff --git a/modules/odc-using-the-developer-catalog-to-add-services-or-components.adoc b/modules/odc-using-the-developer-catalog-to-add-services-or-components.adoc
index c89608474865..aeb05803cb7c 100644
--- a/modules/odc-using-the-developer-catalog-to-add-services-or-components.adoc
+++ b/modules/odc-using-the-developer-catalog-to-add-services-or-components.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-using-the-developer-catalog-to-add-services-or-components_{context}"]
 = Using the Developer Catalog to add services or components to your application
 
diff --git a/modules/odc-using-the-devfile-registry.adoc b/modules/odc-using-the-devfile-registry.adoc
index f1a3cce14efd..d0f1022c5102 100644
--- a/modules/odc-using-the-devfile-registry.adoc
+++ b/modules/odc-using-the-devfile-registry.adoc
@@ -1,8 +1,8 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-using-the-devfile-registry_{context}"]
 = Using the Devfile registry to access devfiles
 
-You can use the devfiles in the *+Add* flow of the *Developer* perspective to create an application. The *+Add* flow provides a complete integration with the https://registry.devfile.io/viewer[devfile community registry]. A devfile is a portable YAML file that describes your development environment without needing to configure it from scratch. Using the *Devfile registry*, you can use a pre-configured devfile to create an application.
+You can use the devfiles in the *+Add* flow of the *Developer* perspective to create an application. The *+Add* flow provides a complete integration with the https://registry.devfile.io/viewer[devfile community registry]. A devfile is a portable YAML file that describes your development environment without needing to configure it from scratch. Using the *Devfile registry*, you can use a preconfigured devfile to create an application.
 
 .Procedure
 
diff --git a/modules/odc-verifying-the-status-of-your-service-binding-from-the-topology-view.adoc b/modules/odc-verifying-the-status-of-your-service-binding-from-the-topology-view.adoc
index 54ea7ae5c5ed..6f77f3c78ab9 100644
--- a/modules/odc-verifying-the-status-of-your-service-binding-from-the-topology-view.adoc
+++ b/modules/odc-verifying-the-status-of-your-service-binding-from-the-topology-view.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-verifying-the-status-of-your-service-binding-from-the-topology-view_{context}"]
 = Verifying the status of your service binding from the Topology view
 
@@ -9,12 +9,12 @@ The *Developer* perspective helps you verify the status of your service binding
 
 .Procedure
 
-. If a service binding was successful, click the binding connector. A side panel appears displaying the *Connected* status under the *Details* tab. 
+. If a service binding was successful, click the binding connector. A side panel appears displaying the *Connected* status under the *Details* tab.
 +
-Optionally, you can view the *Connected* status on the following pages from the *Developer* perspective: 
+Optionally, you can view the *Connected* status on the following pages from the *Developer* perspective:
 +
 ** The *ServiceBindings* page.
-** The *ServiceBinding details* page. In addition, the page title displays a *Connected* badge. 
+** The *ServiceBinding details* page. In addition, the page title displays a *Connected* badge.
 . If a service binding was unsuccessful, the binding connector shows a red arrowhead and a red cross in the middle of the connection. Click this connector to view the *Error* status in the side panel under the *Details* tab. Optionally, click the *Error* status to view specific information about the underlying problem.
 +
 You can also view the *Error* status and a tooltip on the following pages from the *Developer* perspective:
diff --git a/modules/odc-viewing-application-topology.adoc b/modules/odc-viewing-application-topology.adoc
index a0962e5a5f93..f0a6917fac0c 100644
--- a/modules/odc-viewing-application-topology.adoc
+++ b/modules/odc-viewing-application-topology.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/odc-viewing-application-composition-using-topology-view.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odc-viewing-application-topology_{context}"]
 
 = Viewing the topology of your application
diff --git a/modules/odc-visualizing-the-binding-connections-to-resources.adoc b/modules/odc-visualizing-the-binding-connections-to-resources.adoc
index aac8acc11d34..3a81b95c04e4 100644
--- a/modules/odc-visualizing-the-binding-connections-to-resources.adoc
+++ b/modules/odc-visualizing-the-binding-connections-to-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc-visualizing-the-binding-connections-to-resources_{context}"]
 = Visualizing the binding connections to resources
 
@@ -22,7 +22,7 @@ To view the *Label Selector*, consider the following approaches:
 .ServiceBinding details page
 image::odc-label-selector-sb-details.png[]
 
-[NOTE] 
+[NOTE]
 ====
 To use *Label Selector* and to create one or more connections at once, you must import the YAML file of the `ServiceBinding` resource.
 ====
@@ -36,7 +36,7 @@ image::odc-label-selector-topology-side-panel.png[]
 +
 [NOTE]
 ====
-When you delete a binding connector (a single connection within *Topology* along with a service binding), the action removes all connections that are tied to the deleted service binding. While deleting a binding connector, a confirmation dialog appears, which informs that all connectors will be deleted. 
+When you delete a binding connector (a single connection within *Topology* along with a service binding), the action removes all connections that are tied to the deleted service binding. While deleting a binding connector, a confirmation dialog appears, which informs that all connectors will be deleted.
 
 .Delete ServiceBinding confirmation dialog
 image::odc-delete-service-binding.png[]
diff --git a/modules/odc_con_customizing-a-developer-catalog-or-its-sub-catalogs.adoc b/modules/odc_con_customizing-a-developer-catalog-or-its-sub-catalogs.adoc
index b58c402f6151..8ff339d97ba6 100644
--- a/modules/odc_con_customizing-a-developer-catalog-or-its-sub-catalogs.adoc
+++ b/modules/odc_con_customizing-a-developer-catalog-or-its-sub-catalogs.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="odc_con_customizing-a-developer-catalog-or-its-sub-catalogs_{context}"]
 = Developer catalog and sub-catalog customization
diff --git a/modules/odc_con_example-yaml-file-changes.adoc b/modules/odc_con_example-yaml-file-changes.adoc
index dbb3d5323838..2e7d76504889 100644
--- a/modules/odc_con_example-yaml-file-changes.adoc
+++ b/modules/odc_con_example-yaml-file-changes.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="con_example-yaml-file-changes_{context}"]
 = Example YAML file changes
@@ -14,7 +14,7 @@ Use the following snippet to display all the sub-catalogs by setting the _state_
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 ...
 spec:
@@ -30,7 +30,7 @@ Use the following snippet to disable all sub-catalogs by setting the _state_ typ
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 ...
 spec:
@@ -46,7 +46,7 @@ Use the following snippet when a cluster administrator defines a list of sub-cat
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 ...
 spec:
diff --git a/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-form-view.adoc b/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-form-view.adoc
index d90c2e04a87c..f1601930bfec 100644
--- a/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-form-view.adoc
+++ b/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-form-view.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-form-view_{context}"]
 = Customizing a developer catalog or its sub-catalogs using the form view
 
diff --git a/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-yaml-view.adoc b/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-yaml-view.adoc
index a7f20417246c..cc5ee2132816 100644
--- a/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-yaml-view.adoc
+++ b/modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-yaml-view.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/customizing-the-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-yaml-view_{context}"]
 = Customizing a developer catalog or its sub-catalogs using the YAML view
@@ -17,15 +17,15 @@ You can customize a developer catalog by editing the YAML content in the YAML vi
 
 . In the *Administrator* perspective of the web console, navigate to *Administration* -> *Cluster Settings*.
 . Select the *Configuration* tab, click the *Console (operator.openshift.io)* resource and view the *Details* page.
-. Click the *YAML* tab to open the editor and edit the YAML content as needed. 
-+ 
+. Click the *YAML* tab to open the editor and edit the YAML content as needed.
++
 For example, to disable a developer catalog type, insert the following snippet that defines a list of disabled developer catalog resources:
 +
 [source,yaml]
 ----
 apiVersion: operator.openshift.io/v1
 kind: Console
-metadata: 
+metadata:
   name: cluster
 ...
 spec:
diff --git a/modules/odo-core-concepts.adoc b/modules/odo-core-concepts.adoc
index 7881342a7c2b..b43b72d93e65 100644
--- a/modules/odo-core-concepts.adoc
+++ b/modules/odo-core-concepts.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/understanding-odo.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odo-core-concepts_{context}"]
 
 = odo core concepts
@@ -15,12 +15,12 @@ A typical application, developed with a link:https://www.redhat.com/en/topics/cl
 Examples of _applications_ include online video streaming, online shopping, and hotel reservation systems.
 
 Component::
-A set of Kubernetes resources that can run and be deployed separately. A cloud-native application is a collection of small, independent, loosely coupled _components_. 
+A set of Kubernetes resources that can run and be deployed separately. A cloud-native application is a collection of small, independent, loosely coupled _components_.
 +
 Examples of _components_ include an API back-end, a web interface, and a payment back-end.
 
 Project::
-A single unit containing your source code, tests, and libraries. 
+A single unit containing your source code, tests, and libraries.
 
 Context::
 A directory that contains the source code, tests, libraries, and `odo` config files for a single component.
@@ -41,4 +41,4 @@ In `{odo-title}`, services are provisioned from the OpenShift Service Catalog an
 devfile::
 An open standard for defining containerized development environments that enables developer tools to simplify and accelerate workflows. For more information, see the documentation at link:https://devfile.io[].
 +
-You can connect to publicly available _devfile_ registries, or you can install a Secure Registry. 
\ No newline at end of file
+You can connect to publicly available _devfile_ registries, or you can install a Secure Registry.
\ No newline at end of file
diff --git a/modules/odo-key-features.adoc b/modules/odo-key-features.adoc
index 37deac5bdfcb..5146bd5d4bd6 100644
--- a/modules/odo-key-features.adoc
+++ b/modules/odo-key-features.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/understanding-odo.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odo-features_{context}"]
 = odo key features
 
diff --git a/modules/odo-listing-components.adoc b/modules/odo-listing-components.adoc
index 658cc3329c20..7b1d70a1e118 100644
--- a/modules/odo-listing-components.adoc
+++ b/modules/odo-listing-components.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/understanding-odo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="odo-listing-components_{context}"]
 
 = Listing components in odo
@@ -12,7 +12,7 @@
 
 You can list all the _devfiles_ available of the different registries with the `odo catalog list components` command.
 
-.Procedure 
+.Procedure
 
 . Log in to the cluster with `{odo-title}`:
 +
diff --git a/modules/odo-telemetry.adoc b/modules/odo-telemetry.adoc
index 31a98dcc9404..c082261bb6ae 100644
--- a/modules/odo-telemetry.adoc
+++ b/modules/odo-telemetry.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/developer_cli_odo/understanding-odo.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="odo-telemetry_{context}"]
 
 = Telemetry in odo
diff --git a/modules/olm-about-catalogs.adoc b/modules/olm-about-catalogs.adoc
index 189387c32234..4dc03f669663 100644
--- a/modules/olm-about-catalogs.adoc
+++ b/modules/olm-about-catalogs.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-rh-catalogs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-about-catalogs_{context}"]
 = About Operator catalogs
 
diff --git a/modules/olm-about-opm.adoc b/modules/olm-about-opm.adoc
index 994f5d8b2533..de460139ce84 100644
--- a/modules/olm-about-opm.adoc
+++ b/modules/olm-about-opm.adoc
@@ -3,7 +3,7 @@
 // * operators/understanding/olm-packaging-format.adoc
 // * cli_reference/opm/cli-opm-install.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-about-opm_{context}"]
 = About the opm CLI
 
diff --git a/modules/olm-accessing-images-private-registries.adoc b/modules/olm-accessing-images-private-registries.adoc
index dea921865fcd..6224229f8409 100644
--- a/modules/olm-accessing-images-private-registries.adoc
+++ b/modules/olm-accessing-images-private-registries.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/managing-custom-catalogs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-accessing-images-private-registries_{context}"]
 = Accessing images for Operators from private registries
 
@@ -22,10 +22,11 @@ Instead, the authentication details can be added to the global cluster pull secr
 
 .Prerequisites
 
-* At least one of the following hosted in a private registry:
+* You have at least one of the following hosted in a private registry:
 ** An index image or catalog image.
 ** An Operator bundle image.
 ** An Operator or Operand image.
+* You have access to the cluster as a user with the `cluster-admin` role.
 
 .Procedure
 
diff --git a/modules/olm-adding-new-crd-version.adoc b/modules/olm-adding-new-crd-version.adoc
index 1ec946661d9e..daed59480ad1 100644
--- a/modules/olm-adding-new-crd-version.adoc
+++ b/modules/olm-adding-new-crd-version.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-dependency-resolution-adding-new-crd-version_{context}"]
 = Adding a new CRD version
 
diff --git a/modules/olm-approving-pending-upgrade.adoc b/modules/olm-approving-pending-upgrade.adoc
index ca7c420ffcd1..31a9180bae79 100644
--- a/modules/olm-approving-pending-upgrade.adoc
+++ b/modules/olm-approving-pending-upgrade.adoc
@@ -3,7 +3,7 @@
 // * operators/admin/olm-upgrading-operators.adoc
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-approving-pending-upgrade_{context}"]
 = Manually approving a pending Operator update
 
@@ -19,7 +19,7 @@ If an installed Operator has the approval strategy in its subscription set to *M
 
 . Operators that have a pending update display a status with *Upgrade available*. Click the name of the Operator you want to update.
 
-. Click the *Subscription* tab. Any update requiring approval are displayed next to *Upgrade Status*. For example, it might display *1 requires approval*.
+. Click the *Subscription* tab. Any updates requiring approval are displayed next to *Upgrade status*. For example, it might display *1 requires approval*.
 
 . Click *1 requires approval*, then click *Preview Install Plan*.
 
diff --git a/modules/olm-arch-os-support.adoc b/modules/olm-arch-os-support.adoc
index dc138b536ce3..6213109ef088 100644
--- a/modules/olm-arch-os-support.adoc
+++ b/modules/olm-arch-os-support.adoc
@@ -15,10 +15,10 @@ The following strings are supported in Operator Lifecycle Manager (OLM) on {prod
 |AMD64
 |`amd64`
 
-|{ibmpowerProductName}
+|{ibm-power-name}
 |`ppc64le`
 
-|{ibmzProductName}
+|{ibm-z-name}
 |`s390x`
 |===
 
diff --git a/modules/olm-catalog-source-and-psa.adoc b/modules/olm-catalog-source-and-psa.adoc
index 27e505179598..ae036e85477b 100644
--- a/modules/olm-catalog-source-and-psa.adoc
+++ b/modules/olm-catalog-source-and-psa.adoc
@@ -2,13 +2,13 @@
 //
 // * operators/admin/olm-managing-custom-catalogs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-catalog-sources-and-psa_{context}"]
 = Catalog sources and pod security admission
 
 _Pod security admission_ was introduced in {product-title} 4.11 to ensure pod security standards. Catalog sources built using the SQLite-based catalog format and a version of the `opm` CLI tool released before {product-title} 4.11 cannot run under restricted pod security enforcement.
 
-In {product-title} {product-version}, namespaces do not have restricted pod security enforcement by default and the default catalog source security mode is set to `legacy`.  
+In {product-title} {product-version}, namespaces do not have restricted pod security enforcement by default and the default catalog source security mode is set to `legacy`.
 
 Default restricted enforcement for all namespaces is planned for inclusion in a future {product-title} release. When restricted enforcement occurs, the security context of the pod specification for catalog source pods must match the restricted pod security standard. If your catalog source image requires a different pod security standard, the pod security admissions label for the namespace must be explicitly set.
 
diff --git a/modules/olm-catalogsource-image-template.adoc b/modules/olm-catalogsource-image-template.adoc
index 5469c8ebd2f4..0b21d4e9fac9 100644
--- a/modules/olm-catalogsource-image-template.adoc
+++ b/modules/olm-catalogsource-image-template.adoc
@@ -12,20 +12,20 @@ endif::[]
 [id="olm-catalogsource-image-template_{context}"]
 = Image template for custom catalog sources
 
-Operator compatibility with the underlying cluster can be expressed by a catalog source in various ways. One way, which is used for the default Red Hat-provided catalog sources, is to identify image tags for index images that are specifically created for a particular platform release, for example {product-title} 4.13.
+Operator compatibility with the underlying cluster can be expressed by a catalog source in various ways. One way, which is used for the default Red Hat-provided catalog sources, is to identify image tags for index images that are specifically created for a particular platform release, for example {product-title} {product-version}.
 
-During a cluster upgrade, the index image tag for the default Red Hat-provided catalog sources are updated automatically by the Cluster Version Operator (CVO) so that Operator Lifecycle Manager (OLM) pulls the updated version of the catalog. For example during an upgrade from {product-title} 4.12 to 4.13, the `spec.image` field in the `CatalogSource` object for the `redhat-operators` catalog is updated from:
+During a cluster upgrade, the index image tag for the default Red Hat-provided catalog sources are updated automatically by the Cluster Version Operator (CVO) so that Operator Lifecycle Manager (OLM) pulls the updated version of the catalog. For example during an upgrade from {product-title} 4.14 to 4.15, the `spec.image` field in the `CatalogSource` object for the `redhat-operators` catalog is updated from:
 
 [source,terminal]
 ----
-registry.redhat.io/redhat/redhat-operator-index:v4.12
+registry.redhat.io/redhat/redhat-operator-index:v4.13
 ----
 
 to:
 
 [source,terminal]
 ----
-registry.redhat.io/redhat/redhat-operator-index:v4.13
+registry.redhat.io/redhat/redhat-operator-index:v4.15
 ----
 
 However, the CVO does not automatically update image tags for custom catalogs. To ensure users are left with a compatible and supported Operator installation after a cluster upgrade, custom catalogs should also be kept updated to reference an updated index image.
@@ -64,7 +64,7 @@ metadata:
       "quay.io/example-org/example-catalog:v{kube_major_version}.{kube_minor_version}"
 spec:
   displayName: Example Catalog
-  image: quay.io/example-org/example-catalog:v1.26
+  image: quay.io/example-org/example-catalog:v1.28
   priority: -400
   publisher: Example Org
 ----
@@ -77,11 +77,11 @@ If the `spec.image` field and the `olm.catalogImageTemplate` annotation are both
 If the `spec.image` field is not set and the annotation does not resolve to a usable pull spec, OLM stops reconciliation of the catalog source and sets it into a human-readable error condition.
 ====
 
-For an {product-title} 4.13 cluster, which uses Kubernetes 1.26, the `olm.catalogImageTemplate` annotation in the preceding example resolves to the following image reference:
+For an {product-title} {product-version} cluster, which uses Kubernetes 1.28, the `olm.catalogImageTemplate` annotation in the preceding example resolves to the following image reference:
 
 [source,terminal]
 ----
-quay.io/example-org/example-catalog:v1.26
+quay.io/example-org/example-catalog:v1.28
 ----
 
 For future releases of {product-title}, you can create updated index images for your custom catalogs that target the later Kubernetes version that is used by the later {product-title} version. With the `olm.catalogImageTemplate` annotation set before the upgrade, upgrading the cluster to the later {product-title} version would then automatically update the catalog's index image as well.
diff --git a/modules/olm-changing-update-channel.adoc b/modules/olm-changing-update-channel.adoc
index cf688f7c35d8..20ba726ea380 100644
--- a/modules/olm-changing-update-channel.adoc
+++ b/modules/olm-changing-update-channel.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-upgrading-operators.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-changing-update-channel_{context}"]
 = Changing the update channel for an Operator
 
@@ -25,7 +25,7 @@ If the approval strategy in the subscription is set to *Automatic*, the update p
 
 . Click the *Subscription* tab.
 
-. Click the name of the update channel under *Channel*.
+. Click the name of the update channel under *Update channel*.
 
 . Click the newer update channel that you want to change to, then click *Save*.
 
diff --git a/modules/olm-colocation-namespaces.adoc b/modules/olm-colocation-namespaces.adoc
index 0564a7a3c5d3..6f0538b88640 100644
--- a/modules/olm-colocation-namespaces.adoc
+++ b/modules/olm-colocation-namespaces.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm/olm-colocation.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-colocation-namespaces_{context}"]
 = Colocation of Operators in a namespace
 
@@ -20,10 +20,22 @@ These scenarios can lead to the following issues:
 
 These issues usually surface because, when installing Operators with the {product-title} web console, the default behavior installs Operators that support the *All namespaces* install mode into the default `openshift-operators` global namespace.
 
-As a cluster administrator, you can bypass this default behavior manually by using the following workflow:
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator,
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role,
+endif::openshift-dedicated,openshift-rosa[]
+you can bypass this default behavior manually by using the following workflow:
 
+ifndef::openshift-dedicated,openshift-rosa[]
 . Create a namespace for the installation of the Operator.
+endif::openshift-dedicated,openshift-rosa[]
+// In OSD/ROSA, dedicated-admins can create projects, but not namespaces.
+ifdef::openshift-dedicated,openshift-rosa[]
+. Create a project for the installation of the Operator.
+endif::openshift-dedicated,openshift-rosa[]
 . Create a custom _global Operator group_, which is an Operator group that watches all namespaces. By associating this Operator group with the namespace you just created, it makes the installation namespace a global namespace, which makes Operators installed there available in all namespaces.
 . Install the desired Operator in the installation namespace.
 
-If the Operator has dependencies, the dependencies are automatically installed in the pre-created namespace. As a result, it is then valid for the dependency Operators to have the same update policy and shared install plans. For a detailed procedure, see "Installing global Operators in custom namespaces".
\ No newline at end of file
+If the Operator has dependencies, the dependencies are automatically installed in the pre-created namespace. As a result, it is then valid for the dependency Operators to have the same update policy and shared install plans. For a detailed procedure, see "Installing global Operators in custom namespaces".
diff --git a/modules/olm-creating-catalog-from-index.adoc b/modules/olm-creating-catalog-from-index.adoc
index 2e4fefdfff53..46f4c949c290 100644
--- a/modules/olm-creating-catalog-from-index.adoc
+++ b/modules/olm-creating-catalog-from-index.adoc
@@ -21,20 +21,44 @@ ifeval::["{context}" == "olm-restricted-networks"]
 :olm-restricted-networks:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-creating-catalog-from-index_{context}"]
 = Adding a catalog source to a cluster
 
-Adding a catalog source to an {product-title} cluster enables the discovery and installation of Operators for users. Cluster administrators can create a `CatalogSource` object that references an index image. OperatorHub uses catalog sources to populate the user interface.
-
+Adding a catalog source to an {product-title} cluster enables the discovery and installation of Operators for users.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can create a `CatalogSource` object that references an index image. OperatorHub uses catalog sources to populate the user interface.
+
+// In OSD/ROSA, a dedicated-admin can see catalog sources here, but can't add, edit, or delete them.
+ifndef::openshift-dedicated,openshift-rosa[]
 [TIP]
 ====
 Alternatively, you can use the web console to manage catalog sources. From the *Administration* -> *Cluster Settings* -> *Configuration* -> *OperatorHub* page, click the *Sources* tab, where you can create, update, delete, disable, and enable individual sources.
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+// In OSD/ROSA, a dedicated-admin can update catalog sources in the console by searching for them.
+ifdef::openshift-dedicated,openshift-rosa[]
+[TIP]
+====
+Alternatively, you can use the web console to manage catalog sources. From the *Home* -> *Search* page, select a project, click the *Resources* drop-down and search for `CatalogSource`. You can create, update, delete, disable, and enable individual sources.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 .Prerequisites
 
-* An index image built and pushed to a registry.
+* You built and pushed an index image to a registry.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/olm-creating-etcd-cluster-from-operator.adoc b/modules/olm-creating-etcd-cluster-from-operator.adoc
index fda553427292..5d75cd09ad3c 100644
--- a/modules/olm-creating-etcd-cluster-from-operator.adoc
+++ b/modules/olm-creating-etcd-cluster-from-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-creating-etcd-cluster-from-operator_{context}"]
 = Creating an etcd cluster using an Operator
 
@@ -6,14 +6,26 @@ This procedure walks through creating a new etcd cluster using the etcd Operator
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * Access to an {product-title} {product-version} cluster.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Access to an {product-title} cluster.
+endif::openshift-dedicated,openshift-rosa[]
 * The etcd Operator already installed cluster-wide by an administrator.
 
 .Procedure
 
 . Create a new project in the {product-title} web console for this procedure. This example uses a project called `my-etcd`.
 
-. Navigate to the *Operators -> Installed Operators* page. The Operators that have been installed to the cluster by the cluster administrator and are available for use are shown here as a list of cluster service versions (CSVs). CSVs are used to launch and manage the software provided by the Operator.
+. Navigate to the *Operators -> Installed Operators* page. The Operators that have been installed to the cluster by the
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+dedicated-admin
+endif::openshift-dedicated,openshift-rosa[]
+and are available for use are shown here as a list of cluster service versions (CSVs). CSVs are used to launch and manage the software provided by the Operator.
 +
 [TIP]
 ====
@@ -33,9 +45,9 @@ As shown under *Provided APIs*, this Operator makes available three new resource
 
 .. In the *etcd Cluster* API box, click *Create instance*.
 
-.. The next screen allows you to make any modifications to the minimal starting template of an `EtcdCluster` object, such as the size of the cluster. For now, click *Create* to finalize. This triggers the Operator to start up the pods, services, and other components of the new etcd cluster.
+.. The next page allows you to make any modifications to the minimal starting template of an `EtcdCluster` object, such as the size of the cluster. For now, click *Create* to finalize. This triggers the Operator to start up the pods, services, and other components of the new etcd cluster.
 
-. Click on the *example* etcd cluster, then click the *Resources* tab to see that your project now contains a number of resources created and configured automatically by the Operator.
+. Click the *example* etcd cluster, then click the *Resources* tab to see that your project now contains a number of resources created and configured automatically by the Operator.
 +
 Verify that a Kubernetes service has been created that allows you to access the database from other pods in your project.
 
@@ -46,4 +58,11 @@ Verify that a Kubernetes service has been created that allows you to access the
 $ oc policy add-role-to-user edit <user> -n <target_project>
 ----
 
-You now have an etcd cluster that will react to failures and rebalance data as pods become unhealthy or are migrated between nodes in the cluster. Most importantly, cluster administrators or developers with proper access can now easily use the database with their applications.
+You now have an etcd cluster that will react to failures and rebalance data as pods become unhealthy or are migrated between nodes in the cluster. Most importantly,
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+dedicated-admins
+endif::openshift-dedicated,openshift-rosa[]
+or developers with proper access can now easily use the database with their applications.
diff --git a/modules/olm-creating-fb-catalog-image.adoc b/modules/olm-creating-fb-catalog-image.adoc
index 9ef75a28b0a4..943fbfc5e4f6 100644
--- a/modules/olm-creating-fb-catalog-image.adoc
+++ b/modules/olm-creating-fb-catalog-image.adoc
@@ -9,7 +9,7 @@ ifndef::openshift-origin[]
 :registry-image: registry.redhat.io/openshift4/ose-operator-registry:v{product-version}
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-creating-fb-catalog-image_{context}"]
 = Creating a file-based catalog image
 
@@ -17,9 +17,9 @@ You can use the `opm` CLI to create a catalog image that uses the plain text _fi
 
 .Prerequisites
 
-* `opm`
-* `podman` version 1.9.3+
-* A bundle image built and pushed to a registry that supports link:https://docs.docker.com/registry/spec/manifest-v2-2/[Docker v2-2]
+* You have installed the `opm` CLI.
+* You have `podman` version 1.9.3+.
+* A bundle image is built and pushed to a registry that supports link:https://docs.docker.com/registry/spec/manifest-v2-2/[Docker v2-2].
 
 .Procedure
 
diff --git a/modules/olm-creating-index-image.adoc b/modules/olm-creating-index-image.adoc
index 5ab206a3b9b5..814b20d12a0f 100644
--- a/modules/olm-creating-index-image.adoc
+++ b/modules/olm-creating-index-image.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-custom-catalogs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-creating-index-image_{context}"]
 = Creating a SQLite-based index image
 
@@ -10,9 +10,9 @@ You can create an index image based on the SQLite database format by using the `
 
 .Prerequisites
 
-* `opm`
-* `podman` version 1.9.3+
-* A bundle image built and pushed to a registry that supports link:https://docs.docker.com/registry/spec/manifest-v2-2/[Docker v2-2]
+* You have installed the `opm` CLI.
+* You have `podman` version 1.9.3+.
+* A bundle image is built and pushed to a registry that supports link:https://docs.docker.com/registry/spec/manifest-v2-2/[Docker v2-2].
 
 .Procedure
 
diff --git a/modules/olm-cs-health.adoc b/modules/olm-cs-health.adoc
new file mode 100644
index 000000000000..13eae138ff3d
--- /dev/null
+++ b/modules/olm-cs-health.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * operators/understanding/olm/olm-understanding-olm.adoc
+
+[id="olm-cs-health_{context}"]
+= Catalog health requirements
+
+Operator catalogs on a cluster are interchangeable from the perspective of installation resolution; a `Subscription` object might reference a specific catalog, but dependencies are resolved using all catalogs on the cluster.
+
+For example, if Catalog A is unhealthy, a subscription referencing Catalog A could resolve a dependency in Catalog B, which the cluster administrator might not have been expecting, because B normally had a lower catalog priority than A.
+
+As a result, OLM requires that all catalogs with a given global namespace (for example, the default `openshift-marketplace` namespace or a custom global namespace) are healthy. When a catalog is unhealthy, all Operator installation or update operations within its shared global namespace will fail with a `CatalogSourcesUnhealthy` condition. If these operations were permitted in an unhealthy state, OLM might make resolution and installation decisions that were unexpected to the cluster administrator.
+
+As a cluster administrator, if you observe an unhealthy catalog and want to consider the catalog as invalid and resume Operator installations, see the "Removing custom catalogs" or "Disabling the default OperatorHub catalog sources" sections for information about removing the unhealthy catalog.
\ No newline at end of file
diff --git a/modules/olm-cs-status-cli.adoc b/modules/olm-cs-status-cli.adoc
index aafdff188a13..8b2bf0e730dd 100644
--- a/modules/olm-cs-status-cli.adoc
+++ b/modules/olm-cs-status-cli.adoc
@@ -10,7 +10,7 @@ ifndef::openshift-origin[]
 :global_ns: openshift-marketplace
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-cs-status-cli_{context}"]
 = Viewing Operator catalog source status by using the CLI
 
@@ -18,7 +18,12 @@ You can view the status of an Operator catalog source by using the CLI.
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -53,7 +58,12 @@ $ oc describe catalogsource example-catalog -n {global_ns}
 ----
 Name:         example-catalog
 Namespace:    {global_ns}
-...
+Labels:       <none>
+Annotations:  operatorframework.io/managed-by: marketplace-operator
+              target.workload.openshift.io/management: {"effect": "PreferredDuringScheduling"}
+API Version:  operators.coreos.com/v1alpha1
+Kind:         CatalogSource
+# ...
 Status:
   Connection State:
     Address:              example-catalog.{global_ns}.svc:50051
@@ -65,6 +75,7 @@ Status:
     Protocol:           grpc
     Service Name:       example-catalog
     Service Namespace:  {global_ns}
+# ...
 ----
 +
 In the preceding example output, the last observed state is `TRANSIENT_FAILURE`. This state indicates that there is a problem establishing a connection for the catalog source.
diff --git a/modules/olm-default-install-behavior.adoc b/modules/olm-default-install-behavior.adoc
index 387570c75141..3c33b36710ae 100644
--- a/modules/olm-default-install-behavior.adoc
+++ b/modules/olm-default-install-behavior.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-multitenancy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-default-install-modes-behavior_{context}"]
 = Default Operator install modes and behavior
 
diff --git a/modules/olm-defining-csv-webhooks.adoc b/modules/olm-defining-csv-webhooks.adoc
index 4a23789ce629..3bf4b6aae7fb 100644
--- a/modules/olm-defining-csv-webhooks.adoc
+++ b/modules/olm-defining-csv-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-defining-csv-webhook_{context}"]
 = Defining webhooks
 
diff --git a/modules/olm-deleting-metallb-operators-from-a-cluster-using-cli.adoc b/modules/olm-deleting-metallb-operators-from-a-cluster-using-cli.adoc
index 4c57d19727d2..33ccf4148e75 100644
--- a/modules/olm-deleting-metallb-operators-from-a-cluster-using-cli.adoc
+++ b/modules/olm-deleting-metallb-operators-from-a-cluster-using-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/metallb/metallb-upgrading-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-deleting-metallb-operator-from-a-cluster-using-cli_{context}"]
 = Deleting MetalLB Operator from a cluster using the CLI
 
diff --git a/modules/olm-deleting-metallb-operators-from-a-cluster-using-web-console.adoc b/modules/olm-deleting-metallb-operators-from-a-cluster-using-web-console.adoc
index 3dd965c77979..5f58edc508fa 100644
--- a/modules/olm-deleting-metallb-operators-from-a-cluster-using-web-console.adoc
+++ b/modules/olm-deleting-metallb-operators-from-a-cluster-using-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/metallb/metallb-upgrading-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-deleting-metallb-operator-from-a-cluster-using-web-console_{context}"]
 = Deleting the MetalLB Operator from a cluster using the web console
 
diff --git a/modules/olm-deleting-operators-from-a-cluster-using-cli.adoc b/modules/olm-deleting-operators-from-a-cluster-using-cli.adoc
index 5bb07b408cfc..d11f90e5508c 100644
--- a/modules/olm-deleting-operators-from-a-cluster-using-cli.adoc
+++ b/modules/olm-deleting-operators-from-a-cluster-using-cli.adoc
@@ -3,7 +3,7 @@
 // * operators/admin/olm-deleting-operators-from-a-cluster.adoc
 // * serverless/install/removing-openshift-serverless.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-deleting-operator-from-a-cluster-using-cli_{context}"]
 = Deleting Operators from a cluster using the CLI
 
@@ -11,49 +11,52 @@ Cluster administrators can delete installed Operators from a selected namespace
 
 .Prerequisites
 
-- Access to an {product-title} cluster using an account with
+- You have access to an {product-title} cluster using an account with
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions.
 endif::[]
-- `oc` command installed on workstation.
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin` permissions.
+endif::openshift-dedicated,openshift-rosa[]
+- The OpenShift CLI (`oc`) is installed on your workstation.
 
 .Procedure
 
-. Check the current version of the subscribed Operator (for example, `jaeger`) in the `currentCSV` field:
+. Ensure the latest version of the subscribed operator (for example, `serverless-operator`) is identified in the `currentCSV` field.
 +
 [source,terminal]
 ----
-$ oc get subscription jaeger -n openshift-operators -o yaml | grep currentCSV
+$ oc get subscription.operators.coreos.com serverless-operator -n openshift-serverless -o yaml | grep currentCSV
 ----
 +
 .Example output
 [source,terminal]
 ----
-  currentCSV: jaeger-operator.v1.8.2
+  currentCSV: serverless-operator.v1.28.0
 ----
 
-. Delete the subscription (for example, `jaeger`):
+. Delete the subscription (for example, `serverless-operator`):
 +
 [source,terminal]
 ----
-$ oc delete subscription jaeger -n openshift-operators
+$ oc delete subscription.operators.coreos.com serverless-operator -n openshift-serverless
 ----
 +
 .Example output
 [source,terminal]
 ----
-subscription.operators.coreos.com "jaeger" deleted
+subscription.operators.coreos.com "serverless-operator" deleted
 ----
 
 . Delete the CSV for the Operator in the target namespace using the `currentCSV` value from the previous step:
 +
 [source,terminal]
 ----
-$ oc delete clusterserviceversion jaeger-operator.v1.8.2 -n openshift-operators
+$ oc delete clusterserviceversion serverless-operator.v1.28.0 -n openshift-serverless
 ----
 +
 .Example output
 [source,terminal]
 ----
-clusterserviceversion.operators.coreos.com "jaeger-operator.v1.8.2" deleted
+clusterserviceversion.operators.coreos.com "serverless-operator.v1.28.0" deleted
 ----
diff --git a/modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc b/modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc
index afcf6b8aeaa9..fdc0b89b0ae8 100644
--- a/modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc
+++ b/modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc
@@ -5,7 +5,7 @@
 // * serverless/install/removing-openshift-serverless.adoc
 // * virt/install/uninstalling-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-deleting-operators-from-a-cluster-using-web-console_{context}"]
 = Deleting Operators from a cluster using the web console
 
@@ -17,6 +17,9 @@ Cluster administrators can delete installed Operators from a selected namespace
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions.
 endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin` permissions.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/olm-deleting-po.adoc b/modules/olm-deleting-po.adoc
index fb907be7c338..94077dee3d21 100644
--- a/modules/olm-deleting-po.adoc
+++ b/modules/olm-deleting-po.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-po.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-deleting-po_{context}"]
 = Deleting platform Operators
 
@@ -58,8 +58,8 @@ $ oc get co platform-operators-aggregated
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                            VERSION     AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
-platform-operators-aggregated   4.13.0-0    True        False         False      70s
+platform-operators-aggregated   {product-version}.0-0    True        False         False      70s
 ----
\ No newline at end of file
diff --git a/modules/olm-dependencies.adoc b/modules/olm-dependencies.adoc
index bd29635863cb..cb7ddb83b662 100644
--- a/modules/olm-dependencies.adoc
+++ b/modules/olm-dependencies.adoc
@@ -3,7 +3,7 @@
 // * operators/understanding/olm-packaging-format.adoc
 // * operators/understanding/olm/olm-understanding-dependency-resolution.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-dependencies_{context}"]
 ifeval::["{context}" == "olm-packaging-format"]
 = Dependencies
diff --git a/modules/olm-dependency-resolution-about.adoc b/modules/olm-dependency-resolution-about.adoc
index a53f958831a3..da27a3920868 100644
--- a/modules/olm-dependency-resolution-about.adoc
+++ b/modules/olm-dependency-resolution-about.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm/olm-understanding-dependency-resolution.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-dependency-resolution-about_{context}"]
 = About dependency resolution
 
diff --git a/modules/olm-disabling-copied-csvs.adoc b/modules/olm-disabling-copied-csvs.adoc
index 944da2fd0bf5..194fda3e6262 100644
--- a/modules/olm-disabling-copied-csvs.adoc
+++ b/modules/olm-disabling-copied-csvs.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-disabling-copied-csvs_{context}"]
 = Disabling copied CSVs
 
diff --git a/modules/olm-enabling-operator-for-multi-arch.adoc b/modules/olm-enabling-operator-for-multi-arch.adoc
index 0b2f69ba18f9..b2631fa60d5a 100644
--- a/modules/olm-enabling-operator-for-multi-arch.adoc
+++ b/modules/olm-enabling-operator-for-multi-arch.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-enabling-operator-for-multi-arch_{context}"]
 = Enabling your Operator for multiple architectures and operating systems
 
diff --git a/modules/olm-enabling-operator-restricted-network.adoc b/modules/olm-enabling-operator-restricted-network.adoc
index cbe4ab864e67..8bd777a01219 100644
--- a/modules/olm-enabling-operator-restricted-network.adoc
+++ b/modules/olm-enabling-operator-restricted-network.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-enabling-operator-for-restricted-network_{context}"]
 = Enabling your Operator for restricted network environments
 
diff --git a/modules/olm-fb-catalogs-schemas.adoc b/modules/olm-fb-catalogs-schemas.adoc
index ad06deb1bcee..363d24354d2b 100644
--- a/modules/olm-fb-catalogs-schemas.adoc
+++ b/modules/olm-fb-catalogs-schemas.adoc
@@ -117,9 +117,12 @@ It is valid for an entry's replaces value to reference another bundle name that
 ----
 ====
 
-////
-For more information about defining upgrade edges, see the upgrade graph reference documentation.
-////
+[WARNING]
+====
+When using the `skipRange` field, the skipped Operator versions are pruned from the update graph and are therefore no longer installable by users with the `spec.startingCSV` property of `Subscription` objects.
+
+If you want to have direct (one version increment) updates to an Operator version from multiple previous versions, and also keep those previous versions available to users for installation, always use the `skipRange` field along with the `replaces` field. Ensure that the `replaces` field points to the immediate previous version of the Operator version in question.
+====
 
 [id="olm-fb-catalogs-olm-bundle_{context}"]
 == olm.bundle schema
diff --git a/modules/olm-fb-catalogs.adoc b/modules/olm-fb-catalogs.adoc
index 4c900a48c8bc..4128679f1c5d 100644
--- a/modules/olm-fb-catalogs.adoc
+++ b/modules/olm-fb-catalogs.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-packaging-format.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-file-based-catalogs_{context}"]
 = File-based catalogs
 
diff --git a/modules/olm-filtering-fbc.adoc b/modules/olm-filtering-fbc.adoc
index dad5efb9237e..75fd56988c03 100644
--- a/modules/olm-filtering-fbc.adoc
+++ b/modules/olm-filtering-fbc.adoc
@@ -9,25 +9,28 @@ ifndef::openshift-origin[]
 :registry-image: registry.redhat.io/openshift4/ose-operator-registry:v{product-version}
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-filtering-fbc_{context}"]
 = Updating or filtering a file-based catalog image
 
 You can use the `opm` CLI to update or filter (also known as prune) a catalog image that uses the file-based catalog format. By extracting and modifying the contents of an existing catalog image, you can update, add, or remove one or more Operator package entries from the catalog. You can then rebuild the image as an updated version of the catalog.
 
+// This note points to a topic that's excluded from OSD and ROSA.
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 Alternatively, if you already have a catalog image on a mirror registry, you can use the oc-mirror CLI plugin to automatically prune any removed images from an updated source version of that catalog image while mirroring it to the target registry.
 
 For more information about the oc-mirror plugin and this use case, see the "Keeping your mirror registry content updated" section, and specifically the "Pruning images" subsection, of "Mirroring images for a disconnected installation using the oc-mirror plugin".
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
 .Prerequisites
-
-* `opm` CLI.
-* `podman` version 1.9.3+.
-* A file-based catalog image.
-* A catalog directory structure recently initialized on your workstation related to this catalog.
+* You have the following on your workstation:
+** The `opm` CLI.
+** `podman` version 1.9.3+.
+** A file-based catalog image.
+** A catalog directory structure recently initialized on your workstation related to this catalog.
 +
 If you do not have an initialized catalog directory, create the directory and generate the Dockerfile. For more information, see the "Initialize the catalog" step from the "Creating a file-based catalog image" procedure.
 
diff --git a/modules/olm-generic-constraints.adoc b/modules/olm-generic-constraints.adoc
index b211c70a39b0..03a4f4b73a8e 100644
--- a/modules/olm-generic-constraints.adoc
+++ b/modules/olm-generic-constraints.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm/olm-understanding-dependency-resolution.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-generic-constraints_{context}"]
 = Generic constraints
 
diff --git a/modules/olm-injecting-custom-ca.adoc b/modules/olm-injecting-custom-ca.adoc
index e5aeb3a18c01..7758c680da34 100644
--- a/modules/olm-injecting-custom-ca.adoc
+++ b/modules/olm-injecting-custom-ca.adoc
@@ -2,20 +2,31 @@
 //
 // * operators/admin/olm-configuring-proxy-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-inject-custom-ca_{context}"]
 = Injecting a custom CA certificate
 
-When a cluster administrator adds a custom CA certificate to a cluster using a config map, the Cluster Network Operator merges the user-provided certificates and system CA certificates into a single bundle. You can inject this merged bundle into your Operator running on Operator Lifecycle Manager (OLM), which is useful if you have a man-in-the-middle HTTPS proxy.
+ifndef::openshift-dedicated,openshift-rosa[]
+When a cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+When an administrator with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+adds a custom CA certificate to a cluster using a config map, the Cluster Network Operator merges the user-provided certificates and system CA certificates into a single bundle. You can inject this merged bundle into your Operator running on Operator Lifecycle Manager (OLM), which is useful if you have a man-in-the-middle HTTPS proxy.
 
 .Prerequisites
 
-- Access to an {product-title} cluster using an account with
+ifndef::openshift-dedicated,openshift-rosa[]
+* Access to an {product-title} cluster using an account with
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions.
 endif::[]
-- Custom CA certificate added to the cluster using a config map.
-- Desired Operator installed and running on OLM.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Access to a {product-title} cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* Custom CA certificate added to the cluster using a config map.
+* Desired Operator installed and running on OLM.
 
 .Procedure
 
@@ -35,7 +46,7 @@ metadata:
 +
 After creating this config map, it is immediately populated with the certificate contents of the merged bundle.
 
-. Update your the `Subscription` object to include a `spec.config` section that mounts the `trusted-ca` config map as a volume to each container within a pod that requires a custom CA:
+. Update the `Subscription` object to include a `spec.config` section that mounts the `trusted-ca` config map as a volume to each container within a pod that requires a custom CA:
 +
 [source,yaml]
 ----
@@ -72,4 +83,4 @@ spec:
 [NOTE]
 ====
 Deployments of an Operator can fail to validate the authority and display a `x509 certificate signed by unknown authority` error. This error can occur even after injecting a custom CA when using the subscription of an Operator. In this case, you can set the `mountPath` as `/etc/ssl/certs` for trusted-ca by using the subscription of an Operator.
-====
\ No newline at end of file
+====
diff --git a/modules/olm-installing-from-operatorhub-using-cli.adoc b/modules/olm-installing-from-operatorhub-using-cli.adoc
index e47f7d593ff6..0b83dce14037 100644
--- a/modules/olm-installing-from-operatorhub-using-cli.adoc
+++ b/modules/olm-installing-from-operatorhub-using-cli.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "olm-installing-operators-in-namespace"]
 :olm-user:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-operator-from-operatorhub-using-cli_{context}"]
 = Installing from OperatorHub using the CLI
 
@@ -24,13 +24,16 @@ ifndef::olm-user[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions.
 endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+the `dedicated-admin` role.
+endif::[]
 endif::[]
 
 ifdef::olm-user[]
 - Access to an {product-title} cluster using an account with Operator installation permissions.
 endif::[]
 
-- Install the `oc` command to your local system.
+- You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
@@ -150,11 +153,27 @@ spec:
 <6> The `env` parameter defines a list of Environment Variables that must exist in all containers in the pod created by OLM.
 <7> The `envFrom` parameter defines a list of sources to populate Environment Variables in the container.
 <8> The `volumes` parameter defines a list of Volumes that must exist on the pod created by OLM.
-<9> The `volumeMounts` parameter defines a list of VolumeMounts that must exist in all containers in the pod created by OLM. If a `volumeMount` references a `volume` that does not exist, OLM fails to deploy the Operator.
+<9> The `volumeMounts` parameter defines a list of volume mounts that must exist in all containers in the pod created by OLM. If a `volumeMount` references a `volume` that does not exist, OLM fails to deploy the Operator.
 <10> The `tolerations` parameter defines a list of Tolerations for the pod created by OLM.
 <11> The `resources` parameter defines resource constraints for all the containers in the pod created by OLM.
 <12> The `nodeSelector` parameter defines a `NodeSelector` for the pod created by OLM.
 
+. If the cluster is in STS mode, include the following fields in the `Subscription` object:
++
+[source,yaml]
+----
+kind: Subscription
+# ...
+spec:
+  installPlanApproval: Manual <1>
+  config:
+    env:
+    - name: ROLEARN
+      value: "<role_arn>" <2>
+----
+<1> Subscriptions with automatic update approvals are not recommended because there might be permission changes to make prior to updating. Subscriptions with manual update approvals ensure that administrators have the opportunity to verify the permissions of the later version and take any necessary steps prior to update.
+<2> Include the role ARN details.
+
 . Create the `Subscription` object:
 +
 [source,terminal]
diff --git a/modules/olm-installing-from-operatorhub-using-web-console.adoc b/modules/olm-installing-from-operatorhub-using-web-console.adoc
index 1491480d59c0..4da2f97d7c4a 100644
--- a/modules/olm-installing-from-operatorhub-using-web-console.adoc
+++ b/modules/olm-installing-from-operatorhub-using-web-console.adoc
@@ -28,7 +28,7 @@ ifeval::["{context}" == "olm-adding-operators-to-a-cluster"]
 :olm-admin:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-from-operatorhub-using-web-console_{context}"]
 = Installing from OperatorHub using the web console
 
@@ -37,14 +37,17 @@ You can install and subscribe to an Operator from OperatorHub by using the {prod
 .Prerequisites
 
 ifdef::olm-admin[]
-- Access to an {product-title} cluster using an account with
+* Access to an {product-title} cluster using an account with
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions.
 endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 endif::[]
 
 ifdef::olm-user[]
-- Access to an {product-title} cluster using an account with Operator installation permissions.
+* Access to an {product-title} cluster using an account with Operator installation permissions.
 endif::[]
 
 .Procedure
@@ -74,10 +77,21 @@ endif::[]
 ifdef::olm-user[]
 .. Choose a specific, single namespace in which to install the Operator. The Operator will only watch and be made available for use in this single namespace.
 endif::[]
+.. If the cluster is in AWS STS mode, enter the Amazon Resource Name (ARN) of the AWS IAM role of your service account in the *role ARN* field.
++
+image::oadp-install-operator-role-arn.png[Entering the ARN]
+To create the role's ARN, follow the procedure described in link:https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html/tutorials/cloud-experts-deploy-api-data-protection#prepare-aws-account_cloud-experts-deploy-api-data-protection[Preparing AWS account].
 
-.. Select an *Update Channel* (if more than one is available).
+.. If more than one update channel is available, select an *Update channel*.
 
 .. Select *Automatic* or *Manual* approval strategy, as described earlier.
++
+[IMPORTANT]
+====
+If the web console shows that the cluster is in "STS mode", you must set *Update approval* to *Manual*.
+
+Subscriptions with automatic update approvals are not recommended because there might be permission changes to make prior to updating. Subscriptions with manual update approvals ensure that administrators have the opportunity to verify the permissions of the later version and take any necessary steps prior to update.
+====
 
 . Click *Install* to make the Operator available to the selected namespaces on this {product-title} cluster.
 
diff --git a/modules/olm-installing-global-namespaces.adoc b/modules/olm-installing-global-namespaces.adoc
index a370de9177b4..199be132bc94 100644
--- a/modules/olm-installing-global-namespaces.adoc
+++ b/modules/olm-installing-global-namespaces.adoc
@@ -2,16 +2,33 @@
 //
 // * operators/admin/olm-adding-operators-to-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-global-namespaces_{context}"]
 = Installing global Operators in custom namespaces
 
 When installing Operators with the {product-title} web console, the default behavior installs Operators that support the *All namespaces* install mode into the default `openshift-operators` global namespace. This can cause issues related to shared install plans and update policies between all Operators in the namespace. For more details on these limitations, see "Multitenancy and Operator colocation".
 
-As a cluster administrator, you can bypass this default behavior manually by creating a custom global namespace and using that namespace to install your individual or scoped set of Operators and their dependencies.
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator,
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role,
+endif::[]
+you can bypass this default behavior manually by creating a custom global namespace and using that namespace to install your individual or scoped set of Operators and their dependencies.
+
+.Prerequisites
+
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
+// In OSD/ROSA, dedicated-admins can't create namespaces directly but can create projects.
+ifndef::openshift-dedicated,openshift-rosa[]
 . Before installing the Operator, create a namespace for the installation of your desired Operator. This installation namespace will become the custom global namespace:
 
 .. Define a `Namespace` resource and save the YAML file, for example, `global-operators.yaml`:
@@ -30,6 +47,16 @@ metadata:
 ----
 $ oc create -f global-operators.yaml
 ----
+endif::openshift-dedicated,openshift-rosa[]
+// Slightly different step for OSD/ROSA since dedicated-admins can't create namespaces directly.
+ifdef::openshift-dedicated,openshift-rosa[]
+. Before installing the Operator, create a namespace for the installation of your desired Operator. You can do this by creating a project. The namespace for this project will become the custom global namespace:
++
+[source,terminal]
+----
+$ oc new-project global-operators
+----
+endif::openshift-dedicated,openshift-rosa[]
 
 . Create a custom _global Operator group_, which is an Operator group that watches all namespaces:
 
diff --git a/modules/olm-installing-operators-from-operatorhub-configure.adoc b/modules/olm-installing-operators-from-operatorhub-configure.adoc
index eaf12eadf0f8..b2e4d554a71c 100644
--- a/modules/olm-installing-operators-from-operatorhub-configure.adoc
+++ b/modules/olm-installing-operators-from-operatorhub-configure.adoc
@@ -8,7 +8,7 @@
 // https://projects.engineering.redhat.com/projects/RHEC/summary
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-operators-from-operatorhub-configure_{context}"]
 = Configuring {product-title} to use Red Hat Operators
 
diff --git a/modules/olm-installing-operators-from-operatorhub.adoc b/modules/olm-installing-operators-from-operatorhub.adoc
index 2bd33001d6bc..d881ec43bf02 100644
--- a/modules/olm-installing-operators-from-operatorhub.adoc
+++ b/modules/olm-installing-operators-from-operatorhub.adoc
@@ -11,19 +11,23 @@ ifeval::["{context}" == "olm-installing-operators-in-namespace"]
 :olm-user:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-installing-operators-from-operatorhub_{context}"]
 = About Operator installation with OperatorHub
 
 OperatorHub is a user interface for discovering Operators; it works in conjunction with Operator Lifecycle Manager (OLM), which installs and manages Operators on a cluster.
 
-ifndef::olm-user[]
+ifndef::olm-user,openshift-dedicated,openshift-rosa[]
 As a cluster administrator, you can install an Operator from OperatorHub by using the {product-title}
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 web console or CLI. Subscribing an Operator to one or more namespaces makes the Operator available to developers on your cluster.
 endif::[]
 endif::[]
 
+ifdef::openshift-dedicated,openshift-rosa[]
+As a `dedicated-admin`, you can install an Operator from OperatorHub by using the {product-title} web console or CLI. Subscribing an Operator to one or more namespaces makes the Operator available to developers on your cluster.
+endif::openshift-dedicated,openshift-rosa[]
+
 ifdef::olm-user[]
 As a user with the proper permissions, you can install an Operator from OperatorHub by using the {product-title} web console or CLI.
 endif::[]
@@ -31,7 +35,7 @@ endif::[]
 During installation, you must determine the following initial settings for the Operator:
 
 ifndef::olm-user[]
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-rosa,openshift-dedicated[]
 Installation Mode:: Choose *All namespaces on the cluster (default)* to have the Operator installed on all namespaces or choose individual namespaces, if available, to only install the Operator on selected namespaces. This example chooses *All namespaces...* to make the Operator available to all users and projects.
 endif::[]
 endif::[]
@@ -46,4 +50,11 @@ Approval Strategy:: You can choose automatic or manual updates.
 +
 If you choose automatic updates for an installed Operator, when a new version of that Operator is available in the selected channel, Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without human intervention.
 +
-If you select manual updates, when a newer version of an Operator is available, OLM creates an update request. As a cluster administrator, you must then manually approve that update request to have the Operator updated to the new version.
+If you select manual updates, when a newer version of an Operator is available, OLM creates an update request. As a
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrator,
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin`,
+endif::openshift-dedicated,openshift-rosa[]
+you must then manually approve that update request to have the Operator updated to the new version.
diff --git a/modules/olm-installing-opm.adoc b/modules/olm-installing-opm.adoc
index 8d5f558b0ff6..9f516f6e1b6c 100644
--- a/modules/olm-installing-opm.adoc
+++ b/modules/olm-installing-opm.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/opm/cli-opm-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-opm_{context}"]
 = Installing the opm CLI
 
@@ -16,7 +16,13 @@ You can install the `opm` CLI tool on your Linux, macOS, or Windows workstation.
 
 .Procedure
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Navigate to the link:https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-{product-version}/[OpenShift mirror site] and download the latest version of the tarball that matches your operating system.
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+. Navigate to the link:https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/[OpenShift mirror site] and download the latest version of the tarball that matches your operating system.
+endif::openshift-rosa,openshift-dedicated[]
 
 . Unpack the archive.
 
diff --git a/modules/olm-installing-po-after.adoc b/modules/olm-installing-po-after.adoc
index c96cdd5c7174..18637156c917 100644
--- a/modules/olm-installing-po-after.adoc
+++ b/modules/olm-installing-po-after.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-po.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-po-after_{context}"]
 = Installing platform Operators after cluster creation
 
@@ -12,25 +12,25 @@ As a cluster administrator, you can install platform Operators after cluster cre
 
 . Choose a platform Operator from the supported set of OLM-based Operators. For the list of this set and details on current limitations, see "Technology Preview restrictions for platform Operators".
 
-. Create a `PlatformOperator` object YAML file for your chosen platform Operator, for example a `cert-manager.yaml` file for the {cert-manager-operator}:
+. Create a `PlatformOperator` object YAML file for your chosen platform Operator, for example a `service-mesh-po.yaml` file for the {SMProductName} Operator:
 +
-.Example `cert-manager.yaml` file
+.Example `sevice-mesh-po.yaml` file
 [source,yaml]
 ----
 apiVersion: platform.openshift.io/v1alpha1
 kind: PlatformOperator
 metadata:
-  name: cert-manager
+  name: service-mesh-po
 spec:
   package:
-    name: openshift-cert-manager-operator
+    name: servicemeshoperator
 ----
 
 . Create the `PlatformOperator` object by running the following command:
 +
 [source,terminal]
 ----
-$ oc apply -f cert-manager.yaml
+$ oc apply -f service-mesh-po.yaml
 ----
 +
 [NOTE]
@@ -39,18 +39,18 @@ If your cluster does not have the `TechPreviewNoUpgrades` feature set enabled, t
 
 [source,terminal]
 ----
-error: resource mapping not found for name: "cert-manager" namespace: "" from "cert-manager.yaml": no matches for kind "PlatformOperator" in version "platform.openshift.io/v1alpha1"
+error: resource mapping not found for name: "service-mesh-po" namespace: "" from "service-mesh-po.yaml": no matches for kind "PlatformOperator" in version "platform.openshift.io/v1alpha1"
 ensure CRDs are installed first
 ----
 ====
 
 .Verification
 
-. Check the status of the `cert-manager` platform Operator by running the following command:
+. Check the status of the `service-mesh-po` platform Operator by running the following command:
 +
 [source,terminal]
 ----
-$ oc get platformoperator cert-manager -o yaml
+$ oc get platformoperator service-mesh-po -o yaml
 ----
 +
 .Example output
@@ -59,10 +59,10 @@ $ oc get platformoperator cert-manager -o yaml
 ...
 status:
   activeBundleDeployment:
-    name: cert-manager
+    name: service-mesh-po
   conditions:
   - lastTransitionTime: "2022-10-24T17:24:40Z"
-    message: Successfully applied the cert-manager BundleDeployment resource
+    message: Successfully applied the service-mesh-po BundleDeployment resource
     reason: InstallSuccessful
     status: "True" <1>
     type: Installed
@@ -95,4 +95,4 @@ status:
     reason: AsExpected
     status: "True"
     type: Available
-----
\ No newline at end of file
+----
diff --git a/modules/olm-installing-po-during.adoc b/modules/olm-installing-po-during.adoc
index e4d5d93e08a9..a79f85651422 100644
--- a/modules/olm-installing-po-during.adoc
+++ b/modules/olm-installing-po-during.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-po.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-po-during_{context}"]
 = Installing platform Operators during cluster creation
 
@@ -40,18 +40,18 @@ spec:
 ----
 <1> Enable the `TechPreviewNoUpgrade` feature set.
 
-. Create a `PlatformOperator` object YAML file for your chosen platform Operator in the `<installation_directory>/manifests/` directory, for example a `cert-manager.yaml` file for the {cert-manager-operator}:
+. Create a `PlatformOperator` object YAML file for your chosen platform Operator in the `<installation_directory>/manifests/` directory, for example a `service-mesh-po.yaml` file for the {SMProductName} Operator:
 +
-.Example `cert-manager.yaml` file
+.Example `service-mesh-po.yaml` file
 [source,yaml]
 ----
 apiVersion: platform.openshift.io/v1alpha1
 kind: PlatformOperator
 metadata:
-  name: cert-manager
+  name: service-mesh-po
 spec:
   package:
-    name: openshift-cert-manager-operator
+    name: servicemeshoperator
 ----
 
 . When you are ready to complete the cluster install, refer to your chosen installation method and continue through running the `openshift-install create cluster` command.
@@ -65,11 +65,11 @@ Failure of the platform Operator to successfully install will block the cluster
 
 .Verification
 
-. Check the status of the `cert-manager` platform Operator by running the following command:
+. Check the status of the `service-mesh-po` platform Operator by running the following command:
 +
 [source,terminal]
 ----
-$ oc get platformoperator cert-manager -o yaml
+$ oc get platformoperator service-mesh-po -o yaml
 ----
 +
 .Example output
@@ -78,10 +78,10 @@ $ oc get platformoperator cert-manager -o yaml
 ...
 status:
   activeBundleDeployment:
-    name: cert-manager
+    name: service-mesh-po
   conditions:
   - lastTransitionTime: "2022-10-24T17:24:40Z"
-    message: Successfully applied the cert-manager BundleDeployment resource
+    message: Successfully applied the service-mesh-po BundleDeployment resource
     reason: InstallSuccessful
     status: "True" <1>
     type: Installed
@@ -114,4 +114,4 @@ status:
     reason: AsExpected
     status: "True"
     type: Available
-----
\ No newline at end of file
+----
diff --git a/modules/olm-installing-specific-version-cli.adoc b/modules/olm-installing-specific-version-cli.adoc
index ec51286a60a0..50c0f5abc5c6 100644
--- a/modules/olm-installing-specific-version-cli.adoc
+++ b/modules/olm-installing-specific-version-cli.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "olm-installing-operators-in-namespace"]
 :olm-user:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-installing-specific-version-cli_{context}"]
 = Installing a specific version of an Operator
 
@@ -20,13 +20,16 @@ ifndef::olm-user[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions
 endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+the `dedicated-admin` role.
+endif::[]
 endif::[]
 
 ifdef::olm-user[]
-- Access to an {product-title} cluster using an account with Operator installation permissions
+- Access to an {product-title} cluster using an account with Operator installation permissions.
 endif::[]
 
-- OpenShift CLI (`oc`) installed
+- You have installed the OpenShift CLI (`oc`).
 
 .Procedure
 
diff --git a/modules/olm-installing-specific-version-web-console.adoc b/modules/olm-installing-specific-version-web-console.adoc
new file mode 100644
index 000000000000..f446c068d1cd
--- /dev/null
+++ b/modules/olm-installing-specific-version-web-console.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * operators/admin/olm-adding-operators-to-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="olm-installing-specific-version-web-console_{context}"]
+= Installing a specific version of an Operator in the web console
+
+You can install a specific version of an Operator by using the OperatorHub in the web console. You are able to browse the various versions of an operator across any channels it might have, view the metadata for that channel and version, and select the exact version you want to install.
+
+.Prerequisites
+
+* You must have administrator privileges.
+
+.Procedure
+
+. From the web console, click *Operators* → *OperatorHub*.
+
+. Select an Operator you want to install.
+
+. From the selected Operator, you can select a *Channel* and *Version* from the lists.
++
+[NOTE]
+====
+The version selection defaults to the latest version for the channel selected. If the latest version for the channel is selected, the Automatic approval strategy is enabled by default. Otherwise Manual approval is required when not installing the latest version for the selected channel.
+
+Manual approval applies to all operators installed in a namespace.
+
+Installing an Operator with manual approval causes all Operators installed within the namespace to function with the Manual approval strategy and all Operators are updated together. Install Operators into separate namespaces for updating independently.
+====
+
+. Click *Install*
+
+.Verification
+
+* When the operator is installed, the metadata indicates which channel and version are installed.
++
+[NOTE]
+====
+The channel and version dropdown menus are still available for viewing other version metadata in this catalog context.
+====
\ No newline at end of file
diff --git a/modules/olm-migrating-sqlite-catalog-to-fbc.adoc b/modules/olm-migrating-sqlite-catalog-to-fbc.adoc
index 0ccb6731b186..ed1317e58e2d 100644
--- a/modules/olm-migrating-sqlite-catalog-to-fbc.adoc
+++ b/modules/olm-migrating-sqlite-catalog-to-fbc.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-custom-catalogs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-migrating-sqlite-catalog-to-fbc_{context}"]
 = Migrating SQLite database catalogs to the file-based catalog format
 
@@ -10,9 +10,14 @@ You can update your deprecated SQLite database format catalogs to the file-based
 
 .Prerequisites
 
-* SQLite database catalog source
-* Cluster administrator permissions
-* Latest version of the `opm` CLI tool released with {product-title} {product-version} on workstation
+* You have a SQLite database catalog source.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* You have the latest version of the `opm` CLI tool released with {product-title} {product-version} on your workstation.
 
 .Procedure
 
diff --git a/modules/olm-mirroring-catalog-airgapped.adoc b/modules/olm-mirroring-catalog-airgapped.adoc
index 7202ae8e37d3..db904312f9e8 100644
--- a/modules/olm-mirroring-catalog-airgapped.adoc
+++ b/modules/olm-mirroring-catalog-airgapped.adoc
@@ -9,7 +9,7 @@ ifndef::openshift-origin[]
 :index-image-pullspec: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-mirror-catalog-airgapped_{context}"]
 = Mirroring catalog contents to airgapped registries
 
diff --git a/modules/olm-mirroring-catalog-colocated.adoc b/modules/olm-mirroring-catalog-colocated.adoc
index 687395570f59..1c35098c4f47 100644
--- a/modules/olm-mirroring-catalog-colocated.adoc
+++ b/modules/olm-mirroring-catalog-colocated.adoc
@@ -11,7 +11,7 @@ ifndef::openshift-origin[]
 :index-image: redhat-operator-index
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-mirror-catalog-colocated_{context}"]
 = Mirroring catalog contents to registries on the same network
 
diff --git a/modules/olm-mirroring-catalog-icsp.adoc b/modules/olm-mirroring-catalog-icsp.adoc
index 16c856ef16df..ff149dc7425e 100644
--- a/modules/olm-mirroring-catalog-icsp.adoc
+++ b/modules/olm-mirroring-catalog-icsp.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-mirror-catalog-icsp_{context}"]
 = Creating the ImageContentSourcePolicy object
 
diff --git a/modules/olm-mirroring-catalog-post.adoc b/modules/olm-mirroring-catalog-post.adoc
index a1952da8adb2..01c6d659a681 100644
--- a/modules/olm-mirroring-catalog-post.adoc
+++ b/modules/olm-mirroring-catalog-post.adoc
@@ -3,6 +3,6 @@
 // * installing/disconnected_install/installing-mirroring-installation-images.adoc
 
 [id="olm-mirror-catalog-post_{context}"]
-= Post-installation requirements
+= Postinstallation requirements
 
 After you mirror the catalog, you can continue with the remainder of your cluster installation. After your cluster installation has finished successfully, you must specify the manifests directory from this procedure to create the `ImageContentSourcePolicy` and `CatalogSource` objects. These objects are required to populate and enable installation of Operators from OperatorHub.
diff --git a/modules/olm-mirroring-catalog.adoc b/modules/olm-mirroring-catalog.adoc
index 0fac085cda4c..7edf91a7d3f4 100644
--- a/modules/olm-mirroring-catalog.adoc
+++ b/modules/olm-mirroring-catalog.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/disconnected_install/installing-mirroring-installation-images.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-mirror-catalog_{context}"]
 = Mirroring Operator catalogs for use with disconnected clusters
 
diff --git a/modules/olm-multitenancy-solution.adoc b/modules/olm-multitenancy-solution.adoc
index 623a490d0aac..4e6638d8b9ca 100644
--- a/modules/olm-multitenancy-solution.adoc
+++ b/modules/olm-multitenancy-solution.adoc
@@ -2,13 +2,20 @@
 //
 // * operators/understanding/olm-multitenancy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-multitenancy-solution_{context}"]
 = Recommended solution for multitenant clusters
 
 While a *Multinamespace* install mode does exist, it is supported by very few Operators. As a middle ground solution between the standard *All namespaces* and *Single namespace* install modes, you can install multiple instances of the same Operator, one for each tenant, by using the following workflow:
 
+// In OSD/ROSA, dedicated-admins can create projects, but not namespaces.
+ifndef::openshift-dedicated,openshift-rosa[]
 . Create a namespace for the tenant Operator that is separate from the tenant's namespace.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+. Create a namespace for the tenant Operator that is separate from the tenant's namespace. You can do this by creating a project.
+endif::openshift-dedicated,openshift-rosa[]
+
 . Create an Operator group for the tenant Operator scoped only to the tenant's namespace.
 . Install the Operator in the tenant Operator namespace.
 
@@ -32,7 +39,10 @@ You cannot use different versions of the same Operator on the same cluster. Even
 * The instance ships an older revision of the CRDs that lack information or versions that newer revisions have that are already in use on the cluster.
 ====
 
+// In OSD/ROSA, tenants shouldn't be able to install Operators. Dedicated-admins can, but they can't grant non-admin users the ability to install their own Operators.
+ifndef::openshift-dedicated,openshift-rosa[]
 [WARNING]
 ====
-As an administrator, use caution when allowing non-cluster admintrators to install Operators self-sufficiently, as explained in "Allowing non-cluster administrators to install Operators". These tenants should only have access to a curated catalog of Operators that are known to not have dependencies. These tenants must also be forced to use the same version line of an Operator, to ensure the CRDs do not change. This requires the use of namespace-scoped catalogs and likely disabling the global default catalogs.
-====
\ No newline at end of file
+As an administrator, use caution when allowing non-cluster administrators to install Operators self-sufficiently, as explained in "Allowing non-cluster administrators to install Operators". These tenants should only have access to a curated catalog of Operators that are known to not have dependencies. These tenants must also be forced to use the same version line of an Operator, to ensure the CRDs do not change. This requires the use of namespace-scoped catalogs and likely disabling the global default catalogs.
+====
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/olm-node-selector.adoc b/modules/olm-node-selector.adoc
index eb33de1a0f8d..639ea1d3d97b 100644
--- a/modules/olm-node-selector.adoc
+++ b/modules/olm-node-selector.adoc
@@ -2,13 +2,16 @@
 //
 // * operators/admin/olm-cs-podsched.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-node-selector_{context}"]
 = Overriding the node selector for catalog source pods
 
-.Prequisites
+.Prerequisites
 
-* `CatalogSource` object of source type `grpc` with `spec.image` defined
+* A `CatalogSource` object of source type `grpc` with `spec.image` is defined.
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/olm-operator-framework.adoc b/modules/olm-operator-framework.adoc
index fcea8ad62180..e0680616c1a9 100644
--- a/modules/olm-operator-framework.adoc
+++ b/modules/olm-operator-framework.adoc
@@ -11,7 +11,7 @@ Operator SDK::
 The Operator SDK assists Operator authors in bootstrapping, building, testing, and packaging their own Operator based on their expertise without requiring knowledge of Kubernetes API complexities.
 
 Operator Lifecycle Manager::
-Operator Lifecycle Manager (OLM) controls the installation, upgrade, and role-based access control (RBAC) of Operators in a cluster. Deployed by default in {product-title} {product-version}.
+Operator Lifecycle Manager (OLM) controls the installation, upgrade, and role-based access control (RBAC) of Operators in a cluster. It is deployed by default in {product-title} {product-version}.
 
 Operator Registry::
 The Operator Registry stores cluster service versions (CSVs) and custom resource definitions (CRDs) for creation in a cluster and stores Operator metadata about packages and channels. It runs in a Kubernetes or OpenShift cluster to provide this Operator catalog data to OLM.
diff --git a/modules/olm-operator-maturity-model.adoc b/modules/olm-operator-maturity-model.adoc
index 8309c4fbc0bb..7bc8121bd6a5 100644
--- a/modules/olm-operator-maturity-model.adoc
+++ b/modules/olm-operator-maturity-model.adoc
@@ -7,7 +7,7 @@
 
 The level of sophistication of the management logic encapsulated within an Operator can vary. This logic is also in general highly dependent on the type of the service represented by the Operator.
 
-One can however generalize the scale of the maturity of the encapsulated operations of an Operator for certain set of capabilities that most Operators can include. To this end, the following Operator maturity model defines five phases of maturity for generic day two operations of an Operator:
+One can however generalize the scale of the maturity of the encapsulated operations of an Operator for certain set of capabilities that most Operators can include. To this end, the following Operator maturity model defines five phases of maturity for generic Day 2 operations of an Operator:
 
 .Operator maturity model
 image::operator-maturity-model.png[]
diff --git a/modules/olm-operatorconditions-about.adoc b/modules/olm-operatorconditions-about.adoc
index e8b549d36880..be832bc5d733 100644
--- a/modules/olm-operatorconditions-about.adoc
+++ b/modules/olm-operatorconditions-about.adoc
@@ -3,7 +3,7 @@
 // * operators/understanding/olm/olm-understanding-olm.adoc
 // * operators/understanding/olm/olm-operatorconditions.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-about-operatorconditions_{context}"]
 ifeval::["{context}" == "olm-understanding-olm"]
 = Operator conditions
diff --git a/modules/olm-operatorgroups-about.adoc b/modules/olm-operatorgroups-about.adoc
index 011552543e7d..6d88f8e82534 100644
--- a/modules/olm-operatorgroups-about.adoc
+++ b/modules/olm-operatorgroups-about.adoc
@@ -3,7 +3,7 @@
 // * operators/understanding/olm/olm-understanding-olm.adoc
 // * operators/understanding/olm/olm-understanding-operatorgroups.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-operatorgroups-about_{context}"]
 ifeval::["{context}" == "olm-understanding-olm"]
 = Operator groups
diff --git a/modules/olm-operatorgroups-limitations.adoc b/modules/olm-operatorgroups-limitations.adoc
index b576bda73d01..c27ccfbdc66d 100644
--- a/modules/olm-operatorgroups-limitations.adoc
+++ b/modules/olm-operatorgroups-limitations.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm/olm-understanding-operatorgroups.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-operatorgroups-limitations"]
 = Limitations for multitenant Operator management
 
diff --git a/modules/olm-operatorhub-architecture.adoc b/modules/olm-operatorhub-architecture.adoc
index bdd718001359..18bf2df49aef 100644
--- a/modules/olm-operatorhub-architecture.adoc
+++ b/modules/olm-operatorhub-architecture.adoc
@@ -10,7 +10,9 @@ The OperatorHub UI component is driven by the Marketplace Operator by default on
 [id="olm-operatorhub-arch-operatorhub_crd_{context}"]
 == OperatorHub custom resource
 
-The Marketplace Operator manages an `OperatorHub` custom resource (CR) named `cluster` that manages the default `CatalogSource` objects provided with OperatorHub. You can modify this resource to enable or disable the default catalogs, which is useful when configuring {product-title} in restricted network environments.
+The Marketplace Operator manages an `OperatorHub` custom resource (CR) named `cluster` that manages the default `CatalogSource` objects provided with OperatorHub.
+ifndef::openshift-dedicated,openshift-rosa[]
+You can modify this resource to enable or disable the default catalogs, which is useful when configuring {product-title} in restricted network environments.
 
 .Example `OperatorHub` custom resource
 [source,yaml]
@@ -30,3 +32,4 @@ spec:
 ----
 <1> `disableAllDefaultSources` is an override that controls availability of all default catalogs that are configured by default during an {product-title} installation.
 <2> Disable default catalogs individually by changing the `disabled` parameter value per source.
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/olm-operatorhub-overview.adoc b/modules/olm-operatorhub-overview.adoc
index 05f912a106fc..8d09f3abc066 100644
--- a/modules/olm-operatorhub-overview.adoc
+++ b/modules/olm-operatorhub-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-understanding-operatorhub.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-operatorhub-overview_{context}"]
 = About OperatorHub
 
diff --git a/modules/olm-overriding-operator-pod-affinity.adoc b/modules/olm-overriding-operator-pod-affinity.adoc
index f3eddc002965..ba67099b379c 100644
--- a/modules/olm-overriding-operator-pod-affinity.adoc
+++ b/modules/olm-overriding-operator-pod-affinity.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "olm-adding-operators-to-a-cluster"]
 :olm:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-overriding-operator-pod-affinity_{context}"]
 
 ifdef::olm[]
@@ -33,8 +33,10 @@ By default, when you install an Operator, {product-title} installs the Operator
 
 The following examples describe situations where you might want to schedule an Operator pod to a specific node or set of nodes:
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * If an Operator requires a particular platform, such as `amd64` or `arm64`
 * If an Operator requires a particular operating system, such as Linux or Windows
+endif::openshift-dedicated,openshift-rosa[]
 * If you want Operators that work together scheduled on the same host or on hosts located on the same rack
 * If you want Operators dispersed throughout the infrastructure to avoid downtime due to network or hardware issues
 
@@ -59,7 +61,7 @@ endif::node[]
 
 ifndef::pod[]
 .Node affinity example that places the Operator pod on a specific node
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -80,12 +82,12 @@ spec:
               operator: In
               values:
               - ip-10-0-163-94.us-west-2.compute.internal
- ...
+#...
 ----
 <1> A node affinity that requires the Operator's pod to be scheduled on a node named `ip-10-0-163-94.us-west-2.compute.internal`.
 
 .Node affinity example that places the Operator pod on a node with a specific platform
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -110,6 +112,7 @@ spec:
               operator: In
               values:
               - linux
+#...
 ----
 <1> A node affinity that requires the Operator's pod to be scheduled on a node with the `kubernetes.io/arch=arm64` and `kubernetes.io/os=linux` labels.
 endif::pod[]
@@ -120,7 +123,7 @@ endif::pod[]
 
 ifndef::node[]
 .Pod affinity example that places the Operator pod on one or more specific nodes
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -142,11 +145,12 @@ spec:
               values:
               - test
           topologyKey: kubernetes.io/hostname
+#...
 ----
 <1> A pod affinity that places the Operator's pod on a node that has pods with the `app=test` label.
 
 .Pod anti-affinity example that prevents the Operator pod from one or more specific nodes
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -168,7 +172,7 @@ spec:
               values:
               - high
           topologyKey: kubernetes.io/hostname
- ...
+#...
 ----
 <1> A pod anti-affinity that prevents the Operator's pod from being scheduled on a node that has pods with the `cpu=high` label.
 endif::node[]
@@ -184,7 +188,7 @@ To control the placement of an Operator pod, complete the following steps:
 . Edit the Operator `Subscription` object to add an affinity:
 +
 ifndef::pod[]
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -205,7 +209,7 @@ spec:
               operator: In
               values:
               - ip-10-0-185-229.ec2.internal
- ...
+#...
 ----
 ifdef::olm[]
 <1> Add a `nodeAffinity`, `podAffinity`, or `podAntiAffinity`. See the Additional resources section that follows for information about creating the affinity.
@@ -215,7 +219,7 @@ ifdef::node[]
 endif::[]
 endif::pod[]
 ifdef::pod[]
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -238,7 +242,7 @@ spec:
                 values:
                 - ip-10-0-185-229.ec2.internal
             topologyKey: topology.kubernetes.io/zone
- ...
+#...
 ----
 <1> Add a `podAffinity` or `podAntiAffinity`.
 endif::pod[]
@@ -247,13 +251,14 @@ endif::pod[]
 
 * To ensure that the pod is deployed on the specific node, run the following command:
 +
-[source,terminal]
+[source,yaml]
 ----
 $ oc get pods -o wide
 ----
 +
 .Example output
 +
+[source,terminal]
 ----
 NAME                                                  READY   STATUS    RESTARTS   AGE   IP            NODE                           NOMINATED NODE   READINESS GATES
 custom-metrics-autoscaler-operator-5dcc45d656-bhshg   1/1     Running   0          50s   10.131.0.20   ip-10-0-185-229.ec2.internal   <none>           <none>
diff --git a/modules/olm-overriding-operatorconditions.adoc b/modules/olm-overriding-operatorconditions.adoc
index 2eadd452f773..9b5cea8e334f 100644
--- a/modules/olm-overriding-operatorconditions.adoc
+++ b/modules/olm-overriding-operatorconditions.adoc
@@ -2,21 +2,47 @@
 //
 // * operators/admin/olm-managing-operatorconditions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-supported-operatorconditions_{context}"]
 = Overriding Operator conditions
 
-As a cluster administrator, you might want to ignore a supported Operator condition reported by an Operator. When present, Operator conditions in the `Spec.Overrides` array override the conditions in the `Spec.Conditions` array, allowing cluster administrators to deal with situations where an Operator is incorrectly reporting a state to Operator Lifecycle Manager (OLM).
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator,
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role,
+endif::openshift-dedicated,openshift-rosa[]
+you might want to ignore a supported Operator condition reported by an Operator. When present, Operator conditions in the `Spec.Overrides` array override the conditions in the `Spec.Conditions` array, allowing
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin` administrators
+endif::openshift-dedicated,openshift-rosa[]
+to deal with situations where an Operator is incorrectly reporting a state to Operator Lifecycle Manager (OLM).
 
 [NOTE]
 ====
-By default, the `Spec.Overrides` array is not present in an `OperatorCondition` object until it is added by a cluster administrator. The `Spec.Conditions` array is also not present until it is either added by a user or as a result of custom Operator logic.
+By default, the `Spec.Overrides` array is not present in an `OperatorCondition` object until it is added by
+ifndef::openshift-dedicated,openshift-rosa[]
+a cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+an administrator with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+. The `Spec.Conditions` array is also not present until it is either added by a user or as a result of custom Operator logic.
 ====
 
 For example, consider a known version of an Operator that always communicates that it is not upgradeable. In this instance, you might want to upgrade the Operator despite the Operator communicating that it is not upgradeable. This could be accomplished by overriding the Operator condition by adding the condition `type` and `status` to the `Spec.Overrides` array in the `OperatorCondition` object.
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 * An Operator with an `OperatorCondition` object, installed using OLM.
 
 .Procedure
@@ -51,4 +77,9 @@ spec:
     message: "The operator is performing a migration."
     lastTransitionTime: "2020-08-24T23:15:55Z"
 ----
+ifndef::openshift-dedicated,openshift-rosa[]
 <1> Allows the cluster administrator to change the upgrade readiness to `True`.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+<1> Allows the `dedicated-admin` user to change the upgrade readiness to `True`.
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/olm-overriding-proxy-settings.adoc b/modules/olm-overriding-proxy-settings.adoc
index 9fd29882e22a..f4fe13a68847 100644
--- a/modules/olm-overriding-proxy-settings.adoc
+++ b/modules/olm-overriding-proxy-settings.adoc
@@ -2,11 +2,18 @@
 //
 // * operators/admin/olm-configuring-proxy-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-overriding-proxy-settings_{context}"]
 = Overriding proxy settings of an Operator
 
-If a cluster-wide egress proxy is configured, Operators running with Operator Lifecycle Manager (OLM) inherit the cluster-wide proxy settings on their deployments. Cluster administrators can also override these proxy settings by configuring the subscription of an Operator.
+If a cluster-wide egress proxy is configured, Operators running with Operator Lifecycle Manager (OLM) inherit the cluster-wide proxy settings on their deployments.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can also override these proxy settings by configuring the subscription of an Operator.
 
 [IMPORTANT]
 ====
@@ -15,10 +22,15 @@ Operators must handle setting environment variables for proxy settings in the po
 
 .Prerequisites
 
-- Access to an {product-title} cluster using an account with
+ifndef::openshift-dedicated,openshift-rosa[]
+* Access to an {product-title} cluster using an account with
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 `cluster-admin` permissions.
 endif::[]
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Access to a {product-title} cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
diff --git a/modules/olm-overview.adoc b/modules/olm-overview.adoc
index 753293e5503f..2958871e191f 100644
--- a/modules/olm-overview.adoc
+++ b/modules/olm-overview.adoc
@@ -16,6 +16,20 @@ _Operator Lifecycle Manager_ (OLM) helps users install, update, and manage the l
 .Operator Lifecycle Manager workflow
 image::olm-workflow.png[]
 
-OLM runs by default in {product-title} {product-version}, which aids cluster administrators in installing, upgrading, and granting access to Operators running on their cluster. The {product-title} web console provides management screens for cluster administrators to install Operators, as well as grant specific projects access to use the catalog of Operators available on the cluster.
+OLM runs by default in {product-title} {product-version}, which aids
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+in installing, upgrading, and granting access to Operators running on their cluster. The {product-title} web console provides management screens for 
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+`dedicated-admin` administrators
+endif::openshift-dedicated,openshift-rosa[]
+to install Operators, as well as grant specific projects access to use the catalog of Operators available on the cluster.
 
 For developers, a self-service experience allows provisioning and configuring instances of databases, monitoring, and big data services without having to be subject matter experts, because the Operator has that knowledge baked into it.
diff --git a/modules/olm-po-techpreview.adoc b/modules/olm-po-techpreview.adoc
index ad9ee11a27a7..f6f5accd1604 100644
--- a/modules/olm-po-techpreview.adoc
+++ b/modules/olm-po-techpreview.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-po.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-po-techpreview_{context}"]
 = Technology Preview restrictions for platform Operators
 
@@ -43,20 +43,20 @@ After considering these restrictions, the following Operators can be successfull
 |odf-csi-addons-operator
 |odr-hub-operator
 
-|openshift-cert-manager-operator
 |openshift-custom-metrics-autoscaler-operator
-
 |openshift-gitops-operator
-|openshift-pipelines-operator-rh
 
+|openshift-pipelines-operator-rh
 |quay-operator
-|red-hat-camel-k
 
+|red-hat-camel-k
 |rhpam-kogito-operator
-|service-registry-operator
 
+|service-registry-operator
 |servicemeshoperator
+
 |skupper-operator
+|
 |===
 
 [NOTE]
@@ -65,4 +65,4 @@ The following features are not available during this Technology Preview release:
 
 * Automatically upgrading platform Operator packages after cluster rollout
 * Extending the platform Operator mechanism to support any optional, CVO-based components
-====
\ No newline at end of file
+====
diff --git a/modules/olm-policy-catalog-access.adoc b/modules/olm-policy-catalog-access.adoc
index 8d1ff75b1782..ebcee13e3159 100644
--- a/modules/olm-policy-catalog-access.adoc
+++ b/modules/olm-policy-catalog-access.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-creating-policy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-policy-catalog-access_{context}"]
 = Operator catalog access control
 
@@ -11,4 +11,4 @@ When an Operator catalog is created in the global catalog namespace `openshift-m
 On clusters where non-cluster administrator users have been delegated Operator installation privileges, cluster administrators might want to further control or restrict the set of Operators those users are allowed to install. This can be achieved with the following actions:
 
 . Disable all of the default global catalogs.
-. Enable custom, curated catalogs in the same namespace where the relevant Operator groups have been pre-installed.
\ No newline at end of file
+. Enable custom, curated catalogs in the same namespace where the relevant Operator groups have been preinstalled.
diff --git a/modules/olm-policy-scoping-operator-install.adoc b/modules/olm-policy-scoping-operator-install.adoc
index 61b3ae8aa0f3..be169d53c1ea 100644
--- a/modules/olm-policy-scoping-operator-install.adoc
+++ b/modules/olm-policy-scoping-operator-install.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-creating-policy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-policy-scoping-operator-install_{context}"]
 = Scoping Operator installations
 
@@ -10,6 +10,11 @@ To provide scoping rules to Operator installations and upgrades on Operator Life
 
 Using this example, a cluster administrator can confine a set of Operators to a designated namespace.
 
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+* You have installed the OpenShift CLI (`oc`).
+
 .Procedure
 
 . Create a new namespace:
diff --git a/modules/olm-policy-troubleshooting.adoc b/modules/olm-policy-troubleshooting.adoc
index 05fe01859702..a9800864851d 100644
--- a/modules/olm-policy-troubleshooting.adoc
+++ b/modules/olm-policy-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-creating-policy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-policy-troubleshooting_{context}"]
 = Troubleshooting permission failures
 
diff --git a/modules/olm-policy-understanding.adoc b/modules/olm-policy-understanding.adoc
index a7701c234e5c..f94e8f698aab 100644
--- a/modules/olm-policy-understanding.adoc
+++ b/modules/olm-policy-understanding.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-creating-policy.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-policy-understanding_{context}"]
 = Understanding Operator installation policy
 
@@ -16,7 +16,7 @@ By employing Operator groups, users with enough privileges can install Operators
 
 [NOTE]
 ====
-Role-based access control (RBAC) for `Subscription` objects is automatically granted to every user with the `edit` or `admin` role in a namespace. However, RBAC does not exist on `OperatorGroup` objects; this absence is what prevents regular users from installing Operators. Pre-installing Operator groups is effectively what gives installation privileges.
+Role-based access control (RBAC) for `Subscription` objects is automatically granted to every user with the `edit` or `admin` role in a namespace. However, RBAC does not exist on `OperatorGroup` objects; this absence is what prevents regular users from installing Operators. Preinstalling Operator groups is effectively what gives installation privileges.
 ====
 
 Keep the following points in mind when associating an Operator group with a service account:
diff --git a/modules/olm-preparing-multitenant-operators.adoc b/modules/olm-preparing-multitenant-operators.adoc
index 4b6733bcd74b..a9d0fcae4abc 100644
--- a/modules/olm-preparing-multitenant-operators.adoc
+++ b/modules/olm-preparing-multitenant-operators.adoc
@@ -2,16 +2,25 @@
 //
 // * operators/admin/olm-adding-operators-to-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-preparing-operators-multitenant_{context}"]
 = Preparing for multiple instances of an Operator for multitenant clusters
 
-As a cluster administrator, you can add multiple instances of an Operator for use in multitenant clusters. This is an alternative solution to either using the standard *All namespaces* install mode, which can be considered to violate the principle of least privilege, or the *Multinamespace* mode, which is not widely adopted. For more information, see "Operators in multitenant clusters".
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator,
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role,
+endif::openshift-dedicated,openshift-rosa[]
+you can add multiple instances of an Operator for use in multitenant clusters. This is an alternative solution to either using the standard *All namespaces* install mode, which can be considered to violate the principle of least privilege, or the *Multinamespace* mode, which is not widely adopted. For more information, see "Operators in multitenant clusters".
 
 In the following procedure, the _tenant_ is a user or group of users that share common access and privileges for a set of deployed workloads. The _tenant Operator_ is the instance of an Operator that is intended for use by only that tenant.
 
 .Prerequisites
 
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 * All instances of the Operator you want to install must be the same version across a given cluster.
 +
 [IMPORTANT]
@@ -21,6 +30,8 @@ For more information on this and other limitations, see "Operators in multitenan
 
 .Procedure
 
+// In OSD/ROSA, dedicated-admins can't create namespaces directly but can create projects.
+ifndef::openshift-dedicated,openshift-rosa[]
 . Before installing the Operator, create a namespace for the tenant Operator that is separate from the tenant's namespace. For example, if the tenant's namespace is `team1`, you might create a `team1-operator` namespace:
 
 .. Define a `Namespace` resource and save the YAML file, for example, `team1-operator.yaml`:
@@ -39,6 +50,16 @@ metadata:
 ----
 $ oc create -f team1-operator.yaml
 ----
+endif::openshift-dedicated,openshift-rosa[]
+// Slightly different step for OSD/ROSA since dedicated-admins can't create namespaces directly.
+ifdef::openshift-dedicated,openshift-rosa[]
+. Before installing the Operator, create a namespace for the tenant Operator that is separate from the tenant's namespace. You can do this by creating a project. For example, if the tenant's namespace is `team1`, you might create a `team1-operator` project:
++
+[source,terminal]
+----
+$ oc new-project team1-operator
+----
+endif::openshift-dedicated,openshift-rosa[]
 
 . Create an Operator group for the tenant Operator scoped to the tenant's namespace, with only that one namespace entry in the `spec.targetNamespaces` list:
 
diff --git a/modules/olm-preparing-upgrade.adoc b/modules/olm-preparing-upgrade.adoc
index 6597f11f4754..17833aa61fdb 100644
--- a/modules/olm-preparing-upgrade.adoc
+++ b/modules/olm-preparing-upgrade.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-upgrading-operators.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-preparing-upgrade_{context}"]
 = Preparing for an Operator update
 
@@ -19,4 +19,4 @@ Red Hat Customer Portal Labs include the following application that helps admini
 
 * link:https://access.redhat.com/labs/ocpouic/[Red Hat OpenShift Container Platform Operator Update Information Checker]
 
-You can use the application to search for Operator Lifecycle Manager-based Operators and verify the available Operator version per update channel across different versions of {product-title}. Cluster Version Operator-based Operators are not included.
\ No newline at end of file
+You can use the application to search for Operator Lifecycle Manager-based Operators and verify the available Operator version per update channel across different versions of {product-title}. Cluster Version Operator-based Operators are not included.
diff --git a/modules/olm-priority-class-name.adoc b/modules/olm-priority-class-name.adoc
index d027f599ab34..5abadae039b1 100644
--- a/modules/olm-priority-class-name.adoc
+++ b/modules/olm-priority-class-name.adoc
@@ -9,13 +9,16 @@ ifndef::openshift-origin[]
 :global_ns: openshift-marketplace
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-priority-class-name_{context}"]
 = Overriding the priority class name for catalog source pods
 
-.Prequisites
+.Prerequisites
 
-* `CatalogSource` object of source type `grpc` with `spec.image` defined
+* A `CatalogSource` object of source type `grpc` with `spec.image` is defined.
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
@@ -45,10 +48,10 @@ apiVersion: operators.coreos.com/v1alpha1
 kind: CatalogSource
 metadata:
   name: example-catalog
-  namespace: namespace: {global_ns}
+  namespace: {global_ns}
   annotations:
     operatorframework.io/priorityclass: system-cluster-critical
 ----
 
 If a `CatalogSource` object defines both the annotation and `spec.grpcPodConfig.priorityClassName`, the annotation takes precedence over the configuration parameter.
-====
\ No newline at end of file
+====
diff --git a/modules/olm-properties.adoc b/modules/olm-properties.adoc
index 73ebb033ae6f..ab42c10795ab 100644
--- a/modules/olm-properties.adoc
+++ b/modules/olm-properties.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm/olm-understanding-dependency-resolution.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-properties_{context}"]
 ifeval::["{context}" == "olm-packaging-format"]
 = Properties
diff --git a/modules/olm-pruning-index-image.adoc b/modules/olm-pruning-index-image.adoc
index 67da3435f2a5..93701ebb5b34 100644
--- a/modules/olm-pruning-index-image.adoc
+++ b/modules/olm-pruning-index-image.adoc
@@ -22,7 +22,7 @@ ifndef::openshift-origin[]
 :package3: quay-operator
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-pruning-index-image_{context}"]
 = Filtering a SQLite-based index image
 
@@ -37,13 +37,13 @@ endif::[]
 .Prerequisites
 
 ifeval::["{context}" != "olm-managing-custom-catalogs"]
-* Workstation with unrestricted network access
+* A workstation with unrestricted network access.
 endif::[]
-* `podman` version 1.9.3+
-* link:https://github.com/fullstorydev/grpcurl[`grpcurl`] (third-party command-line tool)
-* `opm`
-* Access to a registry that supports
-link:https://docs.docker.com/registry/spec/manifest-v2-2/[Docker v2-2]
+* You have `podman` version 1.9.3+.
+* You have link:https://github.com/fullstorydev/grpcurl[`grpcurl`] (third-party command-line tool).
+* You have installed the `opm` CLI.
+* You have access to a registry that supports
+link:https://docs.docker.com/registry/spec/manifest-v2-2/[Docker v2-2].
 
 .Procedure
 
@@ -127,7 +127,7 @@ $ opm index prune \
 ----
 <1> Index to prune.
 <2> Comma-separated list of packages to keep.
-<3> Required only for {ibmpowerProductName} and {ibmzProductName} images: Operator Registry base image with the tag that matches the target {product-title} cluster major and minor version.
+<3> Required only for {ibm-power-name} and {ibm-z-name} images: Operator Registry base image with the tag that matches the target {product-title} cluster major and minor version.
 <4> Custom tag for new index image being built.
 
 . Run the following command to push the new index image to your target registry:
diff --git a/modules/olm-refresh-subs.adoc b/modules/olm-refresh-subs.adoc
index 7c9aaeda6d1d..f8a37f87860a 100644
--- a/modules/olm-refresh-subs.adoc
+++ b/modules/olm-refresh-subs.adoc
@@ -3,7 +3,7 @@
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 // * serverless/install/removing-openshift-serverless.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-refresh-subs_{context}"]
 = Refreshing failing subscriptions
 
diff --git a/modules/olm-reinstall.adoc b/modules/olm-reinstall.adoc
index 80f6b940c62d..914748dfb61f 100644
--- a/modules/olm-reinstall.adoc
+++ b/modules/olm-reinstall.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-reinstall_{context}"]
 = Reinstalling Operators after failed uninstallation
 
diff --git a/modules/olm-removing-catalogs.adoc b/modules/olm-removing-catalogs.adoc
index 1ccbb31fbc3b..ddb6ad8cb2a1 100644
--- a/modules/olm-removing-catalogs.adoc
+++ b/modules/olm-removing-catalogs.adoc
@@ -2,12 +2,17 @@
 //
 // * operators/admin/olm-managing-custom-catalogs.adoc
 
-:_content-type: PROCEDURE
+// The OSD/ROSA version of this procedure is sd-olm-removing-catalogs.adoc.
+
+:_mod-docs-content-type: PROCEDURE
 [id="olm-removing-catalogs_{context}"]
 = Removing custom catalogs
 
 As a cluster administrator, you can remove custom Operator catalogs that have been previously added to your cluster by deleting the related catalog source.
 
+.Prerequisites
+* You have access to the cluster as a user with the `cluster-admin` role.
+
 .Procedure
 
 . In the *Administrator* perspective of the web console, navigate to *Administration* -> *Cluster Settings*.
diff --git a/modules/olm-removing-crd-version.adoc b/modules/olm-removing-crd-version.adoc
index 773532f132fb..22f252054067 100644
--- a/modules/olm-removing-crd-version.adoc
+++ b/modules/olm-removing-crd-version.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-dependency-resolution-removing-crd-version_{context}"]
 = Deprecating or removing a CRD version
 
diff --git a/modules/olm-restricted-networks-configuring-operatorhub.adoc b/modules/olm-restricted-networks-configuring-operatorhub.adoc
index dd1750103403..b69d3ff4a0b9 100644
--- a/modules/olm-restricted-networks-configuring-operatorhub.adoc
+++ b/modules/olm-restricted-networks-configuring-operatorhub.adoc
@@ -5,13 +5,15 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
 // * installing/installing_gcp/installing-restricted-networks-gcp.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_rhv/installing-rhv-restricted-network.adoc
+// * installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
+// * installing/installing_vmc/installing-restricted-networks-vmc.adoc
 // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
 // * operators/admin/olm-restricted-networks.adoc
@@ -25,7 +27,7 @@ ifeval::["{context}" == "olm-managing-custom-catalogs"]
 :olm-managing-custom-catalogs:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-restricted-networks-operatorhub_{context}"]
 = Disabling the default OperatorHub catalog sources
 
diff --git a/modules/olm-rh-catalogs.adoc b/modules/olm-rh-catalogs.adoc
index 418e35a96da4..36f09ef9deee 100644
--- a/modules/olm-rh-catalogs.adoc
+++ b/modules/olm-rh-catalogs.adoc
@@ -10,7 +10,7 @@ ifndef::openshift-origin[]
 :global_ns: openshift-marketplace
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rh-catalogs_{context}"]
 = About Red Hat-provided Operator catalogs
 
diff --git a/modules/olm-rukpak-about.adoc b/modules/olm-rukpak-about.adoc
index 9107e298ea03..091b682f889f 100644
--- a/modules/olm-rukpak-about.adoc
+++ b/modules/olm-rukpak-about.adoc
@@ -1,9 +1,11 @@
 // Module included in the following assemblies:
 //
 // * operators/understanding/olm-packaging-format.adoc
+// * operators/olm_v1/olmv1_rukpak.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-about_{context}"]
+ifeval::["{context}" == "olm-packaging-format"]
 = RukPak (Technology Preview)
 
 :FeatureName: RukPak
@@ -11,8 +13,27 @@ include::snippets/technology-preview.adoc[]
 
 {product-title} 4.12 introduces the _platform Operator_ type as a Technology Preview feature. The platform Operator mechanism relies on the RukPak component, also introduced in {product-title} 4.12, and its resources to manage content.
 
-RukPak consists of a series of controllers, known as _provisioners_, that install and manage content on a Kubernetes cluster. RukPak also provides two primary APIs: `Bundle` and `BundleDeployment`. These components work together to bring content onto the cluster and install it, generating resources within the cluster.
+{product-title} 4.14 introduces {olmv1-first} as a Technology Preview feature, which also relies on the RukPak component.
+endif::[]
+ifeval::["{context}" == "olmv1-rukpak"]
+= About RukPak
+endif::[]
 
-A provisioner places a watch on both `Bundle` and `BundleDeployment` resources that refer to the provisioner explicitly. For a given bundle, the provisioner unpacks the contents of the `Bundle` resource onto the cluster. Then, given a `BundleDeployment` resource referring to that bundle, the provisioner installs the bundle contents and is responsible for managing the lifecycle of those resources.
+RukPak is a pluggable solution for packaging and distributing cloud-native content. It supports advanced strategies for installation, updates, and policy.
 
-Two provisioners are currently implemented and bundled with RukPak: the _plain provisioner_ that sources and unpacks `plain+v0` bundles, and the _registry provisioner_ that sources and unpacks Operator Lifecycle Manager (OLM) `registry+v1` bundles.
+RukPak provides a content ecosystem for installing a variety of artifacts on a Kubernetes cluster. Artifact examples include Git repositories, Helm charts, and OLM bundles. RukPak can then manage, scale, and upgrade these artifacts in a safe way to enable powerful cluster extensions.
+
+At its core, RukPak is a small set of APIs and controllers. The APIs are packaged as custom resource definitions (CRDs) that express what content to install on a cluster and how to create a running deployment of the content. The controllers watch for the APIs.
+
+.Common terminology
+
+Bundle::
+A collection of Kubernetes manifests that define content to be deployed to a cluster
+Bundle image::
+A container image that contains a bundle within its filesystem
+Bundle Git repository::
+A Git repository that contains a bundle within a directory
+Provisioner::
+Controllers that install and manage content on a Kubernetes cluster
+Bundle deployment::
+Generates deployed instances of a bundle
\ No newline at end of file
diff --git a/modules/olm-rukpak-bd.adoc b/modules/olm-rukpak-bd.adoc
index adabb9266a28..e145663da9e0 100644
--- a/modules/olm-rukpak-bd.adoc
+++ b/modules/olm-rukpak-bd.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-packaging-format.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-bd_{context}"]
 = BundleDeployment
 
diff --git a/modules/olm-rukpak-bundle-immutability.adoc b/modules/olm-rukpak-bundle-immutability.adoc
index 7b2e49861aad..58061e90eea5 100644
--- a/modules/olm-rukpak-bundle-immutability.adoc
+++ b/modules/olm-rukpak-bundle-immutability.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-packaging-format.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-bundle-immutability_{context}"]
 = Bundle immutability
 
diff --git a/modules/olm-rukpak-bundle.adoc b/modules/olm-rukpak-bundle.adoc
index 4ee6542443cb..794648b642b5 100644
--- a/modules/olm-rukpak-bundle.adoc
+++ b/modules/olm-rukpak-bundle.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-packaging-format.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-bundle_{context}"]
 = Bundle
 
diff --git a/modules/olm-rukpak-plain-bundle.adoc b/modules/olm-rukpak-plain-bundle.adoc
index 9d7fd7b6cad7..6b36cc4b31ab 100644
--- a/modules/olm-rukpak-plain-bundle.adoc
+++ b/modules/olm-rukpak-plain-bundle.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-packaging-format.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-plain-bundle_{context}"]
 = Plain bundle spec
 
@@ -20,13 +20,13 @@ For example, the following shows the file tree in a `plain+v0` bundle. It must h
 .Example `plain+v0` bundle file tree
 [source,terminal]
 ----
+$ tree manifests
+
 manifests
 ├── namespace.yaml
+├── service_account.yaml
 ├── cluster_role.yaml
-├── role.yaml
-├── serviceaccount.yaml
 ├── cluster_role_binding.yaml
-├── role_binding.yaml
 └── deployment.yaml
 ----
 
diff --git a/modules/olm-rukpak-provisioner.adoc b/modules/olm-rukpak-provisioner.adoc
index 46170cb60617..ac32f804c9e2 100644
--- a/modules/olm-rukpak-provisioner.adoc
+++ b/modules/olm-rukpak-provisioner.adoc
@@ -1,11 +1,16 @@
 // Module included in the following assemblies:
 //
 // * operators/understanding/olm-packaging-format.adoc
+// * operators/olm_v1/olmv1_rukpak.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-provisioner_{context}"]
-= Provisioner
+= About provisioners
 
-A RukPak provisioner is a controller that understands the `BundleDeployment` and `Bundle` APIs and can take action. Each provisioner is assigned a unique ID and is responsible for reconciling `Bundle` and `BundleDeployment` objects with a `spec.provisionerClassName` field that matches that particular ID.
+RukPak consists of a series of controllers, known as _provisioners_, that install and manage content on a Kubernetes cluster. RukPak also provides two primary APIs: `Bundle` and `BundleDeployment`. These components work together to bring content onto the cluster and install it, generating resources within the cluster.
 
-For example, the plain provisioner is able to unpack a given `plain+v0` bundle onto a cluster and then instantiate it, making the content of the bundle available in the cluster.
\ No newline at end of file
+Two provisioners are currently implemented and bundled with RukPak: the _plain provisioner_ that sources and unpacks `plain+v0` bundles, and the _registry provisioner_ that sources and unpacks Operator Lifecycle Manager (OLM) `registry+v1` bundles.
+
+Each provisioner is assigned a unique ID and is responsible for reconciling `Bundle` and `BundleDeployment` objects with a `spec.provisionerClassName` field that matches that particular ID. For example, the plain provisioner is able to unpack a given `plain+v0` bundle onto a cluster and then instantiate it, making the content of the bundle available in the cluster.
+
+A provisioner places a watch on both `Bundle` and `BundleDeployment` resources that refer to the provisioner explicitly. For a given bundle, the provisioner unpacks the contents of the `Bundle` resource onto the cluster. Then, given a `BundleDeployment` resource referring to that bundle, the provisioner installs the bundle contents and is responsible for managing the lifecycle of those resources.
\ No newline at end of file
diff --git a/modules/olm-rukpak-registry-bundle.adoc b/modules/olm-rukpak-registry-bundle.adoc
index 7c8ca6500014..679d85c3cbc2 100644
--- a/modules/olm-rukpak-registry-bundle.adoc
+++ b/modules/olm-rukpak-registry-bundle.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm-packaging-format.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-rukpak-registry-bundle_{context}"]
 = Registry bundle spec
 
diff --git a/modules/olm-sqlite-catalog-configuring-elevated-permissions.adoc b/modules/olm-sqlite-catalog-configuring-elevated-permissions.adoc
index b3b6d8005d93..887ed3c8e9e8 100644
--- a/modules/olm-sqlite-catalog-configuring-elevated-permissions.adoc
+++ b/modules/olm-sqlite-catalog-configuring-elevated-permissions.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-custom-catalogs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-sqlite-catalog-elevated-privileges_{context}"]
 = Configuring catalogs to run with elevated permissions
 
@@ -18,9 +18,14 @@ The SQLite database catalog format is deprecated, but still supported by Red Hat
 
 .Prerequisites
 
-* SQLite database catalog source
-* Cluster administrator permissions
-* Target namespace that supports running pods with the elevated pod security admission standard of `baseline` or `privileged`
+* You have a SQLite database catalog source.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* You have a target namespace that supports running pods with the elevated pod security admission standard of `baseline` or `privileged`.
 
 .Procedure
 
diff --git a/modules/olm-status-viewing-cli.adoc b/modules/olm-status-viewing-cli.adoc
index 16251d081ba2..dff8103a3c8f 100644
--- a/modules/olm-status-viewing-cli.adoc
+++ b/modules/olm-status-viewing-cli.adoc
@@ -3,7 +3,7 @@
 // * operators/admin/olm-status.adoc
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-status-viewing-cli_{context}"]
 = Viewing Operator subscription status by using the CLI
 
@@ -11,7 +11,12 @@ You can view Operator subscription status by using the CLI.
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -35,12 +40,20 @@ $ oc describe sub <subscription_name> -n <operator_namespace>
 .Example output
 [source,terminal]
 ----
+Name:         cluster-logging
+Namespace:    openshift-logging
+Labels:       operators.coreos.com/cluster-logging.openshift-logging=
+Annotations:  <none>
+API Version:  operators.coreos.com/v1alpha1
+Kind:         Subscription
+# ...
 Conditions:
    Last Transition Time:  2019-07-29T13:42:57Z
    Message:               all available catalogsources are healthy
    Reason:                AllCatalogSourcesHealthy
    Status:                False
    Type:                  CatalogSourcesUnhealthy
+# ...
 ----
 
 [NOTE]
diff --git a/modules/olm-supported-operatorconditions.adoc b/modules/olm-supported-operatorconditions.adoc
index 8f2703eb398d..a3809f9bede3 100644
--- a/modules/olm-supported-operatorconditions.adoc
+++ b/modules/olm-supported-operatorconditions.adoc
@@ -15,6 +15,11 @@ The `Upgradeable` Operator condition prevents an existing cluster service versio
 * An Operator is about to start a critical process and should not be upgraded until the process is completed.
 * An Operator is performing a migration of custom resources (CRs) that must be completed before the Operator is ready to be upgraded.
 
+[IMPORTANT]
+====
+Setting the `Upgradeable` Operator condition to the `False` value does not avoid pod disruption. If you must ensure your pods are not disrupted, see "Using pod disruption budgets to specify the number of pods that must be up" and "Graceful termination" in the "Additional resources" section.
+====
+
 .Example `Upgradeable` Operator condition
 [source,yaml]
 ----
@@ -32,4 +37,4 @@ spec:
     lastTransitionTime: "2020-08-24T23:15:55Z"
 ----
 <1> Name of the condition.
-<2> A `False` value indicates the Operator is not ready to be upgraded. OLM prevents a CSV that replaces the existing CSV of the Operator from leaving the `Pending` phase.
+<2> A `False` value indicates the Operator is not ready to be upgraded. OLM prevents a CSV that replaces the existing CSV of the Operator from leaving the `Pending` phase. A `False` value does not block cluster upgrades.
diff --git a/modules/olm-terms.adoc b/modules/olm-terms.adoc
index 50f98d0c55d3..0bb6c1a317f3 100644
--- a/modules/olm-terms.adoc
+++ b/modules/olm-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/understanding/olm/olm-common-terms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="olm-common-terms-glossary_{context}"]
 = Common Operator Framework terms
 
diff --git a/modules/olm-tolerations.adoc b/modules/olm-tolerations.adoc
index 9656d556f2a5..4697a2237c27 100644
--- a/modules/olm-tolerations.adoc
+++ b/modules/olm-tolerations.adoc
@@ -2,13 +2,16 @@
 //
 // * operators/admin/olm-cs-podsched.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-tolerations_{context}"]
 = Overriding tolerations for catalog source pods
 
-.Prequisites
+.Prerequisites
 
-* `CatalogSource` object of source type `grpc` with `spec.image` defined
+* A `CatalogSource` object of source type `grpc` with `spec.image` is defined.
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
@@ -22,4 +25,4 @@
         operator: "<operator_type>"
         value: "<value>"
         effect: "<effect>"
-----
\ No newline at end of file
+----
diff --git a/modules/olm-updating-index-image.adoc b/modules/olm-updating-index-image.adoc
index a2a7bb0cc286..45579541b4cc 100644
--- a/modules/olm-updating-index-image.adoc
+++ b/modules/olm-updating-index-image.adoc
@@ -9,20 +9,27 @@ ifndef::openshift-origin[]
 :index-image: redhat-operator-index
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-updating-index-image_{context}"]
 = Updating a SQLite-based index image
 
-After configuring OperatorHub to use a catalog source that references a custom index image, cluster administrators can keep the available Operators on their cluster up to date by adding bundle images to the index image.
+After configuring OperatorHub to use a catalog source that references a custom index image,
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can keep the available Operators on their cluster up-to-date by adding bundle images to the index image.
 
 You can update an existing index image using the `opm index add` command.
 
 .Prerequisites
 
-* `opm`
-* `podman` version 1.9.3+
-* An index image built and pushed to a registry.
-* An existing catalog source referencing the index image.
+* You have installed the `opm` CLI.
+* You have `podman` version 1.9.3+.
+* An index image is built and pushed to a registry.
+* You have an existing catalog source referencing the index image.
 
 .Procedure
 
diff --git a/modules/olm-updating-metallb-operatorgroup.adoc b/modules/olm-updating-metallb-operatorgroup.adoc
new file mode 100644
index 000000000000..9f9a85bb0d55
--- /dev/null
+++ b/modules/olm-updating-metallb-operatorgroup.adoc
@@ -0,0 +1,113 @@
+// Module included in the following assemblies:
+//
+// * operators/metallb/metallb-upgrading-operator.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="olm-updating-metallb-operatorgroup_{context}"]
+= Editing the MetalLB Operator Operator group
+
+When upgrading from any MetalLB Operator version up to and including 4.10 to 4.11 and later, remove `spec.targetNamespaces` from the Operator group custom resource (CR). You must remove the spec regardless of whether you used the web console or the CLI to delete the MetalLB Operator.
+[NOTE]
+====
+The MetalLB Operator version 4.11 or later only supports the `AllNamespaces` install mode, whereas 4.10 or earlier versions support `OwnNamespace` or `SingleNamespace` modes.
+====
+
+.Prerequisites
+
+- You have access to an {product-title} cluster with `cluster-admin` permissions.
+- You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. List the Operator groups in the `metallb-system` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get operatorgroup -n metallb-system
+----
++
+.Example output
+
+[source,terminal]
+----
+NAME                   AGE
+metallb-system-7jc66   85m
+----
+
+. Verify that the `spec.targetNamespaces` is present in the Operator group CR associated with the `metallb-system` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get operatorgroup metallb-system-7jc66 -n metallb-system -o yaml
+----
++
+.Example output
+[source,terminal]
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  annotations:
+    olm.providedAPIs: ""
+  creationTimestamp: "2023-10-25T09:42:49Z"
+  generateName: metallb-system-
+  generation: 1
+  name: metallb-system-7jc66
+  namespace: metallb-system
+  resourceVersion: "25027"
+  uid: f5f644a0-eef8-4e31-a306-e2bbcfaffab3
+spec:
+  targetNamespaces:
+  - metallb-system
+  upgradeStrategy: Default
+status:
+  lastUpdated: "2023-10-25T09:42:49Z"
+  namespaces:
+  - metallb-system
+----
+
+. Edit the Operator group and remove the `targetNamespaces` and `metallb-system` present under the `spec` section by running the following command:
++
+[source,terminal]
+----
+$ oc edit n metallb-system
+----
++
+.Example output
++
+[source,terminal]
+----
+operatorgroup.operators.coreos.com/metallb-system-7jc66 edited
+----
+
+. Verify the `spec.targetNamespaces` is removed from the Operator group custom resource associated with the `metallb-system` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get operatorgroup metallb-system-7jc66 -n metallb-system -o yaml
+----
++
+.Example output
+[source,terminal]
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  annotations:
+    olm.providedAPIs: ""
+  creationTimestamp: "2023-10-25T09:42:49Z"
+  generateName: metallb-system-
+  generation: 2
+  name: metallb-system-7jc66
+  namespace: metallb-system
+  resourceVersion: "61658"
+  uid: f5f644a0-eef8-4e31-a306-e2bbcfaffab3
+spec:
+  upgradeStrategy: Default
+status:
+  lastUpdated: "2023-10-25T14:31:30Z"
+  namespaces:
+  - ""
+----
+
+
diff --git a/modules/olm-updating-sqlite-catalog-to-a-new-opm-version.adoc b/modules/olm-updating-sqlite-catalog-to-a-new-opm-version.adoc
index eeed2faa0d56..405410fe3904 100644
--- a/modules/olm-updating-sqlite-catalog-to-a-new-opm-version.adoc
+++ b/modules/olm-updating-sqlite-catalog-to-a-new-opm-version.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/admin/olm-managing-custom-catalogs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="olm-updating-sqlite-catalog-to-a-new-opm-version_{context}"]
 = Rebuilding SQLite database catalog images
 
@@ -10,9 +10,14 @@ You can rebuild your SQLite database catalog image with the latest version of th
 
 .Prerequisites
 
-* SQLite database catalog source
-* Cluster administrator permissions
-* Latest version of the `opm` CLI tool released with {product-title} {product-version} on workstation
+* You have a SQLite database catalog source.
+ifndef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+* You have the latest version of the `opm` CLI tool released with {product-title} {product-version} on your workstation.
 
 .Procedure
 
diff --git a/modules/olmv1-about-catalogs.adoc b/modules/olmv1-about-catalogs.adoc
new file mode 100644
index 000000000000..328f9cb180ed
--- /dev/null
+++ b/modules/olmv1-about-catalogs.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+// * operators/olm_v1/arch/olmv1-catalogd.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="olmv1-about-catalogs_{context}"]
+= About catalogs in {olmv1}
+
+You can discover installable content by querying a catalog for Kubernetes extensions, such as Operators and controllers, by using the catalogd component. Catalogd is a Kubernetes extension that unpacks catalog content for on-cluster clients and is part of the {olmv1-first} suite of microservices. Currently, catalogd unpacks catalog content that is packaged and distributed as container images.
+
+include::snippets/olmv1-multi-catalog-admon.adoc[]
diff --git a/modules/olmv1-about-purpose.adoc b/modules/olmv1-about-purpose.adoc
new file mode 100644
index 000000000000..7bfa9954a19b
--- /dev/null
+++ b/modules/olmv1-about-purpose.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/index.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="olmv1-about-purpose_{context}"]
+= Purpose
+
+The mission of Operator Lifecycle Manager (OLM) has been to manage the lifecycle of cluster extensions centrally and declaratively on Kubernetes clusters. Its purpose has always been to make installing, running, and updating functional extensions to the cluster easy, safe, and reproducible for cluster and platform-as-a-service (PaaS) administrators throughout the lifecycle of the underlying cluster.
+
+The initial version of OLM, which launched with {product-title} 4 and is included by default, focused on providing unique support for these specific needs for a particular type of cluster extension, known as Operators. Operators are classified as one or more Kubernetes controllers, shipping with one or more API extensions, as `CustomResourceDefinition` (CRD) objects, to provide additional functionality to the cluster.
+
+After running in production clusters for many releases, the next-generation of OLM aims to encompass lifecycles for cluster extensions that are not just Operators.
\ No newline at end of file
diff --git a/modules/olmv1-about-target-versions.adoc b/modules/olmv1-about-target-versions.adoc
new file mode 100644
index 000000000000..5e2efa235190
--- /dev/null
+++ b/modules/olmv1-about-target-versions.adoc
@@ -0,0 +1,108 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+// * operators/olm_v1/arch/olmv1-operator-controller.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="olmv1-about-operator-updates_{context}"]
+= About target versions in {olmv1}
+
+In {olmv1-first}, cluster administrators set the target version of an Operator declaratively in the Operator's custom resource (CR).
+
+If you specify a channel in the Operator's CR, {olmv1} installs the latest release from the specified channel. When updates are published to the specified channel, {olmv1} automatically updates to the latest release from the channel.
+
+.Example CR with a specified channel
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  name: quay-example
+spec:
+  packageName: quay-operator
+  channel: stable-3.8 <1>
+----
+<1> Installs the latest release published to the specified channel. Updates to the channel are automatically installed.
+
+If you specify the Operator's target version in the CR, {olmv1} installs the specified version. When the target version is specified in the Operator's CR, {olmv1} does not change the target version when updates are published to the catalog.
+
+If you want to update the version of the Operator that is installed on the cluster, you must manually update the Operator's CR. Specifying a Operator's target version pins the Operator's version to the specified release.
+
+.Example CR with the target version specified
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  name: quay-example
+spec:
+  packageName: quay-operator
+  version: 3.8.12 <1>
+----
+<1> Specifies the target version. If you want to update the version of the Operator that is installed on the cluster, you must manually update this field the Operator's CR to the desired target version.
+
+If you want to change the installed version of an Operator, edit the Operator's CR to the desired target version.
+
+[WARNING]
+====
+In previous versions of OLM, Operator authors could define upgrade edges to prevent you from updating to unsupported versions. In its current state of development, {olmv1} does not enforce upgrade edge definitions. You can specify any version of an Operator, and {olmv1} attempts to apply the update.
+====
+
+You can inspect an Operator's catalog contents, including available versions and channels, by running the following command:
+
+.Command syntax
+[source,terminal]
+----
+$ oc get package <catalog_name>-<package_name> -o yaml
+----
+
+After you create or update a CR, create or configure the Operator by running the following command:
+
+.Command syntax
+[source,terminal]
+----
+$ oc apply -f <extension_name>.yaml
+----
+
+.Troubleshooting
+
+* If you specify a target version or channel that does not exist, you can run the following command to check the status of your Operator:
++
+[source,terminal]
+----
+$ oc get operator.operators.operatorframework.io <operator_name> -o yaml
+----
++
+.Example output
+[source,text]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"operators.operatorframework.io/v1alpha1","kind":"Operator","metadata":{"annotations":{},"name":"quay-example"},"spec":{"packageName":"quay-operator","version":"999.99.9"}}
+  creationTimestamp: "2023-10-19T18:39:37Z"
+  generation: 3
+  name: quay-example
+  resourceVersion: "51505"
+  uid: 2558623b-8689-421c-8ed5-7b14234af166
+spec:
+  packageName: quay-operator
+  version: 999.99.9
+status:
+  conditions:
+  - lastTransitionTime: "2023-10-19T18:50:34Z"
+    message: package 'quay-operator' at version '999.99.9' not found
+    observedGeneration: 3
+    reason: ResolutionFailed
+    status: "False"
+    type: Resolved
+  - lastTransitionTime: "2023-10-19T18:50:34Z"
+    message: installation has not been attempted as resolution failed
+    observedGeneration: 3
+    reason: InstallationStatusUnknown
+    status: Unknown
+    type: Installed
+----
diff --git a/modules/olmv1-adding-a-catalog.adoc b/modules/olmv1-adding-a-catalog.adoc
new file mode 100644
index 000000000000..76f89e09fc38
--- /dev/null
+++ b/modules/olmv1-adding-a-catalog.adoc
@@ -0,0 +1,123 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-adding-a-catalog-to-a-cluster_{context}"]
+= Adding a catalog to a cluster
+
+To add a catalog to a cluster, create a catalog custom resource (CR) and apply it to the cluster.
+
+.Prerequisites
+
+// https://docs.asciidoctor.org/asciidoc/latest/directives/include-list-item-content/
+* {empty}
++
+--
+include::snippets/olmv1-secure-registry-pull-secret.adoc[]
+--
+
+.Procedure
+
+. Create a catalog custom resource (CR), similar to the following example:
++
+.Example `redhat-operators.yaml`
+[source,yaml,subs="attributes+"]
+----
+apiVersion: catalogd.operatorframework.io/v1alpha1
+kind: Catalog
+metadata:
+  name: redhat-operators
+spec:
+  source:
+    type: image
+    image:
+      ref: registry.redhat.io/redhat/redhat-operator-index:v{product-version} <1>
+      pullSecret: <pull_secret_name> <2>
+----
+<1> Specify the catalog's image in the `spec.source.image` field.
+<2> If your catalog is hosted on a secure registry, such as `registry.redhat.io`, you must create a pull secret scoped to the `openshift-catalog` namespace.
+
+. Add the catalog to your cluster by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f redhat-operators.yaml
+----
++
+.Example output
+[source,text]
+----
+catalog.catalogd.operatorframework.io/redhat-operators created
+----
+
+.Verification
+
+* Run the following commands to verify the status of your catalog:
+
+.. Check if you catalog is available by running the following command:
++
+[source,terminal]
+----
+$ oc get catalog
+----
++
+.Example output
+[source,text]
+----
+NAME                  AGE
+redhat-operators      20s
+----
+
+.. Check the status of your catalog by running the following command:
++
+[source,terminal]
+----
+$ oc describe catalog
+----
++
+.Example output
+[source,text,subs="attributes+"]
+----
+Name:         redhat-operators
+Namespace:
+Labels:       <none>
+Annotations:  <none>
+API Version:  catalogd.operatorframework.io/v1alpha1
+Kind:         Catalog
+Metadata:
+  Creation Timestamp:  2024-01-10T16:18:38Z
+  Finalizers:
+    catalogd.operatorframework.io/delete-server-cache
+  Generation:        1
+  Resource Version:  57057
+  UID:               128db204-49b3-45ee-bfea-a2e6fc8e34ea
+Spec:
+  Source:
+    Image:
+      Pull Secret:  redhat-cred
+      Ref:          registry.redhat.io/redhat/redhat-operator-index:v4.15
+    Type:           image
+Status: <1>
+  Conditions:
+    Last Transition Time:  2024-01-10T16:18:55Z
+    Message:
+    Reason:                UnpackSuccessful <2>
+    Status:                True
+    Type:                  Unpacked
+  Content URL:             http://catalogd-catalogserver.openshift-catalogd.svc/catalogs/redhat-operators/all.json
+  Observed Generation:     1
+  Phase:                   Unpacked <3>
+  Resolved Source:
+    Image:
+      Last Poll Attempt:  2024-01-10T16:18:51Z
+      Ref:                registry.redhat.io/redhat/redhat-operator-index:v4.15
+      Resolved Ref:       registry.redhat.io/redhat/redhat-operator-index@sha256:7b536ae19b8e9f74bb521c4a61e5818e036ac1865a932f2157c6c9a766b2eea5 <4>
+    Type:                 image
+Events:                   <none>
+----
+<1> Describes the status of the catalog.
+<2> Displays the reason the catalog is in the current state.
+<3> Displays the phase of the installation process.
+<4> Displays the image reference of the catalog.
diff --git a/modules/olmv1-adding-plain-to-fbc.adoc b/modules/olmv1-adding-plain-to-fbc.adoc
new file mode 100644
index 000000000000..705aba85e451
--- /dev/null
+++ b/modules/olmv1-adding-plain-to-fbc.adoc
@@ -0,0 +1,121 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-plain-bundles.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-adding-plain-bundle-to-fbc_{context}"]
+= Adding a plain bundle to a file-based catalog
+
+The `opm render` command does not support adding plain bundles to catalogs. You must manually add plain bundles to your file-based catalog, as shown in the following procedure.
+
+.Procedure
+
+. Verify that the `index.json` or `index.yaml` file for your catalog is similar to the following example:
++
+.Example `<catalog_dir>/index.json` file
+[source,json]
+----
+{
+    {
+     "schema": "olm.package",
+     "name": "<extension_name>",
+     "defaultChannel": ""
+    }
+}
+----
+
+. To create an `olm.bundle` blob, edit your `index.json` or `index.yaml` file, similar to the following example:
++
+.Example `<catalog_dir>/index.json` file with `olm.bundle` blob
+[source,json]
+----
+{
+   "schema": "olm.bundle",
+    "name": "<extension_name>.v<version>",
+    "package": "<extension_name>",
+    "image": "quay.io/<organization_name>/<repository_name>:<image_tag>",
+    "properties": [
+        {
+            "type": "olm.package",
+            "value": {
+            "packageName": "<extension_name>",
+            "version": "<bundle_version>"
+            }
+        },
+        {
+            "type": "olm.bundle.mediatype",
+            "value": "plain+v0"
+        }
+  ]
+}
+----
+
+. To create an `olm.channel` blob, edit your `index.json` or `index.yaml` file, similar to the following example:
++
+.Example `<catalog_dir>/index.json` file with `olm.channel` blob
+[source,json]
+----
+{
+    "schema": "olm.channel",
+    "name": "<desired_channel_name>",
+    "package": "<extension_name>",
+    "entries": [
+        {
+            "name": "<extension_name>.v<version>"
+        }
+    ]
+}
+----
+
+// Please refer to [channel naming conventions](https://olm.operatorframework.io/docs/best-practices/channel-naming/) for choosing the <desired_channel_name>. An example of the <desired_channel_name> is `candidate-v0`.
+
+.Verification
+
+. Open your `index.json` or `index.yaml` file and ensure it is similar to the following example:
++
+.Example `<catalog_dir>/index.json` file
+[source,json]
+----
+{
+    "schema": "olm.package",
+    "name": "example-extension",
+    "defaultChannel": "preview"
+}
+{
+    "schema": "olm.bundle",
+    "name": "example-extension.v0.0.1",
+    "package": "example-extension",
+    "image": "quay.io/example-org/example-extension-bundle:v0.0.1",
+    "properties": [
+        {
+            "type": "olm.package",
+            "value": {
+            "packageName": "example-extension",
+            "version": "0.0.1"
+            }
+        },
+        {
+            "type": "olm.bundle.mediatype",
+            "value": "plain+v0"
+        }
+    ]
+}
+{
+    "schema": "olm.channel",
+    "name": "preview",
+    "package": "example-extension",
+    "entries": [
+        {
+            "name": "example-extension.v0.0.1"
+        }
+    ]
+}
+----
+
+. Validate your catalog by running the following command:
++
+[source,terminal]
+----
+$ opm validate <catalog_dir>
+----
\ No newline at end of file
diff --git a/modules/olmv1-building-plain-image.adoc b/modules/olmv1-building-plain-image.adoc
new file mode 100644
index 000000000000..5f2bd160f418
--- /dev/null
+++ b/modules/olmv1-building-plain-image.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-plain-bundles.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-building-plain-bundle-image-source_{context}"]
+= Building a plain bundle image from an image source
+
+The Operator Controller currently supports installing plain bundles created only from a _plain bundle image_.
+
+.Procedure
+
+. At the root of your project, create a Dockerfile that can build a bundle image:
++
+.Example `plainbundle.Dockerfile`
+[source,docker]
+----
+FROM scratch <1>
+ADD manifests /manifests
+----
+<1> Use the `FROM scratch` directive to make the size of the image smaller. No other files or directories are required in the bundle image.
+
+. Build an Open Container Initiative (OCI)-compliant image by using your preferred build tool, similar to the following example:
++
+[source,terminal]
+----
+$ podman build -f plainbundle.Dockerfile -t \
+    quay.io/<organization_name>/<repository_name>:<image_tag> . <1>
+----
+<1> Use an image tag that references a repository where you have push access privileges.
+
+. Push the image to your remote registry by running the following command:
++
+[source,terminal]
+----
+$ podman push quay.io/<organization_name>/<repository_name>:<image_tag>
+----
\ No newline at end of file
diff --git a/modules/olmv1-catalog-queries.adoc b/modules/olmv1-catalog-queries.adoc
new file mode 100644
index 000000000000..4541b3582c6e
--- /dev/null
+++ b/modules/olmv1-catalog-queries.adoc
@@ -0,0 +1,123 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="olmv1-catalog-queries_{context}"]
+= Common catalog queries
+
+You can query catalogs by using the `jq` CLI tool.
+
+// https://docs.asciidoctor.org/asciidoc/latest/tables/format-cell-content/#a-operator
+// https://docs.asciidoctor.org/asciidoc/latest/tables/data-format/#escape-the-cell-separator
+.Common package queries
+[options="header",cols="1,3"]
+|===
+|Query |Request
+
+|Available packages in a catalog
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .schema == "olm.package") \| \
+  .name' <catalog_name>.json
+----
+
+|Packages that support `AllNamespaces` install mode and do not use webhooks
+a|
+[source,terminal]
+----
+$ jq -c 'select(.schema == "olm.bundle") \| \
+  {"package":.package, "version":.properties[] \| \
+  select(.type == "olm.bundle.object").value.data \| \
+  @base64d \| fromjson \| \
+  select(.kind == "ClusterServiceVersion" and (.spec.installModes[] \| \
+  select(.type == "AllNamespaces" and .supported == true) != null) \
+  and .spec.webhookdefinitions == null).spec.version}' \
+  <catalog_name>.json
+----
+
+|Package metadata
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .schema == "olm.package") \| \
+  select( .name == "<package_name>")' <catalog_name>.json
+----
+
+|Catalog blobs in a package
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .package == "<package_name>")' \
+  <catalog_name>.json
+----
+
+|===
+
+.Common channel queries
+[options="header",cols="1,3"]
+|===
+|Query |Request
+
+|Channels in a package
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .schema == "olm.channel" ) \| \
+  select( .package == "<package_name>") \| .name' \
+  <catalog_name>.json
+----
+
+|Versions in a channel
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .package == "<package_name" ) \| \
+  select( .schema == "olm.channel" ) \| \
+  select( .name == "<channel_name>" ) \| \
+  .entries \| .[] \| .name' <catalog_name>.json
+----
+
+a|
+* Latest version in a channel
+* Upgrade path
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .schema == "olm.channel" ) \| \
+  select ( .name == "<channel>") \| \
+  select( .package == "<package_name>")' \
+  <catalog_name>.json
+----
+
+|===
+
+.Common bundle queries
+[options="header",cols="1,3"]
+|===
+|Query |Request
+
+|Bundles in a package
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .schema == "olm.bundle" ) \| \
+  select( .package == "<package_name>") \| .name' \
+  <catalog_name>.json
+----
+
+a|
+* Bundle dependencies
+* Available APIs
+a|
+[source,terminal]
+----
+$ jq -s '.[] \| select( .schema == "olm.bundle" ) \| \
+  select ( .name == "<bundle_name>") \| \
+  select( .package == "<package_name>")' \
+  <catalog_name>.json
+----
+
+|===
diff --git a/modules/olmv1-creating-a-pull-secret-for-catalogd.adoc b/modules/olmv1-creating-a-pull-secret-for-catalogd.adoc
new file mode 100644
index 000000000000..fa91ec671528
--- /dev/null
+++ b/modules/olmv1-creating-a-pull-secret-for-catalogd.adoc
@@ -0,0 +1,94 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+ifeval::["{context}" == "olmv1-installing-operator"]
+:olmv1-pullsecret-proc:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-creating-a-pull-secret-for-catalogs-secure-registry_{context}"]
+= Creating a pull secret for catalogs hosted on a secure registry
+
+include::snippets/olmv1-secure-registry-pull-secret.adoc[]
+
+.Prerequisites
+
+* Login credentials for the secure registry
+* Docker or Podman installed on your workstation
+
+.Procedure
+
+* If you already have a `.dockercfg` file with login credentials for the secure registry, create a pull secret by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic <pull_secret_name> \
+    --from-file=.dockercfg=<file_path>/.dockercfg \
+    --type=kubernetes.io/dockercfg \
+    --namespace=openshift-catalogd
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ oc create secret generic redhat-cred \
+    --from-file=.dockercfg=/home/<username>/.dockercfg \
+    --type=kubernetes.io/dockercfg \
+    --namespace=openshift-catalogd
+----
+====
+
+* If you already have a `$HOME/.docker/config.json` file with login credentials for the secured registry, create a pull secret by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic <pull_secret_name> \
+    --from-file=.dockerconfigjson=<file_path>/.docker/config.json \
+    --type=kubernetes.io/dockerconfigjson \
+    --namespace=openshift-catalogd
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ oc create secret generic redhat-cred \
+    --from-file=.dockerconfigjson=/home/<username>/.docker/config.json \
+    --type=kubernetes.io/dockerconfigjson \
+    --namespace=openshift-catalogd
+----
+====
+* If you do not have a Docker configuration file with login credentials for the secure registry, create a pull secret by running the following command:
++
+[source,terminal]
+----
+$ oc create secret docker-registry <pull_secret_name> \
+    --docker-server=<registry_server> \
+    --docker-username=<username> \
+    --docker-password=<password> \
+    --docker-email=<email> \
+    --namespace=openshift-catalogd
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ oc create secret docker-registry redhat-cred \
+    --docker-server=registry.redhat.io \
+    --docker-username=username \
+    --docker-password=password \
+    --docker-email=user@example.com \
+    --namespace=openshift-catalogd
+----
+====
+
+ifeval::["{context}" == "olmv1-installing-operator"]
+:!olmv1-pullsecret-proc:
+endif::[]
diff --git a/modules/olmv1-creating-fbc.adoc b/modules/olmv1-creating-fbc.adoc
new file mode 100644
index 000000000000..eed4a684985d
--- /dev/null
+++ b/modules/olmv1-creating-fbc.adoc
@@ -0,0 +1,66 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-plain-bundles.adoc
+
+ifdef::openshift-origin[]
+:registry-image: quay.io/operator-framework/opm:latest
+endif::[]
+ifndef::openshift-origin[]
+:registry-image: registry.redhat.io/openshift4/ose-operator-registry:v{product-version}
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-creating-fbc_{context}"]
+= Creating a file-based catalog
+
+If you do not have a file-based catalog, you must perform the following steps to initialize the catalog.
+
+.Procedure
+
+. Create a directory for the catalog by running the following command:
++
+[source,terminal]
+----
+$ mkdir <catalog_dir>
+----
+
+. Generate a Dockerfile that can build a catalog image by running the `opm generate dockerfile` command in the same directory level as the previous step:
++
+[source,terminal,subs="attributes+"]
+----
+ifdef::openshift-origin[]
+$ opm generate dockerfile <catalog_dir>
+endif::[]
+ifndef::openshift-origin[]
+$ opm generate dockerfile <catalog_dir> \
+    -i {registry-image} <1>
+endif::[]
+----
+ifndef::openshift-origin[]
+<1> Specify the official Red Hat base image by using the `-i` flag, otherwise the Dockerfile uses the default upstream image.
+endif::[]
++
+[NOTE]
+====
+The generated Dockerfile must be in the same parent directory as the catalog directory that you created in the previous step:
+
+.Example directory structure
+[source,terminal]
+----
+.
+├── <catalog_dir>
+└── <catalog_dir>.Dockerfile
+----
+====
+
+. Populate the catalog with the package definition for your extension by running the `opm init` command:
++
+[source,terminal]
+----
+$ opm init <extension_name> \
+    --output json \
+    > <catalog_dir>/index.json
+----
++
+This command generates an `olm.package` declarative config blob in the specified catalog configuration file.
diff --git a/modules/olmv1-deleting-an-operator.adoc b/modules/olmv1-deleting-an-operator.adoc
new file mode 100644
index 000000000000..777b955f1cda
--- /dev/null
+++ b/modules/olmv1-deleting-an-operator.adoc
@@ -0,0 +1,60 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-deleting-an-operator_{context}"]
+= Deleting an Operator
+
+You can delete an Operator and its custom resource definitions (CRDs) by deleting the Operator's custom resource (CR).
+
+.Prerequisites
+
+* You have a catalog installed.
+* You have an Operator installed.
+
+.Procedure
+
+* Delete an Operator and its CRDs by running the following command:
++
+[source,terminal]
+----
+$ oc delete operator.operators.operatorframework.io quay-example
+----
++
+.Example output
+[source,text]
+----
+operator.operators.operatorframework.io "quay-example" deleted
+----
+
+.Verification
+
+* Run the following commands to verify that your Operator and its resources were deleted:
+
+** Verify the Operator is deleted by running the following command:
++
+[source,terminal]
+----
+$ oc get operator.operators.operatorframework.io
+----
++
+.Example output
+[source,text]
+----
+No resources found
+----
+
+** Verify that the Operator's system namespace is deleted by running the following command:
++
+[source,terminal]
+----
+$ oc get ns quay-operator-system
+----
++
+.Example output
+[source,text]
+----
+Error from server (NotFound): namespaces "quay-operator-system" not found
+----
diff --git a/modules/olmv1-dependency-concepts.adoc b/modules/olmv1-dependency-concepts.adoc
new file mode 100644
index 000000000000..2f515aab5769
--- /dev/null
+++ b/modules/olmv1-dependency-concepts.adoc
@@ -0,0 +1,73 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-dependency.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="olmv1-dependency-concepts_{context}"]
+= Concepts
+
+There are a set of expectations from the user that the package manager should never do the following:
+
+* Install a package whose dependencies can not be fulfilled or that conflict with the dependencies of another package
+* Install a package whose constraints can not be met by the current set of installable packages
+* Update a package in a way that breaks another that depends on it
+
+[id="olmv1-dependency-example-successful_{context}"]
+== Example: Successful resolution
+
+A user wants to install packages A and B that have the following dependencies:
+
+|===
+|Package A `v0.1.0`                |Package B `latest`
+|↓ (depends on)                    |↓ (depends on)
+|Package C `v0.1.0`                |Package D `latest`
+|===
+
+Additionally, the user wants to pin the version of A to `v0.1.0`.
+
+*Packages and constraints passed to {olmv1}*
+
+.Packages
+* A
+* B
+
+.Constraints
+* A `v0.1.0` depends on C `v0.1.0`
+* A pinned to `v0.1.0`
+* B depends on D
+
+.Output
+* Resolution set:
+** A `v0.1.0`
+** B `latest`
+** C `v0.1.0`
+** D `latest`
+
+[id="olmv1-dependency-example-unsuccessful_{context}"]
+== Example: Unsuccessful resolution
+
+A user wants to install packages A and B that have the following dependencies:
+
+|===
+|Package A `v0.1.0`                |Package B `latest`
+|↓ (depends on)                    |↓ (depends on)
+|Package C `v0.1.0`                |Package C `v0.2.0`
+|===
+
+Additionally, the user wants to pin the version of A to `v0.1.0`.
+
+*Packages and constraints passed to {olmv1}*
+
+.Packages
+* A
+* B
+
+.Constraints
+* A `v0.1.0` depends on C `v0.1.0`
+* A pinned to `v0.1.0`
+* B `latest` depends on C `v0.2.0`
+
+.Output
+* Resolution set:
+** Unable to resolve because A `v0.1.0` requires C `v0.1.0`, which conflicts with B `latest` requiring C `v0.2.0`
\ No newline at end of file
diff --git a/modules/olmv1-finding-operators-to-install.adoc b/modules/olmv1-finding-operators-to-install.adoc
new file mode 100644
index 000000000000..81e44f514680
--- /dev/null
+++ b/modules/olmv1-finding-operators-to-install.adoc
@@ -0,0 +1,168 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-finding-operators-to-install_{context}"]
+= Finding Operators to install from a catalog
+
+After you add a catalog to your cluster, you can query the catalog to find Operators and extensions to install. Before you can query catalogs, you must port forward the catalog server service.
+
+.Prerequisite
+
+* You have added a catalog to your cluster.
+* You have installed the `jq` CLI tool.
+
+.Procedure
+
+. Port forward the catalog server service in the `openshift-catalogd` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-catalogd port-forward svc/catalogd-catalogserver 8080:80
+----
+
+. Download the catalog's JSON file locally by running the following command:
++
+[source,terminal]
+----
+$ curl -L http://localhost:8080/catalogs/<catalog_name>/all.json \
+  -C - -o /<path>/<catalog_name>.json
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ curl -L http://localhost:8080/catalogs/redhat-operators/all.json \
+  -C - -o /home/username/catalogs/rhoc.json
+----
+====
+
+. Run one of the following commands to return a list of Operators and extensions in a catalog.
++
+[IMPORTANT]
+====
+Currently, {olmv1-first} supports extensions that do not use webhooks and are configured to use the `AllNamespaces` install mode. Extensions that use webhooks or that target a single or specified set of namespaces cannot be installed.
+====
++
+* Get a list of all the Operators and extensions from the local catalog file by running the following command:
++
+[source,terminal]
+----
+$ jq -s '.[] | select(.schema == "olm.package") | .name' \
+  /<path>/<filename>.json
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ jq -s '.[] | select(.schema == "olm.package") | .name' \
+  /home/username/catalogs/rhoc.json
+----
+====
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+NAME                                                        AGE
+"3scale-operator"
+"advanced-cluster-management"
+"amq-broker-rhel8"
+"amq-online"
+"amq-streams"
+"amq7-interconnect-operator"
+"ansible-automation-platform-operator"
+"ansible-cloud-addons-operator"
+"apicast-operator"
+"aws-efs-csi-driver-operator"
+"aws-load-balancer-operator"
+"bamoe-businessautomation-operator"
+"bamoe-kogito-operator"
+"bare-metal-event-relay"
+"businessautomation-operator"
+...
+----
+====
++
+* Get list of packages that support `AllNamespaces` install mode and do not use webhooks from the local catalog file by running the following command:
++
+[source,terminal]
+----
+$ jq -c 'select(.schema == "olm.bundle") | \
+  {"package":.package, "version":.properties[] | \
+  select(.type == "olm.bundle.object").value.data | @base64d | fromjson | \
+  select(.kind == "ClusterServiceVersion" and (.spec.installModes[] | \
+  select(.type == "AllNamespaces" and .supported == true) != null) \
+  and .spec.webhookdefinitions == null).spec.version}' \
+  /<path>/<catalog_name>.json
+----
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+{"package":"3scale-operator","version":"0.10.0-mas"}
+{"package":"3scale-operator","version":"0.10.5"}
+{"package":"3scale-operator","version":"0.11.0-mas"}
+{"package":"3scale-operator","version":"0.11.1-mas"}
+{"package":"3scale-operator","version":"0.11.2-mas"}
+{"package":"3scale-operator","version":"0.11.3-mas"}
+{"package":"3scale-operator","version":"0.11.5-mas"}
+{"package":"3scale-operator","version":"0.11.6-mas"}
+{"package":"3scale-operator","version":"0.11.7-mas"}
+{"package":"3scale-operator","version":"0.11.8-mas"}
+{"package":"amq-broker-rhel8","version":"7.10.0-opr-1"}
+{"package":"amq-broker-rhel8","version":"7.10.0-opr-2"}
+{"package":"amq-broker-rhel8","version":"7.10.0-opr-3"}
+{"package":"amq-broker-rhel8","version":"7.10.0-opr-4"}
+{"package":"amq-broker-rhel8","version":"7.10.1-opr-1"}
+{"package":"amq-broker-rhel8","version":"7.10.1-opr-2"}
+{"package":"amq-broker-rhel8","version":"7.10.2-opr-1"}
+{"package":"amq-broker-rhel8","version":"7.10.2-opr-2"}
+...
+----
+====
+
+. Inspect the contents of an Operator or extension's metadata by running the following command:
++
+[source,terminal]
+----
+$ jq -s '.[] | select( .schema == "olm.package") | \
+  select( .name == "<package_name>")' /<path>/<catalog_name>.json
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ jq -s '.[] | select( .schema == "olm.package") | \
+  select( .name == "openshift-pipelines-operator-rh")' \
+  /home/username/rhoc.json
+----
+====
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+{
+  "defaultChannel": "stable",
+  "icon": {
+    "base64data": "PHN2ZyB4bWxu..."
+    "mediatype": "image/png"
+  },
+  "name": "openshift-pipelines-operator-rh",
+  "schema": "olm.package"
+}
+----
+====
diff --git a/modules/olmv1-installing-an-operator.adoc b/modules/olmv1-installing-an-operator.adoc
new file mode 100644
index 000000000000..f3ac4ff6407e
--- /dev/null
+++ b/modules/olmv1-installing-an-operator.adoc
@@ -0,0 +1,246 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-installing-an-operator_{context}"]
+= Installing an Operator from a catalog
+
+{olmv1-first} supports installing Operators and extensions scoped to the cluster. You can install an Operator from a catalog by creating an Operator custom resource (CR) and applying it to the cluster.
+
+[IMPORTANT]
+====
+Currently, {olmv1} supports the installation Operators and extensions that meet the following criteria:
+
+* The Operator or extension must use the `AllNamespaces` install mode.
+* The Operator or extension must not use webhooks.
+
+Operators and extensions that use webhooks or that target a single or specified set of namespaces cannot be installed.
+====
+
+.Prerequisite
+
+* You have added a catalog to your cluster.
+* You have downloaded a local copy of the catalog file.
+
+.Procedure
+
+. Inspect a package for channel and version information from a local copy of your catalog file by completing the following steps:
+
+.. Get a list of channels from a selected package by running the following command:
++
+[source,terminal]
+----
+$ jq -s '.[] | select( .schema == "olm.channel" ) | \
+  select( .package == "<package_name>") | \
+  .name' /<path>/<catalog_name>.json
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ jq -s '.[] | select( .schema == "olm.channel" ) | \
+  select( .package == "openshift-pipelines-operator-rh") | \
+  .name' /home/username/rhoc.json
+----
+====
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+"latest"
+"pipelines-1.11"
+"pipelines-1.12"
+"pipelines-1.13"
+----
+====
+
+.. Get a list of the versions published in a channel by running the following command:
++
+[source,terminal]
+----
+$ jq -s '.[] | select( .package == "<package_name" ) | \
+  select( .schema == "olm.channel" ) | \
+  select( .name == "<channel_name" ) | .entries | \
+  .[] | .name' /<path>/<catalog_name>.json
+----
++
+.Example command
+[%collapsible]
+====
+[source,terminal]
+----
+$ jq -s '.[] | select( .package == "openshift-pipelines-operator-rh" ) | \
+select( .schema == "olm.channel" ) | select( .name == "latest" ) | \
+.entries | .[] | .name' /home/username/rhoc.json
+----
+====
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+"openshift-pipelines-operator-rh.v1.11.1"
+"openshift-pipelines-operator-rh.v1.12.0"
+"openshift-pipelines-operator-rh.v1.12.1"
+"openshift-pipelines-operator-rh.v1.12.2"
+"openshift-pipelines-operator-rh.v1.13.0"
+"openshift-pipelines-operator-rh.v1.13.1"
+----
+====
+
+. Create an Operator CR, similar to the following example:
++
+.Example `pipelines-operator.yaml` CR
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  name: pipelines-operator
+spec:
+  packageName: openshift-pipelines-operator-rh
+  channel: <channel>
+  version: <version>
+----
++
+where:
++
+<channel>:: Optional: Specifies the channel, such as `pipelines-1.11` or `latest`, for the package you want to install or update.
+<version>:: Optional: Specifies the specific version or version range, such as `1.11.1`, `1.12.x`, or `>=1.12.1`, of the package you want to install or update. For more information, see "About target versions in OLM 1.0" and "Support for version ranges".
+
+. Apply the Operator CR to the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f pipeline-operator.yaml
+----
++
+.Example output
+[source,text]
+----
+operator.operators.operatorframework.io/pipelines-operator created
+----
+
+.Verification
+
+. View the Operator's CR in the YAML format by running the following command:
++
+[source,terminal]
+----
+$ oc get operator.operators.operatorframework.io pipelines-operator -o yaml
+----
++
+[NOTE]
+====
+If you specify a channel or define a version range in your Operator or extension's CR, {olmv1} does not display the resolved version installed on the cluster. Only the version and channel information specified in the CR are displayed.
+
+If you want to find the specific version that is installed, you must compare the SHA of the image of the `spec.source.image.ref` field to the image reference in the catalog.
+====
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"operators.operatorframework.io/v1alpha1","kind":"Operator","metadata":{"annotations":{},"name":"pipelines-operator"},"spec":{"channel":"latest","packageName":"openshift-pipelines-operator-rh","version":"1.11.x"}}
+  creationTimestamp: "2024-01-30T20:06:09Z"
+  generation: 1
+  name: pipelines-operator
+  resourceVersion: "44362"
+  uid: 4272d228-22e1-419e-b9a7-986f982ee588
+spec:
+  channel: latest
+  packageName: openshift-pipelines-operator-rh
+  upgradeConstraintPolicy: Enforce
+  version: 1.11.x
+status:
+  conditions:
+  - lastTransitionTime: "2024-01-30T20:06:15Z"
+    message: resolved to "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:e09d37bb1e754db42324fd18c1cb3e7ce77e7b7fcbf4932d0535391579938280"
+    observedGeneration: 1
+    reason: Success
+    status: "True"
+    type: Resolved
+  - lastTransitionTime: "2024-01-30T20:06:31Z"
+    message: installed from "registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:e09d37bb1e754db42324fd18c1cb3e7ce77e7b7fcbf4932d0535391579938280"
+    observedGeneration: 1
+    reason: Success
+    status: "True"
+    type: Installed
+  installedBundleResource: registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:e09d37bb1e754db42324fd18c1cb3e7ce77e7b7fcbf4932d0535391579938280
+  resolvedBundleResource: registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:e09d37bb1e754db42324fd18c1cb3e7ce77e7b7fcbf4932d0535391579938280
+----
+====
+
+. Get information about your Operator's bundle deployment by running the following command:
++
+[source,terminal]
+----
+$ oc get bundleDeployment pipelines-operator -o yaml
+----
++
+.Example output
+[%collapsible]
+====
+[source,text]
+----
+apiVersion: core.rukpak.io/v1alpha1
+kind: BundleDeployment
+metadata:
+  creationTimestamp: "2024-01-30T20:06:15Z"
+  generation: 2
+  name: pipelines-operator
+  ownerReferences:
+  - apiVersion: operators.operatorframework.io/v1alpha1
+    blockOwnerDeletion: true
+    controller: true
+    kind: Operator
+    name: pipelines-operator
+    uid: 4272d228-22e1-419e-b9a7-986f982ee588
+  resourceVersion: "44464"
+  uid: 0a0c3525-27e2-4c93-bf57-55920a7707c0
+spec:
+  provisionerClassName: core-rukpak-io-plain
+  template:
+    metadata: {}
+    spec:
+      provisionerClassName: core-rukpak-io-registry
+      source:
+        image:
+          ref: registry.redhat.io/openshift-pipelines/pipelines-operator-bundle@sha256:e09d37bb1e754db42324fd18c1cb3e7ce77e7b7fcbf4932d0535391579938280
+        type: image
+status:
+  activeBundle: pipelines-operator-29x720cjzx8yiowf13a3j75fil2zs3mfw
+  conditions:
+  - lastTransitionTime: "2024-01-30T20:06:15Z"
+    message: Successfully unpacked the pipelines-operator-29x720cjzx8yiowf13a3j75fil2zs3mfw
+      Bundle
+    reason: UnpackSuccessful
+    status: "True"
+    type: HasValidBundle
+  - lastTransitionTime: "2024-01-30T20:06:28Z"
+    message: Instantiated bundle pipelines-operator-29x720cjzx8yiowf13a3j75fil2zs3mfw
+      successfully
+    reason: InstallationSucceeded
+    status: "True"
+    type: Installed
+  - lastTransitionTime: "2024-01-30T20:06:40Z"
+    message: BundleDeployment is healthy
+    reason: Healthy
+    status: "True"
+    type: Healthy
+  observedGeneration: 2
+----
+====
diff --git a/modules/olmv1-operator-api.adoc b/modules/olmv1-operator-api.adoc
new file mode 100644
index 000000000000..ecb2761cc726
--- /dev/null
+++ b/modules/olmv1-operator-api.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-plain-bundles.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="olmv1-operator-api"]
+= Operator API
+
+Operator Controller provides a new `Operator` API object, which is a single resource that represents an instance of an installed Operator. This `operator.operators.operatorframework.io` API streamlines management of installed Operators by consolidating user-facing APIs into a single object.
+
+[IMPORTANT]
+====
+In {olmv1}, `Operator` objects are cluster-scoped. This differs from earlier OLM versions where Operators could be either namespace-scoped or cluster-scoped, depending on the configuration of their related `Subscription` and `OperatorGroup` objects.
+
+For more information about the earlier behavior, see _Multitenancy and Operator colocation_.
+====
+
+.Example `Operator` object
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  name: <operator_name>
+spec:
+  packageName: <package_name>
+  channel: <channel_name>
+  version: <version_number>
+----
+
+include::snippets/olmv1-operator-api-group.adoc[]
\ No newline at end of file
diff --git a/modules/olmv1-publishing-fbc.adoc b/modules/olmv1-publishing-fbc.adoc
new file mode 100644
index 000000000000..2443690836c5
--- /dev/null
+++ b/modules/olmv1-publishing-fbc.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-plain-bundles.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-publishing-fbc_{context}"]
+= Building and publishing a file-based catalog
+
+.Procedure
+
+. Build your file-based catalog as an image by running the following command:
++
+[source,terminal]
+----
+$ podman build -f <catalog_dir>.Dockerfile -t \
+    quay.io/<organization_name>/<repository_name>:<image_tag> .
+----
+
+. Push your catalog image by running the following command:
++
+[source,terminal]
+----
+$ podman push quay.io/<organization_name>/<repository_name>:<image_tag>
+----
\ No newline at end of file
diff --git a/modules/olmv1-red-hat-catalogs.adoc b/modules/olmv1-red-hat-catalogs.adoc
new file mode 100644
index 000000000000..bf828e0527d4
--- /dev/null
+++ b/modules/olmv1-red-hat-catalogs.adoc
@@ -0,0 +1,70 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+// * operators/olm_v1/arch/olmv1-catalogd.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="olmv1-red-hat-catalogs_{context}"]
+= Red Hat-provided Operator catalogs in {olmv1}
+
+{olmv1-first} does not include Red Hat-provided Operator catalogs by default. If you want to add a Red Hat-provided catalog to your cluster, create a custom resource (CR) for the catalog and apply it to the cluster. The following custom resource (CR) examples show how to create a catalog resources for {olmv1}.
+
+[IMPORTANT]
+====
+include::snippets/olmv1-secure-registry-pull-secret.adoc[]
+====
+
+.Example Red Hat Operators catalog
+[source,yaml,subs="attributes+"]
+----
+apiVersion: catalogd.operatorframework.io/v1alpha1
+kind: Catalog
+metadata:
+  name: redhat-operators
+spec:
+  source:
+    type: image
+    image:
+      ref: registry.redhat.io/redhat/redhat-operator-index:v{product-version}
+      pullSecret: <pull_secret_name>
+----
+
+.Example Certified Operators catalog
+[source,yaml,subs="attributes+"]
+----
+apiVersion: catalogd.operatorframework.io/v1alpha1
+kind: Catalog
+metadata:
+  name: certified-operators
+spec:
+  source:
+    type: image
+    image:
+      ref: registry.redhat.io/redhat/certified-operator-index:v{product-version}
+      pullSecret: <pull_secret_name>
+----
+
+.Example Community Operators catalog
+[source,yaml,subs="attributes+"]
+----
+apiVersion: catalogd.operatorframework.io/v1alpha1
+kind: Catalog
+metadata:
+  name: community-operators
+spec:
+  source:
+    type: image
+    image:
+      ref: registry.redhat.io/redhat/community-operator-index:v{product-version}
+      pullSecret: <pull_secret_name>
+----
+
+The following command adds a catalog to your cluster:
+
+.Command syntax
+[source,terminal]
+----
+$ oc apply -f <catalog_name>.yaml <1>
+----
+<1> Specifies the catalog CR, such as `redhat-operators.yaml`.
diff --git a/modules/olmv1-updating-an-operator.adoc b/modules/olmv1-updating-an-operator.adoc
new file mode 100644
index 000000000000..9ba39fec2d24
--- /dev/null
+++ b/modules/olmv1-updating-an-operator.adoc
@@ -0,0 +1,121 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="olmv1-updating-an-operator_{context}"]
+= Updating an Operator
+
+You can update your Operator by manually editing your Operator's custom resource (CR) and applying the changes.
+
+.Prerequisites
+
+* You have a catalog installed.
+* You have an Operator installed.
+
+.Procedure
+
+. Inspect your Operator's package contents to find which channels and versions are available for updating by running the following command:
++
+[source,terminal]
+----
+$ oc get package <catalog_name>-<package_name> -o yaml
+----
++
+.Example command
+[source,terminal]
+----
+$ oc get package redhat-operators-quay-operator -o yaml
+----
+
+. Edit your Operator's CR to update the version to `3.9.1`, as shown in the following example:
++
+.Example `test-operator.yaml` CR
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  name: quay-example
+spec:
+  packageName: quay-operator
+  version: 3.9.1 <1>
+----
+<1> Update the version to `3.9.1`
+
+. Apply the update to the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f test-operator.yaml
+----
++
+.Example output
+[source,text]
+----
+operator.operators.operatorframework.io/quay-example configured
+----
++
+[TIP]
+====
+You can patch and apply the changes to your Operator's version from the CLI by running the following command:
+
+[source,terminal]
+----
+$ oc patch operator.operators.operatorframework.io/quay-example -p \
+  '{"spec":{"version":"3.9.1"}}' \
+  --type=merge
+----
+
+.Example output
+[source,text]
+----
+operator.operators.operatorframework.io/quay-example patched
+----
+====
+
+.Verification
+
+* Verify that the channel and version updates have been applied by running the following command:
++
+[source,terminal]
+----
+$ oc get operator.operators.operatorframework.io/quay-example -o yaml
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"operators.operatorframework.io/v1alpha1","kind":"Operator","metadata":{"annotations":{},"name":"quay-example"},"spec":{"packageName":"quay-operator","version":"3.9.1"}}
+  creationTimestamp: "2023-10-19T18:39:37Z"
+  generation: 2
+  name: quay-example
+  resourceVersion: "47423"
+  uid: 2558623b-8689-421c-8ed5-7b14234af166
+spec:
+  packageName: quay-operator
+  version: 3.9.1 <1>
+status:
+  conditions:
+  - lastTransitionTime: "2023-10-19T18:39:37Z"
+    message: resolved to "registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09"
+    observedGeneration: 2
+    reason: Success
+    status: "True"
+    type: Resolved
+  - lastTransitionTime: "2023-10-19T18:39:46Z"
+    message: installed from "registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09"
+    observedGeneration: 2
+    reason: Success
+    status: "True"
+    type: Installed
+  installedBundleResource: registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09
+  resolvedBundleResource: registry.redhat.io/quay/quay-operator-bundle@sha256:4864bc0d5c18a84a5f19e5e664b58d3133a2ac2a309c6b5659ab553f33214b09
+----
+<1> Verify that the version is updated to `3.9.1`.
diff --git a/modules/olmv1-version-range-comparisons.adoc b/modules/olmv1-version-range-comparisons.adoc
new file mode 100644
index 000000000000..83b236f989b1
--- /dev/null
+++ b/modules/olmv1-version-range-comparisons.adoc
@@ -0,0 +1,134 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="olmv1-version-range-comparisons_{context}"]
+= Version comparison strings
+
+You can define a version range by adding a comparison string to the `spec.version` field in an Operator or extension's custom resource (CR). A comparison string is a list of space- or comma-separated values and one or more comparison operators. You can add another comparison string by including an `OR`, or double vertical bar (`||`), comparison operator between the strings.
+
+.Basic comparisons
+[options="header"]
+|===
+
+|Comparison operator |Definition
+
+|`=`
+|Equal to
+
+|`!=`
+|Not equal to
+
+|`>`
+|Greater than
+
+| `<`
+|Less than
+
+|`>=`
+|Greater than or equal to
+
+|`\<=`
+|Less than or equal to
+
+|===
+
+You can specify a version range in an Operator or extension's CR by using a range comparison similar to the following example:
+
+.Example version range comparison
+[source,yaml]
+----
+apiVersion: operators.operatorframework.io/v1alpha1
+kind: Operator
+metadata:
+  name: pipelines-operator
+spec:
+  packageName: openshift-pipelines-operator-rh
+  version: >=1.11, <1.13
+----
+
+You can use wildcard characters in all types of comparison strings. {olmv1} accepts `x`, `X`, and asterisks (`*`) as wildcard characters. When you use a wildcard character with the equal sign (`=`) comparison operator, you define a comparison at the patch or minor version level.
+
+.Example wildcard characters in comparison strings
+[options="header"]
+|===
+
+|Wildcard comparison |Matching string
+
+|`1.11.x`
+|`>=1.11.0, <1.12.0`
+
+|`>=1.12.X`
+|`>=1.12.0`
+
+|`\<=2.x`
+|`<3`
+
+|`*`
+|`>=0.0.0`
+
+|===
+
+You can make patch release comparisons by using the tilde (`~`) comparison operator. Patch release comparisons specify a minor version up to the next major version.
+
+.Example patch release comparisons
+[options="header"]
+|===
+
+|Patch release comparison |Matching string
+
+|`~1.11.0`
+|`>=1.11.0, <1.12.0`
+
+|`~1`
+|`>=1, <2`
+
+|`~1.12`
+|`>=1.12, <1.13`
+
+|`~1.12.x`
+|`>=1.12.0, <1.13.0`
+
+|`~1.x`
+|`>=1, <2`
+
+|===
+
+You can use the caret (`^`) comparison operator to make a comparison for a major release. If you use a major release comparison before the first stable release is published, the minor versions define the API's level of stability. In the semantic versioning (SemVer) specification, the first stable release is published as the `1.0.0` version.
+
+.Example major release comparisons
+[options="header"]
+|===
+
+|Major release comparison |Matching string
+
+|`^0`
+|`>=0.0.0, <1.0.0`
+
+|`^0.0`
+|`>=0.0.0, <0.1.0`
+
+|`^0.0.3`
+|`>=0.0.3, <0.0.4`
+
+|`^0.2`
+|`>=0.2.0, <0.3.0`
+
+|`^0.2.3`
+|`>=0.2.3, <0.3.0`
+
+|`^1.2.x`
+|`>= 1.2.0, < 2.0.0`
+
+|`^1.2.3`
+|`>= 1.2.3, < 2.0.0`
+
+|`^2.x`
+|`>= 2.0.0, < 3`
+
+|`^2.3`
+|`>= 2.3, < 3`
+
+|===
diff --git a/modules/olmv1-version-range-support.adoc b/modules/olmv1-version-range-support.adoc
new file mode 100644
index 000000000000..5ac6c14c1fe0
--- /dev/null
+++ b/modules/olmv1-version-range-support.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="olmv1-version-range-support_{context}"]
+= Support for version ranges
+
+In {olmv1-first}, you can specify a version range by using a comparison string in an Operator or extension's custom resource (CR). If you specify a version range in the CR, {olmv1} installs or updates to the latest version of the Operator that can be resolved within the version range.
+
+.Resolved version workflow
+* The resolved version is the latest version of the Operator that satisfies the dependencies and constraints of the Operator and the environment.
+* An Operator update within the specified range is automatically installed if it is resolved successfully.
+* An update is not installed if it is outside of the specified range or if it cannot be resolved successfully.
+
+For more information about dependency and constraint resolution in {olmv1}, see "Dependency resolution in {olmv1}".
diff --git a/modules/op-adding-new-users-in-tekton-hub-configuration.adoc b/modules/op-adding-new-users-in-tekton-hub-configuration.adoc
index f7556a41ba4b..f1e81bab0fb2 100644
--- a/modules/op-adding-new-users-in-tekton-hub-configuration.adoc
+++ b/modules/op-adding-new-users-in-tekton-hub-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-new-users-in-tekton-hub-configuration_{context}"]
 = Adding new users in {tekton-hub} configuration
 
@@ -29,13 +29,13 @@ default:
     - rating:read
     - rating:write
 ...
----- 
+----
 <1> The usernames registered with the Git repository hosting service provider.
 +
 [NOTE]
 ====
 A new user signing in to {tekton-hub} for the first time will have only the default scope. To activate additional scopes, ensure the user's username is added in the `scopes` field of the `TektonHub` CR.
-==== 
+====
 
 . Apply the updated `TektonHub` CR.
 +
@@ -67,4 +67,4 @@ $ curl -X POST -H "Authorization: <access-token>" \ <1>
     --data '{"force": true} \
     <api-route>/system/config/refresh
 ----
-<1> The JWT token. 
\ No newline at end of file
+<1> The JWT token.
\ No newline at end of file
diff --git a/modules/op-adding-triggers.adoc b/modules/op-adding-triggers.adoc
index 4b92219dc208..eed6b05506f9 100644
--- a/modules/op-adding-triggers.adoc
+++ b/modules/op-adding-triggers.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-triggers_{context}"]
 = Adding triggers to a pipeline
 
@@ -77,7 +77,7 @@ spec:
       - name: git-revision
         value: $(tt.params.git-revision)
       - name: IMAGE
-        value: image-registry.openshift-image-registry.svc:5000/$(context.pipelineRun.namespace)/$(tt.params.git-repo-name)
+        value: image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/$(tt.params.git-repo-name)
       workspaces:
       - name: shared-workspace
         volumeClaimTemplate:
diff --git a/modules/op-advantages-and-disadvantages-of-non-versioned-and-versioned-cluster-tasks.adoc b/modules/op-advantages-and-disadvantages-of-non-versioned-and-versioned-cluster-tasks.adoc
index f7f33b00f7ea..666747082f4d 100644
--- a/modules/op-advantages-and-disadvantages-of-non-versioned-and-versioned-cluster-tasks.adoc
+++ b/modules/op-advantages-and-disadvantages-of-non-versioned-and-versioned-cluster-tasks.adoc
@@ -1,7 +1,7 @@
 // This module is part of the following assembly:
 //
 // *cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="advantages-and-disadvantages-of-non-versioned-and-versioned-cluster-tasks_{context}"]
 = Advantages and disadvantages of non-versioned and versioned cluster tasks
 
@@ -14,19 +14,19 @@ Before adopting non-versioned or versioned cluster tasks as a standard in produc
 | Cluster task | Advantages | Disadvantages
 
 | Non-versioned cluster task (NVCT)
-a| 
-* If you prefer deploying pipelines with the latest updates and bug fixes, use the NVCT. 
-* Upgrading the Operator upgrades the non-versioned cluster tasks, which consume fewer resources than multiple versioned cluster tasks.  
-a| If you deploy pipelines that use NVCT, they might break after an Operator upgrade if the automatically upgraded cluster tasks are not backward-compatible. 
+a|
+* If you prefer deploying pipelines with the latest updates and bug fixes, use the NVCT.
+* Upgrading the Operator upgrades the non-versioned cluster tasks, which consume fewer resources than multiple versioned cluster tasks.
+a| If you deploy pipelines that use NVCT, they might break after an Operator upgrade if the automatically upgraded cluster tasks are not backward-compatible.
 
 | Versioned cluster task (VCT)
-a| 
-* If you prefer stable pipelines in production, use the VCT. 
-* The earlier version is retained on the cluster even after the later version of a cluster task is installed. You can continue using the earlier cluster tasks. 
-a| 
+a|
+* If you prefer stable pipelines in production, use the VCT.
+* The earlier version is retained on the cluster even after the later version of a cluster task is installed. You can continue using the earlier cluster tasks.
+a|
 * If you continue using an earlier version of a cluster task, you might miss the latest features and critical security updates.
-* The earlier versions of cluster tasks that are not operational consume cluster resources.  
-* * After it is upgraded, the Operator cannot manage the earlier VCT. You can delete the earlier VCT manually by using the `oc delete clustertask` command, but you cannot restore it.  
+* The earlier versions of cluster tasks that are not operational consume cluster resources.
+* * After it is upgraded, the Operator cannot manage the earlier VCT. You can delete the earlier VCT manually by using the `oc delete clustertask` command, but you cannot restore it.
 |
 
 |===
\ No newline at end of file
diff --git a/modules/op-annotations-for-automatic-pruning-taskruns-pipelineruns.adoc b/modules/op-annotations-for-automatic-pruning-taskruns-pipelineruns.adoc
index 62be62d79b6d..c503811bdbd8 100644
--- a/modules/op-annotations-for-automatic-pruning-taskruns-pipelineruns.adoc
+++ b/modules/op-annotations-for-automatic-pruning-taskruns-pipelineruns.adoc
@@ -2,7 +2,7 @@
 //
 // cicd/pipelines/automatic-pruning-taskrun-pipelinerun.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="annotations-for-automatic-pruning-taskruns-pipelineruns_{context}"]
 = Annotations for automatically pruning task runs and pipeline runs
 
diff --git a/modules/op-assembling-a-pipeline.adoc b/modules/op-assembling-a-pipeline.adoc
index d9feea404757..b9021bd66718 100644
--- a/modules/op-assembling-a-pipeline.adoc
+++ b/modules/op-assembling-a-pipeline.adoc
@@ -2,7 +2,7 @@
 //
 //  *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="assembling-a-pipeline_{context}"]
 = Assembling a pipeline
 
diff --git a/modules/op-authenticating-to-an-oci-registry.adoc b/modules/op-authenticating-to-an-oci-registry.adoc
index 6c7a99ff8083..33211290f37d 100644
--- a/modules/op-authenticating-to-an-oci-registry.adoc
+++ b/modules/op-authenticating-to-an-oci-registry.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="authenticating-to-an-oci-registry_{context}"]
 = Authenticating to an OCI registry
 
diff --git a/modules/op-automatic-pruning-taskrun-pipelinerun.adoc b/modules/op-automatic-pruning-taskrun-pipelinerun.adoc
index fc2f30074c60..cd24e023bbfb 100644
--- a/modules/op-automatic-pruning-taskrun-pipelinerun.adoc
+++ b/modules/op-automatic-pruning-taskrun-pipelinerun.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-automatic-pruning-taskrun-pipelinerun_{context}"]
 = Automatic pruning of task runs and pipeline runs
 
diff --git a/modules/op-chains-resolving-existing-secret.adoc b/modules/op-chains-resolving-existing-secret.adoc
index a8ab0c32a6a6..dc7eed8e1df3 100644
--- a/modules/op-chains-resolving-existing-secret.adoc
+++ b/modules/op-chains-resolving-existing-secret.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="chains-resolving-existing-secret_{context}"]
 = Resolving the "secret already exists" error
diff --git a/modules/op-chains-signing-secrets-cosign.adoc b/modules/op-chains-signing-secrets-cosign.adoc
index e3e8ae6f4b5b..a798436a557f 100644
--- a/modules/op-chains-signing-secrets-cosign.adoc
+++ b/modules/op-chains-signing-secrets-cosign.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="chains-signing-secrets-cosign_{context}"]
 = Signing using cosign
diff --git a/modules/op-chains-signing-secrets-skopeo.adoc b/modules/op-chains-signing-secrets-skopeo.adoc
index 912d7803ba25..3ab330f6c4ae 100644
--- a/modules/op-chains-signing-secrets-skopeo.adoc
+++ b/modules/op-chains-signing-secrets-skopeo.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="chains-signing-secrets-skopeo_{context}"]
 = Signing using skopeo
diff --git a/modules/op-changing-default-service-account.adoc b/modules/op-changing-default-service-account.adoc
index cd4c4c698bb2..4ca619df6798 100644
--- a/modules/op-changing-default-service-account.adoc
+++ b/modules/op-changing-default-service-account.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-changing-default-service-account_{context}"]
 = Changing the default service account for {pipelines-shortname}
 
diff --git a/modules/op-changing-source-branch-in-repository-crd.adoc b/modules/op-changing-source-branch-in-repository-crd.adoc
index 3228af7ea84e..f0e2f0580d8c 100644
--- a/modules/op-changing-source-branch-in-repository-crd.adoc
+++ b/modules/op-changing-source-branch-in-repository-crd.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="changing-source-branch-in-repository-crd_{context}"]
 = Changing the source branch for the pipeline definition
 
diff --git a/modules/op-cleaning-up-pipeline-run-using-pipelines-as-code.adoc b/modules/op-cleaning-up-pipeline-run-using-pipelines-as-code.adoc
index 80963b383bbc..5cff3cee1611 100644
--- a/modules/op-cleaning-up-pipeline-run-using-pipelines-as-code.adoc
+++ b/modules/op-cleaning-up-pipeline-run-using-pipelines-as-code.adoc
@@ -2,9 +2,9 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="cleaning-up-pipeline-run-using-pipelines-as-code_{context}"]
-= Cleaning up pipeline run using {pac} 
+= Cleaning up pipeline run using {pac}
 
 [role="_abstract"]
 
diff --git a/modules/op-configuring-basic-authentication-for-git.adoc b/modules/op-configuring-basic-authentication-for-git.adoc
index 0e6dfed04161..7d8147e5749f 100644
--- a/modules/op-configuring-basic-authentication-for-git.adoc
+++ b/modules/op-configuring-basic-authentication-for-git.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift-docs/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-configuring-basic-authentication-for-git_{context}"]
 = Configuring basic authentication for Git
 
@@ -30,8 +30,8 @@ metadata:
     tekton.dev/git-0: https://github.com
 type: kubernetes.io/basic-auth
 stringData:
-  username: <2>
-  password: <3>
+  username: <username> <2>
+  password: <password> <3>
 ----
 <1> Name of the secret. In this example, `basic-user-pass`.
 <2> Username for the Git repository.
diff --git a/modules/op-configuring-buildah-to-use-build-user.adoc b/modules/op-configuring-buildah-to-use-build-user.adoc
index 8d8e7701e672..76dd7c674edd 100644
--- a/modules/op-configuring-buildah-to-use-build-user.adoc
+++ b/modules/op-configuring-buildah-to-use-build-user.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="configuring-builah-to-use-build-user_{context}"]
 = Configuring Buildah to use `build` user
diff --git a/modules/op-configuring-custom-sa-and-scc.adoc b/modules/op-configuring-custom-sa-and-scc.adoc
index 44d867b0210b..c3a624633289 100644
--- a/modules/op-configuring-custom-sa-and-scc.adoc
+++ b/modules/op-configuring-custom-sa-and-scc.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="configuring-custom-sa-and-scc_{context}"]
 = Configuring custom service account and security context constraint
diff --git a/modules/op-configuring-pipeline-resolvers.adoc b/modules/op-configuring-pipeline-resolvers.adoc
index 833f1e4312c8..73ccf22a63f1 100644
--- a/modules/op-configuring-pipeline-resolvers.adoc
+++ b/modules/op-configuring-pipeline-resolvers.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-configuring-pipeline-resolvers_{context}"]
 = Configuring pipeline resolvers
 
diff --git a/modules/op-configuring-pipelines-control-plane.adoc b/modules/op-configuring-pipelines-control-plane.adoc
index 8de59cfe5138..1b94e1b7be9b 100644
--- a/modules/op-configuring-pipelines-control-plane.adoc
+++ b/modules/op-configuring-pipelines-control-plane.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-configuring-pipelines-control-plane_{context}"]
 = Configuring the {pipelines-title} control plane
 
diff --git a/modules/op-configuring-pull-request-capabilities-in-GitHub-interceptor.adoc b/modules/op-configuring-pull-request-capabilities-in-GitHub-interceptor.adoc
index d89622335670..febb3bece428 100644
--- a/modules/op-configuring-pull-request-capabilities-in-GitHub-interceptor.adoc
+++ b/modules/op-configuring-pull-request-capabilities-in-GitHub-interceptor.adoc
@@ -2,11 +2,11 @@
 //
 // *cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-configuring-pull-request-capabilities-in-GitHub-interceptor_{context}"]
 = Configuring pull request capabilities in GitHub Interceptor
 
-With GitHub Interceptor, you can create logic that validates and filters GitHub webhooks. For example, you can validate the webhook’s origin and filter incoming events based on specified criteria. When you use GitHub Interceptor to filter event data, you can specify the event types that Interceptor can accept in a field. 
+With GitHub Interceptor, you can create logic that validates and filters GitHub webhooks. For example, you can validate the webhook’s origin and filter incoming events based on specified criteria. When you use GitHub Interceptor to filter event data, you can specify the event types that Interceptor can accept in a field.
 In {pipelines-title}, you can use the following capabilities of GitHub Interceptor:
 
 * Filter pull request events based on the files that have been changed
diff --git a/modules/op-configuring-ssh-authentication-for-git.adoc b/modules/op-configuring-ssh-authentication-for-git.adoc
index a4d546784f6c..b6e9f9da770f 100644
--- a/modules/op-configuring-ssh-authentication-for-git.adoc
+++ b/modules/op-configuring-ssh-authentication-for-git.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift-docs/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-configuring-ssh-authentication-for-git_{context}"]
 = Configuring SSH authentication for Git
 
diff --git a/modules/op-configuring-tekton-chains.adoc b/modules/op-configuring-tekton-chains.adoc
index e06d7aaad083..f29cd3c9e7eb 100644
--- a/modules/op-configuring-tekton-chains.adoc
+++ b/modules/op-configuring-tekton-chains.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="configuring-tekton-chains_{context}"]
 = Configuring {tekton-chains}
 
diff --git a/modules/op-constructing-pipelines-using-pipeline-builder.adoc b/modules/op-constructing-pipelines-using-pipeline-builder.adoc
index fd2e87d131e7..c012d4f28642 100644
--- a/modules/op-constructing-pipelines-using-pipeline-builder.adoc
+++ b/modules/op-constructing-pipelines-using-pipeline-builder.adoc
@@ -1,8 +1,8 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-constructing-pipelines-using-pipeline-builder_{context}"]
 = Constructing pipelines using the Pipeline builder
 
diff --git a/modules/op-creating-a-github-application-in-administrator-perspective.adoc b/modules/op-creating-a-github-application-in-administrator-perspective.adoc
index 2485f03c651c..cce2c49a40b7 100644
--- a/modules/op-creating-a-github-application-in-administrator-perspective.adoc
+++ b/modules/op-creating-a-github-application-in-administrator-perspective.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-a-github-application-in-administrator-perspective_{context}"]
 
 = Creating a GitHub App in administrator perspective
@@ -27,4 +27,4 @@ image::Github-app-details.png[]
 
 The details of the GitHub App are saved as a secret in the `openShift-pipelines` namespace.
 
-To view details such as name, link, and secret associated with the GitHub applications, navigate to *Pipelines* and click *View GitHub App*. 
+To view details such as name, link, and secret associated with the GitHub applications, navigate to *Pipelines* and click *View GitHub App*.
diff --git a/modules/op-creating-and-verifying-task-run-signatures-without-any-additional-authentication.adoc b/modules/op-creating-and-verifying-task-run-signatures-without-any-additional-authentication.adoc
index cbca91894ebe..9a1eaf48797f 100644
--- a/modules/op-creating-and-verifying-task-run-signatures-without-any-additional-authentication.adoc
+++ b/modules/op-creating-and-verifying-task-run-signatures-without-any-additional-authentication.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-and-verifying-task-run-signatures-without-any-additional-authentication_{context}"]
 = Creating and verifying task run signatures without any additional authentication
 
diff --git a/modules/op-creating-pipeline-run-using-pipelines-as-code.adoc b/modules/op-creating-pipeline-run-using-pipelines-as-code.adoc
index 61f360e7db64..4f2473659456 100644
--- a/modules/op-creating-pipeline-run-using-pipelines-as-code.adoc
+++ b/modules/op-creating-pipeline-run-using-pipelines-as-code.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="creating-pipeline-run-using-pipelines-as-code_{context}"]
 = Creating a pipeline run using {pac}
 
diff --git a/modules/op-creating-pipeline-tasks.adoc b/modules/op-creating-pipeline-tasks.adoc
index 14cc27ad6f31..f4298b4b78e5 100644
--- a/modules/op-creating-pipeline-tasks.adoc
+++ b/modules/op-creating-pipeline-tasks.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-pipeline-tasks_{context}"]
 = Creating pipeline tasks
 
diff --git a/modules/op-creating-pipeline-templates-admin-console.adoc b/modules/op-creating-pipeline-templates-admin-console.adoc
new file mode 100644
index 000000000000..a85e7311e590
--- /dev/null
+++ b/modules/op-creating-pipeline-templates-admin-console.adoc
@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+//
+// * cicd/pipelines/working-with-pipelines-web-console.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="op-creating-pipeline-templates-admin-console_{context}"]
+= Creating pipeline templates in the Administrator perspective
+
+As a cluster administrator, you can create pipeline templates that developers can reuse when they create a pipeline on the cluster.
+
+.Prerequisites
+
+* You have access to an {product-title} cluster with cluster administrator permissions, and have switched to the *Administrator* perspective.
+* You have installed the {pipelines-shortname} Operator in your cluster.
+
+.Procedure
+
+. Navigate to the *Pipelines* page to view existing pipeline templates.
+
+. Click the image:../images/import-icon.png[title="Import"] icon to go to the *Import YAML* page.
+
+. Add the YAML for your pipeline template. The template must include the following information:
++
+[source,yaml]
+----
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+# ...
+  namespace: openshift # <1>
+  labels:
+    pipeline.openshift.io/runtime: <runtime> # <2>
+    pipeline.openshift.io/type: <pipeline-type> # <3>
+# ...
+----
+<1> The template must be created in the `openshift` namespace.
+<2> The template must contain the `pipeline.openshift.io/runtime` label. The accepted runtime values for this label are `nodejs`, `golang`, `dotnet`, `java`, `php`, `ruby`, `perl`, `python`, `nginx`, and `httpd`.
+<3> The template must contain the `pipeline.openshift.io/type:` label. The accepted type values for this label are `openshift`, `knative`, and `kubernetes`.
+
+. Click *Create*. After the pipeline has been created, you are taken to the *Pipeline details* page, where you can view information about or edit your pipeline.
diff --git a/modules/op-creating-pipelines-along-with-applications.adoc b/modules/op-creating-pipelines-along-with-applications.adoc
index 2a9b604c8211..56879ae96aca 100644
--- a/modules/op-creating-pipelines-along-with-applications.adoc
+++ b/modules/op-creating-pipelines-along-with-applications.adoc
@@ -1,8 +1,8 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-creating-pipelines-along-with-applications_{context}"]
 = Creating {pipelines-shortname} along with applications
 
diff --git a/modules/op-creating-project-and-checking-pipeline-service-account.adoc b/modules/op-creating-project-and-checking-pipeline-service-account.adoc
index 6ed8af93b398..e48c041696d1 100644
--- a/modules/op-creating-project-and-checking-pipeline-service-account.adoc
+++ b/modules/op-creating-project-and-checking-pipeline-service-account.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/creating-cicd-solutions-using-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-project-and-checking-pipeline-service-account_{context}"]
 = Creating a project and checking your pipeline service account
 
diff --git a/modules/op-creating-webhooks.adoc b/modules/op-creating-webhooks.adoc
index e2365e7f067c..a2f06a09069d 100644
--- a/modules/op-creating-webhooks.adoc
+++ b/modules/op-creating-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-webhooks_{context}"]
 = Creating webhooks
 
diff --git a/modules/op-custom-parameter-expansion.adoc b/modules/op-custom-parameter-expansion.adoc
index 993dc7257e53..031631b42870 100644
--- a/modules/op-custom-parameter-expansion.adoc
+++ b/modules/op-custom-parameter-expansion.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-custom-parameter-expansion_{context}"]
 = Custom parameter expansion
 
@@ -15,7 +15,7 @@ You can use custom parameters in the following scenarios:
 
 [NOTE]
 ====
-Use the custom parameter expansion feature only when you cannot use the Tekton `PipelineRun` parameters because Tekton parameters are defined in a `Pipeline` resource and customized alongside it inside a Git repository. However, custom parameters are defined and customized where the `Repository` CR is located. So, you cannot manage your CI/CD pipeline from a single point. 
+Use the custom parameter expansion feature only when you cannot use the Tekton `PipelineRun` parameters because Tekton parameters are defined in a `Pipeline` resource and customized alongside it inside a Git repository. However, custom parameters are defined and customized where the `Repository` CR is located. So, you cannot manage your CI/CD pipeline from a single point.
 ====
 
 The following example shows a custom parameter named `company` in the `Repository` CR:
@@ -32,7 +32,7 @@ spec:
 
 The value `ABC Company` replaces the parameter name `company` in your pipeline run and in the remotely fetched tasks.
 
-You can also retrieve the value for a custom parameter from a Kubernetes secret, as shown in the following example: 
+You can also retrieve the value for a custom parameter from a Kubernetes secret, as shown in the following example:
 
 [source,yaml]
 ----
diff --git a/modules/op-customizing-pipelines-as-code-configuration.adoc b/modules/op-customizing-pipelines-as-code-configuration.adoc
index fc3186ca2a2b..1feaabce4ece 100644
--- a/modules/op-customizing-pipelines-as-code-configuration.adoc
+++ b/modules/op-customizing-pipelines-as-code-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="customizing-pipelines-as-code-configuration_{context}"]
 = Customizing {pac} configuration
 
diff --git a/modules/op-default-pruner-configuration.adoc b/modules/op-default-pruner-configuration.adoc
index 4d0c45935dc9..c1c7e310e215 100644
--- a/modules/op-default-pruner-configuration.adoc
+++ b/modules/op-default-pruner-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // cicd/pipelines/automatic-pruning-taskrun-pipelinerun.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="default-pruner-configuration_{context}"]
 = Configuring the pruner
 
diff --git a/modules/op-deleting-pipelines.adoc b/modules/op-deleting-pipelines.adoc
index 82b92a2e5e6a..49e648039b75 100644
--- a/modules/op-deleting-pipelines.adoc
+++ b/modules/op-deleting-pipelines.adoc
@@ -1,8 +1,8 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-deleting-pipelines_{context}"]
 = Deleting pipelines
 
diff --git a/modules/op-deleting-the-pipelines-component-and-custom-resources.adoc b/modules/op-deleting-the-pipelines-component-and-custom-resources.adoc
index 99c5818f5fba..8acec6d7b1fa 100644
--- a/modules/op-deleting-the-pipelines-component-and-custom-resources.adoc
+++ b/modules/op-deleting-the-pipelines-component-and-custom-resources.adoc
@@ -2,7 +2,7 @@
 //
 // */openshift_pipelines/uninstalling-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='op-deleting-the-pipelines-component-and-custom-resources_{context}']
 = Deleting the {pipelines-title} components and Custom Resources
 
@@ -28,5 +28,5 @@ Deleting the CRs will delete the {pipelines-title} components, and all the tasks
 
 [IMPORTANT]
 ====
-Repeat the procedure to find and remove CRs of optional components such as {tekton-chains}, before uninstalling the Operator. If you uninstall the Operator without removing the CRs of optional components, you cannot remove them later.
+Repeat the procedure to find and remove CRs of optional components such as {tekton-hub} before uninstalling the Operator. If you uninstall the Operator without removing the CRs of optional components, you cannot remove them later.
 ====
diff --git a/modules/op-differences-between-non-versioned-and-versioned-cluster-tasks.adoc b/modules/op-differences-between-non-versioned-and-versioned-cluster-tasks.adoc
index 052654115dd1..eda7084102d4 100644
--- a/modules/op-differences-between-non-versioned-and-versioned-cluster-tasks.adoc
+++ b/modules/op-differences-between-non-versioned-and-versioned-cluster-tasks.adoc
@@ -1,7 +1,7 @@
 // This module is part of the following assembly:
 //
 // *cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="differences-between-non-versioned-and-versioned-cluster-tasks_{context}"]
 = Differences between non-versioned and versioned cluster tasks
 
@@ -13,12 +13,12 @@ Non-versioned and versioned cluster tasks have different naming conventions. And
 
 | | Non-versioned cluster task | Versioned cluster task
 
-| Nomenclature  
-| The NVCT only contains the name of the cluster task. For example, the name of the NVCT of Buildah installed with Operator v1.7 is `buildah`.  
-| The VCT contains the name of the cluster task, followed by the version as a suffix. For example, the name of the VCT of Buildah installed with Operator v1.7 is `buildah-1-7-0`.  
+| Nomenclature
+| The NVCT only contains the name of the cluster task. For example, the name of the NVCT of Buildah installed with Operator v1.7 is `buildah`.
+| The VCT contains the name of the cluster task, followed by the version as a suffix. For example, the name of the VCT of Buildah installed with Operator v1.7 is `buildah-1-7-0`.
 
-| Upgrade 
-| When you upgrade the Operator, it updates the non-versioned cluster task with the latest changes. The name of the NVCT remains unchanged. 
-| Upgrading the Operator installs the latest version of the VCT and retains the earlier version. The latest version of a VCT corresponds to the upgraded Operator. For example, installing Operator 1.7 installs `buildah-1-7-0` and retains `buildah-1-6-0`. 
+| Upgrade
+| When you upgrade the Operator, it updates the non-versioned cluster task with the latest changes. The name of the NVCT remains unchanged.
+| Upgrading the Operator installs the latest version of the VCT and retains the earlier version. The latest version of a VCT corresponds to the upgraded Operator. For example, installing Operator 1.7 installs `buildah-1-7-0` and retains `buildah-1-6-0`.
 
 |===
\ No newline at end of file
diff --git a/modules/op-disabling-automatic-creation-of-rbac-resources.adoc b/modules/op-disabling-automatic-creation-of-rbac-resources.adoc
index ae3e6d5e135b..852320ee3441 100644
--- a/modules/op-disabling-automatic-creation-of-rbac-resources.adoc
+++ b/modules/op-disabling-automatic-creation-of-rbac-resources.adoc
@@ -2,11 +2,11 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-disabling-automatic-creation-of-rbac-resources_{context}"]
 = Disabling the automatic creation of RBAC resources
 
-The default installation of the {pipelines-title} Operator creates multiple role-based access control (RBAC) resources for all namespaces in the cluster, except the namespaces matching the `^(openshift|kube)-*` regular expression pattern. Among these RBAC resources, the `pipelines-scc-rolebinding` security context constraint (SCC) role binding resource is a potential security issue, because the associated `pipelines-scc` SCC has the `RunAsAny` privilege. 
+The default installation of the {pipelines-title} Operator creates multiple role-based access control (RBAC) resources for all namespaces in the cluster, except the namespaces matching the `^(openshift|kube)-*` regular expression pattern. Among these RBAC resources, the `pipelines-scc-rolebinding` security context constraint (SCC) role binding resource is a potential security issue, because the associated `pipelines-scc` SCC has the `RunAsAny` privilege.
 
 To disable the automatic creation of cluster-wide RBAC resources after the {pipelines-title} Operator is installed, cluster administrators can set the `createRbacResource` parameter to `false` in the cluster-level `TektonConfig` custom resource (CR).
 
diff --git a/modules/op-disabling-cluster-tasks-and-pipeline-templates.adoc b/modules/op-disabling-cluster-tasks-and-pipeline-templates.adoc
index 3cb91e4865d3..c4398be3b500 100644
--- a/modules/op-disabling-cluster-tasks-and-pipeline-templates.adoc
+++ b/modules/op-disabling-cluster-tasks-and-pipeline-templates.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-disabling-cluster-tasks-and-pipeline-templates_{context}"]
 = Disabling cluster tasks and pipeline templates
 
diff --git a/modules/op-disabling-non-versioned-and-versioned-cluster-tasks.adoc b/modules/op-disabling-non-versioned-and-versioned-cluster-tasks.adoc
index 61e7ac2b4467..29cfd21327a3 100644
--- a/modules/op-disabling-non-versioned-and-versioned-cluster-tasks.adoc
+++ b/modules/op-disabling-non-versioned-and-versioned-cluster-tasks.adoc
@@ -1,11 +1,11 @@
 // This module is part of the following assembly:
 //
 // *cicd/pipelines/managing-nonversioned-and-versioned-cluster-tasks.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-non-versioned-and-versioned-cluster-tasks_{context}"]
 = Disabling non-versioned and versioned cluster tasks
 
-As a cluster administrator, you can disable cluster tasks that the {pipelines-shortname} Operator installed. 
+As a cluster administrator, you can disable cluster tasks that the {pipelines-shortname} Operator installed.
 
 .Procedure
 
@@ -38,7 +38,7 @@ When you disable cluster tasks, the Operator removes all the non-versioned clust
 Re-enabling cluster tasks installs the non-versioned cluster tasks.
 ====
 
-. Optional: To delete earlier versions of the versioned cluster tasks, use any one of the following methods: 
+. Optional: To delete earlier versions of the versioned cluster tasks, use any one of the following methods:
 .. To delete individual earlier versioned cluster tasks, use the `oc delete clustertask` command followed by the versioned cluster task name. For example:
 +
 [source,terminal]
@@ -54,6 +54,6 @@ $ oc delete tektoninstallerset versioned-clustertask-1-6-k98as
 +
 [CAUTION]
 ====
-If you delete an old versioned cluster task, you cannot restore it. You can only restore versioned and non-versioned cluster tasks that the current version of the Operator has created.   
+If you delete an old versioned cluster task, you cannot restore it. You can only restore versioned and non-versioned cluster tasks that the current version of the Operator has created.
 ====
 
diff --git a/modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc b/modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc
index fb883e31fab5..fbf7032b69c2 100644
--- a/modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc
+++ b/modules/op-disabling-tekton-hub-authorization-after-upgrade.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="disabling-tekton-hub-authorization-after-upgrade.adoc_{context}"]
 = Disabling {tekton-hub} authorization after upgrading the {pipelines-title} Operator from 1.7 to 1.8
 
 [role="_abstract"]
-When you install {tekton-hub} with {pipelines-title} Operator 1.8, the login authorization and ratings for the {tekton-hub} artifacts are disabled for the default installation. However, when you upgrade the Operator from 1.7 to 1.8, the instance of the {tekton-hub} on your cluster does not automatically disable the login authorization and ratings. 
+When you install {tekton-hub} with {pipelines-title} Operator 1.8, the login authorization and ratings for the {tekton-hub} artifacts are disabled for the default installation. However, when you upgrade the Operator from 1.7 to 1.8, the instance of the {tekton-hub} on your cluster does not automatically disable the login authorization and ratings.
 
 To disable login authorization and ratings for {tekton-hub} after upgrading the Operator from 1.7 to 1.8, perform the steps in the following procedure.
 
@@ -16,7 +16,7 @@ To disable login authorization and ratings for {tekton-hub} after upgrading the
 * Ensure that the {pipelines-title} Operator is installed in the default `openshift-pipelines` namespace on the cluster.
 
 [discrete]
-.Procedure 
+.Procedure
 
 . Delete the existing {tekton-hub} API secret that you created while manually installing {tekton-hub} for Operator 1.7.
 +
diff --git a/modules/op-disabling-the-integretion-of-tekton-hub.adoc b/modules/op-disabling-the-integretion-of-tekton-hub.adoc
index 86c7a038d5f7..dd6a14b0b9d6 100644
--- a/modules/op-disabling-the-integretion-of-tekton-hub.adoc
+++ b/modules/op-disabling-the-integretion-of-tekton-hub.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-disabling-the-integretion-of-tekton-hub_{context}"]
 = Disabling the integration of {tekton-hub}
 
diff --git a/modules/op-disabling-the-service-monitor.adoc b/modules/op-disabling-the-service-monitor.adoc
index c7ce352dcb86..c302b8d3b45e 100644
--- a/modules/op-disabling-the-service-monitor.adoc
+++ b/modules/op-disabling-the-service-monitor.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-disabling-the-service-monitor_{context}"]
 = Disabling the service monitor
 
diff --git a/modules/op-editing-pipelines.adoc b/modules/op-editing-pipelines.adoc
index 559a33f48408..45c670c28003 100644
--- a/modules/op-editing-pipelines.adoc
+++ b/modules/op-editing-pipelines.adoc
@@ -1,8 +1,8 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-editing-pipelines_{context}"]
 = Editing pipelines
 
diff --git a/modules/op-enabling-monitoring-of-event-listeners-for-triggers-for-user-defined-projects.adoc b/modules/op-enabling-monitoring-of-event-listeners-for-triggers-for-user-defined-projects.adoc
index 921a88b8ee83..743be2afa484 100644
--- a/modules/op-enabling-monitoring-of-event-listeners-for-triggers-for-user-defined-projects.adoc
+++ b/modules/op-enabling-monitoring-of-event-listeners-for-triggers-for-user-defined-projects.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-monitoring-of-event-listeners-for-triggers-for-user-defined-projects_{context}"]
 = Enabling monitoring of event listeners for Triggers for user-defined projects
 
diff --git a/modules/op-filtering-pull-requests-using-GitHub-interceptor.adoc b/modules/op-filtering-pull-requests-using-GitHub-interceptor.adoc
index 950059e2f70f..7408dad9a291 100644
--- a/modules/op-filtering-pull-requests-using-GitHub-interceptor.adoc
+++ b/modules/op-filtering-pull-requests-using-GitHub-interceptor.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-filtering-pull-requests-using-GitHub-interceptor_{context}"]
 = Filtering pull requests using GitHub Interceptor
 
 You can filter GitHub events based on the files that have been changed for push and pull events. This helps you to execute a pipeline for only relevant changes in your Git repository.
-GitHub Interceptor adds a comma delimited list of all files that have been changed and uses the CEL Interceptor to filter incoming events based on the changed files. The list of changed files is added to the `changed_files` property of the event payload in the top-level  `extensions` field. 
+GitHub Interceptor adds a comma delimited list of all files that have been changed and uses the CEL Interceptor to filter incoming events based on the changed files. The list of changed files is added to the `changed_files` property of the event payload in the top-level  `extensions` field.
 
 .Prerequisites
 * You have installed the {pipelines-title} Operator.
diff --git a/modules/op-installing-and-deploying-tekton-hub-on-an-openshift-cluster.adoc b/modules/op-installing-and-deploying-tekton-hub-on-an-openshift-cluster.adoc
index 456500ceb511..7206eb55b18c 100644
--- a/modules/op-installing-and-deploying-tekton-hub-on-an-openshift-cluster.adoc
+++ b/modules/op-installing-and-deploying-tekton-hub-on-an-openshift-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-and-deploying-tekton-hub-on-an-openshift-cluster_{context}"]
 = Installing and deploying {tekton-hub} on a {product-title} cluster
 
diff --git a/modules/op-installing-crunchy-postgres-database-and-tekton-hub.adoc b/modules/op-installing-crunchy-postgres-database-and-tekton-hub.adoc
index 9dceffcb9ed1..2493b2ad5666 100644
--- a/modules/op-installing-crunchy-postgres-database-and-tekton-hub.adoc
+++ b/modules/op-installing-crunchy-postgres-database-and-tekton-hub.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-crunchy-postgres-database-and-tekton-hub_{context}"]
 = Optional: Installing Crunchy Postgres database and {tekton-hub}
 
@@ -117,8 +117,8 @@ type: Opaque
 stringData:
   POSTGRES_HOST: test-primary.openshift-operators.svc
   POSTGRES_DB: test
-  POSTGRES_USER: test
-  POSTGRES_PASSWORD: woXOisU5>ocJiTF7y{{;1[Q(
+  POSTGRES_USER: <username>
+  POSTGRES_PASSWORD: <password>
   POSTGRES_PORT: '5432'
 ...
 ----
diff --git a/modules/op-installing-pipelines-as-code-cli.adoc b/modules/op-installing-pipelines-as-code-cli.adoc
index 3b8e6c76be0d..61db856634e3 100644
--- a/modules/op-installing-pipelines-as-code-cli.adoc
+++ b/modules/op-installing-pipelines-as-code-cli.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-pipelines-as-code-cli_{context}"]
 = Installing {pac} CLI
 
@@ -12,8 +12,8 @@ Cluster administrators can use the `tkn pac` and `opc` CLI tools on local machin
 You can install the `tkn pac` and `opc` version `1.11.0` binaries for the supported platforms:
 
 * link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-amd64.tar.gz[Linux (x86_64, amd64)]
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-s390x.tar.gz[Linux on {ibmzProductName} and {linuxoneProductName} (s390x)]
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-ppc64le.tar.gz[Linux on {ibmpowerProductName} (ppc64le)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-s390x.tar.gz[Linux on {ibm-z-name} and {ibm-linuxone-name} (s390x)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-ppc64le.tar.gz[Linux on {ibm-power-name} (ppc64le)]
 * link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-macos-amd64.tar.gz[macOS]
 * link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-windows-amd64.zip[Windows]
 
diff --git a/modules/op-installing-pipelines-as-code-on-an-openshift-cluster.adoc b/modules/op-installing-pipelines-as-code-on-an-openshift-cluster.adoc
index 2ccc73eff7b5..58e42fa4650f 100644
--- a/modules/op-installing-pipelines-as-code-on-an-openshift-cluster.adoc
+++ b/modules/op-installing-pipelines-as-code-on-an-openshift-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-pipelines-as-code-on-an-openshift-cluster_{context}"]
 = Installing {pac} on an {product-title}
 
diff --git a/modules/op-installing-pipelines-operator-in-web-console.adoc b/modules/op-installing-pipelines-operator-in-web-console.adoc
index ebcb8284efb1..54a582c3d7cf 100644
--- a/modules/op-installing-pipelines-operator-in-web-console.adoc
+++ b/modules/op-installing-pipelines-operator-in-web-console.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // */openshift_pipelines/installing-pipelines.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-installing-pipelines-operator-in-web-console_{context}"]
 = Installing the {pipelines-title} Operator in web console
 
diff --git a/modules/op-installing-pipelines-operator-using-the-cli.adoc b/modules/op-installing-pipelines-operator-using-the-cli.adoc
index ec57612a13f1..e97f29125589 100644
--- a/modules/op-installing-pipelines-operator-using-the-cli.adoc
+++ b/modules/op-installing-pipelines-operator-using-the-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_pipelines/installing-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-installing-pipelines-operator-using-the-cli_{context}"]
 = Installing the {pipelines-shortname} Operator using the CLI
 
diff --git a/modules/op-installing-sbo-operator-using-the-web-console.adoc b/modules/op-installing-sbo-operator-using-the-web-console.adoc
index 15ba3da71ab0..bd1c4a9d2845 100644
--- a/modules/op-installing-sbo-operator-using-the-web-console.adoc
+++ b/modules/op-installing-sbo-operator-using-the-web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-installing-sbo-operator-using-the-web-console_{context}"]
 = Installing the {servicebinding-title} using the web console
 
diff --git a/modules/op-installing-tekton-chains-using-pipelines-operator.adoc b/modules/op-installing-tekton-chains-using-pipelines-operator.adoc
index 18e38d618272..4651b0e1c16b 100644
--- a/modules/op-installing-tekton-chains-using-pipelines-operator.adoc
+++ b/modules/op-installing-tekton-chains-using-pipelines-operator.adoc
@@ -2,15 +2,15 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tekton-chains-using-pipelines-operator_{context}"]
 = Installing {tekton-chains} using the {pipelines-title} Operator
 
-Cluster administrators can use the `TektonChain` custom resource (CR) to install and manage {tekton-chains}. 
+Cluster administrators can use the `TektonChain` custom resource (CR) to install and manage {tekton-chains}.
 
 [NOTE]
 ====
-{tekton-chains} is an optional component of {pipelines-title}. Currently, you cannot install it using the `TektonConfig` CR. 
+{tekton-chains} is an optional component of {pipelines-title}. Currently, you cannot install it using the `TektonConfig` CR.
 ====
 
 [discrete]
diff --git a/modules/op-installing-tekton-hub-with-login-and-rating.adoc b/modules/op-installing-tekton-hub-with-login-and-rating.adoc
index d176a72cb671..87e9bd0d2670 100644
--- a/modules/op-installing-tekton-hub-with-login-and-rating.adoc
+++ b/modules/op-installing-tekton-hub-with-login-and-rating.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tekton-hub-with-login-and-rating_{context}"]
 = Installing {tekton-hub} with login and rating
 
@@ -14,7 +14,7 @@ You can install {tekton-hub} on your cluster with custom configuration that supp
 * Ensure that the {pipelines-title} Operator is installed in the default `openshift-pipelines` namespace on the cluster.
 
 [discrete]
-.Procedure 
+.Procedure
 
 . Create an OAuth application with your Git repository hosting provider, and note the Client ID and Client Secret. The supported providers are GitHub, GitLab, and BitBucket.
 
@@ -76,10 +76,10 @@ metadata:
   name: hub
 spec:
   targetNamespace: openshift-pipelines <1>
-  db: <2>                     
-    secret: tekton-hub-db <3> 
+  db: <2>
+    secret: tekton-hub-db <3>
 
-  categories: <4>             
+  categories: <4>
     - Automation
     - Build Tools
     - CLI
@@ -87,7 +87,7 @@ spec:
     - Code Quality
       ...
 
-  catalogs: <5>               
+  catalogs: <5>
     - name: tekton
       org: tektoncd
       type: community
@@ -95,7 +95,7 @@ spec:
       url: https://github.com/tektoncd/catalog
       revision: main
 
-  scopes: <6>                  
+  scopes: <6>
     - name: agent:create
       users: [<username>]
     - name: catalog:refresh
@@ -103,13 +103,13 @@ spec:
     - name: config:refresh
       users: [<username>]
 
-  default: <7>                  
+  default: <7>
     scopes:
       - rating:read
       - rating:write
 
   api:
-    catalogRefreshInterval: 30m <8>   
+    catalogRefreshInterval: 30m <8>
 ----
 <1> The namespace in which {tekton-hub} must be installed; default is `openshift-pipelines`.
 <2> Optional: Custom database, such as a Crunchy Postgres database.
@@ -117,7 +117,7 @@ spec:
 <4> Optional: Customized categories for tasks and pipelines in {tekton-hub}.
 <5> Optional: Customized catalogs for {tekton-hub}.
 <6> Optional: Additional users. You can metion multiple users, such as `[<username_1>, <username_2>, <username_3>]`.
-<7> Optional: Customized default scopes.  
+<7> Optional: Customized default scopes.
 <8> The time interval after which the catalog refreshes automatically. The supported units of time are seconds (`s`), minutes (`m`), hours (`h`), days (`d`), and weeks (`w`). The default interval is 30 minutes.
 +
 [NOTE]
diff --git a/modules/op-installing-tekton-hub-without-login-and-rating.adoc b/modules/op-installing-tekton-hub-without-login-and-rating.adoc
index 1758e4d1431b..9887d1c4cdd7 100644
--- a/modules/op-installing-tekton-hub-without-login-and-rating.adoc
+++ b/modules/op-installing-tekton-hub-without-login-and-rating.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tekton-hub-without-login-and-rating.adoc_{context}"]
 = Installing {tekton-hub} without login and rating
 
@@ -14,7 +14,7 @@ You can install {tekton-hub} on your cluster automatically with default configur
 * Ensure that the {pipelines-title} Operator is installed in the default `openshift-pipelines` namespace on the cluster.
 
 [discrete]
-.Procedure 
+.Procedure
 
 . Create a `TektonHub` CR similar to the following example.
 +
@@ -29,7 +29,7 @@ spec:
   db:                      # Optional: If you want to use custom database
     secret: tekton-hub-db  # Name of db secret should be `tekton-hub-db`
 
-  categories:              # Optional: If you want to use custom categories       
+  categories:              # Optional: If you want to use custom categories
     - Automation
     - Build Tools
     - CLI
@@ -37,7 +37,7 @@ spec:
     - Code Quality
     - ...
 
-  catalogs:                # Optional: If you want to use custom catalogs       
+  catalogs:                # Optional: If you want to use custom catalogs
     - name: tekton
       org: tektoncd
       type: community
@@ -45,7 +45,7 @@ spec:
       url: https://github.com/tektoncd/catalog
       revision: main
 
-  scopes:                   # Optional: If you want to add new users        
+  scopes:                   # Optional: If you want to add new users
     - name: agent:create
       users: [abc, qwe, pqr]
     - name: catalog:refresh
@@ -53,13 +53,13 @@ spec:
     - name: config:refresh
       users: [abc, qwe, pqr]
 
-  default:                   # Optional: If you want to add custom default scopes                               
+  default:                   # Optional: If you want to add custom default scopes
     scopes:
       - rating:read
       - rating:write
 
   api:
-    catalogRefreshInterval: 30m <2>   
+    catalogRefreshInterval: 30m <2>
 ----
 <1> The namespace in which {tekton-hub} must be installed; default is `openshift-pipelines`.
 <2> The time interval after which the catalog refreshes automatically. The supported units of time are seconds (`s`), minutes (`m`), hours (`h`), days (`d`), and weeks (`w`). The default interval is 30 minutes.
diff --git a/modules/op-installing-tkn-on-linux-using-rpm.adoc b/modules/op-installing-tkn-on-linux-using-rpm.adoc
index 7e1949c31432..34786cfd5e99 100644
--- a/modules/op-installing-tkn-on-linux-using-rpm.adoc
+++ b/modules/op-installing-tkn-on-linux-using-rpm.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/tkn_cli/installing-tkn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tkn-on-linux-using-rpm"]
 
 = Installing the {pipelines-title} CLI on Linux using an RPM
@@ -49,30 +49,30 @@ For {op-system-base-full} version 8, you can install the {pipelines-title} CLI a
 +
 * Linux (x86_64, amd64)
 +
-[source,terminal]
+[source,terminal,subs="attributes"]
 ----
-# subscription-manager repos --enable="pipelines-1.11-for-rhel-8-x86_64-rpms"
+# subscription-manager repos --enable="pipelines-{pipelines-version-number}-for-rhel-8-x86_64-rpms"
 ----
 +
-* Linux on {ibmzProductName} and {linuxoneProductName} (s390x)
+* Linux on {ibm-z-name} and {ibm-linuxone-name} (s390x)
 +
-[source,terminal]
+[source,terminal,subs="attributes"]
 ----
-# subscription-manager repos --enable="pipelines-1.11-for-rhel-8-s390x-rpms"
+# subscription-manager repos --enable="pipelines-{pipelines-version-number}-for-rhel-8-s390x-rpms"
 ----
 +
-* Linux on {ibmpowerProductName} (ppc64le)
+* Linux on {ibm-power-name} (ppc64le)
 +
-[source,terminal]
+[source,terminal,subs="attributes"]
 ----
-# subscription-manager repos --enable="pipelines-1.11-for-rhel-8-ppc64le-rpms"
+# subscription-manager repos --enable="pipelines-{pipelines-version-number}-for-rhel-8-ppc64le-rpms"
 ----
 +
 * Linux on ARM (aarch64, arm64)
 +
-[source,terminal]
+[source,terminal,subs="attributes"]
 ----
-# subscription-manager repos --enable="pipelines-1.11-for-rhel-8-arm64-rpms"
+# subscription-manager repos --enable="pipelines-{pipelines-version-number}-for-rhel-8-aarch64-rpms"
 ----
 . Install the `openshift-pipelines-client` package:
 +
diff --git a/modules/op-installing-tkn-on-linux.adoc b/modules/op-installing-tkn-on-linux.adoc
index e623bdf99d55..128e48321ad9 100644
--- a/modules/op-installing-tkn-on-linux.adoc
+++ b/modules/op-installing-tkn-on-linux.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/tkn_cli/installing-tkn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tkn-on-linux"]
 
 = Installing the {pipelines-title} CLI on Linux
@@ -14,13 +14,13 @@ For Linux distributions, you can download the CLI as a `tar.gz` archive.
 
 . Download the relevant CLI tool.
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-amd64.tar.gz[Linux (x86_64, amd64)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-linux-amd64.tar.gz[Linux (x86_64, amd64)]
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-s390x.tar.gz[Linux on {ibmzProductName} and {linuxoneProductName} (s390x)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-linux-s390x.tar.gz[Linux on {ibm-z-name} and {ibm-linuxone-name} (s390x)]
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-ppc64le.tar.gz[Linux on {ibmpowerProductName} (ppc64le)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-linux-ppc64le.tar.gz[Linux on {ibm-power-name} (ppc64le)]
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-linux-arm64.tar.gz[Linux on ARM (aarch64, arm64)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-linux-arm64.tar.gz[Linux on ARM (aarch64, arm64)]
 
 // Binaries also need to be updated in the following modules:
 // op-installing-pipelines-as-code-cli.adoc
@@ -33,8 +33,13 @@ For Linux distributions, you can download the CLI as a `tar.gz` archive.
 ----
 $ tar xvzf <file>
 ----
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . Add the location of your `tkn`, `tkn-pac`, and `opc` files to your `PATH` environment variable.
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+. Add the location of your `tkn` and `tkn-pac` files to your `PATH` environment variable.
+endif::openshift-rosa,openshift-dedicated[]
 
 . To check your `PATH`, run the following command:
 +
diff --git a/modules/op-installing-tkn-on-macos.adoc b/modules/op-installing-tkn-on-macos.adoc
index ea9194d0fc65..cdba9dc6ef3b 100644
--- a/modules/op-installing-tkn-on-macos.adoc
+++ b/modules/op-installing-tkn-on-macos.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/tkn_cli/installing-tkn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tkn-on-macos"]
 
 = Installing the {pipelines-title} CLI on macOS
@@ -14,13 +14,19 @@ For macOS, you can download the CLI as a `tar.gz` archive.
 
 . Download the relevant CLI tool.
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-macos-amd64.tar.gz[macOS]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-macos-amd64.tar.gz[macOS]
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-macos-arm64.tar.gz[macOS on ARM]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-macos-arm64.tar.gz[macOS on ARM]
 
 . Unpack and extract the archive.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Add the location of your `tkn`, `tkn-pac`, and `opc` files to your `PATH` environment variable.
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+. Add the location of your `tkn` and `tkn-pac` and files to your `PATH` environment variable.
+endif::openshift-rosa,openshift-dedicated[]
 
 . To check your `PATH`, run the following command:
 +
diff --git a/modules/op-installing-tkn-on-windows.adoc b/modules/op-installing-tkn-on-windows.adoc
index 2201a4d6ab1d..e982026f584c 100644
--- a/modules/op-installing-tkn-on-windows.adoc
+++ b/modules/op-installing-tkn-on-windows.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/tkn_cli/installing-tkn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-tkn-on-windows"]
 
 = Installing the {pipelines-title} CLI on Windows
@@ -12,11 +12,15 @@ For Windows, you can download the CLI as a `zip` archive.
 
 .Procedure
 
-.  Download the link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/1.11.0/tkn-windows-amd64.zip[CLI tool].
+.  Download the link:https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/{pipelines-version-number}.0/tkn-windows-amd64.zip[CLI tool].
 
 . Extract the archive with a ZIP program.
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . Add the location of your `tkn`, `tkn-pac`, and `opc` files to your `PATH` environment variable.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+. Add the location of your `tkn` and `tkn-pac` files to your `PATH` environment variable.
+endif::openshift-rosa,openshift-dedicated[]
 
 . To check your `PATH`, run the following command:
 +
diff --git a/modules/op-interacting-pipelines-from-topology-view.adoc b/modules/op-interacting-pipelines-from-topology-view.adoc
index 2e452a0c5a62..6242bf203e4a 100644
--- a/modules/op-interacting-pipelines-from-topology-view.adoc
+++ b/modules/op-interacting-pipelines-from-topology-view.adoc
@@ -1,14 +1,14 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-interacting-pipelines_from_topology_view{context}"]
 = Interacting with pipelines from Topology view
 
-The side panel of the application node in the *Topology* page displays the status of a pipeline run and you can interact with it. 
+The side panel of the application node in the *Topology* page displays the status of a pipeline run and you can interact with it.
 
-* If a pipeline run does not start automatically, the side panel displays a message that the pipeline cannot be automatically started, hence it would need to be started manually. 
-* If a pipeline is created but the user has not started the pipeline, its status is not started. When the user clicks the *Not started* status icon, the start dialog box opens in the *Topology* view. 
+* If a pipeline run does not start automatically, the side panel displays a message that the pipeline cannot be automatically started, hence it would need to be started manually.
+* If a pipeline is created but the user has not started the pipeline, its status is not started. When the user clicks the *Not started* status icon, the start dialog box opens in the *Topology* view.
 * If the pipeline has no build or build config, the *Builds* section is not visible. If there is a pipeline and build config, the *Builds section* is visible.
 * The side panel displays a *Log Snippet* when a pipeline run fails on a specific task run. You can view the *Log Snippet* in the *Pipeline Runs* section, under the *Resources* tab. It provides a general error message and a snippet of the log. A link to the *Logs* section provides quick access to the details about the failed run.
diff --git a/modules/op-interacting-with-pipelines-using-the-developer-perspective.adoc b/modules/op-interacting-with-pipelines-using-the-developer-perspective.adoc
index f8159f41e67a..cf366d925290 100644
--- a/modules/op-interacting-with-pipelines-using-the-developer-perspective.adoc
+++ b/modules/op-interacting-with-pipelines-using-the-developer-perspective.adoc
@@ -1,8 +1,8 @@
 // Ths module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-interacting-with-pipelines-using-the-developer-perspective_{context}"]
 = Interacting with pipelines using the Developer perspective
 
@@ -20,7 +20,7 @@ The *Pipelines* view in the *Developer* perspective lists all the pipelines in a
 . In the *Pipelines* view of the *Developer* perspective, select a project from the *Project* drop-down list to see the pipelines in that project.
 . Click the required pipeline to see the *Pipeline details* page.
 +
-By default, the *Details* tab displays a visual representation of all the `serial` tasks, `parallel` tasks, `finally` tasks, and `when` expressions in the pipeline. The tasks and the `finally` tasks are listed in the lower right portion of the page. 
+By default, the *Details* tab displays a visual representation of all the `serial` tasks, `parallel` tasks, `finally` tasks, and `when` expressions in the pipeline. The tasks and the `finally` tasks are listed in the lower right portion of the page.
 +
 To view the task details, click the listed *Tasks* and *Finally* tasks. In addition, you can do the following:
 +
diff --git a/modules/op-interfacing-pipelines-as-code-with-custom-certificates.adoc b/modules/op-interfacing-pipelines-as-code-with-custom-certificates.adoc
index a2920db142d7..a9943a3515a0 100644
--- a/modules/op-interfacing-pipelines-as-code-with-custom-certificates.adoc
+++ b/modules/op-interfacing-pipelines-as-code-with-custom-certificates.adoc
@@ -2,9 +2,9 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="interfacing-pipelines-as-code-with-custom-certificates_{context}"]
-= Interfacing {pac} with custom certificates 
+= Interfacing {pac} with custom certificates
 
 [role="_abstract"]
 To configure {pac} with a Git repository that is accessible with a privately signed or custom certificate, you can expose the certificate to {pac}.
diff --git a/modules/op-limitations-of-unprivileged-builds.adoc b/modules/op-limitations-of-unprivileged-builds.adoc
index 68bee1c5d19e..451e98d19e57 100644
--- a/modules/op-limitations-of-unprivileged-builds.adoc
+++ b/modules/op-limitations-of-unprivileged-builds.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
 // * cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="limitations-of-unprivileged-builds_{context}"]
 = Limitations of unprivileged builds
 
-The process for unprivileged builds works with most `Dockerfile` objects. However, there are some known limitations might cause a build to fail: 
+The process for unprivileged builds works with most `Dockerfile` objects. However, there are some known limitations might cause a build to fail:
 
 * Using the `--mount=type=cache` option might fail due to lack of necessay permissions issues. For more information, see this link:https://access.redhat.com/solutions/6969529[article].
-* Using the `--mount=type=secret` option fails because mounting resources requires additionnal capabilities that are not provided by the custom SCC. 
\ No newline at end of file
+* Using the `--mount=type=secret` option fails because mounting resources requires additionnal capabilities that are not provided by the custom SCC.
\ No newline at end of file
diff --git a/modules/op-migrating-tekton-hub-data-to-an-existing-crunchy-postgres-database.adoc b/modules/op-migrating-tekton-hub-data-to-an-existing-crunchy-postgres-database.adoc
index 588d9e3778c0..50c8c387a769 100644
--- a/modules/op-migrating-tekton-hub-data-to-an-existing-crunchy-postgres-database.adoc
+++ b/modules/op-migrating-tekton-hub-data-to-an-existing-crunchy-postgres-database.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="migrating-tekton-hub-data-to-an-existing-crunchy-postgres-database_{context}"]
 = Optional: Migrating {tekton-hub} data to an existing Crunchy Postgres database
 
 [role="_abstract"]
-{tekton-hub} supports the use of Crunchy Postgres as a custom database. For a pre-installed {tekton-hub} with default database, cluster administrators can use Crunchy Postgres as a custom database after migrating the {tekton-hub} data from the internal or default database to the external Crunchy Postgres database.
+{tekton-hub} supports the use of Crunchy Postgres as a custom database. For a preinstalled {tekton-hub} with default database, cluster administrators can use Crunchy Postgres as a custom database after migrating the {tekton-hub} data from the internal or default database to the external Crunchy Postgres database.
 
 [discrete]
 .Procedure
diff --git a/modules/op-mirroring-images-to-run-pipelines-in-restricted-environment.adoc b/modules/op-mirroring-images-to-run-pipelines-in-restricted-environment.adoc
index ca14a4a9bf89..7cde0dbd9db7 100644
--- a/modules/op-mirroring-images-to-run-pipelines-in-restricted-environment.adoc
+++ b/modules/op-mirroring-images-to-run-pipelines-in-restricted-environment.adoc
@@ -2,7 +2,7 @@
 //
 // pipelines/creating-applications-with-cicd-pipelines
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-mirroring-images-to-run-pipelines-in-restricted-environment_{context}"]
 =  Mirroring images to run pipelines in a restricted environment
 
diff --git a/modules/op-modifiable-fields-with-default-values.adoc b/modules/op-modifiable-fields-with-default-values.adoc
index 6f89515cb443..d4cbd114f62a 100644
--- a/modules/op-modifiable-fields-with-default-values.adoc
+++ b/modules/op-modifiable-fields-with-default-values.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-modifiable-fields-with-default-values_{context}"]
 = Modifiable fields with default values
 
@@ -19,7 +19,7 @@ For clusters that use injected sidecars, setting this field to `false` can lead
 
 * `default-service-account` (default: `pipeline`): This field contains the default service account name to use for the `TaskRun` and `PipelineRun` resources, if none is specified.
 
-* `require-git-ssh-secret-known-hosts` (default: `false`): Setting this field to `true` requires that any Git SSH secret must include the `known_hosts` field. 
+* `require-git-ssh-secret-known-hosts` (default: `false`): Setting this field to `true` requires that any Git SSH secret must include the `known_hosts` field.
 
 ** For more information about configuring Git SSH secrets, see  _Configuring SSH authentication for Git_ in the _Additional resources_ section.
 
diff --git a/modules/op-modifying-catalog-refresh-interval-tekton-hub.adoc b/modules/op-modifying-catalog-refresh-interval-tekton-hub.adoc
index dbcd1997234c..25bf7795d478 100644
--- a/modules/op-modifying-catalog-refresh-interval-tekton-hub.adoc
+++ b/modules/op-modifying-catalog-refresh-interval-tekton-hub.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="modifying-catalog-refresh-interval-tekton-hub_{context}"]
 = Modifying the catalog refresh interval of {tekton-hub}
 
diff --git a/modules/op-monitoring-pipeline-run-status-using-pipelines-as-code.adoc b/modules/op-monitoring-pipeline-run-status-using-pipelines-as-code.adoc
index 97065728d00d..74d6a781a0dc 100644
--- a/modules/op-monitoring-pipeline-run-status-using-pipelines-as-code.adoc
+++ b/modules/op-monitoring-pipeline-run-status-using-pipelines-as-code.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="monitoring-pipeline-run-status-using-pipelines-as-code_{context}"]
 = Monitoring pipeline run status using {pac}
 
diff --git a/modules/op-odc-pipelines-abstract.adoc b/modules/op-odc-pipelines-abstract.adoc
new file mode 100644
index 000000000000..e34e8951c54b
--- /dev/null
+++ b/modules/op-odc-pipelines-abstract.adoc
@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * cicd/pipelines/working-with-pipelines-web-console.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="op-odc-pipelines-abstract_{context}"]
+= Working with {pipelines-title} in the Developer perspective
+
+In the *Developer* perspective, you can access the following options for creating pipelines from the *+Add* page:
+
+* Use the *+Add* -> *Pipelines* -> *Pipeline builder* option to create customized pipelines for your application.
+* Use the *+Add* -> *From Git* option to create pipelines using pipeline templates and resources while creating an application.
+
+After you create the pipelines for your application, you can view and visually interact with the deployed pipelines in the *Pipelines* view. You can also use the *Topology* view to interact with the pipelines created using the *From Git* option. You must apply custom labels to pipelines created using the *Pipeline builder* to see them in the *Topology* view.
diff --git a/modules/op-opting-out-of-tekton-hub-in-the-developer-perspective.adoc b/modules/op-opting-out-of-tekton-hub-in-the-developer-perspective.adoc
index 0cb2bfffd6ae..e99bcd78e16b 100644
--- a/modules/op-opting-out-of-tekton-hub-in-the-developer-perspective.adoc
+++ b/modules/op-opting-out-of-tekton-hub-in-the-developer-perspective.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="opting-out-of-tekton-hub-in-the-developer-perspective_{context}"]
 = Opting out of Tekton Hub in the Developer perspective
 
 [role="_abstract"]
-Cluster administrators can opt out of displaying {tekton-hub} resources, such as tasks and pipelines, in the **Pipeline builder** page of the **Developer** perspective of an {product-title} cluster. 
+Cluster administrators can opt out of displaying {tekton-hub} resources, such as tasks and pipelines, in the **Pipeline builder** page of the **Developer** perspective of an {product-title} cluster.
 
 [discrete]
 .Prerequisite
diff --git a/modules/op-optional-configuration-fields.adoc b/modules/op-optional-configuration-fields.adoc
index 5d9ef7cf5438..557637d1fcd2 100644
--- a/modules/op-optional-configuration-fields.adoc
+++ b/modules/op-optional-configuration-fields.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-optional-configuration-fields_{context}"]
 = Optional configuration fields
 
@@ -14,7 +14,7 @@ The following fields do not have a default value, and are considered only if you
 
 * `default-pod-template`: This field sets the default `TaskRun` and `PipelineRun` pod templates, if none is specified.
 
-* `default-cloud-events-sink`: This field sets the default `CloudEvents` sink that is used for the `TaskRun` and `PipelineRun` resources, if none is specified.  
+* `default-cloud-events-sink`: This field sets the default `CloudEvents` sink that is used for the `TaskRun` and `PipelineRun` resources, if none is specified.
 
 * `default-task-run-workspace-binding`: This field contains the default workspace configuration for the workspaces that a `Task` resource declares, but a `TaskRun` resource does not explicitly declare.
 
diff --git a/modules/op-performance-tuning-using-tektonconfig-cr.adoc b/modules/op-performance-tuning-using-tektonconfig-cr.adoc
index fc55fb6f245a..446da9dbe82c 100644
--- a/modules/op-performance-tuning-using-tektonconfig-cr.adoc
+++ b/modules/op-performance-tuning-using-tektonconfig-cr.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="op-performance-tuning-using-tektonconfig-cr_{context}"]
 = Performance tuning using TektonConfig CR
 
diff --git a/modules/op-pipelines-as-code-command-reference.adoc b/modules/op-pipelines-as-code-command-reference.adoc
index 630710209cd6..90c325fb1318 100644
--- a/modules/op-pipelines-as-code-command-reference.adoc
+++ b/modules/op-pipelines-as-code-command-reference.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="pipelines-as-code-command-reference_{context}"]
 = {pac} command reference
 
diff --git a/modules/op-release-notes-1-10.adoc b/modules/op-release-notes-1-10.adoc
index 3a9436dd8f69..d5f0b92c4065 100644
--- a/modules/op-release-notes-1-10.adoc
+++ b/modules/op-release-notes-1-10.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * cicd/pipelines/op-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-release-notes-1-10_{context}"]
 = Release notes for {pipelines-title} General Availability 1.10
 
@@ -16,7 +16,7 @@ In addition to fixes and stability improvements, the following sections highligh
 === Pipelines
 
 * With this update, you can specify environment variables in a `PipelineRun` or `TaskRun` pod template to override or append the variables that are configured in a task or step. Also, you can specify environment variables in a default pod template to use those variables globally for all `PipelineRuns` and `TaskRuns`. This update also adds a new default configuration named `forbidden-envs` to filter environment variables while propagating from pod templates.
-* With this update, custom tasks in pipelines are enabled by default. 
+* With this update, custom tasks in pipelines are enabled by default.
 +
 [NOTE]
 ====
@@ -24,7 +24,7 @@ To disable this update, set the `enable-custom-tasks` flag to `false` in the `fe
 ====
 
 * This update supports the `v1beta1.CustomRun` API version for custom tasks.
-* This update adds support for the `PipelineRun` reconciler to create a custom run. For example, custom `TaskRuns` created from `PipelineRuns` can now use the `v1beta1.CustomRun` API version instead of `v1alpha1.Run`, if the `custom-task-version` feature flag is set to `v1beta1`, instead of the default value `v1alpha1`. 
+* This update adds support for the `PipelineRun` reconciler to create a custom run. For example, custom `TaskRuns` created from `PipelineRuns` can now use the `v1beta1.CustomRun` API version instead of `v1alpha1.Run`, if the `custom-task-version` feature flag is set to `v1beta1`, instead of the default value `v1alpha1`.
 +
 [NOTE]
 ====
@@ -52,7 +52,7 @@ To enable or disable this update, set the value of the `githubOwners` parameter
 [id="cli-new-features-1-10_{context}"]
 === CLI
 
-* This update adds support to pass a Container Storage Interface (CSI) file as a workspace at the time of starting a `Task`, `ClusterTask` or `Pipeline`. 
+* This update adds support to pass a Container Storage Interface (CSI) file as a workspace at the time of starting a `Task`, `ClusterTask` or `Pipeline`.
 * This update adds `v1` API support to all CLI commands associated with task, pipeline, pipeline run, and task run resources. Tekton CLI works with both `v1beta1` and `v1` APIs for these resources.
 * This update adds support for an object type parameter in the `start` and `describe` commands.
 
@@ -61,7 +61,7 @@ To enable or disable this update, set the value of the `githubOwners` parameter
 === Operator
 
 * This update adds a `default-forbidden-env` parameter in optional pipeline properties. The parameter includes forbidden environment variables that should not be propagated if provided through pod templates.
-* This update adds support for custom logos in Tekton Hub UI. To add a custom logo, set the value of the `customLogo` parameter to base64 encoded URI of logo in the Tekton Hub CR. 
+* This update adds support for custom logos in Tekton Hub UI. To add a custom logo, set the value of the `customLogo` parameter to base64 encoded URI of logo in the Tekton Hub CR.
 * This update increments the version number of the git-clone task to 0.9.
 
 
@@ -96,11 +96,11 @@ include::snippets/technology-preview.adoc[]
 * With this update, you can use the same token to fetch remote tasks from the same host on GitHub with a non-default branch.
 * With this update, {pac} supports Tekton `v1` templates. You can have `v1` and `v1beta1` templates, which {pac} reads for PR generation. The PR is created as `v1` on cluster.
 * Before this update, OpenShift console UI would use a hardcoded pipeline run template as a fallback template when a runtime template was not found in the OpenShift namespace. This update in the `pipelines-as-code` config map provides a new default pipeline run template named, `pipelines-as-code-template-default` for the console to use.
-* With this update, {pac} supports Tekton Pipelines 0.44.0 minimal status. 
+* With this update, {pac} supports Tekton Pipelines 0.44.0 minimal status.
 * With this update, {pac} supports Tekton `v1` API, which means {pac} is now compatible with Tekton v0.44 and later.
 * With this update, you can configure custom console dashboards in addition to configuring a console for OpenShift and Tekton dashboards for k8s.
 * With this update, {pac} detects the installation of a GitHub application initiated using the `tkn pac create repo` command and does not require a GitHub webhook if it was installed globally.
-* Before this update, if there was an error on a `PipelineRun` execution and not on the tasks attached to `PipelineRun`, {pac} would not report the failure properly. With this update, {pac} reports the error properly on the GitHub checks when a `PipelineRun` could not be created.  
+* Before this update, if there was an error on a `PipelineRun` execution and not on the tasks attached to `PipelineRun`, {pac} would not report the failure properly. With this update, {pac} reports the error properly on the GitHub checks when a `PipelineRun` could not be created.
 * With this update, {pac} includes a `target_namespace` variable, which expands to the currently running namespace where the `PipelineRun` is executed.
 * With this update, {pac} lets you bypass GitHub enterprise questions in the CLI bootstrap GitHub application.
 * With this update, {pac} does not report errors when the repository CR was not found.
@@ -118,7 +118,7 @@ include::snippets/technology-preview.adoc[]
 [id="deprecated-features-1-10_{context}"]
 == Deprecated and removed features
 
-* In {pipelines-title} 1.10, the `ClusterTask` commands are now deprecated and are planned to be removed in a future release. The `tkn task create` command is also deprecated with this update. 
+* In {pipelines-title} 1.10, the `ClusterTask` commands are now deprecated and are planned to be removed in a future release. The `tkn task create` command is also deprecated with this update.
 * In {pipelines-title} 1.10, the flags `-i` and `-o` that were used with the `tkn task start` command are now deprecated because the `v1` API does not support pipeline resources.
 * In {pipelines-title} 1.10, the flag `-r` that was used with the `tkn pipeline start` command is deprecated because the `v1` API does not support pipeline resources.
 * The {pipelines-title} 1.10 update sets the `openshiftDefaultEmbeddedStatus` parameter to `both` with `full` and `minimal` embedded status. The flag to change the default embedded status  is also deprecated and will be removed. In addition, the pipeline default embedded status will be changed to `minimal` in a future release.
@@ -135,7 +135,7 @@ include::snippets/technology-preview.adoc[]
 ----
 $ oc get tektoninstallersets.operator.tekton.dev | awk '/pipeline-main-static/ {print $1}' | xargs oc delete tektoninstallersets
 ----
-* With this update, usage of external databases, such as the Crunchy PostgreSQL is not supported on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}. Instead, use the default {tekton-hub} database. 
+* With this update, usage of external databases, such as the Crunchy PostgreSQL is not supported on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}. Instead, use the default {tekton-hub} database.
 
 [id="fixed-issues-1-10_{context}"]
 == Fixed issues
@@ -152,8 +152,8 @@ $ oc get tektoninstallersets.operator.tekton.dev | awk '/pipeline-main-static/ {
 * With this update, the `sign` and `verify` commands for a task or pipeline now work without a kubernetes configuration file.
 * With this update, Tekton Operator cleans leftover pruner cron jobs if pruner has been skipped on a namespace.
 * Before this update, the API `ConfigMap` object would not be updated with a user configured value for a catalog refresh interval. This update fixes the `CATALOG_REFRESH_INTERVAL` API in the Tekon Hub CR.
-* This update fixes reconciling of `PipelineRunStatus` when changing the `EmbeddedStatus` feature flag. This update resets the following parameters: 
-** The `status.runs` and `status.taskruns` parameters to `nil` with `minimal EmbeddedStatus` 
+* This update fixes reconciling of `PipelineRunStatus` when changing the `EmbeddedStatus` feature flag. This update resets the following parameters:
+** The `status.runs` and `status.taskruns` parameters to `nil` with `minimal EmbeddedStatus`
 ** The `status.childReferences` parameter to `nil` with `full EmbeddedStatus`
 * This update adds a conversion configuration to the `ResolutionRequest` CRD. This update properly configures conversion from the `v1alpha1.ResolutionRequest` request to the `v1beta1.ResolutionRequest` request.
 * This update checks for duplicate workspaces associated with a pipeline task.
@@ -207,8 +207,25 @@ With this update, {pipelines-title} General Availability (GA) 1.10.4 is availabl
 [id="fixed-issues-1-10-4_{context}"]
 === Fixed issues
 
-* This update fixes the bundle resolver conversion issue for the `PipelineRef` field in a pipeline run. Now, the conversion feature sets the value of the `kind` field to `Pipeline` after conversion. 
+* This update fixes the bundle resolver conversion issue for the `PipelineRef` field in a pipeline run. Now, the conversion feature sets the value of the `kind` field to `Pipeline` after conversion.
 
 * Before this update, the `pipelinerun.timeouts` field was reset to the `timeouts.pipeline` value, ignoring the `timeouts.tasks` and `timeouts.finally` values. This update fixes the issue and sets the correct default timeout value for a `PipelineRun` resource.
 
-* Before this update, the controller logs contained unnecessary data. This update fixes the issue.
\ No newline at end of file
+* Before this update, the controller logs contained unnecessary data. This update fixes the issue.
+
+[id="release-notes-1-10-5_{context}"]
+== Release notes for {pipelines-title} General Availability 1.10.5
+
+With this update, {pipelines-title} General Availability (GA) 1.10.5 is available on {product-title} 4.10 in addition to 4.11, 4.12, and 4.13.
+
+[IMPORTANT]
+====
+{pipelines-title} 1.10.5 is only available in the `pipelines-1.10` channel on {product-title} 4.10, 4.11, 4.12, and 4.13. It is not available in the `latest` channel for any {product-title} version.
+====
+
+[id="fixed-issues-1-10-5_{context}"]
+=== Fixed issues
+
+* Before this update, huge pipeline runs were not getting listed or deleted using the `oc` and `tkn` commands. This update mitigates this issue by compressing the huge annotations that were causing this problem. Remember that if the pipeline runs are still too huge after compression, then the same error still recurs.
+
+* Before this update, only the pod template specified in the `pipelineRun.spec.taskRunSpecs[].podTemplate` object would be considered for a pipeline run. With this update, the pod template specified in the `pipelineRun.spec.podTemplate` object is also considered and merged with the template specified in the `pipelineRun.spec.taskRunSpecs[].podTemplate` object.
\ No newline at end of file
diff --git a/modules/op-release-notes-1-11.adoc b/modules/op-release-notes-1-11.adoc
index 6c8361583110..5803ea2c68f6 100644
--- a/modules/op-release-notes-1-11.adoc
+++ b/modules/op-release-notes-1-11.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * cicd/pipelines/op-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-release-notes-1-11_{context}"]
 = Release notes for {pipelines-title} General Availability 1.11
 
@@ -24,7 +24,7 @@ Before upgrading to the {pipelines-title} Operator 1.11, ensure that you have at
 
 * This update adds support for results, object parameters, array results, and indexing into an array when you set the `enable-api-fields` feature flag to `beta` value in the `TektonConfig` CR.
 
-* With this update, propagated parameters are now part of a stable feature. This feature enables interpolating parameters in embedded specifications to reduce verbosity in Tekton resources. 
+* With this update, propagated parameters are now part of a stable feature. This feature enables interpolating parameters in embedded specifications to reduce verbosity in Tekton resources.
 
 * With this update, propagated workspaces are now part of a stable feature. You can enable the propagated workspaces feature by setting the `enable-api-fields` feature flag to `alpha` or `beta` value.
 
@@ -41,7 +41,7 @@ Before upgrading to the {pipelines-title} Operator 1.11, ensure that you have at
 
 * With this update, you can define and use a `PipelineRun` context variable in the `pipelineRun.workspaces.subPath` configuration.
 
-* With this update, the `ClusterResolver`, `BundleResolver`, `HubResolver`, and `GitResolver` features are now available by default. 
+* With this update, the `ClusterResolver`, `BundleResolver`, `HubResolver`, and `GitResolver` features are now available by default.
 
 
 [id="triggers-new-features-1-11_{context}"]
@@ -56,7 +56,7 @@ Before upgrading to the {pipelines-title} Operator 1.11, ensure that you have at
 
 * With this update, you can configure pruning for each `PipelineRun` or `TaskRun` resource by setting a `prune-per-resource` boolean field in the `TektonConfig` CR. You can also configure pruning for each `PipelineRun` or `TaskRun` resource in a  namespace by adding the `operator.tekton.dev/prune.prune-per-resource=true` annotation to that namespace.
 
-* With this update, if there are any changes in the {product-title} cluster-wide proxy, Operator Lifecycle Manager (OLM) recreates the {pipelines-title} Operator. 
+* With this update, if there are any changes in the {product-title} cluster-wide proxy, Operator Lifecycle Manager (OLM) recreates the {pipelines-title} Operator.
 * With this update, you can disable the pruner feature by setting the value of the `config.pruner.disabled` field to `true` in the `TektonConfig` CR.
 
 
@@ -65,7 +65,7 @@ Before upgrading to the {pipelines-title} Operator 1.11, ensure that you have at
 
 * With this update, {tekton-chains} is now generally available for use.
 
-* With this update, you can use the skopeo tool with {tekton-chains} to generate keys, which are used in the `cosign` signing scheme. 
+* With this update, you can use the skopeo tool with {tekton-chains} to generate keys, which are used in the `cosign` signing scheme.
 
 * When you upgrade to the {pipelines-title} Operator 1.11, the previous {tekton-chains} configuration will be overwritten and you must set it again in the `TektonConfig` CR.
 
@@ -102,7 +102,7 @@ include::snippets/technology-preview.adoc[]
 +
 With this command, you can also specify a custom GitHub API URL by using the `--github-api-url` argument.
 
-* This update enables error detection for all `PipelineRun` resources by default. {pac} detects if a `PipelineRun` resource execution has failed and shows a snippet of the last few lines of the error. For a GitHub application, {pac} detects error messages in the container logs and exposes them as annotations on a pull request. 
+* This update enables error detection for all `PipelineRun` resources by default. {pac} detects if a `PipelineRun` resource execution has failed and shows a snippet of the last few lines of the error. For a GitHub application, {pac} detects error messages in the container logs and exposes them as annotations on a pull request.
 
 * With this update, you can fetch tasks from a private {tekton-hub} instance attached to a private Git repository. To enable this update, {pac} uses the internal raw URL of the private {tekton-hub} instance instead of using the GitHub raw URL.
 
@@ -116,30 +116,30 @@ With this command, you can also specify a custom GitHub API URL by using the `--
 
 * With this update, {pac} triggers a CI pipeline for a pull request created by a user who is not an owner, collaborator, or public member or is not listed in the `owner` file but has permission to push changes to the repository.
 
-* With this update, the custom console setting allows you to use custom parameters from a `Repository` CR. 
+* With this update, the custom console setting allows you to use custom parameters from a `Repository` CR.
 
 * With this update, {pac} changes all `PipelineRun` labels to `PipelineRun` annotations. You can use a `PipelineRun` annotation to mark a Tekton resource, instead of using a `PipelineRun` label.
 
 * With this update, you can use the `pac-config-logging` config map for watcher and webhook resources, but not for the {pac} controller.
 
 
-[id="breaking-changes-1-11_{context}"]	
-== Breaking changes	
+[id="breaking-changes-1-11_{context}"]
+== Breaking changes
 
 * This update replaces the `resource-verification-mode` feature flag with a new `trusted-resources-verification-no-match-policy` flag in the pipeline specification.
 
-* With this update, you cannot edit the {tekton-chains} CR. Instead, edit the `TektonConfig` CR to configure {tekton-chains}. 
+* With this update, you cannot edit the {tekton-chains} CR. Instead, edit the `TektonConfig` CR to configure {tekton-chains}.
 
 
-[id="deprecated-features-1-11_{context}"]	
-== Deprecated and removed features	
+[id="deprecated-features-1-11_{context}"]
+== Deprecated and removed features
 
 * This update removes support for the `PipelineResource` commands and references from Tekton CLI:
 ** Removal of pipeline resources from cluster tasks
 ** Removal of pipeline resources from tasks
 ** Removal of pipeline resources from pipelines
 ** Removal of resource commands
-** Removal of input and output resources from the `clustertask describe` command 
+** Removal of input and output resources from the `clustertask describe` command
 
 * This update removes support for the `full` embedded status from Tekton CLI.
 
@@ -147,27 +147,27 @@ With this command, you can also specify a custom GitHub API URL by using the `--
 
 * In {pipelines-title} 1.11, support for the `PipelineResource` CR has been removed, use the `Task` CR instead.
 
-* In {pipelines-title} 1.11, support for the `v1alpha1.Run` objects has been removed. You must upgrade the objects from `v1alpha1.Run` to `v1beta1.CustomRun` before upgrading to this release. 
+* In {pipelines-title} 1.11, support for the `v1alpha1.Run` objects has been removed. You must upgrade the objects from `v1alpha1.Run` to `v1beta1.CustomRun` before upgrading to this release.
 
 * In {pipelines-title} 1.11, the `custom-task-version` feature flag has been removed.
 
 * In {pipelines-title} 1.11, the `pipelinerun.status.taskRuns` and `pipelinerun.status.runs` fields have been removed along with the `embedded-status` feature flag. Use the `pipelinerun.status.childReferences` field instead.
 
 
-[id="known-issues-1-11_{context}"]	
-== Known issues	
+[id="known-issues-1-11_{context}"]
+== Known issues
 
-* Setting the `prune-per-resource` boolean field does not delete `PipelineRun` or `TaskRun` resources if they were not part of any pipeline or task. 
+* Setting the `prune-per-resource` boolean field does not delete `PipelineRun` or `TaskRun` resources if they were not part of any pipeline or task.
 
 * Tekton CLI does not show logs of the `PipelineRun` resources that are created by using resolvers.
 
-* When you filter your pipeline results based on the `order_by=created_time+desc&page_size=1` query, you get zero records without any `nextPageToken` value in the output. 
+* When you filter your pipeline results based on the `order_by=created_time+desc&page_size=1` query, you get zero records without any `nextPageToken` value in the output.
 
 * When you set the value of the `loglevel.pipelinesascode` field to `debug`, no debugging logs are generated in the {pac} controller pod. As a workaround, restart the {pac} controller pod.
 
 
-[id="fixed-issues-1-11_{context}"]	
-== Fixed issues	
+[id="fixed-issues-1-11_{context}"]
+== Fixed issues
 
 * Before this update, {pac} failed to create a `PipelineRun` resource while detecting the `generateName` field in the `PipelineRun` CR. With this update, {pac} supports providing the `generateName` field in the `PipelineRun` CR.
 
@@ -180,11 +180,11 @@ With this command, you can also specify a custom GitHub API URL by using the `--
 ** `buckets`
 ** `kube-api-qps`
 ** `kube-api-burst`
-** `threads-per-controller` 
+** `threads-per-controller`
 
-* This update fixes the remote bundle resolver to perform a case-insensitive comparison of the `kind` field with the `dev.tekton.image.kind` annotation value in the bundle. 
+* This update fixes the remote bundle resolver to perform a case-insensitive comparison of the `kind` field with the `dev.tekton.image.kind` annotation value in the bundle.
 
-* Before this update, pods for remote resolvers were terminated because of insufficient memory when you would clone a large Git repository. This update fixes the issue and increases the memory limit for deploying remote resolvers. 
+* Before this update, pods for remote resolvers were terminated because of insufficient memory when you would clone a large Git repository. This update fixes the issue and increases the memory limit for deploying remote resolvers.
 
 * With this update, task and pipeline resources of `v1` type are supported in remote resolution.
 
@@ -202,4 +202,36 @@ With this command, you can also specify a custom GitHub API URL by using the `--
 
 * Before this update, a long pipeline run would be stuck in the running state on the cluster, even after the timeout. This update fixes the issue.
 
-* This update fixes the `tkn pr delete` command for correctly using the `keep` flag. Now, if the value of the `keep` flag equals the number of associated task runs or pipeline runs, the `tkn pr delete` command returns exit code `0` along with a message.
\ No newline at end of file
+* This update fixes the `tkn pr delete` command for correctly using the `keep` flag. With this update, if the value of the `keep` flag equals the number of associated task runs or pipeline runs, the `tkn pr delete` command returns exit code `0` along with a message.
+
+[id="release-notes-1-11-1_{context}"]
+== Release notes for {pipelines-title} General Availability 1.11.1
+
+With this update, {pipelines-title} General Availability (GA) 1.11.1 is available on {product-title} 4.12 and later versions.
+
+[id="fixed-issues-1-11-1_{context}"]
+=== Fixed issues
+
+* Before this update, a task run could fail with a mount path error message, when a running or pending pod was preempted. With this update, a task run does not fail when the cluster causes a pod to be deleted and re-created.
+
+* Before this update, a shell script in a task had to be run as root. With this update, the shell script image has the non-root user ID set so that you can run a task that includes a shell script, such as the `git-clone` task, as a non-root user within the pod.
+
+* Before this update, in {pipelines-title} 1.11.0, when a pipeline run is defined using {pac}, the definition in the Git repository references the `tekton.dev/v1beta1` API version and includes a `spec.pipelineRef.bundle` entry, the `kind` parameter for the bundle reference was wrongly set to `Task`. The issue did not exist in earlier versions of {pipelines-title}. With this update, the `kind` parameter is set correctly.
+
+* Before this update, the `disable-ha` flag was not correctly passed to the `tekton-pipelines` controller, so the High Availability (HA) feature of {pipelines-title} could not be enabled. With this update, the `disable-ha` flag  is correctly passed and you can enable the HA feature as required.
+
+* Before this update, you could not set the URL for {tekton-hub} and {artifact-hub} for the hub resolver, so you could use only the preset addresses of {tekton-hub} and {artifact-hub}. With this update, you can configure the URL for {tekton-hub} and {artifact-hub} for the hub resolver, for example, to use a custom {tekton-hub} instance that you installed.
+
+* With this update, the SHA digest of the `git-init` image corresponds to version 1.10.5, which is the current released version of the image.
+
+* Before this update, the `tekton-pipelines-controller` component used a config map named `config-leader-election`. This name is the default value for knative controllers, so the configuration process for {pipelines-shortname} could affect other controllers and vice versa. With this update, the component uses a unique config name, so the configuration process for {pipelines-shortname} does not affect other controllers and is not affected by other controllers.
+
+* Before this update, when a user without write access to a GitHub repository opened a pull request, {pac} CI/CD actions would show as `skipped` in GitHub. With this update, {pac} CI/CD actions are shown as `Pending approval` in GitHub.
+
+* Before this update, {pac} ran CI/CD actions for every pull request into a branch that matched a configured branch name. With this update, {pac} runs CI/CD actions only when the source branch of the pull request matches the exact configured branch name.
+
+* Before this update, metrics for the {pac} controller were not visible in the {product-title} developer console. With this update, metrics for the {pac} controller are displayed in the developer console.
+
+* Before this update, in {pipelines-title} 1.11.0, the Operator always installed {tekton-chains} and you could not disable installation of the {tekton-chains} component. With this update, you can set the value of the `disabled` parameter to `true` in the `TektonConfig` CR  to disable installation okindf {tekton-chains}.
+
+* Before this update, if you configured {tekton-chains} on an older version of {pipelines-shortname} using the `TektonChain` CR and then upgraded to {pipelines-shortname} version 1.11.0, the configuration information was overwritten. With this update, if you upgrade from an older version of {pipelines-shortname} and {tekton-chains} was configured in the same namespace where the `TektonConfig` is installed (`openshift-pipelines`), {tekton-chains} configuration information is preserved.
diff --git a/modules/op-release-notes-1-2.adoc b/modules/op-release-notes-1-2.adoc
index c9d8b03e88df..371e05d8c74f 100644
--- a/modules/op-release-notes-1-2.adoc
+++ b/modules/op-release-notes-1-2.adoc
@@ -14,7 +14,7 @@
 * Tekton Triggers 0.8.1
 * cluster tasks based on Tekton Catalog 0.16
 * IBM Power Systems on {product-title} 4.6
-* IBM Z and LinuxONE on {product-title} 4.6
+* {ibm-z-name} and {ibm-linuxone-name} on {product-title} 4.6
 
 In addition to the fixes and stability improvements, the following sections highlight what is new in {pipelines-title} 1.2.
 
@@ -26,7 +26,7 @@ In addition to the fixes and stability improvements, the following sections high
 +
 [NOTE]
 ====
-Installations in restricted environments are currently not supported on IBM Power Systems, IBM Z, and LinuxONE.
+Installations in restricted environments are currently not supported on {ibm-power-name} Systems, {ibm-z-name}, and {ibm-linuxone-name}.
 ====
 
 * You can now use the `when` field, instead of `conditions` resource, to run a task only when certain criteria are met. The key components of `WhenExpression` resources are `Input`, `Operator`, and `Values`. If all the when expressions evaluate to `True`, then the task is run. If any of the when expressions evaluate to `False`, the task is skipped.
@@ -104,7 +104,7 @@ $ oc patch el/github-listener-interceptor -p '{"metadata":{"finalizers":["foregr
 $ oc patch crd/eventlisteners.triggers.tekton.dev -p '{"metadata":{"finalizers":[]}}' --type=merge
 ----
 
-* When you run a multi-arch container image task without command specification on an IBM Power Systems (ppc64le) or IBM Z (s390x) cluster, the `TaskRun` resource fails with the following error:
+* When you run a multi-arch container image task without command specification on an {ibm-power-name} Systems (ppc64le) or {ibm-z-name} (s390x) cluster, the `TaskRun` resource fails with the following error:
 +
 [source,terminal]
 ----
diff --git a/modules/op-release-notes-1-3.adoc b/modules/op-release-notes-1-3.adoc
index 60f9f7f5285d..fc97e0b31698 100644
--- a/modules/op-release-notes-1-3.adoc
+++ b/modules/op-release-notes-1-3.adoc
@@ -13,8 +13,8 @@
 * Tekton `tkn` CLI 0.15.0
 * Tekton Triggers 0.10.2
 * cluster tasks based on Tekton Catalog 0.19.0
-* IBM Power Systems on {product-title} 4.7
-* IBM Z and LinuxONE on {product-title} 4.7
+* {ibm-power-name} Systems on {product-title} 4.7
+* {ibm-z-name} and {ibm-linuxone-name} on {product-title} 4.7
 
 In addition to the fixes and stability improvements, the following sections highlight what is new in {pipelines-title} 1.3.
 
diff --git a/modules/op-release-notes-1-4.adoc b/modules/op-release-notes-1-4.adoc
index 58d0baa66fb0..ac64b6569ea2 100644
--- a/modules/op-release-notes-1-4.adoc
+++ b/modules/op-release-notes-1-4.adoc
@@ -125,9 +125,9 @@ Upgrade from {pipelines-shortname} 1.3.x and earlier versions to {pipelines-shor
 
 * In the *Developer* perspective, the pipeline metrics and triggers features are available only on {product-title} 4.7.6 or later versions.
 
-* On IBM Power Systems, IBM Z, and LinuxONE, the `tkn hub` command is not supported.
+* On {ibm-power-name} Systems, {ibm-z-name}, and {ibm-linuxone-name}, the `tkn hub` command is not supported.
 
-* When you run Maven and Jib Maven cluster tasks on an IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters, set the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
+* When you run Maven and Jib Maven cluster tasks on an {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) clusters, set the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
 
 * Triggers throw error resulting from bad handling of the JSON format, if you have the following configuration in the trigger binding:
 +
diff --git a/modules/op-release-notes-1-5.adoc b/modules/op-release-notes-1-5.adoc
index 90b578945060..c27e32762b19 100644
--- a/modules/op-release-notes-1-5.adoc
+++ b/modules/op-release-notes-1-5.adoc
@@ -294,9 +294,9 @@ For {pipelines-title} installed by the Operator, if you do not clone the `git-cl
 . Use the service account while executing a task or a pipeline.
 
 
-* On IBM Power Systems, IBM Z, and LinuxONE, the `s2i-dotnet` cluster task and the `tkn hub` command are unsupported.
+* On {ibm-power-name} Systems, {ibm-z-name}, and {ibm-linuxone-name}, the `s2i-dotnet` cluster task and the `tkn hub` command are unsupported.
 
-* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters. As a workaround, you can specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
+* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) clusters. As a workaround, you can specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
 
 [id="fixed-issues-1-5_{context}"]
 == Fixed issues
diff --git a/modules/op-release-notes-1-6.adoc b/modules/op-release-notes-1-6.adoc
index a1baad9deac0..7057d006c7b6 100644
--- a/modules/op-release-notes-1-6.adoc
+++ b/modules/op-release-notes-1-6.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * cicd/pipelines/op-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-release-notes-1-6_{context}"]
 = Release notes for {pipelines-title} General Availability 1.6
 
@@ -21,7 +21,7 @@ In addition to the fixes and stability improvements, the following sections high
 * With this update, you can authenticate to a registry using the `auth.json` authentication file of Podman. For example, you can use `tkn bundle push` to push to a remote registry using Podman instead of Docker CLI.
 // (link:https://github.com/tektoncd/cli/pull/1430[#1430])
 
-* With this update, if you use the `tkn [taskrun | pipelinerun] delete --all` command, you can preserve runs that are younger than a specified number of minutes by using the new `--keep-since <minutes>` option. For example, to keep runs that are less than five minutes old, you enter `tkn [taskrun | pipelinerun] delete -all --keep-since 5`. 
+* With this update, if you use the `tkn [taskrun | pipelinerun] delete --all` command, you can preserve runs that are younger than a specified number of minutes by using the new `--keep-since <minutes>` option. For example, to keep runs that are less than five minutes old, you enter `tkn [taskrun | pipelinerun] delete -all --keep-since 5`.
 // (link:https://github.com/tektoncd/cli/pull/1435[#1435])
 
 * With this update, when you delete task runs or pipeline runs, you can use the `--parent-resource` and `--keep-since` options together. For example, the `tkn pipelinerun delete --pipeline pipelinename --keep-since 5` command preserves pipeline runs whose parent resource is named `pipelinename` and whose age is five minutes or less. The `tkn tr delete -t <taskname> --keep-since 5` and `tkn tr delete --clustertask <taskname> --keep-since 5` commands work similarly for task runs.
@@ -194,13 +194,13 @@ The `disable-working-directory-overwrite` and `disable-home-env-overwrite` field
 [id="known-issues-1-6_{context}"]
 == Known issues
 
-* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters. As a workaround, you can specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
+* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) clusters. As a workaround, you can specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
 // issue # is unknown.
 
-* On IBM Power Systems, IBM Z, and LinuxONE, the `s2i-dotnet` cluster task is unsupported.
+* On {ibm-power-name} Systems, {ibm-z-name}, and {ibm-linuxone-name}, the `s2i-dotnet` cluster task is unsupported.
 // issue # is unknown.
 
-* Before you install tasks based on the Tekton Catalog on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) using `tkn hub`, verify if the task can be executed on these platforms. To check if `ppc64le` and `s390x` are listed in the "Platforms" section of the task information, you can run the following command: `tkn hub info task <name>`
+* Before you install tasks based on the Tekton Catalog on {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) using `tkn hub`, verify if the task can be executed on these platforms. To check if `ppc64le` and `s390x` are listed in the "Platforms" section of the task information, you can run the following command: `tkn hub info task <name>`
 // issue # is unknown.
 
 * You cannot use the `nodejs:14-ubi8-minimal` image stream because doing so generates the following errors:
@@ -220,7 +220,7 @@ time="2021-11-04T13:05:26Z" level=error msg="exit status 127"
 [id="fixed-issues-1-6_{context}"]
 == Fixed issues
 
-* The `tkn hub` command is now supported on IBM Power Systems, IBM Z, and LinuxONE.
+* The `tkn hub` command is now supported on {ibm-power-name}, {ibm-z-name}, and LinuxONE.
 // issue # is unknown.
 
 //[id="fixed-cli-0-21-0-1-6_{context}"]
@@ -254,7 +254,7 @@ time="2021-11-04T13:05:26Z" level=error msg="exit status 127"
 [id="known-issues-1-6-1_{context}"]
 === Known issues
 
-* After upgrading to {pipelines-title} 1.6.1 from an older version, {pipelines-shortname} might enter an inconsistent state where you are unable to perform any operations (create/delete/apply) on Tekton resources (tasks and pipelines). For example, while deleting a resource, you might encounter the following error: 
+* After upgrading to {pipelines-title} 1.6.1 from an older version, {pipelines-shortname} might enter an inconsistent state where you are unable to perform any operations (create/delete/apply) on Tekton resources (tasks and pipelines). For example, while deleting a resource, you might encounter the following error:
 +
 [source,terminal]
 ----
@@ -284,7 +284,7 @@ Error from server (InternalError): Internal error occurred: failed calling webho
 === Known issues
 
 * When you create a new project, the creation of the `pipeline` service account is delayed, and removal of existing cluster tasks and pipeline templates takes more than 10 minutes.
-// https://issues.redhat.com/browse/SRVKP-2043  
+// https://issues.redhat.com/browse/SRVKP-2043
 
 [id="fixed-issues-1-6-2_{context}"]
 === Fixed issues
@@ -339,7 +339,7 @@ When you upgrade to future releases, the {pipelines-title} Operator will automat
 [id="known-issues-1-6-4_{context}"]
 === Known issues
 
-* After upgrading from {pipelines-title} 1.5.2 to 1.6.4, accessing the event listener routes returns a `503` error. 
+* After upgrading from {pipelines-title} 1.5.2 to 1.6.4, accessing the event listener routes returns a `503` error.
 +
 Workaround: Modify the target port in the YAML file for the event listener's route.
 +
@@ -399,5 +399,5 @@ spec:
 * Before this update, the Operator failed when creating RBAC resources if any namespace was in a `Terminating` state. With this update, the Operator ignores namespaces in a `Terminating` state and creates the RBAC resources.
 // https://issues.redhat.com/browse/SRVKP-2248
 
-* Before this update, the task runs failed or restarted due to absence of annotation specifying the release version of the associated Tekton controller. With this update, the inclusion of the appropriate annotations are automated, and the tasks run without failure or restarts. 
+* Before this update, the task runs failed or restarted due to absence of annotation specifying the release version of the associated Tekton controller. With this update, the inclusion of the appropriate annotations are automated, and the tasks run without failure or restarts.
 // https://issues.redhat.com/browse/SRVKP-2445
\ No newline at end of file
diff --git a/modules/op-release-notes-1-7.adoc b/modules/op-release-notes-1-7.adoc
index e057ec7f86d6..c069d6a3f53e 100644
--- a/modules/op-release-notes-1-7.adoc
+++ b/modules/op-release-notes-1-7.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * cicd/pipelines/op-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-release-notes-1-7_{context}"]
 = Release notes for {pipelines-title} General Availability 1.7
 
@@ -267,16 +267,16 @@ Pipelines as Code supports the following features:
 [id="known-issues-1-7_{context}"]
 == Known issues
 
-* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on ARM, IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters. As a workaround, you can specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
+* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on ARM, {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) clusters. As a workaround, you can specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
 // issue # is unknown.
 +
 [TIP]
 ====
-Before you install tasks that are based on the Tekton Catalog on ARM, IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) using `tkn hub`, verify if the task can be executed on these platforms. To check if `ppc64le` and `s390x` are listed in the "Platforms" section of the task information, you can run the following command: `tkn hub info task <name>`
+Before you install tasks that are based on the Tekton Catalog on ARM, {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) using `tkn hub`, verify if the task can be executed on these platforms. To check if `ppc64le` and `s390x` are listed in the "Platforms" section of the task information, you can run the following command: `tkn hub info task <name>`
 // issue # is unknown.
 ====
 
-* On IBM Power Systems, IBM Z, and LinuxONE, the `s2i-dotnet` cluster task is unsupported.
+* On {ibm-power-name} Systems, {ibm-z-name}, and {ibm-linuxone-name}, the `s2i-dotnet` cluster task is unsupported.
 // issue # is unknown.
 
 * You cannot use the `nodejs:14-ubi8-minimal` image stream because doing so generates the following errors:
diff --git a/modules/op-release-notes-1-8.adoc b/modules/op-release-notes-1-8.adoc
index f2687b32d521..8e196dbcc9f1 100644
--- a/modules/op-release-notes-1-8.adoc
+++ b/modules/op-release-notes-1-8.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * cicd/pipelines/op-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-release-notes-1-8_{context}"]
 = Release notes for {pipelines-title} General Availability 1.8
 
@@ -186,8 +186,8 @@ type: Opaque
 stringData:
   POSTGRES_HOST: <hostname>
   POSTGRES_DB: <database_name>
-  POSTGRES_USER: <user_name>
-  POSTGRES_PASSWORD: <user_password>
+  POSTGRES_USER: <username>
+  POSTGRES_PASSWORD: <password>
   POSTGRES_PORT: <listening_port_number>
 ----
 // link:https://issues.redhat.com/browse/SRVKP-2309[SRVKP-2309 Pipeline as code: validate repository URL uniqueness])
@@ -313,7 +313,7 @@ $ oc get route -n openshift-pipelines pipelines-as-code-controller \
 [id="deprecated-features-1-8_{context}"]
 == Deprecated and removed features
 
-* Starting with {product-title} 4.11, the `preview` and `stable` channels for installing and upgrading the {pipelines-title} Operator are removed. To install and upgrade the Operator, use the appropriate `pipelines-<version>` channel, or the `latest` channel for the most recent stable version. For example, to install the {pipelines-shortname} Operator version `1.8.x`, use the `pipelines-1.8` channel. 
+* Starting with {product-title} 4.11, the `preview` and `stable` channels for installing and upgrading the {pipelines-title} Operator are removed. To install and upgrade the Operator, use the appropriate `pipelines-<version>` channel, or the `latest` channel for the most recent stable version. For example, to install the {pipelines-shortname} Operator version `1.8.x`, use the `pipelines-1.8` channel.
 +
 [NOTE]
 ====
@@ -372,18 +372,18 @@ Workaround: Use `nodejs:14-ubi8` rather than the `nodejs:14-ubi8-minimal` image
 
 // .ARM (Tech Preview feature)
 
-* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on ARM, IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters.
+* When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on ARM, {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) clusters.
 +
 Workaround: Specify a custom image by setting the `MAVEN_IMAGE` parameter value to `maven:3.6.3-adoptopenjdk-11`.
 +
 [TIP]
 ====
-Before you install tasks that are based on the Tekton Catalog on ARM, IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) using `tkn hub`, verify if the task can be executed on these platforms. To check if `ppc64le` and `s390x` are listed in the "Platforms" section of the task information, you can run the following command: `tkn hub info task <name>`
+Before you install tasks that are based on the Tekton Catalog on ARM, {ibm-power-name} Systems (ppc64le), {ibm-z-name}, and {ibm-linuxone-name} (s390x) using `tkn hub`, verify if the task can be executed on these platforms. To check if `ppc64le` and `s390x` are listed in the "Platforms" section of the task information, you can run the following command: `tkn hub info task <name>`
 // issue # is unknown.
 ====
 // link:https://issues.redhat.com/browse/SRVKP-2375 for ARM issue
 
-* On ARM, IBM Power Systems, IBM Z, and LinuxONE, the `s2i-dotnet` cluster task is unsupported.
+* On ARM, {ibm-power-name} Systems, {ibm-z-name}, and {ibm-linuxone-name}, the `s2i-dotnet` cluster task is unsupported.
 // issue # is unknown. Added ARM in 1.8
 
 // Pipelines
@@ -550,7 +550,7 @@ With this update, {pipelines-title} General Availability (GA) 1.8.1 is available
 [id="known-issues-1-8-1_{context}"]
 === Known issues
 
-* By default, the containers have restricted permissions for enhanced security. The restricted permissions apply to all controller pods in the {pipelines-title} Operator, and to some cluster tasks. Due to restricted permissions, the `git-clone` cluster task fails under certain configurations. 
+* By default, the containers have restricted permissions for enhanced security. The restricted permissions apply to all controller pods in the {pipelines-title} Operator, and to some cluster tasks. Due to restricted permissions, the `git-clone` cluster task fails under certain configurations.
 +
 Workaround: None. You can track the issue link:https://issues.redhat.com/browse/SRVKP-2634[SRVKP-2634].
 
@@ -559,22 +559,22 @@ Workaround: None. You can track the issue link:https://issues.redhat.com/browse/
 .Example: Failed installer sets
 [source,terminal]
 ----
-$ oc get tektoninstallerset 
+$ oc get tektoninstallerset
 NAME                                     READY   REASON
 addon-clustertasks-nx5xz                 False   Error
-addon-communityclustertasks-cfb2p        True    
-addon-consolecli-ftrb8                   True    
-addon-openshift-67dj2                    True    
-addon-pac-cf7pz                          True    
-addon-pipelines-fvllm                    True    
-addon-triggers-b2wtt                     True    
+addon-communityclustertasks-cfb2p        True
+addon-consolecli-ftrb8                   True
+addon-openshift-67dj2                    True
+addon-pac-cf7pz                          True
+addon-pipelines-fvllm                    True
+addon-triggers-b2wtt                     True
 addon-versioned-clustertasks-1-8-hqhnw   False   Error
-pipeline-w75ww                           True    
-postpipeline-lrs22                       True    
-prepipeline-ldlhw                        True    
-rhosp-rbac-4dmgb                         True    
-trigger-hfg64                            True    
-validating-mutating-webhoook-28rf7       True 
+pipeline-w75ww                           True
+postpipeline-lrs22                       True
+prepipeline-ldlhw                        True
+rhosp-rbac-4dmgb                         True
+trigger-hfg64                            True
+validating-mutating-webhoook-28rf7       True
 ----
 +
 .Example: Incorrect `TektonConfig` status
@@ -582,7 +582,7 @@ validating-mutating-webhoook-28rf7       True
 ----
 $ oc get tektonconfig config
 NAME     VERSION   READY   REASON
-config   1.8.1     True 
+config   1.8.1     True
 ----
 
 // https://issues.redhat.com/browse/SRVKP-2556
diff --git a/modules/op-release-notes-1-9.adoc b/modules/op-release-notes-1-9.adoc
index 07f591cbcbf8..10083b6302dc 100644
--- a/modules/op-release-notes-1-9.adoc
+++ b/modules/op-release-notes-1-9.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assembly:
 //
 // * cicd/pipelines/op-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="op-release-notes-1-9_{context}"]
 = Release notes for {pipelines-title} General Availability 1.9
 
@@ -44,7 +44,7 @@ In addition to the fixes and stability improvements, the following sections high
 * This update supports using trigger `eventID` as input to `TriggerBinding`.
 
 * This update supports validation and rotation of certificates for the `ClusterInterceptor` server. 
-** Triggers perform certificate validation for core interceptors and rotate a new certificate to `ClusterInterceptor` when its certificate expires. 
+** Triggers perform certificate validation for core interceptors and rotate a new certificate to `ClusterInterceptor` when its certificate expires.
 
 
 [id="cli-new-features-1-9_{context}"]
@@ -62,7 +62,7 @@ In addition to the fixes and stability improvements, the following sections high
 
 * This update adds a new flag `--ignore-running-pipelinerun`, which ignores the deletion of `TaskRun` associated with `PipelineRun`.
 
-* This update adds support for experimental commands. This update also adds experimental subcommands, `sign` and `verify` to the `tkn` CLI tool. 
+* This update adds support for experimental commands. This update also adds experimental subcommands, `sign` and `verify` to the `tkn` CLI tool.
 
 * This update makes the Z shell (Zsh) completion feature usable without generating any files.
 
@@ -105,7 +105,7 @@ kind: TektonConfig
 metadata:
   name: config
 spec:
-  pipeline: 
+  pipeline:
     enable-bundles-resolver: true
     enable-cluster-resolver: true
     enable-git-resolver: true
@@ -114,7 +114,7 @@ spec:
 ----
 +
 You can also provide resolver specific configurations in `TektonConfig`. For example, you can define the following fields in the `map[string]string` format to set configurations for individual resolvers:
-+ 
++
 [source,yaml,subs="attributes+"]
 ----
 apiVersion: operator.tekton.dev/v1alpha1
@@ -122,14 +122,14 @@ kind: TektonConfig
 metadata:
   name: config
 spec:
-  pipeline: 
+  pipeline:
     bundles-resolver-config:
       default-service-account: pipelines
     cluster-resolver-config:
       default-namespace: test
     git-resolver-config:
       server-url: localhost.com
-    hub-resolver-config: 
+    hub-resolver-config:
       default-tekton-hub-catalog: tekton
 ...
 ----
@@ -143,7 +143,7 @@ include::snippets/technology-preview.adoc[]
 
 * Before this update, only Open Container Initiative (OCI) images were supported as outputs of `TaskRun` in the in-toto provenance agent. This update adds in-toto provenance metadata as outputs with these suffixes, `ARTIFACT_URI` and `ARTIFACT_DIGEST`.
 
-* Before this update, only `TaskRun` attestations were supported. This update adds support for `PipelineRun` attestations as well. 
+* Before this update, only `TaskRun` attestations were supported. This update adds support for `PipelineRun` attestations as well.
 
 * This update adds support for {tekton-chains} to get the `imgPullSecret` parameter from the pod template. This update helps you to configure repository authentication based on each pipeline run or task run without modifying the service account.
 
@@ -162,7 +162,7 @@ include::snippets/technology-preview.adoc[]
 ** Modify {tekton-hub} configuration data on the cluster. All modifications are preserved upon Operator upgrades.
 ** Update the list of catalogs for {tekton-hub}
 ** Change the categories for {tekton-hub}
-+ 
++
 [NOTE]
 ====
 If you do not add any configuration data, you can use the default data in the API `ConfigMap` for {tekton-hub} configurations.
@@ -175,7 +175,7 @@ If you do not add any configuration data, you can use the default data in the AP
 
 * This update adds a new command `tkn pac logs` for showing the logs of the latest pipeline run for a repository.
 
-* This update supports advanced event matching on file path for push and pull requests to GitHub and GitLab. For example, you can use the Common Expression Language (CEL) to run a pipeline only if a path has changed for any markdown file in the `docs` directory. 
+* This update supports advanced event matching on file path for push and pull requests to GitHub and GitLab. For example, you can use the Common Expression Language (CEL) to run a pipeline only if a path has changed for any markdown file in the `docs` directory.
 +
 [source,yaml]
 ----
@@ -192,23 +192,23 @@ If you do not add any configuration data, you can use the default data in the AP
 * With this update, {pac} generates metrics for `PipelineRuns` with provider information.
 
 * This update provides the following enhancements for the `tkn-pac` plugin:
-** Detects running pipelines correctly 
+** Detects running pipelines correctly
 ** Fixes showing duration when there is no failure completion time
 ** Shows an error snippet and highlights the error regular expression pattern in the `tkn-pac describe` command
 ** Adds the `use-real-time` switch to the `tkn-pac ls` and `tkn-pac describe` commands
 ** Imports the `tkn-pac` logs documentation
 ** Shows `pipelineruntimeout` as a failure in the `tkn-pac ls` and `tkn-pac describe` commands.
 ** Show a specific pipeline run failure with the `--target-pipelinerun` option.
-      
-* With this update, you can view the errors for your pipeline run in the form of a version control system (VCS) comment or a small snippet in the GitHub checks. 
+
+* With this update, you can view the errors for your pipeline run in the form of a version control system (VCS) comment or a small snippet in the GitHub checks.
 
 * With this update, {pac} optionally can detect errors inside the tasks if they are of a simple format and add those tasks as annotations in GitHub. This update is part of a developer preview feature.
 
 * This update adds the following new commands:
-** `tkn-pac webhook add`: Adds a webhook to project repository settings and updates the `webhook.secret` key in the existing `k8s Secret` object without updating the repository. 
+** `tkn-pac webhook add`: Adds a webhook to project repository settings and updates the `webhook.secret` key in the existing `k8s Secret` object without updating the repository.
 ** `tkn-pac webhook update-token`: Updates provider token for an existing `k8s Secret` object without updating the repository.
 
-* This update enhances functionality of the `tkn-pac create repo` command, which creates and configures webhooks for GitHub, GitLab, and BitbucketCloud along with creating repositories. 
+* This update enhances functionality of the `tkn-pac create repo` command, which creates and configures webhooks for GitHub, GitLab, and BitbucketCloud along with creating repositories.
 
 * With this update, the `tkn-pac describe` command shows the latest fifty events in a sorted order.
 
@@ -218,7 +218,7 @@ If you do not add any configuration data, you can use the default data in the AP
 
 * With this update, {pac} hides secrets from log snippets to avoid exposing secrets in the GitHub interface.
 
-* With this update, the secrets automatically generated for `git_auth_secret` are an owner reference with `PipelineRun`. The secrets get cleaned with the `PipelineRun`, not after the pipeline run execution. 
+* With this update, the secrets automatically generated for `git_auth_secret` are an owner reference with `PipelineRun`. The secrets get cleaned with the `PipelineRun`, not after the pipeline run execution.
 
 * This update adds support to cancel a pipeline run with the `/cancel` comment.
 
@@ -226,15 +226,15 @@ If you do not add any configuration data, you can use the default data in the AP
 ** `secret-github-app-token-scoped`: Scopes the app token to the target repository, not to every repository the app installation has access to.
 ** `secret-github-app-scope-extra-repos`: Customizes the scoping of the  app token with an additional owner or repository.
 
-* With this update, you can use {pac} with your own Git repositories that are hosted on GitLab. 
- 
+* With this update, you can use {pac} with your own Git repositories that are hosted on GitLab.
+
 * With this update, you can access pipeline execution details in the form of kubernetes events in your namespace. These details help you to troubleshoot pipeline errors without needing access to admin namespaces.
 
-* This update supports authentication of URLs in the {pac} resolver with the Git provider. 
+* This update supports authentication of URLs in the {pac} resolver with the Git provider.
 
 * With this update, you can set the name of the hub catalog by using a setting in the `pipelines-as-code` config map.
 
-* With this update, you can set the maximum and default limits for the `max-keep-run` parameter. 
+* With this update, you can set the maximum and default limits for the `max-keep-run` parameter.
 
 * This update adds documents on how to inject custom Secure Sockets Layer (SSL) certificates in {pac} to let you connect to provider instance with custom certificates.
 
@@ -242,68 +242,68 @@ If you do not add any configuration data, you can use the default data in the AP
 
 * With this update, `tkn-pac` logs show repository name, instead of `PipelineRun` name.
 
-[id="breaking-changes-1-9_{context}"]	
-== Breaking changes	
+[id="breaking-changes-1-9_{context}"]
+== Breaking changes
 
-// .Pipelines	
+// .Pipelines
 
-* With this update, the `Conditions` custom resource definition (CRD) type has been removed. As an alternative, use the `WhenExpressions` instead.	
+* With this update, the `Conditions` custom resource definition (CRD) type has been removed. As an alternative, use the `WhenExpressions` instead.
 
-* With this update, support for `tekton.dev/v1alpha1` API pipeline resources, such as Pipeline, PipelineRun, Task, Clustertask, and TaskRun has been removed.	
+* With this update, support for `tekton.dev/v1alpha1` API pipeline resources, such as Pipeline, PipelineRun, Task, Clustertask, and TaskRun has been removed.
 
 * With this update, the `tkn-pac setup` command has been removed. Instead, use the `tkn-pac webhook add` command to re-add a webhook to an existing Git repository. And use the `tkn-pac webhook update-token` command to update the personal provider access token for an existing Secret object in the Git repository.
 
 * With this update, a namespace that runs a pipeline with default settings does not apply the `pod-security.kubernetes.io/enforce:privileged` label to a workload.
 
 
-[id="deprecated-features-1-9_{context}"]	
-== Deprecated and removed features	
+[id="deprecated-features-1-9_{context}"]
+== Deprecated and removed features
 
-* In the {pipelines-title} 1.9.0 release, `ClusterTasks` are deprecated and planned to be removed in a future release. As an alternative, you can use `Cluster Resolver`.	
+* In the {pipelines-title} 1.9.0 release, `ClusterTasks` are deprecated and planned to be removed in a future release. As an alternative, you can use `Cluster Resolver`.
 
-* In the {pipelines-title} 1.9.0 release, the use of the `triggers` and the `namespaceSelector` fields in a single `EventListener` specification is deprecated and planned to be removed in a future release. You can use these fields in different `EventListener` specifications successfully.	
+* In the {pipelines-title} 1.9.0 release, the use of the `triggers` and the `namespaceSelector` fields in a single `EventListener` specification is deprecated and planned to be removed in a future release. You can use these fields in different `EventListener` specifications successfully.
 
-* In the {pipelines-title} 1.9.0 release, the `tkn pipelinerun describe` command does not display timeouts for the `PipelineRun` resource.	
+* In the {pipelines-title} 1.9.0 release, the `tkn pipelinerun describe` command does not display timeouts for the `PipelineRun` resource.
 
-* In the {pipelines-title} 1.9.0 release, the PipelineResource` custom resource (CR) is deprecated. The `PipelineResource` CR was a Tech Preview feature and part of the `tekton.dev/v1alpha1` API.	
+* In the {pipelines-title} 1.9.0 release, the PipelineResource` custom resource (CR) is deprecated. The `PipelineResource` CR was a Tech Preview feature and part of the `tekton.dev/v1alpha1` API.
 
-* In the {pipelines-title} 1.9.0 release, custom image parameters from cluster tasks are deprecated. As an alternative, you can copy a cluster task and use your custom image in it.	
+* In the {pipelines-title} 1.9.0 release, custom image parameters from cluster tasks are deprecated. As an alternative, you can copy a cluster task and use your custom image in it.
 
-[id="known-issues-1-9_{context}"]	
-== Known issues	
+[id="known-issues-1-9_{context}"]
+== Known issues
 
-// .Operator	
+// .Operator
 
-* The `chains-secret` and `chains-config` config maps are removed after you uninstall the {pipelines-title} Operator. As they contain user data, they should be preserved and not deleted.	
-// https://issues.redhat.com/browse/SRVKP-2396	
+* The `chains-secret` and `chains-config` config maps are removed after you uninstall the {pipelines-title} Operator. As they contain user data, they should be preserved and not deleted.
+// https://issues.redhat.com/browse/SRVKP-2396
 
-// .PAC	
+// .PAC
 
-* When running the `tkn pac` set of commands on Windows, you may receive the following error message: `Command finished with error: not supported by Windows.`	
-+	
+* When running the `tkn pac` set of commands on Windows, you may receive the following error message: `Command finished with error: not supported by Windows.`
++
 
-Workaround: Set the `NO_COLOR` environment variable to `true`.	
-// https://issues.redhat.com/browse/SRVKP-2197	
+Workaround: Set the `NO_COLOR` environment variable to `true`.
+// https://issues.redhat.com/browse/SRVKP-2197
 
-* Running the `tkn pac resolve -f <filename> | oc create -f` command may not provide expected results, if the `tkn pac resolve` command uses a templated parameter value to function.	
-+	
-Workaround: To mitigate this issue, save the output of `tkn pac resolve` in a temporary file by running the `tkn pac resolve -f <filename> -o tempfile.yaml` command and then run the `oc create -f tempfile.yaml` command. For example, `tkn pac resolve -f <filename> -o /tmp/pull-request-resolved.yaml && oc create -f /tmp/pull-request-resolved.yaml`.	
+* Running the `tkn pac resolve -f <filename> | oc create -f` command may not provide expected results, if the `tkn pac resolve` command uses a templated parameter value to function.
++
+Workaround: To mitigate this issue, save the output of `tkn pac resolve` in a temporary file by running the `tkn pac resolve -f <filename> -o tempfile.yaml` command and then run the `oc create -f tempfile.yaml` command. For example, `tkn pac resolve -f <filename> -o /tmp/pull-request-resolved.yaml && oc create -f /tmp/pull-request-resolved.yaml`.
 
-[id="fixed-issues-1-9_{context}"]	
-== Fixed issues	
+[id="fixed-issues-1-9_{context}"]
+== Fixed issues
 
-// .Pipelines	
+// .Pipelines
 
-* Before this update, after replacing an empty array, the original array returned an empty string rendering the paramaters inside it invalid. With this update, this issue is resolved and the original array returns as empty. 	
-// Vincent Demeester	
+* Before this update, after replacing an empty array, the original array returned an empty string rendering the paramaters inside it invalid. With this update, this issue is resolved and the original array returns as empty.
+// Vincent Demeester
 
-* Before this update, if duplicate secrets were present in a service account for a pipelines run, it resulted in failure in task pod creation. With this update, this issue is resolved and the task pod is created successfully even if duplicate secrets are present in a service account.	
-// Vincent Demeester	
+* Before this update, if duplicate secrets were present in a service account for a pipelines run, it resulted in failure in task pod creation. With this update, this issue is resolved and the task pod is created successfully even if duplicate secrets are present in a service account.
+// Vincent Demeester
 
 * Before this update, by looking at the TaskRun's `spec.StatusMessage` field, users could not distinguish whether the `TaskRun` had been cancelled by the user or by a `PipelineRun` that was part of it. With this update, this issue is resolved and users can distinguish the status of the `TaskRun` by looking at the TaskRun's `spec.StatusMessage` field.
-// Vincent Demeester	
+// Vincent Demeester
 
-* Before this update, webhook validation was removed on deletion of old versions of invalid objects. With this update, this issue is resolved.	
+* Before this update, webhook validation was removed on deletion of old versions of invalid objects. With this update, this issue is resolved.
 // Vincent Demeester @vdeemester
 
 * Before this update, if you set the `timeouts.pipeline` parameter to `0`, you could not set the `timeouts.tasks` parameter or the `timeouts.finally` parameters. This update resolves the issue. Now, when you set the `timeouts.pipeline` parameter value, you can set the value of either the`timeouts.tasks` parameter or the `timeouts.finally` parameter. For example:
@@ -319,58 +319,58 @@ spec:
 ----
 // Vincent Demeester @vdeemester
 
-* Before this update, a race condition could occur if another tool updated labels or annotations on a PipelineRun or TaskRun. With this update, this issue is resolved and you can merge labels or annotations.	
-// Vincent Demeester @vdeemester	
+* Before this update, a race condition could occur if another tool updated labels or annotations on a PipelineRun or TaskRun. With this update, this issue is resolved and you can merge labels or annotations.
+// Vincent Demeester @vdeemester
 
-// .Triggers	
+// .Triggers
 
-* Before this update, log keys did not have the same keys as in pipelines controllers. With this update, this issue has been resolved and the log keys have been updated to match the log stream of pipeline controllers. The keys in logs have been changed from "ts" to "timestamp", from "level" to "severity", and from "message" to "msg".	
-// https://issues.redhat.com/browse/SRVKP-1959	
-// @KhurramBaig	
+* Before this update, log keys did not have the same keys as in pipelines controllers. With this update, this issue has been resolved and the log keys have been updated to match the log stream of pipeline controllers. The keys in logs have been changed from "ts" to "timestamp", from "level" to "severity", and from "message" to "msg".
+// https://issues.redhat.com/browse/SRVKP-1959
+// @KhurramBaig
 
-// .CLI	
+// .CLI
 
-* Before this update, if a PipelineRun was deleted with an unknown status, an error message was not generated. With this update, this issue is resolved and an error message is generated.	
-// https://github.com/tektoncd/cli/pull/1684	
-// Piyush Garg @piyush-garg	
+* Before this update, if a PipelineRun was deleted with an unknown status, an error message was not generated. With this update, this issue is resolved and an error message is generated.
+// https://github.com/tektoncd/cli/pull/1684
+// Piyush Garg @piyush-garg
 
-* Before this update, to access bundle commands like `list` and `push`, it was required to use the `kubeconfig` file . With this update, this issue has been resolved and the `kubeconfig` file is not required to access bundle commands.	
-// https://github.com/tektoncd/cli/pull/1557	
-// Piyush Garg @piyush-garg	
+* Before this update, to access bundle commands like `list` and `push`, it was required to use the `kubeconfig` file . With this update, this issue has been resolved and the `kubeconfig` file is not required to access bundle commands.
+// https://github.com/tektoncd/cli/pull/1557
+// Piyush Garg @piyush-garg
 
-* Before this update, if the parent PipelineRun was running while deleting TaskRuns, then TaskRuns would be deleted. With this update, this issue is resolved and TaskRuns are not getting deleted if the parent PipelineRun is running.	
-// https://github.com/tektoncd/cli/pull/1736	
-// Piyush Garg @piyush-garg	
+* Before this update, if the parent PipelineRun was running while deleting TaskRuns, then TaskRuns would be deleted. With this update, this issue is resolved and TaskRuns are not getting deleted if the parent PipelineRun is running.
+// https://github.com/tektoncd/cli/pull/1736
+// Piyush Garg @piyush-garg
 
-* Before this update, if the user attempted to build a bundle with more objects than the pipeline controller permitted, the Tekton CLI did not display an error message. With this update, this issue is resolved and the Tekton CLI displays an error message if the user attempts to build a bundle with more objects than the limit permitted in the pipeline controller.	
-// https://github.com/tektoncd/cli/pull/1572	
-// Piyush Garg @piyush-garg	
+* Before this update, if the user attempted to build a bundle with more objects than the pipeline controller permitted, the Tekton CLI did not display an error message. With this update, this issue is resolved and the Tekton CLI displays an error message if the user attempts to build a bundle with more objects than the limit permitted in the pipeline controller.
+// https://github.com/tektoncd/cli/pull/1572
+// Piyush Garg @piyush-garg
 
-// .Operator	
+// .Operator
 
-* Before this update, if namespaces were removed from the cluster, then the operator did not remove namespaces from the `ClusterInterceptor ClusterRoleBinding` subjects. With this update, this issue has been resolved, and the operator removes the namespaces from the `ClusterInterceptor ClusterRoleBinding` subjects.	
-// Shubham Minglani	
+* Before this update, if namespaces were removed from the cluster, then the operator did not remove namespaces from the `ClusterInterceptor ClusterRoleBinding` subjects. With this update, this issue has been resolved, and the operator removes the namespaces from the `ClusterInterceptor ClusterRoleBinding` subjects.
+// Shubham Minglani
 
-* Before this update, the default installation of the {pipelines-title} Operator resulted in the `pipelines-scc-rolebinding security context constraint` (SCC) role binding resource remaining in the cluster. With this update, the default installation of the {pipelines-title} Operator results in the `pipelines-scc-rolebinding security context constraint` (SCC) role binding resource resource being removed from the cluster.	
-// https://github.com/tektoncd/operator/pull/1156	
-// https://issues.redhat.com/browse/SRVKP-2520	
-// Shubham Minglani	
+* Before this update, the default installation of the {pipelines-title} Operator resulted in the `pipelines-scc-rolebinding security context constraint` (SCC) role binding resource remaining in the cluster. With this update, the default installation of the {pipelines-title} Operator results in the `pipelines-scc-rolebinding security context constraint` (SCC) role binding resource resource being removed from the cluster.
+// https://github.com/tektoncd/operator/pull/1156
+// https://issues.redhat.com/browse/SRVKP-2520
+// Shubham Minglani
 
-// .PAC	
+// .PAC
 
 * Before this update, {pac} did not get updated values from the {pac} `ConfigMap` object. With this update, this issue is fixed and the {pac} `ConfigMap` object looks for any new changes.
-// Savita Ashture	
+// Savita Ashture
 
-* Before this update, {pac} controller did not wait for the `tekton.dev/pipeline` label to be updated and added the `checkrun id` label, which would cause race conditions. With this update, the {pac} controller waits for the `tekton.dev/pipeline` label to be updated and then adds the `checkrun id` label, which helps to avoid race conditions.	
-// Savita Ashture	
+* Before this update, {pac} controller did not wait for the `tekton.dev/pipeline` label to be updated and added the `checkrun id` label, which would cause race conditions. With this update, the {pac} controller waits for the `tekton.dev/pipeline` label to be updated and then adds the `checkrun id` label, which helps to avoid race conditions.
+// Savita Ashture
 
-* Before this update, the `tkn-pac create repo` command did not override a `PipelineRun` if it already existed in the git repository. With this update, `tkn-pac create` command is fixed to override a `PipelineRun` if it exists in the git repository and this resolves the issue successfully.	
-// Savita Ashture	
+* Before this update, the `tkn-pac create repo` command did not override a `PipelineRun` if it already existed in the git repository. With this update, `tkn-pac create` command is fixed to override a `PipelineRun` if it exists in the git repository and this resolves the issue successfully.
+// Savita Ashture
 
-* Before this update, the `tkn pac describe` command did not display reasons for every message. With this update, this issue is fixed and the `tkn pac describe` command displays reasons for every message.	
-// Savita Ashture	
+* Before this update, the `tkn pac describe` command did not display reasons for every message. With this update, this issue is fixed and the `tkn pac describe` command displays reasons for every message.
+// Savita Ashture
 
-* Before this update, a pull request failed if the user in the annotation provided values by using a regex form, for example, `refs/head/rel-*`. The pull request failed because it was missing `refs/heads` in its base branch. With this update, the prefix is added and checked that it matches. This resolves the issue and the pull request is successful.	
+* Before this update, a pull request failed if the user in the annotation provided values by using a regex form, for example, `refs/head/rel-*`. The pull request failed because it was missing `refs/heads` in its base branch. With this update, the prefix is added and checked that it matches. This resolves the issue and the pull request is successful.
 // Savita Ashture
 
 [id="release-notes-1-9-1_{context}"]
@@ -378,8 +378,8 @@ spec:
 
 With this update, {pipelines-title} General Availability (GA) 1.9.1 is available on {product-title} 4.11, 4.12, and 4.13.
 
-[id="fixed-issues-1-9-1_{context}"]	
-== Fixed issues	
+[id="fixed-issues-1-9-1_{context}"]
+== Fixed issues
 
 * Before this update, the `tkn pac repo list` command did not run on Microsoft Windows. This update fixes the issue, and now you can run the `tkn pac repo list` command on Microsoft Windows.
 
@@ -420,8 +420,8 @@ With this update, you can use the dynamic template variables instead of hardcodi
 +
 Workaround: None. You can track the issue link:https://issues.redhat.com/browse/SRVKP-2854[SRVKP-2854].
 
-[id="breaking-changes-1-9-1_{context}"]	
-== Breaking changes	
+[id="breaking-changes-1-9-1_{context}"]
+== Breaking changes
 
 * With this update, an OLM misconfiguration issue has been introduced, which prevents the upgrade of the {product-title}. This issue will be fixed in a future release.
 
@@ -433,4 +433,31 @@ With this update, {pipelines-title} General Availability (GA) 1.9.2 is available
 [id="fixed-issues-1-9-2_{context}"]
 == Fixed issues
 
-* Before this update, an OLM misconfiguration issue had been introduced in the previous version of the release, which prevented the upgrade of {product-title}. With this update, this misconfiguration issue has been fixed.
\ No newline at end of file
+* Before this update, an OLM misconfiguration issue had been introduced in the previous version of the release, which prevented the upgrade of {product-title}. With this update, this misconfiguration issue has been fixed.
+
+[id="release-notes-1-9-3_{context}"]
+== Release notes for {pipelines-title} General Availability 1.9.3
+
+With this update, {pipelines-title} General Availability (GA) 1.9.3 is available on {product-title} 4.10 in addition to 4.11, 4.12, and 4.13.
+
+[id="fixed-issues-1-9-3_{context}"]
+== Fixed issues
+
+* This update fixes the performance issues for huge pipelines. Now, the CPU usage is reduced by 61% and the memory usage is reduced by 44%.
+
+* Before this update, a pipeline run would fail if a task did not run because of its `when` expression. This update fixes the issue by preventing the validation of a skipped task result in pipeline results. Now, the pipeline result is not emitted and the pipeline run does not fail because of a missing result.
+
+* This update fixes the `pipelineref.bundle` conversion to the bundle resolver for the `v1beta1` API. Now, the conversion feature sets the value of the `kind` field to `Pipeline` after conversion.
+
+* Before this update, an issue in the {pipelines-shortname} Operator prevented the user from setting the value of the `spec.pipeline.enable-api-fields` field to `beta`. This update fixes the issue. Now, you can set the value to `beta` along with `alpha` and `stable` in the `TektonConfig` custom resource.
+
+* Before this update, when {pac} could not create a secret due to a cluster error, it would show the temporary token on the GitHub check run, which is public. This update fixes the issue. Now, the token is no longer displayed on the GitHub checks interface when the creation of the secret fails.
+
+[id="known-issues-1-9-3_{context}"]
+== Known issues
+
+* There is currently a known issue with the *stop* option for pipeline runs in the {product-title} web console. The *stop* option in the *Actions* drop-down list is not working as expected and does not cancel the pipeline run.
+
+* There is currently a known issue with upgrading to {pipelines-shortname} version 1.9.x due to a failing custom resource definition conversion.
++
+Workaround: Before upgrading to {pipelines-shortname} version 1.9.x, perform the step mentioned in the link:https://access.redhat.com/solutions/6999996[solution] on the Red Hat Customer Portal.
diff --git a/modules/op-resolver-bundle-config.adoc b/modules/op-resolver-bundle-config.adoc
index 8eb75f29e720..09da6522f5bb 100644
--- a/modules/op-resolver-bundle-config.adoc
+++ b/modules/op-resolver-bundle-config.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-bundles-config_{context}"]
 = Configuring the bundles resolver
 
diff --git a/modules/op-resolver-bundle.adoc b/modules/op-resolver-bundle.adoc
index c98eaec0a087..1f3362d0d6aa 100644
--- a/modules/op-resolver-bundle.adoc
+++ b/modules/op-resolver-bundle.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-bundles-specify_{context}"]
 = Specifying a remote pipeline or task using the bundles resolver
 
diff --git a/modules/op-resolver-cluster-config.adoc b/modules/op-resolver-cluster-config.adoc
index 5b0aca9efed4..9ae9d53ef52d 100644
--- a/modules/op-resolver-cluster-config.adoc
+++ b/modules/op-resolver-cluster-config.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-cluster-config_{context}"]
 = Configuring the cluster resolver
 
diff --git a/modules/op-resolver-cluster.adoc b/modules/op-resolver-cluster.adoc
index 13b39f393623..0d239680d5eb 100644
--- a/modules/op-resolver-cluster.adoc
+++ b/modules/op-resolver-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-cluster-specify_{context}"]
 = Specifying a remote pipeline or task using the cluster resolver
 
diff --git a/modules/op-resolver-git-config-anon.adoc b/modules/op-resolver-git-config-anon.adoc
index c79fcbd634e0..69424cce78a8 100644
--- a/modules/op-resolver-git-config-anon.adoc
+++ b/modules/op-resolver-git-config-anon.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-git-config-anon_{context}"]
 = Configuring the Git resolver for anonymous Git cloning
 
diff --git a/modules/op-resolver-git-config-scm.adoc b/modules/op-resolver-git-config-scm.adoc
index 0dbb98a39cc4..8e439b755132 100644
--- a/modules/op-resolver-git-config-scm.adoc
+++ b/modules/op-resolver-git-config-scm.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-git-config-scm_{context}"]
 = Configuring the Git resolver for the authenticated SCM API
 
diff --git a/modules/op-resolver-git.adoc b/modules/op-resolver-git.adoc
index 4e6d3d1940d6..ddba7fbf209f 100644
--- a/modules/op-resolver-git.adoc
+++ b/modules/op-resolver-git.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-git-specify_{context}"]
 = Specifying a remote pipeline or task using the Git resolver
 
diff --git a/modules/op-resolver-hub-config.adoc b/modules/op-resolver-hub-config.adoc
index 921c1b4698fe..2244e84a57ce 100644
--- a/modules/op-resolver-hub-config.adoc
+++ b/modules/op-resolver-hub-config.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="resolver-hub-config_{context}"]
 = Configuring the hub resolver
@@ -33,9 +33,20 @@ spec:
       default-artifact-hub-pipeline-catalog: tekton-catalog-pipelines # <3>
       defailt-kind: pipeline # <4>
       default-type: tekton # <5>
+      tekton-hub-api: "https://my-custom-tekton-hub.example.com" # <6>
+      artifact-hub-api: "https://my-custom-artifact-hub.example.com" # <7>
 ----
 <1> The default {tekton-hub} catalog for pulling a resource.
 <2> The default {artifact-hub} catalog for pulling a task resource.
 <3> The default {artifact-hub} catalog for pulling a pipeline resource.
 <4> The default object kind for references.
 <5> The default hub for pulling a resource, either `artifact` for {artifact-hub} or `tekton` for {tekton-hub}.
+<6> The {tekton-hub} API used, if the `default-type` option is set to `tekton`.
+<7> Optional: The {artifact-hub} API used, if the `default-type` option is set to `artifact`.
++
+[IMPORTANT]
+====
+If you set the `default-type` option to `tekton`, you must configure your own instance of the {tekton-hub} by setting the `tekton-hub-api` value.
+
+If you set the `default-type` option to `artifact` then the resolver uses the public hub API at https://artifacthub.io/ by default. You can configure your own {artifact-hub} API by setting the `artifact-hub-api` value.
+====
diff --git a/modules/op-resolver-hub.adoc b/modules/op-resolver-hub.adoc
index 3d086dafb7ae..0c1fc3bc3d56 100644
--- a/modules/op-resolver-hub.adoc
+++ b/modules/op-resolver-hub.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/remote-pipelines-tasks-resolvers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="resolver-hub-specify_{context}"]
 = Specifying a remote pipeline or task using the hub resolver
 
diff --git a/modules/op-running-a-pipeline.adoc b/modules/op-running-a-pipeline.adoc
index cc073281a916..d0c8f91ce4a4 100644
--- a/modules/op-running-a-pipeline.adoc
+++ b/modules/op-running-a-pipeline.adoc
@@ -2,7 +2,7 @@
 //
 // // *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-a-pipeline_{context}"]
 = Running a pipeline
 
@@ -19,7 +19,7 @@ $ tkn pipeline start build-and-deploy \
     -w name=shared-workspace,volumeClaimTemplateFile=https://raw.githubusercontent.com/openshift/pipelines-tutorial/{pipelines-ver}/01_pipeline/03_persistent_volume_claim.yaml \
     -p deployment-name=pipelines-vote-api \
     -p git-url=https://github.com/openshift/pipelines-vote-api.git \
-    -p IMAGE='image-registry.openshift-image-registry.svc:5000/$(context.pipelineRun.namespace)/pipelines-vote-api' \
+    -p IMAGE='image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/pipelines-vote-api' \
     --use-param-defaults
 ----
 +
@@ -42,7 +42,7 @@ $ tkn pipeline start build-and-deploy \
     -w name=shared-workspace,volumeClaimTemplateFile=https://raw.githubusercontent.com/openshift/pipelines-tutorial/{pipelines-ver}/01_pipeline/03_persistent_volume_claim.yaml \
     -p deployment-name=pipelines-vote-ui \
     -p git-url=https://github.com/openshift/pipelines-vote-ui.git \
-    -p IMAGE='image-registry.openshift-image-registry.svc:5000/$(context.pipelineRun.namespace)/pipelines-vote-ui' \
+    -p IMAGE='image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/pipelines-vote-ui' \
     --use-param-defaults
 ----
 
diff --git a/modules/op-running-pipeline-and-task-run-pods-with-privileged-security-context.adoc b/modules/op-running-pipeline-and-task-run-pods-with-privileged-security-context.adoc
index 8b4562a67d46..060f2036d02c 100644
--- a/modules/op-running-pipeline-and-task-run-pods-with-privileged-security-context.adoc
+++ b/modules/op-running-pipeline-and-task-run-pods-with-privileged-security-context.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='op-running-pipeline-and-task-run-pods-with-privileged-security-context']
 = Running pipeline run and task run pods with privileged security context
 :context: op-running-pipeline-and-task-run-pods-with-privileged-security-context
@@ -11,7 +11,7 @@ To run a pod (resulting from pipeline run or task run) with the `privileged` sec
 * Configure the associated user account or service account to have an explicit SCC. You can perform the configuration using any of the following methods:
 ** Run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc adm policy add-scc-to-user <scc-name> -z <service-account-name>
 ----
diff --git a/modules/op-running-pipeline-run-and-task-run-with-custom-scc-and-service-account.adoc b/modules/op-running-pipeline-run-and-task-run-with-custom-scc-and-service-account.adoc
index 74e7294f1fdc..5156de17f806 100644
--- a/modules/op-running-pipeline-run-and-task-run-with-custom-scc-and-service-account.adoc
+++ b/modules/op-running-pipeline-run-and-task-run-with-custom-scc-and-service-account.adoc
@@ -1,8 +1,8 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-running-pipeline-run-and-task-run-with-custom-scc-and-service-account_{context}"]
 = Running pipeline run and task run by using a custom SCC and a custom service account
 
-When using the `pipelines-scc` security context constraint (SCC) associated with the default `pipelines` service account, the pipeline run and task run pods may face timeouts. This happens because in the default `pipelines-scc` SCC, the `fsGroup.type` parameter is set to `MustRunAs`. 
+When using the `pipelines-scc` security context constraint (SCC) associated with the default `pipelines` service account, the pipeline run and task run pods may face timeouts. This happens because in the default `pipelines-scc` SCC, the `fsGroup.type` parameter is set to `MustRunAs`.
 
 [NOTE]
 ====
diff --git a/modules/op-running-pipeline-run-using-pipelines-as-code.adoc b/modules/op-running-pipeline-run-using-pipelines-as-code.adoc
index 41292c58f5fb..f85a1b23c26e 100644
--- a/modules/op-running-pipeline-run-using-pipelines-as-code.adoc
+++ b/modules/op-running-pipeline-run-using-pipelines-as-code.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="running-pipeline-run-using-pipelines-as-code_{context}"]
 = Running a pipeline run using {pac}
 
diff --git a/modules/op-sample-eventlistener-resource.adoc b/modules/op-sample-eventlistener-resource.adoc
index 797bbcd1e062..39c737b40225 100644
--- a/modules/op-sample-eventlistener-resource.adoc
+++ b/modules/op-sample-eventlistener-resource.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='op-sample-eventlistener-resource_{context}']
 = Creating a sample EventListener resource using a secure HTTPS connection
 
diff --git a/modules/op-scoping-github-token.adoc b/modules/op-scoping-github-token.adoc
index 99934f37f15b..e0ed48abb01e 100644
--- a/modules/op-scoping-github-token.adoc
+++ b/modules/op-scoping-github-token.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="scoping-github-token_{context}"]
 = Scoping the GitHub token to additional repositories
 
diff --git a/modules/op-setting-concurrency-limits-in-repository-crd.adoc b/modules/op-setting-concurrency-limits-in-repository-crd.adoc
index 23732d653973..a4abd5115936 100644
--- a/modules/op-setting-concurrency-limits-in-repository-crd.adoc
+++ b/modules/op-setting-concurrency-limits-in-repository-crd.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="setting-concurrency-limits-in-repository-crd_{context}"]
 = Setting concurrency limits
 
diff --git a/modules/op-signing-secrets-in-tekton-chains.adoc b/modules/op-signing-secrets-in-tekton-chains.adoc
index 54d1307f16fc..3ca4493fb7b2 100644
--- a/modules/op-signing-secrets-in-tekton-chains.adoc
+++ b/modules/op-signing-secrets-in-tekton-chains.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="signing-secrets-in-tekton-chains_{context}"]
 = Secrets for signing data in {tekton-chains}
 
diff --git a/modules/op-specifying-pipelines-resource-quota-using-priority-class.adoc b/modules/op-specifying-pipelines-resource-quota-using-priority-class.adoc
index 680c1e4571a2..66c784100068 100644
--- a/modules/op-specifying-pipelines-resource-quota-using-priority-class.adoc
+++ b/modules/op-specifying-pipelines-resource-quota-using-priority-class.adoc
@@ -3,7 +3,7 @@
 // */cicd/pipelines/setting-compute-resource-quota-for-openshift-pipelines.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specifying-pipelines-resource-quota-using-priority-class_{context}"]
 = Specifying pipelines resource quota using priority class
 
@@ -172,7 +172,7 @@ spec:
     priorityClassName: pipeline1-pc
   workspaces:
   - name: local-maven-repo
-    emptyDir: {}  
+    emptyDir: {}
   resources:
   - name: app-git
     resourceSpec:
diff --git a/modules/op-splitting-pipelines-as-code-logs-by-namespace.adoc b/modules/op-splitting-pipelines-as-code-logs-by-namespace.adoc
index 10fbd1327edb..3a955c3824b6 100644
--- a/modules/op-splitting-pipelines-as-code-logs-by-namespace.adoc
+++ b/modules/op-splitting-pipelines-as-code-logs-by-namespace.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="splitting-pipelines-as-code-logs-by-namespace_{context}"]
 = Splitting {pac} logs by namespace
 
diff --git a/modules/op-starting-a-task-run-pipeline-run-build-user.adoc b/modules/op-starting-a-task-run-pipeline-run-build-user.adoc
index 73962c0bdad3..f7a7b4eaa704 100644
--- a/modules/op-starting-a-task-run-pipeline-run-build-user.adoc
+++ b/modules/op-starting-a-task-run-pipeline-run-build-user.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * cicd/pipelines/unprivileged-building-of-container-images-using-buildah.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="starting-a-task-run-with-custom-config-map-or-a-pipeline-run_{context}"]
 = Starting a task run with custom config map, or a pipeline run
diff --git a/modules/op-starting-pipelines-from-pipelines-view.adoc b/modules/op-starting-pipelines-from-pipelines-view.adoc
index 5a0409dde909..20a228484b5c 100644
--- a/modules/op-starting-pipelines-from-pipelines-view.adoc
+++ b/modules/op-starting-pipelines-from-pipelines-view.adoc
@@ -1,8 +1,8 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-starting-pipelines_from_pipelines_view_{context}"]
 = Starting pipelines from Pipelines view
 
diff --git a/modules/op-starting-pipelines-from-topology-view.adoc b/modules/op-starting-pipelines-from-topology-view.adoc
index 82cdd4981e5a..c69144b3959b 100644
--- a/modules/op-starting-pipelines-from-topology-view.adoc
+++ b/modules/op-starting-pipelines-from-topology-view.adoc
@@ -1,8 +1,8 @@
 // This module is included in the following assembly:
 //
-// *openshift_pipelines/working-with-pipelines-using-the-developer-perspective.adoc
+// *openshift_pipelines/working-with-pipelines-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-starting-pipelines_from_topology_view{context}"]
 = Starting pipelines from Topology view
 
diff --git a/modules/op-supported-parameters-tekton-chains-configuration.adoc b/modules/op-supported-parameters-tekton-chains-configuration.adoc
index 696ae20e90f8..17dd1d9dca4a 100644
--- a/modules/op-supported-parameters-tekton-chains-configuration.adoc
+++ b/modules/op-supported-parameters-tekton-chains-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="supported-parameters-tekton-chains-configuration_{context}"]
 = Supported parameters for {tekton-chains} configuration
 
@@ -167,7 +167,7 @@ To create occurrences, {pipelines-title} must first create notes that are used t
 | Parameter | Description | Supported values | Default value
 
 | `storage.grafeas.projectid`
-| The {OCP} project in which the Grafeas server for storing occurrences is located.
+| The {product-title} project in which the Grafeas server for storing occurrences is located.
 |
 |
 
diff --git a/modules/op-tkn-enabling-tab-completion.adoc b/modules/op-tkn-enabling-tab-completion.adoc
index da39aa5b3ae3..1b7d9919a7a9 100644
--- a/modules/op-tkn-enabling-tab-completion.adoc
+++ b/modules/op-tkn-enabling-tab-completion.adoc
@@ -2,7 +2,7 @@
 //
 // * cli_reference/tkn_cli/installing-tkn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-tkn-enabling-tab-completion_{context}"]
 = Enabling tab completion
 
diff --git a/modules/op-tkn-pipelines-compatibility-support-matrix.adoc b/modules/op-tkn-pipelines-compatibility-support-matrix.adoc
index dfc4cca7586d..0de7b7a0124f 100644
--- a/modules/op-tkn-pipelines-compatibility-support-matrix.adoc
+++ b/modules/op-tkn-pipelines-compatibility-support-matrix.adoc
@@ -15,24 +15,24 @@ GA:: General Availability
 [options="header"]
 |===
 
-| {pipelines-title} Version 8+| Component Version | OpenShift Version | Support Status
+| {pipelines-title} Version 7+| Component Version | OpenShift Version | Support Status
 
-| Operator | Pipelines | Triggers | CLI | Catalog | Chains | Hub | {pac} | Results | |
-|1.11 | 0.47.x | 0.24.x | 0.31.x | NA | 0.16.x (GA) | 1.13.x (TP) | 0.19.x (GA) | 0.6.x (TP) | 4.12, 4.13, 4.14 (planned)  | GA
+| Operator | Pipelines | Triggers | CLI | Chains | Hub | {pac} | Results | |
+|1.11 | 0.47.x | 0.24.x | 0.31.x | 0.16.x (GA) | 1.13.x (TP) | 0.19.x (GA) | 0.6.x (TP) | 4.12, 4.13, 4.14 (planned)  | GA
 
-|1.10 | 0.44.x | 0.23.x | 0.30.x | NA | 0.15.x (TP) | 1.12.x (TP) | 0.17.x (GA) | NA | 4.11, 4.12, 4.13  | GA
+|1.10 | 0.44.x | 0.23.x | 0.30.x | 0.15.x (TP) | 1.12.x (TP) | 0.17.x (GA) | NA | 4.10, 4.11, 4.12, 4.13  | GA
 
-|1.9 | 0.41.x | 0.22.x | 0.28.x | NA | 0.13.x (TP) | 1.11.x (TP) | 0.15.x (GA) | NA | 4.11, 4.12, 4.13  | GA
+|1.9 | 0.41.x | 0.22.x | 0.28.x | 0.13.x (TP) | 1.11.x (TP) | 0.15.x (GA) | NA | 4.10, 4.11, 4.12, 4.13  | GA
 
-|1.8 | 0.37.x | 0.20.x | 0.24.x | NA | 0.9.0 (TP) | 1.8.x (TP) | 0.10.x (TP) | NA | 4.10, 4.11, 4.12 | GA
+|1.8 | 0.37.x | 0.20.x | 0.24.x | 0.9.0 (TP) | 1.8.x (TP) | 0.10.x (TP) | NA | 4.10, 4.11, 4.12 | GA
 
-|1.7 | 0.33.x | 0.19.x | 0.23.x | 0.33 | 0.8.0 (TP) | 1.7.0 (TP) | 0.5.x (TP) | NA | 4.9, 4.10, 4.11 | GA
+|1.7 | 0.33.x | 0.19.x | 0.23.x | 0.8.0 (TP) | 1.7.0 (TP) | 0.5.x (TP) | NA | 4.9, 4.10, 4.11 | GA
 
-|1.6 | 0.28.x | 0.16.x | 0.21.x | 0.28 | NA | NA | NA | NA | 4.9 | GA
+|1.6 | 0.28.x | 0.16.x | 0.21.x | NA | NA | NA | NA | 4.9 | GA
 
-|1.5 | 0.24.x | 0.14.x (TP) | 0.19.x | 0.24 | NA | NA | NA | NA |4.8 | GA
+|1.5 | 0.24.x | 0.14.x (TP) | 0.19.x | NA | NA | NA | NA |4.8 | GA
 
-|1.4 | 0.22.x | 0.12.x (TP) | 0.17.x | 0.22 | NA | NA | NA | NA | 4.7 | GA
+|1.4 | 0.22.x | 0.12.x (TP) | 0.17.x | NA | NA | NA | NA | 4.7 | GA
 
 |===
 
diff --git a/modules/op-triggering-a-pipelinerun.adoc b/modules/op-triggering-a-pipelinerun.adoc
index b02ea0955587..26f8d52fab65 100644
--- a/modules/op-triggering-a-pipelinerun.adoc
+++ b/modules/op-triggering-a-pipelinerun.adoc
@@ -2,7 +2,7 @@
 //
 // *openshift_pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="triggering-a-pipeline_{context}"]
 = Triggering a pipeline run
 
diff --git a/modules/op-understanding-credential-selection.adoc b/modules/op-understanding-credential-selection.adoc
index de443dc2a818..9a4d7b1b51b7 100644
--- a/modules/op-understanding-credential-selection.adoc
+++ b/modules/op-understanding-credential-selection.adoc
@@ -22,8 +22,8 @@ metadata:
     tekton.dev/git-1: gitlab.com
 type: kubernetes.io/basic-auth
 stringData:
-  username: <1>
-  password: <2>
+  username: <username> <1>
+  password: <password> <2>
 ----
 <1> Username for the repository
 <2> Password or personal access token for the repository
diff --git a/modules/op-understanding-pipelines-resource-consumption.adoc b/modules/op-understanding-pipelines-resource-consumption.adoc
index 8b48bc3e52a9..8970d1e826cd 100644
--- a/modules/op-understanding-pipelines-resource-consumption.adoc
+++ b/modules/op-understanding-pipelines-resource-consumption.adoc
@@ -2,7 +2,7 @@
 //
 // */openshift_pipelines/uninstalling-pipelines.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id='op-understanding-pipelines-resource-consumption_{context}']
 = Understanding resource consumption in pipelines
 
diff --git a/modules/op-uninstalling-the-pipelines-operator.adoc b/modules/op-uninstalling-the-pipelines-operator.adoc
index 09989bbd9587..fcd4cdde910b 100644
--- a/modules/op-uninstalling-the-pipelines-operator.adoc
+++ b/modules/op-uninstalling-the-pipelines-operator.adoc
@@ -2,7 +2,7 @@
 //
 // */openshift_pipelines/uninstalling-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id='op-uninstalling-the-pipelines-operator_{context}']
 = Uninstalling the {pipelines-title} Operator
 
diff --git a/modules/op-updating-tekton-hub-with-custom-categories-and-catalogs.adoc b/modules/op-updating-tekton-hub-with-custom-categories-and-catalogs.adoc
index bc612d8ed5d7..af41278623cc 100644
--- a/modules/op-updating-tekton-hub-with-custom-categories-and-catalogs.adoc
+++ b/modules/op-updating-tekton-hub-with-custom-categories-and-catalogs.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-tekton-hub-with-custom-categories-and-catalogs_{context}"]
 = Updating {tekton-hub} with custom categories and catalogs
 
 [role="_abstract"]
-Cluster administrators can update Tekton Hub with custom categories, catalogs, scopes, and default scopes that reflect the context of their organization.  
+Cluster administrators can update Tekton Hub with custom categories, catalogs, scopes, and default scopes that reflect the context of their organization.
 
 [discrete]
 .Procedure
diff --git a/modules/op-using-a-custom-database-in-tekton-hub.adoc b/modules/op-using-a-custom-database-in-tekton-hub.adoc
index 33458762fbc4..b7f178a1643b 100644
--- a/modules/op-using-a-custom-database-in-tekton-hub.adoc
+++ b/modules/op-using-a-custom-database-in-tekton-hub.adoc
@@ -2,17 +2,17 @@
 //
 // *cicd/pipelines/using-tekton-hub-with-openshift-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-a-custom-database-in-tekton-hub_{context}"]
 = Optional: Using a custom database in {tekton-hub}
 
 [role="_abstract"]
-Cluster administrators can use a custom database with {tekton-hub}, instead of the default PostgreSQL database installed by the Operator. You can associate a custom database at the time of installation, and use it with the `db-migration`, `api`, and `ui` interfaces provided by {tekton-hub}. Alternatively, you can associate a custom database with {tekton-hub} even after the installation with the default database is complete. 
+Cluster administrators can use a custom database with {tekton-hub}, instead of the default PostgreSQL database installed by the Operator. You can associate a custom database at the time of installation, and use it with the `db-migration`, `api`, and `ui` interfaces provided by {tekton-hub}. Alternatively, you can associate a custom database with {tekton-hub} even after the installation with the default database is complete.
 
 [discrete]
 .Procedure
 
-. Create a secret named `tekton-hub-db` in the target namespace with the following keys: 
+. Create a secret named `tekton-hub-db` in the target namespace with the following keys:
 * `POSTGRES_HOST`
 * `POSTGRES_DB`
 * `POSTGRES_USER`
@@ -32,8 +32,8 @@ type: Opaque
 stringData:
   POSTGRES_HOST: <The name of the host of the database>
   POSTGRES_DB: <Name of the database>
-  POSTGRES_USER: <The name of user account>
-  POSTGRES_PASSWORD: <The password of user account>
+  POSTGRES_USER: <username>
+  POSTGRES_PASSWORD: <password>
   POSTGRES_PORT: <The port that the database is listening on>
 ...
 ----
@@ -45,7 +45,7 @@ The default target namespace is `openshift-pipelines`.
 
 . In the `TektonHub` CR, set the value of the database secret attribute to `tekton-hub-db`.
 +
-.Example: Adding custom database secret 
+.Example: Adding custom database secret
 [source,yaml]
 ----
 apiVersion: operator.tekton.dev/v1alpha1
@@ -54,8 +54,8 @@ metadata:
   name: hub
 spec:
   targetNamespace: openshift-pipelines
-  db:                      
-    secret: tekton-hub-db 
+  db:
+    secret: tekton-hub-db
   api:
     hubConfigUrl: https://raw.githubusercontent.com/tektoncd/hub/main/config.yaml
     catalogRefreshInterval: 30m
diff --git a/modules/op-using-custom-pipeline-template-for-git-import.adoc b/modules/op-using-custom-pipeline-template-for-git-import.adoc
deleted file mode 100644
index 6a594dcd9fed..000000000000
--- a/modules/op-using-custom-pipeline-template-for-git-import.adoc
+++ /dev/null
@@ -1,93 +0,0 @@
-// This module is included in the following assembly:
-//
-// *openshift-docs/cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc
-
-:_content-type: PROCEDURE
-[id="using-custom-pipeline-template-for-git-import_{context}"]
-= Using a custom pipeline template for creating and deploying an application from a Git repository
-
-As a cluster administrator, to create and deploy an application from a Git repository, you can use custom pipeline templates that override the default pipeline templates provided by {pipelines-title} 1.5 and later.
-
-[NOTE]
-====
-This feature is unavailable in {pipelines-title} 1.4 and earlier versions.
-====
-
-.Prerequisites
-
-Ensure that the {pipelines-title} 1.5 or later is installed and available in all namespaces.
-
-.Procedure
-
-. Log in to the {product-title} web console as a cluster administrator.
-. In the *Administrator* perspective, use the left navigation panel to go to the *Pipelines* section.
-.. From the *Project* drop-down, select the *openshift* project. This ensures that the subsequent steps are performed in the `openshift` namespace.
-.. From the list of available pipelines, select a pipeline that is appropriate for building and deploying your application. For example, if your application requires a `node.js` runtime environment, select the *s2i-nodejs* pipeline.
-+
-[NOTE]
-====
-Do not edit the default pipeline template. It may become incompatible with the UI and the back-end.
-====
-+
-.. Under the *YAML* tab of the selected pipeline, click *Download* and save the YAML file to your local machine. If your custom configuration file fails, you can use this copy to restore a working configuration.
-
-. Disable (delete) the default pipeline templates:
-.. Use the left navigation panel to go to **Operators** -> **Installed Operators**.
-.. Click *{pipelines-title}* -> *Tekton Configuration* tab -> *config* -> *YAML* tab.
-.. To disable (delete) the default pipeline templates in the `openshift` namespace, set the `pipelineTemplates` parameter to `false`  in the `TektonConfig` custom resource YAML, and save it.
-+
-[source,yaml]
-----
-apiVersion: operator.tekton.dev/v1alpha1
-kind: TektonConfig
-metadata:
-  name: config
-spec:
-profile: all
-targetNamespace: openshift-pipelines
-addon:
-  params:
-  - name: clusterTasks
-    value: "true"
-  - name: pipelineTemplates
-    value: "false"
-...
-----
-+
-[NOTE]
-====
-If you manually delete the default pipeline templates, the Operator restores the defaults during an upgrade.
-====
-+
-[WARNING]
-====
-As a cluster admin, you can disable the installation of the default pipeline templates in the Operator configuration. However, such a configuration deletes all default pipeline templates, not just the one you want to customize.
-====
-+
-
-. Create a custom pipeline template:
-.. Use the left navigation panel to go to the *Pipelines* section.
-.. From the *Create* drop-down, select *Pipeline*.
-.. Create the required pipeline in the `openshift` namespace. Give it a different name than the default one (for example, `custom-nodejs`). You can use the downloaded default pipeline template as a starting point and customize it.
-+
-[NOTE]
-====
-Because `openshift` is the default namespace used by the operator-installed pipeline templates, you must create the custom pipeline template in the `openshift` namespace. When an application uses a pipeline template, the template is automatically copied to the respective project's namespace.
-====
-+
-.. Under the *Details* tab of the created pipeline, ensure that the *Labels* in the custom template match the labels in the default pipeline. The custom pipeline template must have the correct labels for the runtime, type, and strategy of the application. For example, the required labels for a `node.js` application deployed on {product-title} are as follows:
-+
-[source,yaml]
-----
-...
-pipeline.openshift.io/runtime: nodejs
-pipeline.openshift.io/type: openshift
-...
-----
-+
-[NOTE]
-====
-You can use only one pipeline template for each combination of runtime environment and deployment type.
-====
-+
-. In the *Developer* perspective, use the *+Add* -> *Git Repository* -> *From Git* option to select the kind of application you want to create and deploy. Based on the required runtime and type of the application, your custom template is automatically selected.
diff --git a/modules/op-using-incoming-webhook-with-pipelines-as-code.adoc b/modules/op-using-incoming-webhook-with-pipelines-as-code.adoc
index 224856f1ce8d..ddbd3076c477 100644
--- a/modules/op-using-incoming-webhook-with-pipelines-as-code.adoc
+++ b/modules/op-using-incoming-webhook-with-pipelines-as-code.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="using-incoming-webhook-with-pipelines-as-code_{context}"]
 = Using incoming webhook with {pac}
 
diff --git a/modules/op-using-pipelines-as-code-resolver.adoc b/modules/op-using-pipelines-as-code-resolver.adoc
index d67a3cb9e18d..90a5d08facbd 100644
--- a/modules/op-using-pipelines-as-code-resolver.adoc
+++ b/modules/op-using-pipelines-as-code-resolver.adoc
@@ -2,9 +2,9 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="using-pipelines-as-code-resolver_{context}"]
-= Using the {pac} resolver 
+= Using the {pac} resolver
 
 [role="_abstract"]
 The {pac} resolver ensures that a running pipeline run does not conflict with others.
diff --git a/modules/op-using-pipelines-as-code-with-a-github-app.adoc b/modules/op-using-pipelines-as-code-with-a-github-app.adoc
index 4580b92b4d13..bbbbe7144a0b 100644
--- a/modules/op-using-pipelines-as-code-with-a-github-app.adoc
+++ b/modules/op-using-pipelines-as-code-with-a-github-app.adoc
@@ -2,9 +2,9 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-pipelines-as-code-with-a-github-app_{context}"]
-= Using {pac} with a GitHub App 
+= Using {pac} with a GitHub App
 
 [role="_abstract"]
 GitHub Apps act as a point of integration with {pipelines-title} and bring the advantage of Git-based workflows to {pipelines-shortname}. Cluster administrators can configure a single GitHub App for all cluster users. For GitHub Apps to work with {pac}, ensure that the webhook of the GitHub App points to the {pac} event listener route (or ingress endpoint) that listens for GitHub events.
@@ -35,10 +35,10 @@ To create and configure a GitHub App manually for {pac}, perform the following s
 
 . Go to **Settings** -> **Developer settings** -> **GitHub Apps**, and click **New GitHub App**.
 
-. Provide the following information in the GitHub App form: 
+. Provide the following information in the GitHub App form:
 
 * **GitHub Application Name**: `{pipelines-shortname}`
-* **Homepage URL**: OpenShift Console URL 
+* **Homepage URL**: OpenShift Console URL
 * **Webhook URL**: The {pac} route or ingress URL. You can find it by running the following command:
 +
 [source,terminal]
@@ -96,7 +96,7 @@ $ oc -n openshift-pipelines create secret generic pipelines-as-code-secret \
 ----
 <1> The path to the private key you downloaded while configuring the GitHub App.
 <2> The **App ID** of the GitHub App.
-<3> The webhook secret provided when you created the GitHub App. 
+<3> The webhook secret provided when you created the GitHub App.
 
 
 [NOTE]
diff --git a/modules/op-using-pipelines-as-code-with-bitbucket-cloud.adoc b/modules/op-using-pipelines-as-code-with-bitbucket-cloud.adoc
index 1b3b4bf3056a..d82969226126 100644
--- a/modules/op-using-pipelines-as-code-with-bitbucket-cloud.adoc
+++ b/modules/op-using-pipelines-as-code-with-bitbucket-cloud.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-pipelines-as-code-with-bitbucket-cloud_{context}"]
 = Using {pac} with Bitbucket Cloud
 
diff --git a/modules/op-using-pipelines-as-code-with-bitbucket-server.adoc b/modules/op-using-pipelines-as-code-with-bitbucket-server.adoc
index 35e1f0c92452..47c0f0569019 100644
--- a/modules/op-using-pipelines-as-code-with-bitbucket-server.adoc
+++ b/modules/op-using-pipelines-as-code-with-bitbucket-server.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-pipelines-as-code-with-bitbucket-server_{context}"]
 = Using {pac} with Bitbucket Server
 
diff --git a/modules/op-using-pipelines-as-code-with-github-webhook.adoc b/modules/op-using-pipelines-as-code-with-github-webhook.adoc
index 3e3cd02a335c..36e91f0443b8 100644
--- a/modules/op-using-pipelines-as-code-with-github-webhook.adoc
+++ b/modules/op-using-pipelines-as-code-with-github-webhook.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-pipelines-as-code-with-github-webhook_{context}"]
 = Using {pac} with GitHub Webhook
 
diff --git a/modules/op-using-pipelines-as-code-with-gitlab.adoc b/modules/op-using-pipelines-as-code-with-gitlab.adoc
index 26964b9d0f51..f518c021babb 100644
--- a/modules/op-using-pipelines-as-code-with-gitlab.adoc
+++ b/modules/op-using-pipelines-as-code-with-gitlab.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-pipelines-as-code-with-gitlab_{context}"]
-= Using {pac} with GitLab 
+= Using {pac} with GitLab
 
 [role="_abstract"]
-If your organization or project uses GitLab as the preferred platform, you can use {pac} for your repository with a webhook on GitLab. 
+If your organization or project uses GitLab as the preferred platform, you can use {pac} for your repository with a webhook on GitLab.
 
 [discrete]
 .Prerequisites
@@ -80,9 +80,9 @@ $ echo https://$(oc get route -n openshift-pipelines pipelines-as-code-controlle
 [source,terminal]
 ----
 $ openssl rand -hex 20
----- 
+----
 
-.... Click *Let me select individual events* and select these events: *Commit comments*, *Issue comments*, *Pull request*, and *Pushes*. 
+.... Click *Let me select individual events* and select these events: *Commit comments*, *Issue comments*, *Pull request*, and *Pushes*.
 
 .... Click *Save changes*.
 
diff --git a/modules/op-using-private-repositories-with-pipelines-as-code.adoc b/modules/op-using-private-repositories-with-pipelines-as-code.adoc
index 50a4a17ec19c..e4a8e0e66d76 100644
--- a/modules/op-using-private-repositories-with-pipelines-as-code.adoc
+++ b/modules/op-using-private-repositories-with-pipelines-as-code.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="using-private-repositories-with-pipelines-as-code_{context}"]
 = Using private repositories with {pac}
 
diff --git a/modules/op-using-remote-pipeline-annotations-with-pipelines-as-code.adoc b/modules/op-using-remote-pipeline-annotations-with-pipelines-as-code.adoc
index 3ba86c2f4055..39d101d99b93 100644
--- a/modules/op-using-remote-pipeline-annotations-with-pipelines-as-code.adoc
+++ b/modules/op-using-remote-pipeline-annotations-with-pipelines-as-code.adoc
@@ -2,9 +2,9 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="using-remote-pipeline-annotations-with-pipelines-as-code_{context}"]
-= Using remote pipeline annotations with {pac} 
+= Using remote pipeline annotations with {pac}
 
 [role="_abstract"]
 You can share a pipeline definition across multiple repositories by using the remote pipeline annotation.
diff --git a/modules/op-using-remote-task-annotations-with-pipelines-as-code.adoc b/modules/op-using-remote-task-annotations-with-pipelines-as-code.adoc
index 65578ccce69c..d5c96a1b3bca 100644
--- a/modules/op-using-remote-task-annotations-with-pipelines-as-code.adoc
+++ b/modules/op-using-remote-task-annotations-with-pipelines-as-code.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="using-remote-task-annotations-with-pipelines-as-code_{context}"]
 = Using remote task annotations with {pac}
 
diff --git a/modules/op-using-repository-crd-with-pipelines-as-code.adoc b/modules/op-using-repository-crd-with-pipelines-as-code.adoc
index 421f907af938..d9309e524042 100644
--- a/modules/op-using-repository-crd-with-pipelines-as-code.adoc
+++ b/modules/op-using-repository-crd-with-pipelines-as-code.adoc
@@ -2,9 +2,9 @@
 //
 // *cicd/pipelines/using-pipelines-as-code.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="using-repository-crd-with-pipelines-as-code_{context}"]
-= Using the Repository custom resource definition (CRD) with {pac} 
+= Using the Repository custom resource definition (CRD) with {pac}
 
 [role="_abstract"]
 The `Repository` custom resource (CR) has the following primary functions:
diff --git a/modules/op-using-tekton-chains-to-sign-and-verify-image-and-provenance.adoc b/modules/op-using-tekton-chains-to-sign-and-verify-image-and-provenance.adoc
index 9b4ea361ea3b..24bd141625d3 100644
--- a/modules/op-using-tekton-chains-to-sign-and-verify-image-and-provenance.adoc
+++ b/modules/op-using-tekton-chains-to-sign-and-verify-image-and-provenance.adoc
@@ -2,7 +2,7 @@
 //
 // *cicd/pipelines/using-tekton-chains-for-pipelines-supply-chain-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-tekton-chains-to-sign-and-verify-image-and-provenance_{context}"]
 = Using {tekton-chains} to sign and verify image and provenance
 
diff --git a/modules/op-validating-pull-requests-using-GitHub-interceptors.adoc b/modules/op-validating-pull-requests-using-GitHub-interceptors.adoc
index 68ff98100671..64df36a02d54 100644
--- a/modules/op-validating-pull-requests-using-GitHub-interceptors.adoc
+++ b/modules/op-validating-pull-requests-using-GitHub-interceptors.adoc
@@ -2,12 +2,12 @@
 //
 // *cicd/pipelines/creating-applications-with-cicd-pipelines.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-validating-pull-requests-using-GitHub-interceptors_{context}"]
 = Validating pull requests using GitHub Interceptors
 
 You can use GitHub Interceptor to validate the processing of pull requests based on the GitHub owners configured for a repository. This validation helps you to prevent unnecessary execution of a `PipelineRun` or `TaskRun` object.
-GitHub Interceptor processes a pull request only if the user name is listed as an owner or if a configurable comment is issued by an owner of the repository. For example, when you comment `/ok-to-test` on a pull request as an owner, a `PipelineRun` or `TaskRun` is triggered. 
+GitHub Interceptor processes a pull request only if the user name is listed as an owner or if a configurable comment is issued by an owner of the repository. For example, when you comment `/ok-to-test` on a pull request as an owner, a `PipelineRun` or `TaskRun` is triggered.
 
 [NOTE]
 ====
@@ -23,7 +23,7 @@ Owners are configured in an `OWNERS` file at the root of the repository.
 . Create a Kubernetes secret named `secretRef` that contains your secret value.
 . Pass the Kubernetes secret as a reference to your GitHub Interceptor.
 . Create an `owners` file and add the list of approvers into the `approvers` section.
-. Perform one of the following steps: 
+. Perform one of the following steps:
 * For a public GitHub repository, set the value of the `githubOwners` parameter to `true` in the YAML configuration file shown below:
 +
 [source,yaml]
@@ -48,7 +48,7 @@ spec:
             - name: "eventTypes"
               value: ["pull_request", "issue_comment"]
             - name: "githubOwners"
-              value: 
+              value:
                 enabled: true
                 checkType: none
 ...
@@ -78,12 +78,12 @@ spec:
             - name: "eventTypes"
               value: ["pull_request", "issue_comment"]
             - name: "githubOwners"
-              value: 
+              value:
                 enabled: true
                 personalAccessToken:
                   secretName: github-token
                   secretKey: secretToken
-                checkType: all  
+                checkType: all
 ...
 ----
 +
diff --git a/modules/op-viewing-pipeline-logs-in-kibana.adoc b/modules/op-viewing-pipeline-logs-in-kibana.adoc
index ec3d3b30c406..bd04853710a7 100644
--- a/modules/op-viewing-pipeline-logs-in-kibana.adoc
+++ b/modules/op-viewing-pipeline-logs-in-kibana.adoc
@@ -2,7 +2,7 @@
 // cicd/pipelines/viewing-pipeline-logs-using-the-openshift-logging-operator.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="op-viewing-pipeline-logs-in-kibana_{context}"]
 = Viewing pipeline logs in Kibana
 
diff --git a/modules/openshift-architecture-common-terms.adoc b/modules/openshift-architecture-common-terms.adoc
index 28ad87fc1ab1..ce9fca394065 100644
--- a/modules/openshift-architecture-common-terms.adoc
+++ b/modules/openshift-architecture-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * architecture/index.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-architecture-common-terms_{context}"]
 = Glossary of common terms for {product-title} architecture
 
diff --git a/modules/openshift-cluster-maximums-environment.adoc b/modules/openshift-cluster-maximums-environment.adoc
index a9ed94089a2f..66c5963ec426 100644
--- a/modules/openshift-cluster-maximums-environment.adoc
+++ b/modules/openshift-cluster-maximums-environment.adoc
@@ -57,7 +57,7 @@
 5. Cluster is scaled in iterations and performance and scalability tests are executed at the specified node counts.
 --
 
-== IBM Power platform
+== {ibm-power-title} platform
 
 [options="header",cols="6*"]
 |===
@@ -101,7 +101,7 @@
 5. Cluster is scaled in iterations.
 --
 
-== {ibmzProductName} platform
+== {ibm-z-title} platform
 
 [options="header",cols="6*"]
 |===
diff --git a/modules/openshift-cluster-maximums-major-releases.adoc b/modules/openshift-cluster-maximums-major-releases.adoc
index de39f663bc43..0da298cc2daf 100644
--- a/modules/openshift-cluster-maximums-major-releases.adoc
+++ b/modules/openshift-cluster-maximums-major-releases.adoc
@@ -23,18 +23,18 @@ Red Hat does not provide direct guidance on sizing your {product-title} cluster.
 | 150,000
 
 | Number of pods per node
-| 500 ^[3]^
+| 2,500 ^[3][4]^
 
 | Number of pods per core
 | There is no default value.
 
-| Number of namespaces ^[4]^
+| Number of namespaces ^[5]^
 | 10,000
 
 | Number of builds
 | 10,000 (Default pod RAM 512 Mi) - Source-to-Image (S2I) build strategy
 
-| Number of pods per namespace ^[5]^
+| Number of pods per namespace ^[6]^
 | 25,000
 
 | Number of routes and back ends per Ingress Controller
@@ -46,7 +46,7 @@ Red Hat does not provide direct guidance on sizing your {product-title} cluster.
 | Number of config maps
 | 90,000
 
-| Number of services ^[6]^
+| Number of services ^[7]^
 | 10,000
 
 | Number of services per namespace
@@ -55,31 +55,32 @@ Red Hat does not provide direct guidance on sizing your {product-title} cluster.
 | Number of back-ends per service
 | 5,000
 
-| Number of deployments per namespace ^[5]^
+| Number of deployments per namespace ^[6]^
 | 2,000
 
 | Number of build configs
 | 12,000
 
 | Number of custom resource definitions (CRD)
-| 512 ^[7]^
+| 1,024 ^[8]^
 
 |===
 [.small]
 --
 1. Pause pods were deployed to stress the control plane components of {product-title} at 2000 node scale. The ability to scale to similar numbers will vary depending upon specific deployment and workload parameters.
 2. The pod count displayed here is the number of test pods. The actual number of pods depends on the application's memory, CPU, and storage requirements.
-3. This was tested on a cluster with 100 worker nodes with 500 pods per worker node. The default `maxPods` is still 250. To get to 500 `maxPods`, the cluster must be created with a `maxPods` set to `500` using a custom kubelet config. If you need 500 user pods, you need a `hostPrefix` of `22` because there are 10-15 system pods already running on the node. The maximum number of pods with attached persistent volume claims (PVC) depends on storage backend from where PVC are allocated. In our tests, only {rh-storage} v4 (OCS v4) was able to satisfy the number of pods per node discussed in this document.
-4. When there are a large number of active projects, etcd might suffer from poor performance if the keyspace grows excessively large and exceeds the space quota. Periodic maintenance of etcd, including defragmentation, is highly recommended to free etcd storage.
-5. There are a number of control loops in the system that must iterate over all objects in a given namespace as a reaction to some changes in state. Having a large number of objects of a given type in a single namespace can make those loops expensive and slow down processing given state changes. The limit assumes that the system has enough CPU, memory, and disk to satisfy the application requirements.
-6. Each service port and each service back-end has a corresponding entry in iptables. The number of back-ends of a given service impact the size of the endpoints objects, which impacts the size of data that is being sent all over the system.
-7. {product-title} has a limit of 512 total custom resource definitions (CRD), including those installed by {product-title}, products integrating with {product-title} and user created CRDs. If there are more than 512 CRDs created, then there is a possibility that `oc` commands requests may be throttled.
+3. This was tested on a cluster with 31 servers: 3 control planes, 2 infrastructure nodes, and 26 worker nodes. If you need 2,500 user pods, you need both a `hostPrefix` of `20`, which allocates a network large enough for each node to contain more than 2000 pods, and a custom kubelet config with `maxPods` set to `2500`. For more information, see link:https://cloud.redhat.com/blog/running-2500-pods-per-node-on-ocp-4.13[Running 2500 pods per node on OCP 4.13].
+4. The maximum tested pods per node is 2,500 for clusters using the `OVNKubernetes` network plugin. The maximum tested pods per node for the `OpenShiftSDN` network plugin is 500 pods.
+5. When there are a large number of active projects, etcd might suffer from poor performance if the keyspace grows excessively large and exceeds the space quota. Periodic maintenance of etcd, including defragmentation, is highly recommended to free etcd storage.
+6. There are several control loops in the system that must iterate over all objects in a given namespace as a reaction to some changes in state. Having a large number of objects of a given type in a single namespace can make those loops expensive and slow down processing given state changes. The limit assumes that the system has enough CPU, memory, and disk to satisfy the application requirements.
+7. Each service port and each service back-end has a corresponding entry in `iptables`. The number of back-ends of a given service impact the size of the `Endpoints` objects, which impacts the size of data that is being sent all over the system.
+8. Tested on a cluster with 29 servers: 3 control planes, 2 infrastructure nodes, and 24 worker nodes. The cluster had 500 namespaces. {product-title} has a limit of 1,024 total custom resource definitions (CRD), including those installed by {product-title}, products integrating with {product-title} and user-created CRDs. If there are more than 1,024 CRDs created, then there is a possibility that `oc` command requests might be throttled.
 --
 
 [id="cluster-maximums-major-releases-example-scenario_{context}"]
 == Example scenario
 
-As an example, 500 worker nodes (m5.2xl) were tested, and are supported, using {product-title} 4.13, the OVN-Kubernetes network plugin, and the following workload objects:
+As an example, 500 worker nodes (m5.2xl) were tested, and are supported, using {product-title} {product-version}, the OVN-Kubernetes network plugin, and the following workload objects:
 
 * 200 namespaces, in addition to the defaults
 * 60 pods per node; 30 server and 30 client pods (30k total)
diff --git a/modules/openshift-storage-common-terms.adoc b/modules/openshift-storage-common-terms.adoc
index 93a32af053ac..54b4d6a8fe03 100644
--- a/modules/openshift-storage-common-terms.adoc
+++ b/modules/openshift-storage-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/index.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-storage-common-terms_{context}"]
 = Glossary of common terms for {product-title} storage
 
diff --git a/modules/operator-marketplace.adoc b/modules/operator-marketplace.adoc
index 317357d03f17..85a3f8444c5b 100644
--- a/modules/operator-marketplace.adoc
+++ b/modules/operator-marketplace.adoc
@@ -13,7 +13,7 @@ ifeval::["{context}" == "cluster-capabilities"]
 :cluster-caps:
 endif::[]
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="marketplace-operator_{context}"]
 ifdef::operator-ref[= Marketplace Operator]
 ifdef::cluster-caps[= Marketplace capability]
diff --git a/modules/operator-resource-constraints.adoc b/modules/operator-resource-constraints.adoc
index f0594e2b6b05..7715a39c44fe 100644
--- a/modules/operator-resource-constraints.adoc
+++ b/modules/operator-resource-constraints.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-troubleshooting.adoc
+// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="operator-resource-constraints_{context}"]
 = Configuring Operator resource constraints
 
diff --git a/modules/operators-overview.adoc b/modules/operators-overview.adoc
index 44830053088e..0329c503a031 100644
--- a/modules/operators-overview.adoc
+++ b/modules/operators-overview.adoc
@@ -8,7 +8,7 @@ ifeval::["{context}" == "operators-overview"]
 :index:
 endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 ifndef::index[]
 [id="operators-overview_{context}"]
 = Operators in {product-title}
diff --git a/modules/opm-cli-ref-index.adoc b/modules/opm-cli-ref-index.adoc
index 5616987e0f73..f4b0cf6402ff 100644
--- a/modules/opm-cli-ref-index.adoc
+++ b/modules/opm-cli-ref-index.adoc
@@ -13,7 +13,11 @@ As of {product-title} 4.11, the default Red Hat-provided Operator catalog releas
 
 The `opm` subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
 
-Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format. For more information about working with file-based catalogs, see "Additional resources".
+Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format. 
+
+ifndef::openshift-rosa,openshift-dedicated[]
+For more information about working with file-based catalogs, see "Additional resources".
+endif::openshift-rosa,openshift-dedicated[]
 ====
 
 .Command syntax
diff --git a/modules/optimizing-by-encapsulation.adoc b/modules/optimizing-by-encapsulation.adoc
index b40a11e15c9c..fa0e0edece55 100644
--- a/modules/optimizing-by-encapsulation.adoc
+++ b/modules/optimizing-by-encapsulation.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/optimization/optimizing-cpu-usage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="optimizing-cpu-usage_{context}"]
 = Encapsulating mount namespaces
 
diff --git a/modules/optimizing-storage-azure.adoc b/modules/optimizing-storage-azure.adoc
index 09db2dc8214d..9e67a0984b38 100644
--- a/modules/optimizing-storage-azure.adoc
+++ b/modules/optimizing-storage-azure.adoc
@@ -2,7 +2,7 @@
 //
 // * ../scalability_and_performance/optimization/optimizing-storage.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 
 [id="optimizing-storage-azure_{context}"]
 = Optimizing storage performance for Microsoft Azure
diff --git a/modules/osd-applications-config-custom-domains.adoc b/modules/osd-applications-config-custom-domains.adoc
index c0a6f3a4d558..d37f3d2307f4 100644
--- a/modules/osd-applications-config-custom-domains.adoc
+++ b/modules/osd-applications-config-custom-domains.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/osd-config-custom-domains-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osd-applications-config-custom-domains_{context}"]
 = Configuring custom domains for applications
 
@@ -122,3 +122,7 @@ $ oc get route -n my-project
 $ curl https://hello-openshift-tls-my-project.apps.<company_name>.io
 Hello OpenShift!
 ----
+
+.Troubleshooting
+* link:https://access.redhat.com/solutions/5419501[Error creating TLS secret]
+* link:https://access.redhat.com/solutions/6546011[Troubleshooting: CustomDomain in NotReady state]
\ No newline at end of file
diff --git a/modules/osd-applications-renew-custom-domains.adoc b/modules/osd-applications-renew-custom-domains.adoc
index 5a98cc4db66c..5f50915f83b5 100644
--- a/modules/osd-applications-renew-custom-domains.adoc
+++ b/modules/osd-applications-renew-custom-domains.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/deployments/osd-config-custom-domains-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osd-applications-renew-custom-domains_{context}"]
 = Renewing a certificate for custom domains
 
@@ -12,14 +12,14 @@ You can renew certificates with the Custom Domains Operator (CDO) by using the `
 .Prerequisites
 * You have the latest version `oc` CLI tool installed.
 
-.Procedure 
+.Procedure
 . Create new secret
 +
 [source,terminal]
 ----
 $ oc create secret tls <secret-new> --cert=fullchain.pem --key=privkey.pem -n <my_project>
 ----
- 
+
 . Patch CustomDomain CR
 +
 [source,terminal]
@@ -32,4 +32,7 @@ $ oc patch customdomain <company_name> --type='merge' -p '{"spec":{"certificate"
 [source,terminal]
 ----
 $ oc delete secret <secret-old> -n <my_project>
-----
\ No newline at end of file
+----
+
+.Troubleshooting
+* link:https://access.redhat.com/solutions/5419501[Error creating TLS secret]
\ No newline at end of file
diff --git a/modules/osd-aws-privatelink-about.adoc b/modules/osd-aws-privatelink-about.adoc
index bff15d725d62..6f1b62680b10 100644
--- a/modules/osd-aws-privatelink-about.adoc
+++ b/modules/osd-aws-privatelink-about.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osd-aws-privatelink-about.adoc_{context}"]
 = Understanding AWS PrivateLink
 
diff --git a/modules/osd-aws-privatelink-architecture.adoc b/modules/osd-aws-privatelink-architecture.adoc
index d7836b62163a..dfce0e1c3df2 100644
--- a/modules/osd-aws-privatelink-architecture.adoc
+++ b/modules/osd-aws-privatelink-architecture.adoc
@@ -16,7 +16,7 @@ The following diagram shows network connectivity of a PrivateLink cluster.
 
 .Multi-AZ AWS PrivateLink cluster deployed on private subnets
 
-image::156_OpenShift_ROSA_Arch_0621_privatelink.svg[Multi-AZ AWS PrivateLink cluster deployed on private subnets]
+image::156_OpenShift_ROSA_Arch_1221_privatelink.png[Multi-AZ AWS PrivateLink cluster deployed on private subnets]
 
 [id="osd-aws-reference-architecture.adoc_{context}"]
 == AWS reference architectures
diff --git a/modules/osd-aws-privatelink-config-dns-forwarding.adoc b/modules/osd-aws-privatelink-config-dns-forwarding.adoc
index 1da36ccdbdb6..f1e0d5d5349c 100644
--- a/modules/osd-aws-privatelink-config-dns-forwarding.adoc
+++ b/modules/osd-aws-privatelink-config-dns-forwarding.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osd-aws-privatelink-config-dns-forwarding_{context}"]
 = Configuring AWS PrivateLink DNS forwarding
 
diff --git a/modules/osd-aws-privatelink-firewall-prerequisites.adoc b/modules/osd-aws-privatelink-firewall-prerequisites.adoc
index 0313ca27cae1..40a02e8d876d 100644
--- a/modules/osd-aws-privatelink-firewall-prerequisites.adoc
+++ b/modules/osd-aws-privatelink-firewall-prerequisites.adoc
@@ -1,16 +1,27 @@
 // Module included in the following assemblies:
 //
+// * osd_planning/aws-ccs.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
+// * rosa_planning/rosa-hcp-prereqs.adoc
 
-:_content-type: PROCEDURE
+ifeval::["{context}" == "rosa-sts-aws-prereqs"]
+:fedramp:
+endif::[]
+ifeval::["{context}" == "rosa-hcp-aws-prereqs"]
+:fedramp:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
 [id="osd-aws-privatelink-firewall-prerequisites_{context}"]
 = AWS firewall prerequisites
 
+ifdef::openshift-rosa[]
 [IMPORTANT]
 ====
 Only ROSA clusters deployed with PrivateLink can use a firewall to control egress traffic.
 ====
+endif::[]
 
 This section provides the necessary details that enable you to control egress traffic from your {product-title} cluster. If you are using a firewall to control egress traffic, you must configure your firewall to grant access to the domain and port combinations below. {product-title} requires this access to provide a fully managed OpenShift service.
 
@@ -29,12 +40,12 @@ This section provides the necessary details that enable you to control egress tr
 |443
 |Provides core container images.
 
-|`*.quay.io`
+|`.quay.io`
 |443
 |Provides core container images.
 
 |`sso.redhat.com`
-|443, 80
+|443
 |Required. The `https://console.redhat.com/openshift` site uses authentication from `sso.redhat.com` to download the pull secret and use Red Hat SaaS solutions to facilitate monitoring of your subscriptions, cluster inventory, chargeback reporting, and so on.
 
 |`quay-registry.s3.amazonaws.com`
@@ -57,16 +68,16 @@ This section provides the necessary details that enable you to control egress tr
 |443
 |Provides {op-system-first} images.
 
-|`registry.access.redhat.com`
+|`registry.access.redhat.com` ^[1]^
 |443
-|Provides access to the `odo` CLI tool that helps developers build on OpenShift and Kubernetes.
+|Hosts all the container images that are stored on the Red Hat Ecosytem Catalog. Additionally, the registry provides access to the `odo` CLI tool that helps developers build on OpenShift and Kubernetes.
 
 |`registry.connect.redhat.com`
-|443, 80
+|443
 |Required for all third-party images and certified Operators.
 
 |`console.redhat.com`
-|443, 80
+|443
 |Required. Allows interactions between the cluster and OpenShift Console Manager to enable functionality, such as scheduling upgrades.
 
 |`sso.redhat.com`
@@ -86,7 +97,7 @@ This section provides the necessary details that enable you to control egress tr
 |The `openshift.org` site redirects through `www.okd.io`.
 
 |`www.redhat.com`
-|443, 80
+|443
 |The `sso.redhat.com` site redirects through `www.redhat.com`.
 
 |`aws.amazon.com`
@@ -96,13 +107,37 @@ This section provides the necessary details that enable you to control egress tr
 |`catalog.redhat.com`
 |443
 |The `registry.access.redhat.com` and `https://registry.redhat.io` sites redirect through `catalog.redhat.com`.
+
+|`dvbwgdztaeq9o.cloudfront.net` ^[2]^
+|443
+|Used by ROSA for STS implementation with managed OIDC configuration.
+
+ifdef::fedramp[]
+|`time-a-g.nist.gov`
+|123 ^[3]^
+|Allows NTP traffic for FedRAMP.
+
+|`time-a-wwv.nist.gov`
+|123 ^[3]^
+|Allows NTP traffic for FedRAMP.
+
+|`time-a-b.nist.gov`
+|123 ^[3]^
+|Allows NTP traffic for FedRAMP.
+endif::fedramp[]
 |===
-//[NOTE]
-//====
-//Creating a firewall with a ROSA private cluster (non-PrivateLink) is not supported.
-//====
 +
-When you add a site such as `quay.io` to your allowlist, do not add a wildcard entry such as `*.quay.io` to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a host name such as `cdn01.quay.io`.
+[.small]
+--
+1. In a firewall environment, ensure that the `access.redhat.com` resource is on the allowlist. This resource hosts a signature store that a container client requires for verifying images when pulling them from `registry.access.redhat.com`.
+2. The string of alphanumeric characters before `cloudfront.net` could change if there is a major cloudfront outage that requires redirecting the resource.
+ifdef::fedramp[]
+3. Both TCP and UDP ports.
+endif::fedramp[]
+
+--
++
+When you add a site such as `quay.io` to your allowlist, do not add a wildcard entry such as `.quay.io` to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a host name such as `cdn01.quay.io`.
 +
 CDN host names, such as `cdn01.quay.io`, are covered when you add a wildcard entry, such as `.quay.io`, in your allowlist.
 
@@ -142,7 +177,7 @@ CDN host names, such as `cdn01.quay.io`, are covered when you add a wildcard ent
 |===
 +
 Managed clusters require enabling telemetry to allow Red Hat to react more quickly to problems, better support the customers, and better understand how product upgrades impact clusters.
-See link:https://docs.openshift.com/container-platform/4.9/support/remote_health_monitoring/about-remote-health-monitoring.html[About remote health monitoring] for more information about how remote health monitoring data is used by Red Hat.
+For more information about how remote health monitoring data is used by Red Hat, see _About remote health monitoring_ in the _Additional resources_ section.
 
 . Allowlist the following Amazon Web Services (AWS) API URls:
 +
@@ -164,7 +199,7 @@ Alternatively, if you choose to not use a wildcard for Amazon Web Services (AWS)
 |443
 |Used to install and manage clusters in an AWS environment.
 
-|`events.amazonaws.com`
+|`events.<aws_region>.amazonaws.com`
 |443
 |Used to install and manage clusters in an AWS environment.
 
@@ -197,11 +232,11 @@ Alternatively, if you choose to not use a wildcard for Amazon Web Services (AWS)
 |Used to install and manage clusters in an AWS environment.
 
 |`servicequotas.<aws_region>.amazonaws.com`
-|443, 80
+|443
 |Required. Used to confirm quotas for deploying the service.
 
 |`tagging.<aws_region>.amazonaws.com`
-|443, 80
+|443
 |Allows the assignment of metadata about AWS resources in the form of tags.
 |===
 
@@ -246,7 +281,7 @@ Alternatively, if you choose to not use a wildcard for Amazon Web Services (AWS)
 |443
 |Alerting service used by {product-title} to send periodic pings that indicate whether the cluster is available and running.
 
-|`*.osdsecuritylogs.splunkcloud.com`
+|`.osdsecuritylogs.splunkcloud.com`
 OR
 `inputs1.osdsecuritylogs.splunkcloud.com`
 `inputs2.osdsecuritylogs.splunkcloud.com`
@@ -274,6 +309,24 @@ OR
 |The SFTP server used by `must-gather-operator` to upload diagnostic logs to help troubleshoot issues with the cluster.
 |===
 
+. Allowlist the following URLs for optional third-party content:
++
+[cols="6,1,6",options="header"]
+|===
+|Domain | Port | Function
+|`registry.connect.redhat.com`
+| 443
+| Required for all third-party-images and certified operators.
+
+|`rhc4tp-prod-z8cxf-image-registry-us-east-1-evenkyleffocxqvofrk.s3.dualstack.us-east-1.amazonaws.com`
+| 443
+| Provides access to container images hosted on `registry.connect.redhat.com`
+
+|`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
+| 443
+| Required for Sonatype Nexus, F5 Big IP operators.
+|===
+
 . If you did not allow a wildcard for Amazon Web Services (AWS) APIs, you must also allow the S3 bucket used for the internal OpenShift registry. To retrieve that endpoint, run the following command after the cluster is successfully provisioned:
 +
 [source,terminal]
@@ -281,7 +334,19 @@ OR
 $ oc -n openshift-image-registry get pod -l docker-registry=default -o json | jq '.items[].spec.containers[].env[] | select(.name=="REGISTRY_STORAGE_S3_BUCKET")'
 ----
 +
-The S3 endpoint should be in the following format: '<cluster-name>-<random-string>-image-registry-<cluster-region>-<random-string>.s3.dualstack.<cluster-region>.amazonaws.com'.
+The S3 endpoint should be in the following format:
++
+[source,terminal]
+----
+'<cluster-name>-<random-string>-image-registry-<cluster-region>-<random-string>.s3.dualstack.<cluster-region>.amazonaws.com'.
+----
 
 . Allowlist any site that provides resources for a language or framework that your builds require.
 . Allowlist any outbound URLs that depend on the languages and frameworks used in OpenShift. See link:https://access.redhat.com/solutions/2998411[OpenShift Outbound URLs to Allow] for a list of recommended URLs to be allowed on the firewall or proxy.
+
+ifeval::["{context}" == "rosa-sts-aws-prereqs"]
+:!fedramp:
+endif::[]
+ifeval::["{context}" == "rosa-hcp-aws-prereqs"]
+:!fedramp:
+endif::[]
diff --git a/modules/osd-aws-vpc-required-resources.adoc b/modules/osd-aws-vpc-required-resources.adoc
index 44372e166bd6..2233f1550f4c 100644
--- a/modules/osd-aws-vpc-required-resources.adoc
+++ b/modules/osd-aws-vpc-required-resources.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 //
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osd-aws-vpc-required-resources_{context}"]
 = Amazon VPC Requirements for non-PrivateLink ROSA clusters
 
@@ -11,6 +11,6 @@ To create an Amazon VPC, You must have the following:
 
 * An internet gateway,
 * A NAT gateway,
-* Private and public subnets that have internet connectivity provided to install required components. 
+* Private and public subnets that have internet connectivity provided to install required components.
 
 You must have at least one single private and public subnet for Single-AZ clusters, and you need at least three private and public subnets for Multi-AZ clusters.
\ No newline at end of file
diff --git a/modules/osd-create-cluster-ccs.adoc b/modules/osd-create-cluster-ccs.adoc
index 5bac0df17d77..7b2473cdee86 100644
--- a/modules/osd-create-cluster-ccs.adoc
+++ b/modules/osd-create-cluster-ccs.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "osd-creating-a-cluster-on-gcp"]
 :osd-on-gcp:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 ifdef::osd-on-aws[]
 [id="osd-create-aws-cluster-ccs_{context}"]
 = Creating a cluster on AWS with CCS
@@ -62,10 +62,10 @@ The project name must be 10 characters or less.
 * You have an IAM service account in GCP called `osd-ccs-admin` with the following roles attached:
   ** Compute Admin
   ** DNS Administrator
-  ** IAM Security Admin
+  ** Security Admin
   ** Service Account Admin
   ** Service Account Key Admin
-  ** Service Account User  
+  ** Service Account User
   ** Organization Policy Viewer
   ** Service Management Administrator
   ** Service Usage Admin
@@ -134,20 +134,51 @@ endif::osd-on-gcp[]
 .. Select a cluster version from the *Version* drop-down menu.
 .. Select a cloud provider region from the *Region* drop-down menu.
 .. Select a *Single zone* or *Multi-zone* configuration.
++
+ifdef::osd-on-gcp[]
+.. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
++
+[IMPORTANT]
+====
+To successfully create a cluster, you must select *Enable Secure Boot support for Shielded VMs* if your organization has the policy constraint `constraints/compute.requireShieldedVm` enabled. For more information regarding GCP organizational policy constraints, see link:https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints[Organization policy constraints].
+====
++
+endif::osd-on-gcp[]
 .. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
+ifdef::osd-on-gcp[]
+. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
+
+.. Select *Use Custom KMS keys* to use custom KMS keys. If you prefer not to use custom KMS keys, leave the default setting *Use default KMS Keys*.
++
+[IMPORTANT]
+====
+To use custom KMS keys, the IAM service account `osd-ccs-admin` must be granted the *Cloud KMS CryptoKey Encrypter/Decrypter* role. For more information about granting roles on a resource, see link:https://cloud.google.com/kms/docs/iam#granting_roles_on_a_resource[Granting roles on a resource].
+====
++
+With *Use Custom KMS keys* selected:
+
+... Select a key ring location from the *Key ring location* drop-down menu.
+... Select a key ring from the *Key ring* drop-down menu.
+... Select a key name from the *Key name* drop-down menu.
+... Provide the *KMS Service Account*.
++
+endif::osd-on-gcp[]
 .. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
 +
 [NOTE]
 ====
 By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
 ====
-.. Optional: Select *Encrypt persistent volumes with customer keys* if you want to provide your own
-ifdef::osd-on-aws[]
-AWS Key Management Service (KMS) key Amazon Resource Name (ARN).
-endif::osd-on-aws[]
++
 ifdef::osd-on-gcp[]
-encryption keys through the Google Cloud Key Management Service.
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
 endif::osd-on-gcp[]
+ifdef::osd-on-aws[]
+.. Optional: Select *Encrypt persistent volumes with customer keys* if you want to provide your own
+AWS Key Management Service (KMS) key Amazon Resource Name (ARN).
+// ifdef::osd-on-gcp[]
+// encryption keys through the Google Cloud Key Management Service.
+// endif::osd-on-gcp[]
 The key is used for encrypting all control plane, infrastructure, worker node root volumes, and persistent volumes in your cluster.
 +
 [IMPORTANT]
@@ -156,7 +187,7 @@ Only persistent volumes (PVs) created from the default storage class are encrypt
 
 PVs created by using any other storage class are still encrypted, but the PVs are not encrypted with this key unless the storage class is specifically configured to use this key.
 ====
-
+endif::osd-on-aws[]
 .. Click *Next*.
 
 . On the *Default machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.
@@ -166,6 +197,25 @@ PVs created by using any other storage class are still encrypted, but the PVs ar
 After your cluster is created, you can change the number of compute nodes in your cluster, but you cannot change the compute node instance type in a machine pool. The number and types of nodes available to you depend on your {product-title} subscription.
 ====
 
+ifdef::osd-on-aws[]
+. Choose your preference for the Instance Metadata Service (IMDS) type, either using both IMDSv1 and IMDSv2 types or requiring your EC2 instances to use only IMDSv2. You can access instance metadata from a running instance in two ways:
++
+* Instance Metadata Service Version 1 (IMDSv1) - a request/response method
+* Instance Metadata Service Version 2 (IMDSv2) - a session-oriented method
++
+[IMPORTANT]
+====
+The Instance Metadata Service settings cannot be changed after your cluster is created.
+====
++
+[NOTE]
+====
+IMDSv2 uses session-oriented requests. With session-oriented requests, you create a session token that defines the session duration, which can range from a minimum of one second to a maximum of six hours. During the specified duration, you can use the same session token for subsequent requests. After the specified duration expires, you must create a new session token to use for future requests.
+====
++
+For more information regarding IMDS, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html[Instance metadata and user data] in the AWS documentation.
+endif::osd-on-aws[]
+
 . Optional: Expand *Edit node labels* to add labels to your nodes. Click *Add label* to add more node labels and select *Next*.
 
 . On the *Network configuration* page, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
@@ -187,14 +237,35 @@ The *Use a PrivateLink* option cannot be changed after a cluster is created.
 +
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
 endif::osd-on-aws[]
+
 ifdef::osd-on-gcp[]
 . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
 .. Select *Install into an existing VPC*.
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
 endif::osd-on-gcp[]
-
++
 . Click *Next*.
 
+ifdef::osd-on-gcp[]
+. Optional: To install the cluster into a GCP Shared VPC:
++
+[IMPORTANT]
+====
+
+To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+====
+
+.. Select *Install into GCP Shared VPC*.
+.. Specify the *Host project ID*. If the specified host project ID is incorrect, cluster creation fails.
++
+[IMPORTANT]
+====
+Once you complete the steps within the cluster configuration wizard and click *Create Cluster*, the cluster will go into the "Installation Waiting" state. At this point, you must contact the VPC owner of the host project, who must assign the dynamically-generated service account the following roles: *Computer Network Administrator*, *Compute Security Administrator*, and *DNS Administrator*.
+The VPC owner of the host project has 30 days to grant the listed permissions before the cluster creation fails.
+For information about Shared VPC permissions, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision Shared VPC].
+====
+endif::osd-on-gcp[]
++
 . If you opted to install the cluster in an existing
 ifdef::osd-on-aws[]
 AWS
@@ -202,7 +273,8 @@ endif::osd-on-aws[]
 ifdef::osd-on-gcp[]
 GCP
 endif::osd-on-gcp[]
-VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*. You must have created the Cloud network address translation (NAT) and a Cloud router. See the additional resources for information about Cloud NATs and Google VPCs.
+VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
+You must have created the Cloud network address translation (NAT) and a Cloud router. See the "Additional resources" section for information about Cloud NATs and Google VPCs.
 ifdef::osd-on-aws[]
 +
 [NOTE]
@@ -210,7 +282,20 @@ ifdef::osd-on-aws[]
 You must ensure that your VPC is configured with a public and a private subnet for each availability zone that you want the cluster installed into. If you opted to use PrivateLink, only private subnets are required.
 ====
 endif::osd-on-aws[]
-
+ifdef::osd-on-gcp[]
++
+[NOTE]
+====
+If you are installing a cluster into a Shared VPC, the VPC name and subnets are shared from the host project.
+====
+endif::osd-on-gcp[]
+ifdef::osd-on-aws[]
+.. Optional: Expand *Additional security groups* and select additional custom security groups to apply to nodes in the machine pools that are created by default. You must have already created the security groups and associated them with the VPC that you selected for this cluster. You cannot add or edit security groups to the default machine pools after you create the cluster.
++
+By default, the security groups you specify are added for all node types. Clear the *Apply the same security groups to all node types* checkbox to apply different security groups for each node type.
++
+For more information, see the requirements for _Security groups_ under _Additional resources_.
+endif::osd-on-aws[]
 . If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page:
 +
 --
@@ -249,7 +334,7 @@ CIDR configurations cannot be changed later. Confirm your selections with your n
 +
 [NOTE]
 ====
-You can review the end-of-life dates in the update life cycle documentation for {product-title}. For more information, see _{product-title} update life cycle_.
+You can review the end-of-life dates in the update lifecycle documentation for {product-title}. For more information, see link:https://access.redhat.com/documentation/en-us/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#osd-life-cycle[OpenShift Dedicated update life cycle].
 ====
 +
 .. Provide administrator approval based on your cluster update method:
@@ -267,6 +352,13 @@ In the event of critical security concerns that significantly impact the securit
 ====
 
 . Review the summary of your selections and click *Create cluster* to start the cluster installation. The installation takes approximately 30-40 minutes to complete.
++
+ifdef::osd-on-gcp[]
+[NOTE]
+====
+If you delete a cluster that was installed into a GCP Shared VPC, inform the VPC owner of the host project to remove the IAM policy roles granted to the service account that was referenced during cluster creation.
+====
+endif::osd-on-gcp[]
 
 .Verification
 
diff --git a/modules/osd-create-cluster-gcp-account.adoc b/modules/osd-create-cluster-gcp-account.adoc
new file mode 100644
index 000000000000..f5c6e38a319c
--- /dev/null
+++ b/modules/osd-create-cluster-gcp-account.adoc
@@ -0,0 +1,189 @@
+// Module included in the following assemblies:
+//
+// * osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osd-create-cluster-gcp-account_{context}"]
+= Creating a cluster on GCP with Google Cloud Marketplace
+
+When creating an {product-title} (OSD) cluster on Google Cloud through the OpenShift Cluster Manager Hybrid Cloud Console, customers can select Google Cloud Marketplace as their preferred billing model. This billing model allows Red Hat customers to take advantage of their link:https://cloud.google.com/docs/cuds[Google Committed Use Discounts (CUD)] towards {product-title} purchased through the Google Cloud Marketplace. Additionally, OSD pricing is consumption-based and customers are billed directly through their Google Cloud account.
+
+.Procedure
+
+. Log in to {cluster-manager-url} and click *Create cluster*.
+
+. In the *Cloud* tab, click *Create cluster* in the *Red Hat OpenShift Dedicated* row.
+
+. Under *Billing model*, configure the subscription type and infrastructure type:
+.. Select the *On-Demand* subscription type.
+.. From the drop-down menu, select *Google Cloud Marketplace*.
+.. Select the *Customer Cloud Subscription* infrastructure type.
+.. Click *Next*.
+. On the *Cloud provider* page, read the provided prerequisites and the Google terms and conditions. Add your service account key.
+.. Click the *Review Google Terms and Agreements* link.
+.. To continue creating the cluster, click the checkbox indicating that you agree to the Google terms and agreements.
+.. Add your service account key.
++
+[NOTE]
+====
+For more information about service account keys, click the information icon located next to *Service account key*.
+====
+.. Click *Next* to validate your cloud provider account and go to the *Cluster details* page.
+. On the *Cluster details* page, provide a name for your cluster and specify the cluster details:
+.. Add a *Cluster name*.
+.. Select a cluster version from the *Version* drop-down menu.
+.. Select a cloud provider region from the *Region* drop-down menu.
+.. Select a *Single zone* or *Multi-zone* configuration.
++
+.. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
++
+[IMPORTANT]
+====
+To successfully create a cluster, you must select *Enable Secure Boot support for Shielded VMs* if your organization has the policy constraint `constraints/compute.requireShieldedVm` enabled. For more information regarding GCP organizational policy constraints, see link:https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints[Organization policy constraints].
+====
++
+.. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
+
+. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
+
+.. Select *Use Custom KMS keys* to use custom KMS keys. If you prefer not to use custom KMS keys, leave the default setting *Use default KMS Keys*.
++
+[IMPORTANT]
+====
+To use custom KMS keys, the IAM service account `osd-ccs-admin` must be granted the *Cloud KMS CryptoKey Encrypter/Decrypter* role. For more information about granting roles on a resource, see link:https://cloud.google.com/kms/docs/iam#granting_roles_on_a_resource[Granting roles on a resource].
+====
++
+With *Use Custom KMS keys* selected:
+
+... Select a key ring location from the *Key ring location* drop-down menu.
+... Select a key ring from the *Key ring* drop-down menu.
+... Select a key name from the *Key name* drop-down menu.
+... Provide the *KMS Service Account*.
+
++
+.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
+With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
++
+[NOTE]
+====
+By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
+====
++
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
++
+. Click *Next*.
+
+. On the *Machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.
++
+[NOTE]
+====
+After your cluster is created, you can change the number of compute nodes, but you cannot change the compute node instance type in a created machine pool. You can add machine pools after installation that use a customized instance type. The number and types of nodes available to you depend on your {product-title} subscription.
+====
+
+. Optional: Expand *Add node labels* to add labels to your nodes. Click *Add additional label* to add more node labels.
+
+. Click *Next*.
+
+. In the *Cluster privacy* dialog, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
++
+. Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
+.. Select *Install into an existing VPC*.
+.. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
+
++
+. Click *Next*.
++
+
+. Optional: To install the cluster into a GCP Shared VPC:
++
+[IMPORTANT]
+====
+
+To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+====
+
+.. Select *Install into GCP Shared VPC*.
+.. Specify the *Host project ID*. If the specified host project ID is incorrect, cluster creation fails.
++
+[IMPORTANT]
+====
+Once you complete the steps within the cluster configuration wizard and click *Create Cluster*, the cluster will go into the "Installation Waiting" state. At this point, you must contact the VPC owner of the host project, who must assign the dynamically-generated service account the following roles: *Computer Network Administrator*, *Compute Security Administrator*, and *DNS Administrator*.
+The VPC owner of the host project has 30 days to grant the listed permissions before the cluster creation fails.
+For information about Shared VPC permissions, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision Shared VPC].
+====
++
+. If you opted to install the cluster in an existing GCP VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
+You must have created the Cloud network address translation (NAT) and a Cloud router. See the "Additional resources" section for information about Cloud NATs and Google VPCs.
+
++
+[NOTE]
+====
+If you are installing a cluster into a Shared VPC, the VPC name and subnets are shared from the host project.
+====
++
+. Click *Next*.
+. If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page:
++
+--
+.. Enter a value in at least one of the following fields:
+** Specify a valid *HTTP proxy URL*.
+** Specify a valid *HTTPS proxy URL*.
+** In the *Additional trust bundle* field, provide a PEM encoded X.509 certificate bundle. The bundle is added to the trusted certificate store for the cluster nodes. An additional trust bundle file is required unless the identity certificate for the proxy is signed by an authority from the {op-system-first} trust bundle.
++
+If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional certificate authorities (CAs), you must provide the MITM CA certificate.
++
+[NOTE]
+====
+If you upload an additional trust bundle file without specifying an HTTP or HTTPS proxy URL, the bundle is set on the cluster but is not configured to be used with the proxy.
+====
+.. Click *Next*.
+--
++
+For more information about configuring a proxy with {product-title}, see _Configuring a cluster-wide proxy_.
+
++
+. In the *CIDR ranges* dialog, configure custom classless inter-domain routing (CIDR) ranges or use the defaults that are provided.
++
+[IMPORTANT]
+====
+CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.
+
+If the cluster privacy is set to *Private*, you cannot access your cluster until you configure private connections in your cloud provider.
+====
+
+. On the *Cluster update strategy* page, configure your update preferences:
+.. Choose a cluster update method:
+** Select *Individual updates* if you want to schedule each update individually. This is the default option.
+** Select *Recurring updates* to update your cluster on your preferred day and start time, when updates are available.
++
+[NOTE]
+====
+You can review the end-of-life dates in the update lifecycle documentation for {product-title}. For more information, see link:https://access.redhat.com/documentation/en-us/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#osd-life-cycle[OpenShift Dedicated update life cycle].
+====
++
+.. Provide administrator approval based on your cluster update method:
+** Individual updates: If you select an update version that requires approval, provide an administrator’s acknowledgment and click *Approve and continue*.
+** Recurring updates: If you selected recurring updates for your cluster, provide an administrator’s acknowledgment and click *Approve and continue*. {cluster-manager} does not start scheduled y-stream updates for minor versions without receiving an administrator’s acknowledgment.
++
+For information about administrator acknowledgment, see xref:./../upgrading/osd-upgrading-cluster-prepare.adoc#upgrade-49-acknowledgement_osd-updating-cluster-prepare[Administrator acknowledgment when upgrading to OpenShift 4.9].
+.. If you opted for recurring updates, select a preferred day of the week and upgrade start time in UTC from the drop-down menus.
+.. Optional: You can set a grace period for *Node draining* during cluster upgrades. A *1 hour* grace period is set by default.
+.. Click *Next*.
++
+[NOTE]
+====
+In the event of critical security concerns that significantly impact the security or stability of a cluster, Red Hat Site Reliability Engineering (SRE) might schedule automatic updates to the latest z-stream version that is not impacted. The updates are applied within 48 hours after customer notifications are provided. For a description of the critical impact security rating, see link:https://access.redhat.com/security/updates/classification[Understanding Red Hat security ratings].
+====
+
+. Review the summary of your selections and click *Create cluster* to start the cluster installation. The installation takes approximately 30-40 minutes to complete.
+
+.Verification
+
+* You can monitor the progress of the installation in the *Overview* page for your cluster. You can view the installation logs on the same page. Your cluster is ready when the *Status* in the *Details* section of the page is listed as *Ready*.
+
+ifeval::["{context}" == "osd-creating-a-cluster-on-aws"]
+:!osd-on-aws:
+endif::[]
+ifeval::["{context}" == "osd-creating-a-cluster-on-gcp"]
+:!osd-on-gcp:
+endif::[]
diff --git a/modules/osd-create-cluster-red-hat-account.adoc b/modules/osd-create-cluster-red-hat-account.adoc
index 665f1998d549..2e6eba887716 100644
--- a/modules/osd-create-cluster-red-hat-account.adoc
+++ b/modules/osd-create-cluster-red-hat-account.adoc
@@ -10,7 +10,7 @@ ifeval::["{context}" == "osd-creating-a-cluster-on-gcp"]
 :osd-on-gcp:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 ifdef::osd-on-aws[]
 [id="osd-create-aws-cluster-red-hat-account_{context}"]
 = Creating a cluster on AWS with a Red Hat cloud account
@@ -61,6 +61,16 @@ and click *Next*.
 .. Select a cluster version from the *Version* drop-down menu.
 .. Select a cloud provider region from the *Region* drop-down menu.
 .. Select a *Single zone* or *Multi-zone* configuration.
++
+ifdef::osd-on-gcp[]
+.. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
++
+[IMPORTANT]
+====
+To successfully create a cluster, you must select *Enable Secure Boot support for Shielded VMs* if your organization has the policy constraint `constraints/compute.requireShieldedVm` enabled. For more information regarding GCP organizational policy constraints, see link:https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints[Organization policy constraints].
+====
++
+endif::osd-on-gcp[]
 .. Select a *Persistent storage* capacity for the cluster. For more information, see the _Storage_ section in the {product-title} service definition.
 .. Specify the number of *Load balancers* that you require for your cluster. For more information, see the _Load balancers_ section in the {product-title} service definition.
 .. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
@@ -101,7 +111,7 @@ If the cluster privacy is set to *Private*, you cannot access your cluster until
 +
 [NOTE]
 ====
-You can review the end-of-life dates in the update life cycle documentation for {product-title}. For more information, see _{product-title} update life cycle_.
+You can review the end-of-life dates in the update lifecycle documentation for {product-title}. For more information, see link:https://access.redhat.com/documentation/en-us/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#osd-life-cycle[OpenShift Dedicated update life cycle].
 ====
 +
 .. Provide administrator approval based on your cluster update method:
diff --git a/modules/osd-create-cluster-rhm-gcp-account.adoc b/modules/osd-create-cluster-rhm-gcp-account.adoc
new file mode 100644
index 000000000000..e132a432aa0b
--- /dev/null
+++ b/modules/osd-create-cluster-rhm-gcp-account.adoc
@@ -0,0 +1,188 @@
+// Module included in the following assemblies:
+//
+// * osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osd-create-cluster-rhm-gcp-account_{context}"]
+= Creating a cluster on GCP with Red Hat Marketplace
+
+When creating an {product-title} (OSD) cluster on Google Cloud through the OpenShift Cluster Manager Hybrid Cloud Console, customers can select Red Hat Marketplace as their preferred billing model.
+OSD pricing is consumption-based and customers are billed directly through their Red Hat Marketplace account.
+
+.Procedure
+
+. Log in to {cluster-manager-url} and click *Create cluster*.
+
+. In the *Cloud* tab, click *Create cluster* in the *Red Hat OpenShift Dedicated* row.
+
+. Under *Billing model*, configure the subscription type and infrastructure type:
+.. Select the *On-Demand* subscription type.
+.. From the drop-down menu, select *Red Hat Marketplace*.
+.. Click *Next*.
+. On the *Cloud provider* page:
+.. Select *Google Cloud* as your cloud provider.
+.. Click the checkbox indicating that you have read and completed all the prerequisites necessary to continue creating your cluster.
+.. Add your service account key.
++
+[NOTE]
+====
+For more information about service account keys, click the information icon located next to *Service account key*.
+====
+.. Click *Next* to validate your cloud provider account and go to the *Cluster details* page.
+. On the *Cluster details* page, provide a name for your cluster and specify the cluster details:
+.. Add a *Cluster name*.
+.. Select a cluster version from the *Version* drop-down menu.
+.. Select a cloud provider region from the *Region* drop-down menu.
+.. Select a *Single zone* or *Multi-zone* configuration.
++
+.. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
++
+[IMPORTANT]
+====
+To successfully create a cluster, you must select *Enable Secure Boot support for Shielded VMs* if your organization has the policy constraint `constraints/compute.requireShieldedVm` enabled. For more information regarding GCP organizational policy constraints, see link:https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints[Organization policy constraints].
+====
++
+.. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
+
+. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
+
+.. Select *Use Custom KMS keys* to use custom KMS keys. If you prefer not to use custom KMS keys, leave the default setting *Use default KMS Keys*.
++
+[IMPORTANT]
+====
+To use custom KMS keys, the IAM service account `osd-ccs-admin` must be granted the *Cloud KMS CryptoKey Encrypter/Decrypter* role. For more information about granting roles on a resource, see link:https://cloud.google.com/kms/docs/iam#granting_roles_on_a_resource[Granting roles on a resource].
+====
++
+With *Use Custom KMS keys* selected:
+
+... Select a key ring location from the *Key ring location* drop-down menu.
+... Select a key ring from the *Key ring* drop-down menu.
+... Select a key name from the *Key name* drop-down menu.
+... Provide the *KMS Service Account*.
+
++
+.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
+With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
++
+[NOTE]
+====
+By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
+====
++
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
++
+. Click *Next*.
+
+. On the *Machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.
++
+[NOTE]
+====
+After your cluster is created, you can change the number of compute nodes, but you cannot change the compute node instance type in a created machine pool. You can add machine pools after installation that use a customized instance type. The number and types of nodes available to you depend on your {product-title} subscription.
+====
+
+. Optional: Expand *Add node labels* to add labels to your nodes. Click *Add additional label* to add more node labels.
+
+. Click *Next*.
+
+. In the *Cluster privacy* dialog, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
++
+. Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
+.. Select *Install into an existing VPC*.
+.. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
+
++
+. Click *Next*.
++
+
+. Optional: To install the cluster into a GCP Shared VPC:
++
+[IMPORTANT]
+====
+
+To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+====
+
+.. Select *Install into GCP Shared VPC*.
+.. Specify the *Host project ID*. If the specified host project ID is incorrect, cluster creation fails.
++
+[IMPORTANT]
+====
+Once you complete the steps within the cluster configuration wizard and click *Create Cluster*, the cluster will go into the "Installation Waiting" state. At this point, you must contact the VPC owner of the host project, who must assign the dynamically-generated service account the following roles: *Computer Network Administrator*, *Compute Security Administrator*, and *DNS Administrator*.
+The VPC owner of the host project has 30 days to grant the listed permissions before the cluster creation fails.
+For information about Shared VPC permissions, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision Shared VPC].
+====
++
+. If you opted to install the cluster in an existing GCP VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
+You must have created the Cloud network address translation (NAT) and a Cloud router. See the "Additional resources" section for information about Cloud NATs and Google VPCs.
++
+[NOTE]
+====
+If you are installing a cluster into a Shared VPC, the VPC name and subnets are shared from the host project.
+====
++
+. Click *Next*.
+. If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page:
++
+--
+.. Enter a value in at least one of the following fields:
+** Specify a valid *HTTP proxy URL*.
+** Specify a valid *HTTPS proxy URL*.
+** In the *Additional trust bundle* field, provide a PEM encoded X.509 certificate bundle. The bundle is added to the trusted certificate store for the cluster nodes. An additional trust bundle file is required unless the identity certificate for the proxy is signed by an authority from the {op-system-first} trust bundle.
++
+If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional certificate authorities (CAs), you must provide the MITM CA certificate.
++
+[NOTE]
+====
+If you upload an additional trust bundle file without specifying an HTTP or HTTPS proxy URL, the bundle is set on the cluster but is not configured to be used with the proxy.
+====
+.. Click *Next*.
+--
++
+For more information about configuring a proxy with {product-title}, see _Configuring a cluster-wide proxy_.
+
++
+. In the *CIDR ranges* dialog, configure custom classless inter-domain routing (CIDR) ranges or use the defaults that are provided.
++
+[IMPORTANT]
+====
+CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.
+
+If the cluster privacy is set to *Private*, you cannot access your cluster until you configure private connections in your cloud provider.
+====
+
+. On the *Cluster update strategy* page, configure your update preferences:
+.. Choose a cluster update method:
+** Select *Individual updates* if you want to schedule each update individually. This is the default option.
+** Select *Recurring updates* to update your cluster on your preferred day and start time, when updates are available.
++
+[NOTE]
+====
+You can review the end-of-life dates in the update lifecycle documentation for {product-title}. For more information, see link:https://access.redhat.com/documentation/en-us/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#osd-life-cycle[OpenShift Dedicated update life cycle].
+====
++
+.. Provide administrator approval based on your cluster update method:
+** Individual updates: If you select an update version that requires approval, provide an administrator’s acknowledgment and click *Approve and continue*.
+** Recurring updates: If you selected recurring updates for your cluster, provide an administrator’s acknowledgment and click *Approve and continue*. {cluster-manager} does not start scheduled y-stream updates for minor versions without receiving an administrator’s acknowledgment.
++
+For information about administrator acknowledgment, see xref:./../upgrading/osd-upgrading-cluster-prepare.adoc#upgrade-49-acknowledgement_osd-updating-cluster-prepare[Administrator acknowledgment when upgrading to OpenShift 4.9].
+.. If you opted for recurring updates, select a preferred day of the week and upgrade start time in UTC from the drop-down menus.
+.. Optional: You can set a grace period for *Node draining* during cluster upgrades. A *1 hour* grace period is set by default.
+.. Click *Next*.
++
+[NOTE]
+====
+In the event of critical security concerns that significantly impact the security or stability of a cluster, Red Hat Site Reliability Engineering (SRE) might schedule automatic updates to the latest z-stream version that is not impacted. The updates are applied within 48 hours after customer notifications are provided. For a description of the critical impact security rating, see link:https://access.redhat.com/security/updates/classification[Understanding Red Hat security ratings].
+====
+
+. Review the summary of your selections and click *Create cluster* to start the cluster installation. The installation takes approximately 30-40 minutes to complete.
+
+.Verification
+
+* You can monitor the progress of the installation in the *Overview* page for your cluster. You can view the installation logs on the same page. Your cluster is ready when the *Status* in the *Details* section of the page is listed as *Ready*.
+
+ifeval::["{context}" == "osd-creating-a-cluster-on-aws"]
+:!osd-on-aws:
+endif::[]
+ifeval::["{context}" == "osd-creating-a-cluster-on-gcp"]
+:!osd-on-gcp:
+endif::[]
diff --git a/modules/osd-grant-admin-privileges.adoc b/modules/osd-grant-admin-privileges.adoc
index 6c46b38e6e4b..5d3f12a5ddb7 100644
--- a/modules/osd-grant-admin-privileges.adoc
+++ b/modules/osd-grant-admin-privileges.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
 // * osd_getting_started/osd-getting-started.adoc
+// * using-rbac.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osd-grant-admin-privileges_{context}"]
 = Granting administrator privileges to a user
 
diff --git a/modules/osd-intro.adoc b/modules/osd-intro.adoc
index 0739786f3301..c63e200a19e9 100644
--- a/modules/osd-intro.adoc
+++ b/modules/osd-intro.adoc
@@ -5,7 +5,7 @@
 [id="osd-intro_{context}"]
 = An overview of {product-title}
 
-{product-title} is professionally managed by Red Hat and hosted on {AWS} or {GCP}. Each {product-title} cluster comes with a fully managed link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/architecture/control-plane[control plane] (Control and Infrastructure nodes), application nodes, installation and management by Red Hat Site Reliability Engineers (SRE), premium Red Hat Support, and cluster services such as logging, metrics, monitoring, notifications portal, and a cluster portal.
+{product-title} is professionally managed by Red Hat and hosted on {AWS} or {GCP}. Each {product-title} cluster comes with a fully managed link:https://access.redhat.com/documentation/en-us/openshift_container_platform/{ocp-version}/html/architecture/control-plane[control plane] (Control and Infrastructure nodes), application nodes, installation and management by Red Hat Site Reliability Engineers (SRE), premium Red Hat Support, and cluster services such as logging, metrics, monitoring, notifications portal, and a cluster portal.
 
 {product-title} provides enterprise-ready enhancements to Kubernetes, including the following enhancements:
 
@@ -15,7 +15,7 @@
 
 * Open source development model. Development is completed in the open, and the source code is available from public software repositories. This open collaboration fosters rapid innovation and development.
 
-To learn about options for assets you can create when you build and deploy containerized Kubernetes applications in {OCP}, see link:https://docs.openshift.com/container-platform/4.7/architecture/understanding-development.html[Understanding {OCP} development] in the {OCP} documentation.
+To learn about options for assets you can create when you build and deploy containerized Kubernetes applications in {OCP}, see link:https://docs.openshift.com/container-platform/{ocp-version}/architecture/understanding-development.html[Understanding {OCP} development].
 
 
 [id="rhcos_{context}"]
diff --git a/modules/osd-monitoring-assigning-tolerations-to-monitoring-components.adoc b/modules/osd-monitoring-assigning-tolerations-to-monitoring-components.adoc
deleted file mode 100644
index 12a7013bd1d6..000000000000
--- a/modules/osd-monitoring-assigning-tolerations-to-monitoring-components.adoc
+++ /dev/null
@@ -1,69 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="assigning-tolerations-to-monitoring-components_{context}"]
-= Assigning tolerations to components that monitor user-defined projects
-
-You can assign tolerations to the components that monitor user-defined projects, to enable moving them to tainted worker nodes. Scheduling is not permitted on control plane or infrastructure nodes.
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` namespace.
-* The OpenShift CLI (`oc`) is installed.
-
-.Procedure
-
-. Edit the `ConfigMap` object:
-.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-.. Specify `tolerations` for the component:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    <component>:
-      tolerations:
-        <toleration_specification>
-----
-+
-Substitute `<component>` and `<toleration_specification>` accordingly.
-+
-For example, `oc adm taint nodes node1 key1=value1:NoSchedule` adds a taint to `node1` with the key `key1` and the value `value1`. This prevents monitoring components from deploying pods on `node1` unless a toleration is configured for that taint. The following example configures the `thanosRuler` component to tolerate the example taint:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    thanosRuler:
-      tolerations:
-      - key: "key1"
-        operator: "Equal"
-        value: "value1"
-        effect: "NoSchedule"
-----
-
-. Save the file to apply the changes. The new component placement configuration is applied automatically.
-+
-[WARNING]
-====
-When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
diff --git a/modules/osd-monitoring-components-for-monitoring-user-defined-projects.adoc b/modules/osd-monitoring-components-for-monitoring-user-defined-projects.adoc
deleted file mode 100644
index bba180d3bf1c..000000000000
--- a/modules/osd-monitoring-components-for-monitoring-user-defined-projects.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-understanding-the-monitoring-stack.adoc
-
-[id="components-for-monitoring-user-defined-projects_{context}"]
-= Components for monitoring user-defined projects
-
-{product-title} includes an optional enhancement to the monitoring stack that enables you to monitor services and pods in user-defined projects. This feature includes the following components:
-
-.Components for monitoring user-defined projects
-[cols="1,2",options="header"]
-|===
-
-|Component|Description
-
-|Prometheus Operator
-|The Prometheus Operator in the `openshift-user-workload-monitoring` project creates, configures, and manages Prometheus and Thanos Ruler instances in the same project.
-
-|Prometheus
-|Prometheus is the monitoring system through which monitoring is provided for user-defined projects. Prometheus sends alerts to Alertmanager for processing. However, alert routing is not currently supported.
-
-|Thanos Ruler
-|The Thanos Ruler is a rule evaluation engine for Prometheus that is deployed as a separate process. In {product-title} {product-version}, Thanos Ruler provides rule and alerting evaluation for the monitoring of user-defined projects.
-
-|===
-
-// TODO: Just checking that the {product-version} is correct and replaces properly for dedicated
-
-All of these components are monitored by the stack and are automatically updated when {product-title} is updated.
diff --git a/modules/osd-monitoring-configurable-monitoring-components.adoc b/modules/osd-monitoring-configurable-monitoring-components.adoc
deleted file mode 100644
index fb466dfd837c..000000000000
--- a/modules/osd-monitoring-configurable-monitoring-components.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-[id="configurable-monitoring-components_{context}"]
-= Configurable monitoring components
-
-This table shows the monitoring components you can configure and the keys used to specify the components in the `user-workload-monitoring-config` `ConfigMap` objects:
-
-.Configurable monitoring components
-[options="header"]
-|===
-|Component |user-workload-monitoring-config config map key
-|Prometheus Operator |`prometheusOperator`
-|Prometheus |`prometheus`
-|Thanos Ruler |`thanosRuler`
-|===
diff --git a/modules/osd-monitoring-configuring-a-local-persistent-volume-claim.adoc b/modules/osd-monitoring-configuring-a-local-persistent-volume-claim.adoc
deleted file mode 100644
index 18935c9b3e52..000000000000
--- a/modules/osd-monitoring-configuring-a-local-persistent-volume-claim.adoc
+++ /dev/null
@@ -1,96 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="configuring-a-local-persistent-volume-claim_{context}"]
-= Configuring a local persistent volume claim
-
-For monitoring components to use a persistent volume (PV), you must configure a persistent volume claim (PVC).
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. To configure a PVC for a component that monitors user-defined projects, edit the `ConfigMap` object:
-.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-.. Add your PVC configuration for the component under `data.config.yaml`:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    <component>:
-      volumeClaimTemplate:
-        spec:
-          storageClassName: <storage_class>
-          resources:
-            requests:
-              storage: <amount_of_storage>
-----
-+
-See the link:https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims[Kubernetes documentation on PersistentVolumeClaims] for information on how to specify `volumeClaimTemplate`.
-+
-The following example configures a PVC that claims local persistent storage for the Prometheus instance that monitors user-defined projects:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    prometheus:
-      volumeClaimTemplate:
-        spec:
-          storageClassName: local-storage
-          resources:
-            requests:
-              storage: 40Gi
-----
-+
-In the above example, the storage class created by the Local Storage Operator is called `local-storage`.
-+
-The following example configures a PVC that claims local persistent storage for Thanos Ruler:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    thanosRuler:
-      volumeClaimTemplate:
-        spec:
-          storageClassName: local-storage
-          resources:
-            requests:
-              storage: 40Gi
-----
-
-. Save the file to apply the changes. The pods affected by the new configuration are restarted automatically and the new storage configuration is applied.
-+
-[WARNING]
-====
-When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
diff --git a/modules/osd-monitoring-configuring-the-monitoring-stack.adoc b/modules/osd-monitoring-configuring-the-monitoring-stack.adoc
deleted file mode 100644
index 473468176147..000000000000
--- a/modules/osd-monitoring-configuring-the-monitoring-stack.adoc
+++ /dev/null
@@ -1,72 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="configuring-the-monitoring-stack_{context}"]
-= Configuring the monitoring stack
-
-In {product-title}, you can configure the stack that monitors workloads for user-defined projects by using the `user-workload-monitoring-config` `ConfigMap` object. Config maps configure the Cluster Monitoring Operator (CMO), which in turn configures the components of the stack.
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. Edit the `ConfigMap` object.
-.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-.. Add your configuration under `data.config.yaml` as a key-value pair `<component_name>:{nbsp}<component_configuration>`:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    <component>:
-      <configuration_for_the_component>
-----
-+
-Substitute `<component>` and `<configuration_for_the_component>` accordingly.
-+
-The following example `ConfigMap` object configures a data retention period and minimum container resource requests for Prometheus. This relates to the Prometheus instance that monitors user-defined projects only:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    prometheus: <1>
-      retention: 24h <2>
-      resources:
-        requests:
-          cpu: 200m <3>
-          memory: 2Gi <4>
-----
-<1> Defines the Prometheus component and the subsequent lines define its configuration.
-<2> Configures a 24 hour data retention period for the Prometheus instance that monitors user-defined projects.
-<3> Defines a minimum resource request of 200 millicores for the Prometheus container.
-<4> Defines a minimum pod resource request of 2 GiB of memory for the Prometheus container.
-
-. Save the file to apply the changes to the `ConfigMap` object. The pods affected by the new configuration are restarted automatically.
-+
-[WARNING]
-====
-When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
diff --git a/modules/osd-monitoring-deploying-a-sample-service.adoc b/modules/osd-monitoring-deploying-a-sample-service.adoc
deleted file mode 100644
index 96f7134168c1..000000000000
--- a/modules/osd-monitoring-deploying-a-sample-service.adoc
+++ /dev/null
@@ -1,87 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-:_content-type: PROCEDURE
-[id="deploying-a-sample-service_{context}"]
-= Deploying a sample service
-
-To test monitoring of a service in a user-defined project, you can deploy a sample service.
-
-.Procedure
-
-. Create a YAML file for the service configuration. In this example, it is called `prometheus-example-app.yaml`.
-
-. Add the following deployment and service configuration details to the file:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ns1
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: prometheus-example-app
-  name: prometheus-example-app
-  namespace: ns1
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: prometheus-example-app
-  template:
-    metadata:
-      labels:
-        app: prometheus-example-app
-    spec:
-      containers:
-      - image: quay.io/brancz/prometheus-example-app:v0.2.0
-        imagePullPolicy: IfNotPresent
-        name: prometheus-example-app
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: prometheus-example-app
-  name: prometheus-example-app
-  namespace: ns1
-spec:
-  ports:
-  - port: 8080
-    protocol: TCP
-    targetPort: 8080
-    name: web
-  selector:
-    app: prometheus-example-app
-  type: ClusterIP
-----
-+
-This configuration deploys a service named `prometheus-example-app` in the user-defined `ns1` project. This service exposes the custom `version` metric.
-
-. Apply the configuration to the cluster:
-+
-[source,terminal]
-----
-$ oc apply -f prometheus-example-app.yaml
-----
-+
-It takes some time to deploy the service.
-
-. You can check that the pod is running:
-+
-[source,terminal]
-----
-$ oc -n ns1 get pod
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                                      READY     STATUS    RESTARTS   AGE
-prometheus-example-app-7857545cb7-sbgwq   1/1       Running   0          81m
-----
diff --git a/modules/osd-monitoring-exploring-the-visualized-metrics.adoc b/modules/osd-monitoring-exploring-the-visualized-metrics.adoc
deleted file mode 100644
index fc8b9d975425..000000000000
--- a/modules/osd-monitoring-exploring-the-visualized-metrics.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-:_content-type: PROCEDURE
-[id="exploring-the-visualized-metrics_{context}"]
-= Exploring the visualized metrics
-
-After running the queries, the metrics are displayed on an interactive plot. The X-axis in the plot represents time and the Y-axis represents metrics values. Each metric is shown as a colored line on the graph. You can manipulate the plot interactively and explore the metrics.
-
-.Procedure
-
-In the *Administrator* perspective:
-
-. Initially, all metrics from all enabled queries are shown on the plot. You can select which metrics are shown.
-+
-[NOTE]
-====
-By default, the query table shows an expanded view that lists every metric and its current value. You can select *˅* to minimize the expanded view for a query.
-====
-
-** To hide all metrics from a query, click {kebab} for the query and click *Hide all series*.
-
-** To hide a specific metric, go to the query table and click the colored square near the metric name.
-
-. To zoom into the plot and change the time range, do one of the following:
-
-** Visually select the time range by clicking and dragging on the plot horizontally.
-
-** Use the menu in the left upper corner to select the time range.
-
-. To reset the time range, select *Reset Zoom*.
-
-. To display outputs for all queries at a specific point in time, hover over the plot at that point. The query outputs appear in a pop-up box.
-
-. To hide the plot, select *Hide Graph*.
-
-In the *Developer* perspective:
-
-. To zoom into the plot and change the time range, do one of the following:
-
-** Visually select the time range by clicking and dragging on the plot horizontally.
-
-** Use the menu in the left upper corner to select the time range.
-
-. To reset the time range, select *Reset Zoom*.
-
-. To display outputs for all queries at a specific point in time, hover over the plot at that point. The query outputs appear in a pop-up box.
diff --git a/modules/osd-monitoring-limiting-scrape-samples-in-user-defined-projects.adoc b/modules/osd-monitoring-limiting-scrape-samples-in-user-defined-projects.adoc
deleted file mode 100644
index 7e19adae0ae5..000000000000
--- a/modules/osd-monitoring-limiting-scrape-samples-in-user-defined-projects.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-[id="controlling-the-impact-of-unbound-attributes-in-user-defined-projects_{context}"]
-= Controlling the impact of unbound metrics attributes in user-defined projects
-
-Developers can create labels to define attributes for metrics in the form of key-value pairs. The number of potential key-value pairs corresponds to the number of possible values for an attribute. An attribute that has an unlimited number of potential values is called an unbound attribute. For example, a `customer_id` attribute is unbound because it has an infinite number of possible values.
-
-Every assigned key-value pair has a unique time series. The use of many unbound attributes in labels can result in an exponential increase in the number of time series created. This can impact Prometheus performance and can consume a lot of disk space.
-
-A `dedicated-admin` can use the following measure to control the impact of unbound metrics attributes in user-defined projects:
-
-* *Limit the number of samples that can be accepted* per target scrape in user-defined projects
-// * *Create alerts* that fire when a scrape sample threshold is reached or when the target cannot be scraped
-
-[NOTE]
-====
-Limiting scrape samples can help prevent the issues caused by adding many unbound attributes to labels. Developers can also prevent the underlying cause by limiting the number of unbound attributes that they define for metrics. Using attributes that are bound to a limited set of possible values reduces the number of potential key-value pair combinations.
-====
diff --git a/modules/osd-monitoring-maintenance-and-support.adoc b/modules/osd-monitoring-maintenance-and-support.adoc
deleted file mode 100644
index 90d4c382d438..000000000000
--- a/modules/osd-monitoring-maintenance-and-support.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-[id="maintenance-and-support_{context}"]
-= Maintenance and support for monitoring
-
-The supported way of configuring {product-title} Monitoring is by using the options described in this document. *Do not use other configurations, as they are unsupported.*
-
-[IMPORTANT]
-====
-Installing another Prometheus instance is not supported by the Red Hat Site Reliability Engineers (SREs).
-====
-
-Configuration paradigms can change across Prometheus releases, and such cases can only be handled gracefully if all configuration possibilities are controlled. If you use configurations other than those described in this section, your changes will disappear because the `cluster-monitoring-operator` reconciles any differences. The Operator resets everything to the defined state by default and by design.
diff --git a/modules/osd-monitoring-modifying-retention-time-for-prometheus-metrics-data.adoc b/modules/osd-monitoring-modifying-retention-time-for-prometheus-metrics-data.adoc
deleted file mode 100644
index 8606ca9f9797..000000000000
--- a/modules/osd-monitoring-modifying-retention-time-for-prometheus-metrics-data.adoc
+++ /dev/null
@@ -1,64 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="modifying-retention-time-for-prometheus-metrics-data_{context}"]
-= Modifying the retention time for Prometheus metrics data
-
-By default, the {product-title} monitoring stack configures the retention time for Prometheus data to be 15 days. You can modify the retention time for the Prometheus instance that monitors user-defined projects, to change how soon the data is deleted.
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. To modify the retention time for the Prometheus instance that monitors user-defined projects, edit the `ConfigMap` object:
-.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-.. Add your retention time configuration under `data.config.yaml`:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    prometheus:
-      retention: <time_specification>
-----
-+
-Substitute `<time_specification>` with a number directly followed by `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days), `w` (weeks), or `y` (years).
-+
-The following example sets the retention time to 24 hours for the Prometheus instance that monitors user-defined projects:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    prometheus:
-      retention: 24h
-----
-
-. Save the file to apply the changes. The pods affected by the new configuration are restarted automatically.
-+
-[WARNING]
-====
-When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
diff --git a/modules/osd-monitoring-moving-monitoring-components-to-different-nodes.adoc b/modules/osd-monitoring-moving-monitoring-components-to-different-nodes.adoc
deleted file mode 100644
index 3b2b205c1dcf..000000000000
--- a/modules/osd-monitoring-moving-monitoring-components-to-different-nodes.adoc
+++ /dev/null
@@ -1,88 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="moving-monitoring-components-to-different-nodes_{context}"]
-= Moving monitoring components to different nodes
-
-You can move any of the components that monitor workloads for user-defined projects to specific worker nodes. It is not permitted to move components to control plane or infrastructure nodes.
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. To move a component that monitors user-defined projects, edit the `ConfigMap` object:
-.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-.. Specify the `nodeSelector` constraint for the component under `data.config.yaml`:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    <component>:
-      nodeSelector:
-        <node_key>: <node_value>
-        <node_key>: <node_value>
-        <...>
-----
-+
-Substitute `<component>` accordingly and substitute `<node_key>: <node_value>` with the map of key-value pairs that specifies the destination nodes. Often, only a single key-value pair is used.
-+
-The component can only run on nodes that have each of the specified key-value pairs as labels. The nodes can have additional labels as well.
-+
-[IMPORTANT]
-====
-Many of the monitoring components are deployed by using multiple pods across different nodes in the cluster to maintain high availability. When moving monitoring components to labeled nodes, ensure that enough matching nodes are available to maintain resilience for the component. If only one label is specified, ensure that enough nodes contain that label to distribute all of the pods for the component across separate nodes. Alternatively, you can specify multiple labels each relating to individual nodes.
-====
-+
-[NOTE]
-====
-If monitoring components remain in a `Pending` state after configuring the `nodeSelector` constraint, check the pod logs for errors relating to taints and tolerations.
-====
-+
-For example, to move monitoring components for user-defined projects to specific worker nodes labeled `nodename: worker1`, `nodename: worker2`, and `nodename: worker2`, use:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    prometheusOperator:
-      nodeSelector:
-        nodename: worker1
-    prometheus:
-      nodeSelector:
-        nodename: worker1
-        nodename: worker2
-    thanosRuler:
-      nodeSelector:
-        nodename: worker1
-        nodename: worker2
-----
-
-. Save the file to apply the changes. The components affected by the new configuration are moved to the new nodes automatically.
-+
-[WARNING]
-====
-When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
diff --git a/modules/osd-monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc b/modules/osd-monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc
deleted file mode 100644
index 4ed8d2be43df..000000000000
--- a/modules/osd-monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-:_content-type: PROCEDURE
-[id="querying-metrics-for-all-projects-as-an-administrator_{context}"]
-= Querying metrics for all projects as an administrator
-
-As a `dedicated-admin` or as a user with view permissions for all projects, you can access metrics for all default {product-title} and user-defined projects in the Metrics UI.
-
-[NOTE]
-====
-Only dedicated administrators have access to the third-party UIs provided with {product-title} Monitoring.
-====
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role or with view permissions for all projects.
-
-.Procedure
-
-. From the *Administrator* perspective in the OpenShift web console, select *Observe* -> *Metrics*.
-
-. Select *Insert Metric at Cursor* to view a list of predefined queries.
-
-. To create a custom query, add your Prometheus Query Language (PromQL) query to the *Expression* field.
-
-. To add multiple queries, select *Add Query*.
-
-. To delete a query, select {kebab} next to the query, then choose *Delete query*.
-
-. To disable a query from being run, select {kebab} next to the query and choose *Disable query*.
-
-. Select *Run Queries* to run the queries that you have created. The metrics from the queries are visualized on the plot. If a query is invalid, the UI shows an error message.
-+
-[NOTE]
-====
-Queries that operate on large amounts of data might time out or overload the browser when drawing time series graphs. To avoid this, select *Hide graph* and calibrate your query using only the metrics table. Then, after finding a feasible query, enable the plot to draw the graphs.
-====
-
-. Optional: The page URL now contains the queries you ran. To use this set of queries again in the future, save this URL.
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation] for more information about creating PromQL queries.
diff --git a/modules/osd-monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc b/modules/osd-monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc
deleted file mode 100644
index 564601115616..000000000000
--- a/modules/osd-monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc
+++ /dev/null
@@ -1,37 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-:_content-type: PROCEDURE
-[id="querying-metrics-for-user-defined-projects-as-a-developer_{context}"]
-= Querying metrics for user-defined projects as a developer
-
-You can access metrics for a user-defined project as a developer or as a user with view permissions for the project.
-
-In the *Developer* perspective, the Metrics UI includes some predefined CPU, memory, bandwidth, and network packet queries for the selected project. You can also run custom Prometheus Query Language (PromQL) queries for CPU, memory, bandwidth, network packet and application metrics for the project.
-
-[NOTE]
-====
-Developers can only use the *Developer* perspective and not the *Administrator* perspective. As a developer you can only query metrics for one project at a time. Developers cannot access the third-party UIs provided with {product-title} monitoring.
-====
-
-.Prerequisites
-
-* You have access to the cluster as a developer or as a user with view permissions for the project that you are viewing metrics for.
-* You have enabled monitoring for user-defined projects.
-* You have deployed a service in a user-defined project.
-* You have created a `ServiceMonitor` custom resource definition (CRD) for the service to define how the service is monitored.
-
-.Procedure
-
-// TODO: The previous procedure said the "OpenShift web console" and this says the "OpenShift Dedicated web console". I assume it should be the same between the two?
-. From the *Developer* perspective in the {product-title} web console, select *Observe* -> *Metrics*.
-
-. Select the project that you want to view metrics for in the *Project:* list.
-
-. Choose a query from the *Select Query* list, or run a custom PromQL query by selecting *Show PromQL*.
-+
-[NOTE]
-====
-In the *Developer* perspective, you can only run one query at a time.
-====
diff --git a/modules/osd-monitoring-querying-metrics.adoc b/modules/osd-monitoring-querying-metrics.adoc
deleted file mode 100644
index 3c032de4dbeb..000000000000
--- a/modules/osd-monitoring-querying-metrics.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-[id="querying-metrics_{context}"]
-= Querying metrics
-
-The OpenShift monitoring dashboard lets you run Prometheus Query Language (PromQL) queries to examine metrics visualized on a plot. This functionality provides information about the state of a cluster and any user-defined projects that you are monitoring.
-
-As a `dedicated-admin`, you can query one or more namespaces at a time for metrics about user-defined projects.
-
-As a developer, you must specify a project name when querying metrics. You must have the required privileges to view metrics for the selected project.
diff --git a/modules/osd-monitoring-reviewing-monitoring-dashboards-developer.adoc b/modules/osd-monitoring-reviewing-monitoring-dashboards-developer.adoc
deleted file mode 100644
index b5ad968369cd..000000000000
--- a/modules/osd-monitoring-reviewing-monitoring-dashboards-developer.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-reviewing-monitoring-dashboards.adoc
-
-:_content-type: PROCEDURE
-[id="reviewing-monitoring-dashboards-developer_{context}"]
-= Reviewing monitoring dashboards as a developer
-
-In the *Developer* perspective, you can view dashboards relating to a selected project. You must have access to monitor a project to view dashboard information for it.
-
-.Prerequisites
-
-* You have access to the cluster as a `dedicated-admin` or as a user with view permissions for the project that you are viewing the dashboard for.
-
-.Procedure
-
-. In the *Developer* perspective in the {product-title} web console, navigate to *Observe* -> *Dashboard*.
-
-. Choose a project in the *Project:* list.
-
-. Choose a workload in the *All Workloads* list.
-
-. Optional: Select a time range for the graphs in the *Time Range* list.
-
-. Optional: Select a *Refresh Interval*.
-
-. Hover over each of the graphs within a dashboard to display detailed information about specific items.
diff --git a/modules/osd-monitoring-setting-a-scrape-sample-limit-for-user-defined-projects.adoc b/modules/osd-monitoring-setting-a-scrape-sample-limit-for-user-defined-projects.adoc
deleted file mode 100644
index 7be29af11a97..000000000000
--- a/modules/osd-monitoring-setting-a-scrape-sample-limit-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="setting-a-scrape-sample-limit-for-user-defined-projects_{context}"]
-= Setting a scrape sample limit for user-defined projects
-
-You can limit the number of samples that can be accepted per target scrape in user-defined projects.
-
-[WARNING]
-====
-If you set a sample limit, no further sample data is ingested for that target scrape after the limit is reached.
-====
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-. Add the `enforcedSampleLimit` configuration to `data.config.yaml` to limit the number of samples that can be accepted per target scrape in user-defined projects:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    prometheus:
-      enforcedSampleLimit: 50000 <1>
-----
-<1> A value is required if this parameter is specified. This `enforcedSampleLimit` example limits the number of samples that can be accepted per target scrape in user-defined projects to 50,000.
-
-. Save the file to apply the changes. The limit is applied automatically.
-+
-[WARNING]
-====
-When changes are saved to the `user-workload-monitoring-config` `ConfigMap` object, the pods and other resources in the `openshift-user-workload-monitoring` project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
diff --git a/modules/osd-monitoring-setting-log-levels-for-monitoring-components.adoc b/modules/osd-monitoring-setting-log-levels-for-monitoring-components.adoc
deleted file mode 100644
index 8d61a05beb0c..000000000000
--- a/modules/osd-monitoring-setting-log-levels-for-monitoring-components.adoc
+++ /dev/null
@@ -1,83 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-:_content-type: PROCEDURE
-[id="setting-log-levels-for-monitoring-components_{context}"]
-= Setting log levels for monitoring components
-
-You can configure the log level for Prometheus Operator, Prometheus, and Thanos Ruler.
-
-The following log levels can be applied to each of those components in the `user-workload-monitoring-config` `ConfigMap` object:
-
-* `debug`. Log debug, informational, warning, and error messages.
-* `info`. Log informational, warning, and error messages.
-* `warn`. Log warning and error messages only.
-* `error`. Log error messages only.
-
-The default log level is `info`.
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role.
-* You have created the `user-workload-monitoring-config` `ConfigMap` object.
-* You have installed the OpenShift CLI (`oc`).
-
-.Procedure
-
-. Edit the `ConfigMap` object:
-.. Edit the `user-workload-monitoring-config` `ConfigMap` object in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring edit configmap user-workload-monitoring-config
-----
-
-.. Add `logLevel: <log_level>` for a component under `data.config.yaml`:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: user-workload-monitoring-config
-  namespace: openshift-user-workload-monitoring
-data:
-  config.yaml: |
-    <component>: <1>
-      logLevel: <log_level> <2>
-----
-<1> The monitoring component that you are applying a log level to.
-<2> The log level to apply to the component.
-
-. Save the file to apply the changes. The pods for the component restarts automatically when you apply the log-level change.
-+
-[WARNING]
-====
-When changes are saved to a monitoring config map, the pods and other resources in the related project might be redeployed. The running monitoring processes in that project might also be restarted.
-====
-
-. Confirm that the log level has been applied by reviewing the deployment or pod configuration in the related project. The following example checks the log level in the `prometheus-operator` deployment in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring get deploy prometheus-operator -o yaml |  grep "log-level"
-----
-+
-.Example output
-[source,terminal]
-----
-        - --log-level=debug
-----
-
-. Check that the pods for the component are running. The following example lists the status of pods in the `openshift-user-workload-monitoring` project:
-+
-[source,terminal]
-----
-$ oc -n openshift-user-workload-monitoring get pods
-----
-+
-[NOTE]
-====
-If an unrecognized `loglevel` value is included in the `ConfigMap` object, the pods for the component might not restart successfully.
-====
diff --git a/modules/osd-monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc b/modules/osd-monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc
deleted file mode 100644
index 3cbd203fe516..000000000000
--- a/modules/osd-monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-[id="setting-up-metrics-collection-for-user-defined-projects_{context}"]
-= Setting up metrics collection for user-defined projects
-
-You can create a `ServiceMonitor` resource to scrape metrics from a service endpoint in a user-defined project. This assumes that your application uses a Prometheus client library to expose metrics to the `/metrics` canonical name.
-
-This section describes how to deploy a sample service in a user-defined project and then create a `ServiceMonitor` resource that defines how that service should be monitored.
diff --git a/modules/osd-monitoring-specifying-how-a-service-is-monitored.adoc b/modules/osd-monitoring-specifying-how-a-service-is-monitored.adoc
deleted file mode 100644
index b8dc5617a4c8..000000000000
--- a/modules/osd-monitoring-specifying-how-a-service-is-monitored.adoc
+++ /dev/null
@@ -1,71 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-:_content-type: PROCEDURE
-[id="specifying-how-a-service-is-monitored_{context}"]
-= Specifying how a service is monitored
-
-To use the metrics exposed by your service, you must configure {product-title} monitoring to scrape metrics from the `/metrics` endpoint. You can do this using a `ServiceMonitor` custom resource definition (CRD) that specifies how a service should be monitored, or a `PodMonitor` CRD that specifies how a pod should be monitored. The former requires a `Service` object, while the latter does not, allowing Prometheus to directly scrape metrics from the metrics endpoint exposed by a pod.
-
-[NOTE]
-====
-In {product-title}, you can use the `tlsConfig` property for a `ServiceMonitor` resource to specify the TLS configuration to use when scraping metrics from an endpoint. The `tlsConfig` property is not yet available for `PodMonitor` resources. If you need to use a TLS configuration when scraping metrics, you must use the `ServiceMonitor` resource.
-====
-
-This procedure shows you how to create a `ServiceMonitor` resource for a service in a user-defined project.
-
-.Prerequisites
-
-* You have access to the cluster as a user with the `dedicated-admin` role or the `monitoring-edit` role.
-* For this example, you have deployed the `prometheus-example-app` sample service in the `ns1` project.
-
-.Procedure
-
-. Create a YAML file for the `ServiceMonitor` resource configuration. In this example, the file is called `example-app-service-monitor.yaml`.
-
-. Add the following `ServiceMonitor` resource configuration details:
-+
-[source,yaml]
-----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  labels:
-    k8s-app: prometheus-example-monitor
-  name: prometheus-example-monitor
-  namespace: ns1
-spec:
-  endpoints:
-  - interval: 30s
-    port: web
-    scheme: http
-  selector:
-    matchLabels:
-      app: prometheus-example-app
-----
-+
-This defines a `ServiceMonitor` resource that scrapes the metrics exposed by the `prometheus-example-app` sample service, which includes the `version` metric.
-
-. Apply the configuration to the cluster:
-+
-[source,terminal]
-----
-$ oc apply -f example-app-service-monitor.yaml
-----
-+
-It takes some time to deploy the `ServiceMonitor` resource.
-
-. You can check that the `ServiceMonitor` resource is running:
-+
-[source,terminal]
-----
-$ oc -n ns1 get servicemonitor
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                         AGE
-prometheus-example-monitor   81m
-----
diff --git a/modules/osd-monitoring-support-considerations.adoc b/modules/osd-monitoring-support-considerations.adoc
deleted file mode 100644
index e00dd991e66c..000000000000
--- a/modules/osd-monitoring-support-considerations.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-configuring-the-monitoring-stack.adoc
-
-[id="support-considerations_{context}"]
-= Support considerations for monitoring user-defined projects
-
-The following modifications are explicitly not supported:
-
-* Installing custom Prometheus instances on {product-title}
diff --git a/modules/osd-monitoring-targets-for-user-defined-projects.adoc b/modules/osd-monitoring-targets-for-user-defined-projects.adoc
deleted file mode 100644
index 23f3c11f5d3f..000000000000
--- a/modules/osd-monitoring-targets-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-understanding-the-monitoring-stack.adoc
-
-[id="monitoring-targets-for-user-defined-projects_{context}"]
-= Monitoring targets for user-defined projects
-
-Monitoring is enabled by default for {product-title} user-defined projects. You can monitor:
-
-* Metrics provided through service endpoints in user-defined projects.
-* Pods running in user-defined projects.
diff --git a/modules/osd-monitoring-troubleshooting-issues.adoc b/modules/osd-monitoring-troubleshooting-issues.adoc
deleted file mode 100644
index 191dd0ca218d..000000000000
--- a/modules/osd-monitoring-troubleshooting-issues.adoc
+++ /dev/null
@@ -1,111 +0,0 @@
-
-// Module included in the following assemblies:
-//
-// * monitoring/osd-troubleshooting-monitoring-issues.adoc
-
-:_content-type: PROCEDURE
-[id="troubleshooting-monitoring-issues_{context}"]
-= Determining why user-defined project metrics are unavailable
-
-If metrics are not displaying when monitoring user-defined projects, follow these steps to troubleshoot the issue.
-
-.Procedure
-
-. Query the metric name and verify that the project is correct:
-.. From the *Developer* perspective in the OpenShift Container Platform web console, select *Observe* -> *Metrics*.
-.. Select the project that you want to view metrics for in the *Project:* list.
-.. Choose a query from the *Select Query* list, or run a custom PromQL query by selecting *Show PromQL*.
-+
-The *Select Query* pane shows the metric names.
-+
-Queries must be done on a per-project basis. The metrics that are shown relate to the project that you have selected.
-. Verify that the pod that you want metrics from is actively serving metrics. Run the following `oc exec` command into a pod to target the `podIP`, `port`, and `/metrics`.
-+
-[source,terminal]
-----
-$ oc exec <sample_pod> -n <sample_namespace> -- curl <target_pod_IP>:<port>/metrics
-----
-+
-[NOTE]
-====
-You must run the command on a pod that has `curl` installed.
-====
-+
-The following example output shows a result with a valid version metric.
-+
-.Example output
-[source,terminal]
-----
-  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                 Dload  Upload   Total   Spent    Left  Speed
-# HELP version Version information about this binary-- --:--:-- --:--:--     0
-# TYPE version gauge
-version{version="v0.1.0"} 1
-100   102  100   102    0     0  51000      0 --:--:-- --:--:-- --:--:-- 51000
-----
-+
-An invalid output indicates that there is a problem with the corresponding application.
-
-. If you are using a `PodMonitor` CRD, verify that the `PodMonitor` CRD is configured to point to the correct pods using label matching. For more information, see the Prometheus Operator documentation.
-. If you are using a `ServiceMonitor` CRD, and if the `/metrics` endpoint of the pod is showing metric data, follow these steps to verify the configuration:
-.. Verify that the service is pointed to the correct `/metrics` endpoint. The service `labels` in this output must match the services monitor `labels` and the `/metrics` endpoint defined by the service in the subsequent steps.
-+
-[source,terminal]
-----
-$ oc get service
-----
-+
-.Example output
-[source,terminal]
-----
-apiVersion: v1
-kind: Service <1>
-metadata:
-  labels: <2>
-    app: prometheus-example-app
-  name: prometheus-example-app
-  namespace: ns1
-spec:
-  ports:
-  - port: 8080
-    protocol: TCP
-    targetPort: 8080
-    name: web
-  selector:
-    app: prometheus-example-app
-  type: ClusterIP
-----
-+
-<1> Specifies that this is a service API.
-<2> Specifies the labels that are being used for this service.
-
-.. Query the `serviceIP`, `port`, and `/metrics` endpoints to see if the same metrics from the `curl` command you ran on the pod previously:
-... Run the following command to find the service IP:
-+
-[source,terminal]
-----
-$ oc get service -n <target_namespace>
-----
-... Query the `/metrics` endpoint:
-+
-[source,terminal]
-----
-$ oc exec <sample_pod> -n <sample_namespace> -- curl <service_IP>:<port>/metrics
-----
-+
-Valid metrics are returned in the following example.
-+
-.Example output
-[source,terminal]
-----
-% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                               Dload  Upload   Total   Spent    Left  Speed
-100   102  100   102    0     0  51000      0 --:--:-- --:--:-- --:--:--   99k
-# HELP version Version information about this binary
-# TYPE version gauge
-version{version="v0.1.0"} 1
-----
-.. Use label matching to verify that the `ServiceMonitor` object is configured to point to the desired service. To do this, compare the `Service` object from the `oc get service` output to the `ServiceMonitor` object from the `oc get servicemonitor` output. The labels must match for the metrics to be displayed.
-+
-For example, from the previous steps, notice how the `Service` object has the `app: prometheus-example-app` label and the `ServiceMonitor` object has the same `app: prometheus-example-app` match label.
-. If everything looks valid and the metrics are still unavailable, please contact the support team for further help.
diff --git a/modules/osd-monitoring-understanding-alert-routing-for-user-defined-projects.adoc b/modules/osd-monitoring-understanding-alert-routing-for-user-defined-projects.adoc
deleted file mode 100644
index 84b0ebb1b39e..000000000000
--- a/modules/osd-monitoring-understanding-alert-routing-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
-// * monitoring/rosa-enabling-alert-routing-for-user-defined-projects.adoc
-
-:_content-type: CONCEPT
-[id="osd-understanding-alert-routing-for-user-defined-projects_{context}"]
-= Understanding alert routing for user-defined projects
-
-[role="_abstract"]
-As a cluster administrator, you can enable alert routing for user-defined projects. 
-With this feature, you can allow users with the **alert-routing-edit** role to configure alert notification routing and receivers for user-defined projects.
-These notifications are routed by an Alertmanager instance dedicated to user-defined monitoring.
-
-Users can then create and configure user-defined alert routing by creating or editing the `AlertmanagerConfig` objects for their user-defined projects without the help of an administrator.
-
-After a user has defined alert routing for a user-defined project, user-defined alert notifications are routed to the `alertmanager-user-workload` pods in the `openshift-user-workload-monitoring` namespace.
-
-[NOTE]
-====
-The following are limitations of alert routing for user-defined projects:
-
-* For user-defined alerting rules, user-defined routing is scoped to the namespace in which the resource is defined.
-For example, a routing configuration in namespace `ns1` only applies to `PrometheusRules` resources in the same namespace.
-
-* When a namespace is excluded from user-defined monitoring, `AlertmanagerConfig` resources in the namespace cease to be part of the Alertmanager configuration.
-====
\ No newline at end of file
diff --git a/modules/osd-monitoring-understanding-metrics.adoc b/modules/osd-monitoring-understanding-metrics.adoc
deleted file mode 100644
index 54cf42596b17..000000000000
--- a/modules/osd-monitoring-understanding-metrics.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-managing-metrics.adoc
-
-:_content-type: CONCEPT
-[id="understanding-metrics_{context}"]
-= Understanding metrics
-
-In {product-title}, cluster components are monitored by scraping metrics exposed through service endpoints. You can also configure metrics collection for user-defined projects. Metrics enable you to monitor how cluster components and your own workloads are performing.
-
-You can define the metrics that you want to provide for your own workloads by using Prometheus client libraries at the application level.
-
-In {product-title}, metrics are exposed through an HTTP service endpoint under the `/metrics` canonical name. You can list all available metrics for a service by running a `curl` query against `\http://<endpoint>/metrics`. For instance, you can expose a route to the `prometheus-example-app` example application and then run the following to view all of its available metrics:
-
-[source,terminal]
-----
-$ curl http://<example_app_endpoint>/metrics
-----
-
-.Example output
-[source,terminal]
-----
-# HELP http_requests_total Count of all HTTP requests
-# TYPE http_requests_total counter
-http_requests_total{code="200",method="get"} 4
-http_requests_total{code="404",method="get"} 2
-# HELP version Version information about this binary
-# TYPE version gauge
-version{version="v0.1.0"} 1
-----
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://prometheus.io/docs/instrumenting/clientlibs/[Prometheus documentation] for details on Prometheus client libraries.
diff --git a/modules/osd-monitoring-understanding-the-monitoring-stack.adoc b/modules/osd-monitoring-understanding-the-monitoring-stack.adoc
deleted file mode 100644
index 9a4415ffcd89..000000000000
--- a/modules/osd-monitoring-understanding-the-monitoring-stack.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-// Module included in the following assemblies:
-//
-// * monitoring/osd-understanding-the-monitoring-stack.adoc
-
-:_content-type: CONCEPT
-[id="understanding-the-monitoring-stack_{context}"]
-= Understanding the monitoring stack
-
-The {product-title} 
-ifdef::openshift-rosa[]
-(ROSA) 
-endif::openshift-rosa[]
-monitoring stack is based on the link:https://prometheus.io/[Prometheus] open source project and its wider ecosystem. The monitoring stack includes the following:
-
-* *Default platform monitoring components*. A set of platform monitoring components are installed in the `openshift-monitoring` project and enabled by default during 
-ifdef::openshift-dedicated[]
-an {product-title} 
-endif::openshift-dedicated[]
-ifdef::openshift-rosa[]
-a ROSA 
-endif::openshift-rosa[]
-installation. This provides monitoring for core cluster components. The default monitoring stack also enables remote health monitoring for clusters. Critical metrics, such as CPU and memory, are collected from all of the workloads in every namespace and are made available for your use.
-+
-These components are illustrated in the *Installed by default* section in the following diagram.
-
-* *Components for monitoring user-defined projects*. This feature is enabled by default and provides monitoring for user-defined projects. These components are illustrated in the *User* section in the following diagram.
-
-image:osd-monitoring-architecture.svg[{product-title} monitoring architecture]
diff --git a/modules/osd-persistent-storage-csi-efs-sts.adoc b/modules/osd-persistent-storage-csi-efs-sts.adoc
index 6ee70ca383b4..ec30d674d74c 100644
--- a/modules/osd-persistent-storage-csi-efs-sts.adoc
+++ b/modules/osd-persistent-storage-csi-efs-sts.adoc
@@ -4,13 +4,13 @@
 
 // The OCP version of this procedure is persistent-storage-csi-efs-sts.
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="efs-sts_{context}"]
 = Configuring AWS EFS CSI Driver Operator with Secure Token Service
 
-This procedure explains how to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Secure Token Service (STS).
+This procedure explains how to configure the link:https://github.com/openshift/aws-efs-csi-driver-operator[AWS EFS CSI Driver Operator] (a Red Hat operator) with {product-title} on AWS Secure Token Service (STS).
 
-Perform this procedure before you have installed the AWS EFS CSI Operator, but not yet installed the AWS EFS CSI driver as part of the _Installing the AWS EFS CSI Driver Operator_ procedure. 
+Perform this procedure before you have installed the AWS EFS CSI Operator, but not yet installed the link:https://github.com/openshift/aws-efs-csi-driver[AWS EFS CSI driver] as part of the _Installing the AWS EFS CSI Driver Operator_ procedure.
 
 [IMPORTANT]
 ====
@@ -23,125 +23,147 @@ If you perform this procedure after installing the driver and creating volumes,
 * AWS account credentials
 * You have installed the AWS EFS CSI Operator.
 
-.Procedure
-
-To configure the AWS EFS CSI Driver Operator with STS:
 
-// The on-prem version of this step is documented in the cco-ccoctl-configuring procedure.
-. Extract the CCO utility (`ccoctl`) binary from the Cloud Credential Operator.
+.Procedure
 
-.. Find the pod on which the Cloud Credential Operator is running.
+. Prepare the AWS account:
+.. Create an IAM policy JSON file with the following content:
++
+[source,json]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticfilesystem:DescribeAccessPoints",
+        "elasticfilesystem:DescribeFileSystems",
+        "elasticfilesystem:DescribeMountTargets",
+        "ec2:DescribeAvailabilityZones"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "elasticfilesystem:CreateAccessPoint"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "StringLike": {
+          "aws:RequestTag/efs.csi.aws.com/cluster": "true"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Action": "elasticfilesystem:DeleteAccessPoint",
+      "Resource": "*",
+      "Condition": {
+        "StringEquals": {
+          "aws:ResourceTag/efs.csi.aws.com/cluster": "true"
+        }
+      }
+    }
+  ]
+}
+----
+
+.. Create an IAM trust JSON file with the following content:
 +
 --
+[source,json]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "arn:aws:iam::<your_aws_account_ID>:oidc-provider/<openshift_oidc_provider>"  <1>
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity",
+      "Condition": {
+        "StringEquals": {
+          "<openshift_oidc_provider>:sub": [  <2>
+            "system:serviceaccount:openshift-cluster-csi-drivers:aws-efs-csi-driver-operator",
+            "system:serviceaccount:openshift-cluster-csi-drivers:aws-efs-csi-driver-controller-sa"
+          ]
+        }
+      }
+    }
+  ]
+}
+----
+<1> Specify your AWS account ID and the OpenShift OIDC provider endpoint. Obtain the endpoint by running the following command:
++
 [source,terminal]
 ----
-$ oc get pod -n openshift-cloud-credential-operator -l app=cloud-credential-operator
-----
-
-.Example output
-[source,terminal]
-----
-NAME                                        READY   STATUS    RESTARTS   AGE
-cloud-credential-operator-78c9c575b-r6mmr   2/2     Running   0          6h33m
+$ rosa describe cluster \
+  -c $(oc get clusterversion -o jsonpath='{.items[].spec.clusterID}{"\n"}') \
+  -o yaml | awk '/oidc_endpoint_url/ {print $2}' | cut -d '/' -f 3,4
 ----
++
+<2> Specify the OpenShift OIDC endpoint again.
 --
 
-.. Copy the `ccoctl` binary from the pod to a local directory.
+.. Create the IAM role:
 +
 [source,terminal]
 ----
-$ oc cp -c cloud-credential-operator openshift-cloud-credential-operator/<CCO-pod-name>:/usr/bin/ccoctl ./ccoctl 
+ROLE_ARN=$(aws iam create-role \
+  --role-name "<your_cluster_name>-aws-efs-csi-operator" \
+  --assume-role-policy-document file://<your_trust_file_name>.json \
+  --query "Role.Arn" --output text); echo $ROLE_ARN
 ----
++
+Save the output. You will use it in the next steps.
 
-.. Change the permissions to make `ccoctl` executable.
+.. Create the IAM policy:
 +
 [source,terminal]
 ----
-$ chmod 775 ./ccoctl
+POLICY_ARN=$(aws iam create-policy \
+  --policy-name "<your_rosa_cluster_name>-rosa-efs-csi" \
+  --policy-document file://<your_policy_file_name>.json \
+  --query 'Policy.Arn' --output text); echo $POLICY_ARN
 ----
++
 
-.. To verify that `ccoctl` is ready to use, display the help file:
+.. Attach the IAM policy to the IAM role:
 +
 [source,terminal]
 ----
-$ ./ccoctl --help
+$ aws iam attach-role-policy \
+  --role-name "<your_rosa_cluster_name>-aws-efs-csi-operator" \
+  --policy-arn $POLICY_ARN
 ----
++
 
-. Create and save an EFS `CredentialsRequest` YAML file, such as shown in the following example:
+. Create a `Secret` YAML file for the driver operator:
 +
-.Example
 [source,yaml]
 ----
-apiVersion: cloudcredential.openshift.io/v1
-kind: CredentialsRequest
+apiVersion: v1
+kind: Secret
 metadata:
-  name: openshift-aws-efs-csi-driver
-  namespace: openshift-cloud-credential-operator
-spec:
-  providerSpec:
-    apiVersion: cloudcredential.openshift.io/v1
-    kind: AWSProviderSpec
-    statementEntries:
-    - action:
-      - elasticfilesystem:*
-      effect: Allow
-      resource: '*'
-  secretRef:
-    name: aws-efs-cloud-credentials
-    namespace: openshift-cluster-csi-drivers
-  serviceAccountNames:
-  - aws-efs-csi-driver-operator
-  - aws-efs-csi-driver-controller-sa
-----
-
-. Run the `ccoctl` tool to generate a new IAM role in AWS, and create a YAML file for it in the local file system (`<path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml`).
+ name: aws-efs-cloud-credentials
+ namespace: openshift-cluster-csi-drivers
+stringData:
+  credentials: |-
+    [default]
+    sts_regional_endpoints = regional
+    role_arn = <role_ARN> <1>
+    web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+----
+<1> Replace `role_ARN` with the output you saved while creating the role.
+
+. Create the secret:
 +
---
 [source,terminal]
 ----
-$ ccoctl aws create-iam-roles --name=<name> --region=<aws_region> --credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests --identity-provider-arn=<oidc_provider_arn>
-----
-
-* `name=<name>` is the name used to tag any cloud resources that are created for tracking.
-
-* `region=<aws_region>` is the AWS region where cloud resources are created.
-
-* `dir=<path_to_directory_with_list_of_credentials_requests>/credrequests` is the directory containing the EFS CredentialsRequest file in previous step.
-
-* `<oidc_provider_arn>` is the ARN for the OIDC provider that associates with your cluster.
-
-.Example
-[source,terminal]
+$ oc apply -f aws-efs-cloud-credentials.yaml
 ----
-$ ccoctl aws create-iam-roles --name=my-aws-efs --credentials-requests-dir= credrequests --identity-provider-arn=arn:aws:iam::123456789012:oidc-provider/example.cloudfront.net/<cluster-ID>
-----
-
-.Example output
-[source,terminal]
-----
-2022/03/21 06:24:44 Role arn:aws:iam::123456789012:role/my-aws-efs -openshift-cluster-csi-drivers-aws-efs-cloud- created
-2022/03/21 06:24:44 Saved credentials configuration to: /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-2022/03/21 06:24:45 Updated Role policy for Role my-aws-efs-openshift-cluster-csi-drivers-aws-efs-cloud-credentials
-----
---
-
-. Create the AWS EFS cloud credentials and secret:
 +
---
-[source,terminal]
-----
-$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-
-.Example
-[source,terminal]
-----
-$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-
-.Example output
-[source,terminal]
-----
-secret/aws-efs-cloud-credentials created
-----
---
+You are now ready to install the AWS EFS CSI driver.
\ No newline at end of file
diff --git a/modules/osd-revoke-admin-privileges.adoc b/modules/osd-revoke-admin-privileges.adoc
index 566c88277ef4..32e66c3a7511 100644
--- a/modules/osd-revoke-admin-privileges.adoc
+++ b/modules/osd-revoke-admin-privileges.adoc
@@ -3,7 +3,7 @@
 // * osd_install_access_delete_cluster/osd-revoking-cluster-privileges.adoc
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osd-revoke-admin-privileges_{context}"]
 = Revoking administrator privileges from a user
 
diff --git a/modules/osd-revoke-user-access.adoc b/modules/osd-revoke-user-access.adoc
index cee8ba05496f..c5b70f960cfa 100644
--- a/modules/osd-revoke-user-access.adoc
+++ b/modules/osd-revoke-user-access.adoc
@@ -3,7 +3,7 @@
 // * osd_install_access_delete_cluster/osd-revoking-cluster-privileges.adoc
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osd-revoke-user-access_{context}"]
 = Revoking user access to a cluster
 
diff --git a/modules/osd-rhoam.adoc b/modules/osd-rhoam.adoc
index 4048ad28ffc5..a8593a63ac3c 100644
--- a/modules/osd-rhoam.adoc
+++ b/modules/osd-rhoam.adoc
@@ -2,7 +2,7 @@
 //
 // * adding_service_cluster/available-services.adoc
 // * adding_service_cluster/rosa-available-services.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osd-rhoam_{context}"]
 = Red Hat OpenShift API Management
 
diff --git a/modules/osd-update-preparing-evaluate-apirequestcount-workloads.adoc b/modules/osd-update-preparing-evaluate-apirequestcount-workloads.adoc
index 676cc0972d24..1b06e84fcf1e 100644
--- a/modules/osd-update-preparing-evaluate-apirequestcount-workloads.adoc
+++ b/modules/osd-update-preparing-evaluate-apirequestcount-workloads.adoc
@@ -3,7 +3,7 @@
 // * upgrading/rosa-updating-cluster-prepare.adoc
 // * upgrading/osd-updating-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-preparing-evaluate-apirequestcount-workloads_{context}"]
 = Using APIRequestCount to identify which workloads are using the removed APIs
 
diff --git a/modules/osd-update-preparing-evaluate-apirequestcount.adoc b/modules/osd-update-preparing-evaluate-apirequestcount.adoc
index 1b6b32e72ffc..953072f7188e 100644
--- a/modules/osd-update-preparing-evaluate-apirequestcount.adoc
+++ b/modules/osd-update-preparing-evaluate-apirequestcount.adoc
@@ -3,7 +3,7 @@
 // * upgrading/rosa-updating-cluster-prepare.adoc
 // * upgrading/osd-updating-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-preparing-evaluate-apirequestcount_{context}"]
 = Using APIRequestCount to identify uses of removed APIs
 
diff --git a/modules/osd-vs-ocp.adoc b/modules/osd-vs-ocp.adoc
index a715ee952ac0..2dd08f7d7a32 100644
--- a/modules/osd-vs-ocp.adoc
+++ b/modules/osd-vs-ocp.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_architecture/osd-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osd-vs-ocp_{context}"]
 
 = Understanding how {product-title} differs from {OCP}
diff --git a/modules/osdk-about-openapi-validation.adoc b/modules/osdk-about-openapi-validation.adoc
index c13d81464e78..b3872df2aba0 100644
--- a/modules/osdk-about-openapi-validation.adoc
+++ b/modules/osdk-about-openapi-validation.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-about-openapi-validation_{context}"]
 = About OpenAPI validation
 
diff --git a/modules/osdk-about-pkg-format-migration.adoc b/modules/osdk-about-pkg-format-migration.adoc
index 5b8e4bc34496..fd68acb5b7b4 100644
--- a/modules/osdk-about-pkg-format-migration.adoc
+++ b/modules/osdk-about-pkg-format-migration.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-pkgman-to-bundle.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-about-pkg-format-migration_{context}"]
 = About packaging format migration
 
diff --git a/modules/osdk-ansible-cr-status-about.adoc b/modules/osdk-ansible-cr-status-about.adoc
index 4fc112058702..9be5ea09bdc8 100644
--- a/modules/osdk-ansible-cr-status-about.adoc
+++ b/modules/osdk-ansible-cr-status-about.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-cr-status.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-ansible-cr-status-about_{context}"]
 = About custom resource status in Ansible-based Operators
 
diff --git a/modules/osdk-ansible-cr-status-manual.adoc b/modules/osdk-ansible-cr-status-manual.adoc
index da68da1b35a7..4ffcd4dd369a 100644
--- a/modules/osdk-ansible-cr-status-manual.adoc
+++ b/modules/osdk-ansible-cr-status-manual.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-cr-status.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-cr-status-manual_{context}"]
 = Tracking custom resource status manually
 
diff --git a/modules/osdk-ansible-create-api.adoc b/modules/osdk-ansible-create-api.adoc
index 971c1883b964..a6401574cf63 100644
--- a/modules/osdk-ansible-create-api.adoc
+++ b/modules/osdk-ansible-create-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-create-api-controller_{context}"]
 = Creating an API
 
diff --git a/modules/osdk-ansible-inside-operator-local.adoc b/modules/osdk-ansible-inside-operator-local.adoc
index c58e99fb54f8..baf30de36fee 100644
--- a/modules/osdk-ansible-inside-operator-local.adoc
+++ b/modules/osdk-ansible-inside-operator-local.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-inside-operator-local_{context}"]
 = Testing an Ansible-based Operator locally
 
@@ -15,7 +15,7 @@ You can customize the roles path by setting the environment variable `ANSIBLE_RO
 
 .Prerequisites
 
-- link:https://ansible-runner.readthedocs.io/en/latest/install.html[Ansible Runner] v2.0.2+
+- link:https://ansible-runner.readthedocs.io/en/latest/install.html[Ansible Runner] v2.3.3+
 - link:https://github.com/ansible/ansible-runner-http[Ansible Runner HTTP Event Emitter plugin] v1.0.0+
 - Performed the previous steps for testing the Kubernetes Collection locally
 
diff --git a/modules/osdk-ansible-inside-operator-logs-full-result.adoc b/modules/osdk-ansible-inside-operator-logs-full-result.adoc
index 81dc961c8eb4..de8806af831a 100644
--- a/modules/osdk-ansible-inside-operator-logs-full-result.adoc
+++ b/modules/osdk-ansible-inside-operator-logs-full-result.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-inside-operator-logs-full-result_{context}"]
 = Enabling full Ansible results in logs
 
diff --git a/modules/osdk-ansible-inside-operator-logs-verbose.adoc b/modules/osdk-ansible-inside-operator-logs-verbose.adoc
index 2bf34d7eeedd..34f64b6a91d2 100644
--- a/modules/osdk-ansible-inside-operator-logs-verbose.adoc
+++ b/modules/osdk-ansible-inside-operator-logs-verbose.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-inside-operator-logs-verbose_{context}"]
 = Enabling verbose debugging in logs
 
diff --git a/modules/osdk-ansible-inside-operator-logs-view.adoc b/modules/osdk-ansible-inside-operator-logs-view.adoc
index 3352bb534f2d..eaccaf4365f6 100644
--- a/modules/osdk-ansible-inside-operator-logs-view.adoc
+++ b/modules/osdk-ansible-inside-operator-logs-view.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-inside-operator-logs-view_{context}"]
 = Viewing Ansible logs
 
diff --git a/modules/osdk-ansible-k8s-install.adoc b/modules/osdk-ansible-k8s-install.adoc
index febae014ba2a..3b104c608604 100644
--- a/modules/osdk-ansible-k8s-install.adoc
+++ b/modules/osdk-ansible-k8s-install.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-k8s-collection.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-installing-k8s-collection_{context}"]
 = Installing the Kubernetes Collection for Ansible
 
@@ -10,18 +10,18 @@ You can install the Kubernetes Collection for Ansible on your local workstation.
 
 .Procedure
 
-. Install Ansible 2.9+:
+. Install Ansible 2.15+:
 +
 [source,terminal]
 ----
 $ sudo dnf install ansible
 ----
 
-. Install the link:https://github.com/openshift/openshift-restclient-python[OpenShift python client] package:
+. Install the link:https://pypi.org/project/kubernetes/[Python Kubernetes client] package:
 +
 [source,terminal]
 ----
-$ pip3 install openshift
+$ pip install kubernetes
 ----
 
 . Install the Kubernetes Collection using one of the following methods:
@@ -33,7 +33,7 @@ $ pip3 install openshift
 $ ansible-galaxy collection install community.kubernetes
 ----
 
-* If you have already initialized your Operator, you might have a `requirements.yml` file at the top level of your project. This file specifies Ansible dependencies that must be installed for your Operator to function. By default, this file installs the `community.kubernetes` collection as well as the `operator_sdk.util` collection, which provides modules and plugins for Operator-specific fuctions.
+* If you have already initialized your Operator, you might have a `requirements.yml` file at the top level of your project. This file specifies Ansible dependencies that must be installed for your Operator to function. By default, this file installs the `community.kubernetes` collection as well as the `operator_sdk.util` collection, which provides modules and plugins for Operator-specific functions.
 +
 To install the dependent modules from the `requirements.yml` file:
 +
diff --git a/modules/osdk-ansible-k8s-local.adoc b/modules/osdk-ansible-k8s-local.adoc
index 656b198556a9..71e0e3ade3ba 100644
--- a/modules/osdk-ansible-k8s-local.adoc
+++ b/modules/osdk-ansible-k8s-local.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-k8s-collection.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-k8s-local_{context}"]
 = Testing the Kubernetes Collection locally
 
@@ -27,11 +27,11 @@ The following example creates and deletes a config map based on the value of a v
     api_version: v1
     kind: ConfigMap
     name: example-config
-    namespace: default <1>
+    namespace: <operator_namespace> <1>
     state: "{{ state }}"
   ignore_errors: true <2>
 ----
-<1> Change this value if you want the config map to be created in a different namespace from `default`.
+<1> Specify the namespace where you want the config map created.
 <2> Setting `ignore_errors: true` ensures that deleting a nonexistent config map does not fail.
 
 . Modify the `roles/<kind>/defaults/main.yml` file to set `state` to `present` by default:
diff --git a/modules/osdk-ansible-metrics.adoc b/modules/osdk-ansible-metrics.adoc
index 649bad8ed577..7bbe620b9103 100644
--- a/modules/osdk-ansible-metrics.adoc
+++ b/modules/osdk-ansible-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-monitoring-prometheus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-metrics_{context}"]
 = Exposing custom metrics for Ansible-based Operators
 
diff --git a/modules/osdk-ansible-modify-manager.adoc b/modules/osdk-ansible-modify-manager.adoc
index 150bc43d0293..2d1e3d22fbd0 100644
--- a/modules/osdk-ansible-modify-manager.adoc
+++ b/modules/osdk-ansible-modify-manager.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ansible-modify-manager_{context}"]
 = Modifying the manager
 
diff --git a/modules/osdk-apiservices.adoc b/modules/osdk-apiservices.adoc
index 4deaa6e2843e..d3c268fa42c8 100644
--- a/modules/osdk-apiservices.adoc
+++ b/modules/osdk-apiservices.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-apiservices_{context}"]
 = Understanding your API services
 
diff --git a/modules/osdk-bundle-operator.adoc b/modules/osdk-bundle-operator.adoc
index b78d8452b6c3..15fdada31ca4 100644
--- a/modules/osdk-bundle-operator.adoc
+++ b/modules/osdk-bundle-operator.adoc
@@ -13,7 +13,7 @@ ifeval::["{context}" == "osdk-working-bundle-images"]
 :golang:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-bundle-operator_{context}"]
 = Bundling an Operator
 
diff --git a/modules/osdk-bundle-upgrade-olm.adoc b/modules/osdk-bundle-upgrade-olm.adoc
index 48497536738f..eeb78f95758b 100644
--- a/modules/osdk-bundle-upgrade-olm.adoc
+++ b/modules/osdk-bundle-upgrade-olm.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-working-bundle-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-bundle-upgrade-olm_{context}"]
 = Testing an Operator upgrade on Operator Lifecycle Manager
 
diff --git a/modules/osdk-bundle-validate-about.adoc b/modules/osdk-bundle-validate-about.adoc
index 36d545c17d9e..621a147e461e 100644
--- a/modules/osdk-bundle-validate-about.adoc
+++ b/modules/osdk-bundle-validate-about.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-bundle-validate.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-about-bundle-validate_{context}"]
 = About the bundle validate command
 
diff --git a/modules/osdk-bundle-validate-run.adoc b/modules/osdk-bundle-validate-run.adoc
index a666fffae2db..057c3f4f1f55 100644
--- a/modules/osdk-bundle-validate-run.adoc
+++ b/modules/osdk-bundle-validate-run.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-bundle-validate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-bundle-validate-run_{context}"]
 = Running the bundle validate command
 
diff --git a/modules/osdk-bundle-validate-tests.adoc b/modules/osdk-bundle-validate-tests.adoc
index 828c32a4064f..e90b0e7df4b1 100644
--- a/modules/osdk-bundle-validate-tests.adoc
+++ b/modules/osdk-bundle-validate-tests.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-bundle-validate.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-bundle-validate-tests_{context}"]
 = Built-in bundle validate tests
 
@@ -13,7 +13,7 @@ You can run optional validators to test for issues such as OperatorHub compatibi
 .`bundle validate` command syntax for optional test suites
 [source,terminal]
 ----
-$ operator-sdk bundle validate <bundle_dir_or_image> 
+$ operator-sdk bundle validate <bundle_dir_or_image>
   --select-optional <test_label>
 ----
 
@@ -32,6 +32,6 @@ $ operator-sdk bundle validate <bundle_dir_or_image>
 |`name=operatorhub`
 
 |Good Practices
-|This validator tests whether an Operator bundle complies with good practices as defined by the Operator Framework. It checks for issues, such as an empty CRD description or unsupported Operator Lifecycle Manager (OLM) resources. 
+|This validator tests whether an Operator bundle complies with good practices as defined by the Operator Framework. It checks for issues, such as an empty CRD description or unsupported Operator Lifecycle Manager (OLM) resources.
 |`name=good-practices`
 |===
diff --git a/modules/osdk-cco-aws-sts-alt.adoc b/modules/osdk-cco-aws-sts-alt.adoc
new file mode 100644
index 000000000000..fa20baa1af39
--- /dev/null
+++ b/modules/osdk-cco-aws-sts-alt.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-token-auth.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osdk-cco-aws-sts-alt_{context}"]
+= Alternative method
+
+As an alternative method for Operator authors, you can indicate that the user is responsible for creating the `CredentialsRequest` object for the Cloud Credential Operator (CCO) before installing the Operator.
+
+The Operator instructions must indicate the following to users:
+
+* Provide a YAML version of a `CredentialsRequest` object, either by providing the YAML inline in the instructions or pointing users to a download location
+* Instruct the user to create the `CredentialsRequest` object
+
+In {product-title} 4.14 and later, after the `CredentialsRequest` object appears on the cluster with the appropriate STS information added, the Operator can then read the CCO-generated `Secret` or mount it, having defined the mount in the cluster service version (CSV).
+
+For earlier versions of {product-title}, the Operator instructions must also indicate the following to users:
+
+* Use the CCO utility (`ccoctl`) to generate the `Secret` YAML object from the `CredentialsRequest` object
+* Apply the `Secret` object to the cluster in the appropriate namespace
+
+The Operator still must be able to consume the resulting secret to communicate with cloud APIs. Because in this case the secret is created by the user before the Operator is installed, the Operator can do either of the following:
+
+* Define an explicit mount in the `Deployment` object within the CSV
+* Programmatically read the `Secret` object from the API server, as shown in the recommended "Enabling Operators to support CCO-based workflows with AWS STS" method
\ No newline at end of file
diff --git a/modules/osdk-cco-aws-sts-enabling.adoc b/modules/osdk-cco-aws-sts-enabling.adoc
new file mode 100644
index 000000000000..6e2980931983
--- /dev/null
+++ b/modules/osdk-cco-aws-sts-enabling.adoc
@@ -0,0 +1,321 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-token-auth.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-cco-aws-sts-enabling_{context}"]
+= Enabling Operators to support CCO-based workflows with AWS STS
+
+As an Operator author designing your project to run on Operator Lifecycle Manager (OLM), you can enable your Operator to authenticate against AWS on STS-enabled {product-title} clusters by customizing your project to support the Cloud Credential Operator (CCO).
+
+With this method, the Operator is responsible for creating the `CredentialsRequest` object, which means the Operator requires RBAC permission to create these objects. Then, the Operator must be able to read the resulting `Secret` object.
+
+[NOTE]
+====
+By default, pods related to the Operator deployment mount a `serviceAccountToken` volume so that the service account token can be referenced in the resulting `Secret` object.
+====
+
+.Prerequisities
+
+* {product-title} 4.14 or later
+* Cluster in STS mode
+* OLM-based Operator project
+
+.Procedure
+
+. Update your Operator project's `ClusterServiceVersion` (CSV) object:
+
+.. Ensure your Operator has RBAC permission to create `CredentialsRequests` objects:
++
+.Example `clusterPermissions` list
+[%collapsible]
+====
+[source,yaml]
+----
+# ...
+install:
+  spec:
+    clusterPermissions:
+    - rules:
+      - apiGroups:
+        - "cloudcredential.openshift.io"
+        resources:
+        - credentialsrequests
+        verbs:
+        - create
+        - delete
+        - get
+        - list
+        - patch
+        - update
+        - watch
+----
+====
+
+.. Add the following annotation to claim support for this method of CCO-based workflow with AWS STS:
++
+[source,yaml]
+----
+# ...
+metadata:
+ annotations:
+   features.operators.openshift.io/token-auth-aws: "true"
+----
+
+. Update your Operator project code:
+
+.. Get the role ARN from the environment variable set on the pod by the `Subscription` object. For example:
++
+[source,go]
+----
+// Get ENV var
+roleARN := os.Getenv("ROLEARN")
+setupLog.Info("getting role ARN", "role ARN = ", roleARN)
+webIdentityTokenPath := "/var/run/secrets/openshift/serviceaccount/token"
+----
+
+.. Ensure you have a `CredentialsRequest` object ready to be patched and applied. For example:
++
+.Example `CredentialsRequest` object creation
+[%collapsible]
+====
+[source,go]
+----
+import (
+   minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
+   corev1 "k8s.io/api/core/v1"
+   metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var in = minterv1.AWSProviderSpec{
+   StatementEntries: []minterv1.StatementEntry{
+      {
+         Action: []string{
+            "s3:*",
+         },
+         Effect:   "Allow",
+         Resource: "arn:aws:s3:*:*:*",
+      },
+   },
+	STSIAMRoleARN: "<role_arn>",
+}
+
+var codec = minterv1.Codec
+var ProviderSpec, _ = codec.EncodeProviderSpec(in.DeepCopyObject())
+
+const (
+   name      = "<credential_request_name>"
+   namespace = "<namespace_name>"
+)
+
+var CredentialsRequestTemplate = &minterv1.CredentialsRequest{
+   ObjectMeta: metav1.ObjectMeta{
+       Name:      name,
+       Namespace: "openshift-cloud-credential-operator",
+   },
+   Spec: minterv1.CredentialsRequestSpec{
+      ProviderSpec: ProviderSpec,
+      SecretRef: corev1.ObjectReference{
+         Name:      "<secret_name>",
+         Namespace: namespace,
+      },
+      ServiceAccountNames: []string{
+         "<service_account_name>",
+      },
+      CloudTokenPath:   "",
+   },
+}
+----
+====
++
+Alternatively, if you are starting from a `CredentialsRequest` object in YAML form (for example, as part of your Operator project code), you can handle it differently:
++
+.Example `CredentialsRequest` object creation in YAML form
+[%collapsible]
+====
+[source,go]
+----
+// CredentialsRequest is a struct that represents a request for credentials
+type CredentialsRequest struct {
+  APIVersion string `yaml:"apiVersion"`
+  Kind       string `yaml:"kind"`
+  Metadata   struct {
+     Name      string `yaml:"name"`
+     Namespace string `yaml:"namespace"`
+  } `yaml:"metadata"`
+  Spec struct {
+     SecretRef struct {
+        Name      string `yaml:"name"`
+        Namespace string `yaml:"namespace"`
+     } `yaml:"secretRef"`
+     ProviderSpec struct {
+        APIVersion     string `yaml:"apiVersion"`
+        Kind           string `yaml:"kind"`
+        StatementEntries []struct {
+           Effect   string   `yaml:"effect"`
+           Action   []string `yaml:"action"`
+           Resource string   `yaml:"resource"`
+        } `yaml:"statementEntries"`
+        STSIAMRoleARN   string `yaml:"stsIAMRoleARN"`
+     } `yaml:"providerSpec"`
+
+     // added new field
+      CloudTokenPath   string `yaml:"cloudTokenPath"`
+  } `yaml:"spec"`
+}
+
+// ConsumeCredsRequestAddingTokenInfo is a function that takes a YAML filename and two strings as arguments
+// It unmarshals the YAML file to a CredentialsRequest object and adds the token information.
+func ConsumeCredsRequestAddingTokenInfo(fileName, tokenString, tokenPath string) (*CredentialsRequest, error) {
+  // open a file containing YAML form of a CredentialsRequest
+  file, err := os.Open(fileName)
+  if err != nil {
+     return nil, err
+  }
+  defer file.Close()
+
+  // create a new CredentialsRequest object
+  cr := &CredentialsRequest{}
+
+  // decode the yaml file to the object
+  decoder := yaml.NewDecoder(file)
+  err = decoder.Decode(cr)
+  if err != nil {
+     return nil, err
+  }
+
+  // assign the string to the existing field in the object
+  cr.Spec.CloudTokenPath = tokenPath
+
+  // return the modified object
+  return cr, nil
+}
+----
+====
++
+[NOTE]
+====
+Adding a `CredentialsRequest` object to the Operator bundle is not currently supported.
+====
+
+.. Add the role ARN and web identity token path to the credentials request and apply it during Operator initialization:
++
+.Example applying `CredentialsRequest` object during Operator initialization
+[%collapsible]
+====
+[source,go]
+----
+// apply credentialsRequest on install
+credReq := credreq.CredentialsRequestTemplate
+credReq.Spec.CloudTokenPath = webIdentityTokenPath
+
+c := mgr.GetClient()
+if err := c.Create(context.TODO(), credReq); err != nil {
+   if !errors.IsAlreadyExists(err) {
+      setupLog.Error(err, "unable to create CredRequest")
+      os.Exit(1)
+   }
+}
+----
+====
+
+.. Ensure your Operator can wait for a `Secret` object to show up from the CCO, as shown in the following example, which is called along with the other items you are reconciling in your Operator:
++
+.Example wait for `Secret` object
+[%collapsible]
+====
+[source,go]
+----
+// WaitForSecret is a function that takes a Kubernetes client, a namespace, and a v1 "k8s.io/api/core/v1" name as arguments
+// It waits until the secret object with the given name exists in the given namespace
+// It returns the secret object or an error if the timeout is exceeded
+func WaitForSecret(client kubernetes.Interface, namespace, name string) (*v1.Secret, error) {
+  // set a timeout of 10 minutes
+  timeout := time.After(10 * time.Minute) <1>
+
+  // set a polling interval of 10 seconds
+  ticker := time.NewTicker(10 * time.Second)
+
+  // loop until the timeout or the secret is found
+  for {
+     select {
+     case <-timeout:
+        // timeout is exceeded, return an error
+        return nil, fmt.Errorf("timed out waiting for secret %s in namespace %s", name, namespace)
+           // add to this error with a pointer to instructions for following a manual path to a Secret that will work on STS
+     case <-ticker.C:
+        // polling interval is reached, try to get the secret
+        secret, err := client.CoreV1().Secrets(namespace).Get(context.Background(), name, metav1.GetOptions{})
+        if err != nil {
+           if errors.IsNotFound(err) {
+              // secret does not exist yet, continue waiting
+              continue
+           } else {
+              // some other error occurred, return it
+              return nil, err
+           }
+        } else {
+           // secret is found, return it
+           return secret, nil
+        }
+     }
+  }
+}
+----
+<1> The `timeout` value is based on an estimate of how fast the CCO might detect an added `CredentialsRequest` object and generate a `Secret` object. You might consider lowering the time or creating custom feedback for cluster administrators that could be wondering why the Operator is not yet accessing the cloud resources.
+====
+
+.. Set up the AWS configuration by reading the secret created by the CCO from the credentials request and creating the AWS config file containing the data from that secret:
++
+.Example AWS configuration creation
+[%collapsible]
+====
+[source,go]
+----
+func SharedCredentialsFileFromSecret(secret *corev1.Secret) (string, error) {
+   var data []byte
+   switch {
+   case len(secret.Data["credentials"]) > 0:
+       data = secret.Data["credentials"]
+   default:
+       return "", errors.New("invalid secret for aws credentials")
+   }
+
+
+   f, err := ioutil.TempFile("", "aws-shared-credentials")
+   if err != nil {
+       return "", errors.Wrap(err, "failed to create file for shared credentials")
+   }
+   defer f.Close()
+   if _, err := f.Write(data); err != nil {
+       return "", errors.Wrapf(err, "failed to write credentials to %s", f.Name())
+   }
+   return f.Name(), nil
+}
+----
+====
++
+[IMPORTANT]
+====
+The secret is assumed to exist, but your Operator code should wait and retry when using this secret to give time to the CCO to create the secret.
+
+Additionally, the wait period should eventually time out and warn users that the {product-title} cluster version, and therefore the CCO, might be an earlier version that does not support the `CredentialsRequest` object workflow with STS detection. In such cases, instruct users that they must add a secret by using another method.
+====
+
+.. Configure the AWS SDK session, for example:
++
+.Example AWS SDK session configuration
+[%collapsible]
+====
+[source,go]
+----
+sharedCredentialsFile, err := SharedCredentialsFileFromSecret(secret)
+if err != nil {
+   // handle error
+}
+options := session.Options{
+   SharedConfigState: session.SharedConfigEnable,
+   SharedConfigFiles: []string{sharedCredentialsFile},
+}
+----
+====
\ No newline at end of file
diff --git a/modules/osdk-cco-aws-sts-role.adoc b/modules/osdk-cco-aws-sts-role.adoc
new file mode 100644
index 000000000000..1acf18c2d92e
--- /dev/null
+++ b/modules/osdk-cco-aws-sts-role.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-token-auth.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="osdk-cco-aws-sts-role_{context}"]
+= Role specification
+
+The Operator description should contain the specifics of the role required to be created before installation, ideally in the form of a script that the administrator can run. For example:
+
+.Example role creation script
+[%collapsible]
+====
+[source,bash]
+----
+#!/bin/bash
+set -x
+
+AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
+OIDC_PROVIDER=$(oc get authentication cluster -ojson | jq -r .spec.serviceAccountIssuer | sed -e "s/^https:\/\///")
+NAMESPACE=my-namespace
+SERVICE_ACCOUNT_NAME="my-service-account"
+POLICY_ARN_STRINGS="arn:aws:iam::aws:policy/AmazonS3FullAccess"
+
+
+read -r -d '' TRUST_RELATIONSHIP <<EOF
+{
+ "Version": "2012-10-17",
+ "Statement": [
+   {
+     "Effect": "Allow",
+     "Principal": {
+       "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}"
+     },
+     "Action": "sts:AssumeRoleWithWebIdentity",
+     "Condition": {
+       "StringEquals": {
+         "${OIDC_PROVIDER}:sub": "system:serviceaccount:${NAMESPACE}:${SERVICE_ACCOUNT_NAME}"
+       }
+     }
+   }
+ ]
+}
+EOF
+
+echo "${TRUST_RELATIONSHIP}" > trust.json
+
+aws iam create-role --role-name "$SERVICE_ACCOUNT_NAME" --assume-role-policy-document file://trust.json --description "role for demo"
+
+while IFS= read -r POLICY_ARN; do
+   echo -n "Attaching $POLICY_ARN ... "
+   aws iam attach-role-policy \
+       --role-name "$SERVICE_ACCOUNT_NAME" \
+       --policy-arn "${POLICY_ARN}"
+   echo "ok."
+done <<< "$POLICY_ARN_STRINGS"
+----
+====
\ No newline at end of file
diff --git a/modules/osdk-cco-aws-sts-tshooting.adoc b/modules/osdk-cco-aws-sts-tshooting.adoc
new file mode 100644
index 000000000000..366c41594588
--- /dev/null
+++ b/modules/osdk-cco-aws-sts-tshooting.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-token-auth.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-cco-aws-sts-tshooting_{context}"]
+= Troubleshooting
+
+[id="osdk-cco-aws-sts-tshooting-auth-fail_{context}"]
+== Authentication failure
+
+If authentication was not successful, ensure you can assume the role with web identity by using the token provided to the Operator.
+
+.Procedure
+
+. Extract the token from the pod:
++
+[source,terminal]
+----
+$ oc exec operator-pod -n <namespace_name> \
+    -- cat /var/run/secrets/openshift/serviceaccount/token
+----
+
+. Extract the role ARN from the pod:
++
+[source,terminal]
+----
+$ oc exec operator-pod -n <namespace_name> \
+    -- cat /<path>/<to>/<secret_name> <1>
+----
+<1> Do not use root for the path.
+
+. Try assuming the role with the web identity token:
++
+[source,terminal]
+----
+$ aws sts assume-role-with-web-identity \
+    --role-arn $ROLEARN \
+    --role-session-name <session_name> \
+    --web-identity-token $TOKEN
+----
+
+[id="osdk-cco-aws-sts-tshooting-mounting_{context}"]
+== Secret not mounting correctly
+
+Pods that run as non-root users cannot write to the `/root` directory where the AWS shared credentials file is expected to exist by default. If the secret is not mounting correctly to the AWS credentials file path, consider mounting the secret to a different location and enabling the shared credentials file option in the AWS SDK.
diff --git a/modules/osdk-cco-aws-sts.adoc b/modules/osdk-cco-aws-sts.adoc
new file mode 100644
index 000000000000..c562848d3752
--- /dev/null
+++ b/modules/osdk-cco-aws-sts.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-token-auth.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osdk-cco-aws-sts_{context}"]
+= CCO-based workflow for OLM-managed Operators with AWS STS
+
+When an {product-title} cluster running on AWS is in Security Token Service (STS) mode, it means the cluster is utilizing features of AWS and {product-title} to use IAM roles at an application level. STS enables applications to provide a JSON Web Token (JWT) that can assume an IAM role.
+
+The JWT includes an Amazon Resource Name (ARN) for the `sts:AssumeRoleWithWebIdentity` IAM action to allow temporarily-granted permission for the service account. The JWT contains the signing keys for the `ProjectedServiceAccountToken` that AWS IAM can validate. The service account token itself, which is signed, is used as the JWT required for assuming the AWS role.
+
+The Cloud Credential Operator (CCO) is a cluster Operator installed by default in {product-title} clusters running on cloud providers. For the purposes of STS, the CCO provides the following functions:
+
+* Detects when it is running on an STS-enabled cluster
+* Checks for the presence of fields in the `CredentialsRequest` object that provide the required information for granting Operators access to AWS resources
+
+The CCO performs this detection even when in manual mode. When properly configured, the CCO projects a `Secret` object with the required access information into the Operator namespace.
+
+Starting in {product-title} 4.14, the CCO can semi-automate this task through an expanded use of `CredentialsRequest` objects, which can request the creation of `Secrets` that contain the information required for STS workflows. Users can provide a role ARN when installing the Operator from either the web console or CLI.
+
+[NOTE]
+====
+Subscriptions with automatic update approvals are not recommended because there might be permission changes to make prior to updating. Subscriptions with manual update approvals ensure that administrators have the opportunity to verify the permissions of the later version and take any necessary steps prior to update.
+====
+
+As an Operator author preparing an Operator for use alongside the updated CCO in {product-title} 4.14 or later, you should instruct users and add code to handle the divergence from earlier CCO versions, in addition to handling STS token authentication (if your Operator is not already STS-enabled). The recommended method is to provide a `CredentialsRequest` object with correctly filled STS-related fields and let the CCO create the `Secret` for you.
+
+[IMPORTANT]
+====
+If you plan to support {product-title} clusters earlier than version 4.14, consider providing users with instructions on how to manually create a secret with the STS-enabling information by using the CCO utility (`ccoctl`). Earlier CCO versions are unaware of STS mode on the cluster and cannot create secrets for you.
+
+Your code should check for secrets that never appear and warn users to follow the fallback instructions you have provided. For more information, see the "Alternative method" subsection.
+====
diff --git a/modules/osdk-cli-ref-cleanup.adoc b/modules/osdk-cli-ref-cleanup.adoc
index 4152a05f5945..d416c1e9e4dd 100644
--- a/modules/osdk-cli-ref-cleanup.adoc
+++ b/modules/osdk-cli-ref-cleanup.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/osdk/cli-osdk-ref.adoc
 // * operators/operator_sdk/osdk-cli-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-cli-ref-cleanup_{context}"]
 = cleanup
 
diff --git a/modules/osdk-cli-ref-run-bundle-upgrade.adoc b/modules/osdk-cli-ref-run-bundle-upgrade.adoc
index d50300aca8c2..cbba00b68033 100644
--- a/modules/osdk-cli-ref-run-bundle-upgrade.adoc
+++ b/modules/osdk-cli-ref-run-bundle-upgrade.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/osdk/cli-osdk-ref.adoc
 // * operators/operator_sdk/osdk-cli-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-cli-ref-run-bundle-upgrade_{context}"]
 = bundle-upgrade
 
@@ -23,7 +23,14 @@ The `run bundle-upgrade` subcommand upgrades an Operator that was previously ins
 |`-n`, `--namespace` (string)
 |If present, namespace in which to run the CLI request.
 
+|`--security-context-config <security_context>`
+|Specifies the security context to use for the catalog pod. Allowed values include `restricted` and `legacy`. The default value is `legacy`. ^[1]^
+
 |`-h`, `--help`
 |Help output for the `run bundle` subcommand.
 
 |===
+[.small]
+--
+1. The `restricted` security context is not compatible with the `default` namespace. To configure your Operator's pod security admission in your production environment, see "Complying with pod security admission". For more information about pod security admission, see "Understanding and managing pod security admission".
+--
diff --git a/modules/osdk-cli-ref-run-bundle.adoc b/modules/osdk-cli-ref-run-bundle.adoc
index a3770d50d796..081ceda0a15a 100644
--- a/modules/osdk-cli-ref-run-bundle.adoc
+++ b/modules/osdk-cli-ref-run-bundle.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/osdk/cli-osdk-ref.adoc
 // * operators/operator_sdk/osdk-cli-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-cli-ref-run-bundle_{context}"]
 = bundle
 
@@ -29,7 +29,14 @@ The `run bundle` subcommand deploys an Operator in the bundle format with Operat
 |`-n`, `--namespace` (string)
 |If present, namespace in which to run the CLI request.
 
+|`--security-context-config <security_context>`
+|Specifies the security context to use for the catalog pod. Allowed values include `restricted` and `legacy`. The default value is `legacy`. ^[1]^
+
 |`-h`, `--help`
 |Help output for the `run bundle` subcommand.
 
 |===
+[.small]
+--
+1. The `restricted` security context is not compatible with the `default` namespace. To configure your Operator's pod security admission in your production environment, see "Complying with pod security admission". For more information about pod security admission, see "Understanding and managing pod security admission".
+--
diff --git a/modules/osdk-cli-ref-scorecard.adoc b/modules/osdk-cli-ref-scorecard.adoc
index 56b1e8ad9e23..eb427a71a0be 100644
--- a/modules/osdk-cli-ref-scorecard.adoc
+++ b/modules/osdk-cli-ref-scorecard.adoc
@@ -31,6 +31,9 @@ The `operator-sdk scorecard` command runs the scorecard tool to validate an Oper
 |`-o`, `--output` (string)
 |Output format for results. Available values are `text`, which is the default, and `json`.
 
+|`--pod-security <security_context>`
+|Option to run scorecard with the specified security context. Allowed values include `restricted` and `legacy`. The default value is `legacy`. ^[1]^
+
 |`-l`, `--selector` (string)
 |Label selector to determine which tests are run.
 
@@ -44,3 +47,7 @@ The `operator-sdk scorecard` command runs the scorecard tool to validate an Oper
 |Seconds to wait for tests to complete, for example `35s`. The default value is `30s`.
 
 |===
+[.small]
+--
+1. The `restricted` security context is not compatible with the `default` namespace. To configure your Operator's pod security admission in your production environment, see "Complying with pod security admission". For more information about pod security admission, see "Understanding and managing pod security admission".
+--
diff --git a/modules/osdk-common-prereqs.adoc b/modules/osdk-common-prereqs.adoc
index 6dd964581323..cdc81ac46f28 100644
--- a/modules/osdk-common-prereqs.adoc
+++ b/modules/osdk-common-prereqs.adoc
@@ -34,22 +34,27 @@ endif::[]
 = Prerequisites
 
 * Operator SDK CLI installed
-* OpenShift CLI (`oc`) v{product-version}+ installed
+* OpenShift CLI (`oc`) {product-version}+ installed
 ifdef::golang[]
-* link:https://golang.org/dl/[Go] v1.19+
+* link:https://golang.org/dl/[Go] 1.19+
 endif::[]
 ifdef::ansible[]
-* link:https://docs.ansible.com/ansible/2.9/index.html[Ansible] v2.9.0
-* link:https://ansible-runner.readthedocs.io/en/latest/install.html[Ansible Runner] v2.0.2+
-* link:https://github.com/ansible/ansible-runner-http[Ansible Runner HTTP Event Emitter plugin] v1.0.0+
-* link:https://www.python.org/downloads/[Python] 3.8.6+
-* link:https://pypi.org/project/openshift/[OpenShift Python client] v0.12.0+
+* link:https://docs.ansible.com/ansible/latest/roadmap/ROADMAP_2_15.html[Ansible] 2.15.0
+* link:https://ansible-runner.readthedocs.io/en/latest/install.html[Ansible Runner] 2.3.3+
+* link:https://github.com/ansible/ansible-runner-http[Ansible Runner HTTP Event Emitter plugin] 1.0.0+
+* link:https://www.python.org/downloads/[Python] 3.9+
+* link:https://pypi.org/project/kubernetes/[Python Kubernetes client]
 endif::[]
 ifdef::java[]
-* link:https://java.com/en/download/help/download_options.html[Java] v11+
-* link:https://maven.apache.org/install.html[Maven] v3.6.3+
+* link:https://java.com/en/download/help/download_options.html[Java] 11+
+* link:https://maven.apache.org/install.html[Maven] 3.6.3+
 endif::[]
+ifndef::openshift-dedicated,openshift-rosa[]
 * Logged into an {product-title} {product-version} cluster with `oc` with an account that has `cluster-admin` permissions
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Logged into an {product-title} cluster with `oc` with an account that has `dedicated-admin` permissions
+endif::openshift-dedicated,openshift-rosa[]
 * To allow the cluster to pull the image, the repository where you push your image must be set as public, or you must configure an image pull secret
 
 ifeval::["{context}" == "osdk-ansible-quickstart"]
diff --git a/modules/osdk-control-compat.adoc b/modules/osdk-control-compat.adoc
index cb38d6b96167..d4d2ba230e4a 100644
--- a/modules/osdk-control-compat.adoc
+++ b/modules/osdk-control-compat.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-working-bundle-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-control-compat_{context}"]
 = Controlling Operator compatibility with {product-title} versions
 
@@ -47,8 +47,7 @@ Operators that use deprecated APIs can adversely impact critical workloads when
 +
 [IMPORTANT]
 ====
-You must use `olm.maxOpenShiftVersion` annotation only if your Operator bundle version cannot work in later versions. Be aware that cluster admins cannot upgrade their clusters with your solution installed. If you do not provide later version and a valid upgrade path,
-cluster admins may uninstall your Operator and can upgrade the cluster version.
+You must use `olm.maxOpenShiftVersion` annotation only if your Operator bundle version cannot work in later versions. Be aware that cluster admins cannot upgrade their clusters with your solution installed. If you do not provide later version and a valid upgrade path, administrators may uninstall your Operator and can upgrade the cluster version.
 ====
 +
 .Example CSV with `olm.maxOpenShiftVersion` annotation
diff --git a/modules/osdk-crd-templates.adoc b/modules/osdk-crd-templates.adoc
index 01e4542829fe..0403a197a06e 100644
--- a/modules/osdk-crd-templates.adoc
+++ b/modules/osdk-crd-templates.adoc
@@ -16,5 +16,5 @@ The following full example provides templates for `EtcdCluster`, `EtcdBackup` an
 metadata:
   annotations:
     alm-examples: >-
-      [{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"<full-s3-path>","awsSecret":"<aws-secret>"}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":["<etcd-cluster-endpoints>"],"storageType":"S3","s3":{"path":"<full-s3-path>","awsSecret":"<aws-secret>"}}}]
+      [{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"<operator_namespace>"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"<full-s3-path>","awsSecret":"<aws-secret>"}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":["<etcd-cluster-endpoints>"],"storageType":"S3","s3":{"path":"<full-s3-path>","awsSecret":"<aws-secret>"}}}]
 ----
diff --git a/modules/osdk-crds.adoc b/modules/osdk-crds.adoc
index 9aec6df625fa..cf28460296c4 100644
--- a/modules/osdk-crds.adoc
+++ b/modules/osdk-crds.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-crds_{context}"]
 = Understanding your custom resource definitions (CRDs)
 
diff --git a/modules/osdk-create-cr.adoc b/modules/osdk-create-cr.adoc
index 6f7e005b0a47..16522eea77a5 100644
--- a/modules/osdk-create-cr.adoc
+++ b/modules/osdk-create-cr.adoc
@@ -23,7 +23,7 @@ ifeval::["{context}" == "osdk-helm-tutorial"]
 :group: demo
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-create-cr_{context}"]
 = Creating a custom resource
 
diff --git a/modules/osdk-create-project.adoc b/modules/osdk-create-project.adoc
index 07c7e011052b..b2fec6c03c56 100644
--- a/modules/osdk-create-project.adoc
+++ b/modules/osdk-create-project.adoc
@@ -25,7 +25,7 @@ ifeval::["{context}" == "osdk-java-tutorial"]
 :app: memcached
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-create-project_{context}"]
 = Creating a project
 
diff --git a/modules/osdk-csv-annotations-dep.adoc b/modules/osdk-csv-annotations-dep.adoc
new file mode 100644
index 000000000000..e06b5a33513f
--- /dev/null
+++ b/modules/osdk-csv-annotations-dep.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-generating-csvs.adoc
+
+[id="osdk-csv-manual-annotations-deprecated_{context}"]
+= Deprecated infrastructure feature annotations
+
+Starting in {product-title} 4.14, the `operators.openshift.io/infrastructure-features` group of annotations are deprecated by the group of annotations with the `features.operators.openshift.io` namespace. While you are encouraged to use the newer annotations, both groups are currently accepted when used in parallel.
+
+These annotations detail the infrastructure features that an Operator supports. Users can view and filter by these features when discovering Operators through OperatorHub in the web console or on the link:https://catalog.redhat.com/software/search?deployed_as=Operator[Red Hat Ecosystem Catalog].
+
+.Deprecated `operators.openshift.io/infrastructure-features` annotations
+[cols="2a,4a",options="header"]
+|===
+|Valid annotation values |Description
+
+|`disconnected`
+|Operator supports being mirrored into disconnected catalogs, including all dependencies, and does not require internet access. All related images required for mirroring are listed by the Operator.
+
+|`cnf`
+|Operator provides a Cloud-native Network Functions (CNF) Kubernetes plugin.
+
+|`cni`
+|Operator provides a Container Network Interface (CNI) Kubernetes plugin.
+
+|`csi`
+|Operator provides a Container Storage Interface (CSI) Kubernetes plugin.
+
+|`fips`
+|Operator accepts the FIPS mode of the underlying platform and works on nodes that are booted into FIPS mode.
+
+[IMPORTANT]
+====
+When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
+====
+
+|`proxy-aware`
+|Operator supports running on a cluster behind a proxy. Operator accepts the standard proxy environment variables  `HTTP_PROXY` and `HTTPS_PROXY`, which Operator Lifecycle Manager (OLM) provides to the Operator automatically when the cluster is configured to use a proxy. Required environment variables are passed down to Operands for managed workloads.
+|===
+
+.Example CSV with `disconnected` and `proxy-aware` support
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware"]'
+----
diff --git a/modules/osdk-csv-annotations-infra.adoc b/modules/osdk-csv-annotations-infra.adoc
new file mode 100644
index 000000000000..27d1c1f82672
--- /dev/null
+++ b/modules/osdk-csv-annotations-infra.adoc
@@ -0,0 +1,81 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-generating-csvs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="osdk-csv-annotations-infra_{context}"]
+= Infrastructure features annotations
+
+Annotations in the `features.operators.openshift.io` group detail the infrastructure features that an Operator might support, specified by setting a `"true"` or `"false"` value. Users can view and filter by these features when discovering Operators through OperatorHub in the web console or on the link:https://catalog.redhat.com/software/search?deployed_as=Operator[Red Hat Ecosystem Catalog]. These annotations are supported in {product-title} 4.10 and later.
+
+[IMPORTANT]
+====
+The `features.operators.openshift.io` infrastructure feature annotations deprecate the `operators.openshift.io/infrastructure-features` annotations used in earlier versions of {product-title}. See "Deprecated infrastructure feature annotations" for more information.
+====
+
+.Infrastructure features annotations
+[cols="4a,5a,3a,options="header"]
+|===
+|Annotation |Description |Valid values^[1]^
+
+|`features.operators.openshift.io/disconnected`
+|Specify whether an Operator leverages the `spec.relatedImages` CSV field and can run without an internet connection by referring to any related image by its digest.
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/fips-compliant`
+|Specify whether an Operator accepts the FIPS-140 configuration of the underlying platform and works on nodes that are booted into FIPS mode. In this mode, the Operator and any workloads it manages (operands) are solely calling the {op-system-base-full} cryptographic library submitted for FIPS-140 validation.
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/proxy-aware`
+|Specify whether an Operator supports running on a cluster behind a proxy by accepting the standard `HTTP_PROXY` and `HTTPS_PROXY` proxy environment variables. If applicable, the Operator passes this information to the workload it manages (operands).
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/tls-profiles`
+|Specify whether an Operator implements well-known tunables to modify the TLS cipher suite used by the Operator and, if applicable, any of the workloads it manages (operands).
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/token-auth-aws`
+|Specify whether an Operator supports configuration for tokenzied authentication with AWS APIs via AWS Secure Token Service (STS) by using the Cloud Credential Operator (CCO).
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/token-auth-azure`
+|Specify whether an Operator supports configuration for tokenzied authentication with Azure APIs via Azure Managed Identity by using the Cloud Credential Operator (CCO).
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/token-auth-gcp`
+|Specify whether an Operator supports configuration for tokenzied authentication with Google Cloud APIs via GCP Workload Identity Foundation (WIF) by using the Cloud Credential Operator (CCO).
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/cnf`
+|Specify whether an Operator provides a Cloud-Native Network Function (CNF) Kubernetes plugin.
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/cni`
+|Specify whether an Operator provides a Container Network Interface (CNI) Kubernetes plugin.
+|`"true"` or `"false"`
+
+|`features.operators.openshift.io/csi`
+|Specify whether an Operator provides a Container Storage Interface (CSI) Kubernetes plugin.
+|`"true"` or `"false"`
+
+|===
+[.small]
+--
+1. Valid values are shown intentionally with double quotes, because Kubernetes annotations must be strings.
+--
+
+.Example CSV with infrastructure feature annotations
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    features.operators.openshift.io/disconnected: "true"
+    features.operators.openshift.io/fips-compliant: "false"
+    features.operators.openshift.io/proxy-aware: "false"
+    features.operators.openshift.io/tls-profiles: "false"
+    features.operators.openshift.io/token-auth-aws: "false"
+    features.operators.openshift.io/token-auth-azure: "false"
+    features.operators.openshift.io/token-auth-gcp: "false"
+----
diff --git a/modules/osdk-csv-annotations-other.adoc b/modules/osdk-csv-annotations-other.adoc
new file mode 100644
index 000000000000..a2ed78b7cc24
--- /dev/null
+++ b/modules/osdk-csv-annotations-other.adoc
@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-generating-csvs.adoc
+
+[id="osdk-csv-annotations-other_{context}"]
+= Other optional annotations
+
+The following Operator annotations are optional.
+
+.Other optional annotations
+[cols="5a,5a",options="header"]
+|===
+|Annotation |Description
+
+|`alm-examples`
+|Provide custom resource definition (CRD) templates with a minimum set of configuration. Compatible UIs pre-fill this template for users to further customize.
+
+|`operatorframework.io/initialization-resource`
+|Specify a single required custom resource by adding `operatorframework.io/initialization-resource` annotation to the cluster service version (CSV) during Operator installation. The user is then prompted to create the custom resource through a template provided in the CSV.  Must include a template that contains a complete YAML definition.
+
+|`operatorframework.io/suggested-namespace`
+|Set a suggested namespace where the Operator should be deployed.
+
+|`operatorframework.io/suggested-namespace-template`
+|Set a manifest for a `Namespace` object with the default node selector for the namespace specified.
+
+|`operators.openshift.io/valid-subscription`
+|Free-form array for listing any specific subscriptions that are required to use the Operator. For example, `'["3Scale Commercial License", "Red Hat Managed Integration"]'`.
+
+|`operators.operatorframework.io/internal-objects`
+|Hides CRDs in the UI that are not meant for user manipulation.
+
+|===
+
+.Example CSV with an {product-title} license requirement
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    operators.openshift.io/valid-subscription: '["OpenShift Container Platform"]'
+----
+
+.Example CSV with a 3scale license requirement
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    operators.openshift.io/valid-subscription: '["3Scale Commercial License", "Red Hat Managed Integration"]'
+----
\ No newline at end of file
diff --git a/modules/osdk-csv-manual-annotations.adoc b/modules/osdk-csv-manual-annotations.adoc
index 6b24113109a6..632b13817011 100644
--- a/modules/osdk-csv-manual-annotations.adoc
+++ b/modules/osdk-csv-manual-annotations.adoc
@@ -5,75 +5,4 @@
 [id="osdk-csv-manual-annotations_{context}"]
 = Operator metadata annotations
 
-Operator developers can manually define certain annotations in the metadata of a cluster service version (CSV) to enable features or highlight capabilities in user interfaces (UIs), such as OperatorHub.
-
-The following table lists Operator metadata annotations that can be manually defined using `metadata.annotations` fields.
-
-.Annotations
-[cols="5a,5a",options="header"]
-|===
-|Field |Description
-
-|`alm-examples`
-|Provide custom resource definition (CRD) templates with a minimum set of configuration. Compatible UIs pre-fill this template for users to further customize.
-
-|`operatorframework.io/initialization-resource`
-|Specify a single required custom resource by adding `operatorframework.io/initialization-resource` annotation to the cluster service version (CSV) during Operator installation. The user is then prompted to create the custom resource through a template provided in the CSV.  Must include a template that contains a complete YAML definition.
-
-|`operatorframework.io/suggested-namespace`
-|Set a suggested namespace where the Operator should be deployed.
-
-|`operatorframework.io/suggested-namespace-template`
-|Set a manifest for a Namespace object with the namespace default node selector specified.
-
-|`operators.openshift.io/infrastructure-features`
-|Infrastructure features supported by the Operator. Users can view and filter by these features when discovering Operators through OperatorHub in the web console. Valid, case-sensitive values:
-
-- `disconnected`: Operator supports being mirrored into disconnected catalogs, including all dependencies, and does not require internet access. All related images required for mirroring are listed by the Operator.
-- `cnf`: Operator provides a Cloud-native Network Functions (CNF) Kubernetes plugin.
-- `cni`: Operator provides a Container Network Interface (CNI) Kubernetes plugin.
-- `csi`: Operator provides a Container Storage Interface (CSI) Kubernetes plugin.
-- `fips`: Operator accepts the FIPS mode of the underlying platform and works on nodes that are booted into FIPS mode.
-
-[IMPORTANT]
-====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on `x86_64`, `ppc64le`, and `s390x` architectures.
-====
-- `proxy-aware`: Operator supports running on a cluster behind a proxy. Operator accepts the standard proxy environment variables  `HTTP_PROXY` and `HTTPS_PROXY`, which Operator Lifecycle Manager (OLM) provides to the Operator automatically when the cluster is configured to use a proxy. Required environment variables are passed down to Operands for managed workloads.
-
-|`operators.openshift.io/valid-subscription`
-|Free-form array for listing any specific subscriptions that are required to use the Operator. For example, `'["3Scale Commercial License", "Red Hat Managed Integration"]'`.
-
-|`operators.operatorframework.io/internal-objects`
-|Hides CRDs in the UI that are not meant for user manipulation.
-
-|===
-
-[discrete]
-[id="osdk-csv-manual-annotations-examples_{context}"]
-== Example use cases
-
-.Operator supports disconnected and proxy-aware
-[source,terminal]
-----
-operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware"]'
-----
-
-.Operator requires an {product-title} license
-[source,terminal]
-----
-operators.openshift.io/valid-subscription: '["OpenShift Container Platform"]'
-----
-
-.Operator requires a 3scale license
-[source,terminal]
-----
-operators.openshift.io/valid-subscription: '["3Scale Commercial License", "Red Hat Managed Integration"]'
-----
-
-.Operator supports disconnected and proxy-aware, and requires an {product-title} license
-[source,terminal]
-----
-operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware"]'
-operators.openshift.io/valid-subscription: '["OpenShift Container Platform"]'
-----
+Operator developers can set certain annotations in the metadata of a cluster service version (CSV) to enable features or highlight capabilities in user interfaces (UIs), such as OperatorHub or the link:https://catalog.redhat.com/software/search?deployed_as=Operator[Red Hat Ecosystem Catalog]. Operator metadata annotations are manually defined by setting the `metadata.annotations` field in the CSV YAML file.
\ No newline at end of file
diff --git a/modules/osdk-deploy-olm.adoc b/modules/osdk-deploy-olm.adoc
index 41befb5c4fef..ee5084d5bf37 100644
--- a/modules/osdk-deploy-olm.adoc
+++ b/modules/osdk-deploy-olm.adoc
@@ -15,7 +15,7 @@ ifeval::["{context}" == "osdk-java-tutorial"]
 :java:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-deploy-olm_{context}"]
 = Deploying an Operator with Operator Lifecycle Manager
 
@@ -28,14 +28,19 @@ The Operator bundle format is the default packaging method for Operator SDK and
 - Operator SDK CLI installed on a development workstation
 - Operator bundle image built and pushed to a registry
 - OLM installed on a Kubernetes-based cluster (v1.16.0 or later if you use `apiextensions.k8s.io/v1` CRDs, for example {product-title} {product-version})
+ifndef::openshift-dedicated,openshift-rosa[]
 - Logged in to the cluster with `oc` using an account with `cluster-admin` permissions
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+- Logged in to the cluster with `oc` using an account with `dedicated-admin` permissions
+endif::openshift-dedicated,openshift-rosa[]
 ifdef::golang[]
 - If your Operator is Go-based, your project must be updated to use supported images for running on {product-title}
 endif::[]
 
 .Procedure
 
-. Enter the following command to run the Operator on the cluster: 
+* Enter the following command to run the Operator on the cluster:
 +
 [source,terminal]
 ----
@@ -45,7 +50,7 @@ $ operator-sdk run bundle \//<1>
 ----
 <1> The `run bundle` command creates a valid file-based catalog and installs the Operator bundle on your cluster using OLM.
 <2> Optional: By default, the command installs the Operator in the currently active project in your `~/.kube/config` file. You can add the `-n` flag to set a different namespace scope for the installation.
-<3> If you do not specify an image, the command uses `quay.io/operator-framework/opm:latest` as the default index image. If you specify an image, the command uses the bundle image itself as the index image. 
+<3> If you do not specify an image, the command uses `quay.io/operator-framework/opm:latest` as the default index image. If you specify an image, the command uses the bundle image itself as the index image.
 +
 [IMPORTANT]
 ====
diff --git a/modules/osdk-ensuring-operator-workloads-run-restricted-psa.adoc b/modules/osdk-ensuring-operator-workloads-run-restricted-psa.adoc
index f919615011cf..48c02e9b68dd 100644
--- a/modules/osdk-ensuring-operator-workloads-run-restricted-psa.adoc
+++ b/modules/osdk-ensuring-operator-workloads-run-restricted-psa.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-complying-with-psa.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-ensuring-operator-workloads-run-restricted-psa_{context}"]
 = Ensuring Operator workloads run in namespaces set to the restricted pod security level
 
diff --git a/modules/osdk-golang-controller-configs.adoc b/modules/osdk-golang-controller-configs.adoc
index ad3974d94e12..5e05ae3f4371 100644
--- a/modules/osdk-golang-controller-configs.adoc
+++ b/modules/osdk-golang-controller-configs.adoc
@@ -24,6 +24,6 @@ func (r *MemcachedReconciler) SetupWithManager(mgr ctrl.Manager) error {
 
 * Filter watch events using predicates.
 
-* Choose the type of link:https://godoc.org/sigs.k8s.io/controller-runtime/pkg/handler#hdr-EventHandlers[EventHandler] to change how a watch event translates to reconcile requests for the reconcile loop. For Operator relationships that are more complex than primary and secondary resources, you can use the `EnqueueRequestsFromMapFunc` handler to transform a watch event into an arbitrary set of reconcile requests.
+* Choose the type of link:https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/handler#EventHandler[EventHandler] to change how a watch event translates to reconcile requests for the reconcile loop. For Operator relationships that are more complex than primary and secondary resources, you can use the `EnqueueRequestsFromMapFunc` handler to transform a watch event into an arbitrary set of reconcile requests.
 
 For more details on these and other configurations, see the upstream link:https://godoc.org/github.com/kubernetes-sigs/controller-runtime/pkg/builder#example-Builder[Builder] and link:https://godoc.org/github.com/kubernetes-sigs/controller-runtime/pkg/controller[Controller] GoDocs.
diff --git a/modules/osdk-golang-create-api-controller.adoc b/modules/osdk-golang-create-api-controller.adoc
index 21d7fdc2f62c..9bc7dd5c8661 100644
--- a/modules/osdk-golang-create-api-controller.adoc
+++ b/modules/osdk-golang-create-api-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-golang-create-api-controller_{context}"]
 = Creating an API and controller
 
diff --git a/modules/osdk-golang-define-api.adoc b/modules/osdk-golang-define-api.adoc
index bcd09396da55..0d19958dea82 100644
--- a/modules/osdk-golang-define-api.adoc
+++ b/modules/osdk-golang-define-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-golang-define-api_{context}"]
 = Defining the API
 
diff --git a/modules/osdk-golang-generate-crd.adoc b/modules/osdk-golang-generate-crd.adoc
index e5d270e82b58..81a1cebdba74 100644
--- a/modules/osdk-golang-generate-crd.adoc
+++ b/modules/osdk-golang-generate-crd.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-golang-generate-crd_{context}"]
 = Generating CRD manifests
 
diff --git a/modules/osdk-golang-implement-controller.adoc b/modules/osdk-golang-implement-controller.adoc
index fd0cfe57f147..8a21c9f02799 100644
--- a/modules/osdk-golang-implement-controller.adoc
+++ b/modules/osdk-golang-implement-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-golang-implement-controller_{context}"]
 = Implementing the controller
 
diff --git a/modules/osdk-golang-manager.adoc b/modules/osdk-golang-manager.adoc
index 9d37d0ccdc08..f247f940709c 100644
--- a/modules/osdk-golang-manager.adoc
+++ b/modules/osdk-golang-manager.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-golang-manager_{context}"]
 = About the Manager
 
diff --git a/modules/osdk-golang-multi-group-apis.adoc b/modules/osdk-golang-multi-group-apis.adoc
index 4a9a296b97c5..df4a8fb027ec 100644
--- a/modules/osdk-golang-multi-group-apis.adoc
+++ b/modules/osdk-golang-multi-group-apis.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/golang/osdk-golang-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-golang-multi-group-apis_{context}"]
 = About multi-group APIs
 
diff --git a/modules/osdk-ha-sno-api.adoc b/modules/osdk-ha-sno-api.adoc
index 50d53959e2c3..5e03d3048d6d 100644
--- a/modules/osdk-ha-sno-api.adoc
+++ b/modules/osdk-ha-sno-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-ha-sno.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-ha-sno-api_{context}"]
 = About the cluster high-availability mode API
 
diff --git a/modules/osdk-helm-logic.adoc b/modules/osdk-helm-logic.adoc
index f26078723e07..f0e00e41cce3 100644
--- a/modules/osdk-helm-logic.adoc
+++ b/modules/osdk-helm-logic.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-helm-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-helm-logic_{context}"]
 = Understanding the Operator logic
 
diff --git a/modules/osdk-helm-modify-cr.adoc b/modules/osdk-helm-modify-cr.adoc
index add48d7a599b..402cbe01f95a 100644
--- a/modules/osdk-helm-modify-cr.adoc
+++ b/modules/osdk-helm-modify-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-helm-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-helm-modify-cr_{context}"]
 = Modifying the custom resource spec
 
diff --git a/modules/osdk-hh-create-cr.adoc b/modules/osdk-hh-create-cr.adoc
index 9394e7f4453d..6e2706bfc731 100644
--- a/modules/osdk-hh-create-cr.adoc
+++ b/modules/osdk-hh-create-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-hh-create-cr_{context}"]
 = Creating custom resources
 
diff --git a/modules/osdk-hh-create-go-api.adoc b/modules/osdk-hh-create-go-api.adoc
index 6c58272bc5e6..2b129c3a196d 100644
--- a/modules/osdk-hh-create-go-api.adoc
+++ b/modules/osdk-hh-create-go-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-hh-create-go-api_{context}"]
 = Creating a Go API
 
diff --git a/modules/osdk-hh-create-helm-api.adoc b/modules/osdk-hh-create-helm-api.adoc
index b80739f32436..776299bbf318 100644
--- a/modules/osdk-hh-create-helm-api.adoc
+++ b/modules/osdk-hh-create-helm-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-hh-create-helm-api_{context}"]
 = Creating a Helm API
 
diff --git a/modules/osdk-hh-create-project.adoc b/modules/osdk-hh-create-project.adoc
index 617ba2f0491a..9fa18b1ddaf5 100644
--- a/modules/osdk-hh-create-project.adoc
+++ b/modules/osdk-hh-create-project.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-hh-create-project_{context}"]
 = Creating a project
 
diff --git a/modules/osdk-hh-defining-go-api.adoc b/modules/osdk-hh-defining-go-api.adoc
index 90a6b3b10266..ff50be3741cb 100644
--- a/modules/osdk-hh-defining-go-api.adoc
+++ b/modules/osdk-hh-defining-go-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-hh-defining-go-api_{context}"]
 = Defining the API
 
diff --git a/modules/osdk-hh-helm-api-logic.adoc b/modules/osdk-hh-helm-api-logic.adoc
index c621e20e0ae0..cfa3f703b62a 100644
--- a/modules/osdk-hh-helm-api-logic.adoc
+++ b/modules/osdk-hh-helm-api-logic.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-hh-helm-api-logic_{context}"]
 = Operator logic for the Helm API
 
diff --git a/modules/osdk-hh-helm-reconciler.adoc b/modules/osdk-hh-helm-reconciler.adoc
index 31e048e77cb1..c637f0f15f42 100644
--- a/modules/osdk-hh-helm-reconciler.adoc
+++ b/modules/osdk-hh-helm-reconciler.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-hh-helm-reconciler_{context}"]
 = Custom Helm reconciler configurations using provided library APIs
 
diff --git a/modules/osdk-hh-implement-controller.adoc b/modules/osdk-hh-implement-controller.adoc
index d97737828f6f..e025d59757f2 100644
--- a/modules/osdk-hh-implement-controller.adoc
+++ b/modules/osdk-hh-implement-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-hh-implement-controller_{context}"]
 = Controller implementation
 
diff --git a/modules/osdk-hh-main-go.adoc b/modules/osdk-hh-main-go.adoc
index 30871e4827c6..727c0a3cb4a5 100644
--- a/modules/osdk-hh-main-go.adoc
+++ b/modules/osdk-hh-main-go.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-hh-main-go_{context}"]
 = Differences in main.go
 
diff --git a/modules/osdk-hh-project-layout.adoc b/modules/osdk-hh-project-layout.adoc
index 2130efc2cd3a..b4b946fc9294 100644
--- a/modules/osdk-hh-project-layout.adoc
+++ b/modules/osdk-hh-project-layout.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-hh-project-layout_{context}"]
 = Project layout
 
diff --git a/modules/osdk-hh-rbac.adoc b/modules/osdk-hh-rbac.adoc
index dd0a00fc3267..8fa72d125914 100644
--- a/modules/osdk-hh-rbac.adoc
+++ b/modules/osdk-hh-rbac.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/helm/osdk-hybrid-helm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-hh-rbac_{context}"]
 = Permissions and RBAC manifests
 
diff --git a/modules/osdk-hiding-internal-objects.adoc b/modules/osdk-hiding-internal-objects.adoc
index 73029180316d..dcab32709b30 100644
--- a/modules/osdk-hiding-internal-objects.adoc
+++ b/modules/osdk-hiding-internal-objects.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-hiding-internal-objects_{context}"]
 = Hiding internal objects
 
diff --git a/modules/osdk-init-resource.adoc b/modules/osdk-init-resource.adoc
index aa1ac35800f8..d3975b862bee 100644
--- a/modules/osdk-init-resource.adoc
+++ b/modules/osdk-init-resource.adoc
@@ -2,13 +2,13 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-init-resource_{context}"]
 = Initializing required custom resources
 
 An Operator might require the user to instantiate a custom resource before the Operator can be fully functional. However, it can be challenging for a user to determine what is required or how to define the resource.
 
-As an Operator developer, you can specify a single required custom resource by adding `operatorframework.io/initialization-resource` to the cluster service version (CSV) during Operator installation. You are then prompted  prompted to create the custom resource through a template that is provided in the CSV.
+As an Operator developer, you can specify a single required custom resource by adding `operatorframework.io/initialization-resource` to the cluster service version (CSV) during Operator installation. You are then prompted to create the custom resource through a template that is provided in the CSV.
 The annotation must include a template that contains a complete YAML definition that is required to initialize the resource during installation.
 
 If this annotation is defined, after installing the Operator from the {product-title} web console, the user is prompted to create the resource using the template provided in the CSV.
diff --git a/modules/osdk-installing-cli-linux-macos.adoc b/modules/osdk-installing-cli-linux-macos.adoc
index 38794f95b91b..6ccaa26b5227 100644
--- a/modules/osdk-installing-cli-linux-macos.adoc
+++ b/modules/osdk-installing-cli-linux-macos.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/osdk/cli-osdk-install.adoc
 // * operators/operator_sdk/osdk-installing-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-installing-cli-linux-macos_{context}"]
 = Installing the Operator SDK CLI on Linux
 
diff --git a/modules/osdk-installing-cli-macos.adoc b/modules/osdk-installing-cli-macos.adoc
index 06071c44b520..4d718ebb7672 100644
--- a/modules/osdk-installing-cli-macos.adoc
+++ b/modules/osdk-installing-cli-macos.adoc
@@ -3,7 +3,7 @@
 // * cli_reference/osdk/cli-osdk-install.adoc
 // * operators/operator_sdk/osdk-installing-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-installing-cli-macos_{context}"]
 = Installing the Operator SDK CLI on macOS
 
@@ -20,8 +20,14 @@ ifndef::openshift-origin[]
 endif::[]
 
 .Procedure
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . For the `amd64` and `arm64` architectures, navigate to the link:https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/operator-sdk/[OpenShift mirror site for the `amd64` architecture] and link:https://mirror.openshift.com/pub/openshift-v4/arm64/clients/operator-sdk/[OpenShift mirror site for the `arm64` architecture] respectively.
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+. For the `amd64` architecture, navigate to the link:https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/operator-sdk/[OpenShift mirror site for the `amd64` architecture].
+endif::openshift-rosa,openshift-dedicated[]
+
 
 . From the latest {product-version} directory, download the latest version of the tarball for macOS.
 
@@ -31,14 +37,14 @@ endif::[]
 ----
 $ tar xvf operator-sdk-v{osdk_ver}-ocp-darwin-x86_64.tar.gz
 ----
-
+ifndef::openshift-rosa,openshift-dedicated[]
 . Unpack the Operator SDK archive for `arm64` architecture by running the following command:
 +
 [source,terminal,subs="attributes+"]
 ----
 $ tar xvf operator-sdk-v{osdk_ver}-ocp-darwin-aarch64.tar.gz
 ----
-
+endif::openshift-rosa,openshift-dedicated[]
 . Make the file executable by running the following command:
 +
 [source,terminal]
diff --git a/modules/osdk-java-controller-labels-memcached.adoc b/modules/osdk-java-controller-labels-memcached.adoc
index ad002f43a1a1..2ee93a21ed73 100644
--- a/modules/osdk-java-controller-labels-memcached.adoc
+++ b/modules/osdk-java-controller-labels-memcached.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-java-controller-labels-memcached_{context}"]
 = Defining `labelsForMemcached`
 
diff --git a/modules/osdk-java-controller-memcached-deployment.adoc b/modules/osdk-java-controller-memcached-deployment.adoc
index 87b1067c8943..6f673b16e57f 100644
--- a/modules/osdk-java-controller-memcached-deployment.adoc
+++ b/modules/osdk-java-controller-memcached-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-java-controller-memcached-deployment_{context}"]
 =  Define the `createMemcachedDeployment`
 
diff --git a/modules/osdk-java-controller-reconcile-loop.adoc b/modules/osdk-java-controller-reconcile-loop.adoc
index 12b47ac87068..ef4a8f5a4532 100644
--- a/modules/osdk-java-controller-reconcile-loop.adoc
+++ b/modules/osdk-java-controller-reconcile-loop.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-java-controller-reconcile-loop_{context}"]
 = Reconcile loop
 
diff --git a/modules/osdk-java-create-api-controller.adoc b/modules/osdk-java-create-api-controller.adoc
index 4f81a1c5106e..29277a85222d 100644
--- a/modules/osdk-java-create-api-controller.adoc
+++ b/modules/osdk-java-create-api-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-java-create-api-controller_{context}"]
 = Creating an API and controller
 
diff --git a/modules/osdk-java-create-cr.adoc b/modules/osdk-java-create-cr.adoc
index c9b6e8460e5a..046050f1812f 100644
--- a/modules/osdk-java-create-cr.adoc
+++ b/modules/osdk-java-create-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-java-create-cr_{context}"]
 = Creating a Custom Resource
 
diff --git a/modules/osdk-java-define-api.adoc b/modules/osdk-java-define-api.adoc
index a2cddfbf2334..5392b6e6489b 100644
--- a/modules/osdk-java-define-api.adoc
+++ b/modules/osdk-java-define-api.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-java-define-api_{context}"]
 = Defining the API
 
diff --git a/modules/osdk-java-generate-crd.adoc b/modules/osdk-java-generate-crd.adoc
index 32b5d061afc0..7ae177353f58 100644
--- a/modules/osdk-java-generate-crd.adoc
+++ b/modules/osdk-java-generate-crd.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-java-generate-crd_{context}"]
 = Generating CRD manifests
 
diff --git a/modules/osdk-java-implement-controller.adoc b/modules/osdk-java-implement-controller.adoc
index ee673b2a4619..be612051ec6a 100644
--- a/modules/osdk-java-implement-controller.adoc
+++ b/modules/osdk-java-implement-controller.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-tutorial.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-java-implement-controller_{context}"]
 = Implementing the controller
 
diff --git a/modules/osdk-java-project-layout.adoc b/modules/osdk-java-project-layout.adoc
index da24951aa492..44d25728830a 100644
--- a/modules/osdk-java-project-layout.adoc
+++ b/modules/osdk-java-project-layout.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/java/osdk-java-project-layout.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-java-project-layout_{context}"]
 = Java-based project layout
 
diff --git a/modules/osdk-managing-psa-for-operators-with-escalated-permissions.adoc b/modules/osdk-managing-psa-for-operators-with-escalated-permissions.adoc
index 8efcd9c6abe8..b52721025b51 100644
--- a/modules/osdk-managing-psa-for-operators-with-escalated-permissions.adoc
+++ b/modules/osdk-managing-psa-for-operators-with-escalated-permissions.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-complying-with-psa.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-managing-psa-for-operators-with-escalated-permissions_{context}"]
 = Managing pod security admission for Operator workloads that require escalated permissions
 
diff --git a/modules/osdk-manually-defined-csv-fields.adoc b/modules/osdk-manually-defined-csv-fields.adoc
index 09ba700f1fac..76ec4e9b06a5 100644
--- a/modules/osdk-manually-defined-csv-fields.adoc
+++ b/modules/osdk-manually-defined-csv-fields.adoc
@@ -11,7 +11,7 @@ Operator authors must directly modify their cluster service version (CSV) YAML f
 
 The following tables detail which manually-defined CSV fields are required and which are optional.
 
-.Required
+.Required CSV fields
 [cols="2a,8a",options="header"]
 |===
 |Field |Description
@@ -52,7 +52,7 @@ The following tables detail which manually-defined CSV fields are required and w
 |===
 
 
-.Optional
+.Optional CSV fields
 [cols="2a,8a",options="header"]
 |===
 |Field |Description
diff --git a/modules/osdk-migrating-pkgman.adoc b/modules/osdk-migrating-pkgman.adoc
index dde34698ba70..df4f00eeea01 100644
--- a/modules/osdk-migrating-pkgman.adoc
+++ b/modules/osdk-migrating-pkgman.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-pkgman-to-bundle.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-migrating-pkgman_{context}"]
 = Migrating a package manifest project to bundle format
 
diff --git a/modules/osdk-monitoring-custom-metrics.adoc b/modules/osdk-monitoring-custom-metrics.adoc
index 51dd0e4d55ef..6bfcd94a92e7 100644
--- a/modules/osdk-monitoring-custom-metrics.adoc
+++ b/modules/osdk-monitoring-custom-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-monitoring-prometheus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-monitoring-custom-metrics_{context}"]
 = Exposing custom metrics for Go-based Operators
 
@@ -105,7 +105,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: prometheus-k8s-role
-  namespace: <operator_namespace>
+  namespace: memcached-operator-system
 rules:
   - apiGroups:
       - ""
diff --git a/modules/osdk-multi-arch-building-images.adoc b/modules/osdk-multi-arch-building-images.adoc
new file mode 100644
index 000000000000..a387e0216414
--- /dev/null
+++ b/modules/osdk-multi-arch-building-images.adoc
@@ -0,0 +1,105 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-multi-arch-support.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-multi-arch-building-images_{context}"]
+= Building a manifest list of the platforms your Operator supports
+
+You can use the `make docker-buildx` command to build a manifest list of the platforms supported by your Operator and operands. A manifest list references specific image manifests for one or more architectures. An image manifest specifies the platforms that an image supports.
+
+For more information, see link:https://specs.opencontainers.org/image-spec/image-index[OpenContainers Image Index Spec] or link:https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list[Image Manifest v2, Schema 2].
+
+[IMPORTANT]
+====
+If your Operator project deploys an application or other workload resources, the following procedure assumes the application's multi-platform images are built during the application release process.
+====
+
+.Prerequisites
+
+* An Operator project built using the Operator SDK version {osdk_ver} or later
+* Docker installed
+
+.Procedure
+
+. Inspect the image manifests of your Operator and operands to find which platforms your Operator project can support. Run the following command to inspect an image manifest:
++
+[source,terminal]
+----
+$ docker manifest inspect <image_manifest> <1>
+----
+<1> Specifies an image manifest, such as `redhat/ubi9:latest`.
++
+The platforms that your Operator and operands mutually support determine the platform compatibility of your Operator project.
++
+.Example output
+[source,json]
+----
+{
+    "manifests": [
+        {
+            "digest": "sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda",
+            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+            "platform": {
+                "architecture": "amd64",
+                "os": "linux"
+            },
+            "size": 528
+        },
+...
+        {
+            "digest": "sha256:30e6d35703c578ee703230b9dc87ada2ba958c1928615ac8a674fcbbcbb0f281",
+            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+            "platform": {
+                "architecture": "arm64",
+                "os": "linux",
+                "variant": "v8"
+            },
+            "size": 528
+        },
+...
+----
+
+. If the previous command does not output platform information, then the specified base image might be a single image instead of an image manifest. You can find which architectures an image supports by running the following command:
++
+[source,terminal]
+----
+$ docker inspect <image>
+----
+
+. For Go-based Operator projects, the Operator SDK explicitly references the `amd64` architecture in your project's Dockerfile. Make the following change
+to your Dockerfile to set an environment variable to the value specified by the platform flag:
++
+.Example Dockerfile
+[source,docker]
+----
+FROM golang:1.19 as builder
+ARG TARGETOS
+ARG TARGETARCH
+...
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go <1>
+----
+<1> Change the `GOARCH` field from `amd64` to `$TARGETARCH`.
+
+. Your Operator project's makefile defines the `PLATFORMS` environment variable. If your Operator's images do not support all of the platforms set by default, edit the variable to specify the supported platforms. The following example defines the supported platforms as `linux/arm64` and `linux/amd64`:
++
+.Example makefile
+[source,make]
+----
+# ...
+PLATFORMS ?= linux/arm64,linux/amd64 <1>
+.PHONY: docker-buildx
+# ...
+----
++
+<1> The following `PLATFORMS` values are set by default: `linux/arm64`, `linux/amd64`, `linux/s390x`, and `linux/ppc64le`.
++
+When you run the `make docker buildx` command to generate a manifest list, the Operator SDK creates an image manifest for each of the platforms specified by the `PLATFORMS` variable.
+
+. Run the following command from your Operator project directory to build your manager image. Running the command builds a manager image with multi-platform support and pushes the manifest list to your registry.
++
+[source,terminal]
+----
+$ make docker-buildx \
+  IMG=<image_registry>/<organization_name>/<repository_name>:<version_or_sha>
+----
diff --git a/modules/osdk-multi-arch-node-affinity.adoc b/modules/osdk-multi-arch-node-affinity.adoc
new file mode 100644
index 000000000000..8f21b126297a
--- /dev/null
+++ b/modules/osdk-multi-arch-node-affinity.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-multi-arch-support.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osdk-multi-arch-node-affinity_{context}"]
+= About node affinity rules for multi-architecture compute machines and Operator workloads
+
+You must set node affinity rules to ensure your Operator workloads can run on multi-architecture compute machines. Node affinity is a set of rules used by the scheduler to define a pod's placement. Setting node affinity rules ensures your Operator's workloads are scheduled to compute machines with compatible architectures.
+
+If your Operator performs better on particular architectures, you can set preferred node affinity rules to schedule pods to machines with the specified architectures.
+
+For more information, see "About clusters with multi-architecture compute machines" and "Controlling pod placement on nodes using node affinity rules".
diff --git a/modules/osdk-multi-arch-node-preference.adoc b/modules/osdk-multi-arch-node-preference.adoc
new file mode 100644
index 000000000000..7210883df92a
--- /dev/null
+++ b/modules/osdk-multi-arch-node-preference.adoc
@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-multi-arch-support.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-multi-arch-node-preference_{context}"]
+= Using preferred node affinity rules to configure support for multi-architecture compute machines for Operator projects
+
+If your Operator performs better on particular architectures, you can configure preferred node affinity rules to schedule pods to nodes to the specified architectures.
+
+.Prerequisites
+
+* An Operator project created or maintained with Operator SDK {osdk_ver} or later.
+* A manifest list defining the platforms your Operator supports.
+* Required node affinity rules are set for your Operator project.
+
+.Procedure
+
+. Search your Operator project for Kubernetes manifests that define pod spec and pod template spec objects.
++
+.Example Kubernetes manifest
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: s1
+spec:
+  containers:
+    - name: <container_name>
+      image: docker.io/<org>/<image_name>
+----
+
+. Set your Operator's preferred node affinity rules in the Kubernetes manifests that define pod spec and pod template spec objects, similar to the following example:
++
+.Example Kubernetes manifest
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: s1
+spec:
+  containers:
+    - name: <container_name>
+      image: docker.io/<org>/<image_name>
+  affinity:
+      nodeAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution: <1>
+          - preference:
+            matchExpressions: <2>
+              - key: kubernetes.io/arch <3>
+                operator: In <4>
+                values:
+                - amd64
+                - arm64
+            weight: 90 <5>
+----
+<1> Defines a preferred rule.
+<2> If you specify multiple `matchExpressions` associated with `nodeSelectorTerms`, then the pod can be scheduled onto a node only if all `matchExpressions` are satisfied.
+<3> Specifies the architectures defined in the manifest list.
+<4> Specifies an `operator`. The Operator can be `In`, `NotIn`,  `Exists`, or `DoesNotExist`. For example, use the value of `In` to require the label to be in the node.
+<5> Specifies a weight for the node, valid values are `1`-`100`. The node with highest weight is preferred.
diff --git a/modules/osdk-multi-arch-node-reqs.adoc b/modules/osdk-multi-arch-node-reqs.adoc
new file mode 100644
index 000000000000..f3d688c6613d
--- /dev/null
+++ b/modules/osdk-multi-arch-node-reqs.adoc
@@ -0,0 +1,130 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-multi-arch-support.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-multi-arch-node-reqs_{context}"]
+= Using required node affinity rules to support multi-architecture compute machines for Operator projects
+
+If you want your Operator to support multi-architecture compute machines, you must define your Operator's required node affinity rules.
+
+.Prerequisites
+
+* An Operator project created or maintained with Operator SDK {osdk_ver} or later.
+* A manifest list defining the platforms your Operator supports.
+
+.Procedure
+
+. Search your Operator project for Kubernetes manifests that define pod spec and pod template spec objects.
++
+[IMPORTANT]
+====
+Because object type names are not declared in YAML files, look for the mandatory `containers` field in your Kubernetes manifests. The `containers` field is required when specifying both pod spec and pod template spec objects.
+
+You must set node affinity rules in all Kubernetes manifests that define a pod spec or pod template spec, including objects such as `Pod`, `Deployment`, `DaemonSet`, and `StatefulSet`.
+====
++
+.Example Kubernetes manifest
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: s1
+spec:
+  containers:
+    - name: <container_name>
+      image: docker.io/<org>/<image_name>
+----
+
+. Set the required node affinity rules in the Kubernetes manifests that define pod spec and pod template spec objects, similar to the following example:
++
+.Example Kubernetes manifest
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: s1
+spec:
+  containers:
+    - name: <container_name>
+      image: docker.io/<org>/<image_name>
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution: <1>
+        nodeSelectorTerms: <2>
+        - matchExpressions: <3>
+          - key: kubernetes.io/arch <4>
+            operator: In
+            values:
+            - amd64
+            - arm64
+            - ppc64le
+            - s390x
+          - key: kubernetes.io/os <5>
+            operator: In
+            values:
+                - linux
+----
+<1> Defines a required rule.
+<2> If you specify multiple `nodeSelectorTerms` associated with `nodeAffinity` types, then the pod can be scheduled onto a node if one of the `nodeSelectorTerms` is satisfied.
+<3> If you specify multiple `matchExpressions` associated with `nodeSelectorTerms`, then the pod can be scheduled onto a node only if all `matchExpressions` are satisfied.
+<4> Specifies the architectures defined in the manifest list.
+<5> Specifies the operating systems defined in the manifest list.
+
+. Go-based Operator projects that use dynamically created workloads might embed pod spec and pod template spec objects in the Operator's logic.
++
+If your project embeds pod spec or pod template spec objects in the Operator's logic, edit your Operator's logic similar to the following example. The following example shows how to update a `PodSpec` object by using the Go API:
++
+[source,go]
+----
+Template: corev1.PodTemplateSpec{
+    ...
+    Spec: corev1.PodSpec{
+        Affinity: &corev1.Affinity{
+            NodeAffinity: &corev1.NodeAffinity{
+                RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{
+                    NodeSelectorTerms: []corev1.NodeSelectorTerm{
+                        {
+                            MatchExpressions: []corev1.NodeSelectorRequirement{
+                                {
+                                    Key:      "kubernetes.io/arch",
+                                    Operator: "In",
+                                    Values:   []string{"amd64","arm64","ppc64le","s390x"},
+                                },
+                                {
+                                    Key:      "kubernetes.io/os",
+                                    Operator: "In",
+                                    Values:   []string{"linux"},
+                                },
+                            },
+                        },
+                    },
+                },
+            },
+        },
+        SecurityContext: &corev1.PodSecurityContext{
+            ...
+        },
+        Containers: []corev1.Container{{
+            ...
+        }},
+    },
+----
++
+where:
+
+`RequiredDuringSchedulingIgnoredDuringExecution`:: Defines a required rule.
+`NodeSelectorTerms`:: If you specify multiple `nodeSelectorTerms` associated with `nodeAffinity` types, then the pod can be scheduled onto a node if one of the `nodeSelectorTerms` is satisfied.
+`MatchExpressions`:: If you specify multiple `matchExpressions` associated with `nodeSelectorTerms`, then the pod can be scheduled onto a node only if all `matchExpressions` are satisfied.
+`kubernetes.io/arch`:: Specifies the architectures defined in the manifest list.
+`kubernetes.io/os`:: Specifies the operating systems defined in the manifest list.
+
+[WARNING]
+====
+If you do not set node affinity rules and a container is scheduled to a compute machine with an incompatible architecture, the pod fails and triggers one of the following events:
+
+`CrashLoopBackOff`:: Occurs when an image manifest's entry point fails to run and an `exec format error` message is printed in the logs.
+`ImagePullBackOff`:: Occurs when a manifest list does not include a manifest for the architecture where a pod is scheduled or the node affinity terms are set to the wrong values.
+====
diff --git a/modules/osdk-multi-arch-validate.adoc b/modules/osdk-multi-arch-validate.adoc
new file mode 100644
index 000000000000..7c757f86265a
--- /dev/null
+++ b/modules/osdk-multi-arch-validate.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/osdk-multi-arch-support.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-multi-arch-validate_{context}"]
+= Validating your Operator's multi-platform readiness
+
+You can validate your Operator's multi-platform readiness by running the `bundle validate` command. The command verifies that your Operator project meets the following conditions:
+
+* Your Operator's manager image supports the platforms labeled in the cluster service version (CSV) file.
+* Your Operator's CSV has labels for the supported platforms for Operator Lifecycle Manager (OLM) and OperatorHub.
+
+.Procedure
+
+* Run the following command to validate your Operator project for multiple architecture readiness:
++
+[source,terminal]
+----
+$ operator-sdk bundle validate ./bundle \
+  --select-optional name=multiarch
+----
++
+.Example validation message
+[source,text]
+----
+INFO[0020] All validation tests have completed successfully
+----
++
+.Example error message for missing CSV labels in the manager image
+[source,text]
+----
+ERRO[0016] Error: Value test-operator.v0.0.1: not all images specified are providing the support described via the CSV labels. Note that (SO.architecture): (linux.ppc64le) was not found for the image(s) [quay.io/example-org/test-operator:v1alpha1]
+ERRO[0016] Error: Value test-operator.v0.0.1: not all images specified are providing the support described via the CSV labels. Note that (SO.architecture): (linux.s390x) was not found for the image(s) [quay.io/example-org/test-operator:v1alpha1]
+ERRO[0016] Error: Value test-operator.v0.0.1: not all images specified are providing the support described via the CSV labels. Note that (SO.architecture): (linux.amd64) was not found for the image(s) [quay.io/example-org/test-operator:v1alpha1]
+ERRO[0016] Error: Value test-operator.v0.0.1: not all images specified are providing the support described via the CSV labels. Note that (SO.architecture): (linux.arm64) was not found for the image(s) [quay.io/example-org/test-operator:v1alpha1]
+----
++
+.Example error message for missing OperatorHub flags
+[source,text]
+----
+WARN[0014] Warning: Value test-operator.v0.0.1: check if the CSV is missing the label (operatorframework.io/arch.<value>) for the Arch(s): ["amd64" "arm64" "ppc64le" "s390x"]. Be aware that your Operator manager image ["quay.io/example-org/test-operator:v1alpha1"] provides this support. Thus, it is very likely that you want to provide it and if you support more than amd64 architectures, you MUST,use the required labels for all which are supported.Otherwise, your solution cannot be listed on the cluster for these architectures
+----
diff --git a/modules/osdk-operatorconditions.adoc b/modules/osdk-operatorconditions.adoc
index 8a7e398eb97e..a0f14285b1e5 100644
--- a/modules/osdk-operatorconditions.adoc
+++ b/modules/osdk-operatorconditions.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-operatorconditions_{context}"]
 = Enabling Operator conditions
 
diff --git a/modules/osdk-pruning-utility-about.adoc b/modules/osdk-pruning-utility-about.adoc
index 587deff57ee2..49833aa0e7e3 100644
--- a/modules/osdk-pruning-utility-about.adoc
+++ b/modules/osdk-pruning-utility-about.adoc
@@ -2,11 +2,18 @@
 //
 // * operators/operator_sdk/osdk-pruning-utility.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-about-pruning-utility_{context}"]
 = About the operator-lib pruning utility
 
-Objects, such as jobs or pods, are created as a normal part of the Operator life cycle. If the cluster administrator or the Operator does not remove these object, they can stay in the cluster and consume resources.
+Objects, such as jobs or pods, are created as a normal part of the Operator life cycle. If
+ifndef::openshift-dedicated,openshift-rosa[]
+the cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+an administrator with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+or the Operator does not remove these object, they can stay in the cluster and consume resources.
 
 Previously, the following options were available for pruning unnecessary objects:
 
diff --git a/modules/osdk-pruning-utility-config.adoc b/modules/osdk-pruning-utility-config.adoc
index fc4b9364e13c..f422c71e8475 100644
--- a/modules/osdk-pruning-utility-config.adoc
+++ b/modules/osdk-pruning-utility-config.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-pruning-utility.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="osdk-pruning-utility-config_{context}"]
 = Pruning utility configuration
 
@@ -19,7 +19,7 @@ cfg = Config{
         Resources: []schema.GroupVersionKind{
                 {Group: "", Version: "", Kind: PodKind},
         },
-        Namespaces: []string{"default"},
+        Namespaces: []string{"<operator_namespace>"},
         Strategy: StrategyConfig{
                 Mode:            MaxCountStrategy,
                 MaxCountSetting: 1,
@@ -59,7 +59,7 @@ The pruning utility configuration file defines pruning actions by using the foll
 |`MaxCountStrategy`, `MaxAgeStrategy`, or `CustomStrategy` are currently supported.
 
 |`Strategy.MaxCountSetting`
-|Integer value for `MaxCountStrategy` that specifies how many resources should remain after the pruning utility run.
+|Integer value for `MaxCountStrategy` that specifies how many resources should remain after the pruning utility runs.
 
 |`Strategy.MaxAgeSetting`
 |Go `time.Duration` string value, such as `48h`, that specifies the age of resources to prune.
@@ -71,7 +71,7 @@ The pruning utility configuration file defines pruning actions by using the foll
 |Optional: Go function to call before pruning a resource.
 
 |`CustomStrategy`
-|Optional: Go function that implements a custom pruning strategy
+|Optional: Go function that implements a custom pruning strategy.
 |===
 
 .Pruning execution
diff --git a/modules/osdk-publish-catalog.adoc b/modules/osdk-publish-catalog.adoc
index 439e1a02f158..e181894ee613 100644
--- a/modules/osdk-publish-catalog.adoc
+++ b/modules/osdk-publish-catalog.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-working-bundle-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-publish-catalog_{context}"]
 = Publishing a catalog containing a bundled Operator
 
@@ -18,7 +18,12 @@ The Operator SDK uses the `opm` CLI to facilitate index image creation. Experien
 - Operator SDK CLI installed on a development workstation
 - Operator bundle image built and pushed to a registry
 - OLM installed on a Kubernetes-based cluster (v1.16.0 or later if you use `apiextensions.k8s.io/v1` CRDs, for example {product-title} {product-version})
+ifndef::openshift-dedicated,openshift-rosa[]
 - Logged in to the cluster with `oc` using an account with `cluster-admin` permissions
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+- Logged in to the cluster with `oc` using an account with `dedicated-admin` permissions
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
@@ -73,7 +78,7 @@ apiVersion: operators.coreos.com/v1alpha1
 kind: CatalogSource
 metadata:
   name: cs-memcached
-  namespace: default
+  namespace: <operator_namespace>
 spec:
   displayName: My Test
   publisher: Company
@@ -115,10 +120,10 @@ apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
   name: my-test
-  namespace: default
+  namespace: <operator_namespace>
 spec:
   targetNamespaces:
-  - default
+  - <operator_namespace>
 ----
 
 .. Define a `Subscription` object and create it by using the `oc apply` command or web console:
@@ -130,13 +135,13 @@ spec:
 kind: Subscription
 metadata:
   name: catalogtest
-  namespace: default
+  namespace: <catalog_namespace>
 spec:
   channel: "alpha"
   installPlanApproval: Manual
   name: catalog
   source: cs-memcached
-  sourceNamespace: default
+  sourceNamespace: <operator_namespace>
   startingCSV: memcached-operator.v0.0.1
 ----
 
diff --git a/modules/osdk-quickstart.adoc b/modules/osdk-quickstart.adoc
index a1a2af0413b7..3894b5881092 100644
--- a/modules/osdk-quickstart.adoc
+++ b/modules/osdk-quickstart.adoc
@@ -33,7 +33,7 @@ ifeval::["{context}" == "osdk-java-quickstart"]
 :group: cache
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-quickstart_{context}"]
 = Creating and deploying {type}-based Operators
 
@@ -215,13 +215,13 @@ I0205 17:48:45.881666       7 leaderelection.go:253] successfully acquired lease
 ----
 endif::[]
 
-. *Delete a CR*
+. *Delete a CR.*
 +
 Delete a CR by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc delete -f config/samples/demo_v1_nginx.yaml -n nginx-operator-system
+$ oc delete -f config/samples/{group}_v1_{app} -n {app}-operator-system
 ----
 
 . *Clean up.*
diff --git a/modules/osdk-run-deployment.adoc b/modules/osdk-run-deployment.adoc
index 803b806cd10b..655b5d4c9327 100644
--- a/modules/osdk-run-deployment.adoc
+++ b/modules/osdk-run-deployment.adoc
@@ -12,7 +12,7 @@ ifeval::["{context}" == "osdk-java-tutorial"]
 :java:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-run-deployment_{context}"]
 ifeval::["{context}" != "osdk-ansible-inside-operator"]
 = Running as a deployment on the cluster
@@ -84,7 +84,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: memcached-quarkus-operator-operator
-  namespace: default
+  namespace: <operator_namespace>
 roleRef:
   kind: ClusterRole
   name: cluster-admin
@@ -180,4 +180,4 @@ ifeval::["{context}" == "osdk-golang-tutorial"]
 endif::[]
 ifeval::["{context}" == "osdk-java-tutorial"]
 :!java:
-endif::[]
\ No newline at end of file
+endif::[]
diff --git a/modules/osdk-run-locally.adoc b/modules/osdk-run-locally.adoc
index 590caa167d44..fb0d38d13a10 100644
--- a/modules/osdk-run-locally.adoc
+++ b/modules/osdk-run-locally.adoc
@@ -18,7 +18,7 @@ ifeval::["{context}" == "osdk-java-tutorial"]
 endif::[]
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-run-locally_{context}"]
 = Running locally outside the cluster
 
@@ -112,7 +112,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: memcached-quarkus-operator-operator
-  namespace: default
+  namespace: <operator_namespace>
 roleRef:
   kind: ClusterRole
   name: cluster-admin
diff --git a/modules/osdk-run-operator.adoc b/modules/osdk-run-operator.adoc
index c36e686707f3..d3e029d5937d 100644
--- a/modules/osdk-run-operator.adoc
+++ b/modules/osdk-run-operator.adoc
@@ -21,6 +21,10 @@ endif::[]
 [id="osdk-run-operator_{context}"]
 = Running the Operator
 
+// The "run locally" and "run as a deployment" options require cluster-admin. Therefore, these options are not available for OSD/ROSA.
+
+// Deployment options for OCP
+ifndef::openshift-dedicated,openshift-rosa[]
 There are three ways you can use the Operator SDK CLI to build and run your Operator:
 
 * Run locally outside the cluster as a Go program.
@@ -33,6 +37,27 @@ ifdef::golang[]
 Before running your Go-based Operator as either a deployment on {product-title} or as a bundle that uses OLM, ensure that your project has been updated to use supported images.
 ====
 endif::[]
+endif::openshift-dedicated,openshift-rosa[]
+
+// Deployment options for OSD/ROSA
+ifdef::openshift-dedicated,openshift-rosa[]
+To build and run your Operator, use the Operator SDK CLI to bundle your Operator, and then use Operator Lifecycle Manager (OLM) to deploy on the cluster.
+
+[NOTE]
+====
+If you wish to deploy your Operator on an OpenShift Container Platform cluster instead of a {product-title} cluster, two additional deployment options are available:
+
+* Run locally outside the cluster as a Go program.
+* Run as a deployment on the cluster.
+====
+
+ifdef::golang[]
+[NOTE]
+====
+Before running your Go-based Operator as a bundle that uses OLM, ensure that your project has been updated to use supported images.
+====
+endif::[]
+endif::openshift-dedicated,openshift-rosa[]
 
 ifeval::["{context}" == "osdk-golang-tutorial"]
 :!golang:
diff --git a/modules/osdk-run-proxy.adoc b/modules/osdk-run-proxy.adoc
index ef0d8cbdfedf..1869f75c8098 100644
--- a/modules/osdk-run-proxy.adoc
+++ b/modules/osdk-run-proxy.adoc
@@ -14,11 +14,18 @@ ifeval::["{context}" == "osdk-helm-tutorial"]
 :helm:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-run-proxy_{context}"]
 = Enabling proxy support
 
-Operator authors can develop Operators that support network proxies. Cluster administrators configure proxy support for the environment variables that are handled by Operator Lifecycle Manager (OLM). To support proxied clusters, your Operator must inspect the environment for the following standard proxy variables and pass the values to Operands:
+Operator authors can develop Operators that support network proxies.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+configure proxy support for the environment variables that are handled by Operator Lifecycle Manager (OLM). To support proxied clusters, your Operator must inspect the environment for the following standard proxy variables and pass the values to Operands:
 
 * `HTTP_PROXY`
 * `HTTPS_PROXY`
diff --git a/modules/osdk-scorecard-about.adoc b/modules/osdk-scorecard-about.adoc
index a4b8b0f5f320..aef514f2046c 100644
--- a/modules/osdk-scorecard-about.adoc
+++ b/modules/osdk-scorecard-about.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-scorecard.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="osdk-about-scorecard_{context}"]
 = About the scorecard tool
 
diff --git a/modules/osdk-scorecard-parallel.adoc b/modules/osdk-scorecard-parallel.adoc
index b4c276263364..a6bb1be76e13 100644
--- a/modules/osdk-scorecard-parallel.adoc
+++ b/modules/osdk-scorecard-parallel.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-scorecard.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-scorecard-parallel_{context}"]
 = Enabling parallel testing
 
diff --git a/modules/osdk-scorecard-run.adoc b/modules/osdk-scorecard-run.adoc
index 1132f320413f..31d340f94780 100644
--- a/modules/osdk-scorecard-run.adoc
+++ b/modules/osdk-scorecard-run.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-scorecard.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-scorecard-run_{context}"]
 = Running the scorecard tool
 
diff --git a/modules/osdk-scorecard-select-tests.adoc b/modules/osdk-scorecard-select-tests.adoc
index e192b63b8f35..aa29a3236c1d 100644
--- a/modules/osdk-scorecard-select-tests.adoc
+++ b/modules/osdk-scorecard-select-tests.adoc
@@ -2,11 +2,11 @@
 //
 // * operators/operator_sdk/osdk-scorecard.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-scorecard-select-tests_{context}"]
 = Selecting tests
 
-Scorecard tests are selected by setting the `--selector` CLI flag to a set of label strings. If a selector flag is not supplied, then all the tests within the scorecard configuration file are run.
+Scorecard tests are selected by setting the `--selector` CLI flag to a set of label strings. If a selector flag is not supplied, then all of the tests within the scorecard configuration file are run.
 
 Tests are run serially with test results being aggregated by the scorecard and written to standard output, or _stdout_.
 
diff --git a/modules/osdk-suggested-namespace-node-selector.adoc b/modules/osdk-suggested-namespace-node-selector.adoc
index 31e99b20b375..7ff008ae01b0 100644
--- a/modules/osdk-suggested-namespace-node-selector.adoc
+++ b/modules/osdk-suggested-namespace-node-selector.adoc
@@ -2,7 +2,7 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-suggested-namespace-default-node_{context}"]
 = Setting a suggested namespace with default node selector
 
@@ -10,7 +10,14 @@ Some Operators expect to run only on control plane nodes, which can be done by s
 
 To avoid getting duplicated and potentially conflicting cluster-wide default `nodeSelector`, you can set a default node selector on the namespace where the Operator runs. The default node selector will take precedence over the cluster default so the cluster default will not be applied to the pods in the Operators namespace.
 
-When adding the Operator to a cluster using OperatorHub, the web console auto-populates the suggested namespace for the cluster administrator during the installation process. The suggested namespace is created using the namespace manifest in YAML which is included in the cluster service version (CSV).
+When adding the Operator to a cluster using OperatorHub, the web console auto-populates the suggested namespace for the
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+installer
+endif::openshift-dedicated,openshift-rosa[]
+during the installation process. The suggested namespace is created using the namespace manifest in YAML which is included in the cluster service version (CSV).
 
 .Procedure
 
diff --git a/modules/osdk-suggested-namespace.adoc b/modules/osdk-suggested-namespace.adoc
index 39e5d68e09ad..2af5c86e2c73 100644
--- a/modules/osdk-suggested-namespace.adoc
+++ b/modules/osdk-suggested-namespace.adoc
@@ -2,13 +2,20 @@
 //
 // * operators/operator_sdk/osdk-generating-csvs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="osdk-suggested-namespace_{context}"]
 = Setting a suggested namespace
 
 Some Operators must be deployed in a specific namespace, or with ancillary resources in specific namespaces, to work properly. If resolved from a subscription, Operator Lifecycle Manager (OLM) defaults the namespaced resources of an Operator to the namespace of its subscription.
 
-As an Operator author, you can instead express a desired target namespace as part of your cluster service version (CSV) to maintain control over the final namespaces of the resources installed for their Operators. When adding the Operator to a cluster using OperatorHub, this enables the web console to autopopulate the suggested namespace for the cluster administrator during the installation process.
+As an Operator author, you can instead express a desired target namespace as part of your cluster service version (CSV) to maintain control over the final namespaces of the resources installed for their Operators. When adding the Operator to a cluster using OperatorHub, this enables the web console to autopopulate the suggested namespace for the
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrator
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+installer
+endif::openshift-dedicated,openshift-rosa[]
+during the installation process.
 
 .Procedure
 
diff --git a/modules/osdk-updating-128-to-131.adoc b/modules/osdk-updating-128-to-131.adoc
new file mode 100644
index 000000000000..83fbc0088e8f
--- /dev/null
+++ b/modules/osdk-updating-128-to-131.adoc
@@ -0,0 +1,221 @@
+// Module included in the following assemblies:
+//
+// * operators/operator_sdk/golang/osdk-golang-updating-projects.adoc
+// * operators/operator_sdk/ansible/osdk-ansible-updating-projects.adoc
+// * operators/operator_sdk/helm/osdk-helm-updating-projects.adoc
+// * operators/operator_sdk/helm/osdk-hybrid-helm-updating-projects.adoc
+// * operators/operator_sdk/java/osdk-java-updating-projects.adoc
+
+ifeval::["{context}" == "osdk-golang-updating-projects"]
+:golang:
+:type: Go
+endif::[]
+ifeval::["{context}" == "osdk-ansible-updating-projects"]
+:ansible:
+:type: Ansible
+endif::[]
+ifeval::["{context}" == "osdk-helm-updating-projects"]
+:helm:
+:type: Helm
+endif::[]
+ifeval::["{context}" == "osdk-hybrid-helm-updating-projects"]
+:hybrid:
+:type: Hybrid Helm
+endif::[]
+ifeval::["{context}" == "osdk-java-updating-projects"]
+:java:
+:type: Java
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="osdk-upgrading-projects_{context}"]
+= Updating {type}-based Operator projects for Operator SDK {osdk_ver}
+
+The following procedure updates an existing {type}-based Operator project for compatibility with {osdk_ver}.
+
+.Prerequisites
+
+* Operator SDK {osdk_ver} installed
+* An Operator project created or maintained with Operator SDK {osdk_ver_n1}
+
+.Procedure
+
+ifdef::golang,hybrid,java[]
+* Edit your Operator project's makefile to update the Operator SDK version to {osdk_ver}, as shown in the following example:
++
+.Example makefile
+[source,make,subs="attributes+"]
+----
+# Set the Operator SDK version to use. By default, what is installed on the system is used.
+# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
+OPERATOR_SDK_VERSION ?= v{osdk_ver} <1>
+----
+<1> Change the version from `{osdk_ver_n1}` to `{osdk_ver}`.
+endif::[]
+
+ifdef::helm[]
+. Edit your Operator's Dockerfile to update the Helm Operator version to {osdk_ver}, as shown in the following example:
++
+.Example Dockerfile
+[source,docker,subs="attributes+"]
+----
+FROM quay.io/operator-framework/helm-operator:v{osdk_ver} <1>
+----
+<1> Update the Helm Operator version from `{osdk_ver_n1}` to `{osdk_ver}`
+
+. Edit your Operator project's makefile to update the Operator SDK to {osdk_ver}, as shown in the following example:
++
+.Example makefile
+[source,make,subs="attributes+"]
+----
+# Set the Operator SDK version to use. By default, what is installed on the system is used.
+# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
+OPERATOR_SDK_VERSION ?= v{osdk_ver} <1>
+----
+<1> Change the version from `{osdk_ver-n1}` to `{osdk_ver}`.
+
+. If you use a custom service account for deployment, define the following role to require a watch operation on your secrets resource, as shown in the following example:
++
+.Example `config/rbac/role.yaml` file
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: <operator_name>-admin
+subjects:
+- kind: ServiceAccount
+  name: <operator_name>
+  namespace: <operator_namespace>
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: ""
+rules: <1>
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - watch
+----
+<1> Add the `rules` stanza to create a watch operation for your secrets resource.
+endif::[]
+
+ifdef::ansible[]
+
+. Make the following changes to your Operator's Dockerfile:
+
+.. Replace the `ansible-operator-2.11-preview` base image with the `ansible-operator` base image and update the version to {osdk_ver}, as shown in the following example:
++
+.Example Dockerfile
+[source,docker,subs="attributes+"]
+----
+FROM quay.io/operator-framework/ansible-operator:v{osdk_ver}
+----
+
+.. The update to Ansible 2.15.0 in version 1.30.0 of the Ansible Operator removed the following preinstalled Python modules:
++
+--
+* `ipaddress`
+* `openshift`
+* `jmespath`
+* `cryptography`
+* `oauthlib`
+--
++
+If your Operator depends on one of these removed Python modules, update your Dockerfile to install the required modules using the `pip install` command.
+
+. Edit your Operator project's makefile to update the Operator SDK version to {osdk_ver}, as shown in the following example:
++
+.Example makefile
+[source,make,subs="attributes+"]
+----
+# Set the Operator SDK version to use. By default, what is installed on the system is used.
+# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
+OPERATOR_SDK_VERSION ?= v{osdk_ver} <1>
+----
+<1> Change the version from `{osdk_ver-n1}` to `{osdk_ver}`.
+
+. Update your `requirements.yaml` and `requirements.go` files to remove the `community.kubernetes` collection and update the `operator_sdk.util` collection to version `0.5.0`, as shown in the following example:
++
+.Example `requirements.yaml` file
+[source,diff]
+----
+  collections:
+-  - name: community.kubernetes <1>
+-    version: "2.0.1"
+   - name: operator_sdk.util
+-    version: "0.4.0"
++    version: "0.5.0" <2>
+   - name: kubernetes.core
+     version: "2.4.0"
+   - name: cloud.common
+----
+<1> Remove the `community.kubernetes` collection
+<2> Update the `operator_sdk.util` collection to version `0.5.0`.
+
+. Remove all instances of the `lint` field from your `molecule/kind/molecule.yml` and `molecule/default/molecule.yml` files, as shown in the following example:
++
+[source,diff]
+----
+  ---
+  dependency:
+    name: galaxy
+  driver:
+    name: delegated
+-   lint: |
+-     set -e
+-     yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" .
+  platforms:
+    - name: cluster
+      groups:
+	- k8s
+  provisioner:
+    name: ansible
+-     lint: |
+-       set -e
+      ansible-lint
+    inventory:
+      group_vars:
+	all:
+	  namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
+      host_vars:
+	localhost:
+	  ansible_python_interpreter: '{{ ansible_playbook_python }}'
+	  config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
+	  samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
+	  operator_image: ${OPERATOR_IMAGE:-""}
+	  operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"}
+	  kustomize: ${KUSTOMIZE_PATH:-kustomize}
+    env:
+      K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"}
+  verifier:
+    name: ansible
+-     lint: |
+-       set -e
+-      ansible-lint
+----
+endif::[]
+
+
+ifeval::["{context}" == "osdk-golang-updating-projects"]
+:!golang:
+:!type:
+endif::[]
+ifeval::["{context}" == "osdk-ansible-updating-projects"]
+:!ansible:
+:!type:
+endif::[]
+ifeval::["{context}" == "osdk-helm-updating-projects"]
+:!helm:
+:!type:
+endif::[]
+ifeval::["{context}" == "osdk-hybrid-helm-updating-projects"]
+:!hybrid:
+:!type:
+endif::[]
+ifeval::["{context}" == "osdk-java-updating-projects"]
+:!java:
+:!type:
+endif::[]
diff --git a/modules/ossm-about-adding-namespace.adoc b/modules/ossm-about-adding-namespace.adoc
index 5b0d8f2e27b9..6b46b8478ace 100644
--- a/modules/ossm-about-adding-namespace.adoc
+++ b/modules/ossm-about-adding-namespace.adoc
@@ -2,11 +2,11 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-adding-namespace_{context}"]
 = About adding projects to a service mesh
 
-After installing the Operators and creating the `ServiceMeshControlPlane` resource, add one or more projects to the service mesh. 
+After installing the Operators and creating the `ServiceMeshControlPlane` resource, add one or more projects to the service mesh.
 
 [NOTE]
 ====
diff --git a/modules/ossm-about-adding-projects-using-label-selectors.adoc b/modules/ossm-about-adding-projects-using-label-selectors.adoc
index 7b0846c579c7..b7e0880e4532 100644
--- a/modules/ossm-about-adding-projects-using-label-selectors.adoc
+++ b/modules/ossm-about-adding-projects-using-label-selectors.adoc
@@ -2,11 +2,11 @@
 //
 // * service_mesh/v2x/create-mesh.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-adding-projects-using-label-selectors_{context}"]
 = About adding projects using label selectors
 
-For cluster-wide deployments, you can use label selectors to add projects to the mesh. Label selectors specified in the `ServiceMeshMemberRoll` resource enable the {SMProductShortName} Operator to add or remove namespaces to or from the mesh based on namespace labels. Unlike other standard {product-title} resources that you can use to specify a single label selector, you can use the `ServiceMeshMemberRoll` resource to specify multiple label selectors. 
+For cluster-wide deployments, you can use label selectors to add projects to the mesh. Label selectors specified in the `ServiceMeshMemberRoll` resource enable the {SMProductShortName} Operator to add or remove namespaces to or from the mesh based on namespace labels. Unlike other standard {product-title} resources that you can use to specify a single label selector, you can use the `ServiceMeshMemberRoll` resource to specify multiple label selectors.
 
 image::ossm-adding-project-using-label-selector.png[Adding project using label selector image]
 
diff --git a/modules/ossm-about-adding-projects-using-smm.adoc b/modules/ossm-about-adding-projects-using-smm.adoc
index 436f400de2de..1c907138b9ff 100644
--- a/modules/ossm-about-adding-projects-using-smm.adoc
+++ b/modules/ossm-about-adding-projects-using-smm.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-create-mesh.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-adding-projects-using-smm_{context}"]
 = About adding projects using the ServiceMeshMember resource
 
-A `ServiceMeshMember` resource provides a way to add a project to a service mesh without modifying the `ServiceMeshMemberRoll` resource. To add a project, create a `ServiceMeshMember` resource in the project that you want to add to the service mesh. When the {SMProductShortName} Operator processes the `ServiceMeshMember` object, the project appears in the `status.members` list of the `ServiceMeshMemberRoll` resource. Then, the services that reside in the project are made available to the mesh. 
- 
+A `ServiceMeshMember` resource provides a way to add a project to a service mesh without modifying the `ServiceMeshMemberRoll` resource. To add a project, create a `ServiceMeshMember` resource in the project that you want to add to the service mesh. When the {SMProductShortName} Operator processes the `ServiceMeshMember` object, the project appears in the `status.members` list of the `ServiceMeshMemberRoll` resource. Then, the services that reside in the project are made available to the mesh.
+
 image::ossm-adding-project-using-smm.png[Adding project using `ServiceMeshMember` resource image]
 
 The mesh administrator must grant each mesh user permission to reference the `ServiceMeshControlPlane` resource in the `ServiceMeshMember` resource. With this permission in place, a mesh user can add a project to a mesh even when that user does not have direct access rights for the service mesh project or the `ServiceMeshMemberRoll` resource. For more information, see Creating the {SMProductName} members.
\ No newline at end of file
diff --git a/modules/ossm-about-adding-projects-using-smmr.adoc b/modules/ossm-about-adding-projects-using-smmr.adoc
index 3d318660df05..dd8d23da25a5 100644
--- a/modules/ossm-about-adding-projects-using-smmr.adoc
+++ b/modules/ossm-about-adding-projects-using-smmr.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-create-mesh.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-adding-projects-using-smmr_{context}"]
 = About adding projects using the ServiceMeshMemberRoll resource
 
-Using the `ServiceMeshMemberRoll` resource is the simplest way to add a project to a service mesh. To add a project, specify the project name in the `spec.members` field of the `ServiceMeshMemberRoll` resource. The `ServiceMeshMemberRoll` resource specifies which projects are controlled by the `ServiceMeshControlPlane` resource. 
+Using the `ServiceMeshMemberRoll` resource is the simplest way to add a project to a service mesh. To add a project, specify the project name in the `spec.members` field of the `ServiceMeshMemberRoll` resource. The `ServiceMeshMemberRoll` resource specifies which projects are controlled by the `ServiceMeshControlPlane` resource.
 
 image::ossm-adding-project-using-smmr.png[Adding project using `ServiceMeshMemberRoll` resource image]
 
diff --git a/modules/ossm-about-collecting-ossm-data.adoc b/modules/ossm-about-collecting-ossm-data.adoc
index b99675dc7343..b5d29b95bdf8 100644
--- a/modules/ossm-about-collecting-ossm-data.adoc
+++ b/modules/ossm-about-collecting-ossm-data.adoc
@@ -4,7 +4,7 @@
 // * service_mesh/v2x/servicemesh-release-notes.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-collecting-ossm-data_{context}"]
 = About collecting service mesh data
 
@@ -16,7 +16,7 @@ You can use the `oc adm must-gather` CLI command to collect information about yo
 
 * The {product-title} CLI (`oc`) installed.
 
-.Precedure
+.Procedure
 
 . To collect {SMProductName} data with `must-gather`, you must specify the {SMProductName} image.
 +
@@ -31,3 +31,12 @@ $ oc adm must-gather --image=registry.redhat.io/openshift-service-mesh/istio-mus
 ----
 $ oc adm must-gather --image=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8:2.4 gather <namespace>
 ----
++
+This creates a local directory that contains the following items:
+
+* The Istio Operator namespace and its child objects
+* All control plane namespaces and their children objects
+* All namespaces and their children objects that belong to any service mesh
+* All Istio custom resource definitions (CRD)
+* All Istio CRD objectsm such as VirtualServices in a given namespace
+* All Istio webhooks
\ No newline at end of file
diff --git a/modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc b/modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc
index b13d2991c8bf..32e79ef78221 100644
--- a/modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc
+++ b/modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-create-smcp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-control-plane-and-cluster-wide-deployment_{context}"]
 = About control plane and cluster-wide deployments
 
diff --git a/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc b/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc
index 5fe14134a9bf..1616f01c71e7 100644
--- a/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc
+++ b/modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-create-smcp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-control-plane-components-and-infrastructure-nodes_{context}"]
 = About control plane components and infrastructure nodes
 
@@ -10,4 +10,4 @@ Infrastructure nodes provide a way to isolate infrastructure workloads for two p
 * To prevent incurring billing costs against subscription counts
 * To separate maintenance and management of infrastructure workloads
 
-You can configure some or all of the {SMProductShortName} control plane components to run on infrastructure nodes. 
+You can configure some or all of the {SMProductShortName} control plane components to run on infrastructure nodes.
diff --git a/modules/ossm-about-smcp.adoc b/modules/ossm-about-smcp.adoc
index 290ab8f0d449..9aefcc5194f8 100644
--- a/modules/ossm-about-smcp.adoc
+++ b/modules/ossm-about-smcp.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-create-smcp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-about-smcp_{context}"]
 = About ServiceMeshControlPlane
 
@@ -21,3 +21,7 @@ Red Hat OpenShift Service on AWS (ROSA) places additional restrictions on where
 ====
 The {SMProductShortName} documentation uses `istio-system` as the example project, but you can deploy the service mesh to any project.
 ====
+
+ifdef::openshift-rosa[]
+If you are deploying the control plane for use on {product-rosa}, see the Red Hat Knowledgebase article link:https://access.redhat.com/solutions/6529231[OpenShift service mesh operator Istio basic not starting due to authentication errors], which discusses adding a new project and starting pods.
+endif::openshift-rosa[]
\ No newline at end of file
diff --git a/modules/ossm-access-grafana.adoc b/modules/ossm-access-grafana.adoc
index 82b004ab81c4..5e4b4b71ef8c 100644
--- a/modules/ossm-access-grafana.adoc
+++ b/modules/ossm-access-grafana.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-access-grafana_{context}"]
 = Accessing the Grafana console
 
diff --git a/modules/ossm-access-prometheus.adoc b/modules/ossm-access-prometheus.adoc
index 897f43e9dc04..7337c69a4e08 100644
--- a/modules/ossm-access-prometheus.adoc
+++ b/modules/ossm-access-prometheus.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-access-prometheus_{context}"]
 = Accessing the Prometheus console
 
diff --git a/modules/ossm-accessing-jaeger.adoc b/modules/ossm-accessing-jaeger.adoc
index 2b7757f19780..b6f5caa7901d 100644
--- a/modules/ossm-accessing-jaeger.adoc
+++ b/modules/ossm-accessing-jaeger.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/-ossm-troubleshooting-istio.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-accessing-jaeger_{context}"]
 = Accessing the Jaeger console
 ////
diff --git a/modules/ossm-accessing-kiali.adoc b/modules/ossm-accessing-kiali.adoc
index 854cdfd61ffb..c5e347bfb0a0 100644
--- a/modules/ossm-accessing-kiali.adoc
+++ b/modules/ossm-accessing-kiali.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/-ossm-troubleshooting-istio.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-accessing-kiali_{context}"]
 = Accessing the Kiali console
 
diff --git a/modules/ossm-add-project-member-roll-resource-cli.adoc b/modules/ossm-add-project-member-roll-resource-cli.adoc
index 0ea217876c04..de4d99f8341f 100644
--- a/modules/ossm-add-project-member-roll-resource-cli.adoc
+++ b/modules/ossm-add-project-member-roll-resource-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-add-project-member-roll-resource-cli_{context}"]
 = Adding or removing projects from the mesh using ServiceMeshMemberRoll resource with the CLI
 
@@ -46,4 +46,4 @@ spec:
     - another-project-name
 ----
 
-. Save the file and exit the editor. 
\ No newline at end of file
+. Save the file and exit the editor.
\ No newline at end of file
diff --git a/modules/ossm-add-project-member-roll-resource-console.adoc b/modules/ossm-add-project-member-roll-resource-console.adoc
index 1dbb98123842..967917d462e9 100644
--- a/modules/ossm-add-project-member-roll-resource-console.adoc
+++ b/modules/ossm-add-project-member-roll-resource-console.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-add-project-member-roll-recourse-console_{context}"]
 = Adding or removing projects from the mesh using the ServiceMeshMemberRoll resource with the web console
 
diff --git a/modules/ossm-add-project-using-label-selectors-cli.adoc b/modules/ossm-add-project-using-label-selectors-cli.adoc
index 9e050028d85d..5bffa3a00b3b 100644
--- a/modules/ossm-add-project-using-label-selectors-cli.adoc
+++ b/modules/ossm-add-project-using-label-selectors-cli.adoc
@@ -2,9 +2,9 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-adding-project-using-label-selectors-cli_{context}"]
-= Adding a project to the mesh using label selectors with the CLI 
+= Adding a project to the mesh using label selectors with the CLI
 
 You can use label selectors to add a project to the {SMProductShortName} with the CLI.
 
@@ -42,10 +42,10 @@ metadata:
   namespace: istio-system
 spec:
   memberSelectors: <1>
-  - matchLabels: <2>                 
-      mykey: myvalue <2>            
-  - matchLabels: <3>               
-      myotherkey: myothervalue <3> 
+  - matchLabels: <2>
+      mykey: myvalue <2>
+  - matchLabels: <3>
+      myotherkey: myothervalue <3>
 ----
 <1> Contains the label selectors used to identify which project namespaces are included in the service mesh. If a project namespace has either label specified by the selectors, then the project namespace is included in the service mesh. The project namespace does not need both labels to be included.
 <2> Specifies all namespaces with the `mykey=myvalue` label. When the selector identifies a match, the project namespace is added to the service mesh.
diff --git a/modules/ossm-add-project-using-label-selectors-console.adoc b/modules/ossm-add-project-using-label-selectors-console.adoc
index cf56475ff4eb..79a5ce28f2d0 100644
--- a/modules/ossm-add-project-using-label-selectors-console.adoc
+++ b/modules/ossm-add-project-using-label-selectors-console.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-create-mesh.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-adding-project-using-label-selectors-console_{context}"]
 = Adding a project to the mesh using label selectors with the web console
 
diff --git a/modules/ossm-adding-project-using-smm-resource-cli.adoc b/modules/ossm-adding-project-using-smm-resource-cli.adoc
index 0cacb50ffcd6..e4415ee2dd87 100644
--- a/modules/ossm-adding-project-using-smm-resource-cli.adoc
+++ b/modules/ossm-adding-project-using-smm-resource-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-create-mesh.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-adding-project-using-smm-resource-cli_{context}"]
 = Adding a project to the mesh using the ServiceMeshMember resource with the CLI
 
diff --git a/modules/ossm-adding-project-using-smm-resource-console.adoc b/modules/ossm-adding-project-using-smm-resource-console.adoc
index d713f3c7b364..dacb117d66ea 100644
--- a/modules/ossm-adding-project-using-smm-resource-console.adoc
+++ b/modules/ossm-adding-project-using-smm-resource-console.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-create-mesh.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-adding-project-using-smm-resource-console_{context}"]
 = Adding a project to the mesh using the ServiceMeshMember resource with the web console
 
@@ -30,11 +30,11 @@ You can add one or more projects to the mesh using the `ServiceMeshMember` resou
 
 . Accept the default name for the `ServiceMeshMember`.
 
-. Click to expand *ControlPlaneRef*. 
+. Click to expand *ControlPlaneRef*.
 
-. In the *Namespace* field, select the project that the `ServiceMeshControlPlane` resource belongs to. For example, `istio-system`. 
+. In the *Namespace* field, select the project that the `ServiceMeshControlPlane` resource belongs to. For example, `istio-system`.
 
-. In the *Name* field, enter the name of the `ServiceMeshControlPlane` resource that this namespace belongs to. For example, `basic`.  
+. In the *Name* field, enter the name of the `ServiceMeshControlPlane` resource that this namespace belongs to. For example, `basic`.
 
 . Click *Create*.
 
diff --git a/modules/ossm-auto-route-enable.adoc b/modules/ossm-auto-route-enable.adoc
index de3a6c82dab9..065d7fd45c10 100644
--- a/modules/ossm-auto-route-enable.adoc
+++ b/modules/ossm-auto-route-enable.adoc
@@ -1,7 +1,7 @@
 // Module is included in the following assemblies:
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 //
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-auto-route-enable_{context}"]
 = Disabling automatic route creation
 
diff --git a/modules/ossm-auto-route.adoc b/modules/ossm-auto-route.adoc
index a332d670a84d..d8e3b625608b 100644
--- a/modules/ossm-auto-route.adoc
+++ b/modules/ossm-auto-route.adoc
@@ -2,7 +2,7 @@
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-auto-route-create-subdomains_{context}"]
 = Creating subdomain routes
 
diff --git a/modules/ossm-automatic-gateway-injection.adoc b/modules/ossm-automatic-gateway-injection.adoc
index 81b835b6f039..4ebcbf0feaaf 100644
--- a/modules/ossm-automatic-gateway-injection.adoc
+++ b/modules/ossm-automatic-gateway-injection.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-automatic-gateway-injection_{context}"]
 = Enabling gateway injection
 
diff --git a/modules/ossm-automatic-sidecar-injection.adoc b/modules/ossm-automatic-sidecar-injection.adoc
index 5b418907a206..6a610580cfaf 100644
--- a/modules/ossm-automatic-sidecar-injection.adoc
+++ b/modules/ossm-automatic-sidecar-injection.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
 // * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-automatic-sidecar-injection_{context}"]
 = Enabling automatic sidecar injection
 
diff --git a/modules/ossm-cert-cleanup.adoc b/modules/ossm-cert-cleanup.adoc
index d26b3d1d56a4..217275e94400 100644
--- a/modules/ossm-cert-cleanup.adoc
+++ b/modules/ossm-cert-cleanup.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-cert-cleanup_{context}"]
 == Removing the certificates
 
diff --git a/modules/ossm-cert-manage-add-cert-key.adoc b/modules/ossm-cert-manage-add-cert-key.adoc
index 5ebc3902db4d..a440e16cc1f1 100644
--- a/modules/ossm-cert-manage-add-cert-key.adoc
+++ b/modules/ossm-cert-manage-add-cert-key.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-cert-manage-add-cert-key_{context}"]
 == Adding an existing certificate and key
 
diff --git a/modules/ossm-cert-manage-verify-cert.adoc b/modules/ossm-cert-manage-verify-cert.adoc
index b8077754f139..bab0b77450a6 100644
--- a/modules/ossm-cert-manage-verify-cert.adoc
+++ b/modules/ossm-cert-manage-verify-cert.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-cert-manage-verify-cert_{context}"]
 = Verifying your certificates
 
diff --git a/modules/ossm-cert-manager-installation.adoc b/modules/ossm-cert-manager-installation.adoc
index 931c351104de..314c2bb9822d 100644
--- a/modules/ossm-cert-manager-installation.adoc
+++ b/modules/ossm-cert-manager-installation.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-security.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-cert-manager-installation_{context}"]
 = Installing cert-manager
 
@@ -12,12 +12,12 @@ You can install the `cert-manager` tool to manage the lifecycle of TLS certifica
 
 . Create the root cluster issuer:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc apply -f cluster-issuer.yaml
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc apply -n istio-system -f istio-ca.yaml
 ----
@@ -98,7 +98,7 @@ The namespace of the `selfsigned-root-issuer` issuer and `root-ca` certificate i
 
 . Install `istio-csr`:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ helm install istio-csr jetstack/cert-manager-istio-csr \
     -n istio-system \
@@ -142,7 +142,7 @@ app:
 
 . Deploy SMCP:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc apply -f mesh.yaml -n istio-system
 ----
@@ -199,24 +199,24 @@ Use the sample `httpbin` service and `sleep` app to check mTLS traffic from ingr
 
 . Deploy the HTTP and `sleep` apps:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc new-project <namespace>
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc apply -f https://raw.githubusercontent.com/maistra/istio/maistra-2.4/samples/httpbin/httpbin.yaml
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc apply -f https://raw.githubusercontent.com/maistra/istio/maistra-2.4/samples/sleep/sleep.yaml
 ----
 
 . Verify that `sleep` can access the `httpbin` service:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc exec "$(oc get pod -l app=sleep -n <namespace> \
    -o jsonpath={.items..metadata.name})" -c sleep -n <namespace> -- \
@@ -225,28 +225,28 @@ $ oc exec "$(oc get pod -l app=sleep -n <namespace> \
 ----
 +
 .Example output:
-[source, terminal]
+[source,terminal]
 ----
 200
 ----
 
 . Check mTLS traffic from the ingress gateway to the `httpbin` service:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc apply -n <namespace> -f https://raw.githubusercontent.com/maistra/istio/maistra-2.4/samples/httpbin/httpbin-gateway.yaml
 ----
 
 . Get the `istio-ingressgateway` route:
 +
-[source, terminal]
+[source,terminal]
 ----
 INGRESS_HOST=$(oc -n istio-system get routes istio-ingressgateway -o jsonpath='{.spec.host}')
 ----
 
 . Verify mTLS traffic from the ingress gateway to the `httpbin` service:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ curl -s -I http://$INGRESS_HOST/headers -o /dev/null -w "%{http_code}" -s
 ----
diff --git a/modules/ossm-cert-manager-integration-istio.adoc b/modules/ossm-cert-manager-integration-istio.adoc
index 60634446aa69..26f0d7c8b537 100644
--- a/modules/ossm-cert-manager-integration-istio.adoc
+++ b/modules/ossm-cert-manager-integration-istio.adoc
@@ -2,13 +2,13 @@
 //
 // * service_mesh/v2x/ossm-security.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-cert-manager-integration-istio_{context}"]
 = About integrating Service Mesh with cert-manager and istio-csr
 
-The cert-manager tool is a solution for X.509 certificate management on Kubernetes. It delivers a unified API to integrate applications with private or public key infrastructure (PKI), such as Vault, Google Cloud Certificate Authority Service, Let's Encrypt, and other providers. 
+The cert-manager tool is a solution for X.509 certificate management on Kubernetes. It delivers a unified API to integrate applications with private or public key infrastructure (PKI), such as Vault, Google Cloud Certificate Authority Service, Let's Encrypt, and other providers.
 
-The cert-manager tool ensures the certificates are valid and up-to-date by attempting to renew certificates at a configured time before they expire. 
+The cert-manager tool ensures the certificates are valid and up-to-date by attempting to renew certificates at a configured time before they expire.
 
 For Istio users, cert-manager also provides integration with `istio-csr`, which is a certificate authority (CA) server that handles certificate signing requests (CSR) from Istio proxies. The server then delegates signing to cert-manager, which forwards CSRs to the configured CA server.
 
@@ -18,7 +18,7 @@ Red Hat provides support for integrating with `istio-csr` and cert-manager. Red
 ====
 
 .Prerequisites
-* One of these versions of cert-manager: 
+* One of these versions of cert-manager:
 ** {cert-manager-operator} 1.10 or later
 ** community cert-manager Operator 1.11 or later
 ** cert-manager 1.11 or later
diff --git a/modules/ossm-config-control-plane-infrastructure-node-cli.adoc b/modules/ossm-config-control-plane-infrastructure-node-cli.adoc
index ace598370469..93309ed0dafb 100644
--- a/modules/ossm-config-control-plane-infrastructure-node-cli.adoc
+++ b/modules/ossm-config-control-plane-infrastructure-node-cli.adoc
@@ -2,11 +2,11 @@
 //
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-control-plane-infrastructure-node-cli_{context}"]
 = Configuring all control plane components to run on infrastructure nodes using the CLI
 
-Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing. 
+Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing.
 
 If the control plane will run on a worker node, skip this task.
 
diff --git a/modules/ossm-config-control-plane-infrastructure-node-console.adoc b/modules/ossm-config-control-plane-infrastructure-node-console.adoc
index 0ce0922ce9d1..39d95ee87864 100644
--- a/modules/ossm-config-control-plane-infrastructure-node-console.adoc
+++ b/modules/ossm-config-control-plane-infrastructure-node-console.adoc
@@ -2,11 +2,11 @@
 //
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-control-plane-infrastructure-node-console_{context}"]
 = Configuring all control plane components to run on infrastructure nodes using the web console
 
-Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing. 
+Perform this task if all of the components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, Ingress Gateway, and Egress Gateway, and optional applications such as Prometheus, Grafana, and Distributed Tracing.
 
 If the control plane will run on a worker node, skip this task.
 
diff --git a/modules/ossm-config-disable-networkpolicy.adoc b/modules/ossm-config-disable-networkpolicy.adoc
index dc3448a8e34e..b41fd8308d06 100644
--- a/modules/ossm-config-disable-networkpolicy.adoc
+++ b/modules/ossm-config-disable-networkpolicy.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 -service_mesh/v2x/ossm-traffic-manage.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-disable-networkpolicy_{context}"]
 = Disabling automatic NetworkPolicy creation
 
diff --git a/modules/ossm-config-enabling-controlplane.adoc b/modules/ossm-config-enabling-controlplane.adoc
index f7aa0267cede..333d2523ae0e 100644
--- a/modules/ossm-config-enabling-controlplane.adoc
+++ b/modules/ossm-config-enabling-controlplane.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-security-enabling-controlplane_{context}"]
 == Enabling strict mTLS for Mixer telemetry or policy components
 
diff --git a/modules/ossm-config-external-jaeger.adoc b/modules/ossm-config-external-jaeger.adoc
index 0004f110611e..ef0df34d164c 100644
--- a/modules/ossm-config-external-jaeger.adoc
+++ b/modules/ossm-config-external-jaeger.adoc
@@ -3,7 +3,7 @@ This module is included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-external-jaeger_{context}"]
 = Connecting an existing distributed tracing instance
 
diff --git a/modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc b/modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc
index 69422c22d337..6d6e9d9227b1 100644
--- a/modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc
+++ b/modules/ossm-config-individual-control-plane-infrastructure-node-cli.adoc
@@ -2,11 +2,11 @@
 //
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-individual-control-plane-infrastructure-node-cli_{context}"]
 = Configuring individual control plane components to run on infrastructure nodes using the CLI
 
-Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway. 
+Perform this task if individual components deployed by the {SMProductShortName} control plane will run on infrastructure nodes. These deployed components include Istiod, the Ingress Gateway, and the Egress Gateway.
 
 If the control plane will run on a worker node, skip this task.
 
diff --git a/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc b/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc
index af697dfc4511..f83a7b0ff6d7 100644
--- a/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc
+++ b/modules/ossm-config-individual-control-plane-infrastructure-node-console.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-individual-control-plane-infrastructure-node-console_{context}"]
 = Configuring individual control plane components to run on infrastructure nodes using the web console
 
diff --git a/modules/ossm-config-mtls-min-max.adoc b/modules/ossm-config-mtls-min-max.adoc
index e6a4ada1ea61..cab187f9f144 100644
--- a/modules/ossm-config-mtls-min-max.adoc
+++ b/modules/ossm-config-mtls-min-max.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-security-min-max-tls_{context}"]
 == Setting the minimum and maximum protocol versions
 
diff --git a/modules/ossm-config-network-policy.adoc b/modules/ossm-config-network-policy.adoc
index 2f5202915d19..a4a06f0f9ac3 100644
--- a/modules/ossm-config-network-policy.adoc
+++ b/modules/ossm-config-network-policy.adoc
@@ -4,7 +4,7 @@ This CONCEPT module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-config-network-policy_{context}"]
 
 == Setting the correct network policy
diff --git a/modules/ossm-config-operator-infrastructure-node.adoc b/modules/ossm-config-operator-infrastructure-node.adoc
index 69fb7f692e8c..a3fab4a635be 100644
--- a/modules/ossm-config-operator-infrastructure-node.adoc
+++ b/modules/ossm-config-operator-infrastructure-node.adoc
@@ -2,11 +2,11 @@
 //
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-operator-infrastructure-node_{context}"]
 = Configuring the {SMProductShortName} Operator to run on infrastructure nodes
 
-This task should only be performed if the {SMProductShortName} Operator runs on an infrastructure node. 
+This task should only be performed if the {SMProductShortName} Operator runs on an infrastructure node.
 
 If the operator will run on a worker node, skip this task.
 
@@ -18,29 +18,36 @@ If the operator will run on a worker node, skip this task.
 
 .Procedure
 
+. List the operators installed in the namespace:
++
+[source,terminal]
+----
+$ oc -n openshift-operators get subscriptions
+----
+
 . Edit the {SMProductShortName} Operator `Subscription` resource to specify where the operator should run:
 +
 [source,terminal]
 ----
 $ oc -n openshift-operators edit subscription <name> <1>
 ----
-<1> `<name>` represents the name of the `Subscription` resource.
+<1> `<name>` represents the name of the `Subscription` resource. The default name of the `Subscription` resource is `servicemeshoperator`.
 
 . Add the `nodeSelector` and `tolerations` to `spec.config` in the `Subscription` resource:
 +
 [source,yaml]
 ----
 spec:
- config:
-   nodeSelector: <1>
-     node-role.kubernetes.io/infra: ""
-   tolerations: <2>
-   - effect: NoSchedule
-     key: node-role.kubernetes.io/infra
-     value: reserved
-   - effect: NoExecute
-     key: node-role.kubernetes.io/infra
-     value: reserved
+  config:
+    nodeSelector: <1>
+      node-role.kubernetes.io/infra: ""
+    tolerations: <2>
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/infra
+      value: reserved
+    - effect: NoExecute
+      key: node-role.kubernetes.io/infra
+      value: reserved
 ----
 <1> Ensures that the operator pod is only scheduled on an infrastructure node.
 <2> Ensures that the pod is accepted by the infrastructure node.
\ No newline at end of file
diff --git a/modules/ossm-config-sampling.adoc b/modules/ossm-config-sampling.adoc
index 1b4dbb7bced8..fd7cb6f14d42 100644
--- a/modules/ossm-config-sampling.adoc
+++ b/modules/ossm-config-sampling.adoc
@@ -2,7 +2,7 @@
 This module is included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-sampling_{context}"]
 = Adjusting the sampling rate
 
@@ -23,7 +23,7 @@ The Envoy proxy sampling rate applies for applications that are available to a S
 
 The Jaeger remote sampling rate applies to applications that are external to the Service Mesh, and do not use the Envoy proxy, such as a database. This sampling rate determines how much data the distributed tracing system collects and stores.
 ifdef::openshift-enterprise[]
-For more information, see xref:../../distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc#distr-tracing-config-sampling_deploying-distributed-tracing-platform[Distributed tracing configuration options].
+For more information, see xref:../../distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc#distr-tracing-config-sampling_deploying-distributed-tracing-platform[Distributed tracing configuration options].
 endif::[]
 ====
 
diff --git a/modules/ossm-config-sec-mtls-mesh.adoc b/modules/ossm-config-sec-mtls-mesh.adoc
index 6721cf9e5784..35a666e30f50 100644
--- a/modules/ossm-config-sec-mtls-mesh.adoc
+++ b/modules/ossm-config-sec-mtls-mesh.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-security-enabling-strict-mtls_{context}"]
 = Enabling strict mTLS across the service mesh
 
diff --git a/modules/ossm-config-sidecar-mtls.adoc b/modules/ossm-config-sidecar-mtls.adoc
index 19af8c522032..849e4469013d 100644
--- a/modules/ossm-config-sidecar-mtls.adoc
+++ b/modules/ossm-config-sidecar-mtls.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-security-mtls-sidecars-incoming-services_{context}"]
 = Configuring sidecars for incoming connections for specific services
 
diff --git a/modules/ossm-config-sidecar-out-mtls.adoc b/modules/ossm-config-sidecar-out-mtls.adoc
index deab64b0a359..dff3391f03d7 100644
--- a/modules/ossm-config-sidecar-out-mtls.adoc
+++ b/modules/ossm-config-sidecar-out-mtls.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-security-mtls-sidecars-outgoing_{context}"]
 == Configuring sidecars for outgoing connections
 
@@ -10,7 +10,7 @@ Create a destination rule to configure {SMProductShortName} to use mTLS when sen
 
 .Procedure
 
-. Create a YAML file using the following example. 
+. Create a YAML file using the following example.
 +
 .DestinationRule example destination-rule.yaml
 [source,yaml]
@@ -27,7 +27,7 @@ spec:
     mode: ISTIO_MUTUAL
 ----
 +
-.. Replace `<namespace>` with the namespace where the service is located. 
+.. Replace `<namespace>` with the namespace where the service is located.
 
 . Run the following command to create the resource in the namespace where the service is located. It must match the `namespace` field in the `DestinationRule` resource you just created.
 +
diff --git a/modules/ossm-config-smcp-jaeger.adoc b/modules/ossm-config-smcp-jaeger.adoc
index aee7bfbd30e0..a25bf3088f0b 100644
--- a/modules/ossm-config-smcp-jaeger.adoc
+++ b/modules/ossm-config-smcp-jaeger.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/customizing-installation-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-specifying-jaeger-configuration_{context}"]
 = Specifying Jaeger configuration in the SMCP
 
diff --git a/modules/ossm-config-smcp-kiali.adoc b/modules/ossm-config-smcp-kiali.adoc
index bd9ad063df13..113313251f76 100644
--- a/modules/ossm-config-smcp-kiali.adoc
+++ b/modules/ossm-config-smcp-kiali.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //* service_mesh/v2x/ossm-reference-kiali.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-smcp-kiali_{context}"]
 = Specifying Kiali configuration in the SMCP
 
diff --git a/modules/ossm-config-web-console.adoc b/modules/ossm-config-web-console.adoc
index 268744388b63..10efc3934b18 100644
--- a/modules/ossm-config-web-console.adoc
+++ b/modules/ossm-config-web-console.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/customizing-installation-ossm.adoc
 // * service_mesh/v2x/customizing-installation-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-config-web-console_{context}"]
 = Configuring the {SMProductShortName} control plane with the web console
 
diff --git a/modules/ossm-configuring-external-jaeger.adoc b/modules/ossm-configuring-external-jaeger.adoc
index 51171f53d319..e941d8aeec03 100644
--- a/modules/ossm-configuring-external-jaeger.adoc
+++ b/modules/ossm-configuring-external-jaeger.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/customizing-installation-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-specifying-external-jaeger_{context}"]
 = Specifying Jaeger configuration in a Jaeger custom resource
 
diff --git a/modules/ossm-configuring-external-kiali.adoc b/modules/ossm-configuring-external-kiali.adoc
index fea3a4b13213..2db57711f560 100644
--- a/modules/ossm-configuring-external-kiali.adoc
+++ b/modules/ossm-configuring-external-kiali.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * service_mesh/v2x/customizing-installation-ossm.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-specifying-external-kiali_{context}"]
 = Specifying Kiali configuration in a Kiali custom resource
 
diff --git a/modules/ossm-configuring-jaeger-v1x.adoc b/modules/ossm-configuring-jaeger-v1x.adoc
index 69f7a887fb0b..f6e03904c5ff 100644
--- a/modules/ossm-configuring-jaeger-v1x.adoc
+++ b/modules/ossm-configuring-jaeger-v1x.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/ossm-custom-resources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-configuring-jaeger_{context}"]
 = Configuring Jaeger
 
diff --git a/modules/ossm-configuring-jwks-resolver-ca.adoc b/modules/ossm-configuring-jwks-resolver-ca.adoc
new file mode 100644
index 000000000000..a9cc77d8b54b
--- /dev/null
+++ b/modules/ossm-configuring-jwks-resolver-ca.adoc
@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-security.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ossm-configuring-jwks-resolver-ca_{context}"]
+= Configuring JSON Web Key Sets resolver certificate authority
+
+You can configure your own JSON Web Key Sets (JWKS) resolver certificate authority (CA) from the `ServiceMeshControlPlane` (SMCP) spec.
+
+.Procedure
+
+. Edit the `ServiceMeshControlPlane` spec file:
++
+[source, yaml]
+----
+$ oc edit smcp <smcp-name>
+----
+
+. Enable `mtls` for the data plane by setting the value of the `mtls` field to `true` in the `ServiceMeshControlPlane` spec, as shown in the following example:
++
+[source,yaml]
+----
+spec:
+  security:
+    dataPlane:
+        mtls: true # enable mtls for data plane
+    # JWKSResolver extra CA
+    # PEM-encoded certificate content to trust an additional CA
+    jwksResolverCA: |
+        -----BEGIN CERTIFICATE-----
+        [...]
+        [...]
+        -----END CERTIFICATE-----
+...
+----
+
+. Save the changes. {product-title} automatically applies them.
+
+A `ConfigMap` such as `pilot-jwks-cacerts-<SMCP name>` is created with the CA `.pem data`.
+
+.Example ConfigMap `pilot-jwks-cacerts-<SMCP name>`
+[source, yaml]
+----
+kind: ConfigMap
+apiVersion: v1
+data:
+  extra.pem: |
+      -----BEGIN CERTIFICATE-----
+      [...]
+      [...]
+      -----END CERTIFICATE-----
+----
\ No newline at end of file
diff --git a/modules/ossm-configuring-kiali-v1x.adoc b/modules/ossm-configuring-kiali-v1x.adoc
index e853fa2d9d8b..90cb54b17d5a 100644
--- a/modules/ossm-configuring-kiali-v1x.adoc
+++ b/modules/ossm-configuring-kiali-v1x.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/customizing-installation-ossm.adoc
 // * service_mesh/v2x/customizing-installation-ossm.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="configuring-kiali_{context}"]
 = Configuring Kiali
 
diff --git a/modules/ossm-configuring-the-threescale-wasm-auth-module.adoc b/modules/ossm-configuring-the-threescale-wasm-auth-module.adoc
index 40330e9510a6..8f6f36c1b2f4 100644
--- a/modules/ossm-configuring-the-threescale-wasm-auth-module.adoc
+++ b/modules/ossm-configuring-the-threescale-wasm-auth-module.adoc
@@ -25,7 +25,7 @@ Configuring the WebAssembly extension is currently a manual process. Support for
 
 * Identify a Kubernetes workload and namespace on your {SMProductShortName} deployment that you will apply this module.
 * You must have a 3scale tenant account. See link:https://www.3scale.net/signup[SaaS] or link:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index#install-threescale-on-openshift-guide[3scale 2.11 On-Premises] with a matching service and relevant applications and metrics defined.
-* If you apply the module to the `<product_page>` microservice in the `bookinfo` namespace, see the xref:../../service_mesh/v1x/prepare-to-deploy-applications-ossm.html#ossm-tutorial-bookinfo-overview_deploying-applications-ossm-v1x[Bookinfo sample application].
+* If you apply the module to the `<product_page>` microservice in the `bookinfo` namespace, see the xref:../../service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_deploying-applications-ossm-v1x[Bookinfo sample application].
 ** The following example is the YAML format for the custom resource for `threescale-wasm-auth` module.
 This example refers to the upstream Maistra version of {SMProductShortName}, `WasmPlugin` API. You must declare the namespace where the `threescale-wasm-auth` module is deployed, alongside a `selector` to identify the set of applications the module will apply to:
 +
diff --git a/modules/ossm-confirm-operator-infrastructure-node.adoc b/modules/ossm-confirm-operator-infrastructure-node.adoc
index 0e93b52f48f6..d2e2996c0e54 100644
--- a/modules/ossm-confirm-operator-infrastructure-node.adoc
+++ b/modules/ossm-confirm-operator-infrastructure-node.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-confirm-operator-infrastructure-node_{context}"]
 = Verifying the {SMProductShortName} Operator is running on infrastructure node
 
diff --git a/modules/ossm-confirm-smcp-infrastructure-node.adoc b/modules/ossm-confirm-smcp-infrastructure-node.adoc
index ae7882a9cced..7e8cd071eb89 100644
--- a/modules/ossm-confirm-smcp-infrastructure-node.adoc
+++ b/modules/ossm-confirm-smcp-infrastructure-node.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-confirm-smcp-infrastructure-node_{context}"]
 = Verifying the {SMProductShortName} control plane is running on infrastructure nodes
 
diff --git a/modules/ossm-control-plane-cli.adoc b/modules/ossm-control-plane-cli.adoc
index 1402e84d5c1f..80efde2eb800 100644
--- a/modules/ossm-control-plane-cli.adoc
+++ b/modules/ossm-control-plane-cli.adoc
@@ -1,8 +1,8 @@
-////
-This module is included in the following assemblies:
-* service_mesh/v2x/ossm-create-smcp.adoc
-////
-:_content-type: PROCEDURE
+// This module is included in the following assemblies:
+//
+// * service_mesh/v2x/ossm-create-smcp.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-deploy-cli_{context}"]
 = Deploying the {SMProductShortName} control plane using the CLI
 
diff --git a/modules/ossm-control-plane-deploy-1x.adoc b/modules/ossm-control-plane-deploy-1x.adoc
index 1b6ca0246298..43ec80dfa2a3 100644
--- a/modules/ossm-control-plane-deploy-1x.adoc
+++ b/modules/ossm-control-plane-deploy-1x.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-deploy-1x_{context}"]
 = Deploying the {SMProductName} control plane
 
diff --git a/modules/ossm-control-plane-profiles.adoc b/modules/ossm-control-plane-profiles.adoc
index 5029d73fb4de..37aed8bae19c 100644
--- a/modules/ossm-control-plane-profiles.adoc
+++ b/modules/ossm-control-plane-profiles.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-profiles_{context}"]
 = Creating {SMProductShortName} control plane profiles
 
diff --git a/modules/ossm-control-plane-remove.adoc b/modules/ossm-control-plane-remove.adoc
index 09eb7f8de595..cda0c4461774 100644
--- a/modules/ossm-control-plane-remove.adoc
+++ b/modules/ossm-control-plane-remove.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/installing-ossm.adoc
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-remove_{context}"]
 = Removing the {SMProductName} control plane
 
diff --git a/modules/ossm-control-plane-templates-1x.adoc b/modules/ossm-control-plane-templates-1x.adoc
index 4b40c89a68ee..dd8ddcf99645 100644
--- a/modules/ossm-control-plane-templates-1x.adoc
+++ b/modules/ossm-control-plane-templates-1x.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-templates-1x_{context}"]
 = Creating control plane templates
 
diff --git a/modules/ossm-control-plane-web.adoc b/modules/ossm-control-plane-web.adoc
index 43c08e5bbae0..5eb5f1345104 100644
--- a/modules/ossm-control-plane-web.adoc
+++ b/modules/ossm-control-plane-web.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-deploy-operatorhub_{context}"]
 = Deploying the {SMProductShortName} control plane from the web console
 
@@ -37,10 +37,8 @@ These steps use `istio-system` as an example, but you can deploy your {SMProduct
 
 . On the *Create ServiceMeshControlPlane* page, accept the default {SMProductShortName} control plane version to take advantage of the features available in the most current version of the product. The version of the control plane determines the features available regardless of the version of the Operator.
 +
-You can configure `ServiceMeshControlPlane` settings later. For more information, see Configuring {SMProductName}.
+.. Click *Create*. The Operator creates pods, services, and {SMProductShortName} control plane components based on your configuration parameters. You can configure `ServiceMeshControlPlane` settings later.
 +
-.. Click *Create*. The Operator creates pods, services, and {SMProductShortName} control plane components based on your configuration parameters.
-
 . To verify the control plane installed correctly, click the *Istio Service Mesh Control Plane* tab.
 +
 .. Click the name of the new control plane.
diff --git a/modules/ossm-core-features.adoc b/modules/ossm-core-features.adoc
index 68fd35a780f1..3451de486e00 100644
--- a/modules/ossm-core-features.adoc
+++ b/modules/ossm-core-features.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/servicemesh-release-notes.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-core-features_{context}"]
 = Core features
 
diff --git a/modules/ossm-cr-example.adoc b/modules/ossm-cr-example.adoc
index 56f83a83fd96..a95e1711317f 100644
--- a/modules/ossm-cr-example.adoc
+++ b/modules/ossm-cr-example.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/customizing-installation-ossm.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-cr-example_{context}"]
 = {SMProductShortName} Control plane parameters
 
diff --git a/modules/ossm-cr-general.adoc b/modules/ossm-cr-general.adoc
index 15ab5062731d..321d814ea9ff 100644
--- a/modules/ossm-cr-general.adoc
+++ b/modules/ossm-cr-general.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-reference-smcp.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-cr-general_{context}"]
 = general parameters
 
diff --git a/modules/ossm-cr-status.adoc b/modules/ossm-cr-status.adoc
index 783e137bb1d9..3cd888f894ba 100644
--- a/modules/ossm-cr-status.adoc
+++ b/modules/ossm-cr-status.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-reference-smcp.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-cr-status_{context}"]
 = status parameter
 
diff --git a/modules/ossm-cr-version.adoc b/modules/ossm-cr-version.adoc
index c2eb2c7b4658..15e8395dcee1 100644
--- a/modules/ossm-cr-version.adoc
+++ b/modules/ossm-cr-version.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-reference-smcp.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-cr-version_{context}"]
 = version parameter
 
diff --git a/modules/ossm-customize-smmr-cluster-wide.adoc b/modules/ossm-customize-smmr-cluster-wide.adoc
index 853ed47e1d34..c51ffd304867 100644
--- a/modules/ossm-customize-smmr-cluster-wide.adoc
+++ b/modules/ossm-customize-smmr-cluster-wide.adoc
@@ -1,9 +1,8 @@
+// This module is included in the following assemblies:
 //
-This module is included in the following assemblies:
-* service_mesh/v2x/ossm-create-smcp.adoc
-//
+// * service_mesh/v2x/ossm-create-smcp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-customize-smrr-cluster-wide_{context}"]
 = Customizing the member roll for a cluster-wide mesh
 
diff --git a/modules/ossm-deploy-cluster-wide-control-plane-cli.adoc b/modules/ossm-deploy-cluster-wide-control-plane-cli.adoc
index e47d725abc9c..7229eb2db615 100644
--- a/modules/ossm-deploy-cluster-wide-control-plane-cli.adoc
+++ b/modules/ossm-deploy-cluster-wide-control-plane-cli.adoc
@@ -1,8 +1,8 @@
+// This module is included in the following assemblies:
 //
-This module is included in the following assemblies:
-* service_mesh/v2x/ossm-create-smcp.adoc
-//
-:_content-type: PROCEDURE
+// * service_mesh/v2x/ossm-create-smcp.adoc
+
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-deploy-cluster-wide-control-plane-cli_{context}"]
 = Configuring the control plane for cluster-wide deployment with the CLI
 
@@ -29,7 +29,7 @@ $ oc login --username=<NAMEOFUSER> https://<HOSTNAME>:6443
 $ oc new-project istio-system
 ----
 
-. Create a `ServiceMeshControlPlane` file named `istio-installation.yaml` using the following example. 
+. Create a `ServiceMeshControlPlane` file named `istio-installation.yaml` using the following example.
 +
 .Example version {MaistraVersion} istio-installation.yaml
 [source,yaml, subs="attributes,verbatim"]
diff --git a/modules/ossm-deploy-cluster-wide-control-plane-console.adoc b/modules/ossm-deploy-cluster-wide-control-plane-console.adoc
index d75a1ce5e5ec..3ec363b25784 100644
--- a/modules/ossm-deploy-cluster-wide-control-plane-console.adoc
+++ b/modules/ossm-deploy-cluster-wide-control-plane-console.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-create-smcp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-deploy-cluster-wide-control-plane-console_{context}"]
 = Configuring the control plane for cluster-wide deployment with the web console
 
@@ -39,7 +39,7 @@ These steps use `istio-system` as an example. You can deploy the {SMProductShort
 +
 .Example version {MaistraVersion} istio-installation.yaml
 +
-[source,yaml]
+[source,yaml, subs="attributes,verbatim"]
 ----
 apiVersion: maistra.io/v2
 kind: ServiceMeshControlPlane
diff --git a/modules/ossm-deploy-cluster-wide-mesh.adoc b/modules/ossm-deploy-cluster-wide-mesh.adoc
index f3be5fd7fd8d..919f396785b1 100644
--- a/modules/ossm-deploy-cluster-wide-mesh.adoc
+++ b/modules/ossm-deploy-cluster-wide-mesh.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-deployment-models.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-deploy-cluster-wide-mesh_{context}"]
 = Cluster-Wide (Single Tenant) mesh deployment model
 
 A cluster-wide deployment contains a Service Mesh Control Plane that monitors resources for an entire cluster. Monitoring resources for an entire cluster closely resembles Istio functionality in that the control plane uses a single query across all namespaces to monitor Istio and Kubernetes resources. As a result, cluster-wide deployments decrease the number of requests sent to the API server.
 
-Similar to Istio, a cluster-wide mesh includes namespaces with the `istio-injection=enabled` namespace label by default. You can change this label by modifying the `spec.labelSelectors` field of the `ServiceMeshMemberRoll` resource. 
+Similar to Istio, a cluster-wide mesh includes namespaces with the `istio-injection=enabled` namespace label by default. You can change this label by modifying the `spec.labelSelectors` field of the `ServiceMeshMemberRoll` resource.
diff --git a/modules/ossm-deploy-multitenant.adoc b/modules/ossm-deploy-multitenant.adoc
index 271ea246786f..d7683a957fef 100644
--- a/modules/ossm-deploy-multitenant.adoc
+++ b/modules/ossm-deploy-multitenant.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-deploy-mod-v2x.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-deploy-multitenant_{context}"]
 = Multitenant deployment model
 
diff --git a/modules/ossm-deploy-single-tenant.adoc b/modules/ossm-deploy-single-tenant.adoc
index 8efe896e43ea..df5ba63431e0 100644
--- a/modules/ossm-deploy-single-tenant.adoc
+++ b/modules/ossm-deploy-single-tenant.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/ossm-deploy-mod-v2x.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-deploy-single-tenant_{context}"]
 = Single tenancy deployment model
 
diff --git a/modules/ossm-deploying-automatic-gateway-injection.adoc b/modules/ossm-deploying-automatic-gateway-injection.adoc
index fb1ac32fa8f0..81c799aca1a5 100644
--- a/modules/ossm-deploying-automatic-gateway-injection.adoc
+++ b/modules/ossm-deploying-automatic-gateway-injection.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-deploying-automatic-gateway-injection_{context}"]
 = Deploying automatic gateway injection
 
@@ -28,7 +28,7 @@ spec:
   selector:
     istio: ingressgateway
   ports:
-  - name: http
+  - name: http2
     port: 80
     targetPort: 8080
   - name: https
diff --git a/modules/ossm-extensions-migrating-to-wasmplugin.adoc b/modules/ossm-extensions-migrating-to-wasmplugin.adoc
index 909eacc14de6..15a67d854330 100644
--- a/modules/ossm-extensions-migrating-to-wasmplugin.adoc
+++ b/modules/ossm-extensions-migrating-to-wasmplugin.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-extensions-migrating-to-wasmplugin_{context}"]
 = Migrating to `WasmPlugin` resources
 
diff --git a/modules/ossm-extensions-migration-overview.adoc b/modules/ossm-extensions-migration-overview.adoc
index 3b4b599b2afd..a61d835e3063 100644
--- a/modules/ossm-extensions-migration-overview.adoc
+++ b/modules/ossm-extensions-migration-overview.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-extensions-migration-overview_{context}"]
 = Migrating from `ServiceMeshExtension` to `WasmPlugin` resources
 
diff --git a/modules/ossm-extensions-overview.adoc b/modules/ossm-extensions-overview.adoc
index 75a6ec99e2e4..9841d2a1e6ff 100644
--- a/modules/ossm-extensions-overview.adoc
+++ b/modules/ossm-extensions-overview.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-extensions-overview_{context}"]
 = WebAssembly modules overview
 
diff --git a/modules/ossm-extensions-ref-smextension.adoc b/modules/ossm-extensions-ref-smextension.adoc
index ccd2242d938e..563530147cef 100644
--- a/modules/ossm-extensions-ref-smextension.adoc
+++ b/modules/ossm-extensions-ref-smextension.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-wasm-ref-smextension_{context}"]
 = ServiceMeshExtension reference
 
diff --git a/modules/ossm-extensions-ref-wasmplugin.adoc b/modules/ossm-extensions-ref-wasmplugin.adoc
index daa69d1e3986..fda0ecdf64c5 100644
--- a/modules/ossm-extensions-ref-wasmplugin.adoc
+++ b/modules/ossm-extensions-ref-wasmplugin.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-wasm-ref-wasmplugin_{context}"]
 = WasmPlugin API reference
 
diff --git a/modules/ossm-extensions-smextension-deploy.adoc b/modules/ossm-extensions-smextension-deploy.adoc
index 43e8b6a39849..6e3c3bb7c41f 100644
--- a/modules/ossm-extensions-smextension-deploy.adoc
+++ b/modules/ossm-extensions-smextension-deploy.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-smextensions-deploy_{context}"]
 = Deploying `ServiceMeshExtension` resources
 
diff --git a/modules/ossm-extensions-smextension-format.adoc b/modules/ossm-extensions-smextension-format.adoc
index 8830dc50a217..2befc62aa001 100644
--- a/modules/ossm-extensions-smextension-format.adoc
+++ b/modules/ossm-extensions-smextension-format.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-extensions-smextension-format_{context}"]
 = `ServiceMeshExtension` container format
 
diff --git a/modules/ossm-extensions-wasmplugin-deploy.adoc b/modules/ossm-extensions-wasmplugin-deploy.adoc
index 759624e65a16..266761bc5c06 100644
--- a/modules/ossm-extensions-wasmplugin-deploy.adoc
+++ b/modules/ossm-extensions-wasmplugin-deploy.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-wasmplugin-deploy_{context}"]
 = Deploying `WasmPlugin` resources
 
diff --git a/modules/ossm-extensions-wasmplugin-format.adoc b/modules/ossm-extensions-wasmplugin-format.adoc
index 24a3159c9114..a3f134eb36a0 100644
--- a/modules/ossm-extensions-wasmplugin-format.adoc
+++ b/modules/ossm-extensions-wasmplugin-format.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 *service_mesh_/v2x/ossm-extensions.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-extensions-wasmplugin-format_{context}"]
 = `WasmPlugin` container format
 
diff --git a/modules/ossm-federation-across-cluster.adoc b/modules/ossm-federation-across-cluster.adoc
index 4150ca25a8d0..f9b375d6c6ef 100644
--- a/modules/ossm-federation-across-cluster.adoc
+++ b/modules/ossm-federation-across-cluster.adoc
@@ -14,10 +14,10 @@ The service must be exposed through a load balancer that operates at Layer4 of t
 If the cluster runs on bare metal and fully supports `LoadBalancer` services, the IP address found in the `.status.loadBalancer.ingress.ip` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
 
 If the cluster does not support `LoadBalancer` services, using a `NodePort` service could be an option if the nodes are accessible from the cluster running the other mesh. In the `ServiceMeshPeer` object, specify the IP addresses of the nodes in the `.spec.remote.addresses` field and the service's node ports in the `.spec.remote.discoveryPort` and `.spec.remote.servicePort` fields.
-ifndef::openshift-rosa[]
 
-== Exposing the federation ingress on clusters running on {ibmpowerProductName} and {ibmzProductName}
-If the cluster runs on {ibmpowerProductName} or {ibmzProductName} infrastructure and fully supports `LoadBalancer` services, the IP address found in the `.status.loadBalancer.ingress.ip` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
+ifndef::openshift-rosa[]
+== Exposing the federation ingress on clusters running on {ibm-power-title} and {ibm-z-title}
+If the cluster runs on {ibm-power-name} or {ibm-z-name} infrastructure and fully supports `LoadBalancer` services, the IP address found in the `.status.loadBalancer.ingress.ip` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
 
 If the cluster does not support `LoadBalancer` services, using a `NodePort` service could be an option if the nodes are accessible from the cluster running the other mesh. In the `ServiceMeshPeer` object, specify the IP addresses of the nodes in the `.spec.remote.addresses` field and the service's node ports in the `.spec.remote.discoveryPort` and `.spec.remote.servicePort` fields.
 endif::openshift-rosa[]
diff --git a/modules/ossm-federation-config-destinationrule-failover.adoc b/modules/ossm-federation-config-destinationrule-failover.adoc
index 6aa67daf63bf..2fb4e1d48ccf 100644
--- a/modules/ossm-federation-config-destinationrule-failover.adoc
+++ b/modules/ossm-federation-config-destinationrule-failover.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-federation-config-destinationrule-failover_{context}"]
 = Configuring a DestinationRule for failover
 
diff --git a/modules/ossm-federation-config-failover-overview.adoc b/modules/ossm-federation-config-failover-overview.adoc
index e675c5497b06..c9ce485c7133 100644
--- a/modules/ossm-federation-config-failover-overview.adoc
+++ b/modules/ossm-federation-config-failover-overview.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-federation-config-failover-overview_{context}"]
 = Configuring a federated mesh for failover
 
diff --git a/modules/ossm-federation-config-importedserviceset-failover.adoc b/modules/ossm-federation-config-importedserviceset-failover.adoc
index d7cbb4dd766e..225d1f0294f2 100644
--- a/modules/ossm-federation-config-importedserviceset-failover.adoc
+++ b/modules/ossm-federation-config-importedserviceset-failover.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-federation-config-importedserviceset-failover_{context}"]
 = Configuring an ImportedServiceSet for failover
 
diff --git a/modules/ossm-federation-config-meshPeer.adoc b/modules/ossm-federation-config-meshPeer.adoc
index c8e5221e6521..e70d954c0687 100644
--- a/modules/ossm-federation-config-meshPeer.adoc
+++ b/modules/ossm-federation-config-meshPeer.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-federation-joining_{context}"]
 = Joining a federated mesh
 
diff --git a/modules/ossm-federation-config-smcp.adoc b/modules/ossm-federation-config-smcp.adoc
index c9bda5e4f2df..7bc3a6541f89 100644
--- a/modules/ossm-federation-config-smcp.adoc
+++ b/modules/ossm-federation-config-smcp.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-federation-config-smcp_{context}"]
 = Configuring a {SMProductShortName} control plane for federation
 
@@ -31,7 +31,6 @@ spec:
         enabled: true
         requestedNetworkView:
         - green-network
-        routerMode: sni-dnat
         service:
           metadata:
             labels:
@@ -45,7 +44,6 @@ spec:
         enabled: true
         requestedNetworkView:
         - blue-network
-        routerMode: sni-dnat
         service:
           metadata:
             labels:
@@ -58,7 +56,6 @@ spec:
     additionalIngress:
       ingress-green-mesh:
         enabled: true
-        routerMode: sni-dnat
         service:
           type: LoadBalancer
           metadata:
@@ -71,7 +68,6 @@ spec:
             name: https-discovery  #note HTTPS here
       ingress-blue-mesh:
         enabled: true
-        routerMode: sni-dnat
         service:
           type: LoadBalancer
           metadata:
@@ -146,14 +142,6 @@ To avoid naming conflicts between meshes, you must create separate egress and in
 |Networks associated with exported services.
 |Set to the value of `spec.cluster.network` in the SMCP for the mesh, otherwise use <ServiceMeshPeer-name>-network. For example, if the `ServiceMeshPeer` resource for that mesh is named `west`, then the network would be named `west-network`.
 |
-
-|spec:
-  gateways:
-    additionalEgress:
-      <egressName>:
-        routerMode:
-|The router mode to be used by the gateway.
-|`sni-dnat`
 |
 
 |spec:
@@ -194,14 +182,6 @@ To avoid naming conflicts between meshes, you must create separate egress and in
 |`true`/`false`
 |`true`
 
-|spec:
-  gateways:
-    additionalIngress:
-      <ingressName>:
-        routerMode:
-|The router mode to be used by the gateway.
-|`sni-dnat`
-|
 
 |spec:
   gateways:
@@ -266,7 +246,6 @@ In the following example, the administrator is configuring the SMCP for federati
      additionalIngress:
       ingress-green-mesh:
         enabled: true
-        routerMode: sni-dnat
         service:
           type: NodePort
           metadata:
diff --git a/modules/ossm-federation-create-export.adoc b/modules/ossm-federation-create-export.adoc
index 87e711c681ec..b30c9451617c 100644
--- a/modules/ossm-federation-create-export.adoc
+++ b/modules/ossm-federation-create-export.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-federation-create-export_{context}"]
 = Creating an ExportedServiceSet
 
diff --git a/modules/ossm-federation-create-import.adoc b/modules/ossm-federation-create-import.adoc
index e6e4f364b93b..2fc60ae120d5 100644
--- a/modules/ossm-federation-create-import.adoc
+++ b/modules/ossm-federation-create-import.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-federation-create-import_{context}"]
 = Creating an ImportedServiceSet
 
diff --git a/modules/ossm-federation-create-meshPeer.adoc b/modules/ossm-federation-create-meshPeer.adoc
index 2b33f4a10d6f..1a0a3f5fd3f6 100644
--- a/modules/ossm-federation-create-meshPeer.adoc
+++ b/modules/ossm-federation-create-meshPeer.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 * service_mesh/v2x/ossm-federation.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-federation-create-peer_{context}"]
 = Creating a ServiceMeshPeer resource
 
diff --git a/modules/ossm-federation-overview.adoc b/modules/ossm-federation-overview.adoc
index 2c0283c6131f..59d63476918d 100644
--- a/modules/ossm-federation-overview.adoc
+++ b/modules/ossm-federation-overview.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 - ossm-federation.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-federation-overview_{context}"]
 = Federation overview
 
diff --git a/modules/ossm-gateways.adoc b/modules/ossm-gateways.adoc
index 9d0e6985a30a..4172e1c47887 100644
--- a/modules/ossm-gateways.adoc
+++ b/modules/ossm-gateways.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-gateways_{context}"]
 = Using gateways
 
diff --git a/modules/ossm-install-kiali.adoc b/modules/ossm-install-kiali.adoc
index 29f4a0dcb71b..f6bfeb792da6 100644
--- a/modules/ossm-install-kiali.adoc
+++ b/modules/ossm-install-kiali.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/installing-ossm.adoc
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-install-kiali_{context}"]
 = Installing the Kiali Operator
 
diff --git a/modules/ossm-install-ossm-operator.adoc b/modules/ossm-install-ossm-operator.adoc
index 057598dfda9d..b6e07a047a3f 100644
--- a/modules/ossm-install-ossm-operator.adoc
+++ b/modules/ossm-install-ossm-operator.adoc
@@ -3,15 +3,15 @@
 // - service_mesh/v1x/installing-ossm.adoc
 // - service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-install-ossm-operator_{context}"]
 = Installing the Operators
 
-To install {SMProductName}, install following Operators in this order. Repeat the procedure for each Operator.
+To install {SMProductName}, install the following Operators in this order. Repeat the procedure for each Operator.
 
 * OpenShift Elasticsearch
 * {JaegerName}
-* Kiali
+* Kiali Operator provided by Red Hat
 * {SMProductName}
 
 [NOTE]
@@ -35,6 +35,6 @@ If you have already installed the OpenShift Elasticsearch Operator as part of Op
 +
 * The OpenShift Elasticsearch Operator is installed in the `openshift-operators-redhat` namespace and is available for all namespaces in the cluster.
 * The {JaegerName} is installed in the `openshift-distributed-tracing` namespace and is available for all namespaces in the cluster.
-* The Kiali and {SMProductName} Operators are installed in the `openshift-operators` namespace and are available for all namespaces in the cluster.
+* The Kiali Operator provided by Red Hat and the {SMProductName} Operator are installed in the `openshift-operators` namespace and are available for all namespaces in the cluster.
 
 . After all you have installed all four Operators, click *Operators* -> *Installed Operators* to verify that your Operators installed.
diff --git a/modules/ossm-install-rosa.adoc b/modules/ossm-install-rosa.adoc
index d079b3c5f15d..3497efb0a9e4 100644
--- a/modules/ossm-install-rosa.adoc
+++ b/modules/ossm-install-rosa.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 * service_mesh/v2/ossm-create-smcp.adoc
 ////
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-install-rosa_{context}"]
 = Installing on Red Hat OpenShift Service on AWS (ROSA)
 
diff --git a/modules/ossm-installation-activities.adoc b/modules/ossm-installation-activities.adoc
index 472a78bc69cb..f555bbd5881e 100644
--- a/modules/ossm-installation-activities.adoc
+++ b/modules/ossm-installation-activities.adoc
@@ -4,13 +4,13 @@
 // * service_mesh/v2x/preparing-ossm-installation.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-installation-activities_{context}"]
 = Operator overview
 
-{SMProductName} requires the following four Operators:
+{SMProductName} requires the following Operators:
 
 * *OpenShift Elasticsearch* - (Optional) Provides database storage for tracing and logging with the {JaegerShortName}. It is based on the open source link:https://www.elastic.co/[Elasticsearch] project.
 * *{JaegerName}* - Provides distributed tracing to monitor and troubleshoot transactions in complex distributed systems. It is based on the open source link:https://www.jaegertracing.io/[Jaeger] project.
-* *Kiali* - Provides observability for your service mesh. Allows you to view configurations, monitor traffic, and analyze traces in a single console. It is based on the open source link:https://www.kiali.io/[Kiali] project.
+* *Kiali Operator provided by Red Hat* - Provides observability for your service mesh. You can view configurations, monitor traffic, and analyze traces in a single console. It is based on the open source link:https://www.kiali.io/[Kiali] project.
 * *{SMProductName}* - Allows you to connect, secure, control, and observe the microservices that comprise your applications. The {SMProductShortName} Operator defines and monitors the `ServiceMeshControlPlane` resources that manage the deployment, updating, and deletion of the {SMProductShortName} components. It is based on the open source link:https://istio.io/[Istio] project.
diff --git a/modules/ossm-integrating-with-user-workload-monitoring.adoc b/modules/ossm-integrating-with-user-workload-monitoring.adoc
new file mode 100644
index 000000000000..379ba847d14e
--- /dev/null
+++ b/modules/ossm-integrating-with-user-workload-monitoring.adoc
@@ -0,0 +1,230 @@
+////
+Module included in the following assemblies:
+* service_mesh/v2x/ossm-observability.adoc
+////
+
+:_mod-docs-content-type: PROCEDURE
+[id="ossm-integrating-with-user-workload-monitoring_{context}"]
+= Integrating with user-workload monitoring
+
+By default, {SMProductName} (OSSM) installs the Service Mesh control plane (SMCP) with a dedicated instance of Prometheus for collecting metrics from a mesh. However, production systems need more advanced monitoring systems, like {product-title} monitoring for user-defined projects.
+
+The following steps show how to integrate Service Mesh with user-workload monitoring.
+
+.Prerequisites
+
+* User-workload monitoring is enabled.
+* {SMProductName} Operator 2.4 is installed.
+* Kiali Operator 1.65 is installed.
+
+.Procedure
+
+. Create a token to Thanos for Kiali by running the following commands:
++
+.. Set the `SECRET` environment variable by running the following command:
++
+[source,terminal]
+----
+$ SECRET=`oc get secret -n openshift-user-workload-monitoring |
+ grep  prometheus-user-workload-token | head -n 1 | awk '{print $1 }'`
+----
++
+.. Set the `TOKEN` environment variable by running the following command:
++
+[source,terminal]
+----
+$ TOKEN=`oc get secret $SECRET -n openshift-user-workload-monitoring -o jsonpath='{.data.token}' | base64 -d`
+----
++
+.. Create a token to Thanos for Kiali by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic thanos-querier-web-token -n istio-system --from-literal=token=$TOKEN
+----
+
+. Configure Kiali for user-workload monitoring:
++
+[source,yaml]
+----
+apiVersion: kiali.io/v1alpha1
+kind: Kiali
+metadata:
+  name: kiali-user-workload-monitoring
+  namespace: istio-system
+spec:
+  external_services:
+    istio:
+      url_service_version: 'http://istiod-basic.istio-system:15014/version'
+      config_map_name: istio-basic # <1>
+    prometheus:
+      auth:
+        token: secret:thanos-querier-web-token:token
+        type: bearer
+        use_kiali_token: false
+      query_scope:
+        mesh_id: "basic-istio-system"
+      thanos_proxy:
+        enabled: true
+      url: https://thanos-querier.openshift-monitoring.svc.cluster.local:9091
+  version: v1.65
+----
+<1> Set the `ServiceMeshControlPlane` name prefixed with `istio-`.
+
+. Configure the SMCP for external Prometheus:
++
+[source,yaml]
+----
+apiVersion: maistra.io/v2
+kind: ServiceMeshControlPlane
+metadata:
+  name: basic
+  namespace: istio-system
+spec:
+  addons:
+    prometheus:
+      enabled: false # <1>
+    grafana:
+      enabled: false # <2>
+    kiali:
+      name: kiali-user-workload-monitoring
+  meshConfig:
+    extensionProviders:
+    - name: prometheus
+      prometheus: {}
+----
+<1> Disable the default Prometheus instance provided by OSSM.
+<2> Disable Grafana. It is not supported with an external Prometheus instance.
+
+. Apply a custom network policy to allow ingress traffic from the monitoring namespace:
++
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: user-workload-access
+  namespace: bookinfo # <1>
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          network.openshift.io/policy-group: monitoring
+  podSelector: {}
+  policyTypes:
+  - Ingress
+----
+<1> The custom network policy must be applied to all namespaces.
+
+. Apply a `Telemetry` object to enable traffic metrics in Istio proxies:
++
+[source,yaml]
+----
+apiVersion: telemetry.istio.io/v1alpha1
+kind: Telemetry
+metadata:
+  name: enable-prometheus-metrics
+  namespace: istio-system # <1>
+spec:
+  selector: # <2>
+    matchLabels:
+      app: bookinfo
+  metrics:
+  - providers:
+    - name: prometheus
+----
+<1> A `Telemetry` object created in the control plane namespace applies to all workloads in a mesh. To apply telemetry to only one namespace, create the object in the target namespace.
+<2> Optional: Setting the `selector.matchLabels` spec applies the `Telemetry` object to specific workloads in the target namespace.
+
+. Apply a `ServiceMonitor` object to monitor the Istio control plane:
++
+[source,yaml]
+----
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: istiod-monitor
+  namespace: istio-system # <1>
+spec:
+  targetLabels:
+  - app
+  selector:
+    matchLabels:
+      istio: pilot
+  endpoints:
+  - port: http-monitoring
+    interval: 30s
+    relabelings:
+    - action: replace
+      replacement: "basic-istio-system" # <2>
+      targetLabel: mesh_id
+----
+<1> Create  this `ServiceMonitor` object in the Istio control plane namespace because it monitors the Istiod service. In this example, the namespace is `istio-system`.
+<2> The string `"basic-istio-system"` is a combination of the SMCP name and its namespace, but any label can be used as long as it is unique for every mesh using user workload monitoring in the cluster. The `spec.prometheus.query_scope` of the Kiali resource configured in Step 2 needs to match this value.
++
+[NOTE]
+====
+If there is only one mesh using user-workload monitoring, then both the `mesh_id` relabeling and the `spec.prometheus.query_scope` field in the Kiali resource are optional (but the `query_scope` field given here should be removed if the `mesh_id` label is removed).
+
+If there might be multiple meshes using user-workload monitoring, then both the `mesh_id` relabelings and the `spec.prometheus.query_scope` field in the Kiali resource are required so that Kiali only sees metrics from its associated mesh. If Kiali is not being deployed, applying the `mesh_id` relabeling is still recommended so that metrics from different meshes can be distinguished from one another.
+====
+
+. Apply a `PodMonitor` object to collect metrics from Istio proxies:
++
+[source,yaml]
+----
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: istio-proxies-monitor
+  namespace: istio-system # <1>
+spec:
+  selector:
+    matchExpressions:
+    - key: istio-prometheus-ignore
+      operator: DoesNotExist
+  podMetricsEndpoints:
+  - path: /stats/prometheus
+    interval: 30s
+    relabelings:
+    - action: keep
+      sourceLabels: [__meta_kubernetes_pod_container_name]
+      regex: "istio-proxy"
+    - action: keep
+      sourceLabels: [__meta_kubernetes_pod_annotationpresent_prometheus_io_scrape]
+    - action: replace
+      regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
+      replacement: '[$2]:$1'
+      sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_port,
+      __meta_kubernetes_pod_ip]
+      targetLabel: __address__
+    - action: replace
+      regex: (\d+);((([0-9]+?)(\.|$)){4})
+      replacement: $2:$1
+      sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_port,
+      __meta_kubernetes_pod_ip]
+      targetLabel: __address__
+    - action: labeldrop
+      regex: "__meta_kubernetes_pod_label_(.+)"
+    - sourceLabels: [__meta_kubernetes_namespace]
+      action: replace
+      targetLabel: namespace
+    - sourceLabels: [__meta_kubernetes_pod_name]
+      action: replace
+      targetLabel: pod_name
+    - action: replace
+      replacement: "basic-istio-system" # <2>
+      targetLabel: mesh_id
+----
+<1> Since {product-title} monitoring ignores the `namespaceSelector` spec in `ServiceMonitor` and `PodMonitor` objects, you must apply the `PodMonitor` object in all mesh namespaces, including the control plane namespace.
+<2> The string `"basic-istio-system"` is a combination of the SMCP name and its namespace, but any label can be used as long as it is unique for every mesh using user workload monitoring in the cluster. The `spec.prometheus.query_scope` of the Kiali resource configured in Step 2 needs to match this value.
++
+[NOTE]
+====
+If there is only one mesh using user-workload monitoring, then both the `mesh_id` relabeling and the `spec.prometheus.query_scope` field in the Kiali resource are optional (but the `query_scope` field given here should be removed if the `mesh_id` label is removed).
+
+If there might be multiple meshes using user-workload monitoring, then both the `mesh_id` relabelings and the `spec.prometheus.query_scope` field in the Kiali resource are required so that Kiali only sees metrics from its associated mesh. If Kiali is not being deployed, applying the `mesh_id` relabeling is still recommended so that metrics from different meshes can be distinguished from one another.
+====
+
+. Open the {product-title} web console, and check that metrics are visible.
\ No newline at end of file
diff --git a/modules/ossm-jaeger-accessing-console.adoc b/modules/ossm-jaeger-accessing-console.adoc
index aefd2695a015..c955332cc67a 100644
--- a/modules/ossm-jaeger-accessing-console.adoc
+++ b/modules/ossm-jaeger-accessing-console.adoc
@@ -4,7 +4,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/ossm-troubleshooting-istio.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-accessing-jaeger-console_{context}"]
 = Accessing the Jaeger console
 
diff --git a/modules/ossm-jaeger-config-elasticsearch-v1x.adoc b/modules/ossm-jaeger-config-elasticsearch-v1x.adoc
index 73e74214c0d4..ce92289dc095 100644
--- a/modules/ossm-jaeger-config-elasticsearch-v1x.adoc
+++ b/modules/ossm-jaeger-config-elasticsearch-v1x.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/ossm-custom-resources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-jaeger-config-elasticsearch-v1x_{context}"]
 = Configuring Elasticsearch
 
diff --git a/modules/ossm-kiali-accessing-console.adoc b/modules/ossm-kiali-accessing-console.adoc
index e679a5ebf76c..7e18d3bc39f4 100644
--- a/modules/ossm-kiali-accessing-console.adoc
+++ b/modules/ossm-kiali-accessing-console.adoc
@@ -4,7 +4,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/ossm-troubleshooting-istio.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-accessing-kiali-console_{context}"]
 = Accessing the Kiali console
 
diff --git a/modules/ossm-kiali-architecture.adoc b/modules/ossm-kiali-architecture.adoc
index fd3114bb6aeb..e052cdac9daa 100644
--- a/modules/ossm-kiali-architecture.adoc
+++ b/modules/ossm-kiali-architecture.adoc
@@ -4,7 +4,7 @@ This CONCEPT module included in the following assemblies:
 -service_mesh/v2x/ossm-architecture.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-kiali-architecture_{context}"]
 = Kiali architecture
 
diff --git a/modules/ossm-kiali-overview.adoc b/modules/ossm-kiali-overview.adoc
index e9f9fc0f9e31..3e49337ba053 100644
--- a/modules/ossm-kiali-overview.adoc
+++ b/modules/ossm-kiali-overview.adoc
@@ -4,7 +4,7 @@ This CONCEPT module included in the following assemblies:
 -service_mesh/v2x/ossm-architecture.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-kiali-overview_{context}"]
 = Kiali overview
 
diff --git a/modules/ossm-kiali-service-mesh.adoc b/modules/ossm-kiali-service-mesh.adoc
index 352322875fc1..31bb8f56e542 100644
--- a/modules/ossm-kiali-service-mesh.adoc
+++ b/modules/ossm-kiali-service-mesh.adoc
@@ -3,7 +3,7 @@ This CONCEPT module included in the following assemblies:
 -service_mesh/v1x/ossm-vs-community.adoc
 -service_mesh/v2x/ossm-vs-community.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-kiali-service-mesh_{context}"]
 = Kiali and service mesh
 
diff --git a/modules/ossm-kiali-viewing-logs.adoc b/modules/ossm-kiali-viewing-logs.adoc
index c699176b9044..c67c077e1e83 100644
--- a/modules/ossm-kiali-viewing-logs.adoc
+++ b/modules/ossm-kiali-viewing-logs.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-viewing-logs_{context}"]
 = Viewing logs in the Kiali console
 
diff --git a/modules/ossm-kiali-viewing-metrics.adoc b/modules/ossm-kiali-viewing-metrics.adoc
index 125c636ebd22..4b28c682e9ad 100644
--- a/modules/ossm-kiali-viewing-metrics.adoc
+++ b/modules/ossm-kiali-viewing-metrics.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-viewing-metrics_{context}"]
 = Viewing metrics in the Kiali console
 
diff --git a/modules/ossm-load-test-results.adoc b/modules/ossm-load-test-results.adoc
index ade52ede3801..8bc46a2d8eb4 100644
--- a/modules/ossm-load-test-results.adoc
+++ b/modules/ossm-load-test-results.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 - /v2x/ossm-performance-scalability.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-load-test-results_{context}"]
 = Load test results
 
diff --git a/modules/ossm-member-roll-create.adoc b/modules/ossm-member-roll-create.adoc
index d257051dec3b..24df27356c61 100644
--- a/modules/ossm-member-roll-create.adoc
+++ b/modules/ossm-member-roll-create.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/installing-ossm.adoc
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-member-roll-create_{context}"]
 = Creating the {SMProductName} member roll
 
diff --git a/modules/ossm-member-roll-modify.adoc b/modules/ossm-member-roll-modify.adoc
index bc23bb7a4c24..517a68539368 100644
--- a/modules/ossm-member-roll-modify.adoc
+++ b/modules/ossm-member-roll-modify.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/installing-ossm.adoc
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-member-roll-modify_{context}"]
 = Adding or removing projects from the service mesh
 
diff --git a/modules/ossm-migrating-to-20.adoc b/modules/ossm-migrating-to-20.adoc
index c476d5f049b9..671c87b7416b 100644
--- a/modules/ossm-migrating-to-20.adoc
+++ b/modules/ossm-migrating-to-20.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-migrating-to-20_{context}"]
 = Migrating {SMProductName} from version 1.1 to version 2.0
 
@@ -210,7 +210,7 @@ When using mTLS with workload specific PeerAuthentication policies, a correspond
 
 Auto mTLS is enabled by default, but can be disabled by setting `spec.security.dataPlane.automtls` to false in the `ServiceMeshControlPlane` resource. When disabling auto mTLS, DestinationRules may be required for proper communication between services. For example, setting PeerAuthentication to `STRICT` for one namespace may prevent services in other namespaces from accessing them, unless a DestinationRule configures TLS mode for the services in the namespace.
 
-For information about mTLS, see xref:../../service_mesh/v2x/ossm-security.html#ossm-security-mtls_ossm-security[Enabling mutual Transport Layer Security (mTLS)]
+For information about mTLS, see xref:../../service_mesh/v2x/ossm-security.adoc#ossm-security-mtls_ossm-security[Enabling mutual Transport Layer Security (mTLS)]
 
 ==== Other mTLS Examples
 
diff --git a/modules/ossm-mixer-policy-1x.adoc b/modules/ossm-mixer-policy-1x.adoc
index b2f9a4d589c7..fe1dac4b91ea 100644
--- a/modules/ossm-mixer-policy-1x.adoc
+++ b/modules/ossm-mixer-policy-1x.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-mixer-policy-1x_{context}"]
 = Updating Mixer policy enforcement
 
diff --git a/modules/ossm-mixer-policy.adoc b/modules/ossm-mixer-policy.adoc
index 484eed85dcd8..d286f61c376e 100644
--- a/modules/ossm-mixer-policy.adoc
+++ b/modules/ossm-mixer-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-mixer-policy_{context}"]
 = Updating Mixer policy enforcement
 
diff --git a/modules/ossm-networkpolicy-overview.adoc b/modules/ossm-networkpolicy-overview.adoc
index ed157b06794d..643f8c7b7767 100644
--- a/modules/ossm-networkpolicy-overview.adoc
+++ b/modules/ossm-networkpolicy-overview.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 -service_mesh/v2x/ossm-traffic-manage.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-understanding-networkpolicy_{context}"]
 = Understanding network policies
 
diff --git a/modules/ossm-observability-access.adoc b/modules/ossm-observability-access.adoc
index c61de8ff4296..3b2245d1d672 100644
--- a/modules/ossm-observability-access.adoc
+++ b/modules/ossm-observability-access.adoc
@@ -3,7 +3,7 @@
 //* service_mesh/v1x/ossm-observability.adoc
 //* service_mesh/v2x/ossm-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-observability-access-console_{context}"]
 = Viewing service mesh data
 
diff --git a/modules/ossm-observability-addresses.adoc b/modules/ossm-observability-addresses.adoc
index 355adc42568d..d62e379f94c7 100644
--- a/modules/ossm-observability-addresses.adoc
+++ b/modules/ossm-observability-addresses.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-observability-addresses_{context}"]
 = Discovering console addresses
 
diff --git a/modules/ossm-observability-visual.adoc b/modules/ossm-observability-visual.adoc
index e2ee96f52791..499b909bb026 100644
--- a/modules/ossm-observability-visual.adoc
+++ b/modules/ossm-observability-visual.adoc
@@ -4,7 +4,7 @@ This module is included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-observability-visual_{context}"]
 = Viewing service mesh data in the Kiali console
 
diff --git a/modules/ossm-recommended-resources.adoc b/modules/ossm-recommended-resources.adoc
index 2eec069b83a9..1ba7cff12098 100644
--- a/modules/ossm-recommended-resources.adoc
+++ b/modules/ossm-recommended-resources.adoc
@@ -3,7 +3,7 @@ This module included in the following assemblies:
 - /v2x/ossm-performance-scalability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-recommended-resources_{context}"]
 = Setting limits on compute resources
 
diff --git a/modules/ossm-remove-cleanup-1x.adoc b/modules/ossm-remove-cleanup-1x.adoc
index 7a05554b5595..cf13ccf2dd38 100644
--- a/modules/ossm-remove-cleanup-1x.adoc
+++ b/modules/ossm-remove-cleanup-1x.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/installing-ossm.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-remove-cleanup-1x_{context}"]
 = Clean up Operator resources
 
diff --git a/modules/ossm-remove-cleanup.adoc b/modules/ossm-remove-cleanup.adoc
index c43fe4c5a94e..dbf7a0a4b9cf 100644
--- a/modules/ossm-remove-cleanup.adoc
+++ b/modules/ossm-remove-cleanup.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v2x/installing-ossm.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-remove-cleanup_{context}"]
 = Clean up Operator resources
 
@@ -47,7 +47,7 @@ $ oc -n openshift-operators delete ds -lmaistra-version
 +
 [source,terminal]
 ----
-$ oc delete clusterrole/istio-admin clusterrole/istio-cni clusterrolebinding/istio-cni
+$ oc delete clusterrole/istio-admin clusterrole/istio-cni clusterrolebinding/istio-cni clusterrole/ossm-cni clusterrolebinding/ossm-cni
 ----
 +
 [source,terminal]
@@ -87,10 +87,10 @@ $ oc delete cm -n openshift-operators maistra-operator-cabundle
 +
 [source,terminal]
 ----
-$ oc delete cm -n openshift-operators istio-cni-config istio-cni-config-v2-3
+$ oc delete cm -n openshift-operators -lmaistra-version
 ----
 +
 [source,terminal]
 ----
-$ oc delete sa -n openshift-operators istio-cni
+$ oc delete sa -n openshift-operators -lmaistra-version
 ----
diff --git a/modules/ossm-remove-operators.adoc b/modules/ossm-remove-operators.adoc
index d648cf4694ec..350522ad726c 100644
--- a/modules/ossm-remove-operators.adoc
+++ b/modules/ossm-remove-operators.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/installing-ossm.adoc
 // * service_mesh/v2x/installing-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-operatorhub-remove-operators_{context}"]
 = Removing the installed Operators
 
diff --git a/modules/ossm-rn-fixed-issues.adoc b/modules/ossm-rn-fixed-issues.adoc
index 5659952f7d95..fdf6779dc02d 100644
--- a/modules/ossm-rn-fixed-issues.adoc
+++ b/modules/ossm-rn-fixed-issues.adoc
@@ -2,7 +2,7 @@
 Module included in the following assemblies:
 * service_mesh/v2x/servicemesh-release-notes.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-rn-fixed-issues_{context}"]
 = Fixed issues
 
@@ -14,13 +14,55 @@ Provide the following info for each issue if possible:
 *Result* - How has the behavior changed as a result? Try to avoid “It is fixed” or “The issue is resolved” or “The error no longer presents”.
 ////
 
-The following issues been resolved in the current release:
+The following issue has been resolved in the current release:
+
+* https://issues.redhat.com/browse/OSSM-3647[OSSM-3647] Previously, in the {SMProductShortName} control plane (SMCP) v2.2 (Istio 1.12), WasmPlugins were applied only to inbound listeners. Since SMCP v2.3 (Istio 1.14), WasmPlugins have been applied to inbound and outbound listeners by default, which introduced regression for users of the 3scale WasmPlugin. Now, the environment variable `APPLY_WASM_PLUGINS_TO_INBOUND_ONLY` is added, which allows safe migration from SMCP v2.2 to v2.3 and v2.4. 
++
+The following setting should be added to the SMCP config:
++
+[source, yaml]
+----
+spec:
+  runtime:
+    components:
+      pilot:
+        container:
+          env:
+            APPLY_WASM_PLUGINS_TO_INBOUND_ONLY: "true"
+
+----
++
+To ensure safe migration, perform the following steps:
++
+--
+. Set `APPLY_WASM_PLUGINS_TO_INBOUND_ONLY` in SMCP v2.2.
+. Upgrade to 2.4.
+. Set `spec.match[].mode: SERVER` in WasmPlugins.
+. Remove the previously-added environment variable.
+--
+
+The following issues have been resolved in previous releases:
 
 [id="ossm-rn-fixed-issues-ossm_{context}"]
 == {SMProductShortName} fixed issues
 
+* https://issues.redhat.com/browse/OSSM-4851[OSSM-4851] Previously, an error occurred in the operator deploying new pods in a namespace scoped inside the mesh when `runAsGroup`, `runAsUser`, or `fsGroup` parameters were `nil`. Now, a yaml validation has been added to avoid the `nil` value.
+
+* https://issues.redhat.com/browse/OSSM-3771[OSSM-3771] Previously, OpenShift routes could not be disabled for additional ingress gateways defined in a Service Mesh Control Plane (SMCP). Now, a `routeConfig` block can be added to each `additionalIngress` gateway so the creation of OpenShift routes can be enabled or disabled for each gateway.
+
+* https://issues.redhat.com/browse/OSSM-4197[OSSM-4197] Previously, if you deployed a v2.2 or v2.1 of the 'ServiceMeshControlPlane' resource, the `/etc/cni/multus/net.d/` directory was not created. As a result, the `istio-cni` pod failed to become ready, and the `istio-cni` pods log contained the following message:
++
+[source,terminal]
+----
+$ error   Installer exits with open /host/etc/cni/multus/net.d/v2-2-istio-cni.kubeconfig.tmp.841118073: no such file or directory
+----
++
+Now, if you deploy a v2.2 or v2.1 of the 'ServiceMeshControlPlane' resource, the `/etc/cni/multus/net.d/` directory is created, and the `istio-cni` pod becomes ready.
+
 * https://issues.redhat.com/browse/OSSM-3993[OSSM-3993] Previously, Kiali only supported OpenShift OAuth via a proxy on the standard HTTPS port of `443`. Now, Kiali supports OpenShift OAuth over a non-standard HTTPS port. To enable the port, you must set the `spec.server.web_port` field to the proxy's non-standard HTTPS port in the Kiali CR.
 
+* https://issues.redhat.com/browse/OSSM-3936[OSSM-3936] Previously, the values for the `injection_label_rev` and `injection_label_name` attributes were hardcoded. This prevented custom configurations from taking effect in the Kiali Custom Resource Definition (CRD). Now, the attribute values are not hardcoded. You can customize the values for the `injection_label_rev` and `injection_label_name` attributes in the `spec.istio_labels` specification.
+
 * https://issues.redhat.com/browse/OSSM-3644[OSSM-3644] Previously, the federation egress-gateway received the wrong update of network gateway endpoints, causing extra endpoint entries. Now, the federation-egress gateway has been updated on the server side so it receives the correct network gateway endpoints.
 
 * https://issues.redhat.com/browse/OSSM-3595[OSSM-3595] Previously, the `istio-cni` plugin sometimes failed on {op-system-base} because SELinux did not allow the utility `iptables-restore` to open files in the `/tmp` directory. Now, SELinux passes `iptables-restore` via `stdin` input stream instead of via a file.
@@ -45,7 +87,7 @@ This is fixed by using the Kiali SA to fetch the cluster version. This also allo
 
 * https://issues.redhat.com/browse/OSSM-2335[OSSM-2335] Dragging the mouse pointer over the Traces scatterchart plot sometimes caused the Kiali console to stop responding due to concurrent backend requests.
 
-* https://issues.redhat.com/browse/OSSM-2221[OSSM-2221] Previously, gateway injection in the `ServiceMeshControlPlane` namespace was not possible because the `ignore-namespace` label was applied to the namespace by default. 
+* https://issues.redhat.com/browse/OSSM-2221[OSSM-2221] Previously, gateway injection in the `ServiceMeshControlPlane` namespace was not possible because the `ignore-namespace` label was applied to the namespace by default.
 +
 When creating a v2.4 control plane, the namespace no longer has the `ignore-namespace` label applied, and gateway injection is possible.
 +
diff --git a/modules/ossm-rn-known-issues.adoc b/modules/ossm-rn-known-issues.adoc
index 412d9d9dd7c0..7202de8c4cae 100644
--- a/modules/ossm-rn-known-issues.adoc
+++ b/modules/ossm-rn-known-issues.adoc
@@ -2,7 +2,7 @@
 Module included in the following assemblies:
 * service_mesh/v2x/servicemesh-release-notes.adoc
 ////
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-rn-known-issues_{context}"]
 = Known issues
 
@@ -22,13 +22,13 @@ These limitations exist in {SMProductName}:
 * The first time you access related services such as {JaegerShortName} and Grafana, from the Kiali console, you must accept the certificate and re-authenticate using your {product-title} login credentials. This happens due to an issue with how the framework displays embedded pages in the console.
 
 ifndef::openshift-rosa[]
-* The Bookinfo sample application cannot be installed on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}.
+* The Bookinfo sample application cannot be installed on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}.
 
-* WebAssembly extensions are not supported on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}.
+* WebAssembly extensions are not supported on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}.
 
-* LuaJIT is not supported on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}.
+* LuaJIT is not supported on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}.
 
-* Single stack IPv6 support is not available on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}.
+* Single stack IPv6 support is not available on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}.
 endif::openshift-rosa[]
 
 [id="ossm-rn-known-issues-ossm_{context}"]
@@ -44,7 +44,7 @@ These are the known issues in {SMProductName}:
 2023-05-02T15:20:42.616450Z	info	kube	controller "gateway.networking.k8s.io/v1alpha2/TCPRoute" is syncing...
 ----
 +
-To support Gateway API in a multitenant mesh deployment, all Gateway API Custom Resource Definition (CRD) files must be present in the cluster. 
+To support Gateway API in a multitenant mesh deployment, all Gateway API Custom Resource Definition (CRD) files must be present in the cluster.
 +
 In a multitenant mesh deployment, CRD scan is disabled, and Istio has no way to discover which CRDs are present in a cluster. As a result, Istio attempts to watch all supported Gateway API CRDs, but generates errors if some of those CRDs are not present.
 +
@@ -132,7 +132,7 @@ endif::openshift-rosa[]
 * link:https://issues.redhat.com/browse/MAISTRA-2692[MAISTRA-2692] With Mixer removed, custom metrics that have been defined in {SMProductShortName} 2.0.x cannot be used in 2.1. Custom metrics can be configured using `EnvoyFilter`. Red Hat is unable to support `EnvoyFilter` configuration except where explicitly documented. This is due to tight coupling with the underlying Envoy APIs, meaning that backward compatibility cannot be maintained.
 ifndef::openshift-rosa[]
 
-* link:https://issues.redhat.com/browse/MAISTRA-2648[MAISTRA-2648] Service mesh extensions are currently not compatible with meshes deployed on {ibmzProductName}.
+* link:https://issues.redhat.com/browse/MAISTRA-2648[MAISTRA-2648] Service mesh extensions are currently not compatible with meshes deployed on {ibm-z-name}.
 endif::openshift-rosa[]
 
 * link:https://issues.jboss.org/browse/MAISTRA-1959[MAISTRA-1959] _Migration to 2.0_ Prometheus scraping (`spec.addons.prometheus.scrape` set to `true`) does not work when mTLS is enabled. Additionally, Kiali displays extraneous graph data when mTLS is disabled.
diff --git a/modules/ossm-rn-new-features-1x.adoc b/modules/ossm-rn-new-features-1x.adoc
index 23ceefc95ed5..00da59bfe4f2 100644
--- a/modules/ossm-rn-new-features-1x.adoc
+++ b/modules/ossm-rn-new-features-1x.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 * service_mesh/v1x/servicemesh-release-notes.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-rn-new-features-1x_{context}"]
 = New Features
 
diff --git a/modules/ossm-rn-new-features.adoc b/modules/ossm-rn-new-features.adoc
index 1382db149ac2..eea06853ee40 100644
--- a/modules/ossm-rn-new-features.adoc
+++ b/modules/ossm-rn-new-features.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 * service_mesh/v2x/servicemesh-release-notes.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-rn-new-features_{context}"]
 = New features and enhancements
 
@@ -15,6 +15,142 @@ Module included in the following assemblies:
 
 This release adds improvements related to the following components and concepts.
 
+== New features {SMProductName} version 2.4.5
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.11 and later versions.
+
+=== Component versions included in {SMProductName} version 2.4.5
+//Component table updated for 2.4.5, 2.3.9, and 2.2.12
+//Kiali updated to 1.65.11 Nov 8, 2023
+//According to Distributed Tracing rel notes, Jaeger is unchanged
+//Envoy remains unchanged
+//Istio remains unchanged
+|===
+|Component |Version
+
+|Istio
+|1.16.7
+
+|Envoy Proxy
+|1.24.12
+
+|Jaeger
+|1.47.0
+
+|Kiali
+|1.65.11
+|===
+//Component table updated for 2.4.5, 2.3.9, and 2.2.12
+
+== New features {SMProductName} version 2.4.4
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.11 and later versions.
+
+=== Component versions included in {SMProductName} version 2.4.4
+//Istio stays the same
+//Envoy updated to 1.24.12
+//According to distributed tracing release 2.9, the latest at time of OSSM 2.4.4, Jaeger has been updated to 1.47.0
+//Kiali updated to 1.65.9 
+//Kiali updated to 1.65.10 on 10/31/2023 due to security fix 
+|===
+|Component |Version
+
+|Istio
+|1.16.7
+
+|Envoy Proxy
+|1.24.12
+
+|Jaeger
+|1.47.0
+
+|Kiali
+|1.65.10
+|===
+//Components updated for 2.4.4
+
+== New features {SMProductName} version 2.4.3
+
+* The {SMProductName} Operator is now available on ARM-based clusters as a Technology Preview feature.
+* The `envoyExtAuthzGrpc` field has been added, which is used to configure an external authorization provider using the gRPC API.
+* Common Vulnerabilities and Exposures (CVEs) have been addressed.
+* This release is supported on {product-title} 4.10 and newer versions.
+
+=== Component versions included in {SMProductName} version 2.4.3
+//THESE MAY NEED TO BE UPDATED FOR 2.4.3
+//Kiali updated to 1.65.8 on 09/06/2023
+//09/06/2023: According to distributed tracing release notes, Jaeger component version remains unchanged.
+|===
+|Component |Version
+
+|Istio
+|1.16.7
+
+|Envoy Proxy
+|1.24.10
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.65.8
+|===
+//COMPONENTS ABOVE MAY NEED TO BE UPDATED FOR 2.4.3
+
+=== {SMProductName} operator to ARM-based clusters
+:FeatureName: {SMProductName} operator to ARM based clusters
+include::snippets/technology-preview.adoc[]
+
+This release makes the {SMProductName} Operator available on ARM-based clusters as a Technology Preview feature. Images are available for Istio, Envoy, Prometheus, Kiali, and Grafana. Images are not available for Jaeger, so Jaeger must be disabled as a {SMProductShortName} add-on.
+
+=== Remote Procedure Calls (gRPC) API support for external authorization configuration
+
+This enhancement adds the `envoyExtAuthzGrpc` field to configure an external authorization provider using the gRPC API.
+
+== New features {SMProductName} version 2.4.2
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.4.2
+
+|===
+|Component |Version
+
+|Istio
+|1.16.7
+
+|Envoy Proxy
+|1.24.10
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.65.7
+|===
+
+== New features {SMProductName} version 2.4.1
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.4.1
+
+|===
+|Component |Version
+
+|Istio
+|1.16.5
+
+|Envoy Proxy
+|1.24.8
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.65.7
+|===
+
 == New features {SMProductName} version 2.4
 
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
@@ -46,7 +182,7 @@ This enhancement introduces a generally available version of the `meshConfig.dis
 [source,yaml]
 ----
 spec:
-  meshConfig    
+  meshConfig
     discoverySelectors:
     - matchLabels:
         env: prod
@@ -64,21 +200,21 @@ With this update, {SMProductName} integrates with the `cert-manager` controller
 
 [NOTE]
 ====
-Integration with `cert-manager` and `istio-csr` is not supported on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}.
+Integration with `cert-manager` and `istio-csr` is not supported on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}.
 ====
 
-=== Integration with external authorization systems 
+=== Integration with external authorization systems
 This enhancement introduces a generally available method of integrating {SMProductName} with external authorization systems by using the `action: CUSTOM` field of the `AuthorizationPolicy` resource. Use the `envoyExtAuthzHttp` field to delegate the access control to an external authorization system.
 
 === Integration with external Prometheus installation
 
-This enhancement introduces a generally available version of the Prometheus extension provider. You can expose metrics to the {product-title} monitoring stack or a custom Prometheus installation by setting the value of the `extensionProviders` field to `prometheus` in the `spec.meshConfig` specification. The telemetry object configures Istio proxies to collect traffic metrics. {SMProductShortName} only supports the Telemetry API for Prometheus metrics. 
+This enhancement introduces a generally available version of the Prometheus extension provider. You can expose metrics to the {product-title} monitoring stack or a custom Prometheus installation by setting the value of the `extensionProviders` field to `prometheus` in the `spec.meshConfig` specification. The telemetry object configures Istio proxies to collect traffic metrics. {SMProductShortName} only supports the Telemetry API for Prometheus metrics.
 
 [source,yaml]
 ----
 spec:
   meshConfig:
-    extenstionProviders:
+    extensionProviders:
     - name: prometheus
       prometheus: {}
 ---
@@ -98,11 +234,11 @@ This enhancement introduces generally available support for single stack IPv6 cl
 
 [NOTE]
 ====
-Single stack IPv6 support is not available on {ibmpowerProductName}, {ibmzProductName}, and {linuxoneProductName}.
+Single stack IPv6 support is not available on {ibm-power-name}, {ibm-z-name}, and {ibm-linuxone-name}.
 ====
 
 === {product-title} Gateway API support
-
+:FeatureName: {product-title} Gateway API support
 include::snippets/technology-preview.adoc[]
 
 This enhancement introduces an updated Technology Preview version of the {product-title} Gateway API. By default, the {product-title} Gateway API is disabled.
@@ -133,12 +269,16 @@ spec:
             PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER: "true"
 ----
 
+ifndef::openshift-rosa[]
+
 === Control plane deployment on infrastructure nodes
 {SMProductShortName} control plane deployment is now supported and documented on OpenShift infrastructure nodes. For more information, see the following documentation:
 
 * Configuring all {SMProductShortName} control plane components to run on infrastructure nodes
 * Configuring individual {SMProductShortName} control plane components to run on infrastructure nodes
 
+endif::openshift-rosa[]
+
 === Istio 1.16 support
 {SMProductShortName} 2.4 is based on Istio 1.16, which brings in new features and product enhancements. While many Istio 1.16 features are supported, the following exceptions should be noted:
 
@@ -146,6 +286,124 @@ spec:
 * {SMProductShortName} on ARM64 architecture is not supported.
 * OpenTelemetry API remains a Technology Preview feature.
 
+== New features {SMProductName} version 2.3.9
+//Update with 2.4.5
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.11 and later versions.
+
+=== Component versions included in {SMProductName} version 2.3.9
+//Updated with 2.4.5
+//Kiali updated to 1.57.14 Nov 8
+|===
+|Component |Version
+
+|Istio
+|1.14.5
+
+|Envoy Proxy
+|1.22.11
+
+|Jaeger
+|1.47.0
+
+|Kiali
+|1.57.14
+|===
+
+
+== New features {SMProductName} version 2.3.8
+//Update with 2.4.4
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.11 and later versions.
+
+=== Component versions included in {SMProductName} version 2.3.8
+//Istio for 2.3.8 is now 1.14.5
+//Kiali is 1.57.13
+//Jaeger is 1.47.0
+//Envoy stays the same
+|===
+|Component |Version
+
+|Istio
+|1.14.5
+
+|Envoy Proxy
+|1.22.11
+
+|Jaeger
+|1.47.0
+
+|Kiali
+|1.57.13
+|===
+//Components updated for 2.3.8 as part of 2.4.4 update
+
+== New features {SMProductName} version 2.3.7
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.3.7
+
+|===
+|Component |Version
+
+|Istio
+|1.14.6
+
+|Envoy Proxy
+|1.22.11
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.57.11
+|===
+
+== New features {SMProductName} version 2.3.6
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.3.6
+
+|===
+|Component |Version
+
+|Istio
+|1.14.5
+
+|Envoy Proxy
+|1.22.11
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.57.10
+|===
+
+== New features {SMProductName} version 2.3.5
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.3.5
+
+|===
+|Component |Version
+
+|Istio
+|1.14.5
+
+|Envoy Proxy
+|1.22.9
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.57.10
+|===
+
 == New features {SMProductName} version 2.3.4
 
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
@@ -332,6 +590,123 @@ Additionally, the SMMR must also be configured for cluster-wide deployment. This
 ----
 <1> Adds all namespaces to the mesh, including any namespaces you subsequently create. The following namespaces are not part of the mesh: kube, openshift, kube-* and openshift-*.
 
+== New features {SMProductName} version 2.2.12
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.11 and later versions.
+
+=== Component versions included in {SMProductName} version 2.2.12
+//2.2.12 released with 2.4.5
+//Kiali updated to 1.48.11 Nov 8
+|===
+|Component |Version
+
+|Istio
+|1.12.9
+
+|Envoy Proxy
+|1.20.8
+
+|Jaeger
+|1.47.0
+
+|Kiali
+|1.48.11
+|===
+//2.2.12 being released with 2.4.5
+
+
+== New features {SMProductName} version 2.2.11
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.11 and later versions.
+
+=== Component versions included in {SMProductName} version 2.2.11
+//Istio remains the same
+//Kiali updated to 1.48.10
+//Jaeger updated to 1.47.0
+//Envoy remains the same
+|===
+|Component |Version
+
+|Istio
+|1.12.9
+
+|Envoy Proxy
+|1.20.8
+
+|Jaeger
+|1.47.0
+
+|Kiali
+|1.48.10
+|===
+//Components updated for 2.2.11 with 2.4.4 release
+
+== New features {SMProductName} version 2.2.10
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.2.10
+
+|===
+|Component |Version
+
+|Istio
+|1.12.9
+
+|Envoy Proxy
+|1.20.8
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.48.8
+|===
+
+== New features {SMProductName} version 2.2.9
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.2.9
+
+|===
+|Component |Version
+
+|Istio
+|1.12.9
+
+|Envoy Proxy
+|1.20.8
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.48.7
+|===
+
+== New features {SMProductName} version 2.2.8
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
+
+=== Component versions included in {SMProductName} version 2.2.8
+
+|===
+|Component |Version
+
+|Istio
+|1.12.9
+
+|Envoy Proxy
+|1.20.8
+
+|Jaeger
+|1.42.0
+
+|Kiali
+|1.48.7
+|===
+
 == New features {SMProductName} version 2.2.7
 
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), contains bug fixes, and is supported on {product-title} 4.10 and later versions.
@@ -547,7 +922,7 @@ Kubernetes Gateway API is a technology preview feature that is disabled by defau
 If the Kubernetes API deployment controller is enabled, then an ingress gateway automatically deploys when a Gateway object is created.
 
 ==== Installing the Gateway API CRDs
-The Gateway API CRDs do not come pre-installed by default on OpenShift clusters. Install the CRDs prior to enabling Gateway API support in the SMCP.
+The Gateway API CRDs do not come preinstalled by default on OpenShift clusters. Install the CRDs prior to enabling Gateway API support in the SMCP.
 
 [source,terminal]
 ----
@@ -1277,7 +1652,7 @@ In addition, this release has the following new features:
 == New features {SMProductName} 2.0.2
 
 ifndef::openshift-rosa[]
-This release of {SMProductName} adds support for IBM Z and IBM Power Systems. It also addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+This release of {SMProductName} adds support for {ibm-z-name} and {ibm-power-name} Systems. It also addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
 endif::openshift-rosa[]
 ifdef::openshift-rosa[]
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
diff --git a/modules/ossm-routing-bookinfo-applying.adoc b/modules/ossm-routing-bookinfo-applying.adoc
index 7d70d18ced42..c76ebd5f5825 100644
--- a/modules/ossm-routing-bookinfo-applying.adoc
+++ b/modules/ossm-routing-bookinfo-applying.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-routing-bookinfo-applying_{context}"]
 = Applying a virtual service
 
diff --git a/modules/ossm-routing-bookinfo-route.adoc b/modules/ossm-routing-bookinfo-route.adoc
index daf9cd40eb24..1ea2b2edff12 100644
--- a/modules/ossm-routing-bookinfo-route.adoc
+++ b/modules/ossm-routing-bookinfo-route.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-routing-bookinfo-route_{context}"]
 = Route based on user identity
 
diff --git a/modules/ossm-routing-bookinfo-test.adoc b/modules/ossm-routing-bookinfo-test.adoc
index 1db1d465d6c0..9b3bd66523c8 100644
--- a/modules/ossm-routing-bookinfo-test.adoc
+++ b/modules/ossm-routing-bookinfo-test.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-routing-bookinfo-test_{context}"]
 = Testing the new route configuration
 
diff --git a/modules/ossm-routing-destination-rules.adoc b/modules/ossm-routing-destination-rules.adoc
index c597871d72bc..6dabd3cae09f 100644
--- a/modules/ossm-routing-destination-rules.adoc
+++ b/modules/ossm-routing-destination-rules.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-routing-destination-rules_{context}"]
 = Understanding destination rules
 
diff --git a/modules/ossm-routing-gateways.adoc b/modules/ossm-routing-gateways.adoc
index a3c73f4a8336..29af7f8396e3 100644
--- a/modules/ossm-routing-gateways.adoc
+++ b/modules/ossm-routing-gateways.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-routing-ingress-gateway_{context}"]
 = Configuring an ingress gateway
 
diff --git a/modules/ossm-routing-ingress.adoc b/modules/ossm-routing-ingress.adoc
index ad42d9947900..de0e5d40c13f 100644
--- a/modules/ossm-routing-ingress.adoc
+++ b/modules/ossm-routing-ingress.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-routing-ingress_{context}"]
 = Managing ingress traffic
 
diff --git a/modules/ossm-routing-service-entries.adoc b/modules/ossm-routing-service-entries.adoc
index 962358f65013..38108bdb4af8 100644
--- a/modules/ossm-routing-service-entries.adoc
+++ b/modules/ossm-routing-service-entries.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-routing-service-entries_{context}"]
 = Understanding service entries
 
diff --git a/modules/ossm-routing-sidecar.adoc b/modules/ossm-routing-sidecar.adoc
index 4182aac4f6d9..df37a441e61f 100644
--- a/modules/ossm-routing-sidecar.adoc
+++ b/modules/ossm-routing-sidecar.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-routing-sidecar_{context}"]
 = Configuring sidecars for traffic management
 
diff --git a/modules/ossm-routing-virtual-service.adoc b/modules/ossm-routing-virtual-service.adoc
index 1a29033a7ae4..1856be2fc115 100644
--- a/modules/ossm-routing-virtual-service.adoc
+++ b/modules/ossm-routing-virtual-service.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/ossm-traffic-manage.adoc
 // * service_mesh/v2x/ossm-traffic-manage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 
 [id="ossm-routing-virtual-services_{context}"]
 = Using VirtualServices
diff --git a/modules/ossm-security-auth-policy.adoc b/modules/ossm-security-auth-policy.adoc
index 863f1a9fe5cc..960cb9e3ebc8 100644
--- a/modules/ossm-security-auth-policy.adoc
+++ b/modules/ossm-security-auth-policy.adoc
@@ -3,7 +3,7 @@ Module included in the following assemblies:
 -service_mesh/v2x/ossm-security.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-vs-istio_{context}"]
 = Configuring Role Based Access Control (RBAC)
 
diff --git a/modules/ossm-security-cert-manage.adoc b/modules/ossm-security-cert-manage.adoc
index 42f0eab703c9..6afdadafe4c6 100644
--- a/modules/ossm-security-cert-manage.adoc
+++ b/modules/ossm-security-cert-manage.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-security.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-cert-manage_{context}"]
 = Adding an external certificate authority key and certificate
 
diff --git a/modules/ossm-security-mtls.adoc b/modules/ossm-security-mtls.adoc
index 7df6f5e70a98..1003be6ee70a 100644
--- a/modules/ossm-security-mtls.adoc
+++ b/modules/ossm-security-mtls.adoc
@@ -2,12 +2,12 @@
 //
 // * service_mesh/v2x/ossm-config.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-security-mtls_{context}"]
 = About mutual Transport Layer Security (mTLS)
 
 Mutual Transport Layer Security (mTLS) is a protocol that enables two parties to authenticate each other. It is the default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS). You can use mTLS without changes to the application or service code. The TLS is handled entirely by the service mesh infrastructure and between the two sidecar proxies.
 
-By default, mTLS in {SMProductName} is enabled and set to permissive mode, where the sidecars in {SMProductShortName} accept both plain-text traffic and connections that are encrypted using mTLS. If a service in your mesh is communicating with a service outside the mesh, strict mTLS could break communication between those services. Use permissive mode while you migrate your workloads to {SMProductShortName}. Then, you can enable strict mTLS across your mesh, namespace, or application.
+By default, mTLS in {SMProductName} is enabled and set to permissive mode, where the sidecars in {SMProductShortName} accept both plain-text traffic and connections that are encrypted using mTLS. If a service in your mesh configured to use strict mTLS is communicating with a service outside the mesh, communication might break between those services because strict mTLS requires both the client and the server to be able to verify the identify of each other. Use permissive mode while you migrate your workloads to {SMProductShortName}. Then, you can enable strict mTLS across your mesh, namespace, or application.
 
 Enabling mTLS across your mesh at the {SMProductShortName} control plane level secures all the traffic in your service mesh without rewriting your applications and workloads. You can secure namespaces in your mesh at the data plane level in the `ServiceMeshControlPlane` resource. To customize traffic encryption connections, configure namespaces at the application level with `PeerAuthentication` and `DestinationRule` resources.
diff --git a/modules/ossm-sidecar-injection-env-var.adoc b/modules/ossm-sidecar-injection-env-var.adoc
index e2f2131efe87..3a48fd93971f 100644
--- a/modules/ossm-sidecar-injection-env-var.adoc
+++ b/modules/ossm-sidecar-injection-env-var.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
 // * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-sidecar-injection-env-var_{context}"]
 = Setting proxy environment variables through annotations
 
diff --git a/modules/ossm-sidecar-validate-kiali.adoc b/modules/ossm-sidecar-validate-kiali.adoc
index b6d7fb780cd7..f82035fad7dc 100644
--- a/modules/ossm-sidecar-validate-kiali.adoc
+++ b/modules/ossm-sidecar-validate-kiali.adoc
@@ -2,14 +2,14 @@
 This module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-validating-sidecar_{context}"]
 = Validating sidecar injection
 
 The Kiali console offers several ways to validate whether or not your applications, services, and workloads have a sidecar proxy.
 
 .Missing sidecar badge
-image::ossm-node-badge-missing-sidecar.svg[Missing Sidecar badge]
+image::ossm-node-badge-missing-sidecar.png[Missing Sidecar badge]
 
 The *Graph* page displays a node badge indicating a *Missing Sidecar* on the following graphs:
 
diff --git a/modules/ossm-smcp-prod.adoc b/modules/ossm-smcp-prod.adoc
index ecaa6c92e099..7aca6d334b64 100644
--- a/modules/ossm-smcp-prod.adoc
+++ b/modules/ossm-smcp-prod.adoc
@@ -2,7 +2,7 @@
 //
 // * service_mesh/v2x/ossm-deploy-production.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-smcp-prod_{context}"]
 = Configuring your ServiceMeshControlPlane resource for production
 
diff --git a/modules/ossm-supported-configurations.adoc b/modules/ossm-supported-configurations.adoc
index 8dee04ee4d8c..bd817b93269d 100644
--- a/modules/ossm-supported-configurations.adoc
+++ b/modules/ossm-supported-configurations.adoc
@@ -4,7 +4,7 @@
 // * service_mesh/v2x/servicemesh-release-notes.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-supported-configurations_{context}"]
 = Supported configurations
 
@@ -43,9 +43,9 @@ Explicitly unsupported cases include:
 == Supported configurations for {SMProductShortName}
 
 ifndef::openshift-rosa[]
-* This release of {SMProductName} is only available on {product-title} x86_64, {ibmzProductName}, and {ibmpowerProductName}.
-** {ibmzProductName} is only supported on {product-title} 4.10 and later.
-** {ibmpowerProductName} is only supported on {product-title} 4.10 and later.
+* This release of {SMProductName} is only available on {product-title} x86_64, {ibm-z-name}, and {ibm-power-name}.
+** {ibm-z-name} is only supported on {product-title} 4.10 and later.
+** {ibm-power-name} is only supported on {product-title} 4.10 and later.
 endif::openshift-rosa[]
 ifdef::openshift-rosa[]
 * This release of {SMProductName} is only available on {product-title} x86_64.
@@ -57,7 +57,8 @@ endif::openshift-rosa[]
 [id="ossm-supported-configurations-kiali_{context}"]
 == Supported configurations for Kiali
 
-* The Kiali console is only supported on the two most recent releases of the Chrome, Edge, Firefox, or Safari browsers.
+* The Kiali console is only supported on the two most recent releases of the Google Chrome, Microsoft Edge, Mozilla Firefox, or Apple Safari browsers.
+* The `openshift` authentication strategy is the only supported authentication configuration when Kiali is deployed with {SMProductName} (OSSM). The `openshift` strategy controls access based on the individual's role-based access control (RBAC) roles of the {product-title}.
 
 [id="ossm-supported-configurations-jaeger_{context}"]
 == Supported configurations for Distributed Tracing
diff --git a/modules/ossm-threescale-applying-external-service-entry-objects.adoc b/modules/ossm-threescale-applying-external-service-entry-objects.adoc
index d25c8b62e827..949f9fad1ec0 100644
--- a/modules/ossm-threescale-applying-external-service-entry-objects.adoc
+++ b/modules/ossm-threescale-applying-external-service-entry-objects.adoc
@@ -2,7 +2,7 @@
 //
 // service_mesh/v2x/ossm-threescale-webassembly-module.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-applying-external-service-entry-objects_{context}"]
 = Applying 3scale external ServiceEntry objects
 
diff --git a/modules/ossm-threescale-integrate-1x.adoc b/modules/ossm-threescale-integrate-1x.adoc
index 5013ce306e20..863932aa7fb9 100644
--- a/modules/ossm-threescale-integrate-1x.adoc
+++ b/modules/ossm-threescale-integrate-1x.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/threescale_adapter/threescale-adapter.adoc
 // * service_mesh/v2x/threescale_adapter/threescale-adapter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-integrate-1x_{context}"]
 = Integrate the 3scale adapter with {SMProductName}
 
diff --git a/modules/ossm-threescale-integrate.adoc b/modules/ossm-threescale-integrate.adoc
index 56693a894d92..e5a5194752f7 100644
--- a/modules/ossm-threescale-integrate.adoc
+++ b/modules/ossm-threescale-integrate.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/threescale_adapter/threescale-adapter.adoc
 // * service_mesh/v2x/threescale_adapter/threescale-adapter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-integrate_{context}"]
 = Integrate the 3scale adapter with {SMProductName}
 
diff --git a/modules/ossm-threescale-integration-settings.adoc b/modules/ossm-threescale-integration-settings.adoc
index b3a92dfc8a21..5940a1687add 100644
--- a/modules/ossm-threescale-integration-settings.adoc
+++ b/modules/ossm-threescale-integration-settings.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/threescale_adapter/threescale-adapter.adoc
 // * service_mesh/v2x/threescale_adapter/threescale-adapter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-integration-settings_{context}"]
 = Configure the integration settings in 3scale
 
diff --git a/modules/ossm-threescale-istio-adapter-verification.adoc b/modules/ossm-threescale-istio-adapter-verification.adoc
index cf6fb326abf6..cd87e245ae1f 100644
--- a/modules/ossm-threescale-istio-adapter-verification.adoc
+++ b/modules/ossm-threescale-istio-adapter-verification.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/threescale_adapter/threescale-adapter.adoc
 // * service_mesh/v2x/threescale_adapter/threescale-adapter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-istio-adapter-verification_{context}"]
 = 3scale Istio adapter verification
 
diff --git a/modules/ossm-threescale-routing.adoc b/modules/ossm-threescale-routing.adoc
index d340b0920b5c..60b231749155 100644
--- a/modules/ossm-threescale-routing.adoc
+++ b/modules/ossm-threescale-routing.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/threescale_adapter/threescale-adapter.adoc
 // * service_mesh/v2x/threescale_adapter/threescale-adapter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-routing_{context}"]
 = Routing service traffic through the adapter
 Follow these steps to drive traffic for your service through the 3scale adapter.
diff --git a/modules/ossm-threescale-templates.adoc b/modules/ossm-threescale-templates.adoc
index b064d1bede7b..3a7099115e65 100644
--- a/modules/ossm-threescale-templates.adoc
+++ b/modules/ossm-threescale-templates.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/threescale_adapter/threescale-adapter.adoc
 // * service_mesh/v2x/threescale_adapter/threescale-adapter.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-threescale-templates_{context}"]
 = Generate templates from URL examples
 
diff --git a/modules/ossm-threescale-webassembly-module-examples-for-credentials-use-cases.adoc b/modules/ossm-threescale-webassembly-module-examples-for-credentials-use-cases.adoc
index 7f6c5ad3bbf8..196a3a32fa52 100644
--- a/modules/ossm-threescale-webassembly-module-examples-for-credentials-use-cases.adoc
+++ b/modules/ossm-threescale-webassembly-module-examples-for-credentials-use-cases.adoc
@@ -202,7 +202,7 @@ credentials:
               head: 1
 ----
 
-The example instructs the module to use the `filter` source type to look up filter metadata for an object from the `Envoy`-specific `JWT` authentication native plugin. This plugin includes the `JWT` token as part of a structure object with a single entry and a pre-configured name. Use `0` to specify that you will only access the single entry.
+The example instructs the module to use the `filter` source type to look up filter metadata for an object from the `Envoy`-specific `JWT` authentication native plugin. This plugin includes the `JWT` token as part of a structure object with a single entry and a preconfigured name. Use `0` to specify that you will only access the single entry.
 
 The resulting value is a structure for which you will resolve two fields:
 
diff --git a/modules/ossm-troubleshooting-operators.adoc b/modules/ossm-troubleshooting-operators.adoc
index 3d3fc82d57db..a19e56d6c4b0 100644
--- a/modules/ossm-troubleshooting-operators.adoc
+++ b/modules/ossm-troubleshooting-operators.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/-ossm-troubleshooting-istio.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-troubleshooting-operators_{context}"]
 = Troubleshooting service mesh Operators
 
diff --git a/modules/ossm-troubleshooting-proxy.adoc b/modules/ossm-troubleshooting-proxy.adoc
index b2217f85484e..ce5cbab74cdc 100644
--- a/modules/ossm-troubleshooting-proxy.adoc
+++ b/modules/ossm-troubleshooting-proxy.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/-ossm-troubleshooting-istio.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-troubleshooting-proxy_{context}"]
 = Troubleshooting Envoy proxy
 
diff --git a/modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc b/modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc
index 3a5917d811bd..9edfc3ec8093 100644
--- a/modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc
+++ b/modules/ossm-tutorial-bookinfo-adding-destination-rules.adoc
@@ -4,7 +4,7 @@ This PROCEDURE module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-tutorial-bookinfo-adding-destination-rules_{context}"]
 = Adding default destination rules
 
diff --git a/modules/ossm-tutorial-bookinfo-install.adoc b/modules/ossm-tutorial-bookinfo-install.adoc
index dab7a9b23565..ffecfa1f71f8 100644
--- a/modules/ossm-tutorial-bookinfo-install.adoc
+++ b/modules/ossm-tutorial-bookinfo-install.adoc
@@ -4,7 +4,7 @@ This PROCEDURE module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-tutorial-bookinfo-install_{context}"]
 = Installing the Bookinfo application
 
@@ -20,7 +20,7 @@ This tutorial walks you through how to create a sample application by creating a
 ifndef::openshift-rosa[]
 [NOTE]
 ====
-The Bookinfo sample application cannot be installed on {ibmzProductName} and {ibmpowerProductName}.
+The Bookinfo sample application cannot be installed on {ibm-z-name} and {ibm-power-name}.
 ====
 
 endif::openshift-rosa[]
diff --git a/modules/ossm-tutorial-bookinfo-removing.adoc b/modules/ossm-tutorial-bookinfo-removing.adoc
index acbc1e1c4114..b3b8e883d4f6 100644
--- a/modules/ossm-tutorial-bookinfo-removing.adoc
+++ b/modules/ossm-tutorial-bookinfo-removing.adoc
@@ -4,7 +4,7 @@ This PROCEDURE module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-tutorial-bookinfo-removing_{context}"]
 = Removing the Bookinfo application
 
diff --git a/modules/ossm-tutorial-bookinfo-verify-install.adoc b/modules/ossm-tutorial-bookinfo-verify-install.adoc
index 849fbeda7dd4..3ad8416f93fd 100644
--- a/modules/ossm-tutorial-bookinfo-verify-install.adoc
+++ b/modules/ossm-tutorial-bookinfo-verify-install.adoc
@@ -4,7 +4,7 @@ This PROCEDURE module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-tutorial-bookinfo-verify-install_{context}"]
 = Verifying the Bookinfo installation
 
diff --git a/modules/ossm-tutorial-grafana-accessing.adoc b/modules/ossm-tutorial-grafana-accessing.adoc
index 0e44f8601ef3..41aaf3a8e585 100644
--- a/modules/ossm-tutorial-grafana-accessing.adoc
+++ b/modules/ossm-tutorial-grafana-accessing.adoc
@@ -3,7 +3,7 @@ This PROCEDURE module included in the following assemblies:
 - ossm-tutorial-grafana.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-tutorial-grafana-accessing_{context}"]
 = Accessing the Grafana dashboard
 
diff --git a/modules/ossm-tutorial-jaeger-generating-traces.adoc b/modules/ossm-tutorial-jaeger-generating-traces.adoc
index c17a3322144e..955870225b21 100644
--- a/modules/ossm-tutorial-jaeger-generating-traces.adoc
+++ b/modules/ossm-tutorial-jaeger-generating-traces.adoc
@@ -4,7 +4,7 @@ This module is included in the following assemblies:
 * service_mesh/v2x/ossm-observability.adoc
 ////
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="generating-sample-traces-analyzing-trace-data_{context}"]
 = Generating example traces and analyzing trace data
 
diff --git a/modules/ossm-understanding-service-mesh.adoc b/modules/ossm-understanding-service-mesh.adoc
index 34df93e17de1..c77aea272015 100644
--- a/modules/ossm-understanding-service-mesh.adoc
+++ b/modules/ossm-understanding-service-mesh.adoc
@@ -4,7 +4,7 @@ Module included in the following assemblies:
 -service_mesh/v2x/ossm-architecture.adoc
 ////
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-understanding-service-mesh_{context}"]
 = Understanding service mesh
 
diff --git a/modules/ossm-understanding-versions.adoc b/modules/ossm-understanding-versions.adoc
index 91f6a3585277..0715a42d42ba 100644
--- a/modules/ossm-understanding-versions.adoc
+++ b/modules/ossm-understanding-versions.adoc
@@ -2,7 +2,7 @@
 // * service_mesh/v2x/upgrading-ossm.adoc
 // * service_mesh/v2x/ossm-troubleshooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-versions_{context}"]
 = Understanding Service Mesh versions
 
diff --git a/modules/ossm-update-app-sidecar.adoc b/modules/ossm-update-app-sidecar.adoc
index 2863f7a47119..9d665b589a78 100644
--- a/modules/ossm-update-app-sidecar.adoc
+++ b/modules/ossm-update-app-sidecar.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
 // * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-update-app-sidecar_{context}"]
 = Updating sidecar proxies
 
diff --git a/modules/ossm-updating-smcp.adoc b/modules/ossm-updating-smcp.adoc
index 0ff32b9e3e63..525dfbeb4950 100644
--- a/modules/ossm-updating-smcp.adoc
+++ b/modules/ossm-updating-smcp.adoc
@@ -3,7 +3,7 @@
 // * service_mesh/v1x/customizing-installation-ossm.adoc
 // * service_mesh/v2x/customizing-installation-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-control-plane-deploy-cli_{context}"]
 = Editing the ServiceMeshControlPlane with the CLI
 
diff --git a/modules/ossm-upgrade-20-21-changes.adoc b/modules/ossm-upgrade-20-21-changes.adoc
index d5665066c94c..d58830784e01 100644
--- a/modules/ossm-upgrade-20-21-changes.adoc
+++ b/modules/ossm-upgrade-20-21-changes.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-upgrade-20-21-changes_{context}"]
 = Upgrade changes from version 2.0 to version 2.1
 
diff --git a/modules/ossm-upgrade-21-22-changes.adoc b/modules/ossm-upgrade-21-22-changes.adoc
index 741e46b0e00f..086f511211fe 100644
--- a/modules/ossm-upgrade-21-22-changes.adoc
+++ b/modules/ossm-upgrade-21-22-changes.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-upgrade-21-22-changes_{context}"]
 = Upgrade changes from version 2.1 to version 2.2
 
diff --git a/modules/ossm-upgrade-22-23-changes.adoc b/modules/ossm-upgrade-22-23-changes.adoc
index 4f0fc056910f..709a3c1b32dc 100644
--- a/modules/ossm-upgrade-22-23-changes.adoc
+++ b/modules/ossm-upgrade-22-23-changes.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-upgrade-22-23-changes_{context}"]
 = Upgrade changes from version 2.2 to version 2.3
 
diff --git a/modules/ossm-upgrade-23-24-changes.adoc b/modules/ossm-upgrade-23-24-changes.adoc
index d8d41b32e4bf..9297e1acd0a9 100644
--- a/modules/ossm-upgrade-23-24-changes.adoc
+++ b/modules/ossm-upgrade-23-24-changes.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-upgrade-23-24-changes_{context}"]
 = Upgrade changes from version 2.3 to version 2.4
 
@@ -9,7 +9,7 @@ Upgrading the {SMProductShortName} control plane from version 2.3 to 2.4 introdu
 
 * Support for Istio OpenShift Routing (IOR) has been deprecated. IOR functionality is still enabled, but it will be removed in a future release.
 
-* The following cipher suites are no longer supported, and were removed from the list of ciphers used in client and server side TLS negotiations. 
+* The following cipher suites are no longer supported, and were removed from the list of ciphers used in client and server side TLS negotiations.
 
 ** ECDHE-ECDSA-AES128-SHA
 ** ECDHE-RSA-AES128-SHA
diff --git a/modules/ossm-upgrade-apps-workloads.adoc b/modules/ossm-upgrade-apps-workloads.adoc
index 050113fa2e28..7172f4efc727 100644
--- a/modules/ossm-upgrade-apps-workloads.adoc
+++ b/modules/ossm-upgrade-apps-workloads.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-upgrading-apps-workloads_{context}"]
 = Updating your applications and workloads
 
diff --git a/modules/ossm-upgrade-known-issues.adoc b/modules/ossm-upgrade-known-issues.adoc
index 034edbfcc1df..e0ba7472809e 100644
--- a/modules/ossm-upgrade-known-issues.adoc
+++ b/modules/ossm-upgrade-known-issues.adoc
@@ -1,12 +1,14 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ossm-upgrade-known-issues_{context}"]
 = Known issues that may affect upgrade
 
 Known issues that may affect your upgrade include:
 
+* When upgrading an Operator, custom configurations for Jaeger or Kiali might be reverted. Before upgrading an Operator, note any custom configuration settings for the Jaeger or Kiali objects in the {SMProductShortName} production deployment so that you can recreate them.
+
 * {SMProductName} does not support the use of `EnvoyFilter` configuration except where explicitly documented. This is due to tight coupling with the underlying Envoy APIs, meaning that backward compatibility cannot be maintained. If you are using Envoy Filters, and the configuration generated by Istio has changed due to the lastest version of Envoy introduced by upgrading your `ServiceMeshControlPlane`, that has the potential to break any `EnvoyFilter` you may have implemented.
 
 * https://issues.redhat.com/browse/OSSM-1505[OSSM-1505] `ServiceMeshExtension` does not work with {product-title} version 4.11. Because `ServiceMeshExtension` has been deprecated in {SMProductName} 2.2, this known issue will not be fixed and you must migrate your extensions to `WasmPluging`
diff --git a/modules/ossm-upgrading-operator.adoc b/modules/ossm-upgrading-operator.adoc
index 479ba1b163c3..557f9879a63f 100644
--- a/modules/ossm-upgrading-operator.adoc
+++ b/modules/ossm-upgrading-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-upgrading-operator_{context}"]
 = Upgrading the Operators
 
diff --git a/modules/ossm-upgrading-smcp.adoc b/modules/ossm-upgrading-smcp.adoc
index 995d407fe78f..4dd4fcb42958 100644
--- a/modules/ossm-upgrading-smcp.adoc
+++ b/modules/ossm-upgrading-smcp.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/upgrading-ossm.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-upgrading-smcp_{context}"]
 = Upgrading the Service Mesh control plane
 
diff --git a/modules/ossm-validate-encryption-kiali.adoc b/modules/ossm-validate-encryption-kiali.adoc
index 3a2402f03639..c3f827830a3c 100644
--- a/modules/ossm-validate-encryption-kiali.adoc
+++ b/modules/ossm-validate-encryption-kiali.adoc
@@ -2,7 +2,7 @@
 This module included in the following assemblies:
 * service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-validating-sidecar_{context}"]
 = Validating encryption with Kiali
 
diff --git a/modules/ossm-validate-smcp-cli.adoc b/modules/ossm-validate-smcp-cli.adoc
index d630781b1581..10b040764a1d 100644
--- a/modules/ossm-validate-smcp-cli.adoc
+++ b/modules/ossm-validate-smcp-cli.adoc
@@ -2,7 +2,7 @@
 This module is included in the following assemblies:
 * service_mesh/v2x/ossm-create-smcp.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-validate-control-plane-cli_{context}"]
 = Validating your SMCP installation with the CLI
 You can validate the creation of the `ServiceMeshControlPlane` from the command line.
diff --git a/modules/ossm-validate-smcp-kiali.adoc b/modules/ossm-validate-smcp-kiali.adoc
index 276b8b67ce78..070f8b5430cf 100644
--- a/modules/ossm-validate-smcp-kiali.adoc
+++ b/modules/ossm-validate-smcp-kiali.adoc
@@ -2,7 +2,7 @@
 This module is included in the following assemblies:
 * service_mesh/v2x/ossm-create-smcp.adoc
 ////
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-validate-control-plane-kiali_{context}"]
 = Validating your SMCP installation with Kiali
 
diff --git a/modules/ossm-validating-smcp.adoc b/modules/ossm-validating-smcp.adoc
index 3ca34c582400..89ad1917a171 100644
--- a/modules/ossm-validating-smcp.adoc
+++ b/modules/ossm-validating-smcp.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * service_mesh/v2x/-ossm-troubleshooting-istio.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ossm-validating-smcp_{context}"]
 = Validating the Service Mesh control plane installation
 
diff --git a/modules/ossm-vs-istio.adoc b/modules/ossm-vs-istio.adoc
index 491d93d5f448..da3c664dc383 100644
--- a/modules/ossm-vs-istio.adoc
+++ b/modules/ossm-vs-istio.adoc
@@ -2,7 +2,7 @@
 Module included in the following assemblies:
 -service_mesh/v2x/ossm-vs-community.adoc
 ////
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ossm-vs-istio_{context}"]
 = Differences between Istio and {SMProductName}
 
diff --git a/modules/otel-config-collector.adoc b/modules/otel-config-collector.adoc
new file mode 100644
index 000000000000..7e83edcb2cd9
--- /dev/null
+++ b/modules/otel-config-collector.adoc
@@ -0,0 +1,1257 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-configuring.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-collector-config-options_{context}"]
+= OpenTelemetry Collector configuration options
+
+The OpenTelemetry Collector consists of five types of components that access telemetry data:
+
+Receivers:: A receiver, which can be push or pull based, is how data gets into the Collector. Generally, a receiver accepts data in a specified format, translates it into the internal format, and passes it to processors and exporters defined in the applicable pipelines. By default, no receivers are configured. One or more receivers must be configured. Receivers may support one or more data sources.
+
+Processors:: Optional. Processors process the data between it is received and exported. By default, no processors are enabled. Processors must be enabled for every data source. Not all processors support all data sources. Depending on the data source, multiple processors might be enabled. Note that the order of processors matters.
+
+Exporters:: An exporter, which can be push or pull based, is how you send data to one or more back ends or destinations. By default, no exporters are configured. One or more exporters must be configured. Exporters can support one or more data sources. Exporters might be used with their default settings, but many exporters require configuration to specify at least the destination and security settings.
+
+Connectors:: A connector connects two pipelines. It consumes data as an exporter at the end of one pipeline and emits data as a receiver at the start of another pipeline. It can consume and emit data of the same or different data type. It can generate and emit data to summarize the consumed data, or it can merely replicate or route data.
+
+Extensions:: An extension adds capabilities to the Collector. For example, authentication can be added to the receivers and exporters automatically.
+
+You can define multiple instances of components in a custom resource YAML file. When configured, these components must be enabled through pipelines defined in the `spec.config.service` section of the YAML file. As a best practice, only enable the components that you need.
+
+.Example of the OpenTelemetry Collector custom resource file
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: cluster-collector
+  namespace: tracing-system
+spec:
+  mode: deployment
+  observability:
+    metrics:
+      enableMetrics: true
+  config: |
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+          http:
+    processors:
+    exporters:
+      otlp:
+        endpoint: jaeger-production-collector-headless.tracing-system.svc:4317
+        tls:
+          ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
+      prometheus:
+        endpoint: 0.0.0.0:8889
+        resource_to_telemetry_conversion:
+          enabled: true # by default resource attributes are dropped
+    service: # <1>
+      pipelines:
+        traces:
+          receivers: [otlp]
+          processors: []
+          exporters: [jaeger]
+        metrics:
+          receivers: [otlp]
+          processors: []
+          exporters: [prometheus]
+----
+<1> If a component is configured but not defined in the `service` section, the component is not enabled.
+
+.Parameters used by the Operator to define the OpenTelemetry Collector
+[options="header"]
+[cols="l, a, a, a"]
+|===
+|Parameter |Description |Values |Default
+|receivers:
+|A receiver is how data gets into the Collector. By default, no receivers are configured. There must be at least one enabled receiver for a configuration to be considered valid. Receivers are enabled by being added to a pipeline.
+|`otlp`, `jaeger`, `prometheus`, `zipkin`, `kafka`, `opencensus`
+|None
+
+|processors:
+|Processors run through the data between it is received and exported. By default, no processors are enabled.
+|`batch`, `memory_limiter`, `resourcedetection`, `attributes`, `span`, `k8sattributes`, `filter`, `routing`
+|None
+
+|exporters:
+|An exporter sends data to one or more back ends or destinations. By default, no exporters are configured. There must be at least one enabled exporter for a configuration to be considered valid. Exporters are enabled by being added to a pipeline. Exporters might be used with their default settings, but many require configuration to specify at least the destination and security settings.
+|`otlp`, `otlphttp`, `debug`, `prometheus`, `kafka`
+|None
+
+|connectors:
+|Connectors join pairs of pipelines, that is by consuming data as end-of-pipeline exporters and emitting data as start-of-pipeline receivers, and can be used to summarize, replicate, or route consumed data.
+|`spanmetrics`
+|None
+
+|extensions:
+|Optional components for tasks that do not involve processing telemetry data.
+|`bearertokenauth`, `oauth2client`, `jaegerremotesamplin`, `pprof`, `health_check`, `memory_ballast`, `zpages`
+|None
+
+|service:
+  pipelines:
+|Components are enabled by adding them to a pipeline under `services.pipeline`.
+|
+|
+
+|service:
+  pipelines:
+    traces:
+      receivers:
+|You enable receivers for tracing by adding them under `service.pipelines.traces`.
+|
+|None
+
+|service:
+  pipelines:
+    traces:
+      processors:
+|You enable processors for tracing by adding them under `service.pipelines.traces`.
+|
+|None
+
+|service:
+  pipelines:
+    traces:
+      exporters:
+|You enable exporters for tracing by adding them under `service.pipelines.traces`.
+|
+|None
+
+|service:
+  pipelines:
+    metrics:
+      receivers:
+|You enable receivers for metrics by adding them under `service.pipelines.metrics`.
+|
+|None
+
+|service:
+  pipelines:
+    metrics:
+      processors:
+|You enable processors for metircs by adding them under `service.pipelines.metrics`.
+|
+|None
+
+|service:
+  pipelines:
+    metrics:
+      exporters:
+|You enable exporters for metrics by adding them under `service.pipelines.metrics`.
+|
+|None
+|===
+
+[id="otel-collector-components_{context}"]
+== OpenTelemetry Collector components
+
+[id="receivers_{context}"]
+=== Receivers
+
+Receivers get data into the Collector.
+
+[id="otlp-receiver_{context}"]
+==== OTLP Receiver
+
+The OTLP receiver ingests traces and metrics using the OpenTelemetry protocol (OTLP).
+
+.OpenTelemetry Collector custom resource with an enabled OTLP receiver
+[source,yaml]
+----
+  config: |
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: 0.0.0.0:4317 # <1>
+            tls: # <2>
+              ca_file: ca.pem
+              cert_file: cert.pem
+              key_file: key.pem
+              client_ca_file: client.pem # <3>
+              reload_interval: 1h # <4>
+          http:
+            endpoint: 0.0.0.0:4318 # <5>
+            tls: # <6>
+
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp]
+        metrics:
+          receivers: [otlp]
+----
+<1> The OTLP gRPC endpoint. If omitted, the default `+0.0.0.0:4317+` is used.
+<2> The server-side TLS configuration. Defines paths to TLS certificates. If omitted, TLS is disabled.
+<3> The path to the TLS certificate at which the server verifies a client certificate. This sets the value of `ClientCAs` and `ClientAuth` to `RequireAndVerifyClientCert` in the `TLSConfig`. For more information, see the link:https://godoc.org/crypto/tls#Config[`Config` of the Golang TLS package].
+<4> Specifies the time interval at which the certificate is reloaded. If the value is not set, the certificate is never reloaded. The `reload_interval` accepts a string containing valid units of time such as `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.
+<5> The OTLP HTTP endpoint. The default value is `+0.0.0.0:4318+`.
+<6> The server-side TLS configuration. For more information, see the `grpc` protocol configuration section.
+
+[id="jaeger-receiver_{context}"]
+==== Jaeger Receiver
+
+The Jaeger receiver ingests traces in the Jaeger formats.
+
+.OpenTelemetry Collector custom resource with an enabled Jaeger receiver
+[source,yaml]
+----
+  config: |
+    receivers:
+      jaeger:
+        protocols:
+          grpc:
+            endpoint: 0.0.0.0:14250 # <1>
+          thrift_http:
+            endpoint: 0.0.0.0:14268 # <2>
+          thrift_compact:
+            endpoint: 0.0.0.0:6831 # <3>
+          thrift_binary:
+            endpoint: 0.0.0.0:6832 # <4>
+          tls: # <5>
+
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger]
+----
+<1> The Jaeger gRPC endpoint. If omitted, the default `+0.0.0.0:14250+` is used.
+<2> The Jaeger Thrift HTTP endpoint. If omitted, the default `+0.0.0.0:14268+` is used.
+<3> The Jaeger Thrift Compact endpoint. If omitted, the default `+0.0.0.0:6831+` is used.
+<4> The Jaeger Thrift Binary endpoint. If omitted, the default `+0.0.0.0:6832+` is used.
+<5> The  server-side TLS configuration. See the OTLP receiver configuration section for more details.
+
+[id="prometheus-receiver_{context}"]
+==== Prometheus Receiver
+
+The Prometheus receiver is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Prometheus receiver scrapes the metrics endpoints.
+
+.OpenTelemetry Collector custom resource with an enabled Prometheus receiver
+[source,yaml]
+----
+  config: |
+    receivers:
+        prometheus:
+          config:
+            scrape_configs: # <1>
+              - job_name: 'my-app'  # <2>
+                scrape_interval: 5s # <3>
+                static_configs:
+                  - targets: ['my-app.example.svc.cluster.local:8888'] # <4>
+    service:
+      pipelines:
+        metrics:
+          receivers: [prometheus]
+----
+<1> Scrapes configurations using the Prometheus format.
+<2> The Prometheus job name.
+<3> The lnterval for scraping the metrics data. Accepts time units. The default value is `1m`.
+<4> The targets at which the metrics are exposed. This example scrapes the metrics from a `my-app` application in the `example` project.
+
+[id="zipkin-receiver_{context}"]
+==== Zipkin Receiver
+
+The Zipkin receiver ingests traces in the Zipkin v1 and v2 formats.
+
+.OpenTelemetry Collector custom resource with the enabled Zipkin receiver
+[source,yaml]
+----
+  config: |
+    receivers:
+      zipkin:
+        endpoint: 0.0.0.0:9411 # <1>
+        tls: # <2>
+
+    service:
+      pipelines:
+        traces:
+          receivers: [zipkin]
+----
+<1> The Zipkin HTTP endpoint. If omitted, the default `+0.0.0.0:9411+` is used.
+<2> The server-side TLS configuration. See the OTLP receiver configuration section for more details.
+
+[id="kafka-receiver_{context}"]
+==== Kafka Receiver
+
+The Kafka receiver is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Kafka receiver receives traces, metrics, and logs from Kafka in the OTLP format.
+
+.OpenTelemetry Collector custom resource with the enabled Kafka receiver
+[source,yaml]
+----
+  config: |
+    receivers:
+      kafka:
+        brokers: ["localhost:9092"] # <1>
+        protocol_version: 2.0.0 # <2>
+        topic: otlp_spans # <3>
+        auth:
+          plain_text: # <4>
+            username: example
+            password: example
+          tls: # <5>
+            ca_file: ca.pem
+            cert_file: cert.pem
+            key_file: key.pem
+            insecure: false # <6>
+            server_name_override: kafka.example.corp # <7>
+    service:
+      pipelines:
+        traces:
+          receivers: [kafka]
+----
+<1> The list of Kafka brokers. The default is `+localhost:9092+`.
+<2> The Kafka protocol version. For example, `+2.0.0+`. This is a required field.
+<3> The name of the Kafka topic to read from. The default is `+otlp_spans+`.
+<4> The plaintext authentication configuration. If omitted, plaintext authentication is disabled.
+<5> The client-side TLS configuration. Defines paths to the TLS certificates. If omitted, TLS authentication is disabled.
+<6> Disables verifying the server's certificate chain and host name. The default is `+false+`.
+<7> ServerName indicates the name of the server requested by the client to support virtual hosting.
+
+[id="opencensus-receiver_{context}"]
+==== OpenCensus receiver
+
+The OpenCensus receiver provides backwards compatibility with the OpenCensus project for easier migration of instrumented codebases. It receives metrics and traces in the OpenCensus format via gRPC or HTTP and Json.
+
+.OpenTelemetry Collector custom resource with the enabled OpenCensus receiver
+[source,yaml]
+----
+  config: |
+    receivers:
+      opencensus:
+        endpoint: 0.0.0.0:9411 # <1>
+        tls: # <2>
+        cors_allowed_origins: # <3>
+          - https://*.<example>.com
+    service:
+      pipelines:
+        traces:
+          receivers: [opencensus]
+          ...
+----
+<1> The OpenCensus endpoint. If omitted, the default is `+0.0.0.0:55678+`.
+<2> The server-side TLS configuration. See the OTLP receiver configuration section for more details.
+<3> You can also use the HTTP JSON endpoint to optionally configure CORS, which is enabled by specifying a list of allowed CORS origins in this field.
+Wildcards with `+*+` are accepted under the `cors_allowed_origins`.
+To match any origin, enter only `+*+`.
+
+[id="processors_{context}"]
+=== Processors
+
+Processors run through the data between it is received and exported.
+
+[id="batch-processor_{context}"]
+==== Batch processor
+
+The Batch processor batches traces and metrics to reduce the number of outgoing connections needed to transfer the telemetry information.
+
+.Example of the OpenTelemetry Collector custom resource when using the Batch processor
+[source,yaml]
+----
+  config: |
+    processor:
+      batch:
+        timeout: 5s
+        send_batch_max_size: 10000
+    service:
+      pipelines:
+        traces:
+          processors: [batch]
+        metrics:
+          processors: [batch]
+----
+
+.Parameters used by the Batch processor
+[options="header"]
+[cols="l, a, a"]
+|===
+|Parameter |Description |Default
+
+|timeout
+|Sends the batch after a specific time duration and irrespective of the batch size.
+|`200ms`
+
+|send_batch_size
+|Sends the batch of telemetry data after the specified number of spans or metrics.
+|`8192`
+
+|send_batch_max_size
+|The maximum allowable size of the batch. Must be equal or greater than the `send_batch_size`.
+|`0`
+
+|metadata_keys
+|When activated, a batcher instance is created for each unique set of values found in the `client.Metadata`.
+|`[]`
+
+|metadata_cardinality_limit
+|When the `metadata_keys` are populated, this configuration restricts the number of distinct metadata key-value combinations processed throughout the duration of the process.
+|`1000`
+|===
+
+[id="memorylimiter-processor_{context}"]
+==== Memory Limiter processor
+
+The Memory Limiter processor periodically checks the Collector's memory usage and pauses data processing when the soft memory limit is reached. This processor supports traces, metrics, and logs. The preceding component, which is typically a receiver, is expected to retry sending the same data and may apply a backpressure to the incoming data. When memory usage exceeds the hard limit, the Memory Limiter processor forces garbage collection to run.
+
+.Example of the OpenTelemetry Collector custom resource when using the Memory Limiter processor
+[source,yaml]
+----
+  config: |
+    processor:
+      memory_limiter:
+        check_interval: 1s
+        limit_mib: 4000
+        spike_limit_mib: 800
+    service:
+      pipelines:
+        traces:
+          processors: [batch]
+        metrics:
+          processors: [batch]
+----
+
+.Parameters used by the Memory Limiter processor
+[options="header"]
+[cols="l, a, a"]
+|===
+|Parameter |Description |Default
+
+|check_interval
+|Time between memory usage measurements. The optimal value is `1s`. For spiky traffic patterns, you can decrease the `check_interval` or increase the `spike_limit_mib`.
+|`0s`
+
+|limit_mib
+|The hard limit, which is the maximum amount of memory in MiB allocated on the heap. Typically, the total memory usage of the OpenTelemetry Collector is about 50 MiB greater than this value.
+|`0`
+
+|spike_limit_mib
+|Spike limit, which is the maximum expected spike of memory usage in MiB. The optimal value is approximately 20% of `limit_mib`. To calculate the soft limit, subtract the `spike_limit_mib` from the `limit_mib`.
+|20% of `limit_mib`
+
+|limit_percentage
+|Same as the `limit_mib` but expressed as a percentage of the total available memory. The `limit_mib` setting takes precedence over this setting.
+|`0`
+
+|spike_limit_percentage
+|Same as the `spike_limit_mib` but expressed as a percentage of the total available memory. Intended to be used with the `limit_percentage` setting.
+|`0`
+
+|===
+
+[id="resource-detection-processor_{context}"]
+==== Resource Detection processor
+
+The Resource Detection processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Resource Detection processor identifies host resource details in alignment with OpenTelemetry's resource semantic standards. Using the detected information, it can add or replace the resource values in telemetry data. This processor supports traces, metrics, and can be used with multiple detectors such as the Docket metadata detector or the `OTEL_RESOURCE_ATTRIBUTES` environment variable detector.
+
+.{product-title} permissions required for the Resource Detection processor
+[source,yaml]
+----
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+- apiGroups: ["config.openshift.io"]
+  resources: ["infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+----
+
+.OpenTelemetry Collector using the Resource Detection processor
+[source,yaml]
+----
+  config: |
+    processor:
+      resourcedetection:
+        detectors: [openshift]
+        override: true
+    service:
+      pipelines:
+        traces:
+          processors: [resourcedetection]
+        metrics:
+          processors: [resourcedetection]
+----
+
+.OpenTelemetry Collector using the Resource Detection Processor with an environment variable detector
+[source,yaml]
+----
+  config: |
+    processors:
+      resourcedetection/env:
+        detectors: [env] # <1>
+        timeout: 2s
+        override: false
+----
+<1> Specifies which detector to use. In this example, the environment detector is specified.
+
+[id="attributes-processor_{context}"]
+==== Attributes processor
+
+The Attributes processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Attributes processor can modify attributes of a span, log, or metric. You can configure this processor to filter and match input data and include or exclude such data for specific actions.
+
+The processor operates on a list of actions, executing them in the order specified in the configuration. The following actions are supported:
+
+Insert:: Inserts a new attribute into the input data when the specified key does not already exist.
+
+Update:: Updates an attribute in the input data if the key already exists.
+
+Upsert:: Combines the insert and update actions: Inserts a new attribute if the key does not exist yet. Updates the attribute if the key already exists.
+
+Delete:: Removes an attribute from the input data.
+
+Hash:: Hashes an existing attribute value as SHA1.
+
+Extract:: Extracts values by using a regular expression rule from the input key to the target keys defined in the rule. If a target key already exists, it will be overridden similarly to the Span processor's `to_attributes` setting with the existing attribute as the source.
+
+Convert:: Converts an existing attribute to a specified type.
+
+.OpenTelemetry Collector using the Attributes processor
+[source,yaml]
+----
+  config: |
+    processors:
+      attributes/example:
+        actions:
+          - key: db.table
+            action: delete
+          - key: redacted_span
+            value: true
+            action: upsert
+          - key: copy_key
+            from_attribute: key_original
+            action: update
+          - key: account_id
+            value: 2245
+            action: insert
+          - key: account_password
+            action: delete
+          - key: account_email
+            action: hash
+          - key: http.status_code
+            action: convert
+            converted_type: int
+----
+
+[id="resource-processor_{context}"]
+==== Resource processor
+
+The Resource processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Resource processor applies changes to the resource attributes. This processor supports traces, metrics, and logs.
+
+.OpenTelemetry Collector using the Resource Detection processor
+[source,yaml]
+----
+  config: |
+    processor:
+      attributes:
+      - key: cloud.availability_zone
+        value: "zone-1"
+        action: upsert
+      - key: k8s.cluster.name
+        from_attribute: k8s-cluster
+        action: insert
+      - key: redundant-attribute
+        action: delete
+----
+
+Attributes represent the actions that are applied to the resource attributes, such as delete the attribute, insert the attribute, or upsert the attribute.
+
+[id="span-processor_{context}"]
+==== Span processor
+
+The Span processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Span processor modifies the span name based on its attributes or extracts the span attributes from the span name. It can also change the span status. It can also include or exclude spans. This processor supports traces.
+
+Span renaming requires specifying attributes for the new name by using the `from_attributes` configuration.
+
+.OpenTelemetry Collector using the Span processor for renaming a span
+[source,yaml]
+----
+  config: |
+    processor:
+      span:
+        name:
+          from_attributes: [<key1>, <key2>, ...] # <1>
+          separator: <value> # <2>
+----
+<1> Defines the keys to form the new span name.
+<2> An optional separator.
+
+You can use the processor to extract attributes from the span name.
+
+.OpenTelemetry Collector using the Span processor for extracting attributes from a span name
+[source,yaml]
+----
+  config: |
+    processor:
+      span/to_attributes:
+        name:
+          to_attributes:
+            rules:
+              - ^\/api\/v1\/document\/(?P<documentId>.*)\/update$ # <1>
+----
+<1> This rule defines how the extraction is to be executed. You can define more rules: for example, in this case, if the regular expression matches the name, a `documentID` attibute is created. In this example, if the input span name is `/api/v1/document/12345678/update`, this results in the `/api/v1/document/{documentId}/update` output span name, and a new `"documentId"="12345678"` attribute is added to the span.
+
+You can have the span status modified.
+
+.OpenTelemetry Collector using the Span Processor for status change
+[source,yaml]
+----
+  config: |
+    processor:
+      span/set_status:
+        status:
+          code: Error
+          description: "<error_description>"
+----
+
+[id="kubernetes-attributes-processor_{context}"]
+==== Kubernetes Attributes processor
+
+The Kubernetes Attributes processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Kubernetes Attributes processor enables automatic configuration of spans, metrics, and log resource attributes by using the Kubernetes metadata.
+This processor supports traces, metrics, and logs.
+This processor automatically identifies the Kubernetes resources, extracts the metadata from them, and incorporates this extracted metadata as resource attributes into relevant spans, metrics, and logs. It utilizes the Kubernetes API to discover all pods operating within a cluster, maintaining records of their IP addresses, pod UIDs, and other relevant metadata. 
+
+.Minimum {product-title} permissions required for the Kubernetes Attributes processor
+[source,yaml]
+----
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+  - apiGroups: ['']
+    resources: ['pods', 'namespaces']
+    verbs: ['get', 'watch', 'list']
+----
+
+.OpenTelemetry Collector using the Kubernetes Attributes processor
+[source,yaml]
+----
+  config: |
+    processors:
+         k8sattributes:
+             filter:
+                 node_from_env_var: KUBE_NODE_NAME
+----
+
+[id="filter-processor_{context}"]
+=== Filter processor
+
+The Filter processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Filter processor leverages the OpenTelemetry Transformation Language to establish criteria for discarding telemetry data. If any of these conditions are satisfied, the telemetry data are discarded. The conditions can be combined by using the logical OR operator. This processor supports traces, metrics, and logs.
+
+.OpenTelemetry Collector custom resource with an enabled OTLP exporter
+[source,yaml]
+----
+config: |
+  processors:
+    filter/ottl:
+      error_mode: ignore # <1>
+      traces:
+        span:
+          - 'attributes["container.name"] == "app_container_1"' # <2>
+          - 'resource.attributes["host.name"] == "localhost"' # <3>
+----
+<1> Defines the error mode. When set to `ignore`, ignores errors returned by conditions. When set to `propagate`, returns the error up the pipeline. An error causes the payload to be dropped from the Collector.
+<2> Filters the spans that have the `container.name == app_container_1` attribute.
+<3> Filters the spans that have the `host.name == localhost` resource attribute.
+
+[id="routing-processor_{context}"]
+=== Routing processor
+
+The Routing processor is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Routing processor routes logs, metrics, or traces to specific exporters. This processor can read a header from an incoming HTTP request (gRPC or plain HTTP) or can read a resource attribute, and then directs the trace information to relevant exporters according to the read value.
+
+.OpenTelemetry Collector custom resource with an enabled OTLP exporter
+[source,yaml]
+----
+config: |
+  processors:
+    routing:
+      from_attribute: X-Tenant # <1>
+      default_exporters: # <2>
+      - jaeger
+      table: # <3>
+      - value: acme
+        exporters: [jaeger/acme]
+  exporters:
+    jaeger:
+      endpoint: localhost:14250
+    jaeger/acme:
+      endpoint: localhost:24250
+----
+<1> The HTTP header name for the lookup value when performing the route.
+<2> The default exporter when the attribute value is not present in the table in the next section.
+<3> The table that defines which values are to be routed to which exporters.
+
+You can optionally create an `attribute_source` configuratiion, which defines where to look for the attribute in `from_attribute`. The allowed value is `context` to search the context, which includes the HTTP headers, or `resource` to search the resource attributes.
+
+[id="exporters_{context}"]
+=== Exporters
+
+Exporters send data to one or more back ends or destinations.
+
+[id="otlp-exporter_{context}"]
+==== OTLP exporter
+
+The OTLP gRPC exporter exports traces and metrics using the OpenTelemetry protocol (OTLP).
+
+.OpenTelemetry Collector custom resource with an enabled OTLP exporter
+[source,yaml]
+----
+  config: |
+    exporters:
+      otlp:
+        endpoint: tempo-ingester:4317 # <1>
+        tls: # <2>
+          ca_file: ca.pem
+          cert_file: cert.pem
+          key_file: key.pem
+          insecure: false # <3>
+          insecure_skip_verify: false # # <4>
+          reload_interval: 1h # <5>
+          server_name_override: <name> # <6>
+        headers: # <7>
+          X-Scope-OrgID: "dev"
+    service:
+      pipelines:
+        traces:
+          exporters: [otlp]
+        metrics:
+          exporters: [otlp]
+----
+<1> The OTLP gRPC endpoint. If the `+https://+` scheme is used, then client transport security is enabled and overrides the `insecure` setting in the `tls`.
+<2> The client-side TLS configuration. Defines paths to TLS certificates.
+<3> Disables client transport security when set to `true`. The default value is `false` by default.
+<4> Skips verifying the certificate when set to `true`. The default value is `false`.
+<5> Specifies the time interval at which the certificate is reloaded. If the value is not set, the certificate is never reloaded. The `reload_interval` accepts a string containing valid units of time such as `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.
+<6> Overrides the virtual host name of authority such as the authority header field in requests. You can use this for testing.
+<7> Headers are sent for every request performed during an established connection.
+
+[id="otlp-http-exporter_{context}"]
+==== OTLP HTTP exporter
+
+The OTLP HTTP exporter exports traces and metrics using the OpenTelemetry protocol (OTLP).
+
+.OpenTelemetry Collector custom resource with an enabled OTLP exporter
+[source,yaml]
+----
+  config: |
+    exporters:
+      otlphttp:
+        endpoint: http://tempo-ingester:4318 # <1>
+        tls: # <2>
+        headers: # <3>
+          X-Scope-OrgID: "dev"
+        disable_keep_alives: false <4>
+
+    service:
+      pipelines:
+        traces:
+          exporters: [otlphttp]
+        metrics:
+          exporters: [otlphttp]
+----
+<1> The OTLP HTTP endpoint. If the `+https://+` scheme is used, then client transport security is enabled and overrides the `insecure` setting in the `tls`.
+<2> The client side TLS configuration. Defines paths to TLS certificates.
+<3> Headers are sent in every HTTP request.
+<4> If true, disables HTTP keep-alives. It will only use the connection to the server for a single HTTP request.
+
+[id="debug-exporter_{context}"]
+==== Debug exporter
+
+The Debug exporter prints traces and metrics to the standard output.
+
+.OpenTelemetry Collector custom resource with an enabled Debug exporter
+[source,yaml]
+----
+  config: |
+    exporters:
+      debug:
+        verbosity: detailed # <1>
+    service:
+      pipelines:
+        traces:
+          exporters: [logging]
+        metrics:
+          exporters: [logging]
+----
+<1> Verbosity of the debug export: `detailed` or `normal` or `basic`. When set to `detailed`, pipeline data is verbosely logged. Defaults to `normal`.
+
+[id="prometheus-exporter_{context}"]
+==== Prometheus exporter
+
+The Prometheus exporter is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Prometheus exporter exports metrics in the Prometheus or OpenMetrics formats.
+
+.OpenTelemetry Collector custom resource with an enabled Prometheus exporter
+[source,yaml]
+----
+  ports:
+  - name: promexporter # <1>
+    port: 8889
+    protocol: TCP
+  config: |
+    exporters:
+      prometheus:
+        endpoint: 0.0.0.0:8889 # <2>
+        tls: # <3>
+          ca_file: ca.pem
+          cert_file: cert.pem
+          key_file: key.pem
+        namespace: prefix # <4>
+        const_labels: # <5>
+          label1: value1
+        enable_open_metrics: true # <6>
+        resource_to_telemetry_conversion: # <7>
+          enabled: true
+        metric_expiration: 180m # <8>
+        add_metric_suffixes: false # <9>
+    service:
+      pipelines:
+        metrics:
+          exporters: [prometheus]
+----
+<1> Exposes the Prometheus port from the Collector pod and service. You can enable scraping of metrics by Prometheus by using the port name in `ServiceMonitor` or `PodMonitor` custom resource.
+<2> The network endpoint where the metrics are exposed.
+<3> The server-side TLS configuration. Defines paths to TLS certificates.
+<4> If set, exports metrics under the provided value. No default.
+<5> Key-value pair labels that are applied for every exported metric. No default.
+<6> If `true`, metrics are exported using the OpenMetrics format. Exemplars are only exported in the OpenMetrics format and only for histogram and monotonic sum metrics such as `counter`. Disabled by default.
+<7> If `enabled` is `true`, all the resource attributes are converted to metric labels by default. Disabled by default.
+<8> Defines how long metrics are exposed without updates. The default is `5m`.
+<9> Adds the metrics types and units suffixes. Must be disabled if the monitor tab in Jaeger console is enabled. The default is `true`.
+
+[id="kafka-exporter_{context}"]
+==== Kafka exporter
+
+The Kafka exporter is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Kafka exporter exports logs, metrics, and traces to Kafka. This exporter uses a synchronous producer that blocks and does not batch messages. It must be used with batch and queued retry processors for higher throughput and resiliency.
+
+.OpenTelemetry Collector custom resource with an enabled Kafka exporter
+[source,yaml]
+----
+  config: |
+    exporters:
+      kafka:
+        brokers: ["localhost:9092"] # <1>
+        protocol_version: 2.0.0 # <2>
+        topic: otlp_spans # <3>
+        auth:
+          plain_text: # <4>
+            username: example
+            password: example
+          tls: # <5>
+            ca_file: ca.pem
+            cert_file: cert.pem
+            key_file: key.pem
+            insecure: false # <6>
+            server_name_override: kafka.example.corp # <7>
+    service:
+      pipelines:
+        traces:
+          exporters: [kafka]
+----
+<1> The list of Kafka brokers. The default is `+localhost:9092+`.
+<2> The Kafka protocol version. For example, `+2.0.0+`. This is a required field.
+<3> The name of the Kafka topic to read from. The following are the defaults: `+otlp_spans+` for traces, `+otlp_metrics+` for metrics, `+otlp_logs+` for logs.
+<4> The plaintext authentication configuration. If omitted, plaintext authentication is disabled.
+<5> The client-side TLS configuration. Defines paths to the TLS certificates. If omitted, TLS authentication is disabled.
+<6> Disables verifying the server's certificate chain and host name. The default is `+false+`.
+<7> ServerName indicates the name of the server requested by the client to support virtual hosting.
+
+[id="connectors_{context}"]
+=== Connectors
+
+Connectors connect two pipelines.
+
+[id="spanmetrics-connector_{context}"]
+==== Spanmetrics connector
+
+The Spanmetrics connector is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Spanmetrics connector aggregates Request, Error, and Duration (R.E.D) OpenTelemetry metrics from span data.
+
+.OpenTelemetry Collector custom resource with an enabled spanmetrics connector
+[source,yaml]
+----
+  config: |
+    connectors:
+      spanmetrics:
+        metrics_flush_interval: 15s # <1>
+    service:
+      pipelines:
+        traces:
+          exporters: [spanmetrics]
+        metrics:
+          receivers: [spanmetrics]
+----
+<1> Defines the flush interval of the generated metrics. Defaults to `15s`.
+
+[id="extensions_{context}"]
+=== Extensions
+
+Extensions add capabilities to the Collector.
+
+[id="bearertokenauth-extension_{context}"]
+==== BearerTokenAuth extension
+
+The BearerTokenAuth extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The BearerTokenAuth extension is an authenticator for receivers and exporters that are based on the HTTP and the gRPC protocol.
+You can use the OpenTelemetry Collector custom resource to configure client authentication and server authentication for the BearerTokenAuth extension on the receiver and exporter side.
+This extension supports traces, metrics, and logs.
+
+.OpenTelemetry Collector custom resource with client and server authentication configured for the BearerTokenAuth extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      bearertokenauth:
+        scheme: "Bearer" # <1>
+        token: "<token>" # <2>
+        filename: "<token_file>" # <3>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+            auth:
+              authenticator: bearertokenauth # <4>
+    exporters:
+      otlp:
+        auth:
+          authenticator: bearertokenauth # <5>
+
+    service:
+      extensions: [bearertokenauth]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> You can configure the BearerTokenAuth extension to send a custom `scheme`. The default is `Bearer`.
+<2> You can add the BearerTokenAuth extension token as metadata to identify a message.
+<3> Path to a file that contains an authorization token that is transmitted with every message.
+<4> You can assign the authenticator configuration to an OTLP receiver.
+<5> You can assign the authenticator configuration to an OTLP exporter.
+
+[id="oauth2client-extension_{context}"]
+==== OAuth2Client extension
+
+The OAuth2Client extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The OAuth2Client extension is an authenticator for exporters that are based on the HTTP and the gRPC protocol.
+Client authentication for the OAuth2Client extension is configured in a separate section in the OpenTelemetry Collector custom resource.
+This extension supports traces, metrics, and logs.
+
+.OpenTelemetry Collector custom resource with client authentication configured for the OAuth2Client extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      oauth2client:
+        client_id: <client_id> # <1>
+        client_secret: <client_secret> # <2>
+        endpoint_params: # <3>
+          audience: <audience>
+        token_url: https://example.com/oauth2/default/v1/token # <4>
+        scopes: ["api.metrics"] # <5>
+        # tls settings for the token client
+        tls: # <6>
+          insecure: true # <7>
+          ca_file: /var/lib/mycert.pem # <8>
+          cert_file: <cert_file> # <9>
+          key_file: <key_file> # <10>
+        timeout: 2s # <11>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+
+    exporters:
+      otlp:
+        auth:
+          authenticator: oauth2client # <12>
+
+    service:
+      extensions: [oauth2client]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> Client identifier, which is provided by the identity provider.
+<2> Confidential key used to authenticate the client to the identity provider.
+<3> Further metadata, in the key-value pair format, which is transferred during authentication. For example, `audience` specifies the intended audience for the access token, indicating the recipient of the token.
+<4> The URL of the OAuth2 token endpoint, where the Collector requests access tokens.
+<5> The scopes define the specific permissions or access levels requested by the client.
+<6> The Transport Layer Security (TLS) settings for the token client, which is used to establish a secure connection when requesting tokens.
+<7> When set to `true`, configures the Collector to use an insecure or non-verified TLS connection to call the configured token endpoint.
+<8> The path to a Certificate Authority (CA) file that is used to verify the server's certificate during the TLS handshake.
+<9> The path to the client certificate file that the client must use to authenticate itself to the OAuth2 server if required.
+<10> The path to the client's private key file that is used with the client certificate if needed for authentication.
+<11> Sets a timeout for the token client's request.
+<12> You can assign the authenticator configuration to an OTLP exporter.
+
+
+[id="jaegerremotesampling-extension_{context}"]
+==== Jaeger Remote Sampling extension
+
+The Jaeger Remote Sampling extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Jaeger Remote Sampling extension allows serving sampling strategies after Jaeger's remote sampling API. You can configure this extension to proxy requests to a backing remote sampling server such as a Jaeger collector down the pipeline or to a static JSON file from the local file system.
+
+.OpenTelemetry Collector custom resource with a configured Jaeger Remote Sampling extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      jaegerremotesampling:
+        source:
+          reload_interval: 30s # <1>
+          remote:
+            endpoint: jaeger-collector:14250 # <2>
+          file: /etc/otelcol/sampling_strategies.json # <3>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+
+    exporters:
+      otlp:
+
+    service:
+      extensions: [jaegerremotesampling]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> The time interval at which the sampling configuration is updated.
+<2> The endpoint for reaching the Jaeger remote sampling strategy provider.
+<3> The path to a local file that contains a sampling strategy configuration in the JSON format.
+
+.Example of a Jaeger Remote Sampling strategy file
+[source,json]
+----
+{
+  "service_strategies": [
+    {
+      "service": "foo",
+      "type": "probabilistic",
+      "param": 0.8,
+      "operation_strategies": [
+        {
+          "operation": "op1",
+          "type": "probabilistic",
+          "param": 0.2
+        },
+        {
+          "operation": "op2",
+          "type": "probabilistic",
+          "param": 0.4
+        }
+      ]
+    },
+    {
+      "service": "bar",
+      "type": "ratelimiting",
+      "param": 5
+    }
+  ],
+  "default_strategy": {
+    "type": "probabilistic",
+    "param": 0.5,
+    "operation_strategies": [
+      {
+        "operation": "/health",
+        "type": "probabilistic",
+        "param": 0.0
+      },
+      {
+        "operation": "/metrics",
+        "type": "probabilistic",
+        "param": 0.0
+      }
+    ]
+  }
+}
+----
+
+
+
+[id="pprof-extension_{context}"]
+==== Performance Profiler extension
+
+The Performance Profiler extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Performance Profiler extension enables the Go `net/http/pprof` endpoint. This is typically used by developers to collect performance profiles and investigate issues with the service.
+
+.OpenTelemetry Collector custom resource with the configured Performance Profiler extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      pprof:
+        endpoint: localhost:1777 # <1>
+        block_profile_fraction: 0 # <2>
+        mutex_profile_fraction: 0 # <3>
+        save_to_file: test.pprof # <4>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+
+    exporters:
+      otlp:
+
+    service:
+      extensions: [pprof]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> The endpoint at which this extension listens. Use `localhost:` to make it available only locally or `":"` to make it available on all network interfaces. The default value is `localhost:1777`.
+<2> Sets a fraction of blocking events to be profiled. To disable profiling, set this to `0` or a negative integer. See the link:https://golang.org/pkg/runtime/#SetBlockProfileRate[documentation] for the `runtime` package. The default value is `0`.
+<3> Set a fraction of mutex contention events to be profiled. To disable profiling, set this to `0` or a negative integer. See the link:https://golang.org/pkg/runtime/#SetMutexProfileFraction[documentation] for the `runtime` package. The default value is `0`.
+<4> The name of the file in which the CPU profile is to be saved. Profiling starts when the Collector starts. Profiling is saved to the file when the Collector is terminated.
+
+[id="healthcheck-extension_{context}"]
+==== Health Check extension
+
+The Health Check extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Health Check extension provides an HTTP URL for checking the status of the OpenTelemetry Collector. You can use this extension as a liveness and readiness probe on OpenShift.
+
+.OpenTelemetry Collector custom resource with the configured Health Check extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      health_check:
+        endpoint: "0.0.0.0:13133" # <1>
+        tls: # <2>
+          ca_file: "/path/to/ca.crt"
+          cert_file: "/path/to/cert.crt"
+          key_file: "/path/to/key.key"
+        path: "/health/status" # <3>
+        check_collector_pipeline: # <4>
+          enabled: true # <5>
+          interval: "5m" # <6>
+          exporter_failure_threshold: 5 # <7>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+
+    exporters:
+      otlp:
+
+    service:
+      extensions: [health_check]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> The target IP address for publishing the health check status. The default is `0.0.0.0:13133`.
+<2> The TLS server-side configuration. Defines paths to TLS certificates. If omitted, the TLS is disabled.
+<3> The path for the health check server. The default is `/`.
+<4> Settings for the Collector pipeline health check.
+<5> Enables the Collector pipeline health check. The default is `false`.
+<6> The time interval for checking the number of failures. The default is `5m`.
+<7> The threshold of a number of failures until which a container is still marked as healthy. The default is `5`.
+
+[id="memory-ballast-extension_{context}"]
+==== Memory Ballast extension
+
+The Memory Ballast extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The Memory Ballast extension enables applications to configure memory ballast for the process.
+
+.OpenTelemetry Collector custom resource with the configured Memory Ballast extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      memory_ballast:
+        size_mib: 64 # <1>
+        size_in_percentage: 20 # <2>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+
+    exporters:
+      otlp:
+
+    service:
+      extensions: [memory_ballast]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+<1> Sets the memory ballast size in MiB. Takes priority over the `size_in_percentage` if both are specified.
+<2> Sets the memory ballast as a percentage, `1`-`100`, of the total memory. Supports containerized and physical host environments.
+
+
+[id="zpages-extension_{context}"]
+==== zPages extension
+
+The zPages extension is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
+
+The zPages extension provides an HTTP endpoint for extensions that serve zPages. At the endpoint, this extension serves live data for debugging instrumented components. All core exporters and receivers provide some zPages instrumentation.
+
+zPages are useful for in-process diagnostics without having to depend on a back end to examine traces or metrics.
+
+.OpenTelemetry Collector custom resource with the configured zPages extension
+[source,yaml]
+----
+  config: |
+    extensions:
+      zpages:
+        endpoint: "localhost:55679" # <1>
+
+    receivers:
+      otlp:
+        protocols:
+          http:
+    exporters:
+      otlp:
+
+    service:
+      extensions: [zpages]
+      pipelines:
+        traces:
+          receivers: [otlp]
+          exporters: [otlp]
+----
+
+<1> Specifies the HTTP endpoint that serves zPages. Use `localhost:` to make it available only locally, or `":"` to make it available on all network interfaces. The default is `localhost:55679`.
diff --git a/modules/otel-config-instrumentation.adoc b/modules/otel-config-instrumentation.adoc
new file mode 100644
index 000000000000..4f94f83ec03e
--- /dev/null
+++ b/modules/otel-config-instrumentation.adoc
@@ -0,0 +1,336 @@
+// Module included in the following assemblies:
+// 
+// * otel/otel-instrumentation.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="otel-instrumentation-config_{context}"]
+= OpenTelemetry instrumentation configuration options
+
+The {OTELName} can inject and configure the OpenTelemetry auto-instrumentation libraries into your workloads. Currently, the project supports injection of the instrumentation libraries from Go, Java, Node.js, Python, .NET, and the Apache HTTP Server (`httpd`).
+
+Auto-instrumentation in OpenTelemetry refers to the capability where the framework automatically instruments an application without manual code changes. This enables developers and administrators to get observability into their applications with minimal effort and changes to the existing codebase.
+
+[IMPORTANT]
+====
+The {OTELName} Operator only supports the injection mechanism of the instrumentation libraries but does not support instrumentation libraries or upstream images. Customers can build their own instrumentation images or use community images.
+====
+
+== Instrumentation options
+
+Instrumentation options are specified in the `OpenTelemetryCollector` custom resource.
+
+.Sample `OpenTelemetryCollector` custom resource file
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: Instrumentation
+metadata:
+  name: java-instrumentation
+spec:
+  env:
+    - name: OTEL_EXPORTER_OTLP_TIMEOUT
+      value: "20"
+  exporter:
+    endpoint: http://production-collector.observability.svc.cluster.local:4317
+  propagators:
+    - w3c
+  sampler:
+    type: parentbased_traceidratio
+    argument: "0.25"
+  java:
+    env:
+    - name: OTEL_JAVAAGENT_DEBUG
+      value: "true"
+----
+
+//[cols=",,",options="header",]
+
+.Parameters used by the Operator to define the Instrumentation
+[options="header"]
+[cols="l, a, a"]
+|===
+|Parameter |Description |Values
+
+|env
+|Common environment variables to define across all the instrumentations.
+|
+
+|exporter
+|Exporter configuration.
+|
+
+|propagators
+|Propagators defines inter-process context propagation configuration.
+|`tracecontext`, `baggage`, `b3`, `b3multi`, `jaeger`, `ottrace`, `none`
+
+|resource
+|Resource attributes configuration.
+|
+
+|sampler
+|Sampling configuration.
+|
+
+|apacheHttpd
+|Configuration for the Apache HTTP Server instrumentation.
+|
+
+|dotnet
+|Configuration for the .NET instrumentation.
+|
+
+|go
+|Configuration for the Go instrumentation.
+|
+
+|java
+|Configuration for the Java instrumentation.
+|
+
+|nodejs
+|Configuration for the Node.js instrumentation.
+|
+
+|python
+|Configuration for the Python instrumentation.
+|
+
+|===
+
+== Using the instrumentation CR with Service Mesh
+
+When using the instrumentation custom resource (CR) with {SMProductName}, you must use the `b3multi` propagator.
+
+=== Configuration of the Apache HTTP Server auto-instrumentation
+
+.Prameters for the `+.spec.apacheHttpd+` field
+[options="header"]
+[cols="l, a, a"]
+|===
+|Name |Description |Default
+
+|attrs
+|Attributes specific to the Apache HTTP Server.
+|
+
+|configPath
+|Location of the Apache HTTP Server configuration.
+|/usr/local/apache2/conf
+
+|env
+|Environment variables specific to the Apache HTTP Server.
+|
+
+|image
+|Container image with the Apache SDK and auto-instrumentation.
+|
+
+|resourceRequirements
+|The compute resource requirements.
+|
+
+|version
+|Apache HTTP Server version.
+|2.4
+
+|===
+
+.The `PodSpec` annotation to enable injection
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-apache-httpd: "true"
+----
+
+=== Configuration of the .NET auto-instrumentation
+
+[options="header"]
+[cols="l, a"]
+|===
+|Name |Description
+
+|env
+|Environment variables specific to .NET.
+
+|image
+|Container image with the .NET SDK and auto-instrumentation.
+
+|resourceRequirements
+|The compute resource requirements.
+
+|===
+
+For the .NET auto-instrumentation, the required `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable must be set if the endpoint of the exporters is set to `4317`. The .NET autoinstrumentation uses `http/proto` by default, and the telemetry data must be set to the `4318` port.
+
+.The `PodSpec` annotation to enable injection
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-dotnet: "true"
+----
+
+=== Configuration of the Go auto-instrumentation
+
+[options="header"]
+[cols="l, a"]
+|===
+|Name |Description
+
+|env
+|Environment variables specific to Go.
+
+|image
+|Container image with the Go SDK and auto-instrumentation.
+
+|resourceRequirements
+|The compute resource requirements.
+
+|===
+
+.The `PodSpec` annotation to enable injection
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-go: "true"
+----
+
+.Additional permissions required for the Go auto-instrumentation in the OpenShift cluster
+[source,yaml]
+----
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: otel-go-instrumentation-scc
+allowHostDirVolumePlugin: true
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+allowedCapabilities:
+- "SYS_PTRACE"
+fsGroup:
+  type: RunAsAny
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+- '*'
+supplementalGroups:
+  type: RunAsAny
+----
+
+[TIP]
+====
+The CLI command for applying the permissions for the Go auto-instrumentation in the OpenShift cluster is as follows:
+[source,terminal]
+----
+$ oc adm policy add-scc-to-user otel-go-instrumentation-scc -z <service_account>
+----
+====
+
+=== Configuration of the Java auto-instrumentation
+
+[options="header"]
+[cols="l, a"]
+|===
+|Name |Description
+
+|env
+|Environment variables specific to Java.
+
+|image
+|Container image with the Java SDK and auto-instrumentation.
+
+|resourceRequirements
+|The compute resource requirements.
+
+|===
+
+.The `PodSpec` annotation to enable injection
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-java: "true"
+----
+
+=== Configuration of the Node.js auto-instrumentation
+
+[options="header"]
+[cols="l, a"]
+|===
+|Name |Description
+
+|env
+|Environment variables specific to Node.js.
+
+|image
+|Container image with the Node.js SDK and auto-instrumentation.
+
+|resourceRequirements
+|The compute resource requirements.
+
+|===
+
+.The `PodSpec` annotations to enable injection
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-nodejs: "true"
+instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/path/to/container/executable"
+----
+
+The `+instrumentation.opentelemetry.io/otel-go-auto-target-exe+` annotation sets the value for the required `OTEL_GO_AUTO_TARGET_EXE` environment variable.
+
+=== Configuration of the Python auto-instrumentation
+
+[options="header"]
+[cols="l, a"]
+|===
+|Name |Description
+
+|env
+|Environment variables specific to Python.
+
+|image
+|Container image with the Python SDK and auto-instrumentation.
+
+|resourceRequirements
+|The compute resource requirements.
+
+|===
+
+For Python auto-instrumentation, the `OTEL_EXPORTER_OTLP_ENDPOINT` environment variable must be set if the endpoint of the exporters is set to `4317`. Python auto-instrumentation uses `http/proto` by default, and the telemetry data must be set to the `4318` port.
+
+.The `PodSpec` annotation to enable injection
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-python: "true"
+----
+
+=== Configuration of the OpenTelemetry SDK variables
+
+The OpenTelemetry SDK variables in your pod are configurable by using the following annotation:
+
+[source,yaml]
+----
+instrumentation.opentelemetry.io/inject-sdk: "true"
+----
+
+Note that all the annotations accept the following values:
+
+`true`:: Injects the `+Instrumentation+` resource from the namespace.
+
+`false`:: Does not inject any instrumentation.
+
+`instrumentation-name`:: The name of the instrumentation resource to inject from the current namespace.
+
+`other-namespace/instrumentation-name`:: The name of the instrumentation resource to inject from another namespace.
+
+=== Multi-container pods
+
+The instrumentation is run on the first container that is available by default according to the pod specification. In some cases, you can also specify target containers for injection.
+
+.Pod annotation
+[source,yaml]
+----
+instrumentation.opentelemetry.io/container-names: "<container_1>,<container_2>"
+----
+
+[NOTE]
+====
+The Go auto-instrumentation does not support multi-container auto-instrumentation injection.
+====
diff --git a/modules/otel-config-multicluster.adoc b/modules/otel-config-multicluster.adoc
new file mode 100644
index 000000000000..d3353364d103
--- /dev/null
+++ b/modules/otel-config-multicluster.adoc
@@ -0,0 +1,265 @@
+// Module included in the following assemblies:
+// 
+// * otel/otel-configuring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="gathering-observability-data-from-different-clusters_{context}"]
+= Gathering the observability data from different clusters with the OpenTelemetry Collector
+
+For a multicluster configuration, you can create one OpenTelemetry Collector instance in each one of the remote clusters and then forward all the telemetry data to one OpenTelemetry Collector instance.
+
+.Prerequisites
+
+* The {OTELOperator} is installed.
+* The {TempoOperator} is installed.
+* A TempoStack instance is deployed on the cluster.
+* The following mounted certificates: Issuer, self-signed certificate, CA issuer, client and server certificates. To create any of these certificates, see step 1.
+
+.Procedure
+
+. Mount the following certificates in the OpenTelemetry Collector instance, skipping already mounted certificates.
+
+.. An Issuer to generate the certificates by using the {cert-manager-operator}.
++
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+----
+
+.. A self-signed certificate.
++
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ca
+spec:
+  isCA: true
+  commonName: ca
+  subject:
+    organizations:
+      - Organization # <your_organization_name>
+    organizationalUnits:
+      - Widgets
+  secretName: ca-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: Issuer
+    group: cert-manager.io
+----
+
+.. A CA issuer.
++
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: test-ca-issuer
+spec:
+  ca:
+    secretName: ca-secret
+----
+
+.. The client and server certificates.
++
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: server
+spec:
+  secretName: server-tls
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - "otel.observability.svc.cluster.local" # <1>
+  issuerRef:
+    name: ca-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: client
+spec:
+  secretName: client-tls
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - "otel.observability.svc.cluster.local" # <2>
+  issuerRef:
+    name: ca-issuer
+----
+<1> List of exact DNS names to be mapped to a solver in the server OpenTelemetry Collector instance.
+<2> List of exact DNS names to be mapped to a solver in the client OpenTelemetry Collector instance.
+
+. Create a service account for the OpenTelemetry Collector instance.
++
+.Example ServiceAccount
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-deployment
+----
+
+. Create a cluster role for the service account.
++
+.Example ClusterRole
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+  # <1>
+  # <2>
+- apiGroups: ["", "config.openshift.io"]
+  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+----
+<1> The `k8sattributesprocessor` requires permissions for pods and namespace resources.
+<2> The `resourcedetectionprocessor` requires permissions for infrastructures and status.
+
+. Bind the cluster role to the service account.
++
+.Example ClusterRoleBinding
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: otel-collector
+subjects:
+- kind: ServiceAccount
+  name: otel-collector-deployment
+  namespace: otel-collector-<example>
+roleRef:
+  kind: ClusterRole
+  name: otel-collector
+  apiGroup: rbac.authorization.k8s.io
+----
+
+. Create the YAML file to define the `OpenTelemetryCollector` custom resource (CR) in the edge clusters.
++
+.Example `OpenTelemetryCollector` custom resource for the edge clusters
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: otel-collector-<example>
+spec:
+  mode: daemonset
+  serviceAccount: otel-collector-deployment
+  config: |
+    receivers:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+      opencensus:
+      otlp:
+        protocols:
+          grpc:
+          http:
+      zipkin:
+    processors:
+      batch:
+      k8sattributes:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+      resourcedetection:
+        detectors: [openshift]
+    exporters:
+      otlphttp:
+        endpoint: https://observability-cluster.com:443 # <1>
+        tls:
+          insecure: false
+          cert_file: /certs/server.crt
+          key_file: /certs/server.key
+          ca_file: /certs/ca.crt
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger, opencensus, otlp, zipkin]
+          processors: [memory_limiter, k8sattributes, resourcedetection, batch]
+          exporters: [otlp]
+  volumes:
+    - name: otel-certs
+      secret:
+        name: otel-certs
+  volumeMounts:
+    - name: otel-certs
+      mountPath: /certs
+----
+<1> The Collector exporter is configured to export OTLP HTTP and points to the OpenTelemetry Collector from the central cluster.
+
+. Create the YAML file to define the `OpenTelemetryCollector` custom resource (CR) in the central cluster.
++
+.Example `OpenTelemetryCollector` custom resource for the central cluster
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otlp-receiver
+  namespace: observability
+spec:
+  mode: "deployment"
+  ingress:
+    type: route
+    route:
+      termination: "passthrough"
+  config: |
+    receivers:
+      otlp:
+        protocols:
+          http:
+            tls: # <1>
+              cert_file: /certs/server.crt
+              key_file: /certs/server.key
+              client_ca_file: /certs/ca.crt
+    exporters:
+      logging:
+      otlp:
+        endpoint: "tempo-<simplest>-distributor:4317" # <2>
+        tls:
+          insecure: true
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp]
+          processors: []
+          exporters: [otlp]
+  volumes:
+    - name: otel-certs
+      secret:
+        name: otel-certs
+  volumeMounts:
+    - name: otel-certs
+      mountPath: /certs
+----
+<1> The Collector receiver requires the certificates listed in the first step.
+<2> The Collector exporter is configured to export OTLP and points to the Tempo distributor endpoint, which in this example is `"tempo-simplest-distributor:4317"` and already created.
diff --git a/modules/otel-config-send-metrics-monitoring-stack.adoc b/modules/otel-config-send-metrics-monitoring-stack.adoc
new file mode 100644
index 000000000000..5671d0f6959e
--- /dev/null
+++ b/modules/otel-config-send-metrics-monitoring-stack.adoc
@@ -0,0 +1,67 @@
+// Module included in the following assemblies:
+// 
+// * otel/deploying-otel.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="configuration-for-sending-metrics-to-the-monitoring-stack_{context}"]
+= Configuration for sending metrics to the monitoring stack
+
+The OpenTelemetry Collector custom resource (CR) can be configured to create a Prometheus `ServiceMonitor` CR for scraping the Collector's pipeline metrics and the enabled Prometheus exporters.
+
+.Example of the OpenTelemetry Collector custom resource with the Prometheus exporter
+[source,yaml]
+----
+spec:
+  mode: deployment
+  observability:
+    metrics:
+      enableMetrics: true # <1>
+  config: |
+    exporters:
+      prometheus:
+        endpoint: 0.0.0.0:8889
+        resource_to_telemetry_conversion:
+          enabled: true # by default resource attributes are dropped
+    service:
+      telemetry:
+        metrics:
+          address: ":8888"
+      pipelines:
+        metrics:
+          receivers: [otlp]
+          exporters: [prometheus]
+----
+<1> Configures the operator to create the Prometheus `ServiceMonitor` CR to scrape the collector's internal metrics endpoint and Prometheus exporter metric endpoints. The metrics will be stored in the OpenShift monitoring stack.
+
+Alternatively, a manually created Prometheus `PodMonitor` can provide fine control, for example removing duplicated labels added during Prometheus scraping.
+
+.Example of the `PodMonitor` custom resource that configures the monitoring stack to scrape the Collector metrics
+[source,yaml]
+----
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: otel-collector
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: `<cr_name>-collector` # <1>
+  podMetricsEndpoints:
+  - port: metrics # <2>
+  - port: promexporter # <3>
+    relabelings:
+    - action: labeldrop
+      regex: pod
+    - action: labeldrop
+      regex: container
+    - action: labeldrop
+      regex: endpoint
+    metricRelabelings:
+    - action: labeldrop
+      regex: instance
+    - action: labeldrop
+      regex: job
+----
+<1> The name of the OpenTelemetry Collector custom resource.
+<2> The name of the internal metrics port for the OpenTelemetry Collector. This port name is always `metrics`.
+<3> The name of the Prometheus exporter port for the OpenTelemetry Collector.
diff --git a/modules/otel-configuring-otelcol-metrics.adoc b/modules/otel-configuring-otelcol-metrics.adoc
new file mode 100644
index 000000000000..8667def29f8c
--- /dev/null
+++ b/modules/otel-configuring-otelcol-metrics.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-configuring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-otelcol-metrics_{context}"]
+= Configuring the OpenTelemetry Collector metrics
+
+You can enable metrics and alerts of OpenTelemetry Collector instances.
+
+.Prerequisites
+
+* Monitoring for user-defined projects is enabled in the cluster.
+
+.Procedure
+
+* To enable metrics of a OpenTelemetry Collector instance, set the `spec.observability.metrics.enableMetrics` field to `true`:
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: <name>
+spec:
+  observability:
+    metrics:
+      enableMetrics: true
+----
+
+.Verification
+
+You can use the *Administrator* view of the web console to verify successful configuration:
+
+* Go to *Observe* -> *Targets*, filter by *Source: User*, and check that the *ServiceMonitors* in the `opentelemetry-collector-<instance_name>` format have the *Up* status.
diff --git a/modules/otel-forwarding.adoc b/modules/otel-forwarding.adoc
new file mode 100644
index 000000000000..a106f5810d1e
--- /dev/null
+++ b/modules/otel-forwarding.adoc
@@ -0,0 +1,149 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="forwarding-traces_{context}"]
+= Forwarding traces to a TempoStack by using the OpenTelemetry Collector
+
+To configure forwarding traces to a TempoStack, you can deploy and configure the OpenTelemetry Collector. You can deploy the OpenTelemetry Collector in the deployment mode by using the specified processors, receivers, and exporters. For other modes, see the OpenTelemetry Collector documentation linked in _Additional resources_.
+
+.Prerequisites
+
+* The {OTELOperator} is installed.
+* The {TempoOperator} is installed.
+* A TempoStack is deployed on the cluster.
+
+.Procedure
+
+. Create a service account for the OpenTelemetry Collector.
++
+.Example ServiceAccount
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-deployment
+----
+
+. Create a cluster role for the service account.
++
+.Example ClusterRole
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+  # <1>
+  # <2>
+- apiGroups: ["", "config.openshift.io"]
+  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+----
+<1> The `k8sattributesprocessor` requires permissions for pods and namespaces resources.
+<2> The `resourcedetectionprocessor` requires permissions for infrastructures and status.
+
+. Bind the cluster role to the service account.
++
+.Example ClusterRoleBinding
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: otel-collector
+subjects:
+- kind: ServiceAccount
+  name: otel-collector-deployment
+  namespace: otel-collector-example
+roleRef:
+  kind: ClusterRole
+  name: otel-collector
+  apiGroup: rbac.authorization.k8s.io
+----
+
+. Create the YAML file to define the `OpenTelemetryCollector` custom resource (CR).
++
+.Example OpenTelemetryCollector
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+spec:
+  mode: deployment
+  serviceAccount: otel-collector-deployment
+  config: |
+    receivers:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+      opencensus:
+      otlp:
+        protocols:
+          grpc:
+          http:
+      zipkin:
+    processors:
+      batch:
+      k8sattributes:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+      resourcedetection:
+        detectors: [openshift]
+    exporters:
+      otlp:
+        endpoint: "tempo-simplest-distributor:4317" # <1>
+        tls:
+          insecure: true
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger, opencensus, otlp, zipkin] # <2>
+          processors: [memory_limiter, k8sattributes, resourcedetection, batch]
+          exporters: [otlp]
+----
+<1> The Collector exporter is configured to export OTLP and points to the Tempo distributor endpoint, `"tempo-simplest-distributor:4317"` in this example, which is already created.
+<2> The Collector is configured with a receiver for Jaeger traces, OpenCensus traces over the OpenCensus protocol, Zipkin traces over the Zipkin protocol, and OTLP traces over the GRPC protocol.
+
+[TIP]
+====
+You can deploy `tracegen` as a test:
+[source,yaml]
+----
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: tracegen
+spec:
+  template:
+    spec:
+      containers:
+        - name: tracegen
+          image: ghcr.io/open-telemetry/opentelemetry-collector-contrib/tracegen:latest
+          command:
+            - "./tracegen"
+          args:
+            - -otlp-endpoint=otel-collector:4317
+            - -otlp-insecure
+            - -duration=30s
+            - -workers=1
+      restartPolicy: Never
+  backoffLimit: 4
+----
+====
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://opentelemetry.io/docs/collector/[OpenTelemetry Collector documentation]
+* link:https://github.com/os-observability/redhat-rhosdt-samples[Deployment examples on GitHub]
diff --git a/modules/otel-install-cli.adoc b/modules/otel-install-cli.adoc
new file mode 100644
index 000000000000..53959c1fb965
--- /dev/null
+++ b/modules/otel-install-cli.adoc
@@ -0,0 +1,179 @@
+// Module included in the following assemblies:
+//
+//* otel/otel-installing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-otel-by-using-the-cli_{context}"]
+= Installing the {OTELShortName} by using the CLI
+
+You can install the {OTELShortName} from the command line.
+
+.Prerequisites
+
+* An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
++
+[TIP]
+====
+* Ensure that your {oc-first} version is up to date and matches your {product-title} version.
+
+* Run `oc login`:
++
+[source,terminal]
+----
+$ oc login --username=<your_username>
+----
+====
+
+.Procedure
+
+. Install the {OTELOperator}:
+
+.. Create a project for the {OTELOperator} by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  labels:
+    kubernetes.io/metadata.name: openshift-opentelemetry-operator
+    openshift.io/cluster-monitoring: "true"
+  name: openshift-opentelemetry-operator
+EOF
+----
+
+.. Create an Operator group by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-opentelemetry-operator
+  namespace: openshift-opentelemetry-operator
+spec:
+  upgradeStrategy: Default
+EOF
+----
+
+.. Create a subscription by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: opentelemetry-product
+  namespace: openshift-opentelemetry-operator
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: opentelemetry-product
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+EOF
+----
+
+.. Check the Operator status by running the following command:
++
+[source,terminal]
+----
+$ oc get csv -n openshift-opentelemetry-operator
+----
+
+. Create a project of your choice for the OpenTelemetry Collector instance that you will create in a subsequent step:
+
+** To create a project without metadata, run the following command:
++
+[source,terminal]
+----
+$ oc new-project <project_of_opentelemetry_collector_instance>
+----
+
+** To create a project with metadata, run the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  name: <project_of_opentelemetry_collector_instance>
+EOF
+----
+
+. Create an OpenTelemetry Collector instance in the project that you created for it.
++
+[NOTE]
+====
+You can create multiple OpenTelemetry Collector instances in separate projects on the same cluster.
+====
++
+.. Customize the `OpenTelemetry Collector` custom resource (CR)  with the OTLP, Jaeger, and Zipkin receivers and the debug exporter:
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: <project_of_opentelemetry_collector_instance>
+spec:
+  mode: deployment
+  config: |
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+          http:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+      zipkin:
+    processors:
+      batch:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+    exporters:
+      debug:
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp,jaeger,zipkin]
+          processors: [memory_limiter,batch]
+          exporters: [debug]
+----
+
+.. Apply the customized CR by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f - << EOF
+<OpenTelemetryCollector_custom_resource>
+EOF
+----
+
+
+.Verification
+
+. Verify that the `status.phase` of the OpenTelemetry Collector pod is `Running` and the `conditions` are `type: Ready` by running the following command:
++
+[source,terminal]
+----
+$ oc get pod -l app.kubernetes.io/managed-by=opentelemetry-operator,app.kubernetes.io/instance=<namespace>.<instance_name> -o yaml
+----
+
+. Get the OpenTelemetry Collector service by running the following command:
++
+[source,terminal]
+----
+$ oc get service -l app.kubernetes.io/managed-by=opentelemetry-operator,app.kubernetes.io/instance=<namespace>.<instance_name>
+----
diff --git a/modules/otel-install-web-console.adoc b/modules/otel-install-web-console.adoc
new file mode 100644
index 000000000000..f6654ac6888a
--- /dev/null
+++ b/modules/otel-install-web-console.adoc
@@ -0,0 +1,93 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-installing.adoc 
+
+:_mod-docs-content-type: PROCEDURE
+[id="installing-otel-by-using-the-web-console_{context}"]
+= Installing the {OTELShortName} from the web console
+
+You can install the {OTELShortName} from the *Administrator* view of the web console.
+
+.Prerequisites
+
+* You are logged in to the web console as a cluster administrator with the `cluster-admin` role.
+
+* For {product-dedicated}, you must be logged in using an account with the `dedicated-admin` role.
+
+.Procedure
+
+. Install the {OTELOperator}:
+
+.. Go to *Operators* -> *OperatorHub* and search for `{OTELOperator}`.
+
+.. Select the *{OTELOperator}* that is *provided by Red Hat* -> *Install* -> *Install* -> *View Operator*.
++
+[IMPORTANT]
+====
+This installs the Operator with the default presets:
+
+* *Update channel* -> *stable*
+* *Installation mode* -> *All namespaces on the cluster*
+* *Installed Namespace* -> *openshift-operators*
+* *Update approval* -> *Automatic*
+====
+
+.. In the *Details* tab of the installed Operator page, under *ClusterServiceVersion details*, verify that the installation *Status* is *Succeeded*.
+
+. Create a project of your choice for the *OpenTelemetry Collector* instance that you will create in the next step by going to *Home* -> *Projects* -> *Create Project*.
+
+. Create an *OpenTelemetry Collector* instance.
+
+.. Go to *Operators* -> *Installed Operators*.
+
+.. Select *OpenTelemetry Collector* -> *Create OpenTelemetry Collector* -> *YAML view*.
+
+.. In the *YAML view*, customize the `OpenTelemetryCollector` custom resource (CR) with the OTLP, Jaeger, Zipkin receivers and the debug exporter.
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: <project_of_opentelemetry_collector_instance>
+spec:
+  mode: deployment
+  config: |
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+          http:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+      zipkin:
+    processors:
+      batch:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+    exporters:
+      debug:
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp,jaeger,zipkin]
+          processors: [memory_limiter,batch]
+          exporters: [debug]
+----
+
+.. Select *Create*.
+
+.Verification
+
+. Use the *Project:* dropdown list to select the project of the *OpenTelemetry Collector* instance.
+
+. Go to *Operators* -> *Installed Operators* to verify that the *Status* of the *OpenTelemetry Collector* instance is *Condition: Ready*.
+
+. Go to *Workloads* -> *Pods* to verify that all the component pods of the *OpenTelemetry Collector* instance are running.
diff --git a/modules/otel-migrating-from-jaeger-with-sidecars.adoc b/modules/otel-migrating-from-jaeger-with-sidecars.adoc
new file mode 100644
index 000000000000..8900fe7f354b
--- /dev/null
+++ b/modules/otel-migrating-from-jaeger-with-sidecars.adoc
@@ -0,0 +1,110 @@
+// Module included in the following assemblies:
+//
+// * otel-migrating.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="migrating-to-otel-from-jaeger-with-sidecars_{context}"]
+= Migrating from the {JaegerShortName} to the {OTELShortName} with sidecars
+
+The {OTELShortName} Operator supports sidecar injection into deployment workloads, so you can migrate from a {JaegerShortName} sidecar to a {OTELShortName} sidecar.
+
+.Prerequisites
+
+* The {JaegerName} is used on the cluster.
+* The {OTELName} is installed.
+
+.Procedure
+
+. Configure the OpenTelemetry Collector as a sidecar.
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: <otel-collector-namespace>
+spec:
+  mode: sidecar
+  config: |
+    receivers:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+    processors:
+      batch:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+      resourcedetection:
+        detectors: [openshift]
+        timeout: 2s
+    exporters:
+      otlp:
+        endpoint: "tempo-<example>-gateway:8090" # <1>
+        tls:
+          insecure: true
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger]
+          processors: [memory_limiter, resourcedetection, batch]
+          exporters: [otlp]
+----
+<1> This endpoint points to the Gateway of a TempoStack instance deployed by using the `<example>` {TempoOperator}.
+
+. Create a service account for running your application.
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-sidecar
+----
+
+. Create a cluster role for the permissions needed by some processors.
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector-sidecar
+rules:
+  # <1>
+- apiGroups: ["config.openshift.io"]
+  resources: ["infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+----
+<1> The `resourcedetectionprocessor` requires permissions for infrastructures and infrastructures/status.
+
+. Create a `ClusterRoleBinding` to set the permissions for the service account.
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: otel-collector-sidecar
+subjects:
+- kind: ServiceAccount
+  name: otel-collector-deployment
+  namespace: otel-collector-example
+roleRef:
+  kind: ClusterRole
+  name: otel-collector
+  apiGroup: rbac.authorization.k8s.io
+----
+
+. Deploy the OpenTelemetry Collector as a sidecar.
+
+. Remove the injected Jaeger Agent from your application by removing the `"sidecar.jaegertracing.io/inject": "true"` annotation from your `Deployment` object.
+
+. Enable automatic injection of the OpenTelemetry sidecar by adding the `sidecar.opentelemetry.io/inject: "true"` annotation to the `.spec.template.metadata.annotations` field of your `Deployment` object.
+
+. Use the created service account for the deployment of your application to allow the processors to get the correct information and add it to your traces.
diff --git a/modules/otel-migrating-from-jaeger-without-sidecars.adoc b/modules/otel-migrating-from-jaeger-without-sidecars.adoc
new file mode 100644
index 000000000000..7f74f3d02f35
--- /dev/null
+++ b/modules/otel-migrating-from-jaeger-without-sidecars.adoc
@@ -0,0 +1,133 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-migrating.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="migrating-to-otel-from-jaeger-without-sidecars_{context}"]
+= Migrating from the {JaegerShortName} to the {OTELShortName} without sidecars
+
+You can migrate from the {JaegerShortName} to the {OTELShortName} without sidecar deployment.
+
+.Prerequisites
+
+* The {JaegerName} is used on the cluster.
+* The {OTELName} is installed.
+
+.Procedure
+
+. Configure OpenTelemetry Collector deployment.
+
+. Create the project where the OpenTelemetry Collector will be deployed.
++
+[source,yaml]
+----
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  name: observability
+----
+
+. Create a service account for running the OpenTelemetry Collector instance.
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-deployment
+  namespace: observability
+----
+
+. Create a cluster role for setting the required permissions for the processors.
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+  # <1>
+  # <2>
+- apiGroups: ["", "config.openshift.io"]
+  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+----
+<1> Permissions for the `pods` and `namespaces` resources are required for the `k8sattributesprocessor`.
+<2> Permissions for `infrastructures` and `infrastructures/status` are required for `resourcedetectionprocessor`.
+
+. Create a ClusterRoleBinding to set the permissions for the service account.
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: otel-collector
+subjects:
+- kind: ServiceAccount
+  name: otel-collector-deployment
+  namespace: observability
+roleRef:
+  kind: ClusterRole
+  name: otel-collector
+  apiGroup: rbac.authorization.k8s.io
+----
+
+. Create the OpenTelemetry Collector instance.
++
+[NOTE]
+====
+This collector will export traces to a TempoStack instance. You must create your TempoStack instance by using the Red Hat Tempo Operator and place here the correct endpoint.
+====
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: observability
+spec:
+  mode: deployment
+  serviceAccount: otel-collector-deployment
+  config: |
+    receivers:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+    processors:
+      batch:
+      k8sattributes:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+      resourcedetection:
+        detectors: [openshift]
+    exporters:
+      otlp:
+        endpoint: "tempo-example-gateway:8090"
+        tls:
+          insecure: true
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger]
+          processors: [memory_limiter, k8sattributes, resourcedetection, batch]
+          exporters: [otlp]
+----
+
+. Point your tracing endpoint to the OpenTelemetry Operator.
+
+. If you are exporting your traces directly from your application to Jaeger, change the API endpoint from the Jaeger endpoint to the OpenTelemetry Collector endpoint.
++
+.Example of exporting traces by using the `jaegerexporter` with Golang
+[source,golang]
+----
+exp, err := jaeger.New(jaeger.WithCollectorEndpoint(jaeger.WithEndpoint(url))) # <1>
+----
+<1> The URL points to the OpenTelemetry Collector API endpoint.
diff --git a/modules/otel-remove-cli.adoc b/modules/otel-remove-cli.adoc
new file mode 100644
index 000000000000..0da6916b8a47
--- /dev/null
+++ b/modules/otel-remove-cli.adoc
@@ -0,0 +1,52 @@
+//Module included in the following assemblies:
+//
+// * otel/otel-removing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="removing-otel-instance-cli_{context}"]
+= Removing an OpenTelemetry Collector instance by using the CLI
+
+You can remove an OpenTelemetry Collector instance on the command line.
+
+.Prerequisites
+
+* An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
++
+[TIP]
+====
+* Ensure that your {oc-first} version is up to date and matches your {product-title} version.
+
+* Run `oc login`:
++
+[source,terminal]
+----
+$ oc login --username=<your_username>
+----
+====
+
+.Procedure
+
+. Get the name of the OpenTelemetry Collector instance by running the following command:
++
+[source,terminal]
+----
+$ oc get deployments -n <project_of_opentelemetry_instance>
+----
+
+. Remove the OpenTelemetry Collector instance by running the following command:
++
+[source,terminal]
+----
+$ oc delete opentelemetrycollectors <opentelemetry_instance_name> -n <project_of_opentelemetry_instance>
+----
+
+. Optional: Remove the {OTELOperator}.
+
+.Verification
+
+* To verify successful removal of the OpenTelemetry Collector instance, run `oc get deployments` again:
++
+[source,terminal]
+----
+$ oc get deployments -n <project_of_opentelemetry_instance>
+----
diff --git a/modules/otel-remove-web-console.adoc b/modules/otel-remove-web-console.adoc
new file mode 100644
index 000000000000..a2c6c6aa2453
--- /dev/null
+++ b/modules/otel-remove-web-console.adoc
@@ -0,0 +1,23 @@
+//Module included in the following assemblies:
+//
+// * otel/otel-removing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="removing-otel-instance_{context}"]
+= Removing an OpenTelemetry Collector instance by using the web console
+
+You can remove an OpenTelemetry Collector instance in the *Administrator* view of the web console.
+
+.Prerequisites
+
+* You are logged in to the web console as a cluster administrator with the `cluster-admin` role.
+
+* For {product-dedicated}, you must be logged in using an account with the `dedicated-admin` role.
+
+.Procedure
+
+. Go to *Operators* -> *Installed Operators* -> *{OTELOperator}* -> *OpenTelemetryInstrumentation* or *OpenTelemetryCollector*.
+
+. To remove the relevant instance, select {kebab} -> *Delete* ... -> *Delete*.
+
+. Optional: Remove the {OTELOperator}.
diff --git a/modules/otel-send-traces-and-metrics-to-otel-collector-with-sidecar.adoc b/modules/otel-send-traces-and-metrics-to-otel-collector-with-sidecar.adoc
new file mode 100644
index 000000000000..449b6c0095df
--- /dev/null
+++ b/modules/otel-send-traces-and-metrics-to-otel-collector-with-sidecar.adoc
@@ -0,0 +1,119 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="sending-traces-and-metrics-to-otel-collector-with-sidecar_{context}"]
+= Sending traces and metrics to the OpenTelemetry Collector with sidecar injection
+
+You can set up sending telemetry data to an OpenTelemetry Collector instance with sidecar injection.
+
+The {OTELOperator} allows sidecar injection into deployment workloads and automatic configuration of your instrumentation to send telemetry data to the OpenTelemetry Collector.
+
+.Prerequisites
+
+* The {TempoName} is installed, and a TempoStack instance is deployed.
+
+* You have access to the cluster through the web console or the {oc-first}:
+
+** You are logged in to the web console as a cluster administrator with the `cluster-admin` role.
+
+** An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
+
+** For {product-dedicated}, you must have an account with the `dedicated-admin` role.
+
+.Procedure
+
+. Create a project for an OpenTelemetry Collector instance.
++
+[source,yaml]
+----
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  name: observability
+----
+
+. Create a service account.
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-sidecar
+  namespace: observability
+----
+
+. Grant the permissions to the service account for the `k8sattributes` and `resourcedetection` processors.
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+- apiGroups: ["", "config.openshift.io"]
+  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: otel-collector
+subjects:
+- kind: ServiceAccount
+  name: otel-collector-sidecar
+  namespace: observability
+roleRef:
+  kind: ClusterRole
+  name: otel-collector
+  apiGroup: rbac.authorization.k8s.io
+----
+
+. Deploy the OpenTelemetry Collector as a sidecar.
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: observability
+spec:
+  serviceAccount: otel-collector-sidecar
+  mode: sidecar
+  config: |
+    serviceAccount: otel-collector-sidecar
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+          http:
+    processors:
+      batch:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+      resourcedetection:
+        detectors: [openshift]
+        timeout: 2s
+    exporters:
+      otlp:
+        endpoint: "tempo-<example>-gateway:8090" # <1>
+        tls:
+          insecure: true
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger]
+          processors: [memory_limiter, resourcedetection, batch]
+          exporters: [otlp]
+----
+<1> This points to the Gateway of the TempoStack instance deployed by using the `<example>` {TempoOperator}.
+
+. Create your deployment using the `otel-collector-sidecar` service account.
+
+. Add the `sidecar.opentelemetry.io/inject: "true"` annotation to your `Deployment` object. This will inject all the needed environment variables to send data from your workloads to the OpenTelemetry Collector instance.
diff --git a/modules/otel-send-traces-and-metrics-to-otel-collector-without-sidecar.adoc b/modules/otel-send-traces-and-metrics-to-otel-collector-without-sidecar.adoc
new file mode 100644
index 000000000000..1f27c913b1c7
--- /dev/null
+++ b/modules/otel-send-traces-and-metrics-to-otel-collector-without-sidecar.adoc
@@ -0,0 +1,155 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-using.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="sending-traces-and-metrics-to-otel-collector-without-sidecar_{context}"]
+= Sending traces and metrics to the OpenTelemetry Collector without sidecar injection
+
+You can set up sending telemetry data to an OpenTelemetry Collector instance without sidecar injection, which involves manually setting several environment variables.
+
+.Prerequisites
+
+* The {TempoName} is installed, and a TempoStack instance is deployed.
+
+* You have access to the cluster through the web console or the {oc-first}:
+
+** You are logged in to the web console as a cluster administrator with the `cluster-admin` role.
+
+** An active {oc-first} session by a cluster administrator with the `cluster-admin` role.
+
+** For {product-dedicated}, you must have an account with the `dedicated-admin` role.
+
+.Procedure
+
+. Create a project for an OpenTelemetry Collector instance.
++
+[source,yaml]
+----
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  name: observability
+----
+
+. Create a service account.
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-deployment
+  namespace: observability
+----
+
+. Grant the permissions to the service account for the `k8sattributes` and `resourcedetection` processors.
++
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+- apiGroups: ["", "config.openshift.io"]
+  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: otel-collector
+subjects:
+- kind: ServiceAccount
+  name: otel-collector
+  namespace: observability
+roleRef:
+  kind: ClusterRole
+  name: otel-collector
+  apiGroup: rbac.authorization.k8s.io
+----
+
+. Deploy the OpenTelemetry Collector instance with the `OpenTelemetryCollector` custom resource.
++
+[source,yaml]
+----
+apiVersion: opentelemetry.io/v1alpha1
+kind: OpenTelemetryCollector
+metadata:
+  name: otel
+  namespace: observability
+spec:
+  mode: deployment
+  serviceAccount: otel-collector-deployment
+  config: |
+    receivers:
+      jaeger:
+        protocols:
+          grpc:
+          thrift_binary:
+          thrift_compact:
+          thrift_http:
+      opencensus:
+      otlp:
+        protocols:
+          grpc:
+          http:
+      zipkin:
+    processors:
+      batch:
+      k8sattributes:
+      memory_limiter:
+        check_interval: 1s
+        limit_percentage: 50
+        spike_limit_percentage: 30
+      resourcedetection:
+        detectors: [openshift]
+    exporters:
+      otlp:
+        endpoint: "tempo-<example>-distributor:4317" # <1>
+        tls:
+          insecure: true
+    service:
+      pipelines:
+        traces:
+          receivers: [jaeger, opencensus, otlp, zipkin]
+          processors: [memory_limiter, k8sattributes, resourcedetection, batch]
+          exporters: [otlp]
+----
+<1> This points to the Gateway of the TempoStack instance deployed by using the `<example>` {TempoOperator}.
+
+. Set the environment variables in the container with your instrumented application.
++
+[options="header"]
+[cols="l, a, a"]
+|===
+|Name |Description |Default value
+|OTEL_SERVICE_NAME
+|Sets the value of the `service.name` resource attribute.
+|`""`
+
+|OTEL_EXPORTER_OTLP_ENDPOINT
+|Base endpoint URL for any signal type with an optionally specified port number.
+|`\https://localhost:4317`
+
+|OTEL_EXPORTER_OTLP_CERTIFICATE
+|Path to the certificate file for the TLS credentials of the gRPC client.
+|`\https://localhost:4317`
+
+|OTEL_TRACES_SAMPLER
+|Sampler to be used for traces.
+|`parentbased_always_on`
+
+|OTEL_EXPORTER_OTLP_PROTOCOL
+|Transport protocol for the OTLP exporter.
+|`grpc`
+
+|OTEL_EXPORTER_OTLP_TIMEOUT
+|Maximum time interval for the OTLP exporter to wait for each batch export.
+|`10s`
+
+|OTEL_EXPORTER_OTLP_INSECURE
+|Disables client transport security for gRPC requests. An HTTPS schema overrides it.
+|`False`
+|===
diff --git a/modules/otel-troubleshoot-collector-logs.adoc b/modules/otel-troubleshoot-collector-logs.adoc
new file mode 100644
index 000000000000..ff5a8741fac1
--- /dev/null
+++ b/modules/otel-troubleshoot-collector-logs.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="getting-otel-collector-logs_{context}"]
+= Getting the OpenTelemetry Collector logs
+
+You can get the logs for the OpenTelemetry Collector as follows.
+
+.Procedure
+
+. Set the relevant log level in the `OpenTelemetryCollector` custom resource (CR):
++
+[source,yaml]
+----
+  config: |
+    service:
+      telemetry:
+        logs:
+          level: debug # <1>
+----
+<1> Collector's log level. Supported values include `info`, `warn`, `error`, or `debug`. Defaults to `info`.
+
+. Use the `oc logs` command or the web console to retrieve the logs.
diff --git a/modules/otel-troubleshoot-logging-exporter-stdout.adoc b/modules/otel-troubleshoot-logging-exporter-stdout.adoc
new file mode 100644
index 000000000000..ca2b0046755b
--- /dev/null
+++ b/modules/otel-troubleshoot-logging-exporter-stdout.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="debug-exporter-to-stdout_{context}"]
+= Debug exporter
+
+You can configure the debug exporter to export the collected data to the standard output.
+
+.Procedure
+
+. Configure the `OpenTelemetryCollector` custom resource as follows:
++
+[source,yaml]
+----
+  config: |
+    exporters:
+      debug:
+        verbosity: detailed
+    service:
+      pipelines:
+        traces:
+          exporters: [debug]
+        metrics:
+          exporters: [debug]
+        logs:
+          exporters: [debug]
+----
+
+. Use the `oc logs` command or the web console to export the logs to the standard output.
diff --git a/modules/otel-troubleshoot-metrics.adoc b/modules/otel-troubleshoot-metrics.adoc
new file mode 100644
index 000000000000..6001d0e8127b
--- /dev/null
+++ b/modules/otel-troubleshoot-metrics.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// * otel/otel-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="exposing-metrics_{context}"]
+= Exposing the metrics
+
+The OpenTelemetry Collector exposes the metrics about the data volumes it has processed. The following metrics are for spans, although similar metrics are exposed for metrics and logs signals:
+
+`otelcol_receiver_accepted_spans`:: The number of spans successfully pushed into the pipeline.
+
+`otelcol_receiver_refused_spans`:: The number of spans that could not be pushed into the pipeline.
+`otelcol_exporter_sent_spans`:: The number of spans successfully sent to the destination.
+
+`otelcol_exporter_enqueue_failed_spans`:: The number of spans failed to be added to the sending queue.
+
+The operator creates a `<cr_name>-collector-monitoring` telemetry service that you can use to scrape the metrics endpoint.
+
+.Procedure
+
+. Enable the telemetry service by adding the following lines in the `OpenTelemetryCollector` custom resource:
+
++
+[source,yaml]
+----
+  config: |
+    service:
+      telemetry:
+        metrics:
+          address: ":8888" # <1>
+----
+<1> The address at which the internal collector metrics are exposed. Defaults to `:8888`.
+
+// TODO Operator 0.82.0 has spec.observability.metrics.enableMetrics config that creates ServiceMonitors for users
+
+. Retrieve the metrics by running the following command, which uses the port-forwarding Collector pod:
++
+[source,terminal]
+----
+$ oc port-forward <collector_pod>
+----
+
+. Access the metrics endpoint at `+http://localhost:8888/metrics+`.
diff --git a/modules/overriding-default-node-ip-selection-logic.adoc b/modules/overriding-default-node-ip-selection-logic.adoc
index c8d2e3060957..de0085e275f5 100644
--- a/modules/overriding-default-node-ip-selection-logic.adoc
+++ b/modules/overriding-default-node-ip-selection-logic.adoc
@@ -2,7 +2,7 @@
 //
 // * troubleshooting-network-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="overriding-default-node-ip-selection-logic_{context}"]
 = Optional: Overriding the default node IP selection logic
 
@@ -16,7 +16,7 @@ The following procedure shows how to override the default node IP selection logi
 
 .Procedure
 
-. Add a hint file to your `/etc/default/nodeip-configuration` file, for example: 
+. Add a hint file to your `/etc/default/nodeip-configuration` file, for example:
 +
 [source,text]
 ----
@@ -33,7 +33,7 @@ NODEIP_HINT=192.0.2.1
 +
 [source,terminal]
 ----
-$ echo -n 'NODEIP_HINT=192.0.2.1' | base64 -w0 
+$ echo -n 'NODEIP_HINT=192.0.2.1' | base64 -w0
 ----
 +
 .Example output
@@ -61,7 +61,7 @@ spec:
     storage:
       files:
       - contents:
-          source: data:text/plain;charset=utf-8;base64,<encoded_content> <1>
+          source: data:text/plain;charset=utf-8;base64,<encoded_content> # <1>
         mode: 0644
         overwrite: true
         path: /etc/default/nodeip-configuration
@@ -85,7 +85,7 @@ spec:
    storage:
      files:
      - contents:
-         source: data:text/plain;charset=utf-8;base64,<encoded_content> <1>
+         source: data:text/plain;charset=utf-8;base64,<encoded_content> # <1>
        mode: 0644
        overwrite: true
        path: /etc/default/nodeip-configuration
diff --git a/modules/ovirt-csi-driver-storage-class.adoc b/modules/ovirt-csi-driver-storage-class.adoc
deleted file mode 100644
index 193cf8371c73..000000000000
--- a/modules/ovirt-csi-driver-storage-class.adoc
+++ /dev/null
@@ -1,44 +0,0 @@
-// Module included in the following assemblies:
-//
-// * storage/container_storage_interface/persistent-storage-csi-ovirt.adoc
-// * post_installation_configuration/storage-configuration.adoc
-
-[id="ovirt-csi-driver-storage-class_{context}"]
-ifeval::["{context}" == "post-install-storage-configuration"]
-= {rh-virtualization-first} object definition
-endif::[]
-ifeval::["{context}" == "persistent-storage-csi-ovirt"]
-= {rh-virtualization-first} CSI driver storage class
-endif::[]
-
-
-{product-title} creates a default object of type `StorageClass` named `ovirt-csi-sc` which is used for creating dynamically provisioned persistent volumes.
-
-To create additional storage classes for different configurations, create and save a file with the `StorageClass` object described by the following sample YAML:
-
-.ovirt-storageclass.yaml
-[source,yaml]
-----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: <storage_class_name>  <1>
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "<boolean>"  <2>
-provisioner: csi.ovirt.org
-allowVolumeExpansion: <boolean> <3>
-reclaimPolicy: Delete <4>
-volumeBindingMode: Immediate <5>
-parameters:
-  storageDomainName: <rhv-storage-domain-name> <6>
-  thinProvisioning: "<boolean>"  <7>
-  csi.storage.k8s.io/fstype: <file_system_type> <8>
-----
-<1> Name of the storage class.
-<2> Set to `false` if the storage class is the default storage class in the cluster. If set to `true`, the existing default storage class must be edited and set to `false`.
-<3> `true` enables dynamic volume expansion, `false` prevents it. `true` is recommended.
-<4> Dynamically provisioned persistent volumes of this storage class are created with this reclaim policy. This default policy is `Delete`.
-<5> Indicates how to provision and bind `PersistentVolumeClaims`. When not set, `VolumeBindingImmediate` is used. This field is only applied by servers that enable the `VolumeScheduling` feature.
-<6> The {rh-virtualization} storage domain name to use.
-<7> If `true`, the disk is thin provisioned. If `false`, the disk is preallocated. Thin provisioning is recommended.
-<8> Optional: File system type to be created. Possible values: `ext4` (default) or `xfs`.
diff --git a/modules/ovn-kubernetes-architecture-con.adoc b/modules/ovn-kubernetes-architecture-con.adoc
index ab0188a52039..c8d8c9190426 100644
--- a/modules/ovn-kubernetes-architecture-con.adoc
+++ b/modules/ovn-kubernetes-architecture-con.adoc
@@ -1,27 +1,27 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ovn-kubernetes-architecture-con"]
 = Introduction to OVN-Kubernetes architecture
 
 The following diagram shows the OVN-Kubernetes architecture.
 
 .OVK-Kubernetes architecture
-image::299_OpenShift_OVN-Kubernetes_arch_0223_1.png[OVN-Kubernetes architecture]
+image::299_OpenShift_OVN-Kubernetes_arch_1023_1.png[OVN-Kubernetes architecture]
 
 The key components are:
 
 * **Cloud Management System (CMS)** - A platform specific client for OVN that provides a CMS specific plugin for OVN integration. The plugin translates the cloud management system's concept of the logical network configuration, stored in the CMS configuration database in a  CMS-specific  format, into an intermediate representation understood by OVN.
-* **OVN Northbound database (`nbdb`)** - Stores the logical network configuration passed by the CMS plugin.
-* **OVN Southbound database (`sbdb`)** - Stores the physical and logical network configuration state for OpenVswitch (OVS) system on each node, including tables that bind them.
-* **ovn-northd** - This is the intermediary client between `nbdb` and `sbdb`. It translates  the logical network configuration in terms of conventional network concepts, taken from the `nbdb`, into  logical data path flows in the `sbdb` below it. The container name is `northd` and it runs in the `ovnkube-master` pods.
-* **ovn-controller** - This is the OVN agent that interacts with OVS and hypervisors, for any information or update that is needed for `sbdb`. The `ovn-controller` reads logical flows from the `sbdb`, translates them into `OpenFlow` flows and sends them to the node’s OVS daemon. The container name is `ovn-controller` and it runs in the `ovnkube-node` pods.
+* **OVN Northbound database (`nbdb`) container** - Stores the logical network configuration passed by the CMS plugin.
+* **OVN Southbound database (`sbdb`) container** - Stores the physical and logical network configuration state for Open vSwitch (OVS) system on each node, including tables that bind them.
+* **OVN north daemon (`ovn-northd`)** - This is the intermediary client between `nbdb` container and `sbdb` container. It translates  the logical network configuration in terms of conventional network concepts, taken from the `nbdb` container, into  logical data path flows in the `sbdb` container. The container name for `ovn-northd` daemon is `northd` and it runs in the `ovnkube-node` pods.
+* **ovn-controller** - This is the OVN agent that interacts with OVS and hypervisors, for any information or update that is needed for `sbdb` container. The `ovn-controller` reads logical flows from the `sbdb` container, translates them into `OpenFlow` flows and sends them to the node’s OVS daemon. The container name is `ovn-controller` and it runs in the `ovnkube-node` pods.
+
+The OVN northd, northbound database, and southbound database run on each node in the cluster and mostly contain and process information that is local to that node.
 
 The OVN northbound database has the logical network configuration passed down to it by the cloud management system (CMS).
-The OVN northbound Database contains the current desired state of the network, presented as a collection of logical ports, logical switches, logical routers, and more.
+The OVN northbound database contains the current desired state of the network, presented as a collection of logical ports, logical switches, logical routers, and more.
 The `ovn-northd` (`northd` container) connects to the OVN northbound database and the OVN southbound database.
-It translates the logical network configuration in terms of conventional network concepts, taken from the OVN northbound Database, into logical data path flows in the OVN southbound database.
+It translates the logical network configuration in terms of conventional network concepts, taken from the OVN northbound database, into logical data path flows in the OVN southbound database.
 
-The OVN southbound database has physical and logical representations of the network and binding tables that link them together. Every node in the cluster is represented in the southbound database, and you can see the ports that are connected to it.
-It also contains all the logic flows, the logic flows are shared with the `ovn-controller` process that runs on each node and the `ovn-controller` turns those into `OpenFlow` rules to program `Open vSwitch`.
+The OVN southbound database has physical and logical representations of the network and binding tables that link them together. It contains the chassis information of the node and other constructs like remote transit switch ports that are required to connect to the other nodes in the cluster. The OVN southbound database also contains all the logic flows. The logic flows are shared with the `ovn-controller` process that runs on each node and the `ovn-controller` turns those into `OpenFlow` rules to program `Open vSwitch`(OVS).
 
-The Kubernetes control plane nodes each contain an `ovnkube-master` pod which hosts containers for the OVN northbound and southbound databases.
-All OVN northbound databases form a `Raft` cluster and all southbound databases form a separate `Raft` cluster. At any given time a single `ovnkube-master` is the leader and the other `ovnkube-master` pods are followers.
\ No newline at end of file
+The Kubernetes control plane nodes each contain an `ovnkube-control-plane` pod which does the central IP address management (IPAM) allocation for each node in the cluster. At any given time a single `ovnkube-control-plane` pod is the leader.
diff --git a/modules/ovn-kubernetes-logical-architecture-con.adoc b/modules/ovn-kubernetes-logical-architecture-con.adoc
index 9da4a169e4fc..8f4be2b90258 100644
--- a/modules/ovn-kubernetes-logical-architecture-con.adoc
+++ b/modules/ovn-kubernetes-logical-architecture-con.adoc
@@ -1,11 +1,11 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ovn-kubernetes-logical-architecture-con_{context}"]
 = OVN-Kubernetes logical architecture
 
 OVN is a network virtualization solution. It creates logical switches and routers. These switches and routers are interconnected to create any network topologies. When you run `ovnkube-trace` with the log level set to 2 or 5 the OVN-Kubernetes logical components are exposed. The following diagram shows how the routers and switches are connected in {product-title}.
 
 .OVN-Kubernetes router and switch components
-image::299_OpenShift_OVN-Kubernetes_arch_0123_2.png[OVN-Kubernetes logical architecture]
+image::299_OpenShift_OVN-Kubernetes_arch_1023_2.png[OVN-Kubernetes logical architecture]
 
 The key components involved in packet processing are:
 
diff --git a/modules/patch-argocd-instance.adoc b/modules/patch-argocd-instance.adoc
index ab4d688c5d22..dae80630ba78 100644
--- a/modules/patch-argocd-instance.adoc
+++ b/modules/patch-argocd-instance.adoc
@@ -2,12 +2,12 @@
 //
 // * cicd/gitops/configuring-resource-quota.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="patch-argocd-instance_{context}"]
 = Patching Argo CD instance to update the resource requirements
 
 [role="_abstract"]
-You can update the resource requirements for all or any of the workloads post installation. 
+You can update the resource requirements for all or any of the workloads post installation.
 
 .Procedure
 Update the `Application Controller` resource requests of an Argo CD instance in the Argo CD namespace.
diff --git a/modules/performance-challenges-in-machine-configurations-and-argo-cd.adoc b/modules/performance-challenges-in-machine-configurations-and-argo-cd.adoc
index ecb60c262835..4f1d516b298d 100644
--- a/modules/performance-challenges-in-machine-configurations-and-argo-cd.adoc
+++ b/modules/performance-challenges-in-machine-configurations-and-argo-cd.adoc
@@ -1,4 +1,4 @@
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="performance-challenges-in-machine-configurations-and-argo-cd"]
 = Solution: Enhance performance in machine configurations and Argo CD
diff --git a/modules/performing-a-backup-oadp-rosa-sts.adoc b/modules/performing-a-backup-oadp-rosa-sts.adoc
new file mode 100644
index 000000000000..7ecfb9c1de7d
--- /dev/null
+++ b/modules/performing-a-backup-oadp-rosa-sts.adoc
@@ -0,0 +1,166 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="performing-a-backup-oadp-rosa-sts_{context}"]
+= Performing a backup with OADP and ROSA STS
+
+The following example `hello-world` application has no persistent volumes (PVs) attached. Perform a backup with {oadp-first} with {product-rosa} (ROSA) STS.
+
+Either Data Protection Application (DPA) configuration will work.
+
+. Create a workload to back up by running the following commands:
++
+[source,terminal]
+----
+$ oc create namespace hello-world
+----
++
+[source,terminal]
+----
+$ oc new-app -n hello-world --image=docker.io/openshift/hello-openshift
+----
+
+. Expose the route by running the following command:
++
+[source,terminal]
+----
+$ oc expose service/hello-openshift -n hello-world
+----
+
+. Check that the application is working by running the following command:
++
+[source,terminal]
+----
+$ curl `oc get route/hello-openshift -n hello-world -o jsonpath='{.spec.host}'`
+----
++
+.Example output
+[source,terminal]
+----
+Hello OpenShift!
+----
+
+
+. Back up the workload by running the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+  apiVersion: velero.io/v1
+  kind: Backup
+  metadata:
+    name: hello-world
+    namespace: openshift-adp
+  spec:
+    includedNamespaces:
+    - hello-world
+    storageLocation: ${CLUSTER_NAME}-dpa-1
+    ttl: 720h0m0s
+EOF
+----
+
+. Wait until the backup is completed and then run the following command:
++
+[source,terminal]
+----
+$ watch "oc -n openshift-adp get backup hello-world -o json | jq .status"
+----
++
+.Example output
++
+[source,json]
+----
+{
+  "completionTimestamp": "2022-09-07T22:20:44Z",
+  "expiration": "2022-10-07T22:20:22Z",
+  "formatVersion": "1.1.0",
+  "phase": "Completed",
+  "progress": {
+    "itemsBackedUp": 58,
+    "totalItems": 58
+  },
+  "startTimestamp": "2022-09-07T22:20:22Z",
+  "version": 1
+}
+----
+
+. Delete the demo workload by running the following command:
++
+[source,terminal]
+----
+$ oc delete ns hello-world
+----
+
+. Restore the workload from the backup by running the following command:
++
+[source,terminal]
+----
+$ cat << EOF | oc create -f -
+  apiVersion: velero.io/v1
+  kind: Restore
+  metadata:
+    name: hello-world
+    namespace: openshift-adp
+  spec:
+    backupName: hello-world
+EOF
+----
+
+. Wait for the Restore to finish by running the following command:
++
+[source,terminal]
+----
+$ watch "oc -n openshift-adp get restore hello-world -o json | jq .status"
+----
++
+.Example output
++
+[source,json]
+----
+{
+  "completionTimestamp": "2022-09-07T22:25:47Z",
+  "phase": "Completed",
+  "progress": {
+    "itemsRestored": 38,
+    "totalItems": 38
+  },
+  "startTimestamp": "2022-09-07T22:25:28Z",
+  "warnings": 9
+}
+----
+
+. Check that the workload is restored by running the following command:
++
+[source,terminal]
+----
+$ oc -n hello-world get pods
+----
++
+.Example output
++
+[source,terminal]
+----
+NAME                              READY   STATUS    RESTARTS   AGE
+hello-openshift-9f885f7c6-kdjpj   1/1     Running   0          90s
+----
+. Check the JSONPath by running the following command:
++
+[source,terminal]
+----
+$ curl `oc get route/hello-openshift -n hello-world -o jsonpath='{.spec.host}'`
+----
++
+.Example output
++
+[source,terminal]
+----
+Hello OpenShift!
+----
+
+[NOTE]
+====
+For troubleshooting tips, see the OADP team’s link:https://access.redhat.com/articles/5456281[troubleshooting documentation].
+====
+
diff --git a/modules/persistent-kubelet-log-level-configuration.adoc b/modules/persistent-kubelet-log-level-configuration.adoc
index 5c0b6d105a48..5b654f26a6ca 100644
--- a/modules/persistent-kubelet-log-level-configuration.adoc
+++ b/modules/persistent-kubelet-log-level-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-kubelet-log-level-configuration_{context}"]
 = Persistent kubelet log level configuration
 
diff --git a/modules/persistent-storage-byok.adoc b/modules/persistent-storage-byok.adoc
index 324ceb11deb2..9acee6549418 100644
--- a/modules/persistent-storage-byok.adoc
+++ b/modules/persistent-storage-byok.adoc
@@ -4,7 +4,7 @@
 // storage/container_storage_interface/persistent-storage-csi-ebs.adoc
 // storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="byok_{context}"]
 = User-managed encryption
 
@@ -17,3 +17,5 @@ This features supports the following storage types:
 * Microsoft Azure Disk storage
 
 * Google Cloud Platform (GCP) persistent disk (PD) storage
+
+* IBM Virtual Private Cloud (VPC) Block storage
diff --git a/modules/persistent-storage-cinder-creating-pv.adoc b/modules/persistent-storage-cinder-creating-pv.adoc
index 5884772dfd67..01e7d9aa95d5 100644
--- a/modules/persistent-storage-cinder-creating-pv.adoc
+++ b/modules/persistent-storage-cinder-creating-pv.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent_storage-cinder.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-cinder-creating-pv_{context}"]
 = Creating the persistent volume
 
diff --git a/modules/persistent-storage-cinder-volume-security.adoc b/modules/persistent-storage-cinder-volume-security.adoc
index fb8350db14ca..c06d2d6d55cc 100644
--- a/modules/persistent-storage-cinder-volume-security.adoc
+++ b/modules/persistent-storage-cinder-volume-security.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent_storage-cinder.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-cinder-volume-security_{context}"]
 = Cinder volume security
 
diff --git a/modules/persistent-storage-csi-about.adoc b/modules/persistent-storage-csi-about.adoc
index 3bee883a3092..b326205a3084 100644
--- a/modules/persistent-storage-csi-about.adoc
+++ b/modules/persistent-storage-csi-about.adoc
@@ -2,11 +2,10 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-ebs.adoc
 // * storage/container_storage_interface/persistent-storage-csi-manila.adoc
-// * storage/container_storage_interface/persistent-storage-csi-ovirt.adoc
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="csi-about_{context}"]
 = About CSI
 Storage vendors have traditionally provided storage drivers as part of Kubernetes. With the implementation of the Container Storage Interface (CSI), third-party providers can instead deliver storage plugins using a standard interface without ever having to change the core Kubernetes code.
diff --git a/modules/persistent-storage-csi-azure-disk-sc-zrs.adoc b/modules/persistent-storage-csi-azure-disk-sc-zrs.adoc
index ae38dd63092f..089297133b56 100644
--- a/modules/persistent-storage-csi-azure-disk-sc-zrs.adoc
+++ b/modules/persistent-storage-csi-azure-disk-sc-zrs.adoc
@@ -4,7 +4,7 @@
 // * storage/container_storage_interface/persistent-storage-csi-azure.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-azure-disk-sc-zrs_{context}"]
 = Creating a storage class with storage account type
 
@@ -19,7 +19,7 @@ Both ZRS and PremiumV2_LRS have some region limitations. For information about t
 
 .Prerequisites
 
-* Access to an {product-title} cluster with administrator rights 
+* Access to an {product-title} cluster with administrator rights
 
 .Procedure
 
@@ -27,7 +27,7 @@ Use the following steps to create a storage class with a storage account type.
 
 . Create a storage class designating the storage account type using a YAML file similar to the following:
 +
-[source, terminal]
+[source,terminal]
 --
 $ oc create -f - << EOF
 apiVersion: storage.k8s.io/v1
diff --git a/modules/persistent-storage-csi-azure-file-nfs.adoc b/modules/persistent-storage-csi-azure-file-nfs.adoc
new file mode 100644
index 000000000000..f08cccf024a4
--- /dev/null
+++ b/modules/persistent-storage-csi-azure-file-nfs.adoc
@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+//
+// * storage/container_storage_interface/persistent_storage-csi-azure-file.adoc
+//
+
+:_mod-docs-content-type: CONCEPT
+[id="persistent-storage-csi-azure-file-nfs_{context}"]
+= NFS support
+
+{product-title} supports the Azure File Container Storage Interface (CSI) Driver Operator with Network File System (NFS) with the following restrictions:
+
+* Creating pods with Azure File NFS volumes that are scheduled to the control plane node causes the mount to be denied.
++
+To work around this issue: If your control plane nodes are schedulable, and the pods can run on worker nodes, use `nodeSelector` or Affinity to schedule the pod in worker nodes.
+
+* FS Group policy behavior:
++
+[IMPORTANT]
+=====
+Azure File CSI with NFS does not honor the `fsGroupChangePolicy` requested by pods. Azure File CSI with NFS applies a default `OnRootMismatch` FS Group policy regardless of the policy requested by the pod.
+=====
+
+* The Azure File CSI Operator does not automatically create a storage class for NFS. You must create it manually. Use a file similar to the following:
++
+[source, yaml]
+----
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: <storage-class-name> <1>
+provisioner: file.csi.azure.com <2>
+parameters:
+  protocol: nfs <3>
+  skuName: Premium_LRS  # available values: Premium_LRS, Premium_ZRS
+mountOptions:
+  - nconnect=4
+----
+<1> Storage class name.
+<2> Specifies the Azure File CSI provider.
+<3> Specifies NFS as the storage backend protocol.
diff --git a/modules/persistent-storage-csi-cloning-overview.adoc b/modules/persistent-storage-csi-cloning-overview.adoc
index bfd9483394fd..419aa20fa0b9 100644
--- a/modules/persistent-storage-csi-cloning-overview.adoc
+++ b/modules/persistent-storage-csi-cloning-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-cloning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-cloning-overview_{context}"]
 = Overview of CSI volume cloning
 
diff --git a/modules/persistent-storage-csi-cloning-provisioning.adoc b/modules/persistent-storage-csi-cloning-provisioning.adoc
index 58b49e9e9cd6..d2a6a73b56ad 100644
--- a/modules/persistent-storage-csi-cloning-provisioning.adoc
+++ b/modules/persistent-storage-csi-cloning-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-cloning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-cloning-provisioning_{context}"]
 = Provisioning a CSI volume clone
 
diff --git a/modules/persistent-storage-csi-drivers-supported.adoc b/modules/persistent-storage-csi-drivers-supported.adoc
index e27716dd7ced..ce3acddd31f5 100644
--- a/modules/persistent-storage-csi-drivers-supported.adoc
+++ b/modules/persistent-storage-csi-drivers-supported.adoc
@@ -9,31 +9,43 @@
 
 To create CSI-provisioned persistent volumes that mount to these supported storage assets, {product-title} installs the necessary CSI driver Operator, the CSI driver, and the required storage class by default. For more details about the default namespace of the Operator and driver, see the documentation for the specific CSI Driver Operator.
 
-The following table describes the CSI drivers that are installed with {product-title} and which CSI features they support, such as volume snapshots, cloning, and resize.
+ifndef::openshift-rosa[]
+[IMPORTANT]
+====
+The AWS EFS and GCP Filestore CSI drivers are not installed by default, and must be installed manually. For instructions on installing the AWS EFS CSI driver, see link:https://access.redhat.com/documentation/en-us/openshift_dedicated/4/html/storage/using-container-storage-interface-csi#osd-persistent-storage-aws-efs-csi[Setting up AWS Elastic File Service CSI Driver Operator]. For instructions on installing the GCP Filestore CSI driver, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/storage/using-container-storage-interface-csi#persistent-storage-csi-google-cloud-file-overview[Google Compute Platform Filestore CSI Driver Operator].
+====
+endif::openshift-rosa[]
+The following table describes the CSI drivers that are
+ifndef::openshift-dedicated[]
+installed with {product-title}
+endif::openshift-dedicated[]
+ifndef::openshift-rosa[]
+supported by {product-title}
+endif::openshift-rosa[]
+and which CSI features they support, such as volume snapshots and resize.
 
 .Supported CSI drivers and features in {product-title}
 [cols=",^v,^v,^v,^v,^v width="100%",options="header"]
 |===
-|CSI driver |CSI volume snapshots  |CSI cloning  |CSI resize |  inline ephemeral volumes
+|CSI driver |CSI volume snapshots  |CSI cloning  |CSI resize |Inline ephemeral volumes
 ifndef::openshift-dedicated,openshift-rosa[]
 |AliCloud Disk | ✅ | - | ✅ | -
 endif::openshift-dedicated,openshift-rosa[]
 |AWS EBS | ✅ | - | ✅| -
 |AWS EFS | - | - | -| -
 ifndef::openshift-rosa[]
-|Google Compute Platform (GCP) persistent disk (PD)| ✅ | - | ✅| -
+|Google Compute Platform (GCP) persistent disk (PD)|  ✅|  ✅ | ✅| -
 |GCP Filestore | ✅ | - | ✅| -
 endif::openshift-rosa[]
 ifndef::openshift-dedicated,openshift-rosa[]
-|{ibmpowerProductName} Virtual Server Block | - | - | ✅ | - 
-|IBM VPC Block | ✅^[3]^ | - | ✅^[3]^| -
+|{ibm-power-server-name} Block | - | - | ✅ | -
+|{ibm-cloud-name} Block | ✅^[3]^ | - | ✅^[3]^| -
 |Microsoft Azure Disk | ✅ | ✅ | ✅| -
 |Microsoft Azure Stack Hub | ✅ | ✅ | ✅| -
 |Microsoft Azure File | - | - | ✅| ✅
 |OpenStack Cinder | ✅ | ✅ | ✅| -
 |OpenShift Data Foundation | ✅ | ✅ | ✅| -
 |OpenStack Manila | ✅ | - | -| -
-|Red Hat Virtualization (oVirt) | - | - | ✅| -
 |Shared Resource | - | - | - | ✅
 |VMware vSphere | ✅^[1]^ | - | ✅^[2]^| -
 endif::openshift-dedicated,openshift-rosa[]
@@ -57,8 +69,12 @@ ifndef::openshift-dedicated,openshift-rosa[]
 * Does not support offline snapshots or resize. Volume must be attached to a running pod.
 --
 endif::openshift-dedicated,openshift-rosa[]
-
+ifndef::openshift-rosa[]
 [IMPORTANT]
 ====
 If your CSI driver is not listed in the preceding table, you must follow the installation instructions provided by your CSI storage vendor to use their supported CSI features.
 ====
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+In addition to the drivers listed in the preceding table, ROSA functions with CSI drivers from third-party storage vendors such as AWS FSX or Pure Storage Portworx. Red Hat does not oversee third-party provisioners or the connected CSI drivers and the vendors fully control source code, deployment, operation, and Kubernetes compatibility. These volume provisioners are considered customer-managed and the respective vendors are responsible for providing support. See the link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.html#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[Shared responsibilities for {product-title}] matrix for more information. 
+endif::openshift-rosa[]
\ No newline at end of file
diff --git a/modules/persistent-storage-csi-dynamic-provisioning-aws-efs.adoc b/modules/persistent-storage-csi-dynamic-provisioning-aws-efs.adoc
index 0173bbcf117c..5d83bbd37912 100644
--- a/modules/persistent-storage-csi-dynamic-provisioning-aws-efs.adoc
+++ b/modules/persistent-storage-csi-dynamic-provisioning-aws-efs.adoc
@@ -3,12 +3,12 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="csi-dynamic-provisioning-aws-efs_{context}"]
-= Dynamic provisioning for AWS EFS
+= Dynamic provisioning for Amazon Elastic File Storage
 
 [role="_abstract"]
-The AWS EFS CSI Driver supports a different form of dynamic provisioning than other CSI drivers. It provisions new PVs as subdirectories of a pre-existing EFS volume. The PVs are independent of each other. However, they all share the same EFS volume. When the volume is deleted, all PVs provisioned out of it are deleted too.
+The link:https://github.com/openshift/aws-efs-csi-driver[AWS EFS CSI driver] supports a different form of dynamic provisioning than other CSI drivers. It provisions new PVs as subdirectories of a pre-existing EFS volume. The PVs are independent of each other. However, they all share the same EFS volume. When the volume is deleted, all PVs provisioned out of it are deleted too.
 The EFS CSI driver creates an AWS Access Point for each such subdirectory. Due to AWS AccessPoint limits, you can only dynamically provision 1000 PVs from a single `StorageClass`/EFS volume.
 
 [IMPORTANT]
@@ -22,7 +22,7 @@ Using monitoring of EFS volume sizes in AWS is strongly recommended.
 
 .Prerequisites
 
-* You have created AWS EFS volumes.
+* You have created Amazon Elastic File Storage (Amazon EFS) volumes.
 * You have created the AWS EFS storage class.
 
 .Procedure
diff --git a/modules/persistent-storage-csi-dynamic-provisioning.adoc b/modules/persistent-storage-csi-dynamic-provisioning.adoc
index 260ac3b59b0a..fd0b9ba62170 100644
--- a/modules/persistent-storage-csi-dynamic-provisioning.adoc
+++ b/modules/persistent-storage-csi-dynamic-provisioning.adoc
@@ -4,7 +4,7 @@
 // * microshift_storage/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="csi-dynamic-provisioning_{context}"]
 = Dynamic provisioning
 
diff --git a/modules/persistent-storage-csi-efs-create-volume.adoc b/modules/persistent-storage-csi-efs-create-volume.adoc
index cf1c150b2f3e..207c12f160d4 100644
--- a/modules/persistent-storage-csi-efs-create-volume.adoc
+++ b/modules/persistent-storage-csi-efs-create-volume.adoc
@@ -4,7 +4,7 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="efs-create-volume_{context}"]
 = Creating and configuring access to EFS volumes in AWS
 
diff --git a/modules/persistent-storage-csi-efs-cross-account.adoc b/modules/persistent-storage-csi-efs-cross-account.adoc
index 016c4afbef31..8aed1be99d63 100644
--- a/modules/persistent-storage-csi-efs-cross-account.adoc
+++ b/modules/persistent-storage-csi-efs-cross-account.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
 // * storage/persistent_storage/persistent-storage-csi-aws-efs.adoc
-// 
+//
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-efs-cross-account_{context}"]
 = AWS EFS CSI cross account support
 
@@ -42,7 +42,7 @@ To use AWS EFS across accounts:
 
 ... Create a filesystem named, for example, "my-filesystem”.
 
-... Select the VPC created earlier (“my-efs-vpc”). 
+... Select the VPC created earlier (“my-efs-vpc”).
 
 ... Accept the default for the remaining settings.
 
@@ -90,7 +90,7 @@ Ensure the two VPCs are using different network CIDRs, and after creating the VP
 
 ... Click the *Routes* tab.
 
-... Under *Destination*, enter 10.0.0.0/16. 
+... Under *Destination*, enter 10.0.0.0/16.
 
 ... Under *Target*, use the peer connection type point from the created peer connection.
 
@@ -102,11 +102,11 @@ Ensure the two VPCs are using different network CIDRs, and after creating the VP
 
 ... Click the *Routes* tab.
 
-... Under *Destination*, enter the CIDR for the VPC in account B, which for this example is 172.20.0.0/16. 
+... Under *Destination*, enter the CIDR for the VPC in account B, which for this example is 172.20.0.0/16.
 
 ... Under *Target*, use the peer connection type point from the created peer connection.
 
-. Create an IAM role, for example, “my-efs-acrossaccount-role” in AWS account B, which has a trust relationship with AWS account A, and add an inline AWS EFS policy with permissions to call “my-efs-acrossaccount-driver-policy”. 
+. Create an IAM role, for example, “my-efs-acrossaccount-role” in AWS account B, which has a trust relationship with AWS account A, and add an inline AWS EFS policy with permissions to call “my-efs-acrossaccount-driver-policy”.
 +
 This role is used by the CSI driver's controller service running on the {product-title} cluster in AWS account A to determine the mount targets for your file system in AWS account B.
 +
@@ -209,7 +209,7 @@ $ oc -n openshift-cluster-csi-drivers create role access-secrets --verb=get,list
 $ oc -n openshift-cluster-csi-drivers create rolebinding --role=access-secrets default-to-secrets --serviceaccount=openshift-cluster-csi-drivers:aws-efs-csi-driver-controller-sa
 ----
 
-. Create a `filesystem` policy for the file system (AWS EFS volume) in account B, which allows AWS account A to perform a mount on it. 
+. Create a `filesystem` policy for the file system (AWS EFS volume) in account B, which allows AWS account A to perform a mount on it.
 +
 [NOTE]
 ----
diff --git a/modules/persistent-storage-csi-efs-driver-install.adoc b/modules/persistent-storage-csi-efs-driver-install.adoc
index 57011261dac2..d3f05f045a6f 100644
--- a/modules/persistent-storage-csi-efs-driver-install.adoc
+++ b/modules/persistent-storage-csi-efs-driver-install.adoc
@@ -3,12 +3,12 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-csi-aws-efs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-efs-driver-install_{context}"]
 = Installing the {FeatureName} CSI Driver
 
 ifdef::openshift-rosa[]
-After installing the {FeatureName} CSI Driver Operator and configuring it with STS, you install the {FeatureName} CSI Driver.
+After installing the link:https://github.com/openshift/aws-efs-csi-driver-operator[{FeatureName} CSI Driver Operator] (a Red Hat operator) and configuring it with STS, you install the link:https://github.com/openshift/aws-efs-csi-driver[{FeatureName} CSI driver].
 endif::openshift-rosa[]
 ifdef::openshift-dedicated[]
 After installing the {FeatureName} CSI Driver Operator, you install the {FeatureName} CSI Driver.
diff --git a/modules/persistent-storage-csi-efs-security.adoc b/modules/persistent-storage-csi-efs-security.adoc
index 9e56771096bc..b8bbd3d98a70 100644
--- a/modules/persistent-storage-csi-efs-security.adoc
+++ b/modules/persistent-storage-csi-efs-security.adoc
@@ -5,9 +5,9 @@
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
 [id="efs-security_{context}"]
-= AWS EFS security
+= Amazon Elastic File Storage security
 
-The following information is important for AWS EFS security.
+The following information is important for Amazon Elastic File Storage (Amazon EFS) security.
 
 When using access points, for example, by using dynamic provisioning as described earlier, Amazon automatically replaces GIDs on files with the GID of the access point. In addition, EFS considers the user ID, group ID, and secondary group IDs of the access point when evaluating file system permissions. EFS ignores the NFS client's IDs. For more information about access points, see https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html.
 
diff --git a/modules/persistent-storage-csi-efs-static-pv.adoc b/modules/persistent-storage-csi-efs-static-pv.adoc
index f16c125abf3e..a0a5d628e258 100644
--- a/modules/persistent-storage-csi-efs-static-pv.adoc
+++ b/modules/persistent-storage-csi-efs-static-pv.adoc
@@ -4,15 +4,15 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="efs-create-static-pv_{context}"]
-= Creating static PVs with AWS EFS
+= Creating static PVs with Amazon Elastic File Storage
 
-It is possible to use an AWS EFS volume as a single PV without any dynamic provisioning. The whole volume is mounted to pods.
+It is possible to use an Amazon Elastic File Storage (Amazon EFS) volume as a single PV without any dynamic provisioning. The whole volume is mounted to pods.
 
 .Prerequisites
 
-* You have created AWS EFS volumes.
+* You have created Amazon EFS volumes.
 
 .Procedure
 
diff --git a/modules/persistent-storage-csi-efs-sts.adoc b/modules/persistent-storage-csi-efs-sts.adoc
index 62b4133527e8..c1bc0008ab71 100644
--- a/modules/persistent-storage-csi-efs-sts.adoc
+++ b/modules/persistent-storage-csi-efs-sts.adoc
@@ -2,30 +2,29 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="efs-sts_{context}"]
-= Configuring AWS EFS CSI Driver Operator with Security Token Service
+= Obtaining a role Amazon Resource Name for Security Token Service
 
-This procedure explains how to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
-
-Perform this procedure before you have installed the AWS EFS CSI Operator, but not yet installed the AWS EFS CSI driver as part of the _Installing the AWS EFS CSI Driver Operator_ procedure. 
+This procedure explains how to obtain a role Amazon Resource Name (ARN) to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
 
 [IMPORTANT]
 ====
-If you perform this procedure after installing the driver and creating volumes, your volumes will fail to mount into pods.
+Perform this procedure before you install the AWS EFS CSI Driver Operator (see _Installing the AWS EFS CSI Driver Operator_ procedure).
 ====
 
 .Prerequisites
 
-* You have access to the cluster as a user with the cluster-admin role.
+* Access to the cluster as a user with the cluster-admin role.
 * AWS account credentials
-* You have installed the AWS EFS CSI Operator.
 
 .Procedure
 
-To configure the AWS EFS CSI Driver Operator with STS:
+You can obtain the ARN role in multiple ways. The following procedure shows one method that uses the same concept and CCO utility (`ccoctl`) binary tool as cluster installation.
+
+To obtain a role ARN for configuring AWS EFS CSI Driver Operator using STS:
 
-. Extract the CCO utility (`ccoctl`) binary from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
+. Extract the `ccoctl` from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
 
 . Create and save an EFS `CredentialsRequest` YAML file, such as shown in the following example, and then place it in the `credrequests` directory:
 +
@@ -56,7 +55,7 @@ spec:
 
 . Run the `ccoctl` tool to generate a new IAM role in AWS, and create a YAML file for it in the local file system (`<path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml`).
 +
-[source, terminal]
+[source,terminal]
 ----
 $ ccoctl aws create-iam-roles --name=<name> --region=<aws_region> --credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests --identity-provider-arn=arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com
 ----
@@ -71,37 +70,44 @@ $ ccoctl aws create-iam-roles --name=<name> --region=<aws_region> --credentials-
 +
 .Example
 +
-[source, terminal]
+[source,terminal]
 ----
 $ ccoctl aws create-iam-roles --name my-aws-efs --credentials-requests-dir credrequests --identity-provider-arn arn:aws:iam::123456789012:oidc-provider/my-aws-efs-oidc.s3.us-east-2.amazonaws.com
 ----
 +
 .Example output
 +
-[source, terminal]
+[source,terminal]
 ----
 2022/03/21 06:24:44 Role arn:aws:iam::123456789012:role/my-aws-efs -openshift-cluster-csi-drivers-aws-efs-cloud- created
 2022/03/21 06:24:44 Saved credentials configuration to: /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
 2022/03/21 06:24:45 Updated Role policy for Role my-aws-efs-openshift-cluster-csi-drivers-aws-efs-cloud-
 ----
 
-. Create the AWS EFS cloud credentials and secret:
-+
-[source, terminal]
-----
-$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-+
-.Example
-+
-[source, terminal]
-----
-$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
-----
-+
-.Example output
+. Copy the role ARN from the first line of the _Example output_ in the preceding step. The role ARN is between "Role" and "created". In this example, the role ARN is "arn:aws:iam::123456789012:role/my-aws-efs -openshift-cluster-csi-drivers-aws-efs-cloud".
 +
-[source, terminal]
-----
-secret/aws-efs-cloud-credentials created
-----
+You will need the role ARN when you install the AWS EFS CSI Driver Operator.
+
+.Next steps
+
+//??the below step not needed for 4.14? ???
+//. Create the AWS EFS cloud credentials and secret:
+//+
+//[source, terminal]
+//----
+//$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
+//----
+//+
+//.Example
+//+
+//[source, terminal]
+//----
+//$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
+//----
+//+
+//.Example output
+//+
+//[source, terminal]
+//----
+//secret/aws-efs-cloud-credentials created
+//----
\ No newline at end of file
diff --git a/modules/persistent-storage-csi-efs-troubleshooting.adoc b/modules/persistent-storage-csi-efs-troubleshooting.adoc
index 6dd7ae303a1c..81ee9943a34e 100644
--- a/modules/persistent-storage-csi-efs-troubleshooting.adoc
+++ b/modules/persistent-storage-csi-efs-troubleshooting.adoc
@@ -5,15 +5,15 @@
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
 [id="efs-troubleshooting_{context}"]
-= AWS EFS troubleshooting
+= Amazon Elastic File Storage troubleshooting
 
-The following information provides guidance on how to troubleshoot issues with AWS EFS:
+The following information provides guidance on how to troubleshoot issues with Amazon Elastic File Storage (Amazon EFS):
 
 * The AWS EFS Operator and CSI driver run in namespace `openshift-cluster-csi-drivers`.
 
 * To initiate gathering of logs of the AWS EFS Operator and CSI driver, run the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc adm must-gather
 [must-gather      ] OUT Using must-gather plugin-in image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:125f183d13601537ff15b3239df95d47f0a604da2847b561151fedd699f5e3a5
@@ -24,14 +24,14 @@ $ oc adm must-gather
 
 * To show AWS EFS Operator errors, view the `ClusterCSIDriver` status:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get clustercsidriver efs.csi.aws.com -o yaml
 ----
 
 * If a volume cannot be mounted to a pod (as shown in the output of the following command):
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc describe pod
 ...
@@ -43,7 +43,7 @@ $ oc describe pod
 ----
 <1> Warning message indicating volume not mounted.
 +
-This error is frequently caused by AWS dropping packets between an {product-title} node and AWS EFS.
+This error is frequently caused by AWS dropping packets between an {product-title} node and Amazon EFS.
 +
 Check that the following are correct:
 +
diff --git a/modules/persistent-storage-csi-gcp-file-install.adoc b/modules/persistent-storage-csi-gcp-file-install.adoc
index 9b32fe50760d..f3f04748d56e 100644
--- a/modules/persistent-storage-csi-gcp-file-install.adoc
+++ b/modules/persistent-storage-csi-gcp-file-install.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_csi-google_cloud_file.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-olm-operator-install_{context}"]
 = Installing the GCP Filestore CSI Driver Operator
 
diff --git a/modules/persistent-storage-csi-gcp-pd-encrypted-pv.adoc b/modules/persistent-storage-csi-gcp-pd-encrypted-pv.adoc
index d664d50fbcfd..cb35067ea158 100644
--- a/modules/persistent-storage-csi-gcp-pd-encrypted-pv.adoc
+++ b/modules/persistent-storage-csi-gcp-pd-encrypted-pv.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-gcp-pd-encrypted-pv_{context}"]
 = Creating a custom-encrypted persistent volume
 
diff --git a/modules/persistent-storage-csi-google-cloud-file-create-sc.adoc b/modules/persistent-storage-csi-google-cloud-file-create-sc.adoc
index df7d5e6e0059..d5fda4484508 100644
--- a/modules/persistent-storage-csi-google-cloud-file-create-sc.adoc
+++ b/modules/persistent-storage-csi-google-cloud-file-create-sc.adoc
@@ -2,11 +2,11 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-google-cloud-file-create-sc_{context}"]
 = Creating a storage class for GCP Filestore Storage
 
-After installing the Operator, you should create a storage class for dynamic provisioning of Google Compute Platform (GCP) Filestore volumes. 
+After installing the Operator, you should create a storage class for dynamic provisioning of Google Compute Platform (GCP) Filestore volumes.
 
 .Prerequisites
 * You are logged in to the running {product-title} cluster.
@@ -25,18 +25,23 @@ metadata:
   name: filestore-csi
 provisioner: filestore.csi.storage.gke.io
 parameters:
-  network: network-name <1>
+  connect-mode: DIRECT_PEERING <1>
+  network: network-name <2>
 allowVolumeExpansion: true
 volumeBindingMode: WaitForFirstConsumer
 --
-<1> Specify the name of the GCP virtual private cloud (VPC) network where Filestore instances should be created in. 
+<1> For a shared VPC, use the `connect-mode` parameter set to `PRIVATE_SERVICE_ACCESS`. For a non-shared VPC, the value is `DIRECT_PEERING`, which is the default setting.
+<2> Specify the name of the GCP virtual private cloud (VPC) network where Filestore instances should be created in. 
 
 . Specify the name of the VPC network where Filestore instances should be created in.
 +
 It is recommended to specify the VPC network that the Filestore instances should be created in. If no VPC network is specified, the Container Storage Interface (CSI) driver tries to create the instances in the default VPC network of the project.
++
 On IPI installations, the VPC network name is typically the cluster name with the suffix "-network". However, on UPI installations, the VPC network name can be any value chosen by the user.
 +
-You can find out the VPC network name by inspecting the `MachineSets` objects with the following command: 
+For a shared VPC (`connect-mode` = `PRIVATE_SERVICE_ACCESS`), the network needs to be the full VPC name. For example: `projects/shared-vpc-name/global/networks/gcp-filestore-network`.
++
+You can find out the VPC network name by inspecting the `MachineSets` objects with the following command:
 +
 [source, command]
 ----
diff --git a/modules/persistent-storage-csi-google-cloud-file-delete-instances.adoc b/modules/persistent-storage-csi-google-cloud-file-delete-instances.adoc
index d3f50dc4a40d..1bd50f37b61a 100644
--- a/modules/persistent-storage-csi-google-cloud-file-delete-instances.adoc
+++ b/modules/persistent-storage-csi-google-cloud-file-delete-instances.adoc
@@ -2,9 +2,9 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-gcp-cloud-file-delete-instances_{context}"]
-= Destroying clusters and GCP Filestore 
+= Destroying clusters and GCP Filestore
 
 Typically, if you destroy a cluster, the {product-title} installer deletes all of the cloud resources that belong to that cluster. However, when a cluster is destroyed, Google Compute Platform (GCP) Filestore instances are not automatically deleted, so you must manually delete all persistent volume claims (PVCs) that use the Filestore storage class before destroying the cluster.
 
diff --git a/modules/persistent-storage-csi-manila-dynamic-provisioning.adoc b/modules/persistent-storage-csi-manila-dynamic-provisioning.adoc
index 42fc2830b589..b01a8a51ab35 100644
--- a/modules/persistent-storage-csi-manila-dynamic-provisioning.adoc
+++ b/modules/persistent-storage-csi-manila-dynamic-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-manila.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-manila-dynamic-provisioning_{context}"]
 = Dynamically provisioning Manila CSI volumes
 
diff --git a/modules/persistent-storage-csi-manila-limitations.adoc b/modules/persistent-storage-csi-manila-limitations.adoc
index ab2f5dc7c97a..ed50a6b66c49 100644
--- a/modules/persistent-storage-csi-manila-limitations.adoc
+++ b/modules/persistent-storage-csi-manila-limitations.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-manila.adoc
 //
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="persistent-storage-csi-manila-limitations_{context}"]
 = Manila CSI Driver Operator limitations
diff --git a/modules/persistent-storage-csi-migration-automatic-ga.adoc b/modules/persistent-storage-csi-migration-automatic-ga.adoc
index 0e2c76819395..7aa9fd2be809 100644
--- a/modules/persistent-storage-csi-migration-automatic-ga.adoc
+++ b/modules/persistent-storage-csi-migration-automatic-ga.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-migration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-migration-automatic-ga_{context}"]
 = Automatic migration of in-tree volumes to CSI
 
diff --git a/modules/persistent-storage-csi-migration-enable.adoc b/modules/persistent-storage-csi-migration-enable.adoc
index 94e1d48bf483..a95dac9b259c 100644
--- a/modules/persistent-storage-csi-migration-enable.adoc
+++ b/modules/persistent-storage-csi-migration-enable.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-migration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-migration-enable_{context}"]
 = Manually enabling CSI automatic migration
 
diff --git a/modules/persistent-storage-csi-migration-overview-support-level.adoc b/modules/persistent-storage-csi-migration-overview-support-level.adoc
index 4534d68d0692..fe86bf96b695 100644
--- a/modules/persistent-storage-csi-migration-overview-support-level.adoc
+++ b/modules/persistent-storage-csi-migration-overview-support-level.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-migration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-migration-overview-support-level_{context}"]
 = Automatic migration support level
 
diff --git a/modules/persistent-storage-csi-migration-overview.adoc b/modules/persistent-storage-csi-migration-overview.adoc
index d4b6b55795dc..43cfde728668 100644
--- a/modules/persistent-storage-csi-migration-overview.adoc
+++ b/modules/persistent-storage-csi-migration-overview.adoc
@@ -2,11 +2,11 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-migration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-migration-overview_{context}"]
 = Overview
 
-This feature automatically migrates volumes that were provisioned using in-tree storage plugins to their counterpart Container Storage Interface (CSI) drivers. 
+This feature automatically migrates volumes that were provisioned using in-tree storage plugins to their counterpart Container Storage Interface (CSI) drivers.
 
 This process does not perform any data migration; {product-title} only translates the persistent volume object in memory. As a result, the translated persistent volume object is not stored on disk, nor is its contents changed. CSI automatic migration should be seamless. This feature does not change how you use all existing API objects: for example, `PersistentVolumes`, `PersistentVolumeClaims`, and `StorageClasses`.
 
@@ -17,7 +17,7 @@ The following in-tree to CSI drivers are automatically migrated:
 * Amazon Web Services (AWS) Elastic Block Storage (EBS)
 * Google Compute Engine Persistent Disk (GCP PD)
 * Azure File
-* VMware vSphere (see information below for specific migration behavior for vSphere)
+* VMware vSphere
 
 CSI migration for these volume types is considered generally available (GA), and requires no manual intervention.
 
diff --git a/modules/persistent-storage-csi-migration-sc.adoc b/modules/persistent-storage-csi-migration-sc.adoc
index 9859e9b750f3..e86a09ae5d2d 100644
--- a/modules/persistent-storage-csi-migration-sc.adoc
+++ b/modules/persistent-storage-csi-migration-sc.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-migration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-migration-sc-implications_{context}"]
 = Storage class implications
 
diff --git a/modules/persistent-storage-csi-migration-vsphere.adoc b/modules/persistent-storage-csi-migration-vsphere.adoc
index 453f54c48a9b..5afbeb4dc1e0 100644
--- a/modules/persistent-storage-csi-migration-vsphere.adoc
+++ b/modules/persistent-storage-csi-migration-vsphere.adoc
@@ -2,85 +2,50 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-migration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-migration-sc-vsphere_{context}"]
 = vSphere automatic migration
 
 == New installations of {product-title}
 For new installations of {product-title} 4.13, or later, automatic migration is enabled by default.
 
-== Upgrading {product-title}
-When upgrading from {product-title} 4.12, or earlier, to 4.13, automatic CSI migration for vSphere only occurs if you opt in.
+[id="updating-openshift_from_4.13_{context}"]
+== Updating from {product-title} 4.13 to 4.14
+If you are using vSphere in-tree persistent volumes (PVs) and want to update from {product-title} 4.13 to 4.14, update vSphere vCenter and ESXI host to 7.0 Update 3L or 8.0 Update 2, otherwise the {product-title} update is blocked. After updating vSphere, your {product-title} update can occur and automatic migration is enabled by default.
 
-[IMPORTANT]
-====
-Carefully review the following consequences before opting in to migration:
-
-* link:https://access.redhat.com/node/7011683[There are known issues that can occur that can cause the migration to fail].
-
-* Enabling migration cannot be undone.
+Alternatively, if you do not want to update vSphere, you can proceed with an {product-title} update by performing an administrator acknowledgment:
 
-* Migration can take awhile to complete depending on how many nodes are on the cluster.
+[source, cli]
+----
+oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.13-kube-127-vsphere-migration-in-4.14":"true"}}' --type=merge
+----
 
-* Migration is a disruptive process. The Machine Config Operator (MCO) has to update kubelet, which means degrading each node as it rolls out the new MachineConfig to each machine.
+[IMPORTANT]
+====
+If you do *not* update to vSphere 7.0 Update 3L or 8.0 Update 2 and use an administrator acknowledgment to update to {product-title} 4.14, known issues can occur due to CSI migration being enabled by default in {product-title} 4.14. link:https://access.redhat.com/node/7011683[Before proceeding with the administrator acknowledgement, carefully read this knowledge base article].
 ====
 
-=== Using the web console to opt in to automatic CSI migration
-
-==== Prerequisites
-
-* Access to the {product-title} web console.
-
-* Access to the cluster with cluster-admin privileges.
-
-===== Procedure
-
-To opt in to automatic CSI migration for vSphere:
-
-. Log in to the web console.
-
-. Click *Administration* -> *CustomResourceDefinitions*.
-
-. On the *CustomResourceDefinitions* page, type "Storage" to find the `Storage` custom resource (CR).
-
-. Click the *Storage* CR.
-
-. On the *storages.operator.openshift.io* page, click the *Instances* tab.
+[id="updating-openshift_from_4.12_{context}"]
+== Updating from {product-title} 4.12 to 4.14
+If you are using vSphere in-tree persistent volumes (PVs) and want to update from {product-title} 4.12 to 4.14, update vSphere vCenter and ESXI host to 7.0 Update 3L or 8.0 Update 2, otherwise the {product-title} update is blocked. After updating vSphere, your {product-title} update can occur and automatic migration is enabled by default.
 
-. Click the name of the desired instance, and then click the *YAML* tab.
+Alternatively, if you do not want to update vSphere, you can proceed with an {product-title} update by performing an administrator acknowledgment by running *both* of the following commands:
 
-. Set the `spec.vsphereStorageDriver` parameter to `CSIWithMigrationDriver`, as shown in the following example:
-+
-[source, yaml]
+[source, terminal]
 ----
-....
-spec:
-  logLevel: Normal
-  managementState: Managed
-  operatorLogLevel: Normal
-  vsphereStorageDriver: CSIWithMigrationDriver <1>
-...
+oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.12-kube-126-vsphere-migration-in-4.14":"true"}}' --type=merge
 ----
-<1> `spec.vsphereStorageDriver` parameter set to `CSIWithMigrationDriver`
-
-. Click *Save*.
-
-=== Using the CLI to opt in to automatic CSI migration
 
-==== Prerequisites
-
-* Access to the cluster with cluster-admin privileges.
-
-==== Procedure
-
-To opt in to automatic CSI migration for vSphere, run the following command:
-
-[source, cli]
+[source, terminal]
 ----
-oc patch storage cluster --type=merge -p '{"spec":{"vsphereStorageDriver":"CSIWithMigrationDriver"}}'
+oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.13-kube-127-vsphere-migration-in-4.14":"true"}}' --type=merge
 ----
 
-[NOTE]
+[IMPORTANT]
 ====
-You can determine when migration is complete by verifying that the `VSphereMigrationControllerAvailable` condition is set to "true" in the `Storage` object.
+If you do *not* update to vSphere 7.0 Update 3L or 8.0 Update 2 and use an administrator acknowledgment to update to {product-title} 4.14, known issues can occur due to CSI migration being enabled by default in {product-title} 4.14. link:https://access.redhat.com/node/7011683[Before proceeding with the administrator acknowledgement, carefully read this knowledge base article].
 ====
+
+ifndef::openshift-origin[]
+Updating from {product-title} 4.12 to 4.14 is an Extended Update Support (EUS)-to-EUS update. To understand the ramifications for this type of update and how to perform it, see the _EUS-to-EUS update_ link in the _Additional resources_ section below.
+endif::openshift-origin[]
diff --git a/modules/persistent-storage-csi-mysql-example.adoc b/modules/persistent-storage-csi-mysql-example.adoc
index 96decfc0fc49..8128b1f47c05 100644
--- a/modules/persistent-storage-csi-mysql-example.adoc
+++ b/modules/persistent-storage-csi-mysql-example.adoc
@@ -4,7 +4,7 @@
 // * microshift_storage/container_storage_interface_microshift/microshift-persistent-storage-csi.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="csi-example-usage_{context}"]
 = Example using the CSI driver
 
diff --git a/modules/persistent-storage-csi-olm-operator-install.adoc b/modules/persistent-storage-csi-olm-operator-install.adoc
index da7eb466a526..321eb9a9e044 100644
--- a/modules/persistent-storage-csi-olm-operator-install.adoc
+++ b/modules/persistent-storage-csi-olm-operator-install.adoc
@@ -3,11 +3,11 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-csi-aws-efs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-olm-operator-install_{context}"]
 = Installing the {FeatureName} CSI Driver Operator
 
-The {FeatureName} CSI Driver Operator is not installed in {product-title} by default. Use the following procedure to install and configure the {FeatureName} CSI Driver Operator in your cluster.
+The link:https://github.com/openshift/aws-efs-csi-driver-operator[AWS EFS CSI Driver Operator] (a Red Hat operator) is not installed in {product-title} by default. Use the following procedure to install and configure the {FeatureName} CSI Driver Operator in your cluster.
 
 .Prerequisites
 * Access to the {product-title} web console.
@@ -27,16 +27,21 @@ To install the {FeatureName} CSI Driver Operator from the web console:
 +
 [IMPORTANT]
 ====
-Be sure to select the *AWS EFS CSI Driver Operator* and not the *AWS EFS Operator*. The *AWS EFS Operator* is a community Operator and is not supported by Red Hat.
+Be sure to select the *{FeatureName} CSI Driver Operator* and not the *{FeatureName} Operator*. The *{FeatureName} Operator* is a community Operator and is not supported by Red Hat.
 ====
 
 .. On the *{FeatureName} CSI Driver Operator* page, click *Install*.
 
 .. On the *Install Operator* page, ensure that:
 +
+ifdef::openshift-rosa,openshift-enterprise[]
+* If you are using {FeatureName} with AWS Secure Token Service (STS), in the *role ARN* field, enter the ARN role copied from the last step of the _Obtaining a role Amazon Resource Name for Security Token Service_ procedure.
+endif::[]
 * *All namespaces on the cluster (default)* is selected.
 * *Installed Namespace* is set to *openshift-cluster-csi-drivers*.
 
 .. Click *Install*.
 +
 After the installation finishes, the {FeatureName} CSI Operator is listed in the *Installed Operators* section of the web console.
+
+.Next steps
diff --git a/modules/persistent-storage-csi-olm-operator-uninstall.adoc b/modules/persistent-storage-csi-olm-operator-uninstall.adoc
index 5284ed0b2227..8c1f1614454c 100644
--- a/modules/persistent-storage-csi-olm-operator-uninstall.adoc
+++ b/modules/persistent-storage-csi-olm-operator-uninstall.adoc
@@ -4,11 +4,11 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-olm-operator-uninstall_{context}"]
 = Uninstalling the {FeatureName} CSI Driver Operator
 
-All EFS PVs are inaccessible after uninstalling the AWS EFS CSI Driver Operator.
+All EFS PVs are inaccessible after uninstalling the link:https://github.com/openshift/aws-efs-csi-driver-operator[AWS EFS CSI Driver Operator] (a Red Hat operator).
 
 .Prerequisites
 * Access to the {product-title} web console.
@@ -26,7 +26,7 @@ To uninstall the {FeatureName} CSI Driver Operator from the web console:
 
 .. Select each PVC that is in use by the {FeatureName} CSI Driver Operator, click the drop-down menu on the far right of the PVC, and then click *Delete PersistentVolumeClaims*.
 
-. Uninstall the {FeatureName} CSI Driver:
+. Uninstall the https://github.com/openshift/aws-efs-csi-driver[{FeatureName} CSI driver]:
 +
 [NOTE]
 ====
diff --git a/modules/persistent-storage-csi-sc-managing-cli.adoc b/modules/persistent-storage-csi-sc-managing-cli.adoc
index fd8bbf4541ea..4ede7db56355 100644
--- a/modules/persistent-storage-csi-sc-managing-cli.adoc
+++ b/modules/persistent-storage-csi-sc-managing-cli.adoc
@@ -3,7 +3,7 @@
 // * storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-sc-managing-cli_{context}"]
 = Managing the default storage class using the CLI
 
@@ -14,10 +14,10 @@
 
 To manage the storage class using the CLI, run the following command:
 
-[source, terminal]
+[source,terminal]
 ----
 oc patch clustercsidriver $DRIVERNAME --type=merge -p "{\"spec\":{\"storageClassState\":\"${STATE}\"}}" <1>
 ----
-<1> Where `${STATE}` is "Removed" or "Managed" or "Unmanaged". 
+<1> Where `${STATE}` is "Removed" or "Managed" or "Unmanaged".
 +
 Where `$DRIVERNAME` is the provisioner name. You can find the provisioner name by running the command `oc get sc`.
diff --git a/modules/persistent-storage-csi-sc-managing.adoc b/modules/persistent-storage-csi-sc-managing.adoc
index 879547c48e19..64256578a601 100644
--- a/modules/persistent-storage-csi-sc-managing.adoc
+++ b/modules/persistent-storage-csi-sc-managing.adoc
@@ -3,7 +3,7 @@
 // * storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-sc-managing_{context}"]
 = Managing the default storage class using the web console
 
diff --git a/modules/persistent-storage-csi-sc-multiple-none.adoc b/modules/persistent-storage-csi-sc-multiple-none.adoc
index 6ce7d8ffe87c..e76b51e45738 100644
--- a/modules/persistent-storage-csi-sc-multiple-none.adoc
+++ b/modules/persistent-storage-csi-sc-multiple-none.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc
 //
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-sc-multiple-none_{context}"]
 = Absent or multiple default storage classes
 
@@ -14,37 +14,6 @@ There are two possible scenarios where PVCs can attempt to use a non-existent de
 
 * An administrator removes the default storage class or marks it as non-default, and then a user creates a PVC requesting the default storage class.
 
-* During installation, the installer creates a PVC requesting the default storage class, which has not yet been created. 
-
-In the preceding scenarios, the PVCs remain in pending state indefinitely.
-
-{product-title} provides a feature to retroactively assign the default storage class to PVCs, so that they do not remain in the pending state. With this feature enabled, PVCs requesting the default storage class that are created when no default storage classes exists, remain in the pending state until a default storage class is created, or one of the existing storage classes is declared the default. As soon as the default storage class is created or declared, the PVC gets the new default storage class.
-
-:FeatureName: Retroactive default storage class assignment
-include::snippets/technology-preview.adoc[leveloffset=+1]
-
-=== Procedure
-
-To enable retroactive default storage class assignment:
-
-. Enable feature gates (see _Nodes_ → _Working with clusters_ → _Enabling features using feature gates_).
-+
-[IMPORTANT]
-====
-After turning on Technology Preview features using feature gates, they cannot be turned off. As a result, cluster upgrades are prevented.
-====
-+
-The following configuration example enables retroactive default storage class assignment, and all other Technology Preview features:
-+
-[source, yaml]
-----
-apiVersion: config.openshift.io/v1
-kind: FeatureGate
-metadata:
-  name: cluster
-spec:
-  featureSet: TechPreviewNoUpgrade <1>
-...
-----
-<1> Enables retroactive default storage class assignment.
+* During installation, the installer creates a PVC requesting the default storage class, which has not yet been created.
 
+In the preceding scenarios, PVCs remain in the pending state indefinitely. To resolve this situation, create a default storage class or declare one of the existing storage classes as the default. As soon as the default storage class is created or declared, the PVCs get the new default storage class. If possible, the PVCs eventually bind to statically or dynamically provisioned PVs as usual, and move out of the pending state.
\ No newline at end of file
diff --git a/modules/persistent-storage-csi-secrets-store-driver-install.adoc b/modules/persistent-storage-csi-secrets-store-driver-install.adoc
new file mode 100644
index 000000000000..8bc0068e065b
--- /dev/null
+++ b/modules/persistent-storage-csi-secrets-store-driver-install.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc
+//
+
+:_mod-docs-content-type: PROCEDURE
+[id="persistent-storage-csi-secrets-store-driver-install_{context}"]
+= Installing the {secrets-store-driver}
+
+.Prerequisites
+* Access to the {product-title} web console.
+
+* Administrator access to the cluster.
+
+.Procedure
+
+To install the {secrets-store-driver}:
+
+. Install the {secrets-store-operator}:
+.. Log in to the web console.
+.. Click *Operators* → *OperatorHub*.
+.. Locate the {secrets-store-operator} by typing "Secrets Store CSI" in the filter box.
+.. Click the *Secrets Store CSI Driver Operator* button.
+.. On the *Secrets Store CSI Driver Operator* page, click *Install*.
+.. On the *Install Operator* page, ensure that:
++
+* *All namespaces on the cluster (default)* is selected.
+
+* *Installed Namespace* is set to *openshift-cluster-csi-drivers*.
+.. Click *Install*.
++
+After the installation finishes, the {secrets-store-operator} is listed in the *Installed Operators* section of the web console.
+
+. Create the `ClusterCSIDriver` instance for the driver (`secrets-store.csi.k8s.io`):
+.. Click *Administration* -> *CustomResourceDefinitions* -> *ClusterCSIDriver*.
+.. On the *Instances* tab, click *Create ClusterCSIDriver*.
++
+Use the following YAML file:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: ClusterCSIDriver
+metadata:
+    name: secrets-store.csi.k8s.io
+spec:
+  managementState: Managed
+----
+.. Click *Create*.
diff --git a/modules/persistent-storage-csi-secrets-store-driver-overview.adoc b/modules/persistent-storage-csi-secrets-store-driver-overview.adoc
new file mode 100644
index 000000000000..4c670418f1dc
--- /dev/null
+++ b/modules/persistent-storage-csi-secrets-store-driver-overview.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc
+// * nodes/pods/nodes-pods-secrets-store.adoc
+
+ifeval::["{context}" == "persistent-storage-csi-secrets-store"]
+:storage:
+endif::[]
+ifeval::["{context}" == "nodes-pods-secrets-store"]
+:nodes:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
+[id="persistent-storage-csi-secrets-store-driver-overview_{context}"]
+ifdef::storage[]
+= Overview
+endif::storage[]
+ifdef::nodes[]
+= About the {secrets-store-operator}
+endif::nodes[]
+
+Kubernetes secrets are stored with Base64 encoding. etcd provides encryption at rest for these secrets, but when secrets are retrieved, they are decrypted and presented to the user. If role-based access control is not configured properly on your cluster, anyone with API or etcd access can retrieve or modify a secret. Additionally, anyone who is authorized to create a pod in a namespace can use that access to read any secret in that namespace.
+
+To store and manage your secrets securely, you can configure the {product-title} Secrets Store Container Storage Interface (CSI) Driver Operator to mount secrets from an external secret management system, such as Azure Key Vault, by using a provider plugin. Applications can then use the secret, but the secret does not persist on the system after the application pod is destroyed.
+
+The {secrets-store-operator}, `secrets-store.csi.k8s.io`, enables {product-title} to mount multiple secrets, keys, and certificates stored in enterprise-grade external secrets stores into pods as a volume. The {secrets-store-operator} communicates with the provider using gRPC to fetch the mount contents from the specified external secrets store. After the volume is attached, the data in it is mounted into the container's file system. Secrets store volumes are mounted in-line.
+
+ifeval::["{context}" == "persistent-storage-csi-secrets-store"]
+:!storage:
+endif::[]
+ifeval::["{context}" == "nodes-pods-secrets-store"]
+:!nodes:
+endif::[]
diff --git a/modules/persistent-storage-csi-secrets-store-driver-uninstall.adoc b/modules/persistent-storage-csi-secrets-store-driver-uninstall.adoc
new file mode 100644
index 000000000000..6de18c362d27
--- /dev/null
+++ b/modules/persistent-storage-csi-secrets-store-driver-uninstall.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc
+//
+
+:_mod-docs-content-type: PROCEDURE
+[id="persistent-storage-csi-secrets-store-driver-uninstall_{context}"]
+= Uninstalling the {secrets-store-operator}
+
+.Prerequisites
+* Access to the {product-title} web console.
+
+* Administrator access to the cluster.
+
+.Procedure
+
+To uninstall the {secrets-store-operator}:
+
+. Stop all application pods that use the `secrets-store.csi.k8s.io` provider.
+. Remove any third-party provider plug-in for your chosen secret store.
+. Remove the Container Storage Interface (CSI) driver and associated manifests:
+.. Click *Administration* → *CustomResourceDefinitions* → *ClusterCSIDriver*.
+.. On the *Instances* tab, for *secrets-store.csi.k8s.io*, on the far left side, click the drop-down menu, and then click *Delete ClusterCSIDriver*.
+.. When prompted, click *Delete*.
+. Verify that the CSI driver pods are no longer running.
+. Uninstall the {secrets-store-operator}:
++
+[NOTE]
+====
+Before you can uninstall the Operator, you must remove the CSI driver first.
+====
++
+.. Click *Operators* → *Installed Operators*.
+.. On the *Installed Operators* page, scroll or type "Secrets Store CSI" into the *Search by name* box to find the Operator, and then click it.
+.. On the upper, right of the *Installed Operators* > *Operator details* page, click *Actions* → *Uninstall Operator*.
+.. When prompted on the *Uninstall Operator* window, click the *Uninstall* button to remove the Operator from the namespace. Any applications deployed by the Operator on the cluster need to be cleaned up manually.
++
+After uninstalling, the {secrets-store-operator} is no longer listed in the *Installed Operators* section of the web console.
diff --git a/modules/persistent-storage-csi-snapshots-create.adoc b/modules/persistent-storage-csi-snapshots-create.adoc
index a5315cf51d18..909080966f0f 100644
--- a/modules/persistent-storage-csi-snapshots-create.adoc
+++ b/modules/persistent-storage-csi-snapshots-create.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-snapshots-create_{context}"]
 = Creating a volume snapshot
 
diff --git a/modules/persistent-storage-csi-snapshots-delete.adoc b/modules/persistent-storage-csi-snapshots-delete.adoc
index 79e1a49021f5..836be28a71a8 100644
--- a/modules/persistent-storage-csi-snapshots-delete.adoc
+++ b/modules/persistent-storage-csi-snapshots-delete.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
 // * storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
+// * microshift_storage/volume-snapshots-microshift.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-snapshots-delete_{context}"]
 = Deleting a volume snapshot
 
@@ -13,6 +14,7 @@ You can configure how {product-title} deletes volume snapshots.
 . Specify the deletion policy that you require in the `VolumeSnapshotClass` object, as shown in the following example:
 +
 .volumesnapshotclass.yaml
++
 [source,yaml]
 ----
 apiVersion: snapshot.storage.k8s.io/v1
@@ -22,12 +24,12 @@ metadata:
 driver: hostpath.csi.k8s.io
 deletionPolicy: Delete <1>
 ----
+[.small]
 <1> When deleting the volume snapshot, if the `Delete` value is set, the underlying snapshot is deleted along with the `VolumeSnapshotContent` object. If the `Retain` value is set, both the underlying snapshot and `VolumeSnapshotContent` object remain.
   +
 If the `Retain` value is set and the `VolumeSnapshot` object is deleted without deleting the corresponding `VolumeSnapshotContent` object, the content remains. The snapshot itself is also retained in the storage back end.
 
 . Delete the volume snapshot by entering the following command:
-
 +
 [source,terminal]
 ----
@@ -35,10 +37,12 @@ $ oc delete volumesnapshot <volumesnapshot_name>
 ----
 +
 .Example output
-[source, terminal]
++
+[source,terminal]
 ----
 volumesnapshot.snapshot.storage.k8s.io "mysnapshot" deleted
 ----
+
 . If the deletion policy is set to `Retain`, delete the volume snapshot content by entering the following command:
 +
 [source,terminal]
@@ -60,7 +64,8 @@ $ oc patch -n $PROJECT volumesnapshot/$NAME --type=merge -p '{"metadata": {"fina
 ----
 +
 .Example output
-[source, terminal]
++
+[source,terminal]
 ----
 volumesnapshotclass.snapshot.storage.k8s.io "csi-ocs-rbd-snapclass" deleted
 ----
diff --git a/modules/persistent-storage-csi-snapshots-operator.adoc b/modules/persistent-storage-csi-snapshots-operator.adoc
index cef56fb3bcd5..9f5689b3957f 100644
--- a/modules/persistent-storage-csi-snapshots-operator.adoc
+++ b/modules/persistent-storage-csi-snapshots-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-snapshots-operator_{context}"]
 = About the CSI Snapshot Controller Operator
 
diff --git a/modules/persistent-storage-csi-snapshots-overview.adoc b/modules/persistent-storage-csi-snapshots-overview.adoc
index f9399c504abb..3dfcace6dd06 100644
--- a/modules/persistent-storage-csi-snapshots-overview.adoc
+++ b/modules/persistent-storage-csi-snapshots-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-snapshots-overview_{context}"]
 = Overview of CSI volume snapshots
 
diff --git a/modules/persistent-storage-csi-snapshots-restore.adoc b/modules/persistent-storage-csi-snapshots-restore.adoc
index 9a14cf34b915..bf9646c2cc47 100644
--- a/modules/persistent-storage-csi-snapshots-restore.adoc
+++ b/modules/persistent-storage-csi-snapshots-restore.adoc
@@ -2,13 +2,14 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-snapshots-restore_{context}"]
 = Restoring a volume snapshot
 
 The `VolumeSnapshot` CRD content can be used to restore the existing volume to a previous state.
 
 After your `VolumeSnapshot` CRD is bound and the `readyToUse` value is set to `true`, you can use that resource to provision a new volume that is pre-populated with data from the snapshot.
+
 .Prerequisites
 * Logged in to a running {product-title} cluster.
 * A persistent volume claim (PVC) created using a Container Storage Interface (CSI) driver that supports volume snapshots.
diff --git a/modules/persistent-storage-csi-tp-enable.adoc b/modules/persistent-storage-csi-tp-enable.adoc
index f019eefd99f6..41c31242c5de 100644
--- a/modules/persistent-storage-csi-tp-enable.adoc
+++ b/modules/persistent-storage-csi-tp-enable.adoc
@@ -17,7 +17,7 @@ ifeval::["{context}" == "persistent-storage-csi-vsphere"]
 :vsphere:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="csi-tp-enable_{context}"]
 = Enabling the {FeatureName} CSI driver operator
 To enable the {FeatureName} Container Storage Interface (CSI) driver operator, you must enable feature gates with the `TechPreviewNoUpgrade` feature set.
@@ -38,7 +38,7 @@ After turning Technology Preview features on by using feature gates, they cannot
 $ oc get co storage
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 NAME    VERSION                                 AVAILABLE   PROGRESSING DEGRADED   SINCE
 storage 4.10.0-0.nightly-2021-11-15-034648      True        False       False      4m36s
@@ -56,7 +56,7 @@ $ oc get pod -n openshift-cluster-csi-drivers
 ----
 +
 ifdef::vsphere[]
-[source, terminal]
+[source,terminal]
 ----
 NAME                                                    READY   STATUS  RESTARTS    AGE
 vmware-vsphere-csi-driver-controller-5646dbbf54-cnsx7   9/9     Running 0           4h29m
@@ -69,7 +69,7 @@ vmware-vsphere-csi-driver-operator-7c7fc474c-p544t      1/1     Running 0
 ----
 endif::vsphere[]
 ifdef::azure[]
-[source, terminal]
+[source,terminal]
 ----
 NAME                                                    READY   STATUS  RESTARTS    AGE
 azure-disk-csi-driver-controller-5949bf45fd-pm4qb       11/11   Running 0           39m
@@ -83,7 +83,7 @@ azure-disk-csi-driver-operator-7d966fc6c5-x74x5         1/1     Running 0
 ----
 endif::azure[]
 ifdef::azure_file[]
-[source, terminal]
+[source,terminal]
 ----
 NAME                                                    READY   STATUS  RESTARTS    AGE
 azure-file-csi-driver-controller-5949bf45fd-pm4qb       11/11   Running 0           39m
diff --git a/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-overview.adoc b/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-overview.adoc
index ad545f520aee..5d4d7656d8c4 100644
--- a/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-overview.adoc
+++ b/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-overview.adoc
@@ -3,10 +3,10 @@
 // * storage/container_storage_interface/persistent-storage-csi-vol-detach-non-graceful-shutdown.adoc
 //
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-vol-detach-non-graceful-overview_{context}"]
 = Overview
 
 A graceful node shutdown occurs when the kubelet's node shutdown manager detects the upcoming node shutdown action. Non-graceful shutdowns occur when the kubelet does not detect a node shutdown action, which can occur because of system or hardware failures. Also, the kubelet may not detect a node shutdown action when the shutdown command does not trigger the Inhibitor Locks mechanism used by the kubelet on Linux, or because of a user error, for example, if the shutdownGracePeriod and shutdownGracePeriodCriticalPods details are not configured correctly for that node.
 
-With this feature, when a non-graceful node shutdown occurs, you can manually add an `out-of-service` taint on the node to allow volumes to automatically detach from the node. 
\ No newline at end of file
+With this feature, when a non-graceful node shutdown occurs, you can manually add an `out-of-service` taint on the node to allow volumes to automatically detach from the node.
\ No newline at end of file
diff --git a/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-procedure.adoc b/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-procedure.adoc
index d88eed861c13..1d7c2396ce1e 100644
--- a/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-procedure.adoc
+++ b/modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-procedure.adoc
@@ -3,7 +3,7 @@
 // * storage/container_storage_interface/persistent-storage-csi-vol-detach-non-graceful-shutdown.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-csi-vol-detach-non-graceful-shutdown-procedure_{context}"]
 = Adding an out-of-service taint manually for automatic volume detachment
 
@@ -19,7 +19,7 @@ To allow volumes to detach automatically from a node after a non-graceful node s
 
 . Ensure that the node is shutdown by running the following command and checking the status:
 +
-[source, terminal]
+[source,terminal]
 ----
 oc get node <node name> <1>
 ----
@@ -32,7 +32,7 @@ If the node is not completely shut down, do not proceed with tainting the node.
 +
 . Taint the corresponding node object by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 oc adm taint node <node name> node.kubernetes.io/out-of-service=nodeshutdown:NoExecute <1>
 ----
diff --git a/modules/persistent-storage-csi-vol-populator.adoc b/modules/persistent-storage-csi-vol-populator.adoc
index 43e2a4fc60df..9a18114979a7 100644
--- a/modules/persistent-storage-csi-vol-populator.adoc
+++ b/modules/persistent-storage-csi-vol-populator.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/container_storage_interface/persistent-storage-csi.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-csi-vol-populator_{context}"]
 = Volume populators
 
diff --git a/modules/persistent-storage-csi-vsphere-install-issues.adoc b/modules/persistent-storage-csi-vsphere-install-issues.adoc
index b18690a4138c..02735d618f2a 100644
--- a/modules/persistent-storage-csi-vsphere-install-issues.adoc
+++ b/modules/persistent-storage-csi-vsphere-install-issues.adoc
@@ -4,7 +4,7 @@
 //
 
 [id="persistent-storage-csi-vsphere-install-issues_{context}"]
-= Removing a third-party vSphere CSI Operator Driver
+= Removing a third-party vSphere CSI Driver Operator
 
 {product-title} 4.10, and later, includes a built-in version of the vSphere Container Storage Interface (CSI) Operator Driver that is supported by Red Hat. If you have installed a vSphere CSI driver provided by the community or another vendor, updates to the next major version of {product-title}, such as 4.13, or later, might be disabled for your cluster.
 
@@ -31,4 +31,4 @@ To uninstall the third-party vSphere CSI Driver:
 csidriver.storage.k8s.io "csi.vsphere.vmware.com" deleted
 ----
 
-After you have removed the third-party vSphere CSI Driver from the {product-title} cluster, installation of Red Hat's vSphere CSI Operator Driver automatically resumes, and any conditions that could block upgrades to {product-title} 4.11, or later, are automatically removed. If you had existing vSphere CSI PV objects, their lifecycle is now managed by Red Hat's vSphere CSI Operator Driver.
+After you have removed the third-party vSphere CSI Driver from the {product-title} cluster, installation of Red Hat's vSphere CSI Driver Operator automatically resumes, and any conditions that could block upgrades to {product-title} 4.11, or later, are automatically removed. If you had existing vSphere CSI PV objects, their lifecycle is now managed by Red Hat's vSphere CSI Driver Operator.
diff --git a/modules/persistent-storage-csi-vsphere-stor-policy.adoc b/modules/persistent-storage-csi-vsphere-stor-policy.adoc
index 50f5e41d9eac..1d1741a47c8a 100644
--- a/modules/persistent-storage-csi-vsphere-stor-policy.adoc
+++ b/modules/persistent-storage-csi-vsphere-stor-policy.adoc
@@ -6,7 +6,7 @@
 [id="persistent-storage-csi-vsphere-stor-policy_{context}"]
 = vSphere storage policy
 
-The vSphere CSI Operator Driver storage class uses vSphere's storage policy. {product-title} automatically creates a storage policy that targets datastore configured in cloud configuration:
+The vSphere CSI Driver Operator storage class uses vSphere's storage policy. {product-title} automatically creates a storage policy that targets datastore configured in cloud configuration:
 [source,yaml]
 ----
 kind: StorageClass
diff --git a/modules/persistent-storage-csi-vsphere-top-aware-infra-top.adoc b/modules/persistent-storage-csi-vsphere-top-aware-infra-top.adoc
index fce61513becd..8151265534c4 100644
--- a/modules/persistent-storage-csi-vsphere-top-aware-infra-top.adoc
+++ b/modules/persistent-storage-csi-vsphere-top-aware-infra-top.adoc
@@ -23,14 +23,14 @@ For more information about vSphere categories and tags, see the VMware vSphere d
 * Specify the `openshift-zone` and `openshift-region` categories that you created earlier.
 * Set `driverType` to `vSphere`.
 +
-[source, terminal]
+[source,terminal]
 ----
 ~ $ oc edit clustercsidriver csi.vsphere.vmware.com -o yaml
 ----
 +
 .Example output
 +
-[source, terminal]
+[source,terminal]
 ----
 apiVersion: operator.openshift.io/v1
 kind: ClusterCSIDriver
@@ -42,7 +42,7 @@ spec:
   observedConfig: null
   operatorLogLevel: Normal
   unsupportedConfigOverrides: null
-  driverConfig: 
+  driverConfig:
     driverType: vSphere <1>
       vSphere:
         topologyCategories: <2>
@@ -54,14 +54,14 @@ spec:
 
 . Verify that `CSINode` object has topology keys by running the following commands:
 +
-[source, terminal]
+[source,terminal]
 ----
 ~ $ oc get csinode
 ----
 +
 .Example output
 +
-[source, terminal]
+[source,terminal]
 ----
 NAME DRIVERS AGE
 co8-4s88d-infra-2m5vd 1 27m
@@ -73,14 +73,14 @@ co8-4s88d-worker-mbb46 1 47m
 co8-4s88d-worker-zlk7d 1 47m
 ----
 +
-[source, terminal]
+[source,terminal]
 ----
 ~ $ oc get csinode co8-4s88d-worker-j2hmg -o yaml
 ----
 +
 .Example output
 +
-[source, terminal]
+[source,terminal]
 ----
 ...
 spec:
@@ -102,9 +102,9 @@ spec:
 
 . Create a tag to assign to datastores across failure domains:
 +
-When an {product-title} spans more than one failure domain, the datastore might not be shared across those failure domains, which is where topology-aware provisioning of persistent volumes (PVs) is useful. 
+When an {product-title} spans more than one failure domain, the datastore might not be shared across those failure domains, which is where topology-aware provisioning of persistent volumes (PVs) is useful.
 +
-.. In vCenter, create a category for tagging the datastores. For example, `openshift-zonal-datastore-cat`. You can use any other category name, provided the category uniquely is used for tagging datastores participating in {product-title} cluster. Also, ensure that `StoragePod`, `Datastore`, and `Folder` are selected as Associable Entities for the created category. 
+.. In vCenter, create a category for tagging the datastores. For example, `openshift-zonal-datastore-cat`. You can use any other category name, provided the category uniquely is used for tagging datastores participating in {product-title} cluster. Also, ensure that `StoragePod`, `Datastore`, and `Folder` are selected as Associable Entities for the created category.
 .. In vCenter, create a tag that uses the previously created category. This example uses the tag name `openshift-zonal-datastore`.
 .. Assign the previously created tag (in this example `openshift-zonal-datastore`) to each datastore in a failure domain that would be considered for dynamic provisioning.
 +
@@ -119,14 +119,14 @@ You can use any names you like for categories and tags. The names used in this e
 .. Click *CREATE*.
 .. Type a name for the storage policy.
 .. For the rules, choose Tag Placement rules and select the tag and category that targets the desired datastores (in this example, the `openshift-zonal-datastore` tag).
-+ 
++
 The datastores are listed in the storage compatibility table.
 
 . Create a new storage class that uses the new zoned storage policy:
 .. Click *Storage* > *StorageClasses*.
 .. On the *StorageClasses* page, click *Create StorageClass*.
 .. Type a name for the new storage class in *Name*.
-.. Under *Provisioner*, select *csi.vsphere.vmware.com*. 
+.. Under *Provisioner*, select *csi.vsphere.vmware.com*.
 .. Under *Additional parameters*, for the StoragePolicyName parameter, set *Value* to the name of the new zoned storage policy that you created earlier.
 .. Click *Create*.
 +
diff --git a/modules/persistent-storage-csi-vsphere-top-aware-post-install.adoc b/modules/persistent-storage-csi-vsphere-top-aware-post-install.adoc
index 96081f67e2ac..40aa2b8206f8 100644
--- a/modules/persistent-storage-csi-vsphere-top-aware-post-install.adoc
+++ b/modules/persistent-storage-csi-vsphere-top-aware-post-install.adoc
@@ -5,7 +5,7 @@
 
 :content-type: PROCEDURE
 [id="persistent-storage-csi-vsphere-top-aware-post-install_{context}"]
-= Creating vSphere storage topology post-installation
+= Creating vSphere storage topology postinstallation
 
 == Procedure
 . In the VMware vCenter vSphere client GUI, define appropriate zone and region catagories and tags.
@@ -67,4 +67,4 @@ volumeBindingMode: WaitForFirstConsumer
 [NOTE]
 ====
 You can also create the storage class by editing the preceding YAML file and running the command `oc create -f $FILE`.
-====
\ No newline at end of file
+====
diff --git a/modules/persistent-storage-csi-vsphere-top-aware-results.adoc b/modules/persistent-storage-csi-vsphere-top-aware-results.adoc
index 1e56d38db94b..b97cec2e94fc 100644
--- a/modules/persistent-storage-csi-vsphere-top-aware-results.adoc
+++ b/modules/persistent-storage-csi-vsphere-top-aware-results.adoc
@@ -9,14 +9,14 @@
 
 Creating persistent volume claims (PVCs) and PVs from the topology aware storage class are truly zonal, and should use the datastore in their respective zone depending on how pods are scheduled:
 
-[source, terminal]
+[source,terminal]
 ----
 ~ $ oc get pv <pv-name> -o yaml
 ----
 
 .Example output
 
-[source, terminal]
+[source,terminal]
 ----
 ...
 nodeAffinity:
@@ -24,7 +24,7 @@ nodeAffinity:
     nodeSelectorTerms:
     - matchExpressions:
       - key: topology.csi.vmware.com/openshift-zone <1>
-        operator: In 
+        operator: In
         values:
         - <openshift-zone>
       -key: topology.csi.vmware.com/openshift-region <1>
diff --git a/modules/persistent-storage-efs-csi-driver-operator-setup.adoc b/modules/persistent-storage-efs-csi-driver-operator-setup.adoc
index b8604eb648cf..86f59b7796af 100644
--- a/modules/persistent-storage-efs-csi-driver-operator-setup.adoc
+++ b/modules/persistent-storage-efs-csi-driver-operator-setup.adoc
@@ -3,14 +3,20 @@
 // * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
 // * storage/container_storage_interface/osd-persistent-storage-csi-aws-efs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-efs-csi-driver-operator-setup_{context}"]
 = Setting up the {FeatureName} CSI Driver Operator
 
-. Install the {FeatureName} CSI Driver Operator.
+. Install the link:https://github.com/openshift/aws-efs-csi-driver-operator[{FeatureName} CSI Driver Operator] (a Red Hat operator).
 
 ifdef::openshift-rosa[]
-. If you are using {FeatureName} with AWS Secure Token Service (STS), configure the {FeatureName} CSI Driver with STS.
+. If you are using Amazon Elastic File Storage (Amazon EFS) with AWS Secure Token Service (STS), configure the https://github.com/openshift/aws-efs-csi-driver[{FeatureName} CSI driver] with STS.
 endif::openshift-rosa[]
 
+ifdef::openshift-rosa,openshift-enterprise[]
+. If you are using {FeatureName} with AWS Secure Token Service (STS), obtain a role Amazon Resource Name (ARN) for STS. This is required for installing the {FeatureName} CSI Driver Operator.
+endif::[]
+
+. Install the {FeatureName} CSI Driver Operator.
+
 . Install the {FeatureName} CSI Driver.
diff --git a/modules/persistent-storage-flexvolume-consuming.adoc b/modules/persistent-storage-flexvolume-consuming.adoc
index a221aab6cdc6..c5190a5e2810 100644
--- a/modules/persistent-storage-flexvolume-consuming.adoc
+++ b/modules/persistent-storage-flexvolume-consuming.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent-storage-flexvolume.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="flexvolume-driver-consuming_{context}"]
 = Consuming storage using FlexVolume drivers
 
diff --git a/modules/persistent-storage-flexvolume-drivers.adoc b/modules/persistent-storage-flexvolume-drivers.adoc
index fa40b6a71a91..be4eb50d1a95 100644
--- a/modules/persistent-storage-flexvolume-drivers.adoc
+++ b/modules/persistent-storage-flexvolume-drivers.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent-storage-flexvolume.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="flexvolume-drivers_{context}"]
 = About FlexVolume drivers
 
diff --git a/modules/persistent-storage-flexvolume-installing.adoc b/modules/persistent-storage-flexvolume-installing.adoc
index 8e0d4f681df0..8f07dc7b8b46 100644
--- a/modules/persistent-storage-flexvolume-installing.adoc
+++ b/modules/persistent-storage-flexvolume-installing.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent-storage-flexvolume.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="flexvolume-installing_{context}"]
 
 = Installing FlexVolume drivers
diff --git a/modules/persistent-storage-hostpath-about.adoc b/modules/persistent-storage-hostpath-about.adoc
index bb24f346b948..d283fbb93f5e 100644
--- a/modules/persistent-storage-hostpath-about.adoc
+++ b/modules/persistent-storage-hostpath-about.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-hostpath.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="persistent-storage-hostpath-about_{context}"]
 = Overview
 
diff --git a/modules/persistent-storage-hostpath-pod.adoc b/modules/persistent-storage-hostpath-pod.adoc
index 27010fdc8d76..9dc5b8b5c59e 100644
--- a/modules/persistent-storage-hostpath-pod.adoc
+++ b/modules/persistent-storage-hostpath-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-hostpath.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-hostpath-pod_{context}"]
 = Mounting the hostPath share in a privileged pod
 
diff --git a/modules/persistent-storage-hostpath-static-provisioning.adoc b/modules/persistent-storage-hostpath-static-provisioning.adoc
index 9ea99cc82b75..120ad03d2b12 100644
--- a/modules/persistent-storage-hostpath-static-provisioning.adoc
+++ b/modules/persistent-storage-hostpath-static-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-hostpath.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="hostpath-static-provisioning_{context}"]
 = Statically provisioning hostPath volumes
 
@@ -33,7 +33,7 @@ A pod that uses a hostPath volume must be referenced by manual (static) provisio
 <1> The name of the volume. This name is how it is identified by persistent volume claims or pods.
 <2> Used to bind persistent volume claim requests to this persistent volume.
 <3> The volume can be mounted as `read-write` by a single node.
-<4> The configuration file specifies that the volume is at `/mnt/data` on the cluster's node. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system. It is safe to mount the host by using `/host`. 
+<4> The configuration file specifies that the volume is at `/mnt/data` on the cluster's node. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system. It is safe to mount the host by using `/host`.
 
 . Create the PV from the file:
 +
diff --git a/modules/persistent-storage-local-create-cr-manual.adoc b/modules/persistent-storage-local-create-cr-manual.adoc
index 75191bbbe245..97186ea10534 100644
--- a/modules/persistent-storage-local-create-cr-manual.adoc
+++ b/modules/persistent-storage-local-create-cr-manual.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-create-cr-manual_{context}"]
 = Provisioning local volumes without the Local Storage Operator
 
diff --git a/modules/persistent-storage-local-create-cr.adoc b/modules/persistent-storage-local-create-cr.adoc
index bd409e8beb48..b8bb920a5e23 100644
--- a/modules/persistent-storage-local-create-cr.adoc
+++ b/modules/persistent-storage-local-create-cr.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-volume-cr_{context}"]
 = Provisioning local volumes by using the Local Storage Operator
 
@@ -46,27 +46,29 @@ spec:
           - ip-10-0-164-33
   storageClassDevices:
     - storageClassName: "local-sc" <3>
-      volumeMode: Filesystem <4>
-      fsType: xfs <5>
-      devicePaths: <6>
-        - /path/to/device <7>
+      forceWipeDevicesAndDestroyAllData: false <4>
+      volumeMode: Filesystem <5>
+      fsType: xfs <6>
+      devicePaths: <7>
+        - /path/to/device <8>
 ----
 <1> The namespace where the Local Storage Operator is installed.
 <2> Optional: A node selector containing a list of nodes where the local storage volumes are attached. This example uses the node hostnames, obtained from `oc get node`. If a value is not defined, then the Local Storage Operator will attempt to find matching disks on all available nodes.
 <3> The name of the storage class to use when creating persistent volume objects. The Local Storage Operator automatically creates the storage class if it does not exist. Be sure to use a storage class that uniquely identifies this set of local volumes.
-<4> The volume mode, either `Filesystem` or `Block`, that defines the type of local volumes.
+<4> This setting defines whether or not to call `wipefs`, which removes partition table signatures (magic strings) making the disk ready to use for Local Storage Operator (LSO) provisioning. No other data besides signatures is erased. The default is "false" (`wipefs` is not invoked). Setting `forceWipeDevicesAndDestroyAllData` to "true" can be useful in scenarios where previous data can remain on disks that need to be re-used. In these scenarios, setting this field to true eliminates the need for administrators to erase the disks manually. Such cases can include single-node OpenShift (SNO) cluster environments where a node can be redeployed multiple times or when using OpenShift Data Foundation (ODF), where previous data can remain on the disks planned to be consumed as object storage devices (OSDs).
+<5> The volume mode, either `Filesystem` or `Block`, that defines the type of local volumes.
 +
 [NOTE]
 ====
 A raw block volume (`volumeMode: Block`) is not formatted with a file system. Use this mode only if any application running on the pod can use raw block devices.
 ====
-<5> The file system that is created when the local volume is mounted for the first time.
-<6> The path containing a list of local storage devices to choose from.
-<7> Replace this value with your actual local disks filepath to the `LocalVolume` resource `by-id`, such as `/dev/disk/by-id/wwn`. PVs are created for these local disks when the provisioner is deployed successfully.
+<6> The file system that is created when the local volume is mounted for the first time.
+<7> The path containing a list of local storage devices to choose from.
+<8> Replace this value with your actual local disks filepath to the `LocalVolume` resource `by-id`, such as `/dev/disk/by-id/wwn`. PVs are created for these local disks when the provisioner is deployed successfully.
 +
 [NOTE]
 ====
-If you are running {product-title} on {ibmzProductName} with {op-system-base} KVM, you must assign a serial number to your VM disk. Otherwise, the VM disk can not be identified after reboot. You can use the `virsh edit <VM>` command to add the `<serial>mydisk</serial>` definition.
+If you are running {product-title} with {op-system-base} KVM, you must assign a serial number to your VM disk. Otherwise, the VM disk can not be identified after reboot. You can use the `virsh edit <VM>` command to add the `<serial>mydisk</serial>` definition.
 ====
 --
 +
@@ -90,20 +92,22 @@ spec:
           - ip-10-0-144-180
   storageClassDevices:
     - storageClassName: "localblock-sc" <3>
-      volumeMode: Block <4>
-      devicePaths: <5>
-        - /path/to/device <6>
+      forceWipeDevicesAndDestroyAllData: false <4>
+      volumeMode: Block <5>
+      devicePaths: <6>
+        - /path/to/device <7>
 ----
 <1> The namespace where the Local Storage Operator is installed.
 <2> Optional: A node selector containing a list of nodes where the local storage volumes are attached. This example uses the node hostnames, obtained from `oc get node`. If a value is not defined, then the Local Storage Operator will attempt to find matching disks on all available nodes.
 <3> The name of the storage class to use when creating persistent volume objects.
-<4> The volume mode, either `Filesystem` or `Block`, that defines the type of local volumes.
-<5> The path containing a list of local storage devices to choose from.
-<6> Replace this value with your actual local disks filepath to the `LocalVolume` resource `by-id`, such as `dev/disk/by-id/wwn`. PVs are created for these local disks when the provisioner is deployed successfully.
+<4> This setting defines whether or not to call `wipefs`, which removes partition table signatures (magic strings) making the disk ready to use for Local Storage Operator (LSO) provisioning. No other data besides signatures is erased. The default is "false" (`wipefs` is not invoked). Setting `forceWipeDevicesAndDestroyAllData` to "true" can be useful in scenarios where previous data can remain on disks that need to be re-used. In these scenarios, setting this field to true eliminates the need for administrators to erase the disks manually. Such cases can include single-node OpenShift (SNO) cluster environments where a node can be redeployed multiple times or when using OpenShift Data Foundation (ODF), where previous data can remain on the disks planned to be consumed as object storage devices (OSDs).
+<5> The volume mode, either `Filesystem` or `Block`, that defines the type of local volumes.
+<6> The path containing a list of local storage devices to choose from.
+<7> Replace this value with your actual local disks filepath to the `LocalVolume` resource `by-id`, such as `dev/disk/by-id/wwn`. PVs are created for these local disks when the provisioner is deployed successfully.
 +
 [NOTE]
 ====
-If you are running {product-title} on {ibmzProductName} with {op-system-base} KVM, you must assign a serial number to your VM disk. Otherwise, the VM disk can not be identified after reboot. You can use the `virsh edit <VM>` command to add the `<serial>mydisk</serial>` definition.
+If you are running {product-title} with {op-system-base} KVM, you must assign a serial number to your VM disk. Otherwise, the VM disk can not be identified after reboot. You can use the `virsh edit <VM>` command to add the `<serial>mydisk</serial>` definition.
 ====
 
 . Create the local volume resource in your {product-title} cluster. Specify the file you just created:
diff --git a/modules/persistent-storage-local-discovery.adoc b/modules/persistent-storage-local-discovery.adoc
index e0ef7f8a9296..6765cbc6444d 100644
--- a/modules/persistent-storage-local-discovery.adoc
+++ b/modules/persistent-storage-local-discovery.adoc
@@ -2,26 +2,25 @@
 //
 // storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-storage-discovery_{context}"]
 = Automating discovery and provisioning for local storage devices
 
 The Local Storage Operator automates local storage discovery and provisioning. With this feature, you can simplify installation when dynamic provisioning is not available during deployment, such as with bare metal, VMware, or AWS store instances with attached devices.
 
+:FeatureName: Automatic discovery and provisioning
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
 [IMPORTANT]
 ====
-Automatic discovery and provisioning is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
-
-However, automatic discovery and provisioning is fully supported when used to deploy {rh-storage-first} on bare metal.
-
-For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
+Automatic discovery and provisioning is fully supported when used to deploy {rh-storage-first} on-premise or with platform-agnostic deployment.
 ====
 
 Use the following procedure to automatically discover local devices, and to automatically provision local volumes for selected devices.
 
 [WARNING]
 ====
-Use the `LocalVolumeSet` object with caution. When you automatically provision persistent volumes (PVs) from local disks, the local PVs might claim all devices that match. If you are using a `LocalVolumeSet` object, make sure the Local Storage Operator is the only entity managing local devices on the node.
+Use the `LocalVolumeSet` object with caution. When you automatically provision persistent volumes (PVs) from local disks, the local PVs might claim all devices that match. If you are using a `LocalVolumeSet` object, make sure the Local Storage Operator is the only entity managing local devices on the node. Creating multiple instances of a `LocalVolumeSet` that target a node more than once is not supported.
 ====
 
 .Prerequisites
diff --git a/modules/persistent-storage-local-install.adoc b/modules/persistent-storage-local-install.adoc
index ff153a33228a..b108bf1c6f9d 100644
--- a/modules/persistent-storage-local-install.adoc
+++ b/modules/persistent-storage-local-install.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-storage-install_{context}"]
 = Installing the Local Storage Operator
 
@@ -36,7 +36,7 @@ $ oc annotate namespace openshift-local-storage openshift.io/node-selector=''
 
 . Optional: Allow local storage to run on the management pool of CPUs in single-node deployment.
 +
-Use the Local Storage Operator in single-node deployments and allow the use of CPUs that belong to the `managment` pool. Perform this step on single-node installations that use management workload partitioning.
+Use the Local Storage Operator in single-node deployments and allow the use of CPUs that belong to the `management` pool. Perform this step on single-node installations that use management workload partitioning.
 +
 To allow Local Storage Operator to run on the management CPU pool, run following commands:
 +
@@ -68,15 +68,6 @@ Once finished, the Local Storage Operator will be listed in the *Installed Opera
 .From the CLI
 . Install the Local Storage Operator from the CLI.
 
-.. Run the following command to get the {product-title} major and minor version. It is required for the `channel` value in the next
-step.
-+
-[source,terminal]
-----
-$ OC_VERSION=$(oc version -o yaml | grep openshiftVersion | \
-    grep -o '[0-9]*[.][0-9]*' | head -1)
-----
-
 .. Create an object YAML file to define an Operator group and subscription for the Local Storage Operator,
 such as `openshift-local-storage.yaml`:
 +
@@ -98,7 +89,7 @@ metadata:
   name: local-storage-operator
   namespace: openshift-local-storage
 spec:
-  channel: "${OC_VERSION}"
+  channel: stable
   installPlanApproval: Automatic <1>
   name: local-storage-operator
   source: redhat-operators
diff --git a/modules/persistent-storage-local-pod.adoc b/modules/persistent-storage-local-pod.adoc
index c71b7e4aa549..e90374eb7bee 100644
--- a/modules/persistent-storage-local-pod.adoc
+++ b/modules/persistent-storage-local-pod.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-pod_{context}"]
 = Attach the local claim
 
@@ -23,15 +23,16 @@ declares the persistent volume claim inside a pod:
 apiVersion: v1
 kind: Pod
 spec:
-  ...
+# ...
   containers:
     volumeMounts:
     - name: local-disks <1>
       mountPath: /data <2>
   volumes:
-  - name: localpvc
+  - name: local-disks
     persistentVolumeClaim:
       claimName: local-pvc-name <3>
+# ...
 ----
 <1> The name of the volume to mount.
 <2> The path inside the pod where the volume is mounted. Do not mount to the container root, `/`, or any path that is the same in the host and the container. This can corrupt your host system if the container is sufficiently privileged, such as the host `/dev/pts` files. It is safe to mount the host by using `/host`.
diff --git a/modules/persistent-storage-local-pvc.adoc b/modules/persistent-storage-local-pvc.adoc
index 61945efb5822..b77b7b4ef117 100644
--- a/modules/persistent-storage-local-pvc.adoc
+++ b/modules/persistent-storage-local-pvc.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-local-pvc_{context}"]
 = Creating the local volume persistent volume claim
 
diff --git a/modules/persistent-storage-local-removing-devices.adoc b/modules/persistent-storage-local-removing-devices.adoc
index 2d0ae8040f06..d10a613d34fa 100644
--- a/modules/persistent-storage-local-removing-devices.adoc
+++ b/modules/persistent-storage-local-removing-devices.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-removing-device_{context}"]
 = Removing a local volume or local volume set
 
@@ -42,38 +42,15 @@ $ oc edit localvolume <name> -n openshift-local-storage
 $ oc delete pv <pv-name>
 ----
 
-. Delete any symlinks on the node.
+. Delete directory and included symlinks on the node.
 +
 [WARNING]
 ====
 The following step involves accessing a node as the root user. Modifying the state of the node beyond the steps in this procedure could result in cluster instability.
 ====
 +
-.. Create a debug pod on the node:
-+
-[source,terminal]
-----
-$ oc debug node/<node-name>
-----
-
-.. Change your root directory to `/host`:
-+
-[source,terminal]
-----
-$ chroot /host
-----
-
-.. Navigate to the directory containing the local volume symlinks.
-+
 [source,terminal]
 ----
-$ cd /mnt/openshift-local-storage/<sc-name> <1>
+$ oc debug node/<node-name> -- chroot /host rm -rf /mnt/local-storage/<sc-name> <1>
 ----
 <1> The name of the storage class used to create the local volumes.
-
-.. Delete the symlink belonging to the removed device.
-+
-[source,terminal]
-----
-$ rm <symlink>
-----
diff --git a/modules/persistent-storage-local-tolerations.adoc b/modules/persistent-storage-local-tolerations.adoc
index 773d29b71f42..e53c6ac042b5 100644
--- a/modules/persistent-storage-local-tolerations.adoc
+++ b/modules/persistent-storage-local-tolerations.adoc
@@ -2,7 +2,7 @@
 //
 // storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-tolerations_{context}"]
 = Using tolerations with Local Storage Operator pods
 
diff --git a/modules/persistent-storage-local-uninstall-operator.adoc b/modules/persistent-storage-local-uninstall-operator.adoc
index 6fcae746be98..ffd786b30b56 100644
--- a/modules/persistent-storage-local-uninstall-operator.adoc
+++ b/modules/persistent-storage-local-uninstall-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-local.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="local-storage-uninstall_{context}"]
 = Uninstalling the Local Storage Operator
 
diff --git a/modules/persistent-storage-rhv.adoc b/modules/persistent-storage-rhv.adoc
deleted file mode 100644
index f60611b11173..000000000000
--- a/modules/persistent-storage-rhv.adoc
+++ /dev/null
@@ -1,75 +0,0 @@
-:_content-type: PROCEDURE
-[id="persistent-storage-rhv_{context}"]
-= Creating a persistent volume on RHV
-
-When you create a `PersistentVolumeClaim` (PVC) object, {product-title} provisions a new persistent volume (PV) and creates a `PersistentVolume` object.
-
-.Prerequisites
-* You are logged in to a running {product-title} cluster.
-* You provided the correct {rh-virtualization} credentials in  `ovirt-credentials` secret.
-* You have installed the oVirt CSI driver.
-* You have defined at least one storage class.
-
-.Procedure
-
-* If you are using the web console to dynamically create a persistent volume on {rh-virtualization}:
-+
-. In the {product-title} console, click *Storage* -> *Persistent Volume Claims*.
-. In the persistent volume claims overview, click *Create Persistent Volume Claim*.
-. Define the required options on the resulting page.
-. Select the appropriate `StorageClass` object, which is `ovirt-csi-sc` by default.
-. Enter a unique name for the storage claim.
-. Select the access mode. Currently, RWO (ReadWriteOnce) is the only supported access mode.
-. Define the size of the storage claim.
-. Select the Volume Mode:
-+
-`Filesystem`: Mounted into pods as a directory. This mode is the default.
-+
-`Block`: Block device, without any file system on it
-+
-. Click *Create* to create the `PersistentVolumeClaim` object and generate a `PersistentVolume` object.
-
-* If you are using the command-line interface (CLI) to dynamically create a {rh-virtualization} CSI volume:
-+
-. Create and save a file with the `PersistentVolumeClaim` object described by the following sample YAML:
-+
-.pvc-ovirt.yaml
-[source,yaml]
-----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-ovirt
-spec:
-  storageClassName: ovirt-csi-sc <1>
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: <volume size>  <2>
-  volumeMode: <volume mode> <3>
-----
-<1> Name of the required storage class.
-<2> Volume size in GiB.
-<3> Supported options:
-    ** `Filesystem`: Mounted into pods as a directory. This mode is the default.
-    ** `Block`: Block device, without any file system on it.
-+
-. Create the object you saved in the previous step by running the following command:
-+
-----
-$ oc create -f pvc-ovirt.yaml
-----
-+
-. To verify that the volume was created and is ready, run the following command:
-+
-----
-$ oc get pvc pvc-ovirt
-----
-+
-The `pvc-ovirt` shows that it is Bound.
-
-[NOTE]
-====
-If you need to update the Operator credentials, see the instructions in link:https://access.redhat.com/solutions/6115581[How to modify the RHV credentials in OCP 4].
-====
diff --git a/modules/persistent-storage-vsphere-backup.adoc b/modules/persistent-storage-vsphere-backup.adoc
index 1e1e562e93fe..42d693aea829 100644
--- a/modules/persistent-storage-vsphere-backup.adoc
+++ b/modules/persistent-storage-vsphere-backup.adoc
@@ -8,7 +8,7 @@
 // * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-pv-backup_{context}"]
 = Backing up VMware vSphere volumes
 
diff --git a/modules/persistent-storage-vsphere-dynamic-provisioning-cli.adoc b/modules/persistent-storage-vsphere-dynamic-provisioning-cli.adoc
index 195baf393a3f..dae9df7e2d17 100644
--- a/modules/persistent-storage-vsphere-dynamic-provisioning-cli.adoc
+++ b/modules/persistent-storage-vsphere-dynamic-provisioning-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-dynamic-provisioning-cli_{context}"]
 = Dynamically provisioning VMware vSphere volumes using the CLI
 
@@ -33,7 +33,7 @@ spec:
 <2> The access mode of the persistent volume claim. With `ReadWriteOnce`, the volume can be mounted with read and write permissions by a single node.
 <3> The size of the persistent volume claim.
 
-. Create the `PersistentVolumeClaim` object from the file:
+. Enter the following command to create the `PersistentVolumeClaim` object from the file:
 +
 [source,terminal]
 ----
diff --git a/modules/persistent-storage-vsphere-dynamic-provisioning.adoc b/modules/persistent-storage-vsphere-dynamic-provisioning.adoc
index 118d61e5cda8..79d92e297d9e 100644
--- a/modules/persistent-storage-vsphere-dynamic-provisioning.adoc
+++ b/modules/persistent-storage-vsphere-dynamic-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-dynamic-provisioning_{context}"]
 = Dynamically provisioning VMware vSphere volumes using the UI
 
diff --git a/modules/persistent-storage-vsphere-static-provisioning.adoc b/modules/persistent-storage-vsphere-static-provisioning.adoc
index cc3bef7ab33f..0a2d303c8d7b 100644
--- a/modules/persistent-storage-vsphere-static-provisioning.adoc
+++ b/modules/persistent-storage-vsphere-static-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-static-provisioning_{context}"]
 = Statically provisioning VMware vSphere volumes
 
diff --git a/modules/pod-disruption-eviction-policy.adoc b/modules/pod-disruption-eviction-policy.adoc
index 3e293cb1aaab..84e02d703c9b 100644
--- a/modules/pod-disruption-eviction-policy.adoc
+++ b/modules/pod-disruption-eviction-policy.adoc
@@ -4,7 +4,7 @@
 // * nodes/nodes-cluster-pods-configuring
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pod-disruption-eviction-policy_{context}"]
 = Specifying the eviction policy for unhealthy pods
 
@@ -15,15 +15,10 @@ You can choose one of the following policies:
 IfHealthyBudget:: Running pods that are not yet healthy can be evicted only if the guarded application is not disrupted.
 
 AlwaysAllow:: Running pods that are not yet healthy can be evicted regardless of whether the criteria in the pod disruption budget is met. This policy can help evict malfunctioning applications, such as ones with pods stuck in the `CrashLoopBackOff` state or failing to report the `Ready` status.
-
-:FeatureName: Specifying the unhealthy pod eviction policy for pod disruption budgets
-include::snippets/technology-preview.adoc[]
-
-To use this Technology Preview feature, you must have enabled the `TechPreviewNoUpgrade` feature set.
-
-[WARNING]
++
+[NOTE]
 ====
-Enabling the `TechPreviewNoUpgrade` feature set on your cluster cannot be undone and prevents minor version updates. You should not enable this feature set on production clusters.
+It is recommended to set the `unhealthyPodEvictionPolicy` field to `AlwaysAllow` in the `PodDisruptionBudget` object to support the eviction of misbehaving applications during a node drain. The default behavior is to wait for the application pods to become healthy before the drain can proceed.
 ====
 
 .Procedure
diff --git a/modules/policy-incident.adoc b/modules/policy-incident.adoc
index 85890abca101..5b8d2fbbd241 100644
--- a/modules/policy-incident.adoc
+++ b/modules/policy-incident.adoc
@@ -41,7 +41,7 @@ The following activities can trigger notifications:
 
 [id="backup-recovery_{context}"]
 == Backup and recovery
-All {product-title} clusters are backed up using cloud provider snapshots. Notably, this does not include customer data stored on persistent volumes. All snapshots are taken using the appropriate cloud provider snapshot APIs and are uploaded to a secure object storage bucket (S3 in AWS, and GCS in Google Cloud) in the same account as the cluster.
+All {product-title} clusters are backed up using cloud provider snapshots. Notably, this does not include customer data stored on persistent volumes (PVs). All snapshots are taken using the appropriate cloud provider snapshot APIs and are uploaded to a secure object storage bucket (S3 in AWS, and GCS in Google Cloud) in the same account as the cluster.
 
 //Verify if the corresponding tables in rosa-sdpolicy-platform.adoc and rosa-policy-incident.adoc also need to be updated.
 
@@ -53,10 +53,10 @@ All {product-title} clusters are backed up using cloud provider snapshots. Notab
 |Retention
 |Notes
 
-.2+|Full object store backup, all cluster persistent volumes (PVs)
+.2+|Full object store backup
 |Daily
 |7 days
-.2+|This is a full backup of all Kubernetes objects like etcd, as well as all PVs in the cluster.
+.2+|This is a full backup of all Kubernetes objects like etcd. No PVs are backed up in this backup schedule.
 
 |Weekly
 |30 days
diff --git a/modules/policy-responsibilities.adoc b/modules/policy-responsibilities.adoc
index 00080c03b2b0..49abfbd77a3d 100644
--- a/modules/policy-responsibilities.adoc
+++ b/modules/policy-responsibilities.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_architecture/osd_policy/policy-responsibility-matrix.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="policy-responsibilities_{context}"]
 = Overview of responsibilities for {product-title}
 
diff --git a/modules/policy-security-regulation-compliance.adoc b/modules/policy-security-regulation-compliance.adoc
index c5d0648a7905..9921f13392b2 100644
--- a/modules/policy-security-regulation-compliance.adoc
+++ b/modules/policy-security-regulation-compliance.adoc
@@ -27,7 +27,7 @@ Red Hat performs periodic vulnerability scanning of {product-title} using indust
 [id="firewall_{context}"]
 === Firewall and DDoS protection
 Each {product-title} cluster is protected by a secure network configuration at the cloud infrastructure level using firewall rules (AWS Security Groups or Google Cloud Compute Engine firewall rules). {product-title} customers on AWS are also protected against DDoS attacks with link:https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html[AWS Shield Standard].
-
+Similarly, all GCP load balancers and public IP addresses used by {product-title} on GCP are protected against DDoS attacks with link:https://cloud.google.com/armor/docs/managed-protection-overview[Google Cloud Armor Standard].
 [id="private-clusters_{context}"]
 === Private clusters and network connectivity
 Customers can optionally configure their {product-title} cluster endpoints (web console, API, and application router) to be made private so that the cluster control plane or applications are not accessible from the Internet.
@@ -56,7 +56,9 @@ Any issues that are discovered are prioritized based on severity. Any issues fou
 .Security and control certifications for {product-title}
 [cols= "3,3,3",options="header"]
 |===
-| Certification | {product-title} on AWS | {product-title} on GCP
+| Compliance | {product-title} on AWS | {product-title} on GCP
+
+| HIPAA Qualified | Yes (Only Customer Cloud Subscriptions) | Yes (Only Customer Cloud Subscriptions)
 
 | ISO 27001 | Yes | Yes
 
diff --git a/modules/post-install-edge-aws-extend-cluster.adoc b/modules/post-install-edge-aws-extend-cluster.adoc
new file mode 100644
index 000000000000..e4995886de24
--- /dev/null
+++ b/modules/post-install-edge-aws-extend-cluster.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="post-install-edge-aws-extend-cluster_{context}"]
+= Extend existing clusters to use AWS Local Zones
+
+As a postinstallation task, you can extend an existing {product-title} cluster on Amazon Web Services (AWS) to use AWS Local Zones.
+
+Extending nodes to Local Zone locations comprises the following steps:
+
+- Adjusting the cluster-network maximum transmission unit (MTU)
+- Opting in the Local Zone group to AWS Local Zones
+- Creating a subnet in the existing VPC for a Local Zone location
+- Creating the machine set manifest, and then creating a node in each Local Zone location
+
+[IMPORTANT]
+====
+Before you extend an existing {product-title} cluster on AWS to use Local Zones, check that the existing VPC contains available Classless Inter-Domain Routing (CIDR) blocks. These blocks are needed for creating the subnets.
+====
diff --git a/modules/post-install-edge-aws-extend-machineset.adoc b/modules/post-install-edge-aws-extend-machineset.adoc
new file mode 100644
index 000000000000..a3fb38e8ec30
--- /dev/null
+++ b/modules/post-install-edge-aws-extend-machineset.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="post-install-edge-aws-extend-machineset"]
+= Creating a machine set manifest for an AWS Local Zones node
+
+After you create subnets in AWS Local Zones, you can create a machine set manifest.
+
+The installation program sets the following labels for the `edge` machine pools at cluster installation time:
+
+* `machine.openshift.io/parent-zone-name: <value_of_ParentZoneName>`
+* `machine.openshift.io/zone-group: <value_of_ZoneGroup>`
+* `machine.openshift.io/zone-type: <value_of_ZoneType>`
+
+The following procedure details how you can create a machine set configuraton that matches the `edge` compute pool configuration.
+
+.Prerequisites
+
+* You have created subnets in AWS Local Zones.
+
+.Procedure
+
+* Manually preserve `edge` machine pool labels when creating the machine set manifest by gathering the AWS API. To complete this action, enter the following command in your command-line interface (CLI):
++
+[source,terminal]
+----
+$ aws ec2 describe-availability-zones --region <value_of_Region> \// <1>
+    --query 'AvailabilityZones[].{
+	ZoneName: ZoneName,
+	ParentZoneName: ParentZoneName,
+	GroupName: GroupName,
+	ZoneType: ZoneType}' \
+    --filters Name=zone-name,Values=<value_of_ZoneName> \// <2>
+    --all-availability-zones
+----
+<1> For `<value_of_Region>`, specify the name of the region for the zone.
+<2> For `<value_of_ZoneName>`, specify the name of the Local Zone.
+
+.Example output for Local Zone `us-east-1-nyc-1a`
+[source,terminal]
+----
+[
+    {
+        "ZoneName": "us-east-1-nyc-1a",
+        "ParentZoneName": "us-east-1f",
+        "GroupName": "us-east-1-nyc-1",
+        "ZoneType": "local-zone"
+    }
+]
+----
diff --git a/modules/post-install-existing-local-zone-subnet.adoc b/modules/post-install-existing-local-zone-subnet.adoc
new file mode 100644
index 000000000000..663916476cde
--- /dev/null
+++ b/modules/post-install-existing-local-zone-subnet.adoc
@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="post-install-existing-local-zone-subnet_{context}"]
+= Extend existing clusters to use AWS Local Zones
+
+If you want a Machine API to create an Amazon EC2 instance in a remote zone location, you must create a subnet in a Local Zone location. You can use any provisioning tool, such as Ansible or Terraform, to create subnets in the existing Virtual Private Cloud (VPC). You can configure the CloudFormation template to meet your requirements.
+
+The following subsections include steps that use CloudFormation templates. Considering the limitation of NAT Gateways in AWS Local Zones, CloudFormation templates support only public subnets. You can reuse the template to create public subnets for each edge location to where you need to extend your cluster.
\ No newline at end of file
diff --git a/modules/post-installation-adding-nutanix-failure-domains-compute-machines.adoc b/modules/post-installation-adding-nutanix-failure-domains-compute-machines.adoc
new file mode 100644
index 000000000000..ec9e598ca1d9
--- /dev/null
+++ b/modules/post-installation-adding-nutanix-failure-domains-compute-machines.adoc
@@ -0,0 +1,120 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/adding-nutanix-failure-domains.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="post-installation-adding-nutanix-failure-domains-compute-machines_{context}"]
+= Distributing compute machines across failure domains
+
+You can distribute compute machines across Nutanix failure domains by performing either of the following tasks:
+
+* Modifying existing compute machine sets.
+* Creating new compute machine sets.
+
+The following procedure details how to distribute compute machines across failure domains by modifying existing compute machine sets. For more information on creating a compute machine set, see "Additional resources".
+
+.Prerequisites
+
+* You have configured the failure domains in the cluster's Infrastructure custom resource (CR).
+
+.Procedure
+
+. Run the following command to view the cluster's Infrastructure CR.
++
+[source,terminal]
+----
+$ oc describe infrastructures.config.openshift.io cluster
+----
+. For each failure domain (`platformSpec.nutanix.failureDomains`), note the cluster's UUID, name, and subnet object UUID. These values are required to add a failure domain to a compute machine set.
+. List the compute machine sets in your cluster by running the following command:
++
+[source,terminal]
+----
+$ oc get machinesets -n openshift-machine-api
+----
+. Edit the first compute machine set by running the following command:
++
+[source,terminal]
+----
+$ oc edit machineset <machineset_name> -n openshift-machine-api
+----
+. Configure the compute machine set to use the first failure domain by adding the following to the `spec.template.spec.providerSpec.value` stanza:
++
+[NOTE]
+====
+Be sure that the values you specify for the `cluster` and `subnets` fields match the values that were configured in the `failureDomains` stanza in the cluster's Infrastructure CR.
+====
++
+.Example compute machine set with Nutanix failure domains
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1
+kind: MachineSet
+metadata:
+  creationTimestamp: null
+  labels:
+    machine.openshift.io/cluster-api-cluster: <cluster_name>
+  name: <machineset_name>
+  namespace: openshift-machine-api
+spec:
+  replicas: 2
+# ...
+  template:
+    spec:
+# ...
+      providerSpec:
+        value:
+          apiVersion: machine.openshift.io/v1
+          failureDomain:
+            name: <failure_domain_name_1>
+          cluster:
+            type: uuid
+            uuid: <prism_element_uuid_1>
+          subnets:
+          - type: uuid
+            uuid: <prism_element_network_uuid_1>
+# ...
+----
+. Note the value of `spec.replicas`, as you need it when scaling the machine set to apply the changes.
+. Save your changes.
+. List the machines that are managed by the updated compute machine set by running the following command:
++
+[source,terminal]
+----
+$ oc get -n openshift-machine-api machines -l machine.openshift.io/cluster-api-machineset=<machine_set_name>
+----
+. For each machine that is managed by the updated compute machine set, set the `delete` annotation by running the following command:
++
+[source,terminal]
+----
+$ oc annotate machine/<machine_name_original_1> \
+  -n openshift-machine-api \
+  machine.openshift.io/delete-machine="true"
+----
+. Scale the compute machine set to twice the number of replicas by running the following command:
++
+[source,terminal]
+----
+$ oc scale --replicas=<twice_the_number_of_replicas> \// <1>
+  machineset <machine_set_name> \
+  -n openshift-machine-api
+----
+<1> For example, if the original number of replicas in the compute machine set is `2`, scale the replicas to `4`.
+. List the machines that are managed by the updated compute machine set by running the following command:
++
+[source,terminal]
+----
+$ oc get -n openshift-machine-api machines -l machine.openshift.io/cluster-api-machineset=<machine_set_name>
+----
++
+When the new machines are in the `Running` phase, you can scale the compute machine set to the original number of replicas.
+. Scale the compute machine set to the original number of replicas by running the following command:
++
+[source,terminal]
+----
+$ oc scale --replicas=<original_number_of_replicas> \// <1>
+  machineset <machine_set_name> \
+  -n openshift-machine-api
+----
+<1> For example, if the original number of replicas in the compute machine set is `2`, scale the replicas to `2`.
+. As required, continue to modify machine sets to reference the additional failure domains that are available to the deployment.
diff --git a/modules/post-installation-adding-nutanix-failure-domains-control-planes.adoc b/modules/post-installation-adding-nutanix-failure-domains-control-planes.adoc
new file mode 100644
index 000000000000..e9088abe56af
--- /dev/null
+++ b/modules/post-installation-adding-nutanix-failure-domains-control-planes.adoc
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/adding-nutanix-failure-domains.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="post-installation-adding-nutanix-failure-domains-control-planes_{context}"]
+= Distributing control planes across failure domains
+
+You distribute control planes across Nutanix failure domains by modifying the control plane machine set custom resource (CR).
+
+.Prerequisites
+
+* You have configured the failure domains in the cluster's Infrastructure custom resource (CR).
+* The control plane machine set custom resource (CR) is in an active state.
+
+For more information on checking the control plane machine set custom resource state, see "Additional resources".
+
+.Procedure
+
+. Edit the control plane machine set CR by running the following command:
++
+[source,terminal]
+----
+$ oc edit controlplanemachineset.machine.openshift.io cluster -n openshift-machine-api
+----
+. Configure the control plane machine set to use failure domains by adding a `spec.template.machines_v1beta1_machine_openshift_io.failureDomains` stanza.
++
+.Example control plane machine set with Nutanix failure domains
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+  metadata:
+    creationTimestamp: null
+    labels:
+      machine.openshift.io/cluster-api-cluster: <cluster_name>
+    name: cluster
+    namespace: openshift-machine-api
+spec:
+# ...
+  template:
+    machineType: machines_v1beta1_machine_openshift_io
+    machines_v1beta1_machine_openshift_io:
+      failureDomains:
+        platform: Nutanix
+        nutanix:
+        - name: <failure_domain_name_1>
+        - name: <failure_domain_name_2>
+        - name: <failure_domain_name_3>
+# ...
+----
+. Save your changes.
+
+By default, the control plane machine set propagates changes to your control plane configuration automatically. If the cluster is configured to use the `OnDelete` update strategy, you must replace your control planes manually. For more information, see "Additional resources".
diff --git a/modules/post-installation-configuring-nutanix-failure-domains.adoc b/modules/post-installation-configuring-nutanix-failure-domains.adoc
new file mode 100644
index 000000000000..7a3b8c45eaf5
--- /dev/null
+++ b/modules/post-installation-configuring-nutanix-failure-domains.adoc
@@ -0,0 +1,67 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/adding-nutanix-failure-domains.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="post-installation-configuring-nutanix-failure-domains_{context}"]
+= Adding failure domains to the Infrastructure CR
+
+You add failure domains to an existing Nutanix cluster by modifying its Infrastructure custom resource (CR) (`infrastructures.config.openshift.io`).
+
+[TIP]
+====
+It is recommended that you configure three failure domains to ensure high-availability.
+====
+
+.Procedure
+
+. Edit the Infrastructure CR by running the following command:
++
+[source,terminal]
+----
+$ oc edit infrastructures.config.openshift.io cluster
+----
+
+. Configure the failure domains.
++
+.Example Infrastructure CR with Nutanix failure domains
+[source,yaml]
+----
+spec:
+  cloudConfig:
+    key: config
+    name: cloud-provider-config
+#...
+  platformSpec:
+    nutanix:
+      failureDomains:
+      - cluster:
+         type: UUID
+         uuid: <uuid>
+        name: <failure_domain_name>
+        subnets:
+        - type: UUID
+          uuid: <network_uuid>
+      - cluster:
+         type: UUID
+         uuid: <uuid>
+        name: <failure_domain_name>
+        subnets:
+        - type: UUID
+          uuid: <network_uuid>
+      - cluster:
+          type: UUID
+          uuid: <uuid>
+        name: <failure_domain_name>
+        subnets:
+        - type: UUID
+          uuid: <network_uuid>
+# ...
+----
+where:
+
+`<uuid>`:: Specifies the universally unique identifier (UUID) of the Prism Element.
+`<failure_domain_name>`:: Specifies a unique name for the failure domain. The name is limited to 64 or fewer characters, which can include lower-case letters, digits, and a dash (`-`). The dash cannot be in the leading or ending position of the name.
+`<network_uuid>`:: Specifies the UUID of the Prism Element subnet object. The subnet's IP address prefix (CIDR) should contain the virtual IP addresses that the {product-title} cluster uses. Only one subnet per failure domain (Prism Element) in an {product-title} cluster is supported.
+
+. Save the CR to apply the changes.
diff --git a/modules/power-monitoring-about-power-monitoring.adoc b/modules/power-monitoring-about-power-monitoring.adoc
new file mode 100644
index 000000000000..a7359d22ac47
--- /dev/null
+++ b/modules/power-monitoring-about-power-monitoring.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * power_monitoring/power-monitoring-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="power-monitoring-about-power-monitoring_{context}"]
+= About {PM-shortname}
+
+You can use {PM-title} to monitor the power usage and identify power-consuming containers running in an {product-title} cluster. {PM-shortname-c} collects and exports energy-related system statistics from various components, such as CPU and DRAM. It provides granular power consumption data for Kubernetes pods, namespaces, and nodes.
\ No newline at end of file
diff --git a/modules/power-monitoring-accessing-dashboards.adoc b/modules/power-monitoring-accessing-dashboards.adoc
new file mode 100644
index 000000000000..f41d7cecfffa
--- /dev/null
+++ b/modules/power-monitoring-accessing-dashboards.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/visualizing-power-monitoring-metrics.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="power-monitoring-accessing-dashboards_{context}"]
+= Accessing {PM-shortname} dashboards
+
+You can access {PM-shortname} dashboards from the *Administrator* perspective of the {product-title} web console.
+
+.Prerequisites
+
+* You have access to the {product-title} web console.
+* You are logged in as a user with the `cluster-admin` role.
+* You have installed the {PM-operator}.
+* You have deployed {PM-kepler} in your cluster.
+* You have enabled monitoring for user-defined projects.
+
+.Procedure
+
+. In the *Administrator* perspective of the web console, go to *Observe* -> *Dashboards*.
+
+. From the *Dashboard* drop-down list, select the {PM-shortname} dashboard you want to see: 
+** *Power Monitoring / Overview*
+** *Power Monitoring / Namespace*
\ No newline at end of file
diff --git a/modules/power-monitoring-dashboards-overview.adoc b/modules/power-monitoring-dashboards-overview.adoc
new file mode 100644
index 000000000000..51cb122ae5ec
--- /dev/null
+++ b/modules/power-monitoring-dashboards-overview.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/visualizing-power-monitoring-metrics.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="power-monitoring-dashboards-overview_{context}"]
+= {PM-shortname-c} dashboards overview
+
+There are two types of {PM-shortname} dashboards. Both provide different levels of details around power consumption metrics for a single cluster:
+
+[discrete]
+== Power Monitoring / Overview dashboard
+
+With this dashboard, you can observe the following information:
+
+* An aggregated view of CPU architecture and its power source (`rapl-sysfs`, `rapl-msr`, or `estimator`) along with total nodes with this configuration
+
+* Total energy consumption by a cluster in the last 24 hours (measured in kilowatt-hour)
+
+* The amount of power consumed by the top 10 namespaces in a cluster in the last 24 hours
+
+* Detailed node information, such as its CPU architecture and component power source
+
+These features allow you to effectively monitor the energy consumption of the cluster without needing to investigate each namespace separately.
+
+[WARNING]
+====
+Ensure that the *Components Source* column does not display `estimator` as the power source.
+
+.The Detailed Node Information table with `rapl-sysfs` as the component power source
+image::power-monitoring-component-power-source.png[]
+
+If {PM-kepler} is unable to obtain hardware power consumption metrics, the *Components Source* column displays `estimator` as the power source, which is not supported in Technology Preview. If that happens, then the values from the nodes are not accurate.
+====
+
+[discrete]
+== Power Monitoring / Namespace dashboard
+
+This dashboard allows you to view metrics by namespace and pod. You can observe the following information:
+
+* The power consumption metrics, such as consumption in DRAM and PKG
+
+* The energy consumption metrics in the last hour, such as consumption in DRAM and PKG for core and uncore components
+
+This feature allows you to investigate key peaks and easily identify the primary root causes of high consumption.
diff --git a/modules/power-monitoring-deleting-kepler.adoc b/modules/power-monitoring-deleting-kepler.adoc
new file mode 100644
index 000000000000..b86a9bbb5165
--- /dev/null
+++ b/modules/power-monitoring-deleting-kepler.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/uninstalling-power-monitoring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="power-monitoring-deleting-kepler_{context}"]
+= Deleting {PM-kepler}
+
+You can delete {PM-kepler} by removing the {PM-kepler} instance of the `{PM-kepler}` custom resource definition (CRD) from the {product-title} web console.
+
+.Prerequisites
+* You have access to the {product-title} web console.
+* You are logged in as a user with the `cluster-admin` role.
+
+.Procedure
+
+. In the *Administrator* perspective of the web console, go to *Operators* -> *Installed Operators*.
+
+. Click *{PM-title-c}* from the *Installed Operators* list and go to the *{PM-kepler}* tab.
+
+. Locate the {PM-kepler} instance entry in the list.
+
+. Click {kebab} for this entry and select *Delete {PM-kepler}*.
+
+. In the *Delete {PM-kepler}?* dialog, click *Delete* to delete the {PM-kepler} instance.
+
diff --git a/modules/power-monitoring-deploying-kepler.adoc b/modules/power-monitoring-deploying-kepler.adoc
new file mode 100644
index 000000000000..eb50c27fb046
--- /dev/null
+++ b/modules/power-monitoring-deploying-kepler.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/installing-power-monitoring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="power-monitoring-deploying-kepler_{context}"]
+= Deploying {PM-kepler}
+
+You can deploy {PM-kepler} by creating an instance of the `{PM-kepler}` custom resource definition (CRD) by using the {PM-operator}. 
+
+.Prerequisites
+* You have access to the {product-title} web console.
+* You are logged in as a user with the `cluster-admin` role.
+* You have installed the {PM-operator}.
+
+.Procedure
+
+. In the *Administrator* perspective of the web console, go to *Operators* -> *Installed Operators*.
+
+. Click *{PM-title-c}* from the *Installed Operators* list and go to the *{PM-kepler}* tab.
+
+. Click *Create {PM-kepler}*.
+
+. On the *Create {PM-kepler}* page, ensure the *Name* is set to `kepler`.
++
+[IMPORTANT]
+====
+The name of your {PM-kepler} instance must be set to `kepler`. All other instances are ignored by the {PM-operator}.
+====
+
+. Click *Create* to deploy {PM-kepler} and {PM-shortname} dashboards.
diff --git a/modules/power-monitoring-hardware-virtualization-support.adoc b/modules/power-monitoring-hardware-virtualization-support.adoc
new file mode 100644
index 000000000000..4fdde19cc2a9
--- /dev/null
+++ b/modules/power-monitoring-hardware-virtualization-support.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * power_monitoring/power-monitoring-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="power-monitoring-hardware-virtualization-support_{context}"]
+= {PM-kepler} hardware and virtualization support
+
+{PM-kepler} is the key component of {PM-shortname} that collects real-time power consumption data from a node through one of the following methods:
+
+Kernel Power Management Subsystem (preferred)::
+* `rapl-sysfs`: This requires access to the `/sys/class/powercap/intel-rapl` host file.
+* `rapl-msr`: This requires access to the `/dev/cpu/*/msr` host file.
+
+The `estimator` power source::
+Without access to the kernel's power cap subsystem, {PM-kepler} uses a machine learning model to estimate the power usage of the CPU on the node.
++
+[WARNING]
+====
+The `estimator` feature is experimental, not supported, and should not be relied upon.
+====
+
+You can identify the power estimation method for a node by using the *Power Monitoring / Overview* dashboard.
+
+[WARNING]
+====
+{PM-shortname-c} Technology Preview works only in bare-metal deployments. Most public cloud vendors do not expose Kernel Power Management Subsystems to virtual machines.
+====
\ No newline at end of file
diff --git a/modules/power-monitoring-installing-pmo.adoc b/modules/power-monitoring-installing-pmo.adoc
new file mode 100644
index 000000000000..02e50210c191
--- /dev/null
+++ b/modules/power-monitoring-installing-pmo.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/installing-power-monitoring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="power-monitoring-installing-pmo_{context}"]
+= Installing the {PM-operator}
+
+As a cluster administrator, you can install the {PM-operator} from OperatorHub by using the {product-title} web console.
+
+[WARNING]
+====
+You must remove any previously installed versions of the {PM-operator} before installation.
+====
+
+.Prerequisites
+* You have access to the {product-title} web console.
+* You are logged in as a user with the `cluster-admin` role.
+
+.Procedure
+
+. In the *Administrator* perspective of the web console, go to *Operators* -> *OperatorHub*.
+
+. Search for `{PM-shortname}`, click the *{PM-title-c}* tile, and then click *Install*.
+//. On the *Install Operator* page:
+//.. Select an *Update channel*.
+//.. Select a {PM-shortname} *Version* to install.
+// This can be included once the user has options there to choose. Not needed for now.
+
+. Click *Install* again to install the {PM-operator}.
++
+{PM-title-c} is now available in all namespaces of the {product-title} cluster.
+
+.Verification
+
+. Verify that the {PM-operator} is listed in *Operators* -> *Installed Operators*. The *Status* should resolve to *Succeeded*.
\ No newline at end of file
diff --git a/modules/power-monitoring-kepler-architecture.adoc b/modules/power-monitoring-kepler-architecture.adoc
new file mode 100644
index 000000000000..e1520c76e5b7
--- /dev/null
+++ b/modules/power-monitoring-kepler-architecture.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * power_monitoring/power-monitoring-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="power-monitoring-kepler-architecture_{context}"]
+= {PM-shortname-c} architecture
+
+{PM-shortname-c} is made up of the following major components:
+
+The {PM-operator}:: For administrators, the {PM-operator} streamlines the monitoring of power usage for workloads by simplifying the deployment and management of {PM-kepler} in an {product-title} cluster. The setup and configuration for the {PM-operator} are simplified by adding a {PM-kepler} custom resource definition (CRD). The Operator also manages operations, such as upgrading, removing, configuring, and redeploying {PM-kepler}. 
+
+{PM-kepler}:: {PM-kepler} is a key component of {PM-shortname}. It is responsible for monitoring the power usage of containers running in {product-title}. It generates metrics related to the power usage of both nodes and containers.
diff --git a/modules/power-monitoring-kepler-configuration.adoc b/modules/power-monitoring-kepler-configuration.adoc
new file mode 100644
index 000000000000..9788c36e1319
--- /dev/null
+++ b/modules/power-monitoring-kepler-configuration.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/power-monitoring-configuration.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="power-monitoring-kepler-configuration_{context}"]
+= The {PM-kepler} configuration
+
+You can configure {PM-kepler} with the `spec` field of the `{PM-kepler}` resource.
+
+[IMPORTANT]
+====
+Ensure that the name of your {PM-kepler} instance is `kepler`. All other instances are ignored by the {PM-operator}.
+====
+
+The following is the list of configuration options:
+
+.{PM-kepler} configuration options
+[options="header"]
+|===
+|Name |Spec |Description |Default 
+|`port` |`exporter.deployment` |The port on the node where the Prometheus metrics are exposed. |`9103`
+|`nodeSelector` |`exporter.deployment` |The nodes on which {PM-kepler} exporter pods are scheduled. |`kubernetes.io/os: linux`
+|`tolerations` |`exporter.deployment` |The tolerations for {PM-kepler} exporter that allow the pods to be scheduled on nodes with specific characteristics. |`- operator: "Exists"`
+|===
+
+.Example `{PM-kepler}` resource with default configuration
+[source,yaml]
+----
+apiVersion: kepler.system.sustainable.computing.io/v1alpha1
+kind: Kepler
+metadata:
+  name: kepler
+spec:
+  exporter:
+    deployment:
+      port: 9103 # <1>
+      nodeSelector: 
+        kubernetes.io/os: linux # <2>
+      Tolerations: # <3>
+      - key: ""
+        operator: "Exists" 
+        value: ""
+        effect: ""
+----
+<1> The Prometheus metrics are exposed on port 9103.
+<2> {PM-kepler} pods are scheduled on Linux nodes.
+<3> The default tolerations allow {PM-kepler} to be scheduled on any node.
diff --git a/modules/power-monitoring-metrics-overview.adoc b/modules/power-monitoring-metrics-overview.adoc
new file mode 100644
index 000000000000..5b642cb08a13
--- /dev/null
+++ b/modules/power-monitoring-metrics-overview.adoc
@@ -0,0 +1,72 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/visualizing-power-monitoring-metrics.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="power-monitoring-metrics-overview_{context}"]
+= {PM-shortname-c} metrics overview
+
+The {PM-operator} exposes the following metrics, which you can view by using the {product-title} web console under the *Observe* -> *Metrics* tab.
+
+[WARNING]
+====
+This list of exposed metrics is not definitive. Metrics might be added or removed in future releases.
+====
+
+.{PM-operator} metrics
+[options="header"]
+|===
+|Metric name |Description
+|`kepler_container_joules_total` |The aggregated package or socket energy consumption of CPU, DRAM, and other host components by a container.
+
+|`kepler_container_core_joules_total` |The total energy consumption across CPU cores used by a container. If the system has access to `RAPL_` metrics, this metric reflects the proportional container energy consumption of the RAPL Power Plan 0 (PP0), which is the energy consumed by all CPU cores in the socket.
+
+|`kepler_container_dram_joules_total` |The total energy consumption of DRAM by a container.
+
+|`kepler_container_uncore_joules_total` |The cumulative energy consumption by uncore components used by a container. The number of components might vary depending on the system. The uncore metric is processor model-specific and might not be available on some server CPUs.
+
+|`kepler_container_package_joules_total` |The cumulative energy consumed by the CPU socket used by a container. It includes all core and uncore components.
+
+|`kepler_container_other_joules_total` |The cumulative energy consumption of host components, excluding CPU and DRAM, used by a container.
+Generally, this metric is the energy consumption of ACPI hosts.
+
+|`kepler_container_bpf_cpu_time_us_total` |The total CPU time used by the container that utilizes the BPF tracing.
+
+|`kepler_container_cpu_cycles_total` |The total CPU cycles used by the container that utilizes hardware counters. CPU cycles is a metric directly related to CPU frequency. On systems where processors run at a fixed frequency, CPU cycles and total CPU time are roughly equivalent. On systems where processors run at varying frequencies, CPU cycles and total CPU time have different values.
+
+|`kepler_container_cpu_instructions_total` |The total CPU instructions used by the container that utilizes hardware counters. CPU instructions is a metric that accounts how the CPU is used.
+
+|`kepler_container_cache_miss_total` |The total cache miss that occurs for a container that uses hardware counters.
+
+|`kepler_container_cgroupfs_cpu_usage_us_total` |The total CPU time used by a container reading from control group statistics.
+
+|`kepler_container_cgroupfs_memory_usage_bytes_total` |The total memory in bytes used by a container reading from control group statistics.
+
+|`kepler_container_cgroupfs_system_cpu_usage_us_total` |The total CPU time in kernel space used by the container reading from control group statistics.
+
+|`kepler_container_cgroupfs_user_cpu_usage_us_total` |The total CPU time in user space used by a container reading from control group statistics.
+
+|`kepler_container_bpf_net_tx_irq_total` |The total number of packets transmitted to network cards of a container that uses the BPF tracing.
+
+|`kepler_container_bpf_net_rx_irq_total` |The total number of packets received from network cards of a container that uses the BPF tracing.
+
+|`kepler_container_bpf_block_irq_total` |The total number of block I/O calls of a container that uses the BPF tracing.
+
+|`kepler_node_info` |The node metadata, such as the node CPU architecture.
+
+|`kepler_node_core_joules_total` |The total energy consumption across CPU cores used by all containers running on a node and operating system.
+
+|`kepler_node_uncore_joules_total` |The cumulative energy consumption by uncore components used by all containers running on the node and operating system. The number of components might vary depending on the system.
+
+|`kepler_node_dram_joules_total` |The total energy consumption of DRAM by all containers running on the node and operating system.
+
+|`kepler_node_package_joules_total` |The cumulative energy consumed by the CPU socket used by all containers running on the node and operating system. It includes all core and uncore components.
+
+|`kepler_node_other_host_components_joules_total` |The cumulative energy consumption of host components, excluding CPU and DRAM, used by all containers running on the node and operating system. Generally, this metric is the energy consumption of ACPI hosts.
+
+|`kepler_node_platform_joules_total` |The total energy consumption of the host. Generally, this metric is the host energy consumption from Redfish BMC or ACPI.
+
+|`kepler_node_energy_stat` |Multiple metrics from nodes labeled with container resource utilization control group metrics that are used in the model server.
+
+|`kepler_node_accelerator_intel_qat` |The utilization of the accelerator Intel QAT on a certain node. If the system contains Intel QATs, {PM-kepler} can calculate the utilization of the node's QATs through telemetry.
+|===
diff --git a/modules/power-monitoring-monitoring-kepler-status.adoc b/modules/power-monitoring-monitoring-kepler-status.adoc
new file mode 100644
index 000000000000..ad9b949ad61b
--- /dev/null
+++ b/modules/power-monitoring-monitoring-kepler-status.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/power-monitoring-configuration.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="power-monitoring-monitoring-kepler-status_{context}"]
+= Monitoring the {PM-kepler} status
+
+You can monitor the state of the {PM-kepler} exporter with the `status` field of the `{PM-kepler}` resource. 
+
+The `status.exporter` field includes information, such as the following:
+
+* The number of nodes currently running the {PM-kepler} pods
+* The number of nodes that should be running the {PM-kepler} pods
+* Conditions representing the health of the {PM-kepler} resource
+
+This provides you with valuable insights into the changes made through the `spec` field. 
+
+.Example state of the `{PM-kepler}` resource
+[source,yaml]
+----
+apiVersion: kepler.system.sustainable.computing.io/v1alpha1
+kind: Kepler
+metadata:
+  name: kepler
+status:
+ exporter:
+   conditions: # <1>
+     - lastTransitionTime: '2024-01-11T11:07:39Z'
+       message: Reconcile succeeded
+       observedGeneration: 1
+       reason: ReconcileSuccess
+       status: 'True'
+       type: Reconciled
+     - lastTransitionTime: '2024-01-11T11:07:39Z'
+       message: >-
+         Kepler daemonset "kepler-operator/kepler" is deployed to all nodes and
+         available; ready 2/2
+       observedGeneration: 1
+       reason: DaemonSetReady
+       status: 'True'
+       type: Available
+   currentNumberScheduled: 2 # <2>
+   desiredNumberScheduled: 2 # <3>
+----
+<1> The health of the {PM-kepler} resource. In this example, {PM-kepler} is successfully reconciled and ready.
+<2> The number of nodes currently running the {PM-kepler} pods is 2.
+<3> The wanted number of nodes to run the {PM-kepler} pods is 2.
diff --git a/modules/power-monitoring-uninstalling-pmo.adoc b/modules/power-monitoring-uninstalling-pmo.adoc
new file mode 100644
index 000000000000..975d53f698c9
--- /dev/null
+++ b/modules/power-monitoring-uninstalling-pmo.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+
+// * power_monitoring/uninstalling-power-monitoring.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="power-monitoring-uninstalling-pmo_{context}"]
+= Uninstalling the {PM-operator}
+
+If you installed the {PM-operator} by using OperatorHub, you can uninstall it from the {product-title} web console.
+
+.Prerequisites
+* You have access to the {product-title} web console.
+* You are logged in as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Delete the {PM-kepler} instance.
++
+[WARNING]
+====
+Ensure that you have deleted the {PM-kepler} instance before uninstalling the {PM-operator}.
+====
+
+. Go to *Operators* → *Installed Operators*.
+
+. Locate the *{PM-title-c}* entry in the list.
+
+. Click {kebab} for this entry and select *Uninstall Operator*.
+
+. In the *Uninstall Operator?* dialog, click *Uninstall* to uninstall the {PM-operator}.
+
+
diff --git a/modules/preferred-ibm-z-system-requirements.adoc b/modules/preferred-ibm-z-system-requirements.adoc
index 1d060e3fb7c1..741e477019cf 100644
--- a/modules/preferred-ibm-z-system-requirements.adoc
+++ b/modules/preferred-ibm-z-system-requirements.adoc
@@ -3,9 +3,9 @@
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="preferred-ibm-z-system-requirements_{context}"]
-= Preferred {ibmzProductName} system environment
+= Preferred {ibm-z-title} system environment
 
 [discrete]
 == Hardware requirements
@@ -17,19 +17,19 @@
 [discrete]
 == Operating system requirements
 
-* Two or three instances of z/VM 7.1 or later for high availability
+* Two or three instances of z/VM 7.2 or later for high availability
 
 On your z/VM instances, set up:
 
 * Three guest virtual machines for {product-title} control plane machines, one per z/VM instance.
 * At least six guest virtual machines for {product-title} compute machines, distributed across the z/VM instances.
 * One guest virtual machine for the temporary {product-title} bootstrap machine.
-* To ensure the availability of integral components in an overcommitted environment, increase the priority of the control plane by using the CP command `SET SHARE`. Do the same for infrastructure nodes, if they exist. See link:https://www.ibm.com/docs/en/zvm/7.1?topic=commands-set-share[SET SHARE] in IBM Documentation.
+* To ensure the availability of integral components in an overcommitted environment, increase the priority of the control plane by using the CP command `SET SHARE`. Do the same for infrastructure nodes, if they exist. See link:https://www.ibm.com/docs/en/zvm/latest?topic=commands-set-share[SET SHARE] in {ibm-name} Documentation.
 
 [discrete]
-== {ibmzProductName} network connectivity requirements
+== {ibm-z-title} network connectivity requirements
 
-To install on {ibmzProductName} under z/VM, you require a single z/VM virtual NIC in layer 2 mode. You also need:
+To install on {ibm-z-name} under z/VM, you require a single z/VM virtual NIC in layer 2 mode. You also need:
 
 *   A direct-attached OSA or RoCE network adapter
 *   A z/VM VSwitch set up. For a preferred setup, use OSA link aggregation.
diff --git a/modules/preparing-an-inital-cluster-deployment-for-mce-connected.adoc b/modules/preparing-an-inital-cluster-deployment-for-mce-connected.adoc
index f36e72753581..49768d68f524 100644
--- a/modules/preparing-an-inital-cluster-deployment-for-mce-connected.adoc
+++ b/modules/preparing-an-inital-cluster-deployment-for-mce-connected.adoc
@@ -2,10 +2,10 @@
 //
 // * installing_with_agent_based_installer/preparing-an-agent-based-installed-cluster-for-mce.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="preparing-an-inital-cluster-deployment-for-mce-connected_{context}"]
 
-= Preparing an agent-based cluster deployment for the multicluster engine for Kubernetes Operator while connected
+= Preparing an Agent-based cluster deployment for the multicluster engine for Kubernetes Operator while connected
 
 Create the required manifests for the multicluster engine for Kubernetes Operator, the Local Storage Operator (LSO), and to deploy an agent-based {product-title} cluster as a hub cluster.
 
@@ -57,7 +57,7 @@ The installer does not validate extra manifests.
     name: multicluster-engine
     namespace: multicluster-engine
   spec:
-    channel: "stable-2.1"
+    channel: "stable-2.3"
     name: multicluster-engine
     source: redhat-operators
     sourceNamespace: openshift-marketplace
@@ -233,14 +233,14 @@ $ oc wait localvolume -n openshift-local-storage assisted-service --for conditio
 +
 .Example `clusterimageset.yaml`
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
   apiVersion: hive.openshift.io/v1
   kind: ClusterImageSet
   metadata:
-    name: "4.13"
+    name: "{product-version}"
   spec:
-    releaseImage: quay.io/openshift-release-dev/ocp-release:4.13.0-x86_64
+    releaseImage: quay.io/openshift-release-dev/ocp-release:{product-version}.0-x86_64
 ----
 
 . Create a manifest to import the agent installed cluster (that hosts the multicluster engine and the Assisted Service) as the hub cluster.
diff --git a/modules/preparing-an-inital-cluster-deployment-for-mce-disconnected.adoc b/modules/preparing-an-inital-cluster-deployment-for-mce-disconnected.adoc
index 9b652d2b189c..da3cd2c68e84 100644
--- a/modules/preparing-an-inital-cluster-deployment-for-mce-disconnected.adoc
+++ b/modules/preparing-an-inital-cluster-deployment-for-mce-disconnected.adoc
@@ -2,10 +2,10 @@
 //
 // * installing_with_agent_based_installer/preparing-an-agent-based-installed-cluster-for-mce.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="preparing-an-inital-cluster-deployment-for-mce-disconnected_{context}"]
 
-= Preparing an agent-based cluster deployment for the multicluster engine for Kubernetes Operator while disconnected
+= Preparing an Agent-based cluster deployment for the multicluster engine for Kubernetes Operator while disconnected
 
 You can mirror the required {product-title} container images, the multicluster engine for Kubernetes Operator, and the Local Storage Operator (LSO) into your local mirror registry in a disconnected environment.
 Ensure that you note the local DNS hostname and port of your mirror registry.
@@ -23,7 +23,7 @@ To mirror your {product-title} image repository to your mirror registry, you can
 +
 .Example `ImageSetConfiguration.yaml`
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
   kind: ImageSetConfiguration
   apiVersion: mirror.openshift.io/v1alpha2
@@ -36,12 +36,12 @@ To mirror your {product-title} image repository to your mirror registry, you can
       architectures:
         - "amd64"
       channels:
-        - name: stable-4.13 <4>
+        - name: stable-{product-version} <4>
           type: ocp
     additionalImages:
       - name: registry.redhat.io/ubi9/ubi:latest
     operators:
-      - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.13 <5>
+      - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version} <5>
         packages: <6>
           - name: multicluster-engine <7>
           - name: local-storage-operator <8>
diff --git a/modules/preparing-aws-credentials-for-oadp.adoc b/modules/preparing-aws-credentials-for-oadp.adoc
new file mode 100644
index 000000000000..437c7d64b546
--- /dev/null
+++ b/modules/preparing-aws-credentials-for-oadp.adoc
@@ -0,0 +1,165 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="preparing-aws-credentials-for-oadp_{context}"]
+= Preparing AWS credentials for OADP
+
+An {aws-full} account must be prepared and configured to accept an {oadp-first} installation.
+
+.Procedure
+. Create the following environment variables by running the following commands:
++
+[IMPORTANT]
+====
+Change the cluster name to match your ROSA cluster, and ensure you are logged into the cluster as an administrator. Ensure that all fields are outputted correctly before continuing.
+====
++
+[source,terminal]
+----
+$ export CLUSTER_NAME=my-cluster <1>
+  export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
+  export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
+  export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
+  export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+  export CLUSTER_VERSION=$(rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.')
+  export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
+  export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
+  mkdir -p ${SCRATCH}
+  echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
+  ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
++
+<1> Replace `my-cluster` with your ROSA cluster name.
+
+. On the {aws-short} account, create an IAM policy to allow access to {aws-short} S3:
+
+.. Check to see if the policy exists by running the following command:
++
+[source,terminal]
+----
+$ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='RosaOadpVer1'].{ARN:Arn}" --output text) <1>
+----
++
+<1> Replace `RosaOadp` with your policy name.
+
+..  Enter the following command to create the policy JSON file and then create the policy in ROSA:
++
+[NOTE]
+====
+If the policy ARN is not found, the command creates the policy. If the policy ARN already exists, the `if` statement intentionally skips the policy creation.
+====
++
+[source,terminal]
+----
+$ if [[ -z "${POLICY_ARN}" ]]; then
+  cat << EOF > ${SCRATCH}/policy.json <1>
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:CreateBucket",
+        "s3:DeleteBucket",
+        "s3:PutBucketTagging",
+        "s3:GetBucketTagging",
+        "s3:PutEncryptionConfiguration",
+        "s3:GetEncryptionConfiguration",
+        "s3:PutLifecycleConfiguration",
+        "s3:GetLifecycleConfiguration",
+        "s3:GetBucketLocation",
+        "s3:ListBucket",
+        "s3:GetObject",
+        "s3:PutObject",
+        "s3:DeleteObject",
+        "s3:ListBucketMultipartUploads",
+        "s3:AbortMultipartUploads",
+        "s3:ListMultipartUploadParts",
+        "s3:DescribeSnapshots",
+        "ec2:DescribeVolumes",
+        "ec2:DescribeVolumeAttribute",
+        "ec2:DescribeVolumesModifications",
+        "ec2:DescribeVolumeStatus",
+        "ec2:CreateTags",
+        "ec2:CreateVolume",
+        "ec2:CreateSnapshot",
+        "ec2:DeleteSnapshot"
+      ],
+      "Resource": "*"
+    }
+   ]}
+EOF
+
+  POLICY_ARN=$(aws iam create-policy --policy-name "RosaOadpVer1" \
+  --policy-document file:///${SCRATCH}/policy.json --query Policy.Arn \
+  --tags Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-oadp Key=operator_name,Value=openshift-oadp \
+  --output text)
+  fi
+----
++
+<1> `SCRATCH` is a name for a temporary directory created for the environment variables.
+
+.. View the policy ARN by running the following command:
++
+[source,terminal]
+----
+$ echo ${POLICY_ARN}
+----
+
+
+. Create an IAM role trust policy for the cluster:
+
+.. Create the trust policy file by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF > ${SCRATCH}/trust-policy.json
+  {
+      "Version":2012-10-17",
+      "Statement": [{
+        "Effect": "Allow",
+        "Principal": {
+          "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT}"
+        },
+        "Action": "sts:AssumeRoleWithWebIdentity",
+        "Condition": {
+          "StringEquals": {
+            "${OIDC_ENDPOINT}:sub": [
+              "system:serviceaccount:openshift-adp:openshift-adp-controller-manager",
+              "system:serviceaccount:openshift-adp:velero"]
+          }
+        }
+      }]
+  }
+EOF
+----
+
+.. Create the role by running the following command:
++
+[source,terminal]
+----
+$ ROLE_ARN=$(aws iam create-role --role-name \
+  "${ROLE_NAME}" \
+  --assume-role-policy-document file://${SCRATCH}/trust-policy.json \
+--tags Key=rosa_cluster_id,Value=${ROSA_CLUSTER_ID} Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-adp Key=operator_name,Value=openshift-oadp \
+   --query Role.Arn --output text)
+----
+
+.. View the role ARN by running the following command:
++
+[source,terminal]
+----
+$ echo ${ROLE_ARN}
+----
+
+. Attach the IAM policy to the IAM role by running the following command:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy --role-name "${ROLE_NAME}" \
+  --policy-arn ${POLICY_ARN}
+----
+
+
diff --git a/modules/private-clusters-about-ibm-cloud.adoc b/modules/private-clusters-about-ibm-cloud.adoc
index a7744ab6e837..e36e5b2e86ea 100644
--- a/modules/private-clusters-about-ibm-cloud.adoc
+++ b/modules/private-clusters-about-ibm-cloud.adoc
@@ -2,13 +2,13 @@
 //
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="private-clusters-about-ibm-cloud_{context}"]
-= Private clusters in IBM Cloud VPC
+= Private clusters in {ibm-cloud-title}
 
-To create a private cluster on IBM Cloud VPC, you must provide an existing private VPC and subnets to host the cluster. The installation program must also be able to resolve the DNS records that the cluster requires. The installation program configures the Ingress Operator and API server for only internal traffic.
+To create a private cluster on {ibm-cloud-name}, you must provide an existing private VPC and subnets to host the cluster. The installation program must also be able to resolve the DNS records that the cluster requires. The installation program configures the Ingress Operator and API server for only internal traffic.
 
-The cluster still requires access to internet to access the IBM Cloud VPC APIs.
+The cluster still requires access to internet to access the {ibm-cloud-name} APIs.
 
 The following items are not required or created when you install a private cluster:
 
@@ -21,4 +21,4 @@ The installation program does use the `baseDomain` that you specify to create a
 [id="private-clusters-limitations-ibm-cloud_{context}"]
 == Limitations
 
-Private clusters on IBM Cloud VPC are subject only to the limitations associated with the existing VPC that was used for cluster deployment.
+Private clusters on {ibm-cloud-name} are subject only to the limitations associated with the existing VPC that was used for cluster deployment.
diff --git a/modules/private-clusters-about-ibm-power-vs.adoc b/modules/private-clusters-about-ibm-power-vs.adoc
index 4f3d0ae7dd5f..1f3c6fef43e3 100644
--- a/modules/private-clusters-about-ibm-power-vs.adoc
+++ b/modules/private-clusters-about-ibm-power-vs.adoc
@@ -2,13 +2,13 @@
 //
 // * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="private-clusters-about-ibm-power-virtual-server_{context}"]
-= Private clusters in IBM Power Virtual Server
+= Private clusters in {ibm-power-server-title}
 
-To create a private cluster on IBM Power Virtual Server, you must provide an existing private Virtual Private Cloud (VPC) and subnets to host the cluster. The installation program must also be able to resolve the DNS records that the cluster requires. The installation program configures the Ingress Operator and API server for only internal traffic.
+To create a private cluster on {ibm-power-server-name}, you must provide an existing private Virtual Private Cloud (VPC) and subnets to host the cluster. The installation program must also be able to resolve the DNS records that the cluster requires. The installation program configures the Ingress Operator and API server for only internal traffic.
 
-The cluster still requires access to internet to access the IBM Cloud VPC APIs.
+The cluster still requires access to internet to access the {ibm-cloud-name} APIs.
 
 The following items are not required or created when you install a private cluster:
 
@@ -16,9 +16,9 @@ The following items are not required or created when you install a private clust
 * Public network load balancers, which support public Ingress
 * A public DNS zone that matches the `baseDomain` for the cluster
 
-You will also need to create an IBM DNS service containing a DNS zone that matches your `baseDomain`. Unlike standard deployments on Power VS which use IBM CIS for DNS, you must use IBM DNS for your DNS service.
+You will also need to create an {ibm-name} DNS service containing a DNS zone that matches your `baseDomain`. Unlike standard deployments on Power VS which use {ibm-name} CIS for DNS, you must use {ibm-name} DNS for your DNS service.
 
 [id="private-clusters-limitations-ibm-power-virtual-server_{context}"]
 == Limitations
 
-Private clusters on IBM Power Virtual Server are subject only to the limitations associated with the existing VPC that was used for cluster deployment.
+Private clusters on {ibm-power-server-name} are subject only to the limitations associated with the existing VPC that was used for cluster deployment.
diff --git a/modules/private-clusters-about.adoc b/modules/private-clusters-about.adoc
index 632159c6acf9..a8c4f480da65 100644
--- a/modules/private-clusters-about.adoc
+++ b/modules/private-clusters-about.adoc
@@ -2,12 +2,12 @@
 //
 // * post_installation_configuration/configuring-private-cluster.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="private-clusters-about_{context}"]
 = About private clusters
 
 
-By default, {product-title} is provisioned using publicly-accessible DNS and endpoints. You can set the DNS, Ingress Controller, and API server to private after you deploy your private cluster. 
+By default, {product-title} is provisioned using publicly-accessible DNS and endpoints. You can set the DNS, Ingress Controller, and API server to private after you deploy your private cluster.
 
 include::snippets/snip-private-clusters-public-ingress.adoc[]
 
@@ -22,7 +22,9 @@ The `*.apps` records in the public and private zone are identical, so when you d
 [discrete]
 [id="private-clusters-about-ingress-controller_{context}"]
 == Ingress Controller
-Because the default `Ingress` object is created as public, the load balancer is internet-facing and in the public subnets. You can replace the default Ingress Controller with an internal one.
+Because the default `Ingress` object is created as public, the load balancer is internet-facing and in the public subnets.
+
+The Ingress Operator generates a default certificate for an Ingress Controller to serve as a placeholder until you configure a custom default certificate. Do not use Operator-generated default certificates in production clusters. The Ingress Operator does not rotate its own signing certificate or the default certificates that it generates. Operator-generated default certificates are intended as placeholders for custom default certificates that you configure.
 
 [discrete]
 [id="private-clusters-about-api-server_{context}"]
diff --git a/modules/private-clusters-default.adoc b/modules/private-clusters-default.adoc
index ac2644a9af2f..0d88e47680f9 100644
--- a/modules/private-clusters-default.adoc
+++ b/modules/private-clusters-default.adoc
@@ -62,7 +62,7 @@ ifdef::ibm-power-vs-private[]
 * Use existing networking that meets your requirements.
 endif::ibm-power-vs-private[]
 ifdef::ibm-cloud-private,ibm-power-vs-private[]
-* Create a DNS zone using IBM Cloud DNS Services and specify it as the base domain of the cluster. For more information, see "Using IBM Cloud DNS Services to configure DNS resolution".
+* Create a DNS zone using {ibm-cloud-name} DNS Services and specify it as the base domain of the cluster. For more information, see "Using {ibm-cloud-name} DNS Services to configure DNS resolution".
 endif::ibm-cloud-private,ibm-power-vs-private[]
 * Deploy from a machine that has access to:
 ** The API services for the cloud to which you provision.
diff --git a/modules/private-clusters-setting-api-private.adoc b/modules/private-clusters-setting-api-private.adoc
index 64e488ae8ad8..3a651b05784b 100644
--- a/modules/private-clusters-setting-api-private.adoc
+++ b/modules/private-clusters-setting-api-private.adoc
@@ -13,11 +13,11 @@ ifeval::["{context}" == "cpmso-using-azure"]
 :cpmso-using-azure:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="private-clusters-setting-api-private_{context}"]
 = Restricting the API server to private
 
-After you deploy a cluster to 
+After you deploy a cluster to
 ifdef::cpmso-using-aws[Amazon Web Services (AWS),]
 ifdef::post-install[Amazon Web Services (AWS) or]
 ifndef::cpmso-using-aws[Microsoft Azure,]
diff --git a/modules/private-clusters-setting-dns-private.adoc b/modules/private-clusters-setting-dns-private.adoc
index c8b0c5ed90a7..1bb8d978d2fc 100644
--- a/modules/private-clusters-setting-dns-private.adoc
+++ b/modules/private-clusters-setting-dns-private.adoc
@@ -3,7 +3,7 @@
 // * post_installation_configuration/configuring-private-cluster.adoc
 // * post_installation_configuration/network-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="private-clusters-setting-dns-private_{context}"]
 = Setting DNS to private
 
diff --git a/modules/private-clusters-setting-ingress-private.adoc b/modules/private-clusters-setting-ingress-private.adoc
index 0e470dd282e5..f16e15754908 100644
--- a/modules/private-clusters-setting-ingress-private.adoc
+++ b/modules/private-clusters-setting-ingress-private.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/configuring-private-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="private-clusters-setting-ingress-private_{context}"]
 = Setting the Ingress Controller to private
 
diff --git a/modules/proc-switching-bf2-nic.adoc b/modules/proc-switching-bf2-nic.adoc
index a84ecc67204a..543415065add 100644
--- a/modules/proc-switching-bf2-nic.adoc
+++ b/modules/proc-switching-bf2-nic.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/hardware_networks/switching-bf2-nic-dpu.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="proc-switching-bf2-nic_{context}"]
 = Switching Bluefield-2 from DPU mode to NIC mode
 
diff --git a/modules/prometheus-database-storage-requirements.adoc b/modules/prometheus-database-storage-requirements.adoc
index 75d361a05b4f..b78931a0beda 100644
--- a/modules/prometheus-database-storage-requirements.adoc
+++ b/modules/prometheus-database-storage-requirements.adoc
@@ -10,40 +10,36 @@ Red Hat performed various tests for different scale sizes.
 
 [NOTE]
 ====
-The Prometheus storage requirements below are not prescriptive. Higher resource consumption might be observed in your cluster depending on workload activity and resource use.
+The Prometheus storage requirements below are not prescriptive and should be used as a reference. Higher resource consumption might be observed in your cluster depending on workload activity and resource density, including the number of pods, containers, routes, or other resources exposing metrics collected by Prometheus.
 ====
 
 .Prometheus Database storage requirements based on number of nodes/pods in the cluster
 [options="header"]
 |===
-|Number of Nodes |Number of pods |Prometheus storage growth per day |Prometheus storage growth per 15 days |RAM Space (per scale size) |Network (per tsdb chunk)
+|Number of Nodes |Number of pods (2 containers per pod) |Prometheus storage growth per day |Prometheus storage growth per 15 days |Network (per tsdb chunk)
 
 |50
 |1800
 |6.3 GB
 |94 GB
-|6 GB
 |16 MB
 
 |100
 |3600
 |13 GB
 |195 GB
-|10 GB
 |26 MB
 
 |150
 |5400
 |19 GB
 |283 GB
-|12 GB
 |36 MB
 
 |200
 |7200
 |25 GB
 |375 GB
-|14 GB
 |46 MB
 |===
 
@@ -58,5 +54,5 @@ CPU utilization has minor impact. The ratio is approximately 1 core out of 40 pe
 
 *Recommendations for {product-title}*
 
-* Use at least three infrastructure (infra) nodes.
-* Use at least three *openshift-container-storage* nodes with non-volatile memory express (NVMe) drives.
+* Use at least two infrastructure (infra) nodes.
+* Use at least three *openshift-container-storage* nodes with non-volatile memory express (SSD or NVMe) drives.
diff --git a/modules/pruning-builds.adoc b/modules/pruning-builds.adoc
index dbd743c81b0c..2fae3c7faa55 100644
--- a/modules/pruning-builds.adoc
+++ b/modules/pruning-builds.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/pruning-objects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pruning-builds_{context}"]
 = Pruning builds
 
diff --git a/modules/pruning-deployments.adoc b/modules/pruning-deployments.adoc
index 729731e9cf98..393006e06498 100644
--- a/modules/pruning-deployments.adoc
+++ b/modules/pruning-deployments.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/pruning-objects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pruning-deployments_{context}"]
 = Pruning deployment resources
 
diff --git a/modules/pruning-groups.adoc b/modules/pruning-groups.adoc
index 6bb96b63f074..968589d8728d 100644
--- a/modules/pruning-groups.adoc
+++ b/modules/pruning-groups.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/pruning-objects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pruning-groups_{context}"]
 = Pruning groups
 
diff --git a/modules/pruning-hard-pruning-registry.adoc b/modules/pruning-hard-pruning-registry.adoc
index 765abd29a108..33a88914f1bc 100644
--- a/modules/pruning-hard-pruning-registry.adoc
+++ b/modules/pruning-hard-pruning-registry.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/pruning-objects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pruning-hard-pruning-registry_{context}"]
 = Hard pruning the registry
 
diff --git a/modules/pruning-images-manual.adoc b/modules/pruning-images-manual.adoc
index 3bca7e7490f2..738f9df5306e 100644
--- a/modules/pruning-images-manual.adoc
+++ b/modules/pruning-images-manual.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/pruning-objects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pruning-images-manual_{context}"]
 = Manually pruning images
 
@@ -188,6 +188,9 @@ You can apply conditions to your manually pruned images.
 *** Replica sets
 *** Build configurations
 *** Builds
+*** Jobs
+*** Cronjobs
+*** Stateful sets
 *** `--keep-tag-revisions` most recent items in `stream.status.tags[].items`
 ** That are exceeding the smallest limit defined in the same project and are not currently referenced by any:
 *** Running pods
@@ -198,6 +201,9 @@ You can apply conditions to your manually pruned images.
 *** Replica sets
 *** Build configurations
 *** Builds
+*** Jobs
+*** Cronjobs
+*** Stateful sets
 * There is no support for pruning from external registries.
 * When an image is pruned, all references to the image are removed from all
 image streams that have a reference to the image in `status.tags`.
@@ -287,16 +293,15 @@ pruning.
 
 Ensure that images you want removed occur at higher positions in each tag
 history than your chosen tag revisions threshold. For example, consider an old
-and obsolete image named `sha:abz`. By running the following command in
-namespace `N`, where the image is tagged, the image is tagged three times in a
+and obsolete image named `sha256:abz`. By running the following command in your
+namespace, where the image is tagged, the image is tagged three times in a
 single image stream named `myapp`:
 
 [source,terminal]
 ----
-$ oc get is -n N -o go-template='{{range $isi, $is := .items}}{{range $ti, $tag := $is.status.tags}}'\
-  '{{range $ii, $item := $tag.items}}{{if eq $item.image "'"sha:abz"\
-  $'"}}{{$is.metadata.name}}:{{$tag.tag}} at position {{$ii}} out of {{len $tag.items}}\n'\
-  '{{end}}{{end}}{{end}}{{end}}'
+$ oc get is -n <namespace> -o go-template='{{range $isi, $is := .items}}{{range $ti, $tag := $is.status.tags}}'\
+'{{range $ii, $item := $tag.items}}{{if eq $item.image "sha256:<hash>"}}{{$is.metadata.name}}:{{$tag.tag}} at position {{$ii}} out of {{len $tag.items}}\n'\
+'{{end}}{{end}}{{end}}{{end}}'
 ----
 
 .Example output
diff --git a/modules/pruning-images.adoc b/modules/pruning-images.adoc
index f413326e4596..d7150b03f213 100644
--- a/modules/pruning-images.adoc
+++ b/modules/pruning-images.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/pruning-objects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pruning-images_{context}"]
 = Automatically pruning images
 
@@ -76,5 +76,4 @@ However, the `managementState` of the Image Registry Operator alters the behavio
 
 * `Managed`: the `--prune-registry` flag for the image pruner is set to `true`.
 * `Removed`: the `--prune-registry` flag for the image pruner is set to `false`, meaning it only prunes image metatdata in etcd.
-* `Unmanaged`: the `--prune-registry` flag for the image pruner is set to `false`.
 ====
diff --git a/modules/psap-configuring-node-feature-discovery.adoc b/modules/psap-configuring-node-feature-discovery.adoc
index 91c558f6f3f6..fbec39fc80ca 100644
--- a/modules/psap-configuring-node-feature-discovery.adoc
+++ b/modules/psap-configuring-node-feature-discovery.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/psap-node-feature-discovery-operator.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="configuring-the-node-feature-discovery_{context}"]
 = Configuring the Node Feature Discovery Operator
 
diff --git a/modules/psap-driver-toolkit-pulling.adoc b/modules/psap-driver-toolkit-pulling.adoc
index 0d6168f5fca7..bc3dd181c498 100644
--- a/modules/psap-driver-toolkit-pulling.adoc
+++ b/modules/psap-driver-toolkit-pulling.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-driver-toolkit.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="pulling-the-driver-toolkit_{context}"]
 = Pulling the Driver Toolkit container image
 
@@ -43,9 +43,6 @@ $ oc adm release info quay.io/openshift-release-dev/ocp-release:{product-version
 --
 +
 .Example output
-
-The output for the `ocp-release:4.13.0-x86_64` image is as follows:
-+ 
 [source,terminal]
 ----
 quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b53883ca2bac5925857148c4a1abc300ced96c222498e3bc134fe7ce3a1dd404
diff --git a/modules/psap-driver-toolkit-using.adoc b/modules/psap-driver-toolkit-using.adoc
index 48f323d4e34e..45001b20a308 100644
--- a/modules/psap-driver-toolkit-using.adoc
+++ b/modules/psap-driver-toolkit-using.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-driver-toolkit.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-the-driver-toolkit_{context}"]
 = Using the Driver Toolkit
 
diff --git a/modules/psap-driver-toolkit.adoc b/modules/psap-driver-toolkit.adoc
index acf561b4d5c7..78fcd1cc671d 100644
--- a/modules/psap-driver-toolkit.adoc
+++ b/modules/psap-driver-toolkit.adoc
@@ -2,13 +2,13 @@
 //
 // * hardware_enablement/psap-driver-toolkit.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-driver-toolkit_{context}"]
 = About the Driver Toolkit
 
 [discrete]
 == Background
-The Driver Toolkit is a container image in the {product-title} payload used as a base image on which you can build driver containers. The Driver Toolkit image includes the kernel packages commonly required as dependencies to build or install kernel modules, as well as a few tools needed in driver containers. The version of these packages will match the kernel version running on the {op-system-first} nodes in the corresponding {product-title} release. 
+The Driver Toolkit is a container image in the {product-title} payload used as a base image on which you can build driver containers. The Driver Toolkit image includes the kernel packages commonly required as dependencies to build or install kernel modules, as well as a few tools needed in driver containers. The version of these packages will match the kernel version running on the {op-system-first} nodes in the corresponding {product-title} release.
 
 Driver containers are container images used for building and deploying out-of-tree kernel modules and drivers on container operating systems like {op-system}. Kernel modules and drivers are software libraries running with a high level of privilege in the operating system kernel. They extend the kernel functionalities or provide the hardware-specific code required to control new devices. Examples include hardware devices like Field Programmable Gate Arrays (FPGA) or GPUs, and software-defined storage (SDS) solutions, such as Lustre parallel file systems, which require kernel modules on client machines. Driver containers are the first layer of the software stack used to enable these technologies on Kubernetes.
 
diff --git a/modules/psap-installing-node-feature-discovery-operator.adoc b/modules/psap-installing-node-feature-discovery-operator.adoc
index 05cacbd5937f..a489fe6a4bd6 100644
--- a/modules/psap-installing-node-feature-discovery-operator.adoc
+++ b/modules/psap-installing-node-feature-discovery-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-node-feature-discovery-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-the-node-feature-discovery-operator_{context}"]
 = Installing the Node Feature Discovery Operator
 
diff --git a/modules/psap-node-feature-discovery-operator.adoc b/modules/psap-node-feature-discovery-operator.adoc
index 487d3fd36c59..76494bf63528 100644
--- a/modules/psap-node-feature-discovery-operator.adoc
+++ b/modules/psap-node-feature-discovery-operator.adoc
@@ -8,7 +8,7 @@ endif::[]
 ifeval::["{context}" == "node-feature-discovery-operator"]
 :perf:
 endif::[]
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-node-feature-discovery-operator_{context}"]
 ifdef::operators[]
 = Node Feature Discovery Operator
diff --git a/modules/psap-node-feature-discovery-topology-updater-command-reference.adoc b/modules/psap-node-feature-discovery-topology-updater-command-reference.adoc
index 26c0d05bf43a..8abb06130ccc 100644
--- a/modules/psap-node-feature-discovery-topology-updater-command-reference.adoc
+++ b/modules/psap-node-feature-discovery-topology-updater-command-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-node-feature-discovery-operator.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="nfd-topology-updater-command-line-flags_{context}"]
 = NFD Topology Updater command line flags
 
diff --git a/modules/psap-node-feature-discovery-using-topology-updater.adoc b/modules/psap-node-feature-discovery-using-topology-updater.adoc
index 425a6bc55941..515729b4be36 100644
--- a/modules/psap-node-feature-discovery-using-topology-updater.adoc
+++ b/modules/psap-node-feature-discovery-using-topology-updater.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-node-feature-discovery-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-the-nfd-topology-updater_{context}"]
 = Using the NFD Topology Updater
 
diff --git a/modules/psap-special-resource-operator-using-manifests.adoc b/modules/psap-special-resource-operator-using-manifests.adoc
index 52fc7832f31f..5654d1a0767e 100644
--- a/modules/psap-special-resource-operator-using-manifests.adoc
+++ b/modules/psap-special-resource-operator-using-manifests.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-special-resource-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="deploy-simple-kmod-using-local-chart_{context}"]
 = Building and running the simple-kmod SpecialResource by using the templates from the SRO image
 
@@ -11,7 +11,7 @@ The Special Resource Operator(SRO) image contains a local repository of Helm cha
 .Prerequisites
 
 * You have a running {product-title} cluster.
-* You set the Image Registry Operator state to `Managed` for your cluster. 
+* You set the Image Registry Operator state to `Managed` for your cluster.
 * You installed the OpenShift CLI (`oc`).
 * You are logged into the OpenShift CLI as a user with `cluster-admin` privileges.
 * You installed the Node Feature Discovery (NFD) Operator.
@@ -89,7 +89,7 @@ simple-kmod-driver-container-12813789169ac0ee-qtkff   1/1     Running     0
 $ oc logs pod/simple-kmod-driver-build-12813789169ac0ee-1-build -n simple-kmod
 ----
 
-. To verify that the simple-kmod kernel modules are loaded, execute the `lsmod` command in one of the driver container pods that was returned from the `oc get pods` command above: 
+. To verify that the simple-kmod kernel modules are loaded, execute the `lsmod` command in one of the driver container pods that was returned from the `oc get pods` command above:
 +
 [source,terminal]
 ----
diff --git a/modules/psap-special-resource-operator.adoc b/modules/psap-special-resource-operator.adoc
index b8f74aa03f7d..c254d7beea09 100644
--- a/modules/psap-special-resource-operator.adoc
+++ b/modules/psap-special-resource-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-special-resource-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-special-resource-operator_{context}"]
 = About the Special Resource Operator
 
diff --git a/modules/psap-using-node-feature-discovery-operator.adoc b/modules/psap-using-node-feature-discovery-operator.adoc
index 7bf209c525dc..1563e51edda7 100644
--- a/modules/psap-using-node-feature-discovery-operator.adoc
+++ b/modules/psap-using-node-feature-discovery-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * hardware_enablement/psap-node-feature-discovery-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-the-node-feature-discovery-operator_{context}"]
 = Using the Node Feature Discovery Operator
 
@@ -26,7 +26,7 @@ As a cluster administrator, you can create a `NodeFeatureDiscovery` CR instance
 
 . Create the following `NodeFeatureDiscovery` Custom Resource (CR), and then save the YAML in the `NodeFeatureDiscovery.yaml` file:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: nfd.openshift.io/v1
 kind: NodeFeatureDiscovery
@@ -37,7 +37,7 @@ spec:
   instance: "" # instance is empty by default
   topologyupdater: false # False by default
   operand:
-    image: registry.redhat.io/openshift4/ose-node-feature-discovery:v4.13
+    image: registry.redhat.io/openshift4/ose-node-feature-discovery:v{product-version}
     imagePullPolicy: Always
   workerConfig:
     configData: |
diff --git a/modules/ptp-cloud-event-proxy-sidecar-api.adoc b/modules/ptp-cloud-event-proxy-sidecar-api.adoc
index 87ea7f5a2541..21cb5f9899cd 100644
--- a/modules/ptp-cloud-event-proxy-sidecar-api.adoc
+++ b/modules/ptp-cloud-event-proxy-sidecar-api.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/ptp-cloud-events-consumer-dev-reference.adoc
+// * networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ptp-cloud-event-proxy-sidecar-api_{context}"]
 = PTP events available from the cloud-event-proxy sidecar REST API
 
diff --git a/modules/ptp-configuring-linuxptp-services-as-boundary-clock-dual-nic.adoc b/modules/ptp-configuring-linuxptp-services-as-boundary-clock-dual-nic.adoc
index 0c556de540c2..0f3261acb163 100644
--- a/modules/ptp-configuring-linuxptp-services-as-boundary-clock-dual-nic.adoc
+++ b/modules/ptp-configuring-linuxptp-services-as-boundary-clock-dual-nic.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/configuring-ptp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ptp-configuring-linuxptp-services-as-bc-for-dual-nic_{context}"]
 = Configuring linuxptp services as boundary clocks for dual NIC hardware
 
diff --git a/modules/ptp-dual-nics.adoc b/modules/ptp-dual-nics.adoc
index 91a197bdc1d1..11a5b41a8704 100644
--- a/modules/ptp-dual-nics.adoc
+++ b/modules/ptp-dual-nics.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/about-ptp.adoc
 
-:_module-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ptp-dual-nics_{context}"]
 = Using PTP with dual NIC hardware
 
diff --git a/modules/ptp-events-consumer-application.adoc b/modules/ptp-events-consumer-application.adoc
index 9fc0945463ef..e8886a4ba4e6 100644
--- a/modules/ptp-events-consumer-application.adoc
+++ b/modules/ptp-events-consumer-application.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/ptp-cloud-events-consumer-dev-reference.adoc
+// * networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ptp-events-consumer-application_{context}"]
 = PTP events consumer application reference
 
diff --git a/modules/ptp-getting-the-current-ptp-clock-status.adoc b/modules/ptp-getting-the-current-ptp-clock-status.adoc
index c12c455de19c..dedcdbd92886 100644
--- a/modules/ptp-getting-the-current-ptp-clock-status.adoc
+++ b/modules/ptp-getting-the-current-ptp-clock-status.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/ptp-cloud-events-consumer-dev-reference.adoc
+// * networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ptp-getting-the-current-ptp-clock-status_{context}"]
 = Getting the current PTP clock status
 
diff --git a/modules/ptp-linuxptp-introduction.adoc b/modules/ptp-linuxptp-introduction.adoc
index 29d5022f44d6..6a28fade4397 100644
--- a/modules/ptp-linuxptp-introduction.adoc
+++ b/modules/ptp-linuxptp-introduction.adoc
@@ -1,12 +1,15 @@
 // Module included in the following assemblies:
 //
-// * networking/using-ptp.adoc
+// * networking/ptp/about-ptp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ptp-linuxptp-introduction_{context}"]
-= Overview of linuxptp in {product-title} nodes
+= Overview of linuxptp and gpsd in {product-title} nodes
+
+{product-title} uses the PTP Operator with `linuxptp` and `gpsd` packages for high precision network synchronization.
+The `linuxptp` package provides tools and daemons for PTP timing in networks.
+Cluster hosts with Global Navigation Satellite System (GNSS) capable NICs use `gpsd` to interface with GNSS clock sources.
 
-{product-title} uses PTP and `linuxptp` for high precision system timing in bare-metal infrastructure.
 The `linuxptp` package includes the `ts2phc`, `pmc`, `ptp4l`, and `phc2sys` programs for system clock synchronization.
 
 ts2phc:: `ts2phc` synchronizes the PTP hardware clock (PHC) across PTP devices with a high degree of precision.
@@ -24,10 +27,17 @@ pmc:: `pmc` implements a PTP management client (`pmc`) according to IEEE standar
 
 ptp4l:: `ptp4l` implements the PTP boundary clock and ordinary clock and runs as a system daemon.
 `ptp4l` does the following:
-
 * Synchronizes the PHC to the source clock with hardware time stamping
 * Synchronizes the system clock to the source clock with software time stamping
 
 phc2sys:: `phc2sys` synchronizes the system clock to the PHC on the network interface controller (NIC).
 The `phc2sys` system daemon continuously monitors the PHC for timing information.
 When it detects a timing error, the PHC corrects the system clock.
+
+The `gpsd` package includes the `ubxtool`, `gspipe`, `gpsd`, programs for GNSS clock synchronization with the host clock.
+
+ubxtool:: `ubxtool` CLI allows you to communicate with a u-blox GPS system. The `ubxtool` CLI uses the u-blox binary protocol to communicate with the GPS.
+
+gpspipe:: `gpspipe` connects to `gpsd` output and pipes it to `stdout`.
+
+gpsd:: `gpsd` is a service daemon that monitors one or more GPS or AIS receivers connected to the host.
diff --git a/modules/ptp-overview-of-gnss-grandmaster-clock.adoc b/modules/ptp-overview-of-gnss-grandmaster-clock.adoc
new file mode 100644
index 000000000000..fc13b228e4d3
--- /dev/null
+++ b/modules/ptp-overview-of-gnss-grandmaster-clock.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * networking/ptp/about-ptp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="ptp-overview-of-gnss-grandmaster-clock_{context}"]
+= Overview of GNSS timing for PTP grandmaster clocks
+
+{product-title} supports receiving precision PTP timing from Global Navigation Satellite System (GNSS) sources and grandmaster clocks (T-GM) in the cluster.
+
+[IMPORTANT]
+====
+{product-title} supports PTP timing from GNSS sources with Intel E810 Westport Channel NICs only.
+====
+
+.Overview of Synchronization with GNSS and T-GM
+image::319_OpenShift_PTP_bare-metal_OCP_nodes_1023_PTP.png[GNSS and T-GM system architecture]
+
+Global Navigation Satellite System (GNSS)::
+GNSS is a satellite-based system used to provide positioning, navigation, and timing information to receivers around the globe.
+In PTP, GNSS receivers are often used as a highly accurate and stable reference clock source.
+These receivers receive signals from multiple GNSS satellites, allowing them to calculate precise time information.
+The timing information obtained from GNSS is used as a reference by the PTP grandmaster clock.
++
+By using GNSS as a reference, the grandmaster clock in the PTP network can provide highly accurate timestamps to other devices, enabling precise synchronization across the entire network.
+
+Digital Phase-Locked Loop (DPLL)::
+DPLL provides clock synchronization between different PTP nodes in the network.
+DPLL compares the phase of the local system clock signal with the phase of the incoming synchronization signal, for example, PTP messages from the PTP grandmaster clock.
+The DPLL continuously adjusts the local clock frequency and phase to minimize the phase difference between the local clock and the reference clock.
diff --git a/modules/ptp-reference-deployment-and-service-crs.adoc b/modules/ptp-reference-deployment-and-service-crs.adoc
index 1bea21726cc9..5205794ba92f 100644
--- a/modules/ptp-reference-deployment-and-service-crs.adoc
+++ b/modules/ptp-reference-deployment-and-service-crs.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/ptp-cloud-events-consumer-dev-reference.adoc
+// * networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ptp-reference-deployment-and-service-crs_{context}"]
 = Reference cloud-event-proxy deployment and service CRs
 
diff --git a/modules/ptp-subscribing-consumer-app-to-events.adoc b/modules/ptp-subscribing-consumer-app-to-events.adoc
index 320245c2ac13..cc2dfce73489 100644
--- a/modules/ptp-subscribing-consumer-app-to-events.adoc
+++ b/modules/ptp-subscribing-consumer-app-to-events.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/ptp-cloud-events-consumer-dev-reference.adoc
+// * networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ptp-subscribing-consumer-app-to-events_{context}"]
 = Subscribing the consumer application to PTP events
 
diff --git a/modules/ptp-using-hardware-specific-nic-features.adoc b/modules/ptp-using-hardware-specific-nic-features.adoc
new file mode 100644
index 000000000000..e47bb6c2eb59
--- /dev/null
+++ b/modules/ptp-using-hardware-specific-nic-features.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * networking/ptp/configuring-ptp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="ptp-using-hardware-specific-nic-features_{context}"]
+= Using hardware-specific NIC features with the PTP Operator
+
+NIC hardware with built-in PTP capabilities sometimes require device-specific configuration.
+You can use hardware-specific NIC features for supported hardware with the PTP Operator by configuring a plugin in the `PtpConfig` custom resource (CR).
+The `linuxptp-daemon` service uses the named parameters in the `plugin` stanza to start `linuxptp` processes (`ptp4l` and `phc2sys`) based on the specific hardware configuration.
+
+[IMPORTANT]
+====
+In {product-title} {product-version}, the Intel E810 NIC is supported with a `PtpConfig` plugin.
+====
diff --git a/modules/ptp-verifying-events-consumer-app-is-receiving-events.adoc b/modules/ptp-verifying-events-consumer-app-is-receiving-events.adoc
index ee2d92809086..8e339a68758c 100644
--- a/modules/ptp-verifying-events-consumer-app-is-receiving-events.adoc
+++ b/modules/ptp-verifying-events-consumer-app-is-receiving-events.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * networking/ptp-cloud-events-consumer-dev-reference.adoc
+// * networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ptp-verifying-events-consumer-app-is-receiving-events_{context}"]
 = Verifying that the PTP events consumer application is receiving events
 
diff --git a/modules/pxe-assets-ocp-agent.adoc b/modules/pxe-assets-ocp-agent.adoc
new file mode 100644
index 000000000000..677d980641ee
--- /dev/null
+++ b/modules/pxe-assets-ocp-agent.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_with_agent_based_installer/prepare-pxe-infra-agent.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="pxe-assets-ocp-agent_{context}"]
+= Creating the PXE assets
+
+Use the following procedure to create the assets and optional script to implement in your PXE infrastructure.
+
+.Procedure
+
+. Create the PXE assets by running the following command:
++
+[source,terminal]
+----
+$ openshift-install agent create pxe-files
+----
++
+The generated PXE assets and optional iPXE script can be found in the `boot-artifacts` directory.
++
+.Example filesystem with PXE assets and optional iPXE script
+[source,terminal]
+----
+boot-artifacts
+    ├─ agent.x86_64-initrd.img
+    ├─ agent.x86_64.ipxe
+    ├─ agent.x86_64-rootfs.img
+    └─ agent.x86_64-vmlinuz
+----
++
+[NOTE]
+====
+Red Hat Enterprise Linux CoreOS (RHCOS) supports multipathing on the primary disk, allowing stronger resilience to hardware failure to achieve higher host availability. Multipathing is enabled by default in the agent ISO image, with a default `/etc/multipath.conf` configuration.
+====
+
+. Upload the PXE assets and optional script to your infrastructure where they will be accessible during the boot process.
++
+[NOTE]
+====
+If you generated an iPXE script, the location of the assets must match the `bootArtifactsBaseURL` you added to the `agent-config.yaml` file.
+====
\ No newline at end of file
diff --git a/modules/querying-bootstrap-node-journal-logs.adoc b/modules/querying-bootstrap-node-journal-logs.adoc
index 9f31e44fe2c7..cddc6b3acee1 100644
--- a/modules/querying-bootstrap-node-journal-logs.adoc
+++ b/modules/querying-bootstrap-node-journal-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-bootstrap-node-journal-logs_{context}"]
 = Querying bootstrap node journal logs
 
diff --git a/modules/querying-cluster-node-journal-logs.adoc b/modules/querying-cluster-node-journal-logs.adoc
index e800795fa2ad..b73406ead063 100644
--- a/modules/querying-cluster-node-journal-logs.adoc
+++ b/modules/querying-cluster-node-journal-logs.adoc
@@ -3,7 +3,7 @@
 // * support/gathering-cluster-data.adoc
 // * support/troubleshooting/verifying-node-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-cluster-node-journal-logs_{context}"]
 = Querying cluster node journal logs
 
@@ -11,7 +11,12 @@ You can gather `journald` unit logs and other logs within `/var/log` on individu
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 * You have SSH access to your hosts.
diff --git a/modules/querying-kubelet-status-on-a-node.adoc b/modules/querying-kubelet-status-on-a-node.adoc
index 8feedcf6f102..24e0a6017340 100644
--- a/modules/querying-kubelet-status-on-a-node.adoc
+++ b/modules/querying-kubelet-status-on-a-node.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/verifying-node-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-kubelet-status-on-a-node_{context}"]
 = Querying the kubelet's status on a node
 
@@ -10,7 +10,12 @@ You can review cluster node health status, resource consumption statistics, and
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/querying-operator-pod-status.adoc b/modules/querying-operator-pod-status.adoc
index 0219491bb386..d0c0f8e73c4d 100644
--- a/modules/querying-operator-pod-status.adoc
+++ b/modules/querying-operator-pod-status.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-operator-pod-status_{context}"]
 = Querying Operator pod status
 
@@ -10,7 +10,12 @@ You can list Operator pods within a cluster and their status. You can also colle
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
@@ -37,6 +42,7 @@ $ oc get pod -n <operator_namespace>
 $ oc describe pod <operator_pod_name> -n <operator_namespace>
 ----
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . If an Operator issue is node-specific, query Operator container status on that node.
 .. Start a debug pod for the node:
 +
@@ -72,3 +78,4 @@ $ oc debug node/my-node
 ----
 +
 .. Exit from the debug shell.
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/querying-operator-status-after-installation.adoc b/modules/querying-operator-status-after-installation.adoc
index 1b7800e011d6..cb077626d6bb 100644
--- a/modules/querying-operator-status-after-installation.adoc
+++ b/modules/querying-operator-status-after-installation.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-operator-status-after-installation_{context}"]
 = Querying Operator status after installation
 
@@ -10,7 +10,12 @@ You can check Operator status at the end of an installation. Retrieve diagnostic
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/querying-the-status-of-cluster-nodes-using-the-cli.adoc b/modules/querying-the-status-of-cluster-nodes-using-the-cli.adoc
index 2d114725ded5..883a58b4859f 100644
--- a/modules/querying-the-status-of-cluster-nodes-using-the-cli.adoc
+++ b/modules/querying-the-status-of-cluster-nodes-using-the-cli.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-the-status-of-cluster-nodes-using-the-cli_{context}"]
 = Querying the status of the cluster nodes by using the CLI
 
@@ -26,12 +26,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                          STATUS   ROLES    AGE   VERSION
-compute-1.example.com         Ready    worker   33m   v1.26.0
-control-plane-1.example.com   Ready    master   41m   v1.26.0
-control-plane-2.example.com   Ready    master   45m   v1.26.0
-compute-2.example.com         Ready    worker   38m   v1.26.0
-compute-3.example.com         Ready    worker   33m   v1.26.0
-control-plane-3.example.com   Ready    master   41m   v1.26.0
+compute-1.example.com         Ready    worker   33m   v1.28.5
+control-plane-1.example.com   Ready    master   41m   v1.28.5
+control-plane-2.example.com   Ready    master   45m   v1.28.5
+compute-2.example.com         Ready    worker   38m   v1.28.5
+compute-3.example.com         Ready    worker   33m   v1.28.5
+control-plane-3.example.com   Ready    master   41m   v1.28.5
 ----
 
 . Review CPU and memory resource availability for each cluster node:
diff --git a/modules/querying-user-defined-tags-azure.adoc b/modules/querying-user-defined-tags-azure.adoc
index aa1bddad5741..66be854c6aff 100644
--- a/modules/querying-user-defined-tags-azure.adoc
+++ b/modules/querying-user-defined-tags-azure.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * installing/installing_azure/installing-azure-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="querying-azure-user-defined-tags_{context}"]
 = Querying user-defined tags for Azure
 
diff --git a/modules/quick-start-adding-custom-icon.adoc b/modules/quick-start-adding-custom-icon.adoc
index ee5f4e0815d1..35bfd6ba7567 100644
--- a/modules/quick-start-adding-custom-icon.adoc
+++ b/modules/quick-start-adding-custom-icon.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/creating-quick-start-tutorials.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-custom-icon-to-quick-start_{context}"]
 = Adding a custom icon to a quick start
 
diff --git a/modules/quick-starts-linking-to-others.adoc b/modules/quick-starts-linking-to-others.adoc
index d4058cc9feed..75e3a4abd76b 100644
--- a/modules/quick-starts-linking-to-others.adoc
+++ b/modules/quick-starts-linking-to-others.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/creating-quick-start-tutorials.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="linking-to-other-quick-starts_{context}"]
 = Linking to other quick starts
 
diff --git a/modules/quotas-and-limits-ibm-cloud.adoc b/modules/quotas-and-limits-ibm-cloud.adoc
index eea1ae1e71d2..da06b2c73280 100644
--- a/modules/quotas-and-limits-ibm-cloud.adoc
+++ b/modules/quotas-and-limits-ibm-cloud.adoc
@@ -2,13 +2,13 @@
 //
 // installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="quotas-and-limits-ibm-cloud_{context}"]
-= Quotas and limits on IBM Cloud VPC
+= Quotas and limits on {ibm-cloud-title}
 
-The {product-title} cluster uses a number of IBM Cloud VPC components, and the default quotas and limits affect your ability to install {product-title} clusters. If you use certain cluster configurations, deploy your cluster in certain regions, or run multiple clusters from your account, you might need to request additional resources for your IBM Cloud account.
+The {product-title} cluster uses a number of {ibm-cloud-name} components, and the default quotas and limits affect your ability to install {product-title} clusters. If you use certain cluster configurations, deploy your cluster in certain regions, or run multiple clusters from your account, you might need to request additional resources for your {ibm-cloud-name} account.
 
-For a comprehensive list of the default IBM Cloud VPC quotas and service limits, see IBM Cloud's documentation for link:https://cloud.ibm.com/docs/vpc?topic=vpc-quotas[Quotas and service limits].
+For a comprehensive list of the default {ibm-cloud-name} quotas and service limits, see {ibm-cloud-name}'s documentation for link:https://cloud.ibm.com/docs/vpc?topic=vpc-quotas[Quotas and service limits].
 
 [discrete]
 == Virtual Private Cloud (VPC)
@@ -26,7 +26,7 @@ By default, each cluster creates three application load balancers (ALBs):
 
 You can create additional `LoadBalancer` service objects to create additional ALBs. The default quota of VPC ALBs are 50 per region. To have more than 50 ALBs, you must increase this quota.
 
-VPC ALBs are supported. Classic ALBs are not supported for IBM Cloud VPC.
+VPC ALBs are supported. Classic ALBs are not supported for {ibm-cloud-name}.
 
 [discrete]
 == Floating IP address
@@ -39,7 +39,7 @@ The default quota for a floating IP address is 20 addresses per availability zon
 * One floating IP address in the `us-east-2` secondary zone.
 * One floating IP address in the `us-east-3` secondary zone.
 
-IBM Cloud VPC can support up to 19 clusters per region in an account. If you plan to have more than 19 default clusters, you must increase this quota.
+{ibm-cloud-name} can support up to 19 clusters per region in an account. If you plan to have more than 19 default clusters, you must increase this quota.
 
 [discrete]
 == Virtual Server Instances (VSI)
@@ -57,12 +57,12 @@ The following nodes are created:
 * Three `bx2-4x16` control plane nodes
 * Three `bx2-4x16` compute nodes
 
-For more information, see IBM Cloud's documentation on link:https://cloud.ibm.com/docs/vpc?topic=vpc-profiles[supported profiles].
+For more information, see {ibm-cloud-name}'s documentation on link:https://cloud.ibm.com/docs/vpc?topic=vpc-profiles[supported profiles].
 
 .VSI component quotas and limits
 [cols="2,2,4,2",options="header"]
 |===
-|VSI component |Default IBM Cloud VPC quota |Default cluster configuration |Maximum number of clusters
+|VSI component |Default {ibm-cloud-name} quota |Default cluster configuration |Maximum number of clusters
 
 |vCPU
 |200 vCPUs per region
@@ -80,9 +80,9 @@ For more information, see IBM Cloud's documentation on link:https://cloud.ibm.co
 |19 per region
 |===
 
-If you plan to exceed the resources stated in the table, you must increase your IBM Cloud account quota.
+If you plan to exceed the resources stated in the table, you must increase your {ibm-cloud-name} account quota.
 
 [discrete]
 == Block Storage Volumes
 
-For each VPC machine, a block storage device is attached for its boot volume. The default cluster configuration creates seven VPC machines, resulting in seven block storage volumes. Additional Kubernetes persistent volume claims (PVCs) of the IBM Cloud VPC storage class create additional block storage volumes. The default quota of VPC block storage volumes are 300 per region. To have more than 300 volumes, you must increase this quota.
+For each VPC machine, a block storage device is attached for its boot volume. The default cluster configuration creates seven VPC machines, resulting in seven block storage volumes. Additional Kubernetes persistent volume claims (PVCs) of the {ibm-cloud-name} storage class create additional block storage volumes. The default quota of VPC block storage volumes are 300 per region. To have more than 300 volumes, you must increase this quota.
diff --git a/modules/quotas-and-limits-ibm-power-vs.adoc b/modules/quotas-and-limits-ibm-power-vs.adoc
index edce80729639..a7866d0c206f 100644
--- a/modules/quotas-and-limits-ibm-power-vs.adoc
+++ b/modules/quotas-and-limits-ibm-power-vs.adoc
@@ -2,13 +2,13 @@
 //
 // installing/installing_ibm_powervs/installing-ibm-cloud-account-power-vs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="quotas-and-limits-ibm-power-vs_{context}"]
-= Quotas and limits on {ibmpowerProductName} Virtual Server
+= Quotas and limits on {ibm-power-server-title}
 
-The {product-title} cluster uses several IBM Cloud and {ibmpowerProductName} Virtual Server components, and the default quotas and limits affect your ability to install {product-title} clusters. If you use certain cluster configurations, deploy your cluster in certain regions, or run multiple clusters from your account, you might need to request additional resources for your IBM Cloud VPC account.
+The {product-title} cluster uses several {ibm-cloud-name} and {ibm-power-server-name} components, and the default quotas and limits affect your ability to install {product-title} clusters. If you use certain cluster configurations, deploy your cluster in certain regions, or run multiple clusters from your account, you might need to request additional resources for your {ibm-cloud-name} account.
 
-For a comprehensive list of the default IBM Cloud VPC quotas and service limits, see the IBM Cloud documentation for link:https://cloud.ibm.com/docs/vpc?topic=vpc-quotas[Quotas and service limits].
+For a comprehensive list of the default {ibm-cloud-name} quotas and service limits, see the {ibm-cloud-name} documentation for link:https://cloud.ibm.com/docs/vpc?topic=vpc-quotas[Quotas and service limits].
 
 [discrete]
 == Virtual Private Cloud
@@ -25,17 +25,22 @@ By default, each cluster creates two application load balancers (ALBs):
 
 You can create additional `LoadBalancer` service objects to create additional ALBs. The default quota of VPC ALBs are 50 per region. To have more than 50 ALBs, you must increase this quota.
 
-VPC ALBs are supported. Classic ALBs are not supported for {ibmpowerProductName} Virtual Server.
+VPC ALBs are supported. Classic ALBs are not supported for {ibm-power-server-name}.
 
 [discrete]
 == Cloud connections
 
-There is a limit of two cloud connections per {ibmpowerProductName} Virtual Server instance. It is recommended that you have only one cloud connection in your {ibmpowerProductName} Virtual Server instance to serve your cluster.
+There is a limit of two cloud connections per {ibm-power-server-name} instance. It is recommended that you have only one cloud connection in your {ibm-power-server-name} instance to serve your cluster.
+
+[NOTE]
+====
+Cloud Connections are no longer supported in `dal10`. A transit gateway is used instead.
+====
 
 [discrete]
 == Dynamic Host Configuration Protocol Service
 
-There is a limit of one Dynamic Host Configuration Protocol (DHCP) service per {ibmpowerProductName} Virtual Server instance.
+There is a limit of one Dynamic Host Configuration Protocol (DHCP) service per {ibm-power-server-name} instance.
 
 [discrete]
 == Networking
@@ -59,4 +64,4 @@ The following nodes are created:
 * Three control plane nodes
 * Three compute nodes
 
-For more information, see link:https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server[Creating a Power Systems Virtual Server] in the IBM Cloud documentation.
+For more information, see link:https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server[Creating a Power Systems Virtual Server] in the {ibm-cloud-name} documentation.
diff --git a/modules/quotas-creating-a-quota.adoc b/modules/quotas-creating-a-quota.adoc
index f1ac87c7d327..72c40e7a74c7 100644
--- a/modules/quotas-creating-a-quota.adoc
+++ b/modules/quotas-creating-a-quota.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/quotas/quotas-setting-per-project.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="quotas-creating-a-quota_{context}"]
 = Creating a quota
 
diff --git a/modules/quotas-creating-object-count-quotas.adoc b/modules/quotas-creating-object-count-quotas.adoc
index e0dcfdcaefce..1f3456bcdbe7 100644
--- a/modules/quotas-creating-object-count-quotas.adoc
+++ b/modules/quotas-creating-object-count-quotas.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/quotas/quotas-setting-per-project.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="quota-creating-object-count-quotas_{context}"]
 = Creating object count quotas
 
diff --git a/modules/quotas-requiring-explicit-quota.adoc b/modules/quotas-requiring-explicit-quota.adoc
index aa7776468a4d..ce1e28a54239 100644
--- a/modules/quotas-requiring-explicit-quota.adoc
+++ b/modules/quotas-requiring-explicit-quota.adoc
@@ -4,7 +4,7 @@
 
 // NOTE: This is currently not configurable in 4.1, removing from 4.1 docs.
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configuring-explicit-resource-quotas_{context}"]
 = Configuring explicit resource quotas
 
diff --git a/modules/quotas-selecting-projects.adoc b/modules/quotas-selecting-projects.adoc
index 71f48d38e2b1..7d687785e474 100644
--- a/modules/quotas-selecting-projects.adoc
+++ b/modules/quotas-selecting-projects.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/quotas/quotas-setting-across-multiple-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="quotas-setting-projects_{context}"]
 = Selecting multiple projects during quota creation
 
diff --git a/modules/quotas-viewing-clusterresourcequotas.adoc b/modules/quotas-viewing-clusterresourcequotas.adoc
index 27b33901cbe5..ce0b89a3e6e3 100644
--- a/modules/quotas-viewing-clusterresourcequotas.adoc
+++ b/modules/quotas-viewing-clusterresourcequotas.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/quotas/quotas-setting-across-multiple-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="quotas-viewing-clusterresourcequotas_{context}"]
 = Viewing applicable cluster resource quotas
 
diff --git a/modules/quotas-viewing-quotas.adoc b/modules/quotas-viewing-quotas.adoc
index f06a9b6f6cc8..6cd9bf897cc4 100644
--- a/modules/quotas-viewing-quotas.adoc
+++ b/modules/quotas-viewing-quotas.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/quotas/quotas-setting-per-project.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="quota-viewing-quotas_{context}"]
 = Viewing a quota
 
diff --git a/modules/rbac-adding-roles.adoc b/modules/rbac-adding-roles.adoc
index 75dcc6cb7425..5d480b26ca89 100644
--- a/modules/rbac-adding-roles.adoc
+++ b/modules/rbac-adding-roles.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="adding-roles_{context}"]
 = Adding roles to users
 
diff --git a/modules/rbac-cluster-role-binding-commands.adoc b/modules/rbac-cluster-role-binding-commands.adoc
index 2580d81eb3a5..20f6ec384df6 100644
--- a/modules/rbac-cluster-role-binding-commands.adoc
+++ b/modules/rbac-cluster-role-binding-commands.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 
 [id="cluster-role-binding-commands_{context}"]
 = Cluster role binding commands
diff --git a/modules/rbac-creating-cluster-admin.adoc b/modules/rbac-creating-cluster-admin.adoc
index 5c71f36cc9a1..654086e41076 100644
--- a/modules/rbac-creating-cluster-admin.adoc
+++ b/modules/rbac-creating-cluster-admin.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="creating-cluster-admin_{context}"]
 = Creating a cluster admin
 
diff --git a/modules/rbac-creating-cluster-role.adoc b/modules/rbac-creating-cluster-role.adoc
index 36ed5d80142b..77068aefc288 100644
--- a/modules/rbac-creating-cluster-role.adoc
+++ b/modules/rbac-creating-cluster-role.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 [id="creating-cluster-role_{context}"]
 = Creating a cluster role
diff --git a/modules/rbac-creating-local-role.adoc b/modules/rbac-creating-local-role.adoc
index 16c41ce7f81c..10f919adf453 100644
--- a/modules/rbac-creating-local-role.adoc
+++ b/modules/rbac-creating-local-role.adoc
@@ -3,8 +3,8 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+:_mod-docs-content-type: PROCEDURE
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 [id="creating-local-role_{context}"]
 = Creating a local role
 
diff --git a/modules/rbac-default-projects.adoc b/modules/rbac-default-projects.adoc
index d5cdc82a8a3e..6c69566646b1 100644
--- a/modules/rbac-default-projects.adoc
+++ b/modules/rbac-default-projects.adoc
@@ -15,7 +15,4 @@ are considered critical, and the have guaranteed admission by kubelet.
 Pods created for master components in these namespaces are already marked as
 critical.
 
-[NOTE]
-====
-You cannot assign an SCC to pods created in one of the default namespaces: `default`, `kube-system`, `kube-public`, `openshift-node`, `openshift-infra`, and `openshift`. You cannot use these namespaces for running pods or services.
-====
+include::snippets/default-projects.adoc[]
diff --git a/modules/rbac-overview.adoc b/modules/rbac-overview.adoc
index 55f797bf3d37..344f226f9002 100644
--- a/modules/rbac-overview.adoc
+++ b/modules/rbac-overview.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="authorization-overview_{context}"]
 = RBAC overview
 
@@ -11,11 +11,12 @@ Role-based access control (RBAC) objects determine whether a user is allowed to
 perform a given action within a project.
 
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-Cluster
+Cluster administrators
 endif::[]
-administrators can use the cluster roles and
-bindings to control who has various access levels to the {product-title}
-platform itself and all projects.
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can use the cluster roles and bindings to control who has various access levels to the {product-title} platform itself and all projects.
 
 Developers can use local roles and bindings to control who has access
 to their projects. Note that authorization is a separate step from
@@ -37,7 +38,7 @@ to multiple roles.
 |Bindings |Associations between users and/or groups with a role.
 |===
 
-ifdef::openshift-origin,openshift-enterprise[]
+ifdef::openshift-origin,openshift-enterprise,openshift-dedicated,openshift-rosa[]
 There are two levels of RBAC roles and bindings that control authorization:
 
 [cols="1,4",options="header"]
@@ -102,6 +103,7 @@ every action on every resource in the project.
 
 |`cluster-reader` | A user that can get or view most of the objects but
 cannot modify them.
+
 |`edit` |A user that can modify most objects in a project but does not have the
 power to view or modify roles or bindings.
 
@@ -117,13 +119,7 @@ Be mindful of the difference between local and cluster bindings. For example,
 if you bind the `cluster-admin` role to a user by using a local role binding,
 it might appear that this user has the privileges of a cluster administrator.
 This is not the case. Binding the `cluster-admin` to a user in a project
-grants super administrator privileges for only that
-project to the user. That user has the permissions of the cluster role
-`admin`, plus a few additional permissions like the ability to edit rate limits,
-for that project.
-This binding can be confusing via the web console UI, which does not list
-cluster role bindings that are bound to true cluster administrators. However, it
-does list local role bindings that you can use to locally bind `cluster-admin`.
+grants super administrator privileges for only that project to the user. That user has the permissions of the cluster role `admin`, plus a few additional permissions like the ability to edit rate limits, for that project. This binding can be confusing via the web console UI, which does not list cluster role bindings that are bound to true cluster administrators. However, it does list local role bindings that you can use to locally bind `cluster-admin`.
 
 ////
 If you do, when you upgrade
@@ -175,7 +171,7 @@ apply to the user or their groups.
 . If no matching rule is found, the action is then denied by default.
 
 
-ifdef::openshift-origin,openshift-enterprise[]
+ifdef::openshift-origin,openshift-enterprise,openshift-dedicated,openshift-rosa[]
 
 [TIP]
 ====
@@ -184,33 +180,28 @@ roles at the same time.
 ====
 
 Project administrators can use the CLI to
-endif::openshift-origin,openshift-enterprise[]
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+endif::openshift-origin,openshift-enterprise,openshift-dedicated,openshift-rosa[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 view local roles and bindings,
-endif::openshift-enterprise,openshift-webscale,openshift-origin[]
+endif::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 including a matrix of the verbs and resources each are associated with.
 
-ifdef::openshift-origin,openshift-enterprise[]
+ifdef::openshift-origin,openshift-enterprise,openshift-dedicated,openshift-rosa[]
 [IMPORTANT]
 ====
 The cluster role bound to the project administrator is limited in a project
-through a local binding.
-It is not bound cluster-wide like the cluster roles granted to the
-*cluster-admin* or *system:admin*.
+through a local binding. It is not bound cluster-wide like the cluster roles granted to the *cluster-admin* or *system:admin*.
 
 Cluster roles are roles defined at the cluster level but can be bound either at
 the cluster level or at the project level.
 ====
-endif::openshift-origin,openshift-enterprise[]
+endif::openshift-origin,openshift-enterprise,openshift-dedicated,openshift-rosa[]
 
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 [id="cluster-role-aggregations_{context}"]
 === Cluster role aggregation
 The default admin, edit, view, and cluster-reader cluster roles support
-link:https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles[cluster role aggregation],
-where the cluster rules for each role are dynamically updated as
-new rules are created. This feature is relevant only if you extend the
-Kubernetes API by creating custom resources.
+link:https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles[cluster role aggregation], where the cluster rules for each role are dynamically updated as new rules are created. This feature is relevant only if you extend the Kubernetes API by creating custom resources.
 
 // NEED NEW LINK TO ASSEMBLY ABOUT making custom resources
 endif::[]
diff --git a/modules/rbac-projects-namespaces.adoc b/modules/rbac-projects-namespaces.adoc
index 0c8ccb0039f8..9bfbfb7de2bc 100644
--- a/modules/rbac-projects-namespaces.adoc
+++ b/modules/rbac-projects-namespaces.adoc
@@ -54,9 +54,20 @@ Each project scopes its own set of:
 
 |===
 
-Cluster administrators can create projects and delegate administrative rights
-for the project to any member of the user community. Cluster administrators can
-also allow developers to create their own projects.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can create projects and delegate administrative rights for the project to any member of the user community.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can also allow developers to create their own projects.
 
 Developers and administrators can interact with projects by using the CLI or the
 web console.
diff --git a/modules/rbac-viewing-cluster-roles.adoc b/modules/rbac-viewing-cluster-roles.adoc
index 8c4e9eba63bb..b52243c7e038 100644
--- a/modules/rbac-viewing-cluster-roles.adoc
+++ b/modules/rbac-viewing-cluster-roles.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-cluster-roles_{context}"]
 = Viewing cluster roles and bindings
 
@@ -24,7 +24,7 @@ endif::[]
 
 . To view the cluster roles and their associated rule sets:
 +
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 [source,terminal]
 ----
 $ oc describe clusterrole.rbac
@@ -224,7 +224,7 @@ endif::[]
 . To view the current set of cluster role bindings, which shows the users and
 groups that are bound to various roles:
 +
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 [source,terminal]
 ----
 $ oc describe clusterrolebinding.rbac
diff --git a/modules/rbac-viewing-local-roles.adoc b/modules/rbac-viewing-local-roles.adoc
index 34a2fd4f6df4..e43359e5121e 100644
--- a/modules/rbac-viewing-local-roles.adoc
+++ b/modules/rbac-viewing-local-roles.adoc
@@ -3,7 +3,7 @@
 // * authentication/using-rbac.adoc
 // * post_installation_configuration/preparing-for-users.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-local-roles_{context}"]
 = Viewing local roles and bindings
 
diff --git a/modules/recognize-resource-limits-quotas.adoc b/modules/recognize-resource-limits-quotas.adoc
new file mode 100644
index 000000000000..26c3d02950e2
--- /dev/null
+++ b/modules/recognize-resource-limits-quotas.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+// * web_console/using-dashboard-to-get-cluster-information.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="recognize-resource-limits-quotas"]
+= Recognizing resource and project limits and quotas
+
+You can view a graphical representation of available resources in the *Topology* view of the web console *Developer* perspective.
+
+If a resource has a message about resource limitations or quotas being reached, a yellow border appears around the resource name. Click the resource to open a side panel to see the message. If the *Topology* view has been zoomed out, a yellow dot indicates that a message is available.
+
+If you are using *List View* from the *View Shortcuts* menu, resources appear as a list. The *Alerts* column indicates if a message is available.
diff --git a/modules/recommended-configurable-storage-technology.adoc b/modules/recommended-configurable-storage-technology.adoc
index 7d0ba896240b..0e8e3483174d 100644
--- a/modules/recommended-configurable-storage-technology.adoc
+++ b/modules/recommended-configurable-storage-technology.adoc
@@ -44,7 +44,7 @@ The following table summarizes the recommended and configurable storage technolo
 | Not supported^6^
 
 | Loki Logging
-| Configurable
+| Not configurable
 | Not configurable
 | Recommended
 
@@ -121,8 +121,19 @@ It is not recommended to use file storage for a hosted metrics cluster deploymen
 
 In an {product-title} hosted logging cluster deployment:
 
-* The preferred storage technology is block storage.
-* Object storage is not configurable.
+* {loki-op}:
+** The preferred storage technology is S3 compatible Object storage.
+** Block storage is not configurable.
+
+* {es-op}:
+** The preferred storage technology is block storage.
+** Object storage is not supported.
+
+[NOTE]
+====
+As of logging version 5.4.3 the {es-op} is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to using the {es-op} to manage the default log storage, you can use the {loki-op}.
+====
+
 
 === Applications
 
diff --git a/modules/recommended-etcd-practices.adoc b/modules/recommended-etcd-practices.adoc
index d823af2da24a..5ee5ef38f2ad 100644
--- a/modules/recommended-etcd-practices.adoc
+++ b/modules/recommended-etcd-practices.adoc
@@ -2,14 +2,14 @@
 //
 // * scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="recommended-etcd-practices_{context}"]
 = Recommended etcd practices
 
 Because etcd writes data to disk and persists proposals on disk, its performance depends on disk performance.
 Although etcd is not particularly I/O intensive, it requires a low latency block device for optimal performance and stability. Because etcd's consensus protocol depends on persistently storing metadata to a log (WAL), etcd is sensitive to disk-write latency. Slow disks and disk activity from other processes can cause long fsync latencies.
 
-Those latencies can cause etcd to miss heartbeats, not commit new proposals to the disk on time, and ultimately experience request timeouts and temporary leader loss. High write latencies also lead to an OpenShift API slowness, which affects cluster performance. Because of these reasons, avoid colocating other workloads on the control-plane nodes that are I/O sensitive or intensive and share the same underlying I/O infrastructure. 
+Those latencies can cause etcd to miss heartbeats, not commit new proposals to the disk on time, and ultimately experience request timeouts and temporary leader loss. High write latencies also lead to an OpenShift API slowness, which affects cluster performance. Because of these reasons, avoid colocating other workloads on the control-plane nodes that are I/O sensitive or intensive and share the same underlying I/O infrastructure.
 
 In terms of latency, run etcd on top of a block device that can write at least 50 IOPS of 8000 bytes long sequentially. That is, with a latency of 10ms, keep in mind that uses fdatasync to synchronize each write in the WAL. For heavy loaded clusters, sequential 500 IOPS of 8000 bytes (2 ms) are recommended. To measure those numbers, you can use a benchmarking tool, such as fio.
 
@@ -32,10 +32,10 @@ The following hard disk features provide optimal etcd performance:
 
 [NOTE]
 ====
-Avoid NAS or SAN setups and spinning drives. Ceph Rados Block Device (RBD) and other types of network-attached storage can result in unpredictable network latency. To provide fast storage to etcd nodes at scale, use PCI passthrough to pass NVM devices directly to the nodes. 
+Avoid NAS or SAN setups and spinning drives. Ceph Rados Block Device (RBD) and other types of network-attached storage can result in unpredictable network latency. To provide fast storage to etcd nodes at scale, use PCI passthrough to pass NVM devices directly to the nodes.
 ====
 
-Always benchmark by using utilities such as fio. You can use such utilities to continuously monitor the cluster performance as it increases. 
+Always benchmark by using utilities such as fio. You can use such utilities to continuously monitor the cluster performance as it increases.
 
 [NOTE]
 ====
@@ -64,14 +64,14 @@ To validate the hardware for etcd before or after you create the {product-title}
 [source,terminal]
 +
 ----
-$ sudo podman run --volume /var/lib/etcd:/var/lib/etcd:Z quay.io/openshift-scale/etcd-perf
+$ sudo podman run --volume /var/lib/etcd:/var/lib/etcd:Z quay.io/cloud-bulldozer/etcd-perf
 ----
 
 ** If you use Docker, run this command:
 [source,terminal]
 +
 ----
-$ sudo docker run --volume /var/lib/etcd:/var/lib/etcd:Z quay.io/openshift-scale/etcd-perf
+$ sudo docker run --volume /var/lib/etcd:/var/lib/etcd:Z quay.io/cloud-bulldozer/etcd-perf
 ----
 --
 
diff --git a/modules/recommended-ibm-power-system-requirements.adoc b/modules/recommended-ibm-power-system-requirements.adoc
index 2e2cec81a0f3..0877e2291516 100644
--- a/modules/recommended-ibm-power-system-requirements.adoc
+++ b/modules/recommended-ibm-power-system-requirements.adoc
@@ -3,28 +3,28 @@
 // * installing/installing_ibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="recommended-ibm-power-system-requirements_{context}"]
-= Recommended IBM Power system requirements
+= Recommended {ibm-power-title} system requirements
 
 [discrete]
 == Hardware requirements
 
-* Six IBM Power bare metal servers or six LPARs across multiple PowerVM servers
+* Six LPARs across multiple PowerVM servers
 
 [discrete]
 == Operating system requirements
 
-* One instance of an IBM Power9 or Power10 processor-based system
+* One instance of an {ibm-power-name}9 or {ibm-power-name}10 processor-based system
 
-On your IBM Power instance, set up:
+On your {ibm-power-name} instance, set up:
 
-* Three guest virtual machines for {product-title} control plane machines
-* Two guest virtual machines for {product-title} compute machines
-* One guest virtual machine for the temporary {product-title} bootstrap machine
+* Three LPARs for {product-title} control plane machines
+* Two LPARs for {product-title} compute machines
+* One LPAR for the temporary {product-title} bootstrap machine
 
 [discrete]
-== Disk storage for the IBM Power guest virtual machines
+== Disk storage for the {ibm-power-title} guest virtual machines
 
 * Local storage, or storage provisioned by the Virtual I/O Server using vSCSI, NPIV (N-Port ID Virtualization) or SSP (shared storage pools)
 
@@ -33,7 +33,7 @@ On your IBM Power instance, set up:
 
 * Dedicated physical adapter, or SR-IOV virtual function
 * Available by the Virtual I/O Server using Shared Ethernet Adapter
-* Virtualized by the Virtual I/O Server using IBM vNIC
+* Virtualized by the Virtual I/O Server using {ibm-name} vNIC
 
 [discrete]
 == Storage / main memory
diff --git a/modules/recommended-scale-practices.adoc b/modules/recommended-scale-practices.adoc
index 32792a87a12b..3611a5fb6522 100644
--- a/modules/recommended-scale-practices.adoc
+++ b/modules/recommended-scale-practices.adoc
@@ -26,5 +26,5 @@ Enable machine health checks when scaling to large node counts. In case of failu
 
 [NOTE]
 ====
-When scaling large and dense clusters to lower node counts, it might take large amounts of time because the process involves draining or evicting the objects running on the nodes being terminated in parallel. Also, the client might start to throttle the requests if there are too many objects to evict. The default client queries per second (QPS) and burst rates are currently set to `5` and `10` respectively. These values cannot be modified in {product-title}.
+When scaling large and dense clusters to lower node counts, it might take large amounts of time because the process involves draining or evicting the objects running on the nodes being terminated in parallel. Also, the client might start to throttle the requests if there are too many objects to evict. The default client queries per second (QPS) and burst rates are currently set to `50` and `100` respectively. These values cannot be modified in {product-title}.
 ====
diff --git a/modules/redeploying-fluentd-pods.adoc b/modules/redeploying-fluentd-pods.adoc
new file mode 100644
index 000000000000..5885536c6faa
--- /dev/null
+++ b/modules/redeploying-fluentd-pods.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * logging/troubleshooting/log-forwarding-troubleshooting.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="redeploying-fluentd-pods_{context}"]
+= Redeploying Fluentd pods
+
+When you create a `ClusterLogForwarder` custom resource (CR), if the {clo} does not redeploy the Fluentd pods automatically, you can delete the Fluentd pods to force them to redeploy.
+
+.Prerequisites
+
+* You have created a `ClusterLogForwarder` custom resource (CR) object.
+
+.Procedure
+
+* Delete the Fluentd pods to force them to redeploy by running the following command:
++
+[source,terminal]
+----
+$ oc delete pod --selector logging-infra=collector
+----
diff --git a/modules/ref_hardware-compatibility-with-irq-affinity.adoc b/modules/ref_hardware-compatibility-with-irq-affinity.adoc
index 5d17494653b5..216a8391ec5a 100644
--- a/modules/ref_hardware-compatibility-with-irq-affinity.adoc
+++ b/modules/ref_hardware-compatibility-with-irq-affinity.adoc
@@ -2,11 +2,11 @@
 //
 // scalability_and_performance/cnf-low-latency-tuning.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ref_hardware-compatibility-with-irq-affinity_{context}"]
 = Hardware compatibility with IRQ affinity
 
-For core isolation, all server hardware components must support IRQ affinity. To check if the hardware components of your server support IRQ affinity, view the server's hardware specifications or contact your hardware provider. 
+For core isolation, all server hardware components must support IRQ affinity. To check if the hardware components of your server support IRQ affinity, view the server's hardware specifications or contact your hardware provider.
 
 {product-title} supports the following hardware devices for dynamic load balancing:
 
diff --git a/modules/references-regions-zones-infrastructure-vsphere.adoc b/modules/references-regions-zones-infrastructure-vsphere.adoc
index 8257eaa07cc7..54e5f396ce83 100644
--- a/modules/references-regions-zones-infrastructure-vsphere.adoc
+++ b/modules/references-regions-zones-infrastructure-vsphere.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="references-regions-zones-infrastructure-vsphere_{context}"]
 = Parameters for the cluster-wide infrastructure CRD
 
@@ -23,7 +23,7 @@ The following table lists mandatory parameters for defining multiple regions and
 |`zone` | The value of the `openshift-zone` tag assigned to the topology for the failure failure domain.
 |`topology`| The vCenter reources associated with the failure domain.
 |`datacenter` | The datacenter associated with the failure domain.
-|`computeCluster` | The full path of the compute cluster associated with the failure domain. 
+|`computeCluster` | The full path of the compute cluster associated with the failure domain.
 |`resourcePool` | The full path of the resource pool associated with the failure domain.
 |`datastore` | The full path of the datastore associated with the failure domain.
 |`networks` | A list of port groups associated with the failure domain. Only one portgroup may be defined.
diff --git a/modules/refreshing-service-ids-ibm-cloud.adoc b/modules/refreshing-service-ids-ibm-cloud.adoc
index 2b4782d991d6..9a4dd815bd28 100644
--- a/modules/refreshing-service-ids-ibm-cloud.adoc
+++ b/modules/refreshing-service-ids-ibm-cloud.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/cluster-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="refreshing-service-ids-ibm-cloud_{context}"]
 = Rotating API keys
 
diff --git a/modules/registry-accessing-directly.adoc b/modules/registry-accessing-directly.adoc
index 1ed4c4b4bb6a..adb3219ad047 100644
--- a/modules/registry-accessing-directly.adoc
+++ b/modules/registry-accessing-directly.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/accessing-the-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-accessing-directly_{context}"]
 = Accessing the registry directly from the cluster
 
@@ -119,3 +119,8 @@ to push the image.
 ----
 sh-4.2# podman push image-registry.openshift-image-registry.svc:5000/openshift/<image>
 ----
++
+[NOTE]
+====
+When pushing images to the internal registry, the repository name must use the `<project>/<name>` format. Using multiple project levels in the repository name results in an authentication error. 
+====
\ No newline at end of file
diff --git a/modules/registry-accessing-metrics.adoc b/modules/registry-accessing-metrics.adoc
index bfd7ca02b1fb..0c5a43669a33 100644
--- a/modules/registry-accessing-metrics.adoc
+++ b/modules/registry-accessing-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/accessing-the-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-accessing-metrics_{context}"]
 = Accessing registry metrics
 
diff --git a/modules/registry-change-management-state.adoc b/modules/registry-change-management-state.adoc
index 576851c12519..46c54c1f7d87 100644
--- a/modules/registry-change-management-state.adoc
+++ b/modules/registry-change-management-state.adoc
@@ -8,7 +8,7 @@
 // * registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
 // * registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-change-management-state_{context}"]
 = Changing the image registry's management state
 
diff --git a/modules/registry-checking-the-status-of-registry-pods.adoc b/modules/registry-checking-the-status-of-registry-pods.adoc
index 94609bff38a2..734309365e3b 100644
--- a/modules/registry-checking-the-status-of-registry-pods.adoc
+++ b/modules/registry-checking-the-status-of-registry-pods.adoc
@@ -2,19 +2,30 @@
 //
 // * registry/accessing-the-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="checking-the-status-of-registry-pods_{context}"]
 = Checking the status of the registry pods
 
-As a cluster administrator, you can list the image registry pods running in the `openshift-image-registry` project and check their status.
+ifndef::openshift-dedicated,openshift-rosa[]
+As a cluster administrator,
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role,
+endif::openshift-dedicated,openshift-rosa[]
+you can list the image registry pods running in the `openshift-image-registry` project and check their status.
 
 .Prerequisites
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-dedicated,openshift-rosa[]
 
 .Procedure
 
-. List the pods in the `openshift-image-registry` project and view their status:
+* List the pods in the `openshift-image-registry` project and view their status:
 +
 [source,terminal]
 ----
diff --git a/modules/registry-common-terms.adoc b/modules/registry-common-terms.adoc
index 30da98589e98..4bedd0ce71bb 100644
--- a/modules/registry-common-terms.adoc
+++ b/modules/registry-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/index.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="openshift-registry-common-terms_{context}"]
 = Glossary of common terms for {product-registry}
 
diff --git a/modules/registry-configuring-private-storage-endpoint-azure.adoc b/modules/registry-configuring-private-storage-endpoint-azure.adoc
new file mode 100644
index 000000000000..b37390110c04
--- /dev/null
+++ b/modules/registry-configuring-private-storage-endpoint-azure.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-private-cluster.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="registry-configuring-private-storage-endpoint-azure_{context}"]
+= Configuring a private storage endpoint on Azure
+
+You can leverage the Image Registry Operator to use private endpoints on Azure, which enables seamless configuration of private storage accounts when {product-title} is deployed on private Azure clusters. This allows you to deploy the image registry without exposing public-facing storage endpoints.
+
+You can configure the Image Registry Operator to use private storage endpoints on Azure in one of two ways:
+
+* By configuring the Image Registry Operator to discover the VNet and subnet names
+
+* With user-provided Azure Virtual Network (VNet) and subnet names
+
+[id="limitations-configuring-private-storage-endpoint-azure"]
+== Limitations for configuring a private storage endpoint on Azure 
+
+The following limitations apply when configuring a private storage endpoint on Azure:
+
+* When configuring the Image Registry Operator to use a private storage endpoint, public network access to the storage account is disabled. Consequently, pulling images from the registry outside of {product-title} only works by setting `disableRedirect: true` in the registry Operator configuration. With redirect enabled, the registry redirects the client to pull images directly from the storage account, which will no longer work due to disabled public network access. For more information, see "Disabling redirect when using a private storage endpoint on Azure".
+
+* This operation cannot be undone by the Image Registry Operator.
\ No newline at end of file
diff --git a/modules/registry-configuring-registry-storage-rhodf-cephfs.adoc b/modules/registry-configuring-registry-storage-rhodf-cephfs.adoc
index 2933e397abf9..30f74a6e25a0 100644
--- a/modules/registry-configuring-registry-storage-rhodf-cephfs.adoc
+++ b/modules/registry-configuring-registry-storage-rhodf-cephfs.adoc
@@ -6,7 +6,7 @@
 //
 // * registry/configuring_registry_storage/Configuring-the-registry-for-rhodf.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-registry-storage-rhodf-cephfs_{context}"]
 = Configuring the Image Registry Operator to use CephFS storage with Red Hat OpenShift Data Foundation
 
diff --git a/modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc b/modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc
index 567c3169f2f5..dca872af1208 100644
--- a/modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc
+++ b/modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc
@@ -6,7 +6,7 @@
 //
 // * registry/configuring_registry_storage/Configuring-the-registry-for-rhodf.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-registry-storage-rhodf-cephrgw_{context}"]
 = Configuring the Image Registry Operator to use Ceph RGW storage with Red Hat OpenShift Data Foundation
 
@@ -35,31 +35,32 @@ cat <<EOF | oc apply -f -
 apiVersion: objectbucket.io/v1alpha1
 kind: ObjectBucketClaim
 metadata:
-  name: rgwtest
-  namespace: openshift-storage
+  name: rgwbucket
+  namespace: openshift-storage <1>
 spec:
   storageClassName: ocs-storagecluster-ceph-rgw
-  generateBucketName: rgwtest
+  generateBucketName: rgwbucket
 EOF
 ----
+<1> Alternatively, you can use the `openshift-image-registry` namespace.
 
 . Get the bucket name by entering the following command:
 +
 [source,terminal]
 ----
-$ bucket_name=$(oc get obc -n openshift-storage rgwtest -o jsonpath='{.spec.bucketName}')
+$ bucket_name=$(oc get obc -n openshift-storage rgwbucket -o jsonpath='{.spec.bucketName}')
 ----
 
 . Get the AWS credentials by entering the following commands:
 +
 [source,terminal]
 ----
-$ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage rgwtest -o yaml | grep -w "AWS_ACCESS_KEY_ID:" | head -n1 | awk '{print $2}' | base64 --decode)
+$ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode)
 ----
 +
 [source,terminal]
 ----
-$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwtest -o yaml | grep -w "AWS_SECRET_ACCESS_KEY:" | head -n1 | awk '{print $2}' | base64 --decode)
+$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode)
 ----
 
 . Create the secret `image-registry-private-configuration-user` with the AWS credentials for the new bucket under `openshift-image-registry project` by entering the following command:
@@ -69,19 +70,14 @@ $ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwtest -o yaml | g
 $ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} --namespace openshift-image-registry
 ----
 
-. Create a encryption route for Ceph RGW by entering the following command:
+. Get the `buckethost` value by entering the following command:
 +
 [source,terminal]
 ----
-$ oc create route reencrypt <route_name> --service=rook-ceph-rgw-ocs-storagecluster-cephobjectstore --port=https -n openshift-storage
+$ route_host=$(oc get objectbucket $bucket_name -n openshift-storage -o=jsonpath='{.spec.endpoint.bucketHost}')
 ----
 +
-.. Get the route host by entering the following command:
-+
-[source,terminal]
-----
-$ route_host=$(oc get route <route_name> -n openshift-storage -o=jsonpath='{.spec.host}')
-----
+
 . Create a config map that uses an ingress certificate by entering the following commands:
 +
 [source,terminal]
diff --git a/modules/registry-configuring-registry-storage-rhodf-nooba.adoc b/modules/registry-configuring-registry-storage-rhodf-nooba.adoc
index 7e358285ae89..e4469bca41f7 100644
--- a/modules/registry-configuring-registry-storage-rhodf-nooba.adoc
+++ b/modules/registry-configuring-registry-storage-rhodf-nooba.adoc
@@ -6,7 +6,7 @@
 //
 // * registry/configuring_registry_storage/Configuring-the-registry-for-rhodf.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-registry-storage-rhodf-nooba_{context}"]
 = Configuring the Image Registry Operator to use Noobaa storage with Red Hat OpenShift Data Foundation
 
@@ -35,12 +35,13 @@ apiVersion: objectbucket.io/v1alpha1
 kind: ObjectBucketClaim
 metadata:
   name: noobaatest
-  namespace: openshift-storage
+  namespace: openshift-storage <1>
 spec:
   storageClassName: openshift-storage.noobaa.io
   generateBucketName: noobaatest
 EOF
 ----
+<1> Alternatively, you can use the `openshift-image-registry` namespace.
 
 . Get the bucket name by entering the following command:
 +
diff --git a/modules/registry-configuring-registry-storage-swift-trust.adoc b/modules/registry-configuring-registry-storage-swift-trust.adoc
index e90605a10646..6ecbc4be0eb6 100644
--- a/modules/registry-configuring-registry-storage-swift-trust.adoc
+++ b/modules/registry-configuring-registry-storage-swift-trust.adoc
@@ -3,7 +3,7 @@
 // * registry/installing-openstack- .adoc
 // * registry/configuring-registry-operator.adoc
 // * registry/configuring-registry-storage-openstack-user-infrastructure.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-registry-storage-swift-trust_{context}"]
 = Configuring the Image Registry Operator to trust Swift storage
 
diff --git a/modules/registry-configuring-storage-aws-user-infra.adoc b/modules/registry-configuring-storage-aws-user-infra.adoc
index 82159728408c..cf55dc3fd2e1 100644
--- a/modules/registry-configuring-storage-aws-user-infra.adoc
+++ b/modules/registry-configuring-storage-aws-user-infra.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 // * registry/configuring_registry_storage-aws-user-infrastructure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-aws-user-infra_{context}"]
 = Configuring registry storage for AWS with user-provisioned infrastructure
 
diff --git a/modules/registry-configuring-storage-azure-gov-cloud.adoc b/modules/registry-configuring-storage-azure-gov-cloud.adoc
index 37a4b8cd2f71..26e955887f8b 100644
--- a/modules/registry-configuring-storage-azure-gov-cloud.adoc
+++ b/modules/registry-configuring-storage-azure-gov-cloud.adoc
@@ -2,7 +2,7 @@
 //
 //* registry/configuring_registry_storage-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-azure-gov-cloud_{context}"]
 = Configuring registry storage for Azure Government
 
@@ -37,4 +37,4 @@ storage:
     container: <container-name>
     cloudName: AzureUSGovernmentCloud <1>
 ----
-<1> `cloudName` is the name of the Azure cloud environment, which can be used to configure the Azure SDK with the appropriate Azure API endpoints. Defaults to `AzurePublicCloud`. You can also set `cloudName` to `AzureUSGovernmentCloud`, `AzureChinaCloud`, or `AzureGermanCloud` with sufficient credentials. 
+<1> `cloudName` is the name of the Azure cloud environment, which can be used to configure the Azure SDK with the appropriate Azure API endpoints. Defaults to `AzurePublicCloud`. You can also set `cloudName` to `AzureUSGovernmentCloud`, `AzureChinaCloud`, or `AzureGermanCloud` with sufficient credentials.
diff --git a/modules/registry-configuring-storage-azure-user-infra.adoc b/modules/registry-configuring-storage-azure-user-infra.adoc
index 2e41f7d03d7d..01c55de7730c 100644
--- a/modules/registry-configuring-storage-azure-user-infra.adoc
+++ b/modules/registry-configuring-storage-azure-user-infra.adoc
@@ -2,7 +2,7 @@
 //
 //* registry/configuring_registry_storage-azure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-azure-user-infra_{context}"]
 = Configuring registry storage for Azure
 
diff --git a/modules/registry-configuring-storage-baremetal.adoc b/modules/registry-configuring-storage-baremetal.adoc
index 88ebc83a2096..2fb21e4b335c 100644
--- a/modules/registry-configuring-storage-baremetal.adoc
+++ b/modules/registry-configuring-storage-baremetal.adoc
@@ -29,16 +29,16 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-baremetal_{context}"]
 ifndef::ibm-z,ibm-power[]
 = Configuring registry storage for bare metal and other manual installations
 endif::ibm-z,ibm-power[]
 ifdef::ibm-z[]
-= Configuring registry storage for {ibmzProductName}
+= Configuring registry storage for {ibm-z-title}
 endif::ibm-z[]
 ifdef::ibm-power[]
-= Configuring registry storage for IBM Power
+= Configuring registry storage for {ibm-power-title}
 endif::ibm-power[]
 
 As a cluster administrator, following installation you must configure your
@@ -49,8 +49,8 @@ registry to use storage.
 * You have access to the cluster as a user with the `cluster-admin` role.
 * You have a cluster
 ifndef::ibm-z,ibm-power[that uses manually-provisioned {op-system-first} nodes, such as bare metal.]
-ifdef::ibm-z[on {ibmzProductName}.]
-ifdef::ibm-power[on IBM Power.]
+ifdef::ibm-z[on {ibm-z-name}.]
+ifdef::ibm-power[on {ibm-power-name}.]
 * You have provisioned persistent storage for your cluster, such as {rh-storage-first}.
 +
 [IMPORTANT]
@@ -67,7 +67,7 @@ the `configs.imageregistry/cluster` resource.
 +
 [NOTE]
 ====
-When using shared storage, review your security settings to prevent outside access.
+When you use shared storage, review your security settings to prevent outside access.
 ====
 
 . Verify that you do not have a registry pod:
@@ -113,10 +113,10 @@ $ oc get clusteroperator image-registry
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME             VERSION              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
-image-registry   4.13                 True        False         False      6h50m
+image-registry   {product-version}                 True        False         False      6h50m
 ----
 +
 . Ensure that your registry is set to managed to enable building and pushing of images.
diff --git a/modules/registry-configuring-storage-gcp-user-infra.adoc b/modules/registry-configuring-storage-gcp-user-infra.adoc
index 924cf5e3ae54..6727655d4f3a 100644
--- a/modules/registry-configuring-storage-gcp-user-infra.adoc
+++ b/modules/registry-configuring-storage-gcp-user-infra.adoc
@@ -2,12 +2,11 @@
 //
 // * registry/configuring_registry_storage-gcp-user-infrastructure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-gcp-user-infra_{context}"]
-= Registry storage for GCP with user-provisioned infrastructure
+= Configuring the registry storage for GCP with user-provisioned infrastructure
 
-You must set up the storage medium manually and configure the settings in the
-registry custom resource (CR).
+If the Registry Operator cannot create a Google Cloud Platform (GCP) bucket, you must set up the storage medium manually and configure the settings in the registry custom resource (CR).
 
 .Prerequisites
 
@@ -18,9 +17,30 @@ cloud credentials.
 contents of a credentials file provided by GCP:
 ** `REGISTRY_STORAGE_GCS_KEYFILE`
 
-
 .Procedure
 
-////
-Stub for procedure to manually set storage medium.
-////
+. Set up an link:https://cloud.google.com/storage/docs/lifecycle[Object Lifecycle Management policy] to abort incomplete multipart uploads that are one day old.
+
+. Fill in the storage configuration in `configs.imageregistry.operator.openshift.io/cluster`:
++
+[source,terminal]
+----
+$ oc edit configs.imageregistry.operator.openshift.io/cluster
+----
++
+.Example configuration
+[source,yaml]
+----
+# ...
+storage:
+  gcs:
+    bucket: <bucket-name>
+    projectID: <project-id>
+    region: <region-name>
+# ...
+----
+
+[WARNING]
+====
+You can secure your registry images that use a Google Cloud Storage bucket by setting link:https://cloud.google.com/storage/docs/using-public-access-prevention[public access prevention].
+====
diff --git a/modules/registry-configuring-storage-nutanix.adoc b/modules/registry-configuring-storage-nutanix.adoc
index c3426eff446b..e4bd0b6b70f5 100644
--- a/modules/registry-configuring-storage-nutanix.adoc
+++ b/modules/registry-configuring-storage-nutanix.adoc
@@ -1,9 +1,12 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-nutanix_{context}"]
 = Configuring the default storage container
 
 After you install the cluster, you must install the Nutanix CSI Operator and configure the default storage container for the cluster.
 
-For more information, see the Nutanix documentation for link:https://opendocs.nutanix.com/openshift/operators/csi/[installing the CSI Operator] and link:https://opendocs.nutanix.com/openshift/install/ipi/#openshift-image-registry-configuration[configuring registry storage].
+For more information, see the Nutanix documentation for link:https://opendocs.nutanix.com/openshift/operators/csi/[installing the CSI Operator] and link:https://opendocs.nutanix.com/openshift/post-install/[configuring registry storage].
diff --git a/modules/registry-configuring-storage-openstack-user-infra.adoc b/modules/registry-configuring-storage-openstack-user-infra.adoc
index 48a44085f4cc..e0b29c5e85cb 100644
--- a/modules/registry-configuring-storage-openstack-user-infra.adoc
+++ b/modules/registry-configuring-storage-openstack-user-infra.adoc
@@ -5,8 +5,7 @@
 [id="registry-configuring-storage-openstack-user-infra_{context}"]
 = Registry storage for {rh-openstack} with user-provisioned infrastructure
 
-You must set up the storage medium manually and configure the settings in the
-registry custom resource (CR).
+If the Registry Operator cannot create a Swift bucket, you must set up the storage medium manually and configure the settings in the registry custom resource (CR).
 
 .Prerequisites
 
@@ -15,5 +14,24 @@ registry custom resource (CR).
 cloud credentials.
 * For Swift on {rh-openstack} storage, the secret is expected to contain the following two keys:
 
-** `REGISTRY_STORAGE_SWIFT_USER`
+** `REGISTRY_STORAGE_SWIFT_USERNAME`
 ** `REGISTRY_STORAGE_SWIFT_PASSWORD`
+
+.Procedure
+
+* Fill in the storage configuration in `configs.imageregistry.operator.openshift.io/cluster`:
++
+[source,terminal]
+----
+$ oc edit configs.imageregistry.operator.openshift.io/cluster
+----
++
+.Example configuration
+[source,yaml]
+----
+# ...
+storage: 
+  swift:
+    container: <container-id>
+# ...
+----
\ No newline at end of file
diff --git a/modules/registry-configuring-storage-vsphere.adoc b/modules/registry-configuring-storage-vsphere.adoc
index f5d0bb1f0ed9..a3b91a204ff3 100644
--- a/modules/registry-configuring-storage-vsphere.adoc
+++ b/modules/registry-configuring-storage-vsphere.adoc
@@ -8,7 +8,7 @@
 // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-configuring-storage-vsphere_{context}"]
 = Configuring registry storage for VMware vSphere
 
@@ -46,7 +46,7 @@ components.
 +
 [NOTE]
 ====
-When using shared storage, review your security settings to prevent outside access.
+When you use shared storage, review your security settings to prevent outside access.
 ====
 
 . Verify that you do not have a registry pod:
@@ -81,7 +81,7 @@ storage:
     claim: <1>
 ----
 +
-<1> Leave the `claim` field blank to allow the automatic creation of an `image-registry-storage` persistent volume claim (PVC). The PVC is generated based on the default storage class. However, be aware that the default storage class might provide ReadWriteOnce (RWO) volumes, such as a RADOS Block Device (RBD), which can cause issues when replicating to more than one replica.
+<1> Leave the `claim` field blank to allow the automatic creation of an `image-registry-storage` persistent volume claim (PVC). The PVC is generated based on the default storage class. However, be aware that the default storage class might provide ReadWriteOnce (RWO) volumes, such as a RADOS Block Device (RBD), which can cause issues when you replicate to more than one replica.
 
 . Check the `clusteroperator` status:
 +
diff --git a/modules/registry-exposing-default-registry-manually.adoc b/modules/registry-exposing-default-registry-manually.adoc
index 0d6daaba718d..2e7b8a834e67 100644
--- a/modules/registry-exposing-default-registry-manually.adoc
+++ b/modules/registry-exposing-default-registry-manually.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-exposing-default-registry-manually_{context}"]
 = Exposing a default registry manually
 
diff --git a/modules/registry-exposing-secure-registry-manually.adoc b/modules/registry-exposing-secure-registry-manually.adoc
index 6692a4a3475f..82126c9e091f 100644
--- a/modules/registry-exposing-secure-registry-manually.adoc
+++ b/modules/registry-exposing-secure-registry-manually.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/securing-exposing-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-exposing-secure-registry-manually_{context}"]
 = Exposing a secure registry manually
 
@@ -80,3 +80,6 @@ spec:
 Only set `secretName` if you are providing a custom TLS configuration for the
 registry's route.
 ====
+
+.Troubleshooting
+* link:https://access.redhat.com/solutions/5419501[Error creating TLS secret]
\ No newline at end of file
diff --git a/modules/registry-operator-config-resources-secret-aws.adoc b/modules/registry-operator-config-resources-secret-aws.adoc
index 54b02f1597e0..0661ec5ba2ba 100644
--- a/modules/registry-operator-config-resources-secret-aws.adoc
+++ b/modules/registry-operator-config-resources-secret-aws.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/configuring_registry_storage-aws-user-infrastructure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-operator-config-resources-secret-aws_{context}"]
 = Configuring a secret for the Image Registry Operator
 
diff --git a/modules/registry-operator-config-resources-secret-azure.adoc b/modules/registry-operator-config-resources-secret-azure.adoc
index 9926e39db6c4..f786fd0519e7 100644
--- a/modules/registry-operator-config-resources-secret-azure.adoc
+++ b/modules/registry-operator-config-resources-secret-azure.adoc
@@ -3,7 +3,7 @@
 // * registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-operator-config-resources-secret-azure_{context}"]
 = Configuring a secret for the Image Registry Operator
 
diff --git a/modules/registry-operator-config-resources-secret-gcp.adoc b/modules/registry-operator-config-resources-secret-gcp.adoc
index 3dd56995c528..08a0f7f586f3 100644
--- a/modules/registry-operator-config-resources-secret-gcp.adoc
+++ b/modules/registry-operator-config-resources-secret-gcp.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/configuring_registry_storage-gcp-user-infrastructure.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-operator-config-resources-secret-gcp_{context}"]
 = Configuring a secret for the Image Registry Operator
 
diff --git a/modules/registry-operator-config-resources-secret-openstack.adoc b/modules/registry-operator-config-resources-secret-openstack.adoc
index 281bddfc7da5..df0ee4063b20 100644
--- a/modules/registry-operator-config-resources-secret-openstack.adoc
+++ b/modules/registry-operator-config-resources-secret-openstack.adoc
@@ -16,7 +16,7 @@ credentials used by the Operator, if default credentials were found.
 
 For Swift on {rh-openstack-first} storage, the secret is expected to contain the following two keys:
 
-* `REGISTRY_STORAGE_SWIFT_USER`
+* `REGISTRY_STORAGE_SWIFT_USERNAME`
 * `REGISTRY_STORAGE_SWIFT_PASSWORD`
 
 .Procedure
@@ -25,5 +25,5 @@ For Swift on {rh-openstack-first} storage, the secret is expected to contain the
 +
 [source,terminal]
 ----
-$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_SWIFT_USER=<username> --from-literal=REGISTRY_STORAGE_SWIFT_PASSWORD=<password> -n openshift-image-registry
+$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_SWIFT_USERNAME=<username> --from-literal=REGISTRY_STORAGE_SWIFT_PASSWORD=<password> -n openshift-image-registry
 ----
diff --git a/modules/registry-operator-config-resources-storage-credentials.adoc b/modules/registry-operator-config-resources-storage-credentials.adoc
index d2ad5f1629a6..c5c8fddf2f0b 100644
--- a/modules/registry-operator-config-resources-storage-credentials.adoc
+++ b/modules/registry-operator-config-resources-storage-credentials.adoc
@@ -3,7 +3,7 @@
 // * registry/configuring-registry-operator.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-operator-config-resources-storage-credentials_{context}"]
 = Configuring storage credentials for the Image Registry Operator
 
diff --git a/modules/registry-operator-configuration-resource-overview.adoc b/modules/registry-operator-configuration-resource-overview.adoc
index a6becf3f9644..99f7d7170253 100644
--- a/modules/registry-operator-configuration-resource-overview.adoc
+++ b/modules/registry-operator-configuration-resource-overview.adoc
@@ -25,7 +25,7 @@ storage that the Operator provisioned.
 |`logLevel`
 |Sets `logLevel` of the registry instance. Defaults to  `Normal`.
 
-The supported values for `logLevel` are:
+The following values for `logLevel` are supported:
 
 * `Normal`
 * `Debug`
@@ -35,6 +35,16 @@ The supported values for `logLevel` are:
 |`httpSecret`
 |Value needed by the registry to secure uploads, generated by default.
 
+| `operatorLogLevel`
+| The `operatorLogLevel` configuration parameter provides intent-based logging for the Operator itself and a simple way to manage coarse-grained logging choices that Operators must interpret for themselves. This configuration parameter defaults to `Normal`. It does not provide fine-grained control.
+
+The following values for `operatorLogLevel` are supported: 
+ 
+* `Normal`
+* `Debug`
+* `Trace`
+* `TraceAll`
+
 |`proxy`
 |Defines the Proxy to be used when calling master API
 and upstream registries.
diff --git a/modules/registry-operator-default-crd.adoc b/modules/registry-operator-default-crd.adoc
index 2c554fbcecc9..ef5d6d24afca 100644
--- a/modules/registry-operator-default-crd.adoc
+++ b/modules/registry-operator-default-crd.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/configuring-registry-operator.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-operator-default-crd_{context}"]
 = Enable the Image Registry default route with the Custom Resource Definition
 
diff --git a/modules/registry-removed.adoc b/modules/registry-removed.adoc
index 08972564caab..9759bb80e3e8 100644
--- a/modules/registry-removed.adoc
+++ b/modules/registry-removed.adoc
@@ -18,19 +18,6 @@
 [id="registry-removed_{context}"]
 = Image registry removed during installation
 
-On platforms that do not provide shareable object storage, the OpenShift Image
-Registry Operator bootstraps itself as `Removed`. This allows
-`openshift-installer` to complete installations on these platform types.
+On platforms that do not provide shareable object storage, the OpenShift Image Registry Operator bootstraps itself as `Removed`. This allows `openshift-installer` to complete installations on these platform types.
 
-After installation, you must edit the Image Registry Operator configuration to
-switch the `managementState` from `Removed` to `Managed`.
-
-[NOTE]
-====
-The Prometheus console provides an `ImageRegistryRemoved` alert, for example:
-
-"Image Registry has been removed. `ImageStreamTags`, `BuildConfigs` and
-`DeploymentConfigs` which reference `ImageStreamTags` may not work as
-expected. Please configure storage and update the config to `Managed`
-state by editing configs.imageregistry.operator.openshift.io."
-====
+After installation, you must edit the Image Registry Operator configuration to switch the `managementState` from `Removed` to `Managed`.
diff --git a/modules/registry-third-party-registries.adoc b/modules/registry-third-party-registries.adoc
index 82b953deac16..fb7a9af14019 100644
--- a/modules/registry-third-party-registries.adoc
+++ b/modules/registry-third-party-registries.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/index.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-third-party-registries_{context}"]
 = Third-party registries
 
diff --git a/modules/registry-viewing-logs.adoc b/modules/registry-viewing-logs.adoc
index c13fac8403e9..baf2c1b454c3 100644
--- a/modules/registry-viewing-logs.adoc
+++ b/modules/registry-viewing-logs.adoc
@@ -2,7 +2,7 @@
 //
 // * registry/accessing-the-registry.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="registry-viewing-logs_{context}"]
 = Viewing registry logs
 
@@ -10,7 +10,7 @@ You can view the logs for the registry by using the `oc logs` command.
 
 .Procedure
 
-. Use the `oc logs` command with deployments to view the logs for the container
+* Use the `oc logs` command with deployments to view the logs for the container
 image registry:
 +
 [source,terminal]
diff --git a/modules/relocation-of-openshift-jenkins-images.adoc b/modules/relocation-of-openshift-jenkins-images.adoc
index 7596c91e0c2f..127cb6277969 100644
--- a/modules/relocation-of-openshift-jenkins-images.adoc
+++ b/modules/relocation-of-openshift-jenkins-images.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * cicd/jenkins/important-changes-to-openshift-jenkins-images.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="relocation-of-openshift-jenkins-images_{context}"]
 = Relocation of OpenShift Jenkins images
diff --git a/modules/remove-resource-requirements.adoc b/modules/remove-resource-requirements.adoc
index 455dcf97dcb3..87ab7327ea06 100644
--- a/modules/remove-resource-requirements.adoc
+++ b/modules/remove-resource-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * cicd/gitops/configuring-resource-quota.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="remove-resource-requirements_{context}"]
 = Removing resource requests
 
diff --git a/modules/removing-bare-metal-hosts-from-provisioner.adoc b/modules/removing-bare-metal-hosts-from-provisioner.adoc
index 558ce70c31f6..d87f3341f480 100644
--- a/modules/removing-bare-metal-hosts-from-provisioner.adoc
+++ b/modules/removing-bare-metal-hosts-from-provisioner.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/managing-bare-metal-hosts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="removing-bare-metal-hosts-from-provisioner_{context}"]
 = Removing bare metal hosts from the provisioner node
 
diff --git a/modules/removing-devworkspace-operator.adoc b/modules/removing-devworkspace-operator.adoc
index 338e10f22f1a..4c84a088c1ca 100644
--- a/modules/removing-devworkspace-operator.adoc
+++ b/modules/removing-devworkspace-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/web_terminal/uninstalling-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="removing-devworkspace-operator_{context}"]
 = Removing the {devworkspace-op}
 
@@ -18,6 +18,10 @@ The {devworkspace-op} is a standalone Operator and may be required as a dependen
 * You have access to an {product-title} cluster with cluster administrator permissions.
 * You have installed the `oc` CLI.
 
+// Hide step 2, cannot delete resource "customresourcedefinitions" in ROSA/OSD
+// Hide step 4, cannot delete resource "mutatingwebhookconfigurations" in ROSA/OSD, do not delete deployment/devworkspace-webhook-server, see NOTE 
+
+
 .Procedure
 
 . Remove the `DevWorkspace` custom resources used by the Operator, along with any related Kubernetes objects:
@@ -37,6 +41,7 @@ $ oc delete devworkspaceroutings.controller.devfile.io --all-namespaces --all --
 If this step is not complete, finalizers make it difficult to fully uninstall the Operator.
 ====
 
+ifndef::openshift-rosa,openshift-dedicated[]
 . Remove the CRDs used by the Operator:
 +
 [WARNING]
@@ -92,6 +97,7 @@ $ oc delete validatingwebhookconfigurations controller.devfile.io
 ====
 If you remove the `devworkspace-webhook-server` deployment without removing the mutating and validating webhooks, you can not use `oc exec` commands to run commands in a container in the cluster. After you remove the webhooks you can use the `oc exec` commands again.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 . Remove any remaining services, secrets, and config maps. Depending on the installation, some resources included in the following commands may not exist in the cluster.
 +
diff --git a/modules/removing-filters-from-insights-advisor-recommendations.adoc b/modules/removing-filters-from-insights-advisor-recommendations.adoc
new file mode 100644
index 000000000000..e5349883c5e8
--- /dev/null
+++ b/modules/removing-filters-from-insights-advisor-recommendations.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="removing-filters-from-insights-recommendations_{context}"]
+= Removing filters from Insights Advisor recommendations
+
+You can apply multiple filters to the list of recommendations. When ready, you can remove them individually or completely reset them.
+
+.Removing filters individually
+* Click the *X* icon next to each filter, including the default filters, to remove them individually.
+
+.Removing all non-default filters
+* Click *Reset filters* to remove only the filters that you applied, leaving the default filters in place.
diff --git a/modules/removing-web-terminal-operator.adoc b/modules/removing-web-terminal-operator.adoc
index c0b95e731218..ae85048f31d5 100644
--- a/modules/removing-web-terminal-operator.adoc
+++ b/modules/removing-web-terminal-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/web_terminal/uninstalling-web-terminal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="removing-web-terminal-operator_{context}"]
 = Removing the {web-terminal-op}
 
@@ -19,18 +19,6 @@ You can uninstall the web terminal by removing the {web-terminal-op} and custom
 . Scroll the filter list or type a keyword into the *Filter by name* box to find the {web-terminal-op}.
 . Click the Options menu {kebab} for the {web-terminal-op}, and then select *Uninstall Operator*.
 . In the *Uninstall Operator* confirmation dialog box, click *Uninstall* to remove the Operator, Operator deployments, and pods from the cluster. The Operator stops running and no longer receives updates.
-. Remove the custom resources:
-+
-[source,terminal]
-----
-$ oc delete devworkspaces.workspace.devfile.io --all-namespaces \
-    --selector 'console.openshift.io/terminal=true' --wait
-----
-+
-[source,terminal]
-----
-$ oc delete devworkspacetemplates.workspace.devfile.io --all-namespaces \
-    --selector 'console.openshift.io/terminal=true' --wait
-----
+// Removed steps, as they are in the following module. 
 
-// TODO: Add a verification section
\ No newline at end of file
+// TODO: Add a verification section
diff --git a/modules/restarting-installation.adoc b/modules/restarting-installation.adoc
index fae729304b39..9948e8e84df3 100644
--- a/modules/restarting-installation.adoc
+++ b/modules/restarting-installation.adoc
@@ -2,7 +2,7 @@
 //
 // installing/installing-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restarting-installation_{context}"]
 = Reinstalling the {product-title} cluster
 
@@ -13,7 +13,7 @@ For a user-provisioned infrastructure (UPI) installation, you must manually dest
 
 . Destroy the cluster and remove all the resources associated with the cluster, including the hidden installer state files in the installation directory:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ ./openshift-install destroy cluster --dir <installation_directory> <1>
 ----
@@ -22,7 +22,7 @@ definition files that the installation program creates.
 
 . Before reinstalling the cluster, delete the installation directory:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rm -rf <installation_directory>
 ----
diff --git a/modules/restore-determine-state-etcd-member.adoc b/modules/restore-determine-state-etcd-member.adoc
index aeaa7a59227d..e705eb787789 100644
--- a/modules/restore-determine-state-etcd-member.adoc
+++ b/modules/restore-determine-state-etcd-member.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/replacing-unhealthy-etcd-member.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restore-determine-state-etcd-member_{context}"]
 = Determining the state of the unhealthy etcd member
 
@@ -71,7 +71,7 @@ $ oc get nodes -l node-role.kubernetes.io/master | grep "NotReady"
 .Example output
 [source,terminal]
 ----
-ip-10-0-131-183.ec2.internal   NotReady   master   122m   v1.26.0 <1>
+ip-10-0-131-183.ec2.internal   NotReady   master   122m   v1.28.5 <1>
 ----
 <1> If the node is listed as `NotReady`, then the *node is not ready*.
 
@@ -95,9 +95,9 @@ $ oc get nodes -l node-role.kubernetes.io/master
 [source,terminal]
 ----
 NAME                           STATUS   ROLES    AGE     VERSION
-ip-10-0-131-183.ec2.internal   Ready    master   6h13m   v1.26.0
-ip-10-0-164-97.ec2.internal    Ready    master   6h13m   v1.26.0
-ip-10-0-154-204.ec2.internal   Ready    master   6h13m   v1.26.0
+ip-10-0-131-183.ec2.internal   Ready    master   6h13m   v1.28.5
+ip-10-0-164-97.ec2.internal    Ready    master   6h13m   v1.28.5
+ip-10-0-154-204.ec2.internal   Ready    master   6h13m   v1.28.5
 ----
 
 .. Check whether the status of an etcd pod is either `Error` or `CrashloopBackoff`:
diff --git a/modules/restore-identify-unhealthy-etcd-member.adoc b/modules/restore-identify-unhealthy-etcd-member.adoc
index 1049ecef571b..2cf7a828e078 100644
--- a/modules/restore-identify-unhealthy-etcd-member.adoc
+++ b/modules/restore-identify-unhealthy-etcd-member.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/replacing-unhealthy-etcd-member.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restore-identify-unhealthy-etcd-member_{context}"]
 = Identifying an unhealthy etcd member
 
diff --git a/modules/restore-replace-crashlooping-etcd-member.adoc b/modules/restore-replace-crashlooping-etcd-member.adoc
index eda6109141da..77fbffb027b7 100644
--- a/modules/restore-replace-crashlooping-etcd-member.adoc
+++ b/modules/restore-replace-crashlooping-etcd-member.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/replacing-unhealthy-etcd-member.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restore-replace-crashlooping-etcd-member_{context}"]
 = Replacing an unhealthy etcd member whose etcd pod is crashlooping
 
diff --git a/modules/restore-replace-stopped-baremetal-etcd-member.adoc b/modules/restore-replace-stopped-baremetal-etcd-member.adoc
index 14a4f1530d8e..fec3087500a7 100644
--- a/modules/restore-replace-stopped-baremetal-etcd-member.adoc
+++ b/modules/restore-replace-stopped-baremetal-etcd-member.adoc
@@ -2,7 +2,7 @@
 //
 // * /backup_and_restore/control_plane_backup_and_restore/replacing-unhealthy-etcd-member.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restore-replace-stopped-baremetal-etcd-member_{context}"]
 = Replacing an unhealthy bare metal etcd member whose machine is not running or whose node is not ready
 
@@ -310,10 +310,10 @@ $ oc get clusteroperator baremetal
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME        VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
-baremetal   4.13.0    True        False         False      3d15h
+baremetal   {product-version}.0    True        False         False      3d15h
 ----
 
 . Remove the old `BareMetalHost` object by running the following command:
@@ -390,10 +390,10 @@ examplecluster-compute-1          Running                          165m    opens
 $ oc get nodes
 
 NAME                     STATUS ROLES   AGE   VERSION
-openshift-control-plane-0 Ready master 3h24m v1.26.0
-openshift-control-plane-1 Ready master 3h24m v1.26.0
-openshift-compute-0       Ready worker 176m v1.26.0
-openshift-compute-1       Ready worker 176m v1.26.0
+openshift-control-plane-0 Ready master 3h24m v1.28.5
+openshift-control-plane-1 Ready master 3h24m v1.28.5
+openshift-compute-0       Ready worker 176m v1.28.5
+openshift-compute-1       Ready worker 176m v1.28.5
 ----
 
 . Create the new `BareMetalHost` object and the secret to store the BMC credentials:
@@ -428,7 +428,7 @@ spec:
   externallyProvisioned: false
   online: true
   rootDeviceHints:
-    deviceName: /dev/sda
+    deviceName: /dev/disk/by-id/scsi-<serial_number>
   userData:
     name: master-user-data-managed
     namespace: openshift-machine-api
@@ -525,11 +525,11 @@ $ oc get nodes
 ----
 $ oc get nodes
 NAME                     STATUS ROLES   AGE   VERSION
-openshift-control-plane-0 Ready master 4h26m v1.26.0
-openshift-control-plane-1 Ready master 4h26m v1.26.0
-openshift-control-plane-2 Ready master 12m   v1.26.0
-openshift-compute-0       Ready worker 3h58m v1.26.0
-openshift-compute-1       Ready worker 3h58m v1.26.0
+openshift-control-plane-0 Ready master 4h26m v1.28.5
+openshift-control-plane-1 Ready master 4h26m v1.28.5
+openshift-control-plane-2 Ready master 12m   v1.28.5
+openshift-compute-0       Ready worker 3h58m v1.28.5
+openshift-compute-1       Ready worker 3h58m v1.28.5
 ----
 
 . Turn the quorum guard back on by entering the following command:
diff --git a/modules/restore-replace-stopped-etcd-member.adoc b/modules/restore-replace-stopped-etcd-member.adoc
index 63c159eb74b3..f2003a46f2e5 100644
--- a/modules/restore-replace-stopped-etcd-member.adoc
+++ b/modules/restore-replace-stopped-etcd-member.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/replacing-unhealthy-etcd-member.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restore-replace-stopped-etcd-member_{context}"]
 = Replacing an unhealthy etcd member whose machine is not running or whose node is not ready
 
@@ -114,11 +114,6 @@ sh-4.2# etcdctl member list -w table
 ----
 +
 You can now exit the node shell.
-+
-[IMPORTANT]
-====
-After you remove the member, the cluster might be unreachable for a short time while the remaining etcd instances reboot.
-====
 
 . Turn off the quorum guard by entering the following command:
 +
@@ -128,6 +123,23 @@ $ oc patch etcd/cluster --type=merge -p '{"spec": {"unsupportedConfigOverrides":
 ----
 +
 This command ensures that you can successfully re-create secrets and roll out the static pods.
++
+[IMPORTANT]
+====
+After you turn off the quorum guard, the cluster might be unreachable for a short time while the remaining etcd instances reboot to reflect the configuration change.
+====
++
+[NOTE]
+====
+etcd cannot tolerate any additional member failure when running with two members. Restarting either remaining member breaks the quorum and causes downtime in your cluster. The quorum guard protects etcd from restarts due to configuration changes that could cause downtime, so it must be disabled to complete this procedure.
+====
+
+. Delete the affected node by running the following command:
++
+[source,terminal]
+----
+$ oc delete node <node_name>
+---- 
 
 . Remove the old secrets for the unhealthy etcd member that was removed.
 
@@ -172,7 +184,7 @@ $ oc delete secret -n openshift-etcd etcd-serving-ip-10-0-131-183.ec2.internal
 $ oc delete secret -n openshift-etcd etcd-serving-metrics-ip-10-0-131-183.ec2.internal
 ----
 
-. Delete and recreate the control plane machine. After this machine is recreated, a new revision is forced and etcd scales up automatically.
+. Delete and re-create the control plane machine. After this machine is re-created, a new revision is forced and etcd scales up automatically.
 +
 If you are running installer-provisioned infrastructure, or you used the Machine API to create your machines, follow these steps. Otherwise, you must create the new master using the same method that was used to originally create it.
 
diff --git a/modules/restoring-etcd-snapshot-hosted-cluster.adoc b/modules/restoring-etcd-snapshot-hosted-cluster.adoc
index 52481f93f8cb..d39ff0aa50fa 100644
--- a/modules/restoring-etcd-snapshot-hosted-cluster.adoc
+++ b/modules/restoring-etcd-snapshot-hosted-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * hcp-backup-restore-dr.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="restoring-etcd-snapshot-hosted-cluster_{context}"]
 = Restoring an etcd snapshot on a hosted cluster
 
diff --git a/modules/reviewing-cluster-status-from-the-openshift-cluster-manager.adoc b/modules/reviewing-cluster-status-from-the-openshift-cluster-manager.adoc
index 97b7868de373..5222d74edb2e 100644
--- a/modules/reviewing-cluster-status-from-the-openshift-cluster-manager.adoc
+++ b/modules/reviewing-cluster-status-from-the-openshift-cluster-manager.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-cluster-status-from-the-openshift-cluster-manager_{context}"]
 = Reviewing the cluster status from {cluster-manager-first}
 
diff --git a/modules/reviewing-cluster-status-from-the-openshift-web-console.adoc b/modules/reviewing-cluster-status-from-the-openshift-web-console.adoc
index b53d0708ecaa..d4554472e086 100644
--- a/modules/reviewing-cluster-status-from-the-openshift-web-console.adoc
+++ b/modules/reviewing-cluster-status-from-the-openshift-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-cluster-status-from-the-openshift-web-console_{context}"]
 = Reviewing the cluster status from the {product-title} web console
 
diff --git a/modules/reviewing-node-status-usage-and-configuration.adoc b/modules/reviewing-node-status-usage-and-configuration.adoc
index cd23ca0ea2a0..3f0a26f5d0d0 100644
--- a/modules/reviewing-node-status-usage-and-configuration.adoc
+++ b/modules/reviewing-node-status-usage-and-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/verifying-node-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-node-status-use-and-configuration_{context}"]
 = Reviewing node status, resource usage, and configuration
 
@@ -10,7 +10,12 @@ Review cluster node health status, resource consumption statistics, and node log
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/reviewing-pod-status.adoc b/modules/reviewing-pod-status.adoc
index a01bffd600e8..c6185abb5fd5 100644
--- a/modules/reviewing-pod-status.adoc
+++ b/modules/reviewing-pod-status.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/investigating-pod-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-pod-status_{context}"]
 = Reviewing pod status
 
@@ -10,7 +10,12 @@ You can query pod status and error states. You can also query a pod's associated
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * `skopeo` is installed.
 
diff --git a/modules/reviewing-the-installation-log.adoc b/modules/reviewing-the-installation-log.adoc
index 74579758f37c..a49f9a883d48 100644
--- a/modules/reviewing-the-installation-log.adoc
+++ b/modules/reviewing-the-installation-log.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reviewing-the-installation-log_{context}"]
 = Reviewing the installation log
 
@@ -31,7 +31,7 @@ Cluster credentials are included at the end of the log if the installation is su
 time="2020-12-03T09:50:47Z" level=info msg="Install complete!"
 time="2020-12-03T09:50:47Z" level=info msg="To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/myuser/install_dir/auth/kubeconfig'"
 time="2020-12-03T09:50:47Z" level=info msg="Access the OpenShift web-console here: https://console-openshift-console.apps.mycluster.example.com"
-time="2020-12-03T09:50:47Z" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"6zYIx-ckbW3-4d2Ne-IWvDF\""
+time="2020-12-03T09:50:47Z" level=info msg="Login to the console with user: \"kubeadmin\", and password: \"password\""
 time="2020-12-03T09:50:47Z" level=debug msg="Time elapsed per stage:"
 time="2020-12-03T09:50:47Z" level=debug msg="    Infrastructure: 6m45s"
 time="2020-12-03T09:50:47Z" level=debug msg="Bootstrap Complete: 11m30s"
diff --git a/modules/rhcos-about.adoc b/modules/rhcos-about.adoc
index 8f7e107be519..84210c769404 100644
--- a/modules/rhcos-about.adoc
+++ b/modules/rhcos-about.adoc
@@ -2,7 +2,7 @@
 //
 // * architecture/architecture-rhcos.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rhcos-about_{context}"]
 = About {op-system}
 
@@ -25,7 +25,7 @@ The following list describes key features of the {op-system} operating system:
 
 * **CRI-O container runtime**: Although {op-system} contains features for running the OCI- and libcontainer-formatted containers that Docker requires, it incorporates the CRI-O container engine instead of the Docker container engine. By focusing on features needed by Kubernetes platforms, such as {product-title}, CRI-O can offer specific compatibility with different Kubernetes versions. CRI-O also offers a smaller footprint and reduced attack surface than is possible with container engines that offer a larger feature set. At the moment, CRI-O is the only engine available within {product-title} clusters.
 +
-CRI-O can use either the runC or crun container runtime to start and manage containers. For information about how to enable crun, see the documentation for creating a `ContainerRuntimeConfig` CR. 
+CRI-O can use either the runC or crun container runtime to start and manage containers. For information about how to enable crun, see the documentation for creating a `ContainerRuntimeConfig` CR.
 
 * **Set of container tools**: For tasks such as building, copying, and otherwise managing containers, {op-system} replaces the Docker CLI tool with a compatible set of container tools. The podman CLI tool supports many container runtime features, such as running, starting, stopping, listing, and removing containers and container images. The skopeo CLI tool can copy, authenticate, and sign images. You can use the `crictl` CLI tool to work with containers and pods from the CRI-O container engine. While direct use of these tools in {op-system} is discouraged, you can use them for debugging purposes.
 
@@ -83,7 +83,7 @@ To accomplish these tasks, you can augment the `openshift-install` process to in
 
 Differences between {op-system} installations for {product-title} are based on whether you are deploying on an infrastructure provisioned by the installer or by the user:
 
-* **Installer-provisioned**: Some cloud environments offer pre-configured infrastructures that allow you to bring up an {product-title} cluster with minimal configuration. For these types of installations, you can supply Ignition configs that place content on each node so it is there when the cluster first boots.
+* **Installer-provisioned**: Some cloud environments offer preconfigured infrastructures that allow you to bring up an {product-title} cluster with minimal configuration. For these types of installations, you can supply Ignition configs that place content on each node so it is there when the cluster first boots.
 
 * **User-provisioned**: If you are provisioning your own infrastructure, you have more flexibility in how you add content to a {op-system} node. For example, you could add kernel arguments when you boot the {op-system} ISO installer to install each system. However, in most cases where configuration is required on the operating system itself, it is best to provide that configuration through an Ignition config.
 
diff --git a/modules/rhcos-add-extensions.adoc b/modules/rhcos-add-extensions.adoc
index 99822551e779..862021af5664 100644
--- a/modules/rhcos-add-extensions.adoc
+++ b/modules/rhcos-add-extensions.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhcos-add-extensions_{context}"]
 
 = Adding extensions to {op-system}
@@ -94,7 +94,7 @@ $ oc get node | grep worker
 [source,terminal]
 ----
 NAME                                        STATUS  ROLES    AGE   VERSION
-ip-10-0-169-2.us-east-2.compute.internal    Ready   worker   102m  v1.26.0
+ip-10-0-169-2.us-east-2.compute.internal    Ready   worker   102m  v1.28.5
 ----
 +
 [source,terminal]
diff --git a/modules/rhcos-enabling-multipath-day-1-power.adoc b/modules/rhcos-enabling-multipath-day-1-power.adoc
index 8815db8127ab..5e5534b81226 100644
--- a/modules/rhcos-enabling-multipath-day-1-power.adoc
+++ b/modules/rhcos-enabling-multipath-day-1-power.adoc
@@ -3,11 +3,11 @@
 // * installing/installing_bibm_power/installing-ibm-power.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhcos-enabling-multipathday-1-power_{context}"]
 = Enabling multipathing with kernel arguments on {op-system}
 
-In {product-title} 4.9 or later, during installation, you can enable multipathing for provisioned nodes.  {op-system} supports multipathing on the primary disk. Multipathing provides added benefits of stronger resilience to hardware failure to achieve higher host availability.
+In {product-title} version {product-version}, during installation, you can enable multipathing for provisioned nodes. {op-system} supports multipathing on the primary disk. Multipathing provides added benefits of stronger resilience to hardware failure to achieve higher host availability.
 
 During the initial cluster creation, you might want to add kernel arguments to all master or worker nodes. To add kernel arguments to master or worker nodes, you can create a `MachineConfig` object and inject that object into the set of manifest files used by Ignition during cluster setup.
 
@@ -60,7 +60,7 @@ You can now continue on to create the cluster.
 
 [IMPORTANT]
 ====
-Additional post-installation steps are required to fully enable multipathing. For more information, see “Enabling multipathing with kernel arguments on {op-system}" in _Post-installation machine configuration tasks_.
+Additional postinstallation steps are required to fully enable multipathing. For more information, see “Enabling multipathing with kernel arguments on {op-system}" in _Postinstallation machine configuration tasks_.
 ====
 
 In case of MPIO failure, use the bootlist command to update the boot device list with alternate logical device names.
diff --git a/modules/rhcos-enabling-multipath-day-2.adoc b/modules/rhcos-enabling-multipath-day-2.adoc
index de3d0d95ff10..79164a8b0198 100644
--- a/modules/rhcos-enabling-multipath-day-2.adoc
+++ b/modules/rhcos-enabling-multipath-day-2.adoc
@@ -2,11 +2,11 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhcos-enabling-multipath-day-2_{context}"]
 = Enabling multipathing with kernel arguments on {op-system}
 
-{op-system-first} supports multipathing on the primary disk, allowing stronger resilience to hardware failure to achieve higher host availability. Post-installation support is available by activating multipathing via the machine config.
+{op-system-first} supports multipathing on the primary disk, allowing stronger resilience to hardware failure to achieve higher host availability. Postinstallation support is available by activating multipathing via the machine config.
 
 [IMPORTANT]
 ====
@@ -14,7 +14,7 @@ Enabling multipathing during installation is supported and recommended for nodes
 ====
 [IMPORTANT]
 ====
-On {ibmzProductName} and {linuxoneProductName}, you can enable multipathing only if you configured your cluster for it during installation. For more information, see "Installing {op-system} and starting the {product-title} bootstrap process" in _Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName}_.
+On {ibm-z-name} and {ibm-linuxone-name}, you can enable multipathing only if you configured your cluster for it during installation. For more information, see "Installing {op-system} and starting the {product-title} bootstrap process" in _Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}_.
 ====
 // Add xref once it's allowed.
 
@@ -25,7 +25,7 @@ On {ibmzProductName} and {linuxoneProductName}, you can enable multipathing only
 
 .Procedure
 
-. To enable multipathing post-installation on control plane nodes:
+. To enable multipathing postinstallation on control plane nodes:
 
 * Create a machine config file, such as `99-master-kargs-mpath.yaml`, that instructs the cluster to add the `master` label and that identifies the multipath kernel argument, for example:
 +
@@ -43,7 +43,7 @@ spec:
     - 'root=/dev/disk/by-label/dm-mpath-root'
 ----
 
-. To enable multipathing post-installation on worker nodes:
+. To enable multipathing postinstallation on worker nodes:
 
 * Create a machine config file, such as `99-worker-kargs-mpath.yaml`, that instructs the cluster to add the `worker` label and that identifies the multipath kernel argument, for example:
 +
@@ -105,12 +105,12 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS                     ROLES    AGE   VERSION
-ip-10-0-136-161.ec2.internal   Ready                      worker   28m   v1.26.0
-ip-10-0-136-243.ec2.internal   Ready                      master   34m   v1.26.0
-ip-10-0-141-105.ec2.internal   Ready,SchedulingDisabled   worker   28m   v1.26.0
-ip-10-0-142-249.ec2.internal   Ready                      master   34m   v1.26.0
-ip-10-0-153-11.ec2.internal    Ready                      worker   28m   v1.26.0
-ip-10-0-153-150.ec2.internal   Ready                      master   34m   v1.26.0
+ip-10-0-136-161.ec2.internal   Ready                      worker   28m   v1.28.5
+ip-10-0-136-243.ec2.internal   Ready                      master   34m   v1.28.5
+ip-10-0-141-105.ec2.internal   Ready,SchedulingDisabled   worker   28m   v1.28.5
+ip-10-0-142-249.ec2.internal   Ready                      master   34m   v1.28.5
+ip-10-0-153-11.ec2.internal    Ready                      worker   28m   v1.28.5
+ip-10-0-153-150.ec2.internal   Ready                      master   34m   v1.28.5
 ----
 +
 You can see that scheduling on each worker node is disabled as the change is being applied.
diff --git a/modules/rhcos-enabling-multipath.adoc b/modules/rhcos-enabling-multipath.adoc
index 81e2892e7d4a..480f73b96dd7 100644
--- a/modules/rhcos-enabling-multipath.adoc
+++ b/modules/rhcos-enabling-multipath.adoc
@@ -4,35 +4,29 @@
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhcos-enabling-multipath_{context}"]
 = Enabling multipathing with kernel arguments on {op-system}
 
 {op-system} supports multipathing on the primary disk, allowing stronger resilience to hardware failure to achieve higher host availability.
 
-You can enable multipathing at installation time for nodes that were provisioned in {product-title} 4.8 or later. While post-installation support is available by activating multipathing via the machine config, enabling multipathing during installation is recommended.
+You can enable multipathing at installation time for nodes that were provisioned in {product-title} 4.8 or later. While postinstallation support is available by activating multipathing via the machine config, enabling multipathing during installation is recommended.
 
 In setups where any I/O to non-optimized paths results in I/O system errors, you must enable multipathing at installation time.
 
 [IMPORTANT]
 ====
-On {ibmzProductName} and {linuxoneProductName}, you can enable multipathing only if you configured your cluster for it during installation. For more information, see "Installing {op-system} and starting the {product-title} bootstrap process" in _Installing a cluster with z/VM on {ibmzProductName} and {linuxoneProductName}_.
+On {ibm-z-name} and {ibm-linuxone-name}, you can enable multipathing only if you configured your cluster for it during installation. For more information, see "Installing {op-system} and starting the {product-title} bootstrap process" in _Installing a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}_.
 ====
 // Add xref once it's allowed.
 
 The following procedure enables multipath at installation time and appends kernel arguments to the `coreos-installer install` command so that the installed system itself will use multipath beginning from the first boot.
 
-.Prerequisites
-
-* You have a running {product-title} cluster that uses version 4.8 or later.
-+
 [NOTE]
 ====
 {product-title} does not support enabling multipathing as a day-2 activity on nodes that have been upgraded from 4.6 or earlier.
 ====
 
-* You are logged in to the cluster as a user with administrative privileges.
-
 .Procedure
 
 . To enable multipath and start the `multipathd` daemon, run the following command:
diff --git a/modules/rhcos-load-firmware-blobs.adoc b/modules/rhcos-load-firmware-blobs.adoc
index 8e4e7ee6561a..48c049c9b321 100644
--- a/modules/rhcos-load-firmware-blobs.adoc
+++ b/modules/rhcos-load-firmware-blobs.adoc
@@ -2,7 +2,7 @@
 //
 // * post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhcos-load-firmware-blobs_{context}"]
 = Loading custom firmware blobs in the machine config manifest
 
@@ -18,10 +18,10 @@ See "Creating machine configs with Butane" for information about Butane.
 ====
 .Butane config file for custom firmware blob
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   labels:
     machineconfiguration.openshift.io/role: worker
diff --git a/modules/rhel-adding-more-nodes.adoc b/modules/rhel-adding-more-nodes.adoc
index a0915e55de07..b0850ae47a19 100644
--- a/modules/rhel-adding-more-nodes.adoc
+++ b/modules/rhel-adding-more-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * machine_management/more-rhel-compute.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-adding-more-nodes_{context}"]
 = Adding more RHEL compute machines to your cluster
 
diff --git a/modules/rhel-adding-node.adoc b/modules/rhel-adding-node.adoc
index e6db95f2bf1e..6a5c6fcdc33c 100644
--- a/modules/rhel-adding-node.adoc
+++ b/modules/rhel-adding-node.adoc
@@ -3,7 +3,7 @@
 // * machine_management/adding-rhel-compute.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-adding-node_{context}"]
 = Adding a RHEL compute machine to your cluster
 
diff --git a/modules/rhel-attaching-instance-aws.adoc b/modules/rhel-attaching-instance-aws.adoc
index 036910c7649b..24f2394123d1 100644
--- a/modules/rhel-attaching-instance-aws.adoc
+++ b/modules/rhel-attaching-instance-aws.adoc
@@ -4,7 +4,7 @@
 // * machine_management/more-rhel-compute.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-attaching-instance-aws_{context}"]
 = Attaching the role permissions to {op-system-base} instance in AWS
 
diff --git a/modules/rhel-compute-about-hooks.adoc b/modules/rhel-compute-about-hooks.adoc
index 4ff4b1595e08..2290996138f0 100644
--- a/modules/rhel-compute-about-hooks.adoc
+++ b/modules/rhel-compute-about-hooks.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rhel-compute-about-hooks_{context}"]
 = About Ansible hooks for updates
 
diff --git a/modules/rhel-compute-available-hooks.adoc b/modules/rhel-compute-available-hooks.adoc
index 4295851576ef..8ca51b307ffc 100644
--- a/modules/rhel-compute-available-hooks.adoc
+++ b/modules/rhel-compute-available-hooks.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
 
 [id="rhel-compute-available-hooks_{context}"]
 = Available hooks for RHEL compute machines
diff --git a/modules/rhel-compute-overview.adoc b/modules/rhel-compute-overview.adoc
index 7552f9d5fdd6..a2432b98061e 100644
--- a/modules/rhel-compute-overview.adoc
+++ b/modules/rhel-compute-overview.adoc
@@ -4,13 +4,13 @@
 // * machine_management/more-rhel-compute.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rhel-compute-overview_{context}"]
 = About adding RHEL compute nodes to a cluster
 
 In {product-title} {product-version}, you have the option of using {op-system-base-full} machines as compute machines in your cluster if you use a user-provisioned or installer-provisioned infrastructure installation on the `x86_64` architecture. You must use {op-system-first} machines for the control plane machines in your cluster.
 
-If you choose to use {op-system-base} compute machines in your cluster, you are responsible for all operating system life cycle management and maintenance. You must perform system updates, apply patches, and complete all other required tasks. 
+If you choose to use {op-system-base} compute machines in your cluster, you are responsible for all operating system life cycle management and maintenance. You must perform system updates, apply patches, and complete all other required tasks.
 
 For installer-provisioned infrastructure clusters, you must manually add {op-system-base} compute machines because automatic scaling in installer-provisioned infrastructure clusters adds Red Hat Enterprise Linux CoreOS (RHCOS) compute machines by default.
 
diff --git a/modules/rhel-compute-requirements.adoc b/modules/rhel-compute-requirements.adoc
index 1f2c298d1de0..ce052a2f83c9 100644
--- a/modules/rhel-compute-requirements.adoc
+++ b/modules/rhel-compute-requirements.adoc
@@ -19,7 +19,7 @@ ifdef::openshift-origin[]
 ** Base OS: CentOS 7.4.
 endif::[]
 ifdef::openshift-enterprise,openshift-webscale[]
-** Base OS: link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_a_standard_rhel_installation/index[{op-system-base} 8.6, 8.7, or 8.8] with "Minimal" installation option.
+** Base OS: link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_a_standard_rhel_installation/index[{op-system-base} 8.6 and later] with "Minimal" installation option.
 +
 [IMPORTANT]
 ====
@@ -33,7 +33,7 @@ For the most recent list of major functionality that has been deprecated or remo
 
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on `x86_64`, `ppc64le`, and `s390x` architectures.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 endif::[]
 ** NetworkManager 1.0 or later.
diff --git a/modules/rhel-compute-updating.adoc b/modules/rhel-compute-updating.adoc
index d8c9da9c48ca..6f1c57e5d31c 100644
--- a/modules/rhel-compute-updating.adoc
+++ b/modules/rhel-compute-updating.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-compute-updating-minor_{context}"]
 = Updating {op-system-base} compute machines in your cluster
 
@@ -10,7 +10,7 @@ After you update your cluster, you must update the {op-system-base-full} compute
 
 [IMPORTANT]
 ====
-{op-system-base-full} versions 8.6, 8.7 and 8.8 are supported for {op-system-base} compute machines.
+{op-system-base-full} versions 8.6 and later are supported for {op-system-base} compute machines.
 ====
 
 You can also update your compute machines to another minor version of {product-title} if you are using {op-system-base} as the operating system. You do not need to exclude any RPM packages from {op-system-base} when performing a minor version update.
@@ -50,10 +50,10 @@ By default, the base OS RHEL with "Minimal" installation option enables firewall
 . Enable the repositories that are required for {product-title} {product-version}:
 .. On the machine that you run the Ansible playbooks, update the required repositories:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-# subscription-manager repos --disable=rhocp-4.11-for-rhel-8-x86_64-rpms \
-                             --enable=rhocp-4.13-for-rhel-8-x86_64-rpms
+# subscription-manager repos --disable=rhocp-4.14-for-rhel-8-x86_64-rpms \
+                             --enable=rhocp-{product-version}-for-rhel-8-x86_64-rpms
 ----
 +
 [IMPORTANT]
@@ -70,10 +70,10 @@ As of {product-title} 4.11, the Ansible playbooks are provided only for {op-syst
 
 .. On each {op-system-base} compute node, update the required repositories:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-# subscription-manager repos --disable=rhocp-4.11-for-rhel-8-x86_64-rpms \
-                             --enable=rhocp-4.13-for-rhel-8-x86_64-rpms
+# subscription-manager repos --disable=rhocp-4.14-for-rhel-8-x86_64-rpms \
+                             --enable=rhocp-{product-version}-for-rhel-8-x86_64-rpms
 ----
 
 . Update a {op-system-base} worker machine:
@@ -125,13 +125,13 @@ The `upgrade` playbook only updates the {product-title} packages. It does not up
 [source,terminal]
 ----
 NAME                        STATUS                        ROLES    AGE    VERSION
-mycluster-control-plane-0   Ready                         master   145m   v1.26.0
-mycluster-control-plane-1   Ready                         master   145m   v1.26.0
-mycluster-control-plane-2   Ready                         master   145m   v1.26.0
-mycluster-rhel8-0           Ready                         worker   98m    v1.26.0
-mycluster-rhel8-1           Ready                         worker   98m    v1.26.0
-mycluster-rhel8-2           Ready                         worker   98m    v1.26.0
-mycluster-rhel8-3           Ready                         worker   98m    v1.26.0
+mycluster-control-plane-0   Ready                         master   145m   v1.28.5
+mycluster-control-plane-1   Ready                         master   145m   v1.28.5
+mycluster-control-plane-2   Ready                         master   145m   v1.28.5
+mycluster-rhel8-0           Ready                         worker   98m    v1.28.5
+mycluster-rhel8-1           Ready                         worker   98m    v1.28.5
+mycluster-rhel8-2           Ready                         worker   98m    v1.28.5
+mycluster-rhel8-3           Ready                         worker   98m    v1.28.5
 ----
 
 . Optional: Update the operating system packages that were not updated by the `upgrade` playbook. To update packages that are not on {product-version}, use the following command:
diff --git a/modules/rhel-compute-using-hooks.adoc b/modules/rhel-compute-using-hooks.adoc
index 86bbe39fb8cb..87143fee7df1 100644
--- a/modules/rhel-compute-using-hooks.adoc
+++ b/modules/rhel-compute-using-hooks.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-compute-using-hooks_{context}"]
 = Configuring the Ansible inventory file to use hooks
 
diff --git a/modules/rhel-images-aws.adoc b/modules/rhel-images-aws.adoc
index 2388bd297028..24e0609a0444 100644
--- a/modules/rhel-images-aws.adoc
+++ b/modules/rhel-images-aws.adoc
@@ -3,7 +3,7 @@
 // * machine_management/adding-rhel-compute.adoc
 // * machine_management/more-rhel-compute.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-images-aws_{context}"]
 = Listing latest available RHEL images on AWS
 
diff --git a/modules/rhel-preparing-node.adoc b/modules/rhel-preparing-node.adoc
index 13c71d57d0d1..c1fd07e0fb48 100644
--- a/modules/rhel-preparing-node.adoc
+++ b/modules/rhel-preparing-node.adoc
@@ -7,7 +7,7 @@
 [id="rhel-preparing-node_{context}"]
 = Preparing a RHEL compute node
 
-Before you add a Red Hat Enterprise Linux (RHEL) machine to your {product-title} cluster, you must register each host with Red Hat Subscription Manager (RHSM), attach an active {product-title} subscription, and enable the required repositories.
+Before you add a Red Hat Enterprise Linux (RHEL) machine to your {product-title} cluster, you must register each host with Red Hat Subscription Manager (RHSM), attach an active {product-title} subscription, and enable the required repositories. Ensure `NetworkManager` is enabled and configured to control all interfaces on the host.
 
 . On each host, register with RHSM:
 +
@@ -70,12 +70,12 @@ Note that this might take a few minutes if you have a large number of available
 
 . Enable only the repositories required by {product-title} {product-version}:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 # subscription-manager repos \
     --enable="rhel-8-for-x86_64-baseos-rpms" \
     --enable="rhel-8-for-x86_64-appstream-rpms" \
-    --enable="rhocp-4.13-for-rhel-8-x86_64-rpms" \
+    --enable="rhocp-{product-version}-for-rhel-8-x86_64-rpms" \
     --enable="fast-datapath-for-rhel-8-x86_64-rpms"
 ----
 
diff --git a/modules/rhel-preparing-playbook-machine.adoc b/modules/rhel-preparing-playbook-machine.adoc
index 14cff73c8ccc..f59cba01eca5 100644
--- a/modules/rhel-preparing-playbook-machine.adoc
+++ b/modules/rhel-preparing-playbook-machine.adoc
@@ -3,7 +3,7 @@
 // * machine_management/adding-rhel-compute.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-preparing-playbook-machine_{context}"]
 = Preparing the machine to run the playbook
 
@@ -58,12 +58,12 @@ If you use SSH key-based authentication, you must manage the key with an SSH age
 
 . Enable the repositories required by {product-title} {product-version}:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 # subscription-manager repos \
     --enable="rhel-8-for-x86_64-baseos-rpms" \
     --enable="rhel-8-for-x86_64-appstream-rpms" \
-    --enable="rhocp-4.13-for-rhel-8-x86_64-rpms"
+    --enable="rhocp-{product-version}-for-rhel-8-x86_64-rpms"
 ----
 
 . Install the required packages, including `openshift-ansible`:
diff --git a/modules/rhel-removing-rhcos.adoc b/modules/rhel-removing-rhcos.adoc
index 48165f45ddec..9bb42cbe6a94 100644
--- a/modules/rhel-removing-rhcos.adoc
+++ b/modules/rhel-removing-rhcos.adoc
@@ -3,7 +3,7 @@
 // * machine_management/adding-rhel-compute.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-removing-rhcos_{context}"]
 = Optional: Removing RHCOS compute machines from a cluster
 
diff --git a/modules/rhel-worker-tag.adoc b/modules/rhel-worker-tag.adoc
index 05eba285c88a..150312cf0c63 100644
--- a/modules/rhel-worker-tag.adoc
+++ b/modules/rhel-worker-tag.adoc
@@ -4,7 +4,7 @@
 // * machine_management/more-rhel-compute.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rhel-worker-tag_{context}"]
 = Tagging a {op-system-base} worker node as owned or shared
 
diff --git a/modules/risks-setting-higher-process-id-limits.adoc b/modules/risks-setting-higher-process-id-limits.adoc
new file mode 100644
index 000000000000..2842ba96d7a4
--- /dev/null
+++ b/modules/risks-setting-higher-process-id-limits.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-configuring-pid-limits.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="risks-setting-higher-process-id-limits_{context}"]
+= Risks of setting higher process ID limits for {product-title} pods
+
+The `podPidsLimit` parameter for a pod controls the maximum number of processes and threads that can run simultaneously in that pod.
+
+You can increase the value for `podPidsLimit` from the default of 4,096 to a maximum of 16,384. Changing this value might incur downtime for applications, because changing the `podPidsLimit` requires rebooting the affected node.
+
+If you are running a large number of pods per node, and you have a high `podPidsLimit` value on your nodes, you risk exceeding the PID maximum for the node.
+
+To find the maximum number of pods that you can run simultaneously on a single node without exceeding the PID maximum for the node, divide 3,650,000 by your `podPidsLimit` value. For example, if your `podPidsLimit` value is 16,384, and you expect the pods to use close to that number of process IDs, you can safely run 222 pods on a single node.
+
+[NOTE]
+====
+Memory, CPU, and available storage can also limit the maximum number of pods that can run simultaneously, even when the `podPidsLimit` value is set appropriately. For more information, see "Planning your environment" and "Limits and scalability".
+====
diff --git a/modules/rodoo-about.adoc b/modules/rodoo-about.adoc
index 8e3910b5d4b8..567bd59e424a 100644
--- a/modules/rodoo-about.adoc
+++ b/modules/rodoo-about.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/pods/run_once_duration_override/index.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="run-once-about_{context}"]
 = About the {run-once-operator}
 
diff --git a/modules/rodoo-enable-override.adoc b/modules/rodoo-enable-override.adoc
index dc2512f16e9a..7ac60e761c4b 100644
--- a/modules/rodoo-enable-override.adoc
+++ b/modules/rodoo-enable-override.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rodoo-enable-override_{context}"]
 = Enabling the run-once duration override on a namespace
 
diff --git a/modules/rodoo-install-operator.adoc b/modules/rodoo-install-operator.adoc
index 990c4939fe55..37059ba7ea03 100644
--- a/modules/rodoo-install-operator.adoc
+++ b/modules/rodoo-install-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rodoo-install-operator_{context}"]
 = Installing the {run-once-operator}
 
diff --git a/modules/rodoo-uninstall-operator.adoc b/modules/rodoo-uninstall-operator.adoc
index 07efc9e2b284..ab0cf8f0558e 100644
--- a/modules/rodoo-uninstall-operator.adoc
+++ b/modules/rodoo-uninstall-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/pods/run_once_duration_override/run-once-duration-override-uninstall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rodoo-uninstall-operator_{context}"]
 = Uninstalling the {run-once-operator}
 
diff --git a/modules/rodoo-uninstall-resources.adoc b/modules/rodoo-uninstall-resources.adoc
index ed7889077ff1..34b830ece26f 100644
--- a/modules/rodoo-uninstall-resources.adoc
+++ b/modules/rodoo-uninstall-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/pods/run_once_duration_override/run-once-duration-override-uninstall.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rodoo-uninstall-resources_{context}"]
 = Uninstalling {run-once-operator} resources
 
diff --git a/modules/rodoo-update-active-deadline-seconds.adoc b/modules/rodoo-update-active-deadline-seconds.adoc
index e676ebe5b296..6ea36b9b5995 100644
--- a/modules/rodoo-update-active-deadline-seconds.adoc
+++ b/modules/rodoo-update-active-deadline-seconds.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rodoo-update-active-deadline-seconds_{context}"]
 = Updating the run-once active deadline override value
 
diff --git a/modules/rosa-about.adoc b/modules/rosa-about.adoc
index 5c12bb1ef3c7..d14a859b3b54 100644
--- a/modules/rosa-about.adoc
+++ b/modules/rosa-about.adoc
@@ -4,9 +4,9 @@
 //
 // * rosa_cli/rosa-get-started-cli.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-about_{context}"]
-= About the {product-title} (ROSA) CLI, `rosa`
+= About the ROSA CLI
 
 
-Use the `rosa` command-line utility for {product-title} (ROSA) to create, update, manage, and delete {product-title} clusters and resources.
+Use the {product-title} (ROSA) command-line interface (CLI), the `rosa` command, to create, update, manage, and delete ROSA clusters and resources.
diff --git a/modules/rosa-access-approval-review.adoc b/modules/rosa-access-approval-review.adoc
new file mode 100644
index 000000000000..1542e01b4b2a
--- /dev/null
+++ b/modules/rosa-access-approval-review.adoc
@@ -0,0 +1,100 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="rosa-policy-access-approval_{context}"]
+= Access approval and review
+New SRE user access requires management approval. Separated or transferred SRE accounts are removed as authorized users through an automated process. Additionally, the SRE performs periodic access review, including management sign-off of authorized user lists.
+
+The access and identity authorization table includes responsibilities for managing authorized access to clusters, applications, and infrastructure resources. This includes tasks such as providing access control mechanisms, authentication, authorization, and managing access to resources.
+
+[cols="2a,3a,3a",options="header"]
+|===
+|Resource
+|Service responsibilities
+|Customer responsibilities
+
+|Logging
+|**Red Hat**
+
+- Adhere to an industry standards-based tiered internal access process for platform audit logs.
+
+- Provide native OpenShift RBAC capabilities.
+
+|- Configure OpenShift RBAC to control access to projects and by extension a project's application logs.
+- For third-party or custom application logging solutions, the customer is responsible for access management.
+
+|Application networking
+|**Red Hat**
+
+- Provide native OpenShift RBAC and `dedicated-admin` capabilities.
+
+|- Configure OpenShift `dedicated-admin` and RBAC to control access to route configuration as required.
+- Manage organization administrators for Red Hat to grant access to {cluster-manager}. The cluster manager is used to configure router options and provide service load balancer quota.
+
+|Cluster networking
+|**Red Hat**
+
+- Provide customer access controls through {cluster-manager}.
+
+- Provide native OpenShift RBAC and `dedicated-admin` capabilities.
+
+|- Manage Red Hat organization membership of Red Hat accounts.
+- Manage organization administrators for Red Hat to grant access to {cluster-manager}.
+- Configure OpenShift `dedicated-admin` and RBAC to control access to route configuration as required.
+
+|Virtual networking management
+|**Red Hat**
+
+- Provide customer access controls through {cluster-manager}.
+
+|- Manage optional user access to AWS components through {cluster-manager}.
+
+|Virtual storage management
+|**Red Hat**
+
+- Provide customer access controls through
+Red Hat OpenShift Cluster Manager.
+
+|- Manage optional user access to AWS components through {cluster-manager}.
+- Create AWS IAM roles and attached policies necessary to enable ROSA service access.
+
+|Virtual compute management
+|**Red Hat**
+
+- Provide customer access controls through
+Red Hat OpenShift Cluster Manager.
+
+|- Manage optional user access to AWS components through {cluster-manager}.
+- Create AWS IAM roles and attached policies necessary to enable ROSA service access.
+
+|AWS software (public AWS services)
+|**AWS**
+
+**Compute:** Provide the Amazon EC2 service, used for ROSA control plane, infrastructure, and worker nodes.
+
+**Storage:** Provide Amazon EBS, used to allow ROSA to provision local node storage and persistent volume storage for the cluster.
+
+**Storage:** Provide Amazon S3, used for the service's built-in image registry.
+
+**Networking:** Provide AWS Identity and Access Management (IAM), used by customers to control access to ROSA resources running on customer accounts.
+
+|- Create AWS IAM roles and attached policies necessary to enable ROSA service access.
+
+- Use IAM tools to apply the appropriate permissions to AWS
+resources in the customer account.
+
+- To enable ROSA across your AWS organization, the customer is
+responsible for managing AWS Organizations administrators.
+
+- To enable ROSA across your AWS organization, the customer is
+responsible for distributing the ROSA entitlement grant using AWS License Manager.
+
+|Hardware and AWS global infrastructure
+|**AWS**
+
+- For information about physical access controls for AWS data centers, see link:https://aws.amazon.com/compliance/data-center/controls/[Our Controls] on the AWS Cloud Security page.
+|- Customer is not responsible for AWS global infrastructure.
+|===
\ No newline at end of file
diff --git a/modules/rosa-accessing-your-cluster-quick.adoc b/modules/rosa-accessing-your-cluster-quick.adoc
index 6dc1428cb80f..a126680c0819 100644
--- a/modules/rosa-accessing-your-cluster-quick.adoc
+++ b/modules/rosa-accessing-your-cluster-quick.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-accessing-your-cluster-quick_{context}"]
 = Accessing your cluster quickly
 
diff --git a/modules/rosa-accessing-your-cluster.adoc b/modules/rosa-accessing-your-cluster.adoc
index d7b0f1dbd63a..6c2e94a0667a 100644
--- a/modules/rosa-accessing-your-cluster.adoc
+++ b/modules/rosa-accessing-your-cluster.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-accessing-your-cluster_{context}"]
 = Accessing your cluster with an IDP account
 
@@ -22,7 +22,7 @@ To access your cluster using an IDP account:
 . Add an IDP.
 .. The following command creates an IDP backed by GitHub. After running the command, follow the interactive prompts from the output to access your link:https://github.com/settings/developers[GitHub developer settings] and configure a new OAuth application.
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa create idp --cluster=<cluster_name> --interactive
 ----
diff --git a/modules/rosa-adding-node-labels.adoc b/modules/rosa-adding-node-labels.adoc
index 4f665257a72e..02ce21ea7c02 100644
--- a/modules/rosa-adding-node-labels.adoc
+++ b/modules/rosa-adding-node-labels.adoc
@@ -4,7 +4,7 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-adding-node-labels_{context}"]
 = Adding node labels to a machine pool
 
@@ -99,19 +99,28 @@ I: Updated machine pool 'db-nodes-mp' on cluster 'mycluster'
 
 .Verification
 
-. List the available machine pools in your cluster:
+. Describe the details of the machine pool with the new labels:
 +
 [source,terminal]
 ----
-$ rosa list machinepools --cluster=<cluster_name>
+$ rosa describe machinepool --cluster=<cluster_name> <machine-pool-name>
 ----
 +
 .Example output
 [source,terminal]
 ----
-ID           AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS                  TAINTS    AVAILABILITY ZONES    SPOT INSTANCES
-Default      No           2         m5.xlarge                                        us-east-1a            N/A
-db-nodes-mp  No           2         m5.xlarge      app=db, tier=backend              us-east-1a            No
+ID:                         db-nodes-mp
+Cluster ID:                 <ID_of_cluster>
+Autoscaling:                No
+Replicas:                   2
+Instance type:              m5.xlarge
+Labels:                     app=db, tier=backend
+Taints:
+Availability zones:         us-east-1a
+Subnets:
+Spot instances:             No
+Disk size:                  300 GiB
+Security Group IDs:
 ----
 
 . Verify that the labels are included for your machine pool in the output.
diff --git a/modules/rosa-adding-taints-cli.adoc b/modules/rosa-adding-taints-cli.adoc
index bcb3015d3624..6b33ce3c96fe 100644
--- a/modules/rosa-adding-taints-cli.adoc
+++ b/modules/rosa-adding-taints-cli.adoc
@@ -4,12 +4,16 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-adding-taints-cli{context}"]
 = Adding taints to a machine pool using the ROSA CLI
 
 You can add taints to a machine pool for your Red Hat OpenShift Service on AWS (ROSA) cluster by using the ROSA CLI.
 
+[NOTE]
+====
+For users of ROSA CLI `rosa` version 1.2.25 and prior versions, the number of taints cannot be changed within the machine pool (ID=`Default`) created along with the cluster. For users of ROSA CLI `rosa` version 1.2.26 and beyond, the number of taints can be changed within the machine pool (ID=`worker`) created along with the cluster. There must be at least one machine pool without any taints and with at least two replicas for a Single-AZ cluster or three replicas for a Multi-AZ cluster.
+====
 .Prerequisites
 
 ifdef::openshift-rosa[]
@@ -36,9 +40,9 @@ $ rosa list machinepools --cluster=<cluster_name>
 +
 [source,terminal]
 ----
-ID           AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS    TAINTS    AVAILABILITY ZONES    SPOT INSTANCES
-Default      No           2         m5.xlarge                          us-east-1a            N/A
-db-nodes-mp  No           2         m5.xlarge                          us-east-1a            No
+ID           AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS    TAINTS    AVAILABILITY ZONES    SPOT INSTANCES     DISK SIZE   SG IDs
+Default      No           2         m5.xlarge                          us-east-1a            N/A                300 GiB     sg-0e375ff0ec4a6cfa2
+db-nodes-mp  No           2         m5.xlarge                          us-east-1a            No                 300 GiB     sg-0e375ff0ec4a6cfa2
 ----
 
 . Add or update the taints for a machine pool:
@@ -96,19 +100,28 @@ I: Updated machine pool 'db-nodes-mp' on cluster 'mycluster'
 
 .Verification
 
-. List the available machine pools in your cluster by running the following command:
+. Describe the details of the machine pool with the new taints:
 +
 [source,terminal]
 ----
-$ rosa list machinepools --cluster=<cluster_name>
+$ rosa describe machinepool --cluster=<cluster_name> <machine-pool-name>
 ----
 +
 .Example output
 [source,terminal]
 ----
-ID           AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS    TAINTS                                           AVAILABILITY ZONES    SPOT INSTANCES
-Default      No           2         m5.xlarge                                                                 us-east-1a            N/A
-db-nodes-mp  No           2         m5.xlarge                key1=value1:NoSchedule, key2=value2:NoExecute    us-east-1a            No
+ID:                         db-nodes-mp
+Cluster ID:                 <ID_of_cluster>
+Autoscaling:                No
+Replicas:                   2
+Instance type:              m5.xlarge
+Labels:
+Taints:                     key1=value1:NoSchedule, key2=value2:NoExecute
+Availability zones:         us-east-1a
+Subnets:
+Spot instances:             No
+Disk size:                  300 GiB
+Security Group IDs:
 ----
 
 . Verify that the taints are included for your machine pool in the output.
diff --git a/modules/rosa-adding-taints-ocm.adoc b/modules/rosa-adding-taints-ocm.adoc
index 6b21ccfbc6b0..553ac32512e2 100644
--- a/modules/rosa-adding-taints-ocm.adoc
+++ b/modules/rosa-adding-taints-ocm.adoc
@@ -4,9 +4,9 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-adding-taints-ocm{context}"]
-= Adding taints to a machine pool using Openshift Cluster Manager
+= Adding taints to a machine pool using OpenShift Cluster Manager
 
 You can add taints to a machine pool for your Red Hat OpenShift Service on AWS (ROSA) cluster by using OpenShift Cluster Manager.
 
diff --git a/modules/rosa-adding-taints.adoc b/modules/rosa-adding-taints.adoc
index fb2d714f7f6b..a52d22aa94be 100644
--- a/modules/rosa-adding-taints.adoc
+++ b/modules/rosa-adding-taints.adoc
@@ -4,7 +4,7 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-adding-taints_{context}"]
 = Adding taints to a machine pool
 
diff --git a/modules/rosa-adding-tuning.adoc b/modules/rosa-adding-tuning.adoc
index 604401a8c160..c5cb38655799 100644
--- a/modules/rosa-adding-tuning.adoc
+++ b/modules/rosa-adding-tuning.adoc
@@ -2,29 +2,28 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-adding-tuning_{context}"]
 = Adding node tuning to a machine pool
 
-You can add tunings for compute (also known as worker) nodes in a machine pool to control their configuration.
+You can add tunings for compute, also called worker, nodes in a machine pool to control their configuration on {hcp-title-first} clusters.
+
+[NOTE]
+====
+This feature is only supported on {hcp-title-first} clusters.
+====
 
 .Prerequisites
 
-ifdef::openshift-rosa[]
 * You installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your workstation.
-* You logged in to your Red Hat account using the ROSA CLI (`rosa`).
-* You created a ROSA cluster.
-endif::openshift-rosa[]
-ifndef::openshift-rosa[]
-* You created an {product-title} cluster.
-endif::[]
+* You logged in to your Red Hat account by using the ROSA CLI.
+* You created a {hcp-title-first} cluster.
 * You have an existing machine pool.
 * You have an existing tuning configuration.
 
 .Procedure
 
-ifdef::openshift-rosa[]
-. List the machine pools in the cluster:
+. List all of the machine pools in the cluster:
 +
 [source,terminal]
 ----
@@ -35,9 +34,9 @@ $ rosa list machinepools --cluster=<cluster_name>
 +
 [source,terminal]
 ----
-ID           AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS    TAINTS    AVAILABILITY ZONES    SUBNET  VERSION  AUTOREPAIR  TUNING CONFIGS  MESSAGE
-Default      No           2         m5.xlarge                          us-east-1a            N/A     4.12.14  Yes
-db-nodes-mp  No           2         m5.xlarge                          us-east-1a            No      4.12.14  Yes         
+ID          AUTOSCALING  REPLICAS  INSTANCE TYPE [...] AVAILABILITY ZONES  SUBNET  VERSION  AUTOREPAIR  TUNING CONFIGS
+workers      No           2         m5.xlarge    [...] us-east-1a          N/A     4.12.14  Yes
+db-nodes-mp  No           2         m5.xlarge    [...] us-east-1a          No      4.12.14  Yes
 ----
 
 . You can add tuning configurations to an existing or new machine pool.
@@ -82,9 +81,9 @@ $ rosa list machinepools --cluster=<cluster_name>
 .Example output
 [source,terminal]
 ----
-ID          AUTOSCALING  REPLICAS  INSTANCE TYPE  LABELS  TAINTS  AVAILABILITY ZONES  SUBNET  VERSION  AUTOREPAIR  TUNING CONFIGS MESSAGE                                                       
-Default      No           2         m5.xlarge                     us-east-1a          N/A     4.12.14  Yes        
-db-nodes-mp  No           2         m5.xlarge                     us-east-1a          No      4.12.14  Yes          sample-tuning 
+ID          AUTOSCALING  REPLICAS  INSTANCE TYPE [...] AVAILABILITY ZONES  SUBNET  VERSION  AUTOREPAIR  TUNING CONFIGS
+workers      No           2         m5.xlarge    [...] us-east-1a          N/A     4.12.14  Yes
+db-nodes-mp  No           2         m5.xlarge    [...] us-east-1a          No      4.12.14  Yes          sample-tuning
 ----
 
 . Verify that the tuning config is included for your machine pool in the output.
\ No newline at end of file
diff --git a/modules/rosa-architecture-local-zones.adoc b/modules/rosa-architecture-local-zones.adoc
new file mode 100644
index 000000000000..4d8c3371b02a
--- /dev/null
+++ b/modules/rosa-architecture-local-zones.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc
+:_mod-docs-content-type: REFERENCE
+[id="rosa-architecture-local-zones_{context}"]
+= ROSA architecture with Local Zones
+
+ROSA supports the use of AWS Local Zones, which are metropolis-centralized availability zones where customers can place latency-sensitive application workloads within a VPC. Local Zones are extensions of AWS Regions and are not enabled by default. When Local Zones are enabled and configured, the traffic is extended into the Local Zones for greater flexibility and lower latency. For more information, see xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.html[Configuring machine pools in Local Zones].
+
+The following diagram displays a ROSA cluster without traffic routed into a Local Zone.
+
+.ROSA cluster without traffic routed into Local Zones
+image::../images/354_OpenShift_ROSA_Local_Zones_0923_1.png[ROSA cluster without traffic routed into Local Zones]
+
+The following diagram displays a ROSA cluster with traffic routed into a Local Zone.
+
+.ROSA cluster with traffic routed into Local Zones
+image::../images/354_OpenShift_ROSA_Local_Zones_0923_2.png[ROSA cluster with traffic routed into Local Zones]
diff --git a/modules/rosa-architecture.adoc b/modules/rosa-architecture.adoc
index 4706dcae5aa6..0a1a9db10d3d 100644
--- a/modules/rosa-architecture.adoc
+++ b/modules/rosa-architecture.adoc
@@ -7,7 +7,15 @@
 You can install ROSA using either a public or private network. Configure a private cluster and private network connection during or after the cluster creation process.
 Red Hat manages the cluster with limited access through a public network. For more information, see xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA service definition].
 
-.ROSA deployed on public and private networks
-image::156_OpenShift_ROSA_Arch_0621_arch.svg[ROSA deployed on public and private networks]
+.ROSA Classic deployed on public and private networks
+image::156_OpenShift_ROSA_Arch_0621_private_public_classic.png[ROSA deployed on public and private networks]
 
-Alternatively, install a cluster using AWS PrivateLink, which is hosted on private subnets only.
+If you are using {hcp-title-first}, you can create your clusters on public and private networks as well. The following images depict the architecture of both public and private networks.
+
+.ROSA with HCP deployed on a public network
+image::ROSA-HCP-and-ROSA-Classic-public.png[ROSA with HCP deployed on a public network]
+
+.ROSA with HCP deployed on a private network
+image::ROSA-HCP-and-ROSA-Classic-private.png[ROSA with HCP deployed on a private network]
+
+Alternatively, you can install a ROSA Classic cluster using AWS PrivateLink, which is hosted on private subnets only.
diff --git a/modules/rosa-attaching-the-policy.adoc b/modules/rosa-attaching-the-policy.adoc
new file mode 100644
index 000000000000..58f73768835f
--- /dev/null
+++ b/modules/rosa-attaching-the-policy.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * rosa-adding-additional-constraints-for-ip-based-aws-role-assumption/rosa-attaching-the-policy.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-attaching-the-policy_{context}"]
+= Attaching the identity-based IAM policy
+
+Once you have created an identity-based IAM policy, attach it to the relevant IAM users, groups, or roles in your AWS account to prevent IP-based role assumption for those entities.
+
+.Procedure
+
+. Navigate to the IAM console in the AWS Management Console.
+. Select the default IAM `ManagedOpenShift-Support-Role` role to which you want to attach the policy.
++
+[NOTE]
+====
+You can change the default IAM `ManagedOpenShift-Support-Role` role. For more information about roles, see link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-sre-access.html#rosa-policy-rh-access_rosa-sre-access[Red Hat support access].
+====
++
+. In the *Permissions* tab, select *Add Permissions* or *Create inline policy* from the *Add Permissions* drop-down list.
+. Search for the policy you created earlier by:
+.. Entering the policy name.
+.. Filtering by the appropriate category.
+. Select the policy and click *Attach policy*.
+
+[IMPORTANT]
+====
+To ensure effective IP-based role assumption prevention, you must keep the allowlisted IPs up to date. Failure to do so may result in Red Hat site reliability engineering (SRE) being unable to access your account and affect your SLA. If you have further questions or require assistance, please reach out to our support team.
+====
+
diff --git a/modules/rosa-aws-privatelink-create-cluster.adoc b/modules/rosa-aws-privatelink-create-cluster.adoc
index 131678899973..d13df60385cc 100644
--- a/modules/rosa-aws-privatelink-create-cluster.adoc
+++ b/modules/rosa-aws-privatelink-create-cluster.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
 // * rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc
-:_content-type: PROCEDURE
-[id="rosa-aws-privatelink-create-cluster.adoc_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-aws-privatelink-create-cluster_{context}"]
 = Creating an AWS PrivateLink cluster
 
 You can create an AWS PrivateLink cluster using the {product-title} (ROSA) CLI, `rosa`.
@@ -14,13 +14,15 @@ AWS PrivateLink is supported on existing VPCs only.
 
 .Prerequisites
 
-You have installed {product-title}.
+* You have available AWS service quotas.
+* You have enabled the ROSA service in the AWS Console.
+* You have installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your installation host.
 
 .Procedure
 
 Creating a cluster can take up to 40 minutes.
 
-. With AWS PrivateLink, you can create a cluster with a single availability zone (Single-AZ) or multiple availability zones (Multi-AZ). In either case, your machine's  classless inter-domain routing (CIDR) must match your virtual private cloud's CIDR. See https://docs.openshift.com/container-platform/4.7/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-requirements_installing-aws-vpc[Requirements for using your own VPC] and link:https://docs.openshift.com/container-platform/4.7/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-validation_installing-aws-vpc[VPC Validation] for more information.
+. With AWS PrivateLink, you can create a cluster with a single availability zone (Single-AZ) or multiple availability zones (Multi-AZ). In either case, your machine's classless inter-domain routing (CIDR) must match your virtual private cloud's CIDR. See https://docs.openshift.com/container-platform/4.13/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-requirements_installing-aws-vpc[Requirements for using your own VPC] and link:https://docs.openshift.com/container-platform/4.13/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-validation_installing-aws-vpc[VPC Validation] for more information.
 +
 [IMPORTANT]
 ====
@@ -45,7 +47,7 @@ $ rosa create cluster --private-link --multi-az --cluster-name=<cluster-name> [-
 
 . Enter the following command to check the status of your cluster. During cluster creation, the `State` field from the output will transition from `pending` to `installing`, and finally to `ready`.
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa describe cluster --cluster=<cluster_name>
 ----
@@ -57,7 +59,7 @@ If installation fails or the `State` field does not change to `ready` after 40 m
 
 . Enter the following command to follow the OpenShift installer logs to track the progress of your cluster:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa logs install --cluster=<cluster_name> --watch
 ----
diff --git a/modules/rosa-aws-procedure.adoc b/modules/rosa-aws-procedure.adoc
index 562956fbfbeb..1763d0f6c687 100644
--- a/modules/rosa-aws-procedure.adoc
+++ b/modules/rosa-aws-procedure.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-required-procedure_{context}"]
 = Required customer procedure
 
diff --git a/modules/rosa-aws-provisioned.adoc b/modules/rosa-aws-provisioned.adoc
index 1d8cf58fadbd..6fb292fb2c75 100644
--- a/modules/rosa-aws-provisioned.adoc
+++ b/modules/rosa-aws-provisioned.adoc
@@ -23,15 +23,15 @@ Instance types can vary for control plane and infrastructure nodes, depending on
 For further guidance on worker node counts, see the information about initial planning considerations in the "Limits and scalability" topic listed in the "Additional resources" section of this page.
 
 [id="rosa-ebs-storage_{context}"]
-== AWS Elastic Block Store (EBS) storage
+== Amazon Elastic Block Store storage
 
-Amazon EBS block storage is used for both local node storage and persistent volume storage.
+Amazon Elastic Block Store (Amazon EBS) block storage is used for both local node storage and persistent volume storage.
 
 Volume requirements for each EC2 instance:
 
 - Control Plane Volume
 * Size: 350GB
-* Type: io1
+* Type: gp3
 * Input/Output Operations Per Second: 1000
 
 - Infrastructure Volume
@@ -52,7 +52,7 @@ Clusters deployed before the release of {OCP} 4.11 use gp2 type storage by defau
 [id="rosa-elastic-load-balancers_{context}"]
 == Elastic Load Balancing
 
-Up to two Network Load Balancers (NLBs) for API and up to two Classic Load Balancers (CLBs) for application router. For more information, see the link:https://aws.amazon.com/elasticloadbalancing/features/#Details_for_Elastic_Load_Balancing_Products[ELB documentation for AWS].
+Up to two Network Load Balancers for API and up to two Classic Load Balancers for application router. For more information, see the link:https://aws.amazon.com/elasticloadbalancing/features/#Details_for_Elastic_Load_Balancing_Products[ELB documentation for AWS].
 
 [id="rosa-s3-storage_{context}"]
 == S3 storage
@@ -80,15 +80,15 @@ A *public subnet* connects directly to the internet through an internet gateway.
 
 * *NAT gateways*: One NAT Gateway per public subnet.
 
-=== Sample VPC Architecture
-
+.Sample VPC Architecture
 image::VPC-Diagram.png[VPC Reference Architecture]
 
 [id="rosa-security-groups_{context}"]
 == Security groups
 
-AWS security groups provide security at the protocol and port access level; they are associated with EC2 instances and Elastic Load Balancers. Each security group contains a set of rules that filter traffic coming in and out of an EC2 instance. You must ensure the ports required for the OpenShift installation are open on your network and configured to allow access between hosts.
+AWS security groups provide security at the protocol and port access level; they are associated with EC2 instances and Elastic Load Balancing (ELB) load balancers. Each security group contains a set of rules that filter traffic coming in and out of one or more EC2 instances. You must ensure the ports required for the OpenShift installation are open on your network and configured to allow access between hosts.
 
+.Required ports for default security groups
 [cols="2a,2a,2a,2a",options="header"]
 |===
 
@@ -131,3 +131,11 @@ AWS security groups provide security at the protocol and port access level; they
 |`19531`
 
 |===
+
+[id="rosa-security-groups-custom_{context}"]
+=== Additional custom security groups
+When you create a cluster using an existing non-managed VPC, you can add additional custom security groups during cluster creation. Custom security groups are subject to the following limitations:
+
+* You must create the custom security groups in AWS before you create the cluster. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html[Amazon EC2 security groups for Linux instances].
+* You must associate the custom security groups with the VPC that the cluster will be installed into. Your custom security groups cannot be associated with another VPC.
+* You might need to request additional quota for your VPC if you are adding additional custom security groups. For information on AWS quota requirements for ROSA, see _Required AWS service quotas_ in _Prepare your environment_. For information on requesting an AWS quota increase, see link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[Requesting a quota increase].
\ No newline at end of file
diff --git a/modules/rosa-aws-scp.adoc b/modules/rosa-aws-scp.adoc
index d578a4a53258..83056989f2b5 100644
--- a/modules/rosa-aws-scp.adoc
+++ b/modules/rosa-aws-scp.adoc
@@ -44,7 +44,7 @@ Verify that your service control policy (SCP) does not restrict any of these req
 | Actions
 | Effect
 
-.16+| Required
+.18+| Required
 |Amazon EC2 | All |Allow
 |Amazon EC2 Auto Scaling | All |Allow
 |Amazon S3| All |Allow
@@ -54,15 +54,22 @@ Verify that your service control policy (SCP) does not restrict any of these req
 |Amazon CloudWatch | All |Allow
 |Amazon CloudWatch Events | All |Allow
 |Amazon CloudWatch Logs | All |Allow
+|AWS EC2 Instance Connect | SendSerialConsoleSSHPublicKey |Allow
 |AWS Support | All |Allow
 |AWS Key Management Service | All |Allow
 |AWS Security Token Service | All |Allow
-|AWS Marketplace | Subscribe 
+|AWS Tiro | CreateQuery
+
+GetQueryAnswer
+
+GetQueryExplanation
+| Allow
+|AWS Marketplace | Subscribe
 
 Unsubscribe
 
 View Subscriptions
-| Allow 
+| Allow
 |AWS Resource Tagging | All |Allow
 |AWS Route53 DNS | All |Allow
 |AWS Service Quotas | ListServices
diff --git a/modules/rosa-checking-account-version-cli-version.adoc b/modules/rosa-checking-account-version-cli-version.adoc
new file mode 100644
index 000000000000..f8fc79347b30
--- /dev/null
+++ b/modules/rosa-checking-account-version-cli-version.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * rosa_cli/rosa-checking-acct-version-cli.adoc
+
+[id="rosa-version_{context}"]
+= version
+
+Display the version of your `rosa` CLI by using the following command syntax:
+
+.Syntax
+[source,terminal]
+----
+$ rosa version [arguments]
+----
+
+.Optional arguments inherited from parent commands
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--help
+|Shows help for this command.
+
+|--debug
+|Enables debug mode.
+
+|--profile
+|Specifies an AWS profile (string) from your credentials file.
+|===
+
+.Example
+[source,terminal]
+----
+$ rosa version
+----
\ No newline at end of file
diff --git a/modules/rosa-checking-account-version-cli-whoami.adoc b/modules/rosa-checking-account-version-cli-whoami.adoc
new file mode 100644
index 000000000000..84e0a0195704
--- /dev/null
+++ b/modules/rosa-checking-account-version-cli-whoami.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * rosa_cli/rosa-checking-acct-version-cli.adoc
+
+[id="rosa-whoami_{context}"]
+= whoami
+
+Display information about your AWS and Red Hat accounts by using the following command syntax:
+
+.Syntax
+[source,terminal]
+----
+$ rosa whoami [arguments]
+----
+
+.Optional arguments inherited from parent commands
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--help
+|Shows help for this command.
+
+|--debug
+|Enables debug mode.
+
+|--profile
+|Specifies an AWS profile (string) from your credentials file.
+|===
+
+.Example
+[source,terminal]
+----
+$ rosa whoami
+----
\ No newline at end of file
diff --git a/modules/rosa-checking-account-version-info-cli.adoc b/modules/rosa-checking-account-version-info-cli.adoc
index 73fc9cc37c04..606abf6caad0 100644
--- a/modules/rosa-checking-account-version-info-cli.adoc
+++ b/modules/rosa-checking-account-version-info-cli.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * rosa_cli/rosa-checking-acct-version-cli.adoc
+// 
 
 [id="rosa-checking-account-version-information_{context}"]
-= Checking account and version information with the ROSA CLI 
+= Checking account and version information with the ROSA CLI
 
 Use the following commands to check your account and version information with the {product-title} (ROSA) CLI, `rosa`.
 
diff --git a/modules/rosa-cluster-autoscaler-cli-after.adoc b/modules/rosa-cluster-autoscaler-cli-after.adoc
new file mode 100644
index 000000000000..a1ad08f747f6
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-after.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-enable-cluster-autoscale-cli-after_{context}"]
+= Enable autoscaling after cluster creation with the ROSA CLI
+
+You can use the ROSA CLI (`rosa`) to set cluster-wide autoscaling after cluster creation.
+
+.Procedure
+
+- After you have created a cluster, create the autoscaler:
++
+.Example:
+[source,terminal]
+----
+$ rosa create autoscaler --cluster=<mycluster>
+----
++
+.. You can also create the autoscaler with specific parameters using the following command:
++
+.Example:
+[source,terminal]
+----
+$ rosa create autoscaler --cluster=<mycluster> <parameter>
+----
diff --git a/modules/rosa-cluster-autoscaler-cli-delete.adoc b/modules/rosa-cluster-autoscaler-cli-delete.adoc
new file mode 100644
index 000000000000..48c82ac732ad
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-delete.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-delete-cluster-autoscale-cli_{context}"]
+= Delete autoscaling using the ROSA CLI
+
+You can delete the cluster autoscaler if you no longer want to use it.
+
+- To delete the cluster autoscaler, run the following command:
++
+.Example:
+[source,terminal]
+----
+$ rosa delete autoscaler --cluster=<mycluster>
+----
diff --git a/modules/rosa-cluster-autoscaler-cli-during.adoc b/modules/rosa-cluster-autoscaler-cli-during.adoc
new file mode 100644
index 000000000000..fd3eff5ba293
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-during.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-enable-cluster-autoscale-cli-during_{context}"]
+= Enable autoscaling during cluster creation with the ROSA CLI
+
+You can use the ROSA CLI (`rosa`) to set cluster-wide autoscaling behavior during cluster creation. You can enable the autoscaler on the entire machine or just a cluster.
+
+.Procedure
+
+- During cluster creation, type `--enable autoscaling` after the cluster name to enable machine autoscaling:
++
+.Example:
+[source,terminal]
+----
+$ rosa create cluster --cluster-name <cluster_name> --enable-autoscaling
+----
++
+Set at least one parameter to enable cluster autoscaling by running the following command:
++
+.Example:
+[source,terminal]
+----
+$ rosa create cluster --cluster-name <cluster_name> --enable-autoscaling <parameter>
+----
diff --git a/modules/rosa-cluster-autoscaler-cli-edit.adoc b/modules/rosa-cluster-autoscaler-cli-edit.adoc
new file mode 100644
index 000000000000..e3bbcd0825e1
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-edit.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-edit-cluster-autoscale-cli_{context}"]
+= Edit autoscaling after cluster creation with the ROSA CLI
+
+You can edit any specific parameters of the cluster autoscaler after creating the autoscaler.
+
+- To edit the cluster autoscaler, run the following command:
++
+.Example:
+[source,terminal]
+----
+$ rosa edit autoscaler --cluster=<mycluster>
+----
++
+.. To edit a specific parameter, run the following command:
++
+.Example:
+[source,terminal]
+----
+$ rosa edit autoscaler --cluster=<mycluster> <parameter>
+----
diff --git a/modules/rosa-cluster-autoscaler-cli-interactive-after.adoc b/modules/rosa-cluster-autoscaler-cli-interactive-after.adoc
new file mode 100644
index 000000000000..0167bb6977fb
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-interactive-after.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-enable-cluster-autoscale-cli-interactive_after_{context}"]
+= Enable autoscaling after cluster creation by using the interactive mode with the ROSA CLI
+
+You can use the interactive mode of your terminal, if available, to set cluster-wide autoscaling behavior after cluster creation.
+
+.Procedure
+
+- After you have created a cluster, type the following command:
++
+.Example:
+[source,terminal]
+----
+$ rosa create autoscaler --cluster=<mycluster> --interactive
+----
++
+You can then set all available autoscaling parameters.
diff --git a/modules/rosa-cluster-autoscaler-cli-interactive-during.adoc b/modules/rosa-cluster-autoscaler-cli-interactive-during.adoc
new file mode 100644
index 000000000000..2845f428b49b
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-interactive-during.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-enable-cluster-autoscale-cli-interactive_{context}"]
+= Enable autoscaling during cluster creation by using the interactive mode with the ROSA CLI
+
+You can use the interactive mode of your terminal, if available, to set cluster-wide autoscaling behavior during cluster creation.
+
+Interactive mode provides more information about available configurable parameters. Interactive mode also does basic checks and preflight validations, meaning that if a provided value is invalid, the terminal outputs a prompt for a valid input.
+
+.Procedure
+
+- During cluster creation, use the `--enable-autoscaling` and `--interactive` parameters to enable cluster autoscaling:
++
+.Example:
+[source,terminal]
+----
+$ rosa create cluster --cluster-name <cluster_name> --enable-autoscaling --interactive
+----
++
+When the following prompt appears, enter *y* to go through all available autoscaling options.
++
+.Example interactive prompt:
+[source,terminal]
+----
+? Configure cluster-autoscaler (optional): [? for help] (y/N) y <enter>
+----
diff --git a/modules/rosa-cluster-autoscaler-cli-settings.adoc b/modules/rosa-cluster-autoscaler-cli-settings.adoc
new file mode 100644
index 000000000000..114b5c7e17a5
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-cli-settings.adoc
@@ -0,0 +1,120 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="rosa-cluster-cli-autoscale-parameters_{context}"]
+= Cluster autoscaling parameters using the ROSA CLI
+
+You can add the following parameters to the cluster creation command to configure autoscaler parameters when using the ROSA CLI (`rosa`).
+
+.Configurable autoscaler parameters available with the ROSA CLI (`rosa`)
+
+[cols="4",options="header"]
+|===
+|Setting
+|Description
+|Type or Range
+|Example/Instruction
+
+|`--autoscaler-balance-similar-node-groups`
+|Identify node groups with the same instance type and label set, and try to balance respective sizes of those node groups.
+|`boolean`
+|Add it to set to true, omit the option to set to false.
+
+|`--autoscaler-skip-nodes-with-local-storage`
+|If set, the cluster autoscaler does not delete nodes with pods that have local storage, for example, EmptyDir or HostPath.
+|`boolean`
+|Add it to set to true, omit the option to set to false.
+
+|`--autoscaler-log-verbosity _int_`
+|Autoscaler log level. Replace _int_ in the command with the number you want to use.
+|`integer`
+|`--autoscaler-log-verbosity 4`
+
+|`--autoscaler-max-pod-grace-period _int_`
+|Gives pods graceful termination time before scaling down, measured in seconds. Replace _int_ in the command with the number of seconds you want to use.
+|`integer`
+|`--autoscaler-max-pod-grace-period 0`
+
+|`--autoscaler-pod-priority-threshold _int_`
+|The priority that a pod must exceed to cause the cluster autoscaler to deploy additional nodes. Replace _int_ in the command with the number you want to use, can be negative.
+|`integer`
+|`--autoscaler-pod-priority-threshold -10`
+
+|`--autoscaler-gpu-limit _stringArray_`
+|Minimum and maximum number of different GPUs in cluster. Cluster autoscaler does not scale the cluster less than or greater than these numbers. The format must be a comma-separated list of "<gpu_type>,<min>,<max>".
+|`array`
+|`--autoscaler-gpu-limit nvidia.com/gpu,0,10  --autoscaler-gpu-limit amd.com/gpu,1,5`
+
+|`--autoscaler-ignore-daemonsets-utilization`
+|If set, the cluster-autoscaler ignores daemon set pods when calculating resource utilization for scaling down.
+|`boolean`
+|Add it to set to true, omit the option to set to false.
+
+|`--autoscaler-max-node-provision-time _string_`
+|Maximum time that the cluster autoscaler waits for a node to be provisioned. Replace _string_ in the command with an integer and time unit (ns,us,µs,ms,s,m,h).
+|`string`
+|`--autoscaler-max-node-provision-time 35m`
+
+|`--autoscaler-balancing-ignored-labels _strings_`
+|A comma-separated list of label keys that the cluster autoscaler should ignore when comparing node groups for similarity. Replace _strings_ in the command with the relevant labels..
+|`string`
+|`--autoscaler-balancing-ignored-labels topology.ebs.csi.aws.com/zone,alpha.eksctl.io/instance-id`
+
+|`--autoscaler-max-nodes-total _int_`
+|Maximum amount of nodes in the cluster, including the autoscaled nodes. Replace _int_ in the command with the number you want to use.
+|`integer`
+|`--autoscaler-max-nodes-total 180`
+
+|`--autoscaler-min-cores _int_`
+|Minimum number of cores to deploy in the cluster. Replace _int_ in the command with the number you want to use.
+|`integer`
+|`--autoscaler-min-cores 0`
+
+|`--autoscaler-max-cores _int_`
+|Maximum number of cores to deploy in the cluster. Replace _int_ in the command with the number you want to use.
+|`integer`
+|`--autoscaler-max-cores 100`
+
+|`--autoscaler-min-memory _int_`
+|Minimum amount of memory, in GiB, in the cluster. Replace _int_ in the command with the number you want to use.
+|`integer`
+|`--autoscaler-min-memory 0`
+
+|`--autoscaler-max-memory _int_`
+|Maximum amount of memory, in GiB, in the cluster. Replace _int_ in the command with the number you want to use.
+|`integer`
+|`--autoscaler-max-memory 4096`
+
+|`--autoscaler-scale-down-enabled`
+|If set, the cluster autoscaler should scale down the cluster.
+|`boolean`
+|Add it to set to true, omit the option to set to false.
+
+|`--autoscaler-scale-down-unneeded-time _string_`
+|How long a node should be unneeded before it is eligible for scale down. Replace _string_ in the command with an integer and time unit (ns,us,µs,ms,s,m,h).
+|`string`
+|`--autoscaler-scale-down-unneeded-time 1h`
+
+|`--autoscaler-scale-down-utilization-threshold _float_`
+|Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Value must be between 0 and 1.
+|`float`
+|`--autoscaler-scale-down-utilization-threshold 0.5`
+
+|`--autoscaler-scale-down-delay-after-add _string_`
+|How long after scale up that scale down evaluation resumes. Replace _string_ in the command with an integer and time unit (ns,us,µs,ms,s,m,h).
+|`string`
+|`--autoscaler-scale-down-delay-after-add 1h`
+
+|`--autoscaler-scale-down-delay-after-delete _string_`
+|How long after node deletion that scale down evaluation resumes. Replace _string_ in the command with an integer and time unit (ns,us,µs,ms,s,m,h).
+|`string`
+|`--autoscaler-scale-down-delay-after-delete 1h`
+
+|`--autoscaler-scale-down-delay-after-failure _string_`
+|How long after scale down failure that scale down evaluation resumes. Replace _string_ in the command with an integer and time unit (ns,us,µs,ms,s,m,h).
+|`string`
+|`--autoscaler-scale-down-delay-after-failure 1h`
+
+|===
diff --git a/modules/rosa-cluster-autoscaler-ui-after.adoc b/modules/rosa-cluster-autoscaler-ui-after.adoc
new file mode 100644
index 000000000000..2a18aeede56f
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-ui-after.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+// * osd_cluster_admin/osd-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="rosa-enable-cluster-autoscale-ui-after_{context}"]
+= Enable autoscaling after cluster creation with OpenShift Cluster Manager
+
+You can use OpenShift Cluster Manager to autoscale after cluster creation.
+
+.Procedure
+
+. In OpenShift Cluster Manager, click the name of the cluster you want to autoscale. The Overview page for the cluster has a *Autoscaling* item that indicates if it is enabled or disabled.
+
+. Click the *Machine Pools* tab.
+
+. Click the *Edit cluster autoscaling* button. The *Edit cluster autoscaling* settings window is shown.
+
+. Click the *Autoscale cluster* toggle at the top of the window. All the settings are now editable.
+
+. Edit any settings you want and then click *Save*.
+
+. Click the *x* at the top right of the screen to close the settings window.
+
+To revert all autoscaling settings to the defaults if they have been changed, click the *Revert all to defaults* button.
\ No newline at end of file
diff --git a/modules/rosa-cluster-autoscaler-ui-during.adoc b/modules/rosa-cluster-autoscaler-ui-during.adoc
new file mode 100644
index 000000000000..c3b643438511
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-ui-during.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+// * osd_cluster_admin/osd-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="rosa-enable-cluster-autoscale-ui-during_{context}"]
+= Enable autoscaling during cluster creation with OpenShift Cluster Manager
+
+You can use OpenShift Cluster Manager to autoscale during cluster creation.
+
+.Procedure
+
+. During cluster creation, check the *Enable autoscaling* box. The *Edit cluster autoscaling settings* button becomes selectable.
+
+.. You can also choose the minimum or maximum amount of nodes to autoscale.
+
+. Click *Edit cluster autoscaling settings*.
+
+. Edit any settings you want and then click *Close*.
diff --git a/modules/rosa-cluster-autoscaler-ui-settings.adoc b/modules/rosa-cluster-autoscaler-ui-settings.adoc
new file mode 100644
index 000000000000..47ca1941498a
--- /dev/null
+++ b/modules/rosa-cluster-autoscaler-ui-settings.adoc
@@ -0,0 +1,147 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-cluster-autoscaling.adoc
+// * osd_cluster_admin/osd-cluster-autoscaling.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="rosa-cluster-autoscale-settings_{context}"]
+= Cluster autoscaling settings using OpenShift Cluster Manager
+
+The tables explain all the configurable UI settings when using cluster autoscaling with OpenShift Cluster Manager.
+
+.Configurable general settings for cluster autoscaling when using the OpenShift Cluster Manager
+
+== General settings
+
+[cols="4",options="header"]
+|===
+|Setting
+|Description
+|Type or Range
+|Default
+
+|`log-verbosity`
+|Sets the autoscaler log level. The default value is 1. Level 4 is recommended for debugging. Level 6 enables almost everything.
+|`integer`
+|1
+
+|`skip-nodes-with-local-storage`
+|If `true`, the cluster autoscaler never deletes nodes with pods with local storage, e.g. EmptyDir or HostPath.
+|`boolean`
+|true
+
+|`max-pod-grace-period`
+|Gives pods graceful termination time in seconds before scaling down.
+|`integer`
+|600
+
+|`max-node-provision-time`
+|Maximum time the cluster autoscaler waits for nodes to be provisioned.
+|`string`
+|15m
+
+|`pod-priority-threshold`
+|Allows users to schedule "best-effort" pods, which are not expected to trigger cluster autoscaler actions. These pods only run when spare resources are available.
+|`integer`
+|-10
+
+|`ignore-daemonsets-utilization`
+|Determines whether the cluster autoscaler ignores daemon set pods when calculating resource utilization for scaling down.
+|`boolean`
+|false
+
+|`balance-similar-node-groups`
+|If `true`, this setting automatically identifies node groups with the same instance type and the same set of labels and tries to keep the respective sizes of those node groups balanced.
+|`boolean`
+|false
+
+|`balancing-ignored-labels`
+|This option specifies labels that the cluster autoscaler should ignore when considering node group similarity. For example, if you have nodes with a "topology.ebs.csi.aws.com/zone" label, you can add the name of this label to prevent the cluster autoscaler from splitting nodes into different node groups based on its value. This option cannot contain spaces.
+|`array (string)`
+|Format should be a comma-separated list of labels.
+|===
+
+.Configurable resource limit settings for cluster autoscaling when using the OpenShift Cluster Manager
+
+== Resource limits
+
+[cols="4",options="header"]
+|===
+|Setting
+|Description
+|Type or Range
+|Default
+
+|`cores-total-min`
+|Minimum number of cores in cluster. The cluster autoscaler does not scale the cluster less than this number.
+|`object`
+|0
+
+|`cores-total-max`
+|Maximum number of cores in cluster. The cluster autoscaler does not scale the cluster greater than this number.
+|`object`
+|180 * 64 (11520)
+
+|`memory-total-min`
+|Minimum number of gigabytes of memory in cluster. The cluster autoscaler does not scale the cluster less than this number.
+|`object`
+|0
+
+|`memory-total-max`
+|Maximum number of gigabytes of memory in cluster. The cluster autoscaler does not scale the cluster greater than this number.
+|`object`
+|180 * 64 * 20 (230400)
+
+|`max-nodes-total`
+|Maximum number of nodes in all node groups. Includes all nodes, not just automatically scaled nodes. The cluster autoscaler does not grow the cluster greater than this number.
+|`integer`
+|180
+
+|GPUs
+|Minimum and maximum number of different GPUs in cluster. The cluster autoscaler does not scale the cluster less than or greater than these numbers.
+|`array`
+|Format should be a comma-separated list of "<gpu_type>:<min>:<max>".
+|===
+
+
+.Configurable scale down settings for cluster autoscaling when using the OpenShift Cluster Manager
+
+== Scale down configuration
+
+[cols="4",options="header"]
+|===
+|Setting
+|Description
+|Type or Range
+|Default
+
+|`scale-down-enabled`
+|Should the cluster autoscaler scale down the cluster.
+|`boolean`
+|true
+
+|`scale-down-utilization-threshold`
+|Node utilization level, defined as the sum of the requested resources divided by capacity, below which a node can be considered for scale down.
+|`float`
+|0.5
+
+|`scale-down-unneeded-time`
+|How long a node should be unneeded before it is eligible for scale down.
+|`string`
+|10m
+
+|`scale-down-delay-after-add`
+|How long after scale up that scale-down evaluation resumes.
+|`string`
+|10m
+
+|`scale-down-delay-after-delete`
+|How long after node deletion that scale-down evaluation resumes.
+|`string`
+|0s
+
+|`scale-down-delay-after-failure`
+|How long after scale down failure that scale-down evaluation resumes.
+|`string`
+|3m
+|===
\ No newline at end of file
diff --git a/modules/rosa-cluster-cluster-role-name-change.adoc b/modules/rosa-cluster-cluster-role-name-change.adoc
new file mode 100644
index 000000000000..0c409c2b136c
--- /dev/null
+++ b/modules/rosa-cluster-cluster-role-name-change.adoc
@@ -0,0 +1,71 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations-terraform.adoc
+//
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
+:_content-type: PROCEDURE
+[id="rosa-cluster-cluster-role-name-change_{context}"]
+= Changing your cluster and role prefix name
+:source-highlighter: coderay
+
+By default, the Terraform files used in this guide create a cluster that uses the naming convention of `rosa-` with six-random letters or numbers. This Terraform plan uses your cluster name to create your account role and Operator role prefixes.
+
+.Sample code
+[source,terminal]
+----
+# If cluster_name is not null, use that, otherwise generate a random cluster name
+  cluster_name = coalesce(var.cluster_name, "rosa-${random_string.random_name.result}")
+----
+
+This code snippet from the `main.tf` file shows that if you set a name for the `cluster_name` variable, that value will be used instead of a randomly-generated string.
+
+.Procedure
+
+You can set the cluster name three different ways:
+
+. You export the name of your cluster in the command line by running the following command:
++
+[source,terminal]
+----
+$ export TF_VAR_cluster_name=<your_cluster_name>
+----
++
+After exporting this variable, you can build your Terraform cluster by running the following command:
++
+[source,terminal]
+----
+$ terraform init && terraform apply
+----
+
+. You set a `cluster_name` value in the `terraform.tfvars` file:
++
+[source,console]
+----
+###############################
+# General Cluster Information #
+###############################
+
+# You can choose any OpenShift version that is currently supported. Make sure to use X.Y.Z when setting your version.
+rosa_openshift_version = "4.14.8"
+cluster_name = "test-tf"
+----
++
+After setting this variable in the `terraform.tfvars` file, you can build your Terraform cluster by running the following command:
++
+[source,terminal]
+----
+$ terraform init && terraform apply
+----
+
+. You enter the cluster name when prompted in the terminal:
++
+[source,terraform]
+----
+FORTHCOMING
+----
+
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
diff --git a/modules/rosa-cluster-logging-collector-log-forward-sts-cloudwatch.adoc b/modules/rosa-cluster-logging-collector-log-forward-sts-cloudwatch.adoc
new file mode 100644
index 000000000000..d2f80c82f14b
--- /dev/null
+++ b/modules/rosa-cluster-logging-collector-log-forward-sts-cloudwatch.adoc
@@ -0,0 +1,185 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/log-forwarding.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="rosa-cluster-logging-collector-log-forward-sts-cloudwatch_{context}"]
+= Forwarding logs to Amazon CloudWatch from STS enabled clusters
+
+For clusters with AWS Security Token Service (STS) enabled, you must create the AWS IAM roles and policies that enable log forwarding, and a `ClusterLogForwarder` custom resource (CR) with an output for CloudWatch.
+
+.Prerequisites
+
+* {logging-title-uc}: 5.5 and later
+
+.Procedure
+. Prepare the AWS account:
+.. Create an IAM policy JSON file with the following content:
++
+[source,json]
+----
+{
+"Version": "2012-10-17",
+"Statement": [
+    {
+    "Effect": "Allow",
+    "Action": [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:DescribeLogGroups",
+      "logs:DescribeLogStreams",
+      "logs:PutLogEvents",
+      "logs:PutRetentionPolicy"
+    ],
+    "Resource": "arn:aws:logs:*:*:*"
+    }
+  ]
+}
+----
++
+.. Create an IAM trust JSON file with the following content:
++
+[source,json]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "arn:aws:iam::<your_aws_account_id>:oidc-provider/<openshift_oidc_provider>" <1>
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity",
+      "Condition": {
+        "StringEquals": {
+          "<openshift_oidc_provider>:sub": "system:serviceaccount:openshift-logging:logcollector" <2>
+        }
+      }
+    }
+  ]
+}
+----
++
+--
+<1> Specify your AWS account ID and the OpenShift OIDC provider endpoint. Obtain the endpoint by running the following command:
++
+[source,terminal]
+----
+$ rosa describe cluster \
+  -c $(oc get clusterversion -o jsonpath='{.items[].spec.clusterID}{"\n"}') \
+  -o yaml | awk '/oidc_endpoint_url/ {print $2}' | cut -d '/' -f 3,4
+----
++
+<2> Specify the OpenShift OIDC endpoint again.
+--
+
+.. Create the IAM role:
++
+[source,terminal]
+----
+$ aws iam create-role
+  --role-name “<your_rosa_cluster_name>-RosaCloudWatch” \
+  --assume-role-policy-document file://<your_trust_file_name>.json \
+  --query Role.Arn \
+  --output text
+----
++
+Save the output. You will use it in the next steps.
++
+.. Create the IAM policy:
++
+[source,terminal]
+----
+$ aws iam create-policy \
+--policy-name "RosaCloudWatch" \
+--policy-document file:///<your_policy_file_name>.json \
+--query Policy.Arn \
+--output text
+----
++
+Save the output. You will use it in the next steps.
+
+.. Attach the IAM policy to the IAM role:
++
+[source,terminal]
+----
+$ aws iam attach-role-policy \
+ --role-name “<your_rosa_cluster_name>-RosaCloudWatch” \
+ --policy-arn <policy_ARN> <1>
+----
++
+<1> Replace `policy_ARN` with the output you saved while creating the policy.
+
+. Create a `Secret` YAML file for the {clo}:
++
+--
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudwatch-credentials
+  namespace: openshift-logging
+stringData:
+  credentials: |-
+    [default]
+    sts_regional_endpoints = regional
+    role_arn: <role_ARN>  <1>
+    web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+----
+<1> Replace `role_ARN` with the output you saved while creating the role.
+--
+
+. Create the secret:
++
+[source,terminal]
+----
+$ oc apply -f cloudwatch-credentials.yaml
+----
+
+. Create or edit a `ClusterLogForwarder` custom resource:
++
+[source,yaml]
+----
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: <log_forwarder_name> <1>
+  namespace: <log_forwarder_namespace> <2>
+spec:
+  serviceAccountName: <service_account_name> <3>
+  outputs:
+   - name: cw <4>
+     type: cloudwatch <5>
+     cloudwatch:
+       groupBy: logType <6>
+       groupPrefix: <group prefix> <7>
+       region: us-east-2 <8>
+     secret:
+        name: <your_secret_name> <9>
+  pipelines:
+    - name: to-cloudwatch <10>
+      inputRefs: <11>
+        - infrastructure
+        - audit
+        - application
+      outputRefs:
+        - cw <12>
+----
+<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
+<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
+<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
+<4> Specify a name for the output.
+<5> Specify the `cloudwatch` type.
+<6> Optional: Specify how to group the logs:
++
+* `logType` creates log groups for each log type
+* `namespaceName` creates a log group for each application name space. Infrastructure and audit logs are unaffected, remaining grouped by `logType`.
+* `namespaceUUID` creates a new log groups for each application namespace UUID. It also creates separate log groups for infrastructure and audit logs.
+<7> Optional: Specify a string to replace the default `infrastructureName` prefix in the names of the log groups.
+<8> Specify the AWS region.
+<9> Specify the name of the secret you created previously.
+<10> Optional: Specify a name for the pipeline.
+<11> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
+<12> Specify the name of the output to use when forwarding logs with this pipeline.
diff --git a/modules/rosa-common-commands.adoc b/modules/rosa-common-commands.adoc
index 9116bf9ce761..7dc863904ee7 100644
--- a/modules/rosa-common-commands.adoc
+++ b/modules/rosa-common-commands.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_cli/rosa-manage-objects-cli.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-common-commands_{context}"]
 = Common commands and arguments
 
@@ -22,7 +22,7 @@ $ rosa create cluster --cluster-name=<cluster_name> --debug
 [id="rosa-download_{context}"]
 == download
 
-Downloads the latest compatible version of the specified software to the current directory in an archive file. Extract the contents of the archive and add the contents to your path to use the software. To download the latest {product-title} CLI, specify `rosa`. To download the latest OpenShift CLI, specify `oc`.
+Downloads the latest compatible version of the specified software to the current directory in an archive file. Extract the contents of the archive and add the contents to your path to use the software. To download the latest ROSA CLI, specify `rosa`. To download the latest OpenShift CLI, specify `oc`.
 
 .Example
 [source,terminal]
diff --git a/modules/rosa-configure.adoc b/modules/rosa-configure.adoc
index 1168d93839b3..daef8d84dbcd 100644
--- a/modules/rosa-configure.adoc
+++ b/modules/rosa-configure.adoc
@@ -11,7 +11,7 @@ Use the following commands to configure the {product-title} (ROSA) CLI, `rosa`.
 [id="rosa-login_{context}"]
 == login
 
-Log in to your Red Hat account, saving the credentials to the `rosa` configuration file. You must provide a token when logging in. You can copy your token from link:https://console.redhat.com/openshift/token/rosa[the {product-title} token page].
+Log in to your Red Hat account, saving the credentials to the `rosa` configuration file. You must provide a token when logging in. You can copy your token from link:https://console.redhat.com/openshift/token/rosa[the ROSA token page].
 
 The ROSA CLI (`rosa`) looks for a token in the following priority order:
 
@@ -186,9 +186,9 @@ $ rosa verify quota --region=us-west-2
 [id="rosa-download-rosa-client_{context}"]
 == download rosa
 
-Download the latest compatible version of the ROSA CLI.
+Download the latest compatible version of the `rosa` CLI.
 
-After you download `rosa`, extract the contents of the archive and add it to your path. See xref:../rosa_cli/rosa-get-started-cli.adoc#rosa-setting-up-cli_rosa-getting-started-cli[Setting up the ROSA CLI] for more details.
+After you download `rosa`, extract the contents of the archive and add it to your path.
 
 .Syntax
 [source,terminal]
diff --git a/modules/rosa-configuring-aws-account.adoc b/modules/rosa-configuring-aws-account.adoc
index 1438f3f9deae..81e13e0ff070 100644
--- a/modules/rosa-configuring-aws-account.adoc
+++ b/modules/rosa-configuring-aws-account.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-configuring-aws-account_{context}"]
 = Configuring your AWS account
 
@@ -58,20 +58,13 @@ The ROSA service evaluates regions in the following priority order:
 +
 [source,terminal]
 ----
-$ aws sts get-caller-identity
+$ aws sts get-caller-identity --output text
 ----
 +
 .Example output
 [source,terminal]
 ----
----------------------------------------------------------------------------------
-|                                GetCallerIdentity                              |
-+-------------------------------------------------------------------------------+
-|+-----------------------------------+-----------------------+-----------------+|
-||      Account        |                Arn              |       UserID        ||
-|+-----------------------------------+-----------------------+-----------------+|
-||  <account_name>     |  arn:aws:iam<string>:user:name  |      <userID>       ||
-|+-----------------------------------+-----------------------+-----------------+|
+<aws_account_id>    arn:aws:iam::<aws_account_id>:user/<username>  <aws_user_id>
 ----
 +
 After completing these steps, install ROSA.
diff --git a/modules/rosa-create-an-identity-based-policy.adoc b/modules/rosa-create-an-identity-based-policy.adoc
new file mode 100644
index 000000000000..a0282cf17476
--- /dev/null
+++ b/modules/rosa-create-an-identity-based-policy.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * rosa-adding-additional-constraints-for-ip-based-aws-role-assumption/rosa-create-an-identity-based-policy.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-create-an-identity-based-policy_{context}"]
+= Create an identity-based IAM policy
+
+You can create an identity-based Identity and Access Management (IAM) policy that denies access to all AWS actions when the request originates from an IP address other than Red Hat provided IPs.
+
+.Prerequisites
+
+* You have access to the see link:https://aws.amazon.com/console/[AWS Management Console] with the permissions required to create and modify IAM policies.
+
+.Procedure
+
+. Sign in to the AWS Management Console using your AWS account credentials.
+. Navigate to the IAM service.
+. In the IAM console, select *Policies* from the left navigation menu.
+. Click *Create policy*.
+. Select the *JSON* tab to define the policy using JSON format.
+. To get the IP addresses that you need to enter into the JSON policy document, run the following command:
++
+[source,terminal]
+----
+$ ocm get /api/clusters_mgmt/v1/trusted_ip_addresses
+----
++
+[NOTE]
+====
+These IP addresses are not permanent and are subject to change. You must continuously review the API output and make the necessary updates in the JSON policy document.
+====
++
+. Copy and paste the following `policy_document.json` file into the editor:
++
+[source,json]
+----
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Deny",
+            "Action": "*",
+            "Resource": "*",
+            "Condition": {
+                "NotIpAddress": {
+                    "aws:SourceIp": []
+                },
+                "Bool": {
+                    "aws:ViaAWSService": "false"
+                }
+            }
+        }
+    ]
+}
+----
++
+. Copy and paste all of the IP addresses, which you got in Step 6, into the `"aws:SourceIp": []` array in your `policy_document.json` file.
+. Click *Review and create*.
+. Provide a name and description for the policy, and review the details for accuracy.
+. Click *Create policy* to save the policy.
+
+[NOTE]
+====
+The condition key `aws:ViaAWSService` must be set to false to enable subsequent calls to succeed based on the initial call. For example, if you make an initial call to `aws ec2 describe-instances`, all subsequent calls made within the AWS API server to retrieve information about the EBS volumes attached to the ec2 instance will fail if the condition key `aws:ViaAWSService` is not set to false. The subsequent calls would fail because they would originate from AWS IP addresses, which are not included in the AllowList.
+====
diff --git a/modules/rosa-create-cluster-admins.adoc b/modules/rosa-create-cluster-admins.adoc
index 7b47df2c6300..42d35b667925 100644
--- a/modules/rosa-create-cluster-admins.adoc
+++ b/modules/rosa-create-cluster-admins.adoc
@@ -2,9 +2,10 @@
 //
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc
 // * rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
+// * using-rbac.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-create-cluster-admins_{context}"]
 = Granting `cluster-admin` access
 
diff --git a/modules/rosa-create-dedicated-cluster-admins.adoc b/modules/rosa-create-dedicated-cluster-admins.adoc
index a096520d0c28..48392ac81f1b 100644
--- a/modules/rosa-create-dedicated-cluster-admins.adoc
+++ b/modules/rosa-create-dedicated-cluster-admins.adoc
@@ -2,9 +2,10 @@
 //
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc
 // * rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
+// * using-rbac.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-create-dedicated-cluster-admins_{context}"]
 = Granting `dedicated-admin` access
 Only the user who created the cluster can grant cluster access to other `cluster-admin` or `dedicated-admin` users. Users with `dedicated-admin` access have fewer privileges. As a best practice, grant `dedicated-admin` access to most of your administrators.
diff --git a/modules/rosa-create-objects.adoc b/modules/rosa-create-objects.adoc
index 87db52259b79..08256ef073e3 100644
--- a/modules/rosa-create-objects.adoc
+++ b/modules/rosa-create-objects.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_cli/rosa-manage-objects-cli.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-create-objects_{context}"]
 = Create objects
 
@@ -37,7 +37,7 @@ a|How to perform the operation. Valid options are:
 `manual`:: Commands necessary to modify AWS resources will be output to be run manually.
 
 |--path string
-|The ARN path for the account-wide roles and policies, including the Operator policies.
+|The Amazon Resource Name (ARN) path for the account-wide roles and policies, including the Operator policies.
 
 |--permissions-boundary string
 |The ARN of the policy that is used to set the permissions boundary for the account roles.
@@ -116,17 +116,23 @@ $ rosa create cluster --cluster-name=<cluster_name> [arguments]
 |===
 |Option |Definition
 
+|--additional-compute-security-group-ids <sec_group_id>
+|The identifier of one or more additional security groups to use along with the default security groups that are used with the standard machine pool created alongside the cluster. For more information on additional security groups, see the requirements for _Security groups_ under _Additional resources_.
+
+|--additional-infra-security-group-ids <sec_group_id>
+|The identifier of one or more additional security groups to use along with the default security groups that are used with the infra nodes created alongside the cluster. For more information on additional security groups, see the requirements for _Security groups_ under _Additional resources_.
+
+|--additional-control-plane-security-group-ids <sec_group_id>
+|The identifier of one or more additional security groups to use along with the default security groups that are used with the control plane nodes created alongside the cluster. For more information on additional security groups, see the requirements for _Security groups_ under _Additional resources_.
+
 a|--cluster-name <cluster_name>
 |Required. The name of the cluster. When used with the `create cluster` command, this argument is used to set the cluster name and to generate a sub-domain for your cluster on `openshiftapps.com`. The value for this argument must be unique within your organization.
 
 |--compute-machine-type <instance_type>
-|The instance type for compute nodes in the cluster. This determines the amount of memory and vCPU that is allocated to each compute node. For more information on valid instance types, see _AWS Instance types_ in _{product-title} service definition_.
-
-|--compute-nodes n
-|The number of worker nodes to provision per availability zone. Single-zone clusters require at least 2 nodes. Multi-zone clusters require at least 3 nodes. Default: `2` for single-zone clusters; `3` for multi-zone clusters.
+|The instance type for compute nodes in the cluster. This determines the amount of memory and vCPU that is allocated to each compute node. For more information on valid instance types, see _AWS Instance types_ in _ROSA service definition_.
 
 |--controlplane-iam-role <arn>
-|The Amazon Resource Name (ARN) of the IAM role to attach to control plane instances.
+|The ARN of the IAM role to attach to control plane instances.
 
 |--disable-scp-checks
 |Indicates whether cloud permission checks are disabled when attempting to install a cluster.
@@ -134,6 +140,9 @@ a|--cluster-name <cluster_name>
 |--dry-run
 |Simulates creating the cluster.
 
+|--ec2-metadata-http-tokens string
+|Configures the use of IMDSv2 for EC2 instances. Valid values are `optional` (default) or `required`.
+
 |--enable-autoscaling
 |Enables autoscaling of compute nodes. By default, autoscaling is set to `2` nodes. To set non-default node limits, use this argument with the `--min-replicas` and `--max-replicas` arguments.
 
@@ -141,11 +150,11 @@ a|--cluster-name <cluster_name>
 |The subnet prefix length to assign to each individual node, as an integer. For example, if host prefix is set to `23`, then each node is assigned a `/23` subnet out of the given CIDR.
 
 |--machine-cidr <address_block>
-a|Block of IP addresses (ipNet) used by {product-title} while installing the cluster, for example, `10.0.0.0/16`.
+a|Block of IP addresses (ipNet) used by ROSA while installing the cluster, for example, `10.0.0.0/16`.
 
 [IMPORTANT]
 ====
-OVN-Kubernetes, the default network provider in {product-title} 4.11 and later, uses the `100.64.0.0/16` IP address range internally. If your cluster uses OVN-Kubernetes, do not include the `100.64.0.0/16` IP address range in any other CIDR definitions in your cluster.
+OVN-Kubernetes, the default network provider in ROSA 4.11 and later, uses the `100.64.0.0/16` IP address range internally. If your cluster uses OVN-Kubernetes, do not include the `100.64.0.0/16` IP address range in any other CIDR definitions in your cluster.
 ====
 
 |--max-replicas <number_of_nodes>
@@ -158,14 +167,14 @@ OVN-Kubernetes, the default network provider in {product-title} 4.11 and later,
 |Deploys to multiple data centers.
 
 |--operator-roles-prefix <string>
-|Prefix to use for all IAM roles used by the operators needed in the OpenShift installer. A prefix is generated automatically if you do not specify one.
+|Prefix that are used for all IAM roles used by the operators needed in the OpenShift installer. A prefix is generated automatically if you do not specify one.
 
 |--pod-cidr <address_block>
 a|Block of IP addresses (ipNet) from which pod IP addresses are allocated, for example, `10.128.0.0/14`.
 
 [IMPORTANT]
 ====
-OVN-Kubernetes, the default network provider in {product-title} 4.11 and later, uses the `100.64.0.0/16` IP address range internally. If your cluster uses OVN-Kubernetes, do not include the `100.64.0.0/16` IP address range in any other CIDR definitions in your cluster.
+OVN-Kubernetes, the default network provider in ROSA 4.11 and later, uses the `100.64.0.0/16` IP address range internally. If your cluster uses OVN-Kubernetes, do not include the `100.64.0.0/16` IP address range in any other CIDR definitions in your cluster.
 ====
 
 |--private
@@ -177,33 +186,46 @@ OVN-Kubernetes, the default network provider in {product-title} 4.11 and later,
 |--region <region_name>
 |The name of the AWS region where your worker pool will be located, for example, `us-east-1`. This argument overrides the `AWS_REGION` environment variable.
 
+|--replicas n
+|The number of worker nodes to provision per availability zone. Single-zone clusters require at least 2 nodes. Multi-zone clusters require at least 3 nodes. Default: `2` for single-zone clusters; `3` for multi-zone clusters.
+
 |--role-arn <arn>
-|The Amazon Resource Name (ARN) of the installer role that {cluster-manager} uses to create the cluster. This is required if you have not already created account roles.
+|The ARN of the installer role that {cluster-manager} uses to create the cluster. This is required if you have not already created account roles.
 
 |--service-cidr <address_block>
 a|Block of IP addresses (ipNet) for services, for example, `172.30.0.0/16`.
 
 [IMPORTANT]
 ====
-OVN-Kubernetes, the default network provider in {product-title} 4.11 and later, uses the `100.64.0.0/16` IP address range internally. If your cluster uses OVN-Kubernetes, do not include the `100.64.0.0/16` IP address range in any other CIDR definitions in your cluster.
+OVN-Kubernetes, the default network provider in ROSA 4.11 and later, uses the `100.64.0.0/16` IP address range internally. If your cluster uses OVN-Kubernetes, do not include the `100.64.0.0/16` IP address range in any other CIDR definitions in your cluster.
 ====
 
 a|--sts \| --non-sts
 |Specifies whether to use AWS Security Token Service (STS) or IAM credentials (non-STS) to deploy your cluster.
 
 |--subnet-ids <aws_subnet_id>
-|The AWS subnet IDs to use when installing the cluster, for example, `subnet-01abc234d5678ef9a`. Subnet IDs must be in pairs with one private subnet ID and one public subnet ID per availability zone. Subnets are comma-delimited, for example, `--subnet-ids=subnet-1,subnet-2`. Leave the value empty for installer-provisioned subnet IDs.
+|The AWS subnet IDs that are used when installing the cluster, for example, `subnet-01abc234d5678ef9a`. Subnet IDs must be in pairs with one private subnet ID and one public subnet ID per availability zone. Subnets are comma-delimited, for example, `--subnet-ids=subnet-1,subnet-2`. Leave the value empty for installer-provisioned subnet IDs.
 
 When using `--private-link`, the `--subnet-ids` argument is required and only one private subnet is allowed per zone.
 
 |--support-role-arn string
-|The Amazon Resource Name (ARN) of the role used by Red Hat Site Reliabilty Engineers (SREs) to enable access to the cluster account to provide support.
+|The ARN of the role used by Red Hat Site Reliabilty Engineers (SREs) to enable access to the cluster account to provide support.
+
+|--tags
+a|Tags that are used on resources created by {product-title} in AWS. Tags can help you manage, identify, organize, search for, and filter resources within AWS. Tags are comma separated, for example: "key value, foo bar".
+[IMPORTANT]
+====
+{product-title} only supports custom tags to Red Hat OpenShift resources during cluster creation. Once added, the tags cannot be removed or edited.
+Tags that are added by Red Hat are required for clusters to stay in compliance with Red Hat production service level agreements (SLAs). These tags must not be removed.
+
+{product-title} does not support adding additional tags outside of ROSA cluster-managed resources. These tags can be lost when AWS resources are managed by the ROSA cluster. In these cases, you might need custom solutions or tools to reconcile the tags and keep them intact.
+====
 
 |--version string
-|The version of {product-title} that will be used to install the cluster or cluster resources. For `cluster` use an `X.Y.Z` format, for example, `4.12.9`. For `account-role` use an `X.Y` format, for example, `4.12`.
+|The version of ROSA that will be used to install the cluster or cluster resources. For `cluster` use an `X.Y.Z` format, for example, `4.15.0`. For `account-role` use an `X.Y` format, for example, `4.15`.
 
 |--worker-iam-role string
-|The Amazon Resource Name (ARN) of the IAM role that will be attached to compute instances.
+|The ARN of the IAM role that will be attached to compute instances.
 |===
 
 .Optional arguments inherited from parent commands
@@ -291,7 +313,7 @@ a|--cluster <cluster_name>\|<cluster_id>
 |Option |Definition
 
 |--hostname
-|The optional domain (string) to use with a hosted instance of GitHub Enterprise.
+|The optional domain (string) that are used with a hosted instance of GitHub Enterprise.
 
 |--organizations
 |Specifies the organizations for login access. Only users that are members of at least one of the listed organizations (string) are allowed to log in.
@@ -342,7 +364,7 @@ a|--cluster <cluster_name>\|<cluster_id>
 |The list (string) of attributes whose values should be used as the display name. Default: `cn`
 
 |--url
-|An RFC 2255 URL (string) which specifies the LDAP search parameters to use.
+|An RFC 2255 URL (string) which specifies the LDAP search parameters that are used.
 
 |--username-attributes
 |The list (string) of attributes whose values should be used as the preferred username. Default: `uid`
@@ -354,7 +376,7 @@ a|--cluster <cluster_name>\|<cluster_id>
 |Option |Definition
 
 |--email-claims
-|The list (string) of claims to use as the email address.
+|The list (string) of claims that are used as the email address.
 
 |--extra-scopes
 |The list (string) of scopes to request, in addition to the `openid` scope, during the authorization token request.
@@ -363,10 +385,13 @@ a|--cluster <cluster_name>\|<cluster_id>
 |The URL (string) that the OpenID provider asserts as the issuer identifier. It must use the HTTPS scheme with no URL query parameters or fragment.
 
 |--name-claims
-|The list (string) of claims to use as the display name.
+|The list (string) of claims that are used as the display name.
 
 |--username-claims
-|The list (string) of claims to use as the preferred username when provisioning a user.
+|The list (string) of claims that are used as the preferred username when provisioning a user.
+
+|--groups-claims
+|The list (string) of claims that are used as the groups names.
 |===
 
 .Optional arguments inherited from parent commands
@@ -484,6 +509,10 @@ $ rosa create machinepool --cluster=<cluster_name> | <cluster_id> --replicas=<nu
 |===
 |Option |Definition
 
+// Note for writers: This command works the same way as rosa create --additional-compute-security-group-ids but all subsequent machinepools are compute only so we don't specify compute here yet; consistency across commands to come in OCM-3111.
+|--additional-security-group-ids <sec_group_id>
+|The identifier of one or more additional security groups to use along with the default security groups for this machine pool. For more information on additional security groups, see the requirements for _Security groups_ under _Additional resources_.
+
 a|--cluster <cluster_name>\|<cluster_id>
 |Required: The name or ID of the cluster to which the machine pool will be added.
 
diff --git a/modules/rosa-creating-cluster.adoc b/modules/rosa-creating-cluster.adoc
index 44a99b320bed..d581936eee7b 100644
--- a/modules/rosa-creating-cluster.adoc
+++ b/modules/rosa-creating-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-creating-cluster_{context}"]
 = Creating your cluster
 
@@ -30,7 +30,7 @@ Multiple availability zones (AZ) are recommended for production workloads. The d
 +
 * To create your cluster with the default cluster settings:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa create cluster --cluster-name=<cluster_name>
 ----
@@ -46,7 +46,7 @@ I: To determine when your cluster is Ready, run `rosa describe cluster rh-rosa-t
 ----
 * To create a cluster using interactive prompts:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa create cluster --interactive
 ----
@@ -58,7 +58,7 @@ $ rosa create cluster --interactive
 
 . Enter the following command to check the status of your cluster. During cluster creation, the `State` field from the output will transition from `pending` to `installing`, and finally to `ready`.
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa describe cluster --cluster=<cluster_name>
 ----
@@ -91,7 +91,7 @@ If installation fails or the `State` field does not change to `ready` after 40 m
 
 . Track the progress of the cluster creation by watching the OpenShift installer logs:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa logs install --cluster=<cluster_name> --watch
 ----
diff --git a/modules/rosa-creating-node-tuning.adoc b/modules/rosa-creating-node-tuning.adoc
index f446f18cc472..5cb34aac624b 100644
--- a/modules/rosa-creating-node-tuning.adoc
+++ b/modules/rosa-creating-node-tuning.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_hcp/rosa-tuning-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-creating-node-tuning_{context}"]
 = Creating node tuning configurations on {hcp-title}
 
diff --git a/modules/rosa-creating-operator-roles-and-oidc-manually-ocm.adoc b/modules/rosa-creating-operator-roles-and-oidc-manually-ocm.adoc
index a6c7a6a0f258..3fdc8a614dab 100644
--- a/modules/rosa-creating-operator-roles-and-oidc-manually-ocm.adoc
+++ b/modules/rosa-creating-operator-roles-and-oidc-manually-ocm.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-creating-operator-roles-and-oidc-manually-ocm_{context}"]
 = Creating the Operator roles and OIDC provider using {cluster-manager}
 
diff --git a/modules/rosa-customer-access.adoc b/modules/rosa-customer-access.adoc
new file mode 100644
index 000000000000..b8ea77335b2a
--- /dev/null
+++ b/modules/rosa-customer-access.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+[id="rosa-policy-customer-access_{context}"]
+= Customer access
+Customer access is limited to namespaces created by the customer and permissions that are granted using RBAC by the Customer Administrator role. Access to the underlying infrastructure or product namespaces is generally not permitted without `cluster-admin` access. For more information about customer access and authentication, see the "Understanding Authentication" section of the documentation.
\ No newline at end of file
diff --git a/modules/rosa-delete-cluster-admins.adoc b/modules/rosa-delete-cluster-admins.adoc
index b3c354d3eb47..6b350a9cfe97 100644
--- a/modules/rosa-delete-cluster-admins.adoc
+++ b/modules/rosa-delete-cluster-admins.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-delete-cluster-admins_{context}"]
 = Revoking `cluster-admin` access using the ROSA CLI
 Only the user who created the cluster can revoke access for `cluster-admin` users.
diff --git a/modules/rosa-delete-dedicated-admins.adoc b/modules/rosa-delete-dedicated-admins.adoc
index 7423b231ceb3..822e9e23efa4 100644
--- a/modules/rosa-delete-dedicated-admins.adoc
+++ b/modules/rosa-delete-dedicated-admins.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-delete-dedicated-admins_{context}"]
 = Revoking `dedicated-admin` access using the ROSA CLI
 You can revoke access for a `dedicated-admin` user if you are the user who created the cluster, the organization administrator user, or the super administrator user.
diff --git a/modules/rosa-delete-objects.adoc b/modules/rosa-delete-objects.adoc
index cb1ba5d712fd..17c557d23a1c 100644
--- a/modules/rosa-delete-objects.adoc
+++ b/modules/rosa-delete-objects.adoc
@@ -75,6 +75,9 @@ $ rosa delete cluster --cluster=<cluster_name> | <cluster_id> [arguments]
 
 |--watch
 |Watches the cluster uninstallation logs.
+
+|--best-effort
+|Skips steps in the cluster destruction chain that are known to cause the cluster deletion process to fail. You should use this option with care and it is recommended that you manually check your AWS account for any resources that might be left over after using `--best-effort`.
 |===
 
 .Optional arguments inherited from parent commands
diff --git a/modules/rosa-delete-users.adoc b/modules/rosa-delete-users.adoc
index 8d611fa03dfa..7dec5fa0cfcd 100644
--- a/modules/rosa-delete-users.adoc
+++ b/modules/rosa-delete-users.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-delete-users"]
 = Revoking administrator access using {cluster-manager} console
 You can revoke the `dedicated-admin` or `cluster-admin` access of users through {cluster-manager} console. Users will be able to access the cluster without administrator privileges.
diff --git a/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc b/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc
index 21a09692ea33..d258e1b72a39 100644
--- a/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc
+++ b/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc
@@ -6,7 +6,7 @@ ifeval::["{context}" == "rosa-sts-deleting-cluster"]
 :sts:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-deleting-account-wide-iam-roles-and-policies_{context}"]
 = Deleting the account-wide IAM roles and policies
 
diff --git a/modules/rosa-deleting-cluster.adoc b/modules/rosa-deleting-cluster.adoc
index 8a3b2aa2a8ef..f47f4f20fae1 100644
--- a/modules/rosa-deleting-cluster.adoc
+++ b/modules/rosa-deleting-cluster.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "rosa-sts-deleting-cluster"]
 :sts:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-deleting-cluster_{context}"]
 ifndef::sts[]
 = Deleting a ROSA cluster
@@ -70,11 +70,11 @@ State:                      ready
 Private:                    No
 Created:                    May 13 2022 11:26:15 UTC
 Details Page:               https://console.redhat.com/openshift/details/s/296kyEFwzoy1CREQicFRdZybrc0
-OIDC Endpoint URL:          https://rh-oidc.s3.us-east-1.amazonaws.com/1s5v4k39lhm8sm59m90mi0822o31844a <3>
+OIDC Endpoint URL:          https://oidc.op1.openshiftapps.com/<oidc_config_id> <3>
 ----
 <1> Lists the cluster ID.
 <2> Specifies the ARNs for the cluster-specific Operator roles. For example, in the sample output the ARN for the role required by the Machine Config Operator is `arn:aws:iam::<aws_account_id>:role/mycluster-x4q9-openshift-machine-api-aws-cloud-credentials`.
-<3> Specifies the endpoint URL for the cluster-specific OIDC provider.
+<3> Displays the endpoint URL for the cluster-specific OIDC provider.
 +
 [IMPORTANT]
 ====
@@ -95,7 +95,7 @@ ifndef::sts[]
 . Enter the following command to delete a cluster and watch the logs, replacing `<cluster_name>` with the name or ID of your cluster:
 endif::sts[]
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa delete cluster --cluster=<cluster_name> --watch
 ----
@@ -110,7 +110,7 @@ endif::sts[]
 ifndef::sts[]
 . To clean up your CloudFormation stack, enter the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa init --delete
 ----
diff --git a/modules/rosa-deleting-node-tuning.adoc b/modules/rosa-deleting-node-tuning.adoc
index 85a96de61a3a..0d35a303b6f3 100644
--- a/modules/rosa-deleting-node-tuning.adoc
+++ b/modules/rosa-deleting-node-tuning.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_hcp/rosa-tuning-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-deleting-node-tuning_{context}"]
 = Deleting node tuning configurations on {hcp-title}
 
diff --git a/modules/rosa-deleting-sts-iam-resources-account-wide.adoc b/modules/rosa-deleting-sts-iam-resources-account-wide.adoc
index 0978eee98a63..a6e7e2ce1e60 100644
--- a/modules/rosa-deleting-sts-iam-resources-account-wide.adoc
+++ b/modules/rosa-deleting-sts-iam-resources-account-wide.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-deleting-sts-resources-account-wide_{context}"]
 = Deleting the account-wide IAM resources
 
diff --git a/modules/rosa-disabling-autoscaling-nodes.adoc b/modules/rosa-disabling-autoscaling-nodes.adoc
index 7e5f9e069b52..db06cb7b0411 100644
--- a/modules/rosa-disabling-autoscaling-nodes.adoc
+++ b/modules/rosa-disabling-autoscaling-nodes.adoc
@@ -4,7 +4,7 @@
 // * rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc
 // * nodes/nodes-about-autoscaling-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-disabling-autoscaling_{context}"]
 = Disabling autoscaling nodes in an existing cluster using the ROSA CLI
 
diff --git a/modules/rosa-edit-objects.adoc b/modules/rosa-edit-objects.adoc
index 370733f5f4e0..18435e5375aa 100644
--- a/modules/rosa-edit-objects.adoc
+++ b/modules/rosa-edit-objects.adoc
@@ -85,11 +85,32 @@ $ rosa edit ingress --cluster=<cluster_name> | <cluster_id> [arguments]
 |--cluster
 |Required: The name or ID (string) of the cluster to which the ingress will be added.
 
+|--cluster-routes-hostname  
+|Components route hostname for OAuth, console, and download.
+
+|--cluster-routes-tls-secret-ref 
+|Components route TLS secret reference for OAuth, console, and download.
+
+|--excluded-namespaces 
+|Excluded namespaces for ingress. Format is a comma-separated list `value1, value2...`. If no values are specified, all namespaces will be exposed.
+
 |--label-match
 |The label match (string) for ingress. The format must be a comma-delimited list of key=value pairs. If no label is specified, all routes are exposed on both routers.
 
+|--lb-type  
+|Type of Load Balancer. Options are `classic`, `nlb`.
+
+|--namespace-ownership-policy
+|Namespace Ownership Policy for ingress. Options are `Strict` and `InterNamespaceAllowed`. Default is `Strict`.
+
 |--private
 |Restricts the application route to direct, private connectivity.
+
+|--route-selector
+|Route Selector for ingress. Format is a comma-separated list of key=value. If no label is specified, all routes will be exposed on both routers. For legacy ingress support these are inclusion labels, otherwise they are treated as exclusion label.
+
+|--wildcard-policy 
+|Wildcard Policy for ingress. Options are `WildcardsDisallowed` and `WildcardsAllowed`. Default is `WildcardsDisallowed`.
 |===
 
 .Optional arguments inherited from parent commands
@@ -113,6 +134,7 @@ $ rosa edit ingress --cluster=<cluster_name> | <cluster_id> [arguments]
 .Examples
 
 Make an additional ingress with the ID `a1b2` as a private connection on a cluster named `mycluster`.
+
 [source,terminal]
 ----
 $ rosa edit ingress --private --cluster=mycluster a1b2
@@ -132,6 +154,13 @@ Update the default ingress using the sub-domain identifier `apps` on a cluster n
 $ rosa edit ingress --private=false --cluster=mycluster apps
 ----
 
+Update the load balancer type of the `apps2` ingress.
+
+[source,terminal]
+----
+$ rosa edit ingress --lb-type=nlb --cluster=mycluster apps2
+----
+
 [id="rosa-edit-machinepool_{context}"]
 == edit machinepool
 
diff --git a/modules/rosa-edit-objects.html b/modules/rosa-edit-objects.html
new file mode 100644
index 000000000000..4f2d51374008
--- /dev/null
+++ b/modules/rosa-edit-objects.html
@@ -0,0 +1,761 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<meta name="generator" content="Asciidoctor 2.0.17">
+<title>Edit objects</title>
+<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
+<style>
+/*! Asciidoctor default stylesheet | MIT License | https://asciidoctor.org */
+/* Uncomment the following line when using as a custom stylesheet */
+/* @import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700"; */
+html{font-family:sans-serif;-webkit-text-size-adjust:100%}
+a{background:none}
+a:focus{outline:thin dotted}
+a:active,a:hover{outline:0}
+h1{font-size:2em;margin:.67em 0}
+b,strong{font-weight:bold}
+abbr{font-size:.9em}
+abbr[title]{cursor:help;border-bottom:1px dotted #dddddf;text-decoration:none}
+dfn{font-style:italic}
+hr{height:0}
+mark{background:#ff0;color:#000}
+code,kbd,pre,samp{font-family:monospace;font-size:1em}
+pre{white-space:pre-wrap}
+q{quotes:"\201C" "\201D" "\2018" "\2019"}
+small{font-size:80%}
+sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
+sup{top:-.5em}
+sub{bottom:-.25em}
+img{border:0}
+svg:not(:root){overflow:hidden}
+figure{margin:0}
+audio,video{display:inline-block}
+audio:not([controls]){display:none;height:0}
+fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
+legend{border:0;padding:0}
+button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
+button,input{line-height:normal}
+button,select{text-transform:none}
+button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}
+button[disabled],html input[disabled]{cursor:default}
+input[type=checkbox],input[type=radio]{padding:0}
+button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
+textarea{overflow:auto;vertical-align:top}
+table{border-collapse:collapse;border-spacing:0}
+*,::before,::after{box-sizing:border-box}
+html,body{font-size:100%}
+body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;line-height:1;position:relative;cursor:auto;-moz-tab-size:4;-o-tab-size:4;tab-size:4;word-wrap:anywhere;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
+a:hover{cursor:pointer}
+img,object,embed{max-width:100%;height:auto}
+object,embed{height:100%}
+img{-ms-interpolation-mode:bicubic}
+.left{float:left!important}
+.right{float:right!important}
+.text-left{text-align:left!important}
+.text-right{text-align:right!important}
+.text-center{text-align:center!important}
+.text-justify{text-align:justify!important}
+.hide{display:none}
+img,object,svg{display:inline-block;vertical-align:middle}
+textarea{height:auto;min-height:50px}
+select{width:100%}
+.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
+div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0}
+a{color:#2156a5;text-decoration:underline;line-height:inherit}
+a:hover,a:focus{color:#1d4b8f}
+a img{border:0}
+p{line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
+p aside{font-size:.875em;line-height:1.35;font-style:italic}
+h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
+h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
+h1{font-size:2.125em}
+h2{font-size:1.6875em}
+h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
+h4,h5{font-size:1.125em}
+h6{font-size:1em}
+hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em}
+em,i{font-style:italic;line-height:inherit}
+strong,b{font-weight:bold;line-height:inherit}
+small{font-size:60%;line-height:inherit}
+code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
+ul,ol,dl{line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
+ul,ol{margin-left:1.5em}
+ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0}
+ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
+ul.square{list-style-type:square}
+ul.circle{list-style-type:circle}
+ul.disc{list-style-type:disc}
+ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
+dl dt{margin-bottom:.3125em;font-weight:bold}
+dl dd{margin-bottom:1.25em}
+blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
+blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
+@media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
+h1{font-size:2.75em}
+h2{font-size:2.3125em}
+h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
+h4{font-size:1.4375em}}
+table{background:#fff;margin-bottom:1.25em;border:1px solid #dedede;word-wrap:normal}
+table thead,table tfoot{background:#f7f8f7}
+table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
+table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
+table tr.even,table tr.alt{background:#f8f8f7}
+table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{line-height:1.6}
+h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
+h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
+.center{margin-left:auto;margin-right:auto}
+.stretch{width:100%}
+.clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table}
+.clearfix::after,.float-group::after{clear:both}
+:not(pre).nobreak{word-wrap:normal}
+:not(pre).nowrap{white-space:nowrap}
+:not(pre).pre-wrap{white-space:pre-wrap}
+:not(pre):not([class^=L])>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background:#f7f7f8;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed}
+pre{color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;line-height:1.45;text-rendering:optimizeSpeed}
+pre code,pre pre{color:inherit;font-size:inherit;line-height:inherit}
+pre>code{display:block}
+pre.nowrap,pre.nowrap pre{white-space:pre;word-wrap:normal}
+em em{font-style:normal}
+strong strong{font-weight:400}
+.keyseq{color:rgba(51,51,51,.8)}
+kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background:#f7f7f7;border:1px solid #ccc;border-radius:3px;box-shadow:0 1px 0 rgba(0,0,0,.2),inset 0 0 0 .1em #fff;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
+.keyseq kbd:first-child{margin-left:0}
+.keyseq kbd:last-child{margin-right:0}
+.menuseq,.menuref{color:#000}
+.menuseq b:not(.caret),.menuref{font-weight:inherit}
+.menuseq{word-spacing:-.02em}
+.menuseq b.caret{font-size:1.25em;line-height:.8}
+.menuseq i.caret{font-weight:bold;text-align:center;width:.45em}
+b.button::before,b.button::after{position:relative;top:-1px;font-weight:400}
+b.button::before{content:"[";padding:0 3px 0 2px}
+b.button::after{content:"]";padding:0 2px 0 3px}
+p a>code:hover{color:rgba(0,0,0,.9)}
+#header,#content,#footnotes,#footer{width:100%;margin:0 auto;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
+#header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table}
+#header::after,#content::after,#footnotes::after,#footer::after{clear:both}
+#content{margin-top:1.25em}
+#content::before{content:none}
+#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
+#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #dddddf}
+#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #dddddf;padding-bottom:8px}
+#header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:flex;flex-flow:row wrap}
+#header .details span:first-child{margin-left:-.125em}
+#header .details span.email a{color:rgba(0,0,0,.85)}
+#header .details br{display:none}
+#header .details br+span::before{content:"\00a0\2013\00a0"}
+#header .details br+span.author::before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
+#header .details br+span#revremark::before{content:"\00a0|\00a0"}
+#header #revnumber{text-transform:capitalize}
+#header #revnumber::after{content:"\00a0"}
+#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #dddddf;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
+#toc{border-bottom:1px solid #e7e7e9;padding-bottom:.5em}
+#toc>ul{margin-left:.125em}
+#toc ul.sectlevel0>li>a{font-style:italic}
+#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
+#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
+#toc li{line-height:1.3334;margin-top:.3334em}
+#toc a{text-decoration:none}
+#toc a:active{text-decoration:underline}
+#toctitle{color:#7a2518;font-size:1.2em}
+@media screen and (min-width:768px){#toctitle{font-size:1.375em}
+body.toc2{padding-left:15em;padding-right:0}
+#toc.toc2{margin-top:0!important;background:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
+#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
+#toc.toc2>ul{font-size:.9em;margin-bottom:0}
+#toc.toc2 ul ul{margin-left:0;padding-left:1em}
+#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
+body.toc2.toc-right{padding-left:0;padding-right:15em}
+body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #e7e7e9;left:auto;right:0}}
+@media screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
+#toc.toc2{width:20em}
+#toc.toc2 #toctitle{font-size:1.375em}
+#toc.toc2>ul{font-size:.95em}
+#toc.toc2 ul ul{padding-left:1.25em}
+body.toc2.toc-right{padding-left:0;padding-right:20em}}
+#content #toc{border:1px solid #e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;border-radius:4px}
+#content #toc>:first-child{margin-top:0}
+#content #toc>:last-child{margin-bottom:0}
+#footer{max-width:none;background:rgba(0,0,0,.8);padding:1.25em}
+#footer-text{color:hsla(0,0%,100%,.8);line-height:1.44}
+#content{margin-bottom:.625em}
+.sect1{padding-bottom:.625em}
+@media screen and (min-width:768px){#content{margin-bottom:1.25em}
+.sect1{padding-bottom:1.25em}}
+.sect1:last-child{padding-bottom:0}
+.sect1+.sect1{border-top:1px solid #e7e7e9}
+#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
+#content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
+#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
+#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
+#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
+details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
+details{margin-left:1.25rem}
+details>summary{cursor:pointer;display:block;position:relative;line-height:1.6;margin-bottom:.625rem;outline:none;-webkit-tap-highlight-color:transparent}
+details>summary::-webkit-details-marker{display:none}
+details>summary::before{content:"";border:solid transparent;border-left:solid;border-width:.3em 0 .3em .5em;position:absolute;top:.5em;left:-1.25rem;transform:translateX(15%)}
+details[open]>summary::before{border:solid transparent;border-top:solid;border-width:.5em .3em 0;transform:translateY(15%)}
+details>summary::after{content:"";width:1.25rem;height:1em;position:absolute;top:.3em;left:-1.25rem}
+.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
+table.tableblock.fit-content>caption.title{white-space:nowrap;width:0}
+.paragraph.lead>p,#preamble>.sectionbody>[class=paragraph]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
+.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
+.admonitionblock>table td.icon{text-align:center;width:80px}
+.admonitionblock>table td.icon img{max-width:none}
+.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
+.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6);word-wrap:anywhere}
+.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
+.exampleblock>.content{border:1px solid #e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;border-radius:4px}
+.exampleblock>.content>:first-child{margin-top:0}
+.exampleblock>.content>:last-child{margin-bottom:0}
+.sidebarblock{border:1px solid #dbdbd6;margin-bottom:1.25em;padding:1.25em;background:#f3f3f2;border-radius:4px}
+.sidebarblock>:first-child{margin-top:0}
+.sidebarblock>:last-child{margin-bottom:0}
+.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
+.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
+.literalblock pre,.listingblock>.content>pre{border-radius:4px;overflow-x:auto;padding:1em;font-size:.8125em}
+@media screen and (min-width:768px){.literalblock pre,.listingblock>.content>pre{font-size:.90625em}}
+@media screen and (min-width:1280px){.literalblock pre,.listingblock>.content>pre{font-size:1em}}
+.literalblock pre,.listingblock>.content>pre:not(.highlight),.listingblock>.content>pre[class=highlight],.listingblock>.content>pre[class^="highlight "]{background:#f7f7f8}
+.literalblock.output pre{color:#f7f7f8;background:rgba(0,0,0,.9)}
+.listingblock>.content{position:relative}
+.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:inherit;opacity:.5}
+.listingblock:hover code[data-lang]::before{display:block}
+.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:inherit;opacity:.5}
+.listingblock.terminal pre .command:not([data-prompt])::before{content:"$"}
+.listingblock pre.highlightjs{padding:0}
+.listingblock pre.highlightjs>code{padding:1em;border-radius:4px}
+.listingblock pre.prettyprint{border-width:0}
+.prettyprint{background:#f7f7f8}
+pre.prettyprint .linenums{line-height:1.45;margin-left:2em}
+pre.prettyprint li{background:none;list-style-type:inherit;padding-left:0}
+pre.prettyprint li code[data-lang]::before{opacity:1}
+pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none}
+table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none}
+table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal}
+table.linenotable td.code{padding-left:.75em}
+table.linenotable td.linenos,pre.pygments .linenos{border-right:1px solid;opacity:.35;padding-right:.5em;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}
+pre.pygments span.linenos{display:inline-block;margin-right:.75em}
+.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
+.quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em}
+.quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
+.quoteblock blockquote{margin:0;padding:0;border:0}
+.quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
+.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
+.quoteblock .attribution{margin-top:.75em;margin-right:.5ex;text-align:right}
+.verseblock{margin:0 1em 1.25em}
+.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans-serif;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
+.verseblock pre strong{font-weight:400}
+.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
+.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
+.quoteblock .attribution br,.verseblock .attribution br{display:none}
+.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
+.quoteblock.abstract blockquote::before,.quoteblock.excerpt blockquote::before,.quoteblock .quoteblock blockquote::before{display:none}
+.quoteblock.abstract blockquote,.quoteblock.abstract p,.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{line-height:1.6;word-spacing:0}
+.quoteblock.abstract{margin:0 1em 1.25em;display:block}
+.quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center}
+.quoteblock.excerpt>blockquote,.quoteblock .quoteblock{padding:0 0 .25em 1em;border-left:.25em solid #dddddf}
+.quoteblock.excerpt,.quoteblock .quoteblock{margin-left:0}
+.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{color:inherit;font-size:1.0625rem}
+.quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;font-size:.85rem;text-align:left;margin-right:0}
+p.tableblock:last-child{margin-bottom:0}
+td.tableblock>.content{margin-bottom:1.25em;word-wrap:anywhere}
+td.tableblock>.content>:last-child{margin-bottom:-1.25em}
+table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
+table.grid-all>*>tr>*{border-width:1px}
+table.grid-cols>*>tr>*{border-width:0 1px}
+table.grid-rows>*>tr>*{border-width:1px 0}
+table.frame-all{border-width:1px}
+table.frame-ends{border-width:1px 0}
+table.frame-sides{border-width:0 1px}
+table.frame-none>colgroup+*>:first-child>*,table.frame-sides>colgroup+*>:first-child>*{border-top-width:0}
+table.frame-none>:last-child>:last-child>*,table.frame-sides>:last-child>:last-child>*{border-bottom-width:0}
+table.frame-none>*>tr>:first-child,table.frame-ends>*>tr>:first-child{border-left-width:0}
+table.frame-none>*>tr>:last-child,table.frame-ends>*>tr>:last-child{border-right-width:0}
+table.stripes-all>*>tr,table.stripes-odd>*>tr:nth-of-type(odd),table.stripes-even>*>tr:nth-of-type(even),table.stripes-hover>*>tr:hover{background:#f8f8f7}
+th.halign-left,td.halign-left{text-align:left}
+th.halign-right,td.halign-right{text-align:right}
+th.halign-center,td.halign-center{text-align:center}
+th.valign-top,td.valign-top{vertical-align:top}
+th.valign-bottom,td.valign-bottom{vertical-align:bottom}
+th.valign-middle,td.valign-middle{vertical-align:middle}
+table thead th,table tfoot th{font-weight:bold}
+tbody tr th{background:#f7f8f7}
+tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
+p.tableblock>code:only-child{background:none;padding:0}
+p.tableblock{font-size:1em}
+ol{margin-left:1.75em}
+ul li ol{margin-left:1.5em}
+dl dd{margin-left:1.125em}
+dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
+li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
+ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
+ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
+ul.unstyled,ol.unstyled{margin-left:0}
+li>p:empty:only-child::before{content:"";display:inline-block}
+ul.checklist>li>p:first-child{margin-left:-1em}
+ul.checklist>li>p:first-child>.fa-square-o:first-child,ul.checklist>li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
+ul.checklist>li>p:first-child>input[type=checkbox]:first-child{margin-right:.25em}
+ul.inline{display:flex;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
+ul.inline>li{margin-left:1.25em}
+.unstyled dl dt{font-weight:400;font-style:normal}
+ol.arabic{list-style-type:decimal}
+ol.decimal{list-style-type:decimal-leading-zero}
+ol.loweralpha{list-style-type:lower-alpha}
+ol.upperalpha{list-style-type:upper-alpha}
+ol.lowerroman{list-style-type:lower-roman}
+ol.upperroman{list-style-type:upper-roman}
+ol.lowergreek{list-style-type:lower-greek}
+.hdlist>table,.colist>table{border:0;background:none}
+.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
+td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
+td.hdlist1{font-weight:bold;padding-bottom:1.25em}
+td.hdlist2{word-wrap:anywhere}
+.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
+.colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top}
+.colist td:not([class]):first-child img{max-width:none}
+.colist td:not([class]):last-child{padding:.25em 0}
+.thumb,.th{line-height:0;display:inline-block;border:4px solid #fff;box-shadow:0 0 0 1px #ddd}
+.imageblock.left{margin:.25em .625em 1.25em 0}
+.imageblock.right{margin:.25em 0 1.25em .625em}
+.imageblock>.title{margin-bottom:0}
+.imageblock.thumb,.imageblock.th{border-width:6px}
+.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
+.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
+.image.left{margin-right:.625em}
+.image.right{margin-left:.625em}
+a.image{text-decoration:none;display:inline-block}
+a.image object{pointer-events:none}
+sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
+sup.footnote a,sup.footnoteref a{text-decoration:none}
+sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
+#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
+#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em;border-width:1px 0 0}
+#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;margin-bottom:.2em}
+#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
+#footnotes .footnote:last-of-type{margin-bottom:0}
+#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
+div.unbreakable{page-break-inside:avoid}
+.big{font-size:larger}
+.small{font-size:smaller}
+.underline{text-decoration:underline}
+.overline{text-decoration:overline}
+.line-through{text-decoration:line-through}
+.aqua{color:#00bfbf}
+.aqua-background{background:#00fafa}
+.black{color:#000}
+.black-background{background:#000}
+.blue{color:#0000bf}
+.blue-background{background:#0000fa}
+.fuchsia{color:#bf00bf}
+.fuchsia-background{background:#fa00fa}
+.gray{color:#606060}
+.gray-background{background:#7d7d7d}
+.green{color:#006000}
+.green-background{background:#007d00}
+.lime{color:#00bf00}
+.lime-background{background:#00fa00}
+.maroon{color:#600000}
+.maroon-background{background:#7d0000}
+.navy{color:#000060}
+.navy-background{background:#00007d}
+.olive{color:#606000}
+.olive-background{background:#7d7d00}
+.purple{color:#600060}
+.purple-background{background:#7d007d}
+.red{color:#bf0000}
+.red-background{background:#fa0000}
+.silver{color:#909090}
+.silver-background{background:#bcbcbc}
+.teal{color:#006060}
+.teal-background{background:#007d7d}
+.white{color:#bfbfbf}
+.white-background{background:#fafafa}
+.yellow{color:#bfbf00}
+.yellow-background{background:#fafa00}
+span.icon>.fa{cursor:default}
+a span.icon>.fa{cursor:inherit}
+.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
+.admonitionblock td.icon .icon-note::before{content:"\f05a";color:#19407c}
+.admonitionblock td.icon .icon-tip::before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
+.admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900}
+.admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400}
+.admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000}
+.conum[data-value]{display:inline-block;color:#fff!important;background:rgba(0,0,0,.8);border-radius:50%;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
+.conum[data-value] *{color:#fff!important}
+.conum[data-value]+b{display:none}
+.conum[data-value]::after{content:attr(data-value)}
+pre .conum[data-value]{position:relative;top:-.125em}
+b.conum *{color:inherit!important}
+.conum:not([data-value]):empty{display:none}
+dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
+h1,h2,p,td.content,span.alt,summary{letter-spacing:-.01em}
+p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
+p,blockquote,dt,td.content,span.alt,summary{font-size:1.0625rem}
+p{margin-bottom:1.25rem}
+.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
+.exampleblock>.content{background:#fffef7;border-color:#e0e0dc;box-shadow:0 1px 4px #e0e0dc}
+.print-only{display:none!important}
+@page{margin:1.25cm .75cm}
+@media print{*{box-shadow:none!important;text-shadow:none!important}
+html{font-size:80%}
+a{color:inherit!important;text-decoration:underline!important}
+a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
+a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
+abbr[title]{border-bottom:1px dotted}
+abbr[title]::after{content:" (" attr(title) ")"}
+pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
+thead{display:table-header-group}
+svg{max-width:100%}
+p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
+h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
+#header,#content,#footnotes,#footer{max-width:none}
+#toc,.sidebarblock,.exampleblock>.content{background:none!important}
+#toc{border-bottom:1px solid #dddddf!important;padding-bottom:0!important}
+body.book #header{text-align:center}
+body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em}
+body.book #header .details{border:0!important;display:block;padding:0!important}
+body.book #header .details span:first-child{margin-left:0!important}
+body.book #header .details br{display:block}
+body.book #header .details br+span::before{content:none!important}
+body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
+body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
+.listingblock code[data-lang]::before{display:block}
+#footer{padding:0 .9375em}
+.hide-on-print{display:none!important}
+.print-only{display:block!important}
+.hide-for-print{display:none!important}
+.show-for-print{display:inherit!important}}
+@media amzn-kf8,print{#header>h1:first-child{margin-top:1.25rem}
+.sect1{padding:0!important}
+.sect1+.sect1{border:0}
+#footer{background:none}
+#footer-text{color:rgba(0,0,0,.6);font-size:.9em}}
+@media amzn-kf8{#header,#content,#footnotes,#footer{padding:0}}
+</style>
+</head>
+<body id="rosa-edit-objects_{context}" class="article">
+<div id="header">
+<h1>Edit objects</h1>
+</div>
+<div id="content">
+<div id="preamble">
+<div class="sectionbody">
+<div class="paragraph">
+<p>This section describes the <code>edit</code> commands for clusters and resources.</p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="rosa-edit-cluster_{context}">edit cluster</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Allows edits to an existing cluster.</p>
+</div>
+<div class="listingblock">
+<div class="title">Syntax</div>
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit cluster --cluster=&lt;cluster_name&gt; | &lt;cluster_id&gt; [arguments]</code></pre>
+</div>
+</div>
+<table class="tableblock frame-all grid-all stretch">
+<caption class="title">Table 1. Arguments</caption>
+<colgroup>
+<col style="width: 30%;">
+<col style="width: 70%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Option</th>
+<th class="tableblock halign-left valign-top">Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--cluster</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Required: The name or ID (string) of the cluster to edit.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--private</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Restricts a primary API endpoint to direct, private connectivity.</p></td>
+</tr>
+</tbody>
+</table>
+<table class="tableblock frame-all grid-all stretch">
+<caption class="title">Table 2. Optional arguments inherited from parent commands</caption>
+<colgroup>
+<col style="width: 30%;">
+<col style="width: 70%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Option</th>
+<th class="tableblock halign-left valign-top">Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--help</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Shows help for this command.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--debug</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables debug mode.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--interactive</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables interactive mode.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--profile</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies an AWS profile (string) from your credentials file.</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<div class="title">Examples</div>
+<p>Edit a cluster named <code>mycluster</code> to make it private.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit cluster --cluster=mycluster --private</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Edit all cluster options interactively on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit cluster --cluster=mycluster --interactive</code></pre>
+</div>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="rosa-edit-ingress_{context}">edit ingress</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Edits the additional non-default application router for a cluster.</p>
+</div>
+<div class="listingblock">
+<div class="title">Syntax</div>
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit ingress --cluster=&lt;cluster_name&gt; | &lt;cluster_id&gt; [arguments]</code></pre>
+</div>
+</div>
+<table class="tableblock frame-all grid-all stretch">
+<caption class="title">Table 3. Arguments</caption>
+<colgroup>
+<col style="width: 30%;">
+<col style="width: 70%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Option</th>
+<th class="tableblock halign-left valign-top">Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--cluster</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Required: The name or ID (string) of the cluster to which the ingress will be added.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--label-match</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The label match (string) for ingress. The format must be a comma-delimited list of key=value pairs. If no label is specified, all routes are exposed on both routers.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--private</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Restricts the application route to direct, private connectivity.</p></td>
+</tr>
+</tbody>
+</table>
+<table class="tableblock frame-all grid-all stretch">
+<caption class="title">Table 4. Optional arguments inherited from parent commands</caption>
+<colgroup>
+<col style="width: 30%;">
+<col style="width: 70%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Option</th>
+<th class="tableblock halign-left valign-top">Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--help</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Shows help for this command.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--debug</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables debug mode.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--interactive</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables interactive mode.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--profile</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies an AWS profile (string) from your credentials file.</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<div class="title">Examples</div>
+<p>Make an additional ingress with the ID <code>a1b2</code> as a private connection on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit ingress --private --cluster=mycluster a1b2</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Update the router selectors for the additional ingress with the ID <code>a1b2</code> on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit ingress --label-match=foo=bar --cluster=mycluster a1b2</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Update the default ingress using the sub-domain identifier <code>apps</code> on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit ingress --private=false --cluster=mycluster apps</code></pre>
+</div>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="rosa-edit-machinepool_{context}">edit machinepool</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Allows edits to the machine pool in a cluster.</p>
+</div>
+<div class="listingblock">
+<div class="title">Syntax</div>
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit machinepool --cluster=&lt;cluster_name&gt; | &lt;cluster_id&gt; &lt;machinepool_ID&gt; [arguments]</code></pre>
+</div>
+</div>
+<table class="tableblock frame-all grid-all stretch">
+<caption class="title">Table 5. Arguments</caption>
+<colgroup>
+<col style="width: 30%;">
+<col style="width: 70%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Option</th>
+<th class="tableblock halign-left valign-top">Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--cluster</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Required: The name or ID (string) of the cluster to edit on which the additional machine pool will be edited.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--enable-autoscaling</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enable or disable autoscaling of compute nodes. To enable autoscaling, use this argument with the <code>--min-replicas</code> and <code>--max-replicas</code> arguments. To disable autoscaling, use <code>--enable-autoscaling=false</code> with the <code>--replicas</code> argument.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--labels</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">The labels (string) for the machine pool. The format must be a comma-delimited list of key=value pairs. Editing this value only affects newly created nodes of the machine pool, which are created by increasing the node number, and does not affect the existing nodes. This list overwrites any modifications made to node labels on an ongoing basis.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--max-replicas</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies the maximum number of compute nodes when enabling autoscaling.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--min-replicas</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies the minimum number of compute nodes when enabling autoscaling.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--replicas</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Required when autoscaling is not configured. The number (integer) of machines for this machine pool.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--taints</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Taints for the machine pool. This string value should be formatted as a comma-separated list of <code>key=value:ScheduleType</code>. Editing this value only affect newly created nodes of the machine pool, which are created by increasing the node number, and does not affect the existing nodes. This list overwrites any modifications made to Node taints on an ongoing basis.</p></td>
+</tr>
+</tbody>
+</table>
+<table class="tableblock frame-all grid-all stretch">
+<caption class="title">Table 6. Optional arguments inherited from parent commands</caption>
+<colgroup>
+<col style="width: 30%;">
+<col style="width: 70%;">
+</colgroup>
+<thead>
+<tr>
+<th class="tableblock halign-left valign-top">Option</th>
+<th class="tableblock halign-left valign-top">Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--help</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Shows help for this command.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--debug</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables debug mode.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--interactive</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Enables interactive mode.</p></td>
+</tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">--profile</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies an AWS profile (string) from your credentials file.</p></td>
+</tr>
+</tbody>
+</table>
+<div class="paragraph">
+<div class="title">Examples</div>
+<p>Set 4 replicas on a machine pool named <code>mp1</code> on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit machinepool --cluster=mycluster --replicas=4 --name=mp1</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Enable autoscaling on a machine pool named <code>mp1</code> on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit machinepool --cluster=mycluster --enable-autoscaling --min-replicas=3 --max-replicas=5 --name=mp1</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Disable autoscaling on a machine pool named <code>mp1</code> on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit machinepool --cluster=mycluster  --enable-autoscaling=false --replicas=3 --name=mp1</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>Modify the autoscaling range on a machine pool named <code>mp1</code> on a cluster named <code>mycluster</code>.</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code class="language-terminal" data-lang="terminal">$ rosa edit machinepool --max-replicas=9 --cluster=mycluster --name=mp1</code></pre>
+</div>
+</div>
+</div>
+</div>
+</div>
+<div id="footer">
+<div id="footer-text">
+Last updated 2023-08-23 14:37:02 -0400
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/modules/rosa-enable-private-cluster-existing.adoc b/modules/rosa-enable-private-cluster-existing.adoc
index fbfcc0aeefe4..c226ef5b0369 100644
--- a/modules/rosa-enable-private-cluster-existing.adoc
+++ b/modules/rosa-enable-private-cluster-existing.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-private-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-enabling-private-cluster-existing_{context}"]
 = Enabling private cluster on an existing cluster
 
@@ -22,7 +22,7 @@ AWS VPC Peering, VPN, DirectConnect, or link:https://docs.aws.amazon.com/whitepa
 
 Enter the following command to enable the `--private` option on an existing cluster.
 
-[source, terminal]
+[source,terminal]
 ----
 $ rosa edit cluster --cluster=<cluster_name> --private
 ----
diff --git a/modules/rosa-enable-private-cluster-new.adoc b/modules/rosa-enable-private-cluster-new.adoc
index b7704c5e8ead..f90b70e547cd 100644
--- a/modules/rosa-enable-private-cluster-new.adoc
+++ b/modules/rosa-enable-private-cluster-new.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-private-cluster.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-enabling-private-cluster-new_{context}"]
 = Enabling private cluster on a new cluster
 
@@ -22,7 +22,7 @@ AWS VPC Peering, VPN, DirectConnect, or link:https://docs.aws.amazon.com/whitepa
 
 Enter the following command to create a new private cluster.
 
-[source, terminal]
+[source,terminal]
 ----
 $ rosa create cluster --cluster-name=<cluster_name> --private
 ----
diff --git a/modules/rosa-enabling-autoscaling-nodes.adoc b/modules/rosa-enabling-autoscaling-nodes.adoc
index 9fe463ad5448..c03495f8049f 100644
--- a/modules/rosa-enabling-autoscaling-nodes.adoc
+++ b/modules/rosa-enabling-autoscaling-nodes.adoc
@@ -4,7 +4,7 @@
 // * rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc
 // * nodes/nodes-about-autoscaling-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-enabling-autoscaling-nodes_{context}"]
 = Enabling autoscaling nodes in an existing cluster using the ROSA CLI
 
@@ -25,9 +25,9 @@ $ rosa list machinepools --cluster=<cluster_name>
 +
 [source,terminal]
 ----
-ID        AUTOSCALING   REPLICAS    INSTANCE TYPE  LABELS    TINTS   AVAILABILITY ZONES
-default   No            2           m5.xlarge                        us-east-1a
-mp1       No            2           m5.xlarge                        us-east-1a
+ID        AUTOSCALING   REPLICAS    INSTANCE TYPE  LABELS    TAINTS   AVAILABILITY ZONES    DISK SIZE   SG IDs
+default   No            2           m5.xlarge                         us-east-1a            300GiB      sg-0e375ff0ec4a6cfa2
+mp1       No            2           m5.xlarge                         us-east-1a            300GiB      sg-0e375ff0ec4a6cfa2
 ----
 +
 . Get the ID of the machine pools that you want to configure.
diff --git a/modules/rosa-getting-started-access-cluster-web-console.adoc b/modules/rosa-getting-started-access-cluster-web-console.adoc
index 311345d42493..b38937dea1e9 100644
--- a/modules/rosa-getting-started-access-cluster-web-console.adoc
+++ b/modules/rosa-getting-started-access-cluster-web-console.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-access-cluster-web-console_{context}"]
 = Accessing a cluster through the web console
 
diff --git a/modules/rosa-getting-started-configure-an-idp.adoc b/modules/rosa-getting-started-configure-an-idp.adoc
index 79b40d2b0409..b95d1cd7407a 100644
--- a/modules/rosa-getting-started-configure-an-idp.adoc
+++ b/modules/rosa-getting-started-configure-an-idp.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-configure-an-idp_{context}"]
 = Configuring an identity provider
 
diff --git a/modules/rosa-getting-started-create-cluster-admin-user.adoc b/modules/rosa-getting-started-create-cluster-admin-user.adoc
index 25fc9d4a7003..aa46ef47bafd 100644
--- a/modules/rosa-getting-started-create-cluster-admin-user.adoc
+++ b/modules/rosa-getting-started-create-cluster-admin-user.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-create-cluster-admin-user_{context}"]
 = Creating a cluster administrator user for quick cluster access
 
diff --git a/modules/rosa-getting-started-deleting-a-cluster.adoc b/modules/rosa-getting-started-deleting-a-cluster.adoc
index c0fb3677d08e..ae4e1b40b7ea 100644
--- a/modules/rosa-getting-started-deleting-a-cluster.adoc
+++ b/modules/rosa-getting-started-deleting-a-cluster.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-deleting-a-cluster_{context}"]
 = Deleting a ROSA cluster and the AWS STS resources
 
@@ -33,7 +33,7 @@ endif::[]
 
 . Delete a cluster and watch the logs, replacing `<cluster_name>` with the name or ID of your cluster:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ rosa delete cluster --cluster=<cluster_name> --watch
 ----
diff --git a/modules/rosa-getting-started-enable-rosa.adoc b/modules/rosa-getting-started-enable-rosa.adoc
index f0b54e5ebda9..81cf1a812ddd 100644
--- a/modules/rosa-getting-started-enable-rosa.adoc
+++ b/modules/rosa-getting-started-enable-rosa.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-verifying-rosa-prerequisites_{context}"]
 = Verifying ROSA prerequisites
 
diff --git a/modules/rosa-getting-started-grant-admin-privileges.adoc b/modules/rosa-getting-started-grant-admin-privileges.adoc
index a77a50c2a8c1..1c339c4769a9 100644
--- a/modules/rosa-getting-started-grant-admin-privileges.adoc
+++ b/modules/rosa-getting-started-grant-admin-privileges.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-grant-admin-privileges_{context}"]
 = Granting administrator privileges to a user
 
diff --git a/modules/rosa-getting-started-grant-user-access.adoc b/modules/rosa-getting-started-grant-user-access.adoc
index 6ca6108901db..1c8a406a7ea3 100644
--- a/modules/rosa-getting-started-grant-user-access.adoc
+++ b/modules/rosa-getting-started-grant-user-access.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-grant-user-access_{context}"]
 = Granting user access to a cluster
 
diff --git a/modules/rosa-getting-started-install-configure-cli-tools.adoc b/modules/rosa-getting-started-install-configure-cli-tools.adoc
index 3b1acc1c69a2..8bcfba58ee49 100644
--- a/modules/rosa-getting-started-install-configure-cli-tools.adoc
+++ b/modules/rosa-getting-started-install-configure-cli-tools.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-install-configure-cli-tools_{context}"]
 = Installing and configuring the required CLI tools
 
@@ -14,12 +14,12 @@ ifeval::["{context}" == "rosa-quickstart"]
 :quickstart:
 endif::[]
 
-Use the following steps to install and configure 
+Use the following steps to install and configure
 ifdef::quickstart[]
-the AWS and {product-title} (ROSA) CLI tools 
+the AWS and {product-title} (ROSA) CLI tools
 endif::[]
 ifdef::getting-started[]
-AWS, {product-title} (ROSA), and OpenShift CLI tools 
+AWS, {product-title} (ROSA), and OpenShift CLI tools
 endif::[]
 on your workstation.
 
@@ -50,7 +50,7 @@ You can alternatively use the `AWS_DEFAULT_REGION` environment variable to set t
 +
 [source,terminal]
 ----
-$ aws sts get-caller-identity
+$ aws sts get-caller-identity  --output text
 ----
 +
 .Example output
diff --git a/modules/rosa-getting-started-revoke-admin-privileges.adoc b/modules/rosa-getting-started-revoke-admin-privileges.adoc
index 96a6e2f66e51..7746e6bd80d1 100644
--- a/modules/rosa-getting-started-revoke-admin-privileges.adoc
+++ b/modules/rosa-getting-started-revoke-admin-privileges.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-revoke-admin-privileges_{context}"]
 = Revoking administrator privileges from a user
 
diff --git a/modules/rosa-getting-started-revoke-user-access.adoc b/modules/rosa-getting-started-revoke-user-access.adoc
index 018d61116641..a0a6beaa5b80 100644
--- a/modules/rosa-getting-started-revoke-user-access.adoc
+++ b/modules/rosa-getting-started-revoke-user-access.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-revoke-user-access_{context}"]
 = Revoking user access to a cluster
 
diff --git a/modules/rosa-getting-started-verify-aws-quota.adoc b/modules/rosa-getting-started-verify-aws-quota.adoc
index 45e78222cd1f..3e217fed6173 100644
--- a/modules/rosa-getting-started-verify-aws-quota.adoc
+++ b/modules/rosa-getting-started-verify-aws-quota.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/quickstart.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-verify-aws-quota_{context}"]
 = Verifying AWS quota availability
 
diff --git a/modules/rosa-getting-started-verify-elb-role.adoc b/modules/rosa-getting-started-verify-elb-role.adoc
index 246c051e323d..9a39874780e6 100644
--- a/modules/rosa-getting-started-verify-elb-role.adoc
+++ b/modules/rosa-getting-started-verify-elb-role.adoc
@@ -3,7 +3,7 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 // * rosa_getting_started/quickstart.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-getting-started-verify-elb-role_{context}"]
 = Creating the ELB service role
 
diff --git a/modules/rosa-getting-support.adoc b/modules/rosa-getting-support.adoc
index 5b8d6898395b..1ebfc0fd38c4 100644
--- a/modules/rosa-getting-support.adoc
+++ b/modules/rosa-getting-support.adoc
@@ -18,10 +18,6 @@ If you experience difficulty with a procedure described in this documentation, v
 .. Complete the remaining fields.
 .. On the _Review_ page, select the correct cluster ID that you are contacting support about, and click `Submit`.
 
-You can also get support from link:https://aws.amazon.com/premiumsupport/[AWS Support] as long as you have a valid AWS Support contract and have enabled AWS Business, Enterprise On-Ramp, or Enterprise support plans.
-
-To enable an AWS Support plan, see link:http://aws.amazon.com/premiumsupport/knowledge-center/sign-up-support/[How do I sign up for an AWS Support plan?]
-
-For information about creating an AWS Support case, see the link:https://docs.aws.amazon.com/awssupport/latest/user/case-management.html[AWS support case] documentation.
+An AWS Business or Enterprise Support plan is not required to obtain support from AWS for ROSA, but AWS recommends that ROSA customers enable at least AWS Business Support. For more information, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/troubleshooting-rosa.html#rosa-support[AWS Support].
 
 If you have a suggestion for improving this documentation or have found an error, submit a link:https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332330&summary=Documentation_issue&issuetype=1&components=12367614&priority=10200&versions=12385624[Jira issue] for the most relevant documentation component. Be sure to provide specific details, such as the section name and {product-title} version.
diff --git a/modules/rosa-hcp-byo-oidc-options.adoc b/modules/rosa-hcp-byo-oidc-options.adoc
deleted file mode 100644
index 7b4f4a4a2956..000000000000
--- a/modules/rosa-hcp-byo-oidc-options.adoc
+++ /dev/null
@@ -1,69 +0,0 @@
-// Module included in the following assemblies:
-//
-// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
-// * rosa_getting_started/quickstart.adoc
-// * rosa_architecture/rosa-sts-about-iam-resources.adoc
-
-:_content-type: CONCEPT
-[id="rosa-hcp-byo-oidc-options_{context}"]
-= Parameter options for creating your own OpenID Connect configuration
-
-The following options may be added to the `rosa create oidc-config` command. All of these parameters are optional. Running the `rosa create oidc-config` command without parameters creates an unmanaged OIDC configuration.
-
-[NOTE]
-====
-You are required to register the unmanaged OIDC configuration by posting a request to `/oidc_configs` through OCM. You receive an ID in the response. Use this ID to create a cluster.
-====
-
-[discrete]
-[id="rosa-oidc-raw-files_{context}"]
-== raw-files
-
-Allows you to provide raw files for the private RSA key. This key is named `rosa-private-key-oidc-<random_label_of_length_4>.key`. You also receive a discovery document, named `discovery-document-oidc-<random_label_of_length_4>.json`, and a JSON Web Key Set, named `jwks-oidc-<random_label_of_length_4>.json`.
-
-You use these files to set up the endpoint. This endpoint responds to `/.well-known/openid-configuration` with the discovery document and on `keys.json` with the JSON Web Key Set. The private key is stored in Amazon Web Services (AWS) Secrets Manager Service (SMS) as plaintext.
-
-.Example
-[source,terminal]
-----
-$ rosa create oidc-config --raw-files
-----
-
-[discrete]
-[id="rosa-oidc-mode_{context}"]
-== mode
-
-Allows you to specify the mode to create your OIDC configuration. With the `manual` option, you receive AWS commands that setup the OIDC configuration within an S3 bucket. This option stores the private key in the Secrets Manager. With the `manual` option, the OIDC Endpoint URL is the URL for the S3 bucket. You must retrieve the Secrets Manager ARN to register the OIDC configuration with OCM.
-
-Using the `auto` option, you receive the same OIDC configuration and AWS resources as the `manual` mode. One change is that ROSA calls AWS, so you do not need to do anything else. The OIDC Endpoint URL is the URL for the S3 bucket. The CLI retrieves the Secrets Manager ARN, registers the OIDC configuration with OCM, and reports the second `rosa` command that the user can run to continue with the creation of the STS cluster.
-
-.Example
-[source,terminal]
-----
-$ rosa create oidc-config --mode=<auto|manual>
-----
-
-[discrete]
-[id="rosa-oidc-managed_{context}"]
-== managed
-
-Creates an OIDC configuration that is hosted under Red Hat's AWS account. This command creates a private key that responds directly with an OIDC Config ID for you to use when creating the STS cluster.
-
-.Example
-[source,terminal]
-----
-$ rosa create oidc-config --managed
-----
-
-.Sample output
-[source,terminal]
-----
-W: For a managed OIDC Config only auto mode is supported. However, you may choose the provider creation mode
-? OIDC Provider creation mode: auto
-I: Setting up managed OIDC configuration
-I: Please run the following command to create a cluster with this oidc config
-rosa create cluster --sts --oidc-config-id 233jnu62i9aphpucsj9kueqlkr1vcgra
-I: Creating OIDC provider using 'arn:aws:iam::242819244:user/userName'
-? Create the OIDC provider? Yes
-I: Created OIDC provider with ARN 'arn:aws:iam::242819244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/233jnu62i9aphpucsj9kueqlkr1vcgra'
-----
\ No newline at end of file
diff --git a/modules/rosa-hcp-byo-oidc.adoc b/modules/rosa-hcp-byo-oidc.adoc
deleted file mode 100644
index c4f0265e9f23..000000000000
--- a/modules/rosa-hcp-byo-oidc.adoc
+++ /dev/null
@@ -1,94 +0,0 @@
-// Module included in the following assemblies:
-//
-// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
-// * rosa_architecture/rosa-sts-about-iam-resources.adoc
-
-ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"]
-:rosa-hcp:
-endif::[]
-ifeval::["{context}" == "rosa-sts-about-iam-resources"]
-:rosa-classic:
-endif::[]
-
-:_content-type: PROCEDURE
-[id="rosa-hcp-byo-oidc_{context}"]
-= Creating an OpenID Connect configuration
-
-When using a {hcp-title} cluster, you must create the OpenID Connect (OIDC) configuration prior to creating your cluster. This configuration is registered to be used with OCM.
-
-.Prerequisites
-
-ifdef::rosa-hcp[]
-* You have completed the AWS prerequisites for {hcp-title}.
-endif::rosa-hcp[]
-ifdef::rosa-classic[]
-* You have completed the AWS prerequisites for {product-title}.
-endif::rosa-classic[]
-* You have installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your installation host.
-
-.Procedure
-
-* To create your OIDC configuration alongside the AWS resources, run the following command:
-+
-[source,terminal]
-----
-$ rosa create oidc-config --mode=auto  --yes
-----
-+
-This command returns the following information.
-+
-.Sample output
-+
-[source,terminal]
-----
-? Would you like to create a Managed (Red Hat hosted) OIDC Configuration Yes
-I: Setting up managed OIDC configuration
-I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
-	rosa create operator-roles --prefix <user-defined> --oidc-config-id 13cdr6b
-If you are going to create a Hosted Control Plane cluster please include '--hosted-cp'
-I: Creating OIDC provider using 'arn:aws:iam::4540112244:user/userName'
-? Create the OIDC provider? Yes
-I: Created OIDC provider with ARN 'arn:aws:iam::4540112244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/13cdr6b'
-----
-+
-When creating your cluster, you must supply the OIDC config ID. The CLI output provides this value for `--mode auto`, otherwise you must determine these values based on `aws` CLI output for `--mode manual`.
-
-* Optional: you can save the OIDC configuration ID as a variable to use later. Run the following command to save the variable:
-+
-[source,terminal]
-----
-$ export OIDC_ID=30f5dqmk
-----
-
-. View the value of the variable by running with the following command:
-+
-[source,terminal]
-----
-$ echo $OIDC_ID
-----
-+
-.Sample output
-+
-[source,terminal]
-----
-$ 30f5dqmk
-----
-
-.Verification
-
-. You can list the possible OIDC configurations available for your clusters that are associated with your user organization. Run the following command:
-+ 
-[source,terminal]
-----
-$ rosa list oidc-config
-----
-+
-.Sample output
-+
-[source,terminal]
-----
-ID                                MANAGED  ISSUER URL                                                             SECRET ARN
-2330dbs0n8m3chkkr25gkkcd8pnj3lk2  true     https://dvbwgdztaeq9o.cloudfront.net/2330dbs0n8m3chkkr25gkkcd8pnj3lk2  
-233hvnrjoqu14jltk6lhbhf2tj11f8un  false    https://oidc-r7u1.s3.us-east-1.amazonaws.com                           aws:secretsmanager:us-east-1:242819244:secret:rosa-private-key-oidc-r7u1-tM3MDN
-
-----
\ No newline at end of file
diff --git a/modules/rosa-hcp-classic-comparison.adoc b/modules/rosa-hcp-classic-comparison.adoc
index 962b8d1c15e5..ac7b4153175e 100644
--- a/modules/rosa-hcp-classic-comparison.adoc
+++ b/modules/rosa-hcp-classic-comparison.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc 
+// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-hcp-classic-comparison_{context}"]
 = Comparing ROSA with hosted control planes and ROSA Classic
 
-{hcp-title-first} offers a different way to create a managed {product-title} (ROSA) cluster. {hcp-title} offers a reduced-cost solution with focuses on reliability and efficiency. With a focus on efficiency, you can quickly create a new cluster and deploy applications in minutes. 
+{hcp-title-first} offers a different way to create a managed {product-title} (ROSA) cluster. {hcp-title} offers a reduced-cost solution with focuses on reliability and efficiency. With a focus on efficiency, you can quickly create a new cluster and deploy applications in minutes.
 
 {hcp-title} requires only a minimum of two nodes making it ideal for smaller projects while still being able to scale to support larger projects and enterprises.
 
@@ -15,31 +15,32 @@
 [cols="3a,8a,8a",options="header"]
 |===
 | {nbsp} +
-| Hosted Control Plane 
+| Hosted Control Plane
 | Classic
 
-| Cluster infrastructure hosting
-| {hcp-title} deploys control plane components, such as etcd, API server, and oauth, that are hosted separately on AWS in a Red Hat-owned and managed account. 
+| *Cluster infrastructure hosting*
+| {hcp-title} deploys control plane components, such as etcd, API server, and oauth, that are hosted separately on AWS in a Red Hat-owned and managed account.
 | ROSA Classic deploys the control plane components side by side with infrastructure and worker nodes that are hosted together in the customer’s same AWS account.
 
 | *Provisioning Time*
-| Approximately 10 minutes 
-| Approximately 40 minutes 
+| Approximately 10 minutes
+| Approximately 40 minutes
 
 | *Architecture*
 |
-    * Underlying control plane infrastructure is fully managed and directly unavailable to end customers except through dedicated and explicitly exposed endpoints
-    * Work nodes are hosted in the customer's AWS account
+    * Underlying control plane infrastructure is fully managed
+    * Customer can access control plane infrastructure through dedicated and explicitly exposed endpoints
+    * Worker nodes are hosted in the customer's AWS account
 |
     * Customer is responsible for hosting control plane and AWS infrastructure, while still being _managed_ by Red Hat
-    * Work nodes are hosted in the customer's AWS account
-    
+    * Worker nodes are hosted in the customer's AWS account
+
 | *Minimum Amazon EC2 footprint*
 | One cluster requires a minimum of two nodes
 | One cluster requires a minimum of seven nodes
 
-| *Deployment* 
-| 
+| *Deployment*
+|
     * Deploy using the ROSA CLI (`rosa`)
     * Customers provision "Hosted Clusters" that deploy the control plane components into Red Hat's AWS account
     * Customers provision "Machine Pools" that deploy worker nodes into the customer's AWS account
@@ -51,19 +52,39 @@
 | Selectively upgrade control plane and machine pools separately
 | Entire cluster is upgraded at one time
 
-| *Regional Availability* 
-| 
-* Europe - Frankfort (eu-central-1)
+| *Regional Availability*
+|
+* Europe - Frankfurt (eu-central-1)
 * Europe - Ireland (eu-west-1)
 * US East - N. Virginia (us-east-1)
 * US East - Ohio (us-east-2)
 * US West - Oregon (us-west-2)
+* Asia Pacific - Tokyo (ap-northeast-1)
+* Asia Pacific - Hyderabad (ap-south-2)
+* Asia Pacific - Singapore (ap-southest-1)
+* Asia Pacific - Sydney (ap-southest-2)
 * Asia Pacific - Jakarta (ap-southeast-3)
-| For AWS Region availability, see link:https://docs.aws.amazon.com/general/latest/gr/rosa.html[Red Hat OpenShift Service on AWS endpoints and quotas] in the AWS documentation. 
+* Asia Pacific - Melbourne (ap-southeast-4)
+* Canada - Central (ca-central-1)
+| For AWS Region availability, see link:https://docs.aws.amazon.com/general/latest/gr/rosa.html[Red Hat OpenShift Service on AWS endpoints and quotas] in the AWS documentation.
 
-| *Compliance* 
-| 
+| *Compliance*
+|
     * Compliance certifications and FIPS are not yet available.
-| 
+|
     * Compliance specifics are located in the {product-title} documentation.
-|===
\ No newline at end of file
+|===
+
+[id="rosa-hcp-classic-comparison-networks_{context}"]
+== ROSA architecture network comparisons
+
+ROSA Classic and ROSA with HCP offer options to install your cluster on public and private networks. The following images show the differences between these options.
+
+.ROSA Classic deployed on public and private networks
+image::156_OpenShift_ROSA_Arch_0621_private_public_classic.png[ROSA deployed on public and private networks]
+
+.ROSA with HCP deployed on a public network
+image::ROSA-HCP-and-ROSA-Classic-public.png[ROSA with HCP deployed on a public network]
+
+.ROSA with HCP deployed on a private network
+image::ROSA-HCP-and-ROSA-Classic-private.png[ROSA with HCP deployed on a private network]
diff --git a/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc b/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc
index 4c5b2b9b7f8a..6e9a11a30cbf 100644
--- a/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc
+++ b/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc
@@ -1,12 +1,14 @@
-// Module included in the following assemblies:
-//
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
 = Creating the account-wide STS roles and policies
 
-Before using the {product-title} (ROSA) CLI, `rosa`, to create {hcp-title-first} clusters, create the required account-wide roles and policies, including the Operator policies.
+Before using the {product-title} (ROSA) CLI (`rosa`) to create {hcp-title-first} clusters, create the required account-wide roles and policies, including the Operator policies.
+
+[NOTE]
+====
+{hcp-title} clusters require account and Operator roles with AWS managed policies attached. Customer managed policies are not supported. For more information regarding AWS managed policies for {hcp-title} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA account roles].
+====
 
 .Prerequisites
 
@@ -14,20 +16,25 @@ Before using the {product-title} (ROSA) CLI, `rosa`, to create {hcp-title-first}
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
 * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
-+
-[NOTE]
-====
-To successfully install {hcp-title} clusters, use the latest version of the ROSA CLI (`rosa`).
-====
 * You have logged in to your Red Hat account by using the ROSA CLI.
 
 .Procedure
 
-. If they do not exist in your AWS account, create the required account-wide STS roles and policies by running the following command: 
+* If they do not exist in your AWS account, create the required account-wide STS roles and attach the policies by running the following command:
++
+[source,terminal]
+----
+$ rosa create account-roles --hosted-cp
+----
++
+[source,terminal]
+----
+$ ACCOUNT_ROLES_PREFIX="${ACCOUNT_ROLES_PREFIX}"
+----
 +
 [source,terminal]
 ----
-$ rosa create account-roles --force-policy-creation
+$ rosa create account-roles --hosted-cp --prefix $ACCOUNT_ROLES_PREFIX
 ----
 +
-The `--force-policy-creation` parameter updates any existing roles and policies that are present. If no roles and policies are present, the command creates these resources instead.
\ No newline at end of file
+For more information regarding AWS managed IAM policies for ROSA, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA].
diff --git a/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc b/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc
index c7db56fe36e8..6d1381789b35 100644
--- a/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc
+++ b/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-hcp-sts-creating-a-cluster-cli_{context}"]
 = Creating a {hcp-title} cluster using the CLI
 
@@ -13,13 +13,7 @@ When using the {product-title} (ROSA) CLI, `rosa`, to create a cluster, you can
 * You have completed the AWS prerequisites for {hcp-title}.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
-* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
-+
-[NOTE]
-====
-To successfully install ROSA clusters, use the latest version of the ROSA CLI (`rosa`). Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
-====
-
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
 * You have logged in to your Red Hat account by using the ROSA CLI.
 * You have created an OIDC configuration.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
@@ -34,14 +28,19 @@ To successfully install ROSA clusters, use the latest version of the ROSA CLI (`
 //REGION="<region>"
 //----
 
-. You can create your {hcp-title} cluster with one of the following commands. 
-
+. You can create your {hcp-title} cluster with one of the following commands.
++
+[NOTE]
+====
+When creating a {hcp-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr <address_block>` to the following commands. To learn more about the default CIDR ranges for {product-title}, see xref:../networking/cidr-range-definitions.adoc#cidr-range-definitions[CIDR range definitions].
+====
++
 ** Create a cluster with a single, initial machine pool, publicly available API, and publicly available Ingress by running the following command:
 +
 [source,terminal]
 ----
 $ rosa create cluster --cluster-name=<cluster_name> \
-    --sts --mode=auto --hosted-cp --operator-roles-prefix <operator-role-prefix> \ 
+    --sts --mode=auto --hosted-cp --operator-roles-prefix <operator-role-prefix> \
     --oidc-config-id <ID-of-OIDC-configuration> --subnet-ids=<public-subnet-id>,<private-subnet-id>
 ----
 
@@ -53,11 +52,11 @@ $ rosa create cluster --private --cluster-name=<cluster_name> \
     --sts --mode=auto --hosted-cp --subnet-ids=<private-subnet-id>
 ----
 
-** If you used variables like `OIDC_ID` and `SUBNET_IDS`, you can use those references when creating your cluster. For example, run the following command:
+** If you used the `OIDC_ID`, `SUBNET_IDS`, and `OPERATOR_ROLES_PREFIX` variables to prepare your environment, you can continue to use those variables when creating your cluster. For example, run the following command:
 +
 [source,terminal]
 ----
-$ rosa create cluster --hosted-cp --subnet-ids=$SUBNET_IDS --oidc-config-id=$OIDC_ID --cluster-name=<cluster_name>
+$ rosa create cluster --hosted-cp --subnet-ids=$SUBNET_IDS --oidc-config-id=$OIDC_ID --cluster-name=<cluster_name> --operator-roles-prefix=$OPERATOR_ROLES_PREFIX
 ----
 
 . Check the status of your cluster by running the following command:
@@ -85,4 +84,4 @@ If the installation fails or the `State` field does not change to `ready` after
 ----
 $ rosa logs install --cluster=<cluster_name> --watch <1>
 ----
-<1> Optional: To watch for new log messages as the installation progresses, use the `--watch` argument.
\ No newline at end of file
+<1> Optional: To watch for new log messages as the installation progresses, use the `--watch` argument.
diff --git a/modules/rosa-hcp-vpc-manual.adoc b/modules/rosa-hcp-vpc-manual.adoc
index c4d7aa6a7086..b16daaa5a9e3 100644
--- a/modules/rosa-hcp-vpc-manual.adoc
+++ b/modules/rosa-hcp-vpc-manual.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
 
-:_content-type: PREFERENCE
+:_mod-docs-content-type: PREFERENCE
 [id="rosa-hcp-vpc-manual_{context}"]
 = Creating a Virtual Private Cloud manually
 
@@ -22,7 +22,7 @@ If you choose to manually create your Virtual Private Cloud (VPC) instead of usi
 | Availability zone
 | You need one availability zone for a single zone, and you need three for availability zones for multi-zone.
 
-| Public subnet 
+| Public subnet
 | You must have one public subnet with a NAT gateway.
 
 | DNS hostname and resolution
diff --git a/modules/rosa-hcp-vpc-terraform.adoc b/modules/rosa-hcp-vpc-terraform.adoc
index e6d1dfc4d64f..437a3ac2f6d4 100644
--- a/modules/rosa-hcp-vpc-terraform.adoc
+++ b/modules/rosa-hcp-vpc-terraform.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-hcp-vpc-terraform_{context}"]
 = Creating a Virtual Private Cloud using Terraform
 
@@ -29,7 +29,7 @@ $ git clone https://github.com/openshift-cs/terraform-vpc-example
 $ cd terraform-vpc-example
 ----
 
-. Initiate the Terraform file by running the following command: 
+. Initiate the Terraform file by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/rosa-imds-cli.adoc b/modules/rosa-imds-cli.adoc
new file mode 100644
index 000000000000..dbd0bb58f465
--- /dev/null
+++ b/modules/rosa-imds-cli.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-imds-cli_{context}"]
+= Enabling Instance Metadata Service in CLI
+
+You can select your Instance Metadata Service (IMDS) type when creating your cluster in the ROSA CLI. You can select to use both IMDSv1 and IMDSv2, or you can select only IMDSv2.
+
+.Prerequisites
+
+* You installed and configured the latest AWS (`aws`), ROSA (`rosa`), and OpenShift (`oc`) CLIs on your workstation.
+* You logged in to your Red Hat account using the `rosa` CLI.
+* You have the permissions to create and manage clusters.
+
+.Procedure
+
+. In your terminal, create a ROSA cluster with your specifications by running the following command:
++
+[source,terminal]
+----
+$ rosa create cluster --cluster <name_of_cluster> --ec2-metadata-http-tokens <required_or_optional> <1>
+----
++
+<1> You can provide a value for the `--ec2-metadata-http-tokens` flag. Provide the `required` value to enable IMDSv2, or provide the `optional` value for a combination of IMDSv1 and IMDSv2. If you do not include this flag, you must select your IMDS type during the cluster creation prompts.
+
+. Confirm the selection:
++
+[source,terminal]
+----
+? Configure the use of IMDSv2 for ec2 instances optional/required: required
+----
+
+.Verification
+
+* After your cluster has been created, navigate to the cluster *Overview* tab in {cluster-manager-url} to see the *Instance Metadata Service (IMDS)* field that notes your IMDS version support.
\ No newline at end of file
diff --git a/modules/rosa-imds-machine-pools-cli.adoc b/modules/rosa-imds-machine-pools-cli.adoc
index 2b1dc2f6d2d9..44e985c0dde4 100644
--- a/modules/rosa-imds-machine-pools-cli.adoc
+++ b/modules/rosa-imds-machine-pools-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-imds-machine-pools-cli_{context}"]
 = Enabling Instance Metadata Service on machine pools in CLI
 
diff --git a/modules/rosa-imds-machine-pools-ui.adoc b/modules/rosa-imds-machine-pools-ui.adoc
index 59bfde07b393..360bbace5d63 100644
--- a/modules/rosa-imds-machine-pools-ui.adoc
+++ b/modules/rosa-imds-machine-pools-ui.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-imds-machine-pools-ui_{context}"]
 = Enabling Instance Metadata Service on machine pools in {cluster-manager}
 
@@ -20,7 +20,7 @@ You can select your Instance Metadata Service (IMDS) type when creating your clu
 . Log in to the web console.
 . Create a ROSA cluster using your preferences.
 . In the **Create a ROSA Cluster** wizard on the **Cluster settings** -> **Machine pool** page, under the *Instance Metadata Service (IMDS)* section, select whether your machine pools use either both IMDSv1 and IMDSv2 or if you only want to use IMDSv2.
-. Select *Next* to save this selection. 
+. Select *Next* to save this selection.
 
 .Verification
 
diff --git a/modules/rosa-imds-machine-pools.adoc b/modules/rosa-imds-machine-pools.adoc
index 1c259d1c9153..479aae63726f 100644
--- a/modules/rosa-imds-machine-pools.adoc
+++ b/modules/rosa-imds-machine-pools.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-imds-machine-pools_{context}"]
 = Instance Metadata Service on machine pools
 
diff --git a/modules/rosa-imds-ui.adoc b/modules/rosa-imds-ui.adoc
new file mode 100644
index 000000000000..05ee4c9c1033
--- /dev/null
+++ b/modules/rosa-imds-ui.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-imds-ui_{context}"]
+= Enabling Instance Metadata Service in {cluster-manager}
+
+You can select your Instance Metadata Service (IMDS) type when creating your cluster in {cluster-manager}. You can select both IMDSv1 and IMDSv2, or you can select only IMDSv2.
+
+.Prerequisites
+
+* You installed and configured the latest AWS (`aws`), ROSA (`rosa`), and OpenShift (`oc`) CLIs on your workstation.
+* You logged in to your Red Hat account by using the `rosa` CLI.
+* You have the permissions to create and manage clusters.
+* You have access to {cluster-manager-url}.
+
+.Procedure
+
+. Log in to the web console.
+. Create a ROSA cluster using your preferences.
+. In the *Create a ROSA Cluster** wizard on the **Cluster settings* -> *Machine pool* page, under the *Instance Metadata Service (IMDS)* section, select whether your machine pools use both IMDSv1 and IMDSv2, or only IMDSv2.
+. Select *Next* to save this selection.
+
+.Verification
+
+. After your cluster has been created, see the *Instance Metadata Service (IMDS)* field that notes your IMDS version support on the cluster *Overview* tab.
\ No newline at end of file
diff --git a/modules/rosa-imds.adoc b/modules/rosa-imds.adoc
new file mode 100644
index 000000000000..1367a093d4fa
--- /dev/null
+++ b/modules/rosa-imds.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="rosa-imds{context}"]
+= Instance Metadata Service
+
+There are two types of ways to access instance metadata from a running instance:
+
+* Instance Metadata Service Version 1 (IMDSv1) - a request/response method
+* Instance Metadata Service Version 2 (IMDSv2) - a session-oriented method
+
+IMDSv2 uses session-oriented requests. With session-oriented requests, you create a session token that defines the session duration, which can be a minimum of one second and a maximum of six hours. During the specified duration, you can use the same session token for subsequent requests. After the specified duration expires, you must create a new session token to use for future requests.
+
+When creating your ROSA cluster, you can configure your cluster to use both IMDSv1 and IMDSv2, or only IMDSv2. The instance metadata service distinguishes between IMDSv1 and IMDSv2 requests based on whether, for any given request, either the PUT or GET headers, which are unique to IMDSv2, are present in that request. If you specify to use IMDSv2 only, IMDSv1 ceases to function for your cluster. All machine pools on your cluster will use whichever IMDS type you select.
\ No newline at end of file
diff --git a/modules/rosa-initialize.adoc b/modules/rosa-initialize.adoc
index 32826b3c0075..2275e01dd9c3 100644
--- a/modules/rosa-initialize.adoc
+++ b/modules/rosa-initialize.adoc
@@ -4,15 +4,14 @@
 // * rosa_cli/rosa-get-started-cli.adoc
 
 [id="rosa-initialize_{context}"]
-= Initializing {product-title}
-
+= Initializing ROSA
 
 Use the `init` command to initialize {product-title} (ROSA) only if you are using non-STS.
 
 [id="rosa-init_{context}"]
 == init
 
-Perform a series of checks to verify that you are ready to deploy an {product-title} cluster.
+Perform a series of checks to verify that you are ready to deploy a ROSA cluster.
 
 The list of checks includes the following:
 
diff --git a/modules/rosa-installing.adoc b/modules/rosa-installing.adoc
index 77117f3b6368..b658e0309083 100644
--- a/modules/rosa-installing.adoc
+++ b/modules/rosa-installing.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-installing-and-configuring-the-rosa-cli_{context}"]
 = Installing and configuring the ROSA CLI
 
@@ -19,7 +19,7 @@ Install and configure the {product-title} (ROSA) CLI, `rosa`. You can also insta
 .Procedure
 
 . Install `rosa`, the {product-title} command-line interface (CLI).
-.. Download the link:https://access.redhat.com/products/red-hat-openshift-service-aws/[latest release] of the ROSA CLI for your operating system.
+.. Download the link:https://console.redhat.com/openshift/downloads[latest release] of the ROSA CLI for your operating system.
 .. Optional: Rename the executable file you downloaded to `rosa`. This documentation uses `rosa` to refer to the executable file.
 .. Optional: Add `rosa` to your path.
 +
diff --git a/modules/rosa-list-objects.adoc b/modules/rosa-list-objects.adoc
index 07dfbcc351e1..60578c763911 100644
--- a/modules/rosa-list-objects.adoc
+++ b/modules/rosa-list-objects.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_cli/rosa-manage-objects-cli.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-list-objects_{context}"]
 = List and describe objects
 
@@ -165,7 +165,7 @@ $ rosa list ingresses --cluster=mycluster
 
 == list instance-types
 
-List all of the available instance types for use with {product-title}. Availability is based on the account's AWS quota.
+List all of the available instance types for use with ROSA. Availability is based on the account's AWS quota.
 
 .Syntax
 [source,terminal]
@@ -522,3 +522,49 @@ Describe a cluster named `mycluster`.
 ----
 $ rosa describe cluster --cluster=mycluster
 ----
+
+[id="rosa-describe-machinepool_{context}"]
+== describe machinepool
+
+Describes a specific machine pool configured on a cluster.
+
+.Syntax
+[source,terminal]
+----
+$ rosa describe machinepool --cluster=<cluster_name> --machinepool=<machinepool_name>| <cluster_id> <machinepool_id> [arguments]
+----
+
+.Arguments
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--cluster
+|Required: The name or ID (string) of the cluster.
+
+|--machinepool
+|Required: The name or ID (string) of the machinepool.
+
+|===
+
+.Optional arguments inherited from parent commands
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--help
+|Shows help for this command.
+
+|--debug
+|Enables debug mode.
+
+|--profile
+|Specifies an AWS profile (string) from your credentials file.
+|===
+
+.Example
+Describe a machine pool named `mymachinepool` on a cluster named `mycluster`.
+[source,terminal]
+----
+$ rosa describe machinepool --cluster=mycluster --machinepool=mymachinepool
+----
diff --git a/modules/rosa-logs-install.adoc b/modules/rosa-logs-install.adoc
new file mode 100644
index 000000000000..cdb128ac9820
--- /dev/null
+++ b/modules/rosa-logs-install.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * * rosa_cli/rosa-checking-logs-cli.adoc
+
+[id="rosa-logs-install_{context}"]
+= logs install
+
+Show the cluster install logs by using the following command syntax:
+
+.Syntax
+[source,terminal]
+----
+$ rosa logs install --cluster=<cluster_name> | <cluster_id> [arguments]
+----
+
+.Arguments
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--cluster
+|Required: The name or ID (string) of the cluster to get logs for.
+
+|--tail
+|The number (integer) of lines to get from the end of the log. Default: `2000`
+
+|--watch
+|Watches for changes after getting the logs.
+|===
+
+.Optional arguments inherited from parent commands
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--help
+|Shows help for this command.
+
+|--debug
+|Enables debug mode.
+
+|--profile
+|Specifies an AWS profile (string) from your credentials file.
+|===
+
+.Examples
+Show the last 100 install log lines for a cluster named `mycluster`:
+
+[source,terminal]
+----
+$ rosa logs install mycluster --tail=100
+----
+
+Show the install logs for a cluster named `mycluster`:
+
+[source,terminal]
+----
+$ rosa logs install --cluster=mycluster
+----
\ No newline at end of file
diff --git a/modules/rosa-logs-uninstall.adoc b/modules/rosa-logs-uninstall.adoc
new file mode 100644
index 000000000000..44934eeb0925
--- /dev/null
+++ b/modules/rosa-logs-uninstall.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * * rosa_cli/rosa-checking-logs-cli.adoc
+
+[id="rosa-logs-uninstall_{context}"]
+= logs uninstall
+
+Show the cluster uninstall logs by using the following command syntax:
+
+.Syntax
+[source,terminal]
+----
+$ rosa logs uninstall --cluster=<cluster_name> | <cluster_id> [arguments]
+----
+
+.Arguments
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--cluster
+|The name or ID (string) of the cluster to get logs for.
+
+|--tail
+|The number (integer) of lines to get from the end of the log. Default: `2000`
+
+|--watch
+|Watches for changes after getting the logs.
+|===
+
+.Optional arguments inherited from parent commands
+[cols="30,70"]
+|===
+|Option |Definition
+
+|--help
+|Shows help for this command.
+
+|--debug
+|Enables debug mode.
+
+|--profile
+|Specifies an AWS profile (string) from your credentials file.
+|===
+
+.Example
+Show the last 100 uninstall logs for a cluster named `mycluster`:
+[source,terminal]
+----
+$ rosa logs uninstall --cluster=mycluster --tail=100
+----
\ No newline at end of file
diff --git a/modules/rosa-logs.adoc b/modules/rosa-logs.adoc
index 57cd4e932a29..cc8c918211b2 100644
--- a/modules/rosa-logs.adoc
+++ b/modules/rosa-logs.adoc
@@ -1,7 +1,7 @@
 
 // Module included in the following assemblies:
 //
-// * * rosa_cli/rosa-checking-logs-cli.adoc
+// * rosa_cli/rosa-checking-logs-cli.adoc 
 
 [id="rosa-logs_{context}"]
 = Checking logs with the ROSA CLI
diff --git a/modules/rosa-mobb-prereq-checklist.adoc b/modules/rosa-mobb-prereq-checklist.adoc
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/modules/rosa-modifying-node-tuning.adoc b/modules/rosa-modifying-node-tuning.adoc
index e650ffeb04c3..cf58e11c62bd 100644
--- a/modules/rosa-modifying-node-tuning.adoc
+++ b/modules/rosa-modifying-node-tuning.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_hcp/rosa-tuning-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-modifying-node-tuning_{context}"]
 = Modifying your node tuning configurations for {hcp-title}
 
@@ -11,7 +11,7 @@ You can view and update the node tuning configurations using the {product-title}
 .Prerequisites
 
 * You have downloaded the latest version of the ROSA CLI.
-* You have a cluster on the latest version 
+* You have a cluster on the latest version
 * Your cluster has a node tuning configuration added to it
 
 .Procedure
@@ -20,14 +20,14 @@ You can view and update the node tuning configurations using the {product-title}
 +
 [source,terminal]
 ----
-$ rosa describe tuning-config -c <cluster_id> <1> 
-       --name <name_of_tuning> <2> 
+$ rosa describe tuning-config -c <cluster_id> <1>
+       --name <name_of_tuning> <2>
        [-o json] <3>
 ----
 +
 The following items in this spec file are:
 +
-<1> Provide the cluster ID for the cluster that you own that you want to apply a node tuning configurations. 
+<1> Provide the cluster ID for the cluster that you own that you want to apply a node tuning configurations.
 <2> Provide the name of your tuning configuration.
 <3> Optionally, you can provide the output type. If you do not specify any outputs, you only see the ID and name of the tuning configuration.
 +
diff --git a/modules/rosa-nodes-machine-pools-local-zones.adoc b/modules/rosa-nodes-machine-pools-local-zones.adoc
index d42b8013064e..b0b803b00fe4 100644
--- a/modules/rosa-nodes-machine-pools-local-zones.adoc
+++ b/modules/rosa-nodes-machine-pools-local-zones.adoc
@@ -3,7 +3,7 @@
 //
 // * assemblies/rosa-nodes-machinepools-configuring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-nodes-machine-pools-local-zones_{context}"]
 = Configuring machine pools in Local Zones
 
@@ -46,7 +46,7 @@ $ rosa create machinepool -c <cluster-name> -i
 +
 . Add the subnet and instance type for the machine pool in the ROSA CLI. After several minutes, the cluster will provision the nodes.
 +
-[source, terminal]
+[source,terminal]
 ----
 I: Enabling interactive mode <1>
 ? Machine pool name: xx-lz-xx <2>
@@ -56,6 +56,7 @@ I: Enabling interactive mode <1>
 ? Enable autoscaling (optional): No <6>
 ? Replicas: 2 <7>
 I: Fetching instance types <8>
+? disk-size (optional): <9>
 ----
 +
 
@@ -67,6 +68,7 @@ I: Fetching instance types <8>
 <6> Select yes to enable autoscaling or no to disable autoscaling.
 <7> Selects the number of machines for the machine pool. This number can be anywhere from 1 - 180.
 <8> Selects an instance type from the list. Only instance types that are supported in the selected Local Zone will appear.
+<9> Optional: Specifies the worker node disk size. The value can be in GB, GiB, TB, or TiB. Set a numeric value and unit, for example '200GiB'. You cannot separate the digit and the unit. No spaces are allowed.
 
 . Provide the subnet ID to provision the machine pool in the Local Zone.
 
diff --git a/modules/rosa-oidc-understanding.adoc b/modules/rosa-oidc-understanding.adoc
index a88d94170778..53d2c310bc3b 100644
--- a/modules/rosa-oidc-understanding.adoc
+++ b/modules/rosa-oidc-understanding.adoc
@@ -3,7 +3,7 @@
 // * rosa_architecture/rosa-sts-about-iam-resources.adoc
 // * rosa_architecture/rosa_policy_service_definition/rosa-oidc-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id=rosa-oidc-understanding_{context}]
 = Understanding the OIDC verification options
 
@@ -14,16 +14,16 @@ There are three options for OIDC verification:
 An unregistered, managed OIDC configuration is created for you during the cluster installation process. The configuration is hosted under Red Hat's AWS account. This option does not give you the ID that links to the OIDC configuration, so you can only use this type of OIDC configuration on a single cluster.
 
 * Registered, managed OIDC configuration
-+    
++
 You create a registered, managed OIDC configuration before you start creating your clusters. This configuration is hosted under Red Hat's AWS account like the unregistered managed OIDC configuration. When you use this option for your OIDC configuration, you receive an ID that links to the OIDC configuration. Red Hat uses this ID to identify the issuer URL and private key. You can then use this URL and private key to create an identity provider and Operator roles. These resources are created under your AWS account by using Identity and Access Management (IAM) AWS services. You can also use the OIDC configuration ID during the cluster creation process.
 
 * Registered, unmanaged OIDC configuration
 +
 You can create a registered, unmanaged OIDC configuration before you start creating your clusters. This configuration is hosted under your AWS account. When you use this option, you are responsible for managing the private key. You can register the configuration with {cluster-manager-first} by storing the private key in an AWS secrets file by using the AWS Secrets Manager (SM) service and the issuer URL which hosts the configuration. You can use the {product-title} (ROSA) CLI, `rosa`, to create a registered, unmanaged OIDC configuration with the `rosa create oidc-config --managed=false` command. This command creates and hosts the configuration under your account and creates the necessary files and private secret key. This command also registers the configuration with {cluster-manager}.
 
-The registered options can be used to create the required IAM resources before you start creating a cluster. This option results in faster install times since there is a waiting period during cluster creation where the installation pauses until you create an OIDC provider and Operator roles. 
+The registered options can be used to create the required IAM resources before you start creating a cluster. This option results in faster install times since there is a waiting period during cluster creation where the installation pauses until you create an OIDC provider and Operator roles.
 
-For ROSA Classic, you may use any of the OIDC configuration options. If you are using {hcp-title}, you must create registered OIDC configuration, either as managed or unmanaged. You can share the registered OIDC configurations with other clusters. This ability to share the configuration also allows you to share the provider and Operator roles. 
+For ROSA Classic, you may use any of the OIDC configuration options. If you are using {hcp-title}, you must create registered OIDC configuration, either as managed or unmanaged. You can share the registered OIDC configurations with other clusters. This ability to share the configuration also allows you to share the provider and Operator roles.
 
 [NOTE]
 ====
diff --git a/modules/rosa-operator-config.adoc b/modules/rosa-operator-config.adoc
index b570549fc5d7..026f18dff2e7 100644
--- a/modules/rosa-operator-config.adoc
+++ b/modules/rosa-operator-config.adoc
@@ -1,3 +1,4 @@
+
 // Module included in the following assemblies:
 //
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
@@ -11,30 +12,39 @@ When using a {hcp-title} cluster, you must create the Operator IAM roles that ar
 .Prerequisites
 
 * You have completed the AWS prerequisites for {hcp-title}.
-* You have installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your installation host.
+* You have installed and configured the latest {product-title} ROSA CLI (`rosa`), on your installation host.
 * You created the account-wide AWS roles.
 
 .Procedure
 
-* To create your Operator roles, run the following command:
+. Set your prefix name to an environment variable using the following command:
++
+[source,terminal]
+----
+$ OPERATOR_ROLES_PREFIX=<prefix_name>
+----
+. To create your Operator roles, run the following command:
+
 +
 [source,terminal]
 ----
-$ rosa create operator-roles --hosted-cp --prefix <prefix-name> --oidc-config-id <oidc-config-id>
+$ rosa create operator-roles --hosted-cp --prefix $OPERATOR_ROLES_PREFIX --oidc-config-id $OIDC_ID --installer-role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Installer-Role
 ----
 +
 The following breakdown provides options for the Operator role creation.
 +
 [source,terminal]
 ----
-$ rosa create operator-roles --hosted-cp 
-	--prefix <prefix-name> <1>
-	--oidc-config-id <oidc-config-id> <2>
+$ rosa create operator-roles --hosted-cp
+	--prefix $OPERATOR_ROLES_PREFIX <1>
+	--oidc-config-id $OIDC_ID <2>
+	--installer-role-arn arn:aws:iam::${AWS_ACCOUNT_ID}:role/${ACCOUNT_ROLES_PREFIX}-HCP-ROSA-Installer-Role <3>
 ----
 +
 --
 <1> You must supply a prefix when creating these Operator roles. Failing to do so produces an error. See the Additional resources of this section for information on the Operator prefix.
 <2> This value is the OIDC configuration ID that you created for your {hcp-title} cluster.
+<3> This value is the installer role ARN that you created when you created the ROSA account roles.
 --
 +
 You must include the `--hosted-cp` parameter to create the correct roles for {hcp-title} clusters. This command returns the following information.
@@ -48,9 +58,9 @@ You must include the `--hosted-cp` parameter to create the correct roles for {hc
 ? OIDC Configuration ID: 23soa2bgvpek9kmes9s7os0a39i13qm4 | https://dvbwgdztaeq9o.cloudfront.net/23soa2bgvpek9kmes9s7os0a39i13qm4 <2>
 ? Create hosted control plane operator roles: Yes
 W: More than one Installer role found
-? Installer role ARN: arn:aws:iam::4540112244:role/<prefix>-Installer-Role
-? Permissions boundary ARN (optional): 
-I: Reusable OIDC Configuration detected. Validating trusted relationships to operator roles: 
+? Installer role ARN: arn:aws:iam::4540112244:role/<prefix>-HCP-ROSA-Installer-Role
+? Permissions boundary ARN (optional):
+I: Reusable OIDC Configuration detected. Validating trusted relationships to operator roles:
 I: Creating roles using 'arn:aws:iam::4540112244:user/<userName>'
 I: Created role '<prefix>-openshift-cluster-csi-drivers-ebs-cloud-credentials' with ARN 'arn:aws:iam::4540112244:role/<prefix>-openshift-cluster-csi-drivers-ebs-cloud-credentials'
 I: Created role '<prefix>-openshift-cloud-network-config-controller-cloud-credenti' with ARN 'arn:aws:iam::4540112244:role/<prefix>-openshift-cloud-network-config-controller-cloud-credenti'
@@ -65,7 +75,7 @@ I: To create a cluster with these roles, run the following command:
 ----
 +
 --
-<1> This field is prefilled with the prefix that you set in the initial creation command.
+<1> This field is prepopulated with the prefix that you set in the initial creation command.
 <2> This field requires you to select an OIDC configuration that you created for your {hcp-title} cluster.
 --
 +
@@ -73,8 +83,8 @@ The Operator roles are now created and ready to use for creating your {hcp-title
 
 .Verification
 
-. You can list the Operator roles associated with your ROSA account. Run the following command:
-+ 
+* You can list the Operator roles associated with your ROSA account. Run the following command:
++
 [source,terminal]
 ----
 $ rosa list operator-roles
@@ -102,4 +112,4 @@ ROLE NAME                                                         ROLE ARN
 +
 --
 <1> After the command runs, it displays all the prefixes associated with your AWS account and notes how many roles are associated with this prefix. If you need to see all of these roles and their details, enter "Yes" on the detail prompt to have these roles listed out with specifics.
---
\ No newline at end of file
+--
diff --git a/modules/rosa-osd-node-label-about.adoc b/modules/rosa-osd-node-label-about.adoc
index 40d6f23ab6a4..b35fa01c8785 100644
--- a/modules/rosa-osd-node-label-about.adoc
+++ b/modules/rosa-osd-node-label-about.adoc
@@ -4,11 +4,10 @@
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-osd-node-label-about_{context}"]
 = Node labels
 
 A label is a key-value pair applied to a `Node` object. You can use labels to organize sets of objects and control the scheduling of pods.
 
 You can add labels during cluster creation or after. Labels can be modified or updated at any time.
-
diff --git a/modules/rosa-policy-change-management.adoc b/modules/rosa-policy-change-management.adoc
index 07ff5ae8cfd7..3fe5eb45b7d4 100644
--- a/modules/rosa-policy-change-management.adoc
+++ b/modules/rosa-policy-change-management.adoc
@@ -1,14 +1,16 @@
 
 // Module included in the following assemblies:
 //
-// * rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-policy-shared-responsibility.adoc
 
 [id="rosa-policy-change-management_{context}"]
 = Change management
 
-
 This section describes the policies about how cluster and configuration changes, patches, and releases are managed.
 
+Red Hat is responsible for enabling changes to the cluster infrastructure and services that the customer will control, as well as maintaining versions for the control plane nodes, infrastructure nodes and services, and worker nodes. AWS is responsible for protecting the hardware infrastructure that runs all of the services offered in the
+AWS Cloud. The customer is responsible for initiating infrastructure change requests and installing and maintaining optional services and networking configurations on the cluster, as well as all changes to customer data and customer applications.
+
 [id="rosa-policy-customer-initiated-changes_{context}"]
 == Customer-initiated changes
 
@@ -66,3 +68,160 @@ Because the required permissions can change between y-stream releases, the polic
 ====
 
 You can review the history of all cluster upgrade events in the {cluster-manager} web console. For more information about releases, see the link:https://access.redhat.com/support/policy/updates/openshift/dedicated[Life Cycle policy].
+
+[cols="2a,3a,3a",options="header"]
+|===
+
+|Resource
+|Service responsibilities
+|Customer responsibilities
+
+|Logging
+|**Red Hat**
+
+- Centrally aggregate and monitor platform audit logs.
+
+- Provide and maintain a logging Operator to enable the customer to deploy a logging stack for default application logging.
+
+- Provide audit logs upon customer request.
+
+|- Install the optional default application logging Operator on the cluster.
+- Install, configure, and maintain any optional application logging solutions, such as logging sidecar containers or third-party logging applications.
+- Tune size and frequency of application logs being produced by customer applications if they are affecting the stability of the logging stack or the cluster.
+- Request platform audit logs through a support case for researching specific incidents.
+
+|Application networking
+|**Red Hat**
+
+- Set up public load balancers. Provide the ability to set up private load balancers and up to one additional load balancer when required.
+
+- Set up native OpenShift router service. Provide the ability to set the router as private and add up to one additional router shard.
+
+- Install, configure, and maintain OpenShift SDN components for default internal pod traffic (for clusters created prior to version 4.11).
+
+- Provide the ability for the customer to manage `NetworkPolicy` and `EgressNetworkPolicy` (firewall) objects.
+
+|- Configure non-default pod network permissions for project and pod networks, pod ingress, and pod egress using `NetworkPolicy` objects.
+- Use {cluster-manager} to request a private load balancer for default application routes.
+- Use {cluster-manager} to configure up to one additional public or private router shard and corresponding load balancer.
+- Request and configure any additional service load balancers for specific services.
+- Configure any necessary DNS forwarding rules.
+
+|Cluster networking
+|**Red Hat**
+
+- Set up cluster management components, such as public or private service endpoints and necessary integration with Amazon VPC components.
+
+- Set up internal networking components required for internal cluster communication between worker, infrastructure, and control plane nodes.
+
+|- Provide optional non-default IP address ranges for machine CIDR, service CIDR, and pod CIDR if needed through {cluster-manager} when the cluster is provisioned.
+- Request that the API service endpoint be made public or private on cluster creation or after cluster creation through {cluster-manager}.
+
+|Virtual networking management
+|**Red Hat**
+
+- Set up and configure Amazon VPC components required to provision the cluster, such as subnets, load balancers, internet gateways, and NAT gateways.
+
+- Provide the ability for the customer to
+manage AWS VPN connectivity with on-premises resources, Amazon VPC-to-VPC connectivity, and AWS Direct Connect as required through  {cluster-manager}.
+
+- Enable customers to create and deploy AWS load balancers for use with service load balancers.
+
+|- Set up and maintain optional Amazon VPC components, such as Amazon VPC-to-VPC connection, AWS VPN connection, or AWS Direct Connect.
+- Request and configure any additional service load balancers for specific services.
+
+|Virtual compute management
+|**Red Hat**
+
+- Set up and configure the ROSA control plane and data plane to use Amazon EC2 instances for cluster compute.
+
+- Monitor and manage the deployment of Amazon EC2 control plane and infrastructure nodes on the cluster.
+
+|- Monitor and manage Amazon EC2 worker nodes by creating a
+machine pool using the OpenShift Cluster Manager or the ROSA CLI (`rosa`).
+- Manage changes to customer-deployed applications and application data.
+
+|Cluster version
+|**Red Hat**
+
+- Enable upgrade scheduling process.
+
+- Monitor upgrade progress and remedy any issues encountered.
+
+- Publish change logs and release notes for patch release upgrades.
+
+|- Either set up automatic upgrades or schedule patch release upgrades immediately or for the future.
+- Acknowledge and schedule minor version upgrades.
+- Test customer applications on patch releases to ensure compatibility.
+
+|Capacity management
+|**Red Hat**
+
+- Monitor the use of the control plane. Control planes include control plane nodes and infrastructure nodes.
+
+- Scale and resize control plane nodes to maintain quality of service.
+
+| - Monitor worker node utilization and, if appropriate, enables the auto-scaling feature.
+- Determine the scaling strategy of the cluster. See the additional resources for more information on machine pools.
+- Use the provided {cluster-manager} controls to add or remove additional worker nodes as required.
+- Respond to Red Hat notifications regarding cluster resource requirements.
+
+|Virtual storage management
+|**Red Hat**
+
+- Set up and configure Amazon EBS to provision local node storage and persistent volume storage for the cluster.
+
+- Set up and configure the built-in image registry to use Amazon S3 bucket storage.
+
+- Regularly prune image registry resources in
+Amazon S3 to optimize Amazon S3 usage and cluster performance.
+
+| - Optionally configure the Amazon EBS CSI driver or the Amazon
+EFS CSI driver to provision persistent volumes on the cluster.
+
+|AWS software (public AWS services)
+|**AWS**
+
+**Compute:** Provide the Amazon EC2 service, used for
+ROSA control plane, infrastructure, and worker nodes.
+
+**Storage:** Provide Amazon EBS, used by ROSA to provision local node storage and persistent volume storage for the cluster.
+
+**Storage:** Provide Amazon S3, used for the ROSA service's
+built-in image registry.
+
+**Networking:**
+Provide the following AWS Cloud services, used by ROSA
+to satisfy virtual networking
+infrastructure needs:
+
+** Amazon VPC
+** Elastic Load Balancing
+** AWS IAM
+
+**Networking:**
+Provide the following AWS services, which customers can optionally integrate with ROSA:
+
+- AWS VPN
+- AWS Direct Connect
+- AWS PrivateLink
+- AWS Transit Gateway
+
+| - Sign requests using an access key ID and secret access key
+associated with an IAM principal or STS temporary security
+credentials.
+- Specify VPC subnets for the cluster to use during cluster
+creation.
+- Optionally configure a customer-managed VPC for use with ROSA clusters (required for PrivateLink and HCP clusters).
+
+|Hardware/AWS global infrastructure
+|**AWS**
+
+- For information regarding  management controls for AWS data centers, see link:https://aws.amazon.com/compliance/data-center/controls[Our Controls] on the AWS Cloud Security page.
+
+- For information regarding change management best practices, see link:https://aws.amazon.com/solutions/guidance/change-management-on-aws/[Guidance for Change Management on AWS] in the AWS Solutions Library.
+
+|- Implement change management best practices for customer
+applications and data hosted on the AWS Cloud.
+
+|===
\ No newline at end of file
diff --git a/modules/rosa-policy-customer-responsibility.adoc b/modules/rosa-policy-customer-responsibility.adoc
index a08144ddec0c..dbdf568b701d 100644
--- a/modules/rosa-policy-customer-responsibility.adoc
+++ b/modules/rosa-policy-customer-responsibility.adoc
@@ -4,8 +4,7 @@
 // * rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
 
 [id="rosa-policy-customer-responsibility_{context}"]
-= Customer responsibilities for data and applications
-
+= Additional customer responsibilities for data and applications
 
 The customer is responsible for the applications, workloads, and data that they deploy to Red Hat
 OpenShift Service on AWS. However, Red Hat and AWS provide various tools to help the customer
diff --git a/modules/rosa-policy-disaster-recovery.adoc b/modules/rosa-policy-disaster-recovery.adoc
index 372a2ebe3dbd..f941fdf3426c 100644
--- a/modules/rosa-policy-disaster-recovery.adoc
+++ b/modules/rosa-policy-disaster-recovery.adoc
@@ -1,11 +1,10 @@
-
 // Module included in the following assemblies:
 //
-// * rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-policy-shared-responsibility.adoc
 
 [id="rosa-policy-disaster-recovery_{context}"]
 = Disaster recovery
-
+Disaster recovery includes data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.
 
 {product-title} (ROSA) provides disaster recovery for failures that occur at the pod, worker node, infrastructure node, control plane node, and availability zone levels.
 
@@ -14,3 +13,75 @@ All disaster recovery requires that the customer use best practices for deployin
 One single-zone cluster will not provide disaster avoidance or recovery in the event of an availability zone or region outage. Multiple single-zone clusters with customer-maintained failover can account for outages at the zone or at the regional level.
 
 One multi-zone cluster will not provide disaster avoidance or recovery in the event of a full region outage. Multiple multi-zone clusters with customer-maintained failover can account for outages at the regional level.
+
+[cols="2a,3a,3a" ,options="header"]
+|===
+|Resource
+|Service responsibilities
+|Customer responsibilities
+
+|Virtual networking management
+|**Red Hat**
+
+- Restore or recreate affected virtual network components that are necessary for the platform to function.
+|- Configure virtual networking connections with more than one tunnel where possible for protection against outages as recommended by the public cloud provider.
+- Maintain failover DNS and load balancing if using a global load balancer with multiple clusters.
+
+|Virtual Storage management
+|**Red Hat**
+
+- For ROSA clusters created with IAM user credentials, back up all Kubernetes objects on the cluster through hourly, daily, and weekly volume snapshots.
+
+- For ROSA clusters created with IAM user credentials, back up persistent volumes on the cluster through daily and weekly volume snapshots.
+
+|- Back up customer applications and application data.
+
+|Virtual compute management
+|**Red Hat**
+
+- Monitor the cluster and replace failed Amazon EC2 control plane or infrastructure nodes.
+
+- Provide the ability for the customer to manually or automatically replace failed worker nodes.
+
+|- Replace failed Amazon EC2 worker nodes by editing the
+machine pool configuration through OpenShift Cluster Manager or the ROSA CLI.
+
+|AWS software (public AWS services)
+|**AWS**
+
+**Compute:** Provide Amazon EC2 features that support data resiliency such as Amazon EBS snapshots and Amazon EC2 Auto Scaling. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disaster-recovery-resiliency.html[Resilience in Amazon EC2] in the EC2 User Guide.
+
+**Storage:** Provide the ability for the ROSA service
+and customers to back up the Amazon EBS volume on the cluster through Amazon EBS volume snapshots.
+
+**Storage:** For information about Amazon S3 features that support data resiliency, see link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/disaster-recovery-resiliency.html[Resilience in Amazon S3].
+
+**Networking:** For information about Amazon VPC features that support data resiliency, see link:https://docs.aws.amazon.com/vpc/latest/userguide/disaster-recovery-resiliency.html[Resilience in Amazon Virtual Private
+Cloud] in the Amazon VPC User Guide.
+
+|- Configure ROSA
+multi-AZ clusters to
+improve fault
+tolerance and cluster
+availability.
+
+- Provision persistent
+volumes using the
+Amazon EBS CSI
+driver to enable
+volume snapshots.
+
+- Create CSI volume snapshots of Amazon
+EBS persistent volumes.
+|Hardware/AWS global infrastructure
+|**AWS**
+
+- Provide AWS global infrastructure that allows ROSA to scale control plane, infrastructure, and worker nodes across
+Availability Zones. This functionality enables ROSA to orchestrate automatic failover between zones without interruption.
+
+- For more information about disaster recovery best practices, see link:https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-cloud.html[Disaster recovery options in the cloud] in the AWS
+Well-Architected Framework.
+
+|- Configure ROSA multi-AZ clusters to improve fault tolerance and cluster availability.
+
+|===
\ No newline at end of file
diff --git a/modules/rosa-policy-identity-access-management.adoc b/modules/rosa-policy-identity-access-management.adoc
deleted file mode 100644
index b8a050d01b52..000000000000
--- a/modules/rosa-policy-identity-access-management.adoc
+++ /dev/null
@@ -1,157 +0,0 @@
-
-// Module included in the following assemblies:
-//
-// * rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
-
-[id="rosa-policy-identity-access-management_{context}"]
-= Identity and access management
-Most access by Red Hat site reliability engineering (SRE) teams is done by using cluster Operators through automated configuration management.
-
-[id="subprocessors_{context}"]
-== Subprocessors
-For a list of the available subprocessors, see the link:https://access.redhat.com/articles/5528091[Red Hat Subprocessor List] on the Red Hat Customer Portal.
-
-[id="rosa-policy-sre-access_{context}"]
-== SRE access to all {product-title} clusters
-SREs access {product-title} clusters through the web console or command-line tools. Authentication requires multi-factor authentication (MFA) with industry-standard requirements for password complexity and account lockouts. SREs must authenticate as individuals to ensure auditability. All authentication attempts are logged to a Security Information and Event Management (SIEM) system.
-
-SREs access private clusters using an encrypted HTTP connection. Connections are permitted only from a secured Red Hat network using either an IP allowlist or a private cloud provider link.
-
-.SRE access to ROSA clusters
-image::267_OpenShift_on_AWS_Access_Networking_1222.png[]
-
-[id="rosa-policy-privileged-access-control_{context}"]
-== Privileged access controls in {product-title}
-SRE adheres to the principle of least privilege when accessing {product-title} and AWS components. There are four basic categories of manual SRE access:
-
-- SRE admin access through the Red Hat Portal with normal two-factor authentication and no privileged elevation.
-- SRE admin access through the Red Hat corporate SSO with normal two-factor authentication and no privileged elevation.
-- OpenShift elevation, which is a manual elevation using Red Hat SSO. Access is limited to 2 hours, is fully audited, and requires management approval.
-- AWS access or elevation, which is a manual elevation for AWS console or CLI access. Access is limited to 60 minutes and is fully audited.
-
-Each of these access types have different levels of access to components:
-
-[cols= "4a,6a,5a,4a,3a",options="header"]
-
-|===
-
-| Component | Typical SRE admin access (Red Hat Portal) | Typical SRE admin access (Red Hat SSO) |OpenShift elevation | Cloud provider access or elevation
-
-| {cluster-manager} | R/W | No access | No access | No access
-| OpenShift console | No access | R/W | R/W | No access
-| Node operating system | No access | A specific list of elevated OS and network permissions. | A specific list of elevated OS and network permissions. | No access
-| AWS Console | No access | No access, but this is the account used to request cloud provider access. | No access | All cloud provider permissions using the SRE identity.
-
-|===
-
-[id="rosa-policy-sre-aws-infra-access_{context}"]
-== SRE access to AWS accounts
-Red Hat personnel do not access AWS accounts in the course of routine {product-title} operations. For emergency troubleshooting purposes, the SREs have well-defined and auditable procedures to access cloud infrastructure accounts.
-
-SREs generate a short-lived AWS access token for a reserved role using the AWS Security Token Service (STS). Access to the STS token is audit-logged and traceable back to individual users. Both STS and non-STS clusters use the AWS STS service for SRE access. For non-STS clusters, the `BYOCAdminAccess` role has the `AdministratorAccess` IAM policy attached, and this role is used for administration. For STS clusters, the `ManagedOpenShift-Support-Role` has the `ManagedOpenShift-Support-Access` policy attached, and this role is used for administration.
-
-[id="rosa-policy-rh-access_{context}"]
-== Red Hat support access
-Members of the Red Hat Customer Experience and Engagement (CEE) team typically have read-only access to parts of the cluster. Specifically, CEE has limited access to the core and product namespaces and does not have access to the customer namespaces.
-
-[cols= "2a,4a,4a,4a,4a",options="header"]
-
-|===
-
-| Role | Core namespace | Layered product namespace | Customer namespace | AWS account^*^
-
-|OpenShift SRE| Read: All
-
-Write: Very
-
-limited ^[1]^
-| Read: All
-
-Write: None
-| Read: None^[2]^
-
-Write: None
-|Read: All ^[3]^
-
-Write: All ^[3]^
-
-|CEE
-|Read: All
-
-Write: None
-
-|Read: All
-
-Write: None
-
-|Read: None^[2]^
-
-Write: None
-
-|Read: None
-
-Write: None
-
-|Customer administrator
-|Read: None
-
-Write: None
-
-|Read: None
-
-Write: None
-
-| Read: All
-
-Write: All
-
-|Read: All
-
-Write: All
-
-|Customer user
-|Read: None
-
-Write: None
-
-|Read: None
-
-Write: None
-
-|Read: Limited^[4]^
-
-Write: Limited^[4]^
-
-|Read: None
-
-Write: None
-
-|Everybody else
-|Read: None
-
-Write: None
-|Read: None
-
-Write: None
-|Read: None
-
-Write: None
-|Read: None
-
-Write: None
-
-|===
---
-1. Limited to addressing common use cases such as failing deployments, upgrading a cluster, and replacing bad worker nodes.
-2. Red Hat associates have no access to customer data by default.
-3. SRE access to the AWS account is an emergency procedure for exceptional troubleshooting during a documented incident.
-4. Limited to what is granted through RBAC by the Customer Administrator, as well as namespaces created by the user.
---
-
-[id="rosa-policy-customer-access_{context}"]
-== Customer access
-Customer access is limited to namespaces created by the customer and permissions that are granted using RBAC by the Customer Administrator role. Access to the underlying infrastructure or product namespaces is generally not permitted without `cluster-admin` access. More information on customer access and authentication can be found in the "Understanding Authentication" section of the documentation.
-
-[id="rosa-policy-access-approval_{context}"]
-== Access approval and review
-New SRE user access requires management approval. Separated or transferred SRE accounts are removed as authorized users through an automated process. Additionally, the SRE performs periodic access review, including management sign-off of authorized user lists.
diff --git a/modules/rosa-policy-incident.adoc b/modules/rosa-policy-incident.adoc
index a8399787ed1a..bfbb271ea99a 100644
--- a/modules/rosa-policy-incident.adoc
+++ b/modules/rosa-policy-incident.adoc
@@ -1,17 +1,98 @@
 
 // Module included in the following assemblies:
 //
-// * rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
-
+// * rosa_architecture/rosa_policy_service_definition/rosa-policy-shared-responsibility.adoc
 [id="rosa-policy-incident_{context}"]
 = Incident and operations management
 
+Red Hat is responsible for overseeing the service components required for default platform networking.
+AWS is responsible for protecting the hardware infrastructure that runs all of the services offered in the AWS Cloud. The customer is responsible for incident and operations management of customer application data and any custom networking the customer may have configured for the cluster network or virtual network.
+
+[cols= "2a,3a,3a",options="header"]
+|===
+
+|Resource
+|Service responsibilities
+|Customer responsibilities
+
+|Application networking
+|**Red Hat**
+
+- Monitor native OpenShift router
+service, and respond to alerts.
+|- Monitor health of application routes, and the endpoints behind them.
+- Report outages to Red Hat and AWS.
+
+|Virtual networking management
+|**Red Hat**
+
+- Monitor AWS load balancers, Amazon VPC subnets, and AWS service components necessary for default
+platform networking. Respond to alerts.
+|- Monitor health of AWS load balancer endpoints.
+- Monitor network traffic that is optionally configured through Amazon VPC-to-VPC connection, AWS VPN connection, or AWS
+Direct Connect for potential issues or
+security threats.
+
+|Virtual storage management
+|**Red Hat**
+
+- Monitor Amazon EBS volumes attached to cluster nodes and Amazon S3 buckets used for the ROSA service’s built-in container image
+registry. Respond to alerts.
+|- Monitor health of application data.
+- If customer managed AWS KMS keys are
+used, create and control the key lifecycle and
+key policies for Amazon EBS encryption.
+
+|Platform monitoring
+|**Red Hat**
+
+- Maintain a centralized monitoring and alerting system for all ROSA cluster components, site reliability engineer (SRE) services, and underlying AWS accounts.
+|
+
+|Incident management
+|**Red Hat**
 
-This documentation details the Red Hat responsibilities for the {product-title} (ROSA) managed service.
+- Raise and manage known incidents.
+- Share root cause analysis (RCA) drafts with the customer.
+|- Raise known incidents through a support case.
+
+|Infrastructure and data resiliency
+|**Red Hat**
+
+- There is no Red Hat-provided backup method available for ROSA clusters with STS.
+- Red Hat does not commit to any Recovery Point Objective (RPO) or Recovery Time Objective (RTO).
+|- Take regular backups of data and deploy multi-AZ clusters with workloads that follow Kubernetes best practices to ensure high availability within a region.
+- If an entire cloud region is unavailable, install a new cluster in a different region and restore apps using backup data.
+
+|Cluster capacity
+|**Red Hat**
+
+- Manage the capacity of all control plane and infrastructure nodes on the cluster.
+- Evaluate cluster capacity during upgrades and in response to cluster alerts.
+|
+
+|AWS software (public AWS services)
+|**AWS**
+
+- For information regarding AWS incident and operations management, see link:https://docs.aws.amazon.com/whitepapers/latest/aws-operational-resilience/how-aws-maintains-operational-resilience-and-continuity-of-service.html#incident-management[How AWS maintains operational resilience and continuity of service] in the AWS whitepaper.
+|- Monitor health of AWS resources in the
+customer account.
+- Use IAM tools to apply the appropriate
+permissions to AWS resources in the customer account.
+
+|Hardware/AWS global infrastructure
+|**AWS**
+
+- For information regarding AWS incident and operations management, see link:https://docs.aws.amazon.com/whitepapers/latest/aws-operational-resilience/how-aws-maintains-operational-resilience-and-continuity-of-service.html#incident-management[How AWS maintains operational
+resilience and continuity of service] in the AWS whitepaper.
+
+|- Configure, manage, and monitor customer applications and data to ensure application and data security controls are properly enforced.
+
+|===
 
 [id="rosa-policy-platform-monitoring_{context}"]
 == Platform monitoring
-Red Hat site reliability engineers (SREs) maintain a centralized monitoring and alerting system for all ROSA cluster components, the SRE services, and underlying AWS accounts. Platform audit logs are securely forwarded to a centralized security information and event monitoring (SIEM) system, where they may trigger configured alerts to the SRE team and are also subject to manual review. Audit logs are retained in the SIEM system for one year. Audit logs for a given cluster are not deleted at the time the cluster is deleted.
+Platform audit logs are securely forwarded to a centralized security information and event monitoring (SIEM) system, where they may trigger configured alerts to the SRE team and are also subject to manual review. Audit logs are retained in the SIEM system for one year. Audit logs for a given cluster are not deleted at the time the cluster is deleted.
 
 [id="rosa-policy-incident-management_{context}"]
 == Incident management
@@ -40,12 +121,6 @@ The following activities can trigger notifications:
 - Critical vulnerabilities and resolution
 - Upgrade scheduling
 
-[id="rosa-policy-backup-recovery-sts_{context}"]
-== Infrastructure and data resiliency
-Customers are responsible for taking regular backups of their data and should deploy multi-AZ clusters with workloads that follow Kubernetes best practices to ensure high availability within a region. If an entire cloud region is unavailable, customers must install a new cluster in a different region and restore their apps using their backup data.
-
-There is no Red Hat-provided backup method available for ROSA clusters with STS. Red Hat does not commit to any Recovery Point Objective (RPO) or Recovery Time Objective (RTO).
-
 //Note: The following content will be used again in the future (per OSDOCS:4654)
 //[id="backup-recovery_{context}"]
 //== Backup and recovery
@@ -84,8 +159,7 @@ There is no Red Hat-provided backup method available for ROSA clusters with STS.
 
 [id="rosa-policy-cluster-capacity_{context}"]
 == Cluster capacity
-Evaluating and managing cluster capacity is a responsibility that is shared between Red Hat and the customer. Red Hat SRE is responsible for the capacity of all control plane and infrastructure nodes on the cluster.
 
-Red Hat SRE also evaluates cluster capacity during upgrades and in response to cluster alerts. The impact of a cluster upgrade on capacity is evaluated as part of the upgrade testing process to ensure that capacity is not negatively impacted by new additions to the cluster. During a cluster upgrade, additional worker nodes are added to make sure that total cluster capacity is maintained during the upgrade process.
+The impact of a cluster upgrade on capacity is evaluated as part of the upgrade testing process to ensure that capacity is not negatively impacted by new additions to the cluster. During a cluster upgrade, additional worker nodes are added to make sure that total cluster capacity is maintained during the upgrade process.
 
-Capacity evaluations by the Red Hat SRE staff also happen in response to alerts from the cluster, after usage thresholds are exceeded for a certain period of time. Such alerts can also result in a notification to the customer.
+Capacity evaluations by the Red Hat SRE staff also happen in response to alerts from the cluster, after usage thresholds are exceeded for a certain period of time. Such alerts can also result in a notification to the customer.
\ No newline at end of file
diff --git a/modules/rosa-policy-responsibilities.adoc b/modules/rosa-policy-responsibilities.adoc
index 90215daaab8d..930c87d8f9ee 100644
--- a/modules/rosa-policy-responsibilities.adoc
+++ b/modules/rosa-policy-responsibilities.adoc
@@ -1,9 +1,8 @@
-
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-policy-responsibilities_{context}"]
 = Shared responsibilities for {product-title}
 
diff --git a/modules/rosa-policy-security-and-compliance.adoc b/modules/rosa-policy-security-and-compliance.adoc
new file mode 100644
index 000000000000..8f149f2f84a8
--- /dev/null
+++ b/modules/rosa-policy-security-and-compliance.adoc
@@ -0,0 +1,125 @@
+//Modules included in the following assemblies:
+//
+// * rosa_architecture/rosa_policy_service_definition/rosa-policy-shared-responsibility.adoc
+
+[id="rosa-policy-security-compliance_{context}"]
+= Security and regulation compliance
+The following table outlines the  the responsibilities in regards to security and regulation compliance:
+
+[cols="2a,3a,3a",options="header"]
+|===
+
+|Resource
+|Service responsibilities
+|Customer responsibilities
+
+|Logging
+|**Red Hat**
+
+- Send cluster audit logs to a Red Hat SIEM to analyze for security events. Retain audit logs for a defined period of time to support forensic analysis.
+|- Analyze application logs for security events.
+- Send application logs to an external endpoint through logging sidecar containers or third-party logging applications if longer retention is required than is offered by the default logging stack.
+
+|Virtual networking management
+|**Red Hat**
+
+- Monitor virtual networking components for potential issues and security threats.
+
+- Use public AWS tools for additional monitoring and protection.
+
+|- Monitor optional configured virtual networking components for potential issues and security threats.
+- Configure any necessary firewall rules or customer data center protections as required.
+
+|Virtual storage management
+|**Red Hat**
+
+- Monitor virtual storage components for potential issues and security threats.
+
+- Use public AWS tools for additional monitoring and protection.
+
+- Configure the ROSA service to encrypt control plane, infrastructure, and worker node volume data by default using the
+AWS managed Key Management Service (KMS) key that Amazon EBS provides.
+
+- Configure the ROSA service to encrypt customer persistent volumes that use the default storage class with the AWS
+managed KMS key that Amazon EBS provides.
+
+- Provide the ability for the customer to use a customer managed AWS KMS key to encrypt persistent volumes.
+
+- Configure the container image registry to encrypt image registry data at rest using server-side encryption with Amazon S3 managed keys (SSE-3).
+
+- Provide the ability for the customer to create a public or private Amazon S3 image registry to protect their container
+images from unauthorized user access.
+
+|- Provision Amazon EBS volumes.
+- Manage Amazon EBS volume storage to ensure enough storage is available to mount as a volume in ROSA.
+- Create the persistent volume claim and generate a
+persistent volume though OpenShift Cluster Manager.
+
+|Virtual compute management
+|**Red Hat**
+
+- Monitor virtual compute components for potential issues and security threats.
+
+- Use public AWS tools for additional monitoring and protection.
+
+|- Monitor optional configured virtual networking components for
+potential issues and security threats.
+- Configure any necessary firewall rules or customer data center protections as required.
+
+|AWS  software (public AWS services)
+|**AWS**
+
+**Compute:** Secure Amazon EC2, used for ROSA control plane, infrastructure, and worker nodes. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/infrastructure-security.html[
+Infrastructure security in Amazon EC2] in the Amazon EC2 User Guide.
+
+**Storage:** Secure Amazon Elastic Block Store (EBS),
+used for ROSA control plane, infrastructure, and worker node volumes, as well as Kubernetes persistent volumes. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html[Data protection in Amazon EC2] in the Amazon EC2 User Guide.
+
+**Storage:** Provide AWS KMS, which ROSA uses to
+encrypt control plane, infrastructure, and worker node volumes and persistent volumes. For more information, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html[Amazon EBS encryption] in the Amazon EC2 User Guide.
+
+**Storage:** Secure Amazon S3, used for the ROSA service’s built-in container image registry. For more information, see link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/security.html[Amazon S3 security] in the S3 User Guide.
+
+**Networking:** Provide security capabilities and services
+to increase privacy and control network access on AWS global infrastructure, including network firewalls built into
+Amazon VPC, private or dedicated network connections, and automatic encryption of all traffic on the AWS global
+and regional networks between AWS secured facilities. For more information, see the link:https://aws.amazon.com/compliance/shared-responsibility-model/[AWS Shared Responsibility Model]
+and link:https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/infrastructure-security.html[Infrastructure security] in the Introduction to AWS Security whitepaper.
+
+|- Ensure security best practices and the principle of least
+privilege are followed to protect data on the Amazon EC2
+instance. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/infrastructure-security.html[Infrastructure security in Amazon EC2]
+ and link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html[Data protection in Amazon EC2].
+- Monitor optional configured virtual networking components for
+potential issues and security threats.
+- Configure any necessary firewall rules or customer data center protections as required.
+- Create an optional customer managed KMS key and encrypt
+the Amazon EBS persistent volume using the KMS key.
+- Monitor the customer data in virtual storage
+for potential issues and security threats. For more information,
+see the link:https://aws.amazon.com/compliance/shared-responsibility-model/[shared responsibility model].
+
+|Hardware/AWS global infrastructure
+|**AWS**
+
+- Provide the AWS global infrastructure that ROSA uses to deliver service functionality. For more information regarding AWS security
+controls, see link:https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/security-of-the-aws-infrastructure.html[Security of the AWS Infrastructure] in the AWS whitepaper.
+
+- Provide documentation for the customer to
+manage compliance needs and check their
+security state in AWS using tools such as
+AWS Artifact and AWS Security Hub. For
+more information, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/compliance-validation.html[Compliance
+validation for ROSA] in the ROSA User
+Guide.
+
+|- Configure, manage, and monitor customer applications and data
+to ensure application and data security controls are properly
+enforced.
+- Use IAM tools to apply the appropriate permissions to AWS
+resources in the customer account.
+|===
+
+.Additional resources
+
+* For more information about customer or shared responsibilities, see the xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[ROSA Security] document.
\ No newline at end of file
diff --git a/modules/rosa-policy-security-regulation-compliance.adoc b/modules/rosa-policy-security-regulation-compliance.adoc
index 218d20fbe133..2e76579c5ce2 100644
--- a/modules/rosa-policy-security-regulation-compliance.adoc
+++ b/modules/rosa-policy-security-regulation-compliance.adoc
@@ -6,7 +6,6 @@
 [id="rosa-policy-security-regulation-compliance_{context}"]
 = Security and regulation compliance
 
-
 Security and regulation compliance includes tasks such as the implementation of security controls and compliance certification.
 
 [id="rosa-policy-data-classification_{context}"]
@@ -54,9 +53,9 @@ Any issues that may be discovered are prioritized based on severity. Any issues
 .Security and control certifications for {product-title}
 [cols= "3,3,3",options="header"]
 |===
-| Certification | {product-title} | {hcp-title-first}
+| Compliance | {product-title} (ROSA)| {hcp-title-first}
 
-| HIPAA | Yes | No
+| HIPAA Qualified | Yes | No
 
 | ISO 27001 | Yes | No
 
@@ -71,8 +70,3 @@ Any issues that may be discovered are prioritized based on severity. Any issues
 | SOC 3 | Yes | No
 
 |===
-
-[role="_additional-resources"]
-.Additional resources
-
-* See link:https://access.redhat.com/articles/5528091[Red Hat Subprocessor List] for information on SRE residency.
diff --git a/modules/rosa-policy-shared-responsibility.adoc b/modules/rosa-policy-shared-responsibility.adoc
index b1d7b2294855..b6944a8243d1 100644
--- a/modules/rosa-policy-shared-responsibility.adoc
+++ b/modules/rosa-policy-shared-responsibility.adoc
@@ -1,4 +1,3 @@
-
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
@@ -6,513 +5,4 @@
 [id="rosa-policy-shared-responsibility_{context}"]
 = Tasks for shared responsibilities by area
 
-
-Red Hat, AWS, and the customer all share responsibility for the monitoring, maintenance, and overall health of a {product-title} (ROSA) cluster. This documentation illustrates the delineation of responsibilities for each of the listed resources as shown in the tables below.
-
-[id="rosa-policy-incident-operations-management_{context}"]
-== Incident and operations management
-Red Hat is responsible for overseeing the service components required for default platform networking.
-AWS is responsible for protecting the hardware infrastructure that runs all of the services offered in the AWS Cloud. The customer is responsible for incident and operations management of customer application data and any custom networking the customer may have configured for the cluster network or virtual network.
-[cols= "2a,3a,3a",options="header"]
-|===
-
-|Resource
-|Service responsibilities
-|Customer responsibilities
-
-|Application networking
-|**Red Hat**
-
-- Monitor native OpenShift router
-service, and respond to alerts.
-|- Monitor health of application routes, and the endpoints behind them.
-- Report outages to Red Hat and AWS.
-
-|Virtual networking management
-|**Red Hat**
-
-- Monitor AWS load balancers, Amazon VPC subnets, and AWS service components necessary for default
-platform networking. Respond to alerts.
-|- Monitor health of AWS load balancer endpoints.
-- Monitor network traffic that is optionally configured through Amazon VPC-to-VPC connection, AWS VPN connection, or AWS
-Direct Connect for potential issues or
-security threats.
-
-|Virtual storage management
-|**Red Hat**
-
-- Monitor Amazon EBS volumes used for cluster nodes, and Amazon S3 buckets used for the ROSA service’s built-in container image
-registry. Respond to alerts.
-|- Monitor health of application data.
-- If customer managed AWS KMS keys are
-used, create and control the key lifecycle and
-key policies for Amazon EBS encryption.
-
-|AWS software (public AWS services)
-|**AWS**
-
-- For information regarding AWS incident and operations management, see link:https://docs.aws.amazon.com/whitepapers/latest/aws-operational-resilience/how-aws-maintains-operational-resilience-and-continuity-of-service.html#incident-management[How AWS maintains operational resilience and continuity of service] in the AWS whitepaper.
-|- Monitor health of AWS resources in the
-customer account.
-- Use IAM tools to apply the appropriate
-permissions to AWS resources in the customer account.
-
-|Hardware/AWS global infrastructure
-|**AWS**
-
-- For information regarding AWS incident and operations management, see link:https://docs.aws.amazon.com/whitepapers/latest/aws-operational-resilience/how-aws-maintains-operational-resilience-and-continuity-of-service.html#incident-management[How AWS maintains operational
-resilience and continuity of service] in the AWS whitepaper.
-
-|- Configure, manage, and monitor customer applications and data to ensure application and data security controls are properly enforced.
-
-|===
-
-[id="rosa-policy-change-management_{context}"]
-== Change management
-Red Hat is responsible for enabling changes to the cluster infrastructure and services that the customer will control, as well as maintaining versions for the control plane nodes, infrastructure nodes and services, and worker nodes. AWS is responsible for protecting the hardware infrastructure that runs all of the services offered in the
-AWS Cloud. The customer is responsible for initiating infrastructure change requests and installing and maintaining optional services and networking configurations on the cluster, as well as all changes to customer data and customer applications.
-
-[cols="2a,3a,3a",options="header"]
-|===
-
-|Resource
-|Service responsibilities
-|Customer responsibilities
-
-|Logging
-|**Red Hat**
-
-- Centrally aggregate and monitor platform audit logs.
-
-- Provide and maintain a logging Operator to enable the customer to deploy a logging stack for default application logging.
-
-- Provide audit logs upon customer request.
-
-|- Install the optional default application logging Operator on the cluster.
-- Install, configure, and maintain any optional app logging solutions, such as logging sidecar containers or third-party logging applications.
-- Tune size and frequency of application logs being produced by customer applications if they are affecting the stability of the logging stack or the cluster.
-- Request platform audit logs through a support case for researching specific incidents.
-
-|Application networking
-|**Red Hat**
-
-- Set up public load balancers. Provide the ability to set up private load balancers and up to one additional load balancer when required.
-
-- Set up native OpenShift router service. Provide the ability to set the router as private and add up to one additional router shard.
-
-- Install, configure, and maintain OpenShift SDN components for default internal pod traffic.
-
-- Provide the ability for the customer to manage `NetworkPolicy` and `EgressNetworkPolicy` (firewall) objects.
-
-|- Configure non-default pod network permissions for project and pod networks, pod ingress, and pod egress using `NetworkPolicy` objects.
-- Use {cluster-manager} to request a private load balancer for default application routes.
-- Use {cluster-manager} to configure up to one additional public or private router shard and corresponding load balancer.
-- Request and configure any additional service load balancers for specific services.
-- Configure any necessary DNS forwarding rules.
-
-|Cluster networking
-|**Red Hat**
-
-- Set up cluster management components, such as public or private service endpoints and necessary integration with Amazon VPC components.
-
-- Set up internal networking components required for internal cluster communication between worker, infrastructure, and control plane nodes.
-
-|- Provide optional non-default IP address ranges for machine CIDR, service CIDR, and pod CIDR if needed through {cluster-manager} when the cluster is provisioned.
-- Request that the API service endpoint be made public or private on cluster creation or after cluster creation through {cluster-manager}.
-
-|Virtual networking management
-|**Red Hat**
-
-- Set up and configure Amazon VPC components required to provision the cluster, such as subnets, load balancers, internet gateways, and NAT gateways.
-
-- Provide the ability for the customer to
-manage AWS VPN connectivity with on-premises resources, Amazon VPC-to-VPC connectivity, and AWS Direct Connect as required through  {cluster-manager}.
-
-- Enable customers to create and deploy AWS load balancers for use with service load balancers.
-
-|- Set up and maintain optional Amazon VPC components, such as Amazon VPC-to-VPC connection, AWS VPN connection, or AWS Direct Connect.
-- Request and configure any additional service load balancers for specific services.
-
-|Virtual compute management
-|**Red Hat**
-
-- Set up and configure the ROSA control plane and data plane to use Amazon EC2 instances for cluster compute.
-
-- Monitor and manage the deployment of Amazon EC2 control plane and infrastructure nodes on the cluster.
-
-|- Monitor and manage Amazon EC2 worker nodes by creating a
-machine pool using the OpenShift Cluster Manager or the ROSA CLI (`rosa`).
-- Manage changes to customer-deployed applications and application data.
-
-|Cluster version
-|**Red Hat**
-
-- Enable upgrade scheduling process.
-
-- Monitor upgrade progress and remedy any issues encountered.
-
-- Publish change logs and release notes for minor and maintenance upgrades.
-
-|- Schedule maintenance version upgrades either immediately, for the future, or have automatic upgrades.
-- Acknowledge and schedule minor version upgrades.
-- Ensure the cluster version stays on a supported minor version.
-- Test customer applications on minor and maintenance versions to ensure compatibility.
-
-|Capacity management
-|**Red Hat**
-
-- Monitor the use of the control plane. Control planes include control plane nodes and infrastructure nodes.
-
-- Scale and resize control plane nodes to maintain quality of service.
-
-| - Monitor worker node utilization and, if appropriate, enables the auto-scaling feature.
-- Determine the scaling strategy of the cluster. See the additional resources for more information on machine pools.
-- Use the provided {cluster-manager} controls to add or remove additional worker nodes as required.
-- Respond to Red Hat notifications regarding cluster resource requirements.
-
-|Virtual storage management
-|**Red Hat**
-
-- Set up and configure Amazon EBS to provision local node storage and persistent volume storage for the cluster.
-
-- Set up and configure the built-in image registry to use Amazon S3 bucket storage.
-
-- Regularly prune image registry resources in
-Amazon S3 to optimize Amazon S3 usage and cluster performance.
-
-| - Optionally configure the Amazon EBS CSI driver or the Amazon
-EFS CSI driver to provision persistent volumes on the cluster.
-
-|AWS software (public AWS services)
-|**AWS**
-
-**Compute:** Provide the Amazon EC2 service, used for
-ROSA control plane, infrastructure, and worker nodes.
-
-**Storage:** Provide Amazon EBS to allow the ROSA service to provision local node storage and persistent volume storage for the cluster.
-
-**Storage:** Provide Amazon S3 for the ROSA service’s
-built-in image registry.
-
-**Networking:**
-Provide the following AWS Cloud services
-to satisfy ROSA virtual networking
-infrastructure needs:
-
-** Amazon VPC
-** Elastic Load Balancing
-** AWS IAM
-
-**Networking:**
-Provide the following optional AWS service integrations for ROSA:
-
-- AWS VPN
-- AWS Direct Connect
-- AWS PrivateLink
-- AWS Transit Gateway
-
-| - Sign requests using an access key ID and secret access key
-associated with an IAM principal or STS temporary security
-credentials.
-- Specify VPC subnets for the cluster to use during cluster
-creation.
-- Optionally configure a customer-managed VPC for use with ROSA clusters.
-
-|Hardware/AWS global infrastructure
-|**AWS**
-
-- For information regarding  management controls for AWS data centers, see link:https://aws.amazon.com/compliance/data-center/controls[Our Controls] on the AWS Cloud Security page.
-
-- For information regarding change management best practices, see link:https://aws.amazon.com/solutions/guidance/change-management-on-aws/[Guidance for Change Management on AWS] in the AWS Solutions Library.
-
-|- Implement change management best practices for customer
-applications and data hosted on the AWS Cloud.
-
-|===
-
-[id="rosa-policy-identity-access-management_{context}"]
-== Access and identity authorization
-The access and identity authorization table includes responsibilities for managing authorized access to clusters, applications, and infrastructure resources. This includes tasks such as providing access control mechanisms, authentication, authorization, and managing access to resources.
-[cols="2a,3a,3a",options="header"]
-|===
-|Resource
-|Service responsibilities
-|Customer responsibilities
-
-|Logging
-|**Red Hat**
-
-- Adhere to an industry standards-based tiered internal access process for platform audit logs.
-
-- Provide native OpenShift RBAC capabilities.
-
-|- Configure OpenShift RBAC to control access to projects and by extension a project’s application logs.
-- For third-party or custom application logging solutions, the customer is responsible for access management.
-
-|Application networking
-|**Red Hat**
-
-- Provide native OpenShift RBAC and `dedicated-admin` capabilities.
-
-|- Configure OpenShift `dedicated-admin` and RBAC to control access to route configuration as required.
-- Manage organization administrators for Red Hat to grant access to {cluster-manager}. The cluster manager is used to configure router options and provide service load balancer quota.
-
-|Cluster networking
-|**Red Hat**
-
-- Provide customer access controls through {cluster-manager}.
-
-- Provide native OpenShift RBAC and `dedicated-admin` capabilities.
-
-|- Manage Red Hat organization membership of Red Hat accounts.
-- Manage organization administrators for Red Hat to grant access to {cluster-manager}.
-- Configure OpenShift `dedicated-admin` and RBAC to control access to route configuration as required.
-
-|Virtual networking management
-|**Red Hat**
-
-- Provide customer access controls through {cluster-manager}.
-
-|- Manage optional user access to AWS components through {cluster-manager}.
-
-|Virtual storage management
-|**Red Hat**
-
-- Provide customer access controls through
-OpenShift Cluster Manager.
-
-|- Manage optional user access to AWS components through {cluster-manager}.
-- Create AWS IAM roles and attached policies necessary to enable ROSA service access.
-
-|Virtual compute management
-|**Red Hat**
-
-- Provide customer access controls through
-OpenShift Cluster Manager.
-
-|- Manage optional user access to AWS components through {cluster-manager}.
-- Create AWS IAM roles and attached policies necessary to enable ROSA service access.
-
-|AWS software (public AWS services)
-|**AWS**
-
-**Compute:** Provide the Amazon EC2 service, used for ROSA control plane, infrastructure, and worker nodes.
-
-**Storage:** Provide Amazon EBS, used to allow ROSA to provision local node storage and persistent volume storage for the cluster.
-
-**Storage:** Provide Amazon S3, used for the service’s built-in image registry.
-
-**Networking:** Provide AWS Identity and Access Management (IAM), used by customers to control access to ROSA resources running on customer accounts.
-
-|- Create AWS IAM roles and attached policies necessary to enable ROSA service access.
-
-- Use IAM tools to apply the appropriate permissions to AWS
-resources in the customer account.
-
-- To enable ROSA across your AWS organization, the customer is
-responsible for managing AWS Organizations administrators.
-
-- To enable ROSA across your AWS organization, the customer is
-responsible for distributing the ROSA entitlement grant using AWS License Manager.
-
-|Hardware/AWS global infrastructure
-|**AWS**
-
-- For information regarding physical access controls for AWS data centers, see link:https://aws.amazon.com/compliance/data-center/controls/[Our Controls] on the AWS Cloud Security page.
-|- Customer is not responsible for AWS global infrastructure.
-|===
-
-[id="rosa-policy-security-regulation-compliance_{context}"]
-== Security and regulation compliance
-The following table outlines the  the responsibilities in regards to security and regulation compliance:
-
-[cols="2a,3a,3a",options="header"]
-|===
-
-|Resource
-|Service responsibilities
-|Customer responsibilities
-
-|Logging
-|**Red Hat**
-
-- Send cluster audit logs to a Red Hat SIEM to analyze for security events. Retain audit logs for a defined period of time to support forensic analysis.
-|- Analyze application logs for security events.
-- Send application logs to an external endpoint through logging sidecar containers or third-party logging applications if longer retention is required than is offered by the default logging stack.
-
-|Virtual networking management
-|**Red Hat**
-
-- Monitor virtual networking components for potential issues and security threats.
-
-- Use public AWS tools for additional monitoring and protection.
-
-|- Monitor optional configured virtual networking components for potential issues and security threats.
-- Configure any necessary firewall rules or customer data center protections as required.
-
-|Virtual storage management
-|**Red Hat**
-
-- Monitor virtual storage components for potential issues and security threats.
-
-- Use public AWS tools for additional monitoring and protection.
-
-- Configure the ROSA service to encrypt control plane, infrastructure, and worker node volume data by default using the
-AWS managed Key Management Service (KMS) key that Amazon EBS provides.
-
-- Configure the ROSA service to encrypt customer persistent volumes that use the default storage class with the AWS
-managed KMS key that Amazon EBS provides.
-
-- Provide the ability for the customer to use a customer managed AWS KMS key to encrypt persistent volumes.
-
-- Configure the container image registry to encrypt image registry data at rest using server-side encryption with Amazon S3 managed keys (SSE-3).
-
-- Provide the ability for the customer to create a public or private Amazon S3 image registry to protect their container
-images from unauthorized user access.
-
-|- Provision Amazon EBS volumes.
-- Manage Amazon EBS volume storage to ensure enough storage is available to mount as a volume in ROSA.
-- Create the persistent volume claim and generate a
-persistent volume though OpenShift Cluster Manager.
-
-|Virtual compute management
-|**Red Hat**
-
-- Monitor virtual compute components for potential issues and security threats.
-
-- Use public AWS tools for additional monitoring and protection.
-
-|- Monitor optional configured virtual networking components for
-potential issues and security threats.
-- Configure any necessary firewall rules or customer data center protections as required.
-
-|AWS  software (public AWS services)
-|**AWS**
-
-**Compute:** Secure Amazon EC2, used for ROSA control plane, infrastructure, and worker nodes. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/infrastructure-security.html[
-Infrastructure security in Amazon EC2] in the Amazon EC2 User Guide.
-
-**Storage:** Secure Amazon Elastic Block Store (EBS),
-used for ROSA control plane, infrastructure, and worker node volumes, as well as Kubernetes persistent volumes. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html[Data protection in Amazon EC2] in the Amazon EC2 User Guide.
-
-**Storage:** Provide AWS KMS, which ROSA uses to
-encrypt control plane, infrastructure, and worker node volumes and persistent volumes. For more information, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html[Amazon EBS encryption] in the Amazon EC2 User Guide.
-
-**Storage:** Secure Amazon S3, used for the ROSA service’s built-in container image registry. For more information, see link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/security.html[Amazon S3 security] in the S3 User Guide.
-
-**Networking:** Provide security capabilities and services
-to increase privacy and control network access on AWS global infrastructure, including network firewalls built into
-Amazon VPC, private or dedicated network connections, and automatic encryption of all traffic on the AWS global
-and regional networks between AWS secured facilities. For more information, see the link:https://aws.amazon.com/compliance/shared-responsibility-model/[AWS Shared Responsibility Model]
-and link:https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/infrastructure-security.html[Infrastructure security] in the Introduction to AWS Security whitepaper.
-
-|- Ensure security best practices and the principle of least
-privilege are followed to protect data on the Amazon EC2
-instance. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/infrastructure-security.html[Infrastructure security in Amazon EC2]
- and link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html[Data protection in Amazon EC2].
-- Monitor optional configured virtual networking components for
-potential issues and security threats.
-- Configure any necessary firewall rules or customer data center protections as required.
-- Create an optional customer managed KMS key and encrypt
-the Amazon EBS persistent volume using the KMS key.
-- Monitor the customer data in virtual storage
-for potential issues and security threats. For more information,
-see the link:https://aws.amazon.com/compliance/shared-responsibility-model/AWS[shared responsibility model].
-
-|Hardware/AWS global infrastructure
-|**AWS**
-
-- Provide the AWS global infrastructure that ROSA uses to deliver service functionality. For more information regarding AWS security
-controls, see link:https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/security-of-the-aws-infrastructure.html[Security of the AWS Infrastructure] in the AWS whitepaper.
-
-- Provide documentation for the customer to
-manage compliance needs and check their
-security state in AWS using tools such as
-AWS Artifact and AWS Security Hub. For
-more information, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/compliance-validation.html[Compliance
-validation for ROSA] in the ROSA User
-Guide.
-
-|- Configure, manage, and monitor customer applications and data
-to ensure application and data security controls are properly
-enforced.
-- Use IAM tools to apply the appropriate permissions to AWS
-resources in the customer account.
-|===
-
-[id="rosa-policy-disaster-recovery_{context}"]
-== Disaster recovery
-Disaster recovery includes data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.
-
-
-[cols="2a,3a,3a" ,options="header"]
-|===
-|Resource
-|Service responsibilities
-|Customer responsibilities
-
-|Virtual networking management
-|**Red Hat**
-
-- Restore or recreate affected virtual network components that are necessary for the platform to function.
-|- Configure virtual networking connections with more than one tunnel where possible for protection against outages as recommended by the public cloud provider.
-- Maintain failover DNS and load balancing if using a global load balancer with multiple clusters.
-
-|Virtual Storage management
-|**Red Hat**
-
-- For ROSA clusters created with IAM user credentials, back up all Kubernetes objects on the cluster through hourly, daily, and weekly volume snapshots.
-
-- For ROSA clusters created with IAM user credentials, back up persistent volumes on the cluster through daily and weekly volume snapshots.
-
-|- Back up customer applications and application data.
-
-|Virtual compute management
-|**Red Hat**
-
-- Monitor the cluster and replace failed Amazon EC2 control plane or infrastructure nodes.
-
-- Provide the ability for the customer to manually or automatically replace failed worker nodes.
-
-|- Replace failed Amazon EC2 worker nodes by editing the
-machine pool configuration through OpenShift Cluster Manager or the ROSA CLI.
-
-|AWS software (public AWS services)
-|**AWS**
-
-**Compute:** Provide Amazon EC2 features that support data resiliency such as Amazon EBS snapshots and Amazon EC2 Auto Scaling. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/disaster-recovery-resiliency.html[Resilience in Amazon EC2] in the EC2 User Guide.
-
-**Storage:** Provide the ability for the ROSA service
-and customers to back up the Amazon EBS volume on the cluster through Amazon EBS volume snapshots.
-
-**Storage:** For information about Amazon S3 features that support data resiliency, see link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/disaster-recovery-resiliency.html[Resilience in Amazon S3].
-
-**Networking:** For information about Amazon VPC features that support data resiliency, see link:https://docs.aws.amazon.com/vpc/latest/userguide/disaster-recovery-resiliency.html[Resilience in Amazon Virtual Private
-Cloud] in the Amazon VPC User Guide.
-
-|- Configure ROSA
-multi-AZ clusters to
-improve fault
-tolerance and cluster
-availability.
-
-- Provision persistent
-volumes using the
-Amazon EBS CSI
-driver to enable
-volume snapshots.
-
-- Create CSI volume snapshots of Amazon
-EBS persistent volumes.
-|Hardware/AWS global infrastructure
-|**AWS**
-
-- Provide AWS global infrastructure that allows ROSA to scale control plane, infrastructure, and worker nodes across
-Availability Zones. This functionality enables ROSA to orchestrate automatic failover between zones without interruption.
-
-- For more information about disaster recovery best practices, see link:https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-cloud.html[Disaster recovery options in the cloud] in the AWS
-Well-Architected Framework.
-
-|- Configure ROSA multi-AZ clusters to improve fault tolerance and cluster availability.
-
-|===
+Red Hat, AWS, and the customer all share responsibility for the monitoring, maintenance, and overall health of a {product-title} (ROSA) cluster. This documentation illustrates the delineation of responsibilities for each of the listed resources as shown in the tables below.
\ No newline at end of file
diff --git a/modules/rosa-quickstart-instructions.adoc b/modules/rosa-quickstart-instructions.adoc
index 250d1dc7f71c..c2905c737377 100644
--- a/modules/rosa-quickstart-instructions.adoc
+++ b/modules/rosa-quickstart-instructions.adoc
@@ -8,7 +8,7 @@
 
 If you have already created your first cluster and users, this list can serve as a command quick reference list when creating additional clusters and users.
 
-[source, terminal]
+[source,terminal]
 ----
 ## Configures your AWS account and ensures everything is setup correctly
 $ rosa init
diff --git a/modules/rosa-red-hat-support-access.adoc b/modules/rosa-red-hat-support-access.adoc
new file mode 100644
index 000000000000..ad329e657ddb
--- /dev/null
+++ b/modules/rosa-red-hat-support-access.adoc
@@ -0,0 +1,103 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
+
+:_mod-docs-content-type: REFERENCE
+
+[id="rosa-policy-rh-access_{context}"]
+= Red Hat support access
+Members of the Red Hat Customer Experience and Engagement (CEE) team typically have read-only access to parts of the cluster. Specifically, CEE has limited access to the core and product namespaces and does not have access to the customer namespaces.
+
+[cols= "2a,4a,4a,4a,4a",options="header"]
+
+|===
+
+| Role | Core namespace | Layered product namespace | Customer namespace | AWS account^*^
+
+|OpenShift SRE| Read: All
+
+Write: Very
+
+limited ^[1]^
+| Read: All
+
+Write: None
+| Read: None^[2]^
+
+Write: None
+|Read: All ^[3]^
+
+Write: All ^[3]^
+
+|CEE
+|Read: All
+
+Write: None
+
+|Read: All
+
+Write: None
+
+|Read: None^[2]^
+
+Write: None
+
+|Read: None
+
+Write: None
+
+|Customer administrator
+|Read: None
+
+Write: None
+
+|Read: None
+
+Write: None
+
+| Read: All
+
+Write: All
+
+|Read: All
+
+Write: All
+
+|Customer user
+|Read: None
+
+Write: None
+
+|Read: None
+
+Write: None
+
+|Read: Limited^[4]^
+
+Write: Limited^[4]^
+
+|Read: None
+
+Write: None
+
+|Everybody else
+|Read: None
+
+Write: None
+|Read: None
+
+Write: None
+|Read: None
+
+Write: None
+|Read: None
+
+Write: None
+
+|===
+--
+1. Limited to addressing common use cases such as failing deployments, upgrading a cluster, and replacing bad worker nodes.
+2. Red Hat associates have no access to customer data by default.
+3. SRE access to the AWS account is an emergency procedure for exceptional troubleshooting during a documented incident.
+4. Limited to what is granted through RBAC by the Customer Administrator and namespaces created by the user.
+--
\ No newline at end of file
diff --git a/modules/rosa-required-aws-service-quotas.adoc b/modules/rosa-required-aws-service-quotas.adoc
index 902d72d649cb..4f0410536ce9 100644
--- a/modules/rosa-required-aws-service-quotas.adoc
+++ b/modules/rosa-required-aws-service-quotas.adoc
@@ -6,7 +6,11 @@
 [id="rosa-required-aws-service-quotas_{context}"]
 = Required AWS service quotas
 
-The table below describes the AWS service quotas and levels required to create and run an {product-title} cluster.
+The table below describes the AWS service quotas and levels required to create and run one {product-title} cluster. Although most default values are suitable for most workloads, you might need to request additional quota for the following cases:
+
+* ROSA clusters require at least 100 vCPUs, but the default maximum value for vCPUs assigned to Running On-Demand Standard Amazon EC2 instances is `5`. Therefore if you have not created a ROSA cluster using the same AWS account previously, you must request additional EC2 quota for `Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances`.
+
+* Some optional cluster configuration features, such as custom security groups, might require you to request additional quota. For example, because ROSA associates 1 security group with network interfaces in worker machine pools by default, and the default quota for `Security groups per network interface` is `5`, if you want to add 5 custom security groups, you must request additional quota, because this would bring the total number of security groups on worker network interfaces to 6.
 
 [NOTE]
 ====
@@ -15,22 +19,17 @@ The AWS SDK allows ROSA to check quotas, but the AWS SDK calculation does not ac
 
 If you need to modify or increase a specific quota, see Amazon's documentation on link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[requesting a quota increase]. Large quota requests are submitted to Amazon Support for review, and take some time to be approved. If your quota request is urgent, contact AWS Support.
 
-[IMPORTANT]
-====
-For On-Demand Standard (A, C, D, H, I, M, R, T, Z) Amazon EC2 instances, creating a ROSA cluster requires 100 vCPUs or greater. To request for your quota to be increased, open the Service Quotas console within the AWS console.
-====
-
 
 .ROSA-required service quota
 
 [options="header"]
 |===
-|Quota name |Service code |Quota code| Default | Minimum required | Description
+|Quota name |Service code |Quota code| AWS default | Minimum required | Description
 
 |Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances
 |ec2
 |L-1216C47A
-|100
+|5
 |100
 | Maximum number of vCPUs assigned to the Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances.
 
@@ -67,7 +66,7 @@ The default value of 5 vCPUs is not sufficient to create ROSA clusters. ROSA has
 
 [options="header"]
 |===
-|Quota name |Service code |Quota code| Default | Minimum required | Description
+|Quota name |Service code |Quota code| AWS default | Minimum required | Description
 
 |EC2-VPC Elastic IPs
 |ec2
@@ -97,6 +96,13 @@ The default value of 5 vCPUs is not sufficient to create ROSA clusters. ROSA has
 |5,000
 | The maximum number of network interfaces per Region.
 
+|Security groups per network interface
+|vpc
+|L-2AFB9258
+|5
+|5
+|The maximum number of security groups per network interface. This quota, multiplied by the quota for rules per security group, cannot exceed 1000.
+
 |Snapshots per Region
 |ebs
 |L-309BACF6
@@ -116,14 +122,14 @@ The default value of 5 vCPUs is not sufficient to create ROSA clusters. ROSA has
 |L-53DA6B97
 |50
 |50
-|
+|The maximum number of Application Load Balancers that can exist in each region.
 
 |Classic Load Balancers per Region
 |elasticloadbalancing
 |L-E9E9831D
 |20
 |20
-|
+|The maximum number of Classic Load Balancers that can exist in each region.
 |===
 
 [role="_additional-resources"]
diff --git a/modules/rosa-rhoda.adoc b/modules/rosa-rhoda.adoc
index f306fcaf03ec..49b631a009cc 100644
--- a/modules/rosa-rhoda.adoc
+++ b/modules/rosa-rhoda.adoc
@@ -2,7 +2,7 @@
 //
 // * adding_service_cluster/rosa-available-services.adoc
 // This module is no longer included in the document due to OSDOCS-5817.
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-rhoda_{context}"]
 = Red Hat OpenShift Database Access
 
diff --git a/modules/rosa-rhods.adoc b/modules/rosa-rhods.adoc
index 040be64e7f60..667bd76a42aa 100644
--- a/modules/rosa-rhods.adoc
+++ b/modules/rosa-rhods.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * adding_service_cluster/rosa-available-services.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-rhods_{context}"]
 = Red Hat OpenShift Data Science
 
diff --git a/modules/rosa-scaling-worker-nodes.adoc b/modules/rosa-scaling-worker-nodes.adoc
index a741ffc0a00f..fb2a52cc0b21 100644
--- a/modules/rosa-scaling-worker-nodes.adoc
+++ b/modules/rosa-scaling-worker-nodes.adoc
@@ -4,7 +4,7 @@
 // * nodes/rosa-managing-worker-nodes.adoc
 // * osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-scaling-worker-nodes_{context}"]
 = Scaling compute nodes manually
 
@@ -39,9 +39,9 @@ $ rosa list machinepools --cluster=<cluster_name>
 +
 [source,terminal]
 ----
-ID        AUTOSCALING   REPLICAS    INSTANCE TYPE  LABELS    TAINTS   AVAILABILITY ZONES
-default   No            2           m5.xlarge                        us-east-1a
-mp1       No            2           m5.xlarge                        us-east-1a
+ID        AUTOSCALING   REPLICAS    INSTANCE TYPE  LABELS    TAINTS   AVAILABILITY ZONES    DISK SIZE   SG IDs
+default   No            2           m5.xlarge                         us-east-1a            300GiB      sg-0e375ff0ec4a6cfa2
+mp1       No            2           m5.xlarge                         us-east-1a            300GiB      sg-0e375ff0ec4a6cfa2
 ----
 
 . Increase or decrease the number of compute node replicas in a machine pool:
@@ -67,9 +67,9 @@ $ rosa list machinepools --cluster=<cluster_name>
 .Example output
 [source,terminal]
 ----
-ID        AUTOSCALING   REPLICAS    INSTANCE TYPE  LABELS    TAINTS   AVAILABILITY ZONES
-default   No            2           m5.xlarge                        us-east-1a
-mp1       No            3           m5.xlarge                        us-east-1a
+ID        AUTOSCALING   REPLICAS    INSTANCE TYPE  LABELS    TAINTS   AVAILABILITY ZONES    DISK SIZE   SG IDs
+default   No            2           m5.xlarge                         us-east-1a            300GiB      sg-0e375ff0ec4a6cfa2
+mp1       No            3           m5.xlarge                         us-east-1a            300GiB      sg-0e375ff0ec4a6cfa2
 ----
 
 . In the output of the preceding command, verify that the compute node replica count is as expected for your machine pool. In the example output, the compute node replica count for the `mp1` machine pool is scaled to 3.
diff --git a/modules/rosa-sdpolicy-am-aws-compute-types.adoc b/modules/rosa-sdpolicy-am-aws-compute-types.adoc
index d76cd623b983..8a5192b14ea2 100644
--- a/modules/rosa-sdpolicy-am-aws-compute-types.adoc
+++ b/modules/rosa-sdpolicy-am-aws-compute-types.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-aws-instance-types_{context}"]
 = AWS instance types
 
@@ -90,7 +90,7 @@
 - m6id.24xlarge (96 vCPU, 384 GiB)
 - m6id.32xlarge (128 vCPU, 512 GiB)
 
-&#8224; These instance types provide 96 logical processors on 48 physical cores. They run on single servers with two physical Intel sockets. 
+&#8224; These instance types provide 96 logical processors on 48 physical cores. They run on single servers with two physical Intel sockets.
 ====
 
 .Burstable general purpose
@@ -344,4 +344,19 @@ Support for the GPU instance type software stack is provided by AWS. Ensure that
 [NOTE]
 ====
 Virtual instance types initialize faster than ".metal" instance types.
+====
+
+.High memory
+[%collapsible]
+====
+- u-3tb1.56xlarge (224 vCPU, 3,072 GiB)
+- u-6tb1.56xlarge (224 vCPU, 6,144 GiB)
+- u-6tb1.112xlarge (448 vCPU, 6,144 GiB)
+- u-6tb1.metal (448 vCPU, 6,144 GiB)
+- u-9tb1.112xlarge (448 vCPU, 9,216 GiB)
+- u-9tb1.metal (448 vCPU, 9,216 GiB)
+- u-12tb1.112xlarge (448 vCPU, 12,288 GiB)
+- u-12tb1.metal (448 vCPU, 12,288 GiB)
+- u-18tb1.metal (448 vCPU, 18,432 GiB)
+- u-24tb1.metal (448 vCPU, 24,576 GiB)
 ====
\ No newline at end of file
diff --git a/modules/rosa-sdpolicy-am-billing.adoc b/modules/rosa-sdpolicy-am-billing.adoc
index 54df72a0a35b..3ac751177e30 100644
--- a/modules/rosa-sdpolicy-am-billing.adoc
+++ b/modules/rosa-sdpolicy-am-billing.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-billing_{context}"]
 = Billing
 
diff --git a/modules/rosa-sdpolicy-am-cluster-self-service.adoc b/modules/rosa-sdpolicy-am-cluster-self-service.adoc
index 635e2ed8a41b..84aa60693f6a 100644
--- a/modules/rosa-sdpolicy-am-cluster-self-service.adoc
+++ b/modules/rosa-sdpolicy-am-cluster-self-service.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-cluster-self-service_{context}"]
 = Cluster self-service
 
diff --git a/modules/rosa-sdpolicy-am-compute.adoc b/modules/rosa-sdpolicy-am-compute.adoc
index 41b16e4f0487..0d5248576bca 100644
--- a/modules/rosa-sdpolicy-am-compute.adoc
+++ b/modules/rosa-sdpolicy-am-compute.adoc
@@ -2,22 +2,28 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-instance-types_{context}"]
 = Instance types
 
+ifdef::rosa-with-hcp[]
+All {hcp-title} clusters require a minimum of 2 worker nodes. All {hcp-title} clusters support a maximum of 51 worker nodes. Shutting down the underlying infrastructure through the cloud provider console is unsupported and can lead to data loss.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 Single availability zone clusters require a minimum of 3 control plane nodes, 2 infrastructure nodes, and 2 worker nodes deployed to a single availability zone.
 
-Multiple availability zone clusters require a minimum of 3 control plane nodes. 3 infrastructure nodes, and 3 worker nodes. Additional nodes must be purchased in multiples of three to maintain proper node distribution.
+Multiple availability zone clusters require a minimum of 3 control plane nodes, 3 infrastructure nodes, and 3 worker nodes. Additional nodes must be purchased in multiples of three to maintain proper node distribution.
 
 All {product-title} clusters support a maximum of 180 worker nodes.
 
-[NOTE]
-====
-After the cluster is installed, the `Default` machine pool cannot be deleted, and its node type or size cannot be changed.
-====
-
 Control plane and infrastructure nodes are deployed and managed by Red Hat. Shutting down the underlying infrastructure through the cloud provider console is unsupported and can lead to data loss. There are at least 3 control plane nodes that handle etcd- and API-related workloads. There are at least 2 infrastructure nodes that handle metrics, routing, the web console, and other workloads. You must not run any workloads on the control and infrastructure nodes. Any workloads you intend to run must be deployed on worker nodes. See the Red Hat Operator support section below for more information about Red Hat workloads that must be deployed on worker nodes.
+endif::rosa-with-hcp[]
 
 [NOTE]
 ====
@@ -27,3 +33,7 @@ Approximately one vCPU core and 1 GiB of memory are reserved on each worker node
 
 For additional information, see the link:https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#system-reserved[Kubernetes documentation].
 ====
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/rosa-sdpolicy-am-limited-support.adoc b/modules/rosa-sdpolicy-am-limited-support.adoc
index fe27b5b20a5d..afd09513bff0 100644
--- a/modules/rosa-sdpolicy-am-limited-support.adoc
+++ b/modules/rosa-sdpolicy-am-limited-support.adoc
@@ -2,7 +2,13 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
 [id="rosa-limited-support_{context}"]
 = Limited support status
 
@@ -10,10 +16,15 @@ When a cluster transitions to a _Limited Support_ status, Red Hat no longer proa
 
 A cluster might move to a Limited Support status for many reasons, including the following scenarios:
 
+ifndef::rosa-with-hcp[]
 If you do not upgrade a cluster to a supported version before the end-of-life date:: Red Hat does not make any runtime or SLA guarantees for versions after their end-of-life date. To receive continued support, upgrade the cluster to a supported version prior to the end-of-life date. If you do not upgrade the cluster prior to the end-of-life date, the cluster transitions to a Limited Support status until it is upgraded to a supported version.
 +
 Red Hat provides commercially reasonable support to upgrade from an unsupported version to a supported version. However, if a supported upgrade path is no longer available, you might have to create a new cluster and migrate your workloads.
 
+endif::rosa-with-hcp[]
 If you remove or replace any native {product-title} components or any other component that is installed and managed by Red Hat:: If cluster administrator permissions were used, Red Hat is not responsible for any of your or your authorized users’ actions, including those that affect infrastructure services, service availability, or data loss. If Red Hat detects any such actions, the cluster might transition to a Limited Support status. Red Hat notifies you of the status change and you should either revert the action or create a support case to explore remediation steps that might require you to delete and recreate the cluster.
 
-If you have questions about a specific action that might cause a cluster to move to a Limited Support status or need further assistance, open a support ticket.
\ No newline at end of file
+If you have questions about a specific action that might cause a cluster to move to a Limited Support status or need further assistance, open a support ticket.
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/rosa-sdpolicy-am-local-zones.adoc b/modules/rosa-sdpolicy-am-local-zones.adoc
index 36ccc7403733..23fc39d77754 100644
--- a/modules/rosa-sdpolicy-am-local-zones.adoc
+++ b/modules/rosa-sdpolicy-am-local-zones.adoc
@@ -1,11 +1,27 @@
 
 // Module included in the following assemblies:
 //
-// * assemblies/rosa-service-definition.adoc
-:_content-type: CONCEPT
+// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+:_mod-docs-content-type: CONCEPT
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
+
 [id="rosa-sdpolicy-am-local-zones_{context}"]
 = Local Zones
 
+ifdef::rosa-with-hcp[]
+{hcp-title-first} does not support the use of AWS Local Zones.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 {product-title} supports the use of AWS Local Zones, which are metropolis-centralized availability zones where customers can place latency-sensitive application workloads. Local Zones are extensions of AWS Regions that have their own internet connection. For more information about AWS Local Zones, see the AWS documentation link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work].
 
-For steps to enable AWS Local Zones and add a Local Zone to a machine pool, see xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.adoc#rosa-nodes-machine-pools-local-zones[Configuring Local Zones for machine pulls].
\ No newline at end of file
+For steps to enable AWS Local Zones and to add a Local Zone to a machine pool, see xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.adoc#rosa-nodes-machine-pools-local-zones[Configuring Local Zones for machine pools].
+endif::rosa-with-hcp[]
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
diff --git a/modules/rosa-sdpolicy-am-regions-az.adoc b/modules/rosa-sdpolicy-am-regions-az.adoc
index c44253eabfaa..99e67255a0e5 100644
--- a/modules/rosa-sdpolicy-am-regions-az.adoc
+++ b/modules/rosa-sdpolicy-am-regions-az.adoc
@@ -2,45 +2,114 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-regions-az_{context}"]
 = Regions and availability zones
-The following AWS regions are supported by Red Hat OpenShift 4 and are supported for {product-title}. Note: China and GovCloud (US) regions are not supported, regardless of their support on OpenShift 4.
+
+The following AWS regions are currently available
+ifdef::rosa-with-hcp[]
+for {hcp-title}.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+for Red Hat OpenShift 4 and are supported for {product-title}.
+endif::rosa-with-hcp[]
+
+[NOTE]
+====
+China regions are not supported, regardless of their support on OpenShift 4.
+====
+
+[NOTE]
+====
+For GovCloud (US) regions, you must submit an link:https://console.redhat.com/openshift/create/rosa/govcloud[Access request for Red Hat OpenShift Service on AWS (ROSA) FedRAMP]. 
+
+GovCloud (US) regions are only supported on ROSA Classic clusters. 
+====
 
 .AWS Regions
 [%collapsible]
 ====
+ifndef::rosa-with-hcp[]
 * af-south-1 (Cape Town, AWS opt-in required)
 * ap-east-1 (Hong Kong, AWS opt-in required)
+endif::rosa-with-hcp[]
 * ap-northeast-1 (Tokyo)
+ifndef::rosa-with-hcp[]
 * ap-northeast-2 (Seoul)
 * ap-northeast-3 (Osaka)
 * ap-south-1 (Mumbai)
+endif::rosa-with-hcp[]
+* ap-south-2 (Hyderabad, AWS opt-in required)
 * ap-southeast-1 (Singapore)
 * ap-southeast-2 (Sydney)
 * ap-southeast-3 (Jakarta, AWS opt-in required)
+* ap-southeast-4 (Melbourne, AWS opt-in required)
 * ca-central-1 (Central Canada)
 * eu-central-1 (Frankfurt)
+ifndef::rosa-with-hcp[]
+* eu-central-2 (Zurich, AWS opt-in required)
 * eu-north-1 (Stockholm)
 * eu-south-1 (Milan, AWS opt-in required)
+* eu-south-2 (Spain, AWS opt-in required)
+endif::rosa-with-hcp[]
 * eu-west-1 (Ireland)
+ifndef::rosa-with-hcp[]
 * eu-west-2 (London)
 * eu-west-3 (Paris)
 * me-central-1 (UAE, AWS opt-in required)
 * me-south-1 (Bahrain, AWS opt-in required)
 * sa-east-1 (São Paulo)
+endif::rosa-with-hcp[]
 * us-east-1 (N. Virginia)
 * us-east-2 (Ohio)
+ifndef::rosa-with-hcp[]
+* us-gov-east-1 - (AWS GovCloud - US-East)
+* us-gov-west-1 - (AWS GovCloud - US-West)	
 * us-west-1 (N. California)
+endif::rosa-with-hcp[]
 * us-west-2 (Oregon)
 ====
 
 Multiple availability zone clusters can only be deployed in regions with at least 3 availability zones. For more information, see the link:https://aws.amazon.com/about-aws/global-infrastructure/regions_az/[Regions and Availability Zones] section in the AWS documentation.
 
-Each new {product-title} cluster is installed within an installer-created or preexisting Virtual Private Cloud (VPC) in a single region, with the option to deploy into a single availability zone (Single-AZ) or across multiple availability zones (Multi-AZ). This provides cluster-level network and resource isolation, and enables cloud-provider VPC settings, such as VPN connections and VPC Peering. Persistent volumes (PVs) are backed by AWS Elastic Block Storage (EBS), and are specific to the availability zone in which they are provisioned. Persistent volume claims (PVCs) do not bind to a volume until the associated pod resource is assigned into a specific availability zone to prevent unschedulable pods. Availability zone-specific resources are only usable by resources in the same availability zone.
+Each new
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+ifdef::rosa-with-hcp[]
+{hcp-title}
+endif::rosa-with-hcp[]
+cluster is installed within
+ifdef::rosa-with-hcp[]
+a
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+an installer-created or
+endif::rosa-with-hcp[]
+preexisting Virtual Private Cloud (VPC) in a single region, with the option to deploy
+ifndef::rosa-with-hcp[]
+into a single availability zone (Single-AZ) or across multiple availability zones (Multi-AZ).
+endif::rosa-with-hcp[]
+ifdef::rosa-with-hcp[]
+up to the total number of availability zones for the given region.
+endif::rosa-with-hcp[]
+This provides cluster-level network and resource isolation, and enables cloud-provider VPC settings, such as VPN connections and VPC Peering. Persistent volumes (PVs) are backed by Amazon Elastic Block Storage (Amazon EBS), and are specific to the availability zone in which they are provisioned. Persistent volume claims (PVCs) do not bind to a volume until the associated pod resource is assigned into a specific availability zone to prevent unschedulable pods. Availability zone-specific resources are only usable by resources in the same availability zone.
 
 [WARNING]
 ====
-The region and the choice of single or multiple availability zone cannot be changed after a cluster has been deployed.
+The region
+ifndef::rosa-with-hcp[]
+and the choice of single or multiple availability zone
+endif::rosa-with-hcp[]
+cannot be changed after a cluster has been deployed.
 ====
 
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
diff --git a/modules/rosa-sdpolicy-am-sla.adoc b/modules/rosa-sdpolicy-am-sla.adoc
index 0e8399e46bcb..46878ca798e4 100644
--- a/modules/rosa-sdpolicy-am-sla.adoc
+++ b/modules/rosa-sdpolicy-am-sla.adoc
@@ -2,8 +2,9 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-sla_{context}"]
 = Service Level Agreement (SLA)
 
-Any SLAs for the service itself are defined in Appendix 4 of the link:https://www.redhat.com/licenses/Appendix_4_Red_Hat_Online_Services_20220720.pdf[Red Hat Enterprise Agreement Appendix 4 (Online Subscription Services)].
\ No newline at end of file
+//Note for writers: Do not link directly to the appendix 4 PDF, as each PDF is dated at generation and will not be kept up to date.
+Any SLAs for the service itself are defined in Appendix 4 of the link:https://www.redhat.com/en/about/appendices[Red Hat Enterprise Agreement Appendix 4 (Online Subscription Services)].
\ No newline at end of file
diff --git a/modules/rosa-sdpolicy-am-support.adoc b/modules/rosa-sdpolicy-am-support.adoc
index b53863718b7c..80c607b69500 100644
--- a/modules/rosa-sdpolicy-am-support.adoc
+++ b/modules/rosa-sdpolicy-am-support.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sdpolicy-support_{context}"]
 = Support
 
diff --git a/modules/rosa-sdpolicy-networking.adoc b/modules/rosa-sdpolicy-networking.adoc
index dc84edf0533d..f6fb083e866d 100644
--- a/modules/rosa-sdpolicy-networking.adoc
+++ b/modules/rosa-sdpolicy-networking.adoc
@@ -2,17 +2,26 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
 
 [id="rosa-sdpolicy-networking_{context}"]
 = Networking
 
-
 This section provides information about the service definition for {product-title} networking.
 
 [id="rosa-sdpolicy-custom-domains_{context}"]
 == Custom domains for applications
 To use a custom hostname for a route, you must update your DNS provider by creating a canonical name (CNAME) record. Your CNAME record should map the OpenShift canonical router hostname to your custom domain. The OpenShift canonical router hostname is shown on the _Route Details_ page after a route is created. Alternatively, a wildcard CNAME record can be created once to route all subdomains for a given hostname to the cluster's router.
 
+[NOTE]
+====
+Starting with {product-title} 4.14, the Custom Domain Operator is deprecated. To manage Ingress in {product-title} 4.14 or later, use the Ingress Operator. The functionality is unchanged for {product-title} 4.13 and earlier versions.
+====
+
 [id="rosa-sdpolicy-validated-certificates_{context}"]
 == Domain validated certificates
 {product-title} includes TLS security certificates needed for both internal and external services on the cluster. For external routes, there are two separate TLS wildcard certificates that are provided and installed on each cluster: one is for the web console and route default hostnames, and the other is for the API endpoint. Let’s Encrypt is the certificate authority used for certificates. Routes within the cluster, such as the internal link:https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod[API endpoint], use TLS certificates signed by the cluster's built-in certificate authority and require the CA bundle available in every pod for trusting the TLS certificate.
@@ -23,6 +32,11 @@ To use a custom hostname for a route, you must update your DNS provider by creat
 
 [id="rosa-sdpolicy-load-balancers_{context}"]
 == Load balancers
+
+ifdef::rosa-with-hcp[]
+{hcp-title-first} only deploys load balancers fro the default ingress controller. All other load balancers can be optionally deployed by a customer for secondary ingress controllers or Service load balancers.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 {product-title} uses up to five different load balancers:
 
 - An internal control plane load balancer that is internal to the cluster and used to balance traffic for internal cluster communications.
@@ -31,6 +45,8 @@ To use a custom hostname for a route, you must update your DNS provider by creat
 - A default external router/ingress load balancer that is the default application load balancer, denoted by `apps` in the URL. The default load balancer can be configured in {cluster-manager} to be either publicly accessible over the Internet or only privately accessible over a pre-existing private connection. All application routes on the cluster are exposed on this default router load balancer, including cluster services such as the logging UI, metrics API, and registry.
 - Optional: A secondary router/ingress load balancer that is a secondary application load balancer, denoted by `apps2` in the URL. The secondary load balancer can be configured in {cluster-manager} to be either publicly accessible over the Internet or only privately accessible over a pre-existing private connection. If a `Label match` is configured for this router load balancer, then only application routes matching this label are exposed on this router load balancer; otherwise, all application routes are also exposed on this router load balancer.
 - Optional: Load balancers for services. Enable non-HTTP/SNI traffic and non-standard ports for services. These load balancers can be mapped to a service running on {product-title} to enable advanced ingress features, such as non-HTTP/SNI traffic or the use of non-standard ports. Each AWS account has a quota which link:https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-limits.html[limits the number of Classic Load Balancers] that can be used within each cluster.
+endif::rosa-with-hcp[]
+
 
 [id="rosa-sdpolicy-cluster-ingress_{context}"]
 == Cluster ingress
@@ -42,7 +58,12 @@ All cluster ingress traffic will go through the defined load balancers. Direct a
 
 [id="rosa-sdpolicy-cluster-egress_{context}"]
 == Cluster egress
-Pod egress traffic control through `EgressNetworkPolicy` objects can be used to prevent or limit outbound traffic in {product-title}.
+Pod egress traffic control through `EgressNetworkPolicy` objects can be used to prevent or limit outbound traffic in
+ifdef::rosa-with-hcp[]
+{hcp-title-first}.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}.
 
 Public outbound traffic from the control plane and infrastructure nodes is required and necessary to maintain cluster image security and cluster monitoring. This requires that the `0.0.0.0/0` route belongs only to the Internet gateway; it is not possible to route this range over private connections.
 
@@ -53,10 +74,11 @@ Customers can determine their public static IP addresses by running a pod on the
 ----
 $ oc run ip-lookup --image=busybox -i -t --restart=Never --rm -- /bin/sh -c "/bin/nslookup -type=a myip.opendns.com resolver1.opendns.com | grep -E 'Address: [0-9.]+'"
 ----
+endif::rosa-with-hcp[]
 
 [id="rosa-sdpolicy-cloud-network-config_{context}"]
 == Cloud network configuration
-{Product-title} allows for the configuration of a private network connection through AWS-managed technologies:
+{Product-title} allows for the configuration of a private network connection through AWS-managed technologies, such as:
 
 - VPN connections
 - VPC peering
@@ -78,3 +100,6 @@ For {product-title} clusters that have a private cloud network configuration, a
 Network verification checks run automatically when you deploy a {product-title} cluster into an existing Virtual Private Cloud (VPC) or create an additional machine pool with a subnet that is new to your cluster. The checks validate your network configuration and highlight errors, enabling you to resolve configuration issues prior to deployment.
 
 You can also run the network verification checks manually to validate the configuration for an existing cluster.
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/rosa-sdpolicy-platform.adoc b/modules/rosa-sdpolicy-platform.adoc
index e239760549ec..28a6e7fe17dc 100644
--- a/modules/rosa-sdpolicy-platform.adoc
+++ b/modules/rosa-sdpolicy-platform.adoc
@@ -2,23 +2,42 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
 
-:_content-type: ASSEMBLY
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
+
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sdpolicy-platform_{context}"]
 = Platform
 :productwinc: Red Hat OpenShift support for Windows Containers
 
-This section provides information about the service definition for the {product-title} (ROSA) platform.
+This section provides information about the service definition for the
+ifdef::rosa-with-hcp[]
+{hcp-title-first} platform.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title} (ROSA) platform.
+endif::rosa-with-hcp[]
 
 [id="rosa-sdpolicy-backup-policy_{context}"]
 == Cluster backup policy
 
 [IMPORTANT]
 ====
-It is critical that customers have a backup plan for their applications and application data. The table below only applies to clusters created with IAM user credentials.
+Red Hat does not provide a backup method for ROSA clusters with STS, which is the default. It is critical that customers have a backup plan for their applications and application data. 
+ifndef::rosa-with-hcp[]
+The table below only applies to clusters created with IAM user credentials.
+endif::rosa-with-hcp[]
 ====
 
-Application and application data backups are not a part of the {product-title} service.
+Application and application data backups are not a part of the
+ifdef::rosa-with-hcp[]
+{hcp-title-first} service.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title} service.
 The following table outlines the cluster backup policy.
 
 //Verify if the corresponding tables in policy-incident.adoc and rosa-policy-incident.adoc also need to be updated.
@@ -31,15 +50,14 @@ The following table outlines the cluster backup policy.
 |Retention
 |Notes
 
-.2+|Full object store backup, all cluster persistent volumes (PVs)
+.2+|Full object store backup
 |Daily
 |7 days
-.2+|This is a full backup of all Kubernetes objects like etcd, as well as all PVs in the cluster.
+.2+|This is a full backup of all Kubernetes objects like etcd. No persistent volumes (PVs) are backed up in this backup schedule.
 
 |Weekly
 |30 days
 
-
 |Full object store backup
 |Hourly
 |24 hour
@@ -51,19 +69,31 @@ The following table outlines the cluster backup policy.
 |Nodes are considered to be short-term. Nothing critical should be stored on a node's root volume.
 
 |===
+endif::rosa-with-hcp[]
 
 [id="rosa-sdpolicy-autoscaling_{context}"]
 == Autoscaling
-Node autoscaling is available on {product-title}. You can configure the autoscaler option to automatically scale the number of machines in a cluster.
+Node autoscaling is available on
+ifdef::rosa-with-hcp[]
+{hcp-title-first}.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}.
+endif::rosa-with-hcp[]
+You can configure the autoscaler option to automatically scale the number of machines in a cluster.
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[About autoscaling nodes on a cluster]
 
-
 [id="rosa-sdpolicy-daemonsets_{context}"]
 == Daemonsets
-Customers can create and run daemonsets on {product-title}. To restrict daemonsets to only running on worker nodes, use the following `nodeSelector`:
+Customers can create and run daemonsets on
+ifdef::rosa-with-hcp[]
+{hcp-title-first}.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}. To restrict daemonsets to only running on worker nodes, use the following `nodeSelector`:
 [source,yaml]
 ----
 ...
@@ -72,22 +102,42 @@ spec:
     role: worker
 ...
 ----
+endif::rosa-with-hcp[]
 
 [id="rosa-sdpolicy-multiple-availability-zone_{context}"]
 == Multiple availability zone
+
+ifdef::rosa-with-hcp[]
+Control plane components are always deployed across multiple availability zones, regardless of a customer's worker node configuration.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 In a multiple availability zone cluster, control plane nodes are distributed across availability zones and at least one worker node is required in each availability zone.
+endif::rosa-with-hcp[]
 
 [id="rosa-sdpolicy-node-labels_{context}"]
 == Node labels
-Custom node labels are created by Red Hat during node creation and cannot be changed on {product-title} clusters at this time. However, custom labels are supported when creating new machine pools.
+Custom node labels are created by Red Hat during node creation and cannot be changed on
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+clusters at this time. However, custom labels are supported when creating new machine pools.
 
 [id="rosa-sdpolicy-openshift-version_{context}"]
 == OpenShift version
-{product-title} is run as a service and is kept up to date with the latest OpenShift Container Platform version. Upgrade scheduling to the latest version is available.
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+is run as a service and is kept up to date with the latest OpenShift Container Platform version. Upgrade scheduling to the latest version is available.
 
 [id="rosa-sdpolicy-upgrades_{context}"]
 == Upgrades
-Upgrades can be scheduled using the {product-title} (ROSA) CLI, `rosa`, or through {cluster-manager}.
+Upgrades can be scheduled using the ROSA CLI, `rosa`, or through {cluster-manager}.
 
 See the link:https://docs.openshift.com/rosa/rosa_policy/rosa-life-cycle.html[{product-title} Life Cycle] for more information on the upgrade policy and procedures.
 
@@ -97,11 +147,23 @@ See the link:https://docs.openshift.com/rosa/rosa_policy/rosa-life-cycle.html[{p
 
 [id="rosa-sdpolicy-container-engine_{context}"]
 == Container engine
-{product-title} runs on OpenShift 4 and uses link:https://www.redhat.com/en/blog/red-hat-openshift-container-platform-4-now-defaults-cri-o-underlying-container-engine[CRI-O] as the only available container engine.
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+runs on OpenShift 4 and uses link:https://www.redhat.com/en/blog/red-hat-openshift-container-platform-4-now-defaults-cri-o-underlying-container-engine[CRI-O] as the only available container engine.
 
 [id="rosa-sdpolicy-operating-system_{context}"]
 == Operating system
-{product-title} runs on OpenShift 4 and uses Red Hat CoreOS as the operating system for all control plane and worker nodes.
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+runs on OpenShift 4 and uses Red Hat CoreOS as the operating system for all control plane and worker nodes.
 
 [id="rosa-sdpolicy-red-hat-operator_{context}"]
 == Red Hat Operator support
@@ -117,4 +179,8 @@ Red Hat workloads typically refer to Red Hat-provided Operators made available t
 
 [id="rosa-sdpolicy-kubernetes-operator_{context}"]
 == Kubernetes Operator support
-All Operators listed in the Operator Hub marketplace should be available for installation. These operators are considered customer workloads, and are not monitored by Red Hat SRE.
+All Operators listed in the OperatorHub marketplace should be available for installation. These Operators are considered customer workloads, and are not monitored by Red Hat SRE.
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/rosa-sdpolicy-security.adoc b/modules/rosa-sdpolicy-security.adoc
index 1bc29e5a2ce8..d1ab8f0b80a2 100644
--- a/modules/rosa-sdpolicy-security.adoc
+++ b/modules/rosa-sdpolicy-security.adoc
@@ -1,21 +1,34 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
 
 [id="rosa-sdpolicy-security_{context}"]
 = Security
 
-This section provides information about the service definition for {product-title} security.
+This section provides information about the service definition for
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+security.
 
 [id="rosa-sdpolicy-auth-provider_{context}"]
 == Authentication provider
-Authentication for the cluster can be configured using either {cluster-manager-url} or cluster creation process or using the {product-title} (ROSA) CLI, `rosa`. ROSA is not an identity provider, and all access to the cluster must be managed by the customer as part of their integrated solution. The use of multiple identity providers provisioned at the same time is supported. The following identity providers are supported:
+Authentication for the cluster can be configured using either {cluster-manager-url} or cluster creation process or using the ROSA CLI, `rosa`. ROSA is not an identity provider, and all access to the cluster must be managed by the customer as part of their integrated solution. The use of multiple identity providers provisioned at the same time is supported. The following identity providers are supported:
 
 - GitHub or GitHub Enterprise
 - GitLab
 - Google
 - LDAP
 - OpenID Connect
+- htpasswd
 
 [id="rosa-sdpolicy-privileged-containers_{context}"]
 == Privileged containers
@@ -23,17 +36,39 @@ Privileged containers are available for users with the `cluster-admin` role. Usa
 
 [id="rosa-sdpolicy-customer-admin-user_{context}"]
 == Customer administrator user
-In addition to normal users, {product-title} provides access to an {product-title}-specific group called `dedicated-admin`. Any users on the cluster that are members of the `dedicated-admin` group:
+In addition to normal users,
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+provides access to an
+ifdef::rosa-with-hcp[]
+{hcp-title}-specific
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+ROSA-specific
+endif::rosa-with-hcp[]
+group called `dedicated-admin`. Any users on the cluster that are members of the `dedicated-admin` group:
 
 - Have administrator access to all customer-created projects on the cluster.
 - Can manage resource quotas and limits on the cluster.
 - Can add and manage `NetworkPolicy` objects.
 - Are able to view information about specific nodes and PVs in the cluster, including scheduler information.
 - Can access the reserved `dedicated-admin` project on the cluster, which allows for the creation of service accounts with elevated privileges and also gives the ability to update default limits and quotas for projects on the cluster.
+- Can install Operators from OperatorHub and perform all verbs in all `*.operators.coreos.com` API groups.
 
 [id="rosa-sdpolicy-cluster-admin-role_{context}"]
 == Cluster administration role
-The administrator of {product-title} has default access to the `cluster-admin` role for your organization's cluster. While logged into an account with the `cluster-admin` role, users have increased permissions to run privileged security contexts.
+The administrator of
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+has default access to the `cluster-admin` role for your organization's cluster. While logged into an account with the `cluster-admin` role, users have increased permissions to run privileged security contexts.
 
 [id="rosa-sdpolicy-project-self-service_{context}"]
 == Project self-service
@@ -51,7 +86,13 @@ $ oc adm policy add-cluster-role-to-group self-provisioner system:authenticated:
 
 [id="rosa-sdpolicy-regulatory-compliance_{context}"]
 == Regulatory compliance
+
+ifdef::rosa-with-hcp[]
+{hcp-title} is currently in the process of obtaining compliance certifications.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 See Understanding process and security for ROSA for the latest compliance information.
+endif::rosa-with-hcp[]
 
 [id="rosa-sdpolicy-network-security_{context}"]
 == Network security
@@ -60,9 +101,23 @@ With {product-title}, AWS provides a standard DDoS protection on all load balanc
 [id="rosa-sdpolicy-etcd-encryption_{context}"]
 == etcd encryption
 
-In {product-title}, the control plane storage is encrypted at rest by default and this includes encryption of the etcd volumes. This storage-level encryption is provided through the storage layer of the cloud provider.
-
+In
+ifdef::rosa-with-hcp[]
+{hcp-title-first},
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title},
+endif::rosa-with-hcp[]
+the control plane storage is encrypted at rest by default and this includes encryption of the etcd volumes. This storage-level encryption is provided through the storage layer of the cloud provider.
+
+ifdef::rosa-with-hcp[]
+The etcd database is always encrypted by default. Customers might opt to provide their own custom AWS KMS keys for the purpose of encrypting the etcd database.
+
+Etcd encryption will encrypt the following Kubernetes API server and OpenShift API server resources:
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
 You can also enable etcd encryption, which encrypts the key values in etcd, but not the keys. If you enable etcd encryption, the following Kubernetes API server and OpenShift API server resources are encrypted:
+endif::rosa-with-hcp[]
 
 * Secrets
 * Config maps
@@ -70,9 +125,15 @@ You can also enable etcd encryption, which encrypts the key values in etcd, but
 * OAuth access tokens
 * OAuth authorize tokens
 
+ifndef::rosa-with-hcp[]
 The etcd encryption feature is not enabled by default and it can be enabled only at cluster installation time. Even with etcd encryption enabled, the etcd key values are accessible to anyone with access to the control plane nodes or `cluster-admin` privileges.
 
 [IMPORTANT]
 ====
 By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Red Hat recommends that you enable etcd encryption only if you specifically require it for your use case.
 ====
+endif::rosa-with-hcp[]
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
diff --git a/modules/rosa-sdpolicy-storage.adoc b/modules/rosa-sdpolicy-storage.adoc
index fafc5def1ff4..3125c3839b36 100644
--- a/modules/rosa-sdpolicy-storage.adoc
+++ b/modules/rosa-sdpolicy-storage.adoc
@@ -2,16 +2,34 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
+// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:rosa-with-hcp:
+endif::[]
 
 [id="rosa-sdpolicy-storage_{context}"]
 = Storage
 
-
-This section provides information about the service definition for {product-title} storage.
+This section provides information about the service definition for
+ifdef::rosa-with-hcp[]
+{hcp-title-first}
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}
+endif::rosa-with-hcp[]
+storage.
 
 [id="rosa-sdpolicy-encrytpted-at-rest-storage_{context}"]
 == Encrypted-at-rest OS and node storage
-Control plane, infrastructure, and worker nodes use encrypted-at-rest AWS Elastic Block Store (EBS) storage.
+
+ifdef::rosa-with-hcp[]
+Worker
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+Control plane, infrastructure, and worker
+endif::rosa-with-hcp[]
+nodes use encrypted-at-rest Amazon Elastic Block Store (Amazon EBS) storage.
 
 [id="rosa-sdpolicy-encrytpted-at-rest-pv_{context}"]
 == Encrypted-at-rest PV
@@ -19,7 +37,7 @@ EBS volumes that are used for PVs are encrypted-at-rest by default.
 
 [id="rosa-sdpolicy-block-storage_{context}"]
 == Block storage (RWO)
-Persistent volumes (PVs) are backed by AWS EBS, which is Read-Write-Once.
+Persistent volumes (PVs) are backed by Amazon Elastic Block Store (Amazon EBS), which is Read-Write-Once.
 
 PVs can be attached only to a single node at a time and are specific to the availability zone in which they were provisioned. However, PVs can be attached to any node in the availability zone.
 
@@ -27,4 +45,15 @@ Each cloud provider has its own limits for how many PVs can be attached to a sin
 
 == Shared Storage (RWX)
 
-The AWS CSI Driver can be used to provide RWX support for {product-title}. A community Operator is provided to simplify setup. See link:https://access.redhat.com/articles/5025181[AWS EFS Setup for OpenShift Dedicated and Red Hat OpenShift Service on AWS] for details. 
+The AWS CSI Driver can be used to provide RWX support for
+ifdef::rosa-with-hcp[]
+{hcp-title-first}.
+endif::rosa-with-hcp[]
+ifndef::rosa-with-hcp[]
+{product-title}.
+endif::rosa-with-hcp[]
+A community Operator is provided to simplify setup. See link:https://access.redhat.com/articles/5025181[Amazon Elastic File Storage Setup for OpenShift Dedicated and Red Hat OpenShift Service on AWS] for details.
+
+ifeval::["{context}" == "rosa-hcp-service-definition"]
+:!rosa-with-hcp:
+endif::[]
\ No newline at end of file
diff --git a/modules/rosa-setting-the-aws-security-token-version.adoc b/modules/rosa-setting-the-aws-security-token-version.adoc
index 552f8d5ebb7d..3d14a3353a64 100644
--- a/modules/rosa-setting-the-aws-security-token-version.adoc
+++ b/modules/rosa-setting-the-aws-security-token-version.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-setting-the-aws-security-token-version_{context}"]
 = Setting the AWS security token version
 
diff --git a/modules/rosa-setting-up-cli.adoc b/modules/rosa-setting-up-cli.adoc
index 640d72e61759..0bef29a58613 100644
--- a/modules/rosa-setting-up-cli.adoc
+++ b/modules/rosa-setting-up-cli.adoc
@@ -4,11 +4,11 @@
 // * rosa_cli/rosa-get-started-cli.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-setting-up-cli_{context}"]
 = Setting up the ROSA CLI
 
-Use the following steps to install and configure the {product-title} (ROSA) CLI, `rosa`, on your installation host.
+Use the following steps to install and configure the ROSA CLI (`rosa`) on your installation host.
 
 .Procedure
 
diff --git a/modules/rosa-sharing-vpc-cluster-creation.adoc b/modules/rosa-sharing-vpc-cluster-creation.adoc
new file mode 100644
index 000000000000..0b3516263419
--- /dev/null
+++ b/modules/rosa-sharing-vpc-cluster-creation.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * networking/rosa-shared-vpc-config.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-sharing-vpc-cluster-creation_{context}"]
+= Step Four - Cluster Creator: Creating your cluster in a shared VPC
+To create a cluster in a shared VPC, complete the following steps.
+
+[NOTE]
+====
+Installing a cluster in a shared VPC is supported only for OpenShift 4.12.34 and later, 4.13.10 and later, and all future 4.y-streams.
+====
+
+image::372_OpenShift_on_AWS_persona_worflows_0923_4.png[]
+.Prerequisites
+
+* You have the hosted zone ID from the *VPC Owner*.
+* You have the AWS region from the *VPC Owner*.
+* You have the subnet IDs from the *VPC Owner*.
+* You have the `SharedVPCRole` ARN from the *VPC Owner*.
+
+.Procedure
+* In a terminal, enter the following command to create the shared VPC:
++
+[source,terminal]
+----
+rosa create cluster --cluster-name <cluster_name> --sts --operator-roles-prefix <prefix> --oidc-config-id <oidc_config_id> --region us-east-1 --subnet-ids <subnet_ids> --private-hosted-zone-id <hosted_zone_ID> --shared-vpc-role-arn <vpc-role-arn> --base-domain <dns-domain>
+----
\ No newline at end of file
diff --git a/modules/rosa-sharing-vpc-creation-and-sharing.adoc b/modules/rosa-sharing-vpc-creation-and-sharing.adoc
new file mode 100644
index 000000000000..2b48517101e9
--- /dev/null
+++ b/modules/rosa-sharing-vpc-creation-and-sharing.adoc
@@ -0,0 +1,108 @@
+// Module included in the following assemblies:
+//
+// * networking/rosa-shared-vpc-config.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-sharing-vpc-creation-and-sharing_{context}"]
+= Step One - VPC Owner: Configuring a VPC to share within your AWS organization
+
+You can share subnets within a configured VPC with another AWS user account if that account is within your current AWS organization.
+
+image::372_OpenShift_on_AWS_persona_worflows_0923_1.png[]
+.Procedure
+
+. Create or modify a VPC to your specifications in the link:https://us-east-1.console.aws.amazon.com/vpc/[VPC section of the AWS console].
++
+. Create a custom policy file to allow for necessary shared VPC permissions that uses the name `SharedVPCPolicy`:
++
+[source,terminal]
+----
+$ cat <<EOF > /tmp/shared-vpc-policy.json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ChangeResourceRecordSets",
+                "route53:ListHostedZones",
+                "route53:ListHostedZonesByName",
+                "route53:ListResourceRecordSets",
+                "route53:ChangeTagsForResource",
+                "route53:GetAccountLimit",
+                "route53:GetChange",
+                "route53:GetHostedZone",
+                "route53:ListTagsForResource",
+                "route53:UpdateHostedZoneComment",
+                "tag:GetResources",
+                "tag:UntagResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+----
++
+. Create the policy in AWS:
++
+[source,terminal]
+----
+$ aws iam create-policy \
+    --policy-name SharedVPCPolicy \
+    --policy-document file:///tmp/shared-vpc-policy.json
+----
++
+You will attach this policy to a role necessary for the shared VPC permissions.
++
+. Create a custom trust policy file that grants permission to assume roles:
++
+[source,terminal]
+----
+$ cat <<EOF > /tmp/shared-vpc-role.json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::<Account-ID>:root"  <1>
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+----
++
+--
+<1> The principal will be scoped down after the *Cluster Creator* creates the necessary cluster roles. On creation, you must create a root user placeholder by using the *Cluster Creator's* AWS account ID as `arn:aws:iam::{Account}:root`.
+--
++
+. Create the IAM role:
++
+[source,terminal]
+----
+$ aws iam create-role --role-name <role_name> \  <1>
+    --assume-role-policy-document file:///tmp/shared-vpc-role.json
+----
++
+--
+<1> Replace _<role_name>_ with the name of the role you want to create.
+--
++
+. Attach the custom `SharedVPCPolicy` permissions policy:
++
+[source, terminal]
+----
+$ aws iam attach-role-policy --role-name <role_name> --policy-arn \  <1>
+    arn:aws:iam::<AWS_account_ID>:policy/SharedVPCPolicy  <2>
+----
++
+--
+<1> Replace _<role_name>_ with the name of the role you created.
+<2> Replace _<AWS_account_ID>_ with the *VPC Owner's* AWS account ID.
+--
++
+
+. Provide the `SharedVPCRole` ARN to the *Cluster Creator* to continue configuration.
diff --git a/modules/rosa-sharing-vpc-dns-and-roles.adoc b/modules/rosa-sharing-vpc-dns-and-roles.adoc
new file mode 100644
index 000000000000..ae16900e7fb0
--- /dev/null
+++ b/modules/rosa-sharing-vpc-dns-and-roles.adoc
@@ -0,0 +1,82 @@
+// Module included in the following assemblies:
+//
+// * networking/rosa-shared-vpc-config.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-sharing-vpc-dns-and-roles_{context}"]
+= Step Two - Cluster Creator: Reserving your DNS and creating cluster operator roles
+
+After the *VPC Owner* creates a virtual private cloud, subnets, and an IAM role for sharing the VPC resources, reserve an `openshiftapps.com` DNS domain and create Operator roles to communicate back to the *VPC Owner*.
+
+[NOTE]
+====
+For shared VPC clusters, you can choose to create the Operator roles after the cluster creation steps. The cluster will be in a `waiting` state until the Ingress Operator role ARN is added to the shared VPC role trusted relationships.
+====
+
+image::372_OpenShift_on_AWS_persona_worflows_0923_2.png[]
+.Prerequisites
+
+* You have the `SharedVPCRole` ARN for the IAM role from the *VPC Owner*.
+
+.Procedure
+
+. Reserve an `openshiftapps.com` DNS domain with the following command:
++
+[source,terminal]
+----
+$ rosa create dns-domain
+----
++
+The command creates a reserved `openshiftapps.com` DNS domain.
++
+[source,terminal]
+----
+I: DNS domain '14eo.p1.openshiftapps.com' has been created.
+I: To view all DNS domains, run 'rosa list dns-domains'
+----
+. Create an OIDC configuration.
++
+Review this article for more information on the link:https://access.redhat.com/articles/7031018[OIDC configuration process]. The following command produces the OIDC configuration ID that you need:
++
+[source,terminal]
+----
+$ rosa create oidc-config
+----
++
+You receive confirmation that the command created an OIDC configuration:
++
+[source,terminal]
+----
+I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
+	rosa create operator-roles --prefix <user-defined> --oidc-config-id 25tu67hq45rto1am3slpf5lq6jargg
+----
+
+. Create the Operator roles by entering the following command:
++
+[source,terminal]
+----
+$ rosa create operator-roles --oidc-config-id <oidc-config-ID> <1>
+    --installer-role-arn <Installer_Role> <2>
+    --shared-vpc-role-arn <Created_VPC_Role_Arn> <3>
+    --prefix <operator-prefix> <4>
+----
++
+--
+<1> Provide the OIDC configuration ID that you created in the previous step.
+<2> Provide your installer ARN that was created as part of the `rosa create account-roles` process.
+<3> Provide the ARN for the role that the *VPC Owner* created.
+<4> Provide a prefix for the Operator roles.
+--
++
+[NOTE]
+====
+The Installer account role and the shared VPC role must have a one-to-one relationship. If you want to create multiple shared VPC roles, you should create one set of account roles per shared VPC role.
+====
+
+. After you create the Operator roles, share the full domain name, which is created with `<intended_cluster_name>.<reserved_dns_domain>`, your _Ingress Operator Cloud Credentials_ role's ARN, and your _Installer_ role's ARN with the *VPC Owner* to continue configuration.
++
+The shared information resembles these examples:
++
+* ``my-rosa-cluster.14eo.p1.openshiftapps.com``
+* ``arn:aws:iam::111122223333:role/ManagedOpenShift-Installer-Role``
+* ``arn:aws:iam::111122223333:role/my-rosa-cluster-openshift-ingress-operator-cloud-credentials``
+
diff --git a/modules/rosa-sharing-vpc-hosted-zones.adoc b/modules/rosa-sharing-vpc-hosted-zones.adoc
new file mode 100644
index 000000000000..1b2ce1901855
--- /dev/null
+++ b/modules/rosa-sharing-vpc-hosted-zones.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * networking/rosa-shared-vpc-config.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-sharing-vpc-hosted-zones_{context}"]
+= Step Three - VPC Owner: Updating the shared VPC role and creating hosted zones
+
+After the *Cluster Creator* provides the DNS domain and the IAM roles, create a private hosted zone and update the trust policy on the IAM role that was created for sharing the VPC.
+
+image::372_OpenShift_on_AWS_persona_worflows_0923_3.png[]
+.Prerequisites
+
+* You have the full domain name from the *Cluster Creator*.
+* You have the _Ingress Operator Cloud Credentials_ role's ARN from the *Cluster Creator*.
+* You have the _Installer_ role's ARN from the *Cluster Creator*.
+
+.Procedure
+
+. In the link:https://console.aws.amazon.com/ram/[Resource Access Manager of the AWS console], create a resource share that shares the previously created public and private subnets with the *Cluster Creator's* AWS account ID.
+
+. Update the VPC sharing IAM role and add the _Installer_ and _Ingress Operator Cloud Credentials_ roles to the principal section of the trust policy.
++
+[source,terminal]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+	  "Sid": "Statement1",
+	  "Effect": "Allow",
+	  "Principal": {
+	  	"AWS": [
+          "arn:aws:iam::<Cluster-Creator's-AWS-Account-ID>:role/<prefix>-ingress-operator-cloud-credentials",
+          "arn:aws:iam::<Cluster-Creator's-AWS-Account-ID>:role/<prefix>-Installer-Role"
+        ]
+	  },
+	  "Action": "sts:AssumeRole"
+	}
+  ]
+}
+----
+. Create a private hosted zone in the link:https://us-east-1.console.aws.amazon.com/route53/v2/[Route 53 section of the AWS console]. In the hosted zone configuration, the domain name is `<cluster_name>.<reserved_dns_domain>`. The private hosted zone must be associated with the created VPC.
+. After the hosted zone is created and associated with the VPC, provide the following to the *Cluster Creator* to continue configuration:
+* Hosted zone ID
+* AWS region
+* Subnet IDs
\ No newline at end of file
diff --git a/modules/rosa-sts-about-ocm-role.adoc b/modules/rosa-sts-about-ocm-role.adoc
index e946f8c2d96e..5e4cfc9348e9 100644
--- a/modules/rosa-sts-about-ocm-role.adoc
+++ b/modules/rosa-sts-about-ocm-role.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_planning/rosa-sts-ocm-role.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-about-ocm-role_{context}"]
 = About the ocm-role IAM resource
 
diff --git a/modules/rosa-sts-about-operator-role-prefixes.adoc b/modules/rosa-sts-about-operator-role-prefixes.adoc
index 8631c172f2ec..b39564ac11d9 100644
--- a/modules/rosa-sts-about-operator-role-prefixes.adoc
+++ b/modules/rosa-sts-about-operator-role-prefixes.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_architecture/rosa-sts-about-iam-resources.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-about-operator-role-prefixes_{context}"]
 = About custom Operator IAM role prefixes
 
diff --git a/modules/rosa-sts-about-user-role.adoc b/modules/rosa-sts-about-user-role.adoc
index 478103ef8f0d..4633c80457d0 100644
--- a/modules/rosa-sts-about-user-role.adoc
+++ b/modules/rosa-sts-about-user-role.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_planning/rosa-sts-ocm-role.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-about-user-role_{context}"]
 = About the user-role IAM role
 
diff --git a/modules/rosa-sts-account-roles-terraform.adoc b/modules/rosa-sts-account-roles-terraform.adoc
new file mode 100644
index 000000000000..dd0e45240abe
--- /dev/null
+++ b/modules/rosa-sts-account-roles-terraform.adoc
@@ -0,0 +1,246 @@
+// Module included in the following assemblies:
+//
+// * rosa_planning/rosa-understanding-terraform.adoc
+ifeval::["{context}" == "rosa-understanding-terraform"]
+:tf-full:
+endif::[]
+:_mod-docs-content-type: PROCEDURE
+
+[id="sd-terraform-account-roles_{context}"]
+ifdef::tf-full[]
+= Account roles Terraform example
+endif::tf-full[]
+ifndef::tf-full[]
+= Creating your account-wide IAM roles with Terraform
+endif::tf-full[]
+
+The following example shows how Terraform can be used to create your Amazon Web Services (AWS) Identity and Access Management (IAM) account roles for ROSA.
+
+[NOTE]
+====
+If you want to edit the Terraform files, you can use any text editor. You must re-run the `terraform init` and `terraform apply` commands if you change any values in the files.
+====
+
+.Procedure
+
+. Check your AWS account for existing roles and policies by running the following command:
++
+[source,terminal]
+----
+$ rosa list account-roles
+----
++
+
+. In your terminal, run the following command to export link:https://console.redhat.com/openshift/token[your {cluster-manager-first} token]. This value must include the full {cluster-manager} token:
++
+[source,terminal]
+----
+$ export RHCS_TOKEN="<your_offline_token>"
+----
++
+You can verify that your token is saved by running the following command:
++
+[source,terminal]
+----
+$ echo $RHCS_TOKEN
+----
++
+You see your token in the command line.
+
+. Optional: You can specify your own account-role prefix that prepends the roles you create by running the following command:
++
+[NOTE]
+====
+If you do not specify an account-role prefix, a prefix is generated in the format of `account-role-` followed by a string of four random characters.
+====
++
+[source,terminal]
+----
+$ export TF_VAR_account_role_prefix=<account_role_prefix>
+----
+
+. Create the Terraform files locally by using the following code templates:
++
+[NOTE]
+====
+These files are created in your current directory. Ensure that you are in the directory where you want to run Terraform.
+====
+
+.. The `main.tf` file calls the Red Hat Cloud Services Terraform provider, which allows you to use OpenShift services with Terraform. Run the following command to create the `main.tf` file:
++
+[source,terminal]
+----
+$ cat<<-EOF>main.tf
+  #
+  # Copyright (c) 2022 Red Hat, Inc.
+  #
+  # Licensed under the Apache License, Version 2.0 (the "License");
+  # you may not use this file except in compliance with the License.
+  # You may obtain a copy of the License at
+  #
+  #   http://www.apache.org/licenses/LICENSE-2.0
+  #
+  # Unless required by applicable law or agreed to in writing, software
+  # distributed under the License is distributed on an "AS IS" BASIS,
+  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  # See the License for the specific language governing permissions and
+  # limitations under the License.
+  #
+
+  terraform {
+    required_providers {
+      aws = {
+        source  = "hashicorp/aws"
+        version = ">= 4.20.0"
+      }
+      rhcs = {
+        version = "1.4.0"
+        source  = "terraform-redhat/rhcs"
+      }
+    }
+  }
+
+  data "rhcs_policies" "all_policies" {}
+
+  data "rhcs_versions" "all" {}
+
+  module "create_account_roles" {
+    source  = "terraform-redhat/rosa-sts/aws"
+    version = "0.0.15"
+
+    create_operator_roles = false
+    create_oidc_provider  = false
+    create_account_roles  = true
+
+    account_role_prefix    = var.account_role_prefix
+    rosa_openshift_version = var.openshift_version
+    account_role_policies  = data.rhcs_policies.all_policies.account_role_policies
+    operator_role_policies = data.rhcs_policies.all_policies.operator_role_policies
+    all_versions           = data.rhcs_versions.all
+    tags                   = var.tags
+  }
+EOF
+----
+
+.. You define the account role prefix structure in the `output.tf` file. This output definition allows you to specify how the various generated roles are constructed. Run the following command to create your `output.tf` file:
++
+[source,terminal]
+----
+$ cat<<-EOF>output.tf
+  output "account_role_prefix" {
+    value = module.create_account_roles.account_role_prefix
+  }
+EOF
+----
+
+.. The `variables.tf` allows you to specify values you want for select variables. If you exported a variable for the `account_role_prefix` earlier, leave this variable's default value blank. Setting the variable in both places with different values can produce unexpected results. Run the following command to create your `variables.tf` file:
++
+[IMPORTANT]
+====
+Do not include your {cluster-manager} token in this file if it is not stored in a safe location.
+====
++
+[source,terminal]
+----
+$ cat<<-EOF>variables.tf
+  variable "openshift_version" {
+    type = string
+    default = "4.13"
+    description = "Enter the desired OpenShift version as X.Y. This version should match what you intend for your ROSA cluster. For example, if you plan to create a ROSA cluster using '4.13.10', then this version should be '4.13'. You can see the supported versions of OpenShift by running 'rosa list version'."
+  }
+
+  variable "account_role_prefix" {
+    type    = string
+    default = ""
+    description = "Your account roles are prepended with whatever value you enter here. The default value in the ROSA CLI is 'ManagedOpenshift-' before all of your account roles."
+  }
+
+  variable "tags" { <1>
+    type        = map
+    default     = null
+    description = "(Optional) List of AWS resource tags to apply."
+  }
+EOF
+----
++
+--
+<1> The `tags` parameter uses a map of strings variable. The format that it takes looks like the following example:
++
+[source,terraform]
+----
+variable "tags" {
+  type    = "map"
+  default = {
+    "us-east-1" = "image-1234"
+    "us-west-2" = "image-4567"
+  }
+}
+----
+--
+. In the directory where you saved these Terraform files, run the following command to set up Terraform to create these resources:
++
+[source,terminal]
+----
+$ terraform init
+----
+. Optional: Run the following command to confirm that the Terraform code you copied is correct:
++
+[source,terminal]
+----
+$ terraform validate
+----
++
+.Sample output
++
+[source,terminal]
+----
+Success! The configuration is valid.
+----
+. Optional: Test your Terraform template and create a reusable Terraform plan file by running the following command:
++
+[source,terminal]
+----
+$ terraform plan -out account-roles.tfplan
+----
+. Run the following command to build your account-wide IAM roles with Terraform:
++
+[source,terminal]
+----
+$ terraform apply "account-roles.tfplan"
+----
++
+[NOTE]
+====
+If you used the `terraform plan` command first, you can provide your created `account-roles.tf` file here. Otherwise, Terraform temporarily creates this plan before it applies your desired outcome.
+====
+
+.Verification
+* Run the following command to verify that your account-roles have been created:
++
+[source,terminal]
+----
+$ rosa list account-roles
+----
++
+.Sample output
+
+[source,terminal]
+----
+I: Fetching account roles
+ROLE NAME                            ROLE TYPE      ROLE ARN                                                            OPENSHIFT VERSION  AWS Managed
+account-role-6kn4-ControlPlane-Role  Control plane  arn:aws:iam::269733383066:role/account-role-6kn4-ControlPlane-Role  4.13               No
+account-role-6kn4-Installer-Role     Installer      arn:aws:iam::269733383066:role/account-role-6kn4-Installer-Role     4.13               No
+account-role-6kn4-Support-Role       Support        arn:aws:iam::269733383066:role/account-role-6kn4-Support-Role       4.13               No
+account-role-6kn4-Worker-Role        Worker         arn:aws:iam::269733383066:role/account-role-6kn4-Worker-Role        4.13               No
+----
+
+.Clean up
+
+When you are finished using the resources that you created using Terraform, you should purge these resources with the following command:
+[source,terminal]
+----
+$ terraform destroy
+----
+ifeval::["{context}" == "rosa-understanding-terraform"]
+:!tf-full:
+endif::[]
diff --git a/modules/rosa-sts-account-wide-role-and-policy-commands.adoc b/modules/rosa-sts-account-wide-role-and-policy-commands.adoc
index 1194e4f7b4a8..222ac3591115 100644
--- a/modules/rosa-sts-account-wide-role-and-policy-commands.adoc
+++ b/modules/rosa-sts-account-wide-role-and-policy-commands.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_architecture/rosa-sts-about-iam-resources.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-account-wide-role-and-policy-aws-cli_{context}"]
 = Account-wide IAM role and policy AWS CLI reference
 
@@ -11,7 +11,7 @@ This section lists the `aws` CLI commands that the `rosa` command generates in t
 [id="rosa-sts-account-wide-role-and-policy-aws-cli-manual-mode_{context}"]
 == Using manual mode for account role creation
 
-The manual role creation mode generates the `aws` commands for you to review and run. The following command starts that process:
+The manual role creation mode generates the `aws` commands for you to review and run. The following command starts that process, where `<openshift_version>` refers to your version of {product-title} (ROSA), such as `4.15`.
 
 [source,terminal]
 ----
@@ -29,7 +29,7 @@ The provided command examples include the `ManagedOpenShift` prefix. The `Manage
 aws iam create-role \
 	--role-name ManagedOpenShift-Installer-Role \
 	--assume-role-policy-document file://sts_installer_trust_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=installer
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=installer
 
 aws iam put-role-policy \
 	--role-name ManagedOpenShift-Installer-Role \
@@ -39,7 +39,7 @@ aws iam put-role-policy \
 aws iam create-role \
 	--role-name ManagedOpenShift-ControlPlane-Role \
 	--assume-role-policy-document file://sts_instance_controlplane_trust_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_controlplane
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_controlplane
 
 aws iam put-role-policy \
 	--role-name ManagedOpenShift-ControlPlane-Role \
@@ -49,7 +49,7 @@ aws iam put-role-policy \
 aws iam create-role \
 	--role-name ManagedOpenShift-Worker-Role \
 	--assume-role-policy-document file://sts_instance_worker_trust_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_worker
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=instance_worker
 
 aws iam put-role-policy \
 	--role-name ManagedOpenShift-Worker-Role \
@@ -59,7 +59,7 @@ aws iam put-role-policy \
 aws iam create-role \
 	--role-name ManagedOpenShift-Support-Role \
 	--assume-role-policy-document file://sts_support_trust_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=support
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=rosa_role_type,Value=support
 
 aws iam put-role-policy \
 	--role-name ManagedOpenShift-Support-Role \
@@ -69,27 +69,27 @@ aws iam put-role-policy \
 aws iam create-policy \
 	--policy-name ManagedOpenShift-openshift-ingress-operator-cloud-credentials \
 	--policy-document file://openshift_ingress_operator_cloud_credentials_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
 
 aws iam create-policy \
 	--policy-name ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credent \
 	--policy-document file://openshift_cluster_csi_drivers_ebs_cloud_credentials_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
 
 aws iam create-policy \
 	--policy-name ManagedOpenShift-openshift-machine-api-aws-cloud-credentials \
 	--policy-document file://openshift_machine_api_aws_cloud_credentials_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
 
 aws iam create-policy \
 	--policy-name ManagedOpenShift-openshift-cloud-credential-operator-cloud-crede \
 	--policy-document file://openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
 
 aws iam create-policy \
 	--policy-name ManagedOpenShift-openshift-image-registry-installer-cloud-creden \
 	--policy-document file://openshift_image_registry_installer_cloud_credentials_policy.json \
-	--tags Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
+	--tags Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
 ----
 
 [discrete]
diff --git a/modules/rosa-sts-account-wide-roles-and-policies.adoc b/modules/rosa-sts-account-wide-roles-and-policies.adoc
index 29f4ece72162..d4c81b896997 100644
--- a/modules/rosa-sts-account-wide-roles-and-policies.adoc
+++ b/modules/rosa-sts-account-wide-roles-and-policies.adoc
@@ -5,19 +5,15 @@
 [id="rosa-sts-account-wide-roles-and-policies_{context}"]
 = Account-wide IAM role and policy reference
 
-include::snippets/rosa-4-11-12-snippet.adoc[]
-
 This section provides details about the account-wide IAM roles and policies that are required for ROSA deployments that use STS, including the Operator policies. It also includes the JSON files that define the policies.
 
-The account-wide roles and policies are specific to an OpenShift minor release version, for example OpenShift 4.8, and are backward compatible. You can minimize the required STS resources by reusing the account-wide roles and policies for multiple clusters of the same minor version, regardless of their patch version.
+The account-wide roles and policies are specific to an OpenShift minor release version, for example OpenShift 4.15, and are backward compatible. You can minimize the required STS resources by reusing the account-wide roles and policies for multiple clusters of the same minor version, regardless of their patch version.
 
 [id="rosa-sts-account-wide-roles-and-policies-creation-methods_{context}"]
 == Methods of account-wide role creation
 
 You can create account-wide roles by using the {product-title} (ROSA) CLI, `rosa`, or the {cluster-manager-url} guided installation. You can create the roles manually or by using an automatic process that uses pre-defined names for these roles and polices.
 
-You can create account-wide roles by using the ROSA CLI (`rosa`). You can create the roles manually or by using an automatic process that uses pre-defined names for these roles and polices.
-
 [discrete]
 [id="rosa-sts-account-wide-roles-and-policies-creation-methods-manual_{context}"]
 === Manual ocm-role resource creation
@@ -131,6 +127,7 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "ec2:DescribeInstanceCreditSpecifications",
                 "ec2:DescribeInstances",
                 "ec2:DescribeInstanceStatus",
+                "ec2:DescribeInstanceTypeOfferings",
                 "ec2:DescribeInstanceTypes",
                 "ec2:DescribeInternetGateways",
                 "ec2:DescribeKeyPairs",
@@ -142,6 +139,7 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "ec2:DescribeReservedInstancesOfferings",
                 "ec2:DescribeRouteTables",
                 "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSecurityGroupRules",
                 "ec2:DescribeSubnets",
                 "ec2:DescribeTags",
                 "ec2:DescribeVolumes",
@@ -178,6 +176,7 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "elasticloadbalancing:DeleteTargetGroup",
                 "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                 "elasticloadbalancing:DeregisterTargets",
+                "elasticloadbalancing:DescribeAccountLimits",
                 "elasticloadbalancing:DescribeInstanceHealth",
                 "elasticloadbalancing:DescribeListeners",
                 "elasticloadbalancing:DescribeLoadBalancerAttributes",
@@ -196,6 +195,7 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "iam:CreateInstanceProfile",
                 "iam:DeleteInstanceProfile",
                 "iam:GetInstanceProfile",
+                "iam:TagInstanceProfile",
                 "iam:GetRole",
                 "iam:GetRolePolicy",
                 "iam:GetUser",
@@ -215,6 +215,7 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "route53:ChangeTagsForResource",
                 "route53:CreateHostedZone",
                 "route53:DeleteHostedZone",
+                "route53:GetAccountLimit",
                 "route53:GetChange",
                 "route53:GetHostedZone",
                 "route53:ListHostedZones",
@@ -225,13 +226,14 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "s3:CreateBucket",
                 "s3:DeleteBucket",
                 "s3:DeleteObject",
+                "s3:DeleteObjectVersion",
                 "s3:GetAccelerateConfiguration",
                 "s3:GetBucketAcl",
                 "s3:GetBucketCORS",
                 "s3:GetBucketLocation",
                 "s3:GetBucketLogging",
                 "s3:GetBucketObjectLockConfiguration",
-                "s3:GetBucketReplication",
+                "s3:GetBucketPolicy",
                 "s3:GetBucketRequestPayment",
                 "s3:GetBucketTagging",
                 "s3:GetBucketVersioning",
@@ -247,6 +249,7 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "s3:ListBucketVersions",
                 "s3:PutBucketAcl",
                 "s3:PutBucketTagging",
+                "s3:PutBucketVersioning",
                 "s3:PutEncryptionConfiguration",
                 "s3:PutObject",
                 "s3:PutObjectAcl",
@@ -263,11 +266,23 @@ The account number present in the `sts_installer_trust_policy.json` and `sts_sup
                 "ec2:DescribeVpcEndpointServiceConfigurations",
                 "ec2:DescribeVpcEndpointServicePermissions",
                 "ec2:DescribeVpcEndpointServices",
-                "ec2:ModifyVpcEndpointServicePermissions"
+                "ec2:ModifyVpcEndpointServicePermissions",
                 "kms:DescribeKey",
                 "cloudwatch:GetMetricData"
             ],
             "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "secretsmanager:GetSecretValue"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "StringEquals": {
+                    "aws:ResourceTag/red-hat-managed": "true"
+                }
+            }
         }
     ]
 }
diff --git a/modules/rosa-sts-arn-path-customization-for-iam-roles-and-policies.adoc b/modules/rosa-sts-arn-path-customization-for-iam-roles-and-policies.adoc
index 60db599537c8..bcc1f72d106c 100644
--- a/modules/rosa-sts-arn-path-customization-for-iam-roles-and-policies.adoc
+++ b/modules/rosa-sts-arn-path-customization-for-iam-roles-and-policies.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-arn-path-customization-for-iam-roles-and-policies_{context}"]
 = ARN path customization for IAM roles and policies
 
diff --git a/modules/rosa-sts-associating-your-aws-account.adoc b/modules/rosa-sts-associating-your-aws-account.adoc
index 7afb051fb758..75b0455ef1e4 100644
--- a/modules/rosa-sts-associating-your-aws-account.adoc
+++ b/modules/rosa-sts-associating-your-aws-account.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adocs
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-associating-your-aws-account_{context}"]
 = Associating your AWS account with your Red Hat organization
 
@@ -20,12 +20,12 @@ ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
 :rosa-standalone:
 endif::[]
 
-Before using the {cluster-manager-first} {hybrid-console-second} to create 
+Before using the {cluster-manager-first} {hybrid-console-second} to create
 ifdef::rosa-hcp[]
-{hcp-title} clusters 
+{hcp-title} clusters
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-{product-title} (ROSA) clusters 
+{product-title} (ROSA) clusters
 endif::rosa-hcp[]
 that use the AWS Security Token Service (STS), create an {cluster-manager} IAM role and link it to your Red Hat organization. Then, create a user IAM role and link it to your Red Hat user account in the same Red Hat organization.
 
@@ -36,7 +36,7 @@ ifdef::rosa-hcp[]
 * You have completed the AWS prerequisites for {hcp-title}.
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-* You have completed the AWS prerequisites for ROSA with STS. 
+* You have completed the AWS prerequisites for ROSA with STS.
 endif::rosa-hcp[]
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
@@ -44,12 +44,12 @@ endif::rosa-hcp[]
 +
 [NOTE]
 ====
-To successfully install  
+To successfully install
 ifdef::rosa-hcp[]
-{hcp-title} 
+{hcp-title}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-ROSA 
+ROSA
 endif::rosa-hcp[]
 clusters, use the latest version of the ROSA CLI.
 ====
@@ -63,31 +63,31 @@ endif::[]
 +
 [NOTE]
 ====
-To enable automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider using the {cluster-manager} {hybrid-console-second}, you must apply the administrative privileges to the role by choosing the _Admin OCM role_ command in the *Accounts and roles* step of creating a 
+To enable automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider using the {cluster-manager} {hybrid-console-second}, you must apply the administrative privileges to the role by choosing the _Admin OCM role_ command in the *Accounts and roles* step of creating a
 ifdef::rosa-hcp[]
-{hcp-title} 
+{hcp-title}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-ROSA 
+ROSA
 endif::rosa-hcp[]
 cluster. For more information about the basic and administrative privileges for the {cluster-manager} role, see _Understanding AWS account association_.
 ====
 +
 [NOTE]
 ====
-If you choose the _Basic OCM role_ command in the *Accounts and roles* step of creating a 
+If you choose the _Basic OCM role_ command in the *Accounts and roles* step of creating a
 ifdef::rosa-hcp[]
-{hcp-title} 
+{hcp-title}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-ROSA 
+ROSA
 endif::rosa-hcp[]
-cluster in the {cluster-manager} {hybrid-console-second}, you must deploy a 
+cluster in the {cluster-manager} {hybrid-console-second}, you must deploy a
 ifdef::rosa-hcp[]
-{hcp-title} 
+{hcp-title}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-ROSA 
+ROSA
 endif::rosa-hcp[]
 cluster using manual mode. You will be prompted to configure the cluster-specific Operator roles and the OpenID Connect (OIDC) provider in a later step.
 ====
diff --git a/modules/rosa-sts-aws-requirements-access-req.adoc b/modules/rosa-sts-aws-requirements-access-req.adoc
index 85544c102532..c25a400d6fc5 100644
--- a/modules/rosa-sts-aws-requirements-access-req.adoc
+++ b/modules/rosa-sts-aws-requirements-access-req.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-access-requirements_{context}"]
 = Access requirements
 
diff --git a/modules/rosa-sts-aws-requirements-account.adoc b/modules/rosa-sts-aws-requirements-account.adoc
index 7b7185ec217a..c0cb7bf57ce3 100644
--- a/modules/rosa-sts-aws-requirements-account.adoc
+++ b/modules/rosa-sts-aws-requirements-account.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_planning/rosa-sts-aws-prereqs.adocx
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-account_{context}"]
 = Account
 * You must ensure that the AWS limits are sufficient to support {product-title} provisioned within your AWS account. Running the `rosa verify quota` command in the CLI validates that you have the required quota to run a cluster.
diff --git a/modules/rosa-sts-aws-requirements-association-concept.adoc b/modules/rosa-sts-aws-requirements-association-concept.adoc
index 40bc4c7ac78c..c60fdf34b457 100644
--- a/modules/rosa-sts-aws-requirements-association-concept.adoc
+++ b/modules/rosa-sts-aws-requirements-association-concept.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_planning/rosa-sts-ocm-role.adoc
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-associating-concept_{context}"]
 = AWS account association
 
diff --git a/modules/rosa-sts-aws-requirements-creating-association.adoc b/modules/rosa-sts-aws-requirements-creating-association.adoc
index b17f9b6ed5da..a79f8116ae5c 100644
--- a/modules/rosa-sts-aws-requirements-creating-association.adoc
+++ b/modules/rosa-sts-aws-requirements-creating-association.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-iam-resources.adoc
 // * rosa_planning/rosa-sts-ocm-role.adoc
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-associating-account_{context}"]
 = Linking your AWS account
 
diff --git a/modules/rosa-sts-aws-requirements-creating-multi-association.adoc b/modules/rosa-sts-aws-requirements-creating-multi-association.adoc
index 68633776ffd8..aa59ebd1ee8f 100644
--- a/modules/rosa-sts-aws-requirements-creating-multi-association.adoc
+++ b/modules/rosa-sts-aws-requirements-creating-multi-association.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-iam-resources.adoc
+// * support/rosa-troubleshooting-iam-resources.adoc
 // * rosa_planning/rosa-sts-ocm-role.adoc
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-associating-multiple-account_{context}"]
 = Associating multiple AWS accounts with your Red Hat organization
 
diff --git a/modules/rosa-sts-aws-requirements-ocm.adoc b/modules/rosa-sts-aws-requirements-ocm.adoc
index 97f208716255..c429affbf157 100644
--- a/modules/rosa-sts-aws-requirements-ocm.adoc
+++ b/modules/rosa-sts-aws-requirements-ocm.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-ocm-requirements_{context}"]
 = Requirements for using {cluster-manager}
 
diff --git a/modules/rosa-sts-aws-requirements-security-req.adoc b/modules/rosa-sts-aws-requirements-security-req.adoc
index bc6ab70b2189..65634887e191 100644
--- a/modules/rosa-sts-aws-requirements-security-req.adoc
+++ b/modules/rosa-sts-aws-requirements-security-req.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-security-requirements_{context}"]
 = Security requirements
 * Red Hat must have ingress access to EC2 hosts and the API server from allow-listed IP addresses.
diff --git a/modules/rosa-sts-aws-requirements-support-req.adoc b/modules/rosa-sts-aws-requirements-support-req.adoc
index ad63b91c97ad..b88ab0577812 100644
--- a/modules/rosa-sts-aws-requirements-support-req.adoc
+++ b/modules/rosa-sts-aws-requirements-support-req.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_planning/rosa-sts-aws-prereqs.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-support-requirements_{context}"]
 = Support requirements
 * Red Hat recommends that the customer have at least link:https://aws.amazon.com/premiumsupport/plans/[Business Support] from AWS.
diff --git a/modules/rosa-sts-byo-oidc-options.adoc b/modules/rosa-sts-byo-oidc-options.adoc
new file mode 100644
index 000000000000..bfc53b6b409f
--- /dev/null
+++ b/modules/rosa-sts-byo-oidc-options.adoc
@@ -0,0 +1,68 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa-oidc-overview.adoc
+// * rosa_architecture/rosa-sts-about-iam-resources.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="rosa-sts-byo-oidc-options_{context}"]
+= Parameter options for creating your own OpenID Connect configuration
+
+The following options may be added to the `rosa create oidc-config` command. All of these parameters are optional. Running the `rosa create oidc-config` command without parameters creates an unmanaged OIDC configuration.
+
+[NOTE]
+====
+You are required to register the unmanaged OIDC configuration by posting a request to `/oidc_configs` through OpenShift Cluster Manager. You receive an ID in the response. Use this ID to create a cluster.
+====
+
+[discrete]
+[id="rosa-sts-byo-oidc-raw-files_{context}"]
+== raw-files
+
+Allows you to provide raw files for the private RSA key. This key is named `rosa-private-key-oidc-<random_label_of_length_4>.key`. You also receive a discovery document, named `discovery-document-oidc-<random_label_of_length_4>.json`, and a JSON Web Key Set, named `jwks-oidc-<random_label_of_length_4>.json`.
+
+You use these files to set up the endpoint. This endpoint responds to `/.well-known/openid-configuration` with the discovery document and on `keys.json` with the JSON Web Key Set. The private key is stored in Amazon Web Services (AWS) Secrets Manager Service (SMS) as plaintext.
+
+.Example
+[source,terminal]
+----
+$ rosa create oidc-config --raw-files
+----
+
+[discrete]
+[id="rosa-sts-byo-oidc-mode_{context}"]
+== mode
+
+Allows you to specify the mode to create your OIDC configuration. With the `manual` option, you receive AWS commands that set up the OIDC configuration in an S3 bucket. This option stores the private key in the Secrets Manager. With the `manual` option, the OIDC Endpoint URL is the URL for the S3 bucket. You must retrieve the Secrets Manager ARN to register the OIDC configuration with OpenShift Cluster Manager.
+
+You receive the same OIDC configuration and AWS resources as the `manual` mode when using the `auto` option. A significant difference between the two options is that when using the `auto` option, ROSA calls AWS, so you do not need to take any further actions. The OIDC Endpoint URL is the URL for the S3 bucket. The CLI retrieves the Secrets Manager ARN, registers the OIDC configuration with OpenShift Cluster Manager, and reports the second `rosa` command that the user can run to continue with the creation of the STS cluster.
+
+.Example
+[source,terminal]
+----
+$ rosa create oidc-config --mode=<auto|manual>
+----
+
+[discrete]
+[id="rosa-sts-byo-oidc-managed_{context}"]
+== managed
+
+Creates an OIDC configuration that is hosted under Red Hat's AWS account. This command creates a private key that responds directly with an OIDC Config ID for you to use when creating the STS cluster.
+
+.Example
+[source,terminal]
+----
+$ rosa create oidc-config --managed
+----
+
+.Sample output
+[source,terminal]
+----
+W: For a managed OIDC Config only auto mode is supported. However, you may choose the provider creation mode
+? OIDC Provider creation mode: auto
+I: Setting up managed OIDC configuration
+I: Please run the following command to create a cluster with this oidc config
+rosa create cluster --sts --oidc-config-id 233jnu62i9aphpucsj9kueqlkr1vcgra
+I: Creating OIDC provider using 'arn:aws:iam::242819244:user/userName'
+? Create the OIDC provider? Yes
+I: Created OIDC provider with ARN 'arn:aws:iam::242819244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/233jnu62i9aphpucsj9kueqlkr1vcgra'
+----
\ No newline at end of file
diff --git a/modules/rosa-sts-byo-oidc.adoc b/modules/rosa-sts-byo-oidc.adoc
new file mode 100644
index 000000000000..6fd37c7a130b
--- /dev/null
+++ b/modules/rosa-sts-byo-oidc.adoc
@@ -0,0 +1,101 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa-oidc-overview.adoc
+// * rosa_architecture/rosa-sts-about-iam-resources.adoc
+// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
+
+ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"]
+:rosa-hcp:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-sts-byo-oidc_{context}"]
+= Creating an OpenID Connect configuration
+
+When using a
+ifdef::rosa-hcp[]
+{hcp-title} cluster, you must
+endif::rosa-hcp[]
+ifndef::rosa-hcp[]
+{product-title} cluster, you can
+endif::rosa-hcp[]
+create the OpenID Connect (OIDC) configuration prior to creating your cluster. This configuration is registered to be used with OpenShift Cluster Manager.
+
+.Prerequisites
+
+ifdef::rosa-hcp[]
+* You have completed the AWS prerequisites for {hcp-title}.
+endif::rosa-hcp[]
+ifdef::rosa-hcp[]
+* You have completed the AWS prerequisites for {product-title}.
+endif::rosa-hcp[]
+* You have installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your installation host.
+
+.Procedure
+
+* To create your OIDC configuration alongside the AWS resources, run the following command:
++
+[source,terminal]
+----
+$ rosa create oidc-config --mode=auto  --yes
+----
++
+This command returns the following information.
++
+.Sample output
++
+[source,terminal]
+----
+? Would you like to create a Managed (Red Hat hosted) OIDC Configuration Yes
+I: Setting up managed OIDC configuration
+I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
+	rosa create operator-roles --prefix <user-defined> --oidc-config-id 13cdr6b
+If you are going to create a Hosted Control Plane cluster please include '--hosted-cp'
+I: Creating OIDC provider using 'arn:aws:iam::4540112244:user/userName'
+? Create the OIDC provider? Yes
+I: Created OIDC provider with ARN 'arn:aws:iam::4540112244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/13cdr6b'
+----
++
+When creating your cluster, you must supply the OIDC config ID. The CLI output provides this value for `--mode auto`, otherwise you must determine these values based on `aws` CLI output for `--mode manual`.
+
+* Optional: you can save the OIDC configuration ID as a variable to use later. Run the following command to save the variable:
++
+[source,terminal]
+----
+$ export OIDC_ID=30f5dqmk
+----
+
+. View the value of the variable by running with the following command:
++
+[source,terminal]
+----
+$ echo $OIDC_ID
+----
++
+.Sample output
++
+[source,terminal]
+----
+$ 30f5dqmk
+----
+
+.Verification
+
+* You can list the possible OIDC configurations available for your clusters that are associated with your user organization. Run the following command:
++
+[source,terminal]
+----
+$ rosa list oidc-config
+----
++
+.Sample output
++
+[source,terminal]
+----
+ID                                MANAGED  ISSUER URL                                                             SECRET ARN
+2330dbs0n8m3chkkr25gkkcd8pnj3lk2  true     https://dvbwgdztaeq9o.cloudfront.net/2330dbs0n8m3chkkr25gkkcd8pnj3lk2
+233hvnrjoqu14jltk6lhbhf2tj11f8un  false    https://oidc-r7u1.s3.us-east-1.amazonaws.com                           aws:secretsmanager:us-east-1:242819244:secret:rosa-private-key-oidc-r7u1-tM3MDN
+
+----
diff --git a/modules/rosa-sts-cluster-terraform-destroy.adoc b/modules/rosa-sts-cluster-terraform-destroy.adoc
new file mode 100644
index 000000000000..dd4a1afb2e8e
--- /dev/null
+++ b/modules/rosa-sts-cluster-terraform-destroy.adoc
@@ -0,0 +1,109 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly-terraform.adoc
+//
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
+:_content-type: PROCEDURE
+
+[id="sd-terraform-cluster-destroy_{context}"]
+= Deleting your ROSA cluster with Terraform
+
+Use the `terraform destroy` command to remove all of the resources that were created with the `terraform apply` command.
+
+[NOTE]
+====
+Do not modify your Terraform `.tf` files
+ifndef::tf-defaults[]
+or the `terraform.tfvars` file
+endif::tf-defaults[]
+before destroying your resources. These variables are matched to resources to delete.
+====
+
+.Procedure
+. In the directory where you ran the `terraform apply` command to create your cluster, run the following command to delete the cluster:
++
+[source,terminal]
+----
+$ terraform destroy
+----
+ifndef::tf-defaults[]
++
+[IMPORTANT]
+====
+After you enter the name of the ROSA cluster and confirm destruction by entering `yes`, you cannot stop the `terraform destroy` process. Your account, Operator roles, and cluster are deleted.
+====
+
+. Enter the name of the cluster that you want to delete:
++
+[source,terminal]
+----
+var.cluster_name
+  Provide the name of your ROSA cluster.
+
+  Enter a value: <name_of_rosa_cluster> <1>
+----
+--
+<1> A valid value is the name of the ROSA cluster you want to delete.
+--
+endif::tf-defaults[]
+
+. Enter `yes` to start the role and cluster deletion:
++
+.Example output of Terraform confirmation:
+[source,terminal]
+----
+Plan: 0 to add, 0 to change, 39 to destroy.
+
+Do you really want to destroy all resources?
+  Terraform will destroy all your managed infrastructure, as shown above.
+  There is no undo. Only 'yes' will be accepted to confirm.
+
+  Enter a value: yes
+----
+
+.Verification
+. Verify that your cluster was destroyed by running the following command:
++
+[source,terminal]
+----
+$ rosa list clusters
+----
++
+.Example output showing no cluster
+[source,terminal]
+----
+I: No clusters available
+----
+
+. Verify that the account roles were destroyed by running the following command:
++
+[source,terminal]
+----
+$ rosa list account-roles
+----
++
+.Example output showing no Terraform-created account roles:
+[source,terminal]
+----
+I: Fetching account roles
+I: No account roles available
+----
+
+. Verify that the Operator roles were destroyed by running the following command:
++
+[source,terminal]
+----
+$ rosa list operator-roles
+----
++
+.Example output showing no Terraform-created Operator roles:
+[source,terminal]
+----
+I: Fetching operator roles
+I: No operator roles available
+----
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
\ No newline at end of file
diff --git a/modules/rosa-sts-cluster-terraform-execute.adoc b/modules/rosa-sts-cluster-terraform-execute.adoc
new file mode 100644
index 000000000000..3504aa901193
--- /dev/null
+++ b/modules/rosa-sts-cluster-terraform-execute.adoc
@@ -0,0 +1,112 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly-terraform.adoc
+//
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
+:_content-type: PROCEDURE
+
+[id="rosa-sts-cluster-terraform-execute_{context}"]
+= Using Terraform to create your ROSA cluster
+
+After you create the Terraform files, you must initiate Terraform to provide all of the required dependencies. Then apply the Terraform plan.
+
+.Procedure
+
+. Set up Terraform to create your resources based on your Terraform files, run the following command:
++
+[source,terminal]
+----
+$ terraform init
+----
+
+. *Optional*: Verify that the Terraform you copied is correct by running the following command:
++
+[source,terminal]
+----
+$ terraform validate
+----
++
+.Example output
++
+[source,terminal]
+----
+Success! The configuration is valid.
+----
+
+. Create your cluster with Terraform by running the following command:
++
+[source,terminal]
+----
+$ terraform apply
+----
+
+. The Terraform interface lists the resources to be created or changed and prompts for confirmation. Enter `yes` to proceed or `no` to cancel:
++
+.Example output
+[source,terminal]
+----
+Plan: 39 to add, 0 to change, 0 to destroy.
+
+Do you want to perform these actions?
+  Terraform will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+----
++
+If you enter `yes`, your Terraform plan starts, creating your AWS account roles, Operator roles, and your ROSA Classic cluster.
+
+.Verification
+. Verify that your cluster was created by running the following command:
++
+[source,terminal]
+----
+$ rosa list clusters
+----
++
+.Example output showing a cluster's ID, name, and status:
++
+[source,terminal]
+----
+ID                                NAME          STATE  TOPOLOGY
+27c3snjsupa9obua74ba8se5kcj11269  rosa-tf-demo  ready  Classic (STS)
+----
+
+. Verify that your account roles were created by running the following command:
++
+[source,terminal]
+----
+$ rosa list account-roles
+----
++
+.Example output
+[source,terminal]
+----
+I: Fetching account roles
+ROLE NAME                                   ROLE TYPE      ROLE ARN                                                           OPENSHIFT VERSION  AWS Managed
+ROSA-demo-ControlPlane-Role                 Control plane  arn:aws:iam::<ID>:role/ROSA-demo-ControlPlane-Role                 4.14               No
+ROSA-demo-Installer-Role                    Installer      arn:aws:iam::<ID>:role/ROSA-demo-Installer-Role                    4.14               No
+ROSA-demo-Support-Role                      Support        arn:aws:iam::<ID>:role/ROSA-demo-Support-Role                      4.14               No
+ROSA-demo-Worker-Role                       Worker         arn:aws:iam::<ID>:role/ROSA-demo-Worker-Role                       4.14               No
+----
+
+. Verify that your Operator roles were created by running the following command:
++
+[source,terminal]
+----
+$ rosa list operator-roles
+----
++
+.Example output showing Terraform-created Operator roles:
+[source,terminal]
+----
+I: Fetching operator roles
+ROLE PREFIX    AMOUNT IN BUNDLE
+rosa-demo      6
+----
+
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
diff --git a/modules/rosa-sts-cluster-terraform-file-creation.adoc b/modules/rosa-sts-cluster-terraform-file-creation.adoc
new file mode 100644
index 000000000000..2605f2ad21f5
--- /dev/null
+++ b/modules/rosa-sts-cluster-terraform-file-creation.adoc
@@ -0,0 +1,540 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly-terraform.adoc
+//
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
+:_content-type: PROCEDURE
+
+[id="rosa-sts-cluster-terraform-file-creation_{context}"]
+= Creating your Terraform files locally
+
+After you set up your link:https://console.redhat.com/openshift/token[offline {cluster-manager-first} token], you need to create the Terraform files locally to build your cluster. You can create these files by using the following code templates.
+
+.Procedure
+
+. Create the `account-roles.tf` file by running the following command:
++
+[source,terminal]
+----
+$ cat<<-EOF>account-roles.tf
+data "rhcs_policies" "all_policies" {}
+
+data "rhcs_versions" "all" {}
+
+module "create_account_roles" {
+  source  = "terraform-redhat/rosa-sts/aws"
+  version = ">=0.0.15"
+
+  create_account_roles  = true
+  create_operator_roles = false
+
+  account_role_prefix    = local.cluster_name
+  path                   = var.path
+  rosa_openshift_version = regex("^[0-9]+\\\\.[0-9]+", var.rosa_openshift_version)
+  account_role_policies  = data.rhcs_policies.all_policies.account_role_policies
+  all_versions           = data.rhcs_versions.all
+  operator_role_policies = data.rhcs_policies.all_policies.operator_role_policies
+  tags                   = var.additional_tags
+}
+
+resource "time_sleep" "wait_10_seconds" {
+  depends_on = [module.create_account_roles]
+
+  create_duration = "10s"
+}
+EOF
+----
+
+. Create the `main.tf` file by running the following command:
+ifdef::tf-defaults[]
++
+[source,terminal]
+----
+$ cat<<-EOF>main.tf
+#
+# Copyright (c) 2023 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.20.0"
+    }
+    rhcs = {
+      version = ">= 1.5.0"
+      source  = "terraform-redhat/rhcs"
+    }
+  }
+}
+
+# Export token using the RHCS_TOKEN environment variable
+provider "rhcs" {}
+
+provider "aws" {
+  region = var.aws_region
+  ignore_tags {
+    key_prefixes = ["kubernetes.io/"]
+  }
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  # Extract availability zone names for the specified region, limit it to 1
+  region_azs = slice([for zone in data.aws_availability_zones.available.names : format("%s", zone)], 0, 1)
+}
+
+resource "random_string" "random_name" {
+  length           = 6
+  special          = false
+  upper            = false
+}
+
+locals {
+  path = coalesce(var.path, "/")
+  sts_roles = {
+    role_arn         = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-Installer-Role",
+    support_role_arn = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-Support-Role",
+    instance_iam_roles = {
+      master_role_arn = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-ControlPlane-Role",
+      worker_role_arn = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-Worker-Role"
+    },
+    operator_role_prefix = local.cluster_name,
+    oidc_config_id       = rhcs_rosa_oidc_config.oidc_config.id
+  }
+  worker_node_replicas = coalesce(var.worker_node_replicas, 2)
+  # If cluster_name is not null, use that, otherwise generate a random cluster name
+  cluster_name = coalesce(var.cluster_name, "rosa-\${random_string.random_name.result}")
+}
+
+data "aws_caller_identity" "current" {
+}
+
+resource "rhcs_cluster_rosa_classic" "rosa_sts_cluster" {
+  name                 = local.cluster_name
+  cloud_region         = var.aws_region
+  multi_az             = false
+  aws_account_id       = data.aws_caller_identity.current.account_id
+  availability_zones   = ["us-east-1a"]
+  tags                 = var.additional_tags
+  version              = var.rosa_openshift_version
+  compute_machine_type = var.machine_type
+  replicas             = local.worker_node_replicas
+  autoscaling_enabled  = false
+  sts                  = local.sts_roles
+  properties = {
+    rosa_creator_arn = data.aws_caller_identity.current.arn
+  }
+  machine_cidr     = var.vpc_cidr_block
+
+  lifecycle {
+    precondition {
+      condition     = can(regex("^[a-z][-a-z0-9]{0,13}[a-z0-9]\$", local.cluster_name))
+      error_message = "ROSA cluster name must be less than 16 characters, be lower case alphanumeric, with only hyphens."
+    }
+  }
+
+  depends_on = [time_sleep.wait_10_seconds]
+}
+
+resource "rhcs_cluster_wait" "wait_for_cluster_build" {
+  cluster = rhcs_cluster_rosa_classic.rosa_sts_cluster.id
+  # timeout in minutes
+  timeout = 60
+}
+EOF
+----
+endif::tf-defaults[]
+ifndef::tf-defaults[]
++
+[NOTE]
+====
+Copy and then edit this file _before_ running the command to build your cluster.
+====
++
+[source,terminal]
+----
+$ cat<<-EOF>main.tf
+#
+# Copyright (c) 2023 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.20.0"
+    }
+    rhcs = {
+      version = ">= 1.5.0"
+      source  = "terraform-redhat/rhcs"
+    }
+  }
+}
+
+# Export token using the RHCS_TOKEN environment variable
+provider "rhcs" {}
+
+provider "aws" {
+  region = var.aws_region
+  ignore_tags {
+    key_prefixes = ["kubernetes.io/"]
+  }
+}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+
+  # New configuration to exclude Local Zones
+  filter {
+    name   = "opt-in-status"
+    values = ["opt-in-not-required"]
+  }
+}
+
+locals {
+  # These lines will determine how many availability zones to extract based on if you are creating a single or multi AZ cluster.
+  az_count = var.multi_az ? 3 : 1
+  region_azs = slice([for zone in data.aws_availability_zones.available.names : format("%s", zone)], 0, local.az_count)
+}
+
+resource "random_string" "random_name" {
+  length           = 6
+  special          = false
+  upper            = false
+}
+
+locals {
+  path = coalesce(var.path, "/")
+  sts_roles = {
+    role_arn         = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-Installer-Role",
+    support_role_arn = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-Support-Role",
+    instance_iam_roles = {
+      master_role_arn = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-ControlPlane-Role",
+      worker_role_arn = "arn:aws:iam::\${data.aws_caller_identity.current.account_id}:role\${local.path}\${local.cluster_name}-Worker-Role"
+    },
+    operator_role_prefix = local.cluster_name,
+    oidc_config_id       = rhcs_rosa_oidc_config.oidc_config.id
+  }
+  worker_node_replicas = var.worker_node_replicas == null ? 3 : var.worker_node_replicas
+  # If cluster_name is not null, use that, otherwise generate a random cluster name
+  cluster_name = coalesce(var.cluster_name, "rosa-${random_string.random_name.result}")
+}
+
+data "aws_caller_identity" "current" {
+}
+
+resource "rhcs_cluster_rosa_classic" "rosa_sts_cluster" {
+  name                 = local.cluster_name
+  cloud_region         = var.aws_region
+  multi_az             = var.multi_az
+  aws_account_id       = data.aws_caller_identity.current.account_id
+  availability_zones   = local.region_azs
+  tags                 = var.additional_tags
+  version              = var.rosa_openshift_version
+  proxy                = var.proxy
+  compute_machine_type = var.machine_type
+  autoscaling_enabled  = var.autoscaling_enabled
+  replicas             = local.worker_node_replicas
+  min_replicas         = var.min_replicas
+  max_replicas         = var.max_replicas
+
+  sts                  = local.sts_roles
+  properties = {
+    rosa_creator_arn = data.aws_caller_identity.current.arn
+  }
+
+    admin_credentials      = {
+    username = var.admin_username
+    password = var.admin_password
+  }
+
+#
+#Private link settings
+#
+
+  private          = var.private_cluster
+  aws_private_link = var.private_cluster
+  aws_subnet_ids   = var.create_vpc ? concat(module.vpc[0].private_subnets, module.vpc[0].public_subnets) : var.private_subnet_ids
+  machine_cidr     = var.private_cluster ? var.vpc_cidr_block : null
+
+  lifecycle {
+    precondition {
+      condition     = can(regex("^[a-z][-a-z0-9]{0,13}[a-z0-9]\$", local.cluster_name))
+      error_message = "ROSA cluster name must be less than 16 characters, be lower case alphanumeric, with only hyphens."
+    }
+  }
+
+  depends_on = [time_sleep.wait_10_seconds]
+}
+
+resource "rhcs_cluster_wait" "wait_for_cluster_build" {
+  cluster = rhcs_cluster_rosa_classic.rosa_sts_cluster.id
+  # timeout in minutes
+  timeout = 60
+}
+EOF
+----
+endif::tf-defaults[]
+
+. Create the `oidc-provider.tf` file by running the following command:
++
+[source,terminal]
+----
+$ cat<<-EOF>oidc-provider.tf
+resource "rhcs_rosa_oidc_config" "oidc_config" {
+  managed = true
+}
+
+data "rhcs_rosa_operator_roles" "operator_roles" {
+  operator_role_prefix = local.cluster_name
+  account_role_prefix  = local.cluster_name
+}
+
+module "oidc_provider" {
+  source  = "terraform-redhat/rosa-sts/aws"
+  version = "0.0.15"
+
+  create_operator_roles = false
+  create_oidc_provider  = true
+
+  cluster_id                  = ""
+  rh_oidc_provider_thumbprint = rhcs_rosa_oidc_config.oidc_config.thumbprint
+  rh_oidc_provider_url        = rhcs_rosa_oidc_config.oidc_config.oidc_endpoint_url
+  tags                        = var.additional_tags
+  path                        = var.path
+}
+EOF
+----
+
+. Create the `operator-roles.tf` file by running the following command:
++
+[source,terminal]
+----
+$ cat<<-EOF>operator-roles.tf
+module "operator_roles" {
+  source  = "terraform-redhat/rosa-sts/aws"
+  version = "0.0.15"
+
+  create_operator_roles = true
+  create_oidc_provider  = false
+
+  rh_oidc_provider_thumbprint = rhcs_rosa_oidc_config.oidc_config.thumbprint
+  rh_oidc_provider_url        = rhcs_rosa_oidc_config.oidc_config.oidc_endpoint_url
+  operator_roles_properties   = data.rhcs_rosa_operator_roles.operator_roles.operator_iam_roles
+  tags                        = var.additional_tags
+  path                        = var.path
+}
+EOF
+----
+
+. Create the `variables.tf` file by running the following command:
+ifndef::tf-defaults[]
++
+[NOTE]
+====
+Copy and then edit this file _before_ running the command to build your cluster.
+====
+endif::tf-defaults[]
++
+[source,terminal]
+----
+$ cat<<-EOF>variables.tf
+variable "rosa_openshift_version" {
+  type        = string
+  default     = "4.15.0"
+  description = "Desired version of OpenShift for the cluster, for example '4.15.0'. If version is greater than the currently running version, an upgrade will be scheduled."
+}
+
+variable "account_role_policies" {
+  description = "account role policies details for account roles creation"
+  type = object({
+    sts_installer_permission_policy             = string
+    sts_support_permission_policy               = string
+    sts_instance_worker_permission_policy       = string
+    sts_instance_controlplane_permission_policy = string
+  })
+  default = null
+}
+
+variable "operator_role_policies" {
+  description = "operator role policies details for operator roles creation"
+  type = object({
+    openshift_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy = string
+    openshift_cloud_network_config_controller_cloud_credentials_policy                = string
+    openshift_cluster_csi_drivers_ebs_cloud_credentials_policy                        = string
+    openshift_image_registry_installer_cloud_credentials_policy                       = string
+    openshift_ingress_operator_cloud_credentials_policy                               = string
+    openshift_machine_api_aws_cloud_credentials_policy                                = string
+  })
+  default = null
+}
+
+# ROSA Cluster info
+variable "cluster_name" {
+  default     = null
+  type        = string
+  description = "Provide the name of your ROSA cluster."
+}
+
+variable "additional_tags" {
+  default = {
+    Terraform   = "true"
+  }
+  description = "Additional AWS resource tags"
+  type        = map(string)
+}
+
+variable "path" {
+  description = "(Optional) The arn path for the account/operator roles as well as their policies."
+  type        = string
+  default     = null
+}
+
+variable "machine_type" {
+  description = "The AWS instance type used for your default worker pool."
+  type        = string
+  default     = "m5.xlarge"
+}
+
+variable "worker_node_replicas" {
+  default     = 2
+  description = "Number of worker nodes to provision. Single zone clusters need at least 2 nodes, multizone clusters need at least 3 nodes"
+  type        = number
+}
+
+variable "autoscaling_enabled" {
+  description = "Enables autoscaling. This variable requires you to set a maximum and minimum replicas range using the 'max_replicas' and 'min_replicas' variables. If the autoscaling_enabled is 'true', you cannot configure the worker_node_replicas."
+  type        = string
+  default     = "false"
+}
+
+#VPC Info
+variable "vpc_cidr_block" {
+  type        = string
+  description = "The value of the IP address block for machines or cluster nodes for the VPC."
+  default     = "10.0.0.0/16"
+}
+
+#AWS Info
+variable "aws_region" {
+  type    = string
+  default = "us-east-1"
+}
+EOF
+----
+ifndef::tf-defaults[]
+
+. Create the `vpc.tf` file by running the following command:
++
+[source,terminal]
+----
+$ cat<<-EOF>vpc.tf
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "5.1.2"
+
+  count = var.create_vpc ? 1 : 0
+  name  = var.vpc_name
+  cidr  = var.vpc_cidr_block
+
+  azs             = var.availability_zones
+  private_subnets = var.private_subnet_cidrs
+  public_subnets  = var.public_subnet_cidrs
+
+  enable_nat_gateway   = true
+  single_nat_gateway   = var.single_nat_gateway
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  tags = var.additional_tags
+}
+EOF
+----
+
+. *Optional*: Create the `terraform.tfvars` file by running the following command:
++
+[NOTE]
+====
+You can use the `terraform.tfvars` file to change your variables in one place without touching the rest of your Terraform files. If you do not create a `terraform.tfvars` file, you will be prompted for the required variables during cluster creation.
+
+Copy and then edit this file _before_ running the command to build your cluster.
+====
++
+[source,terminal]
+----
+$ cat<<-EOF>terraform.tfvars
+
+###############################
+# General Cluster Information #
+###############################
+
+# You can choose any OpenShift version that is currently supported. Make sure to use X.Y.Z when setting your version.
+rosa_openshift_version = "4.14.0"
+
+# See the docs for options - https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-sdpolicy-aws-instance-types_rosa-service-definition
+machine_type = "m5.xlarge"
+aws_region = "us-east-1"
+
+# If you want to create a single AZ cluster, set this variable to false, and then set the worker_node_replicas to 2. If you want to use a multi-AZ cluster, set this to true, then change the replica count to a multiple of 3. Autoscaling should also be in multiples of 3.
+multi_az = "true"
+
+#################
+# Machine pools #
+#################
+
+# Setting this as true, requires you to set a maximum and minimum replicas range using the 'max_replicas' and 'min_replicas' variables. If the autoscaling_enabled is 'true', you cannot configure the worker_node_replicas."
+
+# autoscaling_enabled = "true"
+# worker_node_replicas = null
+# min_replicas = "6"
+# max_replicas = "15"
+
+###################
+# VPC Information #
+###################
+
+vpc_cidr_block = "10.0.0.0/16"
+create_vpc = "false"
+private_cluster = "false"
+# vpc_name = "rosa-vpc-tf"
+# private_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+# public_subnet_cidrs  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+# single_nat_gateway = "false"
+
+EOF
+----
+endif::tf-defaults[]
+
+You are ready to initiate Terraform.
+
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
diff --git a/modules/rosa-sts-cluster-terraform-setup.adoc b/modules/rosa-sts-cluster-terraform-setup.adoc
new file mode 100644
index 000000000000..04efb7131733
--- /dev/null
+++ b/modules/rosa-sts-cluster-terraform-setup.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly-terraform.adoc
+//
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
+:_content-type: PROCEDURE
+
+[id="rosa-sts-cluster-terraform-setup_{context}"]
+= Preparing your environment for Terraform
+
+Before you can create your {product-title} cluster by using Terraform, you need to export your link:https://console.redhat.com/openshift/token[offline {cluster-manager-first} token].
+
+.Procedure
+. *Optional*: Because the Terraform files get created in your current directory during this procedure, you can create a new directory to store these files and navigate into it by running the following command:
++
+[source,terminal]
+----
+$ mkdir terraform-cluster && cd terraform-cluster
+----
+
+. Grant permissions to your account by using link:https://console.redhat.com/openshift/token[an offline {cluster-manager-first} token].
+
+. Copy your offline token, and set the token as an environmental variable by running the following command:
++
+[source,terminal]
+----
+$ export RHCS_TOKEN=<your_offline_token>
+----
++
+[NOTE]
+====
+This environmental variable resets at the end of each session, such as restarting your machine or closing the terminal.
+====
+
+.Verification
+
+* After you export your token, verify the value by running the following command:
++
+[source,terminal]
+----
+$ echo $RHCS_TOKEN
+----
+
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:tf-defaults:
+endif::[]
diff --git a/modules/rosa-sts-creating-a-cluster-quickly-cli.adoc b/modules/rosa-sts-creating-a-cluster-quickly-cli.adoc
index 80ba66cd79c8..c9cb555a3b2f 100644
--- a/modules/rosa-sts-creating-a-cluster-quickly-cli.adoc
+++ b/modules/rosa-sts-creating-a-cluster-quickly-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-creating-a-cluster-quickly-cli_{context}"]
 = Creating a cluster quickly using the CLI
 
@@ -21,12 +21,7 @@ ifndef::quickstart[]
 * You have completed the AWS prerequisites for ROSA with STS.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
-* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
-+
-[NOTE]
-====
-To successfully install ROSA clusters, use the latest version of the ROSA CLI.
-====
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
 * You have logged in to your Red Hat account by using the ROSA CLI.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
 endif::[]
diff --git a/modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc b/modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc
index 4df554f42089..00d6cb449f66 100644
--- a/modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc
+++ b/modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-creating-a-cluster-quickly-ocm_{context}"]
 = Creating a cluster quickly using {cluster-manager}
 
diff --git a/modules/rosa-sts-creating-a-cluster-using-customizations.adoc b/modules/rosa-sts-creating-a-cluster-using-customizations.adoc
index 326edc1fff2a..363dc5fde419 100644
--- a/modules/rosa-sts-creating-a-cluster-using-customizations.adoc
+++ b/modules/rosa-sts-creating-a-cluster-using-customizations.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-creating-cluster-using-customizations_{context}"]
 = Creating a cluster using customizations
 
diff --git a/modules/rosa-sts-creating-a-cluster-using-defaults-ocm.adoc b/modules/rosa-sts-creating-a-cluster-using-defaults-ocm.adoc
index cb5945676f23..513fbd0095f3 100644
--- a/modules/rosa-sts-creating-a-cluster-using-defaults-ocm.adoc
+++ b/modules/rosa-sts-creating-a-cluster-using-defaults-ocm.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-creating-a-cluster-using-defaults-ocm_{context}"]
 = Creating a cluster with the default options using {cluster-manager} {hybrid-console-second}
 
@@ -22,12 +22,7 @@ ifdef::quick-install[]
 * You have completed the AWS prerequisites for ROSA with STS.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
-* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
-+
-[NOTE]
-====
-To successfully install ROSA clusters, use the latest version of the ROSA CLI.
-====
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
 * You have associated your AWS account with your Red Hat organization. When you associated your account, you applied the administrative permissions to the {cluster-manager} role. For detailed steps, see _Associating your AWS account with your Red Hat organization_.
 * You have created the required account-wide STS roles and policies. For detailed steps, see _Creating the account-wide STS roles and policies_.
@@ -39,7 +34,7 @@ endif::[]
 
 . On the *Create an OpenShift cluster* page, select *Create cluster* in the *{product-title} (ROSA)* row.
 
-. Verify that your AWS account ID is listed in the *Associated AWS accounts* drop-down menu and that the installer, support, worker, and control plane account role Amazon Resource Names (ARNs) are listed on the *Accounts and roles* page. 
+. Verify that your AWS account ID is listed in the *Associated AWS accounts* drop-down menu and that the installer, support, worker, and control plane account role Amazon Resource Names (ARNs) are listed on the *Accounts and roles* page.
 +
 [NOTE]
 ====
diff --git a/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc b/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc
index d9da6b6a503b..bc1551fe0c68 100644
--- a/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc
+++ b/modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-creating-cluster-customizations-cli_{context}"]
 = Creating a cluster with customizations using the CLI
 
@@ -17,32 +17,26 @@ After a cluster installation using the interactive mode completes, a single comm
 Only public and AWS PrivateLink clusters are supported with STS. Regular private clusters (non-PrivateLink) are not available for use with STS.
 ====
 
-[NOTE]
-====
-link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[AWS Shared VPCs] are not currently supported for ROSA installations.
-====
-
 .Prerequisites
 
 * You have completed the AWS prerequisites for ROSA with STS.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
-* You have installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your installation host.
-+
-[NOTE]
-====
-To successfully install ROSA clusters, use latest version of the ROSA CLI.
-====
+* You have installed and configured the latest ROSA CLI, `rosa`, on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
 * If you want to use a customer managed AWS Key Management Service (KMS) key for encryption, you must create a symmetric KMS key. You must provide the Amazon Resource Name (ARN) when creating your cluster. To create a customer managed KMS key, follow the procedure for link:https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk[Creating symmetric encryption KMS keys].
 +
 [IMPORTANT]
 ====
-The EBS operator role is required in addition to the account roles to successfully create your cluster.
+The EBS Operator role is required in addition to the account roles to successfully create your cluster.
+
+This role must be attached with the `ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credentials` policy, an IAM policy required by ROSA to manage back-end storage through the Container Storage Interface (CSI).
+
+For more information about the policies and permissions that the cluster Operators require, see _Methods of account-wide role creation_.
 
 .Example EBS Operator role
 `"arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cluster-csi-drivers-ebs-cloud-credent"`
 
-After you create your Operator Roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
+After you create your Operator roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
 ====
 
 .Procedure
@@ -60,7 +54,7 @@ $ rosa create account-roles --interactive \ <1>
 +
 --
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 I: Logged in as '<red_hat_username>' on 'https://api.openshift.com'
 I: Validating AWS credentials...
@@ -68,7 +62,7 @@ I: AWS credentials are valid!
 I: Validating AWS quota...
 I: AWS quota ok. If cluster installation fails, validate actual AWS resource usage against https://docs.openshift.com/rosa/rosa_getting_started/rosa-required-aws-service-quotas.html
 I: Verifying whether OpenShift command-line tool is available...
-I: Current OpenShift Client Version: 4.13.0
+I: Current OpenShift Client Version: {product-version}.0
 I: Creating account roles
 ? Role prefix: ManagedOpenShift <1>
 ? Permissions boundary ARN (optional): <2>
@@ -135,7 +129,7 @@ $ aws kms get-key-policy --key-id <key_id_or_arn> --policy-name default --output
             "Sid": "Enable IAM User Permissions",
             "Effect": "Allow",
             "Principal": {
-                "AWS": "arn:aws:iam::<aws-account-id>:root"
+                "AWS": "arn:aws:iam::<aws_account_id>:root"
             },
             "Action": "kms:*",
             "Resource": "*"
@@ -145,10 +139,10 @@ $ aws kms get-key-policy --key-id <key_id_or_arn> --policy-name default --output
             "Effect": "Allow",
             "Principal": {
                 "AWS": [
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-Support-Role", <1>
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-Installer-Role",
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-Worker-Role",
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-ControlPlane-Role",
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Support-Role", <1>
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Installer-Role",
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Worker-Role",
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-ControlPlane-Role",
                     "arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cluster-csi-drivers-ebs-cloud-credent" <2>
                 ]
             },
@@ -166,10 +160,10 @@ $ aws kms get-key-policy --key-id <key_id_or_arn> --policy-name default --output
             "Effect": "Allow",
             "Principal": {
                 "AWS": [
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-Support-Role", <1>
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-Installer-Role",
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-Worker-Role",
-                    "arn:aws:iam::<aws-account-id>:role/ManagedOpenShift-ControlPlane-Role",
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Support-Role", <1>
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Installer-Role",
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Worker-Role",
+                    "arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-ControlPlane-Role",
                     "arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cluster-csi-drivers-ebs-cloud-credent" <2>
                 ]
             },
@@ -206,9 +200,11 @@ You can reference the ARN of your KMS key when you create the cluster in the nex
 
 . Create a cluster with STS using custom installation options. You can use the `--interactive` mode to interactively specify custom settings:
 +
-[IMPORTANT]
+[WARNING]
 ====
-To avoid cluster failure issues, do not install a ROSA cluster in an existing VPC created by the previous cluster's ROSA installer. If the cluster that created the VPC during the installation is deleted, the associated installer-created VPC also gets deleted, resulting in the failure of all the clusters installed in the same VPC.
+You cannot install a ROSA cluster into an existing VPC that was created by the OpenShift installer. These VPCs are created during the cluster deployment process and must only be associated with a single cluster to ensure that cluster provisioning and deletion operations work correctly.
+
+To verify whether a VPC was created by the OpenShift installer, check for the `owned` value on the `kubernetes.io/cluster/<infra-id>` tag. For example, when viewing the tags for the VPC named `mycluster-12abc-34def`, the `kubernetes.io/cluster/mycluster-12abc-34def` tag has a value of `owned`. Therefore, the VPC was created by the installer and must not be modified by the administrator.
 ====
 +
 [source,terminal]
@@ -223,46 +219,81 @@ $ rosa create cluster --interactive --sts
 I: Interactive mode enabled.
 Any optional fields can be left empty and a default will be selected.
 ? Cluster name: <cluster_name>
-? OpenShift version: 4.8.9 <1>
-I: Using arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Installer-Role for the Installer role <2>
+Deploy cluster with Hosted Control Plane (optional): No
+? Create cluster admin user: Yes <1>
+? Username: user-admin <1>
+? Password: [? for help] *************** <1>
+? OpenShift version: 4.15.0 <2>
+? Configure the use of IMDSv2 for ec2 instances optional/required (optional): <3>
+I: Using arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Installer-Role for the Installer role <4>
 I: Using arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-ControlPlane-Role for the ControlPlane role
 I: Using arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Worker-Role for the Worker role
 I: Using arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Support-Role for the Support role
-? External ID (optional):
-? Operator roles prefix: <cluster_name>-<random_string> <3>
-? Multiple availability zones (optional): No <4>
+? External ID (optional): <5>
+? Operator roles prefix: <cluster_name>-<random_string> <6>
+? Deploy cluster using pre registered OIDC Configuration ID:
+? Tags (optional) <7>
+? Multiple availability zones (optional): No <8>
 ? AWS region: us-east-1
 ? PrivateLink cluster (optional): No
-? Install into an existing VPC (optional): No
+? Install into an existing VPC (optional): Yes <9>
 ? Select availability zones (optional): No
-? Enable Customer Managed key (optional): No <5>
+? Enable Customer Managed key (optional): No <10>
 ? Compute nodes instance type (optional):
 ? Enable autoscaling (optional): No
 ? Compute nodes: 2
+? Additional Security Group IDs (optional): <11>
+? > [*]  sg-0e375ff0ec4a6cfa2 ('sg-1')
+? > [ ]  sg-0e525ef0ec4b2ada7 ('sg-2')
 ? Machine CIDR: 10.0.0.0/16
 ? Service CIDR: 172.30.0.0/16
 ? Pod CIDR: 10.128.0.0/14
 ? Host prefix: 23
-? Encrypt etcd data (optional): No <6>
+? Encrypt etcd data (optional): No <12>
 ? Disable Workload monitoring (optional): No
 I: Creating cluster '<cluster_name>'
 I: To create this cluster again in the future, you can run:
-   rosa create cluster --cluster-name <cluster_name> --role-arn arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Installer-Role --support-role-arn arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Support-Role --master-iam-role arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-ControlPlane-Role --worker-iam-role arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Worker-Role --operator-roles-prefix <cluster_name>-<random_string> --region us-east-1 --version 4.8.9 --compute-nodes 2 --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 --pod-cidr 10.128.0.0/14 --host-prefix 23 <7>
+   rosa create cluster --cluster-name <cluster_name> --role-arn arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Installer-Role --support-role-arn arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Support-Role --master-iam-role arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-ControlPlane-Role --worker-iam-role arn:aws:iam::<aws_account_id>:role/ManagedOpenShift-Worker-Role --operator-roles-prefix <cluster_name>-<random_string> --region us-east-1 --version 4.15.0 --additional-compute-security-group-ids sg-0e375ff0ec4a6cfa2 --additional-infra-security-group-ids sg-0e375ff0ec4a6cfa2 --additional-control-plane-security-group-ids sg-0e375ff0ec4a6cfa2 --replicas 2 --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 --pod-cidr 10.128.0.0/14 --host-prefix 23 <13>
 I: To view a list of clusters and their status, run 'rosa list clusters'
 I: Cluster '<cluster_name>' has been created.
 I: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information.
 ...
 ----
-<1> When creating the cluster, the listed `OpenShift version` options include the major, minor, and patch versions, for example `4.8.9`.
-<2> If you have more than one set of account roles in your AWS account for your cluster version, an interactive list of options is provided.
-<3> Optional: By default, the cluster-specific Operator role names are prefixed with the cluster name and random 4-digit hash. You can optionally specify a custom prefix to replace `<cluster_name>-<hash>` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _Defining an Operator IAM role prefix_.
+<1> When creating your cluster, you can create a local administrator user for your cluster. Selecting `Yes` then prompts you to create a user name and password for the cluster admin. The user name must not contain `/`, `:`, or `%`. The password must be at least 14 characters (ASCII-standard) without whitespaces. This process automatically configures an htpasswd identity provider.
+<2> When creating the cluster, the listed `OpenShift version` options include the major, minor, and patch versions, for example `4.15.0`.
+<3> Optional: Specify 'optional' to configure all EC2 instances to use both v1 and v2 endpoints of EC2 Instance Metadata Service (IMDS). This is the default value. Specify 'required' to configure all EC2 instances to use IMDSv2 only.
++
+[IMPORTANT]
+====
+The Instance Metadata Service settings cannot be changed after your cluster is created.
+====
+<4> If you have more than one set of account roles for your cluster version in your AWS account, an interactive list of options is provided.
+<5> Optional: Specify an unique identifier that is passed by {product-title} and the OpenShift installer when an account role is assumed. This option is only required for custom account roles that expect an external ID.
+<6> By default, the cluster-specific Operator role names are prefixed with the cluster name and a random 4-digit hash. You can optionally specify a custom prefix to replace `<cluster_name>-<hash>` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _Defining an Operator IAM role prefix_.
 +
 [NOTE]
 ====
 If you specified custom ARN paths when you created the associated account-wide roles, the custom path is automatically detected. The custom path is applied to the cluster-specific Operator roles when you create them in a later step.
 ====
-<4> Multiple availability zones are recommended for production workloads. The default is a single availability zone.
-<5> Enable this option if you are using your own AWS KMS key to encrypt the control plane, infrastructure, worker node root volumes, and PVs. Specify the ARN for the KMS key that you added to the account-wide role ARN to in the preceding step.
+<7> Optional: Specify a tag that is used on all resources created by {product-title} in AWS. Tags can help you manage, identify, organize, search for, and filter resources within AWS. Tags are comma separated, for example: "key value, foo bar".
++
+[IMPORTANT]
+====
+{product-title} only supports custom tags to Red Hat OpenShift resources during cluster creation. Once added, the tags cannot be removed or edited.
+Tags that are added by Red Hat are required for clusters to stay in compliance with Red Hat production service level agreements (SLAs). These tags must not be removed.
+
+{product-title} does not support adding additional tags outside of ROSA cluster-managed resources. These tags can be lost when AWS resources are managed by the ROSA cluster. In these cases, you might need custom solutions or tools to reconcile the tags and keep them intact.
+====
+<8> Optional: Multiple availability zones are recommended for production workloads. The default is a single availability zone.
+<9> Optional: You can create a cluster in an existing VPC, or ROSA can create a new VPC to use.
++
+[WARNING]
+====
+You cannot install a ROSA cluster into an existing VPC that was created by the OpenShift installer. These VPCs are created during the cluster deployment process and must only be associated with a single cluster to ensure that cluster provisioning and deletion operations work correctly.
+
+To verify whether a VPC was created by the OpenShift installer, check for the `owned` value on the `kubernetes.io/cluster/<infra-id>` tag. For example, when viewing the tags for the VPC named `mycluster-12abc-34def`, the `kubernetes.io/cluster/mycluster-12abc-34def` tag has a value of `owned`. Therefore, the VPC was created by the installer and must not be modified by the administrator.
+====
+<10> Optional: Enable this option if you are using your own AWS KMS key to encrypt the control plane, infrastructure, worker node root volumes, and PVs. Specify the ARN for the KMS key that you added to the account-wide role ARN in the preceding step.
 +
 [IMPORTANT]
 ====
@@ -271,14 +302,15 @@ Only persistent volumes (PVs) created from the default storage class are encrypt
 PVs created by using any other storage class are still encrypted, but the PVs are not encrypted with this key unless the storage class is specifically configured to use this key.
 ====
 
-<6> Enable this option only if your use case requires etcd key value encryption in addition to the control plane storage encryption that encrypts the etcd volumes by default. With this option, the etcd key values are encrypted, but not the keys.
+<11> Optional: You can select additional custom security groups to use in your cluster. You must have already created the security groups and associated them with the VPC you selected for this cluster. You cannot add or edit security groups for the default machine pools after you create the machine pool. For more information, see the requirements for _Security groups_ under _Additional resources_.
+<12> Optional: Enable this option only if your use case requires etcd key value encryption in addition to the control plane storage encryption that encrypts the etcd volumes by default. With this option, the etcd key values are encrypted but not the keys.
 +
 [IMPORTANT]
 ====
 By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Red Hat recommends that you enable etcd encryption only if you specifically require it for your use case.
 ====
 +
-<7> The output includes a custom command that you can run to create a cluster with the same configuration in the future.
+<13> The output includes a custom command that you can run to create a cluster with the same configuration in the future.
 --
 +
 As an alternative to using the `--interactive` mode, you can specify the customization options directly when you run the `rosa create cluster` command. Run the `rosa create cluster --help` command to view a list of available CLI options, or see _create cluster_ in _Managing objects with the ROSA CLI_.
@@ -308,11 +340,15 @@ If you specified custom ARN paths when you created the associated account-wide r
 +
 [IMPORTANT]
 ====
-The EBS operator role is required in addition to the account roles to successfully create your cluster.
+The EBS Operator role is required in addition to the account roles to successfully create your cluster.
+
+This role must be attached with the `ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credentials` policy, an IAM policy required by ROSA to manage back-end storage through the Container Storage Interface (CSI).
+
+For more information about the policies and permissions that the cluster Operators require, see _Methods of account-wide role creation_.
 .Example EBS Operator role
 `"arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cluster-csi-drivers-ebs-cloud-credent"`
 
-After you create your Operator Roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
+After you create your Operator roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
 ====
 
 . Create the OpenID Connect (OIDC) provider that the cluster Operators use to authenticate:
@@ -364,13 +400,18 @@ Operator IAM Roles:
  - arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-machine-api-aws-cloud-credentials
  - arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cloud-credential-operator-cloud-crede
  - arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-image-registry-installer-cloud-creden
+Ec2 Metadata Http Tokens:   optional
 State:                      ready
 Private:                    No
 Created:                    Oct  1 2021 08:12:25 UTC
 Details Page:               https://console.redhat.com/openshift/details/s/<subscription_id>
-OIDC Endpoint URL:          https://rh-oidc.s3.<aws_region>.amazonaws.com/<cluster_id>
+OIDC Endpoint URL:          https://oidc.op1.openshiftapps.com/<cluster_id>|<oidc_config_id> \ <1>
 ----
 +
+--
+1. The endpoint URL depends on the BYO OIDC configuration. If you are pre-creating the OIDC configuration, the URL ends with the `<oidc_config_id>` value; otherwise, the URL ends with the `<cluster-ID>` value.
+--
++
 The following `State` field changes are listed in the output as the cluster installation progresses:
 +
 * `waiting (Waiting for OIDC configuration)`
diff --git a/modules/rosa-sts-creating-a-cluster-with-customizations-ocm.adoc b/modules/rosa-sts-creating-a-cluster-with-customizations-ocm.adoc
index d28a0cf5e7dc..9fdc16d3077e 100644
--- a/modules/rosa-sts-creating-a-cluster-with-customizations-ocm.adoc
+++ b/modules/rosa-sts-creating-a-cluster-with-customizations-ocm.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-creating-cluster-customizations-ocm_{context}"]
 = Creating a cluster with customizations by using {cluster-manager}
 
@@ -13,22 +13,12 @@ When you create a {product-title} (ROSA) cluster that uses the AWS Security Toke
 Only public and AWS PrivateLink clusters are supported with STS. Regular private clusters (non-PrivateLink) are not available for use with STS.
 ====
 
-[NOTE]
-====
-link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[AWS Shared VPCs] are not currently supported for ROSA installations.
-====
-
 .Prerequisites
 
 * You have completed the AWS prerequisites for ROSA with STS.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
-* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
-+
-[NOTE]
-====
-To successfully install ROSA clusters, use the latest version of the ROSA CLI.
-====
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
 * If you are configuring a cluster-wide proxy, you have verified that the proxy is accessible from the VPC that the cluster is being installed into. The proxy must also be accessible from the private subnets of the VPC.
 
@@ -150,7 +140,7 @@ $ rosa create account-roles
 +
 --
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 I: Logged in as '<red_hat_username>' on 'https://api.openshift.com'
 I: Validating AWS credentials...
@@ -158,7 +148,7 @@ I: AWS credentials are valid!
 I: Validating AWS quota...
 I: AWS quota ok. If cluster installation fails, validate actual AWS resource usage against https://docs.openshift.com/rosa/rosa_getting_started/rosa-required-aws-service-quotas.html
 I: Verifying whether OpenShift command-line tool is available...
-I: Current OpenShift Client Version: 4.13.0
+I: Current OpenShift Client Version: {product-version}.0
 I: Creating account roles
 ? Role prefix: ManagedOpenShift <1>
 ? Permissions boundary ARN (optional): <2>
@@ -229,12 +219,16 @@ PVs created by using any other storage class are only encrypted if the storage c
 +
 [IMPORTANT]
 ====
-The EBS operator role is required in addition to the account roles to successfully create your cluster.
+The EBS Operator role is required in addition to the account roles to successfully create your cluster.
+
+This role must be attached with the `ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credentials` policy, an IAM policy required by ROSA to manage back-end storage through the Container Storage Interface (CSI).
+
+For more information about the policies and permissions that the cluster Operators require, see _Methods of account-wide role creation_.
 
 .Example EBS Operator role
 `"arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cluster-csi-drivers-ebs-cloud-credent"`
 
-After you create your Operator Roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
+After you create your Operator roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
 ====
 
 .. Click *Next*.
@@ -264,6 +258,13 @@ Alternatively, you can set your autoscaling preferences for the default machine
 ** If you deployed your cluster using a single availability zone, select a *Compute node count* from the drop-down menu. This defines the number of compute nodes to provision to the machine pool for the zone.
 ** If you deployed your cluster using multiple availability zones, select a *Compute node count (per zone)* from the drop-down menu. This defines the number of compute nodes to provision to the machine pool per zone.
 
+. Optional: Select an EC2 Instance Metadata Service (IMDS) configuration - `optional` (default) or `required` - to enforce use of IMDSv2. For more information regarding IMDS, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html[Instance metadata and user data] in the AWS documentation.
++
+[IMPORTANT]
+====
+The Instance Metadata Service settings cannot be changed after your cluster is created.
+====
+
 . Optional: Expand *Edit node labels* to add labels to your nodes. Click *Add label* to add more node labels and select *Next*.
 
 . In the *Cluster privacy* section of the *Network configuration* page, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
@@ -284,9 +285,11 @@ If you are using private API endpoints, you cannot access your cluster until you
 
 . Optional: If you opted to use public API endpoints, by default a new VPC is created for your cluster. If you want to install your cluster in an existing VPC instead, select *Install into an existing VPC*.
 +
-[IMPORTANT]
+[WARNING]
 ====
-To avoid cluster failure issues, do not install a ROSA cluster in an existing VPC created by the previous cluster's ROSA installer. If the cluster that created the VPC during the installation is deleted, the associated installer-created VPC also gets deleted, resulting in the failure of all the clusters installed in the same VPC.
+You cannot install a ROSA cluster into an existing VPC that was created by the OpenShift installer. These VPCs are created during the cluster deployment process and must only be associated with a single cluster to ensure that cluster provisioning and deletion operations work correctly.
+
+To verify whether a VPC was created by the OpenShift installer, check for the `owned` value on the `kubernetes.io/cluster/<infra-id>` tag. For example, when viewing the tags for the VPC named `mycluster-12abc-34def`, the `kubernetes.io/cluster/mycluster-12abc-34def` tag has a value of `owned`. Therefore, the VPC was created by the installer and must not be modified by the administrator.
 ====
 +
 [NOTE]
@@ -304,6 +307,11 @@ If you opted to use private API endpoints, you must use an existing VPC and Priv
 ====
 You must ensure that your VPC is configured with a public and a private subnet for each availability zone that you want the cluster installed into. If you opted to use PrivateLink, only private subnets are required.
 ====
+.. Optional: Expand *Additional security groups* and select additional custom security groups to apply to nodes in the machine pools created by default. You must have already created the security groups and associated them with the VPC you selected for this cluster. You cannot add or edit security groups to the default machine pools after you create the cluster.
++
+By default, the security groups you specify will be added for all node types. Uncheck the *Apply the same security groups to all node types (control plane, infrastructure and worker)* checkbox to select different security groups for each node type.
++
+For more information, see the requirements for _Security groups_ under _Additional resources_.
 
 . If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page:
 +
@@ -412,11 +420,16 @@ If you opted to use *Auto* mode, {cluster-manager} creates the Operator roles an
 +
 [IMPORTANT]
 ====
-The EBS operator role is required in addition to the account roles to successfully create your cluster.
+The EBS Operator role is required in addition to the account roles to successfully create your cluster.
+
+This role must be attached with the `ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credentials` policy, an IAM policy required by ROSA to manage back-end storage through the Container Storage Interface (CSI).
+
+For more information about the policies and permissions that the cluster Operators require, see _Methods of account-wide role creation_.
+
 .Example EBS Operator role
 `"arn:aws:iam::<aws_account_id>:role/<cluster_name>-xxxx-openshift-cluster-csi-drivers-ebs-cloud-credent"`
 
-After you create your Operator Roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
+After you create your Operator roles, you must edit the _Key Policy_ in the link:https://console.aws.amazon.com/kms[*Key Management Service (KMS)* page of the AWS Console] to add the roles.
 ====
 
 .Verification
diff --git a/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc b/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc
index 56aa298fe406..10d1333030e7 100644
--- a/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc
+++ b/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc
@@ -3,7 +3,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
 // * rosa_getting_started/rosa-quickstart-guide-ui.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
 = Creating the account-wide STS roles and policies
 
@@ -22,12 +22,7 @@ ifdef::quick-install[]
 * You have completed the AWS prerequisites for ROSA with STS.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
-* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
-+
-[NOTE]
-====
-To successfully install ROSA clusters, use the latest version of the ROSA CLI.
-====
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
 * You have logged in to your Red Hat account by using the ROSA CLI.
 endif::[]
 
diff --git a/modules/rosa-sts-interactive-cluster-creation-mode-options.adoc b/modules/rosa-sts-interactive-cluster-creation-mode-options.adoc
index ca6b3538dad7..3b8a77794004 100644
--- a/modules/rosa-sts-interactive-cluster-creation-mode-options.adoc
+++ b/modules/rosa-sts-interactive-cluster-creation-mode-options.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-sts-interactive-cluster-creation-mode-options_{context}"]
 = Interactive cluster creation mode options
 
@@ -19,11 +19,24 @@ The following table describes the interactive cluster creation mode options:
 |`Cluster name`
 |Enter a name for your cluster, for example `my-rosa-cluster`.
 
+|`Deploy cluster with Hosted Control Plane (optional)`
+|Enable the use of Hosted Control Planes.
+[IMPORTANT]
+====
+The ROSA with Hosted Control Planes functionality is currently offered as a Technology Preview. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete.
+====
+
+|`Create cluster admin user`
+|Create a cluster administrator user when you create your cluster using the htpasswd identity provider. The username must not contain `/`, `:`, or `%`. The password must be at least 14 characters (ASCII-standard) without whitespaces.
+
 |`Deploy cluster using AWS STS`
 |Create an OpenShift cluster that uses the AWS Security Token Service (STS) to allocate temporary, limited-privilege credentials for component-specific AWS Identity and Access Management (IAM) roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices. The default is `Yes`.
 
 |`OpenShift version`
-|Select the version of OpenShift to install, for example `4.13`. The default is the latest version.
+|Select the version of OpenShift to install, for example {product-version}. The default is the latest version.
+
+|`Configure the use of IMDSv2 for ec2 instances optional/required (optional)`
+|Specify whether all EC2 instances will use both v1 and v2 endpoints of EC2 Instance Metadata Service (IMDS)(optional) or only IMDSv2 (required).
 
 |`Installer role ARN`
 |If you have more than one set of account roles in your AWS account for your cluster version, a list of installer role ARNs are provided. Select the ARN for the installer role that you want to use with your cluster. The cluster uses the account-wide roles and policies that relate to the selected installer role.
@@ -34,6 +47,19 @@ The following table describes the interactive cluster creation mode options:
 |`Operator roles prefix`
 |Enter a prefix to assign to the cluster-specific Operator IAM roles. The default is the name of the cluster and a 4-digit random string, for example `my-rosa-cluster-a0b1`.
 
+|`Deploy cluster using pre registered OIDC Configuration ID`
+|Specify if you want to use a preconfigured OIDC configuration or if you want to create a new OIDC configuration as part of the cluster creation process.
+
+|`Tags (optional)`
+|Specify a tag that is used on all resources created by {product-title} in AWS. Tags can help you manage, identify, organize, search for, and filter resources within AWS. Tags are comma separated, for example: "key value, foo bar".
+[IMPORTANT]
+====
+{product-title} only supports custom tags to Red Hat OpenShift resources during cluster creation. Once added, the tags cannot be removed or edited.
+Tags that are added by Red Hat are required for clusters to stay in compliance with Red Hat production service level agreements (SLAs). These tags must not be removed.
+
+{product-title} does not support adding additional tags outside of ROSA cluster-managed resources. These tags can be lost when AWS resources are managed by the ROSA cluster. In these cases, you might need custom solutions or tools to reconcile the tags and keep them intact.
+====
+
 |`Multiple availability zones (optional)`
 |Deploy the cluster to multiple availability zones in the AWS region. The default is `No`, which results in a cluster being deployed to a single availability zone. If you deploy a cluster into multiple availability zones, the AWS region must have at least 3 availability zones. Multiple availability zones are recommended for production workloads.
 
@@ -43,11 +69,20 @@ The following table describes the interactive cluster creation mode options:
 |`PrivateLink cluster (optional)`
 |Create a cluster using AWS PrivateLink. This option provides private connectivity between Virtual Private Clouds (VPCs), AWS services, and your on-premise networks, without exposing your traffic to the public internet. To provide support, Red Hat Site Reliability Engineering (SRE) can connect to the cluster by using AWS PrivateLink Virtual Private Cloud (VPC) endpoints. This option cannot be changed after a cluster is created. The default is `No`.
 
+|`Machine CIDR`
+|Specify the IP address range for machines (cluster nodes), which must encompass all CIDR address ranges for your VPC subnets. Subnets must be contiguous. A minimum IP address range of 128 addresses, using the subnet prefix `/25`, is supported for single availability zone deployments. A minimum address range of 256 addresses, using the subnet prefix `/24`, is supported for deployments that use multiple availability zones. The default is `10.0.0.0/16`. This range must not conflict with any connected networks.
+
+|`Service CIDR`
+|Specify the IP address range for services. It is recommended, but not required, that the address block is the same between clusters. This will not create IP address conflicts. The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `172.30.0.0/16`.
+
+|`Pod CIDR`
+|Specify the IP address range for pods. It is recommended, but not required, that the address block is the same between clusters. This will not create IP address conflicts. The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `10.128.0.0/14`.
+
 |`Install into an existing VPC (optional)`
 |Install a cluster into an existing AWS VPC. To use this option, your VPC must have 2 subnets for each availability zone that you are installing the cluster into. The default is `No`.
 
 |`Select availability zones (optional)`
-|Specify the availability zones to use when installing into an existing AWS VPC. Use a comma-separated list to provide the availability zones. If you specify `No`, the installer selects the availability zones automatically.
+|Specify the availability zones that are used when installing into an existing AWS VPC. Use a comma-separated list to provide the availability zones. If you specify `No`, the installer selects the availability zones automatically.
 
 |`Enable customer managed key (optional)`
 |Enable this option to use a specific AWS Key Management Service (KMS) key as the encryption key for persistent data. This key functions as the encryption key for control plane, infrastructure, and worker node root volumes. The key is also configured on the default storage class to ensure that persistent volumes created with the default storage class will be encrypted with the specific KMS key. When disabled, the account KMS key for the specified region is used by default to ensure persistent data is always encrypted. The default is `No`.
@@ -58,26 +93,32 @@ The following table describes the interactive cluster creation mode options:
 |`Enable autoscaling (optional)`
 |Enable compute node autoscaling. The autoscaler adjusts the size of the cluster to meet your deployment demands. The default is `No`.
 
-|`Compute nodes`
-|Specify the number of compute nodes to provision into each availability zone. Clusters deployed in a single availability zone require at least 2 nodes. Clusters deployed in multiple zones must have at least 3 nodes. The maximum number of worker nodes is 180 nodes. The default value is `2`.
+|`Additional Compute Security Group IDs (optional)`
+|Select the additional custom security group IDs that are used with the standard machine pool created along side the cluster. The default is none selected. Only security groups associated with the selected VPC are displayed. You can select a maximum of 5 additional security groups.
 
-|`Machine CIDR`
-|Specify the IP address range for machines (cluster nodes), which must encompass all CIDR address ranges for your VPC subnets. Subnets must be contiguous. A minimum IP address range of 128 addresses, using the subnet prefix `/25`, is supported for single availability zone deployments. A minimum address range of 256 addresses, using the subnet prefix `/24`, is supported for deployments that use multiple availability zones. The default is `10.0.0.0/16`. This range must not conflict with any connected networks.
+|`Additional Infra Security Group IDs (optional)`
+|Select the additional custom security group IDs that are used with the infra nodes created along side the cluster. The default is none selected. Only security groups associated with the selected VPC are displayed. You can select a maximum of 5 additional security groups.
 
-|`Service CIDR`
-|Specify the IP address range for services. The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `172.30.0.0/16`. It is recommended that they are the same between clusters.
+|`Additional Control Plane Security Group IDs (optional)`
+|Select the additional custom security group IDs that are used with the control plane nodes created along side the cluster. The default is none selected. Only security groups associated with the selected VPC are displayed. You can select a maximum of 5 additional security groups.
 
-|`Pod CIDR`
-|Specify the IP address range for pods. The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `10.128.0.0/14`. It is recommended that they are the same between clusters.
+|`Compute nodes`
+|Specify the number of compute nodes to provision into each availability zone. Clusters deployed in a single availability zone require at least 2 nodes. Clusters deployed in multiple zones must have at least 3 nodes. The maximum number of worker nodes is 180 nodes. The default value is `2`.
+
+|`Default machine pool labels (optional)`
+|Specify the labels for the default machine pool. The label format should be a comma-separated list of key-value pairs. This list will overwrite any modifications made to node labels on an ongoing basis.
 
 |`Host prefix`
 |Specify the subnet prefix length assigned to pods scheduled to individual machines. The host prefix determines the pod IP address pool for each machine. For example, if the host prefix is set to `/23`, each machine is assigned a `/23` subnet from the pod CIDR address range. The default is `/23`, allowing 512 cluster nodes and 512 pods per node, both of which are beyond our supported maximums. For information on the supported maximums, see the Additional resources section below.
 
-|`fips (optional)`
+|`Machine pool root disk size (GiB or TiB)`
+|Specify the size of the machine pool root disk. This value must include a unit suffix like GiB or TiB, for example the default value of `300GiB`.
+
+|`Enable FIPS support (optional)`
 |Enable or disable FIPS mode. The default is `false` (disabled). If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with RHCOS instead.
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 
 |`Encrypt etcd data (optional)`
@@ -91,4 +132,16 @@ By enabling etcd encryption for the key values in etcd, you will incur a perform
 |`Disable workload monitoring (optional)`
 |Disable monitoring for user-defined projects. Monitoring for user-defined projects is enabled by default.
 
+|`Route Selector for ingress (optional)`
+|Specify the route selector for your ingress. The format should be a comma-separated list of key-value pairs. If you do not specify a label, all routes will be exposed on both routers. For legacy ingress support, these labels are inclusion labels; otherwise, they are treated as exclusion labels.
+
+|`Excluded namespaces for ingress (optional)`
+|Specify the excluded namespaces for your ingress. The format should be a comma-separated list `value1, value2...`. If you do not specify any values, all namespaces will be exposed.
+
+|`Wildcard Policy (optional, choose 'Skip' to skip selection. The default value will be supplied.)`
+|Choose the wildcard policy for your ingress. The options are `WildcardsDisallowed` and `WildcardsAllowed`. Default is `WildcardsDisallowed`.
+
+|`Namespace Ownership Policy (optional, choose 'Skip' to skip selection. The default value will be supplied.)`
+|Choose the namespace ownership policy for your ingress. The options are `Strict` and `InterNamespaceAllowed`. The default is `Strict`.
+
 |===
diff --git a/modules/rosa-sts-interactive-ocm-and-user-role-creation-mode-options.adoc b/modules/rosa-sts-interactive-ocm-and-user-role-creation-mode-options.adoc
index c4caa00ff581..661ff81eb6a6 100644
--- a/modules/rosa-sts-interactive-ocm-and-user-role-creation-mode-options.adoc
+++ b/modules/rosa-sts-interactive-ocm-and-user-role-creation-mode-options.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-sts-interactive-ocm-and-user-role-creation-mode-options_{context}"]
 = Interactive OCM and user role creation mode options
 
diff --git a/modules/rosa-sts-ocm-and-user-role-troubleshooting.adoc b/modules/rosa-sts-ocm-and-user-role-troubleshooting.adoc
index ec029367d264..1a0651de73f2 100644
--- a/modules/rosa-sts-ocm-and-user-role-troubleshooting.adoc
+++ b/modules/rosa-sts-ocm-and-user-role-troubleshooting.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-iam-resources.adoc
+// * support/rosa-troubleshooting-iam-resources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-ocm-roles-and-permissions-troubleshooting_{context}"]
 = Resolving issues with ocm-roles and user-role IAM resources
 
diff --git a/modules/rosa-sts-ocm-role-creation.adoc b/modules/rosa-sts-ocm-role-creation.adoc
index a8563913c350..c42e31188ab8 100644
--- a/modules/rosa-sts-ocm-role-creation.adoc
+++ b/modules/rosa-sts-ocm-role-creation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //* rosa_architecture/rosa-sts-about-iam-resources.adoc
-// * sd_support/rosa-troubleshooting-iam-resources.adoc
+// * support/rosa-troubleshooting-iam-resources.adoc
 // * rosa_planning/rosa-sts-ocm-role.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-ocm-roles-and-permissions-iam-basic-role_{context}"]
 = Creating an ocm-role IAM role
 
@@ -38,16 +38,18 @@ This command allows you create the role by specifying specific attributes. The f
 I: Creating ocm role
 ? Role prefix: ManagedOpenShift <1>
 ? Enable admin capabilities for the OCM role (optional): No <2>
-? Permissions boundary ARN (optional):  <3>
-? Role creation mode: auto <4>
+? Permissions boundary ARN (optional): <3>
+? Role Path (optional): <4>
+? Role creation mode: auto <5>
 I: Creating role using 'arn:aws:iam::<ARN>:user/<UserName>'
-? Create the 'ManagedOpenShift-OCM-Role-182' role? Yes <5>
+? Create the 'ManagedOpenShift-OCM-Role-182' role? Yes <6>
 I: Created role 'ManagedOpenShift-OCM-Role-182' with ARN  'arn:aws:iam::<ARN>:role/ManagedOpenShift-OCM-Role-182'
 I: Linking OCM role
-? OCM Role ARN: arn:aws:iam::<ARN>:role/ManagedOpenShift-OCM-Role-182 <6>
-? Link the 'arn:aws:iam::<ARN>:role/ManagedOpenShift-OCM-Role-182' role with organization '<AWS ARN'? Yes <7>
+? OCM Role ARN: arn:aws:iam::<ARN>:role/ManagedOpenShift-OCM-Role-182 <7>
+? Link the 'arn:aws:iam::<ARN>:role/ManagedOpenShift-OCM-Role-182' role with organization '<AWS ARN>'? Yes <8>
 I: Successfully linked role-arn 'arn:aws:iam::<ARN>:role/ManagedOpenShift-OCM-Role-182' with organization account '<AWS ARN>'
 ----
+
 <1> A prefix value for all of the created AWS resources. In this example, `ManagedOpenShift` prepends all of the AWS resources.
 <2> Choose if you want this role to have the additional admin permissions.
 +
@@ -57,7 +59,8 @@ You do not see this prompt if you used the `--admin` option.
 ====
 +
 <3> The Amazon Resource Name (ARN) of the policy to set permission boundaries.
-<4> Choose the method of how to create your AWS roles. Using `auto`, the ROSA CLI generates and links the roles and policies. In the `auto` mode, you receive some different prompts to create the AWS roles.
-<5> The auto method asks if you want to create a specific `ocm-role` using your prefix.
-<6> Confirm that you want to associate your IAM role with your {cluster-manager}.
-<7> Links the created role with your AWS organization.
+<4> Specify an IAM path for the user name.
+<5> Choose the method to create your AWS roles. Using `auto`, the ROSA CLI generates and links the roles and policies. In the `auto` mode, you receive some different prompts to create the AWS roles.
+<6> The `auto` method asks if you want to create a specific `ocm-role` using your prefix.
+<7> Confirm that you want to associate your IAM role with your {cluster-manager}.
+<8> Links the created role with your AWS organization.
diff --git a/modules/rosa-sts-oidc-provider-command.adoc b/modules/rosa-sts-oidc-provider-command.adoc
index eaa0ff6e1d6e..e2a072d44743 100644
--- a/modules/rosa-sts-oidc-provider-command.adoc
+++ b/modules/rosa-sts-oidc-provider-command.adoc
@@ -3,7 +3,7 @@
 // * rosa_architecture/rosa-sts-about-iam-resources.adoc
 // * rosa_architecture/rosa_policy_service_definition/rosa-oidc-overview.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-oidc-provider-for-operators-aws-cli_{context}"]
 = Creating an OIDC provider using the CLI
 
@@ -32,11 +32,12 @@ When using `manual` mode, the `aws` command is printed to the terminal for your
 [source,terminal]
 ----
 aws iam create-open-id-connect-provider \
-	--url https://rh-oidc.s3.<aws_region>.amazonaws.com/<cluster_id> \
+	--url https://oidc.op1.openshiftapps.com/<oidc_config_id> \// <1>
 	--client-id-list openshift sts.<aws_region>.amazonaws.com \
-	--thumbprint-list <thumbprint> <1>
+	--thumbprint-list <thumbprint> <2>
 ----
-<1> The thumbprint is generated automatically when you run the `rosa create oidc-provider` command. For more information about using thumbprints with AWS Identity and Access Management (IAM) OpenID Connect (OIDC) identity providers, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html[the AWS documentation].
+<1> The URL used to reach the OpenID Connect (OIDC) identity provider after the cluster is created.
+<2> The thumbprint is generated automatically when you run the `rosa create oidc-provider` command. For more information about using thumbprints with AWS Identity and Access Management (IAM) OIDC identity providers, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html[the AWS documentation].
 
 ** Registered OIDC configurations use an OIDC configuration ID. Run the following command with your OIDC configuration ID:
 +
diff --git a/modules/rosa-sts-operator-role-commands.adoc b/modules/rosa-sts-operator-role-commands.adoc
index 8cc9ef2b1fd0..745a73c5aaa8 100644
--- a/modules/rosa-sts-operator-role-commands.adoc
+++ b/modules/rosa-sts-operator-role-commands.adoc
@@ -23,7 +23,7 @@ When using `manual` mode, the `aws` commands are printed to the terminal for you
 aws iam create-role \
 	--role-name <cluster_name>-<hash>-openshift-cluster-csi-drivers-ebs-cloud-credent \
 	--assume-role-policy-document file://operator_cluster_csi_drivers_ebs_cloud_credentials_policy.json \
-	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
+	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cluster-csi-drivers Key=operator_name,Value=ebs-cloud-credentials
 
 aws iam attach-role-policy \
 	--role-name <cluster_name>-<hash>-openshift-cluster-csi-drivers-ebs-cloud-credent \
@@ -32,7 +32,7 @@ aws iam attach-role-policy \
 aws iam create-role \
 	--role-name <cluster_name>-<hash>-openshift-machine-api-aws-cloud-credentials \
 	--assume-role-policy-document file://operator_machine_api_aws_cloud_credentials_policy.json \
-	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
+	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-machine-api Key=operator_name,Value=aws-cloud-credentials
 
 aws iam attach-role-policy \
 	--role-name <cluster_name>-<hash>-openshift-machine-api-aws-cloud-credentials \
@@ -41,7 +41,7 @@ aws iam attach-role-policy \
 aws iam create-role \
 	--role-name <cluster_name>-<hash>-openshift-cloud-credential-operator-cloud-crede \
 	--assume-role-policy-document file://operator_cloud_credential_operator_cloud_credential_operator_iam_ro_creds_policy.json \
-	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
+	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-cloud-credential-operator Key=operator_name,Value=cloud-credential-operator-iam-ro-creds
 
 aws iam attach-role-policy \
 	--role-name <cluster_name>-<hash>-openshift-cloud-credential-operator-cloud-crede \
@@ -50,7 +50,7 @@ aws iam attach-role-policy \
 aws iam create-role \
 	--role-name <cluster_name>-<hash>-openshift-image-registry-installer-cloud-creden \
 	--assume-role-policy-document file://operator_image_registry_installer_cloud_credentials_policy.json \
-	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
+	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-image-registry Key=operator_name,Value=installer-cloud-credentials
 
 aws iam attach-role-policy \
 	--role-name <cluster_name>-<hash>-openshift-image-registry-installer-cloud-creden \
@@ -59,7 +59,7 @@ aws iam attach-role-policy \
 aws iam create-role \
 	--role-name <cluster_name>-<hash>-openshift-ingress-operator-cloud-credentials \
 	--assume-role-policy-document file://operator_ingress_operator_cloud_credentials_policy.json \
-	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=4.8 Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
+	--tags Key=rosa_cluster_id,Value=<id> Key=rosa_openshift_version,Value=<openshift_version> Key=rosa_role_prefix,Value= Key=operator_namespace,Value=openshift-ingress-operator Key=operator_name,Value=cloud-credentials
 
 aws iam attach-role-policy \
 	--role-name <cluster_name>-<hash>-openshift-ingress-operator-cloud-credentials \
diff --git a/modules/rosa-sts-operator-roles.adoc b/modules/rosa-sts-operator-roles.adoc
index d5f621cf0745..25433e3f4dbf 100644
--- a/modules/rosa-sts-operator-roles.adoc
+++ b/modules/rosa-sts-operator-roles.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_architecture/rosa-sts-about-iam-resources.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-sts-operator-roles_{context}"]
 = Cluster-specific Operator IAM role reference
 
diff --git a/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc b/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc
index ec645db5fe3d..795e030a0ccf 100644
--- a/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc
+++ b/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc
@@ -10,19 +10,24 @@ endif::[]
 ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
 :rosa-standalone:
 endif::[]
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:rosa-terraform:
+endif::[]
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-overview-of-the-default-cluster-specifications_{context}"]
 = Overview of the default cluster specifications
 
-You can quickly create a 
+ifndef::rosa-terraform[]
+You can quickly create a
 ifdef::rosa-hcp[]
-{hcp-title} 
+{hcp-title}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-{product-title} (ROSA) 
+{product-title} (ROSA)
 endif::rosa-hcp[]
 cluster with the AWS Security Token Service (STS) by using the default installation options. The following summary describes the default cluster specifications.
+endif::rosa-terraform[]
 
 ifdef::rosa-hcp[]
 .Default {hcp-title} cluster specifications
@@ -30,6 +35,7 @@ endif::rosa-hcp[]
 ifdef::rosa-standalone[]
 .Default ROSA with STS cluster specifications
 endif::rosa-standalone[]
+
 [cols=".^1,.^3a",options="header"]
 |===
 
@@ -37,14 +43,29 @@ endif::rosa-standalone[]
 |Default specifications
 
 |Accounts and roles
-|* Default IAM role prefix: `ManagedOpenShift`
+|
+ifdef::rosa-terraform[]
+* Default IAM role prefix: `rosa-<6-digit-alphanumeric-string>`
+endif::rosa-terraform[]
+ifndef::rosa-terraform[]
+* Default IAM role prefix: `ManagedOpenShift`
+endif::rosa-terraform[]
+* No cluster admin role created
 
 |Cluster settings
-|* Default cluster version: Latest
+|
+ifdef::rosa-terraform[]
+* Default cluster version: `4.15.0`
+* Cluster name: `rosa-<6-digit-alphanumeric-string>`
+endif::rosa-terraform[]
+ifndef::rosa-terraform[]
+* Default cluster version: Latest
+endif::rosa-terraform[]
 ifndef::rosa-hcp[]
 * Default AWS region for installations using the {cluster-manager-first} {hybrid-console-second}: us-east-1 (US East, North Virginia)
 endif::rosa-hcp[]
 * Default AWS region for installations using the ROSA CLI (`rosa`): Defined by your `aws` CLI configuration
+* Default EC2 IMDS endpoints (both v1 and v2) are enabled
 * Availability: Single zone for the data plane
 * Monitoring for user-defined projects: Enabled
 
@@ -71,13 +92,23 @@ endif::rosa-hcp[]
 
 |Networking configuration
 |* Cluster privacy: Public
+ifdef::rosa-hcp[]
 * You must have configured your own Virtual Private Cloud (VPC)
+endif::rosa-hcp[]
 * No cluster-wide proxy is configured
 
 |Classless Inter-Domain Routing (CIDR) ranges
-|* Machine CIDR: 10.0.0.0/16
+|
+ifdef::rosa-terraform[]
+* Machine CIDR: 10.0.0.0/16
+* Service CIDR: 172.30.0.0/16
+* Pod CIDR: 10.128.0.0/14
+endif::rosa-terraform[]
+ifndef::rosa-terraform[]
+* Machine CIDR: 10.0.0.0/16
 * Service CIDR: 172.30.0.0/16
 * Pod CIDR: 10.128.0.0/16
+endif::rosa-terraform[]
 * Host prefix: /23
 +
 ifdef::rosa-hcp[]
@@ -94,7 +125,12 @@ endif::rosa-hcp[]
 ====
 For installations using the {cluster-manager} {hybrid-console-second}, the `auto` mode requires an admin-privileged {cluster-manager} role.
 ====
+ifdef::rosa-terraform[]
+* Default Operator role prefix: `rosa-<6-digit-alphanumeric-string>`
+endif::rosa-terraform[]
+ifndef::rosa-terraform[]
 * Default Operator role prefix: `<cluster_name>-<4_digit_random_string>`
+endif::rosa-terraform[]
 
 |Cluster update strategy
 |* Individual updates
@@ -103,8 +139,11 @@ For installations using the {cluster-manager} {hybrid-console-second}, the `auto
 |===
 
 ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"]
-:rosa-hcp:
+:!rosa-hcp:
 endif::[]
 ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
-:rosa-standalone:
+:!rosa-standalone:
+endif::[]
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly-terraform"]
+:!rosa-terraform:
 endif::[]
\ No newline at end of file
diff --git a/modules/rosa-sts-setting-up-environment.adoc b/modules/rosa-sts-setting-up-environment.adoc
index bb1d9f988923..6b302187e4c7 100644
--- a/modules/rosa-sts-setting-up-environment.adoc
+++ b/modules/rosa-sts-setting-up-environment.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_planning/rosa-sts-setting-up-environment.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-setting-up-environment_{context}"]
 
 = Setting up the environment for STS
@@ -54,7 +54,7 @@ $ aws sts get-caller-identity
 ----
 +
 . Install the latest version of the ROSA CLI (`rosa`).
-.. Download the link:https://access.redhat.com/products/red-hat-openshift-service-aws/[latest release] of the ROSA CLI for your operating system.
+.. Download the latest release of the link:https://console.redhat.com/openshift/downloads[ROSA CLI] for your operating system.
 .. Optional: Rename the file you downloaded to `rosa` and make the file executable. This documentation uses `rosa` to refer to the executable file.
 +
 [source,terminal]
diff --git a/modules/rosa-sts-support-considerations.adoc b/modules/rosa-sts-support-considerations.adoc
index 8deaacabe998..39350aedad39 100644
--- a/modules/rosa-sts-support-considerations.adoc
+++ b/modules/rosa-sts-support-considerations.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-support-considerations_{context}"]
 = Support considerations for ROSA clusters with STS
 
diff --git a/modules/rosa-sts-terraform-prerequisites.adoc b/modules/rosa-sts-terraform-prerequisites.adoc
new file mode 100644
index 000000000000..60517d63d7a1
--- /dev/null
+++ b/modules/rosa-sts-terraform-prerequisites.adoc
@@ -0,0 +1,114 @@
+// Module included in the following assemblies:
+//
+// * rosa_planning/rosa-understanding-terraform.adoc
+ifeval::["{context}" == "rosa-understanding-terraform"]
+:tf-full:
+endif::[]
+
+:_mod-docs-content-type: CONCEPT
+[id="rosa-sts-terraform-prerequisites_{context}"]
+ifdef::tf-full[]
+= Prerequisites for Terraform
+endif::tf-full[]
+ifndef::tf-full[]
+.Prerequisites
+endif::tf-full[]
+
+To use link:https://registry.terraform.io/providers/terraform-redhat/rhcs/latest/docs[the Red Hat Cloud Services provider] inside your Terraform configuration, you must meet the following prerequisites:
+
+* You have installed the {product-title} (ROSA) command-line interface (CLI) tool.
+ifdef::tf-full[]
++
+See the Additional resources for further installation instructions.
+endif::tf-full[]
+* You have your offline link:https://console.redhat.com/openshift/token/rosa[{cluster-manager-first} token].
+ifdef::tf-full[]
++
+This token is generated through the Red Hat Hybrid Cloud Console. It is unique to your account and should not be shared. The token is generated based off your account access and permissions.
+endif::tf-full[]
+* You have installed link:https://developer.hashicorp.com/terraform/downloads[Terraform version 1.4.6] or newer.
+ifdef::tf-full[]
++
+You must have Terraform configured for your local system. The Terraform website contains installation options for MacOS, Windows, and Linux.
+endif::tf-full[]
+ifndef::tf-full[]
+* You have created your AWS account-wide IAM roles.
++
+The specific account-wide IAM roles and policies provide the STS permissions required for ROSA support, installation, control plane, and compute functionality. This includes account-wide Operator policies. See the Additional resources for more information on the AWS account roles.
+endif::tf-full[]
+* You have an link:https://aws.amazon.com/free/?all-free-tier[AWS account] and link:https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html[associated credentials] that allow you to create resources. The credentials are configured for the AWS provider. See the link:https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration[Authentication and Configuration] section in AWS Terraform provider documentation.
+* You have, at minimum, the following permissions in your AWS IAM role policy that is operating Terraform. Check for these permissions in the AWS console.
++
+.Minimum AWS permissions for Terraform
+[%collapsible]
+====
+[source,json]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "VisualEditor0",
+      "Effect": "Allow",
+      "Action": [
+        "iam:GetPolicyVersion",
+        "iam:DeletePolicyVersion",
+        "iam:CreatePolicyVersion",
+        "iam:UpdateAssumeRolePolicy",
+        "secretsmanager:DescribeSecret",
+        "iam:ListRoleTags",
+        "secretsmanager:PutSecretValue",
+        "secretsmanager:CreateSecret",
+        "iam:TagRole",
+        "secretsmanager:DeleteSecret",
+        "iam:UpdateOpenIDConnectProviderThumbprint",
+        "iam:DeletePolicy",
+        "iam:CreateRole",
+        "iam:AttachRolePolicy",
+        "iam:ListInstanceProfilesForRole",
+        "secretsmanager:GetSecretValue",
+        "iam:DetachRolePolicy",
+        "iam:ListAttachedRolePolicies",
+        "iam:ListPolicyTags",
+        "iam:ListRolePolicies",
+        "iam:DeleteOpenIDConnectProvider",
+        "iam:DeleteInstanceProfile",
+        "iam:GetRole",
+        "iam:GetPolicy",
+        "iam:ListEntitiesForPolicy",
+        "iam:DeleteRole",
+        "iam:TagPolicy",
+        "iam:CreateOpenIDConnectProvider",
+        "iam:CreatePolicy",
+        "secretsmanager:GetResourcePolicy",
+        "iam:ListPolicyVersions",
+        "iam:UpdateRole",
+        "iam:GetOpenIDConnectProvider",
+        "iam:TagOpenIDConnectProvider",
+        "secretsmanager:TagResource",
+        "sts:AssumeRoleWithWebIdentity",
+        "iam:ListRoles"
+      ],
+      "Resource": [
+        "arn:aws:secretsmanager:*:<ACCOUNT_ID>:secret:*",
+        "arn:aws:iam::<ACCOUNT_ID>:instance-profile/*",
+        "arn:aws:iam::<ACCOUNT_ID>:role/*",
+        "arn:aws:iam::<ACCOUNT_ID>:oidc-provider/*",
+        "arn:aws:iam::<ACCOUNT_ID>:policy/*"
+      ]
+    },
+    {
+      "Sid": "VisualEditor1",
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+        ],
+      "Resource": "*"
+    }
+  ]
+}
+----
+====
+ifeval::["{context}" == "rosa-understanding-terraform"]
+:!tf-full:
+endif::[]
diff --git a/modules/rosa-sts-understanding-aws-account-association.adoc b/modules/rosa-sts-understanding-aws-account-association.adoc
index adeb2ee879ed..50583d9d5305 100644
--- a/modules/rosa-sts-understanding-aws-account-association.adoc
+++ b/modules/rosa-sts-understanding-aws-account-association.adoc
@@ -20,16 +20,16 @@ ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
 :rosa-standalone:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-understanding-aws-account-association_{context}"]
 = Understanding AWS account association
 
-Before you can use the {cluster-manager-first} {hybrid-console-second} to create 
+Before you can use the {cluster-manager-first} {hybrid-console-second} to create
 ifdef::rosa-hcp[]
-{hcp-title} 
+{hcp-title}
 endif::rosa-hcp[]
 ifndef::rosa-hcp[]
-{product-title} (ROSA) 
+{product-title} (ROSA)
 endif::rosa-hcp[]
 clusters that use the AWS Security Token Service (STS), you must associate your AWS account with your Red Hat organization. You can associate your account by creating and linking the following IAM roles.
 
diff --git a/modules/rosa-sts-understanding-ocm-role.adoc b/modules/rosa-sts-understanding-ocm-role.adoc
index 16e370b0ed83..a90048638357 100644
--- a/modules/rosa-sts-understanding-ocm-role.adoc
+++ b/modules/rosa-sts-understanding-ocm-role.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_architecture/rosa-sts-about-iam-resources.adoc
 //
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-sts-understanding-ocm-role_{context}"]
 = Understanding the {cluster-manager} role
 
diff --git a/modules/rosa-sts-user-role-creation.adoc b/modules/rosa-sts-user-role-creation.adoc
index bcc54ff9e610..7963336b0fd1 100644
--- a/modules/rosa-sts-user-role-creation.adoc
+++ b/modules/rosa-sts-user-role-creation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-iam-resources.adoc
+// * support/rosa-troubleshooting-iam-resources.adoc
 // * rosa_planning/rosa-sts-ocm-role.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-sts-user-role-iam-basic-role_{context}"]
 = Creating a user-role IAM role
 
@@ -29,17 +29,19 @@ This command allows you create the role by specifying specific attributes. The f
 I: Creating User role
 ? Role prefix: ManagedOpenShift <1>
 ? Permissions boundary ARN (optional): <2>
-? Role creation mode: auto <3>
+? Role Path (optional): <3>
+? Role creation mode: auto <4>
 I: Creating ocm user role using 'arn:aws:iam::2066:user'
-? Create the 'ManagedOpenShift-User.osdocs-Role' role? Yes <4>
+? Create the 'ManagedOpenShift-User.osdocs-Role' role? Yes <5>
 I: Created role 'ManagedOpenShift-User.osdocs-Role' with ARN 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role'
 I: Linking User role
 ? User Role ARN: arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role
-? Link the 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role' role with account '1AGE'? Yes <5>
+? Link the 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role' role with account '1AGE'? Yes <6>
 I: Successfully linked role ARN 'arn:aws:iam::2066:role/ManagedOpenShift-User.osdocs-Role' with account '1AGE'
 ----
 <1> A prefix value for all of the created AWS resources. In this example, `ManagedOpenShift` prepends all of the AWS resources.
 <2> The Amazon Resource Name (ARN) of the policy to set permission boundaries.
-<3> Choose the method of how to create your AWS roles. Using `auto`, the ROSA CLI generates and links the role to your AWS account. In the `auto` mode, you receive some different prompts to create the AWS roles.
-<4> The auto method asks if you want to create a specific `user-role` using your prefix.
-<5> Links the created role with your AWS organization.
+<3> Specify an IAM path for the user name.
+<4> Choose the method to create your AWS roles. Using `auto`, the ROSA CLI generates and links the roles and policies. In the `auto` mode, you receive some different prompts to create the AWS roles.
+<5> The `auto` method asks if you want to create a specific `user-role` using your prefix.
+<6> Links the created role with your AWS organization.
diff --git a/modules/rosa-troubleshooting-cluster-deletion.adoc b/modules/rosa-troubleshooting-cluster-deletion.adoc
index be0f806554ee..4de908f74cb0 100644
--- a/modules/rosa-troubleshooting-cluster-deletion.adoc
+++ b/modules/rosa-troubleshooting-cluster-deletion.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-deployments.adoc
-:_content-type: PROCEDURE
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-troubleshooting-cluster-deletion_{context}"]
 = Repairing a cluster that cannot be deleted
 
diff --git a/modules/rosa-troubleshooting-elb-service-role.adoc b/modules/rosa-troubleshooting-elb-service-role.adoc
index cb20682a957a..3dbb6c4083a8 100644
--- a/modules/rosa-troubleshooting-elb-service-role.adoc
+++ b/modules/rosa-troubleshooting-elb-service-role.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-deployments.adoc
-:_content-type: PROCEDURE
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-troubleshooting-elb-service-role_{context}"]
 = Creating the Elastic Load Balancing (ELB) service-linked role
 
diff --git a/modules/rosa-troubleshooting-expired-token.adoc b/modules/rosa-troubleshooting-expired-token.adoc
index d0bf91b2ac05..957e0e963898 100644
--- a/modules/rosa-troubleshooting-expired-token.adoc
+++ b/modules/rosa-troubleshooting-expired-token.adoc
@@ -1,10 +1,10 @@
 
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-expired-tokens.adoc
+// * support/rosa-troubleshooting-expired-tokens.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-troubleshooting-expired-offline-access-tokens_{context}"]
 = Troubleshooting expired offline access tokens
 
diff --git a/modules/rosa-troubleshooting-general-deployment.adoc b/modules/rosa-troubleshooting-general-deployment.adoc
index a107fc691bca..e7eb9db4afa3 100644
--- a/modules/rosa-troubleshooting-general-deployment.adoc
+++ b/modules/rosa-troubleshooting-general-deployment.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-deployments.adoc
-:_content-type: PROCEDURE
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-troubleshooting-general-deployment-failure_{context}"]
 = Obtaining information on a failed cluster
 
diff --git a/modules/rosa-troubleshooting-installing.adoc b/modules/rosa-troubleshooting-installing.adoc
index d2fc6240fe21..78bd21481a71 100644
--- a/modules/rosa-troubleshooting-installing.adoc
+++ b/modules/rosa-troubleshooting-installing.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-installations.adoc
+// * support/rosa-troubleshooting-installations.adoc
 [id="rosa-troubleshooting-installing_{context}"]
 = Installation troubleshooting
 
diff --git a/modules/rosa-troubleshooting-networking-nlb.adoc b/modules/rosa-troubleshooting-networking-nlb.adoc
new file mode 100644
index 000000000000..a86f35328dac
--- /dev/null
+++ b/modules/rosa-troubleshooting-networking-nlb.adoc
@@ -0,0 +1,10 @@
+// Module included in the following assemblies:
+//
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
+[id="rosa-troubleshooting-general-deployment-failure_{context}"]
+= Connectivity issues on clusters with private Network Load Balancers
+
+{product-title} and {hcp-title} clusters created with version {product-version} deploy AWS Network Load Balancers (NLB) by default for the `default` ingress controller. In the case of a private NLB, the NLB's client IP address preservation might cause connections to be dropped where the source and destination are the same host. See the AWS's documentation about how to link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html#loopback-timeout[Troubleshoot your Network Load Balancer]. This IP address preservation has the implication that any customer workloads cohabitating on the same node with the router pods, may not be able send traffic to the private NLB fronting the ingress controller router.
+
+To mitigate this impact, customer's should reschedule their workloads onto nodes separate from those where the router pods are scheduled. Alternatively, customers should rely on the internal pod and service networks for accessing other workloads co-located within the same cluster.
\ No newline at end of file
diff --git a/modules/rosa-troubleshooting-osdccsadmin-deployment.adoc b/modules/rosa-troubleshooting-osdccsadmin-deployment.adoc
index 6c556cf50acf..c20d15d72169 100644
--- a/modules/rosa-troubleshooting-osdccsadmin-deployment.adoc
+++ b/modules/rosa-troubleshooting-osdccsadmin-deployment.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * sd_support/rosa-troubleshooting-deployments.adoc
-:_content-type: PROCEDURE
+// * support/rosa-troubleshooting-deployments.adoc
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-troubleshooting-deployment-failure-osdccsadmin_{context}"]
 = Failing to create a cluster with an `osdCcsAdmin` error
 
diff --git a/modules/rosa-understanding-deployment-modes.adoc b/modules/rosa-understanding-deployment-modes.adoc
index ddf71c771759..703945119050 100644
--- a/modules/rosa-understanding-deployment-modes.adoc
+++ b/modules/rosa-understanding-deployment-modes.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-understanding-deployment-modes_{context}"]
 = Understanding the auto and manual deployment modes
 
diff --git a/modules/rosa-understanding.adoc b/modules/rosa-understanding.adoc
index 9a57396c451e..8c8b46ed2e03 100644
--- a/modules/rosa-understanding.adoc
+++ b/modules/rosa-understanding.adoc
@@ -4,7 +4,7 @@
 // understanding-rosa/rosa-understanding.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="rosa-about_{context}"]
 = About {product-title}
 
diff --git a/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc b/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc
index 20195d43a99a..e01fec2f3bdd 100644
--- a/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc
+++ b/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-unlinking-and-deleting-ocm-and-user-iam-roles_{context}"]
 = Unlinking and deleting the {cluster-manager} and user IAM roles
 
diff --git a/modules/rosa-update-cli-tool.adoc b/modules/rosa-update-cli-tool.adoc
index be7a00b1635a..f20183047887 100644
--- a/modules/rosa-update-cli-tool.adoc
+++ b/modules/rosa-update-cli-tool.adoc
@@ -2,7 +2,7 @@
 //
 // * rosa_release_notes/rosa-release-notes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating_rosa_cli{context}"]
 == Updating the ROSA CLI tool
 
diff --git a/modules/rosa-updating-rosa-cli.adoc b/modules/rosa-updating-rosa-cli.adoc
index df9471050207..1b96db5c8f19 100644
--- a/modules/rosa-updating-rosa-cli.adoc
+++ b/modules/rosa-updating-rosa-cli.adoc
@@ -2,11 +2,11 @@
 //
 // * rosa_cli/rosa-get-started-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-updating-the-rosa-cli_{context}"]
 = Updating the ROSA CLI
 
-Update to the latest compatible version of the {product-title} (ROSA) CLI, `rosa`.
+Update to the latest compatible version of the ROSA CLI (`rosa`).
 
 .Procedure
 
diff --git a/modules/rosa-upgrade-cluster-cli.adoc b/modules/rosa-upgrade-cluster-cli.adoc
index bc498e6e937a..98a926618b48 100644
--- a/modules/rosa-upgrade-cluster-cli.adoc
+++ b/modules/rosa-upgrade-cluster-cli.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assemblies:
 //
 // * rosa_cli/rosa-manage-objects-cli.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="rosa-upgrading-cluster_{context}"]
 = Upgrade and delete upgrade for clusters
 
diff --git a/modules/rosa-upgrading-automatic-ocm.adoc b/modules/rosa-upgrading-automatic-ocm.adoc
index 5763265f1d65..11278fbfc534 100644
--- a/modules/rosa-upgrading-automatic-ocm.adoc
+++ b/modules/rosa-upgrading-automatic-ocm.adoc
@@ -3,7 +3,7 @@
 // * rosa_upgrading/rosa-upgrading.adoc
 // * rosa_upgrading/rosa-upgrading-sts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-scheduling-upgrade_{context}"]
 = Scheduling recurring upgrades for your cluster
 
diff --git a/modules/rosa-upgrading-cli-tutorial.adoc b/modules/rosa-upgrading-cli-tutorial.adoc
index b91c702ede75..2bafde61269f 100644
--- a/modules/rosa-upgrading-cli-tutorial.adoc
+++ b/modules/rosa-upgrading-cli-tutorial.adoc
@@ -11,7 +11,7 @@ ifeval::["{context}" == "rosa-hcp-upgrading"]
 endif::[]
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-upgrading-cli_{context}"]
 = Upgrading with the ROSA CLI
 
@@ -71,3 +71,6 @@ You will receive an email when the upgrade is complete. You can also check the s
 ifeval::["{context}" == "rosa-upgrading-sts"]
 :!sts:
 endif::[]
+
+.Troubleshooting
+* Sometimes a scheduled upgrade does not trigger. See link:https://access.redhat.com/solutions/6648291[Upgrade maintenance cancelled] for more information.
\ No newline at end of file
diff --git a/modules/rosa-upgrading-manual-ocm.adoc b/modules/rosa-upgrading-manual-ocm.adoc
index 4f961fcf7b84..e827f86a5ddb 100644
--- a/modules/rosa-upgrading-manual-ocm.adoc
+++ b/modules/rosa-upgrading-manual-ocm.adoc
@@ -7,7 +7,7 @@ ifeval::["{context}" == "rosa-upgrading-sts"]
 :sts:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-upgrade-ocm_{context}"]
 = Scheduling individual upgrades through the {cluster-manager} console
 
@@ -34,6 +34,12 @@ endif::sts[]
 +
 For information about administrator acknowledgment, see xref:./../upgrading/rosa-upgrading-cluster-prepare.adoc#upgrade-49-acknowledgement_rosa-updating-cluster-prepare[Administrator acknowledgment when upgrading to OpenShift 4.9].
 . In the *Node draining* pane, select a grace period interval from the list. The grace period enables the nodes to gracefully drain before forcing the pod eviction. The default is *1 hour*.
++
+[NOTE]
+====
+You cannot change the node drain grace period after you start the upgrade process.
+====
++
 . In the *Update strategy* pane, click *Save* to apply your update strategy.
 . In the *Update status* pane, review the *Update available* information and click *Update*.
 +
@@ -57,3 +63,6 @@ The status is displayed in the *Update status* pane.
 ifeval::["{context}" == "rosa-upgrading-sts"]
 :!sts:
 endif::[]
+
+.Troubleshooting
+* Sometimes a scheduled upgrade does not trigger. See link:https://access.redhat.com/solutions/6648291[Upgrade maintenance cancelled] for more information.
\ No newline at end of file
diff --git a/modules/rosa-upgrading-preparing-4-7-to-4-8.adoc b/modules/rosa-upgrading-preparing-4-7-to-4-8.adoc
index 01027bc820e6..0ab711eea30e 100644
--- a/modules/rosa-upgrading-preparing-4-7-to-4-8.adoc
+++ b/modules/rosa-upgrading-preparing-4-7-to-4-8.adoc
@@ -2,7 +2,7 @@
 //
 // * upgrading/rosa-upgrading-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-upgrading-requirements-48_{context}"]
 = Requirements for upgrading to OpenShift 4.8
 
diff --git a/modules/rosa-upgrading-preparing-4-8-to-4-9.adoc b/modules/rosa-upgrading-preparing-4-8-to-4-9.adoc
index 3eb189da30f6..77682ccda319 100644
--- a/modules/rosa-upgrading-preparing-4-8-to-4-9.adoc
+++ b/modules/rosa-upgrading-preparing-4-8-to-4-9.adoc
@@ -2,7 +2,7 @@
 //
 // * upgrading/rosa-upgrading-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-upgrading-requirements-49_{context}"]
 = Requirements for upgrading to OpenShift 4.9
 
@@ -14,5 +14,5 @@ You must meet the following requirements before upgrading a {product-title} (ROS
 * You have installed 1.1.10 or later of the ROSA CLI (`rosa`) on your installation host.
 * You have installed version 4.9 or later of the OpenShift CLI (`oc`) on your workstation(s) as needed.
 * You have the permissions required to update the AWS account-wide roles and policies.
-* You have access to the cluster as a user with the `cluster-admin` role.
+* You must be the owner or the creator of the cluster.
 * You updated the AWS Identity and Access Management (IAM) account-wide roles and policies, including the Operator policies to version 4.9.
diff --git a/modules/rosa-using-bash-script.adoc b/modules/rosa-using-bash-script.adoc
index c3ed86e6f39e..9f87ff789df9 100644
--- a/modules/rosa-using-bash-script.adoc
+++ b/modules/rosa-using-bash-script.adoc
@@ -3,7 +3,7 @@
 //
 // * rosa_cli/rosa-get-started-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-using-bash-script_{context}"]
 = Using a Bash script
 
@@ -25,7 +25,7 @@ Make sure that AWS credentials are available as one of the following options:
 $ rosa init --token=<token>
 ----
 
-. Create the {product-title} (ROSA) cluster:
+. Create the ROSA cluster:
 +
 [source,terminal]
 ----
diff --git a/modules/rosa-view-cloudwatch-logs.adoc b/modules/rosa-view-cloudwatch-logs.adoc
index 302f62cf702c..fda1cbc264cf 100644
--- a/modules/rosa-view-cloudwatch-logs.adoc
+++ b/modules/rosa-view-cloudwatch-logs.adoc
@@ -4,7 +4,7 @@
 // * rosa_cluster_admin/rosa_logging/rosa-viewing-logs.adoc
 // * logging/rosa-viewing-logs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="rosa-view-cloudwatch-logs_{context}"]
 = Viewing forwarded logs
 
diff --git a/modules/running-compliance-scans-worker-node.adoc b/modules/running-compliance-scans-worker-node.adoc
index e581c86f2a1e..8cca7374eee5 100644
--- a/modules/running-compliance-scans-worker-node.adoc
+++ b/modules/running-compliance-scans-worker-node.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-scans.adoc
+// * security/compliance_operator/co-scans/compliance-scans.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-compliance-scans-worker-node_{context}"]
 =  Scheduling the result server pod on a worker node
 
@@ -25,7 +25,7 @@ rawResultStorage:
   nodeSelector:
     node-role.kubernetes.io/worker: "" <1>
   pvAccessModes:
-  - ReadWriteOnce 
+  - ReadWriteOnce
   rotation: 3
   size: 1Gi
   tolerations:
diff --git a/modules/running-compliance-scans.adoc b/modules/running-compliance-scans.adoc
index b936609056da..97bb8b6e05e4 100644
--- a/modules/running-compliance-scans.adoc
+++ b/modules/running-compliance-scans.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-scans.adoc
+// * security/compliance_operator/co-scans/compliance-scans.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-compliance-scans_{context}"]
 = Running compliance scans
 
@@ -105,8 +105,8 @@ Namespace:                 openshift-compliance
 Labels:                    <none>
 Annotations:               <none>
 API Version:               compliance.openshift.io/v1alpha1
-Auto Apply Remediations:   true
-Auto Update Remediations:  true
+Auto Apply Remediations:   true <1>
+Auto Update Remediations:  true <1>
 Kind:                      ScanSetting
 Metadata:
   Creation Timestamp:  2022-10-18T20:21:00Z
@@ -115,8 +115,8 @@ Metadata:
     API Version:  compliance.openshift.io/v1alpha1
     Fields Type:  FieldsV1
     fieldsV1:
-      f:autoApplyRemediations: <1>
-      f:autoUpdateRemediations: <1>
+      f:autoApplyRemediations:
+      f:autoUpdateRemediations:
       f:rawResultStorage:
         .:
         f:nodeSelector:
@@ -194,7 +194,7 @@ settingsRef:
 
 . Create the `ScanSettingBinding` object by running:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc create -f <file-name>.yaml -n openshift-compliance
 ----
@@ -208,4 +208,4 @@ At this point in the process, the `ScanSettingBinding` object is reconciled and
 $ oc get compliancescan -w -n openshift-compliance
 ----
 +
-The scans progress through the scanning phases and eventually reach the `DONE` phase when complete. In most cases, the result of the scan is `NON-COMPLIANT`. You can review the scan results and start applying remediations to make the cluster compliant. See xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-operator-remediation[Managing Compliance Operator remediation] for more information.
+The scans progress through the scanning phases and eventually reach the `DONE` phase when complete. In most cases, the result of the scan is `NON-COMPLIANT`. You can review the scan results and start applying remediations to make the cluster compliant. See _Managing Compliance Operator remediation_ for more information.
diff --git a/modules/running-insights-operator-gather-cli.adoc b/modules/running-insights-operator-gather-cli.adoc
new file mode 100644
index 000000000000..ca683c6f71a2
--- /dev/null
+++ b/modules/running-insights-operator-gather-cli.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-operator.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+[id="running-insights-operator-gather-openshift-cli_{context}"]
+= Running an Insights Operator gather operation using the OpenShift CLI
+You can run an Insights Operator gather operation using the {product-title} command line interface.
+
+.Prerequisites
+
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+
+.Procedure
+* Enter the following command to run the gather operation:
++
+[source,terminal]
+----
+$ oc apply -f <your_datagather_definition>.yaml
+----
++
+Replace `<your_datagather_definition>.yaml` with a configuration file using the following parameters:
++
+[source,yaml]
+----
+apiVersion: insights.openshift.io/v1alpha1
+kind: DataGather
+metadata:
+  name: <your_data_gather> <1>
+spec:
+ gatherers: <2>
+   - name: workloads
+     state: Disabled
+----
++
+--
+<1> Replace the `<your_data_gather>` with a unique name for your gather operation.
+<2> Enter individual gather operations to disable under the `gatherers` parameter. This example disables the `workloads` data gather operation and will run the remainder of the default operations. To run the complete list of default gather operations, leave the `spec` parameter empty. You can find the complete list of gather operations in the Insights Operator documentation.
+--
+
+.Verification
+
+* Check that your new gather operation is prefixed with your chosen name under the list of pods in the `openshift-insights` project. Upon completion, the Insights Operator automatically uploads the data to Red Hat for processing.
+
diff --git a/modules/running-insights-operator-gather-web-console.adoc b/modules/running-insights-operator-gather-web-console.adoc
new file mode 100644
index 000000000000..c9b82207016e
--- /dev/null
+++ b/modules/running-insights-operator-gather-web-console.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/using-insights-operator.adoc
+
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="running-insights-operator-gather-web-console_{context}"]
+= Running an Insights Operator gather operation using the web console
+You can run an Insights Operator gather operation using the {product-title} web console.
+
+.Prerequisites
+
+* You are logged in to the {product-title} web console as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Navigate to *Administration* -> *CustomResourceDefinitions*.
+. On the *CustomResourceDefinitions* page, use the *Search by name* field to find the *DataGather* resource definition and click it.
+. On the *CustomResourceDefinition details* page, click the *Instances* tab.
+. Click *Create DataGather*.
+. To create a new `DataGather` operation, edit the configuration file:
++
+[source,yaml]
+----
+apiVersion: insights.openshift.io/v1alpha1
+kind: DataGather
+metadata:
+  name: <your_data_gather> <1>
+spec:
+ gatherers: <2>
+   - name: workloads
+     state: Disabled
+----
++
+--
+<1> Replace the `<your_data_gather>` with a unique name for your gather operation.
+<2> Enter individual gather operations to disable under the `gatherers` parameter. This example disables the `workloads` data gather operation and will run the remainder of the default operations. To run the complete list of default gather operations, leave the `spec` parameter empty. You can find the complete list of gather operations in the Insights Operator documentation.
+--
++
+. Click *Save*.
+
+.Verification
+
+. Navigate to *Workloads* -> *Pods*.
+. On the Pods page, select the *Project* pulldown menu, and then turn on Show default projects.
+. Select the `openshift-insights` project from the *Project* pulldown menu.
+. Check that your new gather operation is prefixed with your chosen name under the list of pods in the `openshift-insights` project. Upon completion, the Insights Operator automatically uploads the data to Red Hat for processing.
diff --git a/modules/running-network-verification-manually-cli.adoc b/modules/running-network-verification-manually-cli.adoc
index 98fd21a2917d..7a43a8cc30c0 100644
--- a/modules/running-network-verification-manually-cli.adoc
+++ b/modules/running-network-verification-manually-cli.adoc
@@ -2,14 +2,14 @@
 //
 // * networking/network-verification.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [discrete]
 [id="running-network-verification-manually-cli_{context}"]
 = Running the network verification manually using the CLI
 
 You can manually run the network verification checks for an existing {product-title} (ROSA) cluster by using the ROSA CLI (`rosa`).
 
-When you run the network verification, you can specify a set of VPC subnet IDs or a cluster name. If you are using a proxy service, you can specify a proxy URL.
+When you run the network verification, you can specify a set of VPC subnet IDs or a cluster name.
 
 .Prerequisites
 
@@ -19,19 +19,44 @@ When you run the network verification, you can specify a set of VPC subnet IDs o
 
 .Procedure
 
-* Verify the network configuration by using one of the following methods: 
+* Verify the network configuration by using one of the following methods:
 ** Verify the network configuration by specifying the cluster name. The subnet IDs are automatically detected:
 +
 [source,terminal]
 ----
-$ rosa verify network -c <cluster_name> <1>
+$ rosa verify network --cluster <cluster_name> <1>
 ----
 <1> Replace `<cluster_name>` with the name of your cluster.
 +
 .Example output
 [source,terminal]
 ----
-I: ✓ Network verification successful
+I: Verifying the following subnet IDs are configured correctly: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc]
+I: subnet-03146b9b52b6024cb: pending
+I: subnet-03146b9b52b2034cc: passed
+I: Run the following command to wait for verification to all subnets to complete:
+rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
+----
+*** Ensure that verification to all subnets has been completed:
++
+[source,terminal]
+----
+$ rosa verify network --watch \ <1>
+                      --status-only \ <2>
+                      --region <region_name> \ <3>
+                      --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc <4>
+----
+<1> The `watch` flag causes the command to complete after all the subnets under test are in a failed or passed state.
+<2> The `status-only` flag does not trigger a run of network verification but returns the current state, for example, `subnet-123 (verification still in-progress)`. By default, without this option, a call to this command always triggers a verification of the specified subnets.
+<3> Use a specific AWS region that overrides the _AWS_REGION_ environment variable.
+<4> Enter a list of subnet IDs separated by commas to verify. If any of the subnets do not exist, the error message `Network verification for subnet 'subnet-<subnet_number> not found` displays and no subnets are checked.
++
+.Example output
+[source,terminal]
+----
+I: Checking the status of the following subnet IDs: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc]
+I: subnet-03146b9b52b6024cb: passed
+I: subnet-03146b9b52b2034cc: passed
 ----
 +
 [TIP]
@@ -39,36 +64,33 @@ I: ✓ Network verification successful
 To output the full list of verification tests, you can include the `--debug` argument when you run the `rosa verify network` command.
 ====
 +
-** Verify the network configuration by specifying the VPC subnets IDs:
+** Verify the network configuration by specifying the VPC subnets IDs. Replace `<region_name>` with your AWS region and `<AWS_account_ID>` with your AWS account ID:
 +
 [source,terminal]
 ----
-$ rosa verify network --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
+$ rosa verify network --subnet-ids 03146b9b52b6024cb,subnet-03146b9b52b2034cc --region <region_name> --role-arn arn:aws:iam::<AWS_account_ID>:role/my-Installer-Role
 ----
 +
 .Example output
 [source,terminal]
 ----
-E: Validating Subnet subnet-03146b9b52b6024cb egress
-E: X Egress failed to https://events.pagerduty.com
+I: Verifying the following subnet IDs are configured correctly: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc]
+I: subnet-03146b9b52b6024cb: pending
+I: subnet-03146b9b52b2034cc: passed
+I: Run the following command to wait for verification to all subnets to complete:
+rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
 ----
-+
-** Verify the network configuration by specifying the VPC subnets IDs and a proxy URL:
+*** Ensure that verification to all subnets has been completed:
 +
 [source,terminal]
 ----
-$ rosa verify network --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc \
-                      --additional-trust-bundle-file /path/to/ca.cert \
-                      --https-proxy <proxy_url> <1>
+$ rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
 ----
-<1> Replace `<proxy_url>` with the URL of your proxy service, for example `\https://10.10.0.1`.
 +
 .Example output
 [source,terminal]
 ----
-I: Using proxy configuration
-I: Subnet IDs detected:  subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
-
-E: Validating Subnet subnet-03146b9b52b6024cb egress
-E: X Egress failed to https://events.pagerduty.com
+I: Checking the status of the following subnet IDs: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc]
+I: subnet-03146b9b52b6024cb: passed
+I: subnet-03146b9b52b2034cc: passed
 ----
diff --git a/modules/running-network-verification-manually-ocm.adoc b/modules/running-network-verification-manually-ocm.adoc
index 88068ccd36ca..7549d1294e1a 100644
--- a/modules/running-network-verification-manually-ocm.adoc
+++ b/modules/running-network-verification-manually-ocm.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network-verification.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 ifdef::openshift-dedicated[]
 [id="running-network-verification-manually-ocm_{context}"]
 = Running the network verification manually
@@ -13,23 +13,23 @@ ifdef::openshift-rosa[]
 = Running the network verification manually using {cluster-manager}
 endif::openshift-rosa[]
 
-You can manually run the network verification checks for an existing 
+You can manually run the network verification checks for an existing
 ifdef::openshift-dedicated[]
-{product-title} 
+{product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-{product-title} (ROSA) 
+{product-title} (ROSA)
 endif::openshift-rosa[]
 cluster by using {cluster-manager-first}.
 
 .Prerequisites
 
-* You have an existing 
+* You have an existing
 ifdef::openshift-dedicated[]
-{product-title} 
+{product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-ROSA 
+ROSA
 endif::openshift-rosa[]
 cluster.
 * You are the cluster owner or you have the cluster editor role.
diff --git a/modules/running-network-verification-manually.adoc b/modules/running-network-verification-manually.adoc
index dd754d720685..2f58063fe5c6 100644
--- a/modules/running-network-verification-manually.adoc
+++ b/modules/running-network-verification-manually.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network-verification.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="running-network-verification-manually_{context}"]
 = Running the network verification manually
 
diff --git a/modules/running-services-with-encapsulation.adoc b/modules/running-services-with-encapsulation.adoc
index 3f06641c9aab..f564708c5904 100644
--- a/modules/running-services-with-encapsulation.adoc
+++ b/modules/running-services-with-encapsulation.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * scalability_and_performance/optimization/optimizing-cpu-usage.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="running-services-with-encapsulation_{context}"]
 = Running additional services in the encapsulated namespace
 
diff --git a/modules/sample-ztp-custom-resources.adoc b/modules/sample-ztp-custom-resources.adoc
index 6d9bfeab2fc5..2fa7eb17a034 100644
--- a/modules/sample-ztp-custom-resources.adoc
+++ b/modules/sample-ztp-custom-resources.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * installing-with-agent/installing-with-agent.adoc
+// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sample-ztp-custom-resources_{context}"]
 = Sample {ztp} custom resources
 
@@ -12,7 +12,7 @@ You can customize the following {ztp} custom resources to specify more details a
 
 *agent-cluster-install.yaml*
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
   apiVersion: extensions.hive.openshift.io/v1beta1
   kind: AgentClusterInstall
@@ -23,7 +23,7 @@ You can customize the following {ztp} custom resources to specify more details a
     clusterDeploymentRef:
       name: ostest
     imageSetRef:
-      name: openshift-4.13
+      name: openshift-{product-version}
     networking:
       clusterNetwork:
       - cidr: 10.128.0.0/14
@@ -66,14 +66,14 @@ spec:
 
 *cluster-image-set.yaml*
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hive.openshift.io/v1
 kind: ClusterImageSet
 metadata:
-  name: openshift-4.13
+  name: openshift-{product-version}
 spec:
-  releaseImage: registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2022-06-06-025509
+  releaseImage: registry.ci.openshift.org/ocp/release:{product-version}.0-0.nightly-2022-06-06-025509
 ----
 
 *infra-env.yaml*
diff --git a/modules/samples-operator-crd.adoc b/modules/samples-operator-crd.adoc
index ea523aff94ca..d6f0437f7326 100644
--- a/modules/samples-operator-crd.adoc
+++ b/modules/samples-operator-crd.adoc
@@ -3,7 +3,7 @@
 // * openshift_images/configuring_samples_operator.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="samples-operator-crd_{context}"]
 = Accessing the Cluster Samples Operator configuration
 
@@ -17,7 +17,7 @@ You can configure the Cluster Samples Operator by editing the file with the prov
 
 *  Access the  Cluster Samples Operator configuration:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc edit configs.samples.operator.openshift.io/cluster -o yaml
 ----
@@ -28,5 +28,5 @@ The Cluster Samples Operator configuration resembles the following example:
 ----
 apiVersion: samples.operator.openshift.io/v1
 kind: Config
-...
+# ...
 ----
diff --git a/modules/samples-operator-overview.adoc b/modules/samples-operator-overview.adoc
index 7bbd407d720c..aca0eec0c8ba 100644
--- a/modules/samples-operator-overview.adoc
+++ b/modules/samples-operator-overview.adoc
@@ -1,9 +1,10 @@
 // Module included in the following assemblies:
 //
 // * openshift_images/configuring_samples_operator.adoc
+// * openshift_images/configuring-samples-operator.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="samples-operator-overview_{context}"]
 = Understanding the Cluster Samples Operator
 
@@ -52,7 +53,10 @@ Certain circumstances result in the Cluster Samples Operator bootstrapping itsel
 
 * If the Cluster Samples Operator cannot reach link:https://registry.redhat.io[registry.redhat.io] after three minutes on initial startup after a clean installation.
 * If the Cluster Samples Operator detects it is on an IPv6 network.
-* If the xref:../openshift_images/image-configuration.html#images-configuration-parameters_image-configuration[image controller configuration parameters] prevent the creation of image streams by using the default image registry, or by using the image registry specified by the xref:../openshift_images/configuring-samples-operator.html#samples-operator-configuration_configuring-samples-operator[`samplesRegistry` setting].
+// cannot configure the Samples Operator
+ifndef::openshift-rosa,openshift-dedicated[]
+* If the xref:../openshift_images/image-configuration.adoc#images-configuration-parameters_image-configuration[image controller configuration parameters] prevent the creation of image streams by using the default image registry, or by using the image registry specified by the xref:../openshift_images/configuring-samples-operator.adoc#samples-operator-configuration_configuring-samples-operator[`samplesRegistry` setting].
+endif::openshift-rosa,openshift-dedicated[]
 
 [NOTE]
 ====
@@ -60,7 +64,7 @@ For {product-title}, the default image registry is
 ifdef::openshift-enterprise[]
 `registry.redhat.io`.
 endif::[]
-ifdef::openshift-origin[]
+ifdef::openshift-rosa,openshift-dedicated,openshift-origin[]
 `registry.access.redhat.com` or `quay.io`.
 endif::[]
 ====
@@ -72,6 +76,8 @@ However, if the Cluster Samples Operator detects that it is on an IPv6 network a
 IPv6 installations are not currently supported by link:https://registry.redhat.io[registry.redhat.io]. The Cluster Samples Operator pulls most of the sample image streams and images from link:https://registry.redhat.io[registry.redhat.io].
 ====
 
+// Restricted network not supported ROSA/OSD
+ifndef::openshift-rosa,openshift-dedicated[]
 [id="samples-operator-restricted-network-install"]
 === Restricted network installation
 
@@ -96,6 +102,7 @@ spec:
   - x86_64
   managementState: Removed
 ----
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="samples-operator-retries"]
 == Cluster Samples Operator's tracking and error recovery of image stream imports
diff --git a/modules/sbo-about-service-binding-operator.adoc b/modules/sbo-about-service-binding-operator.adoc
index 0d266643057b..f9b534df42ce 100644
--- a/modules/sbo-about-service-binding-operator.adoc
+++ b/modules/sbo-about-service-binding-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-about-service-binding-operator_{context}"]
 = About {servicebinding-title}
 
diff --git a/modules/sbo-advanced-binding-options.adoc b/modules/sbo-advanced-binding-options.adoc
index a194c761e571..171a41b6f9fe 100644
--- a/modules/sbo-advanced-binding-options.adoc
+++ b/modules/sbo-advanced-binding-options.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-advanced-binding-options_{context}"]
 = Advanced binding options
 
diff --git a/modules/sbo-api-differences.adoc b/modules/sbo-api-differences.adoc
index 549cfc446751..94db29b396e6 100644
--- a/modules/sbo-api-differences.adoc
+++ b/modules/sbo-api-differences.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-api-differences_{context}"]
 = API differences
 
diff --git a/modules/sbo-binding-workloads-that-are-not-compliant-with-PodSpec.adoc b/modules/sbo-binding-workloads-that-are-not-compliant-with-PodSpec.adoc
index 7abcbc94bce7..0cbcd3fc6f9f 100644
--- a/modules/sbo-binding-workloads-that-are-not-compliant-with-PodSpec.adoc
+++ b/modules/sbo-binding-workloads-that-are-not-compliant-with-PodSpec.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-binding-workloads-that-are-not-compliant-with-PodSpec_{context}"]
 = Binding secondary workloads that are not compliant with PodSpec
 
diff --git a/modules/sbo-categories-of-exposable-binding-data.adoc b/modules/sbo-categories-of-exposable-binding-data.adoc
index e9071bae2d1f..0f5381c53c01 100644
--- a/modules/sbo-categories-of-exposable-binding-data.adoc
+++ b/modules/sbo-categories-of-exposable-binding-data.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-categories-of-exposable-binding-data_{context}"]
 = Categories of exposable binding data
 
@@ -69,8 +69,8 @@ kind: Secret
 metadata:
   name: hippo-pguser-hippo
 data:
-  password: "MTBz"
-  user: "Z3Vlc3Q="
+  password: "<password>"
+  user: "<username>"
 ----
 
 ////
diff --git a/modules/sbo-configuration-of-directory-path-to-project-binding-data.adoc b/modules/sbo-configuration-of-directory-path-to-project-binding-data.adoc
index 7378c97fe551..0c6ace7f6bfb 100644
--- a/modules/sbo-configuration-of-directory-path-to-project-binding-data.adoc
+++ b/modules/sbo-configuration-of-directory-path-to-project-binding-data.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/projecting-binding-data.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-configuration-of-directory-path-to-project-binding-data_{context}"]
 = Configuration of the directory path to project the binding data inside workload container
 
diff --git a/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service-power-z.adoc b/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service-power-z.adoc
index e3f058433f06..8e35180c24eb 100644
--- a/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service-power-z.adoc
+++ b/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service-power-z.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service-ibm-power-z_{context}"]
 = Connecting the Spring PetClinic sample application to the PostgreSQL database service
 
diff --git a/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service.adoc b/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service.adoc
index 4ba44a03a20e..99969351854f 100644
--- a/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service.adoc
+++ b/modules/sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service.adoc
@@ -1,5 +1,5 @@
 = Connecting the Spring PetClinic sample application to the PostgreSQL database service
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-connecting-spring-petclinic-sample-app-to-postgresql-database-service_{context}"]
 
 To connect the sample application to the database service, you must create a `ServiceBinding` custom resource (CR) that triggers the {servicebinding-title} to project the binding data into the application.
@@ -70,8 +70,8 @@ $ for i in username password host port type; do oc exec -it deploy/spring-petcli
 .Example output: With all the values from the secret resource
 [source,text]
 ----
-/bindings/spring-petclinic-pgcluster/username: hippo
-/bindings/spring-petclinic-pgcluster/password: KXKF{nAI,I-J6zLt:W+FKnze
+/bindings/spring-petclinic-pgcluster/username: <username>
+/bindings/spring-petclinic-pgcluster/password: <password>
 /bindings/spring-petclinic-pgcluster/host: hippo-primary.my-petclinic.svc
 /bindings/spring-petclinic-pgcluster/port: 5432
 /bindings/spring-petclinic-pgcluster/type: postgresql
diff --git a/modules/sbo-creating-a-postgresql-database-instance-power-z.adoc b/modules/sbo-creating-a-postgresql-database-instance-power-z.adoc
index cbe94d029931..d34f87e3e72e 100644
--- a/modules/sbo-creating-a-postgresql-database-instance-power-z.adoc
+++ b/modules/sbo-creating-a-postgresql-database-instance-power-z.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-creating-a-postgresql-database-instance-power-z_{context}"]
 = Creating a PostgreSQL database instance
 
diff --git a/modules/sbo-creating-a-postgresql-database-instance.adoc b/modules/sbo-creating-a-postgresql-database-instance.adoc
index 9e5421cc4e17..af086892b28b 100644
--- a/modules/sbo-creating-a-postgresql-database-instance.adoc
+++ b/modules/sbo-creating-a-postgresql-database-instance.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/getting-started-with-service-binding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-creating-a-postgresql-database-instance_{context}"]
 = Creating a PostgreSQL database instance
 
diff --git a/modules/sbo-data-model.adoc b/modules/sbo-data-model.adoc
index a07184899814..30b62fc8ada1 100644
--- a/modules/sbo-data-model.adoc
+++ b/modules/sbo-data-model.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-data-model_{context}"]
 = Data model
 
diff --git a/modules/sbo-deploying-a-postgresql-database-operator-power-z.adoc b/modules/sbo-deploying-a-postgresql-database-operator-power-z.adoc
index 7f7ea2909f8c..aba7e251e6c5 100644
--- a/modules/sbo-deploying-a-postgresql-database-operator-power-z.adoc
+++ b/modules/sbo-deploying-a-postgresql-database-operator-power-z.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-deploying-a-postgresql-operator-instance-power-z_{context}"]
 = Deploying a PostgreSQL Operator
 
@@ -64,8 +64,8 @@ rules:
 EOD
 ----
 <1> The Operator image.
-* For {ibmpowerProductName}: `quay.io/ibm/operator-registry-ppc64le:release-4.9`
-* For {ibmzProductName} and {linuxoneProductName}: `quay.io/ibm/operator-registry-s390x:release-4.8`
+* For {ibm-power-name}: `quay.io/ibm/operator-registry-ppc64le:release-4.9`
+* For {ibm-z-name} and {ibm-linuxone-name}: `quay.io/ibm/operator-registry-s390x:release-4.8`
 
 .Verification
 
diff --git a/modules/sbo-deploying-the-spring-petclinic-sample-application-power-z.adoc b/modules/sbo-deploying-the-spring-petclinic-sample-application-power-z.adoc
index 497362da5b44..8084decc92f0 100644
--- a/modules/sbo-deploying-the-spring-petclinic-sample-application-power-z.adoc
+++ b/modules/sbo-deploying-the-spring-petclinic-sample-application-power-z.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-deploying-the-spring-petclinic-sample-application-ibm-power-z_{context}"]
 = Deploying the Spring PetClinic sample application
 
diff --git a/modules/sbo-deploying-the-spring-petclinic-sample-application.adoc b/modules/sbo-deploying-the-spring-petclinic-sample-application.adoc
index efa17cf633b5..0f4db5c65022 100644
--- a/modules/sbo-deploying-the-spring-petclinic-sample-application.adoc
+++ b/modules/sbo-deploying-the-spring-petclinic-sample-application.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/getting-started-with-service-binding.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-deploying-the-spring-petclinic-sample-application_{context}"]
 = Deploying the Spring PetClinic sample application
 
diff --git a/modules/sbo-key-features.adoc b/modules/sbo-key-features.adoc
index c5f1285089bf..93444081c4fd 100644
--- a/modules/sbo-key-features.adoc
+++ b/modules/sbo-key-features.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-key-features_{context}"]
 = Key features
 
diff --git a/modules/sbo-methods-of-exposing-binding-data.adoc b/modules/sbo-methods-of-exposing-binding-data.adoc
index aae44bdee8bf..d4882410b8ea 100644
--- a/modules/sbo-methods-of-exposing-binding-data.adoc
+++ b/modules/sbo-methods-of-exposing-binding-data.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-methods-of-exposing-binding-data_{context}"]
 = Methods of exposing binding data
 
@@ -56,8 +56,8 @@ kind: Secret
 metadata:
   name: hippo-pguser-hippo
 data:
-  password: "MTBz"
-  user: "Z3Vlc3Q="
+  password: "<password>"
+  user: "<username>"
   ...
 ----
 
@@ -169,8 +169,8 @@ kind: Secret
 metadata:
   name: hippo-pguser-hippo
 data:
-  password: "MTBz"
-  user: "Z3Vlc3Q="
+  password: "<password>"
+  user: "<username>"
 ----
 
 .Example: Exposing binding data from a `ConfigMap` object defined in the CR annotations
diff --git a/modules/sbo-naming-strategies.adoc b/modules/sbo-naming-strategies.adoc
index a960f7dd9a04..4bbf142a6f98 100644
--- a/modules/sbo-naming-strategies.adoc
+++ b/modules/sbo-naming-strategies.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-naming-strategies_{context}"]
 = Naming strategies
 
diff --git a/modules/sbo-projecting-the-binding-data.adoc b/modules/sbo-projecting-the-binding-data.adoc
index 801457a0acdd..45011630e74b 100644
--- a/modules/sbo-projecting-the-binding-data.adoc
+++ b/modules/sbo-projecting-the-binding-data.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/projecting-binding-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-projecting-the-binding-data_{context}"]
 = Projecting the binding data
 
diff --git a/modules/sbo-rbac-requirements.adoc b/modules/sbo-rbac-requirements.adoc
index 5a025aa81f6d..20335650f58e 100644
--- a/modules/sbo-rbac-requirements.adoc
+++ b/modules/sbo-rbac-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-rbac-requirements_{context}"]
 = RBAC requirements
 
diff --git a/modules/sbo-release-notes-1-1-1.adoc b/modules/sbo-release-notes-1-1-1.adoc
index 3e02f6142720..3d49f5387738 100644
--- a/modules/sbo-release-notes-1-1-1.adoc
+++ b/modules/sbo-release-notes-1-1-1.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assembly:
 //
 // * applications/connecting_applications_to_services/sbo-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 = Release notes for {servicebinding-title} 1.1.1
 
 {servicebinding-title} 1.1.1 is now available on {product-title} 4.7, 4.8, 4.9, and 4.10.
@@ -28,7 +28,7 @@
 +
 Workaround 1: Install the {servicebinding-title} in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds.
 +
-Workaround 2: If you cannot install the {servicebinding-title} in the `all namespaces` installation mode, install the following role binding into the namespace where the {servicebinding-title} is installed: 
+Workaround 2: If you cannot install the {servicebinding-title} in the `all namespaces` installation mode, install the following role binding into the namespace where the {servicebinding-title} is installed:
 +
 .Example: Role binding for Crunchy Postgres Operator
 [source,yaml]
diff --git a/modules/sbo-release-notes-1-1.adoc b/modules/sbo-release-notes-1-1.adoc
index 30ee8de3e2b9..d7b343c881ae 100644
--- a/modules/sbo-release-notes-1-1.adoc
+++ b/modules/sbo-release-notes-1-1.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assembly:
 //
 // * applications/connecting_applications_to_services/sbo-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 = Release notes for {servicebinding-title} 1.1
 
 {servicebinding-title} is now available on {product-title} 4.7, 4.8, 4.9, and 4.10.
@@ -36,7 +36,7 @@ This section highlights what is new in {servicebinding-title} 1.1:
 +
 Workaround 1: Install the {servicebinding-title} in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds.
 +
-Workaround 2: If you cannot install the {servicebinding-title} in the `all namespaces` installation mode, install the following role binding into the namespace where the {servicebinding-title} is installed: 
+Workaround 2: If you cannot install the {servicebinding-title} in the `all namespaces` installation mode, install the following role binding into the namespace where the {servicebinding-title} is installed:
 +
 .Example: Role binding for Crunchy Postgres Operator
 [source,yaml]
diff --git a/modules/sbo-release-notes-1-2.adoc b/modules/sbo-release-notes-1-2.adoc
index 3bd19c5ea37b..da8aef4bef25 100644
--- a/modules/sbo-release-notes-1-2.adoc
+++ b/modules/sbo-release-notes-1-2.adoc
@@ -2,7 +2,7 @@
 // Module included in the following assembly:
 //
 // * applications/connecting_applications_to_services/sbo-release-notes.adoc
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 = Release notes for {servicebinding-title} 1.2
 
 {servicebinding-title} 1.2 is now available on {product-title} 4.7, 4.8, 4.9, 4.10, and 4.11.
@@ -34,7 +34,7 @@ This section highlights what is new in {servicebinding-title} 1.2:
 +
 Workaround 1: Install the {servicebinding-title} in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds.
 +
-Workaround 2: If you cannot install the {servicebinding-title} in the `all namespaces` installation mode, install the following role binding into the namespace where the {servicebinding-title} is installed: 
+Workaround 2: If you cannot install the {servicebinding-title} in the `all namespaces` installation mode, install the following role binding into the namespace where the {servicebinding-title} is installed:
 +
 .Example: Role binding for Crunchy Postgres Operator
 [source,yaml]
diff --git a/modules/sbo-release-notes-1-3-1.adoc b/modules/sbo-release-notes-1-3-1.adoc
index 2f8cf55f1be8..a8d55c7d5d80 100644
--- a/modules/sbo-release-notes-1-3-1.adoc
+++ b/modules/sbo-release-notes-1-3-1.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/connecting_applications_to_services/sbo-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="sbo-release-notes-1-3-1_{context}"]
 = Release notes for {servicebinding-title} 1.3.1
 
diff --git a/modules/sbo-release-notes-1-3-3.adoc b/modules/sbo-release-notes-1-3-3.adoc
index fa06f1d4be57..6dd6c90c88cb 100644
--- a/modules/sbo-release-notes-1-3-3.adoc
+++ b/modules/sbo-release-notes-1-3-3.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/connecting_applications_to_services/sbo-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="sbo-release-notes-1-3-3_{context}"]
 = Release notes for {servicebinding-title} 1.3.3
 
diff --git a/modules/sbo-release-notes-1-3.adoc b/modules/sbo-release-notes-1-3.adoc
index 3d0e8d346057..70faa23cf38d 100644
--- a/modules/sbo-release-notes-1-3.adoc
+++ b/modules/sbo-release-notes-1-3.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/connecting_applications_to_services/sbo-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="sbo-release-notes-1-3_{context}"]
 = Release notes for {servicebinding-title} 1.3
 
diff --git a/modules/sbo-service-binding-terminology.adoc b/modules/sbo-service-binding-terminology.adoc
index b706039b63f4..970c584a0720 100644
--- a/modules/sbo-service-binding-terminology.adoc
+++ b/modules/sbo-service-binding-terminology.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/understanding-service-binding-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sbo-service-binding-terminology_{context}"]
 = Service Binding terminology
 
diff --git a/modules/sbo-setting-annotations-mapping-optional.adoc b/modules/sbo-setting-annotations-mapping-optional.adoc
index e1e85ebac7fb..1ef34a1e8fb6 100644
--- a/modules/sbo-setting-annotations-mapping-optional.adoc
+++ b/modules/sbo-setting-annotations-mapping-optional.adoc
@@ -2,11 +2,11 @@
 //
 // * applications/connecting_applications_to_services/exposing-binding-data-from-a-service.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-setting-annotations-mapping-optional_{context}"]
 = Setting annotations mapping to be optional
 
-You can have optional fields in the annotations. For example, a path to the credentials might not be present if the service endpoint does not require authentication. In such cases, a field might not exist in the target path of the annotations. As a result, {servicebinding-title} generates an error, by default. 
+You can have optional fields in the annotations. For example, a path to the credentials might not be present if the service endpoint does not require authentication. In such cases, a field might not exist in the target path of the annotations. As a result, {servicebinding-title} generates an error, by default.
 
 As a service provider, to indicate whether you require annotations mapping, you can set a value for the `optional` flag in your annotations when enabling services. {servicebinding-title} provides annotations mapping only if the target path is available. When the target path is not available, the {servicebinding-title} skips the optional mapping and continues with the projection of the existing mappings without throwing any errors.
 
@@ -30,5 +30,5 @@ metadata:
 [NOTE]
 ====
 * If you set the `optional` flag value to `false` and the {servicebinding-title} is unable to find the target path, the Operator fails the annotations mapping.
-* If the `optional` flag has no value set, the {servicebinding-title} considers the value as `false` by default and fails the annotations mapping. 
+* If the `optional` flag has no value set, the {servicebinding-title} considers the value as `false` by default and fails the annotations mapping.
 ====
\ No newline at end of file
diff --git a/modules/sbo-unbinding-workloads-from-a-backing-service.adoc b/modules/sbo-unbinding-workloads-from-a-backing-service.adoc
index f1c3b7b2adaf..5da0ea6e2bdb 100644
--- a/modules/sbo-unbinding-workloads-from-a-backing-service.adoc
+++ b/modules/sbo-unbinding-workloads-from-a-backing-service.adoc
@@ -2,7 +2,7 @@
 //
 // * /applications/connecting_applications_to_services/binding-workloads-using-sbo.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sbo-unbinding-workloads-from-a-backing-service_{context}"]
 = Unbinding workloads from a backing service
 
diff --git a/modules/scale-down-data-plane.adoc b/modules/scale-down-data-plane.adoc
new file mode 100644
index 000000000000..f5647341314e
--- /dev/null
+++ b/modules/scale-down-data-plane.adoc
@@ -0,0 +1,90 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-managing.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="scale-down-data-plane_{context}"]
+= Scaling down the data plane to zero
+
+If you are not using the hosted control plane, to save the resources and cost you can scale down a data plane to zero.
+
+[NOTE]
+====
+Ensure you are prepared to scale down the data plane to zero. Because the workload from the worker nodes disappears after scaling down.
+====
+
+.Procedure
+
+. Set the `kubeconfig` file to access the hosted cluster by running the following command:
++
+[source,terminal]
+----
+$ export KUBECONFIG=<install_directory>/auth/kubeconfig
+----
+
+. Get the name of the `NodePool` resource associated to your hosted cluster by running the following command:
++
+[source,terminal]
+----
+$ oc get nodepool --namespace <HOSTED_CLUSTER_NAMESPACE>
+----
+
+. Optional: To prevent the pods from draining, add the `nodeDrainTimeout` field in the `NodePool` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit NodePool <nodepool> -o yaml --namespace <HOSTED_CLUSTER_NAMESPACE>
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: hypershift.openshift.io/v1alpha1
+kind: NodePool
+metadata:
+# ...
+  name: nodepool-1
+  namespace: clusters
+# ...
+spec:
+  arch: amd64
+  clusterName: clustername <1>
+  management:
+    autoRepair: false
+    replace:
+      rollingUpdate:
+        maxSurge: 1
+        maxUnavailable: 0
+      strategy: RollingUpdate
+    upgradeType: Replace
+  nodeDrainTimeout: 0s <2>
+# ...
+----
+<1> Defines the name of your hosted cluster.
+<2> Specifies the total amount of time that the controller spends to drain a node. By default, the `nodeDrainTimeout: 0s` setting blocks the node draining process.
++
+[NOTE]
+====
+To allow the node draining process to continue for a certain period of time, you can set the value of the `nodeDrainTimeout` field accordingly, for example, `nodeDrainTimeout: 1m`.
+====
+
+. Scale down the `NodePool` resource associated to your hosted cluster by running the following command:
++
+[source,terminal]
+----
+$ oc scale nodepool/<NODEPOOL_NAME> --namespace <HOSTED_CLUSTER_NAMESPACE> --replicas=0
+----
++
+[NOTE]
+====
+After scaling down the data plan to zero, some pods in the control plane stay in the `Pending` status and the hosted control plane stays up and running. If necessary, you can scale up the `NodePool` resource.
+====
+
+. Optional: Scale up the `NodePool` resource associated to your hosted cluster by running the following command:
++
+[source,terminal]
+----
+$ oc scale nodepool/<NODEPOOL_NAME> --namespace <HOSTED_CLUSTER_NAMESPACE> --replicas=1
+----
++
+After rescaling the `NodePool` resource,  wait for couple of minutes for the `NodePool` resource to become available in a `Ready` state.
diff --git a/modules/scaling-cluster.adoc b/modules/scaling-cluster.adoc
index d450f9dd1950..bf8896168bc3 100644
--- a/modules/scaling-cluster.adoc
+++ b/modules/scaling-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_getting_started/osd-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="scaling-cluster_{context}"]
 = Scaling your cluster
 
diff --git a/modules/scheduling-virtual-hardware-update-on-vsphere.adoc b/modules/scheduling-virtual-hardware-update-on-vsphere.adoc
index 9b54e4463fb1..829e7eed8826 100644
--- a/modules/scheduling-virtual-hardware-update-on-vsphere.adoc
+++ b/modules/scheduling-virtual-hardware-update-on-vsphere.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// updating/updating-hardware-on-nodes-running-in-vsphere.adoc
+// updating/updating_a_cluster/updating-hardware-on-nodes-running-in-vsphere.adoc
 
 [id="scheduling-virtual-hardware-update-on-vsphere_{context}"]
 = Scheduling an update for virtual hardware on vSphere
diff --git a/modules/sd-disabling-monitoring-for-user-defined-projects.adoc b/modules/sd-disabling-monitoring-for-user-defined-projects.adoc
new file mode 100644
index 000000000000..75be920f4211
--- /dev/null
+++ b/modules/sd-disabling-monitoring-for-user-defined-projects.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * monitoring/sd-disabling-monitoring-for-user-defined-projects.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="sd-disabling-monitoring-for-user-defined-projects_{context}"]
+= Disabling monitoring for user-defined projects
+
+By default, monitoring for user-defined projects is enabled. If you do not want to use the built-in monitoring stack to monitor user-defined projects, you can disable it.
+
+.Prerequisites
+
+* You logged in to {cluster-manager-url}.
+
+.Procedure
+
+. From the {cluster-manager} {hybrid-console-second}, select a cluster.
+
+. Click the *Settings* tab.
+
+. Click the *Enable user workload monitoring* check box to unselect the option, and then click *Save*.
++
+User workload monitoring is disabled. The Prometheus, Prometheus Operator, and Thanos Ruler components are stopped in the `openshift-user-workload-monitoring` project.
diff --git a/modules/sd-monitoring-troubleshooting-issues.adoc b/modules/sd-monitoring-troubleshooting-issues.adoc
new file mode 100644
index 000000000000..042f831916d5
--- /dev/null
+++ b/modules/sd-monitoring-troubleshooting-issues.adoc
@@ -0,0 +1,111 @@
+
+// Module included in the following assemblies:
+//
+// * monitoring/troubleshooting-monitoring-issues.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="troubleshooting-monitoring-issues_{context}"]
+= Determining why user-defined project metrics are unavailable
+
+If metrics are not displaying when monitoring user-defined projects, follow these steps to troubleshoot the issue.
+
+.Procedure
+
+. Query the metric name and verify that the project is correct:
+.. From the *Developer* perspective in the web console, select *Observe* -> *Metrics*.
+.. Select the project that you want to view metrics for in the *Project:* list.
+.. Choose a query from the *Select query* list, or run a custom PromQL query by selecting *Show PromQL*.
++
+The metrics are displayed in a chart.
++
+Queries must be done on a per-project basis. The metrics that are shown relate to the project that you have selected.
+. Verify that the pod that you want metrics from is actively serving metrics. Run the following `oc exec` command into a pod to target the `podIP`, `port`, and `/metrics`.
++
+[source,terminal]
+----
+$ oc exec <sample_pod> -n <sample_namespace> -- curl <target_pod_IP>:<port>/metrics
+----
++
+[NOTE]
+====
+You must run the command on a pod that has `curl` installed.
+====
++
+The following example output shows a result with a valid version metric.
++
+.Example output
+[source,terminal]
+----
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+# HELP version Version information about this binary-- --:--:-- --:--:--     0
+# TYPE version gauge
+version{version="v0.1.0"} 1
+100   102  100   102    0     0  51000      0 --:--:-- --:--:-- --:--:-- 51000
+----
++
+An invalid output indicates that there is a problem with the corresponding application.
+
+. If you are using a `PodMonitor` CRD, verify that the `PodMonitor` CRD is configured to point to the correct pods using label matching. For more information, see the Prometheus Operator documentation.
+. If you are using a `ServiceMonitor` CRD, and if the `/metrics` endpoint of the pod is showing metric data, follow these steps to verify the configuration:
+.. Verify that the service is pointed to the correct `/metrics` endpoint. The service `labels` in this output must match the services monitor `labels` and the `/metrics` endpoint defined by the service in the subsequent steps.
++
+[source,terminal]
+----
+$ oc get service
+----
++
+.Example output
+[source,terminal]
+----
+apiVersion: v1
+kind: Service <1>
+metadata:
+  labels: <2>
+    app: prometheus-example-app
+  name: prometheus-example-app
+  namespace: ns1
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+    name: web
+  selector:
+    app: prometheus-example-app
+  type: ClusterIP
+----
++
+<1> Specifies that this is a service API.
+<2> Specifies the labels that are being used for this service.
+
+.. Query the `serviceIP`, `port`, and `/metrics` endpoints to see if the same metrics from the `curl` command you ran on the pod previously:
+... Run the following command to find the service IP:
++
+[source,terminal]
+----
+$ oc get service -n <target_namespace>
+----
+... Query the `/metrics` endpoint:
++
+[source,terminal]
+----
+$ oc exec <sample_pod> -n <sample_namespace> -- curl <service_IP>:<port>/metrics
+----
++
+Valid metrics are returned in the following example.
++
+.Example output
+[source,terminal]
+----
+% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                               Dload  Upload   Total   Spent    Left  Speed
+100   102  100   102    0     0  51000      0 --:--:-- --:--:-- --:--:--   99k
+# HELP version Version information about this binary
+# TYPE version gauge
+version{version="v0.1.0"} 1
+----
+.. Use label matching to verify that the `ServiceMonitor` object is configured to point to the desired service. To do this, compare the `Service` object from the `oc get service` output to the `ServiceMonitor` object from the `oc get servicemonitor` output. The labels must match for the metrics to be displayed.
++
+For example, from the previous steps, notice how the `Service` object has the `app: prometheus-example-app` label and the `ServiceMonitor` object has the same `app: prometheus-example-app` match label.
+. If everything looks valid and the metrics are still unavailable, please contact the support team for further help.
diff --git a/modules/sd-nodes-cma-autoscaling-custom-install.adoc b/modules/sd-nodes-cma-autoscaling-custom-install.adoc
new file mode 100644
index 000000000000..b7a40248589f
--- /dev/null
+++ b/modules/sd-nodes-cma-autoscaling-custom-install.adoc
@@ -0,0 +1,135 @@
+// Module included in the following assemblies:
+//
+// * nodes/cma/nodes-cma-autoscaling-custom-install.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="sd-nodes-cma-autoscaling-custom-install_{context}"]
+= Installing the custom metrics autoscaler
+
+You can use the following procedure to install the Custom Metrics Autoscaler Operator.
+
+.Prerequisites
+
+* You have access to the cluster as a user with the `cluster-admin` role.
+ifdef::openshift-dedicated[]
++
+If your {product-title} cluster is in a cloud account that is owned by Red Hat (non-CCS), you must request `cluster-admin` privileges.
+endif::openshift-dedicated[]
+
+* Remove any previously-installed Technology Preview versions of the Cluster Metrics Autoscaler Operator.
+
+* Remove any versions of the community-based KEDA.
++
+Also, remove the KEDA 1.x custom resource definitions by running the following commands:
++
+[source,terminal]
+----
+$ oc delete crd scaledobjects.keda.k8s.io
+----
++
+[source,terminal]
+----
+$ oc delete crd triggerauthentications.keda.k8s.io
+----
+
+* Ensure that the `keda` namespace exists. If not, you must manaully create the `keda` namespace.
+
+.Procedure
+
+. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+
+. Choose *Custom Metrics Autoscaler* from the list of available Operators, and click *Install*.
+
+. On the *Install Operator* page, ensure that the *A specific namespace on the cluster* option
+is selected for *Installation Mode*.
+
+. For *Installed Namespace*, click *Select a namespace*.
+
+. Click *Select Project*:
++
+* If the `keda` namespace exists, select *keda* from the list.
+* If the `keda` namespace does not exist:
++
+.. Select *Create Project* to open the *Create Project* window.
+.. In the *Name* field, enter `keda`.
+.. In the *Display Name* field, enter a descriptive name, such as `keda`.
+.. Optional: In the *Display Name* field, add a description for the namespace.
+.. Click *Create*.
+
+. Click *Install*.
+
+. Verify the installation by listing the Custom Metrics Autoscaler Operator components:
+
+.. Navigate to *Workloads* -> *Pods*.
+
+.. Select the `keda` project from the drop-down menu and verify that the `custom-metrics-autoscaler-operator-*` pod is running.
+
+.. Navigate to *Workloads* -> *Deployments* to verify that the `custom-metrics-autoscaler-operator` deployment is running.
+
+. Optional: Verify the installation in the OpenShift CLI using the following command:
++
+[source,terminal]
+----
+$ oc get all -n keda
+----
++
+The output appears similar to the following:
++
+.Example output
+[source,text]
+----
+NAME                                                      READY   STATUS    RESTARTS   AGE
+pod/custom-metrics-autoscaler-operator-5fd8d9ffd8-xt4xp   1/1     Running   0          18m
+
+NAME                                                 READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/custom-metrics-autoscaler-operator   1/1     1            1           18m
+
+NAME                                                            DESIRED   CURRENT   READY   AGE
+replicaset.apps/custom-metrics-autoscaler-operator-5fd8d9ffd8   1         1         1       18m
+----
+
+. Install the `KedaController` custom resource, which creates the required CRDs:
+
+.. In the {product-title} web console, click *Operators* -> *Installed Operators*.
+
+.. Click *Custom Metrics Autoscaler*.
+
+.. On the *Operator Details* page, click the *KedaController* tab.
+
+.. On the *KedaController* tab, click *Create KedaController* and edit the file.
++
+[source,yaml]
+----
+kind: KedaController
+apiVersion: keda.sh/v1alpha1
+metadata:
+  name: keda
+  namespace: keda
+spec:
+  watchNamespace: '' <1>
+  operator:
+    logLevel: info <2>
+    logEncoder: console <3>
+  metricsServer:
+    logLevel: '0' <4>
+    auditConfig: <5>
+      logFormat: "json"
+      logOutputVolumeClaim: "persistentVolumeClaimName"
+      policy:
+        rules:
+        - level: Metadata
+        omitStages: ["RequestReceived"]
+        omitManagedFields: false
+      lifetime:
+        maxAge: "2"
+        maxBackup: "1"
+        maxSize: "50"
+  serviceAccount: {}
+----
+<1> Specifies a single namespace where the custom autoscaler is to scale applications. Omit or set empty to scale applications in all namespaces. The default is empty.
+<2> Specifies the level of verbosity for the Custom Metrics Autoscaler Operator log messages. The allowed values are `debug`, `info`, `error`. The default is `info`.
+<3> Specifies the logging format for the Custom Metrics Autoscaler Operator log messages. The allowed values are `console` or `json`. The default is `console`.
+<4> Specifies the logging level for the Custom Metrics Autoscaler Metrics Server. The allowed values are `0` for `info` and `4` or `debug`. The default is `0`.
+<5> Activates audit logging for the Custom Metrics Autoscaler Operator and specifies the audit policy to use, as described in the "Configuring audit logging" section.
+
+.. Click *Create* to create the KEDA controller.
diff --git a/modules/sd-olm-removing-catalogs.adoc b/modules/sd-olm-removing-catalogs.adoc
new file mode 100644
index 000000000000..3b6f011dc917
--- /dev/null
+++ b/modules/sd-olm-removing-catalogs.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * operators/admin/olm-managing-custom-catalogs.adoc
+
+// The OCP version of this procedure is olm-removing-catalogs.adoc.
+
+:_mod-docs-content-type: PROCEDURE
+[id="sd-olm-removing-catalogs_{context}"]
+= Removing custom catalogs
+
+As an administrator with the `dedicated-admin` role, you can remove custom Operator catalogs that have been previously added to your cluster by deleting the related catalog source.
+
+.Prerequisites
+* You have access to the cluster as a user with the `dedicated-admin` role.
+
+.Procedure
+
+. In the *Administrator* perspective of the web console, navigate to *Home* -> *Search*.
+
+. Select a project from the *Project:* list.
+
+. Select *CatalogSource* from the *Resources* list.
+
+. Select the *Options* menu {kebab} for the catalog that you want to remove, and then click *Delete CatalogSource*.
diff --git a/modules/sd-planning-cluster-maximums.adoc b/modules/sd-planning-cluster-maximums.adoc
index 5883f8279d12..7aa0869e84f5 100644
--- a/modules/sd-planning-cluster-maximums.adoc
+++ b/modules/sd-planning-cluster-maximums.adoc
@@ -4,18 +4,18 @@
 // * rosa_planning/rosa-limits-scalability.adoc
 
 [id="tested-cluster-maximums-sd_{context}"]
-= ROSA tested cluster maximums
+= Cluster maximums
 
 Consider the following tested object maximums when you plan a {product-title}
 ifdef::openshift-rosa[]
-(ROSA) 
+(ROSA)
 endif::[]
-cluster installation. The table specifies the maximum limits for each tested type in a 
+cluster installation. The table specifies the maximum limits for each tested type in a
 ifdef::openshift-rosa[]
-(ROSA) 
+(ROSA)
 endif::[]
 ifdef::openshift-dedicated[]
-{product-title}  
+{product-title}
 endif::[]
 cluster.
 
diff --git a/modules/sd-planning-considerations.adoc b/modules/sd-planning-considerations.adoc
index 9172e249746b..7ed94e339da8 100644
--- a/modules/sd-planning-considerations.adoc
+++ b/modules/sd-planning-considerations.adoc
@@ -54,14 +54,13 @@ is 180.
 
 If you change the number of compute nodes after installation, the control plane and infrastructure nodes are scaled by the Red Hat Site Reliability Engineering (SRE) team as required. The nodes are scaled to maintain platform stability.
 
-Post-installation scaling requirements for control plane and infrastructure nodes are assessed on a case-by-case basis. Node resource consumption and received alerts are taken into consideration.
+Postinstallation scaling requirements for control plane and infrastructure nodes are assessed on a case-by-case basis. Node resource consumption and received alerts are taken into consideration.
 
 .Rules for control plane node resizing alerts
 
-Resizing alerts are triggered for the control plane nodes in a cluster when either of the following scenarios are true: 
+The resizing alert is triggered for the control plane nodes in a cluster when the following occurs:
 
-* Each control plane node has less than 16GiB RAM, and there are more than 25 and less than 101 compute nodes.
-* Each control plane node has less than 32GiB RAM, and there are more than 100 compute nodes.
+* Control plane nodes sustain over 66% utilization on average in a classic ROSA cluster.
 +
 [NOTE]
 ====
@@ -70,10 +69,10 @@ The maximum number of compute nodes on ROSA is 180.
 
 .Rules for infrastructure node resizing alerts
 
-Resizing alerts are triggered for the infrastructure nodes in a cluster when either of the following scenarios are true: 
+Resizing alerts are triggered for the infrastructure nodes in a cluster when it has high-sustained CPU or memory utilization. This high-sustained utilization status is: 
 
-* Each infrastructure node has less than 16GiB RAM or less than 5 CPUs, and there are more than 25 and less than 101 compute nodes.
-* Each infrastructure node has less than 32GiB RAM or less than 9 CPUs, and there are more than 100 compute nodes.
+* Infrastructure nodes sustain over 50% utilization on average in a classic ROSA cluster with a single availability zone using 2 infrastructure nodes.
+* Infrastructure nodes sustain over 66% utilization on average in a classic ROSA cluster with multiple availability zones using 3 infrastructure nodes.
 +
 [NOTE]
 ====
@@ -85,6 +84,8 @@ ifdef::openshift-dedicated[]
 {product-title} 
 endif::[]
 is 180.
+
+The resizing alerts only appear after sustained periods of high utilization. Short usage spikes, such as a node temporarily going down causing the other node to scale up, do not trigger these alerts.
 ====
 
 The SRE team might scale the control plane and infrastructure nodes for additional reasons, for example to manage an increase in resource consumption on the nodes.
diff --git a/modules/sd-understanding-process-id-limits.adoc b/modules/sd-understanding-process-id-limits.adoc
new file mode 100644
index 000000000000..e6a4c769c0a9
--- /dev/null
+++ b/modules/sd-understanding-process-id-limits.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-configuring-pid-limits.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="understanding-process-id-limits_{context}"]
+= Understanding process ID limits
+
+In {product-title}, consider these two supported limits for process ID (PID) usage before you schedule work on your cluster:
+
+* Maximum number of PIDs per pod.
++
+The default value is 4,096 in {product-title} 4.11 and later. This value is controlled by the `podPidsLimit` parameter set on the node.
+
+* Maximum number of PIDs per node.
++
+The default value depends on link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/nodes/index#nodes-nodes-resources-configuring[node resources]. In {product-title}, this value is controlled by the link:https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#system-reserved[`--system-reserved`] parameter, which reserves PIDs on each node based on the total resources of the node.
+
+When a pod exceeds the allowed maximum number of PIDs per pod, the pod might stop functioning correctly and might be evicted from the node. See link:https://kubernetes.io/docs/concepts/scheduling-eviction/node-pressure-eviction/#eviction-signals-and-thresholds[the Kubernetes documentation for eviction signals and thresholds] for more information.
+
+When a node exceeds the allowed maximum number of PIDs per node, the node can become unstable because new processes cannot have PIDs assigned. If existing processes cannot complete without creating additional processes, the entire node can become unusable and require reboot. This situation can result in data loss, depending on the processes and applications being run. Customer administrators and Red Hat Site Reliability Engineering are notified when this threshold is reached, and a `Worker node is experiencing PIDPressure` warning will appear in the cluster logs.
diff --git a/modules/sdpolicy-am-aws-compute-types-ccs.adoc b/modules/sdpolicy-am-aws-compute-types-ccs.adoc
index 683ab9b74ac2..7cf1a6d5d942 100644
--- a/modules/sdpolicy-am-aws-compute-types-ccs.adoc
+++ b/modules/sdpolicy-am-aws-compute-types-ccs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="aws-instance-types-ccs_{context}"]
 = AWS instance types for Customer Cloud Subscription clusters
 
@@ -89,7 +89,7 @@
 - m6id.24xlarge (96 vCPU, 384 GiB)
 - m6id.32xlarge (128 vCPU, 512 GiB)
 
-&#8224; These instance types provide 96 logical processors on 48 physical cores. They run on single servers with two physical Intel sockets. 
+&#8224; These instance types provide 96 logical processors on 48 physical cores. They run on single servers with two physical Intel sockets.
 ====
 
 .Burstable general purpose
@@ -343,4 +343,19 @@ Support for the GPU instance type software stack is provided by AWS. Ensure that
 [NOTE]
 ====
 Virtual instance types initialize faster than ".metal" instance types.
+====
+
+.High memory
+[%collapsible]
+====
+- u-3tb1.56xlarge (224 vCPU, 3,072 GiB)
+- u-6tb1.56xlarge (224 vCPU, 6,144 GiB)
+- u-6tb1.112xlarge (448 vCPU, 6,144 GiB)
+- u-6tb1.metal (448 vCPU, 6,144 GiB)
+- u-9tb1.112xlarge (448 vCPU, 9,216 GiB)
+- u-9tb1.metal (448 vCPU, 9,216 GiB)
+- u-12tb1.112xlarge (448 vCPU, 12,288 GiB)
+- u-12tb1.metal (448 vCPU, 12,288 GiB)
+- u-18tb1.metal (448 vCPU, 18,432 GiB)
+- u-24tb1.metal (448 vCPU, 24,576 GiB)
 ====
\ No newline at end of file
diff --git a/modules/sdpolicy-am-aws-compute-types-non-ccs.adoc b/modules/sdpolicy-am-aws-compute-types-non-ccs.adoc
index 2692d6af3f76..e84fce02401d 100644
--- a/modules/sdpolicy-am-aws-compute-types-non-ccs.adoc
+++ b/modules/sdpolicy-am-aws-compute-types-non-ccs.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="aws-instance-types-non-ccs_{context}"]
 = AWS instance types for standard clusters
 
diff --git a/modules/sdpolicy-am-billing.adoc b/modules/sdpolicy-am-billing.adoc
index 26fa0f3ffaef..a389722c3965 100644
--- a/modules/sdpolicy-am-billing.adoc
+++ b/modules/sdpolicy-am-billing.adoc
@@ -1,14 +1,43 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="billing_{context}"]
-= Billing
-Each {product-title} cluster requires a minimum annual base cluster purchase and there are two billing options available for each cluster: Standard and Customer Cloud Subscription (CCS).
+= Billing options
 
-Standard {product-title} clusters are deployed in to their own cloud infrastructure accounts, each owned by Red Hat. Red Hat is responsible for this account, and cloud infrastructure costs are paid directly by Red Hat. The customer only pays the Red Hat subscription costs.
+Customers have the option to purchase annual subscriptions of {product-title} (OSD) or consume on-demand through cloud marketplaces. Customers can decide to bring their own cloud infrastructure account, referred to as Customer Cloud Subscription (CCS), or deploy in cloud provider accounts owned by Red Hat. The table below provides additional information regarding billing, as well as the corresponding supported deployment options.
+[cols="2a,3a,3a",options="header"]
+|===
 
-In the CCS model, the customer pays the cloud infrastructure provider directly for cloud costs and the cloud infrastructure account is part of a customer’s Organization, with specific access granted to Red Hat. In this model, the customer pays Red Hat for the CCS subscription and pays the cloud provider for the cloud costs. It is the customer's responsibility to pre-purchase or provide Reserved Instance (RI) compute instances to ensure lower cloud infrastructure costs.
+|OSD Subscription-type
+|Cloud infrastructure account
+|Billed through
+
+.2+|Annual fixed capacity subscriptions through Red Hat |Red Hat cloud account
+
+|Red Hat for consumption of both OSD subscriptions and cloud infrastructure
+
+|Customer's own cloud account
+|Red Hat for consumption of the OSD subscriptions
+
+Cloud provider for consumption of cloud infrastructure
+
+|On-demand usage-based consumption through Google Cloud Marketplace
+
+|Customer's own Google Cloud account
+|Google Cloud for both cloud infrastructure and Red Hat OSD subscriptions
+
+|On-demand usage-based consumption through Red Hat Marketplace|Customer’s own cloud account| Red Hat for consumption of the OSD subscriptions
+
+Cloud provider for consumption of cloud infrastructure
+
+|===
+
+[IMPORTANT]
+====
+
+Customers that use their own cloud infrastructure account, referred to as Customer Cloud Subscription (CSS), are responsible to pre-purchase or provide Reserved Instance (RI) compute instances to ensure lower cloud infrastructure costs.
+====
 
 Additional resources can be purchased for an OpenShift Dedicated Cluster, including:
 
diff --git a/modules/sdpolicy-am-cloud-providers.adoc b/modules/sdpolicy-am-cloud-providers.adoc
index d6fc780cd1f0..d5371681add6 100644
--- a/modules/sdpolicy-am-cloud-providers.adoc
+++ b/modules/sdpolicy-am-cloud-providers.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cloud-providers_{context}"]
 = Cloud providers
 
diff --git a/modules/sdpolicy-am-cluster-self-service.adoc b/modules/sdpolicy-am-cluster-self-service.adoc
index 88596e478746..38e9c0d99a0a 100644
--- a/modules/sdpolicy-am-cluster-self-service.adoc
+++ b/modules/sdpolicy-am-cluster-self-service.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-self-service_{context}"]
 = Cluster self-service
 
diff --git a/modules/sdpolicy-am-compute.adoc b/modules/sdpolicy-am-compute.adoc
index 38f4c974dede..8790b7fae524 100644
--- a/modules/sdpolicy-am-compute.adoc
+++ b/modules/sdpolicy-am-compute.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="instance-types_{context}"]
 = Instance types
 
@@ -11,11 +11,6 @@ Multiple availability zone clusters require a minimum of 3 worker nodes for Cust
 
 Worker nodes must all be the same type and size within a single {product-title} cluster.
 
-[NOTE]
-====
-The default machine pool node type and size cannot be changed after the cluster has been created.
-====
-
 Control plane and infrastructure nodes are also provided by Red Hat. There are at least 3 control plane nodes that handle etcd and API-related workloads. There are at least 2 infrastructure nodes that handle metrics, routing, the web console, and other workloads. You must not run any workloads on the control plane and infrastructure nodes. Any workloads you intend to run must be deployed on worker nodes. See the Red Hat Operator support section below for more information about Red Hat workloads that must be deployed on worker nodes.
 
 [NOTE]
diff --git a/modules/sdpolicy-am-gcp-compute-types.adoc b/modules/sdpolicy-am-gcp-compute-types.adoc
index d26f266d61ad..076cb68934a2 100644
--- a/modules/sdpolicy-am-gcp-compute-types.adoc
+++ b/modules/sdpolicy-am-gcp-compute-types.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="gcp-compute-types_{context}"]
 = Google Cloud compute types
 
diff --git a/modules/sdpolicy-am-limited-support.adoc b/modules/sdpolicy-am-limited-support.adoc
index b20768e88887..bd8b23646f6c 100644
--- a/modules/sdpolicy-am-limited-support.adoc
+++ b/modules/sdpolicy-am-limited-support.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="limited-support_{context}"]
 = Limited support status
 
diff --git a/modules/sdpolicy-am-regions-availability-zones.adoc b/modules/sdpolicy-am-regions-availability-zones.adoc
index 200a54e0a951..23268afa8418 100644
--- a/modules/sdpolicy-am-regions-availability-zones.adoc
+++ b/modules/sdpolicy-am-regions-availability-zones.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="regions-availability-zones_{context}"]
 = Regions and availability zones
 The following AWS regions are supported by {OCP} 4 and are supported for {product-title}:
@@ -12,13 +12,17 @@ The following AWS regions are supported by {OCP} 4 and are supported for {produc
 * ap-northeast-2 (Seoul)
 * ap-northeast-3 (Osaka)
 * ap-south-1 (Mumbai)
+* ap-south-2 (Hyderabad, AWS opt-in required)
 * ap-southeast-1 (Singapore)
 * ap-southeast-2 (Sydney)
 * ap-southeast-3 (Jakarta, AWS opt-in required)
+* ap-southeast-4 (Melbourne, AWS opt-in required)
 * ca-central-1 (Central Canada)
 * eu-central-1 (Frankfurt)
+* eu-central-2 (Zurich, AWS opt-in required)
 * eu-north-1 (Stockholm)
 * eu-south-1 (Milan, AWS opt-in required)
+* eu-south-2 (Spain, AWS opt-in required)
 * eu-west-1 (Ireland)
 * eu-west-2 (London)
 * eu-west-3 (Paris)
@@ -36,10 +40,9 @@ The following Google Cloud regions are currently supported:
 * asia-east2, Hong Kong
 * asia-northeast1, Tokyo, Japan
 * asia-northeast2, Osaka, Japan
-* asia-northeast3, Seoul, Korea
 * asia-south1, Mumbai, India
 * asia-southeast1, Jurong West, Singapore
-* asia-southeast2, Jakarta, Indonesia
+* australia-southeast1, Sydney, Australia
 * europe-north1, Hamina, Finland
 * europe-west1, St. Ghislain, Belgium
 * europe-west2, London, England, UK
@@ -53,8 +56,6 @@ The following Google Cloud regions are currently supported:
 * us-east4, Ashburn, Northern Virginia, USA
 * us-west1, The Dalles, Oregon, USA
 * us-west2, Los Angeles, California, USA
-* us-west3, Salt Lake City, Utah, USA
-* us-west4, Las Vegas, Nevada, USA
 
 Multi-AZ clusters can only be deployed in regions with at least 3 availability zones (see link:https://aws.amazon.com/about-aws/global-infrastructure/regions_az/[AWS] and link:https://cloud.google.com/compute/docs/regions-zones[Google Cloud]).
 
diff --git a/modules/sdpolicy-am-sla.adoc b/modules/sdpolicy-am-sla.adoc
index 4d7e8343c6fb..74265214d0fe 100644
--- a/modules/sdpolicy-am-sla.adoc
+++ b/modules/sdpolicy-am-sla.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sla_{context}"]
 = Service level agreement (SLA)
 Any SLAs for the service itself are defined in Appendix 4 of the link:https://www.redhat.com/en/about/agreements[Red Hat Enterprise Agreement Appendix 4 (Online Subscription Services)].
\ No newline at end of file
diff --git a/modules/sdpolicy-am-support.adoc b/modules/sdpolicy-am-support.adoc
index ad6e9a257fab..2a6266a371f9 100644
--- a/modules/sdpolicy-am-support.adoc
+++ b/modules/sdpolicy-am-support.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * osd_architecture/osd_policy/osd-service-definition.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="support_{context}"]
 = Support
 {product-title} includes Red Hat Premium Support, which can be accessed by using the link:https://access.redhat.com/support?extIdCarryOver=true&sc_cid=701f2000001Css5AAC[Red Hat Customer Portal].
diff --git a/modules/sdpolicy-logging.adoc b/modules/sdpolicy-logging.adoc
index e977f3fbe5c1..bbfc8aefe0cf 100644
--- a/modules/sdpolicy-logging.adoc
+++ b/modules/sdpolicy-logging.adoc
@@ -4,14 +4,14 @@
 
 [id="sdpolicy-logging_{context}"]
 = Logging
+{product-title} provides optional integrated log forwarding to Amazon CloudWatch (on AWS) or Google Cloud Logging (on GCP).
 
-{product-title} provides optional integrated log forwarding to Amazon CloudWatch.
+For more information, see link:https://docs.openshift.com/dedicated/logging/log_collection_forwarding/log-forwarding.html[About log collection and forwarding].
 
 [id="audit-logging_{context}"]
 == Cluster audit logging
-Cluster audit logs are available through Amazon CloudWatch, if the integration is enabled. If the integration is not enabled, you can request the audit logs by opening a support case. Audit log requests must specify a date and time range not to exceed 21 days. When requesting audit logs, customers should be aware that audit logs are many GB per day in size.
-
-
+Cluster audit logs are available through Amazon CloudWatch (on AWS) or Google Cloud Logging (on GCP), if the integration is enabled. If the integration is not enabled, you can request the audit logs by opening a support case. Audit log requests must specify a date and time range not to exceed 21 days. When requesting audit logs, customers should be aware that audit logs are many GB per day in size.
 [id="application-logging_{context}"]
 == Application logging
-Application logs sent to `STDOUT` are collected by Fluentd and forwarded to Amazon CloudWatch through the cluster logging stack, if it is installed.
+Application logs sent to `STDOUT` are forwarded to Amazon CloudWatch (on AWS) or Google Cloud Logging (on GCP) through the cluster logging stack, if it is installed.
+
diff --git a/modules/sdpolicy-networking.adoc b/modules/sdpolicy-networking.adoc
index 14513daa2b52..7a303bd211a9 100644
--- a/modules/sdpolicy-networking.adoc
+++ b/modules/sdpolicy-networking.adoc
@@ -7,6 +7,12 @@
 
 [id="custom-domains_{context}"]
 == Custom domains for applications
+
+[NOTE]
+====
+Starting with {product-title} 4.14, the Custom Domain Operator is deprecated. To manage Ingress in {product-title} 4.14 or later, use the Ingress Operator. The functionality is unchanged for {product-title} 4.13 and earlier versions.
+====
+
 To use a custom hostname for a route, you must update your DNS provider by creating a canonical name (CNAME) record. Your CNAME record should map the OpenShift canonical router hostname to your custom domain. The OpenShift canonical router hostname is shown on the *Route Details* page after a Route is created. Alternatively, a wildcard CNAME record can be created once to route all subdomains for a given hostname to the cluster's router.
 
 [id="custom-domains-cluster_{context}"]
diff --git a/modules/sdpolicy-platform.adoc b/modules/sdpolicy-platform.adoc
index aff5d85adad6..7dd05d24ffc5 100644
--- a/modules/sdpolicy-platform.adoc
+++ b/modules/sdpolicy-platform.adoc
@@ -47,7 +47,7 @@ The following table shows the frequency of backups:
 
 [id="autoscaling_{context}"]
 == Autoscaling
-Node autoscaling is not available on {product-title} at this time.
+Node autoscaling is available on {product-title}. See link:https://docs.openshift.com/dedicated/osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.html[About autoscaling nodes on a cluster] for more information on autoscaling nodes on a cluster.
 
 [id="daemon-sets_{context}"]
 == Daemon sets
@@ -97,8 +97,8 @@ Red Hat workloads typically refer to Red Hat-provided Operators made available t
 * {rhq-short}
 * Red Hat Advanced Cluster Management
 * Red Hat Advanced Cluster Security
-* {SMProductName} 
-* {ServerlessProductName} 
+* {SMProductName}
+* {ServerlessProductName}
 * {logging-sd}
 * {pipelines-title}
 
diff --git a/modules/sdpolicy-security.adoc b/modules/sdpolicy-security.adoc
index 664646f9a217..44083b806582 100644
--- a/modules/sdpolicy-security.adoc
+++ b/modules/sdpolicy-security.adoc
@@ -30,6 +30,7 @@ In addition to normal users, {product-title} provides access to an {product-titl
 * Can add and manage `NetworkPolicy` objects.
 * Are able to view information about specific nodes and PVs in the cluster, including scheduler information.
 * Can access the reserved `dedicated-admin` project on the cluster, which allows for the creation of service accounts with elevated privileges and also gives the ability to update default limits and quotas for projects on the cluster.
+* Can install Operators from OperatorHub (`\*` verbs in all `*.operators.coreos.com` API groups).
 
 [id="cluster-admin-role_{context}"]
 == Cluster administration role
@@ -59,7 +60,9 @@ $ oc adm policy add-cluster-role-to-group self-provisioner system:authenticated:
 .Security and control certifications for {product-title}
 [cols= "3,3,3",options="header"]
 |===
-| Certification | {product-title} on AWS | {product-title} on GCP
+| Compliance | {product-title} on AWS | {product-title} on GCP
+
+| HIPAA Qualified | Yes (Only Customer Cloud Subscriptions) | Yes (Only Customer Cloud Subscriptions)
 
 | ISO 27001 | Yes | Yes
 
@@ -74,7 +77,8 @@ $ oc adm policy add-cluster-role-to-group self-provisioner system:authenticated:
 
 [id="network-security_{context}"]
 == Network security
-With {product-title} on AWS, AWS provides a standard DDoS protection on all Load Balancers, called AWS Shield. This provides 95% protection against most commonly used level 3 and 4 attacks on all the public facing Load Balancers used for {product-title}. A 10-second timeout is added for HTTP requests coming to the haproxy router to receive a response or the connection is closed to provide additional protection.
+Each {product-title} cluster is protected by a secure network configuration at the cloud infrastructure level using firewall rules (AWS Security Groups or Google Cloud Compute Engine firewall rules). {product-title} customers on AWS are also protected against DDoS attacks with link:https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html[AWS Shield Standard].
+Similarly, all GCP load balancers and public IP addresses used by {product-title} on GCP are protected against DDoS attacks with link:https://cloud.google.com/armor/docs/managed-protection-overview[Google Cloud Armor Standard].
 
 [id="etcd-encryption_{context}"]
 == etcd encryption
diff --git a/modules/secrets-store-auto-rotation.adoc b/modules/secrets-store-auto-rotation.adoc
new file mode 100644
index 000000000000..41774a8c9f1d
--- /dev/null
+++ b/modules/secrets-store-auto-rotation.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets-store.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="secrets-store-auto-rotation_{context}"]
+= Automatic rotation
+
+The {secrets-store-driver} periodically rotates the content in the mounted volume with the content from the external secrets store. If a secret is updated in the external secrets store, the secret will be updated in the mounted volume. The {secrets-store-operator} polls for updates every 2 minutes.
+
+If you enabled synchronization of mounted content as Kubernetes secrets, the Kubernetes secrets are also rotated.
+
+Applications consuming the secret data must watch for updates to the secrets.
diff --git a/modules/secrets-store-aws.adoc b/modules/secrets-store-aws.adoc
new file mode 100644
index 000000000000..21b9f149acc9
--- /dev/null
+++ b/modules/secrets-store-aws.adoc
@@ -0,0 +1,372 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets-store.adoc
+//
+// IMPORTANT: This file requires you to define :secrets-store-provider: before including this module.
+
+ifeval::["{secrets-store-provider}" == "AWS Secrets Manager"]
+:aws-secrets-manager:
+endif::[]
+ifeval::["{secrets-store-provider}" == "AWS Systems Manager Parameter Store"]
+:aws-systems-manager-parameter-store:
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="secrets-store-aws_{context}"]
+= Mounting secrets from {secrets-store-provider}
+
+You can use the {secrets-store-operator} to mount secrets from {secrets-store-provider} to a CSI volume in {product-title}. To mount secrets from {secrets-store-provider}, your cluster must be installed on AWS and use AWS Security Token Service (STS).
+
+[IMPORTANT]
+====
+It is not supported to use the {secrets-store-operator} with {secrets-store-provider} in a hosted control plane cluster.
+====
+
+.Prerequisites
+
+* Your cluster is installed on AWS and uses AWS Security Token Service (STS).
+* You have installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions.
+* You have configured {secrets-store-provider} to store the required secrets.
+* You have extracted and prepared the `ccoctl` binary.
+* You have installed the `jq` CLI tool.
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Install the {secrets-store-provider} provider:
+
+.. Create a YAML file with the following configuration for the provider resources:
++
+[IMPORTANT]
+====
+The {secrets-store-provider} provider for the {secrets-store-driver} is an upstream provider.
+
+This configuration is modified from the configuration provided in the upstream link:https://github.com/aws/secrets-store-csi-driver-provider-aws#installing-the-aws-provider[AWS documentation] so that it works properly with {product-title}. Changes to this configuration might impact functionality.
+====
++
+.Example `aws-provider.yaml` file
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-secrets-store-provider-aws
+  namespace: openshift-cluster-csi-drivers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csi-secrets-store-provider-aws-cluster-role
+rules:
+- apiGroups: [""]
+  resources: ["serviceaccounts/token"]
+  verbs: ["create"]
+- apiGroups: [""]
+  resources: ["serviceaccounts"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: csi-secrets-store-provider-aws-cluster-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: csi-secrets-store-provider-aws-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: csi-secrets-store-provider-aws
+  namespace: openshift-cluster-csi-drivers
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: openshift-cluster-csi-drivers
+  name: csi-secrets-store-provider-aws
+  labels:
+    app: csi-secrets-store-provider-aws
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: csi-secrets-store-provider-aws
+  template:
+    metadata:
+      labels:
+        app: csi-secrets-store-provider-aws
+    spec:
+      serviceAccountName: csi-secrets-store-provider-aws
+      hostNetwork: false
+      containers:
+        - name: provider-aws-installer
+          image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-50-g5b4aca1-2023.06.09.21.19
+          imagePullPolicy: Always
+          args:
+              - --provider-volume=/etc/kubernetes/secrets-store-csi-providers
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/secrets-store-csi-providers"
+              name: providervol
+            - name: mountpoint-dir
+              mountPath: /var/lib/kubelet/pods
+              mountPropagation: HostToContainer
+      tolerations:
+      - operator: Exists
+      volumes:
+        - name: providervol
+          hostPath:
+            path: "/etc/kubernetes/secrets-store-csi-providers"
+        - name: mountpoint-dir
+          hostPath:
+            path: /var/lib/kubelet/pods
+            type: DirectoryOrCreate
+      nodeSelector:
+        kubernetes.io/os: linux
+----
+
+.. Grant privileged access to the `csi-secrets-store-provider-aws` service account by running the following command:
++
+[source,terminal]
+----
+$ oc adm policy add-scc-to-user privileged -z csi-secrets-store-provider-aws -n openshift-cluster-csi-drivers
+----
+
+.. Create the provider resources by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f aws-provider.yaml
+----
+
+. Grant permission to allow the service account to read the AWS secret object:
+
+.. Create a directory to contain the credentials request by running the following command:
++
+[source,terminal]
+----
+$ mkdir credentialsrequest-dir-aws
+----
+
+.. Create a YAML file with the following configuration for the credentials request:
++
+.Example `credentialsrequest.yaml` file
+[source,yaml]
+----
+apiVersion: cloudcredential.openshift.io/v1
+kind: CredentialsRequest
+metadata:
+  name: aws-provider-test
+  namespace: openshift-cloud-credential-operator
+spec:
+  providerSpec:
+    apiVersion: cloudcredential.openshift.io/v1
+    kind: AWSProviderSpec
+ifdef::aws-secrets-manager[]
+    statementEntries:
+    - action:
+      - "secretsmanager:GetSecretValue"
+      - "secretsmanager:DescribeSecret"
+      effect: Allow
+      resource: "arn:*:secretsmanager:*:*:secret:testSecret-??????"
+endif::aws-secrets-manager[]
+ifdef::aws-systems-manager-parameter-store[]
+    statementEntries:
+    - action:
+      - "ssm:GetParameter"
+      - "ssm:GetParameters"
+      effect: Allow
+      resource: "arn:*:ssm:*:*:parameter/testParameter*"
+endif::aws-systems-manager-parameter-store[]
+  secretRef:
+    name: aws-creds
+    namespace: my-namespace
+  serviceAccountNames:
+  - aws-provider
+----
+
+.. Retrieve the OIDC provider by running the following command:
++
+[source,terminal]
+----
+$ oc get --raw=/.well-known/openid-configuration | jq -r '.issuer'
+----
++
+.Example output
+[source,terminal]
+----
+https://<oidc_provider_name>
+----
+Copy the OIDC provider name `<oidc_provider_name>` from the output to use in the next step.
+
+.. Use the `ccoctl` tool to process the credentials request by running the following command:
++
+[source,terminal]
+----
+$ ccoctl aws create-iam-roles \
+    --name my-role --region=<aws_region> \
+    --credentials-requests-dir=credentialsrequest-dir-aws \
+    --identity-provider-arn arn:aws:iam::<aws_account>:oidc-provider/<oidc_provider_name> --output-dir=credrequests-ccoctl-output
+----
++
+.Example output
+[source,terminal]
+----
+2023/05/15 18:10:34 Role arn:aws:iam::<aws_account_id>:role/my-role-my-namespace-aws-creds created
+2023/05/15 18:10:34 Saved credentials configuration to: credrequests-ccoctl-output/manifests/my-namespace-aws-creds-credentials.yaml
+2023/05/15 18:10:35 Updated Role policy for Role my-role-my-namespace-aws-creds
+----
++
+Copy the `<aws_role_arn>` from the output to use in the next step. For example, `arn:aws:iam::<aws_account_id>:role/my-role-my-namespace-aws-creds`.
+
+.. Bind the service account with the role ARN by running the following command:
++
+[source,terminal]
+----
+$ oc annotate -n my-namespace sa/aws-provider eks.amazonaws.com/role-arn="<aws_role_arn>"
+----
+
+. Create a secret provider class to define your secrets store provider:
+
+.. Create a YAML file that defines the `SecretProviderClass` object:
++
+.Example `secret-provider-class-aws.yaml`
+[source,yaml]
+----
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: my-aws-provider                   <1>
+  namespace: my-namespace                 <2>
+spec:
+  provider: aws                           <3>
+  parameters:                             <4>
+ifdef::aws-secrets-manager[]
+    objects: |
+      - objectName: "testSecret"
+        objectType: "secretsmanager"
+endif::aws-secrets-manager[]
+ifdef::aws-systems-manager-parameter-store[]
+    objects: |
+      - objectName: "testParameter"
+        objectType: "ssmparameter"
+endif::aws-systems-manager-parameter-store[]
+----
+<1> Specify the name for the secret provider class.
+<2> Specify the namespace for the secret provider class.
+<3> Specify the provider as `aws`.
+<4> Specify the provider-specific configuration parameters.
+
+.. Create the `SecretProviderClass` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f secret-provider-class-aws.yaml
+----
+
+. Create a deployment to use this secret provider class:
+
+.. Create a YAML file that defines the `Deployment` object:
++
+.Example `deployment.yaml`
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-aws-deployment                              <1>
+  namespace: my-namespace                              <2>
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: my-storage
+  template:
+    metadata:
+      labels:
+        app: my-storage
+    spec:
+      containers:
+      - name: busybox
+        image: k8s.gcr.io/e2e-test-images/busybox:1.29
+        command:
+          - "/bin/sleep"
+          - "10000"
+        volumeMounts:
+        - name: secrets-store-inline
+          mountPath: "/mnt/secrets-store"
+          readOnly: true
+      volumes:
+        - name: secrets-store-inline
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "my-aws-provider" <3>
+----
+<1> Specify the name for the deployment.
+<2> Specify the namespace for the deployment. This must be the same namespace as the secret provider class.
+<3> Specify the name of the secret provider class.
+
+.. Create the `Deployment` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f deployment.yaml
+----
+
+.Verification
+
+* Verify that you can access the secrets from {secrets-store-provider} in the pod volume mount:
+
+.. List the secrets in the pod mount:
++
+[source,terminal]
+----
+$ oc exec busybox-<hash> -n my-namespace -- ls /mnt/secrets-store/
+----
++
+.Example output
+[source,terminal]
+----
+ifdef::aws-secrets-manager[]
+testSecret
+endif::aws-secrets-manager[]
+ifdef::aws-systems-manager-parameter-store[]
+testParameter
+endif::aws-systems-manager-parameter-store[]
+----
+
+.. View a secret in the pod mount:
++
+[source,terminal]
+----
+$ oc exec busybox-<hash> -n my-namespace -- cat /mnt/secrets-store/testSecret
+----
++
+.Example output
+[source,terminal]
+----
+<secret_value>
+----
+
+ifeval::["{secrets-store-provider}" == "AWS Secrets Manager"]
+:!aws-secrets-manager:
+endif::[]
+ifeval::["{secrets-store-provider}" == "AWS Systems Manager Parameter Store"]
+:!aws-systems-manager-parameter-store:
+endif::[]
diff --git a/modules/secrets-store-azure.adoc b/modules/secrets-store-azure.adoc
new file mode 100644
index 000000000000..87b8628518ae
--- /dev/null
+++ b/modules/secrets-store-azure.adoc
@@ -0,0 +1,310 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets-store.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="secrets-store-azure_{context}"]
+= Mounting secrets from Azure Key Vault
+
+You can use the {secrets-store-operator} to mount secrets from Azure Key Vault to a CSI volume in {product-title}. To mount secrets from Azure Key Vault, your cluster must be installed on Microsoft Azure.
+
+.Prerequisites
+
+* Your cluster is installed on Azure.
+* You have installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions.
+* You have configured Azure Key Vault to store the required secrets.
+* You have installed the Azure CLI (`az`).
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Install the Azure Key Vault provider:
+
+.. Create a YAML file with the following configuration for the provider resources:
++
+[IMPORTANT]
+====
+The Azure Key Vault provider for the {secrets-store-driver} is an upstream provider.
+
+This configuration is modified from the configuration provided in the upstream link:https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/getting-started/installation/[Azure documentation] so that it works properly with {product-title}. Changes to this configuration might impact functionality.
+====
++
+.Example `azure-provider.yaml` file
+[source,yaml]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-secrets-store-provider-azure
+  namespace: openshift-cluster-csi-drivers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csi-secrets-store-provider-azure-cluster-role
+rules:
+- apiGroups: [""]
+  resources: ["serviceaccounts/token"]
+  verbs: ["create"]
+- apiGroups: [""]
+  resources: ["serviceaccounts"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: csi-secrets-store-provider-azure-cluster-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: csi-secrets-store-provider-azure-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: csi-secrets-store-provider-azure
+  namespace: openshift-cluster-csi-drivers
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: openshift-cluster-csi-drivers
+  name: csi-secrets-store-provider-azure
+  labels:
+    app: csi-secrets-store-provider-azure
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: csi-secrets-store-provider-azure
+  template:
+    metadata:
+      labels:
+        app: csi-secrets-store-provider-azure
+    spec:
+      serviceAccountName: csi-secrets-store-provider-azure
+      hostNetwork: true
+      containers:
+        - name: provider-azure-installer
+          image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.1
+          imagePullPolicy: IfNotPresent
+          args:
+            - --endpoint=unix:///provider/azure.sock
+            - --construct-pem-chain=true
+            - --healthz-port=8989
+            - --healthz-path=/healthz
+            - --healthz-timeout=5s
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8989
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            timeoutSeconds: 10
+            periodSeconds: 30
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 0
+            capabilities:
+              drop:
+              - ALL
+          volumeMounts:
+            - mountPath: "/provider"
+              name: providervol
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: type
+                operator: NotIn
+                values:
+                - virtual-kubelet
+      volumes:
+        - name: providervol
+          hostPath:
+            path: "/var/run/secrets-store-csi-providers"
+      tolerations:
+      - operator: Exists
+      nodeSelector:
+        kubernetes.io/os: linux
+----
+
+.. Grant privileged access to the `csi-secrets-store-provider-azure` service account by running the following command:
++
+[source,terminal]
+----
+$ oc adm policy add-scc-to-user privileged -z csi-secrets-store-provider-azure -n openshift-cluster-csi-drivers
+----
+
+.. Create the provider resources by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f azure-provider.yaml
+----
+
+. Create a service principal to access the key vault:
+
+.. Set the service principal client secret as an environment variable by running the following command:
++
+[source,terminal]
+----
+$ SERVICE_PRINCIPAL_CLIENT_SECRET="$(az ad sp create-for-rbac --name https://$KEYVAULT_NAME --query 'password' -otsv)"
+----
+
+.. Set the service principal client ID as an environment variable by running the following command:
++
+[source,terminal]
+----
+$ SERVICE_PRINCIPAL_CLIENT_ID="$(az ad sp list --display-name https://$KEYVAULT_NAME --query '[0].appId' -otsv)"
+----
+
+.. Create a generic secret with the service principal client secret and ID by running the following command:
++
+[source,terminal]
+----
+$ oc create secret generic secrets-store-creds -n my-namespace --from-literal clientid=${SERVICE_PRINCIPAL_CLIENT_ID} --from-literal clientsecret=${SERVICE_PRINCIPAL_CLIENT_SECRET}
+----
+
+.. Apply the `secrets-store.csi.k8s.io/used=true` label to allow the provider to find this `nodePublishSecretRef` secret:
++
+[source,terminal]
+----
+$ oc -n my-namespace label secret secrets-store-creds secrets-store.csi.k8s.io/used=true
+----
+
+. Create a secret provider class to define your secrets store provider:
+
+.. Create a YAML file that defines the `SecretProviderClass` object:
++
+.Example `secret-provider-class-azure.yaml`
+[source,yaml]
+----
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: my-azure-provider                 <1>
+  namespace: my-namespace                 <2>
+spec:
+  provider: azure                         <3>
+  parameters:                             <4>
+    usePodIdentity: "false"
+    useVMManagedIdentity: "false"
+    userAssignedIdentityID: ""
+    keyvaultName: "kvname"
+    objects: |
+      array:
+        - |
+          objectName: secret1
+          objectType: secret
+    tenantId: "tid"
+----
+<1> Specify the name for the secret provider class.
+<2> Specify the namespace for the secret provider class.
+<3> Specify the provider as `azure`.
+<4> Specify the provider-specific configuration parameters.
+
+.. Create the `SecretProviderClass` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f secret-provider-class-azure.yaml
+----
+
+. Create a deployment to use this secret provider class:
+
+.. Create a YAML file that defines the `Deployment` object:
++
+.Example `deployment.yaml`
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-azure-deployment                            <1>
+  namespace: my-namespace                              <2>
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: my-storage
+  template:
+    metadata:
+      labels:
+        app: my-storage
+    spec:
+      containers:
+      - name: busybox
+        image: k8s.gcr.io/e2e-test-images/busybox:1.29
+        command:
+          - "/bin/sleep"
+          - "10000"
+        volumeMounts:
+        - name: secrets-store-inline
+          mountPath: "/mnt/secrets-store"
+          readOnly: true
+      volumes:
+        - name: secrets-store-inline
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: "my-azure-provider" <3>
+            nodePublishSecretRef:
+              name: secrets-store-creds                <4>
+----
+<1> Specify the name for the deployment.
+<2> Specify the namespace for the deployment. This must be the same namespace as the secret provider class.
+<3> Specify the name of the secret provider class.
+<4> Specify the name of the Kubernetes secret that contains the service principal credentials to access Azure Key Vault.
+
+.. Create the `Deployment` object by running the following command:
++
+[source,terminal]
+----
+$ oc create -f deployment.yaml
+----
+
+.Verification
+
+* Verify that you can access the secrets from Azure Key Vault in the pod volume mount:
+
+.. List the secrets in the pod mount:
++
+[source,terminal]
+----
+$ oc exec busybox-<hash> -n my-namespace -- ls /mnt/secrets-store/
+----
++
+.Example output
+[source,terminal]
+----
+secret1
+----
+
+.. View a secret in the pod mount:
++
+[source,terminal]
+----
+$ oc exec busybox-<hash> -n my-namespace -- cat /mnt/secrets-store/secret1
+----
++
+.Example output
+[source,terminal]
+----
+my-secret-value
+----
diff --git a/modules/secrets-store-providers.adoc b/modules/secrets-store-providers.adoc
new file mode 100644
index 000000000000..9c69cd94f192
--- /dev/null
+++ b/modules/secrets-store-providers.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets-store.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="secrets-store-providers_{context}"]
+= Secrets store providers
+
+The following secrets store providers are available for use with the {secrets-store-operator}:
+
+* AWS Secrets Manager
+* AWS Systems Manager Parameter Store
+* Azure Key Vault
diff --git a/modules/secrets-store-sync-secrets.adoc b/modules/secrets-store-sync-secrets.adoc
new file mode 100644
index 000000000000..0695567ab6e0
--- /dev/null
+++ b/modules/secrets-store-sync-secrets.adoc
@@ -0,0 +1,77 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets-store.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="secrets-store-sync-secrets_{context}"]
+= Enabling synchronization of mounted content as Kubernetes secrets
+
+You can enable synchronization to create Kubernetes secrets from the content on a mounted volume. An example where you might want to enable synchronization is to use an environment variable in your deployment to reference the Kubernetes secret.
+
+[WARNING]
+====
+Do not enable synchronization if you do not want to store your secrets on your {product-title} cluster and in etcd. Enable this functionality only if you require it, such as when you want to use environment variables to refer to the secret.
+====
+
+If you enable synchronization, the secrets from the mounted volume are synchronized as Kubernetes secrets after you start a pod that mounts the secrets.
+
+The synchronized Kubernetes secret is deleted when all pods that mounted the content are deleted.
+
+.Prerequisites
+
+* You have installed the {secrets-store-operator}.
+* You have installed a secrets store provider.
+* You have created the secret provider class.
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Edit the `SecretProviderClass` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit secretproviderclass my-azure-provider <1>
+----
+<1> Replace `my-azure-provider` with the name of your secret provider class.
+
+. Add the `secretsObjects` section with the configuration for the synchronized Kubernetes secrets:
++
+[source,yaml]
+----
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: my-azure-provider
+  namespace: my-namespace
+spec:
+  provider: azure
+  secretObjects:                                   <1>
+    - secretName: tlssecret                        <2>
+      type: kubernetes.io/tls                      <3>
+      labels:
+        environment: "test"
+      data:
+        - objectName: tlskey                       <4>
+          key: tls.key                             <5>
+        - objectName: tlscrt
+          key: tls.crt
+  parameters:
+    usePodIdentity: "false"
+    keyvaultName: "kvname"
+    objects:  |
+      array:
+        - |
+          objectName: tlskey
+          objectType: secret
+        - |
+          objectName: tlscrt
+          objectType: secret
+    tenantId: "tid"
+----
+<1> Specify the configuration for synchronized Kubernetes secrets.
+<2> Specify the name of the Kubernetes `Secret` object to create.
+<3> Specify the type of Kubernetes `Secret` object to create. For example, `Opaque` or `kubernetes.io/tls`.
+<4> Specify the object name or alias of the mounted content to synchronize.
+<5> Specify the data field from the specified `objectName` to populate the Kubernetes secret with.
+
+. Save the file to apply the changes.
diff --git a/modules/secrets-store-viewing-secret-versions.adoc b/modules/secrets-store-viewing-secret-versions.adoc
new file mode 100644
index 000000000000..9faf7e2b9bff
--- /dev/null
+++ b/modules/secrets-store-viewing-secret-versions.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * nodes/pods/nodes-pods-secrets-store.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="secrets-store-viewing-secret-versions_{context}"]
+= Viewing the status of secrets in the pod volume mount
+
+You can view detailed information, including the versions, of the secrets in the pod volume mount.
+
+The {secrets-store-operator} creates a `SecretProviderClassPodStatus` resource in the same namespace as the pod. You can review this resource to see detailed information, including versions, about the secrets in the pod volume mount.
+
+.Prerequisites
+
+* You have installed the {secrets-store-operator}.
+* You have installed a secrets store provider.
+* You have created the secret provider class.
+* You have deployed a pod that mounts a volume from the {secrets-store-operator}.
+* You have access to the cluster as a user with the `cluster-admin` role.
+
+.Procedure
+
+* View detailed information about the secrets in a pod volume mount by running the following command:
++
+[source,terminal]
+----
+$ oc get secretproviderclasspodstatus <secret_provider_class_pod_status_name> -o yaml <1>
+----
+<1> The name of the secret provider class pod status object is in the format of `<pod_name>-<namespace>-<secret_provider_class_name>`.
++
+.Example output
+[source,terminal]
+----
+...
+status:
+  mounted: true
+  objects:
+  - id: secret/tlscrt
+    version: f352293b97da4fa18d96a9528534cb33
+  - id: secret/tlskey
+    version: 02534bc3d5df481cb138f8b2a13951ef
+  podName: busybox-<hash>
+  secretProviderClassName: my-azure-provider
+  targetPath: /var/lib/kubelet/pods/f0d49c1e-c87a-4beb-888f-37798456a3e7/volumes/kubernetes.io~csi/secrets-store-inline/mount
+----
diff --git a/modules/security-audit-log-filtering.adoc b/modules/security-audit-log-filtering.adoc
index 0333612374f7..111ed4d7c5a8 100644
--- a/modules/security-audit-log-filtering.adoc
+++ b/modules/security-audit-log-filtering.adoc
@@ -2,7 +2,7 @@
 //
 // * security/audit-log-view.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-audit-log-basic-filtering_{context}"]
 = Filtering audit logs
 
@@ -17,7 +17,12 @@ The following procedure provides examples of using `jq` to filter audit logs on
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed `jq`.
 
 .Procedure
diff --git a/modules/security-compliance-nist.adoc b/modules/security-compliance-nist.adoc
index 5bbf82a08983..6649094e23bc 100644
--- a/modules/security-compliance-nist.adoc
+++ b/modules/security-compliance-nist.adoc
@@ -3,7 +3,7 @@
 // * security/container_security/security-compliance.adoc
 // * understanding-sandboxed-containers.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="security-compliance-nist_{context}"]
 = Understanding compliance and risk management
 
@@ -20,7 +20,7 @@ technologies are allowed on nodes.
 
 [IMPORTANT]
 ====
-The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
 ====
 endif::openshift-origin[]
 
diff --git a/modules/security-container-content-inside.adoc b/modules/security-container-content-inside.adoc
index a87af63041cf..b54f8c227c93 100644
--- a/modules/security-container-content-inside.adoc
+++ b/modules/security-container-content-inside.adoc
@@ -30,5 +30,5 @@ scanning features, used directly from {op-system-base} or added to {product-titl
 can alert you when
 an image you are using has vulnerabilities. OpenSCAP image scanning is
 available in {op-system-base} and the
-link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#container-security-operator-setup[{rhq-cso}] can be added
+link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/red_hat_quay_operator_features/container-security-operator-setup[{rhq-cso}] can be added
 to check container images used in {product-title}.
diff --git a/modules/security-container-content-scanning.adoc b/modules/security-container-content-scanning.adoc
index a8a911a3a6ed..14923dacb465 100644
--- a/modules/security-container-content-scanning.adoc
+++ b/modules/security-container-content-scanning.adoc
@@ -22,12 +22,12 @@ known vulnerabilities.
 For the container images that are running in {product-title}
 and are pulled from Red Hat Quay registries, you can use an Operator to list the
 vulnerabilities of those images. The
-link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#container-security-operator-setup[{rhq-cso}]
+link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/red_hat_quay_operator_features/container-security-operator-setup[{rhq-cso}]
 can be added to {product-title} to provide vulnerability reporting
 for images added to selected namespaces.
 
 Container image scanning for Red Hat Quay is performed by the
-link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#quay-security-scanner[Clair security scanner].
+link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/vulnerability_reporting_with_clair_on_red_hat_quay/index[Clair].
 In Red Hat Quay, Clair can search for and report vulnerabilities in
 images built from {op-system-base}, CentOS, Oracle, Alpine, Debian, and Ubuntu
 operating system software.
diff --git a/modules/security-context-constraints-about.adoc b/modules/security-context-constraints-about.adoc
index 3fc01cc6d77b..5a1814015070 100644
--- a/modules/security-context-constraints-about.adoc
+++ b/modules/security-context-constraints-about.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/managing-security-context-constraints.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="security-context-constraints-about_{context}"]
 = About security context constraints
 
@@ -331,6 +331,7 @@ sources that are defined when creating a volume:
 * link:https://kubernetes.io/docs/concepts/storage/volumes/#flexvolume[`flexVolume`]
 * link:https://kubernetes.io/docs/concepts/storage/volumes/#flocker[`flocker`]
 * link:https://kubernetes.io/docs/concepts/storage/volumes/#gcepersistentdisk[`gcePersistentDisk`]
+* link:https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes[`ephemeral`]
 * link:https://kubernetes.io/docs/concepts/storage/volumes/#gitrepo[`gitRepo`]
 * link:https://kubernetes.io/docs/concepts/storage/volumes/#glusterfs[`glusterfs`]
 * link:https://kubernetes.io/docs/concepts/storage/volumes/#hostpath[`hostPath`]
diff --git a/modules/security-context-constraints-creating.adoc b/modules/security-context-constraints-creating.adoc
index f2c686aab663..ac9c371e48ab 100644
--- a/modules/security-context-constraints-creating.adoc
+++ b/modules/security-context-constraints-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/managing-security-context-constraints.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-context-constraints-creating_{context}"]
 ifndef::openshift-dedicated[]
 = Creating security context constraints
diff --git a/modules/security-context-constraints-pre-allocated-values.adoc b/modules/security-context-constraints-pre-allocated-values.adoc
index 9395ac383ae2..835cbf7a73b0 100644
--- a/modules/security-context-constraints-pre-allocated-values.adoc
+++ b/modules/security-context-constraints-pre-allocated-values.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/managing-security-context-constraints.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 ifdef::openshift-origin,openshift-enterprise,openshift-dedicated,openshift-rosa[]
 [id="security-context-constraints-pre-allocated-values_{context}"]
 = About pre-allocated security context constraints values
diff --git a/modules/security-context-constraints-psa-about.adoc b/modules/security-context-constraints-psa-about.adoc
new file mode 100644
index 000000000000..aa8c3b9aebce
--- /dev/null
+++ b/modules/security-context-constraints-psa-about.adoc
@@ -0,0 +1,73 @@
+// Module included in the following assemblies:
+//
+// * authentication/understanding-and-managing-pod-security-admission.adoc
+// * operators/operator_sdk/osdk-complying-with-psa.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="security-context-constraints-psa-about_{context}"]
+= About pod security admission
+
+{product-title} includes link:https://kubernetes.io/docs/concepts/security/pod-security-admission[Kubernetes pod security admission]. Pods that do not comply with the pod security admission defined globally or at the namespace level are not admitted to the cluster and cannot run.
+
+Globally, the `privileged` profile is enforced, and the `restricted` profile is used for warnings and audits.
+
+You can also configure the pod security admission settings at the namespace level.
+
+include::snippets/default-projects.adoc[]
+
+[id="psa-modes_{context}"]
+== Pod security admission modes
+
+You can configure the following pod security admission modes for a namespace:
+
+.Pod security admission modes
+[cols="1,2,3a",options="header"]
+|===
+|Mode
+|Label
+|Description
+
+|`enforce`
+|`pod-security.kubernetes.io/enforce`
+|Rejects a pod from admission if it does not comply with the set profile
+
+|`audit`
+|`pod-security.kubernetes.io/audit`
+|Logs audit events if a pod does not comply with the set profile
+
+|`warn`
+|`pod-security.kubernetes.io/warn`
+|Displays warnings if a pod does not comply with the set profile
+|===
+
+[id="psa-profiles_{context}"]
+== Pod security admission profiles
+
+You can set each of the pod security admission modes to one of the following profiles:
+
+.Pod security admission profiles
+[cols="1,3a",options="header"]
+|===
+|Profile
+|Description
+
+|`privileged`
+|Least restrictive policy; allows for known privilege escalation
+
+|`baseline`
+|Minimally restrictive policy; prevents known privilege escalations
+
+|`restricted`
+|Most restrictive policy; follows current pod hardening best practices
+|===
+
+[id="psa-privileged-namespaces_{context}"]
+== Privileged namespaces
+
+The following system namespaces are always set to the `privileged` pod security admission profile:
+
+* `default`
+* `kube-public`
+* `kube-system`
+
+You cannot change the pod security profile for these privileged namespaces.
diff --git a/modules/security-context-constraints-psa-alert-eval.adoc b/modules/security-context-constraints-psa-alert-eval.adoc
index c2ffced4d554..0d590405e4d2 100644
--- a/modules/security-context-constraints-psa-alert-eval.adoc
+++ b/modules/security-context-constraints-psa-alert-eval.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/understanding-and-managing-pod-security-admission.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-context-constraints-psa-alert-eval_{context}"]
 = Identifying pod security violations
 
diff --git a/modules/security-context-constraints-psa-label.adoc b/modules/security-context-constraints-psa-label.adoc
new file mode 100644
index 000000000000..1a5fc796363c
--- /dev/null
+++ b/modules/security-context-constraints-psa-label.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * authentication/understanding-and-managing-pod-security-admission.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="security-context-constraints-psa-label_{context}"]
+=  Configuring pod security admission for a namespace
+
+You can configure the pod security admission settings at the namespace level. For each of the pod security admission modes on the namespace, you can set which pod security admission profile to use.
+
+.Procedure
+
+* For each pod security admission mode that you want to set on a namespace, run the following command:
+
++
+[source,terminal]
+----
+$ oc label namespace <namespace> \                <1>
+    pod-security.kubernetes.io/<mode>=<profile> \ <2>
+    --overwrite
+----
+<1> Set `<namespace>` to the namespace to configure.
+<2> Set `<mode>` to `enforce`, `warn`, or `audit`. Set `<profile>` to `restricted`, `baseline`, or `privileged`.
diff --git a/modules/security-context-constraints-psa-opting.adoc b/modules/security-context-constraints-psa-opting.adoc
index 969cafe7b7d8..708fda1a58b4 100644
--- a/modules/security-context-constraints-psa-opting.adoc
+++ b/modules/security-context-constraints-psa-opting.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/understanding-and-managing-pod-security-admission.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-context-constraints-psa-opting_{context}"]
 = Controlling pod security admission synchronization
 
@@ -10,18 +10,11 @@ You can enable or disable automatic pod security admission synchronization for m
 
 [IMPORTANT]
 ====
-Namespaces that are defined as part of the cluster payload have pod security admission synchronization disabled permanently. These namespaces include:
-
-* `default`
-* `kube-node-lease`
-* `kube-system`
-* `kube-public`
-* `openshift`
-* All system-created namespaces that are prefixed with `openshift-`, except for `openshift-operators`
-
-By default, all namespaces that have an `openshift-` prefix are not synchronized. You can enable synchronization for any user-created [x-]`openshift-*` namespaces. You cannot enable synchronization for any system-created [x-]`openshift-*` namespaces, except for `openshift-operators`. 
-
-If an Operator is installed in a user-created `openshift-*` namespace, synchronization is turned on by default after a cluster service version (CSV) is created in the namespace. The synchronized label inherits the permissions of the service accounts in the namespace.
+You cannot enable pod security admission synchronization on 
+ifndef::openshift-dedicated,openshift-rosa[]
+some
+endif::openshift-dedicated,openshift-rosa[]
+system-created namespaces. For more information, see _Pod security admission synchronization namespace exclusions_.
 ====
 
 .Procedure
diff --git a/modules/security-context-constraints-psa-rectifying.adoc b/modules/security-context-constraints-psa-rectifying.adoc
index 44410818a205..0305f3f34570 100644
--- a/modules/security-context-constraints-psa-rectifying.adoc
+++ b/modules/security-context-constraints-psa-rectifying.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/understanding-and-managing-pod-security-admission.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="security-context-constraints-psa-rectifying_{context}"]
 = About pod security admission alerts
 
diff --git a/modules/security-context-constraints-psa-sync-exclusions.adoc b/modules/security-context-constraints-psa-sync-exclusions.adoc
new file mode 100644
index 000000000000..5244d42d93db
--- /dev/null
+++ b/modules/security-context-constraints-psa-sync-exclusions.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * authentication/understanding-and-managing-pod-security-admission.adoc
+// * operators/operator_sdk/osdk-complying-with-psa.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="security-context-constraints-psa-sync-exclusions_{context}"]
+= Pod security admission synchronization namespace exclusions
+
+ifndef::openshift-dedicated,openshift-rosa[]
+Pod security admission synchronization is permanently disabled on most system-created namespaces. Synchronization is also initially disabled on user-created `openshift-*` prefixed namespaces, but you can enable synchronization on them later.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+Pod security admission synchronization is permanently disabled on system-created namespaces and `openshift-*` prefixed namespaces.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
+[IMPORTANT]
+====
+If a pod security admission label (`pod-security.kubernetes.io/<mode>`) is manually modified from the automatically labeled value on a label-synchronized namespace, synchronization is disabled for that label.
+
+If necessary, you can enable synchronization again by using one of the following methods:
+
+* By removing the modified pod security admission label from the namespace
+* By setting the `security.openshift.io/scc.podSecurityLabelSync` label to `true`
++
+If you force synchronization by adding this label, then any modified pod security admission labels will be overwritten.
+====
+
+[discrete]
+== Permanently disabled namespaces
+endif::openshift-dedicated,openshift-rosa[]
+
+Namespaces that are defined as part of the cluster payload have pod security admission synchronization disabled permanently. The following namespaces are permanently disabled:
+
+* `default`
+* `kube-node-lease`
+* `kube-system`
+* `kube-public`
+* `openshift`
+* All system-created namespaces that are prefixed with `openshift-`
+ifndef::openshift-dedicated,openshift-rosa[]
+, except for `openshift-operators`
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
+[discrete]
+== Initially disabled namespaces
+
+By default, all namespaces that have an `openshift-` prefix have pod security admission synchronization disabled initially. You can enable synchronization for user-created [x-]`openshift-*` namespaces and for the `openshift-operators` namespace.
+
+[NOTE]
+====
+You cannot enable synchronization for any system-created [x-]`openshift-*` namespaces, except for `openshift-operators`.
+====
+
+If an Operator is installed in a user-created `openshift-*` namespace, synchronization is enabled automatically after a cluster service version (CSV) is created in the namespace. The synchronized label is derived from the permissions of the service accounts in the namespace.
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/modules/security-context-constraints-psa-synchronization.adoc b/modules/security-context-constraints-psa-synchronization.adoc
index 5a8764751309..a7b19682e5e2 100644
--- a/modules/security-context-constraints-psa-synchronization.adoc
+++ b/modules/security-context-constraints-psa-synchronization.adoc
@@ -3,20 +3,13 @@
 // * authentication/understanding-and-managing-pod-security-admission.adoc
 // * operators/operator_sdk/osdk-complying-with-psa.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="security-context-constraints-psa-synchronization_{context}"]
-= Security context constraint synchronization with pod security standards
+= About pod security admission synchronization
 
-{product-title} includes link:https://kubernetes.io/docs/concepts/security/pod-security-admission[Kubernetes pod security admission]. Globally, the `privileged` profile is enforced, and the `restricted` profile is used for warnings and audits.
+In addition to the global pod security admission control configuration, a controller applies pod security admission control `warn` and `audit` labels to namespaces according to the SCC permissions of the service accounts that are in a given namespace.
 
-In addition to the global pod security admission control configuration, a controller exists that applies pod security admission control `warn` and `audit` labels to namespaces according to the SCC permissions of the service accounts that are in a given namespace.
-
-[IMPORTANT]
-====
-Namespaces that are defined as part of the cluster payload have pod security admission synchronization disabled permanently. You can enable pod security admission synchronization on other namespaces as necessary. If an Operator is installed in a user-created `openshift-*` namespace, synchronization is turned on by default after a cluster service version (CSV) is created in the namespace. 
-====
-
-The controller examines `ServiceAccount` object permissions to use security context constraints in each namespace. Security context constraints (SCCs) are mapped to pod security profiles based on their field values; the controller uses these translated profiles. Pod security admission `warn` and `audit` labels are set to the most privileged pod security profile found in the namespace to prevent warnings and audit logging as pods are created.
+The controller examines `ServiceAccount` object permissions to use security context constraints in each namespace. Security context constraints (SCCs) are mapped to pod security profiles based on their field values; the controller uses these translated profiles. Pod security admission `warn` and `audit` labels are set to the most privileged pod security profile in the namespace to prevent displaying warnings and logging audit events when pods are created.
 
 Namespace labeling is based on consideration of namespace-local service account privileges.
 
diff --git a/modules/security-context-constraints-rbac.adoc b/modules/security-context-constraints-rbac.adoc
index 802436b27b1d..38374aa8fcbb 100644
--- a/modules/security-context-constraints-rbac.adoc
+++ b/modules/security-context-constraints-rbac.adoc
@@ -10,10 +10,7 @@ you to scope access to your SCCs to a certain project or to the entire
 cluster. Assigning users, groups, or service accounts directly to an
 SCC retains cluster-wide scope.
 
-[NOTE]
-====
-You cannot assign a SCC to pods created in one of the default namespaces: `default`, `kube-system`, `kube-public`, `openshift-node`, `openshift-infra`, `openshift`. These namespaces should not be used for running pods or services.
-====
+include::snippets/default-projects.adoc[]
 
 To include access to SCCs for your role, specify the `scc` resource
 when creating a role.
diff --git a/modules/security-context-constraints-requiring.adoc b/modules/security-context-constraints-requiring.adoc
new file mode 100644
index 000000000000..8cc780bf9ffe
--- /dev/null
+++ b/modules/security-context-constraints-requiring.adoc
@@ -0,0 +1,69 @@
+// Module included in the following assemblies:
+//
+// * authentication/managing-security-context-constraints.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="security-context-constraints-requiring_{context}"]
+= Configuring a workload to require a specific SCC
+
+You can configure a workload to require a certain security context constraint (SCC). This is useful in scenarios where you want to pin a specific SCC to the workload or if you want to prevent your required SCC from being preempted by another SCC in the cluster.
+
+To require a specific SCC, set the `openshift.io/required-scc` annotation on your workload. You can set this annotation on any resource that can set a pod manifest template, such as a deployment or daemon set.
+
+The SCC must exist in the cluster and must be applicable to the workload, otherwise pod admission fails. An SCC is considered applicable to the workload if the user creating the pod or the pod's service account has `use` permissions for the SCC in the pod's namespace.
+
+[WARNING]
+====
+Do not change the `openshift.io/required-scc` annotation in the live pod's manifest, because doing so causes the pod admission to fail. To change the required SCC, update the annotation in the underlying pod template, which causes the pod to be deleted and re-created.
+====
+
+.Prerequisites
+
+* The SCC must exist in the cluster.
+
+.Procedure
+
+. Create a YAML file for the deployment and specify a required SCC by setting the `openshift.io/required-scc` annotation:
++
+.Example `deployment.yaml`
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Deployment
+apiVersion: apps/v1
+spec:
+# ...
+  template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: "my-scc" <1>
+# ...
+----
+<1> Specify the name of the SCC to require.
+
+. Create the resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f deployment.yaml
+----
+
+.Verification
+
+* Verify that the deployment used the specified SCC:
+
+.. View the value of the pod's `openshift.io/scc` annotation by running the following command:
++
+[source,terminal]
+----
+$ oc get pod <pod_name> -o jsonpath='{.metadata.annotations.openshift\.io\/scc}{"\n"}' <1>
+----
+<1> Replace `<pod_name>` with the name of your deployment pod.
+
+.. Examine the output and confirm that the displayed SCC matches the SCC that you defined in the deployment:
++
+.Example output
+[source,terminal]
+----
+my-scc
+----
diff --git a/modules/security-deploy-secrets.adoc b/modules/security-deploy-secrets.adoc
index 0e40af628d10..ed5a11465188 100644
--- a/modules/security-deploy-secrets.adoc
+++ b/modules/security-deploy-secrets.adoc
@@ -2,7 +2,7 @@
 //
 // * security/container_security/security-deploy.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-deploy-secrets_{context}"]
 = Creating secrets and config maps
 
diff --git a/modules/security-hosts-vms-openshift.adoc b/modules/security-hosts-vms-openshift.adoc
index 5b2d585b2bc0..da34b450234a 100644
--- a/modules/security-hosts-vms-openshift.adoc
+++ b/modules/security-hosts-vms-openshift.adoc
@@ -9,11 +9,11 @@ installer-provisioned infrastructure (there are several available platforms)
 or your own user-provisioned infrastructure.
 ifndef::openshift-origin[]
 Some low-level security-related configuration, such as enabling FIPS
-compliance or adding kernel modules required at first boot, might 
+mode or adding kernel modules required at first boot, might 
 benefit from a user-provisioned infrastructure.
 endif::[]
 ifdef::openshift-origin[]
-Some low-level security-related configuration, such as adding kernel modules required at first boot, might 
+Some low-level security-related configuration, such as adding kernel modules required at first boot, might
 benefit from a user-provisioned infrastructure.
 endif::[]
 Likewise, user-provisioned infrastructure is appropriate for disconnected {product-title} deployments.
diff --git a/modules/security-monitoring-cluster-logging.adoc b/modules/security-monitoring-cluster-logging.adoc
index 34ba8d177662..eb96cfd84fad 100644
--- a/modules/security-monitoring-cluster-logging.adoc
+++ b/modules/security-monitoring-cluster-logging.adoc
@@ -5,14 +5,9 @@
 [id="security-monitoring-cluster-logging_{context}"]
 = Logging
 
-Using the `oc log` command, you can view container logs, build configs and
-deployments in real time. Different can users have access different
-access to logs:
+Using the `oc log` command, you can view container logs, build configs and deployments in real time. Different can users have access different access to logs:
 
 * Users who have access to a project are able to see the logs for that project by default.
 * Users with admin roles can access all container logs.
 
-To save your logs for further audit and analysis, you can enable the `cluster-logging` add-on
-feature to collect, manage, and view system, container, and audit logs.
-You can deploy, manage, and upgrade OpenShift Logging through the OpenShift Elasticsearch Operator
-and Red Hat OpenShift Logging Operator.
+To save your logs for further audit and analysis, you can enable the `cluster-logging` add-on feature to collect, manage, and view system, container, and audit logs. You can deploy, manage, and upgrade OpenShift Logging through the {es-op} and {clo}.
diff --git a/modules/security-osp-validating-certificates-manually.adoc b/modules/security-osp-validating-certificates-manually.adoc
index f152660b77dc..346ab77d9062 100644
--- a/modules/security-osp-validating-certificates-manually.adoc
+++ b/modules/security-osp-validating-certificates-manually.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/preparing-to-install-on-openstack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-osp-validating-certificates-manually_{context}"]
 = Scanning {rh-openstack} endpoints for legacy HTTPS certificates manually
 
@@ -20,14 +20,14 @@ Beginning with {product-title} 4.10, HTTPS certificates must contain subject alt
 [source,terminal]
 ----
 $ openstack catalog list
----- 
+----
 +
 Record the URL for each HTTPS endpoint that the command returns.
-. For each public endpoint, note the host and the port. 
+. For each public endpoint, note the host and the port.
 +
 [TIP]
 ====
-Determine the host of an endpoint by removing the scheme, the port, and the path. 
+Determine the host of an endpoint by removing the scheme, the port, and the path.
 ====
 
 . For each endpoint, run the following commands to extract the SAN field of the certificate:
diff --git a/modules/security-osp-validating-certificates.adoc b/modules/security-osp-validating-certificates.adoc
index e38a59761ebc..09a9ebdf3e8c 100644
--- a/modules/security-osp-validating-certificates.adoc
+++ b/modules/security-osp-validating-certificates.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_openstack/preparing-to-install-on-openstack.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-osp-validating-certificates_{context}"]
 = Scanning {rh-openstack} endpoints for legacy HTTPS certificates
 
@@ -24,7 +24,7 @@ Beginning with {product-title} 4.10, HTTPS certificates must contain subject alt
 
 .Procedure
 
-. Save the following script to your machine: 
+. Save the following script to your machine:
 +
 [%collapsible]
 ====
@@ -54,7 +54,7 @@ while read -r name interface url; do
 
 	# Remove the schema from the URL
 	noschema=${url#"https://"}
-	
+
 	# If the schema was not HTTPS, error
 	if [[ "$noschema" == "$url" ]]; then
 		echo "ERROR (unknown schema): $name $interface $url"
diff --git a/modules/security-platform-authentication.adoc b/modules/security-platform-authentication.adoc
index c8541d259e48..efd74c85d105 100644
--- a/modules/security-platform-authentication.adoc
+++ b/modules/security-platform-authentication.adoc
@@ -16,7 +16,7 @@ API.
 As an administrator, you can configure OAuth to authenticate using an _identity
 provider_, such as LDAP, GitHub, or Google. The 
 identity provider is used by default for new {product-title} deployments, but
-you can configure this at initial installation time or post-installation. 
+you can configure this at initial installation time or postinstallation.
 
 [id="security-platform-api-access-control_{context}"]
 == API access control and management
diff --git a/modules/security-pod-scan-cso-using.adoc b/modules/security-pod-scan-cso-using.adoc
new file mode 100644
index 000000000000..caa01a70638a
--- /dev/null
+++ b/modules/security-pod-scan-cso-using.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * security/pod-vulnerabilities-scan.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="security-pod-scan-cso-using_{context}"]
+= Using the {rhq-cso}
+
+The following procedure shows you how to use the {rhq-cso}.
+
+.Prerequisites
+
+* You have installed the {rhq-cso}.
+
+.Procedure
+
+. On the {product-title} web console, navigate to *Home* -> *Overview*. Under the *Status* section, *Quay Image Security* provides the number of vulnerabilities found.
+
+. Click *Quay Image Security* to reveal the *Quay Image Security breakdown*, which details the severity of the vulnerabilities, whether the vulnerabilities can be fixed, and the total number of vulnerabilities. For example:
++
+image:image_security.png[Access image scanning data from {product-title} dashboard]
+
+. You can address detected vulnerabilities in one of two ways:
++
+.. Select the link to the vulnerability. This takes you to the container registry that the container came from, where you can see information about the vulnerability. The following example shows detected vulnerabilities from a Quay.io registry:
++
+image:cso-registry-vulnerable.png[The {rhq-cso} points you to a registry containing the vulnerable image]
+
+.. Select the *namespace* link. This takes you to the *ImageManifestVuln* page, where you can see the name of the selected image and all of the namespaces where that image is running. For example, the following image shows you that a particular vulnerable image is running in the `quay-enterprise` namespace:
++
+image:cso-namespace-vulnerable.png[View namespaces a vulnerable image is running in]
+
+. After you have learned what images are vulnerable, how to fix those vulnerabilities, and the namespaces that the images are being run in, you can improve security by performing the following actions:
+
+.. Alert anyone in your organization who is running the image and request that they correct the vulnerability.
+
+.. Stop the images from running by deleting the deployment or other object that started the pod that the image is in.
++
+[NOTE]
+====
+If you delete the pod, it might take several minutes for the vulnerability information to reset on the dashboard.
+====
\ No newline at end of file
diff --git a/modules/security-pod-scan-cso.adoc b/modules/security-pod-scan-cso.adoc
index 339a745be344..c8b6f0450982 100644
--- a/modules/security-pod-scan-cso.adoc
+++ b/modules/security-pod-scan-cso.adoc
@@ -1,72 +1,90 @@
 // Module included in the following assemblies:
 //
-// * security/pod-vulnerabilities-scan.adoc
+// * security/pod-vulnerability-scan.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-pod-scan-cso_{context}"]
-= Running the {rhq-cso}
+= Installing the {rhq-cso}
 
-You can start the {rhq-cso} from the {product-title}
-web console by selecting and installing that Operator from the Operator Hub,
-as described here.
+You can install the {rhq-cso} from the {product-title} web console Operator Hub, or by using the CLI.
 
 .Prerequisites
 
-* Have administrator privileges to the {product-title} cluster
-* Have containers that come from a Red Hat Quay or Quay.io registry running on your cluster
+* You have installed the `oc` CLI.
+* You have administrator privileges to the {product-title} cluster.
+* You have containers that come from a Red Hat Quay or Quay.io registry running on your cluster.
 
 .Procedure
 
-. Navigate to *Operators* -> *OperatorHub* and select *Security*.
+. You can install the {rhq-cso} by using the {product-title} web console:
 
-. Select the *Container Security* Operator, then select *Install*
-to go to the Create Operator Subscription page.
+.. On the web console, navigate to *Operators* -> *OperatorHub* and select *Security*.
 
-. Check the settings. All namespaces and automatic approval strategy are selected, by default.
+.. Select the *{rhq-cso}* Operator, and then select *Install*.
 
-. Select *Install*. The *Container Security* Operator appears after a few moments on the *Installed Operators* screen.
+.. On the *{rhq-cso}* page, select *Install*. *Update channel*, *Installation mode*, and *Update approval* are selected automatically. The *Installed Namespace* field defaults to `openshift-operators`. You can adjust these settings as needed.
 
-. Optional: You can add custom certificates to the {rhq-cso}. In this example, create a certificate
-named `quay.crt` in the current directory. Then run the following command to add the cert to the {rhq-cso}:
+.. Select *Install*. The *{rhq-cso}* appears after a few moments on the *Installed Operators* page.
+
+.. Optional: You can add custom certificates to the {rhq-cso}. For example, create a certificate named `quay.crt` in the current directory. Then, run the following command to add the custom certificate to the {rhq-cso}:
 +
 [source,terminal]
 ----
 $ oc create secret generic container-security-operator-extra-certs --from-file=quay.crt -n openshift-operators
 ----
 
-. If you added a custom certificate, restart the Operator pod for the new certs to take effect.
+.. Optional: If you added a custom certificate, restart the {rhq-cso} pod for the new certificates to take effect.
 
-. Open the OpenShift Dashboard (`Home` -> `Overview`). A link to
-*Quay Image Security* appears under the status section, with a listing of the number
-of vulnerabilities found so far. Select the link to see a *Quay Image Security breakdown*, as shown in the following figure:
-+
-image:image_security.png[Access image scanning data from {product-title} dashboard]
+. Alternatively, you can install the {rhq-cso} by using the CLI:
 
-. You can do one of two things at this point to follow up on any detected vulnerabilities:
-+
-*  Select the link to the vulnerability. You are taken to the container
-registry that the container came
-from, where you can see information about the vulnerability. The following
-figure shows an example of detected vulnerabilities from a Quay.io registry:
+.. Retrieve the latest version of the Container Security Operator and its channel by entering the following command:
 +
-image:cso-registry-vulnerable.png[The {rhq-cso} points you to a registry containing the vulnerable image]
+[source,terminal]
+----
+$ oc get packagemanifests container-security-operator \
+  -o jsonpath='{range .status.channels[*]}{@.currentCSV} {@.name}{"\n"}{end}' \
+  | awk '{print "STARTING_CSV=" $1 " CHANNEL=" $2 }' \
+  | sort -nr \
+  | head -1
+----
 +
-* Select the namespaces link to go to the *ImageManifestVuln* screen,
-where you can see the name of the selected image
-and all namespaces where that image is running.
-The following figure indicates that a particular vulnerable image
-is running in the `quay-enterprise` namespace:
+.Example output
 +
-image:cso-namespace-vulnerable.png[View namespaces a vulnerable image is running in]
-
-At this point, you know what images are vulnerable, what
-you need to do to fix those vulnerabilities,
-and every namespace that the image was run in. So you can:
+[source,terminal]
+----
+STARTING_CSV=container-security-operator.v3.8.9 CHANNEL=stable-3.8
+----
 
-* Alert anyone running the image that
-they need to correct the vulnerability
-* Stop the images from running by deleting the deployment
-or other object that started the pod that the image is in
+.. Using the output from the previous command, create a `Subscription` custom resource for the {rhq-cso} and save it as `container-security-operator.yaml`. For example:
++
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: container-security-operator
+  namespace: openshift-operators
+spec:
+  channel: ${CHANNEL} <1>
+  installPlanApproval: Automatic
+  name: container-security-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: ${STARTING_CSV} <2>
+----
+<1> Specify the value you obtained in the previous step for the `spec.channel` parameter.
+<2> Specify the value you obtained in the previous step for the `spec.startingCSV` parameter.
 
-Note that if you do delete the pod, it may take several minutes
-for the vulnerability to reset on the dashboard.
+.. Enter the following command to apply the configuration:
++
+[source,terminal]
+----
+$ oc apply -f container-security-operator.yaml
+----
++
+.Example output
++
+[source,terminal]
+----
+subscription.operators.coreos.com/container-security-operator created
+----
\ No newline at end of file
diff --git a/modules/security-pod-scan-query-cli.adoc b/modules/security-pod-scan-query-cli.adoc
index c62a7d7a4d6b..60d366b0f721 100644
--- a/modules/security-pod-scan-query-cli.adoc
+++ b/modules/security-pod-scan-query-cli.adoc
@@ -1,20 +1,20 @@
 // Module included in the following assemblies:
 //
-// * security/pod-vulnerabilities-scan.adoc
+// * security/pod-vulnerability-scan.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="security-pod-scan-query-cli_{context}"]
 = Querying image vulnerabilities from the CLI
-Using the `oc` command, you can display information about
-vulnerabilities detected by the {rhq-cso}.
+
+Using the `oc` command, you can display information about vulnerabilities detected by the {rhq-cso}.
 
 .Prerequisites
-* Be running the {rhq-cso} on your
-{product-title} instance
+
+* You have installed the {rhq-cso} on your {product-title} instance.
 
 .Procedure
 
-* To query for detected container image vulnerabilities, type:
+. Enter the following command to query for detected container image vulnerabilities:
 +
 [source,terminal]
 ----
@@ -29,9 +29,7 @@ default       sha256.ca90...    6m56s
 skynet        sha256.ca90...    9m37s
 ----
 
-* To display details for a particular vulnerability, provide the
-vulnerability name and its namespace to the `oc describe` command.
-This example shows an active container whose image includes an RPM package with a vulnerability:
+. To display details for a particular vulnerability, append the vulnerability name and its namespace to the `oc describe` command. The following example shows an active container whose image includes an RPM package with a vulnerability:
 +
 [source,terminal]
 ----
diff --git a/modules/security-registries-quay.adoc b/modules/security-registries-quay.adoc
index ae19cfddf4ee..477dc78f7e30 100644
--- a/modules/security-registries-quay.adoc
+++ b/modules/security-registries-quay.adoc
@@ -21,10 +21,9 @@ other registries for security reasons, such hosting a public repository
 on Red Hat Quay behind a company firewall, or for performance reasons, to
 keep registries closer to where they are used.
 
-* *Action log storage*: Save Red Hat Quay logging output to link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#proc_manage-log-storage[Elasticsearch storage]
-to allow for later search and analysis.
+* *Action log storage*: Save Red Hat Quay logging output to link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#proc_manage-log-storage[Elasticsearch storage or Splunk] to allow for later search and analysis.
 
-* *link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#quay-security-scanner[Clair security scanning]*: Scan images against a variety of Linux
+* *link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/vulnerability_reporting_with_clair_on_red_hat_quay/index[Clair]*: Scan images against a variety of Linux
 vulnerability databases, based on the origins of each container image.
 
 * *Internal authentication*: Use the default local database to handle RBAC
@@ -40,8 +39,8 @@ client passwords, or prefix username autocompletion.
 
 Ongoing integration of Red Hat Quay with {product-title} continues,
 with several {product-title} Operators of particular interest.
-The link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#quay-bridge-operator[Quay Bridge Operator]
+The link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_operator_features/index#quay-bridge-operator[Quay Bridge Operator]
 lets you replace the internal {product-registry} with Red Hat Quay.
-The link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#container-security-operator-setup[{rhq-cso}]
+The link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/red_hat_quay_operator_features/index#container-security-operator-setup[{rhq-cso}]
 lets you check vulnerabilities of images running in {product-title} that were
 pulled from Red Hat Quay registries.
diff --git a/modules/selecting-cluster-capabilities.adoc b/modules/selecting-cluster-capabilities.adoc
index 1ccd9f43e033..ce80703573e2 100644
--- a/modules/selecting-cluster-capabilities.adoc
+++ b/modules/selecting-cluster-capabilities.adoc
@@ -2,12 +2,19 @@
 //
 // * installing/cluster-capabilities.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="selecting-cluster-capabilities_{context}"]
 = Selecting cluster capabilities
 You can select cluster capabilities by following one of the installation methods that include customizing your cluster, such as "Installing a cluster on AWS with customizations" or "Installing a cluster on GCP with customizations".
 
-During a customized installation, you create an `install-config.yaml` file that contains the configuration parameters for your cluster. You can use the following configuration parameters to select cluster capabilities:
+During a customized installation, you create an `install-config.yaml` file that contains the configuration parameters for your cluster.
+
+[NOTE]
+====
+If you customize your cluster by enabling or disabling specific cluster capabilities, you are responsible for manually maintaining your `install-config.yaml` file. New {product-title} updates might declare new capability handles for existing components, or introduce new components altogether. Users who customize their `install-config.yaml` file should consider periodically updating their `install-config.yaml` file as {product-title} is updated.
+====
+
+You can use the following configuration parameters to select cluster capabilities:
 
 [source,yaml]
 ----
@@ -22,8 +29,8 @@ capabilities:
 +
 [NOTE]
 ====
-`v4.x` refers to any value up to and including the current cluster version. 
-For example, valid values for a {product-title} 4.12 cluster are `v4.11` and `v4.12`. 
+`v4.x` refers to any value up to and including the current cluster version.
+For example, valid values for a {product-title} 4.12 cluster are `v4.11` and `v4.12`.
 ====
 <2> Defines a list of capabilities to explicitly enable. These will be enabled in addition to the capabilities specified in `baselineCapabilitySet`.
 +
diff --git a/modules/serverless-about-collecting-data.adoc b/modules/serverless-about-collecting-data.adoc
index 5176860e93ae..a8180936c560 100644
--- a/modules/serverless-about-collecting-data.adoc
+++ b/modules/serverless-about-collecting-data.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-about-collecting-data_{context}"]
 = About collecting {ServerlessProductName} data
 
diff --git a/modules/serverless-activator-metrics.adoc b/modules/serverless-activator-metrics.adoc
index 4f84b0f19028..559659c9dc98 100644
--- a/modules/serverless-activator-metrics.adoc
+++ b/modules/serverless-activator-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/observability/admin-metrics/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-activator-metrics_{context}"]
 = Activator metrics
 
diff --git a/modules/serverless-admin-init-containers.adoc b/modules/serverless-admin-init-containers.adoc
index 6b0ca088dcea..e1e894d8ca51 100644
--- a/modules/serverless-admin-init-containers.adoc
+++ b/modules/serverless-admin-init-containers.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-admin-init-containers_{context}"]
 = Enabling init containers
 
diff --git a/modules/serverless-api-versions.adoc b/modules/serverless-api-versions.adoc
index 90c763a7c636..177c72c087be 100644
--- a/modules/serverless-api-versions.adoc
+++ b/modules/serverless-api-versions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-release-notes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-api-versions_{context}"]
 = About API versions
 
diff --git a/modules/serverless-autoscaler-metrics.adoc b/modules/serverless-autoscaler-metrics.adoc
index a4dc710796d1..63c017e1a16a 100644
--- a/modules/serverless-autoscaler-metrics.adoc
+++ b/modules/serverless-autoscaler-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/observability/admin-metrics/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-autoscaler-metrics_{context}"]
 = Autoscaler metrics
 
diff --git a/modules/serverless-autoscaling-developer-maxscale.adoc b/modules/serverless-autoscaling-developer-maxscale.adoc
index ac62ef5d2120..b693d2f63e0c 100644
--- a/modules/serverless-autoscaling-developer-maxscale.adoc
+++ b/modules/serverless-autoscaling-developer-maxscale.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-autoscaling-developer-maxscale_{context}"]
 = Maximum scale bounds
 
diff --git a/modules/serverless-autoscaling-developer-minscale.adoc b/modules/serverless-autoscaling-developer-minscale.adoc
index a78988892d29..3e445915f7a4 100644
--- a/modules/serverless-autoscaling-developer-minscale.adoc
+++ b/modules/serverless-autoscaling-developer-minscale.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-autoscaling-developer-minscale_{context}"]
 = Minimum scale bounds
 
diff --git a/modules/serverless-autoscaling-maxscale-kn.adoc b/modules/serverless-autoscaling-maxscale-kn.adoc
index d1bf2a82aaf4..5deb3cf013c9 100644
--- a/modules/serverless-autoscaling-maxscale-kn.adoc
+++ b/modules/serverless-autoscaling-maxscale-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-autoscaling-maxscale-kn_{context}"]
 = Setting the max-scale annotation by using the Knative CLI
 
diff --git a/modules/serverless-autoscaling-minscale-kn.adoc b/modules/serverless-autoscaling-minscale-kn.adoc
index 41e7ddb3c26b..3fda90a2269b 100644
--- a/modules/serverless-autoscaling-minscale-kn.adoc
+++ b/modules/serverless-autoscaling-minscale-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-autoscaling-minscale-kn_{context}"]
 = Setting the min-scale annotation by using the Knative CLI
 
diff --git a/modules/serverless-blue-green-deploy.adoc b/modules/serverless-blue-green-deploy.adoc
index e895222c7d31..57d752323510 100644
--- a/modules/serverless-blue-green-deploy.adoc
+++ b/modules/serverless-blue-green-deploy.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-traffic-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-blue-green-deploy_{context}"]
 = Routing and managing traffic by using a blue-green deployment strategy
 
diff --git a/modules/serverless-broker-filter-metrics.adoc b/modules/serverless-broker-filter-metrics.adoc
index 9c325cef0e7c..65fab889993e 100644
--- a/modules/serverless-broker-filter-metrics.adoc
+++ b/modules/serverless-broker-filter-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/observability/admin-metrics/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-broker-filter-metrics_{context}"]
 = Broker filter metrics
 
diff --git a/modules/serverless-broker-ingress-metrics.adoc b/modules/serverless-broker-ingress-metrics.adoc
index ae7801cb2887..7abbb9485eaf 100644
--- a/modules/serverless-broker-ingress-metrics.adoc
+++ b/modules/serverless-broker-ingress-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/observability/admin-metrics/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-broker-ingress-metrics_{context}"]
 = Broker ingress metrics
 
diff --git a/modules/serverless-build-events-kn.adoc b/modules/serverless-build-events-kn.adoc
index e1ce6feb82f1..f2662a105c0c 100644
--- a/modules/serverless-build-events-kn.adoc
+++ b/modules/serverless-build-events-kn.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-build-events-kn_{context}"]
 = Building events by using the kn-event plugin
 
diff --git a/modules/serverless-build-func-kn.adoc b/modules/serverless-build-func-kn.adoc
index 7aea0b615adc..8a62a36c30af 100644
--- a/modules/serverless-build-func-kn.adoc
+++ b/modules/serverless-build-func-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-getting-started.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-build-func-kn_{context}"]
 = Building functions
 
diff --git a/modules/serverless-channel-default.adoc b/modules/serverless-channel-default.adoc
index 06eca79e6ca6..3a2ebb9cb339 100644
--- a/modules/serverless-channel-default.adoc
+++ b/modules/serverless-channel-default.adoc
@@ -2,7 +2,7 @@
 //
 //  * serverless/eventing/channels/serverless-channel-default.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-channel-default_{context}"]
 = Configuring the default channel implementation
 
diff --git a/modules/serverless-cluster-sizing-req-additional.adoc b/modules/serverless-cluster-sizing-req-additional.adoc
index 817ae9e4d5c7..464d8715ac08 100644
--- a/modules/serverless-cluster-sizing-req-additional.adoc
+++ b/modules/serverless-cluster-sizing-req-additional.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/install/install-serverless-operator.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-cluster-sizing-req-additional_{context}"]
 = Additional requirements for advanced use-cases
 
diff --git a/modules/serverless-cluster-sizing-req.adoc b/modules/serverless-cluster-sizing-req.adoc
index 1dc9045d9aaf..b34a7d769f47 100644
--- a/modules/serverless-cluster-sizing-req.adoc
+++ b/modules/serverless-cluster-sizing-req.adoc
@@ -2,11 +2,11 @@
 //
 // * /serverless/install/preparing-serverless-install.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-cluster-sizing-req_{context}"]
 = Defining cluster size requirements
 
-To install and use {ServerlessProductName}, the {product-title} cluster must be sized correctly. 
+To install and use {ServerlessProductName}, the {product-title} cluster must be sized correctly.
 
 [NOTE]
 ====
diff --git a/modules/serverless-concurrency-limits-configure-hard.adoc b/modules/serverless-concurrency-limits-configure-hard.adoc
index 1fd7e0e6b91f..b2bbad19420e 100644
--- a/modules/serverless-concurrency-limits-configure-hard.adoc
+++ b/modules/serverless-concurrency-limits-configure-hard.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-concurrency-limits-configure-hard_{context}"]
 = Configuring a hard concurrency limit
 
diff --git a/modules/serverless-concurrency-limits-configure-soft.adoc b/modules/serverless-concurrency-limits-configure-soft.adoc
index 22f2dc4ae2df..3c1854026b0d 100644
--- a/modules/serverless-concurrency-limits-configure-soft.adoc
+++ b/modules/serverless-concurrency-limits-configure-soft.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-concurrency-limits-configure-soft_{context}"]
 = Configuring a soft concurrency target
 
diff --git a/modules/serverless-config-emptydir.adoc b/modules/serverless-config-emptydir.adoc
index cc461b79ba5d..69840fe73c96 100644
--- a/modules/serverless-config-emptydir.adoc
+++ b/modules/serverless-config-emptydir.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-applications/serverless-configuration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-config-emptydir_{context}"]
 = Configuring the EmptyDir extension
 // should probably be a procedure doc, but this is out of scope for the abstracts PR
diff --git a/modules/serverless-config-replicas-eventing.adoc b/modules/serverless-config-replicas-eventing.adoc
index f5eefbc83282..717bc4a6718c 100644
--- a/modules/serverless-config-replicas-eventing.adoc
+++ b/modules/serverless-config-replicas-eventing.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/tuning/serverless-ha.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-config-replicas-eventing_{context}"]
 = Configuring high availability replicas for Knative Eventing
 
diff --git a/modules/serverless-config-replicas-kafka.adoc b/modules/serverless-config-replicas-kafka.adoc
index c80c07f313d6..4182a2441678 100644
--- a/modules/serverless-config-replicas-kafka.adoc
+++ b/modules/serverless-config-replicas-kafka.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/tuning/serverless-ha.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-config-replicas-kafka_{context}"]
 = Configuring high availability replicas for the Knative broker implementation for Apache Kafka
 
diff --git a/modules/serverless-config-replicas-serving.adoc b/modules/serverless-config-replicas-serving.adoc
index deb865dd1484..e5e9b77a6145 100644
--- a/modules/serverless-config-replicas-serving.adoc
+++ b/modules/serverless-config-replicas-serving.adoc
@@ -3,7 +3,7 @@
 // * /serverless/knative-serving/config-ha-services/ha-replicas-serving.adoc
 // * /serverless/eventing/tuning/serverless-ha.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-config-replicas-serving_{context}"]
 = Configuring high availability replicas for Knative Serving
 
diff --git a/modules/serverless-configuring-event-delivery-examples.adoc b/modules/serverless-configuring-event-delivery-examples.adoc
index 3b56e35f396c..a10d6fca13cd 100644
--- a/modules/serverless-configuring-event-delivery-examples.adoc
+++ b/modules/serverless-configuring-event-delivery-examples.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-event-delivery.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-configuring-event-delivery-examples_{context}"]
 = Examples of configuring event delivery parameters
 
diff --git a/modules/serverless-configuring-multi-container-service.adoc b/modules/serverless-configuring-multi-container-service.adoc
index ffda5cbd9440..cfc7f2163aa6 100644
--- a/modules/serverless-configuring-multi-container-service.adoc
+++ b/modules/serverless-configuring-multi-container-service.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-applications/multi-container-support-for-serving.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-configuring-multi-container-service_{context}"]
 = Configuring a multi-container service
 
diff --git a/modules/serverless-connect-func-source-odc.adoc b/modules/serverless-connect-func-source-odc.adoc
index d44adc000fc2..3131e99250e3 100644
--- a/modules/serverless-connect-func-source-odc.adoc
+++ b/modules/serverless-connect-func-source-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-connect-func-source-odc_{context}"]
 = Connect an event source to a function using the Developer perspective
 
diff --git a/modules/serverless-connect-sink-source-odc.adoc b/modules/serverless-connect-sink-source-odc.adoc
index 1c18d615d2b7..f0eb59168ed4 100644
--- a/modules/serverless-connect-sink-source-odc.adoc
+++ b/modules/serverless-connect-sink-source-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/event-sources/serverless-sink-source-odc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-connect-sink-source-odc_{context}"]
 = Connect an event source to a sink using the Developer perspective
 
diff --git a/modules/serverless-containersource-guidelines.adoc b/modules/serverless-containersource-guidelines.adoc
index e7199af1389d..90d3da2eec2e 100644
--- a/modules/serverless-containersource-guidelines.adoc
+++ b/modules/serverless-containersource-guidelines.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-containersource-guidelines_{context}"]
 = Guidelines for creating a container image
 
diff --git a/modules/serverless-containersource-reference.adoc b/modules/serverless-containersource-reference.adoc
index 05a0177959db..5dad8802a5b9 100644
--- a/modules/serverless-containersource-reference.adoc
+++ b/modules/serverless-containersource-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-containersource-reference_{context}"]
 = Container source reference
 
diff --git a/modules/serverless-cost-management-labels.adoc b/modules/serverless-cost-management-labels.adoc
index 2ff2bd68de35..2e514cdef7d5 100644
--- a/modules/serverless-cost-management-labels.adoc
+++ b/modules/serverless-cost-management-labels.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/integrations/serverless-cost-management-integration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-cost-management-labels_{context}"]
 = Using labels for cost management queries
 
diff --git a/modules/serverless-create-broker-kn.adoc b/modules/serverless-create-broker-kn.adoc
index cf5fad5d29cd..3e4efb6f48f2 100644
--- a/modules/serverless-create-broker-kn.adoc
+++ b/modules/serverless-create-broker-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-broker-kn_{context}"]
 = Creating a broker by using the Knative CLI
 
diff --git a/modules/serverless-create-channel-kn.adoc b/modules/serverless-create-channel-kn.adoc
index c1562cd7ad5c..887165bbcc10 100644
--- a/modules/serverless-create-channel-kn.adoc
+++ b/modules/serverless-create-channel-kn.adoc
@@ -2,7 +2,7 @@
 //
 //  * /serverless/develop/serverless-creating-channels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-channel-kn_{context}"]
 = Creating a channel by using the Knative CLI
 
diff --git a/modules/serverless-create-channel-odc.adoc b/modules/serverless-create-channel-odc.adoc
index 289946c4a9ff..7301ec4aa375 100644
--- a/modules/serverless-create-channel-odc.adoc
+++ b/modules/serverless-create-channel-odc.adoc
@@ -2,7 +2,7 @@
 //
 //  * /serverless/develop/serverless-creating-channels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-channel-odc_{context}"]
 = Creating a channel by using the Developer perspective
 
diff --git a/modules/serverless-create-default-channel-yaml.adoc b/modules/serverless-create-default-channel-yaml.adoc
index 976bc006d7df..3a6a125151ea 100644
--- a/modules/serverless-create-default-channel-yaml.adoc
+++ b/modules/serverless-create-default-channel-yaml.adoc
@@ -2,7 +2,7 @@
 //
 //  * /serverless/develop/serverless-creating-channels.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-default-channel-yaml_{context}"]
 = Creating a default implementation channel by using YAML
 
diff --git a/modules/serverless-create-domain-mapping-kn.adoc b/modules/serverless-create-domain-mapping-kn.adoc
index 0036a67fec8c..772345802394 100644
--- a/modules/serverless-create-domain-mapping-kn.adoc
+++ b/modules/serverless-create-domain-mapping-kn.adoc
@@ -3,7 +3,7 @@
 // * serverless/security/serverless-custom-domains.adoc
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-domain-mapping-kn_{context}"]
 = Creating a custom domain mapping by using the Knative CLI
 
diff --git a/modules/serverless-create-domain-mapping.adoc b/modules/serverless-create-domain-mapping.adoc
index eb532da9b4d8..fb3d13d19dde 100644
--- a/modules/serverless-create-domain-mapping.adoc
+++ b/modules/serverless-create-domain-mapping.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-custom-domains/create-domain-mapping.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-domain-mapping_{context}"]
 = Creating a custom domain mapping
 
diff --git a/modules/serverless-create-func-kn.adoc b/modules/serverless-create-func-kn.adoc
index c374f4bab853..b27f727df42e 100644
--- a/modules/serverless-create-func-kn.adoc
+++ b/modules/serverless-create-func-kn.adoc
@@ -3,7 +3,7 @@
 // * serverless/functions/serverless-functions-getting-started.adoc
 // * serverless/reference/kn-func-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-func-kn_{context}"]
 = Creating functions
 
diff --git a/modules/serverless-create-kafka-channel-yaml.adoc b/modules/serverless-create-kafka-channel-yaml.adoc
index e5f529185c6b..bb6408a47ba2 100644
--- a/modules/serverless-create-kafka-channel-yaml.adoc
+++ b/modules/serverless-create-kafka-channel-yaml.adoc
@@ -3,7 +3,7 @@
 //  * serverless/develop/serverless-creating-channels.adoc
 //  * serverless/develop/serverless-kafka-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-kafka-channel-yaml_{context}"]
 = Creating a channel for Apache Kafka by using YAML
 
diff --git a/modules/serverless-create-kafka-namespaced-broker.adoc b/modules/serverless-create-kafka-namespaced-broker.adoc
index 1f8a7df019d0..ddfa0ef3e98d 100644
--- a/modules/serverless-create-kafka-namespaced-broker.adoc
+++ b/modules/serverless-create-kafka-namespaced-broker.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/brokers/kafka-broker.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-kafka-namespaced-broker-{context}"]
 = Creating a Knative broker for Apache Kafka that uses an isolated data plane
 
diff --git a/modules/serverless-create-kn-trigger.adoc b/modules/serverless-create-kn-trigger.adoc
index 1f3376d8513d..36a2b36e3831 100644
--- a/modules/serverless-create-kn-trigger.adoc
+++ b/modules/serverless-create-kn-trigger.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/triggers/create-trigger-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-kn-trigger_{context}"]
 = Creating a trigger by using the Knative CLI
 
diff --git a/modules/serverless-create-traffic-split-kn.adoc b/modules/serverless-create-traffic-split-kn.adoc
index 960fbb8d0b01..3ebdc9ad19b1 100644
--- a/modules/serverless-create-traffic-split-kn.adoc
+++ b/modules/serverless-create-traffic-split-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-traffic-management.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-traffic-split-kn_{context}"]
 = Creating a traffic split by using the Knative CLI
 
diff --git a/modules/serverless-create-trigger-odc.adoc b/modules/serverless-create-trigger-odc.adoc
index 6f06b5511a33..0a5d55318dc6 100644
--- a/modules/serverless-create-trigger-odc.adoc
+++ b/modules/serverless-create-trigger-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/triggers/create-trigger-odc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-create-trigger-odc_{context}"]
 = Creating a trigger by using the Developer perspective
 
diff --git a/modules/serverless-creating-a-broker-odc.adoc b/modules/serverless-creating-a-broker-odc.adoc
index e87caed02c1f..05084fdaeaaf 100644
--- a/modules/serverless-creating-a-broker-odc.adoc
+++ b/modules/serverless-creating-a-broker-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-pingsource.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-a-broker-odc_{context}"]
 = Creating a broker by using the web console
 
diff --git a/modules/serverless-creating-a-kafka-event-sink.adoc b/modules/serverless-creating-a-kafka-event-sink.adoc
index a63401c9af0f..bb92d96f313b 100644
--- a/modules/serverless-creating-a-kafka-event-sink.adoc
+++ b/modules/serverless-creating-a-kafka-event-sink.adoc
@@ -2,14 +2,14 @@
 //
 // * serverless/eventing/event-sinks/serverless-kafka-developer-sink.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-a-kafka-event-sink_{context}"]
 = Creating an event sink for Apache Kafka by using the {product-title} web console
 
 You can create a Kafka sink that sends events to a Kafka topic by using the *Developer* perspective in the {product-title} web console. By default, a Kafka sink uses the binary content mode, which is more efficient than the structured mode.
 
 
-As a developer, you can create an event sink to receive events from a particular source and send them to a Kafka topic. 
+As a developer, you can create an event sink to receive events from a particular source and send them to a Kafka topic.
 
 .Prerequisites
 
@@ -22,13 +22,13 @@ As a developer, you can create an event sink to receive events from a particular
 . Click *Event Sink* in the *Eventing catalog*.
 . Search for `KafkaSink` in the catalog items and click it.
 . Click *Create Event Sink*.
-. In the form view, type the URL of the bootstrap server, which is a combination of host name and port. 
+. In the form view, type the URL of the bootstrap server, which is a combination of host name and port.
 +
 image::create-event-sink.png[]
 
 . Type the name of the topic to send event data.
 . Type the name of the event sink.
-. Click *Create*. 
+. Click *Create*.
 
 .Verification
 
diff --git a/modules/serverless-creating-broker-admin-web-console.adoc b/modules/serverless-creating-broker-admin-web-console.adoc
index 9b331dcead71..a54c2020e860 100644
--- a/modules/serverless-creating-broker-admin-web-console.adoc
+++ b/modules/serverless-creating-broker-admin-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-broker-admin-web-console_{context}"]
 = Creating a broker by using the Administrator perspective
 
diff --git a/modules/serverless-creating-broker-annotation.adoc b/modules/serverless-creating-broker-annotation.adoc
index f763a46456ed..563590698968 100644
--- a/modules/serverless-creating-broker-annotation.adoc
+++ b/modules/serverless-creating-broker-annotation.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-broker-annotation_{context}"]
 = Creating a broker by annotating a trigger
 
diff --git a/modules/serverless-creating-broker-labeling.adoc b/modules/serverless-creating-broker-labeling.adoc
index 4dc391134be6..66ab24691f4f 100644
--- a/modules/serverless-creating-broker-labeling.adoc
+++ b/modules/serverless-creating-broker-labeling.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-broker-labeling_{context}"]
 = Creating a broker by labeling a namespace
 
diff --git a/modules/serverless-creating-channel-admin-web-console.adoc b/modules/serverless-creating-channel-admin-web-console.adoc
index d56b89916142..36c91874d7eb 100644
--- a/modules/serverless-creating-channel-admin-web-console.adoc
+++ b/modules/serverless-creating-channel-admin-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-cluster-admin-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-channel-admin-web-console_{context}"]
 = Creating a channel by using the Administrator perspective
 
diff --git a/modules/serverless-creating-event-source-admin-web-console.adoc b/modules/serverless-creating-event-source-admin-web-console.adoc
index 87c8ff9766f4..a94e19ed6d25 100644
--- a/modules/serverless-creating-event-source-admin-web-console.adoc
+++ b/modules/serverless-creating-event-source-admin-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-cluster-admin-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-event-source-admin-web-console_{context}"]
 = Creating an event source by using the Administrator perspective
 
diff --git a/modules/serverless-creating-subscription-admin-web-console.adoc b/modules/serverless-creating-subscription-admin-web-console.adoc
index 7395af3cac84..287dba3e0b6f 100644
--- a/modules/serverless-creating-subscription-admin-web-console.adoc
+++ b/modules/serverless-creating-subscription-admin-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-cluster-admin-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-subscription-admin-web-console_{context}"]
 = Creating a subscription by using the Administrator perspective
 
diff --git a/modules/serverless-creating-subscriptions-kn.adoc b/modules/serverless-creating-subscriptions-kn.adoc
index 9921b70e5b9e..875573ddc4cb 100644
--- a/modules/serverless-creating-subscriptions-kn.adoc
+++ b/modules/serverless-creating-subscriptions-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-subs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-subscriptions-kn_{context}"]
 = Creating a subscription by using the Knative CLI
 
diff --git a/modules/serverless-creating-subscriptions-odc.adoc b/modules/serverless-creating-subscriptions-odc.adoc
index dd68aa678dd2..30377c721058 100644
--- a/modules/serverless-creating-subscriptions-odc.adoc
+++ b/modules/serverless-creating-subscriptions-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-subs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-subscriptions-odc_{context}"]
 = Creating a subscription by using the Developer perspective
 
diff --git a/modules/serverless-creating-subscriptions-yaml.adoc b/modules/serverless-creating-subscriptions-yaml.adoc
index dd06dfc8fc81..b792db33dbea 100644
--- a/modules/serverless-creating-subscriptions-yaml.adoc
+++ b/modules/serverless-creating-subscriptions-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-subs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-subscriptions-yaml_{context}"]
 = Creating a subscription by using YAML
 
diff --git a/modules/serverless-creating-trigger-admin-web-console.adoc b/modules/serverless-creating-trigger-admin-web-console.adoc
index c7f279c76637..7ea200d93e97 100644
--- a/modules/serverless-creating-trigger-admin-web-console.adoc
+++ b/modules/serverless-creating-trigger-admin-web-console.adoc
@@ -3,7 +3,7 @@
 // * serverless/admin_guide/serverless-cluster-admin-eventing.adoc
 // * serverless/eventing/triggers/create-trigger-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-creating-trigger-admin-web-console_{context}"]
 = Creating a trigger by using the Administrator perspective
 
diff --git a/modules/serverless-custom-revision-urls.adoc b/modules/serverless-custom-revision-urls.adoc
index 69643bc005cc..e5cf1bf21778 100644
--- a/modules/serverless-custom-revision-urls.adoc
+++ b/modules/serverless-custom-revision-urls.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-traffic-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-custom-revision-urls_{context}"]
 = Custom URLs for revisions
 
diff --git a/modules/serverless-customize-labels-annotations-routes.adoc b/modules/serverless-customize-labels-annotations-routes.adoc
index efa05e808852..b331b9ffa358 100644
--- a/modules/serverless-customize-labels-annotations-routes.adoc
+++ b/modules/serverless-customize-labels-annotations-routes.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/customize-labels-annotations-routes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-customize-labels-annotations-routes_{context}"]
 = Customizing labels and annotations for {product-title} routes
 
diff --git a/modules/serverless-deleting-broker-injection.adoc b/modules/serverless-deleting-broker-injection.adoc
index 4b96c416de2f..38df923cb6fd 100644
--- a/modules/serverless-deleting-broker-injection.adoc
+++ b/modules/serverless-deleting-broker-injection.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-deleting-broker-injection_{context}"]
 = Deleting a broker that was created by injection
 
diff --git a/modules/serverless-deleting-crds.adoc b/modules/serverless-deleting-crds.adoc
index ee9eb71d2356..4a87259d8968 100644
--- a/modules/serverless-deleting-crds.adoc
+++ b/modules/serverless-deleting-crds.adoc
@@ -2,7 +2,7 @@
 //
 //  * serverless/install/removing-openshift-serverless.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-deleting-crds_{context}"]
 = Removing {ServerlessProductName} Operator and API CRDs
 
diff --git a/modules/serverless-deploy-func-kn.adoc b/modules/serverless-deploy-func-kn.adoc
index cc128b675d78..3d46ddf0daba 100644
--- a/modules/serverless-deploy-func-kn.adoc
+++ b/modules/serverless-deploy-func-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-getting-started.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-deploy-func-kn_{context}"]
 = Deploying functions
 
diff --git a/modules/serverless-deprecated-removed-features.adoc b/modules/serverless-deprecated-removed-features.adoc
index 8de8c0aebb3e..8c5265259590 100644
--- a/modules/serverless-deprecated-removed-features.adoc
+++ b/modules/serverless-deprecated-removed-features.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-deprecated-removed-features_{context}"]
 = Deprecated and removed features
 
diff --git a/modules/serverless-describe-broker-kn.adoc b/modules/serverless-describe-broker-kn.adoc
index 2c5048c4b948..f9a93fdf9fbc 100644
--- a/modules/serverless-describe-broker-kn.adoc
+++ b/modules/serverless-describe-broker-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-describe-broker-kn_{context}"]
 = Describing an existing broker by using the Knative CLI
 
diff --git a/modules/serverless-describe-subs-kn.adoc b/modules/serverless-describe-subs-kn.adoc
index 2c871d567611..e58cce371b83 100644
--- a/modules/serverless-describe-subs-kn.adoc
+++ b/modules/serverless-describe-subs-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-subs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-describe-subs-kn_{context}"]
 = Describing subscriptions by using the Knative CLI
 
diff --git a/modules/serverless-domain-mapping-custom-tls-cert.adoc b/modules/serverless-domain-mapping-custom-tls-cert.adoc
index 57a66f5ab5dd..22fa5e9990cd 100644
--- a/modules/serverless-domain-mapping-custom-tls-cert.adoc
+++ b/modules/serverless-domain-mapping-custom-tls-cert.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/knative-serving/config-custom-domains/domain-mapping-custom-tls-cert.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-domain-mapping-custom-tls-cert_{context}"]
 = Securing a service with a custom domain by using a TLS certificate
 
@@ -35,7 +35,7 @@ To work around this issue, enable mTLS by deploying `PeerAuthentication` instead
 $ oc create secret tls <tls_secret_name> --cert=<path_to_certificate_file> --key=<path_to_key_file>
 ----
 
-. Add the `networking.internal.knative.dev/certificate-uid: <id>`` label to the Kubernetes TLS secret:
+. Add the `networking.internal.knative.dev/certificate-uid: <id>` label to the Kubernetes TLS secret:
 +
 [source,terminal]
 ----
diff --git a/modules/serverless-domain-mapping-odc-admin.adoc b/modules/serverless-domain-mapping-odc-admin.adoc
index b36055dc5f65..86e51ffd8710 100644
--- a/modules/serverless-domain-mapping-odc-admin.adoc
+++ b/modules/serverless-domain-mapping-odc-admin.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative_serving/serverless-custom-domains.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-domain-mapping-odc-admin_{context}"]
 = Mapping a custom domain to a service by using the Administrator perspective
 
diff --git a/modules/serverless-domain-mapping-odc-developer.adoc b/modules/serverless-domain-mapping-odc-developer.adoc
index 7d12eabcdb68..999f25d8f1f8 100644
--- a/modules/serverless-domain-mapping-odc-developer.adoc
+++ b/modules/serverless-domain-mapping-odc-developer.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative_serving/serverless-custom-domains.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-domain-mapping-odc-developer_{context}"]
 = Mapping a custom domain to a service by using the Developer perspective
 
diff --git a/modules/serverless-enable-scale-to-zero.adoc b/modules/serverless-enable-scale-to-zero.adoc
index 2c6b749ccce3..f80a53a2a340 100644
--- a/modules/serverless-enable-scale-to-zero.adoc
+++ b/modules/serverless-enable-scale-to-zero.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-enable-scale-to-zero_{context}"]
 = Enabling scale-to-zero
 
diff --git a/modules/serverless-enabling-pvc-support.adoc b/modules/serverless-enabling-pvc-support.adoc
index 63e7fb0f3038..1ba78ad17547 100644
--- a/modules/serverless-enabling-pvc-support.adoc
+++ b/modules/serverless-enabling-pvc-support.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-enabling-pvc-support_{context}"]
 = Enabling PVC support
 
diff --git a/modules/serverless-enabling-tls-internal-traffic.adoc b/modules/serverless-enabling-tls-internal-traffic.adoc
index 83d20b041e63..001e709450fa 100644
--- a/modules/serverless-enabling-tls-internal-traffic.adoc
+++ b/modules/serverless-enabling-tls-internal-traffic.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/security/serverless-config-tls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-enabling-tls-internal-traffic_{context}"]
 = Enabling TLS authentication for internal traffic
 
diff --git a/modules/serverless-enabling-tls-local-services.adoc b/modules/serverless-enabling-tls-local-services.adoc
index df0056328ee5..5baf52c8701b 100644
--- a/modules/serverless-enabling-tls-local-services.adoc
+++ b/modules/serverless-enabling-tls-local-services.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/security/serverless-config-tls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-enabling-tls-local-services_{context}"]
 = Enabling TLS authentication for cluster local services
 
diff --git a/modules/serverless-event-delivery-component-behaviors.adoc b/modules/serverless-event-delivery-component-behaviors.adoc
index d6fcacd07d77..d0afee204a3c 100644
--- a/modules/serverless-event-delivery-component-behaviors.adoc
+++ b/modules/serverless-event-delivery-component-behaviors.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/develop/serverless-event-delivery.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-event-delivery-component-behaviors_{context}"]
 = Event delivery behavior patterns for channels and brokers
 
diff --git a/modules/serverless-event-delivery-parameters.adoc b/modules/serverless-event-delivery-parameters.adoc
index 83800a092d2f..d7a1c27b6233 100644
--- a/modules/serverless-event-delivery-parameters.adoc
+++ b/modules/serverless-event-delivery-parameters.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/develop/serverless-event-delivery.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-event-delivery-parameters_{context}"]
 = Configurable event delivery parameters
 
diff --git a/modules/serverless-event-source-metrics.adoc b/modules/serverless-event-source-metrics.adoc
index 8c2a499c4b7e..019964ffc3f9 100644
--- a/modules/serverless-event-source-metrics.adoc
+++ b/modules/serverless-event-source-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-event-source-metrics_{context}"]
 = Event source metrics
 
diff --git a/modules/serverless-functions-adding-annotations.adoc b/modules/serverless-functions-adding-annotations.adoc
index 5bd19342d33d..51b91c1e6b92 100644
--- a/modules/serverless-functions-adding-annotations.adoc
+++ b/modules/serverless-functions-adding-annotations.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-annotations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-adding-annotations_{context}"]
 = Adding annotations to a function
 
diff --git a/modules/serverless-functions-all-values-in-secret-to-env-variables.adoc b/modules/serverless-functions-all-values-in-secret-to-env-variables.adoc
index 98e3befef8a9..c1c4a67d3242 100644
--- a/modules/serverless-functions-all-values-in-secret-to-env-variables.adoc
+++ b/modules/serverless-functions-all-values-in-secret-to-env-variables.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-all-values-in-secret-to-env-variables_{context}"]
 = Setting environment variables from all values defined in a secret
 
diff --git a/modules/serverless-functions-creating-on-cluster-builds.adoc b/modules/serverless-functions-creating-on-cluster-builds.adoc
index fba4c229334f..9c85a3c9571c 100644
--- a/modules/serverless-functions-creating-on-cluster-builds.adoc
+++ b/modules/serverless-functions-creating-on-cluster-builds.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/functions/serverless-functions-on-cluster-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-creating-on-cluster-builds_{context}"]
 = Building and deploying functions on the cluster
 
diff --git a/modules/serverless-functions-func-yaml-environment-variables.adoc b/modules/serverless-functions-func-yaml-environment-variables.adoc
index 5768355555da..d963e93f97dc 100644
--- a/modules/serverless-functions-func-yaml-environment-variables.adoc
+++ b/modules/serverless-functions-func-yaml-environment-variables.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-yaml.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-func-yaml-environment-variables_{context}"]
 = Referencing local environment variables from func.yaml fields
 
diff --git a/modules/serverless-functions-func-yaml-fields.adoc b/modules/serverless-functions-func-yaml-fields.adoc
index ab68113368a6..a742076c1ece 100644
--- a/modules/serverless-functions-func-yaml-fields.adoc
+++ b/modules/serverless-functions-func-yaml-fields.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-yaml.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-functions-func-yaml_{context}"]
 = Configurable fields in func.yaml
 
diff --git a/modules/serverless-functions-key-value-in-configmap-to-env-variable.adoc b/modules/serverless-functions-key-value-in-configmap-to-env-variable.adoc
index 5d65221c62eb..21394331b49b 100644
--- a/modules/serverless-functions-key-value-in-configmap-to-env-variable.adoc
+++ b/modules/serverless-functions-key-value-in-configmap-to-env-variable.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-key-value-in-configmap-to-env-variable_{context}"]
 = Setting environment variable from a key value defined in a config map
 
diff --git a/modules/serverless-functions-key-value-in-secret-to-env-variable.adoc b/modules/serverless-functions-key-value-in-secret-to-env-variable.adoc
index 5a648d5a35c4..6cabdd34e1db 100644
--- a/modules/serverless-functions-key-value-in-secret-to-env-variable.adoc
+++ b/modules/serverless-functions-key-value-in-secret-to-env-variable.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-key-value-in-secret-to-env-variable_{context}"]
 = Setting environment variable from a key value defined in a secret
 
diff --git a/modules/serverless-functions-mounting-configmap-as-volume.adoc b/modules/serverless-functions-mounting-configmap-as-volume.adoc
index b281be4cb49b..211fd2010b11 100644
--- a/modules/serverless-functions-mounting-configmap-as-volume.adoc
+++ b/modules/serverless-functions-mounting-configmap-as-volume.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-mounting-configmap-as-volume_{context}"]
 = Mounting a config map as a volume
 
diff --git a/modules/serverless-functions-mounting-secret-as-volume.adoc b/modules/serverless-functions-mounting-secret-as-volume.adoc
index 0383bf84c3da..33f42061891c 100644
--- a/modules/serverless-functions-mounting-secret-as-volume.adoc
+++ b/modules/serverless-functions-mounting-secret-as-volume.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-mounting-secret-as-volume_{context}"]
 = Mounting a secret as a volume
 
diff --git a/modules/serverless-functions-podman-macos.adoc b/modules/serverless-functions-podman-macos.adoc
index 1600da916c81..7a06beb397b1 100644
--- a/modules/serverless-functions-podman-macos.adoc
+++ b/modules/serverless-functions-podman-macos.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-podman-macos_{context}"]
 = Setting up Podman on macOS
 
diff --git a/modules/serverless-functions-podman.adoc b/modules/serverless-functions-podman.adoc
index e87af442aacc..50f72d8ca69a 100644
--- a/modules/serverless-functions-podman.adoc
+++ b/modules/serverless-functions-podman.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-functions-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-podman_{context}"]
 = Setting up Podman
 
diff --git a/modules/serverless-functions-quarkus-return-value-types.adoc b/modules/serverless-functions-quarkus-return-value-types.adoc
index 72d4641deee3..16445aee88a4 100644
--- a/modules/serverless-functions-quarkus-return-value-types.adoc
+++ b/modules/serverless-functions-quarkus-return-value-types.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-quarkus-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-functions-quarkus-return-value-types_{context}"]
 = Permitted types
 
diff --git a/modules/serverless-functions-secrets-configmaps-interactively-specialized.adoc b/modules/serverless-functions-secrets-configmaps-interactively-specialized.adoc
index 7fbad7d70d65..6ecb3eda33b1 100644
--- a/modules/serverless-functions-secrets-configmaps-interactively-specialized.adoc
+++ b/modules/serverless-functions-secrets-configmaps-interactively-specialized.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-functions-secrets-configmaps-interactively-specialized_{context}"]
 = Modifying function access to secrets and config maps interactively by using specialized commands
 
diff --git a/modules/serverless-functions-secrets-configmaps-interactively.adoc b/modules/serverless-functions-secrets-configmaps-interactively.adoc
index 1f1e0cc67d69..ae64d5797b00 100644
--- a/modules/serverless-functions-secrets-configmaps-interactively.adoc
+++ b/modules/serverless-functions-secrets-configmaps-interactively.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-secrets-configmaps-interactively_{context}"]
 = Modifying function access to secrets and config maps interactively
 
diff --git a/modules/serverless-functions-specifying-function-revision.adoc b/modules/serverless-functions-specifying-function-revision.adoc
index 86ea01f0ca63..a9ab39e624bb 100644
--- a/modules/serverless-functions-specifying-function-revision.adoc
+++ b/modules/serverless-functions-specifying-function-revision.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-on-cluster-builds.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-functions-specifying-function-revision_{context}"]
 = Specifying function revision
 
diff --git a/modules/serverless-go-function-return-values.adoc b/modules/serverless-go-function-return-values.adoc
index 1498baba2407..f5b54df68cb5 100644
--- a/modules/serverless-go-function-return-values.adoc
+++ b/modules/serverless-go-function-return-values.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-go-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-go-function-return-values_{context}"]
 = Go function return values
 
diff --git a/modules/serverless-go-metrics.adoc b/modules/serverless-go-metrics.adoc
index a7106f31b539..6a90b97f09d4 100644
--- a/modules/serverless-go-metrics.adoc
+++ b/modules/serverless-go-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-go-metrics_{context}"]
 = Go runtime metrics
 
diff --git a/modules/serverless-go-template.adoc b/modules/serverless-go-template.adoc
index 5108d5e598cb..95f71aaee294 100644
--- a/modules/serverless-go-template.adoc
+++ b/modules/serverless-go-template.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-go-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-go-template_{context}"]
 = Go function template structure
 
diff --git a/modules/serverless-gpu-resources-kn.adoc b/modules/serverless-gpu-resources-kn.adoc
index e5a79deae476..887d5077b55c 100644
--- a/modules/serverless-gpu-resources-kn.adoc
+++ b/modules/serverless-gpu-resources-kn.adoc
@@ -2,7 +2,7 @@
 //
 //  * serverless/integrations/gpu-resources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-gpu-resources-kn_{context}"]
 = Specifying GPU requirements for a service
 
@@ -18,7 +18,7 @@ After GPU resources are enabled for your {product-title} cluster, you can specif
 ifndef::openshift-rosa[]
 [NOTE]
 ====
-Using NVIDIA GPU resources is not supported for {ibmzProductName} and {ibmpowerProductName}.
+Using NVIDIA GPU resources is not supported for {ibm-z-name} and {ibm-power-name}.
 ====
 
 endif::openshift-rosa[]
diff --git a/modules/serverless-https-redirect-global.adoc b/modules/serverless-https-redirect-global.adoc
index 913dfe8e7099..35bcceab2553 100644
--- a/modules/serverless-https-redirect-global.adoc
+++ b/modules/serverless-https-redirect-global.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/https-redirect-global.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-https-redirect-global_{context}"]
 = HTTPS redirection global settings
 
diff --git a/modules/serverless-https-redirect-service.adoc b/modules/serverless-https-redirect-service.adoc
index f7bd1fc3112b..9a5fdefbbabe 100644
--- a/modules/serverless-https-redirect-service.adoc
+++ b/modules/serverless-https-redirect-service.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/https-redirect-per-service.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-https-redirect-service_{context}"]
 = Redirecting HTTPS for a service
 
diff --git a/modules/serverless-init-containers-apps.adoc b/modules/serverless-init-containers-apps.adoc
index b2c1762a46c1..9205f478b540 100644
--- a/modules/serverless-init-containers-apps.adoc
+++ b/modules/serverless-init-containers-apps.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-init-containers-apps_{context}"]
 = Configuring init containers
 
diff --git a/modules/serverless-inmemory-dispatch-metrics.adoc b/modules/serverless-inmemory-dispatch-metrics.adoc
index ffb00cadbcec..987e7304284a 100644
--- a/modules/serverless-inmemory-dispatch-metrics.adoc
+++ b/modules/serverless-inmemory-dispatch-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-admin-metrics.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-inmemory-dispatch-metrics_{context}"]
 = InMemoryChannel dispatcher metrics
 
diff --git a/modules/serverless-install-cli.adoc b/modules/serverless-install-cli.adoc
index 631bd789157b..85d2f7ad7737 100644
--- a/modules/serverless-install-cli.adoc
+++ b/modules/serverless-install-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/install/install-serverless-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-cli_{context}"]
 = Installing the {ServerlessOperatorName} from the CLI
 
diff --git a/modules/serverless-install-eventing-web-console.adoc b/modules/serverless-install-eventing-web-console.adoc
index fe9c179c0748..0b89755b7612 100644
--- a/modules/serverless-install-eventing-web-console.adoc
+++ b/modules/serverless-install-eventing-web-console.adoc
@@ -2,7 +2,7 @@
 //
 //  * /serverless/install/installing-knative-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-eventing-web-console_{context}"]
 = Installing Knative Eventing by using the web console
 
diff --git a/modules/serverless-install-eventing-yaml.adoc b/modules/serverless-install-eventing-yaml.adoc
index 2b0856a60c00..577a1f3170ec 100644
--- a/modules/serverless-install-eventing-yaml.adoc
+++ b/modules/serverless-install-eventing-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/install/installing-knative-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-eventing-yaml_{context}"]
 = Installing Knative Eventing by using YAML
 
diff --git a/modules/serverless-install-kafka-odc.adoc b/modules/serverless-install-kafka-odc.adoc
index 0405b5669b73..59f4e892fa37 100644
--- a/modules/serverless-install-kafka-odc.adoc
+++ b/modules/serverless-install-kafka-odc.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/install/installing-knative-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-kafka-odc_{context}"]
 = Installing Knative broker for Apache Kafka
 
diff --git a/modules/serverless-install-serving-web-console.adoc b/modules/serverless-install-serving-web-console.adoc
index 23e042ec3829..204d524456b0 100644
--- a/modules/serverless-install-serving-web-console.adoc
+++ b/modules/serverless-install-serving-web-console.adoc
@@ -2,7 +2,7 @@
 //
 //  * serverless/install/installing-knative-serving.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-serving-web-console_{context}"]
 = Installing Knative Serving by using the web console
 
diff --git a/modules/serverless-install-serving-yaml.adoc b/modules/serverless-install-serving-yaml.adoc
index 733399067479..5f3f3fd27473 100644
--- a/modules/serverless-install-serving-yaml.adoc
+++ b/modules/serverless-install-serving-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/install/installing-knative-serving.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-serving-yaml_{context}"]
 = Installing Knative Serving by using YAML
 
diff --git a/modules/serverless-install-web-console.adoc b/modules/serverless-install-web-console.adoc
index 7aaf9f17d835..1ce0a1b21b5c 100644
--- a/modules/serverless-install-web-console.adoc
+++ b/modules/serverless-install-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/install/install-serverless-operator.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-install-web-console_{context}"]
 = Installing the {ServerlessOperatorName} from the web console
 
diff --git a/modules/serverless-installing-cli-linux-rpm-package-manager.adoc b/modules/serverless-installing-cli-linux-rpm-package-manager.adoc
index eb17fdfbc946..b6992c80eafb 100644
--- a/modules/serverless-installing-cli-linux-rpm-package-manager.adoc
+++ b/modules/serverless-installing-cli-linux-rpm-package-manager.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/cli_tools/installing-kn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-installing-cli-linux-rpm-package-manager_{context}"]
 = Installing the Knative CLI for Linux by using an RPM package manager
 
@@ -47,14 +47,14 @@ For {op-system-base-full}, you can install the Knative (`kn`) CLI as an RPM by u
 ----
 ifndef::openshift-rosa[]
 +
-* Linux on {ibmzProductName} and {linuxoneProductName} (s390x)
+* Linux on {ibm-z-name} and {ibm-linuxone-name} (s390x)
 +
 [source,terminal]
 ----
 # subscription-manager repos --enable="openshift-serverless-1-for-rhel-8-s390x-rpms"
 ----
 +
-* Linux on {ibmpowerProductName} (ppc64le)
+* Linux on {ibm-power-name} (ppc64le)
 +
 [source,terminal]
 ----
diff --git a/modules/serverless-installing-cli-linux.adoc b/modules/serverless-installing-cli-linux.adoc
index c80247dede6e..36205a497511 100644
--- a/modules/serverless-installing-cli-linux.adoc
+++ b/modules/serverless-installing-cli-linux.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/cli_tools/installing-kn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-cli-linux_{context}"]
 = Installing the Knative CLI for Linux
 
@@ -30,9 +30,9 @@ $ kn: No such file or directory
 * link:https://mirror.openshift.com/pub/openshift-v4/clients/serverless/latest/kn-linux-amd64.tar.gz[Linux (x86_64, amd64)]
 ifndef::openshift-rosa[]
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/serverless/latest/kn-linux-s390x.tar.gz[Linux on {ibmzProductName} and {linuxoneProductName} (s390x)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/serverless/latest/kn-linux-s390x.tar.gz[Linux on {ibm-z-name} and {ibm-linuxone-name} (s390x)]
 
-* link:https://mirror.openshift.com/pub/openshift-v4/clients/serverless/latest/kn-linux-ppc64le.tar.gz[Linux on {ibmpowerProductName} (ppc64le)]
+* link:https://mirror.openshift.com/pub/openshift-v4/clients/serverless/latest/kn-linux-ppc64le.tar.gz[Linux on {ibm-power-name} (ppc64le)]
 endif::openshift-rosa[]
 --
 +
diff --git a/modules/serverless-installing-cli-macos.adoc b/modules/serverless-installing-cli-macos.adoc
index 0a0ef406b93e..acbe6261dea7 100644
--- a/modules/serverless-installing-cli-macos.adoc
+++ b/modules/serverless-installing-cli-macos.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/cli_tools/installing-kn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-installing-cli-macos_{context}"]
 = Installing the Knative CLI for macOS
 
diff --git a/modules/serverless-installing-cli-web-console.adoc b/modules/serverless-installing-cli-web-console.adoc
index c9c6e7658e64..300488d94723 100644
--- a/modules/serverless-installing-cli-web-console.adoc
+++ b/modules/serverless-installing-cli-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/cli_tools/installing-kn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-cli-web-console_{context}"]
 = Installing the Knative CLI using the {product-title} web console
 
diff --git a/modules/serverless-installing-cli-windows.adoc b/modules/serverless-installing-cli-windows.adoc
index e0c3cc311d29..4b7a697fad64 100644
--- a/modules/serverless-installing-cli-windows.adoc
+++ b/modules/serverless-installing-cli-windows.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/cli_tools/installing-kn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-cli-windows_{context}"]
 = Installing the Knative CLI for Windows
 
diff --git a/modules/serverless-invoking-go-functions-cloudevent.adoc b/modules/serverless-invoking-go-functions-cloudevent.adoc
index caf9b485186d..e394465eefd3 100644
--- a/modules/serverless-invoking-go-functions-cloudevent.adoc
+++ b/modules/serverless-invoking-go-functions-cloudevent.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-go-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-invoking-go-functions-cloudevent_{context}"]
 = Functions triggered by a cloud event
 
diff --git a/modules/serverless-invoking-go-functions-http.adoc b/modules/serverless-invoking-go-functions-http.adoc
index f7c133701ea9..c06056fae369 100644
--- a/modules/serverless-invoking-go-functions-http.adoc
+++ b/modules/serverless-invoking-go-functions-http.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-go-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-invoking-go-functions-http_{context}"]
 = Functions triggered by an HTTP request
 
diff --git a/modules/serverless-invoking-python-functions.adoc b/modules/serverless-invoking-python-functions.adoc
index 1fd0cabd8629..ca934c008632 100644
--- a/modules/serverless-invoking-python-functions.adoc
+++ b/modules/serverless-invoking-python-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-python-functions.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-invoking-python-functions_{context}"]
 = About invoking Python functions
 
diff --git a/modules/serverless-invoking-quarkus-functions.adoc b/modules/serverless-invoking-quarkus-functions.adoc
index 4f4698db817e..a601618cbe8d 100644
--- a/modules/serverless-invoking-quarkus-functions.adoc
+++ b/modules/serverless-invoking-quarkus-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-quarkus-functions.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-invoking-quarkus-functions_{context}"]
 = About invoking Quarkus functions
 
diff --git a/modules/serverless-jaeger-config.adoc b/modules/serverless-jaeger-config.adoc
index 7a94498110ca..9e69ecf9bbae 100644
--- a/modules/serverless-jaeger-config.adoc
+++ b/modules/serverless-jaeger-config.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-tracing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-jaeger-config_{context}"]
 = Configuring Jaeger to enable distributed tracing
 
diff --git a/modules/serverless-kafka-broker-configmap.adoc b/modules/serverless-kafka-broker-configmap.adoc
index fd6540a31f0e..ba7e66ec6cfe 100644
--- a/modules/serverless-kafka-broker-configmap.adoc
+++ b/modules/serverless-kafka-broker-configmap.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/kafka-broker.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-broker-configmap_{context}"]
 = Configuring Apache Kafka broker settings
 
diff --git a/modules/serverless-kafka-broker-sasl-default-config.adoc b/modules/serverless-kafka-broker-sasl-default-config.adoc
index 1f4aa481ff6a..1cdffca8cba3 100644
--- a/modules/serverless-kafka-broker-sasl-default-config.adoc
+++ b/modules/serverless-kafka-broker-sasl-default-config.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-kafka-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-broker-sasl-default-config_{context}"]
 = Configuring SASL authentication for Apache Kafka brokers
 
diff --git a/modules/serverless-kafka-broker-tls-default-config.adoc b/modules/serverless-kafka-broker-tls-default-config.adoc
index cb2c13b1254d..bcb017837e2a 100644
--- a/modules/serverless-kafka-broker-tls-default-config.adoc
+++ b/modules/serverless-kafka-broker-tls-default-config.adoc
@@ -3,7 +3,7 @@
 // * serverless/admin_guide/serverless-kafka-admin.adoc
 // * /serverless/security/serverless-config-tls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-broker-tls-default-config_{context}"]
 = Configuring TLS authentication for Apache Kafka brokers
 
diff --git a/modules/serverless-kafka-broker-with-isolated-dataplane.adoc b/modules/serverless-kafka-broker-with-isolated-dataplane.adoc
index 4e12750a7e65..d486aa820ad9 100644
--- a/modules/serverless-kafka-broker-with-isolated-dataplane.adoc
+++ b/modules/serverless-kafka-broker-with-isolated-dataplane.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/brokers/kafka-broker.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-kafka-broker-with-isolated-dataplane_{context}"]
 = Knative Broker implementation for Apache Kafka with isolated data plane
 
diff --git a/modules/serverless-kafka-broker-with-kafka-topic.adoc b/modules/serverless-kafka-broker-with-kafka-topic.adoc
index bab2f50c398d..c2d507a84a92 100644
--- a/modules/serverless-kafka-broker-with-kafka-topic.adoc
+++ b/modules/serverless-kafka-broker-with-kafka-topic.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-broker-with-kafka-topic_{context}"]
 = Creating an Apache Kafka broker that uses an externally managed Kafka topic
 
diff --git a/modules/serverless-kafka-broker.adoc b/modules/serverless-kafka-broker.adoc
index 1144d8e5f5f8..ee31d571b338 100644
--- a/modules/serverless-kafka-broker.adoc
+++ b/modules/serverless-kafka-broker.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-broker_{context}"]
 = Creating an Apache Kafka broker by using YAML
 
diff --git a/modules/serverless-kafka-developer.adoc b/modules/serverless-kafka-developer.adoc
index fcd0d6c030aa..b5b8a993e76f 100644
--- a/modules/serverless-kafka-developer.adoc
+++ b/modules/serverless-kafka-developer.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/about/about-knative-eventing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-kafka-developer_{context}"]
 = Using the Knative broker for Apache Kafka
 
@@ -14,7 +14,7 @@ THe Knative broker implementation for Apache Kafka provides integration options
 ifdef::openshift-enterprise[]
 [NOTE]
 ====
-The Knative broker implementation for Apache Kafka is not currently supported for {ibmzProductName} and {ibmpowerProductName}.
+The Knative broker implementation for Apache Kafka is not currently supported for {ibm-z-name} and {ibm-power-name}.
 ====
 endif::[]
 
diff --git a/modules/serverless-kafka-event-delivery.adoc b/modules/serverless-kafka-event-delivery.adoc
index 6a62692364a2..13f5c05c2eb8 100644
--- a/modules/serverless-kafka-event-delivery.adoc
+++ b/modules/serverless-kafka-event-delivery.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-kafka-developer.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-kafka-delivery-retries_{context}"]
 = Apache Kafka event delivery and retries
 
diff --git a/modules/serverless-kafka-sasl-channels.adoc b/modules/serverless-kafka-sasl-channels.adoc
index 6bf4d05c49c7..fd4eae528722 100644
--- a/modules/serverless-kafka-sasl-channels.adoc
+++ b/modules/serverless-kafka-sasl-channels.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-kafka-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-sasl-channels_{context}"]
 = Configuring SASL authentication for Knative channels for Apache Kafka
 
diff --git a/modules/serverless-kafka-sasl-source.adoc b/modules/serverless-kafka-sasl-source.adoc
index 2a4859be7480..b410f3e737db 100644
--- a/modules/serverless-kafka-sasl-source.adoc
+++ b/modules/serverless-kafka-sasl-source.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-kafka-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-sasl-source_{context}"]
 = Configuring SASL authentication for Apache Kafka sources
 
@@ -52,7 +52,7 @@ spec:
       password:
         secretKeyRef:
           name: <kafka_auth_secret>
-          key: password
+          key: <password>
       type:
         secretKeyRef:
           name: <kafka_auth_secret>
diff --git a/modules/serverless-kafka-sink-security-config.adoc b/modules/serverless-kafka-sink-security-config.adoc
index fa963f2ab4c0..4597e6c4ffc6 100644
--- a/modules/serverless-kafka-sink-security-config.adoc
+++ b/modules/serverless-kafka-sink-security-config.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-kafka-admin.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-sink-security-config_{context}"]
 = Configuring security for Apache Kafka sinks
 
diff --git a/modules/serverless-kafka-sink.adoc b/modules/serverless-kafka-sink.adoc
index 66bff7cfeeb4..563e6bdd38a1 100644
--- a/modules/serverless-kafka-sink.adoc
+++ b/modules/serverless-kafka-sink.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-kafka-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-sink_{context}"]
 = Creating an Apache Kafka sink by using YAML
 
diff --git a/modules/serverless-kafka-source-kn.adoc b/modules/serverless-kafka-source-kn.adoc
index 6386f58f3b4e..308d53d46da1 100644
--- a/modules/serverless-kafka-source-kn.adoc
+++ b/modules/serverless-kafka-source-kn.adoc
@@ -3,7 +3,7 @@
 // * serverless/develop/serverless-kafka-developer.adoc
 // * serverless/reference/kn-eventing-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-source-kn_{context}"]
 = Creating an Apache Kafka event source by using the Knative CLI
 
@@ -21,7 +21,7 @@ You can use the `kn source kafka create` command to create a Kafka source by usi
 
 . To verify that the Kafka event source is working, create a Knative service that dumps incoming events into the service logs:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ kn service create event-display \
     --image quay.io/openshift-knative/knative-eventing-sources-event-display
@@ -46,13 +46,13 @@ The `--servers`, `--topics`, and `--consumergroup` options specify the connectio
 
 . Optional: View details about the `KafkaSource` CR you created:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ kn source kafka describe <kafka_source_name>
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 Name:              example-kafka-source
 Namespace:         kafka
diff --git a/modules/serverless-kafka-source-odc.adoc b/modules/serverless-kafka-source-odc.adoc
index aa3f55d66338..751ef80d0adb 100644
--- a/modules/serverless-kafka-source-odc.adoc
+++ b/modules/serverless-kafka-source-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-kafka-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-source-odc_{context}"]
 = Creating an Apache Kafka event source by using the web console
 
diff --git a/modules/serverless-kafka-source-yaml.adoc b/modules/serverless-kafka-source-yaml.adoc
index 34b4703f52bd..09ec21200d4f 100644
--- a/modules/serverless-kafka-source-yaml.adoc
+++ b/modules/serverless-kafka-source-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-kafka-developer.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-source-yaml_{context}"]
 = Creating an Apache Kafka event source by using YAML
 
@@ -74,13 +74,13 @@ $ oc apply -f <filename>
 
 * Verify that the Kafka event source was created by entering the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 NAME                                    READY     STATUS    RESTARTS   AGE
 kafkasource-kafka-source-5ca0248f-...   1/1       Running   0          13m
diff --git a/modules/serverless-kafka-tls-channels.adoc b/modules/serverless-kafka-tls-channels.adoc
index 2da85bc7bf81..481d4a2773ad 100644
--- a/modules/serverless-kafka-tls-channels.adoc
+++ b/modules/serverless-kafka-tls-channels.adoc
@@ -3,7 +3,7 @@
 // * /serverless/admin_guide/serverless-kafka-admin.adoc
 // * /serverless/security/serverless-config-tls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kafka-tls-channels_{context}"]
 = Configuring TLS authentication for Knative channels for Apache Kafka
 
diff --git a/modules/serverless-kn-config.adoc b/modules/serverless-kn-config.adoc
index 6240a3668ecf..b5d61642b35e 100644
--- a/modules/serverless-kn-config.adoc
+++ b/modules/serverless-kn-config.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/cli_tools/advanced-kn-config.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-kn-config_{context}"]
 = Customizing the Knative CLI
 
diff --git a/modules/serverless-kn-container.adoc b/modules/serverless-kn-container.adoc
index 91400be23e76..457cb7989878 100644
--- a/modules/serverless-kn-container.adoc
+++ b/modules/serverless-kn-container.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-kn-container_{context}"]
 = Knative client multi-container support
 
diff --git a/modules/serverless-kn-containersource.adoc b/modules/serverless-kn-containersource.adoc
index d6e47a9eea17..d7d9bc39c0c2 100644
--- a/modules/serverless-kn-containersource.adoc
+++ b/modules/serverless-kn-containersource.adoc
@@ -3,12 +3,12 @@
 // * serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 // * serverless/reference/kn-eventing-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-kn-containersource_{context}"]
 = Creating and managing container sources by using the Knative CLI
 // needs to be revised as separate procedure modules; out of scope for this PR
 
-You can use the `kn source container` commands to create  and manage container sources by using the Knative (`kn`) CLI. Using the Knative CLI to create event sources provides a more streamlined and intuitive user interface than modifying YAML files directly. 
+You can use the `kn source container` commands to create  and manage container sources by using the Knative (`kn`) CLI. Using the Knative CLI to create event sources provides a more streamlined and intuitive user interface than modifying YAML files directly.
 
 .Create a container source
 [source,terminal]
diff --git a/modules/serverless-kn-func-delete.adoc b/modules/serverless-kn-func-delete.adoc
index e6e5157f0169..b6991e4d9f78 100644
--- a/modules/serverless-kn-func-delete.adoc
+++ b/modules/serverless-kn-func-delete.adoc
@@ -2,7 +2,7 @@
 
 // * serverless/cli_tools/kn-func-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kn-func-delete_{context}"]
 = Deleting a function
 
diff --git a/modules/serverless-kn-func-invoke-reference.adoc b/modules/serverless-kn-func-invoke-reference.adoc
index 55977842e34e..87d44095b3ed 100644
--- a/modules/serverless-kn-func-invoke-reference.adoc
+++ b/modules/serverless-kn-func-invoke-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-func-ref.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-kn-func-invoke-reference_{context}"]
 = kn func invoke optional parameters
 
diff --git a/modules/serverless-kn-func-invoke.adoc b/modules/serverless-kn-func-invoke.adoc
index e12475361054..53e5711cf349 100644
--- a/modules/serverless-kn-func-invoke.adoc
+++ b/modules/serverless-kn-func-invoke.adoc
@@ -3,7 +3,7 @@
 // * serverless/functions/serverless-functions-getting-started.adoc
 // * serverless/cli_tools/kn-func-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-kn-func-invoke_{context}"]
 = Invoking a deployed function with a test event
 
diff --git a/modules/serverless-kn-func-run.adoc b/modules/serverless-kn-func-run.adoc
index d64603681c5c..865946e5cae8 100644
--- a/modules/serverless-kn-func-run.adoc
+++ b/modules/serverless-kn-func-run.adoc
@@ -3,7 +3,7 @@
 // * serverless/cli_tools/kn-func-ref.adoc
 // * serverless/functions/serverless-functions-getting-started.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-kn-func-run_{context}"]
 = Running a function locally
 
diff --git a/modules/serverless-kourier-gateway-service-type.adoc b/modules/serverless-kourier-gateway-service-type.adoc
index 7cf010aa6db0..765e39342bdf 100644
--- a/modules/serverless-kourier-gateway-service-type.adoc
+++ b/modules/serverless-kourier-gateway-service-type.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/kourier-gateway-service-type.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-kourier-gateway-service-type_{context}"]
 = Setting the Kourier Gateway service type
 // should probably be a procedure but this is out of scope for the abstracts PR
diff --git a/modules/serverless-list-broker-kn.adoc b/modules/serverless-list-broker-kn.adoc
index dd764070e7ca..a0f359132094 100644
--- a/modules/serverless-list-broker-kn.adoc
+++ b/modules/serverless-list-broker-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/brokers/serverless-using-brokers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-list-broker-kn_{context}"]
 = Listing existing brokers by using the Knative CLI
 
diff --git a/modules/serverless-list-source-cli.adoc b/modules/serverless-list-source-cli.adoc
index 3add56745dfd..9dc53f241a44 100644
--- a/modules/serverless-list-source-cli.adoc
+++ b/modules/serverless-list-source-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/discovery/list-event-sources-cli.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-list-source-cli_{context}"]
 = Listing available event sources by using the Knative CLI
 
diff --git a/modules/serverless-list-source-types-kn.adoc b/modules/serverless-list-source-types-kn.adoc
index 9f69c34732e9..7a996864aa77 100644
--- a/modules/serverless-list-source-types-kn.adoc
+++ b/modules/serverless-list-source-types-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-listing-event-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-list-source-types-kn_{context}"]
 = Listing available event source types by using the Knative CLI
 
diff --git a/modules/serverless-list-source-types-odc.adoc b/modules/serverless-list-source-types-odc.adoc
index 958738fdea3d..b373604b1a48 100644
--- a/modules/serverless-list-source-types-odc.adoc
+++ b/modules/serverless-list-source-types-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/eventing/discovery/list-event-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-list-source-types-odc_{context}"]
 = Viewing available event source types within the Developer perspective
 
diff --git a/modules/serverless-list-subs-kn.adoc b/modules/serverless-list-subs-kn.adoc
index d260c36c2cb1..195910c7794d 100644
--- a/modules/serverless-list-subs-kn.adoc
+++ b/modules/serverless-list-subs-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-subs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-list-subs-kn_{context}"]
 = Listing subscriptions by using the Knative CLI
 
diff --git a/modules/serverless-manage-domain-mapping-kn.adoc b/modules/serverless-manage-domain-mapping-kn.adoc
index 04ee9b2536dd..7079533c913b 100644
--- a/modules/serverless-manage-domain-mapping-kn.adoc
+++ b/modules/serverless-manage-domain-mapping-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/reference/kn-serving-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-manage-domain-mapping-kn_{context}"]
 = Managing custom domain mappings by using the Knative CLI
 
diff --git a/modules/serverless-monitoring-services-examining-metrics-dashboard.adoc b/modules/serverless-monitoring-services-examining-metrics-dashboard.adoc
index 09a30fbfc5d0..1f8e4956fbc0 100644
--- a/modules/serverless-monitoring-services-examining-metrics-dashboard.adoc
+++ b/modules/serverless-monitoring-services-examining-metrics-dashboard.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/monitor/serverless-developer-metrics.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-monitoring-services-examining-metrics-dashboard_{context}"]
 = Examining metrics of a service in the dashboard
 
diff --git a/modules/serverless-nodejs-context-object-reference.adoc b/modules/serverless-nodejs-context-object-reference.adoc
index 42f95b4db0db..202d08e2a1a2 100644
--- a/modules/serverless-nodejs-context-object-reference.adoc
+++ b/modules/serverless-nodejs-context-object-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-reference-guide.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-nodejs-context-object-reference_{context}"]
 = Node.js context object reference
 
diff --git a/modules/serverless-nodejs-function-return-values.adoc b/modules/serverless-nodejs-function-return-values.adoc
index dd3d198598bc..c64c7e3f7d9c 100644
--- a/modules/serverless-nodejs-function-return-values.adoc
+++ b/modules/serverless-nodejs-function-return-values.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-nodejs-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-nodejs-function-return-values_{context}"]
 = Node.js function return values
 
diff --git a/modules/serverless-nodejs-functions-context-objects.adoc b/modules/serverless-nodejs-functions-context-objects.adoc
index cbfed0fc73ba..273a1bb1f55f 100644
--- a/modules/serverless-nodejs-functions-context-objects.adoc
+++ b/modules/serverless-nodejs-functions-context-objects.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-nodejs-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-nodejs-functions-context-objects_{context}"]
 = Node.js context objects
 
diff --git a/modules/serverless-nodejs-template.adoc b/modules/serverless-nodejs-template.adoc
index 6d0a7b860364..b03e3c4f829f 100644
--- a/modules/serverless-nodejs-template.adoc
+++ b/modules/serverless-nodejs-template.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-nodejs-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-nodejs-template_{context}"]
 = Node.js function template structure
 
diff --git a/modules/serverless-odc-create-containersource.adoc b/modules/serverless-odc-create-containersource.adoc
index e4b471f4ac32..cd2ef615a8ca 100644
--- a/modules/serverless-odc-create-containersource.adoc
+++ b/modules/serverless-odc-create-containersource.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-odc-create-containersource_{context}"]
 = Creating a container source by using the web console
 
diff --git a/modules/serverless-open-telemetry.adoc b/modules/serverless-open-telemetry.adoc
index 380a0a98326c..57768749ac07 100644
--- a/modules/serverless-open-telemetry.adoc
+++ b/modules/serverless-open-telemetry.adoc
@@ -2,11 +2,11 @@
 //
 // * serverless/serverless-tracing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-open-telemetry_{context}"]
 = Using {DTProductName} to enable distributed tracing
 
-{DTProductName} is made up of several components that work together to collect, store, and display tracing data. 
+{DTProductName} is made up of several components that work together to collect, store, and display tracing data.
 
 .Prerequisites
 
diff --git a/modules/serverless-openshift-routes.adoc b/modules/serverless-openshift-routes.adoc
index 30c39c74387e..d26d31f49efd 100644
--- a/modules/serverless-openshift-routes.adoc
+++ b/modules/serverless-openshift-routes.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/configuring-service-routes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-openshift-routes_{context}"]
 = Configuring {product-title} routes for Knative services
 
diff --git a/modules/serverless-ossm-enabling-serving-metrics.adoc b/modules/serverless-ossm-enabling-serving-metrics.adoc
index 2942c17f9859..1b8b881434d2 100644
--- a/modules/serverless-ossm-enabling-serving-metrics.adoc
+++ b/modules/serverless-ossm-enabling-serving-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/integrations/serverless-ossm-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-enabling-serving-metrics_{context}"]
 = Enabling Knative Serving metrics when using Service Mesh with mTLS
 
diff --git a/modules/serverless-ossm-external-certs.adoc b/modules/serverless-ossm-external-certs.adoc
index 0c1741f74983..00739d6b4980 100644
--- a/modules/serverless-ossm-external-certs.adoc
+++ b/modules/serverless-ossm-external-certs.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/integrations/serverless-ossm-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverlesss-ossm-external-certs_{context}"]
 = Creating a certificate to encrypt incoming external traffic
 
diff --git a/modules/serverless-ossm-secret-filtering-net-istio.adoc b/modules/serverless-ossm-secret-filtering-net-istio.adoc
index 3b68ff790453..38970a16133f 100644
--- a/modules/serverless-ossm-secret-filtering-net-istio.adoc
+++ b/modules/serverless-ossm-secret-filtering-net-istio.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/integrations/serverless-ossm-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-secret-filtering-net-istio_{context}"]
 = Improving net-istio memory usage by using secret filtering for {SMProductShortName}
 
diff --git a/modules/serverless-ossm-secret-filtering-net-kourier.adoc b/modules/serverless-ossm-secret-filtering-net-kourier.adoc
index abfb7cc6d754..3693a7fd5ba1 100644
--- a/modules/serverless-ossm-secret-filtering-net-kourier.adoc
+++ b/modules/serverless-ossm-secret-filtering-net-kourier.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/knative-serving/config-custom-domains/domain-mapping-custom-tls-cert.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-secret-filtering-net-kourier_{context}"]
 = Improving net-kourier memory usage by using secret filtering
 
diff --git a/modules/serverless-ossm-setup-with-kourier.adoc b/modules/serverless-ossm-setup-with-kourier.adoc
index 5d3d02fe18c1..e26289ffe918 100644
--- a/modules/serverless-ossm-setup-with-kourier.adoc
+++ b/modules/serverless-ossm-setup-with-kourier.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/integrations/serverless-ossm-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-setup-with-kourier_{context}"]
 = Integrating {SMProductShortName} with {ServerlessProductName} when Kourier is enabled
 
diff --git a/modules/serverless-ossm-setup.adoc b/modules/serverless-ossm-setup.adoc
index a0539a928573..dff3579f693c 100644
--- a/modules/serverless-ossm-setup.adoc
+++ b/modules/serverless-ossm-setup.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/integrations/serverless-ossm-setup.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-setup_{context}"]
 = Integrating {SMProductShortName} with {ServerlessProductName}
 
diff --git a/modules/serverless-ossm-v1x-jwt.adoc b/modules/serverless-ossm-v1x-jwt.adoc
index 662a9e1c1043..22dca8139eba 100644
--- a/modules/serverless-ossm-v1x-jwt.adoc
+++ b/modules/serverless-ossm-v1x-jwt.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-access/serverless-ossm-with-kourier-jwt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-v1x-jwt_{context}"]
 = Configuring JSON Web Token authentication for {SMProductShortName} 1.x and {ServerlessProductName}
 
diff --git a/modules/serverless-ossm-v2x-jwt.adoc b/modules/serverless-ossm-v2x-jwt.adoc
index ff193e91d128..c77bbcb2f1c9 100644
--- a/modules/serverless-ossm-v2x-jwt.adoc
+++ b/modules/serverless-ossm-v2x-jwt.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-access/serverless-ossm-with-kourier-jwt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-ossm-v2x-jwt_{context}"]
 = Configuring JSON Web Token authentication for {SMProductShortName} 2.x and {ServerlessProductName}
 
diff --git a/modules/serverless-pingsource-kn.adoc b/modules/serverless-pingsource-kn.adoc
index cffeaf49ffac..eddeaa91ce1e 100644
--- a/modules/serverless-pingsource-kn.adoc
+++ b/modules/serverless-pingsource-kn.adoc
@@ -3,7 +3,7 @@
 // * serverless/eventing/event-sources/serverless-pingsource.adoc
 // * serverless/reference/kn-eventing-ref.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-pingsource-kn_{context}"]
 = Creating a ping source by using the Knative CLI
 
diff --git a/modules/serverless-pingsource-odc.adoc b/modules/serverless-pingsource-odc.adoc
index 6713a82ed76e..c6e1f18055e5 100644
--- a/modules/serverless-pingsource-odc.adoc
+++ b/modules/serverless-pingsource-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-pingsource.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-pingsource-odc_{context}"]
 = Creating a ping source by using the web console
 
diff --git a/modules/serverless-pingsource-yaml.adoc b/modules/serverless-pingsource-yaml.adoc
index 9934eef81843..c99ca24c5225 100644
--- a/modules/serverless-pingsource-yaml.adoc
+++ b/modules/serverless-pingsource-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-pingsource.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-pingsource-yaml_{context}"]
 = Creating a ping source by using YAML
 
diff --git a/modules/serverless-python-function-return-values.adoc b/modules/serverless-python-function-return-values.adoc
index 63dba4e92704..00725d8fbe7d 100644
--- a/modules/serverless-python-function-return-values.adoc
+++ b/modules/serverless-python-function-return-values.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-python-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-python-function-return-values_{context}"]
 = Python function return values
 
diff --git a/modules/serverless-python-template.adoc b/modules/serverless-python-template.adoc
index 614df54d27ad..4e31ad4d3855 100644
--- a/modules/serverless-python-template.adoc
+++ b/modules/serverless-python-template.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-python-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-python-template_{context}"]
 = Python function template structure
 
diff --git a/modules/serverless-quarkus-cloudevent-attributes.adoc b/modules/serverless-quarkus-cloudevent-attributes.adoc
index f8554c5c6a42..8123c93417df 100644
--- a/modules/serverless-quarkus-cloudevent-attributes.adoc
+++ b/modules/serverless-quarkus-cloudevent-attributes.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-quarkus-functions.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-quarkus-cloudevent-attributes_{context}"]
 = CloudEvent attributes
 
diff --git a/modules/serverless-quarkus-function-return-values.adoc b/modules/serverless-quarkus-function-return-values.adoc
index 031b88d1329c..dad2bcf5d59c 100644
--- a/modules/serverless-quarkus-function-return-values.adoc
+++ b/modules/serverless-quarkus-function-return-values.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-quarkus-functions.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-quarkus-function-return-values_{context}"]
 = Quarkus function return values
 
diff --git a/modules/serverless-quarkus-template.adoc b/modules/serverless-quarkus-template.adoc
index aeb693f4d98d..19947bb04a9a 100644
--- a/modules/serverless-quarkus-template.adoc
+++ b/modules/serverless-quarkus-template.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-quarkus-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-quarkus-template_{context}"]
 = Quarkus function template structure
 
@@ -45,7 +45,7 @@ Both `http` and `event` trigger functions have the same template structure:
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>4.13</version>
+      <version>4.15</version>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/modules/serverless-resolving-operator-upgrade-failure.adoc b/modules/serverless-resolving-operator-upgrade-failure.adoc
index 79f0b47e44f9..a7c81bed3faa 100644
--- a/modules/serverless-resolving-operator-upgrade-failure.adoc
+++ b/modules/serverless-resolving-operator-upgrade-failure.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/install/serverless-upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-resolving-operator-upgrade-failure_{context}"]
 = Resolving an {ServerlessOperatorName} upgrade failure
 
diff --git a/modules/serverless-rn-1-18-0.adoc b/modules/serverless-rn-1-18-0.adoc
index ac8f45ab48db..ff734712bbdc 100644
--- a/modules/serverless-rn-1-18-0.adoc
+++ b/modules/serverless-rn-1-18-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-18-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.18.0
 
diff --git a/modules/serverless-rn-1-19-0.adoc b/modules/serverless-rn-1-19-0.adoc
index fd1f507129c9..469590a01e52 100644
--- a/modules/serverless-rn-1-19-0.adoc
+++ b/modules/serverless-rn-1-19-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-19-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.19.0
 
diff --git a/modules/serverless-rn-1-20-0.adoc b/modules/serverless-rn-1-20-0.adoc
index d5ce1518a2da..45fe2cd8a9da 100644
--- a/modules/serverless-rn-1-20-0.adoc
+++ b/modules/serverless-rn-1-20-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-20-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.20.0
 
diff --git a/modules/serverless-rn-1-21-0.adoc b/modules/serverless-rn-1-21-0.adoc
index 38f457351593..ed1c3533bc76 100644
--- a/modules/serverless-rn-1-21-0.adoc
+++ b/modules/serverless-rn-1-21-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-21-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.21.0
 
diff --git a/modules/serverless-rn-1-22-0.adoc b/modules/serverless-rn-1-22-0.adoc
index 3ada7a94dc46..23d059117c1a 100644
--- a/modules/serverless-rn-1-22-0.adoc
+++ b/modules/serverless-rn-1-22-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-22-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.22.0
 
diff --git a/modules/serverless-rn-1-23-0.adoc b/modules/serverless-rn-1-23-0.adoc
index de84d4785795..92697e371149 100644
--- a/modules/serverless-rn-1-23-0.adoc
+++ b/modules/serverless-rn-1-23-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-23-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.23.0
 
diff --git a/modules/serverless-rn-1-24-0.adoc b/modules/serverless-rn-1-24-0.adoc
index 118ff6d5d1b5..3b54f0da9c86 100644
--- a/modules/serverless-rn-1-24-0.adoc
+++ b/modules/serverless-rn-1-24-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-24-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.24.0
 
diff --git a/modules/serverless-rn-1-25-0.adoc b/modules/serverless-rn-1-25-0.adoc
index b90f2bf4aff9..aaa10658a390 100644
--- a/modules/serverless-rn-1-25-0.adoc
+++ b/modules/serverless-rn-1-25-0.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-25-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.25.0
 
diff --git a/modules/serverless-rn-1-26-0.adoc b/modules/serverless-rn-1-26-0.adoc
index be752b57d7c8..f490287c6fec 100644
--- a/modules/serverless-rn-1-26-0.adoc
+++ b/modules/serverless-rn-1-26-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-26_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.26
 
diff --git a/modules/serverless-rn-1-27-0.adoc b/modules/serverless-rn-1-27-0.adoc
index fe68c11fb326..66a492728581 100644
--- a/modules/serverless-rn-1-27-0.adoc
+++ b/modules/serverless-rn-1-27-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-27_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.27
 
@@ -52,4 +52,3 @@ If this happens, delete the `ClusterRoleBinding` named `rbac-proxy-reviews-prom-
 * If you use `net-istio` for Ingress and enable mTLS via SMCP using `security.dataPlane.mtls: true`, Service Mesh deploys `DestinationRules` for the `*.local` host, which does not allow `DomainMapping` for {ServerlessProductName}.
 +
 To work around this issue, enable mTLS by deploying `PeerAuthentication` instead of using `security.dataPlane.mtls: true`.
-
diff --git a/modules/serverless-rn-1-28-0.adoc b/modules/serverless-rn-1-28-0.adoc
index c7010e6cc26e..fb9e9ac69f5b 100644
--- a/modules/serverless-rn-1-28-0.adoc
+++ b/modules/serverless-rn-1-28-0.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-rn-1-28-0_{context}"]
 = Release notes for Red Hat {ServerlessProductName} 1.28
 
@@ -45,7 +45,7 @@ In one of the following {ServerlessProductName} releases, secret filtering will
 [id="known-issues-1-28-0_{context}"]
 == Known issues
 
-* Currently, runtimes for Python are not supported for {ServerlessProductName} Functions on IBM Power, IBM zSystems, and IBM(R) LinuxONE.
+* Currently, runtimes for Python are not supported for {ServerlessProductName} Functions on {ibm-power-name}, {ibm-z-name} Systems, and {ibm-linuxone-name}.
 +
 Node.js, TypeScript, and Quarkus functions are supported on these architectures.
 
diff --git a/modules/serverless-scale-to-zero-grace-period.adoc b/modules/serverless-scale-to-zero-grace-period.adoc
index 89e25a137d86..6032f31d8fe0 100644
--- a/modules/serverless-scale-to-zero-grace-period.adoc
+++ b/modules/serverless-scale-to-zero-grace-period.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-scale-to-zero-grace-period_{context}"]
 = Configuring the scale-to-zero grace period
 
diff --git a/modules/serverless-send-events-kn.adoc b/modules/serverless-send-events-kn.adoc
index 472a14cbaef5..75f2fffc6135 100644
--- a/modules/serverless-send-events-kn.adoc
+++ b/modules/serverless-send-events-kn.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-send-events-kn_{context}"]
 = Sending events by using the kn-event plugin
 
diff --git a/modules/serverless-services-network-policies-enabling-comms.adoc b/modules/serverless-services-network-policies-enabling-comms.adoc
index 455db7f969bc..6f3f9c3b5df0 100644
--- a/modules/serverless-services-network-policies-enabling-comms.adoc
+++ b/modules/serverless-services-network-policies-enabling-comms.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-applications/restrictive-cluster-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-services-network-policies-enabling-comms_{context}"]
 = Enabling communication with Knative applications on a cluster with restrictive network policies
 
@@ -26,28 +26,28 @@ If you do not want to allow access to your Knative application from all namespac
 
 .. Label the `knative-serving` namespace:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc label namespace knative-serving knative.openshift.io/system-namespace=true
 ----
 
 .. Label the `knative-serving-ingress` namespace:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc label namespace knative-serving-ingress knative.openshift.io/system-namespace=true
 ----
 
 .. Label the `knative-eventing` namespace:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc label namespace knative-eventing knative.openshift.io/system-namespace=true
 ----
 
 .. Label the `knative-kafka` namespace:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc label namespace knative-kafka knative.openshift.io/system-namespace=true
 ----
diff --git a/modules/serverless-services-network-policies.adoc b/modules/serverless-services-network-policies.adoc
index 2f34179ff025..25f41ba02b86 100644
--- a/modules/serverless-services-network-policies.adoc
+++ b/modules/serverless-services-network-policies.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/config-applications/restrictive-cluster-policies.adoc
 
-:_content-type: Concept
+:_mod-docs-content-type: Concept
 [id="serverless-services-network-policies_{context}"]
 = Clusters with restrictive network policies
 
diff --git a/modules/serverless-sinkbinding-intro.adoc b/modules/serverless-sinkbinding-intro.adoc
index 40afa096a369..d04ccfaf37b1 100644
--- a/modules/serverless-sinkbinding-intro.adoc
+++ b/modules/serverless-sinkbinding-intro.adoc
@@ -2,8 +2,8 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: CONCEPT
-[id="serverless-sinkbinding-intro_context"]
+:_mod-docs-content-type: CONCEPT
+[id="serverless-sinkbinding-intro_{context}"]
 = Sink binding
 
 The `SinkBinding` object supports decoupling event production from delivery addressing. Sink binding is used to connect _event producers_ to an event consumer, or _sink_. An event producer is a Kubernetes resource that embeds a `PodSpec` template and produces events. A sink is an addressable Kubernetes object that can receive events.
diff --git a/modules/serverless-sinkbinding-kn.adoc b/modules/serverless-sinkbinding-kn.adoc
index b927d136ee29..1dc70dd38cb5 100644
--- a/modules/serverless-sinkbinding-kn.adoc
+++ b/modules/serverless-sinkbinding-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-sinkbinding-kn_{context}"]
 = Creating a sink binding by using the Knative CLI
 
diff --git a/modules/serverless-sinkbinding-odc.adoc b/modules/serverless-sinkbinding-odc.adoc
index 8490bde0cfa9..e2021750c05a 100644
--- a/modules/serverless-sinkbinding-odc.adoc
+++ b/modules/serverless-sinkbinding-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-sinkbinding-odc_{context}"]
 = Creating a sink binding by using the web console
 
diff --git a/modules/serverless-sinkbinding-reference.adoc b/modules/serverless-sinkbinding-reference.adoc
index fc90ec4a4211..ba7028e46655 100644
--- a/modules/serverless-sinkbinding-reference.adoc
+++ b/modules/serverless-sinkbinding-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-sinkbinding-reference_{context}"]
 = Sink binding reference
 // this section probably needs a rewrite / restructure; feels like multiple modules maybe for a larger ref doc. Out of scope for this PR.
diff --git a/modules/serverless-sinkbinding-yaml.adoc b/modules/serverless-sinkbinding-yaml.adoc
index 7538b8705a98..a0a562f41d2c 100644
--- a/modules/serverless-sinkbinding-yaml.adoc
+++ b/modules/serverless-sinkbinding-yaml.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/eventing/event-sources/serverless-custom-event-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-sinkbinding-yaml_{context}"]
 = Creating a sink binding by using YAML
 
diff --git a/modules/serverless-tag-to-digest-resolution.adoc b/modules/serverless-tag-to-digest-resolution.adoc
index 2ec0714d0640..cb5bfe547cce 100644
--- a/modules/serverless-tag-to-digest-resolution.adoc
+++ b/modules/serverless-tag-to-digest-resolution.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/admin_guide/serverless-configuration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="serverless-tag-to-digest-resolution_{context}"]
 = Tag-to-digest resolution
 
diff --git a/modules/serverless-target-utilization.adoc b/modules/serverless-target-utilization.adoc
index b2f9ffd5ce8f..6a36152721e2 100644
--- a/modules/serverless-target-utilization.adoc
+++ b/modules/serverless-target-utilization.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-target-utilization_{context}"]
 = Concurrency target utilization
 
diff --git a/modules/serverless-tech-preview-features.adoc b/modules/serverless-tech-preview-features.adoc
index 0f93e2251c5c..548549bda46e 100644
--- a/modules/serverless-tech-preview-features.adoc
+++ b/modules/serverless-tech-preview-features.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/serverless-release-notes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-tech-preview-features_{context}"]
 = Generally Available and Technology Preview features
 
diff --git a/modules/serverless-testing-go-functions.adoc b/modules/serverless-testing-go-functions.adoc
index d0c67930c2ed..d186317cfd3a 100644
--- a/modules/serverless-testing-go-functions.adoc
+++ b/modules/serverless-testing-go-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-typescript-functions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-testing-go-functions_{context}"]
 = Testing Go functions
 
diff --git a/modules/serverless-testing-nodejs-functions.adoc b/modules/serverless-testing-nodejs-functions.adoc
index acd05417de6e..cb662f0e5eb3 100644
--- a/modules/serverless-testing-nodejs-functions.adoc
+++ b/modules/serverless-testing-nodejs-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/functions/serverless-developing-nodejs-functions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-testing-nodejs-functions_{context}"]
 = Testing Node.js functions
 
diff --git a/modules/serverless-testing-python-functions.adoc b/modules/serverless-testing-python-functions.adoc
index fcc7c40f8e43..d4d6d8111a5a 100644
--- a/modules/serverless-testing-python-functions.adoc
+++ b/modules/serverless-testing-python-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-python-functions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-testing-python-functions_{context}"]
 = Testing Python functions
 
diff --git a/modules/serverless-testing-quarkus-functions.adoc b/modules/serverless-testing-quarkus-functions.adoc
index f918527fc1c7..24dfac9f0513 100644
--- a/modules/serverless-testing-quarkus-functions.adoc
+++ b/modules/serverless-testing-quarkus-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-quarkus-functions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-testing-quarkus-functions_{context}"]
 = Testing Quarkus functions
 
diff --git a/modules/serverless-testing-typescript-functions.adoc b/modules/serverless-testing-typescript-functions.adoc
index 2dc1c91e78eb..a830224192b9 100644
--- a/modules/serverless-testing-typescript-functions.adoc
+++ b/modules/serverless-testing-typescript-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-typescript-functions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-testing-typescript-functions_{context}"]
 = Testing TypeScript functions
 
diff --git a/modules/serverless-traffic-splitting-flags-kn.adoc b/modules/serverless-traffic-splitting-flags-kn.adoc
index ddc5ed414900..bec6c8f082ee 100644
--- a/modules/serverless-traffic-splitting-flags-kn.adoc
+++ b/modules/serverless-traffic-splitting-flags-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/develop/serverless-traffic-management.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-traffic-splitting-flags-kn_{context}"]
 = Knative CLI traffic splitting flags
 
diff --git a/modules/serverless-typescript-context-object-reference.adoc b/modules/serverless-typescript-context-object-reference.adoc
index aba0d5750716..17a8b9d07ddf 100644
--- a/modules/serverless-typescript-context-object-reference.adoc
+++ b/modules/serverless-typescript-context-object-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-functions-reference-guide.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-typescript-context-object-reference_{context}"]
 = TypeScript context object reference
 
diff --git a/modules/serverless-typescript-function-return-values.adoc b/modules/serverless-typescript-function-return-values.adoc
index a952d7e8bd80..04cf1d8973c7 100644
--- a/modules/serverless-typescript-function-return-values.adoc
+++ b/modules/serverless-typescript-function-return-values.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-typescript-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-typescript-function-return-values_{context}"]
 = TypeScript function return values
 
diff --git a/modules/serverless-typescript-functions-context-objects.adoc b/modules/serverless-typescript-functions-context-objects.adoc
index d1809206dbb7..00161a04a43f 100644
--- a/modules/serverless-typescript-functions-context-objects.adoc
+++ b/modules/serverless-typescript-functions-context-objects.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-typescript-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-typescript-functions-context-objects_{context}"]
 = TypeScript context objects
 
diff --git a/modules/serverless-typescript-template.adoc b/modules/serverless-typescript-template.adoc
index 6c5da5f0c602..9853a375f4ea 100644
--- a/modules/serverless-typescript-template.adoc
+++ b/modules/serverless-typescript-template.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/functions/serverless-developing-typescript-functions.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-typescript-template_{context}"]
 = TypeScript function template structure
 
diff --git a/modules/serverless-uninstalling-knative-eventing.adoc b/modules/serverless-uninstalling-knative-eventing.adoc
index ff9eac753516..e739ae07b0bd 100644
--- a/modules/serverless-uninstalling-knative-eventing.adoc
+++ b/modules/serverless-uninstalling-knative-eventing.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/removing/uninstalling-knative-eventing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-uninstalling-knative-eventing_{context}"]
 = Uninstalling Knative Eventing
 
diff --git a/modules/serverless-uninstalling-knative-serving.adoc b/modules/serverless-uninstalling-knative-serving.adoc
index ca202ef49904..1f4c3d2833f5 100644
--- a/modules/serverless-uninstalling-knative-serving.adoc
+++ b/modules/serverless-uninstalling-knative-serving.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/install/removing-openshift-serverless.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-uninstalling-knative-serving_{context}"]
 = Uninstalling Knative Serving
 
diff --git a/modules/serverless-update-subscriptions-kn.adoc b/modules/serverless-update-subscriptions-kn.adoc
index eaee739181e3..9fbc5e13316e 100644
--- a/modules/serverless-update-subscriptions-kn.adoc
+++ b/modules/serverless-update-subscriptions-kn.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-subs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="serverless-update-subscriptions-kn_{context}"]
 = Updating subscriptions by using the Knative CLI
 
diff --git a/modules/serverless-url-scheme-external-routes.adoc b/modules/serverless-url-scheme-external-routes.adoc
index ac9a96bb02f6..151db842d772 100644
--- a/modules/serverless-url-scheme-external-routes.adoc
+++ b/modules/serverless-url-scheme-external-routes.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/knative-serving/external-ingress-routing/url-scheme-external-routes.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="serverless-url-scheme-external-routes_{context}"]
 = Setting the URL scheme for external routes
 // should probably be a procedure, but this is out of scope for the abstracts PR
diff --git a/modules/serverless-using-cluster-logging-find-logs-knative-serving-components.adoc b/modules/serverless-using-cluster-logging-find-logs-knative-serving-components.adoc
index d356c40e8f2b..53fa34535a15 100644
--- a/modules/serverless-using-cluster-logging-find-logs-knative-serving-components.adoc
+++ b/modules/serverless-using-cluster-logging-find-logs-knative-serving-components.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/monitor/cluster-logging-serverless.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-cluster-logging-to-find-logs-for-knative-serving-components_{context}"]
 = Using OpenShift Logging to find logs for Knative Serving components
 
diff --git a/modules/serverless-using-cluster-logging-find-logs-services-deployed.adoc b/modules/serverless-using-cluster-logging-find-logs-services-deployed.adoc
index 3e72ef645b58..85d79c32873c 100644
--- a/modules/serverless-using-cluster-logging-find-logs-services-deployed.adoc
+++ b/modules/serverless-using-cluster-logging-find-logs-services-deployed.adoc
@@ -2,7 +2,7 @@
 //
 // * serverless/monitor/cluster-logging-serverless.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-cluster-logging-to-find-logs-for-services-deployed-with-knative-serving_{context}"]
 = Using OpenShift Logging to find logs for services deployed with Knative Serving
 
diff --git a/modules/service-account-auto-secret-removed.adoc b/modules/service-account-auto-secret-removed.adoc
new file mode 100644
index 000000000000..667602fc41f3
--- /dev/null
+++ b/modules/service-account-auto-secret-removed.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * authentication/using-service-accounts-in-applications.adoc
+// * pods/nodes-pods-secrets.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="auto-generated-sa-token-secrets_{context}"]
+= About automatically generated service account token secrets
+
+When a service account is created, a service account token secret is automatically generated for it. This service account token secret, along with an automatically generated docker configuration secret, is used to authenticate to the internal {product-title} registry. Do not rely on these automatically generated secrets for your own use; they might be removed in a future {product-title} release.
+
+[NOTE]
+====
+Prior to {product-title} 4.11, a second service account token secret was generated when a service account was created. This service account token secret was used to access the Kubernetes API.
+
+Starting with {product-title} 4.11, this second service account token secret is no longer created. This is because the `LegacyServiceAccountTokenNoAutoGeneration` upstream Kubernetes feature gate was enabled, which stops the automatic generation of secret-based service account tokens to access the Kubernetes API.
+
+After upgrading to {product-version}, any existing service account token secrets are not deleted and continue to function.
+====
+
+Workloads are automatically injected with a projected volume to obtain a bound service account token. If your workload needs an additional service account token, add an additional projected volume in your workload manifest. Bound service account tokens are more secure than service account token secrets for the following reasons:
+
+* Bound service account tokens have a bounded lifetime.
+* Bound service account tokens contain audiences.
+* Bound service account tokens can be bound to pods or secrets and the bound tokens are invalidated when the bound object is removed.
+
+For more information, see _Configuring bound service account tokens using volume projection_.
+
+You can also manually create a service account token secret to obtain a token, if the security exposure of a non-expiring token in a readable API object is acceptable to you. For more information, see _Creating a service account token secret_.
diff --git a/modules/service-accounts-creating.adoc b/modules/service-accounts-creating.adoc
index 3cee25dfab84..78bdd4833421 100644
--- a/modules/service-accounts-creating.adoc
+++ b/modules/service-accounts-creating.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/using-service-accounts.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="service-accounts-managing_{context}"]
 = Creating service accounts
 
diff --git a/modules/service-accounts-default.adoc b/modules/service-accounts-default.adoc
index 7967014aed5f..d4ca2b17c47c 100644
--- a/modules/service-accounts-default.adoc
+++ b/modules/service-accounts-default.adoc
@@ -71,7 +71,3 @@ viewing and modifying replication controllers and pods in the project.
 All service accounts in a project are given the `system:image-puller` role,
 which allows pulling images from any imagestream in the project using the
 internal container image registry.
-
-// remove this snippet for 4.12+
-
-include::snippets/service-account-auto-secret-removed.adoc[]
diff --git a/modules/service-accounts-overview.adoc b/modules/service-accounts-overview.adoc
index c9b5c9858126..3c330053edcc 100644
--- a/modules/service-accounts-overview.adoc
+++ b/modules/service-accounts-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/using-service-accounts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="service-accounts-overview_{context}"]
 = Service accounts overview
 
diff --git a/modules/set-the-default-max-container-root-partition-size-for-overlay-with-crio.adoc b/modules/set-the-default-max-container-root-partition-size-for-overlay-with-crio.adoc
index 7f772ad4e871..8005ca9f95fa 100644
--- a/modules/set-the-default-max-container-root-partition-size-for-overlay-with-crio.adoc
+++ b/modules/set-the-default-max-container-root-partition-size-for-overlay-with-crio.adoc
@@ -2,13 +2,13 @@
 //
 // post_installation_configuration/machine-configuration-tasks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="set-the-default-max-container-root-partition-size-for-overlay-with-crio_{context}"]
 = Setting the default maximum container root partition size for Overlay with CRI-O
 
 The root partition of each container shows all of the available disk space of the underlying host. Follow this guidance to set a maximum partition size for the root disk of all containers.
 
-To configure the maximum Overlay size, as well as other CRI-O options like the log level and PID limit, you can create the following `ContainerRuntimeConfig` custom resource definition (CRD):
+To configure the maximum Overlay size, as well as other CRI-O options like the log level, you can create the following `ContainerRuntimeConfig` custom resource definition (CRD):
 
 [source,yaml]
 ----
@@ -21,7 +21,6 @@ spec:
    matchLabels:
      custom-crio: overlay-size
  containerRuntimeConfig:
-   pidsLimit: 2048
    logLevel: debug
    overlaySize: 8G
 ----
diff --git a/modules/setting-custom-seccomp-profile.adoc b/modules/setting-custom-seccomp-profile.adoc
index 5582e9492dad..49a4b148eabc 100644
--- a/modules/setting-custom-seccomp-profile.adoc
+++ b/modules/setting-custom-seccomp-profile.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-custom-seccomp-profile_{context}"]
 = Setting up the custom seccomp profile
 
diff --git a/modules/setting-higher-pid-limit-on-existing-cluster.adoc b/modules/setting-higher-pid-limit-on-existing-cluster.adoc
new file mode 100644
index 000000000000..60a463aec23f
--- /dev/null
+++ b/modules/setting-higher-pid-limit-on-existing-cluster.adoc
@@ -0,0 +1,82 @@
+// Module included in the following assemblies:
+//
+// * rosa_cluster_admin/rosa-configuring-pid-limits.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="setting-higher-pid-limit-on-existing-cluster_{context}"]
+= Setting a higher PID limit on an existing {product-title} cluster
+
+You can set a higher `podPidsLimit` on an existing {product-title} cluster by creating or editing a `KubeletConfig` object that changes the `--pod-pids-limit` parameter.
+
+[IMPORTANT]
+====
+Changing the `podPidsLimit` on an existing cluster will trigger non-control plane nodes in the cluster to reboot one at a time. Make this change outside of peak usage hours for your cluster and avoid upgrading or hibernating your cluster until all nodes have rebooted.
+====
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+* You have logged in to your Red Hat account by using the ROSA CLI.
+
+.Procedure
+
+. Create or edit the `KubeletConfig` object to change the PID limit.
++
+--
+** If this is the first time you are changing the default PID limit, create the `KubeletConfig` object and set the `--pod-pids-limit` value by running the following command: 
++
+[source,terminal]
+----
+$ rosa create kubeletconfig -c <cluster_name> --pod-pids-limit=<value>
+----
++
+For example, the following command sets a maximum of 16,384 PIDs per pod for cluster `my-cluster`:
++
+[source,terminal]
+----
+$ rosa create kubeletconfig -c my-cluster --pod-pids-limit=16384
+----
+
+** If you previously created a `KubeletConfig` object, edit the existing `KubeletConfig` object and set the `--pod-pids-limit` value by running the following command:
++
+[source,terminal]
+----
+$ rosa edit kubeletconfig -c <cluster_name> --pod-pids-limit=<value>
+----
+--
++
+A cluster-wide rolling reboot of worker nodes is triggered.
+
+. Verify that all of the worker nodes rebooted by running the following command:
++
+[source,terminal]
+----
+$ oc get machineconfigpool
+----
++
+.Example output
+[source,terminal]
+----
+NAME      CONFIG                    UPDATED  UPDATING   DEGRADED  MACHINECOUNT  READYMACHINECOUNT  UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT  AGE
+master    rendered-master-06c9c4…   True     False      False     3             3                  3                   0                     4h42m
+worker    rendered-worker-f4b64…    True     False      False     4             4                  4                   0                     4h42m
+----
+
+.Verification
+
+When each node in the cluster has rebooted, you can verify that the new setting is in place.
+
+* Check the Pod Pids limit in the `KubeletConfig` object:
++
+[source,terminal]
+----
+$ rosa describe kubeletconfig --cluster=<cluster_name>
+----
++
+The new PIDs limit appears in the output, as shown in the following example:
++
+.Example output
+[source,terminal]
+----
+Pod Pids Limit:                       16384
+----
diff --git a/modules/setting-resource-quota-for-extended-resources.adoc b/modules/setting-resource-quota-for-extended-resources.adoc
index 2eec8b7b2be1..d19097a8572d 100644
--- a/modules/setting-resource-quota-for-extended-resources.adoc
+++ b/modules/setting-resource-quota-for-extended-resources.adoc
@@ -2,7 +2,7 @@
 //
 // * applications/quotas-setting-per-project.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-resource-quota-for-extended-resources_{context}"]
 = Setting resource quota for extended resources
 
diff --git a/modules/setting-up-an-aws-iam-role-a-service-account.adoc b/modules/setting-up-an-aws-iam-role-a-service-account.adoc
index 66accf7dcfbb..bd87bd32f20c 100644
--- a/modules/setting-up-an-aws-iam-role-a-service-account.adoc
+++ b/modules/setting-up-an-aws-iam-role-a-service-account.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-up-an-aws-iam-role-a-service-account_{context}"]
 = Setting up an AWS IAM role for a service account
 
@@ -46,7 +46,7 @@ In {product-title} with STS clusters, the OIDC provider is created during instal
 }
 ----
 <1> Replace `<oidc_provider_arn>` with the ARN of your OIDC provider, for example `arn:aws:iam::<aws_account_id>:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres`.
-<2> Limits the role to the specified project and service account. Replace `<oidc_provider_name>` with the name of your OIDC provider, for example `rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres`. Replace `<project_name>:<service_account_name>` with your project name and service account name, for example `my-project:test-service-account`. 
+<2> Limits the role to the specified project and service account. Replace `<oidc_provider_name>` with the name of your OIDC provider, for example `rh-oidc.s3.us-east-1.amazonaws.com/1v3r0n44npxu4g58so46aeohduomfres`. Replace `<project_name>:<service_account_name>` with your project name and service account name, for example `my-project:test-service-account`.
 +
 [NOTE]
 ====
diff --git a/modules/setting-up-bastion-for-sno.adoc b/modules/setting-up-bastion-for-sno.adoc
new file mode 100644
index 000000000000..7eb376897409
--- /dev/null
+++ b/modules/setting-up-bastion-for-sno.adoc
@@ -0,0 +1,183 @@
+// This module is included in the following assemblies:
+//
+// installing_sno/install-sno-installing-sno.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="setting-up-bastion-for-sno_{context}"]
+= Setting up basion for {sno} with {ibm-power-title}
+
+Prior to installing {sno} on {ibm-power-name}, you must set up bastion. Setting up a bastion server for {sno} on {ibm-power-name} requires the configuration of the following services:
+
+* PXE is used for the {sno} cluster installation. PXE requires the following services to be configured and run:
+** DNS to define api, api-int, and *.apps
+** DHCP service to enable PXE and assign an IP address to {sno} node
+** HTTP to provide ignition and {op-system} rootfs image
+** TFTP to enable PXE
+* You must install `dnsmasq` to support DNS, DHCP and PXE, httpd for HTTP.
+
+Use the following procedure to configure a bastion server that meets these requirements.
+
+.Procedure
+
+. Use the following command to install `grub2`, which is required to enable PXE for PowerVM:
++
+[source,terminal]
+----
+grub2-mknetdir --net-directory=/var/lib/tftpboot
+----
++
+.Example `/var/lib/tftpboot/boot/grub2/grub.cfg` file
+[source,terminal]
+----
+default=0
+fallback=1
+timeout=1
+if [ ${net_default_mac} == fa:b0:45:27:43:20 ]; then
+menuentry "CoreOS (BIOS)" {
+   echo "Loading kernel"
+   linux "/rhcos/kernel" ip=dhcp rd.neednet=1 ignition.platform.id=metal ignition.firstboot coreos.live.rootfs_url=http://192.168.10.5:8000/install/rootfs.img ignition.config.url=http://192.168.10.5:8000/ignition/sno.ign
+   echo "Loading initrd"
+   initrd  "/rhcos/initramfs.img"
+}
+fi
+----
+
+. Use the following commands to download {op-system} image files from the mirror repo for PXE.
+
+.. Enter the following command to assign the `RHCOS_URL` variable the follow 4.12 URL:
++
+[source,terminal]
+----
+$ export RHCOS_URL=https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.12/latest/
+----
+
+.. Enter the following command to navigate to the `/var/lib/tftpboot/rhcos` directory:
++
+[source,terminal]
+----
+$ cd /var/lib/tftpboot/rhcos
+----
+
+.. Enter the following command to download the specified {op-system} kernel file from the URL stored in the `RHCOS_URL` variable:
++
+[source,terminal]
+----
+$ wget ${RHCOS_URL}/rhcos-live-kernel-ppc64le -o kernel
+----
+
+.. Enter the following command to download the {op-system} `initramfs` file from the URL stored in the `RHCOS_URL` variable:
++
+[source,terminal]
+----
+$ wget ${RHCOS_URL}/rhcos-live-initramfs.ppc64le.img -o initramfs.img
+----
+
+.. Enter the following command to navigate to the `/var//var/www/html/install/` directory:
++
+[source,terminal]
+----
+$ cd /var//var/www/html/install/
+----
+
+.. Enter the following command to download, and save, the {op-system} `root filesystem` image file from the URL stored in the `RHCOS_URL` variable:
++
+[source,terminal]
+----
+$ wget ${RHCOS_URL}/rhcos-live-rootfs.ppc64le.img -o rootfs.img
+----
+
+. To create the ignition file for a {sno} cluster, you must create the `install-config.yaml` file.
+
+.. Enter the following command to create the work directory that holds the file:
++
+[source,terminal]
+----
+$ mkdir -p ~/sno-work
+----
+
+.. Enter the following command to navigate to the `~/sno-work` directory:
++
+[source,terminal]
+----
+$ cd ~/sno-work
+----
+
+.. Use the following sample file can to create the required `install-config.yaml` in the `~/sno-work` directory:
++
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: <domain> <1>
+compute:
+- name: worker
+  replicas: 0 <2>
+controlPlane:
+  name: master
+  replicas: 1 <3>
+metadata:
+  name: <name> <4>
+networking: <5>
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 10.0.0.0/16 <6>
+  networkType: OVNKubernetes
+  serviceNetwork:
+  - 172.30.0.0/16
+platform:
+  none: {}
+bootstrapInPlace:
+  installationDisk: /dev/disk/by-id/<disk_id> <7>
+pullSecret: '<pull_secret>' <8>
+sshKey: |
+  <ssh_key> <9>
+----
+<1> Add the cluster domain name.
+<2> Set the `compute` replicas to `0`. This makes the control plane node schedulable.
+<3> Set the `controlPlane` replicas to `1`. In conjunction with the previous `compute` setting, this setting ensures that the cluster runs on a single node.
+<4> Set the `metadata` name to the cluster name.
+<5> Set the `networking` details. OVN-Kubernetes is the only allowed network plugin type for single-node clusters.
+<6> Set the `cidr` value to match the subnet of the {sno} cluster.
+<7> Set the path to the installation disk drive, for example, `/dev/disk/by-id/wwn-0x64cd98f04fde100024684cf3034da5c2`.
+<8> Copy the {cluster-manager-url-pull} and add the contents to this configuration setting.
+<9> Add the public SSH key from the administration host so that you can log in to the cluster after installation.
+
+. Download the `openshift-install` image to create the ignition file and copy it to the `http` directory.
+
+.. Enter the following command to download the `openshift-install-linux-4.12.0` .tar file:
++
+[source,terminal]
+----
+$ wget https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/4.12.0/openshift-install-linux-4.12.0.tar.gz
+----
+
+.. Enter the following command to unpack the `openshift-install-linux-4.12.0.tar.gz` archive:
++
+[source,terminal]
+----
+$ tar xzvf openshift-install-linux-4.12.0.tar.gz
+----
+
+.. Enter the following command to
++
+[source,terminal]
+----
+$ ./openshift-install --dir=~/sno-work create create single-node-ignition-config
+----
+
+.. Enter the following command to create the ignition file:
++
+[source,terminal]
+----
+$ cp ~/sno-work/single-node-ignition-config.ign /var/www/html/ignition/sno.ign
+----
+
+.. Enter the following command to restore SELinux file for the `/var/www/html` directory:
++
+[source,terminal]
+----
+$ restorecon -vR /var/www/html || true
+----
++
+Bastion now has all the required files and is properly configured in order to install {sno}.
\ No newline at end of file
diff --git a/modules/setting-up-cpu-manager.adoc b/modules/setting-up-cpu-manager.adoc
index fa2b884d110a..5dc8874fe036 100644
--- a/modules/setting-up-cpu-manager.adoc
+++ b/modules/setting-up-cpu-manager.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * scaling_and_performance/using-cpu-manager.adoc
+// * scalability_and_performance/using-cpu-manager.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
-[id="seting_up_cpu_manager_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="setting_up_cpu_manager_{context}"]
 = Setting up CPU Manager
 
 .Procedure
@@ -118,7 +118,7 @@ metadata:
 spec:
   containers:
   - name: cpumanager
-    image: gcr.io/google_containers/pause-amd64:3.0
+    image: gcr.io/google_containers/pause:3.2
     resources:
       requests:
         cpu: 1
@@ -214,7 +214,7 @@ tasks 32706
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 ...
 Capacity:
@@ -245,7 +245,7 @@ Allocated resources:
 +
 This VM has two CPU cores. The `system-reserved` setting reserves 500 millicores, meaning that half of one core is subtracted from the total capacity of the node to arrive at the `Node Allocatable` amount. You can see that `Allocatable CPU` is 1500 millicores. This means you can run one of the CPU Manager pods since each will take one whole core. A whole core is equivalent to 1000 millicores. If you try to schedule a second pod, the system will accept the pod, but it will never be scheduled:
 +
-[source, terminal]
+[source,terminal]
 ----
 NAME                    READY   STATUS    RESTARTS   AGE
 cpumanager-6cqz7        1/1     Running   0          33m
diff --git a/modules/setting-up-topology-manager.adoc b/modules/setting-up-topology-manager.adoc
index e14b715a48a0..e308119ae16d 100644
--- a/modules/setting-up-topology-manager.adoc
+++ b/modules/setting-up-topology-manager.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * scaling_and_performance/using-topology-manager.adoc
+// * scalability_and_performance/using-topology-manager.adoc
 // * post_installation_configuration/node-tasks.adoc
 
-:_content-type: PROCEDURE
-[id="seting_up_topology_manager_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="setting_up_topology_manager_{context}"]
 = Setting up Topology Manager
 
 To use Topology Manager, you must configure an allocation policy in the `KubeletConfig` custom resource (CR) named `cpumanager-enabled`. This file might exist if you have set up CPU Manager. If the file does not exist, you can create the file.
diff --git a/modules/sizing-requirements-for-gitops.adoc b/modules/sizing-requirements-for-gitops.adoc
index 2f35ab902f0e..b81d11716732 100644
--- a/modules/sizing-requirements-for-gitops.adoc
+++ b/modules/sizing-requirements-for-gitops.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift-docs/cicd/gitops/about-sizing-requirements-gitops.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="sizing-requirements-for-gitops_{context}"]
 = Sizing requirements for GitOps
 
diff --git a/modules/snippets b/modules/snippets
index 9f5bc7e4dde0..9d58b92e5058 120000
--- a/modules/snippets
+++ b/modules/snippets
@@ -1 +1 @@
-../snippets
\ No newline at end of file
+../snippets/
\ No newline at end of file
diff --git a/modules/sno-adding-worker-nodes-to-sno-clusters-manually.adoc b/modules/sno-adding-worker-nodes-to-sno-clusters-manually.adoc
index d5b1686ef2c7..dddf1a0ebfe8 100644
--- a/modules/sno-adding-worker-nodes-to-sno-clusters-manually.adoc
+++ b/modules/sno-adding-worker-nodes-to-sno-clusters-manually.adoc
@@ -214,6 +214,6 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS   ROLES           AGE   VERSION
-control-plane-1.example.com    Ready    master,worker   56m   v1.26.0
-compute-1.example.com          Ready    worker          11m   v1.26.0
+control-plane-1.example.com    Ready    master,worker   56m   v1.28.5
+compute-1.example.com          Ready    worker          11m   v1.28.5
 ----
diff --git a/modules/sno-adding-worker-nodes-to-sno-clusters.adoc b/modules/sno-adding-worker-nodes-to-sno-clusters.adoc
index d42f3dc5a7c2..9f57a003b404 100644
--- a/modules/sno-adding-worker-nodes-to-sno-clusters.adoc
+++ b/modules/sno-adding-worker-nodes-to-sno-clusters.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes/nodes-sno-worker-nodes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sno-adding-worker-nodes-to-sno-clusters_{context}"]
 = Adding worker nodes using the Assisted Installer and {cluster-manager}
 
diff --git a/modules/sno-clusters-reboot-without-drain.adoc b/modules/sno-clusters-reboot-without-drain.adoc
new file mode 100644
index 000000000000..d31dc8890650
--- /dev/null
+++ b/modules/sno-clusters-reboot-without-drain.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes/nodes-nodes-working.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="sno-clusters-reboot-without-drain_{context}"]
+= Handling errors in {sno} clusters when the node reboots without draining application pods
+
+In {sno} clusters and in {product-title} clusters in general, a situation can arise where a node reboot occurs without first draining the node. This can occur where an application pod requesting devices fails with the `UnexpectedAdmissionError` error. `Deployment`, `ReplicaSet`, or `DaemonSet` errors are reported because the application pods that require those devices start before the pod serving those devices. You cannot control the order of pod restarts.
+
+While this behavior is to be expected, it can cause a pod to remain on the cluster even though it has failed to deploy successfully. The pod continues to report `UnexpectedAdmissionError`. This issue is mitigated by the fact that application pods are typically included in a `Deployment`, `ReplicaSet`, or `DaemonSet`. If a pod is in this error state, it is of little concern because another instance should be running. Belonging to a `Deployment`, `ReplicaSet`, or `DaemonSet` guarantees the successful creation and execution of subsequent pods and ensures the successful deployment of the application.
+
+There is ongoing work upstream to ensure that such pods are gracefully terminated. Until that work is resolved, run the following command for a {sno} cluster to remove the failed pods:
+
+[source,terminal,subs="+quotes"]
+----
+$ oc delete pods --field-selector status.phase=Failed -n _<POD_NAMESPACE>_
+----
+
+[NOTE]
+====
+The option to drain the node is unavailable for {sno} clusters.
+====
diff --git a/modules/specifying-oc-log-levels.adoc b/modules/specifying-oc-log-levels.adoc
index c6f98d959a6f..604a2b2a157a 100644
--- a/modules/specifying-oc-log-levels.adoc
+++ b/modules/specifying-oc-log-levels.adoc
@@ -2,28 +2,43 @@
 //
 // * support/troubleshooting/diagnosing-oc-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specifying-oc-log-levels_{context}"]
 = Specifying OpenShift CLI (`oc`) log levels
 
 You can investigate OpenShift CLI (`oc`) issues by increasing the command's log level.
 
+The {product-title} user's current session token is typically included in logged `curl` requests where required. You can also obtain the current user's session token manually, for use when testing aspects of an `oc` command's underlying process step-by-step.
+
 .Prerequisites
 
 * Install the OpenShift CLI (`oc`).
 
 .Procedure
 
-. Specify the `oc` log level when running an `oc` command:
+* Specify the `oc` log level when running an `oc` command:
 +
 [source,terminal]
 ----
-$ oc <options> --loglevel <log_level>
+$ oc <command> --loglevel <log_level>
 ----
++
+where:
++
+--
+<command>:: Specifies the command you are running.
+<log_level>:: Specifies the log level to apply to the command.
+--
 
-. The {product-title} user's current session token is typically included in logged `curl` requests where required. You can also obtain the current user's session token manually, for use when testing aspects of an `oc` command's underlying process step by step:
+* To obtain the current user's session token, run the following command:
 +
 [source,terminal]
 ----
 $ oc whoami -t
 ----
++
+.Example output
+[source,text]
+----
+sha256~RCV3Qcn7H-OEfqCGVI0CvnZ6...
+----
diff --git a/modules/specifying-openshift-installer-log-levels.adoc b/modules/specifying-openshift-installer-log-levels.adoc
index 481f8cbf5a6d..62916c13c0ee 100644
--- a/modules/specifying-openshift-installer-log-levels.adoc
+++ b/modules/specifying-openshift-installer-log-levels.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-installations.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specifying-openshift-installer-log-levels_{context}"]
 = Specifying {product-title} installer log levels
 
diff --git a/modules/specifying-regions-zones-infrastructure-vsphere.adoc b/modules/specifying-regions-zones-infrastructure-vsphere.adoc
index 5cb6d364fde5..30d516177e5b 100644
--- a/modules/specifying-regions-zones-infrastructure-vsphere.adoc
+++ b/modules/specifying-regions-zones-infrastructure-vsphere.adoc
@@ -1,19 +1,19 @@
 // Module included in the following assemblies:
 // * post_installation_configuration/sphere-failure-domain-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specifying-regions-zones-infrastructure-vsphere_{context}"]
 = Specifying multiple regions and zones for your cluster on vSphere
 
 You can configure the `infrastructures.config.openshift.io` configuration resource to specify multiple regions and zones for your {product-title} cluster that runs on a VMware vSphere instance.
 
-Topology-aware features for the cloud controller manager and the vSphere Container Storage Interface (CSI) Operator Driver require information about the vSphere topology where you host your {product-title} cluster. This topology information exists in the `infrastructures.config.openshift.io` configuration resource. 
+Topology-aware features for the cloud controller manager and the vSphere Container Storage Interface (CSI) Operator Driver require information about the vSphere topology where you host your {product-title} cluster. This topology information exists in the `infrastructures.config.openshift.io` configuration resource.
 
 Before you specify regions and zones for your cluster, you must ensure that all datacenters and compute clusters contain tags, so that the cloud provider can add labels to your node. For example, if `datacenter-1` represents `region-a` and `compute-cluster-1` represents `zone-1`, the cloud provider adds an `openshift-region` category label with a value of `region-a` to `datacenter-1`.  Additionally, the cloud provider adds an `openshift-zone` category tag with a value of `zone-1` to `compute-cluster-1`.
 
 [NOTE]
 ====
-You can migrate control plane nodes with vMotion capabilities to a failure domain. After you add these nodes to a failure domain, the cloud provider adds `topology.kubernetes.io/zone` and `topology.kubernetes.io/region` labels to these nodes.  
+You can migrate control plane nodes with vMotion capabilities to a failure domain. After you add these nodes to a failure domain, the cloud provider adds `topology.kubernetes.io/zone` and `topology.kubernetes.io/region` labels to these nodes.
 ====
 
 .Prerequisites
@@ -21,7 +21,7 @@ You can migrate control plane nodes with vMotion capabilities to a failure domai
 * You ensured that each datacenter and compute cluster contains tags that represent the name of their associated region or zone, or both.
 * Optional: If you defined *API* and *Ingress* static IP addresses to the installation program, you must ensure that all regions and zones share a common layer 2 network. This configuration ensures that API and Ingress Virtual IP (VIP) addresses can interact with your cluster.
 
-// Add link(s) that points to Day-0 docs for creating tags as soon as the Day-0 content is merged. 
+// Add link(s) that points to Day-0 docs for creating tags as soon as the Day-0 content is merged.
 
 [IMPORTANT]
 ====
@@ -61,8 +61,8 @@ spec:
           server: <your_vcenter_server>
           topology:
             datacenter: <region_a_dc>
-            computeCluster: "</region_a_dc/host/zone_a_cluster>"  
-            resourcePool: "</region_a_dc/host/zone_a_cluster/Resources/resource_pool>" 
+            computeCluster: "</region_a_dc/host/zone_a_cluster>"
+            resourcePool: "</region_a_dc/host/zone_a_cluster/Resources/resource_pool>"
             datastore: "</region_a_dc/datastore/datastore_a>"
             networks:
             - port-group
@@ -73,9 +73,9 @@ spec:
           topology:
             computeCluster: </region_a_dc/host/zone_b_cluster>
             datacenter: <region_a_dc>
-            datastore: </region_a_dc/datastore/datastore_a>            
+            datastore: </region_a_dc/datastore/datastore_a>
             networks:
-            - port-group            
+            - port-group
         - name: <failure_domain_3>
           region: <region_b>
           zone: <zone_a>
@@ -85,7 +85,7 @@ spec:
             datacenter: <region_b_dc>
             datastore: </region_b_dc/datastore/datastore_b>
             networks:
-            - port-group       
+            - port-group
       nodeNetworking:
         external: {}
         internal: {}
@@ -96,4 +96,4 @@ spec:
 After you create a failure domain and you define it in a CRD for a VMware vSphere cluster, you must not modify or delete the failure domain. Doing any of these actions with this configuration can impact the availability and fault tolerance of a control plane machine.
 ====
 
-. Save the resource file to apply the changes. 
\ No newline at end of file
+. Save the resource file to apply the changes.
\ No newline at end of file
diff --git a/modules/specifying-role-arn-albo-sts.adoc b/modules/specifying-role-arn-albo-sts.adoc
new file mode 100644
index 000000000000..4edfaa990aca
--- /dev/null
+++ b/modules/specifying-role-arn-albo-sts.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * networking/installing-albo-sts-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="specifying-role-arn-albo-sts_{context}"]
+= Specifying the role ARN for the ALB Operator on an STS cluster
+
+The role Amazon Resource Name (ARN) needs to be passed to the AWS Load Balancer (ALB) Operator as an environment variable. You can use the dedicated input box in the OperatorHub web UI or specify it in the `Subscription` resource when installing the Operator by using the OpenShift CLI.
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Create the `aws-load-balancer-operator` project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project aws-load-balancer-operator
+----
+
+. Create an `OperatorGroup` for the ALB Operator by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  targetNamespaces: []
+EOF
+----
+
+. Create a `Subscription` object for the ALB Operator with the role ARN by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: aws-load-balancer-operator
+  namespace: aws-load-balancer-operator
+spec:
+  channel: stable-v1
+  name: aws-load-balancer-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  config:
+    env:
+    - name: ROLEARN
+      value: "<role-arn>" <1>
+EOF
+----
+<1> Specifies the role ARN to be used in the `CredentialsRequest` to provision the AWS credentials for the Operator.
++
+[NOTE]
+====
+The ALB Operator waits until the creation of the required secret before moving to the available state.
+====
\ No newline at end of file
diff --git a/modules/specifying-sink-flag-kn.adoc b/modules/specifying-sink-flag-kn.adoc
index 93ad2d850ddb..5ecb2ac97037 100644
--- a/modules/specifying-sink-flag-kn.adoc
+++ b/modules/specifying-sink-flag-kn.adoc
@@ -6,7 +6,7 @@
 // * serverless/develop/serverless-kafka-developer.adoc
 // * serverless/reference/kn-flags-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="specifying-sink-flag-kn_{context}"]
 = Knative CLI sink flag
 
diff --git a/modules/specifying-the-platform-type-for-managed-clusters.adoc b/modules/specifying-the-platform-type-for-managed-clusters.adoc
index 3325fb62c3c3..5655966f6b11 100644
--- a/modules/specifying-the-platform-type-for-managed-clusters.adoc
+++ b/modules/specifying-the-platform-type-for-managed-clusters.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="specifying-the-platform-type-for-managed-clusters_{context}"]
 = Specifying the platform type for managed clusters
 
diff --git a/modules/spo-about.adoc b/modules/spo-about.adoc
index feef5133fd1e..e9b9db4c237f 100644
--- a/modules/spo-about.adoc
+++ b/modules/spo-about.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-understanding.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="spo-about_{context}"]
 = About Security Profiles
 
diff --git a/modules/spo-applying-profiles.adoc b/modules/spo-applying-profiles.adoc
index 9b6fc09063d8..bc7cd11d0e41 100644
--- a/modules/spo-applying-profiles.adoc
+++ b/modules/spo-applying-profiles.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "spo-selinux"]
 :kind: SelinuxProfile
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-applying-profiles_{context}"]
 = Applying {type} profiles to a pod
 
@@ -55,8 +55,8 @@ $ oc -n my-namespace get seccompprofile profile1 --output wide
 .Example output
 [source,terminal]
 ----
-NAME       STATUS   AGE   SECCOMPPROFILE.LOCALHOSTPROFILE
-profile1   Active   14s   operator/my-namespace/profile1.json
+NAME       STATUS     AGE   SECCOMPPROFILE.LOCALHOSTPROFILE
+profile1   Installed  14s   operator/my-namespace/profile1.json
 ----
 
 . View the path to the localhost profile by running the following command:
@@ -85,7 +85,7 @@ spec:
           localhostProfile: operator/my-namespace/profile1.json
 ----
 
-. Apply the profile to a `Deployment` object by running the following command:
+. Apply the profile to any other workload, such as a `Deployment` object, by running the following command:
 +
 [source,terminal]
 ----
@@ -144,7 +144,7 @@ $ oc get selinuxprofile.security-profiles-operator.x-k8s.io/nginx-secure -n ngin
 .Example output
 [source,terminal]
 ----
-nginx-secure_nginx-deploy.process%
+nginx-secure_nginx-deploy.process
 ----
 
 . Apply the output string in the workload manifest in the `.spec.containers[].securityContext.seLinuxOptions` attribute:
diff --git a/modules/spo-base-syscalls.adoc b/modules/spo-base-syscalls.adoc
index 6615c98d6476..a529ef2bef24 100644
--- a/modules/spo-base-syscalls.adoc
+++ b/modules/spo-base-syscalls.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-base-syscalls_{context}"]
 = Base syscalls for a container runtime
 
diff --git a/modules/spo-binding-workloads.adoc b/modules/spo-binding-workloads.adoc
index 88c6633df416..5e76a2c81db6 100644
--- a/modules/spo-binding-workloads.adoc
+++ b/modules/spo-binding-workloads.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "spo-selinux"]
 :kind: SelinuxProfile
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-binding-workloads_{context}"]
 = Binding workloads to profiles with ProfileBindings
 
@@ -47,12 +47,31 @@ spec:
 $ oc label ns my-namespace spo.x-k8s.io/enable-binding=true
 ----
 
-. Delete and re-create the pod to use the `ProfileBinding` object:
+. Define a pod named `test-pod.yaml`:
 +
-[source,terminal,subs="attributes+"]
+[source,yaml]
 ----
-$ oc delete pods test-pod && oc create -f pod01.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+spec:
+  containers:
+  - name: test-container
+    image: quay.io/security-profiles-operator/test-nginx-unprivileged:1.21
+----
+
+. Create the pod:
++
+[source,terminal]
 ----
+$ oc create -f test-pod.yaml
+----
++
+[NOTE]
+====
+If the pod already exists, you must re-create the pod for the binding to work properly.
+====
 
 .Verification
 
diff --git a/modules/spo-configuring-webhooks.adoc b/modules/spo-configuring-webhooks.adoc
index 0bdb68a9d73c..1eb47cd8b901 100644
--- a/modules/spo-configuring-webhooks.adoc
+++ b/modules/spo-configuring-webhooks.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-configuring-webhooks_{context}"]
 = Configuring webhooks
 
diff --git a/modules/spo-container-profile-instances.adoc b/modules/spo-container-profile-instances.adoc
index e2ee5713d033..d905ceb009b1 100644
--- a/modules/spo-container-profile-instances.adoc
+++ b/modules/spo-container-profile-instances.adoc
@@ -2,6 +2,8 @@
 //
 // * security/security_profiles_operator/spo-seccomp.adoc
 // * security/security_profiles_operator/spo-selinux.adoc
+// JKB added conditionalization requested by QE
+
 
 ifeval::["{context}" == "spo-seccomp"]
 :seccomp:
@@ -16,7 +18,7 @@ ifeval::["{context}" == "spo-selinux"]
 :object: selinuxprofiles
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-container-profile-instances_{context}"]
 = Merging per-container profile instances
 
@@ -34,6 +36,7 @@ metadata:
   # The name of the Recording is the same as the resulting {kind} CRD
   # after reconciliation.
   name: test-recording
+  namespace: my-namespace
 spec:
   kind: {kind}
   recorder: logs
@@ -43,7 +46,13 @@ spec:
       app: sp-record
 ----
 
-. Create the workload:
+. Label the namespace by running the following command:
++
+[source,terminal]
+----
+$ oc label ns my-namespace security.openshift.io/scc.podSecurityLabelSync=false pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged --overwrite=true
+----
+. Create the workload with the following YAML:
 +
 [source,yaml]
 ----
@@ -51,6 +60,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-deploy
+  namespace: my-namespace
 spec:
   replicas: 3
   selector:
@@ -73,30 +83,40 @@ spec:
 +
 [source,terminal]
 ----
-$ oc delete deployment nginx-deploy
+$ oc delete deployment nginx-deploy -n my-namespace
 ----
 
 . To merge the profiles, delete the profile recording by running the following command:
 +
 [source,terminal]
 ----
-$ oc delete profilerecording test-recording
+$ oc delete profilerecording test-recording -n my-namespace
 ----
 
 . To start the merge operation and generate the results profile, run the following command:
 +
 [source,terminal,subs="attributes+"]
 ----
-$ oc get {object} -lspo.x-k8s.io/recording-id=test-recording
+$ oc get {object} -lspo.x-k8s.io/recording-id=test-recording -n my-namespace
 ----
+ifdef::selinux[]
 +
-.Example output
+.Example output for {object}
 [source,terminal]
 ----
-NAME                          USAGE                                         STATE
-test-recording-nginx-record   test-recording-nginx-record_mytest1.process   Installed
+NAME                          USAGE                                              STATE
+test-recording-nginx-record   test-recording-nginx-record_my-namespace.process   Installed
 ----
-
+endif::[]
+ifdef::seccomp[]
++
+.Example output for {object}
+[source,terminal]
+----
+NAME                          STATUS       AGE
+test-recording-nginx-record   Installed    55s
+----
+endif::[]
 . To view the permissions used by any of the containers, run the following command:
 +
 [source,terminal,subs="attributes+"]
diff --git a/modules/spo-creating-profiles.adoc b/modules/spo-creating-profiles.adoc
index 84b04d88abeb..870e7bc6c6ea 100644
--- a/modules/spo-creating-profiles.adoc
+++ b/modules/spo-creating-profiles.adoc
@@ -14,7 +14,7 @@ ifeval::["{context}" == "spo-selinux"]
 :kind: SelinuxProfile
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-creating-profiles_{context}"]
 = Creating {type} profiles
 
@@ -26,7 +26,14 @@ ifdef::seccomp[]
 
 .Procedure
 
-* Create the `{kind}` object:
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project my-namespace
+----
+
+. Create the `{kind}` object:
 +
 [source,yaml,subs="attributes+"]
 ----
@@ -43,6 +50,7 @@ The {type} profile will be saved in `/var/lib/kubelet/{type}/operator/<namespace
 
 An `init` container creates the root directory of the Security Profiles Operator to run the Operator without `root` group or user ID privileges. A symbolic link is created from the rootless profile storage `/var/lib/openshift-security-profiles` to the default `seccomp` root path inside of the kubelet root `/var/lib/kubelet/{type}/operator`.
 endif::[]
+
 ifdef::selinux[]
 The `{kind}` object has several features that allow for better security hardening and readability:
 
@@ -53,6 +61,13 @@ The `{kind}` object has several features that allow for better security hardenin
 
 .Procedure
 
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project nginx-deploy
+----
+
 . Create a policy that can be used with a non-privileged workload by creating the following `{kind}` object:
 +
 [source,yaml,subs="attributes+"]
diff --git a/modules/spo-custom-priority-class.adoc b/modules/spo-custom-priority-class.adoc
index ca56a77511e1..4af177c1b6fc 100644
--- a/modules/spo-custom-priority-class.adoc
+++ b/modules/spo-custom-priority-class.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-custom-priority-class_{context}"]
 = Setting a custom priority class name for the spod daemon pod
 
diff --git a/modules/spo-daemon-requirements.adoc b/modules/spo-daemon-requirements.adoc
index f01f2a058563..f95bf59f0f60 100644
--- a/modules/spo-daemon-requirements.adoc
+++ b/modules/spo-daemon-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-daemon-requirements_{context}"]
 = Customizing daemon resource requirements
 
diff --git a/modules/spo-inspecting-seccomp-profiles.adoc b/modules/spo-inspecting-seccomp-profiles.adoc
index 1c5ca95f1277..1e71331edb05 100644
--- a/modules/spo-inspecting-seccomp-profiles.adoc
+++ b/modules/spo-inspecting-seccomp-profiles.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-inspecting-seccomp-profiles_{context}"]
 = Inspecting seccomp profiles
 
diff --git a/modules/spo-installing-cli.adoc b/modules/spo-installing-cli.adoc
index 766096ec1d5c..000155cd2281 100644
--- a/modules/spo-installing-cli.adoc
+++ b/modules/spo-installing-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-enabling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-installing-cli_{context}"]
 = Installing the Security Profiles Operator using the CLI
 
diff --git a/modules/spo-installing.adoc b/modules/spo-installing.adoc
index 2af088e2a849..a227bb2c8a05 100644
--- a/modules/spo-installing.adoc
+++ b/modules/spo-installing.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-enabling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-installing_{context}"]
 = Installing the Security Profiles Operator
 
diff --git a/modules/spo-log-enricher-app-trace.adoc b/modules/spo-log-enricher-app-trace.adoc
index 77bb53b9f6a0..f17bc867ebc4 100644
--- a/modules/spo-log-enricher-app-trace.adoc
+++ b/modules/spo-log-enricher-app-trace.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-log-enricher-app-trace_{context}"]
 = Using the log enricher to trace an application
 
diff --git a/modules/spo-log-enricher.adoc b/modules/spo-log-enricher.adoc
index 651de65f2b91..18b49732168a 100644
--- a/modules/spo-log-enricher.adoc
+++ b/modules/spo-log-enricher.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-log-enricher_{context}"]
 = Using the log enricher
 
diff --git a/modules/spo-logging-verbosity.adoc b/modules/spo-logging-verbosity.adoc
index 0b8c9721941b..3be6de702f48 100644
--- a/modules/spo-logging-verbosity.adoc
+++ b/modules/spo-logging-verbosity.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-enabling.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="logging-verbosity_{context}"]
 = Configuring logging verbosity
 
diff --git a/modules/spo-memory-optimzation.adoc b/modules/spo-memory-optimzation.adoc
index 1163258e53a4..0df5ad30b68f 100644
--- a/modules/spo-memory-optimzation.adoc
+++ b/modules/spo-memory-optimzation.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-memory-optimization_{context}"]
 = Enabling memory optimization in the spod daemon
 
diff --git a/modules/spo-memory-profiling.adoc b/modules/spo-memory-profiling.adoc
index b64b105a906e..0352dc43b4a7 100644
--- a/modules/spo-memory-profiling.adoc
+++ b/modules/spo-memory-profiling.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-memory-profiling_{context}"]
 = Enable CPU and memory profiling
 
diff --git a/modules/spo-recording-profiles.adoc b/modules/spo-recording-profiles.adoc
index 22c4dd62bcd7..957bd68123c6 100644
--- a/modules/spo-recording-profiles.adoc
+++ b/modules/spo-recording-profiles.adoc
@@ -17,7 +17,7 @@ ifeval::["{context}" == "spo-selinux"]
 endif::[]
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-recording-profiles_{context}"]
 = Recording profiles from workloads
 
@@ -32,6 +32,13 @@ A container with `privileged: true` security context restraints prevents log-bas
 
 .Procedure
 
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project my-namespace
+----
+
 . Label the namespace with `enable-recording=true` by running the following command:
 +
 [source,terminal]
@@ -46,6 +53,7 @@ $ oc label ns my-namespace spo.x-k8s.io/enable-recording=true
 apiVersion: security-profiles-operator.x-k8s.io/v1alpha1
 kind: ProfileRecording
 metadata:
+  namespace: my-namespace
   name: test-recording
 spec:
   kind: {kind}
@@ -62,6 +70,7 @@ spec:
 apiVersion: v1
 kind: Pod
 metadata:
+  namespace: my-namespace
   name: my-pod
   labels:
     app: my-app
@@ -79,7 +88,7 @@ spec:
 +
 [source,terminal]
 ----
-$ oc -n openshift-security-profiles get pods
+$ oc -n my-namespace get pods
 ----
 +
 .Example output
@@ -95,12 +104,25 @@ my-pod   2/2     Running   0          18s
 ----
 $ oc -n openshift-security-profiles logs --since=1m --selector name=spod -c log-enricher
 ----
+
+ifdef::seccomp[]
++
+.Example output
+[source,terminal]
+----
+I0523 14:19:08.747313  430694 enricher.go:445] log-enricher "msg"="audit" "container"="redis" "executable"="/usr/local/bin/redis-server" "namespace"="my-namespace" "node"="xiyuan-23-5g2q9-worker-eastus2-6rpgf" "pid"=656802 "pod"="my-pod" "syscallID"=0 "syscallName"="read" "timestamp"="1684851548.745:207179" "type"="seccomp"
+----
+endif::[]
+
+ifdef::selinux[]
 +
 .Example output
 [source,terminal,subs="attributes+"]
 ----
-I0517 13:55:36.383187  348295 enricher.go:376] log-enricher "msg"="audit" "container"="redis" "namespace"="my-namespace" "node"="ip-10-0-189-53.us-east-2.compute.internal" "perm"="name_bind" "pod"="my-pod" "profile"="test-recording_redis_6kmrb_1684331729" "scontext"="system_u:system_r:selinuxrecording.process:s0:c4,c27" "tclass"="tcp_socket" "tcontext"="system_u:object_r:redis_port_t:s0" "timestamp"="1684331735.105:273965" "type"="{type}"
+I0517 13:55:36.383187  348295 enricher.go:376] log-enricher "msg"="audit" "container"="redis" "namespace"="my-namespace" "node"="ip-10-0-189-53.us-east-2.compute.internal" "perm"="name_bind" "pod"="my-pod" "profile"="test-recording_redis_6kmrb_1684331729" "scontext"="system_u:system_r:selinuxrecording.process:s0:c4,c27" "tclass"="tcp_socket" "tcontext"="system_u:object_r:redis_port_t:s0" "timestamp"="1684331735.105:273965" "type"="selinux"
 ----
+endif::[]
+
 
 .Verification
 
@@ -108,23 +130,42 @@ I0517 13:55:36.383187  348295 enricher.go:376] log-enricher "msg"="audit" "conta
 +
 [source,terminal]
 ----
-$ oc -n openshift-security-profiles delete pod my-pod
+$ oc -n my-namepace delete pod my-pod
 ----
 
 . Confirm the Security Profiles Operator reconciles the two {type} profiles:
+
+ifdef::seccomp[]
 +
-[source,terminal,subs="attributes+"]
+[source,terminal]
 ----
-$ oc get {object} -n my-namespace
+$ oc get seccompprofiles -lspo.x-k8s.io/recording-id=test-recording -n my-namespace
 ----
 +
-.Example output
+.Example output for seccompprofile
+[source,terminal]
+----
+NAME                   STATUS      AGE
+test-recording-nginx   Installed   2m48s
+test-recording-redis   Installed   2m48s
+----
+endif::[]
+
+ifdef::selinux[]
++
+[source,terminal]
+----
+$ oc get selinuxprofiles -lspo.x-k8s.io/recording-id=test-recording -n my-namespace
+----
++
+.Example output for selinuxprofile
 [source,terminal]
 ----
 NAME                   USAGE                                       STATE
 test-recording-nginx   test-recording-nginx_my-namespace.process   Installed
 test-recording-redis   test-recording-redis_my-namespace.process   Installed
 ----
+endif::[]
 
 ifeval::["{context}" == "spo-seccomp"]
 :!seccomp:
diff --git a/modules/spo-replicating-controllers.adoc b/modules/spo-replicating-controllers.adoc
index c5d36fdbd752..0c1170524374 100644
--- a/modules/spo-replicating-controllers.adoc
+++ b/modules/spo-replicating-controllers.adoc
@@ -1,27 +1,22 @@
 // Module included in the following assemblies:
 //
-// * security/security_profiles_operator/spo-seccomp.adoc
 // * security/security_profiles_operator/spo-selinux.adoc
 
-ifeval::["{context}" == "spo-seccomp"]
-:seccomp:
-:type: seccomp
-:kind: SeccompProfile
-endif::[]
-ifeval::["{context}" == "spo-selinux"]
-:selinux:
-:type: SELinux
-:kind: SelinuxProfile
-endif::[]
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-replicating-controllers_{context}"]
 = Replicating controllers and SecurityContextConstraints
 
-When deploying {type} policies for replicating controllers, such as deployments or daemon sets, note that the `Pod` objects spawned by the controllers are not running with the identity of the user who creates the workload. Unless a `ServiceAccount` is selected, the pods might revert to using a restricted `SecurityContextConstraints` (SCC) which does not allow use of custom security policies.
+When you deploy SELinux policies for replicating controllers, such as deployments or daemon sets, note that the `Pod` objects spawned by the controllers are not running with the identity of the user who creates the workload. Unless a `ServiceAccount` is selected, the pods might revert to using a restricted `SecurityContextConstraints` (SCC) which does not allow use of custom security policies.
 
 .Procedure
 
+. Create a project by running the following command:
++
+[source,terminal]
+----
+$ oc new-project nginx-secure
+----
+
 . Create the following `RoleBinding` object to allow SELinux policies to be used in the `nginx-secure` namespace:
 +
 [source,yaml]
@@ -29,14 +24,14 @@ When deploying {type} policies for replicating controllers, such as deployments
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: spo-use-seccomp-scc
+  name: spo-nginx
   namespace: nginx-secure
 subjects:
 - kind: ServiceAccount
   name: spo-deploy-test
 roleRef:
   kind: Role
-  name: spo-use-seccomp-scc
+  name: spo-nginx
   apiGroup: rbac.authorization.k8s.io
 ----
 
@@ -48,7 +43,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   creationTimestamp: null
-  name: spo-use-seccomp-scc
+  name: spo-nginx
   namespace: nginx-secure
 rules:
 - apiGroups:
@@ -112,15 +107,4 @@ spec:
 The SELinux type is not specified in the workload and is handled by the SCC. When the pods are created by the deployment and the `ReplicaSet`, the pods will run with the appropriate profile.
 ====
 
-Ensure your SCC is only usable by the correct service account. Refer to _Additional resources_ for more information.
-
-ifeval::["{context}" == "spo-seccomp"]
-:!seccomp:
-:!type:
-:!kind:
-endif::[]
-ifeval::["{context}" == "spo-selinux"]
-:!selinux:
-:!type:
-:!kind:
-endif::[]
\ No newline at end of file
+Ensure that your SCC is usable by only the correct service account. Refer to _Additional resources_ for more information.
\ No newline at end of file
diff --git a/modules/spo-restrict-syscalls.adoc b/modules/spo-restrict-syscalls.adoc
index 3536d0804265..e5833923c037 100644
--- a/modules/spo-restrict-syscalls.adoc
+++ b/modules/spo-restrict-syscalls.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-restrict-syscalls_{context}"]
 = Restrict the allowed syscalls in seccomp profiles
 
diff --git a/modules/spo-runtime-metrics.adoc b/modules/spo-runtime-metrics.adoc
index 92fd9542a70b..3aa18c374969 100644
--- a/modules/spo-runtime-metrics.adoc
+++ b/modules/spo-runtime-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="spo-runtime-metrics_{context}"]
 = controller-runtime metrics
 
diff --git a/modules/spo-selinux-permissive.adoc b/modules/spo-selinux-permissive.adoc
index 602e744ce3cd..d16c251a9bea 100644
--- a/modules/spo-selinux-permissive.adoc
+++ b/modules/spo-selinux-permissive.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-selinux.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-selinux-permissive_{context}"]
 = Applying SELinux log policies
 
diff --git a/modules/spo-selinux-runasany.adoc b/modules/spo-selinux-runasany.adoc
index f7d349f7a45c..879218e12c21 100644
--- a/modules/spo-selinux-runasany.adoc
+++ b/modules/spo-selinux-runasany.adoc
@@ -3,7 +3,7 @@
 // * security/security_profiles_operator/spo-seccomp.adoc
 // * security/security_profiles_operator/spo-selinux.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="spo-selinux-runasany_{context}"]
 
 = About seLinuxContext: RunAsAny
diff --git a/modules/spo-uninstall-console.adoc b/modules/spo-uninstall-console.adoc
index 64401ff517d2..cb92c991491f 100644
--- a/modules/spo-uninstall-console.adoc
+++ b/modules/spo-uninstall-console.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-uninstall-console_{context}"]
 = Uninstall the Security Profiles Operator using the web console
 
diff --git a/modules/spo-using-metrics.adoc b/modules/spo-using-metrics.adoc
index 654a6e1fcc35..3d949a769472 100644
--- a/modules/spo-using-metrics.adoc
+++ b/modules/spo-using-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * security/security_profiles_operator/spo-advanced.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="spo-using-metrics_{context}"]
 = Using metrics
 
diff --git a/modules/sre-cluster-access.adoc b/modules/sre-cluster-access.adoc
new file mode 100644
index 000000000000..ae6d3bc2e14a
--- /dev/null
+++ b/modules/sre-cluster-access.adoc
@@ -0,0 +1,91 @@
+// Module included in the following assemblies:
+//
+// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
+// * osd_architecture/osd_policy/osd-sre-access.adoc
+// * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="sre-cluster-access_{context}"]
+= SRE cluster access
+
+SRE access to {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+clusters is controlled through several layers of required authentication, all of which are managed by strict company policy. All authentication attempts to access a cluster and changes made within a cluster are recorded within audit logs, along with the specific account identity of the SRE responsible for those actions. These audit logs help ensure that all changes made by SREs to a customer's cluster adhere to the strict policies and procedures that make up Red Hat's managed services guidelines.
+
+The information presented below is an overview of the process an SRE must perform to access a customer's cluster.
+
+** SRE requests a refreshed ID token from the Red Hat SSO (Cloud Services). This request is authenticated. The token is valid for fifteen minutes. After the token expires, you can refresh the token again and receive a new token. The ability to refresh to a new token is indefinite; however, the ability to refresh to a new token is revoked after 30 days of inactivity.
+
+** SRE connects to the Red Hat VPN. The authentication to the VPN is completed by the Red Hat Corporate Identity and Access Management system (RH IAM). With RH IAM, SREs are multifactor and can be managed internally per organization by groups and existing onboarding and offboarding processes. After an SRE is authenticated and connected, the SRE can access the cloud services fleet management plane. Changes to the cloud services fleet management plane require many layers of approval and are maintained by strict company policy.
+
+** After authorization is complete, the SRE logs into the fleet management plane and receives a service account token that the fleet management plane created. The token is valid for 15 minutes. After the token is no longer valid, it is deleted.
+
+** With access granted to the fleet management plane, SRE uses various methods to access clusters, depending on network configuration.
+
+*** Accessing a private or public cluster: Request is sent through a specific Network Load Balancer (NLB) by using an encrypted HTTP connection on port 6443.
+
+*** Accessing a PrivateLink cluster: Request is sent to the Red Hat Transit Gateway, which then connects to a Red Hat VPC per region. The VPC that receives the request will be dependent on the target private cluster's region. Within the VPC, there is a private subnet that contains the PrivateLink endpoint to the customer's PrivateLink cluster.
+
+ifdef::openshift-rosa[]
+SREs access ROSA clusters through the web console or command line interface (CLI) tools. Authentication requires multi-factor authentication (MFA) with industry-standard requirements for password complexity and account lockouts. SREs must authenticate as individuals to ensure auditability. All authentication attempts are logged to a Security Information and Event Management (SIEM) system.
+
+SREs access private clusters using an encrypted HTTP connection. Connections are permitted only from a secured Red Hat network using either an IP allowlist or a private cloud provider link.
+
+.SRE access to ROSA clusters
+image::267_OpenShift_on_AWS_Access_Networking_1222.png[]
+
+[id="rosa-policy-privileged-access-control_{context}"]
+== Privileged access controls in ROSA
+SRE adheres to the principle of least privilege when accessing ROSA and AWS components. There are four basic categories of manual SRE access:
+
+- SRE admin access through the Red Hat Portal with normal two-factor authentication and no privileged elevation.
+- SRE admin access through the Red Hat corporate SSO with normal two-factor authentication and no privileged elevation.
+- OpenShift elevation, which is a manual elevation using Red Hat SSO. Access is limited to 2 hours, is fully audited, and requires management approval.
+- AWS access or elevation, which is a manual elevation for AWS console or CLI access. Access is limited to 60 minutes and is fully audited.
+
+Each of these access types have different levels of access to components:
+
+[cols= "4a,6a,5a,4a,3a",options="header"]
+
+|===
+
+| Component | Typical SRE admin access (Red Hat Portal) | Typical SRE admin access (Red Hat SSO) |OpenShift elevation | Cloud provider access or elevation
+
+| {cluster-manager} | R/W | No access | No access | No access
+| OpenShift console | No access | R/W | R/W | No access
+| Node operating system | No access | A specific list of elevated OS and network permissions. | A specific list of elevated OS and network permissions. | No access
+| AWS Console | No access | No access, but this is the account used to request cloud provider access. | No access | All cloud provider permissions using the SRE identity.
+
+|===
+
+[id="rosa-policy-sre-aws-infra-access_{context}"]
+== SRE access to AWS accounts
+Red Hat personnel do not access AWS accounts in the course of routine {product-title} operations. For emergency troubleshooting purposes, the SREs have well-defined and auditable procedures to access cloud infrastructure accounts.
+
+SREs generate a short-lived AWS access token for a reserved role using the AWS Security Token Service (STS). Access to the STS token is audit-logged and traceable back to individual users. Both STS and non-STS clusters use the AWS STS service for SRE access. For non-STS clusters, the `BYOCAdminAccess` role has the `AdministratorAccess` IAM policy attached, and this role is used for administration. For STS clusters, the `ManagedOpenShift-Support-Role` has the `ManagedOpenShift-Support-Access` policy attached, and this role is used for administration.
+
+[id="rosa-sre-sts-view-aws-account_{context}"]
+== SRE STS view of AWS accounts
+
+When SREs are on a VPN through two-factor authentication, they and Red Hat Support can assume the `ManagedOpenShift-Support-Role` in your AWS account. The `ManagedOpenShift-Support-Role` has all the permissions necessary for SREs to directly troubleshoot and manage AWS resources. Upon assumption of the `ManagedOpenShift-Support-Role`, SREs use a AWS Security Token Service (STS) to generate a unique, time-expiring URL to the customer's AWS web UI for their account. SREs can then perform multiple troubleshooting actions, which include:
+
+* Viewing CloudTrail logs
+* Shutting down a faulty EC2 Instance
+
+All activities performed by SREs arrive from Red Hat IP addresses and are logged to CloudTrail to allow you to audit and review all activity. This role is only used in cases where access to AWS services is required to assist you. The majority of permissions are read-only. However, a select few permissions have more access, including the ability to reboot an instance or spin up a new instance. SRE access is limited to the policy permissions attached to the `ManagedOpenShift-Support-Role`.
+
+For a full list of permissions, see sts_support_permission_policy.json in the link:https://docs.openshift.com/rosa/rosa_architecture/rosa-sts-about-iam-resources.html[About IAM resources for ROSA clusters that use STS] user guide.
+
+[id="rosa-sre-access-privatelink-vpc.adoc_{context}"]
+== SRE access through PrivateLink VPC endpoint service
+
+PrivateLink VPC endpoint service is created as part of the ROSA cluster creation.
+
+When you have a PrivateLink ROSA cluster, its Kubernetes API Server is exposed through a load balancer that can only be accessed from within the VPC by default. Red Hat site reliability engineering (SRE) can connect to this load balancer through a VPC Endpoint Service that has an associated VPC Endpoint in a Red Hat-owned AWS account. This endpoint service contains the name of the cluster, which is also in the ARN.
+
+Under the *Allow principals* tab, a Red Hat-owned AWS account is listed. This specific user ensures that other entities cannot create VPC Endpoint connections to the PrivateLink cluster's Kubernetes API Server.
+
+When Red Hat SREs access the API, this fleet management plane can connect to the internal API through the VPC endpoint service.
+endif::openshift-rosa[]
\ No newline at end of file
diff --git a/modules/sriov-operator-hosted-control-planes.adoc b/modules/sriov-operator-hosted-control-planes.adoc
index 7574bccfb258..0881299da489 100644
--- a/modules/sriov-operator-hosted-control-planes.adoc
+++ b/modules/sriov-operator-hosted-control-planes.adoc
@@ -3,11 +3,11 @@
 // * networking/hardware_networks/configuring-sriov-operator.adoc
 // * hosted-control-planes/hcp-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sriov-operator-hosted-control-planes_{context}"]
 = Deploying the SR-IOV Operator for hosted control planes
 
-:FeatureName: Hosted control planes
+:FeatureName: Hosted control planes on the AWS platform
 include::snippets/technology-preview.adoc[]
 
 [role="_abstract"]
@@ -15,7 +15,7 @@ After you configure and deploy your hosting service cluster, you can create a su
 
 .Prerequisites
 
-You must configure and deploy the hosted cluster on AWS. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[Configuring the hosting cluster on AWS (Technology Preview)].
+You must configure and deploy the hosted cluster on AWS. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[Configuring the hosting cluster on AWS (Technology Preview)].
 
 .Procedure
 
@@ -38,9 +38,9 @@ spec:
   - openshift-sriov-network-operator
 ----
 
-. Create a subscription to the SR-IOV Operator: 
+. Create a subscription to the SR-IOV Operator:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
@@ -48,7 +48,7 @@ metadata:
   name: sriov-network-operator-subsription
   namespace: openshift-sriov-network-operator
 spec:
-  channel: "4.13"
+  channel: "{product-version}"
   name: sriov-network-operator
   config:
     nodeSelector:
@@ -67,10 +67,10 @@ $ oc get csv -n openshift-sriov-network-operator
 ----
 +
 .Example output
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 NAME                                         DISPLAY                   VERSION               REPLACES                                     PHASE
-sriov-network-operator.4.13.0-202211021237   SR-IOV Network Operator   4.13.0-202211021237   sriov-network-operator.4.13.0-202210290517   Succeeded
+sriov-network-operator.{product-version}.0-202211021237   SR-IOV Network Operator   {product-version}.0-202211021237   sriov-network-operator.{product-version}.0-202210290517   Succeeded
 ----
 
 . To verify that the SR-IOV pods are deployed, run the following command:
diff --git a/modules/ssh-agent-using.adoc b/modules/ssh-agent-using.adoc
index 1c66d061e993..d918d76fad6d 100644
--- a/modules/ssh-agent-using.adoc
+++ b/modules/ssh-agent-using.adoc
@@ -35,32 +35,24 @@
 // * installing/installing_ibm_powervs/installing-ibm-power-vs-private-cluster.adoc
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
+// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
-// * installing/installing-rhv-restricted-network.adoc
 // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-preparing-to-install.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc
 
-
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:user-infra:
-endif::[]
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :user-infra:
 endif::[]
@@ -97,9 +89,6 @@ endif::[]
 ifeval::["{context}" == "installing-bare-metal"]
 :user-infra:
 endif::[]
-ifeval::["{context}" == "installing-vsphere"]
-:user-infra:
-endif::[]
 ifeval::["{context}" == "installing-aws-user-infra"]
 :user-infra:
 endif::[]
@@ -109,9 +98,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :osp:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:osp:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer"]
 :osp:
 endif::[]
@@ -127,17 +113,17 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
 :ibm-z:
 endif::[]
-ifeval::["{context}" == "installing-rhv-default"]
-:rhv:
+ifeval::["{context}" == "installing-platform-agnostic"]
+:user-infra:
 endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:rhv:
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:user-infra:
 endif::[]
-ifeval::["{context}" == "installing-platform-agnostic"]
+ifeval::["{context}" == "upi-vsphere-preparing-to-install"]
 :user-infra:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ssh-agent-using_{context}"]
 = Generating a key pair for cluster node SSH access
 
@@ -152,7 +138,7 @@ If you want to SSH in to your cluster nodes to perform installation debugging or
 Do not skip this procedure in production environments, where disaster recovery and debugging is required.
 ====
 
-ifndef::osp,ibm-z,rhv[]
+ifndef::osp,ibm-z[]
 [NOTE]
 ====
 You must use a local key, not one that you configured with platform-specific
@@ -182,7 +168,7 @@ $ ssh-keygen -t ed25519 -N '' -f <path>/<file_name> <1>
 ifndef::ibm-power-vs[]
 [NOTE]
 ====
-If you plan to install an {product-title} cluster that uses FIPS Validated / Modules in Process cryptographic libraries on the `x86_64` architecture, do not create a key that uses the `ed25519` algorithm. Instead, create a key that uses the `rsa` or `ecdsa` algorithm.
+If you plan to install an {product-title} cluster that uses the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the `x86_64`, `ppc64le`, and `s390x` architectures, do not create a key that uses the `ed25519` algorithm. Instead, create a key that uses the `rsa` or `ecdsa` algorithm.
 ====
 endif::ibm-power-vs[]
 
@@ -248,9 +234,6 @@ ifdef::user-infra[]
 If you install a cluster on infrastructure that you provision, you must provide the key to the installation program.
 endif::user-infra[]
 
-ifeval::["{context}" == "installing-restricted-networks-vsphere"]
-:!user-infra:
-endif::[]
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :!user-infra:
 endif::[]
@@ -287,9 +270,6 @@ endif::[]
 ifeval::["{context}" == "installing-bare-metal"]
 :!user-infra:
 endif::[]
-ifeval::["{context}" == "installing-vsphere"]
-:!user-infra:
-endif::[]
 ifeval::["{context}" == "installing-aws-user-infra"]
 :!user-infra:
 endif::[]
@@ -299,9 +279,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!osp:
 endif::[]
-ifeval::["{context}" == "installing-openstack-installer-kuryr"]
-:!osp:
-endif::[]
 ifeval::["{context}" == "installing-openstack-installer"]
 :!osp:
 endif::[]
@@ -311,18 +288,18 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-z-kvm"]
 :!ibm-z:
 endif::[]
-ifeval::["{context}" == "installing-rhv-default"]
-:!rhv:
-endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
 :!ibm-z:
 endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
 :!ibm-z:
 endif::[]
-ifeval::["{context}" == "installing-rhv-customizations"]
-:!rhv:
-endif::[]
 ifeval::["{context}" == "installing-platform-agnostic"]
 :!user-infra:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
+:!user-infra:
+endif::[]
+ifeval::["{context}" == "upi-vsphere-preparing-to-install"]
+:!user-infra:
+endif::[]
diff --git a/modules/starting-debug-pods-with-root-access.adoc b/modules/starting-debug-pods-with-root-access.adoc
index e9815b4b06e3..c5a35ce6df37 100644
--- a/modules/starting-debug-pods-with-root-access.adoc
+++ b/modules/starting-debug-pods-with-root-access.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/investigating-pod-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="starting-debug-pods-with-root-access_{context}"]
 = Starting debug pods with root access
 
@@ -10,7 +10,12 @@ You can start a debug pod with root access, based on a problematic pod's deploym
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * Your API service is still functional.
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/storage-azure-create-storage-class.adoc b/modules/storage-azure-create-storage-class.adoc
index eb1f5bf5c761..4769e957c71e 100644
--- a/modules/storage-azure-create-storage-class.adoc
+++ b/modules/storage-azure-create-storage-class.adoc
@@ -4,7 +4,7 @@
 
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="storage-create-azure-storage-class_{context}"]
 = Creating the Azure storage class
 
@@ -29,8 +29,13 @@ persistent volumes.
 .. Select `kubernetes.io/azure-disk` from the drop down list.
 
 ... Enter the storage account type. This corresponds to your Azure
-storage account SKU tier. Valid options are `Premium_LRS`, `Standard_LRS`,
+storage account SKU tier. Valid options are `Premium_LRS`, `PremiumV2_LRS`, `Standard_LRS`,
 `StandardSSD_LRS`, and `UltraSSD_LRS`.
++
+[IMPORTANT]
+====
+The skuname `PremiumV2_LRS` is not supported in all regions, and in some supported regions, not all of the availability zones are supported. For more information, see link:https://learn.microsoft.com/en-us/azure/virtual-machines/disks-deploy-premium-v2[Azure doc].
+====
 
 ... Enter the kind of account. Valid options are `shared`, `dedicated,`
 and `managed`.
diff --git a/modules/storage-create-storage-class-cli.adoc b/modules/storage-create-storage-class-cli.adoc
index c3da5df06843..0d07604af6eb 100644
--- a/modules/storage-create-storage-class-cli.adoc
+++ b/modules/storage-create-storage-class-cli.adoc
@@ -3,7 +3,7 @@
 // * storage/persistent_storage/persistent-storage-aws-efs-csi.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="storage-create-storage-class-cli_{context}"]
 = Creating the {StorageClass} storage class using the CLI
 
diff --git a/modules/storage-create-storage-class-console.adoc b/modules/storage-create-storage-class-console.adoc
index d99db5a5e00e..58948d232326 100644
--- a/modules/storage-create-storage-class-console.adoc
+++ b/modules/storage-create-storage-class-console.adoc
@@ -3,7 +3,7 @@
 // * storage/persistent_storage/persistent-storage-aws-efs-csi.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="storage-create-storage-class-console_{context}"]
 = Creating the {StorageClass} storage class using the console
 
diff --git a/modules/storage-create-storage-class.adoc b/modules/storage-create-storage-class.adoc
index 47ffd27d51c1..975e58b58738 100644
--- a/modules/storage-create-storage-class.adoc
+++ b/modules/storage-create-storage-class.adoc
@@ -10,7 +10,7 @@
 // * storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc
 // * storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="storage-create-storage-class_{context}"]
 = Creating the {StorageClass} storage class
 
@@ -19,7 +19,7 @@ usages. By defining a storage class, users can obtain dynamically provisioned
 persistent volumes.
 
 ifeval::["{Provisioner}" == "efs.csi.aws.com"]
-The _AWS EFS CSI Driver Operator_, after being installed, does not create a storage class by default. However, you can manually create the AWS EFS storage class.
+The _link:https://github.com/openshift/aws-efs-csi-driver-operator[AWS EFS CSI Driver Operator] (a Red Hat operator)_, after being installed, does not create a storage class by default. However, you can manually create the AWS EFS storage class.
 endif::[]
 
 
diff --git a/modules/storage-ephemeral-storage-monitoring.adoc b/modules/storage-ephemeral-storage-monitoring.adoc
index 49c932d5c026..ef25a92bf39a 100644
--- a/modules/storage-ephemeral-storage-monitoring.adoc
+++ b/modules/storage-ephemeral-storage-monitoring.adoc
@@ -22,5 +22,5 @@ The output shows the ephemeral storage usage in `/var/lib`:
 [source,terminal]
 ----
 Filesystem  Size  Used Avail Use% Mounted on
-/dev/sda1    69G   32G   34G  49% /
+/dev/disk/by-partuuid/4cd1448a-01    69G   32G   34G  49% /
 ----
diff --git a/modules/storage-ephemeral-storage-overview.adoc b/modules/storage-ephemeral-storage-overview.adoc
index 95bbc76bec3a..80a793d2e208 100644
--- a/modules/storage-ephemeral-storage-overview.adoc
+++ b/modules/storage-ephemeral-storage-overview.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/understanding-ephemeral-storage-microshift.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id=storage-ephemeral-storage-overview_{context}]
 = Overview
 
diff --git a/modules/storage-ephemeral-vols-lifecycle.adoc b/modules/storage-ephemeral-vols-lifecycle.adoc
index d6b458c59bcb..9a1ce7984238 100644
--- a/modules/storage-ephemeral-vols-lifecycle.adoc
+++ b/modules/storage-ephemeral-vols-lifecycle.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/generic-ephemeral-volumes-microshift.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="generic-ephemeral-vols-lifecycle_{context}"]
 = Lifecycle and persistent volume claims
 
diff --git a/modules/storage-ephemeral-vols-overview.adoc b/modules/storage-ephemeral-vols-overview.adoc
index 582e1601f3aa..6b95d332a989 100644
--- a/modules/storage-ephemeral-vols-overview.adoc
+++ b/modules/storage-ephemeral-vols-overview.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/generic-ephemeral-volumes-microshift.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="generic-ephemeral-vols-overview_{context}"]
 = Overview
 
@@ -26,11 +26,11 @@ Generic ephemeral volumes have the following features:
 ====
 Generic ephemeral volumes do not support offline snapshots and resize.
 
-ifndef::openshift-dedicated,openshift-rosa[]
+ifndef::openshift-dedicated,openshift-rosa,microshift[]
 Due to this limitation, the following Container Storage Interface (CSI) drivers do not support the following features for generic ephemeral volumes:
 
 * Azure Disk CSI driver does not support resize.
 
 * Cinder CSI driver does not support snapshot.
-endif::openshift-dedicated,openshift-rosa[]
+endif::openshift-dedicated,openshift-rosa,microshift[]
 ====
diff --git a/modules/storage-ephemeral-vols-procedure.adoc b/modules/storage-ephemeral-vols-procedure.adoc
index 07d1f56f4d8a..8cd74ef08cb9 100644
--- a/modules/storage-ephemeral-vols-procedure.adoc
+++ b/modules/storage-ephemeral-vols-procedure.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/generic-ephemeral-volumes-microshift.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="generic-ephemeral-vols-procedure_{context}"]
 = Creating generic ephemeral volumes
 
@@ -38,10 +38,15 @@ spec:
               type: my-app-ephvol
           spec:
             accessModes: [ "ReadWriteOnce" ]
+ifndef::microshift[]
             storageClassName: "gp2-csi"
+endif::microshift[]
+ifdef::microshift[]
+            storageClassName: "topolvm-provisioner"
+endif::microshift[]
             resources:
               requests:
                 storage: 1Gi
 
 ----
-<1> Generic ephemeral volume claim
+<1> Generic ephemeral volume claim.
diff --git a/modules/storage-ephemeral-vols-pvc-naming.adoc b/modules/storage-ephemeral-vols-pvc-naming.adoc
index 6783f86a7bf8..236fca08e9b0 100644
--- a/modules/storage-ephemeral-vols-pvc-naming.adoc
+++ b/modules/storage-ephemeral-vols-pvc-naming.adoc
@@ -3,7 +3,7 @@
 // * storage/generic-ephemeral-vols.adoc
 // * microshift_storage/generic-ephemeral-volumes-microshift.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="generic-ephemeral-vols-pvc-naming_{context}"]
 = Persistent volume claim naming
 
diff --git a/modules/storage-ephemeral-vols-security.adoc b/modules/storage-ephemeral-vols-security.adoc
index ad145936435e..f1f49e31e641 100644
--- a/modules/storage-ephemeral-vols-security.adoc
+++ b/modules/storage-ephemeral-vols-security.adoc
@@ -3,7 +3,7 @@
 // * storage/generic-ephemeral-vols.adoc
 //* microshift_storage/generic-ephemeral-volumes-microshift.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="generic-ephemeral-security_{context}"]
 = Security
 
diff --git a/modules/storage-expanding-add-volume-expansion.adoc b/modules/storage-expanding-add-volume-expansion.adoc
index e3f965631395..c4f47a5e17c5 100644
--- a/modules/storage-expanding-add-volume-expansion.adoc
+++ b/modules/storage-expanding-add-volume-expansion.adoc
@@ -3,7 +3,7 @@
 // * storage/expanding-persistent-volumes.adoc
 //* microshift_storage/expanding-persistent-volumes-microshift.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="add-volume-expansion_{context}"]
 = Enabling volume expansion support
 
@@ -16,7 +16,7 @@ have the `allowVolumeExpansion` field set to `true`.
 +
 [source,terminal]
 ----
-$ oc edit storageclass <storage_class_name> <1> 
+$ oc edit storageclass <storage_class_name> <1>
 ----
 <1> Specifies the name of the storage class.
 +
diff --git a/modules/storage-expanding-csi-volumes.adoc b/modules/storage-expanding-csi-volumes.adoc
index 8724dd67f166..b5b62c77339d 100644
--- a/modules/storage-expanding-csi-volumes.adoc
+++ b/modules/storage-expanding-csi-volumes.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/expanding-persistent-volumes-microshift.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="expanding-csi-volumes_{context}"]
 = Expanding CSI volumes
 
diff --git a/modules/storage-expanding-filesystem-pvc.adoc b/modules/storage-expanding-filesystem-pvc.adoc
index 4cbcca733ad1..55f35f93deb7 100644
--- a/modules/storage-expanding-filesystem-pvc.adoc
+++ b/modules/storage-expanding-filesystem-pvc.adoc
@@ -3,7 +3,7 @@
 // * storage/expanding-persistent-volume.adoc
 //* microshift_storage/expanding-persistent-volumes-microshift.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="expanding-pvc-filesystem_{context}"]
 = Expanding persistent volume claims (PVCs) with a file system
 
diff --git a/modules/storage-expanding-flexvolume.adoc b/modules/storage-expanding-flexvolume.adoc
index 118a965f628b..f43436f2f81f 100644
--- a/modules/storage-expanding-flexvolume.adoc
+++ b/modules/storage-expanding-flexvolume.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/expanding-persistent-volumes-microshift.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="expanding-flexvolume_{context}"]
 = Expanding FlexVolume with a supported driver
 
diff --git a/modules/storage-expanding-local-volumes.adoc b/modules/storage-expanding-local-volumes.adoc
index ff309b64e6b6..b868a5b50697 100644
--- a/modules/storage-expanding-local-volumes.adoc
+++ b/modules/storage-expanding-local-volumes.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/expanding-persistent-volumes-microshift.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="expanding-local-volumes_{context}"]
 = Expanding local volumes
 
diff --git a/modules/storage-expanding-recovering-failure.adoc b/modules/storage-expanding-recovering-failure.adoc
index 31607fdb9912..c51c699d665f 100644
--- a/modules/storage-expanding-recovering-failure.adoc
+++ b/modules/storage-expanding-recovering-failure.adoc
@@ -3,7 +3,7 @@
 // * storage/expanding-persistent-volumes.adoc
 //* microshift_storage/expanding-persistent-volumes-microshift.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="expanding-recovering-from-failure_{context}"]
 = Recovering from failure when expanding volumes
 
diff --git a/modules/storage-multi-attach-error.adoc b/modules/storage-multi-attach-error.adoc
index ab40053bea82..134ee8dfa594 100644
--- a/modules/storage-multi-attach-error.adoc
+++ b/modules/storage-multi-attach-error.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-storage-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="storage-multi-attach-error_{context}"]
 = Resolving multi-attach errors
 
diff --git a/modules/storage-persistent-storage-azure-file-pod.adoc b/modules/storage-persistent-storage-azure-file-pod.adoc
index 45463ad40923..929b7977042b 100644
--- a/modules/storage-persistent-storage-azure-file-pod.adoc
+++ b/modules/storage-persistent-storage-azure-file-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-azure-file.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-azure-file-pod_{context}"]
 = Mount the Azure File share in a pod
 
diff --git a/modules/storage-persistent-storage-azure-file.adoc b/modules/storage-persistent-storage-azure-file.adoc
index bfde43369cf0..c26a52619b06 100644
--- a/modules/storage-persistent-storage-azure-file.adoc
+++ b/modules/storage-persistent-storage-azure-file.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-azure-file.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="create-azure-file-secret_{context}"]
 = Create the Azure File share persistent volume claim
 
diff --git a/modules/storage-persistent-storage-block-volume.adoc b/modules/storage-persistent-storage-block-volume.adoc
index 054cea7bb65a..193e91a1d2cb 100644
--- a/modules/storage-persistent-storage-block-volume.adoc
+++ b/modules/storage-persistent-storage-block-volume.adoc
@@ -27,10 +27,10 @@ The following table displays which volume plugins support block volumes.
 [cols="1,1,1,1", width="100%",options="header"]
 |===
 |Volume Plugin  |Manually provisioned  |Dynamically provisioned |Fully supported
-|AliCloud Disk | ✅ | ✅ | ✅
-|AWS EBS  | ✅ | ✅ | ✅
-|AWS EFS | | |
+|Amazon Elastic Block Store (Amazon EBS) | ✅ | ✅ | ✅
+|Amazon Elastic File Storage (Amazon EFS) | | |
 ifndef::openshift-dedicated,openshift-rosa[]
+|AliCloud Disk | ✅ | ✅ | ✅
 |Azure Disk | ✅ | ✅ | ✅
 |Azure File | | |
 |Cinder | ✅ | ✅ | ✅
diff --git a/modules/storage-persistent-storage-lifecycle.adoc b/modules/storage-persistent-storage-lifecycle.adoc
index 7297ea8a0fe5..b2f7d6b6933f 100644
--- a/modules/storage-persistent-storage-lifecycle.adoc
+++ b/modules/storage-persistent-storage-lifecycle.adoc
@@ -109,7 +109,7 @@ functionality.
 
 * `Delete` reclaim policy deletes  both the `PersistentVolume` object
 from {product-title} and the associated storage asset in external
-infrastructure, such as AWS EBS or VMware vSphere.
+infrastructure, such as Amazon Elastic Block Store (Amazon EBS) or VMware vSphere.
 
 [NOTE]
 ====
diff --git a/modules/storage-persistent-storage-nfs-provisioning.adoc b/modules/storage-persistent-storage-nfs-provisioning.adoc
index 6d4945bd3b03..a7f38efe78c3 100644
--- a/modules/storage-persistent-storage-nfs-provisioning.adoc
+++ b/modules/storage-persistent-storage-nfs-provisioning.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-nfs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="persistent-storage-nfs-provisioning_{context}"]
 = Provisioning
 
diff --git a/modules/storage-persistent-storage-nfs-selinux.adoc b/modules/storage-persistent-storage-nfs-selinux.adoc
index 83875cf61725..cef7bf5fd6dc 100644
--- a/modules/storage-persistent-storage-nfs-selinux.adoc
+++ b/modules/storage-persistent-storage-nfs-selinux.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage/persistent-storage-nfs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="nfs-selinux_{context}"]
 = SELinux
 
diff --git a/modules/storage-persistent-storage-overview.adoc b/modules/storage-persistent-storage-overview.adoc
index fbe0421eec6e..67785a8964ba 100644
--- a/modules/storage-persistent-storage-overview.adoc
+++ b/modules/storage-persistent-storage-overview.adoc
@@ -3,7 +3,7 @@
 // storage/understanding-persistent-storage.adoc
 // microshift_storage/understanding-persistent-storage-microshift.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id=persistent-storage-overview_{context}]
 = Persistent storage overview
 
diff --git a/modules/storage-persistent-storage-pv.adoc b/modules/storage-persistent-storage-pv.adoc
index cab2e5a8b991..d152431f6ce9 100644
--- a/modules/storage-persistent-storage-pv.adoc
+++ b/modules/storage-persistent-storage-pv.adoc
@@ -34,7 +34,12 @@ ifndef::microshift[]
 [id="types-of-persistent-volumes_{context}"]
 == Types of PVs
 
+ifndef::openshift-rosa[]
 {product-title} supports the following persistent volume plugins:
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+{product-title} (ROSA) supports the following persistent volume storage options:
+endif::openshift-rosa[]
 
 // - GlusterFS
 // - Ceph RBD
@@ -59,7 +64,8 @@ ifndef::openshift-rosa[]
 - GCP Filestore
 endif::openshift-rosa[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-- IBM VPC Block
+- {ibm-power-server-title} Block
+- {ibm-name} VPC Block
 endif::openshift-enterprise,openshift-webscale,openshift-origin[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-aro[]
 - HostPath
@@ -75,6 +81,10 @@ ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 endif::openshift-enterprise,openshift-webscale,openshift-origin[]
 endif::microshift[]
 
+ifdef::openshift-rosa[]
+ROSA functions with Kubernetes Container Storage Interface (CSI) compatible volume provisioners from other storage vendors. See link:https://docs.openshift.com/rosa/storage/container_storage_interface/persistent-storage-csi.html[Configuring CSI volumes] for more information about CSI drivers in ROSA. 
+endif::openshift-rosa[]
+
 [id="pv-capacity_{context}"]
 == Capacity
 
@@ -94,6 +104,19 @@ Direct matches are always attempted first. The volume's modes must match or cont
 
 All volumes with the same modes are grouped, and then sorted by size, smallest to largest. The binder gets the group with matching modes and iterates over each, in size order, until one size matches.
 
+ifndef::microshift[]
+[IMPORTANT]
+====
+Volume access modes describe volume capabilities. They are not enforced constraints. The storage provider is responsible for runtime errors resulting from invalid use of the resource. Errors in the provider show up at runtime as mount errors.
+
+ifndef::openshift-dedicated,openshift-rosa[]
+For example, NFS offers `ReadWriteOnce` access mode. If you want to use the volume's ROX capability, mark the claims as `ReadOnlyMany`.
+
+iSCSI and Fibre Channel volumes do not currently have any fencing mechanisms. You must ensure the volumes are only used by one node at a time. In certain situations, such as draining a node, the volumes can be used simultaneously by two nodes. Before draining the node, delete the pods that use the volumes.
+endif::openshift-dedicated,openshift-rosa[]
+====
+endif::microshift[]
+
 The following table lists the access modes:
 
 .Access modes
@@ -103,6 +126,9 @@ The following table lists the access modes:
 |ReadWriteOnce
 |`RWO`
 |The volume can be mounted as read-write by a single node.
+|ReadWriteOncePod ^[1]^
+|`RWOP`
+|The volume can be mounted as read-write by a single pod on a single node.
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 |ReadOnlyMany
 |`ROX`
@@ -112,68 +138,58 @@ ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 |The volume can be mounted as read-write by many nodes.
 endif::[]
 |===
+--
+1. ReadWriteOncePod access mode for persistent volumes is a Technology Preview feature.
+--
+:FeatureName: ReadWriteOncePod access mode for persistent volumes
+include::snippets/technology-preview.adoc[leveloffset=+1]
 endif::microshift[]
 
 ifndef::microshift[]
-[IMPORTANT]
-====
-Volume access modes are descriptors of volume capabilities. They are not enforced constraints. The storage provider is responsible for runtime errors resulting from invalid use of the resource.
-
-ifndef::openshift-dedicated,openshift-rosa[]
-For example, NFS offers `ReadWriteOnce` access mode. You must
-mark the claims as `read-only` if you want to use the volume's
-ROX capability. Errors in the provider show up at runtime as mount errors.
-
-iSCSI and Fibre Channel volumes do not currently have any fencing
-mechanisms. You must ensure the volumes are only used by one node at a
-time. In certain situations, such as draining a node, the volumes can be
-used simultaneously by two nodes. Before draining the node, first ensure
-the pods that use these volumes are deleted.
-endif::openshift-dedicated,openshift-rosa[]
-====
-endif::microshift[]
-
-ifndef::microshift[]
-.Supported access modes for PVs
-[cols=",^v,^v,^v", width="100%",options="header"]
+.Supported access modes for persistent volumes
+[cols=",^v,^v,^v,^v", width="100%",options="header"]
 |===
-|Volume plugin  |ReadWriteOnce ^[1]^  |ReadOnlyMany  |ReadWriteMany
+|Volume plugin  |ReadWriteOnce ^[1]^ | ReadWriteOncePod ^[2]^ |ReadOnlyMany|ReadWriteMany
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-|AliCloud Disk | ✅ | - |  -
+|AliCloud Disk | ✅ |✅ | - |  -
 endif::[]
-|AWS EBS ^[2]^ | ✅ | - |  -
-|AWS EFS | ✅ | ✅ | ✅
+|AWS EBS ^[3]^ | ✅ | ✅ | - |  -
+|AWS EFS | ✅ | ✅ | ✅ | ✅
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-|Azure File | ✅ | ✅ | ✅
-|Azure Disk | ✅ | - | -
-//|Ceph RBD  | ✅ | ✅ |  -
-//|CephFS  | ✅ | ✅ |  ✅
-|Cinder  | ✅ | - |  -
-|Fibre Channel  | ✅ | ✅ |  -
+|Azure File | ✅ |✅ | ✅ | ✅
+|Azure Disk | ✅ | ✅ | - | -
+//|Ceph RBD  | ✅ | ✅ |✅ |  -
+//|CephFS  | ✅ | ✅ | ✅ |  ✅
+|Cinder  | ✅ | ✅ |- |  -
+|Fibre Channel  | ✅ | ✅ |✅ |  -
 endif::[]
 ifndef::openshift-rosa[]
-|GCP Persistent Disk  | ✅ | - |  -
-|GCP Filestore | ✅ | ✅ | ✅
+|GCP Persistent Disk  | ✅ |✅ | - |  -
+|GCP Filestore | ✅ | ✅ |✅ | ✅
 endif::openshift-rosa[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-//|GlusterFS  | ✅ | ✅ | ✅
-|HostPath  | ✅ | - |  -
-|IBM VPC Disk | ✅ | - |  -
-|iSCSI  | ✅ | ✅ |  -
-|Local volume | ✅ | - |  -
-|NFS  | ✅ | ✅ | ✅
-|OpenStack Manila  | - | - | ✅
-|{rh-storage-first}  | ✅ | - | ✅
-|VMware vSphere | ✅ | - | ✅ ^[3]^
+//|GlusterFS  | ✅ |✅ | ✅ | ✅
+|HostPath  | ✅ |✅ | - |  -
+|{ibm-power-server-title}  Disk | ✅ |✅  | ✅ |  ✅
+|{ibm-name} VPC Disk | ✅ |✅ | - |  -
+|iSCSI  | ✅ | ✅ |✅ |  -
+|Local volume | ✅ |✅ | - |  -
+|NFS  | ✅ | ✅ |✅ | ✅
+|OpenStack Manila  | - |✅ | - | ✅
+|{rh-storage-first}  | ✅ |✅ | - | ✅
+|VMware vSphere | ✅ |✅ | - | ✅ ^[4]^
 endif::[]
-
 |===
 [.small]
 --
 1. ReadWriteOnce (RWO) volumes cannot be mounted on multiple nodes. If a node fails, the system does not allow the attached RWO volume to be mounted on a new node because it is already assigned to the failed node. If you encounter a multi-attach error message as a result, force delete the pod on a shutdown or crashed node to avoid data loss in critical workloads, such as when dynamic persistent volumes are attached.
-2. Use a recreate deployment strategy for pods that rely on AWS EBS.
+
+2. ReadWriteOncePod is a Technology Preview feature.
+
+3. Use a recreate deployment strategy for pods that rely on AWS EBS.
+
 ifndef::openshift-dedicated,openshift-rosa[]
-3. If the underlying vSphere environment supports the vSAN file service, then the vSphere Container Storage Interface (CSI) Driver Operator installed by
+4. If the underlying vSphere environment supports the vSAN file service, then the vSphere Container Storage Interface (CSI) Driver Operator installed by
 {product-title} supports provisioning of ReadWriteMany (RWX) volumes. If you do not have vSAN file service configured, and you request RWX, the volume fails to get created and an error is logged. For more information, see "Using Container Storage Interface" -> "VMware vSphere CSI Driver Operator".
 endif::openshift-dedicated,openshift-rosa[]
 // GCE Persistent Disks, or Openstack Cinder PVs.
@@ -236,7 +252,7 @@ cluster.
 
 |===
 
-You can view the name of the PVC bound to the PV by running:
+You can view the name of the PVC that is bound to the PV by running the following command:
 
 [source,terminal]
 ----
@@ -250,6 +266,7 @@ You can specify mount options while mounting a PV by using the attribute `mountO
 
 For example:
 
+ifndef::microshift[]
 .Mount options example
 [source,yaml]
 ----
@@ -299,3 +316,31 @@ ifndef::openshift-dedicated,openshift-rosa[]
 Fibre Channel and HostPath PVs do not support mount options.
 ====
 endif::openshift-dedicated,openshift-rosa[]
+endif::microshift[]
+
+ifdef::microshift[]
+.Mount options example
+[source,yaml]
+----
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+  name: topolvm-provisioner
+mountOptions:
+  - uid=1500
+  - gid=1500
+parameters:
+  csi.storage.k8s.io/fstype: xfs
+provisioner: topolvm.io
+reclaimPolicy: Delete
+volumeBindingMode: WaitForFirstConsumer
+allowVolumeExpansion: true
+----
+
+[NOTE]
+====
+`mountOptions` are not validated. Incorrect values will cause the mount to fail and an event to be logged to the PVC.
+====
+endif::microshift[]
\ No newline at end of file
diff --git a/modules/storage-persistent-storage-pvc.adoc b/modules/storage-persistent-storage-pvc.adoc
index 9688508e7a75..d68ee131278b 100644
--- a/modules/storage-persistent-storage-pvc.adoc
+++ b/modules/storage-persistent-storage-pvc.adoc
@@ -27,10 +27,10 @@ spec:
 status:
   ...
 ----
-<1> Name of the PVC
-<2> The access mode, defining the read-write and mount permissions
-<3> The amount of storage available to the PVC
-<4> Name of the `StorageClass` required by the claim
+<1> Name of the PVC.
+<2> The access mode, defining the read-write and mount permissions.
+<3> The amount of storage available to the PVC.
+<4> Name of the `StorageClass` required by the claim.
 
 [id="pvc-storage-class_{context}"]
 == Storage classes
diff --git a/modules/storage-persistent-storage-reclaim-manual.adoc b/modules/storage-persistent-storage-reclaim-manual.adoc
index 7c11c96a06d2..be8570d9030e 100644
--- a/modules/storage-persistent-storage-reclaim-manual.adoc
+++ b/modules/storage-persistent-storage-reclaim-manual.adoc
@@ -4,7 +4,7 @@
 //* microshift_storage/understanding-persistent-storage-microshift.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="reclaim-manual_{context}"]
 = Reclaiming a persistent volume manually
 
@@ -33,7 +33,7 @@ ifdef::openshift-dedicated[]
 The associated storage asset in the external infrastructure, such as an AWS EBS or GCE PD volume, still exists after the PV is deleted.
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-The associated storage asset in the external infrastructure, such as an AWS EBS volume, still exists after the PV is deleted.
+The associated storage asset in the external infrastructure, such as an Amazon Elastic Block Store (Amazon EBS) volume, still exists after the PV is deleted.
 endif::openshift-rosa[]
 
 . Clean up the data on the associated storage asset.
diff --git a/modules/storage-persistent-storage-volume-encrypt-with-kms-key.adoc b/modules/storage-persistent-storage-volume-encrypt-with-kms-key.adoc
index 65bd538293b8..09970adb97ae 100644
--- a/modules/storage-persistent-storage-volume-encrypt-with-kms-key.adoc
+++ b/modules/storage-persistent-storage-volume-encrypt-with-kms-key.adoc
@@ -2,7 +2,7 @@
 //
 // * storage/persistent_storage-aws.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="aws-container-persistent-volumes-encrypt_{context}"]
 = Encrypting container persistent volumes on AWS with a KMS key
 
diff --git a/modules/sts-mode-installing-manual-run-installer.adoc b/modules/sts-mode-installing-manual-run-installer.adoc
index 7255474d2e81..df1b79106b0d 100644
--- a/modules/sts-mode-installing-manual-run-installer.adoc
+++ b/modules/sts-mode-installing-manual-run-installer.adoc
@@ -3,7 +3,7 @@
 // * authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc
 // * authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="sts-mode-installing-manual-run-installer_{context}"]
 = Running the installer
 
diff --git a/modules/summarizing-cluster-specifications-through-clusterversion.adoc b/modules/summarizing-cluster-specifications-through-clusterversion.adoc
index 594215cfafb5..b8ff5c188201 100644
--- a/modules/summarizing-cluster-specifications-through-clusterversion.adoc
+++ b/modules/summarizing-cluster-specifications-through-clusterversion.adoc
@@ -1,17 +1,21 @@
 // Module included in the following assemblies:
 //
 // * support/summarizing-cluster-specifications.adoc
-// * sd_support/osd-summarizing-cluster-specifications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="summarizing-cluster-specifications-through-clusterversion_{context}"]
-= Summarizing cluster specifications through `clusterversion`
+= Summarizing cluster specifications by using a cluster version object
 
 You can obtain a summary of {product-title} cluster specifications by querying the `clusterversion` resource.
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
@@ -22,10 +26,39 @@ You can obtain a summary of {product-title} cluster specifications by querying t
 ----
 $ oc get clusterversion
 ----
-
++
+.Example output
+[source,text]
+----
+NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
+version   4.13.8    True        False         8h      Cluster version is 4.13.8
+----
 . Obtain a detailed summary of cluster specifications, update availability, and update history:
 +
 [source,terminal]
 ----
 $ oc describe clusterversion
 ----
++
+.Example output
+[source,text]
+----
+Name:         version
+Namespace:
+Labels:       <none>
+Annotations:  <none>
+API Version:  config.openshift.io/v1
+Kind:         ClusterVersion
+# ...
+    Image:    quay.io/openshift-release-dev/ocp-release@sha256:a956488d295fe5a59c8663a4d9992b9b5d0950f510a7387dbbfb8d20fc5970ce
+    URL:      https://access.redhat.com/errata/RHSA-2023:4456
+    Version:  4.13.8
+  History:
+    Completion Time:    2023-08-17T13:20:21Z
+    Image:              quay.io/openshift-release-dev/ocp-release@sha256:a956488d295fe5a59c8663a4d9992b9b5d0950f510a7387dbbfb8d20fc5970ce
+    Started Time:       2023-08-17T12:59:45Z
+    State:              Completed
+    Verified:           false
+    Version:            4.13.8
+# ...
+----
diff --git a/modules/support-collecting-host-network-trace.adoc b/modules/support-collecting-host-network-trace.adoc
index 2a057f1ba292..a2a4347e8319 100644
--- a/modules/support-collecting-host-network-trace.adoc
+++ b/modules/support-collecting-host-network-trace.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-collecting-host-network-trace_{context}"]
 = Collecting a host network trace
 
@@ -30,7 +30,12 @@ However, you can run any command in the container image that is specified in the
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 * You have installed the OpenShift CLI (`oc`).
 
diff --git a/modules/support-collecting-network-trace.adoc b/modules/support-collecting-network-trace.adoc
index 5191d7820ab4..3c5eda30df36 100644
--- a/modules/support-collecting-network-trace.adoc
+++ b/modules/support-collecting-network-trace.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-collecting-network-trace_{context}"]
 = Collecting a network trace from an {product-title} node or container
 
@@ -10,7 +10,12 @@ When investigating potential network-related {product-title} issues, Red Hat Sup
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 * You have a Red Hat standard or premium Subscription.
 * You have a Red Hat Customer Portal account.
@@ -91,7 +96,7 @@ $ tcpdump -nn -s 0 -i ens5 -w /host/var/tmp/my-cluster-node_$(date +%d_%m_%Y-%H_
 +
 [source,terminal]
 ----
-# nsenter -n -t 49628 -- tcpdump -nn -i ens5 -w /host/var/tmp/my-cluster-node-my-container_$(date +%d_%m_%Y-%H_%M_%S-%Z).pcap.pcap  <1>
+# nsenter -n -t 49628 -- tcpdump -nn -i ens5 -w /host/var/tmp/my-cluster-node-my-container_$(date +%d_%m_%Y-%H_%M_%S-%Z).pcap  <1>
 ----
 <1> The `tcpdump` capture file's path is outside of the `chroot` environment because the toolbox container mounts the host's root directory at `/host`.
 
@@ -120,7 +125,7 @@ $ oc debug node/my-cluster-node -- bash -c 'cat /host/var/tmp/my-tcpdump-capture
 {product-title} {product-version} cluster nodes running {op-system-first} are immutable and rely on Operators to apply cluster changes. Transferring a `tcpdump` capture file from a cluster node by using `scp` is not recommended. However, if the {product-title} API is not available, or the kubelet is not properly functioning on the target node, `oc` operations will be impacted. In such situations, it is possible to copy a `tcpdump` capture file from a node by running `scp core@<node>.<cluster_name>.<base_domain>:<file_path> <local_path>`.
 ====
 +
-.. Navigate to an existing support case within link:https://access.redhat.com/support/cases/[https://access.redhat.com/support/cases/].
+.. Navigate to an existing support case within link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 +
 .. Select *Attach files* and follow the prompts to upload the file.
 
diff --git a/modules/support-gather-data.adoc b/modules/support-gather-data.adoc
index 0712e1909b8e..6de9e037b06f 100644
--- a/modules/support-gather-data.adoc
+++ b/modules/support-gather-data.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support_gathering_data_{context}"]
 = Gathering data about your cluster for Red Hat Support
 
@@ -10,8 +10,13 @@ You can gather debugging information about your cluster by using the `oc adm mus
 
 .Prerequisites
 
-* Access to the cluster as a user with the `cluster-admin` role.
-* The {product-title} CLI (`oc`) installed.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+* The {product-title} CLI (`oc`) is installed.
 
 .Procedure
 
@@ -63,7 +68,7 @@ $ tar cvaf must-gather.tar.gz must-gather.local.5421342344627712289/ <1>
 <1> Make sure to replace `must-gather-local.5421342344627712289/` with the actual directory name.
 
 ifndef::openshift-origin[]
-. Attach the compressed file to your support case on the link:https://access.redhat.com[Red Hat Customer Portal].
+. Attach the compressed file to your support case on the link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 endif::[]
 
 ifdef::openshift-origin[]
diff --git a/modules/support-generating-a-sosreport-archive.adoc b/modules/support-generating-a-sosreport-archive.adoc
index f9207687fd4a..9e72f97ada18 100644
--- a/modules/support-generating-a-sosreport-archive.adoc
+++ b/modules/support-generating-a-sosreport-archive.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-generating-a-sosreport-archive_{context}"]
 = Generating a sosreport archive for an {product-title} cluster node
 
@@ -10,7 +10,12 @@ The recommended way to generate a `sosreport` for an {product-title} {product-ve
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have SSH access to your hosts.
 * You have installed the OpenShift CLI (`oc`).
 * You have a Red Hat standard or premium Subscription.
@@ -77,14 +82,21 @@ If an existing `toolbox` pod is already running, the `toolbox` command outputs `
 ====
 +
 . Collect a `sosreport` archive.
-.. Run the `sosreport` command and enable the `crio.all` and `crio.logs` CRI-O container engine `sosreport` plugins:
+.. Run the `sos report` command to collect necessary troubleshooting data on `crio` and `podman`:
 +
 [source,terminal]
 ----
-# sosreport -k crio.all=on -k crio.logs=on <1>
+# sos report -k crio.all=on -k crio.logs=on  -k podman.all=on -k podman.logs=on <1>
 ----
 <1> `-k` enables you to define `sosreport` plugin parameters outside of the defaults.
 +
+.. Optional: To include information on OVN-Kubernetes networking configurations from a node in your report, run the following command:
++
+[source,terminal]
+----
+# sos report --all-logs
+----
+
 .. Press *Enter* when prompted, to continue.
 +
 .. Provide the Red Hat Support case ID. `sosreport` adds the ID to the archive's file name.
@@ -125,6 +137,6 @@ $ oc debug node/my-cluster-node -- bash -c 'cat /host/var/tmp/sosreport-my-clust
 {product-title} {product-version} cluster nodes running {op-system-first} are immutable and rely on Operators to apply cluster changes. Transferring a `sosreport` archive from a cluster node by using `scp` is not recommended. However, if the {product-title} API is not available, or the kubelet is not properly functioning on the target node, `oc` operations will be impacted. In such situations, it is possible to copy a `sosreport` archive from a node by running `scp core@<node>.<cluster_name>.<base_domain>:<file_path> <local_path>`.
 ====
 +
-.. Navigate to an existing support case within link:https://access.redhat.com/support/cases/[https://access.redhat.com/support/cases/].
+.. Navigate to an existing support case within link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 +
 .. Select *Attach files* and follow the prompts to upload the file.
diff --git a/modules/support-get-cluster-id.adoc b/modules/support-get-cluster-id.adoc
index 2dd32b856f91..2dc51ce25746 100644
--- a/modules/support-get-cluster-id.adoc
+++ b/modules/support-get-cluster-id.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-get-cluster-id_{context}"]
 = Obtaining your cluster ID
 
@@ -10,8 +10,13 @@ When providing information to Red Hat Support, it is helpful to provide the uniq
 
 .Prerequisites
 
-* Access to the cluster as a user with the `cluster-admin` role.
-* Access to the web console or the OpenShift CLI (`oc`) installed.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+* You have access to the web console or the OpenShift CLI (`oc`) installed.
 
 .Procedure
 ifdef::openshift-enterprise,openshift-webscale,openshift-dedicated[]
@@ -26,7 +31,7 @@ ifdef::openshift-origin[]
 endif::[]
 
 * To manually obtain your cluster ID using the web console:
-.. Navigate to *Home* -> *Dashboards* -> *Overview*.
+.. Navigate to *Home* -> *Overview*.
 .. The value is available in the *Cluster ID* field of the *Details* section.
 
 * To obtain your cluster ID using the OpenShift CLI (`oc`), run the following command:
diff --git a/modules/support-installing-packages-to-a-toolbox-container.adoc b/modules/support-installing-packages-to-a-toolbox-container.adoc
index 2499874da6c6..577b1989487b 100644
--- a/modules/support-installing-packages-to-a-toolbox-container.adoc
+++ b/modules/support-installing-packages-to-a-toolbox-container.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-packages-to-a-toolbox-container_{context}"]
 = Installing packages to a `toolbox` container
 
diff --git a/modules/support-knowledgebase-about.adoc b/modules/support-knowledgebase-about.adoc
index aa0f1117d935..c0bea70fa0af 100644
--- a/modules/support-knowledgebase-about.adoc
+++ b/modules/support-knowledgebase-about.adoc
@@ -4,8 +4,9 @@
 // * support/getting-support.adoc
 // * service_mesh/v2x/ossm-troubleshooting-istio.adoc
 // * osd_architecture/osd-support.adoc
+// * microshift_support/microshift-getting-support.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="support-knowledgebase-about_{context}"]
 = About the Red Hat Knowledgebase
 
diff --git a/modules/support-knowledgebase-search.adoc b/modules/support-knowledgebase-search.adoc
index 0b79bfae5d8c..660f0664d7df 100644
--- a/modules/support-knowledgebase-search.adoc
+++ b/modules/support-knowledgebase-search.adoc
@@ -4,8 +4,9 @@
 // * support/getting-support.adoc
 // * service_mesh/v2x/ossm-troubleshooting-istio.adoc
 // * osd_architecture/osd-support.adoc
+// * microshift_support/microshift-getting-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-knowledgebase-search_{context}"]
 = Searching the Red Hat Knowledgebase
 
@@ -19,14 +20,16 @@ In the event of an {product-title} issue, you can perform an initial search to d
 
 . Log in to the link:http://access.redhat.com[Red Hat Customer Portal].
 
-. In the main Red Hat Customer Portal search field, input keywords and strings relating to the problem, including:
+. Click *Search*.
+
+. In the search field, input keywords and strings relating to the problem, including:
 +
 * {product-title} components (such as *etcd*)
 * Related procedure (such as *installation*)
 * Warnings, error messages, and other outputs related to explicit failures
 
-. Click *Search*.
+. Click the *Enter* key.
 
-. Select the *{product-title}* product filter.
+. Optional: Select the *{product-title}* product filter.
 
-. Select the *Knowledgebase* content type filter.
+. Optional: Select the *Documentation* content type filter.
diff --git a/modules/support-providing-diagnostic-data-to-red-hat.adoc b/modules/support-providing-diagnostic-data-to-red-hat.adoc
index 56c7130b649b..0023f5ab9a20 100644
--- a/modules/support-providing-diagnostic-data-to-red-hat.adoc
+++ b/modules/support-providing-diagnostic-data-to-red-hat.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-providing-diagnostic-data-to-red-hat_{context}"]
 = Providing diagnostic data to Red Hat Support
 
@@ -10,7 +10,12 @@ When investigating {product-title} issues, Red Hat Support might ask you to uplo
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have SSH access to your hosts.
 * You have installed the OpenShift CLI (`oc`).
 * You have a Red Hat standard or premium Subscription.
@@ -33,7 +38,7 @@ $ oc debug node/my-cluster-node -- bash -c 'cat /host/var/tmp/my-diagnostic-data
 {product-title} {product-version} cluster nodes running {op-system-first} are immutable and rely on Operators to apply cluster changes. Transferring files from a cluster node by using `scp` is not recommended. However, if the {product-title} API is not available, or the kubelet is not properly functioning on the target node, `oc` operations will be impacted. In such situations, it is possible to copy diagnostic files from a node by running `scp core@<node>.<cluster_name>.<base_domain>:<file_path> <local_path>`.
 ====
 +
-. Navigate to an existing support case within link:https://access.redhat.com/support/cases/[https://access.redhat.com/support/cases/].
+. Navigate to an existing support case within link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 +
 . Select *Attach files* and follow the prompts to upload the file.
 
diff --git a/modules/support-starting-an-alternative-image-with-toolbox.adoc b/modules/support-starting-an-alternative-image-with-toolbox.adoc
index a6b489df595b..7eae5a622583 100644
--- a/modules/support-starting-an-alternative-image-with-toolbox.adoc
+++ b/modules/support-starting-an-alternative-image-with-toolbox.adoc
@@ -2,7 +2,7 @@
 //
 // * support/gathering-cluster-data.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="starting-an-alternative-image-with-toolbox_{context}"]
 = Starting an alternative image with `toolbox`
 
diff --git a/modules/support-submitting-a-case.adoc b/modules/support-submitting-a-case.adoc
index 6fd04be8ecb8..02c3ed3bf9f5 100644
--- a/modules/support-submitting-a-case.adoc
+++ b/modules/support-submitting-a-case.adoc
@@ -5,7 +5,7 @@
 // * service_mesh/v2x/ossm-troubleshooting-istio.adoc
 // * osd_architecture/osd-support.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="support-submitting-a-case_{context}"]
 = Submitting a support case
 
@@ -13,32 +13,42 @@
 
 ifndef::openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
-* You have installed the OpenShift CLI (`oc`).
 endif::openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+* You have installed the OpenShift CLI (`oc`).
 ifdef::openshift-dedicated[]
 * You have access to the {cluster-manager-first}.
 endif::openshift-dedicated[]
 * You have a Red Hat Customer Portal account.
 ifndef::openshift-dedicated[]
-* You have a Red Hat standard or premium Subscription.
+* You have a Red Hat Standard or Premium subscription.
 endif::openshift-dedicated[]
 
 .Procedure
 
-. Log in to the link:http://access.redhat.com[Red Hat Customer Portal] and select *SUPPORT CASES* -> *Open a case*.
+. Log in to link:https://access.redhat.com/support/cases/#/case/list[the *Customer Support* page] of the Red Hat Customer Portal.
 
-. Select the appropriate category for your issue (such as *Defect / Bug*), product (*{product-title}*), and product version
-ifndef::openshift-dedicated[]
-(*{product-version}*,
-endif::openshift-dedicated[]
-ifdef::openshift-dedicated[]
-(*{product-title}*,
-endif::openshift-dedicated[]
-if this is not already autofilled).
+. Click *Get support*.
 
-. Review the list of suggested Red Hat Knowledgebase solutions for a potential match against the problem that is being reported. If the suggested articles do not address the issue, click *Continue*.
+. On the *Cases* tab of the *Customer Support* page:
 
-. Enter a concise but descriptive problem summary and further details about the symptoms being experienced, as well as your expectations.
+.. Optional: Change the pre-filled account and owner details if needed.
+
+.. Select the appropriate category for your issue, such as *Bug or Defect*, and click *Continue*.
+
+. Enter the following information:
+
+.. In the *Summary* field, enter a concise but descriptive problem summary and further details about the symptoms being experienced, as well as your expectations.
+
+.. Select *{product-title}* from the *Product* drop-down menu.
+
+ifndef::openshift-rosa,openshift-dedicated[]
+.. Select *{product-version}* from the *Version* drop-down.
+endif::openshift-rosa,openshift-dedicated[]
+
+. Review the list of suggested Red Hat Knowledgebase solutions for a potential match against the problem that is being reported. If the suggested articles do not address the issue, click *Continue*.
 
 . Review the updated list of suggested Red Hat Knowledgebase solutions for a potential match against the problem that is being reported. The list is refined as you provide more information during the case creation process. If the suggested articles do not address the issue, click *Continue*.
 
@@ -55,7 +65,7 @@ endif::openshift-dedicated[]
 ifndef::openshift-dedicated[]
 +
 * To manually obtain your cluster ID using the {product-title} web console:
-.. Navigate to *Home* -> *Dashboards* -> *Overview*.
+.. Navigate to *Home* -> *Overview*.
 .. Find the value in the *Cluster ID* field of the *Details* section.
 +
 * Alternatively, it is possible to open a new support case through the {product-title} web console and have your cluster ID autofilled.
@@ -72,9 +82,10 @@ endif::openshift-dedicated[]
 
 . Complete the following questions where prompted and then click *Continue*:
 +
-* Where are you experiencing the behavior? What environment?
-* When does the behavior occur? Frequency? Repeatedly? At certain times?
-* What information can you provide around time-frames and the business impact?
+* What are you experiencing? What are you expecting to happen?
+* Define the value or impact to you or the business.
+* Where are you experiencing this behavior? What environment?
+* When does this behavior occur? Frequency? Repeatedly? At certain times?
 
 . Upload relevant diagnostic data files and click *Continue*.
 ifndef::openshift-dedicated[]
diff --git a/modules/support.adoc b/modules/support.adoc
index 22089ab7a629..956074d0c028 100644
--- a/modules/support.adoc
+++ b/modules/support.adoc
@@ -1,26 +1,40 @@
 // Module included in the following assemblies:
 //
-// * security/compliance_operator/compliance-operator-troubleshooting.adoc
+// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
 // * support/getting-support.adoc
 // * distr_tracing/distributed-tracing-release-notes.adoc
 // * service_mesh/v2x/ossm-support.adoc
 // * service_mesh/v2x/ossm-troubleshooting-istio.adoc
 // * service_mesh/v1x/servicemesh-release-notes.adoc
 // * osd_architecture/osd-support.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-0.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-1.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-2.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-3.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-4.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-5.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-6.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-7.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-8.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-2-9.adoc
+// * distr_tracing/distr_tracing_rn/distr-tracing-rn-3-0.adoc
+// * microshift_support/microshift-getting-support.adoc
 
 [id="support_{context}"]
 = Getting support
 
-If you experience difficulty with a procedure described in this documentation, or with {product-title} in general, visit the link:http://access.redhat.com[Red Hat Customer Portal]. From the Customer Portal, you can:
+If you experience difficulty with a procedure described in this documentation, or with {product-title} in general, visit the link:http://access.redhat.com[Red Hat Customer Portal].
+
+From the Customer Portal, you can:
 
 * Search or browse through the Red Hat Knowledgebase of articles and solutions relating to Red Hat products.
 * Submit a support case to Red Hat Support.
-// TODO: xref
 * Access other product documentation.
 
+ifndef::microshift[]
 To identify issues with your cluster, you can use Insights in {cluster-manager-url}. Insights provides details about issues and, if available, information on how to solve a problem.
 
 // TODO: verify that these settings apply for Service Mesh and OpenShift virtualization, etc.
 If you have a suggestion for improving this documentation or have found an
-error, submit a link:https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332330&summary=Documentation_issue&issuetype=1&components=12367614&priority=10200&versions=12385624[Jira issue] for the most relevant documentation component. Please
-provide specific details, such as the section name and {product-title} version.
+error, submit a link:https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332330&summary=Documentation_issue&issuetype=1&components=12367614&priority=10200&versions=12385624[Jira issue] for the most relevant documentation component. Please provide specific details, such as the section name and {product-title} version.
+endif::microshift[]
diff --git a/modules/supported-log-outputs.adoc b/modules/supported-log-outputs.adoc
new file mode 100644
index 000000000000..1c16d8ca0c41
--- /dev/null
+++ b/modules/supported-log-outputs.adoc
@@ -0,0 +1,90 @@
+// Module included in the following assemblies:
+//
+// * logging/log_collection_forwarding/logging-output-types.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="supported-log-outputs_{context}"]
+= Supported log forwarding outputs
+
+Outputs can be any of the following types:
+
+.Supported log output types
+[cols="5",options="header"]
+|===
+|Output type
+|Protocol
+|Tested with
+|Logging versions
+|Supported collector type
+
+|Elasticsearch v6
+|HTTP 1.1
+|6.8.1, 6.8.23
+|5.6+
+|Fluentd, Vector
+
+|Elasticsearch v7
+|HTTP 1.1
+|7.12.2, 7.17.7, 7.10.1
+|5.6+
+|Fluentd, Vector
+
+|Elasticsearch v8
+|HTTP 1.1
+|8.4.3, 8.6.1
+|5.6+
+|Fluentd ^[1]^, Vector
+
+|Fluent Forward
+|Fluentd forward v1
+|Fluentd 1.14.6, Logstash 7.10.1, Fluentd 1.14.5
+|5.4+
+|Fluentd
+
+|Google Cloud Logging
+|REST over HTTPS
+|Latest
+|5.7+
+|Vector
+
+|HTTP
+|HTTP 1.1
+|Fluentd 1.14.6, Vector 0.21
+|5.7+
+|Fluentd, Vector
+
+|Kafka
+|Kafka 0.11
+|Kafka 2.4.1, 2.7.0, 3.3.1
+|5.4+
+|Fluentd, Vector
+
+|Loki
+|REST over HTTP and HTTPS
+|2.3.0, 2.5.0, 2.7, 2.2.1
+|5.4+
+|Fluentd, Vector
+
+|Splunk
+|HEC
+|8.2.9, 9.0.0
+|5.7+
+|Vector
+
+|Syslog
+|RFC3164, RFC5424
+|Rsyslog 8.37.0-9.el7, rsyslog-8.39.0
+|5.4+
+|Fluentd, Vector ^[2]^
+
+|Amazon CloudWatch
+|REST over HTTPS
+|Latest
+|5.4+
+|Fluentd, Vector
+|===
+[.small]
+--
+1. Fluentd does not support Elasticsearch 8 in the {logging} version 5.6.2.
+2. Vector supports Syslog in the {logging} version 5.7 and higher.
+--
diff --git a/modules/supported-platforms-for-openshift-clusters.adoc b/modules/supported-platforms-for-openshift-clusters.adoc
index 390cb2919622..d10a48eae2fc 100644
--- a/modules/supported-platforms-for-openshift-clusters.adoc
+++ b/modules/supported-platforms-for-openshift-clusters.adoc
@@ -3,24 +3,23 @@
 // * architecture/architecture-installation.adoc
 // * installing/index.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="supported-platforms-for-openshift-clusters_{context}"]
 = Supported platforms for {product-title} clusters
 
 In {product-title} {product-version}, you can install a cluster that uses installer-provisioned infrastructure on the following platforms:
 
+* Alibaba Cloud
 * Amazon Web Services (AWS)
+* Bare metal
 * Google Cloud Platform (GCP)
+* {ibm-cloud-name}
 * Microsoft Azure
 * Microsoft Azure Stack Hub
-* {rh-openstack-first} versions 16.1 and 16.2
-** The latest {product-title} release supports both the latest {rh-openstack} long-life release and intermediate release. For complete {rh-openstack} release compatibility, see the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
-* IBM Cloud VPC
 * Nutanix
-* {rh-virtualization-first}
+* {rh-openstack-first}
+** The latest {product-title} release supports both the latest {rh-openstack} long-life release and intermediate release. For complete {rh-openstack} release compatibility, see the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
 * VMware vSphere
-* Alibaba Cloud
-* Bare metal
 
 For these clusters, all machines, including the computer that you run the installation process on, must have direct internet access to pull images for platform containers and provide telemetry data to Red Hat.
 
@@ -28,8 +27,8 @@ For these clusters, all machines, including the computer that you run the instal
 ====
 After installation, the following changes are not supported:
 
-* Mixing cloud provider platforms
-* Mixing cloud provider components, such as using a persistent storage framework from a differing platform than what the cluster is installed on
+* Mixing cloud provider platforms.
+* Mixing cloud provider components. For example, using a persistent storage framework from a another platform on the platform where you installed the cluster.
 ====
 
 In {product-title} {product-version}, you can install a cluster that uses user-provisioned infrastructure on the following platforms:
@@ -37,15 +36,17 @@ In {product-title} {product-version}, you can install a cluster that uses user-p
 * AWS
 * Azure
 * Azure Stack Hub
+* Bare metal
 * GCP
-* {rh-openstack} versions 16.1 and 16.2
-* {rh-virtualization}
-* VMware vSphere
+* {ibm-power-name}
+* {ibm-z-name} or {ibm-linuxone-name}
+* {rh-openstack}
+** The latest {product-title} release supports both the latest {rh-openstack} long-life release and intermediate release. For complete {rh-openstack} release compatibility, see the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
 * VMware Cloud on AWS
-* Bare metal
-* {ibmzProductName} or {linuxoneProductName}
-* {ibmpowerProductName}
+* VMware vSphere
+
+Depending on the supported cases for the platform, you can perform installations on user-provisioned infrastructure, so that you can run machines with full internet access, place your cluster behind a proxy, or perform a disconnected installation.
 
-Depending on the supported cases for the platform, installations on user-provisioned infrastructure allow you to run machines with full internet access, place your cluster behind a proxy, or perform a _restricted network installation_. In a restricted network installation, you can download the images that are required to install a cluster, place them in a mirror registry, and use that data to install your cluster. While you require internet access to pull images for platform containers, with a restricted network installation on vSphere or bare metal infrastructure, your cluster machines do not require direct internet access.
+In a disconnected installation, you can download the images that are required to install a cluster, place them in a mirror registry, and use that data to install your cluster. While you require internet access to pull images for platform containers, with a disconnected installation on vSphere or bare metal infrastructure, your cluster machines do not require direct internet access.
 
 The link:https://access.redhat.com/articles/4128421[OpenShift Container Platform 4.x Tested Integrations] page contains details about integration testing for different platforms.
diff --git a/modules/supporting-encapsulation.adoc b/modules/supporting-encapsulation.adoc
index 51a46b8e5d2f..059ebe48e350 100644
--- a/modules/supporting-encapsulation.adoc
+++ b/modules/supporting-encapsulation.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/optimization/optimizing-cpu-usage.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="supporting-encapsulation_{context}"]
 = Inspecting encapsulated namespaces
 
diff --git a/modules/telco-core-414-whats-new-ref-design.adoc b/modules/telco-core-414-whats-new-ref-design.adoc
new file mode 100644
index 000000000000..0546733a2f2a
--- /dev/null
+++ b/modules/telco-core-414-whats-new-ref-design.adoc
@@ -0,0 +1,56 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="telco-core-whats-new-ref-design_{context}""]
+= {product-title} {product-version} features for {rds}
+
+The following features that are included in {product-title} {product-version} and are leveraged by the {rds} reference design specification (RDS) have been added or updated.
+
+.New features for {rds} in {product-title} {product-version}
+[cols="1,3", options="header"]
+|====
+|Feature
+|Description
+
+//CNF-7349 Rootless DPDK pods
+|Support for running rootless Data Plane Development Kit (DPDK) workloads with kernel access by using the TAP CNI plugin
+a|DPDK applications that inject traffic into the kernel can run in non-privileged pods with the help of the TAP CNI plugin.
+
+* link:https://docs.openshift.com/container-platform/4.15/networking/hardware_networks/using-dpdk-and-rdma.html#nw-running-dpdk-rootless-tap_using-dpdk-and-rdma[Using the TAP CNI to run a rootless DPDK workload with kernel access]
+
+//CNF-5977 Better pinning of the networking stack
+|Dynamic use of non-reserved CPUs for OVS
+a|With this release, the Open vSwitch (OVS) networking stack can dynamically use non-reserved CPUs.
+The dynamic use of non-reserved CPUs occurs by default in performance-tuned clusters with a CPU manager policy set to `static`.
+The dynamic use of available, non-reserved CPUs maximizes compute resources for OVS and minimizes network latency for workloads during periods of high demand.
+OVS cannot use isolated CPUs assigned to containers in `Guaranteed` QoS pods. This separation avoids disruption to critical application workloads.
+
+//CNF-7760
+|Enabling more control over the C-states for each pod
+a|The `PerformanceProfile` supports `perPodPowerManagement` which provides more control over the C-states for pods. Now, instead of disabling C-states completely, you can specify a maximum latency in microseconds for C-states. You configure this option in the `cpu-c-states.crio.io` annotation, which helps to optimize power savings for high-priority applications by enabling some of the shallower C-states instead of disabling them completely.
+
+* link:https://docs.openshift.com/container-platform/4.15/scalability_and_performance/cnf-low-latency-tuning.html#node-tuning-operator-pod-power-saving-config_cnf-master[Optional: Power saving configurations]
+
+//CNF-7741 Permit to disable NUMA Aware scheduling hints based on SR-IOV VFs
+|Exclude SR-IOV network topology for NUMA-aware scheduling
+a|You can exclude advertising Non-Uniform Memory Access (NUMA) nodes for the SR-IOV network to the Topology Manager. By not advertising NUMA nodes for the SR-IOV network, you can permit more flexible SR-IOV network deployments during NUMA-aware pod scheduling.
+
+For example, in some scenarios, you want flexibility for how a pod is deployed. By not providing a NUMA node hint to the Topology Manager for the pod's SR-IOV network resource, the Topology Manager can deploy the SR-IOV network resource and the pod CPU and memory resources to different NUMA nodes. In previous {product-title} releases, the Topology Manager attempted to place all resources on the same NUMA node.
+
+* link:https://docs.openshift.com/container-platform/4.15/networking/hardware_networks/configuring-sriov-device.html#nw-sriov-exclude-topology-manager_configuring-sriov-device[Exclude the SR-IOV network topology for NUMA-aware scheduling]
+
+//CNF-8035 MetalLB VRF Egress interface selection with VRFs (Tech Preview)
+|Egress service resource to manage egress traffic for pods behind a load balancer (Technology Preview)
+a|With this update, you can use an `EgressService` custom resource (CR) to manage egress traffic for pods behind a load balancer service.
+
+You can use the `EgressService` CR to manage egress traffic in the following ways:
+
+* Assign the load balancer service's IP address as the source IP address of egress traffic for pods behind the load balancer service.
+
+* Configure the egress traffic for pods behind a load balancer to a different network than the default node network.
+
+* link:https://docs.openshift.com/container-platform/4.15/networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.html#configuring-egress-traffic-loadbalancer-services[Configuring an egress service]
+
+|====
diff --git a/modules/telco-core-cluster-network-operator.adoc b/modules/telco-core-cluster-network-operator.adoc
new file mode 100644
index 000000000000..9f9d29d20973
--- /dev/null
+++ b/modules/telco-core-cluster-network-operator.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-cluster-network-operator_{context}"]
+= Cluster Network Operator (CNO)
+
+New in this release::
+
+Not applicable.
+
+Description::
+
+The CNO deploys and manages the cluster network components including the default OVN-Kubernetes network plugin during {product-title} cluster installation. It allows configuring primary interface MTU settings, OVN gateway modes to use node routing tables for pod egress, and additional secondary networks such as MACVLAN.
++
+In support of network traffic segregation, multiple network interfaces are configured through the CNO. Traffic steering to these interfaces is configured through static routes applied by using the NMState Operator. To ensure that pod traffic is properly routed, OVN-K is configured with the `routingViaHost` option enabled. This setting uses the kernel routing table and the applied static routes rather than OVN for pod egress traffic.
++
+The Whereabouts CNI plugin is used to provide dynamic IPv4 and IPv6 addressing for additional pod network interfaces without the use of a DHCP server.
+
+Limits and requirements::
+
+* OVN-Kubernetes is required for IPv6 support.
+* Large MTU cluster support requires connected network equipment to be set to the same or larger value.
+
+Engineering considerations::
+* Pod egress traffic is handled by kernel routing table with the `routingViaHost` option. Appropriate static routes must be configured in the host.
+
diff --git a/modules/telco-core-cpu-partitioning-performance-tune.adoc b/modules/telco-core-cpu-partitioning-performance-tune.adoc
new file mode 100644
index 000000000000..9c6b708688d0
--- /dev/null
+++ b/modules/telco-core-cpu-partitioning-performance-tune.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-cpu-partitioning-performance-tune_{context}"]
+= CPU partitioning and performance tuning
+
+New in this release::
+
+Open vSwitch (OVS) is removed from CPU partitioning. OVS manages its cpuset dynamically to automatically adapt to network traffic needs. Users no longer need to reserve additional CPUs for handling high network throughput on the primary container network interface (CNI). There is no impact on the configuration needed to benefit from this change.
+
+Description::
+
+CPU partitioning allows for the separation of sensitive workloads from generic purposes, auxiliary processes, interrupts, and driver work queues to achieve improved performance and latency. The CPUs allocated to those auxiliary processes are referred to as `reserved` in the following sections. In hyperthreaded systems, a CPU is one hyperthread.
++
+For more information, see https://docs.openshift.com/container-platform/latest/scalability_and_performance/cnf-low-latency-tuning.html#cnf-cpu-infra-container_cnf-master[Restricting CPUs for infra and application containers].
++
+Configure system level performance.
+For recommended settings, see link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.html#ztp-du-configuring-host-firmware-requirements_sno-configure-for-vdu[Configuring host firmware for low latency and high performance].
+
+Limits and requirements::
+* The operating system needs a certain amount of CPU to perform all the support tasks including kernel networking.
+** A system with just user plane networking applications (DPDK) needs at least one Core (2 hyperthreads when enabled) reserved for the operating system and the infrastructure components.
+* A system with Hyper-Threading enabled must always put all core sibling threads to the same pool of CPUs.
+* The set of reserved and isolated cores must include all CPU cores.
+* Core 0 of each NUMA node must be included in the reserved CPU set.
+* Isolated cores might be impacted by interrupts. The following annotations must be attached to the pod if guaranteed QoS pods require full use of the CPU:
++
+----
+cpu-load-balancing.crio.io: "disable"
+cpu-quota.crio.io: "disable"
+irq-load-balancing.crio.io: "disable"
+----
+* When per-pod power management is enabled with `PerformanceProfile.workloadHints.perPodPowerManagement` the following annotations must also be attached to the pod if guaranteed QoS pods require full use of the CPU:
++
+----
+cpu-c-states.crio.io: "disable"
+cpu-freq-governor.crio.io: "performance"
+----
+
+Engineering considerations::
+* The minimum reserved capacity (`systemReserved`) required can be found by following the guidance in  link:https://access.redhat.com/solutions/5843241["Which amount of CPU and memory are recommended to reserve for the system in OCP 4 nodes?"]
+* The actual required reserved CPU capacity depends on the cluster configuration and workload attributes.
+* This reserved CPU value must be rounded up to a full core (2 hyper-thread) alignment.
+* Changes to the CPU partitioning will drain and reboot the nodes in the MCP.
+* The reserved CPUs reduce the pod density, as the reserved CPUs are removed from the allocatable capacity of the OpenShift node.
+* The real-time workload hint should be enabled if the workload is real-time capable.
+* Hardware without Interrupt Request (IRQ) affinity support will impact isolated CPUs. To ensure that pods with guaranteed CPU QoS have full use of allocated CPU, all hardware in the server must support IRQ affinity.
diff --git a/modules/telco-core-crs-machine-configuration.adoc b/modules/telco-core-crs-machine-configuration.adoc
new file mode 100644
index 000000000000..9eacac00e7d5
--- /dev/null
+++ b/modules/telco-core-crs-machine-configuration.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="reference-crs_{context}"]
+= Reference CRs
+
+.Resource Tuning
+[cols="3*"]
+|====
+| Component | Reference CR | Optional
+
+| System Reserved capacity a| * xref:telco-core-ref-du-crs.adoc#pid-limits-cr-yaml[pid-limits-cr.yaml]
+* xref:telco-core-ref-du-crs.adoc#control-plane-system-reserved[control-plane-system-reserved.yaml] | Yes
+
+|====
\ No newline at end of file
diff --git a/modules/telco-core-crs-networking.adoc b/modules/telco-core-crs-networking.adoc
new file mode 100644
index 000000000000..bc5f8e36757f
--- /dev/null
+++ b/modules/telco-core-crs-networking.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="networking-crs_{context}"]
+= Networking reference CRs
+
+.Networking CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Baseline,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-network-yaml[Network.yaml],No,No
+Baseline,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-networkattachmentdefinition-yaml[networkAttachmentDefinition.yaml],Yes,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sriovsubscriptionns-yaml[SriovSubscriptionNS.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sriovsubscriptionopergroup-yaml[SriovSubscriptionOperGroup.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sriovsubscription-yaml[SriovSubscription.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sriovoperatorconfig-yaml[SriovOperatorConfig.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sriovnetworknodepolicy-yaml[sriovNetworkNodePolicy.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sriovnetwork-yaml[sriovNetwork.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-metallbns-yaml[metallbNS.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-metallbopergroup-yaml[metallbOperGroup.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-metallbsubscription-yaml[metallbSubscription.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-metallb-yaml[metallb.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-bgp-peer-yaml[bgp-peer.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-bfd-profile-yaml[bfd-profile.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-addr-pool-yaml[addr-pool.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-bgp-advr-yaml[bgp-advr.yaml],No,No
+Multus - Tap CNI for rootless DPDK pod,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-mc_rootless_pods_selinux-yaml[mc_rootless_pods_selinux.yaml],Yes,No
+|====
diff --git a/modules/telco-core-crs-other.adoc b/modules/telco-core-crs-other.adoc
new file mode 100644
index 000000000000..5b8aaf24bb5b
--- /dev/null
+++ b/modules/telco-core-crs-other.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="other-crs_{context}"]
+= Other reference CRs
+
+.Other CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Disconnected configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-catalog-source-yaml[catalog-source.yaml],No,No
+Disconnected configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-icsp-yaml[icsp.yaml],No,No
+Disconnected configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-operator-hub-yaml[operator-hub.yaml],No,No
+Cluster logging,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-clusterlogns-yaml[ClusterLogNS.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-clusterlogopergroup-yaml[ClusterLogOperGroup.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-clusterlogsubscription-yaml[ClusterLogSubscription.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-clusterlogforwarder-yaml[ClusterLogForwarder.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-clusterlogging-yaml[ClusterLogging.yaml],Yes,No
+Additional kernel modules,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-control-plane-load-kernel-modules-yaml[control-plane-load-kernel-modules.yaml],Yes,No
+Additional kernel modules,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-worker-load-kernel-modules-yaml[worker-load-kernel-modules.yaml],Yes,No
+Additional kernel modules,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sctp_module_mc-yaml[sctp_module_mc.yaml],Yes,No
+Power management,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-performanceprofile-yaml[PerformanceProfile.yaml],No,No
+Monitoring and observability,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-monitoring-config-cm-yaml[monitoring-config-cm.yaml],Yes,No
+|====
diff --git a/modules/telco-core-crs-resource-tuning.adoc b/modules/telco-core-crs-resource-tuning.adoc
new file mode 100644
index 000000000000..b7a5356309c7
--- /dev/null
+++ b/modules/telco-core-crs-resource-tuning.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="resource-tuning-crs_{context}"]
+= Resource Tuning reference CRs
+
+.Resource Tuning CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+System reserved capacity,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-pid-limits-cr-yaml[pid-limits-cr.yaml],Yes,No
+System reserved capacity,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-control-plane-system-reserved-yaml[control-plane-system-reserved.yaml],Yes,No
+|====
diff --git a/modules/telco-core-crs-scheduling.adoc b/modules/telco-core-crs-scheduling.adoc
new file mode 100644
index 000000000000..f1b487e0052a
--- /dev/null
+++ b/modules/telco-core-crs-scheduling.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="scheduling-crs_{context}"]
+= Scheduling reference CRs
+
+.Scheduling CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-nropsubscriptionns-yaml[NROPSubscriptionNS.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-nropsubscriptionopergroup-yaml[NROPSubscriptionOperGroup.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-nropsubscription-yaml[NROPSubscription.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-sched-yaml[sched.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-nrop-yaml[nrop.yaml],No,No
+|====
diff --git a/modules/telco-core-crs-storage.adoc b/modules/telco-core-crs-storage.adoc
new file mode 100644
index 000000000000..c9738be146a2
--- /dev/null
+++ b/modules/telco-core-crs-storage.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="storage-crs_{context}"]
+= Storage reference CRs
+
+.Storage CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+External ODF configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-odfns-yaml[odfNS.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-odfopergroup-yaml[odfOperGroup.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-odfsubscription-yaml[odfSubscription.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-01-rook-ceph-external-cluster-details.secret-yaml[01-rook-ceph-external-cluster-details.secret.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/core/telco-core-ref-crs.adoc#telco-core-02-ocs-external-storagecluster-yaml[02-ocs-external-storagecluster.yaml],No,No
+|====
diff --git a/modules/telco-core-hardware-platform-specifications.adoc b/modules/telco-core-hardware-platform-specifications.adoc
new file mode 100644
index 000000000000..e43a0b330fe6
--- /dev/null
+++ b/modules/telco-core-hardware-platform-specifications.adoc
@@ -0,0 +1,61 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-validation-artifacts.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-hardware-platform-specifications_{context}"]
+= Hardware platform specifications
+
+The telco core DU reference configuration is validated with the following hardware:
+
+.Validated {sno} DU cluster hardware
+[cols="1,3", width="90%", options="header"]
+|====
+|Server
+|Specifications
+
+|Dell PowerEdge R640
+a|* 192G RAM
+* 64 cores
+
+|HP ProLiant e910
+a|* 96G RAM
+* 48 cores
+|====
+
+.Validated  CNF compute cluster hardware
+[cols="1,3", width="90%", options="header"]
+|====
+|Server
+|Specifications
+
+|Dell R640/750 (2-sockets)
+a|* 2 x Intel Xeon Gold 6248 CPUs
+* 196 to 256GB RAM
+* 2.5 to 3 TB HD
+|====
+
+.Validated NICs
+[cols="1,3", width="90%", options="header"]
+|====
+|Network interface
+|Description
+
+|Intel X722
+a|* 10/1 GbE backplane
+
+|Mellanox ConnectX-4 Lx
+a|* 2 ports
+* 25 GbE
+* PCIe 3.0
+|====
+
+.Validated Storage
+[cols="1,3", width="90%", options="header"]
+|====
+|Device
+|Description
+
+|NVME drive
+a|
+|====
\ No newline at end of file
diff --git a/modules/telco-core-installation.adoc b/modules/telco-core-installation.adoc
new file mode 100644
index 000000000000..5c1432a541d2
--- /dev/null
+++ b/modules/telco-core-installation.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-installation_{context}"]
+= Installation
+
+New in this release::
+
+
+Description::
+
+{rds-caps} clusters can be installed using the Agent Based Installer (ABI). This method allows users to install {product-title} on bare metal servers without requiring additional servers or VMs for managing the installation. The ABI installer can be run on any system for example a laptop to generate an ISO installation image. This ISO is used as the installation media for the cluster supervisor nodes. Progress can be monitored using the ABI tool from any system with network connectivity to the supervisor node’s API interfaces.
+
+* Installation from declarative CRs
+* Does not require additional servers to support installation
+* Supports install in disconnected environment
+
+Limits and requirements::
+
+* Disconnected installation requires a reachable registry with all required content mirrored.
+
+Engineering considerations::
+
+* Networking configuration should be applied as NMState configuration during installation in preference to day-2 configuration by using the NMState Operator.
\ No newline at end of file
diff --git a/modules/telco-core-kernel.adoc b/modules/telco-core-kernel.adoc
new file mode 100644
index 000000000000..3fc2be68d495
--- /dev/null
+++ b/modules/telco-core-kernel.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/core/telco-core-ref-design-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-kernel_{context}"]
+= Kernel
+
+New in this release::
+
+Not applicable
+
+Description::
+
+The user can install the following kernel modules by using `MachineConfig` to provide extended kernel functionality to CNFs:
+
+* sctp
+* ip_gre
+* ip6_tables
+* ip6t_REJECT
+* ip6table_filter
+* ip6table_mangle
+* iptable_filter
+* iptable_mangle
+* iptable_nat
+* xt_multiport
+* xt_owner
+* xt_REDIRECT
+* xt_statistic
+* xt_TCPMSS
+* xt_u32
+
+Limits and requirements::
+
+* Use of functionality available through these kernel modules must be analyzed by the user to determine the impact on CPU load, system performance, and ability to sustain KPI.
++
+[NOTE]
+====
+Out of tree drivers are not supported.
+====
+
+Engineering considerations::
+
+Not applicable
\ No newline at end of file
diff --git a/modules/telco-core-load-balancer.adoc b/modules/telco-core-load-balancer.adoc
new file mode 100644
index 000000000000..bb74e0d4712a
--- /dev/null
+++ b/modules/telco-core-load-balancer.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-load-balancer_{context}"]
+= Load Balancer
+
+New in this release::
+
+Not applicable.
+
+Description::
+
+MetalLB is a load-balancer implementation for bare metal Kubernetes clusters using standard routing protocols. It enables a Kubernetes service to get an external IP address which is also added to the host network for the cluster.
++
+Some use cases might require features not available in MetalLB, for example stateful load balancing. Where necessary, you can use an external third party load balancer. Selection and configuration of an external load balancer is outside the scope of this specification. When an external third party load balancer is used, the integration effort must include enough analysis to ensure all performance and resource utilization requirements are met.
+
+Limits and requirements::
+
+* Stateful load balancing is not supported by MetalLB. An alternate load balancer implementation must be used if this is a requirement for workload CNFs.
+* The networking infrastructure must ensure that the external IP address is routable from clients to the host network for the cluster.
+
+Engineering considerations::
+* MetalLB is used in BGP mode only for core use case models.
+* For core use models, MetalLB is supported with only the OVN-Kubernetes network provider used in local gateway mode. See `routingViaHost` in the "Cluster Network Operator" section.
+* BGP configuration in MetalLB varies depending on the requirements of the network and peers.
+* Address pools can be configured as needed, allowing variation in addresses, aggregation length, auto assignment, and other relevant parameters.
+* The values of parameters in the Bi-Directional Forwarding Detection (BFD) profile should remain close to the defaults. Shorter values might lead to false negatives and impact performance.
\ No newline at end of file
diff --git a/modules/telco-core-logging.adoc b/modules/telco-core-logging.adoc
new file mode 100644
index 000000000000..8f8be636d9bf
--- /dev/null
+++ b/modules/telco-core-logging.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-logging_{context}"]
+= Logging
+
+New in this release::
+
+Not applicable
+
+Description::
+
+The ClusterLogging Operator enables collection and shipping of logs off the node for remote archival and analysis. The reference configuration ships audit and infrastructure logs to a remote archive by using Kafka.
+
+Limits and requirements::
+
+Not applicable
+
+Engineering considerations::
+* The impact of cluster CPU use is based on the number or size of logs generated and the amount of log filtering configured.
+* The reference configuration does not include shipping of application logs. Inclusion of application logs in the configuration requires evaluation of the application logging rate and sufficient additional CPU resources allocated to the reserved set.
diff --git a/modules/telco-core-monitoring.adoc b/modules/telco-core-monitoring.adoc
new file mode 100644
index 000000000000..3fd334ad3e43
--- /dev/null
+++ b/modules/telco-core-monitoring.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-monitoring_{context}"]
+= Monitoring
+
+New in this release::
+
+Not applicable
+
+Description::
+
+The Cluster Monitoring Operator is included by default on all OpenShift clusters and provides monitoring (metrics, dashboards, and alerting) for the platform components and optionally user projects as well.
++
+Configuration of the monitoring operator allows for customization, including:
++
+--
+- Default retention period
+- Custom alert rules
+--
+The default handling of pod CPU and memory metrics is based on upstream Kubernetes `cAdvisor` and makes a tradeoff that prefers handling of stale data over metric accuracy. This leads to spiky data that will create false triggers of alerts over user-specified thresholds. OpenShift supports an opt-in dedicated service monitor feature creating an additional set of pod CPU and memory metrics that do not suffer from the spiky behavior. For additional information, see link:https://access.redhat.com/solutions/7012719[this solution guide].
++
+In addition to default configuration, the following metrics are expected to be configured for {rds} clusters:
+
+* Pod CPU and memory metrics and alerts for user workloads
+
+Limits and requirements::
+
+* Monitoring configuration must enable the dedicated service monitor feature for accurate representation of pod metrics
+
+Engineering considerations::
+
+* The Prometheus retention period is specified by the user. The value used is a tradeoff between operational requirements for maintaining historical data on the cluster against CPU and storage resources. Longer retention periods increase the need for storage and require additional CPU to manage the indexing of data.
+
diff --git a/modules/telco-core-power-management.adoc b/modules/telco-core-power-management.adoc
new file mode 100644
index 000000000000..a948fc8977a2
--- /dev/null
+++ b/modules/telco-core-power-management.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-power-management_{context}"]
+= Power Management
+
+New in this release::
+* You can specify a maximum latency that is C-state for a low latency pod when using per-pod power management. Previously, C-states could only be disabled completely on a per pod basis.
+
+Description::
+
+The link:https://docs.openshift.com/container-platform/4.15/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.html#spec-workloadhints[Performance Profile] can be used to configure a cluster in a high power, low power or mixed (link:https://docs.openshift.com/container-platform/4.15/scalability_and_performance/cnf-low-latency-tuning.html#node-tuning-operator-pod-power-saving-config_cnf-master[per-pod power management]) mode. The choice of power mode depends on the characteristics of the workloads running on the cluster particularly how sensitive they are to latency.
+
+Limits and requirements::
+* Power configuration relies on appropriate BIOS configuration, for example, enabling C-states and P-states. Configuration varies between hardware vendors.
+
+
+Engineering considerations::
+* Latency: To ensure that latency-sensitive workloads meet their requirements, you will need either a high-power configuration or a per-pod power management configuration. Per-pod power management is only available for `Guaranteed` QoS Pods with dedicated pinned CPUs.
diff --git a/modules/telco-core-rds-disconnected.adoc b/modules/telco-core-rds-disconnected.adoc
new file mode 100644
index 000000000000..134e2cd40ba1
--- /dev/null
+++ b/modules/telco-core-rds-disconnected.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/core/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-disconnected-environment_{context}"]
+= Disconnected environment
+
+Description::
+{rds-caps} clusters are expected to be installed in networks without direct access to the internet. All container images needed to install, configure, and operator the cluster must be available in a disconnected registry. This includes {product-title} images, day-2 Operator Lifecycle Manager (OLM) Operator images, and application workload images. The use of a disconnected environment provides multiple benefits, for example:
+
+* Limiting access to the cluster for security
+* Curated content: The registry is populated based on curated and approved updates for the clusters
+
+Limits and requirements::
+
+* A unique name is required for all custom CatalogSources. Do not reuse the default catalog names.
+* A valid time source must be configured as part of cluster installation.
+
+Engineering considerations::
+
+Not applicable
\ No newline at end of file
diff --git a/modules/telco-core-rds-networking.adoc b/modules/telco-core-rds-networking.adoc
new file mode 100644
index 000000000000..b6cf31f69df9
--- /dev/null
+++ b/modules/telco-core-rds-networking.adoc
@@ -0,0 +1,10 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/core/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-networking_{context}"]
+= Networking
+
+{product-title} networking is an ecosystem of features, plugins, and advanced networking capabilities that extend Kubernetes networking with the advanced networking-related features that your cluster needs to manage its network traffic for one or multiple hybrid clusters.
+
diff --git a/modules/telco-core-ref-application-workloads.adoc b/modules/telco-core-ref-application-workloads.adoc
new file mode 100644
index 000000000000..5bb2d8658e36
--- /dev/null
+++ b/modules/telco-core-ref-application-workloads.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-ref-application-workloads_{context}"]
+= Application workloads
+
+Application workloads running on core clusters might include a mix of high-performance networking CNFs and traditional best-effort or burstable pod workloads.
+
+Guaranteed QoS scheduling is available to pods that require exclusive or dedicated use of CPUs due to performance or security requirements. Typically pods hosting high-performance and low-latency-sensitive Cloud Native Functions (CNFs) utilizing user plane networking with DPDK necessitate the exclusive utilization of entire CPUs. This is accomplished through node tuning and guaranteed Quality of Service (QoS) scheduling. For pods that require exclusive use of CPUs, be aware of the potential implications of hyperthreaded systems and configure them to request multiples of 2 CPUs when the entire core (2 hyperthreads) must be allocated to the pod.
+
+Pods running network functions that do not require the high throughput and low latency networking are typically scheduled with best-effort or burstable QoS and do not require dedicated or isolated CPU cores.
+
+Description of limits::
+
+* CNF applications should conform to the latest version of the _CNF Best Practices_ guide.
+* For a mix of best-effort and burstable QoS pods.
+** Guaranteed QoS pods might be used but require correct configuration of reserved and isolated CPUs in the `PerformanceProfile`.
+** Guaranteed QoS Pods must include annotations for fully isolating CPUs.
+** Best effort and burstable pods are not guaranteed exclusive use of a CPU. Workloads might be preempted by other workloads, operating system daemons, or kernel tasks.
+* Exec probes should be avoided unless there is no viable alternative.
+** Do not use exec probes if a CNF is using CPU pinning.
+** Other probe implementations, for example `httpGet/tcpSocket`, should be used.
+
+Signaling workload::
+
+* Signaling workloads typically use SCTP, REST, gRPC, or similar TCP or UDP protocols.
+* The transactions per second (TPS) is in the order of hundreds of thousands using secondary CNI (multus) configured as MACVLAN or SR-IOV.
+* Signaling workloads run in pods with either guaranteed or burstable QoS.
diff --git a/modules/telco-core-ref-config-kpi-testing.adoc b/modules/telco-core-ref-config-kpi-testing.adoc
new file mode 100644
index 000000000000..bd639df9b64a
--- /dev/null
+++ b/modules/telco-core-ref-config-kpi-testing.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-validation-artifacts.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-rcorean-ref-config-kpi-testing_{context}"]
+= KPI testing results
+
+Key Performance Indicator (KPI) testing is used to validate the core reference design configuration.
+Some key metrics and results from these tests are described below.
+
+[NOTE]
+====
+
+====
+
+.Summary of telco core {product-version} performance KPI results
+[cols="1,3,2", options="header"]
+|====
+|KPI test
+|Measurements
+|Results
+
+|
+a|
+a|
+
+|====
\ No newline at end of file
diff --git a/modules/telco-core-ref-config-scale-testing.adoc b/modules/telco-core-ref-config-scale-testing.adoc
new file mode 100644
index 000000000000..c1b9fb51ca6a
--- /dev/null
+++ b/modules/telco-core-ref-config-scale-testing.adoc
@@ -0,0 +1,11 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-validation-artifacts.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-ref-config-scale-testing_{context}"]
+= Telco core scale test results
+
+The Red Hat performance and scale lab successfully
+
+Scale tests are run with a representative three-node hub cluster with the following specifications and lab network configurations applied.
\ No newline at end of file
diff --git a/modules/telco-core-ref-design-baseline-model.adoc b/modules/telco-core-ref-design-baseline-model.adoc
new file mode 100644
index 000000000000..a794624bdf1e
--- /dev/null
+++ b/modules/telco-core-ref-design-baseline-model.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-ref-design-baseline-model_{context}"]
+= Common baseline model
+
+The following configurations and use model description are applicable to all {rds} use cases.
+
+Cluster::
+
+The cluster conforms to these requirements:
+
+* High-availability (3+ supervisor nodes) control plane
+* Non-schedulable supervisor nodes
+
+Storage::
+
+Core use cases require persistent storage as provided by external {rh-storage}. For more information, see the "Storage" subsection in "Reference core design components".
+
+Networking::
+
+{rds-caps} clusters networking conforms to these requirements:
+
+* Dual stack IPv4/IPv6
+
+* Fully disconnected: Clusters do not have access to public networking at any point in their lifecycle.
+
+* Multiple networks: Segmented networking provides isolation between OAM, signaling, and storage traffic.
+
+* Cluster network type: OVN-Kubernetes is required for IPv6 support.
+
++
+Core clusters have multiple layers of networking supported by underlying RHCOS, SR-IOV Operator, Load Balancer, and other components detailed in the following "Networking" section. At a high level these layers include:
+
+* Cluster networking: The cluster network configuration is defined and applied through the installation configuration. Updates to the configuration can be done at day-2 through the NMState Operator. Initial configuration can be used to establish:
+
+** Host interface configuration
+
+** A/A Bonding (Link Aggregation Control Protocol (LACP))
+
+* Secondary or additional networks: OpenShift CNI is configured through the Network `additionalNetworks` or NetworkAttachmentDefinition CRs.
+
+** MACVLAN
+
+* Application Workload: User plane networking is running in cloud-native network functions (CNFs).
+
+Service Mesh::
+
+Use of Service Mesh by telco CNFs is very common. It is expected that all core clusters will include a Service Mesh implementation. Service Mesh implementation and configuration is outside the scope of this specification.
diff --git a/modules/telco-core-ref-eng-usecase-model.adoc b/modules/telco-core-ref-eng-usecase-model.adoc
new file mode 100644
index 000000000000..f3dc132b3f35
--- /dev/null
+++ b/modules/telco-core-ref-eng-usecase-model.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-ref-eng-usecase-model_{context}"]
+= Engineering Considerations common use model
+
+The following engineering considerations are relevant for the common use model.
+
+Worker nodes::
+
+* Worker nodes run on Intel 3rd Generation Xeon (IceLake) processors or newer. Alternatively, if using Skylake or earlier processors, the mitigations for silicon security vulnerabilities such as Spectre must be disabled; failure to do so may result in a significant 40 percent decrease in transaction performance.
+
+* IRQ Balancing is enabled on worker nodes. The `PerformanceProfile` sets `globallyDisableIrqLoadBalancing: false`. Guaranteed QoS Pods are annotated to ensure isolation as described in "CPU partitioning and performance tuning" subsection in "Reference core design components" section.
+
+All nodes::
+
+* Hyper-Threading is enabled on all nodes
+* CPU architecture is `x86_64` only
+* Nodes are running the stock (non-RT) kernel
+* Nodes are not configured for workload partitioning
+
+The balance of node configuration between power management and maximum performance varies between `MachineConfigPools` in the cluster. This configuration is consistent for all nodes within a `MachineConfigPool`.
+
+CPU partitioning::
+
+CPU partitioning is configured using the PerformanceProfile and applied on a per `MachineConfigPool` basis. See the "CPU partitioning and performance tuning" subsection in "Reference core design components".
\ No newline at end of file
diff --git a/modules/telco-core-scalability.adoc b/modules/telco-core-scalability.adoc
new file mode 100644
index 000000000000..79fd2c9edfe0
--- /dev/null
+++ b/modules/telco-core-scalability.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-scalability_{context}"]
+= Scalability
+
+New in this release::
+
+Not applicable
+
+Description::
+
+Clusters will scale to the sizing listed in the limits and requirements section.
++
+Scaling of workloads is described in the use model section.
+
+Limits and requirements::
+
+* Cluster scales to at least 120 nodes
+
+Engineering considerations::
+
+Not applicable
+
diff --git a/modules/telco-core-scheduling.adoc b/modules/telco-core-scheduling.adoc
new file mode 100644
index 000000000000..78cc350c31aa
--- /dev/null
+++ b/modules/telco-core-scheduling.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-scheduling_{context}"]
+= Scheduling
+
+New in this release::
+
+* NUMA-aware scheduling with the NUMA Resources Operator is now generally available in {product-title} {product-version}.
+* With this release, you can exclude advertising the Non-Uniform Memory Access (NUMA) node for the SR-IOV network to the Topology Manager. By not advertising the NUMA node for the SR-IOV network, you can permit more flexible SR-IOV network deployments during NUMA-aware pod scheduling. To exclude advertising the NUMA node for the SR-IOV network resource to the Topology Manager, set the value `excludeTopology` to `true` in the `SriovNetworkNodePolicy` CR. For more information, see link:https://docs.openshift.com/container-platform/4.15/networking/hardware_networks/configuring-sriov-device.html#nw-sriov-exclude-topology-manager_configuring-sriov-device[Exclude the SR-IOV network topology for NUMA-aware scheduling].
+
+Description::
+
+* The scheduler is a cluster-wide component responsible for selecting the right node for a given workload. It is a core part of the platform and does not require any specific configuration in the common deployment scenarios. However, there are few specific use cases described in the following section.
+
+Limits and requirements::
+
+* The default scheduler does not understand the NUMA locality of workloads. It only knows about the sum of all free resources on a worker node. This might cause workloads to be rejected when scheduled to a node with https://docs.openshift.com/container-platform/latest/scalability_and_performance/using-cpu-manager.html#topology_manager_policies_using-cpu-manager-and-topology_manager[Topology manager policy] set to `single-numa-node` or `restricted`.
+** For example, consider a pod requesting 6 CPUs and being scheduled to an empty node that has 4 CPUs per NUMA node. The total allocatable capacity of the node is 8 CPUs and the scheduler will place the pod there. The node local admission will fail, however, as there are only 4 CPUs available in each of the NUMA nodes.
+** All clusters with multi-NUMA nodes are required to use the https://docs.openshift.com/container-platform/latest/scalability_and_performance/cnf-numa-aware-scheduling.html#installing-the-numa-resources-operator_numa-aware[NUMA Resources Operator]. The `machineConfigPoolSelector` of the NUMA Resources Operator must select all nodes where NUMA aligned scheduling is needed.
+* All machine config pools must have consistent hardware configuration for example all nodes are expected to have the same NUMA zone count.
+
+Engineering considerations::
+
+* Pods might require annotations for correct scheduling and isolation. For more information on annotations, see the "CPU Partitioning and performance tuning" section.
+
diff --git a/modules/telco-core-security.adoc b/modules/telco-core-security.adoc
new file mode 100644
index 000000000000..941748913dd0
--- /dev/null
+++ b/modules/telco-core-security.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-security_{context}"]
+= Security
+
+New in this release::
+
+* DPDK applications that need to inject traffic to the kernel can run in non-privileged pods with the help of the TAP CNI plugin. Furthermore, in this 4.14 release that ability to create a MAC-VLAN, IP-VLAN, and VLAN subinterface based on a master interface in a container namespace is generally available.
+
+Description::
+
+Telco operators are security conscious and require clusters to be hardened against multiple attack vectors. Within {product-title}, there is no single component or feature responsible for securing a cluster. This section provides details of security-oriented features and configuration for the use models covered in this specification.
+
+* **SecurityContextConstraints**: All workload pods should be run with restricted-v2 or restricted SCC.
+* **Seccomp**: All pods should be run with the `RuntimeDefault` (or stronger) seccomp profile.
+* **Rootless DPDK pods**: Many user-plane networking (DPDK) CNFs require pods to run with root privileges. With this feature, a conformant DPDK pod can be run without requiring root privileges.
+* **Storage**: The storage network should be isolated and non-routable to other cluster networks. See the "Storage" section for additional details.
+
+Limits and requirements::
+
+* Rootless DPDK pods requires the following additional configuration steps:
+** Configure the TAP plugin with the `container_t` SELinux context.
+** Enable the `container_use_devices` SELinux boolean on the hosts.
+
+Engineering considerations::
+
+* For rootless DPDK pod support, the SELinux boolean `container_use_devices` must be enabled on the host for the TAP device to be created. This introduces a security risk that is acceptable for short to mid-term use. Other solutions will be explored.
\ No newline at end of file
diff --git a/modules/telco-core-service-mesh.adoc b/modules/telco-core-service-mesh.adoc
new file mode 100644
index 000000000000..cf6ce127af88
--- /dev/null
+++ b/modules/telco-core-service-mesh.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-service-mesh_{context}"]
+= Service Mesh
+
+Description::
+
+{rds-caps} CNFs typically require a service mesh implementation. The specific features and performance required are dependent on the application. The selection of service mesh implementation and configuration is outside the scope of this documentation. The impact of service mesh on cluster resource utilization and performance, including additional latency introduced into pod networking, must be accounted for in the overall solution engineering.
+
diff --git a/modules/telco-core-sriov.adoc b/modules/telco-core-sriov.adoc
new file mode 100644
index 000000000000..877e7f6c0ee1
--- /dev/null
+++ b/modules/telco-core-sriov.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-sriov_{context}"]
+= SR-IOV
+
+New in this release::
+
+Not applicable
+
+Description::
+
+SR-IOV enables physical network interfaces (PFs) to be divided into multiple virtual functions (VFs). VFs can then be assigned to multiple pods to achieve higher throughput performance while keeping the pods isolated. The SR-IOV Network Operator provisions and manages SR-IOV CNI, network device plugin, and other components of the SR-IOV stack.
+
+Limits and requirements::
+
+* The network interface controllers supported are listed in link:https://docs.openshift.com/container-platform/4.15/networking/hardware_networks/about-sriov.html#nw-sriov-supported-platforms_about-sriov[OCP supported SR-IOV devices]
+* SR-IOV and IOMMU enablement in BIOS: The SR-IOV Network Operator automatically enables IOMMU on the kernel command line.
+* SR-IOV VFs do not receive link state updates from PF. If link down detection is needed, it must be done at the protocol level.
+
+Engineering considerations::
+* SR-IOV interfaces in `vfio` mode are typically used to enable additional secondary networks for applications that require high throughput or low latency.
diff --git a/modules/telco-core-storage.adoc b/modules/telco-core-storage.adoc
new file mode 100644
index 000000000000..3af86ce59de6
--- /dev/null
+++ b/modules/telco-core-storage.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/core/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-storage_{context}"]
+= Storage
+
+Overview::
+Cloud native storage services can be provided by multiple solutions including {rh-storage} from Red Hat or third parties.
++
+{rh-storage} is a Ceph based software-defined storage solution for containers. It provides block storage, file system storage, and on-premises object storage, which can be dynamically provisioned for both persistent and non-persistent data requirements. {rds-caps} applications require persistent storage.
++
+[NOTE]
+====
+All storage data may not be encrypted in flight. To reduce risk, isolate the storage network from other cluster networks. The storage network must not be reachable, or routable, from other cluster networks. Only nodes directly attached to the storage network should be allowed to gain access to it.
+====
+
+== {rh-storage}
+
+New in this release::
+
+Not applicable
+
+Description::
+
+{rh-storage-first} is a software-defined storage service for containers.
+For {rds-caps} clusters, storage support is provided by {rh-storage} storage services running externally to the application workload cluster. {rh-storage} supports separation of storage traffic using secondary CNI networks.
+
+Limits and requirements::
+* In an IPv4/IPv6 dual-stack networking environment, {rh-storage} uses IPv4 addressing. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html-single/4.13_release_notes/index#support_openshift_dual_stack_with_odf_using_ipv4[Support OpenShift dual stack with ODF using IPv4].
+
+
+Engineering considerations::
+* {rh-storage} network traffic should be isolated from other traffic on a dedicated network, for example, by using VLAN isolation.
+
+== Other Storage
+
+Other storage solutions can be used to provide persistent storage for core clusters. The configuration and integration of these solutions is outside the scope of the {rds} RDS. Integration of the storage solution into the core cluster must include correct sizing and performance analysis to ensure the storage meets overall performance and resource utilization requirements.
diff --git a/modules/telco-core-yaml-ref-networking.adoc b/modules/telco-core-yaml-ref-networking.adoc
new file mode 100644
index 000000000000..c9937608daf5
--- /dev/null
+++ b/modules/telco-core-yaml-ref-networking.adoc
@@ -0,0 +1,127 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="networking-yaml_{context}"]
+= Networking reference YAML
+
+[id="telco-core-network-yaml"]
+.Network.yaml
+[source,yaml]
+----
+include::snippets/telco-core_Network.yaml[]
+----
+
+[id="telco-core-networkattachmentdefinition-yaml"]
+.networkAttachmentDefinition.yaml
+[source,yaml]
+----
+include::snippets/telco-core_networkAttachmentDefinition.yaml[]
+----
+
+[id="telco-core-sriovsubscriptionns-yaml"]
+.SriovSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/telco-core_SriovSubscriptionNS.yaml[]
+----
+
+[id="telco-core-sriovsubscriptionopergroup-yaml"]
+.SriovSubscriptionOperGroup.yaml
+[source,yaml]
+----
+include::snippets/telco-core_SriovSubscriptionOperGroup.yaml[]
+----
+
+[id="telco-core-sriovsubscription-yaml"]
+.SriovSubscription.yaml
+[source,yaml]
+----
+include::snippets/telco-core_SriovSubscription.yaml[]
+----
+
+[id="telco-core-sriovoperatorconfig-yaml"]
+.SriovOperatorConfig.yaml
+[source,yaml]
+----
+include::snippets/telco-core_SriovOperatorConfig.yaml[]
+----
+
+[id="telco-core-sriovnetworknodepolicy-yaml"]
+.sriovNetworkNodePolicy.yaml
+[source,yaml]
+----
+include::snippets/telco-core_sriovNetworkNodePolicy.yaml[]
+----
+
+[id="telco-core-sriovnetwork-yaml"]
+.sriovNetwork.yaml
+[source,yaml]
+----
+include::snippets/telco-core_sriovNetwork.yaml[]
+----
+
+[id="telco-core-metallbns-yaml"]
+.metallbNS.yaml
+[source,yaml]
+----
+include::snippets/telco-core_metallbNS.yaml[]
+----
+
+[id="telco-core-metallbopergroup-yaml"]
+.metallbOperGroup.yaml
+[source,yaml]
+----
+include::snippets/telco-core_metallbOperGroup.yaml[]
+----
+
+[id="telco-core-metallbsubscription-yaml"]
+.metallbSubscription.yaml
+[source,yaml]
+----
+include::snippets/telco-core_metallbSubscription.yaml[]
+----
+
+[id="telco-core-metallb-yaml"]
+.metallb.yaml
+[source,yaml]
+----
+include::snippets/telco-core_metallb.yaml[]
+----
+
+[id="telco-core-bgp-peer-yaml"]
+.bgp-peer.yaml
+[source,yaml]
+----
+include::snippets/telco-core_bgp-peer.yaml[]
+----
+
+[id="telco-core-bfd-profile-yaml"]
+.bfd-profile.yaml
+[source,yaml]
+----
+include::snippets/telco-core_bfd-profile.yaml[]
+----
+
+[id="telco-core-addr-pool-yaml"]
+.addr-pool.yaml
+[source,yaml]
+----
+include::snippets/telco-core_addr-pool.yaml[]
+----
+
+[id="telco-core-bgp-advr-yaml"]
+.bgp-advr.yaml
+[source,yaml]
+----
+include::snippets/telco-core_bgp-advr.yaml[]
+----
+
+[id="telco-core-mc_rootless_pods_selinux-yaml"]
+.mc_rootless_pods_selinux.yaml
+[source,yaml]
+----
+include::snippets/telco-core_mc_rootless_pods_selinux.yaml[]
+----
+
diff --git a/modules/telco-core-yaml-ref-other.adoc b/modules/telco-core-yaml-ref-other.adoc
new file mode 100644
index 000000000000..eb43b3d90044
--- /dev/null
+++ b/modules/telco-core-yaml-ref-other.adoc
@@ -0,0 +1,99 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="other-yaml_{context}"]
+= Other reference YAML
+
+[id="telco-core-catalog-source-yaml"]
+.catalog-source.yaml
+[source,yaml]
+----
+include::snippets/telco-core_catalog-source.yaml[]
+----
+
+[id="telco-core-icsp-yaml"]
+.icsp.yaml
+[source,yaml]
+----
+include::snippets/telco-core_icsp.yaml[]
+----
+
+[id="telco-core-operator-hub-yaml"]
+.operator-hub.yaml
+[source,yaml]
+----
+include::snippets/telco-core_operator-hub.yaml[]
+----
+
+[id="telco-core-clusterlogns-yaml"]
+.ClusterLogNS.yaml
+[source,yaml]
+----
+include::snippets/telco-core_ClusterLogNS.yaml[]
+----
+
+[id="telco-core-clusterlogopergroup-yaml"]
+.ClusterLogOperGroup.yaml
+[source,yaml]
+----
+include::snippets/telco-core_ClusterLogOperGroup.yaml[]
+----
+
+[id="telco-core-clusterlogsubscription-yaml"]
+.ClusterLogSubscription.yaml
+[source,yaml]
+----
+include::snippets/telco-core_ClusterLogSubscription.yaml[]
+----
+
+[id="telco-core-clusterlogforwarder-yaml"]
+.ClusterLogForwarder.yaml
+[source,yaml]
+----
+include::snippets/telco-core_ClusterLogForwarder.yaml[]
+----
+
+[id="telco-core-clusterlogging-yaml"]
+.ClusterLogging.yaml
+[source,yaml]
+----
+include::snippets/telco-core_ClusterLogging.yaml[]
+----
+
+[id="telco-core-control-plane-load-kernel-modules-yaml"]
+.control-plane-load-kernel-modules.yaml
+[source,yaml]
+----
+include::snippets/telco-core_control-plane-load-kernel-modules.yaml[]
+----
+
+[id="telco-core-worker-load-kernel-modules-yaml"]
+.worker-load-kernel-modules.yaml
+[source,yaml]
+----
+include::snippets/telco-core_worker-load-kernel-modules.yaml[]
+----
+
+[id="telco-core-sctp_module_mc-yaml"]
+.sctp_module_mc.yaml
+[source,yaml]
+----
+include::snippets/telco-core_sctp_module_mc.yaml[]
+----
+
+[id="telco-core-performanceprofile-yaml"]
+.PerformanceProfile.yaml
+[source,yaml]
+----
+include::snippets/telco-core_PerformanceProfile.yaml[]
+----
+
+[id="telco-core-monitoring-config-cm-yaml"]
+.monitoring-config-cm.yaml
+[source,yaml]
+----
+include::snippets/telco-core_monitoring-config-cm.yaml[]
+----
+
diff --git a/modules/telco-core-yaml-ref-resource-tuning.adoc b/modules/telco-core-yaml-ref-resource-tuning.adoc
new file mode 100644
index 000000000000..4aecd60dcd63
--- /dev/null
+++ b/modules/telco-core-yaml-ref-resource-tuning.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="resource-tuning-yaml_{context}"]
+= Resource Tuning reference YAML
+
+[id="telco-core-pid-limits-cr-yaml"]
+.pid-limits-cr.yaml
+[source,yaml]
+----
+include::snippets/telco-core_pid-limits-cr.yaml[]
+----
+
+[id="telco-core-control-plane-system-reserved-yaml"]
+.control-plane-system-reserved.yaml
+[source,yaml]
+----
+include::snippets/telco-core_control-plane-system-reserved.yaml[]
+----
+
diff --git a/modules/telco-core-yaml-ref-scheduling.adoc b/modules/telco-core-yaml-ref-scheduling.adoc
new file mode 100644
index 000000000000..b72b0fee3ec9
--- /dev/null
+++ b/modules/telco-core-yaml-ref-scheduling.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="scheduling-yaml_{context}"]
+= Scheduling reference YAML
+
+[id="telco-core-nropsubscriptionns-yaml"]
+.NROPSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/telco-core_NROPSubscriptionNS.yaml[]
+----
+
+[id="telco-core-nropsubscriptionopergroup-yaml"]
+.NROPSubscriptionOperGroup.yaml
+[source,yaml]
+----
+include::snippets/telco-core_NROPSubscriptionOperGroup.yaml[]
+----
+
+[id="telco-core-nropsubscription-yaml"]
+.NROPSubscription.yaml
+[source,yaml]
+----
+include::snippets/telco-core_NROPSubscription.yaml[]
+----
+
+[id="telco-core-sched-yaml"]
+.sched.yaml
+[source,yaml]
+----
+include::snippets/telco-core_sched.yaml[]
+----
+
+[id="telco-core-nrop-yaml"]
+.nrop.yaml
+[source,yaml]
+----
+include::snippets/telco-core_nrop.yaml[]
+----
+
diff --git a/modules/telco-core-yaml-ref-storage.adoc b/modules/telco-core-yaml-ref-storage.adoc
new file mode 100644
index 000000000000..3f98a6a12633
--- /dev/null
+++ b/modules/telco-core-yaml-ref-storage.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="storage-yaml_{context}"]
+= Storage reference YAML
+
+[id="telco-core-odfns-yaml"]
+.odfNS.yaml
+[source,yaml]
+----
+include::snippets/telco-core_odfNS.yaml[]
+----
+
+[id="telco-core-odfopergroup-yaml"]
+.odfOperGroup.yaml
+[source,yaml]
+----
+include::snippets/telco-core_odfOperGroup.yaml[]
+----
+
+[id="telco-core-odfsubscription-yaml"]
+.odfSubscription.yaml
+[source,yaml]
+----
+include::snippets/telco-core_odfSubscription.yaml[]
+----
+
+[id="telco-core-01-rook-ceph-external-cluster-details.secret-yaml"]
+.01-rook-ceph-external-cluster-details.secret.yaml
+[source,yaml]
+----
+include::snippets/telco-core_01-rook-ceph-external-cluster-details.secret.yaml[]
+----
+
+[id="telco-core-02-ocs-external-storagecluster-yaml"]
+.02-ocs-external-storagecluster.yaml
+[source,yaml]
+----
+include::snippets/telco-core_02-ocs-external-storagecluster.yaml[]
+----
+
diff --git a/modules/telco-deviations-from-the-ref-design.adoc b/modules/telco-deviations-from-the-ref-design.adoc
new file mode 100644
index 000000000000..7284f7f8cb12
--- /dev/null
+++ b/modules/telco-deviations-from-the-ref-design.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="telco-deviations-from-the-ref-design_{context}"]
+= Deviations from the reference design
+
+Deviating from the validated telco core and telco RAN DU reference design specifications (RDS) can have significant impact beyond the specific component or feature that you change.
+Deviations require analysis and engineering in the context of the complete solution.
+
+[IMPORTANT]
+====
+All deviations from the RDS should be analyzed and documented with clear action tracking information.
+Due diligence is expected from partners to understand how to bring deviations into line with the reference design.
+This might require partners to provide additional resources to engage with Red Hat to work towards enabling their use case to achieve a best in class outcome with the platform.
+This is critical for the supportability of the solution and ensuring alignment across Red Hat and with partners.
+====
+
+Deviation from the RDS can have some or all of the following consequences:
+
+* It can take longer to resolve issues.
+
+* There is a risk of missing project service-level agreements (SLAs), project deadlines, end provider performance requirements, and so on.
+
+* Unapproved deviations may require escalation at executive levels.
++
+[NOTE]
+====
+Red Hat prioritizes the servicing of requests for deviations based on partner engagement priorities.
+====
diff --git a/modules/telco-nmstate-operator.adoc b/modules/telco-nmstate-operator.adoc
new file mode 100644
index 000000000000..1cef874134f9
--- /dev/null
+++ b/modules/telco-nmstate-operator.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-core-ref-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-core-nmstate-operator_{context}"]
+= NMState Operator
+
+New in this release::
+
+Not applicable
+
+Description::
+
+The NMState Operator provides a Kubernetes API for performing network configurations across the cluster's nodes. It enables network interface configurations, static IPs and DNS, VLANs, trunks, bonding, static routes, MTU, and enabling promiscuous mode on the secondary interfaces. The cluster nodes periodically report on the state of each node's network interfaces to the API server.
+
+Limits and requirements::
+
+Not applicable
+
+Engineering considerations::
+* The initial networking configuration is applied using `NMStateConfig` content in the installation CRs. The NMState Operator is used only when needed for network updates.
+* When SR-IOV virtual functions are used for host networking, the NMState Operator using `NodeNetworkConfigurationPolicy` is used to configure those VF interfaces, for example, VLANs and the MTU.
\ No newline at end of file
diff --git a/modules/telco-ran-414-ref-design-features.adoc b/modules/telco-ran-414-ref-design-features.adoc
new file mode 100644
index 000000000000..8a85cdca76d8
--- /dev/null
+++ b/modules/telco-ran-414-ref-design-features.adoc
@@ -0,0 +1,70 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="telco-ran-414-ref-design-features_{context}"]
+= {product-title} {product-version} features for {rds}
+
+The following features that are included in {product-title} {product-version} and are leveraged by the {rds} reference design specification (RDS) have been added or updated.
+
+.{product-title} {product-version} features for the {rds} RDS
+[cols="1,3", options="header"]
+|====
+|Feature
+|Description
+
+//CNF-7365
+|{ztp} independence from managed cluster version
+a|You can now use {ztp} to manage clusters that are running different versions of {product-title} compared to the version that is running on the hub cluster. You can also have a mix of {product-title} versions in the deployed fleet of clusters.
+
+* link:https://docs.openshift.com/container-platform/4.15/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.html#ztp-preparing-the-ztp-git-repository-ver-ind_ztp-preparing-the-hub-cluster[Preparing the {ztp} site configuration repository for version independence]
+
+//CNF-6925
+|Using custom CRs alongside the reference CRs in {ztp}
+a|You can now use custom CRs alongside the reference configuration CRs provided in the `ztp-site-generate` container.
+
+* link:https://docs.openshift.com/container-platform/4.15/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.html#ztp-adding-new-content-to-gitops-ztp_ztp-advanced-policy-config[Adding custom content to the {ztp} pipeline]
+
+//CNF-7078
+//|Intel Westport Channel e810 NIC as PTP Grandmaster clock
+//a|You can use the Intel Westport Channel E810-XXVDA4T as a GNSS-sourced grandmaster clock.
+//The NIC is automatically configured by the PTP Operator with the E810 hardware plugin.
+//This feature is scheduled for an upcoming 4.14 z-stream release.
+
+//* link:https://docs.openshift.com/container-platform/4.14/networking/using-ptp.html#configuring-linuxptp-services-as-grandmaster-clock_using-ptp[Configuring linuxptp services as a grandmaster clock]
+
+//CNF-6527
+//|PTP Operator hardware specific functionality plugin
+//a|A new E810 NIC hardware plugin is now available in the PTP Operator.
+//You can use the E810 plugin to configure the NIC directly.
+//This feature is scheduled for an upcoming 4.14 z-stream release.
+
+// * link:https://docs.openshift.com/container-platform/4.14/networking/ptp/configuring-ptp.html#nw-ptp-wpc-hardware-pins-reference_configuring-ptp[Intel Westport Channel E810 hardware configuration reference]
+
+//CNF-8035
+|Using custom node labels in the `SiteConfig` CR with {ztp}
+a|you can now use the `nodeLabels` field in the `SiteConfig` CR to create custom roles for nodes in managed clusters.
+
+* link:https://docs.openshift.com/container-platform/4.15/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.html#ztp-sno-siteconfig-config-reference_ztp-deploying-far-edge-sites[{sno} SiteConfig CR installation reference]
+
+//OCPBUGS-13050, CTONET-3072
+|PTP events and metrics
+a|The `PtpConfig` reference configuration CRs have been updated.
+
+* link:https://docs.openshift.com/container-platform/4.15/networking/using-ptp.html#discover-ptp-devices_using-ptp[Discovering PTP capable network devices in your cluster]
+
+//CNF-7517
+|Precaching user-specified images
+a|You can now precache application workload images before upgrading your applications on {sno} clusters with {cgu-operator-full}.
+
+* link:https://docs.openshift.com/container-platform/4.15/scalability_and_performance/ztp_far_edge/ztp-precaching-tool.html#ztp-pre-staging-tool[Precaching images for {sno} deployments]
+
+//CNF-6318
+|Using OpenShift capabilities to further reduce the {sno} DU footprint
+a|Use cluster capabilities to enable or disable optional components before you install the cluster.
+In {product-title} {product-version}, the following optional capabilities are available:
+`baremetal`, `marketplace`, `openshift-samples`, `Console`, `Insights`, `Storage`, `CSISnapshot`, `NodeTuning`, `MachineAPI`. The reference configuration includes only those features required for RAN DU.
+
+* link:https://docs.openshift.com/container-platform/4.15/installing/cluster-capabilities.html#cluster-capabilities[Cluster capabilities]
+|====
diff --git a/modules/telco-ran-agent-based-installer-abi.adoc b/modules/telco-ran-agent-based-installer-abi.adoc
new file mode 100644
index 000000000000..8db1dc76fe52
--- /dev/null
+++ b/modules/telco-ran-agent-based-installer-abi.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-agent-based-installer-abi_{context}"]
+= Agent-based installer
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+Agent-based installer (ABI) provides installation capabilities without centralized infrastructure.
+The installation program creates an ISO image that you mount to the server.
+When the server boots it installs {product-title} and supplied extra manifests.
++
+[NOTE]
+====
+You can also use ABI to install {product-title} clusters without a hub cluster.
+An image registry is still required when you use ABI in this manner.
+====
+
+Agent-based installer (ABI) is an optional component.
+
+Limits and requirements::
+* You can supply a limited set of additional manifests at installation time.
+
+* You must include `MachineConfiguration` CRs that are required by the RAN DU use case.
+
+Engineering considerations::
+
+* ABI provides a baseline {product-title} installation.
+
+* You install Day 2 Operators and the remainder of the RAN DU use case configurations after installation.
diff --git a/modules/telco-ran-architecture-overview.adoc b/modules/telco-ran-architecture-overview.adoc
new file mode 100644
index 000000000000..7e87be9c1f6e
--- /dev/null
+++ b/modules/telco-ran-architecture-overview.adoc
@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="telco-ran-architecture-overview_{context}"]
+= Deployment architecture overview
+
+You deploy the {rds} {product-version} reference configuration to managed clusters from a centrally managed {rh-rhacm} hub cluster.
+The reference design specification (RDS) includes configuration of the managed clusters and the hub cluster components.
+
+.{rds-caps} deployment architecture overview
+image::474_OpenShift_OpenShift_RAN_RDS_arch_updates_1023.png[A diagram showing two distinctive network far edge deployment processes, one show how the hub cluster uses {gitops-title} to install managed clusters, and the other showing how the hub cluster uses {cgu-operator-full} to apply policies to managed clusters]
diff --git a/modules/telco-ran-bios-tuning.adoc b/modules/telco-ran-bios-tuning.adoc
new file mode 100644
index 000000000000..880af7675a71
--- /dev/null
+++ b/modules/telco-ran-bios-tuning.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-bios-tuning_{context}"]
+= Host firmware tuning
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+Configure system level performance.
+See link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.html#ztp-du-configuring-host-firmware-requirements_sno-configure-for-vdu[Configuring host firmware for low latency and high performance] for recommended settings.
++
+If Ironic inspection is enabled, the firmware setting values are available from the per-cluster `BareMetalHost` CR on the hub cluster.
+You enable Ironic inspection with a label in the `spec.clusters.nodes` field in the `SiteConfig` CR that you use to install the cluster.
+For example:
++
+[source,yaml]
+----
+nodes:
+  - hostName: "example-node1.example.com"
+    ironicInspect: "enabled"
+----
++
+[NOTE]
+====
+The {rds} reference `SiteConfig` does not enable the `ironicInspect` field by default.
+====
+
+Limits and requirements::
+* Hyperthreading must be enabled
+
+Engineering considerations::
+* Tune all settings for maximum performance
++
+[NOTE]
+====
+You can tune firmware selections for power savings at the expense of performance as required.
+====
diff --git a/modules/telco-ran-cluster-tuning.adoc b/modules/telco-ran-cluster-tuning.adoc
new file mode 100644
index 000000000000..446e8f96f8e2
--- /dev/null
+++ b/modules/telco-ran-cluster-tuning.adoc
@@ -0,0 +1,64 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-cluster-tuning_{context}"]
+= Cluster tuning
+
+New in this release::
+* You can remove the Image Registry Operator by using the cluster capabilities feature.
++
+[NOTE]
+====
+You configure cluster capabilities by using the `spec.clusters.installConfigOverrides` field in the `SiteConfig` CR that you use to install the cluster.
+====
+
+Description::
+The cluster capabilities feature now includes a `MachineAPI` component which, when excluded, disables the following Operators and their resources in the cluster:
+
+* `openshift/cluster-autoscaler-operator`
+
+* `openshift/cluster-control-plane-machine-set-operator`
+
+* `openshift/machine-api-operator`
+
+Limits and requirements::
+* Cluster capabilities are not available for installer-provisioned installation methods.
+
+* You must apply all platform tuning configurations.
+The following table lists the required platform tuning configurations:
++
+.Cluster capabilities configurations
+[cols=2*, width="90%", options="header"]
+|====
+|Feature
+|Description
+
+|Remove optional cluster capabilities
+a|Reduce the {product-title} footprint by disabling optional cluster Operators on {sno} clusters only.
+
+* Remove all optional Operators except the Marketplace and Node Tuning Operators.
+
+|Configure cluster monitoring
+a|Configure the monitoring stack for reduced footprint by doing the following:
+
+* Disable the local `alertmanager` and `telemeter` components.
+
+* If you use {rh-rhacm} observability, the CR must be augmented with appropriate `additionalAlertManagerConfigs` CRs to forward alerts to the hub cluster.
+
+* Reduce the `Prometheus` retention period to 24h.
++
+[NOTE]
+====
+The {rh-rhacm} hub cluster aggregates managed cluster metrics.
+====
+
+|Disable networking diagnostics
+|Disable networking diagnostics for {sno} because they are not required.
+
+|Configure a single Operator Hub catalog source
+|Configure the cluster to use a single catalog source that contains only the Operators required for a RAN DU deployment.
+Each catalog source increases the CPU use on the cluster.
+Using a single `CatalogSource` fits within the platform CPU budget.
+|====
diff --git a/modules/telco-ran-core-ref-design-spec.adoc b/modules/telco-ran-core-ref-design-spec.adoc
new file mode 100644
index 000000000000..c8d5046bee46
--- /dev/null
+++ b/modules/telco-ran-core-ref-design-spec.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-core-ref-design-spec_{context}"]
+= Reference design scope
+
+The telco core and telco RAN reference design specifications (RDS) capture the recommended, tested, and supported configurations to get reliable and repeatable performance for clusters running the telco core and telco RAN profiles.
+
+Each RDS includes the released features and supported configurations that are engineered and validated for clusters to run the individual profiles.
+The configurations provide a baseline {product-title} installation that meets feature and KPI targets.
+Each RDS also describes expected variations for each individual configuration.
+Validation of each RDS includes many long duration and at-scale tests.
+
+[NOTE]
+====
+The validated reference configurations are updated for each major Y-stream release of {product-title}.
+Z-stream patch releases are periodically re-tested against the reference configurations.
+====
diff --git a/modules/telco-ran-crs-cluster-tuning.adoc b/modules/telco-ran-crs-cluster-tuning.adoc
new file mode 100644
index 000000000000..a1d1326ab923
--- /dev/null
+++ b/modules/telco-ran-crs-cluster-tuning.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cluster-tuning-crs_{context}"]
+= Cluster tuning reference CRs
+
+.Cluster tuning CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Cluster capabilities,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-example-sno-yaml[example-sno.yaml],No,No
+Disabling network diagnostics,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-disablesnonetworkdiag-yaml[DisableSnoNetworkDiag.yaml],No,No
+Monitoring configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-reducemonitoringfootprint-yaml[ReduceMonitoringFootprint.yaml],No,No
+OperatorHub,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-defaultcatsrc-yaml[DefaultCatsrc.yaml],No,No
+OperatorHub,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-disconnectedicsp-yaml[DisconnectedICSP.yaml],No,No
+OperatorHub,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-operatorhub-yaml[OperatorHub.yaml],No,No
+|====
diff --git a/modules/telco-ran-crs-day-2-operators.adoc b/modules/telco-ran-crs-day-2-operators.adoc
new file mode 100644
index 000000000000..23fdfe7777b6
--- /dev/null
+++ b/modules/telco-ran-crs-day-2-operators.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="day-2-operators-crs_{context}"]
+= Day 2 Operators reference CRs
+
+.Day 2 Operators CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogforwarder-yaml[ClusterLogForwarder.yaml],No,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogging-yaml[ClusterLogging.yaml],No,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogns-yaml[ClusterLogNS.yaml],No,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogopergroup-yaml[ClusterLogOperGroup.yaml],No,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogsubscription-yaml[ClusterLogSubscription.yaml],No,No
+Local Storage Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-storageclass-yaml[StorageClass.yaml],Yes,No
+Local Storage Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-storagelv-yaml[StorageLV.yaml],Yes,No
+Local Storage Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-storagens-yaml[StorageNS.yaml],Yes,No
+Local Storage Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-storageopergroup-yaml[StorageOperGroup.yaml],Yes,No
+Local Storage Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-storagesubscription-yaml[StorageSubscription.yaml],Yes,No
+Node Tuning Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-performanceprofile-yaml[PerformanceProfile.yaml],No,No
+Node Tuning Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-tunedperformancepatch-yaml[TunedPerformancePatch.yaml],No,No
+PTP fast event notifications,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpoperatorconfigforevent-yaml[PtpOperatorConfigForEvent.yaml],Yes,No
+PTP Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpconfigboundary-yaml[PtpConfigBoundary.yaml],No,No
+PTP Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpconfiggmwpc-yaml[PtpConfigGmWpc.yaml],No,Yes
+PTP Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpconfigslave-yaml[PtpConfigSlave.yaml],No,No
+PTP Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpsubscription-yaml[PtpSubscription.yaml],No,No
+PTP Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpsubscriptionns-yaml[PtpSubscriptionNS.yaml],No,No
+PTP Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-ptpsubscriptionopergroup-yaml[PtpSubscriptionOperGroup.yaml],No,No
+SR-IOV FEC Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-acceleratorsns-yaml[AcceleratorsNS.yaml],Yes,No
+SR-IOV FEC Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-acceleratorsopergroup-yaml[AcceleratorsOperGroup.yaml],Yes,No
+SR-IOV FEC Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-acceleratorssubscription-yaml[AcceleratorsSubscription.yaml],Yes,No
+SR-IOV FEC Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovfecclusterconfig-yaml[SriovFecClusterConfig.yaml],Yes,No
+SR-IOV Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovnetwork-yaml[SriovNetwork.yaml],No,No
+SR-IOV Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovnetworknodepolicy-yaml[SriovNetworkNodePolicy.yaml],No,No
+SR-IOV Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovoperatorconfig-yaml[SriovOperatorConfig.yaml],No,No
+SR-IOV Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovsubscription-yaml[SriovSubscription.yaml],No,No
+SR-IOV Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovsubscriptionns-yaml[SriovSubscriptionNS.yaml],No,No
+SR-IOV Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovsubscriptionopergroup-yaml[SriovSubscriptionOperGroup.yaml],No,No
+|====
diff --git a/modules/telco-ran-crs-machine-configuration.adoc b/modules/telco-ran-crs-machine-configuration.adoc
new file mode 100644
index 000000000000..85a8367e540e
--- /dev/null
+++ b/modules/telco-ran-crs-machine-configuration.adoc
@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="machine-configuration-crs_{context}"]
+= Machine configuration reference CRs
+
+.Machine configuration CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Container runtime (crun),xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-enable-crun-master-yaml[enable-crun-master.yaml],No,No
+Container runtime (crun),xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-enable-crun-worker-yaml[enable-crun-worker.yaml],No,No
+Disabling CRI-O wipe,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-99-crio-disable-wipe-master-yaml[99-crio-disable-wipe-master.yaml],No,No
+Disabling CRI-O wipe,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-99-crio-disable-wipe-worker-yaml[99-crio-disable-wipe-worker.yaml],No,No
+Enabling kdump,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-05-kdump-config-master-yaml[05-kdump-config-master.yaml],No,Yes
+Enabling kdump,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-05-kdump-config-worker-yaml[05-kdump-config-worker.yaml],No,Yes
+Enabling kdump,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-06-kdump-master-yaml[06-kdump-master.yaml],No,No
+Enabling kdump,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-06-kdump-worker-yaml[06-kdump-worker.yaml],No,No
+Kubelet configuration and container mount hiding,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-01-container-mount-ns-and-kubelet-conf-master-yaml[01-container-mount-ns-and-kubelet-conf-master.yaml],No,No
+Kubelet configuration and container mount hiding,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-01-container-mount-ns-and-kubelet-conf-worker-yaml[01-container-mount-ns-and-kubelet-conf-worker.yaml],No,No
+One-shot time sync,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-99-sync-time-once-master-yaml[99-sync-time-once-master.yaml],No,Yes
+One-shot time sync,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-99-sync-time-once-worker-yaml[99-sync-time-once-worker.yaml],No,Yes
+SCTP,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-03-sctp-machine-config-master-yaml[03-sctp-machine-config-master.yaml],No,No
+SCTP,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-03-sctp-machine-config-worker-yaml[03-sctp-machine-config-worker.yaml],No,No
+SR-IOV related kernel arguments,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-07-sriov-related-kernel-args-master-yaml[07-sriov-related-kernel-args-master.yaml],No,Yes
+|====
diff --git a/modules/telco-ran-crs-networking.adoc b/modules/telco-ran-crs-networking.adoc
new file mode 100644
index 000000000000..51c2ef1c4220
--- /dev/null
+++ b/modules/telco-ran-crs-networking.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="networking-crs_{context}"]
+= Networking reference CRs
+
+.Networking CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Baseline,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-network-yaml[Network.yaml],No,No
+Baseline,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-networkattachmentdefinition-yaml[networkAttachmentDefinition.yaml],Yes,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovsubscriptionns-yaml[SriovSubscriptionNS.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovsubscriptionopergroup-yaml[SriovSubscriptionOperGroup.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovsubscription-yaml[SriovSubscription.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovoperatorconfig-yaml[SriovOperatorConfig.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovnetworknodepolicy-yaml[sriovNetworkNodePolicy.yaml],No,No
+SR-IOV Network Operator,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sriovnetwork-yaml[sriovNetwork.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-metallbns-yaml[metallbNS.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-metallbopergroup-yaml[metallbOperGroup.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-metallbsubscription-yaml[metallbSubscription.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-metallb-yaml[metallb.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-bgp-peer-yaml[bgp-peer.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-bfd-profile-yaml[bfd-profile.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-addr-pool-yaml[addr-pool.yaml],No,No
+Load balancer,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-bgp-advr-yaml[bgp-advr.yaml],No,No
+Multus - Tap CNI for rootless DPDK pod,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-mc_rootless_pods_selinux-yaml[mc_rootless_pods_selinux.yaml],Yes,No
+|====
diff --git a/modules/telco-ran-crs-other.adoc b/modules/telco-ran-crs-other.adoc
new file mode 100644
index 000000000000..77187c5fc6c7
--- /dev/null
+++ b/modules/telco-ran-crs-other.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="other-crs_{context}"]
+= Other reference CRs
+
+.Other CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+Disconnected configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-catalog-source-yaml[catalog-source.yaml],No,No
+Disconnected configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-icsp-yaml[icsp.yaml],No,No
+Disconnected configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-operator-hub-yaml[operator-hub.yaml],No,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogns-yaml[ClusterLogNS.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogopergroup-yaml[ClusterLogOperGroup.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogsubscription-yaml[ClusterLogSubscription.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogforwarder-yaml[ClusterLogForwarder.yaml],Yes,No
+Cluster logging,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-clusterlogging-yaml[ClusterLogging.yaml],Yes,No
+Additional kernel modules,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-control-plane-load-kernel-modules-yaml[control-plane-load-kernel-modules.yaml],Yes,No
+Additional kernel modules,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-worker-load-kernel-modules-yaml[worker-load-kernel-modules.yaml],Yes,No
+Additional kernel modules,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sctp_module_mc-yaml[sctp_module_mc.yaml],Yes,No
+Power management,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-performanceprofile-yaml[PerformanceProfile.yaml],No,No
+|====
diff --git a/modules/telco-ran-crs-resource-tuning.adoc b/modules/telco-ran-crs-resource-tuning.adoc
new file mode 100644
index 000000000000..266e87fbeac3
--- /dev/null
+++ b/modules/telco-ran-crs-resource-tuning.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="resource-tuning-crs_{context}"]
+= Resource Tuning reference CRs
+
+.Resource Tuning CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+System reserved capacity,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-pid-limits-cr-yaml[pid-limits-cr.yaml],Yes,No
+System reserved capacity,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-control-plane-system-reserved-yaml[control-plane-system-reserved.yaml],Yes,No
+|====
diff --git a/modules/telco-ran-crs-scheduling.adoc b/modules/telco-ran-crs-scheduling.adoc
new file mode 100644
index 000000000000..b75fac12f254
--- /dev/null
+++ b/modules/telco-ran-crs-scheduling.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="scheduling-crs_{context}"]
+= Scheduling reference CRs
+
+.Scheduling CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-nropsubscriptionns-yaml[NROPSubscriptionNS.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-nropsubscriptionopergroup-yaml[NROPSubscriptionOperGroup.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-nropsubscription-yaml[NROPSubscription.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-nropsubscriptionns-yaml[NROPSubscriptionNS.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-sched-yaml[sched.yaml],No,No
+NUMA-aware scheduler,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-nrop-yaml[nrop.yaml],No,No
+|====
diff --git a/modules/telco-ran-crs-storage.adoc b/modules/telco-ran-crs-storage.adoc
new file mode 100644
index 000000000000..5b3c354ffe05
--- /dev/null
+++ b/modules/telco-ran-crs-storage.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="storage-crs_{context}"]
+= Storage reference CRs
+
+.Storage CRs
+[cols="4*", options="header", format=csv]
+|====
+Component,Reference CR,Optional,New in this release
+External ODF configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-odffns-yaml[odffNS.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-odfopergroup-yaml[odfOperGroup.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-odfsubscription-yaml[odfSubscription.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-01-rook-ceph-external-cluster-details.secret-yaml[01-rook-ceph-external-cluster-details.secret.yaml],No,No
+External ODF configuration,xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc#ztp-02-ocs-external-storagecluster-yaml[02-ocs-external-storagecluster.yaml],No,No
+|====
diff --git a/modules/telco-ran-du-application-workloads.adoc b/modules/telco-ran-du-application-workloads.adoc
new file mode 100644
index 000000000000..d32f920ce296
--- /dev/null
+++ b/modules/telco-ran-du-application-workloads.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-du-overview.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-du-workloads_{context}"]
+= {rds-caps} application workloads
+
+DU worker nodes must have 3rd Generation Xeon (Ice Lake) 2.20 GHz or better CPUs with firmware tuned for maximum performance.
+
+5G RAN DU user applications and workloads should conform to the following best practices and application limits:
+
+* Develop cloud-native network functions (CNFs) that conform to the latest version of the link:https://test-network-function.github.io/cnf-best-practices/[CNF best practices guide].
+
+* Use SR-IOV for high performance networking.
+
+* Use exec probes sparingly and only when no other suitable options are available
+
+** Do not use exec probes if a CNF uses CPU pinning.
+Use other probe implementations, for example, `httpGet` or `tcpSocket`.
+
+** When you need to use exec probes, limit the exec probe frequency and quantity.
+The maximum number of exec probes must be kept below 10, and frequency must not be set to less than 10 seconds.
diff --git a/modules/telco-ran-du-reference-components.adoc b/modules/telco-ran-du-reference-components.adoc
new file mode 100644
index 000000000000..475b0618e8bc
--- /dev/null
+++ b/modules/telco-ran-du-reference-components.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-du-overview.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-du-reference-components_{context}"]
+= {rds-caps} RDS components
+
+The following sections describe the various {product-title} components and configurations that you use to configure and deploy clusters to run {rds} workloads.
+
+.{rds-caps} reference design components
+image::319_OpenShift_PTP_bare-metal_OCP_nodes_1023_RAN_DU.png[A diagram describing the {rds} component stack.]
+
+[NOTE]
+====
+Ensure that components that are not included in the {rds} profile do not affect the CPU resources allocated to workload applications.
+====
+
+[IMPORTANT]
+====
+Out of tree drivers are not supported.
+====
diff --git a/modules/telco-ran-gitops-operator-and-ztp-plugins.adoc b/modules/telco-ran-gitops-operator-and-ztp-plugins.adoc
new file mode 100644
index 000000000000..73dd0628d83b
--- /dev/null
+++ b/modules/telco-ran-gitops-operator-and-ztp-plugins.adoc
@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-gitops-operator-and-ztp-plugins_{context}"]
+= {gitops-shortname} and {ztp} plugins
+
+New in this release::
+* GA support for inclusion of user-provided CRs in Git for {ztp} deployments
+
+* {ztp} independence from the deployed cluster version
+
+Description::
+{gitops-shortname} and {ztp} plugins provide a {gitops-shortname}-based infrastructure for managing cluster deployment and configuration.
+Cluster definitions and configurations are maintained as a declarative state in Git.
+ZTP plugins provide support for generating installation CRs from the `SiteConfig` CR and automatic wrapping of configuration CRs in policies based on `PolicyGenTemplate` CRs.
++
+You can deploy and manage multiple versions of {product-title} on managed clusters with the baseline reference configuration CRs in a `/source-crs` subdirectory provided that subdirectory also contains the `kustomization.yaml` file.
+You add user-provided CRs to this subdirectory that you use with the predefined CRs that are specified in the `PolicyGenTemplate` CRs.
+This allows you to tailor your configurations to suit your specific requirements and provides {ztp} version independence between managed clusters and the hub cluster.
++
+For more information, see the following:
+
+* link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.html#ztp-preparing-the-ztp-git-repository-ver-ind_ztp-preparing-the-hub-cluster[Preparing the site configuration repository for version independence]
+* link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.html#ztp-adding-new-content-to-gitops-ztp_ztp-advanced-policy-config[Adding custom content to the {ztp} pipeline]
+
+Limits::
+* 300 `SiteConfig` CRs per ArgoCD application.
+You can use multiple applications to achieve the maximum number of clusters supported by a single hub cluster.
+
+* Content in the `/source-crs` folder in Git overrides content provided in the {ztp} plugin container.
+Git takes precedence in the search path.
+
+* Add the `/source-crs` folder in the same directory as the `kustomization.yaml` file, which includes the `PolicyGenTemplate` as a generator.
++
+[NOTE]
+====
+Alternative locations for the `/source-crs` directory are not supported in this context.
+====
+
+Engineering considerations::
+* To avoid confusion or unintentional overwriting of files when updating content, use unique and distinguishable names for user-provided CRs in the `/source-crs` folder and extra manifests in Git.
+
+* The `SiteConfig` CR allows multiple extra-manifest paths.
+When files with the same name are found in multiple directory paths, the last file found takes precedence.
+This allows the full set of version specific Day 0 manifests (extra-manifests) to be placed in Git and referenced from the `SiteConfig`.
+With this feature, you can deploy multiple {product-title} versions to managed clusters simultaneously.
+
+* The `extraManifestPath` field of the `SiteConfig` CR is deprecated from {product-title} 4.15 and later.
+Use the new `extraManifests.searchPaths` field instead.
diff --git a/modules/telco-ran-hub-cluster-management.adoc b/modules/telco-ran-hub-cluster-management.adoc
new file mode 100644
index 000000000000..916611918715
--- /dev/null
+++ b/modules/telco-ran-hub-cluster-management.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-du-overview.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-hub-cluster-management_{context}"]
+= Hub cluster management characteristics
+
+{rh-rhacm-first} is the recommended cluster management solution.
+Configure it to the following limits on the hub cluster:
+
+* Configure a maximum of 5 {rh-rhacm} policies with a compliant evaluation interval of at least 10 minutes.
+
+* Use a maximum of 10 managed cluster templates in policies.
+Where possible, use hub-side templating.
+
+* Disable all {rh-rhacm} add-ons except for the `policy-controller` and `observability-controller` add-ons.
+Set `Observability` to the default configuration.
++
+[IMPORTANT]
+====
+Configuring optional components or enabling additional features will result in additional resource usage and can reduce overall system performance.
+
+For more information, see xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc#telco-reference-ran-du-deployment-components_ran-ref-design-components[Reference design deployment components].
+====
+
+.OpenShift platform resource utilization under reference application load
+[cols="1,2,3", width="90%", options="header"]
+|====
+|Metric
+|Limit
+|Notes
+
+|CPU usage
+|Less than 4000 mc – 2 cores (4 hyperthreads)
+|Platform CPU is pinned to reserved cores, including both hyperthreads in each reserved core. The system is engineered to use 3 CPUs (3000mc) at steady-state to allow for periodic system tasks and spikes.
+
+|Memory used
+|Less than 16G
+|
+|====
diff --git a/modules/telco-ran-local-storage-operator.adoc b/modules/telco-ran-local-storage-operator.adoc
new file mode 100644
index 000000000000..6ca69601130d
--- /dev/null
+++ b/modules/telco-ran-local-storage-operator.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-local-storage-operator_{context}"]
+= Local Storage Operator
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+You can create persistent volumes that can be used as `PVC` resources by applications with the Local Storage Operator.
+The number and type of `PV` resources that you create depends on your requirements.
+
+Engineering considerations::
+* Create backing storage for `PV` CRs before creating the `PV`.
+This can be a partition, a local volume, LVM volume, or full disk.
+* Refer to the device listing in `LocalVolume` CRs by the hardware path used to access each device to ensure correct allocation of disks and partitions.
+Logical names (for example, `/dev/sda`) are not guaranteed to be consistent across node reboots.
++
+For more information, see the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_file_systems/assembly_overview-of-persistent-naming-attributes_managing-file-systems#device-identifiers_assembly_overview-of-persistent-naming-attributes[{op-system-base} 9 documentation on device identifiers].
diff --git a/modules/telco-ran-logging.adoc b/modules/telco-ran-logging.adoc
new file mode 100644
index 000000000000..ccd8e408d209
--- /dev/null
+++ b/modules/telco-ran-logging.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-logging_{context}"]
+= Logging
+
+New in this release::
+* Vector is now the recommended log collector.
+
+Description::
+Use logging to collect logs from the far edge node for remote analysis.
+
+Engineering considerations::
+* Handling logs beyond the infrastructure and audit logs, for example, from the application workload requires additional CPU and network bandwidth based on additional logging rate.
+* As of {product-title} 4.14, vector is the reference log collector.
++
+[NOTE]
+====
+Use of fluentd in the RAN use model is deprecated.
+====
diff --git a/modules/telco-ran-lvms-operator.adoc b/modules/telco-ran-lvms-operator.adoc
new file mode 100644
index 000000000000..32a1dc157c22
--- /dev/null
+++ b/modules/telco-ran-lvms-operator.adoc
@@ -0,0 +1,56 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-lvms-operator_{context}"]
+= LVMS Operator
+
+New in this release::
+* No reference design updates in this release
+
+New in this release::
+* Simplified LVMS `deviceSelector` logic
+
+* LVM Storage with `ext4` and `PV` resources
+
+[NOTE]
+====
+LVMS Operator is an optional component.
+====
+
+Description::
+The LVMS Operator provides dynamic provisioning of block and file storage.
+The LVMS Operator creates logical volumes from local devices that can be used as `PVC` resources by applications.
+Volume expansion and snapshots are also possible.
++
+The following example configuration creates a `vg1` volume group that leverages all available disks on the node except the installation disk:
++
+.StorageLVMCluster.yaml
+[source,yaml]
+----
+apiVersion: lvm.topolvm.io/v1alpha1
+kind: LVMCluster
+metadata:
+  name: storage-lvmcluster
+  namespace: openshift-storage
+  annotations:
+    ran.openshift.io/ztp-deploy-wave: "10"
+spec: {}
+  storage:
+    deviceClasses:
+    - name: vg1
+      thinPoolConfig:
+        name: thin-pool-1
+        sizePercent: 90
+        overprovisionRatio: 10
+----
+
+Limits and requirements::
+* In {sno} clusters, persistent storage must be provided  by either LVMS or Local Storage, not both.
+
+Engineering considerations::
+* The LVMS Operator is not the reference storage solution for the DU use case.
+If you require LVMS Operator for application workloads, the resource use is accounted for against the application cores.
+
+* Ensure that sufficient disks or partitions are available for storage requirements.
diff --git a/modules/telco-ran-machine-configuration.adoc b/modules/telco-ran-machine-configuration.adoc
new file mode 100644
index 000000000000..9d752a990ef1
--- /dev/null
+++ b/modules/telco-ran-machine-configuration.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-machine-configuration_{context}"]
+= Machine configuration
+
+New in this release::
+* Set `rcu_normal` after node recovery
+
+Limits and requirements::
+* The CRI-O wipe disable `MachineConfig` assumes that images on disk are static other than during scheduled maintenance in defined maintenance windows.
+To ensure the images are static, do not set the pod `imagePullPolicy` field to `Always`.
++
+.Machine configuration options
+[cols=2*, width="90%", options="header"]
+|====
+|Feature
+|Description
+
+|Container runtime
+|Sets the container runtime to `crun` for all node roles.
+
+|kubelet config and container mount hiding
+|Reduces the frequency of kubelet housekeeping and eviction monitoring to reduce CPU usage.
+Create a container mount namespace, visible to kubelet and CRI-O, to reduce system mount scanning resource usage.
+
+|SCTP
+|Optional configuration (enabled by default)
+Enables SCTP. SCTP is required by RAN applications but disabled by default in {op-system}.
+
+|kdump
+|Optional configuration (enabled by default)
+Enables kdump to capture debug information when a kernel panic occurs.
+
+|CRI-O wipe disable
+|Disables automatic wiping of the CRI-O image cache after unclean shutdown.
+
+|SR-IOV-related kernel arguments
+|Includes additional SR-IOV related arguments in the kernel command line.
+
+|RCU Normal systemd service
+|Sets `rcu_normal` after the system is fully started.
+
+|One-shot time sync
+|Runs a one-time system time synchronization job for control plane or worker nodes.
+|====
diff --git a/modules/telco-ran-managed-cluster-resources.adoc b/modules/telco-ran-managed-cluster-resources.adoc
new file mode 100644
index 000000000000..0891d9989f45
--- /dev/null
+++ b/modules/telco-ran-managed-cluster-resources.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-du-overview.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-managed-cluster-resources_{context}"]
+= {rds-caps} worker node cluster resource utilization
+
+The maximum number of running pods in the system, inclusive of application workloads and {product-title} pods, is 120.
+
+Resource utilization::
+{product-title} resource utilization varies depending on many factors including application workload characteristics such as:
+
+* Pod count
+
+* Type and frequency of probes
+
+* Messaging rates on primary CNI or secondary CNI with kernel networking
+
+* API access rate
+
+* Logging rates
+
+* Storage IOPS
+
+Cluster resource requirements are applicable under the following conditions:
+
+* The cluster is running the described representative application workload.
+
+* The cluster is managed with the constraints described in xref:../../telco_ref_design_specs/ran/telco-ran-ref-validation-artifacts.html#telco-ran-hub-cluster-management_ran-ref-design-overview[Hub cluster management resources].
+
+* Components noted as optional in the RAN DU use model configuration are not applied.
+
+[IMPORTANT]
+====
+You will need to do additional analysis to determine the impact on resource utilization and ability to meet KPI targets for configurations outside the scope of the {rds-caps} reference design.
+You might have to allocate additional resources in the cluster depending on your requirements.
+====
diff --git a/modules/telco-ran-measured-kpi-results.adoc b/modules/telco-ran-measured-kpi-results.adoc
new file mode 100644
index 000000000000..39f9db536c25
--- /dev/null
+++ b/modules/telco-ran-measured-kpi-results.adoc
@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-du-overview.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-measured-kpi-results_{context}"]
+= KPI test results overview
+
+All results are taken from 12-hour test runs.
+
+Realtime kernel KPI test::
+Workload nodes running the realtime kernel are validated to these performance KPIs:
+
+* No `oslat` samples greater than 20µs.
+
+* 99.9999% of `cyclictest` samples are less than 10µs. No samples above 20µs.
+
+Non-realtime kernel KPI test::
+The non-realtime kernel can be run with a reduced predictable latency target.
+The following performance KPIs are validated:
+
+* No `oslat` samples above 20µs.
+
+[NOTE]
+====
+`cyclictest` tests are not applicable for non-realtime systems.
+====
+
+RFC2544 KPI test::
+* Zero packet loss at 99.9% line rate (25 Gbps) for 512 byte frames.
+
+* Packet latency is less than 30µs at 80% line rate for 512 byte frames over 12 hour test.
+
+[NOTE]
+====
+The test application is the DPDK `testpmd` utility.
+====
+
+PTP network synchronization::
+* The time offset for boundary and ordinary clock configurations, as measured at the follower port on the Intel E810-XXVDA4 (Salem Channel) NIC is less than 100 ns as indicated by the `openshift_ptp_offset_ns` metric.
diff --git a/modules/telco-ran-node-tuning-operator.adoc b/modules/telco-ran-node-tuning-operator.adoc
new file mode 100644
index 000000000000..85b4d4adce4d
--- /dev/null
+++ b/modules/telco-ran-node-tuning-operator.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-node-tuning-operator_{context}"]
+= Node Tuning Operator
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+You tune the cluster performance by link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/cnf-create-performance-profiles.html[creating a performance profile].
+Settings that you configure with a performance profile include:
++
+* Selecting the realtime or non-realtime kernel.
+
+* Allocating cores to a reserved or isolated `cpuset`.
+{product-title} processes allocated to the management workload partition are pinned to reserved set.
+
+* Enabling kubelet features (CPU manager, topology manager, and memory manager).
+
+* Configuring huge pages.
+
+* Setting additional kernel arguments.
+
+* Setting per-core power tuning and max CPU frequency.
+
+Limits and requirements::
+
+The Node Tuning Operator uses the `PerformanceProfile` CR to configure the cluster. You need to configure the following settings in the RAN DU profile `PerformanceProfile` CR:
+
+* Select reserved and isolated cores and ensure that you allocate at least 4 hyperthreads (equivalent to 2 cores) on Intel 3rd Generation Xeon (Ice Lake) 2.20 GHz CPUs or better with firmware tuned for maximum performance.
+
+* Set the reserved `cpuset` to include both hyperthread siblings for each included core.
+Unreserved cores are available as allocatable CPU for scheduling workloads.
+Ensure that hyperthread siblings are not split across reserved and isolated cores.
+
+* Configure reserved and isolated CPUs to include all threads in all cores based on what you have set as reserved and isolated CPUs.
+
+* Set core 0 of each NUMA node to be included in the reserved CPU set.
+
+* Set the huge page size to 1G.
+
+[NOTE]
+====
+You should not add additional workloads to the management partition.
+Only those pods which are part of the OpenShift management platform should be annotated into the management partition.
+====
+
+Engineering considerations::
+* You should use the RT kernel to meet performance requirements.
++
+[NOTE]
+====
+You can use the non-RT kernel if required.
+====
+
+* The number of huge pages that you configure depends on the application workload requirements.
+Variation in this parameter is expected and allowed.
+
+* Variation is expected in the configuration of reserved and isolated CPU sets based on selected hardware and additional components in use on the system.
+Variation must still meet the specified limits.
+
+* Hardware without IRQ affinity support impacts isolated CPUs.
+To ensure that pods with guaranteed whole CPU QoS have full use of the allocated CPU, all hardware in the server must support IRQ affinity.
+For more information, see link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/cnf-low-latency-tuning.html#about_irq_affinity_setting_cnf-master[About support of IRQ affinity setting].
+
+[NOTE]
+====
+In {product-title} {product-version}, any `PerformanceProfile` CR configured on the cluster causes the Node Tuning Operator to automatically set all cluster nodes to use cgroup v1.
+
+For more information about cgroups, see link:https://docs.openshift.com/container-platform/4.15/nodes/clusters/nodes-cluster-cgroups-2.html#nodes-clusters-cgroups-2_nodes-cluster-cgroups-2[Configuring Linux cgroup].
+====
diff --git a/modules/telco-ran-ptp-operator.adoc b/modules/telco-ran-ptp-operator.adoc
new file mode 100644
index 000000000000..770f2d9198db
--- /dev/null
+++ b/modules/telco-ran-ptp-operator.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-ptp-operator_{context}"]
+= PTP Operator
+
+New in this release::
+* PTP grandmaster clock (T-GM) GPS timing with Intel E810-XXV-4T Westport Channel NIC – minimum firmware version 4.30 (Technology Preview)
+
+* PTP events and metrics for grandmaster (T-GM) are new in  {product-title} {product-version} (Technology Preview)
+
+Description::
+Configure of link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.html#ztp-sno-du-configuring-ptp_sno-configure-for-vdu[PTP timing] support for cluster nodes.
+The DU node can run in the following modes:
++
+* As an ordinary clock synced to a T-GM or boundary clock (T-BC)
+
+* As dual boundary clocks, one per NIC (high availability is not supported)
+
+* As grandmaster clock with support for E810 Westport Channel NICs (Technology Preview)
+
+* Optionally as a boundary clock for radio units (RUs)
+
++
+Optional: subscribe applications to PTP events that happen on the node that the application is running.
+You subscribe the application to events via HTTP.
+
+Limits and requirements::
+* High availability is not supported with dual NIC configurations.
+
+* Westport Channel NICs configured as T-GM do not support DPLL with the current ice driver version.
+
+* GPS offsets are not reported.
+Use a default offset of less than or equal to 5.
+
+* DPLL offsets are not reported.
+Use a default offset of less than or equal to 5.
+
+
+Engineering considerations::
+* Configurations are provided for ordinary clock, boundary clock, or grandmaster clock
+
+* PTP fast event notifications uses `ConfigMap` CRs to store PTP event subscriptions.
diff --git a/modules/telco-ran-red-hat-advanced-cluster-management-rhacm.adoc b/modules/telco-ran-red-hat-advanced-cluster-management-rhacm.adoc
new file mode 100644
index 000000000000..389dfe76e1a2
--- /dev/null
+++ b/modules/telco-ran-red-hat-advanced-cluster-management-rhacm.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-red-hat-advanced-cluster-management-rhacm_{context}"]
+= {rh-rhacm-first}
+
+New in this release::
+* Additional node labels can be configured during installation.
+
+Description::
+{rh-rhacm} provides Multi Cluster Engine (MCE) installation and ongoing lifecycle management functionality for deployed clusters.
+You declaratively specify configurations and upgrades with `Policy` CRs and apply the policies to clusters with the {rh-rhacm} policy controller as managed by {cgu-operator-full}.
++
+* {ztp-first} uses the MCE feature of {rh-rhacm}
+* Configuration, upgrades, and cluster status are managed with the {rh-rhacm} policy controller
+
+Limits and requirements::
+* A single hub cluster supports up to 3500 deployed {sno} clusters with 5 `Policy` CRs bound to each cluster.
+
+Engineering considerations::
+* Cluster specific configuration: managed clusters typically have some number of configuration values that are specific to the individual cluster.
+These configurations should be managed using {rh-rhacm} policy hub-side templating with values pulled from `ConfigMap` CRs based on the cluster name.
+
+* To save CPU resources on managed clusters, policies that apply static configurations should be unbound from managed clusters after {ztp} installation of the cluster.
+For more information, see link:https://docs.openshift.com/container-platform/latest/storage/understanding-persistent-storage.html#releasing_understanding-persistent-storage[Release a persistent volume].
diff --git a/modules/telco-ran-redfish-operator.adoc b/modules/telco-ran-redfish-operator.adoc
new file mode 100644
index 000000000000..f3bd46486443
--- /dev/null
+++ b/modules/telco-ran-redfish-operator.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-redfish-operator_{context}"]
+= {redfish-operator}
+
+The {redfish-operator} is an optional Operator that runs exclusively on the managed spoke cluster. It relays Redfish hardware events to cluster applications.
+
+[NOTE]
+====
+The {redfish-operator} is not included in the RAN DU use model reference configuration and is an optional feature.
+If you want to use the {redfish-operator}, assign additional CPU resources from the application CPU budget.
+====
diff --git a/modules/telco-ran-ref-design-spec.adoc b/modules/telco-ran-ref-design-spec.adoc
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/modules/telco-ran-sr-iov-operator.adoc b/modules/telco-ran-sr-iov-operator.adoc
new file mode 100644
index 000000000000..a7ac9a2757a8
--- /dev/null
+++ b/modules/telco-ran-sr-iov-operator.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-sr-iov-operator_{context}"]
+= SR-IOV Operator
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+The SR-IOV Operator provisions and configures the SR-IOV CNI and device plugins.
+Both `netdevice` (kernel VFs) and `vfio` (DPDK) devices are supported.
+
+Engineering considerations::
+* Customer variation on the configuration and number of `SriovNetwork` and `SriovNetworkNodePolicy` custom resources (CRs) is expected.
+
+* IOMMU kernel command line settings are applied with a `MachineConfig` CR at install time. This ensures that the `SriovOperator` CR does not cause a reboot of the node when adding them.
diff --git a/modules/telco-ran-sriov-fec-operator.adoc b/modules/telco-ran-sriov-fec-operator.adoc
new file mode 100644
index 000000000000..016224050869
--- /dev/null
+++ b/modules/telco-ran-sriov-fec-operator.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-sriov-fec-operator_{context}"]
+= SRIOV-FEC Operator
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+SRIOV-FEC Operator is an optional 3rd party Certified Operator supporting FEC accelerator hardware.
+
+Limits and requirements::
+* Starting with FEC Operator v2.7.0:
+
+** `SecureBoot` is supported
+
+** The `vfio` driver for the `PF` requires the usage of `vfio-token` that is injected into Pods.
+The `VF` token can be passed to DPDK by using the EAL parameter `--vfio-vf-token`.
+
+Engineering considerations::
+* The SRIOV-FEC Operator uses CPU cores from the `isolated` CPU set.
+
+* You can validate FEC readiness as part of the pre-checks for application deployment, for example, by extending the validation policy.
diff --git a/modules/telco-ran-topology-aware-lifecycle-manager-talm.adoc b/modules/telco-ran-topology-aware-lifecycle-manager-talm.adoc
new file mode 100644
index 000000000000..528324a34428
--- /dev/null
+++ b/modules/telco-ran-topology-aware-lifecycle-manager-talm.adoc
@@ -0,0 +1,71 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-topology-aware-lifecycle-manager-talm_{context}"]
+= {cgu-operator-first}
+
+New in this release::
+* Added support for pre-caching additional user-specified images
+
+Description::
++
+--
+Managed updates::
+{cgu-operator} is an Operator that runs only on the hub cluster for managing how changes (including cluster and Operator upgrades, configuration, and so on) are rolled out to the network.
+{cgu-operator} does the following:
+
+* Progressively applies updates to fleets of clusters in user-configurable batches by using `Policy` CRs.
+* Adds `ztp-done` labels or other user configurable labels on a per-cluster basis
+
+Precaching for {sno} clusters::
+{cgu-operator} supports optional precaching of {product-title}, OLM Operator, and additional user images to {sno} clusters before initiating an upgrade.
++
+* A new `PreCachingConfig` custom resource is available for specifying optional pre-caching configurations.
+For example:
++
+[source,yaml]
+----
+apiVersion: ran.openshift.io/v1alpha1
+kind: PreCachingConfig
+metadata:
+  name: example-config
+  namespace: example-ns
+spec:
+  additionalImages:
+    - quay.io/foobar/application1@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e
+    - quay.io/foobar/application2@sha256:3d5800123dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47adf
+    - quay.io/foobar/applicationN@sha256:4fe1334adfafadsf987123adfffdaf1243340adfafdedga0991234afdadfs
+  spaceRequired: 45 GiB <1>
+  overrides:
+    preCacheImage: quay.io/test_images/pre-cache:latest
+    platformImage: quay.io/openshift-release-dev/ocp-release@sha256:3d5800990dee7cd4727d3fe238a97e2d2976d3808fc925ada29c559a47e2e
+  operatorsIndexes:
+    - registry.example.com:5000/custom-redhat-operators:1.0.0
+  operatorsPackagesAndChannels:
+    - local-storage-operator: stable
+    - ptp-operator: stable
+    - sriov-network-operator: stable
+  excludePrecachePatterns: <2>
+    - aws
+    - vsphere
+----
+<1> Configurable `space-required` parameter allows you to validate before and after pre-caching storage space
+<2> Configurable filtering allows exclusion of unused images
+--
+
+Backup and restore for {sno}::
+{cgu-operator} supports taking a snapshot of the cluster operating system and configuration to a dedicated partition on a local disk.
+A restore script is provided that returns the cluster to the backed up state.
+
+Limits and requirements::
+* {cgu-operator} supports concurrent cluster deployment in batches of 400
+
+* Precaching and backup features are for {sno} clusters only.
+
+Engineering considerations::
+* The `PreCachingConfig` CR is optional and does not need to be created if you just wants to precache platform related (OpenShift and OLM Operator) images.
+The `PreCachingConfig` CR must be applied before referencing it in the `ClusterGroupUpgrade` CR.
+
+* Create a recovery partition during installation if you opt to use the {cgu-operator} backup and restore feature.
diff --git a/modules/telco-ran-workload-partitioning.adoc b/modules/telco-ran-workload-partitioning.adoc
new file mode 100644
index 000000000000..9226fd70f515
--- /dev/null
+++ b/modules/telco-ran-workload-partitioning.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-ran-workload-partitioning_{context}"]
+= Workload partitioning
+
+New in this release::
+* No reference design updates in this release
+
+Description::
+Workload partitioning pins OpenShift platform and Day 2 Operator pods that are part of the DU profile to the reserved `cpuset` and removes the reserved CPU from node accounting.
+This leaves all unreserved CPU cores available for user workloads.
++
+The method of enabling and configuring workload partitioning changed in {product-title} 4.14.
++
+--
+4.14 and later::
+* Configure partitions by setting installation parameters:
++
+[source,yaml]
+----
+cpuPartitioningMode: AllNodes
+----
+
+* Configure management partition cores with the reserved CPU set in the `PerformanceProfile` CR
+
+4.13 and earlier::
+* Configure partitions with extra `MachineConfiguration` CRs applied at install-time
+--
+
+Limits and requirements::
+* `Namespace` and `Pod` CRs must be annotated to allow the pod to be applied to the management partition
+
+* Pods with CPU limits cannot be allocated to the partition.
+This is because mutation can change the pod QoS.
+
+* For more information about the minimum number of CPUs that can be allocated to the management partition, see xref:../../telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc#telco-ran-node-tuning-operator_ran-ref-design-components[Node Tuning Operator].
+
+Engineering considerations::
+* Workload Partitioning pins all management pods to reserved cores.
+A sufficient number of cores must be allocated to the reserved set to account for operating system, management pods, and expected spikes in CPU use that occur when the workload starts, the node reboots, or other system events happen.
diff --git a/modules/telco-ran-yaml-ref-cluster-tuning.adoc b/modules/telco-ran-yaml-ref-cluster-tuning.adoc
new file mode 100644
index 000000000000..64165e1ee36c
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-cluster-tuning.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="cluster-tuning-yaml_{context}"]
+= Cluster tuning reference YAML
+
+[id="ztp-example-sno-yaml"]
+.example-sno.yaml
+[source,yaml]
+----
+include::snippets/ztp_example-sno.yaml[]
+----
+
+[id="ztp-disablesnonetworkdiag-yaml"]
+.DisableSnoNetworkDiag.yaml
+[source,yaml]
+----
+include::snippets/ztp_DisableSnoNetworkDiag.yaml[]
+----
+
+[id="ztp-reducemonitoringfootprint-yaml"]
+.ReduceMonitoringFootprint.yaml
+[source,yaml]
+----
+include::snippets/ztp_ReduceMonitoringFootprint.yaml[]
+----
+
+[id="ztp-defaultcatsrc-yaml"]
+.DefaultCatsrc.yaml
+[source,yaml]
+----
+include::snippets/ztp_DefaultCatsrc.yaml[]
+----
+
+[id="ztp-disconnectedicsp-yaml"]
+.DisconnectedICSP.yaml
+[source,yaml]
+----
+include::snippets/ztp_DisconnectedICSP.yaml[]
+----
+
+[id="ztp-operatorhub-yaml"]
+.OperatorHub.yaml
+[source,yaml]
+----
+include::snippets/ztp_OperatorHub.yaml[]
+----
diff --git a/modules/telco-ran-yaml-ref-day-2-operators.adoc b/modules/telco-ran-yaml-ref-day-2-operators.adoc
new file mode 100644
index 000000000000..743ad8879304
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-day-2-operators.adoc
@@ -0,0 +1,210 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="day-2-operators-yaml_{context}"]
+= Day 2 Operators reference YAML
+
+[id="ztp-clusterlogforwarder-yaml"]
+.ClusterLogForwarder.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogForwarder.yaml[]
+----
+
+[id="ztp-clusterlogging-yaml"]
+.ClusterLogging.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogging.yaml[]
+----
+
+[id="ztp-clusterlogns-yaml"]
+.ClusterLogNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogNS.yaml[]
+----
+
+[id="ztp-clusterlogopergroup-yaml"]
+.ClusterLogOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogOperGroup.yaml[]
+----
+
+[id="ztp-clusterlogsubscription-yaml"]
+.ClusterLogSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogSubscription.yaml[]
+----
+
+[id="ztp-storageclass-yaml"]
+.StorageClass.yaml
+[source,yaml]
+----
+include::snippets/ztp_StorageClass.yaml[]
+----
+
+[id="ztp-storagelv-yaml"]
+.StorageLV.yaml
+[source,yaml]
+----
+include::snippets/ztp_StorageLV.yaml[]
+----
+
+[id="ztp-storagens-yaml"]
+.StorageNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_StorageNS.yaml[]
+----
+
+[id="ztp-storageopergroup-yaml"]
+.StorageOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_StorageOperGroup.yaml[]
+----
+
+[id="ztp-storagesubscription-yaml"]
+.StorageSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_StorageSubscription.yaml[]
+----
+
+[id="ztp-performanceprofile-yaml"]
+.PerformanceProfile.yaml
+[source,yaml]
+----
+include::snippets/ztp_PerformanceProfile.yaml[]
+----
+
+[id="ztp-tunedperformancepatch-yaml"]
+.TunedPerformancePatch.yaml
+[source,yaml]
+----
+include::snippets/ztp_TunedPerformancePatch.yaml[]
+----
+
+[id="ztp-ptpoperatorconfigforevent-yaml"]
+.PtpOperatorConfigForEvent.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpOperatorConfigForEvent.yaml[]
+----
+
+[id="ztp-ptpconfigboundary-yaml"]
+.PtpConfigBoundary.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpConfigBoundary.yaml[]
+----
+
+[id="ztp-ptpconfiggmwpc-yaml"]
+.PtpConfigGmWpc.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpConfigGmWpc.yaml[]
+----
+
+[id="ztp-ptpconfigslave-yaml"]
+.PtpConfigSlave.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpConfigSlave.yaml[]
+----
+
+[id="ztp-ptpsubscription-yaml"]
+.PtpSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpSubscription.yaml[]
+----
+
+[id="ztp-ptpsubscriptionns-yaml"]
+.PtpSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpSubscriptionNS.yaml[]
+----
+
+[id="ztp-ptpsubscriptionopergroup-yaml"]
+.PtpSubscriptionOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_PtpSubscriptionOperGroup.yaml[]
+----
+
+[id="ztp-acceleratorsns-yaml"]
+.AcceleratorsNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_AcceleratorsNS.yaml[]
+----
+
+[id="ztp-acceleratorsopergroup-yaml"]
+.AcceleratorsOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_AcceleratorsOperGroup.yaml[]
+----
+
+[id="ztp-acceleratorssubscription-yaml"]
+.AcceleratorsSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_AcceleratorsSubscription.yaml[]
+----
+
+[id="ztp-sriovfecclusterconfig-yaml"]
+.SriovFecClusterConfig.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovFecClusterConfig.yaml[]
+----
+
+[id="ztp-sriovnetwork-yaml"]
+.SriovNetwork.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovNetwork.yaml[]
+----
+
+[id="ztp-sriovnetworknodepolicy-yaml"]
+.SriovNetworkNodePolicy.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovNetworkNodePolicy.yaml[]
+----
+
+[id="ztp-sriovoperatorconfig-yaml"]
+.SriovOperatorConfig.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovOperatorConfig.yaml[]
+----
+
+[id="ztp-sriovsubscription-yaml"]
+.SriovSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscription.yaml[]
+----
+
+[id="ztp-sriovsubscriptionns-yaml"]
+.SriovSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscriptionNS.yaml[]
+----
+
+[id="ztp-sriovsubscriptionopergroup-yaml"]
+.SriovSubscriptionOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscriptionOperGroup.yaml[]
+----
diff --git a/modules/telco-ran-yaml-ref-machine-configuration.adoc b/modules/telco-ran-yaml-ref-machine-configuration.adoc
new file mode 100644
index 000000000000..91009b4660fd
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-machine-configuration.adoc
@@ -0,0 +1,112 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="machine-configuration-yaml_{context}"]
+= Machine configuration reference YAML
+
+[id="ztp-enable-crun-master-yaml"]
+.enable-crun-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_enable-crun-master.yaml[]
+----
+
+[id="ztp-enable-crun-worker-yaml"]
+.enable-crun-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_enable-crun-worker.yaml[]
+----
+
+[id="ztp-99-crio-disable-wipe-master-yaml"]
+.99-crio-disable-wipe-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_99-crio-disable-wipe-master.yaml[]
+----
+
+[id="ztp-99-crio-disable-wipe-worker-yaml"]
+.99-crio-disable-wipe-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_99-crio-disable-wipe-worker.yaml[]
+----
+
+[id="ztp-05-kdump-config-master-yaml"]
+.05-kdump-config-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_05-kdump-config-master.yaml[]
+----
+
+[id="ztp-05-kdump-config-worker-yaml"]
+.05-kdump-config-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_05-kdump-config-worker.yaml[]
+----
+
+[id="ztp-06-kdump-master-yaml"]
+.06-kdump-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_06-kdump-master.yaml[]
+----
+
+[id="ztp-06-kdump-worker-yaml"]
+.06-kdump-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_06-kdump-worker.yaml[]
+----
+
+[id="ztp-01-container-mount-ns-and-kubelet-conf-master-yaml"]
+.01-container-mount-ns-and-kubelet-conf-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_01-container-mount-ns-and-kubelet-conf-master.yaml[]
+----
+
+[id="ztp-01-container-mount-ns-and-kubelet-conf-worker-yaml"]
+.01-container-mount-ns-and-kubelet-conf-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_01-container-mount-ns-and-kubelet-conf-worker.yaml[]
+----
+
+[id="ztp-99-sync-time-once-master-yaml"]
+.99-sync-time-once-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_99-sync-time-once-master.yaml[]
+----
+
+[id="ztp-99-sync-time-once-worker-yaml"]
+.99-sync-time-once-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_99-sync-time-once-worker.yaml[]
+----
+
+[id="ztp-03-sctp-machine-config-master-yaml"]
+.03-sctp-machine-config-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_03-sctp-machine-config-master.yaml[]
+----
+
+[id="ztp-03-sctp-machine-config-worker-yaml"]
+.03-sctp-machine-config-worker.yaml
+[source,yaml]
+----
+include::snippets/ztp_03-sctp-machine-config-worker.yaml[]
+----
+
+[id="ztp-07-sriov-related-kernel-args-master-yaml"]
+.07-sriov-related-kernel-args-master.yaml
+[source,yaml]
+----
+include::snippets/ztp_07-sriov-related-kernel-args-master.yaml[]
+----
diff --git a/modules/telco-ran-yaml-ref-networking.adoc b/modules/telco-ran-yaml-ref-networking.adoc
new file mode 100644
index 000000000000..3a9338d7a78c
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-networking.adoc
@@ -0,0 +1,127 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="networking-yaml_{context}"]
+= Networking reference YAML
+
+[id="ztp-network-yaml"]
+.Network.yaml
+[source,yaml]
+----
+include::snippets/ztp_Network.yaml[]
+----
+
+[id="ztp-networkattachmentdefinition-yaml"]
+.networkAttachmentDefinition.yaml
+[source,yaml]
+----
+include::snippets/ztp_networkAttachmentDefinition.yaml[]
+----
+
+[id="ztp-sriovsubscriptionns-yaml"]
+.SriovSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscriptionNS.yaml[]
+----
+
+[id="ztp-sriovsubscriptionopergroup-yaml"]
+.SriovSubscriptionOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscriptionOperGroup.yaml[]
+----
+
+[id="ztp-sriovsubscription-yaml"]
+.SriovSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscription.yaml[]
+----
+
+[id="ztp-sriovoperatorconfig-yaml"]
+.SriovOperatorConfig.yaml
+[source,yaml]
+----
+include::snippets/ztp_SriovOperatorConfig.yaml[]
+----
+
+[id="ztp-sriovnetworknodepolicy-yaml"]
+.sriovNetworkNodePolicy.yaml
+[source,yaml]
+----
+include::snippets/ztp_sriovNetworkNodePolicy.yaml[]
+----
+
+[id="ztp-sriovnetwork-yaml"]
+.sriovNetwork.yaml
+[source,yaml]
+----
+include::snippets/ztp_sriovNetwork.yaml[]
+----
+
+[id="ztp-metallbns-yaml"]
+.metallbNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_metallbNS.yaml[]
+----
+
+[id="ztp-metallbopergroup-yaml"]
+.metallbOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_metallbOperGroup.yaml[]
+----
+
+[id="ztp-metallbsubscription-yaml"]
+.metallbSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_metallbSubscription.yaml[]
+----
+
+[id="ztp-metallb-yaml"]
+.metallb.yaml
+[source,yaml]
+----
+include::snippets/ztp_metallb.yaml[]
+----
+
+[id="ztp-bgp-peer-yaml"]
+.bgp-peer.yaml
+[source,yaml]
+----
+include::snippets/ztp_bgp-peer.yaml[]
+----
+
+[id="ztp-bfd-profile-yaml"]
+.bfd-profile.yaml
+[source,yaml]
+----
+include::snippets/ztp_bfd-profile.yaml[]
+----
+
+[id="ztp-addr-pool-yaml"]
+.addr-pool.yaml
+[source,yaml]
+----
+include::snippets/ztp_addr-pool.yaml[]
+----
+
+[id="ztp-bgp-advr-yaml"]
+.bgp-advr.yaml
+[source,yaml]
+----
+include::snippets/ztp_bgp-advr.yaml[]
+----
+
+[id="ztp-mc_rootless_pods_selinux-yaml"]
+.mc_rootless_pods_selinux.yaml
+[source,yaml]
+----
+include::snippets/ztp_mc_rootless_pods_selinux.yaml[]
+----
+
diff --git a/modules/telco-ran-yaml-ref-other.adoc b/modules/telco-ran-yaml-ref-other.adoc
new file mode 100644
index 000000000000..f214aca7f10e
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-other.adoc
@@ -0,0 +1,92 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="other-yaml_{context}"]
+= Other reference YAML
+
+[id="ztp-catalog-source-yaml"]
+.catalog-source.yaml
+[source,yaml]
+----
+include::snippets/ztp_catalog-source.yaml[]
+----
+
+[id="ztp-icsp-yaml"]
+.icsp.yaml
+[source,yaml]
+----
+include::snippets/ztp_icsp.yaml[]
+----
+
+[id="ztp-operator-hub-yaml"]
+.operator-hub.yaml
+[source,yaml]
+----
+include::snippets/ztp_operator-hub.yaml[]
+----
+
+[id="ztp-clusterlogns-yaml"]
+.ClusterLogNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogNS.yaml[]
+----
+
+[id="ztp-clusterlogopergroup-yaml"]
+.ClusterLogOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogOperGroup.yaml[]
+----
+
+[id="ztp-clusterlogsubscription-yaml"]
+.ClusterLogSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogSubscription.yaml[]
+----
+
+[id="ztp-clusterlogforwarder-yaml"]
+.ClusterLogForwarder.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogForwarder.yaml[]
+----
+
+[id="ztp-clusterlogging-yaml"]
+.ClusterLogging.yaml
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogging.yaml[]
+----
+
+[id="ztp-control-plane-load-kernel-modules-yaml"]
+.control-plane-load-kernel-modules.yaml
+[source,yaml]
+----
+include::snippets/ztp_control-plane-load-kernel-modules.yaml[]
+----
+
+[id="ztp-worker-load-kernel-modules-yaml"]
+.worker-load-kernel-modules.yaml
+[source,yaml]
+----
+include::snippets/ztp_worker-load-kernel-modules.yaml[]
+----
+
+[id="ztp-sctp_module_mc-yaml"]
+.sctp_module_mc.yaml
+[source,yaml]
+----
+include::snippets/ztp_sctp_module_mc.yaml[]
+----
+
+[id="ztp-performanceprofile-yaml"]
+.PerformanceProfile.yaml
+[source,yaml]
+----
+include::snippets/ztp_PerformanceProfile.yaml[]
+----
+
diff --git a/modules/telco-ran-yaml-ref-resource-tuning.adoc b/modules/telco-ran-yaml-ref-resource-tuning.adoc
new file mode 100644
index 000000000000..a808ce145221
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-resource-tuning.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="resource-tuning-yaml_{context}"]
+= Resource Tuning reference YAML
+
+[id="ztp-pid-limits-cr-yaml"]
+.pid-limits-cr.yaml
+[source,yaml]
+----
+include::snippets/ztp_pid-limits-cr.yaml[]
+----
+
+[id="ztp-control-plane-system-reserved-yaml"]
+.control-plane-system-reserved.yaml
+[source,yaml]
+----
+include::snippets/ztp_control-plane-system-reserved.yaml[]
+----
+
diff --git a/modules/telco-ran-yaml-ref-scheduling.adoc b/modules/telco-ran-yaml-ref-scheduling.adoc
new file mode 100644
index 000000000000..598373fb6e59
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-scheduling.adoc
@@ -0,0 +1,50 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="scheduling-yaml_{context}"]
+= Scheduling reference YAML
+
+[id="ztp-nropsubscriptionns-yaml"]
+.NROPSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_NROPSubscriptionNS.yaml[]
+----
+
+[id="ztp-nropsubscriptionopergroup-yaml"]
+.NROPSubscriptionOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_NROPSubscriptionOperGroup.yaml[]
+----
+
+[id="ztp-nropsubscription-yaml"]
+.NROPSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_NROPSubscription.yaml[]
+----
+
+[id="ztp-nropsubscriptionns-yaml"]
+.NROPSubscriptionNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_NROPSubscriptionNS.yaml[]
+----
+
+[id="ztp-sched-yaml"]
+.sched.yaml
+[source,yaml]
+----
+include::snippets/ztp_sched.yaml[]
+----
+
+[id="ztp-nrop-yaml"]
+.nrop.yaml
+[source,yaml]
+----
+include::snippets/ztp_nrop.yaml[]
+----
+
diff --git a/modules/telco-ran-yaml-ref-storage.adoc b/modules/telco-ran-yaml-ref-storage.adoc
new file mode 100644
index 000000000000..94669c05557d
--- /dev/null
+++ b/modules/telco-ran-yaml-ref-storage.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// *
+
+:_mod-docs-content-type: REFERENCE
+[id="storage-yaml_{context}"]
+= Storage reference YAML
+
+[id="ztp-odffns-yaml"]
+.odffNS.yaml
+[source,yaml]
+----
+include::snippets/ztp_odffNS.yaml[]
+----
+
+[id="ztp-odfopergroup-yaml"]
+.odfOperGroup.yaml
+[source,yaml]
+----
+include::snippets/ztp_odfOperGroup.yaml[]
+----
+
+[id="ztp-odfsubscription-yaml"]
+.odfSubscription.yaml
+[source,yaml]
+----
+include::snippets/ztp_odfSubscription.yaml[]
+----
+
+[id="ztp-01-rook-ceph-external-cluster-details.secret-yaml"]
+.01-rook-ceph-external-cluster-details.secret.yaml
+[source,yaml]
+----
+include::snippets/ztp_01-rook-ceph-external-cluster-details.secret.yaml[]
+----
+
+[id="ztp-02-ocs-external-storagecluster-yaml"]
+.02-ocs-external-storagecluster.yaml
+[source,yaml]
+----
+include::snippets/ztp_02-ocs-external-storagecluster.yaml[]
+----
+
diff --git a/modules/telco-ref-design-overview.adoc b/modules/telco-ref-design-overview.adoc
new file mode 100644
index 000000000000..40b5f7e715f7
--- /dev/null
+++ b/modules/telco-ref-design-overview.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// *
+:_mod-docs-content-type: CONCEPT
+[id="telco-ref-design-overview_{context}"]
+= Reference design specifications for telco 5G deployments
+
+Red Hat and certified partners offer deep technical expertise and support for networking and operational capabilities required to run telco applications on {product-title} {product-version} clusters.
+
+Red Hat's telco partners require a well-integrated, well-tested, and stable environment that can be replicated at scale for enterprise 5G solutions.
+The telco core and RAN DU reference design specifications (RDS) outline the recommended solution architecture based on a specific version of {product-title}.
+Each RDS describes a tested and validated platform configuration for telco core and RAN DU use models.
+The RDS ensures an optimal experience when running your applications by defining the set of critical KPIs for telco 5G core and RAN DU.
+Following the RDS minimizes high severity escalations and improves application stability.
+
+5G use cases are evolving and your workloads are continually changing.
+Red Hat is committed to iterating over the telco core and RAN DU RDS to support evolving requirements based on customer and partner feedback.
diff --git a/modules/telco-reference-application-workload-characteristics.adoc b/modules/telco-reference-application-workload-characteristics.adoc
new file mode 100644
index 000000000000..850b00cc6788
--- /dev/null
+++ b/modules/telco-reference-application-workload-characteristics.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/ran/telco-ran-du-overview.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="telco-reference-application-workload-characteristics_{context}"]
+= {rds-caps} representative reference application workload characteristics
+
+The representative reference application workload has the following characteristics:
+
+* Has a maximum of 15 pods and 30 containers for the vRAN application including its management and control functions
+
+* Uses a maximum of 2 `ConfigMap` and 4 `Secret` CRs per pod
+
+* Uses a maximum of 10 exec probes with a frequency of not less than 10 seconds
+
+* Incremental application load on the `kube-apiserver` is less than 10% of the cluster platform usage
++
+[NOTE]
+====
+You can extract CPU load can from the platform metrics.
+For example:
+
+[source,text]
+----
+query=avg_over_time(pod:container_cpu_usage:sum{namespace="openshift-kube-apiserver"}[30m])
+----
+====
+
+* Application logs are not collected by the platform log collector
+
+* Aggregate traffic on the primary CNI is less than 1 MBps
diff --git a/modules/telemetry-about-telemetry.adoc b/modules/telemetry-about-telemetry.adoc
index b5e8c6797b04..510a37c3d6a0 100644
--- a/modules/telemetry-about-telemetry.adoc
+++ b/modules/telemetry-about-telemetry.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/about-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="telemetry-about-telemetry_{context}"]
 = About Telemetry
 
diff --git a/modules/telemetry-consequences-of-disabling-telemetry.adoc b/modules/telemetry-consequences-of-disabling-telemetry.adoc
index f3d0336ffb2e..89af41b61799 100644
--- a/modules/telemetry-consequences-of-disabling-telemetry.adoc
+++ b/modules/telemetry-consequences-of-disabling-telemetry.adoc
@@ -1,7 +1,6 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
-// * sd_support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
 
 [id="telemetry-consequences-of-disabling-telemetry_{context}"]
 = Consequences of disabling remote health reporting
diff --git a/modules/telemetry-showing-data-collected-from-the-cluster.adoc b/modules/telemetry-showing-data-collected-from-the-cluster.adoc
index 379ee05d234a..a5bb2603fa1b 100644
--- a/modules/telemetry-showing-data-collected-from-the-cluster.adoc
+++ b/modules/telemetry-showing-data-collected-from-the-cluster.adoc
@@ -1,10 +1,8 @@
 // Module included in the following assemblies:
 //
-// * rosa_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
 // * support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="showing-data-collected-from-the-cluster_{context}"]
 = Showing data collected by Telemetry
 
@@ -12,15 +10,20 @@ You can view the cluster and components time series data captured by Telemetry.
 
 .Prerequisites
 
-* You have installed the 
+* You have installed the
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-{product-title} 
+{product-title}
 endif::openshift-enterprise,openshift-webscale,openshift-origin[]
 ifndef::openshift-enterprise,openshift-webscale,openshift-origin[]
 OpenShift Container Platform
 endif::openshift-enterprise,openshift-webscale,openshift-origin[]
 CLI (`oc`).
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role or the `cluster-monitoring-view` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
diff --git a/modules/telemetry-user-telemetry.adoc b/modules/telemetry-user-telemetry.adoc
index 4c1c54e69017..9dd4322518fc 100644
--- a/modules/telemetry-user-telemetry.adoc
+++ b/modules/telemetry-user-telemetry.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
+// * support/remote_health_monitoring/about-remote-health-monitoring.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="telemetry-user-telemetry_{context}"]
 = User Telemetry
 
diff --git a/modules/telemetry-what-information-is-collected.adoc b/modules/telemetry-what-information-is-collected.adoc
index 705bab25961c..9bb5fd72d6c7 100644
--- a/modules/telemetry-what-information-is-collected.adoc
+++ b/modules/telemetry-what-information-is-collected.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/about-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="what-information-is-collected_{context}"]
 = Information collected by Telemetry
 
diff --git a/modules/templates-cli-generating-list-of-objects.adoc b/modules/templates-cli-generating-list-of-objects.adoc
index d7e0a69eb851..f799a8ac3a73 100644
--- a/modules/templates-cli-generating-list-of-objects.adoc
+++ b/modules/templates-cli-generating-list-of-objects.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-cli-generating-list-of-objects_{context}"]
 = Generating a list of objects
 
diff --git a/modules/templates-cli-labels.adoc b/modules/templates-cli-labels.adoc
index 9d1a22dad521..e4336fb820f0 100644
--- a/modules/templates-cli-labels.adoc
+++ b/modules/templates-cli-labels.adoc
@@ -2,7 +2,7 @@
 //
 //  * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-cli-labels_{context}"]
 = Adding labels
 
diff --git a/modules/templates-cli-parameters.adoc b/modules/templates-cli-parameters.adoc
index ea68fc4eb96c..11d2c81b17f8 100644
--- a/modules/templates-cli-parameters.adoc
+++ b/modules/templates-cli-parameters.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-cli-parameters_{context}"]
 = Listing parameters
 
diff --git a/modules/templates-create-from-existing-object.adoc b/modules/templates-create-from-existing-object.adoc
index e35a1673e2d0..d6201eafb270 100644
--- a/modules/templates-create-from-existing-object.adoc
+++ b/modules/templates-create-from-existing-object.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-create-from-existing-object_{context}"]
 = Creating a template from existing objects
 
diff --git a/modules/templates-creating-from-console.adoc b/modules/templates-creating-from-console.adoc
index a6adc5c67d51..80cef13015a4 100644
--- a/modules/templates-creating-from-console.adoc
+++ b/modules/templates-creating-from-console.adoc
@@ -2,17 +2,22 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-creating-from-console_{context}"]
-= Creating an application by using the web console
+= Creating an application by using the web console 
 
 You can use the web console to create an application from a template.
 
 .Procedure
 
-. While in the desired project, click *Add to Project*.
+. Select *Developer* from the context selector at the top of the web console
+navigation menu.
 
-. Select either a builder image from the list of images in your project, or from the service catalog.
+. While in the desired project, click *+Add*
+
+. Click *All services* in the *Developer Catalog* tile.
+
+. Click *Builder Images* under *Type* to see the available builder images.
 +
 [NOTE]
 ====
@@ -28,16 +33,16 @@ metadata:
   name: "ruby"
   creationTimestamp: null
 spec:
-  dockerImageRepository: "registry.redhat.io/rhscl/ruby-26-rhel7"
+# ...
   tags:
-    -
-      name: "2.6"
+    - name: "2.6"
       annotations:
         description: "Build and run Ruby 2.6 applications"
         iconClass: "icon-ruby"
         tags: "builder,ruby" <1>
         supports: "ruby:2.6,ruby"
         version: "2.6"
+# ...
 ----
 <1> Including `builder` here ensures this image stream tag appears in the
 web console as a builder.
diff --git a/modules/templates-exposing-object-fields.adoc b/modules/templates-exposing-object-fields.adoc
index 8b8cf45ddbac..28fcbbe293e4 100644
--- a/modules/templates-exposing-object-fields.adoc
+++ b/modules/templates-exposing-object-fields.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-exposing-object-fields_{context}"]
 = Exposing template object fields
 
@@ -48,7 +48,7 @@ objects:
     annotations:
       template.openshift.io/base64-expose-password: "{.data['password']}"
   stringData:
-    password: bar
+    password: <password>
 - kind: Service
   apiVersion: v1
   metadata:
diff --git a/modules/templates-marking-as-bindable.adoc b/modules/templates-marking-as-bindable.adoc
index 687067fdfdae..181625516233 100644
--- a/modules/templates-marking-as-bindable.adoc
+++ b/modules/templates-marking-as-bindable.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-marking-as-bindable_{context}"]
 = Marking a template as bindable
 
diff --git a/modules/templates-modifying-uploaded-template.adoc b/modules/templates-modifying-uploaded-template.adoc
index 7ac32dbf0d34..0979df998e93 100644
--- a/modules/templates-modifying-uploaded-template.adoc
+++ b/modules/templates-modifying-uploaded-template.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-modifying-uploaded-template_{context}"]
 = Modifying uploaded templates
 
diff --git a/modules/templates-overview.adoc b/modules/templates-overview.adoc
index 1d404f3cc913..d9c3b061c7b9 100644
--- a/modules/templates-overview.adoc
+++ b/modules/templates-overview.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="templates-overview_{context}"]
 = Understanding templates
 
diff --git a/modules/templates-rails-configuring-application.adoc b/modules/templates-rails-configuring-application.adoc
index 9dbc75653603..6459954ccccd 100644
--- a/modules/templates-rails-configuring-application.adoc
+++ b/modules/templates-rails-configuring-application.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-configuring-application_{context}"]
 = Configuring application for {product-title}
 
diff --git a/modules/templates-rails-creating-database-service.adoc b/modules/templates-rails-creating-database-service.adoc
index 419863cb52cf..e62a9d0213e4 100644
--- a/modules/templates-rails-creating-database-service.adoc
+++ b/modules/templates-rails-creating-database-service.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //  * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-creating-database-service_{context}"]
 = Creating the database service
 
diff --git a/modules/templates-rails-creating-frontend-service.adoc b/modules/templates-rails-creating-frontend-service.adoc
index 069d73f0e2be..ea0f0828dd84 100644
--- a/modules/templates-rails-creating-frontend-service.adoc
+++ b/modules/templates-rails-creating-frontend-service.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-creating-frontend-service_{context}"]
 = Creating the frontend service
 
diff --git a/modules/templates-rails-creating-route-for-application.adoc b/modules/templates-rails-creating-route-for-application.adoc
index 6f2595fc2576..f6dca3f74c79 100644
--- a/modules/templates-rails-creating-route-for-application.adoc
+++ b/modules/templates-rails-creating-route-for-application.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //  * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-creating-route-for-application_{context}"]
 = Creating a route for your application
 
diff --git a/modules/templates-rails-creating-welcome-page.adoc b/modules/templates-rails-creating-welcome-page.adoc
index de757f6d58c9..c8396b28c2d2 100644
--- a/modules/templates-rails-creating-welcome-page.adoc
+++ b/modules/templates-rails-creating-welcome-page.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //  * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-creating-welcome-page_{context}"]
 = Creating a welcome page
 
diff --git a/modules/templates-rails-deploying-application.adoc b/modules/templates-rails-deploying-application.adoc
index 8a51741ecc90..260d9e444afa 100644
--- a/modules/templates-rails-deploying-application.adoc
+++ b/modules/templates-rails-deploying-application.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-deploying-application_{context}"]
 = Deploying your application to {product-title}
 
diff --git a/modules/templates-rails-setting-up-database.adoc b/modules/templates-rails-setting-up-database.adoc
index cf00e1629012..ea7d6725f653 100644
--- a/modules/templates-rails-setting-up-database.adoc
+++ b/modules/templates-rails-setting-up-database.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-setting-up-database_{context}"]
 = Setting up the database
 
diff --git a/modules/templates-rails-storing-application-in-git.adoc b/modules/templates-rails-storing-application-in-git.adoc
index 3f1c9d987e72..1c2051a03dfa 100644
--- a/modules/templates-rails-storing-application-in-git.adoc
+++ b/modules/templates-rails-storing-application-in-git.adoc
@@ -2,7 +2,7 @@
 // * openshift_images/templates-ruby-on-rails.adoc
 
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-storing-application-in-git_{context}"]
 = Storing your application in Git
 
diff --git a/modules/templates-rails-writing-application.adoc b/modules/templates-rails-writing-application.adoc
index dd72d0271570..625318f57b33 100644
--- a/modules/templates-rails-writing-application.adoc
+++ b/modules/templates-rails-writing-application.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 // * openshift_images/templates-ruby-on-rails.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-rails-writing-application_{context}"]
 = Writing your application
 
@@ -63,7 +63,7 @@ default: &default
   pool: 5
   host: localhost
   username: rails
-  password:
+  password: <password>
 ----
 
 . Create your application's development and test databases:
diff --git a/modules/templates-uploading.adoc b/modules/templates-uploading.adoc
index a24abfba4eec..9fae630d845c 100644
--- a/modules/templates-uploading.adoc
+++ b/modules/templates-uploading.adoc
@@ -2,22 +2,24 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-uploading_{context}"]
 = Uploading a template
 
-If you have a JSON or YAML file that defines a template, for example as seen in this example, you can upload the template to projects using the CLI. This saves the template to the project for repeated use by any user with appropriate access to that project. Instructions on writing your own templates are provided later in this topic.
+If you have a JSON or YAML file that defines a template, you can upload the template to projects using the CLI. This saves the template to the project for repeated use by any user with appropriate access to that project. Instructions about writing your own templates are provided later in this topic.
 
 .Procedure
 
-* Upload a template to your current project's template library, pass the JSON or YAML file with the following command:
+* Upload a template using one of the following methods:
+
+** Upload a template to your current project's template library, pass the JSON or YAML file with the following command:
 +
 [source,terminal]
 ----
 $ oc create -f <filename>
 ----
 
-* Upload a template to a different project using the `-n` option with the name of the project:
+** Upload a template to a different project using the `-n` option with the name of the project:
 +
 [source,terminal]
 ----
diff --git a/modules/templates-using-instant-app-quickstart.adoc b/modules/templates-using-instant-app-quickstart.adoc
index 19d1f0e991ab..10937737055c 100644
--- a/modules/templates-using-instant-app-quickstart.adoc
+++ b/modules/templates-using-instant-app-quickstart.adoc
@@ -2,7 +2,7 @@
 //
 // * openshift_images/using-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="templates-using-instant-app-quickstart_{context}"]
 = Using instant app and quick start templates
 
diff --git a/modules/tls-profiles-ingress-configuring.adoc b/modules/tls-profiles-ingress-configuring.adoc
index ad63e7e79533..90205c349929 100644
--- a/modules/tls-profiles-ingress-configuring.adoc
+++ b/modules/tls-profiles-ingress-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * security/tls-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="tls-profiles-ingress-configuring_{context}"]
 = Configuring the TLS security profile for the Ingress Controller
 
diff --git a/modules/tls-profiles-kubelet-configuring.adoc b/modules/tls-profiles-kubelet-configuring.adoc
index ce6b5db6092e..4a7b7f936bb8 100644
--- a/modules/tls-profiles-kubelet-configuring.adoc
+++ b/modules/tls-profiles-kubelet-configuring.adoc
@@ -1,12 +1,13 @@
 // Module included in the following assemblies:
 //
 // * security/tls-profiles.adoc
+// * nodes/nodes/nodes-nodes-tls.adoc
 
 ifeval::["{context}" == "tls-security-profiles"]
 :tls:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="tls-profiles-kubelet-configuring_{context}"]
 = Configuring the TLS security profile for the kubelet
 
@@ -29,13 +30,19 @@ spec:
   machineConfigPoolSelector:
     matchLabels:
       pools.operator.machineconfiguration.openshift.io/worker: ""
+#...
 ----
 
 You can see the ciphers and the minimum TLS version of the configured TLS security profile in the `kubelet.conf` file on a configured node.
 
 .Prerequisites
 
-* You have access to the cluster as a user with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to {product-title} as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
@@ -61,6 +68,7 @@ spec:
   machineConfigPoolSelector:
     matchLabels:
       pools.operator.machineconfiguration.openshift.io/worker: "" <4>
+#...
 ----
 +
 <1> Specify the TLS security profile type (`Old`, `Intermediate`, or `Custom`). The default is `Intermediate`.
@@ -108,9 +116,9 @@ sh-4.4# cat /etc/kubernetes/kubelet.conf
 .Example output
 [source,terminal]
 ----
-kind: KubeletConfiguration
-apiVersion: kubelet.config.k8s.io/v1beta1
- ...
+  "kind": "KubeletConfiguration",
+  "apiVersion": "kubelet.config.k8s.io/v1beta1",
+#...
   "tlsCipherSuites": [
     "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
     "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
@@ -120,6 +128,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1
     "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
   ],
   "tlsMinVersion": "VersionTLS12",
+#...
 ----
 
 ifeval::["{context}" == "tls-security-profiles"]
diff --git a/modules/tls-profiles-kubernetes-configuring.adoc b/modules/tls-profiles-kubernetes-configuring.adoc
index 314dc39c1272..64486511b478 100644
--- a/modules/tls-profiles-kubernetes-configuring.adoc
+++ b/modules/tls-profiles-kubernetes-configuring.adoc
@@ -2,7 +2,7 @@
 //
 // * security/tls-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="tls-profiles-kubernetes-configuring_{context}"]
 = Configuring the TLS security profile for the control plane
 
diff --git a/modules/tls-profiles-understanding.adoc b/modules/tls-profiles-understanding.adoc
index 07c2e0b4c266..c54b36db7df7 100644
--- a/modules/tls-profiles-understanding.adoc
+++ b/modules/tls-profiles-understanding.adoc
@@ -3,7 +3,7 @@
 // * security/tls-security-profiles.adoc
 // * networking/ingress-operator.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="tls-profiles-understanding_{context}"]
 = Understanding TLS security profiles
 
diff --git a/modules/tls-profiles-view-details.adoc b/modules/tls-profiles-view-details.adoc
index 5dacd1149d14..602a0736cc24 100644
--- a/modules/tls-profiles-view-details.adoc
+++ b/modules/tls-profiles-view-details.adoc
@@ -2,7 +2,7 @@
 //
 // * security/tls-security-profiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="tls-profiles-view-details_{context}"]
 = Viewing TLS security profile details
 
diff --git a/modules/tokens-scoping-about.adoc b/modules/tokens-scoping-about.adoc
index aa6fcc72ca2b..2b7f58ab4287 100644
--- a/modules/tokens-scoping-about.adoc
+++ b/modules/tokens-scoping-about.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/tokens-scoping.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="tokens-scoping-about_{context}"]
 = About scoping tokens
 
@@ -12,8 +12,13 @@ For example, a project administrator might want to delegate the
 power to create pods.
 
 A scoped token is a token that identifies as a given user but is limited to
-certain actions by its scope. Only a user with the `cluster-admin` role can create
-scoped tokens.
+certain actions by its scope.
+ifndef::openshift-dedicated,openshift-rosa[]
+Only a user with the `cluster-admin` role can create scoped tokens.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Only a user with the `dedicated-admin` role can create scoped tokens.
+endif::openshift-dedicated,openshift-rosa[]
 
 Scopes are evaluated by converting the set of scopes for a token into a set of
 `PolicyRules`. Then, the request is matched against those rules. The request
diff --git a/modules/trigger-event-delivery-config.adoc b/modules/trigger-event-delivery-config.adoc
index d3d6071a7394..061d7d47d9ad 100644
--- a/modules/trigger-event-delivery-config.adoc
+++ b/modules/trigger-event-delivery-config.adoc
@@ -2,7 +2,7 @@
 //
 // * /serverless/develop/serverless-triggers.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="trigger-event-delivery-config_{context}"]
 = Configuring event delivery ordering for triggers
 
diff --git a/modules/troubleshooting-debugging-ignition.adoc b/modules/troubleshooting-debugging-ignition.adoc
index 6c2e6b819564..2a82f6cc5ee0 100644
--- a/modules/troubleshooting-debugging-ignition.adoc
+++ b/modules/troubleshooting-debugging-ignition.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operating-system-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="debugging-ignition_{context}"]
 = Debugging Ignition failures
 
diff --git a/modules/troubleshooting-disabling-autoreboot-mco-cli.adoc b/modules/troubleshooting-disabling-autoreboot-mco-cli.adoc
index cce4621ba6e9..483ee2b0655c 100644
--- a/modules/troubleshooting-disabling-autoreboot-mco-cli.adoc
+++ b/modules/troubleshooting-disabling-autoreboot-mco-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="troubleshooting-disabling-autoreboot-mco-cli_{context}"]
 = Disabling the Machine Config Operator from automatically rebooting by using the CLI
 
@@ -15,7 +15,12 @@ See second `NOTE` in xref:../../support/troubleshooting/troubleshooting-operator
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/troubleshooting-disabling-autoreboot-mco-console.adoc b/modules/troubleshooting-disabling-autoreboot-mco-console.adoc
index 8381d8d1ae2a..a9b8cac81423 100644
--- a/modules/troubleshooting-disabling-autoreboot-mco-console.adoc
+++ b/modules/troubleshooting-disabling-autoreboot-mco-console.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operator-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="troubleshooting-disabling-autoreboot-mco-console_{context}"]
 = Disabling the Machine Config Operator from automatically rebooting by using the console
 
@@ -15,7 +15,12 @@ See second `NOTE` in xref:../../support/troubleshooting/troubleshooting-operator
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 
@@ -38,10 +43,11 @@ To pause or unpause automatic MCO update rebooting:
 ----
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfigPool
- ...
+# ...
 spec:
- ...
+# ...
   paused: true <1>
+# ...
 ----
 <1> Update the `spec.paused` field to `true` to pause rebooting.
 
@@ -73,10 +79,11 @@ If there are pending changes (where both the *Updated* and *Updating* columns ar
 ----
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfigPool
- ...
+# ...
 spec:
- ...
+# ...
   paused: false <1>
+# ...
 ----
 <1> Update the `spec.paused` field to `false` to allow rebooting.
 +
diff --git a/modules/troubleshooting-disabling-autoreboot-mco.adoc b/modules/troubleshooting-disabling-autoreboot-mco.adoc
index 1440c620446b..031d52ec2b62 100644
--- a/modules/troubleshooting-disabling-autoreboot-mco.adoc
+++ b/modules/troubleshooting-disabling-autoreboot-mco.adoc
@@ -13,14 +13,3 @@ include::snippets/node-icsp-no-drain.adoc[]
 ====
 
 To avoid unwanted disruptions, you can modify the machine config pool (MCP) to prevent automatic rebooting after the Operator makes changes to the machine config.
-
-[NOTE]
-====
-Pausing an MCP prevents the MCO from applying any configuration changes on the associated nodes. Pausing an MCP also prevents any automatically rotated certificates from being pushed to the associated nodes, including the automatic rotation of the `kube-apiserver-to-kubelet-signer` CA certificate.
-
-If the MCP is paused when the `kube-apiserver-to-kubelet-signer` CA certificate expires, and the MCO attempts to renew the certificate automatically, the MCO cannot push the newly rotated certificates to those nodes. This causes the cluster to become degraded and causes failure in multiple `oc` commands, including `oc debug`, `oc logs`, `oc exec`, and `oc attach`. You receive alerts in the Alerting UI of the {product-title} web console if an MCP is paused when the certificates are rotated.
-
-Pausing an MCP should be done with careful consideration about the `kube-apiserver-to-kubelet-signer` CA certificate expiration and for short periods of time only.
-
-New CA certificates are generated at 292 days from the installation date and removed at 365 days from that date. To determine the next automatic CA certificate rotation, see the link:https://access.redhat.com/articles/5651701[Understand CA cert auto renewal in Red Hat OpenShift 4].
-====
diff --git a/modules/troubleshooting-dynamic-plugin.adoc b/modules/troubleshooting-dynamic-plugin.adoc
index 286ae65f0337..9b09b2fd8684 100644
--- a/modules/troubleshooting-dynamic-plugin.adoc
+++ b/modules/troubleshooting-dynamic-plugin.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/dynamic-plugin/dynamic-plugins-reference.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="troubleshooting-dynamic-plugin_{context}"]
 = Troubleshooting your dynamic plugin
 
diff --git a/modules/troubleshooting-enabling-kdump-day-one.adoc b/modules/troubleshooting-enabling-kdump-day-one.adoc
index 19175a257e72..cd632882cd50 100644
--- a/modules/troubleshooting-enabling-kdump-day-one.adoc
+++ b/modules/troubleshooting-enabling-kdump-day-one.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting-operating-system-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-kdump-day-one"]
 = Enabling kdump on day-1
 
@@ -25,10 +25,10 @@ Create a `MachineConfig` object for cluster-wide configuration:
 
 . Create a Butane config file, `99-worker-kdump.bu`, that configures and enables kdump:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 99-worker-kdump <1>
   labels:
@@ -52,7 +52,7 @@ storage:
       contents:
         inline: |
           KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet log_buf_len swiotlb"
-          KDUMP_COMMANDLINE_APPEND="irqpoll nr_cpus=1 reset_devices cgroup_disable=memory mce=off numa=off udev.children-max=2 panic=10 rootflags=nofail acpi_no_memhotplug transparent_hugepage=never nokaslr novmcoredd hest_disable"
+          KDUMP_COMMANDLINE_APPEND="irqpoll nr_cpus=1 reset_devices cgroup_disable=memory mce=off numa=off udev.children-max=2 panic=10 rootflags=nofail acpi_no_memhotplug transparent_hugepage=never nokaslr novmcoredd hest_disable" <5>
           KEXEC_ARGS="-s"
           KDUMP_IMG="vmlinuz"
 
@@ -63,9 +63,10 @@ systemd:
 ----
 +
 <1> Replace `worker` with `master` in both locations when creating a `MachineConfig` object for control plane nodes.
-<2> Provide kernel arguments to reserve memory for the crash kernel. You can add other kernel arguments if necessary.
+<2> Provide kernel arguments to reserve memory for the crash kernel. You can add other kernel arguments if necessary. For the `ppc64le` platform, the recommended value for `crashkernel` is `crashkernel=2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G`.
 <3> If you want to change the contents of `/etc/kdump.conf` from the default, include this section and modify the `inline` subsection accordingly.
 <4> If you want to change the contents of `/etc/sysconfig/kdump` from the default, include this section and modify the `inline` subsection accordingly.
+<5> For the `ppc64le` platform, replace `nr_cpus=1` with `maxcpus=1`, which is not supported on this platform.
 
 . Use Butane to generate a machine config YAML file, `99-worker-kdump.yaml`, containing the configuration to be delivered to the nodes:
 +
diff --git a/modules/troubleshooting-enabling-kdump.adoc b/modules/troubleshooting-enabling-kdump.adoc
index 72763ac920db..3cec8526bdc0 100644
--- a/modules/troubleshooting-enabling-kdump.adoc
+++ b/modules/troubleshooting-enabling-kdump.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-operating-system-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="enabling-kdump"]
 = Enabling kdump
 
@@ -18,6 +18,11 @@ Perform the following steps to enable kdump on {op-system}.
 ----
 # rpm-ostree kargs --append='crashkernel=256M'
 ----
++
+[NOTE]
+====
+For the `ppc64le` platform, the recommended value for `crashkernel` is `crashkernel=2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G`.
+====
 
 . Optional: To write the crash dump over the network or to some other location, rather than to the default local `/var/crash` location, edit the `/etc/kdump.conf` configuration file.
 +
@@ -28,7 +33,7 @@ If your node uses LUKS-encrypted devices, you must use network dumps as kdump do
 +
 For details on configuring the `kdump` service, see the comments in `/etc/sysconfig/kdump`, `/etc/kdump.conf`, and the `kdump.conf` manual page.
 ifdef::openshift-enterprise[]
-Also refer to the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/configuring-kdump-on-the-command-line_managing-monitoring-and-updating-the-kernel[RHEL kdump documentation] for further information on configuring the dump target.
+Also refer to the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/configuring-kdump-on-the-command-line_managing-monitoring-and-updating-the-kernel#configuring-the-kdump-target_configuring-kdump-on-the-command-line[RHEL kdump documentation] for further information on configuring the dump target.
 endif::[]
 
 . Enable the `kdump` systemd service.
diff --git a/modules/troubleshooting-network-observability-after-installation.adoc b/modules/troubleshooting-network-observability-after-installation.adoc
index 2ec31c91e045..ded61900ecc3 100644
--- a/modules/troubleshooting-network-observability-after-installation.adoc
+++ b/modules/troubleshooting-network-observability-after-installation.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network_observability/troubleshooting-network-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configure-network-traffic-console_{context}"]
 = Configuring network traffic menu entry in the {product-title} console
 
diff --git a/modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc b/modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc
index 7b0d2924721c..0cdc4bf57cf4 100644
--- a/modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc
+++ b/modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc
@@ -2,30 +2,46 @@
 //
 // * networking/network_observability/troubleshooting-network-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="controller-manager-pod-runs-out-of-memory_{context}"]
 = Network Observability controller manager pod runs out of memory
 
-You can increase memory limits for the Network Observability operator by patching the Cluster Service Version (CSV), where Network Observability controller manager pod runs out of memory.
+You can increase memory limits for the Network Observability operator by editing the `spec.config.resources.limits.memory` specification in the `Subscription` object.
 
 .Procedure
 
-. Run the following command to patch the CSV:
+. In the web console, navigate to *Operators* -> *Installed Operators*
+. Click *Network Observability* and then select *Subscription*.
+. From the *Actions* menu, click *Edit Subscription*.
+.. Alternatively, you can use the CLI to open the YAML configuration for the `Subscription` object by running the following command:
 +
 [source,terminal]
 ----
-$ oc -n netobserv patch csv network-observability-operator.v1.0.0 --type='json' -p='[{"op": "replace", "path":"/spec/install/spec/deployments/0/spec/template/spec/containers/0/resources/limits/memory", value: "1Gi"}]'
+$ oc edit subscription netobserv-operator -n openshift-netobserv-operator
 ----
+. Edit the `Subscription` object to add the `config.resources.limits.memory` specification and set the value to account for your memory requirements. See the Additional resources for more information about resource considerations:
 +
-.Example output
+[source,yaml]
 ----
-clusterserviceversion.operators.coreos.com/network-observability-operator.v1.0.0 patched
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: netobserv-operator
+  namespace: openshift-netobserv-operator
+spec:
+  channel: stable
+  config:
+    resources:
+      limits:
+        memory: 800Mi     <1>
+      requests:
+        cpu: 100m
+        memory: 100Mi
+  installPlanApproval: Automatic
+  name: netobserv-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: <network_observability_operator_latest_version> <2>
 ----
-
-. Run the following command to view the updated CSV:
-+
-[source,terminal]
-----
-$ oc -n netobserv get csv network-observability-operator.v1.0.0 -o jsonpath='{.spec.install.spec.deployments[0].spec.template.spec.containers[0].resources.limits.memory}'
-1Gi
-----
\ No newline at end of file
+<1> For example, you can increase the memory limit to `800Mi`.
+<2> This value should not be edited, but note that it changes depending on the most current release of the Operator. 
\ No newline at end of file
diff --git a/modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc b/modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc
index 0a8181ab00dd..17cd5f67700d 100644
--- a/modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc
+++ b/modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network_observability/troubleshooting-network-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configure-network-traffic-flowlogs-pipeline-kafka_{context}"]
 = Flowlogs-Pipeline does not consume network flows after installing Kafka
 
diff --git a/modules/troubleshooting-network-observability-loki-resource-exhausted.adoc b/modules/troubleshooting-network-observability-loki-resource-exhausted.adoc
new file mode 100644
index 000000000000..a393ac1db238
--- /dev/null
+++ b/modules/troubleshooting-network-observability-loki-resource-exhausted.adoc
@@ -0,0 +1,16 @@
+// Module included in the following assemblies:
+
+// * networking/network_observability/troubleshooting-network-observability.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-troubleshooting-loki-resource-exhausted_{context}"]
+= Troubleshooting Loki ResourceExhausted error
+Loki may return a `ResourceExhausted` error when network flow data sent by Network Observability exceeds the configured maximum message size. If you are using the Red{nbsp}Hat {loki-op}, this maximum message size is configured to 100 MiB.
+
+.Procedure
+. Navigate to *Operators* -> *Installed Operators*, viewing *All projects* from the *Project* drop-down menu.
+. In the *Provided APIs* list, select the Network Observability Operator.
+. Click the *Flow Collector* then the *YAML view* tab.
+.. If you are using the {loki-op}, check that the `spec.loki.batchSize` value does not exceed 98 MiB.
+.. If you are using a Loki installation method that is different from the Red{nbsp}Hat {loki-op}, such as Grafana Loki, verify that the `grpc_server_max_recv_msg_size` link:https://grafana.com/docs/loki/latest/configure/#server[Grafana Loki server setting] is higher than the `FlowCollector` resource `spec.loki.batchSize` value. If it is not, you must either increase the `grpc_server_max_recv_msg_size` value, or decrease the `spec.loki.batchSize` value so that it is lower than the limit.
+. Click *Save* if you edited the *FlowCollector*.
diff --git a/modules/troubleshooting-network-observability-loki-tenant-rate-limit.adoc b/modules/troubleshooting-network-observability-loki-tenant-rate-limit.adoc
new file mode 100644
index 000000000000..8b759af4475d
--- /dev/null
+++ b/modules/troubleshooting-network-observability-loki-tenant-rate-limit.adoc
@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+
+// * networking/network_observability/troubleshooting-network-observability.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-troubleshooting-loki-tenant-rate-limit_{context}"]
+= LokiStack rate limit errors
+A rate-limit placed on the Loki tenant can result in potential temporary loss of data and a 429 error: `Per stream rate limit exceeded (limit:xMB/sec) while attempting to ingest for stream`. You might consider having an alert set to notify you of this error. For more information, see "Creating Loki rate limit alerts for the NetObserv dashboard" in the Additional resources of this section.
+
+You can update the LokiStack CRD with the `perStreamRateLimit` and `perStreamRateLimitBurst` specifications, as shown in the following procedure.
+
+.Procedure
+. Navigate to *Operators* -> *Installed Operators*, viewing *All projects* from the *Project* dropdown.
+. Look for *{loki-op}*, and select the *LokiStack* tab.
+. Create or edit an existing *LokiStack* instance using the *YAML view* to add the `perStreamRateLimit` and `perStreamRateLimitBurst` specifications:
++
+[source, yaml]
+----
+apiVersion: loki.grafana.com/v1
+kind: LokiStack
+metadata:
+  name: loki
+  namespace: netobserv
+spec:
+  limits:
+    global:
+      ingestion:
+        perStreamRateLimit: 6        <1>
+        perStreamRateLimitBurst: 30  <2>
+  tenants:
+    mode: openshift-network
+  managementState: Managed
+----
+<1> The default value for `perStreamRateLimit` is `3`.
+<2> The default value for `perStreamRateLimitBurst` is `15`.
+
+. Click *Save*.
+
+.Verification
+Once you update the `perStreamRateLimit` and `perStreamRateLimitBurst` specifications, the pods in your cluster restart and the 429 rate-limit error no longer occurs.
diff --git a/modules/troubleshooting-network-observability-must-gather.adoc b/modules/troubleshooting-network-observability-must-gather.adoc
index 8580c7324819..1947e41de36e 100644
--- a/modules/troubleshooting-network-observability-must-gather.adoc
+++ b/modules/troubleshooting-network-observability-must-gather.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network_observability/troubleshooting-network-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="network-observability-must-gather_{context}"]
 = Using the must-gather tool
 You can use the must-gather tool to collect information about the Network Observability Operator resources and cluster-wide resources, such as pod logs, `FlowCollector`, and `webhook` configurations.
diff --git a/modules/troubleshooting-network-observability-network-flow.adoc b/modules/troubleshooting-network-observability-network-flow.adoc
index 7b34db7593f9..2809ef6c8fbc 100644
--- a/modules/troubleshooting-network-observability-network-flow.adoc
+++ b/modules/troubleshooting-network-observability-network-flow.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network_observability/troubleshooting-network-observability.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="configure-network-traffic-interfaces_{context}"]
 = Failing to see network flows from both `br-int` and `br-ex` interfaces
 
diff --git a/modules/understanding-admin-roles.adoc b/modules/understanding-admin-roles.adoc
index 055087bcb9a5..20ebacb73585 100644
--- a/modules/understanding-admin-roles.adoc
+++ b/modules/understanding-admin-roles.adoc
@@ -2,7 +2,7 @@
 //
 // * osd_cluster_admin/osd-admin-roles.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-admin-roles_{context}"]
 = Understanding administration roles
 
diff --git a/modules/understanding-agent-install.adoc b/modules/understanding-agent-install.adoc
index 604d0c1e9347..4bd0c3988ceb 100644
--- a/modules/understanding-agent-install.adoc
+++ b/modules/understanding-agent-install.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing_with_agent_bases_installer/preparing-to-install-with-agent-based-installer.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-agent-install_{context}"]
 = Understanding Agent-based Installer
 As an {product-title} user, you can leverage the advantages of the Assisted Installer hosted service in disconnected environments.
@@ -64,7 +64,7 @@ The following platforms are supported:
 * `vsphere`
 * `none`
 +
-[NOTE]
+[IMPORTANT]
 ====
-The `none` option is supported for only single-node OpenShift clusters with an `OVNKubernetes` network type.
+The `none` option requires the provision of DNS name resolution and load balancing infrastructure in your cluster. See the _Requirements for a cluster using the platform "none" option_ section for more information.
 ====
\ No newline at end of file
diff --git a/modules/understanding-clusters.adoc b/modules/understanding-clusters.adoc
index 73bb658c3b40..18208055f04f 100644
--- a/modules/understanding-clusters.adoc
+++ b/modules/understanding-clusters.adoc
@@ -2,15 +2,15 @@
 //
 // * osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="overview-of-osd-cloud-deployment-options_{context}"]
 = Overview of the {product-title} cloud deployment options
 
 {product-title} offers {OCP} clusters as a managed service on {AWS} or {GCP}.
 
-Through the Customer Cloud Subscription (CCS) model, you can deploy clusters in an existing AWS or GCP cloud account that you own. 
+Through the Customer Cloud Subscription (CCS) model, you can deploy clusters in an existing AWS or GCP cloud account that you own.
 
-Alternatively, you can install {product-title} in a cloud account that is owned by Red Hat. 
+Alternatively, you can install {product-title} in a cloud account that is owned by Red Hat.
 
 [id="osd-deployment-option-ccs_{context}"]
 == Deploying clusters using the Customer Cloud Subscription (CCS) model
diff --git a/modules/understanding-idp.adoc b/modules/understanding-idp.adoc
index d49b72d929a2..5951fda861dd 100644
--- a/modules/understanding-idp.adoc
+++ b/modules/understanding-idp.adoc
@@ -4,7 +4,7 @@
 // * rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
 // * rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-idp_{context}"]
 = Understanding identity providers
 
@@ -12,6 +12,7 @@
 
 [id="understanding-idp-supported_{context}"]
 == Supported identity providers
+// This section is sourced from authentication/understanding-identity-provider.adoc
 
 You can configure the following types of identity providers:
 
@@ -45,44 +46,3 @@ The htpasswd identity provider option is included only to enable the creation of
 ====
 
 |===
-
-[id="understanding-idp-parameters_{context}"]
-== Identity provider parameters
-
-The following parameters are common to all identity providers:
-
-[cols="2a,8a",options="header"]
-|===
-|Parameter     | Description
-|`name`      | The provider name is prefixed to provider user names to form an
-identity name.
-
-|`mappingMethod`  | Defines how new identities are mapped to users when they log in.
-Enter one of the following values:
-
-claim:: The default value. Provisions a user with the identity's preferred
-user name. Fails if a user with that user name is already mapped to another
-identity.
-lookup:: Looks up an existing identity, user identity mapping, and user,
-but does not automatically provision users or identities. This allows cluster
-administrators to set up identities and users manually, or using an external
-process. Using this method requires you to manually provision users.
-generate:: Provisions a user with the identity's preferred user name. If a
-user with the preferred user name is already mapped to an existing identity, a
-unique user name is generated. For example, `myuser2`. This method should not be
-used in combination with external processes that require exact matches between
-{product-title} user names and identity provider user names, such as LDAP group
-sync.
-add:: Provisions a user with the identity's preferred user name. If a user
-with that user name already exists, the identity is mapped to the existing user,
-adding to any existing identity mappings for the user. Required when multiple
-identity providers are configured that identify the same set of users and map to
-the same user names.
-|===
-
-[NOTE]
-====
-When adding or changing identity providers, you can map identities from the new
-provider to existing users by setting the `mappingMethod` parameter to
-`add`.
-====
diff --git a/modules/understanding-insights-operator-alerts.adoc b/modules/understanding-insights-operator-alerts.adoc
index 408431dcf120..94a2362ba9b3 100644
--- a/modules/understanding-insights-operator-alerts.adoc
+++ b/modules/understanding-insights-operator-alerts.adoc
@@ -3,11 +3,14 @@
 // * support/remote_health_monitoring/using-insights-operator.adoc
 
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-insights-operator-alerts_{context}"]
 = Understanding Insights Operator alerts
 
-Insights Operator declares alerts through the Prometheus monitoring system to Alertmanager. You can view these alerts in the Alerting UI accessible through the *Administrator* perspective and the *Developer* perspective in the {product-title} web console. 
+The Insights Operator declares alerts through the Prometheus monitoring system to the Alertmanager. You can view these alerts in the Alerting UI in the {product-title} web console by using one of the following methods:
+
+* In the *Administrator* perspective, click *Observe* -> *Alerting*.
+* In the *Developer* perspective, click *Observe* -> <project_name> -> *Alerts* tab.
 
 Currently, Insights Operator sends the following alerts when the conditions are met:
 
diff --git a/modules/understanding-machine-config-operator.adoc b/modules/understanding-machine-config-operator.adoc
index 721ec140ff6a..1eade1d53c41 100644
--- a/modules/understanding-machine-config-operator.adoc
+++ b/modules/understanding-machine-config-operator.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * architecture/control-plane.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="about-machine-config-operator_{context}"]
 = About the Machine Config Operator
 
diff --git a/modules/understanding-network-verification.adoc b/modules/understanding-network-verification.adoc
index 357a8941d0da..4273faa02940 100644
--- a/modules/understanding-network-verification.adoc
+++ b/modules/understanding-network-verification.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/network-verification.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 ifdef::openshift-dedicated[]
 [id="osd-understanding-network-verification_{context}"]
 = Understanding network verification for {product-title} clusters
@@ -12,12 +12,12 @@ ifdef::openshift-rosa[]
 = Understanding network verification for ROSA clusters
 endif::openshift-rosa[]
 
-When you deploy 
+When you deploy
 ifdef::openshift-dedicated[]
-an {product-title} 
+an {product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-a {product-title} (ROSA) 
+a {product-title} (ROSA)
 endif::openshift-rosa[]
 cluster into an existing Virtual Private Cloud (VPC) or create an additional machine pool with a subnet that is new to your cluster, network verification runs automatically. This helps you identify and resolve configuration issues prior to deployment.
 
diff --git a/modules/understanding-oc-log-levels.adoc b/modules/understanding-oc-log-levels.adoc
index 7eb9e76d760d..94f64febc6e4 100644
--- a/modules/understanding-oc-log-levels.adoc
+++ b/modules/understanding-oc-log-levels.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/diagnosing-oc-issues.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-oc-log-levels_{context}"]
 = Understanding OpenShift CLI (`oc`) log levels
 
diff --git a/modules/understanding-openshift.adoc b/modules/understanding-openshift.adoc
index 484d4b7b6be0..e940f0b04abc 100644
--- a/modules/understanding-openshift.adoc
+++ b/modules/understanding-openshift.adoc
@@ -2,7 +2,7 @@
 //
 // * getting-started/openshift-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-openshift_{context}"]
 = Understanding {product-title}
 
diff --git a/modules/understanding-pod-error-states.adoc b/modules/understanding-pod-error-states.adoc
index 0cfb6480429e..8087db2439c7 100644
--- a/modules/understanding-pod-error-states.adoc
+++ b/modules/understanding-pod-error-states.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/investigating-pod-issues.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-pod-error-states_{context}"]
 = Understanding pod error states
 
diff --git a/modules/understanding-pod-identity-webhook-workflow-in-user-defined-projects.adoc b/modules/understanding-pod-identity-webhook-workflow-in-user-defined-projects.adoc
index c93631974e61..dea8fab285fe 100644
--- a/modules/understanding-pod-identity-webhook-workflow-in-user-defined-projects.adoc
+++ b/modules/understanding-pod-identity-webhook-workflow-in-user-defined-projects.adoc
@@ -2,16 +2,16 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: CONCEPT
-[id="understanding-pod-identity-webhook-workflow-in-user-defined-projects_{context}"]
-= Understanding the pod identity webhook workflow in user-defined projects
+:_mod-docs-content-type: CONCEPT
+[id="how-service-accounts-assume-aws-iam-roles-in-user-defined-projects_{context}"]
+= How service accounts assume AWS IAM roles in user-defined projects
 
-When you install a {product-title} cluster 
+When you install a {product-title} cluster
 ifdef::openshift-rosa[]
-that uses the AWS Security Token Service (STS), 
+that uses the AWS Security Token Service (STS),
 endif::openshift-rosa[]
 ifndef::openshift-rosa[]
-, 
+,
 endif::openshift-rosa[]
 pod identity webhook resources are included by default.
 
@@ -38,7 +38,7 @@ The workflow has the following stages:
 
 ** An `$AWS_WEB_IDENTITY_TOKEN_FILE` environment variable that contains the full path in the pod to the OpenID Connect (OIDC) token for the service account. The full path is `/var/run/secrets/eks.amazonaws.com/serviceaccount/token`.
 
-** An `aws-iam-token` volume mounted on the mount point `/var/run/secrets/eks.amazonaws.com/serviceaccount`. An OIDC token file named `token` is contained in the volume. 
+** An `aws-iam-token` volume mounted on the mount point `/var/run/secrets/eks.amazonaws.com/serviceaccount`. An OIDC token file named `token` is contained in the volume.
 
 . The OIDC token is passed from the pod to the OIDC provider. The provider authenticates the service account identity if the following requirements are met:
 
diff --git a/modules/understanding-quick-starts.adoc b/modules/understanding-quick-starts.adoc
index 7a1b629f001f..3f1887d387c3 100644
--- a/modules/understanding-quick-starts.adoc
+++ b/modules/understanding-quick-starts.adoc
@@ -2,7 +2,7 @@
 //
 // * web_console/creating-quick-start-tutorials.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-quick-starts_{context}"]
 = Understanding quick starts
 
diff --git a/modules/understanding-telemetry-and-insights-operator-data-flow.adoc b/modules/understanding-telemetry-and-insights-operator-data-flow.adoc
index 2a3920ebd2ea..28c841d9681b 100644
--- a/modules/understanding-telemetry-and-insights-operator-data-flow.adoc
+++ b/modules/understanding-telemetry-and-insights-operator-data-flow.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * support/remote_health_monitoring/about-remote-health-monitoring.adoc
-// * sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="understanding-telemetry-and-insights-operator-data-flow_{context}"]
 = Understanding Telemetry and Insights Operator data flow
 
@@ -16,7 +15,7 @@ All of the communication with Red Hat occurs over encrypted channels by using Tr
 Access to the systems that handle customer data is controlled through multi-factor authentication and strict authorization controls. Access is granted on a need-to-know basis and is limited to required operations.
 
 .Telemetry and Insights Operator data flow
-image:telmetry-and-insights-operator-data-flow.svg[Telemetry and Insights Operator data flow]
+image:telmetry-and-insights-operator-data-flow.png[Telemetry and Insights Operator data flow]
 
 ifdef::openshift-dedicated[]
 // TODO: Not critical for now, but should this diagram be updated to say "OpenShift Dedicated" instead of "OpenShift Container Platform"?
diff --git a/modules/understanding-update-channels.adoc b/modules/understanding-update-channels.adoc
new file mode 100644
index 000000000000..0e0b1ddcc78d
--- /dev/null
+++ b/modules/understanding-update-channels.adoc
@@ -0,0 +1,134 @@
+// Module included in the following assemblies:
+//
+// * updating/understanding_updates/understanding-update-channels-release.adoc
+
+
+[id="understanding-update-channels_{context}"]
+
+= Update channels
+
+ifndef::openshift-origin[]
+[id="fast-version-channel_{context}"]
+== fast-{product-version} channel
+The `fast-{product-version}` channel is updated with new versions of {product-title} {product-version} as soon as Red Hat declares the version as a general availability (GA) release. As such, these releases are fully supported and purposed to be used in production environments.
+
+[id="stable-version-channel_{context}"]
+== stable-{product-version} channel
+While the `fast-{product-version}` channel contains releases as soon as their errata are published, releases are added to the `stable-{product-version}` channel after a delay. During this delay, data is collected from multiple sources and analyzed for indications of product regressions. Once a significant number of data points have been collected, these releases are added to the stable channel.
+
+[NOTE]
+====
+Since the time required to obtain a significant number of data points varies based on many factors, Service LeveL Objective (SLO) is not offered for the delay duration between fast and stable channels. For more information, please see "Choosing the correct channel for your cluster"
+====
+
+Newly installed clusters default to using stable channels.
+
+[id="eus-4y-channel_{context}"]
+== eus-4.y channel
+
+In addition to the stable channel, all even-numbered minor versions of {product-title} offer link:https://access.redhat.com/support/policy/updates/openshift#ocp4_phases[Extended Update Support] (EUS). Releases promoted to the stable channel are also simultaneously promoted to the EUS channels. The primary purpose of the EUS channels is to serve as a convenience for clusters performing an EUS-to-EUS update.
+
+[NOTE]
+====
+Both standard and non-EUS subscribers can access all EUS repositories and necessary RPMs (`rhel-*-eus-rpms`) to be able to support critical purposes such as debugging and building drivers.
+====
+
+[id="candidate-version-channel_{context}"]
+== candidate-{product-version} channel
+
+The `candidate-{product-version}` channel offers unsupported early access to releases as soon as they are built. Releases present only in candidate channels
+may not contain the full feature set of eventual GA releases or features may be removed prior to GA. Additionally, these releases have not been subject to full
+Red Hat Quality Assurance and may not offer update paths to later GA releases. Given these caveats, the candidate channel is only suitable for testing purposes
+where destroying and recreating a cluster is acceptable.
+endif::openshift-origin[]
+
+ifdef::openshift-origin[]
+[id="stable-4-channel_{context}"]
+== stable-4 channel
+Releases are added to the `stable-4` channel after passing all tests and stable-4 is the only supported channel.
+endif::openshift-origin[]
+
+
+ifndef::openshift-origin[]
+[id="upgrade-version-paths_{context}"]
+== Update recommendations in the channel
+
+{product-title} maintains an update recommendation service that knows your installed {product-title} version and the path to take within the channel to get you to the next release. Update paths are also limited to versions relevant to your currently selected channel and its promotion characteristics.
+
+You can imagine seeing the following releases in your channel:
+
+* {product-version}.0
+* {product-version}.1
+* {product-version}.3
+* {product-version}.4
+
+The service recommends only updates that have been tested and have no known serious regressions. For example, if your cluster is on {product-version}.1 and {product-title} suggests {product-version}.4, then it is recommended to update from {product-version}.1 to {product-version}.4.
+
+[IMPORTANT]
+====
+Do not rely on consecutive patch numbers. In this example, {product-version}.2 is not and never was available in the channel, therefore updates to {product-version}.2 are not recommended or supported.
+====
+
+[id="conditional-updates-overview_{context}"]
+== Update recommendations and Conditional Updates
+Red Hat monitors newly released versions and update paths associated with those versions before and after they are added to supported channels.
+
+If Red Hat removes update recommendations from any supported release, a superseding update recommendation will be provided to a future version that corrects the regression. There may however be a delay while the defect is corrected, tested, and promoted to your selected channel.
+
+Beginning in {product-title} 4.10, when update risks are confirmed, they are declared as Conditional Update risks for the relevant updates. Each known risk may apply to all clusters or only clusters matching certain conditions. Some examples include having the `Platform` set to `None` or the CNI provider set to `OpenShiftSDN`. The Cluster Version Operator (CVO) continually evaluates known risks against the current cluster state. If no risks match, the update is recommended. If the risk matches, those updates are supported but not recommended, and a reference link is provided. The reference link helps the cluster admin decide if they would like to accept the risk and update anyway.
+
+When Red Hat chooses to declare Conditional Update risks, that action is taken in all relevant channels simultaneously. Declaration of a Conditional Update risk may happen either before or after the update has been promoted to supported channels.
+
+ifndef::openshift-origin[]
+
+[id="fast-stable-channel-strategies_{context}"]
+== Choosing the correct channel for your cluster
+
+Choosing the appropriate channel involves two decisions.
+
+First, select the minor version you want for your cluster update. Selecting a channel which matches your current version ensures that you only apply z-stream updates and do not receive feature updates. Selecting an available channel which has a version greater than your current version will ensure that after one or more updates your cluster will have updated to that version. Your cluster will only be offered channels which match its current version, the next version, or the next EUS version.
+
+[NOTE]
+====
+Due to the complexity involved in planning updates between versions many minors apart, channels that assist in planning updates beyond a single EUS-to-EUS update are not offered.
+====
+
+Second, you should choose your desired rollout strategy. You may choose to update as soon as Red Hat declares a release GA by selecting from fast channels or you may want to wait for Red Hat to promote releases to the stable channel. Update recommendations offered in the `fast-{product-version}` and `stable-{product-version}` are both fully supported and benefit equally from ongoing data analysis. The promotion delay before promoting a release to the stable channel represents the only difference between the two channels. Updates to the latest z-streams are generally promoted to the stable channel within a week or two, however the delay when initially rolling out updates to the latest minor is much longer, generally 45-90 days. Please consider the promotion delay when choosing your desired channel, as waiting for promotion to the stable channel may affect your scheduling plans.
+
+Additionally, there are several factors which may lead an organization to move clusters to the fast channel either permanently or temporarily including:
+
+* The desire to apply a specific fix known to affect your environment without delay.
+* Application of CVE fixes without delay. CVE fixes may introduce regressions, so promotion delays still apply to z-streams with CVE fixes.
+* Internal testing processes. If it takes your organization several weeks to qualify releases it is best test concurrently with our promotion process rather than waiting. This also assures that any telemetry signal provided to Red Hat is a factored into our rollout, so issues relevant to you can be fixed faster.
+
+endif::openshift-origin[]
+
+[id="restricted-network-clusters_{context}"]
+== Restricted network clusters
+
+If you manage the container images for your {product-title} clusters yourself, you must consult the Red Hat errata that is associated with product releases and note any comments that impact updates. During an update, the user interface might warn you about switching between these versions, so you must ensure that you selected an appropriate version before you bypass those warnings.
+
+ifndef::openshift-origin[]
+
+[id="switching-between-channels_{context}"]
+== Switching between channels
+
+A channel can be switched from the web console or through the `adm upgrade channel` command:
+
+[source,terminal]
+----
+$ oc adm upgrade channel <channel>
+----
+
+The web console will display an alert if you switch to a channel that does not include the current release. The web console does not recommend any updates while on a channel without the current release. You can return to the original channel at any point, however.
+
+Changing your channel might impact the supportability of your cluster. The following conditions might apply:
+
+* Your cluster is still supported if you change from the `stable-{product-version}` channel to the `fast-{product-version}` channel.
+
+* You can switch to the `candidate-{product-version}` channel at any time, but some releases for this channel might be unsupported.
+
+* You can switch from the `candidate-{product-version}` channel to the `fast-{product-version}` channel if your current release is a general availability release.
+
+* You can always switch from the `fast-{product-version}` channel to the `stable-{product-version}` channel. There is a possible delay of up to a day for the release to be promoted to `stable-{product-version}` if the current release was recently promoted.
+endif::openshift-origin[]
diff --git a/modules/understanding-upgrade-channels.adoc b/modules/understanding-upgrade-channels.adoc
deleted file mode 100644
index 5e765b2cd9ab..000000000000
--- a/modules/understanding-upgrade-channels.adoc
+++ /dev/null
@@ -1,133 +0,0 @@
-// Module included in the following assemblies:
-//
-// * updating/understanding-upgrade-channels-release.adoc
-
-
-[id="understanding-upgrade-channels_{context}"]
-
-= Update channels
-
-ifndef::openshift-origin[]
-[id="fast-version-channel_{context}"]
-== fast-{product-version} channel
-The `fast-{product-version}` channel is updated with new versions of {product-title} {product-version} as soon as Red Hat declares the version as a general availability (GA) release. As such, these releases are fully supported and purposed to be used in production environments.
-
-[id="stable-version-channel_{context}"]
-== stable-{product-version} channel
-While the `fast-{product-version}` channel contains releases as soon as their errata are published, releases are added to the `stable-{product-version}` channel after a delay. During this delay, data is collected from multiple sources and analyzed for indications of product regressions. Once a significant number of data points have been collected, and absent negative signals, these releases are added to the stable channel.
-
-[NOTE]
-Since the time required to obtain a significant number of data points varies based on many factors, Service LeveL Objective (SLO) is not offered for the delay duration between fast and stable channels. For more information, please see "Choosing the correct channel for your cluster"
-
-
-Newly installed clusters default to using stable channels.
-
-[id="eus-4y-channel_{context}"]
-== eus-4.y channel
-
-In addition to the stable channel, all even-numbered minor versions of {product-title} offer link:https://access.redhat.com/support/policy/updates/openshift#ocp4_phases[Extended Update Support] (EUS). Releases promoted to the stable channel are also simultaneously promoted to the EUS channels. The primary purpose of the EUS channels is to serve as a convenience for clusters performing an EUS-to-EUS update.
-
-[NOTE]
-====
-Both standard and non-EUS subscribers can access all EUS repositories and necessary RPMs (`rhel-*-eus-rpms`) to be able to support critical purposes such as debugging and building drivers.
-====
-
-[id="candidate-version-channel_{context}"]
-== candidate-{product-version} channel
-
-The `candidate-{product-version}` channel offers unsupported early access to releases as soon as they are built. Releases present only in candidate channels
-may not contain the full feature set of eventual GA releases or features may be removed prior to GA. Additionally, these releases have not been subject to full
-Red Hat Quality Assurance and may not offer update paths to later GA releases. Given these caveats, the candidate channel is only suitable for testing purposes
-where destroying and recreating a cluster is acceptable.
-endif::openshift-origin[]
-
-ifdef::openshift-origin[]
-[id="stable-4-channel_{context}"]
-== stable-4 channel
-Releases are added to the `stable-4` channel after passing all tests and stable-4 is the only supported channel.
-endif::openshift-origin[]
-
-
-ifndef::openshift-origin[]
-[id="upgrade-version-paths_{context}"]
-== Update recommendations in the channel
-
-{product-title} maintains an update recommendation service that knows your installed {product-title} version and the path to take within the channel to get you to the next release. Update paths are also limited to versions relevant to your currently selected channel and its promotion characteristics.
-
-You can imagine seeing the following releases in your channel:
-
-* {product-version}.0
-* {product-version}.1
-* {product-version}.3
-* {product-version}.4
-
-The service recommends only updates that have been tested and have no known serious regressions. For example, if your cluster is on {product-version}.1 and {product-title} suggests {product-version}.4, then it is recommended to update from {product-version}.1 to {product-version}.4.
-
-[IMPORTANT]
-====
-Do not rely on consecutive patch numbers. In this example, {product-version}.2 is not and never was available in the channel, therefore updates to {product-version}.2 are not recommended or supported.
-====
-
-[id="conditional-updates-overview_{context}"]
-== Update recommendations and Conditional Updates
-Red Hat monitors newly released versions and update paths associated with those versions before and after they are added to supported channels.
-
-If Red Hat removes update recommendations from any supported release, a superseding update recommendation will be provided to a future version that corrects the regression. There may however be a delay while the defect is corrected, tested, and promoted to your selected channel.
-
-Beginning in {product-title} 4.10, when update risks are confirmed, they are declared as Conditional Update risks for the relevant updates. Each known risk may apply to all clusters or only clusters matching certain conditions. Some examples include having the `Platform` set to `None` or the CNI provider set to `OpenShiftSDN`. The Cluster Version Operator (CVO) continually evaluates known risks against the current cluster state. If no risks match, the update is recommended. If the risk matches, those updates are supported but not recommended, and a reference link is provided. The reference link helps the cluster admin decide if they would like to accept the risk and update anyway.
-
-When Red Hat chooses to declare Conditional Update risks, that action is taken in all relevant channels simultaneously. Declaration of a Conditional Update risk may happen either before or after the update has been promoted to supported channels.
-
-ifndef::openshift-origin[]
-
-[id="fast-stable-channel-strategies_{context}"]
-== Choosing the correct channel for your cluster
-
-Choosing the appropriate channel involves two decisions.
-
-First, select the minor version you want for your cluster update. Selecting a channel which matches your current version ensures that you only apply z-stream updates and do not receive feature updates. Selecting an available channel which has a version greater than your current version will ensure that after one or more updates your cluster will have updated to that version. Your cluster will only be offered channels which match its current version, the next version, or the next EUS version.
-
-[NOTE]
-====
-Due to the complexity involved in planning updates between versions many minors apart, channels that assist in planning updates beyond a single EUS-to-EUS update are not offered.
-====
-
-Second, you should choose your desired rollout strategy. You may choose to update as soon as Red Hat declares a release GA by selecting from fast channels or you may want to wait for Red Hat to promote releases to the stable channel. Update recommendations offered in the `fast-{product-version}` and `stable-{product-version}` are both fully supported and benefit equally from ongoing data analysis. The promotion delay before promoting a release to the stable channel represents the only difference between the two channels. Updates to the latest z-streams are generally promoted to the stable channel within a week or two, however the delay when initially rolling out updates to the latest minor is much longer, generally 45-90 days. Please consider the promotion delay when choosing your desired channel, as waiting for promotion to the stable channel may affect your scheduling plans.
-
-Additionally, there are several factors which may lead an organization to move clusters to the fast channel either permanently or temporarily including:
-
-* The desire to apply a specific fix known to affect your environment without delay.
-* Application of CVE fixes without delay. CVE fixes may introduce regressions, so promotion delays still apply to z-streams with CVE fixes.
-* Internal testing processes. If it takes your organization several weeks to qualify releases it is best test concurrently with our promotion process rather than waiting. This also assures that any telemetry signal provided to Red Hat is a factored into our rollout, so issues relevant to you can be fixed faster.
-
-endif::openshift-origin[]
-
-[id="restricted-network-clusters_{context}"]
-== Restricted network clusters
-
-If you manage the container images for your {product-title} clusters yourself, you must consult the Red Hat errata that is associated with product releases and note any comments that impact updates. During an update, the user interface might warn you about switching between these versions, so you must ensure that you selected an appropriate version before you bypass those warnings.
-
-ifndef::openshift-origin[]
-
-[id="switching-between-channels_{context}"]
-== Switching between channels
-
-A channel can be switched from the web console or through the `adm upgrade channel` command:
-
-[source,terminal]
-----
-$ oc adm upgrade channel <channel>
-----
-
-The web console will display an alert if you switch to a channel that does not include the current release. The web console does not recommend any updates while on a channel without the current release. You can return to the original channel at any point, however.
-
-Changing your channel might impact the supportability of your cluster. The following conditions might apply:
-
-* Your cluster is still supported if you change from the `stable-{product-version}` channel to the `fast-{product-version}` channel.
-
-* You can switch to the `candidate-{product-version}` channel at any time, but some releases for this channel might be unsupported.
-
-* You can switch from the `candidate-{product-version}` channel to the `fast-{product-version}` channel if your current release is a general availability release.
-
-* You can always switch from the `fast-{product-version}` channel to the `stable-{product-version}` channel. There is a possible delay of up to a day for the release to be promoted to `stable-{product-version}` if the current release was recently promoted.
-endif::openshift-origin[]
diff --git a/modules/uninstall-cluster-logging-operator.adoc b/modules/uninstall-cluster-logging-operator.adoc
new file mode 100644
index 000000000000..9b77c682ec83
--- /dev/null
+++ b/modules/uninstall-cluster-logging-operator.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-uninstall.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="uninstall-cluster-logging-operator_{context}"]
+= Uninstalling the {logging}
+
+You can stop aggregating logs by deleting the {clo} and the `ClusterLogging` custom resource (CR).
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have access to the *Administrator* perspective of the {product-title} web console.
+
+.Procedure
+
+. Go to the *Administration* -> *Custom Resource Definitions* page, and click *ClusterLogging*.
+
+. On the *Custom Resource Definition Details* page, click *Instances*.
+
+. Click the options menu {kebab} next to the instance, and click *Delete ClusterLogging*.
+
+. Go to the *Administration* -> *Custom Resource Definitions* page.
+
+. Click the options menu {kebab} next to *ClusterLogging*, and select *Delete Custom Resource Definition*.
++
+[WARNING]
+====
+Deleting the `ClusterLogging` CR does not remove the persistent volume claims (PVCs). To delete the remaining PVCs, persistent volumes (PVs), and associated data, you must take further action. Releasing or deleting PVCs can delete PVs and cause data loss.
+====
+
+. If you have created a `ClusterLogForwarder` CR, click the options menu {kebab} next to *ClusterLogForwarder*, and then click *Delete Custom Resource Definition*.
+
+. Go to the *Operators* -> *Installed Operators* page.
+
+. Click the options menu {kebab} next to the {clo}, and then click *Uninstall Operator*.
+
+. Optional: Delete the `openshift-logging` project.
++
+[WARNING]
+====
+Deleting the `openshift-logging` project deletes everything in that namespace, including any persistent volume claims (PVCs). If you want to preserve logging data, do not delete the `openshift-logging` project.
+====
+
+.. Go to the *Home* -> *Projects* page.
+.. Click the options menu {kebab} next to the *openshift-logging* project, and then click *Delete Project*.
+.. Confirm the deletion by typing `openshift-logging` in the dialog box, and then click *Delete*.
diff --git a/modules/uninstall-es-operator.adoc b/modules/uninstall-es-operator.adoc
new file mode 100644
index 000000000000..b120f4cecf99
--- /dev/null
+++ b/modules/uninstall-es-operator.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-uninstall.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="uninstall-es-operator_{context}"]
+= Uninstalling Elasticsearch
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have access to the *Administrator* perspective of the {product-title} web console.
+* If you have not already removed the {clo} and related resources, you must remove references to Elasticsearch from the `ClusterLogging` custom resource.
+
+.Procedure
+
+. Go to the *Administration* -> *Custom Resource Definitions* page, and click *Elasticsearch*.
+
+. On the *Custom Resource Definition Details* page, click *Instances*.
+
+. Click the options menu {kebab} next to the instance, and then click *Delete Elasticsearch*.
+
+. Go to the *Administration* -> *Custom Resource Definitions* page.
+
+. Click the options menu {kebab} next to *Elasticsearch*, and select *Delete Custom Resource Definition*.
+
+. Delete the object storage secret.
+
+. Go to the *Operators* -> *Installed Operators* page.
+
+. Click the options menu {kebab} next to the {es-op}, and then click *Uninstall Operator*.
+
+. Optional: Delete the `openshift-operators-redhat` project.
++
+[IMPORTANT]
+====
+Do not delete the `openshift-operators-redhat` project if other global Operators are installed in this namespace.
+====
+
+.. Go to the *Home* -> *Projects* page.
+.. Click the options menu {kebab} next to the *openshift-operators-redhat* project, and then click *Delete Project*.
+.. Confirm the deletion by typing `openshift-operators-redhat` in the dialog box, and then click *Delete*.
diff --git a/modules/uninstall-logging-delete-pvcs.adoc b/modules/uninstall-logging-delete-pvcs.adoc
new file mode 100644
index 000000000000..edd8bd17bd19
--- /dev/null
+++ b/modules/uninstall-logging-delete-pvcs.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-uninstall.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="uninstall-logging-delete-pvcs_{context}"]
+= Deleting logging PVCs
+
+To keep persistent volume claims (PVCs) for reuse with other pods, keep the labels or PVC names that you need to reclaim the PVCs.
+If you do not want to keep the PVCs, you can delete them. If you want to recover storage space, you can also delete the persistent volumes (PVs).
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have access to the *Administrator* perspective of the {product-title} web console.
+
+.Procedure
+
+. Go to the *Storage* -> *Persistent Volume Claims* page.
+. Click the options menu {kebab} next to each PVC, and select *Delete Persistent Volume Claim*.
diff --git a/modules/uninstall-loki-operator.adoc b/modules/uninstall-loki-operator.adoc
new file mode 100644
index 000000000000..b741b9822402
--- /dev/null
+++ b/modules/uninstall-loki-operator.adoc
@@ -0,0 +1,42 @@
+// Module included in the following assemblies:
+//
+// * logging/cluster-logging-uninstall.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="uninstall-loki-operator_{context}"]
+= Uninstalling Loki
+
+.Prerequisites
+
+* You have administrator permissions.
+* You have access to the *Administrator* perspective of the {product-title} web console.
+* If you have not already removed the {clo} and related resources, you have removed references to LokiStack from the `ClusterLogging` custom resource.
+
+.Procedure
+
+. Go to the *Administration* -> *Custom Resource Definitions* page, and click *LokiStack*.
+
+. On the *Custom Resource Definition Details* page, click *Instances*.
+
+. Click the options menu {kebab} next to the instance, and then click *Delete LokiStack*.
+
+. Go to the *Administration* -> *Custom Resource Definitions* page.
+
+. Click the options menu {kebab} next to *LokiStack*, and select *Delete Custom Resource Definition*.
+
+. Delete the object storage secret.
+
+. Go to the *Operators* -> *Installed Operators* page.
+
+. Click the options menu {kebab} next to the {loki-op}, and then click *Uninstall Operator*.
+
+. Optional: Delete the `openshift-operators-redhat` project.
++
+[IMPORTANT]
+====
+Do not delete the `openshift-operators-redhat` project if other global Operators are installed in this namespace.
+====
+
+.. Go to the *Home* -> *Projects* page.
+.. Click the options menu {kebab} next to the *openshift-operators-redhat* project, and then click *Delete Project*.
+.. Confirm the deletion by typing `openshift-operators-redhat` in the dialog box, and then click *Delete*.
diff --git a/modules/uninstalling-wmco.adoc b/modules/uninstalling-wmco.adoc
index 91ab58ecdd3d..3a0ca2c9c2dc 100644
--- a/modules/uninstalling-wmco.adoc
+++ b/modules/uninstalling-wmco.adoc
@@ -2,7 +2,7 @@
 //
 // * windows_containers/disabling-windows-container-workloads.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="uninstalling-wmco_{context}"]
 = Uninstalling the Windows Machine Config Operator
 
diff --git a/modules/unmanaged-operators.adoc b/modules/unmanaged-operators.adoc
index 19e45d20f221..391d244af038 100644
--- a/modules/unmanaged-operators.adoc
+++ b/modules/unmanaged-operators.adoc
@@ -2,6 +2,7 @@
 //
 // * architecture/architecture-installation.adoc
 // * updating/updating-cluster-within-minor.adoc
+// * logging/cluster-logging-support.adoc
 
 [id="unmanaged-operators_{context}"]
 = Support policy for unmanaged Operators
diff --git a/modules/update-availability-faq.adoc b/modules/update-availability-faq.adoc
index 2e6ec064a516..62c38970ef83 100644
--- a/modules/update-availability-faq.adoc
+++ b/modules/update-availability-faq.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding-openshift-updates.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-availability_{context}"]
 = Common questions about update availability
 
@@ -32,6 +32,8 @@ The primary purpose of the `eus` channel is to serve as a convenience for cluste
 
 * The only difference between releases on the `fast` and `stable` channels is that a release only appears on the `stable` channel after it has been on the `fast` channel for some time, which provides more time for new update risks to be discovered.
 
+* A release that is available on the `fast` channel always becomes available on the `stable` channel after this delay.
+
 [id="supported-updates_{context}"]
 *What does it mean if an update is supported but not recommended?*
 
@@ -59,7 +61,7 @@ There may be a delay while the defect is corrected, tested, and promoted to your
 +
 [IMPORTANT]
 ====
-These are only estimates based on past data about z-stream releases. Red Hat reserves the right to change the release frequency as needed. Any number of issues could cause irregularities and delays in this release cadence.
+These are only estimates based on past data about z-stream releases. Red{nbsp}Hat reserves the right to change the release frequency as needed. Any number of issues could cause irregularities and delays in this release cadence.
 ====
 
 * Once a z-stream release is published, it also appears in the `fast` channel for that minor version. After a delay, the z-stream release may then appear in that minor version's `stable` channel.
diff --git a/modules/update-best-practices.adoc b/modules/update-best-practices.adoc
new file mode 100644
index 000000000000..489a3634f41c
--- /dev/null
+++ b/modules/update-best-practices.adoc
@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="update-best-practices_{context}"]
+= Best practices for cluster updates
+
+{product-title} provides a robust update experience that minimizes workload disruptions during an update.
+Updates will not begin unless the cluster is in an upgradeable state at the time of the update request.
+
+This design enforces some key conditions before initiating an update, but there are a number of actions you can take to increase your chances of a successful cluster update.
+
+[id="recommended-versions_{context}"]
+== Choose versions recommended by the OpenShift Update Service
+
+The OpenShift Update Service (OSUS) provides update recommendations based on cluster characteristics such as the cluster's subscribed channel.
+The Cluster Version Operator saves these recommendations as either recommended or conditional updates.
+While it is possible to attempt an update to a version that is not recommended by OSUS, following a recommended update path protects users from encountering known issues or unintended consequences on the cluster.
+
+Choose only update targets that are recommended by OSUS to ensure a successful update.
+
+[id="critical-alerts_{context}"]
+== Address all critical alerts on the cluster
+
+Critical alerts must always be addressed as soon as possible, but it is especially important to address these alerts and resolve any problems before initiating a cluster update.
+Failing to address critical alerts before beginning an update can cause problematic conditions for the cluster.
+
+In the *Administrator* perspective of the web console, navigate to *Observe* -> *Alerting* to find critical alerts.
+
+[id="cluster-upgradeable_{context}"]
+== Ensure that the cluster is in an Upgradable state
+
+When one or more Operators have not reported their `Upgradeable` condition as `True` for more than an hour, the `ClusterNotUpgradeable` warning alert is triggered in the cluster.
+In most cases this alert does not block patch updates, but you cannot perform a minor version update until you resolve this alert and all Operators report `Upgradeable` as `True`.
+
+For more information about the `Upgradeable` condition, see "Understanding cluster Operator condition types" in the additional resources section.
+
+[id="nodes-ready_{context}"]
+== Ensure that enough spare nodes are available
+
+// Completely guessing the explanation in this section just to have something to start with when this is reviewed by an SME.
+A cluster should not be running with little to no spare node capacity, especially when initiating a cluster update.
+Nodes that are not running and available may limit a cluster's ability to perform an update with minimal disruption to cluster workloads.
+
+Depending on the configured value of the cluster's `maxUnavailable` spec, the cluster might not be able to apply machine configuration changes to nodes if there is an unavailable node.
+Additionally, if compute nodes do not have enough spare capacity, workloads might not be able to temporarily shift to another node while the first node is taken offline for an update.
+
+Make sure that you have enough available nodes in each worker pool, as well as enough spare capacity on your compute nodes, to increase the chance of successful node updates.
+
+[id="pod-disruption-budget_{context}"]
+== Ensure that the cluster's PodDisruptionBudget is properly configured
+
+You can use the `PodDisruptionBudget` object to define the minimum number or percentage of pod replicas that must be available at any given time.
+This configuration protects workloads from disruptions during maintenance tasks such as cluster updates.
+
+However, it is possible to configure the `PodDisruptionBudget` for a given topology in a way that prevents nodes from being drained and updated during a cluster update.
+
+When planning a cluster update, check the configuration of the `PodDisruptionBudget` object for the following factors:
+
+* For highly available workloads, make sure there are replicas that can be temporarily taken offline without being prohibited by the `PodDisruptionBudget`.
+
+* For workloads that aren't highly available, make sure they are either not protected by a `PodDisruptionBudget` or have some alternative mechanism for draining these workloads eventually, such as periodic restart or guaranteed eventual termination.
\ No newline at end of file
diff --git a/modules/update-changing-update-server-cli.adoc b/modules/update-changing-update-server-cli.adoc
index 4bc59221c553..347470df555a 100644
--- a/modules/update-changing-update-server-cli.adoc
+++ b/modules/update-changing-update-server-cli.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-cli.adoc
-// * updating/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-cli.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-changing-update-server-cli_{context}"]
 = Changing the update server by using the CLI
 
diff --git a/modules/update-changing-update-server-web.adoc b/modules/update-changing-update-server-web.adoc
index 0e04e99b7c15..c1d8838e932a 100644
--- a/modules/update-changing-update-server-web.adoc
+++ b/modules/update-changing-update-server-web.adoc
@@ -1,17 +1,22 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-within-minor.adoc
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-changing-update-server-web_{context}"]
 = Changing the update server by using the web console
 ifndef::openshift-origin[]
 Changing the update server is optional. If you have an OpenShift Update Service (OSUS) installed and configured locally, you must set the URL for the server as the `upstream` to use the local server during updates.
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-Changing the update server is optional. 
+Changing the update server is optional.
 endif::openshift-origin[]
 
+.Prerequisites
+* You have access to the cluster with `cluster-admin` privileges.
+
+* You have access to the {product-title} web console.
+
 .Procedure
 
 . Navigate to *Administration* -> *Cluster Settings*, click *version*.
diff --git a/modules/update-cluster-version-object.adoc b/modules/update-cluster-version-object.adoc
new file mode 100644
index 000000000000..05dc37f545fd
--- /dev/null
+++ b/modules/update-cluster-version-object.adoc
@@ -0,0 +1,127 @@
+// Module included in the following assemblies:
+//
+// * updating/understanding_updates/how-updates-work.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="update-cluster-version-object_{context}"]
+= The ClusterVersion object
+
+One of the resources that the Cluster Version Operator (CVO) monitors is the `ClusterVersion` resource.
+
+Administrators and OpenShift components can communicate or interact with the CVO through the `ClusterVersion` object.
+The desired CVO state is declared through the `ClusterVersion` object and the current CVO state is reflected in the object's status.
+
+[NOTE]
+====
+Do not directly modify the `ClusterVersion` object. Instead, use interfaces such as the `oc` CLI or the web console to declare your update target.
+====
+
+The CVO continually reconciles the cluster with the target state declared in the `spec` property of the `ClusterVersion` resource.
+When the desired release differs from the actual release, that reconciliation updates the cluster.
+
+//to-do: this might be heading overload, consider deleting this heading if the context switch from the previous paragraph to this content is smooth enough to not require one.
+[discrete]
+== Update availability data
+
+The `ClusterVersion` resource also contains information about updates that are available to the cluster.
+This includes updates that are available, but not recommended due to a known risk that applies to the cluster.
+These updates are known as conditional updates.
+To learn how the CVO maintains this information about available updates in the `ClusterVersion` resource, see the "Evaluation of update availability" section.
+
+* You can inspect all available updates with the following command:
++
+[source,terminal]
+----
+$ oc adm upgrade --include-not-recommended
+----
++
+[NOTE]
+====
+The additional `--include-not-recommended` parameter includes updates that are available but not recommended due to a known risk that applies to the cluster.
+====
++
+.Example output
+[source,terminal]
+----
+Cluster version is 4.10.22
+
+Upstream is unset, so the cluster will use an appropriate default.
+Channel: fast-4.11 (available channels: candidate-4.10, candidate-4.11, eus-4.10, fast-4.10, fast-4.11, stable-4.10)
+
+Recommended updates:
+
+  VERSION     IMAGE
+  4.10.26     quay.io/openshift-release-dev/ocp-release@sha256:e1fa1f513068082d97d78be643c369398b0e6820afab708d26acda2262940954
+  4.10.25     quay.io/openshift-release-dev/ocp-release@sha256:ed84fb3fbe026b3bbb4a2637ddd874452ac49c6ead1e15675f257e28664879cc
+  4.10.24     quay.io/openshift-release-dev/ocp-release@sha256:aab51636460b5a9757b736a29bc92ada6e6e6282e46b06e6fd483063d590d62a
+  4.10.23     quay.io/openshift-release-dev/ocp-release@sha256:e40e49d722cb36a95fa1c03002942b967ccbd7d68de10e003f0baa69abad457b
+
+Supported but not recommended updates:
+
+  Version: 4.11.0
+  Image: quay.io/openshift-release-dev/ocp-release@sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4
+  Recommended: False
+  Reason: RPMOSTreeTimeout
+  Message: Nodes with substantial numbers of containers and CPU contention may not reconcile machine configuration https://bugzilla.redhat.com/show_bug.cgi?id=2111817#c22
+----
++
+The `oc adm upgrade` command queries the `ClusterVersion` resource for information about available updates and presents it in a human-readable format.
+
+* One way to directly inspect the underlying availability data created by the CVO is by querying the `ClusterVersion` resource with the following command:
++
+[source,terminal]
+----
+$ oc get clusterversion version -o json | jq '.status.availableUpdates'
+----
++
+.Example output
+[source,terminal]
+----
+[
+  {
+    "channels": [
+      "candidate-4.11",
+      "candidate-4.12",
+      "fast-4.11",
+      "fast-4.12"
+    ],
+    "image": "quay.io/openshift-release-dev/ocp-release@sha256:400267c7f4e61c6bfa0a59571467e8bd85c9188e442cbd820cc8263809be3775",
+    "url": "https://access.redhat.com/errata/RHBA-2023:3213",
+    "version": "4.11.41"
+  },
+  ...
+]
+----
+
+* A similar command can be used to check conditional updates:
++
+[source,terminal]
+----
+$ oc get clusterversion version -o json | jq '.status.conditionalUpdates'
+----
++
+.Example output
+[source,terminal]
+----
+[
+  {
+    "conditions": [
+      {
+        "lastTransitionTime": "2023-05-30T16:28:59Z",
+        "message": "The 4.11.36 release only resolves an installation issue https://issues.redhat.com//browse/OCPBUGS-11663 , which does not affect already running clusters. 4.11.36 does not include fixes delivered in recent 4.11.z releases and therefore upgrading from these versions would cause fixed bugs to reappear. Red Hat does not recommend upgrading clusters to 4.11.36 version for this reason. https://access.redhat.com/solutions/7007136",
+        "reason": "PatchesOlderRelease",
+        "status": "False",
+        "type": "Recommended"
+      }
+    ],
+    "release": {
+      "channels": [...],
+      "image": "quay.io/openshift-release-dev/ocp-release@sha256:8c04176b771a62abd801fcda3e952633566c8b5ff177b93592e8e8d2d1f8471d",
+      "url": "https://access.redhat.com/errata/RHBA-2023:1733",
+      "version": "4.11.36"
+    },
+    "risks": [...]
+  },
+  ...
+]
+----
\ No newline at end of file
diff --git a/modules/update-common-terms.adoc b/modules/update-common-terms.adoc
index 859356f045f2..61723595d8ca 100644
--- a/modules/update-common-terms.adoc
+++ b/modules/update-common-terms.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding_updates/intro-to-updates.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="update-common-terms_{context}"]
 = Common terms
 
@@ -18,6 +18,10 @@ Channels:: _Channels_ declare an update strategy tied to minor versions of {prod
 
 Recommended update edge:: A _recommended update edge_ is a recommended update between {product-title} releases.  Whether a given update is recommended can depend on the cluster's configured channel, current version, known bugs, and other information. OSUS communicates the recommended edges to the CVO, which runs in every cluster.
 
-Extended Update Support:: All post-4.7 even-numbered minor releases are labeled as _Extended Update Support_ (EUS) releases. These releases introduce a verified update path between EUS releases, permitting customers to streamline updates of worker worker nodes and formulate update strategies of EUS-to-EUS {product-title} releases that will cause fewer reboots of worker nodes.
+ifndef::openshift-origin[]
+
+Extended Update Support:: All post-4.7 even-numbered minor releases are labeled as _Extended Update Support_ (EUS) releases. These releases introduce a verified update path between EUS releases, permitting customers to streamline updates of worker nodes and formulate update strategies of EUS-to-EUS {product-title} releases that result in fewer reboots of worker nodes.
 +
 For more information, see link:https://access.redhat.com/support/policy/updates/openshift-eus[Red Hat OpenShift Extended Update Support (EUS) Overview].
+
+endif::openshift-origin[]
diff --git a/modules/update-conditional-updates.adoc b/modules/update-conditional-updates.adoc
index 6a826bad0da6..8ab611a15b42 100644
--- a/modules/update-conditional-updates.adoc
+++ b/modules/update-conditional-updates.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-cli.adoc
-// * updating/understanding-upgrade-channels-releases.adoc
+// * updating/updating_a_cluster/updating-cluster-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-conditional-upgrade-path{context}"]
 = Updating along a conditional update path
 
diff --git a/modules/update-conditional-web-console.adoc b/modules/update-conditional-web-console.adoc
new file mode 100644
index 000000000000..af456be09487
--- /dev/null
+++ b/modules/update-conditional-web-console.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="update-conditional-web-console_{context}"]
+= Viewing conditional updates in the web console
+
+You can view and assess the risks associated with particular updates with conditional updates.
+
+.Prerequisites
+* You have access to the cluster with `cluster-admin` privileges.
+
+* You have access to the {product-title} web console.
+
+* Pause all `MachineHealthCheck` resources.
+
+* You have updated all Operators previously installed through Operator Lifecycle Manager (OLM) to a version that is compatible with your target release. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See "Updating installed Operators" in the "Additional resources" section for more information on how to check compatibility and, if necessary, update the installed Operators.
+
+* Your machine config pools (MCPs) are running and not paused. Nodes associated with a paused MCP are skipped during the update process. You can pause the MCPs if you are performing an advanced update strategy, such as a canary rollout, an EUS update, or a control-plane update.
+
+.Procedure
+
+. From the web console, click *Administration* -> *Cluster settings* page and review the contents of the *Details* tab.
+
+. You can enable `Include supported but not recommended versions` in the `Select new version` dropdown of the *Update cluster* modal to populate the dropdown list with conditional updates.
++
+[NOTE]
+====
+If a `Supported but not recommended` version is selected, more information is provided with potential issues with the version.
+====
+
+. Review the notification detailing the potential risks to updating.
\ No newline at end of file
diff --git a/modules/update-configuring-image-signature.adoc b/modules/update-configuring-image-signature.adoc
index 492c0069710d..ea1a6763211c 100644
--- a/modules/update-configuring-image-signature.adoc
+++ b/modules/update-configuring-image-signature.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/updating-restricted-network-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-configuring-image-signature"]
 = Creating an image signature config map manually
 
diff --git a/modules/update-cvo.adoc b/modules/update-cvo.adoc
new file mode 100644
index 000000000000..c2f323aaff24
--- /dev/null
+++ b/modules/update-cvo.adoc
@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// * updating/understanding_updates/how-updates-work.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="update-cvo_{context}"]
+= The Cluster Version Operator
+
+// adding a poorly written, technically inaccurate skeleton of a module for now, which can be replaced/refined by SMEs as they see fit
+
+The Cluster Version Operator (CVO) is the primary component that orchestrates and facilitates the {product-title} update process.
+During installation and standard cluster operation, the CVO is constantly comparing the manifests of managed cluster Operators to in-cluster resources, and reconciling discrepancies to ensure that the actual state of these resources match their desired state.
diff --git a/modules/update-duration-cvo.adoc b/modules/update-duration-cvo.adoc
index 0958b148b620..781f4838e184 100644
--- a/modules/update-duration-cvo.adoc
+++ b/modules/update-duration-cvo.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/understanding-openshift-update-duration.adoc
+// * updating/understanding_updates/understanding-openshift-update-duration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="cluster-version-operator_{context}"]
 = Cluster Version Operator target update payload deployment
 
diff --git a/modules/update-duration-estimate-cluster-update-time.adoc b/modules/update-duration-estimate-cluster-update-time.adoc
index 2a182c131755..905ef532ab95 100644
--- a/modules/update-duration-estimate-cluster-update-time.adoc
+++ b/modules/update-duration-estimate-cluster-update-time.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/understanding-openshift-update-duration.adoc
+// * updating/understanding_updates/understanding-openshift-update-duration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="estimating-cluster-update-time_{context}"]
 = Estimating cluster update time
 
diff --git a/modules/update-duration-example.adoc b/modules/update-duration-example.adoc
new file mode 100644
index 000000000000..3a8836a046ae
--- /dev/null
+++ b/modules/update-duration-example.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * updating/understanding_updates/understanding-openshift-update-duration.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="update-duration-example_{context}"]
+= Example update duration of cluster Operators
+
+image::update-duration.png[A diagram displaying the periods during which cluster Operators update themselves during an OCP update]
+
+The previous diagram shows an example of the time that cluster Operators might take to update to their new versions.
+The example is based on a three-node AWS OVN cluster, which has a healthy compute `MachineConfigPool` and no workloads that take long to drain, updating from 4.13 to 4.14.
+
+[NOTE]
+====
+* The specific update duration of a cluster and its Operators can vary based on several cluster characteristics, such as the target version, the amount of nodes, and the types of workloads scheduled to the nodes.
+
+* Some Operators, such as the Cluster Version Operator, update themselves in a short amount of time.
+These Operators have either been omitted from the diagram or are included in the broader group of Operators labeled "Other Operators in parallel".
+====
+
+Each cluster Operator has characteristics that affect the time it takes to update itself.
+For instance, the Kube API Server Operator in this example took more than eleven minutes to update because `kube-apiserver` provides graceful termination support, meaning that existing, in-flight requests are allowed to complete gracefully.
+This might result in a longer shutdown of the `kube-apiserver`.
+In the case of this Operator, update speed is sacrificed to help prevent and limit disruptions to cluster functionality during an update.
+
+Another characteristic that affects the update duration of an Operator is whether the Operator utilizes DaemonSets.
+The Network and DNS Operators utilize full-cluster DaemonSets, which can take time to roll out their version changes, and this is one of several reasons why these Operators might take longer to update themselves.
+
+The update duration for some Operators is heavily dependent on characteristics of the cluster itself. For instance, the Machine Config Operator update applies machine configuration changes to each node in the cluster. A cluster with many nodes has a longer update duration for the Machine Config Operator compared to a cluster with fewer nodes.
+
+[NOTE]
+====
+Each cluster Operator is assigned a stage during which it can be updated.
+Operators within the same stage can update simultaneously, and Operators in a given stage cannot begin updating until all previous stages have been completed.
+For more information, see "Understanding how manifests are applied during an update" in the "Additional resources" section.
+====
\ No newline at end of file
diff --git a/modules/update-duration-factors.adoc b/modules/update-duration-factors.adoc
index b14b2bf5e62b..1a80066506a0 100644
--- a/modules/update-duration-factors.adoc
+++ b/modules/update-duration-factors.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/understanding-openshift-update-duration.adoc
+// * updating/understanding_updates/understanding-openshift-update-duration.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="factors-affecting-update-duration_{context}"]
 = Factors affecting update duration
 
diff --git a/modules/update-duration-mco.adoc b/modules/update-duration-mco.adoc
index 45d8e1ab8fa0..accba1406323 100644
--- a/modules/update-duration-mco.adoc
+++ b/modules/update-duration-mco.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/understanding-openshift-update-duration.adoc
+// * updating/understanding_updates/understanding-openshift-update-duration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="machine-config-operator-node-updates_{context}"]
 = Machine Config Operator node updates
 The Machine Config Operator (MCO) applies a new machine configuration to each control plane and compute node. During this process, the MCO performs the following sequential actions on each node of the cluster:
diff --git a/modules/update-duration-rhel-nodes.adoc b/modules/update-duration-rhel-nodes.adoc
index 24f3c2dd7aac..c2a2a39e4629 100644
--- a/modules/update-duration-rhel-nodes.adoc
+++ b/modules/update-duration-rhel-nodes.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/understanding-openshift-update-duration.adoc
+// * updating/understanding_updates/understanding-openshift-update-duration.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="redhat-enterprise-linux-nodes_{context}"]
 = {op-system-base-full} compute nodes
 
diff --git a/modules/update-evaluate-availability.adoc b/modules/update-evaluate-availability.adoc
index 45df8e6f14e5..276ccff75b2c 100644
--- a/modules/update-evaluate-availability.adoc
+++ b/modules/update-evaluate-availability.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding_updates/how-updates-work.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-evaluate-availability_{context}"]
 = Evaluation of update availability
 
@@ -19,96 +19,3 @@ If the CVO finds that the cluster does not match the risks of an update, or that
 
 The user interface, either the web console or the OpenShift CLI (`oc`), presents this information in sectioned headings to the administrator.
 Each *supported but not recommended* update recommendation contains a link to further resources about the risk so that the administrator can make an informed decision about the update.
-
-You can inspect all available updates with the following command:
-
-[source,terminal]
-----
-$ oc adm upgrade --include-not-recommended
-----
-
-The additional `--include-not-recommended` parameter includes updates that are available but not recommended due to a known risk that applies to the cluster.
-
-.Example output
-[source,terminal]
-----
-Cluster version is 4.10.22
-
-Upstream is unset, so the cluster will use an appropriate default.
-Channel: fast-4.11 (available channels: candidate-4.10, candidate-4.11, eus-4.10, fast-4.10, fast-4.11, stable-4.10)
-
-Recommended updates:
-
-  VERSION     IMAGE
-  4.10.26     quay.io/openshift-release-dev/ocp-release@sha256:e1fa1f513068082d97d78be643c369398b0e6820afab708d26acda2262940954
-  4.10.25     quay.io/openshift-release-dev/ocp-release@sha256:ed84fb3fbe026b3bbb4a2637ddd874452ac49c6ead1e15675f257e28664879cc
-  4.10.24     quay.io/openshift-release-dev/ocp-release@sha256:aab51636460b5a9757b736a29bc92ada6e6e6282e46b06e6fd483063d590d62a
-  4.10.23     quay.io/openshift-release-dev/ocp-release@sha256:e40e49d722cb36a95fa1c03002942b967ccbd7d68de10e003f0baa69abad457b
-
-Supported but not recommended updates:
-
-  Version: 4.11.0
-  Image: quay.io/openshift-release-dev/ocp-release@sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4
-  Recommended: False
-  Reason: RPMOSTreeTimeout
-  Message: Nodes with substantial numbers of containers and CPU contention may not reconcile machine configuration https://bugzilla.redhat.com/show_bug.cgi?id=2111817#c22
-----
-
-One way to inspect the underlying availability data created by the CVO is by querying the `ClusterVersion` resource with the following command:
-
-[source,terminal]
-----
-$ oc get clusterversion version -o json | jq '.status.availableUpdates'
-----
-
-.Example output
-[source,terminal]
-----
-[
-  {
-    "channels": [
-      "candidate-4.11",
-      "candidate-4.12",
-      "fast-4.11",
-      "fast-4.12"
-    ],
-    "image": "quay.io/openshift-release-dev/ocp-release@sha256:400267c7f4e61c6bfa0a59571467e8bd85c9188e442cbd820cc8263809be3775",
-    "url": "https://access.redhat.com/errata/RHBA-2023:3213",
-    "version": "4.11.41"
-  },
-  ...
-]
-----
-
-A similar command can be used to check conditional updates:
-
-[source,terminal]
-----
-$ oc get clusterversion version -o json | jq '.status.conditionalUpdates'
-----
-
-.Example output
-[source,terminal]
-----
-[
-  {
-    "conditions": [
-      {
-        "lastTransitionTime": "2023-05-30T16:28:59Z",
-        "message": "The 4.11.36 release only resolves an installation issue https://issues.redhat.com//browse/OCPBUGS-11663 , which does not affect already running clusters. 4.11.36 does not include fixes delivered in recent 4.11.z releases and therefore upgrading from these versions would cause fixed bugs to reappear. Red Hat does not recommend upgrading clusters to 4.11.36 version for this reason. https://access.redhat.com/solutions/7007136",
-        "reason": "PatchesOlderRelease",
-        "status": "False",
-        "type": "Recommended"
-      }
-    ],
-    "release": {
-      "channels": [...],
-      "image": "quay.io/openshift-release-dev/ocp-release@sha256:8c04176b771a62abd801fcda3e952633566c8b5ff177b93592e8e8d2d1f8471d",
-      "url": "https://access.redhat.com/errata/RHBA-2023:1733",
-      "version": "4.11.36"
-    },
-    "risks": [...]
-  },
-  ...
-]
-----
diff --git a/modules/update-manifest-application.adoc b/modules/update-manifest-application.adoc
index e73b568e45df..a062f8c86051 100644
--- a/modules/update-manifest-application.adoc
+++ b/modules/update-manifest-application.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding_updates/how-updates-work.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-manifest-application_{context}"]
 = Understanding how manifests are applied during an update
 
@@ -13,14 +13,14 @@ The Cluster Version Operator (CVO) implements this logical order through the con
 
 These dependencies are encoded in the filenames of the manifests in the release image:
 
-[source, terminal]
+[source,terminal]
 ----
 0000_<runlevel>_<component>_<manifest-name>.yaml
 ----
 
 For example:
 
-[source, terminal]
+[source,terminal]
 ----
 0000_03_config-operator_01_proxy.crd.yaml
 ----
@@ -38,24 +38,27 @@ The CVO then applies manifests following the generated dependency graph.
 [NOTE]
 ====
 For some resource types, the CVO monitors the resource after its manifest is applied, and considers it to be successfully updated only after the resource reaches a stable state.
-Achieving this stable state can take some time.
-This is especially true for cluster Operators, which might perform their own update actions in the cluster after the CVO deploys their new versions.
-While the additional update actions take place, these cluster Operators temporarily set their `Progressing` condition to `True`.
+Achieving this state can take some time.
+This is especially true for `ClusterOperator` resources, while the CVO waits for a cluster Operator to update itself and then update its `ClusterOperator` status.
 ====
 
+// to do: potentially reword the note above to clarify that specific resources are being applied at one time, and not necessarily all the resources for that component.
+
 The CVO waits until all cluster Operators in the Runlevel meet the following conditions before it proceeds to the next Runlevel:
 
 * The cluster Operators have an `Available=True` condition.
 
 * The cluster Operators have a `Degraded=False` condition.
 
+// to do: potentially clarify that this condition is not applicable during installations, and also potentially add documentation (here or elsewhere) that explains how the CVO is constantly reconciling states whether or not an update is happening.
+
 * The cluster Operators declare they have achieved the desired version in their ClusterOperator resource.
 
 Some actions can take significant time to finish. The CVO waits for the actions to complete in order to ensure the subsequent Runlevels can proceed safely.
-The process of applying all manifests is expected to take 60 to 120 minutes in total; see *Understanding {product-title} update duration* for more information about factors that influence update duration.
+Initially reconciling the new release's manifests is expected to take 60 to 120 minutes in total; see *Understanding {product-title} update duration* for more information about factors that influence update duration.
 
 image::update-runlevels.png[A diagram displaying the sequence of Runlevels and the manifests of components within each level]
 
 In the previous example diagram, the CVO is waiting until all work is completed at Runlevel 20.
 The CVO has applied all manifests to the Operators in the Runlevel, but the `kube-apiserver-operator ClusterOperator` performs some actions after its new version was deployed. The `kube-apiserver-operator ClusterOperator` declares this progress through the `Progressing=True` condition and by not declaring the new version as reconciled in its `status.versions`.
-The CVO waits until the ClusterOperator reports an acceptable status, and then it will start applying manifests at Runlevel 25.
+The CVO waits until the ClusterOperator reports an acceptable status, and then it will start reconciling manifests at Runlevel 25.
diff --git a/modules/update-mco-process.adoc b/modules/update-mco-process.adoc
index 7d54d46dcd11..0cafe64f6b32 100644
--- a/modules/update-mco-process.adoc
+++ b/modules/update-mco-process.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding_updates/how-updates-work.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="mco-update-process_{context}"]
 = Understanding how the Machine Config Operator updates nodes
 The Machine Config Operator (MCO) applies a new machine configuration to each control plane node and compute node. During the machine configuration update, control plane nodes and compute nodes are organized into their own machine config pools, where the pools of machines are updated in parallel. The `.spec.maxUnavailable` parameter, which has a default value of `1`, determines how many nodes in a machine config pool can simultaneously undergo the update process.
diff --git a/modules/update-mirror-repository.adoc b/modules/update-mirror-repository.adoc
index c9a15071b567..9eb52d66aaa5 100644
--- a/modules/update-mirror-repository.adoc
+++ b/modules/update-mirror-repository.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-mirror-repository-adm-release-mirror_{context}"]
 = Mirroring images using the oc adm release mirror command
 
diff --git a/modules/update-network-sysctl-allowlist.adoc b/modules/update-network-sysctl-allowlist.adoc
index bea23fc7b3de..791a5556ac87 100644
--- a/modules/update-network-sysctl-allowlist.adoc
+++ b/modules/update-network-sysctl-allowlist.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/containers/nodes-containers-sysctls.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-interface-specific-safe-sysctls-list_{context}"]
 = Updating the interface-specific safe sysctls list
 
@@ -24,7 +24,7 @@ $ oc get cm -n openshift-multus cni-sysctl-allowlist -oyaml
 +
 .Expected output
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
 apiVersion: v1
 data:
@@ -48,7 +48,7 @@ metadata:
   annotations:
     kubernetes.io/description: |
       Sysctl allowlist for nodes.
-    release.openshift.io/version: 4.13.0-0.nightly-2022-11-16-003434
+    release.openshift.io/version: {product-version}.0-0.nightly-2022-11-16-003434
   creationTimestamp: "2022-11-17T14:09:27Z"
   name: cni-sysctl-allowlist
   namespace: openshift-multus
diff --git a/modules/update-preparing-ack.adoc b/modules/update-preparing-ack.adoc
index 784f19f6a2d6..aafb14da8e2a 100644
--- a/modules/update-preparing-ack.adoc
+++ b/modules/update-preparing-ack.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-prepare.adoc
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-preparing-ack_{context}"]
 = Providing the administrator acknowledgment
 
-After you have evaluated your cluster for any removed APIs and have migrated any removed APIs, you can acknowledge that your cluster is ready to upgrade from {product-title} 4.12 to 4.13.
+After you have evaluated your cluster for any removed APIs and have migrated any removed APIs, you can acknowledge that your cluster is ready to upgrade from {product-title} 4.14 to 4.15.
 
 [WARNING]
 ====
@@ -19,9 +19,9 @@ Be aware that all responsibility falls on the administrator to ensure that all u
 
 .Procedure
 
-* Run the following command to acknowledge that you have completed the evaluation and your cluster is ready for the Kubernetes API removals in {product-title} 4.13:
+* Run the following command to acknowledge that you have completed the evaluation and your cluster is ready for the Kubernetes API removals in {product-title} 4.15:
 +
 [source,terminal]
 ----
-$ oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.12-kube-1.26-api-removals-in-4.13":"true"}}' --type=merge
+$ oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.13-kube-1.27-api-removals-in-4.15":"true"}}' --type=merge
 ----
diff --git a/modules/update-preparing-conditional.adoc b/modules/update-preparing-conditional.adoc
new file mode 100644
index 000000000000..80540cd3500f
--- /dev/null
+++ b/modules/update-preparing-conditional.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="update-preparing-conditional_{context}"]
+= Assessing the risk of conditional updates
+
+A _conditional update_ is an update target that is available but not recommended due to a known risk that applies to your cluster.
+The Cluster Version Operator (CVO) periodically queries the OpenShift Update Service (OSUS) for the most recent data about update recommendations, and some potential update targets might have risks associated with them.
+
+The CVO evaluates the conditional risks, and if the risks are not applicable to the cluster, then the target version is available as a recommended update path for the cluster.
+If the risk is determined to be applicable, or if for some reason CVO cannot evaluate the risk, then the update target is available to the cluster as a conditional update.
+
+When you encounter a conditional update while you are trying to update to a target version, you must assess the risk of updating your cluster to that version.
+Generally, if you do not have a specific need to update to that target version, it is best to wait for a recommended update path from Red Hat.
+
+However, if you have a strong reason to update to that version, for example, if you need to fix an important CVE, then the benefit of fixing the CVE might outweigh the risk of the update being problematic for your cluster.
+You can complete the following tasks to determine whether you agree with the Red Hat assessment of the update risk:
+
+* Complete extensive testing in a non-production environment to the extent that you are comfortable completing the update in your production environment.
+* Follow the links provided in the conditional update description, investigate the bug, and determine if it is likely to cause issues for your cluster. If you need help understanding the risk, contact Red Hat Support.
\ No newline at end of file
diff --git a/modules/update-preparing-evaluate-alerts.adoc b/modules/update-preparing-evaluate-alerts.adoc
index ab4cac738bf3..164d04d2c226 100644
--- a/modules/update-preparing-evaluate-alerts.adoc
+++ b/modules/update-preparing-evaluate-alerts.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-prepare.adoc
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
 
 [id="update-preparing-evaluate-alerts_{context}"]
 = Reviewing alerts to identify uses of removed APIs
diff --git a/modules/update-preparing-evaluate-apirequestcount-workloads.adoc b/modules/update-preparing-evaluate-apirequestcount-workloads.adoc
index ef62261c0d3c..d14960fbfe8f 100644
--- a/modules/update-preparing-evaluate-apirequestcount-workloads.adoc
+++ b/modules/update-preparing-evaluate-apirequestcount-workloads.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-prepare.adoc
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-preparing-evaluate-apirequestcount-workloads_{context}"]
 = Using APIRequestCount to identify which workloads are using the removed APIs
 
@@ -25,14 +25,14 @@ For example:
 +
 [source,terminal]
 ----
-$ oc get apirequestcounts flowschemas.v1beta1.flowcontrol.apiserver.k8s.io -o yaml
+$ oc get apirequestcounts csistoragecapacities.v1beta1.storage.k8s.io -o yaml
 ----
 +
 You can also use `-o jsonpath` to extract the `username` and `userAgent` values from an `APIRequestCount` resource:
 +
 [source,terminal]
 ----
-$ oc get apirequestcounts flowschemas.v1beta1.flowcontrol.apiserver.k8s.io \
+$ oc get apirequestcounts csistoragecapacities.v1beta1.storage.k8s.io \
   -o jsonpath='{range .status.currentHour..byUser[*]}{..byVerb[*].verb}{","}{.username}{","}{.userAgent}{"\n"}{end}' \
   | sort -k 2 -t, -u | column -t -s, -NVERBS,USERNAME,USERAGENT
 ----
@@ -40,7 +40,8 @@ $ oc get apirequestcounts flowschemas.v1beta1.flowcontrol.apiserver.k8s.io \
 .Example output
 [source,terminal]
 ----
-VERBS  USERNAME                                                            USERAGENT
-get    system:serviceaccount:openshift-cluster-version:default             cluster-version-operator/v0.0.0
-watch  system:serviceaccount:openshift-oauth-apiserver:oauth-apiserver-sa  oauth-apiserver/v0.0.0
+VERBS       USERNAME                        USERAGENT
+list watch  system:kube-controller-manager  cluster-policy-controller/v0.0.0
+list watch  system:kube-controller-manager  kube-controller-manager/v1.26.5+0abcdef
+list watch  system:kube-scheduler           kube-scheduler/v1.26.5+0abcdef
 ----
diff --git a/modules/update-preparing-evaluate-apirequestcount.adoc b/modules/update-preparing-evaluate-apirequestcount.adoc
index c97a43cc0aa9..2ac675a0f29a 100644
--- a/modules/update-preparing-evaluate-apirequestcount.adoc
+++ b/modules/update-preparing-evaluate-apirequestcount.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-prepare.adoc
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-preparing-evaluate-apirequestcount_{context}"]
 = Using APIRequestCount to identify uses of removed APIs
 
@@ -24,15 +24,12 @@ $ oc get apirequestcounts
 .Example output
 [source,terminal]
 ----
-NAME                                                                      REMOVEDINRELEASE   REQUESTSINCURRENTHOUR   REQUESTSINLAST24H
+NAME                                                                 REMOVEDINRELEASE   REQUESTSINCURRENTHOUR   REQUESTSINLAST24H
 ...
-flowschemas.v1beta1.flowcontrol.apiserver.k8s.io                          1.26               0                       16
-flowschemas.v1beta2.flowcontrol.apiserver.k8s.io                                             101                     857
-groups.v1.user.openshift.io                                                                  22                      201
-hardwaredata.v1alpha1.metal3.io                                                              3                       33
-helmchartrepositories.v1beta1.helm.openshift.io                                              142                     628
-horizontalpodautoscalers.v2.autoscaling                                                      11                      103
-horizontalpodautoscalers.v2beta2.autoscaling                              1.26               0                       15
+csistoragecapacities.v1.storage.k8s.io                                                  14                      380
+csistoragecapacities.v1beta1.storage.k8s.io                          1.27               0                       16
+custompolicydefinitions.v1beta1.capabilities.3scale.net                                 8                       158
+customresourcedefinitions.v1.apiextensions.k8s.io                                       1407                    30148
 ...
 ----
 +
@@ -54,6 +51,7 @@ $ oc get apirequestcounts -o jsonpath='{range .items[?(@.status.removedInRelease
 .Example output
 [source,terminal]
 ----
-1.26	flowschemas.v1beta1.flowcontrol.apiserver.k8s.io
-1.26	horizontalpodautoscalers.v2beta2.autoscaling
+1.27	csistoragecapacities.v1beta1.storage.k8s.io
+1.29	flowschemas.v1beta2.flowcontrol.apiserver.k8s.io
+1.29	prioritylevelconfigurations.v1beta2.flowcontrol.apiserver.k8s.io
 ----
diff --git a/modules/update-preparing-list.adoc b/modules/update-preparing-list.adoc
index 43cf9e597599..7541f5e65ec2 100644
--- a/modules/update-preparing-list.adoc
+++ b/modules/update-preparing-list.adoc
@@ -1,28 +1,20 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-prepare.adoc
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
 
 [id="update-preparing-list_{context}"]
 = Removed Kubernetes APIs
 
-{product-title} 4.13 uses Kubernetes 1.26, which removed the following deprecated APIs. You must migrate manifests and API clients to use the appropriate API version. For more information about migrating removed APIs, see the link:https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26[Kubernetes documentation].
+{product-title} 4.15 uses Kubernetes 1.27, which removed the following deprecated APIs. You must migrate manifests and API clients to use the appropriate API version. For more information about migrating removed APIs, see the link:https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-27[Kubernetes documentation].
 
-.APIs removed from Kubernetes 1.26
+.APIs removed from Kubernetes 1.27
 [cols="2,2,2",options="header",]
 |===
 |Resource |Removed API |Migrate to
 
-|`FlowSchema`
-|`flowcontrol.apiserver.k8s.io/v1beta1`
-|`flowcontrol.apiserver.k8s.io/v1beta3`
-
-|`HorizontalPodAutoscaler`
-|`autoscaling/v2beta2`
-|`autoscaling/v2`
-
-|`PriorityLevelConfiguration`
-|`flowcontrol.apiserver.k8s.io/v1beta1`
-|`flowcontrol.apiserver.k8s.io/v1beta3`
+|`CSIStorageCapacity`
+|`storage.k8s.io/v1beta1`
+|`storage.k8s.io/v1`
 
 |===
 // Removed the "Notable changes" column since they were all "No" and table so wide it was causing a scrollbar. Add it back in for the next time there are notable changes (1.29)
diff --git a/modules/update-preparing-migrate.adoc b/modules/update-preparing-migrate.adoc
index c58656145050..cf90add71747 100644
--- a/modules/update-preparing-migrate.adoc
+++ b/modules/update-preparing-migrate.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-prepare.adoc
+// * updating/preparing_for_updates/updating-cluster-prepare.adoc
 
 [id="update-preparing-migrate_{context}"]
 = Migrating instances of removed APIs
 
-For information about how to migrate removed Kubernetes APIs, see the link:https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26[Deprecated API Migration Guide] in the Kubernetes documentation.
+For information about how to migrate removed Kubernetes APIs, see the link:https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-27[Deprecated API Migration Guide] in the Kubernetes documentation.
diff --git a/modules/update-process-workflow.adoc b/modules/update-process-workflow.adoc
index 3c2091952759..783803a739ab 100644
--- a/modules/update-process-workflow.adoc
+++ b/modules/update-process-workflow.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding_updates/how-updates-work.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-process-workflow_{context}"]
 = Update process workflow
 
@@ -29,12 +29,12 @@ These conditions are either determined by the CVO itself, or reported by individ
 
 . The CVO records the accepted release in `status.desired` and creates a `status.history` entry about the new update.
 
-. The CVO begins applying the manifests from the release image.
+. The CVO begins reconciling the manifests from the release image.
 Cluster Operators are updated in separate stages called Runlevels, and the CVO ensures that all Operators in a Runlevel finish updating before it proceeds to the next level.
 
 . Manifests for the CVO itself are applied early in the process.
-When the CVO deployment is applied, the current CVO pod terminates, and a CVO pod using the new version starts.
-The new CVO proceeds to apply the remaining manifests.
+When the CVO deployment is applied, the current CVO pod stops, and a CVO pod that uses the new version starts.
+The new CVO proceeds to reconcile the remaining manifests.
 
 . The update proceeds until the entire control plane is updated to the new version.
 Individual cluster Operators might perform update tasks on their domain of the cluster, and while they do so, they report their state through the `Progressing=True` condition.
diff --git a/modules/update-release-images.adoc b/modules/update-release-images.adoc
index 8b554390c95b..8e159b0d1f47 100644
--- a/modules/update-release-images.adoc
+++ b/modules/update-release-images.adoc
@@ -2,7 +2,7 @@
 //
 // * updating/understanding_updates/how-updates-work.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-release-images_{context}"]
 = Release images
 
diff --git a/modules/update-restricted-image-digests.adoc b/modules/update-restricted-image-digests.adoc
index aa4b0ab0aef7..d086acff339b 100644
--- a/modules/update-restricted-image-digests.adoc
+++ b/modules/update-restricted-image-digests.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-restricted-image-digests_{context}"]
 = Retrieving a release image digest
 
diff --git a/modules/update-restricted.adoc b/modules/update-restricted.adoc
index 2c2f1637b26f..58bd5ea9cfbc 100644
--- a/modules/update-restricted.adoc
+++ b/modules/update-restricted.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-restricted_{context}"]
 = Updating the disconnected cluster
 
@@ -34,13 +34,25 @@ The release image signature config map allows the Cluster Version Operator (CVO)
 +
 [source,terminal]
 ----
-$ oc adm upgrade --allow-explicit-upgrade --to-image ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}@<digest> <1>
+$ oc adm upgrade --allow-explicit-upgrade --to-image <defined_registry>/<defined_repository>@<digest>
 ----
-<1> The `<digest>` value is the sha256 digest for the targeted release image, for example, `sha256:81154f5c03294534e1eaf0319bef7a601134f891689ccede5d705ef659aa8c92`
 +
-If you use an `ImageContentSourcePolicy` for the mirror registry, you can use the canonical registry name instead of `LOCAL_REGISTRY`.
+--
+Where:
+
+`<defined_registry>`:: Specifies the name of the mirror registry you mirrored your images to.
+
+`<defined_repository>`:: Specifies the name of the image repository you want to use on the mirror registry.
+
+`<digest>`:: Specifies the sha256 digest for the targeted release image, for example, `sha256:81154f5c03294534e1eaf0319bef7a601134f891689ccede5d705ef659aa8c92`.
+--
 +
 [NOTE]
 ====
-You can only configure global pull secrets for clusters that have an `ImageContentSourcePolicy` object. You cannot add a pull secret to a project.
+* See "Mirroring {product-title} images" to review how your mirror registry and repository names are defined.
+
+* If you used an `ImageContentSourcePolicy` or `ImageDigestMirrorSet`, you can use the canonical registry and repository names instead of the names you defined.
+The canonical registry name is `quay.io` and the canonical repository name is `openshift-release-dev/ocp-release`.
+
+* You can only configure global pull secrets for clusters that have an `ImageContentSourcePolicy` object. You cannot add a pull secret to a project.
 ====
diff --git a/modules/update-service-configure-cvo.adoc b/modules/update-service-configure-cvo.adoc
index 2624988045ac..3f2da3a97dd0 100644
--- a/modules/update-service-configure-cvo.adoc
+++ b/modules/update-service-configure-cvo.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-configure-cvo"]
 = Configuring the Cluster Version Operator (CVO)
 
diff --git a/modules/update-service-create-service-cli.adoc b/modules/update-service-create-service-cli.adoc
index d34c43a8f232..94197719d8ed 100644
--- a/modules/update-service-create-service-cli.adoc
+++ b/modules/update-service-create-service-cli.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-create-service-cli_{context}"]
 = Creating an OpenShift Update Service application by using the CLI
 
diff --git a/modules/update-service-create-service-web-console.adoc b/modules/update-service-create-service-web-console.adoc
index 1a772d157f05..5be7b0690c59 100644
--- a/modules/update-service-create-service-web-console.adoc
+++ b/modules/update-service-create-service-web-console.adoc
@@ -1,7 +1,7 @@
 //Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-create-service-web-console_{context}"]
 = Creating an OpenShift Update Service application by using the web console
 
diff --git a/modules/update-service-delete-service-cli.adoc b/modules/update-service-delete-service-cli.adoc
index 1842f03e362b..60119104186d 100644
--- a/modules/update-service-delete-service-cli.adoc
+++ b/modules/update-service-delete-service-cli.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/uninstalling-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-delete-service-cli_{context}"]
 = Deleting an OpenShift Update Service application by using the CLI
 
diff --git a/modules/update-service-delete-service-web-console.adoc b/modules/update-service-delete-service-web-console.adoc
index f131b8e39192..b3cb9d64cdfc 100644
--- a/modules/update-service-delete-service-web-console.adoc
+++ b/modules/update-service-delete-service-web-console.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/uninstalling-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-delete-service-web-console_{context}"]
 = Deleting an OpenShift Update Service application by using the web console
 
diff --git a/modules/update-service-graph-data.adoc b/modules/update-service-graph-data.adoc
index 3ff24aab77a0..d2f4f3c5b5e9 100644
--- a/modules/update-service-graph-data.adoc
+++ b/modules/update-service-graph-data.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-graph-data_{context}"]
 = Creating the OpenShift Update Service graph data container image
 
diff --git a/modules/update-service-install-cli.adoc b/modules/update-service-install-cli.adoc
index c26fc5fd6940..ff75a3fec75a 100644
--- a/modules/update-service-install-cli.adoc
+++ b/modules/update-service-install-cli.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-install-cli_{context}"]
 = Installing the OpenShift Update Service Operator by using the CLI
 
diff --git a/modules/update-service-install-web-console.adoc b/modules/update-service-install-web-console.adoc
index 6bceaaaa4066..571dd1e15f10 100644
--- a/modules/update-service-install-web-console.adoc
+++ b/modules/update-service-install-web-console.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-install-web-console_{context}"]
 = Installing the OpenShift Update Service Operator by using the web console
 
@@ -18,13 +18,15 @@ Enter `Update Service` into the *Filter by keyword...* field to find the Operato
 
 . Choose *OpenShift Update Service* from the list of available Operators, and click *Install*.
 
-.. Channel `v1` is selected as the *Update Channel* since it is the only channel available in this release.
+.. Select an *Update channel*.
+
+.. Select a *Version*.
 
 .. Select *A specific namespace on the cluster* under *Installation Mode*.
 
 .. Select a namespace for *Installed Namespace* or accept the recommended namespace `openshift-update-service`.
 
-.. Select an *Approval Strategy*:
+.. Select an *Update approval* strategy:
 +
 ** The *Automatic* strategy allows Operator Lifecycle Manager (OLM) to automatically update the Operator when a new version is available.
 +
@@ -32,6 +34,6 @@ Enter `Update Service` into the *Filter by keyword...* field to find the Operato
 
 .. Click *Install*.
 
-. Verify that the OpenShift Update Service Operator is installed by switching to the *Operators* -> *Installed Operators* page.
+. Go to *Operators* -> *Installed Operators* and verify that the OpenShift Update Service Operator is installed.
 
-. Ensure that *OpenShift Update Service* is listed in the selected namespace with a *Status* of *Succeeded*.
+. Ensure that *OpenShift Update Service* is listed in the correct namespace with a *Status* of *Succeeded*.
diff --git a/modules/update-service-overview.adoc b/modules/update-service-overview.adoc
index a53f81d7d3b0..dc65906cd37c 100644
--- a/modules/update-service-overview.adoc
+++ b/modules/update-service-overview.adoc
@@ -3,7 +3,7 @@
 // * architecture/architecture-installation.adoc
 // * updating/understanding_updates/intro-to-updates.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-service-about_{context}"]
 = About the OpenShift Update Service
 
diff --git a/modules/update-service-uninstall-cli.adoc b/modules/update-service-uninstall-cli.adoc
index 5bc36ddbb479..1e76eaf5f485 100644
--- a/modules/update-service-uninstall-cli.adoc
+++ b/modules/update-service-uninstall-cli.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/uninstalling-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-uninstall-cli_{context}"]
 = Uninstalling the OpenShift Update Service Operator by using the CLI
 
diff --git a/modules/update-service-uninstall-web-console.adoc b/modules/update-service-uninstall-web-console.adoc
index 32121c44a62c..3e2eb2bd787f 100644
--- a/modules/update-service-uninstall-web-console.adoc
+++ b/modules/update-service-uninstall-web-console.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * updating/updating-restricted-network-cluster/uninstalling-osus.adoc
+// * updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-service-uninstall-web-console_{context}"]
 = Uninstalling the OpenShift Update Service Operator by using the web console
 
diff --git a/modules/update-upgrading-cli.adoc b/modules/update-upgrading-cli.adoc
index e6353cee56c6..6d44e07906a4 100644
--- a/modules/update-upgrading-cli.adoc
+++ b/modules/update-upgrading-cli.adoc
@@ -1,14 +1,13 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-cli.adoc
-// * updating/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-cli.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-upgrading-cli_{context}"]
 = Updating a cluster by using the CLI
 
-If updates are available, you can update your cluster by using the
-OpenShift CLI (`oc`).
+You can use the OpenShift CLI (`oc`) to review and request cluster updates.
 
 You can find information about available {product-title} advisories and updates
 link:https://access.redhat.com/downloads/content/290[in the errata section]
@@ -31,35 +30,52 @@ you want to apply:
 $ oc adm upgrade
 ----
 +
+ifndef::openshift-origin[]
 .Example output
 [source,terminal]
 ----
-Cluster version is 4.9.23
-
+Cluster version is 4.13.10
 Upstream is unset, so the cluster will use an appropriate default.
-Channel: stable-4.9 (available channels: candidate-4.10, candidate-4.9, fast-4.10, fast-4.9, stable-4.10, stable-4.9, eus-4.10)
-
+Channel: stable-4.13 (available channels: candidate-4.13, candidate-4.14, fast-4.13, stable-4.13)
 Recommended updates:
+  VERSION     IMAGE
+  4.13.14     quay.io/openshift-release-dev/ocp-release@sha256:406fcc160c097f61080412afcfa7fd65284ac8741ac7ad5b480e304aba73674b
+  4.13.13     quay.io/openshift-release-dev/ocp-release@sha256:d62495768e335c79a215ba56771ff5ae97e3cbb2bf49ed8fb3f6cefabcdc0f17
+  4.13.12     quay.io/openshift-release-dev/ocp-release@sha256:73946971c03b43a0dc6f7b0946b26a177c2f3c9d37105441315b4e3359373a55
+  4.13.11     quay.io/openshift-release-dev/ocp-release@sha256:e1c2377fdae1d063aaddc753b99acf25972b6997ab9a0b7e80cfef627b9ef3dd
+----
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+.Example output
+[source,terminal]
+----
+Cluster version is 4.13.0-0.okd-2023-10-28-065448
+
+Upstream: https://amd64.origin.releases.ci.openshift.org/graph
+Channel: stable-4
 
-VERSION IMAGE
-4.9.24  quay.io/openshift-release-dev/ocp-release@sha256:6a899c54dda6b844bb12a247e324a0f6cde367e880b73ba110c056df6d018032
-4.9.25  quay.io/openshift-release-dev/ocp-release@sha256:2eafde815e543b92f70839972f585cc52aa7c37aa72d5f3c8bc886b0fd45707a
-4.9.26  quay.io/openshift-release-dev/ocp-release@sha256:3ccd09dd08c303f27a543351f787d09b83979cd31cf0b4c6ff56cd68814ef6c8
-4.9.27  quay.io/openshift-release-dev/ocp-release@sha256:1c7db78eec0cf05df2cead44f69c0e4b2c3234d5635c88a41e1b922c3bedae16
-4.9.28  quay.io/openshift-release-dev/ocp-release@sha256:4084d94969b186e20189649b5affba7da59f7d1943e4e5bc7ef78b981eafb7a8
-4.9.29  quay.io/openshift-release-dev/ocp-release@sha256:b04ca01d116f0134a102a57f86c67e5b1a3b5da1c4a580af91d521b8fa0aa6ec
-4.9.31  quay.io/openshift-release-dev/ocp-release@sha256:2a28b8ebb53d67dd80594421c39e36d9896b1e65cb54af81fbb86ea9ac3bf2d7
-4.9.32  quay.io/openshift-release-dev/ocp-release@sha256:ecdb6d0df547b857eaf0edb5574ddd64ca6d9aff1fa61fd1ac6fb641203bedfa
+Recommended updates:
 
+  VERSION                        IMAGE
+  4.14.0-0.okd-2024-01-06-084517 registry.ci.openshift.org/origin/release@sha256:c4a6b6850701202f629c0e451de784b02f0de079650a1b9ccbf610448ebc9227
+  4.14.0-0.okd-2023-11-14-101924 registry.ci.openshift.org/origin/release@sha256:72d40c51e7c4d1b9c31e9b0d276d045f1b2b93def5ecee49186df856d40bcb5c
+  4.14.0-0.okd-2023-11-12-042703 registry.ci.openshift.org/origin/release@sha256:2242d1df4e4cbcc0cd27191ab9ad5f55ac4f0c60c3cda2a186181a2435e3bd00
+  4.14.0-0.okd-2023-10-28-073550 registry.ci.openshift.org/origin/release@sha256:7a6200e347a1b857e47f2ab0735eb1303af7d796a847d79ef9706f217cd12f5c
 ----
+endif::openshift-origin[]
 +
 [NOTE]
 ====
-For details and information on how to perform an `EUS-to-EUS` channel update, please refer to the
-_Preparing to perform an EUS-to-EUS upgrade_ page, listed in the Additional resources section.
+* If there are no available updates, updates that are supported but not recommended might still be available.
+See _Updating along a conditional update path_ for more information.
+ifndef::openshift-origin[]
+* For details and information on how to perform an `EUS-to-EUS` channel update, please refer to the _Preparing to perform an EUS-to-EUS upgrade_ page, listed in the Additional resources section.
+endif::openshift-origin[]
 ====
-
-. Based on your organization requirements, set the appropriate update channel. For example, you can set your channel to `stable-4.12`, `fast-4.12`, or `eus-4.12`. For more information about channels, refer to _Understanding update channels and releases_ listed in the Additional resources section.
+ifndef::openshift-origin[]
+. Based on your organization requirements, set the appropriate update channel. For example, you can set your channel to `stable-4.13` or `fast-4.13`. For more information about channels, refer to _Understanding update channels and releases_ listed in the Additional resources section.
+// In OKD, no need to set the channel.
+//this example will need to be updated per eus release to reflect options available
 +
 [source,terminal]
 ----
@@ -87,6 +103,7 @@ Update recommendations can change over time, as they are based on what update op
 
 If you cannot see an update path to your target minor version, keep updating your cluster to the latest patch release for your current version until the next minor version is available in the path.
 ====
+endif::openshift-origin[]
 
 . Apply an update:
 ** To update to the latest version:
@@ -104,6 +121,11 @@ $ oc adm upgrade --to=<version> <1>
 ----
 <1> `<version>` is the update version that you obtained from the output of the
 `oc adm upgrade` command.
++
+[IMPORTANT]
+====
+When using `oc adm upgrade --help`, there is a listed option for `--force`. This is *heavily discouraged*, as using the `--force` option bypasses cluster-side guards, including release verification and precondition checks. Using `--force` does not guarantee a successful update. Bypassing guards put the cluster at risk.
+====
 
 . Review the status of the Cluster Version Operator:
 +
@@ -111,36 +133,52 @@ $ oc adm upgrade --to=<version> <1>
 ----
 $ oc adm upgrade
 ----
+ifdef::openshift-origin[]
++
+[source,terminal]
+.Example output
+----
+info: An upgrade is in progress. Working towards 4.14.0-0.okd-2024-01-06-084517: 117 of 864 done (13% complete), waiting on etcd, kube-apiserver
+
+Upstream: https://amd64.origin.releases.ci.openshift.org/graph
+Channel: stable-4
+No updates available. You may still upgrade to a specific release image with --to-image or wait for new updates to be available.
+----
+endif::openshift-origin[]
 
 . After the update completes, you can confirm that the cluster version has
 updated to the new version:
 +
 [source,terminal]
 ----
-$ oc get clusterversion
+$ oc adm upgrade
 ----
+ifndef::openshift-origin[]
 +
 .Example output
 [source,terminal]
 ----
-
 Cluster version is <version>
 
 Upstream is unset, so the cluster will use an appropriate default.
-Channel: stable-4.10 (available channels: candidate-4.10, candidate-4.11, eus-4.10, fast-4.10, fast-4.11, stable-4.10)
+Channel: stable-<version> (available channels: candidate-<version>, eus-<version>, fast-<version>, stable-<version>)
 
 No updates available. You may force an update to a specific release image, but doing so might not be supported and might result in downtime or data loss.
 ----
+endif::openshift-origin[]
+ifdef::openshift-origin[]
 +
-[NOTE]
-====
-If the `oc get clusterversion` command displays the following error while the `PROGRESSING` status is `True`, you can ignore the error.
 [source,terminal]
+.Example output
 ----
-NAME    VERSION AVAILABLE PROGRESSING SINCE STATUS
-version 4.10.26 True      True        24m   Unable to apply 4.11.0-rc.7: an unknown error has occurred: MultipleErrors
+Cluster version is 4.14.0-0.okd-2024-01-06-084517
+
+Upstream: https://amd64.origin.releases.ci.openshift.org/graph
+Channel: stable-4
+No updates available. You may still upgrade to a specific release image with --to-image or wait for new updates to be available.
 ----
-====
+endif::openshift-origin[]
++
 . If you are updating your cluster to the next minor version, such as version X.y to X.(y+1), it is recommended to confirm that your nodes are updated before deploying workloads that rely on a new feature:
 +
 [source,terminal]
@@ -152,10 +190,11 @@ $ oc get nodes
 [source,terminal]
 ----
 NAME                           STATUS   ROLES    AGE   VERSION
-ip-10-0-168-251.ec2.internal   Ready    master   82m   v1.26.0
-ip-10-0-170-223.ec2.internal   Ready    master   82m   v1.26.0
-ip-10-0-179-95.ec2.internal    Ready    worker   70m   v1.26.0
-ip-10-0-182-134.ec2.internal   Ready    worker   70m   v1.26.0
-ip-10-0-211-16.ec2.internal    Ready    master   82m   v1.26.0
-ip-10-0-250-100.ec2.internal   Ready    worker   69m   v1.26.0
+ip-10-0-168-251.ec2.internal   Ready    master   82m   v1.28.5
+ip-10-0-170-223.ec2.internal   Ready    master   82m   v1.28.5
+ip-10-0-179-95.ec2.internal    Ready    worker   70m   v1.28.5
+ip-10-0-182-134.ec2.internal   Ready    worker   70m   v1.28.5
+ip-10-0-211-16.ec2.internal    Ready    master   82m   v1.28.5
+ip-10-0-250-100.ec2.internal   Ready    worker   69m   v1.28.5
 ----
+
diff --git a/modules/update-upgrading-web.adoc b/modules/update-upgrading-web.adoc
index e57575e4c5b9..853db97ed441 100644
--- a/modules/update-upgrading-web.adoc
+++ b/modules/update-upgrading-web.adoc
@@ -1,12 +1,13 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-within-minor.adoc
+// * updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
 
 ifeval::["{context}" == "updating-cluster-rhel-compute"]
 :rhel:
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-upgrading-web_{context}"]
 = Updating a cluster by using the web console
 
@@ -17,9 +18,18 @@ link:https://access.redhat.com/downloads/content/290[in the errata section] of t
 
 .Prerequisites
 
-* Have access to the web console as a user with `admin` privileges.
+* Have access to the web console as a user with `cluster-admin` privileges.
+
+* You have access to the {product-title} web console.
+
 * Pause all `MachineHealthCheck` resources.
 
+* You have updated all Operators previously installed through Operator Lifecycle Manager (OLM) to a version that is compatible with your target release. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See "Updating installed Operators" in the "Additional resources" section for more information on how to check compatibility and, if necessary, update the installed Operators.
+
+* Your machine config pools (MCPs) are running and not paused. Nodes associated with a paused MCP are skipped during the update process. You can pause the MCPs if you are performing a canary rollout update strategy.
+
+* Your {op-system-base}7 workers are replaced with {op-system-base}8 or {op-system} workers. Red{nbsp}Hat does not support in-place {op-system-base}7 to {op-system-base}8 updates for {op-system-base} workers; those hosts must be replaced with a clean operating system install.
+
 .Procedure
 
 . From the web console, click *Administration* -> *Cluster Settings* and review the contents of the *Details* tab.
@@ -55,7 +65,7 @@ The Input channel
 +
 [NOTE]
 ====
-If you are update your cluster to the next minor version, like version 4.y to 4.(y+1), it is recommended to confirm your nodes are updated before deploying workloads that rely on a new feature. Any pools with worker nodes that are not yet updated are displayed on the *Cluster Settings* page.
+If you are updating your cluster to the next minor version, for example from version 4.10 to 4.11, confirm that your nodes are updated before deploying workloads that rely on a new feature. Any pools with worker nodes that are not yet updated are displayed on the *Cluster Settings* page.
 ====
 
 . After the update completes and the Cluster Version Operator refreshes the available updates, check if more updates are available in your current channel.
@@ -73,9 +83,9 @@ endif::openshift-origin[]
 You might need to perform several intermediate updates until you reach the version that you want.
 ifdef::rhel[]
 +
-[NOTE]
+[IMPORTANT]
 ====
-When you update a cluster that contains Red Hat Enterprise Linux (RHEL) worker machines, those workers temporarily become unavailable during the update process. You must run the update playbook against each RHEL machine as it enters the `NotReady` state for the cluster to finish updating.
+When you update a cluster that contains {op-system-base-full} worker machines, those workers temporarily become unavailable during the update process. You must run the update playbook against each {op-system-base} machine as it enters the `NotReady` state for the cluster to finish updating.
 ====
 
 endif::rhel[]
diff --git a/modules/update-using-custom-machine-config-pools-about.adoc b/modules/update-using-custom-machine-config-pools-about.adoc
index 94bd14adadb3..a91277b38e63 100644
--- a/modules/update-using-custom-machine-config-pools-about.adoc
+++ b/modules/update-using-custom-machine-config-pools-about.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/update-using-custom-machine-config-pools.adoc
+// * updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-using-custom-machine-config-pools-about_{context}"]
 = About performing a canary rollout update
 
diff --git a/modules/update-using-custom-machine-config-pools-canary.adoc b/modules/update-using-custom-machine-config-pools-canary.adoc
index 9e744e1c798a..af5fbf64f23a 100644
--- a/modules/update-using-custom-machine-config-pools-canary.adoc
+++ b/modules/update-using-custom-machine-config-pools-canary.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-within-minor.adoc
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
 
 [id="update-using-custom-machine-config-pools-canary_{context}"]
 = Performing a canary rollout update
diff --git a/modules/update-using-custom-machine-config-pools-mcp-remove.adoc b/modules/update-using-custom-machine-config-pools-mcp-remove.adoc
index 8543c6f1b480..ffb8270d1c05 100644
--- a/modules/update-using-custom-machine-config-pools-mcp-remove.adoc
+++ b/modules/update-using-custom-machine-config-pools-mcp-remove.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * updating/update-using-custom-machine-config-pools.adoc
+// * updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
 
 [id="update-using-custom-machine-config-pools-mcp-remove_{context}"]
 = Moving a node to the original machine config pool
@@ -29,10 +29,10 @@ $ oc label node ci-ln-0qv1yp2-f76d1-kl2tq-worker-a-j2ssz node-role.kubernetes.io
 error: 'node-role.kubernetes.io/worker' already has a value (), and --overwrite is false
 ----
 +
-If the node does not have a `worker` label or a label from an updated MCP, add the label. 
+If the node does not have a `worker` label or a label from an updated MCP, add the label.
 ////
 
-. Remove the custom label from the node. 
+. Remove the custom label from the node.
 +
 [source,terminal]
 ----
diff --git a/modules/update-using-custom-machine-config-pools-mcp.adoc b/modules/update-using-custom-machine-config-pools-mcp.adoc
index 9ff63d323c70..ea10c4eacc51 100644
--- a/modules/update-using-custom-machine-config-pools-mcp.adoc
+++ b/modules/update-using-custom-machine-config-pools-mcp.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
-// * updating/update-using-custom-machine-config-pools.adoc
+// * updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
 
 [id="update-using-custom-machine-config-pools-mcp_{context}"]
 = Creating machine config pools to perform a canary rollout update
 
-The first task in performing this canary rollout update is to create one or more machine config pools (MCP). 
+The first task in performing this canary rollout update is to create one or more machine config pools (MCP).
 
 . Create an MCP from a worker node.
 
@@ -61,7 +61,7 @@ spec:
          key: machineconfiguration.openshift.io/role,
          operator: In,
          values: [worker,workerpool-canary]
-        } 
+        }
   nodeSelector:
     matchLabels:
       node-role.kubernetes.io/workerpool-canary: "" <3>
diff --git a/modules/update-using-custom-machine-config-pools-pause.adoc b/modules/update-using-custom-machine-config-pools-pause.adoc
index eb4583395ed3..040875f2e481 100644
--- a/modules/update-using-custom-machine-config-pools-pause.adoc
+++ b/modules/update-using-custom-machine-config-pools-pause.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * updating/update-using-custom-machine-config-pools.adoc
+// * updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
 
 [id="update-using-custom-machine-config-pools-pause_{context}"]
 = Pausing the machine config pools
diff --git a/modules/update-using-custom-machine-config-pools-unpause.adoc b/modules/update-using-custom-machine-config-pools-unpause.adoc
index c3c12fd20952..d65b2bfba776 100644
--- a/modules/update-using-custom-machine-config-pools-unpause.adoc
+++ b/modules/update-using-custom-machine-config-pools-unpause.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * updating/update-using-custom-machine-config-pools.adoc
+// * updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
 
 [id="update-using-custom-machine-config-pools-unpause_{context}"]
 = Unpausing the machine config pools
diff --git a/modules/update-vsphere-virtual-hardware-on-compute-nodes.adoc b/modules/update-vsphere-virtual-hardware-on-compute-nodes.adoc
index 7a2638e8542b..f4af5e5a936f 100644
--- a/modules/update-vsphere-virtual-hardware-on-compute-nodes.adoc
+++ b/modules/update-vsphere-virtual-hardware-on-compute-nodes.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// updating/updating-hardware-on-nodes-running-in-vsphere.adoc
+// updating/updating_a_cluster/updating-hardware-on-nodes-running-in-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-vsphere-virtual-hardware-on-compute-nodes_{context}"]
 = Updating the virtual hardware for compute nodes on vSphere
 
@@ -16,7 +16,7 @@ Multiple compute nodes can be updated in parallel given workloads are tolerant o
 .Prerequisites
 
 * You have cluster administrator permissions to execute the required permissions in the vCenter instance hosting your {product-title} cluster.
-* Your vSphere ESXi hosts are version 6.7U3 or later.
+* Your vSphere ESXi hosts are version 7.0U2 or later.
 
 .Procedure
 
@@ -31,9 +31,9 @@ $ oc get nodes -l node-role.kubernetes.io/worker
 [source,terminal]
 ----
 NAME              STATUS   ROLES    AGE   VERSION
-compute-node-0    Ready    worker   30m   v1.26.0
-compute-node-1    Ready    worker   30m   v1.26.0
-compute-node-2    Ready    worker   30m   v1.26.0
+compute-node-0    Ready    worker   30m   v1.28.5
+compute-node-1    Ready    worker   30m   v1.28.5
+compute-node-2    Ready    worker   30m   v1.28.5
 ----
 +
 Note the names of your compute nodes.
diff --git a/modules/update-vsphere-virtual-hardware-on-control-plane-nodes.adoc b/modules/update-vsphere-virtual-hardware-on-control-plane-nodes.adoc
index 05a106e93523..84ac65708854 100644
--- a/modules/update-vsphere-virtual-hardware-on-control-plane-nodes.adoc
+++ b/modules/update-vsphere-virtual-hardware-on-control-plane-nodes.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// updating/updating-hardware-on-nodes-running-in-vsphere.adoc
+// updating/updating_a_cluster/updating-hardware-on-nodes-running-in-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-vsphere-virtual-hardware-on-control-plane-nodes_{context}"]
 = Updating the virtual hardware for control plane nodes on vSphere
 
@@ -11,7 +11,7 @@ To reduce the risk of downtime, it is recommended that control plane nodes be up
 .Prerequisites
 
 * You have cluster administrator permissions to execute the required permissions in the vCenter instance hosting your {product-title} cluster.
-* Your vSphere ESXi hosts are version 6.7U3 or later.
+* Your vSphere ESXi hosts are version 7.0U2 or later.
 
 .Procedure
 
@@ -26,9 +26,9 @@ $ oc get nodes -l node-role.kubernetes.io/master
 [source,terminal]
 ----
 NAME                    STATUS   ROLES    AGE   VERSION
-control-plane-node-0    Ready    master   75m   v1.26.0
-control-plane-node-1    Ready    master   75m   v1.26.0
-control-plane-node-2    Ready    master   75m   v1.26.0
+control-plane-node-0    Ready    master   75m   v1.28.5
+control-plane-node-1    Ready    master   75m   v1.28.5
+control-plane-node-2    Ready    master   75m   v1.28.5
 ----
 +
 Note the names of your control plane nodes.
diff --git a/modules/update-vsphere-virtual-hardware-on-template.adoc b/modules/update-vsphere-virtual-hardware-on-template.adoc
index 55a80b08b3ab..c965d43dabda 100644
--- a/modules/update-vsphere-virtual-hardware-on-template.adoc
+++ b/modules/update-vsphere-virtual-hardware-on-template.adoc
@@ -1,21 +1,21 @@
 // Module included in the following assemblies:
 //
-// updating/updating-hardware-on-nodes-running-in-vsphere.adoc
+// updating/updating_a_cluster/updating-hardware-on-nodes-running-in-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="update-vsphere-virtual-hardware-on-template_{context}"]
 = Updating the virtual hardware for template on vSphere
 
 .Prerequisites
 
 * You have cluster administrator permissions to execute the required permissions in the vCenter instance hosting your {product-title} cluster.
-* Your vSphere ESXi hosts are version 6.7U3 or later.
+* Your vSphere ESXi hosts are version 7.0U2 or later.
 
 .Procedure
 
 . If the RHCOS template is configured as a vSphere template follow link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-D632CAC5-BA5E-4A1E-959B-382D9ACB1DD0_copy.html[Convert a Template to a Virtual Machine]
 in the VMware documentation prior to the next step.
-
++
 [NOTE]
 ====
 Once converted from a template, do not power on the virtual machine.
diff --git a/modules/updates-for-hosted-control-planes.adoc b/modules/updates-for-hosted-control-planes.adoc
index 55c1f7e7e4f0..f9abd2933f76 100644
--- a/modules/updates-for-hosted-control-planes.adoc
+++ b/modules/updates-for-hosted-control-planes.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updates/updating-hosted-control-planes.adoc
+// * updates/updating_a_cluster/updating-hosted-control-planes.adoc
 // * hosted_control_planes/hcp-managing.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="updates-for-hosted-control-planes_{context}"]
 = Updates for hosted control planes
 
@@ -25,14 +25,14 @@ With node pools, you can configure the software that is running in the nodes by
 * Changing any platform-specific field, such as the AWS instance type. The result is a set of new instances with the new type.
 * Changing the cluster configuration, if the change propagates to the node.
 
-Node pools support replace updates and in-place updates. The `nodepool.spec.release` value dictates the version of any particular node pool. A `NodePool` object completes a replace or an in-place rolling update according to the `.spec.management.upgradeType` value. 
+Node pools support replace updates and in-place updates. The `nodepool.spec.release` value dictates the version of any particular node pool. A `NodePool` object completes a replace or an in-place rolling update according to the `.spec.management.upgradeType` value.
 
-After you create a node pool, you cannot change the update type. If you want to change the update type, you must create a node pool and delete the other one. 
+After you create a node pool, you cannot change the update type. If you want to change the update type, you must create a node pool and delete the other one.
 
 [id="updates-for-nodepools-replace_{context}"]
 === Replace updates for node pools
 
-A _replace_ update creates instances in the new version while it removes old instances from the previous version. This update type is effective in cloud environments where this level of immutability is cost effective. 
+A _replace_ update creates instances in the new version while it removes old instances from the previous version. This update type is effective in cloud environments where this level of immutability is cost effective.
 
 Replace updates do not preserve any manual changes because the node is entirely re-provisioned.
 
diff --git a/modules/updating-clear.adoc b/modules/updating-clear.adoc
deleted file mode 100644
index 6ef94468a61d..000000000000
--- a/modules/updating-clear.adoc
+++ /dev/null
@@ -1,14 +0,0 @@
-// Module included in the following assemblies:
-//
-// * upgrading/upgrading-cluster-cli.adoc
-
-[id="updating-clear_{context}"]
-= Recovering when an update fails before it is applied
-
-If an update fails before it is applied, such as when the version that you
-specify cannot be found, you can cancel the update:
-
-[source,terminal]
-----
-$ oc adm upgrade clear
-----
diff --git a/modules/updating-eus-to-eus-layered-products.adoc b/modules/updating-eus-to-eus-layered-products.adoc
index d85d656f31d0..4daf74b020cc 100644
--- a/modules/updating-eus-to-eus-layered-products.adoc
+++ b/modules/updating-eus-to-eus-layered-products.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-eus-eus-upgrade.adoc
+// * updating/updating_a_cluster/eus-eus-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-eus-to-eus-olm-operators_{context}"]
 = EUS-to-EUS update for layered products and Operators installed through Operator Lifecycle Manager
 
@@ -17,9 +17,9 @@ Layered products refer to products that are made of multiple underlying products
 
 As you perform an EUS-to-EUS update for the clusters of layered products and those of Operators that have been installed through OLM, you must complete the following:
 
-. Ensure that all of your Operators previously installed through OLM are updated to their latest version in their latest channel. Updating the Operators ensures that they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. For information on how to update your Operators, see "Preparing for an Operator update" in "Additional resources".
+. You have updated all Operators previously installed through Operator Lifecycle Manager (OLM) to a version that is compatible with your target release. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See "Updating installed Operators" in the "Additional resources" section for more information on how to check compatibility and, if necessary, update the installed Operators.
 
-. Confirm the cluster version compatibility between the current and intended Operator versions. You can verify which versions your OLM Operators are compatible with by using the link:https://access.redhat.com/labs/ocpouic/?operator=logging&&ocp_versions=4.10,4.11,4.12[Red Hat {product-title} Operator Update Information Checker].
+. Confirm the cluster version compatibility between the current and intended Operator versions. You can verify which versions your OLM Operators are compatible with by using the link:https://access.redhat.com/labs/ocpouic/?operator=logging&&ocp_versions=4.10,4.11,4.12[Red{nbsp}Hat {product-title} Operator Update Information Checker].
 
 As an example, here are the steps to perform an EUS-to-EUS update from <4.y> to <4.y+2> for OpenShift Data Foundation (ODF). This can be done through the CLI or web console. For information on how to update clusters through your desired interface, see _EUS-to-EUS update using the web console_ and "EUS-to-EUS update using the CLI" in "Additional resources".
 
diff --git a/modules/updating-eus-to-eus-upgrade-cli.adoc b/modules/updating-eus-to-eus-upgrade-cli.adoc
index 372ff642785f..b2b8205c4ca1 100644
--- a/modules/updating-eus-to-eus-upgrade-cli.adoc
+++ b/modules/updating-eus-to-eus-upgrade-cli.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-eus-eus-upgrade.adoc
+// * updating/updating_a_cluster/eus-eus-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-eus-to-eus-upgrade-cli_{context}"]
 = EUS-to-EUS update using the CLI
 
@@ -112,7 +112,7 @@ $ oc adm upgrade
 +
 [source,terminal]
 ----
-Cluster version is <4.y+1.z>
+Cluster version is <4.y+2.z>
 ...
 ----
 
diff --git a/modules/updating-eus-to-eus-upgrade-console.adoc b/modules/updating-eus-to-eus-upgrade-console.adoc
index a6c7848eef82..181637ced967 100644
--- a/modules/updating-eus-to-eus-upgrade-console.adoc
+++ b/modules/updating-eus-to-eus-upgrade-console.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-eus-eus-upgrade.adoc
+// * updating/updating_a_cluster/eus-eus-update.adoc.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-eus-to-eus-upgrade-console_{context}"]
 = EUS-to-EUS update using the web console
 
@@ -24,31 +24,31 @@ To view the status of all machine config pools, click *Compute* -> *MachineConfi
 If your machine config pools have an `Updating` status, please wait for this status to change to `Up to date`. This process could take several minutes.
 ====
 
-. Set your channel to `eus-<4.y+2>`. 
+. Set your channel to `eus-<4.y+2>`.
 +
 To set your channel, click *Administration* -> *Cluster Settings* -> *Channel*. You can edit your channel by clicking on the current hyperlinked channel.
 
 . Pause all worker machine pools except for the master pool. You can perform this action on the *MachineConfigPools* tab under the *Compute* page. Select the vertical ellipses next to the machine config pool you'd like to pause and click *Pause updates*.
 
-. Update to version <4.y+1> and complete up to the *Save* step. You can find more information on how to perform these actions in "Updating a cluster by using the web console"; see "Additional resources". 
+. Update to version <4.y+1> and complete up to the *Save* step. You can find more information on how to perform these actions in "Updating a cluster by using the web console"; see "Additional resources".
 
-. Ensure that the <4.y+1> updates are complete by viewing the *Last completed version* of your cluster. You can find this information on the *Cluster Settings* page under the *Details* tab. 
+. Ensure that the <4.y+1> updates are complete by viewing the *Last completed version* of your cluster. You can find this information on the *Cluster Settings* page under the *Details* tab.
 
 . If necessary, update your OLM Operators by using the Administrator perspective on the web console. You can find more information on how to perform these actions in "Updating installed Operators"; see "Additional resources".
 
-. Update to version <4.y+2> and complete up to the *Save* step. You can find more information on how to perform these actions in "Updating a cluster by using the web console"; see "Additional resources". 
+. Update to version <4.y+2> and complete up to the *Save* step. You can find more information on how to perform these actions in "Updating a cluster by using the web console"; see "Additional resources".
 
-. Ensure that the <4.y+2> update is complete by viewing the *Last completed version* of your cluster. You can find this information on the *Cluster Settings* page under the *Details* tab. 
+. Ensure that the <4.y+2> update is complete by viewing the *Last completed version* of your cluster. You can find this information on the *Cluster Settings* page under the *Details* tab.
 
-. Unpause all previously paused machine config pools. You can perform this action on the *MachineConfigPools* tab under the *Compute* page. Select the vertical ellipses next to the machine config pool you'd like to unpause and click *Unpause updates*. 
+. Unpause all previously paused machine config pools. You can perform this action on the *MachineConfigPools* tab under the *Compute* page. Select the vertical ellipses next to the machine config pool you'd like to unpause and click *Unpause updates*.
 +
 [IMPORTANT]
 ====
 If pools are paused, the cluster is not permitted to upgrade to any future minor versions, and some maintenance tasks are inhibited. This puts the cluster at risk for future degradation.
 ====
 
-. Verify that your previously paused pools are updated and that your cluster has completed the update to version <4.y+2>. 
+. Verify that your previously paused pools are updated and that your cluster has completed the update to version <4.y+2>.
 +
 You can verify that your pools have updated on the *MachineConfigPools* tab under the *Compute* page by confirming that the *Update status* has a value of *Up to date*.
 +
-You can verify that your cluster has completed the update by viewing the *Last completed version* of your cluster. You can find this information on the *Cluster Settings* page under the *Details* tab. 
+You can verify that your cluster has completed the update by viewing the *Last completed version* of your cluster. You can find this information on the *Cluster Settings* page under the *Details* tab.
diff --git a/modules/updating-eus-to-eus-upgrade.adoc b/modules/updating-eus-to-eus-upgrade.adoc
index d73f230f0e77..339a599a1770 100644
--- a/modules/updating-eus-to-eus-upgrade.adoc
+++ b/modules/updating-eus-to-eus-upgrade.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * updating/preparing-eus-eus-upgrade.adoc
+// * updating/updating_a_cluster/eus-eus-update.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-eus-to-eus-upgrade_{context}"]
 = EUS-to-EUS update
 
diff --git a/modules/updating-node-pools-for-hcp.adoc b/modules/updating-node-pools-for-hcp.adoc
index 90f06c417d82..80303e6d4fa6 100644
--- a/modules/updating-node-pools-for-hcp.adoc
+++ b/modules/updating-node-pools-for-hcp.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updates/updating-hosted-control-planes.adoc
+// * updates/updating_a_cluster/updating-hosted-control-planes.adoc
 // * hosted_control_planes/hcp-managing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="updating-node-pools-for-hcp_{context}"]
 = Updating node pools for hosted control planes
 
diff --git a/modules/updating-sno.adoc b/modules/updating-sno.adoc
index a362628ec9f8..a862d620644c 100644
--- a/modules/updating-sno.adoc
+++ b/modules/updating-sno.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-cluster-within-minor.adoc
-// * updating/updating-cluster-cli.adoc
+// * updating/updating_a_cluster/updating-cluster-web-console.adoc
+// * updating/updating_a_cluster/updating-cluster-cli.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="update-single-node-openshift_{context}"]
 = About updating single node {product-title}
 
diff --git a/modules/updating-troubleshooting-clear.adoc b/modules/updating-troubleshooting-clear.adoc
new file mode 100644
index 000000000000..8cbda3c63614
--- /dev/null
+++ b/modules/updating-troubleshooting-clear.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * updating/troubleshooting_updates/recovering-update-before-applied.adoc
+
+[id="updating-troubleshooting-clear_{context}"]
+= Recovering when an update fails before it is applied
+
+If an update fails before it is applied, such as when the version that you specify cannot be found, you can cancel the update:
+
+[source,terminal]
+----
+$ oc adm upgrade --clear
+----
+
+[IMPORTANT]
+====
+If an update fails at any other point, you must contact Red Hat support. Rolling your cluster back to a previous version is not supported.
+====
\ No newline at end of file
diff --git a/modules/upgrade-49-acknowledgement.adoc b/modules/upgrade-49-acknowledgement.adoc
index afef7ff825d5..28a2637c0403 100644
--- a/modules/upgrade-49-acknowledgement.adoc
+++ b/modules/upgrade-49-acknowledgement.adoc
@@ -4,7 +4,7 @@
 // * upgrading/rosa-cluster-upgrading-prepare.adoc
 // * upgrading/osd-cluster-upgrading-prepare.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="upgrade-49-acknowledgement_{context}"]
 = Administrator acknowledgment when upgrading to OpenShift 4.9
 
diff --git a/modules/upgrade-auto.adoc b/modules/upgrade-auto.adoc
index 7791d661b3fd..d3c335457fa2 100644
--- a/modules/upgrade-auto.adoc
+++ b/modules/upgrade-auto.adoc
@@ -3,7 +3,7 @@
 //
 // * assemblies/upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="upgrade-auto_{context}"]
 
 = Scheduling recurring upgrades for your cluster
diff --git a/modules/upgrade-manual.adoc b/modules/upgrade-manual.adoc
index 59df24c8e317..1a11c3621c62 100644
--- a/modules/upgrade-manual.adoc
+++ b/modules/upgrade-manual.adoc
@@ -3,7 +3,7 @@
 //
 // * assemblies/upgrades.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="upgrade-manual_{context}"]
 
 = Scheduling individual upgrades for your cluster
diff --git a/modules/upgrade.adoc b/modules/upgrade.adoc
index 8bb13d6bee4c..7b41f2edea11 100644
--- a/modules/upgrade.adoc
+++ b/modules/upgrade.adoc
@@ -3,7 +3,7 @@
 //
 // * assemblies/upgrades.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="upgrade_{context}"]
 = Understanding {product-title} cluster upgrades
 
diff --git a/modules/upgrading-mtc-1-8-0.adoc b/modules/upgrading-mtc-1-8-0.adoc
new file mode 100644
index 000000000000..baec2f6e3d72
--- /dev/null
+++ b/modules/upgrading-mtc-1-8-0.adoc
@@ -0,0 +1,64 @@
+// Module included in the following assemblies:
+//
+// * migration_toolkit_for_containers/upgrading-mtc.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="migration-upgrading-mtc-18_{context}"]
+= Upgrading the {mtc-full} to 1.8.0
+
+To upgrade the {mtc-full} to 1.8.0, complete the following steps.
+
+.Procedure
+
+. Determine subscription names and current channels to work with for upgrading by using one of the following methods:
+
+** Determine the subscription names and channels by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration get sub
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                                                         PACKAGE                SOURCE                 CHANNEL
+mtc-operator                                                                 mtc-operator           mtc-operator-catalog   release-v1.7
+redhat-oadp-operator-stable-1.0-mtc-operator-catalog-openshift-marketplace   redhat-oadp-operator   mtc-operator-catalog   stable-1.0
+----
+
+** Or return the subscription names and channels in JSON by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration get sub -o json | jq -r '.items[] | { name: .metadata.name, package: .spec.name, channel: .spec.channel }'
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "name": "mtc-operator",
+  "package": "mtc-operator",
+  "channel": "release-v1.7"
+}
+{
+  "name": "redhat-oadp-operator-stable-1.0-mtc-operator-catalog-openshift-marketplace",
+  "package": "redhat-oadp-operator",
+  "channel": "stable-1.0"
+}
+----
+
+. For each subscription, patch to move from the {mtc-short} 1.7 channel to the {mtc-short} 1.8 channel by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration patch subscription mtc-operator --type merge --patch '{"spec": {"channel": "release-v1.8"}}'
+----
++
+.Example output
+[source,terminal]
+----
+subscription.operators.coreos.com/mtc-operator patched
+----
+
diff --git a/modules/upgrading-oadp10-to12-in-mtc.adoc b/modules/upgrading-oadp10-to12-in-mtc.adoc
new file mode 100644
index 000000000000..02dbe56b9316
--- /dev/null
+++ b/modules/upgrading-oadp10-to12-in-mtc.adoc
@@ -0,0 +1,84 @@
+// Module included in the following assemblies:
+//
+// * migrating_from_ocp_3_to_4/upgrading-3-4.adoc
+// * migration_toolkit_for_containers/upgrading-mtc.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="migration-upgrading-oadp-for-mtc-18_{context}"]
+= Upgrading OADP 1.0 to 1.2 for {mtc-full} 1.8.0
+
+To upgrade OADP 1.0 to 1.2 for {mtc-full} 1.8.0, complete the following steps.
+
+.Procedure
+
+
+* For each subscription, patch the OADP operator from OADP 1.0 to OADP 1.2 by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration patch subscription redhat-oadp-operator-stable-1.0-mtc-operator-catalog-openshift-marketplace --type merge --patch '{"spec": {"channel":"stable-1.2"}}'
+----
++
+[NOTE]
+====
+Sections indicating the user-specific returned `NAME` values that are used for the installation of MTC & OADP, respectively.
+====
++
+.Example output
+[source,terminal]
+----
+subscription.operators.coreos.com/redhat-oadp-operator-stable-1.0-mtc-operator-catalog-openshift-marketplace patched
+----
++
+[NOTE]
+====
+The returned value will be similar to `redhat-oadp-operator-stable-1.0-mtc-operator-catalog-openshift-marketplace`, which is used in this example.
+====
++
+--
+* If the `installPlanApproval` parameter is set to `Automatic`, the Operator Lifecycle Manager (OLM) begins the upgrade process.
+* If the `installPlanApproval` parameter is set to `Manual`, you must approve each `installPlan` before the OLM begins the upgrades.
+--
+
+.Verification
+. Verify that the OLM has completed the upgrades of OADP and {mtc-short} by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration get subscriptions.operators.coreos.com mtc-operator -o json | jq '.status | (."state"=="AtLatestKnown")'
+----
+
+. When a value of `true` is returned, verify the channel used for each subscription by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration get sub -o json | jq -r '.items[] | {name: .metadata.name, channel: .spec.channel }'
+----
++
+.Example output
+[source,terminal]
+----
+{
+  "name": "mtc-operator",
+  "channel": "release-v1.8"
+}
+{
+  "name": "redhat-oadp-operator-stable-1.0-mtc-operator-catalog-openshift-marketplace",
+  "channel": "stable-1.2"
+}
+----
+
+ Confirm that the `mtc-operator.v1.8.0` and `oadp-operator.v1.2.x` packages are installed by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-migration get csv
+----
++
+.Example output
+[source,terminal]
+----
+NAME                     DISPLAY                                     VERSION   REPLACES                 PHASE
+mtc-operator.v1.8.0      Migration Toolkit for Containers Operator   1.8.0     mtc-operator.v1.7.13     Succeeded
+oadp-operator.v1.2.2     OADP Operator                               1.2.2     oadp-operator.v1.0.13    Succeeded
+----
diff --git a/modules/upi-limitations-for-scaling-a-upi-cluster.adoc b/modules/upi-limitations-for-scaling-a-upi-cluster.adoc
index 54dbb1abcea3..70cbd87904fb 100644
--- a/modules/upi-limitations-for-scaling-a-upi-cluster.adoc
+++ b/modules/upi-limitations-for-scaling-a-upi-cluster.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="upi-limitations-for-scaling-a-upi-cluster_{context}"]
 = Limitations for scaling a user-provisioned cluster
diff --git a/modules/upi-managing-existing-hosts-in-a-upi-cluster.adoc b/modules/upi-managing-existing-hosts-in-a-upi-cluster.adoc
index b25264fe15c4..37d0ca31cf3c 100644
--- a/modules/upi-managing-existing-hosts-in-a-upi-cluster.adoc
+++ b/modules/upi-managing-existing-hosts-in-a-upi-cluster.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="upi-managing-existing-hosts-in-a-upi-cluster_{context}"]
 = Optional: Managing existing hosts in a user-provisioned cluster by using the BMO
 
-Optionally, you can use the Bare Metal Operator (BMO) to manage existing bare-metal controller hosts in a user-provisioned cluster by creating a `BareMetalHost` object for the existing host. 
+Optionally, you can use the Bare Metal Operator (BMO) to manage existing bare-metal controller hosts in a user-provisioned cluster by creating a `BareMetalHost` object for the existing host.
 It is not a requirement to manage existing user-provisioned hosts; however, you can enroll them as externally-provisioned hosts for inventory purposes.
 
 [IMPORTANT]
@@ -56,7 +56,7 @@ spec:
     name: controller-user-data-managed
     namespace: openshift-machine-api
 ----
-<1> You can only use bare-metal host drivers that support virtual media networking booting, for example `redfish-virtualmedia` and `idrac-virtualmedia`. 
+<1> You can only use bare-metal host drivers that support virtual media networking booting, for example `redfish-virtualmedia` and `idrac-virtualmedia`.
 <2> You must set the value to true to prevent the BMO from re-provisioning the bare-metal controller host.
 
 . Create the bare-metal host object by running the following command:
@@ -69,7 +69,7 @@ $ oc create -f controller.yaml
 .Example output
 [source,terminal]
 ----
-secret/controller1-bmc created                    
+secret/controller1-bmc created
 baremetalhost.metal3.io/controller1 created
 ----
 
@@ -85,7 +85,7 @@ $ oc get bmh -A
 .Example output
 [source,terminal]
 ----
-NAMESPACE               NAME          STATE                    CONSUMER   ONLINE   ERROR   AGE                      
+NAMESPACE               NAME          STATE                    CONSUMER   ONLINE   ERROR   AGE
 openshift-machine-api   controller1   externally provisioned              true             13s
 ----
 
diff --git a/modules/upi-prerequisites-for-scaling-a-upi-cluster.adoc b/modules/upi-prerequisites-for-scaling-a-upi-cluster.adoc
index 279152397e4a..f65f6ca62e38 100644
--- a/modules/upi-prerequisites-for-scaling-a-upi-cluster.adoc
+++ b/modules/upi-prerequisites-for-scaling-a-upi-cluster.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 
 [id="upi-prequisites-for-scaling-a-upi-cluster_{context}"]
 = Prerequisites for scaling a user-provisioned cluster
diff --git a/modules/upi-provisioning-new-hosts-in-a-upi-cluster.adoc b/modules/upi-provisioning-new-hosts-in-a-upi-cluster.adoc
index 627092fa2284..1c4f2d25c1d4 100644
--- a/modules/upi-provisioning-new-hosts-in-a-upi-cluster.adoc
+++ b/modules/upi-provisioning-new-hosts-in-a-upi-cluster.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="upi-provisioning-new-hosts-in-a-upi-cluster_{context}"]
 = Provisioning new hosts in a user-provisioned cluster by using the BMO
 
-You can use the Bare Metal Operator (BMO) to provision bare-metal hosts in a user-provisioned cluster by creating a `BareMetalHost` custom resource (CR). 
+You can use the Bare Metal Operator (BMO) to provision bare-metal hosts in a user-provisioned cluster by creating a `BareMetalHost` custom resource (CR).
 
 [NOTE]
 ====
@@ -50,7 +50,7 @@ spec:
   externallyProvisioned: false <2>
   customDeploy:
     method: install_coreos
-  online: true 
+  online: true
   userData:
     name: worker-user-data-managed
     namespace: openshift-machine-api
@@ -68,7 +68,7 @@ $ oc create -f bmh.yaml
 .Example output
 [source,terminal]
 ----
-secret/worker1-bmc created                    
+secret/worker1-bmc created
 baremetalhost.metal3.io/worker1 created
 ----
 
@@ -84,9 +84,9 @@ $ oc get bmh -A
 .Example output
 [source,terminal]
 ----
-NAMESPACE               NAME          STATE                    CONSUMER   ONLINE   ERROR   AGE                      
-openshift-machine-api   controller1   externally provisioned              true             5m25s                    
-openshift-machine-api   worker1       provisioned                         true             4m45s                    
+NAMESPACE               NAME          STATE                    CONSUMER   ONLINE   ERROR   AGE
+openshift-machine-api   controller1   externally provisioned              true             5m25s
+openshift-machine-api   worker1       provisioned                         true             4m45s
 ----
 
 .. Get the list of pending CSRs by running the following command:
@@ -99,9 +99,9 @@ $ oc get csr
 .Example output
 [source,terminal]
 ----
-NAME        AGE   SIGNERNAME                                    REQUESTOR                                         REQUESTEDDURATION CONDITION                                                       
+NAME        AGE   SIGNERNAME                                    REQUESTOR                                         REQUESTEDDURATION CONDITION
 csr-gfm9f   33s   kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-o
-perator:node-bootstrapper   <none>              Pending                                                         
+perator:node-bootstrapper   <none>              Pending
 ----
 
 .. Approve the CSR by running the following command:
@@ -129,8 +129,8 @@ $ oc get nodes
 .Example output
 [source,terminal]
 ----
-NAME        STATUS   ROLES           AGE     VERSION                                                              
-app1        Ready    worker          47s     v1.24.0+dc5a2fd                                                      
-controller1 Ready    master,worker   2d22h   v1.24.0+dc5a2fd                                                      
+NAME        STATUS   ROLES           AGE     VERSION
+app1        Ready    worker          47s     v1.24.0+dc5a2fd
+controller1 Ready    master,worker   2d22h   v1.24.0+dc5a2fd
 ----
 
diff --git a/modules/upi-removing-hosts-from-a-upi-cluster.adoc b/modules/upi-removing-hosts-from-a-upi-cluster.adoc
index af230eb8fb44..19ecb3e72594 100644
--- a/modules/upi-removing-hosts-from-a-upi-cluster.adoc
+++ b/modules/upi-removing-hosts-from-a-upi-cluster.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="upi-removing-hosts-from-a-upi-cluster_{context}"]
 = Removing hosts from a user-provisioned cluster by using the BMO
 
-You can use the Bare Metal Operator (BMO) to remove bare-metal hosts from a user-provisioned cluster. 
+You can use the Bare Metal Operator (BMO) to remove bare-metal hosts from a user-provisioned cluster.
 
 .Prerequisites
 
@@ -25,20 +25,20 @@ $ oc adm drain app1 --force --ignore-daemonsets=true
 .Example output
 [source,terminal]
 ----
-node/app1 cordoned                                                                                              
+node/app1 cordoned
 WARNING: ignoring DaemonSet-managed Pods: openshift-cluster-node-tuning-operator/tuned-tvthg, openshift-dns/dns-
 default-9q6rz, openshift-dns/node-resolver-zvt42, openshift-image-registry/node-ca-mzxth, openshift-ingress-cana
 ry/ingress-canary-qq5lf, openshift-machine-config-operator/machine-config-daemon-v79dm, openshift-monitoring/nod
 e-exporter-2vn59, openshift-multus/multus-additional-cni-plugins-wssvj, openshift-multus/multus-fn8tg, openshift
 -multus/network-metrics-daemon-5qv55, openshift-network-diagnostics/network-check-target-jqxn2, openshift-ovn-ku
-bernetes/ovnkube-node-rsvqg                                                                                     
-evicting pod openshift-operator-lifecycle-manager/collect-profiles-27766965-258vp                               
-evicting pod openshift-operator-lifecycle-manager/collect-profiles-27766950-kg5mk                               
-evicting pod openshift-operator-lifecycle-manager/collect-profiles-27766935-stf4s                               
-pod/collect-profiles-27766965-258vp evicted                                                                     
-pod/collect-profiles-27766950-kg5mk evicted                                                                     
-pod/collect-profiles-27766935-stf4s evicted                                                                     
-node/app1 drained                                                                                               
+bernetes/ovnkube-node-rsvqg
+evicting pod openshift-operator-lifecycle-manager/collect-profiles-27766965-258vp
+evicting pod openshift-operator-lifecycle-manager/collect-profiles-27766950-kg5mk
+evicting pod openshift-operator-lifecycle-manager/collect-profiles-27766935-stf4s
+pod/collect-profiles-27766965-258vp evicted
+pod/collect-profiles-27766950-kg5mk evicted
+pod/collect-profiles-27766935-stf4s evicted
+node/app1 drained
 ----
 
 . Delete the `customDeploy` specification from the `BareMetalHost` CR.
@@ -69,9 +69,9 @@ $ oc get bmh -A
 .Example output
 [source,terminal]
 ----
-NAMESPACE               NAME          STATE                    CONSUMER   ONLINE   ERROR   AGE                      
-openshift-machine-api   controller1   externally provisioned              true             58m                      
-openshift-machine-api   worker1       deprovisioning                      true             57m                      
+NAMESPACE               NAME          STATE                    CONSUMER   ONLINE   ERROR   AGE
+openshift-machine-api   controller1   externally provisioned              true             58m
+openshift-machine-api   worker1       deprovisioning                      true             57m
 ----
 
 . Delete the node by running the following command:
@@ -93,7 +93,7 @@ $ oc get nodes
 .Example output
 [source,terminal]
 ----
-NAME          STATUS   ROLES           AGE     VERSION                                                              
-controller1   Ready    master,worker   2d23h   v1.24.0+dc5a2fd                                                      
+NAME          STATUS   ROLES           AGE     VERSION
+controller1   Ready    master,worker   2d23h   v1.24.0+dc5a2fd
 ----
 
diff --git a/modules/using-aws-cli-create-iam-role-alb-controller.adoc b/modules/using-aws-cli-create-iam-role-alb-controller.adoc
new file mode 100644
index 000000000000..eb5c5baf87da
--- /dev/null
+++ b/modules/using-aws-cli-create-iam-role-alb-controller.adoc
@@ -0,0 +1,90 @@
+// Module included in the following assemblies:
+//
+// * networking/installing-albo-sts-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="using-aws-cli-create-iam-role-alb-controller_{context}"]
+= Using the AWS CLI to create an IAM role for the Controller
+
+You can use the `aws` command line interface to create an IAM role for the `AWSLoadBalancerController`. The created IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
+
+.Prerequisites
+
+* You must have access to the `aws` command line interface.
+
+.Procedure
+
+. Generate a trust policy file using your identity provider by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF > albo-controller-trust-policy.json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::777777777777:oidc-provider/<oidc-provider-id>" <1>
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringEquals": {
+                    "<oidc-provider-id>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster" <2>
+                }
+            }
+        }
+    ]
+}
+EOF
+----
+<1> Specifies the ARN of the identity provider.
+<2> Specifies the service account for the `AWSLoadBalancerController`.
+
+. Create the IAM role with the generated trust policy by running the following command:
++
+[source,terminal]
+----
+$ aws iam create-role --role-name albo-controller --assume-role-policy-document file://albo-controller-trusted-policy.json
+----
++
+.Example output
+[source,terminal]
+----
+ROLE	arn:aws:iam::777777777777:role/albo-controller	2023-08-02T12:13:22Z <1>
+ASSUMEROLEPOLICYDOCUMENT	2012-10-17
+STATEMENT	sts:AssumeRoleWithWebIdentity	Allow
+STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster
+PRINCIPAL	arn:aws:iam:777777777777:oidc-provider/<oidc-provider-id>
+----
+<1> Note the ARN of the created IAM role.
+
+. Download the permission policy for the `AWSLoadBalancerController` by running the following command:
++
+[source,terminal]
+----
+$ curl -o albo-controller-permission-policy.json https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/assets/iam-policy.json
+----
+
+. Attach the permission policy for the `AWSLoadBalancerController` to the IAM role by running the following command:
++
+[source,terminal]
+----
+$ aws iam put-role-policy --role-name albo-controller --policy-name perms-policy-albo-controller --policy-document file://albo-controller-permission-policy.json
+----
+
+. Create an `AWSLoadBalancerController` resource file named `example-sts-iam-role.yaml` with contents such as the following example:
++
+[source,yaml]
+----
+apiVersion: networking.olm.openshift.io/v1
+kind: AWSLoadBalancerController <1>
+metadata:
+  name: cluster <2>
+spec:
+  credentialsRequestConfig:
+    stsIAMRoleARN: <role-arn> <3>
+----
+<1> Defines the `AWSLoadBalancerController` resource.
+<2> Defines the instance name for the `AWSLoadBalancerController`. All related resources use this instance name as a suffix.
+<3> Specifies the role ARN to be used in a `CredentialsRequest` to provision the AWS credentials for the controller.
diff --git a/modules/using-aws-cli-create-iam-role-alb-operator.adoc b/modules/using-aws-cli-create-iam-role-alb-operator.adoc
new file mode 100644
index 000000000000..51ff20f3c68a
--- /dev/null
+++ b/modules/using-aws-cli-create-iam-role-alb-operator.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// * networking/installing-albo-sts-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="using-aws-cli-create-iam-role-alb-operator_{context}"]
+= Using the AWS CLI to create an IAM role for the Operator
+
+You can use the `aws` command line interface to create an IAM role for the AWS Load Balancer (ALB) Operator. The created IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
+
+.Prerequisites
+
+* You must have access to the `aws` command line interface.
+
+.Procedure
+
+. Generate a trust policy file using your identity provider by running the following command:
++
+[source,terminal]
+----
+$ cat <<EOF > albo-operator-trust-policy.json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::777777777777:oidc-provider/<oidc-provider-id>" <1>
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringEquals": {
+                    "<oidc-provider-id>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager" <2>
+                }
+            }
+        }
+    ]
+}
+EOF
+----
+<1> Specifies the ARN of the identity provider.
+<2> Specifies the service account for the Operator.
+
+. Create the IAM role with the generated trust policy by running the following command:
++
+[source,terminal]
+----
+$ aws iam create-role --role-name albo-operator --assume-role-policy-document file://albo-operator-trusted-policy.json
+----
++
+.Example output
+[source,terminal]
+----
+ROLE	arn:aws:iam::777777777777:role/albo-operator	2023-08-02T12:13:22Z <1>
+ASSUMEROLEPOLICYDOCUMENT	2012-10-17
+STATEMENT	sts:AssumeRoleWithWebIdentity	Allow
+STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-manager
+PRINCIPAL	arn:aws:iam:777777777777:oidc-provider/<oidc-provider-id>
+----
+<1> Note the ARN of the created IAM role.
+
+. Download the permission policy for the ALB Operator by running the following command:
++
+[source,terminal]
+----
+$ curl -o albo-controller-permission-policy.json https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/assets/iam-policy.json
+----
+
+. Attach the permission policy for the `AWSLoadBalancerController` to the IAM role by running the following command:
++
+[source,terminal]
+----
+$ aws iam put-role-policy --role-name albo-controller --policy-name perms-policy-albo-controller --policy-document file://albo-controller-permission-policy.json
+----
diff --git a/modules/using-ccoctl-create-iam-role-alb-controller.adoc b/modules/using-ccoctl-create-iam-role-alb-controller.adoc
new file mode 100644
index 000000000000..88520b8e98b0
--- /dev/null
+++ b/modules/using-ccoctl-create-iam-role-alb-controller.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * networking/installing-albo-sts-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="using-ccoctl-create-iam-role-alb-controller_{context}"]
+= Using ccoctl to create an IAM role for the Controller
+
+You can use the `ccoctl` binary to create an IAM role for the `AWSLoadBalancerController`. The created IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
+
+.Prerequisites
+
+* You must extract and prepare the `ccoctl` binary.
+
+.Procedure
+
+. Download the `CredentialsRequest` custom resource (CR) of the AWS Load Balancer Operator and create a directory to store it in by running the following command:
++
+[source,terminal]
+----
+$ curl --create-dirs -o <credrequests-dir>/controller.yaml https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/controller/controller-credentials-request.yaml
+----
+
+. Use `ccoctl` to create an IAM role by running the following command:
++
+[source,terminal]
+----
+$ ccoctl aws create-iam-roles \
+    --name <name> \
+    --region=<aws_region> \
+    --credentials-requests-dir=<credrequests-dir> \
+    --identity-provider-arn <oidc-arn>
+----
++
+.Example output
+[source,terminal]
+----
+2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller created <1>
+2023/09/12 11:38:57 Saved credentials configuration to: /home/user/<credrequests-dir>/manifests/aws-load-balancer-operator-aws-load-balancer-controller-credentials.yaml
+2023/09/12 11:38:58 Updated Role policy for Role <name>-aws-load-balancer-operator-aws-load-balancer-controller created
+----
+<1> Note the ARN of the created IAM role.
++
+[NOTE]
+====
+The length of the role name must be less than or equal to 12 characters.
+====
\ No newline at end of file
diff --git a/modules/using-ccoctl-create-iam-role-alb-operator.adoc b/modules/using-ccoctl-create-iam-role-alb-operator.adoc
new file mode 100644
index 000000000000..1e946b9b5fba
--- /dev/null
+++ b/modules/using-ccoctl-create-iam-role-alb-operator.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * networking/installing-albo-sts-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="using-ccoctl-create-iam-role-alb-operator_{context}"]
+= Using ccoctl to create an IAM role for the Operator
+
+You can use the `ccoctl` binary to create an IAM role for the AWS Load Balancer (ALB) Operator. The created IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
+
+.Prerequisites
+
+* You must extract and prepare the `ccoctl` binary.
+
+.Procedure
+
+. Download the `CredentialsRequest` custom resource (CR) of the ALB Operator and create a directory to store it in by running the following command:
++
+[source,terminal]
+----
+$ curl --create-dirs -o <credrequests-dir>/operator.yaml https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/operator-credentials-request.yaml
+----
+
+. Use `ccoctl` to create an IAM role by running the following command:
++
+[source,terminal]
+----
+$ ccoctl aws create-iam-roles \
+    --name <name> \
+    --region=<aws_region> \
+    --credentials-requests-dir=<credrequests-dir> \
+    --identity-provider-arn <oidc-arn>
+----
++
+.Example output
+[source,terminal]
+----
+2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-operator created <1>
+2023/09/12 11:38:57 Saved credentials configuration to: /home/user/<credrequests-dir>/manifests/aws-load-balancer-operator-aws-load-balancer-operator-credentials.yaml
+2023/09/12 11:38:58 Updated Role policy for Role <name>-aws-load-balancer-operator-aws-load-balancer-operator created
+----
+<1> Note the ARN of the created IAM role.
++
+[NOTE]
+====
+The length of the role name must be less than or equal to 12 characters.
+====
\ No newline at end of file
diff --git a/modules/using-mediated-devices.adoc b/modules/using-mediated-devices.adoc
deleted file mode 100644
index c069e6cf5edb..000000000000
--- a/modules/using-mediated-devices.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: CONCEPT
-[id="virt-using-mediated-devices_{context}"]
-= Using mediated devices
-
-A vGPU is a type of mediated device; the performance of the physical GPU is divided among the virtual devices. You can assign mediated devices to one or more virtual machines.
\ No newline at end of file
diff --git a/modules/using-wildcard-routes.adoc b/modules/using-wildcard-routes.adoc
index 02245701aadf..43901465ed41 100644
--- a/modules/using-wildcard-routes.adoc
+++ b/modules/using-wildcard-routes.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/configuring-ingress-controller
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="using-wildcard-routes_{context}"]
 = Using wildcard routes
 
diff --git a/modules/validations-before-agent-iso-creation.adoc b/modules/validations-before-agent-iso-creation.adoc
index 5c2e4b887309..908b60a93ba2 100644
--- a/modules/validations-before-agent-iso-creation.adoc
+++ b/modules/validations-before-agent-iso-creation.adoc
@@ -2,7 +2,7 @@
 //
 // * installing/installing-with-agent/installing-with-agent.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="validations-before-agent-iso-creation_{context}"]
 = Validation checks before agent ISO creation
 
diff --git a/modules/velero-oadp-version-relationship.adoc b/modules/velero-oadp-version-relationship.adoc
new file mode 100644
index 000000000000..7055727eeb8f
--- /dev/null
+++ b/modules/velero-oadp-version-relationship.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: CONCEPT
+[id="velero-oadp-version-relationship_{context}"]
+= OADP-Velero-{product-title} version relationship
+
+[cols="3", options="header"]
+|===
+|OADP version |Velero version |{product-title} version
+| 1.1.0 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.9 and later
+| 1.1.1 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.9 and later
+| 1.1.2 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.9 and later
+| 1.1.3 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.9 and later
+| 1.1.4 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.9 and later
+| 1.1.5 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.9 and later
+| 1.1.6 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.11 and later
+| 1.1.7 | link:https://{velero-domain}/docs/v1.9]/[1.9] | 4.11 and later
+| 1.2.0 | link:https://{velero-domain}/docs/v1.11/[1.11] | 4.11 and later
+| 1.2.1 | link:https://{velero-domain}/docs/v1.11/[1.11] | 4.11 and later
+| 1.2.2 | link:https://{velero-domain}/docs/v1.11/[1.11] | 4.11 and later
+| 1.2.3 | link:https://{velero-domain}/docs/v1.11/[1.11] | 4.11 and later
+| 1.3.0 | link:https://{velero-domain}/docs/v1.12/[1.12] | 4.12 and later
+|===
diff --git a/modules/velero-obtaining-by-accessing-binary.adoc b/modules/velero-obtaining-by-accessing-binary.adoc
index 1a4706a0b2fc..fc5bd4468e92 100644
--- a/modules/velero-obtaining-by-accessing-binary.adoc
+++ b/modules/velero-obtaining-by-accessing-binary.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="velero-obtaining-by-accessing-binary_{context}"]
 = Accessing the Velero binary in the Velero deployment in the cluster
 
diff --git a/modules/velero-obtaining-by-downloading.adoc b/modules/velero-obtaining-by-downloading.adoc
index f14f8b74eef8..afa45a2f32d6 100644
--- a/modules/velero-obtaining-by-downloading.adoc
+++ b/modules/velero-obtaining-by-downloading.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="velero-obtaining-by-downloading_{context}"]
 = Downloading the Velero CLI tool
 
@@ -23,17 +23,4 @@ The page includes instructions for:
 
 . Open a browser and navigate to link:https://{velero-domain}/docs/v{velero-version}/basic-install/#install-the-cli["Install the CLI" on the Velero website].
 . Follow the appropriate procedure for macOS, GitHub, or Windows.
-. Download the Velero version appropriate for your version of OADP and {product-title}  according to the table that follows:
-+
-.OADP-Velero-{product-title} version relationship
-[cols="3", options="header"]
-|===
-|OADP version |Velero version |{product-title} version
-|1.0.0 |link:https://{velero-domain}/docs/v1.7/[1.7] |4.6 and later
-|1.0.1 |link:https://{velero-domain}/docs/v1.7/[1.7] |4.6 and later
-|1.0.2 |link:https://{velero-domain}/docs/v1.7/[1.7] |4.6 and later
-|1.0.3 |link:https://{velero-domain}/docs/v1.7/[1.7] |4.6 and later
-|1.1.0 |link:https://{velero-domain}/docs/v{velero-version}/[{velero-version}] |4.9 and later
-|1.1.1 |link:https://{velero-domain}/docs/v{velero-version}/[{velero-version}] |4.9 and later
-|1.1.2 |link:https://{velero-domain}/docs/v{velero-version}/[{velero-version}] |4.9 and later
-|===
+. Download the Velero version appropriate for your version of OADP and {product-title}.
diff --git a/modules/verifying-crio-status.adoc b/modules/verifying-crio-status.adoc
index 4c79d405b521..051dfe5dae34 100644
--- a/modules/verifying-crio-status.adoc
+++ b/modules/verifying-crio-status.adoc
@@ -2,7 +2,7 @@
 //
 // * support/troubleshooting/troubleshooting-crio-issues.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="verifying-crio-status_{context}"]
 = Verifying CRI-O runtime engine status
 
@@ -10,7 +10,12 @@ You can verify CRI-O container runtime engine status on each cluster node.
 
 .Prerequisites
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * You have access to the cluster as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You have access to the cluster as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
diff --git a/modules/verifying-serverless-app-deployment.adoc b/modules/verifying-serverless-app-deployment.adoc
index 9e13fabc8e9c..5776648fd9ad 100644
--- a/modules/verifying-serverless-app-deployment.adoc
+++ b/modules/verifying-serverless-app-deployment.adoc
@@ -2,7 +2,7 @@
 //
 // serverless/develop/serverless-applications.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="verifying-serverless-app-deployment_{context}"]
 = Verifying your serverless application deployment
 
diff --git a/modules/verifying-the-assumed-iam-role-in-your-pod.adoc b/modules/verifying-the-assumed-iam-role-in-your-pod.adoc
index 8817bc8d43d3..ab646bd7f0cb 100644
--- a/modules/verifying-the-assumed-iam-role-in-your-pod.adoc
+++ b/modules/verifying-the-assumed-iam-role-in-your-pod.adoc
@@ -2,7 +2,7 @@
 //
 // * authentication/assuming-an-aws-iam-role-for-a-service-account.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="verifying-the-assumed-iam-role-in-your-pod_{context}"]
 = Verifying the assumed IAM role in your pod
 
@@ -126,7 +126,7 @@ $ ls /var/run/secrets/eks.amazonaws.com/serviceaccount/token
 +
 [source,terminal]
 ----
-$ python3 
+$ python3
 ----
 
 .. In the Python 3 shell, import the `boto3` module:
@@ -149,7 +149,7 @@ $ python3
 ----
 >>> for bucket in s3.buckets.all():
 ...     print(bucket.name)
-... 
+...
 ----
 +
 .Example output:
diff --git a/modules/viewing-a-project-using-the-CLI.adoc b/modules/viewing-a-project-using-the-CLI.adoc
index 0be3f5c8b3cd..68c57f0e84cf 100644
--- a/modules/viewing-a-project-using-the-CLI.adoc
+++ b/modules/viewing-a-project-using-the-CLI.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-a-project-using-the-CLI_{context}"]
 = Viewing a project using the CLI
 
diff --git a/modules/viewing-a-project-using-the-web-console.adoc b/modules/viewing-a-project-using-the-web-console.adoc
index 713c80039ca9..a28fc24b94a4 100644
--- a/modules/viewing-a-project-using-the-web-console.adoc
+++ b/modules/viewing-a-project-using-the-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // applications/projects/working-with-projects.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-a-project-using-the-web-console_{context}"]
 = Viewing a project using the web console
 
diff --git a/modules/viewing-resource-logs-cli-console.adoc b/modules/viewing-resource-logs-cli-console.adoc
index abdb5595d593..54a76b0c6d70 100644
--- a/modules/viewing-resource-logs-cli-console.adoc
+++ b/modules/viewing-resource-logs-cli-console.adoc
@@ -1,21 +1,21 @@
 // Module included in the following assemblies:
 //
-// * logging/viewing-resource-logs.adoc
+// * logging/log_visualization/log-visualization.adoc
 // * nodes/pods/nodes-pods-viewing.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-resource-logs-cli-console_{context}"]
 = Viewing resource logs
 
-You can view the log for various resources in the OpenShift CLI (oc) and web console. Logs read from the tail, or end, of the log.
+You can view the log for various resources in the {oc-first} and web console. Logs read from the tail, or end, of the log.
 
 .Prerequisites
 
-* Access to the OpenShift CLI (oc).
+* Access to the {oc-first}.
 
 .Procedure (UI)
 
-. In the {product-title} console, navigate to *Workloads* -> *Pods* or navigate to the pod through the resource you want to investigate. 
+. In the {product-title} console, navigate to *Workloads* -> *Pods* or navigate to the pod through the resource you want to investigate.
 +
 [NOTE]
 ====
@@ -26,7 +26,7 @@ Some resources, such as builds, do not have pods to query directly. In such inst
 
 . Click the name of the pod you want to investigate.
 
-. Click *Logs*. 
+. Click *Logs*.
 
 .Procedure (CLI)
 
@@ -40,7 +40,7 @@ $ oc logs -f <pod_name> -c <container_name>
 --
 where:
 
-`-f`:: Optional: Specifies that the output follows what is being written into the logs. 
+`-f`:: Optional: Specifies that the output follows what is being written into the logs.
 `<pod_name>`:: Specifies the name of the pod.
 `<container_name>`:: Optional: Specifies the name of a container. When a pod has more than one container, you must specify the container name.
 --
@@ -75,4 +75,3 @@ $ oc logs deployment/ruby
 ----
 +
 The contents of log files are printed out.
-
diff --git a/modules/viewing-the-image-pull-source.adoc b/modules/viewing-the-image-pull-source.adoc
index b0194595147b..d83064a7e82d 100644
--- a/modules/viewing-the-image-pull-source.adoc
+++ b/modules/viewing-the-image-pull-source.adoc
@@ -2,7 +2,7 @@
 //
 // *installing/validating-an-installation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-the-image-pull-source_{context}"]
 = Viewing the image pull source
 
diff --git a/modules/viewing-the-service-logs-cli.adoc b/modules/viewing-the-service-logs-cli.adoc
index 45ba1cf2ace5..33a93ecd32e7 100644
--- a/modules/viewing-the-service-logs-cli.adoc
+++ b/modules/viewing-the-service-logs-cli.adoc
@@ -3,16 +3,16 @@
 // * osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
 // * logging/sd-accessing-the-service-logs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-the-service-logs-cli_{context}"]
 = Viewing the service logs by using the CLI
 
-You can view the service logs for 
+You can view the service logs for
 ifdef::openshift-dedicated[]
-{product-title} 
+{product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-{product-title} (ROSA) 
+{product-title} (ROSA)
 endif::openshift-rosa[]
 clusters by using the {cluster-manager} CLI (`ocm`).
 
diff --git a/modules/viewing-the-service-logs-ocm.adoc b/modules/viewing-the-service-logs-ocm.adoc
index 55f11c7d6e42..06460b9c5c0f 100644
--- a/modules/viewing-the-service-logs-ocm.adoc
+++ b/modules/viewing-the-service-logs-ocm.adoc
@@ -4,16 +4,16 @@
 // * osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
 // * logging/sd-accessing-the-service-logs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-the-service-logs-ocm_{context}"]
 = Viewing the service logs by using {cluster-manager}
 
-You can view the service logs for 
+You can view the service logs for
 ifdef::openshift-dedicated[]
-an {product-title} 
+an {product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-a {product-title} (ROSA) 
+a {product-title} (ROSA)
 endif::openshift-rosa[]
 cluster by using {cluster-manager-first}.
 
@@ -21,10 +21,10 @@ cluster by using {cluster-manager-first}.
 
 * You have installed
 ifdef::openshift-dedicated[]
-an {product-title} 
+an {product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-a ROSA 
+a ROSA
 endif::openshift-rosa[]
 cluster.
 
diff --git a/modules/viewing-the-service-logs.adoc b/modules/viewing-the-service-logs.adoc
index 921c222b5343..8f8cb8e0f2df 100644
--- a/modules/viewing-the-service-logs.adoc
+++ b/modules/viewing-the-service-logs.adoc
@@ -3,7 +3,7 @@
 // * osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
 // * logging/sd-accessing-the-service-logs.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="viewing-the-service-logs_{context}"]
 = Viewing the service logs
 
diff --git a/modules/virt-about-auto-bootsource-updates.adoc b/modules/virt-about-auto-bootsource-updates.adoc
index b903121ef832..53123b7fa911 100644
--- a/modules/virt-about-auto-bootsource-updates.adoc
+++ b/modules/virt-about-auto-bootsource-updates.adoc
@@ -1,16 +1,18 @@
 // Module included in the following assembly:
 //
-// * virt/vm_templates/virt-automatic-bootsource-updates.adoc
+// * virt/virtual_machines/virt-creating-and-using-boot-sources.adoc
 //
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-auto-bootsource-updates_{context}"]
 = About automatic boot source updates
 
 Boot sources can make virtual machine (VM) creation more accessible and efficient for users. If automatic boot source updates are enabled, the Containerized Data Importer (CDI) imports, polls, and updates the images so that they are ready to be cloned for new VMs. By default, CDI automatically updates the _system-defined_ boot sources that {VirtProductName} provides.
 
-You can opt out of automatic updates for all system-defined boot sources by disabling the `enableCommonBootImageImport` feature gate. If you disable this feature gate, all `DataImportCron` objects are deleted. This does not remove previously imported `PersistentVolumeClaim` (PVC) objects that store operating system images, though administrators can delete them manually. 
+You can opt out of automatic updates for all system-defined boot sources by disabling the `enableCommonBootImageImport` feature gate. If you disable this feature gate, all `DataImportCron` objects are deleted. This does not remove previously imported boot source objects that store operating system images, though administrators can delete them manually.
 
-When the `enableCommonBootImageImport` feature gate is disabled, `DataSource` objects are reset so that they no longer point to the original PVCs. An administrator can manually provide a boot source by creating a new PVC for the `DataSource` object and populating the PVC with an operating system image.
+When the `enableCommonBootImageImport` feature gate is disabled, `DataSource` objects are reset so that they no longer point to the original boot source. An administrator can manually provide a boot source by populating a PVC with an operating system, optionally creating a volume snapshot from the PVC, and then referring to the PVC or volume snapshot from the `DataSource` object.
 
-_Custom_ boot sources that are not provided by {VirtProductName} are not controlled by the feature gate. You must manage them individually by editing the `HyperConverged` custom resource (CR). You can also use this method to manage individual system-defined boot sources.
\ No newline at end of file
+_Custom_ boot sources that are not provided by {VirtProductName} are not controlled by the feature gate. You must manage them individually by editing the `HyperConverged` custom resource (CR). You can also use this method to manage individual system-defined boot sources.
+
+Cluster administrators can enable automatic subscription for {op-system-base-full} virtual machines in the {VirtProductName} xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[web console].
\ No newline at end of file
diff --git a/modules/virt-about-block-pvs.adoc b/modules/virt-about-block-pvs.adoc
index 5daef134149a..9be4dafc8acc 100644
--- a/modules/virt-about-block-pvs.adoc
+++ b/modules/virt-about-block-pvs.adoc
@@ -1,11 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume-block.adoc
+// * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
 // * virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
+// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-to-new-block-storage-pvc.adoc
 
-
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-block-pvs_{context}"]
 = About block persistent volumes
 
diff --git a/modules/virt-about-cdi-operator.adoc b/modules/virt-about-cdi-operator.adoc
index c692fb90a03a..54e4a1a787c3 100644
--- a/modules/virt-about-cdi-operator.adoc
+++ b/modules/virt-about-cdi-operator.adoc
@@ -2,15 +2,15 @@
 //
 // * virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-cdi-operator_{context}"]
-= About the cdi-operator
+= About the Containerized Data Importer (CDI) Operator
 
-The `cdi-operator` manages the Containerized Data Importer (CDI), and its related resources, which imports a virtual machine (VM) image into a persistent volume claim (PVC) by using a data volume.
+The CDI Operator, `cdi-operator`, manages CDI and its related resources, which imports a virtual machine (VM) image into a persistent volume claim (PVC) by using a data volume.
 
 image::cnv_components_cdi-operator.png[cdi-operator components]
 
-.cdi-operator components
+.CDI Operator components
 [cols="1,1"]
 |===
 |*Component* |*Description*
diff --git a/modules/virt-about-changing-removing-mediated-devices.adoc b/modules/virt-about-changing-removing-mediated-devices.adoc
index a774689c452b..3624b0342f69 100644
--- a/modules/virt-about-changing-removing-mediated-devices.adoc
+++ b/modules/virt-about-changing-removing-mediated-devices.adoc
@@ -1,23 +1,20 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: CONCEPT
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
+:_mod-docs-content-type: CONCEPT
 [id="about-changing-removing-mediated-devices_{context}"]
 = About changing and removing mediated devices
 
-The cluster's mediated device configuration can be updated with {VirtProductName} by:
+You can reconfigure or remove mediated devices in several ways:
 
-* Editing the `HyperConverged` CR and change the contents of the `mediatedDevicesTypes` stanza.
+* Edit the `HyperConverged` CR and change the contents of the `mediatedDeviceTypes` stanza.
 
-* Changing the node labels that match the `nodeMediatedDeviceTypes` node selector.
+* Change the node labels that match the `nodeMediatedDeviceTypes` node selector.
 
-* Removing the device information from the `spec.mediatedDevicesConfiguration` and `spec.permittedHostDevices` stanzas of the `HyperConverged` CR.
+* Remove the device information from the `spec.mediatedDevicesConfiguration` and `spec.permittedHostDevices` stanzas of the `HyperConverged` CR.
 +
 [NOTE]
 ====
 If you remove the device information from the `spec.permittedHostDevices` stanza without also removing it from the `spec.mediatedDevicesConfiguration` stanza, you cannot create a new mediated device type on the same node. To properly remove mediated devices, remove the device information from both stanzas.
-====
-
-Depending on the specific changes, these actions cause {VirtProductName} to reconfigure mediated devices or remove them from the cluster nodes.
\ No newline at end of file
+====
\ No newline at end of file
diff --git a/modules/virt-about-cluster-checkup-framework.adoc b/modules/virt-about-cluster-checkup-framework.adoc
index a0cffef96bfe..ede84bee20f5 100644
--- a/modules/virt-about-cluster-checkup-framework.adoc
+++ b/modules/virt-about-cluster-checkup-framework.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/support/virt-running-cluster-checkups.adoc
+// * virt/monitoring/virt-running-cluster-checkups.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-cluster-checkup-framework_{context}"]
-= About the {product-title} cluster checkup framework
+= About the {VirtProductName} cluster checkup framework
 
 A _checkup_ is an automated test workload that allows you to verify if a specific cluster functionality works as expected. The cluster checkup framework uses native Kubernetes resources to configure and execute the checkup.
 
diff --git a/modules/virt-about-cluster-network-addons-operator.adoc b/modules/virt-about-cluster-network-addons-operator.adoc
index 9f1942d3f988..2bf7fee3f77d 100644
--- a/modules/virt-about-cluster-network-addons-operator.adoc
+++ b/modules/virt-about-cluster-network-addons-operator.adoc
@@ -2,15 +2,15 @@
 //
 // * virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-cluster-network-addons-operator_{context}"]
-= About the cluster-network-addons-operator
+= About the Cluster Network Addons Operator
 
-The `cluster-network-addons-operator` deploys networking components on a cluster and manages the related resources for extended network functionality.
+The Cluster Network Addons Operator, `cluster-network-addons-operator`, deploys networking components on a cluster and manages the related resources for extended network functionality.
 
 image::cnv_components_cluster-network-addons-operator.png[cluster-network-addons-operator components]
 
-.cluster-network-addons-operator components
+.Cluster Network Addons Operator components
 [cols="1,1"]
 |===
 |*Component* |*Description*
@@ -25,5 +25,5 @@ image::cnv_components_cluster-network-addons-operator.png[cluster-network-addons
 |Marks network bridges available on nodes as node resources.
 
 |`daemonset/kube-cni-linux-bridge-plugin`
-|Installs CNI plugins on cluster nodes, enabling the attachment of VMs to Linux bridges through network attachment definitions.
+|Installs Container Network Interface (CNI) plugins on cluster nodes, enabling the attachment of VMs to Linux bridges through network attachment definitions.
 |===
diff --git a/modules/virt-about-container-disks.adoc b/modules/virt-about-container-disks.adoc
deleted file mode 100644
index d02b2d3e9dc0..000000000000
--- a/modules/virt-about-container-disks.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc
-// * virt/virtual_machines/importing_vms/virt-importing-container-disk-with-datavolumes.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-container-disks_{context}"]
-= About container disks
-
-A container disk is a virtual machine image that is stored as a container image in a container image registry. You can use container disks to deliver the same disk images to multiple virtual machines and to create large numbers of virtual machine clones.
-
-A container disk can either be imported into a persistent volume claim (PVC) by using a data volume that is attached to a virtual machine, or attached directly to a virtual machine as an ephemeral `containerDisk` volume.
-
-== Importing a container disk into a PVC by using a data volume
-
-Use the Containerized Data Importer (CDI) to import the container disk into a PVC by using a data volume. You can then attach the data volume to a virtual machine for persistent storage.
-
-== Attaching a container disk to a virtual machine as a `containerDisk` volume
-
-A `containerDisk` volume is ephemeral. It is discarded when the virtual machine is stopped, restarted, or deleted. When a virtual machine with a `containerDisk` volume starts, the container image is pulled from the registry and hosted on the node that is hosting the virtual machine.
-
-Use `containerDisk` volumes for read-only file systems such as CD-ROMs or for disposable virtual machines.
-
-[IMPORTANT]
-====
-Using `containerDisk` volumes for read-write file systems is not recommended because the data is temporarily written to local storage on the hosting node. This slows live migration of the virtual machine, such as in the case of node maintenance, because the data must be migrated to the destination node. Additionally, all data is lost if the node loses power or otherwise shuts down unexpectedly.
-====
-
diff --git a/modules/virt-about-cpu-and-memory-quota-namespace.adoc b/modules/virt-about-cpu-and-memory-quota-namespace.adoc
index 843ef269bb23..dec4158a3a61 100644
--- a/modules/virt-about-cpu-and-memory-quota-namespace.adoc
+++ b/modules/virt-about-cpu-and-memory-quota-namespace.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-cdi-for-namespace-resourcequota.adoc
+// * virt/storage/virt-configuring-cdi-for-namespace-resourcequota.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-cpu-and-memory-quota-namespace_{context}"]
 = About CPU and memory quotas in a namespace
 
diff --git a/modules/virt-about-creating-storage-classes.adoc b/modules/virt-about-creating-storage-classes.adoc
index 27545f0282ba..5f560c9ca406 100644
--- a/modules/virt-about-creating-storage-classes.adoc
+++ b/modules/virt-about-creating-storage-classes.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
+// * virt/storage/virt-configuring-local-storage-with-hpp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-creating-storage-classes_{context}"]
 = About creating storage classes
 
diff --git a/modules/virt-about-datavolumes.adoc b/modules/virt-about-datavolumes.adoc
index 62cab372f453..af116cbcc373 100644
--- a/modules/virt-about-datavolumes.adoc
+++ b/modules/virt-about-datavolumes.adoc
@@ -1,19 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc
-// * virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc
 // * virt/virtual_machines/virtual_disks/virt-expanding-virtual-storage-with-blank-disk-images.adoc
-// * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
-// * virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-using-datavolumetemplate.adoc
-// * virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
-// * virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
+// * virt/storage/virt-preparing-cdi-scratch-space.adoc
+// * virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc
 
-
-
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-datavolumes_{context}"]
 = About data volumes
 
@@ -23,5 +14,3 @@
 ====
 * VM disk PVCs that are prepared by using standalone data volumes maintain an independent lifecycle from the VM. If you use the `dataVolumeTemplate` field in the VM specification to prepare the PVC, the PVC shares the same lifecycle as the VM.
 ====
-
-After a PVC is populated, the data volume that you used to create the PVC is no longer needed. {VirtProductName} enables automatic garbage collection of completed data volumes by default. Standalone data volumes, and data volumes created by using the `dataVolumeTemplate` resource, are automatically garbage collected after completion.
diff --git a/modules/virt-about-dedicated-resources.adoc b/modules/virt-about-dedicated-resources.adoc
index b7b654dd45d7..1e1f5df3f040 100644
--- a/modules/virt-about-dedicated-resources.adoc
+++ b/modules/virt-about-dedicated-resources.adoc
@@ -1,9 +1,8 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/advanced_vm_management/virt-dedicated-resources-vm.adoc
-// * virt/vm_templates/virt-dedicated-resources-vm-template.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-dedicated-resources_{context}"]
 
 = About dedicated resources
diff --git a/modules/virt-about-dv-conditions-and-events.adoc b/modules/virt-about-dv-conditions-and-events.adoc
index f659f66d4183..366211835bf1 100644
--- a/modules/virt-about-dv-conditions-and-events.adoc
+++ b/modules/virt-about-dv-conditions-and-events.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-dv-conditions-and-events.adoc_{context}"]
 = About data volume conditions and events
 
diff --git a/modules/virt-about-eus-updates.adoc b/modules/virt-about-eus-updates.adoc
index 0788802b9138..d281318124d9 100644
--- a/modules/virt-about-eus-updates.adoc
+++ b/modules/virt-about-eus-updates.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-eus-updates_{context}"]
 = About EUS-to-EUS updates
 
diff --git a/modules/virt-about-hco-operator.adoc b/modules/virt-about-hco-operator.adoc
index 5e599a5ecec5..176a4cda28cb 100644
--- a/modules/virt-about-hco-operator.adoc
+++ b/modules/virt-about-hco-operator.adoc
@@ -2,15 +2,15 @@
 //
 // * virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-hco-operator_{context}"]
-= About the hco-operator
+= About the HyperConverged Operator (HCO)
 
-The `hco-operator` (HCO) provides a single entry  point for deploying and managing {VirtProductName} and several helper operators with opinionated defaults. It also creates custom resources (CRs) for those operators.
+The HCO, `hco-operator`, provides a single entry point for deploying and managing {VirtProductName} and several helper operators with opinionated defaults. It also creates custom resources (CRs) for those operators.
 
 image::cnv_components_hco-operator.png[hco-operator components]
 
-.hco-operator components
+.HyperConverged Operator components
 [cols="1,1"]
 |===
 |*Component* |*Description*
@@ -25,10 +25,10 @@ image::cnv_components_hco-operator.png[hco-operator components]
 |Contains all operators, CRs, and objects needed by {VirtProductName}.
 
 |`SSP/ssp-kubevirt-hyperconverged`
-|An SSP CR. This is automatically created by the HCO.
+|A Scheduling, Scale, and Performance (SSP) CR. This is automatically created by the HCO.
 
 |`CDI/cdi-kubevirt-hyperconverged`
-|A CDI CR. This is automatically created by the HCO.
+|A Containerized Data Importer (CDI) CR. This is automatically created by the HCO.
 
 |`NetworkAddonsConfig/cluster`
 |A CR that instructs and is managed by the `cluster-network-addons-operator`.
diff --git a/modules/virt-about-hot-plugging-virtual-disks.adoc b/modules/virt-about-hot-plugging-virtual-disks.adoc
deleted file mode 100644
index a246f06b8ab1..000000000000
--- a/modules/virt-about-hot-plugging-virtual-disks.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-hot-plugging-virtual-disks_{context}"]
-= About hot plugging virtual disks
-
-When you _hot plug_ a virtual disk, you attach a virtual disk to a virtual machine instance while the virtual machine is running. 
-
-When you _hot unplug_ a virtual disk, you detach a virtual disk from a virtual machine instance while the virtual machine is running.
-
-Only data volumes and persistent volume claims (PVCs) can be hot plugged and hot unplugged. You cannot hot plug or hot unplug container disks.
-
-After you hot plug a virtual disk, it remains attached until you detach it, even if you restart the virtual machine.
-
-In the web console, hot-plugged volumes are marked by a "persistent hotplug" label on the disk in the disk list (*VirtualMachine Details* -> *Configuration* -> *Disks* tab). To change a hot-plug volume to a persistent volume, click the *Options* menu {kebab} and select *Make persistent*. The "persistent hotplug" label is removed and the change is applied after the next reboot.
\ No newline at end of file
diff --git a/modules/virt-about-hpp-operator.adoc b/modules/virt-about-hpp-operator.adoc
index eca5b80d5c9b..0986a89e8f75 100644
--- a/modules/virt-about-hpp-operator.adoc
+++ b/modules/virt-about-hpp-operator.adoc
@@ -2,21 +2,21 @@
 //
 // * virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-hpp-operator_{context}"]
-= About the hostpath-provisioner-operator
+= About the Hostpath Provisioner (HPP) Operator
 
-The `hostpath-provisioner-operator` deploys and manages the multi-node hostpath provisioner (HPP) and related resources.
+The HPP Operator, `hostpath-provisioner-operator`, deploys and manages the multi-node HPP and related resources.
 
 image::cnv_components_hpp-operator.png[hpp-operator components]
 
-.hostpath-provisioner-operator components
+.HPP Operator components
 [cols="1,1"]
 |===
 |*Component* |*Description*
 
 |`deployment/hpp-pool-hpp-csi-pvc-block-<worker_node_name>`
-|Provides a worker for each node where the hostpath provisioner (HPP) is designated to run. The pods mount the specified backing storage on the node.
+|Provides a worker for each node where the HPP is designated to run. The pods mount the specified backing storage on the node.
 
 |`daemonset/hostpath-provisioner-csi`
 |Implements the Container Storage Interface (CSI) driver interface of the HPP.
diff --git a/modules/virt-about-kubemacpool.adoc b/modules/virt-about-kubemacpool.adoc
deleted file mode 100644
index d30427f89a12..000000000000
--- a/modules/virt-about-kubemacpool.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-using-mac-address-pool-for-vms.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-kubemacpool_{context}"]
-= About KubeMacPool
-
-KubeMacPool provides a MAC address pool per namespace and allocates MAC addresses for virtual machine NICs from the pool.
-This ensures that the NIC is assigned a unique MAC address that does not conflict with the MAC address of another virtual machine.
-
-Virtual machine instances created from that virtual machine retain the assigned MAC address across reboots.
-
-[NOTE]
-====
-KubeMacPool does not handle virtual machine instances created independently from a virtual machine.
-====
-
-KubeMacPool is enabled by default when you install {VirtProductName}.
-You can disable a MAC address pool for a namespace by adding the `mutatevirtualmachines.kubemacpool.io=ignore` label to the namespace. Re-enable KubeMacPool for the namespace by removing the label.
diff --git a/modules/virt-about-libguestfs-tools-virtctl-guestfs.adoc b/modules/virt-about-libguestfs-tools-virtctl-guestfs.adoc
index 7ca84c07d25d..2776abfaa084 100644
--- a/modules/virt-about-libguestfs-tools-virtctl-guestfs.adoc
+++ b/modules/virt-about-libguestfs-tools-virtctl-guestfs.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/getting_started/virt-using-the-cli-tools.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-about-libguestfs-tools-virtctl-guestfs_{context}"]
 = Libguestfs and virtctl guestfs commands
 
diff --git a/modules/virt-about-live-migration.adoc b/modules/virt-about-live-migration.adoc
deleted file mode 100644
index 5509e4583ee3..000000000000
--- a/modules/virt-about-live-migration.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/live_migration/virt-live-migration.adoc
-
-
-:_content-type: CONCEPT
-[id="virt-about-live-migration_{context}"]
-= About live migration
-
-Live migration is the process of moving a running virtual machine instance (VMI) to another node in the cluster without interrupting the virtual workload or access. If a VMI uses the `LiveMigrate` eviction strategy, it automatically migrates when the node that the VMI runs on is placed into maintenance mode. You can also manually start live migration by selecting a VMI to migrate.
-
-You can use live migration if the following conditions are met:
-
-* Shared storage with `ReadWriteMany` (RWX) access mode.
-* Sufficient RAM and network bandwidth.
-* If the virtual machine uses a host model CPU, the nodes must support the virtual machine's host model CPU.
-
-By default, live migration traffic is encrypted using Transport Layer Security (TLS).
diff --git a/modules/virt-about-nmstate.adoc b/modules/virt-about-nmstate.adoc
index 13c490328299..f4f5b53ff2c1 100644
--- a/modules/virt-about-nmstate.adoc
+++ b/modules/virt-about-nmstate.adoc
@@ -3,7 +3,7 @@
 // * networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.adoc
 // * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-nmstate_{context}"]
 = About nmstate
 
@@ -27,5 +27,5 @@ Node networking is monitored and updated by the following objects:
 
 [NOTE]
 ====
-If your {product-title} cluster uses OVN-Kubernetes as the network plugin, you cannot attach a Linux bridge or bonding to the default interface of a host because of a change in the host network topology of OVN-Kubernetes. As a workaround, use a secondary network interface connected to your host or switch to the OpenShift SDN network plugin.
+You cannot make configuration changes to the `br-ex` bridge or its underlying interfaces. As a workaround, use a secondary network interface connected to your host or switch.
 ====
diff --git a/modules/virt-about-node-labeling-cpu-features.adoc b/modules/virt-about-node-labeling-cpu-features.adoc
index 43cf9eb677cc..e075f60b47dc 100644
--- a/modules/virt-about-node-labeling-cpu-features.adoc
+++ b/modules/virt-about-node-labeling-cpu-features.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc
+// * virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-node-labeling-cpu-features_{context}"]
 = About node labeling for CPU features
 
diff --git a/modules/virt-about-node-labeling-obsolete-cpu-models.adoc b/modules/virt-about-node-labeling-obsolete-cpu-models.adoc
index 2ed3a00062a3..6543aaec13b2 100644
--- a/modules/virt-about-node-labeling-obsolete-cpu-models.adoc
+++ b/modules/virt-about-node-labeling-obsolete-cpu-models.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
-// * virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc
+// * virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-node-labeling-obsolete-cpu-models_{context}"]
 = About node labeling for obsolete CPU models
 
diff --git a/modules/virt-about-node-maintenance.adoc b/modules/virt-about-node-maintenance.adoc
deleted file mode 100644
index 47739586c339..000000000000
--- a/modules/virt-about-node-maintenance.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-// virt/node_maintenance/virt-about-node-maintenance.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-node-maintenance_{context}"]
-= About node maintenance mode
-
-Nodes can be placed into maintenance mode using the `oc adm` utility, or using `NodeMaintenance` custom resources (CRs).
-
-[NOTE]
-====
-The `node-maintenance-operator` (NMO) is no longer shipped with {VirtProductName}. It is now available to deploy as a standalone Operator from the *OperatorHub* in the {product-title} web console, or by using the OpenShift CLI (`oc`).
-====
-
-Placing a node into maintenance marks the node as unschedulable and drains all the virtual machines and pods from it. Virtual machine instances that have a `LiveMigrate` eviction strategy are live migrated to another node without loss of service. This eviction strategy is configured by default in virtual machine created from common templates but must be configured manually for custom virtual machines.
-
-Virtual machine instances without an eviction strategy are shut down. Virtual machines with a `RunStrategy` of `Running` or `RerunOnFailure` are recreated on another node. Virtual machines with a `RunStrategy` of `Manual` are not automatically restarted.
-
-[IMPORTANT]
-====
-Virtual machines must have a persistent volume claim (PVC) with a shared `ReadWriteMany` (RWX) access mode to be live migrated.
-====
-
-The Node Maintenance Operator watches for new or deleted `NodeMaintenance` CRs. When a new `NodeMaintenance` CR is detected, no new workloads are scheduled and the node is cordoned off from the rest of the cluster. All pods that can be evicted are evicted from the node. When a `NodeMaintenance` CR is deleted, the node that is referenced in the CR is made available for new workloads.
-
-[NOTE]
-====
-Using a `NodeMaintenance` CR for node maintenance tasks achieves the same results as the `oc adm cordon` and `oc adm drain` commands using standard {product-title} custom resource processing.
-====
diff --git a/modules/virt-about-node-placement-virt-components.adoc b/modules/virt-about-node-placement-virt-components.adoc
new file mode 100644
index 000000000000..96697188092e
--- /dev/null
+++ b/modules/virt-about-node-placement-virt-components.adoc
@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * vvirt/post_installation_configuration/virt-node-placement-virt-components.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="virt-about-node-placement-virt-components_{context}"]
+= About node placement rules for {VirtProductName} components
+
+You can use node placement rules for the following tasks:
+
+* Deploy virtual machines only on nodes intended for virtualization workloads.
+* Deploy Operators only on infrastructure nodes.
+* Maintain separation between workloads.
+
+Depending on the object, you can use one or more of the following rule types:
+
+`nodeSelector`:: Allows pods to be scheduled on nodes that are labeled with the key-value pair or pairs that you specify in this field. The node must have labels that exactly match all listed pairs.
+`affinity`:: Enables you to use more expressive syntax to set rules that match nodes with pods. Affinity also allows for more nuance in how the rules are applied. For example, you can specify that a rule is a preference, not a requirement. If a rule is a preference, pods are still scheduled when the rule is not satisfied.
+`tolerations`:: Allows pods to be scheduled on nodes that have matching taints. If a taint is applied to a node, that
+node only accepts pods that tolerate the taint.
diff --git a/modules/virt-about-node-placement-virtualization-components.adoc b/modules/virt-about-node-placement-virtualization-components.adoc
index 765114340bc9..1f05c8294ebb 100644
--- a/modules/virt-about-node-placement-virtualization-components.adoc
+++ b/modules/virt-about-node-placement-virtualization-components.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-node-placement-virtualization-components_{context}"]
 = About node placement for virtualization components
 
@@ -39,15 +39,15 @@ To specify the nodes where OLM deploys the {VirtProductName} Operators, edit the
 
 [source,yaml,subs="attributes+"]
 ----
-apiVersion: operators.coreos.com/v1beta1
+apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: hco-operatorhub
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
-  source: redhat-operators
+  source: {CNVSubscriptionSpecSource}
   sourceNamespace: openshift-marketplace
-  name: kubevirt-hyperconverged
+  name: {CNVSubscriptionSpecName}
   startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
   channel: "stable"
   config: <1>
@@ -59,13 +59,13 @@ spec:
 
 To specify the nodes where {VirtProductName} deploys its components, you can include the `nodePlacement` object in the HyperConverged Cluster custom resource (CR) file that you create during {VirtProductName} installation. You can include `nodePlacement` under the `spec.infra` and `spec.workloads` fields, as shown in the following example:
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   infra:
     nodePlacement: <1>
@@ -79,7 +79,7 @@ spec:
 [id="node-placement-hpp_{context}"]
 == Node placement in the HostPathProvisioner object
 
-You can configure node placement rules in the `spec.workload` field of the `HostPathProvisioner` object that you create when you install the hostpath provisioner.
+You can configure node placement rules by specifying `nodeSelector`, `affinity`, or `tolerations` for the `spec.workload` field of the `HostPathProvisioner` object that you create when you install the hostpath provisioner. If after you create the `HostPathProvisioner` you delete the `HostPathProvisioner` pod and then want to delete the virtual machine (VM), you must first update the `spec.workload` field to another value and then wait for the `HostPathProvisioner` pod to restart. You can then delete the VM from the node.
 
 [source,yaml]
 ----
diff --git a/modules/virt-about-node-placement-vms.adoc b/modules/virt-about-node-placement-vms.adoc
index ac3717f1943d..23f9dbf0bac8 100644
--- a/modules/virt-about-node-placement-vms.adoc
+++ b/modules/virt-about-node-placement-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-node-placement-vms_{context}"]
 = About node placement for virtual machines
 
@@ -22,9 +22,10 @@ You can use the following rule types in the `spec` field of a `VirtualMachine` m
 
 `nodeSelector`:: Allows virtual machines to be scheduled on nodes that are labeled with the key-value pair or pairs that you specify in this field. The node must have labels that exactly match all listed pairs.
 `affinity`:: Enables you to use more expressive syntax to set rules that match nodes with virtual machines. For example, you can specify that a rule is a preference, rather than a hard requirement, so that virtual machines are still scheduled if the rule is not satisfied. Pod affinity, pod anti-affinity, and node affinity are supported for virtual machine placement. Pod affinity works for virtual machines because the `VirtualMachine` workload type is based on the `Pod` object.
+`tolerations`:: Allows virtual machines to be scheduled on nodes that have matching taints. If a taint is applied to a node, that node only accepts virtual machines that tolerate the taint.
+
 +
 [NOTE]
 ====
 Affinity rules only apply during scheduling. {product-title} does not reschedule running workloads if the constraints are no longer met.
 ====
-`tolerations`:: Allows virtual machines to be scheduled on nodes that have matching taints. If a taint is applied to a node, that node only accepts virtual machines that tolerate the taint.
\ No newline at end of file
diff --git a/modules/virt-about-pci-passthrough.adoc b/modules/virt-about-pci-passthrough.adoc
index 0ef26e8e5540..2d1586d01344 100644
--- a/modules/virt-about-pci-passthrough.adoc
+++ b/modules/virt-about-pci-passthrough.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about_pci-passthrough_{context}"]
 = About preparing a host device for PCI passthrough
 
diff --git a/modules/virt-about-preallocation.adoc b/modules/virt-about-preallocation.adoc
index eab11ab6d3ba..d3ed773b0059 100644
--- a/modules/virt-about-preallocation.adoc
+++ b/modules/virt-about-preallocation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc
+// * virt/storage/virt-using-preallocation-for-datavolumes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-preallocation_{context}"]
 = About preallocation
 
@@ -11,7 +11,7 @@ The Containerized Data Importer (CDI) can use the QEMU preallocate mode for data
 If preallocation is enabled, CDI uses the better preallocation method depending on the underlying file system and device type:
 
 `fallocate`::
-If the file system supports it, CDI uses the operating system's `fallocate` call to preallocate space by using the `posix_fallocate` function, which allocates blocks and marks them as uninitialized. 
+If the file system supports it, CDI uses the operating system's `fallocate` call to preallocate space by using the `posix_fallocate` function, which allocates blocks and marks them as uninitialized.
 
 `full`::
 If `fallocate` mode cannot be used, `full` mode allocates space for the image by writing data to the underlying storage. Depending on the storage location, all the empty allocated space might be zeroed.
diff --git a/modules/virt-about-readiness-liveness-probes.adoc b/modules/virt-about-readiness-liveness-probes.adoc
index cee9ad5fdcf8..f47108d9bb66 100644
--- a/modules/virt-about-readiness-liveness-probes.adoc
+++ b/modules/virt-about-readiness-liveness-probes.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-monitoring-vm-health.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-readiness-liveness-probes_{context}"]
 
 = About readiness and liveness probes
diff --git a/modules/virt-about-reclaiming-statically-provisioned-persistent-volumes.adoc b/modules/virt-about-reclaiming-statically-provisioned-persistent-volumes.adoc
index 7413e449a1eb..32d256dc9b73 100644
--- a/modules/virt-about-reclaiming-statically-provisioned-persistent-volumes.adoc
+++ b/modules/virt-about-reclaiming-statically-provisioned-persistent-volumes.adoc
@@ -2,7 +2,7 @@
 //
 // virt/virtual_machines/virtual_disks/virt-reusing-statically-provisioned-persistent-volumes.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-reclaiming-statically-provisioned-persistent-volumes_{context}"]
 
 = About reclaiming statically provisioned persistent volumes
diff --git a/modules/virt-about-runstrategies-vms.adoc b/modules/virt-about-runstrategies-vms.adoc
deleted file mode 100644
index 6cc873879850..000000000000
--- a/modules/virt-about-runstrategies-vms.adoc
+++ /dev/null
@@ -1,65 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-create-vms.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-runstrategies-vms_{context}"]
-= About RunStrategies for virtual machines
-
-A `RunStrategy` for virtual machines determines a virtual machine instance's (VMI) behavior, depending on a series of conditions. The `spec.runStrategy` setting exists in the virtual machine configuration process as an alternative to the `spec.running` setting.
-The `spec.runStrategy` setting allows greater flexibility for how VMIs are created and managed, in contrast to the `spec.running` setting with only `true` or `false` responses. However, the two settings are mutually exclusive. Only either `spec.running` or `spec.runStrategy` can be used. An error occurs if both are used.
-
-There are four defined RunStrategies.
-
-`Always`::
-A VMI is always present when a virtual machine is created. A new VMI is created if the original stops for any reason, which is the same behavior as `spec.running: true`.
-`RerunOnFailure`::
-A VMI is re-created if the previous instance fails due to an error. The instance is not re-created if the virtual machine stops successfully, such as when it shuts down.
-`Manual`::
-The `start`, `stop`, and `restart` virtctl client commands can be used to control the VMI's state and existence.
-`Halted`::
-No VMI is present when a virtual machine is created, which is the same behavior as `spec.running: false`.
-
-Different combinations of the `start`, `stop` and `restart` virtctl commands affect which `RunStrategy` is used.
-
-The following table follows a VM's transition from different states. The first column shows the VM's initial `RunStrategy`. Each additional column shows a virtctl command and the new `RunStrategy` after that command is run.
-
-|===
-|Initial RunStrategy |start |stop |restart
-
-|Always
-|-
-|Halted
-|Always
-
-|RerunOnFailure
-|-
-|Halted
-|RerunOnFailure
-
-|Manual
-|Manual
-|Manual
-|Manual
-
-|Halted
-|Always
-|-
-|-
-|===
-
-[NOTE]
-====
-In {VirtProductName} clusters installed using installer-provisioned infrastructure, when a node fails the MachineHealthCheck and becomes unavailable to the cluster, VMs with a RunStrategy of `Always` or `RerunOnFailure` are rescheduled on a new node.
-====
-
-[source,yaml]
-----
-apiVersion: kubevirt.io/v1
-kind: VirtualMachine
-spec:
-  RunStrategy: Always <1>
-  template:
-# ...
-----
-<1> The VMI's current `RunStrategy` setting.
diff --git a/modules/virt-about-scratch-space.adoc b/modules/virt-about-scratch-space.adoc
index df7e9ba4308b..088806c7ed30 100644
--- a/modules/virt-about-scratch-space.adoc
+++ b/modules/virt-about-scratch-space.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
+// * virt/storage/virt-preparing-cdi-scratch-space.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-scratch-space_{context}"]
 = About scratch space
 
diff --git a/modules/virt-about-services.adoc b/modules/virt-about-services.adoc
index 8f1535f8c784..4ce8dcab0a42 100644
--- a/modules/virt-about-services.adoc
+++ b/modules/virt-about-services.adoc
@@ -1,18 +1,17 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc
+// * virt/vm_networking/virt-creating-service-vm.adoc
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-services_{context}"]
 = About services
 
-A Kubernetes _service_ exposes network access for clients to an application running on a set of pods. Services offer abstraction, load balancing, and, in the case of NodePort and LoadBalancer, exposure to the outside world. 
+A Kubernetes service exposes network access for clients to an application running on a set of pods. Services offer abstraction, load balancing, and, in the case of the `NodePort` and `LoadBalancer` types, exposure to the outside world.
 
-Services can be exposed in the *VirtualMachine details* -> *Details* tab of the web console or by specifying a `spec.type` in the `Service` object:
+ClusterIP:: Exposes the service on an internal IP address and as a DNS name to other applications within the cluster. A single service can map to multiple virtual machines. When a client tries to connect to the service, the client's request is load balanced among available backends. `ClusterIP` is the default service type.
 
-ClusterIP:: Exposes the service on an internal IP address and as a DNS name to other applications within the cluster. A single service can map to multiple virtual machines. When a client tries to connect to the service, the client's request is load balanced among available backends. `ClusterIP` is the default service `type`.
-
-NodePort:: Exposes the service on the same port of each selected node in the cluster. `NodePort` makes a service accessible from outside the cluster.
+NodePort:: Exposes the service on the same port of each selected node in the cluster. `NodePort` makes a port accessible from outside the cluster, as long as the node itself is externally accessible to the client.
 
 LoadBalancer:: Creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP address to the service.
 
diff --git a/modules/virt-about-smart-cloning.adoc b/modules/virt-about-smart-cloning.adoc
index 601c6d98b467..e29f14f0f173 100644
--- a/modules/virt-about-smart-cloning.adoc
+++ b/modules/virt-about-smart-cloning.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-smart-cloning_{context}"]
 = About smart-cloning
 
diff --git a/modules/virt-about-ssp-operator.adoc b/modules/virt-about-ssp-operator.adoc
index cc181ec9e75d..1f2759e8bb75 100644
--- a/modules/virt-about-ssp-operator.adoc
+++ b/modules/virt-about-ssp-operator.adoc
@@ -1,20 +1,44 @@
 // Module included in the following assemblies:
 //
-// * virt/virt-architecture.adoc
+// * virt/about_virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-ssp-operator_{context}"]
-= About the ssp-operator
+= About the Scheduling, Scale, and Performance (SSP) Operator
 
-The `ssp-operator` deploys the common templates, the related default boot sources, and the template validator.
+The SSP Operator, `ssp-operator`, deploys the common templates, the related default boot sources, the pipeline tasks, and the template validator.
 
 image::cnv_components_ssp-operator.png[ssp-operator components]
 
-.ssp-operator components
+.SSP Operator components
 [cols="1,1"]
 |===
 |*Component* |*Description*
 
-|`deployment/virt-template-validator`
-|	Checks `vm.kubevirt.io/validations` annotations on virtual machines created from templates, and rejects them if they are invalid.
-|===
+|`deployment/create-vm-from-template`
+|	Creates a VM from a template.
+
+|`deployment/copy-template`
+|	Copies a VM template.
+
+|`deployment/modify-vm-template`
+|	Creates or removes a VM template.
+
+|`deployment/modify-data-object`
+|	Creates or removes data volumes or data sources.
+
+|`deployment/cleanup-vm`
+|	Runs a script or a command on a VM, then stops or deletes the VM afterward.
+
+|`deployment/disk-virt-customize`
+|	Runs a `customize` script on a target persistent volume claim (PVC) using `virt-customize`.
+
+|`deployment/disk-virt-sysprep`
+|	Runs a `sysprep` script on a target PVC by using `virt-sysprep`.
+
+|`deployment/wait-for-vmi-status`
+|	Waits for a specific virtual machine instance (VMI) status, then fails or succeeds according to that status.
+
+|`deployment/create-vm-from-manifest`
+|   Creates a VM from a manifest.
+|===
\ No newline at end of file
diff --git a/modules/virt-about-static-and-dynamic-ssh-keys.adoc b/modules/virt-about-static-and-dynamic-ssh-keys.adoc
new file mode 100644
index 000000000000..bc14d63f89f8
--- /dev/null
+++ b/modules/virt-about-static-and-dynamic-ssh-keys.adoc
@@ -0,0 +1,52 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-about-static-and-dynamic-ssh-keys_{context}"]
+= About static and dynamic SSH key management
+
+You can add public SSH keys to virtual machines (VMs) statically at first boot or dynamically at runtime.
+
+[NOTE]
+====
+Only {op-system-base-full} 9 supports dynamic key injection.
+====
+
+[discrete]
+[id="static-key-management_{context}"]
+== Static SSH key management
+
+You can add a statically managed SSH key to a VM with a guest operating system that supports configuration by using a cloud-init data source. The key is added to the virtual machine (VM) at first boot.
+
+You can add the key by using one of the following methods:
+
+* Add a key to a single VM when you create it by using the web console or the command line.
+* Add a key to a project by using the web console. Afterwards, the key is automatically added to the VMs that you create in this project.
+
+.Use cases
+
+* As a VM owner, you can provision all your newly created VMs with a single key.
+
+[discrete]
+[id="dynamic-key-management_{context}"]
+== Dynamic SSH key management
+
+You can enable dynamic SSH key management for a VM with {op-system-base-full} 9 installed. Afterwards, you can update the key during runtime. The key is added by the QEMU guest agent, which is installed with Red Hat boot sources.
+
+You can disable dynamic key management for security reasons. Then, the VM inherits the key management setting of the image from which it was created.
+
+.Use cases
+
+* Granting or revoking access to VMs: As a cluster administrator, you can grant or revoke remote VM access by adding or removing the keys of individual users from a `Secret` object that is applied to all VMs in a namespace.
+* User access: You can add your access credentials to all VMs that you create and manage.
+
+* Ansible provisioning:
+
+** As an operations team member, you can create a single secret that contains all the keys used for Ansible provisioning.
+** As a VM owner, you can create a VM and attach the keys used for Ansible provisioning.
+
+* Key rotation:
+
+** As a cluster administrator, you can rotate the Ansible provisioner keys used by VMs in a namespace.
+** As a workload owner, you can rotate the key for the VMs that you manage.
diff --git a/modules/virt-about-storage-pools-pvc-templates.adoc b/modules/virt-about-storage-pools-pvc-templates.adoc
index de53a28d8725..05640db9535f 100644
--- a/modules/virt-about-storage-pools-pvc-templates.adoc
+++ b/modules/virt-about-storage-pools-pvc-templates.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
+// * virt/storage/virt-configuring-local-storage-with-hpp.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-storage-pools-pvc-templates_{context}"]
 = About storage pools created with PVC templates
 
diff --git a/modules/virt-about-storage-volumes-for-vm-disks.adoc b/modules/virt-about-storage-volumes-for-vm-disks.adoc
index 9adf371f0ba0..79ea5bf773d1 100644
--- a/modules/virt-about-storage-volumes-for-vm-disks.adoc
+++ b/modules/virt-about-storage-volumes-for-vm-disks.adoc
@@ -3,7 +3,7 @@
 // * virt/about/about-virt.adoc
 // * virt/install/preparing-cluster-for-virt.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-storage-volumes-for-vm-disks_{context}"]
 = About volume and access modes for virtual machine disks
 
diff --git a/modules/virt-about-tekton-tasks-operator.adoc b/modules/virt-about-tekton-tasks-operator.adoc
index 1e21cfa4d8ed..39167716c1b4 100644
--- a/modules/virt-about-tekton-tasks-operator.adoc
+++ b/modules/virt-about-tekton-tasks-operator.adoc
@@ -2,15 +2,15 @@
 //
 // * virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-tekton-tasks-operator_{context}"]
-= About the tekton-tasks-operator
+= About the Tekton Tasks Operator
 
-The `tekton-tasks-operator` deploys example pipelines showing the usage of OpenShift Pipelines for VMs. It also deploys additional OpenShift Pipeline tasks that allow users to create VMs from templates, copy and modify templates, and create data volumes.
+The Tekton Tasks Operator, `tekton-tasks-operator`, deploys example pipelines showing the usage of OpenShift Pipelines for virtual machines (VMs). This operator also deploys additional OpenShift Pipeline tasks that allow users to create VMs from templates, copy and modify templates, and create data volumes.
 
-image::cnv_components_tekton-tasks-operator.png[tekton-tasks-operator components]
+//image::cnv_components_tekton-tasks-operator.png[tekton-tasks-operator components]
 
-.tekton-tasks-operator components
+.Tekton Tasks Operator components
 [cols="1,1"]
 |===
 |*Component* |*Description*
@@ -31,11 +31,11 @@ image::cnv_components_tekton-tasks-operator.png[tekton-tasks-operator components
 |	Runs a script or a command on a VM, then stops or deletes the VM afterward.
 
 |`deployment/disk-virt-customize`
-|	Runs a `customize` script on a target PVC using `virt-customize`.
+|	Runs a `customize` script on a target persistent volume claim (PVC) using `virt-customize`.
 
 |`deployment/disk-virt-sysprep`
 |	Runs a `sysprep` script on a target PVC by using `virt-sysprep`.
 
 |`deployment/wait-for-vmi-status`
-|	Waits for a specific VMI status, then fails or succeeds according to that status.
+|	Waits for a specific virtual machine instance (VMI) status, then fails or succeeds according to that status.
 |===
diff --git a/modules/virt-about-the-overview-dashboard.adoc b/modules/virt-about-the-overview-dashboard.adoc
index 6c7d1d47feff..bac66be5c3b4 100644
--- a/modules/virt-about-the-overview-dashboard.adoc
+++ b/modules/virt-about-the-overview-dashboard.adoc
@@ -2,10 +2,17 @@
 //
 // * web_console/using-dashboard-to-get-cluster-information.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-the-overview-dashboard_{context}"]
 = About the {product-title} dashboards page
 
+Access the {product-title} dashboard, which captures high-level information
+about the cluster, by navigating to *Home* -> *Overview* from
+the {product-title} web console.
+
+The {product-title} dashboard provides various cluster information, captured in
+individual dashboard cards.
+
 The {product-title} dashboard consists of the following cards:
 
 * *Details* provides a brief overview of informational cluster details.
@@ -19,13 +26,13 @@ Status include *ok*, *error*, *warning*, *in progress*, and *unknown*. Resources
 ** Number of nodes
 ** Number of pods
 ** Persistent storage volume claims
-** Bare metal hosts in the cluster, listed according to their state (only available in *metal3* environment).
-* *Cluster Capacity* charts help administrators understand when additional resources are required in the cluster. The charts contain an inner ring that displays current consumption, while an outer ring displays thresholds configured for the resource, including information about:
+** Bare metal hosts in the cluster, listed according to their state (only available in *metal3* environment)
+* *Status* helps administrators understand how cluster resources are consumed. Click on a resource to jump to a detailed page listing pods and nodes that consume the largest amount of the specified cluster resource (CPU, memory, or storage).
+* *Cluster Utilization* shows the capacity of various resources over a specified period of time, to help administrators understand the scale and frequency of high resource consumption, including information about:
 ** CPU time
 ** Memory allocation
 ** Storage consumed
 ** Network resources consumed
-* *Cluster Utilization* shows the capacity of various resources over a specified period of time, to help administrators understand the scale and frequency of high resource consumption.
-* *Events* lists messages related to recent activity in the cluster, such as pod creation or virtual machine migration to another host.
-* *Top Consumers* helps administrators understand how cluster resources are consumed. Click on a resource to jump to a detailed page listing pods and nodes that consume the largest amount of the specified cluster resource (CPU, memory, or storage).
+** Pod count
+* *Activity* lists messages related to recent activity in the cluster, such as pod creation or virtual machine migration to another host.
 
diff --git a/modules/virt-about-uefi-mode-for-vms.adoc b/modules/virt-about-uefi-mode-for-vms.adoc
index c0103d934727..bfa83a464c05 100644
--- a/modules/virt-about-uefi-mode-for-vms.adoc
+++ b/modules/virt-about-uefi-mode-for-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-uefi-mode-for-vms.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-uefi-mode-for-vms_{context}"]
 = About UEFI mode for virtual machines
 
diff --git a/modules/virt-about-upgrading-virt.adoc b/modules/virt-about-upgrading-virt.adoc
index 17a22e7f046b..35460b35848d 100644
--- a/modules/virt-about-upgrading-virt.adoc
+++ b/modules/virt-about-upgrading-virt.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-upgrading-virt_{context}"]
 = About updating {VirtProductName}
 
diff --git a/modules/virt-about-using-virtual-gpus.adoc b/modules/virt-about-using-virtual-gpus.adoc
index 0b389deb703b..549de80cb639 100644
--- a/modules/virt-about-using-virtual-gpus.adoc
+++ b/modules/virt-about-using-virtual-gpus.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-using-virtual-gpus_{context}"]
 = About using virtual GPUs with {VirtProductName}
 
diff --git a/modules/virt-about-virt-operator.adoc b/modules/virt-about-virt-operator.adoc
index aa3af58fde48..f56da19b8419 100644
--- a/modules/virt-about-virt-operator.adoc
+++ b/modules/virt-about-virt-operator.adoc
@@ -2,11 +2,11 @@
 //
 // * virt/virt-architecture.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-virt-operator_{context}"]
-= About the virt-operator
+= About the {VirtProductName} Operator
 
-The `virt-operator` deploys, upgrades, and manages {VirtProductName} without disrupting current virtual machine (VM) workloads.
+The {VirtProductName} Operator, `virt-operator` deploys, upgrades, and manages {VirtProductName} without disrupting current virtual machine (VM) workloads.
 
 image::cnv_components_virt-operator.png[virt-operator components]
 
diff --git a/modules/virt-about-virtio-drivers.adoc b/modules/virt-about-virtio-drivers.adoc
deleted file mode 100644
index 972a9ee04cf0..000000000000
--- a/modules/virt-about-virtio-drivers.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-installing-virtio-drivers-on-new-windows-vm.adoc
-
-//This file contains UI elements and/or package names that need to be updated.
-
-:_content-type: CONCEPT
-[id="virt-about-virtio-drivers_{context}"]
-= About VirtIO drivers
-
-VirtIO drivers are paravirtualized device drivers required for Microsoft Windows
- virtual machines to run in {VirtProductName}. The supported drivers are
-available in the `container-native-virtualization/virtio-win` container disk of the
-link:https://access.redhat.com/containers/#/registry.access.redhat.com/container-native-virtualization/virtio-win[Red Hat Ecosystem Catalog].
-
-The `container-native-virtualization/virtio-win` container disk must be attached to the virtual machine as a
-SATA CD drive to enable driver installation. You can install VirtIO drivers during
-Windows installation on the virtual machine or added to an
-existing Windows installation.
-
-After the drivers are installed, the `container-native-virtualization/virtio-win` container disk can be removed
-from the virtual machine.
diff --git a/modules/virt-about-virtio-scsi.adoc b/modules/virt-about-virtio-scsi.adoc
deleted file mode 100644
index e3a5f9fbd702..000000000000
--- a/modules/virt-about-virtio-scsi.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-virtio-scsi_{context}"]
-= About virtio-scsi
-
-In {VirtProductName}, each virtual machine (VM) has a `virtio-scsi` controller so that hot plugged disks can use a `scsi` bus. The `virtio-scsi` controller overcomes the limitations of `virtio` while retaining its performance advantages. It is highly scalable and supports hot plugging over 4 million disks.
-
-Regular `virtio` is not available for hot plugged disks because it is not scalable: each `virtio` disk uses one of the limited PCI Express (PCIe) slots in the VM. PCIe slots are also used by other devices and must be reserved in advance, therefore slots might not be available on demand.
\ No newline at end of file
diff --git a/modules/virt-about-vm-snapshots.adoc b/modules/virt-about-vm-snapshots.adoc
index 9c60bbe2c0cd..76da4f4ba40a 100644
--- a/modules/virt-about-vm-snapshots.adoc
+++ b/modules/virt-about-vm-snapshots.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-vm-snapshots_{context}"]
-= About virtual machine snapshots
+= About snapshots
 
 A _snapshot_ represents the state and data of a virtual machine (VM) at a specific point in time. You can use a snapshot to restore an existing VM to a previous state (represented by
 the snapshot) for backup and disaster recovery or to rapidly roll back to a previous development version.
@@ -15,17 +15,16 @@ When taking a snapshot of a running VM, the controller checks that the QEMU gues
 
 The snapshot stores a copy of each Container Storage Interface (CSI) volume attached to the VM and a copy of the VM specification and metadata. Snapshots cannot be changed after creation.
 
-With the VM snapshots feature, cluster administrators and application developers can:
+You can perform the following snapshot actions:
 
 * Create a new snapshot
 * List all snapshots attached to a specific VM
 * Restore a VM from a snapshot
 * Delete an existing VM snapshot
 
-[id="vm-snapshot-controller-and-crds_{context}"]
-== Virtual machine snapshot controller and custom resource definitions (CRDs)
+.VM snapshot controller and custom resources
 
-The VM snapshot feature introduces three new API objects defined as CRDs for managing snapshots:
+The VM snapshot feature introduces three new API objects defined as custom resource definitions (CRDs) for managing snapshots:
 
 * `VirtualMachineSnapshot`: Represents a user request to create a snapshot. It contains information about the current state of the VM.
 * `VirtualMachineSnapshotContent`: Represents a provisioned resource on the cluster (a snapshot). It is created by the VM snapshot controller and contains references to all resources required to restore the VM.
diff --git a/modules/virt-about-vm-templates.adoc b/modules/virt-about-vm-templates.adoc
deleted file mode 100644
index b4c30879d81c..000000000000
--- a/modules/virt-about-vm-templates.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/vm_templates/virt-creating-vm-template.adoc
-
-:_content-type: CONCEPT
-[id="virt-about-vm-templates_{context}"]
-= About virtual machine templates
-
-Preconfigured Red Hat virtual machine templates are listed in the *Virtualization* -> *Templates* page. These templates are available for different versions of Red Hat Enterprise Linux, Fedora, Microsoft Windows 10, and Microsoft Windows Servers. Each Red Hat virtual machine template is preconfigured with the operating system image, default settings for the operating system, flavor (CPU and memory), and workload type (server).
-
-The *Templates* page displays four types of virtual machine templates:
-
-* *Red Hat Supported* templates are fully supported by Red Hat.
-* *User Supported* templates are *Red Hat Supported* templates that were cloned and created by users.
-* *Red Hat Provided* templates have limited support from Red Hat.
-* *User Provided* templates are *Red Hat Provided* templates that were cloned and created by users.
-
-You can use the filters in the template *Catalog* to sort the templates by attributes such as boot source availability, operating system, and workload.
-
-You cannot edit or delete a *Red Hat Supported* or *Red Hat Provided* template. You can clone the template, save it as a custom virtual machine template, and then edit it.
-
-You can also create a custom virtual machine template by editing a YAML file example.
diff --git a/modules/virt-about-vmis.adoc b/modules/virt-about-vmis.adoc
index 36374b5568fb..bb6d364ea90e 100644
--- a/modules/virt-about-vmis.adoc
+++ b/modules/virt-about-vmis.adoc
@@ -3,7 +3,7 @@
 // * virt/virtual_machines/virt-manage-vmis.adoc
 //
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-vmis_{context}"]
 = About virtual machine instances
 
diff --git a/modules/virt-about-vms-and-boot-sources.adoc b/modules/virt-about-vms-and-boot-sources.adoc
index c1e9fc6d61ee..bbb79b55249e 100644
--- a/modules/virt-about-vms-and-boot-sources.adoc
+++ b/modules/virt-about-vms-and-boot-sources.adoc
@@ -1,20 +1,14 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-creating-and-using-boot-sources.adoc
-// * virt/vm_templates/virt-creating-vm-template.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-vms-and-boot-sources_{context}"]
+= About VM boot sources
 
-= About virtual machines and boot sources
+Virtual machines (VMs) consist of a VM definition and one or more disks that are backed by data volumes. VM templates enable you to create VMs using predefined specifications.
 
-Virtual machines consist of a virtual machine definition and one or more disks that are backed by data volumes. Virtual machine templates enable you to create virtual machines using predefined virtual machine specifications.
+Every template requires a boot source, which is a fully configured disk image including configured drivers. Each template contains a VM definition with a pointer to the boot source. Each boot source has a predefined name and namespace. For some operating systems, a boot source is automatically provided. If it is not provided, then an administrator must prepare a custom boot source.
 
-Every virtual machine template requires a boot source, which is a fully configured virtual machine disk image including configured drivers. Each virtual machine template contains a virtual machine definition with a pointer to the boot source. Each boot source has a predefined name and namespace. For some operating systems, a boot source is automatically provided. If it is not provided, then an administrator must prepare a custom boot source.
+Provided boot sources are updated automatically to the latest version of the operating system. For auto-updated boot sources, persistent volume claims (PVCs) and volume snapshots are created with the cluster's default storage class. If you select a different default storage class after configuration, you must delete the existing boot sources in the cluster namespace that are configured with the previous default storage class.
 
-Provided boot sources are updated automatically to the latest version of the operating system. For auto-updated boot sources, persistent volume claims (PVCs) are created with the cluster's default storage class. If you select a different default storage class after configuration, you must delete the existing data volumes in the cluster namespace that are configured with the previous default storage class.
-
-To use the boot sources feature, install the latest release of {VirtProductName}. The namespace `openshift-virtualization-os-images` enables the feature and is installed with the {VirtProductName} Operator.
-Once the boot source feature is installed, you can create boot sources, attach them to templates, and create virtual machines from the templates.
-
-Define a boot source by using a persistent volume claim (PVC) that is populated by uploading a local file, cloning an existing PVC, importing from a registry, or by URL. Attach a boot source to a virtual machine template by using the web console. After the boot source is attached to a virtual machine template, you  create any number of fully configured ready-to-use virtual machines from the template.
diff --git a/modules/virt-about-vtpm-devices.adoc b/modules/virt-about-vtpm-devices.adoc
index 75d880e55a2e..7b83ee1aae60 100644
--- a/modules/virt-about-vtpm-devices.adoc
+++ b/modules/virt-about-vtpm-devices.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-using-vtpm-devices.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-vtpm-devices_{context}"]
 = About vTPM devices
 
@@ -16,6 +16,20 @@ from a Windows 11 image to function without a physical TPM chip.
 If you do not enable vTPM, then the VM does not recognize a TPM device, even if
 the node has one.
 
-vTPM devices also protect virtual machines by temporarily storing secrets
-without physical hardware. However, using vTPM for persistent secret storage is
-not currently supported. vTPM discards stored secrets after a VM shuts down.
+A vTPM device also protects virtual machines by storing secrets without physical hardware. {VirtProductName} supports persisting vTPM device state by using Persistent Volume Claims (PVCs) for VMs. You must specify the storage class to be used by the PVC by setting the `vmStateStorageClass` attribute in the `HyperConverged` custom resource (CR):
+
+[source,yaml]
+----
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+spec:
+  vmStateStorageClass: <storage_class_name>
+
+# ...
+----
+
+[NOTE]
+====
+The storage class must be of type `Filesystem` and support the `ReadWriteMany` (RWX) access mode.
+====
diff --git a/modules/virt-about-workload-security.adoc b/modules/virt-about-workload-security.adoc
index fc345fcfbe71..689cd06f7ccf 100644
--- a/modules/virt-about-workload-security.adoc
+++ b/modules/virt-about-workload-security.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virt-security-policies.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-workload-security_{context}"]
 = About workload security
 
diff --git a/modules/virt-about-workload-updates.adoc b/modules/virt-about-workload-updates.adoc
index 12d413f98270..770dceefacb5 100644
--- a/modules/virt-about-workload-updates.adoc
+++ b/modules/virt-about-workload-updates.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-about-workload-updates_{context}"]
 = About workload updates
 
@@ -31,7 +31,7 @@ If you enable both `LiveMigrate` and `Evict`:
 
 * VMIs that support live migration use the `LiveMigrate` update strategy.
 
-* VMIs that do not support live migration use the `Evict` update strategy. If a VMI is controlled by a `VirtualMachine` object that has a `runStrategy` value of `always`, a new VMI is created in a new pod with updated components.
+* VMIs that do not support live migration use the `Evict` update strategy. If a VMI is controlled by a `VirtualMachine` object that has `runStrategy: Always` set, a new VMI is created in a new pod with updated components.
 
 [discrete]
 [id="migration-attempts-timeouts_{context}"]
diff --git a/modules/virt-access-configuration-considerations.adoc b/modules/virt-access-configuration-considerations.adoc
new file mode 100644
index 000000000000..1e1cdbd746bd
--- /dev/null
+++ b/modules/virt-access-configuration-considerations.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-access-configuration-considerations_{context}"]
+= Access configuration considerations
+
+Each method for configuring access to a virtual machine (VM) has advantages and limitations, depending on the traffic load and client requirements.
+
+Services provide excellent performance and are recommended for applications that are accessed from outside the cluster.
+
+If the internal cluster network cannot handle the traffic load, you can configure a secondary network.
+
+`virtctl ssh` and `virtctl port-forwarding` commands::
+* Simple to configure.
+* Recommended for troubleshooting VMs.
+* `virtctl port-forwarding` recommended for automated configuration of VMs with Ansible.
+* Dynamic public SSH keys can be used to provision VMs with Ansible.
+* Not recommended for high-traffic applications like Rsync or Remote Desktop Protocol because of the burden on the API server.
+* The API server must be able to handle the traffic load.
+* The clients must be able to access the API server.
+* The clients must have access credentials for the cluster.
+
+Cluster IP service::
+* The internal cluster network must be able to handle the traffic load.
+* The clients must be able to access an internal cluster IP address.
+
+Node port service::
+* The internal cluster network must be able to handle the traffic load.
+* The clients must be able to access at least one node.
+
+Load balancer service::
+* A load balancer must be configured.
+* Each node must be able to handle the traffic load of one or more load balancer services.
+
+Secondary network::
+* Excellent performance because traffic does not go through the internal cluster network.
+* Allows a flexible approach to network topology.
+* Guest operating system must be configured with appropriate security because the VM is exposed directly to the secondary network. If a VM is compromised, an intruder could gain access to the secondary network.
+
diff --git a/modules/virt-accessing-exported-vm-manifests.adoc b/modules/virt-accessing-exported-vm-manifests.adoc
index ec12d683277a..11cd166ba2ad 100644
--- a/modules/virt-accessing-exported-vm-manifests.adoc
+++ b/modules/virt-accessing-exported-vm-manifests.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-exporting-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-accessing-exported-vm-manifests_{context}"]
 = Accessing exported virtual machine manifests
 
@@ -100,7 +100,7 @@ $ curl --cacert cacert.crt <secret_manifest_url> -H \ <1>
 "x-kubevirt-export-token:token_decode" -H \ <2>
 "Accept:application/yaml"
 ----
-<1> Replace `<secret_manifest_url>` with an `auth-header-secret` URL from the `VirtualMachineExport` YAML output. 
+<1> Replace `<secret_manifest_url>` with an `auth-header-secret` URL from the `VirtualMachineExport` YAML output.
 <2> Reference the `token_decode` file that you created earlier.
 +
 For example:
diff --git a/modules/virt-accessing-node-exporter-outside-cluster.adoc b/modules/virt-accessing-node-exporter-outside-cluster.adoc
index 31d64e37c8fe..0e1598cb53cf 100644
--- a/modules/virt-accessing-node-exporter-outside-cluster.adoc
+++ b/modules/virt-accessing-node-exporter-outside-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-accessing-node-exporter-outside-cluster_{context}"]
 = Accessing the node exporter service outside the cluster
 
diff --git a/modules/virt-accessing-rdp-console.adoc b/modules/virt-accessing-rdp-console.adoc
index 16663f729cfa..4e0aa7436bba 100644
--- a/modules/virt-accessing-rdp-console.adoc
+++ b/modules/virt-accessing-rdp-console.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-accessing-vm-consoles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-accessing-rdp-console_{context}"]
 = Connecting to a Windows virtual machine with an RDP console
 
@@ -76,7 +76,7 @@ $ oc create -f <service_name>.yaml
 . Start the VM. If the VM is already running, restart it.
 . Query the `Service` object to verify that it is available:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get service -n example-namespace
 ----
diff --git a/modules/virt-accessing-serial-console.adoc b/modules/virt-accessing-serial-console.adoc
index 93f310dd090b..020df70764f0 100644
--- a/modules/virt-accessing-serial-console.adoc
+++ b/modules/virt-accessing-serial-console.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-accessing-vm-consoles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-accessing-serial-console_{context}"]
 = Accessing the serial console of a virtual machine instance
 
diff --git a/modules/virt-accessing-vmi-ssh.adoc b/modules/virt-accessing-vmi-ssh.adoc
deleted file mode 100644
index 2c412220045d..000000000000
--- a/modules/virt-accessing-vmi-ssh.adoc
+++ /dev/null
@@ -1,89 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
-
-:_content-type: PROCEDURE
-[id="virt-accessing-vmi-ssh_{context}"]
-= Accessing a virtual machine via SSH by using virtctl
-
-You can use the `virtctl ssh` command to forward SSH traffic to a virtual machine (VM) by using your local SSH client. If you have previously configured SSH key authentication with the VM, skip to step 2 of the procedure because step 1 is not required.
-
-[NOTE]
-====
-Heavy SSH traffic on the control plane can slow down the API server. If you regularly need a large number of connections, use a dedicated Kubernetes `Service` object to access the virtual machine.
-====
-
-
-.Prerequisites
-* You have installed the OpenShift CLI (`oc`).
-* You have installed the `virtctl` client.
-* The virtual machine you want to access is running.
-* You are in the same project as the VM.
-
-
-.Procedure
-
-. Configure SSH key authentication:
-.. Use the `ssh-keygen` command to generate an SSH public key pair:
-+
-[source,terminal]
-----
-$ ssh-keygen -f <key_file> <1>
-----
-<1> Specify the file in which to store the keys.
-
-.. Create an SSH authentication secret which contains the SSH public key to access the VM:
-+
-[source,terminal]
-----
-$ oc create secret generic my-pub-key --from-file=key1=<key_file>.pub
-----
-
-.. Add a reference to the secret in the `VirtualMachine` manifest. For example:
-+
-[source,yaml]
-----
-apiVersion: kubevirt.io/v1
-kind: VirtualMachine
-metadata:
-  name: testvm
-spec:
-  running: true
-  template:
-    spec:
-      accessCredentials:
-      - sshPublicKey:
-          source:
-            secret:
-              secretName: my-pub-key <1>
-          propagationMethod:
-            configDrive: {} <2>
-# ...
-----
-<1> Reference to the SSH authentication `Secret` object.
-<2> The SSH public key is injected into the VM as cloud-init metadata using the `configDrive` provider.
-
-.. Restart the VM to apply your changes.
-
-. Connect to the VM via SSH: 
-.. Run the following command to access the VM via SSH:
-+
-[source,terminal]
-----
-$ virtctl ssh -i <key_file> <vm_username>@<vm_name>
-----
-
-.. Optional: To securely transfer files to or from the VM, use the following commands:
-+
-
-.Copy a file from your machine to the VM
-[source,terminal]
-----
-$ virtctl scp -i <key_file> <filename> <vm_username>@<vm_name>:
-----
-+
-.Copy a file from the VM to your machine
-[source,terminal]
-----
-$ virtctl scp -i <key_file> <vm_username@<vm_name>:<filename> .
-----
diff --git a/modules/virt-accessing-vnc-console.adoc b/modules/virt-accessing-vnc-console.adoc
index ed434eae318e..24c2ecde303b 100644
--- a/modules/virt-accessing-vnc-console.adoc
+++ b/modules/virt-accessing-vnc-console.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-accessing-vm-consoles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-accessing-vnc-console_{context}"]
 = Accessing the graphical console of a virtual machine instances with VNC
 
diff --git a/modules/virt-add-boot-order-web.adoc b/modules/virt-add-boot-order-web.adoc
index da4d9b366b3c..b90a4145d106 100644
--- a/modules/virt-add-boot-order-web.adoc
+++ b/modules/virt-add-boot-order-web.adoc
@@ -3,7 +3,7 @@
 // * virt/virt_users_guide/virt-edit-boot-order.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-add-boot-order-web_{context}"]
 = Adding items to a boot order list in the web console
 
diff --git a/modules/virt-add-disk-to-vm.adoc b/modules/virt-add-disk-to-vm.adoc
index 9899b3498fff..a286cb762df5 100644
--- a/modules/virt-add-disk-to-vm.adoc
+++ b/modules/virt-add-disk-to-vm.adoc
@@ -1,41 +1,20 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/virt-edit-vms.adoc
-// * virt/vm_templates/virt-editing-vm-template.adoc
 
-// Establishing conditionals so content can be re-used for editing VMs
-// and VM templates.
-
-ifeval::["{context}" == "virt-edit-vms"]
-:virt-vm:
-:object: virtual machine
-:object-gui: VirtualMachines
-:object-vm-overview: VirtualMachine details
-:tab: Configuration -> Disks
-endif::[]
-
-ifeval::["{context}" == "virt-editing-vm-template"]
-:virt-vm-template:
-:object: virtual machine template
-:object-gui: Templates
-:object-vm-overview: Template details
-:tab: Disks
-endif::[]
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-add-disk-to-vm_{context}"]
 
-= Adding a virtual disk to a {object}
+= Adding a disk to a virtual machine
 
-Use this procedure to add a virtual disk to a {object}.
+You can add a virtual disk to a virtual machine (VM) by using the {product-title} web console.
 
 .Procedure
 
-. Click *Virtualization* -> *{object-gui}* from the side menu.
-
-. Select a {object} to open the *{object-vm-overview}* page.
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select a VM to open the *VirtualMachine details* page.
 
-. On the *{tab}* tab, click *Add disk*.
+. On the *Disks* tab, click *Add disk*.
 
 . Specify the *Source*, *Name*, *Size*, *Type*, *Interface*, and *Storage Class*.
 
@@ -45,27 +24,8 @@ Use this procedure to add a virtual disk to a {object}.
 
 . Click *Add*.
 
-ifdef::virt-vm[]
 [NOTE]
 ====
-If the {object} is running, the new disk is in the *pending restart* state and will not be attached until you restart the {object}.
-
-The *Pending Changes* banner at the top of the page displays a list of all changes that will be applied when the {object} restarts.
+If the VM is running, you must restart the VM to apply the change.
 ====
-endif::virt-vm[]
-
-// Unsetting all conditionals used in module
-
-ifeval::["{context}" == "virt-edit-vms"]
-:virt-vm!:
-:object!:
-:object-gui!:
-:object-vm-overview!:
-endif::[]
 
-ifeval::["{context}" == "virt-editing-vm-template"]
-:virt-vm-template!:
-:object!:
-:object-gui!:
-:object-vm-overview!:
-endif::[]
diff --git a/modules/virt-add-nic-to-vm.adoc b/modules/virt-add-nic-to-vm.adoc
deleted file mode 100644
index 6e5710e3e2b7..000000000000
--- a/modules/virt-add-nic-to-vm.adoc
+++ /dev/null
@@ -1,64 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-edit-vms.adoc
-// * virt/vm_templates/virt-editing-vm-template.adoc
-
-ifeval::["{context}" == "virt-edit-vms"]
-:virt-vm:
-:object: virtual machine
-:object-gui: VirtualMachines
-:object-vm-overview: VirtualMachine details
-:tab: Configuration -> Network interfaces
-endif::[]
-
-ifeval::["{context}" == "virt-editing-vm-template"]
-:virt-vm-template:
-:object: virtual machine template
-:object-gui: Templates
-:object-vm-overview: Template details
-:tab: Network interfaces
-endif::[]
-
-:_content-type: PROCEDURE
-[id="virt-vm-add-nic_{context}"]
-
-= Adding a network interface to a {object}
-
-Use this procedure to add a network interface to a {object}.
-
-.Procedure
-
-. Click *Virtualization* -> *{object-gui}* from the side menu.
-
-. Select a {object} to open the *{object-vm-overview}* page.
-
-. On the *{tab}* tab, click *Add Network Interface*.
-
-. In the *Add Network Interface* window, specify the *Name*, *Model*, *Network*, *Type*, and *MAC Address* of the network interface.
-
-. Click *Add*.
-
-ifdef::virt-vm[]
-[NOTE]
-====
-If the {object} is running, the new network interface is in the *pending restart* state and changes will not take effect until you restart the {object}.
-
-The *Pending Changes* banner at the top of the page displays a list of all changes that will be applied when the {object} restarts.
-====
-endif::virt-vm[]
-
-// Scrubbing all conditionals used in module
-
-ifeval::["{context}" == "virt-edit-vms"]
-:virt-vm!:
-:object!:
-:object-gui!:
-:object-vm-overview!:
-endif::[]
-
-ifeval::["{context}" == "virt-editing-vm-template"]
-:virt-vm-template!:
-:object!:
-:object-gui!:
-:object-vm-overview!:
-endif::[]
diff --git a/modules/virt-add-remove-mediated-devices.adoc b/modules/virt-add-remove-mediated-devices.adoc
deleted file mode 100644
index 5023ecbd664c..000000000000
--- a/modules/virt-add-remove-mediated-devices.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: CONCEPT
-[id="virt-adding-and-removing-mediated-devices_context"]
-= Adding and removing mediated devices
-
-You can add or remove mediated devices.
\ No newline at end of file
diff --git a/modules/virt-adding-a-boot-source-web.adoc b/modules/virt-adding-a-boot-source-web.adoc
index 3e34f6560e27..220f9d81fb68 100644
--- a/modules/virt-adding-a-boot-source-web.adoc
+++ b/modules/virt-adding-a-boot-source-web.adoc
@@ -1,12 +1,11 @@
 // Module included in the following assemblies:
 //
-// * virt/vm_templates/virt-creating-vm-template.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-adding-a-boot-source-web_{context}"]
-= Adding a boot source for a virtual machine template
+= Adding boot source to a template
 
-A boot source can be configured for any virtual machine template that you want to use for creating virtual machines or custom templates. When virtual machine templates are configured with a boot source, they are labeled *Source available* on the *Templates* page. After you add a boot source to a template, you can create a new virtual machine from the template.
+You can add a boot source or operating system image to a virtual machine (VM) template. When templates are configured with an operating system image, they are labeled *Source available* on the *Catalog* page. After you add a boot source to a template, you can create a VM from the template.
 
 There are four methods for selecting and adding a boot source in the web console:
 
@@ -16,19 +15,18 @@ There are four methods for selecting and adding a boot source in the web console
 * *Registry (creates PVC)*
 
 .Prerequisites
-* To add a boot source, you must be logged in as a user with the `os-images.kubevirt.io:edit` RBAC role or as an administrator. You do not need special privileges to create a virtual machine from a template with a boot source added.
-
-* To upload a local file, the operating system image file must exist on your local machine.
-
-* To import via URL, access to the web server with the operating system image is required. For example: the Red Hat Enterprise Linux web page with images.
 
+* You must be logged in as a user with the `os-images.kubevirt.io:edit` RBAC role or as an administrator.
++
+You do not need special privileges to create a VM from a template with an operating system image added.
+* To upload a local file, the boot source file must exist on your local machine.
+* To download from a URL endpoint, you must have access to the web server with the boot source. For example: the Red Hat Enterprise Linux web page with images.
 * To clone an existing PVC, access to the project with a PVC is required.
-
-* To import via registry, access to the container registry is required.
+* To download a boot source from a registry, access to the container registry is required.
 
 .Procedure
 
-. In the {product-title} console, click *Virtualization* -> *Templates* from the side menu.
+. In the {product-title} console, click *Virtualization* -> *Catalog* from the side menu.
 . Click the options menu beside a template and select *Edit boot source*.
 . Click *Add disk*.
 . In the *Add disk* window, select *Use this disk as a boot source*.
@@ -39,7 +37,7 @@ There are four methods for selecting and adding a boot source in the web console
 +
 [NOTE]
 ====
-Provided boot sources are updated automatically to the latest version of the operating system. For auto-updated boot sources, persistent volume claims (PVCs) are created with the cluster's default storage class. If you select a different default storage class after configuration, you must delete the existing data volumes in the cluster namespace that are configured with the previous default storage class.
+Provided boot sources are updated automatically to the latest version of the operating system. For auto-updated boot sources, persistent volume claims (PVCs) and volume snapshots are created with the cluster's default storage class. If you select a different default storage class after configuration, you must delete the existing boot sources in the cluster namespace that are configured with the previous default storage class.
 ====
 
 . Optional: Clear *Apply optimized StorageProfile settings* to edit the access mode or volume mode.
@@ -47,9 +45,7 @@ Provided boot sources are updated automatically to the latest version of the ope
 . Select the appropriate method to save your boot source:
 
 .. Click *Save and upload* if you uploaded a local file.
-
 .. Click *Save and import* if you imported content from a URL or the registry.
-
 .. Click *Save and clone* if you cloned an existing PVC.
 
 Your custom virtual machine template with a boot source is listed on the *Catalog* page. You can use this template to create a virtual machine.
diff --git a/modules/virt-adding-container-disk-as-cd.adoc b/modules/virt-adding-container-disk-as-cd.adoc
new file mode 100644
index 000000000000..946d8d7c6116
--- /dev/null
+++ b/modules/virt-adding-container-disk-as-cd.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-installing-virtio-drivers-on-new-windows-vm.adoc
+
+//This file contains UI elements and/or package names that need to be updated.
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-adding-container-disk-as-cd_{context}"]
+= Installing VirtIO drivers from a container disk added as a SATA CD drive
+
+You can install VirtIO drivers from a container disk that you add to a Windows virtual machine (VM) as a SATA CD drive.
+
+[TIP]
+====
+Downloading the `container-native-virtualization/virtio-win` container disk from the link:https://catalog.redhat.com/software/containers/search?q=virtio-win&p=1[Red Hat Ecosystem Catalog] is not mandatory, because the container disk is downloaded from the Red Hat registry if it not already present in the cluster. However, downloading reduces the installation time.
+====
+
+.Prerequisites
+
+* You must have access to the Red Hat registry or to the downloaded `container-native-virtualization/virtio-win` container disk in a restricted environment.
+
+.Procedure
+
+. Add the `container-native-virtualization/virtio-win` container disk as a CD drive by editing the `VirtualMachine` manifest:
++
+[source,yaml]
+----
+# ...
+spec:
+  domain:
+    devices:
+      disks:
+        - name: virtiocontainerdisk
+          bootOrder: 2 <1>
+          cdrom:
+            bus: sata
+volumes:
+  - containerDisk:
+      image: container-native-virtualization/virtio-win
+    name: virtiocontainerdisk
+----
+<1> {VirtProductName} boots the VM disks in the order defined in the `VirtualMachine` manifest. You can either define other VM disks that boot before the `container-native-virtualization/virtio-win` container disk or use the optional `bootOrder` parameter to ensure the VM boots from the correct disk. If you configure the boot order for a disk, you must configure the boot order for the other disks.
+
+. Apply the changes:
+* If the VM is not running, run the following command:
++
+[source,terminal]
+----
+$ virtctl start <vm>
+----
+
+* If the VM is running, reboot the VM or run the following command:
++
+[source,terminal]
+----
+$ oc apply -f <vm.yaml>
+----
+
+. After the VM has started, install the VirtIO drivers from the SATA CD drive.
diff --git a/modules/virt-adding-kernel-arguments-enable-iommu.adoc b/modules/virt-adding-kernel-arguments-enable-iommu.adoc
index 18776245cebf..e31c0b949d86 100644
--- a/modules/virt-adding-kernel-arguments-enable-iommu.adoc
+++ b/modules/virt-adding-kernel-arguments-enable-iommu.adoc
@@ -1,19 +1,22 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/advanced_vm_management/configuring-pci-passthrough.adoc
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-adding-kernel-arguments-enable-IOMMU_{context}"]
 = Adding kernel arguments to enable the IOMMU driver
 
-To enable the IOMMU (Input-Output Memory Management Unit)  driver in the kernel, create the `MachineConfig` object and add the kernel arguments.
+To enable the IOMMU driver in the kernel, create the `MachineConfig` object and add the kernel arguments.
 
 .Prerequisites
-* Administrative privilege to a working {product-title} cluster.
-* Intel or AMD CPU hardware.
-* Intel Virtualization Technology for Directed I/O extensions or AMD IOMMU in the BIOS (Basic Input/Output System) is enabled.
+
+* You have cluster administrator permissions.
+* Your CPU hardware is Intel or AMD.
+* You enabled Intel Virtualization Technology for Directed I/O extensions or AMD IOMMU in the BIOS.
 
 .Procedure
+
 . Create a `MachineConfig` object that identifies the kernel argument. The following example shows a kernel argument for an Intel CPU.
 
 +
diff --git a/modules/virt-adding-key-creating-vm-template.adoc b/modules/virt-adding-key-creating-vm-template.adoc
new file mode 100644
index 000000000000..03e20cf549c9
--- /dev/null
+++ b/modules/virt-adding-key-creating-vm-template.adoc
@@ -0,0 +1,77 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+ifeval::["{context}" == "static-key"]
+:static-key:
+:title: Adding a key
+endif::[]
+ifeval::["{context}" == "dynamic-key"]
+:dynamic-key:
+:title: Enabling dynamic key injection
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-adding-key-creating-vm-template_{context}"]
+= {title} when creating a VM from a template
+
+ifdef::static-key[]
+You can add a statically managed public SSH key when you create a virtual machine (VM) by using the {product-title} web console. The key is added to the VM as a cloud-init data source at first boot. This method does not affect cloud-init user data.
+
+Optional: You can add a key to a project. Afterwards, this key is added automatically to VMs that you create in the project.
+endif::[]
+ifdef::dynamic-key[]
+You can enable dynamic public SSH key injection when you create a virtual machine (VM) from a template by using the {product-title} web console. Then, you can update the key at runtime.
+
+[NOTE]
+====
+Only {op-system-base-full} 9 supports dynamic key injection.
+====
+
+The key is added to the VM by the QEMU guest agent, which is installed with {op-system-base} 9.
+endif::[]
+
+.Prerequisites
+
+* You generated an SSH key pair by running the `ssh-keygen` command.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Catalog* in the web console.
+ifdef::dynamic-key[]
+. Click the *Red Hat Enterprise Linux 9 VM* tile.
+endif::[]
+ifdef::static-key[]
+. Click a template tile.
++
+The guest operating system must support configuration from a cloud-init data source.
+endif::[]
+. Click *Customize VirtualMachine*.
+. Click *Next*.
+. Click the *Scripts* tab.
+. If you have not already added a public SSH key to your project, click the edit icon beside *Authorized SSH key* and select one of the following options:
+
+* *Use existing*: Select a secret from the secrets list.
+* *Add new*:
+.. Browse to the SSH key file or paste the file in the key field.
+.. Enter the secret name.
+.. Optional: Select *Automatically apply this key to any new VirtualMachine you create in this project*.
+ifdef::dynamic-key[]
+. Set *Dynamic SSH key injection* to on.
+endif::[]
+. Click *Save*.
+. Click *Create VirtualMachine*.
++
+The *VirtualMachine details* page displays the progress of the VM creation.
+
+.Verification
+. Click the *Scripts* tab on the *Configuration* tab.
++
+The secret name is displayed in the *Authorized SSH key* section.
+
+ifeval::["{context}" == "static-key"]
+:!static-key:
+endif::[]
+ifeval::["{context}" == "dynamic-key"]
+:!dynamic-key:
+endif::[]
\ No newline at end of file
diff --git a/modules/virt-adding-public-key-cli.adoc b/modules/virt-adding-public-key-cli.adoc
new file mode 100644
index 000000000000..24e5e9e4d221
--- /dev/null
+++ b/modules/virt-adding-public-key-cli.adoc
@@ -0,0 +1,197 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+ifeval::["{context}" == "static-key"]
+:static-key:
+:header: Adding a key when creating a VM
+endif::[]
+ifeval::["{context}" == "dynamic-key"]
+:dynamic-key:
+:header: Enabling dynamic key injection
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-adding-public-key-cli_{context}"]
+= {header} by using the command line
+
+ifdef::static-key[]
+You can add a statically managed public SSH key when you create a virtual machine (VM) by using the command line. The key is added to the VM at first boot.
+
+The key is added to the VM as a cloud-init data source. This method separates the access credentials from the application data in the cloud-init user data. This method does not affect cloud-init user data.
+endif::[]
+ifdef::dynamic-key[]
+You can enable dynamic key injection for a virtual machine (VM) by using the command line. Then, you can update the public SSH key at runtime.
+
+[NOTE]
+====
+Only {op-system-base-full} 9 supports dynamic key injection.
+====
+
+The key is added to the VM by the QEMU guest agent, which is installed automatically with {op-system-base} 9.
+endif::[]
+
+.Prerequisites
+
+* You generated an SSH key pair by running the `ssh-keygen` command.
+
+.Procedure
+
+. Create a manifest file for a `VirtualMachine` object and a `Secret` object:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: example-vm
+  namespace: example-namespace
+spec:
+  dataVolumeTemplates:
+  - apiVersion: cdi.kubevirt.io/v1beta1
+    kind: DataVolume
+    metadata:
+      name: example-vm-disk
+    spec:
+      sourceRef:
+        kind: DataSource
+        name: rhel9
+        namespace: openshift-virtualization-os-images
+      storage:
+        resources:
+          requests:
+            storage: 30Gi
+  running: false
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: example-vm
+    spec:
+      domain:
+        cpu:
+          cores: 1
+          sockets: 2
+          threads: 1
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: rootdisk
+          - disk:
+              bus: virtio
+            name: cloudinitdisk
+          interfaces:
+          - masquerade: {}
+            name: default
+          rng: {}
+        features:
+          smm:
+            enabled: true
+        firmware:
+          bootloader:
+            efi: {}
+        resources:
+          requests:
+            memory: 8Gi
+      evictionStrategy: LiveMigrate
+      networks:
+      - name: default
+        pod: {}
+      volumes:
+      - dataVolume:
+          name: example-volume
+        name: example-vm-disk
+        - cloudInitNoCloud: <.>
+            userData: |-
+              #cloud-config
+              user: cloud-user
+              password: <password>
+              chpasswd: { expire: False }
+ifdef::dynamic-key[]
+              runcmd:
+                - [ setsebool, -P, virt_qemu_ga_manage_ssh, on ]
+endif::[]
+          name: cloudinitdisk
+      accessCredentials:
+        - sshPublicKey:
+            propagationMethod:
+ifdef::static-key[]
+              configDrive: {}
+endif::[]
+ifdef::dynamic-key[]
+              qemuGuestAgent:
+                users: ["user1","user2","fedora"] <.>
+endif::[]
+            source:
+              secret:
+                secretName: authorized-keys <.>
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authorized-keys
+data:
+  key:  |
+      MIIEpQIBAAKCAQEAulqb/Y... <.>
+----
+<.> Specify the `cloudInitNoCloud` data source.
+ifdef::dynamic-key[]
+<.> Specify the user names.
+endif::[]
+<.> Specify the `Secret` object name.
+<.> Paste the public SSH key.
+
+. Create the `VirtualMachine` and `Secret` objects:
++
+[source,terminal]
+----
+$ oc create -f <manifest_file>.yaml
+----
+
+. Start the VM:
++
+[source,terminal]
+----
+$ virtctl start vm example-vm
+----
+
+.Verification
+. Get the VM configuration:
++
+[source,terminal]
+----
+$ oc describe vm example-vm -n example-namespace
+----
++
+.Example output
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: example-vm
+  namespace: example-namespace
+spec:
+  template:
+    spec:
+      accessCredentials:
+        - sshPublicKey:
+            propagationMethod:
+ifdef::static-key[]
+              configDrive: {}
+endif::[]
+ifdef::dynamic-key[]
+              qemuGuestAgent:
+                users: ["user1","user2","fedora"]
+endif::[]
+            source:
+              secret:
+                secretName: authorized-keys
+----
+
+ifeval::["{context}" == "static-key"]
+:!static-key:
+endif::[]
+ifeval::["{context}" == "dynamic-key"]
+:!dynamic-key:
+endif::[]
\ No newline at end of file
diff --git a/modules/virt-adding-secret-configmap-service-account-to-vm.adoc b/modules/virt-adding-secret-configmap-service-account-to-vm.adoc
index 29f8f3efc6a8..b203d61ae7e5 100644
--- a/modules/virt-adding-secret-configmap-service-account-to-vm.adoc
+++ b/modules/virt-adding-secret-configmap-service-account-to-vm.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-edit-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-adding-secret-configmap-service-account-to-vm_{context}"]
 
 = Adding a secret, config map, or service account to a virtual machine
diff --git a/modules/virt-adding-templates-to-custom-namespace.adoc b/modules/virt-adding-templates-to-custom-namespace.adoc
deleted file mode 100644
index 836aa11a40fe..000000000000
--- a/modules/virt-adding-templates-to-custom-namespace.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/vm_templates/virt-deploying-vm-template-to-custom-namespace.adoc
-
-[id="virt-adding-templates-to-custom-namespace_{context}"]
-= Adding templates to a custom namespace
-
-The `ssp-operator` deploys virtual machine templates to the `openshift` namespace by default. Templates in the `openshift` namespace are publicly availably to all users. When a custom namespace is created and templates are added to that namespace, you can modify or delete virtual machine templates in the `openshift` namespace. To add templates to a custom namespace, edit the `HyperConverged` custom resource (CR) which contains the `ssp-operator`.
-
-.Procedure
-
-. View the list of virtual machine templates that are available in the `openshift` namespace.
-+
-[source,terminal]
-----
-$ oc get templates -n openshift
-----
-+
-. Edit the `HyperConverged` CR in your default editor by running the following command:
-+
-[source,terminal]
-----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
-----
-+
-. View the list of virtual machine templates that are available in the custom namespace.
-+
-[source,terminal]
-----
-$ oc get templates -n customnamespace
-----
-+
-. Add the `commonTemplatesNamespace` attribute and specify the custom namespace. Example:
-+
-[source,yaml]
-----
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  name: kubevirt-hyperconverged
-spec:
-  commonTemplatesNamespace: customnamespace <1>
-----
-<1> The custom namespace for deploying templates.
-+
-. Save your changes and exit the editor. The `ssp-operator` adds virtual machine templates that exist in the default `openshift` namespace to the custom namespace.
diff --git a/modules/virt-adding-tls-certificates-for-authenticating-dv-imports.adoc b/modules/virt-adding-tls-certificates-for-authenticating-dv-imports.adoc
index 2028a9e3417d..2d618fac310d 100644
--- a/modules/virt-adding-tls-certificates-for-authenticating-dv-imports.adoc
+++ b/modules/virt-adding-tls-certificates-for-authenticating-dv-imports.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-adding-tls-certificates-for-authenticating-dv-imports_{context}"]
 = Adding TLS certificates for authenticating data volume imports
 
diff --git a/modules/virt-adding-virtio-drivers-vm-yaml.adoc b/modules/virt-adding-virtio-drivers-vm-yaml.adoc
deleted file mode 100644
index 84a8a55e8b5a..000000000000
--- a/modules/virt-adding-virtio-drivers-vm-yaml.adoc
+++ /dev/null
@@ -1,60 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-installing-virtio-drivers-on-new-windows-vm.adoc
-
-//This file contains UI elements and/or package names that need to be updated.
-
-:_content-type: PROCEDURE
-[id="virt-adding-virtio-drivers-vm-yaml_{context}"]
-= Adding VirtIO drivers container disk to a virtual machine
-
-{VirtProductName} distributes VirtIO drivers for Microsoft Windows as a
-container disk, which is available from the
-link:https://access.redhat.com/containers/#/registry.access.redhat.com/container-native-virtualization/virtio-win[Red Hat Ecosystem Catalog].
-To install these drivers to a Windows virtual machine, attach the
-`container-native-virtualization/virtio-win` container disk to the virtual machine as a SATA CD drive
-in the virtual machine configuration file.
-
-.Prerequisites
-
-* Download the `container-native-virtualization/virtio-win` container disk from the
-link:https://access.redhat.com/containers/#/registry.access.redhat.com/container-native-virtualization/virtio-win[Red Hat Ecosystem Catalog].
-This is not mandatory, because the container disk will be downloaded from the Red Hat registry
-if it not already present in the cluster, but it can reduce installation time.
-
-.Procedure
-
-. Add the `container-native-virtualization/virtio-win` container disk as a `cdrom` disk in the
-Windows virtual machine configuration file. The container disk will be
-downloaded from the registry if it is not already present in the cluster.
-+
-[source,yaml]
-----
-spec:
-  domain:
-    devices:
-      disks:
-        - name: virtiocontainerdisk
-          bootOrder: 2 <1>
-          cdrom:
-            bus: sata
-volumes:
-  - containerDisk:
-      image: container-native-virtualization/virtio-win
-    name: virtiocontainerdisk
-----
-<1> {VirtProductName} boots virtual machine disks in the order defined in the
-`VirtualMachine` configuration file. You can either define other disks for the
-virtual machine before the `container-native-virtualization/virtio-win` container disk or use the optional
-`bootOrder` parameter to ensure the virtual machine boots from the correct disk.
- If you specify the `bootOrder` for a disk, it must be specified for all disks
-in the configuration.
-
-. The disk is available once the virtual machine has started:
-** If you add the container disk to a running virtual machine, use
-`oc apply -f <vm.yaml>` in the CLI or reboot the virtual machine for the changes
-to take effect.
-** If the virtual machine is not running, use `virtctl start <vm>`.
-
-After the virtual machine has started, the VirtIO drivers can be installed from
-the attached SATA CD drive.
diff --git a/modules/virt-adding-vm-to-service-mesh.adoc b/modules/virt-adding-vm-to-service-mesh.adoc
index f9c4d1d0f7aa..ed3ddb71070b 100644
--- a/modules/virt-adding-vm-to-service-mesh.adoc
+++ b/modules/virt-adding-vm-to-service-mesh.adoc
@@ -1,19 +1,27 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-connecting-vm-to-service-mesh.adoc
+// * virt/vm_networking/virt-connecting-vm-to-service-mesh.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-adding-vm-to-service-mesh_{context}"]
-= Configuring a virtual machine for the service mesh
+= Adding a virtual machine to a service mesh
 
 To add a virtual machine (VM) workload to a service mesh, enable automatic sidecar injection in the VM configuration file by setting the `sidecar.istio.io/inject` annotation to `true`. Then expose your VM as a service to view your application in the mesh.
 
+[IMPORTANT]
+====
+To avoid port conflicts, do not use ports used by the Istio sidecar proxy. These include ports 15000, 15001, 15006, 15008, 15020, 15021, and 15090.
+====
+
 .Prerequisites
-* To avoid port conflicts, do not use ports used by the Istio sidecar proxy. These include ports 15000, 15001, 15006, 15008, 15020, 15021, and 15090.
+
+* You installed the Service Mesh Operators.
+* You created the Service Mesh control plane.
+* You added the VM project to the Service Mesh member roll.
 
 .Procedure
 
-. Edit the VM configuration file to add the `sidecar.istio.io/inject: "true"` annotation.
+. Edit the VM configuration file to add the `sidecar.istio.io/inject: "true"` annotation:
 +
 .Example configuration file
 [source,yaml]
diff --git a/modules/virt-adding-vtpm-to-vm.adoc b/modules/virt-adding-vtpm-to-vm.adoc
index 4610cf9ce040..4953d22b36a1 100644
--- a/modules/virt-adding-vtpm-to-vm.adoc
+++ b/modules/virt-adding-vtpm-to-vm.adoc
@@ -2,13 +2,17 @@
 //
 // * virt/virtual_machines/virt-using-vtpm-devices.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-adding-vtpm-to-vm_{context}"]
 = Adding a vTPM device to a virtual machine
 
 Adding a virtual Trusted Platform Module (vTPM) device to a virtual machine
 (VM) allows you to run a VM created from a Windows 11 image without a physical
-TPM device. A vTPM device also temporarily stores secrets for that VM.
+TPM device. A vTPM device also stores secrets for that VM.
+
+.Prerequisites
+* You have installed the OpenShift CLI (`oc`).
+* You have configured a Persistent Volume Claim (PVC) to use a storage class of type `Filesystem` that supports the `ReadWriteMany` (RWX) access mode. This is necessary for the vTPM device data to persist across VM reboots.
 
 .Procedure
 
@@ -19,7 +23,7 @@ TPM device. A vTPM device also temporarily stores secrets for that VM.
 $ oc edit vm <vm_name>
 ----
 
-. Edit the VM `spec` so that it includes the `tpm: {}` line. For example:
+. Edit the VM specification to add the vTPM device. For example:
 +
 [source,yaml]
 ----
@@ -32,10 +36,12 @@ spec:
     spec:
       domain:
         devices:
-          tpm: {} <1>
+          tpm:  <1>
+            persistent: true <2>
 # ...
 ----
-<1> Adds the TPM device to the VM.
+<1> Adds the vTPM device to the VM.
+<2> Specifies that the vTPM device state persists after the VM is shut down. The default value is `false`.
 
 . To apply your changes, save and exit the editor.
 
diff --git a/modules/virt-additional-scc-for-kubevirt-controller.adoc b/modules/virt-additional-scc-for-kubevirt-controller.adoc
index 0af8361ce831..c7a8606fc2b9 100644
--- a/modules/virt-additional-scc-for-kubevirt-controller.adoc
+++ b/modules/virt-additional-scc-for-kubevirt-controller.adoc
@@ -2,9 +2,9 @@
 //
 // * virt/virt-security-policies.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-additional-scc-for-kubevirt-controller_{context}"]
-= Additional {product-title} security context constraints and Linux capabilities for the kubevirt-controller service account
+= Additional SCCs and permissions for the kubevirt-controller service account
 
 Security context constraints (SCCs) control permissions for pods. These permissions include actions that a pod, a collection of containers, can perform and what resources it can access. You can use SCCs to define a set of conditions that a pod must run with to be accepted into the system.
 
@@ -20,12 +20,12 @@ This allows virtual machines to use the hostpath volume plugin.
 * `scc.AllowPrivilegedContainer = false` +
 This ensures the virt-launcher pod is not run as a privileged container.
 
-* `scc.AllowedCapabilities = []corev1.Capability{"SYS_NICE", "NET_BIND_SERVICE"}` +
+* `scc.AllowedCapabilities = []corev1.Capability{"SYS_NICE", "NET_BIND_SERVICE"}`
 
 ** `SYS_NICE` allows setting the CPU affinity.
 ** `NET_BIND_SERVICE` allows DHCP and Slirp operations.
 
-== Viewing the SCC and RBAC definitions for the kubevirt-controller
+.Viewing the SCC and RBAC definitions for the kubevirt-controller
 
 You can view the `SecurityContextConstraints` definition for the `kubevirt-controller` by using the `oc` tool:
 
diff --git a/modules/virt-applying-node-placement-rules.adoc b/modules/virt-applying-node-placement-rules.adoc
new file mode 100644
index 000000000000..c65f57ac2973
--- /dev/null
+++ b/modules/virt-applying-node-placement-rules.adoc
@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * virt/post_installation_configuration/virt-node-placement-virt-components.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-applying-node-place-rules_{context}"]
+= Applying node placement rules
+
+You can apply node placement rules by editing a `Subscription`, `HyperConverged`, or `HostPathProvisioner` object using the command line.
+
+.Prerequisites
+
+* The `oc` CLI tool is installed.
+* You are logged in with cluster administrator permissions.
+
+.Procedure
+
+. Edit the object in your default editor by running the following command:
++
+[source,terminal]
+----
+$ oc edit <resource_type> <resource_name> -n {CNVNamespace}
+----
+
+. Save the file to apply the changes.
diff --git a/modules/virt-assign-vgpu-passthrough-to-vm.adoc b/modules/virt-assign-vgpu-passthrough-to-vm.adoc
deleted file mode 100644
index fc2dae0c30cf..000000000000
--- a/modules/virt-assign-vgpu-passthrough-to-vm.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-vgpu-passthrough.adoc
-
-[id="virt-assign-vgpu-passthrough-to-vm_{context}"]
-= Assigning vGPU passthrough devices to a virtual machine
-
-Use the {product-title} web console to assign vGPU passthrough devices to your virtual machine.
-
-.Prerequisites
-
-* The virtual machine must be stopped.
-
-.Procedure
-
-. In the {product-title} web console, click *Virtualization -> VirtualMachines* from the side menu.
-. Select the virtual machine to which you want to assign the device.
-. On the *Details* tab, click *GPU devices*.
-+
-If you add a vGPU device as a host device, you cannot access the device with the VNC console.
-
-. Click *Add GPU device*, enter the *Name* and select the device from the *Device name* list.
-. Click *Save*.
-. Click the *YAML* tab to verify that the new devices have been added to your cluster configuration in the `hostDevices` section.
-
-[NOTE]
-====
-You can add hardware devices to virtual machines created from customized templates or a YAML file. You cannot add devices to pre-supplied boot source templates for specific operating systems, such as Windows 10 or RHEL 7.
-
-To display resources that are connected to your cluster, click *Compute* -> *Hardware Devices* from the side menu.
-====
diff --git a/modules/virt-assigning-mediated-device-virtual-machine.adoc b/modules/virt-assigning-mediated-device-virtual-machine.adoc
deleted file mode 100644
index e1a4037b79b6..000000000000
--- a/modules/virt-assigning-mediated-device-virtual-machine.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: PROCEDURE
-[id="virt-assigning-mediated-device-virtual-machine_{context}"]
-= Assigning a mediated device to a virtual machine
-
-Assign mediated devices such as virtual GPUs (vGPUs) to virtual machines.
-
-.Prerequisites
-
-* The mediated device is configured in the `HyperConverged` custom resource.
-
-.Procedure
-
-* Assign the mediated device to a virtual machine (VM) by editing the `spec.domain.devices.gpus` stanza of the `VirtualMachine` manifest:
-+
-.Example virtual machine manifest
-[source,yaml]
-----
-apiVersion: kubevirt.io/v1
-kind: VirtualMachine
-spec:
-  domain:
-    devices:
-      gpus:
-      - deviceName: nvidia.com/TU104GL_Tesla_T4 <1>
-        name: gpu1 <2>
-      - deviceName: nvidia.com/GRID_T4-1Q
-        name: gpu2
-----
-<1> The resource name associated with the mediated device.
-<2> A name to identify the device on the VM.
-
-.Verification
-
-* To verify that the device is available from the virtual machine, run the following command, substituting `<device_name>` with the `deviceName` value from the `VirtualMachine` manifest:
-+
-[source,terminal]
-----
-$ lspci -nnk | grep <device_name>
-----
\ No newline at end of file
diff --git a/modules/virt-assigning-pci-device-virtual-machine.adoc b/modules/virt-assigning-pci-device-virtual-machine.adoc
index f84ade5c5f68..3815f8e410a7 100644
--- a/modules/virt-assigning-pci-device-virtual-machine.adoc
+++ b/modules/virt-assigning-pci-device-virtual-machine.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-assigning-pci-device-virtual-machine_{context}"]
 = Assigning a PCI device to a virtual machine
 
diff --git a/modules/virt-assigning-vgpu-vm-cli.adoc b/modules/virt-assigning-vgpu-vm-cli.adoc
new file mode 100644
index 000000000000..a0a30dd4a123
--- /dev/null
+++ b/modules/virt-assigning-vgpu-vm-cli.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-assigning-mdev-vm-cli_{context}"]
+= Assigning a vGPU to a VM by using the CLI
+
+Assign mediated devices such as virtual GPUs (vGPUs) to virtual machines (VMs).
+
+.Prerequisites
+
+* The mediated device is configured in the `HyperConverged` custom resource.
+* The VM is stopped.
+
+.Procedure
+
+* Assign the mediated device to a virtual machine (VM) by editing the `spec.domain.devices.gpus` stanza of the `VirtualMachine` manifest:
++
+.Example virtual machine manifest
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+spec:
+  domain:
+    devices:
+      gpus:
+      - deviceName: nvidia.com/TU104GL_Tesla_T4 <1>
+        name: gpu1 <2>
+      - deviceName: nvidia.com/GRID_T4-2Q
+        name: gpu2
+----
+<1> The resource name associated with the mediated device.
+<2> A name to identify the device on the VM.
+
+.Verification
+
+* To verify that the device is available from the virtual machine, run the following command, substituting `<device_name>` with the `deviceName` value from the `VirtualMachine` manifest:
++
+[source,terminal]
+----
+$ lspci -nnk | grep <device_name>
+----
\ No newline at end of file
diff --git a/modules/virt-assigning-vgpu-vm-web.adoc b/modules/virt-assigning-vgpu-vm-web.adoc
new file mode 100644
index 000000000000..fe9581528c30
--- /dev/null
+++ b/modules/virt-assigning-vgpu-vm-web.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
+
+[id="virt-assigning-vgpu-vm-web_{context}"]
+= Assigning a vGPU to a VM by using the web console
+
+You can assign virtual GPUs to virtual machines by using the {product-title} web console.
+[NOTE]
+====
+You can add hardware devices to virtual machines created from customized templates or a YAML file. You cannot add devices to pre-supplied boot source templates for specific operating systems.
+====
+
+.Prerequisites
+
+* The vGPU is configured as a mediated device in your cluster.
+** To view the devices that are connected to your cluster, click *Compute* -> *Hardware Devices* from the side menu.
+* The VM is stopped.
+
+.Procedure
+
+. In the {product-title} web console, click *Virtualization* -> *VirtualMachines* from the side menu.
+. Select the VM that you want to assign the device to.
+. On the *Details* tab, click *GPU devices*.
+. Click *Add GPU device*.
+. Enter an identifying value in the *Name* field.
+. From the *Device name* list, select the device that you want to add to the VM.
+. Click *Save*.
+
+.Verification
+* To confirm that the devices were added to the VM, click the *YAML* tab and review the `VirtualMachine` configuration. Mediated devices are added to the `spec.domain.devices` stanza.
\ No newline at end of file
diff --git a/modules/virt-attaching-virtio-disk-to-windows-existing.adoc b/modules/virt-attaching-virtio-disk-to-windows-existing.adoc
new file mode 100644
index 000000000000..f8bd211a70c4
--- /dev/null
+++ b/modules/virt-attaching-virtio-disk-to-windows-existing.adoc
@@ -0,0 +1,17 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms/virt-installing-qemu-guest-agent.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-attaching-virtio-disk-to-windows-existing_{context}"]
+= Attaching VirtIO container disk to an existing Windows VM
+
+You must attach the VirtIO container disk to the Windows VM to install the necessary Windows drivers. This can be done to an existing VM.
+
+.Procedure
+
+. Navigate to the existing Windows VM, and click *Actions* -> *Stop*.
+. Go to *VM Details* -> *Configuration* -> *Disks* and click *Add disk*.
+. Add `windows-driver-disk` from container source, set the *Type* to *CD-ROM*, and then set the *Interface* to *SATA*.
+. Click *Save*.
+. Start the VM, and connect to a graphical console.
\ No newline at end of file
diff --git a/modules/virt-attaching-virtio-disk-to-windows.adoc b/modules/virt-attaching-virtio-disk-to-windows.adoc
new file mode 100644
index 000000000000..acb9e300f93b
--- /dev/null
+++ b/modules/virt-attaching-virtio-disk-to-windows.adoc
@@ -0,0 +1,18 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms/virt-installing-qemu-guest-agent.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-attaching-virtio-disk-to-windows_{context}"]
+= Attaching VirtIO container disk to Windows VMs during installation
+
+You must attach the VirtIO container disk to the Windows VM to install the necessary Windows drivers. This can be done during creation of the VM.
+
+.Procedure
+
+. When creating a Windows VM from a template, click *Customize VirtualMachine*.
+. Select *Mount Windows drivers disk*.
+. Click the *Customize VirtualMachine parameters*.
+. Click *Create VirtualMachine*.
+
+After the VM is created, the `virtio-win` SATA CD disk will be attached to the VM.
diff --git a/modules/virt-attaching-vm-secondary-network-cli.adoc b/modules/virt-attaching-vm-secondary-network-cli.adoc
index 57e988da2f7e..3964b85e8435 100644
--- a/modules/virt-attaching-vm-secondary-network-cli.adoc
+++ b/modules/virt-attaching-vm-secondary-network-cli.adoc
@@ -1,14 +1,12 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-external-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
 
-:_content-type: PROCEDURE
-[id="virt-attaching-vm-additional-network-cli_{context}"]
-= Attaching a virtual machine to an additional network in the CLI
+:_mod-docs-content-type: PROCEDURE
+[id="virt-attaching-vm-secondary-network-cli_{context}"]
+= Configuring a VM network interface by using the command line
 
-Attach a virtual machine to an additional network by adding a bridge interface and specifying a network attachment definition in the virtual machine configuration.
-
-This procedure uses a YAML file to demonstrate editing the configuration and applying the updated file to the cluster. You can alternatively use the `oc edit <object> <name>` command to edit an existing virtual machine.
+You can configure a virtual machine (VM) network interface for a bridge network by using the command line.
 
 .Prerequisites
 
@@ -16,15 +14,14 @@ This procedure uses a YAML file to demonstrate editing the configuration and app
 
 .Procedure
 
-. Create or edit a configuration of a virtual machine that you want to connect to the bridge network.
-. Add the bridge interface to the `spec.template.spec.domain.devices.interfaces` list and the network attachment definition to the `spec.template.spec.networks` list. This example adds a bridge interface called `bridge-net` that connects to the `a-bridge-network` network attachment definition:
+. Add the bridge interface and the network attachment definition to the VM configuration as in the following example:
 +
 [source,yaml]
 ----
 apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
-    name: <example-vm>
+  name: example-vm
 spec:
   template:
     spec:
@@ -32,27 +29,26 @@ spec:
         devices:
           interfaces:
             - masquerade: {}
-              name: <default>
+              name: default
             - bridge: {}
-              name: <bridge-net> <1>
+              name: bridge-net <1>
 # ...
       networks:
-        - name: <default>
+        - name: default
           pod: {}
-        - name: <bridge-net> <2>
+        - name: bridge-net <2>
           multus:
-            networkName: <network-namespace>/<a-bridge-network> <3>
-# ...
+            networkName: a-bridge-network <3>
 ----
 <1> The name of the bridge interface.
 <2> The name of the network. This value must match the `name` value of the corresponding `spec.template.spec.domain.devices.interfaces` entry.
-<3> The name of the network attachment definition, prefixed by the namespace where it exists. The namespace must be either the `default` namespace or the same namespace where the VM is to be created. In this case, `multus` is used. Multus is a cloud network interface (CNI) plugin that allows multiple CNIs to exist so that a pod or virtual machine can use the interfaces it needs.
+<3> The name of the network attachment definition.
 
 . Apply the configuration:
 +
 [source,terminal]
 ----
-$ oc apply -f <example-vm.yaml>
+$ oc apply -f example-vm.yaml
 ----
 
 . Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.
diff --git a/modules/virt-attaching-vm-to-ovn-secondary-nw-cli.adoc b/modules/virt-attaching-vm-to-ovn-secondary-nw-cli.adoc
new file mode 100644
index 000000000000..5f822e4023c2
--- /dev/null
+++ b/modules/virt-attaching-vm-to-ovn-secondary-nw-cli.adoc
@@ -0,0 +1,57 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-attaching-vm-to-ovn-secondary-nw-cli_{context}"]
+= Attaching a virtual machine to an OVN-Kubernetes secondary network using the CLI
+
+You can connect a virtual machine (VM) to the OVN-Kubernetes secondary network by including the network details in the VM configuration.
+
+.Prerequisites
+* You have access to the cluster as a user with `cluster-admin` privileges.
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+. Edit the `VirtualMachine` manifest to add the OVN-Kubernetes secondary network interface details, as in the following example:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: vm-server
+spec:
+  running: true
+  template:
+    spec:
+      domain:
+        devices:
+          interfaces:
+          - name: default
+            masquerade: {}
+          - name: secondary <1>
+            bridge: {}
+        resources:
+          requests:
+            memory: 1024Mi
+      networks:
+      - name: default
+        pod: {}
+      - name: secondary  <2>
+        multus:
+          networkName: l2-network <3>
+# ...
+----
+<1> The name of the OVN-Kubernetes secondary interface.
+<2> The name of the network. This must match the value of the `spec.template.spec.domain.devices.interfaces.name` field.
+<3> The name of the `NetworkAttachmentDefinition` object.
+
+. Apply the `VirtualMachine` manifest:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
+
+. Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.
\ No newline at end of file
diff --git a/modules/virt-attaching-vm-to-sriov-network.adoc b/modules/virt-attaching-vm-to-sriov-network.adoc
index af438fa29da7..4a1fb57676c3 100644
--- a/modules/virt-attaching-vm-to-sriov-network.adoc
+++ b/modules/virt-attaching-vm-to-sriov-network.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-attaching-vm-to-sriov-network_{context}"]
 = Connecting a virtual machine to an SR-IOV network
 
@@ -10,39 +10,38 @@ You can connect the virtual machine (VM) to the SR-IOV network by including the
 
 .Procedure
 
-. Include the SR-IOV network details in the `spec.domain.devices.interfaces` and `spec.networks` of the VM configuration:
+. Add the SR-IOV network details to the `spec.domain.devices.interfaces` and `spec.networks` stanzas of the VM configuration as in the following example:
 +
 [source,yaml]
 ----
+apiVersion: kubevirt.io/v1
 kind: VirtualMachine
-# ...
+metadata:
+  name: example-vm
 spec:
   domain:
     devices:
       interfaces:
-      - name: <default> <1>
-        masquerade: {} <2>
-      - name: <nic1> <3>
+      - name: default
+        masquerade: {}
+      - name: nic1 <1>
         sriov: {}
   networks:
-  - name: <default> <4>
+  - name: default
     pod: {}
-  - name: <nic1> <5>
+  - name: nic1 <2>
     multus:
-        networkName: <sriov-network> <6>
+        networkName: sriov-network <3>
 # ...
 ----
-<1> A unique name for the interface that is connected to the pod network.
-<2> The `masquerade` binding to the default pod network.
-<3> A unique name for the SR-IOV interface.
-<4> The name of the pod network interface. This must be the same as the `interfaces.name` that you defined earlier.
-<5> The name of the SR-IOV interface. This must be the same as the `interfaces.name` that you defined earlier.
-<6> The name of the SR-IOV network attachment definition.
+<1> Specify a unique name for the SR-IOV interface.
+<2> Specify the name of the SR-IOV interface. This must be the same as the `interfaces.name` that you defined earlier.
+<3> Specify the name of the SR-IOV network attachment definition.
 
 . Apply the virtual machine configuration:
 +
 [source,terminal]
 ----
-$ oc apply -f <vm-sriov.yaml> <1>
+$ oc apply -f <vm_sriov>.yaml <1>
 ----
 <1> The name of the virtual machine YAML file.
diff --git a/modules/virt-automatic-certificates-renewal.adoc b/modules/virt-automatic-certificates-renewal.adoc
index b64902dc7543..0102c063b29e 100644
--- a/modules/virt-automatic-certificates-renewal.adoc
+++ b/modules/virt-automatic-certificates-renewal.adoc
@@ -1,9 +1,13 @@
 // Module included in the following assemblies:
 //
-// * virt/node_maintenance/virt-automatic-certificates.adoc
+// * virt/about_virt/virt-security-policies.adoc
 
 [id="virt-automatic-certificates-renewal_{context}"]
-= TLS certificates automatic renewal schedules
+= TLS certificates
+
+TLS certificates for {VirtProductName} components are renewed and rotated automatically. You are not required to refresh them manually.
+
+.Automatic renewal schedules
 
 TLS certificates are automatically deleted and replaced according to the following schedule:
 
diff --git a/modules/virt-autoupdate-custom-bootsource.adoc b/modules/virt-autoupdate-custom-bootsource.adoc
index 680cceae5648..4c47bcc01a84 100644
--- a/modules/virt-autoupdate-custom-bootsource.adoc
+++ b/modules/virt-autoupdate-custom-bootsource.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assembly:
 //
-// * virt/vm_templates/virt-automatic-bootsource-updates.adoc
+// * virt/storage/virt-automatic-bootsource-updates.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-autoupdate-custom-bootsource_{context}"]
 = Enabling automatic updates for custom boot sources
 
@@ -17,9 +17,9 @@
 
 . Open the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Edit the `HyperConverged` CR, adding the appropriate template and boot source in the `dataImportCronTemplates` section. For example:
diff --git a/modules/virt-aws-bm.adoc b/modules/virt-aws-bm.adoc
new file mode 100644
index 000000000000..039b368d9d78
--- /dev/null
+++ b/modules/virt-aws-bm.adoc
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * virt/install/preparing-cluster-for-virt.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="virt-aws-bm_{context}"]
+= {VirtProductName} on AWS bare metal
+
+You can run {VirtProductName} on an Amazon Web Services (AWS) bare-metal {product-title} cluster.
+
+[NOTE]
+====
+{VirtProductName} is also supported on {product-rosa} (ROSA) Classic clusters, which have the same configuration requirements as AWS bare-metal clusters.
+====
+
+Before you set up your cluster, review the following summary of supported features and limitations:
+
+Installing::
+--
+* You can install the cluster by using installer-provisioned infrastructure, ensuring that you specify bare-metal instance types for the worker nodes by editing the `install-config.yaml` file. For example, you can use the `c5n.metal` type value for a machine based on x86_64 architecture.
++
+For more information, see the {product-title} documentation about installing on AWS.
+--
+
+Accessing virtual machines (VMs)::
+--
+* There is no change to how you access VMs by using the `virtctl` CLI tool or the {product-title} web console.
+* You can expose VMs by using a `NodePort` or `LoadBalancer` service. 
+** The load balancer approach is preferable because {product-title} automatically creates the load balancer in AWS and manages its lifecycle. A security group is also created for the load balancer, and you can use annotations to attach existing security groups. When you remove the service, {product-title} removes the load balancer and its associated resources.
+--
+
+Networking::
+--
+* You cannot use Single Root I/O Virtualization (SR-IOV) or bridge Container Network Interface (CNI) networks, including virtual LAN (VLAN). If your application requires a flat layer 2 network or control over the IP pool, consider using OVN-Kubernetes secondary overlay networks.
+--
+
+Storage::
+--
+* You can use any storage solution that is certified by the storage vendor to work with the underlying platform.
++
+[IMPORTANT]
+====
+AWS bare-metal and ROSA clusters might have different supported storage solutions. Ensure that you confirm support with your storage vendor.
+====
+* Amazon Elastic File System (EFS) and Amazon Elastic Block Store (EBS) are not supported for use with {VirtProductName} due to performance and functionality limitations.
+--
\ No newline at end of file
diff --git a/modules/virt-binding-devices-vfio-driver.adoc b/modules/virt-binding-devices-vfio-driver.adoc
index c3fe65ba162e..844630f2116d 100644
--- a/modules/virt-binding-devices-vfio-driver.adoc
+++ b/modules/virt-binding-devices-vfio-driver.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-binding-devices-vfio-driver_{context}"]
 = Binding PCI devices to the VFIO driver
 To bind PCI devices to the VFIO (Virtual Function I/O) driver, obtain the values for `vendor-ID` and `device-ID` from each device and create a list with the values. Add this list to the `MachineConfig` object. The `MachineConfig` Operator generates the `/etc/modprobe.d/vfio.conf` on the nodes with the PCI devices, and binds the PCI devices to the VFIO driver.
@@ -13,13 +13,13 @@ To bind PCI devices to the VFIO (Virtual Function I/O) driver, obtain the values
 .Procedure
 . Run the `lspci` command to obtain the `vendor-ID` and the `device-ID` for the PCI device.
 +
-[source, terminal]
+[source,terminal]
 ----
 $ lspci -nnv | grep -i nvidia
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 02:01.0 3D controller [0302]: NVIDIA Corporation GV100GL [Tesla V100 PCIe 32GB] [10de:1eb8] (rev a1)
 ----
@@ -32,10 +32,10 @@ See "Creating machine configs with Butane" for information about Butane.
 ====
 +
 .Example
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 variant: openshift
-version: 4.13.0
+version: {product-version}.0
 metadata:
   name: 100-worker-vfiopci
   labels:
@@ -80,7 +80,7 @@ $ oc get MachineConfig
 ----
 +
 .Example output
-[source, terminal]
+[source,terminal]
 ----
 NAME                             GENERATEDBYCONTROLLER                      IGNITIONVERSION  AGE
 00-master                        d3da910bfa9f4b599af4ed7f5ac270d55950a3a1   3.2.0            25h
diff --git a/modules/virt-booting-vms-uefi-mode.adoc b/modules/virt-booting-vms-uefi-mode.adoc
index ca52231d09aa..0550cb9f7f56 100644
--- a/modules/virt-booting-vms-uefi-mode.adoc
+++ b/modules/virt-booting-vms-uefi-mode.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-uefi-mode-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-booting-vms-uefi-mode_{context}"]
 = Booting virtual machines in UEFI mode
 
diff --git a/modules/virt-building-vm-containerdisk-image.adoc b/modules/virt-building-vm-containerdisk-image.adoc
index 58fca172a49b..3137b6fd20ca 100644
--- a/modules/virt-building-vm-containerdisk-image.adoc
+++ b/modules/virt-building-vm-containerdisk-image.adoc
@@ -1,16 +1,15 @@
 // Module included in the following assemblies:
 //
-// * virt//support/monitoring/virt-running-cluster-checkups.adoc              
+// * virt//support/monitoring/virt-running-cluster-checkups.adoc
 
-:_content-type: PROCEDURE                                             
-[id="virt-building-vm-containerdisk-image_{context}"]                                  
+:_mod-docs-content-type: PROCEDURE
+[id="virt-building-vm-containerdisk-image_{context}"]
 = Building a container disk image for {op-system-base} virtual machines
 
-You can build a custom {op-system-base-full} 8 OS image in `qcow2` format and use it to create a container disk image. You can store the container disk image in a registry that is accessible from your cluster and specify the image location in the `spec.param.vmContainerDiskImage` attribute of the DPDK checkup config map. 
+You can build a custom {op-system-base-full} 8 OS image in `qcow2` format and use it to create a container disk image. You can store the container disk image in a registry that is accessible from your cluster and specify the image location in the `spec.param.vmContainerDiskImage` attribute of the DPDK checkup config map.
 
 To build a container disk image, you must create an image builder virtual machine (VM). The _image builder VM_ is a {op-system-base} 8 VM that can be used to build custom {op-system-base} images.
 
-
 .Prerequisites
 * The image builder VM must run {op-system-base} 8.7 and must have a minimum of 2 CPU cores, 4 GiB RAM, and 20 GB of free space in the `/var` directory.
 * You have installed the image builder tool and its CLI (`composer-cli`) on the VM.
@@ -56,6 +55,10 @@ description = "Image to use with the DPDK checkup"
 version = "0.0.1"
 distro = "rhel-87"
 
+[[customizations.user]]
+name = "root"
+password = "redhat"
+
 [[packages]]
 name = "dpdk"
 
@@ -69,7 +72,7 @@ name = "driverctl"
 name = "tuned-profiles-cpu-partitioning"
 
 [customizations.kernel]
-append = "default_hugepagesz=1GB hugepagesz=1G hugepages=8 isolcpus=2-7"
+append = "default_hugepagesz=1GB hugepagesz=1G hugepages=1"
 
 [customizations.services]
 disabled = ["NetworkManager-wait-online", "sshd"]
@@ -109,20 +112,18 @@ EOF
 [source,terminal]
 ----
 $ cat <<EOF >customize-vm
-echo  isolated_cores=2-7 > /etc/tuned/cpu-partitioning-variables.conf
-tuned-adm profile cpu-partitioning
+#!/bin/bash
+
+# Setup hugepages mount
+mkdir -p /mnt/huge
+echo "hugetlbfs /mnt/huge hugetlbfs defaults,pagesize=1GB 0 0" >> /etc/fstab
+
+# Create vfio-noiommu.conf
 echo "options vfio enable_unsafe_noiommu_mode=1" > /etc/modprobe.d/vfio-noiommu.conf
-EOF
-----
-+
-[source,terminal]
-----
-$ cat <<EOF >first-boot
-driverctl set-override 0000:06:00.0 vfio-pci
-driverctl set-override 0000:07:00.0 vfio-pci
 
-mkdir /mnt/huge
-mount /mnt/huge --source nodev -t hugetlbfs -o pagesize=1GB
+# Enable guest-exec,guest-exec-status on the qemu-guest-agent configuration
+sed -i '/^BLACKLIST_RPC=/ { s/guest-exec-status//; s/guest-exec//g }' /etc/sysconfig/qemu-ga
+sed -i '/^BLACKLIST_RPC=/ { s/,\+/,/g; s/^,\|,$//g }' /etc/sysconfig/qemu-ga
 EOF
 ----
 
@@ -130,7 +131,7 @@ EOF
 +
 [source,terminal]
 ----
-$ virt-customize -a <UUID>.qcow2 --run=customize-vm --firstboot=first-boot --selinux-relabel
+$ virt-customize -a <UUID>-disk.qcow2 --run=customize-vm --selinux-relabel
 ----
 
 . To create a Dockerfile that contains all the commands to build the container disk image, enter the following command:
@@ -139,13 +140,13 @@ $ virt-customize -a <UUID>.qcow2 --run=customize-vm --firstboot=first-boot --sel
 ----
 $ cat << EOF > Dockerfile
 FROM scratch
-COPY <uuid>-disk.qcow2 /disk/
+COPY --chown=107:107 <UUID>-disk.qcow2 /disk/
 EOF
 ----
 +
 where:
 
-<uuid>-disk.qcow2:: Specifies the name of the custom image in `qcow2` format.
+<UUID>-disk.qcow2:: Specifies the name of the custom image in `qcow2` format.
 
 . Build and tag the container by running the following command:
 +
@@ -161,4 +162,4 @@ $ podman build . -t dpdk-rhel:latest
 $ podman push dpdk-rhel:latest
 ----
 
-. Provide a link to the container disk image in the `spec.param.vmContainerDiskImage` attribute in the DPDK checkup config map.
\ No newline at end of file
+. Provide a link to the container disk image in the `spec.param.vmUnderTestContainerDiskImage` attribute in the DPDK checkup config map.
\ No newline at end of file
diff --git a/modules/virt-canceling-vm-migration-cli.adoc b/modules/virt-canceling-vm-migration-cli.adoc
new file mode 100644
index 000000000000..e7317997495c
--- /dev/null
+++ b/modules/virt-canceling-vm-migration-cli.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * virt/live_migration/virt-initiating-live-migration.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-canceling-vm-migration-cli_{context}"]
+= Canceling live migration by using the command line
+
+Cancel the live migration of a virtual machine by deleting the
+`VirtualMachineInstanceMigration` object associated with the migration.
+
+.Procedure
+
+* Delete the `VirtualMachineInstanceMigration` object that triggered the live
+migration, `migration-job` in this example:
++
+
+[source,terminal]
+----
+$ oc delete vmim migration-job
+----
diff --git a/modules/virt-canceling-vm-migration-web.adoc b/modules/virt-canceling-vm-migration-web.adoc
new file mode 100644
index 000000000000..4a563f2ec737
--- /dev/null
+++ b/modules/virt-canceling-vm-migration-web.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * virt/live_migration/virt-initiating-live-migration.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-canceling-vm-migration-web_{context}"]
+= Canceling live migration by using the web console
+
+You can cancel the live migration of a virtual machine (VM) by using the {product-title} web console.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select *Cancel Migration* on the Options menu {kebab} beside a VM.
+
diff --git a/modules/virt-cancelling-vm-migration-cli.adoc b/modules/virt-cancelling-vm-migration-cli.adoc
deleted file mode 100644
index c88870b2be4a..000000000000
--- a/modules/virt-cancelling-vm-migration-cli.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/live_migration/virt-cancel-vmi-migration.adoc
-
-:_content-type: PROCEDURE
-[id="virt-cancelling-vm-migration-cli_{context}"]
-= Cancelling live migration of a virtual machine instance in the CLI
-
-Cancel the live migration of a virtual machine instance by deleting the
-`VirtualMachineInstanceMigration` object associated with the migration.
-
-.Procedure
-
-* Delete the `VirtualMachineInstanceMigration` object that triggered the live
-migration, `migration-job` in this example:
-+
-
-[source,terminal]
-----
-$ oc delete vmim migration-job
-----
diff --git a/modules/virt-cancelling-vm-migration-web.adoc b/modules/virt-cancelling-vm-migration-web.adoc
deleted file mode 100644
index 8bf54ee4f675..000000000000
--- a/modules/virt-cancelling-vm-migration-web.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/live_migration/virt-cancel-vmi-migration.adoc
-
-:_content-type: PROCEDURE
-[id="virt-cancelling-vm-migration-web_{context}"]
-= Cancelling live migration of a virtual machine instance in the web console
-
-You can cancel the live migration of a virtual machine instance in the web console.
-
-.Procedure
-
-. In the {product-title} console, click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Click the Options menu {kebab} beside a virtual machine and select *Cancel Migration*.
-
diff --git a/modules/virt-cdi-supported-operations-matrix.adoc b/modules/virt-cdi-supported-operations-matrix.adoc
index 865355f8a995..a8e5b3adc973 100644
--- a/modules/virt-cdi-supported-operations-matrix.adoc
+++ b/modules/virt-cdi-supported-operations-matrix.adoc
@@ -2,10 +2,10 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-virtctl.adoc
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
-// * virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
+// * virt/storage/virt-preparing-cdi-scratch-space.adoc
 // * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc
 // * virt/virtual_machines/cloning_vms/virt-cloning-vm-using-datavolumetemplate.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
+// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-to-new-block-storage-pvc.adoc
 // * virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
 // * virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes-block.adoc
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-web.adoc
diff --git a/modules/virt-checking-cluster-dpdk-readiness.adoc b/modules/virt-checking-cluster-dpdk-readiness.adoc
index e91c708370a5..2c17be4b8605 100644
--- a/modules/virt-checking-cluster-dpdk-readiness.adoc
+++ b/modules/virt-checking-cluster-dpdk-readiness.adoc
@@ -2,16 +2,15 @@
 //
 // * virt/monitoring/virt-running-cluster-checkups.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-checking-cluster-dpdk-readiness_{context}"]
 = DPDK checkup
 
-Use a predefined checkup to verify that your {product-title} cluster node can run a virtual machine (VM) with a Data Plane Development Kit (DPDK) workload with zero packet loss. The DPDK checkup runs traffic between a traffic generator pod and a VM running a test DPDK application.
+Use a predefined checkup to verify that your {product-title} cluster node can run a virtual machine (VM) with a Data Plane Development Kit (DPDK) workload with zero packet loss. The DPDK checkup runs traffic between a traffic generator and a VM running a test DPDK application.
 
 You run a DPDK checkup by performing the following steps:
 
-. Create a service account, role, and role bindings for the DPDK checkup and a service account for the traffic generator pod.
-. Create a security context constraints resource for the traffic generator pod.
+. Create a service account, role, and role bindings for the DPDK checkup.
 . Create a config map to provide the input to run the checkup and to store the results.
 . Create a job to run the checkup.
 . Review the results in the config map.
@@ -19,13 +18,13 @@ You run a DPDK checkup by performing the following steps:
 . When you are finished, delete the DPDK checkup resources.
 
 .Prerequisites
-* You have access to the cluster as a user with `cluster-admin` permissions.
 * You have installed the OpenShift CLI (`oc`).
-* You have configured the compute nodes to run DPDK applications on VMs with zero packet loss.
+* The cluster is configured to run DPDK applications.
+* The project is configured to run DPDK applications.
 
 .Procedure
 
-. Create a `ServiceAccount`, `Role`, and `RoleBinding` manifest for the DPDK checkup and the traffic generator pod:
+. Create a `ServiceAccount`, `Role`, and `RoleBinding` manifest for the DPDK checkup:
 +
 .Example service account, role, and rolebinding manifest file
 [%collapsible]
@@ -71,14 +70,8 @@ rules:
     resources: [ "virtualmachineinstances/console" ]
     verbs: [ "get" ]
   - apiGroups: [ "" ]
-    resources: [ "pods" ]
-    verbs: [ "create", "get", "delete" ]
-  - apiGroups: [ "" ]
-    resources: [ "pods/exec" ]
-    verbs: [ "create" ]
-  - apiGroups: [ "k8s.cni.cncf.io" ]
-    resources: [ "network-attachment-definitions" ]
-    verbs: [ "get" ]
+    resources: [ "configmaps" ]
+    verbs: [ "create", "delete" ]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -91,11 +84,6 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: kubevirt-dpdk-checker
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: dpdk-checkup-traffic-gen-sa
 ----
 ====
 
@@ -106,53 +94,6 @@ metadata:
 $ oc apply -n <target_namespace> -f <dpdk_sa_roles_rolebinding>.yaml
 ----
 
-. Create a `SecurityContextConstraints` manifest for the traffic generator pod:
-+
-.Example security context constraints manifest
-[source,yaml]
-----
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  name: dpdk-checkup-traffic-gen
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: false
-allowPrivilegedContainer: false
-allowedCapabilities:
-- IPC_LOCK
-- NET_ADMIN
-- NET_RAW
-- SYS_RESOURCE
-defaultAddCapabilities: null
-fsGroup:
-  type: RunAsAny
-groups: []
-readOnlyRootFilesystem: false
-requiredDropCapabilities: null
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: RunAsAny
-seccompProfiles:
-- runtime/default
-- unconfined
-supplementalGroups:
-  type: RunAsAny
-users:
-- system:serviceaccount:dpdk-checkup-ns:dpdk-checkup-traffic-gen-sa
-----
-
-. Apply the `SecurityContextConstraints` manifest:
-+
-[source,terminal]
-----
-$ oc apply -f <dpdk_scc>.yaml
-----
-
 . Create a `ConfigMap` manifest that contains the input parameters for the checkup:
 +
 .Example input config map
@@ -162,17 +103,17 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: dpdk-checkup-config
+  labels:
+    kiagnose/checkup-type: kubevirt-dpdk
 data:
   spec.timeout: 10m
   spec.param.networkAttachmentDefinitionName: <network_name> <1>
-  spec.param.trafficGeneratorRuntimeClassName: <runtimeclass_name> <2>
-  spec.param.trafficGeneratorImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-traffic-gen:v0.1.1" <3>
-  spec.param.vmContainerDiskImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-vm:v0.1.1" <4>
+  spec.param.trafficGenContainerDiskImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-traffic-gen:v0.3.1 <2>
+  spec.param.vmUnderTestContainerDiskImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-vm:v0.3.1" <3>
 ----
 <1> The name of the `NetworkAttachmentDefinition` object.
-<2> The `RuntimeClass` resource that the traffic generator pod uses.
-<3> The container image for the traffic generator. In this example, the image is pulled from the upstream Project Quay Container Registry.
-<4> The container disk image for the VM. In this example, the image is pulled from the upstream Project Quay Container Registry.
+<2> The container disk image for the traffic generator. In this example, the image is pulled from the upstream Project Quay Container Registry.
+<3> The container disk image for the VM under test. In this example, the image is pulled from the upstream Project Quay Container Registry.
 
 . Apply the `ConfigMap` manifest in the target namespace:
 +
@@ -184,12 +125,14 @@ $ oc apply -n <target_namespace> -f <dpdk_config_map>.yaml
 . Create a `Job` manifest to run the checkup:
 +
 .Example job manifest
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: dpdk-checkup
+  labels:
+    kiagnose/checkup-type: kubevirt-dpdk
 spec:
   backoffLimit: 0
   template:
@@ -198,7 +141,7 @@ spec:
       restartPolicy: Never
       containers:
         - name: dpdk-checkup
-          image: registry.redhat.io/container-native-virtualization/kubevirt-dpdk-checkup-rhel9:v4.13.0
+          image: registry.redhat.io/container-native-virtualization/kubevirt-dpdk-checkup-rhel9:v{product-version}.0
           imagePullPolicy: Always
           securityContext:
             allowPrivilegeEscalation: false
@@ -246,20 +189,38 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: dpdk-checkup-config
+  labels:
+    kiagnose/checkup-type: kubevirt-dpdk
 data:
-  spec.timeout: 1h2m
-  spec.param.NetworkAttachmentDefinitionName: "mlx-dpdk-network-1"
-  spec.param.trafficGeneratorRuntimeClassName: performance-performance-zeus10
-  spec.param.trafficGeneratorImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-traffic-gen:v0.1.1"
-  spec.param.vmContainerDiskImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-vm:v0.1.1"
-  status.succeeded: true
-  status.failureReason: " "
-  status.startTimestamp: 2022-12-21T09:33:06+00:00
-  status.completionTimestamp: 2022-12-21T11:33:06+00:00
-  status.result.actualTrafficGeneratorTargetNode: worker-dpdk1
-  status.result.actualDPDKVMTargetNode: worker-dpdk2
-  status.result.dropRate: 0
-----
+  spec.timeout: 10m
+  spec.param.NetworkAttachmentDefinitionName: "dpdk-network-1"
+  spec.param.trafficGenContainerDiskImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-traffic-gen:v0.2.0"
+  spec.param.vmUnderTestContainerDiskImage: "quay.io/kiagnose/kubevirt-dpdk-checkup-vm:v0.2.0"
+  status.succeeded: "true" <1>
+  status.failureReason: "" <2>
+  status.startTimestamp: "2023-07-31T13:14:38Z" <3>
+  status.completionTimestamp: "2023-07-31T13:19:41Z" <4>
+  status.result.trafficGenSentPackets: "480000000" <5>
+  status.result.trafficGenOutputErrorPackets: "0" <6>
+  status.result.trafficGenInputErrorPackets: "0" <7>
+  status.result.trafficGenActualNodeName: worker-dpdk1 <8>
+  status.result.vmUnderTestActualNodeName: worker-dpdk2 <9>
+  status.result.vmUnderTestReceivedPackets: "480000000" <10>
+  status.result.vmUnderTestRxDroppedPackets: "0" <11>
+  status.result.vmUnderTestTxDroppedPackets: "0" <12>
+----
+<1> Specifies if the checkup is successful (`true`) or not (`false`).
+<2> The reason for failure if the checkup fails.
+<3> The time when the checkup started, in RFC 3339 time format.
+<4> The time when the checkup has completed, in RFC 3339 time format.
+<5> The number of packets sent from the traffic generator.
+<6> The number of error packets sent from the traffic generator.
+<7> The number of error packets received by the traffic generator.
+<8> The node on which the traffic generator VM was scheduled.
+<9> The node on which the VM under test was scheduled.
+<10> The number of packets received on the VM under test.
+<11> The ingress traffic packets that were dropped by the DPDK application.
+<12> The egress traffic packets that were dropped from the DPDK application.
 
 . Delete the job and config map that you previously created by running the following commands:
 +
diff --git a/modules/virt-cloning-a-datavolume.adoc b/modules/virt-cloning-a-datavolume.adoc
index 354f3b06088c..d38ced082630 100644
--- a/modules/virt-cloning-a-datavolume.adoc
+++ b/modules/virt-cloning-a-datavolume.adoc
@@ -2,58 +2,67 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-cloning-a-datavolume_{context}"]
-= Cloning a data volume
+= Smart-cloning a PVC by using the command line
 
-.Prerequisites
+You can smart-clone a persistent volume claim (PVC) by using the command line to create a `DataVolume` object.
 
-For smart-cloning to occur, the following conditions are required:
+.Prerequisites
 
 * Your storage provider must support snapshots.
-* The source and target PVCs must be defined to the same storage class.
-* The source and target PVCs share the same *volumeMode*.
-* The `VolumeSnapshotClass` object must reference the storage class defined to both the source and target PVCs.
+* The source and target PVCs must have the same storage provider and volume mode.
+* The value of the `driver` key of the `VolumeSnapshotClass` object must match the value of the `provisioner` key of the `StorageClass` object as shown in the following example:
++
+.Example `VolumeSnapshotClass` object
+[source,yaml]
+----
+kind: VolumeSnapshotClass
+apiVersion: snapshot.storage.k8s.io/v1
+driver: openshift-storage.rbd.csi.ceph.com
+# ...
+----
++
+.Example `StorageClass` object
+[source,yaml]
+----
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+# ...
+provisioner: openshift-storage.rbd.csi.ceph.com
+----
 
 .Procedure
 
-To initiate cloning of a data volume:
-
-. Create a YAML file for a `DataVolume` object that specifies the name of the
-new data volume and the name and namespace of the source PVC. In this example, because you specify the *storage* API, there is no need to specify *accessModes* or *volumeMode*. The optimal values will be calculated for you automatically.
+. Create a YAML file for a `DataVolume` object as shown in the following example:
 +
 [source,yaml]
 ----
 apiVersion: cdi.kubevirt.io/v1beta1
 kind: DataVolume
 metadata:
-  name: <cloner-datavolume> <1>
+  name: <datavolume> <1>
 spec:
   source:
     pvc:
-      namespace: "<source-namespace>" <2>
-      name: "<my-favorite-vm-disk>" <3>
-  storage: <4>
-    resources:
-      requests:
-        storage: <2Gi> <5>
-----
-<1> The name of the new data volume.
-<2> The namespace where the source PVC exists.
-<3> The name of the source PVC.
-<4> Specifies allocation with the *storage* API
-<5> The size of the new data volume.
+      namespace: "<source_namespace>" <2>
+      name: "<my_vm_disk>" <3>
+  storage:
+    storageClassName: <storage_class> <4>
+----
+<1> Specify the name of the new data volume.
+<2> Specify the namespace of the source PVC.
+<3> Specify the name of the source PVC.
+<4> Optional: If the storage class is not specified, the default storage class is used.
 
-. Start cloning the PVC by creating the data volume:
+. Create the data volume by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <cloner-datavolume>.yaml
+$ oc create -f <datavolume>.yaml
 ----
 +
 [NOTE]
 ====
-Data volumes prevent a virtual machine from starting before the PVC is prepared,
-so you can create a virtual machine that references the new data volume while the
-PVC clones.
+Data volumes prevent a virtual machine from starting before the PVC is prepared. You can create a virtual machine that references the new data volume while the PVC is being cloned.
 ====
diff --git a/modules/virt-cloning-local-volume-to-another-node.adoc b/modules/virt-cloning-local-volume-to-another-node.adoc
deleted file mode 100644
index 9fbf5f2db174..000000000000
--- a/modules/virt-cloning-local-volume-to-another-node.adoc
+++ /dev/null
@@ -1,135 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-moving-local-vm-disk-to-different-node.adoc
-
-:_content-type: PROCEDURE
-[id="virt-cloning-local-volume-to-another-node_{context}"]
-= Cloning a local volume to another node
-
-You can move a virtual machine disk so that it runs on a specific node by cloning the underlying persistent volume claim (PVC).
-
-To ensure the virtual machine disk is cloned to the correct node, you must either create a new persistent volume (PV) or identify one on the correct node.
-Apply a unique label to the PV so that it can be referenced by the data volume.
-
-[NOTE]
-====
-The destination PV must be the same size or larger than the source PVC.
-If the destination PV is smaller than the source PVC, the cloning operation fails.
-====
-
-.Prerequisites
-
-* The virtual machine must not be running. Power down the virtual machine before cloning the virtual machine disk.
-
-.Procedure
-
-. Either create a new local PV on the node, or identify a local PV already on the node:
-
-* Create a local PV that includes the `nodeAffinity.nodeSelectorTerms` parameters. The following manifest creates a `10Gi` local PV on `node01`.
-+
-[source,yaml]
-----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: <destination-pv> <1>
-  annotations:
-spec:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 10Gi <2>
-  local:
-    path: /mnt/local-storage/local/disk1 <3>
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname
-          operator: In
-          values:
-          - node01 <4>
-  persistentVolumeReclaimPolicy: Delete
-  storageClassName: local
-  volumeMode: Filesystem
-----
-<1> The name of the PV.
-<2> The size of the PV. You must allocate enough space, or the cloning operation fails. The size must be the same as or larger than the source PVC.
-<3> The mount path on the node.
-<4> The name of the node where you want to create the PV.
-
-* Identify a PV that already exists on the target node. You can identify the node where a PV is provisioned by viewing the `nodeAffinity` field in its configuration:
-+
-[source,terminal]
-----
-$ oc get pv <destination-pv> -o yaml
-----
-+
-The following snippet shows that the PV is on `node01`:
-+
-.Example output
-[source,yaml]
-----
-# ...
-spec:
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname <1>
-          operator: In
-          values:
-          - node01 <2>
-# ...
-----
-<1> The `kubernetes.io/hostname` key uses the node hostname to select a node.
-<2> The hostname of the node.
-
-. Add a unique label to the PV:
-+
-[source,terminal]
-----
-$ oc label pv <destination-pv> node=node01
-----
-
-. Create a data volume manifest that references the following:
-
-* The PVC name and namespace of the virtual machine.
-* The label you applied to the PV in the previous step.
-* The size of the destination PV.
-+
-[source,yaml]
-----
-apiVersion: cdi.kubevirt.io/v1beta1
-kind: DataVolume
-metadata:
-  name: <clone-datavolume> <1>
-spec:
-  source:
-    pvc:
-      name: "<source-vm-disk>" <2>
-      namespace: "<source-namespace>" <3>
-  pvc:
-    accessModes:
-      - ReadWriteOnce
-    selector:
-      matchLabels:
-        node: node01 <4>
-    resources:
-      requests:
-        storage: <10Gi> <5>
-----
-<1> The name of the new data volume.
-<2> The name of the source PVC. If you do not know the PVC name, you can find it in the virtual machine configuration: `spec.volumes.persistentVolumeClaim.claimName`.
-<3> The namespace where the source PVC exists.
-<4> The label that you applied to the PV in the previous step.
-<5> The size of the destination PV.
-
-. Start the cloning operation by applying the data volume manifest to your cluster:
-+
-[source,terminal]
-----
-$ oc apply -f <clone-datavolume.yaml>
-----
-
-The data volume clones the PVC of the virtual machine into the PV on the specific node.
diff --git a/modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc b/modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc
index 349b23d2f352..b3f1ac849cec 100644
--- a/modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc
+++ b/modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc
@@ -1,88 +1,55 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
+// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-to-new-block-storage-pvc.adoc
 
-// `blockstorage` conditionals are used (declared in the "*-block" assembly) to separate content 
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-cloning-pvc-of-vm-disk-into-new-datavolume_{context}"]
-= Cloning the persistent volume claim of a virtual machine disk into a new data volume
+= Cloning the PVC of a VM disk into a new data volume
 
-You can clone a persistent volume claim (PVC) of an existing virtual machine disk
+You can clone the persistent volume claim (PVC) of an existing (virtual machine) VM disk
 into a new data volume. The new data volume can then be used for a new virtual
 machine.
 
 [NOTE]
 ====
-When a data volume is created independently of a virtual machine, the lifecycle
-of the data volume is independent of the virtual machine. If the virtual machine
-is deleted, neither the data volume nor its associated PVC is deleted.
+When a data volume is created independently of a VM, the lifecycle of the data volume is independent of the VM. If the VM is deleted, neither the data volume nor its associated PVC is deleted.
 ====
 
 .Prerequisites
 
-* Determine the PVC of an existing virtual machine disk to use. You must power
-down the virtual machine that is associated with the PVC before you can clone it.
-* Install the OpenShift CLI (`oc`).
-ifdef::blockstorage[]
-* At least one available block persistent volume (PV) that is the same size as or larger than the source PVC.
-endif::[]
+* The VM must be stopped.
 
 .Procedure
 
-. Examine the virtual machine disk you want to clone to identify the name and
-namespace of the associated PVC.
-
-. Create a YAML file for a data volume that specifies the name of the
-new data volume, the name and namespace of the source PVC, 
-ifdef::blockstorage[]
-`volumeMode: Block` so that an available block PV is used,
-endif::[]
-and the size of the new data volume.
-+
-For example:
+. Create a YAML file for a data volume as shown in the following example:
 +
 [source,yaml]
 ----
 apiVersion: cdi.kubevirt.io/v1beta1
 kind: DataVolume
 metadata:
-  name: <cloner-datavolume> <1>
+  name: <datavolume> <1>
 spec:
   source:
     pvc:
-      namespace: "<source-namespace>" <2>
-      name: "<my-favorite-vm-disk>" <3>
-  pvc:
-    accessModes:
-      - ReadWriteOnce
-    resources:
-      requests:
-        storage: <2Gi> <4>
-ifdef::blockstorage[]
-    volumeMode: Block <5>
-endif::[]
+      namespace: "<source_namespace>" <2>
+      name: "<my_vm_disk>" <3>
+  storage: {}
 ----
-<1> The name of the new data volume.
-<2> The namespace where the source PVC exists.
-<3> The name of the source PVC.
-<4> The size of the new data volume. You must allocate enough space, or the
-cloning operation fails. The size must be the same as or larger than the source PVC.
-ifdef::blockstorage[]
-<5> Specifies that the destination is a block PV
-endif::[]
+<1> Specify the name of the new data volume.
+<2> Specify the namespace of the source PVC.
+<3> Specify the name of the source PVC.
 
-. Start cloning the PVC by creating the data volume:
+. Create the data volume by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f <cloner-datavolume>.yaml
+$ oc create -f <datavolume>.yaml
 ----
 +
 [NOTE]
 ====
-Data volumes prevent a virtual machine from starting before the PVC is prepared,
-so you can create a virtual machine that references the new data volume while the
-PVC clones.
+Data volumes prevent a VM from starting before the PVC is prepared. You can create a VM that references the new data volume while the
+PVC is being cloned.
 ====
diff --git a/modules/virt-cloning-pvc-to-dv-cli.adoc b/modules/virt-cloning-pvc-to-dv-cli.adoc
new file mode 100644
index 000000000000..2f7fc099e79e
--- /dev/null
+++ b/modules/virt-cloning-pvc-to-dv-cli.adoc
@@ -0,0 +1,81 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-cloning-pvc-to-dv-cli_{context}"]
+= Cloning a PVC to a data volume
+
+You can clone the persistent volume claim (PVC) of an existing virtual machine (VM) disk to a data volume by using the command line.
+
+You create a data volume that references the original source PVC. The lifecycle of the new data volume is independent of the original VM. Deleting the original VM does not affect the new data volume or its associated PVC.
+
+Cloning between different volume modes is supported for host-assisted cloning, such as cloning from a block persistent volume (PV) to a file system PV, as long as the source and target PVs belong to the `kubevirt` content type.
+
+[NOTE]
+====
+Smart-cloning is faster and more efficient than host-assisted cloning because it uses snapshots to clone PVCs. Smart-cloning is supported by storage providers that support snapshots, such as {rh-storage-first}.
+
+Cloning between different volume modes is not supported for smart-cloning.
+====
+
+.Prerequisites
+
+* The VM with the source PVC must be powered down.
+* If you clone a PVC to a different namespace, you must have permissions to create resources in the target namespace.
+* Additional prerequisites for smart-cloning:
+** Your storage provider must support snapshots.
+** The source and target PVCs must have the same storage provider and volume mode.
+** The value of the `driver` key of the `VolumeSnapshotClass` object must match the value of the `provisioner` key of the `StorageClass` object as shown in the following example:
++
+.Example `VolumeSnapshotClass` object
+[source,yaml]
+----
+kind: VolumeSnapshotClass
+apiVersion: snapshot.storage.k8s.io/v1
+driver: openshift-storage.rbd.csi.ceph.com
+# ...
+----
++
+.Example `StorageClass` object
+[source,yaml]
+----
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+# ...
+provisioner: openshift-storage.rbd.csi.ceph.com
+----
+
+.Procedure
+
+. Create a `DataVolume` manifest as shown in the following example:
++
+[source,yaml]
+----
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+  name: <datavolume> <1>
+spec:
+  source:
+    pvc:
+      namespace: "<source_namespace>" <2>
+      name: "<my_vm_disk>" <3>
+  storage: {}
+----
+<1> Specify the name of the new data volume.
+<2> Specify the namespace of the source PVC.
+<3> Specify the name of the source PVC.
+
+. Create the data volume by running the following command:
++
+[source,terminal]
+----
+$ oc create -f <datavolume>.yaml
+----
++
+[NOTE]
+====
+Data volumes prevent a VM from starting before the PVC is prepared. You can create a VM that references the new data volume while the
+PVC is being cloned.
+====
diff --git a/modules/virt-cloud-init-fields-web.adoc b/modules/virt-cloud-init-fields-web.adoc
index f97cce6d0b4a..95df5cb8e012 100644
--- a/modules/virt-cloud-init-fields-web.adoc
+++ b/modules/virt-cloud-init-fields-web.adoc
@@ -1,7 +1,6 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
-// * virt/vm_templates/virt-creating-vm-template.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
 
 [id="virt-cloud-init-fields-web_{context}"]
 = Cloud-init fields
diff --git a/modules/virt-cluster-resource-requirements.adoc b/modules/virt-cluster-resource-requirements.adoc
index 2729d5189a09..5827a41c1b22 100644
--- a/modules/virt-cluster-resource-requirements.adoc
+++ b/modules/virt-cluster-resource-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/preparing-cluster-for-virt.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-cluster-resource-requirements_{context}"]
 = Physical resource overhead requirements
 
@@ -34,14 +34,19 @@ Additionally, {VirtProductName} environment resources require a total of 2179 Mi
 .Virtual machine memory overhead
 
 ----
-Memory overhead per virtual machine ≈ (1.002 * requested memory) + 146 MiB  \
-              + 8 MiB * (number of vCPUs) \ <1>
-              + 16 MiB * (number of graphics devices) <2>
+Memory overhead per virtual machine ≈ (1.002 × requested memory) \
+              + 218 MiB \ <1>
+              + 8 MiB × (number of vCPUs) \ <2>
+              + 16 MiB × (number of graphics devices) \ <3>
+              + (additional memory overhead) <4>
 ----
-<1> Number of virtual CPUs requested by the virtual machine
-<2> Number of virtual graphics cards requested by the virtual machine
-
-If your environment includes a Single Root I/O Virtualization (SR-IOV) network device or a Graphics Processing Unit (GPU), allocate 1 GiB additional memory overhead for each device.
+<1> Required for the processes that run in the `virt-launcher` pod.
+<2> Number of virtual CPUs requested by the virtual machine.
+<3> Number of virtual graphics cards requested by the virtual machine.
+<4> Additional memory overhead:
+* If your environment includes a Single Root I/O Virtualization (SR-IOV) network device or a Graphics Processing Unit (GPU), allocate 1 GiB additional memory overhead for each device.
+* If Secure Encrypted Virtualization (SEV) is enabled, add 256 MiB.
+* If Trusted Platform Module (TPM) is enabled, add 53 MiB.
 
 [discrete]
 [id="CPU-overhead_{context}"]
diff --git a/modules/virt-common-error-messages.adoc b/modules/virt-common-error-messages.adoc
index dee79d71109e..39899c905235 100644
--- a/modules/virt-common-error-messages.adoc
+++ b/modules/virt-common-error-messages.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-common-error-messages_{context}"]
 = Common error messages
 
diff --git a/modules/virt-configuring-a-live-migration-policy.adoc b/modules/virt-configuring-a-live-migration-policy.adoc
index ff87f1854d9d..15065bcad654 100644
--- a/modules/virt-configuring-a-live-migration-policy.adoc
+++ b/modules/virt-configuring-a-live-migration-policy.adoc
@@ -1,45 +1,36 @@
 // Module included in the following assemblies:
 //
-// * virt/live_migration/virt-configuring-live-migration-policies.adoc
+// * virt/live_migration/virt-configuring-live-migration.adoc
 
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-a-live-migration-policy_{context}"]
-= Configuring a live migration policy from the command line
-
-Use the `MigrationPolicy` custom resource definition (CRD) to define migration policies for one or more groups of selected virtual machine instances (VMIs).
+= Creating a live migration policy by using the command line
 
-You can specify groups of VMIs by using any combination of the following:
+You can create a live migration policy by using the command line. A live migration policy is applied to selected virtual machines (VMs) by using any combination of labels:
 
-* Virtual machine instance labels such as `size`, `os`, `gpu`, and other VMI labels.
-* Namespace labels such as `priority`, `bandwidth`, `hpc-workload`, and other namespace labels.
+* VM labels such as `size`, `os`, or `gpu`
+* Project labels such as `priority`, `bandwidth`, or `hpc-workload`
 
-For the policy to apply to a specific group of VMIs, all labels on the group of VMIs must match the labels in the policy.
+For the policy to apply to a specific group of VMs, all labels on the group of VMs must match the labels of the policy.
 
 [NOTE]
 ====
-If multiple live migration policies apply to a VMI, the policy with the highest number of matching labels takes precedence. If multiple policies meet this criteria, the policies are sorted by lexicographic order of the matching labels keys, and the first one in that order takes precedence.
+If multiple live migration policies apply to a VM, the policy with the greatest number of matching labels takes precedence.
+
+If multiple policies meet this criteria, the policies are sorted by alphabetical order of the matching label keys, and the first one in that order takes precedence.
 ====
 
 .Procedure
 
-. Create a `MigrationPolicy` CRD for your specified group of VMIs. The following example YAML configures a group with the labels `hpc-workloads:true`, `xyz-workloads-type: ""`, `workload-type: db`, and `operating-system: ""`:
-
+. Create a `MigrationPolicy` object as in the following example:
 +
 [source,yaml]
 ----
-apiVersion: migrations.kubevirt.io/v1beta1
+apiVersion: migrations.kubevirt.io/v1alpha1
 kind: MigrationPolicy
 metadata:
-  name: my-awesome-policy
+  name: <migration_policy>
 spec:
-  # Migration Configuration
-  allowAutoConverge: true
-  bandwidthPerMigration: 217Ki
-  completionTimeoutPerGiB: 23
-  allowPostCopy: false
-
-  # Matching to VMIs
   selectors:
     namespaceSelector: <1>
       hpc-workloads: "True"
@@ -48,5 +39,12 @@ spec:
       workload-type: "db"
       operating-system: ""
 ----
-<1> Use `namespaceSelector` to define a group of VMIs by using namespace labels.
-<2> Use `virtualMachineInstanceSelector` to define a group of VMIs by using VMI labels.
+<1> Specify project labels.
+<2> Specify VM labels.
+
+. Create the migration policy by running the following command:
++
+[source,terminal]
+----
+$ oc create migrationpolicy -f <migration_policy>.yaml
+----
\ No newline at end of file
diff --git a/modules/virt-configuring-certificate-rotation.adoc b/modules/virt-configuring-certificate-rotation.adoc
index c6410ca7b2fb..a6b936a532a7 100644
--- a/modules/virt-configuring-certificate-rotation.adoc
+++ b/modules/virt-configuring-certificate-rotation.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-configuring-certificate-rotation.adoc
+// * virt/advanced_vm_management/virt-configuring-certificate-rotation.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-certificate-rotation_{context}"]
 = Configuring certificate rotation
 
@@ -12,21 +12,21 @@ You can do this during {VirtProductName} installation in the web console or afte
 
 . Open the `HyperConverged` CR by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Edit the `spec.certConfig` fields as shown in the following example. To avoid overloading the system, ensure that all values are greater than or equal to 10 minutes. Express all values as strings that comply with the link:https://golang.org/pkg/time/#ParseDuration[golang `ParseDuration` format].
 
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
- name: kubevirt-hyperconverged
- namespace: openshift-cnv
+  name: kubevirt-hyperconverged
+  namespace: {CNVNamespace}
 spec:
   certConfig:
     ca:
diff --git a/modules/virt-configuring-cluster-dpdk.adoc b/modules/virt-configuring-cluster-dpdk.adoc
index 8113b27b565f..7e1813716c09 100644
--- a/modules/virt-configuring-cluster-dpdk.adoc
+++ b/modules/virt-configuring-cluster-dpdk.adoc
@@ -1,15 +1,12 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-cluster-dpdk_{context}"]
 = Configuring a cluster for DPDK workloads
 
-You can use the following procedure to configure an {product-title} cluster to run Data Plane Development Kit (DPDK) workloads.
-
-:FeatureName: Configuring a cluster for DPDK workloads
-include::snippets/technology-preview.adoc[]
+You can configure an {product-title} cluster to run Data Plane Development Kit (DPDK) workloads for improved network performance.
 
 .Prerequisites
 * You have access to the cluster as a user with `cluster-admin` permissions.
@@ -17,14 +14,14 @@ include::snippets/technology-preview.adoc[]
 * You have installed the SR-IOV Network Operator.
 * You have installed the Node Tuning Operator.
 
-.Procedure 
+.Procedure
 . Map your compute nodes topology to determine which Non-Uniform Memory Access (NUMA) CPUs are isolated for DPDK applications and which ones are reserved for the operating system (OS).
 . Label a subset of the compute nodes with a custom role; for example, `worker-dpdk`:
 +
 [source,terminal]
 ----
 $ oc label node <node_name> node-role.kubernetes.io/worker-dpdk=""
----- 
+----
 
 . Create a new `MachineConfigPool` manifest that contains the `worker-dpdk` label in the `spec.machineConfigSelector` object:
 +
@@ -63,10 +60,11 @@ spec:
   cpu:
     isolated: 4-39,44-79
     reserved: 0-3,40-43
+  globallyDisableIrqLoadBalancing: true
   hugepages:
     defaultHugepagesSize: 1G
     pages:
-    - count: 32
+    - count: 8
       node: 0
       size: 1G
   net:
@@ -91,9 +89,9 @@ $ oc get performanceprofiles.performance.openshift.io profile-1 -o=jsonpath='{.s
 
 . Set the previously obtained `RuntimeClass` name as the default container runtime class for the `virt-launcher` pods by editing the `HyperConverged` custom resource (CR):
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc patch -n openshift-cnv hco kubevirt-hyperconverged \
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
     --type='json' -p='[{"op": "add", "path": "/spec/defaultRuntimeClass", "value":"<runtimeclass-name>"}]'
 ----
 +
@@ -102,6 +100,20 @@ $ oc patch -n openshift-cnv hco kubevirt-hyperconverged \
 Editing the `HyperConverged` CR changes a global setting that affects all VMs that are created after the change is applied.
 ====
 
+. If your DPDK-enabled compute nodes use Simultaneous multithreading (SMT), enable the `AlignCPUs` enabler by editing the `HyperConverged` CR:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
+    --type='json' -p='[{"op": "replace", "path": "/spec/featureGates/alignCPUs", "value": true}]'
+----
++
+[NOTE]
+====
+Enabling `AlignCPUs` allows {VirtProductName} to request up to two additional dedicated CPUs to bring the total CPU count to an even parity when using
+emulator thread isolation.
+====
+
 . Create an `SriovNetworkNodePolicy` object with the `spec.deviceType` field set to `vfio-pci`:
 +
 .Example `SriovNetworkNodePolicy` manifest
diff --git a/modules/virt-configuring-cluster-eviction-strategy-cli.adoc b/modules/virt-configuring-cluster-eviction-strategy-cli.adoc
new file mode 100644
index 000000000000..7b618c5b24b8
--- /dev/null
+++ b/modules/virt-configuring-cluster-eviction-strategy-cli.adoc
@@ -0,0 +1,36 @@
+// Module included in the following assemblies:
+//
+// * virt/nodes/virt-node-maintenance.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-cluster-eviction-strategy-cli_{context}"]
+= Configuring a cluster eviction strategy by using the command line
+
+You can configure an eviction strategy for a cluster by using the command line.
+
+:FeatureName: Configuring a cluster eviction strategy
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+.Procedure
+
+. Edit the `hyperconverged` resource by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
+----
+
+. Set the cluster eviction strategy as shown in the following example:
++
+.Example cluster eviction strategy
+[source,yaml]
+----
+apiVersion: hco.kubevirt.io/v1beta1
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+spec:
+  evictionStrategy: LiveMigrate
+# ...
+----
+
diff --git a/modules/virt-configuring-default-cpu-model.adoc b/modules/virt-configuring-default-cpu-model.adoc
index db415373feef..c9bdf2b658a6 100644
--- a/modules/virt-configuring-default-cpu-model.adoc
+++ b/modules/virt-configuring-default-cpu-model.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-configuring-default-cpu-model.adoc
+// * virt/advanced_vm_management/virt-configuring-default-cpu-model.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-default-cpu-model_{context}"]
 = Configuring the default CPU model
 
@@ -21,21 +21,21 @@ The `defaultCPUModel` is case sensitive.
 
 . Open the `HyperConverged` CR by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Add the `defaultCPUModel` field to the CR and set the value to the name of a CPU model that exists in the cluster:
 
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
  name: kubevirt-hyperconverged
- namespace: openshift-cnv
+ namespace: {CNVNamespace}
 spec:
   defaultCPUModel: "EPYC"
 ----
diff --git a/modules/virt-configuring-disk-sharing-lun.adoc b/modules/virt-configuring-disk-sharing-lun.adoc
new file mode 100644
index 000000000000..22a1a583a978
--- /dev/null
+++ b/modules/virt-configuring-disk-sharing-lun.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * * virt/virtual_machines/virtual_disks/virt-configuring-shared-volumes-for-vms.adoc
+
+:_content-type: PROCEDURE
+[id="virt-configuring-disk-sharing-lun_{context}"]
+= Configuring disk sharing by using LUN
+
+You can configure a LUN-backed virtual machine disk to be shared among multiple virtual machines by enabling SCSI persistent reservation. Enabling the shared option allows you to use advanced SCSI commands, such as those required for a Windows failover clustering implementation, against the underlying storage. Any disk to be shared must be in block mode.
+
+A disk of type `LUN` exposes the volume as a LUN device to the VM. This allows the VM to execute arbitrary iSCSI command passthrough on the disk.
+
+You reserve a LUN through the SCSI persistent reserve options to protect data on the VM from outside access. To enable the reservation, you configure the feature gate option. You then activate the option on the LUN disk to issue SCSI device-specific input and output controls (IOCTLs) that the VM requires.
+
+.Prerequisites
+
+* The volume access mode must be `ReadWriteMany` (RWX) if the VMs that are sharing disks are running on different nodes.
++
+If the VMs that are sharing disks are running on the same node, `ReadWriteOnce` (RWO) volume access mode is sufficient.
+* The storage provider must support a Container Storage Interface (CSI) driver that uses the SCSI protocol.
+* If you are a cluster administrator and intend to configure disk sharing by using LUN, you must enable the cluster's feature gate on the `HyperConverged` custom resource (CR).
+
+.Procedure
+
+. Edit or create the `VirtualMachine` manifest for your VM to set the required values, as shown in the following example:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: vm-0
+spec:
+  template:
+    spec:
+      domain:
+        devices:
+          disks:
+          - disk:
+              bus: sata
+            name: rootdisk
+          - errorPolicy: report
+            lun: <1>
+              bus: scsi
+              reservation: true <2>
+            name: na-shared
+            serial: shared1234
+      volumes:
+      - dataVolume:
+          name: vm-0
+        name: rootdisk
+      - name: na-shared
+        persistentVolumeClaim:
+          claimName: pvc-na-share
+----
+<1> Identifies a LUN disk.
+<2> Identifies that the persistent reservation is enabled.
+
+. Save the `VirtualMachine` manifest file to apply your changes.
\ No newline at end of file
diff --git a/modules/virt-configuring-highburst-profile.adoc b/modules/virt-configuring-highburst-profile.adoc
new file mode 100644
index 000000000000..b764803e6bb3
--- /dev/null
+++ b/modules/virt-configuring-highburst-profile.adoc
@@ -0,0 +1,34 @@
+
+// Module included in the following assemblies:
+//
+// * virt/advanced_vm_management/virt-vm-control-plane-tuning.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-highburst-profile_{context}"]
+= Configuring a highBurst profile
+
+Use the `highBurst` profile to create and maintain a large number of virtual machines (VMs) in one cluster.
+
+.Procedure
+
+* Apply the following patch to enable the `highBurst` tuning policy profile:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
+  --type=json -p='[{"op": "add", "path": "/spec/tuningPolicy", \
+  "value": "highBurst"}]'
+----
+
+.Verification
+
+* Run the following command to verify the `highBurst` tuning policy profile is enabled:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc get kubevirt.kubevirt.io/kubevirt-kubevirt-hyperconverged \
+  -n {CNVNamespace} -o go-template --template='{{range $config, \
+  $value := .spec.configuration}} {{if eq $config "apiConfiguration" \
+  "webhookConfiguration" "controllerConfiguration" "handlerConfiguration"}} \
+  {{"\n"}} {{$config}} = {{$value}} {{end}} {{end}} {{"\n"}}
+----
\ No newline at end of file
diff --git a/modules/virt-configuring-huge-pages-for-vms.adoc b/modules/virt-configuring-huge-pages-for-vms.adoc
index ae6a8072688e..96d882727b9d 100644
--- a/modules/virt-configuring-huge-pages-for-vms.adoc
+++ b/modules/virt-configuring-huge-pages-for-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-using-huge-pages-with-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-huge-pages-for-vms_{context}"]
 = Configuring huge pages for virtual machines
 
diff --git a/modules/virt-configuring-ip-for-new-vm-cloud-init.adoc b/modules/virt-configuring-ip-for-new-vm-cloud-init.adoc
deleted file mode 100644
index 86298c8571e6..000000000000
--- a/modules/virt-configuring-ip-for-new-vm-cloud-init.adoc
+++ /dev/null
@@ -1,65 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-configuring-ip-for-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-configuring-ip-for-new-vm-cloud-init_{context}"]
-= Configuring an IP address for a new virtual machine using cloud-init
-
-You can use cloud-init to configure the IP address of a secondary NIC when you create a virtual machine (VM). The IP address can be dynamically or statically provisioned.
-
-[NOTE]
-====
-If the VM is connected to the pod network, the pod network interface is the default route unless you update it.
-====
-
-.Prerequisites
-
-* The virtual machine is connected to a secondary network.
-* You have a DHCP server available on the secondary network to configure a dynamic IP for the virtual machine.
-
-.Procedure
-
-* Edit the `spec.template.spec.volumes.cloudInitNoCloud.networkData` stanza of the virtual machine configuration:
-
-** To configure a dynamic IP address, specify the interface name and enable DHCP:
-+
-[source,yaml]
-----
-kind: VirtualMachine
-spec:
-# ...
-  template:
-  # ...
-    spec:
-      volumes:
-      - cloudInitNoCloud:
-          networkData: |
-            version: 2
-            ethernets:
-              eth1: <1>
-                dhcp4: true
-----
-<1> Specify the interface name.
-
-** To configure a static IP, specify the interface name and the IP address:
-+
-[source,yaml]
-----
-kind: VirtualMachine
-spec:
-# ...
-  template:
-  # ...
-    spec:
-      volumes:
-      - cloudInitNoCloud:
-          networkData: |
-            version: 2
-            ethernets:
-              eth1: <1>
-                addresses:
-                - 10.10.10.14/24 <2>
-----
-<1> Specify the interface name.
-<2> Specify the static IP address.
diff --git a/modules/virt-configuring-ip-vm-cli.adoc b/modules/virt-configuring-ip-vm-cli.adoc
new file mode 100644
index 000000000000..85ee4f404049
--- /dev/null
+++ b/modules/virt-configuring-ip-vm-cli.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-ip-vm-cli_{context}"]
+= Configuring an IP address when creating a virtual machine by using the command line
+
+You can configure a static or dynamic IP address when you create a virtual machine (VM). The IP address is provisioned with cloud-init.
+
+[NOTE]
+====
+If the VM is connected to the pod network, the pod network interface is the default route unless you update it.
+====
+
+.Prerequisites
+
+* The virtual machine is connected to a secondary network.
+* You have a DHCP server available on the secondary network to configure a dynamic IP for the virtual machine.
+
+.Procedure
+
+* Edit the `spec.template.spec.volumes.cloudInitNoCloud.networkData` stanza of the virtual machine configuration:
+
+** To configure a dynamic IP address, specify the interface name and enable DHCP:
++
+[source,yaml]
+----
+kind: VirtualMachine
+spec:
+# ...
+  template:
+  # ...
+    spec:
+      volumes:
+      - cloudInitNoCloud:
+          networkData: |
+            version: 2
+            ethernets:
+              eth1: <1>
+                dhcp4: true
+----
+<1> Specify the interface name.
+
+** To configure a static IP, specify the interface name and the IP address:
++
+[source,yaml]
+----
+kind: VirtualMachine
+spec:
+# ...
+  template:
+  # ...
+    spec:
+      volumes:
+      - cloudInitNoCloud:
+          networkData: |
+            version: 2
+            ethernets:
+              eth1: <1>
+                addresses:
+                - 10.10.10.14/24 <2>
+----
+<1> Specify the interface name.
+<2> Specify the static IP address.
diff --git a/modules/virt-configuring-ip-vm-web.adoc b/modules/virt-configuring-ip-vm-web.adoc
new file mode 100644
index 000000000000..13aaec5ec7eb
--- /dev/null
+++ b/modules/virt-configuring-ip-vm-web.adoc
@@ -0,0 +1,30 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-ip-vm-web_{context}"]
+= Configuring a static IP address when creating a virtual machine by using the web console
+
+You can configure a static IP address when you create a virtual machine (VM) by using the web console. The IP address is provisioned with cloud-init.
+
+[NOTE]
+====
+If the VM is connected to the pod network, the pod network interface is the default route unless you update it.
+====
+
+.Prerequisites
+
+* The virtual machine is connected to a secondary network.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Catalog* in the web console.
+. Click a template tile.
+. Click *Customize VirtualMachine*.
+. Click *Next*.
+. On the *Scripts* tab, click the edit icon beside *Cloud-init*.
+. Select the *Add network data* checkbox.
+. Enter the ethernet name, one or more IP addresses separated by commas, and the gateway address.
+. Click *Apply*.
+. Click *Create VirtualMachine*.
\ No newline at end of file
diff --git a/modules/virt-configuring-live-migration-limits.adoc b/modules/virt-configuring-live-migration-limits.adoc
index 1db5743d12bf..3957f35fb418 100644
--- a/modules/virt-configuring-live-migration-limits.adoc
+++ b/modules/virt-configuring-live-migration-limits.adoc
@@ -1,9 +1,9 @@
 
 // Module included in the following assemblies:
 //
-// * virt/live_migration/virt-live-migration-limits.adoc
+// * virt/live_migration/virt-configuring-live-migration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-live-migration-limits_{context}"]
 = Configuring live migration limits and timeouts
 
@@ -12,32 +12,36 @@ Configure live migration limits and timeouts for the cluster by updating the `Hy
 
 .Procedure
 
-* Edit the `HyperConverged` CR and add the necessary live migration parameters.
+* Edit the `HyperConverged` CR and add the necessary live migration parameters:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 +
 .Example configuration file
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
-  liveMigrationConfig: <1>
-    bandwidthPerMigration: 64Mi
-    completionTimeoutPerGiB: 800
-    parallelMigrationsPerCluster: 5
-    parallelOutboundMigrationsPerNode: 2
-    progressTimeout: 150
+  liveMigrationConfig:
+    bandwidthPerMigration: 64Mi <1>
+    completionTimeoutPerGiB: 800 <2>
+    parallelMigrationsPerCluster: 5 <3>
+    parallelOutboundMigrationsPerNode: 2 <4>
+    progressTimeout: 150 <5>
 ----
-<1> In this example, the `spec.liveMigrationConfig` array contains the default values for each field.
-+
+<1> Bandwidth limit of each migration, where the value is the quantity of bytes per second. For example, a value of `2048Mi` means 2048 MiB/s. Default: `0`, which is unlimited.
+<2> The migration is canceled if it has not completed in this time, in seconds per GiB of memory. For example, a VM with 6GiB memory times out if it has not completed migration in 4800 seconds. If the `Migration Method` is `BlockMigration`, the size of the migrating disks is included in the calculation.
+<3> Number of migrations running in parallel in the cluster. Default: `5`.
+<4> Maximum number of outbound migrations per node. Default: `2`.
+<5> The migration is canceled if memory copy fails to make progress in this time, in seconds. Default: `150`.
+
 [NOTE]
 ====
 You can restore the default value for any `spec.liveMigrationConfig` field by deleting that key/value pair and saving the file. For example, delete `progressTimeout: <value>` to restore the default `progressTimeout: 150`.
-====
\ No newline at end of file
+====
diff --git a/modules/virt-configuring-masquerade-mode-cli.adoc b/modules/virt-configuring-masquerade-mode-cli.adoc
index 2f767f8484a9..09ef2e39b5ea 100644
--- a/modules/virt-configuring-masquerade-mode-cli.adoc
+++ b/modules/virt-configuring-masquerade-mode-cli.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc
+// * virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-masquerade-mode-cli_{context}"]
 = Configuring masquerade mode from the command line
 
@@ -16,7 +16,6 @@ editing your virtual machine configuration file.
 .Prerequisites
 
 * The virtual machine must be configured to use DHCP to acquire IPv4 addresses.
-The examples below are configured to use DHCP.
 
 .Procedure
 
@@ -25,18 +24,24 @@ The examples below are configured to use DHCP.
 
 [source,yaml]
 ----
+apiVersion: kubevirt.io/v1
 kind: VirtualMachine
+metadata:
+  name: example-vm
 spec:
-  domain:
-    devices:
-      interfaces:
-        - name: default
-          masquerade: {} <1>
-          ports: <2>
-            - port: 80
-  networks:
-  - name: default
-    pod: {}
+  template:
+    spec:
+      domain:
+        devices:
+          interfaces:
+            - name: default
+              masquerade: {} <1>
+              ports: <2>
+                - port: 80
+# ...
+      networks:
+      - name: default
+        pod: {}
 ----
 <1> Connect using masquerade mode.
 <2> Optional: List the ports that you want to expose from the virtual machine, each specified by the `port` field. The `port` value must be a number between 0 and 65536. When the `ports` array is not used, all ports in the valid range are open to incoming traffic. In this example, incoming traffic is allowed on port `80`.
diff --git a/modules/virt-configuring-masquerade-mode-dual-stack.adoc b/modules/virt-configuring-masquerade-mode-dual-stack.adoc
index 0887775735f5..bb90439feb39 100644
--- a/modules/virt-configuring-masquerade-mode-dual-stack.adoc
+++ b/modules/virt-configuring-masquerade-mode-dual-stack.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc
+// * virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-masquerade-mode-dual-stack_{context}"]
 = Configuring masquerade mode with dual-stack (IPv4 and IPv6)
 
@@ -26,12 +26,17 @@ apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
   name: example-vm-ipv6
-# ...
+spec:
+  template:
+    spec:
+      domain:
+        devices:
           interfaces:
             - name: default
               masquerade: {} <1>
               ports:
                 - port: 80 <2>
+# ...
       networks:
       - name: default
         pod: {}
diff --git a/modules/virt-configuring-node-exporter-service.adoc b/modules/virt-configuring-node-exporter-service.adoc
index 0e8911e5896f..0ce772b6174c 100644
--- a/modules/virt-configuring-node-exporter-service.adoc
+++ b/modules/virt-configuring-node-exporter-service.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-node-exporter-service_{context}"]
 = Configuring the node exporter service
 
diff --git a/modules/virt-configuring-obsolete-cpu-models.adoc b/modules/virt-configuring-obsolete-cpu-models.adoc
index 69643731c583..afff64a24283 100644
--- a/modules/virt-configuring-obsolete-cpu-models.adoc
+++ b/modules/virt-configuring-obsolete-cpu-models.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc
+// * virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-obsolete-cpu-models_{context}"]
 = Configuring obsolete CPU models
 
@@ -12,13 +12,13 @@ You can configure a list of obsolete CPU models by editing the `HyperConverged`
 
 * Edit the `HyperConverged` custom resource, specifying the obsolete CPU models in the `obsoleteCPUs` array. For example:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   obsoleteCPUs:
     cpuModels: <1>
diff --git a/modules/virt-configuring-pod-log-verbosity.adoc b/modules/virt-configuring-pod-log-verbosity.adoc
index edf8ebc31896..39d9a863c7f8 100644
--- a/modules/virt-configuring-pod-log-verbosity.adoc
+++ b/modules/virt-configuring-pod-log-verbosity.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-pod-log-verbosity_{context}"]
 = Configuring {VirtProductName} pod log verbosity
 
@@ -12,9 +12,9 @@ You can configure the verbosity level of {VirtProductName} pod logs by editing t
 
 . To set log verbosity for specific components, open the `HyperConverged` CR in your default text editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Set the log level for one or more components by editing the `spec.logVerbosityConfig` stanza. For example:
diff --git a/modules/virt-configuring-rate-limiters.adoc b/modules/virt-configuring-rate-limiters.adoc
new file mode 100644
index 000000000000..8874115a0e3c
--- /dev/null
+++ b/modules/virt-configuring-rate-limiters.adoc
@@ -0,0 +1,14 @@
+
+// Module included in the following assemblies:
+//
+// * virt/advanced_vm_management/virt-vm-control-plane-tuning.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-rate-limiters_{context}"]
+= Configuring rate limiters
+
+To compensate for large-scale burst rates, scale the `QPS` (Queries per Second) and `burst` rate limits to process a higher rate of client requests or API calls concurrently for each component.
+
+.Procedure
+
+* Apply a `jsonpatch` annotation to adjust the `kubevirt-hyperconverged` cluster configuration by using `tuningPolicy` to apply scalable tuning parameters. This tuning policy automatically adjusts all virtualization components (`webhook`, `api`, `controller`, `handler`) to match the `QPS` and `burst` values specified by the profile.
\ No newline at end of file
diff --git a/modules/virt-configuring-runstrategy-vm.adoc b/modules/virt-configuring-runstrategy-vm.adoc
new file mode 100644
index 000000000000..e56d84c4703d
--- /dev/null
+++ b/modules/virt-configuring-runstrategy-vm.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * virt/nodes/virt-node-maintenance.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-runstrategy-vm_{context}"]
+= Configuring a VM run strategy by using the command line
+
+You can configure a run strategy for a virtual machine (VM) by using the command line.
+
+[IMPORTANT]
+====
+The `spec.runStrategy` and `spec.running` keys are mutually exclusive. A VM configuration that contains values for both keys is invalid.
+====
+
+.Procedure
+
+* Edit the `VirtualMachine` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit vm <vm_name> -n <namespace>
+----
++
+.Example run strategy
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+spec:
+  runStrategy: Always
+# ...
+----
diff --git a/modules/virt-configuring-secondary-dns-server.adoc b/modules/virt-configuring-secondary-dns-server.adoc
index 9fb1e91a17c8..71bb6d433246 100644
--- a/modules/virt-configuring-secondary-dns-server.adoc
+++ b/modules/virt-configuring-secondary-dns-server.adoc
@@ -1,79 +1,92 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
+// * virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-secondary-dns-server_{context}"]
-= Configuring DNS server for secondary networks
+= Configuring a DNS server for secondary networks
 
-The Cluster Network Addons Operator (CNAO) deploys the Domain Name Server (DNS) server and monitoring components when you enable the `KubeSecondaryDNS` feature gate in the `HyperConverged` custom resource (CR).
+The Cluster Network Addons Operator (CNAO) deploys a Domain Name Server (DNS) server and monitoring components when you enable the `deployKubeSecondaryDNS` feature gate in the `HyperConverged` custom resource (CR).
 
 .Prerequisites
+
 * You installed the OpenShift CLI (`oc`).
-* You have access to an {product-title} cluster with `cluster-admin` permissions.
+* You configured a load balancer for the cluster.
+* You logged in to the cluster with `cluster-admin` permissions.
 
 .Procedure
-. Create a `LoadBalancer` service using MetalLB or any other load balancer to expose the DNS server outside the cluster. The service listens on port 53 and targets port 5353. For example:
+
+. Create a load balancer service to expose the DNS server outside the cluster by running the `oc expose` command according to the following example:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc expose -n openshift-cnv deployment/secondary-dns --name=dns-lb --type=LoadBalancer --port=53 --target-port=5353 --protocol='UDP'
+$ oc expose -n {CNVNamespace} deployment/secondary-dns --name=dns-lb \
+  --type=LoadBalancer --port=53 --target-port=5353 --protocol='UDP'
 ----
 
-. Retrieve the public IP address of the service by querying the `Service` object:
+. Retrieve the external IP address by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get service -n openshift-cnv
+$ oc get service -n {CNVNamespace}
 ----
 +
 .Example output
-[source,terminal]
+[source,text]
+----
+NAME       TYPE             CLUSTER-IP     EXTERNAL-IP      PORT(S)          AGE
+dns-lb     LoadBalancer     172.30.27.5    10.46.41.94      53:31829/TCP     5s
 ----
-NAME        TYPE            CLUSTER-IP     EXTERNAL-IP      PORT(S)          AGE
-dns-lb   LoadBalancer       172.30.27.5    10.46.41.94      53:31829/TCP     5s
+
+. Edit the `HyperConverged` CR in your default editor by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
-. Deploy the DNS server and monitoring components by editing the `HyperConverged` CR:
+. Enable the DNS server and monitoring components according to the following example:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
     featureGates:
-      deployKubeSecondaryDNS: true <1>
-    kubeSecondaryDNSNameServerIP: "10.46.41.94" <2>
+      deployKubeSecondaryDNS: true
+    kubeSecondaryDNSNameServerIP: "10.46.41.94" <1>
 # ...
 ----
-<1> Set the `KubeSecondaryDNS` feature gate to `true`.
-<2> Set the IP address of the service to the value retrieved in step 2.
+<1> Specify the external IP address exposed by the load balancer service.
 
-. Retrieve the FQDN of the {product-title} cluster by using the following command:
+. Save the file and exit the editor.
+
+. Retrieve the cluster FQDN by running the following command:
 +
 [source,terminal]
 ----
-$ oc get dnses.config.openshift.io cluster -o json | jq .spec.baseDomain
+ $ oc get dnses.config.openshift.io cluster -o jsonpath='{.spec.baseDomain}'
 ----
 +
 .Example output
-[source,terminal]
+[source,text]
 ----
 openshift.example.com
 ----
 
 . Point to the DNS server by using one of the following methods:
-** Add the `kubeSecondaryDNSNameServerIP` value to the `resolv.conf` file on your local machine.
+
+* Add the `kubeSecondaryDNSNameServerIP` value to the `resolv.conf` file on your local machine.
 +
 [NOTE]
 ====
-Editing the `resolv.conf` file overwrites any existing DNS settings.
+Editing the `resolv.conf` file overwrites existing DNS settings.
 ====
 
-** Add the `kubeSecondaryDNSNameServerIP` value and the cluster FQDN to the enterprise DNS server records. For example:
+* Add the `kubeSecondaryDNSNameServerIP` value and the cluster FQDN to the enterprise DNS server records. For example:
 +
 [source,terminal]
 ----
diff --git a/modules/virt-configuring-secondary-network-vm-live-migration.adoc b/modules/virt-configuring-secondary-network-vm-live-migration.adoc
index df41fa497455..18c9fc032c53 100644
--- a/modules/virt-configuring-secondary-network-vm-live-migration.adoc
+++ b/modules/virt-configuring-secondary-network-vm-live-migration.adoc
@@ -1,62 +1,61 @@
 // Module included in the following assemblies:
 //
-// * virt/live_migration/virt-migrating-vm-on-secondary-network.adoc
+// * virt/vm_networking/virt-dedicated-network-live-migration.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-secondary-network-vm-live-migration_{context}"]
-= Configuring a dedicated secondary network for virtual machine live migration
+= Configuring a dedicated secondary network for live migration
 
-To configure a dedicated secondary network for live migration, you must first create a bridge network attachment definition for the `openshift-cnv` namespace by using the CLI. Then, add the name of the `NetworkAttachmentDefinition` object to the `HyperConverged` custom resource (CR).
+To configure a dedicated secondary network for live migration, you must first create a bridge network attachment definition (NAD) by using the CLI. Then, you add the name of the `NetworkAttachmentDefinition` object to the `HyperConverged` custom resource (CR).
 
 .Prerequisites
 
 * You installed the OpenShift CLI (`oc`).
 * You logged in to the cluster as a user with the `cluster-admin` role.
-* The Multus Container Network Interface (CNI) plugin is installed on the cluster.
-* Every node on the cluster has at least two Network Interface Cards (NICs), and the NICs to be used for live migration are connected to the same VLAN.
-* The virtual machine (VM) is running with the `LiveMigrate` eviction strategy.
+* Each node has at least two Network Interface Cards (NICs).
+* The NICs for live migration are connected to the same VLAN.
 
 .Procedure
 
-. Create a `NetworkAttachmentDefinition` manifest.
+. Create a `NetworkAttachmentDefinition` manifest according to the following example:
 +
 .Example configuration file
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: "k8s.cni.cncf.io/v1"
 kind: NetworkAttachmentDefinition
 metadata:
   name: my-secondary-network <1>
-  namespace: openshift-cnv <2>
+  namespace: {CNVNamespace} <2>
 spec:
   config: '{
     "cniVersion": "0.3.1",
     "name": "migration-bridge",
     "type": "macvlan",
-    "master": "eth1", <3>
+    "master": "eth1", <2>
     "mode": "bridge",
     "ipam": {
-      "type": "whereabouts", <4>
-      "range": "10.200.5.0/24" <5>
+      "type": "whereabouts", <3>
+      "range": "10.200.5.0/24" <4>
     }
   }'
 ----
-<1> The name of the `NetworkAttachmentDefinition` object.
-<2> The namespace where the `NetworkAttachmentDefinition` object resides. This must be `openshift-cnv`.
-<3> The name of the NIC to be used for live migration.
-<4> The name of the CNI plugin that provides the network for this network attachment definition.
-<5> The IP address range for the secondary network. This range must not have any overlap with the IP addresses of the main network.
+<1> Specify the name of the `NetworkAttachmentDefinition` object.
+<2> Specify the name of the NIC to be used for live migration.
+<3> Specify the name of the CNI plugin that provides the network for the NAD.
+<4> Specify an IP address range for the secondary network. This range must not overlap the IP addresses of the main network.
 
 . Open the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
-. Add the name of the `NetworkAttachmentDefinition` object to the `spec.liveMigrationConfig` stanza of the `HyperConverged` CR. For example:
+. Add the name of the `NetworkAttachmentDefinition` object to the `spec.liveMigrationConfig` stanza of the `HyperConverged` CR:
 +
-.Example configuration file
+.Example `HyperConverged` manifest
 [source,yaml]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
@@ -66,14 +65,13 @@ metadata:
 spec:
   liveMigrationConfig:
     completionTimeoutPerGiB: 800
-    network: my-secondary-network  <1>
+    network: <network> <1>
     parallelMigrationsPerCluster: 5
     parallelOutboundMigrationsPerNode: 2
     progressTimeout: 150
 # ...
 ----
-<1> The name of the Multus `NetworkAttachmentDefinition` object to be used for live migrations.
-
+<1> Specify the name of the Multus `NetworkAttachmentDefinition` object to be used for live migrations.
 
 . Save your changes and exit the editor. The `virt-handler` pods restart and connect to the secondary network.
 
@@ -83,5 +81,5 @@ spec:
 +
 [source,terminal]
 ----
-oc get vmi <vmi_name> -o jsonpath='{.status.migrationState.targetNodeAddress}'
+$ oc get vmi <vmi_name> -o jsonpath='{.status.migrationState.targetNodeAddress}'
 ----
diff --git a/modules/virt-configuring-storage-class-bootsource-update.adoc b/modules/virt-configuring-storage-class-bootsource-update.adoc
index f66d21a37928..c56384a466c4 100644
--- a/modules/virt-configuring-storage-class-bootsource-update.adoc
+++ b/modules/virt-configuring-storage-class-bootsource-update.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assembly:
 //
-// * virt/vm_templates/virt-automatic-bootsource-updates.adoc
+// * virt/storage/virt-automatic-bootsource-updates.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-storage-class-bootsource-update_{context}"]
 = Configuring a storage class for custom boot source updates
 
@@ -18,9 +18,9 @@ Boot sources are created from storage using the default storage class. If your c
 
 . Open the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Define a new storage class by entering a value in the `storageClassName` field:
@@ -43,12 +43,12 @@ spec:
 ----
 <1> Define the storage class.
 
-. Remove the `storageclass.kubernetes.io/is-default-class` annotation from the current default storage class. 
+. Remove the `storageclass.kubernetes.io/is-default-class` annotation from the current default storage class.
 .. Retrieve the name of the current default storage class by running the following command:
 +
 [source,terminal]
 ----
-$ oc get sc
+$ oc get storageclass
 ----
 +
 .Example output
diff --git a/modules/virt-configuring-vm-disk-sharing.adoc b/modules/virt-configuring-vm-disk-sharing.adoc
new file mode 100644
index 000000000000..94e969d852ec
--- /dev/null
+++ b/modules/virt-configuring-vm-disk-sharing.adoc
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virtual_disks/virt-configuring-shared-volumes-for-vms.adoc
+
+:_content-type: PROCEDURE
+[id="virt-configuring-vm-disk-sharing{context}"]
+= Configuring disk sharing by using virtual machine disks
+
+You can configure block volumes so that multiple virtual machines (VMs) can share storage.
+
+The application running on the guest operating system determines the storage option you must configure for the VM. A disk of type `disk` exposes the volume as an ordinary disk to the VM.
+
+.Prerequisites
+
+* The volume access mode must be `ReadWriteMany` (RWX) if the VMs that are sharing disks are running on different nodes.
++
+If the VMs that are sharing disks are running on the same node, `ReadWriteOnce` (RWO) volume access mode is sufficient.
+
+* The storage provider must support the required Container Storage Interface (CSI) driver.
+
+.Procedure
+
+. Create the `VirtualMachine` manifest for your VM to set the required values, as shown in the following example:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: <vm_name>
+spec:
+  template:
+# ...
+    spec:
+      domain:
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: rootdisk
+            disk1: disk_one <1>
+          - disk:
+              bus: virtio
+            name: cloudinitdisk
+            disk2: disk_two
+            shareable: true <2>
+          interfaces:
+          - masquerade: {}
+            name: default
+----
+<1> Identifies a device as a disk.
+<2> Identifies a shared disk.
+
+. Save the `VirtualMachine` manifest file to apply your changes.
\ No newline at end of file
diff --git a/modules/virt-configuring-vm-dpdk.adoc b/modules/virt-configuring-vm-dpdk.adoc
index 2fc1ded64549..dc2ddec7a32e 100644
--- a/modules/virt-configuring-vm-dpdk.adoc
+++ b/modules/virt-configuring-vm-dpdk.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-vm-dpdk_{context}"]
 = Configuring a virtual machine for DPDK workloads
 
@@ -31,12 +31,10 @@ spec:
         cpu-quota.crio.io: disable <2>
         irq-load-balancing.crio.io: disable <3>
     spec:
-      nodeSelector:
-        node-role.kubernetes.io/worker-dpdk: "" <4>
       domain:
         cpu:
-          sockets: 1 <5>
-          cores: 5 <6>
+          sockets: 1 <4>
+          cores: 5 <5>
           threads: 2
           dedicatedCpuPlacement: true
           isolateEmulatorThread: true
@@ -51,26 +49,23 @@ spec:
           rng: {}
       memory:
         hugepages:
-          pageSize: 1Gi <7>
-      resources:
-        requests:
-          memory: 8Gi
+          pageSize: 1Gi <6>
+          guest: 8Gi
       networks:
         - name: default
           pod: {}
         - multus:
-            networkName: dpdk-net <8>
+            networkName: dpdk-net <7>
           name: nic-east
 # ...
 ----
 <1> This annotation specifies that load balancing is disabled for CPUs that are used by the container.
 <2> This annotation specifies that the CPU quota is disabled for CPUs that are used by the container.
 <3> This annotation specifies that Interrupt Request (IRQ) load balancing is disabled for CPUs that are used by the container.
-<4> The label that is used in the `MachineConfigPool` and `PerformanceProfile` manifests that were created when configuring the cluster for DPDK workloads.
-<5> The number of sockets inside the VM. This field must be set to `1` for the CPUs to be scheduled from the same Non-Uniform Memory Access (NUMA) node.
-<6> The number of cores inside the VM. This must be a value greater than or equal to `1`. In this example, the VM is scheduled with 5 hyper-threads or 10 CPUs.
-<7> The size of the huge pages. The possible values for x86-64 architecture are 1Gi and 2Mi. In this example, the request is for 8 huge pages of size 1Gi. 
-<8> The name of the SR-IOV `NetworkAttachmentDefinition` object.
+<4> The number of sockets inside the VM. This field must be set to `1` for the CPUs to be scheduled from the same Non-Uniform Memory Access (NUMA) node.
+<5> The number of cores inside the VM. This must be a value greater than or equal to `1`. In this example, the VM is scheduled with 5 hyper-threads or 10 CPUs.
+<6> The size of the huge pages. The possible values for x86-64 architecture are 1Gi and 2Mi. In this example, the request is for 8 huge pages of size 1Gi.
+<7> The name of the SR-IOV `NetworkAttachmentDefinition` object.
 
 . Save and exit the editor.
 . Apply the `VirtualMachine` manifest:
@@ -81,11 +76,11 @@ $ oc apply -f <file_name>.yaml
 ----
 
 . Configure the guest operating system. The following example shows the configuration steps for {op-system-base} 8 OS:
-.. Configure isolated VM CPUs and specify huge pages by using the GRUB bootloader command-line interface. In the following example, 8 1G huge pages are specified. The first two CPUs (0 and 1) are set aside for house keeping tasks and the rest are isolated for the DPDK application.
+.. Configure huge pages by using the GRUB bootloader command-line interface. In the following example, 8 1G huge pages are specified.
 +
 [source,terminal]
 ----
-$ grubby --update-kernel=ALL --args="default_hugepagesz=1GB hugepagesz=1G hugepages=8 isolcpus=2-9"
+$ grubby --update-kernel=ALL --args="default_hugepagesz=1GB hugepagesz=1G hugepages=8"
 ----
 
 .. To achieve low-latency tuning by using the `cpu-partitioning` profile in the TuneD application, run the following commands:
@@ -99,6 +94,7 @@ $ dnf install -y tuned-profiles-cpu-partitioning
 ----
 $ echo isolated_cores=2-9 > /etc/tuned/cpu-partitioning-variables.conf
 ----
+The first two CPUs (0 and 1) are set aside for house keeping tasks and the rest are isolated for the DPDK application.
 +
 [source,terminal]
 ----
diff --git a/modules/virt-configuring-vm-eviction-strategy-cli.adoc b/modules/virt-configuring-vm-eviction-strategy-cli.adoc
new file mode 100644
index 000000000000..42cd2ae7bbed
--- /dev/null
+++ b/modules/virt-configuring-vm-eviction-strategy-cli.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * virt/live_migration/virt-configuring-live-migration.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-configuring-vm-eviction-strategy-cli_{context}"]
+= Configuring a VM eviction strategy using the command line
+
+You can configure an eviction strategy for a virtual machine (VM) by using the command line.
+
+[IMPORTANT]
+====
+The default eviction strategy is `LiveMigrate`. A non-migratable VM with a `LiveMigrate` eviction strategy might prevent nodes from draining or block an infrastructure upgrade because the VM is not evicted from the node. This situation causes a migration to remain in a `Pending` or `Scheduling` state unless you shut down the VM manually.
+
+You must set the eviction strategy of non-migratable VMs to `LiveMigrateIfPossible`, which does not block an upgrade, or to `None`, for VMs that should not be migrated.
+====
+
+.Procedure
+
+. Edit the `VirtualMachine` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit vm <vm_name> -n <namespace>
+----
++
+.Example eviction strategy
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: <vm_name>
+spec:
+  template:
+    spec:
+      evictionStrategy: LiveMigrateIfPossible <1>
+# ...
+----
+<1> Specify the eviction strategy. The default value is `LiveMigrate`.
+
+. Restart the VM to apply the changes:
++
+[source,terminal]
+----
+$ virtctl restart <vm_name> -n <namespace>
+----
diff --git a/modules/virt-configuring-vm-live-migration-cli.adoc b/modules/virt-configuring-vm-live-migration-cli.adoc
deleted file mode 100644
index 6918043cff01..000000000000
--- a/modules/virt-configuring-vm-live-migration-cli.adoc
+++ /dev/null
@@ -1,45 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc
-
-:_content-type: PROCEDURE
-[id="virt-configuring-vm-live-migration-cli_{context}"]
-= Configuring custom virtual machines with the LiveMigration eviction strategy
-
-You only need to configure the `LiveMigration` eviction strategy on custom
-virtual machines. Common templates have this eviction strategy
-configured by default.
-
-.Procedure
-
-. Add the `evictionStrategy: LiveMigrate` option to the `spec.template.spec` section in the
-virtual machine configuration file. This example uses `oc edit` to update
-the relevant snippet of the `VirtualMachine` configuration file:
-+
-
-[source,terminal]
-----
-$ oc edit vm <custom-vm> -n <my-namespace>
-----
-+
-
-[source,yaml]
-----
-apiVersion: kubevirt.io/v1
-kind: VirtualMachine
-metadata:
-  name: custom-vm
-spec:
-  template:
-    spec:
-      evictionStrategy: LiveMigrate
-# ...
-----
-
-. Restart the virtual machine for the update to take effect:
-+
-
-[source,terminal]
-----
-$ virtctl restart <custom-vm> -n <my-namespace>
-----
diff --git a/modules/virt-configuring-vm-project-dpdk.adoc b/modules/virt-configuring-vm-project-dpdk.adoc
index 391a592f3195..497f88afafec 100644
--- a/modules/virt-configuring-vm-project-dpdk.adoc
+++ b/modules/virt-configuring-vm-project-dpdk.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+// * virt/vm_networking/virt-connecting-vm-to-sriov.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-vm-project-dpdk_{context}"]
 = Configuring a project for DPDK workloads
 
-You can configure the project to run DPDK workloads on SR-IOV hardware. 
+You can configure the project to run DPDK workloads on SR-IOV hardware.
 
 .Prerequisites
 * Your cluster is configured to run DPDK workloads.
diff --git a/modules/virt-configuring-vm-with-node-exporter-service.adoc b/modules/virt-configuring-vm-with-node-exporter-service.adoc
index 6f0a3b952822..c722c7f74c43 100644
--- a/modules/virt-configuring-vm-with-node-exporter-service.adoc
+++ b/modules/virt-configuring-vm-with-node-exporter-service.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-vm-with-node-exporter-service_{context}"]
 = Configuring a virtual machine with the node exporter service
 
diff --git a/modules/virt-configuring-workload-update-methods.adoc b/modules/virt-configuring-workload-update-methods.adoc
index 05de946bc1e2..07c322cc9489 100644
--- a/modules/virt-configuring-workload-update-methods.adoc
+++ b/modules/virt-configuring-workload-update-methods.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-configuring-workload-update-methods_{context}"]
 = Configuring workload update methods
 
@@ -21,9 +21,9 @@ If a `VirtualMachineInstance` CR contains `evictionStrategy: LiveMigrate` and th
 
 . To open the `HyperConverged` CR in your default editor, run the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Edit the `workloadUpdateStrategy` stanza of the `HyperConverged` CR. For example:
@@ -46,7 +46,7 @@ spec:
 <1> The methods that can be used to perform automated workload updates. The available values are `LiveMigrate` and `Evict`. If you enable both options as shown in this example, updates use `LiveMigrate` for VMIs that support live migration and `Evict` for any VMIs that do not support live migration. To disable automatic workload updates, you can either remove the `workloadUpdateStrategy` stanza or set `workloadUpdateMethods: []` to leave the array empty.
 //NOTE: in 4.10, removing the stanza will not disable the feature.
 <2> The least disruptive update method. VMIs that support live migration are updated by migrating the virtual machine (VM) guest into a new pod with the updated components enabled. If `LiveMigrate` is the only workload update method listed, VMIs that do not support live migration are not disrupted or updated.
-<3> A disruptive method that shuts down VMI pods during upgrade. `Evict` is the only update method available if live migration is not enabled in the cluster. If a VMI is controlled by a `VirtualMachine` object that has `runStrategy: always` configured, a new VMI is created in a new pod with updated components.
+<3> A disruptive method that shuts down VMI pods during upgrade. `Evict` is the only update method available if live migration is not enabled in the cluster. If a VMI is controlled by a `VirtualMachine` object that has `runStrategy: Always` configured, a new VMI is created in a new pod with updated components.
 <4> The number of VMIs that can be forced to be updated at a time by using the `Evict` method. This does not apply to the `LiveMigrate` method.
 <5> The interval to wait before evicting the next batch of workloads. This does not apply to the `LiveMigrate` method.
 +
diff --git a/modules/virt-confirming-policy-updates-on-nodes.adoc b/modules/virt-confirming-policy-updates-on-nodes.adoc
index bb7809a63848..d3fc745b1877 100644
--- a/modules/virt-confirming-policy-updates-on-nodes.adoc
+++ b/modules/virt-confirming-policy-updates-on-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-confirming-policy-updates-on-nodes_{context}"]
 = Confirming node network policy updates on nodes
 
diff --git a/modules/virt-connecting-secondary-network-ssh.adoc b/modules/virt-connecting-secondary-network-ssh.adoc
new file mode 100644
index 000000000000..66536ba9a784
--- /dev/null
+++ b/modules/virt-connecting-secondary-network-ssh.adoc
@@ -0,0 +1,50 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-connecting-secondary-network-ssh_{context}"]
+= Connecting to a VM attached to a secondary network by using SSH
+
+You can connect to a virtual machine (VM) attached to a secondary network by using SSH.
+
+.Prerequisites
+
+* You attached a VM to a secondary network with a DHCP server.
+* You have an SSH client installed.
+
+.Procedure
+
+. Obtain the IP address of the VM by running the following command:
++
+[source,terminal]
+----
+$ oc describe vm <vm_name>
+----
++
+.Example output
+----
+# ...
+Interfaces:
+  Interface Name:  eth0
+  Ip Address:      10.244.0.37/24
+  Ip Addresses:
+    10.244.0.37/24
+    fe80::858:aff:fef4:25/64
+  Mac:             0a:58:0a:f4:00:25
+  Name:            default
+# ...
+----
+
+. Connect to the VM by running the following command:
++
+[source,terminal]
+----
+$ ssh <user_name>@<ip_address> -i <ssh_key>
+----
++
+.Example
+[source,terminal]
+----
+$ ssh cloud-user@10.244.0.37 -i ~/.ssh/id_rsa_cloud-user
+----
\ No newline at end of file
diff --git a/modules/virt-connecting-service-ssh.adoc b/modules/virt-connecting-service-ssh.adoc
new file mode 100644
index 000000000000..c1d59b233c98
--- /dev/null
+++ b/modules/virt-connecting-service-ssh.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+// * virt/vm_networking/virt-creating-service-vm.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-connecting-service-ssh_{context}"]
+= Connecting to a VM exposed by a service by using SSH
+
+You can connect to a virtual machine (VM) that is exposed by a service by using SSH.
+
+.Prerequisites
+
+* You created a service to expose the VM.
+* You have an SSH client installed.
+* You are logged in to the cluster.
+
+.Procedure
+
+* Run the following command to access the VM:
++
+[source,terminal]
+----
+$ ssh <user_name>@<ip_address> -p <port> <1>
+----
+<1> Specify the cluster IP for a cluster IP service, the node IP for a node port service, or the external IP address for a load balancer service.
diff --git a/modules/virt-connecting-to-vm-console-web.adoc b/modules/virt-connecting-to-vm-console-web.adoc
new file mode 100644
index 000000000000..3226321495a1
--- /dev/null
+++ b/modules/virt-connecting-to-vm-console-web.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
+
+ifeval::["{context}" == "vnc-console"]
+:vnc-console:
+:console: VNC console
+:console-menu: VNC console
+endif::[]
+ifeval::["{context}" == "serial-console"]
+:serial-console:
+:console: serial console
+:console-menu: Serial console
+endif::[]
+ifeval::["{context}" == "desktop-viewer"]
+:desktop-viewer:
+:console: desktop viewer
+:console-menu: Desktop viewer
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-connecting-to-vm-console-web_{context}"]
+= Connecting to the {console} by using the web console
+
+ifdef::vnc-console,serial-console[]
+You can connect to the {console} of a virtual machine (VM) by using the {product-title} web console.
+endif::[]
+ifdef::desktop-viewer[]
+You can connect to the {console} of a Windows virtual machine (VM) by using the {product-title} web console.
+endif::[]
+
+ifdef::vnc-console[]
+[NOTE]
+====
+If you connect to a Windows VM with a vGPU assigned as a mediated device, you can switch between the default display and the vGPU display.
+====
+endif::[]
+
+ifdef::desktop-viewer[]
+.Prerequisites
+
+* You installed the QEMU guest agent on the Windows VM.
+* You have an RDP client installed.
+endif::[]
+
+.Procedure
+
+. On the *Virtualization* -> *VirtualMachines* page, click a VM to open the *VirtualMachine details* page.
+. Click the *Console* tab. The VNC console session starts automatically.
+ifdef::desktop-viewer,serial-console[]
+. Click *Disconnect* to end the VNC console session. Otherwise, the VNC console session continues to run in the background.
+. Select *{console-menu}* from the console list.
+endif::[]
+ifdef::desktop-viewer[]
+. Click *Create RDP Service* to open the *RDP Service* dialog.
+. Select *Expose RDP Service* and click *Save* to create a node port service.
+. Click *Launch Remote Desktop* to download an `.rdp` file and launch the {console}.
+endif::[]
+ifdef::vnc-console[]
+. Optional: To switch to the vGPU display of a Windows VM, select *Ctl + Alt + 2* from the *Send key* list.
++
+* Select *Ctl + Alt + 1* from the *Send key* list to restore the default display.
+endif::[]
+ifdef::vnc-console,serial-console[]
+. To end the console session, click outside the console pane and then click *Disconnect*.
+endif::[]
+
+ifeval::["{context}" == "vnc-console"]
+:console!:
+:console-menu!:
+endif::[]
+ifeval::["{context}" == "serial-console"]
+:console!:
+:console-menu!:
+endif::[]
+ifeval::["{context}" == "desktop-viewer"]
+:console!:
+:console-menu!:
+endif::[]
diff --git a/modules/virt-connecting-vm-secondarynw-using-fqdn.adoc b/modules/virt-connecting-vm-secondarynw-using-fqdn.adoc
index f29770ea312a..a7d590fcc3e4 100644
--- a/modules/virt-connecting-vm-secondarynw-using-fqdn.adoc
+++ b/modules/virt-connecting-vm-secondarynw-using-fqdn.adoc
@@ -1,21 +1,23 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
+// * virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-connecting-vm-secondarynw-fqdn_{context}"]
-= Connecting to a virtual machine on a secondary network by using the cluster FQDN
+= Connecting to a VM on a secondary network by using the cluster FQDN
 
-You can access a virtual machine (VM) that is attached to a secondary network interface from outside the cluster by using the fully qualified domain name (FQDN) of the cluster.
+You can access a running virtual machine (VM) attached to a secondary network interface by using the fully qualified domain name (FQDN) of the cluster.
 
 .Prerequisites
-* The QEMU guest agent must be running on the virtual machine.
-* The IP address of the VM that you want to connect to, by using a DNS client, must be public.
-* You have configured the DNS server for secondary networks.
-* You have retrieved the fully qualified domain name (FQDN) of the cluster.
+
+* You installed the QEMU guest agent on the VM.
+* The IP address of the VM is public.
+* You configured the DNS server for secondary networks.
+* You retrieved the fully qualified domain name (FQDN) of the cluster.
 
 .Procedure
-. Retrieve the VM configuration by using the following command:
+
+. Retrieve the network interface name from the VM configuration by running the following command:
 +
 [source,terminal]
 ----
@@ -28,20 +30,14 @@ $ oc get vm -n <namespace> <vm_name> -o yaml
 apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
-  labels:
-    kubevirt.io/vm: example-vm
   name: example-vm
   namespace: example-namespace
 spec:
   running: true
   template:
-    metadata:
-      labels:
-        kubevirt.io/vm: example-vm
     spec:
       domain:
         devices:
-# ...
           interfaces:
             - bridge: {}
               name: example-nic
@@ -50,20 +46,13 @@ spec:
       - multus:
           networkName: bridge-conf
         name: example-nic <1>
-# ...
 ----
-<1> Specify the name of the secondary network interface.
+<1> Note the name of the network interface.
 
 . Connect to the VM by using the `ssh` command:
 +
 [source,terminal]
 ----
-$ ssh <user_name>@<interface_name>.<vm_name>.<namespace>.vm.<FQDN> <1>
-----
-<1> Specify the user name, interface name, VM name, VM namespace, and FQDN.
-+
-.Example
-[source,terminal]
-----
-$ ssh you@example-nic.example-vm.example-namespace.vm.openshift.example.com
+$ ssh <user_name>@<interface_name>.<vm_name>.<namespace>.vm.<cluster_fqdn>
 ----
+
diff --git a/modules/virt-connecting-vm-virtctl.adoc b/modules/virt-connecting-vm-virtctl.adoc
new file mode 100644
index 000000000000..9cfdb7d957eb
--- /dev/null
+++ b/modules/virt-connecting-vm-virtctl.adoc
@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
+
+ifeval::["{context}" == "vnc-console"]
+:vnc-console:
+:console: VNC console
+endif::[]
+ifeval::["{context}" == "serial-console"]
+:serial-console:
+:console: serial console
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-connecting-vm-virtctl_{context}"]
+= Connecting to the {console} by using virtctl
+
+You can use the `virtctl` command line tool to connect to the {console} of a running virtual machine.
+
+ifdef::vnc-console[]
+[NOTE]
+====
+If you run the `virtctl vnc` command on a remote machine over an SSH connection, you must forward the X session to your local machine by running the `ssh` command with the `-X` or `-Y` flags.
+====
+
+.Prerequisites
+
+* You must install the `virt-viewer` package.
+endif::[]
+
+.Procedure
+
+. Run the following command to start the console session:
++
+ifdef::serial-console[]
+[source,terminal]
+----
+$ virtctl console <vm_name>
+----
+
+. Press `Ctrl+]` to end the console session.
+endif::[]
+ifdef::vnc-console[]
+[source,terminal]
+----
+$ virtctl vnc <vm_name>
+----
+
+. If the connection fails, run the following command to collect
+troubleshooting information:
++
+[source,terminal]
+----
+$ virtctl vnc <vm_name> -v 4
+----
+endif::[]
+
+ifeval::["{context}" == "vnc-console"]
+:!console:
+endif::[]
+ifeval::["{context}" == "serial-console"]
+:!console:
+endif::[]
\ No newline at end of file
diff --git a/modules/virt-connecting-vnc-console.adoc b/modules/virt-connecting-vnc-console.adoc
index 742970ed02b5..5ce14d75a067 100644
--- a/modules/virt-connecting-vnc-console.adoc
+++ b/modules/virt-connecting-vnc-console.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-accessing-vm-consoles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-connecting-vnc-console_{context}"]
 = Connecting to the VNC console
 
diff --git a/modules/virt-copying-the-ssh-command.adoc b/modules/virt-copying-the-ssh-command.adoc
deleted file mode 100644
index 9072ac249415..000000000000
--- a/modules/virt-copying-the-ssh-command.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
-
-:_content-type: PROCEDURE
-[id="virt-copying-the-ssh-command_{context}"]
-= Copying the SSH command using the web console
-
-Copy the command to connect to a virtual machine (VM) terminal via SSH.
-
-
-.Procedure
-
-. In the {product-title} console, click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Click the *Options* menu {kebab} for your virtual machine and select *Copy SSH command*.
-
-. Paste it in the terminal to access the VM.
diff --git a/modules/virt-create-node-network-config-console.adoc b/modules/virt-create-node-network-config-console.adoc
new file mode 100644
index 000000000000..081a3478eb1d
--- /dev/null
+++ b/modules/virt-create-node-network-config-console.adoc
@@ -0,0 +1,60 @@
+:_mod-docs-content-type: PROCEDURE
+[id="virt-create-node-network-config-console_{context}"]
+= Creating a policy
+
+You can create a policy by using either a form or YAML in the web console.
+
+.Procedure
+. Navigate to *Networking* → *NodeNetworkConfigurationPolicy*.
+
+. In the *NodeNetworkConfigurationPolicy* page, click *Create*, and select *From Form* option.
++
+In case there are no existing policies, you can alternatively click *Create NodeNetworkConfigurationPolicy* to createa policy using form.
++
+[NOTE]
+====
+To create policy using YAML, click *Create*, and select *With YAML* option. The following steps are applicable to create a policy only by using form.
+====
+
+. Optional: Check the *Apply this NodeNetworkConfigurationPolicy only to specific subsets of nodes using the node selector* checkbox to specify the nodes where the policy must be applied.
+
+. Enter the policy name in the *Policy name* field.
+
+. Optional: Enter the description of the policy in the *Description* field.
+
+. Optional: In the *Policy Interface(s)* section, a bridge interface is added by default with preset values in editable fields. Edit the values by executing the following steps:
+
+.. Enter the name of the interface in *Interface name* field.
+
+.. Select the network state from *Network state* dropdown. The default selected value is *Up*.
+
+.. Select the type of interface from *Type* dropdown. The available values are *Bridge*, *Bonding*, and *Ethernet*. The default selected value is *Bridge*.
++
+[NOTE]
+====
+Addition of a VLAN interface by using the form is not supported. To add a VLAN interface, you must use YAML to create the policy. Once added, you cannot edit the policy by using form.
+====
+
+.. Optional: In the IP configuration section, check *IPv4* checkbox to assign an IPv4 address to the interface, and configure the IP address assignment details:
+
+... Click *IP address* to configure the interface with a static IP address, or *DHCP* to auto-assign an IP address.
+
+... If you have selected *IP address* option, enter the IPv4 address in *IPV4 address* field, and enter the prefix length in *Prefix length* field.
++
+If you have selected *DHCP* option, uncheck the options that you want to disable. The available options are *Auto-DNS*, *Auto-routes*, and *Auto-gateway*. All the options are selected by default.
+
+.. Optional: Enter the port number in *Port* field.
+
+.. Optional: Check the checkbox *Enable STP* to enable STP.
+
+.. Optional: To add an interface to the policy, click *Add another interface to the policy*.
+
+.. Optional: To remove an interface from the policy, click image:fa-minus-circle.svg[minus] icon next to the interface.
+
++
+[NOTE]
+====
+Alternatively, you can click *Edit YAML* on the top of the page to continue editing the form using YAML.
+====
+
+. Click *Create* to complete policy creation.
\ No newline at end of file
diff --git a/modules/virt-creating-a-service-from-a-virtual-machine.adoc b/modules/virt-creating-a-service-from-a-virtual-machine.adoc
deleted file mode 100644
index 86c21a50e81a..000000000000
--- a/modules/virt-creating-a-service-from-a-virtual-machine.adoc
+++ /dev/null
@@ -1,122 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-a-service-from-a-virtual-machine_{context}"]
-
-= Exposing a virtual machine as a service
-
-Create a `ClusterIP`, `NodePort`, or `LoadBalancer` service to connect to a running virtual machine (VM) from within or outside the cluster.
-
-.Procedure
-
-. Edit the `VirtualMachine` manifest to add the label for service creation:
-+
-[source,yaml]
-----
-apiVersion: kubevirt.io/v1
-kind: VirtualMachine
-metadata:
-  name: vm-ephemeral
-  namespace: example-namespace
-spec:
-  running: false
-  template:
-    metadata:
-      labels:
-        special: key <1>
-# ...
-----
-<1> Add the label `special: key` in the `spec.template.metadata.labels` section.
-+
-
-[NOTE]
-====
-Labels on a virtual machine are passed through to the pod. The `special: key` label must match the label in the `spec.selector` attribute of the `Service` manifest.
-====
-
-. Save the `VirtualMachine` manifest file to apply your changes.
-
-. Create a `Service` manifest to expose the VM:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Service
-metadata:
-  name: vmservice <1>
-  namespace: example-namespace <2>
-spec:
-  externalTrafficPolicy: Cluster <3>
-  ports:
-  - nodePort: 30000 <4>
-    port: 27017
-    protocol: TCP
-    targetPort: 22 <5>
-  selector:
-    special: key <6>
-  type: NodePort <7>
-----
-<1> The name of the `Service` object.
-<2> The namespace where the `Service` object resides. This must match the `metadata.namespace` field of the `VirtualMachine` manifest.
-<3> Optional: Specifies how the nodes distribute service traffic that is received on external IP addresses. This only applies to `NodePort` and `LoadBalancer` service types. The default value is `Cluster` which routes traffic evenly to all cluster endpoints.
-<4> Optional: When set, the `nodePort` value must be unique across all services. If not specified, a value in the range above `30000` is dynamically allocated.
-<5> Optional: The VM port to be exposed by the service. It must reference an open port if a port list is defined in the VM manifest. If `targetPort` is not specified, it takes the same value as `port`.
-<6> The reference to the label that you added in the `spec.template.metadata.labels` stanza of the `VirtualMachine` manifest.
-<7> The type of service.  Possible values are `ClusterIP`, `NodePort` and `LoadBalancer`.
-
-. Save the `Service` manifest file.
-. Create the service by running the following command:
-+
-[source,terminal]
-----
-$ oc create -f <service_name>.yaml
-----
-
-. Start the VM. If the VM is already running, restart it.
-
-.Verification
-. Query the `Service` object to verify that it is available:
-+
-[source,terminal]
-----
-$ oc get service -n example-namespace
-----
-+
-.Example output for `ClusterIP` service
-[source,terminal]
-----
-NAME        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)     AGE
-vmservice   ClusterIP   172.30.3.149   <none>        27017/TCP   2m
-----
-+
-.Example output for `NodePort` service
-[source,terminal]
-----
-NAME        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)            AGE
-vmservice   NodePort    172.30.232.73   <none>       27017:30000/TCP    5m
-----
-+
-.Example output for `LoadBalancer` service
-[source,terminal]
-----
-NAME        TYPE            CLUSTER-IP     EXTERNAL-IP                    PORT(S)           AGE
-vmservice   LoadBalancer    172.30.27.5   172.29.10.235,172.29.10.235     27017:31829/TCP   5s
-----
-
-. Choose the appropriate method to connect to the virtual machine:
-+
-* For a `ClusterIP` service, connect to the VM from within the cluster by using the service IP address and the service port. For example:
-+
-[source,terminal]
-----
-$ ssh fedora@172.30.3.149 -p 27017
-----
-* For a `NodePort` service, connect to the VM by specifying the node IP address and the node port outside the cluster network. For example:
-+
-[source,terminal]
-----
-$ ssh fedora@$NODE_IP -p 30000
-----
-* For a `LoadBalancer` service, use the `vinagre` client to connect to your virtual machine by using the public IP address and port. External ports are dynamically allocated.
diff --git a/modules/virt-creating-a-vm-from-a-template-with-an-attached-boot-source.adoc b/modules/virt-creating-a-vm-from-a-template-with-an-attached-boot-source.adoc
deleted file mode 100644
index ef47e8e7bac0..000000000000
--- a/modules/virt-creating-a-vm-from-a-template-with-an-attached-boot-source.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-creating-and-using-boot-sources.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-a-vm-from-a-template-with-an-attached-boot-source_{context}"]
-= Creating a virtual machine from a template with an attached boot source
-
-After you add a boot source to a template, you can create a virtual machine from the template.
-
-.Procedure
-
-. In the {product-title} web console, click *Virtualization* -> *Catalog* in the side menu.
-. Select the updated template and click *Quick create VirtualMachine*.
-
-The *VirtualMachine details* is displayed with the status *Starting*.
diff --git a/modules/virt-creating-an-upload-dv.adoc b/modules/virt-creating-an-upload-dv.adoc
index e37eb8d831f6..fd6c769df28e 100644
--- a/modules/virt-creating-an-upload-dv.adoc
+++ b/modules/virt-creating-an-upload-dv.adoc
@@ -2,42 +2,36 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-an-upload-dv_{context}"]
 = Creating an upload data volume
 
-You can manually create a data volume with an `upload` data source to use for uploading
-local disk images.
+You can manually create a data volume with an `upload` data source to upload local disk images.
 
 .Procedure
 
-. Create a data volume configuration that specifies `spec: source: upload{}`:
+. Create a data volume configuration that specifies `upload` in the `spec.source` stanza:
 +
-
 [source,yaml]
 ----
 apiVersion: cdi.kubevirt.io/v1beta1
 kind: DataVolume
 metadata:
-  name: <upload-datavolume> <1>
+  name: <datavolume> <1>
 spec:
   source:
-      upload: {}
-  pvc:
-    accessModes:
-      - ReadWriteOnce
+    upload: {}
+  storage:
     resources:
       requests:
         storage: <2Gi> <2>
 ----
-<1> The name of the data volume.
-<2> The size of the data volume. Ensure that this value is greater than or equal
-to the size of the disk that you upload.
+<1> Specify the name of the new data volume.
+<2> Specify the amount of available space requested for the data volume. This value must be greater than or equal to the _virtual_ size of the disk that you upload.
 
 . Create the data volume by running the following command:
 +
-
 [source,terminal]
 ----
-$ oc create -f <upload-datavolume>.yaml
+$ oc create -f <datavolume>.yaml
 ----
diff --git a/modules/virt-creating-and-exposing-mediated-devices.adoc b/modules/virt-creating-and-exposing-mediated-devices.adoc
index ff6834eebeb0..f99cc07ff843 100644
--- a/modules/virt-creating-and-exposing-mediated-devices.adoc
+++ b/modules/virt-creating-and-exposing-mediated-devices.adoc
@@ -1,46 +1,48 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
-:_content-type: PROCEDURE
-[id="virt-creating-and-exposing-mediated-devices_{context}"]
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-exposing-mediated-devices_{context}"]
 = Creating and exposing mediated devices
 
-You can expose and create mediated devices such as virtual GPUs (vGPUs) by editing the `HyperConverged` custom resource (CR).
+As an administrator, you can create mediated devices and expose them to the cluster by editing the `HyperConverged` custom resource (CR).
 
 .Prerequisites
 
-* You enabled the IOMMU (Input-Output Memory Management Unit) driver.
+* You enabled the Input-Output Memory Management Unit (IOMMU) driver.
+* If your hardware vendor provides drivers, you installed them on the nodes where you want to create mediated devices.
+** If you use NVIDIA cards, you link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/openshift-virtualization.html[installed the NVIDIA GRID driver].
 
 .Procedure
 
-. Edit the `HyperConverged` CR in your default editor by running the following command:
+. Open the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
-
-. Add the mediated device information to the `HyperConverged` CR `spec`, ensuring that you include the `mediatedDevicesConfiguration` and `permittedHostDevices` stanzas. For example:
 +
-.Example configuration file
-[source,yaml]
+.Example configuration file with mediated devices configured
+[%collapsible]
+====
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
-  mediatedDevicesConfiguration: <.>
-    mediatedDevicesTypes: <.>
+  mediatedDevicesConfiguration:
+    mediatedDeviceTypes:
     - nvidia-231
-    nodeMediatedDeviceTypes: <.>
-    - mediatedDevicesTypes: <.>
+    nodeMediatedDeviceTypes:
+    - mediatedDeviceTypes:
       - nvidia-233
       nodeSelector:
         kubernetes.io/hostname: node-11.redhat.com
-  permittedHostDevices: <.>
+  permittedHostDevices:
     mediatedDevices:
     - mdevNameSelector: GRID T4-2Q
       resourceName: nvidia.com/GRID_T4-2Q
@@ -48,17 +50,71 @@ spec:
       resourceName: nvidia.com/GRID_T4-8Q
 # ...
 ----
-<.> Creates mediated devices.
-<.> Required: Global `mediatedDevicesTypes` configuration.
-<.> Optional: Overrides the global configuration for specific nodes.
-<.> Required if you use `nodeMediatedDeviceTypes`.
-<.> Exposes mediated devices to the cluster.
+====
+
+. Create mediated devices by adding them to the `spec.mediatedDevicesConfiguration` stanza:
++
+.Example YAML snippet
+[source,yaml]
+----
+# ...
+spec:
+  mediatedDevicesConfiguration:
+    mediatedDeviceTypes: <1>
+    - <device_type>
+    nodeMediatedDeviceTypes: <2>
+    - mediatedDeviceTypes: <3>
+      - <device_type>
+      nodeSelector: <4>
+        <node_selector_key>: <node_selector_value>
+# ...
+----
+<1> Required: Configures global settings for the cluster.
+<2> Optional: Overrides the global configuration for a specific node or group of nodes. Must be used with the global `mediatedDeviceTypes` configuration.
+<3> Required if you use `nodeMediatedDeviceTypes`. Overrides the global `mediatedDeviceTypes` configuration for the specified nodes.
+<4> Required if you use `nodeMediatedDeviceTypes`. Must include a `key:value` pair.
++
+[IMPORTANT]
+====
+Before {VirtProductName} 4.14, the `mediatedDeviceTypes` field was named `mediatedDevicesTypes`. Ensure that you use the correct field name when configuring mediated devices.
+====
+
+. Identify the name selector and resource name values for the devices that you want to expose to the cluster. You will add these values to the `HyperConverged` CR in the next step.
+.. Find the `resourceName` value by running the following command:
++
+[source,terminal]
+----
+$ oc get $NODE -o json \
+  | jq '.status.allocatable \
+    | with_entries(select(.key | startswith("nvidia.com/"))) \
+    | with_entries(select(.value != "0"))'
+----
+
+.. Find the `mdevNameSelector` value by viewing the contents of `/sys/bus/pci/devices/<slot>:<bus>:<domain>.<function>/mdev_supported_types/<type>/name`, substituting the correct values for your system.
++
+For example, the name file for the `nvidia-231` type contains the selector string `GRID T4-2Q`. Using `GRID T4-2Q` as the `mdevNameSelector` value allows nodes to use the `nvidia-231` type.
+
+. Expose the mediated devices to the cluster by adding the `mdevNameSelector` and `resourceName` values to the
+`spec.permittedHostDevices.mediatedDevices` stanza of the `HyperConverged` CR:
++
+.Example YAML snippet
+[source,yaml]
+----
+# ...
+  permittedHostDevices:
+    mediatedDevices:
+    - mdevNameSelector: GRID T4-2Q <1>
+      resourceName: nvidia.com/GRID_T4-2Q <2>
+# ...
+----
+<1> Exposes the mediated devices that map to this value on the host.
+<2> Matches the resource name that is allocated on the node.
 
 . Save your changes and exit the editor.
 
 .Verification
 
-* You can verify that a device was added to a specific node by running the following command:
+* Optional: Confirm that a device was added to a specific node by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/virt-creating-blank-disk-datavolumes.adoc b/modules/virt-creating-blank-disk-datavolumes.adoc
deleted file mode 100644
index a00900b72afa..000000000000
--- a/modules/virt-creating-blank-disk-datavolumes.adoc
+++ /dev/null
@@ -1,45 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-expanding-virtual-storage-with-blank-disk-images.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-blank-disk-datavolumes_{context}"]
-= Creating a blank disk image with data volumes
-
-You can create a new blank disk image in a persistent volume claim by
-customizing and deploying a data volume configuration file.
-
-.Prerequisites
-
-* At least one available persistent volume.
-* Install the OpenShift CLI (`oc`).
-
-.Procedure
-
-. Edit the `DataVolume` manifest:
-+
-[source,yaml]
-----
-apiVersion: cdi.kubevirt.io/v1beta1
-kind: DataVolume
-metadata:
-  name: blank-image-datavolume
-spec:
-  source:
-      blank: {}
-  pvc:
-    storageClassName: "hostpath" <1>
-    accessModes:
-      - ReadWriteOnce
-    resources:
-      requests:
-        storage: 500Mi
-----
-<1> Optional: If you do not specify a storage class, the default storage class is applied.
-
-. Create the blank disk image by running the following command:
-+
-[source,terminal]
-----
-$ oc create -f <blank-image-datavolume>.yaml
-----
diff --git a/modules/virt-creating-bridge-nad-cli.adoc b/modules/virt-creating-bridge-nad-cli.adoc
deleted file mode 100644
index 9f5ebcc781da..000000000000
--- a/modules/virt-creating-bridge-nad-cli.adoc
+++ /dev/null
@@ -1,67 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-linux-bridge-nad-cli_{context}"]
-= Creating a Linux bridge network attachment definition in the CLI
-
-As a network administrator, you can configure a network attachment definition of type `cnv-bridge` to provide layer-2 networking to pods and virtual machines.
-
-.Prerequisites
-
-* The node must support nftables and the `nft` binary must be deployed to enable MAC spoof check.
-
-.Procedure
-
-. Create a network attachment definition in the same namespace as the virtual machine.
-
-. Add the virtual machine to the network attachment definition, as in the following example:
-+
-[source,yaml]
-----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
-  name: <bridge-network> <1>
-  annotations:
-    k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/<bridge-interface> <2>
-spec:
-  config: '{
-    "cniVersion": "0.3.1",
-    "name": "<bridge-network>", <3>
-    "type": "cnv-bridge", <4>
-    "bridge": "<bridge-interface>", <5>
-    "macspoofchk": true, <6>
-    "vlan": 1 <7>
-  }'
-----
-<1> The name for the `NetworkAttachmentDefinition` object.
-<2> Optional: Annotation key-value pair for node selection, where `bridge-interface` must match the name of a bridge configured on some nodes. If you add this annotation to your network attachment definition, your virtual machine instances will only run on the nodes that have the `bridge-interface` bridge connected.
-<3> The name for the configuration. It is recommended to match the configuration name to the `name` value of the network attachment definition.
-<4> The actual name of the Container Network Interface (CNI) plugin that provides the network for this network attachment definition. Do not change this field unless you want to use a different CNI.
-<5> The name of the Linux bridge configured on the node.
-<6> Optional: Flag to enable MAC spoof check. When set to `true`, you cannot change the MAC address of the pod or guest interface. This attribute provides security against a MAC spoofing attack by allowing only a single MAC address to exit the pod.
-<7> Optional: The VLAN tag. No additional VLAN configuration is required on the node network configuration policy.
-+
-[NOTE]
-====
-A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
-====
-
-. Create the network attachment definition:
-+
-[source,terminal]
-----
-$ oc create -f <network-attachment-definition.yaml> <1>
-----
-<1> Where `<network-attachment-definition.yaml>` is the file name of the network attachment definition manifest.
-
-.Verification
-
-* Verify that the network attachment definition was created by running the following command:
-+
-[source,terminal]
-----
-$ oc get network-attachment-definition <bridge-network>
-----
diff --git a/modules/virt-creating-bridge-nad-web.adoc b/modules/virt-creating-bridge-nad-web.adoc
deleted file mode 100644
index b13a352ec98d..000000000000
--- a/modules/virt-creating-bridge-nad-web.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
-//This file contains UI elements and/or package names that need to be updated.
-
-:_content-type: PROCEDURE
-[id="virt-creating-linux-bridge-nad-web_{context}"]
-= Creating a Linux bridge network attachment definition in the web console
-
-You can create network attachment definitions to provide layer-2 networking to pods and virtual machines.
-
-A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
-
-.Procedure
-
-. In the web console, click *Networking* -> *NetworkAttachmentDefinitions*.
-. Click *Create Network Attachment Definition*.
-+
-[NOTE]
-====
-The network attachment definition must be in the same namespace as the pod or virtual machine.
-====
-+
-. Enter a unique *Name* and optional *Description*.
-. Select *CNV Linux bridge* from the *Network Type* list.
-. Enter the name of the bridge in the *Bridge Name* field.
-. Optional: If the resource has VLAN IDs configured, enter the ID numbers in the *VLAN Tag Number* field.
-. Optional: Select *MAC Spoof Check* to enable MAC spoof filtering. This feature provides security against a MAC spoofing attack by allowing only a single MAC address to exit the pod.
-. Click *Create*.
\ No newline at end of file
diff --git a/modules/virt-creating-custom-monitoring-label-for-vms.adoc b/modules/virt-creating-custom-monitoring-label-for-vms.adoc
index 90fe10c946f9..fc85ba3ebd33 100644
--- a/modules/virt-creating-custom-monitoring-label-for-vms.adoc
+++ b/modules/virt-creating-custom-monitoring-label-for-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-custom-monitoring-label-for-vms_{context}"]
 = Creating a custom monitoring label for virtual machines
 
diff --git a/modules/virt-creating-custom-namespace-for-templates.adoc b/modules/virt-creating-custom-namespace-for-templates.adoc
deleted file mode 100644
index 7bba6890fbee..000000000000
--- a/modules/virt-creating-custom-namespace-for-templates.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/vm_templates/virt-deploying-vm-template-to-custom-namespace.adoc
-
-[id="virt-creating-custom-namespace-for-templates_{context}"]
-= Creating a custom namespace for templates
-
-You can create a custom namespace that is used to deploy virtual machine templates for use by anyone who has permissions to access those templates. To add templates to a custom namespace, edit the `HyperConverged` custom resource (CR), add  `commonTemplatesNamespace` to the spec, and specify the custom namespace for the virtual machine templates. After the `HyperConverged` CR is modified, the `ssp-operator` populates the templates in the custom namespace.
-
-.Prerequisites
-
-* Install the {product-title} CLI `oc`.
-* Log in as a user with cluster-admin privileges.
-
-.Procedure
-
-* Use the following command to create your custom namespace:
-+
-----
-$ oc create namespace <mycustomnamespace>
-----
-+
diff --git a/modules/virt-creating-data-volumes-using-pvc-api.adoc b/modules/virt-creating-data-volumes-using-pvc-api.adoc
deleted file mode 100644
index d6a4fe300b87..000000000000
--- a/modules/virt-creating-data-volumes-using-pvc-api.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc
-
-[id="virt-creating-data-volumes-using-pvc-api_{context}"]
-
-= Creating data volumes using the PVC API
-
-When you create a data volume using the PVC API, the Containerized Data Interface (CDI) creates the data volume based on what you specify for the following fields:
-
-* `accessModes` (`ReadWriteOnce`, `ReadWriteMany`, or `ReadOnlyMany`)
-* `volumeMode` (`Filesystem` or `Block`)
-* `capacity` of `storage` (`5Gi`, for example)
-
-In the following YAML, using the PVC API allocates a data volume with a storage capacity of two gigabytes. You specify an access mode of `ReadWriteMany` to enable live migration. Because you know the values your system can support, you specify `Block` storage instead of the default, `Filesystem`.
-
-.Example DataVolume definition
-[source,yaml]
-----
-apiVersion: cdi.kubevirt.io/v1beta1
-kind: DataVolume
-metadata:
-  name: <datavolume> <1>
-spec:
-  source:
-    pvc: <2>
-      namespace: "<source_namespace>" <3>
-      name: "<my_vm_disk>" <4>
-  pvc: <5>
-    accessModes: <6>
-      - ReadWriteMany
-    resources:
-      requests:
-        storage: 2Gi <7>
-    volumeMode: Block <8>
-    storageClassName: <storage_class> <9>
-----
-<1> The name of the new data volume.
-<2> In the `source` section, `pvc` indicates that the source of the import is an existing persistent volume claim (PVC).
-<3> The namespace where the source PVC exists.
-<4> The name of the source PVC.
-<5> Indicates allocation using the PVC API.
-<6> `accessModes` is required when using the PVC API.
-<7> Specifies the amount of space you are requesting for your data volume.
-<8> Specifies that the destination is a block PVC.
-<9> Optionally, specify the storage class. If the storage class is not specified, the system default storage class is used.
-
-[IMPORTANT]
-====
-When you explicitly allocate a data volume by using the PVC API and you are not using `volumeMode: Block`, consider file system overhead.
-
-File system overhead is the amount of space required by the file system to maintain its metadata. The amount of space required for file system metadata is file system dependent. Failing to account for file system overhead in your storage capacity request can result in an underlying persistent volume claim (PVC) that is not large enough to accommodate your virtual machine disk.
-
-If you use the storage API, the CDI will factor in file system overhead and  request a larger persistent volume claim (PVC) to ensure that your allocation request is successful.
-====
diff --git a/modules/virt-creating-data-volumes-using-storage-api.adoc b/modules/virt-creating-data-volumes-using-storage-api.adoc
deleted file mode 100644
index d22da9d58b6c..000000000000
--- a/modules/virt-creating-data-volumes-using-storage-api.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc
-
-[id="virt-creating-data-volumes-using-storage-api_{context}"]
-
-= Creating data volumes using the storage API
-
-When you create a data volume using the storage API, the Containerized Data Interface (CDI) optimizes your persistent volume claim (PVC) allocation based on the type of storage supported by your selected storage class. You only have to specify the data volume name, namespace, and the amount of storage that you want to allocate.
-
-For example:
-
-* When using Ceph RBD, `accessModes` is automatically set to `ReadWriteMany`, which enables live migration. `volumeMode` is set to `Block` to maximize performance.
-* When you are using `volumeMode: Filesystem`, more space will automatically be requested by the CDI, if required to accommodate file system overhead.
-
-In the following YAML, using the storage API requests a data volume with two gigabytes of usable space. The user does not need to know the `volumeMode` in order to correctly estimate the required persistent volume claim (PVC) size. The CDI chooses the optimal combination of `accessModes` and `volumeMode` attributes automatically.  These optimal values are based on the type of storage or the defaults that you define in your storage profile. If you want to provide custom values, they override the system-calculated values.
-
-.Example DataVolume definition
-[source,yaml]
-----
-apiVersion: cdi.kubevirt.io/v1beta1
-kind: DataVolume
-metadata:
-  name: <datavolume> <1>
-spec:
-  source:
-    pvc: <2>
-      namespace: "<source_namespace>" <3>
-      name: "<my_vm_disk>" <4>
-  storage: <5>
-    resources:
-      requests:
-        storage: 2Gi <6>
-    storageClassName: <storage_class> <7>
-
-----
-<1> The name of the new data volume.
-<2> Indicate that the source of the import is an existing persistent volume claim (PVC).
-<3> The namespace where the source PVC exists.
-<4> The name of the source PVC.
-<5> Indicates allocation using the storage API.
-<6> Specifies the amount of available space that you request for the PVC.
-<7> Optional: The name of the storage class. If the storage class is not specified, the system default storage class is used.
diff --git a/modules/virt-creating-hpp-basic-storage-pool.adoc b/modules/virt-creating-hpp-basic-storage-pool.adoc
index 4d70f953ccb0..3cbf9ffa66a6 100644
--- a/modules/virt-creating-hpp-basic-storage-pool.adoc
+++ b/modules/virt-creating-hpp-basic-storage-pool.adoc
@@ -1,17 +1,22 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
+// * virt/storage/virt-configuring-local-storage-with-hpp.adoc
+// * virt/post_installation_configuration/virt-post-install-storage-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-hpp-basic-storage-pool_{context}"]
 = Creating a hostpath provisioner with a basic storage pool
 
 You configure a hostpath provisioner (HPP) with a basic storage pool by creating an HPP custom resource (CR) with a `storagePools` stanza. The storage pool specifies the name and path used by the CSI driver.
 
+[IMPORTANT]
+====
+Do not create storage pools in the same partition as the operating system. Otherwise, the operating system partition might become filled to capacity, which will impact performance or cause the node to become unstable or unusable.
+====
+
 .Prerequisites
 
 * The directories specified in `spec.storagePools.path` must have read/write access.
-* The storage pools must not be in the same partition as the operating system. Otherwise, the operating system partition might become filled to capacity, which will impact performance or cause the node to become unstable or unusable.
 
 .Procedure
 
diff --git a/modules/virt-creating-interface-on-nodes.adoc b/modules/virt-creating-interface-on-nodes.adoc
index 4e1242107c8a..12b58c001034 100644
--- a/modules/virt-creating-interface-on-nodes.adoc
+++ b/modules/virt-creating-interface-on-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-interface-on-nodes_{context}"]
 = Creating an interface on nodes
 
diff --git a/modules/virt-creating-layer2-nad-cli.adoc b/modules/virt-creating-layer2-nad-cli.adoc
new file mode 100644
index 000000000000..c6bacbe1d72e
--- /dev/null
+++ b/modules/virt-creating-layer2-nad-cli.adoc
@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-layer2-nad-cli_{context}"]
+= Creating a NAD for flat layer 2 topology using the CLI
+
+You can create a network attachment definition (NAD) which describes how to attach a pod to the layer 2 overlay network.
+
+.Prerequisites
+* You have access to the cluster as a user with `cluster-admin` privileges.
+* You have installed the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Create a `NetworkAttachmentDefinition` object:
++
+[source,yaml]
+----
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: l2-network
+  namespace: my-namespace
+spec:
+  config: |2
+    {
+            "cniVersion": "0.3.1", <1>
+            "name": "my-namespace-l2-network", <2>
+            "type": "ovn-k8s-cni-overlay", <3>
+            "topology":"layer2", <4>
+            "mtu": 1300, <5>
+            "netAttachDefName": "my-namespace/l2-network" <6>
+    }
+----
+<1> The CNI specification version. The required value is `0.3.1`.
+<2> The name of the network. This attribute is not namespaced. For example, you can have a network named `l2-network` referenced from two different `NetworkAttachmentDefinition` objects that exist in two different namespaces. This feature is useful to connect VMs in different namespaces.
+<3> The name of the CNI plug-in to be configured. The required value is `ovn-k8s-cni-overlay`.
+<4> The topological configuration for the network. The required value is `layer2`.
+<5> Optional: The maximum transmission unit (MTU) value. The default value is automatically set by the kernel.
+<6> The value of the `namespace` and `name` fields in the `metadata` stanza of the `NetworkAttachmentDefinition` object.
++
+[NOTE]
+====
+The above example configures a cluster-wide overlay without a subnet defined. This means that the logical switch implementing the network only provides layer 2 communication. You must configure an IP address when you create the virtual machine by either setting a static IP address or by deploying a DHCP server on the network for a dynamic IP address.
+====
+
+. Apply the manifest:
++
+[source,terminal]
+----
+$ oc apply -f <filename>.yaml
+----
+
diff --git a/modules/virt-creating-linux-bridge-nad-cli.adoc b/modules/virt-creating-linux-bridge-nad-cli.adoc
new file mode 100644
index 000000000000..04978d4bd3de
--- /dev/null
+++ b/modules/virt-creating-linux-bridge-nad-cli.adoc
@@ -0,0 +1,74 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-linux-bridge-nad-cli_{context}"]
+= Creating a Linux bridge NAD by using the command line
+
+You can create a network attachment definition (NAD) to provide layer-2 networking to pods and virtual machines (VMs) by using the command line.
+
+The NAD and the VM must be in the same namespace.
+
+[WARNING]
+====
+Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
+====
+
+.Prerequisites
+
+* The node must support nftables and the `nft` binary must be deployed to enable MAC spoof check.
+
+.Procedure
+
+. Add the VM to the `NetworkAttachmentDefinition` configuration, as in the following example:
++
+[source,yaml]
+----
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: bridge-network <1>
+  annotations:
+    k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/bridge-interface <2>
+spec:
+  config: '{
+    "cniVersion": "0.3.1",
+    "name": bridge-network, <3>
+    "type": cnv-bridge, <4>
+    "bridge": bridge-interface, <5>
+    "macspoofchk": true, <6>
+    "vlan": 100, <7>
+    "preserveDefaultVlan": false <8>
+  }'
+----
+<1> The name for the `NetworkAttachmentDefinition` object.
+<2> Optional: Annotation key-value pair for node selection, where `bridge-interface` must match the name of a bridge configured on some nodes. If you add this annotation to your network attachment definition, your virtual machine instances will only run on the nodes that have the `bridge-interface` bridge connected.
+<3> The name for the configuration. It is recommended to match the configuration name to the `name` value of the network attachment definition.
+<4> The actual name of the Container Network Interface (CNI) plugin that provides the network for this network attachment definition. Do not change this field unless you want to use a different CNI.
+<5> The name of the Linux bridge configured on the node.
+<6> Optional: Flag to enable MAC spoof check. When set to `true`, you cannot change the MAC address of the pod or guest interface. This attribute provides security against a MAC spoofing attack by allowing only a single MAC address to exit the pod.
+<7> Optional: The VLAN tag. No additional VLAN configuration is required on the node network configuration policy.
+<8> Optional: Indicates whether the VM connects to the bridge through the default VLAN. The default value is `true`.
++
+[NOTE]
+====
+A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
+====
+
+. Create the network attachment definition:
++
+[source,terminal]
+----
+$ oc create -f network-attachment-definition.yaml <1>
+----
+<1> Where `network-attachment-definition.yaml` is the file name of the network attachment definition manifest.
+
+.Verification
+
+* Verify that the network attachment definition was created by running the following command:
++
+[source,terminal]
+----
+$ oc get network-attachment-definition bridge-network
+----
diff --git a/modules/virt-creating-linux-bridge-nad-web.adoc b/modules/virt-creating-linux-bridge-nad-web.adoc
new file mode 100644
index 000000000000..1c1fb2fe49e1
--- /dev/null
+++ b/modules/virt-creating-linux-bridge-nad-web.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
+//This file contains UI elements and/or package names that need to be updated.
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-linux-bridge-nad-web_{context}"]
+= Creating a Linux bridge NAD by using the web console
+
+You can create a network attachment definition (NAD) to provide layer-2 networking to pods and virtual machines by using the {product-title} web console.
+
+A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
+
+[WARNING]
+====
+Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
+====
+
+.Procedure
+
+. In the web console, click *Networking* -> *NetworkAttachmentDefinitions*.
+. Click *Create Network Attachment Definition*.
++
+[NOTE]
+====
+The network attachment definition must be in the same namespace as the pod or virtual machine.
+====
++
+. Enter a unique *Name* and optional *Description*.
+. Select *CNV Linux bridge* from the *Network Type* list.
+. Enter the name of the bridge in the *Bridge Name* field.
+. Optional: If the resource has VLAN IDs configured, enter the ID numbers in the *VLAN Tag Number* field.
+. Optional: Select *MAC Spoof Check* to enable MAC spoof filtering. This feature provides security against a MAC spoofing attack by allowing only a single MAC address to exit the pod.
+. Click *Create*.
\ No newline at end of file
diff --git a/modules/virt-creating-linux-bridge-nncp.adoc b/modules/virt-creating-linux-bridge-nncp.adoc
index 23d8d8bcb12d..26e336a2b453 100644
--- a/modules/virt-creating-linux-bridge-nncp.adoc
+++ b/modules/virt-creating-linux-bridge-nncp.adoc
@@ -1,13 +1,13 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-linux-bridge-nncp_{context}"]
+= Creating a Linux bridge NNCP
 
-= Creating a Linux bridge node network configuration policy
-
-Use a `NodeNetworkConfigurationPolicy` manifest YAML file to create the Linux bridge.
+You can create a `NodeNetworkConfigurationPolicy` (NNCP) manifest for a Linux bridge network.
 
 .Prerequisites
 * You have installed the Kubernetes NMState Operator.
diff --git a/modules/virt-creating-local-block-pv.adoc b/modules/virt-creating-local-block-pv.adoc
index f16011fc1be6..a2691bdd9fe3 100644
--- a/modules/virt-creating-local-block-pv.adoc
+++ b/modules/virt-creating-local-block-pv.adoc
@@ -2,10 +2,9 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
 // * virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
-// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
+// * virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-to-new-block-storage-pvc.adoc
 
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-local-block-pv_{context}"]
 = Creating a local block persistent volume
 
@@ -18,7 +17,7 @@ virtual machine image.
 
 .Procedure
 
-. Log in as `root` to the node on which to create the local PV. This procedure
+. Log in as root user to the node on which to create the local PV. This procedure
 uses `node01` for its examples.
 
 . Create a file and populate it with null characters so that it can be used as a block device.
@@ -26,17 +25,16 @@ The following example creates a file `loop10` with a size of 2Gb (20 100Mb block
 +
 [source,terminal]
 ----
-$ dd if=/dev/zero of=<loop10> bs=100M count=20
+# dd if=/dev/zero of=loop10 bs=100M count=20
 ----
 
-. Mount the `loop10` file as a loop device.
+. Mount the `loop10` file as a loop device as in the following example:
 +
 [source,terminal]
 ----
-$ losetup </dev/loop10>d3 <loop10> <1> <2>
+# losetup /path/loop10 loop10 <1>
 ----
-<1> File path where the loop device is mounted.
-<2> The file created in the previous step to be mounted as the loop device.
+<1> Specify the path of the loop device and the loop device file name.
 
 . Create a `PersistentVolume` manifest that references the mounted loop device.
 +
@@ -71,7 +69,7 @@ spec:
 <3> Optional: Set a storage class for the PV. If you omit it, the cluster default is used.
 <4> The node on which the block device was mounted.
 
-. Create the block PV.
+. Create the block PV:
 +
 [source,terminal]
 ----
diff --git a/modules/virt-creating-new-vm-from-cloned-pvc-using-datavolumetemplate.adoc b/modules/virt-creating-new-vm-from-cloned-pvc-using-datavolumetemplate.adoc
index 68917a8210f9..b1d2cad5a1d7 100644
--- a/modules/virt-creating-new-vm-from-cloned-pvc-using-datavolumetemplate.adoc
+++ b/modules/virt-creating-new-vm-from-cloned-pvc-using-datavolumetemplate.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/cloning_vms/virt-cloning-vm-using-datavolumetemplate.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-new-vm-from-cloned-pvc-using-datavolumetemplate_{context}"]
 = Creating a new virtual machine from a cloned persistent volume claim by using a data volume template
 
diff --git a/modules/virt-creating-pvc-with-virtctl-guestfs.adoc b/modules/virt-creating-pvc-with-virtctl-guestfs.adoc
deleted file mode 100644
index b3c10b8a278e..000000000000
--- a/modules/virt-creating-pvc-with-virtctl-guestfs.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/getting_started/virt-using-the-cli-tools.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-pvc-with-virtctl-guestfs_{context}"]
-= Deploying a libguestfs-tools container by using virtctl
-
-You can use the `virtctl guestfs` command to deploy an interactive container with `libguestfs-tools` and a persistent volume claim (PVC) attached to it.
-
-.Procedure
-
-* To deploy a container with `libguestfs-tools`, mount the PVC, and attach a shell to it, run the following command:
-+
-[source,terminal]
-----
-$ virtctl guestfs -n <namespace> <pvc_name> <1>
-----
-<1> The PVC name is a required argument. If you do not include it, an error message appears.
diff --git a/modules/virt-creating-rbac-cloning-dvs.adoc b/modules/virt-creating-rbac-cloning-dvs.adoc
index ad1cf7515f6f..b879c62a30d1 100644
--- a/modules/virt-creating-rbac-cloning-dvs.adoc
+++ b/modules/virt-creating-rbac-cloning-dvs.adoc
@@ -1,13 +1,17 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc
+// * virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-rbac-cloning-dvs_{context}"]
 = Creating RBAC resources for cloning data volumes
 
 Create a new cluster role that enables permissions for all actions for the `datavolumes` resource.
 
+.Prerequisites
+
+* You must have cluster admin privileges.
+
 .Procedure
 
 . Create a `ClusterRole` manifest:
diff --git a/modules/virt-creating-service-cli.adoc b/modules/virt-creating-service-cli.adoc
new file mode 100644
index 000000000000..26085f0a7ddf
--- /dev/null
+++ b/modules/virt-creating-service-cli.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-creating-service-vm.adoc
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-service-cli_{context}"]
+= Creating a service by using the command line
+
+You can create a service and associate it with a virtual machine (VM) by using the command line.
+
+.Prerequisites
+
+* You configured the cluster network to support the service.
+
+.Procedure
+
+. Edit the `VirtualMachine` manifest to add the label for service creation:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: example-vm
+  namespace: example-namespace
+spec:
+  running: false
+  template:
+    metadata:
+      labels:
+        special: key <1>
+# ...
+----
+<1> Add `special: key` to the `spec.template.metadata.labels` stanza.
++
+[NOTE]
+====
+Labels on a virtual machine are passed through to the pod. The `special: key` label must match the label in the `spec.selector` attribute of the `Service` manifest.
+====
+
+. Save the `VirtualMachine` manifest file to apply your changes.
+
+. Create a `Service` manifest to expose the VM:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Service
+metadata:
+  name: example-service
+  namespace: example-namespace
+spec:
+# ...
+  selector:
+    special: key <1>
+  type: NodePort <2>
+----
+<1> Specify the label that you added to the `spec.template.metadata.labels` stanza of the `VirtualMachine` manifest.
+<2> Specify `ClusterIP`, `NodePort`, or `LoadBalancer`.
+
+. Save the `Service` manifest file.
+. Create the service by running the following command:
++
+[source,terminal]
+----
+$ oc create -f example-service.yaml
+----
+
+. Restart the VM to apply the changes.
+
+.Verification
+
+* Query the `Service` object to verify that it is available:
++
+[source,terminal]
+----
+$ oc get service -n example-namespace
+----
diff --git a/modules/virt-creating-service-virtctl.adoc b/modules/virt-creating-service-virtctl.adoc
new file mode 100644
index 000000000000..56c71e9db400
--- /dev/null
+++ b/modules/virt-creating-service-virtctl.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-service-virtctl_{context}"]
+= Creating a service by using virtctl
+
+You can create a service for a virtual machine (VM) by using the `virtctl` command line tool.
+
+.Prerequisites
+
+* You installed the `virtctl` command line tool.
+* You configured the cluster network to support the service.
+* The environment where you installed `virtctl` has the cluster permissions required to access the VM. For example, you ran `oc login` or you set the `KUBECONFIG` environment variable.
+
+.Procedure
+
+* Create a service by running the following command:
++
+[source,terminal]
+----
+$ virtctl expose vm <vm_name> --name <service_name> --type <service_type> --port <port> <1>
+----
+<1> Specify the `ClusterIP`, `NodePort`, or `LoadBalancer` service type.
++
+.Example
++
+[source,terminal]
+----
+$ virtctl expose vm example-vm --name example-service --type NodePort --port 22
+----
+
+.Verification
+
+* Verify the service by running the following command:
++
+[source,terminal]
+----
+$ oc get service
+----
\ No newline at end of file
diff --git a/modules/virt-creating-service-web.adoc b/modules/virt-creating-service-web.adoc
new file mode 100644
index 000000000000..18584fc0ba57
--- /dev/null
+++ b/modules/virt-creating-service-web.adoc
@@ -0,0 +1,24 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-service-web_{context}"]
+= Creating a service by using the web console
+
+You can create a node port or load balancer service for a virtual machine (VM) by using the {product-title} web console.
+
+.Prerequisites
+
+* You configured the cluster network to support either a load balancer or a node port.
+* To create a load balancer service, you enabled the creation of load balancer services.
+
+.Procedure
+
+. Navigate to *VirtualMachines* and select a virtual machine to view the *VirtualMachine details* page.
+. On the *Details* tab, select *SSH over LoadBalancer* from the *SSH service type* list.
+. Optional: Click the copy icon to copy the `SSH` command to your clipboard.
+
+.Verification
+
+* Check the *Services* pane on the *Details* tab to view the new service.
\ No newline at end of file
diff --git a/modules/virt-creating-servicemonitor-resource-for-node-exporter.adoc b/modules/virt-creating-servicemonitor-resource-for-node-exporter.adoc
index 5e26421635bc..52bbd6c4bd48 100644
--- a/modules/virt-creating-servicemonitor-resource-for-node-exporter.adoc
+++ b/modules/virt-creating-servicemonitor-resource-for-node-exporter.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-servicemonitor-resource-for-node-exporter_{context}"]
 = Creating a ServiceMonitor resource for the node exporter service
 
diff --git a/modules/virt-creating-storage-class-csi-driver.adoc b/modules/virt-creating-storage-class-csi-driver.adoc
index cee5573df0d2..2bcbe5481488 100644
--- a/modules/virt-creating-storage-class-csi-driver.adoc
+++ b/modules/virt-creating-storage-class-csi-driver.adoc
@@ -1,12 +1,22 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
+// * virt/storage/virt-configuring-local-storage-with-hpp.adoc
+// * virt/post_installation_configuration/virt-post-install-storage-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-storage-class-csi-driver_{context}"]
 = Creating a storage class for the CSI driver with the storagePools stanza
 
-You create a storage class custom resource (CR) for the hostpath provisioner (HPP) CSI driver.
+To use the hostpath provisioner (HPP) you must create an associated storage class for the Container Storage Interface (CSI) driver.
+
+When you create a storage class, you set parameters that affect the dynamic provisioning of persistent volumes (PVs) that belong to that storage class. You cannot update a `StorageClass` object's parameters after you create it.
+
+[NOTE]
+====
+Virtual machines use data volumes that are based on local PVs. Local PVs are bound to specific nodes. While a disk image is prepared for consumption by the virtual machine, it is possible that the virtual machine cannot be scheduled to the node where the local storage PV was previously pinned.
+
+To solve this problem, use the Kubernetes pod scheduler to bind the persistent volume claim (PVC) to a PV on the correct node. By using the `StorageClass` value with `volumeBindingMode` parameter set to `WaitForFirstConsumer`, the binding and provisioning of the PV is delayed until a pod is created using the PVC.
+====
 
 .Procedure
 
@@ -17,14 +27,13 @@ You create a storage class custom resource (CR) for the hostpath provisioner (HP
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: hostpath-csi 
+  name: hostpath-csi
 provisioner: kubevirt.io.hostpath-provisioner
 reclaimPolicy: Delete <1>
 volumeBindingMode: WaitForFirstConsumer <2>
 parameters:
   storagePool: my-storage-pool <3>
 ----
-
 <1> The two possible `reclaimPolicy` values are `Delete` and `Retain`. If you do not specify a value, the default value is `Delete`.
 <2> The `volumeBindingMode` parameter determines when dynamic provisioning and volume binding occur. Specify `WaitForFirstConsumer` to delay the binding and provisioning of a persistent volume (PV) until after a pod that uses the persistent volume claim (PVC) is created. This ensures that the PV meets the pod's scheduling requirements.
 <3> Specify the name of the storage pool defined in the HPP CR.
diff --git a/modules/virt-creating-storage-pool-pvc-template.adoc b/modules/virt-creating-storage-pool-pvc-template.adoc
index 178beb6a0ba9..68f7cfc0ea04 100644
--- a/modules/virt-creating-storage-pool-pvc-template.adoc
+++ b/modules/virt-creating-storage-pool-pvc-template.adoc
@@ -1,17 +1,21 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
+// * virt/storage/virt-configuring-local-storage-with-hpp.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-storage-pool-pvc-template_{context}"]
 = Creating a storage pool with a PVC template
 
 You can create a storage pool for multiple hostpath provisioner (HPP) volumes by specifying a PVC template in the HPP custom resource (CR).
 
+[IMPORTANT]
+====
+Do not create storage pools in the same partition as the operating system. Otherwise, the operating system partition might become filled to capacity, which will impact performance or cause the node to become unstable or unusable.
+====
+
 .Prerequisites
 
 * The directories specified in `spec.storagePools.path` must have read/write access.
-* The storage pools must not be in the same partition as the operating system. Otherwise, the operating system partition might become filled to capacity, which will impact performance or cause the node to become unstable or unusable.
 
 .Procedure
 
diff --git a/modules/virt-creating-template.adoc b/modules/virt-creating-template.adoc
index 4e1c81b53a3c..e88578fb4fcd 100644
--- a/modules/virt-creating-template.adoc
+++ b/modules/virt-creating-template.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-template_{context}"]
 = Creating a virtual machine template in the web console
 
diff --git a/modules/virt-creating-virtualmachineexport.adoc b/modules/virt-creating-virtualmachineexport.adoc
index 90d25b708961..d9787bf7ebd3 100644
--- a/modules/virt-creating-virtualmachineexport.adoc
+++ b/modules/virt-creating-virtualmachineexport.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-export-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-virtualmachineexport_{context}"]
 = Creating a VirtualMachineExport custom resource
 
diff --git a/modules/virt-creating-vm-cli.adoc b/modules/virt-creating-vm-cli.adoc
index a5dc9458c93f..5ece0b80fbb8 100644
--- a/modules/virt-creating-vm-cli.adoc
+++ b/modules/virt-creating-vm-cli.adoc
@@ -1,16 +1,16 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-vm-cli_{context}"]
-= Using the CLI to create a virtual machine
+= Creating a VM from a VirtualMachine manifest
 
-You can create a virtual machine from a `virtualMachine` manifest.
+You can create a virtual machine (VM) from a `VirtualMachine` manifest.
 
 .Procedure
 
-. Edit the `VirtualMachine` manifest for your VM. For example, the following manifest configures a {op-system-base-full} VM:
+. Edit the `VirtualMachine` manifest for your VM. The following example configures a {op-system-base-full} VM:
 +
 .Example manifest for a {op-system-base} VM
 [source,yaml]
diff --git a/modules/virt-creating-vm-cloned-pvc-data-volume-template.adoc b/modules/virt-creating-vm-cloned-pvc-data-volume-template.adoc
new file mode 100644
index 000000000000..cb47006fee68
--- /dev/null
+++ b/modules/virt-creating-vm-cloned-pvc-data-volume-template.adoc
@@ -0,0 +1,73 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-vm-cloning-pvc-data-volume-template_{context}"]
+= Creating a VM from a cloned PVC by using a data volume template
+
+You can create a virtual machine (VM) that clones the persistent volume claim (PVC) of an existing VM by using a data volume template.
+
+This method creates a data volume whose lifecycle is dependent on the original VM. Deleting the original VM deletes the cloned data volume and its associated PVC.
+
+.Prerequisites
+
+* The VM with the source PVC must be powered down.
+
+.Procedure
+
+. Create a `VirtualMachine` manifest as shown in the following example:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  labels:
+    kubevirt.io/vm: vm-dv-clone
+  name: vm-dv-clone <1>
+spec:
+  running: false
+  template:
+    metadata:
+      labels:
+        kubevirt.io/vm: vm-dv-clone
+    spec:
+      domain:
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: root-disk
+        resources:
+          requests:
+            memory: 64M
+      volumes:
+      - dataVolume:
+          name: favorite-clone
+        name: root-disk
+  dataVolumeTemplates:
+  - metadata:
+      name: favorite-clone
+    spec:
+      storage:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 2Gi
+      source:
+        pvc:
+          namespace: <source_namespace> <2>
+          name: "<source_pvc>" <3>
+----
+<1> Specify the name of the VM.
+<2> Specify the namespace of the source PVC.
+<3> Specify the name of the source PVC.
+
+. Create the virtual machine with the PVC-cloned data volume:
++
+[source,terminal]
+----
+$ oc create -f <vm-clone-datavolumetemplate>.yaml
+----
diff --git a/modules/virt-creating-vm-custom-image-web.adoc b/modules/virt-creating-vm-custom-image-web.adoc
new file mode 100644
index 000000000000..89f6bbebcc07
--- /dev/null
+++ b/modules/virt-creating-vm-custom-image-web.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-web-images.adoc
+
+ifeval::["{context}" == "virt-creating-vms-from-web-images"]
+:url:
+:title-frag: from an image on a web page
+:a-object: an image
+:object: image
+:data-source: web page
+:menu-item: URL (creates PVC)
+endif::[]
+ifeval::["{context}" == "virt-creating-vms-from-container-disks"]
+:container-disks:
+:title-frag: from a container disk
+:a-object: a container disk
+:object: container disk
+:data-source: container registry
+:menu-item: Registry (creates PVC)
+endif::[]
+ifeval::["{context}" == "virt-creating-vms-by-cloning-pvcs"]
+:clone:
+:title-frag: from a PVC
+:menu-item: PVC (clone PVC)
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-vm-custom-image-web_{context}"]
+= Creating a VM {title-frag} by using the web console
+
+ifdef::url,container-disks[]
+You can create a virtual machine (VM) by importing {a-object} from a {data-source} by using the {product-title} web console.
+endif::[]
+ifdef::clone[]
+You can create a virtual machine (VM) by cloning a persistent volume claim (PVC) by using the {product-title} web console.
+endif::[]
+
+.Prerequisites
+
+ifdef::url,container-disk[]
+* You must have access to the {data-source} that contains the {object}.
+endif::[]
+ifdef::clone[]
+* You must have access to the namespace that contains the source PVC.
+endif::[]
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Catalog* in the web console.
+. Click a template tile without an available boot source.
+. Click *Customize VirtualMachine*.
+. On the *Customize template parameters* page, expand *Storage* and select *{menu-item}* from the *Disk source* list.
+ifdef::url[]
+. Enter the image URL. Example: `\https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.9/x86_64/product-software`
+endif::[]
+ifdef::container-disks[]
+. Enter the container image URL. Example: `\https://mirror.arizona.edu/fedora/linux/releases/38/Cloud/x86_64/images/Fedora-Cloud-Base-38-1.6.x86_64.qcow2`
+endif::[]
+ifdef::clone[]
+. Select the PVC project and the PVC name.
+endif::[]
+. Set the disk size.
+. Click *Customize VirtualMachine*.
+. Click *Create VirtualMachine*.
+
+ifeval::["{context}" == "virt-creating-vms-from-web-images"]
+:!url:
+endif::[]
+ifeval::["{context}" == "virt-creating-vms-from-container-disks"]
+:!container-disks:
+endif::[]
+ifeval::["{context}" == "virt-creating-vms-by-cloning-pvcs"]
+:!clone:
+endif::[]
diff --git a/modules/virt-creating-vm-custom-template.adoc b/modules/virt-creating-vm-custom-template.adoc
deleted file mode 100644
index 4a2c7dc95622..000000000000
--- a/modules/virt-creating-vm-custom-template.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-create-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-vm-custom-template_{context}"]
-= Creating a virtual machine from a customized template
-
-Some templates require additional parameters, for example, a PVC with a boot source. You can customize select parameters of a template to create a virtual machine (VM).
-
-.Procedure
-
-. In the web console, select a template:
-
-.. Click *Virtualization* -> *Catalog* in the side menu.
-
-.. Optional: Filter the templates by project, keyword, operating system, or workload profile.
-
-.. Click the template that you want to customize.
-
-. Click *Customize VirtualMachine*.
-
-. Specify parameters for your VM, including its *Name* and *Disk source*.  You can optionally specify a data source to clone.
-
-.Verification
-
-. Click *Events* to view a stream of events as the VM is provisioned.
-
-. Click *Console* to verify that the VM booted successfully.
diff --git a/modules/virt-creating-vm-from-template.adoc b/modules/virt-creating-vm-from-template.adoc
new file mode 100644
index 000000000000..4b143d83ade5
--- /dev/null
+++ b/modules/virt-creating-vm-from-template.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-vm-from-template_{context}"]
+= Creating a VM from a template
+
+You can create a virtual machine (VM) from a template with an available boot source by using the {product-title} web console.
+
+Optional: You can customize template or VM parameters, such as data sources, cloud-init, or SSH keys, before you start the VM.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Catalog* in the web console.
+. Click *Boot source available* to filter templates with boot sources.
++
+The catalog displays the default templates. Click *All Items* to view all available templates for your filters.
+
+. Click a template tile to view its details.
+. Click *Quick create VirtualMachine* to create a VM from the template.
++
+Optional: Customize the template or VM parameters:
+
+.. Click *Customize VirtualMachine*.
+.. Expand *Storage* or *Optional parameters* to edit data source settings.
+.. Click *Customize VirtualMachine parameters*.
++
+The *Customize and create VirtualMachine* pane displays the *Overview*, *YAML*, *Scheduling*, *Environment*, *Network interfaces*, *Disks*, *Scripts*, and *Metadata* tabs.
+
+.. Edit the parameters that must be set before the VM boots, such as cloud-init or a static SSH key.
+.. Click *Create VirtualMachine*.
++
+The *VirtualMachine details* page displays the provisioning status.
diff --git a/modules/virt-creating-vm-import-cli.adoc b/modules/virt-creating-vm-import-cli.adoc
new file mode 100644
index 000000000000..431dd1ccf790
--- /dev/null
+++ b/modules/virt-creating-vm-import-cli.adoc
@@ -0,0 +1,182 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-web-images.adoc
+
+ifeval::["{context}" == "virt-creating-vms-from-web-images"]
+:url:
+:title-frag: from an image on a web page
+:a-object: an image
+:object: image
+:data-source: web page
+endif::[]
+ifeval::["{context}" == "virt-creating-vms-from-container-disks"]
+:container-disks:
+:title-frag: from a container disk
+:a-object: a container disk
+:object: container disk
+:data-source: container registry
+endif::[]
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-vm-import-cli_{context}"]
+= Creating a VM {title-frag} by using the command line
+
+You can create a virtual machine (VM) {title-frag} by using the command line.
+
+When the virtual machine (VM) is created, the data volume with the {object} is imported into persistent storage.
+
+.Prerequisites
+
+* You must have access credentials for the {data-source} that contains the {object}.
+
+.Procedure
+
+. If the {data-source} requires authentication, create a `Secret` manifest, specifying the credentials, and save it as a `data-source-secret.yaml` file:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: data-source-secret
+  labels:
+    app: containerized-data-importer
+type: Opaque
+data:
+  accessKeyId: "" <1>
+  secretKey:   "" <2>
+----
+<1> Specify the Base64-encoded key ID or user name.
+<2> Specify the Base64-encoded secret key or password.
+
+. Apply the `Secret` manifest by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f data-source-secret.yaml
+----
+
+. If the VM must communicate with servers that use self-signed certificates or certificates that are not signed by the system CA bundle, create a config map in the same namespace as the VM:
++
+[source,terminal]
+----
+$ oc create configmap tls-certs <1>
+  --from-file=</path/to/file/ca.pem> <2>
+----
+<1> Specify the config map name.
+<2> Specify the path to the CA certificate.
+
+. Edit the `VirtualMachine` manifest and save it as a `vm-fedora-datavolume.yaml` file:
++
+[%collapsible]
+====
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  creationTimestamp: null
+  labels:
+    kubevirt.io/vm: vm-fedora-datavolume
+  name: vm-fedora-datavolume <1>
+spec:
+  dataVolumeTemplates:
+  - metadata:
+      creationTimestamp: null
+      name: fedora-dv <2>
+    spec:
+      storage:
+        resources:
+          requests:
+            storage: 10Gi <3>
+        storageClassName: <storage_class> <4>
+      source:
+ifdef::url[]
+        http:
+          url: "https://mirror.arizona.edu/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" <5>
+endif::[]
+ifdef::container-disks[]
+        registry:
+          url: "docker://kubevirt/fedora-cloud-container-disk-demo:latest" <5>
+endif::[]
+          secretRef: data-source-secret <6>
+          certConfigMap: tls-certs <7>
+    status: {}
+  running: true
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        kubevirt.io/vm: vm-fedora-datavolume
+    spec:
+      domain:
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: datavolumedisk1
+        machine:
+          type: ""
+        resources:
+          requests:
+            memory: 1.5Gi
+      terminationGracePeriodSeconds: 180
+      volumes:
+      - dataVolume:
+          name: fedora-dv
+        name: datavolumedisk1
+status: {}
+----
+<1> Specify the name of the VM.
+<2> Specify the name of the data volume.
+<3> Specify the size of the storage requested for the data volume.
+<4> Optional: If you do not specify a storage class, the default storage class is used.
+ifdef::url,container-disks[]
+<5> Specify the URL of the {data-source}.
+endif::[]
+<6> Optional: Specify the secret name if you created a secret for the {data-source} access credentials.
+<7> Optional: Specify a CA certificate config map.
+====
+
+. Create the VM by running the following command:
++
+[source,terminal]
+----
+$ oc create -f vm-fedora-datavolume.yaml
+----
++
+The `oc create` command creates the data volume and the VM. The CDI controller creates an underlying PVC with the correct annotation and the import process begins. When the import is complete, the data volume status changes to `Succeeded`. You can start the VM.
++
+Data volume provisioning happens in the background, so there is no need to monitor the process.
+
+.Verification
+
+. The importer pod downloads the {object} from the specified URL and stores it on the provisioned persistent volume. View the status of the importer pod by running the following command:
++
+[source,terminal]
+----
+$ oc get pods
+----
+
+. Monitor the data volume until its status is `Succeeded` by running the following command:
++
+[source,terminal]
+----
+$ oc describe dv fedora-dv <1>
+----
+<1> Specify the data volume name that you defined in the `VirtualMachine` manifest.
+
+. Verify that provisioning is complete and that the VM has started by accessing its serial console:
++
+[source,terminal]
+----
+$ virtctl console vm-fedora-datavolume
+----
+
+ifeval::["{context}" == "creating-vms-from-web-images"]
+:!url:
+endif::[]
+ifeval::["{context}" == "creating-vms-from-container-disks"]
+:!container-disks:
+endif::[]
\ No newline at end of file
diff --git a/modules/virt-creating-vm-instancetype.adoc b/modules/virt-creating-vm-instancetype.adoc
index ef7e172d4479..d1af5924cbb9 100644
--- a/modules/virt-creating-vm-instancetype.adoc
+++ b/modules/virt-creating-vm-instancetype.adoc
@@ -1,36 +1,82 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
+// * virt/virtual_machines/virt-creating-vms-from-instance-types.adoc
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
 
-:_content-type: PROCEDURE
-[id="virt-creating-vm-instancetype_{context}"]
-= Creating a virtual machine from an instance type
+ifeval::["{context}" == "virt-creating-vms-from-instance-types"]
+:virt-create-vms:
+:title: Creating a VM
+endif::[]
+ifeval::["{context}" == "static-key"]
+:static-key:
+:title: Adding a key when creating a VM
+endif::[]
+ifeval::["{context}" == "dynamic-key"]
+:dynamic-key:
+:title: Enabling dynamic key injection when creating a VM
+endif::[]
 
-You can use common instance types to install and edit customized instance types and preferences to create a virtual machine (VM).
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-vm-instancetype_{context}"]
+= {title} from an instance type
 
-:FeatureName: Creating a virtual machine from an instance type
-include::snippets/technology-preview.adoc[]
+ifdef::virt-create-vms[]
+You can create a virtual machine (VM) from an instance type by using the {product-title} web console.
+endif::[]
+ifdef::static-key[]
+You can add a statically managed SSH key when you create a virtual machine (VM) from an instance type by using the {product-title} web console. The key is added to the VM as a cloud-init data source at first boot. This method does not affect cloud-init user data.
+endif::[]
+ifdef::dynamic-key[]
+You can enable dynamic SSH key injection when you create a virtual machine (VM) from an instance type by using the {product-title} web console. Then, you can add or revoke the key at runtime.
 
-.Procedure
+[NOTE]
+====
+Only {op-system-base-full} 9 supports dynamic key injection.
+====
 
-. In the web console, navigate to *Virtualization* -> *Catalog* -> *InstanceTypes*.
+The key is added to the VM by the QEMU guest agent, which is installed with {op-system-base} 9.
+endif::[]
 
-. Select a volume to boot from.
+.Procedure
 
+. In the web console, navigate to *Virtualization* -> *Catalog* and click the *InstanceTypes* tab.
+. Select a bootable volume.
 +
 [NOTE]
 ====
-The volumes list shows only volumes that exist in the `openshift-virtualization-os-images` namespace and have the `instancetype.kubevirt.io/default-preference` label.
+The volume table only lists volumes in the `openshift-virtualization-os-images` namespace that have the `instancetype.kubevirt.io/default-preference` label.
 ====
 
-. Select an instance type from the 'InstanceType' list.
-
-. Select the 'InstanceType' size based on the VM's available CPUs and memory.
+ifdef::virt-create-vms[]
+. Click an instance type tile and select the resource size appropriate for your workload.
+endif::[]
+ifdef::dynamic-key[]
+. Click the *Red Hat Enterprise Linux 9 VM* tile.
+endif::[]
+. If you have not already added a public SSH key to your project, click the edit icon beside *Authorized SSH key* in the *VirtualMachine details* section.
+. Select one of the following options:
 
-. Optional: Edit the *VirtualMachine details*. You can edit the SSH key during this step under *Advanced settings*.
+* *Use existing*: Select a secret from the secrets list.
+* *Add new*:
+.. Browse to the public SSH key file or paste the file in the key field.
+.. Enter the secret name.
+.. Optional: Select *Automatically apply this key to any new VirtualMachine you create in this project*.
+.. Click *Save*.
+ifdef::dynamic-key[]
+. Set *Dynamic SSH key injection* in the *VirtualMachine details* section to on.
+endif::[]
+. Optional: Click *View YAML & CLI* to view the YAML file. Click *CLI* to view the CLI commands. You can also download or copy either the YAML file contents or the CLI commands.
+. Click *Create VirtualMachine*.
 
-. Optional: Clear the *Start this VirtualMachine after creation* checkbox to prevent the VM from starting automatically.
 
-. Click *Create VirtualMachine*.
+After the VM is created, you can monitor the status on the *VirtualMachine details* page.
 
-After the VM is created, you can monitor the status on the *VirtualMachine details* page.
\ No newline at end of file
+ifeval::["{context}" == "virt-creating-vms"]
+:!virt-create-vms:
+endif::[]
+ifeval::["{context}" == "static-key"]
+:!static-key:
+endif::[]
+ifeval::["{context}" == "dynamic-key"]
+:!dynamic-key:
+endif::[]
\ No newline at end of file
diff --git a/modules/virt-creating-vm-quick-start-web.adoc b/modules/virt-creating-vm-quick-start-web.adoc
deleted file mode 100644
index b0f9573945d6..000000000000
--- a/modules/virt-creating-vm-quick-start-web.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-create-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-vm-quick-start-web_{context}"]
-= Using a Quick Start to create a virtual machine
-
-The web console provides Quick Starts with instructional guided tours for creating virtual machines. You can access the Quick Starts catalog by selecting the Help menu in the *Administrator* perspective to view the Quick Starts catalog. When you click on a Quick Start tile and begin the tour, the system guides you through the process.
-
-Tasks in a Quick Start begin with selecting a Red Hat template. Then, you can add a boot source and import the operating system image. Finally, you can save the custom template and use it to create a virtual machine.
-
-.Prerequisites
-
-* Access to the website where you can download the URL link for the operating system image.
-
-.Procedure
-
-. In the web console, select *Quick Starts* from the Help menu.
-
-. Click on a tile in the Quick Starts catalog. For example: *Creating a Red Hat Linux Enterprise Linux virtual machine*.
-
-. Follow the instructions in the guided tour and complete the tasks for importing an operating system image and creating a virtual machine. The *Virtualization* -> *VirtualMachines* page displays the virtual machine.
diff --git a/modules/virt-creating-vm-snapshot-cli.adoc b/modules/virt-creating-vm-snapshot-cli.adoc
index 1617e6f1801b..35c7ad6f87eb 100644
--- a/modules/virt-creating-vm-snapshot-cli.adoc
+++ b/modules/virt-creating-vm-snapshot-cli.adoc
@@ -1,19 +1,12 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-vm-snapshot-cli_{context}"]
-= Creating a virtual machine snapshot in the CLI
+= Creating a snapshot by using the command line
 
-You can create a virtual machine (VM) snapshot for an offline or online VM by creating a `VirtualMachineSnapshot` object. Kubevirt will coordinate with the QEMU guest agent to create a snapshot of the online VM.
-
-[NOTE]
-====
-To create snapshots of an online (Running state) VM with the highest integrity, install the QEMU guest agent.
-
-The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM’s file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
-====
+You can create a virtual machine (VM) snapshot for an offline or online VM by creating a `VirtualMachineSnapshot` object.
 
 .Prerequisites
 
@@ -23,40 +16,38 @@ The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM
 
 .Procedure
 
-. Create a YAML file to define a `VirtualMachineSnapshot` object that specifies the name of the new `VirtualMachineSnapshot` and the name of the source VM.
-+
-For example:
+. Create a YAML file to define a `VirtualMachineSnapshot` object that specifies the name of the new `VirtualMachineSnapshot` and the name of the source VM as in the following example:
 +
 [source,yaml]
 ----
 apiVersion: snapshot.kubevirt.io/v1beta1
 kind: VirtualMachineSnapshot
 metadata:
-  name: my-vmsnapshot <1>
+  name: <snapshot_name>
 spec:
   source:
     apiGroup: kubevirt.io
     kind: VirtualMachine
-    name: my-vm <2>
+    name: <vm_name>
 ----
-<1> The name of the new `VirtualMachineSnapshot` object.
-<2> The name of the source VM.
 
-. Create the `VirtualMachineSnapshot` resource. The snapshot controller creates a `VirtualMachineSnapshotContent` object, binds it to the `VirtualMachineSnapshot` and updates the `status` and `readyToUse` fields
-of the `VirtualMachineSnapshot` object.
+. Create the `VirtualMachineSnapshot` object:
 +
 [source,terminal]
 ----
-$ oc create -f <my-vmsnapshot>.yaml
+$ oc create -f <snapshot_name>.yaml
 ----
++
+The snapshot controller creates a `VirtualMachineSnapshotContent` object, binds it to the `VirtualMachineSnapshot`, and updates the `status` and `readyToUse` fields of the `VirtualMachineSnapshot` object.
 
 . Optional: If you are taking an online snapshot, you can use the `wait` command and monitor the status of the snapshot:
 .. Enter the following command:
 +
 [source,terminal]
 ----
-$ oc wait my-vm my-vmsnapshot --for condition=Ready
+$ oc wait <vm_name> <snapshot_name> --for condition=Ready
 ----
+
 .. Verify the status of the snapshot:
 * `InProgress` - The online snapshot operation is still in progress.
 * `Succeeded` - The online snapshot operation completed successfully.
@@ -75,15 +66,14 @@ If you do not specify a unit of time such as `m` or `s`, the default is seconds
 
 .Verification
 
-. Verify that the `VirtualMachineSnapshot` object is created and bound with `VirtualMachineSnapshotContent`. The `readyToUse` flag must be set to `true`.
+. Verify that the `VirtualMachineSnapshot` object is created and bound with `VirtualMachineSnapshotContent` and that the `readyToUse` flag is set to `true`:
 +
 [source,terminal]
 ----
-$ oc describe vmsnapshot <my-vmsnapshot>
+$ oc describe vmsnapshot <snapshot_name>
 ----
 +
 .Example output
-
 [source,yaml]
 ----
 apiVersion: snapshot.kubevirt.io/v1beta1
diff --git a/modules/virt-creating-vm-snapshot-web.adoc b/modules/virt-creating-vm-snapshot-web.adoc
index 6f5f342404fd..a9072aa8a8ff 100644
--- a/modules/virt-creating-vm-snapshot-web.adoc
+++ b/modules/virt-creating-vm-snapshot-web.adoc
@@ -1,39 +1,25 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-creating-vm-snapshot-web_{context}"]
-= Creating a virtual machine snapshot in the web console
+= Creating a snapshot by using the web console
 
-You can create a virtual machine (VM) snapshot by using the web console.
+You can create a snapshot of a virtual machine (VM) by using the {product-title} web console.
 
-[NOTE]
-====
-To create snapshots of an online (Running state) VM with the highest integrity, install the QEMU guest agent.
+The VM snapshot includes disks that meet the following requirements:
 
-The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM’s file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
-====
-
-The VM snapshot only includes disks that meet the following requirements:
-
-* Must be either a data volume or persistent volume claim
+* Either a data volume or a persistent volume claim
 * Belong to a storage class that supports Container Storage Interface (CSI) volume snapshots
 
 .Procedure
 
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Select a virtual machine to open the *VirtualMachine details* page.
-
-. If the virtual machine is running, click *Actions* → *Stop* to power it down.
-
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select a VM to open the *VirtualMachine details* page.
+. If the VM is running, click the options menu {kebab} and select *Stop* to power it down.
 . Click the *Snapshots* tab and then click *Take Snapshot*.
-
-. Fill in the *Snapshot Name* and optional *Description* fields.
-
+. Enter the snapshot name.
 . Expand *Disks included in this Snapshot* to see the storage volumes to be included in the snapshot.
-
-. If your VM has disks that cannot be included in the snapshot and you still wish to proceed, select the *I am aware of this warning and wish to proceed* checkbox.
-
+. If your VM has disks that cannot be included in the snapshot and you wish to proceed, select *I am aware of this warning and wish to proceed*.
 . Click *Save*.
diff --git a/modules/virt-creating-vm-uploaded-image-web.adoc b/modules/virt-creating-vm-uploaded-image-web.adoc
new file mode 100644
index 000000000000..86f2b3011d04
--- /dev/null
+++ b/modules/virt-creating-vm-uploaded-image-web.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-vm-uploaded-image-web_{context}"]
+= Creating a VM from an uploaded image by using the web console
+
+You can create a virtual machine (VM) from an uploaded operating system image by using the {product-title} web console.
+
+.Prerequisites
+
+* You must have an `IMG`, `ISO`, or `QCOW2` image file.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Catalog* in the web console.
+. Click a template tile without an available boot source.
+. Click *Customize VirtualMachine*.
+. On the *Customize template parameters* page, expand *Storage* and select *Upload (Upload a new file to a PVC)* from the *Disk source* list.
+. Browse to the image on your local machine and set the disk size.
+. Click *Customize VirtualMachine*.
+. Click *Create VirtualMachine*.
\ No newline at end of file
diff --git a/modules/virt-creating-vm-yaml-web.adoc b/modules/virt-creating-vm-yaml-web.adoc
deleted file mode 100644
index 6c99770a493a..000000000000
--- a/modules/virt-creating-vm-yaml-web.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-create-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-creating-vm-yaml-web_{context}"]
-= Pasting in a pre-configured YAML file to create a virtual machine
-
-Create a virtual machine by writing or pasting a YAML configuration file. A valid `example` virtual machine configuration is provided by default whenever you open the YAML edit screen.
-
-If your YAML configuration is invalid when you click *Create*, an error message indicates the parameter in which the error occurs. Only one error is shown at a time.
-
-[NOTE]
-====
-Navigating away from the YAML screen while editing cancels any changes to the configuration you have made.
-====
-
-.Procedure
-
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-. Click *Create* and select *With YAML*.
-. Write or paste your virtual machine configuration in the editable window.
-.. Alternatively, use the `example` virtual machine provided by default in the YAML screen.
-. Optional: Click *Download* to download the YAML configuration file in its present state.
-. Click *Create* to create the virtual machine.
-
-The virtual machine is listed on the *VirtualMachines* page.
diff --git a/modules/virt-creating-windows-vm.adoc b/modules/virt-creating-windows-vm.adoc
new file mode 100644
index 000000000000..79c8dd6cd3dc
--- /dev/null
+++ b/modules/virt-creating-windows-vm.adoc
@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-creating-windows-vm_{context}"]
+= Creating a Windows VM
+
+You can create a Windows virtual machine (VM) by uploading a Windows image to a persistent volume claim (PVC) and then cloning the PVC when you create a VM by using the {product-title} web console.
+
+.Prerequisites
+
+* You created a Windows installation DVD or USB with the Windows Media Creation Tool. See link:https://www.microsoft.com/en-us/software-download/windows10%20[Create Windows 10 installation media] in the Microsoft documentation.
+* You created an `autounattend.xml` answer file. See link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs[Answer files (unattend.xml)] in the Microsoft documentation.
+
+.Procedure
+
+. Upload the Windows image as a new PVC:
+
+.. Navigate to *Storage* -> *PersistentVolumeClaims* in the web console.
+.. Click *Create PersistentVolumeClaim* -> *With Data upload form*.
+.. Browse to the Windows image and select it.
+.. Enter the PVC name, select the storage class and size and then click *Upload*.
++
+The Windows image is uploaded to a PVC.
+
+. Configure a new VM by cloning the uploaded PVC:
+
+.. Navigate to *Virtualization* -> *Catalog*.
+.. Select a Windows template tile and click *Customize VirtualMachine*.
+.. Select *Clone (clone PVC)* from the *Disk source* list.
+.. Select the PVC project, the Windows image PVC, and the disk size.
+
+. Apply the answer file to the VM:
+
+.. Click *Customize VirtualMachine parameters*.
+.. On the *Sysprep* section of the *Scripts* tab, click *Edit*.
+.. Browse to the `autounattend.xml` answer file and click *Save*.
+
+. Set the run strategy of the VM:
+
+.. Clear *Start this VirtualMachine after creation* so that the VM does not start immediately.
+.. Click *Create VirtualMachine*.
+.. On the *YAML* tab, replace `running:false` with `runStrategy: RerunOnFailure` and click *Save*.
+
+. Click the options menu {kebab} and select *Start*.
++
+The VM boots from the `sysprep` disk containing the `autounattend.xml` answer file.
diff --git a/modules/virt-customizing-storage-profile.adoc b/modules/virt-customizing-storage-profile.adoc
index 348aaf725d69..38d6089d16e2 100644
--- a/modules/virt-customizing-storage-profile.adoc
+++ b/modules/virt-customizing-storage-profile.adoc
@@ -1,15 +1,17 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc
+// * virt/storage/virt-customizing-storageprofiles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-customizing-storage-profile_{context}"]
 
 = Customizing the storage profile
 
 You can specify default parameters by editing the `StorageProfile` object for the provisioner's storage class. These default parameters only apply to the persistent volume claim (PVC) if they are not configured in the `DataVolume` object.
 
-An empty `status` section in a storage profile indicates that a storage provisioner is not recognized by the Containerized Data Interface (CDI). Customizing a storage profile is necessary if you have a storage provisioner that is not recognized by the CDI. In this case, the administrator sets appropriate values in the storage profile to ensure successful allocations.
+You cannot modify storage class parameters. To make changes, delete and re-create the storage class. You must then reapply any customizations that were previously made to the storage profile.
+
+An empty `status` section in a storage profile indicates that a storage provisioner is not recognized by the Containerized Data Interface (CDI). Customizing a storage profile is necessary if you have a storage provisioner that is not recognized by CDI. In this case, the administrator sets appropriate values in the storage profile to ensure successful allocations.
 
 [WARNING]
 ====
@@ -24,9 +26,9 @@ If you create a data volume and omit YAML attributes and these attributes are no
 
 . Edit the storage profile. In this example, the provisioner is not recognized by CDI:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit -n openshift-cnv storageprofile <storage_class>
+$ oc edit -n {CNVNamespace} storageprofile <storage_class>
 ----
 +
 .Example storage profile
diff --git a/modules/virt-default-cluster-roles.adoc b/modules/virt-default-cluster-roles.adoc
index ef5a286f6365..97e995003bea 100644
--- a/modules/virt-default-cluster-roles.adoc
+++ b/modules/virt-default-cluster-roles.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virt-additional-security-privileges-controller-and-launcher.adoc
+// * virt/about_virt/virt-security-policies.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="default-cluster-roles-for-virt_{context}"]
 = Default cluster roles for {VirtProductName}
 
@@ -16,14 +16,14 @@ By using cluster role aggregation, {VirtProductName} extends the default {produc
 |{VirtProductName} cluster role description
 
 .^| `view`
-.^|`kubevirt.io:view` 
+.^|`kubevirt.io:view`
 | A user that can view all {VirtProductName} resources in the cluster but cannot create, delete, modify, or access them. For example, the user can see that a virtual machine (VM) is running but cannot shut it down or gain access to its console.
 
 .^| `edit`
-.^|`kubevirt.io:edit` 
+.^|`kubevirt.io:edit`
 | A user that can modify all {VirtProductName} resources in the cluster. For example, the user can create VMs, access VM consoles, and delete VMs.
 
 .^| `admin`
-.^|`kubevirt.io:admin` 
+.^|`kubevirt.io:admin`
 | A user that has full permissions to all {VirtProductName} resources, including the ability to delete collections of resources. The user can also view and modify the {VirtProductName} runtime configuration, which is located in the `HyperConverged` custom resource in the `openshift-cnv` namespace.
 |===
\ No newline at end of file
diff --git a/modules/virt-define-guest-agent-ping-probe.adoc b/modules/virt-define-guest-agent-ping-probe.adoc
index a5a22a411f54..bb44f284bc43 100644
--- a/modules/virt-define-guest-agent-ping-probe.adoc
+++ b/modules/virt-define-guest-agent-ping-probe.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-monitoring-vm-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-define-guest-agent-ping-probe_{context}"]
 
 = Defining a guest agent ping probe
diff --git a/modules/virt-define-http-liveness-probe.adoc b/modules/virt-define-http-liveness-probe.adoc
index 367d1a56ff7d..c179c87a3665 100644
--- a/modules/virt-define-http-liveness-probe.adoc
+++ b/modules/virt-define-http-liveness-probe.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-monitoring-vm-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-define-http-liveness-probe_{context}"]
 
 = Defining an HTTP liveness probe
diff --git a/modules/virt-define-http-readiness-probe.adoc b/modules/virt-define-http-readiness-probe.adoc
index 04802a8fb9cb..3383a8c953b0 100644
--- a/modules/virt-define-http-readiness-probe.adoc
+++ b/modules/virt-define-http-readiness-probe.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-monitoring-vm-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-define-http-readiness-probe_{context}"]
 
 = Defining an HTTP readiness probe
diff --git a/modules/virt-define-tcp-readiness-probe.adoc b/modules/virt-define-tcp-readiness-probe.adoc
index a04bd5bacdaa..af8b78161134 100644
--- a/modules/virt-define-tcp-readiness-probe.adoc
+++ b/modules/virt-define-tcp-readiness-probe.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-monitoring-vm-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-define-tcp-readiness-probe_{context}"]
 
 = Defining a TCP readiness probe
diff --git a/modules/virt-defining-storageclass.adoc b/modules/virt-defining-storageclass.adoc
index a9d6477c34e4..7e081e9c95ef 100644
--- a/modules/virt-defining-storageclass.adoc
+++ b/modules/virt-defining-storageclass.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
+// * virt/storage/virt-preparing-cdi-scratch-space.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-defining-storageclass_{context}"]
 = Defining a storage class
 
@@ -16,9 +16,9 @@ You can define the storage class that the Containerized Data Importer (CDI) uses
 
 . Edit the `HyperConverged` CR by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Add the `spec.scratchSpaceStorageClass` field to the CR, setting the value to the name of a storage class that exists in the cluster:
diff --git a/modules/virt-defining-watchdog-device-vm.adoc b/modules/virt-defining-watchdog-device-vm.adoc
index 2f5380cc4d71..f2959f889ea7 100644
--- a/modules/virt-defining-watchdog-device-vm.adoc
+++ b/modules/virt-defining-watchdog-device-vm.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-monitoring-vm-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-defining-watchdog-device-vm"]
 = Configuring a watchdog device for the virtual machine
 
diff --git a/modules/virt-delete-node-network-config.adoc b/modules/virt-delete-node-network-config.adoc
new file mode 100644
index 000000000000..f36ddf6231c6
--- /dev/null
+++ b/modules/virt-delete-node-network-config.adoc
@@ -0,0 +1,10 @@
+:_mod-docs-content-type: PROCEDURE
+[id="virt-delete-node-network-config_{context}"]
+= Deleting the policy
+
+.Procedure
+. Navigate to *Networking* → *NodeNetworkConfigurationPolicy*.
+
+. In the *NodeNetworkConfigurationPolicy* page, click the {kebab} icon placed next to the policy you want to delete, and click *Delete*.
+
+. In the pop-up window, enter the policy name to confirm deletion, and click *Delete*.
diff --git a/modules/virt-delete-vm-web.adoc b/modules/virt-delete-vm-web.adoc
index 1260afc379e3..17ecd2609276 100644
--- a/modules/virt-delete-vm-web.adoc
+++ b/modules/virt-delete-vm-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-delete-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-delete-vm-web_{context}"]
 
 = Deleting a virtual machine using the web console
diff --git a/modules/virt-deleting-deployment-custom-resource.adoc b/modules/virt-deleting-deployment-custom-resource.adoc
index c0bf42cdc06f..1a26f06b32df 100644
--- a/modules/virt-deleting-deployment-custom-resource.adoc
+++ b/modules/virt-deleting-deployment-custom-resource.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/uninstalling-virt-web.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-deployment-custom-resource_{context}"]
 = Deleting the HyperConverged custom resource
 
diff --git a/modules/virt-deleting-template-web.adoc b/modules/virt-deleting-template-web.adoc
deleted file mode 100644
index 8093e59377e5..000000000000
--- a/modules/virt-deleting-template-web.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/vm_templates/virt-deleting-vm-template.adoc
-
-:_content-type: PROCEDURE
-[id="virt-deleting-template-wizard-web_{context}"]
-= Deleting a virtual machine template in the web console
-
-Deleting a virtual machine template permanently removes it from the cluster.
-
-[NOTE]
-====
-You can delete customized virtual machine templates. You cannot delete Red Hat-supplied templates.
-====
-
-.Procedure
-
-. In the {product-title} console, click *Virtualization* -> *Templates* from the side menu.
-
-. Click the Options menu {kebab} of a template and select *Delete template*.
-
-. Click *Delete*.
\ No newline at end of file
diff --git a/modules/virt-deleting-templates-from-custom-namespace.adoc b/modules/virt-deleting-templates-from-custom-namespace.adoc
deleted file mode 100644
index 3363f1b88159..000000000000
--- a/modules/virt-deleting-templates-from-custom-namespace.adoc
+++ /dev/null
@@ -1,45 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/vm_templates/virt-deploying-vm-template-to-custom-namespace.adoc
-
-[id="virt-deleting-templates-from-custom-namespace_{context}"]
-= Deleting templates from a custom namespace
-
-To delete virtual machine templates from a custom namespace, remove the `commonTemplateNamespace` attribute from the `HyperConverged` custom resource (CR) and delete each template from that custom namespace.
-
-.Procedure
-
-. Edit the `HyperConverged` CR in your default editor by running the following command:
-+
-[source,terminal]
-----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
-----
-+
-. Remove the `commonTemplateNamespace` attribute.
-+
-[source,yaml]
-----
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  name: kubevirt-hyperconverged
-spec:
-  commonTemplatesNamespace: customnamespace <1>
-----
-<1> The `commonTemplatesNamespace` attribute to be deleted.
-+
-. Delete a specific template from the custom namespace that was removed.
-+
-[source,terminal]
-----
-$ oc delete templates -n customnamespace <template_name>
-----
-
-.Verification
-* Verify that the template was deleted from the custom namespace.
-+
-[source,terminal]
-----
-$ oc get templates -n customnamespace
-----
diff --git a/modules/virt-deleting-virt-cli.adoc b/modules/virt-deleting-virt-cli.adoc
index bc0f6c8c58de..446f8e9c60ef 100644
--- a/modules/virt-deleting-virt-cli.adoc
+++ b/modules/virt-deleting-virt-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/uninstalling-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-virt-cli_{context}"]
 = Uninstalling {VirtProductName} by using the CLI
 
@@ -18,30 +18,37 @@ You can uninstall {VirtProductName} by using the OpenShift CLI (`oc`).
 
 . Delete the `HyperConverged` custom resource:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc delete HyperConverged kubevirt-hyperconverged -n openshift-cnv
+$ oc delete HyperConverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Delete the {VirtProductName} Operator subscription:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc delete subscription kubevirt-hyperconverged -n openshift-cnv
+$ oc delete subscription kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Delete the {VirtProductName} `ClusterServiceVersion` resource:
 +
+[source,terminal,subs="attributes+"]
+----
+$ oc delete csv -n openshift-cnv -l operators.coreos.com/kubevirt-hyperconverged.{CNVNamespace}
+----
+
+. Delete the {VirtProductName} namespace:
++
 [source,terminal]
 ----
-$ oc delete csv -n openshift-cnv -l operators.coreos.com/kubevirt-hyperconverged.openshift-cnv
+$ oc delete namespace openshift-cnv
 ----
 
 . List the {VirtProductName} custom resource definitions (CRDs) by running the `oc delete crd` command with the `dry-run` option:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc delete crd --dry-run=client -l operators.coreos.com/kubevirt-hyperconverged.openshift-cnv
+$ oc delete crd --dry-run=client -l operators.coreos.com/kubevirt-hyperconverged.{CNVNamespace}
 ----
 +
 .Example output
@@ -57,7 +64,7 @@ customresourcedefinition.apiextensions.k8s.io "tektontasks.tektontasks.kubevirt.
 
 . Delete the CRDs by running the `oc delete crd` command without the `dry-run` option:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc delete crd -l operators.coreos.com/kubevirt-hyperconverged.openshift-cnv
+$ oc delete crd -l operators.coreos.com/kubevirt-hyperconverged.{CNVNamespace}
 ----
diff --git a/modules/virt-deleting-virt-crds-web.adoc b/modules/virt-deleting-virt-crds-web.adoc
index 8228b01e3681..0be0e3e14cea 100644
--- a/modules/virt-deleting-virt-crds-web.adoc
+++ b/modules/virt-deleting-virt-crds-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/uninstalling-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-virt-crds-web_{context}"]
 = Deleting {VirtProductName} custom resource definitions
 
diff --git a/modules/virt-deleting-vm-snapshot-cli.adoc b/modules/virt-deleting-vm-snapshot-cli.adoc
index 31ad9c5fa0c0..5b5055c6d042 100644
--- a/modules/virt-deleting-vm-snapshot-cli.adoc
+++ b/modules/virt-deleting-vm-snapshot-cli.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-vm-snapshot-cli_{context}"]
 = Deleting a virtual machine snapshot in the CLI
 
@@ -14,12 +14,14 @@ You can delete an existing virtual machine (VM) snapshot by deleting the appropr
 
 .Procedure
 
-* Delete the `VirtualMachineSnapshot` object. The snapshot controller deletes the `VirtualMachineSnapshot` along with the associated `VirtualMachineSnapshotContent` object.
+* Delete the `VirtualMachineSnapshot` object:
 +
 [source,terminal]
 ----
-$ oc delete vmsnapshot <my-vmsnapshot>
+$ oc delete vmsnapshot <snapshot_name>
 ----
++
+The snapshot controller deletes the `VirtualMachineSnapshot` along with the associated `VirtualMachineSnapshotContent` object.
 
 .Verification
 
diff --git a/modules/virt-deleting-vm-snapshot-web.adoc b/modules/virt-deleting-vm-snapshot-web.adoc
index 3ab1ff1d604a..48d9c4fb15ec 100644
--- a/modules/virt-deleting-vm-snapshot-web.adoc
+++ b/modules/virt-deleting-vm-snapshot-web.adoc
@@ -1,21 +1,17 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-vm-snapshot-web_{context}"]
-= Deleting a virtual machine snapshot in the web console
+= Deleting a snapshot by using the web console
 
-You can delete an existing virtual machine snapshot by using the web console.
+You can delete an existing virtual machine (VM) snapshot by using the web console.
 
 .Procedure
 
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Select a virtual machine to open the *VirtualMachine details* page.
-
-. Click the *Snapshots* tab. The page displays a list of snapshots associated with the virtual machine.
-
-. Click the Options menu {kebab} of the virtual machine snapshot that you want to delete and select *Delete VirtualMachineSnapshot*.
-
-. In the confirmation pop-up window, click *Delete* to delete the snapshot.
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select a VM to open the *VirtualMachine details* page.
+. Click the *Snapshots* tab to view a list of snapshots associated with the VM.
+. Click the options menu {kebab} beside a snapshot and select *Delete VirtualMachineSnapshot*.
+. Click *Delete*.
diff --git a/modules/virt-deleting-vmis-cli.adoc b/modules/virt-deleting-vmis-cli.adoc
index ae53ae73cf0e..fd256c449aad 100644
--- a/modules/virt-deleting-vmis-cli.adoc
+++ b/modules/virt-deleting-vmis-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-deleting-vmis-cli.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-vmis-cli_{context}"]
 
 = Deleting a standalone virtual machine instance using the CLI
diff --git a/modules/virt-deleting-vmis-web.adoc b/modules/virt-deleting-vmis-web.adoc
index 20f34f21dc19..0af0eca6d0b0 100644
--- a/modules/virt-deleting-vmis-web.adoc
+++ b/modules/virt-deleting-vmis-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-manage-vmis.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-vmis-web_{context}"]
 = Deleting a standalone virtual machine instance using the web console
 
diff --git a/modules/virt-deleting-vms.adoc b/modules/virt-deleting-vms.adoc
index 0ef90c0a8d42..f1ce99cf4f75 100644
--- a/modules/virt-deleting-vms.adoc
+++ b/modules/virt-deleting-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-delete-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deleting-vms_{context}"]
 
 = Deleting a virtual machine by using the CLI
diff --git a/modules/virt-deploying-libguestfs-with-virtctl.adoc b/modules/virt-deploying-libguestfs-with-virtctl.adoc
new file mode 100644
index 000000000000..4b0440743a59
--- /dev/null
+++ b/modules/virt-deploying-libguestfs-with-virtctl.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * virt/getting_started/virt-using-the-cli-tools.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-deploying-libguestfs-with-virtctl_{context}"]
+= Deploying libguestfs by using virtctl
+
+You can use the `virtctl guestfs` command to deploy an interactive container with `libguestfs-tools` and a persistent volume claim (PVC) attached to it.
+
+.Procedure
+
+* To deploy a container with `libguestfs-tools`, mount the PVC, and attach a shell to it, run the following command:
++
+[source,terminal]
+----
+$ virtctl guestfs -n <namespace> <pvc_name> <1>
+----
+<1> The PVC name is a required argument. If you do not include it, an error message appears.
diff --git a/modules/virt-deploying-operator-cli.adoc b/modules/virt-deploying-operator-cli.adoc
index 34e17d2353bc..18eb09ea27ca 100644
--- a/modules/virt-deploying-operator-cli.adoc
+++ b/modules/virt-deploying-operator-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/installing-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-deploying-operator-cli_{context}"]
 = Deploying the {VirtProductName} Operator by using the CLI
 
@@ -10,19 +10,19 @@ You can deploy the {VirtProductName} Operator by using the `oc` CLI.
 
 .Prerequisites
 
-* An active subscription to the {VirtProductName} catalog in the `openshift-cnv` namespace.
+* An active subscription to the {VirtProductName} catalog in the `{CNVNamespace}` namespace.
 
 .Procedure
 
 . Create a YAML file that contains the following manifest:
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
 ----
 
@@ -35,11 +35,11 @@ $ oc apply -f <file_name>.yaml
 
 .Verification
 
-* Ensure that {VirtProductName} deployed successfully by watching the `PHASE` of the cluster service version (CSV) in the `openshift-cnv` namespace. Run the following command:
+* Ensure that {VirtProductName} deployed successfully by watching the `PHASE` of the cluster service version (CSV) in the `{CNVNamespace}` namespace. Run the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ watch oc get csv -n openshift-cnv
+$ watch oc get csv -n {CNVNamespace}
 ----
 +
 The following output displays if deployment was successful:
diff --git a/modules/virt-deploying-ssp.adoc b/modules/virt-deploying-ssp.adoc
new file mode 100644
index 000000000000..ada9f1f5fbda
--- /dev/null
+++ b/modules/virt-deploying-ssp.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-deploying-ssp_{context}"]
+= Deploying the Scheduling, Scale, and Performance (SSP) resources
+
+The SSP Operator example Tekton Tasks and Pipelines are not deployed by default when you install {VirtProductName}. To deploy the SSP Operator's Tekton resources, enable the `deployTektonTaskResources` feature gate in the `HyperConverged` custom resource (CR).
+
+.Procedure
+
+. Open the `HyperConverged` CR in your default editor by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
+----
+
+. Set the `spec.featureGates.deployTektonTaskResources` field to `true`.
++
+[source,yaml]
+----
+apiVersion: hco.kubevirt.io/v1beta1
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+  namespace: kubevirt-hyperconverged
+spec:
+  tektonPipelinesNamespace: <user_namespace> <1>
+  featureGates:
+    deployTektonTaskResources: true <2>
+# ...
+----
+<1> The namespace where the pipelines are to be run.
+<2> The feature gate to be enabled to deploy Tekton resources by SSP operator.
++
+[NOTE]
+====
+The tasks and example pipelines remain available even if you disable the feature gate later.
+====
+
+. Save your changes and exit the editor.
diff --git a/modules/virt-deploying-tto.adoc b/modules/virt-deploying-tto.adoc
deleted file mode 100644
index 63786a47cc15..000000000000
--- a/modules/virt-deploying-tto.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
-
-:_content-type: PROCEDURE
-[id="virt-deploying-tto_{context}"]
-= Deploying the Tekton Tasks Operator resources
-
-The Tekton Tasks Operator (TTO) tasks and example pipelines are not deployed by default when you install {VirtProductName}. To deploy TTO resources, enable the `deployTektonTaskResources` feature gate in the `HyperConverged` custom resource (CR).
-
-.Procedure
-
-. Open the `HyperConverged` CR in your default editor by running the following command:
-+
-[source,terminal]
-----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
-----
-
-. Set the `spec.featureGates.deployTektonTaskResources` field to `true`.
-+
-[source,yaml]
-----
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  name: kubevirt-hyperconverged
-  namespace: kubevirt-hyperconverged
-spec:
-  tektonPipelinesNamespace: <user_namespace> <1>
-  featureGates:
-    deployTektonTaskResources: true <2>
-# ...
-----
-<1> The namespace where the pipelines are to be run.
-<2> The feature gate to be enabled to deploy TTO resources.
-+
-[NOTE]
-====
-The tasks and example pipelines remain available even if you disable the feature gate later.
-====
-
-. Save your changes and exit the editor.
diff --git a/modules/virt-disable-auto-updates-single-boot-source.adoc b/modules/virt-disable-auto-updates-single-boot-source.adoc
index 2dded5c29b41..19390cae42fd 100644
--- a/modules/virt-disable-auto-updates-single-boot-source.adoc
+++ b/modules/virt-disable-auto-updates-single-boot-source.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assembly:
 //
-// * virt/vm_templates/virt-automatic-bootsource-updates.adoc
+// * virt/storage/virt-automatic-bootsource-updates.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-disable-auto-updates-single-boot-source_{context}"]
 = Disabling automatic updates for a single boot source
 
@@ -13,9 +13,9 @@ You can disable automatic updates for an individual boot source, whether it is c
 
 . Open the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Disable automatic updates for an individual boot source by editing the `spec.dataImportCronTemplates` field.
@@ -25,7 +25,7 @@ Custom boot source::
 
 +
 System-defined boot source::
-.. Add the boot source to `spec.dataImportCronTemplates`. 
+.. Add the boot source to `spec.dataImportCronTemplates`.
 +
 [NOTE]
 ====
diff --git a/modules/virt-disabling-mac-address-pool-for-namespace-cli.adoc b/modules/virt-disabling-mac-address-pool-for-namespace-cli.adoc
deleted file mode 100644
index 5a3da6fee2ec..000000000000
--- a/modules/virt-disabling-mac-address-pool-for-namespace-cli.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-using-mac-address-pool-for-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-disabling-mac-address-pool-for-namespace-cli_{context}"]
-= Disabling a MAC address pool for a namespace in the CLI
-
-Disable a MAC address pool for virtual machines in a namespace by adding the `mutatevirtualmachines.kubemacpool.io=ignore` label to the namespace.
-
-.Procedure
-
-* Add the `mutatevirtualmachines.kubemacpool.io=ignore` label to the namespace.
-The following example disables KubeMacPool for two namespaces, `<namespace1>` and `<namespace2>`:
-+
-[source,terminal]
-----
-$ oc label namespace <namespace1> <namespace2> mutatevirtualmachines.kubemacpool.io=ignore
-----
-
diff --git a/modules/virt-disabling-tls-for-registry.adoc b/modules/virt-disabling-tls-for-registry.adoc
index ba7d52616d07..50509151b115 100644
--- a/modules/virt-disabling-tls-for-registry.adoc
+++ b/modules/virt-disabling-tls-for-registry.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-disabling-tls-for-registry_{context}"]
-= Disabling TLS for a container registry to use as insecure registry
+= Disabling TLS for a container registry
 
 You can disable TLS (transport layer security) for one or more container registries by editing the `insecureRegistries` field of the `HyperConverged` custom resource.
 
@@ -16,13 +16,13 @@ You can disable TLS (transport layer security) for one or more container registr
 
 * Edit the `HyperConverged` custom resource and add a list of insecure registries to the `spec.storageImport.insecureRegistries` field.
 +
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1beta1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   storageImport:
     insecureRegistries: <1>
diff --git a/modules/virt-dpdk-config-map-parameters.adoc b/modules/virt-dpdk-config-map-parameters.adoc
index e95865961cfe..3fbd864b822b 100644
--- a/modules/virt-dpdk-config-map-parameters.adoc
+++ b/modules/virt-dpdk-config-map-parameters.adoc
@@ -2,13 +2,13 @@
 //
 // * virt/monitoring/virt-running-cluster-checkups.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-dpdk-config-map-parameters_{context}"]
 = DPDK checkup config map parameters
 
 The following table shows the mandatory and optional parameters that you can set in the `data` stanza of the input `ConfigMap` manifest when you run a cluster DPDK readiness checkup:
 
-.DPDK checkup config map parameters
+.DPDK checkup config map input parameters
 [cols="1,1,1", options="header"]
 |====
 |Parameter
@@ -23,52 +23,32 @@ The following table shows the mandatory and optional parameters that you can set
 |The name of the `NetworkAttachmentDefinition` object of the SR-IOV NICs connected.
 |True
 
-|`spec.param.trafficGeneratorRuntimeClassName`
-|The RuntimeClass resource that the traffic generator pod uses.
-|True
-
-|`spec.param.trafficGeneratorImage`
-|The container image for the traffic generator. The default value is `quay.io/kiagnose/kubevirt-dpdk-checkup-traffic-gen:main`.
-|False
-
-|`spec.param.trafficGeneratorNodeSelector`
-|The node on which the traffic generator pod is to be scheduled. The node should be configured to allow DPDK traffic.
-|False
-
-|`spec.param.trafficGeneratorPacketsPerSecond`
-|The number of packets per second, in kilo (k) or million(m). The default value is 14m.
-|False
-
-|`spec.param.trafficGeneratorEastMacAddress`
-|The MAC address of the NIC connected to the traffic generator pod or VM. The default value is a random MAC address in the format `50:xx:xx:xx:xx:01`.
-|False
-
-|`spec.param.trafficGeneratorWestMacAddress`
-|The MAC address of the NIC connected to the traffic generator pod or VM. The default value is a random MAC address in the format `50:xx:xx:xx:xx:02`.
+|`spec.param.trafficGenContainerDiskImage`
+|The container disk image for the traffic generator. The default value is `quay.io/kiagnose/kubevirt-dpdk-checkup-traffic-gen:main`.
 |False
 
-|`spec.param.vmContainerDiskImage`
-|The container disk image for the VM. The default value is `quay.io/kiagnose/kubevirt-dpdk-checkup-vm:main`.
+|`spec.param.trafficGenTargetNodeName`
+|The node on which the traffic generator VM is to be scheduled. The node should be configured to allow DPDK traffic.
 |False
 
-|`spec.param.DPDKLabelSelector`
-|The label of the node on which the VM runs. The node should be configured to allow DPDK traffic.
+|`spec.param.trafficGenPacketsPerSecond`
+|The number of packets per second, in kilo (k) or million(m). The default value is 8m.
 |False
 
-|`spec.param.DPDKEastMacAddress`
-|The MAC address of the NIC that is connected to the VM. The default value is a random MAC address in the format `60:xx:xx:xx:xx:01`.
+|`spec.param.vmUnderTestContainerDiskImage`
+|The container disk image for the VM under test. The default value is `quay.io/kiagnose/kubevirt-dpdk-checkup-vm:main`.
 |False
 
-|`spec.param.DPDKWestMacAddress`
-|The MAC address of the NIC that is connected to the VM. The default value is a random MAC address in the format `60:xx:xx:xx:xx:02`.
+|`spec.param.vmUnderTestTargetNodeName`
+|The node on which the VM under test is to be scheduled. The node should be configured to allow DPDK traffic.
 |False
 
 |`spec.param.testDuration`
 |The duration, in minutes, for which the traffic generator runs. The default value is 5 minutes.
 |False
 
-|`spec.param.portBandwidthGB`
-|The maximum bandwidth of the SR-IOV NIC. The default value is 10GB.
+|`spec.param.portBandwidthGbps`
+|The maximum bandwidth of the SR-IOV NIC. The default value is 10Gbps.
 |False
 
 |`spec.param.verbose`
diff --git a/modules/virt-dual-stack-support-services.adoc b/modules/virt-dual-stack-support-services.adoc
index 2b713d264f3c..5471a9755973 100644
--- a/modules/virt-dual-stack-support-services.adoc
+++ b/modules/virt-dual-stack-support-services.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc
+// * virt/vm_networking/virt-exposing-vm-with-service.adoc
 
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-dual-stack-support-services_{context}"]
-== Dual-stack support
+= Dual-stack support
 
 If IPv4 and IPv6 dual-stack networking is enabled for your cluster, you can create a service that uses IPv4, IPv6, or both, by defining the `spec.ipFamilyPolicy` and the `spec.ipFamilies` fields in the `Service` object.
 
diff --git a/modules/virt-dv-annotations.adoc b/modules/virt-dv-annotations.adoc
index 5e1a51f095dd..d3c3d5f444d7 100644
--- a/modules/virt-dv-annotations.adoc
+++ b/modules/virt-dv-annotations.adoc
@@ -1,7 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-data-volume-annotations.adoc
+// * virt/storage/virt-managing-data-volume-annotations.adoc
 
+:_mod-docs-content-type: REFERENCE
 [id="virt-dv-annotations_{context}"]
 = Example: Data volume annotations
 
@@ -14,18 +15,9 @@ If you want the importer pod to use both the default network from the cluster an
 apiVersion: cdi.kubevirt.io/v1beta1
 kind: DataVolume
 metadata:
-  name: dv-ann
+  name: datavolume-example
   annotations:
-      v1.multus-cni.io/default-network: bridge-network <1>
-spec:
-  source:
-      http:
-         url: "example.exampleurl.com"
-  pvc:
-    accessModes:
-      - ReadWriteOnce
-    resources:
-      requests:
-        storage: 1Gi
+    v1.multus-cni.io/default-network: bridge-network <1>
+# ...
 ----
 <1> Multus network annotation
diff --git a/modules/virt-edit-boot-order-web.adoc b/modules/virt-edit-boot-order-web.adoc
index 1204d143ac5a..3277f02b3fa1 100644
--- a/modules/virt-edit-boot-order-web.adoc
+++ b/modules/virt-edit-boot-order-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virt_users_guide/virt-edit-boot-order.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-edit-boot-order-web_{context}"]
 = Editing a boot order list in the web console
 
diff --git a/modules/virt-edit-boot-order-yaml-web.adoc b/modules/virt-edit-boot-order-yaml-web.adoc
index ef31a70f40c8..cace15087716 100644
--- a/modules/virt-edit-boot-order-yaml-web.adoc
+++ b/modules/virt-edit-boot-order-yaml-web.adoc
@@ -3,7 +3,7 @@
 // * virt/virt_users_guide/virt-edit-boot-order.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-edit-boot-order-yaml-web_{context}"]
 = Editing a boot order list in the YAML configuration file
 
diff --git a/modules/virt-editing-vm-cli.adoc b/modules/virt-editing-vm-cli.adoc
index 2846801ad7f5..cb41678e8bfc 100644
--- a/modules/virt-editing-vm-cli.adoc
+++ b/modules/virt-editing-vm-cli.adoc
@@ -2,33 +2,31 @@
 //
 // * virt/virtual_machines/virt-edit-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-editing-vm-cli_{context}"]
-= Editing a virtual machine YAML configuration using the CLI
+= Editing a virtual machine by using the command line
 
-Use this procedure to edit a virtual machine YAML configuration using the CLI.
+You can edit a virtual machine (VM) by using the command line.
 
 .Prerequisites
 
-* You configured a virtual machine with a YAML object configuration file.
 * You installed the `oc` CLI.
 
 .Procedure
 
-. Run the following command to update the virtual machine configuration:
+. Obtain the virtual machine configuration by running the following command:
 +
 [source,terminal]
 ----
-$ oc edit <object_type> <object_ID>
+$ oc edit vm <vm_name>
 ----
 
-. Open the object configuration.
-. Edit the YAML.
+. Edit the YAML configuration.
 . If you edit a running virtual machine, you need to do one of the following:
 * Restart the virtual machine.
 * Run the following command for the new configuration to take effect:
 +
 [source,terminal]
 ----
-$ oc apply <object_type> <object_ID>
+$ oc apply vm <vm_name>
 ----
diff --git a/modules/virt-editing-vm-dynamic-key-injection.adoc b/modules/virt-editing-vm-dynamic-key-injection.adoc
new file mode 100644
index 000000000000..1dd8171a981c
--- /dev/null
+++ b/modules/virt-editing-vm-dynamic-key-injection.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-editing-vm-dynamic-key-injection_{context}"]
+= Enabling dynamic SSH key injection by using the web console
+
+You can enable dynamic key injection for a virtual machine (VM) by using the {product-title} web console. Then, you can update the public SSH key at runtime.
+
+The key is added to the VM by the QEMU guest agent, which is installed with {op-system-base-full} 9.
+
+.Prerequisites
+
+* The guest operating system is {op-system-base} 9.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select a VM to open the *VirtualMachine details* page.
+. On the *Configure* tab, click *Scripts*.
+. If you have not already added a public SSH key to your project, click the edit icon beside *Authorized SSH key* and select one of the following options:
+
+* *Use existing*: Select a secret from the secrets list.
+* *Add new*:
+.. Browse to the SSH key file or paste the file in the key field.
+.. Enter the secret name.
+.. Optional: Select *Automatically apply this key to any new VirtualMachine you create in this project*.
+. Set *Dynamic SSH key injection* to on.
+. Click *Save*.
+
diff --git a/modules/virt-editing-vm-web.adoc b/modules/virt-editing-vm-web.adoc
deleted file mode 100644
index 23b343ab66b8..000000000000
--- a/modules/virt-editing-vm-web.adoc
+++ /dev/null
@@ -1,90 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-edit-vms.adoc
-// * virt/vm_templates/virt-editing-vm-template.adoc
-
-// Establishing conditionals so content can be re-used for editing VMs
-// and VM templates.
-
-// The ifeval statements use the context of the assembly in which the module
-// is included to declare 1) an attribute, and 2) the content of the {object}
-// and {object-gui} variables used throughout. We need two variables because
-// the object is lower case, but the gui elements are capitalized.
-
-ifeval::["{context}" == "virt-editing-vm-template"]
-:virt-vm-template:
-:object: virtual machine template
-:object-gui: Templates
-:object-vm-details: Template details
-endif::[]
-
-ifeval::["{context}" == "virt-edit-vms"]
-:virt-vm:
-:object: virtual machine
-:object-gui: VirtualMachines
-:object-vm-details: VirtualMachine details
-endif::[]
-
-:_content-type: PROCEDURE
-[id="virt-editing-vm-web_{context}"]
-
-= Editing a {object} in the web console
-
-You can edit a {object} by using the {product-title} web console or the command line interface.
-
-ifdef::virt-vm-template[]
-Editing a {object} does not affect virtual machines already created from that template.
-endif::virt-vm-template[]
-
-.Procedure
-
-. Navigate to *Virtualization* -> *{object-gui}* in the web console.
-
-ifdef::virt-vm[]
-. Select a {object} to open the *{object-vm-details}* page.
-
-. Click any field that has the pencil icon, which indicates that the field is editable. For example, click the current *Boot mode* setting, such as BIOS or UEFI, to open the *Boot mode* window and select an option from the list.
-endif::virt-vm[]
-ifdef::virt-vm-template[]
-. Click the {kebab} Options menu beside a {object} and select the object to edit.
-
-. To edit a Red Hat template, click the {kebab} Options menu, select *Clone* to create a custom template, and then edit the custom template.
-+
-[NOTE]
-====
-*Edit boot source reference* is disabled if the template's data source is managed by the `DataImportCron` custom resource or if the template does not have a data volume reference.
-====
-endif::virt-vm-template[]
-
-. Click *Save*.
-
-// Using the attributes we declared earlier, we can have different lines after
-// the procedure that will be included in the different assemblies.
-
-ifdef::virt-vm[]
-[NOTE]
-====
-If the {object} is running, changes to *Boot Order* or *Flavor* will not take effect until you restart the {object}.
-
-You can view pending changes by clicking *View Pending Changes* on the right side of the relevant field. The *Pending Changes* banner at the
-top of the page displays a list of all changes that will be applied when the {object} restarts.
-====
-endif::virt-vm[]
-
-// Unsetting the attributes/variables used in the module or else they will stay active
-// subsequent modules in the assembly and topic_map.
-// Attributes set with an ifeval statement need to be unset with an ifeval statement.
-
-ifeval::["{context}" == "virt-edit-vms"]
-:virt-vm!:
-:object!:
-:object-gui!:
-:object-vm-details!:
-endif::[]
-
-ifeval::["{context}" == "virt-editing-vm-template"]
-:virt-vm-template!:
-:object!:
-:object-gui!:
-:object-vm-details!:
-endif::[]
diff --git a/modules/virt-editing-vm-yaml-web.adoc b/modules/virt-editing-vm-yaml-web.adoc
index 4d13972ca73b..eaea4fa525b9 100644
--- a/modules/virt-editing-vm-yaml-web.adoc
+++ b/modules/virt-editing-vm-yaml-web.adoc
@@ -8,12 +8,7 @@ ifeval::["{context}" == "virt-edit-vms"]
 :object-gui: VirtualMachines
 endif::[]
 
-ifeval::["{context}" == "virt-editing-vm-template"]
-:object: virtual machine template
-:object-gui: Templates
-endif::[]
-
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-editing-vm-yaml-web_{context}"]
 
 = Editing a {object} YAML configuration using the web console
diff --git a/modules/virt-editing-vmis-web.adoc b/modules/virt-editing-vmis-web.adoc
index a6548cac82e1..01252c92421a 100644
--- a/modules/virt-editing-vmis-web.adoc
+++ b/modules/virt-editing-vmis-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-manage-vmis.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-editing-vmis-web_{context}"]
 = Editing a standalone virtual machine instance using the web console
 
diff --git a/modules/virt-enabling-dedicated-resources.adoc b/modules/virt-enabling-dedicated-resources.adoc
index 8448cfec8dbc..3a3e8a82fb58 100644
--- a/modules/virt-enabling-dedicated-resources.adoc
+++ b/modules/virt-enabling-dedicated-resources.adoc
@@ -1,18 +1,10 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/advanced_vm_management/virt-dedicated-resources-vm.adoc
-// * virt/vm_templates/virt-dedicated-resources-vm-template.adoc
 
 // Establishing conditionals so content can be re-used for editing VMs
 // and VM templates.
 
-ifeval::["{context}" == "virt-dedicated-resources-vm-template"]
-:virt-vm-template:
-:object: virtual machine template
-:object-gui: Template
-:tab: Scheduling
-endif::[]
-
 ifeval::["{context}" == "virt-dedicated-resources-vm"]
 :virt-vm:
 :object: virtual machine
@@ -20,7 +12,7 @@ ifeval::["{context}" == "virt-dedicated-resources-vm"]
 :tab: Configuration -> Scheduling
 endif::[]
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-enabling-dedicated-resources_{context}"]
 = Enabling dedicated resources for a {object}
 
@@ -42,8 +34,3 @@ ifeval::["{context}" == "virt-dedicated-resources-vm"]
 :object-gui!:
 endif::[]
 
-ifeval::["{context}" == "virt-dedicated-resources-vm-template"]
-:virt-vm-template!:
-:object!:
-:object-gui!:
-endif::[]
diff --git a/modules/virt-enabling-descheduler-evictions.adoc b/modules/virt-enabling-descheduler-evictions.adoc
index 81b72297357e..0fc61d288415 100644
--- a/modules/virt-enabling-descheduler-evictions.adoc
+++ b/modules/virt-enabling-descheduler-evictions.adoc
@@ -2,7 +2,7 @@
 //
 // virt/virtual_machines/advanced_vm_management/virt-enabling-descheduler-evictions.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-enabling-descheduler-evictions_{context}"]
 = Enabling descheduler evictions on a virtual machine (VM)
 
diff --git a/modules/virt-enabling-load-balancer-service-web.adoc b/modules/virt-enabling-load-balancer-service-web.adoc
new file mode 100644
index 000000000000..08161f238c0c
--- /dev/null
+++ b/modules/virt-enabling-load-balancer-service-web.adoc
@@ -0,0 +1,22 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-enabling-load-balancer-service-web_{context}"]
+= Enabling load balancer service creation by using the web console
+
+You can enable the creation of load balancer services for a virtual machine (VM) by using the {product-title} web console.
+
+.Prerequisites
+
+* You have configured a load balancer for the cluster.
+* You are logged in as a user with the `cluster-admin` role.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *Overview*.
+. On the *Settings* tab, click *Cluster*.
+. Expand *General settings* and *SSH configuration*.
+. Set *SSH over LoadBalancer service* to on.
\ No newline at end of file
diff --git a/modules/virt-enabling-persistentreservation-feature-gate.adoc b/modules/virt-enabling-persistentreservation-feature-gate.adoc
new file mode 100644
index 000000000000..d226cac9518b
--- /dev/null
+++ b/modules/virt-enabling-persistentreservation-feature-gate.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * * virt/virtual_machines/virtual_disks/virt-configuring-shared-volumes-for-vms.adoc
+
+:_content-type: PROCEDURE
+[id="virt-enabling-persistentreservation-feature-gate_{context}"]
+= Enabling the PersistentReservation feature gate
+
+You can enable the SCSI `persistentReservation` feature gate and allow a LUN-backed block mode virtual machine (VM) disk to be shared among multiple virtual machines.
+
+The `persistentReservation` feature gate is disabled by default.
+
+.Prerequisites
+
+* Cluster administrator privileges are required.
+* The volume access mode `ReadWriteMany` (RWX) is required if the VMs that are sharing disks are running on different nodes. If the VMs that are sharing disks are running on the same node, the `ReadWriteOnce` (RWO) volume access mode is sufficient.
+* The storage provider must support a Container Storage Interface (CSI) driver that uses the SCSI protocol.
+
+.Procedure
+
+. Enable the `persistentReservation` feature gate by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
+  --type json -p '[{"op":"replace","path":"/spec/featureGates/persistentReservation", "value": true}]'
+----
\ No newline at end of file
diff --git a/modules/virt-enabling-preallocation-for-dv.adoc b/modules/virt-enabling-preallocation-for-dv.adoc
index c8fe3e029420..6b2a5a328c78 100644
--- a/modules/virt-enabling-preallocation-for-dv.adoc
+++ b/modules/virt-enabling-preallocation-for-dv.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc
+// * virt/storage/virt-using-preallocation-for-datavolumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-enabling-preallocation-for-dv_{context}"]
 = Enabling preallocation for a data volume
 
@@ -22,10 +22,9 @@ metadata:
   name: preallocated-datavolume
 spec:
   source: <1>
-    ...
-  pvc:
-    ...
-  preallocation: true <2>
+    pvc:
+      preallocation: true <2>
+# ...
 ----
-<1> All CDI source types support preallocation, however preallocation is ignored for cloning operations.
-<2> The `preallocation` field is a boolean that defaults to false.
+<1> All CDI source types support preallocation. However, preallocation is ignored for cloning operations.
+<2> The default value is `false`.
diff --git a/modules/virt-enabling-volume-snapshot-boot-source.adoc b/modules/virt-enabling-volume-snapshot-boot-source.adoc
new file mode 100644
index 000000000000..10e033768c70
--- /dev/null
+++ b/modules/virt-enabling-volume-snapshot-boot-source.adoc
@@ -0,0 +1,57 @@
+// Module included in the following assembly:
+//
+// * virt/storage/virt-automatic-bootsource-updates.adoc
+//
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-enabling-volume-snapshot-boot-source_{context}"]
+= Enabling volume snapshot boot sources
+
+Enable volume snapshot boot sources by setting the parameter in the `StorageProfile` associated with the storage class that stores operating system base images. Although `DataImportCron` was originally designed to maintain only PVC sources, `VolumeSnapshot` sources scale better than PVC sources for certain storage types.
+
+[NOTE]
+====
+Use volume snapshots on a storage profile that is proven to scale better when cloning from a single snapshot.
+====
+
+.Prerequisites
+
+* You must have access to a volume snapshot with the operating system image.
+* The storage must support snapshotting.
+
+.Procedure
+
+. Open the storage profile object that corresponds to the storage class used to provision boot sources by running the following command:
++
+[source,terminal,subs="attributes+"]
+----
+$ oc edit storageprofile <storage_class>
+----
+
+. Review the `dataImportCronSourceFormat` specification of the `StorageProfile` to confirm whether or not the VM is using PVC or volume snapshot by default.
+
+. Edit the storage profile, if needed, by updating the `dataImportCronSourceFormat` specification to `snapshot`.
++
+.Example storage profile
+[source,yaml]
+----
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: StorageProfile
+metadata:
+# ...
+spec:
+  dataImportCronSourceFormat: snapshot
+----
+
+.Verification
+
+. Open the storage profile object that corresponds to the storage class used to provision boot sources.
++
+[source,terminal,subs="attributes+"]
+----
+$ oc get storageprofile <storage_class>  -oyaml
+----
+
+. Confirm that the `dataImportCronSourceFormat` specification of the `StorageProfile` is set to 'snapshot', and that any `DataSource` objects that the `DataImportCron` points to now reference volume snapshots.
+
+You can now use these boot sources to create virtual machines.
diff --git a/modules/virt-enlarging-vm-disk.adoc b/modules/virt-enlarging-vm-disk.adoc
deleted file mode 100644
index 1337a68a554b..000000000000
--- a/modules/virt-enlarging-vm-disk.adoc
+++ /dev/null
@@ -1,38 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-vm-disk-resizing.adoc
-
-:_content-type: PROCEDURE
-[id="virt-enlarging-vm-disk_{context}"]
-= Enlarging a virtual machine disk
-
-Virtual machine (VM) disk enlargement makes extra space available to the virtual machine. However, it is the responsibility of the VM owner to decide how to consume the storage.
-
-If the disk is a `Filesystem` PVC, the matching file expands to the remaining size while reserving some space for file system overhead.
-
-.Procedure
-
-. Edit the `PersistentVolumeClaim` manifest of the VM disk that you want to expand:
-+
-[source,terminal]
-----
-$ oc edit pvc <pvc_name>
-----
-
-. Update the disk size:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-   name: vm-disk-expand
-spec:
-  accessModes:
-     - ReadWriteMany
-  resources:
-    requests:
-       storage: 3Gi <1>
-# ...
-----
-<1> Specify the new disk size.
diff --git a/modules/virt-example-host-vrf.adoc b/modules/virt-example-host-vrf.adoc
new file mode 100644
index 000000000000..69b6e8d79d3a
--- /dev/null
+++ b/modules/virt-example-host-vrf.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
+
+[id="virt-example-host-vrf_{context}"]
+= Example: Network interface with a VRF instance node network configuration policy
+
+Associate a Virtual Routing and Forwarding (VRF) instance with a network interface by applying a `NodeNetworkConfigurationPolicy` custom resource (CR). 
+
+:FeatureName: Associating a VRF instance with a network interface
+include::snippets/technology-preview.adoc[]
+
+By associating a VRF instance with a network interface, you can support traffic isolation, independent routing decisions, and the logical separation of network resources. 
+
+In a bare-metal environment, you can announce load balancer services through interfaces belonging to a VRF instance by using MetalLB. For more information, see the _Additional resources_ section.
+
+The following YAML file is an example of associating a VRF instance to a network interface.
+It includes samples values that you must replace with your own information.
+
+[source,yaml]
+----
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: vrfpolicy <1>
+spec:
+  nodeSelector: 
+    vrf: "true" <2>
+  maxUnavailable: 3 
+  desiredState:
+    interfaces:
+      - name: ens4vrf <3>
+        type: vrf <4>
+        state: up
+        vrf:
+          port:
+            - ens4 <5>
+          route-table-id: 2 <6>
+----
+<1> The name of the policy.
+<2> This example applies the policy to all nodes with the label `vrf:true`.
+<3> The name of the interface.
+<4> The type of interface. This example creates a VRF instance.
+<5> The node interface to which the VRF attaches.
+<6> The name of the route table ID for the VRF.
diff --git a/modules/virt-example-inherit-static-ip-from-nic.adoc b/modules/virt-example-inherit-static-ip-from-nic.adoc
index 3c07a5d0f820..0c1174e575f5 100644
--- a/modules/virt-example-inherit-static-ip-from-nic.adoc
+++ b/modules/virt-example-inherit-static-ip-from-nic.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-example-inherit-static-ip-from-nic_{context}"]
 = Example: Linux bridge interface node network configuration policy to inherit static IP address from the NIC attached to the bridge
 
diff --git a/modules/virt-example-nmstate-IP-management.adoc b/modules/virt-example-nmstate-IP-management.adoc
index 6f6514737e55..902d04540389 100644
--- a/modules/virt-example-nmstate-IP-management.adoc
+++ b/modules/virt-example-nmstate-IP-management.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-example-nmstate-IP-management_{context}"]
 = Examples: IP management
 
diff --git a/modules/virt-example-node-placement-affinity-hyperconverged-cr.adoc b/modules/virt-example-node-placement-affinity-hyperconverged-cr.adoc
deleted file mode 100644
index 137d453b2640..000000000000
--- a/modules/virt-example-node-placement-affinity-hyperconverged-cr.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
-
-[id="virt-example-node-placement-affinity-hyperconverged-cr_{context}"]
-= Example: Node placement with affinity in the HyperConverged Cluster CR
-
-In this example, `affinity` is configured so that infrastructure resources are placed on nodes that are labeled with `example.io/example-infra-key = example-value` and workloads are placed on nodes labeled with `example.io/example-workloads-key = example-workloads-value`. Nodes that have more than eight CPUs are preferred for workloads, but if they are not available, pods are still scheduled.
-
-[source,yaml]
-----
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  name: kubevirt-hyperconverged
-  namespace: openshift-cnv
-spec:
-  infra:
-    nodePlacement:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: example.io/example-infra-key
-                operator: In
-                values:
-                - example-infra-value
-  workloads:
-    nodePlacement:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: example.io/example-workloads-key
-                operator: In
-                values:
-                - example-workloads-value
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 1
-            preference:
-              matchExpressions:
-              - key: example.io/num-cpus
-                operator: Gt
-                values:
-                - 8
-----
diff --git a/modules/virt-example-node-placement-node-selector-hpp.adoc b/modules/virt-example-node-placement-node-selector-hpp.adoc
deleted file mode 100644
index e6ad87aea359..000000000000
--- a/modules/virt-example-node-placement-node-selector-hpp.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
-
-[id="virt-example-node-placement-node-selector-hpp_{context}"]
-= Example: Node placement with nodeSelector in the HostPathProvisioner object
-
-In this example, `nodeSelector` is configured so that workloads are placed on nodes labeled with `example.io/example-workloads-key = example-workloads-value`.
-
-[source,yaml]
-----
-apiVersion: hostpathprovisioner.kubevirt.io/v1beta1
-kind: HostPathProvisioner
-metadata:
-  name: hostpath-provisioner
-spec:
-  imagePullPolicy: IfNotPresent
-  pathConfig:
-    path: "</path/to/backing/directory>"
-    useNamingPrefix: false
-  workload:
-    nodeSelector:
-      example.io/example-workloads-key: example-workloads-value
-----
\ No newline at end of file
diff --git a/modules/virt-example-node-placement-node-selector-hyperconverged-cr.adoc b/modules/virt-example-node-placement-node-selector-hyperconverged-cr.adoc
deleted file mode 100644
index aa654facbd92..000000000000
--- a/modules/virt-example-node-placement-node-selector-hyperconverged-cr.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
-
-[id="virt-example-node-placement-node-selector-hyperconverged-cr_{context}"]
-= Example: Node placement with nodeSelector in the HyperConverged Cluster CR
-
-In this example, `nodeSelector` is configured so that infrastructure resources are placed on nodes that are labeled with `example.io/example-infra-key = example-infra-value` and workloads are placed on nodes labeled with `example.io/example-workloads-key = example-workloads-value`.
-
-[source,yaml]
-----
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  name: kubevirt-hyperconverged
-  namespace: openshift-cnv
-spec:
-  infra:
-    nodePlacement:
-      nodeSelector:
-        example.io/example-infra-key: example-infra-value
-  workloads:
-    nodePlacement:
-      nodeSelector:
-        example.io/example-workloads-key: example-workloads-value
-----
\ No newline at end of file
diff --git a/modules/virt-example-node-placement-node-selector-olm-subscription.adoc b/modules/virt-example-node-placement-node-selector-olm-subscription.adoc
deleted file mode 100644
index fffd19041d83..000000000000
--- a/modules/virt-example-node-placement-node-selector-olm-subscription.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
-
-[id="virt-example-node-placement-node-selector-olm-subscription_{context}"]
-= Example: Node placement with nodeSelector in the OLM Subscription object
-
-In this example, `nodeSelector` is configured so that OLM places the {VirtProductName} Operators on nodes that are labeled with `example.io/example-infra-key = example-infra-value`.
-
-[source,yaml,subs="attributes+"]
-----
-apiVersion: operators.coreos.com/v1beta1
-kind: Subscription
-metadata:
-  name: hco-operatorhub
-  namespace: openshift-cnv
-spec:
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  name: kubevirt-hyperconverged
-  startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
-  channel: "stable"
-  config:
-    nodeSelector:
-      example.io/example-infra-key: example-infra-value
-----
\ No newline at end of file
diff --git a/modules/virt-example-node-placement-tolerations-hyperconverged-cr.adoc b/modules/virt-example-node-placement-tolerations-hyperconverged-cr.adoc
deleted file mode 100644
index 73fa06b5db26..000000000000
--- a/modules/virt-example-node-placement-tolerations-hyperconverged-cr.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
-
-[id="virt-example-node-placement-tolerations-hyperconverged-cr_{context}"]
-= Example: Node placement with tolerations in the HyperConverged Cluster CR
-
-In this example, nodes that are reserved for {VirtProductName} components are labeled with the `key=virtualization:NoSchedule` taint. Only pods with the matching tolerations are scheduled to these nodes.
-
-[source,yaml]
-----
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  name: kubevirt-hyperconverged
-  namespace: openshift-cnv
-spec:
-  workloads:
-    nodePlacement:
-      tolerations:
-      - key: "key"
-        operator: "Equal"
-        value: "virtualization"
-        effect: "NoSchedule"
-----
\ No newline at end of file
diff --git a/modules/virt-example-node-placement-tolerations-olm-subscription.adoc b/modules/virt-example-node-placement-tolerations-olm-subscription.adoc
deleted file mode 100644
index f207546fbfcf..000000000000
--- a/modules/virt-example-node-placement-tolerations-olm-subscription.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/install/virt-specifying-nodes-for-virtualization-components.adoc
-
-[id="virt-example-node-placement-tolerations-olm-subscription_{context}"]
-= Example: Node placement with tolerations in the OLM Subscription object
-
-In this example, nodes that are reserved for OLM to deploy {VirtProductName} Operators are labeled with the `key=virtualization:NoSchedule` taint. Only pods with the matching tolerations are scheduled to these nodes.
-
-[source,yaml,subs="attributes+"]
-----
-apiVersion: operators.coreos.com/v1beta1
-kind: Subscription
-metadata:
-  name: hco-operatorhub
-  namespace: openshift-cnv
-spec:
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  name: kubevirt-hyperconverged
-  startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
-  channel: "stable"
-  config:
-    tolerations:
-    - key: "key"
-      operator: "Equal"
-      value: "virtualization"
-      effect: "NoSchedule"
-----
\ No newline at end of file
diff --git a/modules/virt-expanding-storage-with-data-volumes.adoc b/modules/virt-expanding-storage-with-data-volumes.adoc
new file mode 100644
index 000000000000..ace363c8138d
--- /dev/null
+++ b/modules/virt-expanding-storage-with-data-volumes.adoc
@@ -0,0 +1,43 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virtual_disks/virt-expanding-vm-disks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-expanding-storage-with-data-volumes_{context}"]
+= Expanding available virtual storage by adding blank data volumes
+
+You can expand the available storage of a virtual machine (VM) by adding blank data volumes.
+
+.Prerequisites
+
+* You must have at least one persistent volume.
+
+.Procedure
+
+. Create a `DataVolume` manifest as shown in the following example:
++
+.Example `DataVolume` manifest
+[source,yaml]
+----
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+  name: blank-image-datavolume
+spec:
+  source:
+    blank: {}
+  storage:
+    resources:
+      requests:
+        storage: <2Gi> <1>
+  storageClassName: "<storage_class>" <2>
+----
+<1> Specify the amount of available space requested for the data volume.
+<2> Optional: If you do not specify a storage class, the default storage class is used.
+
+. Create the data volume by running the following command:
++
+[source,terminal]
+----
+$ oc create -f <blank-image-datavolume>.yaml
+----
diff --git a/modules/virt-expanding-vm-disk-pvc.adoc b/modules/virt-expanding-vm-disk-pvc.adoc
new file mode 100644
index 000000000000..0f918d052bda
--- /dev/null
+++ b/modules/virt-expanding-vm-disk-pvc.adoc
@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virtual_disks/virt-expanding-vm-disks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-expanding-vm-disk-pvc_{context}"]
+= Expanding a VM disk PVC
+
+You can increase the size of a virtual machine (VM) disk by expanding the persistent volume claim (PVC) of the disk.
+
+If the PVC uses the file system volume mode, the disk image file expands to the available size while reserving some space for file system overhead.
+
+.Procedure
+
+. Edit the `PersistentVolumeClaim` manifest of the VM disk that you want to expand:
++
+[source,terminal]
+----
+$ oc edit pvc <pvc_name>
+----
+
+. Update the disk size:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+   name: vm-disk-expand
+spec:
+  accessModes:
+     - ReadWriteMany
+  resources:
+    requests:
+       storage: 3Gi <1>
+# ...
+----
+<1> Specify the new disk size.
diff --git a/modules/virt-exposing-pci-device-in-cluster-cli.adoc b/modules/virt-exposing-pci-device-in-cluster-cli.adoc
index 1413ec517470..a0564f549ad1 100644
--- a/modules/virt-exposing-pci-device-in-cluster-cli.adoc
+++ b/modules/virt-exposing-pci-device-in-cluster-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-exposing-pci-device-in-cluster-cli_{context}"]
 = Exposing PCI host devices in the cluster using the CLI
 
@@ -12,21 +12,21 @@ To expose PCI host devices in the cluster, add details about the PCI devices to
 .Procedure
 . Edit the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Add the PCI device information to the `spec.permittedHostDevices.pciHostDevices` array. For example:
 +
 .Example configuration file
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   permittedHostDevices: <1>
     pciHostDevices: <2>
diff --git a/modules/virt-generalizing-windows-sysprep.adoc b/modules/virt-generalizing-windows-sysprep.adoc
index 3541a046e202..5d84cc310ae9 100644
--- a/modules/virt-generalizing-windows-sysprep.adoc
+++ b/modules/virt-generalizing-windows-sysprep.adoc
@@ -1,15 +1,19 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-automating-windows-sysprep.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-generalizing-windows-sysprep_{context}"]
-= Generalizing a Windows VM using sysprep
+= Generalizing a Windows VM image
 
-Generalizing an image allows that image to remove all system-specific configuration data when the image is deployed on a virtual machine (VM).
+You can generalize a Windows operating system image to remove all system-specific configuration data before you use the image to create a new virtual machine (VM).
 
 Before generalizing the VM, you must ensure the `sysprep` tool cannot detect an answer file after the unattended Windows installation.
 
+.Prerequisites
+
+* A running Windows VM with the QEMU guest agent installed.
+
 .Procedure
 
 . In the {product-title} console, click *Virtualization* -> *VirtualMachines*.
diff --git a/modules/virt-golden-images.adoc b/modules/virt-golden-images.adoc
new file mode 100644
index 000000000000..7b000a715820
--- /dev/null
+++ b/modules/virt-golden-images.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="virt-about-golden-images_{context}"]
+= About golden images
+
+A golden image is a preconfigured snapshot of a virtual machine (VM) that you can use as a resource to deploy new VMs. For example, you can use golden images to provision the same system environment consistently and deploy systems more quickly and efficiently.
+
+[id="virt-how-golden-images-work_{context}"]
+== How do golden images work?
+
+Golden images are created by installing and configuring an operating system and software applications on a reference machine or virtual machine. This includes setting up the system, installing required drivers, applying patches and updates, and configuring specific options and preferences.
+
+After the golden image is created, it is saved as a template or image file that can be replicated and deployed across multiple clusters. The golden image can be updated by its maintainer periodically to incorporate necessary software updates and patches, ensuring that the image remains up to date and secure, and newly created VMs are based on this updated image.
+
+[id="virt-golden-images-implementation_{context}"]
+== Red Hat implementation of golden images
+
+Red Hat publishes golden images as container disks in the registry for versions of {op-system-base-full}. Container disks are virtual machine images that are stored as a container image in a container image registry. Any published image will automatically be made available in connected clusters after the installation of OpenShift Virtualization. After the images are available in a cluster, they are ready to use to create VMs.
diff --git a/modules/virt-hot-plugging-a-virtual-disk-using-the-cli.adoc b/modules/virt-hot-plugging-a-virtual-disk-using-the-cli.adoc
deleted file mode 100644
index fd2bb7e112e0..000000000000
--- a/modules/virt-hot-plugging-a-virtual-disk-using-the-cli.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
-
-:_content-type: PROCEDURE
-[id="virt-hot-plugging-a-virtual-disk-using-the-cli_{context}"]
-= Hot plugging a virtual disk using the CLI
-
-Hot plug virtual disks that you want to attach to a virtual machine instance (VMI) while a virtual machine is running.
-
-.Prerequisites
-* You must have a running virtual machine to hot plug a virtual disk.
-* You must have at least one data volume or persistent volume claim (PVC) available for hot plugging.
-
-.Procedure
-
-* Hot plug a virtual disk by running the following command:
-+
-[source,terminal]
-----
-$ virtctl addvolume <virtual-machine|virtual-machine-instance> --volume-name=<datavolume|PVC> \
-[--persist] [--serial=<label-name>]
-----
-+
-** Use the optional `--persist` flag to add the hot plugged disk to the virtual machine specification as a permanently mounted virtual disk. Stop, restart, or reboot the virtual machine to permanently mount the virtual disk. After specifying the `--persist` flag, you can no longer hot plug or hot unplug the virtual disk. The `--persist` flag applies to virtual machines, not virtual machine instances.
-** The optional `--serial` flag allows you to add an alphanumeric string label of your choice. This helps you to identify the hot plugged disk in a guest virtual machine. If you do not specify this option, the label defaults to the name of the hot plugged data volume or PVC.
diff --git a/modules/virt-hot-plugging-a-virtual-disk-using-the-web-console.adoc b/modules/virt-hot-plugging-a-virtual-disk-using-the-web-console.adoc
deleted file mode 100644
index 32cad6f56fc2..000000000000
--- a/modules/virt-hot-plugging-a-virtual-disk-using-the-web-console.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
-
-:_content-type: PROCEDURE
-[id="virt-hot-plugging-a-virtual-disk-using-the-web-console{context}"]
-= Hot plugging a virtual disk using the web console
-
-Hot plug virtual disks that you want to attach to a virtual machine instance (VMI) while a virtual machine is running. When you hot plug a virtual disk, it remains attached to the VMI until you unplug it.
-
-.Prerequisites
-* You must have a running virtual machine to hot plug a virtual disk.
-
-.Procedure
-
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Select the running virtual machine to which you want to hot plug a virtual disk.
-
-. On the *VirtualMachine details* page, click *Configuration* -> *Disks*.
-
-. Click *Add disk*.
-
-. In the *Add disk (hot plugged)* window, fill in the information for the virtual disk that you want to hot plug.
-
-. Click *Save*.
diff --git a/modules/virt-hot-plugging-bridge-network-interface-cli.adoc b/modules/virt-hot-plugging-bridge-network-interface-cli.adoc
new file mode 100644
index 000000000000..52d4a4dc3178
--- /dev/null
+++ b/modules/virt-hot-plugging-bridge-network-interface-cli.adoc
@@ -0,0 +1,99 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/vm_networking/virt-hot-plugging-network-interfaces.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-hot-plugging-bridge-network-interface_{context}"]
+= Hot plugging a bridge network interface using the CLI
+
+Hot plug a bridge network interface to a virtual machine (VM) while the VM is running.
+
+.Prerequisites
+
+* A network attachment definition is configured in the same namespace as your VM.
+* You have installed the `virtctl` tool.
+
+.Procedure
+
+. If the VM to which you want to hot plug the network interface is not running, start it by using the following command:
++
+[source,terminal]
+----
+$ virtctl start <vm_name>
+----
+
+. Use the following command to hot plug a new network interface to the running VM. The `virtctl addinterface` command adds the new network interface to the VM and virtual machine instance (VMI) specification but does not attach it to the running VM.
++
+[source,terminal]
+----
+$ virtctl addinterface <vm_name> --network-attachment-definition-name <net_attach_def_name> --name <interface_name>
+----
++
+where:
+
+<vm_name>:: Specifies the name of the `VirtualMachine` object.
+<net_attach_def_name>::  Specifies the name of `NetworkAttachmentDefinition` object.
+<interface_name>:: Specifies the name of the new network interface.
+
+
+. To attach the network interface to the running VM, live migrate the VM by using the following command:
++
+[source,terminal]
+----
+$ virtctl migrate <vm_name>
+----
+
+.Verification
+
+. Verify that the VM live migration is successful by using the following command:
++
+[source,terminal]
+----
+$ oc get VirtualMachineInstanceMigration -w
+----
++
+.Example output
+[source,terminal]
+----
+NAME                        PHASE             VMI
+kubevirt-migrate-vm-lj62q   Scheduling        vm-fedora
+kubevirt-migrate-vm-lj62q   Scheduled         vm-fedora
+kubevirt-migrate-vm-lj62q   PreparingTarget   vm-fedora
+kubevirt-migrate-vm-lj62q   TargetReady       vm-fedora
+kubevirt-migrate-vm-lj62q   Running           vm-fedora
+kubevirt-migrate-vm-lj62q   Succeeded         vm-fedora
+----
+
+. Verify that the new interface is added to the VM by checking the VMI status:
++
+[source,terminal]
+----
+$ oc get vmi vm-fedora -ojsonpath="{ @.status.interfaces }"
+----
++
+.Example output
+[source,json]
+----
+[
+  {
+    "infoSource": "domain, guest-agent",
+    "interfaceName": "eth0",
+    "ipAddress": "10.130.0.195",
+    "ipAddresses": [
+      "10.130.0.195",
+      "fd02:0:0:3::43c"
+    ],
+    "mac": "52:54:00:0e:ab:25",
+    "name": "default",
+    "queueCount": 1
+  },
+  {
+    "infoSource": "domain, guest-agent, multus-status",
+    "interfaceName": "eth1",
+    "mac": "02:d8:b8:00:00:2a",
+    "name": "bridge-interface", <1>
+    "queueCount": 1
+  }
+]
+----
+<1> The hot plugged interface appears in the VMI status.
\ No newline at end of file
diff --git a/modules/virt-hot-plugging-disk-cli.adoc b/modules/virt-hot-plugging-disk-cli.adoc
new file mode 100644
index 000000000000..89c4cb529d89
--- /dev/null
+++ b/modules/virt-hot-plugging-disk-cli.adoc
@@ -0,0 +1,37 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-hot-plugging-disk-cli_{context}"]
+= Hot plugging and hot unplugging a disk by using the command line
+
+You can hot plug and hot unplug a disk while a virtual machine (VM) is running by using the command line.
+
+You can make a hot plugged disk persistent so that it is permanently mounted on the VM.
+
+.Prerequisites
+
+* You must have at least one data volume or persistent volume claim (PVC) available for hot plugging.
+
+.Procedure
+
+* Hot plug a disk by running the following command:
++
+[source,terminal]
+----
+$ virtctl addvolume <virtual-machine|virtual-machine-instance> \
+  --volume-name=<datavolume|PVC> \
+  [--persist] [--serial=<label-name>]
+----
++
+** Use the optional `--persist` flag to add the hot plugged disk to the virtual machine specification as a permanently mounted virtual disk. Stop, restart, or reboot the virtual machine to permanently mount the virtual disk. After specifying the `--persist` flag, you can no longer hot plug or hot unplug the virtual disk. The `--persist` flag applies to virtual machines, not virtual machine instances.
+** The optional `--serial` flag allows you to add an alphanumeric string label of your choice. This helps you to identify the hot plugged disk in a guest virtual machine. If you do not specify this option, the label defaults to the name of the hot plugged data volume or PVC.
+
+* Hot unplug a disk by running the following command:
++
+[source,terminal]
+----
+$ virtctl removevolume <virtual-machine|virtual-machine-instance> \
+  --volume-name=<datavolume|PVC>
+----
diff --git a/modules/virt-hot-plugging-disks-ui.adoc b/modules/virt-hot-plugging-disks-ui.adoc
new file mode 100644
index 000000000000..e5e7a8b7004b
--- /dev/null
+++ b/modules/virt-hot-plugging-disks-ui.adoc
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-hot-plugging-disks-ui_{context}"]
+= Hot plugging and hot unplugging a disk by using the web console
+
+You can hot plug a disk by attaching it to a virtual machine (VM) while the VM is running by using the {product-title} web console.
+
+The hot plugged disk remains attached to the VM until you unplug it.
+
+You can make a hot plugged disk persistent so that it is permanently mounted on the VM.
+
+.Prerequisites
+
+* You must have a data volume or persistent volume claim (PVC) available for hot plugging.
+
+.Procedure
+
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select a running VM to view its details.
+. On the *VirtualMachine details* page, click *Configuration* -> *Disks*.
+
+. Add a hot plugged disk:
+.. Click *Add disk*.
+.. In the *Add disk (hot plugged)* window, select the disk from the *Source* list and click *Save*.
+
+. Optional: Unplug a hot plugged disk:
+.. Click the options menu {kebab} beside the disk and select *Detach*.
+.. Click *Detach*.
+
+. Optional: Make a hot plugged disk persistent:
+.. Click the options menu {kebab} beside the disk and select *Make persistent*.
+.. Reboot the VM to apply the change.
diff --git a/modules/virt-hot-unplugging-a-virtual-disk-using-the-cli.adoc b/modules/virt-hot-unplugging-a-virtual-disk-using-the-cli.adoc
deleted file mode 100644
index 6acf67163071..000000000000
--- a/modules/virt-hot-unplugging-a-virtual-disk-using-the-cli.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
-
-:_content-type: PROCEDURE
-[id="virt-hot-unplugging-a-virtual-disk-using-the-cli_{context}"]
-= Hot unplugging a virtual disk using the CLI
-
-Hot unplug virtual disks that you want to detach from a virtual machine instance (VMI) while a virtual machine is running.
-
-.Prerequisites
-* Your virtual machine must be running.
-* You must have at least one data volume or persistent volume claim (PVC) available and hot plugged.
-
-.Procedure
-
-* Hot unplug a virtual disk by running the following command:
-+
-[source,terminal]
-----
-$ virtctl removevolume <virtual-machine|virtual-machine-instance> --volume-name=<datavolume|PVC>
-----
diff --git a/modules/virt-hot-unplugging-a-virtual-disk-using-the-web-console.adoc b/modules/virt-hot-unplugging-a-virtual-disk-using-the-web-console.adoc
deleted file mode 100644
index b306852f2d40..000000000000
--- a/modules/virt-hot-unplugging-a-virtual-disk-using-the-web-console.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
-
-:_content-type: PROCEDURE
-[id="virt-hot-unplugging-a-virtual-disk-using-the-web-console{context}"]
-= Hot unplugging a virtual disk using the web console
-
-Hot unplug virtual disks that you want to detach from a virtual machine instance (VMI) while a virtual machine is running.
-
-.Prerequisites
-* Your virtual machine must be running with a hot plugged disk attached.
-
-.Procedure
-
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-. Select the running virtual machine with the disk you want to hot unplug to open the *VirtualMachine details* page.
-. Click *Configuration* -> *Disks*.
-. Click the Options menu {kebab} beside the virtual disk that you want to hot unplug and select *Detach*.
-. Click *Detach*.
diff --git a/modules/virt-hot-unplugging-bridge-network-interface-cli.adoc b/modules/virt-hot-unplugging-bridge-network-interface-cli.adoc
new file mode 100644
index 000000000000..12d0194bff6a
--- /dev/null
+++ b/modules/virt-hot-unplugging-bridge-network-interface-cli.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/vm_networking/virt-hot-plugging-network-interfaces.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-hot-unplugging-bridge-network-interface_{context}"]
+= Hot unplugging a bridge network interface using the CLI
+
+You can remove a bridge network interface from a running virtual machine (VM).
+
+.Prerequisites
+
+* Your VM must be running.
+* The VM must be created on a cluster running {VirtProductName} 4.14 or later.
+* The VM must have a bridge network interface attached.
+
+.Procedure
+
+. Hot unplug a bridge network interface by running the following command. The `virtctl removeinterface` command detaches the network interface from the guest, but the interface still exists in the pod.
++
+[source,terminal]
+----
+$ virtctl removeinterface <vm_name> --name <interface_name>
+----
+
+. Remove the interface from the pod by migrating the VM:
++
+[source,terminal]
+----
+$ virtctl migrate <vm_name>
+----
\ No newline at end of file
diff --git a/modules/virt-how-fs-overhead-affects-space-vm-disks.adoc b/modules/virt-how-fs-overhead-affects-space-vm-disks.adoc
index 9444c2030f65..6397789db5ce 100644
--- a/modules/virt-how-fs-overhead-affects-space-vm-disks.adoc
+++ b/modules/virt-how-fs-overhead-affects-space-vm-disks.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-reserving-pvc-space-fs-overhead.adoc
+// * virt/storage/virt-reserving-pvc-space-fs-overhead.adoc
 
 [id="virt-how-fs-overhead-affects-space-vm-disks_{context}"]
 = How file system overhead affects space for virtual machine disks
diff --git a/modules/virt-how-virtual-gpus-assigned-nodes.adoc b/modules/virt-how-virtual-gpus-assigned-nodes.adoc
index 682e997833f9..55695501e29f 100644
--- a/modules/virt-how-virtual-gpus-assigned-nodes.adoc
+++ b/modules/virt-how-virtual-gpus-assigned-nodes.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="how-vgpus-are-assigned-to-nodes_{context}"]
 = How vGPUs are assigned to nodes
 
@@ -20,7 +20,7 @@ For example:
 ----
 # ...
 mediatedDevicesConfiguration:
-  mediatedDevicesTypes:
+  mediatedDeviceTypes:
   - nvidia-222
   - nvidia-228
   - nvidia-105
@@ -45,15 +45,15 @@ On each node, {VirtProductName} creates the following vGPUs:
 * 16 vGPUs of type nvidia-105 on the first card.
 * 2 vGPUs of type nvidia-108 on the second card.
 
-One node has a single card that supports more than one requested vGPU type:: {VirtProductName} uses the supported type that comes first on the `mediatedDevicesTypes` list.
+One node has a single card that supports more than one requested vGPU type:: {VirtProductName} uses the supported type that comes first on the `mediatedDeviceTypes` list.
 +
-For example, the card on a node card supports `nvidia-223` and `nvidia-224`. The following `mediatedDevicesTypes` list is configured:
+For example, the card on a node card supports `nvidia-223` and `nvidia-224`. The following `mediatedDeviceTypes` list is configured:
 +
 [source,yaml]
 ----
 # ...
 mediatedDevicesConfiguration:
-  mediatedDevicesTypes:
+  mediatedDeviceTypes:
   - nvidia-22
   - nvidia-223
   - nvidia-224
diff --git a/modules/virt-importing-rhel-image-boot-source-web.adoc b/modules/virt-importing-rhel-image-boot-source-web.adoc
index c479993d5c9f..e1428795b844 100644
--- a/modules/virt-importing-rhel-image-boot-source-web.adoc
+++ b/modules/virt-importing-rhel-image-boot-source-web.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-creating-and-using-boot-sources.adoc
+// * virt/virtual_machines/virt-creating-and-using-boot-sources.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-importing-rhel-image-boot-source-web_{context}"]
 = Importing a {op-system-base} image as a boot source
 
diff --git a/modules/virt-importing-vm-datavolume.adoc b/modules/virt-importing-vm-datavolume.adoc
deleted file mode 100644
index 426d1dc23738..000000000000
--- a/modules/virt-importing-vm-datavolume.adoc
+++ /dev/null
@@ -1,156 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
-
-:_content-type: PROCEDURE
-[id="virt-importing-vm-datavolume_{context}"]
-= Importing a virtual machine image into storage by using a data volume
-
-You can import a virtual machine image into storage by using a data volume.
-
-The virtual machine image can be hosted at an HTTP or HTTPS endpoint or the image can be built into a container disk and stored in a container registry.
-
-You specify the data source for the image in a `VirtualMachine` configuration file. When the virtual machine is created, the data volume with the virtual machine image is imported into storage.
-
-.Prerequisites
-
-* To import a virtual machine image you must have the following:
-** A virtual machine disk image in RAW, ISO, or QCOW2 format, optionally compressed by using `xz` or `gz`.
-** An HTTP or HTTPS endpoint where the image is hosted, along with any authentication credentials needed to access the data source.
-* To import a container disk, you must have a virtual machine image built into a container disk and stored in a container registry, along with any authentication credentials needed to access the data source.
-* If the virtual machine must communicate with servers that use self-signed certificates or certificates not signed by the system CA bundle, you must create a config map in the same namespace as the data volume.
-
-.Procedure
-
-. If your data source requires authentication, create a `Secret` manifest, specifying the data source credentials, and save it as `endpoint-secret.yaml`:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: endpoint-secret <1>
-  labels:
-    app: containerized-data-importer
-type: Opaque
-data:
-  accessKeyId: "" <2>
-  secretKey:   "" <3>
-----
-<1> Specify the name of the `Secret`.
-<2> Specify the Base64-encoded key ID or user name.
-<3> Specify the Base64-encoded secret key or password.
-
-. Apply the `Secret` manifest:
-+
-[source,terminal]
-----
-$ oc apply -f endpoint-secret.yaml
-----
-
-. Edit the `VirtualMachine` manifest, specifying the data source for the virtual machine image you want to import, and save it as `vm-fedora-datavolume.yaml`:
-+
-[%collapsible]
-====
-[source,yaml]
-----
-apiVersion: kubevirt.io/v1
-kind: VirtualMachine
-metadata:
-  creationTimestamp: null
-  labels:
-    kubevirt.io/vm: vm-fedora-datavolume
-  name: vm-fedora-datavolume <1>
-spec:
-  dataVolumeTemplates:
-  - metadata:
-      creationTimestamp: null
-      name: fedora-dv <2>
-    spec:
-      storage:
-        volumeMode: Block <3>
-        resources:
-          requests:
-            storage: 10Gi
-        storageClassName: local
-      source: <4>
-        http:
-          url: "https://mirror.arizona.edu/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" <4>
-          secretRef: endpoint-secret <5>
-          certConfigMap: "" <6>
-        # To use a registry source, uncomment the following lines and delete the preceding HTTP source block
-        # registry:
-          # url: "docker://kubevirt/fedora-cloud-container-disk-demo:latest"
-          # secretRef: registry-secret <5>
-          # certConfigMap: "" <6>
-    status: {}
-  running: true
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        kubevirt.io/vm: vm-fedora-datavolume
-    spec:
-      domain:
-        devices:
-          disks:
-          - disk:
-              bus: virtio
-            name: datavolumedisk1
-        machine:
-          type: ""
-        resources:
-          requests:
-            memory: 1.5Gi
-      terminationGracePeriodSeconds: 180
-      volumes:
-      - dataVolume:
-          name: fedora-dv
-        name: datavolumedisk1
-status: {}
-----
-<1> Specify the name of the virtual machine.
-<2> Specify the name of the data volume.
-<3> The volume and access mode are detected automatically for known storage provisioners. Alternatively, you can specify `Block`.
-<4> Specify either the URL or the registry endpoint of the virtual machine image you want to import using the comment block. For example, if you want to use a registry source, you can comment out or delete the HTTP or HTTPS source block. Ensure that you replace the example values shown here with your own values.
-<5> Specify the `Secret` name if you created a `Secret` for the data source.
-<6> Optional: Specify a CA certificate config map.
-====
-
-. Create the virtual machine:
-+
-[source,terminal]
-----
-$ oc create -f vm-fedora-datavolume.yaml
-----
-+
-[NOTE]
-====
-The `oc create` command creates the data volume and the virtual machine. The CDI controller creates an underlying PVC with the correct annotation and the import process begins. When the import is complete, the data volume status changes to `Succeeded`. You can start the virtual machine.
-
-Data volume provisioning happens in the background, so there is no need to monitor the process.
-====
-
-.Verification
-
-. The importer pod downloads the virtual machine image or container disk from the specified URL and stores it on the provisioned PV. View the status of the importer pod by running the following command:
-+
-[source,terminal]
-----
-$ oc get pods
-----
-
-. Monitor the data volume until its status is `Succeeded` by running the following command:
-+
-[source,terminal]
-----
-$ oc describe dv fedora-dv <1>
-----
-<1> Specify the data volume name that you defined in the `VirtualMachine` manifest.
-
-. Verify that provisioning is complete and that the virtual machine has started by accessing its serial console:
-+
-[source,terminal]
-----
-$ virtctl console vm-fedora-datavolume
-----
diff --git a/modules/virt-initiating-vm-migration-cli.adoc b/modules/virt-initiating-vm-migration-cli.adoc
index 8a7aa7a40caf..c2bf5f526457 100644
--- a/modules/virt-initiating-vm-migration-cli.adoc
+++ b/modules/virt-initiating-vm-migration-cli.adoc
@@ -1,33 +1,63 @@
 // Module included in the following assemblies:
 //
-// * virt/live_migration/virt-migrate-vmi.adoc
+// * virt/live_migration/virt-initiating-live-migration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-initiating-vm-migration-cli_{context}"]
-= Initiating live migration of a virtual machine instance in the CLI
+= Initiating live migration by using the command line
 
-Initiate a live migration of a running virtual machine instance by creating a `VirtualMachineInstanceMigration` object in the cluster and referencing the name of the virtual machine instance.
+You can initiate the live migration of a running virtual machine (VM) by using the command line to create a `VirtualMachineInstanceMigration` object for the VM.
 
 .Procedure
 
-. Create a `VirtualMachineInstanceMigration` configuration file for the virtual machine instance to migrate. For example, `vmi-migrate.yaml`:
+. Create a `VirtualMachineInstanceMigration` manifest for the VM that you want to migrate:
 +
 [source,yaml]
 ----
 apiVersion: kubevirt.io/v1
 kind: VirtualMachineInstanceMigration
 metadata:
-  name: migration-job
+  name: <migration_name>
 spec:
-  vmiName: vmi-fedora
+  vmiName: <vm_name>
 ----
 
-. Create the object in the cluster by running the following command:
+. Create the object by running the following command:
 +
 [source,terminal]
 ----
-$ oc create -f vmi-migrate.yaml
+$ oc create -f <migration_name>.yaml
 ----
++
+The `VirtualMachineInstanceMigration` object triggers a live migration of the VM. This object exists in the cluster for as long as the virtual machine instance is running, unless manually deleted.
+
+.Verification
 
-The `VirtualMachineInstanceMigration` object triggers a live migration of the virtual machine instance.
-This object exists in the cluster for as long as the virtual machine instance is running, unless manually deleted.
+* Obtain the VM status by running the following command:
++
+[source,terminal]
+----
+$ oc describe vmi <vm_name>
+----
++
+.Example output
+[source,yaml]
+----
+# ...
+Status:
+  Conditions:
+    Last Probe Time:       <nil>
+    Last Transition Time:  <nil>
+    Status:                True
+    Type:                  LiveMigratable
+  Migration Method:  LiveMigration
+  Migration State:
+    Completed:                    true
+    End Timestamp:                2018-12-24T06:19:42Z
+    Migration UID:                d78c8962-0743-11e9-a540-fa163e0c69f1
+    Source Node:                  node2.example.com
+    Start Timestamp:              2018-12-24T06:19:35Z
+    Target Node:                  node1.example.com
+    Target Node Address:          10.9.0.18:43891
+    Target Node Domain Detected:  true
+----
diff --git a/modules/virt-initiating-vm-migration-web.adoc b/modules/virt-initiating-vm-migration-web.adoc
index f92e57942022..e6ec554d81c4 100644
--- a/modules/virt-initiating-vm-migration-web.adoc
+++ b/modules/virt-initiating-vm-migration-web.adoc
@@ -1,25 +1,25 @@
 // Module included in the following assemblies:
 //
-// * virt/live_migration/virt-migrate-vmi.adoc
+// * virt/live_migration/virt-initiating-live-migration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-initiating-vm-migration-web_{context}"]
-= Initiating live migration of a virtual machine instance in the web console
+= Initiating live migration by using the web console
 
-Migrate a running virtual machine instance to a different node in the cluster.
+You can live migrate a running virtual machine (VM) to a different node in the cluster by using the {product-title} web console.
 
 [NOTE]
 ====
-The *Migrate* action is visible to all users but only admin users can initiate a virtual machine migration.
+The *Migrate* action is visible to all users but only cluster administrators can initiate a live migration.
 ====
 
-.Procedure
-
-. In the {product-title} console, click *Virtualization* -> *VirtualMachines* from the side menu.
+.Prerequisites
 
-. You can initiate the migration from this page, which makes it easier to perform actions on multiple virtual machines on the same page, or from the *VirtualMachine details* page where you can view comprehensive details of the selected virtual machine:
+* The VM must be migratable.
+* If the VM is configured with a host model CPU, the cluster must have an available node that supports the CPU model.
 
-* Click the Options menu {kebab} next to the virtual machine and select *Migrate*.
-* Click the virtual machine name to open the *VirtualMachine details* page and click *Actions* -> *Migrate*.
+.Procedure
 
-. Click *Migrate* to migrate the virtual machine to another node.
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select *Migrate* from the Options menu {kebab} beside a VM.
+. Click *Migrate*.
diff --git a/modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc b/modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc
index 5f3d44da5fa9..692f04f8348e 100644
--- a/modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc
+++ b/modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc
@@ -1,11 +1,11 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
-// * virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-installing-qemu-guest-agent-on-linux-vm_{context}"]
-= Installing QEMU guest agent on a Linux virtual machine
+= Installing the QEMU guest agent on a Linux VM
 
 The `qemu-guest-agent` is widely available and available by default in {op-system-base-full} virtual machines (VMs). Install the agent and start the service.
 
@@ -13,14 +13,14 @@ The `qemu-guest-agent` is widely available and available by default in {op-syste
 ====
 To create snapshots of an online (Running state) VM with the highest integrity, install the QEMU guest agent.
 
-The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM’s file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
+The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
 ====
 
 .Procedure
 
-. Access the virtual machine command line through one of the consoles or by SSH.
+. Log in to the VM by using a console or SSH.
 
-. Install the QEMU guest agent on the virtual machine:
+. Install the QEMU guest agent by running the following command:
 +
 [source,terminal]
 ----
@@ -35,7 +35,7 @@ $ systemctl enable --now qemu-guest-agent
 ----
 
 .Verification
-. Run the following command to verify that `AgentConnected` is listed in the VM spec:
+* Run the following command to verify that `AgentConnected` is listed in the VM spec:
 
 +
 [source,terminal]
diff --git a/modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc b/modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc
index 8d60dba3a0bb..c6f0d92c3e8b 100644
--- a/modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc
+++ b/modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc
@@ -1,34 +1,32 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
-// * virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="installing-qemu-guest-agent-on-windows-vm_{context}"]
-= Installing QEMU guest agent on a Windows virtual machine
+= Installing the QEMU guest agent on a Windows VM
 
-For Windows virtual machines, the QEMU guest agent is included in the
-VirtIO drivers. Install the drivers on an existing or a new Windows installation.
+For Windows virtual machines (VMs), the QEMU guest agent is included in the VirtIO drivers. You can install the drivers during a Windows installation or on an existing Windows VM.
 
 [NOTE]
 ====
 To create snapshots of an online (Running state) VM with the highest integrity, install the QEMU guest agent.
 
-The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM’s file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
+The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
 ====
 
 .Procedure
 
-. In the Windows Guest Operating System (OS), use the *File Explorer* to navigate to the `guest-agent` directory in the `virtio-win` CD drive.
-
+. In the Windows guest operating system, use the *File Explorer* to navigate to the `guest-agent` directory in the `virtio-win` CD drive.
 . Run the `qemu-ga-x86_64.msi` installer.
 
-
 .Verification
-. Run the following command to verify that the output contains the `QEMU Guest Agent`:
-
+. Obtain a list of network services by running the following command:
 +
 [source,terminal]
 ----
 $ net start
-----
\ No newline at end of file
+----
+
+. Verify that the output contains the `QEMU Guest Agent`.
\ No newline at end of file
diff --git a/modules/virt-installing-virt-operator.adoc b/modules/virt-installing-virt-operator.adoc
index d3b38a378324..90b6d97f67bc 100644
--- a/modules/virt-installing-virt-operator.adoc
+++ b/modules/virt-installing-virt-operator.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/install/installing-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-installing-virt-operator_{context}"]
 = Installing the {VirtProductName} Operator by using the web console
 
@@ -17,9 +17,9 @@ You can deploy the {VirtProductName} Operator by using the {product-title} web c
 
 . From the *Administrator* perspective, click *Operators* -> *OperatorHub*.
 
-. In the *Filter by keyword* field, type *{VirtProductName}*.
+. In the *Filter by keyword* field, type *Virtualization*.
 
-. Select the *{VirtProductName}* tile.
+. Select the *{CNVOperatorDisplayName}* tile with the *Red Hat* source label.
 
 . Read the information about the Operator and click *Install*.
 
@@ -27,11 +27,11 @@ You can deploy the {VirtProductName} Operator by using the {product-title} web c
 
 .. Select *stable* from the list of available *Update Channel* options. This ensures that you install the version of {VirtProductName} that is compatible with your {product-title} version.
 
-.. For *Installed Namespace*, ensure that the *Operator recommended namespace* option is selected. This installs the Operator in the mandatory `openshift-cnv` namespace, which is automatically created if it does not exist.
+.. For *Installed Namespace*, ensure that the *Operator recommended namespace* option is selected. This installs the Operator in the mandatory `{CNVNamespace}` namespace, which is automatically created if it does not exist.
 +
 [WARNING]
 ====
-Attempting to install the {VirtProductName} Operator in a namespace other than `openshift-cnv` causes the installation to fail.
+Attempting to install the {VirtProductName} Operator in a namespace other than `{CNVNamespace}` causes the installation to fail.
 ====
 
 .. For *Approval Strategy*, it is highly recommended that you select *Automatic*, which is the default value, so that {VirtProductName} automatically updates when a new version is available in the *stable* update channel.
@@ -43,7 +43,7 @@ While it is possible to select the *Manual* approval strategy, this is inadvisab
 Because {VirtProductName} is only supported when used with the corresponding {product-title} version, missing {VirtProductName} updates can cause your cluster to become unsupported.
 ====
 
-. Click *Install* to make the Operator available to the `openshift-cnv` namespace.
+. Click *Install* to make the Operator available to the `{CNVNamespace}` namespace.
 
 . When the Operator installs successfully, click *Create HyperConverged*.
 
diff --git a/modules/virt-installing-virtctl-binary.adoc b/modules/virt-installing-virtctl-binary.adoc
new file mode 100644
index 000000000000..04a63f07571d
--- /dev/null
+++ b/modules/virt-installing-virtctl-binary.adoc
@@ -0,0 +1,76 @@
+// Module included in the following assemblies:
+//
+// * virt/getting_started/virt-using-the-cli-tools.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-installing-virtctl-binary_{context}"]
+= Installing the virtctl binary on {op-system-base} 9 or later, Linux, Windows, or macOS
+
+You can download the `virtctl` binary by using the {product-title} web console and then install it on {op-system-base-full} 9 or later, Linux, Windows, or macOS.
+
+.Procedure
+
+. Navigate to the *Virtualization -> Overview* page in the web console.
+. Click the *Download virtctl* link to download the `virtctl` binary for your operating system.
+
+. Install `virtctl`:
+
+* For {op-system-base} and other Linux operating systems:
+
+.. Decompress the archive file:
++
+[source,terminal]
+----
+$ tar -xvf <virtctl-version-distribution.arch>.tar.gz
+----
+
+.. Run the following command to make the `virtctl` binary executable:
++
+[source,terminal]
+----
+$ chmod +x <path/virtctl-file-name>
+----
+
+.. Move the `virtctl` binary to a directory in your `PATH` environment variable.
++
+You can check your path by running the following command:
++
+[source,terminal]
+----
+$ echo $PATH
+----
+
+.. Set the `KUBECONFIG` environment variable:
++
+[source,terminal]
+----
+$ export KUBECONFIG=/home/<user>/clusters/current/auth/kubeconfig
+----
+
+* For Windows:
++
+.. Decompress the archive file.
+
+.. Navigate the extracted folder hierarchy and double-click the `virtctl` executable file to install the client.
+
+.. Move the `virtctl` binary to a directory in your `PATH` environment variable.
++
+You can check your path by running the following command:
++
+[source,terminal]
+----
+C:\> path
+----
+
+* For macOS:
++
+.. Decompress the archive file.
+
+.. Move the `virtctl` binary to a directory in your `PATH` environment variable.
++
+You can check your path by running the following command:
++
+[source,terminal]
+----
+echo $PATH
+----
diff --git a/modules/virt-installing-virtctl-client-yum.adoc b/modules/virt-installing-virtctl-client-yum.adoc
deleted file mode 100644
index 34c52513c144..000000000000
--- a/modules/virt-installing-virtctl-client-yum.adoc
+++ /dev/null
@@ -1,38 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/getting_started/virt-using-the-cli-tools.adoc
-
-:_content-type: PROCEDURE
-[id="virt-installing-virtctl-client-yum_{context}"]
-= Installing virtctl on {op-system-base}
-
-You install the `virtctl` RPM on {op-system-base-full} by enabling the {VirtProductName} repository and installing the `kubevirt-virtctl` package.
-
-.Prerequisites
-
-* Each host in your cluster must be registered with Red Hat Subscription Manager (RHSM) and have an active {product-title} subscription.
-
-.Procedure
-
-* Enable the appropriate {VirtProductName} repository for your operating system by using the `subscription-manager` CLI tool:
-
-** {op-system-base} 9:
-+
-[source,terminal]
-----
-# subscription-manager repos --enable cnv-4.13-for-rhel-9-x86_64-rpms
-----
-
-** {op-system-base} 8:
-+
-[source,terminal]
-----
-# subscription-manager repos --enable cnv-4.13-for-rhel-8-x86_64-rpms
-----
-
-* Install the `kubevirt-virtctl` package:
-+
-[source,terminal]
-----
-# yum install kubevirt-virtctl
-----
diff --git a/modules/virt-installing-virtctl-client.adoc b/modules/virt-installing-virtctl-client.adoc
deleted file mode 100644
index 2ecd23b8181d..000000000000
--- a/modules/virt-installing-virtctl-client.adoc
+++ /dev/null
@@ -1,77 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/getting_started/virt-using-the-cli-tools.adoc
-
-:_content-type: PROCEDURE
-[id="virt-installing-virtctl-client_{context}"]
-= Installing virtctl on Linux, Windows, and macOS
-
-Download and install the `virtctl` binary for your operating system.
-
-.Procedure
-
-. Navigate to *Virtualization -> Overview* page in the {product-title} web console.
-
-. Click the *Download virtctl* link to download the `virtctl` binary for your operating system.
-
-. Install `virtctl`:
-
-* For Linux:
-
-.. Decompress the archive file:
-+
-[source,terminal]
-----
-$ tar -xvf <virtctl-version-distribution.arch>.tar.gz
-----
-
-.. Run the following command to make the `virtctl` binary executable:
-+
-[source,terminal]
-----
-$ chmod +x <path/virtctl-file-name>
-----
-
-.. Move the `virtctl` binary to a directory in your `PATH` environment variable.
-+
-You can check your path by running the following command:
-+
-[source,terminal]
-----
-$ echo $PATH
-----
-
-.. Set the `KUBECONFIG` environment variable:
-+
-[source,terminal]
-----
-$ export KUBECONFIG=/home/<user>/clusters/current/auth/kubeconfig
-----
-
-* For Windows:
-+
-.. Decompress the archive file.
-
-.. Navigate the extracted folder hierarchy and double-click the `virtctl` executable file to install the client.
-
-.. Move the `virtctl` binary to a directory in your `PATH` environment variable.
-+
-You can check your path by running the following command:
-+
-[source,terminal]
-----
-C:\> path
-----
-
-* For macOS:
-+
-.. Decompress the archive file.
-
-.. Move the `virtctl` binary to a directory in your `PATH` environment variable.
-+
-You can check your path by running the following command:
-+
-[source,terminal]
-----
-echo $PATH
-----
diff --git a/modules/virt-installing-virtctl-rhel8-rpm.adoc b/modules/virt-installing-virtctl-rhel8-rpm.adoc
new file mode 100644
index 000000000000..05cfb0f249b5
--- /dev/null
+++ b/modules/virt-installing-virtctl-rhel8-rpm.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * virt/getting_started/virt-using-the-cli-tools.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-installing-virtctl-rhel8-rpm_{context}"]
+= Installing the virtctl RPM package on {op-system-base} 8
+
+You can install the `virtctl` RPM package on {op-system-base-full} 8 by enabling the {VirtProductName} repository and then installing the `kubevirt-virtctl` RPM package.
+
+.Prerequisites
+
+* Each host in your cluster must be registered with Red Hat Subscription Manager (RHSM) and have an active {product-title} subscription.
+
+.Procedure
+
+. Enable the {VirtProductName} repository by using the `subscription-manager` CLI tool to run the following command:
++
+[source,terminal,subs="attributes+"]
+----
+# subscription-manager repos --enable cnv-{VirtVersion}-for-rhel-8-x86_64-rpms
+----
+
+. Install the `kubevirt-virtctl` RPM package by running the following command:
++
+[source,terminal]
+----
+# yum install kubevirt-virtctl
+----
diff --git a/modules/virt-installing-virtio-drivers-existing-windows.adoc b/modules/virt-installing-virtio-drivers-existing-windows.adoc
index 0203e5f3e8cd..86abb4f259cd 100644
--- a/modules/virt-installing-virtio-drivers-existing-windows.adoc
+++ b/modules/virt-installing-virtio-drivers-existing-windows.adoc
@@ -1,32 +1,33 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
-// * virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-installing-virtio-drivers-existing-windows_{context}"]
-= Installing VirtIO drivers on an existing Windows virtual machine
+= Installing VirtIO drivers from a SATA CD drive on an existing Windows VM
 
-Install the VirtIO drivers from the attached SATA CD drive to an
-existing Windows virtual machine.
+You can install the VirtIO drivers from a SATA CD drive on an existing Windows virtual machine (VM).
 
 [NOTE]
 ====
-This procedure uses a generic approach to adding drivers to Windows.
-The process might differ slightly between versions of Windows.
-See the installation documentation for your version of Windows
-for specific installation steps.
+This procedure uses a generic approach to adding drivers to Windows. See the installation documentation for your version of Windows for specific installation steps.
 ====
 
+.Prerequisites
+
+* A storage device containing the virtio drivers must be attached to the VM as a SATA CD drive.
+
 .Procedure
 
-. Start the virtual machine and connect to a graphical console.
+. Start the VM and connect to a graphical console.
 . Log in to a Windows user session.
 . Open *Device Manager* and expand *Other devices* to list any *Unknown device*.
-.. Open the `Device Properties` to identify the unknown device.
-Right-click the device and select *Properties*.
+.. Open the *Device Properties* to identify the unknown device.
+.. Right-click the device and select *Properties*.
 .. Click the *Details* tab and select *Hardware Ids* in the *Property* list.
 .. Compare the *Value* for the *Hardware Ids* with the supported VirtIO drivers.
+
 . Right-click the device and select *Update Driver Software*.
 . Click *Browse my computer for driver software* and browse to the attached
 SATA CD drive, where the VirtIO drivers are located. The drivers are arranged
@@ -35,4 +36,4 @@ and CPU architecture.
 . Click *Next* to install the driver.
 . Repeat this process for all the necessary VirtIO drivers.
 . After the driver installs, click *Close* to close the window.
-. Reboot the virtual machine to complete the driver installation.
+. Reboot the VM to complete the driver installation.
diff --git a/modules/virt-installing-virtio-drivers-installing-windows.adoc b/modules/virt-installing-virtio-drivers-installing-windows.adoc
index 037b4ed71493..06316744a514 100644
--- a/modules/virt-installing-virtio-drivers-installing-windows.adoc
+++ b/modules/virt-installing-virtio-drivers-installing-windows.adoc
@@ -1,20 +1,17 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
-// * virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
-// * virt/virtual_machines/virt-installing-virtio-drivers-on-new-windows-vm.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-installing-virtio-drivers-installing-windows_{context}"]
 = Installing VirtIO drivers during Windows installation
 
-Install the `virtio` drivers during or after Windows installation.
+You can install the VirtIO drivers while installing Windows on a virtual machine (VM).
 
 [NOTE]
 ====
-This procedure uses a generic approach to the Windows installation and the
-installation method might differ between versions of Windows. See the
-documentation for the version of Windows that you are installing.
+This procedure uses a generic approach to the Windows installation and the installation method might differ between versions of Windows. See the documentation for the version of Windows that you are installing.
 ====
 
 .Prerequisites
@@ -23,9 +20,11 @@ documentation for the version of Windows that you are installing.
 
 .Procedure
 
-. In the Windows Guest OS, use the `File Explorer` to navigate to the `virtio-win` CD drive.
-. Double-click to run the appropriate installer for your VM:
-.. For a 64-bit vCPU, use the `virtio-win-gt-x64` installer. 32-bit vCPUs are no longer supported.
+. In the Windows operating system, use the `File Explorer` to navigate to the `virtio-win` CD drive.
+. Double-click the drive to run the appropriate installer for your VM.
++
+For a 64-bit vCPU, select the `virtio-win-gt-x64` installer. 32-bit vCPUs are no longer supported.
+
 . Optional: During the *Custom Setup* step of the installer, select the device drivers you want to install. The recommended driver set is selected by default.
 . After the installation is complete, select *Finish*.
 . Reboot the VM.
@@ -33,6 +32,6 @@ documentation for the version of Windows that you are installing.
 .Verification
 
 . Open the system disk on the PC. This is typically `C:`.
-. Navigate to *Program Files*  -> *Virtio-Win*.
+. Navigate to *Program Files* -> *Virtio-Win*.
 
 If the *Virtio-Win* directory is present and contains a sub-directory for each driver, the installation was successful.
diff --git a/modules/virt-installing-watchdog-agent.adoc b/modules/virt-installing-watchdog-agent.adoc
index 8791326f702e..9a21f4111a1a 100644
--- a/modules/virt-installing-watchdog-agent.adoc
+++ b/modules/virt-installing-watchdog-agent.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-monitoring-vm-health.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-installing-watchdog-agent_{context}"]
 = Installing the watchdog agent on the guest
 
diff --git a/modules/virt-jumbo-frames-vm-pod-nw.adoc b/modules/virt-jumbo-frames-vm-pod-nw.adoc
index 53455247a52d..54f61a8ccba3 100644
--- a/modules/virt-jumbo-frames-vm-pod-nw.adoc
+++ b/modules/virt-jumbo-frames-vm-pod-nw.adoc
@@ -1,16 +1,16 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc              
+// * virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc
 
-:_content-type: CONCEPT                                            
-[id="virt-jumbo-frames-vm-pod-nw_{context}"]                                   
-= About jumbo frames support          
+:_mod-docs-content-type: CONCEPT
+[id="virt-jumbo-frames-vm-pod-nw_{context}"]
+= About jumbo frames support
 
 When using the OVN-Kubernetes CNI plugin, you can send unfragmented jumbo frame packets between two virtual machines (VMs) that are connected on the default pod network. Jumbo frames have a maximum transmission unit (MTU) value greater than 1500 bytes.
 
 The VM automatically gets the MTU value of the cluster network, set by the cluster administrator, in one of the following ways:
 
-* `libvirt`: If the guest OS has the latest version of the VirtIO driver that can interpret incoming data via a Peripheral Component Interconnect (PCI) config register in the emulated device. 
+* `libvirt`: If the guest OS has the latest version of the VirtIO driver that can interpret incoming data via a Peripheral Component Interconnect (PCI) config register in the emulated device.
 
 * DHCP: If the guest DHCP client can read the MTU value from the DHCP server response.
 
diff --git a/modules/virt-listing-vmis-cli.adoc b/modules/virt-listing-vmis-cli.adoc
index 2aa037976684..649607ae1a0c 100644
--- a/modules/virt-listing-vmis-cli.adoc
+++ b/modules/virt-listing-vmis-cli.adoc
@@ -4,7 +4,7 @@
 // * virt/virtual_machines/virt-manage-vmis.adoc
 // * virt/virtual_machines/virt-triggering-vm-failover-resolving-failed-node.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-listing-vmis-cli_{context}"]
 = Listing all virtual machine instances using the CLI
 
diff --git a/modules/virt-listing-vmis-web.adoc b/modules/virt-listing-vmis-web.adoc
index 2e1ac604c82a..cd56929be1bf 100644
--- a/modules/virt-listing-vmis-web.adoc
+++ b/modules/virt-listing-vmis-web.adoc
@@ -3,7 +3,7 @@
 //
 // * virt/virtual_machines/virt-manage-vmis-web.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-listing-vmis-web_{context}"]
 = Listing standalone virtual machine instances using the web console
 
@@ -17,5 +17,5 @@ VMIs that are owned by VMs or other objects are not displayed in the web console
 .Procedure
 
 * Click *Virtualization* -> *VirtualMachines* from the side menu.
-+  
++
 You can identify a standalone VMI by a dark colored badge next to its name.
diff --git a/modules/virt-live-migration-limits-reftable.adoc b/modules/virt-live-migration-limits-reftable.adoc
deleted file mode 100644
index 34f1c21eb309..000000000000
--- a/modules/virt-live-migration-limits-reftable.adoc
+++ /dev/null
@@ -1,42 +0,0 @@
-
-// Module included in the following assemblies:
-//
-// * virt/live_migration/virt-live-migration-limits.adoc
-
-[id="virt-live-migration-limits-ref_{context}"]
-= Cluster-wide live migration limits and timeouts
-
-[caption=]
-.Migration parameters
-[cols="2,3,1"]
-|===
-|Parameter |Description |Default
-
-|`parallelMigrationsPerCluster`
-|Number of migrations running in parallel in the cluster.
-|5
-
-|`parallelOutboundMigrationsPerNode`
-|Maximum number of outbound migrations per node.
-|2
-
-|`bandwidthPerMigration`
-|Bandwidth limit of each migration, in MiB/s.
-|0 ^[1]^
-
-|`completionTimeoutPerGiB`
-|The migration is canceled if it has not completed in this time, in seconds
-per GiB of memory. For example, a virtual machine instance with 6GiB memory times out if it has
-not completed migration in 4800 seconds. If the `Migration Method` is
-`BlockMigration`, the size of the migrating disks is included in the calculation.
-|800
-
-|`progressTimeout`
-|The migration is canceled if memory copy fails to make progress in this
-time, in seconds.
-|150
-|===
-[.small]
---
-1. The default value of `0` is unlimited.
---
\ No newline at end of file
diff --git a/modules/virt-live-migration-metrics.adoc b/modules/virt-live-migration-metrics.adoc
index 823c768e54e6..d877662b5fa5 100644
--- a/modules/virt-live-migration-metrics.adoc
+++ b/modules/virt-live-migration-metrics.adoc
@@ -2,25 +2,24 @@
 //
 // * virt/support/virt-prometheus-queries.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-live-migration-metrics_{context}"]
 = Live migration metrics
 
 The following metrics can be queried to show live migration status:
 
-`kubevirt_migrate_vmi_data_processed_bytes`:: The amount of guest operating system data that has migrated to the new virtual machine (VM). Type: Gauge.
+`kubevirt_vmi_migration_data_processed_bytes`:: The amount of guest operating system data that has migrated to the new virtual machine (VM). Type: Gauge.
 
-`kubevirt_migrate_vmi_data_remaining_bytes`:: The amount of guest operating system data that remains to be migrated. Type: Gauge.
+`kubevirt_vmi_migration_data_remaining_bytes`:: The amount of guest operating system data that remains to be migrated. Type: Gauge.
 
-`kubevirt_migrate_vmi_dirty_memory_rate_bytes`:: The rate at which memory is becoming dirty in the guest operating system. Dirty memory is data that has been changed but not yet written to disk. Type: Gauge.
+`kubevirt_vmi_migration_memory_transfer_rate_bytes`:: The rate at which memory is becoming dirty in the guest operating system. Dirty memory is data that has been changed but not yet written to disk. Type: Gauge.
 
-`kubevirt_migrate_vmi_pending_count`:: The number of pending migrations. Type: Gauge.
+`kubevirt_vmi_migrations_in_pending_phase`:: The number of pending migrations. Type: Gauge.
 
-`kubevirt_migrate_vmi_scheduling_count`:: The number of scheduling migrations. Type: Gauge.
+`kubevirt_vmi_migrations_in_scheduling_phase`:: The number of scheduling migrations. Type: Gauge.
 
-`kubevirt_migrate_vmi_running_count`:: The number of running migrations. Type: Gauge.
+`kubevirt_vmi_migrations_in_running_phase`:: The number of running migrations. Type: Gauge.
 
-`kubevirt_migrate_vmi_succeeded`:: The number of successfully completed migrations. Type: Gauge.
-
-`kubevirt_migrate_vmi_failed`:: The number of failed migrations. Type: Gauge.
+`kubevirt_vmi_migration_succeeded`:: The number of successfully completed migrations. Type: Gauge.
 
+`kubevirt_vmi_migration_failed`:: The number of failed migrations. Type: Gauge.
diff --git a/modules/virt-loki-log-queries.adoc b/modules/virt-loki-log-queries.adoc
index 14fe4782f273..1b6a008e62ec 100644
--- a/modules/virt-loki-log-queries.adoc
+++ b/modules/virt-loki-log-queries.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: reference
+:_mod-docs-content-type: reference
 [id="virt-loki-log-queries_{context}"]
 = {VirtProductName} LogQL queries
 
diff --git a/modules/virt-maintaining-bare-metal-nodes.adoc b/modules/virt-maintaining-bare-metal-nodes.adoc
index 335660b46d1d..fe3eded38938 100644
--- a/modules/virt-maintaining-bare-metal-nodes.adoc
+++ b/modules/virt-maintaining-bare-metal-nodes.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// virt/node_maintenance/virt-about-node-maintenance.adoc
+// virt/nodes/virt-node-maintenance.adoc
 
 [id="virt-maintaining-bare-metal-nodes_{context}"]
 = Maintaining bare metal nodes
diff --git a/modules/virt-managing-auto-update-all-system-boot-sources.adoc b/modules/virt-managing-auto-update-all-system-boot-sources.adoc
index b0342ac93680..5125708b2737 100644
--- a/modules/virt-managing-auto-update-all-system-boot-sources.adoc
+++ b/modules/virt-managing-auto-update-all-system-boot-sources.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assembly:
 //
-// * virt/vm_templates/virt-automatic-bootsource-updates.adoc
+// * virt/storage/virt-automatic-bootsource-updates.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-managing-auto-update-all-system-boot-sources_{context}"]
 = Managing automatic updates for all system-defined boot sources
 
@@ -22,9 +22,9 @@ Custom boot sources are not affected by this setting.
 
 ** To disable automatic boot source updates, set the `spec.featureGates.enableCommonBootImageImport` field in the `HyperConverged` CR to `false`. For example:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc patch hco kubevirt-hyperconverged -n openshift-cnv \
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
   --type json -p '[{"op": "replace", "path": \
   "/spec/featureGates/enableCommonBootImageImport", \
   "value": false}]'
@@ -32,9 +32,9 @@ $ oc patch hco kubevirt-hyperconverged -n openshift-cnv \
 
 ** To re-enable automatic boot source updates, set the `spec.featureGates.enableCommonBootImageImport` field in the `HyperConverged` CR to `true`. For example:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc patch hco kubevirt-hyperconverged -n openshift-cnv \
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
   --type json -p '[{"op": "replace", "path": \
   "/spec/featureGates/enableCommonBootImageImport", \
   "value": true}]'
diff --git a/modules/virt-managing-kubemacpool-cli.adoc b/modules/virt-managing-kubemacpool-cli.adoc
new file mode 100644
index 000000000000..1de00c3c155a
--- /dev/null
+++ b/modules/virt-managing-kubemacpool-cli.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-using-mac-address-pool-for-vms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-managing-kubemacpool-cli_{context}"]
+= Managing KubeMacPool by using the command line
+
+You can disable and re-enable KubeMacPool by using the command line.
+
+KubeMacPool is enabled by default.
+
+.Procedure
+
+* To disable KubeMacPool in two namespaces, run the following command:
++
+[source,terminal]
+----
+$ oc label namespace <namespace1> <namespace2> mutatevirtualmachines.kubemacpool.io=ignore
+----
+
+* To re-enable KubeMacPool in two namespaces, run the following command:
++
+[source,terminal]
+----
+$ oc label namespace <namespace1> <namespace2> mutatevirtualmachines.kubemacpool.io-
+----
diff --git a/modules/virt-measuring-latency-vm-secondary-network.adoc b/modules/virt-measuring-latency-vm-secondary-network.adoc
index 68e7b7ce3468..2b2a55a61400 100644
--- a/modules/virt-measuring-latency-vm-secondary-network.adoc
+++ b/modules/virt-measuring-latency-vm-secondary-network.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/support/virt-running-cluster-checkups.adoc
+// * virt/monitoring/virt-running-cluster-checkups.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-measuring-latency-vm-secondary-network_{context}"]
-= Virtual machine latency checkup
+= Running a latency checkup
 
 You use a predefined checkup to verify network connectivity and measure latency between two virtual machines (VMs) that are attached to a secondary network interface. The latency checkup uses the ping utility.
 
@@ -21,7 +21,6 @@ You run a latency checkup by performing the following steps:
 
 * You installed the OpenShift CLI (`oc`).
 * The cluster has at least two worker nodes.
-* The Multus Container Network Interface (CNI) plugin is installed on the cluster.
 * You configured a network attachment definition for a namespace.
 
 .Procedure
@@ -106,6 +105,8 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: kubevirt-vm-latency-checkup-config
+  labels:
+    kiagnose/checkup-type: kubevirt-vm-latency
 data:
   spec.timeout: 5m
   spec.param.networkAttachmentDefinitionNamespace: <target_namespace>
@@ -131,12 +132,14 @@ $ oc apply -n <target_namespace> -f <latency_config_map>.yaml
 . Create a `Job` manifest to run the checkup:
 +
 .Example job manifest
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: kubevirt-vm-latency-checkup
+  labels:
+    kiagnose/checkup-type: kubevirt-vm-latency
 spec:
   backoffLimit: 0
   template:
@@ -145,7 +148,7 @@ spec:
       restartPolicy: Never
       containers:
         - name: vm-latency-checkup
-          image: registry.redhat.io/container-native-virtualization/vm-network-latency-checkup-rhel9:v4.13.0
+          image: registry.redhat.io/container-native-virtualization/vm-network-latency-checkup-rhel9:v{product-version}.0
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -193,6 +196,8 @@ kind: ConfigMap
 metadata:
   name: kubevirt-vm-latency-checkup-config
   namespace: <target_namespace>
+  labels:
+    kiagnose/checkup-type: kubevirt-vm-latency
 data:
   spec.timeout: 5m
   spec.param.networkAttachmentDefinitionNamespace: <target_namespace>
diff --git a/modules/virt-monitor-node-network-config-console.adoc b/modules/virt-monitor-node-network-config-console.adoc
new file mode 100644
index 000000000000..98c3f89077d3
--- /dev/null
+++ b/modules/virt-monitor-node-network-config-console.adoc
@@ -0,0 +1,13 @@
+:_mod-docs-content-type: REFERENCE
+[id="virt-monitor-node-network-config-console_{context}"]
+= Monitoring the policy status
+
+You can monitor the policy status from the *NodeNetworkConfigurationPolicy* page. This page displays all the policies created in the cluster in a tabular format, with the following columns:
+
+Name:: The name of the policy created.
+
+Matched nodes:: The count of nodes where the policies are applied. This could be either a subset of nodes based on the node selector or all the nodes on the cluster.
+
+Node network state:: The enactment state of the matched nodes. You can click on the enactment state and view detailed information on the status.
+
+To find the desired policy, you can filter the list either based on enactment state by using the *Filter* option, or by using the search option.
\ No newline at end of file
diff --git a/modules/virt-monitoring-upgrade-status.adoc b/modules/virt-monitoring-upgrade-status.adoc
index 5d533325f2cd..d31f6050144e 100644
--- a/modules/virt-monitoring-upgrade-status.adoc
+++ b/modules/virt-monitoring-upgrade-status.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-monitoring-upgrade-status_{context}"]
 = Monitoring {VirtProductName} upgrade status
 
@@ -23,9 +23,9 @@ available information.
 
 . Run the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get csv -n openshift-cnv
+$ oc get csv -n {CNVNamespace}
 ----
 
 . Review the output, checking the `PHASE` field. For example:
@@ -41,10 +41,10 @@ VERSION  REPLACES                                        PHASE
 . Optional: Monitor the aggregated status of all {VirtProductName} component
 conditions by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get hco -n openshift-cnv kubevirt-hyperconverged \
--o=jsonpath='{range .status.conditions[*]}{.type}{"\t"}{.status}{"\t"}{.message}{"\n"}{end}'
+$ oc get hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
+  -o=jsonpath='{range .status.conditions[*]}{.type}{"\t"}{.status}{"\t"}{.message}{"\n"}{end}'
 ----
 +
 A successful upgrade results in the following output:
diff --git a/modules/virt-monitoring-vm-migration-cli.adoc b/modules/virt-monitoring-vm-migration-cli.adoc
deleted file mode 100644
index 4da03c73d4c2..000000000000
--- a/modules/virt-monitoring-vm-migration-cli.adoc
+++ /dev/null
@@ -1,40 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/support/virt-monitor-vmi-migration.adoc
-
-:_content-type: PROCEDURE
-[id="virt-monitoring-vm-migration-cli_{context}"]
-= Monitoring live migration of a virtual machine instance in the CLI
-
-The status of the virtual machine migration is stored in the `Status` component of the `VirtualMachineInstance` configuration.
-
-.Procedure
-
-* Use the `oc describe` command on the migrating virtual machine instance:
-+
-[source,terminal]
-----
-$ oc describe vmi vmi-fedora
-----
-+
-.Example output
-[source,yaml]
-----
-# ...
-Status:
-  Conditions:
-    Last Probe Time:       <nil>
-    Last Transition Time:  <nil>
-    Status:                True
-    Type:                  LiveMigratable
-  Migration Method:  LiveMigration
-  Migration State:
-    Completed:                    true
-    End Timestamp:                2018-12-24T06:19:42Z
-    Migration UID:                d78c8962-0743-11e9-a540-fa163e0c69f1
-    Source Node:                  node2.example.com
-    Start Timestamp:              2018-12-24T06:19:35Z
-    Target Node:                  node1.example.com
-    Target Node Address:          10.9.0.18:43891
-    Target Node Domain Detected:  true
-----
diff --git a/modules/virt-must-gather-options.adoc b/modules/virt-must-gather-options.adoc
index 11ee4283d64b..68ed1df1daa4 100644
--- a/modules/virt-must-gather-options.adoc
+++ b/modules/virt-must-gather-options.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-collecting-virt-data.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-must-gather-options_{context}"]
 = must-gather tool options
 
@@ -10,7 +10,7 @@ You can specify a combination of scripts and environment variables for the follo
 
 * Collecting detailed virtual machine (VM) information from a namespace
 * Collecting detailed information about specified VMs
-* Collecting image and image stream information
+* Collecting image, image-stream, and image-stream-tags information
 * Limiting the maximum number of parallel processes used by the `must-gather` tool
 
 [id="parameters"]
@@ -25,46 +25,55 @@ You can specify environment variables for a compatible script.
 `VM=<vm_name>`:: Collect details about a particular virtual machine. To use this option, you must also specify a namespace by using the `NS` environment variable.
 
 `PROS=<number_of_processes>`:: Modify the maximum number of parallel processes that the `must-gather` tool uses. The default value is `5`.
+
 +
 [IMPORTANT]
 ====
 Using too many parallel processes can cause performance issues. Increasing the maximum number of parallel processes is not recommended.
 ====
 
+
 .Scripts
 
-Each script is only compatible with certain environment variable combinations.
+Each script is compatible only with certain environment variable combinations.
+
+`/usr/bin/gather`:: Use the default `must-gather` script, which collects cluster data from all namespaces and includes only basic VM information. This script is compatible only with the `PROS` variable.
 
-`gather_vms_details`:: Collect VM log files, VM definitions, and namespaces (and their child objects) that belong to {VirtProductName} resources. If you use this parameter without specifying a namespace or VM, the `must-gather` tool collects this data for all VMs in the cluster. This script is compatible with all environment variables, but you must specify a namespace if you use the `VM` variable.
+`/usr/bin/gather --vms_details`:: Collect VM log files, VM definitions, control-plane logs, and namespaces that belong to {VirtProductName} resources. Specifying namespaces includes their child objects. If you use this parameter without specifying a namespace or VM, the `must-gather` tool collects this data for all VMs in the cluster. This script is compatible with all environment variables, but you must specify a namespace if you use the `VM` variable.
 
-`gather`:: Use the default `must-gather` script, which collects cluster data from all namespaces and includes only basic VM information. This script is only compatible with the `PROS` variable.
+`/usr/bin/gather --images`:: Collect image, image-stream, and image-stream-tags custom resource information. This script is compatible only with the `PROS` variable.
 
-`gather_images`:: Collect image and image stream custom resource information. This script is only compatible with the `PROS` variable.
+`/usr/bin/gather --instancetypes`:: Collect instance types information. This information is not currently collected by default; you can, however, optionally collect it.
 
 [id="usage-and-examples_{context}"]
 == Usage and examples
 
 Environment variables are optional. You can run a script by itself or with one or more compatible environment variables.
 
-[cols="1a,1a", options="header"]
+
 .Compatible parameters
+[options="header"]
 |===
 |Script |Compatible environment variable
-|`gather_vms_details`
+|`/usr/bin/gather`
+|* `PROS=<number_of_processes>`
+|`/usr/bin/gather --vms_details`
 |* For a namespace: `NS=<namespace_name>`
 
 * For a VM: `VM=<vm_name> NS=<namespace_name>`
 
 * `PROS=<number_of_processes>`
 
-|`gather`   |* `PROS=<number_of_processes>`
-|`gather_images`   |* `PROS=<number_of_processes>`
+|`/usr/bin/gather --images`
+|* `PROS=<number_of_processes>`
 |===
 
-To customize the data that `must-gather` collects, you append a double dash (`--`) to the command, followed by a space and one or more compatible parameters.
+
 
 .Syntax
 
+
+
 [source,terminal,subs="attributes+"]
 ----
 $ oc adm must-gather \
@@ -72,6 +81,19 @@ $ oc adm must-gather \
   -- <environment_variable_1> <environment_variable_2> <script_name>
 ----
 
+.Default data collection parallel processes
+
+By default, five processes run in parallel.
+
+[source,terminal,subs="attributes+"]
+----
+$ oc adm must-gather \
+  --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion} \
+  -- PROS=5 /usr/bin/gather <1>
+----
+<1> You can modify the number of parallel processes by changing the default.
+
+
 .Detailed VM information
 
 The following command collects detailed VM information for the `my-vm` VM in the `mynamespace` namespace:
@@ -80,28 +102,29 @@ The following command collects detailed VM information for the `my-vm` VM in the
 ----
 $ oc adm must-gather \
   --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion} \
-  -- NS=mynamespace VM=my-vm gather_vms_details <1>
+  -- NS=mynamespace VM=my-vm /usr/bin/gather --vms_details <1>
 ----
 <1> The `NS` environment variable is mandatory if you use the `VM` environment variable.
 
-.Default data collection limited to three parallel processes
 
-The following command collects default `must-gather` information by using a maximum of three parallel processes:
+.Image, image-stream, and image-stream-tags information
+
+The following command collects image, image-stream, and image-stream-tags information from the cluster:
 
 [source,terminal,subs="attributes+"]
 ----
 $ oc adm must-gather \
   --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion} \
-  -- PROS=3 gather
+  /usr/bin/gather --images
 ----
 
-.Image and image stream information
+.Instance types information
 
-The following command collects image and image stream information from the cluster:
+The following command collects instance types information from the cluster:
 
 [source,terminal,subs="attributes+"]
 ----
 $ oc adm must-gather \
   --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion} \
-  -- gather_images
-----
+  /usr/bin/gather --instancetypes
+----
\ No newline at end of file
diff --git a/modules/virt-networking-glossary.adoc b/modules/virt-networking-glossary.adoc
index df8ae573b494..c415597a00b4 100644
--- a/modules/virt-networking-glossary.adoc
+++ b/modules/virt-networking-glossary.adoc
@@ -1,28 +1,24 @@
 // Module included in the following assemblies:
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pxe-booting.adoc
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
 
+:_mod-docs-content-type: REFERENCE
 [id="virt-networking-glossary_{context}"]
 = {VirtProductName} networking glossary
 
-{VirtProductName} provides advanced networking functionality by using custom resources and plugins.
-
 The following terms are used throughout {VirtProductName} documentation:
 
-Container Network Interface (CNI):: a link:https://www.cncf.io/[Cloud Native Computing Foundation]
+Container Network Interface (CNI):: A link:https://www.cncf.io/[Cloud Native Computing Foundation]
 project, focused on container network connectivity.
 {VirtProductName} uses CNI plugins to build upon the basic Kubernetes networking functionality.
 
-Multus:: a "meta" CNI plugin that allows multiple CNIs to exist so that a pod or virtual machine can use the interfaces it needs.
+Multus:: A "meta" CNI plugin that allows multiple CNIs to exist so that a pod or virtual machine can use the interfaces it needs.
 
-Custom resource definition (CRD):: a link:https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/[Kubernetes]
+Custom resource definition (CRD):: A link:https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/[Kubernetes]
 API resource that allows you to define custom resources, or an object defined by using the CRD API resource.
 
-Network attachment definition (NAD):: a CRD introduced by the Multus project that allows you to attach pods, virtual machines, and virtual machine instances to one or more networks.
+Network attachment definition (NAD):: A CRD introduced by the Multus project that allows you to attach pods, virtual machines, and virtual machine instances to one or more networks.
 
-Node network configuration policy (NNCP):: a description of the requested network configuration on nodes.
+Node network configuration policy (NNCP):: A CRD introduced by the nmstate project, describing the requested network configuration on nodes.
 You update the node network configuration, including adding and removing interfaces, by applying a `NodeNetworkConfigurationPolicy` manifest to the cluster.
-
-Preboot eXecution Environment (PXE):: an interface that enables an administrator to boot a client machine from a server over the network.
-Network booting allows you to remotely load operating systems and other software onto the client.
diff --git a/modules/virt-networking-wizard-fields-web.adoc b/modules/virt-networking-wizard-fields-web.adoc
index 06cce2dbf7d9..58f85717bd21 100644
--- a/modules/virt-networking-wizard-fields-web.adoc
+++ b/modules/virt-networking-wizard-fields-web.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
-// * virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
-// * virt/vm_templates/virt-creating-vm-template.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
 
+
+:_mod-docs-content-type: REFERENCE
 [id="virt-networking-wizard-fields-web_{context}"]
 = Networking fields
 
diff --git a/modules/virt-node-network-config-console.adoc b/modules/virt-node-network-config-console.adoc
new file mode 100644
index 000000000000..a36f599fedfc
--- /dev/null
+++ b/modules/virt-node-network-config-console.adoc
@@ -0,0 +1,5 @@
+:_mod-docs-content-type: CONCEPT
+[id="virt-node-network-config-console_{context}"]
+= Managing policy from the web console
+You can update the node network configuration, such as adding or removing interfaces from nodes, by applying `NodeNetworkConfigurationPolicy` manifests to the cluster.
+Manage the policy from the web console by accessing the list of created policies in the *NodeNetworkConfigurationPolicy* page under the *Networking* menu. This page enables you to create, update, monitor, and delete the policies.
\ No newline at end of file
diff --git a/modules/virt-node-placement-rule-examples.adoc b/modules/virt-node-placement-rule-examples.adoc
new file mode 100644
index 000000000000..3702d3ef185f
--- /dev/null
+++ b/modules/virt-node-placement-rule-examples.adoc
@@ -0,0 +1,182 @@
+// Module included in the following assemblies:
+//
+// * virt/post_installation_configuration/virt-node-placement-virt-components.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-node-placement-rule-examples_{context}"]
+= Node placement rule examples
+
+You can specify node placement rules for a {VirtProductName} component by editing a `Subscription`, `HyperConverged`, or `HostPathProvisioner` object.
+
+[id="subscription-object-node-placement-rules_{context}"]
+== Subscription object node placement rule examples
+
+To specify the nodes where OLM deploys the {VirtProductName} Operators, edit the `Subscription` object during {VirtProductName} installation.
+
+Currently, you cannot configure node placement rules for the `Subscription` object by using the web console.
+
+The `Subscription` object does not support the `affinity` node pplacement rule.
+
+.Example `Subscription` object with `nodeSelector` rule
+[source,yaml,subs="attributes+"]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: hco-operatorhub
+  namespace: {CNVNamespace}
+spec:
+  source: {CNVSubscriptionSpecSource}
+  sourceNamespace: openshift-marketplace
+  name: {CNVSubscriptionSpecName}
+  startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
+  channel: "stable"
+  config:
+    nodeSelector:
+      example.io/example-infra-key: example-infra-value <1>
+----
+<1> OLM deploys the {VirtProductName} Operators on nodes labeled `example.io/example-infra-key = example-infra-value`.
+
+.Example `Subscription` object with `tolerations` rule
+[source,yaml,subs="attributes+"]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: hco-operatorhub
+  namespace: {CNVNamespace}
+spec:
+  source:  {CNVSubscriptionSpecSource}
+  sourceNamespace: openshift-marketplace
+  name: {CNVSubscriptionSpecName}
+  startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
+  channel: "stable"
+  config:
+    tolerations:
+    - key: "key"
+      operator: "Equal"
+      value: "virtualization" <1>
+      effect: "NoSchedule"
+----
+<1> OLM deploys {VirtProductName} Operators on nodes labeled `key = virtualization:NoSchedule` taint. Only pods with the matching tolerations are scheduled on these nodes.
+
+[id="hyperconverged-object-node-placement-rules_{context}"]
+== HyperConverged object node placement rule example
+
+To specify the nodes where {VirtProductName} deploys its components, you can edit the `nodePlacement` object in the HyperConverged custom resource (CR) file that you create during {VirtProductName} installation.
+
+.Example `HyperConverged` object with `nodeSelector` rule
+[source,yaml,subs="attributes+"]
+----
+apiVersion: hco.kubevirt.io/v1beta1
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+  namespace: {CNVNamespace}
+spec:
+  infra:
+    nodePlacement:
+      nodeSelector:
+        example.io/example-infra-key: example-infra-value <1>
+  workloads:
+    nodePlacement:
+      nodeSelector:
+        example.io/example-workloads-key: example-workloads-value <2>
+----
+<1> Infrastructure resources are placed on nodes labeled `example.io/example-infra-key = example-infra-value`.
+<2> workloads are placed on nodes labeled `example.io/example-workloads-key = example-workloads-value`.
+
+.Example `HyperConverged` object with `affinity` rule
+[source,yaml,subs="attributes+"]
+----
+apiVersion: hco.kubevirt.io/v1beta1
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+  namespace: {CNVNamespace}
+spec:
+  infra:
+    nodePlacement:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: example.io/example-infra-key
+                operator: In
+                values:
+                - example-infra-value <1>
+  workloads:
+    nodePlacement:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: example.io/example-workloads-key <2>
+                operator: In
+                values:
+                - example-workloads-value
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: example.io/num-cpus
+                operator: Gt
+                values:
+                - 8 <3>
+----
+<1> Infrastructure resources are placed on nodes labeled `example.io/example-infra-key = example-value`.
+<2> workloads are placed on nodes labeled `example.io/example-workloads-key = example-workloads-value`.
+<3> Nodes that have more than eight CPUs are preferred for workloads, but if they are not available, pods are still scheduled.
+
+.Example `HyperConverged` object with `tolerations` rule
+[source,yaml,subs="attributes+"]
+----
+apiVersion: hco.kubevirt.io/v1beta1
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+  namespace: {CNVNamespace}
+spec:
+  workloads:
+    nodePlacement:
+      tolerations: <1>
+      - key: "key"
+        operator: "Equal"
+        value: "virtualization"
+        effect: "NoSchedule"
+----
+<1> Nodes reserved for {VirtProductName} components are labeled with the `key = virtualization:NoSchedule` taint. Only pods with matching tolerations are scheduled on reserved nodes.
+
+[id="hostpathprovisioner-object-node-placement-rules_{context}"]
+== HostPathProvisioner object node placement rule example
+
+You can edit the `HostPathProvisioner` object directly or by using the web console.
+
+[WARNING]
+====
+You must schedule the hostpath provisioner and the {VirtProductName} components on the same nodes. Otherwise, virtualization pods that use the hostpath provisioner cannot run. You cannot run virtual machines.
+====
+
+After you deploy a virtual machine (VM) with the hostpath provisioner (HPP) storage class, you can remove the hostpath provisioner pod from the same node by using the node selector. However, you must first revert that change, at least for that specific node, and wait for the pod to run before trying to delete the VM.
+
+You can configure node placement rules by specifying `nodeSelector`, `affinity`, or `tolerations` for the `spec.workload` field of the `HostPathProvisioner` object that you create when you install the hostpath provisioner.
+
+.Example `HostPathProvisioner` object with `nodeSelector` rule
+[source,yaml]
+----
+apiVersion: hostpathprovisioner.kubevirt.io/v1beta1
+kind: HostPathProvisioner
+metadata:
+  name: hostpath-provisioner
+spec:
+  imagePullPolicy: IfNotPresent
+  pathConfig:
+    path: "</path/to/backing/directory>"
+    useNamingPrefix: false
+  workload:
+    nodeSelector:
+      example.io/example-workloads-key: example-workloads-value <1>
+----
+<1> Workloads are placed on nodes labeled `example.io/example-workloads-key = example-workloads-value`.
diff --git a/modules/virt-operations-requiring-scratch-space.adoc b/modules/virt-operations-requiring-scratch-space.adoc
index c5354e788ebb..2ec5f4e7b7f0 100644
--- a/modules/virt-operations-requiring-scratch-space.adoc
+++ b/modules/virt-operations-requiring-scratch-space.adoc
@@ -1,26 +1,26 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
+// * virt/storage/virt-preparing-cdi-scratch-space.adoc
 
 [id="virt-operations-requiring-scratch-space_{context}"]
-= CDI operations that require scratch space 
+= CDI operations that require scratch space
 
 [options="header"]
 |===
 | Type | Reason
 
-| Registry imports 
+| Registry imports
 | CDI must download the image to a scratch space and extract the layers to find the image file. The image file is then passed to QEMU-IMG for conversion to a raw disk.
 
-| Upload image 
-| QEMU-IMG does not accept input from STDIN. Instead, the image to upload is saved in scratch space before it can be passed to QEMU-IMG for conversion. 
+| Upload image
+| QEMU-IMG does not accept input from STDIN. Instead, the image to upload is saved in scratch space before it can be passed to QEMU-IMG for conversion.
 
-| HTTP imports of archived images 
+| HTTP imports of archived images
 | QEMU-IMG does not know how to handle the archive formats CDI supports. Instead, the image is unarchived and saved into scratch space before it is passed to QEMU-IMG.
 
-| HTTP imports of authenticated images 
+| HTTP imports of authenticated images
 | QEMU-IMG inadequately handles authentication. Instead, the image is saved to scratch space and authenticated before it is passed to QEMU-IMG.
 
-| HTTP imports of custom certificates 
+| HTTP imports of custom certificates
 | QEMU-IMG inadequately handles custom certificates of HTTPS endpoints. Instead, CDI downloads the image to scratch space before passing the file to QEMU-IMG.
 |===
diff --git a/modules/virt-options-configuring-mdevs.adoc b/modules/virt-options-configuring-mdevs.adoc
new file mode 100644
index 000000000000..b419b79906f9
--- /dev/null
+++ b/modules/virt-options-configuring-mdevs.adoc
@@ -0,0 +1,83 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-options-configuring-mdevs_{context}"]
+= Options for configuring mediated devices
+
+There are two available methods for configuring mediated devices when using the NVIDIA GPU Operator. The method that Red Hat tests uses {VirtProductName} features to schedule mediated devices, while the NVIDIA method only uses the GPU Operator.
+
+Using the NVIDIA GPU Operator to configure mediated devices::
+This method exclusively uses the NVIDIA GPU Operator to configure mediated devices. To use this method, refer to link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/openshift-virtualization.html[NVIDIA GPU Operator with {VirtProductName}] in the NVIDIA documentation.
+
+Using {VirtProductName} to configure mediated devices::
+This method, which is tested by Red Hat, uses {VirtProductName}'s capabilities to configure mediated devices. In this case, the NVIDIA GPU Operator is only used for installing drivers with the NVIDIA vGPU Manager. The GPU Operator does not configure mediated devices.
++
+When using the {VirtProductName} method, you still configure the GPU Operator by following link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/openshift-virtualization.html[the NVIDIA documentation]. However, this method differs from the NVIDIA documentation in the following ways:
+
+* You must not overwrite the default `disableMDEVConfiguration: false` setting in the `HyperConverged` custom resource (CR).
++
+[IMPORTANT]
+====
+Setting this feature gate as described in the link:https://docs.nvidia.com/datacenter/cloud-native/openshift/latest/openshift-virtualization.html#prerequisites[NVIDIA documentation] prevents {VirtProductName} from configuring mediated devices.
+====
+* You must configure your `ClusterPolicy` manifest so that it matches the following example:
++
+.Example manifest
+[source,yaml]
+----
+kind: ClusterPolicy
+apiVersion: nvidia.com/v1
+metadata:
+  name: gpu-cluster-policy
+spec:
+  operator:
+    defaultRuntime: crio
+    use_ocp_driver_toolkit: true
+    initContainer: {}
+  sandboxWorkloads:
+    enabled: true
+    defaultWorkload: vm-vgpu
+  driver:
+    enabled: false <1>
+  dcgmExporter: {}
+  dcgm:
+    enabled: true
+  daemonsets: {}
+  devicePlugin: {}
+  gfd: {}
+  migManager:
+    enabled: true
+  nodeStatusExporter:
+    enabled: true
+  mig:
+    strategy: single
+  toolkit:
+    enabled: true
+  validator:
+    plugin:
+      env:
+        - name: WITH_WORKLOAD
+          value: "true"
+  vgpuManager:
+    enabled: true <2>
+    repository: <vgpu_container_registry> <3>
+    image: <vgpu_image_name>
+    version: nvidia-vgpu-manager
+  vgpuDeviceManager:
+    enabled: false <4>
+    config:
+      name: vgpu-devices-config
+      default: default
+  sandboxDevicePlugin:
+    enabled: false <5>
+  vfioManager:
+    enabled: false <6>
+----
+<1> Set this value to `false`. Not required for VMs.
+<2> Set this value to `true`. Required for using vGPUs with VMs.
+<3> Substitute `<vgpu_container_registry>` with your registry value.
+<4> Set this value to `false` to allow {VirtProductName} to configure mediated devices instead of the NVIDIA GPU Operator.
+<5> Set this value to `false` to prevent discovery and advertising of the vGPU devices to the kubelet.
+<6> Set this value to `false` to prevent loading the `vfio-pci` driver. Instead, follow the {VirtProductName} documentation to configure PCI passthrough.
diff --git a/modules/virt-overriding-cpu-and-memory-defaults.adoc b/modules/virt-overriding-cpu-and-memory-defaults.adoc
index 378589145270..b8f69f98c73f 100644
--- a/modules/virt-overriding-cpu-and-memory-defaults.adoc
+++ b/modules/virt-overriding-cpu-and-memory-defaults.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-configuring-cdi-for-namespace-resourcequota.adoc
+// * virt/storage/virt-configuring-cdi-for-namespace-resourcequota.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-overriding-cpu-and-memory-defaults_{context}"]
 = Overriding CPU and memory defaults
 
@@ -16,9 +16,9 @@ Modify the default settings for CPU and memory requests and limits for your use
 
 . Edit the `HyperConverged` CR by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Add the `spec.resourceRequirements.storageWorkloads` stanza to the CR, setting the values based on your use case. For example:
diff --git a/modules/virt-overriding-default-fs-overhead-value.adoc b/modules/virt-overriding-default-fs-overhead-value.adoc
index fb50279a819b..b0931d353458 100644
--- a/modules/virt-overriding-default-fs-overhead-value.adoc
+++ b/modules/virt-overriding-default-fs-overhead-value.adoc
@@ -1,8 +1,8 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-reserving-pvc-space-fs-overhead.adoc
+// * virt/storage/virt-reserving-pvc-space-fs-overhead.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-overriding-default-fs-overhead-value_{context}"]
 = Overriding the default file system overhead value
 
@@ -16,9 +16,9 @@ Change the amount of persistent volume claim (PVC) space that the {VirtProductNa
 
 . Open the `HCO` object for editing by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hco -n openshift-cnv kubevirt-hyperconverged
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Edit the `spec.filesystemOverhead` fields, populating them with your chosen values:
diff --git a/modules/virt-planning-bare-metal-cluster-for-ocp-virt.adoc b/modules/virt-planning-bare-metal-cluster-for-ocp-virt.adoc
index 00a8bdff474d..18cdba55c010 100644
--- a/modules/virt-planning-bare-metal-cluster-for-ocp-virt.adoc
+++ b/modules/virt-planning-bare-metal-cluster-for-ocp-virt.adoc
@@ -3,7 +3,7 @@
 // * installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc
 // * installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-planning-bare-metal-cluster-for-ocp-virt_{context}"]
 = Planning a bare metal cluster for {VirtProductName}
 
diff --git a/modules/virt-preparing-container-disk-for-vms.adoc b/modules/virt-preparing-container-disk-for-vms.adoc
index 31cb518a528a..a26b617dca94 100644
--- a/modules/virt-preparing-container-disk-for-vms.adoc
+++ b/modules/virt-preparing-container-disk-for-vms.adoc
@@ -1,14 +1,14 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-preparing-container-disk-for-vms_{context}"]
-= Preparing a container disk for virtual machines
+= Building and uploading a container disk
 
-You must build a container disk with a virtual machine image and push it to a container registry before it can used with a virtual machine. You can then either import the container disk into a PVC using a data volume and attach it to a virtual machine, or you can attach the container disk directly to a virtual machine as an ephemeral `containerDisk` volume.
+You can build a virtual machine (VM) image into a container disk and upload it to a registry.
 
-The size of a disk image inside a container disk is limited by the maximum layer size of the registry where the container disk is hosted.
+The size of a container disk is limited by the maximum layer size of the registry where the container disk is hosted.
 
 [NOTE]
 ====
@@ -17,13 +17,12 @@ For link:https://access.redhat.com/documentation/en-us/red_hat_quay/[Red Hat Qua
 
 .Prerequisites
 
-* Install `podman` if it is not already installed.
-
-* The virtual machine image must be either QCOW2 or RAW format.
+* You must have `podman` installed.
+* You must have a QCOW2 or RAW image file.
 
 .Procedure
 
-. Create a Dockerfile to build the virtual machine image into a container image. The virtual machine image must be owned by QEMU, which has a UID of `107`, and placed in the `/disk/` directory inside the container. Permissions for the `/disk/` directory must then be set to `0440`.
+. Create a Dockerfile to build the VM image into a container image. The VM image must be owned by QEMU, which has a UID of `107`, and placed in the `/disk/` directory inside the container. Permissions for the `/disk/` directory must then be set to `0440`.
 +
 The following example uses the Red Hat Universal Base Image (UBI) to handle these configuration changes in the first stage, and uses the minimal `scratch` image in the second stage to store the result:
 +
@@ -31,15 +30,14 @@ The following example uses the Red Hat Universal Base Image (UBI) to handle thes
 ----
 $ cat > Dockerfile << EOF
 FROM registry.access.redhat.com/ubi8/ubi:latest AS builder
-ADD --chown=107:107 <vm_image>.qcow2 /disk/ <1>
+ADD --chown=107:107 <vm_image>.qcow2 /disk/ \// <1>
 RUN chmod 0440 /disk/*
 
 FROM scratch
 COPY --from=builder /disk/* /disk/
 EOF
 ----
-<1> Where <vm_image> is the virtual machine image in either QCOW2 or RAW format. +
-To use a remote virtual machine image, replace `<vm_image>.qcow2` with the complete url for the remote image.
+<1> Where `<vm_image>` is the image in either QCOW2 or RAW format. If you use a remote image, replace `<vm_image>.qcow2` with the complete URL.
 
 . Build and tag the container:
 +
diff --git a/modules/virt-preparing-hosts-for-mediated-devices.adoc b/modules/virt-preparing-hosts-for-mediated-devices.adoc
deleted file mode 100644
index e5c3eb5f275f..000000000000
--- a/modules/virt-preparing-hosts-for-mediated-devices.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: CONCEPT
-
-[id="virt-preparing-host-for-mdevs_{context}"]
-= Preparing hosts for mediated devices
-
-You must enable the Input-Output Memory Management Unit (IOMMU) driver before you can configure mediated devices.
\ No newline at end of file
diff --git a/modules/virt-prerequisites-mediated-devices.adoc b/modules/virt-prerequisites-mediated-devices.adoc
deleted file mode 100644
index 634c861a64bf..000000000000
--- a/modules/virt-prerequisites-mediated-devices.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: CONCEPT
-[id="prerequisites_{context}"]
-= Prerequisites
-
-* If your hardware vendor provides drivers, you installed them on the nodes where you want to create mediated devices.
-** If you use NVIDIA cards, you link:https://access.redhat.com/solutions/6738411[installed the NVIDIA GRID driver].
diff --git a/modules/virt-preventing-nvidia-gpu-operands-from-deploying-on-nodes.adoc b/modules/virt-preventing-nvidia-gpu-operands-from-deploying-on-nodes.adoc
new file mode 100644
index 000000000000..9b99c14d5535
--- /dev/null
+++ b/modules/virt-preventing-nvidia-gpu-operands-from-deploying-on-nodes.adoc
@@ -0,0 +1,75 @@
+// Module included in the following assembly:
+//
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
+//
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-preventing-nvidia-operands-from-deploying-on-nodes_{context}"]
+= Preventing NVIDIA GPU operands from deploying on nodes
+
+If you use the link:https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/openshift/contents.html[NVIDIA GPU Operator] in your cluster, you can apply the `nvidia.com/gpu.deploy.operands=false` label to nodes that you do not want to configure for GPU or vGPU operands. This label prevents the creation of the pods that configure GPU or vGPU operands and terminates the pods if they already exist.
+
+.Prerequisites
+
+* The OpenShift CLI (`oc`) is installed.
+
+.Procedure
+
+* Label the node by running the following command:
++
+[source,terminal]
+----
+$ oc label node <node_name> nvidia.com/gpu.deploy.operands=false <1>
+----
+<1> Replace `<node_name>` with the name of a node where you do not want to install the NVIDIA GPU operands.
+
+.Verification
+
+. Verify that the label was added to the node by running the following command:
++
+[source,terminal]
+----
+$ oc describe node <node_name>
+----
+
+. Optional: If GPU operands were previously deployed on the node, verify their removal.
+
+.. Check the status of the pods in the `nvidia-gpu-operator` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n nvidia-gpu-operator
+----
++
+.Example output
+
+[source,terminal]
+----
+NAME                             READY   STATUS        RESTARTS   AGE
+gpu-operator-59469b8c5c-hw9wj    1/1     Running       0          8d
+nvidia-sandbox-validator-7hx98   1/1     Running       0          8d
+nvidia-sandbox-validator-hdb7p   1/1     Running       0          8d
+nvidia-sandbox-validator-kxwj7   1/1     Terminating   0          9d
+nvidia-vfio-manager-7w9fs        1/1     Running       0          8d
+nvidia-vfio-manager-866pz        1/1     Running       0          8d
+nvidia-vfio-manager-zqtck        1/1     Terminating   0          9d
+----
+
+.. Monitor the pod status until the pods with `Terminating` status are removed:
++
+[source,terminal]
+----
+$ oc get pods -n nvidia-gpu-operator
+----
++
+.Example output
+
+[source,terminal]
+----
+NAME                             READY   STATUS    RESTARTS   AGE
+gpu-operator-59469b8c5c-hw9wj    1/1     Running   0          8d
+nvidia-sandbox-validator-7hx98   1/1     Running   0          8d
+nvidia-sandbox-validator-hdb7p   1/1     Running   0          8d
+nvidia-vfio-manager-7w9fs        1/1     Running   0          8d
+nvidia-vfio-manager-866pz        1/1     Running   0          8d
+----
diff --git a/modules/virt-preventing-workload-updates-during-eus-update.adoc b/modules/virt-preventing-workload-updates-during-eus-update.adoc
index 84e82e2eb0b9..f1f89aebcfbc 100644
--- a/modules/virt-preventing-workload-updates-during-eus-update.adoc
+++ b/modules/virt-preventing-workload-updates-during-eus-update.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-preventing-workload-updates-during-eus-update_{context}"]
 = Preventing workload updates during an EUS-to-EUS update
 
@@ -22,16 +22,18 @@ When you update from one Extended Update Support (EUS) version to the next, you
 
 . Back up the current `workloadUpdateMethods` configuration by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ WORKLOAD_UPDATE_METHODS=$(oc get kv kubevirt-kubevirt-hyperconverged -n openshift-cnv -o jsonpath='{.spec.workloadUpdateStrategy.workloadUpdateMethods}')
+$ WORKLOAD_UPDATE_METHODS=$(oc get kv kubevirt-kubevirt-hyperconverged \
+  -n {CNVNamespace} -o jsonpath='{.spec.workloadUpdateStrategy.workloadUpdateMethods}')
 ----
 
 . Turn off all workload update methods by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc patch hco kubevirt-hyperconverged -n openshift-cnv --type json -p '[{"op":"replace","path":"/spec/workloadUpdateStrategy/workloadUpdateMethods", "value":[]}]'
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
+  --type json -p '[{"op":"replace","path":"/spec/workloadUpdateStrategy/workloadUpdateMethods", "value":[]}]'
 ----
 +
 .Example output
@@ -42,9 +44,9 @@ hyperconverged.hco.kubevirt.io/kubevirt-hyperconverged patched
 
 . Ensure that the `HyperConverged` Operator is `Upgradeable` before you continue. Enter the following command and monitor the output:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get hco kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status.conditions"
+$ oc get hyperconverged kubevirt-hyperconverged -n {CNVNamespace} -o json | jq ".status.conditions"
 ----
 +
 .Example output
@@ -125,18 +127,18 @@ Updating {product-title} to the next version is a prerequisite for updating {Vir
 
 . Monitor the {VirtProductName} update by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get csv -n openshift-cnv
+$ oc get csv -n {CNVNamespace}
 ----
 
 . Update {VirtProductName} to every z-stream version that is available for the non-EUS minor version, monitoring each update by running the command shown in the previous step.
 
 . Confirm that {VirtProductName} successfully updated to the latest z-stream release of the non-EUS version by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get hco kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status.versions"
+$ oc get hyperconverged kubevirt-hyperconverged -n {CNVNamespace} -o json | jq ".status.versions"
 ----
 +
 .Example output
@@ -152,9 +154,9 @@ $ oc get hco kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status.vers
 
 . Wait until the `HyperConverged` Operator has the `Upgradeable` status before you perform the next update. Enter the following command and monitor the output:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get hco kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status.conditions"
+$ oc get hyperconverged kubevirt-hyperconverged -n {CNVNamespace} -o json | jq ".status.conditions"
 ----
 
 . Update {product-title} to the target EUS version.
@@ -172,18 +174,19 @@ $ oc get clusterversion
 
 . Monitor the {VirtProductName} update by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get csv -n openshift-cnv
+$ oc get csv -n {CNVNamespace}
 ----
 +
 The update completes when the `VERSION` field matches the target EUS version and the `PHASE` field reads `Succeeded`.
 
 . Restore the workload update methods configuration that you backed up:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc patch hco kubevirt-hyperconverged -n openshift-cnv --type json -p "[{\"op\":\"add\",\"path\":\"/spec/workloadUpdateStrategy/workloadUpdateMethods\", \"value\":$WORKLOAD_UPDATE_METHODS}]"
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} --type json -p \
+  "[{\"op\":\"add\",\"path\":\"/spec/workloadUpdateStrategy/workloadUpdateMethods\", \"value\":$WORKLOAD_UPDATE_METHODS}]"
 ----
 +
 .Example output
diff --git a/modules/virt-pxe-booting-with-mac-address.adoc b/modules/virt-pxe-booting-with-mac-address.adoc
index ae95daa3cb8c..4afc157b13c9 100644
--- a/modules/virt-pxe-booting-with-mac-address.adoc
+++ b/modules/virt-pxe-booting-with-mac-address.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pxe-booting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-pxe-booting-with-mac-address_{context}"]
 = PXE booting with a specified MAC address
 
diff --git a/modules/virt-querying-metrics.adoc b/modules/virt-querying-metrics.adoc
index 215af690edb5..e91f192bb5e9 100644
--- a/modules/virt-querying-metrics.adoc
+++ b/modules/virt-querying-metrics.adoc
@@ -17,7 +17,7 @@ The following examples use `topk` queries that specify a time period. If virtual
 
 The following query can identify virtual machines that are waiting for Input/Output (I/O):
 
-`kubevirt_vmi_vcpu_wait_seconds`::
+`kubevirt_vmi_vcpu_wait_seconds_total`::
 Returns the wait time (in seconds) for a virtual machine's vCPU. Type: Counter.
 
 A value above '0' means that the vCPU wants to run, but the host scheduler cannot run it yet. This inability to run indicates that there is an issue with I/O.
@@ -30,7 +30,7 @@ To query the vCPU metric, the `schedstats=enable` kernel argument must first be
 .Example vCPU wait time query
 [source,promql]
 ----
-topk(3, sum by (name, namespace) (rate(kubevirt_vmi_vcpu_wait_seconds[6m]))) > 0 <1>
+topk(3, sum by (name, namespace) (rate(kubevirt_vmi_vcpu_wait_seconds_total[6m]))) > 0 <1>
 ----
 <1> This query returns the top 3 VMs waiting for I/O at every given moment over a six-minute time period.
 
@@ -76,7 +76,7 @@ topk(3, sum by (name, namespace) (rate(kubevirt_vmi_storage_read_traffic_bytes_t
 [id="virt-storage-snapshot-data_{context}"]
 === Storage snapshot data
 
-`kubevirt_vmsnapshot_disks_restored_from_source_total`::
+`kubevirt_vmsnapshot_disks_restored_from_source`::
 Returns the total number of virtual machine disks restored from the source virtual machine. Type: Gauge.
 
 `kubevirt_vmsnapshot_disks_restored_from_source_bytes`::
@@ -85,7 +85,7 @@ Returns the amount of space in bytes restored from the source virtual machine. T
 .Examples of storage snapshot data queries
 [source,promql]
 ----
-kubevirt_vmsnapshot_disks_restored_from_source_total{vm_name="simple-vm", vm_namespace="default"} <1>
+kubevirt_vmsnapshot_disks_restored_from_source{vm_name="simple-vm", vm_namespace="default"} <1>
 ----
 <1> This query returns the total number of virtual machine disks restored from the source virtual machine.
 
@@ -118,16 +118,16 @@ topk(3, sum by (name, namespace) (rate(kubevirt_vmi_storage_iops_read_total[6m])
 
 The following queries can identify which swap-enabled guests are performing the most memory swapping:
 
-`kubevirt_vmi_memory_swap_in_traffic_bytes_total`::
+`kubevirt_vmi_memory_swap_in_traffic_bytes`::
 Returns the total amount (in bytes) of memory the virtual guest is swapping in. Type: Gauge.
 
-`kubevirt_vmi_memory_swap_out_traffic_bytes_total`::
+`kubevirt_vmi_memory_swap_out_traffic_bytes`::
 Returns the total amount (in bytes) of memory the virtual guest is swapping out. Type: Gauge.
 
 .Example memory swapping query
 [source,promql]
 ----
-topk(3, sum by (name, namespace) (rate(kubevirt_vmi_memory_swap_in_traffic_bytes_total[6m])) + sum by (name, namespace) (rate(kubevirt_vmi_memory_swap_out_traffic_bytes_total[6m]))) > 0 <1>
+topk(3, sum by (name, namespace) (rate(kubevirt_vmi_memory_swap_in_traffic_bytes[6m])) + sum by (name, namespace) (rate(kubevirt_vmi_memory_swap_out_traffic_bytes[6m]))) > 0 <1>
 ----
 <1> This query returns the top 3 VMs where the guest is performing the most memory swapping at every given moment over a six-minute time period.
 
diff --git a/modules/virt-querying-the-node-exporter-service-for-metrics.adoc b/modules/virt-querying-the-node-exporter-service-for-metrics.adoc
index 938926b557fe..a1211245de34 100644
--- a/modules/virt-querying-the-node-exporter-service-for-metrics.adoc
+++ b/modules/virt-querying-the-node-exporter-service-for-metrics.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-querying-the-node-exporter-service-for-metrics-_{context}"]
 = Querying the node-exporter service for metrics
 
diff --git a/modules/virt-quick-creating-vm.adoc b/modules/virt-quick-creating-vm.adoc
deleted file mode 100644
index fb653a9e4796..000000000000
--- a/modules/virt-quick-creating-vm.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-create-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-quick-creating-vm_{context}"]
-= Quick creating a virtual machine
-
-You can quickly create a virtual machine (VM) by using a template with an available boot source.
-
-.Procedure
-
-. Click *Virtualization* -> *Catalog* in the side menu.
-
-. Click *Boot source available* to filter templates with boot sources.
-
-+
-[NOTE]
-====
-By default, the template list will show only *Default Templates*. Click *All Items* when filtering to see all available templates for your chosen filters.
-====
-
-. Click a template to view its details.
-
-. Click *Quick Create VirtualMachine* to create a VM from the template.
-+
-The virtual machine *Details* page is displayed with the provisioning status.
-
-.Verification
-
-. Click *Events* to view a stream of events as the VM is provisioned.
-
-. Click *Console* to verify that the VM booted successfully.
diff --git a/modules/virt-reclaiming-statically-provisioned-persistent-volumes.adoc b/modules/virt-reclaiming-statically-provisioned-persistent-volumes.adoc
index 5b71ba23cd96..7594d55b0d97 100644
--- a/modules/virt-reclaiming-statically-provisioned-persistent-volumes.adoc
+++ b/modules/virt-reclaiming-statically-provisioned-persistent-volumes.adoc
@@ -2,7 +2,7 @@
 //
 // virt/virtual_machines/virtual_disks/virt-reusing-statically-provisioned-persistent-volumes.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-reclaiming-statically-provisioned-persistent-volumes_{context}"]
 = Reclaiming statically provisioned persistent volumes
 
diff --git a/modules/virt-reenabling-mac-address-pool-for-namespace-cli.adoc b/modules/virt-reenabling-mac-address-pool-for-namespace-cli.adoc
deleted file mode 100644
index 9a8c3821f585..000000000000
--- a/modules/virt-reenabling-mac-address-pool-for-namespace-cli.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/vm_networking/virt-using-mac-address-pool-for-vms.adoc
-
-:_content-type: PROCEDURE
-[id="virt-reenabling-mac-address-pool-for-namespace-cli_{context}"]
-= Re-enabling a MAC address pool for a namespace in the CLI
-
-If you disabled KubeMacPool for a namespace and want to re-enable it, remove the `mutatevirtualmachines.kubemacpool.io=ignore` label from the namespace.
-
-[NOTE]
-====
-Earlier versions of {VirtProductName} used the label `mutatevirtualmachines.kubemacpool.io=allocate` to enable KubeMacPool for a namespace. This is still supported but redundant as KubeMacPool is now enabled by default.
-====
-
-.Procedure
-
-* Remove the KubeMacPool label from the namespace.
-The following example re-enables KubeMacPool for two namespaces, `<namespace1>` and `<namespace2>`:
-+
-[source,terminal]
-----
-$ oc label namespace <namespace1> <namespace2> mutatevirtualmachines.kubemacpool.io-
-----
-
diff --git a/modules/virt-remove-boot-order-item-web.adoc b/modules/virt-remove-boot-order-item-web.adoc
index ce79b9e3227c..0f7aab2f7b6f 100644
--- a/modules/virt-remove-boot-order-item-web.adoc
+++ b/modules/virt-remove-boot-order-item-web.adoc
@@ -3,7 +3,7 @@
 // * virt/virt_users_guide/virt-edit-boot-order.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-remove-boot-order-item-web_{context}"]
 
 = Removing items from a boot order list in the web console
diff --git a/modules/virt-removing-interface-from-nodes.adoc b/modules/virt-removing-interface-from-nodes.adoc
index 0439e9bca25c..34f506e01488 100644
--- a/modules/virt-removing-interface-from-nodes.adoc
+++ b/modules/virt-removing-interface-from-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-removing-interface-from-nodes_{context}"]
 = Removing an interface from nodes
 
diff --git a/modules/virt-removing-mediated-device-from-cluster-cli.adoc b/modules/virt-removing-mediated-device-from-cluster-cli.adoc
index 250f00757701..cfc66a034339 100644
--- a/modules/virt-removing-mediated-device-from-cluster-cli.adoc
+++ b/modules/virt-removing-mediated-device-from-cluster-cli.adoc
@@ -1,10 +1,10 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
+// * virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-removing-mediated-device-from-cluster-cli_{context}"]
-= Removing mediated devices from the cluster using the CLI
+= Removing mediated devices from the cluster
 
 To remove a mediated device from the cluster, delete the information for that device from the `HyperConverged` custom resource (CR).
 
@@ -12,31 +12,31 @@ To remove a mediated device from the cluster, delete the information for that de
 
 . Edit the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Remove the device information from the `spec.mediatedDevicesConfiguration` and `spec.permittedHostDevices` stanzas of the `HyperConverged` CR. Removing both entries ensures that you can later create a new mediated device type on the same node. For example:
 +
 .Example configuration file
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   mediatedDevicesConfiguration:
-    mediatedDevicesTypes: <1>
+    mediatedDeviceTypes: <1>
       - nvidia-231
   permittedHostDevices:
     mediatedDevices: <2>
     - mdevNameSelector: GRID T4-2Q
       resourceName: nvidia.com/GRID_T4-2Q
 ----
-<1> To remove the `nvidia-231` device type, delete it from the `mediatedDevicesTypes` array.
+<1> To remove the `nvidia-231` device type, delete it from the `mediatedDeviceTypes` array.
 <2> To remove the `GRID T4-2Q` device, delete the `mdevNameSelector` field and its corresponding `resourceName` field.
 
 . Save your changes and exit the editor.
\ No newline at end of file
diff --git a/modules/virt-removing-pci-device-from-cluster-cli.adoc b/modules/virt-removing-pci-device-from-cluster-cli.adoc
index ec54b1c6bd68..14e0203ac3e9 100644
--- a/modules/virt-removing-pci-device-from-cluster-cli.adoc
+++ b/modules/virt-removing-pci-device-from-cluster-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-removing-pci-device-from-cluster_{context}"]
 = Removing PCI host devices from the cluster using the CLI
 
@@ -12,21 +12,21 @@ To remove a PCI host device from the cluster, delete the information for that de
 .Procedure
 . Edit the `HyperConverged` CR in your default editor by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv
+$ oc edit hyperconverged kubevirt-hyperconverged -n {CNVNamespace}
 ----
 
 . Remove the PCI device information from the `spec.permittedHostDevices.pciHostDevices` array by deleting the `pciDeviceSelector`, `resourceName` and `externalResourceProvider` (if applicable) fields for the appropriate device. In this example, the `intel.com/qat` resource has been deleted.
 +
 .Example configuration file
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 apiVersion: hco.kubevirt.io/v1
 kind: HyperConverged
 metadata:
   name: kubevirt-hyperconverged
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   permittedHostDevices:
     pciHostDevices:
diff --git a/modules/virt-restarting-vm-web.adoc b/modules/virt-restarting-vm-web.adoc
index 5573e1883dc5..e952f5206ae4 100644
--- a/modules/virt-restarting-vm-web.adoc
+++ b/modules/virt-restarting-vm-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-controlling-vm-states.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-restarting-vm-web_{context}"]
 = Restarting a virtual machine
 
diff --git a/modules/virt-restoring-vm-from-snapshot-cli.adoc b/modules/virt-restoring-vm-from-snapshot-cli.adoc
index 20aed9ee48ff..832e09c40698 100644
--- a/modules/virt-restoring-vm-from-snapshot-cli.adoc
+++ b/modules/virt-restoring-vm-from-snapshot-cli.adoc
@@ -1,59 +1,54 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-restoring-vm-from-snapshot-cli_{context}"]
-= Restoring a virtual machine from a snapshot in the CLI
+= Restoring a VM from a snapshot by using the command line
 
-You can restore an existing virtual machine (VM) to a previous configuration by using a VM snapshot. You can only restore from an offline VM snapshot.
+You can restore an existing virtual machine (VM) to a previous configuration by using the command line. You can only restore from an offline VM snapshot.
 
 .Prerequisites
 
-* Install the OpenShift CLI (`oc`).
-* Power down the VM you want to restore to a previous state.
+* Power down the VM you want to restore.
 
 .Procedure
 
-. Create a YAML file to define a `VirtualMachineRestore` object that specifies the name of the VM you want to restore and the name of the snapshot to be used as the source.
-+
-For example:
+. Create a YAML file to define a `VirtualMachineRestore` object that specifies the name of the VM you want to restore and the name of the snapshot to be used as the source as in the following example:
 +
 [source,yaml]
 ----
 apiVersion: snapshot.kubevirt.io/v1beta1
 kind: VirtualMachineRestore
 metadata:
-  name: my-vmrestore <1>
+  name: <vm_restore>
 spec:
   target:
     apiGroup: kubevirt.io
     kind: VirtualMachine
-    name: my-vm <2>
-  virtualMachineSnapshotName: my-vmsnapshot <3>
+    name: <vm_name>
+  virtualMachineSnapshotName: <snapshot_name>
 ----
-<1> The name of the new `VirtualMachineRestore` object.
-<2> The name of the target VM you want to restore.
-<3> The name of the `VirtualMachineSnapshot` object to be used as the source.
 
-. Create the `VirtualMachineRestore` resource. The snapshot controller updates the status fields of the `VirtualMachineRestore` object and replaces the existing VM configuration with the snapshot content.
+. Create the `VirtualMachineRestore` object:
 +
 [source,terminal]
 ----
-$ oc create -f <my-vmrestore>.yaml
+$ oc create -f <vm_restore>.yaml
 ----
++
+The snapshot controller updates the status fields of the `VirtualMachineRestore` object and replaces the existing VM configuration with the snapshot content.
 
 .Verification
 
-* Verify that the VM is restored to the previous state represented by the snapshot. The `complete` flag must be set to `true`.
+* Verify that the VM is restored to the previous state represented by the snapshot and that the `complete` flag is set to `true`:
 +
 [source,terminal]
 ----
-$ oc get vmrestore <my-vmrestore>
+$ oc get vmrestore <vm_restore>
 ----
 +
 .Example output
-+
 [source, yaml]
 ----
 apiVersion: snapshot.kubevirt.io/v1beta1
diff --git a/modules/virt-restoring-vm-from-snapshot-web.adoc b/modules/virt-restoring-vm-from-snapshot-web.adoc
index 4656ca03009b..3f30dd674826 100644
--- a/modules/virt-restoring-vm-from-snapshot-web.adoc
+++ b/modules/virt-restoring-vm-from-snapshot-web.adoc
@@ -1,27 +1,19 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-restoring-vm-from-snapshot-web_{context}"]
-= Restoring a virtual machine from a snapshot in the web console
+= Restoring a VM from a snapshot by using the web console
 
-You can restore a virtual machine (VM) to a previous configuration represented by a snapshot in the web console.
+You can restore a virtual machine (VM) to a previous configuration represented by a snapshot in the {product-title} web console.
 
 .Procedure
 
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Select a virtual machine to open the *VirtualMachine details* page.
-
-. If the virtual machine is running, click *Actions* → *Stop* to power it down.
-
-. Click the *Snapshots* tab. The page displays a list of snapshots associated with the virtual machine.
-
-. Choose one of the following methods to restore a VM snapshot:
-
-.. For the snapshot that you want to use as the source to restore the VM, click *Restore*.
-
-.. Select a snapshot to open the *Snapshot Details* screen and click *Actions* → *Restore VirtualMachineSnapshot*.
-
-. In the confirmation pop-up window, click *Restore* to restore the VM to its previous configuration represented by the snapshot.
+. Navigate to *Virtualization* -> *VirtualMachines* in the web console.
+. Select a VM to open the *VirtualMachine details* page.
+. If the VM is running, click the options menu {kebab} and select *Stop* to power it down.
+. Click the *Snapshots* tab to view a list of snapshots associated with the VM.
+. Select a snapshot to open the *Snapshot Details* screen.
+. Click the options menu {kebab} and select *Restore VirtualMachineSnapshot*.
+. Click *Restore*.
diff --git a/modules/virt-rhel-9.adoc b/modules/virt-rhel-9.adoc
index 4b95707f9123..4c0fedfdb150 100644
--- a/modules/virt-rhel-9.adoc
+++ b/modules/virt-rhel-9.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-rhel-9_{context}"]
 = {VirtProductName} on {op-system-base} 9
 
@@ -10,14 +10,12 @@
 
 As in previous versions, you can perform the update without disrupting running workloads. {VirtProductName} {VirtVersion} supports live migration from {op-system-base} 8 nodes to {op-system-base} 9 nodes.
 
-[id="new-rhel-9-machine-type_{context}"]
-== New {op-system-base} 9 machine type
+[id="rhel-9-machine-type_{context}"]
+== {op-system-base} 9 machine type
 
-This update also introduces a new {op-system-base} 9 machine type for VMs: `machineType: pc-q35-rhel9.2.0`. All VM templates that are included with {VirtProductName} now use this machine type by default.
+All VM templates that are included with {VirtProductName} now use the {op-system-base} 9 machine type by default: `machineType: pc-q35-rhel9.<y>.0`, where `<y>` is a single digit corresponding to the latest minor version of {op-system-base} 9. For example, the value `pc-q35-rhel9.2.0` is used for {op-system-base} 9.2.
 
-Updating {VirtProductName} does not change the `machineType` value of any existing VMs. These VMs continue to function as they did before the update.
-
-While it is not required, you might want to change a VM's machine type to `pc-q35-rhel9.2.0` so that it can benefit from {op-system-base} 9 improvements.
+Updating {VirtProductName} does not change the `machineType` value of any existing VMs. These VMs continue to function as they did before the update. You can optionally change a VM's machine type so that it can benefit from {op-system-base} 9 improvements.
 
 [IMPORTANT]
 ====
diff --git a/modules/virt-runbook-cdidataimportcronoutdated.adoc b/modules/virt-runbook-cdidataimportcronoutdated.adoc
index 17f53fe2f7b4..311f897207cd 100644
--- a/modules/virt-runbook-cdidataimportcronoutdated.adoc
+++ b/modules/virt-runbook-cdidataimportcronoutdated.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-CDIDataImportCronOutdated"]
 = CDIDataImportCronOutdated
 
diff --git a/modules/virt-runbook-cdidatavolumeunusualrestartcount.adoc b/modules/virt-runbook-cdidatavolumeunusualrestartcount.adoc
index ef280035d496..8c30d9abd2b9 100644
--- a/modules/virt-runbook-cdidatavolumeunusualrestartcount.adoc
+++ b/modules/virt-runbook-cdidatavolumeunusualrestartcount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-CDIDataVolumeUnusualRestartCount"]
 = CDIDataVolumeUnusualRestartCount
 
@@ -12,37 +12,25 @@
 [id="meaning-cdidatavolumeunusualrestartcount"]
 == Meaning
 
-This alert fires when a `DataVolume` object restarts more than three
-times.
+This alert fires when a `DataVolume` object restarts more than three times.
 
 [discrete]
 [id="impact-cdidatavolumeunusualrestartcount"]
 == Impact
 
-Data volumes are responsible for importing and creating a virtual
-machine disk on a persistent volume claim. If a data volume restarts
-more than three times, these operations are unlikely to succeed. You
-must diagnose and resolve the issue.
+Data volumes are responsible for importing and creating a virtual machine disk
+on a persistent volume claim. If a data volume restarts more than three times,
+these operations are unlikely to succeed. You must diagnose and resolve the issue.
 
 [discrete]
 [id="diagnosis-cdidatavolumeunusualrestartcount"]
 == Diagnosis
 
-. Obtain the name and namespace of the data volume:
+. Find Containerized Data Importer (CDI) pods with more than three restarts:
 +
 [source,terminal]
 ----
-$ oc get dv -A -o json | jq -r '.items[] | \
-  select(.status.restartCount>3)' | jq '.metadata.name, .metadata.namespace'
-----
-
-. Check the status of the pods associated with the data volume:
-+
-[source,terminal]
-----
-$ oc get pods -n <namespace> -o json | jq -r '.items[] | \
-  select(.metadata.ownerReferences[] | \
-  select(.name=="<dv_name>")).metadata.name'
+$ oc get pods --all-namespaces -l app=containerized-data-importer -o=jsonpath='{range .items[?(@.status.containerStatuses[0].restartCount>3)]}{.metadata.name}{"/"}{.metadata.namespace}{"\n"}'
 ----
 
 . Obtain the details of the pods:
@@ -56,7 +44,7 @@ $ oc -n <namespace> describe pods <pod>
 +
 [source,terminal]
 ----
-$ oc -n <namespace> describe logs <pod>
+$ oc -n <namespace> logs <pod>
 ----
 
 [discrete]
@@ -65,6 +53,6 @@ $ oc -n <namespace> describe logs <pod>
 
 Delete the data volume, resolve the issue, and create a new data volume.
 
-If you cannot resolve the issue, log in to the link:https://access.redhat.com[Customer
-Portal] and open a support case,
-attaching the artifacts gathered during the diagnosis procedure.
+If you cannot resolve the issue, log in to the
+link:https://access.redhat.com[Customer Portal] and open a support case,
+attaching the artifacts gathered during the Diagnosis procedure.
diff --git a/modules/virt-runbook-cdidefaultstorageclassdegraded.adoc b/modules/virt-runbook-cdidefaultstorageclassdegraded.adoc
new file mode 100644
index 000000000000..3fd93e5b873c
--- /dev/null
+++ b/modules/virt-runbook-cdidefaultstorageclassdegraded.adoc
@@ -0,0 +1,79 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-CDIDefaultStorageClassDegraded"]
+= CDIDefaultStorageClassDegraded
+
+[discrete]
+[id="meaning-cdidefaultstorageclassdegraded"]
+== Meaning
+
+This alert fires when there is no default storage class that supports smart cloning
+(CSI or snapshot-based) or the ReadWriteMany access mode.
+
+[discrete]
+[id="impact-cdidefaultstorageclassdegraded"]
+== Impact
+
+If the default storage class does not support smart cloning, the default cloning
+method is host-assisted cloning, which is much less efficient.
+
+If the default storage class does not support ReadWriteMany, virtual machines (VMs)
+cannot be live migrated.
+
+NOTE: A default {VirtProductName} storage class has precedence over a
+default {product-title} storage class when creating a
+VM disk.
+
+[discrete]
+[id="diagnosis-cdidefaultstorageclassdegraded"]
+== Diagnosis
+
+. Get the default {VirtProductName} storage class by running the following
+command:
++
+[source,terminal]
+----
+$ oc get sc -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubevirt\.io/is-default-virt-class=="true")].metadata.name}'
+----
+
+. If a default {VirtProductName} storage class exists, check that it
+supports ReadWriteMany by running the following command:
++
+[source,terminal]
+----
+$ oc get storageprofile <storage_class> -o json | jq '.status.claimPropertySets'| grep ReadWriteMany
+----
+
+. If there is no default {VirtProductName} storage class, get the
+default {product-title} storage class by running the following
+command:
++
+[source,terminal]
+----
+$ oc get sc -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubevirt\.io/is-default-class=="true")].metadata.name}'
+----
+
+. If a default {product-title} storage class exists, check that it
+supports ReadWriteMany by running the following command:
++
+[source,terminal]
+----
+$ oc get storageprofile <storage_class> -o json | jq '.status.claimPropertySets'| grep ReadWriteMany
+----
+
+[discrete]
+[id="mitigation-cdidefaultstorageclassdegraded"]
+== Mitigation
+
+Ensure that you have a default storage class, either {product-title}
+or {VirtProductName}, and that the default storage class supports
+smart cloning and ReadWriteMany.
+
+If you cannot resolve the issue, log in to the
+link:https://access.redhat.com[Customer Portal] and open a support case, attaching
+the artifacts gathered during the diagnosis procedure.
diff --git a/modules/virt-runbook-cdimultipledefaultvirtstorageclasses.adoc b/modules/virt-runbook-cdimultipledefaultvirtstorageclasses.adoc
new file mode 100644
index 000000000000..c2be4afe3e05
--- /dev/null
+++ b/modules/virt-runbook-cdimultipledefaultvirtstorageclasses.adoc
@@ -0,0 +1,50 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-CDIMultipleDefaultVirtStorageClasses"]
+= CDIMultipleDefaultVirtStorageClasses
+
+[discrete]
+[id="meaning-cdimultipledefaultvirtstorageclasses"]
+== Meaning
+
+This alert fires when more than one storage class has the annotation
+`storageclass.kubevirt.io/is-default-virt-class: "true"`.
+
+[discrete]
+[id="impact-cdimultipledefaultvirtstorageclasses"]
+== Impact
+
+The `storageclass.kubevirt.io/is-default-virt-class: "true"` annotation
+defines a default {VirtProductName} storage class.
+
+If more than one default {VirtProductName} storage class
+is defined, a data volume with no storage class specified
+receives the most recently created default storage class.
+
+[discrete]
+[id="diagnosis-cdimultipledefaultvirtstorageclasses"]
+== Diagnosis
+
+Obtain a list of default {VirtProductName} storage classes by running
+the following command:
+
+[source,terminal]
+----
+$ oc get sc -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubevirt\.io/is-default-virt-class=="true")].metadata.name}'
+----
+
+[discrete]
+[id="mitigation-cdimultipledefaultvirtstorageclasses"]
+== Mitigation
+
+Ensure that only one default {VirtProductName} storage class
+is defined by removing the annotation from the other storage classes.
+
+If you cannot resolve the issue, log in to the
+link:https://access.redhat.com[Customer Portal] and open a support case, attaching
+the artifacts gathered during the diagnosis procedure.
diff --git a/modules/virt-runbook-cdinodefaultstorageclass.adoc b/modules/virt-runbook-cdinodefaultstorageclass.adoc
new file mode 100644
index 000000000000..9212d42f4af8
--- /dev/null
+++ b/modules/virt-runbook-cdinodefaultstorageclass.adoc
@@ -0,0 +1,74 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-CDINoDefaultStorageClass"]
+= CDINoDefaultStorageClass
+
+[discrete]
+[id="meaning-cdinodefaultstorageclass"]
+== Meaning
+
+This alert fires when no default {product-title} or
+{VirtProductName} storage class is defined.
+
+[discrete]
+[id="impact-cdinodefaultstorageclass"]
+== Impact
+
+If no default {product-title} or {VirtProductName} storage
+class is defined, a data volume requesting a default storage class (the storage
+class is not specified), remains in a "pending" state.
+
+[discrete]
+[id="diagnosis-cdinodefaultstorageclass"]
+== Diagnosis
+
+. Check for a default {product-title} storage class by running
+the following command:
++
+[source,terminal]
+----
+$ oc get sc -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubevirt\.io/is-default-class=="true")].metadata.name}'
+----
+
+. Check for a default {VirtProductName} storage class by running
+the following command:
++
+[source,terminal]
+----
+$ oc get sc -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubevirt\.io/is-default-virt-class=="true")].metadata.name}'
+----
+
+[discrete]
+[id="mitigation-cdinodefaultstorageclass"]
+== Mitigation
+
+Create a default storage class for either {product-title} or
+{VirtProductName} or for both.
+
+A default {VirtProductName} storage class has precedence over a default
+{product-title} storage class for creating a virtual machine disk image.
+
+* Create a default {product-title} storage class by running
+the following command:
++
+[source,terminal]
+----
+$ oc patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+----
+
+* Create a default {VirtProductName} storage class by running
+the following command:
++
+[source,terminal]
+----
+$ oc patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubevirt.io/is-default-virt-class":"true"}}}'
+----
+
+If you cannot resolve the issue, log in to the
+link:https://access.redhat.com[Customer Portal] and open a support case,
+attaching the artifacts gathered during the diagnosis procedure.
diff --git a/modules/virt-runbook-cdinotready.adoc b/modules/virt-runbook-cdinotready.adoc
index 3855643c43e0..7bcc894dfd14 100644
--- a/modules/virt-runbook-cdinotready.adoc
+++ b/modules/virt-runbook-cdinotready.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-CDINotReady"]
 = CDINotReady
 
diff --git a/modules/virt-runbook-cdioperatordown.adoc b/modules/virt-runbook-cdioperatordown.adoc
index e16a6c9b3fda..b47cef3af8b9 100644
--- a/modules/virt-runbook-cdioperatordown.adoc
+++ b/modules/virt-runbook-cdioperatordown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-CDIOperatorDown"]
 = CDIOperatorDown
 
diff --git a/modules/virt-runbook-cdistorageprofilesincomplete.adoc b/modules/virt-runbook-cdistorageprofilesincomplete.adoc
index 0407e1e49e03..ad16b78d0fd5 100644
--- a/modules/virt-runbook-cdistorageprofilesincomplete.adoc
+++ b/modules/virt-runbook-cdistorageprofilesincomplete.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-CDIStorageProfilesIncomplete"]
 = CDIStorageProfilesIncomplete
 
diff --git a/modules/virt-runbook-cnaodown.adoc b/modules/virt-runbook-cnaodown.adoc
index 3d53c2b54a5b..b3a8f1ef68e8 100644
--- a/modules/virt-runbook-cnaodown.adoc
+++ b/modules/virt-runbook-cnaodown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-CnaoDown"]
 = CnaoDown
 
diff --git a/modules/virt-runbook-hcoinstallationincomplete.adoc b/modules/virt-runbook-hcoinstallationincomplete.adoc
new file mode 100644
index 000000000000..c4289fc1a443
--- /dev/null
+++ b/modules/virt-runbook-hcoinstallationincomplete.adoc
@@ -0,0 +1,48 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-HCOInstallationIncomplete"]
+= HCOInstallationIncomplete
+
+[discrete]
+[id="meaning-hcoinstallationincomplete"]
+== Meaning
+
+This alert fires when the HyperConverged Cluster Operator (HCO) runs for
+more than an hour without a `HyperConverged` custom resource (CR).
+
+This alert has the following causes:
+
+* During the installation process, you installed the HCO but you did not
+create the `HyperConverged` CR.
+* During the uninstall process, you removed the `HyperConverged` CR before
+uninstalling the HCO and the HCO is still running.
+
+[discrete]
+[id="mitigation-hcoinstallationincomplete"]
+== Mitigation
+
+The mitigation depends on whether you are installing or uninstalling
+the HCO:
+
+* Complete the installation by creating a `HyperConverged` CR with its
+default values:
++
+[source,terminal]
+----
+$ cat <<EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: hco-operatorgroup
+  namespace: kubevirt-hyperconverged
+spec: {}
+EOF
+----
+
+* Uninstall the HCO. If the uninstall process continues to run, you must
+resolve that issue in order to cancel the alert.
diff --git a/modules/virt-runbook-hppnotready.adoc b/modules/virt-runbook-hppnotready.adoc
index 996d4743c660..3e650cbaba8c 100644
--- a/modules/virt-runbook-hppnotready.adoc
+++ b/modules/virt-runbook-hppnotready.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-HPPNotReady"]
 = HPPNotReady
 
diff --git a/modules/virt-runbook-hppoperatordown.adoc b/modules/virt-runbook-hppoperatordown.adoc
index 9ade1edef01b..918e3428559e 100644
--- a/modules/virt-runbook-hppoperatordown.adoc
+++ b/modules/virt-runbook-hppoperatordown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-HPPOperatorDown"]
 = HPPOperatorDown
 
diff --git a/modules/virt-runbook-hppsharingpoolpathwithos.adoc b/modules/virt-runbook-hppsharingpoolpathwithos.adoc
index 25a71689cdbb..c427df135685 100644
--- a/modules/virt-runbook-hppsharingpoolpathwithos.adoc
+++ b/modules/virt-runbook-hppsharingpoolpathwithos.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-HPPSharingPoolPathWithOS"]
 = HPPSharingPoolPathWithOS
 
diff --git a/modules/virt-runbook-kubemacpooldown.adoc b/modules/virt-runbook-kubemacpooldown.adoc
index 5ad112728474..8d9f94f025ae 100644
--- a/modules/virt-runbook-kubemacpooldown.adoc
+++ b/modules/virt-runbook-kubemacpooldown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubemacpoolDown"]
 = KubemacpoolDown
 
diff --git a/modules/virt-runbook-kubemacpoolduplicatemacsfound.adoc b/modules/virt-runbook-kubemacpoolduplicatemacsfound.adoc
index e12e5ec5581b..1b6058f50b0a 100644
--- a/modules/virt-runbook-kubemacpoolduplicatemacsfound.adoc
+++ b/modules/virt-runbook-kubemacpoolduplicatemacsfound.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubeMacPoolDuplicateMacsFound"]
 = KubeMacPoolDuplicateMacsFound
 
diff --git a/modules/virt-runbook-kubevirtcomponentexceedsrequestedcpu.adoc b/modules/virt-runbook-kubevirtcomponentexceedsrequestedcpu.adoc
index aa7eb6170f44..703d8ec8c809 100644
--- a/modules/virt-runbook-kubevirtcomponentexceedsrequestedcpu.adoc
+++ b/modules/virt-runbook-kubevirtcomponentexceedsrequestedcpu.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubeVirtComponentExceedsRequestedCPU"]
 = KubeVirtComponentExceedsRequestedCPU
 
diff --git a/modules/virt-runbook-kubevirtcomponentexceedsrequestedmemory.adoc b/modules/virt-runbook-kubevirtcomponentexceedsrequestedmemory.adoc
index 92d793fdb5ce..cc2688813624 100644
--- a/modules/virt-runbook-kubevirtcomponentexceedsrequestedmemory.adoc
+++ b/modules/virt-runbook-kubevirtcomponentexceedsrequestedmemory.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubeVirtComponentExceedsRequestedMemory"]
 = KubeVirtComponentExceedsRequestedMemory
 
diff --git a/modules/virt-runbook-kubevirtcrmodified.adoc b/modules/virt-runbook-kubevirtcrmodified.adoc
new file mode 100644
index 000000000000..0f614618be5a
--- /dev/null
+++ b/modules/virt-runbook-kubevirtcrmodified.adoc
@@ -0,0 +1,53 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-KubeVirtCRModified"]
+= KubeVirtCRModified
+
+[discrete]
+[id="meaning-kubevirtcrmodified"]
+== Meaning
+
+This alert fires when an operand of the HyperConverged Cluster Operator (HCO)
+is changed by someone or something other than HCO.
+
+HCO configures {VirtProductName} and its supporting operators in an
+opinionated way and overwrites its operands when there is an unexpected change
+to them. Users must not modify the operands directly. The `HyperConverged`
+custom resource is the source of truth for the configuration.
+
+[discrete]
+[id="impact-kubevirtcrmodified"]
+== Impact
+
+Changing the operands manually causes the cluster configuration to fluctuate
+and might lead to instability.
+
+[discrete]
+[id="diagnosis-kubevirtcrmodified"]
+== Diagnosis
+
+* Check the `component_name` value in the alert details to determine the operand
+kind (`kubevirt`) and the operand name (`kubevirt-kubevirt-hyperconverged`)
+that are being changed:
++
+[source,text]
+----
+Labels
+  alertname=KubevirtHyperconvergedClusterOperatorCRModification
+  component_name=kubevirt/kubevirt-kubevirt-hyperconverged
+  severity=warning
+----
+
+[discrete]
+[id="mitigation-kubevirtcrmodified"]
+== Mitigation
+
+Do not change the HCO operands directly. Use `HyperConverged` objects to configure
+the cluster.
+
+The alert resolves itself after 10 minutes if the operands are not changed manually.
diff --git a/modules/virt-runbook-kubevirtdeprecatedapirequested.adoc b/modules/virt-runbook-kubevirtdeprecatedapirequested.adoc
index 824a58abf18b..fe7a9b612554 100644
--- a/modules/virt-runbook-kubevirtdeprecatedapirequested.adoc
+++ b/modules/virt-runbook-kubevirtdeprecatedapirequested.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubeVirtDeprecatedAPIRequested"]
 = KubeVirtDeprecatedAPIRequested
 
diff --git a/modules/virt-runbook-kubevirthyperconvergedclusteroperatorcrmodification.adoc b/modules/virt-runbook-kubevirthyperconvergedclusteroperatorcrmodification.adoc
deleted file mode 100644
index 1b95146363e4..000000000000
--- a/modules/virt-runbook-kubevirthyperconvergedclusteroperatorcrmodification.adoc
+++ /dev/null
@@ -1,53 +0,0 @@
-// Do not edit this module. It is generated with a script.
-// Do not reuse this module. The anchor IDs do not contain a context statement.
-// Module included in the following assemblies:
-//
-// * virt/monitoring/virt-runbooks.adoc
-
-:_content-type: REFERENCE
-[id="virt-runbook-KubevirtHyperconvergedClusterOperatorCRModification"]
-= KubevirtHyperconvergedClusterOperatorCRModification
-
-[discrete]
-[id="meaning-kubevirthyperconvergedclusteroperatorcrmodification"]
-== Meaning
-
-This alert fires when an operand of the HyperConverged Cluster Operator (HCO)
-is changed by someone or something other than HCO.
-
-HCO configures {VirtProductName} and its supporting operators in an
-opinionated way and overwrites its operands when there is an unexpected change
-to them. Users must not modify the operands directly. The `HyperConverged`
-custom resource is the source of truth for the configuration.
-
-[discrete]
-[id="impact-kubevirthyperconvergedclusteroperatorcrmodification"]
-== Impact
-
-Changing the operands manually causes the cluster configuration to fluctuate
-and might lead to instability.
-
-[discrete]
-[id="diagnosis-kubevirthyperconvergedclusteroperatorcrmodification"]
-== Diagnosis
-
-* Check the `component_name` value in the alert details to determine the operand
-kind (`kubevirt`) and the operand name (`kubevirt-kubevirt-hyperconverged`)
-that are being changed:
-+
-[source,text]
-----
-Labels
-  alertname=KubevirtHyperconvergedClusterOperatorCRModification
-  component_name=kubevirt/kubevirt-kubevirt-hyperconverged
-  severity=warning
-----
-
-[discrete]
-[id="mitigation-kubevirthyperconvergedclusteroperatorcrmodification"]
-== Mitigation
-
-Do not change the HCO operands directly. Use `HyperConverged` objects to configure
-the cluster.
-
-The alert resolves itself after 10 minutes if the operands are not changed manually.
diff --git a/modules/virt-runbook-kubevirthyperconvergedclusteroperatorinstallationnotcompletedalert.adoc b/modules/virt-runbook-kubevirthyperconvergedclusteroperatorinstallationnotcompletedalert.adoc
deleted file mode 100644
index d257a2fbd904..000000000000
--- a/modules/virt-runbook-kubevirthyperconvergedclusteroperatorinstallationnotcompletedalert.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-// Do not edit this module. It is generated with a script.
-// Do not reuse this module. The anchor IDs do not contain a context statement.
-// Module included in the following assemblies:
-//
-// * virt/monitoring/virt-runbooks.adoc
-
-:_content-type: REFERENCE
-[id="virt-runbook-KubevirtHyperconvergedClusterOperatorInstallationNotCompletedAlert"]
-= KubevirtHyperconvergedClusterOperatorInstallationNotCompletedAlert
-
-[discrete]
-[id="meaning-kubevirthyperconvergedclusteroperatorinstallationnotcompletedalert"]
-== Meaning
-
-This alert fires when the HyperConverged Cluster Operator (HCO) runs for
-more than an hour without a `HyperConverged` custom resource (CR).
-
-This alert has the following causes:
-
-* During the installation process, you installed the HCO but you did not
-create the `HyperConverged` CR.
-* During the uninstall process, you removed the `HyperConverged` CR before
-uninstalling the HCO and the HCO is still running.
-
-[discrete]
-[id="mitigation-kubevirthyperconvergedclusteroperatorinstallationnotcompletedalert"]
-== Mitigation
-
-The mitigation depends on whether you are installing or uninstalling
-the HCO:
-
-* Complete the installation by creating a `HyperConverged` CR with its
-default values:
-+
-[source,terminal]
-----
-$ cat <<EOF | oc apply -f -
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: hco-operatorgroup
-  namespace: kubevirt-hyperconverged
-spec: {}
-EOF
-----
-
-* Uninstall the HCO. If the uninstall process continues to run, you must
-resolve that issue in order to cancel the alert.
diff --git a/modules/virt-runbook-kubevirthyperconvergedclusteroperatorusmodification.adoc b/modules/virt-runbook-kubevirthyperconvergedclusteroperatorusmodification.adoc
deleted file mode 100644
index 9221144fc44f..000000000000
--- a/modules/virt-runbook-kubevirthyperconvergedclusteroperatorusmodification.adoc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Do not edit this module. It is generated with a script.
-// Do not reuse this module. The anchor IDs do not contain a context statement.
-// Module included in the following assemblies:
-//
-// * virt/monitoring/virt-runbooks.adoc
-
-:_content-type: REFERENCE
-[id="virt-runbook-KubevirtHyperconvergedClusterOperatorUSModification"]
-= KubevirtHyperconvergedClusterOperatorUSModification
-
-[discrete]
-[id="meaning-kubevirthyperconvergedclusteroperatorusmodification"]
-== Meaning
-
-This alert fires when a JSON Patch annotation is used to change an operand
-of the HyperConverged Cluster Operator (HCO).
-
-HCO configures {VirtProductName} and its supporting operators in
-an opinionated way and overwrites its operands when there is an unexpected
-change to them. Users must not modify the operands directly.
-
-However, if a change is required and it is not supported by the HCO API,
-you can force HCO to set a change in an operator by using JSON Patch annotations.
-These changes are not reverted by HCO during its reconciliation process.
-
-[discrete]
-[id="impact-kubevirthyperconvergedclusteroperatorusmodification"]
-== Impact
-
-Incorrect use of JSON Patch annotations might lead to unexpected results
-or an unstable environment.
-
-Upgrading a system with JSON Patch annotations is dangerous because the
-structure of the component custom resources might change.
-
-[discrete]
-[id="diagnosis-kubevirthyperconvergedclusteroperatorusmodification"]
-== Diagnosis
-
-* Check the `annotation_name` in the alert details to identify the JSON
-Patch annotation:
-+
-[source,text]
-----
-Labels
-  alertname=KubevirtHyperconvergedClusterOperatorUSModification
-  annotation_name=kubevirt.kubevirt.io/jsonpatch
-  severity=info
-----
-
-[discrete]
-[id="mitigation-kubevirthyperconvergedclusteroperatorusmodification"]
-== Mitigation
-
-It is best to use the HCO API to change an operand. However, if the change
-can only be done with a JSON Patch annotation, proceed with caution.
-
-Remove JSON Patch annotations before upgrade to avoid potential issues.
diff --git a/modules/virt-runbook-kubevirtnoavailablenodestorunvms.adoc b/modules/virt-runbook-kubevirtnoavailablenodestorunvms.adoc
index cf0f694d541b..039a574756f4 100644
--- a/modules/virt-runbook-kubevirtnoavailablenodestorunvms.adoc
+++ b/modules/virt-runbook-kubevirtnoavailablenodestorunvms.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubeVirtNoAvailableNodesToRunVMs"]
 = KubeVirtNoAvailableNodesToRunVMs
 
diff --git a/modules/virt-runbook-kubevirtvmhighmemoryusage.adoc b/modules/virt-runbook-kubevirtvmhighmemoryusage.adoc
index f52859f0c01e..0b3e3d1bfe70 100644
--- a/modules/virt-runbook-kubevirtvmhighmemoryusage.adoc
+++ b/modules/virt-runbook-kubevirtvmhighmemoryusage.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubevirtVmHighMemoryUsage"]
 = KubevirtVmHighMemoryUsage
 
diff --git a/modules/virt-runbook-kubevirtvmiexcessivemigrations.adoc b/modules/virt-runbook-kubevirtvmiexcessivemigrations.adoc
index 46a07b00c7dd..b588a607fa72 100644
--- a/modules/virt-runbook-kubevirtvmiexcessivemigrations.adoc
+++ b/modules/virt-runbook-kubevirtvmiexcessivemigrations.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-KubeVirtVMIExcessiveMigrations"]
 = KubeVirtVMIExcessiveMigrations
 
diff --git a/modules/virt-runbook-lowkvmnodescount.adoc b/modules/virt-runbook-lowkvmnodescount.adoc
index 186456112ee6..5fc48f310966 100644
--- a/modules/virt-runbook-lowkvmnodescount.adoc
+++ b/modules/virt-runbook-lowkvmnodescount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-LowKVMNodesCount"]
 = LowKVMNodesCount
 
diff --git a/modules/virt-runbook-lowreadyvirtcontrollerscount.adoc b/modules/virt-runbook-lowreadyvirtcontrollerscount.adoc
index 6ba9c1a468bb..4f35ee6d90b5 100644
--- a/modules/virt-runbook-lowreadyvirtcontrollerscount.adoc
+++ b/modules/virt-runbook-lowreadyvirtcontrollerscount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-LowReadyVirtControllersCount"]
 = LowReadyVirtControllersCount
 
diff --git a/modules/virt-runbook-lowreadyvirtoperatorscount.adoc b/modules/virt-runbook-lowreadyvirtoperatorscount.adoc
index c305a21bb8b0..348708533028 100644
--- a/modules/virt-runbook-lowreadyvirtoperatorscount.adoc
+++ b/modules/virt-runbook-lowreadyvirtoperatorscount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-LowReadyVirtOperatorsCount"]
 = LowReadyVirtOperatorsCount
 
diff --git a/modules/virt-runbook-lowvirtapicount.adoc b/modules/virt-runbook-lowvirtapicount.adoc
index 77b1c2091a63..3779e5a88940 100644
--- a/modules/virt-runbook-lowvirtapicount.adoc
+++ b/modules/virt-runbook-lowvirtapicount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-LowVirtAPICount"]
 = LowVirtAPICount
 
diff --git a/modules/virt-runbook-lowvirtcontrollerscount.adoc b/modules/virt-runbook-lowvirtcontrollerscount.adoc
index aa887947e7b6..a13afb927a72 100644
--- a/modules/virt-runbook-lowvirtcontrollerscount.adoc
+++ b/modules/virt-runbook-lowvirtcontrollerscount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-LowVirtControllersCount"]
 = LowVirtControllersCount
 
diff --git a/modules/virt-runbook-lowvirtoperatorcount.adoc b/modules/virt-runbook-lowvirtoperatorcount.adoc
index cdfd908f0da2..a2f862ebb38e 100644
--- a/modules/virt-runbook-lowvirtoperatorcount.adoc
+++ b/modules/virt-runbook-lowvirtoperatorcount.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-LowVirtOperatorCount"]
 = LowVirtOperatorCount
 
diff --git a/modules/virt-runbook-networkaddonsconfignotready.adoc b/modules/virt-runbook-networkaddonsconfignotready.adoc
index cacef54dfdd1..c97b729ddf8d 100644
--- a/modules/virt-runbook-networkaddonsconfignotready.adoc
+++ b/modules/virt-runbook-networkaddonsconfignotready.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-NetworkAddonsConfigNotReady"]
 = NetworkAddonsConfigNotReady
 
diff --git a/modules/virt-runbook-noleadingvirtoperator.adoc b/modules/virt-runbook-noleadingvirtoperator.adoc
index b867c3d98bed..c9f1f541321f 100644
--- a/modules/virt-runbook-noleadingvirtoperator.adoc
+++ b/modules/virt-runbook-noleadingvirtoperator.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-NoLeadingVirtOperator"]
 = NoLeadingVirtOperator
 
diff --git a/modules/virt-runbook-noreadyvirtcontroller.adoc b/modules/virt-runbook-noreadyvirtcontroller.adoc
index 0bcb289de283..f32c50d5a343 100644
--- a/modules/virt-runbook-noreadyvirtcontroller.adoc
+++ b/modules/virt-runbook-noreadyvirtcontroller.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-NoReadyVirtController"]
 = NoReadyVirtController
 
diff --git a/modules/virt-runbook-noreadyvirtoperator.adoc b/modules/virt-runbook-noreadyvirtoperator.adoc
index 112eed00be5a..396e619a34a5 100644
--- a/modules/virt-runbook-noreadyvirtoperator.adoc
+++ b/modules/virt-runbook-noreadyvirtoperator.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-NoReadyVirtOperator"]
 = NoReadyVirtOperator
 
diff --git a/modules/virt-runbook-orphanedvirtualmachineinstances.adoc b/modules/virt-runbook-orphanedvirtualmachineinstances.adoc
index 3205b6c7d94a..ec51113811d0 100644
--- a/modules/virt-runbook-orphanedvirtualmachineinstances.adoc
+++ b/modules/virt-runbook-orphanedvirtualmachineinstances.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-OrphanedVirtualMachineInstances"]
 = OrphanedVirtualMachineInstances
 
diff --git a/modules/virt-runbook-outdatedvirtualmachineinstanceworkloads.adoc b/modules/virt-runbook-outdatedvirtualmachineinstanceworkloads.adoc
index 4e49636740b4..e1b44ef0d335 100644
--- a/modules/virt-runbook-outdatedvirtualmachineinstanceworkloads.adoc
+++ b/modules/virt-runbook-outdatedvirtualmachineinstanceworkloads.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-OutdatedVirtualMachineInstanceWorkloads"]
 = OutdatedVirtualMachineInstanceWorkloads
 
@@ -43,7 +43,7 @@ stanza:
 +
 [source,terminal]
 ----
-$ oc get kubevirt kubevirt --all-namespaces -o yaml
+$ oc get kubevirt --all-namespaces -o yaml
 ----
 
 . Check each outdated VMI to determine whether it is live-migratable:
diff --git a/modules/virt-runbook-singlestackipv6unsupported.adoc b/modules/virt-runbook-singlestackipv6unsupported.adoc
new file mode 100644
index 000000000000..d3359ca8a7c3
--- /dev/null
+++ b/modules/virt-runbook-singlestackipv6unsupported.adoc
@@ -0,0 +1,56 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-SingleStackIPv6Unsupported"]
+= SingleStackIPv6Unsupported
+
+[discrete]
+[id="meaning-singlestackipv6unsupported"]
+== Meaning
+
+This alert fires when you install {VirtProductName} on a single stack
+IPv6 cluster.
+
+[discrete]
+[id="impact-singlestackipv6unsupported"]
+== Impact
+
+You cannot create virtual machines.
+
+[discrete]
+[id="diagnosis-singlestackipv6unsupported"]
+== Diagnosis
+
+* Check the cluster network configuration by running the following command:
++
+[,shell]
+----
+$ oc get network.config cluster -o yaml
+----
++
+The output displays only an IPv6 CIDR for the cluster network.
++
+.Example output
++
+[source,text]
+----
+apiVersion: config.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
+  clusterNetwork:
+  - cidr: fd02::/48
+    hostPrefix: 64
+----
+
+[discrete]
+[id="mitigation-singlestackipv6unsupported"]
+== Mitigation
+
+Install {VirtProductName} on a single stack IPv4 cluster or on a
+dual stack IPv4/IPv6 cluster.
diff --git a/modules/virt-runbook-sspcommontemplatesmodificationreverted.adoc b/modules/virt-runbook-sspcommontemplatesmodificationreverted.adoc
index 1e999bd5f17a..13516a07501f 100644
--- a/modules/virt-runbook-sspcommontemplatesmodificationreverted.adoc
+++ b/modules/virt-runbook-sspcommontemplatesmodificationreverted.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-SSPCommonTemplatesModificationReverted"]
 = SSPCommonTemplatesModificationReverted
 
diff --git a/modules/virt-runbook-sspdown.adoc b/modules/virt-runbook-sspdown.adoc
index 64bc1b5078b3..6fbe2c88072f 100644
--- a/modules/virt-runbook-sspdown.adoc
+++ b/modules/virt-runbook-sspdown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-SSPDown"]
 = SSPDown
 
diff --git a/modules/virt-runbook-sspfailingtoreconcile.adoc b/modules/virt-runbook-sspfailingtoreconcile.adoc
index 1ab61737f9f6..cd8092d2bc2c 100644
--- a/modules/virt-runbook-sspfailingtoreconcile.adoc
+++ b/modules/virt-runbook-sspfailingtoreconcile.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-SSPFailingToReconcile"]
 = SSPFailingToReconcile
 
diff --git a/modules/virt-runbook-ssphighraterejectedvms.adoc b/modules/virt-runbook-ssphighraterejectedvms.adoc
index 384e9c3dc371..23f52aefe902 100644
--- a/modules/virt-runbook-ssphighraterejectedvms.adoc
+++ b/modules/virt-runbook-ssphighraterejectedvms.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-SSPHighRateRejectedVms"]
 = SSPHighRateRejectedVms
 
diff --git a/modules/virt-runbook-ssptemplatevalidatordown.adoc b/modules/virt-runbook-ssptemplatevalidatordown.adoc
index 3d3e7506d048..aeacb30684cb 100644
--- a/modules/virt-runbook-ssptemplatevalidatordown.adoc
+++ b/modules/virt-runbook-ssptemplatevalidatordown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-SSPTemplateValidatorDown"]
 = SSPTemplateValidatorDown
 
diff --git a/modules/virt-runbook-unsupportedhcomodification.adoc b/modules/virt-runbook-unsupportedhcomodification.adoc
new file mode 100644
index 000000000000..a3fc6a58e477
--- /dev/null
+++ b/modules/virt-runbook-unsupportedhcomodification.adoc
@@ -0,0 +1,58 @@
+// Do not edit this module. It is generated with a script.
+// Do not reuse this module. The anchor IDs do not contain a context statement.
+// Module included in the following assemblies:
+//
+// * virt/monitoring/virt-runbooks.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runbook-UnsupportedHCOModification"]
+= UnsupportedHCOModification
+
+[discrete]
+[id="meaning-unsupportedhcomodification"]
+== Meaning
+
+This alert fires when a JSON Patch annotation is used to change an operand
+of the HyperConverged Cluster Operator (HCO).
+
+HCO configures {VirtProductName} and its supporting operators in
+an opinionated way and overwrites its operands when there is an unexpected
+change to them. Users must not modify the operands directly.
+
+However, if a change is required and it is not supported by the HCO API,
+you can force HCO to set a change in an operator by using JSON Patch annotations.
+These changes are not reverted by HCO during its reconciliation process.
+
+[discrete]
+[id="impact-unsupportedhcomodification"]
+== Impact
+
+Incorrect use of JSON Patch annotations might lead to unexpected results
+or an unstable environment.
+
+Upgrading a system with JSON Patch annotations is dangerous because the
+structure of the component custom resources might change.
+
+[discrete]
+[id="diagnosis-unsupportedhcomodification"]
+== Diagnosis
+
+* Check the `annotation_name` in the alert details to identify the JSON
+Patch annotation:
++
+[source,text]
+----
+Labels
+  alertname=KubevirtHyperconvergedClusterOperatorUSModification
+  annotation_name=kubevirt.kubevirt.io/jsonpatch
+  severity=info
+----
+
+[discrete]
+[id="mitigation-unsupportedhcomodification"]
+== Mitigation
+
+It is best to use the HCO API to change an operand. However, if the change
+can only be done with a JSON Patch annotation, proceed with caution.
+
+Remove JSON Patch annotations before upgrade to avoid potential issues.
diff --git a/modules/virt-runbook-virtapidown.adoc b/modules/virt-runbook-virtapidown.adoc
index 4664a37bcfd2..b519191b8bc6 100644
--- a/modules/virt-runbook-virtapidown.adoc
+++ b/modules/virt-runbook-virtapidown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtAPIDown"]
 = VirtAPIDown
 
diff --git a/modules/virt-runbook-virtapiresterrorsburst.adoc b/modules/virt-runbook-virtapiresterrorsburst.adoc
index 98fe959c9c5a..0e26904b432e 100644
--- a/modules/virt-runbook-virtapiresterrorsburst.adoc
+++ b/modules/virt-runbook-virtapiresterrorsburst.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtApiRESTErrorsBurst"]
 = VirtApiRESTErrorsBurst
 
diff --git a/modules/virt-runbook-virtapiresterrorshigh.adoc b/modules/virt-runbook-virtapiresterrorshigh.adoc
index 3d783efe2ba7..b0457d49e8bb 100644
--- a/modules/virt-runbook-virtapiresterrorshigh.adoc
+++ b/modules/virt-runbook-virtapiresterrorshigh.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtApiRESTErrorsHigh"]
 = VirtApiRESTErrorsHigh
 
diff --git a/modules/virt-runbook-virtcontrollerdown.adoc b/modules/virt-runbook-virtcontrollerdown.adoc
index 290fdeb0a3a3..96dbe0ce20a7 100644
--- a/modules/virt-runbook-virtcontrollerdown.adoc
+++ b/modules/virt-runbook-virtcontrollerdown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtControllerDown"]
 = VirtControllerDown
 
diff --git a/modules/virt-runbook-virtcontrollerresterrorsburst.adoc b/modules/virt-runbook-virtcontrollerresterrorsburst.adoc
index 952e25ba7416..1571ffbf17ac 100644
--- a/modules/virt-runbook-virtcontrollerresterrorsburst.adoc
+++ b/modules/virt-runbook-virtcontrollerresterrorsburst.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtControllerRESTErrorsBurst"]
 = VirtControllerRESTErrorsBurst
 
diff --git a/modules/virt-runbook-virtcontrollerresterrorshigh.adoc b/modules/virt-runbook-virtcontrollerresterrorshigh.adoc
index 393dbffcf759..b0a2f1998dac 100644
--- a/modules/virt-runbook-virtcontrollerresterrorshigh.adoc
+++ b/modules/virt-runbook-virtcontrollerresterrorshigh.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtControllerRESTErrorsHigh"]
 = VirtControllerRESTErrorsHigh
 
diff --git a/modules/virt-runbook-virthandlerdaemonsetrolloutfailing.adoc b/modules/virt-runbook-virthandlerdaemonsetrolloutfailing.adoc
index b2204e416bda..a5ee87f63532 100644
--- a/modules/virt-runbook-virthandlerdaemonsetrolloutfailing.adoc
+++ b/modules/virt-runbook-virthandlerdaemonsetrolloutfailing.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtHandlerDaemonSetRolloutFailing"]
 = VirtHandlerDaemonSetRolloutFailing
 
diff --git a/modules/virt-runbook-virthandlerresterrorsburst.adoc b/modules/virt-runbook-virthandlerresterrorsburst.adoc
index b3de6a1eebb5..900721ac3e73 100644
--- a/modules/virt-runbook-virthandlerresterrorsburst.adoc
+++ b/modules/virt-runbook-virthandlerresterrorsburst.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtHandlerRESTErrorsBurst"]
 = VirtHandlerRESTErrorsBurst
 
diff --git a/modules/virt-runbook-virthandlerresterrorshigh.adoc b/modules/virt-runbook-virthandlerresterrorshigh.adoc
index 3aa7cbaa21ba..6073dc71d3c5 100644
--- a/modules/virt-runbook-virthandlerresterrorshigh.adoc
+++ b/modules/virt-runbook-virthandlerresterrorshigh.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtHandlerRESTErrorsHigh"]
 = VirtHandlerRESTErrorsHigh
 
@@ -44,28 +44,35 @@ $ export NAMESPACE="$(oc get kubevirt -A \
   -o custom-columns="":.metadata.namespace)"
 ----
 
-. Check the status of the `virt-handler` pod:
+. List the available `virt-handler` pods to identify the failing
+`virt-handler` pod:
 +
 [source,terminal]
 ----
 $ oc get pods -n $NAMESPACE -l=kubevirt.io=virt-handler
 ----
 
-. Check the `virt-handler` logs for error messages when connecting to
-the API server:
+. Check the failing `virt-handler` pod log for API server
+connectivity errors:
 +
 [source,terminal]
 ----
 $ oc logs -n $NAMESPACE <virt-handler>
 ----
++
+Example error message:
++
+[source,json]
+----
+{"component":"virt-handler","level":"error","msg":"Can't patch node my-node","pos":"heartbeat.go:96","reason":"the server has received too many API requests and has asked us to try again later","timestamp":"2023-11-06T11:11:41.099883Z","uid":"132c50c2-8d82-4e49-8857-dc737adcd6cc"}
+----
 
 [discrete]
 [id="mitigation-virthandlerresterrorshigh"]
 == Mitigation
 
-* If the `virt-handler` cannot connect to the API server, delete the pod
-to force a restart:
-+
+Delete the pod to force a restart:
+
 [source,terminal]
 ----
 $ oc delete -n $NAMESPACE <virt-handler>
diff --git a/modules/virt-runbook-virtoperatordown.adoc b/modules/virt-runbook-virtoperatordown.adoc
index 9290d65be5c9..3f42ceac7a21 100644
--- a/modules/virt-runbook-virtoperatordown.adoc
+++ b/modules/virt-runbook-virtoperatordown.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtOperatorDown"]
 = VirtOperatorDown
 
diff --git a/modules/virt-runbook-virtoperatorresterrorsburst.adoc b/modules/virt-runbook-virtoperatorresterrorsburst.adoc
index 87f1d41337a4..ef21293124b4 100644
--- a/modules/virt-runbook-virtoperatorresterrorsburst.adoc
+++ b/modules/virt-runbook-virtoperatorresterrorsburst.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtOperatorRESTErrorsBurst"]
 = VirtOperatorRESTErrorsBurst
 
diff --git a/modules/virt-runbook-virtoperatorresterrorshigh.adoc b/modules/virt-runbook-virtoperatorresterrorshigh.adoc
index 828ec8b78cc4..fabf757acf2f 100644
--- a/modules/virt-runbook-virtoperatorresterrorshigh.adoc
+++ b/modules/virt-runbook-virtoperatorresterrorshigh.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtOperatorRESTErrorsHigh"]
 = VirtOperatorRESTErrorsHigh
 
diff --git a/modules/virt-runbook-virtualmachinecrcerrors.adoc b/modules/virt-runbook-virtualmachinecrcerrors.adoc
index 1c70a1db7309..1793787f8343 100644
--- a/modules/virt-runbook-virtualmachinecrcerrors.adoc
+++ b/modules/virt-runbook-virtualmachinecrcerrors.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VirtualMachineCRCErrors"]
 = VirtualMachineCRCErrors
 
@@ -27,41 +27,45 @@ severe performance degradation.
 [id="diagnosis-virtualmachinecrcerrors"]
 == Diagnosis
 
-. Get the volume name from a virtual machine:
+. Navigate to *Observe* -> *Metrics* in the web console.
+. Obtain a list of virtual machines with incorrectly configured storage classes
+by running the following PromQL query:
 +
-[source,terminal]
+[source,text]
 ----
-$ oc get vm <vm_name> -o jsonpath='{.spec.template.spec.volumes}'
+kubevirt_ssp_vm_rbd_volume{rxbounce_enabled="false", volume_mode="Block"} == 1
 ----
-
-. Get the storage class name from the volume:
 +
-[source,terminal]
+The output displays a list of virtual machines that use a storage
+class without `rxbounce_enabled`.
++
+.Example output
++
+[source,text]
 ----
-$ oc get pvc <volume> -o jsonpath='{.spec.storageClassName}'
+kubevirt_ssp_vm_rbd_volume{name="testvmi-gwgdqp22k7", namespace="test_ns", pv_name="testvmi-gwgdqp22k7", rxbounce_enabled="false", volume_mode="Block"} 1
 ----
 
-. Get the storage class configuration:
+. Obtain the storage class name by running the following command:
 +
 [source,terminal]
 ----
-$ oc get sc <storage_class> -o yaml
+$ oc get pv <pv_name> -o=jsonpath='{.spec.storageClassName}'
 ----
 
-. Check the storage class configuration for the `krbd:rxbounce` map option.
-
 [discrete]
 [id="mitigation-virtualmachinecrcerrors"]
 == Mitigation
 
-Add the `krbd:rxbounce` map option to the storage class configuration:
+Add the `krbd:rxbounce` map option to the storage class configuration to use
+a bounce buffer when receiving data:
 
-[source,terminal]
+[source,yaml]
 ----
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: example-storage-class
+  name: vm-sc
 parameters:
   # ...
   mounter: rbd
@@ -72,7 +76,10 @@ provisioner: openshift-storage.rbd.csi.ceph.com
 
 The `krbd:rxbounce` option creates a bounce buffer to receive data. The default
 behavior is for the destination buffer to receive data directly. A bounce buffer
-is required if the destination buffer is unstable.
+is required if the stability of the destination buffer cannot be guaranteed.
+
+See link:https://access.redhat.com/articles/6978371[Optimizing ODF PersistentVolumes for Windows VMs]
+for details.
 
 If you cannot resolve the issue, log in to the
 link:https://access.redhat.com[Customer Portal] and open a support case,
diff --git a/modules/virt-runbook-vmcannotbeevicted.adoc b/modules/virt-runbook-vmcannotbeevicted.adoc
index 29e8dc96147d..40d4c8845fbc 100644
--- a/modules/virt-runbook-vmcannotbeevicted.adoc
+++ b/modules/virt-runbook-vmcannotbeevicted.adoc
@@ -4,7 +4,7 @@
 //
 // * virt/monitoring/virt-runbooks.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-runbook-VMCannotBeEvicted"]
 = VMCannotBeEvicted
 
diff --git a/modules/virt-running-ssp-pipeline-cli.adoc b/modules/virt-running-ssp-pipeline-cli.adoc
new file mode 100644
index 000000000000..babf3769fcd8
--- /dev/null
+++ b/modules/virt-running-ssp-pipeline-cli.adoc
@@ -0,0 +1,96 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-running-tto-pipeline-cli_{context}"]
+= Running the example pipelines using the CLI
+
+Use a `PipelineRun` resource to run the example pipelines. A `PipelineRun` object is the running instance of a pipeline. It instantiates a pipeline for execution with specific inputs, outputs, and execution parameters on a cluster. It also creates a `TaskRun` object for each task in the pipeline.
+
+.Procedure
+
+. To run the Windows 10 installer pipeline, create the following `PipelineRun` manifest:
++
+[source,yaml]
+----
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: windows10-installer-run-
+  labels:
+    pipelinerun: windows10-installer-run
+spec:
+  params:
+  - name: winImageDownloadURL
+    value: <link_to_windows_10_iso> <1>
+  pipelineRef:
+    name: windows10-installer
+  taskRunSpecs:
+    - pipelineTaskName: copy-template
+      taskServiceAccountName: copy-template-task
+    - pipelineTaskName: modify-vm-template
+      taskServiceAccountName: modify-vm-template-task
+    - pipelineTaskName: create-vm-from-template
+      taskServiceAccountName: create-vm-from-template-task
+    - pipelineTaskName: wait-for-vmi-status
+      taskServiceAccountName: wait-for-vmi-status-task
+    - pipelineTaskName: create-base-dv
+      taskServiceAccountName: modify-data-object-task
+    - pipelineTaskName: cleanup-vm
+      taskServiceAccountName: cleanup-vm-task
+  status: {}
+----
+<1> Specify the URL for the Windows 10 64-bit ISO file. The product language must be English (United States).
+
+. Apply the `PipelineRun` manifest:
++
+[source,terminal]
+----
+$ oc apply -f windows10-installer-run.yaml
+----
+
+. To run the Windows 10 customize pipeline, create the following `PipelineRun` manifest:
++
+[source,yaml]
+----
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: windows10-customize-run-
+  labels:
+    pipelinerun: windows10-customize-run
+spec:
+  params:
+    - name: allowReplaceGoldenTemplate
+      value: true
+    - name: allowReplaceCustomizationTemplate
+      value: true
+  pipelineRef:
+    name: windows10-customize
+  taskRunSpecs:
+    - pipelineTaskName: copy-template-customize
+      taskServiceAccountName: copy-template-task
+    - pipelineTaskName: modify-vm-template-customize
+      taskServiceAccountName: modify-vm-template-task
+    - pipelineTaskName: create-vm-from-template
+      taskServiceAccountName: create-vm-from-template-task
+    - pipelineTaskName: wait-for-vmi-status
+      taskServiceAccountName: wait-for-vmi-status-task
+    - pipelineTaskName: create-base-dv
+      taskServiceAccountName: modify-data-object-task
+    - pipelineTaskName: cleanup-vm
+      taskServiceAccountName: cleanup-vm-task
+    - pipelineTaskName: copy-template-golden
+      taskServiceAccountName: copy-template-task
+    - pipelineTaskName: modify-vm-template-golden
+      taskServiceAccountName: modify-vm-template-task
+status: {}
+----
+
+. Apply the `PipelineRun` manifest:
++
+[source,terminal]
+----
+$ oc apply -f windows10-customize-run.yaml
+----
diff --git a/modules/virt-running-ssp-pipeline-web.adoc b/modules/virt-running-ssp-pipeline-web.adoc
new file mode 100644
index 000000000000..a572ec00f888
--- /dev/null
+++ b/modules/virt-running-ssp-pipeline-web.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-running-tto-pipeline-web_{context}"]
+= Running the example pipelines using the web console
+
+You can run the example pipelines from the *Pipelines* menu in the web console.
+
+.Procedure
+
+. Click *Pipelines* -> *Pipelines* in the side menu.
+
+. Select a pipeline to open the *Pipeline details* page.
+
+. From the *Actions* list, select *Start*. The *Start Pipeline* dialog is displayed.
+
+. Keep the default values for the parameters and then click *Start* to run the pipeline. The *Details* tab tracks the progress of each task and displays the pipeline status.
diff --git a/modules/virt-running-tto-pipeline-cli.adoc b/modules/virt-running-tto-pipeline-cli.adoc
deleted file mode 100644
index 4dd338c0f306..000000000000
--- a/modules/virt-running-tto-pipeline-cli.adoc
+++ /dev/null
@@ -1,96 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
-
-:_content-type: PROCEDURE
-[id="virt-running-tto-pipeline-cli_{context}"]
-= Running the example pipelines using the CLI
-
-Use a `PipelineRun` resource to run the example pipelines. A `PipelineRun` object is the running instance of a pipeline. It instantiates a pipeline for execution with specific inputs, outputs, and execution parameters on a cluster. It also creates a `TaskRun` object for each task in the pipeline.
-
-.Procedure
-
-. To run the Windows 10 installer pipeline, create the following `PipelineRun` manifest:
-+
-[source,yaml]
-----
-apiVersion: tekton.dev/v1beta1
-kind: PipelineRun
-metadata:
-  generateName: windows10-installer-run-
-  labels:
-    pipelinerun: windows10-installer-run
-spec:
-  params:
-  - name: winImageDownloadURL
-    value: <link_to_windows_10_iso> <1>
-  pipelineRef:
-    name: windows10-installer
-  taskRunSpecs:
-    - pipelineTaskName: copy-template
-      taskServiceAccountName: copy-template-task
-    - pipelineTaskName: modify-vm-template
-      taskServiceAccountName: modify-vm-template-task
-    - pipelineTaskName: create-vm-from-template
-      taskServiceAccountName: create-vm-from-template-task
-    - pipelineTaskName: wait-for-vmi-status
-      taskServiceAccountName: wait-for-vmi-status-task
-    - pipelineTaskName: create-base-dv
-      taskServiceAccountName: modify-data-object-task
-    - pipelineTaskName: cleanup-vm
-      taskServiceAccountName: cleanup-vm-task
-  status: {}
-----
-<1> Specify the URL for the Windows 10 64-bit ISO file. The product language must be English (United States).
-
-. Apply the `PipelineRun` manifest:
-+
-[source,terminal]
-----
-$ oc apply -f windows10-installer-run.yaml
-----
-
-. To run the Windows 10 customize pipeline, create the following `PipelineRun` manifest:
-+
-[source,yaml]
-----
-apiVersion: tekton.dev/v1beta1
-kind: PipelineRun
-metadata:
-  generateName: windows10-customize-run-
-  labels:
-    pipelinerun: windows10-customize-run
-spec:
-  params:
-    - name: allowReplaceGoldenTemplate
-      value: true
-    - name: allowReplaceCustomizationTemplate
-      value: true
-  pipelineRef:
-    name: windows10-customize
-  taskRunSpecs:
-    - pipelineTaskName: copy-template-customize
-      taskServiceAccountName: copy-template-task
-    - pipelineTaskName: modify-vm-template-customize
-      taskServiceAccountName: modify-vm-template-task
-    - pipelineTaskName: create-vm-from-template
-      taskServiceAccountName: create-vm-from-template-task
-    - pipelineTaskName: wait-for-vmi-status
-      taskServiceAccountName: wait-for-vmi-status-task
-    - pipelineTaskName: create-base-dv
-      taskServiceAccountName: modify-data-object-task
-    - pipelineTaskName: cleanup-vm
-      taskServiceAccountName: cleanup-vm-task
-    - pipelineTaskName: copy-template-golden
-      taskServiceAccountName: copy-template-task
-    - pipelineTaskName: modify-vm-template-golden
-      taskServiceAccountName: modify-vm-template-task
-status: {}
-----
-
-. Apply the `PipelineRun` manifest:
-+
-[source,terminal]
-----
-$ oc apply -f windows10-customize-run.yaml
-----
diff --git a/modules/virt-running-tto-pipeline-web.adoc b/modules/virt-running-tto-pipeline-web.adoc
deleted file mode 100644
index bd86a0341668..000000000000
--- a/modules/virt-running-tto-pipeline-web.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
-
-:_content-type: PROCEDURE
-[id="virt-running-tto-pipeline-web_{context}"]
-= Running the example pipelines using the web console
-
-You can run the example pipelines from the *Pipelines* menu in the web console.
-
-.Procedure
-
-. Click *Pipelines* -> *Pipelines* in the side menu.
-
-. Select a pipeline to open the *Pipeline details* page.
-
-. From the *Actions* list, select *Start*. The *Start Pipeline* dialog is displayed.
-
-. Keep the default values for the parameters and then click *Start* to run the pipeline. The *Details* tab tracks the progress of each task and displays the pipeline status.
diff --git a/modules/virt-runstrategies-vms.adoc b/modules/virt-runstrategies-vms.adoc
new file mode 100644
index 000000000000..39eb8483ca2f
--- /dev/null
+++ b/modules/virt-runstrategies-vms.adoc
@@ -0,0 +1,57 @@
+// Module included in the following assemblies:
+//
+// * virt/nodes/virt-node-maintenance.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-runstrategies-vms_{context}"]
+= Run strategies
+
+The `spec.runStrategy` key has four possible values:
+
+`Always`::
+The virtual machine instance (VMI) is always present when a virtual machine (VM) is created on another node. A new VMI is created if the original stops for any reason. This is the same behavior as `running: true`.
+
+`RerunOnFailure`::
+The VMI is re-created on another node if the previous instance fails. The instance is not re-created if the VM stops successfully, such as when it is shut down.
+
+`Manual`::
+You control the VMI state manually with the `start`, `stop`, and `restart` virtctl client commands. The VM is not automatically restarted.
+
+`Halted`::
+No VMI is present when a VM is created. This is the same behavior as `running: false`.
+
+Different combinations of the `virtctl start`, `stop` and `restart` commands affect the run strategy.
+
+The following table describes a VM's transition between states. The first column shows the VM's initial run strategy. The remaining columns show a virtctl command and the new run strategy after that command is run.
+
+.Run strategy before and after `virtctl` commands
+[options="header"]
+|===
+|Initial run strategy |Start |Stop |Restart
+
+|Always
+|-
+|Halted
+|Always
+
+|RerunOnFailure
+|-
+|Halted
+|RerunOnFailure
+
+|Manual
+|Manual
+|Manual
+|Manual
+
+|Halted
+|Always
+|-
+|-
+|===
+
+[NOTE]
+====
+If a node in a cluster installed by using installer-provisioned infrastructure fails the machine health check and is unavailable, VMs with `runStrategy: Always` or `runStrategy: RerunOnFailure` are rescheduled on a new node.
+====
+
diff --git a/modules/virt-schedule-cpu-host-model-vms.adoc b/modules/virt-schedule-cpu-host-model-vms.adoc
index 76b08a790fda..64e2afaa6344 100644
--- a/modules/virt-schedule-cpu-host-model-vms.adoc
+++ b/modules/virt-schedule-cpu-host-model-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-schedule-cpu-host-model-vms_{context}"]
 = Scheduling virtual machines with the host model
 
diff --git a/modules/virt-schedule-supported-cpu-model-vms.adoc b/modules/virt-schedule-supported-cpu-model-vms.adoc
index a04dc0916996..09019f2157c8 100644
--- a/modules/virt-schedule-supported-cpu-model-vms.adoc
+++ b/modules/virt-schedule-supported-cpu-model-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-schedule-supported-cpu-model-vms_{context}"]
 = Scheduling virtual machines with the supported CPU model
 
diff --git a/modules/virt-selecting-migration-network-ui.adoc b/modules/virt-selecting-migration-network-ui.adoc
index 99ab08be69e0..5e4f889645c8 100644
--- a/modules/virt-selecting-migration-network-ui.adoc
+++ b/modules/virt-selecting-migration-network-ui.adoc
@@ -1,8 +1,9 @@
 // Module included in the following assemblies:
 //
 // * virt/live_migration/virt-migrating-vm-on-secondary-network.adoc
+// * virt/post_installation_configuration/virt-post-install-network-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-selecting-migration-network-ui_{context}"]
 = Selecting a dedicated network by using the web console
 
@@ -14,8 +15,6 @@ You can select a dedicated network for live migration by using the {product-titl
 
 .Procedure
 
-1. Navigate to *Virtualization > Overview* in the {product-title} web console.
-
-2. Click the *Settings* tab and then click *Live migration*.
-
-3. Select the network from the *Live migration network* list.
\ No newline at end of file
+. Navigate to *Virtualization > Overview* in the {product-title} web console.
+. Click the *Settings* tab and then click *Live migration*.
+. Select the network from the *Live migration network* list.
\ No newline at end of file
diff --git a/modules/virt-setting-policy-attributes.adoc b/modules/virt-setting-policy-attributes.adoc
index 1f1b44aab975..44a83a73c71e 100644
--- a/modules/virt-setting-policy-attributes.adoc
+++ b/modules/virt-setting-policy-attributes.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-setting-policy-attributes_{context}"]
 = Setting a policy attribute and CPU feature
 
diff --git a/modules/virt-setting-resource-quota-limits-for-vms.adoc b/modules/virt-setting-resource-quota-limits-for-vms.adoc
index a90a7926a575..4f802b689735 100644
--- a/modules/virt-setting-resource-quota-limits-for-vms.adoc
+++ b/modules/virt-setting-resource-quota-limits-for-vms.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/advanced_vm_management/virt-working-with-resource-quotas-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-setting-resource-quota-limits-for-vms_{context}"]
 = Setting resource quota limits for virtual machines
 
diff --git a/modules/virt-sno-differences.adoc b/modules/virt-sno-differences.adoc
index c11a9193c717..5f009d5d8915 100644
--- a/modules/virt-sno-differences.adoc
+++ b/modules/virt-sno-differences.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/about-virt.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="virt-sno-differences_{context}"]
 = {sno-caps} differences
 
diff --git a/modules/virt-specializing-windows-sysprep.adoc b/modules/virt-specializing-windows-sysprep.adoc
index 4dbb93c23a08..5dcf31d955ae 100644
--- a/modules/virt-specializing-windows-sysprep.adoc
+++ b/modules/virt-specializing-windows-sysprep.adoc
@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-automating-windows-sysprep.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-specializing-windows-sysprep_{context}"]
-= Specializing a Windows virtual machine
+= Specializing a Windows VM image
 
-Specializing a virtual machine (VM) configures the computer-specific information from a generalized Windows image onto the VM.
+Specializing a Windows virtual machine (VM) configures the computer-specific information from a generalized Windows image onto the VM.
 
 .Prerequisites
 
@@ -18,8 +18,8 @@ Specializing a virtual machine (VM) configures the computer-specific information
 . In the {product-title} console, click *Virtualization* -> *Catalog*.
 . Select a Windows template and click *Customize VirtualMachine*.
 . Select *PVC (clone PVC)* from the *Disk source* list.
-. Specify the *Persistent Volume Claim project* and *Persistent Volume Claim name* of the generalized Windows image.
-. Click *Review and create VirtualMachine*.
+. Select the PVC project and PVC name of the generalized Windows image.
+. Click *Customize VirtualMachine parameters*.
 . Click the *Scripts* tab.
 . In the *Sysprep* section, click *Edit*, browse to the `unattend.xml` answer file, and click *Save*.
 . Click *Create VirtualMachine*.
diff --git a/modules/virt-starting-vm-web.adoc b/modules/virt-starting-vm-web.adoc
index fd013c93f89c..4f07efed8bb8 100644
--- a/modules/virt-starting-vm-web.adoc
+++ b/modules/virt-starting-vm-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-controlling-vm-states.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-starting-vm-web_{context}"]
 = Starting a virtual machine
 
diff --git a/modules/virt-stopping-vm-web.adoc b/modules/virt-stopping-vm-web.adoc
index db08a77cf69c..957f2675e093 100644
--- a/modules/virt-stopping-vm-web.adoc
+++ b/modules/virt-stopping-vm-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-controlling-vm-states.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-stopping-vm-web_{context}"]
 = Stopping a virtual machine
 
diff --git a/modules/virt-storage-rbac-roles.adoc b/modules/virt-storage-rbac-roles.adoc
new file mode 100644
index 000000000000..9b27512c7793
--- /dev/null
+++ b/modules/virt-storage-rbac-roles.adoc
@@ -0,0 +1,240 @@
+// Module included in the following assemblies:
+//
+// * virt/about_virt/virt-security-policies.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-storage-rbac-roles_{context}"]
+= RBAC roles for storage features in {VirtProductName}
+
+The following permissions are granted to the Containerized Data Importer (CDI), including the `cdi-operator` and `cdi-controller` service accounts.
+
+[id="cluster-wide-rbac-roles-cdi"]
+== Cluster-wide RBAC roles
+
+.Aggregated cluster roles for the `cdi.kubevirt.io` API group
+[cols="1,2,1",options="header"]
+|===
+| CDI cluster role
+| Resources
+| Verbs
+
+.2+.^| `cdi.kubevirt.io:admin`
+.^| `datavolumes`, `uploadtokenrequests`
+.^| `*` (all)
+
+.^| `datavolumes/source`
+.^| `create`
+
+.2+.^| `cdi.kubevirt.io:edit`
+.^| `datavolumes`, `uploadtokenrequests`
+.^| `*`
+
+.^| `datavolumes/source`
+.^| `create`
+
+.2+.^| `cdi.kubevirt.io:view`
+.^| `cdiconfigs`, `dataimportcrons`, `datasources`, `datavolumes`, `objecttransfers`, `storageprofiles`, `volumeimportsources`, `volumeuploadsources`, `volumeclonesources`
+.^| `get`, `list`, `watch`
+
+.^| `datavolumes/source`
+.^| `create`
+
+.^| `cdi.kubevirt.io:config-reader`
+.^| `cdiconfigs`, `storageprofiles`
+.^| `get`, `list`, `watch`
+|===
+
+.Cluster-wide roles for the `cdi-operator` service account
+[cols="1,1,2",options="header"]
+|===
+| API group
+| Resources
+| Verbs
+
+.^| `rbac.authorization.k8s.io`
+.^| `clusterrolebindings`, `clusterroles`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+
+.^| `security.openshift.io`
+.^| `securitycontextconstraints`
+.^| `get`, `list`, `watch`, `update`, `create`
+
+.^| `apiextensions.k8s.io`
+.^| `customresourcedefinitions`, `customresourcedefinitions/status`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+
+.^| `cdi.kubevirt.io`
+.^| `*`
+.^| `*`
+
+.^| `upload.cdi.kubevirt.io`
+.^| `*`
+.^| `*`
+
+.^| `admissionregistration.k8s.io`
+.^| `validatingwebhookconfigurations`, `mutatingwebhookconfigurations`
+.^| `create`, `list`, `watch`
+
+.^| `admissionregistration.k8s.io`
+.^| `validatingwebhookconfigurations`
+
+Allow list: `cdi-api-dataimportcron-validate, cdi-api-populator-validate, cdi-api-datavolume-validate, cdi-api-validate, objecttransfer-api-validate`
+.^| `get`, `update`, `delete`
+
+.^| `admissionregistration.k8s.io`
+.^| `mutatingwebhookconfigurations`
+
+Allow list: `cdi-api-datavolume-mutate`
+.^| `get`, `update`, `delete`
+
+.^| `apiregistration.k8s.io`
+.^| `apiservices`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+|===
+
+.Cluster-wide roles for the `cdi-controller` service account
+[cols="1,1,2",options="header"]
+|===
+| API group
+| Resources
+| Verbs
+
+.^| `""` (core)
+.^| `events`
+.^| `create`, `patch`
+
+.^| `""` (core)
+.^| `persistentvolumeclaims`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`, `deletecollection`, `patch`
+
+.^| `""` (core)
+.^| `persistentvolumes`
+.^| `get`, `list`, `watch`, `update`
+
+.^| `""` (core)
+.^| `persistentvolumeclaims/finalizers`, `pods/finalizers`
+.^| `update`
+
+.^| `""` (core)
+.^| `pods`, `services`
+.^| `get`, `list`, `watch`, `create`, `delete`
+
+.^| `""` (core)
+.^| `configmaps`
+.^| `get`, `create`
+
+.^| `storage.k8s.io`
+.^| `storageclasses`, `csidrivers`
+.^| `get`, `list`, `watch`
+
+.^| `config.openshift.io`
+.^| `proxies`
+.^| `get`, `list`, `watch`
+
+.^| `cdi.kubevirt.io`
+.^| `*`
+.^| `*`
+
+.^| `snapshot.storage.k8s.io`
+.^| `volumesnapshots`, `volumesnapshotclasses`, `volumesnapshotcontents`
+.^| `get`, `list`, `watch`, `create`, `delete`
+
+.^| `snapshot.storage.k8s.io`
+.^| `volumesnapshots`
+.^| `update`, `deletecollection`
+
+.^| `apiextensions.k8s.io`
+.^| `customresourcedefinitions`
+.^| `get`, `list`, `watch`
+
+.^| `scheduling.k8s.io`
+.^| `priorityclasses`
+.^| `get`, `list`, `watch`
+
+.^| `image.openshift.io`
+.^| `imagestreams`
+.^| `get`, `list`, `watch`
+
+.^| `""` (core)
+.^| `secrets`
+.^| `create`
+
+.^| `kubevirt.io`
+.^| `virtualmachines/finalizers`
+.^| `update`
+|===
+
+[id="namespaced-rbac-roles-cdi"]
+== Namespaced RBAC roles
+
+.Namespaced roles for the `cdi-operator` service account
+[cols="1,1,2",options="header"]
+|===
+| API group
+| Resources
+| Verbs
+
+.^| `rbac.authorization.k8s.io`
+.^| `rolebindings`, `roles`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+
+.^| `""` (core)
+.^| `serviceaccounts`, `configmaps`, `events`, `secrets`, `services`
+.^| `get`, `list`, `watch`, `create`, `update`, `patch`, `delete`
+
+.^| `apps`
+.^| `deployments`, `deployments/finalizers`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+
+.^| `route.openshift.io`
+.^| `routes`, `routes/custom-host`
+.^| `get`, `list`, `watch`, `create`, `update`
+
+.^| `config.openshift.io`
+.^| `proxies`
+.^| `get`, `list`, `watch`
+
+.^| `monitoring.coreos.com`
+.^| `servicemonitors`, `prometheusrules`
+.^| `get`, `list`, `watch`, `create`, `delete`, `update`, `patch`
+
+.^| `coordination.k8s.io`
+.^| `leases`
+.^| `get`, `create`, `update`
+|===
+
+.Namespaced roles for the `cdi-controller` service account
+[cols="1,1,2",options="header"]
+|===
+| API group
+| Resources
+| Verbs
+
+.^| `""` (core)
+.^| `configmaps`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+
+.^| `""` (core)
+.^| `secrets`
+.^| `get`, `list`, `watch`
+
+.^| `batch`
+.^| `cronjobs`
+.^| `get`, `list`, `watch`, `create`, `update`, `delete`
+
+.^| `batch`
+.^| `jobs`
+.^| `create`, `delete`, `list`, `watch`
+
+.^| `coordination.k8s.io`
+.^| `leases`
+.^| `get`, `create`, `update`
+
+.^| `networking.k8s.io`
+.^| `ingresses`
+.^| `get`, `list`, `watch`
+
+.^| `route.openshift.io`
+.^| `routes`
+.^| `get`, `list`, `watch`
+|===
diff --git a/modules/virt-storage-wizard-fields-web.adoc b/modules/virt-storage-wizard-fields-web.adoc
index 3cd04751d79c..f244c64dde29 100644
--- a/modules/virt-storage-wizard-fields-web.adoc
+++ b/modules/virt-storage-wizard-fields-web.adoc
@@ -1,16 +1,14 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
-// * virt/vm_templates/virt-creating-vm-template.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
 
 [id="virt-storage-wizard-fields-web_{context}"]
 = Storage fields
 
-[cols="5a,3a,5a"]
+[cols="1a,3a"]
 |===
-|Name |Selection |Description
+|Field |Description
 
-.6+|Source
 |Blank (creates PVC)
 |Create an empty disk.
 
@@ -30,23 +28,18 @@
 |Upload content from a container located in a registry accessible from the cluster. The container disk should be used only for read-only filesystems such as CD-ROMs or temporary virtual machines.
 
 |Name
-|
 |Name of the disk. The name can contain lowercase letters (`a-z`), numbers (`0-9`), hyphens (`-`), and periods (`.`), up to a maximum of 253 characters. The first and last characters must be alphanumeric. The name must not contain uppercase letters, spaces, or special characters.
 
 |Size
-|
 |Size of the disk in GiB.
 
 |Type
-|
 |Type of disk. Example: Disk or CD-ROM
 
 |Interface
-|
 |Type of disk device. Supported interfaces are *virtIO*, *SATA*, and *SCSI*.
 
 |Storage Class
-|
 |The storage class that is used to create the disk.
 |===
 
@@ -54,36 +47,31 @@
 [discrete]
 == Advanced storage settings
 
-The following advanced storage settings are optional and available for *Blank*, *Import via URL*, and *Clone existing PVC* disks.  Before {VirtProductName} 4.11, if you do not specify these parameters, the system uses the default values from the `kubevirt-storage-class-defaults` config map. In {VirtProductName} 4.11 and later, the system uses the default values from the xref:../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[storage profile].
+The following advanced storage settings are optional and available for *Blank*, *Import via URL*, and *Clone existing PVC* disks.
 
-[NOTE]
-====
-Use storage profiles to ensure consistent advanced storage settings when provisioning storage for {VirtProductName}.
-
-To manually specify *Volume Mode* and *Access Mode*, you must clear the *Apply optimized StorageProfile settings* checkbox, which is selected by default.
-====
+If you do not specify these parameters, the system uses the default storage profile values.
 
-[cols="5a,3a,3a,5a",options="header"]
+[cols="1a,1a,3a",options="header"]
 |===
-|Name |Mode description |Parameter |Parameter description
+|Parameter |Option |Parameter description
 
 .2+|Volume Mode
 
-.2+|Defines whether the persistent volume uses a formatted file system or raw block state. Default is *Filesystem*.
 |Filesystem
 |Stores the virtual disk on a file system-based volume.
 |Block
 |Stores the virtual disk directly on the block volume. Only use `Block` if the underlying storage supports it.
-.3+|Access Mode
-.3+|Access mode of the persistent volume.
+
+.2+|Access Mode
 |ReadWriteOnce (RWO)
 |Volume can be mounted as read-write by a single node.
 |ReadWriteMany (RWX)
 |Volume can be mounted as read-write by many nodes at one time.
 [NOTE]
 ====
-This is required for some features, such as live migration of virtual machines between nodes.
+This mode is required for live migration.
 ====
+
 |ReadOnlyMany (ROX)
 |Volume can be mounted as read only by many nodes.
 |===
diff --git a/modules/virt-subscribing-cli.adoc b/modules/virt-subscribing-cli.adoc
index a9e66f82c1a1..1455c843b6a8 100644
--- a/modules/virt-subscribing-cli.adoc
+++ b/modules/virt-subscribing-cli.adoc
@@ -2,11 +2,11 @@
 //
 // * virt/install/installing-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-subscribing-cli_{context}"]
 = Subscribing to the {VirtProductName} catalog by using the CLI
 
-Before you install {VirtProductName}, you must subscribe to the {VirtProductName} catalog. Subscribing gives the `openshift-cnv` namespace access to the {VirtProductName} Operators.
+Before you install {VirtProductName}, you must subscribe to the {VirtProductName} catalog. Subscribing gives the `{CNVNamespace}` namespace access to the {VirtProductName} Operators.
 
 To subscribe, configure `Namespace`, `OperatorGroup`, and `Subscription` objects by applying a single manifest to your cluster.
 
@@ -16,39 +16,74 @@ To subscribe, configure `Namespace`, `OperatorGroup`, and `Subscription` objects
 * Log in as a user with `cluster-admin` privileges.
 
 .Procedure
-
+ifdef::openshift-enterprise[]
 . Create a YAML file that contains the following manifest:
+//Note that there are two versions of the following YAML file; the first one is for openshift-enterprise and the second is for openshift-origin (aka OKD).
 +
 [source,yaml,subs="attributes+"]
 ----
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: openshift-cnv
+  name: {CNVNamespace}
 ---
 apiVersion: operators.coreos.com/v1
 kind: OperatorGroup
 metadata:
   name: kubevirt-hyperconverged-group
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
   targetNamespaces:
-    - openshift-cnv
+    - {CNVNamespace}
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: hco-operatorhub
+  namespace: {CNVNamespace}
+spec:
+  source: {CNVSubscriptionSpecSource}
+  sourceNamespace: openshift-marketplace
+  name: {CNVSubscriptionSpecName}
+  startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
+  channel: "stable" <1>
+----
+<1> Using the `stable` channel ensures that you install the version of
+{VirtProductName} that is compatible with your {product-title} version.
+endif::openshift-enterprise[]
+
+ifdef::openshift-origin[]
+. Create a YAML file that contains the following manifest:
++
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {CNVNamespace}
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: kubevirt-hyperconverged-group
+  namespace: {CNVNamespace}
+spec: {}
 ---
-apiVersion: operators.coreos.com/v1beta1
+apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
   name: hco-operatorhub
-  namespace: openshift-cnv
+  namespace: {CNVNamespace}
 spec:
-  source: redhat-operators
+  source: {CNVSubscriptionSpecSource}
   sourceNamespace: openshift-marketplace
-  name: kubevirt-hyperconverged
+  name: {CNVSubscriptionSpecName}
   startingCSV: kubevirt-hyperconverged-operator.v{HCOVersion}
   channel: "stable" <1>
 ----
 <1> Using the `stable` channel ensures that you install the version of
 {VirtProductName} that is compatible with your {product-title} version.
+endif::openshift-origin[]
 
 . Create the required `Namespace`, `OperatorGroup`, and `Subscription` objects
 for {VirtProductName} by running the following command:
diff --git a/modules/virt-supported-ssp-tasks.adoc b/modules/virt-supported-ssp-tasks.adoc
new file mode 100644
index 000000000000..13305daa17ec
--- /dev/null
+++ b/modules/virt-supported-ssp-tasks.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="virt-supported-ssp-tasks_{context}"]
+= Virtual machine tasks supported by the SSP Operator
+
+The following table shows the tasks that are included as part of the SSP Operator.
+
+.Virtual machine tasks supported by the SSP Operator
+[cols="1,1",options="header"]
+|===
+| Task | Description
+
+| `create-vm-from-manifest`
+| Create a virtual machine from a provided manifest or with `virtctl`.
+
+| `create-vm-from-template`
+| Create a virtual machine from a template.
+
+| `copy-template`
+| Copy a virtual machine template.
+
+| `modify-vm-template`
+| Modify a virtual machine template.
+
+| `modify-data-object`
+| Create or delete data volumes or data sources.
+
+| `cleanup-vm`
+| Run a script or a command in a virtual machine and stop or delete the virtual machine afterward.
+
+| `disk-virt-customize`
+| Use the `virt-customize` tool to run a customization script on a target PVC.
+
+| `disk-virt-sysprep`
+| Use the `virt-sysprep` tool to run a sysprep script on a target PVC.
+
+| `wait-for-vmi-status`
+| Wait for a specific status of a virtual machine instance and fail or succeed based on the status.
+|===
+
+[NOTE]
+====
+Virtual machine creation in pipelines now utilizes `ClusterInstanceType` and `ClusterPreference` instead of template-based tasks, which have been deprecated. The `create-vm-from-template`, `copy-template`, and `modify-vm-template` commands remain available but are not used in default pipeline tasks.
+====
\ No newline at end of file
diff --git a/modules/virt-supported-tekton-tasks.adoc b/modules/virt-supported-tekton-tasks.adoc
deleted file mode 100644
index d7d76a23a0fd..000000000000
--- a/modules/virt-supported-tekton-tasks.adoc
+++ /dev/null
@@ -1,39 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
-
-:_content-type: REFERENCE
-[id="virt-supported-tekton-tasks_{context}"]
-= Virtual machine tasks supported by the Tekton Tasks Operator
-
-The following table shows the tasks that are included as part of the Tekton Tasks Operator.
-
-.Virtual machine tasks supported by the Tekton Tasks Operator
-[cols="1,1",options="header"]
-|===
-| Task | Description
-
-| `create-vm-from-template`
-| Create a virtual machine from a template.
-
-| `copy-template`
-| Copy a virtual machine template.
-
-| `modify-vm-template`
-| Modify a virtual machine template.
-
-| `modify-data-object`
-| Create or delete data volumes or data sources.
-
-| `cleanup-vm`
-| Run a script or a command in a virtual machine and stop or delete the virtual machine afterward.
-
-| `disk-virt-customize`
-| Use the `virt-customize` tool to run a customization script on a target PVC.
-
-| `disk-virt-sysprep`
-| Use the `virt-sysprep` tool to run a sysprep script on a target PVC.
-
-| `wait-for-vmi-status`
-| Wait for a specific status of a virtual machine instance and fail or succeed based on the status.
-|===
diff --git a/modules/virt-supported-virtio-drivers.adoc b/modules/virt-supported-virtio-drivers.adoc
deleted file mode 100644
index cfdcd4a64f1f..000000000000
--- a/modules/virt-supported-virtio-drivers.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-installing-virtio-drivers-on-new-windows-vm.adoc
-
-[id="virt-supported-virtio-drivers_{context}"]
-= Supported VirtIO drivers for Microsoft Windows virtual machines
-
-[caption=]
-.Supported drivers
-|===
-|Driver name | Hardware ID | Description
-
-|*viostor*
-|VEN_1AF4&DEV_1001 +
-VEN_1AF4&DEV_1042
-|The block driver. Sometimes displays as an *SCSI Controller* in the *Other devices*
-group.
-
-|*viorng*
-|VEN_1AF4&DEV_1005 +
-VEN_1AF4&DEV_1044
-|The entropy source driver. Sometimes displays as a *PCI Device* in the
-*Other devices* group.
-
-|*NetKVM*
-|VEN_1AF4&DEV_1000 +
-VEN_1AF4&DEV_1041
-|The network driver. Sometimes displays as an *Ethernet Controller* in the
-*Other devices* group. Available only if a VirtIO NIC is configured.
-|===
diff --git a/modules/virt-switching-displays.adoc b/modules/virt-switching-displays.adoc
deleted file mode 100644
index d353cd592440..000000000000
--- a/modules/virt-switching-displays.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
-
-:_content-type: PROCEDURE
-[id="virt-switching-displays_{context}"]
-= Switching between virtual machine displays
-
-If your Windows virtual machine (VM) has a vGPU attached, you can switch between the default display and the vGPU display by using the web console.
-
-.Prerequisites
-
-* The mediated device is configured in the `HyperConverged` custom resource and assigned to the VM.
-* The VM is running.
-
-.Procedure
-
-. In the {product-title} console, click *Virtualization* -> *VirtualMachines*
-. Select a Windows virtual machine to open the *Overview* screen.
-. Click the *Console* tab.
-. From the list of consoles, select *VNC console*.
-. Choose the appropriate key combination from the *Send Key* list:
-.. To access the default VM display, select `Ctl + Alt+ 1`.
-.. To access the vGPU display, select `Ctl + Alt + 2`.
diff --git a/modules/virt-template-fields-for-boot-source.adoc b/modules/virt-template-fields-for-boot-source.adoc
index f2149c756cf2..a2b77e8f72d6 100644
--- a/modules/virt-template-fields-for-boot-source.adoc
+++ b/modules/virt-template-fields-for-boot-source.adoc
@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * virt/vm_templates/virt-creating-vm-template.adoc
+
 
 [id="virt-template-fields-for-boot-source_{context}"]
 = Virtual machine template fields for adding a boot source
diff --git a/modules/virt-temporary-token-VNC.adoc b/modules/virt-temporary-token-VNC.adoc
new file mode 100644
index 000000000000..f6f793f0c729
--- /dev/null
+++ b/modules/virt-temporary-token-VNC.adoc
@@ -0,0 +1,69 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-consoles.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-temporary-token-VNC_{context}"]
+= Generating a temporary token for the VNC console
+
+Generate a temporary authentication bearer token for the Kubernetes API to access the VNC of a virtual machine (VM).
+
+[NOTE]
+====
+Kubernetes also supports authentication using client certificates, instead of a bearer token, by modifying the curl command.
+====
+
+.Prerequisites
+
+* A running virtual machine with {VirtProductName} 4.14 or later and xref:../../virt/about-virt/virt-architecture#virt-about-ssp-operator_virt-architecture[`ssp-operator`] 4.14 or later
+
+.Procedure
+
+. Enable the feature gate in the HyperConverged (`HCO`) custom resource (CR):
++
+[source,terminal,subs="attributes+"]
+----
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} --type json -p '[{"op": "replace", "path": "/spec/featureGates/deployVmConsoleProxy", "value": true}]'
+# ...
+----
+
+. Generate a token by running the following command:
++
+[source,terminal]
+----
+$ curl --header "Authorization: Bearer ${TOKEN}" \
+     "https://api.<cluster_fqdn>/apis/token.kubevirt.io/v1alpha1/namespaces/<namespace>/virtualmachines/<vm_name>/vnc?duration=<duration>" <1>
+----
+<1> Duration can be in hours and minutes, with a minimum duration of 10 minutes. Example: `5h30m`. The token is valid for 10 minutes by default if this parameter is not set.
++
+Sample output:
++
+[source,terminal]
+----
+{ "token": "eyJhb..." }
+----
+
+. Optional: Use the token provided in the output to create a variable:
++
+[source,terminal]
+----
+$ export VNC_TOKEN="<token>"
+----
+
+You can now use the token to access the VNC console of a VM.
+
+.Verification
+
+.  Log in to the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc login --token ${VNC_TOKEN}
+----
+
+.  Use `virtctl` to test access to the VNC console of the VM by running the following command:
++
+[source,terminal]
+----
+$ virtctl vnc <vm_name> -n <namespace>
+----
diff --git a/modules/virt-troubleshooting-incorrect-policy-config.adoc b/modules/virt-troubleshooting-incorrect-policy-config.adoc
index 40dc02adc072..16f05dfb7301 100644
--- a/modules/virt-troubleshooting-incorrect-policy-config.adoc
+++ b/modules/virt-troubleshooting-incorrect-policy-config.adoc
@@ -2,7 +2,7 @@
 //
 // * networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-troubleshooting-incorrect-policy-config_{context}"]
 = Troubleshooting an incorrect node network configuration policy configuration
 
diff --git a/modules/virt-unpausing-vm-web.adoc b/modules/virt-unpausing-vm-web.adoc
index 7fc8db8be5e3..da93ed700861 100644
--- a/modules/virt-unpausing-vm-web.adoc
+++ b/modules/virt-unpausing-vm-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-controlling-vm-states.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-unpausing-vm-web_{context}"]
 = Unpausing a virtual machine
 
diff --git a/modules/virt-update-node-network-config-form.adoc b/modules/virt-update-node-network-config-form.adoc
new file mode 100644
index 000000000000..fb3f63914b20
--- /dev/null
+++ b/modules/virt-update-node-network-config-form.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: PROCEDURE
+[id="virt-update-node-network-config-form_{context}"]
+= Updating the policy by using form
+
+.Procedure
+. Navigate to *Networking* → *NodeNetworkConfigurationPolicy*.
+
+. In the *NodeNetworkConfigurationPolicy* page, click the {kebab} icon placed next to the policy you want to edit, and click *Edit*.
+
+. Edit the fields that you want to update.
+
+. Click *Save*.
+
+[NOTE]
+====
+Addition of a VLAN interface using the form is not supported. To add a VLAN interface, you must use YAML to create the policy. Once added, you cannot edit the policy using form.
+====
diff --git a/modules/virt-update-node-network-config-yaml.adoc b/modules/virt-update-node-network-config-yaml.adoc
new file mode 100644
index 000000000000..647ecaa650eb
--- /dev/null
+++ b/modules/virt-update-node-network-config-yaml.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: PROCEDURE
+[id="virt-update-node-network-config-yaml_{context}"]
+= Updating the policy by using YAML
+
+.Procedure
+. Navigate to *Networking* → *NodeNetworkConfigurationPolicy*.
+
+. In the *NodeNetworkConfigurationPolicy* page, click the policy name under the *Name* column for the policy you want to edit.
+
+. Click the *YAML* tab, and edit the YAML.
+
+. Click *Save*.
diff --git a/modules/virt-updating-virtio-drivers-windows.adoc b/modules/virt-updating-virtio-drivers-windows.adoc
index 300745db7a05..0e9a9a6d364f 100644
--- a/modules/virt-updating-virtio-drivers-windows.adoc
+++ b/modules/virt-updating-virtio-drivers-windows.adoc
@@ -1,22 +1,22 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-updating-virtio-drivers-windows_{context}"]
-= Updating VirtIO drivers on a Windows guest
+= Updating VirtIO drivers on a Windows VM
 
-Update the `virtio` drivers by using Windows Update.
+Update the `virtio` drivers on a Windows virtual machine (VM) by using the Windows Update service.
 
 .Prerequisites
 
-* A Windows guest operating system with the `virtio` drivers must be attached to the virtual machine (VM).
 * The cluster must be connected to the internet. Disconnected clusters cannot reach the Windows Update service.
 
 .Procedure
 
-. In the Windows Guest operating system, use the `File Explorer` to navigate to *Settings* -> *Windows Update* -> *Advanced Options* -> *Optional Updates*.
+. In the Windows Guest operating system, click the *Windows* key and select *Settings*.
+. Navigate to *Windows Update* -> *Advanced Options* -> *Optional Updates*.
 . Install all updates from *Red Hat, Inc.*.
 . Reboot the VM.
 
@@ -25,4 +25,4 @@ Update the `virtio` drivers by using Windows Update.
 . On the Windows VM, navigate to the *Device Manager*.
 . Select a device.
 . Select the *Driver* tab.
-. Click *Driver Details* and confirm that the `virtio` driver details list the correct version.
\ No newline at end of file
+. Click *Driver Details* and confirm that the `virtio` driver details displays the correct version.
\ No newline at end of file
diff --git a/modules/virt-uploading-image-virtctl.adoc b/modules/virt-uploading-image-virtctl.adoc
new file mode 100644
index 000000000000..e331d059459c
--- /dev/null
+++ b/modules/virt-uploading-image-virtctl.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-uploading-image-virtctl_{context}"]
+= Creating a VM from an uploaded image by using the command line
+
+You can upload an operating system image by using the `virtctl` command line tool. You can use an existing data volume or create a new data volume for the image.
+
+.Prerequisites
+
+* You must have an `ISO`, `IMG`, or `QCOW2` operating system image file.
+* For best performance, compress the image file by using the link:https://libguestfs.org/virt-sparsify.1.html[virt-sparsify] tool or the `xz` or `gzip` utilities.
+* You must have `virtctl` installed.
+* The client machine must be configured to trust the {product-title} router's
+certificate.
+
+.Procedure
+
+. Upload the image by running the `virtctl image-upload` command:
++
+[source,terminal]
+----
+$ virtctl image-upload dv <datavolume_name> \ <1>
+  --size=<datavolume_size> \ <2>
+  --image-path=</path/to/image> \ <3>
+----
+<1> The name of the data volume.
+<2> The size of the data volume. For example: `--size=500Mi`, `--size=1G`
+<3> The file path of the image.
++
+[NOTE]
+====
+* If you do not want to create a new data volume, omit the `--size` parameter and include the `--no-create` flag.
+* When uploading a disk image to a PVC, the PVC size must be larger than the size of the uncompressed virtual disk.
+* To allow insecure server connections when using HTTPS, use the `--insecure` parameter. When you use the `--insecure` flag, the authenticity of the upload endpoint is *not* verified.
+====
+
+. Optional. To verify that a data volume was created, view all data volumes by running the following command:
++
+[source,terminal]
+----
+$ oc get dvs
+----
diff --git a/modules/virt-uploading-image-web.adoc b/modules/virt-uploading-image-web.adoc
index d33c9bac65fb..ee498c8b099a 100644
--- a/modules/virt-uploading-image-web.adoc
+++ b/modules/virt-uploading-image-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-web.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-uploading-image-web_{context}"]
 = Uploading an image file using the web console
 
diff --git a/modules/virt-uploading-local-disk-image-dv.adoc b/modules/virt-uploading-local-disk-image-dv.adoc
index cf7ee5e27767..a4ec3bafd920 100644
--- a/modules/virt-uploading-local-disk-image-dv.adoc
+++ b/modules/virt-uploading-local-disk-image-dv.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-uploading-local-disk-image-dv_{context}"]
 = Uploading a local disk image to a data volume
 
diff --git a/modules/virt-using-disk-image-install-windows.adoc b/modules/virt-using-disk-image-install-windows.adoc
deleted file mode 100644
index 64cebf16ab65..000000000000
--- a/modules/virt-using-disk-image-install-windows.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-automating-windows-sysprep.adoc
-
-:_content-type: PROCEDURE
-[id="virt-using-disk-image-install-windows_{context}"]
-= Using a disk image to install Windows
-
-You can use a disk image to install Windows on your virtual machine.
-
-.Prerequisites
-
-* You must create a disk image using a Windows DVD.
-* You must create an `autounattend.xml` answer file. See the link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs[Microsoft documentation] for details.
-
-.Procedure
-
-. In the {product-title} console, click *Virtualization* -> *Catalog* from the side menu.
-. Select a Windows template and click *Customize VirtualMachine*.
-. Select *Upload (Upload a new file to a PVC)* from the *Disk source* list and browse to the DVD image.
-. Click *Review and create VirtualMachine*.
-. Clear *Clone available operating system source to this Virtual Machine*.
-. Clear *Start this VirtualMachine after creation*.
-. On the *Sysprep* section of the *Scripts* tab, click *Edit*.
-. Browse to the `autounattend.xml` answer file and click *Save*.
-. Click *Create VirtualMachine*.
-. On the *YAML* tab, replace `running:false` with `runStrategy: RerunOnFailure` and click *Save*.
-
-The VM will start with the `sysprep` disk containing the `autounattend.xml` answer file.
diff --git a/modules/virt-using-skip-node.adoc b/modules/virt-using-skip-node.adoc
index e91f14bb9087..dbdc6325d7ff 100644
--- a/modules/virt-using-skip-node.adoc
+++ b/modules/virt-using-skip-node.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assembly:
 //
-// * virt/node_maintenance/virt-preventing-node-reconciliation.adoc
+// * virt/nodes/virt-preventing-node-reconciliation.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-using-skip-node_{context}"]
 = Using skip-node annotation
 
diff --git a/modules/virt-using-virt-must-gather.adoc b/modules/virt-using-virt-must-gather.adoc
index 6c24365f3838..7bda7396c8fd 100644
--- a/modules/virt-using-virt-must-gather.adoc
+++ b/modules/virt-using-virt-must-gather.adoc
@@ -4,7 +4,7 @@
 
 //This file contains UI elements and/or package names that need to be updated.
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-using-virt-must-gather_{context}"]
 = Using the must-gather tool for {VirtProductName}
 
@@ -17,12 +17,15 @@ The default data collection includes information about the following resources:
 * Namespaces that contain virtual machines
 * Basic virtual machine definitions
 
+Instance types information is not currently collected by default; you can, however, run a command to optionally collect it.
+
 .Procedure
 
 * Run the following command to collect data about {VirtProductName}:
 +
 [source,terminal,subs="attributes+"]
 ----
-$ oc adm must-gather --image-stream=openshift/must-gather \
-  --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion}
+$ oc adm must-gather
+  --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel9:v{HCOVersion} \
+  -- /usr/bin/gather
 ----
\ No newline at end of file
diff --git a/modules/virt-using-virtctl-port-forward-command.adoc b/modules/virt-using-virtctl-port-forward-command.adoc
new file mode 100644
index 000000000000..22a74d443f7a
--- /dev/null
+++ b/modules/virt-using-virtctl-port-forward-command.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-using-virtctl-port-forward-command_{context}"]
+= Using the virtctl port-forward command
+
+You can access a running virtual machine (VM) by using a local OpenSSH client and the `virtctl port-forward` command. You can use this method with Ansible to automate the configuration of VMs.
+
+This method is recommended for low-traffic applications because port-forwarding traffic is sent over the control plane. This method is not recommended for high-traffic applications such as Rsync or Remote Desktop Protocol because it places a heavy burden on the API server.
+
+.Prerequisites
+
+* You have OpenSSH installed.
+* You installed the `virtctl` command line tool.
+* The environment where you installed `virtctl` has the cluster permissions required to access the VM. For example, you ran `oc login` or you set the `KUBECONFIG` environment variable.
+
+.Procedure
+
+. Add the following text to the `~/.ssh/config` file on your client machine:
++
+[source,terminal]
+----
+Host vm/*
+  ProxyCommand virtctl port-forward --stdio=true %h %p
+----
+
+. Connect to the VM by running the following command:
++
+[source,terminal]
+----
+$ ssh <user>@vm/<vm_name>.<namespace>
+----
diff --git a/modules/virt-using-virtctl-ssh-command.adoc b/modules/virt-using-virtctl-ssh-command.adoc
new file mode 100644
index 000000000000..2b0c3cc1729e
--- /dev/null
+++ b/modules/virt-using-virtctl-ssh-command.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-using-virtctl-ssh-command_{context}"]
+= Using the virtctl ssh command
+
+You can access a running virtual machine (VM) by using the `virtcl ssh` command.
+
+.Prerequisites
+
+* You installed the `virtctl` command line tool.
+* You added a public SSH key to the VM.
+* You have an SSH client installed.
+* The environment where you installed the `virtctl` tool has the cluster permissions required to access the VM. For example, you ran `oc login` or you set the `KUBECONFIG` environment variable.
+
+.Procedure
+
+* Run the `virtctl ssh` command:
++
+[source,terminal]
+----
+$ virtctl -n <namespace> ssh <username>@example-vm -i <ssh_key> <1>
+----
+<1> Specify the namespace, user name, and the SSH private key. The default SSH key location is `/home/user/.ssh`. If you save the key in a different location, you must specify the path.
++
+.Example
+[source,terminal]
+----
+$ virtctl -n my-namespace ssh cloud-user@example-vm -i my-key
+----
\ No newline at end of file
diff --git a/modules/virt-using-windows-dvd-disk-image.adoc b/modules/virt-using-windows-dvd-disk-image.adoc
deleted file mode 100644
index ebdd174c5e0d..000000000000
--- a/modules/virt-using-windows-dvd-disk-image.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-automating-windows-sysprep.adoc
-
-:_content-type: PROCEDURE
-[id="virt-using-windows-dvd-disk-image_{context}"]
-= Using a Windows DVD to create a VM disk image
-
-Microsoft does not provide disk images for download, but you can create a disk image using a Windows DVD. This disk image can then be used to create virtual machines.
-
-.Procedure
-
-. In the {VirtProductName} web console, click *Storage* -> *PersistentVolumeClaims* -> *Create PersistentVolumeClaim With Data upload form*.
-. Select the intended project.
-. Set the *Persistent Volume Claim Name*.
-. Upload the VM disk image from the Windows DVD. The image is now available as a boot source to create a new Windows VM.
diff --git a/modules/virt-verify-status-bootsource-update.adoc b/modules/virt-verify-status-bootsource-update.adoc
index ba6c0b5dd3a5..4e03c9d69ad1 100644
--- a/modules/virt-verify-status-bootsource-update.adoc
+++ b/modules/virt-verify-status-bootsource-update.adoc
@@ -1,9 +1,9 @@
 // Module included in the following assembly:
 //
-// * virt/vm_templates/virt-automatic-bootsource-updates.adoc
+// * virt/storage/virt-automatic-bootsource-updates.adoc
 //
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-verify-status-bootsource-update_{context}"]
 = Verifying the status of a boot source
 
@@ -13,9 +13,9 @@ You can determine if a boot source is system-defined or custom by viewing the `H
 
 . View the contents of the `HyperConverged` CR by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get hco -n openshift-cnv kubevirt-hyperconverged -o yaml
+$ oc get hyperconverged kubevirt-hyperconverged -n {CNVNamespace} -o yaml
 ----
 +
 .Example output
@@ -79,6 +79,6 @@ status:
 <1> Indicates a system-defined boot source.
 <2> Indicates a custom boot source.
 
-. Verify the status of the boot source by reviewing the `status.dataImportCronTemplates.status` field. 
+. Verify the status of the boot source by reviewing the `status.dataImportCronTemplates.status` field.
 * If the field contains `commonTemplate: true`, it is a system-defined boot source.
 * If the `status.dataImportCronTemplates.status` field has the value `{}`, it is a custom boot source.
\ No newline at end of file
diff --git a/modules/virt-verifying-online-snapshot-creation-with-snapshot-indications.adoc b/modules/virt-verifying-online-snapshot-creation-with-snapshot-indications.adoc
index 053ce4bcd306..499e2feb1699 100644
--- a/modules/virt-verifying-online-snapshot-creation-with-snapshot-indications.adoc
+++ b/modules/virt-verifying-online-snapshot-creation-with-snapshot-indications.adoc
@@ -1,22 +1,23 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+// * virt/backup_restore/virt-managing-vm-snapshots.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-verifying-online-snapshot-creation-with-snapshot-indications_{context}"]
-= Verifying online snapshot creation with snapshot indications
+= Verifying online snapshots by using snapshot indications
 
 Snapshot indications are contextual information about online virtual machine (VM) snapshot operations. Indications are not available for offline virtual machine (VM) snapshot operations. Indications are helpful in describing details about the online snapshot creation.
 
 .Prerequisites
 
-* To view indications, you must have attempted to create an online VM snapshot using the CLI or the web console.
+* You must have attempted to create an online VM snapshot.
 
 .Procedure
 
 . Display the output from the snapshot indications by doing one of the following:
-* For snapshots created with the CLI, view indicator output in the `VirtualMachineSnapshot` object YAML, in the *status* field.
-* For snapshots created using the web console, click *VirtualMachineSnapshot > Status* in the *Snapshot details* screen.
+* For snapshots created by using the command line, view indicator output in the `status` stanza of the `VirtualMachineSnapshot` object YAML.
+* For snapshots created by using the web console, click *VirtualMachineSnapshot* -> *Status* in the *Snapshot details* screen.
+
 . Verify the status of your online VM snapshot:
 * `Online` indicates that the VM was running during online snapshot creation.
 * `NoGuestAgent` indicates that the QEMU guest agent was not running during online snapshot creation. The QEMU guest agent could not be used to freeze and thaw the file system, either because the QEMU guest agent was not installed or running or due to another error.
diff --git a/modules/virt-viewing-logs-cli.adoc b/modules/virt-viewing-logs-cli.adoc
index a553c0b064f8..82383b1198cc 100644
--- a/modules/virt-viewing-logs-cli.adoc
+++ b/modules/virt-viewing-logs-cli.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-logs-cli_{context}"]
 = Viewing {VirtProductName} pod logs with the CLI
 
@@ -12,9 +12,9 @@ You can view logs for the {VirtProductName} pods by using the `oc` CLI tool.
 
 . View a list of pods in the {VirtProductName} namespace by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc get pods -n openshift-cnv
+$ oc get pods -n {CNVNamespace}
 ----
 +
 .Example output
@@ -38,9 +38,9 @@ virt-operator-7ccfdbf65f-vllz8     1/1     Running   0          32m
 
 . View the pod log by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc logs -n openshift-cnv <pod_name>
+$ oc logs -n {CNVNamespace} <pod_name>
 ----
 +
 [NOTE]
diff --git a/modules/virt-viewing-logs-loki.adoc b/modules/virt-viewing-logs-loki.adoc
index c37b7d17d8a4..b6a249175062 100644
--- a/modules/virt-viewing-logs-loki.adoc
+++ b/modules/virt-viewing-logs-loki.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-logs-loki_{context}"]
 = Viewing aggregated {VirtProductName} logs with the LokiStack
 
diff --git a/modules/virt-viewing-network-state-of-node-console.adoc b/modules/virt-viewing-network-state-of-node-console.adoc
new file mode 100644
index 000000000000..af7bfbc14899
--- /dev/null
+++ b/modules/virt-viewing-network-state-of-node-console.adoc
@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * networking/k8s_nmstate/k8s-observing-node-network-state.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-viewing-network-state-of-node-console_{context}"]
+= Viewing the network state of a node from the web console
+
+As an administrator, you can use the {product-title} web console to observe `NodeNetworkState` resources and network interfaces, and access network details.
+
+.Procedure
+. Navigate to *Networking* → *NodeNetworkState*.
++
+In the *NodeNetworkState* page, you can view the list of `NodeNetworkState` resources and the corresponding interfaces that are created on the nodes. You can use *Filter* based on *Interface state*, *Interface type*, and *IP*, or the search bar based on criteria *Name* or *Label*, to narrow down the displayed `NodeNetworkState` resources.
+
+. To access the detailed information about `NodeNetworkState` resource, click the `NodeNetworkState` resource name listed in the *Name* column .
+
+. to expand and view the *Network Details* section for the `NodeNetworkState` resource, click the *>* icon . Alternatively, you can click on each interface type under the *Network interface* column to view the network details.
+
diff --git a/modules/virt-viewing-network-state-of-node.adoc b/modules/virt-viewing-network-state-of-node.adoc
index 5e24418f59e8..8f51675ca137 100644
--- a/modules/virt-viewing-network-state-of-node.adoc
+++ b/modules/virt-viewing-network-state-of-node.adoc
@@ -2,11 +2,11 @@
 //
 // * networking/k8s_nmstate/k8s-observing-node-network-state.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-network-state-of-node_{context}"]
-= Viewing the network state of a node
+= Viewing the network state of a node by using the CLI
 
-A `NodeNetworkState` object exists on every node in the cluster. This object is periodically updated and captures the state of the network for that node.
+Node network state is the network configuration for all nodes in the cluster. A `NodeNetworkState` object exists on every node in the cluster. This object is periodically updated and captures the state of the network for that node.
 
 .Procedure
 
diff --git a/modules/virt-viewing-outdated-workloads.adoc b/modules/virt-viewing-outdated-workloads.adoc
index bd8c83a8a7ec..b2276ca52641 100644
--- a/modules/virt-viewing-outdated-workloads.adoc
+++ b/modules/virt-viewing-outdated-workloads.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/updating/upgrading-virt.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-outdated-workloads_{context}"]
 = Viewing outdated {VirtProductName} workloads
 
diff --git a/modules/virt-viewing-qemu-guest-agent-information-web.adoc b/modules/virt-viewing-qemu-guest-agent-information-web.adoc
deleted file mode 100644
index 9df6351b55d9..000000000000
--- a/modules/virt-viewing-qemu-guest-agent-information-web.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/virt-viewing-qemu-guest-agent-information.adoc
-
-:_content-type: PROCEDURE
-[id="virt-viewing-qemu-guest-agent-information-web_{context}"]
-= Viewing the QEMU guest agent information in the web console
-
-You can use the web console to view information for virtual machines that is passed by the QEMU guest agent to the host.
-
-.Prerequisites
-
-* Install the QEMU guest agent on the virtual machine.
-
-.Procedure
-
-. Click *Virtualization* -> *VirtualMachines* from the side menu.
-. Select a virtual machine name to open the *VirtualMachine details* page.
-. Click the *Details* tab to view active users.
-. Click the *Configuration* -> *Disks* tab to view information about the file systems.
diff --git a/modules/virt-viewing-virtual-machine-logs-web.adoc b/modules/virt-viewing-virtual-machine-logs-web.adoc
index a557681ced1e..557a6c850f65 100644
--- a/modules/virt-viewing-virtual-machine-logs-web.adoc
+++ b/modules/virt-viewing-virtual-machine-logs-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/support/virt-troubleshooting.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-virtual-machine-logs-web_{context}"]
 = Viewing virtual machine logs with the web console
 
diff --git a/modules/virt-viewing-vmi-ip-cli.adoc b/modules/virt-viewing-vmi-ip-cli.adoc
index 3967a1dc377c..c7ea48d355ad 100644
--- a/modules/virt-viewing-vmi-ip-cli.adoc
+++ b/modules/virt-viewing-vmi-ip-cli.adoc
@@ -1,19 +1,21 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-viewing-ip-of-vm-vnic.adoc
+// * virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-vmi-ip-cli_{context}"]
-= Viewing the IP address of a virtual machine interface in the CLI
+= Viewing the IP address of a virtual machine by using the command line
 
-The network interface configuration is included in the `oc describe vmi <vmi_name>` command.
+You can view the IP address of a virtual machine (VM) by using the command line.
 
-You can also view the IP address information by running `ip addr` on the virtual
-machine, or by running `oc get vmi <vmi_name> -o yaml`.
+[NOTE]
+====
+You must install the QEMU guest agent on a VM to view the IP address of a secondary network interface. A pod network interface does not require the QEMU guest agent.
+====
 
 .Procedure
 
-* Use the `oc describe` command to display the virtual machine interface configuration:
+* Obtain the virtual machine instance configuration by running the following command:
 +
 [source,terminal]
 ----
diff --git a/modules/virt-viewing-vmi-ip-web.adoc b/modules/virt-viewing-vmi-ip-web.adoc
index d41002f9606f..02a90b9a8e38 100644
--- a/modules/virt-viewing-vmi-ip-web.adoc
+++ b/modules/virt-viewing-vmi-ip-web.adoc
@@ -1,17 +1,20 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-viewing-ip-of-vm-nic.adoc
+// * virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-viewing-vmi-ip-web_{context}"]
-= Viewing the IP address of a virtual machine interface in the web console
+= Viewing the IP address of a virtual machine by using the web console
 
-The IP information is displayed on the *VirtualMachine details* page for the virtual machine.
+You can view the IP address of a virtual machine (VM) by using the {product-title} web console.
+
+[NOTE]
+====
+You must install the QEMU guest agent on a VM to view the IP address of a secondary network interface. A pod network interface does not require the QEMU guest agent.
+====
 
 .Procedure
 
 . In the {product-title} console, click *Virtualization* -> *VirtualMachines* from the side menu.
-
-. Select a virtual machine name to open the *VirtualMachine details* page.
-
-The information for each attached NIC is displayed under *IP Address* on the *Details* tab.
+. Select a VM to open the *VirtualMachine details* page.
+. Click the *Details* tab to view the IP address.
diff --git a/modules/virt-virtctl-commands.adoc b/modules/virt-virtctl-commands.adoc
index 49ff8025a1a6..983b2995b7c3 100644
--- a/modules/virt-virtctl-commands.adoc
+++ b/modules/virt-virtctl-commands.adoc
@@ -2,22 +2,22 @@
 //
 // * virt/getting_started/virt-using-the-cli-tools.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="virt-virtctl-commands_{context}"]
-= Virtctl commands
+= virtctl commands
 
 The `virtctl` client is a command-line utility for managing {VirtProductName} resources.
 
 [NOTE]
 ====
-The virtual machine (VM) commands also apply to virtual machine instances unless otherwise specified.
+The virtual machine (VM) commands also apply to virtual machine instances (VMIs) unless otherwise specified.
 ====
 
 // apinnick: I recommend not breaking these sections into separate modules because of maintenance issues.
 // These sections will never be used independently.
 
 [id='virtctl-information-commands_{context}']
-== Virtctl information commands
+== virtctl information commands
 
 You use `virtctl` information commands to view information about the `virtctl` client.
 
@@ -41,7 +41,7 @@ You use `virtctl` information commands to view information about the `virtctl` c
 [id='vm-information-commands_{context}']
 == VM information commands
 
-You can use `virtctl` to view information about VMs and VMIs.
+You can use `virtctl` to view information about virtual machines (VMs) and virtual machine instances (VMIs).
 
 .VM information commands
 [width="100%",cols="1a,2a",options="header"]
@@ -60,12 +60,16 @@ You can use `virtctl` to view information about VMs and VMIs.
 [id='vm-management-commands_{context}']
 == VM management commands
 
-You use `virtctl` virtual machine (VM) management commands to manage and migrate VMs and VMIs.
+You use `virtctl` virtual machine (VM) management commands to manage and migrate virtual machines (VMs) and virtual machine instances (VMIs).
 
 .VM management commands
 [width="100%",cols="1a,2a",options="header"]
 |===
 |Command |Description
+
+|`virtctl create -name <vm_name>`
+|Create a `VirtualMachine` manifest.
+
 |`virtctl start <vm_name>`
 |Start a VM.
 
@@ -87,14 +91,23 @@ You use `virtctl` virtual machine (VM) management commands to manage and migrate
 |`virtctl migrate <vm_name>`
 |Migrate a VM.
 
+|`virtctl migrate-cancel <vm_name>`
+|Cancel a VM migration.
+
 |`virtctl restart <vm_name>`
 |Restart a VM.
+
+|`virtctl create instancetype --cpu <cpu_value> --memory <memory_value> --name <instancetype_name>`
+|Create an `InstanceType` manifest for a `ClusterInstanceType`, or a namespaced `InstanceType`, to streamline the creation of your `InstanceType` specifications.
+
+|`virtctl create preference --name <preference_name>`
+|Create a `Preference` manifest for a `ClusterPreference`, or a namespaced `Preference`, to streamline the creation of your `Preference` specifications.
 |===
 
 [id='vm-connection-commands_{context}']
 == VM connection commands
 
-You use `virtctl` connection commands to expose ports and connect to VMs and VMIs.
+You use `virtctl` connection commands to expose ports and connect to virtual machines (VMs) and virtual machine instances (VMIs).
 
 .VM connection commands
 [width="100%",cols="1a,2a",options="header"]
@@ -103,9 +116,11 @@ You use `virtctl` connection commands to expose ports and connect to VMs and VMI
 |`virtctl console <vm_name>`
 |Connect to the serial console of a VM.
 
-|`virtctl expose <vm_name>`
+|`virtctl expose vm <vm_name> --name <service_name> --type <ClusterIP\|NodePort\|LoadBalancer> --port <port>`
 |Create a service that forwards a designated port of a VM and expose the service on the specified port of the node.
 
+Example: `virtctl expose vm rhel9_vm --name rhel9-ssh --type NodePort --port 22`
+
 |`virtctl scp -i <ssh_key> <file_name> <user_name>@<vm_name>`
 |Copy a file from your machine to a VM. This command uses the private key of an SSH key pair. The VM must be configured with the public key.
 
@@ -115,15 +130,15 @@ You use `virtctl` connection commands to expose ports and connect to VMs and VMI
 |`virtctl ssh -i <ssh_key> <user_name>@<vm_name>`
 |Open an SSH connection with a VM. This command uses the private key of an SSH key pair. The VM must be configured with the public key.
 
-|`virtctl vnc --kubeconfig=$KUBECONFIG <vm_name>`
+|`virtctl vnc <vm_name>`
 |Connect to the VNC console of a VM.
 
-Accessing the graphical console of a VM through VNC requires a remote viewer on your local machine.
+You must have `virt-viewer` installed.
 
-|`virtctl vnc --kubeconfig=$KUBECONFIG --proxy-only=true <vm_name>`
+|`virtctl vnc --proxy-only=true <vm_name>`
 |Display the port number and connect manually to a VM by using any viewer through the VNC connection.
 
-|`virtctl vnc --kubeconfig=$KUBECONFIG --port=<port-number> <vm_name>`
+|`virtctl vnc --port=<port-number> <vm_name>`
 |Specify a port number to run the proxy on the specified port, if that port is available.
 
 If a port number is not specified, the proxy runs on a random port.
@@ -132,7 +147,7 @@ If a port number is not specified, the proxy runs on a random port.
 [id='vm-volume-export-commands_{context}']
 == VM export commands
 
-You use `virtctl vmexport` commands to create, download, or delete a volume exported from a VM, VM snapshot, or persistent volume claim (PVC).
+Use `virtctl vmexport` commands to create, download, or delete a volume exported from a VM, VM snapshot, or persistent volume claim (PVC). Certain manifests also contain a header secret, which grants access to the endpoint to import a disk image in a format that {VirtProductName} can use.
 
 .VM export commands
 [width="100%",cols="1a,2a",options="header"]
@@ -162,6 +177,24 @@ Optional:
 
 |`virtctl vmexport download <vmexport_name> --<vm\|snapshot\|pvc>=<object_name> --output=<output_file> --volume=<volume_name>`
 |Create a `VirtualMachineExport` CR and then download the volume defined in the CR.
+
+|`virtctl vmexport download export --manifest`
+|Retrieve the manifest for an existing export. The manifest does not include the header secret.
+
+|`virtctl vmexport download export --manifest --vm=example`
+|Create a VM export for a VM example, and retrieve the manifest. The manifest does not include the header secret.
+
+|`virtctl vmexport download export --manifest --snap=example`
+|Create a VM export for a VM snapshot example, and retrieve the manifest. The manifest does not include the header secret.
+
+|`virtctl vmexport download export --manifest --include-secret`
+|Retrieve the manifest for an existing export. The manifest includes the header secret.
+
+|`virtctl vmexport download export --manifest --manifest-output-format=json`
+|Retrieve the manifest for an existing export in json format. The manifest does not include the header secret.
+
+|`virtctl vmexport download export --manifest --include-secret --output=manifest.yaml`
+|Retrieve the manifest for an existing export. The manifest includes the header secret and writes it to the file specified.
 |===
 
 [id='vm-memory-dump-commands_{context}']
@@ -178,9 +211,9 @@ The formula for calculating the PVC size is `(VMMemorySize + 100Mi) * FileSystem
 
 * You must enable the hot plug feature gate in the `HyperConverged` custom resource by running the following command:
 +
-[source,terminal]
+[source,terminal,subs="attributes+"]
 ----
-$ oc patch hco kubevirt-hyperconverged -n openshift-cnv \
+$ oc patch hyperconverged kubevirt-hyperconverged -n {CNVNamespace} \
   --type json -p '[{"op": "add", "path": "/spec/featureGates", \
   "value": "HotplugVolumes"}]'
 ----
@@ -191,7 +224,7 @@ You must use the `virtctl vmexport download` command to download the memory dump
 
 [source,terminal]
 ----
-$ virtctl vmexport download <vmexport_name> --vm\|pvc=<object_name> \
+$ virtctl vmexport download <vmexport_name> --vm|pvc=<object_name> \
   --volume=<volume_name> --output=<output_file>
 ----
 
@@ -226,7 +259,7 @@ This command removes the association between the VM and the PVC, so that the mem
 [id="hot-plug-and-hot-unplug-commands_{context}"]
 == Hot plug and hot unplug commands
 
-You use `virtctl` to add or remove resources from running VMs and VMIs.
+You use `virtctl` to add or remove resources from running virtual machines (VMs) and virtual machine instances (VMIs).
 
 .Hot plug and hot unplug commands
 [width="100%",cols="1a,2a",options="header"]
@@ -242,6 +275,12 @@ Optional:
 
 |`virtctl removevolume <vm_name> --volume-name=<virtual_disk>`
 |Hot unplug a virtual disk.
+
+|`virtctl addinterface <vm_name> --network-attachment-definition-name <net_attach_def_name> --name <interface_name>`
+|Hot plug a Linux bridge network interface.
+
+|`virtctl removeinterface <vm_name> --name <interface_name>`
+|Hot unplug a Linux bridge network interface.
 |===
 
 [id='image-upload-commands_{context}']
diff --git a/modules/virt-virtual-gpus-config-overview.adoc b/modules/virt-virtual-gpus-config-overview.adoc
deleted file mode 100644
index 7677dd126d38..000000000000
--- a/modules/virt-virtual-gpus-config-overview.adoc
+++ /dev/null
@@ -1,64 +0,0 @@
-// Module included in the following assemblies:
-//
-// * virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
-
-:_content-type: REFERENCE
-[id="configuration-overview_{context}"]
-= Configuration overview
-
-When configuring mediated devices, an administrator must complete the following tasks:
-
-* Create the mediated devices.
-* Expose the mediated devices to the cluster.
-
-The `HyperConverged` CR includes APIs that accomplish both tasks.
-
-.Creating mediated devices
-
-[source,yaml]
-----
-# ...
-spec:
-  mediatedDevicesConfiguration:
-    mediatedDevicesTypes: <1>
-    - <device_type>
-    nodeMediatedDeviceTypes: <2>
-    - mediatedDevicesTypes: <3>
-      - <device_type>
-      nodeSelector: <4>
-        <node_selector_key>: <node_selector_value>
-# ...
-----
-<1> Required: Configures global settings for the cluster.
-<2> Optional: Overrides the global configuration for a specific node or group of nodes. Must be used with the global `mediatedDevicesTypes` configuration.
-<3> Required if you use `nodeMediatedDeviceTypes`. Overrides the global `mediatedDevicesTypes` configuration for the specified nodes.
-<4> Required if you use `nodeMediatedDeviceTypes`. Must include a `key:value` pair.
-
-.Exposing mediated devices to the cluster
-
-[source,yaml]
-----
-# ...
-  permittedHostDevices:
-    mediatedDevices:
-    - mdevNameSelector: GRID T4-2Q <1>
-      resourceName: nvidia.com/GRID_T4-2Q <2>
-# ...
-----
-<1> Exposes the mediated devices that map to this value on the host.
-+
-[NOTE]
-====
-You can see the mediated device types that your device supports by viewing the contents of `/sys/bus/pci/devices/<slot>:<bus>:<domain>.<function>/mdev_supported_types/<type>/name`, substituting the correct values for your system.
-
-For example, the name file for the `nvidia-231` type contains the selector string `GRID T4-2Q`. Using `GRID T4-2Q` as the `mdevNameSelector` value allows nodes to use the `nvidia-231` type.
-====
-<2> The `resourceName` should match that allocated on the node. Find the `resourceName` by using the following command:
-+
-[source,terminal]
-----
-$ oc get $NODE -o json  \
-| jq '.status.allocatable | \
-with_entries(select(.key | startswith("nvidia.com/"))) | \
-with_entries(select(.value != "0"))'
-----
\ No newline at end of file
diff --git a/modules/virt-vm-creating-nic-web.adoc b/modules/virt-vm-creating-nic-web.adoc
index 138ace75e769..2ebde6e966b5 100644
--- a/modules/virt-vm-creating-nic-web.adoc
+++ b/modules/virt-vm-creating-nic-web.adoc
@@ -1,23 +1,24 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
+// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-vm-creating-nic-web_{context}"]
-= Creating a NIC for a virtual machine in the web console
+= Configuring a VM network interface by using the web console
 
-Create and attach additional NICs to a virtual machine from the web console.
+You can configure a network interface for a virtual machine (VM) by using the {product-title} web console.
 
 .Prerequisites
 
-* A network attachment definition must be available.
+* You created a network attachment definition for the network.
 
 .Procedure
 
-. In the correct project in the {product-title} console, click *Virtualization* -> *VirtualMachines* from the side menu.
-. Select a virtual machine to open the *VirtualMachine details* page.
-. Click *Configuration* -> *Network interfaces* to view the NICs already attached to the virtual machine.
-. Click *Add Network Interface* to create a new slot in the list.
-. Select a network attachment definition from the *Network* list for the additional network.
-. Fill in the *Name*, *Model*, *Type*, and *MAC Address* for the new NIC.
-. Click *Save* to save and attach the NIC to the virtual machine.
+. Navigate to *Virtualization* -> *VirtualMachines*.
+. Click a VM to view the *VirtualMachine details* page.
+. On the *Configuration* tab, click the *Network interfaces* tab.
+. Click *Add network interface*.
+. Enter the interface name and select the network attachment definition from the *Network* list.
+. Click *Save*.
+. Restart the VM to apply the changes.
diff --git a/modules/virt-vm-custom-scheduler.adoc b/modules/virt-vm-custom-scheduler.adoc
new file mode 100644
index 000000000000..6ad6ab800060
--- /dev/null
+++ b/modules/virt-vm-custom-scheduler.adoc
@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// * virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-vm-custom-scheduler_{context}"]
+= Scheduling virtual machines with a custom scheduler
+
+You can use a custom scheduler to schedule a virtual machine (VM) on a node.
+
+.Prerequisites
+* A secondary scheduler is configured for your cluster.
+
+.Procedure
+
+* Add the custom scheduler to the VM configuration by editing the `VirtualMachine` manifest. For example:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: vm-fedora
+spec:
+  running: true
+  template:
+    spec:
+      schedulerName: my-scheduler <1>
+      domain:
+        devices:
+          disks:
+            - name: containerdisk
+              disk:
+                bus: virtio
+# ...
+----
+<1> The name of the custom scheduler. If the `schedulerName` value does not match an existing scheduler, the `virt-launcher` pod stays in a `Pending` state until the specified scheduler is found.
+
+
+.Verification
+* Verify that the VM is using the custom scheduler specified in the `VirtualMachine` manifest by checking the `virt-launcher` pod events:
+.. View the list of pods in your cluster by entering the following command:
++
+[source,terminal]
+----
+$ oc get pods
+----
++
+.Example output
+[source,terminal]
+----
+NAME                             READY   STATUS    RESTARTS   AGE
+virt-launcher-vm-fedora-dpc87    2/2     Running   0          24m
+----
+
+.. Run the following command to display the pod events:
++
+[source,terminal]
+----
+$ oc describe pod virt-launcher-vm-fedora-dpc87
+----
++
+The value of the `From` field in the output verifies that the scheduler name matches the custom scheduler specified in the `VirtualMachine` manifest:
++
+.Example output
+[source,terminal]
+----
+[...]
+Events:
+  Type    Reason     Age   From              Message
+  ----    ------     ----  ----              -------
+  Normal  Scheduled  21m   my-scheduler  Successfully assigned default/virt-launcher-vm-fedora-dpc87 to node01
+[...]
+----
+
diff --git a/modules/virt-vm-rdp-console-web.adoc b/modules/virt-vm-rdp-console-web.adoc
index 04ebc3b34132..678130028e83 100644
--- a/modules/virt-vm-rdp-console-web.adoc
+++ b/modules/virt-vm-rdp-console-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-accessing-vm-consoles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-vm-rdp-console-web_{context}"]
 = Connecting to a Windows virtual machine with RDP
 
diff --git a/modules/virt-vm-serial-console-web.adoc b/modules/virt-vm-serial-console-web.adoc
index b450f64ec35a..a11a652eac04 100644
--- a/modules/virt-vm-serial-console-web.adoc
+++ b/modules/virt-vm-serial-console-web.adoc
@@ -2,7 +2,7 @@
 //
 // * virt/virtual_machines/virt-accessing-vm-consoles.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="virt-vm-serial-console-web_{context}"]
 = Connecting to the serial console
 
diff --git a/modules/virt-vm-storage-volume-types.adoc b/modules/virt-vm-storage-volume-types.adoc
index 54d3fc0f74ef..5068f9827178 100644
--- a/modules/virt-vm-storage-volume-types.adoc
+++ b/modules/virt-vm-storage-volume-types.adoc
@@ -1,13 +1,14 @@
 // Module included in the following assemblies:
 //
-// * virt/virtual_machines/virt-create-vms.adoc
+// * virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
 
 [id="virt-vm-storage-volume-types_{context}"]
-= Virtual machine storage volume types
+= Storage volume types
 
-[cols="1a,1a"]
+.Storage volume types
+[cols="1a,3a"]
 |===
-|Storage volume type |Description
+|Type |Description
 
 |ephemeral
 |A local copy-on-write (COW) image that uses a network volume as a read-only backing store. The backing volume must be a *PersistentVolumeClaim*. The ephemeral image is created when the virtual machine starts and stores all writes locally. The ephemeral image is discarded when the virtual machine is stopped, restarted, or deleted. The backing volume (PVC) is not mutated in any way.
diff --git a/modules/vmware-csi-driver-reqs.adoc b/modules/vmware-csi-driver-reqs.adoc
index de9023cc42a3..a4a9cae6c99b 100644
--- a/modules/vmware-csi-driver-reqs.adoc
+++ b/modules/vmware-csi-driver-reqs.adoc
@@ -1,20 +1,14 @@
-// Module included in the following assemblies:
+// Module included in the following assemblies for vSphere:
 //
-// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere.adoc
-// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
-// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
-// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
-// * installing/installing_vsphere/preparing-to-install-on-vsphere.adoc
+// * installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc
+// * installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc
 // * storage/container_storage_interface/persistent-storage-csi-vsphere.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="vsphere-csi-driver-reqs_{context}"]
 = VMware vSphere CSI Driver Operator requirements
 
-To install the vSphere CSI Driver Operator, the following requirements must be met:
+To install the vSphere Container Storage Interface (CSI) Driver Operator, the following requirements must be met:
 
 * VMware vSphere version 7.0 Update 2 or later
 * vCenter 7.0 Update 2 or later
@@ -26,4 +20,12 @@ If a third-party vSphere CSI driver is present in the cluster, {product-title} d
 [NOTE]
 ====
 The VMware vSphere CSI Driver Operator is supported only on clusters deployed with `platform: vsphere` in the installation manifest.
-====
\ No newline at end of file
+====
+
+You can create a custom role for the Container Storage Interface (CSI) driver, the vSphere CSI Driver Operator, and the vSphere Problem Detector Operator. The custom role can include privilege sets that assign a minimum set of permissions to each vSphere object. This means that the CSI driver, the vSphere CSI Driver Operator, and the vSphere Problem Detector Operator can establish a basic interaction with these objects.
+
+[IMPORTANT]
+====
+Installing an {product-title} cluster in a vCenter is tested against a full list of privileges as described in the "Required vCenter account privileges" section. By adhering to the full list of privileges, you can reduce the possibility of unexpected and unsupported behaviors that might occur when creating a custom role with a set of restricted privileges. 
+====
+
diff --git a/modules/vsphere-anti-affinity.adoc b/modules/vsphere-anti-affinity.adoc
index 9dc45cc437ba..e77d30932bfe 100644
--- a/modules/vsphere-anti-affinity.adoc
+++ b/modules/vsphere-anti-affinity.adoc
@@ -4,7 +4,7 @@
 // * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="anti-affinity-vsphere_{context}"]
 = Configuring vSphere DRS anti-affinity rules for control plane nodes
 
@@ -14,7 +14,7 @@ vSphere Distributed Resource Scheduler (DRS) anti-affinity rules can be configur
 ====
 * The following information applies to compute DRS only and does not apply to storage DRS.
 
-* The `govc` command is an open-source command available from VMware; it is not available from Red Hat. The `govc` command is not supported by the Red Hat support. 
+* The `govc` command is an open-source command available from VMware; it is not available from Red Hat. The `govc` command is not supported by the Red Hat support.
 
 * Instructions for downloading and installing `govc` are found on the VMware documentation website.
 ====
diff --git a/modules/vsphere-enabling-multiple-layer2-networks.adoc b/modules/vsphere-enabling-multiple-layer2-networks.adoc
index a9ab3a32b456..aa65e7aecc73 100644
--- a/modules/vsphere-enabling-multiple-layer2-networks.adoc
+++ b/modules/vsphere-enabling-multiple-layer2-networks.adoc
@@ -1,21 +1,21 @@
 // Module included in the following assemblies:
 // * post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-enabling-multiple-layer2-network_{context}"]
 = Enabling a multiple layer 2 network for your cluster
 
-You can configure your cluster to use a multiple layer 2 network configuration so that data transfer among nodes can span across multiple networks. 
+You can configure your cluster to use a multiple layer 2 network configuration so that data transfer among nodes can span across multiple networks.
 
 .Prerequisites
 * You configured network connectivity among machines so that cluster components can communicate with each other.
 
 .Procedure
-* If you installed your cluster with installer-provisioned infrastructure, you must ensure that all control plane nodes share a common layer 2 network. Additionally, ensure compute nodes that are configured for Ingress pod scheduling share a common layer 2 network. 
+* If you installed your cluster with installer-provisioned infrastructure, you must ensure that all control plane nodes share a common layer 2 network. Additionally, ensure compute nodes that are configured for Ingress pod scheduling share a common layer 2 network.
 
-** If you need compute nodes to span multiple layer 2 networks, you can create infrastructure nodes that can host Ingress pods.  
-** If you need to provision workloads across additional layer 2 networks, you can create compute machine sets on vSphere and then move these workloads to your target layer 2 networks. 
+** If you need compute nodes to span multiple layer 2 networks, you can create infrastructure nodes that can host Ingress pods.
+** If you need to provision workloads across additional layer 2 networks, you can create compute machine sets on vSphere and then move these workloads to your target layer 2 networks.
 
 * If you installed your cluster on infrastructure that you provided, which is defined as a user-provisioned infrastructure, complete the following actions to meet your needs:
-** Configure your API load balancer and network so that the load balancer can reach the API and Machine Config Server on the control plane nodes.  
+** Configure your API load balancer and network so that the load balancer can reach the API and Machine Config Server on the control plane nodes.
 ** Configure your Ingress load balancer and network so that the load balancer can reach the Ingress pods on the compute or infrastructure nodes.
\ No newline at end of file
diff --git a/modules/vsphere-encrypting-vms.adoc b/modules/vsphere-encrypting-vms.adoc
index 412ca97db321..3a8e75930536 100644
--- a/modules/vsphere-encrypting-vms.adoc
+++ b/modules/vsphere-encrypting-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="encrypting-virtual-machines_{context}"]
 = Encrypting virtual machines
 
diff --git a/modules/vsphere-problem-detector-about.adoc b/modules/vsphere-problem-detector-about.adoc
index 4c9dd52eb464..b482d2a99090 100644
--- a/modules/vsphere-problem-detector-about.adoc
+++ b/modules/vsphere-problem-detector-about.adoc
@@ -4,7 +4,7 @@
 
 :operator-name: vSphere Problem Detector Operator
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="vsphere-problem-detector-about_{context}"]
 = About the {operator-name}
 
diff --git a/modules/vsphere-problem-detector-running.adoc b/modules/vsphere-problem-detector-running.adoc
index 0907ba728d8f..297d74acf9ec 100644
--- a/modules/vsphere-problem-detector-running.adoc
+++ b/modules/vsphere-problem-detector-running.adoc
@@ -4,7 +4,7 @@
 
 :operator-name: vSphere Problem Detector Operator
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-problem-detector-running_{context}"]
 = Running the {operator-name} checks
 
diff --git a/modules/vsphere-problem-detector-storage-class-config-check.adoc b/modules/vsphere-problem-detector-storage-class-config-check.adoc
index da321de62b0b..b0d45a1ccd6f 100644
--- a/modules/vsphere-problem-detector-storage-class-config-check.adoc
+++ b/modules/vsphere-problem-detector-storage-class-config-check.adoc
@@ -4,7 +4,7 @@
 
 :operator-name: vSphere Problem Detector Operator
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="vsphere-problem-detector-storage-class-config-check_{context}"]
 = About the storage class configuration check
 
diff --git a/modules/vsphere-problem-detector-viewing-events.adoc b/modules/vsphere-problem-detector-viewing-events.adoc
index 8ec9891b5b81..6e6c3ba63c1d 100644
--- a/modules/vsphere-problem-detector-viewing-events.adoc
+++ b/modules/vsphere-problem-detector-viewing-events.adoc
@@ -4,7 +4,7 @@
 
 :operator-name: vSphere Problem Detector Operator
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-problem-detector-viewing-events_{context}"]
 = Viewing the events from the {operator-name}
 
diff --git a/modules/vsphere-problem-detector-viewing-logs.adoc b/modules/vsphere-problem-detector-viewing-logs.adoc
index fa90aed7b08e..51acc6bd18f9 100644
--- a/modules/vsphere-problem-detector-viewing-logs.adoc
+++ b/modules/vsphere-problem-detector-viewing-logs.adoc
@@ -4,7 +4,7 @@
 
 :operator-name: vSphere Problem Detector Operator
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="vsphere-problem-detector-viewing-logs_{context}"]
 = Viewing the logs from the {operator-name}
 
diff --git a/modules/web-console-overview.adoc b/modules/web-console-overview.adoc
index df2b0b8c267a..1fce87494a4e 100644
--- a/modules/web-console-overview.adoc
+++ b/modules/web-console-overview.adoc
@@ -1,11 +1,14 @@
 // Module included in the following assemblies:
 // * web_console/web-console.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="web-console-overview_{context}"]
 = Understanding and accessing the web console
 
-The web console runs as a pod on the master. The static assets required to run the web console are served by the pod. After {product-title} is successfully installed using `openshift-install create cluster`, find the URL for the web console and login credentials for your installed cluster in the CLI output of the installation program. For example:
+The web console runs as a pod on the control plane node. The static assets required to run the web console are served by the pod. 
+
+ifndef::openshift-rosa,openshift-dedicated[]
+After you install {product-title} using the `openshift-install create cluster` command, you can find the web console URL and login credentials for the installed cluster in the CLI output of the installation program. For example:
 
 [source,terminal]
 .Example output
@@ -24,4 +27,16 @@ For existing clusters that you did not install, you can use `oc whoami --show-co
 [IMPORTANT]
 ====
 The `dir` parameter specifies the `assets` directory, which stores the manifest files, the ISO image, and the `auth` directory. The `auth` directory stores the `kubeadmin-password` and `kubeconfig` files. As a `kubeadmin` user, you can use the `kubeconfig` file to access the cluster with the following setting: `export KUBECONFIG=<install_directory>/auth/kubeconfig`. The `kubeconfig` is specific to the generated ISO image, so if the `kubeconfig` is set and the `oc` command fails, it is possible that the system did not boot with the generated ISO image. To perform debugging, during the bootstrap process, you can log in to the console as the `core` user by using the contents of the `kubeadmin-password` file.
-====
\ No newline at end of file
+====
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+
+.Procedure
+
+. Log in to {cluster-manager-url} and click the name of your cluster.
+
+. On the cluster *Overview* tab, click *Open console*, and log in with your credentials.
+
+Alternatively, use the `oc whoami --show-console` command to get the web console URL.
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/modules/windows-containers-release-notes-limitations.adoc b/modules/windows-containers-release-notes-limitations.adoc
index 2237e66f76ea..c5f54f672176 100644
--- a/modules/windows-containers-release-notes-limitations.adoc
+++ b/modules/windows-containers-release-notes-limitations.adoc
@@ -25,14 +25,10 @@ Note the following limitations when working with Windows nodes managed by the WM
 
 * Windows nodes do not support workloads created by using deployment configs. You can use a deployment or other method to deploy workloads.
 
-* Windows nodes are not supported in clusters that use a cluster-wide proxy. This is because the WMCO is not able to route traffic through the proxy connection for the workloads.
-
 * Windows nodes are not supported in clusters that are in a disconnected environment.
 
 * {productwinc} does not support adding Windows nodes to a cluster through a trunk port. The only supported networking configuration for adding Windows nodes is through an access port that carries traffic for the VLAN.
 
-* {productwinc} supports only in-tree storage drivers for all cloud providers.
-
 * Kubernetes has identified the following link:https://kubernetes.io/docs/concepts/windows/intro/#limitations[node feature limitations] :
 ** Huge pages are not supported for Windows containers.
 ** Privileged containers are not supported for Windows containers.
diff --git a/modules/windows-machineset-nutanix.adoc b/modules/windows-machineset-nutanix.adoc
new file mode 100644
index 000000000000..8f3f24d80a27
--- /dev/null
+++ b/modules/windows-machineset-nutanix.adoc
@@ -0,0 +1,90 @@
+// Module included in the following assemblies:
+//
+// * windows_containers/creating_windows_machinesets/creating-windows-machineset-nutanix.adoc
+
+[id="windows-machineset-nutanix_{context}"]
+= Sample YAML for a Windows MachineSet object on Nutanix
+
+This sample YAML defines a Windows `MachineSet` object running on Nutanix that the Windows Machine Config Operator (WMCO) can react upon.
+
+[source,yaml]
+----
+apiVersion: machine.openshift.io/v1beta1
+kind: MachineSet
+metadata:
+  labels:
+    machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
+  name: <infrastructure_id>-windows-worker-<zone> <2>
+  namespace: openshift-machine-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
+      machine.openshift.io/cluster-api-machineset: <infrastructure_id>-windows-worker-<zone> <2>
+  template:
+    metadata:
+      labels:
+        machine.openshift.io/cluster-api-cluster: <infrastructure_id> <1>
+        machine.openshift.io/cluster-api-machine-role: worker
+        machine.openshift.io/cluster-api-machine-type: worker
+        machine.openshift.io/cluster-api-machineset: <infrastructure_id>-windows-worker-<zone> <2>
+        machine.openshift.io/os-id: Windows <3>
+    spec:
+      metadata:
+        labels:
+          node-role.kubernetes.io/worker: "" <4>
+      providerSpec:
+        value:
+          apiVersion: machine.openshift.io/v1
+          bootType: "" <5>
+          categories: null
+          cluster: <6>
+            type: uuid
+            uuid: <cluster_uuid>
+          credentialsSecret:
+            name: nutanix-credentials <7>
+          image: <8>
+            name: <image_id>
+            type: name
+          kind: NutanixMachineProviderConfig <9>
+          memorySize: 16Gi <10>
+          project:
+            type: ""
+          subnets: <11>
+          - type: uuid
+            uuid: <subnet_uuid>
+          systemDiskSize: 120Gi <12>
+          userDataSecret:
+            name: windows-user-data <13>
+          vcpuSockets: 4 <14>
+          vcpusPerSocket: 1 <15>
+----
+<1> Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. You can obtain the infrastructure ID by running the following command:
++
+[source,terminal]
+----
+$ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
+----
+<2> Specify the infrastructure ID, worker label, and zone.
+<3> Configure the compute machine set as a Windows machine.
+<4> Configure the Windows node as a compute machine.
+<5> Specifies the boot type that the compute machines use. For more information about boot types, see link:https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000H3K9SAK[Understanding UEFI, Secure Boot, and TPM in the Virtualized Environment]. Valid values are `Legacy`, `SecureBoot`, or `UEFI`. The default is `Legacy`.
++
+[NOTE]
+====
+You must use the `Legacy` boot type in {product-title} {product-version}.
+====
+<6> Specifies a Nutanix Prism Element cluster configuration. In this example, the cluster type is `uuid`, so there is a `uuid` stanza.
+<7> Specifies the secret name for the cluster. Do not change this value.
+<8> Specifies the image to use. Use an image from an existing default compute machine set for the cluster.
+<9> Specifies the cloud provider platform type. Do not change this value.
+<10> Specifies the amount of memory for the cluster in Gi.
+<11> Specifies a subnet configuration. In this example, the subnet type is `uuid`, so there is a `uuid` stanza.
+<12> Specifies the size of the system disk in Gi.
+<13> Specifies the name of the secret in the user data YAML file that is in the `openshift-machine-api` namespace. Use the value that installation program populates in the default compute machine set.
+<14> Specifies the number of vCPU sockets.
+<15> Specifies the number of vCPUs per socket.
+
+// providerSpec section is based on cpmso-yaml-provider-spec-nutanix.adoc 
+
diff --git a/modules/windows-node-services.adoc b/modules/windows-node-services.adoc
index 8631adf91eb5..faf1bf5ca919 100644
--- a/modules/windows-node-services.adoc
+++ b/modules/windows-node-services.adoc
@@ -37,4 +37,7 @@ The following Windows-specific services are installed on each Windows node:
 |containerd container runtime
 |Manages the complete container lifecycle.
 
+|CSI Proxy
+|Enables CSI drivers to perform storage operations on the node, which allows containerized CSI drivers to run on Windows nodes.
+
 |===
diff --git a/modules/wmco-prerequisites.adoc b/modules/wmco-prerequisites.adoc
index 4b62841b1baa..e0dbcc27d309 100644
--- a/modules/wmco-prerequisites.adoc
+++ b/modules/wmco-prerequisites.adoc
@@ -30,6 +30,9 @@ a|* Windows Server 2022, OS Build link:https://support.microsoft.com/en-us/topic
 |Google Cloud Platform (GCP)
 |Windows Server 2022, OS Build link:https://support.microsoft.com/en-us/topic/april-25-2022-kb5012637-os-build-20348-681-preview-2233d69c-d4a5-4be9-8c24-04a450861a8d[20348.681] or later
 
+|Nutanix
+|Windows Server 2022, OS Build link:https://support.microsoft.com/en-us/topic/april-25-2022-kb5012637-os-build-20348-681-preview-2233d69c-d4a5-4be9-8c24-04a450861a8d[20348.681] or later
+
 |Bare metal or provider agnostic
 a|* Windows Server 2022, OS Build link:https://support.microsoft.com/en-us/topic/april-25-2022-kb5012637-os-build-20348-681-preview-2233d69c-d4a5-4be9-8c24-04a450861a8d[20348.681] or later
 * Windows Server 2019, version 1809
@@ -58,6 +61,9 @@ Hybrid networking with OVN-Kubernetes is the only supported networking configura
 |Google Cloud Platform (GCP)
 |Hybrid networking with OVN-Kubernetes
 
+|Nutanix
+|Hybrid networking with OVN-Kubernetes
+
 |Bare metal or provider agnostic
 |Hybrid networking with OVN-Kubernetes
 |===
diff --git a/modules/ztp-acm-adding-images-to-mirror-registry.adoc b/modules/ztp-acm-adding-images-to-mirror-registry.adoc
index 7d254d6dfc1b..5fe2847932b1 100644
--- a/modules/ztp-acm-adding-images-to-mirror-registry.adoc
+++ b/modules/ztp-acm-adding-images-to-mirror-registry.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-acm-adding-images-to-mirror-registry_{context}"]
 = Adding {op-system} ISO and RootFS images to the disconnected mirror host
 
diff --git a/modules/ztp-acm-installing-disconnected-rhacm.adoc b/modules/ztp-acm-installing-disconnected-rhacm.adoc
index 1c758dd18c15..cb269aed98e6 100644
--- a/modules/ztp-acm-installing-disconnected-rhacm.adoc
+++ b/modules/ztp-acm-installing-disconnected-rhacm.adoc
@@ -3,7 +3,7 @@
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
 [id="installing-disconnected-rhacm_{context}"]
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 = Installing {ztp} in a disconnected environment
 
 Use {rh-rhacm-first}, {gitops-title}, and {cgu-operator-first} on the hub cluster in the disconnected environment to manage the deployment of multiple managed clusters.
diff --git a/modules/ztp-adding-new-content-to-gitops-ztp.adoc b/modules/ztp-adding-new-content-to-gitops-ztp.adoc
index cf6e2aa717aa..ae45bb61cf21 100644
--- a/modules/ztp-adding-new-content-to-gitops-ztp.adoc
+++ b/modules/ztp-adding-new-content-to-gitops-ztp.adoc
@@ -2,73 +2,147 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
-[id="ztp-adding-new-content-to-gitops-ztp_{context}"]
-= Adding new content to the {ztp} pipeline
+:_mod-docs-content-type: PROCEDURE
 
-The source CRs in the {ztp-first} site generator container provide a set of critical features and node tuning settings for RAN Distributed Unit (DU) applications. These are applied to the clusters that you deploy with {ztp}. To add or modify existing source CRs in the `ztp-site-generate` container, rebuild the `ztp-site-generate` container and make it available to the hub cluster, typically from the disconnected registry associated with the hub cluster. Any valid {product-title} CR can be added.
+[id="ztp-adding-new-content-to-gitops-ztp_{context}"]
+= Adding custom content to the {ztp} pipeline
 
 Perform the following procedure to add new content to the {ztp} pipeline.
 
 .Procedure
 
-. Create a directory containing a Containerfile and the source CR YAML files that you want to include in the updated `ztp-site-generate` container, for example:
+. Create a subdirectory named `source-crs` in the directory that contains the `kustomization.yaml` file for the `PolicyGenTemplate` custom resource (CR).
+
+. Add your user-provided CRs to the `source-crs` subdirectory, as shown in the following example:
 +
 [source,text]
 ----
-ztp-update/
-├── example-cr1.yaml
-├── example-cr2.yaml
-└── ztp-update.in
+example
+└── policygentemplates
+    ├── dev.yaml
+    ├── kustomization.yaml
+    ├── mec-edge-sno1.yaml
+    ├── sno.yaml
+    └── source-crs <1>
+        ├── PaoCatalogSource.yaml
+        ├── PaoSubscription.yaml
+        ├── custom-crs
+        |   ├── apiserver-config.yaml
+        |   └── disable-nic-lldp.yaml
+        └── elasticsearch
+            ├── ElasticsearchNS.yaml
+            └── ElasticsearchOperatorGroup.yaml
 ----
+<1> The `source-crs` subdirectory must be in the same directory as the `kustomization.yaml` file.
 
-. Add the following content to the `ztp-update.in` Containerfile:
+. Update the required `PolicyGenTemplate` CRs to include references to the content you added in the `source-crs/custom-crs` and `source-crs/elasticsearch` directories. For example:
 +
-[source,text,subs="attributes+"]
+[source,yaml]
 ----
-FROM registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version}
-
-ADD example-cr2.yaml /kustomize/plugin/ran.openshift.io/v1/policygentemplate/source-crs/
-ADD example-cr1.yaml /kustomize/plugin/ran.openshift.io/v1/policygentemplate/source-crs/
+apiVersion: ran.openshift.io/v1
+kind: PolicyGenTemplate
+metadata:
+  name: "group-dev"
+  namespace: "ztp-clusters"
+spec:
+  bindingRules:
+    dev: "true"
+  mcp: "master"
+  sourceFiles:
+    # These policies/CRs come from the internal container Image
+    #Cluster Logging
+    - fileName: ClusterLogNS.yaml
+      remediationAction: inform
+      policyName: "group-dev-cluster-log-ns"
+    - fileName: ClusterLogOperGroup.yaml
+      remediationAction: inform
+      policyName: "group-dev-cluster-log-operator-group"
+    - fileName: ClusterLogSubscription.yaml
+      remediationAction: inform
+      policyName: "group-dev-cluster-log-sub"
+    #Local Storage Operator
+    - fileName: StorageNS.yaml
+      remediationAction: inform
+      policyName: "group-dev-lso-ns"
+    - fileName: StorageOperGroup.yaml
+      remediationAction: inform
+      policyName: "group-dev-lso-operator-group"
+    - fileName: StorageSubscription.yaml
+      remediationAction: inform
+      policyName: "group-dev-lso-sub"
+    #These are custom local polices that come from the source-crs directory in the git repo
+    # Performance Addon Operator
+    - fileName: PaoSubscriptionNS.yaml
+      remediationAction: inform
+      policyName: "group-dev-pao-ns"
+    - fileName: PaoSubscriptionCatalogSource.yaml
+      remediationAction: inform
+      policyName: "group-dev-pao-cat-source"
+      spec:
+        image: <image_URL_here>
+    - fileName: PaoSubscription.yaml
+      remediationAction: inform
+      policyName: "group-dev-pao-sub"
+    #Elasticsearch Operator
+    - fileName: elasticsearch/ElasticsearchNS.yaml <1>
+      remediationAction: inform
+      policyName: "group-dev-elasticsearch-ns"
+    - fileName: elasticsearch/ElasticsearchOperatorGroup.yaml
+      remediationAction: inform
+      policyName: "group-dev-elasticsearch-operator-group"
+    #Custom Resources
+    - fileName: custom-crs/apiserver-config.yaml <1>
+      remediationAction: inform
+      policyName: "group-dev-apiserver-config"
+    - fileName: custom-crs/disable-nic-lldp.yaml
+      remediationAction: inform
+      policyName: "group-dev-disable-nic-lldp"
 ----
+<1> Set `fileName` to include the relative path to the file from the `/source-crs` parent directory.
 
-. Open a terminal at the `ztp-update/` folder and rebuild the container:
-+
-[source,terminal,subs="attributes+"]
-----
-$ podman build -t ztp-site-generate-rhel8-custom:v{product-version}-custom-1
-----
+. Commit the `PolicyGenTemplate` change in Git, and then push to the Git repository that is monitored by the GitOps ZTP Argo CD policies application.
 
-. Push the built container image to your disconnected registry, for example:
+. Update the `ClusterGroupUpgrade` CR to include the changed `PolicyGenTemplate` and save it as `cgu-test.yaml`. The following example shows a generated `cgu-test.yaml` file.
 +
-[source,terminal,subs="attributes+"]
+[source,yaml]
 ----
-$ podman push localhost/ztp-site-generate-rhel8-custom:v{product-version}-custom-1 registry.example.com:5000/ztp-site-generate-rhel8-custom:v{product-version}-custom-1
+apiVersion: ran.openshift.io/v1alpha1
+kind: ClusterGroupUpgrade
+metadata:
+  name: custom-source-cr
+  namespace: ztp-clusters
+spec:
+  managedPolicies:
+    - group-dev-config-policy
+  enable: true
+  clusters:
+  - cluster1
+  remediationStrategy:
+    maxConcurrency: 2
+    timeout: 240
 ----
 
-. Patch the Argo CD instance on the hub cluster to point to the newly built container image:
+. Apply the updated `ClusterGroupUpgrade` CR by running the following command:
 +
-[source,terminal,subs="attributes+"]
+[source,terminal]
 ----
-$ oc patch -n openshift-gitops argocd openshift-gitops --type=json -p '[{"op": "replace", "path":"/spec/repo/initContainers/0/image", "value": "registry.example.com:5000/ztp-site-generate-rhel8-custom:v{product-version}-custom-1"} ]'
+$ oc apply -f cgu-test.yaml
 ----
-+
-When the Argo CD instance is patched, the `openshift-gitops-repo-server` pod automatically restarts.
 
 .Verification
 
-. Verify that the new `openshift-gitops-repo-server` pod has completed initialization and that the previous repo pod is terminated:
+* Check that the updates have succeeded by running the following command:
 +
-[source,terminal]
+[source, terminal]
 ----
-$ oc get pods -n openshift-gitops | grep openshift-gitops-repo-server
+$ oc get cgu -A
 ----
 +
 .Example output
 +
-[source,terminal]
+[source, terminal]
 ----
-openshift-gitops-server-7df86f9774-db682          1/1     Running   	     1          28s
+NAMESPACE     NAME               AGE   STATE        DETAILS
+ztp-clusters  custom-source-cr   6s    InProgress   Remediating non-compliant policies
+ztp-install   cluster1           19h   Completed    All clusters are compliant with all the managed policies
 ----
-+
-You must wait until the new `openshift-gitops-repo-server` pod has completed initialization and the previous pod is terminated before the newly added container image content is available.
diff --git a/modules/ztp-adding-worker-nodes.adoc b/modules/ztp-adding-worker-nodes.adoc
index ab6851031ab8..70ae32b8f045 100644
--- a/modules/ztp-adding-worker-nodes.adoc
+++ b/modules/ztp-adding-worker-nodes.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-additional-worker-sno-proc_{context}"]
 = Adding worker nodes to {sno} clusters with {ztp}
 
diff --git a/modules/ztp-challenges-of-far-edge-deployments.adoc b/modules/ztp-challenges-of-far-edge-deployments.adoc
index 0719111de418..e8aeea629b43 100644
--- a/modules/ztp-challenges-of-far-edge-deployments.adoc
+++ b/modules/ztp-challenges-of-far-edge-deployments.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-challenges-of-far-edge-deployments_{context}"]
 = Overcoming the challenges of the network far edge
 
diff --git a/modules/ztp-checking-the-managed-cluster-status.adoc b/modules/ztp-checking-the-managed-cluster-status.adoc
index f24883e395af..a472236e977e 100644
--- a/modules/ztp-checking-the-managed-cluster-status.adoc
+++ b/modules/ztp-checking-the-managed-cluster-status.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-checking-the-managed-cluster-status_{context}"]
 = Monitoring the managed cluster installation status
 
diff --git a/modules/ztp-configuring-cluster-policies.adoc b/modules/ztp-configuring-cluster-policies.adoc
index a7b250330380..a91bd57f3d3e 100644
--- a/modules/ztp-configuring-cluster-policies.adoc
+++ b/modules/ztp-configuring-cluster-policies.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-configuring-cluster-policies_{context}"]
 = Configuring managed clusters with policies and PolicyGenTemplate resources
 
diff --git a/modules/ztp-configuring-hwevents-using-pgt.adoc b/modules/ztp-configuring-hwevents-using-pgt.adoc
index f8618405f0a9..558e9d6cd455 100644
--- a/modules/ztp-configuring-hwevents-using-pgt.adoc
+++ b/modules/ztp-configuring-hwevents-using-pgt.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-creating-hwevents_{context}"]
 = Configuring bare-metal events that use HTTP transport
 
@@ -39,85 +39,16 @@ You can configure bare-metal events that use HTTP transport on managed clusters
   policyName: "config-policy"
   spec:
     nodeSelector: {}
-    storageType: <storage_class_name> <2>
     transportHost: "http://hw-event-publisher-service.openshift-bare-metal-events.svc.cluster.local:9043"
     logLevel: "info"
 ----
 <1> Each baseboard management controller (BMC) requires a single `HardwareEvent` CR only.
-<2> The value that you set for `storageType` is used to populate the `StorageClassName` field for the `PersistentVolumeClaim` (`PVC`) CR that the {redfish-operator} Operator automatically deploys.
-The `PVC` CR is used to persist consumer event subscriptions.
 +
 [NOTE]
 ====
 In {product-title} 4.13 or later, you do not need to set the `transportHost` field in the `HardwareEvent` custom resource (CR) when you use HTTP transport with bare-metal events.
 ====
 
-. Configure a `PersistentVolume` (`PV`) to persist the events subscription.
-+
-[NOTE]
-====
-A `PersistentVolume` (`PV`) CR for persisting events subscriptions is required only when you use HTTP transport for events.
-====
-+
-For example, add the following YAML to the `group-du-sno-ranGen.yaml` file:
-+
-[source,yaml]
-----
-- fileName: StorageLV.yaml <1>
-  policyName: "config-policy"
-  spec:
-    storageClassDevices:
-      - storageClassName: "storage-class-http-events" <2>
-        volumeMode: Filesystem
-        fsType: xfs
-        devicePaths:
-          - /dev/disk/by-partlabel/httpevent1
-          - /dev/disk/by-partlabel/httpevent2
-- fileName: StoragePV.yaml  <3>
-  policyName: "config-policy"
-  metadata:
-    name: pv-storage-bmer
-  spec:
-    storageClassName: "storage-class-http-events" <4>
-      capacity:
-        storage: 10Mi
-----
-+
---
-<1> Bare-metal events with HTTP transport requires local storage on the cluster node provided by the Local Storage Operator.
-<2> You need `storage-class-http-events` to use HTTP transport with the {redfish-operator}.
-Use the `ignitionConfigOverride` field in the related `SiteConfig` CR to manage the disk labels.
-<3> Storage for the `cloud-event-proxy` pubsubstore.
-+
-[NOTE]
-====
-You need the `StoragePV.yaml` YAML file that creates the `PV` CR only if the `PV` CR is not dynamically created by the Local Storage Operator.
-====
-<4> The `storageClassName` (`storage-class-http-events`) must match the name that is set in the `PVC` CR that the {redfish-operator} Operator deploys.
---
-
-. Configure a namespace and Operator group for the persistent storage this is used by the HTTP message transporter.
-For example, add the following YAML to `spec.sourceFiles` in `common-ranGen.yaml` file:
-+
-[source,yaml]
-----
-- fileName: StorageNS.yaml
-  policyName: "storage-sub-policy"
-- fileName: StorageOperGroup.yaml
-  policyName: "storage-sub-policy"
-- fileName: StorageOperatorStatus.yaml
-  policyName: "storage-sub-policy"
-----
-
-. Configure the individual site `SiteConfig` CR that you use to provision the managed cluster.
-For example, in `example-sno-site-1.yaml`, add the following YAML to the `spec.clusters.nodes` field:
-+
-[source,yaml]
-----
-ignitionConfigOverride:
-  '{"ignition":{"version":"3.2.0"},"storage":{"disks":[{"device":"/dev/disk/by-id/wwn-0x11111000000asd123","wipeTable":false,"partitions":[{"sizeMiB":16,"label":"httpevent1","startMiB":350000},{"sizeMiB":16,"label":"httpevent2","startMiB":350016}]}],"filesystem":[{"device":"/dev/disk/by-partlabel/httpevent1","format":"xfs","wipeFilesystem":true},{"device":"/dev/disk/by-partlabel/httpevent2","format":"xfs","wipeFilesystem":true}]}}'
-----
-
 . Merge any other required changes and files with your custom site repository.
 
 . Push the changes to your site configuration repository to deploy bare-metal events to new sites with {ztp}.
diff --git a/modules/ztp-configuring-kernel-arguments-for-discovery-iso-in-manual-installations.adoc b/modules/ztp-configuring-kernel-arguments-for-discovery-iso-in-manual-installations.adoc
index 33ce8af10fcd..43095ff50d27 100644
--- a/modules/ztp-configuring-kernel-arguments-for-discovery-iso-in-manual-installations.adoc
+++ b/modules/ztp-configuring-kernel-arguments-for-discovery-iso-in-manual-installations.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-managed-bare-metal-host-kernel-arguments_{context}"]
 = Configuring Discovery ISO kernel arguments for manual installations using {ztp}
 
diff --git a/modules/ztp-configuring-kernel-arguments-for-discovery-iso.adoc b/modules/ztp-configuring-kernel-arguments-for-discovery-iso.adoc
index cb3bc730f33f..3f32bcf4257b 100644
--- a/modules/ztp-configuring-kernel-arguments-for-discovery-iso.adoc
+++ b/modules/ztp-configuring-kernel-arguments-for-discovery-iso.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="setting-managed-bare-metal-host-kernel-arguments_{context}"]
 = Configuring Discovery ISO kernel arguments for installations using {ztp}
 
diff --git a/modules/ztp-configuring-pgt-compliance-eval-timeouts.adoc b/modules/ztp-configuring-pgt-compliance-eval-timeouts.adoc
index c2b37a934ce1..48493e707d97 100644
--- a/modules/ztp-configuring-pgt-compliance-eval-timeouts.adoc
+++ b/modules/ztp-configuring-pgt-compliance-eval-timeouts.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-configuring-pgt-compliance-eval-timeouts_{context}"]
 = Configuring policy compliance evaluation timeouts for PolicyGenTemplate CRs
 
diff --git a/modules/ztp-configuring-ptp-fast-events.adoc b/modules/ztp-configuring-ptp-fast-events.adoc
index 4c98a0f3375d..50178d0c175b 100644
--- a/modules/ztp-configuring-ptp-fast-events.adoc
+++ b/modules/ztp-configuring-ptp-fast-events.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_module-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-configuring-ptp-fast-events_{context}"]
 = Configuring PTP events that use HTTP transport
 
@@ -30,11 +30,8 @@ You can configure PTP events that use HTTP transport on managed clusters that yo
     daemonNodeSelector: {}
     ptpEventConfig:
       enableEventPublisher: true
-      storageType: "storage-class-http-events" <1>
       transportHost: http://ptp-event-publisher-service-NODE_NAME.openshift-ptp.svc.cluster.local:9043
 ----
-<1> The value that you set for `storageType` is used to populate the `StorageClassName` field for the `PersistentVolumeClaim` (`PVC`) resource that the PTP Operator automatically deploys.
-The `PVC` resource is used to persist consumer event subscriptions.
 +
 [NOTE]
 ====
@@ -66,58 +63,6 @@ In {product-title} 4.13 or later, you do not need to set the `transportHost` fie
 <4> Required `phc2sysOpts` values. `-m` prints messages to `stdout`. The `linuxptp-daemon` `DaemonSet` parses the logs and generates Prometheus metrics.
 <5> Optional. If the `ptpClockThreshold` stanza is not present, default values are used for the `ptpClockThreshold` fields. The stanza shows default `ptpClockThreshold` values. The `ptpClockThreshold` values configure how long after the PTP master clock is disconnected before PTP events are triggered. `holdOverTimeout` is the time value in seconds before the PTP clock event state changes to `FREERUN` when the PTP master clock is disconnected. The `maxOffsetThreshold` and `minOffsetThreshold` settings configure offset values in nanoseconds that compare against the values for `CLOCK_REALTIME` (`phc2sys`) or master offset (`ptp4l`). When the `ptp4l` or `phc2sys` offset value is outside this range, the PTP clock state is set to `FREERUN`. When the offset value is within this range, the PTP clock state is set to `LOCKED`.
 
-. Configure a `LocalVolume` (`LV`) to persist the PTP events subscription on the host.
-+
-For example, add the following YAML to the `group-du-sno-ranGen.yaml` file:
-+
-[source,yaml]
-----
-- fileName: StorageLV.yaml <1>
-  policyName: "config-policy"
-  spec:
-    storageClassDevices:
-      - storageClassName: "storage-class-http-events" <2>
-        volumeMode: Filesystem
-        fsType: xfs
-        devicePaths:
-          - /dev/disk/by-partlabel/httpevent1
-          - /dev/disk/by-partlabel/httpevent2
-- fileName: StoragePV.yaml <3>
-  policyName: "config-policy"
-  metadata:
-    name: pv-storage-ptp
-  spec:
-    storageClassName: "storage-class-http-events" <4>
-----
-<1> PTP events with HTTP transport requires local storage on the cluster node provided by the Local Storage Operator.
-<2> Set `storageClassName` to `storage-class-http-events` to use HTTP transport with the PTP Operator.
-Use the `ignitionConfigOverride` field in the related `SiteConfig` CR to manage the disk labels.
-<3> Optional. Configure storage for the `cloud-event-proxy` pubsubstore.
-`StoragePV.yaml` is required only if the `PersistentVolume` (`PV`) CR is not dynamically created by the Local Storage Operator.
-<4> Set the value of `storageClassName` to match the name set in the `PVC` CR that the PTP Operator deploys.
-
-. Configure a namespace and Operator group for the persistent storage this is used by the HTTP message transporter.
-For example, add the following YAML to `spec.sourceFiles` in `common-ranGen.yaml` file:
-+
-[source,yaml]
-----
-- fileName: StorageNS.yaml
-  policyName: "storage-sub-policy"
-- fileName: StorageOperGroup.yaml
-  policyName: "storage-sub-policy"
-- fileName: StorageOperatorStatus.yaml
-  policyName: "storage-sub-policy"
-----
-
-. Configure the individual site `SiteConfig` CR that you use to provision the managed cluster.
-For example, in `example-sno-site-1.yaml`, add the following YAML to the `spec.clusters.nodes` field:
-+
-[source,yaml]
-----
-ignitionConfigOverride:
-  '{"ignition":{"version":"3.2.0"},"storage":{"disks":[{"device":"/dev/disk/by-id/wwn-0x11111000000asd123","wipeTable":false,"partitions":[{"sizeMiB":16,"label":"httpevent1","startMiB":350000},{"sizeMiB":16,"label":"httpevent2","startMiB":350016}]}],"filesystem":[{"device":"/dev/disk/by-partlabel/httpevent1","format":"xfs","wipeFilesystem":true},{"device":"/dev/disk/by-partlabel/httpevent2","format":"xfs","wipeFilesystem":true}]}}'
-----
-
 . Merge any other required changes and files with your custom site repository.
 
 . Push the changes to your site configuration repository to deploy PTP fast events to new sites using {ztp}.
diff --git a/modules/ztp-configuring-the-cluster-for-a-disconnected-environment.adoc b/modules/ztp-configuring-the-cluster-for-a-disconnected-environment.adoc
index 949840dae65c..516193379231 100644
--- a/modules/ztp-configuring-the-cluster-for-a-disconnected-environment.adoc
+++ b/modules/ztp-configuring-the-cluster-for-a-disconnected-environment.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-configuring-the-cluster-for-a-disconnected-environment_{context}"]
 = Configuring the hub cluster to use a disconnected mirror registry
 
@@ -65,7 +65,6 @@ apiVersion: agent-install.openshift.io/v1beta1
 kind: AgentServiceConfig
 metadata:
   name: agent
-  namespace: assisted-installer
 spec:
   databaseStorage:
     volumeName: <db_pv_name>
@@ -85,10 +84,9 @@ spec:
     name: 'assisted-installer-mirror-config'
   osImages:
     - openshiftVersion: <ocp_version>
-      rootfs: <rootfs_url> <1>
       url: <iso_url> <1>
 ----
-<1> Must match the URLs of the HTTPD server.
+<1> Must match the URL of the HTTPD server.
 
 [IMPORTANT]
 ====
diff --git a/modules/ztp-configuring-the-hub-cluster-to-use-unauthenticated-registries.adoc b/modules/ztp-configuring-the-hub-cluster-to-use-unauthenticated-registries.adoc
index f156d6f93174..6c547c2ed8b9 100644
--- a/modules/ztp-configuring-the-hub-cluster-to-use-unauthenticated-registries.adoc
+++ b/modules/ztp-configuring-the-hub-cluster-to-use-unauthenticated-registries.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-configuring-the-hub-cluster-to-use-unauthenticated-registries_{context}"]
 = Configuring the hub cluster to use unauthenticated registries
 
diff --git a/modules/ztp-creating-a-validator-inform-policy.adoc b/modules/ztp-creating-a-validator-inform-policy.adoc
index 28417b4784cd..f9f63004f464 100644
--- a/modules/ztp-creating-a-validator-inform-policy.adoc
+++ b/modules/ztp-creating-a-validator-inform-policy.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-creating-a-validator-inform-policy_{context}"]
 = Signalling {ztp} cluster deployment completion with validator inform policies
 
diff --git a/modules/ztp-creating-hwevents-amqp.adoc b/modules/ztp-creating-hwevents-amqp.adoc
index 3735b2d8c907..bdcad43091c3 100644
--- a/modules/ztp-creating-hwevents-amqp.adoc
+++ b/modules/ztp-creating-hwevents-amqp.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-creating-hwevents-amqp_{context}"]
 = Configuring bare-metal events that use AMQP transport
 
diff --git a/modules/ztp-creating-the-site-secrets.adoc b/modules/ztp-creating-the-site-secrets.adoc
index f02250611a2a..6302ea640de5 100644
--- a/modules/ztp-creating-the-site-secrets.adoc
+++ b/modules/ztp-creating-the-site-secrets.adoc
@@ -3,7 +3,7 @@
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-creating-the-site-secrets_{context}"]
 = Creating the managed bare-metal host secrets
 
diff --git a/modules/ztp-creating-ztp-crs-for-multiple-managed-clusters.adoc b/modules/ztp-creating-ztp-crs-for-multiple-managed-clusters.adoc
index 447a00e2d896..7cda513cc763 100644
--- a/modules/ztp-creating-ztp-crs-for-multiple-managed-clusters.adoc
+++ b/modules/ztp-creating-ztp-crs-for-multiple-managed-clusters.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-creating-ztp-crs-for-multiple-managed-clusters_{context}"]
 = Installing managed clusters with SiteConfig resources and {rh-rhacm}
 
diff --git a/modules/ztp-customizing-a-managed-site-using-pgt.adoc b/modules/ztp-customizing-a-managed-site-using-pgt.adoc
index 3e35f3b534d7..42be665b2801 100644
--- a/modules/ztp-customizing-a-managed-site-using-pgt.adoc
+++ b/modules/ztp-customizing-a-managed-site-using-pgt.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-customizing-a-managed-site-using-pgt_{context}"]
 = Customizing a managed cluster with PolicyGenTemplate CRs
 
diff --git a/modules/ztp-customizing-the-install-extra-manifests.adoc b/modules/ztp-customizing-the-install-extra-manifests.adoc
index b4f1fc491b1f..be0a9e794b14 100644
--- a/modules/ztp-customizing-the-install-extra-manifests.adoc
+++ b/modules/ztp-customizing-the-install-extra-manifests.adoc
@@ -16,29 +16,53 @@ You can define a set of extra manifests for inclusion in the installation phase
 
 . Create a set of extra manifest CRs that the {ztp} pipeline uses to customize the cluster installs.
 
-. In your custom `/siteconfig` directory, create an `/extra-manifest` folder for your extra manifests. The following example illustrates a sample `/siteconfig` with `/extra-manifest` folder:
+. In your custom `/siteconfig` directory, create a subdirectory `/custom-manifest` for your extra manifests. The following example illustrates a sample `/siteconfig` with `/custom-manifest` folder:
 +
 [source,text]
 ----
 siteconfig
 ├── site1-sno-du.yaml
 ├── site2-standard-du.yaml
-└── extra-manifest
+├── extra-manifest/
+└── custom-manifest
     └── 01-example-machine-config.yaml
 ----
++
+[NOTE]
+====
+The subdirectory names `/custom-manifest` and `/extra-manifest` used throughout are example names only. There is no requirement to use these names and no restriction on how you name these subdirectories.
+In this example `/extra-manifest` refers to the Git subdirectory that stores the contents of `/extra-manifest` from the `ztp-site-generate` container.
+====
 
-. Add your custom extra manifest CRs to the `siteconfig/extra-manifest` directory.
+. Add your custom extra manifest CRs to the `siteconfig/custom-manifest` directory.
 
-. In your `SiteConfig` CR, enter the directory name in the `extraManifestPath` field, for example:
+. In your `SiteConfig` CR, enter the directory name in the `extraManifests.searchPaths` field, for example:
 +
 [source,yaml]
 ----
 clusters:
 - clusterName: "example-sno"
   networkType: "OVNKubernetes"
-  extraManifestPath: extra-manifest
+  extraManifests:
+    searchPaths:
+      - extra-manifest/ <1>
+      - custom-manifest/ <2>
 ----
+<1> Folder for manifests copied from the `ztp-site-generate` container.
+<2> Folder for custom manifests.
+
+. Save the `SiteConfig`, `/extra-manifest`, and `/custom-manifest` CRs, and push them to the site configuration repo.
+
+During cluster provisioning, the {ztp} pipeline appends the CRs in the `/custom-manifest` directory to the default set of extra manifests stored in `extra-manifest/`.
+
+[NOTE]
+====
+As of version 4.14 `extraManifestPath` is subject to a deprecation warning. 
+
+While `extraManifestPath` is still supported, we recommend that you use `extraManifests.searchPaths`. 
+If you define `extraManifests.searchPaths` in the `SiteConfig` file, the {ztp} pipeline does not fetch manifests from the `ztp-site-generate` container during site installation.
 
-. Save the `SiteConfig` CRs  and `/extra-manifest` CRs and push them to the site configuration repo.
+If you define both `extraManifestPath` and `extraManifests.searchPaths` in the `Siteconfig` CR, the setting defined for `extraManifests.searchPaths` takes precedence.
 
-The {ztp} pipeline appends the CRs in the `/extra-manifest` directory to the default set of extra manifests during cluster provisioning.
+It is strongly recommended that you extract the contents of `/extra-manifest` from the `ztp-site-generate` container and push it to the GIT repository.
+====
\ No newline at end of file
diff --git a/modules/ztp-definition-of-done-for-ztp-installations.adoc b/modules/ztp-definition-of-done-for-ztp-installations.adoc
index 06e5505efcfe..dbdde7eabe93 100644
--- a/modules/ztp-definition-of-done-for-ztp-installations.adoc
+++ b/modules/ztp-definition-of-done-for-ztp-installations.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-definition-of-done-for-ztp-installations_{context}"]
 = Indication of done for {ztp} installations
 
diff --git a/modules/ztp-deploying-a-site.adoc b/modules/ztp-deploying-a-site.adoc
index 4f056294578a..4d384db9b530 100644
--- a/modules/ztp-deploying-a-site.adoc
+++ b/modules/ztp-deploying-a-site.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-deploying-a-site_{context}"]
 = Deploying a managed cluster with SiteConfig and {ztp}
 
@@ -51,8 +51,7 @@ $ oc create namespace $CLUSTERNS
 +
 [NOTE]
 ====
-The secrets are referenced from the `SiteConfig` custom resource (CR) by name. The namespace
-must match the `SiteConfig` namespace.
+The secrets are referenced from the `SiteConfig` custom resource (CR) by name. The namespace must match the `SiteConfig` namespace.
 ====
 
 . Create a `SiteConfig` CR for your cluster in your local clone of the Git repository:
@@ -66,7 +65,16 @@ The folder includes example files for single node, three-node, and standard clus
 
 .. Change the cluster and host details in the example file to match the type of cluster you want. For example:
 +
-include::snippets/ztp-example-siteconfig.adoc[]
+.Example {sno} SiteConfig CR
+[source,yaml]
+----
+include::snippets/ztp_example-sno.yaml[]
+----
++
+[NOTE]
+====
+For more information about BMC addressing, see the "Additional resources" section.
+====
 
 .. You can inspect the default set of extra-manifest `MachineConfig` CRs in `out/argocd/extra-manifest`. It is automatically applied to the cluster when it is installed.
 
@@ -77,7 +85,7 @@ include::snippets/ztp-example-siteconfig.adoc[]
 ====
 For optimal cluster performance, enable crun for master and worker nodes in {sno}, {sno} with additional worker nodes, {3no}, and standard clusters.
 
-Enable crun in a `ContainerRuntimeConfig` CR as an additional day-0 install-time manifest to avoid the cluster having to reboot.
+Enable crun in a `ContainerRuntimeConfig` CR as an additional Day 0 install-time manifest to avoid the cluster having to reboot.
 
 The `enable-crun-master.yaml` and `enable-crun-worker.yaml` CR files are in the `out/source-crs/optional-extra-manifest/` folder that you can extract from the `ztp-site-generate` container.
 For more information, see "Customizing extra installation manifests in the {ztp} pipeline".
@@ -88,3 +96,31 @@ For more information, see "Customizing extra installation manifests in the {ztp}
 . Commit the `SiteConfig` CR and associated `kustomization.yaml` changes in your Git repository and push the changes.
 +
 The ArgoCD pipeline detects the changes and begins the managed cluster deployment.
+
+.Verification
+
+* Verify that the custom roles and labels are applied after the node is deployed:
++
+[source,terminal]
+----
+$ oc describe node example-node.example.com
+----
+
+.Example output
+[source,terminal]
+----
+Name:   example-node.example.com
+Roles:  control-plane,example-label,master,worker
+Labels: beta.kubernetes.io/arch=amd64
+        beta.kubernetes.io/os=linux
+        custom-label/parameter1=true
+        kubernetes.io/arch=amd64
+        kubernetes.io/hostname=cnfdf03.telco5gran.eng.rdu2.redhat.com
+        kubernetes.io/os=linux
+        node-role.kubernetes.io/control-plane=
+        node-role.kubernetes.io/example-label= <1>
+        node-role.kubernetes.io/master=
+        node-role.kubernetes.io/worker=
+        node.openshift.io/os_id=rhcos
+----
+<1> The custom label is applied to the node.
\ No newline at end of file
diff --git a/modules/ztp-discovery-iso.adoc b/modules/ztp-discovery-iso.adoc
index d52816155e37..3598c4deef90 100644
--- a/modules/ztp-discovery-iso.adoc
+++ b/modules/ztp-discovery-iso.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-discovery-iso_{context}"]
 = Automated Discovery image ISO process for provisioning managed clusters
 
diff --git a/modules/ztp-du-cluster-config-reference.adoc b/modules/ztp-du-cluster-config-reference.adoc
deleted file mode 100644
index c42fa55d487f..000000000000
--- a/modules/ztp-du-cluster-config-reference.adoc
+++ /dev/null
@@ -1,92 +0,0 @@
-// Module included in the following assemblies:
-//
-// * scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc
-
-:_module-type: REFERENCE
-[id="ztp-du-cluster-config-reference_{context}"]
-= Recommended cluster configurations to run vDU applications
-
-Clusters running virtualized distributed unit (vDU) applications require a highly tuned and optimized configuration. The following information describes the various elements that you require to support vDU workloads in {product-title} {product-version} clusters.
-
-== Recommended cluster MachineConfig CRs
-
-The following `MachineConfig` CRs configure the cluster host:
-
-.Recommended MachineConfig CRs
-[cols=2*, width="80%", options="header"]
-|====
-|CR filename
-|Description
-
-|`02-workload-partitioning.yaml`
-|Configures workload partitioning for the cluster. Apply this `MachineConfig` CR when you install the cluster.
-
-|`MachineConfigSctp.yaml`
-|Loads the SCTP kernel module. This `MachineConfig` CR is optional and can be omitted if you do not require this kernel module.
-
-|`MachineConfigContainerMountNS.yaml`
-|Configures the container mount namespace and kubelet conf.
-
-|`MachineConfigAcceleratedStartup.yaml`
-|Configures accelerated startup for the cluster.
-
-|`06-kdump-master.yaml`, `06-kdump-worker.yaml`
-|Configures `kdump` for the cluster.
-|====
-
-== Recommended cluster Operators
-
-The following Operators are required for clusters running vDU applications and are a part of the baseline reference configuration:
-
-* Node Tuning Operator (NTO). NTO packages functionality that was previously delivered with the Performance Addon Operator, which is now a part of NTO.
-
-* PTP Operator
-
-* SR-IOV Network Operator
-
-* Red Hat OpenShift Logging Operator
-
-* Local Storage Operator
-
-== Recommended cluster kernel configuration
-
-Always use the latest supported realtime kernel version in your cluster. You should also ensure that the following configurations are applied in the cluster:
-
-. Ensure the following `additionalKernelArgs` are set in the cluster performance profile:
-+
-[source,yaml]
-----
-spec:
-  additionalKernelArgs:
-  - "idle=poll"
-  - "rcupdate.rcu_normal_after_boot=0"
-  - "efi=runtime"
-----
-
-. Ensure that the `performance-patch` profile in the `Tuned` CR configures the correct CPU isolation set that matches the `isolated` CPU set in the related `PerformanceProfile` CR, for example:
-+
-[source,yaml]
-----
-spec:
-  profile:
-    - name: performance-patch
-      # The 'include' line must match the associated PerformanceProfile name
-      # And the cmdline_crash CPU set must match the 'isolated' set in the associated PerformanceProfile
-      data: |
-        [main]
-        summary=Configuration changes profile inherited from performance created tuned
-        include=openshift-node-performance-openshift-node-performance-profile
-        [bootloader]
-        cmdline_crash=nohz_full=2-51,54-103 <1>
-        [sysctl]
-        kernel.timer_migration=1
-        [scheduler]
-        group.ice-ptp=0:f:10:*:ice-ptp.*
-        [service]
-        service.stalld=start,enable
-        service.chronyd=stop,disable
-----
-<1> Listed CPUs depend on the host hardware configuration, specifically the number of available CPUs in the system and the CPU topology.
-
-
-
diff --git a/modules/ztp-du-firmware-config-reference.adoc b/modules/ztp-du-firmware-config-reference.adoc
index 12515f7ea70c..ab0167b177a4 100644
--- a/modules/ztp-du-firmware-config-reference.adoc
+++ b/modules/ztp-du-firmware-config-reference.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc
 
-:_module-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ztp-du-firmware-config-reference_{context}"]
 = Recommended firmware configuration for vDU cluster hosts
 
@@ -93,4 +93,4 @@ Enable global SR-IOV and VT-d settings in the firmware for the host. These setti
 [NOTE]
 ====
 Enable both `C-states` and OS-controlled `P-States` to allow per pod power management.
-====
\ No newline at end of file
+====
diff --git a/modules/ztp-du-host-firmware-requirements.adoc b/modules/ztp-du-host-firmware-requirements.adoc
index 76d7213a430e..6200472795a5 100644
--- a/modules/ztp-du-host-firmware-requirements.adoc
+++ b/modules/ztp-du-host-firmware-requirements.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-du-configuring-host-firmware-requirements_{context}"]
 = Configuring host firmware for low latency and high performance
 
diff --git a/modules/ztp-enabling-assisted-installer-service-on-bare-metal.adoc b/modules/ztp-enabling-assisted-installer-service-on-bare-metal.adoc
index 140e16dc988c..3ababe7925d6 100644
--- a/modules/ztp-enabling-assisted-installer-service-on-bare-metal.adoc
+++ b/modules/ztp-enabling-assisted-installer-service-on-bare-metal.adoc
@@ -3,9 +3,9 @@
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
 [id="enabling-assisted-installer-service-on-bare-metal_{context}"]
-= Enabling the assisted service and updating AgentServiceConfig on the hub cluster
+= Enabling the assisted service
 
-{rh-rhacm-first} uses the assisted service to deploy {product-title} clusters. The assisted service is deployed automatically when you enable the MultiClusterHub Operator with Central Infrastructure Management (CIM). When you have enabled CIM on the hub cluster, you then need to update the `AgentServiceConfig` custom resource (CR) with references to the ISO and RootFS images that are hosted on the mirror registry HTTP server.
+{rh-rhacm-first} uses the assisted service to deploy {product-title} clusters. The assisted service is deployed automatically when you enable the MultiClusterHub Operator on {rh-rhacm-first}. After that, you need to configure the `Provisioning` resource to watch all namespaces and to update the `AgentServiceConfig` custom resource (CR) with references to the ISO and RootFS images that are hosted on the mirror registry HTTP server.
 
 .Prerequisites
 
@@ -13,10 +13,12 @@
 
 * You have logged in to the hub cluster as a user with `cluster-admin` privileges.
 
-* You have enabled the assisted service on the hub cluster. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#enable-cim[Enabling the Central Infrastructure Management service].
+* You have {rh-rhacm} with MultiClusterHub enabled.
 
 .Procedure
 
+. Enable the `Provisioning` resource to watch all namespaces and configure mirrors for disconnected environments. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#enable-cim[Enabling the central infrastructure management service].
+
 . Update the `AgentServiceConfig` CR by running the following command:
 +
 [source,terminal]
diff --git a/modules/ztp-enabling-workload-partitioning-sno.adoc b/modules/ztp-enabling-workload-partitioning-sno.adoc
index e3dfcbd26f63..1bf2c73c93b5 100644
--- a/modules/ztp-enabling-workload-partitioning-sno.adoc
+++ b/modules/ztp-enabling-workload-partitioning-sno.adoc
@@ -2,24 +2,33 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-workload-partitioning-sno_{context}"]
 = Workload partitioning in {sno} with {ztp}
 
 Workload partitioning configures {product-title} services, cluster management workloads, and infrastructure pods to run on a reserved number of host CPUs.
 
-To configure workload partitioning with {ztp-first}, you specify cluster management CPU resources with the `cpuset` field of the `SiteConfig` custom resource (CR) and the `reserved` field of the group `PolicyGenTemplate` CR.
-The {ztp} pipeline uses these values to populate the required fields in the workload partitioning `MachineConfig` CR (`cpuset`) and the `PerformanceProfile` CR (`reserved`) that configure the {sno} cluster.
+To configure workload partitioning with {ztp-first}, you configure a `cpuPartitioningMode` field in the `SiteConfig` custom resource (CR) that you use to install the cluster and you apply a `PerformanceProfile` CR that configures the `isolated` and `reserved` CPUs on the host.
+
+Configuring the `SiteConfig` CR enables workload partitioning at cluster installation time and applying the `PerformanceProfile` CR configures the specific allocation of CPUs to reserved and isolated sets.
+Both of these steps happen at different points during cluster provisioning.
 
 [NOTE]
 ====
-For maximum performance, ensure that the `reserved` and `isolated` CPU sets do not share CPU cores across NUMA zones.
+Configuring workload partitioning by using the `cpuPartitioningMode` field in the `SiteConfig` CR is a Tech Preview feature in {product-title} 4.13.
+
+Alternatively, you can specify cluster management CPU resources with the `cpuset` field of the `SiteConfig` custom resource (CR) and the `reserved` field of the group `PolicyGenTemplate` CR.
+The {ztp} pipeline uses these values to populate the required fields in the workload partitioning `MachineConfig` CR (`cpuset`) and the `PerformanceProfile` CR (`reserved`) that configure the {sno} cluster.
+This method is a General Availability feature in {product-title} 4.14.
 ====
 
-* The workload partitioning `MachineConfig` CR pins the {product-title} infrastructure pods to a defined `cpuset` configuration.
-* The `PerformanceProfile` CR pins the systemd services to the reserved CPUs.
+The workload partitioning configuration pins the {product-title} infrastructure pods to the `reserved` CPU set.
+Platform services such as systemd, CRI-O, and kubelet run on the `reserved` CPU set.
+The `isolated` CPU sets are exclusively allocated to your container workloads.
+Isolating CPUs ensures that the workload has guaranteed access to the specified CPUs without contention from other applications running on the same node.
+All CPUs that are not isolated should be reserved.
 
 [IMPORTANT]
 ====
-The value for the `reserved` field specified in the `PerformanceProfile` CR must match the `cpuset` field in the workload partitioning `MachineConfig` CR.
+Ensure that `reserved` and `isolated` CPU sets do not overlap with each other.
 ====
diff --git a/modules/ztp-example-hub-template-functions.adoc b/modules/ztp-example-hub-template-functions.adoc
index 8023dacf7dd5..614040dde5a1 100644
--- a/modules/ztp-example-hub-template-functions.adoc
+++ b/modules/ztp-example-hub-template-functions.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ztp-example-hub-template-functions_{context}"]
 = Example hub templates
 
diff --git a/modules/ztp-generating-install-and-config-crs-manually.adoc b/modules/ztp-generating-install-and-config-crs-manually.adoc
index 26654a32010b..eb75510924d8 100644
--- a/modules/ztp-generating-install-and-config-crs-manually.adoc
+++ b/modules/ztp-generating-install-and-config-crs-manually.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-generating-install-and-config-crs-manually_{context}"]
 = Generating {ztp} installation and configuration CRs manually
 
@@ -60,13 +60,23 @@ $ mkdir -p ./site-install
 
 . Modify the example `SiteConfig` CR for the cluster type that you want to install. Copy `example-sno.yaml` to `site-1-sno.yaml` and modify the CR to match the details of the site and bare-metal host that you want to install, for example:
 +
-include::snippets/ztp-example-siteconfig.adoc[]
-
-. Generate the day-0 installation CRs by processing the modified `SiteConfig` CR `site-1-sno.yaml` by running the following command:
+[source,yaml]
+----
+include::snippets/ztp_example-sno.yaml[]
+----
++
+[NOTE]
+====
+Once you have extracted reference CR configuration files from the `out/extra-manifest` directory of the `ztp-site-generate` container, you can use `extraManifests.searchPaths` to include the path to the git directory containing those files.
+This allows the {ztp} pipeline to apply those CR files during cluster installation.
+If you configure a `searchPaths` directory, the {ztp} pipeline does not fetch manifests from the `ztp-site-generate` container during site installation.
+====
+
+. Generate the Day 0 installation CRs by processing the modified `SiteConfig` CR `site-1-sno.yaml` by running the following command:
 +
 [source,terminal,subs="attributes+"]
 ----
-$ podman run -it --rm -v `pwd`/out/argocd/example/siteconfig:/resources:Z -v `pwd`/site-install:/output:Z,U registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version}.1 generator install site-1-sno.yaml /output
+$ podman run -it --rm -v `pwd`/out/argocd/example/siteconfig:/resources:Z -v `pwd`/site-install:/output:Z,U registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version} generator install site-1-sno.yaml /output
 ----
 +
 .Example output
@@ -88,7 +98,7 @@ site-install
     └── site-1-sno_nmstateconfig_example-node1.example.com.yaml
 ----
 
-. Optional: Generate just the day-0 `MachineConfig` installation CRs for a particular cluster type by processing the reference `SiteConfig` CR with the `-E` option. For example, run the following commands:
+. Optional: Generate just the Day 0 `MachineConfig` installation CRs for a particular cluster type by processing the reference `SiteConfig` CR with the `-E` option. For example, run the following commands:
 
 .. Create an output folder for the `MachineConfig` CRs:
 +
@@ -101,7 +111,7 @@ $ mkdir -p ./site-machineconfig
 +
 [source,terminal,subs="attributes+"]
 ----
-$ podman run -it --rm -v `pwd`/out/argocd/example/siteconfig:/resources:Z -v `pwd`/site-machineconfig:/output:Z,U registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version}.1 generator install -E site-1-sno.yaml /output
+$ podman run -it --rm -v `pwd`/out/argocd/example/siteconfig:/resources:Z -v `pwd`/site-machineconfig:/output:Z,U registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version} generator install -E site-1-sno.yaml /output
 ----
 +
 .Example output
@@ -114,20 +124,20 @@ site-machineconfig
     └── site-1-sno_machineconfig_predefined-extra-manifests-worker.yaml
 ----
 
-. Generate and export the day-2 configuration CRs using the reference `PolicyGenTemplate` CRs from the previous step. Run the following commands:
+. Generate and export the Day 2 configuration CRs using the reference `PolicyGenTemplate` CRs from the previous step. Run the following commands:
 
-.. Create an output folder for the day-2 CRs:
+.. Create an output folder for the Day 2 CRs:
 +
 [source,terminal]
 ----
 $ mkdir -p ./ref
 ----
 
-.. Generate and export the day-2 configuration CRs:
+.. Generate and export the Day 2 configuration CRs:
 +
 [source,terminal,subs="attributes+"]
 ----
-$ podman run -it --rm -v `pwd`/out/argocd/example/policygentemplates:/resources:Z -v `pwd`/ref:/output:Z,U registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version}.1 generator config -N . /output
+$ podman run -it --rm -v `pwd`/out/argocd/example/policygentemplates:/resources:Z -v `pwd`/ref:/output:Z,U registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version} generator config -N . /output
 ----
 +
 The command generates example group and site-specific `PolicyGenTemplate` CRs for {sno}, three-node clusters, and standard clusters in the `./ref` folder.
@@ -151,3 +161,31 @@ ref
 ----
 
 . Use the generated CRs as the basis for the CRs that you use to install the cluster. You apply the installation CRs to the hub cluster as described in "Installing a single managed cluster". The configuration CRs can be applied to the cluster after cluster installation is complete.
+
+.Verification
+
+* Verify that the custom roles and labels are applied after the node is deployed:
++
+[source,terminal]
+----
+$ oc describe node example-node.example.com
+----
+
+.Example output
+[source,terminal]
+----
+Name:   example-node.example.com
+Roles:  control-plane,example-label,master,worker
+Labels: beta.kubernetes.io/arch=amd64
+        beta.kubernetes.io/os=linux
+        custom-label/parameter1=true
+        kubernetes.io/arch=amd64
+        kubernetes.io/hostname=cnfdf03.telco5gran.eng.rdu2.redhat.com
+        kubernetes.io/os=linux
+        node-role.kubernetes.io/control-plane=
+        node-role.kubernetes.io/example-label= <1>
+        node-role.kubernetes.io/master=
+        node-role.kubernetes.io/worker=
+        node.openshift.io/os_id=rhcos
+----
+<1> The custom label is applied to the node.
\ No newline at end of file
diff --git a/modules/ztp-gitops-ztp-max-spoke-clusters.adoc b/modules/ztp-gitops-ztp-max-spoke-clusters.adoc
new file mode 100644
index 000000000000..e4a727fd90d7
--- /dev/null
+++ b/modules/ztp-gitops-ztp-max-spoke-clusters.adoc
@@ -0,0 +1,98 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc]
+
+:_mod-docs-content-type: REFERENCE
+[id="ztp-gitops-ztp-max-spoke-clusters_{context}"]
+= Recommended hub cluster specifications and managed cluster limits for {ztp}
+
+With {ztp-first}, you can manage thousands of clusters in geographically dispersed regions and networks.
+The Red Hat Performance and Scale lab successfully created and managed 3500 virtual {sno} clusters with a reduced DU profile from a single {rh-rhacm-first} hub cluster in a lab environment.
+
+In real-world situations, the scaling limits for the number of clusters that you can manage will vary depending on various factors affecting the hub cluster.
+For example:
+
+Hub cluster resources::
+Available hub cluster host resources (CPU, memory, storage) are an important factor in determining how many clusters the hub cluster can manage.
+The more resources allocated to the hub cluster, the more managed clusters it can accommodate.
+
+Hub cluster storage::
+The hub cluster host storage IOPS rating and whether the hub cluster hosts use NVMe storage can affect hub cluster performance and the number of clusters it can manage.
+
+Network bandwidth and latency::
+Slow or high-latency network connections between the hub cluster and managed clusters can impact how the hub cluster manages multiple clusters.
+
+Managed cluster size and complexity::
+The size and complexity of the managed clusters also affects the capacity of the hub cluster.
+Larger managed clusters with more nodes, namespaces, and resources require additional processing and management resources.
+Similarly, clusters with complex configurations such as the RAN DU profile or diverse workloads can require more resources from the hub cluster.
+
+Number of managed policies::
+The number of policies managed by the hub cluster scaled over the number of managed clusters bound to those policies is an important factor that determines how many clusters can be managed.
+
+Monitoring and management workloads::
+{rh-rhacm} continuously monitors and manages the managed clusters.
+The number and complexity of monitoring and management workloads running on the hub cluster can affect its capacity.
+Intensive monitoring or frequent reconciliation operations can require additional resources, potentially limiting the number of manageable clusters.
+
+{rh-rhacm} version and configuration::
+Different versions of {rh-rhacm} can have varying performance characteristics and resource requirements.
+Additionally, the configuration settings of {rh-rhacm}, such as the number of concurrent reconciliations or the frequency of health checks, can affect the managed cluster capacity of the hub cluster.
+
+Use the following representative configuration and network specifications to develop your own Hub cluster and network specifications.
+
+[IMPORTANT]
+====
+The following guidelines are based on internal lab benchmark testing only and do not represent complete bare-metal host specifications.
+====
+
+.Representative three-node hub cluster machine specifications
+[cols=2*, width="90%", options="header"]
+|====
+|Requirement
+|Description
+
+|{product-title}
+|version 4.13
+
+|{rh-rhacm}
+|version 2.7
+
+|{cgu-operator-first}
+|version 4.13
+
+|Server hardware
+|3 x Dell PowerEdge R650 rack servers
+
+|NVMe hard disks
+a|* 50 GB disk for `/var/lib/etcd`
+* 2.9 TB disk for `/var/lib/containers`
+
+|SSD hard disks
+a|* 1 SSD split into 15 200GB thin-provisioned logical volumes provisioned as `PV` CRs
+* 1 SSD serving as an extra large `PV` resource
+
+|Number of applied DU profile policies
+|5
+|====
+
+[IMPORTANT]
+====
+The following network specifications are representative of a typical real-world RAN network and were applied to the scale lab environment during testing.
+====
+
+.Simulated lab environment network specifications
+[cols=2*, width="90%", options="header"]
+|====
+|Specification
+|Description
+
+|Round-trip time (RTT) latency
+|50 ms
+
+|Packet loss
+|0.02% packet loss
+
+|Network bandwidth limit
+|20 Mbps
+|====
diff --git a/modules/ztp-installation-crs.adoc b/modules/ztp-installation-crs.adoc
index 29c59a6ba9d1..ee57ad2018dc 100644
--- a/modules/ztp-installation-crs.adoc
+++ b/modules/ztp-installation-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ztp-installation-crs_{context}"]
 = {rh-rhacm} generated cluster installation CRs reference
 
@@ -22,7 +22,7 @@ The following table lists the installation CRs that are automatically applied by
 
 |`BareMetalHost`
 |Contains the connection information for the Baseboard Management Controller (BMC) of the target bare-metal host.
-|Provides access to the BMC to load and start the discovery image on the target server. {ztp-first} supports iPXE and virtual media booting by using Redfish or IPMI protocols. To use iPXE booting, you must use {rh-rhacm} 2.8 or later.
+|Provides access to the BMC to load and start the discovery image on the target server by using the Redfish protocol.
 
 |`InfraEnv`
 |Contains information for installing {product-title} on the target bare-metal host.
diff --git a/modules/ztp-installing-the-new-gitops-ztp-applications.adoc b/modules/ztp-installing-the-new-gitops-ztp-applications.adoc
index 3cacc1b79296..9b1755c596fd 100644
--- a/modules/ztp-installing-the-new-gitops-ztp-applications.adoc
+++ b/modules/ztp-installing-the-new-gitops-ztp-applications.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-installing-the-new-gitops-ztp-applications_{context}"]
 = Installing the new {ztp} applications
 
diff --git a/modules/ztp-labeling-the-existing-clusters.adoc b/modules/ztp-labeling-the-existing-clusters.adoc
index 9bb63fe01401..743d33d204a8 100644
--- a/modules/ztp-labeling-the-existing-clusters.adoc
+++ b/modules/ztp-labeling-the-existing-clusters.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-labeling-the-existing-clusters_{context}"]
 = Labeling the existing clusters
 
diff --git a/modules/ztp-low-latency.adoc b/modules/ztp-low-latency.adoc
index 98b0b1540728..dce223417678 100644
--- a/modules/ztp-low-latency.adoc
+++ b/modules/ztp-low-latency.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-low-latency_{context}"]
 = Running low latency applications on {product-title}
 
diff --git a/modules/ztp-lvms-installing-lvms-cli.adoc b/modules/ztp-lvms-installing-lvms-cli.adoc
index c59b04c26226..e39a696c88c0 100644
--- a/modules/ztp-lvms-installing-lvms-cli.adoc
+++ b/modules/ztp-lvms-installing-lvms-cli.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-lvms-installing-using-cli_{context}"]
 = Installing {lvms} by using the CLI
 
diff --git a/modules/ztp-lvms-installing-lvms-web-console.adoc b/modules/ztp-lvms-installing-lvms-web-console.adoc
index 3e74c5f4ca2c..75b19cd3e44a 100644
--- a/modules/ztp-lvms-installing-lvms-web-console.adoc
+++ b/modules/ztp-lvms-installing-lvms-web-console.adoc
@@ -2,7 +2,7 @@
 //
 // scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-lvms-installing-using-web-console_{context}"]
 = Installing {lvms} by using the web console
 
diff --git a/modules/ztp-managed-cluster-network-prereqs.adoc b/modules/ztp-managed-cluster-network-prereqs.adoc
index dba9907a4263..2b27860c01e3 100644
--- a/modules/ztp-managed-cluster-network-prereqs.adoc
+++ b/modules/ztp-managed-cluster-network-prereqs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-managed-cluster-network-prereqs_{context}"]
 = Connectivity prerequisites for managed cluster networks
 
diff --git a/modules/ztp-managing-sriov-vlan-with-hub-cluster-templates-in-pgt.adoc b/modules/ztp-managing-sriov-vlan-with-hub-cluster-templates-in-pgt.adoc
deleted file mode 100644
index 617c66c38fdf..000000000000
--- a/modules/ztp-managing-sriov-vlan-with-hub-cluster-templates-in-pgt.adoc
+++ /dev/null
@@ -1,74 +0,0 @@
-// Module included in the following assemblies:
-//
-// * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
-
-:_content-type: PROCEDURE
-[id="ztp-managing-sriov-vlan-with-hub-cluster-templates-in-pgt_{context}"]
-= Specifying VLAN IDs in group PolicyGenTemplate CRs with hub cluster templates
-
-You can manage VLAN IDs for managed clusters in a single `ConfigMap` CR and use hub cluster templates to populate the VLAN IDs in the generated polices that get applied to the clusters.
-
-The following example shows how you how manage VLAN IDs in single `ConfigMap` CR and apply them in individual cluster polices by using a single `PolicyGenTemplate` group CR.
-
-[NOTE]
-====
-When using the `fromConfigmap` function, the `printf` variable is only available for the template resource `data` key fields.
-You cannot use it with `name` and `namespace` fields.
-====
-
-.Prerequisites
-
-* You have installed the OpenShift CLI (`oc`).
-
-* You have logged in to the hub cluster as a user with `cluster-admin` privileges.
-
-* You have created a Git repository where you manage your custom site configuration data.
-The repository must be accessible from the hub cluster and be defined as a source repository for the Argo CD application.
-
-.Procedure
-
-. Create a `ConfigMap` CR that describes the VLAN IDs for a group of cluster hosts. For example:
-+
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: site-data
-  namespace: ztp-group
-  annotations:
-    argocd.argoproj.io/sync-options: Replace=true <1>
-data:
-  site-1-vlan: "101"
-  site-2-vlan: "234"
-----
-<1> The `argocd.argoproj.io/sync-options` annotation is required only if the `ConfigMap` is larger than 1 MiB in size.
-+
-[NOTE]
-====
-The `ConfigMap` must be in the same namespace with the policy that has the hub template substitution.
-====
-
-. Commit the `ConfigMap` CR in Git, and then push to the Git repository being monitored by the Argo CD application.
-
-. Create a group PGT CR that uses a hub template to pull the required VLAN IDs from the `ConfigMap` object. For example, add the following YAML snippet to the group PGT CR:
-+
-[source,yaml]
-----
-- fileName: SriovNetwork.yaml
-    policyName: "config-policy"
-    metadata:
-      name: "sriov-nw-du-mh"
-      annotations:
-        ran.openshift.io/ztp-deploy-wave: "10"
-    spec:
-      resourceName: du_mh
-      vlan: '{{hub fromConfigMap "" "site-data" (printf "%s-vlan" .ManagedClusterName) | toInt hub}}'
-----
-
-. Commit the group `PolicyGenTemplate` CR in Git, and then push to the Git repository being monitored by the Argo CD application.
-+
-[NOTE]
-====
-Subsequent changes to the referenced `ConfigMap` CR are not automatically synced to the applied policies. You need to manually sync the new `ConfigMap` changes to update existing PolicyGenTemplate CRs. See "Syncing new ConfigMap changes to existing PolicyGenTemplate CRs".
-====
diff --git a/modules/ztp-manually-install-a-single-managed-cluster.adoc b/modules/ztp-manually-install-a-single-managed-cluster.adoc
index 7b268a95b8e9..f9660a485a3f 100644
--- a/modules/ztp-manually-install-a-single-managed-cluster.adoc
+++ b/modules/ztp-manually-install-a-single-managed-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-manually-install-a-single-managed-cluster_{context}"]
 = Installing a single managed cluster
 
diff --git a/modules/ztp-monitoring-installation-progress.adoc b/modules/ztp-monitoring-installation-progress.adoc
index 325dd258ebd2..56e8dba4b6de 100644
--- a/modules/ztp-monitoring-installation-progress.adoc
+++ b/modules/ztp-monitoring-installation-progress.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-monitoring-deployment-progress_{context}"]
 = Monitoring managed cluster installation progress
 
diff --git a/modules/ztp-monitoring-policy-deployment-progress.adoc b/modules/ztp-monitoring-policy-deployment-progress.adoc
index 0a2f8d6dd42e..7f3ba54f8003 100644
--- a/modules/ztp-monitoring-policy-deployment-progress.adoc
+++ b/modules/ztp-monitoring-policy-deployment-progress.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-monitoring-policy-deployment-progress_{context}"]
 = Monitoring managed cluster policy deployment progress
 
diff --git a/modules/ztp-precaching-booting-from-live-os.adoc b/modules/ztp-precaching-booting-from-live-os.adoc
index 4d9f4c470ab1..2af5ac3737b2 100644
--- a/modules/ztp-precaching-booting-from-live-os.adoc
+++ b/modules/ztp-precaching-booting-from-live-os.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc
 
-:_module-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-booting-from-live-os_{context}"]
 = Booting from a live operating system image
 
@@ -61,4 +61,4 @@ $ curl --globoff -L -w "%{http_code} %{url_effective}\\n" -ku ${username_passwor
 $ curl --globoff  -L -w "%{http_code} %{url_effective}\\n"  -ku ${username_password}  -H "Content-Type: application/json" -H "Accept: application/json" -d '{"Boot":{ "BootSourceOverrideEnabled": "Once", "BootSourceOverrideTarget": "Cd", "BootSourceOverrideMode": "UEFI"}}' -X PATCH https://$BMC_ADDRESS/redfish/v1/Systems/Self
 ----
 
-. Reboot and ensure that the server is booting from virtual media.
\ No newline at end of file
+. Reboot and ensure that the server is booting from virtual media.
diff --git a/modules/ztp-precaching-getting-tool.adoc b/modules/ztp-precaching-getting-tool.adoc
index 385230e74322..c59b07e2a3c7 100644
--- a/modules/ztp-precaching-getting-tool.adoc
+++ b/modules/ztp-precaching-getting-tool.adoc
@@ -2,11 +2,11 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc
 
-:_module-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-getting-tool_{context}"]
 = Getting the {factory-prestaging-tool}
 
-The {factory-prestaging-tool} Go binary is publicly available in link:quay.io/openshift-kni/telco-ran-tools:latest[the Telco RAN tools container image].
+The {factory-prestaging-tool} Go binary is publicly available in link:https://quay.io/openshift-kni/telco-ran-tools:latest[the {rds-first} tools container image].
 The {factory-prestaging-tool} Go binary in the container image is executed on the server running an {op-system} live image using `podman`.
 If you are working in a disconnected environment or have a private registry, you need to copy the image there so you can download the image to the server.
 
@@ -33,4 +33,4 @@ If you are working in a disconnected environment or have a private registry, you
 [source,terminal]
 ----
 factory-precaching-cli version 20221018.120852+main.feecf17
-----
\ No newline at end of file
+----
diff --git a/modules/ztp-precaching-troubleshooting.adoc b/modules/ztp-precaching-troubleshooting.adoc
index 663c36c05fbd..76cc73a375d3 100644
--- a/modules/ztp-precaching-troubleshooting.adoc
+++ b/modules/ztp-precaching-troubleshooting.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc
 
-:_module-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-pre-staging-troubleshooting_{context}"]
 = Troubleshooting
 
@@ -44,7 +44,7 @@ error: error rendering new refs: render reference "eko4.cloud.lab.eng.bos.redhat
 # cp /tmp/eko4-ca.crt /etc/pki/ca-trust/source/anchors/.
 ----
 
-. Update the certificates trust store:
+. Update the certificates truststore:
 +
 [source,terminal]
 ----
@@ -59,4 +59,4 @@ error: error rendering new refs: render reference "eko4.cloud.lab.eng.bos.redhat
 factory-precaching-cli download -r 4.11.5 --acm-version 2.5.4 \
    --mce-version 2.0.4 -f /mnt \--img quay.io/custom/repository
    --du-profile -s --skip-imageset
-----
\ No newline at end of file
+----
diff --git a/modules/ztp-preparing-for-the-gitops-ztp-upgrade.adoc b/modules/ztp-preparing-for-the-gitops-ztp-upgrade.adoc
index 5756ceaa44f9..75a85025db40 100644
--- a/modules/ztp-preparing-for-the-gitops-ztp-upgrade.adoc
+++ b/modules/ztp-preparing-for-the-gitops-ztp-upgrade.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-preparing-for-the-gitops-ztp-upgrade_{context}"]
 = Preparing for the upgrade
 
diff --git a/modules/ztp-preparing-the-hub-cluster-for-ztp.adoc b/modules/ztp-preparing-the-hub-cluster-for-ztp.adoc
index e389ee5139e9..de74ce520929 100644
--- a/modules/ztp-preparing-the-hub-cluster-for-ztp.adoc
+++ b/modules/ztp-preparing-the-hub-cluster-for-ztp.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-configuring-hub-cluster-with-argocd_{context}"]
 = Configuring the hub cluster with ArgoCD
 
@@ -48,6 +48,15 @@ $ oc patch argocd openshift-gitops \
 --patch-file out/argocd/deployment/argocd-openshift-gitops-patch.json
 ----
 
+. In {rh-rhacm} 2.7 and later, the multicluster engine enables the `cluster-proxy-addon` feature by default.
+To disable this feature, apply the following patch to disable and remove the relevant hub cluster and managed cluster pods that are responsible for this add-on.
+Run the following command:
++
+[source,terminal]
+----
+$ oc patch multiclusterengines.multicluster.openshift.io multiclusterengine --type=merge --patch-file out/argocd/deployment/disable-cluster-proxy-addon.json
+----
+
 . Apply the pipeline configuration to your hub cluster by using the following command:
 +
 [source,terminal]
diff --git a/modules/ztp-preparing-the-ztp-git-repository-ver-ind.adoc b/modules/ztp-preparing-the-ztp-git-repository-ver-ind.adoc
new file mode 100644
index 000000000000..a7b40af871a1
--- /dev/null
+++ b/modules/ztp-preparing-the-ztp-git-repository-ver-ind.adoc
@@ -0,0 +1,99 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ztp-preparing-the-ztp-git-repository-ver-ind_{context}"]
+= Preparing the {ztp} site configuration repository for version independence
+
+You can use {ztp} to manage source custom resources (CRs) for managed clusters that are running different versions of {product-title}.
+This means that the version of {product-title} running on the hub cluster can be independent of the version running on the managed clusters.
+
+.Procedure
+
+. Create a directory structure with separate paths for the `SiteConfig` and `PolicyGenTemplate` CRs.
+
+. Within the `PolicyGenTemplate` directory, create a directory for each {product-title} version you want to make available.
+For each version, create the following resources:
+* `kustomization.yaml` file that explicitly includes the files in that directory
+* `source-crs` directory to contain reference CR configuration files from the `ztp-site-generate` container
+
+. In the `/siteconfig` directory, create a subdirectory for each {product-title} version you want to make available. For each version, create at least one directory for reference CRs to be copied from the container. There is no restriction on the naming of directories or on the number of reference directories. If you want to work with user-provided CRs, you must create a separate directory for those.
++
+The following example describes a structure using user-provided CRs for different versions of {product-title}:
++
+[source,text]
+----
+├── policygentemplates
+│   ├── kustomization.yaml <1>
+│   ├── version_4.13 <2>
+│   │   ├── common-ranGen.yaml
+│   │   ├── group-du-sno-ranGen.yaml
+│   │   ├── group-du-sno-validator-ranGen.yaml
+│   │   ├── helix56-v413.yaml
+│   │   ├── kustomization.yaml <3>
+│   │   ├── ns.yaml
+│   │   └── source-crs/  <4>
+│   └── version_4.14 <2>
+│       ├── common-ranGen.yaml
+│       ├── group-du-sno-ranGen.yaml
+│       ├── group-du-sno-validator-ranGen.yaml
+│       ├── helix56-v414.yaml
+│       ├── kustomization.yaml <3>
+│       ├── ns.yaml
+│       └── source-crs/ <4>
+└── siteconfig
+    ├── kustomization.yaml
+    ├── version_4.13
+    │   ├── helix56-v413.yaml
+    │   ├── kustomization.yaml
+    │   ├── extra-manifest/ <5>
+    │   └── custom-manifest/ <6>
+    └── version_4.14
+        ├── helix57-v414.yaml
+        ├── kustomization.yaml
+        ├── extra-manifest/ <5>
+        └── custom-manifest/ <6>
+
+----
+<1> Create a top-level `kustomization` yaml file.
+<2> Create the version-specific directories within the custom `/policygentemplates` directory.
+<3> Create a `kustomization.yaml` file for each version.
+<4> Create a `source-crs` directory for each version to contain reference CRs from the `ztp-site-generate` container.
+<5> Create a directory within the custom `/siteconfig` directory to contain extra manifests from the `ztp-site-generate` container.
+<6> Create a folder to hold user-provided CRs.
++
+[NOTE]
+====
+In the previous example, each version subdirectory in the custom `/siteconfig` directory contains two further subdirectories, one containing the reference manifests copied from the container, the other for custom manifests that you provide.
+The names assigned to those directories are examples.
+If you use user-provided CRs, the last directory listed under `extraManifests.searchPaths` in the `SiteConfig` CR must be the directory containing user-provided CRs.
+====
+
+. Edit the `SiteConfig` CR to include the search paths of any directories you have created.
+The first directory that is listed under `extraManifests.searchPaths` must be the directory containing the reference manifests.
+Consider the order in which the directories are listed.
+In cases where directories contain files with the same name, the file in the final directory takes precedence.
++
+.Example SiteConfig CR
++
+[source,yaml]
+----
+extraManifests:
+    searchPaths:
+    - extra-manifest/ <1>
+    - custom-manifest/ <2>
+----
+<1>  The directory containing the reference manifests must be listed first under `extraManifests.searchPaths`.
+<2>  If you are using user-provided CRs, the last directory listed under `extraManifests.searchPaths` in the `SiteConfig` CR must be the directory containing those user-provided CRs.
+
+. Edit the top-level `kustomization.yaml` file to control which {product-title} versions are active. The following is an example of a `kustomization.yaml` file at the top level:
++
+[source,yaml]
+----
+resources:
+- version_4.13 <1>
+#- version_4.14 <2>
+----
+<1> Activate version 4.13.
+<2> Use comments to deactivate a version.
diff --git a/modules/ztp-preparing-the-ztp-git-repository.adoc b/modules/ztp-preparing-the-ztp-git-repository.adoc
index 7889926f4ff7..fa594dc35198 100644
--- a/modules/ztp-preparing-the-ztp-git-repository.adoc
+++ b/modules/ztp-preparing-the-ztp-git-repository.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-preparing-the-ztp-git-repository_{context}"]
 = Preparing the {ztp} site configuration repository
 
@@ -17,6 +17,12 @@ Before you can use the {ztp-first} pipeline, you need to prepare the Git reposit
 .Procedure
 
 . Create a directory structure with separate paths for the `SiteConfig` and `PolicyGenTemplate` CRs.
++
+[NOTE]
+====
+Keep `SiteConfig` and `PolicyGenTemplate` CRs in separate directories.
+Both the `SiteConfig` and `PolicyGenTemplate` directories must contain a `kustomization.yaml` file that explicitly includes the files in that directory.
+====
 
 . Export the `argocd` directory from the `ztp-site-generate` container image using the following commands:
 +
@@ -35,6 +41,7 @@ $ mkdir -p ./out
 $ podman run --log-driver=none --rm registry.redhat.io/openshift4/ztp-site-generate-rhel8:v{product-version} extract /home/ztp --tar | tar x -C ./out
 ----
 
+
 . Check that the `out` directory contains the following subdirectories:
 +
 * `out/extra-manifest` contains the source CR files that `SiteConfig` uses to generate extra manifest `configMap`.
@@ -42,26 +49,58 @@ $ podman run --log-driver=none --rm registry.redhat.io/openshift4/ztp-site-gener
 * `out/argocd/deployment` contains patches and YAML files to apply on the hub cluster for use in the next step of this procedure.
 * `out/argocd/example` contains the examples for `SiteConfig` and `PolicyGenTemplate` files that represent the recommended configuration.
 
-The directory structure under `out/argocd/example` serves as a reference for the structure and content of your Git repository. The example includes `SiteConfig` and `PolicyGenTemplate` reference CRs for single-node, three-node, and standard clusters. Remove references to cluster types that you are not using. The following example describes a set of CRs for a network of single-node clusters:
 
+. Copy the `out/source-crs` folder and contents to the `PolicyGentemplate` directory.
+
+. The out/extra-manifests directory contains the reference manifests for a RAN DU cluster.
+Copy the `out/extra-manifests` directory into the `SiteConfig` folder.
+This directory should contain CRs from the `ztp-site-generate` container only.
+Do not add user-provided CRs here.
+If you want to work with user-provided CRs you must create another directory for that content.
+For example:
++
 [source,text]
 ----
-example
-├── policygentemplates
-│   ├── common-ranGen.yaml
-│   ├── example-sno-site.yaml
-│   ├── group-du-sno-ranGen.yaml
-│   ├── group-du-sno-validator-ranGen.yaml
-│   ├── kustomization.yaml
-│   └── ns.yaml
-└── siteconfig
-    ├── example-sno.yaml
-    ├── KlusterletAddonConfigOverride.yaml
-    └── kustomization.yaml
+example/
+  ├── policygentemplates
+  │   ├── kustomization.yaml
+  │   └── source-crs/
+  └── siteconfig
+        ├── extra-manifests
+        └── kustomization.yaml
 ----
 
-Keep `SiteConfig` and `PolicyGenTemplate` CRs in separate directories. Both the `SiteConfig` and `PolicyGenTemplate` directories must contain a `kustomization.yaml` file that explicitly includes the files in that directory.
+. Commit the directory structure and the `kustomization.yaml` files and push to your Git repository.
+The initial push to Git should include the `kustomization.yaml` files.
+
+You can use the directory structure under `out/argocd/example` as a reference for the structure and content of your Git repository.
+That structure includes `SiteConfig` and `PolicyGenTemplate` reference CRs for single-node, three-node, and standard clusters.
+Remove references to cluster types that you are not using.
 
-This directory structure and the `kustomization.yaml` files must be committed and pushed to your Git repository. The initial push to Git should include the `kustomization.yaml` files. The `SiteConfig` (`example-sno.yaml`) and `PolicyGenTemplate` (`common-ranGen.yaml`, `group-du-sno*.yaml`, and `example-sno-site.yaml`) files can be omitted and pushed at a later time as required when deploying a site.
+For all cluster types, you must:
 
-The `KlusterletAddonConfigOverride.yaml` file is only required if one or more `SiteConfig` CRs which make reference to it are committed and pushed to Git. See `example-sno.yaml` for an example of how this is used.
+* Add the `source-crs` subdirectory to the `policygentemplate` directory.
+* Add the `extra-manifests` directory to the `siteconfig` directory.
+
+The following example describes a set of CRs for a network of single-node clusters:
+
+[source,text]
+----
+example/
+  ├── policygentemplates
+  │   ├── common-ranGen.yaml
+  │   ├── example-sno-site.yaml
+  │   ├── group-du-sno-ranGen.yaml
+  │   ├── group-du-sno-validator-ranGen.yaml
+  │   ├── kustomization.yaml
+  │   ├── source-crs/
+  │   └── ns.yaml
+  └── siteconfig
+        ├── example-sno.yaml
+        ├── extra-manifests/ <1>
+        ├── custom-manifests/ <2>
+        ├── KlusterletAddonConfigOverride.yaml
+        └── kustomization.yaml
+----
+<1> Contains reference manifests from the `ztp-container`.
+<2> Contains custom manifests.
diff --git a/modules/ztp-provisioning-lvm-storage.adoc b/modules/ztp-provisioning-lvm-storage.adoc
index 88ee121cbcbe..56b5d14e622e 100644
--- a/modules/ztp-provisioning-lvm-storage.adoc
+++ b/modules/ztp-provisioning-lvm-storage.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-provisioning-lvm-storage_{context}"]
 = Configuring {lvms} using PolicyGenTemplate CRs
 
@@ -11,6 +11,8 @@ You can configure {lvms-first} for managed clusters that you deploy with {ztp-fi
 [NOTE]
 ====
 You use {lvms} to persist event subscriptions when you use PTP events or bare-metal hardware events with HTTP transport.
+
+Use the Local Storage Operator for persistent storage that uses local volumes in distributed units.
 ====
 
 .Prerequisites
@@ -37,13 +39,31 @@ You use {lvms} to persist event subscriptions when you use PTP events or bare-me
     channel: stable-{product-version}
   policyName: subscription-policies
 ----
++
+[NOTE]
+====
+The Storage LVMO subscription is deprecated. In future releases of {product-title}, the storage LVMO subscription will not be available. Instead, you must use the Storage LVMS subscription.
+
+In {product-title} {product-version}, you can use the Storage LVMS subscription instead of the LVMO subscription. The LVMS subscription does not require manual overrides in the `common-ranGen.yaml` file. Add the following YAML to `spec.sourceFiles` in the `common-ranGen.yaml` file to use the Storage LVMS subscription:
+
+[source,yaml]
+----
+- fileName: StorageLVMSubscriptionNS.yaml
+  policyName: subscription-policies
+- fileName: StorageLVMSubscriptionOperGroup.yaml
+  policyName: subscription-policies
+- fileName: StorageLVMSubscription.yaml
+  policyName: subscription-policies
+----
+
+====
 
 . Add the `LVMCluster` CR to `spec.sourceFiles` in your specific group or individual site configuration file. For example, in the `group-du-sno-ranGen.yaml` file, add the following:
 +
 [source,yaml]
 ----
 - fileName: StorageLVMCluster.yaml
-  policyName: "lvmo-config" <1>
+  policyName: "lvms-config" <1>
   spec:
     storage:
       deviceClasses:
diff --git a/modules/ztp-recommended-cluster-kernel-config.adoc b/modules/ztp-recommended-cluster-kernel-config.adoc
index ad7b17a2dead..cdcfdd99b77e 100644
--- a/modules/ztp-recommended-cluster-kernel-config.adoc
+++ b/modules/ztp-recommended-cluster-kernel-config.adoc
@@ -16,6 +16,7 @@ spec:
   additionalKernelArgs:
   - "rcupdate.rcu_normal_after_boot=0"
   - "efi=runtime"
+  - "module_blacklist=irdma"
 ----
 
 . Ensure that the `performance-patch` profile in the `Tuned` CR configures the correct CPU isolation set that matches the `isolated` CPU set in the related `PerformanceProfile` CR, for example:
@@ -25,20 +26,19 @@ spec:
 spec:
   profile:
     - name: performance-patch
-      # The 'include' line must match the associated PerformanceProfile name
-      # And the cmdline_crash CPU set must match the 'isolated' set in the associated PerformanceProfile
+      # The 'include' line must match the associated PerformanceProfile name, for example:
+      # include=openshift-node-performance-${PerformanceProfile.metadata.name}
+      # When using the standard (non-realtime) kernel, remove the kernel.timer_migration override from the [sysctl] section
       data: |
         [main]
         summary=Configuration changes profile inherited from performance created tuned
         include=openshift-node-performance-openshift-node-performance-profile
-        [bootloader]
-        cmdline_crash=nohz_full=2-51,54-103 <1>
         [sysctl]
         kernel.timer_migration=1
         [scheduler]
         group.ice-ptp=0:f:10:*:ice-ptp.*
+        group.ice-gnss=0:f:10:*:ice-gnss.*
         [service]
         service.stalld=start,enable
         service.chronyd=stop,disable
 ----
-<1> Listed CPUs depend on the host hardware configuration, specifically the number of available CPUs in the system and the CPU topology.
diff --git a/modules/ztp-recommended-cluster-mc-crs.adoc b/modules/ztp-recommended-cluster-mc-crs.adoc
index c71cdf1c3355..2581b6644dc3 100644
--- a/modules/ztp-recommended-cluster-mc-crs.adoc
+++ b/modules/ztp-recommended-cluster-mc-crs.adoc
@@ -2,32 +2,55 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc
 
-:_module-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ztp-recommended-cluster-mc-crs_{context}"]
-= Recommended cluster MachineConfig CRs
+= Recommended cluster MachineConfig CRs for {sno} clusters
 
 Check that the `MachineConfig` custom resources (CRs) that you extract from the `ztp-site-generate` container are applied in the cluster. The CRs can be found in the extracted `out/source-crs/extra-manifest/` folder.
 
 The following `MachineConfig` CRs from the `ztp-site-generate` container configure the cluster host:
 
-.Recommended MachineConfig CRs
+.Recommended {ztp} MachineConfig CRs
 [cols=2*, options="header"]
 |====
-|CR filename
+|MachineConfig CR
 |Description
 
+a|`01-container-mount-ns-and-kubelet-conf-master.yaml`
+
+`01-container-mount-ns-and-kubelet-conf-worker.yaml`
+|Configures the container mount namespace and kubelet configuration.
+
 |`02-workload-partitioning.yaml`
-|Configures workload partitioning for the cluster. Apply this `MachineConfig` CR when you install the cluster.
+a|Configures workload partitioning for the cluster. Apply this `MachineConfig` CR when you install the cluster.
+[NOTE]
+====
+If you use the `cpuPartitioningMode` field in the `SiteConfig` CR to configure workload partitioning, you do not need to use the `02-workload-partitioning.yaml` CR.
+Using the `cpuPartitioningMode` field is a Technology Preview feature in {product-title} 4.13.
+For more information, see "Workload partitioning in {sno} with {ztp}".
+====
 
-|`03-sctp-machine-config-master.yaml`, `03-sctp-machine-config-worker.yaml`
+a|`03-sctp-machine-config-master.yaml`
+
+`03-sctp-machine-config-worker.yaml`
 |Loads the SCTP kernel module. These `MachineConfig` CRs are optional and can be omitted if you do not require this kernel module.
 
-|`01-container-mount-ns-and-kubelet-conf-master.yaml`, `01-container-mount-ns-and-kubelet-conf-worker.yaml`
-|Configures the container mount namespace and Kubelet configuration.
+a|`04-accelerated-container-startup-master.yaml`
 
-|`04-accelerated-container-startup-master.yaml`, `04-accelerated-container-startup-worker.yaml`
+`04-accelerated-container-startup-worker.yaml`
 |Configures accelerated startup for the cluster.
 
-|`06-kdump-master.yaml`, `06-kdump-worker.yaml`
-|Configures `kdump` for the cluster.
+a|`05-kdump-config-master.yaml`
+
+`05-kdump-config-worker.yaml`
+
+`06-kdump-master.yaml`
+
+`06-kdump-worker.yaml`
+|Configures kdump crash reporting for the cluster.
+
+a|`99-crio-disable-wipe-master.yaml`
+
+`99-crio-disable-wipe-worker.yaml`
+|Disables the automatic CRI-O cache wipe following cluster reboot.
 |====
diff --git a/modules/ztp-removing-content-from-managed-clusters.adoc b/modules/ztp-removing-content-from-managed-clusters.adoc
new file mode 100644
index 000000000000..b1c2da749cbf
--- /dev/null
+++ b/modules/ztp-removing-content-from-managed-clusters.adoc
@@ -0,0 +1,127 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ztp-removing-content-from-managed-clusters_{context}"]
+= Changing applied managed cluster CRs using policies
+
+You can remove content from a custom resource (CR) that is deployed in a managed cluster through a policy.
+
+By default, all `Policy` CRs created from a `PolicyGenTemplate` CR have the `complianceType` field set to `musthave`.
+A `musthave` policy without the removed content is still compliant because the CR on the managed cluster has all the specified content.
+With this configuration, when you remove content from a CR, {cgu-operator} removes the content from the policy but the content is not removed from the CR on the managed cluster.
+
+With the `complianceType` field to `mustonlyhave`, the policy ensures that the CR on the cluster is an exact match of what is specified in the policy.
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+
+* You have logged in to the hub cluster as a user with `cluster-admin` privileges.
+
+* You have deployed a managed cluster from a hub cluster running {rh-rhacm}.
+
+* You have installed {cgu-operator-full} on the hub cluster.
+
+.Procedure
+
+. Remove the content that you no longer need from the affected CRs. In this example, the `disableDrain: false` line was removed from the `SriovOperatorConfig` CR.
++
+.Example CR
+
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovOperatorConfig
+metadata:
+  name: default
+  namespace: openshift-sriov-network-operator
+spec:
+  configDaemonNodeSelector:
+    "node-role.kubernetes.io/$mcp": ""
+  disableDrain: true
+  enableInjector: true
+  enableOperatorWebhook: true
+----
+
+. Change the `complianceType` of the affected policies to `mustonlyhave` in the `group-du-sno-ranGen.yaml` file.
++
+.Example YAML
+[source,yaml]
+----
+# ...
+- fileName: SriovOperatorConfig.yaml
+  policyName: "config-policy"
+  complianceType: mustonlyhave
+# ...
+----
+
+. Create a `ClusterGroupUpdates` CR and specify the clusters that must receive the CR changes::
++
+.Example ClusterGroupUpdates CR
+[source,yaml]
+----
+apiVersion: ran.openshift.io/v1alpha1
+kind: ClusterGroupUpgrade
+metadata:
+  name: cgu-remove
+  namespace: default
+spec:
+  managedPolicies:
+    - ztp-group.group-du-sno-config-policy
+  enable: false
+  clusters:
+  - spoke1
+  - spoke2
+  remediationStrategy:
+    maxConcurrency: 2
+    timeout: 240
+  batchTimeoutAction:
+----
+
+. Create the `ClusterGroupUpgrade` CR by running the following command:
++
+[source,terminal]
+----
+$ oc create -f cgu-remove.yaml
+----
+
+. When you are ready to apply the changes, for example, during an appropriate maintenance window, change the value of the `spec.enable` field to `true` by running the following command:
++
+[source,terminal]
+----
+$ oc --namespace=default patch clustergroupupgrade.ran.openshift.io/cgu-remove \
+--patch '{"spec":{"enable":true}}' --type=merge
+----
+
+.Verification
+
+. Check the status of the policies by running the following command:
++
+[source,terminal]
+----
+$ oc get <kind> <changed_cr_name>
+----
+
++
+.Example output
+[source,terminal]
+----
+NAMESPACE   NAME                                                   REMEDIATION ACTION   COMPLIANCE STATE   AGE
+default     cgu-ztp-group.group-du-sno-config-policy               enforce                                 17m
+default     ztp-group.group-du-sno-config-policy                   inform               NonCompliant       15h
+----
+
++
+When the `COMPLIANCE STATE` of the policy is `Compliant`, it means that the CR is updated and the unwanted content is removed.
+
+. Check that the policies are removed from the targeted clusters by running the following command on the managed clusters:
++
+[source,terminal]
+----
+$ oc get <kind> <changed_cr_name>
+----
+
++
+If there are no results, the CR is removed from the managed cluster.
\ No newline at end of file
diff --git a/modules/ztp-removing-obsolete-content.adoc b/modules/ztp-removing-obsolete-content.adoc
index aaee5571a4cd..4c37b6707b9d 100644
--- a/modules/ztp-removing-obsolete-content.adoc
+++ b/modules/ztp-removing-obsolete-content.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-removing-obsolete-content_{context}"]
 = Removing obsolete content from the {ztp} pipeline
 
diff --git a/modules/ztp-required-changes-to-the-git-repository.adoc b/modules/ztp-required-changes-to-the-git-repository.adoc
index cd741ee8ce4d..ceafb63998db 100644
--- a/modules/ztp-required-changes-to-the-git-repository.adoc
+++ b/modules/ztp-required-changes-to-the-git-repository.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-required-changes-to-the-git-repository_{context}"]
 = Required changes to the Git repository
 
diff --git a/modules/ztp-restarting-policies-reconciliation.adoc b/modules/ztp-restarting-policies-reconciliation.adoc
index 703e8af1ce25..bf041b2ad7af 100644
--- a/modules/ztp-restarting-policies-reconciliation.adoc
+++ b/modules/ztp-restarting-policies-reconciliation.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-restarting-policies-reconciliation_{context}"]
 = Restarting policy reconciliation
 
diff --git a/modules/ztp-roll-out-the-configuration-changes.adoc b/modules/ztp-roll-out-the-configuration-changes.adoc
index d8d86ca14d54..69185d0442df 100644
--- a/modules/ztp-roll-out-the-configuration-changes.adoc
+++ b/modules/ztp-roll-out-the-configuration-changes.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-roll-out-the-configuration-changes_{context}"]
 = Rolling out the {ztp} configuration changes
 
diff --git a/modules/ztp-site-cleanup.adoc b/modules/ztp-site-cleanup.adoc
index 13e754ada1c8..de42413d0011 100644
--- a/modules/ztp-site-cleanup.adoc
+++ b/modules/ztp-site-cleanup.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-site-cleanup_{context}"]
 = Removing a managed cluster site from the {ztp} pipeline
 
@@ -14,7 +14,7 @@ You can remove a managed site and the associated installation and configuration
 
 * You have logged in to the hub cluster as a user with `cluster-admin` privileges.
 
-.Precedure
+.Procedure
 
 . Remove a site and the associated CRs by removing the associated `SiteConfig` and `PolicyGenTemplate` files from the `kustomization.yaml` file.
 +
diff --git a/modules/ztp-sno-du-accelerating-container-startup.adoc b/modules/ztp-sno-du-accelerating-container-startup.adoc
index c13509ee4eca..b7b5ebc52963 100644
--- a/modules/ztp-sno-du-accelerating-container-startup.adoc
+++ b/modules/ztp-sno-du-accelerating-container-startup.adoc
@@ -2,10 +2,14 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-accelerating-container-startup_{context}"]
 = Accelerated container startup
 
 The following `MachineConfig` CR configures core OpenShift processes and containers to use all available CPU cores during system startup and shutdown. This accelerates the system recovery during initial boot and reboots.
 
-include::snippets/ztp-04-accelerated-container-startup-master.adoc[]
+.Recommended accelerated container startup configuration (`04-accelerated-container-startup-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_04-accelerated-container-startup-master.yaml[]
+----
diff --git a/modules/ztp-sno-du-configuring-crun-container-runtime.adoc b/modules/ztp-sno-du-configuring-crun-container-runtime.adoc
index 37a9f3e3dd67..ac22be08362f 100644
--- a/modules/ztp-sno-du-configuring-crun-container-runtime.adoc
+++ b/modules/ztp-sno-du-configuring-crun-container-runtime.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-crun-container-runtime_{context}"]
 = Configuring crun as the default container runtime
 
@@ -11,10 +11,18 @@ The crun container runtime is fast and lightweight and has a low memory footprin
 
 [IMPORTANT]
 ====
-For optimal performance, enable crun for master and worker nodes in {sno}, {3no}, and standard clusters.
-To avoid the cluster rebooting when the CR is applied, apply the change as a {ztp} additional day-0 install-time manifest.
+For optimal performance, enable crun for control plane and worker nodes in {sno}, {3no}, and standard clusters.
+To avoid the cluster rebooting when the CR is applied, apply the change as a {ztp} additional Day 0 install-time manifest.
 ====
 
-include::snippets/ztp-07-ztp-sno-du-configuring-crun-container-runtime-master.adoc[]
+.Recommended `ContainerRuntimeConfig` CR for control plane nodes (`enable-crun-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_enable-crun-master.yaml[]
+----
 
-include::snippets/ztp-08-ztp-sno-du-configuring-crun-container-runtime-worker.adoc[]
+.Recommended `ContainerRuntimeConfig` CR for worker nodes (`enable-crun-worker.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_enable-crun-worker.yaml[]
+----
diff --git a/modules/ztp-sno-du-configuring-logging-locally-and-forwarding.adoc b/modules/ztp-sno-du-configuring-logging-locally-and-forwarding.adoc
index b3b51bdb5f15..12bebec0e1fb 100644
--- a/modules/ztp-sno-du-configuring-logging-locally-and-forwarding.adoc
+++ b/modules/ztp-sno-du-configuring-logging-locally-and-forwarding.adoc
@@ -2,10 +2,22 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-logging-locally-and-forwarding_{context}"]
 = Cluster logging and log forwarding
 
-{sno-caps} clusters that run DU workloads require logging and log forwarding for debugging. The following example YAML illustrates the required `ClusterLogging` and `ClusterLogForwarder` CRs.
+{sno-caps} clusters that run DU workloads require logging and log forwarding for debugging. The following `ClusterLogging` and `ClusterLogForwarder` custom resources (CRs) are required.
 
-include::snippets/ztp-cluster-logging.adoc[]
+.Recommended cluster logging configuration (`ClusterLogging.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogging.yaml[]
+----
+
+.Recommended log forwarding configuration (`ClusterLogForwarder.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogForwarder.yaml[]
+----
+
+Set the `spec.outputs.url` field to the URL of the Kafka server where the logs are forwarded to.
diff --git a/modules/ztp-sno-du-configuring-lvms.adoc b/modules/ztp-sno-du-configuring-lvms.adoc
index 569668dff97a..097470a61eed 100644
--- a/modules/ztp-sno-du-configuring-lvms.adoc
+++ b/modules/ztp-sno-du-configuring-lvms.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="lvms-configuring-lvms-on-sno_{context}"]
 = {lvms}
 
@@ -15,4 +15,18 @@ The recommended storage solution for {sno} is the Local Storage Operator. Altern
 
 The following YAML example configures the storage of the node to be available to {product-title} applications.
 
-include::snippets/ztp-storage-lvms.adoc[]
\ No newline at end of file
+.Recommended `LVMCluster` configuration (`StorageLVMCluster.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_StorageLVMCluster.yaml[]
+----
+
+.`LVMCluster` CR options for {sno} clusters
+[cols=2*, width="90%", options="header"]
+|====
+|LVMCluster CR field
+|Description
+
+|`deviceSelector.paths`
+|Configure the disks used for LVM storage. If no disks are specified, the {lvms} uses all the unused disks in the specified thin pool.
+|====
diff --git a/modules/ztp-sno-du-configuring-performance-addons.adoc b/modules/ztp-sno-du-configuring-performance-addons.adoc
index 092e47a0ddd8..69bc4fdf52ab 100644
--- a/modules/ztp-sno-du-configuring-performance-addons.adoc
+++ b/modules/ztp-sno-du-configuring-performance-addons.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-performance-addons_{context}"]
 = Performance profile
 
@@ -13,6 +13,12 @@
 In earlier versions of {product-title}, the Performance Addon Operator was used to implement automatic tuning to achieve low latency performance for OpenShift applications. In {product-title} 4.11 and later, this functionality is part of the Node Tuning Operator.
 ====
 
-The following example `PerformanceProfile` CR illustrates the required cluster configuration.
+The following example `PerformanceProfile` CR illustrates the required {sno} cluster configuration.
 
-include::snippets/ztp-performance-profile.adoc[]
+.Recommended performance profile configuration (`PerformanceProfile.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PerformanceProfile.yaml[]
+----
+
+include::snippets/performance-profile-workload-partitioning.adoc[]
diff --git a/modules/ztp-sno-du-configuring-ptp.adoc b/modules/ztp-sno-du-configuring-ptp.adoc
index 4827607aafb8..84fa11ca2729 100644
--- a/modules/ztp-sno-du-configuring-ptp.adoc
+++ b/modules/ztp-sno-du-configuring-ptp.adoc
@@ -2,10 +2,37 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-ptp_{context}"]
 = PTP
 
-{sno-caps} clusters use Precision Time Protocol (PTP) for network time synchronization. The following example `PtpConfig` CR illustrates the required PTP slave configuration.
+{sno-caps} clusters use Precision Time Protocol (PTP) for network time synchronization.
+The following example `PtpConfig` CRs illustrate the required PTP configurations for ordinary clocks, boundary clocks, and grandmaster clocks.
+The exact configuration you apply will depend on the node hardware and specific use case.
 
-include::snippets/ztp-ptp-config.adoc[]
+.Recommended PTP ordinary clock configuration (`PtpConfigSlave.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PtpConfigSlave.yaml[]
+----
+
+
+.Recommended boundary clock configuration (`PtpConfigBoundary.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PtpConfigBoundary.yaml[]
+----
+
+.Recommended PTP Westport Channel e810 grandmaster clock configuration (`PtpConfigGmWpc.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PtpConfigGmWpc.yaml[]
+----
+
+The following optional `PtpOperatorConfig` CR configures PTP events reporting for the node.
+
+.Recommended PTP events configuration (`PtpOperatorConfigForEvent.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PtpOperatorConfigForEvent.yaml[]
+----
diff --git a/modules/ztp-sno-du-configuring-sriov.adoc b/modules/ztp-sno-du-configuring-sriov.adoc
index 4b20f509106e..2ee382967d83 100644
--- a/modules/ztp-sno-du-configuring-sriov.adoc
+++ b/modules/ztp-sno-du-configuring-sriov.adoc
@@ -2,10 +2,96 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-sriov_{context}"]
 = SR-IOV
 
-Single root I/O virtualization (SR-IOV) is commonly used to enable the fronthaul and the midhaul networks. The following YAML example configures SR-IOV for a {sno} cluster.
+Single root I/O virtualization (SR-IOV) is commonly used to enable fronthaul and midhaul networks. The following YAML example configures SR-IOV for a {sno} cluster.
 
-include::snippets/ztp-sriov-du-config.adoc[]
+[NOTE]
+====
+The configuration of the `SriovNetwork` CR will vary depending on your specific network and infrastructure requirements.
+====
+
+.Recommended `SriovOperatorConfig` CR configuration (`SriovOperatorConfig.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_SriovOperatorConfig.yaml[]
+----
+
+.`SriovOperatorConfig` CR options for {sno} clusters
+[cols=2*, width="90%", options="header"]
+|====
+|SriovOperatorConfig CR field
+|Description
+
+|`spec.enableInjector`
+a|Disable `Injector` pods to reduce the number of management pods.
+Start with the `Injector` pods enabled, and only disable them after verifying the user manifests.
+If the injector is disabled, containers that use SR-IOV resources must explicitly assign them in the `requests` and `limits` section of the container spec.
+
+For example:
+[source,yaml]
+----
+containers:
+- name: my-sriov-workload-container
+  resources:
+    limits:
+      openshift.io/<resource_name>:  "1"
+    requests:
+      openshift.io/<resource_name>:  "1"
+----
+
+|`spec.enableOperatorWebhook`
+|Disable `OperatorWebhook` pods to reduce the number of management pods. Start with the `OperatorWebhook` pods enabled, and only disable them after verifying the user manifests.
+
+|====
+
+.Recommended `SriovNetwork` configuration (`SriovNetwork.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_SriovNetwork.yaml[]
+----
+
+.`SriovNetwork` CR options for {sno} clusters
+[cols=2*, width="90%", options="header"]
+|====
+|SriovNetwork CR field
+|Description
+
+|`spec.vlan`
+|Configure `vlan` with the VLAN for the midhaul network.
+|====
+
+.Recommended `SriovNetworkNodePolicy` CR configuration (`SriovNetworkNodePolicy.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_SriovNetworkNodePolicy.yaml[]
+----
+
+.`SriovNetworkPolicy` CR options for {sno} clusters
+[cols=2*, width="90%", options="header"]
+|====
+|SriovNetworkNodePolicy CR field
+|Description
+
+|`spec.deviceType`
+|Configure `deviceType` as `vfio-pci` or `netdevice`.
+For Mellanox NICs, set `deviceType: netdevice`, and `isRdma: true`.
+For Intel based NICs, set `deviceType: vfio-pci` and `isRdma: false`.
+
+|`spec.nicSelector.pfNames`
+|Specifies the interface connected to the fronthaul network.
+
+|`spec.numVfs`
+|Specifies the number of VFs for the fronthaul network.
+
+|`spec.nicSelector.pfNames`
+|The exact name of physical function must match the hardware.
+|====
+
+.Recommended SR-IOV kernel configurations (`07-sriov-related-kernel-args-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_07-sriov-related-kernel-args-master.yaml[]
+----
diff --git a/modules/ztp-sno-du-configuring-the-container-mountspace.adoc b/modules/ztp-sno-du-configuring-the-container-mountspace.adoc
index 3422cbe26656..34ec04b0852a 100644
--- a/modules/ztp-sno-du-configuring-the-container-mountspace.adoc
+++ b/modules/ztp-sno-du-configuring-the-container-mountspace.adoc
@@ -2,10 +2,15 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-the-container-mountspace_{context}"]
 = Reduced platform management footprint
 
-To reduce the overall management footprint of the platform, a `MachineConfig` custom resource (CR) is required that places all Kubernetes-specific mount points in a new namespace separate from the host operating system. The following base64-encoded example `MachineConfig` CR illustrates this configuration.
+To reduce the overall management footprint of the platform, a `MachineConfig` custom resource (CR) is required that places all Kubernetes-specific mount points in a new namespace separate from the host operating system.
+The following base64-encoded example `MachineConfig` CR illustrates this configuration.
 
-include::snippets/ztp-container-mount-namespace-and-kubelet-conf-master.adoc[]
+.Recommended container mount namespace configuration (`01-container-mount-ns-and-kubelet-conf-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_01-container-mount-ns-and-kubelet-conf-master.yaml[]
+----
diff --git a/modules/ztp-sno-du-configuring-the-operators.adoc b/modules/ztp-sno-du-configuring-the-operators.adoc
index ad66a89f97bb..53b3617fd803 100644
--- a/modules/ztp-sno-du-configuring-the-operators.adoc
+++ b/modules/ztp-sno-du-configuring-the-operators.adoc
@@ -2,17 +2,66 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-configuring-the-operators_{context}"]
-= Operator namespaces and Operator groups
+= Operators
 
-{sno-caps} clusters that run DU workloads require the following `OperatorGroup` and `Namespace` custom resources (CRs):
+{sno-caps} clusters that run DU workloads require the following Operators to be installed:
 
 * Local Storage Operator
 * Logging Operator
 * PTP Operator
 * SR-IOV Network Operator
 
-The following YAML summarizes these CRs:
+You also need to configure a custom `CatalogSource` CR, disable the default `OperatorHub` configuration, and configure an `ImageContentSourcePolicy` mirror registry that is accessible from the clusters that you install.
 
-include::snippets/ztp-operator-groups-namespace.adoc[]
+.Recommended Storage Operator namespace and Operator group configuration (`StorageNS.yaml`, `StorageOperGroup.yaml`)
+[source,yaml]
+----
+---
+include::snippets/ztp_StorageNS.yaml[]
+---
+include::snippets/ztp_StorageOperGroup.yaml[]
+----
+
+.Recommended Cluster Logging Operator namespace and Operator group configuration (`ClusterLogNS.yaml`, `ClusterLogOperGroup.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogNS.yaml[]
+include::snippets/ztp_ClusterLogOperGroup.yaml[]
+----
+
+.Recommended PTP Operator namespace and Operator group configuration (`PtpSubscriptionNS.yaml`, `PtpSubscriptionOperGroup.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PtpSubscriptionNS.yaml[]
+---
+include::snippets/ztp_PtpSubscriptionOperGroup.yaml[]
+----
+
+.Recommended SR-IOV Operator namespace and Operator group configuration (`SriovSubscriptionNS.yaml`, `SriovSubscriptionOperGroup.yaml`)
+[source,yaml]
+----
+---
+include::snippets/ztp_SriovSubscriptionNS.yaml[]
+---
+include::snippets/ztp_SriovSubscriptionOperGroup.yaml[]
+----
+
+.Recommended `CatalogSource` configuration (`DefaultCatsrc.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_DefaultCatsrc.yaml[]
+----
+
+.Recommended `ImageContentSourcePolicy` configuration (`DisconnectedICSP.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_DisconnectedICSP.yaml[]
+----
+
+.Recommended `OperatorHub` configuration (`OperatorHub.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_OperatorHub.yaml[]
+----
diff --git a/modules/ztp-sno-du-configuring-time-sync.adoc b/modules/ztp-sno-du-configuring-time-sync.adoc
new file mode 100644
index 000000000000..e976bca8866a
--- /dev/null
+++ b/modules/ztp-sno-du-configuring-time-sync.adoc
@@ -0,0 +1,21 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ztp-sno-du-configuring-time-sync_{context}"]
+= Configuring cluster time synchronization
+
+Run a one-time system time synchronization job for control plane or worker nodes.
+
+.Recommended one time time-sync for control plane nodes (`99-sync-time-once-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_99-sync-time-once-master.yaml[]
+----
+
+.Recommended one time time-sync for worker nodes (`99-sync-time-once-worker.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_99-sync-time-once-worker.yaml[]
+----
diff --git a/modules/ztp-sno-du-disabling-crio-wipe.adoc b/modules/ztp-sno-du-disabling-crio-wipe.adoc
new file mode 100644
index 000000000000..913ab96b1df0
--- /dev/null
+++ b/modules/ztp-sno-du-disabling-crio-wipe.adoc
@@ -0,0 +1,23 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="ztp-sno-du-disabling-crio-wipe_{context}"]
+= Disable automatic CRI-O cache wipe
+
+After an uncontrolled host shutdown or cluster reboot, CRI-O automatically deletes the entire CRI-O cache, causing all images to be pulled from the registry when the node reboots.
+This can result in unacceptably slow recovery times or recovery failures.
+To prevent this from happening in {sno} clusters that you install with {ztp}, disable the CRI-O delete cache feature during cluster installation.
+
+.Recommended `MachineConfig` CR to disable CRI-O cache wipe on control plane nodes (`99-crio-disable-wipe-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_99-crio-disable-wipe-master.yaml[]
+----
+
+.Recommended `MachineConfig` CR to disable CRI-O cache wipe on worker nodes (`99-crio-disable-wipe-worker.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_99-crio-disable-wipe-worker.yaml[]
+----
diff --git a/modules/ztp-sno-du-disabling-network-diagnostics.adoc b/modules/ztp-sno-du-disabling-network-diagnostics.adoc
index 49846aaba2bb..30cdb5d48a62 100644
--- a/modules/ztp-sno-du-disabling-network-diagnostics.adoc
+++ b/modules/ztp-sno-du-disabling-network-diagnostics.adoc
@@ -2,10 +2,14 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-disabling-network-diagnostics_{context}"]
 = Network diagnostics
 
 {sno-caps} clusters that run DU workloads require less inter-pod network connectivity checks to reduce the additional load created by these pods. The following custom resource (CR) disables these checks.
 
-include::snippets/ztp-network-diagnostics.adoc[]
+.Recommended network diagnostics configuration (`DisableSnoNetworkDiag.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_DisableSnoNetworkDiag.yaml[]
+----
diff --git a/modules/ztp-sno-du-enabling-kdump.adoc b/modules/ztp-sno-du-enabling-kdump.adoc
index 1a7fcadaaa52..cc5ee40b136d 100644
--- a/modules/ztp-sno-du-enabling-kdump.adoc
+++ b/modules/ztp-sno-du-enabling-kdump.adoc
@@ -2,10 +2,32 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-enabling-kdump_{context}"]
 = Automatic kernel crash dumps with kdump
 
-`kdump` is a Linux kernel feature that creates a kernel crash dump when the kernel crashes. `kdump` is enabled with the following `MachineConfig` CR:
+`kdump` is a Linux kernel feature that creates a kernel crash dump when the kernel crashes. `kdump` is enabled with the following `MachineConfig` CRs.
 
-include::snippets/ztp-06-kdump-enable-master.adoc[]
+.Recommended `MachineConfig` CR to remove ice driver from control plane kdump logs (`05-kdump-config-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_05-kdump-config-master.yaml[]
+----
+
+.Recommended control plane node kdump configuration (`06-kdump-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_06-kdump-master.yaml[]
+----
+
+.Recommended `MachineConfig` CR to remove ice driver from worker node kdump logs (`05-kdump-config-worker.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_05-kdump-config-worker.yaml[]
+----
+
+.Recommended kdump worker node configuration (`06-kdump-worker.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_06-kdump-worker.yaml[]
+----
diff --git a/modules/ztp-sno-du-enabling-sctp.adoc b/modules/ztp-sno-du-enabling-sctp.adoc
index db1ce9e6ef85..3f9394d013ac 100644
--- a/modules/ztp-sno-du-enabling-sctp.adoc
+++ b/modules/ztp-sno-du-enabling-sctp.adoc
@@ -2,10 +2,20 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-enabling-sctp_{context}"]
 = SCTP
 
 Stream Control Transmission Protocol (SCTP) is a key protocol used in RAN applications. This `MachineConfig` object adds the SCTP kernel module to the node to enable this protocol.
 
-include::snippets/ztp-load-sctp-module.adoc[]
+.Recommended control plane node SCTP configuration (`03-sctp-machine-config-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_03-sctp-machine-config-master.yaml[]
+----
+
+.Recommended worker node SCTP configuration (`03-sctp-machine-config-worker.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_03-sctp-machine-config-worker.yaml[]
+----
diff --git a/modules/ztp-sno-du-enabling-workload-partitioning.adoc b/modules/ztp-sno-du-enabling-workload-partitioning.adoc
index 42eaad4384a1..6693a35355d0 100644
--- a/modules/ztp-sno-du-enabling-workload-partitioning.adoc
+++ b/modules/ztp-sno-du-enabling-workload-partitioning.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-enabling-workload-partitioning_{context}"]
 = Workload partitioning
 
@@ -10,49 +10,44 @@
 
 [NOTE]
 ====
-Workload partitioning can only be enabled during cluster installation. You cannot disable workload partitioning post-installation. However, you can reconfigure workload partitioning by updating the `cpu` value that you define in the performance profile, and in the related `MachineConfig` custom resource (CR).
+Workload partitioning can be enabled during cluster installation only.
+You cannot disable workload partitioning postinstallation.
+You can however change the set of CPUs assigned to the isolated and reserved sets through the `PerformanceProfile` CR.
+Changes to CPU settings cause the node to reboot.
 ====
 
-* The base64-encoded CR that enables workload partitioning contains the CPU set that the management workloads are constrained to. Encode host-specific values for `crio.conf` and `kubelet.conf` in base64. Adjust the content to match the CPU set that is specified in the cluster performance profile. It must match the number of cores in the cluster host.
-+
-include::snippets/ztp-02-master-workload-partitioning.adoc[leveloffset=+1]
-
-* When configured in the cluster host, the contents of `/etc/crio/crio.conf.d/01-workload-partitioning` should look like this:
-+
-[source,terminal]
-----
-[crio.runtime.workloads.management]
-activation_annotation = "target.workload.openshift.io/management"
-annotation_prefix = "resources.workload.openshift.io"
-resources = { "cpushares" = 0, "cpuset" = "0-1,52-53" } <1>
-----
-<1> The `cpuset` value varies based on the installation.
-If Hyper-Threading is enabled, specify both threads for each core. The `cpuset` value must match the reserved CPUs that you define in the `spec.cpu.reserved` field in the performance profile.
+.Upgrading from {product-title} 4.12 to 4.13+
+[NOTE]
+====
+When transitioning to using `cpuPartitioningMode` for enabling workload partitioning, remove the workload partitioning `MachineConfig` CRs from the `/extra-manifest` folder that you use to provision the cluster.
+====
 
-* When configured in the cluster, the contents of `/etc/kubernetes/openshift-workload-pinning` should look like this:
-+
-[source,terminal]
+.Recommended `SiteConfig` CR configuration for workload partitioning
+[source,yaml]
 ----
-{
-  "management": {
-    "cpuset": "0-1,52-53" <1>
-  }
-}
+apiVersion: ran.openshift.io/v1
+kind: SiteConfig
+metadata:
+  name: "<site_name>"
+  namespace: "<site_name>"
+spec:
+  baseDomain: "example.com"
+  cpuPartitioningMode: AllNodes <1>
 ----
-<1> The `cpuset` must match the `cpuset` value in `/etc/crio/crio.conf.d/01-workload-partitioning`.
+<1> Set the `cpuPartitioningMode` field to `AllNodes` to configure workload partitioning for all nodes in the cluster.
 
 .Verification
 
 Check that the applications and cluster system CPU pinning is correct. Run the following commands:
 
-. Open a remote shell connection to the managed cluster:
+. Open a remote shell prompt to the managed cluster:
 +
 [source,terminal]
 ----
 $ oc debug node/example-sno-1
 ----
 
-. Check that the user applications CPU pinning is correct:
+. Check that the OpenShift infrastructure applications CPU pinning is correct:
 +
 [source,terminal]
 ----
@@ -62,13 +57,13 @@ sh-4.4# pgrep ovn | while read i; do taskset -cp $i; done
 .Example output
 [source,terminal]
 ----
-pid 8481's current affinity list: 0-3
-pid 8726's current affinity list: 0-3
-pid 9088's current affinity list: 0-3
-pid 9945's current affinity list: 0-3
-pid 10387's current affinity list: 0-3
-pid 12123's current affinity list: 0-3
-pid 13313's current affinity list: 0-3
+pid 8481's current affinity list: 0-1,52-53
+pid 8726's current affinity list: 0-1,52-53
+pid 9088's current affinity list: 0-1,52-53
+pid 9945's current affinity list: 0-1,52-53
+pid 10387's current affinity list: 0-1,52-53
+pid 12123's current affinity list: 0-1,52-53
+pid 13313's current affinity list: 0-1,52-53
 ----
 
 . Check that the system applications CPU pinning is correct:
@@ -81,8 +76,8 @@ sh-4.4# pgrep systemd | while read i; do taskset -cp $i; done
 .Example output
 [source,terminal]
 ----
-pid 1's current affinity list: 0-3
-pid 938's current affinity list: 0-3
-pid 962's current affinity list: 0-3
-pid 1197's current affinity list: 0-3
+pid 1's current affinity list: 0-1,52-53
+pid 938's current affinity list: 0-1,52-53
+pid 962's current affinity list: 0-1,52-53
+pid 1197's current affinity list: 0-1,52-53
 ----
diff --git a/modules/ztp-sno-du-reducing-resource-usage-with-cluster-monitoring.adoc b/modules/ztp-sno-du-reducing-resource-usage-with-cluster-monitoring.adoc
index fa947134238a..4eaaa7c40a3d 100644
--- a/modules/ztp-sno-du-reducing-resource-usage-with-cluster-monitoring.adoc
+++ b/modules/ztp-sno-du-reducing-resource-usage-with-cluster-monitoring.adoc
@@ -2,10 +2,14 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-reducing-resource-usage-with-cluster-monitoring_{context}"]
-= Grafana and Alertmanager
+= Alertmanager
 
-{sno-caps} clusters that run DU workloads require reduced CPU resources consumed by the {product-title} monitoring components. The following `ConfigMap` custom resource (CR) disables Grafana and Alertmanager.
+{sno-caps} clusters that run DU workloads require reduced CPU resources consumed by the {product-title} monitoring components. The following `ConfigMap` custom resource (CR) disables Alertmanager.
 
-include::snippets/ztp-cluster-monitoring.adoc[]
+.Recommended cluster monitoring configuration (`ReduceMonitoringFootprint.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_ReduceMonitoringFootprint.yaml[]
+----
diff --git a/modules/ztp-sno-du-reducing-resource-usage-with-olm-pprof.adoc b/modules/ztp-sno-du-reducing-resource-usage-with-olm-pprof.adoc
new file mode 100644
index 000000000000..6dbac555abf4
--- /dev/null
+++ b/modules/ztp-sno-du-reducing-resource-usage-with-olm-pprof.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="ztp-sno-du-reducing-resource-usage-with-olm-pprof_{context}"]
+= Operator Lifecycle Manager
+
+{sno-caps} clusters that run distributed unit workloads require consistent access to CPU resources. Operator Lifecycle Manager (OLM) collects performance data from Operators at regular intervals, resulting in an increase in CPU utilisation. The following `ConfigMap` custom resource (CR) disables the collection of Operator performance data by OLM.
+
+.Recommended cluster OLM configuration (`ReduceOLMFootprint.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_ReduceOLMFootprint.yaml[]
+----
diff --git a/modules/ztp-sno-du-removing-the-console-operator.adoc b/modules/ztp-sno-du-removing-the-console-operator.adoc
index c70846576a58..34c46349c824 100644
--- a/modules/ztp-sno-du-removing-the-console-operator.adoc
+++ b/modules/ztp-sno-du-removing-the-console-operator.adoc
@@ -2,10 +2,18 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-removing-the-console-operator_{context}"]
 = Console Operator
 
-The console-operator installs and maintains the web console on a cluster. When the node is centrally managed the Operator is not needed and makes space for application workloads. The following `Console` custom resource (CR) example disables the console.
+Use the cluster capabilities feature to prevent the Console Operator from being installed.
+When the node is centrally managed it is not needed.
+Removing the Operator provides additional space and capacity for application workloads.
 
-include::snippets/ztp-disable-console.adoc[]
+
+To disable the Console Operator during the installation of the managed cluster, set the following in the `spec.clusters.0.installConfigOverrides` field of the `SiteConfig` custom resource (CR):
+
+[source,yaml]
+----
+installConfigOverrides:  "{\"capabilities\":{\"baselineCapabilitySet\": \"None\" }}"
+----
diff --git a/modules/ztp-sno-du-setting-rcu-normal.adoc b/modules/ztp-sno-du-setting-rcu-normal.adoc
new file mode 100644
index 000000000000..aff5163ed9ce
--- /dev/null
+++ b/modules/ztp-sno-du-setting-rcu-normal.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="ztp-setting-rcu-normal_{context}"]
+= Setting rcu_normal
+
+The following `MachineConfig` CR configures the system to set `rcu_normal` to 1 after the system has finished startup. This improves kernel latency for vDU applications.
+
+.Recommended configuration for disabling `rcu_expedited` after the node has finished startup (`08-set-rcu-normal-master.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_08-set-rcu-normal-master.yaml[]
+----
diff --git a/modules/ztp-sno-du-subscribing-to-the-operators-needed-for-platform-configuration.adoc b/modules/ztp-sno-du-subscribing-to-the-operators-needed-for-platform-configuration.adoc
index 5241e357ba3e..859831f6072f 100644
--- a/modules/ztp-sno-du-subscribing-to-the-operators-needed-for-platform-configuration.adoc
+++ b/modules/ztp-sno-du-subscribing-to-the-operators-needed-for-platform-configuration.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-subscribing-to-the-operators-needed-for-platform-configuration_{context}"]
 = Operator subscriptions
 
@@ -12,5 +12,39 @@
 * Logging Operator
 * PTP Operator
 * SR-IOV Network Operator
+* SRIOV-FEC Operator
 
-include::snippets/ztp-operator-subs.adoc[]
+For each Operator subscription, specify the channel to get the Operator from. The recommended channel is `stable`.
+
+You can specify `Manual` or `Automatic` updates.
+In `Automatic` mode, the Operator automatically updates to the latest versions in the channel as they become available in the registry.
+In `Manual` mode, new Operator versions are installed only when they are explicitly approved.
+
+[TIP]
+====
+Use `Manual` mode for subscriptions. This allows you to control the timing of Operator updates to fit within scheduled maintenance windows.
+====
+
+.Recommended Local Storage Operator subscription (`StorageSubscription.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_StorageSubscription.yaml[]
+----
+
+.Recommended SR-IOV Operator subscription (`SriovSubscription.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_SriovSubscription.yaml[]
+----
+
+.Recommended PTP Operator subscription (`PtpSubscription.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_PtpSubscription.yaml[]
+----
+
+.Recommended Cluster Logging Operator subscription (`ClusterLogSubscription.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_ClusterLogSubscription.yaml[]
+----
diff --git a/modules/ztp-sno-du-tuning-the-performance-patch.adoc b/modules/ztp-sno-du-tuning-the-performance-patch.adoc
index dea8e8bb3c66..3855f4dff191 100644
--- a/modules/ztp-sno-du-tuning-the-performance-patch.adoc
+++ b/modules/ztp-sno-du-tuning-the-performance-patch.adoc
@@ -2,10 +2,27 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-sno-du-tuning-the-performance-patch_{context}"]
 = Extended Tuned profile
 
 {sno-caps} clusters that run DU workloads require additional performance tuning configurations necessary for high-performance workloads. The following example `Tuned` CR extends the `Tuned` profile:
 
-include::snippets/ztp-performance-patch.adoc[]
+.Recommended extended `Tuned` profile configuration (`TunedPerformancePatch.yaml`)
+[source,yaml]
+----
+include::snippets/ztp_TunedPerformancePatch.yaml[]
+----
+
+.`Tuned` CR options for {sno} clusters
+[cols=2*, width="90%", options="header"]
+|====
+|Tuned CR field
+|Description
+
+|`spec.profile.data`
+a|* The `include` line that you set in `spec.profile.data` must match the associated `PerformanceProfile` CR name.
+For example, `include=openshift-node-performance-${PerformanceProfile.metadata.name}`.
+
+* When using the non-realtime kernel, remove the `timer_migration override` line from the `[sysctl]` section.
+|====
diff --git a/modules/ztp-sno-node-reboot-scenarios.adoc b/modules/ztp-sno-node-reboot-scenarios.adoc
deleted file mode 100644
index d570224209f7..000000000000
--- a/modules/ztp-sno-node-reboot-scenarios.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-// Module included in the following assemblies:
-//
-// * scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
-
-:_content-type: CONCEPT
-[id="ztp-sno-node-reboot-scenarios_{context}"]
-= SNO node reboot scenario
-
-On a {sno-caps} cluster and in {product-title} clusters generally a situation might arise in case a node reboot occurs without node drain where an application pod requesting devices fails with the `UnexpectedAdmissionError` error. deployment, replicaset, or daemonset  error is reported due to the fact that application pods requiring devices can start before the pod serving those devices, as there is no way to control the order of pod restarts.
-
-While this behavior is expected, it can lead to a pod remaining on the cluster even when it has failed to deploy successfully and will continue to report `UnexpectedAdmissionError`. The presence of this issue is mitigated since application pods are typically included in a deployment, replicaset, or daemonset. Having a pod in this state is of little concern as another instance should be running. Being part of a deployment, replicaset, or daemonset guarantees the successful creation and execution of subsequent pods and ensures the successful deployment of the application.
-
-There is ongoing work upstream to ensure that such pods are gracefully terminated. Until that is resolved run the following command in a {sno-caps} deployment to remove the failed pods:
-
-[source,terminal]
-----
-$ kubectl delete pods --field-selector status.phase=Failed -n <POD_NAMESPACE>
-----
-
-[NOTE]
-====
-The option to drain the node is unavailable in a {sno-caps} deployment.
-====
\ No newline at end of file
diff --git a/modules/ztp-sno-siteconfig-config-reference.adoc b/modules/ztp-sno-siteconfig-config-reference.adoc
new file mode 100644
index 000000000000..154d5c9acedf
--- /dev/null
+++ b/modules/ztp-sno-siteconfig-config-reference.adoc
@@ -0,0 +1,98 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ztp-sno-siteconfig-config-reference_{context}"]
+= {sno-caps} SiteConfig CR installation reference
+
+.SiteConfig CR installation options for {sno} clusters
+[cols="1,3", options="header"]
+|====
+|SiteConfig CR field
+|Description
+
+|`spec.cpuPartitioningMode`
+a|Configure workload partitioning by setting the value for `cpuPartitioningMode` to `AllNodes`.
+To complete the configuration, specify the `isolated` and `reserved` CPUs in the `PerformanceProfile` CR.
+
+[NOTE]
+====
+Configuring workload partitioning by using the `cpuPartitioningMode` field in the `SiteConfig` CR is a Tech Preview feature in {product-title} 4.13.
+====
+
+|`metadata.name`
+|Set `name` to `assisted-deployment-pull-secret` and create the `assisted-deployment-pull-secret` CR in the same namespace as the `SiteConfig` CR.
+
+|`clusterImageSetNameRef`
+|Configure the image set available on the hub cluster.
+To see the list of supported versions on your hub cluster, run `oc get clusterimagesets`.
+
+|`installConfigOverrides`
+a|Set the `installConfigOverrides` field to enable or disable optional components prior to cluster installation.
+[IMPORTANT]
+====
+Use the reference configuration as specified in the example `SiteConfig` CR.
+Adding additional components back into the system might require additional reserved CPU capacity.
+====
+
+|`spec.clusters.clusterLabels`
+|Configure cluster labels to correspond to the `bindingRules` field in the `PolicyGenTemplate` CRs that you define.
+For example, `policygentemplates/common-ranGen.yaml` applies to all clusters with `common: true` set, `policygentemplates/group-du-sno-ranGen.yaml` applies to all clusters with `group-du-sno: ""` set.
+
+|`spec.clusters.crTemplates.KlusterletAddonConfig`
+|Optional. Set `KlusterletAddonConfig` to `KlusterletAddonConfigOverride.yaml to override the default `KlusterletAddonConfig` that is created for the cluster.
+
+|`spec.clusters.nodes.hostName`
+|For single-node deployments, define a single host.
+For three-node deployments, define three hosts.
+For standard deployments, define three hosts with `role: master` and two or more hosts defined with `role: worker`.
+
+|`spec.clusters.nodes.nodeLabels`
+|Specify custom roles for your nodes in your managed clusters. These are additional roles are not used by any {product-title} components, only by the user. When you add a custom role, it can be associated with a custom machine config pool that references a specific configuration for that role. Adding custom labels or roles during installation makes the deployment process more effective and prevents the need for additional reboots after the installation is complete.
+
+|`spec.clusters.nodes.automatedCleaningMode`
+|Optional. Uncomment and set the value to `metadata` to enable the removal of the disk's partitioning table only, without fully wiping the disk. The default value is `disabled`.
+
+|`spec.clusters.nodes.bmcAddress`
+|BMC address that you use to access the host. Applies to all cluster types. {ztp} supports iPXE and virtual media booting by using Redfish or IPMI protocols. To use iPXE booting, you must use {rh-rhacm} 2.8 or later. For more information about BMC addressing, see the "Additional resources" section.
+
+|`spec.clusters.nodes.bmcAddress`
+a|BMC address that you use to access the host.
+Applies to all cluster types.
+{ztp} supports iPXE and virtual media booting by using Redfish or IPMI protocols.
+To use iPXE booting, you must use {rh-rhacm} 2.8 or later.
+For more information about BMC addressing, see the "Additional resources" section.
+[NOTE]
+====
+In far edge Telco use cases, only virtual media is supported for use with {ztp}.
+====
+
+|`spec.clusters.nodes.bmcCredentialsName`
+|Configure the `bmh-secret` CR that you separately create with the host BMC credentials.
+When creating the `bmh-secret` CR, use the same namespace as the `SiteConfig` CR that provisions the host.
+
+|`spec.clusters.nodes.bootMode`
+|Set the boot mode for the host to `UEFI`.
+The default value is `UEFI`. Use `UEFISecureBoot` to enable secure boot on the host.
+
+|`spec.clusters.nodes.rootDeviceHints`
+|Specifies the device for deployment. Identifiers that are stable across reboots are recommended, for example, `wwn: <disk_wwn>` or `deviceName: /dev/disk/by-path/<device_path>`. For a detailed list of stable identifiers, see the "About root device hints section".
+
+|`spec.clusters.nodes.diskPartition`
+|Optional. The provided example `diskPartition` is used to configure additional disk partitions.
+
+|`spec.clusters.nodes.ignitionConfigOverride`
+|Optional. Use this field to assign partitions for persistent storage.
+Adjust disk ID and size to the specific hardware.
+
+|`spec.clusters.nodes.cpuset`
+|Configure `cpuset` to match value that you set in the cluster `PerformanceProfile` CR `spec.cpu.reserved` field for workload partitioning.
+
+|`spec.clusters.nodes.nodeNetwork`
+|Configure the network settings for the node.
+
+|`spec.clusters.nodes.nodeNetwork.config.interfaces.ipv6`
+|Configure the IPv6 address for the host.
+For {sno} clusters with static IP addresses, the node-specific API and Ingress IPs should be the same.
+|====
diff --git a/modules/ztp-specifying-nics-in-pgt-crs-with-hub-cluster-templates.adoc b/modules/ztp-specifying-nics-in-pgt-crs-with-hub-cluster-templates.adoc
index f217d295313e..ec4e6831aa3f 100644
--- a/modules/ztp-specifying-nics-in-pgt-crs-with-hub-cluster-templates.adoc
+++ b/modules/ztp-specifying-nics-in-pgt-crs-with-hub-cluster-templates.adoc
@@ -2,14 +2,18 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-specifying-nics-in-pgt-crs-with-hub-cluster-templates_{context}"]
-= Specifying host NICs in site PolicyGenTemplate CRs with hub cluster templates
+= Specifying group and site configuration in group PolicyGenTemplate CRs with hub templates
 
-You can manage host NICs in a single `ConfigMap` CR and use hub cluster templates to populate the custom NIC values in the generated polices that get applied to the cluster hosts.
-Using hub cluster templates in site `PolicyGenTemplate` (PGT) CRs means that you do not need to create multiple single site PGT CRs for each site.
+You can manage the configuration of fleets of clusters with `ConfigMap` CRs by using hub templates to populate the group and site values in the generated policies that get applied to the managed clusters.
+Using hub templates in site `PolicyGenTemplate` (PGT) CRs means that you do not need to create a `PolicyGenTemplate` CR for each site.
 
-The following example shows you how to use a single `ConfigMap` CR to manage cluster host NICs and apply them to the cluster as polices by using a single `PolicyGenTemplate` site CR.
+You can group the clusters in a fleet in various categories, depending on the use case, for example hardware type or region. 
+Each cluster should have a label corresponding to the group or groups that the cluster is in. 
+If you manage the configuration values for each group in different `ConfigMap` CRs, then you require only one group `PolicyGenTemplate` CR to apply the changes to all the clusters in the group by using hub templates.
+
+The following example shows you how to use three `ConfigMap` CRs and one group `PolicyGenTemplate` CR to apply both site and group configuration to clusters grouped by hardware type and region.
 
 [NOTE]
 ====
@@ -27,96 +31,182 @@ The repository must be accessible from the hub cluster and be defined as a sourc
 
 .Procedure
 
-. Create a `ConfigMap` resource that describes the NICs for a group of hosts. For example:
+. Create three `ConfigMap` CRs that contain the group and site configuration:
++
+--
+.. Create  a `ConfigMap` CR named `group-hardware-types-configmap` to hold the hardware-specific configuration. For example:
 +
 [source,yaml]
 ----
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: sriovdata
-  namespace: ztp-site
+  name: group-hardware-types-configmap
+  namespace: ztp-group
   annotations:
     argocd.argoproj.io/sync-options: Replace=true <1>
 data:
-  example-sno-du_fh-numVfs: "8"
-  example-sno-du_fh-pf: ens1f0
-  example-sno-du_fh-priority: "10"
-  example-sno-du_fh-vlan: "140"
-  example-sno-du_mh-numVfs: "8"
-  example-sno-du_mh-pf: ens3f0
-  example-sno-du_mh-priority: "10"
-  example-sno-du_mh-vlan: "150"
+  # SriovNetworkNodePolicy.yaml
+  hardware-type-1-sriov-node-policy-pfNames-1: "[\"ens5f0\"]"
+  hardware-type-1-sriov-node-policy-pfNames-2: "[\"ens7f0\"]"
+  # PerformanceProfile.yaml
+  hardware-type-1-cpu-isolated: "2-31,34-63"
+  hardware-type-1-cpu-reserved: "0-1,32-33"
+  hardware-type-1-hugepages-default: "1G"
+  hardware-type-1-hugepages-size: "1G"
+  hardware-type-1-hugepages-count: "32"
 ----
 <1> The `argocd.argoproj.io/sync-options` annotation is required only if the `ConfigMap` is larger than 1 MiB in size.
+
+.. Create  a `ConfigMap` CR named `group-zones-configmap` to hold the regional configuration. For example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: group-zones-configmap
+  namespace: ztp-group
+data:
+  # ClusterLogForwarder.yaml
+  zone-1-cluster-log-fwd-outputs: "[{\"type\":\"kafka\", \"name\":\"kafka-open\", \"url\":\"tcp://10.46.55.190:9092/test\"}]"
+  zone-1-cluster-log-fwd-pipelines: "[{\"inputRefs\":[\"audit\", \"infrastructure\"], \"labels\": {\"label1\": \"test1\", \"label2\": \"test2\", \"label3\": \"test3\", \"label4\": \"test4\"}, \"name\": \"all-to-default\", \"outputRefs\": [\"kafka-open\"]}]"
+----
+
+.. Create a `ConfigMap` CR named `site-data-configmap` to hold the site-specific configuration. For example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: site-data-configmap
+  namespace: ztp-group
+data:
+  # SriovNetwork.yaml
+  du-sno-1-zone-1-sriov-network-vlan-1: "140"
+  du-sno-1-zone-1-sriov-network-vlan-2: "150"
+----
+--
 +
 [NOTE]
 ====
-The `ConfigMap` must be in the same namespace with the policy that has the hub template substitution.
+Each `ConfigMap` CR must be in the same namespace as the policy to be generated from the group `PolicyGenTemplate` CR.
 ====
 
-. Commit the `ConfigMap` CR in Git, and then push to the Git repository being monitored by the Argo CD application.
+. Commit the `ConfigMap` CRs in Git, and then push to the Git repository being monitored by the Argo CD application.
 
-. Create a site PGT CR that uses templates to pull the required data from the `ConfigMap` object. For example:
+. Apply the hardware type and region labels to the clusters. 
+The following command applies to a single cluster named `du-sno-1-zone-1` and the labels chosen are `"hardware-type": "hardware-type-1"` and `"group-du-sno-zone": "zone-1"`:
++
+[source,terminal]
+----
+$ oc patch managedclusters.cluster.open-cluster-management.io/du-sno-1-zone-1 --type merge -p '{"metadata":{"labels":{"hardware-type": "hardware-type-1", "group-du-sno-zone": "zone-1"}}}'
+----
+
+. Create a group `PolicyGenTemplate` CR that uses hub templates to obtain the required data from the `ConfigMap` objects. 
+This example `PolicyGenTemplate` CR configures logging, VLAN IDs, NICs and Performance Profile for the clusters that match the labels listed under `spec.bindingRules`:
 +
 [source,yaml]
 ----
 apiVersion: ran.openshift.io/v1
 kind: PolicyGenTemplate
 metadata:
-  name: "site"
-  namespace: "ztp-site"
+  name: group-du-sno-pgt
+  namespace: ztp-group
 spec:
-  remediationAction: inform
   bindingRules:
-    group-du-sno: ""
+    # These policies will correspond to all clusters with these labels
+    group-du-sno-zone: "zone-1"
+    hardware-type: "hardware-type-1"
   mcp: "master"
   sourceFiles:
-    - fileName: SriovNetwork.yaml
-      policyName: "config-policy"
+    - fileName: ClusterLogForwarder.yaml # wave 10
+      policyName: "group-du-sno-cfg-policy"
+      spec:
+        outputs: '{{hub fromConfigMap "" "group-zones-configmap" (printf "%s-cluster-log-fwd-outputs" (index .ManagedClusterLabels "group-du-sno-zone")) | toLiteral hub}}'
+        pipelines: '{{hub fromConfigMap "" "group-zones-configmap" (printf "%s-cluster-log-fwd-pipelines" (index .ManagedClusterLabels "group-du-sno-zone")) | toLiteral hub}}'
+
+    - fileName: PerformanceProfile.yaml # wave 10
+      policyName: "group-du-sno-cfg-policy"
       metadata:
-        name: "sriov-nw-du-fh"
+        name: openshift-node-performance-profile
+      spec:
+        additionalKernelArgs:
+        - rcupdate.rcu_normal_after_boot=0
+        - vfio_pci.enable_sriov=1
+        - vfio_pci.disable_idle_d3=1
+        - efi=runtime
+        cpu:
+          isolated: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-cpu-isolated" (index .ManagedClusterLabels "hardware-type")) hub}}'
+          reserved: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-cpu-reserved" (index .ManagedClusterLabels "hardware-type")) hub}}'
+        hugepages:
+          defaultHugepagesSize: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-hugepages-default" (index .ManagedClusterLabels "hardware-type")) hub}}'
+          pages:
+            - size: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-hugepages-size" (index .ManagedClusterLabels "hardware-type")) hub}}'
+              count: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-hugepages-count" (index .ManagedClusterLabels "hardware-type")) | toInt hub}}'
+        realTimeKernel:
+          enabled: true
+
+    - fileName: SriovNetwork.yaml # wave 100
+      policyName: "group-du-sno-sriov-policy"
+      metadata:
+        name: sriov-nw-du-fh
       spec:
         resourceName: du_fh
-        vlan: '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_fh-vlan" .ManagedClusterName) | toInt hub}}'
-    - fileName: SriovNetworkNodePolicy.yaml
-      policyName: "config-policy"
+        vlan: '{{hub fromConfigMap "" "site-data-configmap" (printf "%s-sriov-network-vlan-1" .ManagedClusterName) | toInt hub}}'
+        
+    - fileName: SriovNetworkNodePolicy.yaml # wave 100
+      policyName: "group-du-sno-sriov-policy"
       metadata:
-        name: "sriov-nnp-du-fh"
+        name: sriov-nnp-du-fh
       spec:
         deviceType: netdevice
-        isRdma: true
+        isRdma: false
         nicSelector:
-          pfNames:
-          - '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_fh-pf" .ManagedClusterName) | autoindent hub}}'
-        numVfs: '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_fh-numVfs" .ManagedClusterName) | toInt hub}}'
-        priority: '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_fh-priority" .ManagedClusterName) | toInt hub}}'
+          pfNames: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-sriov-node-policy-pfNames-1" (index .ManagedClusterLabels "hardware-type")) | toLiteral hub}}'
+        numVfs: 8
+        priority: 10
         resourceName: du_fh
-    - fileName: SriovNetwork.yaml
-      policyName: "config-policy"
+
+    - fileName: SriovNetwork.yaml # wave 100
+      policyName: "group-du-sno-sriov-policy"
       metadata:
-        name: "sriov-nw-du-mh"
+        name: sriov-nw-du-mh
       spec:
         resourceName: du_mh
-        vlan: '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_mh-vlan" .ManagedClusterName) | toInt hub}}'
-    - fileName: SriovNetworkNodePolicy.yaml
-      policyName: "config-policy"
+        vlan: '{{hub fromConfigMap "" "site-data-configmap" (printf "%s-sriov-network-vlan-2" .ManagedClusterName) | toInt hub}}'
+
+    - fileName: SriovNetworkNodePolicy.yaml # wave 100
+      policyName: "group-du-sno-sriov-policy"
       metadata:
-        name: "sriov-nnp-du-mh"
+        name: sriov-nw-du-fh
       spec:
-        deviceType: vfio-pci
+        deviceType: netdevice
         isRdma: false
         nicSelector:
-          pfNames:
-          - '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_mh-pf" .ManagedClusterName)  hub}}'
-        numVfs: '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_mh-numVfs" .ManagedClusterName) | toInt hub}}'
-        priority: '{{hub fromConfigMap "ztp-site" "sriovdata" (printf "%s-du_mh-priority" .ManagedClusterName) | toInt hub}}'
-        resourceName: du_mh
+          pfNames: '{{hub fromConfigMap "" "group-hardware-types-configmap" (printf "%s-sriov-node-policy-pfNames-2" (index .ManagedClusterLabels "hardware-type")) | toLiteral hub}}'
+        numVfs: 8
+        priority: 10
+        resourceName: du_fh
 ----
++
+[NOTE]
+====
+To retrieve site-specific configuration values, use the `.ManagedClusterName` field. 
+This is a template context value set to the name of the target managed cluster.
+
+To retrieve group-specific configuration, use the `.ManagedClusterLabels` field. 
+This is a template context value set to the value of the managed cluster's labels.
+====
 
 . Commit the site `PolicyGenTemplate` CR in Git and push to the Git repository that is monitored by the ArgoCD application.
 +
 [NOTE]
 ====
-Subsequent changes to the referenced `ConfigMap` CR are not automatically synced to the applied policies. You need to manually sync the new `ConfigMap` changes to update existing PolicyGenTemplate CRs. See "Syncing new ConfigMap changes to existing PolicyGenTemplate CRs".
+Subsequent changes to the referenced `ConfigMap` CR are not automatically synced to the applied policies. 
+You need to manually sync the new `ConfigMap` changes to update existing `PolicyGenTemplate` CRs. See "Syncing new ConfigMap changes to existing PolicyGenTemplate CRs".
+
+You can use the same `PolicyGenTemplate` CR for multiple clusters. 
+If there is a configuration change, then the only modifications you need to make are to the `ConfigMap` objects that hold the configuration for each cluster and the labels of the managed clusters.
 ====
diff --git a/modules/ztp-stopping-the-existing-gitops-ztp-applications.adoc b/modules/ztp-stopping-the-existing-gitops-ztp-applications.adoc
index b4e10caaef77..96df6716d4f0 100644
--- a/modules/ztp-stopping-the-existing-gitops-ztp-applications.adoc
+++ b/modules/ztp-stopping-the-existing-gitops-ztp-applications.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-stopping-the-existing-gitops-ztp-applications_{context}"]
 = Stopping the existing {ztp} applications
 
diff --git a/modules/ztp-syncing-new-configmap-changes-to-existing-pgt-crs.adoc b/modules/ztp-syncing-new-configmap-changes-to-existing-pgt-crs.adoc
index de2dc4b9771e..88ea45d380a5 100644
--- a/modules/ztp-syncing-new-configmap-changes-to-existing-pgt-crs.adoc
+++ b/modules/ztp-syncing-new-configmap-changes-to-existing-pgt-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-syncing-new-configmap-changes-to-existing-pgt-crs_{context}"]
 = Syncing new ConfigMap changes to existing PolicyGenTemplate CRs
 
diff --git a/modules/ztp-talo-integration.adoc b/modules/ztp-talo-integration.adoc
index 24a15c98d7a1..05ba8bcb5de6 100644
--- a/modules/ztp-talo-integration.adoc
+++ b/modules/ztp-talo-integration.adoc
@@ -46,7 +46,7 @@ $ grep -r "ztp-deploy-wave" out/source-crs
 Phase labels::
 The `ClusterGroupUpgrade` CR is automatically created and includes directives to annotate the `ManagedCluster` CR with labels at the start and end of the {ztp} process.
 +
-When {ztp} configuration post-installation commences, the `ManagedCluster` has the `ztp-running` label applied. When all policies are remediated to the cluster and are fully compliant, these directives cause the {cgu-operator} to remove the `ztp-running` label and apply the `ztp-done` label.
+When {ztp} configuration postinstallation commences, the `ManagedCluster` has the `ztp-running` label applied. When all policies are remediated to the cluster and are fully compliant, these directives cause the {cgu-operator} to remove the `ztp-running` label and apply the `ztp-done` label.
 +
 For deployments that make use of the `informDuValidator` policy, the `ztp-done` label is applied when the cluster is fully ready for deployment of applications. This includes all reconciliation and resulting effects of the {ztp} applied configuration CRs. The `ztp-done` label affects automatic `ClusterGroupUpgrade` CR creation by {cgu-operator}. Do not manipulate this label after the initial {ztp} installation of the cluster.
 
diff --git a/modules/ztp-tearing-down-the-pipeline.adoc b/modules/ztp-tearing-down-the-pipeline.adoc
index 11ad64f038c4..bf053c4f9670 100644
--- a/modules/ztp-tearing-down-the-pipeline.adoc
+++ b/modules/ztp-tearing-down-the-pipeline.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-tearing-down-the-pipeline_{context}"]
 = Tearing down the {ztp} pipeline
 
diff --git a/modules/ztp-telco-core-software-versions.adoc b/modules/ztp-telco-core-software-versions.adoc
new file mode 100644
index 000000000000..1329aee7638a
--- /dev/null
+++ b/modules/ztp-telco-core-software-versions.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * telco_ref_design_specs/core/telco-core-ref-validation-artifacts.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="ztp-telco-core-software-versions_{context}"]
+= Telco core {product-version} validated solution software versions
+
+The Red Hat telco core version {product-version} solution has been validated using the following Red Hat software products.
+
+.Telco core {product-version} validated solution software
+[cols=2*, width="80%", options="header"]
+|====
+|Product
+|Software version
+
+|Hub cluster {product-title} version
+|4.13
+
+|{ztp} plugin
+|4.11, 4.12, or 4.13
+
+|{rh-rhacm-first}
+|2.7
+
+|{gitops-title}
+|1.9
+
+|{cgu-operator-first}
+|4.11, 4.12, or 4.13
+|====
diff --git a/modules/ztp-telco-ran-software-versions.adoc b/modules/ztp-telco-ran-software-versions.adoc
index 1d89a79533e0..388606b8ee92 100644
--- a/modules/ztp-telco-ran-software-versions.adoc
+++ b/modules/ztp-telco-ran-software-versions.adoc
@@ -1,31 +1,63 @@
 // Module included in the following assemblies:
 //
 // * scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
+// * telco_ref_design_specs/ran/telco-ran-ref-software-artifacts.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: REFERENCE
 [id="ztp-telco-ran-software-versions_{context}"]
-= Telco RAN {product-version} validated solution software versions
+= Telco RAN DU {product-version} validated software components
 
-The Red Hat Telco Radio Access Network (RAN) version {product-version} solution has been validated using the following Red Hat software products.
+The Red Hat telco RAN DU {product-version} solution has been validated using the following Red Hat software products for {product-title} managed clusters and hub clusters.
 
-.Telco RAN {product-version} validated solution software
+.Telco RAN DU managed cluster validated software components
 [cols=2*, width="80%", options="header"]
 |====
-|Product
+|Component
 |Software version
 
-|Hub cluster {product-title} version
-|4.13
+|Managed cluster version
+|4.14
+
+|Cluster Logging Operator
+|5.7
+
+|Local Storage Operator
+|4.14
+
+|PTP Operator
+|4.14
+
+|SRIOV Operator
+|4.14
+
+|Node Tuning Operator
+|4.14
+
+|Logging Operator
+|4.14
+
+|SRIOV-FEC Operator
+|2.7
+|====
+
+.Hub cluster validated software components
+[cols=2*, width="80%", options="header"]
+|====
+|Component
+|Software version
+
+|Hub cluster version
+|4.14
 
 |{ztp} plugin
-|4.11, 4.12, or 4.13
+|4.14
 
 |{rh-rhacm-first}
-|2.7
+|2.8, 2.9
 
 |{gitops-title}
-|1.6
+|1.9, 1.10
 
 |{cgu-operator-first}
-|4.11, 4.12, or 4.13
+|4.14
 |====
diff --git a/modules/ztp-the-policygentemplate.adoc b/modules/ztp-the-policygentemplate.adoc
index 123520a0421d..d16c4838849b 100644
--- a/modules/ztp-the-policygentemplate.adoc
+++ b/modules/ztp-the-policygentemplate.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
 
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="ztp-the-policygentemplate_{context}"]
 = About the PolicyGenTemplate CRD
 
diff --git a/modules/ztp-troubleshooting-the-managed-cluster.adoc b/modules/ztp-troubleshooting-the-managed-cluster.adoc
index 3fce3e66f958..1a9642679614 100644
--- a/modules/ztp-troubleshooting-the-managed-cluster.adoc
+++ b/modules/ztp-troubleshooting-the-managed-cluster.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-troubleshooting-the-managed-cluster_{context}"]
 = Troubleshooting the managed cluster
 
diff --git a/modules/ztp-troubleshooting-ztp-gitops-installation-crs.adoc b/modules/ztp-troubleshooting-ztp-gitops-installation-crs.adoc
index d56819252854..5c2a8f1511ba 100644
--- a/modules/ztp-troubleshooting-ztp-gitops-installation-crs.adoc
+++ b/modules/ztp-troubleshooting-ztp-gitops-installation-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-troubleshooting-ztp-gitops-installation-crs_{context}"]
 = Troubleshooting {ztp} by validating the installation CRs
 
diff --git a/modules/ztp-troubleshooting-ztp-gitops-supermicro-tls.adoc b/modules/ztp-troubleshooting-ztp-gitops-supermicro-tls.adoc
new file mode 100644
index 000000000000..557dc2c771a8
--- /dev/null
+++ b/modules/ztp-troubleshooting-ztp-gitops-supermicro-tls.adoc
@@ -0,0 +1,26 @@
+// Module included in the following assemblies:
+//
+// * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ztp-troubleshooting-ztp-gitops-supermicro-tls_{context}"]
+= Troubleshooting {ztp} virtual media booting on Supermicro servers
+
+SuperMicro X11 servers do not support virtual media installations when the image is served using the `https` protocol. As a result, {sno} deployments for this environment fail to boot on the target node. To avoid this issue, log in to the hub cluster and disable Transport Layer Security (TLS) in the `Provisioning` resource. This ensures the image is not served with TLS even though the image address uses the `https` scheme. 
+
+.Prerequisites
+
+* You have installed the OpenShift CLI (`oc`).
+
+* You have logged in to the hub cluster as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Disable TLS in the `Provisioning` resource by running the following command: 
++
+[source,terminal]
+----
+$ oc patch provisioning provisioning-configuration --type merge -p '{"spec":{"disableVirtualMediaTLS": true}}'
+----
+
+. Continue the steps to deploy your {sno} cluster.
diff --git a/modules/ztp-updating-gitops-ztp.adoc b/modules/ztp-updating-gitops-ztp.adoc
index 28a08ea083d9..1145e7179d8a 100644
--- a/modules/ztp-updating-gitops-ztp.adoc
+++ b/modules/ztp-updating-gitops-ztp.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-updating-gitops-ztp_{context}"]
 = Overview of the {ztp} update process
 
diff --git a/modules/ztp-using-hub-cluster-templates.adoc b/modules/ztp-using-hub-cluster-templates.adoc
index c1740052911e..ca34dbcaf466 100644
--- a/modules/ztp-using-hub-cluster-templates.adoc
+++ b/modules/ztp-using-hub-cluster-templates.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-using-hub-cluster-templates_{context}"]
 = Using hub templates in PolicyGenTemplate CRs
 
diff --git a/modules/ztp-validating-the-generation-of-configuration-policy-crs.adoc b/modules/ztp-validating-the-generation-of-configuration-policy-crs.adoc
index f6aed3a47fbc..e347474018a3 100644
--- a/modules/ztp-validating-the-generation-of-configuration-policy-crs.adoc
+++ b/modules/ztp-validating-the-generation-of-configuration-policy-crs.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-validating-the-generation-of-configuration-policy-crs_{context}"]
 = Validating the generation of configuration policy CRs
 
diff --git a/modules/ztp-worker-node-applying-du-profile.adoc b/modules/ztp-worker-node-applying-du-profile.adoc
index fd890d2274ec..825f4bc032b9 100644
--- a/modules/ztp-worker-node-applying-du-profile.adoc
+++ b/modules/ztp-worker-node-applying-du-profile.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-additional-worker-apply-du-profile_{context}"]
 = Applying profiles to the worker node
 
diff --git a/modules/ztp-worker-node-daemon-selector-compatibility.adoc b/modules/ztp-worker-node-daemon-selector-compatibility.adoc
index d9966dabf74b..f0afdc0d15ea 100644
--- a/modules/ztp-worker-node-daemon-selector-compatibility.adoc
+++ b/modules/ztp-worker-node-daemon-selector-compatibility.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-additional-worker-daemon-selector-comp_{context}"]
 = (Optional) Ensuring PTP and SR-IOV daemon selector compatibility
 
diff --git a/modules/ztp-worker-node-node-selector-compatibility.adoc b/modules/ztp-worker-node-node-selector-compatibility.adoc
index 843a6c44780c..65ad86cb7d5f 100644
--- a/modules/ztp-worker-node-node-selector-compatibility.adoc
+++ b/modules/ztp-worker-node-node-selector-compatibility.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-additional-worker-node-selector-comp_{context}"]
 = PTP and SR-IOV node selector compatibility
 
diff --git a/modules/ztp-worker-node-preparing-policies.adoc b/modules/ztp-worker-node-preparing-policies.adoc
index c169456f4c0e..3e5902a82a46 100644
--- a/modules/ztp-worker-node-preparing-policies.adoc
+++ b/modules/ztp-worker-node-preparing-policies.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
 
-:_content-type: PROCEDURE
+:_mod-docs-content-type: PROCEDURE
 [id="ztp-additional-worker-policies_{context}"]
 = Using PolicyGenTemplate CRs to apply worker node policies to worker nodes
 include::../_attributes/common-attributes.adoc[]
diff --git a/modules/ztp-ztp-building-blocks.adoc b/modules/ztp-ztp-building-blocks.adoc
index 60eb4dda2d16..5c07abd5b45f 100644
--- a/modules/ztp-ztp-building-blocks.adoc
+++ b/modules/ztp-ztp-building-blocks.adoc
@@ -2,7 +2,7 @@
 //
 // * scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
 
-:_content-type: CONCEPT
+:_mod-docs-content-type: CONCEPT
 [id="ztp-ztp-building-blocks_{context}"]
 = Overview of deploying managed clusters with {ztp}
 
diff --git a/monitoring/accessing-third-party-monitoring-apis.adoc b/monitoring/accessing-third-party-monitoring-apis.adoc
index 3fba15991f8f..4b6e71f4401a 100644
--- a/monitoring/accessing-third-party-monitoring-apis.adoc
+++ b/monitoring/accessing-third-party-monitoring-apis.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="accessing-third-party-monitoring-apis"]
 = Accessing third-party monitoring APIs
 include::_attributes/common-attributes.adoc[]
diff --git a/monitoring/application-monitoring.adoc b/monitoring/application-monitoring.adoc
index 28ec57f4ed76..002a7bf4af57 100644
--- a/monitoring/application-monitoring.adoc
+++ b/monitoring/application-monitoring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="application-monitoring"]
 = Application monitoring
 include::_attributes/common-attributes.adoc[]
diff --git a/monitoring/cluster_observability_operator/_attributes b/monitoring/cluster_observability_operator/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/monitoring/cluster_observability_operator/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/monitoring/cluster_observability_operator/cluster-observability-operator-overview.adoc b/monitoring/cluster_observability_operator/cluster-observability-operator-overview.adoc
new file mode 100644
index 000000000000..65d120a7266f
--- /dev/null
+++ b/monitoring/cluster_observability_operator/cluster-observability-operator-overview.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cluster-observability-operator-overview"]
+= {coo-full} overview
+include::_attributes/common-attributes.adoc[]
+:context: cluster_observability_operator_overview
+
+toc::[]
+
+:FeatureName: The Cluster Observability Operator
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+The {coo-first} is an optional component of the {product-title}. You can deploy it to create standalone monitoring stacks that are independently configurable for use by different services and users.
+
+The {coo-short} deploys the following monitoring components:
+
+* Prometheus
+* Thanos Querier (optional)
+* Alertmanager (optional)
+
+The {coo-short} components function independently of the default in-cluster monitoring stack, which is deployed and managed by the Cluster Monitoring Operator (CMO).
+Monitoring stacks deployed by the two Operators do not conflict. You can use a {coo-short} monitoring stack in addition to the default platform monitoring components deployed by the CMO.
+
+include::modules/monitoring-understanding-the-cluster-observability-operator.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://kubernetes.io/docs/reference/using-api/server-side-apply/[Kubernetes documentation for Server-Side Apply (SSA)]
+
diff --git a/monitoring/cluster_observability_operator/cluster-observability-operator-release-notes.adoc b/monitoring/cluster_observability_operator/cluster-observability-operator-release-notes.adoc
new file mode 100644
index 000000000000..65d9f35ec083
--- /dev/null
+++ b/monitoring/cluster_observability_operator/cluster-observability-operator-release-notes.adoc
@@ -0,0 +1,26 @@
+// Cluster Observability Operator Release Notes
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="cluster-observability-operator-release-notes"]
+= {coo-full} release notes
+:context: cluster-observability-operator-release-notes
+
+toc::[]
+
+:FeatureName: The Cluster Observability Operator
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+The {coo-first} is an optional {product-title} Operator that enables administrators to create standalone monitoring stacks that are independently configurable for use by different services and users.
+
+The {coo-short} complements the built-in monitoring capabilities of {product-title}. You can deploy it in parallel with the default platform and user workload monitoring stacks managed by the Cluster Monitoring Operator (CMO). 
+
+These release notes track the development of the {coo-full} in {product-title}.
+
+[id="cluster-observability-operator-release-notes-0-1-1"]
+== {coo-full} 0.1.1
+This release updates the {coo-full} to support installing the Operator in restricted networks or disconnected environments.
+
+[id="cluster-observability-operator-release-notes-0-1"]
+== {coo-full} 0.1
+
+This release makes a Technology Preview version of the {coo-full} available on OperatorHub.
diff --git a/monitoring/cluster_observability_operator/configuring-the-cluster-observability-operator-to-monitor-a-service.adoc b/monitoring/cluster_observability_operator/configuring-the-cluster-observability-operator-to-monitor-a-service.adoc
new file mode 100644
index 000000000000..ad91404bee2f
--- /dev/null
+++ b/monitoring/cluster_observability_operator/configuring-the-cluster-observability-operator-to-monitor-a-service.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-the-cluster-observability-operator-to-monitor-a-service"]
+= Configuring the {coo-full} to monitor a service
+include::_attributes/common-attributes.adoc[]
+:context: configuring_the_cluster_observability_operator_to_monitor_a_service
+
+toc::[]
+
+:FeatureName: The Cluster Observability Operator
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+You can monitor metrics for a service by configuring monitoring stacks managed by the {coo-first}.
+
+To test monitoring a service, follow these steps:
+
+* Deploy a sample service that defines a service endpoint.
+* Create a `ServiceMonitor` object that specifies how the service is to be monitored by the {coo-short}.
+* Create a `MonitoringStack` object to discover the `ServiceMonitor` object.
+
+// Deploy a sample service for Cluster Observability Operator
+include::modules/monitoring-deploying-a-sample-service-for-cluster-observability-operator.adoc[leveloffset=+1]
+
+// Specify how the sample COO service is monitored
+include::modules/monitoring-specifying-how-a-service-is-monitored-by-cluster-observability-operator.adoc[leveloffset=+1]
+
+// Create a MonitoringStack object to discover the service monitor
+include::modules/monitoring-creating-a-monitoringstack-object-for-cluster-observability-operator.adoc[leveloffset=+1]
diff --git a/monitoring/cluster_observability_operator/images b/monitoring/cluster_observability_operator/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/monitoring/cluster_observability_operator/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/monitoring/cluster_observability_operator/installing-the-cluster-observability-operator.adoc b/monitoring/cluster_observability_operator/installing-the-cluster-observability-operator.adoc
new file mode 100644
index 000000000000..28f21f3f68b7
--- /dev/null
+++ b/monitoring/cluster_observability_operator/installing-the-cluster-observability-operator.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-cluster-observability-operators"]
+= Installing the {coo-full}
+include::_attributes/common-attributes.adoc[]
+:context: installing_the_cluster_observability_operator
+
+toc::[]
+
+:FeatureName: The Cluster Observability Operator
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+As a cluster administrator, you can install the {coo-first} from OperatorHub by using the {product-title} web console or CLI.
+OperatorHub is a user interface that works in conjunction with Operator Lifecycle Manager (OLM), which installs and manages Operators on a cluster.
+
+To install the {coo-short} using OperatorHub, follow the procedure described in xref:../../operators/admin/olm-adding-operators-to-cluster.adoc[Adding Operators to a cluster].
+
+// Uninstalling COO using the OCP web console
+include::modules/monitoring-uninstalling-cluster-observability-operator-using-the-web-console.adoc[leveloffset=+1]
diff --git a/distr_tracing/distr_tracing_install/modules b/monitoring/cluster_observability_operator/modules
similarity index 100%
rename from distr_tracing/distr_tracing_install/modules
rename to monitoring/cluster_observability_operator/modules
diff --git a/sd_support/snippets b/monitoring/cluster_observability_operator/snippets
similarity index 100%
rename from sd_support/snippets
rename to monitoring/cluster_observability_operator/snippets
diff --git a/monitoring/config-map-reference-for-the-cluster-monitoring-operator.adoc b/monitoring/config-map-reference-for-the-cluster-monitoring-operator.adoc
index 18d27cb28ef4..c827be712ba8 100644
--- a/monitoring/config-map-reference-for-the-cluster-monitoring-operator.adoc
+++ b/monitoring/config-map-reference-for-the-cluster-monitoring-operator.adoc
@@ -3,7 +3,7 @@
 // file will be overwritten when the content is re-generated. If you wish to
 // make edits, read the docgen utility instructions in the source code for the
 // CMO.
-:_content-type: REFERENCE
+:_mod-docs-content-type: REFERENCE
 [id="config-map-reference-for-the-cluster-monitoring-operator"]
 = Config map reference for the Cluster Monitoring Operator
 include::_attributes/common-attributes.adoc[]
@@ -121,6 +121,8 @@ Appears in: link:#userworkloadconfiguration[UserWorkloadConfiguration]
 
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints.
+
 |volumeClaimTemplate|*monv1.EmbeddedPersistentVolumeClaim|Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size and name.
 
 |===
@@ -142,10 +144,14 @@ The `ClusterMonitoringConfiguration` resource defines settings that customize th
 
 |kubeStateMetrics|*link:#kubestatemetricsconfig[KubeStateMetricsConfig]|`KubeStateMetricsConfig` defines settings for the `kube-state-metrics` agent.
 
+|metricsServer|*link:#metricsserverconfig[MetricsServerConfig]|`MetricsServer` defines settings for the Metrics Server component.
+
 |prometheusK8s|*link:#prometheusk8sconfig[PrometheusK8sConfig]|`PrometheusK8sConfig` defines settings for the Prometheus component.
 
 |prometheusOperator|*link:#prometheusoperatorconfig[PrometheusOperatorConfig]|`PrometheusOperatorConfig` defines settings for the Prometheus Operator component.
 
+|prometheusOperatorAdmissionWebhook|*link:#prometheusoperatoradmissionwebhookconfig[PrometheusOperatorAdmissionWebhookConfig]|`PrometheusOperatorAdmissionWebhookConfig` defines settings for the admission webhook component of Prometheus Operator.
+
 |openshiftStateMetrics|*link:#openshiftstatemetricsconfig[OpenShiftStateMetricsConfig]|`OpenShiftMetricsConfig` defines settings for the `openshift-state-metrics` agent.
 
 |telemeterClient|*link:#telemeterclientconfig[TelemeterClientConfig]|`TelemeterClientConfig` defines settings for the Telemeter Client component.
@@ -154,12 +160,20 @@ The `ClusterMonitoringConfiguration` resource defines settings that customize th
 
 |nodeExporter|link:#nodeexporterconfig[NodeExporterConfig]|`NodeExporterConfig` defines settings for the `node-exporter` agent.
 
+|monitoringPlugin|*link:#monitoringpluginconfig[MonitoringPluginConfig]|`MonitoringPluginConfig` defines settings for the monitoring `console-plugin` component.
+
 |===
 
 == DedicatedServiceMonitors
 
 === Description
 
+[IMPORTANT]
+====
+This setting is deprecated and is planned to be removed in a future {product-title} version. 
+In the current version, this setting still exists but has no effect.
+====
+
 You can use the `DedicatedServiceMonitors` resource to configure dedicated Service Monitors for the Prometheus Adapter
 
 Appears in: link:#k8sprometheusadapter[K8sPrometheusAdapter]
@@ -186,8 +200,12 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 
 |nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
 
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `PrometheusAdapter` container.
+
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints.
+
 |dedicatedServiceMonitors|*link:#dedicatedservicemonitors[DedicatedServiceMonitors]|Defines dedicated service monitors.
 
 |===
@@ -205,8 +223,75 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 | Property | Type | Description
 |nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
 
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `KubeStateMetrics` container.
+
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints.
+
+|===
+
+== MetricsServerConfig
+
+=== Description
+
+:FeatureName: Metrics Server
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+The `MetricsServerConfig` resource defines settings for the Metrics Server component. Note that this setting only applies when the `TechPreviewNoUpgrade` feature gate is enabled.
+
+Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
+
+[options="header"]
+|===
+| Property | Type | Description 
+|nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
+
+|tolerations|[]v1.Toleration|Defines tolerations for the pods.
+
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the Metrics Server container.
+
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints.
+
+|===
+
+== PrometheusOperatorAdmissionWebhookConfig
+
+=== Description
+
+The `PrometheusOperatorAdmissionWebhookConfig` resource defines settings for the admission webhook workload for Prometheus Operator.
+
+Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
+
+[options="header"]
+|===
+| Property | Type | Description
+
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `prometheus-operator-admission-webhook` container.
+
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints.
+
+|===
+
+== MonitoringPluginConfig
+
+=== Description
+
+The `MonitoringPluginConfig` resource defines settings for the web console plugin component in the `openshift-monitoring` namespace.
+
+Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
+
+[options="header"]
+|===
+| Property | Type | Description
+|nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
+
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `console-plugin` container.
+
+|tolerations|[]v1.Toleration|Defines tolerations for the pods.
+
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines a pod's topology spread constraints.
+
 |===
 
 == NodeExporterCollectorBuddyInfoConfig
@@ -245,13 +330,21 @@ Appears in: link:#nodeexporterconfig[NodeExporterConfig]
 
 |buddyinfo|link:#nodeexportercollectorbuddyinfoconfig[NodeExporterCollectorBuddyInfoConfig]|Defines the configuration of the `buddyinfo` collector, which collects statistics about memory fragmentation from the `node_buddyinfo_blocks` metric. This metric collects data from `/proc/buddyinfo`. Disabled by default.
 
+|mountstats|link:#nodeexportercollectormountstatsconfig[NodeExporterCollectorMountStatsConfig]|Defines the configuration of the `mountstats` collector, which collects statistics about NFS volume I/O activities. Disabled by default.
+
+|ksmd|link:#nodeexportercollectorksmdconfig[NodeExporterCollectorKSMDConfig]|Defines the configuration of the `ksmd` collector, which collects statistics from the kernel same-page merger daemon. Disabled by default.
+
+|processes|link:#nodeexportercollectorprocessesconfig[NodeExporterCollectorProcessesConfig]|Defines the configuration of the `processes` collector, which collects statistics from processes and threads running in the system. Disabled by default.
+
+|systemd|link:#nodeexportercollectorsystemdconfig[NodeExporterCollectorSystemdConfig]|Defines the configuration of the `systemd` collector, which collects statistics on the systemd daemon and its managed services. Disabled by default.
+
 |===
 
 == NodeExporterCollectorCpufreqConfig
 
 === Description
 
-The `NodeExporterCollectorCpufreqConfig` resource works as an on/off switch for the `cpufreq` collector of the `node-exporter` agent. By default, the `cpufreq` collector is disabled. Under certain circumstances, enabling the cpufreq collector increases CPU usage on machines with many cores. If you enable this collector and have machines with many cores, monitor your systems closely for excessive CPU usage.
+Use the `NodeExporterCollectorCpufreqConfig` resource to enable or disable the `cpufreq` collector of the `node-exporter` agent. By default, the `cpufreq` collector is disabled. Under certain circumstances, enabling the `cpufreq` collector increases CPU usage on machines with many cores. If you enable this collector and have machines with many cores, monitor your systems closely for excessive CPU usage.
 
 Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 
@@ -262,11 +355,41 @@ Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 
 |===
 
+== NodeExporterCollectorKSMDConfig
+
+=== Description
+
+Use the `NodeExporterCollectorKSMDConfig` resource to enable or disable the `ksmd` collector of the `node-exporter` agent. By default, the `ksmd` collector is disabled.
+
+Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
+
+[options="header"]
+|===
+| Property | Type | Description
+|enabled|bool|A Boolean flag that enables or disables the `ksmd` collector.
+
+|===
+
+== NodeExporterCollectorMountStatsConfig
+
+=== Description
+
+Use the `NodeExporterCollectorMountStatsConfig` resource to enable or disable the `mountstats` collector of the `node-exporter` agent. By default, the `mountstats` collector is disabled. If you enable the collector, the following metrics become available: `node_mountstats_nfs_read_bytes_total`, `node_mountstats_nfs_write_bytes_total`, and `node_mountstats_nfs_operations_requests_total`. Be aware that these metrics can have a high cardinality. If you enable this collector, closely monitor any increases in memory usage for the `prometheus-k8s` pods.
+
+Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
+
+[options="header"]
+|===
+| Property | Type | Description
+|enabled|bool|A Boolean flag that enables or disables the `mountstats` collector.
+
+|===
+
 == NodeExporterCollectorNetClassConfig
 
 === Description
 
-The `NodeExporterCollectorNetClassConfig` resource works as an on/off switch for the `netclass` collector of the `node-exporter` agent. By default, the `netclass` collector is enabled. If disabled, these metrics become unavailable: `node_network_info`, `node_network_address_assign_type`, `node_network_carrier`, `node_network_carrier_changes_total`, `node_network_carrier_up_changes_total`, `node_network_carrier_down_changes_total`, `node_network_device_id`, `node_network_dormant`, `node_network_flags`, `node_network_iface_id`, `node_network_iface_link`, `node_network_iface_link_mode`, `node_network_mtu_bytes`, `node_network_name_assign_type`, `node_network_net_dev_group`, `node_network_speed_bytes`, `node_network_transmit_queue_length`, `node_network_protocol_type`.
+Use the `NodeExporterCollectorNetClassConfig` resource to enable or disable the `netclass` collector of the `node-exporter` agent. By default, the `netclass` collector is enabled. If you disable this collector, these metrics become unavailable: `node_network_info`, `node_network_address_assign_type`, `node_network_carrier`, `node_network_carrier_changes_total`, `node_network_carrier_up_changes_total`, `node_network_carrier_down_changes_total`, `node_network_device_id`, `node_network_dormant`, `node_network_flags`, `node_network_iface_id`, `node_network_iface_link`, `node_network_iface_link_mode`, `node_network_mtu_bytes`, `node_network_name_assign_type`, `node_network_net_dev_group`, `node_network_speed_bytes`, `node_network_transmit_queue_length`, and `node_network_protocol_type`.
 
 Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 
@@ -275,7 +398,7 @@ Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 | Property | Type | Description
 |enabled|bool|A Boolean flag that enables or disables the `netclass` collector.
 
-|useNetlink|bool|A Boolean flag that activates the `netlink` implementation of the `netclass` collector. By default, it is disabled. This implementation improves the performance of the `netclass` collector by omitting these metrics: `node_network_address_assign_type`, `node_network_name_assign_type`, `node_network_device_id`, `node_network_speed_bytes`. In addition, the `node_network_info` metric lacks the `duplex` label.
+|useNetlink|bool|A Boolean flag that activates the `netlink` implementation of the `netclass` collector. The default value is `true`, which activates the `netlink` mode. This implementation improves the performance of the `netclass` collector.
 
 |===
 
@@ -283,7 +406,7 @@ Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 
 === Description
 
-The `NodeExporterCollectorNetDevConfig` resource works as an on/off switch for the `netdev` collector of the `node-exporter` agent. By default, the `netdev` collector is enabled. If disabled, these metrics become unavailable: `node_network_receive_bytes_total`, `node_network_receive_compressed_total`, `node_network_receive_drop_total`, `node_network_receive_errs_total`, `node_network_receive_fifo_total`, `node_network_receive_frame_total`, `node_network_receive_multicast_total`, `node_network_receive_nohandler_total`, `node_network_receive_packets_total`, `node_network_transmit_bytes_total`, `node_network_transmit_carrier_total`, `node_network_transmit_colls_total`, `node_network_transmit_compressed_total`, `node_network_transmit_drop_total`, `node_network_transmit_errs_total`, `node_network_transmit_fifo_total`, `node_network_transmit_packets_total`.
+Use the `NodeExporterCollectorNetDevConfig` resource to enable or disable the `netdev` collector of the `node-exporter` agent. By default, the `netdev` collector is enabled. If disabled, these metrics become unavailable: `node_network_receive_bytes_total`, `node_network_receive_compressed_total`, `node_network_receive_drop_total`, `node_network_receive_errs_total`, `node_network_receive_fifo_total`, `node_network_receive_frame_total`, `node_network_receive_multicast_total`, `node_network_receive_nohandler_total`, `node_network_receive_packets_total`, `node_network_transmit_bytes_total`, `node_network_transmit_carrier_total`, `node_network_transmit_colls_total`, `node_network_transmit_compressed_total`, `node_network_transmit_drop_total`, `node_network_transmit_errs_total`, `node_network_transmit_fifo_total`, and `node_network_transmit_packets_total`.
 
 Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 
@@ -294,6 +417,38 @@ Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
 
 |===
 
+== NodeExporterCollectorProcessesConfig
+
+=== Description
+
+Use the `NodeExporterCollectorProcessesConfig` resource to enable or disable the `processes` collector of the `node-exporter` agent. If the collector is enabled, the following metrics become available: `node_processes_max_processes`, `node_processes_pids`, `node_processes_state`, `node_processes_threads`, `node_processes_threads_state`. The metric `node_processes_state` and `node_processes_threads_state` can have up to five series each, depending on the state of the processes and threads. The possible states of a process or a thread are: `D` (UNINTERRUPTABLE_SLEEP), `R` (RUNNING & RUNNABLE), `S` (INTERRUPTABLE_SLEEP), `T` (STOPPED), or `Z` (ZOMBIE). By default, the `processes` collector is disabled.
+
+Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
+
+[options="header"]
+|===
+| Property | Type | Description
+|enabled|bool|A Boolean flag that enables or disables the `processes` collector.
+
+|===
+
+== NodeExporterCollectorSystemdConfig
+
+=== Description
+
+Use the `NodeExporterCollectorSystemdConfig` resource to enable or disable the `systemd` collector of the `node-exporter` agent. By default, the `systemd` collector is disabled. If enabled, the following metrics become available: `node_systemd_system_running`, `node_systemd_units`, `node_systemd_version`. If the unit uses a socket, it also generates the following metrics: `node_systemd_socket_accepted_connections_total`, `node_systemd_socket_current_connections`, `node_systemd_socket_refused_connections_total`.  You can use the `units` parameter to select the `systemd` units to be included by the `systemd` collector. The selected units are used to generate the `node_systemd_unit_state` metric, which shows the state of each `systemd` unit. However, this metric's cardinality might be high (at least five series per unit per node). If you enable this collector with a long list of selected units, closely monitor the `prometheus-k8s` deployment for excessive memory usage. Note that the `node_systemd_timer_last_trigger_seconds` metric is only shown if you have configured the value of the `units` parameter as `logrotate.timer`.
+
+Appears in: link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]
+
+[options="header"]
+|===
+| Property | Type | Description
+|enabled|bool|A Boolean flag that enables or disables the `systemd` collector.
+
+|units|[]string|A list of regular expression (regex) patterns that match systemd units to be included by the `systemd` collector. By default, the list is empty, so the collector exposes no metrics for systemd units.
+
+|===
+
 == NodeExporterCollectorTcpStatConfig
 
 === Description
@@ -322,6 +477,12 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 | Property | Type | Description
 |collectors|link:#nodeexportercollectorconfig[NodeExporterCollectorConfig]|Defines which collectors are enabled and their additional configuration parameters.
 
+|maxProcs|uint32|The target number of CPUs on which the node-exporter's process will run. The default value is `0`, which means that node-exporter runs on all CPUs. If a kernel deadlock occurs or if performance degrades when reading from `sysfs` concurrently, you can change this value to `1`, which limits node-exporter to running on one CPU. For nodes with a high CPU count, you can set the limit to a low number, which  saves resources by preventing Go routines from being scheduled to run on all CPUs. However, I/O performance degrades if the `maxProcs` value is set too low and there are many metrics to collect.
+
+|ignoredNetworkDevices|*[]string|A list of network devices, defined as regular expressions, that you want to exclude from the relevant collector configuration such as `netdev` and `netclass`. If no list is specified, the Cluster Monitoring Operator uses a predefined list of devices to be excluded to minimize the impact on memory usage. If the list is empty, no devices are excluded. If you modify this setting, monitor the `prometheus-k8s` deployment closely for excessive memory usage.
+
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `NodeExporter` container.
+
 |===
 
 == OpenShiftStateMetricsConfig
@@ -337,8 +498,12 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 | Property | Type | Description
 |nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
 
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `OpenShiftStateMetrics` container.
+
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines the pod's topology spread constraints.
+
 |===
 
 == PrometheusK8sConfig
@@ -366,7 +531,7 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 
 |remoteWrite|[]link:#remotewritespec[RemoteWriteSpec]|Defines the remote write configuration, including URL, authentication, and relabeling settings.
 
-|resources|*v1.ResourceRequirements|Defines resource requests and limits for the Prometheus container.
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `Prometheus` container.
 
 |retention|string|Defines the duration for which Prometheus retains data. This definition must be specified using the following regular expression pattern: `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (ms = milliseconds, s= seconds,m = minutes, h = hours, d = days, w = weeks, y = years). The default value is `15d`.
 
@@ -398,8 +563,12 @@ link:#userworkloadconfiguration[UserWorkloadConfiguration]
 
 |nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
 
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `PrometheusOperator` container.
+
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines the pod's topology spread constraints.
+
 |===
 
 == PrometheusRestrictedConfig
@@ -443,6 +612,8 @@ Appears in: link:#userworkloadconfiguration[UserWorkloadConfiguration]
 
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines the pod's topology spread constraints.
+
 |volumeClaimTemplate|*monv1.EmbeddedPersistentVolumeClaim|Defines persistent storage for Prometheus. Use this setting to configure the storage class and size of a volume.
 
 |===
@@ -464,7 +635,7 @@ link:#prometheusrestrictedconfig[PrometheusRestrictedConfig]
 | Property | Type | Description
 |authorization|*monv1.SafeAuthorization|Defines the authorization settings for remote write storage.
 
-|basicAuth|*monv1.BasicAuth|Defines basic authentication settings for the remote write endpoint URL.
+|basicAuth|*monv1.BasicAuth|Defines Basic authentication settings for the remote write endpoint URL.
 
 |bearerTokenFile|string|Defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account.
 
@@ -482,6 +653,9 @@ link:#prometheusrestrictedconfig[PrometheusRestrictedConfig]
 
 |remoteTimeout|string|Defines the timeout value for requests to the remote write endpoint.
 
+|sendExemplars|*bool|Enables sending exemplars via remote write. When enabled, this setting configures Prometheus to store a maximum of 100,000 exemplars in memory. 
+This setting only applies to user-defined monitoring and is not applicable to core platform monitoring.
+
 |sigv4|*monv1.Sigv4|Defines AWS Signature Version 4 authentication settings.
 
 |tlsConfig|*monv1.SafeTLSConfig|Defines TLS authentication settings for the remote write endpoint.
@@ -535,8 +709,12 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 | Property | Type | Description
 |nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
 
+|resources|*v1.ResourceRequirements|Defines resource requests and limits for the `TelemeterClient` container.
+
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines the pod's topology spread constraints.
+
 |===
 
 == ThanosQuerierConfig
@@ -554,12 +732,16 @@ Appears in: link:#clustermonitoringconfiguration[ClusterMonitoringConfiguration]
 
 |logLevel|string|Defines the log level setting for Thanos Querier. The possible values are `error`, `warn`, `info`, and `debug`. The default value is `info`.
 
+|enableCORS|bool|A Boolean flag that enables setting CORS headers. The headers allow access from any origin. The default value is `false`.
+
 |nodeSelector|map[string]string|Defines the nodes on which the pods are scheduled.
 
 |resources|*v1.ResourceRequirements|Defines resource requests and limits for the Thanos Querier container.
 
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines the pod's topology spread constraints.
+
 |===
 
 == ThanosRulerConfig
@@ -585,7 +767,7 @@ Appears in: link:#userworkloadconfiguration[UserWorkloadConfiguration]
 
 |tolerations|[]v1.Toleration|Defines tolerations for the pods.
 
-|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines topology spread constraints for the pods.
+|topologySpreadConstraints|[]v1.TopologySpreadConstraint|Defines the pod's topology spread constraints.
 
 |volumeClaimTemplate|*monv1.EmbeddedPersistentVolumeClaim|Defines persistent storage for Thanos Ruler. Use this setting to configure the storage class and size of a volume.
 
diff --git a/monitoring/configuring-hpa-for-an-application.adoc b/monitoring/configuring-hpa-for-an-application.adoc
index 8d981e9d2a5f..85dd8571d5cb 100644
--- a/monitoring/configuring-hpa-for-an-application.adoc
+++ b/monitoring/configuring-hpa-for-an-application.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-hpa-for-an-application"]
 = Configuring HPA for an application
 include::_attributes/common-attributes.adoc[]
diff --git a/monitoring/configuring-the-monitoring-stack.adoc b/monitoring/configuring-the-monitoring-stack.adoc
index 39d05808ca32..93cb99b62ded 100644
--- a/monitoring/configuring-the-monitoring-stack.adoc
+++ b/monitoring/configuring-the-monitoring-stack.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-the-monitoring-stack"]
 = Configuring the monitoring stack
 include::_attributes/common-attributes.adoc[]
@@ -6,19 +6,33 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-The {product-title} 4 installation program provides only a low number of configuration options before installation. Configuring most {product-title} framework components, including the cluster monitoring stack, happens post-installation.
+ifndef::openshift-dedicated,openshift-rosa[]
+The {product-title} 4 installation program provides only a low number of configuration options before installation. Configuring most {product-title} framework components, including the cluster monitoring stack, happens postinstallation.
+endif::openshift-dedicated,openshift-rosa[]
 
-This section explains what configuration is supported, shows how to configure the monitoring stack, and demonstrates several common configuration scenarios.
+This section explains what configuration is supported,
+ifndef::openshift-dedicated,openshift-rosa[]
+shows how to configure the monitoring stack,
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+shows how to configure the monitoring stack for user-defined projects,
+endif::openshift-dedicated,openshift-rosa[]
+and demonstrates several common configuration scenarios.
 
+ifndef::openshift-dedicated,openshift-rosa[]
 == Prerequisites
 
 * The monitoring stack imposes additional resource requirements. Consult the computing resources recommendations in xref:../scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc#scaling-cluster-monitoring-operator[Scaling the Cluster Monitoring Operator] and verify that you have sufficient resources.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Maintenance and support for monitoring
 include::modules/monitoring-maintenance-and-support.adoc[leveloffset=+1]
 include::modules/monitoring-support-considerations.adoc[leveloffset=+2]
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-unmanaged-monitoring-operators.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 // Preparing to configure the monitoring stack
 [id="preparing-to-configure-the-monitoring-stack"]
 == Preparing to configure the monitoring stack
@@ -32,6 +46,7 @@ include::modules/monitoring-creating-user-defined-workload-monitoring-configmap.
 .Additional resources
 
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Configuring the monitoring stack
 include::modules/monitoring-configuring-the-monitoring-stack.adoc[leveloffset=+1]
@@ -39,8 +54,14 @@ include::modules/monitoring-configuring-the-monitoring-stack.adoc[leveloffset=+1
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
+* Configuration reference for the xref:../monitoring/config-map-reference-for-the-cluster-monitoring-operator.adoc#clustermonitoringconfiguration[`cluster-monitoring-config`] config map
+endif::openshift-dedicated,openshift-rosa[]
+* Configuration reference for the xref:../monitoring/config-map-reference-for-the-cluster-monitoring-operator.adoc#userworkloadconfiguration[`user-workload-monitoring-config`] config map
+ifndef::openshift-dedicated,openshift-rosa[]
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Configurable monitoring components
 include::modules/monitoring-configurable-monitoring-components.adoc[leveloffset=+1]
@@ -49,11 +70,13 @@ include::modules/monitoring-configurable-monitoring-components.adoc[leveloffset=
 include::modules/monitoring-using-node-selectors-to-move-monitoring-components.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
-
+// The nodes topics may apply to OSD/ROSA when that content is ported from OCP.
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
 * xref:../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
 * xref:../nodes/scheduling/nodes-scheduler-pod-affinity.adoc[Placing pods relative to other pods using affinity and anti-affinity rules]
 * xref:../nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc[Controlling pod placement by using pod topology spread constraints]
+endif::openshift-dedicated,openshift-rosa[]
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#configuring_pod_topology_spread_constraintsfor_monitoring_configuring-the-monitoring-stack[Configuring pod topology spread constraints for monitoring]
 * link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector[Kubernetes documentation about node selectors]
 
@@ -63,20 +86,30 @@ include::modules/monitoring-moving-monitoring-components-to-different-nodes.adoc
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+// This xref might be relevant for ROSA/OSD if the Node content is reused:
+* xref:../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
+// This xref might be relevant for ROSA/OSD if the Node content is reused:
+* xref:../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
+endif::openshift-dedicated,openshift-rosa[]
+* See the link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector[Kubernetes documentation] for details on the `nodeSelector` constraint
 
 // Assigning tolerations to monitoring components
 include::modules/monitoring-assigning-tolerations-to-monitoring-components.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-
+ifndef::openshift-dedicated,openshift-rosa[]
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+// This xref might be relevant for ROSA/OSD if the Node content is reused:
 * See the xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[{product-title} documentation] on taints and tolerations
+endif::openshift-dedicated,openshift-rosa[]
 * See the link:https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/[Kubernetes documentation] on taints and tolerations
 
+ifndef::openshift-dedicated,openshift-rosa[]
 // Setting the body size limit for metrics scraping
 include::modules/monitoring-setting-the-body-size-limit-for-metrics-scraping.adoc[leveloffset=+1]
 
@@ -84,17 +117,36 @@ include::modules/monitoring-setting-the-body-size-limit-for-metrics-scraping.ado
 .Additional resources
 
 * link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config[Prometheus scrape configuration documentation]
+endif::openshift-dedicated,openshift-rosa[]
+
+// Configuring limits and resource requests for monitoring components
+
+[id="managing-cpu-and-memory-resources-for-monitoring-components"]
+== Managing CPU and memory resources for monitoring components 
+
+You can ensure that the containers that run monitoring components have enough CPU and memory resources by specifying values for resource limits and requests for those components.
+
+You can configure these limits and requests for core platform monitoring components in the `openshift-monitoring` namespace and for the components that monitor user-defined projects in the `openshift-user-workload-monitoring` namespace.
+
+include::modules/monitoring-about-specifying-limits-and-requests-for-monitoring-components.adoc[leveloffset=+2]
+include::modules/monitoring-specifying-limits-and-requests-for-monitoring-components.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits[Kubernetes requests and limits documentation]
 
 // Configuring persistent storage
 include::modules/monitoring-configuring-persistent-storage.adoc[leveloffset=+1]
 include::modules/monitoring-configuring-a-local-persistent-volume-claim.adoc[leveloffset=+2]
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-resizing-a-persistent-storage-volume.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-modifying-retention-time-and-size-for-prometheus-metrics-data.adoc[leveloffset=+2]
 include::modules/monitoring-modifying-the-retention-time-for-thanos-ruler-metrics-data.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
-
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#creating-cluster-monitoring-configmap_configuring-the-monitoring-stack[Creating a cluster monitoring config map]
 * xref:../scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc#prometheus-database-storage-requirements_cluster-monitoring-operator[Prometheus database storage requirements]
 * xref:../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Recommended configurable storage technology]
@@ -102,19 +154,26 @@ include::modules/monitoring-modifying-the-retention-time-for-thanos-ruler-metric
 * xref:../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
 * xref:../storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc#persistent-storage-using-local-volume[Configure local persistent storage]
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* xref:../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[Understanding persistent storage]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Configuring remote write storage for Prometheus
 include::modules/monitoring-configuring-remote-write-storage.adoc[leveloffset=+1]
-// Configuring remote write authentication methods for Prometheus
 include::modules/monitoring-supported-remote-write-authentication-settings.adoc[leveloffset=+2]
+include::modules/monitoring-example-remote-write-authentication-settings.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See link:https://prometheus.io/docs/operating/integrations/#remote-endpoints-and-storage[Setting up remote write compatible endpoints] for steps to create a remote write compatible endpoint (such as Thanos).
 * See link:https://prometheus.io/docs/practices/remote_write/#remote-write-tuning[Tuning remote write settings] for information about how to optimize remote write settings for different use cases.
+ifndef::openshift-dedicated,openshift-rosa[]
+// This xref might be relevant for ROSA/OSD if this content is reused:
 * See xref:../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets-about_nodes-pods-secrets[Understanding secrets] for steps to create and configure `Secret` objects in {product-title}.
 * See the xref:../rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc#spec-remotewrite-2[Prometheus REST API reference for remote write] for information about additional optional fields.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Configuring labels for outgoing metrics
 include::modules/monitoring-adding-cluster-id-labels-to-metrics.adoc[leveloffset=+1]
@@ -126,6 +185,8 @@ include::modules/monitoring-creating-cluster-id-labels-for-metrics.adoc[leveloff
 * For details about write relabel configuration, see xref:../monitoring/configuring-the-monitoring-stack.adoc#configuring_remote_write_storage_configuring-the-monitoring-stack[Configuring remote write storage].
 
 // Configuring metrics collection profiles
+// TP features are excluded from OSD and ROSA. When this feature is GA, it can be included in the OSD/ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-configuring-metrics-collection-profiles.adoc[leveloffset=+1]
 include::modules/monitoring-choosing-a-metrics-collection-profile.adoc[leveloffset=+2]
 
@@ -134,10 +195,12 @@ include::modules/monitoring-choosing-a-metrics-collection-profile.adoc[leveloffs
 
 * See xref:../monitoring/managing-metrics.adoc#viewing-a-list-of-available-metrics_managing-metrics[Viewing a list of available metrics] for steps to view a list of metrics being collected for a cluster.
 * See xref:../nodes/clusters/nodes-cluster-enabling-features.adoc[Enabling features using feature gates] for steps to enable Technology Preview features.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Managing scrape sample limits for user-defined projects
 include::modules/monitoring-limiting-scrape-samples-in-user-defined-projects.adoc[leveloffset=+1]
 include::modules/monitoring-setting-scrape-sample-and-label-limits-for-user-defined-projects.adoc[leveloffset=+2]
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-creating-scrape-sample-alerts.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -145,7 +208,8 @@ include::modules/monitoring-creating-scrape-sample-alerts.adoc[leveloffset=+2]
 
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#creating-user-defined-workload-monitoring-configmap_configuring-the-monitoring-stack[Creating a user-defined workload monitoring config map]
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
-* See xref:../monitoring/troubleshooting-monitoring-issues.html#determining-why-prometheus-is-consuming-disk-space_troubleshooting-monitoring-issues[Determining why Prometheus is consuming a lot of disk space] for steps to query which metrics have the highest number of scrape samples.
+* See xref:../monitoring/troubleshooting-monitoring-issues.adoc#determining-why-prometheus-is-consuming-disk-space_troubleshooting-monitoring-issues[Determining why Prometheus is consuming a lot of disk space] for steps to query which metrics have the highest number of scrape samples.
+endif::openshift-dedicated,openshift-rosa[]
 
 //Configuring external alertmanagers
 include::modules/monitoring-configuring-external-alertmanagers.adoc[leveloffset=1]
@@ -157,11 +221,13 @@ include::modules/monitoring-adding-a-secret-to-the-alertmanager-configuration.ad
 //Attaching additional labels to your time series and alerts
 include::modules/monitoring-attaching-additional-labels-to-your-time-series-and-alerts.adoc[leveloffset=+1]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps.
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Configuring topology spread constraints for monitoring components
 include::modules/monitoring-configuring-pod-topology-spread-constraints-for-monitoring.adoc[leveloffset=1]
@@ -169,11 +235,17 @@ include::modules/monitoring-configuring-pod-topology-spread-constraints-for-moni
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
+// This xref might be relevant to ROSA/OSD if the Node content is reused:
 * xref:../nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc#nodes-scheduler-pod-topology-spread-constraints-about[Controlling pod placement by using pod topology spread constraints]
+endif::openshift-dedicated,openshift-rosa[]
 * link:https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/[Kubernetes Pod Topology Spread Constraints documentation]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-setting-up-pod-topology-spread-constraints-for-prometheus.adoc[leveloffset=2]
 include::modules/monitoring-setting-up-pod-topology-spread-constraints-for-alertmanager.adoc[leveloffset=2]
+endif::openshift-dedicated,openshift-rosa[]
+
 include::modules/monitoring-setting-up-pod-topology-spread-constraints-for-thanos-ruler.adoc[leveloffset=2]
 
 // Setting log levels for monitoring components
@@ -182,36 +254,46 @@ include::modules/monitoring-setting-log-levels-for-monitoring-components.adoc[le
 // Setting query log for Prometheus
 include::modules/monitoring-setting-query-log-file-for-prometheus.adoc[leveloffset=+1]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 .Additional resources
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps
 * See xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects] for steps to enable user-defined monitoring.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Enabling query logging for Thanos Querier
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-enabling-query-logging-for-thanos-querier.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Setting audit log levels for the Prometheus Adapter
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-setting-audit-log-levels-for-the-prometheus-adapter.adoc[leveloffset=1]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#preparing-to-configure-the-monitoring-stack[Preparing to configure the monitoring stack] for steps to create monitoring config maps.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Disabling the local Alertmanager
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-disabling-the-local-alertmanager.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 * link:https://prometheus.io/docs/alerting/latest/alertmanager/[Prometheus Alertmanager documentation]
 * xref:../monitoring/managing-alerts.adoc#[Managing alerts]
+endif::openshift-dedicated,openshift-rosa[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 == Next steps
 
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
 * Learn about xref:../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[remote health reporting] and, if necessary, opt out of it.
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/monitoring/enabling-alert-routing-for-user-defined-projects.adoc b/monitoring/enabling-alert-routing-for-user-defined-projects.adoc
index 1698006af2e2..0fb2c76f52fb 100644
--- a/monitoring/enabling-alert-routing-for-user-defined-projects.adoc
+++ b/monitoring/enabling-alert-routing-for-user-defined-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-alert-routing-for-user-defined-projects"]
 = Enabling alert routing for user-defined projects
 include::_attributes/common-attributes.adoc[]
@@ -7,18 +7,31 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 [role="_abstract"]
-In {product-title} {product-version}, a cluster administrator can enable alert routing for user-defined projects. This process consists of two general steps:
-
+ifndef::openshift-dedicated,openshift-rosa[]
+In {product-title} {product-version}, a cluster administrator can enable alert routing for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+In {product-title}, a `dedicated-admin` can enable alert routing for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+This process consists of two general steps:
+
+ifndef::openshift-dedicated,openshift-rosa[]
 * Enable alert routing for user-defined projects to use the default platform Alertmanager instance or, optionally, a separate Alertmanager instance only for user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* Enable alert routing for user-defined projects to use a separate Alertmanager instance.
+endif::openshift-dedicated,openshift-rosa[]
 * Grant users permission to configure alert routing for user-defined projects.
 
 After you complete these steps, developers and other users can configure custom alerts and alert routing for their user-defined projects.
 
-//Overview of setting up alert routing for user-defined projects
+// Overview of setting up alert routing for user-defined projects
 include::modules/monitoring-understanding-alert-routing-for-user-defined-projects.adoc[leveloffset=+1]
 
 // Enabling user-defined alerts using the default Alertmanager instance
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-enabling-the-platform-alertmanager-instance-for-user-defined-alert-routing.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Enabling a dedicated Alertmanager instance for use in user-defined projects
 include::modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc[leveloffset=+1]
@@ -29,7 +42,9 @@ include::modules/monitoring-granting-users-permission-to-configure-alert-routing
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user defined projects]
+endif::openshift-dedicated,openshift-rosa[]
 * xref:../monitoring/managing-alerts.adoc#creating-alert-routing-for-user-defined-projects_managing-alerts[Creating alert routing for user-defined projects]
 
 == Next steps
diff --git a/monitoring/enabling-monitoring-for-user-defined-projects.adoc b/monitoring/enabling-monitoring-for-user-defined-projects.adoc
index a3bf02aec136..5e7f2a644110 100644
--- a/monitoring/enabling-monitoring-for-user-defined-projects.adoc
+++ b/monitoring/enabling-monitoring-for-user-defined-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-monitoring-for-user-defined-projects"]
 = Enabling monitoring for user-defined projects
 include::_attributes/common-attributes.adoc[]
@@ -18,7 +18,7 @@ include::modules/monitoring-enabling-monitoring-for-user-defined-projects.adoc[l
 
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#creating-cluster-monitoring-configmap_configuring-the-monitoring-stack[Creating a cluster monitoring config map]
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#configuring-the-monitoring-stack[Configuring the monitoring stack]
-* xref:../monitoring/enabling-monitoring-for-user-defined-projects.html#granting-users-permission-to-configure-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[Granting users permission to configure monitoring for user-defined projects]
+* xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#granting-users-permission-to-configure-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[Granting users permission to configure monitoring for user-defined projects]
 
 // Granting users permission to monitor user-defined projects
 include::modules/monitoring-granting-users-permission-to-monitor-user-defined-projects.adoc[leveloffset=+1]
diff --git a/monitoring/managing-alerts.adoc b/monitoring/managing-alerts.adoc
index 492f31a036a9..70cef44eb1ce 100644
--- a/monitoring/managing-alerts.adoc
+++ b/monitoring/managing-alerts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-alerts"]
 = Managing alerts
 include::_attributes/common-attributes.adoc[]
@@ -14,13 +14,13 @@ In {product-title} {product-version}, the Alerting UI enables you to manage aler
 
 [NOTE]
 ====
-The alerts, silences, and alerting rules that are available in the Alerting UI relate to the projects that you have access to. For example, if you are logged in with `cluster-admin` privileges, you can access all alerts, silences, and alerting rules.
+The alerts, silences, and alerting rules that are available in the Alerting UI relate to the projects that you have access to. For example, if you are logged in as a user with the `cluster-admin` role, you can access all alerts, silences, and alerting rules.
 
-If you are a non-administator user, you can create and silence alerts if you are assigned the following user roles: 
+If you are a non-administrator user, you can create and silence alerts if you are assigned the following user roles:
 
-* The `cluster-monitoring-view` role, which allows you to access Alertmanager
+* The `cluster-monitoring-view` cluster role, which allows you to access Alertmanager
 * The `monitoring-alertmanager-edit` role, which permits you to create and silence alerts in the *Administrator* perspective in the web console
-* The `monitoring-rules-edit` role, which permits you to create and silence alerts in the *Developer* perspective in the web console
+* The `monitoring-rules-edit` cluster role, which permits you to create and silence alerts in the *Developer* perspective in the web console
 ====
 
 // Accessing the Alerting UI in the Administrator and Developer perspectives
@@ -42,6 +42,22 @@ include::modules/monitoring-silencing-alerts.adoc[leveloffset=+2]
 include::modules/monitoring-editing-silences.adoc[leveloffset=+2]
 include::modules/monitoring-expiring-silences.adoc[leveloffset=+2]
 
+// Managing core platform alerting rules
+ifndef::openshift-dedicated,openshift-rosa[]
+// Tech Preview features are not documented in the ROSA/OSD docs. However, even when GA, ROSA/OSD generally doesn't include information about core platform monitoring.
+include::modules/monitoring-managing-core-platform-alerting-rules.adoc[leveloffset=+1]
+include::modules/monitoring-tips-for-optimizing-alerting-rules-for-core-platform-monitoring.adoc[leveloffset=+2]
+include::modules/monitoring-creating-new-alerting-rules.adoc[leveloffset=+2]
+include::modules/monitoring-modifying-core-platform-alerting-rules.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* See xref:../monitoring/monitoring-overview.adoc#monitoring-overview[Monitoring overview] for details about {product-title} {product-version} monitoring architecture.
+* See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation] for information about alerting rules.
+* See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabeling documentation] for information about how relabeling works.
+* See the link:https://prometheus.io/docs/practices/alerting/[Prometheus alerting documentation] for further guidelines on optimizing alerts.
+endif::openshift-dedicated,openshift-rosa[]
+
 // Managing alerting rules for user-defined projects
 include::modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc[leveloffset=+1]
 include::modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc[leveloffset=+2]
@@ -53,12 +69,13 @@ ifndef::openshift-rosa,openshift-dedicated[]
 * See xref:../monitoring/monitoring-overview.adoc#monitoring-overview[Monitoring overview] for details about {product-title} {product-version} monitoring architecture
 endif::[]
 
+// creating alerting rules for user defined projects
+include::modules/monitoring-about-creating-alerting-rules-for-user-defined-projects.adoc[leveloffset=+2]
 include::modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc[leveloffset=+2]
-include::modules/monitoring-reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics.adoc[leveloffset=+2]
 
-ifndef::openshift-rosa,openshift-dedicated[]
+[role="_additional-resources"]
+.Additional resources
 * See xref:../monitoring/monitoring-overview.adoc#monitoring-overview[Monitoring overview] for details about {product-title} {product-version} monitoring architecture.
-endif::[]
 
 include::modules/monitoring-accessing-alerting-rules-for-your-project.adoc[leveloffset=+2]
 include::modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc[leveloffset=+2]
@@ -69,35 +86,23 @@ include::modules/monitoring-removing-alerting-rules-for-user-defined-projects.ad
 
 * See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation]
 
-// Managing core platform alerting rules
-include::modules/monitoring-managing-core-platform-alerting-rules.adoc[leveloffset=+1]
-include::modules/monitoring-modifying-core-platform-alerting-rules.adoc[leveloffset=+2]
-include::modules/monitoring-creating-new-alerting-rules.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-ifndef::openshift-rosa,openshift-dedicated[]
-* See xref:../monitoring/monitoring-overview.adoc#monitoring-overview[Monitoring overview] for details about {product-title} {product-version} monitoring architecture.
-endif::[]
-* See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation] for information about alerting rules.
-* See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabeling documentation] for information about how relabeling works.
-* See the link:https://prometheus.io/docs/practices/alerting/[Prometheus alerting documentation] for further guidelines on optimizing alerts.
-
-
-
 // Sending notifications to external systems
 include::modules/monitoring-sending-notifications-to-external-systems.adoc[leveloffset=+1]
+// Configuring alert receivers
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-configuring-alert-receivers.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 // Creating alert routing for user-defined projects
 include::modules/monitoring-creating-alert-routing-for-user-defined-projects.adoc[leveloffset=+2]
 
 // Applying a custom Alertmanager configuration
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-applying-custom-alertmanager-configuration.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
+
 // Applying a custom configuration to Alertmanager for user-defined alert routing
 include::modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc[leveloffset=+1]
 
-
-
 [role="_additional-resources"]
 .Additional resources
 
diff --git a/monitoring/managing-metrics-targets.adoc b/monitoring/managing-metrics-targets.adoc
deleted file mode 100644
index ac0b6b0bd4bb..000000000000
--- a/monitoring/managing-metrics-targets.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-:_content-type: ASSEMBLY
-[id="managing-metrics-targets"]
-= Managing metrics targets
-include::_attributes/common-attributes.adoc[]
-:context: managing-metrics-targets
-
-toc::[]
-
-{product-title} Monitoring collects metrics from targeted cluster components by scraping data from exposed service endpoints.
-
-In the *Administrator* perspective in the {product-title} web console, you can use the *Metrics Targets* page to view, search, and filter the endpoints that are currently targeted for scraping, which helps you to identify and troubleshoot problems.
-For example, you can view the current status of targeted endpoints to see when {product-title} Monitoring is not able to scrape metrics from a targeted component.
-
-The *Metrics Targets* page shows targets for default {product-title} projects and for user-defined projects.
-
-// Accessing the Metrics Targets UI in the Administrator perspective
-include::modules/monitoring-accessing-the-metrics-targets-page.adoc[leveloffset=+1]
-
-// Searching and filtering metrics targets
-include::modules/monitoring-searching-and-filtering-metrics-targets.adoc[leveloffset=+1]
-
-// Getting detailed information about metrics targets
-include::modules/monitoring-getting-detailed-information-about-a-target.adoc[leveloffset=+1]
-
-== Next steps
-
-* xref:../monitoring/managing-alerts.adoc#managing-alerts[Managing alerts]
diff --git a/monitoring/managing-metrics.adoc b/monitoring/managing-metrics.adoc
index 00b6315c9a0d..c0713d74b562 100644
--- a/monitoring/managing-metrics.adoc
+++ b/monitoring/managing-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-metrics"]
 = Managing metrics
 include::_attributes/common-attributes.adoc[]
@@ -25,15 +25,40 @@ include::modules/monitoring-specifying-how-a-service-is-monitored.adoc[leveloffs
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+endif::openshift-dedicated,openshift-rosa[]
 * link:https://access.redhat.com/articles/6675491[How to scrape metrics using TLS in a ServiceMonitor configuration in a user-defined project]
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc[PodMonitor API]
 * xref:../rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc[ServiceMonitor API]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Viewing a list of available metrics for a cluster
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-viewing-a-list-of-available-metrics.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
 
-[id="next-steps_querying-metrics"]
-== Next steps
+// Querying metrics
+include::modules/monitoring-about-querying-metrics.adoc[leveloffset=+1]
 
-* xref:../monitoring/querying-metrics.adoc#querying-metrics[Querying metrics]
+// include::modules/monitoring-contents-of-the-metrics-ui.adoc[leveloffset=+2]
+
+// Querying metrics for all projects as an administrator
+include::modules/monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about creating PromQL queries, see the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation].
+
+// Querying metrics for user-defined projects as a developer
+include::modules/monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about creating PromQL queries, see the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation].
+
+// Getting detailed information about metrics targets
+include::modules/monitoring-getting-detailed-information-about-a-target.adoc[leveloffset=+1]
diff --git a/monitoring/monitoring-overview.adoc b/monitoring/monitoring-overview.adoc
index a5063591e87a..08117ffee933 100644
--- a/monitoring/monitoring-overview.adoc
+++ b/monitoring/monitoring-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="monitoring-overview"]
 = Monitoring overview
 include::_attributes/common-attributes.adoc[]
@@ -10,25 +10,34 @@ toc::[]
 == About {product-title} monitoring
 
 [role="_abstract"]
+ifndef::openshift-dedicated,openshift-rosa[]
 {product-title} includes a preconfigured, preinstalled, and self-updating monitoring stack that provides monitoring for core platform components. You also have the option to xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[enable monitoring for user-defined projects].
 
 A cluster administrator can xref:../monitoring/configuring-the-monitoring-stack.adoc#configuring-the-monitoring-stack[configure the monitoring stack] with the supported configurations. {product-title} delivers monitoring best practices out of the box.
 
 A set of alerts are included by default that immediately notify administrators about issues with a cluster. Default dashboards in the {product-title} web console include visual representations of cluster metrics to help you to quickly understand the state of your cluster. With the {product-title} web console, you can xref:../monitoring/managing-metrics.adoc#managing-metrics[view and manage metrics], xref:../monitoring/managing-alerts.adoc#managing-alerts[alerts], and xref:../monitoring/reviewing-monitoring-dashboards.adoc#reviewing-monitoring-dashboards[review monitoring dashboards].
 
-In the *Observe* section of {product-title} web console, you can access and manage monitoring features such as xref:../monitoring/managing-metrics.adoc#managing-metrics[metrics], xref:../monitoring/managing-alerts.adoc#managing-alerts[alerts], xref:../monitoring/reviewing-monitoring-dashboards.adoc#reviewing-monitoring-dashboards[monitoring dashboards], and xref:../monitoring/managing-metrics-targets.adoc#managing-metrics-targets[metrics targets].
+In the *Observe* section of {product-title} web console, you can access and manage monitoring features such as xref:../monitoring/managing-metrics.adoc#managing-metrics[metrics], xref:../monitoring/managing-alerts.adoc#managing-alerts[alerts], xref:../monitoring/reviewing-monitoring-dashboards.adoc#reviewing-monitoring-dashboards[monitoring dashboards], and xref:../monitoring/managing-metrics.adoc#getting-detailed-information-about-a-target_managing-metrics[metrics targets].
 
 After installing {product-title}, cluster administrators can optionally enable monitoring for user-defined projects. By using this feature, cluster administrators, developers, and other users can specify how services and pods are monitored in their own projects.
 As a cluster administrator, you can find answers to common problems such as user metrics unavailability and high consumption of disk space by Prometheus in xref:../monitoring/troubleshooting-monitoring-issues.adoc#troubleshooting-monitoring-issues[Troubleshooting monitoring issues].
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+In {product-title}, you can monitor your own projects in isolation from Red Hat Site Reliability Engineering (SRE) platform metrics. You can monitor your own projects without the need for an additional monitoring solution.
+endif::openshift-dedicated,openshift-rosa[]
 
 // Understanding the monitoring stack
 include::modules/monitoring-understanding-the-monitoring-stack.adoc[leveloffset=+1]
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-default-monitoring-components.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-default-monitoring-targets.adoc[leveloffset=+2]
 include::modules/monitoring-components-for-monitoring-user-defined-projects.adoc[leveloffset=+2]
 include::modules/monitoring-targets-for-user-defined-projects.adoc[leveloffset=+2]
 include::modules/monitoring-common-terms.adoc[leveloffset=+1]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 [id="additional-resources_monitoring-overview"]
 == Additional resources
@@ -36,8 +45,15 @@ include::modules/monitoring-common-terms.adoc[leveloffset=+1]
 * xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#granting-users-permission-to-monitor-user-defined-projects_enabling-monitoring-for-user-defined-projects[Granting users permission to monitor user-defined projects]
 * xref:../security/tls-security-profiles.adoc#tls-security-profiles[Configuring TLS security profiles]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="next-steps_monitoring-overview"]
 == Next steps
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#configuring-the-monitoring-stack[Configuring the monitoring stack]
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+* xref:../monitoring/sd-accessing-monitoring-for-user-defined-projects.adoc#sd-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/monitoring/nvidia-gpu-admin-dashboard.adoc b/monitoring/nvidia-gpu-admin-dashboard.adoc
deleted file mode 100644
index a4de7d489cfc..000000000000
--- a/monitoring/nvidia-gpu-admin-dashboard.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="nvidia-gpu-admin-dashboard"]
-= The NVIDIA GPU administration dashboard
-include::_attributes/common-attributes.adoc[]
-:context: nvidia-gpu-admin-dashboard
-
-toc::[]
-
-include::modules/nvidia-gpu-admin-dashboard-introduction.adoc[leveloffset=+1]
-
-include::modules/nvidia-gpu-admin-dashboard-installing.adoc[leveloffset=+1]
-
-include::modules/nvidia-gpu-admin-dashboard-using.adoc[leveloffset=+1]
diff --git a/monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc b/monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc
deleted file mode 100644
index e0043e6e2c8b..000000000000
--- a/monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-accessing-monitoring-for-user-defined-projects"]
-= Accessing monitoring for user-defined projects
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-accessing-monitoring-for-user-defined-projects
-
-toc::[]
-
-When you install an {product-title} cluster, monitoring for user-defined projects is enabled by default. With monitoring for user-defined projects enabled, you can monitor your own {product-title} projects without the need for an additional monitoring solution.
-
-The `dedicated-admin` user has default permissions to configure and access monitoring for user-defined projects.
-
-[NOTE]
-====
-Custom Prometheus instances and the Prometheus Operator installed through Operator Lifecycle Manager (OLM) can cause issues with user-defined project monitoring if it is enabled. Custom Prometheus instances are not supported.
-====
-
-Optionally, you can disable monitoring for user-defined projects during or after a cluster installation.
-
-[id="accessing-user-defined-monitoring-next-steps"]
-== Next steps
-
-* xref:../monitoring/osd-configuring-the-monitoring-stack.adoc#osd-configuring-the-monitoring-stack[Configuring the monitoring stack]
diff --git a/monitoring/osd-configuring-the-monitoring-stack.adoc b/monitoring/osd-configuring-the-monitoring-stack.adoc
deleted file mode 100644
index 312900c0926a..000000000000
--- a/monitoring/osd-configuring-the-monitoring-stack.adoc
+++ /dev/null
@@ -1,82 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-configuring-the-monitoring-stack"]
-= Configuring the monitoring stack
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-configuring-the-monitoring-stack
-
-toc::[]
-
-After you configure the monitoring stack, you can review common configuration scenarios and configure monitoring of user-defined projects.
-
-// Maintenance and support for monitoring
-include::modules/osd-monitoring-maintenance-and-support.adoc[leveloffset=+1]
-include::modules/osd-monitoring-support-considerations.adoc[leveloffset=+2]
-
-// Configuring the monitoring stack
-include::modules/osd-monitoring-configuring-the-monitoring-stack.adoc[leveloffset=+1]
-
-// Configurable monitoring components
-include::modules/osd-monitoring-configurable-monitoring-components.adoc[leveloffset=+1]
-
-// Moving monitoring components to different nodes
-include::modules/osd-monitoring-moving-monitoring-components-to-different-nodes.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* link:https://docs.openshift.com/container-platform/4.7/nodes/nodes/nodes-nodes-working.html#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
-* link:https://docs.openshift.com/container-platform/4.7/nodes/scheduling/nodes-scheduler-node-selectors.html[Placing pods on specific nodes using node selectors]
-* See the link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector[Kubernetes documentation] for details on the `nodeSelector` constraint
-
-// TODO: Same question about whether links out to OCP docs should explicitly mention that? (I won't point out any more, but could easily search to find other instances in the repo).
-
-// Assigning tolerations to monitoring components
-include::modules/osd-monitoring-assigning-tolerations-to-monitoring-components.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://docs.openshift.com/container-platform/4.7/nodes/scheduling/nodes-scheduler-taints-tolerations.html#nodes-scheduler-taints-tolerations[OpenShift Container Platform documentation] on taints and tolerations
-* See the link:https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/[Kubernetes documentation] on taints and tolerations
-
-// Configuring persistent storage
-[id="configuring-persistent-storage"]
-== Configuring persistent storage
-
-Running cluster monitoring with persistent storage means that your metrics are stored to a persistent volume (PV) and can survive a pod being restarted or recreated. This is ideal if you require your metrics data to be guarded from data loss. For production environments, it is highly recommended to configure persistent storage. Because of the high IO demands, it is advantageous to use local storage.
-
-[IMPORTANT]
-====
-See link:https://docs.openshift.com/container-platform/4.7/scalability_and_performance/optimizing-storage.html#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].
-====
-
-[id="persistent-storage-prerequisites"]
-=== Persistent storage prerequisites
-
-* Use the block type of storage.
-
-include::modules/osd-monitoring-configuring-a-local-persistent-volume-claim.adoc[leveloffset=+2]
-include::modules/osd-monitoring-modifying-retention-time-for-prometheus-metrics-data.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* link:https://docs.openshift.com/container-platform/4.7/storage/understanding-persistent-storage.html[Understanding persistent storage]
-* link:https://docs.openshift.com/container-platform/4.7/scalability_and_performance/optimizing-storage.html[Optimizing storage]
-
-// Managing scrape sample limits for user-defined projects
-include::modules/osd-monitoring-limiting-scrape-samples-in-user-defined-projects.adoc[leveloffset=+1]
-include::modules/osd-monitoring-setting-a-scrape-sample-limit-for-user-defined-projects.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* link:https://docs.openshift.com/container-platform/4.7/monitoring/troubleshooting-monitoring-issues.html#determining-why-prometheus-is-consuming-disk-space_troubleshooting-monitoring-issues[Determining why Prometheus is consuming a lot of disk space] for steps to query which metrics have the highest number of scrape samples
-
-// Setting log levels for monitoring components
-include::modules/osd-monitoring-setting-log-levels-for-monitoring-components.adoc[leveloffset=+1]
-
-[id="configuring-the-monitoring-stack-next-steps"]
-== Next steps
-
-* xref:../monitoring/osd-managing-metrics.adoc#osd-managing-metrics[Managing metrics]
diff --git a/monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc b/monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
deleted file mode 100644
index 90fea2985d9b..000000000000
--- a/monitoring/osd-enabling-alert-routing-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,37 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-enabling-alert-routing-for-user-defined-projects"]
-= Enabling alert routing for user-defined projects
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-enabling-alert-routing-for-user-defined-projects
-
-toc::[]
-
-[role="_abstract"]
-In {product-title}, a cluster administrator can enable alert routing for user-defined projects. 
-
-[IMPORTANT]
-====
-Managing alerting rules for user-defined projects is only available in {product-title} version 4.11 and later. 
-====
-
-This process consists of two general steps:
-
-* Enable alert routing for user-defined projects to use a separate Alertmanager instance.
-* Grant additional users permission to configure alert routing for user-defined projects.
-
-After you complete these steps, developers and other users can configure custom alerts and alert routing for their user-defined projects.
-
-//Overview of setting up alert routing for user-defined projects
-include::modules/osd-monitoring-understanding-alert-routing-for-user-defined-projects.adoc[leveloffset=+1]
-
-// Enabling a dedicated Alertmanager instance for use in user-defined projects
-include::modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc[leveloffset=+1]
-
-// Granting users permission to configure alert routing for user-defined projects
-include::modules/monitoring-granting-users-permission-to-configure-alert-routing-for-user-defined-projects.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc#osd-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
-* xref:../monitoring/managing-alerts.adoc#creating-alerting-rules-for-user-defined-projects_managing-alerts[Creating alert routing for user-defined projects]
diff --git a/monitoring/osd-managing-alerts.adoc b/monitoring/osd-managing-alerts.adoc
deleted file mode 100644
index a4a8857fd2ba..000000000000
--- a/monitoring/osd-managing-alerts.adoc
+++ /dev/null
@@ -1,77 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-managing-alerts"]
-= Alerts
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-managing-alerts
-
-toc::[]
-
-In {product-title}, the Alerting UI enables you to manage alerts, silences, and alerting rules.
-
-* *Alerting rules*. Alerting rules contain a set of conditions that outline a particular state within a cluster. Alerts are triggered when those conditions are true. An alerting rule can be assigned a severity that defines how the alerts are routed.
-* *Alerts*. An alert is fired when the conditions defined in an alerting rule are true. Alerts provide a notification that a set of circumstances are apparent within an {product-title} cluster.
-* *Silences*. A silence can be applied to an alert to prevent notifications from being sent when the conditions for an alert are true. You can mute an alert after the initial notification, while you work on resolving the underlying issue.
-
-[NOTE]
-====
-The alerts, silences, and alerting rules that are available in the Alerting UI relate to the projects that you have access to. For example, if you are logged in with `cluster-admin` or `dedicated-admin` privileges, all alerts, silences, and alerting rules are accessible.
-====
-
-// Accessing the Alerting UI in the Administrator and Developer perspectives
-include::modules/monitoring-accessing-the-alerting-ui.adoc[leveloffset=+1]
-
-// Searching and filtering alerts, silences, and alerting rules
-include::modules/monitoring-searching-alerts-silences-and-alerting-rules.adoc[leveloffset=+1]
-
-// Getting information about alerts, silences and alerting rules
-include::modules/monitoring-getting-information-about-alerts-silences-and-alerting-rules.adoc[leveloffset=+1]
-
-// Managing silences
-include::modules/monitoring-managing-silences.adoc[leveloffset=+1]
-include::modules/monitoring-silencing-alerts.adoc[leveloffset=+2]
-include::modules/monitoring-editing-silences.adoc[leveloffset=+2]
-include::modules/monitoring-expiring-silences.adoc[leveloffset=+2]
-
-// Managing alerting rules for user-defined projects
-include::modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc[leveloffset=+1]
-include::modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* See the link:https://prometheus.io/docs/practices/alerting/[Prometheus alerting documentation] for further guidelines on optimizing alerts
-* See xref:../monitoring/osd-understanding-the-monitoring-stack.adoc#osd-understanding-the-monitoring-stack[Monitoring overview] for details about {product-title} {product-version} monitoring architecture
-
-include::modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc[leveloffset=+2]
-include::modules/monitoring-reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics.adoc[leveloffset=+2]
-
-* See xref:../monitoring/osd-understanding-the-monitoring-stack.adoc#osd-understanding-the-monitoring-stack[Monitoring overview] for details about {product-title} {product-version} monitoring architecture.
-
-include::modules/monitoring-accessing-alerting-rules-for-your-project.adoc[leveloffset=+2]
-include::modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc[leveloffset=+2]
-include::modules/monitoring-removing-alerting-rules-for-user-defined-projects.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation]
-
-[role="_additional-resources"]
-.Additional resources
-* See xref:../monitoring/osd-understanding-the-monitoring-stack.adoc#osd-understanding-the-monitoring-stack[Monitoring overview] for details about {product-title} monitoring architecture.
-* See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation] for information about alerting rules.
-* See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabeling documentation] for information about how relabeling works.
-* See the link:https://prometheus.io/docs/practices/alerting/[Prometheus alerting documentation] for further guidelines on optimizing alerts.
-
-// Applying a custom configuration to Alertmanager for user-defined alert routing
-include::modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See link:https://www.pagerduty.com/[the PagerDuty official site] for more information on PagerDuty.
-* See link:https://www.pagerduty.com/docs/guides/prometheus-integration-guide/[the PagerDuty Prometheus Integration Guide] to learn how to retrieve the `service_key`.
-* See link:https://prometheus.io/docs/alerting/configuration/[Alertmanager configuration] for configuring alerting through different alert receivers.
-
-[id="alerts-next-steps"]
-== Next steps
-* xref:../monitoring/osd-reviewing-monitoring-dashboards.adoc#osd-reviewing-monitoring-dashboards[Reviewing monitoring dashboards]
\ No newline at end of file
diff --git a/monitoring/osd-managing-metrics.adoc b/monitoring/osd-managing-metrics.adoc
deleted file mode 100644
index 63ad0a37a66f..000000000000
--- a/monitoring/osd-managing-metrics.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-managing-metrics"]
-= Managing metrics
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-managing-metrics
-
-toc::[]
-
-You can collect metrics to monitor how cluster components and your own workloads are performing.
-
-// Understanding metrics
-include::modules/osd-monitoring-understanding-metrics.adoc[leveloffset=+1]
-
-// Setting up metrics collection for user-defined projects
-include::modules/osd-monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc[leveloffset=+1]
-include::modules/osd-monitoring-deploying-a-sample-service.adoc[leveloffset=+2]
-include::modules/osd-monitoring-specifying-how-a-service-is-monitored.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://github.com/openshift/prometheus-operator/blob/release-4.7/Documentation/api.md[Prometheus Operator API documentation] for more information on `ServiceMonitor` and `PodMonitor` resources.
-* xref:../monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc#osd-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects].
-
-// Querying metrics
-include::modules/osd-monitoring-querying-metrics.adoc[leveloffset=+1]
-include::modules/osd-monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc[leveloffset=+2]
-include::modules/osd-monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation] for more information about creating PromQL queries.
-* See the xref:../monitoring/osd-managing-metrics.adoc#querying-metrics-for-user-defined-projects-as-a-developer_osd-managing-metrics[Querying metrics for user-defined projects as a developer] for details on accessing non-cluster metrics as a developer or a privileged user
-// TODO: The above additional resource points to the same module that it's an additional resource of
-
-include::modules/osd-monitoring-exploring-the-visualized-metrics.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the xref:../monitoring/osd-managing-metrics.adoc#querying-metrics_osd-managing-metrics[Querying metrics] section on using the PromQL interface
-* xref:../monitoring/osd-troubleshooting-monitoring-issues.adoc#osd-troubleshooting-monitoring-issues[Troubleshooting monitoring issues]
-
-[id="managing-metrics-next-steps"]
-== Next steps
-* xref:../monitoring/managing-alerts.adoc#managing-alerts[Alerts]
-
diff --git a/monitoring/osd-reviewing-monitoring-dashboards.adoc b/monitoring/osd-reviewing-monitoring-dashboards.adoc
deleted file mode 100644
index a6509697f616..000000000000
--- a/monitoring/osd-reviewing-monitoring-dashboards.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-reviewing-monitoring-dashboards"]
-= Reviewing monitoring dashboards
-include::_attributes/common-attributes.adoc[]
-:context: osd-reviewing-monitoring-dashboards
-
-toc::[]
-
-{product-title} provides monitoring dashboards that help you understand the state of user-defined projects.
-
-In the *Developer* perspective, you can access dashboards that provide the following statistics for a selected project:
-
-* CPU usage
-* Memory usage
-* Bandwidth information
-* Packet rate information
-
-.Example dashboard in the Developer perspective
-image::monitoring-dashboard-developer.png[]
-
-[NOTE]
-====
-In the *Developer* perspective, you can view dashboards for only one project at a time.
-====
-
-// Reviewing monitoring dashboards as a developer
-include::modules/osd-monitoring-reviewing-monitoring-dashboards-developer.adoc[leveloffset=+1]
-
-[id="monitoring-dashboards-next-steps"]
-== Next steps
-
-* xref:../monitoring/osd-troubleshooting-monitoring-issues.adoc#osd-troubleshooting-monitoring-issues[Troubleshooting monitoring issues]
diff --git a/monitoring/osd-troubleshooting-monitoring-issues.adoc b/monitoring/osd-troubleshooting-monitoring-issues.adoc
deleted file mode 100644
index 3610f6c0ecef..000000000000
--- a/monitoring/osd-troubleshooting-monitoring-issues.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-troubleshooting-monitoring-issues"]
-= Troubleshooting monitoring issues
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-troubleshooting-monitoring-issues
-
-toc::[]
-
-Find troubleshooting steps for common monitoring issues with user-defined projects.
-
-include::modules/osd-monitoring-troubleshooting-issues.adoc[leveloffset=+1]
diff --git a/monitoring/osd-understanding-the-monitoring-stack.adoc b/monitoring/osd-understanding-the-monitoring-stack.adoc
deleted file mode 100644
index a1e020783679..000000000000
--- a/monitoring/osd-understanding-the-monitoring-stack.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-understanding-the-monitoring-stack"]
-= Understanding the monitoring stack
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: osd-understanding-the-monitoring-stack
-
-toc::[]
-
-In {product-title}, you can monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. You can monitor your own projects without the need for an additional monitoring solution.
-
-[NOTE]
-====
-Follow the instructions in this document carefully to configure a supported Prometheus instance for monitoring user-defined projects. Custom Prometheus instances are not supported by {product-title}.
-====
-
-// Understanding the monitoring stack
-include::modules/osd-monitoring-understanding-the-monitoring-stack.adoc[leveloffset=+1]
-include::modules/osd-monitoring-components-for-monitoring-user-defined-projects.adoc[leveloffset=+2]
-include::modules/osd-monitoring-targets-for-user-defined-projects.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-[id="understanding-the-monitoring-stack-additional-resources"]
-== Additional resources
-
-* xref:../monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc#osd-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/monitoring/monitoring-overview#default-monitoring-components_monitoring-overview[Default monitoring components]
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/monitoring/monitoring-overview#default-monitoring-targets_monitoring-overview[Default monitoring targets]
-// TODO: When there is a link to the OCP docs, should that be explicit, so they're not surprised when they find themselves in another doc set?
-
-[id="understanding-the-monitoring-stack-next-steps"]
-== Next steps
-
-* xref:../monitoring/osd-accessing-monitoring-for-user-defined-projects.adoc#osd-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
diff --git a/monitoring/querying-metrics.adoc b/monitoring/querying-metrics.adoc
deleted file mode 100644
index 744800f50e00..000000000000
--- a/monitoring/querying-metrics.adoc
+++ /dev/null
@@ -1,40 +0,0 @@
-:_content-type: ASSEMBLY
-[id="querying-metrics"]
-= Querying metrics
-include::_attributes/common-attributes.adoc[]
-:context: querying-metrics
-
-toc::[]
-
-You can query metrics to view data about how cluster components and your own workloads are performing.
-
-// Querying metrics
-include::modules/monitoring-about-querying-metrics.adoc[leveloffset=+1]
-//include::modules/monitoring-contents-of-the-metrics-ui.adoc[leveloffset=+2]
-include::modules/monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For more information about creating PromQL queries, see the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation].
-
-include::modules/monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For more information about creating PromQL queries, see the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation]. 
-
-include::modules/monitoring-exploring-the-visualized-metrics.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../monitoring/querying-metrics.adoc#about-querying-metrics_querying-metrics[Querying metrics] for details on using the PromQL interface
-* See xref:../monitoring/querying-metrics.adoc#querying-metrics-for-all-projects-as-an-administrator_querying-metrics[Querying metrics for all projects as an administrator] for details on accessing metrics for all projects as an administrator.
-* See xref:../monitoring/querying-metrics.adoc#querying-metrics-for-user-defined-projects-as-a-developer_querying-metrics[Querying metrics for user-defined projects as a developer] for details on accessing non-cluster metrics as a developer or a privileged user.
-
-[id="next-steps_managing-metrics-targets"]
-== Next steps
-
-* xref:../monitoring/managing-metrics-targets.adoc#managing-metrics-targets[Managing metrics targets]
diff --git a/monitoring/reviewing-monitoring-dashboards.adoc b/monitoring/reviewing-monitoring-dashboards.adoc
index 74285b254852..20731849aabb 100644
--- a/monitoring/reviewing-monitoring-dashboards.adoc
+++ b/monitoring/reviewing-monitoring-dashboards.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="reviewing-monitoring-dashboards"]
 = Reviewing monitoring dashboards
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 {product-title} {product-version} provides a comprehensive set of monitoring dashboards that help you understand the state of cluster components and user-defined workloads.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+{product-title} provides monitoring dashboards that help you understand the state of user-defined projects.
+endif::openshift-dedicated,openshift-rosa[]
 
 Use the *Administrator* perspective to access dashboards for the core {product-title} components, including the following items:
 
@@ -16,6 +21,7 @@ Use the *Administrator* perspective to access dashboards for the core {product-t
 * Kubernetes network resources
 * Prometheus
 * USE method dashboards relating to cluster and node performance
+* Node performance metrics
 
 .Example dashboard in the Administrator perspective
 image::monitoring-dashboard-administrator.png[]
@@ -41,11 +47,14 @@ include::modules/monitoring-reviewing-monitoring-dashboards-admin.adoc[leveloffs
 // Reviewing monitoring dashboards as a developer
 include::modules/monitoring-reviewing-monitoring-dashboards-developer.adoc[leveloffset=+1]
 
+ifndef::openshift-dedicated,openshift-rosa[]
+// This additional resource might be valid for ROSA/OSD when the Building applications content is ported.
 [role="_additional-resources"]
 [id="additional-resources-reviewing-monitoring-dashboards"]
 .Additional resources
 
 * xref:../applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc#monitoring-project-and-application-metrics-using-developer-perspective[Monitoring project and application metrics using the Developer perspective]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="next-steps_reviewing-monitoring-dashboards"]
 == Next steps
diff --git a/monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc b/monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc
deleted file mode 100644
index b95ddafa8a12..000000000000
--- a/monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-accessing-monitoring-for-user-defined-projects"]
-= Accessing monitoring for user-defined projects
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-accessing-monitoring-for-user-defined-projects
-
-toc::[]
-
-When you install a {product-title} (ROSA) cluster, monitoring for user-defined projects is enabled by default. With monitoring for user-defined projects enabled, you can monitor your own ROSA projects without the need for an additional monitoring solution.
-
-The `dedicated-admin` user has default permissions to configure and access monitoring for user-defined projects.
-
-[NOTE]
-====
-Custom Prometheus instances and the Prometheus Operator installed through Operator Lifecycle Manager (OLM) can cause issues with user-defined project monitoring if it is enabled. Custom Prometheus instances are not supported.
-====
-
-Optionally, you can disable monitoring for user-defined projects during or after a cluster installation.
-
-[id="accessing-user-defined-monitoring-next-steps"]
-== Next steps
-
-* xref:../monitoring/rosa-configuring-the-monitoring-stack.adoc#rosa-configuring-the-monitoring-stack[Configuring the monitoring stack]
diff --git a/monitoring/rosa-configuring-the-monitoring-stack.adoc b/monitoring/rosa-configuring-the-monitoring-stack.adoc
deleted file mode 100644
index bfe7bdfbc996..000000000000
--- a/monitoring/rosa-configuring-the-monitoring-stack.adoc
+++ /dev/null
@@ -1,83 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-configuring-the-monitoring-stack"]
-= Configuring the monitoring stack
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-configuring-the-monitoring-stack
-
-toc::[]
-
-After you configure the monitoring stack, you can review common configuration scenarios and configure monitoring of user-defined projects.
-
-// Maintenance and support for monitoring
-include::modules/osd-monitoring-maintenance-and-support.adoc[leveloffset=+1]
-include::modules/osd-monitoring-support-considerations.adoc[leveloffset=+2]
-
-// Configuring the monitoring stack
-include::modules/osd-monitoring-configuring-the-monitoring-stack.adoc[leveloffset=+1]
-
-// Configurable monitoring components
-include::modules/osd-monitoring-configurable-monitoring-components.adoc[leveloffset=+1]
-
-// Moving monitoring components to different nodes
-include::modules/osd-monitoring-moving-monitoring-components-to-different-nodes.adoc[leveloffset=+1]
-
-////
-Commenting out these links until they can be updated.
-
-[role="_additional-resources"]
-.Additional resources
-
-* link:https://docs.openshift.com/container-platform/4.7/nodes/nodes/nodes-nodes-working.html#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
-* link:https://docs.openshift.com/container-platform/4.7/nodes/scheduling/nodes-scheduler-node-selectors.html[Placing pods on specific nodes using node selectors]
-* See the link:https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector[Kubernetes documentation] for details on the `nodeSelector` constraint
-////
-
-// TODO: Same question about whether links out to OCP docs should explicitly mention that? (I won't point out any more, but could easily search to find other instances in the repo).
-
-// Assigning tolerations to monitoring components
-include::modules/osd-monitoring-assigning-tolerations-to-monitoring-components.adoc[leveloffset=+1]
-
-.Additional resources
-
-* See the link:https://docs.openshift.com/container-platform/4.7/nodes/scheduling/nodes-scheduler-taints-tolerations.html#nodes-scheduler-taints-tolerations[OpenShift Container Platform documentation] on taints and tolerations
-* See the link:https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/[Kubernetes documentation] on taints and tolerations
-
-// Configuring persistent storage
-[id="configuring-persistent-storage"]
-== Configuring persistent storage
-
-Running cluster monitoring with persistent storage means that your metrics are stored to a persistent volume (PV) and can survive a pod being restarted or recreated. This is ideal if you require your metrics data to be guarded from data loss. For production environments, it is highly recommended to configure persistent storage. Because of the high IO demands, it is advantageous to use local storage.
-
-[IMPORTANT]
-====
-See link:https://docs.openshift.com/container-platform/4.7/scalability_and_performance/optimizing-storage.html#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].
-====
-
-[id="persistent-storage-prerequisites"]
-=== Persistent storage prerequisites
-
-* Use the block type of storage.
-
-include::modules/osd-monitoring-configuring-a-local-persistent-volume-claim.adoc[leveloffset=+2]
-include::modules/osd-monitoring-modifying-retention-time-for-prometheus-metrics-data.adoc[leveloffset=+2]
-
-.Additional resources
-
-* link:https://docs.openshift.com/container-platform/4.7/storage/understanding-persistent-storage.html[Understanding persistent storage]
-* link:https://docs.openshift.com/container-platform/4.7/scalability_and_performance/optimizing-storage.html[Optimizing storage]
-
-// Managing scrape sample limits for user-defined projects
-include::modules/osd-monitoring-limiting-scrape-samples-in-user-defined-projects.adoc[leveloffset=+1]
-include::modules/osd-monitoring-setting-a-scrape-sample-limit-for-user-defined-projects.adoc[leveloffset=+2]
-
-.Additional resources
-
-* link:https://docs.openshift.com/container-platform/4.7/monitoring/troubleshooting-monitoring-issues.html#determining-why-prometheus-is-consuming-disk-space_troubleshooting-monitoring-issues[Determining why Prometheus is consuming a lot of disk space] for steps to query which metrics have the highest number of scrape samples
-
-// Setting log levels for monitoring components
-include::modules/osd-monitoring-setting-log-levels-for-monitoring-components.adoc[leveloffset=+1]
-
-[id="configuring-the-monitoring-stack-next-steps"]
-== Next steps
-
-* xref:../monitoring/rosa-managing-metrics.adoc#rosa-managing-metrics[Managing metrics]
diff --git a/monitoring/rosa-enabling-alert-routing-for-user-defined-projects.adoc b/monitoring/rosa-enabling-alert-routing-for-user-defined-projects.adoc
deleted file mode 100644
index e26fd5b0153e..000000000000
--- a/monitoring/rosa-enabling-alert-routing-for-user-defined-projects.adoc
+++ /dev/null
@@ -1,37 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-enabling-alert-routing-for-user-defined-projects"]
-= Enabling alert routing for user-defined projects
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-enabling-alert-routing-for-user-defined-projects
-
-toc::[]
-
-[role="_abstract"]
-In {product-title}, a cluster administrator can enable alert routing for user-defined projects. 
-
-[IMPORTANT]
-====
-Managing alerting rules for user-defined projects is only available in {product-title} version 4.11 and later. 
-====
-
-This process consists of two general steps:
-
-* Enable alert routing for user-defined projects to use a separate Alertmanager instance.
-* Grant additional users permission to configure alert routing for user-defined projects.
-
-After you complete these steps, developers and other users can configure custom alerts and alert routing for their user-defined projects.
-
-//Overview of setting up alert routing for user-defined projects
-include::modules/osd-monitoring-understanding-alert-routing-for-user-defined-projects.adoc[leveloffset=+1]
-
-// Enabling a dedicated Alertmanager instance for use in user-defined projects
-include::modules/monitoring-enabling-a-separate-alertmanager-instance-for-user-defined-alert-routing.adoc[leveloffset=+1]
-
-// Granting users permission to configure alert routing for user-defined projects
-include::modules/monitoring-granting-users-permission-to-configure-alert-routing-for-user-defined-projects.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc#rosa-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
-* xref:../monitoring/managing-alerts.adoc#creating-alerting-rules-for-user-defined-projects_managing-alerts[Creating alert routing for user-defined projects]
diff --git a/monitoring/rosa-managing-alerts.adoc b/monitoring/rosa-managing-alerts.adoc
deleted file mode 100644
index 82a74dd9661f..000000000000
--- a/monitoring/rosa-managing-alerts.adoc
+++ /dev/null
@@ -1,77 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-managing-alerts"]
-= Alerts
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-managing-alerts
-
-toc::[]
-
-In {product-title}, the Alerting UI enables you to manage alerts, silences, and alerting rules.
-
-* *Alerting rules*. Alerting rules contain a set of conditions that outline a particular state within a cluster. Alerts are triggered when those conditions are true. An alerting rule can be assigned a severity that defines how the alerts are routed.
-* *Alerts*. An alert is fired when the conditions defined in an alerting rule are true. Alerts provide a notification that a set of circumstances are apparent within an {product-title} cluster.
-* *Silences*. A silence can be applied to an alert to prevent notifications from being sent when the conditions for an alert are true. You can mute an alert after the initial notification, while you work on resolving the underlying issue.
-
-[NOTE]
-====
-The alerts, silences, and alerting rules that are available in the Alerting UI relate to the projects that you have access to. For example, if you are logged in with `cluster-admin` or `dedicated-admin` privileges, all alerts, silences, and alerting rules are accessible.
-====
-
-// Accessing the Alerting UI in the Administrator and Developer perspectives
-include::modules/monitoring-accessing-the-alerting-ui.adoc[leveloffset=+1]
-
-// Searching and filtering alerts, silences, and alerting rules
-include::modules/monitoring-searching-alerts-silences-and-alerting-rules.adoc[leveloffset=+1]
-
-// Getting information about alerts, silences and alerting rules
-include::modules/monitoring-getting-information-about-alerts-silences-and-alerting-rules.adoc[leveloffset=+1]
-
-// Managing silences
-include::modules/monitoring-managing-silences.adoc[leveloffset=+1]
-include::modules/monitoring-silencing-alerts.adoc[leveloffset=+2]
-include::modules/monitoring-editing-silences.adoc[leveloffset=+2]
-include::modules/monitoring-expiring-silences.adoc[leveloffset=+2]
-
-// Managing alerting rules for user-defined projects
-include::modules/monitoring-managing-alerting-rules-for-user-defined-projects.adoc[leveloffset=+1]
-include::modules/monitoring-optimizing-alerting-for-user-defined-projects.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* See the link:https://prometheus.io/docs/practices/alerting/[Prometheus alerting documentation] for further guidelines on optimizing alerts
-* See xref:../monitoring/rosa-understanding-the-monitoring-stack.adoc#rosa-understanding-the-monitoring-stack[Monitoring overview] for details about {product-title} {product-version} monitoring architecture
-
-include::modules/monitoring-creating-alerting-rules-for-user-defined-projects.adoc[leveloffset=+2]
-include::modules/monitoring-reducing-latency-for-alerting-rules-that-do-not-query-platform-metrics.adoc[leveloffset=+2]
-
-* See xref:../monitoring/rosa-understanding-the-monitoring-stack.adoc#rosa-understanding-the-monitoring-stack[Monitoring overview] for details about {product-title} {product-version} monitoring architecture.
-
-include::modules/monitoring-accessing-alerting-rules-for-your-project.adoc[leveloffset=+2]
-include::modules/monitoring-listing-alerting-rules-for-all-projects-in-a-single-view.adoc[leveloffset=+2]
-include::modules/monitoring-removing-alerting-rules-for-user-defined-projects.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation]
-
-[role="_additional-resources"]
-.Additional resources
-* See xref:../monitoring/rosa-understanding-the-monitoring-stack.adoc#rosa-understanding-the-monitoring-stack[Monitoring overview] for details about {product-title} monitoring architecture.
-* See the link:https://prometheus.io/docs/alerting/alertmanager/[Alertmanager documentation] for information about alerting rules.
-* See the link:https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config[Prometheus relabeling documentation] for information about how relabeling works.
-* See the link:https://prometheus.io/docs/practices/alerting/[Prometheus alerting documentation] for further guidelines on optimizing alerts.
-
-// Applying a custom configuration to Alertmanager for user-defined alert routing
-include::modules/monitoring-applying-a-custom-configuration-to-alertmanager-for-user-defined-alert-routing.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See link:https://www.pagerduty.com/[the PagerDuty official site] for more information on PagerDuty.
-* See link:https://www.pagerduty.com/docs/guides/prometheus-integration-guide/[the PagerDuty Prometheus Integration Guide] to learn how to retrieve the `service_key`.
-* See link:https://prometheus.io/docs/alerting/configuration/[Alertmanager configuration] for configuring alerting through different alert receivers.
-
-[id="alerts-next-steps"]
-== Next steps
-* xref:../monitoring/rosa-reviewing-monitoring-dashboards.adoc#rosa-reviewing-monitoring-dashboards[Reviewing monitoring dashboards]
\ No newline at end of file
diff --git a/monitoring/rosa-managing-metrics.adoc b/monitoring/rosa-managing-metrics.adoc
deleted file mode 100644
index 11e6bee57c1a..000000000000
--- a/monitoring/rosa-managing-metrics.adoc
+++ /dev/null
@@ -1,46 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-managing-metrics"]
-= Managing metrics
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-managing-metrics
-
-toc::[]
-
-{product-title} collects metrics for cluster components, and you can use Prometheus to query and visualize them.
-
-// Understanding metrics
-include::modules/osd-monitoring-understanding-metrics.adoc[leveloffset=+1]
-
-// Setting up metrics collection for user-defined projects
-include::modules/osd-monitoring-setting-up-metrics-collection-for-user-defined-projects.adoc[leveloffset=+1]
-include::modules/osd-monitoring-deploying-a-sample-service.adoc[leveloffset=+2]
-include::modules/osd-monitoring-specifying-how-a-service-is-monitored.adoc[leveloffset=+2]
-
-.Additional resources
-
-// * See the link:https://github.com/openshift/prometheus-operator/blob/release-4.7/Documentation/api.md[Prometheus Operator API documentation] for more information on `ServiceMonitor` and `PodMonitor` resources.
-* xref:../monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc#rosa-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects].
-
-// Querying metrics
-include::modules/osd-monitoring-querying-metrics.adoc[leveloffset=+1]
-include::modules/osd-monitoring-querying-metrics-for-all-projects-as-an-administrator.adoc[leveloffset=+2]
-include::modules/osd-monitoring-querying-metrics-for-user-defined-projects-as-a-developer.adoc[leveloffset=+2]
-
-.Additional resources
-
-* See the link:https://prometheus.io/docs/prometheus/latest/querying/basics/[Prometheus query documentation] for more information about creating PromQL queries.
-* See xref:../monitoring/rosa-managing-metrics.adoc#querying-metrics-for-user-defined-projects-as-a-developer_rosa-managing-metrics[Querying metrics for user-defined projects as a developer] for details on accessing non-cluster metrics as a developer or a privileged user
-// TODO: The above additional resource points to the same module that it's an additional resource of
-
-include::modules/osd-monitoring-exploring-the-visualized-metrics.adoc[leveloffset=+2]
-
-.Additional resources
-
-* See the xref:../monitoring/rosa-managing-metrics.adoc#querying-metrics_rosa-managing-metrics[Querying metrics] section on using the PromQL interface
-* xref:../monitoring/rosa-troubleshooting-monitoring-issues.adoc#rosa-troubleshooting-monitoring-issues[Troubleshooting monitoring issues]
-
-[id="managing-metrics-next-steps"]
-== Next steps
-* xref:../monitoring/managing-alerts.adoc#managing-alerts[Alerts]
-
-// TODO: Why is alerts a next step if alerts aren't supported? Can this be removed?
diff --git a/monitoring/rosa-reviewing-monitoring-dashboards.adoc b/monitoring/rosa-reviewing-monitoring-dashboards.adoc
deleted file mode 100644
index f572096b68ea..000000000000
--- a/monitoring/rosa-reviewing-monitoring-dashboards.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="rosa-reviewing-monitoring-dashboards"]
-= Reviewing monitoring dashboards
-:context: rosa-reviewing-monitoring-dashboards
-
-toc::[]
-
-{product-title} provides monitoring dashboards that help you understand the state of user-defined projects.
-
-In the *Developer* perspective, you can access dashboards that provide the following statistics for a selected project:
-
-* CPU usage
-* Memory usage
-* Bandwidth information
-* Packet rate information
-
-.Example dashboard in the Developer perspective
-image::monitoring-dashboard-developer.png[]
-
-[NOTE]
-====
-In the *Developer* perspective, you can view dashboards for only one project at a time.
-====
-
-// Reviewing monitoring dashboards as a developer
-include::modules/osd-monitoring-reviewing-monitoring-dashboards-developer.adoc[leveloffset=+1]
-
-[id="monitoring-dashboards-next-steps"]
-== Next steps
-
-* xref:../monitoring/rosa-troubleshooting-monitoring-issues.adoc#rosa-troubleshooting-monitoring-issues[Troubleshooting monitoring issues]
diff --git a/monitoring/rosa-troubleshooting-monitoring-issues.adoc b/monitoring/rosa-troubleshooting-monitoring-issues.adoc
deleted file mode 100644
index 5b4fd0803c77..000000000000
--- a/monitoring/rosa-troubleshooting-monitoring-issues.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-troubleshooting-monitoring-issues"]
-= Troubleshooting monitoring issues
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-troubleshooting-monitoring-issues
-
-toc::[]
-
-Find troubleshooting steps for common monitoring issues with user-defined projects.
-
-include::modules/osd-monitoring-troubleshooting-issues.adoc[leveloffset=+1]
diff --git a/monitoring/rosa-understanding-the-monitoring-stack.adoc b/monitoring/rosa-understanding-the-monitoring-stack.adoc
deleted file mode 100644
index f04757db905a..000000000000
--- a/monitoring/rosa-understanding-the-monitoring-stack.adoc
+++ /dev/null
@@ -1,34 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-understanding-the-monitoring-stack"]
-= Understanding the monitoring stack
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-understanding-the-monitoring-stack
-
-toc::[]
-
-In {product-title}, you can monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. You can monitor your own projects without the need for an additional monitoring solution.
-
-[NOTE]
-====
-Follow the instructions in this document carefully to configure a supported Prometheus instance for monitoring user-defined projects. Custom Prometheus instances are not supported by {product-title}.
-====
-
-// Understanding the monitoring stack
-include::modules/osd-monitoring-understanding-the-monitoring-stack.adoc[leveloffset=+1]
-include::modules/osd-monitoring-components-for-monitoring-user-defined-projects.adoc[leveloffset=+2]
-include::modules/osd-monitoring-targets-for-user-defined-projects.adoc[leveloffset=+2]
-
-[id="understanding-the-monitoring-stack-additional-resources"]
-== Additional resources
-
-//Because this is a duplicate file only referenced in the ROSA topic map, the xref links in this section will differ from the osd-understanding-the-monitoring-stack.adoc file.
-
-* xref:../monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc#rosa-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html-single/monitoring/index#default-monitoring-components_monitoring-overview[Default monitoring components]
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html-single/monitoring/index#default-monitoring-targets_monitoring-overview[Default monitoring targets]
-// TODO: When there is a link to the OCP docs, should that be explicit, so they're not surprised when they find themselves in another doc set?
-
-[id="understanding-the-monitoring-stack-next-steps"]
-== Next steps
-
-* xref:../monitoring/rosa-accessing-monitoring-for-user-defined-projects.adoc#rosa-accessing-monitoring-for-user-defined-projects[Accessing monitoring for user-defined projects]
diff --git a/monitoring/sd-accessing-monitoring-for-user-defined-projects.adoc b/monitoring/sd-accessing-monitoring-for-user-defined-projects.adoc
new file mode 100644
index 000000000000..04fd3366a1a8
--- /dev/null
+++ b/monitoring/sd-accessing-monitoring-for-user-defined-projects.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="sd-accessing-monitoring-for-user-defined-projects"]
+= Accessing monitoring for user-defined projects
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: sd-accessing-monitoring-for-user-defined-projects
+
+toc::[]
+
+When you install a {product-title}
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+cluster, monitoring for user-defined projects is enabled by default. With monitoring for user-defined projects enabled, you can monitor your own
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+{product-title}
+endif::openshift-dedicated[]
+projects without the need for an additional monitoring solution.
+
+The `dedicated-admin` user has default permissions to configure and access monitoring for user-defined projects.
+
+[NOTE]
+====
+Custom Prometheus instances and the Prometheus Operator installed through Operator Lifecycle Manager (OLM) can cause issues with user-defined project monitoring if it is enabled. Custom Prometheus instances are not supported.
+====
+
+Optionally, you can disable monitoring for user-defined projects during or after a cluster installation.
+
+[id="accessing-user-defined-monitoring-next-steps"]
+== Next steps
+
+* xref:../monitoring/configuring-the-monitoring-stack.adoc#configuring-the-monitoring-stack_configuring-the-monitoring-stack[Configuring the monitoring stack]
diff --git a/monitoring/sd-disabling-monitoring-for-user-defined-projects.adoc b/monitoring/sd-disabling-monitoring-for-user-defined-projects.adoc
new file mode 100644
index 000000000000..9b31f0706db9
--- /dev/null
+++ b/monitoring/sd-disabling-monitoring-for-user-defined-projects.adoc
@@ -0,0 +1,15 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="sd-disabling-monitoring-for-user-defined-projects"]
+= Disabling monitoring for user-defined projects
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: sd-disabling-monitoring-for-user-defined-projects
+
+toc::[]
+
+As a `dedicated-admin`, you can disable monitoring for user-defined projects. You can also exclude individual projects from user workload monitoring.
+
+// Disabling monitoring for user-defined projects
+include::modules/sd-disabling-monitoring-for-user-defined-projects.adoc[leveloffset=+1]
+
+// Excluding a user-defined project from monitoring
+include::modules/monitoring-excluding-a-user-defined-project-from-monitoring.adoc[leveloffset=+1]
diff --git a/monitoring/troubleshooting-monitoring-issues.adoc b/monitoring/troubleshooting-monitoring-issues.adoc
index ba94db63172f..ffcd6428a01f 100644
--- a/monitoring/troubleshooting-monitoring-issues.adoc
+++ b/monitoring/troubleshooting-monitoring-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-monitoring-issues"]
 = Troubleshooting monitoring issues
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,15 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-// Investigating why user-defined metrics are unavailable
+ifndef::openshift-dedicated,openshift-rosa[]
+Find troubleshooting steps for common issues with core platform and user-defined project monitoring.
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Find troubleshooting steps for common issues with user-defined project monitoring.
+endif::openshift-dedicated,openshift-rosa[]
+
+// Investigating why user-defined project metrics are unavailable (OCP)
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/monitoring-investigating-why-user-defined-metrics-are-unavailable.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -14,8 +22,13 @@ include::modules/monitoring-investigating-why-user-defined-metrics-are-unavailab
 
 * xref:../monitoring/configuring-the-monitoring-stack.adoc#creating-user-defined-workload-monitoring-configmap_configuring-the-monitoring-stack[Creating a user-defined workload monitoring config map]
 * See xref:../monitoring/managing-metrics.adoc#specifying-how-a-service-is-monitored_managing-metrics[Specifying how a service is monitored] for details on how to create a `ServiceMonitor` or `PodMonitor` resource
-* See xref:../monitoring/managing-metrics-targets.adoc#monitoring-accessing-the-metrics-targets-page_managing-metrics-targets[Accessing metrics targets in the Administrator perspective]
+* See xref:../monitoring/managing-metrics.adoc#getting-detailed-information-about-a-target_managing-metrics[Getting detailed information about metrics targets]
+endif::openshift-dedicated,openshift-rosa[]
 
+// Investigating why user-defined project metrics are unavailable (OSD/ROSA)
+ifdef::openshift-dedicated,openshift-rosa[]
+include::modules/sd-monitoring-troubleshooting-issues.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
 
 // Determining why Prometheus is consuming a lot of disk space
 include::modules/monitoring-determining-why-prometheus-is-consuming-disk-space.adoc[leveloffset=+1]
@@ -24,4 +37,4 @@ include::modules/monitoring-determining-why-prometheus-is-consuming-disk-space.a
 .Additional resources
 
 * See xref:../monitoring/configuring-the-monitoring-stack.adoc#setting-scrape-sample-and-label-limits-for-user-defined-projects_configuring-the-monitoring-stack[Setting a scrape sample limit for user-defined projects] for details on how to set a scrape sample limit and create related alerting rules
-* xref:../support/getting-support.html#support-submitting-a-case_getting-support[Submitting a support case]
+* xref:../support/getting-support.adoc#support-submitting-a-case_getting-support[Submitting a support case]
diff --git a/network_observability/_attributes b/network_observability/_attributes
new file mode 120000
index 000000000000..93957f02273f
--- /dev/null
+++ b/network_observability/_attributes
@@ -0,0 +1 @@
+../_attributes
\ No newline at end of file
diff --git a/network_observability/configuring-operator.adoc b/network_observability/configuring-operator.adoc
new file mode 100644
index 000000000000..4f5ca571d2cb
--- /dev/null
+++ b/network_observability/configuring-operator.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-network-observability-operators"]
+= Configuring the Network Observability Operator
+include::_attributes/common-attributes.adoc[]
+:context: network_observability
+
+toc::[]
+
+You can update the Flow Collector API resource to configure the Network Observability Operator and its managed components. The  Flow Collector is explicitly created during installation. Since this resource operates cluster-wide, only a single `FlowCollector` is allowed, and it has to be named `cluster`.
+
+
+include::modules/network-observability-flowcollector-view.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+For more information about conversation tracking, see xref:../network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversations].
+
+include::modules/network-observability-flowcollector-kafka-config.adoc[leveloffset=+1]
+include::modules/network-observability-enriched-flows.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+For more information about specifying flow format, see xref:../network_observability/json-flows-format-reference.adoc#network-observability-flows-format_json_reference[Network flows format reference].
+
+include::modules/network-observability-configuring-FLP-sampling.adoc[leveloffset=+1]
+include::modules/network-observability-configuring-quickfilters-flowcollector.adoc[leveloffset=+1]
+include::modules/network-observability-SRIOV-configuration.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+For more information about creating the `SriovNetwork` custom resource, see xref:../networking/hardware_networks/configuring-sriov-device.adoc#cnf-creating-an-additional-sriov-network-with-vrf-plug-in_configuring-sriov-device[Creating an additional SR-IOV network attachment with the CNI VRF plugin].
+
+include::modules/network-observability-resource-recommendations.adoc[leveloffset=+1]
+include::modules/network-observability-resources-table.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/networking/network_observability/flowcollector-api.adoc b/network_observability/flowcollector-api.adoc
similarity index 81%
rename from networking/network_observability/flowcollector-api.adoc
rename to network_observability/flowcollector-api.adoc
index 7ded809c96f9..ba0b5963b3b7 100644
--- a/networking/network_observability/flowcollector-api.adoc
+++ b/network_observability/flowcollector-api.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="flowcollector-api"]
-= FlowCollector configuration parameters 
+= FlowCollector configuration parameters
 include::_attributes/common-attributes.adoc[]
 :context: network_observability
 
diff --git a/sd_support/images b/network_observability/images
similarity index 100%
rename from sd_support/images
rename to network_observability/images
diff --git a/network_observability/installing-operators.adoc b/network_observability/installing-operators.adoc
new file mode 100644
index 000000000000..1573349a08fe
--- /dev/null
+++ b/network_observability/installing-operators.adoc
@@ -0,0 +1,71 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-network-observability-operators"]
+= Installing the Network Observability Operator
+include::_attributes/common-attributes.adoc[]
+:context: network_observability
+
+toc::[]
+Installing Loki is a recommended prerequisite for using the Network Observability Operator. You can choose to use xref:../network_observability/installing-operators.adoc#network-observability-without-loki_network_observability[Network Observability without Loki], but there are some considerations for doing this, described in the previously linked section.
+
+The {loki-op} integrates a gateway that implements multi-tenancy and authentication with Loki for data flow storage. The `LokiStack` resource manages Loki, which is a scalable, highly-available, multi-tenant log aggregation system, and a web proxy with {product-title} authentication. The `LokiStack` proxy uses {product-title} authentication to enforce multi-tenancy and facilitate the saving and indexing of data in Loki log stores.
+
+[NOTE]
+====
+The {loki-op} can also be used for xref:../logging/log_storage/cluster-logging-loki.adoc#cluster-logging-loki[configuring the LokiStack log store]. The Network Observability Operator requires a dedicated LokiStack separate from the {logging}.
+====
+
+include::modules/network-observability-without-loki.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data].
+
+include::modules/network-observability-loki-install.adoc[leveloffset=+1]
+include::modules/network-observability-loki-secret.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference] 
+* xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource]
+* xref:../logging/log_storage/installing-log-storage.adoc#logging-loki-storage_installing-log-storage[Loki object storage]
+
+include::modules/network-observability-lokistack-create.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../logging/log_storage/cluster-logging-loki.adoc#logging-creating-new-group-cluster-admin-user-role_cluster-logging-loki[Creating a new group for the cluster-admin user role]
+
+include::modules/loki-deployment-sizing.adoc[leveloffset=+2]
+include::modules/network-observability-lokistack-ingestion-query.adoc[leveloffset=+2]
+include::modules/network-observability-auth-multi-tenancy.adoc[leveloffset=+2]
+include::modules/network-observability-multitenancy.adoc[leveloffset=+2]
+include::modules/network-observability-operator-install.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_configuring-flow-collector-considerations"]
+== Important Flow Collector configuration considerations
+Once you create the `FlowCollector` instance, you can reconfigure it, but the pods are terminated and recreated again, which can be disruptive. Therefore, you can consider configuring the following options when creating the `FlowCollector` for the first time:
+
+* xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-kafka-config_network_observability[Configuring the Flow Collector resource with Kafka]
+* xref:../network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data to Kafka or IPFIX]
+* xref:../network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[Configuring monitoring for SR-IOV interface traffic]
+* xref:../network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversation tracking]
+* xref:../network_observability/observing-network-traffic.adoc#network-observability-dns-tracking_nw-observe-network-traffic[Working with DNS tracking]
+* xref:../network_observability/observing-network-traffic.adoc#network-observability-packet-drops_nw-observe-network-traffic[Working with packet drops]
+
+[role="_additional-resources"]
+.Additional resources
+For more general information about Flow Collector specifications and the Network Observability Operator architecture and resource use, see the following resources:
+
+* xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference]
+* xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource]
+* xref:../network_observability/configuring-operator.adoc#network-observability-resources-table_network_observability[Resource considerations]
+* xref:../network_observability/troubleshooting-network-observability.adoc#controller-manager-pod-runs-out-of-memory_network-observability-troubleshooting[Troubleshooting Network Observability controller manager pod runs out of memory]
+* xref:../network_observability/understanding-network-observability-operator.adoc#network-observability-architecture_nw-network-observability-operator[Network Observability architecture]
+
+
+include::modules/network-observability-kafka-option.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-kafka-config_network_observability[Configuring the FlowCollector resource with Kafka].
+
+include::modules/network-observability-operator-uninstall.adoc[leveloffset=+1]
diff --git a/networking/network_observability/json-flows-format-reference.adoc b/network_observability/json-flows-format-reference.adoc
similarity index 90%
rename from networking/network_observability/json-flows-format-reference.adoc
rename to network_observability/json-flows-format-reference.adoc
index d29ffd6bc8ff..681712b25b87 100644
--- a/networking/network_observability/json-flows-format-reference.adoc
+++ b/network_observability/json-flows-format-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="json-flows-format-reference"]
 = Network flows format reference
 include::_attributes/common-attributes.adoc[]
diff --git a/network_observability/modules b/network_observability/modules
new file mode 120000
index 000000000000..464b823aca16
--- /dev/null
+++ b/network_observability/modules
@@ -0,0 +1 @@
+../modules
\ No newline at end of file
diff --git a/network_observability/network-observability-network-policy.adoc b/network_observability/network-observability-network-policy.adoc
new file mode 100644
index 000000000000..5d875bf09e41
--- /dev/null
+++ b/network_observability/network-observability-network-policy.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="network-observability-network-policy"]
+= Network Policy
+include::_attributes/common-attributes.adoc[]
+:context: network_observability
+
+toc::[]
+
+As a user with the `admin` role, you can create a network policy for the `netobserv` namespace.
+
+include::modules/network-observability-create-network-policy.adoc[leveloffset=+1]
+include::modules/network-observability-sample-network-policy-YAML.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+xref:../networking/network_policy/creating-network-policy.adoc#nw-networkpolicy-object_creating-network-policy[Creating a network policy using the CLI]
\ No newline at end of file
diff --git a/network_observability/network-observability-operator-monitoring.adoc b/network_observability/network-observability-operator-monitoring.adoc
new file mode 100644
index 000000000000..226174cea76e
--- /dev/null
+++ b/network_observability/network-observability-operator-monitoring.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="network-observability-operator-monitoring"]
+= Monitoring the Network Observability Operator
+include::_attributes/common-attributes.adoc[]
+:context: network_observability
+
+toc::[]
+
+You can use the web console to monitor alerts related to the health of the Network Observability Operator.
+
+
+include::modules/network-observability-viewing-alerts.adoc[leveloffset=+1]
+include::modules/network-observability-disabling-health-alerts.adoc[leveloffset=+2]
+include::modules/network-observability-rate-limit-alert.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* For more information about creating alerts that you can see on the dashboard, see xref:../monitoring/managing-alerts.adoc#creating-alerting-rules-for-user-defined-projects_managing-alerts[Creating alerting rules for user-defined projects].
\ No newline at end of file
diff --git a/network_observability/network-observability-operator-release-notes.adoc b/network_observability/network-observability-operator-release-notes.adoc
new file mode 100644
index 000000000000..5bfa8e3d3408
--- /dev/null
+++ b/network_observability/network-observability-operator-release-notes.adoc
@@ -0,0 +1,257 @@
+//Network Observability Operator Release Notes
+:_mod-docs-content-type: ASSEMBLY
+[id="network-observability-operator-release-notes"]
+= Network Observability Operator release notes
+:context: network-observability-operator-release-notes-v0
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The Network Observability Operator enables administrators to observe and analyze network traffic flows for {product-title} clusters.
+
+These release notes track the development of the Network Observability Operator in the {product-title}.
+
+For an overview of the Network Observability Operator, see xref:../network_observability/network-observability-overview.adoc#dependency-network-observability[About Network Observability Operator].
+[id="network-observability-operator-release-notes-1-4-2"]
+== Network Observability Operator 1.4.2
+The following advisory is available for the Network Observability Operator 1.4.2:
+
+* link:https://access.redhat.com/errata/RHSA-2023:6787[2023:6787 Network Observability Operator 1.4.2]
+
+=== CVEs
+* link:https://access.redhat.com/security/cve/CVE-2023-39325[2023-39325]
+* link:https://access.redhat.com/security/cve/CVE-2023-44487[2023-44487]
+
+[id="network-observability-operator-release-notes-1-4-1"]
+== Network Observability Operator 1.4.1
+The following advisory is available for the Network Observability Operator 1.4.1:
+
+* link:https://access.redhat.com/errata/RHSA-2023:5974[2023:5974 Network Observability Operator 1.4.1]
+
+=== CVEs
+* link:https://access.redhat.com/security/cve/cve-2023-44487[2023-44487]
+* link:https://access.redhat.com/security/cve/cve-2023-39325[2023-39325]
+* link:https://access.redhat.com/security/cve/cve-2023-29406[2023-29406]
+* link:https://access.redhat.com/security/cve/CVE-2023-29409[2023-29409]
+* link:https://access.redhat.com/security/cve/cve-2023-39322[2023-39322]
+* link:https://access.redhat.com/security/cve/cve-2023-39318[2023-39318]
+* link:https://access.redhat.com/security/cve/cve-2023-39319[2023-39319]
+* link:https://access.redhat.com/security/cve/cve-2023-39321[2023-39321]
+
+=== Bug fixes
+
+* In 1.4, there was a known issue when sending network flow data to Kafka. The Kafka message key was ignored, causing an error with connection tracking. Now the key is used for partitioning, so each flow from the same connection is sent to the same processor. (link:https://issues.redhat.com/browse/NETOBSERV-926[*NETOBSERV-926*])
+
+* In 1.4, the `Inner` flow direction was introduced to account for flows between pods running on the same node. Flows with the `Inner` direction were not taken into account in the generated Prometheus metrics derived from flows, resulting in under-evaluated bytes and packets rates.
+Now, derived metrics are including flows with the `Inner` direction, providing correct bytes and packets rates. (link:https://issues.redhat.com/browse/NETOBSERV-1344[*NETOBSERV-1344*])
+
+[id="network-observability-operator-release-notes-1-4"]
+== Network Observability Operator 1.4.0
+The following advisory is available for the Network Observability Operator 1.4.0:
+
+* link:https://access.redhat.com/errata/RHSA-2023:5379[RHSA-2023:5379 Network Observability Operator 1.4.0]
+
+[id="network-observability-channel-removal-1.4"]
+=== Channel removal
+You must switch your channel from `v1.0.x` to `stable` to receive the latest Operator updates. The `v1.0.x` channel is now removed.
+
+[id="network-observability-operator-1.4.0-features-enhancements"]
+=== New features and enhancements
+
+[id="network-observability-enhanced-configuration-and-ui-1.4"]
+==== Notable enhancements
+The 1.4 release of the Network Observability Operator adds improvements and new capabilities to the {product-title} web console plugin and the Operator configuration.
+
+[discrete]
+[id="web-console-enhancements-1.4_{context}"]
+===== Web console enhancements:
+
+* In the *Query Options*, the *Duplicate flows* checkbox is added to choose whether or not to show duplicated flows.
+* You can now filter source and destination traffic with image:arrow-up-long-solid.png[,10] *One-way*, image:arrow-up-long-solid.png[,10] image:arrow-down-long-solid.png[,10] *Back-and-forth*, and *Swap* filters.
+* The Network Observability metrics dashboards in *Observe* -> *Dashboards* -> *NetObserv* and *NetObserv / Health* are modified as follows:
+** The *NetObserv* dashboard shows top bytes, packets sent, packets received per nodes, namespaces, and workloads. Flow graphs are removed from this dashboard.
+** The *NetObserv / Health* dashboard shows flows overhead as well as top flow rates per nodes, namespaces, and workloads.
+** Infrastructure and Application metrics are shown in a split-view for namespaces and workloads.
+
+For more information, see xref:../network_observability/network-observability-overview.adoc#network-observability-dashboards[Network Observability metrics] and xref:../network_observability/observing-network-traffic.adoc#network-observability-quickfilternw-observe-network-traffic[Quick filters].
+
+[discrete]
+[id="configuration-enhancements-1.4_{context}"]
+===== Configuration enhancements:
+
+* You now have the option to specify different namespaces for any configured ConfigMap or Secret reference, such as in certificates configuration.
+* The `spec.processor.clusterName` parameter is added so that the name of the cluster appears in the flows data. This is useful in a multi-cluster context. When using {product-title}, leave empty to make it automatically determined.
+
+For more information, see xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource] and xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference].
+
+[id="network-observability-without-loki-1.4"]
+==== Network Observability without Loki
+The Network Observability Operator is now functional and usable without Loki. If Loki is not installed, it can only export flows to KAFKA or IPFIX format and provide metrics in the Network Observability metrics dashboards. For more information, see xref:../network_observability/installing-operators.adoc#network-observability-without-loki_network_observability[Network Observability without Loki].
+
+[id="network-observability-dns-tracking-1.4"]
+==== DNS tracking
+In 1.4, the Network Observability Operator makes use of eBPF tracepoint hooks to enable DNS tracking. You can monitor your network, conduct security analysis, and troubleshoot DNS issues in the *Network Traffic* and *Overview* pages in the web console.
+
+For more information, see xref:../network_observability/observing-network-traffic.adoc#network-observability-dns-overview_nw-observe-network-traffic[Configuring DNS tracking] and xref:../network_observability/observing-network-traffic.adoc#network-observability-dns-tracking_nw-observe-network-traffic[Working with DNS tracking].
+
+//Packet drops needs separate RN PR that doesn't cherrypick to 4.10+ since its only supported in 4.13+. This PR will go to 4.10+
+[id="SR-IOV-configuration-1.4"]
+==== SR-IOV support
+You can now collect traffic from a cluster with Single Root I/O Virtualization (SR-IOV) device. For more information, see xref:../network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[Configuring the monitoring of SR-IOV interface traffic].
+
+[id="IPFIX-support-1.4"]
+==== IPFIX exporter support
+You can now export eBPF-enriched network flows to the IPFIX collector. For more information, see xref:../network_observability/configuring-operator.adoc#network-observability-enriched-flows_network_observability[Export enriched network flow data].
+
+[id="network-observability-packet-drop-1.4"]
+==== Packet drops
+In the 1.4 release of the Network Observability Operator, eBPF tracepoint hooks are used to enable packet drop tracking. You can now detect and analyze the cause for packet drops and make decisions to optimize network performance. In {product-title} 4.14 and later, both host drops and OVS drops are detected. In {product-title} 4.13, only host drops are detected. For more information, see xref:../network_observability/observing-network-traffic#network-observability-pktdrop-overview_nw-observe-network-traffic[Configuring packet drop tracking] and xref:../network_observability/observing-network-traffic#network-observability-packet-drops_nw-observe-network-traffic[Working with packet drops].
+
+==== s390x architecture support
+Network Observability Operator can now run on `s390x` architecture. Previously it ran on `amd64`, `ppc64le`, or `arm64`.
+
+[id="network-observability-operator-1.4.0-bug-fixes"]
+=== Bug fixes
+* Previously, the Prometheus metrics exported by Network Observability were computed out of potentially duplicated network flows. In the related dashboards, from *Observe* -> *Dashboards*, this could result in potentially doubled rates. Note that dashboards from the *Network Traffic* view were not affected. Now, network flows are filtered to eliminate duplicates prior to metrics calculation, which results in correct traffic rates displayed in the dashboards. (link:https://issues.redhat.com/browse/NETOBSERV-1131[*NETOBSERV-1131*])
+
+* Previously, the Network Observability Operator agents were not able to capture traffic on network interfaces when configured with Multus or SR-IOV, non-default network namespaces. Now, all available network namespaces are recognized and used for capturing flows, allowing capturing traffic for SR-IOV. There are xref:../network_observability/configuring-operator.adoc#network-observability-SR-IOV-config_network_observability[configurations needed] for the `FlowCollector` and `SRIOVnetwork` custom resource to collect traffic.
+(link:https://issues.redhat.com/browse/NETOBSERV-1283[*NETOBSERV-1283*])
+
+* Previously, in the Network Observability Operator details from *Operators* -> *Installed Operators*, the `FlowCollector` *Status* field might have reported incorrect information about the state of the deployment. The status field now shows the proper conditions with improved messages. The history of events is kept, ordered by event date. (link:https://issues.redhat.com/browse/NETOBSERV-1224[*NETOBSERV-1224*])
+
+* Previously, during spikes of network traffic load, certain eBPF pods were OOM-killed and went into a `CrashLoopBackOff` state. Now, the `eBPF` agent memory footprint is improved, so pods are not OOM-killed and entering a `CrashLoopBackOff` state. (link:https://issues.redhat.com/browse/NETOBSERV-975[*NETOBSERV-975*])
+
+* Previously when `processor.metrics.tls` was set to `PROVIDED` the `insecureSkipVerify` option value was forced to be `true`. Now you can set `insecureSkipVerify` to `true` or `false`, and provide a CA certificate if needed.  (link:https://issues.redhat.com/browse/NETOBSERV-1087[NETOBSERV-1087])
+
+[id="network-observability-operator-1.4.0-known-issues"]
+=== Known issues
+* Since the 1.2.0 release of the Network Observability Operator, using {loki-op} 5.6, a Loki certificate change periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate change. This issue has only been observed in large-scale environments of 120 nodes or greater. (link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*])
+
+* Currently, when `spec.agent.ebpf.features` includes DNSTracking, larger DNS packets require the `eBPF` agent to look for DNS header outside of the 1st socket buffer (SKB) segment. A new `eBPF` agent helper function needs to be implemented to support it. Currently, there is no workaround for this issue. (link:https://issues.redhat.com/browse/NETOBSERV-1304[*NETOBSERV-1304*])
+
+* Currently, when `spec.agent.ebpf.features` includes DNSTracking, DNS over TCP packets requires the `eBPF` agent to look for DNS header outside of the 1st SKB segment. A new `eBPF` agent helper function needs to be implemented to support it. Currently, there is no workaround for this issue. (link:https://issues.redhat.com/browse/NETOBSERV-1245[*NETOBSERV-1245*])
+
+* Currently, when using a `KAFKA` deployment model, if conversation tracking is configured, conversation events might be duplicated across Kafka consumers, resulting in inconsistent tracking of conversations, and incorrect volumetric data. For that reason, it is not recommended to configure conversation tracking when `deploymentModel` is set to `KAFKA`. (link:https://issues.redhat.com/browse/NETOBSERV-926[*NETOBSERV-926*])
+
+* Currently, when the `processor.metrics.server.tls.type` is configured to use a `PROVIDED` certificate, the operator enters an unsteady state that might affect its performance and resource consumption. It is recommended to not use a `PROVIDED` certificate until this issue is resolved, and instead using an auto-generated certificate, setting `processor.metrics.server.tls.type` to `AUTO`. (link:https://issues.redhat.com/browse/NETOBSERV-1293)[*NETOBSERV-1293*]
+
+[id="network-observability-operator-release-notes-1-3"]
+== Network Observability Operator 1.3.0
+The following advisory is available for the Network Observability Operator 1.3.0:
+
+* link:https://access.redhat.com/errata/RHSA-2023:3905[RHSA-2023:3905 Network Observability Operator 1.3.0]
+
+[id="network-observability-channel-deprecation"]
+=== Channel deprecation
+You must switch your channel from `v1.0.x` to `stable` to receive future Operator updates. The `v1.0.x` channel is deprecated and planned for removal in the next release.
+
+[id="network-observability-operator-1.3.0-features-enhancements"]
+=== New features and enhancements
+
+[id="multi-tenancy-1.3"]
+==== Multi-tenancy in Network Observability
+* System administrators can allow and restrict individual user access, or group access, to the flows stored in Loki. For more information, see xref:../network_observability/installing-operators.adoc#network-observability-multi-tenancynetwork_observability[Multi-tenancy in Network Observability].
+
+[id="flow-based-dashboard-1.3"]
+==== Flow-based metrics dashboard
+* This release adds a new dashboard, which provides an overview of the network flows in your {product-title} cluster. For more information, see xref:../network_observability/network-observability-overview.adoc#network-observability-dashboards[Network Observability metrics].
+
+[id="must-gather-1.3"]
+==== Troubleshooting with the must-gather tool
+* Information about the Network Observability Operator can now be included in the must-gather data for troubleshooting. For more information, see xref:../network_observability/troubleshooting-network-observability.adoc#network-observability-must-gather_network-observability-troubleshooting[Network Observability must-gather].
+
+[id="multi-arch-1.3"]
+==== Multiple architectures now supported
+* Network Observability Operator can now run on an `amd64`, `ppc64le`, or `arm64` architectures. Previously, it only ran on `amd64`.
+
+[id="deprecated-features-1.3"]
+=== Deprecated features
+
+[id="authToken-host"]
+==== Deprecated configuration parameter setting
+The release of Network Observability Operator 1.3 deprecates the `spec.Loki.authToken` `HOST` setting. When using the {loki-op}, you must now only use the `FORWARD` setting.
+
+[id="network-observability-operator-1.3.0-bug-fixes"]
+=== Bug fixes
+* Previously, when the Operator was installed from the CLI, the `Role` and `RoleBinding` that are necessary for the Cluster Monitoring Operator to read the metrics were not installed as expected. The issue did not occur when the operator was installed from the web console. Now, either way of installing the Operator installs the required `Role` and `RoleBinding`. (link:https://issues.redhat.com/browse/NETOBSERV-1003[*NETOBSERV-1003*])
+
+* Since version 1.2, the Network Observability Operator can raise alerts when a problem occurs with the flows collection. Previously, due to a bug, the related configuration to disable alerts, `spec.processor.metrics.disableAlerts` was not working as expected and sometimes ineffectual. Now, this configuration is fixed so that it is possible to disable the alerts. (link:https://issues.redhat.com/browse/NETOBSERV-976[*NETOBSERV-976*])
+
+* Previously, when Network Observability was configured with `spec.loki.authToken` set to `DISABLED`, only a `kubeadmin` cluster administrator was able to view network flows. Other types of cluster administrators received authorization failure. Now, any cluster administrator is able to view network flows. (link:https://issues.redhat.com/browse/NETOBSERV-972[*NETOBSERV-972*])
+
+* Previously, a bug prevented users from setting `spec.consolePlugin.portNaming.enable` to `false`. Now, this setting can be set to `false` to disable port-to-service name translation. (link:https://issues.redhat.com/browse/NETOBSERV-971[*NETOBSERV-971*])
+
+* Previously, the metrics exposed by the console plugin were not collected by the Cluster Monitoring Operator (Prometheus), due to an incorrect configuration. Now the configuration has been fixed so that the console plugin metrics are correctly collected and accessible from the {product-title} web console. (link:https://issues.redhat.com/browse/NETOBSERV-765[*NETOBSERV-765*])
+
+* Previously, when `processor.metrics.tls` was set to `AUTO` in the `FlowCollector`, the `flowlogs-pipeline servicemonitor` did not adapt the appropriate TLS scheme, and metrics were not visible in the web console. Now the issue is fixed for AUTO mode. (link:https://issues.redhat.com/browse/NETOBSERV-1070[*NETOBSERV-1070*])
+
+* Previously, certificate configuration, such as used for Kafka and Loki, did not allow specifying a namespace field, implying that the certificates had to be in the same namespace where Network Observability is deployed. Moreover, when using Kafka with TLS/mTLS, the user had to manually copy the certificate(s) to the privileged namespace where the `eBPF` agent pods are deployed and manually manage certificate updates, such as in the case of certificate rotation. Now, Network Observability setup is simplified by adding a namespace field for certificates in the `FlowCollector` resource. As a result, users can now install Loki or Kafka in different namespaces without needing to manually copy their certificates in the Network Observability namespace. The original certificates are watched so that the copies are automatically updated when needed. (link:https://issues.redhat.com/browse/NETOBSERV-773[*NETOBSERV-773*])
+
+* Previously, the SCTP, ICMPv4 and ICMPv6 protocols were not covered by the Network Observability agents, resulting in a less comprehensive network flows coverage. These protocols are now recognized to improve the flows coverage. (link:https://issues.redhat.com/browse/NETOBSERV-934[*NETOBSERV-934*])
+
+[id="network-observability-operator-1.3.0-known-issues"]
+=== Known issues
+* When `processor.metrics.tls` is set to `PROVIDED` in the `FlowCollector`, the `flowlogs-pipeline` `servicemonitor` is not adapted to the TLS scheme. (link:https://issues.redhat.com/browse/NETOBSERV-1087[*NETOBSERV-1087*])
+
+* Since the 1.2.0 release of the Network Observability Operator, using {loki-op} 5.6, a Loki certificate change periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate change. This issue has only been observed in large-scale environments of 120 nodes or greater.(link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*])
+
+[id="network-observability-operator-release-notes-1-2"]
+== Network Observability Operator 1.2.0
+The following advisory is available for the Network Observability Operator 1.2.0:
+
+* https://access.redhat.com/errata/RHSA-2023:1817[RHSA-2023:1817 Network Observability Operator 1.2.0]
+
+[id="network-observability-operator-preparing-to-update"]
+=== Preparing for the next update
+The subscription of an installed Operator specifies an update channel that tracks and receives updates for the Operator. Until the 1.2 release of the Network Observability Operator, the only channel available was `v1.0.x`. The 1.2 release of the Network Observability Operator introduces the `stable` update channel for tracking and receiving updates. You must switch your channel from `v1.0.x` to `stable` to receive future Operator updates. The `v1.0.x` channel is deprecated and planned for removal in a following release.
+
+[id="network-observability-operator-1.2.0-features-enhancements"]
+=== New features and enhancements
+
+[id="histogram-feature-1.2"]
+==== Histogram in Traffic Flows view
+* You can now choose to show a histogram bar chart of flows over time. The histogram enables you to visualize the history of flows without hitting the Loki query limit. For more information, see xref:../network_observability/observing-network-traffic.adoc#network-observability-histogram-trafficflow_nw-observe-network-traffic[Using the histogram].
+
+[id="conversation-tracking-feature-1.2"]
+==== Conversation tracking
+* You can now query flows by *Log Type*, which enables grouping network flows that are part of the same conversation. For more information, see xref:../network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversations].
+
+[id="health-alerts-feature-1.2"]
+==== Network Observability health alerts
+* The Network Observability Operator now creates automatic alerts if the `flowlogs-pipeline` is dropping flows because of errors at the write stage or if the Loki ingestion rate limit has been reached. For more information, see xref:../network_observability/network-observability-operator-monitoring.adoc#network-observability-alert-dashboard_network_observability[Viewing health information].
+
+[id="network-observability-operator-1.2.0-bug-fixes"]
+=== Bug fixes
+
+* Previously, after changing the `namespace` value in the FlowCollector spec, `eBPF` agent pods running in the previous namespace were not appropriately deleted. Now, the pods running in the previous namespace are appropriately deleted. (link:https://issues.redhat.com/browse/NETOBSERV-774[*NETOBSERV-774*])
+
+* Previously, after changing the `caCert.name` value in the FlowCollector spec (such as in Loki section), FlowLogs-Pipeline pods and Console plug-in pods were not restarted, therefore they were unaware of the configuration change. Now, the pods are restarted, so they get the configuration change. (link:https://issues.redhat.com/browse/NETOBSERV-772[*NETOBSERV-772*])
+
+* Previously, network flows between pods running on different nodes were sometimes not correctly identified as being duplicates because they are captured by different network interfaces. This resulted in over-estimated metrics displayed in the console plug-in. Now, flows are correctly identified as duplicates, and the console plug-in displays accurate metrics. (link:https://issues.redhat.com/browse/NETOBSERV-755[*NETOBSERV-755*])
+
+* The "reporter" option in the console plug-in is used to filter flows based on the observation point of either source node or destination node. Previously, this option mixed the flows regardless of the node observation point. This was due to network flows being incorrectly reported as Ingress or Egress at the node level.  Now, the network flow direction reporting is correct. The "reporter" option filters for source observation point, or destination observation point, as expected. (link:https://issues.redhat.com/browse/NETOBSERV-696[*NETOBSERV-696*])
+
+* Previously, for agents configured to send flows directly to the processor as gRPC+protobuf requests, the submitted payload could be too large and is rejected by the processors' GRPC server. This occurred under  very-high-load scenarios and with only some configurations of the agent. The agent logged an error message, such as: _grpc: received message larger than max_. As a consequence, there was information loss about those flows. Now, the gRPC payload is split into several messages when the size exceeds a threshold. As a result, the server maintains connectivity. (link:https://issues.redhat.com/browse/NETOBSERV-617[*NETOBSERV-617*])
+
+[id="network-observability-operator-1.2.0-known-issues"]
+=== Known issue
+* In the 1.2.0 release of the Network Observability Operator, using {loki-op} 5.6, a Loki certificate transition periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate transition. (link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*])
+
+[id="network-observability-operator-1.2.0-notable-technical-changes"]
+=== Notable technical changes
+* Previously, you could install the Network Observability Operator using a custom namespace. This release introduces the `conversion webhook` which changes the `ClusterServiceVersion`. Because of this change, all the available namespaces are no longer listed. Additionally, to enable Operator metrics collection, namespaces that are shared with other Operators, like the `openshift-operators` namespace, cannot be used. Now, the Operator must be installed in the `openshift-netobserv-operator` namespace. You cannot automatically upgrade to the new Operator version if you previously installed the Network Observability Operator using a custom namespace. If you previously installed the Operator using a custom namespace, you must delete the instance of the Operator that was installed and re-install your operator in the `openshift-netobserv-operator` namespace. It is important to note that custom namespaces, such as the commonly used `netobserv` namespace, are still possible for the `FlowCollector`, Loki, Kafka, and other plug-ins. (link:https://issues.redhat.com/browse/NETOBSERV-907[*NETOBSERV-907*])(link:https://https://issues.redhat.com/browse/NETOBSERV-956[*NETOBSERV-956*])
+
+[id="network-observability-operator-release-notes-1-1"]
+== Network Observability Operator 1.1.0
+
+The following advisory is available for the Network Observability Operator 1.1.0:
+
+* link:https://access.redhat.com/errata/RHSA-2023:0786[RHSA-2023:0786 Network Observability Operator Security Advisory Update]
+
+The Network Observability Operator is now stable and the release channel is upgraded to `v1.1.0`.
+
+[id="network-observability-operator-1.1.0-bug-fixes"]
+=== Bug fix
+
+* Previously, unless the Loki `authToken` configuration was set to `FORWARD` mode, authentication was no longer enforced, allowing any user who could connect to the {product-title} console in an {product-title} cluster to retrieve flows without authentication.
+Now, regardless of the Loki `authToken` mode, only cluster administrators can retrieve flows. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2169468[*BZ#2169468*])
diff --git a/network_observability/network-observability-overview.adoc b/network_observability/network-observability-overview.adoc
new file mode 100644
index 000000000000..9b847d5fdb97
--- /dev/null
+++ b/network_observability/network-observability-overview.adoc
@@ -0,0 +1,63 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="network-observability-overview"]
+= About Network Observability
+include::_attributes/common-attributes.adoc[]
+:context: network-observability-overview
+
+toc::[]
+
+Red Hat offers cluster administrators the Network Observability Operator to observe the network traffic for {product-title} clusters. The Network Observability Operator uses the eBPF technology to create network flows. The network flows are then enriched with {product-title} information and stored in Loki. You can view and analyze the stored network flows information in the {product-title} console for further insight and troubleshooting.
+
+[id="dependency-network-observability"]
+== Optional dependencies of the Network Observability Operator
+
+* {loki-op}: Loki is the backend that is used to store all collected flows. It is recommended to install Loki to use with the Network Observability Operator. You can choose to use xref:../network_observability/installing-operators.adoc#network-observability-without-loki_network_observability[Network Observability without Loki], but there are some considerations for doing this, as described in the linked section. If you choose to install Loki, it is recommended to use the {loki-op}, as it is supported by Red Hat.
+* Grafana Operator: You can install Grafana for creating custom dashboards and querying capabilities, by using an open source product, such as the Grafana Operator. Red Hat does not support the Grafana Operator.
+* AMQ Streams Operator: Kafka provides scalability, resiliency and high availability in the {product-title} cluster for large scale deployments. If you choose to use Kafka, it is recommended to use the AMQ Streams Operator, because it is supported by Red Hat.
+
+[id="network-observability-operator"]
+== Network Observability Operator
+
+The Network Observability Operator provides the Flow Collector API custom resource definition. A Flow Collector instance is created during installation and enables configuration of network flow collection. The Flow Collector instance deploys pods and services that form a monitoring pipeline where network flows are then collected and enriched with the Kubernetes metadata before storing in Loki. The eBPF agent, which is deployed as a `daemonset` object, creates the network flows.
+
+[id="no-console-integration"]
+== {product-title} console integration
+
+{product-title} console integration offers overview, topology view and traffic flow tables.
+
+[id="network-observability-dashboards"]
+=== Network Observability metrics dashboards
+
+On the *Overview* tab in the {product-title} console, you can view the overall aggregated metrics of the network traffic flow on the cluster. You can choose to display the information by node, namespace, owner, pod, and service. Filters and display options can further refine the metrics.
+
+In *Observe* -> *Dashboards*, the *Netobserv* dashboard provides a quick overview of the network flows in your {product-title} cluster. You can view distillations of the network traffic metrics in the following categories:
+
+ * *Top byte rates received per source and destination nodes*
+ * *Top byte rates received per source and destination namespaces*
+ * *Top byte rates received per source and destination workloads*
+
+*Infrastructure* and *Application* metrics are shown in a split-view for namespace and workloads.
+You can configure the `FlowCollector` `spec.processor.metrics` to add or remove metrics by changing the `ignoreTags` list. For more information about available tags, see the xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference]
+
+Also in *Observe* -> *Dashboards*, the *Netobserv/Health* dashboard provides metrics about the health of the Operator in the following categories.
+
+* *Flows*
+* *Flows Overhead*
+* *Top flow rates per source and destination nodes*
+* *Top flow rates per source and destination namespaces*
+* *Top flow rates per source and destination workloads*
+* *Agents*
+* *Processor*
+* *Operator*
+
+*Infrastructure* and *Application* metrics are shown in a split-view for namespace and workloads.
+
+[id="network-observability-topology-views"]
+=== Network Observability topology views
+
+The {product-title} console offers the *Topology* tab which displays a graphical representation of the network flows and the amount of traffic. The topology view represents traffic between the {product-title} components as a network graph. You can refine the graph by using the filters and display options. You can access the information for node, namespace, owner, pod, and service.
+
+[id="traffic-flow-tables"]
+=== Traffic flow tables
+
+The traffic flow table view provides a view for raw flows, non aggregated filtering options, and configurable columns. The {product-title} console offers the *Traffic flows* tab which displays the data of the network flows and the amount of traffic.
diff --git a/network_observability/observing-network-traffic.adoc b/network_observability/observing-network-traffic.adoc
new file mode 100644
index 000000000000..6272dc1a9102
--- /dev/null
+++ b/network_observability/observing-network-traffic.adoc
@@ -0,0 +1,48 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nw-observe-network-traffic"]
+= Observing the network traffic
+include::_attributes/common-attributes.adoc[]
+:context: nw-observe-network-traffic
+
+toc::[]
+
+As an administrator, you can observe the network traffic in the {product-title} console for detailed troubleshooting and analysis. This feature helps you get insights from different graphical representations of traffic flow. There are several available views to observe the network traffic.
+
+//Overview
+include::modules/network-observability-overview.adoc[leveloffset=+1]
+include::modules/network-observability-working-with-overview.adoc[leveloffset=+2]
+include::modules/network-observability-configuring-options-overview.adoc[leveloffset=+2]
+include::modules/network-observability-pktdrop-overview.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+* For more information about configuring packet drops in the `FlowCollector`, see xref:../network_observability/observing-network-traffic.adoc#network-observability-packet-drops_nw-observe-network-traffic[Working with packet drops].
+
+include::modules/network-observability-dns-overview.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+* For more information about configuring DNS in the `FlowCollector`, see xref:../network_observability/observing-network-traffic.adoc#network-observability-dns-tracking_nw-observe-network-traffic[Working with DNS tracking].
+
+//Traffic flows
+include::modules/network-observability-trafficflow.adoc[leveloffset=+1]
+include::modules/network-observability-working-with-trafficflow.adoc[leveloffset=+2]
+include::modules/network-observability-configuring-options-trafficflow.adoc[leveloffset=+2]
+include::modules/network-observability-working-with-conversations.adoc[leveloffset=+2]
+include::modules/network-observability-packet-drops.adoc[leveloffset=+2]
+include::modules/network-observability-dns-tracking.adoc[leveloffset=+2]
+include::modules/network-observability-histogram-trafficflow.adoc[leveloffset=+2]
+
+//Topology
+include::modules/network-observability-topology.adoc[leveloffset=+1]
+include::modules/network-observability-working-with-topology.adoc[leveloffset=+2]
+include::modules/network-observability-configuring-options-topology.adoc[leveloffset=+2]
+
+//Quick filters
+include::modules/network-observability-quickfilter.adoc[leveloffset=+1]
+
+Alternatively, you can access the traffic flow data in the *Network Traffic* tab of the *Namespaces*, *Services*, *Routes*, *Nodes*, and *Workloads* pages which provide the filtered data of the corresponding aggregations.
+
+[role="_additional-resources"]
+.Additional resources
+For more information about configuring quick filters in the `FlowCollector`, see xref:../network_observability/configuring-operator.adoc#network-observability-config-quick-filters_network_observability[Configuring Quick Filters] and the xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
diff --git a/network_observability/snippets b/network_observability/snippets
new file mode 120000
index 000000000000..9f5bc7e4dde0
--- /dev/null
+++ b/network_observability/snippets
@@ -0,0 +1 @@
+../snippets
\ No newline at end of file
diff --git a/network_observability/troubleshooting-network-observability.adoc b/network_observability/troubleshooting-network-observability.adoc
new file mode 100644
index 000000000000..bb0b08eef47a
--- /dev/null
+++ b/network_observability/troubleshooting-network-observability.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-troubleshooting"]
+= Troubleshooting Network Observability
+include::_attributes/common-attributes.adoc[]
+:context: network-observability-troubleshooting
+
+toc::[]
+
+To assist in troubleshooting Network Observability issues, you can perform some troubleshooting actions.
+
+include::modules/troubleshooting-network-observability-must-gather.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-after-installation.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-network-flow.adoc[leveloffset=+1]
+
+include::modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../network_observability/configuring-operator.adoc#network-observability-resources-table_network_observability[Resource considerations]
+
+include::modules/troubleshooting-network-observability-loki-resource-exhausted.adoc[leveloffset=+1]
+
+== Resource troubleshooting
+
+include::modules/troubleshooting-network-observability-loki-tenant-rate-limit.adoc[leveloffset=+1]
diff --git a/networking/network_observability/understanding-network-observability-operator.adoc b/network_observability/understanding-network-observability-operator.adoc
similarity index 83%
rename from networking/network_observability/understanding-network-observability-operator.adoc
rename to network_observability/understanding-network-observability-operator.adoc
index 73d5274a9452..a6176bad844f 100644
--- a/networking/network_observability/understanding-network-observability-operator.adoc
+++ b/network_observability/understanding-network-observability-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-network-observability-operator"]
 = Network Observability Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
@@ -9,5 +9,5 @@ toc::[]
 Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network traffic flows that are produced by the Network Observability eBPF agent.
 
 include::modules/nw-network-observability-operator.adoc[leveloffset=+1]
-
+include::modules/network-observability-architecture.adoc[leveloffset=+1]
 include::modules/nw-view-status-configuration-network-observability-operator.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/networking/about-networking.adoc b/networking/about-networking.adoc
index 0365d11c5fd0..ba680dc2b14b 100644
--- a/networking/about-networking.adoc
+++ b/networking/about-networking.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-networking"]
 = About networking
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/accessing-hosts.adoc b/networking/accessing-hosts.adoc
index df765d85653a..37da06f39a8a 100644
--- a/networking/accessing-hosts.adoc
+++ b/networking/accessing-hosts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="accessing-hosts"]
 = Accessing hosts
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/associating-secondary-interfaces-metrics-to-network-attachments.adoc b/networking/associating-secondary-interfaces-metrics-to-network-attachments.adoc
index 46c1fca51948..c57a8b3bf2b7 100644
--- a/networking/associating-secondary-interfaces-metrics-to-network-attachments.adoc
+++ b/networking/associating-secondary-interfaces-metrics-to-network-attachments.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="associating-secondary-interfaces-metrics-to-network-attachments"]
 = Associating secondary interfaces metrics to network attachments
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/aws-load-balancer-operator.adoc b/networking/aws-load-balancer-operator.adoc
new file mode 100644
index 000000000000..05cc9e1c1c40
--- /dev/null
+++ b/networking/aws-load-balancer-operator.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="aws-load-balancer"]
+= AWS Load Balancer Operator
+include::_attributes/common-attributes.adoc[]
+:context: aws-load-balancer-operator
+
+toc::[]
+
+
+The AWS Load Balancer Operator (ALBO) is an Operator supported by Red{nbsp}Hat that users can optionally install on SRE-managed
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+{product-title} (ROSA)
+endif::openshift-rosa[]
+clusters. The ALBO manages the lifecycle of the AWS-managed AWS Load Balancer Controller (ALBC) that provisions AWS Elastic Load Balancing v2 (ELBv2) services for applications running in
+ifndef::openshift-rosa[]
+{product-title}
+endif::openshift-rosa[]
+ifdef::openshift-rosa[]
+ROSA
+endif::openshift-rosa[]
+clusters.
+
+include::modules/aws-installing-an-aws-load-balancer-operator.adoc[leveloffset=+1]
+include::modules/aws-uninstalling-an-aws-load-balancer-operator.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/networking/aws_load_balancer_operator/add-tls-termination.adoc b/networking/aws_load_balancer_operator/add-tls-termination.adoc
index 7a19abbb8f56..00b43314d90e 100644
--- a/networking/aws_load_balancer_operator/add-tls-termination.adoc
+++ b/networking/aws_load_balancer_operator/add-tls-termination.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-adding-tls-termination"]
 = Adding TLS termination
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/aws_load_balancer_operator/aws-load-balancer-operator-release-notes.adoc b/networking/aws_load_balancer_operator/aws-load-balancer-operator-release-notes.adoc
index 062863969d3f..5c3d6b579b0f 100644
--- a/networking/aws_load_balancer_operator/aws-load-balancer-operator-release-notes.adoc
+++ b/networking/aws_load_balancer_operator/aws-load-balancer-operator-release-notes.adoc
@@ -1,5 +1,5 @@
 // AWS Load Balancer Operator Release Notes
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="aws-load-balancer-operator-release-notes"]
 = AWS Load Balancer Operator release notes
 :context: aws-load-balancer-operator-release-notes
@@ -13,10 +13,56 @@ These release notes track the development of the AWS Load Balancer Operator in {
 
 For an overview of the AWS Load Balancer Operator, see xref:../../networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc#aws-load-balancer-operator[AWS Load Balancer Operator in {product-title}].
 
+[id="aws-load-balancer-operator-release-notes-1.1.1"]
+== AWS Load Balancer Operator 1.1.1
+
+The following advisory is available for the AWS Load Balancer Operator version 1.1.1: 
+
+* link:https://access.redhat.com/errata/RHEA-2024:0555[RHEA-2024:0555 Release of AWS Load Balancer Operator 1.1.z on OperatorHub]
+
+[id="aws-load-balancer-operator-release-notes-1.1.0"]
+== AWS Load Balancer Operator 1.1.0
+
+The AWS Load Balancer Operator version 1.1.0 supports the AWS Load Balancer Controller version 2.4.4.
+
+The following advisory is available for the AWS Load Balancer Operator version 1.1.0:
+
+* link:https://access.redhat.com/errata/RHEA-2023:6218[RHEA-2023:6218 Release of AWS Load Balancer Operator on OperatorHub Enhancement Advisory Update]
+
+[id="aws-load-balancer-operator-1.1.0-notable-changes"]
+=== Notable changes
+
+* This release uses the Kubernetes API version 0.27.2.
+
+[id="aws-load-balancer-operator-1.1.0-new-features"]
+=== New features
+
+// TODO: Add a link to the documentation for this feature once it exists.
+* The AWS Load Balancer Operator now supports a standardized Security Token Service (STS) flow by using the Cloud Credential Operator.
+
+[id="aws-load-balancer-operator-1.1.0-bug-fixes"]
+=== Bug fixes
+
+* A FIPS-compliant cluster must use TLS version 1.2. Previously, webhooks for the AWS Load Balancer Controller only accepted TLS 1.3 as the minimum version, resulting in an error such as the following on a FIPS-compliant cluster:
++
+[source,terminal]
+----
+remote error: tls: protocol version not supported
+----
++
+Now, the AWS Load Balancer Controller accepts TLS 1.2 as the minimum TLS version, resolving this issue. (link:https://issues.redhat.com/browse/OCPBUGS-14846[*OCPBUGS-14846*])
+
+[id="aws-load-balancer-operator-release-notes-1.0.1"]
+== AWS Load Balancer Operator 1.0.1
+
+The following advisory is available for the AWS Load Balancer Operator version 1.0.1:
+
+* link:https://access.redhat.com/errata/RHEA-2024:0556[Release of AWS Load Balancer Operator 1.0.1 on OperatorHub]
+
 [id="aws-load-balancer-operator-release-notes-1.0.0"]
 == AWS Load Balancer Operator 1.0.0
 
-The AWS Load Balancer Operator is now generally available with this release.
+The AWS Load Balancer Operator is now generally available with this release. The AWS Load Balancer Operator version 1.0.0 supports the AWS Load Balancer Controller version 2.4.4.
 
 The following advisory is available for the AWS Load Balancer Operator version 1.0.0:
 
diff --git a/networking/aws_load_balancer_operator/configure-egress-proxy-aws-load-balancer-operator.adoc b/networking/aws_load_balancer_operator/configure-egress-proxy-aws-load-balancer-operator.adoc
index f880c85f0adf..843daf505dbc 100644
--- a/networking/aws_load_balancer_operator/configure-egress-proxy-aws-load-balancer-operator.adoc
+++ b/networking/aws_load_balancer_operator/configure-egress-proxy-aws-load-balancer-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-aws-load-balancer-operator-cluster-wide-proxy"]
 = Configuring cluster-wide proxy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.adoc b/networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.adoc
index 841f9cece640..ca90ebc3eab2 100644
--- a/networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.adoc
+++ b/networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-create-instance-aws-load-balancer"]
 = Creating an instance of AWS Load Balancer Controller
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc b/networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc
index ddd7ed1ea1ed..cda3e684cc2f 100644
--- a/networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc
+++ b/networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-aws-load-balancer-operator"]
 = Understanding AWS Load Balancer Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/aws_load_balancer_operator/installing-albo-sts-cluster.adoc b/networking/aws_load_balancer_operator/installing-albo-sts-cluster.adoc
index 0f2dd7e5f17c..30ff5ebb7af1 100644
--- a/networking/aws_load_balancer_operator/installing-albo-sts-cluster.adoc
+++ b/networking/aws_load_balancer_operator/installing-albo-sts-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="albo-sts-cluster"]
 = Installing AWS Load Balancer Operator on a Security Token Service cluster
 include::_attributes/common-attributes.adoc[]
@@ -6,18 +6,42 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can install the AWS Load Balancer Operator on a Security Token Service (STS) cluster.
+You can install the AWS Load Balancer (ALB) Operator on a Security Token Service (STS) cluster.
 
-The AWS Load Balancer Operator relies on `CredentialsRequest` to bootstrap the Operator and for each `AWSLoadBalancerController` instance. The AWS Load Balancer Operator waits until the required secrets are created and available. The Cloud Credential Operator does not provision the secrets automatically in the STS cluster. You must set the credentials secrets manually by using the `ccoctl` binary.
+The ALB Operator relies on a `CredentialsRequest` to bootstrap the Operator and for the `AWSLoadBalancerController` instance. The ALB Operator waits until the required secrets are created and available.
 
-If you do not want to provision credential secret by using the Cloud Credential Operator, you can configure the `AWSLoadBalancerController` instance on the STS cluster by specifying the credential secret in the AWS load Balancer Controller custom resource (CR).
+[id="creating-iam-role-albo-operator_{context}"]
+== Creating an IAM role for the AWS Load Balancer Operator
 
-include::modules/bootstrap-aws-load-balancer-operator.adoc[leveloffset=+1]
+An additional IAM role is required to successfully install the ALB Operator on a Security Token Service (STS) cluster. The IAM role is required to interact with subnets and Virtual Private Clouds (VPCs). The Operator generates a `CredentialsRequest` with this role to bootstrap itself.
 
-include::modules/configuring-albo-on-sts-cluster.adoc[leveloffset=+1]
+There are two options for creating the IAM role:
 
-include::modules/configuring-albo-on-sts-cluster-predefined-credentials.adoc[leveloffset=+1]
+* Using `ccoctl` and a predefined `CredentialsRequest`.
+* Using the AWS CLI and predefined AWS manifests.
+
+Use the AWS CLI if your environment does not support the `ccoctl` command.
+
+include::modules/using-ccoctl-create-iam-role-alb-operator.adoc[leveloffset=+2]
+include::modules/using-aws-cli-create-iam-role-alb-operator.adoc[leveloffset=+2]
+
+include::modules/specifying-role-arn-albo-sts.adoc[leveloffset=+1]
+
+[id="creating-iam-role-albo-controller_{context}"]
+== Creating an IAM role for the AWS Load Balancer Controller
+
+The `CredentialsRequest` for the AWS Load Balancer Controller must be set with a manually provisioned IAM role.
+
+There are two options for creating the IAM role:
+
+* Using `ccoctl` and a predefined `CredentialsRequest`.
+* Using the AWS CLI and predefined AWS manifests.
+
+Use the AWS CLI if your environment does not support the `ccoctl` command.
+
+include::modules/using-ccoctl-create-iam-role-alb-controller.adoc[leveloffset=+2]
+include::modules/using-aws-cli-create-iam-role-alb-controller.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 == Additional resources
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-ccoctl-configuring_cco-mode-sts[Configuring the Cloud Credential Operator utility]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
diff --git a/networking/aws_load_balancer_operator/multiple-ingress-through-single-alb.adoc b/networking/aws_load_balancer_operator/multiple-ingress-through-single-alb.adoc
index eaf8747fc462..295e4a35f848 100644
--- a/networking/aws_load_balancer_operator/multiple-ingress-through-single-alb.adoc
+++ b/networking/aws_load_balancer_operator/multiple-ingress-through-single-alb.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-multiple-ingress-through-single-alb"]
 = Creating multiple ingresses
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc b/networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
index b48140bd3fc4..10e10ffe907b 100644
--- a/networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
+++ b/networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="aws-load-balancer-operator"]
 = AWS Load Balancer Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
@@ -8,6 +8,8 @@ toc::[]
 
 The AWS Load Balancer (ALB) Operator deploys and manages an instance of the `aws-load-balancer-controller`. You can install the ALB Operator from the OperatorHub by using {product-title} web console or CLI.
 
+include::modules/nw-aws-load-balancer-operator-considerations.adoc[leveloffset=+1]
+
 include::modules/nw-aws-load-balancer-operator.adoc[leveloffset=+1]
 
 include::modules/nw-aws-load-balancer-logs.adoc[leveloffset=+1]
diff --git a/networking/changing-cluster-network-mtu.adoc b/networking/changing-cluster-network-mtu.adoc
index bffb98310168..aa4555b0d081 100644
--- a/networking/changing-cluster-network-mtu.adoc
+++ b/networking/changing-cluster-network-mtu.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="changing-cluster-network-mtu"]
 = Changing the MTU for the cluster network
 include::_attributes/common-attributes.adoc[]
@@ -17,5 +17,5 @@ include::modules/nw-cluster-mtu-change.adoc[leveloffset=+1]
 == Additional resources
 
 * xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installation-user-infra-machines-advanced_network_installing-bare-metal[Using advanced networking options for PXE and ISO installations]
-* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_manually-creating-networkmanager-profiles-in-key-file-format_configuring-and-managing-networking[Manually creating NetworkManager profiles in key file format]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_and_managing_networking/index#proc_manually-creating-a-networkmanager-profile-in-keyfile-format_assembly_networkmanager-connection-profiles-in-keyfile-format[Manually creating NetworkManager profiles in key file format]
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_and_managing_networking/index#configuring-a-dynamic-ethernet-connection-using-nmcli_configuring-an-ethernet-connection[Configuring a dynamic Ethernet connection using nmcli]
diff --git a/networking/cidr-range-definitions.adoc b/networking/cidr-range-definitions.adoc
index 74784fd744c1..480d1fb88130 100644
--- a/networking/cidr-range-definitions.adoc
+++ b/networking/cidr-range-definitions.adoc
@@ -1,7 +1,10 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cidr-range-definitions"]
 = CIDR range definitions
+include::_attributes/common-attributes.adoc[]
+ifdef::openshift-dedicated,openshift-rosa[]
 include::_attributes/attributes-openshift-dedicated.adoc[]
+endif::openshift-dedicated,openshift-rosa[]
 :context: cidr-range-definitions
 
 toc::[]
@@ -24,21 +27,56 @@ OVN-Kubernetes, the default network provider in {product-title} 4.11 and later,
 
 [id="machine-cidr-description"]
 == Machine CIDR
-In the Machine CIDR field, you must specify the IP address range for machines or cluster nodes. This range must encompass all CIDR address ranges for your virtual private cloud (VPC) subnets. Subnets must be contiguous. A minimum IP address range of 128 addresses, using the subnet prefix `/25`, is supported for single availability zone deployments. A minimum address range of 256 addresses, using the subnet prefix `/24`, is supported for deployments that use multiple availability zones. The default is `10.0.0.0/16`. This range must not conflict with any connected networks.
+In the Machine CIDR field, you must specify the IP address range for machines or cluster nodes. 
+ifdef::openshift-rosa,openshift-dedicated[]
+This range must encompass all CIDR address ranges for your virtual private cloud (VPC) subnets. Subnets must be contiguous.  A minimum IP address range of 128 addresses, using the subnet prefix `/25`, is supported for single availability zone deployments. A minimum address range of 256 addresses, using the subnet prefix `/24`, is supported for deployments that use multiple availability zones. 
+endif::openshift-rosa,openshift-dedicated[]
+
+The default is `10.0.0.0/16`. This range must not conflict with any connected networks.
 
+ifdef::openshift-rosa[]
 [NOTE]
 ====
 When using {hcp-title}, the static IP address `172.20.0.1` is reserved for the internal Kubernetes API address. The machine, pod, and service CIDRs ranges must not conflict with this IP address.
 ====
+endif::[]
 
 [id="service-cidr-description"]
 == Service CIDR
-In the Service CIDR field, you must specify the IP address range for services. The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `172.30.0.0/16`. This address block needs to be the same between clusters.
+In the Service CIDR field, you must specify the IP address range for services. 
+ifdef::openshift-rosa,openshift-dedicated[]
+It is recommended, but not required, that the address block is the same between clusters. This will not create IP address conflicts. 
+endif::openshift-rosa,openshift-dedicated[]
+The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `172.30.0.0/16`.
 
 [id="pod-cidr-description"]
 == Pod CIDR
-In the pod CIDR field, you must specify the IP address range for pods. The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `10.128.0.0/14`. This address block needs to be the same between clusters.
+In the pod CIDR field, you must specify the IP address range for pods. 
+
+ifdef::openshift-enterprise[]
+The pod CIDR is the same as the `clusterNetwork` CIDR and the cluster CIDR. 
+endif::openshift-enterprise[]
+ifdef::openshift-rosa,openshift-dedicated[]
+It is recommended, but not required, that the address block is the same between clusters. This will not create IP address conflicts. 
+endif::openshift-rosa,openshift-dedicated[]
+The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `10.128.0.0/14`. 
+ifdef::openshift-enterprise[]
+You can expand the range after cluster installation.
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../networking/cluster-network-operator.adoc#nw-operator-cr-cno-object_cluster-network-operator[Cluster Network Operator Configuration] 
+* xref:../networking/configuring-cluster-network-range.adoc#configuring-cluster-network-range[Configuring the cluster network range]
+endif::openshift-enterprise[]
 
 [id="host-prefix-description"]
 == Host Prefix
-In the Host Prefix field, you must Specify the subnet prefix length assigned to pods scheduled to individual machines. The host prefix determines the pod IP address pool for each machine. For example, if the host prefix is set to `/23`, each machine is assigned a `/23` subnet from the pod CIDR address range. The default is `/23`, allowing 512 cluster nodes, and 512 pods per node (both of which are beyond our maximum supported).
+In the Host Prefix field, you must specify the subnet prefix length assigned to pods scheduled to individual machines. The host prefix determines the pod IP address pool for each machine.
+
+ifdef::openshift-rosa,openshift-dedicated[]
+For example, if the host prefix is set to `/23`, each machine is assigned a `/23` subnet from the pod CIDR address range. The default is `/23`, allowing 512 cluster nodes, and 512 pods per node (both of which are beyond our maximum supported).
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-enterprise[]
+For example, if the host prefix is set to `/23`, each machine is assigned a `/23` subnet from the pod CIDR address range. The default is `/23`, allowing 510 cluster nodes, and 510 pod IP addresses per node.
+endif::openshift-enterprise[]
\ No newline at end of file
diff --git a/networking/cluster-network-operator.adoc b/networking/cluster-network-operator.adoc
index e56edbe6581b..be867e793b34 100644
--- a/networking/cluster-network-operator.adoc
+++ b/networking/cluster-network-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cluster-network-operator"]
 = Cluster Network Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
@@ -23,3 +23,5 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1]
 == Additional resources
 
 * xref:../rest_api/operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[`Network` API in the `operator.openshift.io` API group]
+* xref:../networking/configuring-cluster-network-range.adoc#nw-cluster-network-range-edit_configuring-cluster-network-range[Modifying the `clusterNetwork` IP address range]
+* xref:../networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc#migrate-from-openshift-sdn[Migrating from the OpenShift SDN network plugin]
diff --git a/networking/configure-syscontrols-interface-tuning-cni.adoc b/networking/configure-syscontrols-interface-tuning-cni.adoc
new file mode 100644
index 000000000000..420241a19900
--- /dev/null
+++ b/networking/configure-syscontrols-interface-tuning-cni.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configure-syscontrols-interface-tuning-cni"]
+= Configuring system controls and interface attributes using the tuning plugin
+include::_attributes/common-attributes.adoc[]
+:context: configure-syscontrols-interface-tuning-cni
+
+toc::[]
+
+In Linux, sysctl allows an administrator to modify kernel parameters at runtime. You can modify interface-level network sysctls using the tuning Container Network Interface (CNI) meta plugin. The tuning CNI meta plugin operates in a chain with a main CNI plugin as illustrated.
+
+image::264_OpenShift_CNI_plugin_chain_0722.png[CNI plugin]
+
+The main CNI plugin assigns the interface and passes this interface to the tuning CNI meta plugin at runtime. You can change some sysctls and several interface attributes such as promiscuous mode, all-multicast mode, MTU, and MAC address in the network namespace by using the tuning CNI meta plugin.
+
+include::modules/nw-cfg-tuning-interface-cni.adoc[leveloffset=+1]
+
+include::modules/nw-cfg-config-all-multi-cni.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_nodes-setting-interface-level-network-sysctls"]
+== Additional resources
+
+* xref:../nodes/containers/nodes-containers-sysctls.adoc#nodes-containers-sysctls[Using sysctls in containers]
+* xref:../networking/hardware_networks/configuring-sriov-device.adoc#nw-sriov-networknodepolicy-object_configuring-sriov-device[SR-IOV network node configuration object]
+* xref:../networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc#configuring-interface-level-sysctl-settings-sriov-device[Configuring interface-level network sysctl settings and all-multicast mode for SR-IOV networks]
diff --git a/networking/configuring-a-custom-pki.adoc b/networking/configuring-a-custom-pki.adoc
index 7e827a581073..1c74cf5d59b7 100644
--- a/networking/configuring-a-custom-pki.adoc
+++ b/networking/configuring-a-custom-pki.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-a-custom-pki"]
 = Configuring a custom PKI
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring-cluster-network-range.adoc b/networking/configuring-cluster-network-range.adoc
index 03582968d166..66c0e67a72a4 100644
--- a/networking/configuring-cluster-network-range.adoc
+++ b/networking/configuring-cluster-network-range.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-cluster-network-range"]
 = Configuring the cluster network range
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring-cluster-wide-proxy.adoc b/networking/configuring-cluster-wide-proxy.adoc
index 0d407a7cdd7d..447d45ca9f92 100644
--- a/networking/configuring-cluster-wide-proxy.adoc
+++ b/networking/configuring-cluster-wide-proxy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="configuring-a-cluster-wide-proxy"]
@@ -7,12 +7,12 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-If you are using an existing Virtual Private Cloud (VPC), you can configure a cluster-wide proxy during 
+If you are using an existing Virtual Private Cloud (VPC), you can configure a cluster-wide proxy during
 ifdef::openshift-rosa[]
-a {product-title} (ROSA)  
+a {product-title} (ROSA)
 endif::openshift-rosa[]
 ifdef::openshift-dedicated[]
-an {product-title}   
+an {product-title}
 endif::openshift-dedicated[]
 cluster installation or after the cluster is installed. When you enable a proxy, the core cluster components are denied direct access to the internet, but the proxy does not affect user workloads.
 
diff --git a/networking/configuring-ipfailover.adoc b/networking/configuring-ipfailover.adoc
index bd615a843bf8..dc90fe1e84dc 100644
--- a/networking/configuring-ipfailover.adoc
+++ b/networking/configuring-ipfailover.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ipfailover"]
 = Configuring IP failover
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring-node-port-service-range.adoc b/networking/configuring-node-port-service-range.adoc
index 76b3b6520fa9..25b6784f4486 100644
--- a/networking/configuring-node-port-service-range.adoc
+++ b/networking/configuring-node-port-service-range.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-node-port-service-range"]
 = Configuring the node port service range
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc b/networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
index 4838d67db707..29b0592c8596 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-externalip"]
 = Configuring ExternalIPs for services
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
index ea58788eb631..fb9a2bc90641 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress-cluster-traffic-aws"]
 = Configuring ingress cluster traffic on AWS
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc
index d37a69b346f2..c8973d35b975 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress-cluster-traffic-ingress-controller"]
 = Configuring ingress cluster traffic using an Ingress Controller
 include::_attributes/common-attributes.adoc[]
@@ -61,6 +61,6 @@ The Ingress Operator manages wildcard DNS. For more information, see the followi
 
 * xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Installing a cluster on bare metal].
 
-* xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[Installing a cluster on vSphere].
+* xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[Installing a cluster on vSphere].
 
-* xref:../../networking/network_policy/about-network-policy.adoc#about-network-policy[About network policy].
\ No newline at end of file
+* xref:../../networking/network_policy/about-network-policy.adoc#about-network-policy[About network policy].
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer-allowed-source-ranges.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer-allowed-source-ranges.adoc
index e32cde748040..d6728f32b4f5 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer-allowed-source-ranges.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer-allowed-source-ranges.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress-cluster-traffic-lb-allowed-source-ranges"]
 = Configuring ingress cluster traffic using load balancer allowed source ranges
 include::_attributes/common-attributes.adoc[]
@@ -13,4 +13,4 @@ include::modules/nw-configuring-lb-allowed-source-ranges-migration.adoc[leveloff
 
 [role="_additional-resources"]
 == Additional resources
-* xref:../../updating/index.adoc#index[Updating your cluster]
+* xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Introduction to OpenShift updates]
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc
index 6339a2d3ef70..a1af4497fd9d 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress-cluster-traffic-load-balancer"]
 = Configuring ingress cluster traffic using a load balancer
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc
index babfde28973e..613cdd97ea93 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress-cluster-traffic-nodeport"]
 = Configuring ingress cluster traffic using a NodePort
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-service-external-ip.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-service-external-ip.adoc
index 31a1399e49bc..e80556577b36 100644
--- a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-service-external-ip.adoc
+++ b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-service-external-ip.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress-cluster-traffic-service-external-ip"]
 = Configuring ingress cluster traffic for a service external IP
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/configuring_ingress_cluster_traffic/overview-traffic.adoc b/networking/configuring_ingress_cluster_traffic/overview-traffic.adoc
index 1a52fb9610dc..9244925a6ad6 100644
--- a/networking/configuring_ingress_cluster_traffic/overview-traffic.adoc
+++ b/networking/configuring_ingress_cluster_traffic/overview-traffic.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overview-traffic"]
 = Configuring ingress cluster traffic overview
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/dns-operator.adoc b/networking/dns-operator.adoc
index d5514f6ddebc..563371bc82a6 100644
--- a/networking/dns-operator.adoc
+++ b/networking/dns-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dns-operator"]
 = DNS Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/enable-cluster-wide-proxy.adoc b/networking/enable-cluster-wide-proxy.adoc
index b18e2901b9b2..cbf34318be54 100644
--- a/networking/enable-cluster-wide-proxy.adoc
+++ b/networking/enable-cluster-wide-proxy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enable-cluster-wide-proxy"]
 = Configuring the cluster-wide proxy
 include::_attributes/common-attributes.adoc[]
@@ -14,10 +14,15 @@ Production environments can deny direct access to the internet and instead have
 +
 [NOTE]
 ====
-The Proxy object `status.noProxy` field is populated with the values of the `networking.machineNetwork[].cidr`, `networking.clusterNetwork[].cidr`, and `networking.serviceNetwork[]` fields from your installation configuration.
+The Proxy object `status.noProxy` field is populated with the values of the `networking.machineNetwork[].cidr`, `networking.clusterNetwork[].cidr`, and `networking.serviceNetwork[]` fields from your installation configuration with most installation types.
 
 For installations on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and {rh-openstack-first}, the `Proxy` object `status.noProxy` field is also populated with the instance metadata endpoint (`169.254.169.254`).
 ====
++
+[IMPORTANT]
+====
+If your installation type does not include setting the `networking.machineNetwork[].cidr` field, you must include the machine IP addresses manually in the `.status.noProxy` field to make sure that the traffic between nodes can bypass the proxy.
+====
 
 include::modules/nw-proxy-configure-object.adoc[leveloffset=+1]
 
diff --git a/networking/external_dns_operator/external-dns-operator-release-notes.adoc b/networking/external_dns_operator/external-dns-operator-release-notes.adoc
new file mode 100644
index 000000000000..b3fcc1605486
--- /dev/null
+++ b/networking/external_dns_operator/external-dns-operator-release-notes.adoc
@@ -0,0 +1,67 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="external-dns-operator-release-notes"]
+= External DNS Operator release notes
+:context: external-dns-operator-release-notes
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The External DNS Operator deploys and manages `ExternalDNS` to provide name resolution for services and routes from the external DNS provider to {product-title}.
+
+These release notes track the development of the External DNS Operator in {product-title}.
+
+[id="external-dns-operator-release-notes-1.2.0"]
+== External DNS Operator 1.2.0
+
+The following advisory is available for the External DNS Operator version 1.2.0:
+
+* link:https://access.redhat.com/errata/RHEA-2023:7239[RHEA-2022:5867 ExternalDNS Operator 1.2 operator/operand containers]
+
+[id="external-dns-operator-1.2.0-new-features"]
+=== New features
+
+* The External DNS Operator now supports AWS shared VPC. For more information, see xref:../../networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc#nw-control-dns-records-public-aws-with-VPC_creating-dns-records-on-aws[Creating DNS records in a different AWS Account using a shared VPC].
+
+[id="external-dns-operator-1.2.0-bug-fixes"]
+=== Bug fixes
+
+* The update strategy for the operand changed from `Rolling` to `Recreate`. (link:https://issues.redhat.com/browse/OCPBUGS-3630[*OCPBUGS-3630*])
+
+[id="external-dns-operator-release-notes-1.1.1"]
+== External DNS Operator 1.1.1
+
+The following advisory is available for the External DNS Operator version 1.1.1:
+
+* link:https://access.redhat.com/errata/RHEA-2024:0536[RHEA-2024:0536 ExternalDNS Operator 1.1 operator/operand containers]
+
+[id="external-dns-operator-release-notes-1.1.0"]
+== External DNS Operator 1.1.0
+
+This release included a rebase of the operand from the upstream project version 0.13.1. The following advisory is available for the External DNS Operator version 1.1.0:
+
+* link:https://access.redhat.com/errata/RHEA-2022:9086[RHEA-2022:9086-01 ExternalDNS Operator 1.1 operator/operand containers]
+
+[id="external-dns-operator-1.1.0-bug-fix"]
+=== Bug fixes
+
+* Previously, the ExternalDNS Operator enforced an empty `defaultMode` value for volumes, which caused constant updates due to a conflict with the OpenShift API. Now, the `defaultMode` value is not enforced and operand deployment does not update constantly. (link:https://issues.redhat.com/browse/OCPBUGS-2793[*OCPBUGS-2793*])
+
+[id="external-dns-operator-release-notes-1.0.1"]
+== External DNS Operator 1.0.1
+
+The following advisory is available for the External DNS Operator version 1.0.1:
+
+* link:https://access.redhat.com/errata/RHEA-2024:0537[RHEA-2024:0537 ExternalDNS Operator 1.0 operator/operand containers]
+
+
+[id="external-dns-operator-release-notes-1.0.0"]
+== External DNS Operator 1.0.0
+
+The following advisory is available for the External DNS Operator version 1.0.0:
+
+* link:https://access.redhat.com/errata/RHEA-2022:5867[RHEA-2022:5867 ExternalDNS Operator 1.0 operator/operand containers]
+
+[id="external-dns-operator-1.0.0-bug-fixes"]
+=== Bug fixes
+
+* Previously, the External DNS Operator issued a warning about the violation of the restricted SCC policy during ExternalDNS operand pod deployments. This issue has been resolved. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2086408[*BZ#2086408*])
\ No newline at end of file
diff --git a/networking/external_dns_operator/nw-configuration-parameters.adoc b/networking/external_dns_operator/nw-configuration-parameters.adoc
index 0ab0f6445ea4..1ada592f9f7a 100644
--- a/networking/external_dns_operator/nw-configuration-parameters.adoc
+++ b/networking/external_dns_operator/nw-configuration-parameters.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="external-dns-operator-configuration-parameters"]
 = External DNS Operator configuration parameters
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc b/networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc
index 5dc73da80867..b9e42013aeb1 100644
--- a/networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc
+++ b/networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="external-dns-operator-cluster-wide-proxy"]
 = Configuring the cluster-wide proxy on the External DNS Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc b/networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc
index 552263cf4a0b..507b70570f77 100644
--- a/networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc
+++ b/networking/external_dns_operator/nw-creating-dns-records-on-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-dns-records-on-aws"]
 = Creating DNS records on AWS
 include::_attributes/common-attributes.adoc[]
@@ -9,3 +9,4 @@ toc::[]
 You can create DNS records on AWS and AWS GovCloud by using External DNS Operator.
 
 include::modules/nw-control-dns-records-public-hosted-zone-aws.adoc[leveloffset=+1]
+include::modules/nw-control-dns-records-public-aws-with-VPC.adoc[leveloffset=+1]
diff --git a/networking/external_dns_operator/nw-creating-dns-records-on-azure.adoc b/networking/external_dns_operator/nw-creating-dns-records-on-azure.adoc
index b6f05ae1cb2c..86ec45b06fff 100644
--- a/networking/external_dns_operator/nw-creating-dns-records-on-azure.adoc
+++ b/networking/external_dns_operator/nw-creating-dns-records-on-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-dns-records-on-azure"]
 = Creating DNS records on Azure
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/external_dns_operator/nw-creating-dns-records-on-gcp.adoc b/networking/external_dns_operator/nw-creating-dns-records-on-gcp.adoc
index 4c7366efba9e..92680e2b1613 100644
--- a/networking/external_dns_operator/nw-creating-dns-records-on-gcp.adoc
+++ b/networking/external_dns_operator/nw-creating-dns-records-on-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-dns-records-on-gcp"]
 = Creating DNS records on GCP
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/external_dns_operator/nw-creating-dns-records-on-infoblox.adoc b/networking/external_dns_operator/nw-creating-dns-records-on-infoblox.adoc
index 01e5b6089508..5e15c9ee7d4c 100644
--- a/networking/external_dns_operator/nw-creating-dns-records-on-infoblox.adoc
+++ b/networking/external_dns_operator/nw-creating-dns-records-on-infoblox.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-dns-records-on-infoblox"]
 = Creating DNS records on Infoblox
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/external_dns_operator/nw-installing-external-dns-operator-on-cloud-providers.adoc b/networking/external_dns_operator/nw-installing-external-dns-operator-on-cloud-providers.adoc
index 5cb3e340de92..d7e9ee4e308d 100644
--- a/networking/external_dns_operator/nw-installing-external-dns-operator-on-cloud-providers.adoc
+++ b/networking/external_dns_operator/nw-installing-external-dns-operator-on-cloud-providers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-external-dns-on-cloud-providers"]
 = Installing External DNS Operator on cloud providers
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/external_dns_operator/understanding-external-dns-operator.adoc b/networking/external_dns_operator/understanding-external-dns-operator.adoc
index 643458909704..f2b23d8ad0b6 100644
--- a/networking/external_dns_operator/understanding-external-dns-operator.adoc
+++ b/networking/external_dns_operator/understanding-external-dns-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="external-dns-operator"]
 = External DNS Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/about-sriov.adoc b/networking/hardware_networks/about-sriov.adoc
index 475959ac38b0..19fa5d7b3bae 100644
--- a/networking/hardware_networks/about-sriov.adoc
+++ b/networking/hardware_networks/about-sriov.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-sriov"]
 = About Single Root I/O Virtualization (SR-IOV) hardware networks
 include::_attributes/common-attributes.adoc[]
@@ -90,6 +90,6 @@ include::modules/nw-sriov-huge-pages.adoc[leveloffset=+2]
 * xref:../../networking/hardware_networks/installing-sriov-operator.adoc#installing-sriov-operator[Installing the SR-IOV Network Operator]
 * Optional: xref:../../networking/hardware_networks/configuring-sriov-operator.adoc#configuring-sriov-operator[Configuring the SR-IOV Network Operator]
 * xref:../../networking/hardware_networks/configuring-sriov-device.adoc#configuring-sriov-device[Configuring an SR-IOV network device]
-* If you use {VirtProductName}: xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc#virt-attaching-vm-to-sriov-network[Connecting a virtual machine to an SR-IOV network]
+* If you use {VirtProductName}: xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-connecting-vm-to-sriov[Connecting a virtual machine to an SR-IOV network]
 * xref:../../networking/hardware_networks/configuring-sriov-net-attach.adoc#configuring-sriov-net-attach[Configuring an SR-IOV network attachment]
 * xref:../../networking/hardware_networks/add-pod.adoc#add-pod[Adding a pod to an SR-IOV additional network]
diff --git a/networking/hardware_networks/add-pod.adoc b/networking/hardware_networks/add-pod.adoc
index 3066ab24a364..bed2c2bc87af 100644
--- a/networking/hardware_networks/add-pod.adoc
+++ b/networking/hardware_networks/add-pod.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="add-pod"]
 = Adding a pod to an SR-IOV additional network
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/configuring-hardware-offloading.adoc b/networking/hardware_networks/configuring-hardware-offloading.adoc
index df0111bbc370..08d88f7ae57f 100644
--- a/networking/hardware_networks/configuring-hardware-offloading.adoc
+++ b/networking/hardware_networks/configuring-hardware-offloading.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-hardware-offloading"]
 = Configuring hardware offloading
 include::_attributes/common-attributes.adoc[]
@@ -32,6 +32,14 @@ include::modules/nw-sriov-hwol-creating-sriov-policy.adoc[leveloffset=+1]
 
 include::modules/nw-sriov-hwol-ref-openstack-sriov-policy.adoc[leveloffset=+2]
 
+// Improving network traffic performance using a virtual function
+include::modules/nw-sriov-hwol-improving-network-traffic-performance.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_using-vf-improve-network-traffic-performance"]
+.Additional resources
+* xref:../../networking/hardware_networks/configuring-sriov-device.adoc#nw-sriov-networknodepolicy-object_configuring-sriov-device[SR-IOV network node configuration object]
+
 //Creating a Network Attachment Definition
 include::modules/nw-sriov-hwol-creating-network-attachment-definition.adoc[leveloffset=+1]
 
diff --git a/networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc b/networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
index 526898cc6cf1..39c452cd89c4 100644
--- a/networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
+++ b/networking/hardware_networks/configuring-interface-sysctl-sriov-device.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-interface-level-sysctl-settings-sriov-device"]
-= Configuring interface-level network sysctl settings for SR-IOV networks
+= Configuring interface-level network sysctl settings and all-multicast mode for SR-IOV networks
 include::_attributes/common-attributes.adoc[]
 :context: configuring-sysctl-interface-sriov-device
 
 toc::[]
 
-As a cluster administrator, you can modify interface-level network sysctls using the tuning Container Network Interface (CNI) meta plugin for a pod connected to a SR-IOV network device.  
+As a cluster administrator, you can change interface-level network sysctls and several interface attributes such as promiscuous mode, all-multicast mode, MTU, and MAC address by using the tuning Container Network Interface (CNI) meta plugin for a pod connected to a SR-IOV network device.
 
 include::modules/nw-label-nodes-with-sriov.adoc[leveloffset=+1]
 
@@ -21,3 +21,7 @@ include::modules/nw-sriov-interface-level-sysctl-bonded.adoc[leveloffset=+1]
 include::modules/nw-sriov-interface-level-sysctl-bonded-node-policy.adoc[leveloffset=+2]
 
 include::modules/nw-configure-sysctl-interface-sriov-network-bonded.adoc[leveloffset=+2]
+
+include::modules/nw-sriov-about-all-multi-cast-mode.adoc[leveloffset=+1]
+
+include::modules/nw-enable-all-multicast-mode-sriov-network.adoc[leveloffset=+2]
diff --git a/networking/hardware_networks/configuring-sriov-device.adoc b/networking/hardware_networks/configuring-sriov-device.adoc
index 6b587403e235..d55a82c4f242 100644
--- a/networking/hardware_networks/configuring-sriov-device.adoc
+++ b/networking/hardware_networks/configuring-sriov-device.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sriov-device"]
 = Configuring an SR-IOV network device
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/configuring-sriov-ib-attach.adoc b/networking/hardware_networks/configuring-sriov-ib-attach.adoc
index a636afd8ff44..467ab42a6344 100644
--- a/networking/hardware_networks/configuring-sriov-ib-attach.adoc
+++ b/networking/hardware_networks/configuring-sriov-ib-attach.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sriov-ib-attach"]
 = Configuring an SR-IOV InfiniBand network attachment
 include::_attributes/common-attributes.adoc[]
@@ -10,6 +10,13 @@ You can configure an InfiniBand (IB) network attachment for an Single Root I/O V
 
 include::modules/nw-sriov-ibnetwork-object.adoc[leveloffset=+1]
 include::modules/nw-multus-ipam-object.adoc[leveloffset=+2]
+
+include::modules/nw-multus-configure-dualstack-ip-address.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../networking/multiple_networks/attaching-pod.html#nw-multus-add-pod_attaching-pod[Attaching a pod to an additional network]
+
 include::modules/nw-sriov-network-attachment.adoc[leveloffset=+1]
 
 [id="configuring-sriov-ib-attach-next-steps"]
diff --git a/networking/hardware_networks/configuring-sriov-net-attach.adoc b/networking/hardware_networks/configuring-sriov-net-attach.adoc
index 5713cae83edb..38ac482b1ba5 100644
--- a/networking/hardware_networks/configuring-sriov-net-attach.adoc
+++ b/networking/hardware_networks/configuring-sriov-net-attach.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sriov-net-attach"]
 = Configuring an SR-IOV Ethernet network attachment
 include::_attributes/common-attributes.adoc[]
@@ -10,6 +10,12 @@ You can configure an Ethernet network attachment for an Single Root I/O Virtuali
 
 include::modules/nw-sriov-network-object.adoc[leveloffset=+1]
 include::modules/nw-multus-ipam-object.adoc[leveloffset=+2]
+include::modules/nw-multus-configure-dualstack-ip-address.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../networking/multiple_networks/attaching-pod.html#nw-multus-add-pod_attaching-pod[Attaching a pod to an additional network]
+
 include::modules/nw-sriov-network-attachment.adoc[leveloffset=+1]
 
 [id="configuring-sriov-net-attach-next-steps"]
diff --git a/networking/hardware_networks/configuring-sriov-operator.adoc b/networking/hardware_networks/configuring-sriov-operator.adoc
index bc1bd9424901..8b0232910db2 100644
--- a/networking/hardware_networks/configuring-sriov-operator.adoc
+++ b/networking/hardware_networks/configuring-sriov-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-sriov-operator"]
 = Configuring the SR-IOV Network Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/installing-sriov-operator.adoc b/networking/hardware_networks/installing-sriov-operator.adoc
index 3103755ed8fd..0816b4144cea 100644
--- a/networking/hardware_networks/installing-sriov-operator.adoc
+++ b/networking/hardware_networks/installing-sriov-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-sriov-operator"]
 = Installing the SR-IOV Network Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/switching-bf2-nic-dpu.adoc b/networking/hardware_networks/switching-bf2-nic-dpu.adoc
index 031628b3ee91..091560f1de19 100644
--- a/networking/hardware_networks/switching-bf2-nic-dpu.adoc
+++ b/networking/hardware_networks/switching-bf2-nic-dpu.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="switching-bf2-nic-dpu"]
 = Switching Bluefield-2 from DPU to NIC
 include::_attributes/common-attributes.adoc[]
@@ -6,11 +6,11 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can switch the Bluefield-2 network device from data processing unit (DPU) mode to network interface controller (NIC) mode. 
+You can switch the Bluefield-2 network device from data processing unit (DPU) mode to network interface controller (NIC) mode.
 
 include::modules/proc-switching-bf2-nic.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
-.Additional resources 
+.Additional resources
 
 xref:../../networking/hardware_networks/installing-sriov-operator.adoc#installing-sr-iov-operator_installing-sriov-operator[Installing SR-IOV Network Operator]
diff --git a/networking/hardware_networks/uninstalling-sriov-operator.adoc b/networking/hardware_networks/uninstalling-sriov-operator.adoc
index acc211019658..7038e1f4a254 100644
--- a/networking/hardware_networks/uninstalling-sriov-operator.adoc
+++ b/networking/hardware_networks/uninstalling-sriov-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-sriov-operator"]
 = Uninstalling the SR-IOV Network Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/using-dpdk-and-rdma.adoc b/networking/hardware_networks/using-dpdk-and-rdma.adoc
index 3c55098ab14b..5bee135988ad 100644
--- a/networking/hardware_networks/using-dpdk-and-rdma.adoc
+++ b/networking/hardware_networks/using-dpdk-and-rdma.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-dpdk-and-rdma"]
 = Using DPDK and RDMA
 include::_attributes/common-attributes.adoc[]
@@ -8,12 +8,23 @@ toc::[]
 
 The containerized Data Plane Development Kit (DPDK) application is supported on {product-title}. You can use Single Root I/O Virtualization (SR-IOV) network hardware with the Data Plane Development Kit (DPDK) and with remote direct memory access (RDMA).
 
-For information on supported devices, refer to xref:../../networking/hardware_networks/about-sriov.adoc#supported-devices_about-sriov[Supported devices].
+For information about supported devices, see xref:../../networking/hardware_networks/about-sriov.adoc#supported-devices_about-sriov[Supported devices].
 
 include::modules/nw-sriov-dpdk-example-intel.adoc[leveloffset=+1]
 
 include::modules/nw-sriov-dpdk-example-mellanox.adoc[leveloffset=+1]
 
+include::modules/nw-running-dpdk-rootless-tap.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-enable-container_use_devices_configuring-additional-network[Enabling the container_use_devices boolean]
+
+* xref:../../scalability_and_performance/cnf-create-performance-profiles.adoc#cnf-create-performance-profiles[Creating a performance profile]
+
+* xref:../../networking/hardware_networks/configuring-sriov-device.adoc#configuring-sriov-device[Configuring an SR-IOV network device]
+
 include::modules/nw-sriov-concept-dpdk-line-rate.adoc[leveloffset=+1]
 
 include::modules/nw-sriov-example-dpdk-line-rate.adoc[leveloffset=+1]
diff --git a/networking/hardware_networks/using-pod-level-bonding.adoc b/networking/hardware_networks/using-pod-level-bonding.adoc
index df7165ad4ab1..74c2266970d2 100644
--- a/networking/hardware_networks/using-pod-level-bonding.adoc
+++ b/networking/hardware_networks/using-pod-level-bonding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-pod-level-bonding"]
 = Using pod-level bonding
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/hardware_networks/using-sriov-multicast.adoc b/networking/hardware_networks/using-sriov-multicast.adoc
index 0aba80e1184b..9f66b4b31c67 100644
--- a/networking/hardware_networks/using-sriov-multicast.adoc
+++ b/networking/hardware_networks/using-sriov-multicast.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-sriov-multicast"]
 = Using high performance multicast
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ingress-controller-dnsmgt.adoc b/networking/ingress-controller-dnsmgt.adoc
index abcd3dc46193..4ac5b39c55cb 100644
--- a/networking/ingress-controller-dnsmgt.adoc
+++ b/networking/ingress-controller-dnsmgt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingress-controller-dnsmgt"]
 = Configuring an Ingress Controller for manual DNS Management
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ingress-node-firewall-operator.adoc b/networking/ingress-node-firewall-operator.adoc
index e8c28865157a..b97f9b55377d 100644
--- a/networking/ingress-node-firewall-operator.adoc
+++ b/networking/ingress-node-firewall-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingress-node-firewall-operator"]
 = Ingress Node Firewall Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ingress-operator.adoc b/networking/ingress-operator.adoc
index dd918690ba48..69a073d50f75 100644
--- a/networking/ingress-operator.adoc
+++ b/networking/ingress-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ingress"]
 = Ingress Operator in {product-title}
 ifdef::openshift-enterprise[]
@@ -12,7 +12,7 @@ endif::[]
 toc::[]
 include::modules/nw-ne-openshift-ingress.adoc[leveloffset=+1]
 
-ifndef::openshift-rosa,openshift-dedicated[]
+//ifndef::openshift-rosa,openshift-dedicated[] NOTE: commenting out this ifndef to track what was in place before OSDOCS-4883.
 include::modules/nw-installation-ingress-config-asset.adoc[leveloffset=+1]
 
 include::modules/nw-ingress-controller-configuration-parameters.adoc[leveloffset=+1]
@@ -29,7 +29,7 @@ include::modules/tls-profiles-understanding.adoc[leveloffset=+3]
 include::modules/tls-profiles-ingress-configuring.adoc[leveloffset=+3]
 
 include::modules/nw-mutual-tls-auth.adoc[leveloffset=+3]
-endif::openshift-rosa,openshift-dedicated[]
+//endif::openshift-rosa,openshift-dedicated[] NOTE: commenting out this ifndef to track what was in place before OSDOCS-4883.
 
 include::modules/nw-ingress-view.adoc[leveloffset=+1]
 
@@ -39,7 +39,7 @@ include::modules/nw-ingress-operator-logs.adoc[leveloffset=+1]
 
 include::modules/nw-ingress-controller-status.adoc[leveloffset=+1]
 
-ifndef::openshift-rosa,openshift-dedicated[]
+//ifndef::openshift-rosa,openshift-dedicated[] NOTE: commenting out this ifndef to track what was in place before OSDOCS-4883.
 [id="configuring-ingress-controller"]
 == Configuring the Ingress Controller
 
@@ -49,6 +49,7 @@ include::modules/nw-ingress-custom-default-certificate-remove.adoc[leveloffset=+
 
 include::modules/nw-autoscaling-ingress-controller.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 * xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
@@ -60,6 +61,7 @@ include::modules/nw-autoscaling-ingress-controller.adoc[leveloffset=+2]
 * xref:../nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc#nodes-cma-autoscaling-custom-prometheus[Configuring the custom metrics autoscaler to use {product-title} monitoring]
 
 * xref:../nodes/cma/nodes-cma-autoscaling-custom-adding.adoc#nodes-cma-autoscaling-custom-adding[Understanding how to add custom metrics autoscalers]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nw-scaling-ingress-controller.adoc[leveloffset=+2]
 
@@ -69,7 +71,9 @@ include::modules/nw-ingress-setting-thread-count.adoc[leveloffset=+2]
 
 include::modules/nw-ingress-setting-internal-lb.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/nw-ingress-controller-configuration-gcp-global-access.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nw-ingress-controller-config-tuningoptions-healthcheckinterval.adoc[leveloffset=+2]
 
@@ -79,6 +83,10 @@ include::modules/nw-route-admission-policy.adoc[leveloffset=+2]
 
 include::modules/using-wildcard-routes.adoc[leveloffset=+2]
 
+include::modules/nw-http-header-configuration.adoc[leveloffset=+2]
+
+include::modules/nw-ingress-set-or-delete-http-headers.adoc[leveloffset=+2]
+
 include::modules/nw-using-ingress-forwarded.adoc[leveloffset=+2]
 
 include::modules/nw-http2-haproxy.adoc[leveloffset=+2]
@@ -97,7 +105,7 @@ include::modules/nw-customize-ingress-error-pages.adoc[leveloffset=+2]
 //include::modules/nw-ingress-select-route.adoc[leveloffset=+2]
 
 include::modules/nw-ingress-setting-max-connections.adoc[leveloffset=+2]
-endif::openshift-rosa,openshift-dedicated[]
+//endif::openshift-rosa,openshift-dedicated[] NOTE: commenting out this ifndef to track what was in place before OSDOCS-4883.
 
 ifdef::openshift-rosa,openshift-dedicated[]
 include::modules/sd-ingress-responsibilities.adoc[leveloffset=+1]
@@ -108,4 +116,4 @@ ifndef::openshift-rosa,openshift-dedicated[]
 == Additional resources
 
 * xref:../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI]
-endif::openshift-rosa,openshift-dedicated[]
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/networking/ingress-sharding.adoc b/networking/ingress-sharding.adoc
index f42806fd5591..cf479c92003c 100644
--- a/networking/ingress-sharding.adoc
+++ b/networking/ingress-sharding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingress-sharding"]
 = Ingress sharding in {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc b/networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc
index 36c74c2e557c..6822b7813f5e 100644
--- a/networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc
+++ b/networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="k8s-nmstate-about-the-k8s-nmstate-operator"]
 = About the Kubernetes NMState Operator
 include::_attributes/common-attributes.adoc[]
@@ -11,11 +11,24 @@ The Kubernetes NMState Operator provides a Kubernetes API for performing state-d
 
 [IMPORTANT]
 ====
-Red Hat supports the Kubernetes NMState Operator in production environments on bare-metal, {ibmpowerProductName}, {ibmzProductName}, {linuxoneProductName}, VMware vSphere, and OpenStack installations.
+Red Hat supports the Kubernetes NMState Operator in production environments on bare-metal, {ibm-power-name}, {ibm-z-name}, {ibm-linuxone-name}, VMware vSphere, and OpenStack installations.
 ====
 
 Before you can use NMState with {product-title}, you must install the Kubernetes NMState Operator.
 
+[NOTE]
+====
+The Kubernetes NMState Operator updates the network configuration of a secondary NIC. It cannot update the network configuration of the primary NIC or the `br-ex` bridge.
+====
+
+{product-title} uses link:https://nmstate.github.io/[`nmstate`] to report on and configure the state of the node network. This makes it possible to modify the network policy configuration, such as by creating a Linux bridge on all nodes, by applying a single configuration manifest to the cluster.
+
+Node networking is monitored and updated by the following objects:
+
+`NodeNetworkState`:: Reports the state of the network on that node.
+`NodeNetworkConfigurationPolicy`:: Describes the requested network configuration on nodes. You update the node network configuration, including adding and removing interfaces, by applying a `NodeNetworkConfigurationPolicy` manifest to the cluster.
+`NodeNetworkConfigurationEnactment`:: Reports the network policies enacted upon each node.
+
 [id="installing-the-kubernetes-nmstate-operator-cli"]
 == Installing the Kubernetes NMState Operator
 
diff --git a/networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.adoc b/networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.adoc
index 46f85e3a0623..1469c8f74728 100644
--- a/networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.adoc
+++ b/networking/k8s_nmstate/k8s-nmstate-observing-node-network-state.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="k8s-nmstate-observing-node-network-state"]
 = Observing node network state
 include::_attributes/common-attributes.adoc[]
@@ -9,6 +9,6 @@ toc::[]
 
 Node network state is the network configuration for all nodes in the cluster.
 
-include::modules/virt-about-nmstate.adoc[leveloffset=+1]
-
 include::modules/virt-viewing-network-state-of-node.adoc[leveloffset=+1]
+
+include::modules/virt-viewing-network-state-of-node-console.adoc[leveloffset=+1]
diff --git a/networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc b/networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc
index 7af4ec33b844..3e132a3eef30 100644
--- a/networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc
+++ b/networking/k8s_nmstate/k8s-nmstate-troubleshooting-node-network.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="k8s-nmstate-troubleshooting-node-network"]
 = Troubleshooting node network configuration
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc b/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
index fa8e4eff668f..70558484c207 100644
--- a/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
+++ b/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc
@@ -1,17 +1,29 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="k8s-nmstate-updating-node-network-config"]
-= Updating node network configuration
+= Observing and updating the node network state and configuration
 include::_attributes/common-attributes.adoc[]
 :VirtProductName: OpenShift Container Platform
 :context: k8s_nmstate-updating-node-network-config
 
 toc::[]
 
-You can update the node network configuration, such as adding or removing interfaces from nodes, by applying `NodeNetworkConfigurationPolicy` manifests to the cluster.
 
-include::modules/virt-about-nmstate.adoc[leveloffset=+1]
+include::modules/virt-viewing-network-state-of-node.adoc[leveloffset=+1]
 
-include::modules/virt-creating-interface-on-nodes.adoc[leveloffset=+1]
+include::modules/virt-viewing-network-state-of-node-console.adoc[leveloffset=+1]
+
+include::modules/virt-node-network-config-console.adoc[leveloffset=+1]
+include::modules/virt-monitor-node-network-config-console.adoc[leveloffset=+2]
+include::modules/virt-create-node-network-config-console.adoc[leveloffset=+2]
+
+=== Updating the policy
+include::modules/virt-update-node-network-config-form.adoc[leveloffset=+3]
+include::modules/virt-update-node-network-config-yaml.adoc[leveloffset=+3]
+include::modules/virt-delete-node-network-config.adoc[leveloffset=+2]
+
+[id="virt-manage-nncp-cli"]
+== Managing policy by using the CLI
+include::modules/virt-creating-interface-on-nodes.adoc[leveloffset=+2]
 
 [discrete]
 [role="_additional-resources"]
@@ -19,9 +31,9 @@ include::modules/virt-creating-interface-on-nodes.adoc[leveloffset=+1]
 * xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-nmstate-multiple-interfaces_{context}[Example for creating multiple interfaces in the same policy]
 * xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-nmstate-IP-management_{context}[Examples of different IP management methods in policies]
 
-include::modules/virt-confirming-policy-updates-on-nodes.adoc[leveloffset=+1]
+include::modules/virt-confirming-policy-updates-on-nodes.adoc[leveloffset=+2]
 
-include::modules/virt-removing-interface-from-nodes.adoc[leveloffset=+1]
+include::modules/virt-removing-interface-from-nodes.adoc[leveloffset=+2]
 
 [id="virt-nmstate-example-policy-configurations"]
 == Example policy configurations for different interfaces
@@ -36,6 +48,14 @@ include::modules/virt-example-ethernet-nncp.adoc[leveloffset=+2]
 
 include::modules/virt-example-nmstate-multiple-interfaces.adoc[leveloffset=+2]
 
+include::modules/virt-example-host-vrf.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/multiple_networks/about-virtual-routing-and-forwarding.adoc#cnf-about-virtual-routing-and-forwarding_about-virtual-routing-and-forwarding[About virtual routing and forwarding]
+* xref:../../networking/metallb/metallb-configure-bgp-peers.adoc#nw-metallb-bgp-peer-vrf_configure-metallb-bgp-peers[Exposing a service through a network VRF]
+
 [id="capturing-nic-static-ip_k8s-nmstate-updating-node-network-config"]
 == Capturing the static IP of a NIC attached to a bridge
 
diff --git a/networking/load-balancing-openstack.adoc b/networking/load-balancing-openstack.adoc
index c1bd21710491..b665cfdce4ab 100644
--- a/networking/load-balancing-openstack.adoc
+++ b/networking/load-balancing-openstack.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="load-balancing-openstack"]
 = Load balancing on {rh-openstack}
 include::_attributes/common-attributes.adoc[]
@@ -8,10 +8,6 @@ toc::[]
 
 include::modules/nw-osp-loadbalancer-limitations.adoc[leveloffset=+1]
 include::modules/nw-osp-loadbalancer-etp-local.adoc[leveloffset=+2]
-include::modules/nw-osp-loadbalancer-source-ranges.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-octavia-upgrade.adoc[leveloffset=+1]
 include::modules/installation-osp-api-octavia.adoc[leveloffset=+1]
 include::modules/installation-osp-api-scaling.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-api-scaling.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-ingress-scaling.adoc[leveloffset=+1]
 include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+1]
diff --git a/networking/metallb/about-advertising-ipaddresspool.adoc b/networking/metallb/about-advertising-ipaddresspool.adoc
index fcf7865ecb57..e69759f4587e 100644
--- a/networking/metallb/about-advertising-ipaddresspool.adoc
+++ b/networking/metallb/about-advertising-ipaddresspool.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-advertise-for-ipaddress-pools"]
 = About advertising for the IP address pools
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/metallb/about-metallb.adoc b/networking/metallb/about-metallb.adoc
index 5c408142aea5..5c97160505cf 100644
--- a/networking/metallb/about-metallb.adoc
+++ b/networking/metallb/about-metallb.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-metallb"]
 = About MetalLB and the MetalLB Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/metallb/metallb-configure-address-pools.adoc b/networking/metallb/metallb-configure-address-pools.adoc
index 75bbfea20213..40bb26926195 100644
--- a/networking/metallb/metallb-configure-address-pools.adoc
+++ b/networking/metallb/metallb-configure-address-pools.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-configure-address-pools"]
 = Configuring MetalLB address pools
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/metallb/metallb-configure-bfd-profiles.adoc b/networking/metallb/metallb-configure-bfd-profiles.adoc
index a4ff0cda2fc4..6df0c5d1ea2c 100644
--- a/networking/metallb/metallb-configure-bfd-profiles.adoc
+++ b/networking/metallb/metallb-configure-bfd-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-configure-bfd-profiles"]
 = Configuring MetalLB BFD profiles
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/metallb/metallb-configure-bgp-peers.adoc b/networking/metallb/metallb-configure-bgp-peers.adoc
index 9ca3edd1b923..58457cb4bcc2 100644
--- a/networking/metallb/metallb-configure-bgp-peers.adoc
+++ b/networking/metallb/metallb-configure-bgp-peers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-configure-bgp-peers"]
 = Configuring MetalLB BGP peers
 include::_attributes/common-attributes.adoc[]
@@ -23,6 +23,20 @@ include::modules/nw-metallb-configure-bgppeer.adoc[leveloffset=+1]
 // Add a BGP peer
 include::modules/nw-metallb-configure-specificpools-to-bgppeer.adoc[leveloffset=+1]
 
+// Add a BGP peer with VRF
+include::modules/nw-metallb-configure-vrf-bgppeer.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/multiple_networks/about-virtual-routing-and-forwarding.adoc#cnf-about-virtual-routing-and-forwarding_about-virtual-routing-and-forwarding[About virtual routing and forwarding]
+
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s_nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
+
+* xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc#configuring-egress-traffic-loadbalancer-services[Configuring an egress service]
+
+* xref:../../networking/metallb/metallb-configure-return-traffic.adoc#metallb-configure-return-traffic[Managing symmetric routing with MetalLB]
+
 // Examples
 include::modules/nw-metallb-example-bgppeer.adoc[leveloffset=+1]
 
diff --git a/networking/metallb/metallb-configure-community-alias.adoc b/networking/metallb/metallb-configure-community-alias.adoc
index 177b9e601028..b5f651caa9f3 100644
--- a/networking/metallb/metallb-configure-community-alias.adoc
+++ b/networking/metallb/metallb-configure-community-alias.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-configure-community-alias"]
 = Configuring community alias
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-As a cluster administrator, you can configure a community alias and use it across different advertisements. 
+As a cluster administrator, you can configure a community alias and use it across different advertisements.
 
 // Address pool custom resource
 include::modules/nw-metallb-community-cr.adoc[leveloffset=+1]
diff --git a/networking/metallb/metallb-configure-return-traffic.adoc b/networking/metallb/metallb-configure-return-traffic.adoc
new file mode 100644
index 000000000000..338e17687de5
--- /dev/null
+++ b/networking/metallb/metallb-configure-return-traffic.adoc
@@ -0,0 +1,64 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="metallb-configure-return-traffic"]
+= Managing symmetric routing with MetalLB
+include::_attributes/common-attributes.adoc[]
+:context: metallb-configure-return-traffic
+
+toc::[]
+
+As a cluster administrator, you can effectively manage traffic for pods behind a MetalLB load-balancer service with multiple host interfaces by implementing features from MetalLB, NMState, and OVN-Kubernetes. By combining these features in this context, you can provide symmetric routing, traffic segregation, and support clients on different networks with overlapping CIDR addresses.
+
+To achieve this functionality, learn how to implement virtual routing and forwarding (VRF) instances with MetalLB, and configure egress services.
+
+:FeatureName: Configuring symmetric traffic by using a VRF instance with MetalLB and an egress service
+include::snippets/technology-preview.adoc[]
+
+[id="challenges-of-managing-symmetric-routing-with-metallb"]
+== Challenges of managing symmetric routing with MetalLB
+
+When you use MetalLB with multiple host interfaces, MetalLB exposes and announces a service through all available interfaces on the host. This can present challenges relating to network isolation, asymmetric return traffic and overlapping CIDR addresses.
+
+One option to ensure that return traffic reaches the correct client is to use static routes. However, with this solution, MetalLB cannot isolate the services and then announce each service through a different interface. Additionally, static routing requires manual configuration and requires maintenance if remote sites are added.
+
+A further challenge of symmetric routing when implementing a MetalLB service is scenarios where external systems expect the source and destination IP address for an application to be the same. The default behavior for {product-title} is to assign the IP address of the host network interface as the source IP address for traffic originating from pods. This is problematic with multiple host interfaces.
+
+You can overcome these challenges by implementing a configuration that combines features from MetalLB, NMState, and OVN-Kubernetes.
+
+[id="overview-of-managing-symmetric-routing-using-vrf-based-networks-with-metallb"]
+== Overview of managing symmetric routing by using VRFs with MetalLB
+
+You can overcome the challenges of implementing symmetric routing by using NMState to configure a VRF instance on a host, associating the VRF instance with a MetalLB `BGPPeer` resource, and configuring an egress service for egress traffic with OVN-Kubernetes.
+
+.Network overview of managing symmetric routing by using VRFs with MetalLB
+image::357_OpenShift_MetalLB_VRF_0823.png[Network overview of managing symmetric routing by using VRFs with MetalLB]
+
+The configuration process involves three stages:
+
+.1. Define a VRF and routing rules
+
+* Configure a `NodeNetworkConfigurationPolicy` custom resource (CR) to associate a VRF instance with a network interface.
+* Use the VRF routing table to direct ingress and egress traffic.
+
+.2. Link the VRF to a MetalLB `BGPPeer`
+
+* Configure a MetalLB `BGPPeer` resource to use the VRF instance on a network interface.
+* By associating the `BGPPeer` resource with the VRF instance, the designated network interface becomes the primary interface for the BGP session, and MetalLB advertises the services through this interface.
+
+.3. Configure an egress service
+
+* Configure an egress service to choose the network associated with the VRF instance for egress traffic.
+* Optional: Configure an egress service to use the IP address of the MetalLB load-balancer service as the source IP for egress traffic.
+
+// Deploying an egress service for VRF
+include::modules/nw-metallb-configure-return-traffic-proc.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/multiple_networks/about-virtual-routing-and-forwarding.adoc#cnf-about-virtual-routing-and-forwarding_about-virtual-routing-and-forwarding[About virtual routing and forwarding]
+
+* xref:../../networking/metallb/metallb-configure-bgp-peers.adoc#nw-metallb-bgp-peer-vrf_configure-metallb-bgp-peers[Exposing a service through a network VRF]
+
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s_nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
+
+* xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc#configuring-egress-traffic-loadbalancer-services[Configuring an egress service]
diff --git a/networking/metallb/metallb-configure-services.adoc b/networking/metallb/metallb-configure-services.adoc
index b683a95131cd..e6528b8cf325 100644
--- a/networking/metallb/metallb-configure-services.adoc
+++ b/networking/metallb/metallb-configure-services.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-configure-services"]
 = Configuring services to use MetalLB
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/metallb/metallb-operator-install.adoc b/networking/metallb/metallb-operator-install.adoc
index 578595f96f78..f57acb0d5311 100644
--- a/networking/metallb/metallb-operator-install.adoc
+++ b/networking/metallb/metallb-operator-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-operator-install"]
 = Installing the MetalLB Operator
 include::_attributes/common-attributes.adoc[]
@@ -26,14 +26,16 @@ include::modules/nw-metallb-operator-deployment-specifications-for-metallb.adoc[
 // Deployment specs to limit speaker pods to specific nodes
 include::modules/nw-metallb-operator-limit-speaker-to-nodes.adoc[leveloffset=+2]
 
-// Deployment specs to set pod priority and pod ffinity
+// Deployment specs to set RuntimeClass
+include::modules/nw-metallb-operator-setting-runtimeclass.adoc[leveloffset=+2]
+
+// Deployment specs to set pod priority and pod affinity
 include::modules/nw-metallb-operator-setting-pod-priority-affinity.adoc[leveloffset=+2]
 
 // Deployment specs to set pod CPU limits
 include::modules/nw-metallb-operator-setting-pod-CPU-limits.adoc[leveloffset=+2]
 
-// Deployment specs to set RuntimeClass
-include::modules/nw-metallb-operator-setting-runtimeclass.adoc[leveloffset=+2]
+
 
 [role="_additional-resources"]
 [id="additional-resources_metallb-operator-install"]
diff --git a/networking/metallb/metallb-troubleshoot-support.adoc b/networking/metallb/metallb-troubleshoot-support.adoc
index d829f5a804db..ff0731984d9f 100644
--- a/networking/metallb/metallb-troubleshoot-support.adoc
+++ b/networking/metallb/metallb-troubleshoot-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-logging-troubleshooting-support"]
 = MetalLB logging, troubleshooting, and support
 include::_attributes/common-attributes.adoc[]
@@ -26,7 +26,7 @@ include::modules/nw-metallb-metrics.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* See xref:../../monitoring/querying-metrics.adoc#querying-metrics[Querying metrics] for information about using the monitoring dashboard.
+* See xref:../../monitoring/managing-metrics.adoc#about-querying-metrics_managing-metrics[Querying metrics] for information about using the monitoring dashboard.
 
 // Collecting data
 include::modules/nw-metallb-collecting-data.adoc[leveloffset=+1]
diff --git a/networking/metallb/metallb-upgrading-operator.adoc b/networking/metallb/metallb-upgrading-operator.adoc
index 3b892e6f0df7..02de16cacea4 100644
--- a/networking/metallb/metallb-upgrading-operator.adoc
+++ b/networking/metallb/metallb-upgrading-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metallb-upgrading-operator"]
 = Upgrading the MetalLB
 include::_attributes/common-attributes.adoc[]
@@ -19,7 +19,7 @@ A summary of the upgrade procedure for the MetalLB Operator from 4.10 and earlie
 This procedure does not apply to automatic z-stream updates of the MetalLB Operator, which follow the standard straightforward method.
 ====
 
-For detailed steps to upgrade the MetalLB Operator from 4.10 and earlier, see the guidance that follows.
+For detailed steps to upgrade the MetalLB Operator from 4.10 and earlier, see the guidance that follows. As a cluster administrator, start the upgrade process by deleting the MetalLB Operator by using the OpenShift CLI (`oc`) or the web console.
 
 //Delete metallb using web console
 include::modules/olm-deleting-metallb-operators-from-a-cluster-using-web-console.adoc[leveloffset=+1]
@@ -27,6 +27,9 @@ include::modules/olm-deleting-metallb-operators-from-a-cluster-using-web-console
 //Delete metallb using cli
 include::modules/olm-deleting-metallb-operators-from-a-cluster-using-cli.adoc[leveloffset=+1]
 
+//Delete targetNamespace
+include::modules/olm-updating-metallb-operatorgroup.adoc[leveloffset=+1]
+
 //Upgrade the MetalLB
 include::modules/nw-metalLB-basic-upgrade-operator.adoc[leveloffset=+1]
 
diff --git a/networking/multiple_networks/about-virtual-routing-and-forwarding.adoc b/networking/multiple_networks/about-virtual-routing-and-forwarding.adoc
index 41f48960019e..65fedd74ccd5 100644
--- a/networking/multiple_networks/about-virtual-routing-and-forwarding.adoc
+++ b/networking/multiple_networks/about-virtual-routing-and-forwarding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-virtual-routing-and-forwarding"]
 = About virtual routing and forwarding
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/multiple_networks/assigning-a-secondary-network-to-a-vrf.adoc b/networking/multiple_networks/assigning-a-secondary-network-to-a-vrf.adoc
index 87ec3ef8180b..7713d1763855 100644
--- a/networking/multiple_networks/assigning-a-secondary-network-to-a-vrf.adoc
+++ b/networking/multiple_networks/assigning-a-secondary-network-to-a-vrf.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="assigning-a-secondary-network-to-a-vrf"]
 = Assigning a secondary network to a VRF
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/multiple_networks/attaching-pod.adoc b/networking/multiple_networks/attaching-pod.adoc
index 59905ba3d80f..74a0d22a3bfc 100644
--- a/networking/multiple_networks/attaching-pod.adoc
+++ b/networking/multiple_networks/attaching-pod.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="attaching-pod"]
 = Attaching a pod to an additional network
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/multiple_networks/configuring-additional-network.adoc b/networking/multiple_networks/configuring-additional-network.adoc
index b1461392a625..a786deda0f32 100644
--- a/networking/multiple_networks/configuring-additional-network.adoc
+++ b/networking/multiple_networks/configuring-additional-network.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-additional-network"]
 = Configuring an additional network
 include::_attributes/common-attributes.adoc[]
@@ -13,6 +13,7 @@ As a cluster administrator, you can configure an additional network for your clu
 * xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-vlan-object_configuring-additional-network[VLAN]
 * xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-ipvlan-object_configuring-additional-network[IPVLAN]
 * xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-macvlan-object_configuring-additional-network[MACVLAN]
+* xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-tap-object_configuring-additional-network[TAP]
 * xref:../../networking/multiple_networks/configuring-additional-network.adoc#configuration-ovnk-additional-networks_configuring-additional-network[OVN-Kubernetes]
 
 [id="{context}_approaches-managing-additional-network"]
@@ -131,16 +132,54 @@ include::modules/nw-multus-host-device-object.adoc[leveloffset=+2]
 include::modules/nw-multus-vlan-object.adoc[leveloffset=+2]
 include::modules/nw-multus-ipvlan-object.adoc[leveloffset=+2]
 include::modules/nw-multus-macvlan-object.adoc[leveloffset=+2]
+include::modules/nw-multus-tap-object.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about enabling an SELinux boolean on a node, see xref:../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-working-setting-booleans_nodes-nodes-managing[Setting SELinux booleans]
+
+// Set of includes pertains to OVN-Kubernetes additional network
 include::modules/configuring-ovnk-additional-networks.adoc[leveloffset=+2]
 include::modules/configuration-ovnk-network-plugin-json-object.adoc[leveloffset=+3]
+include::modules/configuration-ovnk-multi-network-policy.adoc[leveloffset=+3]
+
 //include::modules/configuring-layer-three-routed-topology.adoc[leveloffset=+3]
 include::modules/configuring-layer-two-switched-topology.adoc[leveloffset=+3]
-//include::modules/configuring-localnet-switched-topology.adoc[leveloffset=+3]
+
+[id="{context}_ovn-kubernetes-configuration-for-a-localnet-topology"]
+==== Configuration for a localnet topology
+
+include::modules/configuring-localnet-switched-topology.adoc[tag=localnet-intro]
+
+// Workaround lack of xref in modules
+[id="{context}_configuration-additional-network-types-prerequisites"]
+===== Prerequisites for configuring OVN-Kubernetes additional network
+
+- The NMState Operator is installed. For more information, see xref:../../networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc#k8s-nmstate-about-the-k8s-nmstate-operator[About the Kubernetes NMState Operator].
+
+[id="{context}_configuration-additional-network-interface"]
+===== Configuration for an OVN-Kubernetes additional network mapping
+
+include::modules/configuring-localnet-switched-topology.adoc[tag=localnet-content]
 include::modules/configuring-pods-secondary-network.adoc[leveloffset=+3]
 include::modules/configuring-pods-static-ip.adoc[leveloffset=+3]
+// end OVN-Kubernetes includes
 
 include::modules/nw-multus-ipam-object.adoc[leveloffset=+1]
 
+include::modules/nw-multus-configure-dualstack-ip-address.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../networking/multiple_networks/attaching-pod.html#nw-multus-add-pod_attaching-pod[Attaching a pod to an additional network]
+
 include::modules/nw-multus-create-network.adoc[leveloffset=+1]
 
 include::modules/nw-multus-create-network-apply.adoc[leveloffset=+1]
+
+include::modules/nw-about-configuring-master-interface-container.adoc[leveloffset=+1]
+
+include::modules/nw-multus-create-multiple-vlans-sriov.adoc[leveloffset=+2]
+
+include::modules/nw-multus-create-master-interface-bridge-cni.adoc[leveloffset=+2]
diff --git a/networking/multiple_networks/configuring-multi-network-policy.adoc b/networking/multiple_networks/configuring-multi-network-policy.adoc
index a8d064f5c129..ea87bbb43870 100644
--- a/networking/multiple_networks/configuring-multi-network-policy.adoc
+++ b/networking/multiple_networks/configuring-multi-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-multi-network-policy"]
 = Configuring multi-network policy
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-As a cluster administrator, you can configure multi-network for additional networks. You can specify multi-network policy for SR-IOV and macvlan additional networks. Macvlan additional networks are fully supported. Other types of additional networks, such as ipvlan, are not supported.
+As a cluster administrator, you can configure multi-network for additional networks. You can specify multi-network policy for SR-IOV, macvlan, and OVN-Kubernetes additional networks. Macvlan additional networks are fully supported. Other types of additional networks, such as ipvlan, are not supported.
 
 [IMPORTANT]
 ====
@@ -15,14 +15,9 @@ Support for configuring multi-network policies for SR-IOV additional networks is
 For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
 ====
 
-[NOTE]
-====
-Configured network policies are ignored in IPv6 networks.
-====
-
-
 include::modules/nw-multi-network-policy-differences.adoc[leveloffset=+1]
 include::modules/nw-multi-network-policy-enable.adoc[leveloffset=+1]
+include::modules/nw-multi-network-policy-ipv6-suppport.adoc[leveloffset=+1]
 
 [id="{context}_working-with-multi-network-policy"]
 == Working with multi-network policy
diff --git a/networking/multiple_networks/edit-additional-network.adoc b/networking/multiple_networks/edit-additional-network.adoc
index 0eeb9643a1b3..3ac676e38574 100644
--- a/networking/multiple_networks/edit-additional-network.adoc
+++ b/networking/multiple_networks/edit-additional-network.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="edit-additional-network"]
 = Editing an additional network
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/multiple_networks/remove-additional-network.adoc b/networking/multiple_networks/remove-additional-network.adoc
index a1d1885bbc2b..0612003c2c19 100644
--- a/networking/multiple_networks/remove-additional-network.adoc
+++ b/networking/multiple_networks/remove-additional-network.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="remove-additional-network"]
 = Removing an additional network
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/multiple_networks/removing-pod.adoc b/networking/multiple_networks/removing-pod.adoc
index 66d5a497e3b1..f4aac4b08610 100644
--- a/networking/multiple_networks/removing-pod.adoc
+++ b/networking/multiple_networks/removing-pod.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-pod"]
 = Removing a pod from an additional network
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/multiple_networks/understanding-multiple-networks.adoc b/networking/multiple_networks/understanding-multiple-networks.adoc
index 61e083183d4f..0b28bb08bf4b 100644
--- a/networking/multiple_networks/understanding-multiple-networks.adoc
+++ b/networking/multiple_networks/understanding-multiple-networks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-multiple-networks"]
 = Understanding multiple networks
 include::_attributes/common-attributes.adoc[]
@@ -57,4 +57,6 @@ networks in your cluster:
 
  * *macvlan*: xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-macvlan-object_configuring-additional-network[Configure a macvlan-based additional network] to allow pods on a host to communicate with other hosts and pods on those hosts by using a physical network interface. Each pod that is attached to a macvlan-based additional network is provided a unique MAC address.
 
+  * *tap*: xref:../../networking/multiple_networks/configuring-additional-network.adoc#nw-multus-tap-object_configuring-additional-network[Configure a tap-based additional network] to create a tap device inside the container namespace. A tap device enables user space programs to send and receive network packets.
+
  * *SR-IOV*: xref:../../networking/hardware_networks/about-sriov.adoc#about-sriov[Configure an SR-IOV based additional network] to allow pods to attach to a virtual function (VF) interface on SR-IOV capable hardware on the host system.
diff --git a/networking/network-verification.adoc b/networking/network-verification.adoc
index 34e7a0decaa9..e72dc99f6582 100644
--- a/networking/network-verification.adoc
+++ b/networking/network-verification.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 ifdef::openshift-dedicated[]
 [id="osd-network-verification_{context}"]
 = Network verification for {product-title} clusters
@@ -15,12 +15,12 @@ endif::[]
 
 toc::[]
 
-Network verification checks run automatically when you deploy 
+Network verification checks run automatically when you deploy
 ifdef::openshift-dedicated[]
-an {product-title} 
+an {product-title}
 endif::openshift-dedicated[]
 ifdef::openshift-rosa[]
-a {product-title} (ROSA) 
+a {product-title} (ROSA)
 endif::openshift-rosa[]
 cluster into an existing Virtual Private Cloud (VPC) or create an additional machine pool with a subnet that is new to your cluster. The checks validate your network configuration and highlight errors, enabling you to resolve configuration issues prior to deployment.
 
diff --git a/networking/network_observability/configuring-operator.adoc b/networking/network_observability/configuring-operator.adoc
deleted file mode 100644
index 1669f2b63782..000000000000
--- a/networking/network_observability/configuring-operator.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-:_content-type: ASSEMBLY
-[id="configuring-network-observability-operators"]
-= Configuring the Network Observability Operator
-include::_attributes/common-attributes.adoc[]
-:context: network_observability
-
-toc::[]
-
-You can update the Flow Collector API resource to configure the Network Observability Operator and its managed components. The  Flow Collector is explicitly created during installation. Since this resource operates cluster-wide, only a single `FlowCollector` is allowed, and it has to be named `cluster`.
-
-
-include::modules/network-observability-flowcollector-view.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-For more information about conversation tracking, see xref:../../networking/network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversations].
-
-include::modules/network-observability-flowcollector-kafka-config.adoc[leveloffset=+1]
-include::modules/network-observability-enriched-flows-kafka.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources 
-For more information about specifying flow format, see xref:../../networking/network_observability/json-flows-format-reference.adoc#network-observability-flows-format_json_reference[Network flows format reference].
-
-include::modules/network-observability-configuring-FLP-sampling.adoc[leveloffset=+1]
-include::modules/network-observability-configuring-quickfilters-flowcollector.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/networking/network_observability/installing-operators.adoc b/networking/network_observability/installing-operators.adoc
deleted file mode 100644
index cf7ceccdc728..000000000000
--- a/networking/network_observability/installing-operators.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-network-observability-operators"]
-= Installing the Network Observability Operator
-include::_attributes/common-attributes.adoc[]
-:context: network_observability
-
-toc::[]
-Installing Loki is a prerequisite for using the Network Observability Operator. It is recommended to install Loki using the Loki Operator; therefore, these steps are documented below prior to the Network Observability Operator installation.
-
-The Loki Operator integrates a gateway that implements multi-tenancy & authentication with Loki for data flow storage. The *LokiStack* resource manages *Loki*, which is a scalable, highly-available, multi-tenant log aggregation system, and a web proxy with {product-title} authentication. The *LokiStack* proxy uses {product-title} authentication to enforce multi-tenancy and facilitate the saving and indexing of data in *Loki* log stores. 
-
-[NOTE]
-====
-The Loki Operator can also be used for xref:../../logging/cluster-logging-loki.adoc#cluster-logging-loki[Logging with the LokiStack]. The Network Observability Operator requires a dedicated LokiStack separate from Logging.
-====
-
-include::modules/network-observability-loki-install.adoc[leveloffset=+1]
-include::modules/network-observability-lokistack-create.adoc[leveloffset=+2]
-include::modules/network-observability-lokistack-ingestion-query.adoc[leveloffset=+2]
-include::modules/network-observability-auth-multi-tenancy.adoc[leveloffset=+1]
-include::modules/network-observability-multitenancy.adoc[leveloffset=+1]
-include::modules/network-observability-kafka-option.adoc[leveloffset=+1]
-include::modules/network-observability-operator-install.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* For more information about Flow Collector specifications, see the xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference] and the xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
-
-* For more information about exporting flow data to Kafka for third party processing consumption, see xref:../../networking/network_observability/configuring-operator.adoc#network-observability-enriched-flows-kafka_network_observability[Export enriched network flow data].
-
-include::modules/network-observability-operator-uninstall.adoc[leveloffset=+1]
-
diff --git a/networking/network_observability/network-observability-operator-monitoring.adoc b/networking/network_observability/network-observability-operator-monitoring.adoc
deleted file mode 100644
index f27ede057883..000000000000
--- a/networking/network_observability/network-observability-operator-monitoring.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="network-observability-operator-monitoring"]
-= Monitoring the Network Observability Operator
-include::_attributes/common-attributes.adoc[]
-:context: network_observability
-
-toc::[]
-
-You can use the web console to monitor alerts related to the health of the Network Observability Operator. 
-
-
-include::modules/network-observability-viewing-alerts.adoc[leveloffset=+1]
-include::modules/network-observability-disabling-health-alerts.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/networking/network_observability/network-observability-operator-release-notes.adoc b/networking/network_observability/network-observability-operator-release-notes.adoc
deleted file mode 100644
index 73dedbbce32c..000000000000
--- a/networking/network_observability/network-observability-operator-release-notes.adoc
+++ /dev/null
@@ -1,129 +0,0 @@
-//Network Observability Operator Release Notes
-:_content-type: ASSEMBLY
-[id="network-observability-operator-release-notes"]
-= Network Observability Operator release notes
-:context: network-observability-operator-release-notes-v0
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-The Network Observability Operator enables administrators to observe and analyze network traffic flows for {product-title} clusters.
-
-These release notes track the development of the Network Observability Operator in the {product-title}.
-
-For an overview of the Network Observability Operator, see xref:../../networking/network_observability/network-observability-overview.adoc#dependency-network-observability[About Network Observability Operator].
-
-[id="network-observability-operator-release-notes-1-3"]
-== Network Observability Operator 1.3.0
-The following advisory is available for the Network Observability Operator 1.3.0:
-
-* link:https://access.redhat.com/errata/RHSA-2023:3905[RHSA-2023:3905 Network Observability Operator 1.3.0]
-
-[id="network-observability-operator-1.3.0-features-enhancements"]
-=== New features and enhancements
-
-[id="multi-tenancy-1.3"]
-==== Multi-tenancy in Network Observability 
-* System administrators can allow and restrict individual user access, or group access, to the flows stored in Loki. For more information, see xref:../../networking/network_observability/installing-operators.adoc#network-observability-multi-tenancynetwork_observability[Multi-tenancy in Network Observability].
-
-[id="flow-based-dashboard-1.3"]
-==== Flow-based metrics dashboard 
-* This release adds a new dashboard, which provides an overview of the network flows in your {product-title} cluster. For more information, see xref:../../networking/network_observability/network-observability-overview.adoc#network-observability-dashboards[Network Observability metrics].
-
-[id="must-gather-1.3"]
-==== Troubleshooting with the must-gather tool
-* Information about the Network Observability Operator can now be included in the must-gather data for troubleshooting. For more information, see xref:../../networking/network_observability/troubleshooting-network-observability.adoc#network-observability-must-gather_network-observability-troubleshooting[Network Observability must-gather].
-
-[id="multi-arch-1.3"]
-==== Multiple architectures now supported 
-* Network Observability Operator can now run on an amd64, ppc64le, or arm64 architecture. Previously, it only ran on amd64. 
-
-[id="deprecated-features-1.3"]
-=== Deprecated features
-
-[id="authToken-host"]
-==== Deprecated configuration parameter setting
-The release of Network Observability Operator 1.3 deprecates the `spec.Loki.authToken` `HOST` setting. When using the Loki Operator, you must now only use the `FORWARD` setting.
-
-[id="network-observability-operator-1.3.0-bug-fixes"]
-=== Bug fixes
-* Previously, when the Operator was installed from the CLI, the `Role` and `RoleBinding` that are necessary for the Cluster Monitoring Operator to read the metrics were not installed as expected. The issue did not occur when the operator was installed from the web console. Now, either way of installing the Operator installs the required `Role` and `RoleBinding`. (link:https://issues.redhat.com/browse/NETOBSERV-1003[*NETOBSERV-1003*])
-
-* Since version 1.2, the Network Observability Operator can raise alerts when a problem occurs with the flows collection. Previously, due to a bug, the related configuration to disable alerts, `spec.processor.metrics.disableAlerts` was not working as expected and sometimes ineffectual. Now, this configuration is fixed so that it is possible to disable the alerts. (link:https://issues.redhat.com/browse/NETOBSERV-976[*NETOBSERV-976*])
-
-* Previously, when Network Observability was configured with `spec.loki.authToken` set to `DISABLED`, only a `kubeadmin` cluster administrator was able to view network flows. Other types of cluster administrators received authorization failure. Now, any cluster administrator is able to view network flows. (link:https://issues.redhat.com/browse/NETOBSERV-972[*NETOBSERV-972*])
-
-* Previously, a bug prevented users from setting `spec.consolePlugin.portNaming.enable` to `false`. Now, this setting can be set to `false` to disable port-to-service name translation. (link:https://issues.redhat.com/browse/NETOBSERV-971[*NETOBSERV-971*])
-
-* Previously, the metrics exposed by the console plugin were not collected by the Cluster Monitoring Operator (Prometheus), due to an incorrect configuration. Now the configuration has been fixed so that the console plugin metrics are correctly collected and accessible from the {product-title} web console. (link:https://issues.redhat.com/browse/NETOBSERV-765[*NETOBSERV-765*])
-
-* Previously, when `processor.metrics.tls` was set to `AUTO` in the `FlowCollector`, the `flowlogs-pipeline servicemonitor` did not adapt the appropriate TLS scheme, and metrics were not visible in the web console. Now the issue is fixed for AUTO mode. (link:https://issues.redhat.com/browse/NETOBSERV-1070[*NETOBSERV-1070*])
-
-* Previously, certificate configuration, such as used for Kafka and Loki, did not allow specifying a namespace field, implying that the certificates had to be in the same namespace where Network Observability is deployed. Moreover, when using Kafka with TLS/mTLS, the user had to manually copy the certificate(s) to the privileged namespace where the eBPF agent pods are deployed and manually manage certificate updates, such as in the case of certificate rotation. Now, Network Observability setup is simplified by adding a namespace field for certificates in the `FlowCollector` resource. As a result, users can now install Loki or Kafka in different namespaces without needing to manually copy their certificates in the Network Observability namespace. The original certificates are watched so that the copies are automatically updated when needed. (link:https://issues.redhat.com/browse/NETOBSERV-773[*NETOBSERV-773*])
-
-* Previously, the SCTP, ICMPv4 and ICMPv6 protocols were not covered by the Network Observability agents, resulting in a less comprehensive network flows coverage. These protocols are now recognized to improve the flows coverage. (link:https://issues.redhat.com/browse/NETOBSERV-934[*NETOBSERV-934*])
-
-[id="network-observability-operator-1.3.0-known-issues"]
-=== Known issue
-* When `processor.metrics.tls` is set to `PROVIDED` in the `FlowCollector`, the `flowlogs-pipeline` `servicemonitor` is not adapted to the TLS scheme. (link:https://issues.redhat.com/browse/NETOBSERV-1087[NETOBSERV-1087])
-
-[id="network-observability-operator-release-notes-1-2"]
-== Network Observability Operator 1.2.0
-The following advisory is available for the Network Observability Operator 1.2.0:
-
-* https://access.redhat.com/errata/RHSA-2023:1817[RHSA-2023:1817 Network Observability Operator 1.2.0]
-
-[id="network-observability-operator-preparing-to-update"]
-=== Preparing for the next update
-The subscription of an installed Operator specifies an update channel that tracks and receives updates for the Operator. Until the 1.2 release of the Network Observability Operator, the only channel available was `v1.0.x`. The 1.2 release of the Network Observability Operator introduces the `stable` update channel for tracking and receiving updates. You must switch your channel from `v1.0.x` to `stable` to receive future Operator updates. The `v1.0.x` channel is deprecated and planned for removal in a following release.
-
-[id="network-observability-operator-1.2.0-features-enhancements"]
-=== New features and enhancements
-
-[id="histogram-feature-1.2"]
-==== Histogram in Traffic Flows view
-* You can now choose to show a histogram bar chart of flows over time. The histogram enables you to visualize the history of flows without hitting the Loki query limit. For more information, see xref:../../networking/network_observability/observing-network-traffic.adoc#network-observability-histogram-trafficflow_nw-observe-network-traffic[Using the histogram].
-
-[id="conversation-tracking-feature-1.2"]
-==== Conversation tracking
-* You can now query flows by *Log Type*, which enables grouping network flows that are part of the same conversation. For more information, see xref:../../networking/network_observability/observing-network-traffic.adoc#network-observability-working-with-conversations_nw-observe-network-traffic[Working with conversations].
-
-[id="health-alerts-feature-1.2"]
-==== Network Observability health alerts
-* The Network Observability Operator now creates automatic alerts if the `flowlogs-pipeline` is dropping flows because of errors at the write stage or if the Loki ingestion rate limit has been reached. For more information, see xref:../../networking/network_observability/network-observability-operator-monitoring.adoc#network-observability-alert-dashboard_network_observability[Viewing health information]. 
-
-[id="network-observability-operator-1.2.0-bug-fixes"]
-=== Bug fixes
-
-* Previously, after changing the `namespace` value in the FlowCollector spec, eBPF Agent pods running in the previous namespace were not appropriately deleted. Now, the pods running in the previous namespace are appropriately deleted. (link:https://issues.redhat.com/browse/NETOBSERV-774[*NETOBSERV-774*])
-
-* Previously, after changing the `caCert.name` value in the FlowCollector spec (such as in Loki section), FlowLogs-Pipeline pods and Console plug-in pods were not restarted, therefore they were unaware of the configuration change. Now, the pods are restarted, so they get the configuration change. (link:https://issues.redhat.com/browse/NETOBSERV-772[*NETOBSERV-772*])
-
-* Previously, network flows between pods running on different nodes were sometimes not correctly identified as being duplicates because they are captured by different network interfaces. This resulted in over-estimated metrics displayed in the console plug-in. Now, flows are correctly identified as duplicates, and the console plug-in displays accurate metrics. (link:https://issues.redhat.com/browse/NETOBSERV-755[*NETOBSERV-755*])
-
-* The "reporter" option in the console plug-in is used to filter flows based on the observation point of either source node or destination node. Previously, this option mixed the flows regardless of the node observation point. This was due to network flows being incorrectly reported as Ingress or Egress at the node level.  Now, the network flow direction reporting is correct. The "reporter" option filters for source observation point, or destination observation point, as expected. (link:https://issues.redhat.com/browse/NETOBSERV-696[*NETOBSERV-696*])
-
-* Previously, for agents configured to send flows directly to the processor as gRPC+protobuf requests, the submitted payload could be too large and is rejected by the processors' GRPC server. This occurred under  very-high-load scenarios and with only some configurations of the agent. The agent logged an error message, such as: _grpc: received message larger than max_. As a consequence, there was information loss about those flows. Now, the gRPC payload is split into several messages when the size exceeds a threshold. As a result, the server maintains connectivity. (link:https://issues.redhat.com/browse/NETOBSERV-617[*NETOBSERV-617*])
-
-[id="network-observability-operator-1.2.0-known-issues"]
-=== Known issue
-* In the 1.2.0 release of the Network Observability Operator, using Loki Operator 5.6, a Loki certificate transition periodically affects the `flowlogs-pipeline` pods and results in dropped flows rather than flows written to Loki. The problem self-corrects after some time, but it still causes temporary flow data loss during the Loki certificate transition. (link:https://issues.redhat.com/browse/NETOBSERV-980[*NETOBSERV-980*])
-
-[id="network-observability-operator-1.2.0-notable-technical-changes"]
-=== Notable technical changes
-* Previously, you could install the Network Observability Operator using a custom namespace. This release introduces the `conversion webhook` which changes the `ClusterServiceVersion`. Because of this change, all the available namespaces are no longer listed. Additionally, to enable Operator metrics collection, namespaces that are shared with other Operators, like the `openshift-operators` namespace, cannot be used. Now, the Operator must be installed in the `openshift-netobserv-operator` namespace. You cannot automatically upgrade to the new Operator version if you previously installed the Network Observability Operator using a custom namespace. If you previously installed the Operator using a custom namespace, you must delete the instance of the Operator that was installed and re-install your operator in the `openshift-netobserv-operator` namespace. It is important to note that custom namespaces, such as the commonly used `netobserv` namespace, are still possible for the `FlowCollector`, Loki, Kafka, and other plug-ins. (link:https://issues.redhat.com/browse/NETOBSERV-907[*NETOBSERV-907*])(link:https://https://issues.redhat.com/browse/NETOBSERV-956[*NETOBSERV-956*])
-
-[id="network-observability-operator-release-notes-1-1"]
-== Network Observability Operator 1.1.0
-
-The following advisory is available for the Network Observability Operator 1.1.0:
-
-* link:https://access.redhat.com/errata/RHSA-2023:0786[RHSA-2023:0786 Network Observability Operator Security Advisory Update]
-
-The Network Observability Operator is now stable and the release channel is upgraded to `v1.1.0`.
-
-[id="network-observability-operator-1.1.0-bug-fixes"]
-=== Bug fix
-
-* Previously, unless the Loki `authToken` configuration was set to `FORWARD` mode, authentication was no longer enforced, allowing any user who could connect to the {product-title} console in an {product-title} cluster to retrieve flows without authentication.
-Now, regardless of the Loki `authToken` mode, only cluster administrators can retrieve flows. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2169468[*BZ#2169468*])
\ No newline at end of file
diff --git a/networking/network_observability/network-observability-overview.adoc b/networking/network_observability/network-observability-overview.adoc
deleted file mode 100644
index 50ac515cd0d9..000000000000
--- a/networking/network_observability/network-observability-overview.adoc
+++ /dev/null
@@ -1,64 +0,0 @@
-:_content-type: ASSEMBLY
-[id="network-observability-overview"]
-= About Network Observability
-include::_attributes/common-attributes.adoc[]
-:context: network-observability-overview
-
-toc::[]
-
-Red Hat offers cluster administrators the Network Observability Operator to observe the network traffic for {product-title} clusters. The Network Observability Operator uses the eBPF technology to create network flows. The network flows are then enriched with {product-title} information and stored in Loki. You can view and analyze the stored network flows information in the {product-title} console for further insight and troubleshooting.
-
-[id="dependency-network-observability"]
-== Dependency of Network Observability Operator
-
-The Network Observability Operator requires the following Operators:
-
-* Loki: You must install Loki. Loki is the backend that is used to store all collected flows. It is recommended to install Loki by installing the Red Hat Loki Operator for the installation of Network Observability Operator.
-
-[id="optional-dependency-network-observability"]
-== Optional dependencies of the Network Observability Operator
-
-* Grafana: You can install Grafana for using custom dashboards and querying capabilities, by using the Grafana Operator. Red Hat does not support Grafana Operator.
-* Kafka: It provides scalability, resiliency and high availability in the {product-title} cluster. It is recommended to install Kafka using the AMQ Streams operator for large scale deployments.
-
-[id="network-observability-operator"]
-== Network Observability Operator
-
-The Network Observability Operator provides the Flow Collector API custom resource definition. A Flow Collector instance is created during installation and enables configuration of network flow collection. The Flow Collector instance deploys pods and services that form a monitoring pipeline where network flows are then collected and enriched with the Kubernetes metadata before storing in Loki. The eBPF agent, which is deployed as a `daemonset` object, creates the network flows. 
-
-[id="no-console-integration"]
-== {product-title} console integration
-
-{product-title} console integration offers overview, topology view and traffic flow tables.
-
-[id="network-observability-dashboards"]
-=== Network Observability metrics
-
-The {product-title} console offers the *Overview* tab which displays the overall aggregated metrics of the network traffic flow on the cluster. The information can be displayed by node, namespace, owner, pod, and service. Filters and display options can further refine the metrics.
-
-In *Observe* -> *Dashboards*, the *Netobserv* dashboard provides a quick overview of the network flows in your {product-title} cluster. You can view distillations of the network traffic metrics in the following categories:
-
- * *Top flow rates per source and destination namespaces (1-min rates)*
- * *Top byte rates emitted per source and destination nodes (1-min rates)*
- * *Top byte rates received per source and destination nodes (1-min rates)*
- * *Top byte rates emitted per source and destination workloads (1-min rates)*
- * *Top byte rates received per source and destination workloads (1-min rates)*
- * *Top packet rates emitted per source and destination workloads (1-min rates)*
- * *Top packet rates received per source and destination workloads (1-min rates)*
-
-You can configure the `FlowCollector` `spec.processor.metrics` to add or remove metrics by changing the `ignoreTags` list. For more information about available tags, see the xref:../network_observability/flowcollector-api.adoc#network-observability-flowcollector-api-specifications_network_observability[Flow Collector API Reference]
-
-Also in *Observe* -> *Dashboards*, the *Netobserv/Health* dashboard provides metrics about the health of the Operator.
-
-[id="network-observability-topology-views"]
-=== Network Observability topology views
-
-The {product-title} console offers the *Topology* tab which displays a graphical representation of the network flows and the amount of traffic. The topology view represents traffic between the {product-title} components as a network graph. You can refine the graph by using the filters and display options. You can access the information for node, namespace, owner, pod, and service.
-
-[id="traffic-flow-tables"]
-=== Traffic flow tables
-
-The traffic flow table view provides a view for raw flows, non aggregated filtering options, and configurable columns. The {product-title} console offers the *Traffic flows* tab which displays the data of the network flows and the amount of traffic.
-
-
-
diff --git a/networking/network_observability/observing-network-traffic.adoc b/networking/network_observability/observing-network-traffic.adoc
deleted file mode 100644
index f4ac19ed809f..000000000000
--- a/networking/network_observability/observing-network-traffic.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-:_content-type: ASSEMBLY
-[id="nw-observe-network-traffic"]
-= Observing the network traffic
-include::_attributes/common-attributes.adoc[]
-:context: nw-observe-network-traffic
-
-toc::[]
-
-As an administrator, you can observe the network traffic in the {product-title} console for detailed troubleshooting and analysis. This feature helps you get insights from different graphical representations of traffic flow. There are several available views to observe the network traffic.
-
-//Overview
-include::modules/network-observability-overview.adoc[leveloffset=+1]
-include::modules/network-observability-working-with-overview.adoc[leveloffset=+2]
-include::modules/network-observability-configuring-options-overview.adoc[leveloffset=+2]
-
-//Traffic flows
-include::modules/network-observability-trafficflow.adoc[leveloffset=+1]
-include::modules/network-observability-working-with-trafficflow.adoc[leveloffset=+2]
-include::modules/network-observability-configuring-options-trafficflow.adoc[leveloffset=+2]
-include::modules/network-observability-working-with-conversations.adoc[leveloffset=+2]
-
-include::modules/network-observability-histogram-trafficflow.adoc[leveloffset=+2]
-//Topology
-include::modules/network-observability-topology.adoc[leveloffset=+1]
-include::modules/network-observability-working-with-topology.adoc[leveloffset=+2]
-include::modules/network-observability-configuring-options-topology.adoc[leveloffset=+2]
-
-//Quick filters
-include::modules/network-observability-quickfilter.adoc[leveloffset=+1]
-
-Alternatively, you can access the traffic flow data in the *Network Traffic* tab of the *Namespaces*, *Services*, *Routes*, *Nodes*, and *Workloads* pages which provide the filtered data of the corresponding aggregations.
-
-[role="_additional-resources"]
-.Additional resources
-For more information about configuring quick filters in the `FlowCollector`, see xref:../network_observability/configuring-operator.adoc#network-observability-config-quick-filters_network_observability[Configuring Quick Filters] and the xref:../network_observability/configuring-operator.adoc#network-observability-flowcollector-view_network_observability[Flow Collector sample resource].
diff --git a/networking/network_observability/troubleshooting-network-observability.adoc b/networking/network_observability/troubleshooting-network-observability.adoc
deleted file mode 100644
index 3cb6b0c392b7..000000000000
--- a/networking/network_observability/troubleshooting-network-observability.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-[id="installing-troubleshooting"]
-= Troubleshooting Network Observability
-include::_attributes/common-attributes.adoc[]
-:context: network-observability-troubleshooting
-
-toc::[]
-
-To assist in troubleshooting Network Observability issues, you can perform some troubleshooting actions.
-
-include::modules/troubleshooting-network-observability-must-gather.adoc[leveloffset=+1]
-
-include::modules/troubleshooting-network-observability-after-installation.adoc[leveloffset=+1]
-
-include::modules/troubleshooting-network-observability-flowlogs-pipeline-kafka.adoc[leveloffset=+1]
-
-include::modules/troubleshooting-network-observability-network-flow.adoc[leveloffset=+1]
-
-include::modules/troubleshooting-network-observability-controller-manager-pod-out-of-memory.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/networking/network_policy/about-network-policy.adoc b/networking/network_policy/about-network-policy.adoc
index 7f5588ac9fd9..4e703277f77d 100644
--- a/networking/network_policy/about-network-policy.adoc
+++ b/networking/network_policy/about-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-network-policy"]
 = About network policy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_policy/creating-network-policy.adoc b/networking/network_policy/creating-network-policy.adoc
index c18d093a9b34..18da83ed9509 100644
--- a/networking/network_policy/creating-network-policy.adoc
+++ b/networking/network_policy/creating-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-network-policy"]
 = Creating a network policy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_policy/default-network-policy.adoc b/networking/network_policy/default-network-policy.adoc
index 1dd744891068..ac98b1606cb4 100644
--- a/networking/network_policy/default-network-policy.adoc
+++ b/networking/network_policy/default-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="default-network-policy"]
 = Defining a default network policy for projects
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_policy/deleting-network-policy.adoc b/networking/network_policy/deleting-network-policy.adoc
index 7026d421a889..b968a7997ef9 100644
--- a/networking/network_policy/deleting-network-policy.adoc
+++ b/networking/network_policy/deleting-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deleting-network-policy"]
 = Deleting a network policy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_policy/editing-network-policy.adoc b/networking/network_policy/editing-network-policy.adoc
index 5f94b397f990..b1237fce5314 100644
--- a/networking/network_policy/editing-network-policy.adoc
+++ b/networking/network_policy/editing-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="editing-network-policy"]
 = Editing a network policy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_policy/multitenant-network-policy.adoc b/networking/network_policy/multitenant-network-policy.adoc
index 28735af9cb1d..f5c81cc569b1 100644
--- a/networking/network_policy/multitenant-network-policy.adoc
+++ b/networking/network_policy/multitenant-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="multitenant-network-policy"]
 = Configuring multitenant isolation with network policy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/network_policy/viewing-network-policy.adoc b/networking/network_policy/viewing-network-policy.adoc
index 7d1d0ccf43bb..fd30895ca641 100644
--- a/networking/network_policy/viewing-network-policy.adoc
+++ b/networking/network_policy/viewing-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="viewing-network-policy"]
 = Viewing a network policy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/networking-dashboards.adoc b/networking/networking-dashboards.adoc
new file mode 100644
index 000000000000..6bc8f2f2dc8f
--- /dev/null
+++ b/networking/networking-dashboards.adoc
@@ -0,0 +1,35 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="networking-dashboards_{context}"]
+= Networking dashboards
+include::_attributes/common-attributes.adoc[]
+:context: networking-dashboards
+
+toc::[]
+
+Networking metrics are viewable in dashboards within the {product-title} web console, under *Observe* -> *Dashboards*.
+
+[id="network-observability-operator-operator-dashboards"]
+== Network Observability Operator
+If you have the Network Observability Operator installed, you can view network traffic metrics dashboards by selecting the *Netobserv* dashboard from the *Dashboards* drop-down list. For more information about metrics available in this *Dashboard* view,
+// 2/9 Network Observability GAs so we will put this back in then.
+//see xref:../network_observability/metrics-alerts-dashboards#network-observability-viewing-metrics-dashboards_metrics-dashboards-alerts[Network Observability metrics dashboards]
+
+[id="general-networking-ovnk-dashboards"]
+== Networking and OVN-Kubernetes dashboard
+You can view both general networking metrics as well as OVN-Kubernetes metrics from the dashboard.
+
+To view general networking metrics, select *Networking/Linux Subsystem Stats* from the *Dashboards* drop-down list. You can view the following networking metrics from the dashboard: *Network Utilisation*, *Network Saturation*, and *Network Errors*.
+
+To view OVN-Kubernetes metrics select *Networking/Infrastructure* from the *Dashboards* drop-down list. You can view the following OVN-Kuberenetes metrics: *Networking Configuration*, *TCP Latency Probes*, *Control Plane Resources*, and *Worker Resources*.
+
+[id="ingress-dashboards"]
+== Ingress Operator dashboard
+You can view networking metrics handled by the Ingress Operator from the dashboard. This includes metrics like the following:
+
+* Incoming and outgoing bandwidth
+* HTTP error rates
+* HTTP server response latency
+
+To view these Ingress metrics, select *Networking/Ingress* from the *Dashboards* drop-down list. You can view Ingress metrics for the following categories: *Top 10 Per Route*, *Top 10 Per Namespace*, and *Top 10 Per Shard*.
+
+
diff --git a/networking/networking-operators-overview.adoc b/networking/networking-operators-overview.adoc
index 297c4ae99557..9b1fbd3c3925 100644
--- a/networking/networking-operators-overview.adoc
+++ b/networking/networking-operators-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="networking-operators-overview"]
 = Networking Operators overview
 include::_attributes/common-attributes.adoc[]
@@ -30,4 +30,4 @@ The Ingress Node Firewall Operator uses an extended Berkley Packet Filter (eBPF)
 
 [id="network-observability-operator-overview-operator"]
 == Network Observability Operator
-The Network Observability Operator is an optional Operator that allows cluster administrators to observe the network traffic for {product-title} clusters. The Network Observability Operator uses the eBPF technology to create network flows. The network flows are then enriched with {product-title} information and stored in Loki. You can view and analyze the stored network flows information in the {product-title} console for further insight and troubleshooting. For more information, see xref:../networking/network_observability/network-observability-overview.adoc#dependency-network-observability[About Network Observability Operator].
+The Network Observability Operator is an optional Operator that allows cluster administrators to observe the network traffic for {product-title} clusters. The Network Observability Operator uses the eBPF technology to create network flows. The network flows are then enriched with {product-title} information and stored in Loki. You can view and analyze the stored network flows information in the {product-title} console for further insight and troubleshooting. For more information, see xref:../network_observability/network-observability-overview.adoc#dependency-network-observability[About Network Observability Operator].
diff --git a/networking/openshift_sdn/about-openshift-sdn.adoc b/networking/openshift_sdn/about-openshift-sdn.adoc
index 44ae67e75eda..b5edda795305 100644
--- a/networking/openshift_sdn/about-openshift-sdn.adoc
+++ b/networking/openshift_sdn/about-openshift-sdn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-openshift-sdn"]
 = About the OpenShift SDN network plugin
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/assigning-egress-ips.adoc b/networking/openshift_sdn/assigning-egress-ips.adoc
index 550c0d0de590..ca0eed0b26b1 100644
--- a/networking/openshift_sdn/assigning-egress-ips.adoc
+++ b/networking/openshift_sdn/assigning-egress-ips.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="assigning-egress-ips"]
 = Configuring egress IPs for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/configuring-egress-firewall.adoc b/networking/openshift_sdn/configuring-egress-firewall.adoc
index b6e40ff70aa3..3da273f4e7f5 100644
--- a/networking/openshift_sdn/configuring-egress-firewall.adoc
+++ b/networking/openshift_sdn/configuring-egress-firewall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-egress-firewall"]
 = Configuring an egress firewall for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/configuring-egress-router-configmap.adoc b/networking/openshift_sdn/configuring-egress-router-configmap.adoc
index 88c48e6e3201..0ebc54566fa9 100644
--- a/networking/openshift_sdn/configuring-egress-router-configmap.adoc
+++ b/networking/openshift_sdn/configuring-egress-router-configmap.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-egress-router-configmap"]
 = Configuring an egress router pod destination list from a config map
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/configuring-kube-proxy.adoc b/networking/openshift_sdn/configuring-kube-proxy.adoc
index c63beec7b984..33c62be6bdf4 100644
--- a/networking/openshift_sdn/configuring-kube-proxy.adoc
+++ b/networking/openshift_sdn/configuring-kube-proxy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-kube-proxy"]
 = Configuring kube-proxy
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/deploying-egress-router-dns-redirection.adoc b/networking/openshift_sdn/deploying-egress-router-dns-redirection.adoc
index d1361d78c7cb..daf71f583953 100644
--- a/networking/openshift_sdn/deploying-egress-router-dns-redirection.adoc
+++ b/networking/openshift_sdn/deploying-egress-router-dns-redirection.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-egress-router-dns-redirection"]
 = Deploying an egress router pod in DNS proxy mode
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/deploying-egress-router-http-redirection.adoc b/networking/openshift_sdn/deploying-egress-router-http-redirection.adoc
index 7e4093c3d16f..35e3e00e9631 100644
--- a/networking/openshift_sdn/deploying-egress-router-http-redirection.adoc
+++ b/networking/openshift_sdn/deploying-egress-router-http-redirection.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-egress-router-http-redirection"]
 = Deploying an egress router pod in HTTP proxy mode
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/deploying-egress-router-layer3-redirection.adoc b/networking/openshift_sdn/deploying-egress-router-layer3-redirection.adoc
index 48bd37bb610e..0660ab643703 100644
--- a/networking/openshift_sdn/deploying-egress-router-layer3-redirection.adoc
+++ b/networking/openshift_sdn/deploying-egress-router-layer3-redirection.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-egress-router-layer3-redirection"]
 = Deploying an egress router pod in redirect mode
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/disabling-multicast.adoc b/networking/openshift_sdn/disabling-multicast.adoc
index 7c622b829780..875ad1c83e75 100644
--- a/networking/openshift_sdn/disabling-multicast.adoc
+++ b/networking/openshift_sdn/disabling-multicast.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="disabling-multicast"]
 = Disabling multicast for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/editing-egress-firewall.adoc b/networking/openshift_sdn/editing-egress-firewall.adoc
index b137695f94f5..2e867d3b9085 100644
--- a/networking/openshift_sdn/editing-egress-firewall.adoc
+++ b/networking/openshift_sdn/editing-egress-firewall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="editing-egress-firewall"]
 = Editing an egress firewall for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/enabling-multicast.adoc b/networking/openshift_sdn/enabling-multicast.adoc
index 3e58de971365..7b36cd3ea4fa 100644
--- a/networking/openshift_sdn/enabling-multicast.adoc
+++ b/networking/openshift_sdn/enabling-multicast.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-multicast"]
 = Enabling multicast for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/migrate-to-openshift-sdn.adoc b/networking/openshift_sdn/migrate-to-openshift-sdn.adoc
index 8432c899187c..53f5c81c9901 100644
--- a/networking/openshift_sdn/migrate-to-openshift-sdn.adoc
+++ b/networking/openshift_sdn/migrate-to-openshift-sdn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="migrate-to-openshift-sdn"]
 = Migrating to the OpenShift SDN network plugin
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/multitenant-isolation.adoc b/networking/openshift_sdn/multitenant-isolation.adoc
index 5f25fad54459..ab719363d1d3 100644
--- a/networking/openshift_sdn/multitenant-isolation.adoc
+++ b/networking/openshift_sdn/multitenant-isolation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-multitenant-isolation"]
 = Configuring network isolation using OpenShift SDN
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/removing-egress-firewall.adoc b/networking/openshift_sdn/removing-egress-firewall.adoc
index 5704d05e31e8..e853d42a9d87 100644
--- a/networking/openshift_sdn/removing-egress-firewall.adoc
+++ b/networking/openshift_sdn/removing-egress-firewall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-egress-firewall"]
 = Removing an egress firewall from a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc b/networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc
index d1f933bd7fc1..06b7d1cc2905 100644
--- a/networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc
+++ b/networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="roll-back-to-ovn-kubernetes"]
 = Rolling back to the OVN-Kubernetes network plugin
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/using-an-egress-router.adoc b/networking/openshift_sdn/using-an-egress-router.adoc
index ca37ce795998..82376f1fdc72 100644
--- a/networking/openshift_sdn/using-an-egress-router.adoc
+++ b/networking/openshift_sdn/using-an-egress-router.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-an-egress-router"]
 = Considerations for the use of an egress router pod
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/openshift_sdn/viewing-egress-firewall.adoc b/networking/openshift_sdn/viewing-egress-firewall.adoc
index 483b4c859963..c00f6ad1fffb 100644
--- a/networking/openshift_sdn/viewing-egress-firewall.adoc
+++ b/networking/openshift_sdn/viewing-egress-firewall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="openshift-sdn-viewing-egress-firewall"]
 = Editing an egress firewall for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc b/networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc
index 00f4e20b1fb6..941edb13b438 100644
--- a/networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc
+++ b/networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-ovn-kubernetes"]
 = About the OVN-Kubernetes network plugin
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/assigning-egress-ips-ovn.adoc b/networking/ovn_kubernetes_network_provider/assigning-egress-ips-ovn.adoc
index 40e1c69e5eba..501d801447ae 100644
--- a/networking/ovn_kubernetes_network_provider/assigning-egress-ips-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/assigning-egress-ips-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="assigning-egress-ips-ovn"]
 = Assigning an egress IP address
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/configuring-egress-firewall-ovn.adoc b/networking/ovn_kubernetes_network_provider/configuring-egress-firewall-ovn.adoc
index e7c7b90f9641..f210d048de76 100644
--- a/networking/ovn_kubernetes_network_provider/configuring-egress-firewall-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/configuring-egress-firewall-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-egress-firewall-ovn"]
 = Configuring an egress firewall for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc b/networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc
index a26f82710331..1362e735f44d 100644
--- a/networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-egress-ips-ovn"]
 = Configuring an egress IP address
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc b/networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc
new file mode 100644
index 000000000000..462882d9438a
--- /dev/null
+++ b/networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-egress-traffic-loadbalancer-services"]
+= Configuring an egress service
+include::_attributes/common-attributes.adoc[]
+:context: configuring-egress-traffic-loadbalancer-services
+
+toc::[]
+
+As a cluster administrator, you can configure egress traffic for pods behind a load balancer service by using an egress service.
+
+:FeatureName: Egress service
+include::snippets/technology-preview.adoc[]
+
+You can use the `EgressService` custom resource (CR) to manage egress traffic in the following ways:
+
+* Assign a load balancer service IP address as the source IP address for egress traffic for pods behind the load balancer service.
++
+Assigning the load balancer IP address as the source IP address in this context is useful to present a single point of egress and ingress. For example, in some scenarios, an external system communicating with an application behind a load balancer service can expect the source and destination IP address for the application to be the same.
++
+[NOTE]
+====
+When you assign the load balancer service IP address to egress traffic for pods behind the service, OVN-Kubernetes restricts the ingress and egress point to a single node. This limits the load balancing of traffic that MetalLB typically provides.
+====
+
+* Assign the egress traffic for pods behind a load balancer to a different network than the default node network.
++
+This is useful to assign the egress traffic for applications behind a load balancer to a different network than the default network. Typically, the different network is implemented by using a VRF instance associated with a network interface.
+
+// Describe the CR and provide an example.
+include::modules/nw-egress-service-cr.adoc[leveloffset=+1]
+
+// Deploying an egress service
+include::modules/nw-egress-service-ovn.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/metallb/metallb-configure-bgp-peers.adoc#nw-metallb-bgp-peer-vrf_configure-metallb-bgp-peers[Exposing a service through a network VRF]
+
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s_nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
+
+* xref:../../networking/metallb/metallb-configure-return-traffic.adoc#metallb-configure-return-traffic[Managing symmetric routing with MetalLB]
+
+* xref:../../networking/multiple_networks/about-virtual-routing-and-forwarding.adoc#cnf-about-virtual-routing-and-forwarding_about-virtual-routing-and-forwarding[About virtual routing and forwarding]
diff --git a/networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc b/networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc
index da163b12a365..81b031a8c6a6 100644
--- a/networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc
+++ b/networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-hybrid-networking"]
 = Configuring hybrid networking
 include::_attributes/common-attributes.adoc[]
@@ -10,8 +10,6 @@ As a cluster administrator, you can configure the {openshift-networking} OVN-Kub
 
 include::modules/configuring-hybrid-ovnkubernetes.adoc[leveloffset=+1]
 
-Complete any further installation configurations, and then create your cluster. Hybrid networking is enabled when the installation process is finished.
-
 [role="_additional-resources"]
 [id="configuring-hybrid-networking-additional-resources"]
 == Additional resources
diff --git a/networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc b/networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
index c710b400d48a..703f3c2f12af 100644
--- a/networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-ipsec-ovn"]
 = Configuring IPsec encryption
 include::_attributes/common-attributes.adoc[]
@@ -6,27 +6,62 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-With IPsec enabled, all pod-to-pod network traffic between nodes on the OVN-Kubernetes cluster network is encrypted with IPsec _Transport mode_.
+With IPsec enabled, you can encrypt both internal pod-to-pod cluster traffic between nodes and external traffic between pods and IPsec endpoints external to your cluster. All pod-to-pod network traffic between nodes on the OVN-Kubernetes cluster network is encrypted with IPsec _Transport mode_.
 
 IPsec is disabled by default. It can be enabled either during or after installing the cluster. For information about cluster installation, see xref:../../installing/index.adoc#ocp-installation-overview[{product-title} installation overview]. If you need to enable IPsec after cluster installation, you must first resize your cluster MTU to account for the overhead of the IPsec ESP IP header.
 
-The following documentation describes how to enable and disable IPSec after cluster installation.
+[NOTE]
+====
+IPsec on {ibm-cloud-name} supports only NAT-T. Using ESP is not supported.
+====
+
+Use the procedures in the following documentation to:
+
+* Enable and disable IPSec after cluster installation
+* Configure support for external IPsec endpoints outside the cluster
+* Verify that IPsec encrypts traffic between pods on different nodes
 
 [id="{context}-prerequisites"]
 == Prerequisites
 
 * You have decreased the size of the cluster MTU by `46` bytes to allow for the additional overhead of the IPsec ESP header. For more information on resizing the MTU that your cluster uses, see xref:../../networking/changing-cluster-network-mtu.adoc#changing-cluster-network-mtu[Changing the MTU for the cluster network].
 
-include::modules/nw-ovn-ipsec-traffic.adoc[leveloffset=+1]
-include::modules/nw-ovn-ipsec-encryption.adoc[leveloffset=+1]
-include::modules/nw-ovn-ipsec-certificates.adoc[leveloffset=+1]
-include::modules/nw-ovn-ipsec-enable.adoc[leveloffset=+1]
-include::modules/nw-ovn-ipsec-verification.adoc[leveloffset=+1]
-include::modules/nw-ovn-ipsec-disable.adoc[leveloffset=+1]
+include::modules/nw-own-ipsec-required-ports.adoc[leveloffset=+1]
+
+[id="{context}-pod-to-pod-ipsec"]
+== IPsec encryption for pod-to-pod traffic
+
+{product-title} supports IPsec encryption for network traffic between pods.
+
+include::modules/nw-ovn-ipsec-traffic.adoc[leveloffset=+2]
+include::modules/nw-ovn-ipsec-encryption.adoc[leveloffset=+2]
+include::modules/nw-ovn-ipsec-certificates.adoc[leveloffset=+2]
+include::modules/nw-ovn-ipsec-enable.adoc[leveloffset=+2]
+include::modules/nw-ovn-ipsec-verification.adoc[leveloffset=+2]
+include::modules/nw-ovn-ipsec-disable.adoc[leveloffset=+2]
+
+[id="{context}-external-traffic-ipsec"]
+== IPsec encryption for external traffic
+
+{product-title} supports IPsec encryption for traffic to external hosts.
+
+You must supply a custom IPsec configuration, which includes the IPsec configuration file itself and TLS certificates.
+
+Ensure that the following prohibitions are observed:
+
+* The custom IPsec configuration must not include any connection specifications that might interfere with the cluster's pod-to-pod IPsec configuration.
+* Certificate common names (CN) in the provided certificate bundle must not begin with the `ovs_` prefix, because this naming can collide with pod-to-pod IPsec CN names in the Network Security Services (NSS) database of each node.
+
+// Tech Preview
+:FeatureName: IPsec support for external endpoints
+include::snippets/technology-preview.adoc[]
+
+include::modules/nw-ovn-ipsec-north-south-enable.adoc[leveloffset=+2]
 
 [id="{context}_additional-resources"]
 == Additional resources
 
 * xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[About the OVN-Kubernetes Container Network Interface (CNI) network plugin]
 * xref:../../networking/changing-cluster-network-mtu.adoc#changing-cluster-network-mtu[Changing the MTU for the cluster network]
+* xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-butane-install_installing-customizing[Installing Butane]
 * xref:../../rest_api/operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[Network [operator.openshift.io/v1]] API
diff --git a/networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc b/networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc
new file mode 100644
index 000000000000..54a2705d0ed0
--- /dev/null
+++ b/networking/ovn_kubernetes_network_provider/configuring-secondary-external-gateway.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-secondary-external-gateway"]
+= Configure an external gateway through a secondary network interface
+include::_attributes/common-attributes.adoc[]
+:context: configuring-secondary-external-gateway
+
+toc::[]
+
+As a cluster administrator, you can configure an external gateway on a secondary network.
+
+This feature offers the following benefits:
+
+- Granular control over egress traffic on a per-namespace basis
+- Flexible configuration of static and dynamic external gateway IP addresses
+- Support for both IPv4 and IPv6 address families
+
+[id="{context}_prerequisites"]
+== Prerequisites
+
+* Your cluster uses the OVN-Kubernetes network plugin.
+* Your infrastructure is configured to route traffic from the secondary external gateway.
+
+include::modules/nw-secondary-ext-gw-about.adoc[leveloffset=+1]
+
+include::modules/nw-secondary-ext-gw-object.adoc[leveloffset=+1]
+
+include::modules/nw-secondary-ext-gw-configure.adoc[leveloffset=+1]
+
+// TODO - Resolve this after OCP 4.14 is released
+//include::modules/nw-secondary-ext-gw-status.adoc[leveloffset=+1]
+
+[id="{context}_additional-resources"]
+== Additional resources
+* For more information about additional network attachments, see xref:../../networking/multiple_networks/understanding-multiple-networks.adoc#understanding-multiple-networks[Understanding multiple networks]
diff --git a/networking/ovn_kubernetes_network_provider/converting-to-dual-stack.adoc b/networking/ovn_kubernetes_network_provider/converting-to-dual-stack.adoc
index ffde8311a9d2..37473fe3c26a 100644
--- a/networking/ovn_kubernetes_network_provider/converting-to-dual-stack.adoc
+++ b/networking/ovn_kubernetes_network_provider/converting-to-dual-stack.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="converting-to-dual-stack"]
 = Converting to IPv4/IPv6 dual-stack networking
 include::_attributes/common-attributes.adoc[]
@@ -11,12 +11,8 @@ After converting to dual-stack, all newly created pods are dual-stack enabled.
 
 [NOTE]
 ====
-A dual-stack network is supported on clusters provisioned on bare metal, IBM Power, {ibmzProductName} infrastructure, and single node OpenShift clusters.
-====
-
-[NOTE]
-====
-While using dual-stack networking, you cannot use IPv4-mapped IPv6 addresses, such as `::FFFF:198.51.100.1`, where IPv6 is required.
+* While using dual-stack networking, you cannot use IPv4-mapped IPv6 addresses, such as `::FFFF:198.51.100.1`, where IPv6 is required.
+* A dual-stack network is supported on clusters provisioned on bare metal, {ibm-power-name}, {ibm-z-name} infrastructure, {sno}, and VMware vSphere.
 ====
 
 include::modules/nw-dual-stack-convert.adoc[leveloffset=+1]
diff --git a/networking/ovn_kubernetes_network_provider/deploying-egress-router-ovn-redirection.adoc b/networking/ovn_kubernetes_network_provider/deploying-egress-router-ovn-redirection.adoc
index c18c3c2d97a3..397a6ece0d65 100644
--- a/networking/ovn_kubernetes_network_provider/deploying-egress-router-ovn-redirection.adoc
+++ b/networking/ovn_kubernetes_network_provider/deploying-egress-router-ovn-redirection.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-egress-router-ovn-redirection"]
 = Deploying an egress router pod in redirect mode
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/disabling-multicast.adoc b/networking/ovn_kubernetes_network_provider/disabling-multicast.adoc
index 6a1e0543edbf..b83dff37c490 100644
--- a/networking/ovn_kubernetes_network_provider/disabling-multicast.adoc
+++ b/networking/ovn_kubernetes_network_provider/disabling-multicast.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-ovn-kubernetes-disabling-multicast"]
 = Disabling multicast for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/editing-egress-firewall-ovn.adoc b/networking/ovn_kubernetes_network_provider/editing-egress-firewall-ovn.adoc
index 723ee9efc80b..cd2545ea7caf 100644
--- a/networking/ovn_kubernetes_network_provider/editing-egress-firewall-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/editing-egress-firewall-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="editing-egress-firewall-ovn"]
 = Editing an egress firewall for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/enabling-multicast.adoc b/networking/ovn_kubernetes_network_provider/enabling-multicast.adoc
index 9dffb0e6b42c..1fe7df22d870 100644
--- a/networking/ovn_kubernetes_network_provider/enabling-multicast.adoc
+++ b/networking/ovn_kubernetes_network_provider/enabling-multicast.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nw-ovn-kubernetes-enabling-multicast"]
 = Enabling multicast for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/logging-network-policy.adoc b/networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
index 5403dfbeb097..ba32774032d0 100644
--- a/networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
+++ b/networking/ovn_kubernetes_network_provider/logging-network-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="logging-network-policy"]
 = Logging for egress firewall and network policy rules
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/migrate-from-kuryr-sdn.adoc b/networking/ovn_kubernetes_network_provider/migrate-from-kuryr-sdn.adoc
deleted file mode 100644
index 38f295cd5eca..000000000000
--- a/networking/ovn_kubernetes_network_provider/migrate-from-kuryr-sdn.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-:_content-type: ASSEMBLY
-[id="migrate-from-kuryr-sdn"]
-= Migrating from the Kuryr network plugin to the OVN-Kubernetes network plugin
-include::_attributes/common-attributes.adoc[]
-:context: migrate-from-kuryr-sdn
-
-toc::[]
-
-:FeatureName: Migration from Kuryr to OVN-Kubernetes
-include::snippets/technology-preview.adoc[]
-
-As the administrator of a cluster that runs on {rh-openstack-first}, you can migrate to the OVN-Kubernetes network plugin from the Kuryr SDN network plugin.
-
-To learn more about OVN-Kubernetes, read xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes#about-ovn-kubernetes[About the OVN-Kubernetes network plugin].
-
-include::modules/nw-kuryr-migration-about.adoc[leveloffset=+1]
-
-include::modules/nw-kuryr-migration.adoc[leveloffset=+1]
-
-include::modules/nw-kuryr-cleanup.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="migrate-from-kuryr-additional-resources"]
-== Additional resources
-
-* xref:../../networking/cluster-network-operator.adoc#nw-operator-configuration-parameters-for-ovn-sdn_cluster-network-operator[Configuration parameters for the OVN-Kubernetes network plugin]
-* xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[Backing up etcd]
-* xref:../../networking/network_policy/about-network-policy.adoc#about-network-policy[About network policy]
-* To learn more about OVN-Kubernetes capabilities, see:
-** xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc#configuring-egress-ips-ovn[Configuring an egress IP address]
-** xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-firewall-ovn.adoc#configuring-egress-firewall-ovn[Configuring an egress firewall for a project]
-** xref:../../networking/ovn_kubernetes_network_provider/enabling-multicast.adoc#nw-ovn-kubernetes-enabling-multicast[Enabling multicast for a project]
diff --git a/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc b/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
index 89de641840e2..456d2eed0eb8 100644
--- a/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+++ b/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="migrate-from-openshift-sdn"]
 = Migrating from the OpenShift SDN network plugin
 include::_attributes/common-attributes.adoc[]
@@ -22,6 +22,8 @@ include::modules/nw-ovn-kubernetes-migration.adoc[leveloffset=+1]
 * xref:../../networking/cluster-network-operator.adoc#nw-operator-configuration-parameters-for-ovn-sdn_cluster-network-operator[Configuration parameters for the OVN-Kubernetes network plugin]
 * xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[Backing up etcd]
 * xref:../../networking/network_policy/about-network-policy.adoc#about-network-policy[About network policy]
+* xref:../../networking/changing-cluster-network-mtu.adoc#nw-cluster-mtu-change_changing-cluster-network-mtu[Changing the cluster MTU]
+* xref:../../networking/changing-cluster-network-mtu.adoc#mtu-value-selection_changing-cluster-network-mtu[MTU value selection]
 * OVN-Kubernetes capabilities
 - xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc#configuring-egress-ips-ovn[Configuring an egress IP address]
 - xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-firewall-ovn.adoc#configuring-egress-firewall-ovn[Configuring an egress firewall for a project]
diff --git a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture-assembly.adoc b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture-assembly.adoc
index 8c689e334c83..eea335c96158 100644
--- a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture-assembly.adoc
+++ b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-architecture-assembly.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ovn-kubernetes-architecture-assembly"]
 = OVN-Kubernetes architecture
 include::_attributes/common-attributes.adoc[]
@@ -28,10 +28,8 @@ include::modules/nw-ovn-kubernetes-running-network-tools.adoc[leveloffset=+2]
 [id="additional-resources_ovn-kubernetes-architecture"]
 == Additional resources
 
-* link:https://access.redhat.com/solutions/5660751[How to list OVN database contents with ovn-kubernetes in Red Hat OpenShift Container Platform 4.x?]
 * xref:../../networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc#ovn-kubernetes-tracing-using-ovntrace[Tracing Openflow with ovnkube-trace]
 * link:https://www.ovn.org/support/dist-docs/ovn-architecture.7.html[OVN architecture]
-* link:https://en.wikipedia.org/wiki/Raft_(algorithm)[Raft (algorithm)]
 * link:https://man7.org/linux/man-pages/man8/ovn-nbctl.8.html[ovn-nbctl linux manual page]
 * link:https://man7.org/linux/man-pages/man8/ovn-sbctl.8.html[ovn-sbctl linux manual page]
 
diff --git a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc
index ac549e09b2f7..79dd63278025 100644
--- a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc
+++ b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ovn-kubernetes-tracing-using-ovntrace"]
 = Tracing Openflow with ovnkube-trace
 include::_attributes/common-attributes.adoc[]
@@ -10,11 +10,6 @@ OVN and OVS traffic flows can be simulated in a single utility called `ovnkube-t
 
 You can execute the `ovnkube-trace` binary from a dedicated container. For releases after {product-title} 4.7, you can also copy the binary to a local host and execute it from that host.
 
-[NOTE]
-====
-The binaries in the Quay images do not currently work for Dual IP stack or IPv6 only environments. For those environments, you must build from source.
-====
-
 include::modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc[leveloffset=+1]
 
 include::modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc[leveloffset=+1]
diff --git a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
index adaa57d86158..6f74b328f4b4 100644
--- a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
+++ b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-troubleshooting-sources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ovn-kubernetes-troubleshooting-sources"]
 = Troubleshooting OVN-Kubernetes
 include::_attributes/common-attributes.adoc[]
@@ -32,7 +32,6 @@ include::modules/nw-ovn-kubernetes-pod-connectivity-checks.adoc[leveloffset=+1]
 [id="additional-resources_ovn-kubernetes-sources-of-troubleshooting-information"]
 == Additional resources
 
-* link:https://access.redhat.com/solutions/5892971[How do I change the ovn-kubernetes loglevel in OpenShift 4?]
 * xref:../../networking/verifying-connectivity-endpoint.adoc#nw-pod-network-connectivity-implementation_verifying-connectivity-endpoint[Implementation of connection health checks]
 * xref:../../networking/verifying-connectivity-endpoint.adoc#nw-pod-network-connectivity-verify_verifying-connectivity-endpoint[Verifying network connectivity for an endpoint]
 
diff --git a/networking/ovn_kubernetes_network_provider/removing-egress-firewall-ovn.adoc b/networking/ovn_kubernetes_network_provider/removing-egress-firewall-ovn.adoc
index f6b14909dd1c..6b5a8f88d3a7 100644
--- a/networking/ovn_kubernetes_network_provider/removing-egress-firewall-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/removing-egress-firewall-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-egress-firewall-ovn"]
 = Removing an egress firewall from a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/rollback-to-openshift-sdn.adoc b/networking/ovn_kubernetes_network_provider/rollback-to-openshift-sdn.adoc
index 6818040f9b6e..cacfb9db00fb 100644
--- a/networking/ovn_kubernetes_network_provider/rollback-to-openshift-sdn.adoc
+++ b/networking/ovn_kubernetes_network_provider/rollback-to-openshift-sdn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rollback-to-openshift-sdn"]
 = Rolling back to the OpenShift SDN network provider
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/tracking-network-flows.adoc b/networking/ovn_kubernetes_network_provider/tracking-network-flows.adoc
index 09d8ed1bbfe8..4dc3a82b03f8 100644
--- a/networking/ovn_kubernetes_network_provider/tracking-network-flows.adoc
+++ b/networking/ovn_kubernetes_network_provider/tracking-network-flows.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tracking-network-flows"]
 = Tracking network flows
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/using-an-egress-router-ovn.adoc b/networking/ovn_kubernetes_network_provider/using-an-egress-router-ovn.adoc
index ced5914d7514..fbf35a0161ab 100644
--- a/networking/ovn_kubernetes_network_provider/using-an-egress-router-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/using-an-egress-router-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-an-egress-router-ovn"]
 = Considerations for the use of an egress router pod
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ovn_kubernetes_network_provider/viewing-egress-firewall-ovn.adoc b/networking/ovn_kubernetes_network_provider/viewing-egress-firewall-ovn.adoc
index ead8a31173fa..559033c6a2c5 100644
--- a/networking/ovn_kubernetes_network_provider/viewing-egress-firewall-ovn.adoc
+++ b/networking/ovn_kubernetes_network_provider/viewing-egress-firewall-ovn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="viewing-egress-firewall-ovn"]
 = Viewing an egress firewall for a project
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/ptp/_attributes b/networking/ptp/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/networking/ptp/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/networking/ptp/about-ptp.adoc b/networking/ptp/about-ptp.adoc
new file mode 100644
index 000000000000..79ee2ad18b63
--- /dev/null
+++ b/networking/ptp/about-ptp.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="about-ptp"]
+= About PTP in {product-title} cluster nodes
+include::_attributes/common-attributes.adoc[]
+:context: about-ptp
+
+toc::[]
+
+Precision Time Protocol (PTP) is used to synchronize clocks in a network.
+When used in conjunction with hardware support, PTP is capable of sub-microsecond accuracy, and is more accurate than Network Time Protocol (NTP).
+
+You can configure `linuxptp` services and use PTP-capable hardware in {product-title} cluster nodes.
+
+Use the {product-title} web console or OpenShift CLI (`oc`) to install PTP by deploying the PTP Operator. The PTP Operator creates and manages the `linuxptp` services and provides the following features:
+
+* Discovery of the PTP-capable devices in the cluster.
+
+* Management of the configuration of `linuxptp` services.
+
+* Notification of PTP clock events that negatively affect the performance and reliability of your application with the PTP Operator `cloud-event-proxy` sidecar.
+
+[NOTE]
+====
+The PTP Operator works with PTP-capable devices on clusters provisioned only on bare-metal infrastructure.
+====
+
+include::modules/nw-ptp-introduction.adoc[leveloffset=+1]
+
+[IMPORTANT]
+====
+Before enabling PTP, ensure that NTP is disabled for the required nodes. You can disable the chrony time service (`chronyd`) using a `MachineConfig` custom resource. For more information, see xref:../../post_installation_configuration/machine-configuration-tasks.adoc#cnf-disable-chronyd_post-install-machine-configuration-tasks[Disabling chrony time service].
+====
+
+include::modules/ptp-dual-nics.adoc[leveloffset=+1]
+
+include::modules/ptp-linuxptp-introduction.adoc[leveloffset=+1]
+
+include::modules/ptp-overview-of-gnss-grandmaster-clock.adoc[leveloffset=+1]
diff --git a/networking/ptp/configuring-ptp.adoc b/networking/ptp/configuring-ptp.adoc
new file mode 100644
index 000000000000..88323e18a722
--- /dev/null
+++ b/networking/ptp/configuring-ptp.adoc
@@ -0,0 +1,67 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-ptp"]
+= Configuring PTP devices
+include::_attributes/common-attributes.adoc[]
+:context: configuring-ptp
+
+toc::[]
+
+The PTP Operator adds the `NodePtpDevice.ptp.openshift.io` custom resource definition (CRD) to {product-title}.
+
+When installed, the PTP Operator searches your cluster for PTP-capable network devices on each node. It creates and updates a `NodePtpDevice` custom resource (CR) object for each node that provides a compatible PTP-capable network device.
+
+include::modules/nw-ptp-installing-operator-cli.adoc[leveloffset=+1]
+
+include::modules/nw-ptp-installing-operator-web-console.adoc[leveloffset=+1]
+
+include::modules/nw-ptp-device-discovery.adoc[leveloffset=+1]
+
+include::modules/ptp-using-hardware-specific-nic-features.adoc[leveloffset=+1]
+
+include::modules/nw-ptp-configuring-linuxptp-services-as-grandmaster-clock.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/ptp/using-ptp-events.adoc#cnf-configuring-the-ptp-fast-event-publisher_using-ptp-hardware-fast-events-framework[Configuring the PTP fast event notifications publisher]
+
+include::modules/nw-ptp-grandmaster-clock-configuration-reference.adoc[leveloffset=+2]
+
+include::modules/nw-ptp-grandmaster-clock-class-reference.adoc[leveloffset=+2]
+
+include::modules/nw-ptp-e810-hardware-configuration-reference.adoc[leveloffset=+2]
+
+include::modules/nw-ptp-configuring-linuxptp-services-as-boundary-clock.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/ptp/configuring-ptp.adoc#cnf-configuring-fifo-priority-scheduling-for-ptp_configuring-ptp[Configuring FIFO priority scheduling for PTP hardware]
+
+* xref:../../networking/ptp/using-ptp-events.adoc#cnf-configuring-the-ptp-fast-event-publisher_using-ptp-hardware-fast-events-framework[Configuring the PTP fast event notifications publisher]
+
+include::modules/ptp-configuring-linuxptp-services-as-boundary-clock-dual-nic.adoc[leveloffset=+2]
+
+include::modules/nw-ptp-configuring-linuxptp-services-as-ordinary-clock.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../networking/ptp/configuring-ptp.adoc#cnf-configuring-fifo-priority-scheduling-for-ptp_configuring-ptp[Configuring FIFO priority scheduling for PTP hardware]
+
+* xref:../../networking/ptp/using-ptp-events.adoc#cnf-configuring-the-ptp-fast-event-publisher_using-ptp-hardware-fast-events-framework[Configuring the PTP fast event notifications publisher]
+
+include::modules/nw-columbiaville-ptp-config-refererence.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For a complete example CR that configures `linuxptp` services as an ordinary clock with PTP fast events, see xref:../../networking/ptp/configuring-ptp.adoc#configuring-linuxptp-services-as-ordinary-clock_configuring-ptp[Configuring linuxptp services as ordinary clock].
+
+include::modules/cnf-configuring-fifo-priority-scheduling-for-ptp.adoc[leveloffset=+1]
+
+include::modules/cnf-configuring-log-filtering-for-linuxptp.adoc[leveloffset=+1]
+
+include::modules/cnf-troubleshooting-common-ptp-operator-issues.adoc[leveloffset=+1]
+
+include::modules/cnf-about-collecting-ptp-data.adoc[leveloffset=+1]
diff --git a/networking/ptp/images b/networking/ptp/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/networking/ptp/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/networking/ptp/modules b/networking/ptp/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/networking/ptp/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/networking/ptp-cloud-events-consumer-dev-reference.adoc b/networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
similarity index 86%
rename from networking/ptp-cloud-events-consumer-dev-reference.adoc
rename to networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
index 20c0e4b3f39b..c9ce69df0336 100644
--- a/networking/ptp-cloud-events-consumer-dev-reference.adoc
+++ b/networking/ptp/ptp-cloud-events-consumer-dev-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ptp-cloud-events-consumer-dev-reference"]
 = Developing PTP events consumer applications
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ When developing consumer applications that make use of Precision Time Protocol (
 The `cloud-event-proxy` container receives the events from the PTP Operator pod and passes it to the consumer application.
 The consumer application subscribes to the events posted in the `cloud-event-proxy` container by using a REST API.
 
-For more information about deploying PTP events applications, see xref:../networking/using-ptp.adoc#cnf-about-ptp-fast-event-notifications-framework_using-ptp[About the PTP fast event notifications framework].
+For more information about deploying PTP events applications, see xref:../../networking/ptp/using-ptp-events.adoc#cnf-about-ptp-fast-event-notifications-framework_using-ptp-hardware-fast-events-framework[About the PTP fast event notifications framework].
 
 [NOTE]
 ====
diff --git a/networking/ptp/snippets b/networking/ptp/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/networking/ptp/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/networking/ptp/using-ptp-events.adoc b/networking/ptp/using-ptp-events.adoc
new file mode 100644
index 000000000000..48f1109b7268
--- /dev/null
+++ b/networking/ptp/using-ptp-events.adoc
@@ -0,0 +1,66 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="using-ptp-hardware-fast-events-framework"]
+= Using the PTP hardware fast event notifications framework
+include::_attributes/common-attributes.adoc[]
+:context: using-ptp-hardware-fast-events-framework
+
+toc::[]
+
+Cloud native applications such as virtual RAN (vRAN) require access to notifications about hardware timing events that are critical to the functioning of the overall network.
+PTP clock synchronization errors can negatively affect the performance and reliability of your low-latency application, for example, a vRAN application running in a distributed unit (DU).
+
+include::modules/cnf-about-ptp-and-clock-synchronization.adoc[leveloffset=+1]
+
+include::modules/cnf-about-ptp-fast-event-notifications-framework.adoc[leveloffset=+1]
+
+include::modules/cnf-configuring-the-ptp-fast-event-publisher.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For a complete example CR that configures `linuxptp` services as an ordinary clock with PTP fast events, see xref:../../networking/ptp/configuring-ptp.adoc#configuring-linuxptp-services-as-ordinary-clock_configuring-ptp[Configuring linuxptp services as ordinary clock].
+
+include::modules/cnf-migrating-from-amqp-to-http-transport.adoc[leveloffset=+1]
+
+include::modules/cnf-installing-amq-interconnect-messaging-bus.adoc[leveloffset=+1]
+
+[id="subscribing-du-applications-to-ptp-events-rest-api-reference_{context}"]
+== Subscribing DU applications to PTP events with the REST API
+
+Subscribe applications to PTP events by using the resource address `/cluster/node/<node_name>/ptp`, where `<node_name>` is the cluster node running the DU application.
+
+Deploy your `cloud-event-consumer` DU application container and `cloud-event-proxy` sidecar container in a separate DU application pod. The `cloud-event-consumer` DU application subscribes to the `cloud-event-proxy` container in the application pod.
+
+Use the following API endpoints to subscribe the `cloud-event-consumer` DU application to PTP events posted by the `cloud-event-proxy` container at [x-]`http://localhost:8089/api/ocloudNotifications/v1/` in the DU application pod:
+
+* xref:../../networking/ptp/using-ptp-events.adoc#api-ocloud-notifications-v1-subscriptions_{context}[`/api/ocloudNotifications/v1/subscriptions`]
+- `POST`: Creates a new subscription
+- `GET`: Retrieves a list of subscriptions
+
+* xref:../../networking/ptp/using-ptp-events.adoc#api-ocloud-notifications-v1-subscriptions-subscription_id_{context}[`/api/ocloudNotifications/v1/subscriptions/<subscription_id>`]
+- `GET`: Returns details for the specified subscription ID
+
+* xref:../../networking/ptp/using-ptp-events.adoc#api-ocloudnotifications-v1-health_{context}[`/api/ocloudNotifications/v1/health`]
+- `GET`: Returns the health status of `ocloudNotifications` API
+
+* xref:../../networking/ptp/using-ptp-events.adoc#api-ocloudnotifications-v1-publishers_{context}[`api/ocloudNotifications/v1/publishers`]
+- `GET`: Returns an array of `os-clock-sync-state`, `ptp-clock-class-change`, `lock-state`, and `gnss-sync-status` messages for the cluster node
+
+* xref:../../networking/ptp/using-ptp-events.adoc#resource-address-current-state_{context}[`/api/ocloudnotifications/v1/<resource_address>/CurrentState`]
+- `GET`: Returns the current state of one the following event types: `os-clock-sync-state`, `ptp-clock-class-change`, `lock-state`, or `gnss-state-change` events
+
+[NOTE]
+====
+`9089` is the default port for the `cloud-event-consumer` container deployed in the application pod. You can configure a different port for your DU application as required.
+====
+
+include::modules/cnf-fast-event-notifications-api-refererence.adoc[leveloffset=+2]
+
+include::modules/cnf-monitoring-fast-events-metrics.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../monitoring/managing-metrics.adoc#managing-metrics[Managing metrics]
+
+include::modules/nw-ptp-operator-metrics-reference.adoc[leveloffset=+1]
diff --git a/networking/routes/route-configuration.adoc b/networking/routes/route-configuration.adoc
index 3f5c0b2534cb..78ec48e9fd33 100644
--- a/networking/routes/route-configuration.adoc
+++ b/networking/routes/route-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 // Assembly filename:route-configuration.adoc
 // Explains route configuration.
 [id="route-configuration"]
@@ -53,6 +53,10 @@ include::modules/nw-annotating-a-route-with-a-cookie-name.adoc[leveloffset=+2]
 
 include::modules/nw-path-based-routes.adoc[leveloffset=+1]
 
+include::modules/nw-http-header-configuration.adoc[leveloffset=+1]
+
+include::modules/nw-route-set-or-delete-http-headers.adoc[leveloffset=+1]
+
 include::modules/nw-route-specific-annotations.adoc[leveloffset=+1]
 
 ifndef::openshift-rosa,openshift-dedicated[]
diff --git a/networking/routes/secured-routes.adoc b/networking/routes/secured-routes.adoc
index 0c98a4e1c5c7..5cd7bef36113 100644
--- a/networking/routes/secured-routes.adoc
+++ b/networking/routes/secured-routes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-default-certificate"]
 = Secured routes
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/setting-interface-level-network-sysctls.adoc b/networking/setting-interface-level-network-sysctls.adoc
deleted file mode 100644
index 79b45720754d..000000000000
--- a/networking/setting-interface-level-network-sysctls.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-:_content-type: ASSEMBLY
-:context: set-networkinterface-sysctls
-[id="nodes-setting-interface-level-network-sysctls"]
-= Configuring interface-level network sysctls
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-In Linux, sysctl allows an administrator to modify kernel parameters at runtime. You can modify interface-level network sysctls using the tuning Container Network Interface (CNI) meta plugin. The tuning CNI meta plugin operates in a chain with a main CNI plugin as illustrated.
-
-image::264_OpenShift_CNI_plugin_chain_0722.png[CNI plugin]
-
-The main CNI plugin assigns the interface and passes this to the tuning CNI meta plugin at runtime. You can change some sysctls and several interface attributes (promiscuous mode, all-multicast mode, MTU, and MAC address) in the network namespace by using the tuning CNI meta plugin.  In the tuning CNI meta plugin configuration, the interface name is represented by the `IFNAME` token, and is replaced with the actual name of the interface at runtime.
-
-[NOTE]
-====
-In {product-title}, the tuning CNI meta plugin only supports changing interface-level network sysctls.
-====
-
-include::modules/nw-cfg-tuning-interface-cni.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources_nodes-setting-interface-level-network-sysctls"]
-== Additional resources
-
-* xref:../nodes/containers/nodes-containers-sysctls.adoc#nodes-containers-sysctls[Using sysctls in containers]
\ No newline at end of file
diff --git a/networking/understanding-networking.adoc b/networking/understanding-networking.adoc
index 2bc683a75085..b1b505c15b7b 100644
--- a/networking/understanding-networking.adoc
+++ b/networking/understanding-networking.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-networking"]
 = Understanding networking
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/using-cookies-to-keep-route-statefulness.adoc b/networking/using-cookies-to-keep-route-statefulness.adoc
index 5853ab7d6ef8..54dca1975e29 100644
--- a/networking/using-cookies-to-keep-route-statefulness.adoc
+++ b/networking/using-cookies-to-keep-route-statefulness.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-cookies-to-keep-route-statefulness"]
 = Using cookies to keep route statefulness
 {product-author}
diff --git a/networking/using-ptp.adoc b/networking/using-ptp.adoc
deleted file mode 100644
index 0ddd6236ac53..000000000000
--- a/networking/using-ptp.adoc
+++ /dev/null
@@ -1,121 +0,0 @@
-:_content-type: ASSEMBLY
-[id="using-ptp"]
-= Using PTP hardware
-include::_attributes/common-attributes.adoc[]
-:context: using-ptp
-
-toc::[]
-
-You can configure `linuxptp` services and use PTP-capable hardware in {product-title} cluster nodes.
-
-[id="about-using-ptp-hardware"]
-== About PTP hardware
-
-You can use the {product-title} console or OpenShift CLI (`oc`) to install PTP by deploying the PTP Operator. The PTP Operator creates and manages the `linuxptp` services and provides the following features:
-
-* Discovery of the PTP-capable devices in the cluster.
-
-* Management of the configuration of `linuxptp` services.
-
-* Notification of PTP clock events that negatively affect the performance and reliability of your application with the PTP Operator `cloud-event-proxy` sidecar.
-
-[NOTE]
-====
-The PTP Operator works with PTP-capable devices on clusters provisioned only on bare-metal infrastructure.
-====
-
-include::modules/nw-ptp-introduction.adoc[leveloffset=+1]
-
-[IMPORTANT]
-====
-Before enabling PTP, ensure that NTP is disabled for the required nodes. You can disable the chrony time service (`chronyd`) using a `MachineConfig` custom resource. For more information, see xref:../post_installation_configuration/machine-configuration-tasks.adoc#cnf-disable-chronyd_post-install-machine-configuration-tasks[Disabling chrony time service].
-====
-
-include::modules/ptp-dual-nics.adoc[leveloffset=+2]
-
-include::modules/ptp-linuxptp-introduction.adoc[leveloffset=+1]
-
-include::modules/nw-ptp-installing-operator-cli.adoc[leveloffset=+1]
-
-include::modules/nw-ptp-installing-operator-web-console.adoc[leveloffset=+1]
-
-== Configuring PTP devices
-
-The PTP Operator adds the `NodePtpDevice.ptp.openshift.io` custom resource definition (CRD) to {product-title}.
-
-When installed, the PTP Operator searches your cluster for PTP-capable network devices on each node. It creates and updates a `NodePtpDevice` custom resource (CR) object for each node that provides a compatible PTP-capable network device.
-
-include::modules/nw-ptp-device-discovery.adoc[leveloffset=+2]
-
-include::modules/nw-ptp-configuring-linuxptp-services-as-grandmaster-clock.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../networking/using-ptp.adoc#cnf-configuring-the-ptp-fast-event-publisher_using-ptp[Configuring the PTP fast event notifications publisher]
-
-include::modules/nw-ptp-grandmaster-clock-configuration-reference.adoc[leveloffset=+3]
-
-include::modules/nw-ptp-configuring-linuxptp-services-as-ordinary-clock.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For more information about FIFO priority scheduling on PTP hardware, see xref:../networking/using-ptp.adoc#cnf-configuring-fifo-priority-scheduling-for-ptp_using-ptp[Configuring FIFO priority scheduling for PTP hardware].
-
-* For more information about configuring PTP fast events, see xref:../networking/using-ptp.adoc#cnf-configuring-the-ptp-fast-event-publisher_using-ptp[Configuring the PTP fast event notifications publisher].
-
-include::modules/nw-ptp-configuring-linuxptp-services-as-boundary-clock.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For more information about FIFO priority scheduling on PTP hardware, see xref:../networking/using-ptp.adoc#cnf-configuring-fifo-priority-scheduling-for-ptp_using-ptp[Configuring FIFO priority scheduling for PTP hardware].
-
-* For more information about configuring PTP fast events, see xref:../networking/using-ptp.adoc#cnf-configuring-the-ptp-fast-event-publisher_using-ptp[Configuring the PTP fast event notifications publisher].
-
-include::modules/ptp-configuring-linuxptp-services-as-boundary-clock-dual-nic.adoc[leveloffset=+2]
-
-include::modules/nw-columbiaville-ptp-config-refererence.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For a complete example CR that configures `linuxptp` services as an ordinary clock with PTP fast events, see xref:../networking/using-ptp.adoc#configuring-linuxptp-services-as-ordinary-clock_using-ptp[Configuring linuxptp services as ordinary clock].
-
-include::modules/cnf-configuring-fifo-priority-scheduling-for-ptp.adoc[leveloffset=+2]
-
-include::modules/cnf-configuring-log-filtering-for-linuxptp.adoc[leveloffset=+2]
-
-include::modules/cnf-troubleshooting-common-ptp-operator-issues.adoc[leveloffset=+1]
-
-== PTP hardware fast event notifications framework
-
-Cloud native applications such as virtual RAN (vRAN) require access to notifications about hardware timing events that are critical to the functioning of the overall network.
-PTP clock synchronization errors can negatively affect the performance and reliability of your low-latency application, for example, a vRAN application running in a distributed unit (DU).
-
-include::modules/cnf-about-ptp-and-clock-synchronization.adoc[leveloffset=+2]
-
-include::modules/cnf-about-ptp-fast-event-notifications-framework.adoc[leveloffset=+2]
-
-include::modules/cnf-configuring-the-ptp-fast-event-publisher.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For a complete example CR that configures `linuxptp` services as an ordinary clock with PTP fast events, see xref:../networking/using-ptp.adoc#configuring-linuxptp-services-as-ordinary-clock_using-ptp[Configuring linuxptp services as ordinary clock].
-
-* For more information about manually configuring persistent storage in the cluster, see xref:../storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc#persistent-storage-using-local-volume[Persistent storage using local volumes].
-
-include::modules/cnf-migrating-from-amqp-to-http-transport.adoc[leveloffset=+2]
-
-include::modules/cnf-installing-amq-interconnect-messaging-bus.adoc[leveloffset=+2]
-
-include::modules/cnf-fast-event-notifications-api-refererence.adoc[leveloffset=+2]
-
-include::modules/cnf-monitoring-fast-events-metrics.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../monitoring/managing-metrics.adoc[Managing metrics]
diff --git a/networking/using-sctp.adoc b/networking/using-sctp.adoc
index f9c49719d321..bb90a90c79dd 100644
--- a/networking/using-sctp.adoc
+++ b/networking/using-sctp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-sctp"]
 = Using the Stream Control Transmission Protocol (SCTP) on a bare metal cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/networking/verifying-connectivity-endpoint.adoc b/networking/verifying-connectivity-endpoint.adoc
index 26c99efc1524..57e75e4e899e 100644
--- a/networking/verifying-connectivity-endpoint.adoc
+++ b/networking/verifying-connectivity-endpoint.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="verifying-connectivity-endpoint"]
 = Verifying connectivity to an endpoint
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/clusters/nodes-cluster-cgroups-2.adoc b/nodes/clusters/nodes-cluster-cgroups-2.adoc
index 6c418ea58c34..de2f561f82f3 100644
--- a/nodes/clusters/nodes-cluster-cgroups-2.adoc
+++ b/nodes/clusters/nodes-cluster-cgroups-2.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-cgroups-2
 [id="nodes-cluster-cgroups-2"]
 = Configuring the Linux cgroup version on your nodes
@@ -6,9 +6,27 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-By default, {product-title} uses  link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1.html[Linux control group version 1] (cgroup v1) in your cluster. You can switch to link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2), if needed, by editing the `node.config` object. Enabling cgroup v2 in {product-title} disables all cgroup version 1 controllers and hierarchies in your cluster. 
-
-cgroup v2 is the next version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation. 
+ifndef::openshift-origin[]
+As of {product-title} 4.14, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. If you are using cgroup v1 on {product-title} 4.13 or earlier, migrating to {product-title} 4.14 or later will not automatically update your cgroup configuration to version 2. A fresh installation of {product-title} 4.14 or later will use cgroup v2 by default. However, you can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/index.html[Linux control group version 1] (cgroup v1) upon installation. 
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+{product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster.
+endif::openshift-origin[]
+
+include::snippets/cgroupv2-vs-cgroupv1.adoc[]
+
+You can change between cgroup v1 and cgroup v2, as needed. Enabling cgroup v1 in {product-title} disables all cgroup v2 controllers and hierarchies in your cluster. 
+
+[NOTE]
+====
+* If you run third-party monitoring and security agents that depend on the cgroup file system, update the agents to a version that supports cgroup v2.
+* If you have configured cgroup v2 and run cAdvisor as a stand-alone daemon set for monitoring pods and containers, update cAdvisor to v0.43.0 or later.
+* If you deploy Java applications, use versions that fully support cgroup v2, such as the following packages:
+** OpenJDK / HotSpot: jdk8u372, 11.0.16, 15 and later
+** NodeJs 20.3.0 or later
+** IBM Semeru Runtimes: jdk8u345-b01, 11.0.16.0, 17.0.4.0, 18.0.2.0 and later
+** IBM SDK Java Technology Edition Version (IBM Java): 8.0.7.15 and later
+====
 
 // The following include statements pull in the module files that comprise
 // the assembly. Include any combination of concept, procedure, or reference
diff --git a/nodes/clusters/nodes-cluster-cgroups-okd.adoc b/nodes/clusters/nodes-cluster-cgroups-okd.adoc
deleted file mode 100644
index b938792a38b3..000000000000
--- a/nodes/clusters/nodes-cluster-cgroups-okd.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-:context: nodes-cluster-cgroups-2
-[id="nodes-cluster-cgroups-okd"]
-= Configuring the Linux cgroup version on your nodes
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-By default, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. You can switch to link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1.html[Linux control group version 1] (cgroup v1), if needed.
-
-cgroup v2 is the next version of the kernel link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/resource_management_guide/ch01[control group] and offers multiple improvements. However, it can have some unwanted effects on your nodes.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/nodes-clusters-cgroups-okd-configure.adoc[leveloffset=+1]
-
diff --git a/nodes/clusters/nodes-cluster-enabling-features.adoc b/nodes/clusters/nodes-cluster-enabling-features.adoc
index 895e3d1676eb..9757d8e6d7cc 100644
--- a/nodes/clusters/nodes-cluster-enabling-features.adoc
+++ b/nodes/clusters/nodes-cluster-enabling-features.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-enabling
 [id="nodes-cluster-enabling"]
 = Enabling features using feature gates
@@ -24,7 +24,6 @@ For more information about the features activated by the `TechPreviewNoUpgrade`
 
 ** xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]
 
-** xref:../../nodes/pods/nodes-pods-configuring.adoc#pod-disruption-eviction-policy_nodes-pods-configuring[Specifying the eviction policy for unhealthy pods]
 
 ** xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Pod security admission enforcement].
 
diff --git a/nodes/clusters/nodes-cluster-limit-ranges.adoc b/nodes/clusters/nodes-cluster-limit-ranges.adoc
index aabc107d7d20..709ee1eb9206 100644
--- a/nodes/clusters/nodes-cluster-limit-ranges.adoc
+++ b/nodes/clusters/nodes-cluster-limit-ranges.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-limit-ranges
 [id="nodes-cluster-limit-ranges"]
 = Restrict resource consumption with limit ranges
@@ -7,20 +7,20 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 
-By default, containers run with unbounded compute resources on an {product-title} 
-cluster. With limit ranges, you can restrict resource consumption for specific 
-objects in a project: 
+By default, containers run with unbounded compute resources on an {product-title}
+cluster. With limit ranges, you can restrict resource consumption for specific
+objects in a project:
 
 * pods and containers: You can set minimum and maximum requirements for CPU and
 memory for pods and their containers.
-* Image streams: You can set limits on the number of images and tags in an 
+* Image streams: You can set limits on the number of images and tags in an
 `ImageStream` object.
-* Images: You can limit the size of images that can be pushed to an internal 
+* Images: You can limit the size of images that can be pushed to an internal
 registry.
-* Persistent volume claims (PVC): You can restrict the size of the PVCs that can 
+* Persistent volume claims (PVC): You can restrict the size of the PVCs that can
 be requested.
 
-If a pod does not meet the constraints imposed by the limit 
+If a pod does not meet the constraints imposed by the limit
 range, the pod cannot be created in the namespace.
 
 // The following include statements pull in the module files that comprise
diff --git a/nodes/clusters/nodes-cluster-overcommit.adoc b/nodes/clusters/nodes-cluster-overcommit.adoc
index fc0b808b3f13..42d7354c04d8 100644
--- a/nodes/clusters/nodes-cluster-overcommit.adoc
+++ b/nodes/clusters/nodes-cluster-overcommit.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-overcommit
 [id="nodes-cluster-overcommit"]
 = Configuring your cluster to place pods on overcommitted nodes
@@ -24,12 +24,21 @@ The scheduler attempts to optimize the compute resource use across all nodes
 in your cluster. It places pods onto specific nodes, taking the pods' compute
 resource requests and nodes' available capacity into consideration.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 {product-title} administrators can control the level of overcommit and manage
 container density on nodes. You can configure cluster-level overcommit using
 the xref:#nodes-cluster-resource-override_nodes-cluster-overcommit[ClusterResourceOverride Operator]
 to override the ratio between requests and limits set on developer containers.
 In conjunction with xref:#nodes-cluster-node-overcommit_nodes-cluster-overcommit[node overcommit] and
 xref:../../applications/deployments/managing-deployment-processes.adoc#deployments-setting-resources_deployment-operations[project memory and CPU limits and defaults], you can adjust the resource limit and request to achieve the desired level of overcommit.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+{product-title} administrators can control the level of overcommit and manage
+container density on nodes. You can configure cluster-level overcommit using
+the xref:#nodes-cluster-resource-override_nodes-cluster-overcommit[ClusterResourceOverride Operator]
+to override the ratio between requests and limits set on developer containers.
+In conjunction with xref:#nodes-cluster-node-overcommit_nodes-cluster-overcommit[node overcommit], you can adjust the resource limit and request to achieve the desired level of overcommit.
+endif::openshift-rosa,openshift-dedicated[]
 
 [NOTE]
 ====
@@ -73,9 +82,11 @@ include::modules/nodes-cluster-project-overcommit.adoc[leveloffset=+1]
 
 include::modules/nodes-cluster-overcommit-project-disable.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 [id="nodes-cluster-overcommit-addtl-resources"]
 == Additional resources
 
 * xref:../../applications/deployments/managing-deployment-processes.adoc#deployments-triggers_deployment-operations[Setting deployment resources].
 * xref:../../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring-setting_nodes-nodes-resources-configuring[Allocating resources for nodes].
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/clusters/nodes-cluster-pods-configuring.adoc b/nodes/clusters/nodes-cluster-pods-configuring.adoc
deleted file mode 100644
index 12ebffb7bd05..000000000000
--- a/nodes/clusters/nodes-cluster-pods-configuring.adoc
+++ /dev/null
@@ -1,39 +0,0 @@
-:_content-type: ASSEMBLY
-:context: nodes-cluster-pods
-[id="nodes-cluster-pods-configuring"]
-= Configuring an {product-title} cluster for pods
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-As an administrator, you can create and maintain an efficient cluster for pods.
-
-By keeping your cluster efficient, you can provide a better environment for your developers using
-such tools as what a pod does when it exits, ensuring that the required number of pods is always running,
-when to restart pods designed to run only once, limit the bandwidth available to pods, and how to keep
-pods running during disruptions.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
-include::modules/nodes-pods-configuring-restart.adoc[leveloffset=+1]
-
-include::modules/nodes-pods-configuring-bandwidth.adoc[leveloffset=+1]
-
-include::modules/nodes-pods-pod-disruption-about.adoc[leveloffset=+1]
-
-include::modules/nodes-pods-pod-disruption-configuring.adoc[leveloffset=+2]
-
-include::modules/pod-disruption-eviction-policy.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates]
-* link:https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy[Unhealthy Pod Eviction Policy] in the Kubernetes documentation
-
-include::modules/nodes-pods-configuring-pod-critical.adoc[leveloffset=+1]
-
-// modules/nodes-pods-configuring-run-once.adoc[leveloffset=+1]
diff --git a/nodes/clusters/nodes-cluster-resource-configure.adoc b/nodes/clusters/nodes-cluster-resource-configure.adoc
index 958c7a6ebeca..69d1e6899718 100644
--- a/nodes/clusters/nodes-cluster-resource-configure.adoc
+++ b/nodes/clusters/nodes-cluster-resource-configure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-resource-configure
 [id="nodes-cluster-resource-configure"]
 = Configuring cluster memory to meet container memory and risk requirements
@@ -28,10 +28,11 @@ managing application memory by:
 
 include::modules/nodes-cluster-resource-configure-about.adoc[leveloffset=+1]
 
+ifdef::openshift-origin,openshift-online,openshift-webscale,openshift-enterprise[]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../nodes/clusters/nodes-cluster-overcommit.adoc#nodes-cluster-overcommit-reserving-memory_nodes-cluster-overcommit[Understanding compute resources and containers]
-
+endif::[]
 
 include::modules/nodes-cluster-resource-configure-jdk.adoc[leveloffset=+1]
 
diff --git a/nodes/clusters/nodes-cluster-resource-levels.adoc b/nodes/clusters/nodes-cluster-resource-levels.adoc
index fc9b829a933c..31da93377fd8 100644
--- a/nodes/clusters/nodes-cluster-resource-levels.adoc
+++ b/nodes/clusters/nodes-cluster-resource-levels.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-resource-levels
 [id="nodes-cluster-resource-levels"]
 = Estimating the number of pods your {product-title} nodes can hold
@@ -8,11 +8,7 @@ toc::[]
 
 
 
-As a cluster administrator, you can use the cluster capacity tool to view the
-number of pods that can be scheduled to increase the current resources before
-they become exhausted, and to ensure any future pods can be scheduled. This
-capacity comes from an individual node host in a cluster, and includes CPU,
-memory, disk space, and others.
+As a cluster administrator, you can use the OpenShift Cluster Capacity Tool to view the number of pods that can be scheduled to increase the current resources before they become exhausted, and to ensure any future pods can be scheduled. This capacity comes from an individual node host in a cluster, and includes CPU, memory, disk space, and others.
 
 // The following include statements pull in the module files that comprise
 // the assembly. Include any combination of concept, procedure, or reference
diff --git a/nodes/clusters/nodes-cluster-worker-latency-profiles.adoc b/nodes/clusters/nodes-cluster-worker-latency-profiles.adoc
index d6ae01244452..54f2bc732519 100644
--- a/nodes/clusters/nodes-cluster-worker-latency-profiles.adoc
+++ b/nodes/clusters/nodes-cluster-worker-latency-profiles.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cluster-worker-latency-profiles
 [id="nodes-cluster-worker-latency-profiles"]
-= Improving cluster stability in high latency environments using worker latency profiles  
+= Improving cluster stability in high latency environments using worker latency profiles
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
diff --git a/nodes/clusters/nodes-containers-events.adoc b/nodes/clusters/nodes-containers-events.adoc
index 1a3955b79ffd..8b55ef5ec454 100644
--- a/nodes/clusters/nodes-containers-events.adoc
+++ b/nodes/clusters/nodes-containers-events.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-events
 [id="nodes-containers-events"]
 = Viewing system event information in an {product-title} cluster
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-about.adoc b/nodes/cma/nodes-cma-autoscaling-custom-about.adoc
index 80326bdd8128..62a9db2e4f5a 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-about.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-about
 [id="nodes-cma-autoscaling-custom-understanding"]
 = Understanding the custom metrics autoscaler
@@ -7,18 +7,18 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 
-The Custom Metrics Autoscaler Operator scales your pods up and down based on custom, external metrics from specific applications. Your other applications continue to use other scaling methods. You configure _triggers_, also known as scalers, which are the source of events and metrics that the custom metrics autoscaler uses to determine how to scale. The custom metrics autoscaler uses a metrics API to convert the external metrics to a form that {product-title} can use. The custom metrics autoscaler creates a horizontal pod autoscaler (HPA) that performs the actual scaling. 
+The Custom Metrics Autoscaler Operator scales your pods up and down based on custom, external metrics from specific applications. Your other applications continue to use other scaling methods. You configure _triggers_, also known as scalers, which are the source of events and metrics that the custom metrics autoscaler uses to determine how to scale. The custom metrics autoscaler uses a metrics API to convert the external metrics to a form that {product-title} can use. The custom metrics autoscaler creates a horizontal pod autoscaler (HPA) that performs the actual scaling.
 
-To use the custom metrics autoscaler, you create a `ScaledObject` or `ScaledJob` object, which is a custom resource (CR) that defines the scaling metadata. You specify the deployment or job to scale, the source of the metrics to scale on (trigger), and other parameters such as the minimum and maximum replica counts allowed. 
+To use the custom metrics autoscaler, you create a `ScaledObject` or `ScaledJob` object, which is a custom resource (CR) that defines the scaling metadata. You specify the deployment or job to scale, the source of the metrics to scale on (trigger), and other parameters such as the minimum and maximum replica counts allowed.
 
 [NOTE]
 ====
 You can create only one scaled object for each workload that you want to scale. Also, you cannot use a scaled object and the horizontal pod autoscaler (HPA) on the same workload.
-==== 
+====
 
-The custom metrics autoscaler, unlike the HPA, can scale to zero. If you set the `minReplicaCount` value in the custom metrics autoscaler CR to `0`, the custom metrics autoscaler scales the workload down from 1 to 0 replicas to or up from 0 replicas to 1. This is known as the _activation phase_. After scaling up to 1 replica, the HPA takes control of the scaling. This is known as the _scaling phase_. 
+The custom metrics autoscaler, unlike the HPA, can scale to zero. If you set the `minReplicaCount` value in the custom metrics autoscaler CR to `0`, the custom metrics autoscaler scales the workload down from 1 to 0 replicas to or up from 0 replicas to 1. This is known as the _activation phase_. After scaling up to 1 replica, the HPA takes control of the scaling. This is known as the _scaling phase_.
 
-Some triggers allow you to change the number of replicas that are scaled by the cluster metrics autoscaler.  In all cases, the parameter to configure the activation phase always uses the same phrase, prefixed with _activation_. For example, if the `threshold` parameter configures scaling, `activationThreshold` would configure activation. Configuring the activation and scaling phases allows you more flexibility with your scaling policies. For example, you could configure a higher activation phase to prevent scaling up or down if the metric is particularly low.  
+Some triggers allow you to change the number of replicas that are scaled by the cluster metrics autoscaler.  In all cases, the parameter to configure the activation phase always uses the same phrase, prefixed with _activation_. For example, if the `threshold` parameter configures scaling, `activationThreshold` would configure activation. Configuring the activation and scaling phases allows you more flexibility with your scaling policies. For example, you could configure a higher activation phase to prevent scaling up or down if the metric is particularly low.
 
 The activation value has more priority than the scaling value in case of different decisions for each. For example, if the `threshold` is set to `10`, and the `activationThreshold` is `50`, if the metric reports `40`, the scaler is not active and the pods are scaled to zero even if the HPA requires 4 instances.
 
@@ -26,7 +26,7 @@ The activation value has more priority than the scaling value in case of differe
 [NOTE]
 ====
 You can create only one scaled object or scaled job for each workload that you want to scale. Also, you cannot use a scaled object or scaled job and the horizontal pod autoscaler (HPA) on the same workload. If you want to scale based on a custom trigger and CPU/Memory, you can create multiple triggers in the scaled object or scaled job.
-==== 
+====
 ////
 
 You can verify that the autoscaling has taken place by reviewing the number of pods in your custom resource or by reviewing the Custom Metrics Autoscaler Operator logs for messages similar to the following:
@@ -34,11 +34,11 @@ You can verify that the autoscaling has taken place by reviewing the number of p
 [source,terminal]
 ----
 Successfully set ScaleTarget replica count
----- 
+----
 
 [source,terminal]
 ----
 Successfully updated ScaleTarget
----- 
+----
 
 You can temporarily pause the autoscaling of a workload object, if needed. For example, you could pause autoscaling before performing cluster maintenance.
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-adding.adoc b/nodes/cma/nodes-cma-autoscaling-custom-adding.adoc
index 1800a8869de9..0ea901bb06b4 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-adding.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-adding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-adding
 [id="nodes-cma-autoscaling-custom-adding"]
 = Understanding how to add custom metrics autoscalers
@@ -9,9 +9,20 @@ toc::[]
 
 To add a custom metrics autoscaler, create a `ScaledObject` custom resource for a deployment, stateful set, or custom resource. Create a `ScaledJob` custom resource for a job.
 
-You can create only one scaled object for each workload that you want to scale. Also, you cannot use a scaled object and the horizontal pod autoscaler (HPA) on the same workload. 
+You can create only one scaled object for each workload that you want to scale. Also, you cannot use a scaled object and the horizontal pod autoscaler (HPA) on the same workload.
 
 // If you want to scale based on a custom trigger and CPU/Memory, you can create multiple triggers in the scaled object or scaled job.
 
 include::modules/nodes-cma-autoscaling-custom-creating-workload.adoc[leveloffset=+1]
+
+//Scaling by using a scaled job is a Technology Preview feature. TP not supported in ROSA/OSD
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/nodes-cma-autoscaling-custom-creating-job.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+[role="_additional-resources"]
+[id="nodes-cma-autoscaling-custom-adding-additional-resources"]
+== Additional resources
+
+* xref:../../nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc#nodes-cma-autoscaling-custom-trigger-auth[Understanding custom metrics autoscaler trigger authentications]
+
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-audit-log.adoc b/nodes/cma/nodes-cma-autoscaling-custom-audit-log.adoc
index 3b6c7891f9a3..df1c77286308 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-audit-log.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-audit-log.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-audit-log
 [id="nodes-cma-autoscaling-custom-audit-log"]
 = Gathering audit logs
@@ -10,6 +10,6 @@ toc::[]
 
 You can gather audit logs, which are a security-relevant chronological set of records documenting the sequence of activities that have affected the system by individual users, administrators, or other components of the system.
 
-For example, audit logs can help you understand where an autoscaling request is coming from. This is key information when backends are getting overloaded by autoscaling requests made by user applications and you need to determine which is the troublesome application. 
+For example, audit logs can help you understand where an autoscaling request is coming from. This is key information when backends are getting overloaded by autoscaling requests made by user applications and you need to determine which is the troublesome application.
 
 include::modules/nodes-cma-autoscaling-custom-audit.adoc[leveloffset=+1]
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-debugging.adoc b/nodes/cma/nodes-cma-autoscaling-custom-debugging.adoc
index a0b5de895291..bf3ef55131f2 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-debugging.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-debugging.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-debugging
 [id="nodes-cma-autoscaling-custom-debugging"]
 = Gathering debugging data
@@ -17,7 +17,12 @@ endif::openshift-origin[]
 
 You can use the `must-gather` tool to collect data about the Custom Metrics Autoscaler Operator and its components, including the following items:
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * The `openshift-keda` namespace and its child objects.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* The `keda` namespace and its child objects.
+endif::openshift-rosa,openshift-dedicated[]
 * The Custom Metric Autoscaler Operator installation objects.
 * The Custom Metric Autoscaler Operator CRD objects.
 
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-install.adoc b/nodes/cma/nodes-cma-autoscaling-custom-install.adoc
index 92ae330e60a6..66ff6c62fcbc 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-install.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-install
 [id="nodes-cma-autoscaling-custom-install"]
 = Installing the custom metrics autoscaler
@@ -17,4 +17,10 @@ The installation creates the following five CRDs:
 * `ScaledObject`
 * `TriggerAuthentication`
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/nodes-cma-autoscaling-custom-install.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+include::modules/sd-nodes-cma-autoscaling-custom-install.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-metrics.adoc b/nodes/cma/nodes-cma-autoscaling-custom-metrics.adoc
index edb5e68227cc..9ebe10e28799 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-metrics.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-metrics
 [id="nodes-cma-autoscaling-custom-metrics"]
 = Viewing Operator metrics
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-pausing.adoc b/nodes/cma/nodes-cma-autoscaling-custom-pausing.adoc
index 5ab1fe4b5738..aaab128ac0ac 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-pausing.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-pausing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-pausing
 [id="nodes-cma-autoscaling-custom-pausing"]
 = Pausing the custom metrics autoscaler for a scaled object
@@ -9,7 +9,7 @@ toc::[]
 
 You can pause and restart the autoscaling of a workload, as needed.
 
-For example, you might want to pause autoscaling before performing cluster maintenance or to avoid resource starvation by removing non-mission-critical workloads. 
+For example, you might want to pause autoscaling before performing cluster maintenance or to avoid resource starvation by removing non-mission-critical workloads.
 
 include::modules/nodes-cma-autoscaling-custom-pausing-workload.adoc[leveloffset=+1]
 include::modules/nodes-cma-autoscaling-custom-pausing-restart.adoc[leveloffset=+1]
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-removing.adoc b/nodes/cma/nodes-cma-autoscaling-custom-removing.adoc
index 379af055b69e..cc98a26a3d74 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-removing.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-removing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-removing
 [id="nodes-cma-autoscaling-custom-removing"]
 = Removing the Custom Metrics Autoscaler Operator
@@ -6,11 +6,19 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can remove the custom metrics autoscaler from your {product-title} cluster. After removing the Custom Metrics Autoscaler Operator, remove other components associated with the Operator to avoid potential issues. 
+You can remove the custom metrics autoscaler from your {product-title} cluster. After removing the Custom Metrics Autoscaler Operator, remove other components associated with the Operator to avoid potential issues.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [NOTE]
 ====
 Delete the `KedaController` custom resource (CR) first. If you do not delete the `KedaController` CR, {product-title} can hang when you delete the `openshift-keda` project. If you delete the Custom Metrics Autoscaler Operator before deleting the CR, you are not able to delete the CR.
 ====
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+[NOTE]
+====
+Delete the `KedaController` custom resource (CR) first. If you do not delete the `KedaController` CR, {product-title} can hang when you delete the `keda` project. If you delete the Custom Metrics Autoscaler Operator before deleting the CR, you are not able to delete the CR.
+====
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nodes-cma-autoscaling-custom-uninstalling.adoc[leveloffset=+1]
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-rn.adoc b/nodes/cma/nodes-cma-autoscaling-custom-rn.adoc
index e0eae9f08cf6..a8b1c78990ae 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-rn.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-rn.adoc
@@ -2,7 +2,7 @@
 //
 // * nodes/nodes-pods-autoscaling-custom.adoc
 
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-removing
 [id="nodes-cma-autoscaling-custom-rn_{context}"]
 = Custom Metrics Autoscaler Operator release notes
@@ -30,23 +30,69 @@ The following table defines the Custom Metrics Autoscaler Operator versions for
 |{product-title} version
 |General availability
 
-|2.10.1
+|2.11.2
 |4.13
 |General availability
 
-|2.10.1
+|2.11.2
 |4.12
 |General availability
 
-|2.10.1
+|2.11.2
 |4.11
 |General availability
 
-|2.10.1
+|2.11.2
 |4.10
 |General availability
 |===
 
+[id="nodes-pods-autoscaling-custom-rn-2112_{context}"]
+== Custom Metrics Autoscaler Operator 2.11.2-311 release notes
+
+This release of the Custom Metrics Autoscaler Operator 2.11.2-311 provides new features and bug fixes for running the Operator in an {product-title} cluster. The components of the Custom Metrics Autoscaler Operator 2.11.2-311 were released in link:https://access.redhat.com/errata/RHBA-2023:5981[RHBA-2023:5981].
+
+[IMPORTANT]
+====
+Before installing this version of the Custom Metrics Autoscaler Operator, remove any previously installed Technology Preview versions or the community-supported version of KEDA.
+====
+
+[id="nodes-pods-autoscaling-custom-rn-2112-new_{context}"]
+=== New features and enhancements
+
+[id="nodes-pods-autoscaling-custom-rn-2112-new-rosa-osd_{context}"]
+==== Red Hat OpenShift Service on AWS (ROSA) and OpenShift Dedicated are now supported
+
+The Custom Metrics Autoscaler Operator 2.11.2-311 can be installed on OpenShift ROSA and OpenShift Dedicated managed clusters. Previous versions of the Custom Metrics Autoscaler Operator could be installed only in the `openshift-keda` namespace. This prevented the Operator from being installed on OpenShift ROSA and OpenShift Dedicated clusters. This version of Custom Metrics Autoscaler allows installation to other namespaces such as `openshift-operators` or `keda`, enabling installation into ROSA and Dedicated clusters.
+
+[id="nodes-pods-autoscaling-custom-rn-2112-bugs_{context}"]
+=== Bug fixes
+
+* Previously, if the Custom Metrics Autoscaler Operator was installed and configured, but not in use, the OpenShift CLI reported the `couldn't get resource list for external.metrics.k8s.io/v1beta1: Got empty response for: external.metrics.k8s.io/v1beta1` error after any `oc` command was entered. The message, although harmless, could have caused confusion. With this fix, the `Got empty response for: external.metrics...` error no longer appears inappropriately. (link:https://issues.redhat.com/browse/OCPBUGS-15779[*OCPBUGS-15779*])
+
+* Previously, any annotation or label change to objects managed by the Custom Metrics Autoscaler were reverted by Custom Metrics Autoscaler Operator any time the Keda Controller was modified, for example after a configuration change. This caused continuous changing of labels in your objects. The Custom Metrics Autoscaler now uses its own annotation to manage labels and annotations, and annotation or label are no longer inappropriately reverted. (link:https://issues.redhat.com/browse/OCPBUGS-15590[*OCPBUGS-15590*])
+
+[id="nodes-pods-autoscaling-custom-rn-210-267_{context}"]
+== Custom Metrics Autoscaler Operator 2.10.1-267 release notes
+
+This release of the Custom Metrics Autoscaler Operator 2.10.1-267 provides new features and bug fixes for running the Operator in an {product-title} cluster. The components of the Custom Metrics Autoscaler Operator 2.10.1-267 were released in link:https://access.redhat.com/errata/RHBA-2023:4089[RHBA-2023:4089].
+
+[IMPORTANT]
+====
+Before installing this version of the Custom Metrics Autoscaler Operator, remove any previously installed Technology Preview versions or the community-supported version of KEDA.
+====
+
+[id="nodes-pods-autoscaling-custom-rn-210-267-bugs_{context}"]
+=== Bug fixes
+
+* Previously, the `custom-metrics-autoscaler` and `custom-metrics-autoscaler-adapter` images did not contain time zone information. Because of this, scaled objects with cron triggers failed to work because the controllers were unable to find time zone information. With this fix, the image builds now include time zone information. As a result, scaled objects containing cron triggers now function properly. (link:https://issues.redhat.com/browse/OCPBUGS-15264[*OCPBUGS-15264*])
+
+* Previously, the Custom Metrics Autoscaler Operator would attempt to take ownership of all managed objects, including objects in other namespaces and cluster-scoped objects. Because of this, the Custom Metrics Autoscaler Operator was unable to create the role binding for reading the credentials necessary to be an API server. This caused errors in the `kube-system` namespace. With this fix, the Custom Metrics Autoscaler Operator skips adding the `ownerReference` field to any object in another namespace or any cluster-scoped object. As a result, the role binding is now created without any errors. (link:https://issues.redhat.com/browse/OCPBUGS-15038[*OCPBUGS-15038*])
+
+* Previously, the Custom Metrics Autoscaler Operator added an `ownerReferences` field to the `openshift-keda` namespace. While this did not cause functionality problems, the presence of this field could have caused confusion for cluster administrators. With this fix, the Custom Metrics Autoscaler Operator does not add the `ownerReference` field to the `openshift-keda` namespace. As a result, the `openshift-keda` namespace no longer has a superfluous `ownerReference` field. (link:https://issues.redhat.com/browse/OCPBUGS-15293[*OCPBUGS-15293*])
+
+* Previously, if you used a Prometheus trigger configured with authentication method other than pod identity, and the `podIdentity` parameter was set to `none`, the trigger would fail to scale. With this fix, the Custom Metrics Autoscaler for OpenShift now properly handles the `none` pod identity provider type. As a result, a Prometheus trigger configured with authentication method other than pod identity, and the `podIdentity` parameter sset to `none` now properly scales. (link:https://issues.redhat.com/browse/OCPBUGS-15274[*OCPBUGS-15274*])
+
 [id="nodes-pods-autoscaling-custom-rn-210_{context}"]
 == Custom Metrics Autoscaler Operator 2.10.1 release notes
 
@@ -54,16 +100,16 @@ This release of the Custom Metrics Autoscaler Operator 2.10.1 provides new featu
 
 [IMPORTANT]
 ====
-Before installing this version of the Custom Metrics Autoscaler Operator, remove any previously-installed Technology Preview versions or the community-supported version of KEDA.
+Before installing this version of the Custom Metrics Autoscaler Operator, remove any previously installed Technology Preview versions or the community-supported version of KEDA.
 ====
 
 [id="nodes-pods-autoscaling-custom-rn-210-new_{context}"]
 === New features and enhancements
 
 [id="nodes-pods-autoscaling-custom-rn-210-ga_{context}"]
-==== Custom Metrics Autoscaler Operator general availability 
+==== Custom Metrics Autoscaler Operator general availability
 
-The Custom Metrics Autoscaler Operator is now generally available as of Custom Metrics Autoscaler Operator version 2.10.1. 
+The Custom Metrics Autoscaler Operator is now generally available as of Custom Metrics Autoscaler Operator version 2.10.1.
 
 :FeatureName: Scaling by using a scaled job
 include::snippets/technology-preview.adoc[]
@@ -71,7 +117,7 @@ include::snippets/technology-preview.adoc[]
 [id="nodes-pods-autoscaling-custom-rn-210-metrics_{context}"]
 ==== Performance metrics
 
-You can now use the Prometheus Query Language (PromQL) to query metrics on the Custom Metrics Autoscaler Operator. 
+You can now use the Prometheus Query Language (PromQL) to query metrics on the Custom Metrics Autoscaler Operator.
 
 [id="nodes-pods-autoscaling-custom-rn-210-pause_{context}"]
 ==== Pausing the custom metrics autoscaling for scaled objects
@@ -132,7 +178,7 @@ The Custom Metrics Autoscaler Operator version 2.8.2 is a link:https://access.re
 [id="autoscaling-custom-2-8-2-audit-log"]
 ==== Audit Logging
 
-You can now gather and view audit logs for the Custom Metrics Autoscaler Operator and its associated components. Audit logs are security-relevant chronological sets of records that document the sequence of activities that have affected the system by individual users, administrators, or other components of the system.  
+You can now gather and view audit logs for the Custom Metrics Autoscaler Operator and its associated components. Audit logs are security-relevant chronological sets of records that document the sequence of activities that have affected the system by individual users, administrators, or other components of the system.
 
 [id="autoscaling-custom-2-8-2-kafka-metrics"]
 ==== Scale applications based on Apache Kafka metrics
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc b/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc
index e88f20d23d73..295d104d806d 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-trigger-auth
 [id="nodes-cma-autoscaling-custom-trigger-auth"]
 = Understanding custom metrics autoscaler trigger authentications
@@ -7,11 +7,11 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 
-A trigger authentication allows you to include authentication information in a scaled object or a scaled job that can be used by the associated containers. You can use trigger authentications to pass {product-title} secrets, platform-native pod authentication mechanisms, environment variables, and so on.   
+A trigger authentication allows you to include authentication information in a scaled object or a scaled job that can be used by the associated containers. You can use trigger authentications to pass {product-title} secrets, platform-native pod authentication mechanisms, environment variables, and so on.
 
-You define a `TriggerAuthentication` object in the same namespace as the object that you want to scale. That trigger authentication can be used only by objects in that namespace. 
+You define a `TriggerAuthentication` object in the same namespace as the object that you want to scale. That trigger authentication can be used only by objects in that namespace.
 
-Alternatively, to share credentials between objects in multiple namespaces, you can create a `ClusterTriggerAuthentication` object that can be used across all namespaces. 
+Alternatively, to share credentials between objects in multiple namespaces, you can create a `ClusterTriggerAuthentication` object that can be used across all namespaces.
 
 Trigger authentications and cluster trigger authentication use the same configuration. However, a cluster trigger authentication requires an additional `kind` parameter in the authentication reference of the scaled object.
 
@@ -25,7 +25,7 @@ metadata:
   namespace: my-namespace <1>
 spec:
   secretTargetRef: <2>
-  - parameter: user-name <3>     
+  - parameter: user-name <3>
     name: my-secret <4>
     key: USER_NAME <5>
   - parameter: password
@@ -44,10 +44,10 @@ spec:
 kind: ClusterTriggerAuthentication
 apiVersion: keda.sh/v1alpha1
 metadata: <1>
-  name: secret-cluster-triggerauthentication 
+  name: secret-cluster-triggerauthentication
 spec:
   secretTargetRef: <2>
-  - parameter: user-name <3>    
+  - parameter: user-name <3>
     name: secret-name <4>
     key: USER_NAME <5>
   - parameter: user-password
@@ -70,7 +70,7 @@ metadata:
   namespace: my-namespace <1>
 spec:
   secretTargetRef: <2>
-  - parameter: bearerToken <3>     
+  - parameter: bearerToken <3>
     name: my-token-2vzfq <4>
     key: token <5>
   - parameter: ca
@@ -94,7 +94,7 @@ metadata:
 spec:
   env: <2>
   - parameter: access_key <3>
-    name: ACCESS_KEY <4> 
+    name: ACCESS_KEY <4>
     containerName: my-container <5>
 ----
 <1> Specifies the namespace of the object you want to scale.
@@ -119,8 +119,11 @@ spec:
 <2> Specifies that this trigger authentication uses a platform-native pod authentication method for authorization.
 <3> Specifies a pod identity. Supported values are `none`, `azure`, `aws-eks`, or `aws-kiam`. The default is `none`.
 
+// Remove ifdef after https://github.com/openshift/openshift-docs/pull/62147 merges
+ifndef::openshift-rosa,openshift-dedicated[]
 .Additional resources
 
 * For information about {product-title} secrets, see xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods].
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc[leveloffset=+1]
diff --git a/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc b/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
index 835fdf174bb7..4b31d313fa92 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom-trigger
 [id="nodes-cma-autoscaling-custom-overview-trigger"]
-= Understanding the custom metrics autoscaler triggers
+= Understanding custom metrics autoscaler triggers
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
@@ -9,7 +9,7 @@ toc::[]
 
 
 Triggers, also known as scalers, provide the metrics that the Custom Metrics Autoscaler Operator uses to scale your pods.
-	
+
 The custom metrics autoscaler currently supports only the Prometheus, CPU, memory, and Apache Kafka triggers.
 
 You use a `ScaledObject` or `ScaledJob` custom resource to configure triggers for specific objects, as described in the sections that follow.
diff --git a/nodes/cma/nodes-cma-autoscaling-custom.adoc b/nodes/cma/nodes-cma-autoscaling-custom.adoc
index 05f55e3365c9..bdcc6e35ec32 100644
--- a/nodes/cma/nodes-cma-autoscaling-custom.adoc
+++ b/nodes/cma/nodes-cma-autoscaling-custom.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-cma-autoscaling-custom
 [id="nodes-cma-autoscaling-custom"]
 = Custom Metrics Autoscaler Operator overview
@@ -14,18 +14,18 @@ The custom metrics autoscaler currently supports only the Prometheus, CPU, memor
 
 // For example, you can scale a database application based on the number of tables in the database, scale another application based on the number of messages in a Kafka topic, or scale based on incoming HTTP requests collected by {product-title} monitoring.
 
-The Custom Metrics Autoscaler Operator scales your pods up and down based on custom, external metrics from specific applications. Your other applications continue to use other scaling methods. You configure _triggers_, also known as scalers, which are the source of events and metrics that the custom metrics autoscaler uses to determine how to scale. The custom metrics autoscaler uses a metrics API to convert the external metrics to a form that {product-title} can use. The custom metrics autoscaler creates a horizontal pod autoscaler (HPA) that performs the actual scaling. 
+The Custom Metrics Autoscaler Operator scales your pods up and down based on custom, external metrics from specific applications. Your other applications continue to use other scaling methods. You configure _triggers_, also known as scalers, which are the source of events and metrics that the custom metrics autoscaler uses to determine how to scale. The custom metrics autoscaler uses a metrics API to convert the external metrics to a form that {product-title} can use. The custom metrics autoscaler creates a horizontal pod autoscaler (HPA) that performs the actual scaling.
 
-To use the custom metrics autoscaler, you create a `ScaledObject` or `ScaledJob` object, which is a custom resource (CR) that defines the scaling metadata. You specify the deployment or job to scale, the source of the metrics to scale on (trigger), and other parameters such as the minimum and maximum replica counts allowed. 
+To use the custom metrics autoscaler, you create a `ScaledObject` or `ScaledJob` object, which is a custom resource (CR) that defines the scaling metadata. You specify the deployment or job to scale, the source of the metrics to scale on (trigger), and other parameters such as the minimum and maximum replica counts allowed.
 
 [NOTE]
 ====
 You can create only one scaled object or scaled job for each workload that you want to scale. Also, you cannot use a scaled object or scaled job and the horizontal pod autoscaler (HPA) on the same workload.
-==== 
+====
 
-The custom metrics autoscaler, unlike the HPA, can scale to zero. If you set the `minReplicaCount` value in the custom metrics autoscaler CR to `0`, the custom metrics autoscaler scales the workload down from 1 to 0 replicas to or up from 0 replicas to 1. This is known as the _activation phase_. After scaling up to 1 replica, the HPA takes control of the scaling. This is known as the _scaling phase_. 
+The custom metrics autoscaler, unlike the HPA, can scale to zero. If you set the `minReplicaCount` value in the custom metrics autoscaler CR to `0`, the custom metrics autoscaler scales the workload down from 1 to 0 replicas to or up from 0 replicas to 1. This is known as the _activation phase_. After scaling up to 1 replica, the HPA takes control of the scaling. This is known as the _scaling phase_.
 
-Some triggers allow you to change the number of replicas that are scaled by the cluster metrics autoscaler.  In all cases, the parameter to configure the activation phase always uses the same phrase, prefixed with _activation_. For example, if the `threshold` parameter configures scaling, `activationThreshold` would configure activation. Configuring the activation and scaling phases allows you more flexibility with your scaling policies. For example, you can configure a higher activation phase to prevent scaling up or down if the metric is particularly low.  
+Some triggers allow you to change the number of replicas that are scaled by the cluster metrics autoscaler.  In all cases, the parameter to configure the activation phase always uses the same phrase, prefixed with _activation_. For example, if the `threshold` parameter configures scaling, `activationThreshold` would configure activation. Configuring the activation and scaling phases allows you more flexibility with your scaling policies. For example, you can configure a higher activation phase to prevent scaling up or down if the metric is particularly low.
 
 The activation value has more priority than the scaling value in case of different decisions for each. For example, if the `threshold` is set to `10`, and the `activationThreshold` is `50`, if the metric reports `40`, the scaler is not active and the pods are scaled to zero even if the HPA requires 4 instances.
 
@@ -33,7 +33,7 @@ The activation value has more priority than the scaling value in case of differe
 [NOTE]
 ====
 You can create only one scaled object or scaled job for each workload that you want to scale. Also, you cannot use a scaled object or scaled job and the horizontal pod autoscaler (HPA) on the same workload. If you want to scale based on a custom trigger and CPU/Memory, you can create multiple triggers in the scaled object or scaled job.
-==== 
+====
 ////
 
 You can verify that the autoscaling has taken place by reviewing the number of pods in your custom resource or by reviewing the Custom Metrics Autoscaler Operator logs for messages similar to the following:
@@ -41,11 +41,11 @@ You can verify that the autoscaling has taken place by reviewing the number of p
 [source,terminal]
 ----
 Successfully set ScaleTarget replica count
----- 
+----
 
 [source,terminal]
 ----
 Successfully updated ScaleTarget
----- 
+----
 
 You can temporarily pause the autoscaling of a workload object, if needed. For example, you could pause autoscaling before performing cluster maintenance.
diff --git a/nodes/containers/nodes-containers-copying-files.adoc b/nodes/containers/nodes-containers-copying-files.adoc
index e7052f3660c0..62cbd8a66121 100644
--- a/nodes/containers/nodes-containers-copying-files.adoc
+++ b/nodes/containers/nodes-containers-copying-files.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-copying-files
 [id="nodes-containers-copying-files"]
 = Copying files to or from an {product-title} container
diff --git a/nodes/containers/nodes-containers-downward-api.adoc b/nodes/containers/nodes-containers-downward-api.adoc
index 1e7b9adf7782..dd3c51664ec3 100644
--- a/nodes/containers/nodes-containers-downward-api.adoc
+++ b/nodes/containers/nodes-containers-downward-api.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-downward-api
 [id="nodes-containers-downward-api"]
 = Allowing containers to consume API objects
@@ -11,7 +11,7 @@ toc::[]
 
 
 The _Downward API_ is a mechanism that allows containers to consume information
-about API objects without coupling to {product-title}. 
+about API objects without coupling to {product-title}.
 Such information includes the pod's name, namespace, and resource values.
 Containers can consume information from the downward API using environment
 variables or a volume plugin.
diff --git a/nodes/containers/nodes-containers-init.adoc b/nodes/containers/nodes-containers-init.adoc
index 800971d7d271..7046ad246e34 100644
--- a/nodes/containers/nodes-containers-init.adoc
+++ b/nodes/containers/nodes-containers-init.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-init
 [id="nodes-containers-init"]
 = Using Init Containers to perform tasks before a pod is deployed
@@ -9,7 +9,7 @@ toc::[]
 
 
 
-{product-title} provides _init containers_, which are specialized containers 
+{product-title} provides _init containers_, which are specialized containers
 that run before application containers and can contain utilities or setup scripts not present in an app image.
 
 // The following include statements pull in the module files that comprise
diff --git a/nodes/containers/nodes-containers-port-forwarding.adoc b/nodes/containers/nodes-containers-port-forwarding.adoc
index 78c86969d5f5..a6a69fd7c828 100644
--- a/nodes/containers/nodes-containers-port-forwarding.adoc
+++ b/nodes/containers/nodes-containers-port-forwarding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-port-forwarding
 [id="nodes-containers-port-forwarding"]
 = Using port forwarding to access applications in a container
@@ -10,7 +10,7 @@ toc::[]
 
 
 
-{product-title} supports port forwarding to pods. 
+{product-title} supports port forwarding to pods.
 
 
 // The following include statements pull in the module files that comprise
diff --git a/nodes/containers/nodes-containers-projected-volumes.adoc b/nodes/containers/nodes-containers-projected-volumes.adoc
index 9596e3765567..c9ddd4051238 100644
--- a/nodes/containers/nodes-containers-projected-volumes.adoc
+++ b/nodes/containers/nodes-containers-projected-volumes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-projected-volumes
 [id="nodes-containers-projected-volumes"]
 = Mapping volumes using projected volumes
@@ -22,7 +22,7 @@ The following types of volume sources can be projected:
 * Downward API
 
 [NOTE]
-====	
+====
 All sources are required to be in the same namespace as the pod.
 ====
 
diff --git a/nodes/containers/nodes-containers-remote-commands.adoc b/nodes/containers/nodes-containers-remote-commands.adoc
index e15d6e612976..50a4a45b38f9 100644
--- a/nodes/containers/nodes-containers-remote-commands.adoc
+++ b/nodes/containers/nodes-containers-remote-commands.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-remote-commands
 [id="nodes-containers-remote-commands"]
 = Executing remote commands in an {product-title} container
@@ -10,7 +10,7 @@ toc::[]
 
 
 
-You can use the CLI to execute remote commands in an {product-title} container. 
+You can use the CLI to execute remote commands in an {product-title} container.
 
 // The following include statements pull in the module files that comprise
 // the assembly. Include any combination of concept, procedure, or reference
diff --git a/nodes/containers/nodes-containers-sysctls.adoc b/nodes/containers/nodes-containers-sysctls.adoc
index abecf91d0b2d..38a8f3221f15 100644
--- a/nodes/containers/nodes-containers-sysctls.adoc
+++ b/nodes/containers/nodes-containers-sysctls.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-using
 [id="nodes-containers-sysctls"]
 = Using sysctls in containers
@@ -37,7 +37,6 @@ include::modules/update-network-sysctl-allowlist.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../networking/setting-interface-level-network-sysctls.adoc#nw-configuring-tuning-cni_set-networkinterface-sysctls[Configuring the tuning CNI]
 
 * link:https://docs.kernel.org/networking/ip-sysctl.html[Linux networking documentation]
 
@@ -51,4 +50,4 @@ include::modules/nodes-containers-sysctls-unsafe.adoc[leveloffset=+1]
 [id="additional-resources_nodes-containers-sysctls"]
 == Additional resources
 
-* xref:../../networking/setting-interface-level-network-sysctls.adoc#nodes-setting-interface-level-network-sysctls[Setting interface-level network sysctls]
+* xref:../../networking/configure-syscontrols-interface-tuning-cni.adoc#nw-configuring-tuning-cni_configure-syscontrols-interface-tuning-cni[Configuring system controls by using the tuning CNI]
\ No newline at end of file
diff --git a/nodes/containers/nodes-containers-using.adoc b/nodes/containers/nodes-containers-using.adoc
index 1a80a7a368ca..18eb3ab8301a 100644
--- a/nodes/containers/nodes-containers-using.adoc
+++ b/nodes/containers/nodes-containers-using.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-using
 [id="nodes-containers-using"]
 = Understanding Containers
@@ -10,7 +10,7 @@ toc::[]
 
 
 The basic units of {product-title} applications are called _containers_.
-link:https://access.redhat.com/articles/1353593[Linux container technologies]
+link:https://www.redhat.com/en/topics/containers#overview[Linux container technologies]
 are lightweight mechanisms for isolating running processes so that they are
 limited to interacting with only their designated resources.
 
@@ -42,14 +42,15 @@ $(nproc) X 1/2 MiB
 [id="nodes-containers-runtimes"]
 == About the container engine and container runtime
 
-A _container engine_ is a piece of software that processes user requests, including command line options and image pulls. The container engine uses a _container runtime_, also called a _lower-level container runtime_, to run and manage the components required to deploy and operate containers. You likely will not need to interact with the container engine or container runtime.  
+A _container engine_ is a piece of software that processes user requests, including command line options and image pulls. The container engine uses a _container runtime_, also called a _lower-level container runtime_, to run and manage the components required to deploy and operate containers. You likely will not need to interact with the container engine or container runtime.
 
 [NOTE]
 ====
 The {product-title} documentation uses the term _container runtime_ to refer to the lower-level container runtime. Other documentation can refer to the container engine as the container runtime.
 ====
 
-{product-title} uses CRI-O as the container engine and runC or crun as the container runtime. The default container runtime is runC. Both container runtimes adhere to the link:https://www.opencontainers.org/[Open Container Initiative (OCI)] runtime specifications. 
+ifndef::openshift-rosa,openshift-dedicated[]
+{product-title} uses CRI-O as the container engine and runC or crun as the container runtime. The default container runtime is runC. Both container runtimes adhere to the link:https://www.opencontainers.org/[Open Container Initiative (OCI)] runtime specifications.
 
 include::snippets/about-crio-snippet.adoc[]
 
@@ -69,5 +70,9 @@ runC has some benefits over crun, including:
 
 You can move between the two container runtimes as needed.
 
-For information on setting which container runtime to use, see xref:../../post_installation_configuration/machine-configuration-tasks.html#create-a-containerruntimeconfig_post-install-machine-configuration-tasks[Creating a `ContainerRuntimeConfig` CR to edit CRI-O parameters].
+For information on setting which container runtime to use, see xref:../../post_installation_configuration/machine-configuration-tasks.adoc#create-a-containerruntimeconfig_post-install-machine-configuration-tasks[Creating a `ContainerRuntimeConfig` CR to edit CRI-O parameters].
+endif::openshift-rosa,openshift-dedicated[]
 
+ifdef::openshift-rosa,openshift-dedicated[]
+{product-title} uses CRI-O as the container engine and runC or crun as the container runtime. The default container runtime is runC.
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/containers/nodes-containers-volumes.adoc b/nodes/containers/nodes-containers-volumes.adoc
index 71655cb76ede..3425d6a9a9c5 100644
--- a/nodes/containers/nodes-containers-volumes.adoc
+++ b/nodes/containers/nodes-containers-volumes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-containers-volumes
 [id="nodes-containers-volumes"]
 = Using volumes to persist container data
diff --git a/nodes/edge/nodes-edge-remote-workers.adoc b/nodes/edge/nodes-edge-remote-workers.adoc
index 089aae18dc8b..a6920290058d 100644
--- a/nodes/edge/nodes-edge-remote-workers.adoc
+++ b/nodes/edge/nodes-edge-remote-workers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-edge-remote-workers
 [id="nodes-edge-remote-workers"]
 = Using remote worker nodes at the network edge
@@ -17,7 +17,7 @@ However, having remote worker nodes can introduce higher latency, intermittent l
 
 * *Power outage*: Because the control plane and remote worker nodes are in separate locations, a power outage at the remote location or at any point between the two can negatively impact your cluster. See xref:../../nodes/edge/nodes-edge-remote-workers.adoc#nodes-edge-remote-workers-power_nodes-edge-remote-workers[Power loss on remote worker nodes] for information on how {product-title} responds to a node losing power and for methods to diminish the impact to your cluster.
 
-* *Latency spikes or temporary reduction in throughput*: As with any network, any changes in network conditions between your cluster and the remote worker nodes can negatively impact your cluster. {product-title} offers multiple _worker latency profiles_ that let you control the reaction of the cluster to latency issues. 
+* *Latency spikes or temporary reduction in throughput*: As with any network, any changes in network conditions between your cluster and the remote worker nodes can negatively impact your cluster. {product-title} offers multiple _worker latency profiles_ that let you control the reaction of the cluster to latency issues.
 
 Note the following limitations when planning a cluster with remote worker nodes:
 
@@ -29,13 +29,24 @@ Note the following limitations when planning a cluster with remote worker nodes:
 
 * You are responsible for configuring and maintaining L2/L3-level network connectivity between the control plane and the network-edge nodes.
 
+include::modules/nodes-rwn_con_adding-remote-worker-nodes.adoc[leveloffset=+1]
+
+.Additional resources
+
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#ipi-install-establishing-communication-between-subnets_ipi-install-installation-workflow[Establishing communications between subnets]
+
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#ipi-install-configuring-host-network-interfaces-for-subnets_ipi-install-installation-workflow[Configuring host network interfaces for subnets]
+
+* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#configure-network-components-to-run-on-the-control-plane_ipi-install-installation-workflow[Configuring network components to run on the control plane]
+
+
 include::modules/nodes-edge-remote-workers-network.adoc[leveloffset=+1]
 
-For more information on using these objects in a cluster with remote worker nodes, see xref:../../nodes/edge/nodes-edge-remote-workers.html#nodes-edge-remote-workers-strategies_nodes-edge-remote-workers[About remote worker node strategies].
+For more information on using these objects in a cluster with remote worker nodes, see xref:../../nodes/edge/nodes-edge-remote-workers.adoc#nodes-edge-remote-workers-strategies_nodes-edge-remote-workers[About remote worker node strategies].
 
 include::modules/nodes-edge-remote-workers-power.adoc[leveloffset=+1]
 
-For more information on using these objects in a cluster with remote worker nodes, see xref:../../nodes/edge/nodes-edge-remote-workers.html#nodes-edge-remote-workers-strategies_nodes-edge-remote-workers[About remote worker node strategies].
+For more information on using these objects in a cluster with remote worker nodes, see xref:../../nodes/edge/nodes-edge-remote-workers.adoc#nodes-edge-remote-workers-strategies_nodes-edge-remote-workers[About remote worker node strategies].
 
 [id="nodes-edge-remote-workers-latency"]
 == Latency spikes or temporary reduction in throughput to remote workers
@@ -57,10 +68,11 @@ include::modules/nodes-edge-remote-workers-strategies.adoc[leveloffset=+1]
 
 * For more information on configuring `KubeletConfig` objects, see xref:../../post_installation_configuration/node-tasks.adoc#create-a-kubeletconfig-crd-to-edit-kubelet-parameters_post-install-node-tasks[Creating a KubeletConfig CRD].
 
-* For more information on replica sets, see xref:../../applications/deployments/what-deployments-are.html#deployments-repliasets_what-deployments-are[ReplicaSets].
+* For more information on replica sets, see xref:../../applications/deployments/what-deployments-are.adoc#deployments-repliasets_what-deployments-are[ReplicaSets].
 
-* For more information on deployments, see xref:../../applications/deployments/what-deployments-are.html#deployments-kube-deployments_what-deployments-are[Deployments].
+* For more information on deployments, see xref:../../applications/deployments/what-deployments-are.adoc#deployments-kube-deployments_what-deployments-are[Deployments].
 
-* For more information on replication controllers, see xref:../../applications/deployments/what-deployments-are.html#deployments-replicationcontrollers_what-deployments-are[Replication controllers].
+* For more information on replication controllers, see xref:../../applications/deployments/what-deployments-are.adoc#deployments-replicationcontrollers_what-deployments-are[Replication controllers].
 
 * For more information on the controller manager, see xref:../../operators/operator-reference.adoc#kube-controller-manager-operator_cluster-operators-ref[Kubernetes Controller Manager Operator].
+
diff --git a/nodes/index.adoc b/nodes/index.adoc
index 4f3f658934fe..a8c3a74be7bc 100644
--- a/nodes/index.adoc
+++ b/nodes/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overview-of-nodes"]
 = Overview of nodes
 include::_attributes/common-attributes.adoc[]
@@ -38,6 +38,7 @@ The read operations allow an administrator or a developer to get information abo
 * Get information about a node, such as memory and CPU usage, health, status, and age.
 * xref:../nodes/nodes/nodes-nodes-viewing.adoc#nodes-nodes-viewing-listing-pods_nodes-nodes-viewing[List pods running on a node].
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [discrete]
 === Management operations
 
@@ -48,9 +49,10 @@ through several tasks:
 * Change node configuration using a custom resource definition (CRD), or the `kubeletConfig` object.
 * Configure nodes to allow or disallow the scheduling of pods. Healthy worker nodes with a `Ready` status allow pod placement by default while the control plane nodes do not; you can change this default behavior by xref:../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-marking_nodes-nodes-working[configuring the worker nodes to be unschedulable] and xref:../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-marking_nodes-nodes-working[the control plane nodes to be schedulable].
 * xref:../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring[Allocate resources for nodes] using the `system-reserved` setting. You can allow {product-title} to automatically determine the optimal `system-reserved` CPU and memory resources for your nodes, or you can manually determine and set the best resources for your nodes.
-* xref:../nodes/nodes/nodes-nodes-managing-max-pods.adoc#nodes-nodes-managing-max-pods-about_nodes-nodes-managing-max-pods[Configure the number of pods that can run on a node] based on the number of processor cores on the node, a hard limit, or both.
+* xref:../nodes/nodes/nodes-nodes-managing-max-pods.adoc#nodes-nodes-managing-max-pods-proc_nodes-nodes-managing-max-pods[Configure the number of pods that can run on a node] based on the number of processor cores on the node, a hard limit, or both.
 * Reboot a node gracefully using xref:../nodes/nodes/nodes-nodes-rebooting.adoc#nodes-nodes-rebooting-affinity_nodes-nodes-rebooting[pod anti-affinity].
 * xref:../nodes/nodes/nodes-nodes-working.adoc#deleting-nodes[Delete a node from a cluster] by scaling down the cluster using a compute machine set. To delete a node from a bare-metal cluster, you must first drain all pods on the node and then manually delete the node.
+endif::openshift-rosa,openshift-dedicated[]
 
 [discrete]
 === Enhancement operations
@@ -58,12 +60,15 @@ through several tasks:
 {product-title} allows you to do more than just access and manage nodes; as an administrator, you can perform the following tasks on nodes to make the cluster more efficient, application-friendly, and to provide a better environment for your developers.
 
 * Manage node-level tuning for high-performance applications that require some level of kernel tuning by xref:../nodes/nodes/nodes-node-tuning-operator.adoc#nodes-node-tuning-operator[using the Node Tuning Operator].
+ifndef::openshift-rosa,openshift-dedicated[]
 * Enable TLS security profiles on the node to protect communication between the kubelet and the Kubernetes API server.
+endif::openshift-rosa,openshift-dedicated[]
 * xref:../nodes/jobs/nodes-pods-daemonsets.adoc#nodes-pods-daemonsets[Run background tasks on nodes automatically with daemon sets]. You can create and use daemon sets to create shared storage, run a logging pod on every node, or deploy a monitoring agent on all nodes.
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../nodes/nodes/nodes-nodes-garbage-collection.adoc#nodes-nodes-garbage-collection[Free node resources using garbage collection]. You can ensure that your nodes are running efficiently by removing terminated containers and the images not referenced by any running pods.
 * xref:../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-kernel-arguments_nodes-nodes-managing[Add kernel arguments to a set of nodes].
 * Configure an {product-title} cluster to have worker nodes at the network edge (remote worker nodes). For information on the challenges of having remote worker nodes in an {product-title} cluster and some recommended approaches for managing pods on a remote worker node, see xref:../nodes/edge/nodes-edge-remote-workers.adoc#nodes-edge-remote-workers[Using remote worker nodes at the network edge].
-
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="pods-overview"]
 == About pods
@@ -88,8 +93,11 @@ The following list of tasks provides an overview of how an administrator can man
 ** xref:../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Node labels and selectors].
 ** xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Taints and tolerations].
 ** xref:../nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc#nodes-scheduler-pod-topology-spread-constraints[Pod topology spread constraints].
+// Cannot create namespace to install Operator
+ifndef::openshift-rosa,openshift-dedicated[]
 ** xref:../nodes/scheduling/secondary_scheduler/index.adoc#nodes-secondary-scheduler-about[Secondary scheduling].
-* xref:../nodes/scheduling/nodes-descheduler.adoc#nodes-descheduler[Configure the descheduler to evict pods] based on specific strategies so that the scheduler reschedules the pods to more appropriate nodes.
+* xref:../nodes/scheduling/descheduler/index.adoc#nodes-descheduler-about[Configure the descheduler to evict pods] based on specific strategies so that the scheduler reschedules the pods to more appropriate nodes.
+endif::openshift-rosa,openshift-dedicated[]
 * xref:../nodes/pods/nodes-pods-configuring.adoc#nodes-pods-configuring-restart_nodes-pods-configuring[Configure how pods behave after a restart using pod controllers and restart policies].
 * xref:../nodes/pods/nodes-pods-configuring.adoc#nodes-pods-configuring-bandwidth_nodes-pods-configuring[Limit both egress and ingress traffic on a pod].
 * xref:../nodes/containers/nodes-containers-volumes.adoc#nodes-containers-volumes[Add and remove volumes to and from any object that has a pod template]. A volume is a mounted file system available to all the containers in a pod. Container storage is ephemeral; you can use volumes to persist container data.
@@ -99,7 +107,7 @@ The following list of tasks provides an overview of how an administrator can man
 
 You can work with pods more easily and efficiently with the help of various tools and features available in {product-title}. The following operations involve using those tools and features to better manage pods.
 
-
+ifndef::openshift-rosa,openshift-dedicated[]
 [cols="2,1,2"]
 |===
 |Operation |User |More information
@@ -124,6 +132,10 @@ As a developer, use a vertical pod autoscaler to ensure your pods stay up during
 
 
 |===
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* Secrets: Some applications need sensitive information, such as passwords and usernames. An administrator can use the `Secret` object to provide sensitive data to pods xref:../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[using the `Secret` object].
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="containers-overview"]
 == About containers
@@ -142,25 +154,29 @@ As an administrator, You can perform various tasks on a Linux container, such as
 
 Apart from performing specific tasks on nodes, pods, and containers, you can work with the overall {product-title} cluster to keep the cluster efficient and the application pods highly available.
 
+
+//cannot create the required namespace for these operators
+ifndef::openshift-rosa,openshift-dedicated[]
 [id="nodes-about-autoscaling-pod_{context}"]
 == About autoscaling pods on a node
 
 {product-title} offers three tools that you can use to automatically scale the number of pods on your nodes and the resources allocated to pods.
 
 Horizontal Pod Autoscaler::
-The Horizontal Pod Autoscaler (HPA) can automatically increase or decrease the scale of a replication controller or deployment configuration, based on metrics collected from the pods that belong to that replication controller or deployment configuration. 
+The Horizontal Pod Autoscaler (HPA) can automatically increase or decrease the scale of a replication controller or deployment configuration, based on metrics collected from the pods that belong to that replication controller or deployment configuration.
 +
 For more information, see xref:../nodes/pods/nodes-pods-autoscaling.adoc#nodes-pods-autoscaling[Automatically scaling pods with the horizontal pod autoscaler].
 
 Custom Metrics Autoscaler::
 The Custom Metrics Autoscaler can automatically increase or decrease the number of pods for a deployment, stateful set, custom resource, or job based on custom metrics that are not based only on CPU or memory.
 +
-For more information, see xref:../nodes/cma/nodes-cma-autoscaling-custom.adoc#nodes-cma-autoscaling-custom[Custom Metrics Autoscaler Operator overview]. 
+For more information, see xref:../nodes/cma/nodes-cma-autoscaling-custom.adoc#nodes-cma-autoscaling-custom[Custom Metrics Autoscaler Operator overview].
 
 Vertical Pod Autoscaler::
 The Vertical Pod Autoscaler (VPA) can automatically review the historic and current CPU and memory resources for containers in pods and can update the resource limits and requests based on the usage values it learns.
 +
 For more information, see xref:../nodes/pods/nodes-pods-vertical-autoscaler.adoc#nodes-pods-vpa[Automatically adjust pod resource levels with the vertical pod autoscaler].
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="commonterms-node"]
 == Glossary of common terms for {product-title} nodes
@@ -187,10 +203,13 @@ The process of data sharing externally through a network’s outbound traffic fr
 garbage collection::
 The process of cleaning up cluster resources, such as terminated containers and images that are not referenced by any running pods.
 
+//cannot create the required namespace for these operators
+ifndef::openshift-rosa,openshift-dedicated[]
 [discrete]
 [id="commonterms-node-hpa"]
 Horizontal Pod Autoscaler(HPA)::
 Implemented as a Kubernetes API resource and a controller. You can use the HPA to specify the minimum and maximum number of pods that you want to run. You can also specify the CPU or memory utilization that your pods should target. The HPA scales out and scales in pods when a given CPU or memory threshold is crossed.
+endif::openshift-rosa,openshift-dedicated[]
 
 [discrete]
 [id="commonterms-node-ingress"]
diff --git a/nodes/jobs/nodes-nodes-jobs.adoc b/nodes/jobs/nodes-nodes-jobs.adoc
index ba4f73360c0b..966194254c29 100644
--- a/nodes/jobs/nodes-nodes-jobs.adoc
+++ b/nodes/jobs/nodes-nodes-jobs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-jobs"]
 = Running tasks in pods using jobs
 include::_attributes/common-attributes.adoc[]
@@ -36,6 +36,7 @@ spec:
         image: perl
         command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
       restartPolicy: OnFailure    <6>
+#...
 ----
 <1> The pod replicas a job should run in parallel.
 <2> Successful pod completions are needed to mark a job completed.
@@ -44,8 +45,9 @@ spec:
 <5> The template for the pod the controller creates.
 <6> The restart policy of the pod.
 
-See the http://kubernetes.io/docs/user-guide/jobs/[Kubernetes documentation] for
-more information about jobs.
+.Additional resources
+
+* link:https://kubernetes.io/docs/concepts/workloads/controllers/job/[Jobs] in the Kubernetes documentation
 
 // The following include statements pull in the module files that comprise
 // the assembly. Include any combination of concept, procedure, or reference
diff --git a/nodes/jobs/nodes-pods-daemonsets.adoc b/nodes/jobs/nodes-pods-daemonsets.adoc
index ec5f90da4016..43c7f356e69d 100644
--- a/nodes/jobs/nodes-pods-daemonsets.adoc
+++ b/nodes/jobs/nodes-pods-daemonsets.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-daemonsets
 [id="nodes-pods-daemonsets"]
 = Running background tasks on nodes automatically with daemon sets
@@ -8,7 +8,7 @@ toc::[]
 
 As an administrator, you can create and use daemon sets to run replicas of a pod on specific or all nodes in an {product-title} cluster.
 
-A daemon set ensures that all (or some) nodes run a copy of a pod. As nodes are added to the cluster, pods are added to the cluster. 
+A daemon set ensures that all (or some) nodes run a copy of a pod. As nodes are added to the cluster, pods are added to the cluster.
 As nodes are removed from the cluster, those pods are removed through garbage collection. Deleting a daemon set will clean up the pods it created.
 
 You can use daemon sets to create shared storage, run a logging pod on every node in
@@ -29,23 +29,30 @@ the cluster.
 
 == Scheduled by default scheduler
 
-A daemon set ensures that all eligible nodes run a copy of a pod. Normally, the node that a pod runs on is selected by the Kubernetes scheduler. However, previously daemon set pods are created and scheduled by the daemon set controller. That introduces the following issues:
+A daemon set ensures that all eligible nodes run a copy of a pod. Normally, the node that a pod runs on is selected by the Kubernetes scheduler. However, daemon set pods are created and scheduled by the daemon set controller. That introduces the following issues:
 
 * Inconsistent pod behavior: Normal pods waiting to be scheduled are created and in Pending state, but daemon set pods are not created in `Pending` state. This is confusing to the user.
 * Pod preemption is handled by default scheduler. When preemption is enabled, the daemon set controller will make scheduling decisions without considering pod priority and preemption.
 
-The *ScheduleDaemonSetPods* feature, enabled by default in {product-title}, lets you to schedule daemon sets using the default scheduler instead of the daemon set controller, by adding the `NodeAffinity` term to the daemon set pods, instead of the `spec.nodeName` term. The default scheduler is then used to bind the pod to the target host. If node affinity of the daemon set pod already exists, it is replaced. The daemon set controller only performs these operations when creating or modifying daemon set pods, and no changes are made to the `spec.template` of the daemon set.
+The *ScheduleDaemonSetPods* feature, enabled by default in {product-title}, lets you schedule daemon sets using the default scheduler instead of the daemon set controller, by adding the `NodeAffinity` term to the daemon set pods, instead of the `spec.nodeName` term. The default scheduler is then used to bind the pod to the target host. If node affinity of the daemon set pod already exists, it is replaced. The daemon set controller only performs these operations when creating or modifying daemon set pods, and no changes are made to the `spec.template` of the daemon set.
 
 [source,yaml]
 ----
-nodeAffinity:
-  requiredDuringSchedulingIgnoredDuringExecution:
-    nodeSelectorTerms:
-    - matchFields:
-      - key: metadata.name
-        operator: In
-        values:
-        - target-host-name
+kind: Pod
+apiVersion: v1
+metadata:
+  name: hello-node-6fbccf8d9-9tmzr
+#...
+spec:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchFields:
+        - key: metadata.name
+          operator: In
+          values:
+          - target-host-name
+#...
 ----
 
 In addition, a `node.kubernetes.io/unschedulable:NoSchedule` toleration is added automatically to daemon set pods. The default scheduler ignores unschedulable Nodes when scheduling daemon set pods.
diff --git a/nodes/nodes-about-autoscaling-nodes.adoc b/nodes/nodes-about-autoscaling-nodes.adoc
index 75f143acff41..6307abcc5a24 100644
--- a/nodes/nodes-about-autoscaling-nodes.adoc
+++ b/nodes/nodes-about-autoscaling-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="nodes-about-autoscaling-nodes"]
 = About autoscaling nodes on a cluster
diff --git a/nodes/nodes-dashboard-using.adoc b/nodes/nodes-dashboard-using.adoc
new file mode 100644
index 000000000000..4d00c676d8ab
--- /dev/null
+++ b/nodes/nodes-dashboard-using.adoc
@@ -0,0 +1,50 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-dashboard-using"]
+= Node metrics dashboard
+include::_attributes/common-attributes.adoc[]
+:context: nodes-dashboard-using
+
+toc::[]
+
+The node metrics dashboard is a visual analytics dashboard that helps you identify potential pod scaling issues.
+
+// The following include statements pull in the module files that comprise
+// the assembly. Include any combination of concept, procedure, or reference
+// modules required to cover the user story. You can also include other
+// assemblies.
+
+// About the node metrics dashboard
+include::modules/nodes-dashboard-using-about.adoc[leveloffset=+1]
+
+// Accessing the node metrics dashboard
+include::modules/nodes-dashboard-using-accessing.adoc[leveloffset=+1]
+
+// Identify metrics for indicating optimal node resource usage
+include::modules/nodes-dashboard-using-identify.adoc[leveloffset=+1]
+
+// Top 3 Containers With the Most OOM Kills in the Last Day
+include::modules/nodes-dashboard-using-identify-critical-top3.adoc[leveloffset=+2]
+
+// Failure Rate for Image Pulls in the Last Hour
+include::modules/nodes-dashboard-using-identify-critical-pulls.adoc[leveloffset=+2]
+
+// Nodes with System Reserved Memory Utilization > 80%
+include::modules/nodes-dashboard-using-identify-critical-memory.adoc[leveloffset=+2]
+
+// Nodes with Kubelet System Reserved Memory Utilization > 50%
+include::modules/nodes-dashboard-using-identify-critical-memory-kubelet.adoc[leveloffset=+2]
+
+// Nodes with CRI-O System Reserved Memory Utilization > 50%
+include::modules/nodes-dashboard-using-identify-critical-memory-crio.adoc[leveloffset=+2]
+
+// Nodes with System Reserved CPU Utilization > 80%
+include::modules/nodes-dashboard-using-identify-critical-cpu.adoc[leveloffset=+2]
+
+// Nodes with Kubelet System Reserved CPU Utilization > 50%
+include::modules/nodes-dashboard-using-identify-critical-cpu-kubelet.adoc[leveloffset=+2]
+
+// Nodes with CRI-O System Reserved CPU Utilization > 50%
+include::modules/nodes-dashboard-using-identify-critical-cpu-crio.adoc[leveloffset=+2]
+
+// Customizing dashboard queries
+include::modules/nodes-dashboard-using-queries.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/nodes/nodes-machinepools-about.adoc b/nodes/nodes-machinepools-about.adoc
index 8b6af139ed8c..cb59fcbe68c9 100644
--- a/nodes/nodes-machinepools-about.adoc
+++ b/nodes/nodes-machinepools-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="machinepools-about"]
 = About machine pools
diff --git a/nodes/nodes/ecosystems/eco-about-remediation-fencing-maintenance.adoc b/nodes/nodes/ecosystems/eco-about-remediation-fencing-maintenance.adoc
index 962a25cacd53..249c14e143aa 100644
--- a/nodes/nodes/ecosystems/eco-about-remediation-fencing-maintenance.adoc
+++ b/nodes/nodes/ecosystems/eco-about-remediation-fencing-maintenance.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-remediation-fencing-maintenance"]
 = About node remediation, fencing, and maintenance
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/ecosystems/eco-machine-health-checks.adoc b/nodes/nodes/ecosystems/eco-machine-health-checks.adoc
index 8e0034cd27c7..409221f5ff00 100644
--- a/nodes/nodes/ecosystems/eco-machine-health-checks.adoc
+++ b/nodes/nodes/ecosystems/eco-machine-health-checks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machine-health-checks"]
 = Remediating nodes with Machine Health Checks
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/ecosystems/eco-node-health-check-operator.adoc b/nodes/nodes/ecosystems/eco-node-health-check-operator.adoc
index fef364decc4d..c5e484dd5d3e 100644
--- a/nodes/nodes/ecosystems/eco-node-health-check-operator.adoc
+++ b/nodes/nodes/ecosystems/eco-node-health-check-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="node-health-check-operator"]
 = Remediating nodes with Node Health Checks
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/ecosystems/eco-node-maintenance-operator.adoc b/nodes/nodes/ecosystems/eco-node-maintenance-operator.adoc
index f02c043bc099..3ae0c633ec00 100644
--- a/nodes/nodes/ecosystems/eco-node-maintenance-operator.adoc
+++ b/nodes/nodes/ecosystems/eco-node-maintenance-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="node-maintenance-operator"]
 = Placing nodes in maintenance mode with Node Maintenance Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/ecosystems/eco-self-node-remediation-operator.adoc b/nodes/nodes/ecosystems/eco-self-node-remediation-operator.adoc
index b71a2767ea45..08a9449ff8d8 100644
--- a/nodes/nodes/ecosystems/eco-self-node-remediation-operator.adoc
+++ b/nodes/nodes/ecosystems/eco-self-node-remediation-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="self-node-remediation-operator-remediate-nodes"]
 = Using Self Node Remediation
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-node-tuning-operator.adoc b/nodes/nodes/nodes-node-tuning-operator.adoc
index e46a20f87470..2a229b345e19 100644
--- a/nodes/nodes/nodes-node-tuning-operator.adoc
+++ b/nodes/nodes/nodes-node-tuning-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-node-tuning-operator"]
 = Using the Node Tuning Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-creating-infrastructure-nodes.adoc b/nodes/nodes/nodes-nodes-creating-infrastructure-nodes.adoc
index 474ce76bbf88..08c8b5996b64 100644
--- a/nodes/nodes/nodes-nodes-creating-infrastructure-nodes.adoc
+++ b/nodes/nodes/nodes-nodes-creating-infrastructure-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-creating-infrastructure-nodes"]
 = Creating infrastructure nodes
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-garbage-collection.adoc b/nodes/nodes/nodes-nodes-garbage-collection.adoc
index 2d6a30f3d4e0..6439206e2942 100644
--- a/nodes/nodes/nodes-nodes-garbage-collection.adoc
+++ b/nodes/nodes/nodes-nodes-garbage-collection.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-garbage-collection"]
 = Freeing node resources using garbage collection
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-graceful-shutdown.adoc b/nodes/nodes/nodes-nodes-graceful-shutdown.adoc
index f92aac260a27..293f9ecf33fc 100644
--- a/nodes/nodes/nodes-nodes-graceful-shutdown.adoc
+++ b/nodes/nodes/nodes-nodes-graceful-shutdown.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-graceful-shutdown"]
 = Managing graceful node shutdown
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Graceful node shutdown enables the kubelet to delay forcible eviction of pods during a node shutdown. When you configure a graceful node shutdown, you can define a time period for pods to complete running workloads before shutting down. This grace period minimizes interruption to critical workloads during unexpected node shutdown events. Using priority classes, you can also specify the order of pod shutdown. 
+Graceful node shutdown enables the kubelet to delay forcible eviction of pods during a node shutdown. When you configure a graceful node shutdown, you can define a time period for pods to complete running workloads before shutting down. This grace period minimizes interruption to critical workloads during unexpected node shutdown events. Using priority classes, you can also specify the order of pod shutdown.
 
 // concept topic: how it works
 include::modules/nodes-nodes-cluster-timeout-graceful-shutdown.adoc[leveloffset=+1]
diff --git a/nodes/nodes/nodes-nodes-machine-config-daemon-metrics.adoc b/nodes/nodes/nodes-nodes-machine-config-daemon-metrics.adoc
index 3ff582991b54..6472926dd38b 100644
--- a/nodes/nodes/nodes-nodes-machine-config-daemon-metrics.adoc
+++ b/nodes/nodes/nodes-nodes-machine-config-daemon-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machine-config-daemon-metrics"]
 = Machine Config Daemon metrics
 include::_attributes/common-attributes.adoc[]
@@ -11,5 +11,10 @@ include::modules/machine-config-daemon-metrics.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* See xref:../../monitoring/monitoring-overview.adoc#monitoring-overview[Monitoring overview].
-* See xref:../../support/gathering-cluster-data.adoc[the documentation on gathering data about your cluster].
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref:../../monitoring/monitoring-overview.adoc#monitoring-overview[Monitoring overview]
+* xref:../../support/gathering-cluster-data.adoc#gathering-cluster-data[Gathering data about your cluster]
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* xref:../../monitoring/monitoring-overview.adoc#monitoring-overview[Understanding the monitoring stack]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/nodes/nodes-nodes-managing-max-pods.adoc b/nodes/nodes/nodes-nodes-managing-max-pods.adoc
index efee3b12c035..1c11daa24da4 100644
--- a/nodes/nodes/nodes-nodes-managing-max-pods.adoc
+++ b/nodes/nodes/nodes-nodes-managing-max-pods.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-managing-max-pods"]
 = Managing the maximum number of pods per node
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-managing.adoc b/nodes/nodes/nodes-nodes-managing.adoc
index 8ec80b3dae3e..e487f3b129e8 100644
--- a/nodes/nodes/nodes-nodes-managing.adoc
+++ b/nodes/nodes/nodes-nodes-managing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-managing"]
 = Managing nodes
 include::_attributes/common-attributes.adoc[]
@@ -30,4 +30,8 @@ endif::openshift-webscale[]
 
 include::modules/nodes-nodes-swap-memory.adoc[leveloffset=+1]
 include::modules/nodes-control-plane-osp-migrating.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* For information about control plane machine sets, see xref:../../machine_management/control_plane_machine_management/cpmso-using.adoc#cpmso-using[Managing control plane machines with control plane machine sets].
 
diff --git a/nodes/nodes/nodes-nodes-modifying.adoc b/nodes/nodes/nodes-nodes-modifying.adoc
index cdc4589c2d3d..ace2fdfb186a 100644
--- a/nodes/nodes/nodes-nodes-modifying.adoc
+++ b/nodes/nodes/nodes-nodes-modifying.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-modifying"]
 = Modifying existing nodes in your {product-title} cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-rebooting.adoc b/nodes/nodes/nodes-nodes-rebooting.adoc
index ef36fa0b81f7..2719706d17bc 100644
--- a/nodes/nodes/nodes-nodes-rebooting.adoc
+++ b/nodes/nodes/nodes-nodes-rebooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-rebooting"]
 = Understanding node rebooting
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-resources-configuring.adoc b/nodes/nodes/nodes-nodes-resources-configuring.adoc
index 56660f540057..dd274cbbe7ef 100644
--- a/nodes/nodes/nodes-nodes-resources-configuring.adoc
+++ b/nodes/nodes/nodes-nodes-resources-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-resources-configuring"]
 = Allocating resources for nodes in an {product-title} cluster
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-To provide more reliable scheduling and minimize node resource overcommitment, reserve a portion of the CPU and memory resources for use by the underlying node components, such as `kubelet` and `kube-proxy`, and the remaining system components, such as `sshd` and `NetworkManager`. By specifying the resources to reserve, you provide the scheduler with more information about the remaining CPU and memory resources that a node has available for use by pods. You can allow {product-title} to xref:../../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring-auto_nodes-nodes-resources-configuring[automatically determine the optimal `system-reserved` CPU and memory resources] for your nodes or you can xref:../../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring-setting_nodes-nodes-resources-configuring[manually determine and set the best resources] for your nodes. 
+To provide more reliable scheduling and minimize node resource overcommitment, reserve a portion of the CPU and memory resources for use by the underlying node components, such as `kubelet` and `kube-proxy`, and the remaining system components, such as `sshd` and `NetworkManager`. By specifying the resources to reserve, you provide the scheduler with more information about the remaining CPU and memory resources that a node has available for use by pods. You can allow {product-title} to xref:../../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring-auto_nodes-nodes-resources-configuring[automatically determine the optimal `system-reserved` CPU and memory resources] for your nodes or you can xref:../../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring-setting_nodes-nodes-resources-configuring[manually determine and set the best resources] for your nodes.
 
 [IMPORTANT]
 ====
diff --git a/nodes/nodes/nodes-nodes-resources-cpus.adoc b/nodes/nodes/nodes-nodes-resources-cpus.adoc
index 70c6dafdf607..d464bb558c28 100644
--- a/nodes/nodes/nodes-nodes-resources-cpus.adoc
+++ b/nodes/nodes/nodes-nodes-resources-cpus.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-nodes-resources-cpus
 [id="nodes-nodes-resources-cpus"]
 = Allocating specific CPUs for nodes in a cluster
@@ -19,4 +19,4 @@ include::modules/nodes-nodes-resources-cpus-reserve.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* For more information on the `systemReserved` and `kubeReserved` parameters, see xref:../../nodes/nodes/nodes-nodes-resources-configuring.html#nodes-nodes-resources-configuring-about_nodes-nodes-resources-configuring[Allocating resources for nodes in an {product-title} cluster].
+* For more information on the `systemReserved` and `kubeReserved` parameters, see xref:../../nodes/nodes/nodes-nodes-resources-configuring.adoc#nodes-nodes-resources-configuring-about_nodes-nodes-resources-configuring[Allocating resources for nodes in an {product-title} cluster].
diff --git a/nodes/nodes/nodes-nodes-tls.adoc b/nodes/nodes/nodes-nodes-tls.adoc
index 7f54c974c51a..3f74ffde85ff 100644
--- a/nodes/nodes/nodes-nodes-tls.adoc
+++ b/nodes/nodes/nodes-nodes-tls.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-nodes-tls
 [id="nodes-nodes-tls"]
 = Enabling TLS security profiles for the kubelet
diff --git a/nodes/nodes/nodes-nodes-viewing.adoc b/nodes/nodes/nodes-nodes-viewing.adoc
index a6184a54e355..d413935a9f0d 100644
--- a/nodes/nodes/nodes-nodes-viewing.adoc
+++ b/nodes/nodes/nodes-nodes-viewing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-viewing"]
 = Viewing and listing the nodes in your {product-title} cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-nodes-working.adoc b/nodes/nodes/nodes-nodes-working.adoc
index aa822e0d68b4..e37324ed43b3 100644
--- a/nodes/nodes/nodes-nodes-working.adoc
+++ b/nodes/nodes/nodes-nodes-working.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-nodes-working"]
 = Working with nodes
 include::_attributes/common-attributes.adoc[]
@@ -6,20 +6,26 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-As an administrator, you can perform a number of tasks to make your clusters more efficient.
+As an administrator, you can perform several tasks to make your clusters more efficient.
 
 // The following include statements pull in the module files that comprise
 // the assembly. Include any combination of concept, procedure, or reference
 // modules required to cover the user story. You can also include other
 // assemblies.
 
-
 include::modules/nodes-nodes-working-evacuating.adoc[leveloffset=+1]
 
 include::modules/nodes-nodes-working-updating.adoc[leveloffset=+1]
 
 include::modules/nodes-nodes-working-marking.adoc[leveloffset=+1]
 
+include::modules/sno-clusters-reboot-without-drain.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-evacuating_nodes-nodes-working[Understanding how to evacuate pods on nodes]
+
 == Deleting nodes
 
 include::modules/nodes-nodes-working-deleting.adoc[leveloffset=+2]
@@ -27,8 +33,6 @@ include::modules/nodes-nodes-working-deleting.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* For more information on scaling your cluster using a MachineSet,
-see xref:../../machine_management/manually-scaling-machineset.adoc#machineset-manually-scaling-manually-scaling-machineset[Manually scaling a MachineSet].
+* xref:../../machine_management/manually-scaling-machineset.adoc#machineset-manually-scaling-manually-scaling-machineset[Manually scaling a compute machine set]
 
 include::modules/nodes-nodes-working-deleting-bare-metal.adoc[leveloffset=+2]
-
diff --git a/nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc b/nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc
index 81026ee0262f..f96c17ea8b78 100644
--- a/nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc
+++ b/nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-remediating-fencing-maintaining-rhwa"]
 = Remediating, fencing, and maintaining nodes
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/nodes/nodes-sno-worker-nodes.adoc b/nodes/nodes/nodes-sno-worker-nodes.adoc
index dcb897cbb65a..66059b2d67d8 100644
--- a/nodes/nodes/nodes-sno-worker-nodes.adoc
+++ b/nodes/nodes/nodes-sno-worker-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-sno-worker-nodes"]
 = Adding worker nodes to {sno} clusters
 :context: add-workers
@@ -8,6 +8,11 @@ toc::[]
 
 {sno-caps} clusters reduce the host prerequisites for deployment to a single host. This is useful for deployments in constrained environments or at the network edge. However, sometimes you need to add additional capacity to your cluster, for example, in telecommunications and network edge scenarios. In these scenarios, you can add worker nodes to the single-node cluster.
 
+[NOTE]
+====
+Unlike multi-node clusters, by default all ingress traffic is routed to the single control-plane node, even after adding additional worker nodes.
+====
+
 There are several ways that you can add worker nodes to a single-node cluster. You can add worker nodes to a cluster manually, using link:https://console.redhat.com/openshift/assisted-installer/clusters[{cluster-manager-first}], or by using the Assisted Installer REST API directly.
 
 [IMPORTANT]
@@ -17,7 +22,7 @@ Adding worker nodes does not expand the cluster control plane, and it does not p
 
 [NOTE]
 ====
-Unlike multi-node clusters, by default all ingress traffic is routed to the single control-plane node, even after adding additional worker nodes.
+To add worker nodes, you must have access to the {cluster-manager}. This method is not supported when using the Agent-based installer to install a cluster in a disconnected environment.
 ====
 
 include::modules/ai-sno-requirements-for-installing-worker-nodes.adoc[leveloffset=+1]
diff --git a/nodes/pods/nodes-pods-autoscaling.adoc b/nodes/pods/nodes-pods-autoscaling.adoc
index 3b9286938fee..c64e942bc61d 100644
--- a/nodes/pods/nodes-pods-autoscaling.adoc
+++ b/nodes/pods/nodes-pods-autoscaling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-autoscaling
 [id='nodes-pods-autoscaling']
 = Automatically scaling pods with the horizontal pod autoscaler
@@ -10,7 +10,7 @@ As a developer, you can use a horizontal pod autoscaler (HPA) to
 specify how {product-title} should automatically increase or decrease the scale of
 a replication controller or deployment configuration, based on metrics collected
 from the pods that belong to that replication controller or deployment
-configuration. You can create an HPA for any any deployment, deployment config, replica set, replication controller, or stateful set.
+configuration. You can create an HPA for any deployment, deployment config, replica set, replication controller, or stateful set.
 
 For information on scaling pods based on custom metrics, see xref:../../nodes/cma/nodes-cma-autoscaling-custom.adoc#nodes-cma-autoscaling-custom[Automatically scaling pods based on custom metrics].
 
@@ -18,7 +18,7 @@ For information on scaling pods based on custom metrics, see xref:../../nodes/cm
 [NOTE]
 ====
 It is recommended to use a `Deployment` object or `ReplicaSet` object unless you need a specific feature or behavior provided by other objects. For more information on
-these objects, see xref:../../applications/deployments/what-deployments-are.adoc#what-deployments-are[Understanding Deployment and DeploymentConfig objects].
+these objects, see xref:../../applications/deployments/what-deployments-are.adoc#what-deployments-are[Understanding deployments].
 ====
 
 // The following include statements pull in the module files that comprise
diff --git a/nodes/pods/nodes-pods-configmaps.adoc b/nodes/pods/nodes-pods-configmaps.adoc
index cb1e545e57c8..6e2359cce09d 100644
--- a/nodes/pods/nodes-pods-configmaps.adoc
+++ b/nodes/pods/nodes-pods-configmaps.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configmaps"]
 = Creating and using config maps
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/pods/nodes-pods-configuring.adoc b/nodes/pods/nodes-pods-configuring.adoc
index 0e3a9915bd64..e505c8974186 100644
--- a/nodes/pods/nodes-pods-configuring.adoc
+++ b/nodes/pods/nodes-pods-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-configuring
 [id="nodes-pods-configuring"]
 = Configuring an {product-title} cluster for pods
@@ -26,14 +26,20 @@ include::modules/nodes-pods-pod-disruption-about.adoc[leveloffset=+1]
 
 include::modules/nodes-pods-pod-disruption-configuring.adoc[leveloffset=+2]
 
+//tech preview feature
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/pod-disruption-eviction-policy.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
+
+//Unsupported
 
 [role="_additional-resources"]
 .Additional resources
-
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates]
 * link:https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy[Unhealthy Pod Eviction Policy] in the Kubernetes documentation
 
 include::modules/nodes-pods-configuring-pod-critical.adoc[leveloffset=+1]
 
 include::modules/nodes-pods-configuring-reducing.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/pods/nodes-pods-node-selectors.adoc b/nodes/pods/nodes-pods-node-selectors.adoc
index b1f5fbee5ec4..d91bfeb4b113 100644
--- a/nodes/pods/nodes-pods-node-selectors.adoc
+++ b/nodes/pods/nodes-pods-node-selectors.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-node-selectors
 [id="nodes-pods-node-selectors"]
 = Placing pods on specific nodes using node selectors
@@ -10,7 +10,7 @@ toc::[]
 
 A _node selector_ specifies a map of key-value pairs. The rules are defined using custom labels on nodes and selectors specified in pods.
 
-For the pod to be eligible to run on a node, the pod must have the indicated key-value pairs as the label on the node. 
+For the pod to be eligible to run on a node, the pod must have the indicated key-value pairs as the label on the node.
 
 If you are using node affinity and node selectors in the same pod configuration, see the important considerations below.
 
diff --git a/nodes/pods/nodes-pods-plugins.adoc b/nodes/pods/nodes-pods-plugins.adoc
index 4c248b1775a2..000f442f40f6 100644
--- a/nodes/pods/nodes-pods-plugins.adoc
+++ b/nodes/pods/nodes-pods-plugins.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-device
 [id="nodes-pods-device"]
 = Using device plugins to access external resources with pods
@@ -9,7 +9,7 @@ toc::[]
 
 Device plugins allow you to use a particular device type (GPU, InfiniBand,
 or other similar computing resources that require vendor-specific initialization
-and setup) in your {product-title} pod without needing to write custom code. 
+and setup) in your {product-title} pod without needing to write custom code.
 
 
 // The following include statements pull in the module files that comprise
diff --git a/nodes/pods/nodes-pods-priority.adoc b/nodes/pods/nodes-pods-priority.adoc
index 16148bc36000..8b19901f24e1 100644
--- a/nodes/pods/nodes-pods-priority.adoc
+++ b/nodes/pods/nodes-pods-priority.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-priority
 [id="nodes-pods-priority"]
 = Including pod priority in pod scheduling decisions
@@ -8,11 +8,14 @@ toc::[]
 
 
 You can enable pod priority and preemption in your cluster. Pod priority indicates the importance of a pod relative to other pods and queues the pods based on that priority. pod preemption allows the cluster to evict, or preempt, lower-priority pods so that higher-priority pods can be scheduled if there is no available space on a suitable node
-pod priority also affects the scheduling order of pods and out-of-resource eviction ordering on the node. 
+pod priority also affects the scheduling order of pods and out-of-resource eviction ordering on the node.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 To use priority and preemption, you create priority classes that define the relative weight of your pods. Then, reference a priority class in the pod specification to apply that weight for scheduling.
-
-
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+To use priority and preemption, reference a priority class in the pod specification to apply that weight for scheduling.
+endif::openshift-rosa,openshift-dedicated[]
 
 // The following include statements pull in the module files that comprise
 // the assembly. Include any combination of concept, procedure, or reference
diff --git a/nodes/pods/nodes-pods-secrets-store.adoc b/nodes/pods/nodes-pods-secrets-store.adoc
new file mode 100644
index 000000000000..4ea523aad121
--- /dev/null
+++ b/nodes/pods/nodes-pods-secrets-store.adoc
@@ -0,0 +1,73 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-pods-secrets-store"]
+= Providing sensitive data to pods by using an external secrets store
+include::_attributes/common-attributes.adoc[]
+:context: nodes-pods-secrets-store
+
+toc::[]
+
+Some applications need sensitive information, such as passwords and user names, that you do not want developers to have.
+
+As an alternative to using Kubernetes `Secret` objects to provide sensitive information, you can use an external secrets store to store the sensitive information. You can use the {secrets-store-operator} to integrate with an external secrets store and mount the secret content as a pod volume.
+
+:FeatureName: The {secrets-store-operator}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+// About the {secrets-store-operator}
+include::modules/persistent-storage-csi-secrets-store-driver-overview.adoc[leveloffset=+1]
+
+// Secrets store providers
+include::modules/secrets-store-providers.adoc[leveloffset=+2]
+
+// Automatic rotation
+include::modules/secrets-store-auto-rotation.adoc[leveloffset=+2]
+
+// Installing the {secrets-store-driver}
+include::modules/persistent-storage-csi-secrets-store-driver-install.adoc[leveloffset=+1]
+
+[id="mounting-secrets-external-secrets-store"]
+== Mounting secrets from an external secrets store to a CSI volume
+
+After installing the {secrets-store-operator}, you can mount secrets from one of the following external secrets stores to a CSI volume:
+
+* xref:../../nodes/pods/nodes-pods-secrets-store.adoc#secrets-store-aws_nodes-pods-secrets-store[AWS Secrets Manager]
+* xref:../../nodes/pods/nodes-pods-secrets-store.adoc#secrets-store-aws_nodes-pods-secrets-store-parameter-store[AWS Systems Manager Parameter Store]
+* xref:../../nodes/pods/nodes-pods-secrets-store.adoc#secrets-store-azure_nodes-pods-secrets-store[Azure Key Vault]
+
+// Mounting secrets from AWS Secrets Manager
+:secrets-store-provider: AWS Secrets Manager
+include::modules/secrets-store-aws.adoc[leveloffset=+2]
+:!secrets-store-provider:
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
+
+// --- START OF CONTEXT CHANGE ---
+// Setting a unique context for including the secrets-store-aws.adoc module a second time in this assembly
+:context: nodes-pods-secrets-store-parameter-store
+
+// Mounting secrets from AWS Systems Manager Parameter Store
+:secrets-store-provider: AWS Systems Manager Parameter Store
+include::modules/secrets-store-aws.adoc[leveloffset=+2]
+:!secrets-store-provider:
+
+// Resetting the context back to original context
+:context: nodes-pods-secrets-store
+// --- END OF CONTEXT CHANGE ---
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
+
+// Mounting secrets from Azure Key Vault
+include::modules/secrets-store-azure.adoc[leveloffset=+2]
+
+// Enabling synchronization of mounted content as Kubernetes secrets
+include::modules/secrets-store-sync-secrets.adoc[leveloffset=+1]
+
+// Viewing the status of secrets in the pod volume mount
+include::modules/secrets-store-viewing-secret-versions.adoc[leveloffset=+1]
+
+// Uninstalling the {secrets-store-operator}
+include::modules/persistent-storage-csi-secrets-store-driver-uninstall.adoc[leveloffset=+1]
diff --git a/nodes/pods/nodes-pods-secrets.adoc b/nodes/pods/nodes-pods-secrets.adoc
index 97f87ac06e20..648853a23402 100644
--- a/nodes/pods/nodes-pods-secrets.adoc
+++ b/nodes/pods/nodes-pods-secrets.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-secrets
 [id="nodes-pods-secrets"]
-= Providing sensitive data to pods
+= Providing sensitive data to pods by using secrets
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
@@ -10,20 +10,16 @@ Some applications need sensitive information, such as passwords and user names,
 
 As an administrator, you can use `Secret` objects to provide this information without exposing that information in clear text.
 
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
 include::modules/nodes-pods-secrets-about.adoc[leveloffset=+1]
 
-// remove these links for 4.12+
+include::modules/service-account-auto-secret-removed.adoc[leveloffset=+2]
 
 .Additional resources
 
-* For information about requesting bound service account tokens, see xref:../../authentication/bound-service-account-tokens.html#bound-sa-tokens-configuring_bound-service-account-tokens[Using bound service account tokens]
-
-* For information about creating a service account token secret, see xref:../../nodes/pods/nodes-pods-secrets.html#nodes-pods-secrets-creating-sa_nodes-pods-secrets[Creating a service account token secret].
+ifndef::openshift-rosa,openshift-dedicated[]
+* For information about requesting bound service account tokens, see xref:../../authentication/bound-service-account-tokens.adoc#bound-sa-tokens-configuring_bound-service-account-tokens[Using bound service account tokens]
+endif::openshift-rosa,openshift-dedicated[]
+* For information about creating a service account token secret, see xref:../../nodes/pods/nodes-pods-secrets.doc#nodes-pods-secrets-creating-sa_nodes-pods-secrets[Creating a service account token secret].
 
 include::modules/nodes-pods-secrets-creating.adoc[leveloffset=+1]
 
@@ -41,9 +37,12 @@ include::modules/nodes-pods-secrets-creating-sa.adoc[leveloffset=+2]
 
 * For more information on using secrets in pods, see xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets-creating_nodes-pods-secrets[Understanding how to create secrets].
 
-* For information on requesting bound service account tokens, see xref:../../authentication/bound-service-account-tokens.html#bound-sa-tokens-configuring_bound-service-account-tokens[Using bound service account tokens]
+ifndef::openshift-rosa,openshift-dedicated[]
+
+* For information on requesting bound service account tokens, see xref:../../authentication/bound-service-account-tokens.adoc#bound-sa-tokens-configuring_bound-service-account-tokens[Using bound service account tokens]
 
 * For information on creating service accounts, see xref:../../authentication/understanding-and-creating-service-accounts.adoc#understanding-and-creating-service-accounts[Understanding and creating service accounts].
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nodes-pods-secrets-creating-basic.adoc[leveloffset=+2]
 
@@ -66,6 +65,8 @@ include::modules/nodes-pods-secrets-creating-docker.adoc[leveloffset=+2]
 
 * For more information on using secrets in pods, see xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets-creating_nodes-pods-secrets[Understanding how to create secrets].
 
+include::modules/nodes-pods-secrets-creating-web-console-secrets.adoc[leveloffset=+2]
+
 include::modules/nodes-pods-secrets-updating.adoc[leveloffset=+1]
 
 include::modules/nodes-application-secrets-using.adoc[leveloffset=+1]
diff --git a/nodes/pods/nodes-pods-using.adoc b/nodes/pods/nodes-pods-using.adoc
index ce139caa6576..67b73fc3f961 100644
--- a/nodes/pods/nodes-pods-using.adoc
+++ b/nodes/pods/nodes-pods-using.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-using-ssy
 [id="nodes-pods-using-pp"]
 = Using pods
diff --git a/nodes/pods/nodes-pods-vertical-autoscaler.adoc b/nodes/pods/nodes-pods-vertical-autoscaler.adoc
index ff27ad46b7a8..24b0656f8695 100644
--- a/nodes/pods/nodes-pods-vertical-autoscaler.adoc
+++ b/nodes/pods/nodes-pods-vertical-autoscaler.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-vertical-autoscaler
 [id="nodes-pods-vpa"]
 = Automatically adjust pod resource levels with the vertical pod autoscaler
@@ -24,6 +24,8 @@ include::modules/nodes-pods-vertical-autoscaler-install.adoc[leveloffset=+1]
 
 include::modules/nodes-pods-vertical-autoscaler-using-about.adoc[leveloffset=+1]
 
+include::modules/nodes-pods-vertical-autoscaler-tuning.adoc[leveloffset=+2]
+
 include::modules/nodes-pods-vertical-autoscaler-custom.adoc[leveloffset=+2]
 
 include::modules/nodes-pods-vertical-autoscaler-configuring.adoc[leveloffset=+1]
diff --git a/nodes/pods/nodes-pods-viewing.adoc b/nodes/pods/nodes-pods-viewing.adoc
index 676ceb9a2886..66fb888f3f7b 100644
--- a/nodes/pods/nodes-pods-viewing.adoc
+++ b/nodes/pods/nodes-pods-viewing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-pods-viewing
 [id="nodes-pods-viewing"]
 = Viewing pods
diff --git a/nodes/pods/run_once_duration_override/index.adoc b/nodes/pods/run_once_duration_override/index.adoc
index c2e3300ea14c..85f22831e1ae 100644
--- a/nodes/pods/run_once_duration_override/index.adoc
+++ b/nodes/pods/run_once_duration_override/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="run-once-duration-override-about"]
 = {run-once-operator} overview
 include::_attributes/common-attributes.adoc[]
@@ -8,5 +8,8 @@ toc::[]
 
 You can use the {run-once-operator} to specify a maximum time limit that run-once pods can be active for.
 
+:operator-name: The {run-once-operator}
+include::snippets/operator-not-available.adoc[]
+
 // About the {run-once-operator}
 include::modules/rodoo-about.adoc[leveloffset=+1]
diff --git a/nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc b/nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc
index 20cae89e360b..e42f5904d33b 100644
--- a/nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc
+++ b/nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="run-once-duration-override-install"]
 = Overriding the active deadline for run-once pods
 include::_attributes/common-attributes.adoc[]
@@ -8,10 +8,13 @@ toc::[]
 
 You can use the {run-once-operator} to specify a maximum time limit that run-once pods can be active for. By enabling the run-once duration override on a namespace, all future run-once pods created or updated in that namespace have their `activeDeadlineSeconds` field set to the value specified by the {run-once-operator}.
 
-[NOTE]
-====
-If both the run-once pod and the {run-once-operator} have their `activeDeadlineSeconds` value set, the lower of the two values is used.
-====
+:operator-name: The {run-once-operator}
+include::snippets/operator-not-available.adoc[]
+
+//[NOTE]
+//====
+//If both the run-once pod and the {run-once-operator} have their `activeDeadlineSeconds` value set, the lower of the two values is used.
+//====
 
 // Installing the {run-once-operator}
 include::modules/rodoo-install-operator.adoc[leveloffset=+1]
diff --git a/nodes/pods/run_once_duration_override/run-once-duration-override-release-notes.adoc b/nodes/pods/run_once_duration_override/run-once-duration-override-release-notes.adoc
index 76b1f1ce151a..527015789d77 100644
--- a/nodes/pods/run_once_duration_override/run-once-duration-override-release-notes.adoc
+++ b/nodes/pods/run_once_duration_override/run-once-duration-override-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="run-once-duration-override-release-notes"]
 = {run-once-operator} release notes
 include::_attributes/common-attributes.adoc[]
@@ -12,20 +12,5 @@ To apply the run-once duration override from the {run-once-operator} to run-once
 
 These release notes track the development of the {run-once-operator} for {product-title}.
 
-For an overview of the {run-once-operator}, see xref:../../../nodes/pods/run_once_duration_override/index.adoc#run-once-about_run-once-duration-override-about[About the {run-once-operator}].
-
-[id="run-once-duration-override-operator-release-notes-1-0-0"]
-== OpenShift {run-once-operator} 1.0.0
-
-Issued: 2023-05-18
-
-The following advisory is available for the {run-once-operator} 1.0.0:
-
-* link:https://access.redhat.com/errata/RHEA-2023:2035[RHEA-2023:2035]
-
-[id="run-once-duration-override-operator-1-0-0-new-features-and-enhancements"]
-=== New features and enhancements
-
-* This is the initial, generally available release of the {run-once-operator}. For installation information, see xref:../../../nodes/pods/run_once_duration_override/run-once-duration-override-install.adoc#run-once-duration-override-install[Installing the {run-once-operator}].
-
-// No bug fixes or known issues to list
+:operator-name: The {run-once-operator}
+include::snippets/operator-not-available.adoc[]
\ No newline at end of file
diff --git a/nodes/pods/run_once_duration_override/run-once-duration-override-uninstall.adoc b/nodes/pods/run_once_duration_override/run-once-duration-override-uninstall.adoc
index 2bee81767869..8b29b5a2680c 100644
--- a/nodes/pods/run_once_duration_override/run-once-duration-override-uninstall.adoc
+++ b/nodes/pods/run_once_duration_override/run-once-duration-override-uninstall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="run-once-duration-override-uninstall"]
 = Uninstalling the {run-once-operator}
 include::_attributes/common-attributes.adoc[]
@@ -8,6 +8,9 @@ toc::[]
 
 You can remove the {run-once-operator} from {product-title} by uninstalling the Operator and removing its related resources.
 
+:operator-name: The {run-once-operator}
+include::snippets/operator-not-available.adoc[]
+
 // Uninstalling the {run-once-operator}
 include::modules/rodoo-uninstall-operator.adoc[leveloffset=+1]
 
diff --git a/nodes/scheduling/descheduler/_attributes b/nodes/scheduling/descheduler/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/nodes/scheduling/descheduler/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/nodes/scheduling/descheduler/images b/nodes/scheduling/descheduler/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/nodes/scheduling/descheduler/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/nodes/scheduling/descheduler/index.adoc b/nodes/scheduling/descheduler/index.adoc
new file mode 100644
index 000000000000..d788cf720a31
--- /dev/null
+++ b/nodes/scheduling/descheduler/index.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-descheduler-about"]
+= Descheduler overview
+include::_attributes/common-attributes.adoc[]
+:context: nodes-descheduler-about
+
+toc::[]
+
+While the xref:../../../nodes/scheduling/nodes-scheduler-about.adoc#nodes-scheduler-about[scheduler] is used to determine the most suitable node to host a new pod, the descheduler can be used to evict a running pod so that the pod can be rescheduled onto a more suitable node.
+
+:operator-name: The {descheduler-operator}
+include::snippets/operator-not-available.adoc[]
+
+// About the descheduler
+include::modules/nodes-descheduler-about.adoc[leveloffset=+1]
+
+// Descheduler profiles
+include::modules/nodes-descheduler-profiles.adoc[leveloffset=+1]
diff --git a/nodes/scheduling/descheduler/modules b/nodes/scheduling/descheduler/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/nodes/scheduling/descheduler/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/nodes/scheduling/descheduler/nodes-descheduler-configuring.adoc b/nodes/scheduling/descheduler/nodes-descheduler-configuring.adoc
new file mode 100644
index 000000000000..239bea2f10d0
--- /dev/null
+++ b/nodes/scheduling/descheduler/nodes-descheduler-configuring.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-descheduler-configuring"]
+= Evicting pods using the descheduler
+include::_attributes/common-attributes.adoc[]
+:context: nodes-descheduler-configuring
+
+toc::[]
+
+You can run the descheduler in {product-title} by installing the {descheduler-operator} and setting the desired profiles and other customizations.
+
+:operator-name: The {descheduler-operator}
+include::snippets/operator-not-available.adoc[]
+
+// Installing the descheduler
+include::modules/nodes-descheduler-installing.adoc[leveloffset=+1]
+
+// Configuring the descheduler profiles
+include::modules/nodes-descheduler-configuring-profiles.adoc[leveloffset=+1]
+
+// Configuring the descheduler interval
+include::modules/nodes-descheduler-configuring-interval.adoc[leveloffset=+1]
diff --git a/nodes/scheduling/descheduler/nodes-descheduler-release-notes.adoc b/nodes/scheduling/descheduler/nodes-descheduler-release-notes.adoc
new file mode 100644
index 000000000000..647da4966732
--- /dev/null
+++ b/nodes/scheduling/descheduler/nodes-descheduler-release-notes.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-descheduler-release-notes"]
+= {descheduler-operator} release notes
+include::_attributes/common-attributes.adoc[]
+:context: nodes-descheduler-release-notes
+
+toc::[]
+
+The {descheduler-operator} allows you to evict pods so that they can be rescheduled on more appropriate nodes.
+
+These release notes track the development of the {descheduler-operator}.
+
+:operator-name: The {descheduler-operator}
+include::snippets/operator-not-available.adoc[]
+
+For more information, see xref:../../../nodes/scheduling/descheduler/index.adoc#nodes-descheduler-about_nodes-descheduler-about[About the descheduler].
diff --git a/nodes/scheduling/descheduler/nodes-descheduler-uninstalling.adoc b/nodes/scheduling/descheduler/nodes-descheduler-uninstalling.adoc
new file mode 100644
index 000000000000..3ddf6959531a
--- /dev/null
+++ b/nodes/scheduling/descheduler/nodes-descheduler-uninstalling.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nodes-descheduler-uninstalling"]
+= Uninstalling the {descheduler-operator}
+include::_attributes/common-attributes.adoc[]
+:context: nodes-descheduler-uninstalling
+
+toc::[]
+
+You can remove the {descheduler-operator} from {product-title} by uninstalling the Operator and removing its related resources.
+
+// TODO: Update all other places to use the new operator attribute
+
+:operator-name: The {descheduler-operator}
+include::snippets/operator-not-available.adoc[]
+
+// Uninstalling the descheduler
+include::modules/nodes-descheduler-uninstalling.adoc[leveloffset=+1]
diff --git a/nodes/scheduling/descheduler/snippets b/nodes/scheduling/descheduler/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/nodes/scheduling/descheduler/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/nodes/scheduling/nodes-descheduler.adoc b/nodes/scheduling/nodes-descheduler.adoc
deleted file mode 100644
index b92b1907f357..000000000000
--- a/nodes/scheduling/nodes-descheduler.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-:_content-type: ASSEMBLY
-[id="nodes-descheduler"]
-= Evicting pods using the descheduler
-include::_attributes/common-attributes.adoc[]
-:context: nodes-descheduler
-
-toc::[]
-
-While the xref:../../nodes/scheduling/nodes-scheduler-about.adoc#nodes-scheduler-about[scheduler] is used to determine the most suitable node to host a new pod, the descheduler can be used to evict a running pod so that the pod can be rescheduled onto a more suitable node.
-
-// About the descheduler
-include::modules/nodes-descheduler-about.adoc[leveloffset=+1]
-
-// Descheduler profiles
-include::modules/nodes-descheduler-profiles.adoc[leveloffset=+1]
-
-// Installing the descheduler
-include::modules/nodes-descheduler-installing.adoc[leveloffset=+1]
-
-// Configuring the descheduler profiles
-include::modules/nodes-descheduler-configuring-profiles.adoc[leveloffset=+1]
-
-// Configuring the descheduler interval
-include::modules/nodes-descheduler-configuring-interval.adoc[leveloffset=+1]
-
-// Uninstalling the descheduler
-include::modules/nodes-descheduler-uninstalling.adoc[leveloffset=+1]
diff --git a/nodes/scheduling/nodes-scheduler-about.adoc b/nodes/scheduling/nodes-scheduler-about.adoc
index 613f092b468c..b5cfb6732531 100644
--- a/nodes/scheduling/nodes-scheduler-about.adoc
+++ b/nodes/scheduling/nodes-scheduler-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-about
 [id="nodes-scheduler-about"]
 = Controlling pod placement using the scheduler
@@ -21,7 +21,9 @@ In situations where you might want more control over where new pods are placed,
 +
 You can control pod placement by using the following scheduling features:
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../../nodes/scheduling/nodes-scheduler-profiles.adoc#nodes-scheduler-profiles[Scheduler profiles]
+endif::openshift-rosa,openshift-dedicated[]
 * xref:../../nodes/scheduling/nodes-scheduler-pod-affinity.adoc#nodes-scheduler-pod-affinity[Pod affinity and anti-affinity rules]
 * xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity-about_nodes-scheduler-node-affinity[Node affinity]
 * xref:../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Node selectors]
diff --git a/nodes/scheduling/nodes-scheduler-node-affinity.adoc b/nodes/scheduling/nodes-scheduler-node-affinity.adoc
index ad7232a72c87..fa0322b058ab 100644
--- a/nodes/scheduling/nodes-scheduler-node-affinity.adoc
+++ b/nodes/scheduling/nodes-scheduler-node-affinity.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-node-affinity
 [id="nodes-scheduler-node-affinity"]
 = Controlling pod placement on nodes using node affinity rules
@@ -26,11 +26,14 @@ include::modules/nodes-scheduler-node-affinity-configuring-preferred.adoc[levelo
 
 include::modules/nodes-scheduler-node-affinity-example.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/olm-overriding-operator-pod-affinity.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [id="nodes-scheduler-node-affinity-addtl-resources_{context}"]
 [role="_additional-resources"]
 == Additional resources
 
-* For information about changing node labels, see
-xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes].
+* xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/scheduling/nodes-scheduler-node-names.adoc b/nodes/scheduling/nodes-scheduler-node-names.adoc
index df4724c3cf48..d15efec8c9e6 100644
--- a/nodes/scheduling/nodes-scheduler-node-names.adoc
+++ b/nodes/scheduling/nodes-scheduler-node-names.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-node-names
 [id="nodes-scheduler-node-names"]
 = Placing a pod on a specific node by name
diff --git a/nodes/scheduling/nodes-scheduler-node-projects.adoc b/nodes/scheduling/nodes-scheduler-node-projects.adoc
index 374c089303ba..59c509a0673d 100644
--- a/nodes/scheduling/nodes-scheduler-node-projects.adoc
+++ b/nodes/scheduling/nodes-scheduler-node-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-node-project
 [id="nodes-scheduler-node-project"]
 = Placing a pod in a specific project
diff --git a/nodes/scheduling/nodes-scheduler-node-selectors.adoc b/nodes/scheduling/nodes-scheduler-node-selectors.adoc
index 22d3e4e48006..d1f1885942e3 100644
--- a/nodes/scheduling/nodes-scheduler-node-selectors.adoc
+++ b/nodes/scheduling/nodes-scheduler-node-selectors.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-node-selectors
 [id="nodes-scheduler-node-selectors"]
 = Placing pods on specific nodes using node selectors
@@ -6,25 +6,17 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-
-
-A _node selector_ specifies a map of key/value pairs that are defined using custom labels on nodes and selectors specified in pods.
-
-For the pod to be eligible to run on a node, the pod must have the same key/value node selector as the label on the node.
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
-
+include::snippets/about-node-selectors.adoc[]
 
 include::modules/nodes-scheduler-node-selectors-about.adoc[leveloffset=+1]
 
 include::modules/nodes-scheduler-node-selectors-pod.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/nodes-scheduler-node-selectors-cluster.adoc[leveloffset=+1]
 
 include::modules/nodes-scheduler-node-selectors-project.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
 [role="_additional-resources"]
 .Additional resources
diff --git a/nodes/scheduling/nodes-scheduler-overcommit.adoc b/nodes/scheduling/nodes-scheduler-overcommit.adoc
index 4b004605d4cb..1357d34d31cc 100644
--- a/nodes/scheduling/nodes-scheduler-overcommit.adoc
+++ b/nodes/scheduling/nodes-scheduler-overcommit.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-overcommit
 [id="nodes-scheduler-overcommit"]
 = Placing pods onto overcommited nodes
diff --git a/nodes/scheduling/nodes-scheduler-pod-affinity.adoc b/nodes/scheduling/nodes-scheduler-pod-affinity.adoc
index ad48d5d501c0..fcc183841a33 100644
--- a/nodes/scheduling/nodes-scheduler-pod-affinity.adoc
+++ b/nodes/scheduling/nodes-scheduler-pod-affinity.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-pod-affinity
 [id="nodes-scheduler-pod-affinity"]
 = Placing pods relative to other pods using affinity and anti-affinity rules
@@ -6,19 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-
-
-Affinity is a property of pods that controls the nodes on which they prefer to be scheduled. Anti-affinity is a property of pods
-that prevents a pod from being scheduled on a node.
-
-In {product-title} _pod affinity_ and _pod anti-affinity_ allow you to constrain which nodes your pod is eligible to be scheduled on based on the key/value labels on other pods.
-
-
-
-// The following include statements pull in the module files that comprise
-// the assembly. Include any combination of concept, procedure, or reference
-// modules required to cover the user story. You can also include other
-// assemblies.
+include::snippets/about-pod-affinity.adoc[]
 
 include::modules/nodes-scheduler-pod-affinity-about.adoc[leveloffset=+1]
 
@@ -28,4 +16,6 @@ include::modules/nodes-scheduler-pod-anti-affinity-configuring.adoc[leveloffset=
 
 include::modules/nodes-scheduler-pod-affinity-example.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/olm-overriding-operator-pod-affinity.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc b/nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc
index 0c340990b6b2..78bc0716ae36 100644
--- a/nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc
+++ b/nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-scheduler-pod-topology-spread-constraints"]
 = Controlling pod placement by using pod topology spread constraints
 include::_attributes/common-attributes.adoc[]
@@ -17,7 +17,9 @@ include::modules/nodes-scheduler-pod-topology-spread-constraints-configuring.ado
 // Sample pod topology spread constraints
 include::modules/nodes-scheduler-pod-topology-spread-constraints-examples.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 == Additional resources
 
 * xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/nodes/scheduling/nodes-scheduler-profiles.adoc b/nodes/scheduling/nodes-scheduler-profiles.adoc
index 41b52bfd11d8..abdc671e1cdd 100644
--- a/nodes/scheduling/nodes-scheduler-profiles.adoc
+++ b/nodes/scheduling/nodes-scheduler-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-scheduler-profiles"]
 = Scheduling pods using a scheduler profile
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/scheduling/nodes-scheduler-taints-tolerations.adoc b/nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
index e499503dd54e..d5ef03184b5c 100644
--- a/nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
+++ b/nodes/scheduling/nodes-scheduler-taints-tolerations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: nodes-scheduler-taints-tolerations
 [id="nodes-scheduler-taints-tolerations"]
 = Controlling pod placement using node taints
@@ -29,8 +29,10 @@ include::modules/nodes-scheduler-taints-tolerations-projects.adoc[leveloffset=+2
 .Additional resources
 
 * Adding taints and tolerations xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-adding_nodes-scheduler-taints-tolerations[manually to nodes] or xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-adding-machineset_nodes-scheduler-taints-tolerations[with compute machine sets]
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors-project_nodes-scheduler-node-selectors[Creating project-wide node selectors]
 * xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-pod-placement_olm-adding-operators-to-a-cluster[Pod placement of Operator workloads]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/nodes-scheduler-taints-tolerations-special.adoc[leveloffset=+2]
 
diff --git a/nodes/scheduling/secondary_scheduler/index.adoc b/nodes/scheduling/secondary_scheduler/index.adoc
index 6fb0948ae65c..d8c70a90d36b 100644
--- a/nodes/scheduling/secondary_scheduler/index.adoc
+++ b/nodes/scheduling/secondary_scheduler/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-secondary-scheduler-about"]
 = Secondary scheduler overview
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc b/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc
index 56a1cbf4bcaa..8c852325abc2 100644
--- a/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc
+++ b/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="secondary-scheduler-configuring"]
 = Scheduling pods using a secondary scheduler
 include::_attributes/common-attributes.adoc[]
diff --git a/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-release-notes.adoc b/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-release-notes.adoc
index e50d0fab6c81..da32032da4f7 100644
--- a/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-release-notes.adoc
+++ b/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="nodes-secondary-scheduler-release-notes"]
 = {secondary-scheduler-operator-full} release notes
 include::_attributes/common-attributes.adoc[]
@@ -12,56 +12,28 @@ These release notes track the development of the {secondary-scheduler-operator-f
 
 For more information, see xref:../../../nodes/scheduling/secondary_scheduler/index.adoc#nodes-secondary-scheduler-about_nodes-secondary-scheduler-about[About the {secondary-scheduler-operator}].
 
-[id="secondary-scheduler-operator-release-notes-1.1.1"]
-== Release notes for {secondary-scheduler-operator-full} 1.1.1
+[id="secondary-scheduler-operator-release-notes-1.2.0"]
+== Release notes for {secondary-scheduler-operator-full} 1.2.0
 
-Issued: 2023-5-18
+Issued: 2023-11-01
 
-The following advisory is available for the {secondary-scheduler-operator-full} 1.1.1:
+The following advisory is available for the {secondary-scheduler-operator-full} 1.2.0:
 
-* link:https://access.redhat.com/errata/RHSA-2023:0584[RHSA-2023:0584]
+* link:https://access.redhat.com/errata/RHSA-2023:6154[RHSA-2023:6154]
 
 ////
 // No enhancements in this release
-[id="secondary-scheduler-operator-1.1.1-new-features-and-enhancements"]
+[id="secondary-scheduler-operator-1.2.0-new-features-and-enhancements"]
 === New features and enhancements
-
 * None
 ////
 
-[id="secondary-scheduler-1.1.1-bug-fixes"]
+[id="secondary-scheduler-1.2.0-bug-fixes"]
 === Bug fixes
 
 * This release of the {secondary-scheduler-operator} addresses several Common Vulnerabilities and Exposures (CVEs).
 
-[id="secondary-scheduler-operator-1.1.1-known-issues"]
+[id="secondary-scheduler-operator-1.2.0-known-issues"]
 === Known issues
 
 * Currently, you cannot deploy additional resources, such as config maps, CRDs, or RBAC policies through the {secondary-scheduler-operator}. Any resources other than roles and role bindings that are required by your custom secondary scheduler must be applied externally. (link:https://issues.redhat.com/browse/WRKLDS-645[*WRKLDS-645*])
-
-[id="secondary-scheduler-operator-release-notes-1.1.0"]
-== Release notes for {secondary-scheduler-operator-full} 1.1.0
-
-Issued: 2022-9-1
-
-The following advisory is available for the {secondary-scheduler-operator-full} 1.1.0:
-
-* link:https://access.redhat.com/errata/RHSA-2022:6152[RHSA-2022:6152]
-
-[id="secondary-scheduler-operator-1.1.0-new-features-and-enhancements"]
-=== New features and enhancements
-
-* The {secondary-scheduler-operator} security context configuration has been updated to comply with xref:../../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[pod security admission enforcement].
-
-////
-// No bug fixes in this release
-[id="secondary-scheduler-1.1.0-bug-fixes"]
-=== Bug fixes
-
-* None
-////
-
-[id="secondary-scheduler-operator-1.1.0-known-issues"]
-=== Known issues
-
-* Currently, you cannot deploy additional resources, such as config maps, CRDs, or RBAC policies through the {secondary-scheduler-operator}. Any resources other than roles and role bindings that are required by your custom secondary scheduler must be applied externally. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2071684[*BZ#2071684*])
diff --git a/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-uninstalling.adoc b/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-uninstalling.adoc
index ce067bf98d06..6f8929ad7e07 100644
--- a/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-uninstalling.adoc
+++ b/nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-uninstalling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="secondary-scheduler-uninstalling"]
 = Uninstalling the {secondary-scheduler-operator}
 include::_attributes/common-attributes.adoc[]
diff --git a/ocm/ocm-overview.adoc b/ocm/ocm-overview.adoc
index 767ef8439016..78df5cd33aaa 100644
--- a/ocm/ocm-overview.adoc
+++ b/ocm/ocm-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ocm-overview"]
 = Red Hat OpenShift Cluster Manager
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -44,6 +44,12 @@ Selecting an active, installed cluster shows tabs associated with that cluster.
 * Settings
 
 include::modules/ocm-overview-tab.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc#using-insights-to-identify-issues-with-your-cluster[Using Insights to identify issues with your cluster]
+
 include::modules/ocm-accesscontrol-tab.adoc[leveloffset=+2]
 include::modules/ocm-addons-tab.adoc[leveloffset=+2]
 include::modules/ocm-cluster-history.adoc[leveloffset=+2]
diff --git a/openshift_images/cnf-building-and-deploying-a-dpdk-payload.adoc b/openshift_images/cnf-building-and-deploying-a-dpdk-payload.adoc
index 403fa7c1a005..a14a916b2727 100644
--- a/openshift_images/cnf-building-and-deploying-a-dpdk-payload.adoc
+++ b/openshift_images/cnf-building-and-deploying-a-dpdk-payload.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 // Epic CNF-40
 [id="cnf-building-and-deploying-a-dpdk-application"]
 = Building and deploying a DPDK application using the S2I image
diff --git a/openshift_images/configuring-samples-operator.adoc b/openshift_images/configuring-samples-operator.adoc
index 8f8182ac3e2c..9416855d47df 100644
--- a/openshift_images/configuring-samples-operator.adoc
+++ b/openshift_images/configuring-samples-operator.adoc
@@ -1,12 +1,26 @@
-:_content-type: ASSEMBLY
+ifndef::openshift-rosa,openshift-dedicated[]
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-samples-operator"]
 = Configuring the Cluster Samples Operator
 include::_attributes/common-attributes.adoc[]
 :context: configuring-samples-operator
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-samples-operator"]
+= Overview of the Cluster Samples Operator
+include::_attributes/common-attributes.adoc[]
+:context: configuring-samples-operator
+endif::openshift-rosa,openshift-dedicated[]
 
 toc::[]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 The Cluster Samples Operator, which operates in the `openshift` namespace, installs and updates the {op-system-base-full}-based {product-title} image streams and {product-title} templates.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+The Cluster Samples Operator, which operates in the `openshift` namespace, installs and updates the {product-title} image streams and {product-title} templates.
+endif::openshift-rosa,openshift-dedicated[]
 
 [IMPORTANT]
 .Cluster Samples Operator is being downsized  
@@ -41,16 +55,25 @@ include::modules/samples-operator-overview.adoc[leveloffset=+1]
 == Additional resources
 
 * If the Cluster Samples Operator is removed during installation, you can xref:../openshift_images/samples-operator-alt-registry.adoc#samples-operator-alt-registry[use the Cluster Samples Operator with an alternate registry] so content can be imported, and then set the Cluster Samples Operator to `Managed` to get the samples.
+// Restricted network not supported ROSA/OSD 
+ifndef::openshift-rosa,openshift-dedicated[]
 * To ensure the Cluster Samples Operator bootstraps as `Removed` in a restricted network installation with initial network access to defer samples installation until you have decided which samples are desired, follow the instructions for xref:../installing/install_config/installing-customizing.adoc#installing-customizing[customizing nodes] to override the Cluster Samples Operator default configuration and initially come up as `Removed`.
 ** To host samples in your disconnected environment, follow the instructions for xref:../openshift_images/samples-operator-alt-registry.adoc#samples-operator-alt-registry[using the Cluster Samples Operator with an alternate registry].
+endif::openshift-rosa,openshift-dedicated[]
 
+// Restricted network not supported ROSA/OSD 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/installation-images-samples-disconnected-mirroring-assist.adoc[leveloffset=+2]
 
 See xref:../openshift_images/samples-operator-alt-registry.adoc#installation-restricted-network-samples_samples-operator-alt-registry[Using Cluster Samples Operator image streams with alternate or mirrored registries] for a detailed procedure.
+endif::openshift-rosa,openshift-dedicated[]
 
+// cannot patch resource "configs" in API group "samples.operator.openshift.io"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/samples-operator-configuration.adoc[leveloffset=+1]
 
 include::modules/samples-operator-crd.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/images-samples-operator-deprecated-image-stream.adoc[leveloffset=+1]
 
diff --git a/openshift_images/create-images.adoc b/openshift_images/create-images.adoc
index 795624906682..ea406c594d97 100644
--- a/openshift_images/create-images.adoc
+++ b/openshift_images/create-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-images"]
 = Creating images
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/image-configuration.adoc b/openshift_images/image-configuration.adoc
index b1d0ea9dba34..b9df9ed81caf 100644
--- a/openshift_images/image-configuration.adoc
+++ b/openshift_images/image-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="image-configuration"]
 = Image configuration resources
 include::_attributes/common-attributes.adoc[]
@@ -16,7 +16,10 @@ include::modules/images-configuration-allowed.adoc[leveloffset=+2]
 
 include::modules/images-configuration-blocked.adoc[leveloffset=+2]
 
+// Managed OpenShift customers may not create ImageContentSourcePolicy
+ifndef::openshift-rosa,openshit-dedicated[]
 include::modules/images-configuration-blocked-payload.adoc[leveloffset=+3]
+endif::openshift-rosa,openshit-dedicated[]
 
 include::modules/images-configuration-insecure.adoc[leveloffset=+2]
 
@@ -26,10 +29,12 @@ include::modules/images-configuration-cas.adoc[leveloffset=+2]
 
 include::modules/images-configuration-registry-mirror.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
-* For more information about global pull secrets, see xref:../openshift_images/managing_images/using-image-pull-secrets.html#images-update-global-pull-secret_using-image-pull-secrets[Updating the global cluster pull secret].
+* For more information about global pull secrets, see xref:../openshift_images/managing_images/using-image-pull-secrets.adoc#images-update-global-pull-secret_using-image-pull-secrets[Updating the global cluster pull secret].
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/images-configuration-registry-mirror-convert.adoc[leveloffset=+2]
 
diff --git a/openshift_images/image-streams-manage.adoc b/openshift_images/image-streams-manage.adoc
index d4314a32a218..d8ae16ba18fd 100644
--- a/openshift_images/image-streams-manage.adoc
+++ b/openshift_images/image-streams-manage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-image-streams"]
 = Managing image streams
 include::_attributes/common-attributes.adoc[]
@@ -13,12 +13,16 @@ include::modules/images-imagestream-configure.adoc[leveloffset=+1]
 include::modules/images-using-imagestream-images.adoc[leveloffset=+1]
 include::modules/images-using-imagestream-tags.adoc[leveloffset=+1]
 include::modules/images-using-imagestream-change-triggers.adoc[leveloffset=+1]
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/images-imagestream-mapping.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
 == Working with image streams
 
 The following sections describe how to use image streams and image stream tags.
 
+include::snippets/default-projects.adoc[]
+
 include::modules/images-getting-info-about-imagestreams.adoc[leveloffset=+2]
 include::modules/images-imagestream-adding-tags.adoc[leveloffset=+2]
 include::modules/images-imagestream-external-image-tags.adoc[leveloffset=+2]
diff --git a/openshift_images/images-understand.adoc b/openshift_images/images-understand.adoc
index 90576bfd745f..ae903dffdfa8 100644
--- a/openshift_images/images-understand.adoc
+++ b/openshift_images/images-understand.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-images"]
 = Understanding containers, images, and image streams
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/index.adoc b/openshift_images/index.adoc
index 9eaf95a22aee..29f72fa965e3 100644
--- a/openshift_images/index.adoc
+++ b/openshift_images/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overview-of-images"]
 = Overview of images
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,12 @@ An image stream provides a way of storing different versions of the same basic i
 Those different versions are represented by different tags on the same image name.
 
 include::modules/images-about.adoc[leveloffset=+1]
+ifndef::openshift-rosa,openshift-dedicated[]
 You can xref:../openshift_images/create-images.adoc#creating-images[create], xref:../openshift_images/managing_images/managing-images-overview.adoc#managing-images-overview[manage], and xref:../openshift_images/using_images/using-images-overview.adoc#using-images-overview[use] container images.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+You can xref:../openshift_images/create-images.adoc#creating-images[create] and xref:../openshift_images/managing_images/managing-images-overview.adoc#managing-images-overview[manage] container images.
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/images-image-registry-about.adoc[leveloffset=+1]
 
@@ -44,10 +49,11 @@ You can use the Cluster Samples Operator to manage the sample image streams and
 
 As a cluster administrator, you can use the Cluster Samples Operator to:
 
+ifndef::openshift-rosa,openshift-dedicated[]
 ** xref:../openshift_images/configuring-samples-operator.adoc#configuring-samples-operator[Configure the Operator].
+endif::openshift-rosa,openshift-dedicated[]
 ** xref:../openshift_images/samples-operator-alt-registry.adoc#samples-operator-alt-registry[Use the Operator with an alternate registry].
 
-
 [id="about-templates"]
 == About templates
 
diff --git a/openshift_images/managing_images/image-pull-policy.adoc b/openshift_images/managing_images/image-pull-policy.adoc
index d6c7c9adf3b1..11111b29f7aa 100644
--- a/openshift_images/managing_images/image-pull-policy.adoc
+++ b/openshift_images/managing_images/image-pull-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="image-pull-policy"]
 = Image pull policy
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/managing_images/managing-images-overview.adoc b/openshift_images/managing_images/managing-images-overview.adoc
index b97aba6e9a79..98334505e424 100644
--- a/openshift_images/managing_images/managing-images-overview.adoc
+++ b/openshift_images/managing_images/managing-images-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-images-overview"]
 = Managing images overview
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/managing_images/tagging-images.adoc b/openshift_images/managing_images/tagging-images.adoc
index 0aa977dcb8ed..4d39111c4dfe 100644
--- a/openshift_images/managing_images/tagging-images.adoc
+++ b/openshift_images/managing_images/tagging-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tagging-images"]
 = Tagging images
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/managing_images/using-image-pull-secrets.adoc b/openshift_images/managing_images/using-image-pull-secrets.adoc
index b83b7c0ef4d4..563b8aa941c3 100644
--- a/openshift_images/managing_images/using-image-pull-secrets.adoc
+++ b/openshift_images/managing_images/using-image-pull-secrets.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-image-pull-secrets"]
 = Using image pull secrets
 include::_attributes/common-attributes.adoc[]
@@ -8,7 +8,7 @@ toc::[]
 
 If you are using the {product-registry} and are pulling from image streams located in the same project, then your pod service account should already have the correct permissions and no additional action should be required.
 
-However, for other scenarios, such as referencing images across {product-title} projects or from secured registries, then additional configuration steps are required.
+However, for other scenarios, such as referencing images across {product-title} projects or from secured registries, additional configuration steps are required.
 
 You can obtain the image {cluster-manager-url-pull}. This pull secret is called `pullSecret`.
 
@@ -20,4 +20,7 @@ include::modules/images-allow-pods-to-reference-images-from-secure-registries.ad
 
 include::modules/images-pulling-from-private-registries.adoc[leveloffset=+2]
 
+// cannot get resource "secrets" in API group "" in the namespace "openshift-config" 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/images-update-global-pull-secret.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/openshift_images/samples-operator-alt-registry.adoc b/openshift_images/samples-operator-alt-registry.adoc
index 20142f11f207..81becf3f2b98 100644
--- a/openshift_images/samples-operator-alt-registry.adoc
+++ b/openshift_images/samples-operator-alt-registry.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="samples-operator-alt-registry"]
 = Using the Cluster Samples Operator with an alternate registry
 include::_attributes/common-attributes.adoc[]
@@ -15,9 +15,11 @@ You must have access to the internet to obtain the necessary container images. I
 
 include::modules/installation-about-mirror-registry.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 .Additional information
 
-For information on viewing the CRI-O logs to view the image source, see xref:../installing/validating-an-installation.html#viewing-the-image-pull-source_validating-an-installation[Viewing the image pull source].
+For information on viewing the CRI-O logs to view the image source, see xref:../installing/validating-an-installation.adoc#viewing-the-image-pull-source_validating-an-installation[Viewing the image pull source].
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="samples-preparing-bastion"]
 === Preparing the mirror host
diff --git a/openshift_images/templates-using-ruby-on-rails.adoc b/openshift_images/templates-using-ruby-on-rails.adoc
index 4b3d037e020c..36aac95bb25c 100644
--- a/openshift_images/templates-using-ruby-on-rails.adoc
+++ b/openshift_images/templates-using-ruby-on-rails.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="templates-using-ruby-on-rails"]
 = Using Ruby on Rails
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/triggering-updates-on-imagestream-changes.adoc b/openshift_images/triggering-updates-on-imagestream-changes.adoc
index 4ec8cd3e763f..28e4e17a2e66 100644
--- a/openshift_images/triggering-updates-on-imagestream-changes.adoc
+++ b/openshift_images/triggering-updates-on-imagestream-changes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="triggering-updates-on-imagestream-changes"]
 = Triggering updates on image stream changes
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/using-imagestreams-with-kube-resources.adoc b/openshift_images/using-imagestreams-with-kube-resources.adoc
index a27ea902ddd6..dda480ac0d28 100644
--- a/openshift_images/using-imagestreams-with-kube-resources.adoc
+++ b/openshift_images/using-imagestreams-with-kube-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-imagestreams-with-kube-resources"]
 = Using image streams with Kubernetes resources
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,6 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Image streams, being {product-title} native resources, work out of the box with all the rest of native resources available in {product-title}, such as builds or deployments. It is also possible to make them work with native Kubernetes resources, such as jobs, replication controllers, replica sets or Kubernetes deployments.
+Image streams, being {product-title} native resources, work with all native resources available in {product-title}, such as `Build` or `DeploymentConfigs` resources. It is also possible to make them work with native Kubernetes resources, such as `Job`, `ReplicationController`, `ReplicaSet` or Kubernetes `Deployment` resources.
 
 include::modules/images-managing-images-enabling-imagestreams-kube.adoc[leveloffset=+1]
diff --git a/openshift_images/using-templates.adoc b/openshift_images/using-templates.adoc
index cbaa4bc5f094..007f9b11ecd2 100644
--- a/openshift_images/using-templates.adoc
+++ b/openshift_images/using-templates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-templates"]
 = Using templates
 include::_attributes/common-attributes.adoc[]
@@ -24,9 +24,12 @@ include::modules/templates-cli-generating-list-of-objects.adoc[leveloffset=+2]
 
 include::modules/templates-modifying-uploaded-template.adoc[leveloffset=+1]
 
+// cannot patch resource "templates" 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/templates-using-instant-app-quickstart.adoc[leveloffset=+1]
 
 include::modules/templates-quickstart.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/templates-writing.adoc[leveloffset=+1]
 
diff --git a/openshift_images/using_images/customizing-s2i-images.adoc b/openshift_images/using_images/customizing-s2i-images.adoc
index 4179af57bafb..862e61cd357b 100644
--- a/openshift_images/using_images/customizing-s2i-images.adoc
+++ b/openshift_images/using_images/customizing-s2i-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="customizing-s2i-images"]
 = Customizing source-to-image images
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/using_images/using-images-overview.adoc b/openshift_images/using_images/using-images-overview.adoc
index 5425a3a26349..20d0b8fdb4bb 100644
--- a/openshift_images/using_images/using-images-overview.adoc
+++ b/openshift_images/using_images/using-images-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-images-overview"]
 = Using images overview
 include::_attributes/common-attributes.adoc[]
diff --git a/openshift_images/using_images/using-s21-images.adoc b/openshift_images/using_images/using-s21-images.adoc
index 13807426c52f..4e4d3748ec3c 100644
--- a/openshift_images/using_images/using-s21-images.adoc
+++ b/openshift_images/using_images/using-s21-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-s21-images"]
 = Source-to-image
 include::_attributes/common-attributes.adoc[]
@@ -23,11 +23,11 @@ S2I images are available for you to use directly from the {product-title} web co
 
 . Log in to the {product-title} web console using your login credentials. The default view for the {product-title} web console is the *Administrator* perspective.
 . Use the perspective switcher to switch to the *Developer* perspective.
-. In the *+Add* view, select an existing project from the list or use the *Project* drop-down list to create a new project.
-. Choose *All services* under the tile *Developer Catalog*.
-. Select the Type *Builder Images* then can see the available S2I images.
+. In the *+Add* view, use the *Project* drop-down list to select an existing project or create a new project.
+. Click *All services* in the *Developer Catalog* tile.
+. Click *Builder Images* under *Type* to see the available S2I images.
 
-S2I images are also available though the xref:../../openshift_images/configuring-samples-operator.adoc#configuring-samples-operator[Configuring the Cluster Samples Operator].
+S2I images are also available though the xref:../../openshift_images/configuring-samples-operator.adoc#configuring-samples-operator[Cluster Samples Operator].
 
 include::modules/images-s2i-build-process-overview.adoc[leveloffset=+1]
 
@@ -35,8 +35,11 @@ include::modules/images-s2i-build-process-overview.adoc[leveloffset=+1]
 [id="additional-resources_using-s21-images"]
 == Additional resources
 
-* For instructions on using the Cluster Samples Operator, see the xref:../../openshift_images/configuring-samples-operator.adoc#configuring-samples-operator[Configuring the Cluster Samples Operator].
-* For more information on S2I builds, see the xref:../../cicd/builds/build-strategies.adoc#builds-strategy-s2i-build_build-strategies[builds strategy documentation on S2I builds].
-* For troubleshooting assistance for the S2I process, see xref:../../support/troubleshooting/troubleshooting-s2i.adoc#troubleshooting-s2i[Troubleshooting the Source-to-Image process].
-* For an overview of creating images with S2I, see xref:../../openshift_images/create-images.adoc#images-create-s2i_create-images[Creating images from source code with source-to-image].
-* For an overview of testing S2I images, see xref:../../openshift_images/create-images.adoc#images-test-s2i_create-images[About testing S2I images].
+* xref:../../openshift_images/configuring-samples-operator.adoc#configuring-samples-operator[Configuring the Cluster Samples Operator]
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref:../../cicd/builds/build-strategies.adoc#builds-strategy-s2i-build_build-strategies[Using build strategies]
+* xref:../../support/troubleshooting/troubleshooting-s2i.adoc#troubleshooting-s2i[Troubleshooting the Source-to-Image process]
+endif::openshift-rosa,openshift-dedicated[]
+* xref:../../openshift_images/create-images.adoc#images-create-s2i_create-images[Creating images from source code with source-to-image]
+* xref:../../openshift_images/create-images.adoc#images-test-s2i_create-images[About testing source-to-image images]
+* xref:../../openshift_images/create-images.adoc#images-create-s2i_create-images[Creating images from source code with source-to-image]
diff --git a/operators/admin/olm-adding-operators-to-cluster.adoc b/operators/admin/olm-adding-operators-to-cluster.adoc
index 2f9ca823a30d..a709be85d48f 100644
--- a/operators/admin/olm-adding-operators-to-cluster.adoc
+++ b/operators/admin/olm-adding-operators-to-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-adding-operators-to-a-cluster"]
 = Adding Operators to a cluster
 include::_attributes/common-attributes.adoc[]
@@ -9,7 +9,14 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Using Operator Lifecycle Manager (OLM), cluster administrators can install OLM-based Operators to an {product-title} cluster.
+Using Operator Lifecycle Manager (OLM),
+ifndef::openshift-dedicated,openshift-rosa[]
+cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+can install OLM-based Operators to an {product-title} cluster.
 
 [NOTE]
 ====
@@ -32,7 +39,7 @@ include::modules/olm-installing-operators-from-operatorhub.adoc[leveloffset=+1]
 * xref:../../operators/understanding/olm-understanding-operatorhub.adoc#olm-understanding-operatorhub[Understanding OperatorHub]
 
 include::modules/olm-installing-from-operatorhub-using-web-console.adoc[leveloffset=+1]
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
+ifdef::openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated,openshift-rosa[]
 include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -48,6 +55,8 @@ include::modules/olm-installing-specific-version-cli.adoc[leveloffset=+1]
 * xref:../../operators/admin/olm-upgrading-operators.adoc#olm-approving-pending-upgrade_olm-upgrading-operators[Manually approving a pending Operator update]
 * xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-global-namespaces_olm-adding-operators-to-a-cluster[Installing global Operators in custom namespaces]
 
+include::modules/olm-installing-specific-version-web-console.adoc[leveloffset=+1]
+
 include::modules/olm-preparing-multitenant-operators.adoc[leveloffset=+1]
 .Next steps
 
@@ -94,6 +103,8 @@ include::modules/olm-overriding-operator-pod-affinity.adoc[leveloffset=+1]
 .Additional resources
 
 * xref:../../nodes/scheduling/nodes-scheduler-pod-affinity.adoc#nodes-scheduler-pod-affinity-about_nodes-scheduler-pod-affinity[Understanding pod affinity]
-* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.html#nodes-scheduler-node-affinity-about_nodes-scheduler-node-affinity[Understanding node affinity]
-* xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes].
-
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity-about_nodes-scheduler-node-affinity[Understanding node affinity]
+// This xref points to a topic not currently included in the OSD and ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
+* xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-updating_nodes-nodes-working[Understanding how to update labels on nodes]
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/admin/olm-config.adoc b/operators/admin/olm-config.adoc
index 962fefb4f10e..1371f053fa25 100644
--- a/operators/admin/olm-config.adoc
+++ b/operators/admin/olm-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-config"]
 = Configuring Operator Lifecycle Manager features
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/admin/olm-configuring-proxy-support.adoc b/operators/admin/olm-configuring-proxy-support.adoc
index 1fe8d17df5ca..85e18486e04e 100644
--- a/operators/admin/olm-configuring-proxy-support.adoc
+++ b/operators/admin/olm-configuring-proxy-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-configuring-proxy-support"]
 = Configuring proxy support in Operator Lifecycle Manager
 include::_attributes/common-attributes.adoc[]
@@ -11,8 +11,19 @@ If a global proxy is configured on the {product-title} cluster, Operator Lifecyc
 [role="_additional-resources"]
 .Additional resources
 
+// Configuring the cluster-wide proxy is a different topic in OSD/ROSA.
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[Configuring the cluster-wide proxy]
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* xref:../../networking/configuring-cluster-wide-proxy.adoc[Configuring a cluster-wide proxy]
+endif::openshift-dedicated,openshift-rosa[]
+
+// This xref points to a topic that is not currently included in the OSD and ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../networking/configuring-a-custom-pki.adoc#configuring-a-custom-pki[Configuring a custom PKI] (custom CA certificate)
+endif::openshift-dedicated,openshift-rosa[]
+
 * Developing Operators that support proxy settings for xref:../../operators/operator_sdk/golang/osdk-golang-tutorial.adoc#osdk-run-proxy_osdk-golang-tutorial[Go], xref:../../operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc#osdk-run-proxy_osdk-ansible-tutorial[Ansible], and xref:../../operators/operator_sdk/helm/osdk-helm-tutorial.adoc#osdk-run-proxy_osdk-helm-tutorial[Helm]
 
 
diff --git a/operators/admin/olm-creating-policy.adoc b/operators/admin/olm-creating-policy.adoc
index b8eeb63ad9bc..2fdf5b2b1df1 100644
--- a/operators/admin/olm-creating-policy.adoc
+++ b/operators/admin/olm-creating-policy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-creating-policy"]
 = Allowing non-cluster administrators to install Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/admin/olm-cs-podsched.adoc b/operators/admin/olm-cs-podsched.adoc
index 1fb9f240c3fd..c15139de4ae5 100644
--- a/operators/admin/olm-cs-podsched.adoc
+++ b/operators/admin/olm-cs-podsched.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-cs-podsched"]
 = Catalog source pod scheduling
 include::_attributes/common-attributes.adoc[]
@@ -6,34 +6,54 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-When an Operator Lifecycle Manager (OLM) catalog source of source type `grpc` defines a `spec.image`, the Catalog Operator creates a pod that serves the defined image content. By default, this pod defines the following in its spec:
+When an Operator Lifecycle Manager (OLM) catalog source of source type `grpc` defines a `spec.image`, the Catalog Operator creates a pod that serves the defined image content. By default, this pod defines the following in its specification:
 
-* Only the `kubernetes.io/os=linux` node selector
-* No priority class name
-* No tolerations
+* Only the `kubernetes.io/os=linux` node selector.
+* The default priority class name: `system-cluster-critical`.
+* No tolerations.
 
 As an administrator, you can override these values by modifying fields in the `CatalogSource` object's optional `spec.grpcPodConfig` section.
 
+[IMPORTANT]
+====
+The Marketplace Operator, `openshift-marketplace`, manages the default `OperatorHub` custom resource's (CR). This CR manages `CatalogSource` objects. If you attempt to modify fields in the `CatalogSource` object’s `spec.grpcPodConfig` section, the Marketplace Operator automatically reverts these modifications.By default, if you modify fields in the `spec.grpcPodConfig` section of the   `CatalogSource` object, the Marketplace Operator automatically reverts these changes.
+
+To apply persistent changes to `CatalogSource` object, you must first disable a default `CatalogSource` object.
+====
+
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource_olm-understanding-olm[OLM concepts and resources -> Catalog source]
 
+include::modules/disabling-catalogsource-objects.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/understanding/olm-understanding-operatorhub.adoc#olm-operatorhub-arch-operatorhub_crd_olm-understanding-operatorhub[OperatorHub custom resource]
+
+ifndef::openshift-dedicated,openshift-rosa[]
+* xref:../../operators/admin/olm-restricted-networks.html#olm-restricted-networks-operatorhub_olm-restricted-networks[Disabling the default OperatorHub catalog sources]
+endif::openshift-dedicated,openshift-rosa[]
+
 include::modules/olm-node-selector.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
 
 include::modules/olm-priority-class-name.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../nodes/pods/nodes-pods-priority.adoc#admin-guide-priority-preemption-priority-class_nodes-pods-priority[Pod priority classes]
 
 include::modules/olm-tolerations.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-about_nodes-scheduler-taints-tolerations[Understanding taints and tolerations]
-
diff --git a/operators/admin/olm-deleting-operators-from-cluster.adoc b/operators/admin/olm-deleting-operators-from-cluster.adoc
index d87cf7f5de06..cfb8c4a7923e 100644
--- a/operators/admin/olm-deleting-operators-from-cluster.adoc
+++ b/operators/admin/olm-deleting-operators-from-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-deleting-operators-from-a-cluster"]
 = Deleting Operators from a cluster
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,11 @@ The following describes how to delete, or uninstall, Operators that were previou
 
 [IMPORTANT]
 ====
-You must successfully and completely uninstall an Operator prior to attempting to reinstall the same Operator. Failure to fully uninstall the Operator properly can leave resources, such as a project or namespace, stuck in a "Terminating" state and cause "error resolving resource" messages to be observed when trying to reinstall the Operator. For more information, see xref:../../support/troubleshooting/troubleshooting-operator-issues.adoc#olm-reinstall_troubleshooting-operator-issues[Reinstalling Operators after failed uninstallation].
+You must successfully and completely uninstall an Operator prior to attempting to reinstall the same Operator. Failure to fully uninstall the Operator properly can leave resources, such as a project or namespace, stuck in a "Terminating" state and cause "error resolving resource" messages to be observed when trying to reinstall the Operator.
+
+ifndef::openshift-dedicated,openshift-rosa[]
+For more information, see xref:../../operators/admin/olm-troubleshooting-operator-issues.adoc#olm-reinstall_olm-troubleshooting-operator-issues[Reinstalling Operators after failed uninstallation].
+endif::openshift-dedicated,openshift-rosa[]
 ====
 
 include::modules/olm-deleting-operators-from-a-cluster-using-web-console.adoc[leveloffset=+1]
diff --git a/operators/admin/olm-managing-custom-catalogs.adoc b/operators/admin/olm-managing-custom-catalogs.adoc
index a9cce3c4ab2a..33f6a203fc13 100644
--- a/operators/admin/olm-managing-custom-catalogs.adoc
+++ b/operators/admin/olm-managing-custom-catalogs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-managing-custom-catalogs"]
 = Managing custom catalogs
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,13 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Cluster administrators and Operator catalog maintainers can create and manage custom catalogs packaged using the xref:../../operators/understanding/olm-packaging-format.adoc#olm-bundle-format_olm-packaging-format[bundle format] on Operator Lifecycle Manager (OLM) in {product-title}.
+ifndef::openshift-dedicated,openshift-rosa[]
+Cluster administrators
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Administrators with the `dedicated-admin` role
+endif::openshift-dedicated,openshift-rosa[]
+and Operator catalog maintainers can create and manage custom catalogs packaged using the xref:../../operators/understanding/olm-packaging-format.adoc#olm-bundle-format_olm-packaging-format[bundle format] on Operator Lifecycle Manager (OLM) in {product-title}.
 
 [IMPORTANT]
 ====
@@ -23,7 +29,7 @@ If your cluster is using custom catalogs, see xref:../../operators/operator_sdk/
 [id="olm-managing-custom-catalogs-bundle-format-prereqs"]
 == Prerequisites
 
-* Install the xref:../../cli_reference/opm/cli-opm-install.adoc#cli-opm-install[`opm` CLI].
+* You have installed the xref:../../cli_reference/opm/cli-opm-install.adoc#cli-opm-install[`opm` CLI].
 
 [id="olm-managing-custom-catalogs-fb"]
 == File-based catalogs
@@ -36,7 +42,13 @@ As of {product-title} 4.11, the default Red Hat-provided Operator catalog releas
 
 The `opm` subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
 
-Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format. For more information about working with file-based catalogs, see xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format] and xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format.
+ifndef::openshift-dedicated,openshift-rosa[]
+For more information about working with file-based catalogs, see xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format] and xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+For more information about working with file-based catalogs, see xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format].
+endif::openshift-dedicated,openshift-rosa[]
 ====
 
 include::modules/olm-creating-fb-catalog-image.adoc[leveloffset=+2]
@@ -46,11 +58,13 @@ include::modules/olm-creating-fb-catalog-image.adoc[leveloffset=+2]
 * xref:../../cli_reference/opm/cli-opm-ref.adoc#cli-opm-ref[`opm` CLI reference]
 
 include::modules/olm-filtering-fbc.adoc[leveloffset=+2]
+ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#updating-mirror-registry-content[Mirroring images for a disconnected installation using the oc-mirror plugin -> Keeping your mirror registry content updated]
 * xref:../../operators/admin/olm-restricted-networks.adoc#olm-creating-catalog-from-index_olm-restricted-networks[Adding a catalog source to a cluster]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="olm-managing-custom-catalogs-sqlite"]
 == SQLite-based catalogs
@@ -85,9 +99,14 @@ include::modules/olm-creating-catalog-from-index.adoc[leveloffset=+1]
 .Additional resources
 
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource_olm-understanding-olm[Operator Lifecycle Manager concepts and resources -> Catalog source]
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries]
+// This xref may be relevant to OSD/ROSA, but the topic is not currently included in the OSD and ROSA docs.
 * xref:../../openshift_images/managing_images/image-pull-policy.adoc#image-pull-policy[Image pull policy]
+endif::openshift-dedicated,openshift-rosa[]
 
+// Exclude from OSD/ROSA - dedicated-admins can't create the necessary secrets to do this procedure.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/olm-accessing-images-private-registries.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -96,6 +115,17 @@ include::modules/olm-accessing-images-private-registries.adoc[leveloffset=+1]
 * See xref:../../cicd/builds/creating-build-inputs.adoc#builds-secrets-overview_creating-build-inputs[What is a secret?] for more information on the types of secrets, including those used for registry credentials.
 * See xref:../../openshift_images/managing_images/using-image-pull-secrets.adoc#images-update-global-pull-secret_using-image-pull-secrets[Updating the global cluster pull secret] for more details on the impact of changing this secret.
 * See xref:../../openshift_images/managing_images/using-image-pull-secrets.adoc#images-allow-pods-to-reference-images-from-secure-registries_using-image-pull-secrets[Allowing pods to reference images from other secured registries] for more details on linking pull secrets to service accounts per namespace.
+endif::openshift-dedicated,openshift-rosa[]
 
+// Exclude from OSD/ROSA - dedicated-admins can't do this procedure.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
+
+// Removing custom catalogs can be done as a dedicated-admin, but the steps are different.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/olm-removing-catalogs.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+include::modules/sd-olm-removing-catalogs.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
\ No newline at end of file
diff --git a/operators/admin/olm-managing-operatorconditions.adoc b/operators/admin/olm-managing-operatorconditions.adoc
index 18c117ab5df0..1079c2d2f6d4 100644
--- a/operators/admin/olm-managing-operatorconditions.adoc
+++ b/operators/admin/olm-managing-operatorconditions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-managing-operatorconditions"]
 = Managing Operator conditions
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 As a cluster administrator, you can manage Operator conditions by using Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role, you can manage Operator conditions by using Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/olm-overriding-operatorconditions.adoc[leveloffset=+1]
 include::modules/olm-updating-use-operatorconditions.adoc[leveloffset=+1]
diff --git a/operators/admin/olm-managing-po.adoc b/operators/admin/olm-managing-po.adoc
index 3b12f6fbc564..a9f17134d25c 100644
--- a/operators/admin/olm-managing-po.adoc
+++ b/operators/admin/olm-managing-po.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-managing-po"]
 = Managing platform Operators (Technology Preview)
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/admin/olm-restricted-networks.adoc b/operators/admin/olm-restricted-networks.adoc
index 469293c98846..812bb9716344 100644
--- a/operators/admin/olm-restricted-networks.adoc
+++ b/operators/admin/olm-restricted-networks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-restricted-networks"]
 = Using Operator Lifecycle Manager on restricted networks
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-For {product-title} clusters that are installed on restricted networks, also known as _disconnected clusters_, Operator Lifecycle Manager (OLM) by default cannot access the Red Hat-provided OperatorHub sources hosted on remote registries because those remote sources require full internet connectivity.
+For {product-title} clusters that are installed on restricted networks, also known as _disconnected clusters_, Operator Lifecycle Manager (OLM) by default cannot access the Red{nbsp}Hat-provided OperatorHub sources hosted on remote registries because those remote sources require full internet connectivity.
 
 However, as a cluster administrator you can still enable your cluster to use OLM in a restricted network if you have a workstation that has full internet access. The workstation, which requires full internet access to pull the remote OperatorHub content, is used to prepare local mirrors of the remote sources, and push the content to a mirror registry.
 
@@ -27,7 +27,7 @@ While OLM can manage Operators from local sources, the ability for a given Opera
 * List any related images, or other container images that the Operator might require to perform their functions, in the `relatedImages` parameter of its `ClusterServiceVersion` (CSV) object.
 * Reference all specified images by a digest (SHA) and not by a tag.
 
-You can search software on the link:https://catalog.redhat.com/software/search?p=1&deployed_as=Operator&type=Containerized%20application&badges_and_features=Disconnected[Red Hat Ecosystem Catalog] for a list of Red Hat Operators that support running in disconnected mode by filtering with the following selections:
+You can search software on the link:https://catalog.redhat.com/software/search?p=1&deployed_as=Operator&type=Containerized%20application&badges_and_features=Disconnected[Red{nbsp}Hat Ecosystem Catalog] for a list of Red{nbsp}Hat Operators that support running in disconnected mode by filtering with the following selections:
 
 [horizontal]
 Type:: Containerized application
@@ -38,7 +38,7 @@ Infrastructure features:: Disconnected
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../operators/understanding/olm-rh-catalogs.adoc#olm-rh-catalogs[Red Hat-provided Operator catalogs]
+* xref:../../operators/understanding/olm-rh-catalogs.adoc#olm-rh-catalogs[Red{nbsp}Hat-provided Operator catalogs]
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments]
 
 [id="olm-restricted-network-prereqs"]
@@ -48,7 +48,7 @@ Infrastructure features:: Disconnected
 
 [NOTE]
 ====
-If you are using OLM in a restricted network on {ibmzProductName}, you must have at least 12 GB allocated to the directory where you place your registry.
+If you are using OLM in a restricted network on {ibm-z-name}, you must have at least 12 GB allocated to the directory where you place your registry.
 ====
 
 include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
@@ -60,7 +60,7 @@ For instructions about mirroring Operator catalogs for use with disconnected clu
 
 [IMPORTANT]
 ====
-As of {product-title} 4.11, the default Red Hat-provided Operator catalog releases in the file-based catalog format. The default Red Hat-provided Operator catalogs for {product-title} 4.6 through 4.10 released in the deprecated SQLite database format.
+As of {product-title} 4.11, the default Red{nbsp}Hat-provided Operator catalog releases in the file-based catalog format. The default Red{nbsp}Hat-provided Operator catalogs for {product-title} 4.6 through 4.10 released in the deprecated SQLite database format.
 
 The `opm` subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
 
@@ -74,4 +74,9 @@ include::modules/olm-creating-catalog-from-index.adoc[leveloffset=+1]
 
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries]
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource-image-template_olm-understanding-olm[Image template for custom catalog sources]
-* xref:../../openshift_images/managing_images/image-pull-policy.adoc#image-pull-policy[Image pull policy]
\ No newline at end of file
+* xref:../../openshift_images/managing_images/image-pull-policy.adoc#image-pull-policy[Image pull policy]
+
+[id="next-steps_olm-restricted-networks"]
+== Next steps
+
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
\ No newline at end of file
diff --git a/operators/admin/olm-status.adoc b/operators/admin/olm-status.adoc
index 10ccfd0bc152..ee437f105c29 100644
--- a/operators/admin/olm-status.adoc
+++ b/operators/admin/olm-status.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-status"]
 = Viewing Operator status
 include::_attributes/common-attributes.adoc[]
@@ -23,4 +23,6 @@ include::modules/olm-cs-status-cli.adoc[leveloffset=+1]
 
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource_olm-understanding-olm[Operator Lifecycle Manager concepts and resources -> Catalog source]
 * gRPC documentation: link:https://grpc.github.io/grpc/core/md_doc_connectivity-semantics-and-api.html[States of Connectivity]
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries]
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/admin/olm-troubleshooting-operator-issues.adoc b/operators/admin/olm-troubleshooting-operator-issues.adoc
new file mode 100644
index 000000000000..3ae7b624e775
--- /dev/null
+++ b/operators/admin/olm-troubleshooting-operator-issues.adoc
@@ -0,0 +1,69 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olm-troubleshooting-operator-issues"]
+= Troubleshooting Operator issues
+include::_attributes/common-attributes.adoc[]
+:context: olm-troubleshooting-operator-issues
+
+// This assembly is a duplicate of support/troubleshooting-operator-issues.adoc. Most of the intro text is unnecessary in this context and has been removed.
+
+toc::[]
+
+If you experience Operator issues, verify Operator subscription status. Check Operator pod health across the cluster and gather Operator logs for diagnosis.
+
+// Operator subscription condition types
+include::modules/olm-status-conditions.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-cs-health_olm-understanding-olm[Catalog health requirements]
+
+// Viewing Operator subscription status by using the CLI
+include::modules/olm-status-viewing-cli.adoc[leveloffset=+1]
+
+// Viewing Operator catalog source status by using the CLI
+include::modules/olm-cs-status-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource_olm-understanding-olm[Operator Lifecycle Manager concepts and resources -> Catalog source]
+endif::openshift-rosa,openshift-dedicated[]
+* gRPC documentation: link:https://grpc.github.io/grpc/core/md_doc_connectivity-semantics-and-api.html[States of Connectivity]
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries]
+endif::openshift-rosa,openshift-dedicated[]
+
+// Querying Operator Pod status
+include::modules/querying-operator-pod-status.adoc[leveloffset=+1]
+
+// Gathering Operator logs
+include::modules/gathering-operator-logs.adoc[leveloffset=+1]
+
+// cannot patch resource "machineconfigpools"
+ifndef::openshift-rosa,openshift-dedicated[]
+// Disabling Machine Config Operator from autorebooting
+include::modules/troubleshooting-disabling-autoreboot-mco.adoc[leveloffset=+1]
+include::modules/troubleshooting-disabling-autoreboot-mco-console.adoc[leveloffset=+2]
+include::modules/troubleshooting-disabling-autoreboot-mco-cli.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
+
+// Refreshing failing subscriptions
+// OSD/ROSA cannot delete resource "clusterserviceversions", "jobs" in API group "operators.coreos.com" in the namespace "openshift-apiserver"
+ifndef::openshift-rosa,openshift-dedicated[]
+include::modules/olm-refresh-subs.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+// Reinstalling Operators after failed uninstallation
+// OSD/ROSA gitcannot delete resource "customresourcedefinitions"
+ifndef::openshift-rosa,openshift-dedicated[]
+include::modules/olm-reinstall.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+ifndef::openshift-rosa,openshift-dedicated[]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster]
+* xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-adding-operators-to-a-cluster[Adding Operators to a cluster]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/operators/admin/olm-upgrading-operators.adoc b/operators/admin/olm-upgrading-operators.adoc
index de18faa44905..b3ffdbd5fcd5 100644
--- a/operators/admin/olm-upgrading-operators.adoc
+++ b/operators/admin/olm-upgrading-operators.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-upgrading-operators"]
 = Updating installed Operators
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,14 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-As a cluster administrator, you can update Operators that have been previously installed using Operator Lifecycle Manager (OLM) on your {product-title} cluster.
+As
+ifndef::openshift-dedicated,openshift-rosa[]
+a cluster administrator,
+endif::[]
+ifdef::openshift-dedicated,openshift-rosa[]
+an administrator with the `dedicated-admin` role,
+endif::[]
+you can update Operators that have been previously installed using Operator Lifecycle Manager (OLM) on your {product-title} cluster.
 
 [NOTE]
 ====
@@ -16,3 +23,11 @@ For information on how OLM handles updates for installed Operators colocated in
 include::modules/olm-preparing-upgrade.adoc[leveloffset=+1]
 include::modules/olm-changing-update-channel.adoc[leveloffset=+1]
 include::modules/olm-approving-pending-upgrade.adoc[leveloffset=+1]
+
+ifndef::openshift-dedicated,openshift-rosa[]
+[role="_additional-resources"]
+[id="additional-resources_olm-upgrading-operators"]
+== Additional resources
+
+* xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]
+endif::openshift-dedicated,openshift-rosa[]
\ No newline at end of file
diff --git a/operators/index.adoc b/operators/index.adoc
index ddbd10161e2d..facd291c5081 100644
--- a/operators/index.adoc
+++ b/operators/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operators-overview"]
 = Operators overview
 include::_attributes/common-attributes.adoc[]
@@ -8,9 +8,21 @@ toc::[]
 
 include::modules/operators-overview.adoc[leveloffset=+1]
 
-With Operators, you can create applications to monitor the running services in the cluster.
-Operators are designed specifically for your applications. Operators implement and automate the common Day 1 operations such as installation and configuration as well as Day 2 operations such as autoscaling up and down and creating backups. All these activities are in a piece of software running inside your cluster.
+With Operators, you can create applications to monitor the running services in the cluster. Operators are designed specifically for your applications. Operators implement and automate the common Day 1 operations such as installation and configuration as well as Day 2 operations such as autoscaling up and down and creating backups. All these activities are in a piece of software running inside your cluster.
 
+// Include Cluster Operators and Add-on Operators for OSD/ROSA. These modules are in architecture/control-place.adoc, but this assembly is not currently included in the OSD/ROSA docs.
+ifdef::openshift-dedicated,openshift-rosa[]
+
+== Operators in {product-title}
+include::modules/arch-cluster-operators.adoc[leveloffset=+2]
+
+include::modules/arch-olm-operators.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* For more details on running add-on Operators in {product-title}, see the _Operators_ guide sections on xref:../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[Operator Lifecycle Manager (OLM)] and xref:../operators/understanding/olm-understanding-operatorhub.adoc#olm-understanding-operatorhub[OperatorHub].
+* For more details on the Operator SDK, see xref:../operators/operator_sdk/osdk-about.adoc#osdk-about[Developing Operators].
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="operators-overview-developer-tasks"]
 == For developers
@@ -18,31 +30,58 @@ Operators are designed specifically for your applications. Operators implement a
 As a developer, you can perform the following Operator tasks:
 
 ** xref:../operators/operator_sdk/osdk-installing-cli.adoc#osdk-installing-cli[Install Operator SDK CLI].
+// The Operator quickstarts aren't published for OSD/ROSA, so for OSD/ROSA, these xrefs point to the tutorials instead.
+ifndef::openshift-dedicated,openshift-rosa[]
 ** Create xref:../operators/operator_sdk/golang/osdk-golang-quickstart.adoc#osdk-golang-quickstart[Go-based Operators], xref:../operators/operator_sdk/ansible/osdk-ansible-quickstart.adoc#osdk-ansible-quickstart[Ansible-based Operators], xref:../operators/operator_sdk/java/osdk-java-quickstart.adoc#osdk-java-quickstart[Java-based Operators], and xref:../operators/operator_sdk/helm/osdk-helm-quickstart.adoc#osdk-helm-quickstart[Helm-based Operators].
-** xref:../operators/operator_sdk/osdk-about.adoc#osdk-about[Use Operator SDK to build,test, and deploy an Operator].
+endif::openshift-dedicated,openshift-rosa[]
+// TODO: When the Java-based Operators is GA, it can be added to the list below for OSD/ROSA.
+ifdef::openshift-dedicated,openshift-rosa[]
+** Create xref:../operators/operator_sdk/golang/osdk-golang-tutorial.adoc#osdk-golang-tutorial[Go-based Operators], xref:../operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc#osdk-ansible-tutorial[Ansible-based Operators], and xref:../operators/operator_sdk/helm/osdk-helm-tutorial.adoc#osdk-helm-tutorial[Helm-based Operators].
+endif::openshift-dedicated,openshift-rosa[]
+** xref:../operators/operator_sdk/osdk-about.adoc#osdk-about[Use Operator SDK to build, test, and deploy an Operator].
+ifndef::openshift-dedicated,openshift-rosa[]
 ** xref:../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Install and subscribe an Operator to your namespace].
+endif::openshift-dedicated,openshift-rosa[]
 ** xref:../operators/user/olm-creating-apps-from-installed-operators.adoc#olm-creating-apps-from-installed-operators[Create an application from an installed Operator through the web console].
 
+// This xref could be relevant for OSD/ROSA, but the target doesn't currently exist in the OSD/ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 .Additional resources
 * xref:../machine_management/deleting-machine.adoc#machine-lifecycle-hook-deletion-uses_deleting-machine[Machine deletion lifecycle hook examples for Operator developers]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="operators-overview-administrator-tasks"]
 == For administrators
 
+ifndef::openshift-dedicated,openshift-rosa[]
 As a cluster administrator, you can perform the following Operator tasks:
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+As an administrator with the `dedicated-admin` role, you can perform the following Operator tasks:
+endif::openshift-dedicated,openshift-rosa[]
 
-** xref:../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Manage custom catalogs]
-** xref:../operators/admin/olm-creating-policy.adoc#olm-creating-policy[Allow non-cluster administrators to install Operators]
-** xref:../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Install an Operator from OperatorHub]
+** xref:../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Manage custom catalogs].
+ifndef::openshift-dedicated,openshift-rosa[]
+** xref:../operators/admin/olm-creating-policy.adoc#olm-creating-policy[Allow non-cluster administrators to install Operators].
+endif::openshift-dedicated,openshift-rosa[]
+ifndef::openshift-dedicated,openshift-rosa[]
+** xref:../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Install an Operator from OperatorHub].
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+** xref:../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-operators-from-operatorhub_olm-adding-operators-to-a-cluster[Install an Operator from OperatorHub].
+endif::openshift-dedicated,openshift-rosa[]
 ** xref:../operators/admin/olm-status.adoc#olm-status[View Operator status].
-** xref:../operators/admin/olm-managing-operatorconditions.adoc#olm-managing-operatorconditions[Manage Operator conditions]
-** xref:../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Upgrade installed Operators]
-** xref:../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Delete installed Operators]
-** xref:../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[Configure proxy support]
-** xref:../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Use Operator Lifecycle Manager on restricted networks]
+** xref:../operators/admin/olm-managing-operatorconditions.adoc#olm-managing-operatorconditions[Manage Operator conditions].
+** xref:../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Upgrade installed Operators].
+** xref:../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Delete installed Operators].
+** xref:../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[Configure proxy support].
+ifndef::openshift-dedicated,openshift-rosa[]
+** xref:../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Use Operator Lifecycle Manager on restricted networks].
 
 To know all about the cluster Operators that Red Hat provides, see xref:../operators/operator-reference.adoc#cluster-operators-ref[Cluster Operators reference].
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="operators-overview-next-steps"]
 == Next steps
diff --git a/operators/olm_v1/_attributes b/operators/olm_v1/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/operators/olm_v1/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/operators/olm_v1/arch/_attributes b/operators/olm_v1/arch/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/operators/olm_v1/arch/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/operators/olm_v1/arch/images b/operators/olm_v1/arch/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/operators/olm_v1/arch/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/operators/olm_v1/arch/modules b/operators/olm_v1/arch/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/operators/olm_v1/arch/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/operators/olm_v1/arch/olmv1-catalogd.adoc b/operators/olm_v1/arch/olmv1-catalogd.adoc
new file mode 100644
index 000000000000..8d9667c3285d
--- /dev/null
+++ b/operators/olm_v1/arch/olmv1-catalogd.adoc
@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olmv1-catalogd"]
+= Catalogd (Technology Preview)
+include::_attributes/common-attributes.adoc[]
+:context: olmv1-catalogd
+
+toc::[]
+
+{olmv1-first} uses the catalogd component and its resources to manage Operator and extension catalogs.
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+include::modules/olmv1-about-catalogs.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[File-based catalogs]
+
+include::modules/olmv1-red-hat-catalogs.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-adding-a-catalog-to-a-cluster_olmv1-installing-operator[Adding a catalog to a cluster]
+* xref:../../../operators/understanding/olm-rh-catalogs.adoc#olm-rh-catalogs_olm-rh-catalogs[About Red Hat-provided Operator catalogs]
\ No newline at end of file
diff --git a/operators/olm_v1/arch/olmv1-components.adoc b/operators/olm_v1/arch/olmv1-components.adoc
new file mode 100644
index 000000000000..dab015326d2a
--- /dev/null
+++ b/operators/olm_v1/arch/olmv1-components.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="olmv1-components"]
+= {olmv1} components overview (Technology Preview)
+:context: olmv1-components
+
+toc::[]
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+{olmv1-first} comprises the following component projects:
+
+Operator Controller:: xref:../../../operators/olm_v1/arch/olmv1-operator-controller.adoc#olmv1-operator-controller[Operator Controller] is the central component of {olmv1} that extends Kubernetes with an API through which users can install and manage the lifecycle of Operators and extensions. It consumes information from each of the following components.
+
+RukPak:: xref:../../../operators/olm_v1/arch/olmv1-rukpak.adoc#olmv1-rukpak[RukPak] is a pluggable solution for packaging and distributing cloud-native content. It supports advanced strategies for installation, updates, and policy.
++
+RukPak provides a content ecosystem for installing a variety of artifacts on a Kubernetes cluster. Artifact examples include Git repositories, Helm charts, and OLM bundles. RukPak can then manage, scale, and upgrade these artifacts in a safe way to enable powerful cluster extensions.
+
+Catalogd:: xref:../../../operators/olm_v1/arch/olmv1-catalogd.adoc#olmv1-catalogd[Catalogd] is a Kubernetes extension that unpacks file-based catalog (FBC) content packaged and shipped in container images for consumption by on-cluster clients. As a component of the {olmv1} microservices architecture, catalogd hosts metadata for Kubernetes extensions packaged by the authors of the extensions, and as a result helps users discover installable content.
\ No newline at end of file
diff --git a/operators/olm_v1/arch/olmv1-dependency.adoc b/operators/olm_v1/arch/olmv1-dependency.adoc
new file mode 100644
index 000000000000..d22382ba7bf6
--- /dev/null
+++ b/operators/olm_v1/arch/olmv1-dependency.adoc
@@ -0,0 +1,14 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olmv1-dependency"]
+= Dependency resolution in {olmv1} (Technology Preview)
+include::_attributes/common-attributes.adoc[]
+:context: olmv1-dependency
+
+toc::[]
+
+{olmv1-first} uses a dependency manager for resolving constraints over catalogs of RukPak bundles.
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+include::modules/olmv1-dependency-concepts.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/operators/olm_v1/arch/olmv1-operator-controller.adoc b/operators/olm_v1/arch/olmv1-operator-controller.adoc
new file mode 100644
index 000000000000..eaef47c665c3
--- /dev/null
+++ b/operators/olm_v1/arch/olmv1-operator-controller.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olmv1-operator-controller"]
+= Operator Controller (Technology Preview)
+include::_attributes/common-attributes.adoc[]
+:context: olmv1-operator-controller
+
+toc::[]
+
+Operator Controller is the central component of {olmv1-first} and consumes the other {olmv1} components, RukPak and catalogd. It extends Kubernetes with an API through which users can install Operators and extensions.
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+include::modules/olmv1-operator-api.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../operators/understanding/olm/olm-colocation.adoc#olm-colocation[Operator Lifecycle Manager (OLM) -> Multitenancy and Operator colocation]
+
+include::modules/olmv1-about-target-versions.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/operators/olm_v1/arch/olmv1-rukpak.adoc b/operators/olm_v1/arch/olmv1-rukpak.adoc
new file mode 100644
index 000000000000..bc455af6a68a
--- /dev/null
+++ b/operators/olm_v1/arch/olmv1-rukpak.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olmv1-rukpak"]
+= Rukpak (Technology Preview)
+include::_attributes/common-attributes.adoc[]
+:context: olmv1-rukpak
+
+toc::[]
+
+{olmv1-first} uses the RukPak component and its resources to manage cloud-native content.
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+include::modules/olm-rukpak-about.adoc[leveloffset=+1]
+include::modules/olm-rukpak-provisioner.adoc[leveloffset=+1]
+
+include::modules/olm-rukpak-bundle.adoc[leveloffset=+1]
+include::modules/olm-rukpak-bundle-immutability.adoc[leveloffset=+2]
+include::modules/olm-rukpak-plain-bundle.adoc[leveloffset=+2]
+include::modules/olm-rukpak-registry-bundle.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../operators/understanding/olm-packaging-format.adoc#olm-bundle-format_olm-packaging-format[Legacy OLM bundle format]
+
+include::modules/olm-rukpak-bd.adoc[leveloffset=+1]
diff --git a/operators/olm_v1/arch/snippets b/operators/olm_v1/arch/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/operators/olm_v1/arch/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/operators/olm_v1/images b/operators/olm_v1/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/operators/olm_v1/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/operators/olm_v1/index.adoc b/operators/olm_v1/index.adoc
new file mode 100644
index 000000000000..b57a37841ac7
--- /dev/null
+++ b/operators/olm_v1/index.adoc
@@ -0,0 +1,39 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olmv1-about"]
+= About Operator Lifecycle Manager 1.0 (Technology Preview)
+include::_attributes/common-attributes.adoc[]
+:context: olmv1-about
+
+toc::[]
+
+Operator Lifecycle Manager (OLM) has been included with {product-title} 4 since its initial release. {product-title} 4.14 introduces components for a next-generation iteration of OLM as a Technology Preview feature, known during this phase as _{olmv1}_. This updated framework evolves many of the concepts that have been part of previous versions of OLM and adds new capabilities.
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+During this Technology Preview phase of {olmv1} in {product-title} 4.14, administrators can explore the following features:
+
+Fully declarative model that supports GitOps workflows::
+{olmv1} simplifies Operator management through two key APIs:
++
+--
+* A new `Operator` API, provided as `operator.operators.operatorframework.io` by the new Operator Controller component, streamlines management of installed Operators by consolidating user-facing APIs into a single object. This empowers administrators and SREs to automate processes and define desired states by using GitOps principles.
+* The `Catalog` API, provided by the new catalogd component, serves as the foundation for {olmv1}, unpacking catalogs for on-cluster clients so that users can discover installable content, such as Operators and Kubernetes extensions. This provides increased visibility into all available Operator bundle versions, including their details, channels, and update edges.
+--
++
+For more information, see xref:../../operators/olm_v1/arch/olmv1-operator-controller.adoc#olmv1-operator-controller[Operator Controller] and xref:../../operators/olm_v1/arch/olmv1-catalogd.adoc#olmv1-catalogd[Catalogd].
+
+Improved control over Operator updates::
+With improved insight into catalog content, administrators can specify target versions for installation and updates. This grants administrators more control over the target version of Operator updates. For more information, see xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-updating-an-operator_olmv1-installing-operator[Updating an Operator].
+
+Flexible Operator packaging format::
+Administrators can use file-based catalogs to install and manage the following types of content:
++
+--
+* OLM-based Operators, similar to the existing OLM experience
+* _Plain bundles_, which are static collections of arbitrary Kubernetes manifests
+--
++
+In addition, bundle size is no longer constrained by the etcd value size limit. For more information, see xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-installing-an-operator-from-a-catalog[Installing an Operator from a catalog] and xref:../../operators/olm_v1/olmv1-managing-plain-bundles.adoc#olmv1-managing-plain-bundles[Managing plain bundles].
+
+include::modules/olmv1-about-purpose.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/operators/olm_v1/modules b/operators/olm_v1/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/operators/olm_v1/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc b/operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
new file mode 100644
index 000000000000..3e2cbdc33a17
--- /dev/null
+++ b/operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
@@ -0,0 +1,76 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olmv1-installing-an-operator-from-a-catalog"]
+= Installing an Operator from a catalog in {olmv1} (Technology Preview)
+include::_attributes/common-attributes.adoc[]
+:context: olmv1-installing-operator
+
+toc::[]
+
+Cluster administrators can add _catalogs_, or curated collections of Operators and Kubernetes extensions, to their clusters. Operator authors publish their products to these catalogs. When you add a catalog to your cluster, you have access to the versions, patches, and over-the-air updates of the Operators and extensions that are published to the catalog.
+
+In the current Technology Preview release of {olmv1-first}, you manage catalogs and Operators declaratively from the CLI using custom resources (CRs).
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+[id="prerequisites_olmv1-installing-an-operator-from-a-catalog"]
+== Prerequisites
+
+* Access to an {product-title} cluster using an account with `cluster-admin` permissions
++
+--
+include::snippets/olmv1-cli-only.adoc[]
+--
+* The `TechPreviewNoUpgrades` feature set enabled on the cluster
++
+[WARNING]
+====
+Enabling the `TechPreviewNoUpgrade` feature set cannot be undone and prevents minor version updates. These feature sets are not recommended on production clusters.
+====
+* The OpenShift CLI (`oc`) installed on your workstation
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates]
+
+include::modules/olmv1-about-catalogs.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[File-based catalogs]
+
+include::modules/olmv1-red-hat-catalogs.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-creating-a-pull-secret-for-catalogs-secure-registry_olmv1-installing-operator[Creating a pull secret for catalogs hosted on a secure registry]
+* xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-adding-a-catalog-to-a-cluster_olmv1-installing-operator[Adding a catalog to a cluster]
+* xref:../../operators/understanding/olm-rh-catalogs.adoc#olm-rh-catalogs_olm-rh-catalogs[About Red Hat-provided Operator catalogs]
+
+include::modules/olmv1-creating-a-pull-secret-for-catalogd.adoc[leveloffset=+1]
+include::modules/olmv1-adding-a-catalog.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-creating-a-pull-secret-for-catalogs-secure-registry_olmv1-installing-operator[Creating a pull secret for catalogs hosted on a secure registry]
+
+include::modules/olmv1-finding-operators-to-install.adoc[leveloffset=+1]
+include::modules/olmv1-catalog-queries.adoc[leveloffset=+2]
+
+include::modules/olmv1-about-target-versions.adoc[leveloffset=+1]
+include::modules/olmv1-version-range-support.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/olm_v1/arch/olmv1-dependency.adoc#olmv1-dependency[Dependency resolution in OLM 1.0]
+
+include::modules/olmv1-version-range-comparisons.adoc[leveloffset=+2]
+
+include::modules/olmv1-installing-an-operator.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-about-operator-updates_olmv1-installing-operator[About target versions in OLM 1.0]
+* xref:../../operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc#olmv1-version-range-support_olmv1-installing-operator[Support for version ranges]
+
+include::modules/olmv1-updating-an-operator.adoc[leveloffset=+1]
+include::modules/olmv1-deleting-an-operator.adoc[leveloffset=+1]
diff --git a/operators/olm_v1/olmv1-managing-plain-bundles.adoc b/operators/olm_v1/olmv1-managing-plain-bundles.adoc
new file mode 100644
index 000000000000..08a5a77736e4
--- /dev/null
+++ b/operators/olm_v1/olmv1-managing-plain-bundles.adoc
@@ -0,0 +1,72 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="olmv1-managing-plain-bundles"]
+= Managing plain bundles in {olmv1} (Technology Preview)
+
+:context: olmv1-managing-catalogs
+
+toc::[]
+
+In {olmv1-first}, a _plain bundle_ is a static collection of arbitrary Kubernetes manifests in YAML format. The experimental `olm.bundle.mediatype` property of the `olm.bundle` schema object differentiates a plain bundle (`plain+v0`) from a regular (`registry+v1`) bundle.
+
+:FeatureName: {olmv1}
+include::snippets/technology-preview.adoc[]
+
+// For more information, see the [Plain Bundle Specification](https://github.com/operator-framework/rukpak/blob/main/docs/bundles/plain.md) in the RukPak repository.
+
+As a cluster administrator, you can build and publish a file-based catalog that includes a plain bundle image by completing the following procedures:
+
+. Build a plain bundle image.
+. Create a file-based catalog.
+. Add the plain bundle image to your file-based catalog.
+. Build your catalog as an image.
+. Publish your catalog image.
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/olm_v1/arch/olmv1-rukpak.adoc#olmv1-rukpak[RukPak component and packaging format]
+
+[id="prerequisites_olmv1-plain-bundles"]
+== Prerequisites
+
+* Access to an {product-title} cluster using an account with `cluster-admin` permissions
++
+--
+include::snippets/olmv1-cli-only.adoc[]
+--
+* The `TechPreviewNoUpgrades` feature set enabled on the cluster
++
+[WARNING]
+====
+Enabling the `TechPreviewNoUpgrade` feature set cannot be undone and prevents minor version updates. These feature sets are not recommended on production clusters.
+====
+* The OpenShift CLI (`oc`) installed on your workstation
+* The `opm` CLI installed on your workstation
+* Docker or Podman installed on your workstation
+* Push access to a container registry, such as link:https://quay.io[Quay]
+* Kubernetes manifests for your bundle in a flat directory at the root of your project similar to the following structure:
++
+.Example directory structure
+[source,terminal]
+----
+manifests
+├── namespace.yaml
+├── service_account.yaml
+├── cluster_role.yaml
+├── cluster_role_binding.yaml
+└── deployment.yaml
+----
+
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling features using feature gates]
+
+// - Only the `redhat-operators` catalog source enabled on the cluster. This is a restriction during the Technology Preview release.
+
+include::modules/olmv1-building-plain-image.adoc[leveloffset=+1]
+include::modules/olmv1-creating-fbc.adoc[leveloffset=+1]
+include::modules/olmv1-adding-plain-to-fbc.adoc[leveloffset=+1]
+include::modules/olmv1-publishing-fbc.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/operators/olm_v1/snippets b/operators/olm_v1/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/operators/olm_v1/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/operators/operator-reference.adoc b/operators/operator-reference.adoc
index 36249443a3d1..0cc2d9f57dd5 100644
--- a/operators/operator-reference.adoc
+++ b/operators/operator-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cluster-operators-ref"]
 = Cluster Operators reference
 include::_attributes/common-attributes.adoc[]
@@ -24,20 +24,24 @@ include::modules/cluster-bare-metal-operator.adoc[leveloffset=+1]
 * xref:../installing/cluster-capabilities.adoc#cluster-bare-metal-operator_cluster-capabilities[Bare-metal capability]
 
 include::modules/baremetal-event-relay.adoc[leveloffset=+1]
+
 include::modules/cloud-credential-operator.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 [discrete]
 [id="additional-resources_cluster-op-ref-cco"]
 === Additional resources
-
 * xref:../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator]
 * xref:../rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc#credentialsrequest-cloudcredential-openshift-io-v1[`CredentialsRequest` custom resource]
 
 include::modules/cluster-authentication-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-autoscaler-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-cloud-controller-manager-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-capi-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-config-operator.adoc[leveloffset=+1]
 
 include::modules/cluster-csi-snapshot-controller-operator.adoc[leveloffset=+1]
@@ -47,9 +51,13 @@ include::modules/cluster-csi-snapshot-controller-operator.adoc[leveloffset=+1]
 * xref:../installing/cluster-capabilities.adoc#cluster-csi-snapshot-controller-operator_cluster-capabilities[CSI snapshot controller capability]
 
 include::modules/cluster-image-registry-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-machine-approver-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-monitoring-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-network-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-samples-operator.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -64,6 +72,7 @@ include::modules/cluster-storage-operator.adoc[leveloffset=+1]
 * xref:../installing/cluster-capabilities.adoc#cluster-storage-operator_cluster-capabilities[Storage capability]
 
 include::modules/cluster-version-operator.adoc[leveloffset=+1]
+
 include::modules/console-operator.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -81,27 +90,34 @@ include::modules/control-plane-machine-set-operator.adoc[leveloffset=+1]
 * xref:../rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc#controlplanemachineset-machine-openshift-io-v1[`ControlPlaneMachineSet` custom resource]
 
 include::modules/cluster-dns-operator.adoc[leveloffset=+1]
+
 include::modules/etcd-operator.adoc[leveloffset=+1]
+
 include::modules/ingress-operator.adoc[leveloffset=+1]
+
 include::modules/insights-operator.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-
 * xref:../installing/cluster-capabilities.adoc#insights-operator_cluster-capabilities[Insights capability]
 * See xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for details about Insights Operator and Telemetry.
 
 include::modules/kube-apiserver-operator.adoc[leveloffset=+1]
+
 include::modules/kube-controller-manager-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-kube-scheduler-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-kube-storage-version-migrator-operator.adoc[leveloffset=+1]
+
 include::modules/machine-api-operator.adoc[leveloffset=+1]
+
 include::modules/machine-config-operator.adoc[leveloffset=+1]
+
 include::modules/operator-marketplace.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-
 * xref:../installing/cluster-capabilities.adoc#marketplace-operator_cluster-capabilities[Marketplace capability]
 
 include::modules/node-tuning-operator.adoc[leveloffset=+1]
@@ -110,10 +126,10 @@ include::modules/node-tuning-operator.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="cluster-operators-ref-nto-addtl-resources"]
 === Additional resources
-
 * xref:../scalability_and_performance/cnf-low-latency-tuning.adoc#cnf-understanding-low-latency_cnf-master[Low latency tuning of OCP nodes]
 
 include::modules/openshift-apiserver-operator.adoc[leveloffset=+1]
+
 include::modules/cluster-openshift-controller-manager-operators.adoc[leveloffset=+1]
 
 [id="cluster-operators-ref-olm"]
@@ -133,13 +149,12 @@ include::modules/olm-arch-catalog-registry.adoc[leveloffset=+2]
 [discrete]
 [id="cluster-operators-ref-olm-addtl-resources"]
 === Additional resources
-
 * For more information, see the sections on xref:../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[understanding Operator Lifecycle Manager (OLM)].
 
 include::modules/openshift-service-ca-operator.adoc[leveloffset=+1]
+
 include::modules/vsphere-problem-detector-operator.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-
 * For more details, see xref:../installing/installing_vsphere/using-vsphere-problem-detector-operator.adoc#using-vsphere-problem-detector-operator[Using the vSphere Problem Detector Operator].
diff --git a/operators/operator_sdk/ansible/osdk-ansible-cr-status.adoc b/operators/operator_sdk/ansible/osdk-ansible-cr-status.adoc
index 7e7f3d7f04a3..33116265974a 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-cr-status.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-cr-status.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-cr-status"]
 = Custom resource status management
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc b/operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
index 8067083de587..f7cccfb93b60 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-inside-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-inside-operator"]
 = Using Ansible inside an Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/ansible/osdk-ansible-k8s-collection.adoc b/operators/operator_sdk/ansible/osdk-ansible-k8s-collection.adoc
index b1643c801b3d..5d982029a900 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-k8s-collection.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-k8s-collection.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-k8s-collection"]
 = Kubernetes Collection for Ansible
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/ansible/osdk-ansible-project-layout.adoc b/operators/operator_sdk/ansible/osdk-ansible-project-layout.adoc
index 0efc0834df54..5d0b2fa85a58 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-project-layout.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-project-layout.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-project-layout"]
 = Project layout for Ansible-based Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/ansible/osdk-ansible-quickstart.adoc b/operators/operator_sdk/ansible/osdk-ansible-quickstart.adoc
index 56a1c18f6f7c..2553e4c76cba 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-quickstart.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-quickstart.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-quickstart"]
 = Getting started with Operator SDK for Ansible-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+// This assembly is currently excluded from the OSD and ROSA docs, because it requires cluster-admin permissions.
+
 The Operator SDK includes options for generating an Operator project that leverages existing Ansible playbooks and modules to deploy Kubernetes resources as a unified application, without having to write any Go code.
 
 To demonstrate the basics of setting up and running an link:https://docs.ansible.com/ansible/latest/index.html[Ansible]-based Operator using tools and libraries provided by the Operator SDK, Operator developers can build an example Ansible-based Operator for Memcached, a distributed key-value store, and deploy it to a cluster.
diff --git a/operators/operator_sdk/ansible/osdk-ansible-support.adoc b/operators/operator_sdk/ansible/osdk-ansible-support.adoc
index b0df4184b32c..7712f2c7e44c 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-support.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-support"]
 = Ansible support in Operator SDK
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc b/operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc
index 4eaed9242b7c..cab6cc814b2a 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-tutorial"]
 = Operator SDK tutorial for Ansible-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -18,10 +18,20 @@ Operator SDK:: The `operator-sdk` CLI tool and `controller-runtime` library API
 
 Operator Lifecycle Manager (OLM):: Installation, upgrade, and role-based access control (RBAC) of Operators on a cluster
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 This tutorial goes into greater detail than xref:../../../operators/operator_sdk/ansible/osdk-ansible-quickstart.adoc#osdk-ansible-quickstart[Getting started with Operator SDK for Ansible-based Operators].
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+// The "Getting started" quickstarts require cluster-admin and are therefore only available in OCP.
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+This tutorial goes into greater detail than link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-ansible-quickstart[Getting started with Operator SDK for Ansible-based Operators] in the OpenShift Container Platform documentation.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/osdk-common-prereqs.adoc[leveloffset=+1]
 
@@ -37,9 +47,21 @@ include::modules/osdk-ansible-create-api.adoc[leveloffset=+1]
 include::modules/osdk-ansible-modify-manager.adoc[leveloffset=+1]
 
 include::modules/osdk-run-proxy.adoc[leveloffset=+1]
+
 include::modules/osdk-run-operator.adoc[leveloffset=+1]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-locally_osdk-ansible-tutorial[Running locally outside the cluster] (OpenShift Container Platform documentation)
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-deployment_osdk-ansible-tutorial[Running as a deployment on the cluster] (OpenShift Container Platform documentation)
+endif::openshift-dedicated,openshift-rosa[]
+
+// In OSD/ROSA, the only applicable option for running the Operator is to bundle and deploy with OLM.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/osdk-run-locally.adoc[leveloffset=+2]
 include::modules/osdk-run-deployment.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="osdk-bundle-deploy-olm_{context}"]
 === Bundling an Operator and deploying with Operator Lifecycle Manager
@@ -54,4 +76,9 @@ include::modules/osdk-create-cr.adoc[leveloffset=+1]
 == Additional resources
 
 * See xref:../../../operators/operator_sdk/ansible/osdk-ansible-project-layout.adoc#osdk-ansible-project-layout[Project layout for Ansible-based Operators] to learn about the directory structures created by the Operator SDK.
+ifndef::openshift-dedicated,openshift-rosa[]
 * If a xref:../../../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[cluster-wide egress proxy is configured], cluster administrators can xref:../../../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[override the proxy settings or inject a custom CA certificate] for specific Operators running on Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* If a xref:../../../networking/configuring-cluster-wide-proxy.adoc#configuring-a-cluster-wide-proxy[cluster-wide egress proxy is configured], administrators with the `dedicated-admin` role can xref:../../../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[override the proxy settings or inject a custom CA certificate] for specific Operators running on Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/operator_sdk/ansible/osdk-ansible-updating-projects.adoc b/operators/operator_sdk/ansible/osdk-ansible-updating-projects.adoc
index e42b2d804602..ccc7034f2472 100644
--- a/operators/operator_sdk/ansible/osdk-ansible-updating-projects.adoc
+++ b/operators/operator_sdk/ansible/osdk-ansible-updating-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ansible-updating-projects"]
 = Updating projects for newer Operator SDK versions
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ toc::[]
 
 However, to ensure your existing Operator projects maintain compatibility with Operator SDK {osdk_ver}, update steps are required for the associated breaking changes introduced since {osdk_ver_n1}. You must perform the update steps manually in any of your Operator projects that were previously created or maintained with {osdk_ver_n1}.
 
-include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
+include::modules/osdk-updating-128-to-131.adoc[leveloffset=+1]
 
 [id="additional-resources_osdk-ansible-upgrading-projects"]
 [role="_additional-resources"]
diff --git a/operators/operator_sdk/golang/osdk-golang-project-layout.adoc b/operators/operator_sdk/golang/osdk-golang-project-layout.adoc
index aac30cb41601..d321b4f74485 100644
--- a/operators/operator_sdk/golang/osdk-golang-project-layout.adoc
+++ b/operators/operator_sdk/golang/osdk-golang-project-layout.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-golang-project-layout"]
 = Project layout for Go-based Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/golang/osdk-golang-quickstart.adoc b/operators/operator_sdk/golang/osdk-golang-quickstart.adoc
index b7a3a87ae7e1..6008241317e3 100644
--- a/operators/operator_sdk/golang/osdk-golang-quickstart.adoc
+++ b/operators/operator_sdk/golang/osdk-golang-quickstart.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-golang-quickstart"]
 = Getting started with Operator SDK for Go-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+// This assembly is currently excluded from the OSD and ROSA docs, because it requires cluster-admin permissions.
+
 To demonstrate the basics of setting up and running a Go-based Operator using tools and libraries provided by the Operator SDK, Operator developers can build an example Go-based Operator for Memcached, a distributed key-value store, and deploy it to a cluster.
 
 include::modules/osdk-common-prereqs.adoc[leveloffset=+1]
diff --git a/operators/operator_sdk/golang/osdk-golang-tutorial.adoc b/operators/operator_sdk/golang/osdk-golang-tutorial.adoc
index 6065d9cbedf6..665b82489762 100644
--- a/operators/operator_sdk/golang/osdk-golang-tutorial.adoc
+++ b/operators/operator_sdk/golang/osdk-golang-tutorial.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-golang-tutorial"]
 = Operator SDK tutorial for Go-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -14,10 +14,20 @@ Operator SDK:: The `operator-sdk` CLI tool and `controller-runtime` library API
 
 Operator Lifecycle Manager (OLM):: Installation, upgrade, and role-based access control (RBAC) of Operators on a cluster
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 This tutorial goes into greater detail than xref:../../../operators/operator_sdk/golang/osdk-golang-quickstart.adoc#osdk-golang-quickstart[Getting started with Operator SDK for Go-based Operators].
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+// The "Getting started" quickstarts require cluster-admin and are therefore only available in OCP.
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+This tutorial goes into greater detail than link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-golang-quickstart[Getting started with Operator SDK for Go-based Operators] in the OpenShift Container Platform documentation.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/osdk-common-prereqs.adoc[leveloffset=+1]
 
@@ -46,9 +56,20 @@ include::modules/osdk-golang-controller-reconcile-loop.adoc[leveloffset=+2]
 include::modules/osdk-golang-controller-rbac-markers.adoc[leveloffset=+2]
 
 include::modules/osdk-run-proxy.adoc[leveloffset=+1]
+
 include::modules/osdk-run-operator.adoc[leveloffset=+1]
+ifdef::openshift-dedicated,openshift-rosa[]
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-locally_osdk-golang-tutorial[Running locally outside the cluster] (OpenShift Container Platform documentation)
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-deployment_osdk-golang-tutorial[Running as a deployment on the cluster] (OpenShift Container Platform documentation)
+endif::openshift-dedicated,openshift-rosa[]
+
+// In OSD/ROSA, the only applicable option for running the Operator is to bundle and deploy with OLM.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/osdk-run-locally.adoc[leveloffset=+2]
 include::modules/osdk-run-deployment.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="osdk-bundle-deploy-olm_{context}"]
 === Bundling an Operator and deploying with Operator Lifecycle Manager
@@ -63,4 +84,9 @@ include::modules/osdk-create-cr.adoc[leveloffset=+1]
 == Additional resources
 
 * See xref:../../../operators/operator_sdk/golang/osdk-golang-project-layout.adoc#osdk-golang-project-layout[Project layout for Go-based Operators] to learn about the directory structures created by the Operator SDK.
+ifndef::openshift-dedicated,openshift-rosa[]
 * If a xref:../../../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[cluster-wide egress proxy is configured], cluster administrators can xref:../../../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[override the proxy settings or inject a custom CA certificate] for specific Operators running on Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* If a xref:../../../networking/configuring-cluster-wide-proxy.adoc#configuring-a-cluster-wide-proxy[cluster-wide egress proxy is configured], administrators with the `dedicated-admin` role can xref:../../../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[override the proxy settings or inject a custom CA certificate] for specific Operators running on Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
\ No newline at end of file
diff --git a/operators/operator_sdk/golang/osdk-golang-updating-projects.adoc b/operators/operator_sdk/golang/osdk-golang-updating-projects.adoc
index e6afdc2f555e..38136a10623c 100644
--- a/operators/operator_sdk/golang/osdk-golang-updating-projects.adoc
+++ b/operators/operator_sdk/golang/osdk-golang-updating-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-golang-updating-projects"]
 = Updating Go-based Operator projects for newer Operator SDK versions
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ toc::[]
 
 However, to ensure your existing Operator projects maintain compatibility with Operator SDK {osdk_ver}, update steps are required for the associated breaking changes introduced since {osdk_ver_n1}. You must perform the update steps manually in any of your Operator projects that were previously created or maintained with {osdk_ver_n1}.
 
-include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
+include::modules/osdk-updating-128-to-131.adoc[leveloffset=+1]
 
 [id="additional-resources_osdk-upgrading-projects-golang"]
 [role="_additional-resources"]
@@ -20,4 +20,3 @@ include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
 * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html-single/operators/index#osdk-upgrading-v1101-to-v1160_osdk-upgrading-projects[Upgrading projects for Operator SDK 1.16.0]
 * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/operators/developing-operators#osdk-upgrading-v180-to-v1101_osdk-upgrading-projects[Upgrading projects for Operator SDK v1.10.1]
 * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/operators/developing-operators#osdk-upgrading-v130-to-v180_osdk-upgrading-projects[Upgrading projects for Operator SDK v1.8.0]
-
diff --git a/operators/operator_sdk/helm/osdk-helm-project-layout.adoc b/operators/operator_sdk/helm/osdk-helm-project-layout.adoc
index 75ce470305b1..176de5250416 100644
--- a/operators/operator_sdk/helm/osdk-helm-project-layout.adoc
+++ b/operators/operator_sdk/helm/osdk-helm-project-layout.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-helm-project-layout"]
 = Project layout for Helm-based Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/helm/osdk-helm-quickstart.adoc b/operators/operator_sdk/helm/osdk-helm-quickstart.adoc
index 672eb78fc330..c3079d50eec3 100644
--- a/operators/operator_sdk/helm/osdk-helm-quickstart.adoc
+++ b/operators/operator_sdk/helm/osdk-helm-quickstart.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-helm-quickstart"]
 = Getting started with Operator SDK for Helm-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+// This assembly is currently excluded from the OSD and ROSA docs, because it requires cluster-admin permissions.
+
 The Operator SDK includes options for generating an Operator project that leverages existing link:https://helm.sh/docs/[Helm] charts to deploy Kubernetes resources as a unified application, without having to write any Go code.
 
 To demonstrate the basics of setting up and running an link:https://helm.sh/docs/[Helm]-based Operator using tools and libraries provided by the Operator SDK, Operator developers can build an example Helm-based Operator for Nginx and deploy it to a cluster.
diff --git a/operators/operator_sdk/helm/osdk-helm-support.adoc b/operators/operator_sdk/helm/osdk-helm-support.adoc
index 5dfffeef6ca1..40497bc0d170 100644
--- a/operators/operator_sdk/helm/osdk-helm-support.adoc
+++ b/operators/operator_sdk/helm/osdk-helm-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-helm-support"]
 = Helm support in Operator SDK
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/helm/osdk-helm-tutorial.adoc b/operators/operator_sdk/helm/osdk-helm-tutorial.adoc
index 0039a85477b2..f21851892ce2 100644
--- a/operators/operator_sdk/helm/osdk-helm-tutorial.adoc
+++ b/operators/operator_sdk/helm/osdk-helm-tutorial.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-helm-tutorial"]
 = Operator SDK tutorial for Helm-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -18,10 +18,20 @@ Operator SDK:: The `operator-sdk` CLI tool and `controller-runtime` library API
 
 Operator Lifecycle Manager (OLM):: Installation, upgrade, and role-based access control (RBAC) of Operators on a cluster
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 This tutorial goes into greater detail than xref:../../../operators/operator_sdk/helm/osdk-helm-quickstart.adoc#osdk-helm-quickstart[Getting started with Operator SDK for Helm-based Operators].
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+// The "Getting started" quickstarts require cluster-admin and are therefore only available in OCP.
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+This tutorial goes into greater detail than link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-helm-quickstart[Getting started with Operator SDK for Helm-based Operators] in the OpenShift Container Platform documentation.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/osdk-common-prereqs.adoc[leveloffset=+1]
 
@@ -39,9 +49,22 @@ include::modules/osdk-helm-sample-chart.adoc[leveloffset=+2]
 include::modules/osdk-helm-modify-cr.adoc[leveloffset=+2]
 
 include::modules/osdk-run-proxy.adoc[leveloffset=+1]
+
+
 include::modules/osdk-run-operator.adoc[leveloffset=+1]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-locally_osdk-helm-tutorial[Running locally outside the cluster] (OpenShift Container Platform documentation)
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-deployment_osdk-helm-tutorial[Running as a deployment on the cluster] (OpenShift Container Platform documentation)
+endif::openshift-dedicated,openshift-rosa[]
+
+// In OSD/ROSA, the only applicable option for running the Operator is to bundle and deploy with OLM.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/osdk-run-locally.adoc[leveloffset=+2]
 include::modules/osdk-run-deployment.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="osdk-bundle-deploy-olm_{context}"]
 === Bundling an Operator and deploying with Operator Lifecycle Manager
@@ -56,4 +79,9 @@ include::modules/osdk-create-cr.adoc[leveloffset=+1]
 == Additional resources
 
 * See xref:../../../operators/operator_sdk/helm/osdk-helm-project-layout.adoc#osdk-helm-project-layout[Project layout for Helm-based Operators] to learn about the directory structures created by the Operator SDK.
+ifndef::openshift-dedicated,openshift-rosa[]
 * If a xref:../../../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[cluster-wide egress proxy is configured], cluster administrators can xref:../../../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[override the proxy settings or inject a custom CA certificate] for specific Operators running on Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+* If a xref:../../../networking/configuring-cluster-wide-proxy.adoc#configuring-a-cluster-wide-proxy[cluster-wide egress proxy is configured], administrators with the `dedicated-admin` role can xref:../../../operators/admin/olm-configuring-proxy-support.adoc#olm-configuring-proxy-support[override the proxy settings or inject a custom CA certificate] for specific Operators running on Operator Lifecycle Manager (OLM).
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/operator_sdk/helm/osdk-helm-updating-projects.adoc b/operators/operator_sdk/helm/osdk-helm-updating-projects.adoc
index 4c709284a949..76b6ae088dc9 100644
--- a/operators/operator_sdk/helm/osdk-helm-updating-projects.adoc
+++ b/operators/operator_sdk/helm/osdk-helm-updating-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-helm-updating-projects"]
 = Updating Helm-based projects for newer Operator SDK versions
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ toc::[]
 
 However, to ensure your existing Operator projects maintain compatibility with Operator SDK {osdk_ver}, update steps are required for the associated breaking changes introduced since {osdk_ver_n1}. You must perform the update steps manually in any of your Operator projects that were previously created or maintained with {osdk_ver_n1}.
 
-include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
+include::modules/osdk-updating-128-to-131.adoc[leveloffset=+1]
 
 [id="additional-resources_osdk-helm-upgrading-projects"]
 [role="_additional-resources"]
diff --git a/operators/operator_sdk/helm/osdk-hybrid-helm-updating-projects.adoc b/operators/operator_sdk/helm/osdk-hybrid-helm-updating-projects.adoc
index cc069930d747..a0811c91292e 100644
--- a/operators/operator_sdk/helm/osdk-hybrid-helm-updating-projects.adoc
+++ b/operators/operator_sdk/helm/osdk-hybrid-helm-updating-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-hybrid-helm-updating-projects"]
 = Updating Hybrid Helm-based projects for newer Operator SDK versions
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ toc::[]
 
 However, to ensure your existing Operator projects maintain compatibility with Operator SDK {osdk_ver}, update steps are required for the associated breaking changes introduced since {osdk_ver_n1}. You must perform the update steps manually in any of your Operator projects that were previously created or maintained with {osdk_ver_n1}.
 
-include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
+include::modules/osdk-updating-128-to-131.adoc[leveloffset=+1]
 
 [id="additional-resources_osdk-hybrid-helm-upgrading-projects"]
 [role="_additional-resources"]
@@ -20,4 +20,3 @@ include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
 * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html-single/operators/index#osdk-upgrading-v1101-to-v1160_osdk-upgrading-projects[Upgrading projects for Operator SDK 1.16.0]
 * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/operators/developing-operators#osdk-upgrading-v180-to-v1101_osdk-upgrading-projects[Upgrading projects for Operator SDK v1.10.1]
 * link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/operators/developing-operators#osdk-upgrading-v130-to-v180_osdk-upgrading-projects[Upgrading projects for Operator SDK v1.8.0]
-
diff --git a/operators/operator_sdk/helm/osdk-hybrid-helm.adoc b/operators/operator_sdk/helm/osdk-hybrid-helm.adoc
index 168fab151e93..fb2ccfe7c752 100644
--- a/operators/operator_sdk/helm/osdk-hybrid-helm.adoc
+++ b/operators/operator_sdk/helm/osdk-hybrid-helm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-hybrid-helm"]
 = Operator SDK tutorial for Hybrid Helm Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/java/osdk-java-project-layout.adoc b/operators/operator_sdk/java/osdk-java-project-layout.adoc
index ca19ade401b8..98a08ecdb711 100644
--- a/operators/operator_sdk/java/osdk-java-project-layout.adoc
+++ b/operators/operator_sdk/java/osdk-java-project-layout.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-java-project-layout"]
 = Project layout for Java-based Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/java/osdk-java-quickstart.adoc b/operators/operator_sdk/java/osdk-java-quickstart.adoc
index 73523d80e742..eb18008a3953 100644
--- a/operators/operator_sdk/java/osdk-java-quickstart.adoc
+++ b/operators/operator_sdk/java/osdk-java-quickstart.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-java-quickstart"]
 = Getting started with Operator SDK for Java-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[]
 :FeatureName: Java-based Operator SDK
 include::snippets/technology-preview.adoc[]
 
+// This assembly is not included in the OSD and ROSA docs, because it is Tech Preview. However, once Java-based Operator SDK is GA, this assembly will still need to be excluded from OSD and ROSA if it continues to require cluster-admin permissions.
+
 toc::[]
 
 To demonstrate the basics of setting up and running a Java-based Operator using tools and libraries provided by the Operator SDK, Operator developers can build an example Java-based Operator for Memcached, a distributed key-value store, and deploy it to a cluster.
diff --git a/operators/operator_sdk/java/osdk-java-tutorial.adoc b/operators/operator_sdk/java/osdk-java-tutorial.adoc
index 804e46f23692..943ae42f23a7 100644
--- a/operators/operator_sdk/java/osdk-java-tutorial.adoc
+++ b/operators/operator_sdk/java/osdk-java-tutorial.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-java-tutorial"]
 = Operator SDK tutorial for Java-based Operators
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[]
 :FeatureName: Java-based Operator SDK
 include::snippets/technology-preview.adoc[]
 
+// This assembly is not currrently included in the OSD and ROSA distros, because it is Tech Preview. However, some conditionalization has been added for OSD and ROSA so that the content will be applicable to those distros once this feature is GA and included in the OSD and ROSA docs.
+
 toc::[]
 
 Operator developers can take advantage of Java programming language support in the Operator SDK to build an example Java-based Operator for Memcached, a distributed key-value store, and manage its lifecycle.
@@ -16,10 +18,20 @@ Operator SDK:: The `operator-sdk` CLI tool and `java-operator-sdk` library API
 
 Operator Lifecycle Manager (OLM):: Installation, upgrade, and role-based access control (RBAC) of Operators on a cluster
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
 This tutorial goes into greater detail than xref:../../../operators/operator_sdk/java/osdk-java-quickstart.adoc#osdk-java-quickstart[Getting started with Operator SDK for Java-based Operators].
 ====
+endif::openshift-dedicated,openshift-rosa[]
+
+// The "Getting started" quickstarts require cluster-admin and are therefore only available in OCP.
+ifdef::openshift-dedicated,openshift-rosa[]
+[NOTE]
+====
+This tutorial goes into greater detail than link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-java-quickstart[Getting started with Operator SDK for Java-based Operators] in the OpenShift Container Platform documentation.
+====
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/osdk-common-prereqs.adoc[leveloffset=+1]
 
@@ -45,8 +57,19 @@ include::modules/osdk-java-controller-labels-memcached.adoc[leveloffset=+2]
 include::modules/osdk-java-controller-memcached-deployment.adoc[leveloffset=+2]
 
 include::modules/osdk-run-operator.adoc[leveloffset=+1]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-locally_osdk-java-tutorial[Running locally outside the cluster] (OpenShift Container Platform documentation)
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-run-deployment_osdk-java-tutorial[Running as a deployment on the cluster] (OpenShift Container Platform documentation)
+endif::openshift-dedicated,openshift-rosa[]
+
+// In OSD/ROSA, the only applicable option for running the Operator is to bundle and deploy with OLM.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/osdk-run-locally.adoc[leveloffset=+2]
 include::modules/osdk-run-deployment.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="osdk-bundle-deploy-olm_{context}"]
 === Bundling an Operator and deploying with Operator Lifecycle Manager
diff --git a/operators/operator_sdk/java/osdk-java-updating-projects.adoc b/operators/operator_sdk/java/osdk-java-updating-projects.adoc
index efb80d02bb30..c402228c172a 100644
--- a/operators/operator_sdk/java/osdk-java-updating-projects.adoc
+++ b/operators/operator_sdk/java/osdk-java-updating-projects.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-java-updating-projects"]
 = Updating projects for newer Operator SDK versions
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ toc::[]
 
 However, to ensure your existing Operator projects maintain compatibility with Operator SDK {osdk_ver}, update steps are required for the associated breaking changes introduced since {osdk_ver_n1}. You must perform the update steps manually in any of your Operator projects that were previously created or maintained with {osdk_ver_n1}.
 
-include::modules/osdk-updating-v125-to-v128.adoc[leveloffset=+1]
+include::modules/osdk-updating-128-to-131.adoc[leveloffset=+1]
 
 [id="additional-resources_osdk-java-upgrading-projects"]
 [role="_additional-resources"]
diff --git a/operators/operator_sdk/osdk-about.adoc b/operators/operator_sdk/osdk-about.adoc
index 60a94cdc158d..aa99faaaa698 100644
--- a/operators/operator_sdk/osdk-about.adoc
+++ b/operators/operator_sdk/osdk-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-about"]
 = About the Operator SDK
 include::_attributes/common-attributes.adoc[]
@@ -24,7 +24,13 @@ The Operator SDK is a framework that uses the link:https://github.com/kubernetes
 - Extensions to cover common Operator use cases
 - Metrics set up automatically in any generated Go-based Operator for use on clusters where the Prometheus Operator is deployed
 
-Operator authors with cluster administrator access to a Kubernetes-based cluster (such as {product-title}) can use the Operator SDK CLI to develop their own Operators based on Go, Ansible, or Helm. link:https://kubebuilder.io/[Kubebuilder] is embedded into the Operator SDK as the scaffolding solution for Go-based Operators, which means existing Kubebuilder projects can be used as is with the Operator SDK and continue to work.
+ifndef::openshift-dedicated,openshift-rosa[]
+Operator authors with cluster administrator access to a Kubernetes-based cluster (such as {product-title})
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Operator authors with dedicated-admin access to {product-title}
+endif::openshift-dedicated,openshift-rosa[]
+can use the Operator SDK CLI to develop their own Operators based on Go, Ansible, Java, or Helm. link:https://kubebuilder.io/[Kubebuilder] is embedded into the Operator SDK as the scaffolding solution for Go-based Operators, which means existing Kubebuilder projects can be used as is with the Operator SDK and continue to work.
 
 [NOTE]
 ====
diff --git a/operators/operator_sdk/osdk-bundle-validate.adoc b/operators/operator_sdk/osdk-bundle-validate.adoc
index a26cd9ad490e..253e1a96afd0 100644
--- a/operators/operator_sdk/osdk-bundle-validate.adoc
+++ b/operators/operator_sdk/osdk-bundle-validate.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-bundle-validate"]
 = Validating Operator bundles
 include::_attributes/common-attributes.adoc[]
@@ -17,3 +17,12 @@ include::modules/osdk-bundle-validate-tests.adoc[leveloffset=+1]
 * xref:../../operators/understanding/olm-packaging-format.adoc#olm-bundle-format_olm-packaging-format[Bundle format]
 
 include::modules/osdk-bundle-validate-run.adoc[leveloffset=+1]
+
+ifndef::openshift-rosa,openshift-dedicated[]
+include::modules/osdk-multi-arch-validate.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/operator_sdk/osdk-multi-arch-support.adoc#osdk-multi-platform-support[Configuring Operator projects for multi-platform support]
+endif::[]
diff --git a/operators/operator_sdk/osdk-cli-ref.adoc b/operators/operator_sdk/osdk-cli-ref.adoc
index ea33eae35987..7d533e226497 100644
--- a/operators/operator_sdk/osdk-cli-ref.adoc
+++ b/operators/operator_sdk/osdk-cli-ref.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-cli-ref"]
 = Operator SDK CLI reference
 include::_attributes/common-attributes.adoc[]
@@ -38,11 +38,22 @@ include::modules/osdk-cli-ref-run-bundle.adoc[leveloffset=+2]
 .Additional resources
 
 * See xref:../../operators/understanding/olm/olm-understanding-operatorgroups.adoc#olm-operatorgroups-membership_olm-understanding-operatorgroups[Operator group membership] for details on possible install modes.
+* xref:../../operators/operator_sdk/osdk-complying-with-psa.adoc#osdk-complying-with-psa[Complying with pod security admission]
+* xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
 
 include::modules/osdk-cli-ref-run-bundle-upgrade.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/operator_sdk/osdk-complying-with-psa.adoc#osdk-complying-with-psa[Complying with pod security admission]
+* xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
+
 include::modules/osdk-cli-ref-scorecard.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../operators/operator_sdk/osdk-scorecard.adoc#osdk-scorecard[Validating Operators using the scorecard tool] for details about running the scorecard tool.
+* xref:../../operators/operator_sdk/osdk-complying-with-psa.adoc#osdk-complying-with-psa[Complying with pod security admission]
+* xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
diff --git a/operators/operator_sdk/osdk-complying-with-psa.adoc b/operators/operator_sdk/osdk-complying-with-psa.adoc
index 37239c62ca1f..4dc444d69e48 100644
--- a/operators/operator_sdk/osdk-complying-with-psa.adoc
+++ b/operators/operator_sdk/osdk-complying-with-psa.adoc
@@ -1,5 +1,5 @@
 
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-complying-with-psa"]
 = Complying with pod security admission
 include::_attributes/common-attributes.adoc[]
@@ -16,7 +16,14 @@ If your Operator project does not require escalated permissions to run, you can
 
 For more information, see xref:../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission].
 
+// About pod security admission
+include::modules/security-context-constraints-psa-about.adoc[leveloffset=+1]
+
 include::modules/security-context-constraints-psa-synchronization.adoc[leveloffset=+1]
+
+// Pod security admission synchronization namespace exclusions
+include::modules/security-context-constraints-psa-sync-exclusions.adoc[leveloffset=+2]
+
 include::modules/osdk-ensuring-operator-workloads-run-restricted-psa.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/operators/operator_sdk/osdk-generating-csvs.adoc b/operators/operator_sdk/osdk-generating-csvs.adoc
index 64c88ceba3a4..919d072d9e59 100644
--- a/operators/operator_sdk/osdk-generating-csvs.adoc
+++ b/operators/operator_sdk/osdk-generating-csvs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-generating-csvs"]
 = Defining cluster service versions (CSVs)
 include::_attributes/common-attributes.adoc[]
@@ -30,20 +30,24 @@ include::modules/osdk-manually-defined-csv-fields.adoc[leveloffset=+1]
 
 * xref:../../operators/understanding/olm-what-operators-are.adoc#olm-maturity-model_olm-what-operators-are[Operator maturity model]
 
-include::modules/osdk-csv-manual-annotations.adoc[leveloffset=+2]
+include::modules/osdk-csv-manual-annotations.adoc[leveloffset=+1]
+include::modules/osdk-csv-annotations-infra.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments] (disconnected mode)
+ifndef::openshift-dedicated,openshift-rosa[]
+* xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography]
+endif::openshift-dedicated,openshift-rosa[]
 
+include::modules/osdk-csv-annotations-dep.adoc[leveloffset=+2]
+include::modules/osdk-csv-annotations-other.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-crds-templates_osdk-generating-csvs[CRD templates]
-* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-init-resource_osdk-generating-csvs[Initializing required custom resources
-]
+* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-init-resource_osdk-generating-csvs[Initializing required custom resources]
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-suggested-namespace_osdk-generating-csvs[Setting a suggested namespace]
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-suggested-namespace-default-node_osdk-generating-csvs[Setting a suggested namespace with default node selector]
-* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments] (disconnected mode)
 * xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-hiding-internal-objects_osdk-generating-csvs[Hiding internal objects]
-////
-* xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS crytography]
-////
 
 include::modules/olm-enabling-operator-restricted-network.adoc[leveloffset=+1]
 include::modules/olm-enabling-operator-for-multi-arch.adoc[leveloffset=+1]
@@ -69,7 +73,10 @@ include::modules/olm-defining-csv-webhooks.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
+// This xref points to a topic that is not currently included in the OSD and ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../architecture/admission-plug-ins.adoc#admission-webhook-types_admission-plug-ins[Types of webhook admission plugins]
+endif::openshift-dedicated,openshift-rosa[]
 * Kubernetes documentation:
 ** link:https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook[Validating admission webhooks]
 ** link:https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook[Mutating admission webhooks]
diff --git a/operators/operator_sdk/osdk-ha-sno.adoc b/operators/operator_sdk/osdk-ha-sno.adoc
index 9bbf64f9a1be..dee40594aed1 100644
--- a/operators/operator_sdk/osdk-ha-sno.adoc
+++ b/operators/operator_sdk/osdk-ha-sno.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-ha-sno"]
 = High-availability or single-node cluster detection and support
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,13 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-An {product-title} cluster can be configured in high-availability (HA) mode, which uses multiple nodes, or in non-HA mode, which uses a single node. A single-node cluster, also known as {sno}, is likely to have more conservative resource constraints. Therefore, it is important that Operators installed on a single-node cluster can adjust accordingly and still run well.
+// OSD/ROSA don't support single-node clusters, but these Operator authors still need to know how to handle this configuration for their Operators to work correctly in OCP.
+ifdef::openshift-dedicated,openshift-rosa[]
+To ensure that your Operator runs well on both high-availability (HA) and non-HA modes in OpenShift Container Platform clusters, you can use the Operator SDK to detect the cluster's infrastructure topology and set the resource requirements to fit the cluster's topology.
+endif::openshift-dedicated,openshift-rosa[]
+
+// Not using {product-title} here, because HA mode and non-HA mode are specific to OCP and should be spelled out this way in other distros.
+An OpenShift Container Platform cluster can be configured in high-availability (HA) mode, which uses multiple nodes, or in non-HA mode, which uses a single node. A single-node cluster, also known as {sno}, is likely to have more conservative resource constraints. Therefore, it is important that Operators installed on a single-node cluster can adjust accordingly and still run well.
 
 By accessing the cluster high-availability mode API provided in {product-title}, Operator authors can use the Operator SDK to enable their Operator to detect a cluster's infrastructure topology, either HA or non-HA mode. Custom Operator logic can be developed that uses the detected cluster topology to automatically switch the resource requirements, both for the Operator and for any Operands or workloads it manages, to a profile that best fits the topology.
 
diff --git a/operators/operator_sdk/osdk-installing-cli.adoc b/operators/operator_sdk/osdk-installing-cli.adoc
index 65dbf0cc793f..750c90a37a00 100644
--- a/operators/operator_sdk/osdk-installing-cli.adoc
+++ b/operators/operator_sdk/osdk-installing-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-installing-cli"]
 = Installing the Operator SDK CLI
 include::_attributes/common-attributes.adoc[]
@@ -8,7 +8,13 @@ toc::[]
 
 The Operator SDK provides a command-line interface (CLI) tool that Operator developers can use to build, test, and deploy an Operator. You can install the Operator SDK CLI on your workstation so that you are prepared to start authoring your own Operators.
 
-Operator authors with cluster administrator access to a Kubernetes-based cluster, such as {product-title}, can use the Operator SDK CLI to develop their own Operators based on Go, Ansible, java, or Helm. link:https://kubebuilder.io/[Kubebuilder] is embedded into the Operator SDK as the scaffolding solution for Go-based Operators, which means existing Kubebuilder projects can be used as is with the Operator SDK and continue to work.
+ifndef::openshift-dedicated,openshift-rosa[]
+Operator authors with cluster administrator access to a Kubernetes-based cluster, such as {product-title},
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+Operator authors with dedicated-admin access to {product-title}
+endif::openshift-dedicated,openshift-rosa[]
+can use the Operator SDK CLI to develop their own Operators based on Go, Ansible, Java, or Helm. link:https://kubebuilder.io/[Kubebuilder] is embedded into the Operator SDK as the scaffolding solution for Go-based Operators, which means existing Kubebuilder projects can be used as is with the Operator SDK and continue to work.
 
 [NOTE]
 ====
diff --git a/operators/operator_sdk/osdk-leader-election.adoc b/operators/operator_sdk/osdk-leader-election.adoc
index 26ffbf1f829c..12ef828f292f 100644
--- a/operators/operator_sdk/osdk-leader-election.adoc
+++ b/operators/operator_sdk/osdk-leader-election.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-leader-election"]
 = Configuring leader election
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ During the lifecycle of an Operator, it is possible that there may be more than
 
 There are two different leader election implementations to choose from, each with its own trade-off:
 
-Leader-for-life:: The leader pod only gives up leadership, using garbage collection, when it is deleted. This implementation precludes the possibility of two instances mistakenly running as leaders, a state also known as split brain. However, this method can be subject to a delay in electing a new leader. For example, when the leader pod is on an unresponsive or partitioned node, the link:https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/#options[`pod-eviction-timeout`] dictates long how it takes for the leader pod to be deleted from the node and step down, with a default of `5m`. See the link:https://godoc.org/github.com/operator-framework/operator-sdk/pkg/leader[Leader-for-life] Go documentation for more.
+Leader-for-life:: The leader pod only gives up leadership, using garbage collection, when it is deleted. This implementation precludes the possibility of two instances mistakenly running as leaders, a state also known as split brain. However, this method can be subject to a delay in electing a new leader. For example, when the leader pod is on an unresponsive or partitioned node, you can specify `node.kubernetes.io/unreachable` and `node.kubernetes.io/not-ready` tolerations on the leader pod and use the `tolerationSeconds` value to dictate how long it takes for the leader pod to be deleted from the node and step down. These tolerations are added to the pod by default on admission with a `tolerationSeconds` value of 5 minutes. See the link:https://godoc.org/github.com/operator-framework/operator-sdk/pkg/leader[Leader-for-life] Go documentation for more.
 
 Leader-with-lease:: The leader pod periodically renews the leader lease and gives up leadership when it cannot renew the lease. This implementation allows for a faster transition to a new leader when the existing leader is isolated, but there is a possibility of split brain in link:https://github.com/kubernetes/client-go/blob/30b06a83d67458700a5378239df6b96948cb9160/tools/leaderelection/leaderelection.go#L21-L24[certain situations]. See the link:https://godoc.org/github.com/kubernetes-sigs/controller-runtime/pkg/leaderelection[Leader-with-lease] Go documentation for more.
 
diff --git a/operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc b/operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc
index 20583961eddf..600052d55803 100644
--- a/operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc
+++ b/operators/operator_sdk/osdk-migrating-to-v0-1-0.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-migrating-to-v0-1-0"]
 = Migrating to Operator SDK v0.1.0
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/osdk-monitoring-prometheus.adoc b/operators/operator_sdk/osdk-monitoring-prometheus.adoc
index 9c57bea1b203..7bd8e3e59ca7 100644
--- a/operators/operator_sdk/osdk-monitoring-prometheus.adoc
+++ b/operators/operator_sdk/osdk-monitoring-prometheus.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-monitoring-prometheus"]
 = Configuring built-in monitoring with Prometheus
 include::_attributes/common-attributes.adoc[]
@@ -6,9 +6,30 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+// Dedicated-admins in OSD and ROSA don't have the permissions to complete the procedures in this assembly. Also, the procedures use the default Prometheus Operator in the openshift-monitoring project, which OSD/ROSA customers should not use.
+
+ifndef::openshift-dedicated,openshift-rosa[]
 This guide describes the built-in monitoring support provided by the Operator SDK using the Prometheus Operator and details usage for authors of Go-based and Ansible-based Operators.
 
 include::modules/osdk-monitoring-prometheus-operator-support.adoc[leveloffset=+1]
-
 include::modules/osdk-monitoring-custom-metrics.adoc[leveloffset=+1]
 include::modules/osdk-ansible-metrics.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
+
+ifdef::openshift-dedicated,openshift-rosa[]
+// Since OSD/ROSA dedicated-admins can't do the procedures in this assembly, point to the OCP docs.
+The Operator SDK provides built-in monitoring support using the Prometheus Operator, which you can use to expose custom metrics for your Operator.
+
+[WARNING]
+====
+By default, {product-title} provides a Prometheus Operator in the `openshift-user-workload-monitoring` project. You should use this Prometheus instance to monitor user workloads in {product-title}.
+
+Do not use the Prometheus Operator in the `openshift-monitoring` project. Red Hat Site Reliability Engineers (SRE) use this Prometheus instance to monitor core cluster components.
+====
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-monitoring-custom-metrics_osdk-monitoring-prometheus[Exposing custom metrics for Go-based Operators] (OpenShift Container Platform documentation)
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/operators/index#osdk-ansible-metrics_osdk-monitoring-prometheus[Exposing custom metrics for Ansible-based Operators] (OpenShift Container Platform documentation)
+* xref:../../monitoring/monitoring-overview.adoc#understanding-the-monitoring-stack_monitoring-overview[Understanding the monitoring stack] in {product-title}
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/operator_sdk/osdk-multi-arch-support.adoc b/operators/operator_sdk/osdk-multi-arch-support.adoc
new file mode 100644
index 000000000000..a3bcc1174b86
--- /dev/null
+++ b/operators/operator_sdk/osdk-multi-arch-support.adoc
@@ -0,0 +1,46 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="osdk-multi-platform-support"]
+= Configuring Operator projects for multi-platform support
+include::_attributes/common-attributes.adoc[]
+:context: osdk-multi-arch
+
+toc::[]
+
+Operator projects that support multiple architectures and operating systems, or _platforms_, can run on more Kubernetes and {product-title} clusters than Operator projects that support only a single platform. Example architectures include `amd64`, `arm64`, `ppc64le`, and `s390x`. Example operating systems include Linux and Windows.
+
+Perform the following actions to ensure your Operator project can run on multiple {product-title} platforms:
+
+* Build a manifest list that specifies the platforms that your Operator supports.
+* Set your Operator's node affinity to support multi-architecture compute machines.
+
+include::modules/osdk-multi-arch-building-images.adoc[leveloffset=+1]
+include::modules/osdk-multi-arch-node-affinity.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity[Controlling pod placement on nodes using node affinity rules]
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#olm-overriding-operator-pod-affinity_nodes-scheduler-node-affinity[Using node affinity to control where an Operator is installed]
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-configuration.adoc#post-install-multi-architecture-configuration[About clusters with multi-architecture compute machines]
+
+include::modules/osdk-multi-arch-node-reqs.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity-configuring-required_nodes-scheduler-node-affinity[Configuring a required node affinity rule]
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity-example_nodes-scheduler-node-affinity[Sample node affinity rules]
+
+include::modules/osdk-multi-arch-node-preference.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity-configuring-preferred_nodes-scheduler-node-affinity[Configuring a preferred node affinity rule]
+
+[id="next-steps_osdk-multi-arch-support"]
+== Next steps
+
+* xref:../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-multi-arch_osdk-generating-csvs[Label the platforms your Operator supports for Operator Lifecycle Manager (OLM)]
+* Bundle your Operator and Deploy with OLM
+** xref:../../operators/operator_sdk/golang/osdk-golang-tutorial.adoc#osdk-bundle-deploy-olm_osdk-golang-tutorial[Go-based Operator projects]
+** xref:../../operators/operator_sdk/ansible/osdk-ansible-tutorial.adoc#osdk-bundle-deploy-olm_osdk-ansible-tutorial[Ansible-based Operator projects]
+** xref:../../operators/operator_sdk/helm/osdk-helm-tutorial.html#osdk-bundle-deploy-olm_osdk-helm-tutorial[Helm-based Operator projects]
+* xref:../../operators/operator_sdk/osdk-bundle-validate.html#osdk-multi-arch-validate_osdk-bundle-validate[Validate your Operator's multi-platform readiness]
diff --git a/operators/operator_sdk/osdk-pkgman-to-bundle.adoc b/operators/operator_sdk/osdk-pkgman-to-bundle.adoc
index 82734d36078a..b3ae5cf86c53 100644
--- a/operators/operator_sdk/osdk-pkgman-to-bundle.adoc
+++ b/operators/operator_sdk/osdk-pkgman-to-bundle.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-pkgman-to-bundle"]
 = Migrating package manifest projects to bundle format
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/osdk-pruning-utility.adoc b/operators/operator_sdk/osdk-pruning-utility.adoc
index a002d952154d..a970e0f2b7fc 100644
--- a/operators/operator_sdk/osdk-pruning-utility.adoc
+++ b/operators/operator_sdk/osdk-pruning-utility.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-pruning-utility"]
 = Object pruning utility for Go-based Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/osdk-scorecard.adoc b/operators/operator_sdk/osdk-scorecard.adoc
index 86a084eaae71..4cdffb81d297 100644
--- a/operators/operator_sdk/osdk-scorecard.adoc
+++ b/operators/operator_sdk/osdk-scorecard.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-scorecard"]
 = Validating Operators using the scorecard tool
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/operator_sdk/osdk-token-auth.adoc b/operators/operator_sdk/osdk-token-auth.adoc
new file mode 100644
index 000000000000..08e1c1e49494
--- /dev/null
+++ b/operators/operator_sdk/osdk-token-auth.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="osdk-token-auth"]
+= Token authentication for Operators on cloud providers
+include::_attributes/common-attributes.adoc[]
+:context: osdk-token-auth
+
+toc::[]
+
+Many cloud providers can enable authentication by using account tokens that provide short-term, limited-privilege security credentials.
+
+{product-title} includes the Cloud Credential Operator (CCO) to manage cloud provider credentials as custom resource definitions (CRDs). The CCO syncs on `CredentialsRequest` custom resources (CRs) to allow {product-title} components to request cloud provider credentials with any specific permissions required.
+
+Previously, on clusters where the CCO is in _manual mode_, Operators managed by Operator Lifecycle Manager (OLM) often provided detailed instructions in the OperatorHub for how users could manually provision any required cloud credentials.
+
+Starting in {product-title} 4.14, the CCO can detect when it is running on clusters enabled to use short-term credentials on certain cloud providers. It can then semi-automate provisioning certain credentials, provided that the Operator author has enabled their Operator to support the updated CCO.
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator]
+
+include::modules/osdk-cco-aws-sts.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc#cco-short-term-creds-aws-olm_cco-short-term-creds[OLM-managed Operator support for authentication with AWS STS]
+* xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-from-operatorhub-using-web-console_olm-adding-operators-to-a-cluster[Installing from OperatorHub using the web console]
+* xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-operator-from-operatorhub-using-cli_olm-adding-operators-to-a-cluster[Installing from OperatorHub using the CLI]
+
+include::modules/osdk-cco-aws-sts-enabling.adoc[leveloffset=+2]
+include::modules/osdk-cco-aws-sts-role.adoc[leveloffset=+2]
+include::modules/osdk-cco-aws-sts-tshooting.adoc[leveloffset=+2]
+include::modules/osdk-cco-aws-sts-alt.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/operators/operator_sdk/osdk-working-bundle-images.adoc b/operators/operator_sdk/osdk-working-bundle-images.adoc
index c0ad37358311..b804f2d24adb 100644
--- a/operators/operator_sdk/osdk-working-bundle-images.adoc
+++ b/operators/operator_sdk/osdk-working-bundle-images.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osdk-working-bundle-images"]
 = Working with bundle images
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/crds/crd-extending-api-with-crds.adoc b/operators/understanding/crds/crd-extending-api-with-crds.adoc
index a4d1c3cc68d5..94fc1498ec4f 100644
--- a/operators/understanding/crds/crd-extending-api-with-crds.adoc
+++ b/operators/understanding/crds/crd-extending-api-with-crds.adoc
@@ -1,5 +1,5 @@
-:_content-type: ASSEMBLY
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="crd-extending-api-with-crds"]
 = Extending the Kubernetes API with custom resource definitions
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/crds/crd-managing-resources-from-crds.adoc b/operators/understanding/crds/crd-managing-resources-from-crds.adoc
index 38d938c19a14..c26eb7d2207b 100644
--- a/operators/understanding/crds/crd-managing-resources-from-crds.adoc
+++ b/operators/understanding/crds/crd-managing-resources-from-crds.adoc
@@ -1,5 +1,5 @@
-:_content-type: ASSEMBLY
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="crd-managing-resources-from-crds"]
 = Managing resources from custom resource definitions
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm-common-terms.adoc b/operators/understanding/olm-common-terms.adoc
index 92b33fb25aeb..7b2b1a479eac 100644
--- a/operators/understanding/olm-common-terms.adoc
+++ b/operators/understanding/olm-common-terms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-common-terms"]
 = Operator Framework glossary of common terms
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm-multitenancy.adoc b/operators/understanding/olm-multitenancy.adoc
index f1d59c5cd0ab..b81b915a3039 100644
--- a/operators/understanding/olm-multitenancy.adoc
+++ b/operators/understanding/olm-multitenancy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-multitenancy"]
 = Operators in multitenant clusters
 include::_attributes/common-attributes.adoc[]
@@ -26,8 +26,10 @@ include::modules/olm-multitenancy-solution.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-preparing-operators-multitenant_olm-adding-operators-to-a-cluster[Preparing for multiple instances of an Operator for multitenant clusters]
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../operators/admin/olm-creating-policy.adoc#olm-creating-policy[Allowing non-cluster administrators to install Operators]
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-restricted-networks-operatorhub_olm-managing-custom-catalogs[Disabling the default OperatorHub catalog sources]
+endif::openshift-dedicated,openshift-rosa[]
 
 [id="olm-colocation_{context}"]
 == Operator colocation and Operator groups
diff --git a/operators/understanding/olm-packaging-format.adoc b/operators/understanding/olm-packaging-format.adoc
index 6aba783f9e44..bcd48eb88f83 100644
--- a/operators/understanding/olm-packaging-format.adoc
+++ b/operators/understanding/olm-packaging-format.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-packaging-format"]
 = Operator Framework packaging format
 include::_attributes/common-attributes.adoc[]
@@ -39,7 +39,13 @@ As of {product-title} 4.11, the default Red Hat-provided Operator catalog releas
 
 The `opm` subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
 
-Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format. For more information about working with file-based catalogs, see xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs-fb[Managing custom catalogs] and xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format.
+ifndef::openshift-dedicated,openshift-rosa[]
+For more information about working with file-based catalogs, see xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs-fb[Managing custom catalogs] and xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+For more information about working with file-based catalogs, see xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs-fb[Managing custom catalogs].
+endif::openshift-dedicated,openshift-rosa[]
 ====
 
 include::modules/olm-fb-catalogs-structure.adoc[leveloffset=+2]
@@ -57,12 +63,15 @@ For reference documentation about the `opm` CLI commands related to managing fil
 
 include::modules/olm-fb-catalogs-automation.adoc[leveloffset=+2]
 
+// Tech Preview features should not be included in ROSA/OSD.
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/olm-rukpak-about.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../operators/admin/olm-managing-po.adoc#olm-managing-po[Managing platform Operators]
 * xref:../../operators/admin/olm-managing-po.adoc#olm-po-techpreview_olm-managing-po[Technology Preview restrictions for platform Operators]
+* xref:../../operators/olm_v1/index.adoc#olmv1-about[About Operator Lifecycle Manager 1.0 (Technology Preview)]
 
 include::modules/olm-rukpak-bundle.adoc[leveloffset=+2]
 include::modules/olm-rukpak-bundle-immutability.adoc[leveloffset=+3]
@@ -74,5 +83,6 @@ include::modules/olm-rukpak-registry-bundle.adoc[leveloffset=+3]
 * xref:../../operators/understanding/olm-packaging-format.adoc#olm-bundle-format_olm-packaging-format[Legacy OLM bundle format]
 
 include::modules/olm-rukpak-bd.adoc[leveloffset=+2]
-include::modules/olm-rukpak-provisioner.adoc[leveloffset=+2]
 
+include::modules/olm-rukpak-provisioner.adoc[leveloffset=+2]
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/understanding/olm-rh-catalogs.adoc b/operators/understanding/olm-rh-catalogs.adoc
index 335856d2028c..c97a782c66a3 100644
--- a/operators/understanding/olm-rh-catalogs.adoc
+++ b/operators/understanding/olm-rh-catalogs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-rh-catalogs"]
 = Red Hat-provided Operator catalogs
 include::_attributes/common-attributes.adoc[]
@@ -14,8 +14,15 @@ As of {product-title} 4.11, the default Red Hat-provided Operator catalog releas
 
 The `opm` subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
 
-Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format. For more information about working with file-based catalogs, see xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Managing custom catalogs], 
+Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format.
+ifndef::openshift-dedicated,openshift-rosa[]
+For more information about working with file-based catalogs, see xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Managing custom catalogs],
 xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format], and xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+endif::openshift-dedicated,openshift-rosa[]
+ifdef::openshift-dedicated,openshift-rosa[]
+For more information about working with file-based catalogs, see xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Managing custom catalogs], and
+xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format].
+endif::openshift-dedicated,openshift-rosa[]
 ====
 
 include::modules/olm-about-catalogs.adoc[leveloffset=+1]
@@ -25,6 +32,8 @@ include::modules/olm-about-catalogs.adoc[leveloffset=+1]
 
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs[Managing custom catalogs]
 * xref:../../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Packaging format]
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/olm-rh-catalogs.adoc[leveloffset=+1]
diff --git a/operators/understanding/olm-understanding-operatorhub.adoc b/operators/understanding/olm-understanding-operatorhub.adoc
index 71ce84411704..76b6a36aa1bb 100644
--- a/operators/understanding/olm-understanding-operatorhub.adoc
+++ b/operators/understanding/olm-understanding-operatorhub.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-understanding-operatorhub"]
 = Understanding OperatorHub
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm-what-operators-are.adoc b/operators/understanding/olm-what-operators-are.adoc
index 7865d533ca9b..e695ceaf5408 100644
--- a/operators/understanding/olm-what-operators-are.adoc
+++ b/operators/understanding/olm-what-operators-are.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-what-operators-are"]
 = What are Operators?
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm/olm-arch.adoc b/operators/understanding/olm/olm-arch.adoc
index 198158f37595..d2adea59fb83 100644
--- a/operators/understanding/olm/olm-arch.adoc
+++ b/operators/understanding/olm/olm-arch.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-arch"]
 = Operator Lifecycle Manager architecture
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm/olm-colocation.adoc b/operators/understanding/olm/olm-colocation.adoc
index 31ed32f86779..7ce9226f29f9 100644
--- a/operators/understanding/olm/olm-colocation.adoc
+++ b/operators/understanding/olm/olm-colocation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-colocation"]
 = Multitenancy and Operator colocation
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm/olm-operatorconditions.adoc b/operators/understanding/olm/olm-operatorconditions.adoc
index b5f832d87676..0d592ce73726 100644
--- a/operators/understanding/olm/olm-operatorconditions.adoc
+++ b/operators/understanding/olm/olm-operatorconditions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-operatorconditions"]
 = Operator conditions
 include::_attributes/common-attributes.adoc[]
@@ -17,3 +17,8 @@ include::modules/olm-supported-operatorconditions.adoc[leveloffset=+1]
 
 * xref:../../../operators/admin/olm-managing-operatorconditions.adoc#olm-operatorconditions[Managing Operator conditions]
 * xref:../../../operators/operator_sdk/osdk-generating-csvs.adoc#osdk-operatorconditions_osdk-generating-csvs[Enabling Operator conditions]
+// The following xrefs point to topics that are not currently included in the OSD/ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
+* xref:../../../nodes/pods/nodes-pods-configuring.adoc#nodes-pods-configuring-pod-distruption-about_nodes-pods-configuring[Using pod disruption budgets to specify the number of pods that must be up]
+* xref:../../../applications/deployments/route-based-deployment-strategies.adoc#deployments-graceful-termination_route-based-deployment-strategies[Graceful termination]
+endif::openshift-dedicated,openshift-rosa[]
diff --git a/operators/understanding/olm/olm-understanding-dependency-resolution.adoc b/operators/understanding/olm/olm-understanding-dependency-resolution.adoc
index 6ba58a235b55..ba1643b6733d 100644
--- a/operators/understanding/olm/olm-understanding-dependency-resolution.adoc
+++ b/operators/understanding/olm/olm-understanding-dependency-resolution.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-understanding-dependency-resolution"]
 = Operator Lifecycle Manager dependency resolution
 include::_attributes/common-attributes.adoc[]
@@ -16,6 +16,13 @@ include::modules/olm-properties.adoc[leveloffset=+1]
 include::modules/olm-dependencies.adoc[leveloffset=+1]
 include::modules/olm-generic-constraints.adoc[leveloffset=+1]
 include::modules/olm-dependency-resolution-preferences.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_dependency-resolution-preferences"]
+=== Additional resources
+
+* xref:../../../operators/understanding/olm/olm-understanding-olm.adoc#olm-cs-health_olm-understanding-olm[Catalog health requirements]
+
 include::modules/olm-dependency-resolution-crd-upgrades.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/operators/understanding/olm/olm-understanding-metrics.adoc b/operators/understanding/olm/olm-understanding-metrics.adoc
index fbe72eafcfa0..3935af12f030 100644
--- a/operators/understanding/olm/olm-understanding-metrics.adoc
+++ b/operators/understanding/olm/olm-understanding-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-understanding-metrics"]
 = Operator Lifecycle Manager metrics
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/understanding/olm/olm-understanding-olm.adoc b/operators/understanding/olm/olm-understanding-olm.adoc
index 3e7011fb6443..11390a63c4e9 100644
--- a/operators/understanding/olm/olm-understanding-olm.adoc
+++ b/operators/understanding/olm/olm-understanding-olm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-understanding-olm"]
 = Operator Lifecycle Manager concepts and resources
 include::_attributes/common-attributes.adoc[]
@@ -12,7 +12,6 @@ include::modules/olm-overview.adoc[leveloffset=+1]
 include::modules/olm-crds.adoc[leveloffset=+1]
 include::modules/olm-csv.adoc[leveloffset=+2]
 include::modules/olm-catalogsource.adoc[leveloffset=+2]
-
 [role="_additional-resources"]
 .Additional resources
 
@@ -21,25 +20,41 @@ include::modules/olm-catalogsource.adoc[leveloffset=+2]
 * xref:../../../operators/admin/olm-managing-custom-catalogs.adoc#olm-creating-catalog-from-index_olm-managing-custom-catalogs[Adding a catalog source to a cluster]
 * xref:../../../operators/understanding/olm/olm-understanding-dependency-resolution.adoc#olm-dependency-catalog-priority_olm-understanding-dependency-resolution[Catalog priority]
 * xref:../../../operators/admin/olm-status.adoc#olm-cs-status-cli_olm-status[Viewing Operator catalog source status by using the CLI]
+// This xref points to a topic that is not currently included in the OSD/ROSA docs.
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../../authentication/understanding-and-managing-pod-security-admission.adoc#understanding-and-managing-pod-security-admission[Understanding and managing pod security admission]
+endif::openshift-dedicated,openshift-rosa[]
 * xref:../../../operators/admin/olm-cs-podsched.adoc#olm-cs-podsched[Catalog source pod scheduling]
 
 include::modules/olm-catalogsource-image-template.adoc[leveloffset=+3]
+include::modules/olm-cs-health.adoc[leveloffset=+3]
+ifndef::openshift-dedicated,openshift-rosa[]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../operators/admin/olm-managing-custom-catalogs.adoc#olm-removing-catalogs_olm-managing-custom-catalogs[Removing custom catalogs]
+* xref:../../../operators/admin/olm-managing-custom-catalogs.adoc#olm-restricted-networks-operatorhub_olm-managing-custom-catalogs[Disabling the default OperatorHub catalog sources]
+endif::openshift-dedicated,openshift-rosa[]
+
 include::modules/olm-subscription.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../../operators/understanding/olm/olm-colocation.adoc#olm-colocation[Multitenancy and Operator colocation]
+endif::openshift-dedicated,openshift-rosa[]
 * xref:../../../operators/admin/olm-status.adoc#olm-status-viewing-cli_olm-status[Viewing Operator subscription status by using the CLI]
 
 include::modules/olm-installplan.adoc[leveloffset=+2]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../../operators/understanding/olm/olm-colocation.adoc#olm-colocation[Multitenancy and Operator colocation]
 * xref:../../../operators/admin/olm-creating-policy.adoc#olm-creating-policy[Allowing non-cluster administrators to install Operators]
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/olm-operatorgroups-about.adoc[leveloffset=+2]
 .Additional resources
diff --git a/operators/understanding/olm/olm-understanding-operatorgroups.adoc b/operators/understanding/olm/olm-understanding-operatorgroups.adoc
index c447c478e842..be19ef7c7b3c 100644
--- a/operators/understanding/olm/olm-understanding-operatorgroups.adoc
+++ b/operators/understanding/olm/olm-understanding-operatorgroups.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-understanding-operatorgroups"]
 = Operator groups
 include::_attributes/common-attributes.adoc[]
@@ -20,9 +20,12 @@ include::modules/olm-operatorgroups-intersections.adoc[leveloffset=+1]
 include::modules/olm-operatorgroups-limitations.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
-
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../../operators/understanding/olm/olm-colocation.adoc#olm-colocation[Operator Lifecycle Manager (OLM) -> Multitenancy and Operator colocation]
+endif::openshift-dedicated,openshift-rosa[]
 * xref:../../../operators/understanding/olm-multitenancy.adoc#olm-multitenancy[Operators in multitenant clusters]
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../../operators/admin/olm-creating-policy.adoc#olm-creating-policy[Allowing non-cluster administrators to install Operators]
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/olm-operatorgroups-troubleshooting.adoc[leveloffset=+1]
diff --git a/operators/understanding/olm/olm-webhooks.adoc b/operators/understanding/olm/olm-webhooks.adoc
index 4964be25af7d..cdaf8779a43e 100644
--- a/operators/understanding/olm/olm-webhooks.adoc
+++ b/operators/understanding/olm/olm-webhooks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-webhooks"]
 = Webhook management in Operator Lifecycle Manager
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,9 @@ See xref:../../../operators/operator_sdk/osdk-generating-csvs.adoc#olm-defining-
 [role="_additional-resources"]
 == Additional resources
 
+ifndef::openshift-dedicated,openshift-rosa[]
 * xref:../../../architecture/admission-plug-ins.adoc#admission-webhook-types_admission-plug-ins[Types of webhook admission plugins]
+endif::openshift-dedicated,openshift-rosa[]
 * Kubernetes documentation:
 ** link:https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook[Validating admission webhooks]
 ** link:https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook[Mutating admission webhooks]
diff --git a/operators/understanding/olm/olm-workflow.adoc b/operators/understanding/olm/olm-workflow.adoc
index 98f7f3b1e4ca..091ce7fd13c1 100644
--- a/operators/understanding/olm/olm-workflow.adoc
+++ b/operators/understanding/olm/olm-workflow.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-workflow"]
 = Operator Lifecycle Manager workflow
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/user/olm-creating-apps-from-installed-operators.adoc b/operators/user/olm-creating-apps-from-installed-operators.adoc
index 17d878642e2b..a0d3749c1c23 100644
--- a/operators/user/olm-creating-apps-from-installed-operators.adoc
+++ b/operators/user/olm-creating-apps-from-installed-operators.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-creating-apps-from-installed-operators"]
 = Creating applications from installed Operators
 include::_attributes/common-attributes.adoc[]
diff --git a/operators/user/olm-installing-operators-in-namespace.adoc b/operators/user/olm-installing-operators-in-namespace.adoc
index 9c5e03db26e7..ef52297b4c26 100644
--- a/operators/user/olm-installing-operators-in-namespace.adoc
+++ b/operators/user/olm-installing-operators-in-namespace.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olm-installing-operators-in-namespace"]
 = Installing Operators in your namespace
 include::_attributes/common-attributes.adoc[]
diff --git a/osd_architecture/osd-admission-plug-ins.adoc b/osd_architecture/osd-admission-plug-ins.adoc
new file mode 100644
index 000000000000..46f8cfe10966
--- /dev/null
+++ b/osd_architecture/osd-admission-plug-ins.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="osd-admission-plug-ins"]
+= Admission plugins
+include::_attributes/common-attributes.adoc[]
+:context: admission-plug-ins
+
+toc::[]
+
+
+Admission plugins are used to help regulate how {product-title} functions. 
+
+// Concept modules
+include::modules/admission-plug-ins-about.adoc[leveloffset=+1]
+
+include::modules/admission-plug-ins-default.adoc[leveloffset=+1]
+
+include::modules/admission-webhooks-about.adoc[leveloffset=+1]
+
+include::modules/admission-webhook-types.adoc[leveloffset=+1]
+
+// user (groups=["dedicated-admins" "system:authenticated:oauth" "system:authenticated"]) is attempting to grant RBAC permissions not currently held, clusterroles.rbac.authorization.k8s.io "system:openshift:online:my-webhook-server" not found, cannot get resource "rolebindings", cannot create resource "apiservices", cannot create resource "validatingwebhookconfigurations" 
+ifndef::openshift-rosa,openshift-dedicated[]
+// Procedure module
+include::modules/configuring-dynamic-admission.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+[role="_additional-resources"]
+[id="admission-plug-ins-additional-resources"]
+== Additional resources
+
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref: /networking/hardware_networks/configuring-sriov-operator.adoc#configuring-sriov-operator[Limiting custom network resources managed by the SR-IOV network device plugin]
+endif::openshift-rosa,openshift-dedicated[]
+
+* xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations_dedicating_nodes-scheduler-taints-tolerations[Defining tolerations that enable taints to qualify which pods should be scheduled on a node]
+
+* xref:../nodes/pods/nodes-pods-priority.adoc#admin-guide-priority-preemption-names_nodes-pods-priority[Pod priority class validation]
+
diff --git a/osd_architecture/osd-architecture.adoc b/osd_architecture/osd-architecture.adoc
index 1c0bb7b7bc49..bd16c89f3557 100644
--- a/osd_architecture/osd-architecture.adoc
+++ b/osd_architecture/osd-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-architecture"]
 = Architecture concepts
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_architecture/osd-support.adoc b/osd_architecture/osd-support.adoc
deleted file mode 100644
index 04dcb8112528..000000000000
--- a/osd_architecture/osd-support.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="osd-getting-support"]
-= Getting support
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: osd-getting-support
-
-toc::[]
-
-Get support for {product-title}.
-
-include::modules/support.adoc[leveloffset=+1]
-include::modules/support-knowledgebase-about.adoc[leveloffset=+1]
-include::modules/support-knowledgebase-search.adoc[leveloffset=+1]
-include::modules/support-submitting-a-case.adoc[leveloffset=+1]
-
-[id="osd-getting-support-additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* For details about identifying issues with your cluster, see xref:../sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc#using-insights-to-identify-issues-with-your-cluster[Using Insights to identify issues with your cluster].
diff --git a/osd_architecture/osd-understanding.adoc b/osd_architecture/osd-understanding.adoc
index 02736de5199c..de61134d8ef9 100644
--- a/osd_architecture/osd-understanding.adoc
+++ b/osd_architecture/osd-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-understanding"]
 = Understanding {product-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -13,4 +13,4 @@ include::modules/osd-intro.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* For more information about Telemetry and remote health monitoring for {product-title} clusters, see xref:../sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+* For more information about Telemetry and remote health monitoring for {product-title} clusters, see xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
diff --git a/osd_architecture/osd_policy/osd-life-cycle.adoc b/osd_architecture/osd_policy/osd-life-cycle.adoc
index 93f9c28336fa..f05ee7b14ee6 100644
--- a/osd_architecture/osd_policy/osd-life-cycle.adoc
+++ b/osd_architecture/osd_policy/osd-life-cycle.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-life-cycle"]
 = {product-title} update life cycle
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_architecture/osd_policy/osd-service-definition.adoc b/osd_architecture/osd_policy/osd-service-definition.adoc
index ea78224cda38..8915004e9ff5 100644
--- a/osd_architecture/osd_policy/osd-service-definition.adoc
+++ b/osd_architecture/osd_policy/osd-service-definition.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-service-definition"]
 = {product-title} service definition
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_architecture/osd_policy/osd-sre-access.adoc b/osd_architecture/osd_policy/osd-sre-access.adoc
new file mode 100644
index 000000000000..fd83be3af898
--- /dev/null
+++ b/osd_architecture/osd_policy/osd-sre-access.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: osd-sre-access
+[id="osd-sre-access"]
+= SRE and service account access
+
+toc::[]
+
+include::modules/policy-identity-access-management.adoc[leveloffset=+1]
+include::modules/sre-cluster-access.adoc[leveloffset=+1]
+include::modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects.adoc[leveloffset=+1]
+
diff --git a/osd_architecture/osd_policy/policy-process-security.adoc b/osd_architecture/osd_policy/policy-process-security.adoc
index 522cb8cfe69e..ca5ee2402984 100644
--- a/osd_architecture/osd_policy/policy-process-security.adoc
+++ b/osd_architecture/osd_policy/policy-process-security.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="policy-process-security"]
 = Understanding process and security for {product-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -9,6 +9,10 @@ toc::[]
 
 include::modules/policy-incident.adoc[leveloffset=+1]
 include::modules/policy-change-management.adoc[leveloffset=+1]
-include::modules/policy-identity-access-management.adoc[leveloffset=+1]
 include::modules/policy-security-regulation-compliance.adoc[leveloffset=+1]
 include::modules/policy-disaster-recovery.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+* For more information about Red Hat site reliability engineering (SRE) teams access, see xref:../../osd_architecture/osd_policy/osd-sre-access.adoc#policy-identity-access-management_osd-sre-access[Identity and access management].
\ No newline at end of file
diff --git a/osd_architecture/osd_policy/policy-responsibility-matrix.adoc b/osd_architecture/osd_policy/policy-responsibility-matrix.adoc
index bec56ce3815c..e186c56b5249 100644
--- a/osd_architecture/osd_policy/policy-responsibility-matrix.adoc
+++ b/osd_architecture/osd_policy/policy-responsibility-matrix.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="policy-responsibility-matrix"]
 = Responsibility assignment matrix
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_architecture/osd_policy/policy-understand-availability.adoc b/osd_architecture/osd_policy/policy-understand-availability.adoc
index 092e4b61ac0f..084cc9a2dbe4 100644
--- a/osd_architecture/osd_policy/policy-understand-availability.adoc
+++ b/osd_architecture/osd_policy/policy-understand-availability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="policy-understand-availability"]
 = Understanding availability for {product-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_cluster_admin/cluster-admin-role.adoc b/osd_cluster_admin/cluster-admin-role.adoc
index 73051a4910b0..9d976cce6bd7 100644
--- a/osd_cluster_admin/cluster-admin-role.adoc
+++ b/osd_cluster_admin/cluster-admin-role.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cluster-administrator-role"]
 = The cluster-admin role
 include::_attributes/common-attributes.adoc[]
diff --git a/osd_cluster_admin/dedicated-admin-role.adoc b/osd_cluster_admin/dedicated-admin-role.adoc
index 8cf366ddd901..a26f02207026 100644
--- a/osd_cluster_admin/dedicated-admin-role.adoc
+++ b/osd_cluster_admin/dedicated-admin-role.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-administrator-role"]
 = The dedicated-admin role
 include::_attributes/common-attributes.adoc[]
diff --git a/osd_cluster_admin/osd-cluster-autoscaling.adoc b/osd_cluster_admin/osd-cluster-autoscaling.adoc
new file mode 100644
index 000000000000..bb09a0a8a4ad
--- /dev/null
+++ b/osd_cluster_admin/osd-cluster-autoscaling.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="osd-cluster-autoscaling"]
+= Cluster autoscaling
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: osd-cluster-autoscaling
+
+toc::[]
+
+Applying autoscaling to {product-title} clusters involves configuring a cluster autoscaler and then configuring a machine autoscaler for at least one machine pool in your cluster.
+
+[IMPORTANT]
+====
+You can configure the cluster autoscaler only in clusters where the machine API is operational.
+
+Only one cluster autoscaler can be created per cluster.
+====
+
+include::modules/cluster-autoscaler-about.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-ui-during.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-ui-after.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-ui-settings.adoc[leveloffset=+1]
diff --git a/osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc b/osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
index e8909a8de376..7397ff13bebe 100644
--- a/osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
+++ b/osd_cluster_admin/osd_logging/osd-accessing-the-service-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-accessing-the-service-logs"]
 = Accessing the service logs for OpenShift Dedicated clusters
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc b/osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
index 57e384273c38..4f72ee0b7eaa 100644
--- a/osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
+++ b/osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="osd-managing-worker-nodes"]
 = Managing compute nodes
@@ -22,6 +22,7 @@ include::modules/rosa-osd-node-label-about.adoc[leveloffset=+1]
 .Additional resources
 
 * For more information about labels, see link:https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/[Kubernetes Labels and Selectors overview].
+* For more information about custom additional security group requirements, see xref:../../osd_planning/aws-ccs.adoc#osd-security-groups-custom_aws-ccs[Additional custom security groups].
 
 include::modules/rosa-adding-node-labels.adoc[leveloffset=+2]
 include::modules/rosa-adding-taints.adoc[leveloffset=+1]
diff --git a/osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc b/osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc
index a065b1e0e671..2476c074922a 100644
--- a/osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc
+++ b/osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="osd-nodes-about-autoscaling-nodes"]
 = About autoscaling nodes on a cluster
@@ -7,7 +7,7 @@ toc::[]
 
 [IMPORTANT]
 ====
-Autoscaling is available only on clusters that were purchased through the Red Hat Marketplace.
+Autoscaling is available only on clusters that were purchased through Google Cloud Marketplace and Red Hat Marketplace.
 ====
 
 The autoscaler option can be configured to automatically scale the number of machines in a cluster.
diff --git a/osd_cluster_admin/osd_nodes/osd-nodes-machinepools-about.adoc b/osd_cluster_admin/osd_nodes/osd-nodes-machinepools-about.adoc
index cbc54d3c7d42..f3bc9d091072 100644
--- a/osd_cluster_admin/osd_nodes/osd-nodes-machinepools-about.adoc
+++ b/osd_cluster_admin/osd_nodes/osd-nodes-machinepools-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="osd-machinepools-about"]
 = About machine pools
diff --git a/osd_cluster_admin/osd_private_connections/aws-private-connections.adoc b/osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
index b5285b21cd10..17b43361cd8e 100644
--- a/osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
+++ b/osd_cluster_admin/osd_private_connections/aws-private-connections.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="aws-private-connections"]
 = Configuring private connections for AWS
 :context: aws-private-connections
diff --git a/osd_cluster_admin/osd_private_connections/private-cluster.adoc b/osd_cluster_admin/osd_private_connections/private-cluster.adoc
index 7c725af9c039..a11562ddaf3b 100644
--- a/osd_cluster_admin/osd_private_connections/private-cluster.adoc
+++ b/osd_cluster_admin/osd_private_connections/private-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="private-cluster"]
 = Configuring a private cluster
 :context: private-cluster
diff --git a/osd_getting_started/osd-getting-started.adoc b/osd_getting_started/osd-getting-started.adoc
index 46005f567071..b0d7dab4a301 100644
--- a/osd_getting_started/osd-getting-started.adoc
+++ b/osd_getting_started/osd-getting-started.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-getting-started"]
 = Getting started with {product-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -31,6 +31,8 @@ Complete the steps in one of the following sections to deploy {product-title} in
 
 * *xref:../osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc#osd-create-gcp-cluster-ccs_osd-creating-a-cluster-on-gcp[Creating a cluster on GCP with CCS]*: You can install {product-title} in your own {GCP} account by using the CCS model.
 
+* *xref:../osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc#osd-create-cluster-gcp-account_osd-creating-a-cluster-on-gcp[Creating a cluster on GCP with Google Cloud Marketplace]*: You can install {product-title} in your own {GCP} account with Google Cloud Marketplace.
+
 [id="osd-getting-started-create-cluster-red-hat-cloud-account"]
 === Creating a cluster using a Red Hat cloud account
 
@@ -47,6 +49,12 @@ include::modules/config-idp.adoc[leveloffset=+1]
 * For detailed steps to configure each of the supported identity provider types, see xref:../osd_install_access_delete_cluster/config-identity-providers.adoc#config-identity-providers[Configuring identity providers].
 
 include::modules/osd-grant-admin-privileges.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../osd_architecture/osd_policy/osd-service-definition.adoc#cluster-admin-user_osd-service-definition[Customer administrator user]
+
 include::modules/access-cluster.adoc[leveloffset=+1]
 include::modules/deploy-app.adoc[leveloffset=+1]
 include::modules/scaling-cluster.adoc[leveloffset=+1]
@@ -66,7 +74,7 @@ include::modules/deleting-cluster.adoc[leveloffset=+1]
 * xref:../adding_service_cluster/adding-service.adoc#adding-service[Adding services to a cluster using the {cluster-manager} console]
 * xref:../osd_cluster_admin/osd_nodes/osd-nodes-machinepools-about.adoc#osd-machine-pools-about[About machine pools]
 * xref:../osd_cluster_admin/osd_nodes/osd-nodes-about-autoscaling-nodes.adoc#nodes-about-autoscaling-nodes[About autoscaling nodes on a cluster]
-* xref:../monitoring/osd-configuring-the-monitoring-stack.adoc#osd-configuring-the-monitoring-stack[Configuring the monitoring stack]
+* xref:../monitoring/configuring-the-monitoring-stack.adoc[Configuring the monitoring stack]
 
 [id="additional-resources_{context}"]
 == Additional resources
diff --git a/osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc b/osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc
index cb84f0dcad5b..8a2a538ad68c 100644
--- a/osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc
+++ b/osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-understanding-your-cloud-deployment-options"]
 = Understanding your cloud deployment options
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_install_access_delete_cluster/config-identity-providers.adoc b/osd_install_access_delete_cluster/config-identity-providers.adoc
index 0eae7dd83d10..2c1e6bf7a915 100644
--- a/osd_install_access_delete_cluster/config-identity-providers.adoc
+++ b/osd_install_access_delete_cluster/config-identity-providers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="config-identity-providers"]
 = Configuring identity providers
@@ -9,10 +9,17 @@ toc::[]
 After your {product-title} cluster is created, you must configure identity providers to determine how users log in to access the cluster.
 
 include::modules/understanding-idp.adoc[leveloffset=+1]
+include::modules/identity-provider-parameters.adoc[leveloffset=+2]
 include::modules/config-github-idp.adoc[leveloffset=+1]
 include::modules/config-gitlab-idp.adoc[leveloffset=+1]
 include::modules/config-google-idp.adoc[leveloffset=+1]
 include::modules/config-ldap-idp.adoc[leveloffset=+1]
 include::modules/config-openid-idp.adoc[leveloffset=+1]
 include::modules/config-htpasswd-idp.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../osd_architecture/osd_policy/osd-service-definition.adoc#cluster-admin-user_osd-service-definition[Customer administrator user]
+
 include::modules/access-cluster.adoc[leveloffset=+1]
diff --git a/osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc b/osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc
index 7599ea44f0d9..40a88864e794 100644
--- a/osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc
+++ b/osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-creating-a-cluster-on-gcp"]
 = Creating a cluster on GCP
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -16,8 +16,9 @@ You can install {product-title} on {GCP} by using your own GCP account through t
 * You reviewed the xref:../osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc#osd-understanding-your-cloud-deployment-options[{product-title} cloud deployment options].
 
 include::modules/osd-create-cluster-ccs.adoc[leveloffset=+1]
+include::modules/osd-create-cluster-gcp-account.adoc[leveloffset=+1]
 include::modules/osd-create-cluster-red-hat-account.adoc[leveloffset=+1]
-
+include::modules/osd-create-cluster-rhm-gcp-account.adoc[leveloffset=+1]
 [id="additional-resources_{context}"]
 == Additional resources
 
diff --git a/osd_install_access_delete_cluster/creating-an-aws-cluster.adoc b/osd_install_access_delete_cluster/creating-an-aws-cluster.adoc
index 954fda2e9f6c..454c3cada237 100644
--- a/osd_install_access_delete_cluster/creating-an-aws-cluster.adoc
+++ b/osd_install_access_delete_cluster/creating-an-aws-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-creating-a-cluster-on-aws"]
 = Creating a cluster on AWS
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -27,3 +27,4 @@ include::modules/osd-create-cluster-red-hat-account.adoc[leveloffset=+1]
 * For information about load balancers for {product-title}, see the xref:../osd_architecture/osd_policy/osd-service-definition.adoc#load-balancers_osd-service-definition[Load balancers] section in the {product-title} service definition.
 * For more information about etcd encryption, see the xref:../osd_architecture/osd_policy/osd-service-definition.adoc#etcd-encryption_osd-service-definition[etcd encryption service definition].
 * For information about the end-of-life dates for {product-title} versions, see the xref:../osd_architecture/osd_policy/osd-life-cycle.adoc#osd-life-cycle[{product-title} update life cycle].
+* For information about the requirements for custom additional security groups, see xref:../osd_planning/aws-ccs.adoc#osd-security-groups-custom_aws-ccs[Additional custom security groups].
diff --git a/osd_install_access_delete_cluster/osd-deleting-a-cluster.adoc b/osd_install_access_delete_cluster/osd-deleting-a-cluster.adoc
index 50ab041e6f5d..c1031e6abb0f 100644
--- a/osd_install_access_delete_cluster/osd-deleting-a-cluster.adoc
+++ b/osd_install_access_delete_cluster/osd-deleting-a-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-deleting-a-cluster"]
 = Deleting an {product-title} cluster
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_install_access_delete_cluster/osd-revoking-cluster-privileges.adoc b/osd_install_access_delete_cluster/osd-revoking-cluster-privileges.adoc
index 30a457091e5f..e533f4d93ad2 100644
--- a/osd_install_access_delete_cluster/osd-revoking-cluster-privileges.adoc
+++ b/osd_install_access_delete_cluster/osd-revoking-cluster-privileges.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-revoking-cluster-privileges"]
 = Revoking privileges and access to an {product-title} cluster
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/osd_planning/aws-ccs.adoc b/osd_planning/aws-ccs.adoc
index b9fe86aa3864..afefb17c96e7 100644
--- a/osd_planning/aws-ccs.adoc
+++ b/osd_planning/aws-ccs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="aws-ccs"]
 = Customer Cloud Subscriptions on AWS
 :context: aws-ccs
@@ -16,4 +16,11 @@ include::modules/ccs-aws-scp.adoc[leveloffset=+1]
 include::modules/ccs-aws-iam.adoc[leveloffset=+1]
 include::modules/ccs-aws-provisioned.adoc[leveloffset=+1]
 include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+2]
-include::modules/aws-limits.adoc[leveloffset=+1]
\ No newline at end of file
+
+[role="_additional-resources"]
+.Additional resources
+
+*  xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+
+
+include::modules/aws-limits.adoc[leveloffset=+1]
diff --git a/osd_planning/gcp-ccs.adoc b/osd_planning/gcp-ccs.adoc
index e97e32f874ae..83dd24cf4b7b 100644
--- a/osd_planning/gcp-ccs.adoc
+++ b/osd_planning/gcp-ccs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="gcp-ccs"]
 = Customer Cloud Subscriptions on GCP
 :context: gcp-ccs
@@ -7,9 +7,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 toc::[]
 
 [role="_abstract"]
-Red Hat recommends the usage of a {GCP} project, managed by the customer, to organize all of your GCP resources. A project consists of a set of users and APIs, as well as billing, authentication, and monitoring settings for those APIs.
-
-It is a best practice for the {product-title} CCS cluster to be hosted in a GCP project within a GCP organization. The Organization resource is the root node of the GCP resource hierarchy and all resources that belong to an organization are grouped under the organization node. An IAM service account with certain roles granted is created and applied to the GCP project. When you make calls to the API, you typically provide service account keys for authentication. Each service account is owned by a specific project, but service accounts can be provided roles to access resources for other projects.
+{product-title} provides a Customer Cloud Subscription (CCS) model that allows Red Hat to deploy and manage clusters in a customer’s existing Google Cloud Platform (GCP) account.
 
 include::modules/ccs-gcp-understand.adoc[leveloffset=+1]
 include::modules/ccs-gcp-customer-requirements.adoc[leveloffset=+1]
diff --git a/osd_planning/osd-limits-scalability.adoc b/osd_planning/osd-limits-scalability.adoc
index 38e29efe0d51..ae101e5efd5e 100644
--- a/osd_planning/osd-limits-scalability.adoc
+++ b/osd_planning/osd-limits-scalability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 
 [id="osd-limits-scalability"]
diff --git a/otel/_attributes b/otel/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/otel/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/otel/images b/otel/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/otel/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/otel/modules b/otel/modules
new file mode 120000
index 000000000000..43aab75b53c9
--- /dev/null
+++ b/otel/modules
@@ -0,0 +1 @@
+../modules/
\ No newline at end of file
diff --git a/otel/otel-configuring.adoc b/otel/otel-configuring.adoc
new file mode 100644
index 000000000000..8350694ba3cc
--- /dev/null
+++ b/otel/otel-configuring.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="otel-configuring"]
+= Configuring and deploying the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: otel-configuring
+
+toc::[]
+
+The {OTELName} Operator uses a custom resource definition (CRD) file that defines the architecture and configuration settings to be used when creating and deploying the {OTELShortName} resources. You can install the default configuration or modify the file.
+
+include::modules/otel-config-collector.adoc[leveloffset=+1]
+include::modules/otel-config-multicluster.adoc[leveloffset=+1]
+include::modules/otel-config-send-metrics-monitoring-stack.adoc[leveloffset=+1]
+
+[id="setting-up-monitoring-for-otel"]
+== Setting up monitoring for the {OTELShortName}
+
+The {OTELOperator} supports monitoring and alerting of each OpenTelemtry Collector instance and exposes upgrade and operational metrics about the Operator itself.
+
+include::modules/otel-configuring-otelcol-metrics.adoc[leveloffset=+2]
+
+// modules/otel-configuring-oteloperator-metrics.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_deploy-otel"]
+== Additional resources
+* xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
diff --git a/otel/otel-installing.adoc b/otel/otel-installing.adoc
new file mode 100644
index 000000000000..a0ba70096a75
--- /dev/null
+++ b/otel/otel-installing.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="install-otel"]
+= Installing the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: install-otel
+
+toc::[]
+
+Installing the {OTELShortName} involves the following steps:
+
+. Installing the {OTELOperator}.
+. Creating a namespace for an OpenTelemetry Collector instance.
+. Creating an `OpenTelemetryCollector` custom resource to deploy the OpenTelemetry Collector instance.
+
+include::modules/otel-install-web-console.adoc[leveloffset=+1]
+
+include::modules/otel-install-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_otel-installing"]
+== Additional resources
+* xref:../post_installation_configuration/preparing-for-users.adoc#creating-cluster-admin_post-install-preparing-for-users[Creating a cluster admin]
+* link:https://operatorhub.io/[OperatorHub.io]
+* xref:../web_console/web-console.adoc#web-console[Accessing the web console]
+* xref:../operators/admin/olm-adding-operators-to-cluster.adoc#olm-installing-from-operatorhub-using-web-console_olm-adding-operators-to-a-cluster[Installing from OperatorHub using the web console]
+* xref:../operators/user/olm-creating-apps-from-installed-operators.adoc#olm-creating-apps-from-installed-operators[Creating applications from installed Operators]
+* xref:../cli_reference/openshift_cli/getting-started-cli.adoc#getting-started-cli[Getting started with the OpenShift CLI]
diff --git a/otel/otel-instrumentation.adoc b/otel/otel-instrumentation.adoc
new file mode 100644
index 000000000000..13eadd2bf81a
--- /dev/null
+++ b/otel/otel-instrumentation.adoc
@@ -0,0 +1,14 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="otel-instrumentation"]
+= Configuring and deploying the OpenTelemetry instrumentation injection
+include::_attributes/common-attributes.adoc[]
+:context: otel-instrumentation
+
+toc::[]
+
+:FeatureName: OpenTelemetry instrumentation injection
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+The {OTELName} Operator uses a custom resource definition (CRD) file that defines the configuration of the instrumentation.
+
+include::modules/otel-config-instrumentation.adoc[leveloffset=+1]
diff --git a/otel/otel-migrating.adoc b/otel/otel-migrating.adoc
new file mode 100644
index 000000000000..75bed9b697a5
--- /dev/null
+++ b/otel/otel-migrating.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-otel-migrating"]
+= Migrating from the {JaegerShortName} to the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-otel-migrating
+
+toc::[]
+
+If you are already using the {JaegerName} for your applications, you can migrate to the {OTELName}, which is based on the link:https://opentelemetry.io/[OpenTelemetry] open-source project.
+
+The {OTELShortName} provides a set of APIs, libraries, agents, and instrumentation to facilitate observability in distributed systems. The OpenTelemetry Collector in the {OTELShortName} can ingest the Jaeger protocol, so you do not need to change the SDKs in your applications.
+
+Migration from the {JaegerShortName} to the {OTELShortName} requires configuring the OpenTelemetry Collector and your applications to report traces seamlessly. You can migrate sidecar and sidecarless deployments.
+
+include::modules/otel-migrating-from-jaeger-with-sidecars.adoc[leveloffset=+1]
+
+include::modules/otel-migrating-from-jaeger-without-sidecars.adoc[leveloffset=+1]
diff --git a/otel/otel-release-notes.adoc b/otel/otel-release-notes.adoc
new file mode 100644
index 000000000000..b0c207c4100e
--- /dev/null
+++ b/otel/otel-release-notes.adoc
@@ -0,0 +1,136 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+[id="otel-release-notes"]
+= Release notes for {OTELName}
+:context: otel-release-notes
+
+toc::[]
+
+[id="otel-product-overview"]
+== {OTELName} overview
+
+{OTELName} is based on the open source link:https://opentelemetry.io/[OpenTelemetry project], which aims to provide unified, standardized, and vendor-neutral telemetry data collection for cloud-native software. {OTELName} product provides support for deploying and managing the OpenTelemetry Collector and simplifying the workload instrumentation.
+
+The link:https://opentelemetry.io/docs/collector/[OpenTelemetry Collector] can receive, process, and forward telemetry data in multiple formats, making it the ideal component for telemetry processing and interoperability between telemetry systems. The Collector provides a unified solution for collecting and processing metrics, traces, and logs.
+
+The OpenTelemetry Collector has a number of features including the following:
+
+Data Collection and Processing Hub:: It acts as a central component that gathers telemetry data like metrics and traces from various sources. This data can be created from instrumented applications and infrastructure.
+
+Customizable telemetry data pipeline:: The OpenTelemetry Collector is designed to be customizable. It supports various processors, exporters, and receivers.
+
+Auto-instrumentation features:: Automatic instrumentation simplifies the process of adding observability to applications. Developers don't need to manually instrument their code for basic telemetry data.
+
+Here are some of the use cases for the OpenTelemetry Collector:
+
+Centralized data collection:: In a microservices architecture, the Collector can be deployed to aggregate data from multiple services.
+
+Data enrichment and processing:: Before forwarding data to analysis tools, the Collector can enrich, filter, and process this data.
+
+Multi-backend receiving and exporting:: The Collector can receive and send data to multiple monitoring and analysis platforms simultaneously.
+
+[id="otel-3-0-rn"]
+== {OTELName} {DTProductVersion}
+
+{OTELName} {DTProductVersion} is based on link:https://opentelemetry.io/[OpenTelemetry] {OTELVersion}.
+
+[id="new-features-and-enhancements_otel-3-0-rn"]
+=== New features and enhancements
+
+This update introduces the following enhancements:
+
+* The *OpenShift distributed tracing data collection Operator* is renamed as the *{OTELOperator}*.
+* Support for the ARM architecture.
+* Support for the Prometheus receiver for metrics collection.
+* Support for the Kafka receiver and exporter for sending traces and metrics to Kafka.
+* Support for cluster-wide proxy environments.
+* The {OTELOperator} creates the Prometheus `ServiceMonitor` custom resource if the Prometheus exporter is enabled.
+* The Operator enables the `Instrumentation` custom resource that allows injecting upstream OpenTelemetry auto-instrumentation libraries.
+
+[id="removal-notice_otel-3-0-rn"]
+=== Removal notice
+
+* In {OTELName} {DTProductVersion}, the Jaeger exporter has been removed. Bug fixes and support are provided only through the end of the 2.9 lifecycle. As an alternative to the Jaeger exporter for sending data to the Jaeger collector, you can use the OTLP exporter instead.
+
+[id="bug-fixes_otel-3-0-rn"]
+=== Bug fixes
+
+This update introduces the following bug fixes:
+
+* Fixed support for disconnected environments when using the `oc adm catalog mirror` CLI command.
+
+[id="known-issues_otel-3-0-rn"]
+=== Known issues
+
+Curently, the cluster monitoring of the {OTELOperator} is disabled due to a bug (link:https://issues.redhat.com/browse/TRACING-3761[TRACING-3761]). The bug is preventing the cluster monitoring from scraping metrics from the {OTELOperator} due to a missing label `openshift.io/cluster-monitoring=true`
+ that is required for the cluster monitoring and service monitor object.
+
+.Workaround
+
+You can enable the cluster monitoring as follows:
+
+. Add the following label in the Operator namespace: `oc label namespace openshift-opentelemetry-operator openshift.io/cluster-monitoring=true`
+
+. Create a service monitor, role, and role binding:
++
+[source,yaml]
+----
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: opentelemetry-operator-controller-manager-metrics-service
+  namespace: openshift-opentelemetry-operator
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    path: /metrics
+    port: https
+    scheme: https
+    tlsConfig:
+      insecureSkipVerify: true
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: opentelemetry-operator
+      control-plane: controller-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: otel-operator-prometheus
+  namespace: openshift-opentelemetry-operator
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: otel-operator-prometheus
+  namespace: openshift-opentelemetry-operator
+  annotations:
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: otel-operator-prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: openshift-monitoring
+----
+
+include::modules/support.adoc[leveloffset=+1]
+
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
diff --git a/otel/otel-removing.adoc b/otel/otel-removing.adoc
new file mode 100644
index 000000000000..18b650898bc8
--- /dev/null
+++ b/otel/otel-removing.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-otel-removing"]
+= Removing the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-otel-removing
+
+toc::[]
+
+The steps for removing the {OTELShortName} from an {product-title} cluster are as follows:
+
+. Shut down all {OTELShortName} pods.
+. Remove any OpenTelemetryCollector instances.
+. Remove the {OTELOperator}.
+
+include::modules/otel-remove-web-console.adoc[leveloffset=+1]
+
+include::modules/otel-remove-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_dist-tracing-otel-removing"]
+== Additional resources
+
+* xref:../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster]
+* xref:../cli_reference/openshift_cli/getting-started-cli.adoc#getting-started-cli[Getting started with the OpenShift CLI]
diff --git a/otel/otel-troubleshooting.adoc b/otel/otel-troubleshooting.adoc
new file mode 100644
index 000000000000..cbdb41fb14c1
--- /dev/null
+++ b/otel/otel-troubleshooting.adoc
@@ -0,0 +1,13 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="otel-troubleshoot"]
+= Troubleshooting the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: otel-troubleshoot
+
+toc::[]
+
+The OpenTelemetry Collector offers multiple ways to measure its health as well as investigate data ingestion issues.
+
+include::modules/otel-troubleshoot-collector-logs.adoc[leveloffset=+1]
+include::modules/otel-troubleshoot-metrics.adoc[leveloffset=+1]
+include::modules/otel-troubleshoot-logging-exporter-stdout.adoc[leveloffset=+1]
diff --git a/otel/otel-updating.adoc b/otel/otel-updating.adoc
new file mode 100644
index 000000000000..98b55d8316bd
--- /dev/null
+++ b/otel/otel-updating.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="dist-tracing-otel-updating"]
+= Updating the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: dist-tracing-otel-updating
+
+toc::[]
+
+For version upgrades, the {OTELOperator} uses the Operator Lifecycle Manager (OLM), which controls installation, upgrade, and role-based access control (RBAC) of Operators in a cluster.
+
+The OLM runs in the {product-title} by default. The OLM queries for available Operators as well as upgrades for installed Operators.
+
+When the {OTELOperator} is upgraded to the new version, it scans for running OpenTelemetry Collector instances that it manages and upgrades them to the version corresponding to the Operator's new version.
+
+[role="_additional-resources"]
+[id="additional-resources_dist-tracing-otel-updating"]
+== Additional resources
+
+* xref:../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[Operator Lifecycle Manager concepts and resources]
+* xref:../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
diff --git a/otel/otel-using.adoc b/otel/otel-using.adoc
new file mode 100644
index 000000000000..8712a19b4420
--- /dev/null
+++ b/otel/otel-using.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="otel-temp"]
+= Using the {OTELShortName}
+include::_attributes/common-attributes.adoc[]
+:context: otel-temp
+
+toc::[]
+
+You can set up and use the {OTELShortName} to send traces to the OpenTelemetry Collector or the TempoStack.
+
+include::modules/otel-forwarding.adoc[leveloffset=+1]
+
+[id="otel-send-traces-and-metrics-to-otel-collector_{context}"]
+== Sending traces and metrics to the OpenTelemetry Collector
+
+Sending traces and metrics to the OpenTelemetry Collector is possible with or without sidecar injection.
+
+include::modules/otel-send-traces-and-metrics-to-otel-collector-with-sidecar.adoc[leveloffset=+2]
+
+include::modules/otel-send-traces-and-metrics-to-otel-collector-without-sidecar.adoc[leveloffset=+2]
diff --git a/otel/snippets b/otel/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/otel/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/post_installation_configuration/adding-nutanix-failure-domains.adoc b/post_installation_configuration/adding-nutanix-failure-domains.adoc
new file mode 100644
index 000000000000..60b4b69885c0
--- /dev/null
+++ b/post_installation_configuration/adding-nutanix-failure-domains.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="adding-failure-domains-to-an-existing-nutanix-cluster"]
+= Adding failure domains to an existing Nutanix cluster
+include::_attributes/common-attributes.adoc[]
+:context: adding-failure-domains-to-an-existing-nutanix-cluster
+
+toc::[]
+
+By default, the installation program installs control plane and compute machines into a single Nutanix Prism Element (cluster). After an {product-title} cluster is deployed, you can improve its fault tolerance by adding additional Prism Element instances to the deployment using failure domains.
+
+A failure domain represents a single Prism Element instance to which:
+
+* New control plane and compute machines can be deployed.
+* Existing control plane and compute machines can be distributed.
+
+include::modules/installation-nutanix-failure-domains-req.adoc[leveloffset=+1]
+
+include::modules/post-installation-configuring-nutanix-failure-domains.adoc[leveloffset=+1]
+
+include::modules/post-installation-adding-nutanix-failure-domains-control-planes.adoc[leveloffset=+1]
+
+include::modules/post-installation-adding-nutanix-failure-domains-compute-machines.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_adding-nutanix-failure-domains"]
+== Additional resources
+* xref:../machine_management/control_plane_machine_management/cpmso-getting-started.adoc#cpmso-checking-status_cpmso-getting-started[Checking the control plane machine set custom resource state]
+* xref:../machine_management/control_plane_machine_management/cpmso-using.adoc#cpmso-feat-replace_cpmso-using[Replacing a control plane machine]
+* xref:../machine_management/creating_machinesets/creating-machineset-nutanix.adoc#creating-machineset-nutanix[Creating a compute machine set on Nutanix]
diff --git a/post_installation_configuration/aws-compute-edge-tasks.adoc b/post_installation_configuration/aws-compute-edge-tasks.adoc
new file mode 100644
index 000000000000..45fd4a0a68b3
--- /dev/null
+++ b/post_installation_configuration/aws-compute-edge-tasks.adoc
@@ -0,0 +1,74 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="aws-compute-edge-tasks"]
+= AWS Local Zone tasks
+include::_attributes/common-attributes.adoc[]
+:context: aws-compute-edge-tasks
+
+toc::[]
+
+After installing {product-title} on Amazon Web Services (AWS), you can further configure AWS Local Zones and an edge compute pool, so that you can expand and customize your cluster to meet your needs.
+
+// Extend existing clusters to use AWS Local Zones
+include::modules/post-install-edge-aws-extend-cluster.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about AWS Local Zones, the supported instances types, and services, see link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Local Zones features] in the AWS documentation.
+
+
+// About the Edge Compute Pool
+include::modules/edge-machine-pools-aws-local-zones.adoc[leveloffset=+2]
+
+[id="post-install-extend-existing-to-local-zones-mtu"]
+=== Changing the Cluster Network MTU to support AWS Local Zones subnets
+
+You might need to change the maximum transmission unit (MTU) value for the cluster
+network so that your cluster infrastructure can support Local Zone subnets.
+
+// About the cluster MTU
+include::modules/nw-cluster-mtu-change-about.adoc[leveloffset=+3]
+
+// Changing the cluster MTU
+include::modules/nw-cluster-mtu-change.adoc[leveloffset=+3]
+
+// Opting in to AWS Local Zones
+include::modules/installation-aws-add-local-zone-locations.adoc[leveloffset=+2]
+
+// Extend existing clusters to use AWS Local Zones
+include::modules/post-install-existing-local-zone-subnet.adoc[leveloffset=+2]
+
+// Creating a subnet in AWS Local Zones
+include::modules/installation-creating-aws-subnet-localzone.adoc[leveloffset=+3]
+
+// CloudFormation template for the subnet that uses AWS Local Zones
+include::modules/installation-cloudformation-subnet-localzone.adoc[leveloffset=+3]
+
+// Creating a machine set manifest for AWS Local Zones node
+include::modules/post-install-edge-aws-extend-machineset.adoc[leveloffset=+2]
+
+// Sample YAML for a compute machine set custom resource on AWS
+include::modules/machineset-yaml-aws.adoc[leveloffset=+3]
+
+// Creating a compute machine set
+include::modules/machineset-creating.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../installing/installing_aws/installing-aws-localzone.adoc#installing-aws-localzone[Installing a cluster on AWS with worker nodes on AWS Local Zones]
+
+// Creating user workloads in AWS Local Zones
+include::modules/installation-extend-edge-nodes-aws-local-zones.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../installing/installing_aws/installing-aws-localzone.adoc#installing-aws-localzone[Installing a cluster on AWS with worker nodes on AWS Local Zones]
+
+* xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-about_nodes-scheduler-taints-tolerations[Understanding taints and tolerations]
+
+.Next steps
+
+* Optional: Use the AWS Load Balancer (ALB) Operator to expose a pod from a targeted edge worker node to services that run inside of a Local Zone subnet from a public network.
+See xref:../networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc#nw-installing-aws-load-balancer-operator_aws-load-balancer-operator[Installing the AWS Load Balancer Operator].
\ No newline at end of file
diff --git a/post_installation_configuration/bare-metal-configuration.adoc b/post_installation_configuration/bare-metal-configuration.adoc
index 890beba1441c..4d2d2ba28474 100644
--- a/post_installation_configuration/bare-metal-configuration.adoc
+++ b/post_installation_configuration/bare-metal-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-bare-metal-configuration
 [id="post-install-bare-metal-configuration"]
 = Bare metal configuration
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-When deploying {product-title} on bare metal hosts, there are times when you need to make changes to the host either before or after provisioning. This can include inspecting the host's hardware, firmware, and firmware details. It can also include formatting disks or changing modifiable firmware settings. 
+When deploying {product-title} on bare metal hosts, there are times when you need to make changes to the host either before or after provisioning. This can include inspecting the host's hardware, firmware, and firmware details. It can also include formatting disks or changing modifiable firmware settings.
 
 include::modules/bmo-about-the-bare-metal-operator.adoc[leveloffset=+1]
 include::modules/con_bmo-bare-metal-operator-architecture.adoc[leveloffset=+2]
diff --git a/post_installation_configuration/cluster-tasks.adoc b/post_installation_configuration/cluster-tasks.adoc
index a13dbd01a24b..9ad32c649b3b 100644
--- a/post_installation_configuration/cluster-tasks.adoc
+++ b/post_installation_configuration/cluster-tasks.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-cluster-tasks
 [id="post-install-cluster-tasks"]
-= Post-installation cluster tasks
+= Postinstallation cluster tasks
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
@@ -15,7 +15,7 @@ You complete most of the cluster configuration and customization after you deplo
 
 [NOTE]
 ====
-If you install your cluster on {ibmzProductName}, not all features and functions are available.
+If you install your cluster on {ibm-z-name}, not all features and functions are available.
 ====
 
 You modify the configuration resources to configure the major features of the
@@ -201,7 +201,7 @@ For clusters managed by the Assisted Installer, you can add worker nodes by usin
 
 For clusters managed by the multicluster engine for Kubernetes, you can add worker nodes by using the dedicated multicluster engine console.
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#scale-hosts-infrastructure-env[Scaling hosts to an infrastructure environment]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#on-prem-creating-your-cluster-with-the-console[Creating your cluster with the console]
 
 ////
 [id="default-crds_{context}"]
@@ -544,21 +544,6 @@ include::modules/machineset-delete-policy.adoc[leveloffset=+2]
 
 include::modules/nodes-scheduler-node-selectors-cluster.adoc[leveloffset=+2]
 
-include::modules/installation-extend-edge-nodes-aws-local-zones.adoc[leveloffset=+2]
-
-.Next steps
-
-* Optional: Use the AWS Load Balancer (ALB) Operator to expose a pod from a targeted edge worker node to services that run inside a Local Zone subnet from a public network. See xref:../networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc#nw-installing-aws-load-balancer-operator_aws-load-balancer-operator[Installing the AWS Load Balancer Operator].
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../installing/installing_aws/installing-aws-localzone.html[Installing a cluster using AWS Local Zones]
-
-* xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc[Understanding taints and tolerations]
-
-* xref:../logging/config/cluster-logging-tolerations.adoc[Using tolerations to control OpenShift Logging pod placement]
-
 [id="post-worker-latency-profiles"]
 == Improving cluster stability in high latency environments using worker latency profiles
 
@@ -643,17 +628,12 @@ include::modules/machine-autoscaler-cr.adoc[leveloffset=+2]
 :FeatureResourceName: MachineAutoscaler
 include::modules/deploying-resource.adoc[leveloffset=+2]
 
-ifndef::openshift-origin[]
 include::modules/nodes-clusters-cgroups-2.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../nodes/clusters/nodes-cluster-cgroups-2.adoc#nodes-cluster-cgroups-2[Configuring the Linux cgroup version on your nodes]
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-include::modules/nodes-clusters-cgroups-okd-configure.adoc[leveloffset=+1]
-endif::openshift-origin[]
 
 [id="post-install-tp-tasks"]
 == Enabling Technology Preview features using FeatureGates
@@ -710,7 +690,7 @@ To allow the cluster to use the new credentials, you must update the secrets tha
 === Rotating cloud provider credentials with the Cloud Credential Operator utility
 
 // Right now only IBM can do this, but it makes sense to set this up so that other clouds can be added.
-The Cloud Credential Operator (CCO) utility `ccoctl` supports updating secrets for clusters installed on IBM Cloud.
+The Cloud Credential Operator (CCO) utility `ccoctl` supports updating secrets for clusters installed on {ibm-cloud-name}.
 
 //Rotating IBM Cloud credentials with ccoctl
 include::modules/refreshing-service-ids-ibm-cloud.adoc[leveloffset=+3]
@@ -729,9 +709,7 @@ include::modules/manually-removing-cloud-creds.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 * xref:../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator]
-* xref:../installing/installing_aws/manually-creating-iam.adoc#admin-credentials-root-secret-formats_manually-creating-iam-aws[Amazon Web Services (AWS) secret format]
-* xref:../installing/installing_azure/manually-creating-iam-azure.adoc#admin-credentials-root-secret-formats_manually-creating-iam-azure[Microsoft Azure secret format]
-* xref:../installing/installing_gcp/manually-creating-iam-gcp.adoc#admin-credentials-root-secret-formats_manually-creating-iam-gcp[Google Cloud Platform (GCP) secret format]
+* xref:../authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc#admin-credentials-root-secret-formats_cco-mode-passthrough[Admin credentials root secret format]
 
 [id="post-install-must-gather-disconnected"]
 == Configuring image streams for a disconnected cluster
diff --git a/post_installation_configuration/configuring-alert-notifications.adoc b/post_installation_configuration/configuring-alert-notifications.adoc
index b9d55e8c81d6..5ad4aa1cb603 100644
--- a/post_installation_configuration/configuring-alert-notifications.adoc
+++ b/post_installation_configuration/configuring-alert-notifications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-alert-notifications"]
 = Configuring alert notifications
 include::_attributes/common-attributes.adoc[]
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/_attributes b/post_installation_configuration/configuring-multi-arch-compute-machines/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-aws.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-aws.adoc
new file mode 100644
index 000000000000..e3b522ad08c1
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-aws.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-aws
+[id="creating-multi-arch-compute-nodes-aws"]
+= Creating a cluster with multi-architecture compute machines on AWS
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To create an AWS cluster with multi-architecture compute machines, you must first create a single-architecture AWS installer-provisioned cluster with the multi-architecture installer binary. For more information on AWS installations, refer to xref:../../installing/installing_aws/installing-aws-customizations.adoc[Installing a cluster on AWS with customizations]. You can then add a ARM64 compute machine set to your AWS cluster.
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/multi-architecture-modify-machine-set-aws.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#installation-aws-arm-tested-machine-types_installing-aws-customizations[Tested instance types for AWS 64-bit ARM]
+
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-azure.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-azure.adoc
new file mode 100644
index 000000000000..8f193d3af1fe
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-azure.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-azure
+[id="creating-multi-arch-compute-nodes-azure"]
+= Creating a cluster with multi-architecture compute machine on Azure
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To deploy an Azure cluster with multi-architecture compute machines, you must first create a single-architecture Azure installer-provisioned cluster that uses the multi-architecture installer binary. For more information on Azure installations, see xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Installing a cluster on Azure with customizations]. You can then add an ARM64 compute machine set to your cluster to create a cluster with multi-architecture compute machines.
+
+The following procedures explain how to generate an ARM64 boot image and create an Azure compute machine set that uses the ARM64 boot image. This adds ARM64 compute nodes to your cluster and deploys the amount of ARM64 virtual machines (VM) that you need.
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/multi-architecture-creating-arm64-bootimage.adoc[leveloffset=+1]
+
+include::modules/multi-architecture-modify-machine-set.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../machine_management/creating_machinesets/creating-machineset-azure.adoc#creating-machineset-azure[Creating a compute machine set on Azure]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-bare-metal.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-bare-metal.adoc
new file mode 100644
index 000000000000..a26f350170e6
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-bare-metal.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-bare-metal
+[id="creating-multi-arch-compute-nodes-bare-metal"]
+= Creating a cluster with multi-architecture compute machine on bare metal
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To create a cluster with multi-architecture compute machines on bare metal, you must have an existing single-architecture bare metal cluster. For more information on bare metal installations, see xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Installing a user provisioned cluster on bare metal]. You can then add 64-bit ARM compute machines to your {product-title} cluster on bare metal.
+
+Before you can add 64-bit ARM nodes to your bare metal cluster, you must upgrade your cluster to one that uses the multi-architecture payload. For more information on migrating to the multi-architecture payload, see xref:../../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
+
+The following procedures explain how to create a {op-system} compute machine using an ISO image or network PXE booting. This will allow you to add ARM64 nodes to your bare metal cluster and deploy a cluster with multi-architecture compute machines.
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/machine-user-infra-machines-iso.adoc[leveloffset=+1]
+
+include::modules/machine-user-infra-machines-pxe.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-gcp.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-gcp.adoc
new file mode 100644
index 000000000000..9f245a080a85
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-gcp.adoc
@@ -0,0 +1,22 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-gcp
+[id="creating-multi-arch-compute-nodes-gcp"]
+= Creating a cluster with multi-architecture compute machines on GCP
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To create a Google Cloud Platform (GCP) cluster with multi-architecture compute machines, you must first create a single-architecture GCP installer-provisioned cluster with the multi-architecture installer binary. For more information on AWS installations, refer to xref:../../installing/installing_gcp/installing-gcp-customizations.adoc[Installing a cluster on GCP with customizations]. You can then add ARM64 compute machines sets to your GCP cluster.
+
+[NOTE]
+====
+Secure booting is currently not supported on ARM64 machines for GCP
+====
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/multi-architecture-modify-machine-set-gcp.adoc[leveloffset=+1]
+
+.Additional resources
+
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installation-gcp-tested-machine-types-arm_installing-gcp-customizations[Tested instance types for GCP on 64-bit ARM infrastructures]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc
new file mode 100644
index 000000000000..a650183c6ec8
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-ibm-power
+[id="creating-multi-arch-compute-nodes-ibm-power"]
+= Creating a cluster with multi-architecture compute machines on {ibm-power-title}
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To create a cluster with multi-architecture compute machines on {ibm-power-name} (`ppc64le`), you must have an existing single-architecture (`x86_64`) cluster. You can then add `ppc64le` compute machines to your {product-title} cluster.
+
+[IMPORTANT]
+====
+Before you can add `ppc64le` nodes to your cluster, you must upgrade your cluster to one that uses the multi-architecture payload. For more information on migrating to the multi-architecture payload, see xref:../../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
+====
+
+The following procedures explain how to create a {op-system} compute machine using an ISO image or network PXE booting. This will allow you to add `ppc64le` nodes to your cluster and deploy a cluster with multi-architecture compute machines.
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/machine-user-infra-machines-iso.adoc[leveloffset=+1]
+
+include::modules/machine-user-infra-machines-pxe.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z-kvm.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z-kvm.adoc
new file mode 100644
index 000000000000..bdc8341cc1f7
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z-kvm.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-ibm-z-kvm
+[id="creating-multi-arch-compute-nodes-ibm-z-kvm"]
+= Creating a cluster with multi-architecture compute machines on {ibm-z-title} and {ibm-linuxone-title} with {op-system-base} KVM
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To create a cluster with multi-architecture compute machines on {ibm-z-name} and {ibm-linuxone-name} (`s390x`) with {op-system-base} KVM, you must have an existing single-architecture `x86_64` cluster. You can then add `s390x` compute machines to your {product-title} cluster.
+
+Before you can add `s390x` nodes to your cluster, you must upgrade your cluster to one that uses the multi-architecture payload. For more information on migrating to the multi-architecture payload, see xref:../../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
+
+The following procedures explain how to create a {op-system} compute machine using a {op-system-base} KVM instance. This will allow you to add `s390x` nodes to your cluster and deploy a cluster with multi-architecture compute machines.
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/machine-user-infra-machines-ibm-z-kvm.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z.adoc
new file mode 100644
index 000000000000..bf1b9275218e
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: creating-multi-arch-compute-nodes-ibm-z
+[id="creating-multi-arch-compute-nodes-ibm-z"]
+= Creating a cluster with multi-architecture compute machines on {ibm-z-title} and {ibm-linuxone-title} with z/VM
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+To create a cluster with multi-architecture compute machines on {ibm-z-name} and {ibm-linuxone-name} (`s390x`) with z/VM, you must have an existing single-architecture `x86_64` cluster. You can then add `s390x` compute machines to your {product-title} cluster.
+
+Before you can add `s390x` nodes to your cluster, you must upgrade your cluster to one that uses the multi-architecture payload. For more information on migrating to the multi-architecture payload, see xref:../../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
+
+The following procedures explain how to create a {op-system} compute machine using a z/VM instance. This will allow you to add `s390x` nodes to your cluster and deploy a cluster with multi-architecture compute machines.
+
+include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
+
+include::modules/machine-user-infra-machines-ibm-z.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/images b/post_installation_configuration/configuring-multi-arch-compute-machines/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/modules b/post_installation_configuration/configuring-multi-arch-compute-machines/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-compute-managing.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-compute-managing.adoc
new file mode 100644
index 000000000000..f0e3e4b8446c
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-compute-managing.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: multi-architecture-compute-managing
+[id="multi-architecture-compute-managing"]
+= Managing your cluster with multi-architecture compute machines
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+== Scheduling workloads on clusters with multi-architecture compute machines
+
+Deploying a workload on a cluster with compute nodes of different architectures requires attention and monitoring of your cluster. There might be further actions you need to take in order to successfully place pods in the nodes of your cluster.
+
+For more detailed information on node affinity, scheduling, taints and tolerlations, see the following documentatinon:
+
+* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints].
+
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity[Controlling pod placement on nodes using node affinity]
+
+* xref:../../nodes/scheduling/nodes-scheduler-about.adoc#nodes-scheduler-about[Controlling pod placement using the scheduler]
+
+include::modules/multi-architecture-scheduling-examples.adoc[leveloffset=+2]
+
+.Additional resources
+
+* xref:../../machine_management/modifying-machineset.adoc#machineset-modifying_modifying-machineset[Modifying a compute machine set]
+
+include::modules/multi-architecture-enabling-64k-pages.adoc[leveloffset=+1]
+
+include::modules/multi-architecture-import-imagestreams.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-configuration.adoc b/post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-configuration.adoc
new file mode 100644
index 000000000000..8871b8fcd995
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-configuration.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: CONCEPT
+:context: multi-architecture-configuration
+[id="post-install-multi-architecture-configuration"]
+= About clusters with multi-architecture compute machines
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+An {product-title} cluster with multi-architecture compute machines is a cluster that supports compute machines with different architectures. Clusters with multi-architecture compute machines are available only on Amazon Web Services (AWS) or Microsoft Azure installer-provisioned infrastructures and bare metal, {ibm-power-name}, and {ibm-z-name} user-provisioned infrastructures with x86_64 control plane machines.
+
+[NOTE]
+====
+When there are nodes with multiple architectures in your cluster, the architecture of your image must be consistent with the architecture of the node. You need to ensure that the pod is assigned to the node with the appropriate architecture and that it matches the image architecture. For more information on assigning pods to nodes, see link:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/[Assigning pods to nodes].
+====
+
+[IMPORTANT]
+====
+The Cluster Samples Operator is not supported on clusters with multi-architecture compute machines. Your cluster can be created without this capability. For more information, see xref:../../post_installation_configuration/enabling-cluster-capabilities.adoc#enabling-cluster-capabilities[Enabling cluster capabilities]
+====
+
+For information on migrating your single-architecture cluster to a cluster that supports multi-architecture compute machines, see xref:../../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
+
+== Configuring your cluster with multi-architecture compute machines
+
+To create a cluster with multi-architecture compute machines for various platforms, you can use the documentation in the following sections:
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-azure.adoc#creating-multi-arch-compute-nodes-azure[Creating a cluster with multi-architecture compute machines on Azure]
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-aws.adoc#creating-multi-arch-compute-nodes-aws[Creating a cluster with multi-architecture compute machines on AWS]
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-gcp.adoc#creating-multi-arch-compute-nodes-gcp[Creating a cluster with multi-architecture compute machines on GCP]
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-bare-metal.adoc#creating-multi-arch-compute-nodes-bare-metal[Creating a cluster with multi-architecture compute machines on bare metal]
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z.adoc#creating-multi-arch-compute-nodes-ibm-z[Creating a cluster with multi-architecture compute machines on {ibm-z-name} and {ibm-linuxone-name} with z/VM]
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-z-kvm.adoc#creating-multi-arch-compute-nodes-ibm-z-kvm[Creating a cluster with multi-architecture compute machines on {ibm-z-name} and {ibm-linuxone-name} with {op-system-base} KVM]
+
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/creating-multi-arch-compute-nodes-ibm-power.adoc#creating-multi-arch-compute-nodes-ibm-power[Creating a cluster with multi-architecture compute machines on {ibm-power-name}]
+
+[IMPORTANT]
+====
+Autoscaling from zero is currently not supported on Google Cloud Platform (GCP).
+====
diff --git a/post_installation_configuration/configuring-multi-arch-compute-machines/snippets b/post_installation_configuration/configuring-multi-arch-compute-machines/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/post_installation_configuration/configuring-multi-arch-compute-machines/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/post_installation_configuration/configuring-private-cluster.adoc b/post_installation_configuration/configuring-private-cluster.adoc
index 2d8de777d6d1..e5e06f37d6d5 100644
--- a/post_installation_configuration/configuring-private-cluster.adoc
+++ b/post_installation_configuration/configuring-private-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-private-cluster"]
 = Configuring a private cluster
 include::_attributes/common-attributes.adoc[]
@@ -17,3 +17,11 @@ include::modules/private-clusters-setting-ingress-private.adoc[leveloffset=+1]
 include::modules/private-clusters-setting-api-private.adoc[leveloffset=+1]
 
 include::modules/nw-ingresscontroller-change-internal.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-private-storage-endpoint-azure.adoc[leveloffset=+1]
+
+include::modules/configuring-private-storage-endpoint-azure-vnet-subnet-iro-discovery.adoc[leveloffset=+2]
+
+include::modules/configuring-private-storage-endpoint-azure-user-provided-vnet-subnet.adoc[leveloffset=+2]
+
+include::modules/disabling-redirect-private-storage-endpoint-azure.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/post_installation_configuration/connected-to-disconnected.adoc b/post_installation_configuration/connected-to-disconnected.adoc
index e00f0900d007..bbde8d50632f 100644
--- a/post_installation_configuration/connected-to-disconnected.adoc
+++ b/post_installation_configuration/connected-to-disconnected.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="connected-to-disconnected"]
 = Converting a connected cluster to a disconnected cluster
 include::_attributes/common-attributes.adoc[]
@@ -35,9 +35,9 @@ include::modules/installation-about-mirror-registry.adoc[leveloffset=+1]
 ** link:https://goharbor.io/[Harbor]
 --
 +
-If you have an subscription to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.5/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.5/html/deploy_red_hat_quay_on_openshift_with_the_quay_operator/[by using the Quay Operator].
+If you have an subscription to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploying_the_red_hat_quay_operator_on_openshift_container_platform/index[by using the Quay Operator].
 
-* The mirror repository must be configured to share images. For example, a Red Hat Quay repository requires link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.5/html/use_red_hat_quay/user-org-intro#org-create[Organizations] in order to share images.
+* The mirror repository must be configured to share images. For example, a Red Hat Quay repository requires link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/use_red_hat_quay/index#user-org-intro_use-quay[Organizations] in order to share images.
 
 * Access to the internet to obtain the necessary container images.
 
diff --git a/post_installation_configuration/coreos-layering.adoc b/post_installation_configuration/coreos-layering.adoc
index 63cf25afbc56..cf1bac6897c9 100644
--- a/post_installation_configuration/coreos-layering.adoc
+++ b/post_installation_configuration/coreos-layering.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="coreos-layering"]
 = {op-system} image layering
 include::_attributes/common-attributes.adoc[]
diff --git a/post_installation_configuration/deploy-heterogeneous-configuration.adoc b/post_installation_configuration/deploy-heterogeneous-configuration.adoc
index 116c491b7bef..71a3bd7aa489 100644
--- a/post_installation_configuration/deploy-heterogeneous-configuration.adoc
+++ b/post_installation_configuration/deploy-heterogeneous-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: multi-architecture-configuration
 [id="post-install-multi-architecture-configuration"]
 = Configuring a multi-architecture cluster
@@ -10,10 +10,10 @@ A multi-architecture cluster is a cluster that supports worker machines with dif
 
 [WARNING]
 ====
-The multi-architecture clusters Technology Preview feature has limited usability with installing, upgrading, and running payloads. 
+The multi-architecture clusters Technology Preview feature has limited usability with installing, upgrading, and running payloads.
 ====
 
-The following procedures explain how to generate an `arm64` boot image and create an Azure compute machine set with the `arm64` boot image. This will add `arm64` worker nodes to your multi-architecture cluster and deploy the desired amount of ARM64 virtual machines (VM). This section also shows how to upgrade your existing cluster to a multi-architecture cluster. Multi-architecture clusters are only available on Azure installer-provisioned infrastructures with `x86_64` control planes. 
+The following procedures explain how to generate an `arm64` boot image and create an Azure compute machine set with the `arm64` boot image. This will add `arm64` worker nodes to your multi-architecture cluster and deploy the desired amount of ARM64 virtual machines (VM). This section also shows how to upgrade your existing cluster to a multi-architecture cluster. Multi-architecture clusters are only available on Azure installer-provisioned infrastructures with `x86_64` control planes.
 
 :FeatureName: Multi-architecture clusters for {product-title} on Azure installer-provisioned infrastructure installations
 include::snippets/technology-preview.adoc[leveloffset=+1]
@@ -22,9 +22,9 @@ include::modules/multi-architecture-creating-arm64-bootimage.adoc[leveloffset=+1
 
 include::modules/multi-architecture-modify-machine-set.adoc[leveloffset=+1]
 
-[role="_additional-resources"] 
+[role="_additional-resources"]
 .Additional resources
-* xref:../machine_management/creating_machinesets/creating-machineset-azure.adoc[Creating a compute machine set on Azure] 
+* xref:../machine_management/creating_machinesets/creating-machineset-azure.adoc[Creating a compute machine set on Azure]
 include::modules/multi-architecture-upgrade-mirrors.adoc[leveloffset=+1]
 
 include::modules/multi-architecture-import-imagestreams.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/enabling-cluster-capabilities.adoc b/post_installation_configuration/enabling-cluster-capabilities.adoc
index 4bd714576225..80afaa5df0cc 100644
--- a/post_installation_configuration/enabling-cluster-capabilities.adoc
+++ b/post_installation_configuration/enabling-cluster-capabilities.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-cluster-capabilities"]
 = Enabling cluster capabilities
 include::_attributes/common-attributes.adoc[]
diff --git a/post_installation_configuration/ibmz-post-install.adoc b/post_installation_configuration/ibmz-post-install.adoc
index 61249b4350c0..f1a0ebed43b2 100644
--- a/post_installation_configuration/ibmz-post-install.adoc
+++ b/post_installation_configuration/ibmz-post-install.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="post-install-configure-additional-devices-ibmz"]
-= Configuring additional devices in an {ibmzProductName} or {linuxoneProductName} environment
+= Configuring additional devices in an {ibm-z-title} or {ibm-linuxone-title} environment
 include::_attributes/common-attributes.adoc[]
 :context: post-install-configure-additional-devices-ibmz
 
 toc::[]
 
-After installing {product-title}, you can configure additional devices for your cluster in an {ibmzProductName} or {linuxoneProductName} environment, which is installed with z/VM. The following devices can be configured:
+After installing {product-title}, you can configure additional devices for your cluster in an {ibm-z-name} or {ibm-linuxone-name} environment, which is installed with z/VM. The following devices can be configured:
 
 * Fibre Channel Protocol (FCP) host
 * FCP LUN
@@ -17,13 +17,13 @@ You can configure devices by adding udev rules using the Machine Config Operator
 
 [NOTE]
 ====
-The procedures described here apply only to z/VM installations. If you have installed your cluster with {op-system-base} KVM on {ibmzProductName} or {linuxoneProductName} infrastructure, no additional configuration is needed inside the KVM guest after the devices were added to the KVM guests. However, both in z/VM and {op-system-base} KVM environments the next steps to configure the Local Storage Operator and Kubernetes NMState Operator need to be applied.
+The procedures described here apply only to z/VM installations. If you have installed your cluster with {op-system-base} KVM on {ibm-z-name} or {ibm-linuxone-name} infrastructure, no additional configuration is needed inside the KVM guest after the devices were added to the KVM guests. However, both in z/VM and {op-system-base} KVM environments the next steps to configure the Local Storage Operator and Kubernetes NMState Operator need to be applied.
 ====
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../post_installation_configuration/machine-configuration-tasks.adoc#post-install-machine-configuration-tasks[Post-installation machine configuration tasks]
+* xref:../post_installation_configuration/machine-configuration-tasks.adoc#post-install-machine-configuration-tasks[Postinstallation machine configuration tasks]
 
 include::modules/ibmz-configure-devices-mco.adoc[leveloffset=+1]
 
@@ -36,7 +36,7 @@ include::modules/ibmz-configure-devices-manually.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-See link:https://www.ibm.com/docs/en/linux-on-systems?topic=linuxonibm/com.ibm.linux.z.ludd/ludd_c_perscfg.html[Persistent device configuration] in IBM Documentation.
+See link:https://www.ibm.com/docs/en/linux-on-systems?topic=linuxonibm/com.ibm.linux.z.ludd/ludd_c_perscfg.html[Persistent device configuration] in {ibm-name} Documentation.
 
 [id="roce-network-cards"]
 == RoCE network Cards
diff --git a/post_installation_configuration/index.adoc b/post_installation_configuration/index.adoc
index e467a750efd3..b9c4e59254b6 100644
--- a/post_installation_configuration/index.adoc
+++ b/post_installation_configuration/index.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="post-install-configuration-overview"]
-= Post-installation configuration overview
+= Postinstallation configuration overview
 include::_attributes/common-attributes.adoc[]
 :context: post-installation-configuration-overview
 
@@ -20,7 +20,7 @@ After installing {product-title}, a cluster administrator can configure and cust
 [id="post-install-tasks"]
 == Configuration tasks to perform after installation
 
-Cluster administrators can perform the following post-installation configuration tasks:
+Cluster administrators can perform the following postinstallation configuration tasks:
 
 * xref:../post_installation_configuration/machine-configuration-tasks.adoc#post-install-machine-configuration-tasks[Configure operating system features]:
 Machine Config Operator (MCO) manages `MachineConfig` objects. By using MCO, you can perform the following tasks on an {product-title} cluster:
diff --git a/installing/installing_vsphere/installing-vsphere-post-installation-configuration.adoc b/post_installation_configuration/installing-vsphere-post-installation-configuration.adoc
similarity index 83%
rename from installing/installing_vsphere/installing-vsphere-post-installation-configuration.adoc
rename to post_installation_configuration/installing-vsphere-post-installation-configuration.adoc
index 4a2dc0822686..a86bbfd771c4 100644
--- a/installing/installing_vsphere/installing-vsphere-post-installation-configuration.adoc
+++ b/post_installation_configuration/installing-vsphere-post-installation-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-vsphere-post-installation-configuration"]
 = Configuring the vSphere connection settings after an installation
 include::_attributes/common-attributes.adoc[]
@@ -7,14 +7,14 @@ include::_attributes/common-attributes.adoc[]
 
 After installing an {product-title} cluster on vSphere with the platform integration feature enabled, you might need to update the vSphere connection settings manually, depending on the installation method.
 
-For installations using the Assisted Installer, you must update the connection settings. This is because the Assisted Installer adds default connection settings to the *vSphere connection configuration* wizard as placeholders during the installation. 
+For installations using the Assisted Installer, you must update the connection settings. This is because the Assisted Installer adds default connection settings to the *vSphere connection configuration* wizard as placeholders during the installation.
 
 For installer-provisioned or user-provisioned infrastructure installations, you should have entered valid connection settings during the installation. You can use the *vSphere connection configuration* wizard at any time to validate or modify the connection settings, but this is not mandatory for completing the installation.
- 
+
 toc::[]
 
 include::modules/configuring-vsphere-connection-settings.adoc[leveloffset=+1]
 
 include::modules/configuring-vsphere-verifying-configuration.adoc[leveloffset=+1]
 
-For instructions on creating storage objects, see xref:../../storage/dynamic-provisioning.adoc#dynamic-provisioning[Dynamic provisioning].
+For instructions on creating storage objects, see xref:../storage/dynamic-provisioning.adoc#dynamic-provisioning[Dynamic provisioning].
diff --git a/post_installation_configuration/machine-configuration-tasks.adoc b/post_installation_configuration/machine-configuration-tasks.adoc
index b8085b4f8ac8..45e3cfcfd580 100644
--- a/post_installation_configuration/machine-configuration-tasks.adoc
+++ b/post_installation_configuration/machine-configuration-tasks.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-machine-configuration-tasks
 [id="post-install-machine-configuration-tasks"]
-= Post-installation machine configuration tasks
+= Postinstallation machine configuration tasks
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
@@ -12,6 +12,13 @@ Aside from a few specialized features, most changes to operating systems on {pro
 
 Tasks in this section describe how to use features of the Machine Config Operator to configure operating system features on {product-title} nodes.
 
+[IMPORTANT]
+====
+NetworkManager stores new network configurations to `/etc/NetworkManager/system-connections/` in a key file format.
+
+Previously, NetworkManager stored new network configurations to `/etc/sysconfig/network-scripts/` in the ifcfg format. Starting with RHEL 9.0, RHEL stores new network configurations at `/etc/NetworkManager/system-connections/` in a key file format. The connections configurations stored to `/etc/sysconfig/network-scripts/` in the old format still work uninterrupted. Modifications in existing profiles continue updating the older files.
+====
+
 [id="understanding-the-machine-config-operator"]
 == Understanding the Machine Config Operator
 
@@ -19,6 +26,8 @@ include::modules/machine-config-operator.adoc[leveloffset=+2]
 include::modules/machine-config-overview.adoc[leveloffset=+2]
 include::modules/machine-config-drift-detection.adoc[leveloffset=+2]
 include::modules/checking-mco-status.adoc[leveloffset=+2]
+include::modules/checking-mco-node-status.adoc[leveloffset=+2]
+include::modules/checking-mco-status-certs.adoc[leveloffset=+2]
 
 [id="using-machineconfigs-to-change-machines"]
 == Using MachineConfig objects to configure nodes
diff --git a/post_installation_configuration/multi-architecture-configuration.adoc b/post_installation_configuration/multi-architecture-configuration.adoc
deleted file mode 100644
index c487bd9a45ef..000000000000
--- a/post_installation_configuration/multi-architecture-configuration.adoc
+++ /dev/null
@@ -1,70 +0,0 @@
-:_content-type: ASSEMBLY
-:context: multi-architecture-configuration
-[id="post-install-multi-architecture-configuration"]
-= Configuring multi-architecture compute machines on an {product-title} cluster
-include::_attributes/common-attributes.adoc[]
-
-toc::[]
-
-An {product-title} cluster with multi-architecture compute machines is a cluster that supports compute machines with different architectures. Clusters with multi-architecture compute machines are available only on AWS or Azure installer-provisioned infrastructures and bare metal user-provisioned infrastructures with x86_64 control plane machines.
-
-[NOTE]
-====
-When there are nodes with multiple architectures in your cluster, the architecture of your image must be consistent with the architecture of the node. You need to ensure that the pod is assigned to the node with the appropriate architecture and that it matches the image architecture. For more information on assigning pods to nodes, see link:https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/[Assigning pods to nodes].
-====
-
-[IMPORTANT]
-====
-The Cluster Samples Operator is not supported on clusters with multi-architecture compute machines. Your cluster can be created without this capability. For more information, see xref:../post_installation_configuration/enabling-cluster-capabilities.adoc#enabling-cluster-capabilities[Enabling cluster capabilities]
-====
-
-For information on migrating your single-architecture cluster to a cluster that supports multi-architecture compute machines, see xref:../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
-
-include::modules/multi-architecture-verifying-cluster-compatibility.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
-
-== Creating a cluster with multi-architecture compute machine on Azure
-
-To deploy an Azure cluster with multi-architecture compute machines, you must first create a single-architecture Azure installer-provisioned cluster that uses the multi-architecture installer binary. For more information on Azure installations, see xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Installing a cluster on Azure with customizations]. You can then add an ARM64 compute machine set to your cluster to create a cluster with multi-architecture compute machines.
-
-The following procedures explain how to generate an ARM64 boot image and create an Azure compute machine set that uses the ARM64 boot image. This adds ARM64 compute nodes to your cluster and deploys the amount of ARM64 virtual machines (VM) that you need.
-
-include::modules/multi-architecture-creating-arm64-bootimage.adoc[leveloffset=+2]
-
-include::modules/multi-architecture-modify-machine-set.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../machine_management/creating_machinesets/creating-machineset-azure.adoc#creating-machineset-azure[Creating a compute machine set on Azure]
-
-== Creating a cluster with multi-architecture compute machines on AWS
-
-To create an AWS cluster with multi-architecture compute machines, you must first create a single-architecture AWS installer-provisioned cluster with the multi-architecture installer binary. For more information on AWS installations, refer to xref:../installing/installing_aws/installing-aws-customizations.adoc[Installing a cluster on AWS with customizations]. You can then add a ARM64 compute machine set to your AWS cluster.
-
-include::modules/multi-architecture-modify-machine-set-aws.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../installing/installing_aws/installing-aws-customizations.adoc#installation-aws-arm-tested-machine-types_installing-aws-customizations[Tested instance types for AWS 64-bit ARM]
-
-== Creating a cluster with multi-architecture compute machine on bare metal (Technology Preview)
-
-To create a cluster with multi-architecture compute machines on bare metal, you must have an existing single-architecture bare metal cluster. For more information on bare metal installations, see xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Installing a user provisioned cluster on bare metal]. You can then add 64-bit ARM compute machines to your {product-title} cluster on bare metal.
-
-Before you can add 64-bit ARM nodes to your bare metal cluster, you must upgrade your cluster to one that uses the multi-architecture payload. For more information on migrating to the multi-architecture payload, see xref:../updating/updating_a_cluster/migrating-to-multi-payload.adoc#migrating-to-multi-payload[Migrating to a cluster with multi-architecture compute machines].
-
-The following procedures explain how to create a {op-system} compute machine using an ISO image or network PXE booting. This will allow you to add ARM64 nodes to your bare metal cluster and deploy a cluster with multi-architecture compute machines.
-
-:Featurename: Clusters with multi-architecture compute machines on bare metal user-provisioned installations
-include::snippets/technology-preview.adoc[leveloffset=+2]
-
-include::modules/machine-user-infra-machines-iso.adoc[leveloffset=+2]
-
-include::modules/machine-user-infra-machines-pxe.adoc[leveloffset=+2]
-
-include::modules/installation-approve-csrs.adoc[leveloffset=+2]
-
-include::modules/multi-architecture-import-imagestreams.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/post_installation_configuration/network-configuration.adoc b/post_installation_configuration/network-configuration.adoc
index 856e1e853e6b..34354051d28c 100644
--- a/post_installation_configuration/network-configuration.adoc
+++ b/post_installation_configuration/network-configuration.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-network-configuration
 [id="post-install-network-configuration"]
-= Post-installation network configuration
+= Postinstallation network configuration
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
@@ -115,13 +115,11 @@ include::modules/ingress-liveness-readiness-startup-probes.adoc[leveloffset=+2]
 include::modules/configuring-haproxy-interval.adoc[leveloffset=+2]
 
 [id="post-installation-osp-fips"]
-== Post-installation {rh-openstack} network configuration
+== Postinstallation {rh-openstack} network configuration
 
 You can configure some aspects of an {product-title} on {rh-openstack-first} cluster after installation.
 
 include::modules/installation-osp-configuring-api-floating-ip.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-port-pools.adoc[leveloffset=+2]
-include::modules/installation-osp-kuryr-settings-active.adoc[leveloffset=+2]
 include::modules/nw-osp-enabling-ovs-offload.adoc[leveloffset=+2]
 include::modules/nw-osp-hardware-offload-attaching-network.adoc[leveloffset=+2]
 include::modules/nw-osp-pod-connections-ipv6.adoc[leveloffset=+2]
diff --git a/post_installation_configuration/node-tasks.adoc b/post_installation_configuration/node-tasks.adoc
index 33229ddb0d72..d5daeda7df0a 100644
--- a/post_installation_configuration/node-tasks.adoc
+++ b/post_installation_configuration/node-tasks.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-node-tasks
 [id="post-install-node-tasks"]
-= Post-installation node tasks
+= Postinstallation node tasks
 include::_attributes/common-attributes.adoc[]
 
 toc::[]
@@ -159,3 +159,21 @@ include::modules/cluster-node-tuning-operator-default-profiles-set.adoc[leveloff
 include::modules/node-tuning-operator-supported-tuned-daemon-plug-ins.adoc[leveloffset=+2]
 
 include::modules/nodes-nodes-managing-max-pods-proc.adoc[leveloffset=+1]
+
+[id="nodes-vsphere-scale-static-ip-addresses"]
+== Machine scaling with static IP addresses
+
+After you deployed your cluster to run nodes with static IP addresses, you can scale an instance of a machine or a machine set to use one of these static IP addresses.
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc#installation-vsphere-installer-infra-requirements_ipi-vsphere-installation-reqs[Static IP addresses for vSphere nodes]
+
+// Scaling machines to use static IP addresses
+include::modules/nodes-vsphere-scaling-machines-static-ip.adoc[leveloffset=+2]
+
+// Machine set scaling of machines with configured static IP addresses
+include::modules/nodes-vsphere-machine-set-concept-static-ip.adoc[leveloffset=+2]
+
+// Using a machine set to scale machines with configured static IP addresses
+include::modules/nodes-vsphere-machine-set-scaling-static-ip.adoc[leveloffset=+2]
diff --git a/post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc b/post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc
index 69cdcaff62ee..936c14d12a7d 100644
--- a/post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc
+++ b/post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-vsphere-zones-regions-configuration
 [id="post-install-vsphere-zones-regions-configuration"]
 =  Multiple regions and zones configuration for a cluster on vSphere
@@ -24,9 +24,9 @@ After you define multiple regions and zones for your {product-title} cluster, yo
 
 [IMPORTANT]
 ====
-If you want to migrate pre-existing {product-title} cluster compute nodes to a failure domain, you must define a new compute machine set for the compute node. This new machine set can scale up a compute node according to the topology of the failure domain, and scale down the pre-existing compute node. 
+If you want to migrate pre-existing {product-title} cluster compute nodes to a failure domain, you must define a new compute machine set for the compute node. This new machine set can scale up a compute node according to the topology of the failure domain, and scale down the pre-existing compute node.
 
-The cloud provider adds `topology.kubernetes.io/zone` and `topology.kubernetes.io/region` labels to any compute node provisioned by a machine set resource. 
+The cloud provider adds `topology.kubernetes.io/zone` and `topology.kubernetes.io/region` labels to any compute node provisioned by a machine set resource.
 
 For more information, see xref:../machine_management/creating_machinesets/creating-machineset-vsphere.adoc[Creating a compute machine set].
 ====
@@ -42,7 +42,7 @@ include::modules/vsphere-enabling-multiple-layer2-networks.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../installing/installing_vsphere/installing-vsphere-network-customizations.adoc#installation-network-connectivity-user-infra_installing-vsphere-network-customizations[Network connectivity requirements]
+* xref:../installing/installing_vsphere/upi/installing-vsphere-network-customizations.adoc#installation-network-connectivity-user-infra_installing-vsphere-network-customizations[Network connectivity requirements]
 
 * xref:../machine_management/creating-infrastructure-machinesets.adoc#creating-infrastructure-machinesets-production[Creating infrastructure machine sets for production environments]
 
@@ -53,4 +53,4 @@ include::modules/references-regions-zones-infrastructure-vsphere.adoc[leveloffse
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc#specifying-regions-zones-infrastructure-vsphere_post-install-vsphere-zones-regions-configuration[Specifying multiple regions and zones for your cluster on vSphere]
\ No newline at end of file
+* xref:../post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc#specifying-regions-zones-infrastructure-vsphere_post-install-vsphere-zones-regions-configuration[Specifying multiple regions and zones for your cluster on vSphere]
diff --git a/post_installation_configuration/preparing-for-users.adoc b/post_installation_configuration/preparing-for-users.adoc
index ee4c948e91a1..7bca7aa37bb9 100644
--- a/post_installation_configuration/preparing-for-users.adoc
+++ b/post_installation_configuration/preparing-for-users.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-preparing-for-users
 [id="post-install-preparing-for-users"]
 = Preparing for users
diff --git a/post_installation_configuration/storage-configuration.adoc b/post_installation_configuration/storage-configuration.adoc
index 9e0dd3548a63..9ad9d7d51a35 100644
--- a/post_installation_configuration/storage-configuration.adoc
+++ b/post_installation_configuration/storage-configuration.adoc
@@ -1,7 +1,7 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: post-install-storage-configuration
 [id="post-install-storage-configuration"]
-= Post-installation storage configuration
+= Postinstallation storage configuration
 include::_attributes/common-attributes.adoc[]
 :gluster: GlusterFS
 :gluster-native: Containerized GlusterFS
@@ -54,8 +54,6 @@ include::modules/dynamic-provisioning-gce-definition.adoc[leveloffset=+2]
 
 include::modules/dynamic-provisioning-vsphere-definition.adoc[leveloffset=+2]
 
-include::modules/ovirt-csi-driver-storage-class.adoc[leveloffset=+2]
-
 include::modules/dynamic-provisioning-change-default-class.adoc[leveloffset=+1]
 
 [id="post-install-optimizing-storage"]
@@ -85,5 +83,4 @@ include::modules/deploy-red-hat-openshift-container-storage.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="admission-plug-ins-additional-resources"]
 == Additional resources
-
-* xref:../logging/config/cluster-logging-log-store.html#cluster-logging-elasticsearch-storage_cluster-logging-store[Configuring persistent storage for the log store]
+* xref:../logging/log_storage/logging-config-es-store.adoc#logging-config-es-store[Configuring the Elasticsearch log store]
diff --git a/post_installation_configuration/vsphere-post-installation-encryption.adoc b/post_installation_configuration/vsphere-post-installation-encryption.adoc
index de3d6f48a3c4..703d1770f604 100644
--- a/post_installation_configuration/vsphere-post-installation-encryption.adoc
+++ b/post_installation_configuration/vsphere-post-installation-encryption.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="vsphere-post-installation-encryption"]
 = Enabling encryption on a vSphere cluster
 include::_attributes/common-attributes.adoc[]
@@ -15,4 +15,4 @@ include::modules/vsphere-encrypting-vms.adoc[leveloffset=+1]
 == Additional resources
 * xref:../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-evacuating_nodes-nodes-working[Working with nodes]
 * xref:../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#vsphere-pv-encryption[vSphere encryption]
-* xref:../installing/installing_vsphere/installing-vsphere.adoc#installation-vsphere-encrypted-vms_installing-vsphere[Installing a cluster on vSphere with user-provisioned infrastructure]
\ No newline at end of file
+* xref:../installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc#installation-vsphere-encrypted-vms_upi-vsphere-installation-reqs[Requirements for encrypting virtual machines]
diff --git a/power_monitoring/_attributes b/power_monitoring/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/power_monitoring/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/power_monitoring/configuring-power-monitoring.adoc b/power_monitoring/configuring-power-monitoring.adoc
new file mode 100644
index 000000000000..545604f1f31c
--- /dev/null
+++ b/power_monitoring/configuring-power-monitoring.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-power-monitoring"]
+= Configuring {PM-shortname}
+include::_attributes/common-attributes.adoc[]
+:context: configuring-power-monitoring
+
+toc::[]
+
+:FeatureName: Power monitoring
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+The `{PM-kepler}` resource is a Kubernetes custom resource definition (CRD) that enables you to configure the deployment and monitor the status of the {PM-kepler} resource.
+
+include::modules/power-monitoring-kepler-configuration.adoc[leveloffset=+1]
+
+include::modules/power-monitoring-monitoring-kepler-status.adoc[leveloffset=+1]
diff --git a/power_monitoring/images b/power_monitoring/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/power_monitoring/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/power_monitoring/installing-power-monitoring.adoc b/power_monitoring/installing-power-monitoring.adoc
new file mode 100644
index 000000000000..7f77722c220c
--- /dev/null
+++ b/power_monitoring/installing-power-monitoring.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-power-monitoring"]
+= Installing {PM-title}
+include::_attributes/common-attributes.adoc[]
+:context: installing-power-monitoring
+
+toc::[]
+
+:FeatureName: Power monitoring
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+You can install {PM-title} by deploying the {PM-operator} in the {product-title} web console.
+
+//Installing power monitoring operator
+include::modules/power-monitoring-installing-pmo.adoc[leveloffset=+1]
+
+// Deploying Kepler
+include::modules/power-monitoring-deploying-kepler.adoc[leveloffset=+1]
diff --git a/power_monitoring/modules b/power_monitoring/modules
new file mode 120000
index 000000000000..43aab75b53c9
--- /dev/null
+++ b/power_monitoring/modules
@@ -0,0 +1 @@
+../modules/
\ No newline at end of file
diff --git a/power_monitoring/power-monitoring-overview.adoc b/power_monitoring/power-monitoring-overview.adoc
new file mode 100644
index 000000000000..3b420362ee08
--- /dev/null
+++ b/power_monitoring/power-monitoring-overview.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="power-monitoring-overview"]
+= {PM-shortname-c} overview
+include::_attributes/common-attributes.adoc[]
+:context: power-monitoring-overview
+
+toc::[]
+
+:FeatureName: Power monitoring
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+include::modules/power-monitoring-about-power-monitoring.adoc[leveloffset=+1]
+
+include::modules/power-monitoring-kepler-architecture.adoc[leveloffset=+1]
+
+include::modules/power-monitoring-hardware-virtualization-support.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_power-monitoring-overview"]
+== Additional resources
+* xref:../power_monitoring/visualizing-power-monitoring-metrics.adoc#power-monitoring-dashboards-overview_visualizing-power-monitoring-metrics[{PM-shortname-c} dashboards overview]
\ No newline at end of file
diff --git a/power_monitoring/power-monitoring-release-notes.adoc b/power_monitoring/power-monitoring-release-notes.adoc
new file mode 100644
index 000000000000..dedd09ee4f85
--- /dev/null
+++ b/power_monitoring/power-monitoring-release-notes.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="power-monitoring-release-notes"]
+include::_attributes/common-attributes.adoc[]
+= {PM-title-c} release notes
+:context: power-monitoring-release-notes
+
+toc::[]
+
+:FeatureName: Power monitoring
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+{PM-title-c} enables you to monitor the power usage of workloads and identify the most power-consuming namespaces running in an {product-title} cluster with key power consumption metrics, such as CPU or DRAM, measured at container level.
+
+These release notes track the development of {PM-title} in the {product-title}.
+
+For an overview of the {PM-operator}, see xref:../power_monitoring/power-monitoring-overview.adoc#power-monitoring-about-power-monitoring_power-monitoring-overview[About {PM-shortname}].
+
+[id="power-monitoring-release-notes-0-1"]
+== {PM-shortname-c} 0.1 (Technology Preview)
+
+This release introduces a Technology Preview version of {PM-title}. The following advisory is available for {PM-shortname} 0.1:
+
+* link:https://access.redhat.com/errata/RHEA-2024:0078[RHEA-2024:0078]
+
+[id="power-monitoring-release-notes-0-1-features"]
+=== Features
+* Deployment and deletion of {PM-kepler} 
+* Power usage metrics from Intel-based bare-metal deployments
+* Dashboards for plotting power usage
+
diff --git a/power_monitoring/snippets b/power_monitoring/snippets
new file mode 120000
index 000000000000..9f5bc7e4dde0
--- /dev/null
+++ b/power_monitoring/snippets
@@ -0,0 +1 @@
+../snippets
\ No newline at end of file
diff --git a/power_monitoring/uninstalling-power-monitoring.adoc b/power_monitoring/uninstalling-power-monitoring.adoc
new file mode 100644
index 000000000000..5c22ba707a85
--- /dev/null
+++ b/power_monitoring/uninstalling-power-monitoring.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="uninstalling-power-monitoring"]
+= Uninstalling {PM-shortname}
+include::_attributes/common-attributes.adoc[]
+:context: uninstalling-power-monitoring
+
+toc::[]
+
+:FeatureName: Power monitoring
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+You can uninstall {PM-shortname} by deleting the {PM-kepler} instance and then the {PM-operator} in the {product-title} web console.
+
+// Removing kepler
+include::modules/power-monitoring-deleting-kepler.adoc[leveloffset=+1]
+
+// Uninstalling power monitoring operator
+include::modules/power-monitoring-uninstalling-pmo.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/power_monitoring/visualizing-power-monitoring-metrics.adoc b/power_monitoring/visualizing-power-monitoring-metrics.adoc
new file mode 100644
index 000000000000..fc89d7c762fd
--- /dev/null
+++ b/power_monitoring/visualizing-power-monitoring-metrics.adoc
@@ -0,0 +1,22 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="visualizing-power-monitoring-metrics"]
+= Visualizing power monitoring metrics
+include::_attributes/common-attributes.adoc[]
+:context: visualizing-power-monitoring-metrics
+
+toc::[]
+
+:FeatureName: Power monitoring
+include::snippets/technology-preview.adoc[leveloffset=+2]
+
+You can visualize {PM-shortname} metrics in the {product-title} web console by accessing {PM-shortname} dashboards or by exploring *Metrics* under the *Observe* tab.
+
+include::modules/power-monitoring-dashboards-overview.adoc[leveloffset=+1]
+include::modules/power-monitoring-accessing-dashboards.adoc[leveloffset=+1]
+include::modules/power-monitoring-metrics-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_visualizing-power-monitoring-metrics"]
+== Additional resources
+* xref:../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
+
diff --git a/registry/accessing-the-registry.adoc b/registry/accessing-the-registry.adoc
index 38d10075cb36..04496cbdd606 100644
--- a/registry/accessing-the-registry.adoc
+++ b/registry/accessing-the-registry.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: accessing-the-registry
 [id="accessing-the-registry"]
 = Accessing the registry
@@ -6,6 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 Use the following sections for instructions on accessing the registry, including
 viewing logs and metrics, as well as securing and exposing the registry.
 
@@ -14,10 +15,16 @@ you to push images to or pull them from the integrated registry directly using
 operations like `podman push` or `podman pull`. To do so, you must be logged in
 to the registry using the `podman login` command. The operations you can perform
 depend on your user permissions, as described in the following sections.
+endif::openshift-dedicated,openshift-rosa[]
 
+ifdef::openshift-dedicated,openshift-rosa[]
+In {product-title}, Red Hat Site Reliability Engineering (SRE) manages the registry for you. However, you can check the status of the registry pods and view the registry logs.
+endif::openshift-dedicated,openshift-rosa[]
+
+ifndef::openshift-dedicated,openshift-rosa[]
 == Prerequisites
 
-* You have access to the cluster as a user with the cluster-admin role.
+* You have access to the cluster as a user with the `cluster-admin` role.
 * You must have configured an identity provider (IDP).
 * For pulling images, for example when using the `podman pull` command,
 the user must have the `registry-viewer` role. To add this role, run the following command:
@@ -36,17 +43,19 @@ $ oc policy add-role-to-user registry-editor <user_name>
 ----
 +
 ** Your cluster must have an existing project where the images can be pushed to.
+endif::openshift-dedicated,openshift-rosa[]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/registry-accessing-directly.adoc[leveloffset=+1]
+endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/registry-checking-the-status-of-registry-pods.adoc[leveloffset=+1]
 
 include::modules/registry-viewing-logs.adoc[leveloffset=+1]
 
+ifndef::openshift-dedicated,openshift-rosa[]
 include::modules/registry-accessing-metrics.adoc[leveloffset=+1]
 
-// These additional resources may be relevant to OSD/ROSA, but they xref topics that don't currently exist in the OSD/ROSA distros.
-ifndef::openshift-dedicated,openshift-rosa[]
 [id="accessing-the-registry-additional-resources"]
 [role="_additional-resources"]
 == Additional resources
diff --git a/registry/configuring-registry-operator.adoc b/registry/configuring-registry-operator.adoc
index f20c56554cb1..8847c5063afe 100644
--- a/registry/configuring-registry-operator.adoc
+++ b/registry/configuring-registry-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-operator"]
 = Image Registry Operator in {product-title}
 include::_attributes/common-attributes.adoc[]
@@ -19,9 +19,9 @@ The Image Registry Operator installs a single instance of the {product-registry}
 ifndef::openshift-dedicated,openshift-rosa[]
 [NOTE]
 ====
-Storage is only automatically configured when you install an installer-provisioned infrastructure cluster on AWS, GCP, Azure, or OpenStack.
+Storage is only automatically configured when you install an installer-provisioned infrastructure cluster on AWS, Azure, GCP, {ibm-name}, or OpenStack.
 
-When you install or upgrade an installer-provisioned infrastructure cluster on AWS or Azure, the Image Registry Operator sets the `spec.storage.managementState` parameter to `Managed`. If the `spec.storage.managementState` parameter is set to `Unmanaged`, the Image Registry Operator takes no action related to storage.
+When you install or upgrade an installer-provisioned infrastructure cluster on AWS, Azure, GCP, {ibm-name}, or OpenStack, the Image Registry Operator sets the `spec.storage.managementState` parameter to `Managed`. If the `spec.storage.managementState` parameter is set to `Unmanaged`, the Image Registry Operator takes no action related to storage.
 ====
 endif::openshift-dedicated,openshift-rosa[]
 
@@ -31,6 +31,7 @@ If insufficient information is available to define a complete `configs.imageregi
 
 The Image Registry Operator runs in the `openshift-image-registry` namespace, and manages the registry instance in that location as well. All configuration and workload resources for the registry reside in that namespace.
 
+ifndef::openshift-dedicated,openshift-rosa[]
 [IMPORTANT]
 ====
 The Image Registry Operator's behavior for managing the pruner is orthogonal to the `managementState` specified on the `ClusterOperator` object for the Image Registry Operator. If the Image Registry Operator is not in the `Managed` state, the image pruner can still be configured and managed by the `Pruning` custom resource.
@@ -39,24 +40,23 @@ However, the `managementState` of the Image Registry Operator alters the behavio
 
 * `Managed`: the `--prune-registry` flag for the image pruner is set to `true`.
 * `Removed`: the `--prune-registry` flag for the image pruner is set to `false`, meaning it only prunes image metatdata in etcd.
-* `Unmanaged`: the `--prune-registry` flag for the image pruner is set to `false`.
 ====
+endif::openshift-dedicated,openshift-rosa[]
 
 ifndef::openshift-dedicated,openshift-rosa[]
 [id="image-registry-on-bare-metal-vsphere"]
-== Image Registry on bare metal and vSphere
+== Image Registry on bare metal, Nutanix, and vSphere
 
 include::modules/registry-removed.adoc[leveloffset=+2]
-endif::openshift-dedicated,openshift-rosa[]
 
 include::modules/registry-operator-distribution-across-availability-zones.adoc[leveloffset=+1]
 
-ifndef::openshift-dedicated,openshift-rosa,openshift-rosa-portal[]
+ifndef::openshift-rosa-portal[]
 [role="_additional-resources"]
 == Additional resources
 
 * xref:../nodes/scheduling/nodes-scheduler-pod-topology-spread-constraints.adoc#nodes-scheduler-pod-topology-spread-constraints[Configuring pod topology spread constraints]
-endif::openshift-dedicated,openshift-rosa,openshift-rosa-portal[]
+endif::openshift-rosa-portal[]
 
 include::modules/registry-operator-configuration-resource-overview.adoc[leveloffset=+1]
 
@@ -66,7 +66,6 @@ include::modules/images-configuration-cas.adoc[leveloffset=+1]
 
 include::modules/registry-operator-config-resources-storage-credentials.adoc[leveloffset=+1]
 
-ifndef::openshift-dedicated,openshift-rosa[]
 [role="_additional-resources"]
 == Additional resources
 
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc
index 1b4c03bb09e9..3b70476815cf 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-aws-user-infrastructure"]
 = Configuring the registry for AWS user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc
index 323dba46fd31..c7cef975cbbb 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-azure-user-infrastructure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-azure-user-infrastructure"]
 = Configuring the registry for Azure user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc b/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
index 2f20996fbde3..872ab2256768 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-baremetal"]
 = Configuring the registry for bare metal
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc
index edbb20aca1f6..c2ebe1dd7553 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-gcp-user-infrastructure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-gcp-user-infrastructure"]
 = Configuring the registry for GCP user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-nutanix.adoc b/registry/configuring_registry_storage/configuring-registry-storage-nutanix.adoc
new file mode 100644
index 000000000000..13b1c425500f
--- /dev/null
+++ b/registry/configuring_registry_storage/configuring-registry-storage-nutanix.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-registry-storage-nutanix"]
+= Configuring the registry for Nutanix
+include::_attributes/common-attributes.adoc[]
+:context: configuring-registry-storage-nutanix
+toc::[]
+
+By following the steps outlined in this documentation, users can optimize container image distribution, security, and access controls, enabling a robust foundation for Nutanix applications on {product-title}
+
+include::modules/registry-removed.adoc[leveloffset=+1]
+
+include::modules/registry-change-management-state.adoc[leveloffset=+1]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+1]
+
+include::modules/configuring-registry-storage-nutanix.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-non-production.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-block-recreate-rollout-nutanix.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-registry-storage-rhodf-nooba.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-registry-storage-rhodf-cephfs.adoc[leveloffset=+1]
+
+[id="configuring-registry-storage-nutanix-addtl-resources"]
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Recommended configurable storage technology]
+* link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.10/html-single/managing_and_allocating_storage_resources/index#configuring-image-registry-to-use-openshift-data-foundation_rhodf[Configuring Image Registry to use OpenShift Data Foundation]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc b/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc
index f7fb9df07bac..127e1f4fb8c5 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-openstack-user-infrastructure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-openstack-user-infrastructure"]
 = Configuring the registry for OpenStack user-provisioned infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-osp.adoc b/registry/configuring_registry_storage/configuring-registry-storage-osp.adoc
index 1829ba8d1a8f..6a55d46c73b5 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-osp.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-osp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-openstack"]
 = Configuring the registry for {rh-openstack}
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-rhodf.adoc b/registry/configuring_registry_storage/configuring-registry-storage-rhodf.adoc
index 3ea1b207e3a4..40f01073866b 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-rhodf.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-rhodf.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-rhodf"]
 = Configuring the registry for Red Hat OpenShift Data Foundation
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc b/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
index 58de10120421..7910fcba1151 100644
--- a/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
+++ b/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-registry-storage-vsphere"]
 = Configuring the registry for vSphere
 include::_attributes/common-attributes.adoc[]
diff --git a/registry/index.adoc b/registry/index.adoc
index a82f8c8365dd..441f0922b11a 100644
--- a/registry/index.adoc
+++ b/registry/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="registry-overview"]
 include::_attributes/common-attributes.adoc[]
 = {product-registry} overview
diff --git a/registry/securing-exposing-registry.adoc b/registry/securing-exposing-registry.adoc
index d8b549f87c0f..aff9f029b480 100644
--- a/registry/securing-exposing-registry.adoc
+++ b/registry/securing-exposing-registry.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: securing-exposing-registry
 [id="securing-exposing-registry"]
 = Exposing the registry
diff --git a/release_notes/ocp-4-15-release-notes.adoc b/release_notes/ocp-4-15-release-notes.adoc
new file mode 100644
index 000000000000..57d66248d993
--- /dev/null
+++ b/release_notes/ocp-4-15-release-notes.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="ocp-4-15-release-notes"]
+= {product-title} {product-version} release notes
+include::_attributes/common-attributes.adoc[]
+:context: release-notes
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+Release note changes should be added/edited in their own PR.
+
+This file is here to allow builds to work.
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 7fd8d5664196..a31c300cb38a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-aura~=0.0.0
+./aura.tar.gz
 lxml~=4.9.1
-PyYAML~=6.0
-requests~=2.28.1
\ No newline at end of file
+pyyaml~=6.0
+requests~=2.31.0
diff --git a/rest_api/authorization_apis/authorization-apis-index.adoc b/rest_api/authorization_apis/authorization-apis-index.adoc
index e59517362f87..3387f6841b67 100644
--- a/rest_api/authorization_apis/authorization-apis-index.adoc
+++ b/rest_api/authorization_apis/authorization-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="authorization-apis"]
 = Authorization APIs
 :toc: macro
@@ -82,6 +82,17 @@ SubjectRulesReview is a resource you can create to determine which actions anoth
 Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
+Type::
+  `object`
+
+== SelfSubjectReview [authentication.k8s.io/v1]
+
+Description::
++
+--
+SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+--
+
 Type::
   `object`
 
diff --git a/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc
index cab672b4ceff..8a6f4c5dc9f6 100644
--- a/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc
+++ b/rest_api/authorization_apis/localresourceaccessreview-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="localresourceaccessreview-authorization-openshift-io-v1"]
 = LocalResourceAccessReview [authorization.openshift.io/v1]
 :toc: macro
@@ -92,14 +92,6 @@ The following API endpoints are available:
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/localresourceaccessreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -108,15 +100,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
index be59b12a419b..c1ac9a9f168b 100644
--- a/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="localsubjectaccessreview-authorization-k8s-io-v1"]
 = LocalSubjectAccessReview [authorization.k8s.io/v1]
 :toc: macro
@@ -226,14 +226,6 @@ The following API endpoints are available:
 
 === /apis/authorization.k8s.io/v1/namespaces/{namespace}/localsubjectaccessreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -242,15 +234,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc
index a1f347985461..2b25e4f70095 100644
--- a/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc
+++ b/rest_api/authorization_apis/localsubjectaccessreview-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="localsubjectaccessreview-authorization-openshift-io-v1"]
 = LocalSubjectAccessReview [authorization.openshift.io/v1]
 :toc: macro
@@ -107,14 +107,6 @@ The following API endpoints are available:
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/localsubjectaccessreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -123,15 +115,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc
index 5b243fe6fc50..34c8f17b2acc 100644
--- a/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc
+++ b/rest_api/authorization_apis/resourceaccessreview-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="resourceaccessreview-authorization-openshift-io-v1"]
 = ResourceAccessReview [authorization.openshift.io/v1]
 :toc: macro
@@ -100,15 +100,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
index ae1b082ff8d2..affc50f493d9 100644
--- a/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="selfsubjectaccessreview-authorization-k8s-io-v1"]
 = SelfSubjectAccessReview [authorization.k8s.io/v1]
 :toc: macro
@@ -201,15 +201,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc b/rest_api/authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc
new file mode 100644
index 000000000000..1e79a3dce13e
--- /dev/null
+++ b/rest_api/authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc
@@ -0,0 +1,173 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="selfsubjectreview-authentication-k8s-io-v1"]
+= SelfSubjectReview [authentication.k8s.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `status`
+| `object`
+| SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
+
+|===
+=== .status
+Description::
++
+--
+SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `userInfo`
+| `object`
+| UserInfo holds the information about the user needed to implement the user.Info interface.
+
+|===
+=== .status.userInfo
+Description::
++
+--
+UserInfo holds the information about the user needed to implement the user.Info interface.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `extra`
+| `object`
+| Any additional information provided by the authenticator.
+
+| `extra{}`
+| `array (string)`
+| 
+
+| `groups`
+| `array (string)`
+| The names of groups this user is a part of.
+
+| `uid`
+| `string`
+| A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
+
+| `username`
+| `string`
+| The name that uniquely identifies this user among all active users.
+
+|===
+=== .status.userInfo.extra
+Description::
++
+--
+Any additional information provided by the authenticator.
+--
+
+Type::
+  `object`
+
+
+
+
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/authentication.k8s.io/v1/selfsubjectreviews`
+- `POST`: create a SelfSubjectReview
+
+
+=== /apis/authentication.k8s.io/v1/selfsubjectreviews
+
+
+.Global query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a SelfSubjectReview
+
+
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc#selfsubjectreview-authentication-k8s-io-v1[`SelfSubjectReview`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc#selfsubjectreview-authentication-k8s-io-v1[`SelfSubjectReview`] schema
+| 201 - Created
+| xref:../authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc#selfsubjectreview-authentication-k8s-io-v1[`SelfSubjectReview`] schema
+| 202 - Accepted
+| xref:../authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc#selfsubjectreview-authentication-k8s-io-v1[`SelfSubjectReview`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc
index d7daf03b6179..962081685366 100644
--- a/rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="selfsubjectrulesreview-authorization-k8s-io-v1"]
 = SelfSubjectRulesReview [authorization.k8s.io/v1]
 :toc: macro
@@ -226,15 +226,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc
index 6ee790980d8a..4ceb1cbfbf85 100644
--- a/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc
+++ b/rest_api/authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="selfsubjectrulesreview-authorization-openshift-io-v1"]
 = SelfSubjectRulesReview [authorization.openshift.io/v1]
 :toc: macro
@@ -171,14 +171,6 @@ The following API endpoints are available:
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/selfsubjectrulesreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -187,15 +179,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc b/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
index f31235855fa3..cf144a1ecf10 100644
--- a/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="subjectaccessreview-authorization-k8s-io-v1"]
 = SubjectAccessReview [authorization.k8s.io/v1]
 :toc: macro
@@ -234,15 +234,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc
index 4762c5df349c..ec139ad1897b 100644
--- a/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc
+++ b/rest_api/authorization_apis/subjectaccessreview-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="subjectaccessreview-authorization-openshift-io-v1"]
 = SubjectAccessReview [authorization.openshift.io/v1]
 :toc: macro
@@ -115,15 +115,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc b/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc
index fb7d1efe2c09..daad0707c109 100644
--- a/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc
+++ b/rest_api/authorization_apis/subjectrulesreview-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="subjectrulesreview-authorization-openshift-io-v1"]
 = SubjectRulesReview [authorization.openshift.io/v1]
 :toc: macro
@@ -181,14 +181,6 @@ The following API endpoints are available:
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/subjectrulesreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -197,15 +189,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/tokenrequest-authentication-k8s-io-v1.adoc b/rest_api/authorization_apis/tokenrequest-authentication-k8s-io-v1.adoc
index 5d8ad9c0d260..10790cf445ed 100644
--- a/rest_api/authorization_apis/tokenrequest-authentication-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/tokenrequest-authentication-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tokenrequest-authentication-k8s-io-v1"]
 = TokenRequest [authentication.k8s.io/v1]
 :toc: macro
@@ -161,9 +161,6 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the TokenRequest
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -173,15 +170,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/authorization_apis/tokenreview-authentication-k8s-io-v1.adoc b/rest_api/authorization_apis/tokenreview-authentication-k8s-io-v1.adoc
index f2f61f8845a9..a7f39244d57a 100644
--- a/rest_api/authorization_apis/tokenreview-authentication-k8s-io-v1.adoc
+++ b/rest_api/authorization_apis/tokenreview-authentication-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tokenreview-authentication-k8s-io-v1"]
 = TokenReview [authentication.k8s.io/v1]
 :toc: macro
@@ -183,9 +183,12 @@ The following API endpoints are available:
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -230,15 +233,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/autoscale_apis/autoscale-apis-index.adoc b/rest_api/autoscale_apis/autoscale-apis-index.adoc
index fc671ac69cf3..1b7f6089e325 100644
--- a/rest_api/autoscale_apis/autoscale-apis-index.adoc
+++ b/rest_api/autoscale_apis/autoscale-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="autoscale-apis"]
 = Autoscale APIs
 :toc: macro
diff --git a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc
index 65417e608ad5..dcde8ee49242 100644
--- a/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc
+++ b/rest_api/autoscale_apis/clusterautoscaler-autoscaling-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterautoscaler-autoscaling-openshift-io-v1"]
 = ClusterAutoscaler [autoscaling.openshift.io/v1]
 :toc: macro
@@ -328,14 +328,6 @@ The following API endpoints are available:
 === /apis/autoscaling.openshift.io/v1/clusterautoscalers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -344,46 +336,6 @@ Description::
   delete collection of ClusterAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -403,46 +355,6 @@ Description::
   list objects of kind ClusterAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -469,12 +381,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -512,14 +421,6 @@ Description::
 | name of the ClusterAutoscaler
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -535,25 +436,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -574,16 +458,6 @@ Description::
   read the specified ClusterAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -610,22 +484,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -651,12 +514,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -692,14 +552,6 @@ Description::
 | name of the ClusterAutoscaler
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -708,16 +560,6 @@ Description::
   read status of the specified ClusterAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -744,22 +586,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -785,12 +616,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc b/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc
index 7a68c367d3e4..d576d4e8d6b9 100644
--- a/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc
+++ b/rest_api/autoscale_apis/horizontalpodautoscaler-autoscaling-v2.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="horizontalpodautoscaler-autoscaling-v2"]
 = HorizontalPodAutoscaler [autoscaling/v2]
 :toc: macro
@@ -148,7 +148,7 @@ Type::
 
 | `stabilizationWindowSeconds`
 | `integer`
-| StabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+| stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
 
 |===
 === .spec.behavior.scaleDown.policies
@@ -187,15 +187,15 @@ Required::
 
 | `periodSeconds`
 | `integer`
-| PeriodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+| periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
 
 | `type`
 | `string`
-| Type is used to specify the scaling policy.
+| type is used to specify the scaling policy.
 
 | `value`
 | `integer`
-| Value contains the amount of change which is permitted by the policy. It must be greater than zero
+| value contains the amount of change which is permitted by the policy. It must be greater than zero
 
 |===
 === .spec.behavior.scaleUp
@@ -229,7 +229,7 @@ Type::
 
 | `stabilizationWindowSeconds`
 | `integer`
-| StabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+| stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
 
 |===
 === .spec.behavior.scaleUp.policies
@@ -268,15 +268,15 @@ Required::
 
 | `periodSeconds`
 | `integer`
-| PeriodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+| periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
 
 | `type`
 | `string`
-| Type is used to specify the scaling policy.
+| type is used to specify the scaling policy.
 
 | `value`
 | `integer`
-| Value contains the amount of change which is permitted by the policy. It must be greater than zero
+| value contains the amount of change which is permitted by the policy. It must be greater than zero
 
 |===
 === .spec.metrics
@@ -555,15 +555,15 @@ Required::
 
 | `apiVersion`
 | `string`
-| API version of the referent
+| apiVersion is the API version of the referent
 
 | `kind`
 | `string`
-| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 |===
 === .spec.metrics[].object.metric
@@ -810,15 +810,15 @@ Required::
 
 | `apiVersion`
 | `string`
-| API version of the referent
+| apiVersion is the API version of the referent
 
 | `kind`
 | `string`
-| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 |===
 === .status
@@ -1007,7 +1007,7 @@ Required::
 
 | `container`
 | `string`
-| Container is the name of the container in the pods of the scaling target
+| container is the name of the container in the pods of the scaling target
 
 | `current`
 | `object`
@@ -1015,7 +1015,7 @@ Required::
 
 | `name`
 | `string`
-| Name is the name of the resource in question.
+| name is the name of the resource in question.
 
 |===
 === .status.currentMetrics[].containerResource.current
@@ -1221,15 +1221,15 @@ Required::
 
 | `apiVersion`
 | `string`
-| API version of the referent
+| apiVersion is the API version of the referent
 
 | `kind`
 | `string`
-| Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+| kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `name`
 | `string`
-| Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 
 |===
 === .status.currentMetrics[].object.metric
@@ -1373,7 +1373,7 @@ Required::
 
 | `name`
 | `string`
-| Name is the name of the resource in question.
+| name is the name of the resource in question.
 
 |===
 === .status.currentMetrics[].resource.current
@@ -1437,49 +1437,6 @@ The following API endpoints are available:
 === /apis/autoscaling/v2/horizontalpodautoscalers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1502,49 +1459,6 @@ Description::
 === /apis/autoscaling/v2/watch/horizontalpodautoscalers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1566,23 +1480,7 @@ Description::
 
 === /apis/autoscaling/v2/namespaces/{namespace}/horizontalpodautoscalers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1595,57 +1493,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1664,46 +1516,6 @@ Description::
   list or watch objects of kind HorizontalPodAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1730,12 +1542,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1764,58 +1573,7 @@ Description::
 
 === /apis/autoscaling/v2/watch/namespaces/{namespace}/horizontalpodautoscalers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1844,19 +1602,8 @@ Description::
 | `name`
 | `string`
 | name of the HorizontalPodAutoscaler
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1872,25 +1619,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1935,25 +1665,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1981,12 +1697,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2020,54 +1733,8 @@ Description::
 | `name`
 | `string`
 | name of the HorizontalPodAutoscaler
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2096,19 +1763,8 @@ Description::
 | `name`
 | `string`
 | name of the HorizontalPodAutoscaler
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -2141,25 +1797,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2187,12 +1829,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc b/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc
index 612db4a7a9d7..bc858b2c0ec6 100644
--- a/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc
+++ b/rest_api/autoscale_apis/machineautoscaler-autoscaling-openshift-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machineautoscaler-autoscaling-openshift-io-v1beta1"]
 = MachineAutoscaler [autoscaling.openshift.io/v1beta1]
 :toc: macro
@@ -193,49 +193,6 @@ The following API endpoints are available:
 === /apis/autoscaling.openshift.io/v1beta1/machineautoscalers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -257,23 +214,7 @@ Description::
 
 === /apis/autoscaling.openshift.io/v1beta1/namespaces/{namespace}/machineautoscalers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -282,46 +223,6 @@ Description::
   delete collection of MachineAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -341,46 +242,6 @@ Description::
   list objects of kind MachineAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -407,12 +268,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -448,19 +306,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineAutoscaler
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -476,25 +323,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -515,16 +345,6 @@ Description::
   read the specified MachineAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -551,22 +371,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -592,12 +401,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -631,19 +437,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineAutoscaler
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -652,16 +447,6 @@ Description::
   read status of the specified MachineAutoscaler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -688,22 +473,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -729,12 +503,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/autoscale_apis/scale-autoscaling-v1.adoc b/rest_api/autoscale_apis/scale-autoscaling-v1.adoc
index c993ab4667ee..0d06808243b9 100644
--- a/rest_api/autoscale_apis/scale-autoscaling-v1.adoc
+++ b/rest_api/autoscale_apis/scale-autoscaling-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="scale-autoscaling-v1"]
 = Scale [autoscaling/v1]
 :toc: macro
@@ -65,7 +65,7 @@ Type::
 
 | `replicas`
 | `integer`
-| desired number of instances for the scaled object.
+| replicas is the desired number of instances for the scaled object.
 
 |===
 === .status
@@ -89,11 +89,11 @@ Required::
 
 | `replicas`
 | `integer`
-| actual number of observed instances of the scaled object.
+| replicas is the actual number of observed instances of the scaled object.
 
 | `selector`
 | `string`
-| label query over pods that should match the replicas count. This is same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+| selector is the label query over pods that should match the replicas count. This is same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 
 |===
 
@@ -128,19 +128,8 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the Scale
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -173,25 +162,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -219,12 +194,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -258,19 +230,8 @@ Description::
 | `name`
 | `string`
 | name of the Scale
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -303,25 +264,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -349,12 +296,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -388,19 +332,8 @@ Description::
 | `name`
 | `string`
 | name of the Scale
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -433,25 +366,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -479,12 +398,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -518,19 +434,8 @@ Description::
 | `name`
 | `string`
 | name of the Scale
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -563,25 +468,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -609,12 +500,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc b/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc
index bfcd2748b770..9e2a30efeab2 100644
--- a/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/apiserver-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="apiserver-config-openshift-io-v1"]
 = APIServer [config.openshift.io/v1]
 :toc: macro
@@ -89,7 +89,7 @@ Type::
 | `tlsSecurityProfile`
 | `object`
 | tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. 
- If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.
+ If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
 
 |===
 === .spec.audit
@@ -311,7 +311,7 @@ Description::
 +
 --
 tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. 
- If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.
+ If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
 --
 
 Type::
@@ -327,21 +327,21 @@ Type::
 | `custom`
 | ``
 | custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: 
- ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1
+ ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11
 
 | `intermediate`
 | ``
 | intermediate is a TLS security profile based on: 
  https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 
  and looks like this (yaml): 
- ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2
+ ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12
 
 | `modern`
 | ``
 | modern is a TLS security profile based on: 
  https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility 
  and looks like this (yaml): 
- ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 
+ ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 
  NOTE: Currently unsupported.
 
 | `old`
@@ -349,7 +349,7 @@ Type::
 | old is a TLS security profile based on: 
  https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility 
  and looks like this (yaml): 
- ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0
+ ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10
 
 | `type`
 | `string`
@@ -395,14 +395,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/apiservers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -411,46 +403,6 @@ Description::
   delete collection of APIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -470,46 +422,6 @@ Description::
   list objects of kind APIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -536,12 +448,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -579,14 +488,6 @@ Description::
 | name of the APIServer
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -602,25 +503,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -641,16 +525,6 @@ Description::
   read the specified APIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -677,22 +551,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -718,12 +581,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -759,14 +619,6 @@ Description::
 | name of the APIServer
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -775,16 +627,6 @@ Description::
   read status of the specified APIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -811,22 +653,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -852,12 +683,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc
index 861fc4cf5519..33f5f9c4268a 100644
--- a/rest_api/config_apis/authentication-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/authentication-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="authentication-config-openshift-io-v1"]
 = Authentication [config.openshift.io/v1]
 :toc: macro
@@ -80,7 +80,8 @@ Type::
 
 | `webhookTokenAuthenticator`
 | `object`
-| webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.
+| webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. 
+ Can only be set if "Type" is set to "None".
 
 | `webhookTokenAuthenticators`
 | `array`
@@ -119,7 +120,8 @@ Required::
 Description::
 +
 --
-webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.
+webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. 
+ Can only be set if "Type" is set to "None".
 --
 
 Type::
@@ -297,14 +299,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/authentications
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -313,46 +307,6 @@ Description::
   delete collection of Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -372,46 +326,6 @@ Description::
   list objects of kind Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -438,12 +352,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -481,14 +392,6 @@ Description::
 | name of the Authentication
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -504,25 +407,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -543,16 +429,6 @@ Description::
   read the specified Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -579,22 +455,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -620,12 +485,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -661,14 +523,6 @@ Description::
 | name of the Authentication
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -677,16 +531,6 @@ Description::
   read status of the specified Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -713,22 +557,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -754,12 +587,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/build-config-openshift-io-v1.adoc b/rest_api/config_apis/build-config-openshift-io-v1.adoc
index 581d82fad1f8..6e448ee8e8a7 100644
--- a/rest_api/config_apis/build-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/build-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="build-config-openshift-io-v1"]
 = Build [config.openshift.io/v1]
 :toc: macro
@@ -197,7 +197,7 @@ Description::
 --
 trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
  The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+ apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
 --
 
 Type::
@@ -467,7 +467,7 @@ Description::
 --
 trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
  The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+ apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
 --
 
 Type::
@@ -547,7 +547,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -559,7 +559,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.buildDefaults.resources.claims
@@ -568,7 +568,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -756,14 +756,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/builds
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -772,46 +764,6 @@ Description::
   delete collection of Build
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -831,46 +783,6 @@ Description::
   list objects of kind Build
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -897,12 +809,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -940,14 +849,6 @@ Description::
 | name of the Build
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -963,25 +864,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1002,16 +886,6 @@ Description::
   read the specified Build
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1038,22 +912,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1079,12 +942,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1120,14 +980,6 @@ Description::
 | name of the Build
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1136,16 +988,6 @@ Description::
   read status of the specified Build
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1172,22 +1014,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1213,12 +1044,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc b/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc
index 4f3b2526101a..e8e46271cadc 100644
--- a/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/clusteroperator-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusteroperator-config-openshift-io-v1"]
 = ClusterOperator [config.openshift.io/v1]
 :toc: macro
@@ -279,14 +279,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/clusteroperators
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -295,46 +287,6 @@ Description::
   delete collection of ClusterOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -354,46 +306,6 @@ Description::
   list objects of kind ClusterOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -420,12 +332,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -463,14 +372,6 @@ Description::
 | name of the ClusterOperator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -486,25 +387,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -525,16 +409,6 @@ Description::
   read the specified ClusterOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -561,22 +435,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -602,12 +465,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -643,14 +503,6 @@ Description::
 | name of the ClusterOperator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -659,16 +511,6 @@ Description::
   read status of the specified ClusterOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -695,22 +537,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -736,12 +567,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc
index da038d8d825d..aa85ab175c18 100644
--- a/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/clusterversion-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterversion-config-openshift-io-v1"]
 = ClusterVersion [config.openshift.io/v1]
 :toc: macro
@@ -760,14 +760,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/clusterversions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -776,46 +768,6 @@ Description::
   delete collection of ClusterVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -835,46 +787,6 @@ Description::
   list objects of kind ClusterVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -901,12 +813,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -944,14 +853,6 @@ Description::
 | name of the ClusterVersion
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -967,25 +868,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1006,16 +890,6 @@ Description::
   read the specified ClusterVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1042,22 +916,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1083,12 +946,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1124,14 +984,6 @@ Description::
 | name of the ClusterVersion
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1140,16 +992,6 @@ Description::
   read status of the specified ClusterVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1176,22 +1018,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1217,12 +1048,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/config-apis-index.adoc b/rest_api/config_apis/config-apis-index.adoc
index ae6ba5cb0f65..84ed12d57664 100644
--- a/rest_api/config_apis/config-apis-index.adoc
+++ b/rest_api/config_apis/config-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="config-apis"]
 = Config APIs
 :toc: macro
diff --git a/rest_api/config_apis/console-config-openshift-io-v1.adoc b/rest_api/config_apis/console-config-openshift-io-v1.adoc
index 231e3d79052d..9a934c6e4840 100644
--- a/rest_api/config_apis/console-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/console-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="console-config-openshift-io-v1"]
 = Console [config.openshift.io/v1]
 :toc: macro
@@ -138,14 +138,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/consoles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -154,46 +146,6 @@ Description::
   delete collection of Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -213,46 +165,6 @@ Description::
   list objects of kind Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -279,12 +191,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -322,14 +231,6 @@ Description::
 | name of the Console
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -345,25 +246,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -384,16 +268,6 @@ Description::
   read the specified Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -420,22 +294,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -461,12 +324,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -502,14 +362,6 @@ Description::
 | name of the Console
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -518,16 +370,6 @@ Description::
   read status of the specified Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -554,22 +396,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -595,12 +426,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/dns-config-openshift-io-v1.adoc b/rest_api/config_apis/dns-config-openshift-io-v1.adoc
index a2485820171c..e5bfab2fd721 100644
--- a/rest_api/config_apis/dns-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/dns-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dns-config-openshift-io-v1"]
 = DNS [config.openshift.io/v1]
 :toc: macro
@@ -72,6 +72,10 @@ Type::
  For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. 
  Once set, this field cannot be changed.
 
+| `platform`
+| `object`
+| platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+
 | `privateZone`
 | `object`
 | privateZone is the location where all the DNS records that are only available internally to the cluster exist. 
@@ -84,6 +88,57 @@ Type::
  If this field is nil, no public records should be created. 
  Once set, this field cannot be changed.
 
+|===
+=== .spec.platform
+Description::
++
+--
+platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `aws`
+| `object`
+| aws contains DNS configuration specific to the Amazon Web Services cloud provider.
+
+| `type`
+| `string`
+| type is the underlying infrastructure provider for the cluster. Allowed values: "", "AWS". 
+ Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.
+
+|===
+=== .spec.platform.aws
+Description::
++
+--
+aws contains DNS configuration specific to the Amazon Web Services cloud provider.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `privateZoneIAMRole`
+| `string`
+| privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.
+
 |===
 === .spec.privateZone
 Description::
@@ -185,14 +240,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/dnses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -201,46 +248,6 @@ Description::
   delete collection of DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -260,46 +267,6 @@ Description::
   list objects of kind DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -326,12 +293,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -369,14 +333,6 @@ Description::
 | name of the DNS
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -392,25 +348,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -431,16 +370,6 @@ Description::
   read the specified DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -467,22 +396,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -508,12 +426,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -549,14 +464,6 @@ Description::
 | name of the DNS
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -565,16 +472,6 @@ Description::
   read status of the specified DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -601,22 +498,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -642,12 +528,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc b/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc
index ab99af9f9501..147287dbe221 100644
--- a/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/featuregate-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="featuregate-config-openshift-io-v1"]
 = FeatureGate [config.openshift.io/v1]
 :toc: macro
@@ -88,6 +88,219 @@ Type::
 
 
 
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"
+
+| `conditions[]`
+| `object`
+| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
+ type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
+ // other fields }
+
+| `featureGates`
+| `array`
+| featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
+
+| `featureGates[]`
+| `object`
+| 
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
+ type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
+ // other fields }
+--
+
+Type::
+  `object`
+
+Required::
+  - `lastTransitionTime`
+  - `message`
+  - `reason`
+  - `status`
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+
+| `message`
+| `string`
+| message is a human readable message indicating details about the transition. This may be an empty string.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+
+| `reason`
+| `string`
+| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+
+| `status`
+| `string`
+| status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+
+|===
+=== .status.featureGates
+Description::
++
+--
+featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.featureGates[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `version`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `disabled`
+| `array`
+| disabled is a list of all feature gates that are disabled in the cluster for the named version.
+
+| `disabled[]`
+| `object`
+| 
+
+| `enabled`
+| `array`
+| enabled is a list of all feature gates that are enabled in the cluster for the named version.
+
+| `enabled[]`
+| `object`
+| 
+
+| `version`
+| `string`
+| version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.
+
+|===
+=== .status.featureGates[].disabled
+Description::
++
+--
+disabled is a list of all feature gates that are disabled in the cluster for the named version.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.featureGates[].disabled[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the FeatureGate.
+
+|===
+=== .status.featureGates[].enabled
+Description::
++
+--
+enabled is a list of all feature gates that are enabled in the cluster for the named version.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.featureGates[].enabled[]
+Description::
++
+--
+
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the FeatureGate.
+
+|===
 
 == API endpoints
 
@@ -111,14 +324,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/featuregates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -127,46 +332,6 @@ Description::
   delete collection of FeatureGate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -186,46 +351,6 @@ Description::
   list objects of kind FeatureGate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -252,12 +377,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -295,14 +417,6 @@ Description::
 | name of the FeatureGate
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -318,25 +432,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -357,16 +454,6 @@ Description::
   read the specified FeatureGate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -393,22 +480,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -434,12 +510,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -475,14 +548,6 @@ Description::
 | name of the FeatureGate
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -491,16 +556,6 @@ Description::
   read status of the specified FeatureGate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -527,22 +582,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -568,12 +612,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc b/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc
index b9f3d200df17..b3164437e967 100644
--- a/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc
+++ b/rest_api/config_apis/helmchartrepository-helm-openshift-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="helmchartrepository-helm-openshift-io-v1beta1"]
 = HelmChartRepository [helm.openshift.io/v1beta1]
 :toc: macro
@@ -275,14 +275,6 @@ The following API endpoints are available:
 === /apis/helm.openshift.io/v1beta1/helmchartrepositories
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -291,46 +283,6 @@ Description::
   delete collection of HelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -350,46 +302,6 @@ Description::
   list objects of kind HelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -416,12 +328,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -459,14 +368,6 @@ Description::
 | name of the HelmChartRepository
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -482,25 +383,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -521,16 +405,6 @@ Description::
   read the specified HelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -557,22 +431,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -598,12 +461,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -639,14 +499,6 @@ Description::
 | name of the HelmChartRepository
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -655,16 +507,6 @@ Description::
   read status of the specified HelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -691,22 +533,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -732,12 +563,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/image-config-openshift-io-v1.adoc b/rest_api/config_apis/image-config-openshift-io-v1.adoc
index fd14797f0b0b..4af492205708 100644
--- a/rest_api/config_apis/image-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/image-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="image-config-openshift-io-v1"]
 = Image [config.openshift.io/v1]
 :toc: macro
@@ -209,7 +209,7 @@ Type::
 
 | `internalRegistryHostname`
 | `string`
-| internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable.
+| internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname.
 
 |===
 
@@ -235,14 +235,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/images
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -251,46 +243,6 @@ Description::
   delete collection of Image
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -310,46 +262,6 @@ Description::
   list objects of kind Image
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -376,12 +288,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -419,14 +328,6 @@ Description::
 | name of the Image
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -442,25 +343,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -481,16 +365,6 @@ Description::
   read the specified Image
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -517,22 +391,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -558,12 +421,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -599,14 +459,6 @@ Description::
 | name of the Image
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -615,16 +467,6 @@ Description::
   read status of the specified Image
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -651,22 +493,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -692,12 +523,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc b/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc
index e7c1b55449c4..943acfd9f4ca 100644
--- a/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/imagecontentpolicy-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagecontentpolicy-config-openshift-io-v1"]
 = ImageContentPolicy [config.openshift.io/v1]
 :toc: macro
@@ -145,14 +145,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/imagecontentpolicies
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -161,46 +153,6 @@ Description::
   delete collection of ImageContentPolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -220,46 +172,6 @@ Description::
   list objects of kind ImageContentPolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -286,12 +198,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -329,14 +238,6 @@ Description::
 | name of the ImageContentPolicy
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -352,25 +253,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -391,16 +275,6 @@ Description::
   read the specified ImageContentPolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -427,22 +301,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -468,12 +331,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -509,14 +369,6 @@ Description::
 | name of the ImageContentPolicy
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -525,16 +377,6 @@ Description::
   read status of the specified ImageContentPolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -561,22 +403,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -602,12 +433,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc b/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc
index 97ab8cff7d32..a6d470dbd2fb 100644
--- a/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/imagedigestmirrorset-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagedigestmirrorset-config-openshift-io-v1"]
 = ImageDigestMirrorSet [config.openshift.io/v1]
 :toc: macro
@@ -162,14 +162,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/imagedigestmirrorsets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -178,46 +170,6 @@ Description::
   delete collection of ImageDigestMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -237,46 +189,6 @@ Description::
   list objects of kind ImageDigestMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -303,12 +215,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -346,14 +255,6 @@ Description::
 | name of the ImageDigestMirrorSet
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -369,25 +270,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -408,16 +292,6 @@ Description::
   read the specified ImageDigestMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -444,22 +318,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -485,12 +348,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -526,14 +386,6 @@ Description::
 | name of the ImageDigestMirrorSet
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -542,16 +394,6 @@ Description::
   read status of the specified ImageDigestMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -578,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -619,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc b/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc
index 4aea48963165..c0620fb18430 100644
--- a/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/imagetagmirrorset-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagetagmirrorset-config-openshift-io-v1"]
 = ImageTagMirrorSet [config.openshift.io/v1]
 :toc: macro
@@ -162,14 +162,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/imagetagmirrorsets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -178,46 +170,6 @@ Description::
   delete collection of ImageTagMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -237,46 +189,6 @@ Description::
   list objects of kind ImageTagMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -303,12 +215,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -346,14 +255,6 @@ Description::
 | name of the ImageTagMirrorSet
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -369,25 +270,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -408,16 +292,6 @@ Description::
   read the specified ImageTagMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -444,22 +318,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -485,12 +348,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -526,14 +386,6 @@ Description::
 | name of the ImageTagMirrorSet
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -542,16 +394,6 @@ Description::
   read status of the specified ImageTagMirrorSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -578,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -619,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
index 0468a23ba40d..32d7b1d4dd99 100644
--- a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="infrastructure-config-openshift-io-v1"]
 = Infrastructure [config.openshift.io/v1]
 :toc: macro
@@ -379,6 +379,14 @@ Required::
 |===
 | Property | Type | Description
 
+| `failureDomains`
+| `array`
+| failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.
+
+| `failureDomains[]`
+| `object`
+| NutanixFailureDomain configures failure domain information for the Nutanix platform.
+
 | `prismCentral`
 | `object`
 | prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
@@ -391,6 +399,134 @@ Required::
 | `object`
 | NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)
 
+|===
+=== .spec.platformSpec.nutanix.failureDomains
+Description::
++
+--
+failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.platformSpec.nutanix.failureDomains[]
+Description::
++
+--
+NutanixFailureDomain configures failure domain information for the Nutanix platform.
+--
+
+Type::
+  `object`
+
+Required::
+  - `cluster`
+  - `name`
+  - `subnets`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cluster`
+| `object`
+| cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+
+| `name`
+| `string`
+| name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.
+
+| `subnets`
+| `array`
+| subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+
+| `subnets[]`
+| `object`
+| NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)
+
+|===
+=== .spec.platformSpec.nutanix.failureDomains[].cluster
+Description::
++
+--
+cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the resource name in the PC. It cannot be empty if the type is Name.
+
+| `type`
+| `string`
+| type is the identifier type to use for this resource.
+
+| `uuid`
+| `string`
+| uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.
+
+|===
+=== .spec.platformSpec.nutanix.failureDomains[].subnets
+Description::
++
+--
+subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.platformSpec.nutanix.failureDomains[].subnets[]
+Description::
++
+--
+NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the resource name in the PC. It cannot be empty if the type is Name.
+
+| `type`
+| `string`
+| type is the identifier type to use for this resource.
+
+| `uuid`
+| `string`
+| uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.
+
 |===
 === .spec.platformSpec.nutanix.prismCentral
 Description::
@@ -889,6 +1025,10 @@ Type::
 | `string`
 | controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.
 
+| `cpuPartitioning`
+| `string`
+| cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.
+
 | `etcdDiscoveryDomain`
 | `string`
 | etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored.  It will be removed in a future release.
@@ -1350,6 +1490,38 @@ Type::
 
 
 
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cloudControllerManager`
+| `object`
+| cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
+
+|===
+=== .status.platformStatus.external.cloudControllerManager
+Description::
++
+--
+cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `state`
+| `string`
+| state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager 
+ Valid values are "External", "None" and omitted. When set to "External", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to "None", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
+
+|===
 === .status.platformStatus.gcp
 Description::
 +
@@ -1413,6 +1585,56 @@ Type::
 | `string`
 | ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.
 
+| `serviceEndpoints`
+| `array`
+| serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.
+
+| `serviceEndpoints[]`
+| `object`
+| IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.
+
+|===
+=== .status.platformStatus.ibmcloud.serviceEndpoints
+Description::
++
+--
+serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.platformStatus.ibmcloud.serviceEndpoints[]
+Description::
++
+--
+IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `url`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`
+
+| `url`
+| `string`
+| url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
+
 |===
 === .status.platformStatus.kubevirt
 Description::
@@ -1515,10 +1737,36 @@ Type::
 | `array (string)`
 | ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
 
+| `loadBalancer`
+| `object`
+| loadBalancer defines how the load balancer used by the cluster is configured.
+
 | `nodeDNSIP`
 | `string`
 | nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
 
+|===
+=== .status.platformStatus.openstack.loadBalancer
+Description::
++
+--
+loadBalancer defines how the load balancer used by the cluster is configured.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `type`
+| `string`
+| type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+
 |===
 === .status.platformStatus.ovirt
 Description::
@@ -1711,14 +1959,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/infrastructures
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1727,46 +1967,6 @@ Description::
   delete collection of Infrastructure
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1786,46 +1986,6 @@ Description::
   list objects of kind Infrastructure
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1852,12 +2012,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1895,14 +2052,6 @@ Description::
 | name of the Infrastructure
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1918,25 +2067,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1957,16 +2089,6 @@ Description::
   read the specified Infrastructure
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1993,22 +2115,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2034,12 +2145,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2075,14 +2183,6 @@ Description::
 | name of the Infrastructure
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -2091,16 +2191,6 @@ Description::
   read status of the specified Infrastructure
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -2127,22 +2217,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2168,12 +2247,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/ingress-config-openshift-io-v1.adoc b/rest_api/config_apis/ingress-config-openshift-io-v1.adoc
index 49f1d7e58ed5..9d1aa71f9ba8 100644
--- a/rest_api/config_apis/ingress-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/ingress-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingress-config-openshift-io-v1"]
 = Ingress [config.openshift.io/v1]
 :toc: macro
@@ -670,14 +670,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/ingresses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -686,46 +678,6 @@ Description::
   delete collection of Ingress
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -745,46 +697,6 @@ Description::
   list objects of kind Ingress
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -811,12 +723,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -854,14 +763,6 @@ Description::
 | name of the Ingress
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -877,25 +778,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -916,16 +800,6 @@ Description::
   read the specified Ingress
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -952,22 +826,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -993,12 +856,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1034,14 +894,6 @@ Description::
 | name of the Ingress
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1050,16 +902,6 @@ Description::
   read status of the specified Ingress
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1086,22 +928,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1127,12 +958,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/network-config-openshift-io-v1.adoc b/rest_api/config_apis/network-config-openshift-io-v1.adoc
index 5e5995a39ec9..cee637b47f10 100644
--- a/rest_api/config_apis/network-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/network-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="network-config-openshift-io-v1"]
 = Network [config.openshift.io/v1]
 :toc: macro
@@ -386,14 +386,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/networks
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -402,46 +394,6 @@ Description::
   delete collection of Network
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -461,46 +413,6 @@ Description::
   list objects of kind Network
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -527,12 +439,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -570,14 +479,6 @@ Description::
 | name of the Network
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -593,25 +494,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -632,16 +516,6 @@ Description::
   read the specified Network
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -668,22 +542,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -709,12 +572,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/node-config-openshift-io-v1.adoc b/rest_api/config_apis/node-config-openshift-io-v1.adoc
index 4060a65e6e8f..d3089239fafc 100644
--- a/rest_api/config_apis/node-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/node-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="node-config-openshift-io-v1"]
 = Node [config.openshift.io/v1]
 :toc: macro
@@ -111,14 +111,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/nodes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -127,46 +119,6 @@ Description::
   delete collection of Node
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -186,46 +138,6 @@ Description::
   list objects of kind Node
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -252,12 +164,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -295,14 +204,6 @@ Description::
 | name of the Node
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -318,25 +219,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -357,16 +241,6 @@ Description::
   read the specified Node
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -393,22 +267,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -434,12 +297,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -475,14 +335,6 @@ Description::
 | name of the Node
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -491,16 +343,6 @@ Description::
   read status of the specified Node
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -527,22 +369,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -568,12 +399,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/oauth-config-openshift-io-v1.adoc b/rest_api/config_apis/oauth-config-openshift-io-v1.adoc
index 3f62826e630d..f91ad617f7c7 100644
--- a/rest_api/config_apis/oauth-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/oauth-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oauth-config-openshift-io-v1"]
 = OAuth [config.openshift.io/v1]
 :toc: macro
@@ -1145,14 +1145,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/oauths
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1161,46 +1153,6 @@ Description::
   delete collection of OAuth
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1220,46 +1172,6 @@ Description::
   list objects of kind OAuth
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1286,12 +1198,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1329,14 +1238,6 @@ Description::
 | name of the OAuth
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1352,25 +1253,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1391,16 +1275,6 @@ Description::
   read the specified OAuth
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1427,22 +1301,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1468,12 +1331,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1509,14 +1369,6 @@ Description::
 | name of the OAuth
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1525,16 +1377,6 @@ Description::
   read status of the specified OAuth
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1561,22 +1403,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1602,12 +1433,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/operatorhub-config-openshift-io-v1.adoc b/rest_api/config_apis/operatorhub-config-openshift-io-v1.adoc
index 92fef25e82cb..cbaf50314537 100644
--- a/rest_api/config_apis/operatorhub-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/operatorhub-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operatorhub-config-openshift-io-v1"]
 = OperatorHub [config.openshift.io/v1]
 :toc: macro
@@ -212,14 +212,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/operatorhubs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -228,46 +220,6 @@ Description::
   delete collection of OperatorHub
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -287,46 +239,6 @@ Description::
   list objects of kind OperatorHub
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -353,12 +265,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -396,14 +305,6 @@ Description::
 | name of the OperatorHub
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -419,25 +320,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -458,16 +342,6 @@ Description::
   read the specified OperatorHub
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -494,22 +368,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -535,12 +398,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -576,14 +436,6 @@ Description::
 | name of the OperatorHub
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -592,16 +444,6 @@ Description::
   read status of the specified OperatorHub
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -628,22 +470,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -669,12 +500,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/project-config-openshift-io-v1.adoc b/rest_api/config_apis/project-config-openshift-io-v1.adoc
index a8316133616a..f55c324353be 100644
--- a/rest_api/config_apis/project-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/project-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="project-config-openshift-io-v1"]
 = Project [config.openshift.io/v1]
 :toc: macro
@@ -133,14 +133,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/projects
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -149,46 +141,6 @@ Description::
   delete collection of Project
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -208,46 +160,6 @@ Description::
   list objects of kind Project
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -274,12 +186,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -317,14 +226,6 @@ Description::
 | name of the Project
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -340,25 +241,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -379,16 +263,6 @@ Description::
   read the specified Project
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -415,22 +289,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -456,12 +319,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -497,14 +357,6 @@ Description::
 | name of the Project
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -513,16 +365,6 @@ Description::
   read status of the specified Project
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -549,22 +391,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -590,12 +421,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc b/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc
index d802c4aad686..7c10bdff355b 100644
--- a/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc
+++ b/rest_api/config_apis/projecthelmchartrepository-helm-openshift-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="projecthelmchartrepository-helm-openshift-io-v1beta1"]
 = ProjectHelmChartRepository [helm.openshift.io/v1beta1]
 :toc: macro
@@ -305,49 +305,6 @@ The following API endpoints are available:
 === /apis/helm.openshift.io/v1beta1/projecthelmchartrepositories
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -369,23 +326,7 @@ Description::
 
 === /apis/helm.openshift.io/v1beta1/namespaces/{namespace}/projecthelmchartrepositories
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -394,46 +335,6 @@ Description::
   delete collection of ProjectHelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -453,46 +354,6 @@ Description::
   list objects of kind ProjectHelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -519,12 +380,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -560,19 +418,8 @@ Description::
 | `name`
 | `string`
 | name of the ProjectHelmChartRepository
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -588,25 +435,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -627,16 +457,6 @@ Description::
   read the specified ProjectHelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -663,22 +483,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -704,12 +513,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -743,19 +549,8 @@ Description::
 | `name`
 | `string`
 | name of the ProjectHelmChartRepository
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -764,16 +559,6 @@ Description::
   read status of the specified ProjectHelmChartRepository
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -800,22 +585,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -841,12 +615,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/proxy-config-openshift-io-v1.adoc b/rest_api/config_apis/proxy-config-openshift-io-v1.adoc
index 13bc6df76388..9800476612fc 100644
--- a/rest_api/config_apis/proxy-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/proxy-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="proxy-config-openshift-io-v1"]
 = Proxy [config.openshift.io/v1]
 :toc: macro
@@ -95,7 +95,7 @@ Description::
 --
 trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key "ca-bundle.crt", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. 
  The namespace for the ConfigMap referenced by trustedCA is "openshift-config". Here is an example ConfigMap (in yaml): 
- apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
+ apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: \| -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----
 --
 
 Type::
@@ -168,14 +168,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/proxies
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -184,46 +176,6 @@ Description::
   delete collection of Proxy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -243,46 +195,6 @@ Description::
   list objects of kind Proxy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -309,12 +221,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -352,14 +261,6 @@ Description::
 | name of the Proxy
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -375,25 +276,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -414,16 +298,6 @@ Description::
   read the specified Proxy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -450,22 +324,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -491,12 +354,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -532,14 +392,6 @@ Description::
 | name of the Proxy
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -548,16 +400,6 @@ Description::
   read status of the specified Proxy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -584,22 +426,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -625,12 +456,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc b/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc
index 5906973f070b..22d8c41880f0 100644
--- a/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc
+++ b/rest_api/config_apis/scheduler-config-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="scheduler-config-openshift-io-v1"]
 = Scheduler [config.openshift.io/v1]
 :toc: macro
@@ -144,14 +144,6 @@ The following API endpoints are available:
 === /apis/config.openshift.io/v1/schedulers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -160,46 +152,6 @@ Description::
   delete collection of Scheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -219,46 +171,6 @@ Description::
   list objects of kind Scheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -285,12 +197,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -328,14 +237,6 @@ Description::
 | name of the Scheduler
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -351,25 +252,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -390,16 +274,6 @@ Description::
   read the specified Scheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -426,22 +300,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -467,12 +330,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -508,14 +368,6 @@ Description::
 | name of the Scheduler
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -524,16 +376,6 @@ Description::
   read status of the specified Scheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -560,22 +402,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -601,12 +432,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/console-apis-index.adoc b/rest_api/console_apis/console-apis-index.adoc
index 3871d06e426c..6e8aacc9418b 100644
--- a/rest_api/console_apis/console-apis-index.adoc
+++ b/rest_api/console_apis/console-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="console-apis"]
 = Console APIs
 :toc: macro
@@ -76,6 +76,18 @@ ConsoleQuickStart is an extension for guiding user through various workflows in
  Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
 --
 
+Type::
+  `object`
+
+== ConsoleSample [console.openshift.io/v1]
+
+Description::
++
+--
+ConsoleSample is an extension to customizing OpenShift web console by adding samples. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
 Type::
   `object`
 
diff --git a/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc
index 867a83b60466..ae449d43b241 100644
--- a/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleclidownload-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consoleclidownload-console-openshift-io-v1"]
 = ConsoleCLIDownload [console.openshift.io/v1]
 :toc: macro
@@ -147,14 +147,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consoleclidownloads
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -163,46 +155,6 @@ Description::
   delete collection of ConsoleCLIDownload
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -222,46 +174,6 @@ Description::
   list objects of kind ConsoleCLIDownload
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -288,12 +200,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -331,14 +240,6 @@ Description::
 | name of the ConsoleCLIDownload
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -354,25 +255,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -393,16 +277,6 @@ Description::
   read the specified ConsoleCLIDownload
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -429,22 +303,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -470,12 +333,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -511,14 +371,6 @@ Description::
 | name of the ConsoleCLIDownload
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -527,16 +379,6 @@ Description::
   read status of the specified ConsoleCLIDownload
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -563,22 +405,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -604,12 +435,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc
index 24024ef99ac4..2b2c24b99b67 100644
--- a/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleexternalloglink-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consoleexternalloglink-console-openshift-io-v1"]
 = ConsoleExternalLogLink [console.openshift.io/v1]
 :toc: macro
@@ -102,14 +102,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consoleexternalloglinks
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -118,46 +110,6 @@ Description::
   delete collection of ConsoleExternalLogLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -177,46 +129,6 @@ Description::
   list objects of kind ConsoleExternalLogLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -243,12 +155,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -286,14 +195,6 @@ Description::
 | name of the ConsoleExternalLogLink
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -309,25 +210,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -348,16 +232,6 @@ Description::
   read the specified ConsoleExternalLogLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -384,22 +258,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -425,12 +288,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -466,14 +326,6 @@ Description::
 | name of the ConsoleExternalLogLink
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -482,16 +334,6 @@ Description::
   read status of the specified ConsoleExternalLogLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -518,22 +360,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -559,12 +390,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc b/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc
index ee94e0750c70..012cac88d73c 100644
--- a/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolelink-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consolelink-console-openshift-io-v1"]
 = ConsoleLink [console.openshift.io/v1]
 :toc: macro
@@ -240,14 +240,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consolelinks
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -256,46 +248,6 @@ Description::
   delete collection of ConsoleLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -315,46 +267,6 @@ Description::
   list objects of kind ConsoleLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -381,12 +293,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -424,14 +333,6 @@ Description::
 | name of the ConsoleLink
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -447,25 +348,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -486,16 +370,6 @@ Description::
   read the specified ConsoleLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -522,22 +396,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -563,12 +426,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -604,14 +464,6 @@ Description::
 | name of the ConsoleLink
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -620,16 +472,6 @@ Description::
   read status of the specified ConsoleLink
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -656,22 +498,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -697,12 +528,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc b/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc
index e9a2465948a0..713644bdb8d6 100644
--- a/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolenotification-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consolenotification-console-openshift-io-v1"]
 = ConsoleNotification [console.openshift.io/v1]
 :toc: macro
@@ -137,14 +137,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consolenotifications
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -153,46 +145,6 @@ Description::
   delete collection of ConsoleNotification
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -212,46 +164,6 @@ Description::
   list objects of kind ConsoleNotification
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -278,12 +190,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -321,14 +230,6 @@ Description::
 | name of the ConsoleNotification
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -344,25 +245,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -383,16 +267,6 @@ Description::
   read the specified ConsoleNotification
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -419,22 +293,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -460,12 +323,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -501,14 +361,6 @@ Description::
 | name of the ConsoleNotification
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -517,16 +369,6 @@ Description::
   read status of the specified ConsoleNotification
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -553,22 +395,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -594,12 +425,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
index 3e1808eef93a..e159b8cb4707 100644
--- a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consoleplugin-console-openshift-io-v1"]
 = ConsolePlugin [console.openshift.io/v1]
 :toc: macro
@@ -313,14 +313,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consoleplugins
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -329,46 +321,6 @@ Description::
   delete collection of ConsolePlugin
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -388,46 +340,6 @@ Description::
   list objects of kind ConsolePlugin
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -454,12 +366,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -497,14 +406,6 @@ Description::
 | name of the ConsolePlugin
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -520,25 +421,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -559,16 +443,6 @@ Description::
   read the specified ConsolePlugin
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -595,22 +469,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -636,12 +499,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc b/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc
index 1ad35e2f2b9a..a8a09effe3f8 100644
--- a/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consolequickstart-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consolequickstart-console-openshift-io-v1"]
 = ConsoleQuickStart [console.openshift.io/v1]
 :toc: macro
@@ -307,14 +307,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consolequickstarts
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -323,46 +315,6 @@ Description::
   delete collection of ConsoleQuickStart
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -382,46 +334,6 @@ Description::
   list objects of kind ConsoleQuickStart
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -448,12 +360,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -491,14 +400,6 @@ Description::
 | name of the ConsoleQuickStart
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -514,25 +415,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -553,16 +437,6 @@ Description::
   read the specified ConsoleQuickStart
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -589,22 +463,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -630,12 +493,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc b/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc
new file mode 100644
index 000000000000..555df5b52bb8
--- /dev/null
+++ b/rest_api/console_apis/consolesample-console-openshift-io-v1.adoc
@@ -0,0 +1,524 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="consolesample-console-openshift-io-v1"]
+= ConsoleSample [console.openshift.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+ConsoleSample is an extension to customizing OpenShift web console by adding samples. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
+Required::
+  - `metadata`
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec contains configuration for a console sample.
+
+|===
+=== .spec
+Description::
++
+--
+spec contains configuration for a console sample.
+--
+
+Type::
+  `object`
+
+Required::
+  - `abstract`
+  - `description`
+  - `source`
+  - `title`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `abstract`
+| `string`
+| abstract is a short introduction to the sample. 
+ It is required and must be no more than 100 characters in length. 
+ The abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.
+
+| `description`
+| `string`
+| description is a long form explanation of the sample. 
+ It is required and can have a maximum length of **4096** characters. 
+ It is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.
+
+| `icon`
+| `string`
+| icon is an optional base64 encoded image and shown beside the sample title. 
+ The format must follow the data: URL format and can have a maximum size of **10 KB**. 
+ data:[<mediatype>][;base64],<base64 encoded image> 
+ For example: 
+ data:image;base64,             plus the base64 encoded image. 
+ Vector images can also be used. SVG icons must start with: 
+ data:image/svg+xml;base64,     plus the base64 encoded SVG image. 
+ All sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px. 
+ For more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.
+
+| `provider`
+| `string`
+| provider is an optional label to honor who provides the sample. 
+ It is optional and must be no more than 50 characters in length. 
+ A provider can be a company like "Red Hat" or an organization like "CNCF" or "Knative". 
+ Currently, the provider is only shown on the sample card tile below the title with the prefix "Provided by "
+
+| `source`
+| `object`
+| source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.
+
+| `tags`
+| `array (string)`
+| tags are optional string values that can be used to find samples in the samples catalog. 
+ Examples of common tags may be "Java", "Quarkus", etc. 
+ They will be displayed on the samples details page.
+
+| `title`
+| `string`
+| title is the display name of the sample. 
+ It is required and must be no more than 50 characters in length.
+
+| `type`
+| `string`
+| type is an optional label to group multiple samples. 
+ It is optional and must be no more than 20 characters in length. 
+ Recommendation is a singular term like "Builder Image", "Devfile" or "Serverless Function". 
+ Currently, the type is shown a badge on the sample card tile in the top right corner.
+
+|===
+=== .spec.source
+Description::
++
+--
+source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `containerImport`
+| `object`
+| containerImport allows the user import a container image.
+
+| `gitImport`
+| `object`
+| gitImport allows the user to import code from a git repository.
+
+| `type`
+| `string`
+| type of the sample, currently supported: "GitImport";"ContainerImport"
+
+|===
+=== .spec.source.containerImport
+Description::
++
+--
+containerImport allows the user import a container image.
+--
+
+Type::
+  `object`
+
+Required::
+  - `image`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `image`
+| `string`
+| reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field. 
+ Supported formats: - <repository-name>/<image-name> - docker.io/<repository-name>/<image-name> - quay.io/<repository-name>/<image-name> - quay.io/<repository-name>/<image-name>@sha256:<image hash> - quay.io/<repository-name>/<image-name>:<tag>
+
+| `service`
+| `object`
+| service contains configuration for the Service resource created for this sample.
+
+|===
+=== .spec.source.containerImport.service
+Description::
++
+--
+service contains configuration for the Service resource created for this sample.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `targetPort`
+| `integer`
+| targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.
+
+|===
+=== .spec.source.gitImport
+Description::
++
+--
+gitImport allows the user to import code from a git repository.
+--
+
+Type::
+  `object`
+
+Required::
+  - `repository`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `repository`
+| `object`
+| repository contains the reference to the actual Git repository.
+
+| `service`
+| `object`
+| service contains configuration for the Service resource created for this sample.
+
+|===
+=== .spec.source.gitImport.repository
+Description::
++
+--
+repository contains the reference to the actual Git repository.
+--
+
+Type::
+  `object`
+
+Required::
+  - `url`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `contextDir`
+| `string`
+| contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.
+
+| `revision`
+| `string`
+| revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.
+
+| `url`
+| `string`
+| url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field. 
+ Only public repositories on GitHub, GitLab and Bitbucket are currently supported: 
+ - https://github.com/<org>/<repository> - https://gitlab.com/<org>/<repository> - https://bitbucket.org/<org>/<repository> 
+ The url must have a maximum length of 256 characters.
+
+|===
+=== .spec.source.gitImport.service
+Description::
++
+--
+service contains configuration for the Service resource created for this sample.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `targetPort`
+| `integer`
+| targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/console.openshift.io/v1/consolesamples`
+- `DELETE`: delete collection of ConsoleSample
+- `GET`: list objects of kind ConsoleSample
+- `POST`: create a ConsoleSample
+* `/apis/console.openshift.io/v1/consolesamples/{name}`
+- `DELETE`: delete a ConsoleSample
+- `GET`: read the specified ConsoleSample
+- `PATCH`: partially update the specified ConsoleSample
+- `PUT`: replace the specified ConsoleSample
+
+
+=== /apis/console.openshift.io/v1/consolesamples
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of ConsoleSample
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind ConsoleSample
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.console.v1.ConsoleSampleList[`ConsoleSampleList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a ConsoleSample
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 201 - Created
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 202 - Accepted
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/console.openshift.io/v1/consolesamples/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ConsoleSample
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a ConsoleSample
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified ConsoleSample
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ConsoleSample
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified ConsoleSample
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 201 - Created
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`ConsoleSample`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc
index 902983f6346a..73b6ff553784 100644
--- a/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc
+++ b/rest_api/console_apis/consoleyamlsample-console-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="consoleyamlsample-console-openshift-io-v1"]
 = ConsoleYAMLSample [console.openshift.io/v1]
 :toc: macro
@@ -134,14 +134,6 @@ The following API endpoints are available:
 === /apis/console.openshift.io/v1/consoleyamlsamples
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -150,46 +142,6 @@ Description::
   delete collection of ConsoleYAMLSample
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -209,46 +161,6 @@ Description::
   list objects of kind ConsoleYAMLSample
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -275,12 +187,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -318,14 +227,6 @@ Description::
 | name of the ConsoleYAMLSample
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -341,25 +242,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -380,16 +264,6 @@ Description::
   read the specified ConsoleYAMLSample
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -416,22 +290,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -457,12 +320,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/editing-kubelet-log-level-verbosity.adoc b/rest_api/editing-kubelet-log-level-verbosity.adoc
index 745da3425d1c..6d9ce69feb90 100644
--- a/rest_api/editing-kubelet-log-level-verbosity.adoc
+++ b/rest_api/editing-kubelet-log-level-verbosity.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="editing-kubelet-log-level-verbosity"]
 = Editing kubelet log level verbosity and gathering logs
 include::_attributes/common-attributes.adoc[]
diff --git a/rest_api/extension_apis/apiservice-apiregistration-k8s-io-v1.adoc b/rest_api/extension_apis/apiservice-apiregistration-k8s-io-v1.adoc
index 6ff6943d9ef7..62ff6cb13c53 100644
--- a/rest_api/extension_apis/apiservice-apiregistration-k8s-io-v1.adoc
+++ b/rest_api/extension_apis/apiservice-apiregistration-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="apiservice-apiregistration-k8s-io-v1"]
 = APIService [apiregistration.k8s.io/v1]
 :toc: macro
@@ -232,14 +232,6 @@ The following API endpoints are available:
 === /apis/apiregistration.k8s.io/v1/apiservices
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -252,57 +244,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -321,46 +267,6 @@ Description::
   list or watch objects of kind APIService
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -387,12 +293,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -422,49 +325,6 @@ Description::
 === /apis/apiregistration.k8s.io/v1/watch/apiservices
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -495,14 +355,6 @@ Description::
 | name of the APIService
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -518,25 +370,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -581,25 +416,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -627,12 +448,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -668,49 +486,6 @@ Description::
 | name of the APIService
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -741,14 +516,6 @@ Description::
 | name of the APIService
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -781,25 +548,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -827,12 +580,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc b/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc
index 2ce1c4c96cf3..1c6231fdade2 100644
--- a/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc
+++ b/rest_api/extension_apis/customresourcedefinition-apiextensions-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="customresourcedefinition-apiextensions-k8s-io-v1"]
 = CustomResourceDefinition [apiextensions.k8s.io/v1]
 :toc: macro
@@ -120,7 +120,7 @@ Required::
 
 | `strategy`
 | `string`
-| strategy specifies how custom resources are converted between versions. Allowed values are: - `None`: The converter only change the apiVersion and would not touch any other field in the custom resource. - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information
+| strategy specifies how custom resources are converted between versions. Allowed values are: - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information
   is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
 
 | `webhook`
@@ -662,14 +662,6 @@ The following API endpoints are available:
 === /apis/apiextensions.k8s.io/v1/customresourcedefinitions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -682,57 +674,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -751,46 +697,6 @@ Description::
   list or watch objects of kind CustomResourceDefinition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -817,12 +723,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -852,49 +755,6 @@ Description::
 === /apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -925,14 +785,6 @@ Description::
 | name of the CustomResourceDefinition
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -948,25 +800,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1011,25 +846,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1057,12 +878,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1098,49 +916,6 @@ Description::
 | name of the CustomResourceDefinition
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1171,14 +946,6 @@ Description::
 | name of the CustomResourceDefinition
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1211,25 +978,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1257,12 +1010,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/extension_apis/extension-apis-index.adoc b/rest_api/extension_apis/extension-apis-index.adoc
index 87fc1b4a567c..39835f6fd525 100644
--- a/rest_api/extension_apis/extension-apis-index.adoc
+++ b/rest_api/extension_apis/extension-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="extension-apis"]
 = Extension APIs
 :toc: macro
diff --git a/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
index e6a6727a5ef3..7caeaf6b66a5 100644
--- a/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
+++ b/rest_api/extension_apis/mutatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="mutatingwebhookconfiguration-admissionregistration-k8s-io-v1"]
 = MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
 :toc: macro
@@ -93,6 +93,27 @@ Required::
 | `string`
 | FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
 
+Possible enum values:
+ - `"Fail"` means that an error calling the webhook causes the admission to fail.
+ - `"Ignore"` means that an error calling the webhook is ignored.
+
+| `matchConditions`
+| `array`
+| MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
+
+| `matchConditions[]`
+| `object`
+| MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+
 | `matchPolicy`
 | `string`
 | matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
@@ -103,6 +124,10 @@ Required::
 
 Defaults to "Equivalent"
 
+Possible enum values:
+ - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
+ - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule.
+
 | `name`
 | `string`
 | The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
@@ -155,6 +180,10 @@ IfNeeded: the webhook will be called at least one additional time as part of the
 
 Defaults to "Never".
 
+Possible enum values:
+ - `"IfNeeded"` indicates that the webhook may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.
+ - `"Never"` indicates that the webhook must not be called more than once in a single admission evaluation.
+
 | `rules`
 | `array`
 | Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
@@ -167,6 +196,12 @@ Defaults to "Never".
 | `string`
 | SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
 
+Possible enum values:
+ - `"None"` means that calling the webhook will have no side effects.
+ - `"NoneOnDryRun"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.
+ - `"Some"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+ - `"Unknown"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+
 | `timeoutSeconds`
 | `integer`
 | TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
@@ -248,6 +283,67 @@ Required::
 | `integer`
 | If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
 
+|===
+=== .webhooks[].matchConditions
+Description::
++
+--
+MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[].matchConditions[]
+Description::
++
+--
+MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `expression`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `expression`
+| `string`
+| Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
+
+'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+  request resource.
+Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
+
+Required.
+
+| `name`
+| `string`
+| Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
+
+Required.
+
 |===
 === .webhooks[].rules
 Description::
@@ -329,14 +425,6 @@ The following API endpoints are available:
 === /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -349,57 +437,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -418,46 +460,6 @@ Description::
   list or watch objects of kind MutatingWebhookConfiguration
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -484,12 +486,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -519,49 +518,6 @@ Description::
 === /apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -592,14 +548,6 @@ Description::
 | name of the MutatingWebhookConfiguration
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -615,25 +563,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -678,25 +609,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -724,12 +641,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -765,49 +679,6 @@ Description::
 | name of the MutatingWebhookConfiguration
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc b/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
index 44e119f51d32..2426cb9d779a 100644
--- a/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
+++ b/rest_api/extension_apis/validatingwebhookconfiguration-admissionregistration-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="validatingwebhookconfiguration-admissionregistration-k8s-io-v1"]
 = ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
 :toc: macro
@@ -93,6 +93,27 @@ Required::
 | `string`
 | FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
 
+Possible enum values:
+ - `"Fail"` means that an error calling the webhook causes the admission to fail.
+ - `"Ignore"` means that an error calling the webhook is ignored.
+
+| `matchConditions`
+| `array`
+| MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
+
+| `matchConditions[]`
+| `object`
+| MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+
 | `matchPolicy`
 | `string`
 | matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
@@ -103,6 +124,10 @@ Required::
 
 Defaults to "Equivalent"
 
+Possible enum values:
+ - `"Equivalent"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
+ - `"Exact"` means requests should only be sent to the webhook if they exactly match a given rule.
+
 | `name`
 | `string`
 | The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
@@ -157,6 +182,12 @@ Default to the empty LabelSelector, which matches everything.
 | `string`
 | SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
 
+Possible enum values:
+ - `"None"` means that calling the webhook will have no side effects.
+ - `"NoneOnDryRun"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.
+ - `"Some"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+ - `"Unknown"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
+
 | `timeoutSeconds`
 | `integer`
 | TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
@@ -238,6 +269,67 @@ Required::
 | `integer`
 | If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
 
+|===
+=== .webhooks[].matchConditions
+Description::
++
+--
+MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
+
+The exact matching logic is (in order):
+  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
+  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
+  3. If any matchCondition evaluates to an error (but none are FALSE):
+     - If failurePolicy=Fail, reject the request
+     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
+
+This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .webhooks[].matchConditions[]
+Description::
++
+--
+MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `expression`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `expression`
+| `string`
+| Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
+
+'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+  request resource.
+Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
+
+Required.
+
+| `name`
+| `string`
+| Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
+
+Required.
+
 |===
 === .webhooks[].rules
 Description::
@@ -319,14 +411,6 @@ The following API endpoints are available:
 === /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -339,57 +423,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -408,46 +446,6 @@ Description::
   list or watch objects of kind ValidatingWebhookConfiguration
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -474,12 +472,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -509,49 +504,6 @@ Description::
 === /apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -582,14 +534,6 @@ Description::
 | name of the ValidatingWebhookConfiguration
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -605,25 +549,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -668,25 +595,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -714,12 +627,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -755,49 +665,6 @@ Description::
 | name of the ValidatingWebhookConfiguration
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/image_apis/image-apis-index.adoc b/rest_api/image_apis/image-apis-index.adoc
index 362de51aca60..4bc841ea2695 100644
--- a/rest_api/image_apis/image-apis-index.adoc
+++ b/rest_api/image_apis/image-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="image-apis"]
 = Image APIs
 :toc: macro
diff --git a/rest_api/image_apis/image-image-openshift-io-v1.adoc b/rest_api/image_apis/image-image-openshift-io-v1.adoc
index 92c981fc2a4c..b0da6813f943 100644
--- a/rest_api/image_apis/image-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/image-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="image-image-openshift-io-v1"]
 = Image [image.openshift.io/v1]
 :toc: macro
@@ -81,7 +81,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -275,7 +275,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -425,14 +425,6 @@ The following API endpoints are available:
 === /apis/image.openshift.io/v1/images
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -445,57 +437,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -514,46 +460,6 @@ Description::
   list or watch objects of kind Image
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -580,12 +486,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -615,49 +518,6 @@ Description::
 === /apis/image.openshift.io/v1/watch/images
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -688,14 +548,6 @@ Description::
 | name of the Image
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -711,25 +563,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -774,25 +609,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -820,12 +641,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -861,49 +679,6 @@ Description::
 | name of the Image
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc b/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc
index 64542b8e2c93..d7967109092c 100644
--- a/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagesignature-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagesignature-image-openshift-io-v1"]
 = ImageSignature [image.openshift.io/v1]
 :toc: macro
@@ -68,7 +68,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -216,15 +216,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
@@ -277,18 +271,6 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
 HTTP method::
@@ -299,14 +281,6 @@ Description::
 
 
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
diff --git a/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc
index 6037c32645b1..e0cd0e60e9b8 100644
--- a/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagestream-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagestream-image-openshift-io-v1"]
 = ImageStream [image.openshift.io/v1]
 :toc: macro
@@ -37,7 +37,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -453,49 +453,6 @@ The following API endpoints are available:
 === /apis/image.openshift.io/v1/imagestreams
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -518,49 +475,6 @@ Description::
 === /apis/image.openshift.io/v1/watch/imagestreams
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -582,23 +496,7 @@ Description::
 
 === /apis/image.openshift.io/v1/namespaces/{namespace}/imagestreams
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -611,57 +509,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -680,46 +532,6 @@ Description::
   list or watch objects of kind ImageStream
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -746,12 +558,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -780,58 +589,7 @@ Description::
 
 === /apis/image.openshift.io/v1/watch/namespaces/{namespace}/imagestreams
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -860,19 +618,8 @@ Description::
 | `name`
 | `string`
 | name of the ImageStream
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -888,25 +635,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -951,25 +681,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -997,12 +713,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1036,54 +749,8 @@ Description::
 | `name`
 | `string`
 | name of the ImageStream
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1112,19 +779,8 @@ Description::
 | `name`
 | `string`
 | name of the ImageStream
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1157,25 +813,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1203,12 +845,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc
index 379e2f41dc0d..7ec7f5c78f69 100644
--- a/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagestreamimage-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagestreamimage-image-openshift-io-v1"]
 = ImageStreamImage [image.openshift.io/v1]
 :toc: macro
@@ -45,7 +45,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 === .image
@@ -121,7 +121,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -315,7 +315,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -460,19 +460,8 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the ImageStreamImage
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc
index cf0b9bf412e8..352ccffcf8b1 100644
--- a/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagestreamimport-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagestreamimport-image-openshift-io-v1"]
 = ImageStreamImport [image.openshift.io/v1]
 :toc: macro
@@ -42,7 +42,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -452,7 +452,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -646,7 +646,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -859,7 +859,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -1053,7 +1053,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -1209,7 +1209,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -1758,7 +1758,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -1952,7 +1952,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -2165,7 +2165,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -2359,7 +2359,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -2497,14 +2497,6 @@ The following API endpoints are available:
 
 === /apis/image.openshift.io/v1/namespaces/{namespace}/imagestreamimports
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -2513,15 +2505,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc
index 9ccc24421d40..0c127439c7b5 100644
--- a/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagestreamlayers-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagestreamlayers-image-openshift-io-v1"]
 = ImageStreamLayers [image.openshift.io/v1]
 :toc: macro
@@ -56,7 +56,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 === .blobs
@@ -166,19 +166,8 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the ImageStreamLayers
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc
index 077b841105c7..c9ac07fc0091 100644
--- a/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagestreammapping-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagestreammapping-image-openshift-io-v1"]
 = ImageStreamMapping [image.openshift.io/v1]
 :toc: macro
@@ -46,7 +46,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `tag`
 | `string`
@@ -126,7 +126,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -320,7 +320,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -458,14 +458,6 @@ The following API endpoints are available:
 
 === /apis/image.openshift.io/v1/namespaces/{namespace}/imagestreammappings
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -474,15 +466,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc b/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc
index cf4befe1de32..595e0c4c1436 100644
--- a/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagestreamtag-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagestreamtag-image-openshift-io-v1"]
 = ImageStreamTag [image.openshift.io/v1]
 :toc: macro
@@ -64,7 +64,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `tag`
 | `object`
@@ -203,7 +203,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -397,7 +397,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -670,49 +670,6 @@ The following API endpoints are available:
 === /apis/image.openshift.io/v1/imagestreamtags
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -734,23 +691,7 @@ Description::
 
 === /apis/image.openshift.io/v1/namespaces/{namespace}/imagestreamtags
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -759,46 +700,6 @@ Description::
   list objects of kind ImageStreamTag
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -825,12 +726,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -866,19 +764,8 @@ Description::
 | `name`
 | `string`
 | name of the ImageStreamTag
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -894,25 +781,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -957,25 +827,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1003,12 +859,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc b/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc
index a092299a1a39..f94302bc994a 100644
--- a/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/imagetag-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagetag-image-openshift-io-v1"]
 = ImageTag [image.openshift.io/v1]
 :toc: macro
@@ -47,7 +47,7 @@ Compatibility level 1: Stable within a major release for a minimum of 12 months
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -131,7 +131,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signatures`
 | `array`
@@ -325,7 +325,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `signedClaims`
 | `object (string)`
@@ -726,49 +726,6 @@ The following API endpoints are available:
 === /apis/image.openshift.io/v1/imagetags
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -790,23 +747,7 @@ Description::
 
 === /apis/image.openshift.io/v1/namespaces/{namespace}/imagetags
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -815,46 +756,6 @@ Description::
   list objects of kind ImageTag
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -881,12 +782,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -922,19 +820,8 @@ Description::
 | `name`
 | `string`
 | name of the ImageTag
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -950,25 +837,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1013,25 +883,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1059,12 +915,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc b/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc
index cc612ff80759..0bf70d66c21b 100644
--- a/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc
+++ b/rest_api/image_apis/secretlist-image-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="secretlist-image-openshift-io-v1"]
 = SecretList [image.openshift.io/v1]
 :toc: macro
@@ -62,54 +62,8 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the SecretList
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/index.adoc b/rest_api/index.adoc
index f8ae6e4c9e84..42873bdf00f4 100644
--- a/rest_api/index.adoc
+++ b/rest_api/index.adoc
@@ -1,15 +1,21 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="api-index"]
 = API index
 
 [cols="1,1",options="header"]
 |===
 ^| API ^| API group
+| xref:./network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[AdminPolicyBasedExternalRoute]
+| k8s.ovn.org/v1
+| xref:./monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[AlertingRule]
+| monitoring.openshift.io/v1
 | xref:./monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc#alertmanager-monitoring-coreos-com-v1[Alertmanager]
 | monitoring.coreos.com/v1
 | xref:./monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc#alertmanagerconfig-monitoring-coreos-com-v1beta1[AlertmanagerConfig]
 | monitoring.coreos.com/v1beta1
+| xref:./monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[AlertRelabelConfig]
+| monitoring.openshift.io/v1
 | xref:./metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc#apirequestcount-apiserver-openshift-io-v1[APIRequestCount]
 | apiserver.openshift.io/v1
 | xref:./config_apis/apiserver-config-openshift-io-v1.adoc#apiserver-config-openshift-io-v1[APIServer]
@@ -94,6 +100,8 @@
 | console.openshift.io/v1
 | xref:./console_apis/consolequickstart-console-openshift-io-v1.adoc#consolequickstart-console-openshift-io-v1[ConsoleQuickStart]
 | console.openshift.io/v1
+| xref:./console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[ConsoleSample]
+| console.openshift.io/v1
 | xref:./console_apis/consoleyamlsample-console-openshift-io-v1.adoc#consoleyamlsample-console-openshift-io-v1[ConsoleYAMLSample]
 | console.openshift.io/v1
 | xref:./machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc#containerruntimeconfig-machineconfiguration-openshift-io-v1[ContainerRuntimeConfig]
@@ -144,6 +152,8 @@
 | k8s.ovn.org/v1
 | xref:./network_apis/egressrouter-network-operator-openshift-io-v1.adoc#egressrouter-network-operator-openshift-io-v1[EgressRouter]
 | network.operator.openshift.io/v1
+| xref:./network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[EgressService]
+| k8s.ovn.org/v1
 | xref:./network_apis/endpoints-v1.adoc#endpoints-v1[Endpoints]
 | v1
 | xref:./network_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[EndpointSlice]
@@ -160,6 +170,8 @@
 | config.openshift.io/v1
 | xref:./provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc#firmwareschema-metal3-io-v1alpha1[FirmwareSchema]
 | metal3.io/v1alpha1
+| xref:./schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[FlowSchema]
+| flowcontrol.apiserver.k8s.io/v1beta3
 | xref:./user_and_group_apis/group-user-openshift-io-v1.adoc#group-user-openshift-io-v1[Group]
 | user.openshift.io/v1
 | xref:./provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc#hardwaredata-metal3-io-v1alpha1[HardwareData]
@@ -246,8 +258,12 @@
 | autoscaling.openshift.io/v1beta1
 | xref:./machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc#machineconfig-machineconfiguration-openshift-io-v1[MachineConfig]
 | machineconfiguration.openshift.io/v1
+| xref:./machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[MachineConfigNode]
+| machineconfiguration.openshift.io/v1alpha1
 | xref:./machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc#machineconfigpool-machineconfiguration-openshift-io-v1[MachineConfigPool]
 | machineconfiguration.openshift.io/v1
+| xref:./operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[MachineConfiguration]
+| operator.openshift.io/v1
 | xref:./machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc#machinehealthcheck-machine-openshift-io-v1beta1[MachineHealthCheck]
 | machine.openshift.io/v1beta1
 | xref:./machine_apis/machineset-machine-openshift-io-v1beta1.adoc#machineset-machine-openshift-io-v1beta1[MachineSet]
@@ -328,6 +344,8 @@
 | metal3.io/v1alpha1
 | xref:./schedule_and_quota_apis/priorityclass-scheduling-k8s-io-v1.adoc#priorityclass-scheduling-k8s-io-v1[PriorityClass]
 | scheduling.k8s.io/v1
+| xref:./schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[PriorityLevelConfiguration]
+| flowcontrol.apiserver.k8s.io/v1beta3
 | xref:./monitoring_apis/probe-monitoring-coreos-com-v1.adoc#probe-monitoring-coreos-com-v1[Probe]
 | monitoring.coreos.com/v1
 | xref:./node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[Profile]
@@ -384,6 +402,8 @@
 | security.openshift.io/v1
 | xref:./authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc#selfsubjectaccessreview-authorization-k8s-io-v1[SelfSubjectAccessReview]
 | authorization.k8s.io/v1
+| xref:./authorization_apis/selfsubjectreview-authentication-k8s-io-v1.adoc#selfsubjectreview-authentication-k8s-io-v1[SelfSubjectReview]
+| authentication.k8s.io/v1
 | xref:./authorization_apis/selfsubjectrulesreview-authorization-k8s-io-v1.adoc#selfsubjectrulesreview-authorization-k8s-io-v1[SelfSubjectRulesReview]
 | authorization.k8s.io/v1
 | xref:./authorization_apis/selfsubjectrulesreview-authorization-openshift-io-v1.adoc#selfsubjectrulesreview-authorization-openshift-io-v1[SelfSubjectRulesReview]
diff --git a/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc
index fcb493f1f1ea..b9d0861edcac 100644
--- a/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/containerruntimeconfig-machineconfiguration-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="containerruntimeconfig-machineconfiguration-openshift-io-v1"]
 = ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
 :toc: macro
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-ContainerRuntimeConfig describes a customized Container Runtime configuration.
+ContainerRuntimeConfig describes a customized Container Runtime configuration. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -69,18 +70,18 @@ Required::
 
 | `containerRuntimeConfig`
 | `object`
-| ContainerRuntimeConfiguration defines the tuneables of the container runtime. It's important to note that, since the fields of the ContainerRuntimeConfiguration are directly read by the upstream kubernetes golang client, the validation of those values is handled directly by that golang client which is outside of the controller for ContainerRuntimeConfiguration. Please ensure the valid values are used for those fields as invalid values may render cluster nodes unusable.
+| ContainerRuntimeConfiguration defines the tuneables of the container runtime
 
 | `machineConfigPoolSelector`
 | `object`
-| A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+| MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. A nil selector will result in no pools being selected.
 
 |===
 === .spec.containerRuntimeConfig
 Description::
 +
 --
-ContainerRuntimeConfiguration defines the tuneables of the container runtime. It's important to note that, since the fields of the ContainerRuntimeConfiguration are directly read by the upstream kubernetes golang client, the validation of those values is handled directly by that golang client which is outside of the controller for ContainerRuntimeConfiguration. Please ensure the valid values are used for those fields as invalid values may render cluster nodes unusable.
+ContainerRuntimeConfiguration defines the tuneables of the container runtime
 --
 
 Type::
@@ -102,12 +103,12 @@ Type::
 | logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.
 
 | `logSizeMax`
-| `string`
+| `integer-or-string`
 | logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.
 
 | `overlaySize`
-| `string`
-| overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images.
+| `integer-or-string`
+| overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB)
 
 | `pidsLimit`
 | `integer`
@@ -118,7 +119,7 @@ Type::
 Description::
 +
 --
-A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. A nil selector will result in no pools being selected.
 --
 
 Type::
@@ -294,14 +295,6 @@ The following API endpoints are available:
 === /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -310,46 +303,6 @@ Description::
   delete collection of ContainerRuntimeConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -369,46 +322,6 @@ Description::
   list objects of kind ContainerRuntimeConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -435,12 +348,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -478,14 +388,6 @@ Description::
 | name of the ContainerRuntimeConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -501,25 +403,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -540,16 +425,6 @@ Description::
   read the specified ContainerRuntimeConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -576,22 +451,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -617,12 +481,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -658,14 +519,6 @@ Description::
 | name of the ContainerRuntimeConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -674,16 +527,6 @@ Description::
   read status of the specified ContainerRuntimeConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -710,22 +553,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -751,12 +583,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc
index f0e01a065aa4..09a03f701955 100644
--- a/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/controllerconfig-machineconfiguration-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="controllerconfig-machineconfiguration-openshift-io-v1"]
 = ControllerConfig [machineconfiguration.openshift.io/v1]
 :toc: macro
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-ControllerConfig describes configuration for MachineConfigController. This is currently only used to drive the MachineConfig objects generated by the TemplateController.
+ControllerConfig describes configuration for MachineConfigController. This is currently only used to drive the MachineConfig objects generated by the TemplateController. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -60,13 +61,11 @@ Type::
 
 Required::
   - `baseOSContainerImage`
-  - `baseOSExtensionsContainerImage`
   - `cloudProviderConfig`
   - `clusterDNSIP`
   - `images`
   - `ipFamilies`
   - `kubeAPIServerServingCAData`
-  - `osImageURL`
   - `releaseImage`
   - `rootCAData`
 
@@ -101,21 +100,41 @@ Required::
 | clusterDNSIP is the cluster DNS IP address
 
 | `dns`
-| ``
+| `object`
 | dns holds the cluster dns details
 
 | `etcdDiscoveryDomain`
 | `string`
 | etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain instead
 
+| `imageRegistryBundleData`
+| `array`
+| imageRegistryBundleData is the ImageRegistryData
+
+| `imageRegistryBundleData[]`
+| `object`
+| ImageRegistryBundle contains information for writing image registry certificates
+
+| `imageRegistryBundleUserData`
+| `array`
+| imageRegistryBundleUserData is Image Registry Data provided by the user
+
+| `imageRegistryBundleUserData[]`
+| `object`
+| ImageRegistryBundle contains information for writing image registry certificates
+
 | `images`
 | `object (string)`
 | images is map of images that are used by the controller to render templates under ./templates/
 
 | `infra`
-| ``
+| `object`
 | infra holds the infrastructure details
 
+| `internalRegistryPullSecret`
+| ``
+| internalRegistryPullSecret is the pull secret for the internal registry, used by rpm-ostree to pull images from the internal registry if present
+
 | `ipFamilies`
 | `string`
 | ipFamilies indicates the IP families in use by the cluster network
@@ -156,6 +175,158 @@ Required::
 | `string`
 | rootCAData specifies the root CA data
 
+|===
+=== .spec.dns
+Description::
++
+--
+dns holds the cluster dns details
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+  - `kind`
+  - `apiVersion`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| apiVersion defines the versioned schema of this representation of an object. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| kind is a string value representing the type of this object. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+=== .spec.imageRegistryBundleData
+Description::
++
+--
+imageRegistryBundleData is the ImageRegistryData
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.imageRegistryBundleData[]
+Description::
++
+--
+ImageRegistryBundle contains information for writing image registry certificates
+--
+
+Type::
+  `object`
+
+Required::
+  - `data`
+  - `file`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `data`
+| `string`
+| data holds the contents of the bundle that will be written to the file location
+
+| `file`
+| `string`
+| file holds the name of the file where the bundle will be written to disk
+
+|===
+=== .spec.imageRegistryBundleUserData
+Description::
++
+--
+imageRegistryBundleUserData is Image Registry Data provided by the user
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.imageRegistryBundleUserData[]
+Description::
++
+--
+ImageRegistryBundle contains information for writing image registry certificates
+--
+
+Type::
+  `object`
+
+Required::
+  - `data`
+  - `file`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `data`
+| `string`
+| data holds the contents of the bundle that will be written to the file location
+
+| `file`
+| `string`
+| file holds the name of the file where the bundle will be written to disk
+
+|===
+=== .spec.infra
+Description::
++
+--
+infra holds the infrastructure details
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+  - `kind`
+  - `apiVersion`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| apiVersion defines the versioned schema of this representation of an object. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| kind is a string value representing the type of this object. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
 |===
 === .spec.pullSecret
 Description::
@@ -228,6 +399,14 @@ Type::
 | `object`
 | ControllerConfigStatusCondition contains condition information for ControllerConfigStatus
 
+| `controllerCertificates`
+| `array`
+| controllerCertificates represents the latest available observations of the automatically rotating certificates in the MCO.
+
+| `controllerCertificates[]`
+| `object`
+| ControllerCertificate contains info about a specific cert.
+
 | `observedGeneration`
 | `integer`
 | observedGeneration represents the generation observed by the controller.
@@ -286,6 +465,61 @@ Required::
 | `string`
 | type specifies the state of the operator's reconciliation functionality.
 
+|===
+=== .status.controllerCertificates
+Description::
++
+--
+controllerCertificates represents the latest available observations of the automatically rotating certificates in the MCO.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.controllerCertificates[]
+Description::
++
+--
+ControllerCertificate contains info about a specific cert.
+--
+
+Type::
+  `object`
+
+Required::
+  - `bundleFile`
+  - `signer`
+  - `subject`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `bundleFile`
+| `string`
+| bundleFile is the larger bundle a cert comes from
+
+| `notAfter`
+| `string`
+| notAfter is the upper boundary for validity
+
+| `notBefore`
+| `string`
+| notBefore is the lower boundary for validity
+
+| `signer`
+| `string`
+| signer is the  cert Issuer
+
+| `subject`
+| `string`
+| subject is the cert subject
+
 |===
 
 == API endpoints
@@ -310,14 +544,6 @@ The following API endpoints are available:
 === /apis/machineconfiguration.openshift.io/v1/controllerconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -326,46 +552,6 @@ Description::
   delete collection of ControllerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -385,46 +571,6 @@ Description::
   list objects of kind ControllerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -451,12 +597,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -494,14 +637,6 @@ Description::
 | name of the ControllerConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -517,25 +652,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -556,16 +674,6 @@ Description::
   read the specified ControllerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -592,22 +700,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -633,12 +730,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -674,14 +768,6 @@ Description::
 | name of the ControllerConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -690,16 +776,6 @@ Description::
   read status of the specified ControllerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -726,22 +802,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -767,12 +832,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc b/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc
index 8fe474e5087e..e2e4f7154c12 100644
--- a/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/controlplanemachineset-machine-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="controlplanemachineset-machine-openshift-io-v1"]
 = ControlPlaneMachineSet [machine.openshift.io/v1]
 :toc: macro
@@ -290,9 +290,25 @@ Required::
 | `object`
 | GCPFailureDomain configures failure domain information for the GCP platform
 
+| `nutanix`
+| `array`
+| nutanix configures failure domain information for the Nutanix platform.
+
+| `nutanix[]`
+| `object`
+| NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.
+
+| `openstack`
+| `array`
+| OpenStack configures failure domain information for the OpenStack platform.
+
+| `openstack[]`
+| `object`
+| OpenStackFailureDomain configures failure domain information for the OpenStack platform.
+
 | `platform`
 | `string`
-| Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, and GCP.
+| Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws
@@ -471,6 +487,10 @@ Required::
 |===
 | Property | Type | Description
 
+| `subnet`
+| `string`
+| subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.
+
 | `zone`
 | `string`
 | Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.
@@ -512,6 +532,110 @@ Required::
 | `string`
 | Zone is the zone in which the GCP machine provider will create the VM.
 
+|===
+=== .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.nutanix
+Description::
++
+--
+nutanix configures failure domain information for the Nutanix platform.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.nutanix[]
+Description::
++
+--
+NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.
+
+|===
+=== .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack
+Description::
++
+--
+OpenStack configures failure domain information for the OpenStack platform.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[]
+Description::
++
+--
+OpenStackFailureDomain configures failure domain information for the OpenStack platform.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `availabilityZone`
+| `string`
+| availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.
+
+| `rootVolume`
+| `object`
+| rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.
+
+|===
+=== .spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[].rootVolume
+Description::
++
+--
+rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.
+--
+
+Type::
+  `object`
+
+Required::
+  - `volumeType`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `availabilityZone`
+| `string`
+| availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.
+
+| `volumeType`
+| `string`
+| volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.
+
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.metadata
 Description::
@@ -803,11 +927,11 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.template.machines_v1beta1_machine_openshift_io.spec.providerSpec
@@ -1022,49 +1146,6 @@ The following API endpoints are available:
 === /apis/machine.openshift.io/v1/controlplanemachinesets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1086,23 +1167,7 @@ Description::
 
 === /apis/machine.openshift.io/v1/namespaces/{namespace}/controlplanemachinesets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1111,46 +1176,6 @@ Description::
   delete collection of ControlPlaneMachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1170,46 +1195,6 @@ Description::
   list objects of kind ControlPlaneMachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1236,12 +1221,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1277,19 +1259,8 @@ Description::
 | `name`
 | `string`
 | name of the ControlPlaneMachineSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1305,25 +1276,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1344,16 +1298,6 @@ Description::
   read the specified ControlPlaneMachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1380,22 +1324,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1421,12 +1354,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1460,19 +1390,8 @@ Description::
 | `name`
 | `string`
 | name of the ControlPlaneMachineSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1481,16 +1400,6 @@ Description::
   read scale of the specified ControlPlaneMachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1517,22 +1426,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1558,12 +1456,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1597,19 +1492,8 @@ Description::
 | `name`
 | `string`
 | name of the ControlPlaneMachineSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1618,16 +1502,6 @@ Description::
   read status of the specified ControlPlaneMachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1654,22 +1528,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1695,12 +1558,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc
index 0f9e21b95755..317993434c02 100644
--- a/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/kubeletconfig-machineconfiguration-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kubeletconfig-machineconfiguration-openshift-io-v1"]
 = KubeletConfig [machineconfiguration.openshift.io/v1]
 :toc: macro
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-KubeletConfig describes a customized Kubelet configuration.
+KubeletConfig describes a customized Kubelet configuration. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -67,33 +68,30 @@ Type::
 
 | `autoSizingReserved`
 | `boolean`
-| Automatically set optimal system reserved
+| 
 
 | `kubeletConfig`
 | ``
-| The fields of the kubelet configuration are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relavent kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.
+| kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.
 
 | `logLevel`
 | `integer`
-| logLevel defines the log level of the Kubelet
+| 
 
 | `machineConfigPoolSelector`
 | `object`
-| A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+| MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.
 
 | `tlsSecurityProfile`
 | `object`
-| tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. 
- If unset, the default is based on the apiservers.config.openshift.io/cluster resource. 
- Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout. 
- Note that the minimum TLS version for ingress controllers is 1.1, and the maximum TLS version is 1.2.  An implication of this restriction is that the Modern TLS profile type cannot be used because it requires TLS 1.3.
+| If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
 
 |===
 === .spec.machineConfigPoolSelector
 Description::
 +
 --
-A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.
 --
 
 Type::
@@ -169,10 +167,7 @@ Required::
 Description::
 +
 --
-tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. 
- If unset, the default is based on the apiservers.config.openshift.io/cluster resource. 
- Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout. 
- Note that the minimum TLS version for ingress controllers is 1.1, and the maximum TLS version is 1.2.  An implication of this restriction is that the Modern TLS profile type cannot be used because it requires TLS 1.3.
+If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
 --
 
 Type::
@@ -188,21 +183,21 @@ Type::
 | `custom`
 | ``
 | custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: 
-   ciphers:     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305     - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   minTLSVersion: TLSv1.1
+ ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11
 
 | `intermediate`
 | ``
 | intermediate is a TLS security profile based on: 
  https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 
  and looks like this (yaml): 
-   ciphers:     - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256     - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   minTLSVersion: TLSv1.2
+ ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12
 
 | `modern`
 | ``
 | modern is a TLS security profile based on: 
  https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility 
  and looks like this (yaml): 
-   ciphers:     - TLS_AES_128_GCM_SHA256     - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256   minTLSVersion: TLSv1.3 
+ ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 
  NOTE: Currently unsupported.
 
 | `old`
@@ -210,7 +205,7 @@ Type::
 | old is a TLS security profile based on: 
  https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility 
  and looks like this (yaml): 
-   ciphers:     - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256     - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256     - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256     - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     - TLS_RSA_WITH_AES_128_GCM_SHA256     - TLS_RSA_WITH_AES_256_GCM_SHA384     - TLS_RSA_WITH_AES_128_CBC_SHA256     - TLS_RSA_WITH_AES_128_CBC_SHA     - TLS_RSA_WITH_AES_256_CBC_SHA     - TLS_RSA_WITH_3DES_EDE_CBC_SHA   minTLSVersion: TLSv1.0
+ ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10
 
 | `type`
 | `string`
@@ -324,14 +319,6 @@ The following API endpoints are available:
 === /apis/machineconfiguration.openshift.io/v1/kubeletconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -340,46 +327,6 @@ Description::
   delete collection of KubeletConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -399,46 +346,6 @@ Description::
   list objects of kind KubeletConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -465,12 +372,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -508,14 +412,6 @@ Description::
 | name of the KubeletConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -531,25 +427,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -570,16 +449,6 @@ Description::
   read the specified KubeletConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -606,22 +475,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -647,12 +505,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -688,14 +543,6 @@ Description::
 | name of the KubeletConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -704,16 +551,6 @@ Description::
   read status of the specified KubeletConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -740,22 +577,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -781,12 +607,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/machine-apis-index.adoc b/rest_api/machine_apis/machine-apis-index.adoc
index e8771989a1e7..922dd8fa568b 100644
--- a/rest_api/machine_apis/machine-apis-index.adoc
+++ b/rest_api/machine_apis/machine-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machine-apis"]
 = Machine APIs
 :toc: macro
@@ -12,7 +12,8 @@ toc::[]
 Description::
 +
 --
-ContainerRuntimeConfig describes a customized Container Runtime configuration.
+ContainerRuntimeConfig describes a customized Container Runtime configuration. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -23,7 +24,8 @@ Type::
 Description::
 +
 --
-ControllerConfig describes configuration for MachineConfigController. This is currently only used to drive the MachineConfig objects generated by the TemplateController.
+ControllerConfig describes configuration for MachineConfigController. This is currently only used to drive the MachineConfig objects generated by the TemplateController. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -45,29 +47,43 @@ Type::
 Description::
 +
 --
-KubeletConfig describes a customized Kubelet configuration.
+KubeletConfig describes a customized Kubelet configuration. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
   `object`
 
-== MachineConfigPool [machineconfiguration.openshift.io/v1]
+== MachineConfig [machineconfiguration.openshift.io/v1]
 
 Description::
 +
 --
-MachineConfigPool describes a pool of MachineConfigs.
+MachineConfig defines the configuration for a machine 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
   `object`
 
-== MachineConfig [machineconfiguration.openshift.io/v1]
+== MachineConfigNode [machineconfiguration.openshift.io/v1alpha1]
+
+Description::
++
+--
+MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+--
+
+Type::
+  `object`
+
+== MachineConfigPool [machineconfiguration.openshift.io/v1]
 
 Description::
 +
 --
-MachineConfig defines the configuration for a machine
+MachineConfigPool describes a pool of MachineConfigs. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc
index 32508ac5bdc0..de82a5bc5d5b 100644
--- a/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc
+++ b/rest_api/machine_apis/machine-machine-openshift-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machine-machine-openshift-io-v1beta1"]
 = Machine [machine.openshift.io/v1beta1]
 :toc: macro
@@ -308,11 +308,11 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.providerSpec
@@ -655,49 +655,6 @@ The following API endpoints are available:
 === /apis/machine.openshift.io/v1beta1/machines
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -719,23 +676,7 @@ Description::
 
 === /apis/machine.openshift.io/v1beta1/namespaces/{namespace}/machines
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -744,46 +685,6 @@ Description::
   delete collection of Machine
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -803,46 +704,6 @@ Description::
   list objects of kind Machine
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -869,12 +730,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -910,19 +768,8 @@ Description::
 | `name`
 | `string`
 | name of the Machine
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -938,25 +785,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -977,16 +807,6 @@ Description::
   read the specified Machine
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1013,22 +833,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1054,12 +863,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1093,19 +899,8 @@ Description::
 | `name`
 | `string`
 | name of the Machine
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1114,16 +909,6 @@ Description::
   read status of the specified Machine
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1150,22 +935,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1191,12 +965,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc
index 3834d8542140..4d8481ffb48c 100644
--- a/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/machineconfig-machineconfiguration-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machineconfig-machineconfiguration-openshift-io-v1"]
 = MachineConfig [machineconfiguration.openshift.io/v1]
 :toc: macro
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-MachineConfig defines the configuration for a machine
+MachineConfig defines the configuration for a machine 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -61,31 +62,31 @@ Type::
 
 | `baseOSExtensionsContainerImage`
 | `string`
-| baseOSExtensionsContainerImage specifies the remote location that will be used to fetch the extensions container matching a new-format OS image
+| BaseOSExtensionsContainerImage specifies the remote location that will be used to fetch the extensions container matching a new-format OS image
 
 | `config`
 | ``
 | Config is a Ignition Config object.
 
 | `extensions`
-| ``
-| List of additional features that can be enabled on host
+| `array (string)`
+| extensions contains a list of additional features that can be enabled on host
 
 | `fips`
 | `boolean`
-| FIPS controls FIPS mode
+| fips controls FIPS mode
 
 | `kernelArguments`
 | ``
-| KernelArguments contains a list of kernel arguments to be added
+| kernelArguments contains a list of kernel arguments to be added
 
 | `kernelType`
 | `string`
-| Contains which kernel we want to be running like default (traditional), realtime
+| kernelType contains which kernel we want to be running like default (traditional), realtime, 64k-pages (aarch64 only).
 
 | `osImageURL`
 | `string`
-| OSImageURL specifies the remote location that will be used to fetch the OS
+| OSImageURL specifies the remote location that will be used to fetch the OS.
 
 |===
 
@@ -107,14 +108,6 @@ The following API endpoints are available:
 === /apis/machineconfiguration.openshift.io/v1/machineconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -123,46 +116,6 @@ Description::
   delete collection of MachineConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -182,46 +135,6 @@ Description::
   list objects of kind MachineConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -248,12 +161,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -291,14 +201,6 @@ Description::
 | name of the MachineConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -314,25 +216,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -353,16 +238,6 @@ Description::
   read the specified MachineConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -389,22 +264,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -430,12 +294,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc b/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc
new file mode 100644
index 000000000000..355b706fd648
--- /dev/null
+++ b/rest_api/machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc
@@ -0,0 +1,623 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="machineconfignode-machineconfiguration-openshift-io-v1alpha1"]
+= MachineConfigNode [machineconfiguration.openshift.io/v1alpha1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec describes the configuration of the machine config node.
+
+| `status`
+| `object`
+| status describes the last observed state of this machine config node.
+
+|===
+=== .spec
+Description::
++
+--
+spec describes the configuration of the machine config node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `configVersion`
+  - `node`
+  - `pool`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configVersion`
+| `object`
+| configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config.
+
+| `node`
+| `object`
+| node contains a reference to the node for this machine config node.
+
+| `pool`
+| `object`
+| pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.
+
+|===
+=== .spec.configVersion
+Description::
++
+--
+configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config.
+--
+
+Type::
+  `object`
+
+Required::
+  - `desired`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `desired`
+| `string`
+| desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.
+
+|===
+=== .spec.node
+Description::
++
+--
+node contains a reference to the node for this machine config node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.
+
+|===
+=== .spec.pool
+Description::
++
+--
+pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.
+
+|===
+=== .status
+Description::
++
+--
+status describes the last observed state of this machine config node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `configVersion`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| conditions represent the observations of a machine config node's current state.
+
+| `conditions[]`
+| `object`
+| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
+ type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
+ // other fields }
+
+| `configVersion`
+| `object`
+| configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions represent the observations of a machine config node's current state.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
+ type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
+ // other fields }
+--
+
+Type::
+  `object`
+
+Required::
+  - `lastTransitionTime`
+  - `message`
+  - `reason`
+  - `status`
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+
+| `message`
+| `string`
+| message is a human readable message indicating details about the transition. This may be an empty string.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+
+| `reason`
+| `string`
+| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+
+| `status`
+| `string`
+| status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+
+|===
+=== .status.configVersion
+Description::
++
+--
+configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists.
+--
+
+Type::
+  `object`
+
+Required::
+  - `desired`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `current`
+| `string`
+| current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.
+
+| `desired`
+| `string`
+| desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes`
+- `DELETE`: delete collection of MachineConfigNode
+- `GET`: list objects of kind MachineConfigNode
+- `POST`: create a MachineConfigNode
+* `/apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}`
+- `DELETE`: delete a MachineConfigNode
+- `GET`: read the specified MachineConfigNode
+- `PATCH`: partially update the specified MachineConfigNode
+- `PUT`: replace the specified MachineConfigNode
+* `/apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}/status`
+- `GET`: read status of the specified MachineConfigNode
+- `PATCH`: partially update status of the specified MachineConfigNode
+- `PUT`: replace status of the specified MachineConfigNode
+
+
+=== /apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of MachineConfigNode
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind MachineConfigNode
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.machineconfiguration.v1alpha1.MachineConfigNodeList[`MachineConfigNodeList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a MachineConfigNode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 201 - Created
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 202 - Accepted
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the MachineConfigNode
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a MachineConfigNode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified MachineConfigNode
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified MachineConfigNode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified MachineConfigNode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 201 - Created
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/machineconfiguration.openshift.io/v1alpha1/machineconfignodes/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the MachineConfigNode
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified MachineConfigNode
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified MachineConfigNode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified MachineConfigNode
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 201 - Created
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`MachineConfigNode`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc
index aba4885017c1..00c6cff354da 100644
--- a/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc
+++ b/rest_api/machine_apis/machineconfigpool-machineconfiguration-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machineconfigpool-machineconfiguration-openshift-io-v1"]
 = MachineConfigPool [machineconfiguration.openshift.io/v1]
 :toc: macro
@@ -11,12 +11,15 @@ toc::[]
 Description::
 +
 --
-MachineConfigPool describes a pool of MachineConfigs.
+MachineConfigPool describes a pool of MachineConfigs. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
   `object`
 
+Required::
+  - `spec`
 
 
 == Specification
@@ -73,7 +76,8 @@ Type::
 
 | `maxUnavailable`
 | `integer-or-string`
-| maxUnavailable defines either an integer number or percentage of nodes in the corresponding pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1. A value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.
+| maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1. 
+ A value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.
 
 | `nodeSelector`
 | `object`
@@ -131,7 +135,8 @@ Type::
 
 | `source[]`
 | `object`
-| ObjectReference contains enough information to let you inspect or modify the referred object.
+| ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
+ Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
 
 | `uid`
 | `string`
@@ -155,7 +160,8 @@ Type::
 Description::
 +
 --
-ObjectReference contains enough information to let you inspect or modify the referred object.
+ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
+ Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
 --
 
 Type::
@@ -366,6 +372,14 @@ Type::
 |===
 | Property | Type | Description
 
+| `certExpirys`
+| `array`
+| certExpirys keeps track of important certificate expiration data
+
+| `certExpirys[]`
+| `object`
+| ceryExpiry contains the bundle name and the expiry date
+
 | `conditions`
 | `array`
 | conditions represents the latest available observations of current state.
@@ -402,6 +416,52 @@ Type::
 | `integer`
 | updatedMachineCount represents the total number of machines targeted by the pool that have the CurrentMachineConfig as their config.
 
+|===
+=== .status.certExpirys
+Description::
++
+--
+certExpirys keeps track of important certificate expiration data
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.certExpirys[]
+Description::
++
+--
+ceryExpiry contains the bundle name and the expiry date
+--
+
+Type::
+  `object`
+
+Required::
+  - `bundle`
+  - `subject`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `bundle`
+| `string`
+| bundle is the name of the bundle in which the subject certificate resides
+
+| `expiry`
+| `string`
+| expiry is the date after which the certificate will no longer be valid
+
+| `subject`
+| `string`
+| subject is the subject of the certificate
+
 |===
 === .status.conditions
 Description::
@@ -501,7 +561,8 @@ Type::
 
 | `source[]`
 | `object`
-| ObjectReference contains enough information to let you inspect or modify the referred object.
+| ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
+ Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
 
 | `uid`
 | `string`
@@ -525,7 +586,8 @@ Type::
 Description::
 +
 --
-ObjectReference contains enough information to let you inspect or modify the referred object.
+ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". Those cannot be well described when embedded. 3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control. 
+ Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
 --
 
 Type::
@@ -590,14 +652,6 @@ The following API endpoints are available:
 === /apis/machineconfiguration.openshift.io/v1/machineconfigpools
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -606,46 +660,6 @@ Description::
   delete collection of MachineConfigPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -665,46 +679,6 @@ Description::
   list objects of kind MachineConfigPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -731,12 +705,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -774,14 +745,6 @@ Description::
 | name of the MachineConfigPool
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -797,25 +760,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -836,16 +782,6 @@ Description::
   read the specified MachineConfigPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -872,22 +808,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -913,12 +838,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -954,14 +876,6 @@ Description::
 | name of the MachineConfigPool
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -970,16 +884,6 @@ Description::
   read status of the specified MachineConfigPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1006,22 +910,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1047,12 +940,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc
index 73cdfd730ed8..ae3f10772515 100644
--- a/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc
+++ b/rest_api/machine_apis/machinehealthcheck-machine-openshift-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machinehealthcheck-machine-openshift-io-v1beta1"]
 = MachineHealthCheck [machine.openshift.io/v1beta1]
 :toc: macro
@@ -373,49 +373,6 @@ The following API endpoints are available:
 === /apis/machine.openshift.io/v1beta1/machinehealthchecks
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -437,23 +394,7 @@ Description::
 
 === /apis/machine.openshift.io/v1beta1/namespaces/{namespace}/machinehealthchecks
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -462,46 +403,6 @@ Description::
   delete collection of MachineHealthCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -521,46 +422,6 @@ Description::
   list objects of kind MachineHealthCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -587,12 +448,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -628,19 +486,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineHealthCheck
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -656,25 +503,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -695,16 +525,6 @@ Description::
   read the specified MachineHealthCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -731,22 +551,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -772,12 +581,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -811,19 +617,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineHealthCheck
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -832,16 +627,6 @@ Description::
   read status of the specified MachineHealthCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -868,22 +653,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -909,12 +683,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc
index bc8f4dad3148..38051efdbe02 100644
--- a/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc
+++ b/rest_api/machine_apis/machineset-machine-openshift-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="machineset-machine-openshift-io-v1beta1"]
 = MachineSet [machine.openshift.io/v1beta1]
 :toc: macro
@@ -288,11 +288,11 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.template.spec
@@ -557,11 +557,11 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `uid`
 | `string`
-| UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+| UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 === .spec.template.spec.providerSpec
@@ -713,49 +713,6 @@ The following API endpoints are available:
 === /apis/machine.openshift.io/v1beta1/machinesets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -777,23 +734,7 @@ Description::
 
 === /apis/machine.openshift.io/v1beta1/namespaces/{namespace}/machinesets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -802,46 +743,6 @@ Description::
   delete collection of MachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -861,46 +762,6 @@ Description::
   list objects of kind MachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -927,12 +788,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -968,19 +826,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -996,25 +843,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1035,16 +865,6 @@ Description::
   read the specified MachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1071,22 +891,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1112,12 +921,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1151,19 +957,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1172,16 +967,6 @@ Description::
   read scale of the specified MachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1208,22 +993,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1249,12 +1023,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1288,19 +1059,8 @@ Description::
 | `name`
 | `string`
 | name of the MachineSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1309,16 +1069,6 @@ Description::
   read status of the specified MachineSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1345,22 +1095,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1386,12 +1125,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc b/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc
index 8552baae4b74..6a064725b5da 100644
--- a/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc
+++ b/rest_api/metadata_apis/apirequestcount-apiserver-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="apirequestcount-apiserver-openshift-io-v1"]
 = APIRequestCount [apiserver.openshift.io/v1]
 :toc: macro
@@ -552,14 +552,6 @@ The following API endpoints are available:
 === /apis/apiserver.openshift.io/v1/apirequestcounts
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -568,46 +560,6 @@ Description::
   delete collection of APIRequestCount
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -627,46 +579,6 @@ Description::
   list objects of kind APIRequestCount
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -693,12 +605,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -736,14 +645,6 @@ Description::
 | name of the APIRequestCount
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -759,25 +660,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -798,16 +682,6 @@ Description::
   read the specified APIRequestCount
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -834,22 +708,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -875,12 +738,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -916,14 +776,6 @@ Description::
 | name of the APIRequestCount
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -932,16 +784,6 @@ Description::
   read status of the specified APIRequestCount
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -968,22 +810,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1009,12 +840,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/metadata_apis/binding-v1.adoc b/rest_api/metadata_apis/binding-v1.adoc
index cfe2860a2189..abcae984ce59 100644
--- a/rest_api/metadata_apis/binding-v1.adoc
+++ b/rest_api/metadata_apis/binding-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="binding-v1"]
 = Binding [v1]
 :toc: macro
@@ -103,14 +103,6 @@ The following API endpoints are available:
 
 === /api/v1/namespaces/{namespace}/bindings
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -119,15 +111,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
@@ -171,9 +157,6 @@ Description::
 | `name`
 | `string`
 | name of the Binding
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -183,15 +166,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/metadata_apis/componentstatus-v1.adoc b/rest_api/metadata_apis/componentstatus-v1.adoc
index 0247c355a1b8..bcb689a4e83d 100644
--- a/rest_api/metadata_apis/componentstatus-v1.adoc
+++ b/rest_api/metadata_apis/componentstatus-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="componentstatus-v1"]
 = ComponentStatus [v1]
 :toc: macro
@@ -110,49 +110,6 @@ The following API endpoints are available:
 === /api/v1/componentstatuses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -183,14 +140,6 @@ Description::
 | name of the ComponentStatus
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/metadata_apis/configmap-v1.adoc b/rest_api/metadata_apis/configmap-v1.adoc
index fb4f1cff7217..603848aec030 100644
--- a/rest_api/metadata_apis/configmap-v1.adoc
+++ b/rest_api/metadata_apis/configmap-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configmap-v1"]
 = ConfigMap [v1]
 :toc: macro
@@ -77,49 +77,6 @@ The following API endpoints are available:
 === /api/v1/configmaps
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -142,49 +99,6 @@ Description::
 === /api/v1/watch/configmaps
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -206,23 +120,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/configmaps
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -235,57 +133,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -304,46 +156,6 @@ Description::
   list or watch objects of kind ConfigMap
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -370,12 +182,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -404,58 +213,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/configmaps
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -484,19 +242,8 @@ Description::
 | `name`
 | `string`
 | name of the ConfigMap
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -512,25 +259,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -575,25 +305,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -621,12 +337,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -660,54 +373,8 @@ Description::
 | `name`
 | `string`
 | name of the ConfigMap
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/metadata_apis/controllerrevision-apps-v1.adoc b/rest_api/metadata_apis/controllerrevision-apps-v1.adoc
index 1aa439b3632b..fe5acd743b50 100644
--- a/rest_api/metadata_apis/controllerrevision-apps-v1.adoc
+++ b/rest_api/metadata_apis/controllerrevision-apps-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="controllerrevision-apps-v1"]
 = ControllerRevision [apps/v1]
 :toc: macro
@@ -75,49 +75,6 @@ The following API endpoints are available:
 === /apis/apps/v1/controllerrevisions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -140,49 +97,6 @@ Description::
 === /apis/apps/v1/watch/controllerrevisions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -204,23 +118,7 @@ Description::
 
 === /apis/apps/v1/namespaces/{namespace}/controllerrevisions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -233,57 +131,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -302,46 +154,6 @@ Description::
   list or watch objects of kind ControllerRevision
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -368,12 +180,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -402,58 +211,7 @@ Description::
 
 === /apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -482,19 +240,8 @@ Description::
 | `name`
 | `string`
 | name of the ControllerRevision
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -510,25 +257,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -573,25 +303,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -619,12 +335,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -658,54 +371,8 @@ Description::
 | `name`
 | `string`
 | name of the ControllerRevision
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/metadata_apis/event-events-k8s-io-v1.adoc b/rest_api/metadata_apis/event-events-k8s-io-v1.adoc
index 5decd64aea5c..4c6b89a95e06 100644
--- a/rest_api/metadata_apis/event-events-k8s-io-v1.adoc
+++ b/rest_api/metadata_apis/event-events-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="event-events-k8s-io-v1"]
 = Event [events.k8s.io/v1]
 :toc: macro
@@ -152,49 +152,6 @@ The following API endpoints are available:
 === /apis/events.k8s.io/v1/events
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -217,49 +174,6 @@ Description::
 === /apis/events.k8s.io/v1/watch/events
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -281,23 +195,7 @@ Description::
 
 === /apis/events.k8s.io/v1/namespaces/{namespace}/events
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -310,57 +208,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -379,46 +231,6 @@ Description::
   list or watch objects of kind Event
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -445,12 +257,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -479,58 +288,7 @@ Description::
 
 === /apis/events.k8s.io/v1/watch/namespaces/{namespace}/events
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -559,19 +317,8 @@ Description::
 | `name`
 | `string`
 | name of the Event
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -587,25 +334,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -650,25 +380,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -696,12 +412,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -735,54 +448,8 @@ Description::
 | `name`
 | `string`
 | name of the Event
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/metadata_apis/event-v1.adoc b/rest_api/metadata_apis/event-v1.adoc
index 0b8d0f513b30..0c934ef37e2a 100644
--- a/rest_api/metadata_apis/event-v1.adoc
+++ b/rest_api/metadata_apis/event-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="event-v1"]
 = Event [v1]
 :toc: macro
@@ -268,49 +268,6 @@ The following API endpoints are available:
 === /api/v1/events
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -333,49 +290,6 @@ Description::
 === /api/v1/watch/events
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -397,23 +311,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/events
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -426,57 +324,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -495,46 +347,6 @@ Description::
   list or watch objects of kind Event
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -561,12 +373,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -595,58 +404,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/events
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -675,19 +433,8 @@ Description::
 | `name`
 | `string`
 | name of the Event
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -703,25 +450,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -766,25 +496,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -812,12 +528,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -851,54 +564,8 @@ Description::
 | `name`
 | `string`
 | name of the Event
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc b/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc
index 75fa5f15e1c3..91c07949d02d 100644
--- a/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc
+++ b/rest_api/metadata_apis/lease-coordination-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="lease-coordination-k8s-io-v1"]
 = Lease [coordination.k8s.io/v1]
 :toc: macro
@@ -69,7 +69,7 @@ Type::
 
 | `leaseDurationSeconds`
 | `integer`
-| leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed RenewTime.
+| leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed renewTime.
 
 | `leaseTransitions`
 | `integer`
@@ -107,49 +107,6 @@ The following API endpoints are available:
 === /apis/coordination.k8s.io/v1/leases
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -172,49 +129,6 @@ Description::
 === /apis/coordination.k8s.io/v1/watch/leases
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -236,23 +150,7 @@ Description::
 
 === /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -265,57 +163,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -334,46 +186,6 @@ Description::
   list or watch objects of kind Lease
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -400,12 +212,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -434,58 +243,7 @@ Description::
 
 === /apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -514,19 +272,8 @@ Description::
 | `name`
 | `string`
 | name of the Lease
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -542,25 +289,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -605,25 +335,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -651,12 +367,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -690,54 +403,8 @@ Description::
 | `name`
 | `string`
 | name of the Lease
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/metadata_apis/metadata-apis-index.adoc b/rest_api/metadata_apis/metadata-apis-index.adoc
index ceae958e6f28..8643ec26cc18 100644
--- a/rest_api/metadata_apis/metadata-apis-index.adoc
+++ b/rest_api/metadata_apis/metadata-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metadata-apis"]
 = Metadata APIs
 :toc: macro
diff --git a/rest_api/metadata_apis/namespace-v1.adoc b/rest_api/metadata_apis/namespace-v1.adoc
index 314706053129..4addc665c949 100644
--- a/rest_api/metadata_apis/namespace-v1.adoc
+++ b/rest_api/metadata_apis/namespace-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="namespace-v1"]
 = Namespace [v1]
 :toc: macro
@@ -184,14 +184,6 @@ The following API endpoints are available:
 === /api/v1/namespaces
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -200,46 +192,6 @@ Description::
   list or watch objects of kind Namespace
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -266,12 +218,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -301,49 +250,6 @@ Description::
 === /api/v1/watch/namespaces
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -374,14 +280,6 @@ Description::
 | name of the Namespace
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -397,25 +295,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -460,25 +341,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -506,12 +373,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -547,49 +411,6 @@ Description::
 | name of the Namespace
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -620,14 +441,6 @@ Description::
 | name of the Namespace
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -660,25 +473,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -706,12 +505,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -754,15 +550,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc b/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc
new file mode 100644
index 000000000000..a663a7043286
--- /dev/null
+++ b/rest_api/monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc
@@ -0,0 +1,600 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="alertingrule-monitoring-openshift-io-v1"]
+= AlertingRule [monitoring.openshift.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules.  This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace.  You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage. 
+ The API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator.  The primary difference being that recording rules are not allowed here -- only alerting rules.  For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace.  OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly. 
+ You can find upstream API documentation for PrometheusRule resources here: 
+ https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec describes the desired state of this AlertingRule object.
+
+| `status`
+| `object`
+| status describes the current state of this AlertOverrides object.
+
+|===
+=== .spec
+Description::
++
+--
+spec describes the desired state of this AlertingRule object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `groups`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `groups`
+| `array`
+| groups is a list of grouped alerting rules.  Rule groups are the unit at which Prometheus parallelizes rule processing.  All rules in a single group share a configured evaluation interval.  All rules in the group will be processed together on this interval, sequentially, and all rules will be processed. 
+ It's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups.  You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.
+
+| `groups[]`
+| `object`
+| RuleGroup is a list of sequentially evaluated alerting rules.
+
+|===
+=== .spec.groups
+Description::
++
+--
+groups is a list of grouped alerting rules.  Rule groups are the unit at which Prometheus parallelizes rule processing.  All rules in a single group share a configured evaluation interval.  All rules in the group will be processed together on this interval, sequentially, and all rules will be processed. 
+ It's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups.  You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.groups[]
+Description::
++
+--
+RuleGroup is a list of sequentially evaluated alerting rules.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `rules`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `interval`
+| `string`
+| interval is how often rules in the group are evaluated.  If not specified, it defaults to the global.evaluation_interval configured in Prometheus, which itself defaults to 30 seconds.  You can check if this value has been modified from the default on your cluster by inspecting the platform Prometheus configuration: The relevant field in that resource is: spec.evaluationInterval
+
+| `name`
+| `string`
+| name is the name of the group.
+
+| `rules`
+| `array`
+| rules is a list of sequentially evaluated alerting rules.  Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.
+
+| `rules[]`
+| `object`
+| Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules
+
+|===
+=== .spec.groups[].rules
+Description::
++
+--
+rules is a list of sequentially evaluated alerting rules.  Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.groups[].rules[]
+Description::
++
+--
+Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules
+--
+
+Type::
+  `object`
+
+Required::
+  - `alert`
+  - `expr`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `alert`
+| `string`
+| alert is the name of the alert. Must be a valid label value, i.e. may contain any Unicode character.
+
+| `annotations`
+| `object (string)`
+| annotations to add to each alert.  These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links.
+
+| `expr`
+| `integer-or-string`
+| expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts.  This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple "1" if the intent is to create an alert that is always firing.  This is sometimes used to create an always-firing "Watchdog" alert in order to ensure the alerting pipeline is functional.
+
+| `for`
+| `string`
+| for is the time period after which alerts are considered firing after first returning results.  Alerts which have not yet fired for long enough are considered pending.
+
+| `labels`
+| `object (string)`
+| labels to add or overwrite for each alert.  The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value.  These should typically be short identifying values that may be useful to query against.  A common example is the alert severity, where one sets `severity: warning` under the `labels` key:
+
+|===
+=== .status
+Description::
++
+--
+status describes the current state of this AlertOverrides object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `observedGeneration`
+| `integer`
+| observedGeneration is the last generation change you've dealt with.
+
+| `prometheusRule`
+| `object`
+| prometheusRule is the generated PrometheusRule for this AlertingRule.  Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.
+
+|===
+=== .status.prometheusRule
+Description::
++
+--
+prometheusRule is the generated PrometheusRule for this AlertingRule.  Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name of the referenced PrometheusRule.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/monitoring.openshift.io/v1/alertingrules`
+- `GET`: list objects of kind AlertingRule
+* `/apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertingrules`
+- `DELETE`: delete collection of AlertingRule
+- `GET`: list objects of kind AlertingRule
+- `POST`: create an AlertingRule
+* `/apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertingrules/{name}`
+- `DELETE`: delete an AlertingRule
+- `GET`: read the specified AlertingRule
+- `PATCH`: partially update the specified AlertingRule
+- `PUT`: replace the specified AlertingRule
+* `/apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertingrules/{name}/status`
+- `GET`: read status of the specified AlertingRule
+- `PATCH`: partially update status of the specified AlertingRule
+- `PUT`: replace status of the specified AlertingRule
+
+
+=== /apis/monitoring.openshift.io/v1/alertingrules
+
+
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind AlertingRule
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.monitoring.v1.AlertingRuleList[`AlertingRuleList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertingrules
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of AlertingRule
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind AlertingRule
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.monitoring.v1.AlertingRuleList[`AlertingRuleList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an AlertingRule
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 201 - Created
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 202 - Accepted
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertingrules/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the AlertingRule
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an AlertingRule
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified AlertingRule
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified AlertingRule
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified AlertingRule
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 201 - Created
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertingrules/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the AlertingRule
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified AlertingRule
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified AlertingRule
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified AlertingRule
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 201 - Created
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`AlertingRule`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc
index 3436833164e1..ce0139c0fdcc 100644
--- a/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="alertmanager-monitoring-coreos-com-v1"]
 = Alertmanager [monitoring.coreos.com/v1]
 :toc: macro
@@ -89,6 +89,10 @@ Type::
 | `object`
 | EXPERIMENTAL: alertmanagerConfiguration specifies the configuration of Alertmanager. If defined, it takes precedence over the `configSecret` field. This field may change in future releases.
 
+| `automountServiceAccountToken`
+| `boolean`
+| AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.
+
 | `baseImage`
 | `string`
 | Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead
@@ -193,7 +197,8 @@ Type::
 
 | `podMetadata`
 | `object`
-| PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.
+| PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. 
+ The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "alertmanager". * "app.kubernetes.io/version" label, set to the Alertmanager version. * "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager".
 
 | `portName`
 | `string`
@@ -1838,10 +1843,30 @@ Type::
 | `object`
 | HTTP client configuration.
 
+| `opsGenieApiKey`
+| `object`
+| The default OpsGenie API Key.
+
+| `opsGenieApiUrl`
+| `object`
+| The default OpsGenie API URL.
+
+| `pagerdutyUrl`
+| `string`
+| The default Pagerduty URL.
+
 | `resolveTimeout`
 | `string`
 | ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt.
 
+| `slackApiUrl`
+| `object`
+| The default Slack API URL.
+
+| `smtp`
+| `object`
+| Configures global SMTP parameters.
+
 |===
 === .spec.alertmanagerConfiguration.global.httpConfig
 Description::
@@ -1908,18 +1933,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.alertmanagerConfiguration.global.httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -1966,18 +1993,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.alertmanagerConfiguration.global.httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -2009,7 +2036,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -2092,30 +2119,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.alertmanagerConfiguration.global.httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -2205,7 +2232,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -2482,6 +2509,245 @@ Required::
 | `boolean`
 | Specify whether the Secret or its key must be defined
 
+|===
+=== .spec.alertmanagerConfiguration.global.opsGenieApiKey
+Description::
++
+--
+The default OpsGenie API Key.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.opsGenieApiUrl
+Description::
++
+--
+The default OpsGenie API URL.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.slackApiUrl
+Description::
++
+--
+The default Slack API URL.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.smtp
+Description::
++
+--
+Configures global SMTP parameters.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `authIdentity`
+| `string`
+| SMTP Auth using PLAIN
+
+| `authPassword`
+| `object`
+| SMTP Auth using LOGIN and PLAIN.
+
+| `authSecret`
+| `object`
+| SMTP Auth using CRAM-MD5.
+
+| `authUsername`
+| `string`
+| SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server.
+
+| `from`
+| `string`
+| The default SMTP From header field.
+
+| `hello`
+| `string`
+| The default hostname to identify to the SMTP server.
+
+| `requireTLS`
+| `boolean`
+| The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.
+
+| `smartHost`
+| `object`
+| The default SMTP smarthost used for sending emails.
+
+|===
+=== .spec.alertmanagerConfiguration.global.smtp.authPassword
+Description::
++
+--
+SMTP Auth using LOGIN and PLAIN.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.smtp.authSecret
+Description::
++
+--
+SMTP Auth using CRAM-MD5.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alertmanagerConfiguration.global.smtp.smartHost
+Description::
++
+--
+The default SMTP smarthost used for sending emails.
+--
+
+Type::
+  `object`
+
+Required::
+  - `host`
+  - `port`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| Defines the host's address, it can be a DNS name or a literal IP address.
+
+| `port`
+| `string`
+| Defines the host's port, it can be a literal port number or a port name.
+
 |===
 === .spec.alertmanagerConfiguration.templates
 Description::
@@ -2674,10 +2940,22 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@@ -3182,7 +3460,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3348,7 +3626,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3410,7 +3688,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -3467,7 +3745,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -3571,7 +3849,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3686,7 +3964,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -3743,7 +4021,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -3847,7 +4125,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3881,6 +4159,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.containers[].resources
 Description::
@@ -3903,7 +4223,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -3915,7 +4235,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.containers[].resources.claims
@@ -3924,7 +4244,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -4100,7 +4420,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -4135,7 +4455,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -4169,7 +4489,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4226,7 +4546,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4330,7 +4650,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4630,10 +4950,22 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@@ -5138,7 +5470,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5304,7 +5636,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5366,7 +5698,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5423,7 +5755,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -5527,7 +5859,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5642,7 +5974,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5699,7 +6031,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -5803,7 +6135,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5837,6 +6169,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.initContainers[].resources
 Description::
@@ -5859,7 +6233,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -5871,7 +6245,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.initContainers[].resources.claims
@@ -5880,7 +6254,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -6056,7 +6430,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6091,7 +6465,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6125,7 +6499,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6182,7 +6556,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6286,7 +6660,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6425,7 +6799,8 @@ Required::
 Description::
 +
 --
-PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.
+PodMetadata configures labels and annotations which are propagated to the Alertmanager pods. 
+ The following items are reserved and cannot be overridden: * "alertmanager" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/instance" label, set to the name of the Alertmanager instance. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "alertmanager". * "app.kubernetes.io/version" label, set to the Alertmanager version. * "kubectl.kubernetes.io/default-container" annotation, set to "alertmanager".
 --
 
 Type::
@@ -6472,7 +6847,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -6484,7 +6859,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.resources.claims
@@ -6493,7 +6868,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -6645,7 +7020,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6722,7 +7097,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6748,26 +7123,26 @@ Type::
 
 | `disableMountSubPath`
 | `boolean`
-| Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.
+| *Deprecated: subPath usage will be removed in a future release.*
 
 | `emptyDir`
 | `object`
-| EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+| EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
 
 | `ephemeral`
 | `object`
-| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
+| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
 
 | `volumeClaimTemplate`
 | `object`
-| A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes.
+| Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
 
 |===
 === .spec.storage.emptyDir
 Description::
 +
 --
-EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
 --
 
 Type::
@@ -6786,14 +7161,14 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.storage.ephemeral
 Description::
 +
 --
-EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
+EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
 --
 
 Type::
@@ -6999,7 +7374,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -7011,7 +7386,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -7020,7 +7395,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -7133,7 +7508,7 @@ Required::
 Description::
 +
 --
-A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes.
+Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
 --
 
 Type::
@@ -7160,11 +7535,11 @@ Type::
 
 | `spec`
 | `object`
-| Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+| Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 
 | `status`
 | `object`
-| Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+| *Deprecated: this field is never set.*
 
 |===
 === .spec.storage.volumeClaimTemplate.metadata
@@ -7201,7 +7576,7 @@ Type::
 Description::
 +
 --
-Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 --
 
 Type::
@@ -7338,7 +7713,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -7350,7 +7725,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.storage.volumeClaimTemplate.spec.resources.claims
@@ -7359,7 +7734,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -7472,7 +7847,7 @@ Required::
 Description::
 +
 --
-Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+*Deprecated: this field is never set.*
 --
 
 Type::
@@ -7489,9 +7864,19 @@ Type::
 | `array (string)`
 | accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 
+| `allocatedResourceStatuses`
+| `object (string)`
+| allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. 
+ ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. 
+ A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. 
+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
 | `allocatedResources`
 | `integer-or-string`
-| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+| allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. 
+ Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. 
+ A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. 
+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
 | `integer-or-string`
@@ -7503,16 +7888,12 @@ Type::
 
 | `conditions[]`
 | `object`
-| PersistentVolumeClaimCondition contails details about state of pvc
+| PersistentVolumeClaimCondition contains details about state of pvc
 
 | `phase`
 | `string`
 | phase represents the current phase of PersistentVolumeClaim.
 
-| `resizeStatus`
-| `string`
-| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
-
 |===
 === .spec.storage.volumeClaimTemplate.status.conditions
 Description::
@@ -7531,7 +7912,7 @@ Type::
 Description::
 +
 --
-PersistentVolumeClaimCondition contails details about state of pvc
+PersistentVolumeClaimCondition contains details about state of pvc
 --
 
 Type::
@@ -7663,7 +8044,8 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -8531,7 +8913,7 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.volumes[].ephemeral
@@ -8748,7 +9130,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -8760,7 +9142,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -8769,7 +9151,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -10147,10 +10529,18 @@ Type::
 |===
 | Property | Type | Description
 
+| `getConcurrency`
+| `integer`
+| Maximum number of GET requests processed concurrently. This corresponds to the Alertmanager's `--web.get-concurrency` flag.
+
 | `httpConfig`
 | `object`
 | Defines HTTP parameters for web server.
 
+| `timeout`
+| `integer`
+| Timeout for HTTP requests. This corresponds to the Alertmanager's `--web.timeout` flag.
+
 | `tlsConfig`
 | `object`
 | Defines the TLS parameters for HTTPS.
@@ -10522,7 +10912,7 @@ Required::
 
 | `conditions[]`
 | `object`
-| Condition represents the state of the resources associated with the Prometheus or Alertmanager resource.
+| Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
 
 | `paused`
 | `boolean`
@@ -10558,7 +10948,7 @@ Type::
 Description::
 +
 --
-Condition represents the state of the resources associated with the Prometheus or Alertmanager resource.
+Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
 --
 
 Type::
@@ -10625,49 +11015,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1/alertmanagers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -10689,23 +11036,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/alertmanagers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -10714,46 +11045,6 @@ Description::
   delete collection of Alertmanager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -10773,46 +11064,6 @@ Description::
   list objects of kind Alertmanager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -10839,12 +11090,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10880,19 +11128,8 @@ Description::
 | `name`
 | `string`
 | name of the Alertmanager
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -10908,25 +11145,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10947,16 +11167,6 @@ Description::
   read the specified Alertmanager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -10983,22 +11193,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11024,12 +11223,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -11063,19 +11259,8 @@ Description::
 | `name`
 | `string`
 | name of the Alertmanager
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -11084,16 +11269,6 @@ Description::
   read status of the specified Alertmanager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -11120,22 +11295,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11161,12 +11325,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc
index e968618a0fe1..a44b9254af3c 100644
--- a/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc
+++ b/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="alertmanagerconfig-monitoring-coreos-com-v1beta1"]
 = AlertmanagerConfig [monitoring.coreos.com/v1beta1]
 :toc: macro
@@ -11,7 +11,7 @@ toc::[]
 Description::
 +
 --
-AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.
+AlertmanagerConfig configures the Prometheus Alertmanager, specifying how alerts should be grouped, inhibited and notified to external systems.
 --
 
 Type::
@@ -263,6 +263,14 @@ Required::
 |===
 | Property | Type | Description
 
+| `discordConfigs`
+| `array`
+| List of Slack configurations.
+
+| `discordConfigs[]`
+| `object`
+| DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config
+
 | `emailConfigs`
 | `array`
 | List of Email configurations.
@@ -271,6 +279,14 @@ Required::
 | `object`
 | EmailConfig configures notifications via Email.
 
+| `msteamsConfigs`
+| `array`
+| List of MSTeams configurations. It requires Alertmanager >= 0.26.0.
+
+| `msteamsConfigs[]`
+| `object`
+| MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0.
+
 | `name`
 | `string`
 | Name of the receiver. Must be unique across all items from the list.
@@ -331,6 +347,14 @@ Required::
 | `object`
 | VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
 
+| `webexConfigs`
+| `array`
+| List of Webex configurations.
+
+| `webexConfigs[]`
+| `object`
+| WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config
+
 | `webhookConfigs`
 | `array`
 | List of webhook configurations.
@@ -348,11 +372,11 @@ Required::
 | WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config
 
 |===
-=== .spec.receivers[].emailConfigs
+=== .spec.receivers[].discordConfigs
 Description::
 +
 --
-List of Email configurations.
+List of Slack configurations.
 --
 
 Type::
@@ -361,11 +385,11 @@ Type::
 
 
 
-=== .spec.receivers[].emailConfigs[]
+=== .spec.receivers[].discordConfigs[]
 Description::
 +
 --
-EmailConfig configures notifications via Email.
+DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config
 --
 
 Type::
@@ -378,72 +402,32 @@ Type::
 |===
 | Property | Type | Description
 
-| `authIdentity`
-| `string`
-| The identity to use for authentication.
-
-| `authPassword`
-| `object`
-| The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
-
-| `authSecret`
+| `apiURL`
 | `object`
-| The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
-
-| `authUsername`
-| `string`
-| The username to use for authentication.
-
-| `from`
-| `string`
-| The sender address.
-
-| `headers`
-| `array`
-| Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.
+| The secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 
-| `headers[]`
+| `httpConfig`
 | `object`
-| KeyValue defines a (key, value) tuple.
-
-| `hello`
-| `string`
-| The hostname to identify to the SMTP server.
+| HTTP client configuration.
 
-| `html`
+| `message`
 | `string`
-| The HTML body of the email notification.
-
-| `requireTLS`
-| `boolean`
-| The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.
+| The template of the message's body.
 
 | `sendResolved`
 | `boolean`
 | Whether or not to notify about resolved alerts.
 
-| `smarthost`
-| `string`
-| The SMTP host and port through which emails are sent. E.g. example.com:25
-
-| `text`
-| `string`
-| The text body of the email notification.
-
-| `tlsConfig`
-| `object`
-| TLS configuration
-
-| `to`
+| `title`
 | `string`
-| The email address to send notifications to.
+| The template of the message's title.
 
 |===
-=== .spec.receivers[].emailConfigs[].authPassword
+=== .spec.receivers[].discordConfigs[].apiURL
 Description::
 +
 --
-The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+The secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 --
 
 Type::
@@ -451,7 +435,6 @@ Type::
 
 Required::
   - `key`
-  - `name`
 
 
 
@@ -465,22 +448,23 @@ Required::
 
 | `name`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].emailConfigs[].authSecret
+=== .spec.receivers[].discordConfigs[].httpConfig
 Description::
 +
 --
-The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+HTTP client configuration.
 --
 
 Type::
   `object`
 
-Required::
-  - `key`
-  - `name`
 
 
 
@@ -488,33 +472,68 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| `authorization`
+| `object`
+| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
 
-| `name`
+| `basicAuth`
+| `object`
+| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+
+| `bearerTokenSecret`
+| `object`
+| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `followRedirects`
+| `boolean`
+| FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
+
+| `oauth2`
+| `object`
+| OAuth2 client credentials used to fetch a token for the targets.
+
+| `proxyURL`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| Optional proxy URL.
+
+| `tlsConfig`
+| `object`
+| TLS configuration for the client.
 
 |===
-=== .spec.receivers[].emailConfigs[].headers
+=== .spec.receivers[].discordConfigs[].httpConfig.authorization
 Description::
 +
 --
-Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.
+Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
 --
 
 Type::
-  `array`
+  `object`
 
 
 
 
-=== .spec.receivers[].emailConfigs[].headers[]
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `credentials`
+| `object`
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
+
+| `type`
+| `string`
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-KeyValue defines a (key, value) tuple.
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -522,7 +541,6 @@ Type::
 
 Required::
   - `key`
-  - `value`
 
 
 
@@ -532,18 +550,22 @@ Required::
 
 | `key`
 | `string`
-| Key of the tuple.
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `value`
+| `name`
 | `string`
-| Value of the tuple.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig
+=== .spec.receivers[].discordConfigs[].httpConfig.basicAuth
 Description::
 +
 --
-TLS configuration
+BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
 --
 
 Type::
@@ -556,37 +578,27 @@ Type::
 |===
 | Property | Type | Description
 
-| `ca`
-| `object`
-| Certificate authority used when verifying server certificates.
-
-| `cert`
+| `password`
 | `object`
-| Client certificate to present when doing client-authentication.
-
-| `insecureSkipVerify`
-| `boolean`
-| Disable target certificate validation.
+| `password` specifies a key of a Secret containing the password for authentication.
 
-| `keySecret`
+| `username`
 | `object`
-| Secret containing the client key file for the targets.
-
-| `serverName`
-| `string`
-| Used to verify the hostname for the targets.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.ca
+=== .spec.receivers[].discordConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-Certificate authority used when verifying server certificates.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
   `object`
 
+Required::
+  - `key`
 
 
 
@@ -594,20 +606,24 @@ Type::
 |===
 | Property | Type | Description
 
-| `configMap`
-| `object`
-| ConfigMap containing data to use for the targets.
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `secret`
-| `object`
-| Secret containing data to use for the targets.
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.ca.configMap
+=== .spec.receivers[].discordConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-ConfigMap containing data to use for the targets.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -624,7 +640,7 @@ Required::
 
 | `key`
 | `string`
-| The key to select.
+| The key of the secret to select from.  Must be a valid secret key.
 
 | `name`
 | `string`
@@ -632,14 +648,14 @@ Required::
 
 | `optional`
 | `boolean`
-| Specify whether the ConfigMap or its key must be defined
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.ca.secret
+=== .spec.receivers[].discordConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
-Secret containing data to use for the targets.
+The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 --
 
 Type::
@@ -647,6 +663,7 @@ Type::
 
 Required::
   - `key`
+  - `name`
 
 
 
@@ -660,18 +677,56 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+| The name of the secret in the object's namespace to select from.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2
+Description::
++
+--
+OAuth2 client credentials used to fetch a token for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `clientId`
+  - `clientSecret`
+  - `tokenUrl`
 
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
 
+
+[cols="1,1,1",options="header"]
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.cert
+| Property | Type | Description
+
+| `clientId`
+| `object`
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
+
+| `clientSecret`
+| `object`
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
+
+| `endpointParams`
+| `object (string)`
+| `endpointParams` configures the HTTP parameters to append to the token URL.
+
+| `scopes`
+| `array (string)`
+| `scopes` defines the OAuth2 scopes used for the token request.
+
+| `tokenUrl`
+| `string`
+| `tokenURL` configures the URL to fetch the token from.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-Client certificate to present when doing client-authentication.
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -693,7 +748,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.cert.configMap
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -725,7 +780,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.cert.secret
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -757,11 +812,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].emailConfigs[].tlsConfig.keySecret
+=== .spec.receivers[].discordConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-Secret containing the client key file for the targets.
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -789,29 +844,2142 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
-List of OpsGenie configurations.
+TLS configuration for the client.
 --
 
 Type::
-  `array`
+  `object`
 
 
 
 
-=== .spec.receivers[].opsgenieConfigs[]
-Description::
-+
---
-OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config
---
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].discordConfigs[].httpConfig.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].emailConfigs
+Description::
++
+--
+List of Email configurations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].emailConfigs[]
+Description::
++
+--
+EmailConfig configures notifications via Email.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `authIdentity`
+| `string`
+| The identity to use for authentication.
+
+| `authPassword`
+| `object`
+| The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `authSecret`
+| `object`
+| The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `authUsername`
+| `string`
+| The username to use for authentication.
+
+| `from`
+| `string`
+| The sender address.
+
+| `headers`
+| `array`
+| Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.
+
+| `headers[]`
+| `object`
+| KeyValue defines a (key, value) tuple.
+
+| `hello`
+| `string`
+| The hostname to identify to the SMTP server.
+
+| `html`
+| `string`
+| The HTML body of the email notification.
+
+| `requireTLS`
+| `boolean`
+| The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.
+
+| `sendResolved`
+| `boolean`
+| Whether or not to notify about resolved alerts.
+
+| `smarthost`
+| `string`
+| The SMTP host and port through which emails are sent. E.g. example.com:25
+
+| `text`
+| `string`
+| The text body of the email notification.
+
+| `tlsConfig`
+| `object`
+| TLS configuration
+
+| `to`
+| `string`
+| The email address to send notifications to.
+
+|===
+=== .spec.receivers[].emailConfigs[].authPassword
+Description::
++
+--
+The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| The name of the secret in the object's namespace to select from.
+
+|===
+=== .spec.receivers[].emailConfigs[].authSecret
+Description::
++
+--
+The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| The name of the secret in the object's namespace to select from.
+
+|===
+=== .spec.receivers[].emailConfigs[].headers
+Description::
++
+--
+Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].emailConfigs[].headers[]
+Description::
++
+--
+KeyValue defines a (key, value) tuple.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| Key of the tuple.
+
+| `value`
+| `string`
+| Value of the tuple.
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig
+Description::
++
+--
+TLS configuration
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].emailConfigs[].tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs
+Description::
++
+--
+List of MSTeams configurations. It requires Alertmanager >= 0.26.0.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].msteamsConfigs[]
+Description::
++
+--
+MSTeamsConfig configures notifications via Microsoft Teams. It requires Alertmanager >= 0.26.0.
+--
+
+Type::
+  `object`
+
+Required::
+  - `webhookUrl`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `httpConfig`
+| `object`
+| HTTP client configuration.
+
+| `sendResolved`
+| `boolean`
+| Whether to notify about resolved alerts.
+
+| `text`
+| `string`
+| Message body template.
+
+| `title`
+| `string`
+| Message title template.
+
+| `webhookUrl`
+| `object`
+| MSTeams webhook URL.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig
+Description::
++
+--
+HTTP client configuration.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `authorization`
+| `object`
+| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
+
+| `basicAuth`
+| `object`
+| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+
+| `bearerTokenSecret`
+| `object`
+| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `followRedirects`
+| `boolean`
+| FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
+
+| `oauth2`
+| `object`
+| OAuth2 client credentials used to fetch a token for the targets.
+
+| `proxyURL`
+| `string`
+| Optional proxy URL.
+
+| `tlsConfig`
+| `object`
+| TLS configuration for the client.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.authorization
+Description::
++
+--
+Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `credentials`
+| `object`
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
+
+| `type`
+| `string`
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.authorization.credentials
+Description::
++
+--
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.basicAuth
+Description::
++
+--
+BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `password`
+| `object`
+| `password` specifies a key of a Secret containing the password for authentication.
+
+| `username`
+| `object`
+| `username` specifies a key of a Secret containing the username for authentication.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.basicAuth.password
+Description::
++
+--
+`password` specifies a key of a Secret containing the password for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.basicAuth.username
+Description::
++
+--
+`username` specifies a key of a Secret containing the username for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.bearerTokenSecret
+Description::
++
+--
+The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| The name of the secret in the object's namespace to select from.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2
+Description::
++
+--
+OAuth2 client credentials used to fetch a token for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `clientId`
+  - `clientSecret`
+  - `tokenUrl`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientId`
+| `object`
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
+
+| `clientSecret`
+| `object`
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
+
+| `endpointParams`
+| `object (string)`
+| `endpointParams` configures the HTTP parameters to append to the token URL.
+
+| `scopes`
+| `array (string)`
+| `scopes` defines the OAuth2 scopes used for the token request.
+
+| `tokenUrl`
+| `string`
+| `tokenURL` configures the URL to fetch the token from.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.clientId
+Description::
++
+--
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.clientId.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.clientId.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.oauth2.clientSecret
+Description::
++
+--
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig
+Description::
++
+--
+TLS configuration for the client.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].httpConfig.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].msteamsConfigs[].webhookUrl
+Description::
++
+--
+MSTeams webhook URL.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs
+Description::
++
+--
+List of OpsGenie configurations.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[]
+Description::
++
+--
+OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `actions`
+| `string`
+| Comma separated list of actions that will be available for the alert.
+
+| `apiKey`
+| `object`
+| The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `apiURL`
+| `string`
+| The URL to send OpsGenie API requests to.
+
+| `description`
+| `string`
+| Description of the incident.
+
+| `details`
+| `array`
+| A set of arbitrary key/value pairs that provide further detail about the incident.
+
+| `details[]`
+| `object`
+| KeyValue defines a (key, value) tuple.
+
+| `entity`
+| `string`
+| Optional field that can be used to specify which domain alert is related to.
+
+| `httpConfig`
+| `object`
+| HTTP client configuration.
+
+| `message`
+| `string`
+| Alert text limited to 130 characters.
+
+| `note`
+| `string`
+| Additional alert note.
+
+| `priority`
+| `string`
+| Priority level of alert. Possible values are P1, P2, P3, P4, and P5.
+
+| `responders`
+| `array`
+| List of responders responsible for notifications.
+
+| `responders[]`
+| `object`
+| OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
+
+| `sendResolved`
+| `boolean`
+| Whether or not to notify about resolved alerts.
+
+| `source`
+| `string`
+| Backlink to the sender of the notification.
+
+| `tags`
+| `string`
+| Comma separated list of tags attached to the notifications.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].apiKey
+Description::
++
+--
+The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| The name of the secret in the object's namespace to select from.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].details
+Description::
++
+--
+A set of arbitrary key/value pairs that provide further detail about the incident.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[].details[]
+Description::
++
+--
+KeyValue defines a (key, value) tuple.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| Key of the tuple.
+
+| `value`
+| `string`
+| Value of the tuple.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig
+Description::
++
+--
+HTTP client configuration.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `authorization`
+| `object`
+| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
+
+| `basicAuth`
+| `object`
+| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+
+| `bearerTokenSecret`
+| `object`
+| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `followRedirects`
+| `boolean`
+| FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
+
+| `oauth2`
+| `object`
+| OAuth2 client credentials used to fetch a token for the targets.
+
+| `proxyURL`
+| `string`
+| Optional proxy URL.
+
+| `tlsConfig`
+| `object`
+| TLS configuration for the client.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.authorization
+Description::
++
+--
+Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `credentials`
+| `object`
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
+
+| `type`
+| `string`
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.authorization.credentials
+Description::
++
+--
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth
+Description::
++
+--
+BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `password`
+| `object`
+| `password` specifies a key of a Secret containing the password for authentication.
+
+| `username`
+| `object`
+| `username` specifies a key of a Secret containing the username for authentication.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth.password
+Description::
++
+--
+`password` specifies a key of a Secret containing the password for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth.username
+Description::
++
+--
+`username` specifies a key of a Secret containing the username for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.bearerTokenSecret
+Description::
++
+--
+The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| The name of the secret in the object's namespace to select from.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2
+Description::
++
+--
+OAuth2 client credentials used to fetch a token for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `clientId`
+  - `clientSecret`
+  - `tokenUrl`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientId`
+| `object`
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
+
+| `clientSecret`
+| `object`
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
+
+| `endpointParams`
+| `object (string)`
+| `endpointParams` configures the HTTP parameters to append to the token URL.
+
+| `scopes`
+| `array (string)`
+| `scopes` defines the OAuth2 scopes used for the token request.
+
+| `tokenUrl`
+| `string`
+| `tokenURL` configures the URL to fetch the token from.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId
+Description::
++
+--
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientSecret
+Description::
++
+--
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig
+Description::
++
+--
+TLS configuration for the client.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert
+Description::
++
+--
+Client certificate to present when doing client-authentication.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
 
 Type::
   `object`
 
+Required::
+  - `key`
 
 
 
@@ -819,84 +2987,108 @@ Type::
 |===
 | Property | Type | Description
 
-| `actions`
+| `key`
 | `string`
-| Comma separated list of actions that will be available for the alert.
-
-| `apiKey`
-| `object`
-| The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+| The key to select.
 
-| `apiURL`
+| `name`
 | `string`
-| The URL to send OpsGenie API requests to.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `description`
-| `string`
-| Description of the incident.
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
 
-| `details`
-| `array`
-| A set of arbitrary key/value pairs that provide further detail about the incident.
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
 
-| `details[]`
-| `object`
-| KeyValue defines a (key, value) tuple.
+Type::
+  `object`
 
-| `entity`
-| `string`
-| Optional field that can be used to specify which domain alert is related to.
+Required::
+  - `key`
 
-| `httpConfig`
-| `object`
-| HTTP client configuration.
 
-| `message`
-| `string`
-| Alert text limited to 130 characters.
 
-| `note`
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
 | `string`
-| Additional alert note.
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `priority`
+| `name`
 | `string`
-| Priority level of alert. Possible values are P1, P2, P3, P4, and P5.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `responders`
-| `array`
-| List of responders responsible for notifications.
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
-| `responders[]`
-| `object`
-| OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
+|===
+=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.keySecret
+Description::
++
+--
+Secret containing the client key file for the targets.
+--
 
-| `sendResolved`
-| `boolean`
-| Whether or not to notify about resolved alerts.
+Type::
+  `object`
 
-| `source`
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
 | `string`
-| Backlink to the sender of the notification.
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `tags`
+| `name`
 | `string`
-| Comma separated list of tags attached to the notifications.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].apiKey
+=== .spec.receivers[].opsgenieConfigs[].responders
 Description::
 +
 --
-The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+List of responders responsible for notifications.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].opsgenieConfigs[].responders[]
+Description::
++
+--
+OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
 --
 
 Type::
   `object`
 
 Required::
-  - `key`
-  - `name`
+  - `type`
 
 
 
@@ -904,20 +3096,28 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
+| `id`
 | `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| ID of the responder.
 
 | `name`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| Name of the responder.
+
+| `type`
+| `string`
+| Type of responder.
+
+| `username`
+| `string`
+| Username of the responder.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].details
+=== .spec.receivers[].pagerdutyConfigs
 Description::
 +
 --
-A set of arbitrary key/value pairs that provide further detail about the incident.
+List of PagerDuty configurations.
 --
 
 Type::
@@ -926,7 +3126,110 @@ Type::
 
 
 
-=== .spec.receivers[].opsgenieConfigs[].details[]
+=== .spec.receivers[].pagerdutyConfigs[]
+Description::
++
+--
+PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `class`
+| `string`
+| The class/type of the event.
+
+| `client`
+| `string`
+| Client identification.
+
+| `clientURL`
+| `string`
+| Backlink to the sender of notification.
+
+| `component`
+| `string`
+| The part or component of the affected system that is broken.
+
+| `description`
+| `string`
+| Description of the incident.
+
+| `details`
+| `array`
+| Arbitrary key/value pairs that provide further detail about the incident.
+
+| `details[]`
+| `object`
+| KeyValue defines a (key, value) tuple.
+
+| `group`
+| `string`
+| A cluster or grouping of sources.
+
+| `httpConfig`
+| `object`
+| HTTP client configuration.
+
+| `pagerDutyImageConfigs`
+| `array`
+| A list of image details to attach that provide further detail about an incident.
+
+| `pagerDutyImageConfigs[]`
+| `object`
+| PagerDutyImageConfig attaches images to an incident
+
+| `pagerDutyLinkConfigs`
+| `array`
+| A list of link details to attach that provide further detail about an incident.
+
+| `pagerDutyLinkConfigs[]`
+| `object`
+| PagerDutyLinkConfig attaches text links to an incident
+
+| `routingKey`
+| `object`
+| The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `sendResolved`
+| `boolean`
+| Whether or not to notify about resolved alerts.
+
+| `serviceKey`
+| `object`
+| The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `severity`
+| `string`
+| Severity of the incident.
+
+| `url`
+| `string`
+| The URL to send requests to.
+
+|===
+=== .spec.receivers[].pagerdutyConfigs[].details
+Description::
++
+--
+Arbitrary key/value pairs that provide further detail about the incident.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.receivers[].pagerdutyConfigs[].details[]
 Description::
 +
 --
@@ -955,7 +3258,7 @@ Required::
 | Value of the tuple.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig
 Description::
 +
 --
@@ -1001,7 +3304,7 @@ Type::
 | TLS configuration for the client.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.authorization
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.authorization
 Description::
 +
 --
@@ -1020,18 +3323,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -1059,7 +3364,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth
 Description::
 +
 --
@@ -1078,18 +3383,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -1117,11 +3422,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -1149,7 +3454,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
@@ -1178,7 +3483,7 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2
 Description::
 +
 --
@@ -1201,30 +3506,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -1246,7 +3551,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -1278,7 +3583,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -1310,11 +3615,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -1342,7 +3647,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
@@ -1380,7 +3685,7 @@ Type::
 | Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
@@ -1406,7 +3711,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
@@ -1438,7 +3743,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca.secret
 Description::
 +
 --
@@ -1470,7 +3775,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
@@ -1496,7 +3801,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
@@ -1528,7 +3833,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
@@ -1560,7 +3865,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
@@ -1592,11 +3897,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].opsgenieConfigs[].responders
+=== .spec.receivers[].pagerdutyConfigs[].pagerDutyImageConfigs
 Description::
 +
 --
-List of responders responsible for notifications.
+A list of image details to attach that provide further detail about an incident.
 --
 
 Type::
@@ -1605,18 +3910,16 @@ Type::
 
 
 
-=== .spec.receivers[].opsgenieConfigs[].responders[]
+=== .spec.receivers[].pagerdutyConfigs[].pagerDutyImageConfigs[]
 Description::
 +
 --
-OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
+PagerDutyImageConfig attaches images to an incident
 --
 
 Type::
   `object`
 
-Required::
-  - `type`
 
 
 
@@ -1624,28 +3927,24 @@ Required::
 |===
 | Property | Type | Description
 
-| `id`
-| `string`
-| ID of the responder.
-
-| `name`
+| `alt`
 | `string`
-| Name of the responder.
+| Alt is the optional alternative text for the image.
 
-| `type`
+| `href`
 | `string`
-| Type of responder.
+| Optional URL; makes the image a clickable link.
 
-| `username`
+| `src`
 | `string`
-| Username of the responder.
+| Src of the image being attached to the incident
 
 |===
-=== .spec.receivers[].pagerdutyConfigs
+=== .spec.receivers[].pagerdutyConfigs[].pagerDutyLinkConfigs
 Description::
 +
 --
-List of PagerDuty configurations.
+A list of link details to attach that provide further detail about an incident.
 --
 
 Type::
@@ -1654,11 +3953,11 @@ Type::
 
 
 
-=== .spec.receivers[].pagerdutyConfigs[]
+=== .spec.receivers[].pagerdutyConfigs[].pagerDutyLinkConfigs[]
 Description::
 +
 --
-PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config
+PagerDutyLinkConfig attaches text links to an incident
 --
 
 Type::
@@ -1671,84 +3970,78 @@ Type::
 |===
 | Property | Type | Description
 
-| `class`
+| `alt`
 | `string`
-| The class/type of the event.
+| Text that describes the purpose of the link, and can be used as the link's text.
 
-| `client`
+| `href`
 | `string`
-| Client identification.
+| Href is the URL of the link to be attached
 
-| `clientURL`
-| `string`
-| Backlink to the sender of notification.
+|===
+=== .spec.receivers[].pagerdutyConfigs[].routingKey
+Description::
++
+--
+The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
 
-| `component`
-| `string`
-| The part or component of the affected system that is broken.
+Type::
+  `object`
 
-| `description`
-| `string`
-| Description of the incident.
+Required::
+  - `key`
+  - `name`
 
-| `details`
-| `array`
-| Arbitrary key/value pairs that provide further detail about the incident.
 
-| `details[]`
-| `object`
-| KeyValue defines a (key, value) tuple.
 
-| `group`
-| `string`
-| A cluster or grouping of sources.
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
 
-| `httpConfig`
-| `object`
-| HTTP client configuration.
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `pagerDutyImageConfigs`
-| `array`
-| A list of image details to attach that provide further detail about an incident.
+| `name`
+| `string`
+| The name of the secret in the object's namespace to select from.
 
-| `pagerDutyImageConfigs[]`
-| `object`
-| PagerDutyImageConfig attaches images to an incident
+|===
+=== .spec.receivers[].pagerdutyConfigs[].serviceKey
+Description::
++
+--
+The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+--
 
-| `pagerDutyLinkConfigs`
-| `array`
-| A list of link details to attach that provide further detail about an incident.
+Type::
+  `object`
 
-| `pagerDutyLinkConfigs[]`
-| `object`
-| PagerDutyLinkConfig attaches text links to an incident
+Required::
+  - `key`
+  - `name`
 
-| `routingKey`
-| `object`
-| The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 
-| `sendResolved`
-| `boolean`
-| Whether or not to notify about resolved alerts.
 
-| `serviceKey`
-| `object`
-| The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
 
-| `severity`
+| `key`
 | `string`
-| Severity of the incident.
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `url`
+| `name`
 | `string`
-| The URL to send requests to.
+| The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].details
+=== .spec.receivers[].pushoverConfigs
 Description::
 +
 --
-Arbitrary key/value pairs that provide further detail about the incident.
+List of Pushover configurations.
 --
 
 Type::
@@ -1757,19 +4050,16 @@ Type::
 
 
 
-=== .spec.receivers[].pagerdutyConfigs[].details[]
+=== .spec.receivers[].pushoverConfigs[]
 Description::
 +
 --
-KeyValue defines a (key, value) tuple.
+PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config
 --
 
 Type::
   `object`
 
-Required::
-  - `key`
-  - `value`
 
 
 
@@ -1777,16 +4067,72 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
+| `device`
 | `string`
-| Key of the tuple.
+| The name of a device to send the notification to
 
-| `value`
+| `expire`
 | `string`
-| Value of the tuple.
+| How long your notification will continue to be retried for, unless the user acknowledges the notification.
+
+| `html`
+| `boolean`
+| Whether notification message is HTML or plain text.
+
+| `httpConfig`
+| `object`
+| HTTP client configuration.
+
+| `message`
+| `string`
+| Notification message.
+
+| `priority`
+| `string`
+| Priority, see https://pushover.net/api#priority
+
+| `retry`
+| `string`
+| How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.
+
+| `sendResolved`
+| `boolean`
+| Whether or not to notify about resolved alerts.
+
+| `sound`
+| `string`
+| The name of one of the sounds supported by device clients to override the user's default sound choice
+
+| `title`
+| `string`
+| Notification title.
+
+| `token`
+| `object`
+| The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `token` or `tokenFile` is required.
+
+| `tokenFile`
+| `string`
+| The token file that contains the registered application's API token, see https://pushover.net/apps. Either `token` or `tokenFile` is required. It requires Alertmanager >= v0.26.0.
+
+| `url`
+| `string`
+| A supplementary URL shown alongside the message.
+
+| `urlTitle`
+| `string`
+| A title for supplementary URL, otherwise just the URL is shown
+
+| `userKey`
+| `object`
+| The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `userKey` or `userKeyFile` is required.
+
+| `userKeyFile`
+| `string`
+| The user key file that contains the recipient user's user key. Either `userKey` or `userKeyFile` is required. It requires Alertmanager >= v0.26.0.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig
+=== .spec.receivers[].pushoverConfigs[].httpConfig
 Description::
 +
 --
@@ -1832,7 +4178,7 @@ Type::
 | TLS configuration for the client.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.authorization
+=== .spec.receivers[].pushoverConfigs[].httpConfig.authorization
 Description::
 +
 --
@@ -1851,18 +4197,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].pushoverConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -1890,7 +4238,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth
 Description::
 +
 --
@@ -1909,18 +4257,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -1948,11 +4296,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -1980,7 +4328,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].pushoverConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
@@ -2009,7 +4357,7 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2
 Description::
 +
 --
@@ -2032,30 +4380,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -2077,7 +4425,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -2109,7 +4457,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -2141,11 +4489,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -2173,7 +4521,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
@@ -2211,7 +4559,7 @@ Type::
 | Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
@@ -2237,7 +4585,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
@@ -2269,7 +4617,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca.secret
 Description::
 +
 --
@@ -2301,7 +4649,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
@@ -2327,7 +4675,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
@@ -2359,7 +4707,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
@@ -2391,7 +4739,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
@@ -2423,93 +4771,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].pagerDutyImageConfigs
-Description::
-+
---
-A list of image details to attach that provide further detail about an incident.
---
-
-Type::
-  `array`
-
-
-
-
-=== .spec.receivers[].pagerdutyConfigs[].pagerDutyImageConfigs[]
-Description::
-+
---
-PagerDutyImageConfig attaches images to an incident
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `alt`
-| `string`
-| Alt is the optional alternative text for the image.
-
-| `href`
-| `string`
-| Optional URL; makes the image a clickable link.
-
-| `src`
-| `string`
-| Src of the image being attached to the incident
-
-|===
-=== .spec.receivers[].pagerdutyConfigs[].pagerDutyLinkConfigs
-Description::
-+
---
-A list of link details to attach that provide further detail about an incident.
---
-
-Type::
-  `array`
-
-
-
-
-=== .spec.receivers[].pagerdutyConfigs[].pagerDutyLinkConfigs[]
-Description::
-+
---
-PagerDutyLinkConfig attaches text links to an incident
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `alt`
-| `string`
-| Text that describes the purpose of the link, and can be used as the link's text.
-
-| `href`
-| `string`
-| Href is the URL of the link to be attached
-
-|===
-=== .spec.receivers[].pagerdutyConfigs[].routingKey
+=== .spec.receivers[].pushoverConfigs[].token
 Description::
 +
 --
-The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `token` or `tokenFile` is required.
 --
 
 Type::
@@ -2534,11 +4800,11 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].pagerdutyConfigs[].serviceKey
+=== .spec.receivers[].pushoverConfigs[].userKey
 Description::
 +
 --
-The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. Either `userKey` or `userKeyFile` is required.
 --
 
 Type::
@@ -2563,11 +4829,11 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].pushoverConfigs
+=== .spec.receivers[].slackConfigs
 Description::
 +
 --
-List of Pushover configurations.
+List of Slack configurations.
 --
 
 Type::
@@ -2576,11 +4842,11 @@ Type::
 
 
 
-=== .spec.receivers[].pushoverConfigs[]
+=== .spec.receivers[].slackConfigs[]
 Description::
 +
 --
-PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config
+SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config
 --
 
 Type::
@@ -2593,143 +4859,129 @@ Type::
 |===
 | Property | Type | Description
 
-| `expire`
-| `string`
-| How long your notification will continue to be retried for, unless the user acknowledges the notification.
+| `actions`
+| `array`
+| A list of Slack actions that are sent with each notification.
 
-| `html`
-| `boolean`
-| Whether notification message is HTML or plain text.
+| `actions[]`
+| `object`
+| SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.
 
-| `httpConfig`
+| `apiURL`
 | `object`
-| HTTP client configuration.
+| The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 
-| `message`
+| `callbackId`
 | `string`
-| Notification message.
+| 
 
-| `priority`
+| `channel`
 | `string`
-| Priority, see https://pushover.net/api#priority
+| The channel or user to send notifications to.
 
-| `retry`
+| `color`
 | `string`
-| How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.
-
-| `sendResolved`
-| `boolean`
-| Whether or not to notify about resolved alerts.
+| 
 
-| `sound`
+| `fallback`
 | `string`
-| The name of one of the sounds supported by device clients to override the user's default sound choice
+| 
 
-| `title`
-| `string`
-| Notification title.
+| `fields`
+| `array`
+| A list of Slack fields that are sent with each notification.
 
-| `token`
+| `fields[]`
 | `object`
-| The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
-
-| `url`
-| `string`
-| A supplementary URL shown alongside the message.
+| SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.
 
-| `urlTitle`
+| `footer`
 | `string`
-| A title for supplementary URL, otherwise just the URL is shown
+| 
 
-| `userKey`
+| `httpConfig`
 | `object`
-| The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+| HTTP client configuration.
 
-|===
-=== .spec.receivers[].pushoverConfigs[].httpConfig
-Description::
-+
---
-HTTP client configuration.
---
+| `iconEmoji`
+| `string`
+| 
 
-Type::
-  `object`
+| `iconURL`
+| `string`
+| 
 
+| `imageURL`
+| `string`
+| 
 
+| `linkNames`
+| `boolean`
+| 
 
+| `mrkdwnIn`
+| `array (string)`
+| 
 
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
+| `pretext`
+| `string`
+| 
 
-| `authorization`
-| `object`
-| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
+| `sendResolved`
+| `boolean`
+| Whether or not to notify about resolved alerts.
 
-| `basicAuth`
-| `object`
-| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+| `shortFields`
+| `boolean`
+| 
 
-| `bearerTokenSecret`
-| `object`
-| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+| `text`
+| `string`
+| 
 
-| `followRedirects`
-| `boolean`
-| FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
+| `thumbURL`
+| `string`
+| 
 
-| `oauth2`
-| `object`
-| OAuth2 client credentials used to fetch a token for the targets.
+| `title`
+| `string`
+| 
 
-| `proxyURL`
+| `titleLink`
 | `string`
-| Optional proxy URL.
+| 
 
-| `tlsConfig`
-| `object`
-| TLS configuration for the client.
+| `username`
+| `string`
+| 
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.authorization
+=== .spec.receivers[].slackConfigs[].actions
 Description::
 +
 --
-Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
+A list of Slack actions that are sent with each notification.
 --
 
 Type::
-  `object`
-
-
-
+  `array`
 
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
 
-| `credentials`
-| `object`
-| The secret's key that contains the credentials of the request
 
-| `type`
-| `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
 
-|===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].slackConfigs[].actions[]
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.
 --
 
 Type::
   `object`
 
 Required::
-  - `key`
+  - `text`
+  - `type`
 
 
 
@@ -2737,29 +4989,47 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| `confirm`
+| `object`
+| SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+| 
 
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
+| `style`
+| `string`
+| 
+
+| `text`
+| `string`
+| 
+
+| `type`
+| `string`
+| 
+
+| `url`
+| `string`
+| 
+
+| `value`
+| `string`
+| 
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].slackConfigs[].actions[].confirm
 Description::
 +
 --
-BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
+SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.
 --
 
 Type::
   `object`
 
+Required::
+  - `text`
 
 
 
@@ -2767,20 +5037,28 @@ Type::
 |===
 | Property | Type | Description
 
-| `password`
-| `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `dismissText`
+| `string`
+| 
 
-| `username`
-| `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `okText`
+| `string`
+| 
+
+| `text`
+| `string`
+| 
+
+| `title`
+| `string`
+| 
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].slackConfigs[].apiURL
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 --
 
 Type::
@@ -2788,6 +5066,7 @@ Type::
 
 Required::
   - `key`
+  - `name`
 
 
 
@@ -2801,58 +5080,35 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
+| The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].slackConfigs[].fields
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+A list of Slack fields that are sent with each notification.
 --
 
 Type::
-  `object`
-
-Required::
-  - `key`
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
+  `array`
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
 
-| `name`
-| `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
 
-|===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].slackConfigs[].fields[]
 Description::
 +
 --
-The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.
 --
 
 Type::
   `object`
 
 Required::
-  - `key`
-  - `name`
+  - `title`
+  - `value`
 
 
 
@@ -2860,29 +5116,29 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
+| `short`
+| `boolean`
+| 
+
+| `title`
 | `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| 
 
-| `name`
+| `value`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| 
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2
+=== .spec.receivers[].slackConfigs[].httpConfig
 Description::
 +
 --
-OAuth2 client credentials used to fetch a token for the targets.
+HTTP client configuration.
 --
 
 Type::
   `object`
 
-Required::
-  - `clientId`
-  - `clientSecret`
-  - `tokenUrl`
 
 
 
@@ -2890,32 +5146,40 @@ Required::
 |===
 | Property | Type | Description
 
-| `clientId`
+| `authorization`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
 
-| `clientSecret`
+| `basicAuth`
 | `object`
-| The secret containing the OAuth2 client secret
+| BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
 
-| `endpointParams`
-| `object (string)`
-| Parameters to append to the token URL
+| `bearerTokenSecret`
+| `object`
+| The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 
-| `scopes`
-| `array (string)`
-| OAuth2 scopes used for the token request
+| `followRedirects`
+| `boolean`
+| FollowRedirects specifies whether the client should follow HTTP 3xx redirects.
 
-| `tokenUrl`
+| `oauth2`
+| `object`
+| OAuth2 client credentials used to fetch a token for the targets.
+
+| `proxyURL`
 | `string`
-| The URL to fetch the token from
+| Optional proxy URL.
+
+| `tlsConfig`
+| `object`
+| TLS configuration for the client.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].slackConfigs[].httpConfig.authorization
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.
 --
 
 Type::
@@ -2928,20 +5192,22 @@ Type::
 |===
 | Property | Type | Description
 
-| `configMap`
+| `credentials`
 | `object`
-| ConfigMap containing data to use for the targets.
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
-| `secret`
-| `object`
-| Secret containing data to use for the targets.
+| `type`
+| `string`
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].slackConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-ConfigMap containing data to use for the targets.
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -2958,7 +5224,7 @@ Required::
 
 | `key`
 | `string`
-| The key to select.
+| The key of the secret to select from.  Must be a valid secret key.
 
 | `name`
 | `string`
@@ -2966,21 +5232,19 @@ Required::
 
 | `optional`
 | `boolean`
-| Specify whether the ConfigMap or its key must be defined
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].slackConfigs[].httpConfig.basicAuth
 Description::
 +
 --
-Secret containing data to use for the targets.
+BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.
 --
 
 Type::
   `object`
 
-Required::
-  - `key`
 
 
 
@@ -2988,24 +5252,20 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
-
-| `name`
-| `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+| `password`
+| `object`
+| `password` specifies a key of a Secret containing the password for authentication.
 
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
+| `username`
+| `object`
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].slackConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -3033,16 +5293,18 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].slackConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-TLS configuration for the client.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
   `object`
 
+Required::
+  - `key`
 
 
 
@@ -3050,58 +5312,24 @@ Type::
 |===
 | Property | Type | Description
 
-| `ca`
-| `object`
-| Certificate authority used when verifying server certificates.
-
-| `cert`
-| `object`
-| Client certificate to present when doing client-authentication.
-
-| `insecureSkipVerify`
-| `boolean`
-| Disable target certificate validation.
-
-| `keySecret`
-| `object`
-| Secret containing the client key file for the targets.
-
-| `serverName`
+| `key`
 | `string`
-| Used to verify the hostname for the targets.
-
-|===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca
-Description::
-+
---
-Certificate authority used when verifying server certificates.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `configMap`
-| `object`
-| ConfigMap containing data to use for the targets.
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `secret`
-| `object`
-| Secret containing data to use for the targets.
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].slackConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
-ConfigMap containing data to use for the targets.
+The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 --
 
 Type::
@@ -3109,6 +5337,7 @@ Type::
 
 Required::
   - `key`
+  - `name`
 
 
 
@@ -3118,29 +5347,27 @@ Required::
 
 | `key`
 | `string`
-| The key to select.
+| The key of the secret to select from.  Must be a valid secret key.
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-
-| `optional`
-| `boolean`
-| Specify whether the ConfigMap or its key must be defined
+| The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2
 Description::
 +
 --
-Secret containing data to use for the targets.
+OAuth2 client credentials used to fetch a token for the targets.
 --
 
 Type::
   `object`
 
 Required::
-  - `key`
+  - `clientId`
+  - `clientSecret`
+  - `tokenUrl`
 
 
 
@@ -3148,24 +5375,32 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| `clientId`
+| `object`
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
-| `name`
-| `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+| `clientSecret`
+| `object`
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
+| `endpointParams`
+| `object (string)`
+| `endpointParams` configures the HTTP parameters to append to the token URL.
+
+| `scopes`
+| `array (string)`
+| `scopes` defines the OAuth2 scopes used for the token request.
+
+| `tokenUrl`
+| `string`
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-Client certificate to present when doing client-authentication.
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -3187,7 +5422,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -3219,7 +5454,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -3251,11 +5486,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pushoverConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-Secret containing the client key file for the targets.
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -3283,19 +5518,16 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].pushoverConfigs[].token
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
-The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+TLS configuration for the client.
 --
 
 Type::
   `object`
 
-Required::
-  - `key`
-  - `name`
 
 
 
@@ -3303,28 +5535,37 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
 
-| `name`
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `serverName`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].pushoverConfigs[].userKey
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
-The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+Certificate authority used when verifying server certificates.
 --
 
 Type::
   `object`
 
-Required::
-  - `key`
-  - `name`
 
 
 
@@ -3332,38 +5573,27 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
 
-| `name`
-| `string`
-| The name of the secret in the object's namespace to select from.
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].slackConfigs
-Description::
-+
---
-List of Slack configurations.
---
-
-Type::
-  `array`
-
-
-
-
-=== .spec.receivers[].slackConfigs[]
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
-SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config
+ConfigMap containing data to use for the targets.
 --
 
 Type::
   `object`
 
+Required::
+  - `key`
 
 
 
@@ -3371,129 +5601,89 @@ Type::
 |===
 | Property | Type | Description
 
-| `actions`
-| `array`
-| A list of Slack actions that are sent with each notification.
-
-| `actions[]`
-| `object`
-| SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.
-
-| `apiURL`
-| `object`
-| The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
-
-| `callbackId`
-| `string`
-| 
-
-| `channel`
-| `string`
-| The channel or user to send notifications to.
-
-| `color`
-| `string`
-| 
-
-| `fallback`
-| `string`
-| 
-
-| `fields`
-| `array`
-| A list of Slack fields that are sent with each notification.
-
-| `fields[]`
-| `object`
-| SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.
-
-| `footer`
-| `string`
-| 
-
-| `httpConfig`
-| `object`
-| HTTP client configuration.
-
-| `iconEmoji`
-| `string`
-| 
-
-| `iconURL`
+| `key`
 | `string`
-| 
+| The key to select.
 
-| `imageURL`
+| `name`
 | `string`
-| 
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `linkNames`
+| `optional`
 | `boolean`
-| 
+| Specify whether the ConfigMap or its key must be defined
 
-| `mrkdwnIn`
-| `array (string)`
-| 
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
 
-| `pretext`
-| `string`
-| 
+Type::
+  `object`
 
-| `sendResolved`
-| `boolean`
-| Whether or not to notify about resolved alerts.
+Required::
+  - `key`
 
-| `shortFields`
-| `boolean`
-| 
 
-| `text`
-| `string`
-| 
 
-| `thumbURL`
-| `string`
-| 
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
 
-| `title`
+| `key`
 | `string`
-| 
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `titleLink`
+| `name`
 | `string`
-| 
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `username`
-| `string`
-| 
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].actions
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
-A list of Slack actions that are sent with each notification.
+Client certificate to present when doing client-authentication.
 --
 
 Type::
-  `array`
+  `object`
 
 
 
 
-=== .spec.receivers[].slackConfigs[].actions[]
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
-SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.
+ConfigMap containing data to use for the targets.
 --
 
 Type::
   `object`
 
 Required::
-  - `text`
-  - `type`
+  - `key`
 
 
 
@@ -3501,47 +5691,31 @@ Required::
 |===
 | Property | Type | Description
 
-| `confirm`
-| `object`
-| SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.
-
-| `name`
-| `string`
-| 
-
-| `style`
-| `string`
-| 
-
-| `text`
-| `string`
-| 
-
-| `type`
-| `string`
-| 
-
-| `url`
+| `key`
 | `string`
-| 
+| The key to select.
 
-| `value`
+| `name`
 | `string`
-| 
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].actions[].confirm
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
-SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.
+Secret containing data to use for the targets.
 --
 
 Type::
   `object`
 
 Required::
-  - `text`
+  - `key`
 
 
 
@@ -3549,28 +5723,24 @@ Required::
 |===
 | Property | Type | Description
 
-| `dismissText`
-| `string`
-| 
-
-| `okText`
+| `key`
 | `string`
-| 
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `text`
+| `name`
 | `string`
-| 
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `title`
-| `string`
-| 
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].apiURL
+=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
-The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+Secret containing the client key file for the targets.
 --
 
 Type::
@@ -3578,7 +5748,6 @@ Type::
 
 Required::
   - `key`
-  - `name`
 
 
 
@@ -3592,14 +5761,18 @@ Required::
 
 | `name`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].fields
+=== .spec.receivers[].snsConfigs
 Description::
 +
 --
-A list of Slack fields that are sent with each notification.
+List of SNS configurations
 --
 
 Type::
@@ -3608,19 +5781,16 @@ Type::
 
 
 
-=== .spec.receivers[].slackConfigs[].fields[]
+=== .spec.receivers[].snsConfigs[]
 Description::
 +
 --
-SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.
+SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs
 --
 
 Type::
   `object`
 
-Required::
-  - `title`
-  - `value`
 
 
 
@@ -3628,20 +5798,48 @@ Required::
 |===
 | Property | Type | Description
 
-| `short`
+| `apiURL`
+| `string`
+| The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.
+
+| `attributes`
+| `object (string)`
+| SNS message attributes.
+
+| `httpConfig`
+| `object`
+| HTTP client configuration.
+
+| `message`
+| `string`
+| The message content of the SNS notification.
+
+| `phoneNumber`
+| `string`
+| Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN.
+
+| `sendResolved`
 | `boolean`
-| 
+| Whether or not to notify about resolved alerts.
 
-| `title`
+| `sigv4`
+| `object`
+| Configures AWS's Signature Verification 4 signing process to sign requests.
+
+| `subject`
 | `string`
-| 
+| Subject line when the message is delivered to email endpoints.
 
-| `value`
+| `targetARN`
 | `string`
-| 
+| The  mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.
+
+| `topicARN`
+| `string`
+| SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig
+=== .spec.receivers[].snsConfigs[].httpConfig
 Description::
 +
 --
@@ -3687,7 +5885,7 @@ Type::
 | TLS configuration for the client.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.authorization
+=== .spec.receivers[].snsConfigs[].httpConfig.authorization
 Description::
 +
 --
@@ -3706,18 +5904,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].snsConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -3745,7 +5945,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].snsConfigs[].httpConfig.basicAuth
 Description::
 +
 --
@@ -3764,18 +5964,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].snsConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -3803,11 +6003,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].snsConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -3835,7 +6035,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].snsConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
@@ -3864,7 +6064,7 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.oauth2
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2
 Description::
 +
 --
@@ -3887,30 +6087,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -3932,7 +6132,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -3964,7 +6164,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -3996,11 +6196,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -4028,7 +6228,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
@@ -4066,7 +6266,7 @@ Type::
 | Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
@@ -4092,7 +6292,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
@@ -4124,7 +6324,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca.secret
 Description::
 +
 --
@@ -4156,7 +6356,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
@@ -4182,7 +6382,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
@@ -4214,7 +6414,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
@@ -4246,7 +6446,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].slackConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
@@ -4278,11 +6478,113 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs
+=== .spec.receivers[].snsConfigs[].sigv4
 Description::
 +
 --
-List of SNS configurations
+Configures AWS's Signature Verification 4 signing process to sign requests.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessKey`
+| `object`
+| AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
+
+| `profile`
+| `string`
+| Profile is the named AWS profile used to authenticate.
+
+| `region`
+| `string`
+| Region is the AWS region. If blank, the region from the default credentials chain used.
+
+| `roleArn`
+| `string`
+| RoleArn is the named AWS profile used to authenticate.
+
+| `secretKey`
+| `object`
+| SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+
+|===
+=== .spec.receivers[].snsConfigs[].sigv4.accessKey
+Description::
++
+--
+AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].snsConfigs[].sigv4.secretKey
+Description::
++
+--
+SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.receivers[].telegramConfigs
+Description::
++
+--
+List of Telegram configurations.
 --
 
 Type::
@@ -4291,11 +6593,11 @@ Type::
 
 
 
-=== .spec.receivers[].snsConfigs[]
+=== .spec.receivers[].telegramConfigs[]
 Description::
 +
 --
-SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs
+TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config
 --
 
 Type::
@@ -4310,11 +6612,25 @@ Type::
 
 | `apiURL`
 | `string`
-| The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.
+| The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.
 
-| `attributes`
-| `object (string)`
-| SNS message attributes.
+| `botToken`
+| `object`
+| Telegram bot token. It is mutually exclusive with `botTokenFile`. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. 
+ Either `botToken` or `botTokenFile` is required.
+
+| `botTokenFile`
+| `string`
+| File to read the Telegram bot token from. It is mutually exclusive with `botToken`. Either `botToken` or `botTokenFile` is required. 
+ It requires Alertmanager >= v0.26.0.
+
+| `chatID`
+| `integer`
+| The Telegram chat ID.
+
+| `disableNotifications`
+| `boolean`
+| Disable telegram notifications
 
 | `httpConfig`
 | `object`
@@ -4322,34 +6638,48 @@ Type::
 
 | `message`
 | `string`
-| The message content of the SNS notification.
+| Message template
 
-| `phoneNumber`
+| `parseMode`
 | `string`
-| Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN.
+| Parse mode for telegram message
 
 | `sendResolved`
 | `boolean`
-| Whether or not to notify about resolved alerts.
+| Whether to notify about resolved alerts.
 
-| `sigv4`
-| `object`
-| Configures AWS's Signature Verification 4 signing process to sign requests.
+|===
+=== .spec.receivers[].telegramConfigs[].botToken
+Description::
++
+--
+Telegram bot token. It is mutually exclusive with `botTokenFile`. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. 
+ Either `botToken` or `botTokenFile` is required.
+--
 
-| `subject`
-| `string`
-| Subject line when the message is delivered to email endpoints.
+Type::
+  `object`
 
-| `targetARN`
+Required::
+  - `key`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
 | `string`
-| The  mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `topicARN`
+| `name`
 | `string`
-| SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.
+| The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig
+=== .spec.receivers[].telegramConfigs[].httpConfig
 Description::
 +
 --
@@ -4395,7 +6725,7 @@ Type::
 | TLS configuration for the client.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.authorization
+=== .spec.receivers[].telegramConfigs[].httpConfig.authorization
 Description::
 +
 --
@@ -4414,18 +6744,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].telegramConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -4453,7 +6785,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].telegramConfigs[].httpConfig.basicAuth
 Description::
 +
 --
@@ -4472,18 +6804,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].telegramConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -4511,11 +6843,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].telegramConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -4543,7 +6875,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].telegramConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
@@ -4572,7 +6904,7 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.oauth2
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2
 Description::
 +
 --
@@ -4595,30 +6927,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -4640,7 +6972,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -4672,7 +7004,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -4704,11 +7036,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -4736,7 +7068,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
@@ -4774,7 +7106,7 @@ Type::
 | Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
@@ -4800,7 +7132,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
@@ -4832,7 +7164,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca.secret
 Description::
 +
 --
@@ -4864,7 +7196,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
@@ -4890,7 +7222,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
@@ -4922,7 +7254,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
@@ -4954,7 +7286,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
@@ -4986,56 +7318,29 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].snsConfigs[].sigv4
+=== .spec.receivers[].victoropsConfigs
 Description::
 +
 --
-Configures AWS's Signature Verification 4 signing process to sign requests.
+List of VictorOps configurations.
 --
 
 Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `accessKey`
-| `object`
-| AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used.
-
-| `profile`
-| `string`
-| Profile is the named AWS profile used to authenticate.
+  `array`
 
-| `region`
-| `string`
-| Region is the AWS region. If blank, the region from the default credentials chain used.
 
-| `roleArn`
-| `string`
-| RoleArn is the named AWS profile used to authenticate.
 
-| `secretKey`
-| `object`
-| SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
 
-|===
-=== .spec.receivers[].snsConfigs[].sigv4.accessKey
+=== .spec.receivers[].victoropsConfigs[]
 Description::
 +
 --
-AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used.
+VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
 --
 
 Type::
   `object`
 
-Required::
-  - `key`
 
 
 
@@ -5043,24 +7348,56 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
+| `apiKey`
+| `object`
+| The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+
+| `apiUrl`
 | `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| The VictorOps API URL.
 
-| `name`
+| `customFields`
+| `array`
+| Additional custom fields for notification.
+
+| `customFields[]`
+| `object`
+| KeyValue defines a (key, value) tuple.
+
+| `entityDisplayName`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+| Contains summary of the alerted problem.
 
-| `optional`
+| `httpConfig`
+| `object`
+| The HTTP client's configuration.
+
+| `messageType`
+| `string`
+| Describes the behavior of the alert (CRITICAL, WARNING, INFO).
+
+| `monitoringTool`
+| `string`
+| The monitoring tool the state message is from.
+
+| `routingKey`
+| `string`
+| A key used to map the alert to a team.
+
+| `sendResolved`
 | `boolean`
-| Specify whether the Secret or its key must be defined
+| Whether or not to notify about resolved alerts.
+
+| `stateMessage`
+| `string`
+| Contains long explanation of the alerted problem.
 
 |===
-=== .spec.receivers[].snsConfigs[].sigv4.secretKey
+=== .spec.receivers[].victoropsConfigs[].apiKey
 Description::
 +
 --
-SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
 --
 
 Type::
@@ -5068,6 +7405,7 @@ Type::
 
 Required::
   - `key`
+  - `name`
 
 
 
@@ -5081,18 +7419,14 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
+| The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].telegramConfigs
+=== .spec.receivers[].victoropsConfigs[].customFields
 Description::
 +
 --
-List of Telegram configurations.
+Additional custom fields for notification.
 --
 
 Type::
@@ -5101,61 +7435,11 @@ Type::
 
 
 
-=== .spec.receivers[].telegramConfigs[]
-Description::
-+
---
-TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `apiURL`
-| `string`
-| The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.
-
-| `botToken`
-| `object`
-| Telegram bot token The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
-
-| `chatID`
-| `integer`
-| The Telegram chat ID.
-
-| `disableNotifications`
-| `boolean`
-| Disable telegram notifications
-
-| `httpConfig`
-| `object`
-| HTTP client configuration.
-
-| `message`
-| `string`
-| Message template
-
-| `parseMode`
-| `string`
-| Parse mode for telegram message
-
-| `sendResolved`
-| `boolean`
-| Whether to notify about resolved alerts.
-
-|===
-=== .spec.receivers[].telegramConfigs[].botToken
+=== .spec.receivers[].victoropsConfigs[].customFields[]
 Description::
 +
 --
-Telegram bot token The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
+KeyValue defines a (key, value) tuple.
 --
 
 Type::
@@ -5163,7 +7447,7 @@ Type::
 
 Required::
   - `key`
-  - `name`
+  - `value`
 
 
 
@@ -5173,18 +7457,18 @@ Required::
 
 | `key`
 | `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| Key of the tuple.
 
-| `name`
+| `value`
 | `string`
-| The name of the secret in the object's namespace to select from.
+| Value of the tuple.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig
+=== .spec.receivers[].victoropsConfigs[].httpConfig
 Description::
 +
 --
-HTTP client configuration.
+The HTTP client's configuration.
 --
 
 Type::
@@ -5226,7 +7510,7 @@ Type::
 | TLS configuration for the client.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.authorization
+=== .spec.receivers[].victoropsConfigs[].httpConfig.authorization
 Description::
 +
 --
@@ -5245,18 +7529,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].victoropsConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -5284,7 +7570,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth
 Description::
 +
 --
@@ -5303,18 +7589,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -5342,11 +7628,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -5374,7 +7660,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].victoropsConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
@@ -5403,7 +7689,7 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2
 Description::
 +
 --
@@ -5426,30 +7712,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -5471,7 +7757,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -5503,7 +7789,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -5535,11 +7821,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -5567,7 +7853,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
@@ -5605,7 +7891,7 @@ Type::
 | Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
@@ -5631,7 +7917,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
@@ -5663,7 +7949,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca.secret
 Description::
 +
 --
@@ -5695,7 +7981,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
@@ -5721,7 +8007,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
@@ -5753,7 +8039,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
@@ -5785,7 +8071,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].telegramConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
@@ -5817,11 +8103,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs
+=== .spec.receivers[].webexConfigs
 Description::
 +
 --
-List of VictorOps configurations.
+List of Webex configurations.
 --
 
 Type::
@@ -5830,16 +8116,18 @@ Type::
 
 
 
-=== .spec.receivers[].victoropsConfigs[]
+=== .spec.receivers[].webexConfigs[]
 Description::
 +
 --
-VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
+WebexConfig configures notification via Cisco Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config
 --
 
 Type::
   `object`
 
+Required::
+  - `roomID`
 
 
 
@@ -5847,127 +8135,32 @@ Type::
 |===
 | Property | Type | Description
 
-| `apiKey`
-| `object`
-| The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
-
-| `apiUrl`
-| `string`
-| The VictorOps API URL.
-
-| `customFields`
-| `array`
-| Additional custom fields for notification.
-
-| `customFields[]`
-| `object`
-| KeyValue defines a (key, value) tuple.
-
-| `entityDisplayName`
+| `apiURL`
 | `string`
-| Contains summary of the alerted problem.
+| The Webex Teams API URL i.e. https://webexapis.com/v1/messages
 
 | `httpConfig`
 | `object`
-| The HTTP client's configuration.
-
-| `messageType`
-| `string`
-| Describes the behavior of the alert (CRITICAL, WARNING, INFO).
+| The HTTP client's configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header.
 
-| `monitoringTool`
+| `message`
 | `string`
-| The monitoring tool the state message is from.
+| Message template
 
-| `routingKey`
+| `roomID`
 | `string`
-| A key used to map the alert to a team.
+| ID of the Webex Teams room where to send the messages.
 
 | `sendResolved`
 | `boolean`
-| Whether or not to notify about resolved alerts.
-
-| `stateMessage`
-| `string`
-| Contains long explanation of the alerted problem.
-
-|===
-=== .spec.receivers[].victoropsConfigs[].apiKey
-Description::
-+
---
-The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
---
-
-Type::
-  `object`
-
-Required::
-  - `key`
-  - `name`
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
-
-| `name`
-| `string`
-| The name of the secret in the object's namespace to select from.
-
-|===
-=== .spec.receivers[].victoropsConfigs[].customFields
-Description::
-+
---
-Additional custom fields for notification.
---
-
-Type::
-  `array`
-
-
-
-
-=== .spec.receivers[].victoropsConfigs[].customFields[]
-Description::
-+
---
-KeyValue defines a (key, value) tuple.
---
-
-Type::
-  `object`
-
-Required::
-  - `key`
-  - `value`
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `key`
-| `string`
-| Key of the tuple.
-
-| `value`
-| `string`
-| Value of the tuple.
+| Whether to notify about resolved alerts.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig
+=== .spec.receivers[].webexConfigs[].httpConfig
 Description::
 +
 --
-The HTTP client's configuration.
+The HTTP client's configuration. You must use this configuration to supply the bot token as part of the HTTP `Authorization` header.
 --
 
 Type::
@@ -6009,7 +8202,7 @@ Type::
 | TLS configuration for the client.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.authorization
+=== .spec.receivers[].webexConfigs[].httpConfig.authorization
 Description::
 +
 --
@@ -6028,18 +8221,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.authorization.credentials
+=== .spec.receivers[].webexConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -6067,7 +8262,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth
+=== .spec.receivers[].webexConfigs[].httpConfig.basicAuth
 Description::
 +
 --
@@ -6086,18 +8281,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth.password
+=== .spec.receivers[].webexConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -6125,11 +8320,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.basicAuth.username
+=== .spec.receivers[].webexConfigs[].httpConfig.basicAuth.username
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -6157,7 +8352,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.bearerTokenSecret
+=== .spec.receivers[].webexConfigs[].httpConfig.bearerTokenSecret
 Description::
 +
 --
@@ -6186,7 +8381,7 @@ Required::
 | The name of the secret in the object's namespace to select from.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2
 Description::
 +
 --
@@ -6209,30 +8404,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -6254,7 +8449,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId.configMap
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.clientId.configMap
 Description::
 +
 --
@@ -6286,7 +8481,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientId.secret
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.clientId.secret
 Description::
 +
 --
@@ -6318,11 +8513,11 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.oauth2.clientSecret
+=== .spec.receivers[].webexConfigs[].httpConfig.oauth2.clientSecret
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -6350,7 +8545,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig
 Description::
 +
 --
@@ -6388,7 +8583,7 @@ Type::
 | Used to verify the hostname for the targets.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.ca
 Description::
 +
 --
@@ -6414,7 +8609,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca.configMap
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.ca.configMap
 Description::
 +
 --
@@ -6446,7 +8641,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.ca.secret
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.ca.secret
 Description::
 +
 --
@@ -6478,7 +8673,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.cert
 Description::
 +
 --
@@ -6504,7 +8699,7 @@ Type::
 | Secret containing data to use for the targets.
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert.configMap
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.cert.configMap
 Description::
 +
 --
@@ -6536,7 +8731,7 @@ Required::
 | Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.cert.secret
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.cert.secret
 Description::
 +
 --
@@ -6568,7 +8763,7 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.receivers[].victoropsConfigs[].httpConfig.tlsConfig.keySecret
+=== .spec.receivers[].webexConfigs[].httpConfig.tlsConfig.keySecret
 Description::
 +
 --
@@ -6716,18 +8911,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.receivers[].webhookConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -6774,18 +8971,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.receivers[].webhookConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -6817,7 +9014,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -6897,30 +9094,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.receivers[].webhookConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -7010,7 +9207,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -7486,18 +9683,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.receivers[].wechatConfigs[].httpConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -7544,18 +9743,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.receivers[].wechatConfigs[].httpConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -7587,7 +9786,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -7667,30 +9866,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.receivers[].wechatConfigs[].httpConfig.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -7780,7 +9979,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -8366,49 +10565,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1beta1/alertmanagerconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -8430,23 +10586,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1beta1/namespaces/{namespace}/alertmanagerconfigs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -8455,46 +10595,6 @@ Description::
   delete collection of AlertmanagerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -8514,46 +10614,6 @@ Description::
   list objects of kind AlertmanagerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -8580,12 +10640,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -8621,19 +10678,8 @@ Description::
 | `name`
 | `string`
 | name of the AlertmanagerConfig
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -8649,25 +10695,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -8688,16 +10717,6 @@ Description::
   read the specified AlertmanagerConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -8724,22 +10743,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -8765,12 +10773,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc b/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc
new file mode 100644
index 000000000000..6535cde8e2ca
--- /dev/null
+++ b/rest_api/monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc
@@ -0,0 +1,591 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="alertrelabelconfig-monitoring-openshift-io-v1"]
+= AlertRelabelConfig [monitoring.openshift.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+AlertRelabelConfig defines a set of relabel configs for alerts. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec describes the desired state of this AlertRelabelConfig object.
+
+| `status`
+| `object`
+| status describes the current state of this AlertRelabelConfig object.
+
+|===
+=== .spec
+Description::
++
+--
+spec describes the desired state of this AlertRelabelConfig object.
+--
+
+Type::
+  `object`
+
+Required::
+  - `configs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configs`
+| `array`
+| configs is a list of sequentially evaluated alert relabel configs.
+
+| `configs[]`
+| `object`
+| RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+
+|===
+=== .spec.configs
+Description::
++
+--
+configs is a list of sequentially evaluated alert relabel configs.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.configs[]
+Description::
++
+--
+RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `string`
+| action to perform based on regex matching. Must be one of: 'Replace', 'Keep', 'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'
+
+| `modulus`
+| `integer`
+| modulus to take of the hash of the source label values.  This can be combined with the 'HashMod' action to set 'target_label' to the 'modulus' of a hash of the concatenated 'source_labels'. This is only valid if sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.
+
+| `regex`
+| `string`
+| regex against which the extracted value is matched. Default is: '(.*)' regex is required for all actions except 'HashMod'
+
+| `replacement`
+| `string`
+| replacement value against which a regex replace is performed if the regular expression matches. This is required if the action is 'Replace' or 'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available. Default is: '$1'
+
+| `separator`
+| `string`
+| separator placed between concatenated source label values. When omitted, Prometheus will use its default value of ';'.
+
+| `sourceLabels`
+| `array (string)`
+| sourceLabels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the 'Replace', 'Keep', and 'Drop' actions. Not allowed for actions 'LabelKeep' and 'LabelDrop'.
+
+| `targetLabel`
+| `string`
+| targetLabel to which the resulting value is written in a 'Replace' action. It is required for 'Replace' and 'HashMod' actions and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available.
+
+|===
+=== .status
+Description::
++
+--
+status describes the current state of this AlertRelabelConfig object.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| conditions contains details on the state of the AlertRelabelConfig, may be empty.
+
+| `conditions[]`
+| `object`
+| Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
+ type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
+ // other fields }
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions contains details on the state of the AlertRelabelConfig, may be empty.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, 
+ type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` 
+ // other fields }
+--
+
+Type::
+  `object`
+
+Required::
+  - `lastTransitionTime`
+  - `message`
+  - `reason`
+  - `status`
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+
+| `message`
+| `string`
+| message is a human readable message indicating details about the transition. This may be an empty string.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+
+| `reason`
+| `string`
+| reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+
+| `status`
+| `string`
+| status of the condition, one of True, False, Unknown.
+
+| `type`
+| `string`
+| type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/monitoring.openshift.io/v1/alertrelabelconfigs`
+- `GET`: list objects of kind AlertRelabelConfig
+* `/apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertrelabelconfigs`
+- `DELETE`: delete collection of AlertRelabelConfig
+- `GET`: list objects of kind AlertRelabelConfig
+- `POST`: create an AlertRelabelConfig
+* `/apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertrelabelconfigs/{name}`
+- `DELETE`: delete an AlertRelabelConfig
+- `GET`: read the specified AlertRelabelConfig
+- `PATCH`: partially update the specified AlertRelabelConfig
+- `PUT`: replace the specified AlertRelabelConfig
+* `/apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertrelabelconfigs/{name}/status`
+- `GET`: read status of the specified AlertRelabelConfig
+- `PATCH`: partially update status of the specified AlertRelabelConfig
+- `PUT`: replace status of the specified AlertRelabelConfig
+
+
+=== /apis/monitoring.openshift.io/v1/alertrelabelconfigs
+
+
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind AlertRelabelConfig
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.monitoring.v1.AlertRelabelConfigList[`AlertRelabelConfigList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertrelabelconfigs
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of AlertRelabelConfig
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind AlertRelabelConfig
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.monitoring.v1.AlertRelabelConfigList[`AlertRelabelConfigList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an AlertRelabelConfig
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 201 - Created
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 202 - Accepted
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertrelabelconfigs/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the AlertRelabelConfig
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an AlertRelabelConfig
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified AlertRelabelConfig
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified AlertRelabelConfig
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified AlertRelabelConfig
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 201 - Created
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/monitoring.openshift.io/v1/namespaces/{namespace}/alertrelabelconfigs/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the AlertRelabelConfig
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified AlertRelabelConfig
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified AlertRelabelConfig
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified AlertRelabelConfig
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 201 - Created
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`AlertRelabelConfig`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/monitoring_apis/monitoring-apis-index.adoc b/rest_api/monitoring_apis/monitoring-apis-index.adoc
index a77a67a36a39..c4f292d80d6b 100644
--- a/rest_api/monitoring_apis/monitoring-apis-index.adoc
+++ b/rest_api/monitoring_apis/monitoring-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="monitoring-apis"]
 = Monitoring APIs
 :toc: macro
@@ -23,7 +23,34 @@ Type::
 Description::
 +
 --
-AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.
+AlertmanagerConfig configures the Prometheus Alertmanager, specifying how alerts should be grouped, inhibited and notified to external systems.
+--
+
+Type::
+  `object`
+
+== AlertRelabelConfig [monitoring.openshift.io/v1]
+
+Description::
++
+--
+AlertRelabelConfig defines a set of relabel configs for alerts. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
+== AlertingRule [monitoring.openshift.io/v1]
+
+Description::
++
+--
+AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules.  This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace.  You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage. 
+ The API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator.  The primary difference being that recording rules are not allowed here -- only alerting rules.  For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace.  OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly. 
+ You can find upstream API documentation for PrometheusRule resources here: 
+ https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
diff --git a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc
index 01751618ff44..81fd90d22d5a 100644
--- a/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/podmonitor-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="podmonitor-monitoring-coreos-com-v1"]
 = PodMonitor [monitoring.coreos.com/v1]
 :toc: macro
@@ -55,7 +55,6 @@ Type::
   `object`
 
 Required::
-  - `podMetricsEndpoints`
   - `selector`
 
 
@@ -66,58 +65,70 @@ Required::
 
 | `attachMetadata`
 | `object`
-| Attaches node metadata to discovered targets. Requires Prometheus v2.35.0 and above.
+| `attachMetadata` defines additional metadata which is added to the discovered targets. 
+ It requires Prometheus >= v2.37.0.
 
 | `jobLabel`
 | `string`
-| The label to use to retrieve the job name from.
+| The label to use to retrieve the job name from. `jobLabel` selects the label from the associated Kubernetes `Pod` object which will be used as the `job` label for all metrics. 
+ For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. 
+ If the value of this field is empty, the `job` label of the metrics defaults to the namespace and name of the PodMonitor object (e.g. `<namespace>/<name>`).
+
+| `keepDroppedTargets`
+| `integer`
+| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. 
+ It requires Prometheus >= v2.47.0.
 
 | `labelLimit`
 | `integer`
-| Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+| Per-scrape limit on number of labels that will be accepted for a sample. 
+ It requires Prometheus >= v2.27.0.
 
 | `labelNameLengthLimit`
 | `integer`
-| Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+| Per-scrape limit on length of labels name that will be accepted for a sample. 
+ It requires Prometheus >= v2.27.0.
 
 | `labelValueLengthLimit`
 | `integer`
-| Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+| Per-scrape limit on length of labels value that will be accepted for a sample. 
+ It requires Prometheus >= v2.27.0.
 
 | `namespaceSelector`
 | `object`
-| Selector to select which namespaces the Endpoints objects are discovered from.
+| Selector to select which namespaces the Kubernetes `Pods` objects are discovered from.
 
 | `podMetricsEndpoints`
 | `array`
-| A list of endpoints allowed as part of this PodMonitor.
+| List of endpoints part of this PodMonitor.
 
 | `podMetricsEndpoints[]`
 | `object`
-| PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.
+| PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
 
 | `podTargetLabels`
 | `array (string)`
-| PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
+| `podTargetLabels` defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics.
 
 | `sampleLimit`
 | `integer`
-| SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+| `sampleLimit` defines a per-scrape limit on the number of scraped samples that will be accepted.
 
 | `selector`
 | `object`
-| Selector to select Pod objects.
+| Label selector to select the Kubernetes `Pod` objects.
 
 | `targetLimit`
 | `integer`
-| TargetLimit defines a limit on the number of scraped targets that will be accepted.
+| `targetLimit` defines a limit on the number of scraped targets that will be accepted.
 
 |===
 === .spec.attachMetadata
 Description::
 +
 --
-Attaches node metadata to discovered targets. Requires Prometheus v2.35.0 and above.
+`attachMetadata` defines additional metadata which is added to the discovered targets. 
+ It requires Prometheus >= v2.37.0.
 --
 
 Type::
@@ -132,14 +143,14 @@ Type::
 
 | `node`
 | `boolean`
-| When set to true, Prometheus must have permissions to get Nodes.
+| When set to true, Prometheus must have the `get` permission on the `Nodes` objects.
 
 |===
 === .spec.namespaceSelector
 Description::
 +
 --
-Selector to select which namespaces the Endpoints objects are discovered from.
+Selector to select which namespaces the Kubernetes `Pods` objects are discovered from.
 --
 
 Type::
@@ -165,7 +176,7 @@ Type::
 Description::
 +
 --
-A list of endpoints allowed as part of this PodMonitor.
+List of endpoints part of this PodMonitor.
 --
 
 Type::
@@ -178,7 +189,7 @@ Type::
 Description::
 +
 --
-PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.
+PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
 --
 
 Type::
@@ -193,55 +204,64 @@ Type::
 
 | `authorization`
 | `object`
-| Authorization section for this endpoint
+| `authorization` configures the Authorization header credentials to use when scraping the target. 
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 
 | `basicAuth`
 | `object`
-| BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint
+| `basicAuth` configures the Basic Authentication credentials to use when scraping the target. 
+ Cannot be set at the same time as `authorization`, or `oauth2`.
 
 | `bearerTokenSecret`
 | `object`
-| Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator.
+| `bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. 
+ Deprecated: use `authorization` instead.
 
 | `enableHttp2`
 | `boolean`
-| Whether to enable HTTP2.
+| `enableHttp2` can be used to disable HTTP2 when scraping the target.
 
 | `filterRunning`
 | `boolean`
-| Drop pods that are not running. (Failed, Succeeded). Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
+| When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. 
+ If unset, the filtering is enabled. 
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
 
 | `followRedirects`
 | `boolean`
-| FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
+| `followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects.
 
 | `honorLabels`
 | `boolean`
-| HonorLabels chooses the metric's labels on collisions with target labels.
+| When true, `honorLabels` preserves the metric's labels when they collide with the target's labels.
 
 | `honorTimestamps`
 | `boolean`
-| HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
+| `honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by the target.
 
 | `interval`
 | `string`
-| Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used.
+| Interval at which Prometheus scrapes the metrics from the target. 
+ If empty, Prometheus uses the global scrape interval.
 
 | `metricRelabelings`
 | `array`
-| MetricRelabelConfigs to apply to samples before ingestion.
+| `metricRelabelings` configures the relabeling rules to apply to the samples before ingestion.
 
 | `metricRelabelings[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `oauth2`
 | `object`
-| OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+| `oauth2` configures the OAuth2 settings to use when scraping the target. 
+ It requires Prometheus >= 2.27.0. 
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
 
 | `params`
 | `object`
-| Optional HTTP URL parameters
+| `params` define optional HTTP URL parameters.
 
 | `params{}`
 | `array (string)`
@@ -249,46 +269,62 @@ Type::
 
 | `path`
 | `string`
-| HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`).
+| HTTP path from which to scrape for metrics. 
+ If empty, Prometheus uses the default value (e.g. `/metrics`).
 
 | `port`
 | `string`
-| Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.
+| Name of the Pod port which this endpoint refers to. 
+ It takes precedence over `targetPort`.
 
 | `proxyUrl`
 | `string`
-| ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+| `proxyURL` configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through when scraping the target.
 
 | `relabelings`
 | `array`
-| RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+| `relabelings` configures the relabeling rules to apply the target's metadata labels. 
+ The Operator automatically adds relabelings for a few standard Kubernetes fields. 
+ The original scrape job's name is available via the `__tmp_prometheus_job_name` label. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `relabelings[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `scheme`
 | `string`
-| HTTP scheme to use for scraping.
+| HTTP scheme to use for scraping. 
+ `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. 
+ If empty, Prometheus uses the default value `http`.
 
 | `scrapeTimeout`
 | `string`
-| Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used.
+| Timeout after which Prometheus considers the scrape to be failed. 
+ If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
 
 | `targetPort`
 | `integer-or-string`
-| Deprecated: Use 'port' instead.
+| Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. 
+ Deprecated: use 'port' instead.
 
 | `tlsConfig`
 | `object`
-| TLS configuration to use when scraping the endpoint.
+| TLS configuration to use when scraping the target.
+
+| `trackTimestampsStaleness`
+| `boolean`
+| `trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. 
+ It requires Prometheus >= v2.48.0.
 
 |===
 === .spec.podMetricsEndpoints[].authorization
 Description::
 +
 --
-Authorization section for this endpoint
+`authorization` configures the Authorization header credentials to use when scraping the target. 
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 --
 
 Type::
@@ -303,18 +339,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.podMetricsEndpoints[].authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -346,7 +384,8 @@ Required::
 Description::
 +
 --
-BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint
+`basicAuth` configures the Basic Authentication credentials to use when scraping the target. 
+ Cannot be set at the same time as `authorization`, or `oauth2`.
 --
 
 Type::
@@ -361,18 +400,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.podMetricsEndpoints[].basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -404,7 +443,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -436,7 +475,8 @@ Required::
 Description::
 +
 --
-Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator.
+`bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the PodMonitor object and readable by the Prometheus Operator. 
+ Deprecated: use `authorization` instead.
 --
 
 Type::
@@ -468,7 +508,7 @@ Required::
 Description::
 +
 --
-MetricRelabelConfigs to apply to samples before ingestion.
+`metricRelabelings` configures the relabeling rules to apply to the samples before ingestion.
 --
 
 Type::
@@ -481,7 +521,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -496,38 +537,46 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.podMetricsEndpoints[].oauth2
 Description::
 +
 --
-OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+`oauth2` configures the OAuth2 settings to use when scraping the target. 
+ It requires Prometheus >= 2.27.0. 
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
 --
 
 Type::
@@ -546,30 +595,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.podMetricsEndpoints[].oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -659,7 +708,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -691,7 +740,7 @@ Required::
 Description::
 +
 --
-Optional HTTP URL parameters
+`params` define optional HTTP URL parameters.
 --
 
 Type::
@@ -704,7 +753,10 @@ Type::
 Description::
 +
 --
-RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+`relabelings` configures the relabeling rules to apply the target's metadata labels. 
+ The Operator automatically adds relabelings for a few standard Kubernetes fields. 
+ The original scrape job's name is available via the `__tmp_prometheus_job_name` label. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -717,7 +769,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -732,38 +785,44 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.podMetricsEndpoints[].tlsConfig
 Description::
 +
 --
-TLS configuration to use when scraping the endpoint.
+TLS configuration to use when scraping the target.
 --
 
 Type::
@@ -1013,7 +1072,7 @@ Required::
 Description::
 +
 --
-Selector to select Pod objects.
+Label selector to select the Kubernetes `Pod` objects.
 --
 
 Type::
@@ -1106,49 +1165,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1/podmonitors
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1170,23 +1186,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/podmonitors
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1195,46 +1195,6 @@ Description::
   delete collection of PodMonitor
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1254,46 +1214,6 @@ Description::
   list objects of kind PodMonitor
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1320,12 +1240,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1361,19 +1278,8 @@ Description::
 | `name`
 | `string`
 | name of the PodMonitor
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1389,25 +1295,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1428,16 +1317,6 @@ Description::
   read the specified PodMonitor
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1464,22 +1343,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1505,12 +1373,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc
index 45bbeb98726f..44b77f972b02 100644
--- a/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/probe-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="probe-monitoring-coreos-com-v1"]
 = Probe [monitoring.coreos.com/v1]
 :toc: macro
@@ -81,6 +81,11 @@ Type::
 | `string`
 | The job name assigned to scraped metrics by default.
 
+| `keepDroppedTargets`
+| `integer`
+| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. 
+ It requires Prometheus >= v2.47.0.
+
 | `labelLimit`
 | `integer`
 | Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
@@ -99,7 +104,8 @@ Type::
 
 | `metricRelabelings[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `module`
 | `string`
@@ -119,7 +125,7 @@ Type::
 
 | `scrapeTimeout`
 | `string`
-| Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape interval is used.
+| Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used.
 
 | `targetLimit`
 | `integer`
@@ -153,18 +159,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -211,18 +219,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -254,7 +262,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -331,7 +339,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -346,31 +355,37 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.oauth2
@@ -396,30 +411,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -509,7 +524,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -566,7 +581,7 @@ Required::
 
 | `scheme`
 | `string`
-| HTTP scheme to use for scraping. Defaults to `http`.
+| HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`.
 
 | `url`
 | `string`
@@ -626,7 +641,8 @@ Type::
 
 | `relabelingConfigs[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `selector`
 | `object`
@@ -676,7 +692,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -691,31 +708,37 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.targets.ingress.selector
@@ -821,7 +844,8 @@ Type::
 
 | `relabelingConfigs[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `static`
 | `array (string)`
@@ -845,7 +869,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -860,31 +885,37 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.tlsConfig
@@ -1158,49 +1189,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1/probes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1222,23 +1210,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/probes
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1247,46 +1219,6 @@ Description::
   delete collection of Probe
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1306,46 +1238,6 @@ Description::
   list objects of kind Probe
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1372,12 +1264,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1413,19 +1302,8 @@ Description::
 | `name`
 | `string`
 | name of the Probe
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1441,25 +1319,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1480,16 +1341,6 @@ Description::
   read the specified Probe
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1516,22 +1367,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1557,12 +1397,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc
index d1be1868aeb8..30a66704fd2d 100644
--- a/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/prometheus-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="prometheus-monitoring-coreos-com-v1"]
 = Prometheus [monitoring.coreos.com/v1]
 :toc: macro
@@ -67,15 +67,23 @@ Type::
 
 | `additionalAlertManagerConfigs`
 | `object`
-| AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
+| AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: 
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config 
+ The user is responsible for making sure that the configurations are valid 
+ Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
 
 | `additionalAlertRelabelConfigs`
 | `object`
-| AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.
+| AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: 
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs 
+ The user is responsible for making sure that the configurations are valid 
+ Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.
 
 | `additionalArgs`
 | `array`
-| AdditionalArgs allows setting additional arguments for the Prometheus container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.
+| AdditionalArgs allows setting additional arguments for the 'prometheus' container. 
+ It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. 
+ In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.
 
 | `additionalArgs[]`
 | `object`
@@ -87,27 +95,32 @@ Type::
 
 | `affinity`
 | `object`
-| If specified, the pod's scheduling constraints.
+| Defines the Pods' affinity scheduling rules if specified.
 
 | `alerting`
 | `object`
-| Define details regarding alerting.
+| Defines the settings related to Alertmanager.
 
 | `allowOverlappingBlocks`
 | `boolean`
-| AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release.
+| AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. 
+ *Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.*
 
 | `apiserverConfig`
 | `object`
-| APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
+| APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
 
 | `arbitraryFSAccessThroughSMs`
 | `object`
-| ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files.
+| When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g.  '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field.
 
 | `baseImage`
 | `string`
-| Base image to use for a Prometheus deployment. Deprecated: use 'image' instead
+| *Deprecated: use 'spec.image' instead.*
+
+| `bodySizeLimit`
+| `string`
+| BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer.
 
 | `configMaps`
 | `array (string)`
@@ -115,7 +128,9 @@ Type::
 
 | `containers`
 | `array`
-| Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+| Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. 
+ The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` 
+ Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
 
 | `containers[]`
 | `object`
@@ -123,57 +138,76 @@ Type::
 
 | `disableCompaction`
 | `boolean`
-| Disable prometheus compaction.
+| When true, the Prometheus compaction is disabled.
 
 | `enableAdminAPI`
 | `boolean`
-| Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
+| Enables access to the Prometheus web admin API. 
+ WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. 
+ For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
 
 | `enableFeatures`
 | `array (string)`
-| Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/
+| Enable access to Prometheus feature flags. By default, no features are enabled. 
+ Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. 
+ For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/
 
 | `enableRemoteWriteReceiver`
 | `boolean`
-| Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver Only valid in Prometheus versions 2.33.0 and newer.
+| Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. 
+ WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver 
+ It requires Prometheus >= v2.33.0.
 
 | `enforcedBodySizeLimit`
 | `string`
-| EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. Example: 100MB. If defined, the limit will apply to all service/pod monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.
+| When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. 
+ It requires Prometheus >= v2.28.0.
+
+| `enforcedKeepDroppedTargets`
+| `integer`
+| When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets dropped by relabeling that will be kept in memory. The value overrides any `spec.keepDroppedTargets` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is greater than zero and less than `spec.enforcedKeepDroppedTargets`. 
+ It requires Prometheus >= v2.47.0.
 
 | `enforcedLabelLimit`
 | `integer`
-| Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.
+| When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. 
+ It requires Prometheus >= v2.27.0.
 
 | `enforcedLabelNameLengthLimit`
 | `integer`
-| Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.
+| When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. 
+ It requires Prometheus >= v2.27.0.
 
 | `enforcedLabelValueLengthLimit`
 | `integer`
-| Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.
+| When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. 
+ It requires Prometheus >= v2.27.0.
 
 | `enforcedNamespaceLabel`
 | `string`
-| EnforcedNamespaceLabel If set, a label will be added to 
- 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `Probe` objects) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). 
- Label name is this field's value. Label value is the namespace of the created object (mentioned above).
+| When not empty, a label will be added to 
+ 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. 
+ The label will not added for objects referenced in `spec.excludedFromEnforcement`. 
+ The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or `PrometheusRule` object.
 
 | `enforcedSampleLimit`
 | `integer`
-| EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.
+| When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and less than than `spec.enforcedSampleLimit`. 
+ It is meant to be used by admins to keep the overall number of samples/series under a desired limit.
 
 | `enforcedTargetLimit`
 | `integer`
-| EnforcedTargetLimit defines a global limit on the number of scraped targets.  This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor.  It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except if either value is zero, in which case the non-zero value will be used.  If both values are zero, no limit is enforced.
+| When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. 
+ It is meant to be used by admins to to keep the overall number of targets under a desired limit.
 
 | `evaluationInterval`
 | `string`
-| Interval between consecutive evaluations. Default: `30s`
+| Interval between rule evaluations. Default: "30s"
 
 | `excludedFromEnforcement`
 | `array`
-| List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.
+| List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. 
+ It is only applicable if `spec.enforcedNamespaceLabel` set to true.
 
 | `excludedFromEnforcement[]`
 | `object`
@@ -181,19 +215,19 @@ Type::
 
 | `exemplars`
 | `object`
-| Exemplars related settings that are runtime reloadable. It requires to enable the exemplar storage feature to be effective.
+| Exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective.
 
 | `externalLabels`
 | `object (string)`
-| The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).
+| The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` take precedence over this list.
 
 | `externalUrl`
 | `string`
-| The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name.
+| The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource).
 
 | `hostAliases`
 | `array`
-| Pods' hostAliases configuration
+| Optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
 
 | `hostAliases[]`
 | `object`
@@ -201,15 +235,19 @@ Type::
 
 | `hostNetwork`
 | `boolean`
-| Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically.
+| Use the host's network namespace if true. 
+ Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). 
+ When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` automatically.
 
 | `ignoreNamespaceSelectors`
 | `boolean`
-| IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. They will only discover endpoints within the namespace of the PodMonitor, ServiceMonitor and Probe objects. Defaults to false.
+| When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object.
 
 | `image`
 | `string`
-| Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured.
+| Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. 
+ Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. 
+ If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released.
 
 | `imagePullPolicy`
 | `string`
@@ -217,7 +255,7 @@ Type::
 
 | `imagePullSecrets`
 | `array`
-| An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+| An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
 
 | `imagePullSecrets[]`
 | `object`
@@ -225,31 +263,51 @@ Type::
 
 | `initContainers`
 | `array`
-| InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+| InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g.  fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. 
+ The names of init container name managed by the operator are: * `init-config-reloader`. 
+ Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
 
 | `initContainers[]`
 | `object`
 | A single application container that you want to run within a pod.
 
+| `keepDroppedTargets`
+| `integer`
+| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. 
+ It requires Prometheus >= v2.47.0.
+
+| `labelLimit`
+| `integer`
+| Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.
+
+| `labelNameLengthLimit`
+| `integer`
+| Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.
+
+| `labelValueLengthLimit`
+| `integer`
+| Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer.
+
 | `listenLocal`
 | `boolean`
-| ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
+| When true, the Prometheus server listens on the loopback address instead of the Pod IP's address.
 
 | `logFormat`
 | `string`
-| Log format for Prometheus to be configured with.
+| Log format for Log level for Prometheus and the config-reloader sidecar.
 
 | `logLevel`
 | `string`
-| Log level for Prometheus to be configured with.
+| Log level for Prometheus and the config-reloader sidecar.
 
 | `minReadySeconds`
 | `integer`
-| Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.
+| Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) 
+ This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.
 
 | `nodeSelector`
 | `object (string)`
-| Define which Nodes the Pods are scheduled on.
+| Defines on which Nodes the Pods are scheduled.
 
 | `overrideHonorLabels`
 | `boolean`
@@ -263,47 +321,53 @@ Type::
 | `boolean`
 | When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects.
 
+| `persistentVolumeClaimRetentionPolicy`
+| `object`
+| The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.
+
 | `podMetadata`
 | `object`
-| PodMetadata configures Labels and Annotations which are propagated to the prometheus pods.
+| PodMetadata configures labels and annotations which are propagated to the Prometheus pods. 
+ The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "prometheus". * "app.kubernetes.io/version" label, set to the Prometheus version. * "operator.prometheus.io/name" label, set to the name of the Prometheus object. * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus".
 
 | `podMonitorNamespaceSelector`
 | `object`
-| Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace.
+| Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 
 | `podMonitorSelector`
 | `object`
-| *Experimental* PodMonitors to be selected for target discovery. 
- If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+| *Experimental* PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 
 | `podTargetLabels`
 | `array (string)`
-| PodTargetLabels are added to all Pod/ServiceMonitors' podTargetLabels
+| PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects.
 
 | `portName`
 | `string`
-| Port name used for the pods and governing service. Defaults to `web`.
+| Port name used for the pods and governing service. Default: "web"
 
 | `priorityClassName`
 | `string`
-| Priority class assigned to the Pods
+| Priority class assigned to the Pods.
 
 | `probeNamespaceSelector`
 | `object`
-| *Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.
+| *Experimental* Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 
 | `probeSelector`
 | `object`
-| *Experimental* Probes to be selected for target discovery. 
- If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+| *Experimental* Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 
 | `prometheusExternalLabelName`
 | `string`
-| Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`).
+| Name of Prometheus external label used to denote the Prometheus instance name. The external label will _not_ be added when the field is set to the empty string (`""`). 
+ Default: "prometheus"
 
 | `prometheusRulesExcludedFromEnforce`
 | `array`
-| PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair. Deprecated: use excludedFromEnforcement instead.
+| Defines the list of PrometheusRule objects to which the namespace label enforcement doesn't apply. This is only relevant when `spec.enforcedNamespaceLabel` is set to true. *Deprecated: use `spec.excludedFromEnforcement` instead.*
 
 | `prometheusRulesExcludedFromEnforce[]`
 | `object`
@@ -311,15 +375,20 @@ Type::
 
 | `query`
 | `object`
-| QuerySpec defines the query command line flags when starting Prometheus.
+| QuerySpec defines the configuration of the Promethus query service.
 
 | `queryLogFile`
 | `string`
-| QueryLogFile specifies the file to which PromQL queries are logged. If the filename has an empty path, e.g. 'query.log', prometheus-operator will mount the file into an emptyDir volume at `/var/log/prometheus`. If a full path is provided, e.g. /var/log/prometheus/query.log, you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log query information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)
+| queryLogFile specifies where the file to which PromQL queries are logged. 
+ If the filename has an empty path, e.g. 'query.log', The Prometheus Pods will mount the file into an emptyDir volume at `/var/log/prometheus`. If a full path is provided, e.g. '/var/log/prometheus/query.log', you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location can be set to a standard I/O stream, e.g. `/dev/stdout`, to log query information to the default Prometheus log stream.
+
+| `reloadStrategy`
+| `string`
+| Defines the strategy used to reload the Prometheus configuration. If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.
 
 | `remoteRead`
 | `array`
-| remoteRead is the list of remote read configurations.
+| Defines the list of remote read configurations.
 
 | `remoteRead[]`
 | `object`
@@ -327,7 +396,7 @@ Type::
 
 | `remoteWrite`
 | `array`
-| remoteWrite is the list of remote write configurations.
+| Defines the list of remote write configurations.
 
 | `remoteWrite[]`
 | `object`
@@ -335,47 +404,65 @@ Type::
 
 | `replicaExternalLabelName`
 | `string`
-| Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`).
+| Name of Prometheus external label used to denote the replica name. The external label will _not_ be added when the field is set to the empty string (`""`). 
+ Default: "prometheus_replica"
 
 | `replicas`
 | `integer`
-| Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created.
+| Number of replicas of each shard to deploy for a Prometheus deployment. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. 
+ Default: 1
 
 | `resources`
 | `object`
-| Define resources requests and limits for single Pods.
+| Defines the resources requests and limits of the 'prometheus' container.
 
 | `retention`
 | `string`
-| Time duration Prometheus shall retain data for. Default is '24h' if retentionSize is not set, and must match the regular expression `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (milliseconds seconds minutes hours days weeks years).
+| How long to retain the Prometheus data. 
+ Default: "24h" if `spec.retention` and `spec.retentionSize` are empty.
 
 | `retentionSize`
 | `string`
-| Maximum amount of disk space used by blocks.
+| Maximum number of bytes used by the Prometheus data.
 
 | `routePrefix`
 | `string`
-| The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.
+| The route prefix Prometheus registers HTTP handlers for. 
+ This is useful when using `spec.externalURL`, and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.
 
 | `ruleNamespaceSelector`
 | `object`
-| Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used.
+| Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 
 | `ruleSelector`
 | `object`
-| A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated.
+| PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.
 
 | `rules`
 | `object`
-| /--rules.*/ command-line arguments.
+| Defines the configuration of the Prometheus rules' engine.
+
+| `sampleLimit`
+| `integer`
+| SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.
+
+| `scrapeConfigNamespaceSelector`
+| `object`
+| Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current current namespace only.
+
+| `scrapeConfigSelector`
+| `object`
+| *Experimental* ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 
 | `scrapeInterval`
 | `string`
-| Interval between consecutive scrapes. Default: `30s`
+| Interval between consecutive scrapes. 
+ Default: "30s"
 
 | `scrapeTimeout`
 | `string`
-| Number of seconds to wait for target to respond before erroring.
+| Number of seconds to wait until a scrape request times out.
 
 | `secrets`
 | `array (string)`
@@ -391,37 +478,44 @@ Type::
 
 | `serviceMonitorNamespaceSelector`
 | `object`
-| Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace.
+| Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 
 | `serviceMonitorSelector`
 | `object`
-| ServiceMonitors to be selected for target discovery. 
- If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+| ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 
 | `sha`
 | `string`
-| SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead.  The image digest can be specified as part of the image URL.
+| *Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name.*
 
 | `shards`
 | `integer`
-| EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.
+| EXPERIMENTAL: Number of shards to distribute targets onto. `spec.replicas` multiplied by `spec.shards` is the total number of Pods created. 
+ Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally, use Thanos sidecar and Thanos querier or remote write data to a central location. 
+ Sharding is performed on the content of the `__address__` target meta-label for PodMonitors and ServiceMonitors and `__param_target__` for Probes. 
+ Default: 1
 
 | `storage`
 | `object`
-| Storage spec to specify how storage shall be used.
+| Storage defines the storage used by Prometheus.
 
 | `tag`
 | `string`
-| Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead.  The image tag can be specified as part of the image URL.
+| *Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name.*
+
+| `targetLimit`
+| `integer`
+| TargetLimit defines a limit on the number of scraped targets that will be accepted. Only valid in Prometheus versions 2.45.0 and newer.
 
 | `thanos`
 | `object`
-| Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. 
+| Defines the configuration of the optional Thanos sidecar. 
  This section is experimental, it may change significantly without deprecation notice in any release.
 
 | `tolerations`
 | `array`
-| If specified, the pod's tolerations.
+| Defines the Pods' tolerations if specified.
 
 | `tolerations[]`
 | `object`
@@ -429,23 +523,29 @@ Type::
 
 | `topologySpreadConstraints`
 | `array`
-| If specified, the pod's topology spread constraints.
+| Defines the pod's topology spread constraints if specified.
 
 | `topologySpreadConstraints[]`
 | `object`
 | TopologySpreadConstraint specifies how to spread matching pods among the given topology.
 
+| `tracingConfig`
+| `object`
+| EXPERIMENTAL: TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way.
+
 | `tsdb`
 | `object`
 | Defines the runtime reloadable configuration of the timeseries database (TSDB).
 
 | `version`
 | `string`
-| Version of Prometheus to be deployed.
+| Version of Prometheus being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. 
+ If not specified, the operator assumes the latest upstream version of Prometheus available at the time when the version of the operator was released.
 
 | `volumeMounts`
 | `array`
-| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects.
+| VolumeMounts allows the configuration of additional VolumeMounts. 
+ VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects.
 
 | `volumeMounts[]`
 | `object`
@@ -453,7 +553,7 @@ Type::
 
 | `volumes`
 | `array`
-| Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+| Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
 
 | `volumes[]`
 | `object`
@@ -461,18 +561,23 @@ Type::
 
 | `walCompression`
 | `boolean`
-| Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0.
+| Configures compression of the write-ahead log (WAL) using Snappy. 
+ WAL compression is enabled by default for Prometheus >= 2.20.0 
+ Requires Prometheus v2.11.0 and above.
 
 | `web`
 | `object`
-| Defines the web command line flags when starting Prometheus.
+| Defines the configuration of the Prometheus web server.
 
 |===
 === .spec.additionalAlertManagerConfigs
 Description::
 +
 --
-AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
+AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: 
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config 
+ The user is responsible for making sure that the configurations are valid 
+ Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
 --
 
 Type::
@@ -504,7 +609,10 @@ Required::
 Description::
 +
 --
-AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.
+AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: 
+ https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs 
+ The user is responsible for making sure that the configurations are valid 
+ Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.
 --
 
 Type::
@@ -536,7 +644,9 @@ Required::
 Description::
 +
 --
-AdditionalArgs allows setting additional arguments for the Prometheus container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.
+AdditionalArgs allows setting additional arguments for the 'prometheus' container. 
+ It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. 
+ In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.
 --
 
 Type::
@@ -609,7 +719,7 @@ Required::
 Description::
 +
 --
-If specified, the pod's scheduling constraints.
+Defines the Pods' affinity scheduling rules if specified.
 --
 
 Type::
@@ -1934,7 +2044,7 @@ Required::
 Description::
 +
 --
-Define details regarding alerting.
+Defines the settings related to Alertmanager.
 --
 
 Type::
@@ -1955,7 +2065,7 @@ Required::
 
 | `alertmanagers[]`
 | `object`
-| AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.
+| AlertmanagerEndpoints defines a selection of a single Endpoints object containing Alertmanager IPs to fire alerts against.
 
 |===
 === .spec.alerting.alertmanagers
@@ -1975,7 +2085,7 @@ Type::
 Description::
 +
 --
-AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.
+AlertmanagerEndpoints defines a selection of a single Endpoints object containing Alertmanager IPs to fire alerts against.
 --
 
 Type::
@@ -1998,15 +2108,19 @@ Required::
 
 | `authorization`
 | `object`
-| Authorization section for this alertmanager endpoint
+| Authorization section for Alertmanager. 
+ Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.
 
 | `basicAuth`
 | `object`
-| BasicAuth allow an endpoint to authenticate over basic authentication
+| BasicAuth configuration for Alertmanager. 
+ Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.
 
 | `bearerTokenFile`
 | `string`
-| BearerTokenFile to read from filesystem to use when authenticating to Alertmanager.
+| File to read bearer token for Alertmanager. 
+ Cannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`. 
+ *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
 
 | `enableHttp2`
 | `boolean`
@@ -2014,11 +2128,11 @@ Required::
 
 | `name`
 | `string`
-| Name of Endpoints object in Namespace.
+| Name of the Endpoints object in the namespace.
 
 | `namespace`
 | `string`
-| Namespace of Endpoints object.
+| Namespace of the Endpoints object.
 
 | `pathPrefix`
 | `string`
@@ -2026,26 +2140,33 @@ Required::
 
 | `port`
 | `integer-or-string`
-| Port the Alertmanager API is exposed on.
+| Port on which the Alertmanager API is exposed.
 
 | `scheme`
 | `string`
 | Scheme to use when firing alerts.
 
+| `sigv4`
+| `object`
+| Sigv4 allows to configures AWS's Signature Verification 4 for the URL. 
+ It requires Prometheus >= v2.48.0. 
+ Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.
+
 | `timeout`
 | `string`
 | Timeout is a per-target Alertmanager timeout when pushing alerts.
 
 | `tlsConfig`
 | `object`
-| TLS Config to use for alertmanager connection.
+| TLS Config to use for Alertmanager.
 
 |===
 === .spec.alerting.alertmanagers[].authorization
 Description::
 +
 --
-Authorization section for this alertmanager endpoint
+Authorization section for Alertmanager. 
+ Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.
 --
 
 Type::
@@ -2060,18 +2181,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.alerting.alertmanagers[].authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -2103,7 +2226,8 @@ Required::
 Description::
 +
 --
-BasicAuth allow an endpoint to authenticate over basic authentication
+BasicAuth configuration for Alertmanager. 
+ Cannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.
 --
 
 Type::
@@ -2118,18 +2242,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.alerting.alertmanagers[].basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -2161,7 +2285,111 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alerting.alertmanagers[].sigv4
+Description::
++
+--
+Sigv4 allows to configures AWS's Signature Verification 4 for the URL. 
+ It requires Prometheus >= v2.48.0. 
+ Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `accessKey`
+| `object`
+| AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
+
+| `profile`
+| `string`
+| Profile is the named AWS profile used to authenticate.
+
+| `region`
+| `string`
+| Region is the AWS region. If blank, the region from the default credentials chain used.
+
+| `roleArn`
+| `string`
+| RoleArn is the named AWS profile used to authenticate.
+
+| `secretKey`
+| `object`
+| SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+
+|===
+=== .spec.alerting.alertmanagers[].sigv4.accessKey
+Description::
++
+--
+AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.alerting.alertmanagers[].sigv4.secretKey
+Description::
++
+--
+SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
 --
 
 Type::
@@ -2193,7 +2421,7 @@ Required::
 Description::
 +
 --
-TLS Config to use for alertmanager connection.
+TLS Config to use for Alertmanager.
 --
 
 Type::
@@ -2455,7 +2683,7 @@ Required::
 Description::
 +
 --
-APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
+APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
 --
 
 Type::
@@ -2472,34 +2700,40 @@ Required::
 
 | `authorization`
 | `object`
-| Authorization section for accessing apiserver
+| Authorization section for the API server. 
+ Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`.
 
 | `basicAuth`
 | `object`
-| BasicAuth allow an endpoint to authenticate over basic authentication
+| BasicAuth configuration for the API server. 
+ Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`.
 
 | `bearerToken`
 | `string`
-| Bearer token for accessing apiserver.
+| *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* 
+ *Deprecated: this will be removed in a future release.*
 
 | `bearerTokenFile`
 | `string`
-| File to read bearer token for accessing apiserver.
+| File to read bearer token for accessing apiserver. 
+ Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. 
+ *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
 
 | `host`
 | `string`
-| Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number
+| Kubernetes API address consisting of a hostname or IP address followed by an optional port number.
 
 | `tlsConfig`
 | `object`
-| TLS Config to use for accessing apiserver.
+| TLS Config to use for the API server.
 
 |===
 === .spec.apiserverConfig.authorization
 Description::
 +
 --
-Authorization section for accessing apiserver
+Authorization section for the API server. 
+ Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`.
 --
 
 Type::
@@ -2514,22 +2748,24 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `credentialsFile`
 | `string`
-| File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization)
+| File to read a secret from, mutually exclusive with `credentials`.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.apiserverConfig.authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -2561,7 +2797,8 @@ Required::
 Description::
 +
 --
-BasicAuth allow an endpoint to authenticate over basic authentication
+BasicAuth configuration for the API server. 
+ Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`.
 --
 
 Type::
@@ -2576,18 +2813,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.apiserverConfig.basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -2619,7 +2856,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -2651,7 +2888,7 @@ Required::
 Description::
 +
 --
-TLS Config to use for accessing apiserver.
+TLS Config to use for the API server.
 --
 
 Type::
@@ -2913,7 +3150,7 @@ Required::
 Description::
 +
 --
-ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files.
+When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g.  '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field.
 --
 
 Type::
@@ -2935,7 +3172,9 @@ Type::
 Description::
 +
 --
-Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. 
+ The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` 
+ Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
 --
 
 Type::
@@ -3019,10 +3258,22 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@@ -3527,7 +3778,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3693,7 +3944,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3755,7 +4006,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -3812,7 +4063,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -3916,7 +4167,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4031,7 +4282,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4088,7 +4339,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4192,7 +4443,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4226,6 +4477,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.containers[].resources
 Description::
@@ -4248,7 +4541,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -4260,7 +4553,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.containers[].resources.claims
@@ -4269,7 +4562,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -4445,7 +4738,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -4480,7 +4773,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -4514,7 +4807,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4571,7 +4864,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4675,7 +4968,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4814,7 +5107,8 @@ Required::
 Description::
 +
 --
-List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.
+List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. 
+ It is only applicable if `spec.enforcedNamespaceLabel` set to true.
 --
 
 Type::
@@ -4849,7 +5143,7 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. When not set, all resources are matched.
+| Name of the referent. When not set, all resources in the namespace are matched.
 
 | `namespace`
 | `string`
@@ -4864,7 +5158,7 @@ Required::
 Description::
 +
 --
-Exemplars related settings that are runtime reloadable. It requires to enable the exemplar storage feature to be effective.
+Exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective.
 --
 
 Type::
@@ -4879,14 +5173,16 @@ Type::
 
 | `maxSize`
 | `integer`
-| Maximum number of exemplars stored in memory for all series. If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage.
+| Maximum number of exemplars stored in memory for all series. 
+ exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. 
+ If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage.
 
 |===
 === .spec.hostAliases
 Description::
 +
 --
-Pods' hostAliases configuration
+Optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
 --
 
 Type::
@@ -4928,7 +5224,7 @@ Required::
 Description::
 +
 --
-An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
+An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
 --
 
 Type::
@@ -4963,7 +5259,9 @@ Type::
 Description::
 +
 --
-InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
+InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g.  fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. 
+ The names of init container name managed by the operator are: * `init-config-reloader`. 
+ Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.
 --
 
 Type::
@@ -5047,10 +5345,22 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@@ -5555,7 +5865,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5721,7 +6031,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5783,7 +6093,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5840,7 +6150,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -5944,7 +6254,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6059,7 +6369,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6116,7 +6426,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6220,7 +6530,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6254,6 +6564,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.initContainers[].resources
 Description::
@@ -6276,7 +6628,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -6288,7 +6640,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.initContainers[].resources.claims
@@ -6297,7 +6649,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -6473,7 +6825,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6508,7 +6860,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6542,7 +6894,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6599,7 +6951,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6703,7 +7055,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6837,12 +7189,39 @@ Required::
 | `string`
 | Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 
+|===
+=== .spec.persistentVolumeClaimRetentionPolicy
+Description::
++
+--
+The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. The default behavior is all PVCs are retained. This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC feature gate.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `whenDeleted`
+| `string`
+| WhenDeleted specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is deleted. The default policy of `Retain` causes PVCs to not be affected by StatefulSet deletion. The `Delete` policy causes those PVCs to be deleted.
+
+| `whenScaled`
+| `string`
+| WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. The default policy of `Retain` causes PVCs to not be affected by a scaledown. The `Delete` policy causes the associated PVCs for any excess pods above the replica count to be deleted.
+
 |===
 === .spec.podMetadata
 Description::
 +
 --
-PodMetadata configures Labels and Annotations which are propagated to the prometheus pods.
+PodMetadata configures labels and annotations which are propagated to the Prometheus pods. 
+ The following items are reserved and cannot be overridden: * "prometheus" label, set to the name of the Prometheus object. * "app.kubernetes.io/instance" label, set to the name of the Prometheus object. * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/name" label, set to "prometheus". * "app.kubernetes.io/version" label, set to the Prometheus version. * "operator.prometheus.io/name" label, set to the name of the Prometheus object. * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object. * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus".
 --
 
 Type::
@@ -6872,7 +7251,7 @@ Type::
 Description::
 +
 --
-Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace.
+Namespaces to match for PodMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 --
 
 Type::
@@ -6948,8 +7327,8 @@ Required::
 Description::
 +
 --
-*Experimental* PodMonitors to be selected for target discovery. 
- If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+*Experimental* PodMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 --
 
 Type::
@@ -7025,7 +7404,7 @@ Required::
 Description::
 +
 --
-*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.
+*Experimental* Namespaces to match for Probe discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 --
 
 Type::
@@ -7101,8 +7480,8 @@ Required::
 Description::
 +
 --
-*Experimental* Probes to be selected for target discovery. 
- If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+*Experimental* Probes to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 --
 
 Type::
@@ -7178,7 +7557,7 @@ Required::
 Description::
 +
 --
-PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair. Deprecated: use excludedFromEnforcement instead.
+Defines the list of PrometheusRule objects to which the namespace label enforcement doesn't apply. This is only relevant when `spec.enforcedNamespaceLabel` is set to true. *Deprecated: use `spec.excludedFromEnforcement` instead.*
 --
 
 Type::
@@ -7209,18 +7588,18 @@ Required::
 
 | `ruleName`
 | `string`
-| RuleNamespace - name of excluded rule
+| Name of the excluded PrometheusRule object.
 
 | `ruleNamespace`
 | `string`
-| RuleNamespace - namespace of excluded rule
+| Namespace of the excluded PrometheusRule object.
 
 |===
 === .spec.query
 Description::
 +
 --
-QuerySpec defines the query command line flags when starting Prometheus.
+QuerySpec defines the configuration of the Promethus query service.
 --
 
 Type::
@@ -7254,7 +7633,7 @@ Type::
 Description::
 +
 --
-remoteRead is the list of remote read configurations.
+Defines the list of remote read configurations.
 --
 
 Type::
@@ -7284,23 +7663,34 @@ Required::
 
 | `authorization`
 | `object`
-| Authorization section for remote read
+| Authorization section for the URL. 
+ It requires Prometheus >= v2.26.0. 
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 
 | `basicAuth`
 | `object`
-| BasicAuth for the URL.
+| BasicAuth configuration for the URL. 
+ Cannot be set at the same time as `authorization`, or `oauth2`.
 
 | `bearerToken`
 | `string`
-| Bearer token for remote read.
+| *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* 
+ *Deprecated: this will be removed in a future release.*
 
 | `bearerTokenFile`
 | `string`
-| File to read bearer token for remote read.
+| File from which to read the bearer token for the URL. 
+ *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
 
 | `filterExternalLabels`
 | `boolean`
-| Whether to use the external labels as selectors for the remote read endpoint. Requires Prometheus v2.34.0 and above.
+| Whether to use the external labels as selectors for the remote read endpoint. 
+ It requires Prometheus >= v2.34.0.
+
+| `followRedirects`
+| `boolean`
+| Configure whether HTTP requests follow HTTP 3xx redirects. 
+ It requires Prometheus >= v2.26.0.
 
 | `headers`
 | `object (string)`
@@ -7308,11 +7698,14 @@ Required::
 
 | `name`
 | `string`
-| The name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations.  Only valid in Prometheus versions 2.15.0 and newer.
+| The name of the remote read queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. 
+ It requires Prometheus >= v2.15.0.
 
 | `oauth2`
 | `object`
-| OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+| OAuth2 configuration for the URL. 
+ It requires Prometheus >= v2.27.0. 
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
 
 | `proxyUrl`
 | `string`
@@ -7332,7 +7725,7 @@ Required::
 
 | `tlsConfig`
 | `object`
-| TLS Config to use for remote read.
+| TLS Config to use for the URL.
 
 | `url`
 | `string`
@@ -7343,7 +7736,9 @@ Required::
 Description::
 +
 --
-Authorization section for remote read
+Authorization section for the URL. 
+ It requires Prometheus >= v2.26.0. 
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 --
 
 Type::
@@ -7358,22 +7753,24 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `credentialsFile`
 | `string`
-| File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization)
+| File to read a secret from, mutually exclusive with `credentials`.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.remoteRead[].authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -7405,7 +7802,8 @@ Required::
 Description::
 +
 --
-BasicAuth for the URL.
+BasicAuth configuration for the URL. 
+ Cannot be set at the same time as `authorization`, or `oauth2`.
 --
 
 Type::
@@ -7420,18 +7818,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.remoteRead[].basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -7463,7 +7861,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -7495,7 +7893,9 @@ Required::
 Description::
 +
 --
-OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+OAuth2 configuration for the URL. 
+ It requires Prometheus >= v2.27.0. 
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
 --
 
 Type::
@@ -7514,30 +7914,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.remoteRead[].oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -7627,7 +8027,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -7659,7 +8059,7 @@ Required::
 Description::
 +
 --
-TLS Config to use for remote read.
+TLS Config to use for the URL.
 --
 
 Type::
@@ -7921,7 +8321,7 @@ Required::
 Description::
 +
 --
-remoteWrite is the list of remote write configurations.
+Defines the list of remote write configurations.
 --
 
 Type::
@@ -7951,23 +8351,35 @@ Required::
 
 | `authorization`
 | `object`
-| Authorization section for remote write
+| Authorization section for the URL. 
+ It requires Prometheus >= v2.26.0. 
+ Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.
+
+| `azureAd`
+| `object`
+| AzureAD for the URL. 
+ It requires Prometheus >= v2.45.0. 
+ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.
 
 | `basicAuth`
 | `object`
-| BasicAuth for the URL.
+| BasicAuth configuration for the URL. 
+ Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.
 
 | `bearerToken`
 | `string`
-| Bearer token for remote write.
+| *Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* 
+ *Deprecated: this will be removed in a future release.*
 
 | `bearerTokenFile`
 | `string`
-| File to read bearer token for remote write.
+| File from which to read bearer token for the URL. 
+ *Deprecated: this will be removed in a future release. Prefer using `authorization`.*
 
 | `headers`
 | `object (string)`
-| Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer.
+| Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. 
+ It requires Prometheus >= v2.25.0.
 
 | `metadataConfig`
 | `object`
@@ -7975,11 +8387,14 @@ Required::
 
 | `name`
 | `string`
-| The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer.
+| The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. 
+ It requires Prometheus >= v2.15.0.
 
 | `oauth2`
 | `object`
-| OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+| OAuth2 configuration for the URL. 
+ It requires Prometheus >= v2.27.0. 
+ Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.
 
 | `proxyUrl`
 | `string`
@@ -7995,15 +8410,23 @@ Required::
 
 | `sendExemplars`
 | `boolean`
-| Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the enableFeature option for exemplars to be scraped in the first place.  Only valid in Prometheus versions 2.27.0 and newer.
+| Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. 
+ It requires Prometheus >= v2.27.0.
+
+| `sendNativeHistograms`
+| `boolean`
+| Enables sending of native histograms, also known as sparse histograms over remote write. 
+ It requires Prometheus >= v2.40.0.
 
 | `sigv4`
 | `object`
-| Sigv4 allows to configures AWS's Signature Verification 4
+| Sigv4 allows to configures AWS's Signature Verification 4 for the URL. 
+ It requires Prometheus >= v2.26.0. 
+ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.
 
 | `tlsConfig`
 | `object`
-| TLS Config to use for remote write.
+| TLS Config to use for the URL.
 
 | `url`
 | `string`
@@ -8015,14 +8438,17 @@ Required::
 
 | `writeRelabelConfigs[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 |===
 === .spec.remoteWrite[].authorization
 Description::
 +
 --
-Authorization section for remote write
+Authorization section for the URL. 
+ It requires Prometheus >= v2.26.0. 
+ Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.
 --
 
 Type::
@@ -8037,22 +8463,24 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `credentialsFile`
 | `string`
-| File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization)
+| File to read a secret from, mutually exclusive with `credentials`.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.remoteWrite[].authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -8080,11 +8508,13 @@ Required::
 | Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.remoteWrite[].basicAuth
+=== .spec.remoteWrite[].azureAd
 Description::
 +
 --
-BasicAuth for the URL.
+AzureAD for the URL. 
+ It requires Prometheus >= v2.45.0. 
+ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.
 --
 
 Type::
@@ -8097,27 +8527,32 @@ Type::
 |===
 | Property | Type | Description
 
-| `password`
+| `cloud`
+| `string`
+| The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.
+
+| `managedIdentity`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth`.
 
-| `username`
+| `oauth`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity`. 
+ It requires Prometheus >= v2.48.0.
 
 |===
-=== .spec.remoteWrite[].basicAuth.password
+=== .spec.remoteWrite[].azureAd.managedIdentity
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth`.
 --
 
 Type::
   `object`
 
 Required::
-  - `key`
+  - `clientId`
 
 
 
@@ -8125,31 +8560,26 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
-| `string`
-| The key of the secret to select from.  Must be a valid secret key.
-
-| `name`
+| `clientId`
 | `string`
-| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
-
-| `optional`
-| `boolean`
-| Specify whether the Secret or its key must be defined
+| The client id
 
 |===
-=== .spec.remoteWrite[].basicAuth.username
+=== .spec.remoteWrite[].azureAd.oauth
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity`. 
+ It requires Prometheus >= v2.48.0.
 --
 
 Type::
   `object`
 
 Required::
-  - `key`
+  - `clientId`
+  - `clientSecret`
+  - `tenantId`
 
 
 
@@ -8157,11 +8587,134 @@ Required::
 |===
 | Property | Type | Description
 
-| `key`
+| `clientId`
 | `string`
-| The key of the secret to select from.  Must be a valid secret key.
+| `clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.
 
-| `name`
+| `clientSecret`
+| `object`
+| `clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.
+
+| `tenantId`
+| `string`
+| `tenantID` is the tenant ID of the Azure Active Directory application that is being used to authenticate.
+
+|===
+=== .spec.remoteWrite[].azureAd.oauth.clientSecret
+Description::
++
+--
+`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteWrite[].basicAuth
+Description::
++
+--
+BasicAuth configuration for the URL. 
+ Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `password`
+| `object`
+| `password` specifies a key of a Secret containing the password for authentication.
+
+| `username`
+| `object`
+| `username` specifies a key of a Secret containing the username for authentication.
+
+|===
+=== .spec.remoteWrite[].basicAuth.password
+Description::
++
+--
+`password` specifies a key of a Secret containing the password for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
+
+|===
+=== .spec.remoteWrite[].basicAuth.username
+Description::
++
+--
+`username` specifies a key of a Secret containing the username for authentication.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
+
+| `name`
 | `string`
 | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
@@ -8189,18 +8742,20 @@ Type::
 
 | `send`
 | `boolean`
-| Whether metric metadata is sent to the remote storage or not.
+| Defines whether metric metadata is sent to the remote storage or not.
 
 | `sendInterval`
 | `string`
-| How frequently metric metadata is sent to the remote storage.
+| Defines how frequently metric metadata is sent to the remote storage.
 
 |===
 === .spec.remoteWrite[].oauth2
 Description::
 +
 --
-OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+OAuth2 configuration for the URL. 
+ It requires Prometheus >= v2.27.0. 
+ Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.
 --
 
 Type::
@@ -8219,30 +8774,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.remoteWrite[].oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -8332,7 +8887,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -8418,7 +8973,9 @@ Type::
 Description::
 +
 --
-Sigv4 allows to configures AWS's Signature Verification 4
+Sigv4 allows to configures AWS's Signature Verification 4 for the URL. 
+ It requires Prometheus >= v2.26.0. 
+ Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.
 --
 
 Type::
@@ -8433,7 +8990,7 @@ Type::
 
 | `accessKey`
 | `object`
-| AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used.
+| AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
 
 | `profile`
 | `string`
@@ -8449,14 +9006,14 @@ Type::
 
 | `secretKey`
 | `object`
-| SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+| SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
 
 |===
 === .spec.remoteWrite[].sigv4.accessKey
 Description::
 +
 --
-AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used.
+AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
 --
 
 Type::
@@ -8488,7 +9045,7 @@ Required::
 Description::
 +
 --
-SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
+SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
 --
 
 Type::
@@ -8520,7 +9077,7 @@ Required::
 Description::
 +
 --
-TLS Config to use for remote write.
+TLS Config to use for the URL.
 --
 
 Type::
@@ -8795,7 +9352,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -8810,38 +9368,44 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.resources
 Description::
 +
 --
-Define resources requests and limits for single Pods.
+Defines the resources requests and limits of the 'prometheus' container.
 --
 
 Type::
@@ -8858,7 +9422,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -8870,7 +9434,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.resources.claims
@@ -8879,7 +9443,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -8916,7 +9480,7 @@ Required::
 Description::
 +
 --
-Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used.
+Namespaces to match for PrometheusRule discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 --
 
 Type::
@@ -8992,7 +9556,7 @@ Required::
 Description::
 +
 --
-A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated.
+PrometheusRule objects to be selected for rule evaluation. An empty label selector matches all objects. A null label selector matches no objects.
 --
 
 Type::
@@ -9068,7 +9632,7 @@ Required::
 Description::
 +
 --
-/--rules.*/ command-line arguments.
+Defines the configuration of the Prometheus rules' engine.
 --
 
 Type::
@@ -9083,14 +9647,16 @@ Type::
 
 | `alert`
 | `object`
-| /--rules.alert.*/ command-line arguments
+| Defines the parameters of the Prometheus rules' engine. 
+ Any update to these parameters trigger a restart of the pods.
 
 |===
 === .spec.rules.alert
 Description::
 +
 --
-/--rules.alert.*/ command-line arguments
+Defines the parameters of the Prometheus rules' engine. 
+ Any update to these parameters trigger a restart of the pods.
 --
 
 Type::
@@ -9105,7 +9671,8 @@ Type::
 
 | `forGracePeriod`
 | `string`
-| Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period.
+| Minimum duration between alert and restored 'for' state. 
+ This is maintained only for alerts with a configured 'for' time greater than the grace period.
 
 | `forOutageTolerance`
 | `string`
@@ -9115,6 +9682,159 @@ Type::
 | `string`
 | Minimum amount of time to wait before resending an alert to Alertmanager.
 
+|===
+=== .spec.scrapeConfigNamespaceSelector
+Description::
++
+--
+Namespaces to match for ScrapeConfig discovery. An empty label selector matches all namespaces. A null label selector matches the current current namespace only.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.scrapeConfigNamespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.scrapeConfigNamespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.scrapeConfigSelector
+Description::
++
+--
+*Experimental* ScrapeConfigs to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.scrapeConfigSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.scrapeConfigSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
 |===
 === .spec.securityContext
 Description::
@@ -9235,7 +9955,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -9312,7 +10032,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -9323,7 +10043,7 @@ Type::
 Description::
 +
 --
-Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace.
+Namespaces to match for ServicedMonitors discovery. An empty label selector matches all namespaces. A null label selector matches the current namespace only.
 --
 
 Type::
@@ -9399,8 +10119,8 @@ Required::
 Description::
 +
 --
-ServiceMonitors to be selected for target discovery. 
- If `spec.serviceMonitorSelector`, `spec.podMonitorSelector` and `spec.probeSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is deprecated and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
+ServiceMonitors to be selected for target discovery. An empty label selector matches all objects. A null label selector matches no objects. 
+ If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged. The Prometheus operator will ensure that the Prometheus configuration's Secret exists, but it is the responsibility of the user to provide the raw gzipped Prometheus configuration under the `prometheus.yaml.gz` key. This behavior is *deprecated* and will be removed in the next major version of the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` instead.
 --
 
 Type::
@@ -9476,7 +10196,7 @@ Required::
 Description::
 +
 --
-Storage spec to specify how storage shall be used.
+Storage defines the storage used by Prometheus.
 --
 
 Type::
@@ -9491,26 +10211,26 @@ Type::
 
 | `disableMountSubPath`
 | `boolean`
-| Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.
+| *Deprecated: subPath usage will be removed in a future release.*
 
 | `emptyDir`
 | `object`
-| EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+| EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
 
 | `ephemeral`
 | `object`
-| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
+| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
 
 | `volumeClaimTemplate`
 | `object`
-| A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes.
+| Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
 
 |===
 === .spec.storage.emptyDir
 Description::
 +
 --
-EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
 --
 
 Type::
@@ -9529,14 +10249,14 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.storage.ephemeral
 Description::
 +
 --
-EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
+EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
 --
 
 Type::
@@ -9742,7 +10462,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -9754,7 +10474,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -9763,7 +10483,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -9876,7 +10596,7 @@ Required::
 Description::
 +
 --
-A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes.
+Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
 --
 
 Type::
@@ -9903,11 +10623,11 @@ Type::
 
 | `spec`
 | `object`
-| Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+| Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 
 | `status`
 | `object`
-| Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+| *Deprecated: this field is never set.*
 
 |===
 === .spec.storage.volumeClaimTemplate.metadata
@@ -9944,7 +10664,7 @@ Type::
 Description::
 +
 --
-Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 --
 
 Type::
@@ -10081,7 +10801,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -10093,7 +10813,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.storage.volumeClaimTemplate.spec.resources.claims
@@ -10102,7 +10822,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -10215,7 +10935,7 @@ Required::
 Description::
 +
 --
-Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+*Deprecated: this field is never set.*
 --
 
 Type::
@@ -10232,9 +10952,19 @@ Type::
 | `array (string)`
 | accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 
+| `allocatedResourceStatuses`
+| `object (string)`
+| allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. 
+ ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. 
+ A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. 
+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
 | `allocatedResources`
 | `integer-or-string`
-| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+| allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. 
+ Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. 
+ A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. 
+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
 | `integer-or-string`
@@ -10246,16 +10976,12 @@ Type::
 
 | `conditions[]`
 | `object`
-| PersistentVolumeClaimCondition contails details about state of pvc
+| PersistentVolumeClaimCondition contains details about state of pvc
 
 | `phase`
 | `string`
 | phase represents the current phase of PersistentVolumeClaim.
 
-| `resizeStatus`
-| `string`
-| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
-
 |===
 === .spec.storage.volumeClaimTemplate.status.conditions
 Description::
@@ -10274,7 +11000,7 @@ Type::
 Description::
 +
 --
-PersistentVolumeClaimCondition contails details about state of pvc
+PersistentVolumeClaimCondition contains details about state of pvc
 --
 
 Type::
@@ -10319,7 +11045,7 @@ Required::
 Description::
 +
 --
-Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. 
+Defines the configuration of the optional Thanos sidecar. 
  This section is experimental, it may change significantly without deprecation notice in any release.
 --
 
@@ -10335,7 +11061,7 @@ Type::
 
 | `additionalArgs`
 | `array`
-| AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.
+| AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.
 
 | `additionalArgs[]`
 | `object`
@@ -10343,83 +11069,108 @@ Type::
 
 | `baseImage`
 | `string`
-| Thanos base image if other than default. Deprecated: use 'image' instead
+| *Deprecated: use 'image' instead.*
 
 | `blockSize`
 | `string`
-| BlockDuration controls the size of TSDB blocks produced by Prometheus. Default is 2h to match the upstream Prometheus defaults. WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value set to a multiple of 120 times your longest scrape or rule interval. For example, 30s * 120 = 1h.
+| BlockDuration controls the size of TSDB blocks produced by Prometheus. The default value is 2h to match the upstream Prometheus defaults. 
+ WARNING: Changing the block duration can impact the performance and efficiency of the entire Prometheus/Thanos stack due to how it interacts with memory and Thanos compactors. It is recommended to keep this value set to a multiple of 120 times your longest scrape or rule interval. For example, 30s * 120 = 1h.
+
+| `getConfigInterval`
+| `string`
+| How often to retrieve the Prometheus configuration.
+
+| `getConfigTimeout`
+| `string`
+| Maximum time to wait when retrieving the Prometheus configuration.
 
 | `grpcListenLocal`
 | `boolean`
-| If true, the Thanos sidecar listens on the loopback interface for the gRPC endpoints. It has no effect if `listenLocal` is true.
+| When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the gRPC endpoints. 
+ It has no effect if `listenLocal` is true.
 
 | `grpcServerTlsConfig`
 | `object`
-| GRPCServerTLSConfig configures the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args.
+| Configures the TLS parameters for the gRPC server providing the StoreAPI. 
+ Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.
 
 | `httpListenLocal`
 | `boolean`
-| If true, the Thanos sidecar listens on the loopback interface for the HTTP endpoints. It has no effect if `listenLocal` is true.
+| When true, the Thanos sidecar listens on the loopback interface instead of the Pod IP's address for the HTTP endpoints. 
+ It has no effect if `listenLocal` is true.
 
 | `image`
 | `string`
-| Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured.
+| Container image name for Thanos. If specified, it takes precedence over the `spec.thanos.baseImage`, `spec.thanos.tag` and `spec.thanos.sha` fields. 
+ Specifying `spec.thanos.version` is still necessary to ensure the Prometheus Operator knows which version of Thanos is being configured. 
+ If neither `spec.thanos.image` nor `spec.thanos.baseImage` are defined, the operator will use the latest upstream version of Thanos available at the time when the operator was released.
 
 | `listenLocal`
 | `boolean`
-| If true, the Thanos sidecar listens on the loopback interface for the HTTP and gRPC endpoints. It takes precedence over `grpcListenLocal` and `httpListenLocal`. Deprecated: use `grpcListenLocal` and `httpListenLocal` instead.
+| *Deprecated: use `grpcListenLocal` and `httpListenLocal` instead.*
 
 | `logFormat`
 | `string`
-| LogFormat for Thanos sidecar to be configured with.
+| Log format for the Thanos sidecar.
 
 | `logLevel`
 | `string`
-| LogLevel for Thanos sidecar to be configured with.
+| Log level for the Thanos sidecar.
 
 | `minTime`
 | `string`
-| MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
+| Defines the start of time range limit served by the Thanos sidecar's StoreAPI. The field's value should be a constant time in RFC3339 format or a time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
 
 | `objectStorageConfig`
 | `object`
-| ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority.
+| Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. 
+ More info: https://thanos.io/tip/thanos/storage.md/ 
+ objectStorageConfigFile takes precedence over this field.
 
 | `objectStorageConfigFile`
 | `string`
-| ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.
+| Defines the Thanos sidecar's configuration file to upload TSDB blocks to object storage. 
+ More info: https://thanos.io/tip/thanos/storage.md/ 
+ This field takes precedence over objectStorageConfig.
 
 | `readyTimeout`
 | `string`
-| ReadyTimeout is the maximum time Thanos sidecar will wait for Prometheus to start. Eg 10m
+| ReadyTimeout is the maximum time that the Thanos sidecar will wait for Prometheus to start.
 
 | `resources`
 | `object`
-| Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set
+| Defines the resources requests and limits of the Thanos sidecar.
 
 | `sha`
 | `string`
-| SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead.  The image digest can be specified as part of the image URL.
+| *Deprecated: use 'image' instead.  The image digest can be specified as part of the image name.*
 
 | `tag`
 | `string`
-| Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead.  The image tag can be specified as part of the image URL.
+| *Deprecated: use 'image' instead. The image's tag can be specified as part of the image name.*
 
 | `tracingConfig`
 | `object`
-| TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way.
+| Defines the tracing configuration for the Thanos sidecar. 
+ More info: https://thanos.io/tip/thanos/tracing.md/ 
+ This is an experimental feature, it may change in any upcoming release in a breaking way. 
+ tracingConfigFile takes precedence over this field.
 
 | `tracingConfigFile`
 | `string`
-| TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.
+| Defines the tracing configuration file for the Thanos sidecar. 
+ More info: https://thanos.io/tip/thanos/tracing.md/ 
+ This is an experimental feature, it may change in any upcoming release in a breaking way. 
+ This field takes precedence over tracingConfig.
 
 | `version`
 | `string`
-| Version describes the version of Thanos to use.
+| Version of Thanos being deployed. The operator uses this information to generate the Prometheus StatefulSet + configuration files. 
+ If not specified, the operator assumes the latest upstream release of Thanos available at the time when the version of the operator was released.
 
 | `volumeMounts`
 | `array`
-| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the thanos-sidecar container.
+| VolumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the 'thanos-sidecar' container.
 
 | `volumeMounts[]`
 | `object`
@@ -10430,7 +11181,7 @@ Type::
 Description::
 +
 --
-AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.
+AdditionalArgs allows setting additional arguments for the Thanos container. The arguments are passed as-is to the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged.
 --
 
 Type::
@@ -10471,7 +11222,8 @@ Required::
 Description::
 +
 --
-GRPCServerTLSConfig configures the TLS parameters for the gRPC server providing the StoreAPI. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args.
+Configures the TLS parameters for the gRPC server providing the StoreAPI. 
+ Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.
 --
 
 Type::
@@ -10733,7 +11485,9 @@ Required::
 Description::
 +
 --
-ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority.
+Defines the Thanos sidecar's configuration to upload TSDB blocks to object storage. 
+ More info: https://thanos.io/tip/thanos/storage.md/ 
+ objectStorageConfigFile takes precedence over this field.
 --
 
 Type::
@@ -10765,7 +11519,7 @@ Required::
 Description::
 +
 --
-Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set
+Defines the resources requests and limits of the Thanos sidecar.
 --
 
 Type::
@@ -10782,7 +11536,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -10794,7 +11548,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.thanos.resources.claims
@@ -10803,7 +11557,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -10840,7 +11594,10 @@ Required::
 Description::
 +
 --
-TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way.
+Defines the tracing configuration for the Thanos sidecar. 
+ More info: https://thanos.io/tip/thanos/tracing.md/ 
+ This is an experimental feature, it may change in any upcoming release in a breaking way. 
+ tracingConfigFile takes precedence over this field.
 --
 
 Type::
@@ -10872,7 +11629,7 @@ Required::
 Description::
 +
 --
-VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the thanos-sidecar container.
+VolumeMounts allows configuration of additional VolumeMounts for Thanos. VolumeMounts specified will be appended to other VolumeMounts in the 'thanos-sidecar' container.
 --
 
 Type::
@@ -10930,7 +11687,7 @@ Required::
 Description::
 +
 --
-If specified, the pod's tolerations.
+Defines the Pods' tolerations if specified.
 --
 
 Type::
@@ -10968,42 +11725,393 @@ Type::
 | `string`
 | Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
 
-| `tolerationSeconds`
-| `integer`
-| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+| `tolerationSeconds`
+| `integer`
+| TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
+| `value`
+| `string`
+| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+|===
+=== .spec.topologySpreadConstraints
+Description::
++
+--
+Defines the pod's topology spread constraints if specified.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.topologySpreadConstraints[]
+Description::
++
+--
+TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+--
+
+Type::
+  `object`
+
+Required::
+  - `maxSkew`
+  - `topologyKey`
+  - `whenUnsatisfiable`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| `object`
+| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+
+| `matchLabelKeys`
+| `array (string)`
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `maxSkew`
+| `integer`
+| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|   P   \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
+| `minDomains`
+| `integer`
+| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 
+ For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|  P P  \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 
+ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+| `nodeAffinityPolicy`
+| `string`
+| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 
+ If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+| `nodeTaintsPolicy`
+| `string`
+| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 
+ If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+
+| `topologyKey`
+| `string`
+| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+
+| `whenUnsatisfiable`
+| `string`
+| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \|   P   \|   P   \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+
+|===
+=== .spec.topologySpreadConstraints[].labelSelector
+Description::
++
+--
+LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.topologySpreadConstraints[].labelSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.topologySpreadConstraints[].labelSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.tracingConfig
+Description::
++
+--
+EXPERIMENTAL: TracingConfig configures tracing in Prometheus. This is an experimental feature, it may change in any upcoming release in a breaking way.
+--
+
+Type::
+  `object`
+
+Required::
+  - `endpoint`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `clientType`
+| `string`
+| Client used to export the traces. Supported values are `http` or `grpc`.
+
+| `compression`
+| `string`
+| Compression key for supported compression types. The only supported value is `gzip`.
+
+| `endpoint`
+| `string`
+| Endpoint to send the traces to. Should be provided in format <host>:<port>.
+
+| `headers`
+| `object (string)`
+| Key-value pairs to be used as headers associated with gRPC or HTTP requests.
+
+| `insecure`
+| `boolean`
+| If disabled, the client will use a secure connection.
+
+| `samplingFraction`
+| `integer-or-string`
+| Sets the probability a given trace will be sampled. Must be a float from 0 through 1.
+
+| `timeout`
+| `string`
+| Maximum time the exporter will wait for each batch export.
+
+| `tlsConfig`
+| `object`
+| TLS Config to use when sending traces.
+
+|===
+=== .spec.tracingConfig.tlsConfig
+Description::
++
+--
+TLS Config to use when sending traces.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ca`
+| `object`
+| Certificate authority used when verifying server certificates.
+
+| `caFile`
+| `string`
+| Path to the CA cert in the Prometheus container to use for the targets.
+
+| `cert`
+| `object`
+| Client certificate to present when doing client-authentication.
+
+| `certFile`
+| `string`
+| Path to the client cert file in the Prometheus container for the targets.
+
+| `insecureSkipVerify`
+| `boolean`
+| Disable target certificate validation.
+
+| `keyFile`
+| `string`
+| Path to the client key file in the Prometheus container for the targets.
+
+| `keySecret`
+| `object`
+| Secret containing the client key file for the targets.
+
+| `serverName`
+| `string`
+| Used to verify the hostname for the targets.
+
+|===
+=== .spec.tracingConfig.tlsConfig.ca
+Description::
++
+--
+Certificate authority used when verifying server certificates.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.tracingConfig.tlsConfig.ca.configMap
+Description::
++
+--
+ConfigMap containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key to select.
+
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
+
+|===
+=== .spec.tracingConfig.tlsConfig.ca.secret
+Description::
++
+--
+Secret containing data to use for the targets.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `value`
+| `name`
 | `string`
-| Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
+
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.topologySpreadConstraints
+=== .spec.tracingConfig.tlsConfig.cert
 Description::
 +
 --
-If specified, the pod's topology spread constraints.
+Client certificate to present when doing client-authentication.
 --
 
 Type::
-  `array`
+  `object`
 
 
 
 
-=== .spec.topologySpreadConstraints[]
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `configMap`
+| `object`
+| ConfigMap containing data to use for the targets.
+
+| `secret`
+| `object`
+| Secret containing data to use for the targets.
+
+|===
+=== .spec.tracingConfig.tlsConfig.cert.configMap
 Description::
 +
 --
-TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+ConfigMap containing data to use for the targets.
 --
 
 Type::
   `object`
 
 Required::
-  - `maxSkew`
-  - `topologyKey`
-  - `whenUnsatisfiable`
+  - `key`
 
 
 
@@ -11011,53 +12119,31 @@ Required::
 |===
 | Property | Type | Description
 
-| `labelSelector`
-| `object`
-| LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
-
-| `matchLabelKeys`
-| `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
-
-| `maxSkew`
-| `integer`
-| MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|   P   \| - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
-
-| `minDomains`
-| `integer`
-| MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 
- For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: \| zone1 \| zone2 \| zone3 \| \|  P P  \|  P P  \|  P P  \| The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 
- This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-
-| `nodeAffinityPolicy`
-| `string`
-| NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 
- If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-
-| `nodeTaintsPolicy`
+| `key`
 | `string`
-| NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 
- If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+| The key to select.
 
-| `topologyKey`
+| `name`
 | `string`
-| TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `whenUnsatisfiable`
-| `string`
-| WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: \| zone1 \| zone2 \| zone3 \| \| P P P \|   P   \|   P   \| If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+| `optional`
+| `boolean`
+| Specify whether the ConfigMap or its key must be defined
 
 |===
-=== .spec.topologySpreadConstraints[].labelSelector
+=== .spec.tracingConfig.tlsConfig.cert.secret
 Description::
 +
 --
-LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+Secret containing data to use for the targets.
 --
 
 Type::
   `object`
 
+Required::
+  - `key`
 
 
 
@@ -11065,37 +12151,24 @@ Type::
 |===
 | Property | Type | Description
 
-| `matchExpressions`
-| `array`
-| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+| `key`
+| `string`
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `matchExpressions[]`
-| `object`
-| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+| `name`
+| `string`
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `matchLabels`
-| `object (string)`
-| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
-=== .spec.topologySpreadConstraints[].labelSelector.matchExpressions
-Description::
-+
---
-matchExpressions is a list of label selector requirements. The requirements are ANDed.
---
-
-Type::
-  `array`
-
-
-
-
-=== .spec.topologySpreadConstraints[].labelSelector.matchExpressions[]
+=== .spec.tracingConfig.tlsConfig.keySecret
 Description::
 +
 --
-A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+Secret containing the client key file for the targets.
 --
 
 Type::
@@ -11103,7 +12176,6 @@ Type::
 
 Required::
   - `key`
-  - `operator`
 
 
 
@@ -11113,15 +12185,15 @@ Required::
 
 | `key`
 | `string`
-| key is the label key that the selector applies to.
+| The key of the secret to select from.  Must be a valid secret key.
 
-| `operator`
+| `name`
 | `string`
-| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+| Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?
 
-| `values`
-| `array (string)`
-| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+| `optional`
+| `boolean`
+| Specify whether the Secret or its key must be defined
 
 |===
 === .spec.tsdb
@@ -11143,14 +12215,18 @@ Type::
 
 | `outOfOrderTimeWindow`
 | `string`
-| Configures how old an out-of-order/out-of-bounds sample can be w.r.t. the TSDB max time. An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). Out of order ingestion is an experimental feature and requires Prometheus >= v2.39.0.
+| Configures how old an out-of-order/out-of-bounds sample can be with respect to the TSDB max time. 
+ An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). 
+ Out of order ingestion is an experimental feature. 
+ It requires Prometheus >= v2.39.0.
 
 |===
 === .spec.volumeMounts
 Description::
 +
 --
-VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects.
+VolumeMounts allows the configuration of additional VolumeMounts. 
+ VolumeMounts will be appended to other VolumeMounts in the 'prometheus' container, that are generated as a result of StorageSpec objects.
 --
 
 Type::
@@ -11208,7 +12284,7 @@ Required::
 Description::
 +
 --
-Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
+Volumes allows the configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
 --
 
 Type::
@@ -11907,7 +12983,7 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.volumes[].ephemeral
@@ -12124,7 +13200,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -12136,7 +13212,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -12145,7 +13221,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -13510,7 +14586,7 @@ Required::
 Description::
 +
 --
-Defines the web command line flags when starting Prometheus.
+Defines the configuration of the Prometheus web server.
 --
 
 Type::
@@ -13533,7 +14609,7 @@ Type::
 
 | `pageTitle`
 | `string`
-| The prometheus web page title
+| The prometheus web page title.
 
 | `tlsConfig`
 | `object`
@@ -13906,7 +14982,7 @@ Required::
 
 | `conditions[]`
 | `object`
-| Condition represents the state of the resources associated with the Prometheus or Alertmanager resource.
+| Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
 
 | `paused`
 | `boolean`
@@ -13950,7 +15026,7 @@ Type::
 Description::
 +
 --
-Condition represents the state of the resources associated with the Prometheus or Alertmanager resource.
+Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
 --
 
 Type::
@@ -14074,49 +15150,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1/prometheuses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -14138,23 +15171,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheuses
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -14163,46 +15180,6 @@ Description::
   delete collection of Prometheus
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -14222,46 +15199,6 @@ Description::
   list objects of kind Prometheus
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -14288,12 +15225,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -14329,19 +15263,8 @@ Description::
 | `name`
 | `string`
 | name of the Prometheus
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -14357,25 +15280,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -14396,16 +15302,6 @@ Description::
   read the specified Prometheus
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -14432,22 +15328,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -14473,12 +15358,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -14512,19 +15394,8 @@ Description::
 | `name`
 | `string`
 | name of the Prometheus
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -14533,16 +15404,6 @@ Description::
   read status of the specified Prometheus
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -14569,22 +15430,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -14610,12 +15460,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc
index 14398811a9bd..1c59120718d1 100644
--- a/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="prometheusrule-monitoring-coreos-com-v1"]
 = PrometheusRule [monitoring.coreos.com/v1]
 :toc: macro
@@ -95,7 +95,6 @@ Type::
 
 Required::
   - `name`
-  - `rules`
 
 
 
@@ -107,6 +106,10 @@ Required::
 | `string`
 | Interval determines how often rules in the group are evaluated.
 
+| `limit`
+| `integer`
+| Limit the number of alerts an alerting rule and series a recording rule can produce. Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24.
+
 | `name`
 | `string`
 | Name of the rule group.
@@ -172,6 +175,10 @@ Required::
 | `string`
 | Alerts are considered firing once they have been returned for this long.
 
+| `keep_firing_for`
+| `string`
+| KeepFiringFor defines how long an alert will continue firing after the condition that triggered it has cleared.
+
 | `labels`
 | `object (string)`
 | Labels to add or overwrite.
@@ -202,49 +209,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1/prometheusrules
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -266,23 +230,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/prometheusrules
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -291,46 +239,6 @@ Description::
   delete collection of PrometheusRule
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -350,46 +258,6 @@ Description::
   list objects of kind PrometheusRule
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -416,12 +284,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -457,19 +322,8 @@ Description::
 | `name`
 | `string`
 | name of the PrometheusRule
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -485,25 +339,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -524,16 +361,6 @@ Description::
   read the specified PrometheusRule
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -560,22 +387,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -601,12 +417,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc
index 1b93d0b7e3ad..a6fda859c714 100644
--- a/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/servicemonitor-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="servicemonitor-monitoring-coreos-com-v1"]
 = ServiceMonitor [monitoring.coreos.com/v1]
 :toc: macro
@@ -55,7 +55,6 @@ Type::
   `object`
 
 Required::
-  - `endpoints`
   - `selector`
 
 
@@ -66,64 +65,74 @@ Required::
 
 | `attachMetadata`
 | `object`
-| Attaches node metadata to discovered targets. Requires Prometheus v2.37.0 and above.
+| `attachMetadata` defines additional metadata which is added to the discovered targets. 
+ It requires Prometheus >= v2.37.0.
 
 | `endpoints`
 | `array`
-| A list of endpoints allowed as part of this ServiceMonitor.
+| List of endpoints part of this ServiceMonitor.
 
 | `endpoints[]`
 | `object`
-| Endpoint defines a scrapeable endpoint serving Prometheus metrics.
+| Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
 
 | `jobLabel`
 | `string`
-| JobLabel selects the label from the associated Kubernetes service which will be used as the `job` label for all metrics. 
- For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: bar`, then the `job="bar"` label is added to all metrics. 
- If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the Kubernetes Service.
+| `jobLabel` selects the label from the associated Kubernetes `Service` object which will be used as the `job` label for all metrics. 
+ For example if `jobLabel` is set to `foo` and the Kubernetes `Service` object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` label to all ingested metrics. 
+ If the value of this field is empty or if the label doesn't exist for the given Service, the `job` label of the metrics defaults to the name of the associated Kubernetes `Service`.
+
+| `keepDroppedTargets`
+| `integer`
+| Per-scrape limit on the number of targets dropped by relabeling that will be kept in memory. 0 means no limit. 
+ It requires Prometheus >= v2.47.0.
 
 | `labelLimit`
 | `integer`
-| Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+| Per-scrape limit on number of labels that will be accepted for a sample. 
+ It requires Prometheus >= v2.27.0.
 
 | `labelNameLengthLimit`
 | `integer`
-| Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+| Per-scrape limit on length of labels name that will be accepted for a sample. 
+ It requires Prometheus >= v2.27.0.
 
 | `labelValueLengthLimit`
 | `integer`
-| Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
+| Per-scrape limit on length of labels value that will be accepted for a sample. 
+ It requires Prometheus >= v2.27.0.
 
 | `namespaceSelector`
 | `object`
-| Selector to select which namespaces the Kubernetes Endpoints objects are discovered from.
+| Selector to select which namespaces the Kubernetes `Endpoints` objects are discovered from.
 
 | `podTargetLabels`
 | `array (string)`
-| PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics.
+| `podTargetLabels` defines the labels which are transferred from the associated Kubernetes `Pod` object onto the ingested metrics.
 
 | `sampleLimit`
 | `integer`
-| SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
+| `sampleLimit` defines a per-scrape limit on the number of scraped samples that will be accepted.
 
 | `selector`
 | `object`
-| Selector to select Endpoints objects.
+| Label selector to select the Kubernetes `Endpoints` objects.
 
 | `targetLabels`
 | `array (string)`
-| TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics.
+| `targetLabels` defines the labels which are transferred from the associated Kubernetes `Service` object onto the ingested metrics.
 
 | `targetLimit`
 | `integer`
-| TargetLimit defines a limit on the number of scraped targets that will be accepted.
+| `targetLimit` defines a limit on the number of scraped targets that will be accepted.
 
 |===
 === .spec.attachMetadata
 Description::
 +
 --
-Attaches node metadata to discovered targets. Requires Prometheus v2.37.0 and above.
+`attachMetadata` defines additional metadata which is added to the discovered targets. 
+ It requires Prometheus >= v2.37.0.
 --
 
 Type::
@@ -138,14 +147,14 @@ Type::
 
 | `node`
 | `boolean`
-| When set to true, Prometheus must have permissions to get Nodes.
+| When set to true, Prometheus must have the `get` permission on the `Nodes` objects.
 
 |===
 === .spec.endpoints
 Description::
 +
 --
-A list of endpoints allowed as part of this ServiceMonitor.
+List of endpoints part of this ServiceMonitor.
 --
 
 Type::
@@ -158,7 +167,7 @@ Type::
 Description::
 +
 --
-Endpoint defines a scrapeable endpoint serving Prometheus metrics.
+Endpoint defines an endpoint serving Prometheus metrics to be scraped by Prometheus.
 --
 
 Type::
@@ -173,59 +182,69 @@ Type::
 
 | `authorization`
 | `object`
-| Authorization section for this endpoint
+| `authorization` configures the Authorization header credentials to use when scraping the target. 
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 
 | `basicAuth`
 | `object`
-| BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints
+| `basicAuth` configures the Basic Authentication credentials to use when scraping the target. 
+ Cannot be set at the same time as `authorization`, or `oauth2`.
 
 | `bearerTokenFile`
 | `string`
-| File to read bearer token for scraping targets.
+| File to read bearer token for scraping the target. 
+ Deprecated: use `authorization` instead.
 
 | `bearerTokenSecret`
 | `object`
-| Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator.
+| `bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. 
+ Deprecated: use `authorization` instead.
 
 | `enableHttp2`
 | `boolean`
-| Whether to enable HTTP2.
+| `enableHttp2` can be used to disable HTTP2 when scraping the target.
 
 | `filterRunning`
 | `boolean`
-| Drop pods that are not running. (Failed, Succeeded). Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
+| When true, the pods which are not running (e.g. either in Failed or Succeeded state) are dropped during the target discovery. 
+ If unset, the filtering is enabled. 
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
 
 | `followRedirects`
 | `boolean`
-| FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.
+| `followRedirects` defines whether the scrape requests should follow HTTP 3xx redirects.
 
 | `honorLabels`
 | `boolean`
-| HonorLabels chooses the metric's labels on collisions with target labels.
+| When true, `honorLabels` preserves the metric's labels when they collide with the target's labels.
 
 | `honorTimestamps`
 | `boolean`
-| HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.
+| `honorTimestamps` controls whether Prometheus preserves the timestamps when exposed by the target.
 
 | `interval`
 | `string`
-| Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used.
+| Interval at which Prometheus scrapes the metrics from the target. 
+ If empty, Prometheus uses the global scrape interval.
 
 | `metricRelabelings`
 | `array`
-| MetricRelabelConfigs to apply to samples before ingestion.
+| `metricRelabelings` configures the relabeling rules to apply to the samples before ingestion.
 
 | `metricRelabelings[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `oauth2`
 | `object`
-| OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+| `oauth2` configures the OAuth2 settings to use when scraping the target. 
+ It requires Prometheus >= 2.27.0. 
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
 
 | `params`
 | `object`
-| Optional HTTP URL parameters
+| params define optional HTTP URL parameters.
 
 | `params{}`
 | `array (string)`
@@ -233,46 +252,62 @@ Type::
 
 | `path`
 | `string`
-| HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`).
+| HTTP path from which to scrape for metrics. 
+ If empty, Prometheus uses the default value (e.g. `/metrics`).
 
 | `port`
 | `string`
-| Name of the service port this endpoint refers to. Mutually exclusive with targetPort.
+| Name of the Service port which this endpoint refers to. 
+ It takes precedence over `targetPort`.
 
 | `proxyUrl`
 | `string`
-| ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.
+| `proxyURL` configures the HTTP Proxy URL (e.g. "http://proxyserver:2195") to go through when scraping the target.
 
 | `relabelings`
 | `array`
-| RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+| `relabelings` configures the relabeling rules to apply the target's metadata labels. 
+ The Operator automatically adds relabelings for a few standard Kubernetes fields. 
+ The original scrape job's name is available via the `__tmp_prometheus_job_name` label. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `relabelings[]`
 | `object`
-| RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+| RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 
 | `scheme`
 | `string`
-| HTTP scheme to use for scraping.
+| HTTP scheme to use for scraping. 
+ `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. 
+ If empty, Prometheus uses the default value `http`.
 
 | `scrapeTimeout`
 | `string`
-| Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than `Interval` in which the latter is used.
+| Timeout after which Prometheus considers the scrape to be failed. 
+ If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
 
 | `targetPort`
 | `integer-or-string`
-| Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port.
+| Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. 
+ Deprecated: use `port` instead.
 
 | `tlsConfig`
 | `object`
-| TLS configuration to use when scraping the endpoint
+| TLS configuration to use when scraping the target.
+
+| `trackTimestampsStaleness`
+| `boolean`
+| `trackTimestampsStaleness` defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false. 
+ It requires Prometheus >= v2.48.0.
 
 |===
 === .spec.endpoints[].authorization
 Description::
 +
 --
-Authorization section for this endpoint
+`authorization` configures the Authorization header credentials to use when scraping the target. 
+ Cannot be set at the same time as `basicAuth`, or `oauth2`.
 --
 
 Type::
@@ -287,18 +322,20 @@ Type::
 
 | `credentials`
 | `object`
-| The secret's key that contains the credentials of the request
+| Selects a key of a Secret in the namespace that contains the credentials for authentication.
 
 | `type`
 | `string`
-| Set the authentication type. Defaults to Bearer, Basic will cause an error
+| Defines the authentication type. The value is case-insensitive. 
+ "Basic" is not a supported value. 
+ Default: "Bearer"
 
 |===
 === .spec.endpoints[].authorization.credentials
 Description::
 +
 --
-The secret's key that contains the credentials of the request
+Selects a key of a Secret in the namespace that contains the credentials for authentication.
 --
 
 Type::
@@ -330,7 +367,8 @@ Required::
 Description::
 +
 --
-BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints
+`basicAuth` configures the Basic Authentication credentials to use when scraping the target. 
+ Cannot be set at the same time as `authorization`, or `oauth2`.
 --
 
 Type::
@@ -345,18 +383,18 @@ Type::
 
 | `password`
 | `object`
-| The secret in the service monitor namespace that contains the password for authentication.
+| `password` specifies a key of a Secret containing the password for authentication.
 
 | `username`
 | `object`
-| The secret in the service monitor namespace that contains the username for authentication.
+| `username` specifies a key of a Secret containing the username for authentication.
 
 |===
 === .spec.endpoints[].basicAuth.password
 Description::
 +
 --
-The secret in the service monitor namespace that contains the password for authentication.
+`password` specifies a key of a Secret containing the password for authentication.
 --
 
 Type::
@@ -388,7 +426,7 @@ Required::
 Description::
 +
 --
-The secret in the service monitor namespace that contains the username for authentication.
+`username` specifies a key of a Secret containing the username for authentication.
 --
 
 Type::
@@ -420,7 +458,8 @@ Required::
 Description::
 +
 --
-Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator.
+`bearerTokenSecret` specifies a key of a Secret containing the bearer token for scraping targets. The secret needs to be in the same namespace as the ServiceMonitor object and readable by the Prometheus Operator. 
+ Deprecated: use `authorization` instead.
 --
 
 Type::
@@ -452,7 +491,7 @@ Required::
 Description::
 +
 --
-MetricRelabelConfigs to apply to samples before ingestion.
+`metricRelabelings` configures the relabeling rules to apply to the samples before ingestion.
 --
 
 Type::
@@ -465,7 +504,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -480,38 +520,46 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.endpoints[].oauth2
 Description::
 +
 --
-OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
+`oauth2` configures the OAuth2 settings to use when scraping the target. 
+ It requires Prometheus >= 2.27.0. 
+ Cannot be set at the same time as `authorization`, or `basicAuth`.
 --
 
 Type::
@@ -530,30 +578,30 @@ Required::
 
 | `clientId`
 | `object`
-| The secret or configmap containing the OAuth2 client id
+| `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 
 | `clientSecret`
 | `object`
-| The secret containing the OAuth2 client secret
+| `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 
 | `endpointParams`
 | `object (string)`
-| Parameters to append to the token URL
+| `endpointParams` configures the HTTP parameters to append to the token URL.
 
 | `scopes`
 | `array (string)`
-| OAuth2 scopes used for the token request
+| `scopes` defines the OAuth2 scopes used for the token request.
 
 | `tokenUrl`
 | `string`
-| The URL to fetch the token from
+| `tokenURL` configures the URL to fetch the token from.
 
 |===
 === .spec.endpoints[].oauth2.clientId
 Description::
 +
 --
-The secret or configmap containing the OAuth2 client id
+`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 --
 
 Type::
@@ -643,7 +691,7 @@ Required::
 Description::
 +
 --
-The secret containing the OAuth2 client secret
+`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 --
 
 Type::
@@ -675,7 +723,7 @@ Required::
 Description::
 +
 --
-Optional HTTP URL parameters
+params define optional HTTP URL parameters.
 --
 
 Type::
@@ -688,7 +736,10 @@ Type::
 Description::
 +
 --
-RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+`relabelings` configures the relabeling rules to apply the target's metadata labels. 
+ The Operator automatically adds relabelings for a few standard Kubernetes fields. 
+ The original scrape job's name is available via the `__tmp_prometheus_job_name` label. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -701,7 +752,8 @@ Type::
 Description::
 +
 --
-RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. 
+ More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
 --
 
 Type::
@@ -716,38 +768,44 @@ Type::
 
 | `action`
 | `string`
-| Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.
+| Action to perform based on the regex matching. 
+ `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. 
+ Default: "Replace"
 
 | `modulus`
 | `integer`
-| Modulus to take of the hash of the source label values.
+| Modulus to take of the hash of the source label values. 
+ Only applicable when the action is `HashMod`.
 
 | `regex`
 | `string`
-| Regular expression against which the extracted value is matched. Default is '(.*)'
+| Regular expression against which the extracted value is matched.
 
 | `replacement`
 | `string`
-| Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'
+| Replacement value against which a Replace action is performed if the regular expression matches. 
+ Regex capture groups are available.
 
 | `separator`
 | `string`
-| Separator placed between concatenated source label values. default is ';'.
+| Separator is the string between concatenated SourceLabels.
 
 | `sourceLabels`
 | `array (string)`
-| The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
+| The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 
 | `targetLabel`
 | `string`
-| Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
+| Label to which the resulting string is written in a replacement. 
+ It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. 
+ Regex capture groups are available.
 
 |===
 === .spec.endpoints[].tlsConfig
 Description::
 +
 --
-TLS configuration to use when scraping the endpoint
+TLS configuration to use when scraping the target.
 --
 
 Type::
@@ -1009,7 +1067,7 @@ Required::
 Description::
 +
 --
-Selector to select which namespaces the Kubernetes Endpoints objects are discovered from.
+Selector to select which namespaces the Kubernetes `Endpoints` objects are discovered from.
 --
 
 Type::
@@ -1035,7 +1093,7 @@ Type::
 Description::
 +
 --
-Selector to select Endpoints objects.
+Label selector to select the Kubernetes `Endpoints` objects.
 --
 
 Type::
@@ -1128,49 +1186,6 @@ The following API endpoints are available:
 === /apis/monitoring.coreos.com/v1/servicemonitors
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1192,23 +1207,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/servicemonitors
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1217,46 +1216,6 @@ Description::
   delete collection of ServiceMonitor
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1276,46 +1235,6 @@ Description::
   list objects of kind ServiceMonitor
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1342,12 +1261,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1383,19 +1299,8 @@ Description::
 | `name`
 | `string`
 | name of the ServiceMonitor
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1411,25 +1316,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1450,16 +1338,6 @@ Description::
   read the specified ServiceMonitor
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1486,22 +1364,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1527,12 +1394,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc
index 01074e2b9986..4ae5b3f995d5 100644
--- a/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc
+++ b/rest_api/monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="thanosruler-monitoring-coreos-com-v1"]
 = ThanosRuler [monitoring.coreos.com/v1]
 :toc: macro
@@ -45,7 +45,7 @@ Required::
 
 | `status`
 | `object`
-| Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+| Most recent observed status of the ThanosRuler cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 
 |===
 === .spec
@@ -203,7 +203,8 @@ Type::
 
 | `podMetadata`
 | `object`
-| PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods.
+| PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. 
+ The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/instance" label, set to the name of the ThanosRuler instance. * "thanos-ruler" label, set to the name of the ThanosRuler instance. * "kubectl.kubernetes.io/default-container" annotation, set to "thanos-ruler".
 
 | `portName`
 | `string`
@@ -293,6 +294,14 @@ Type::
 | `string`
 | Version of Thanos to be deployed.
 
+| `volumeMounts`
+| `array`
+| VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects.
+
+| `volumeMounts[]`
+| `object`
+| VolumeMount describes a mounting of a Volume within a container.
+
 | `volumes`
 | `array`
 | Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.
@@ -1820,10 +1829,22 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@@ -2328,7 +2349,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2494,7 +2515,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2556,7 +2577,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2613,7 +2634,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2717,7 +2738,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2832,7 +2853,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2889,7 +2910,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2993,7 +3014,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3027,6 +3048,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.containers[].resources
 Description::
@@ -3049,7 +3112,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -3061,7 +3124,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.containers[].resources.claims
@@ -3070,7 +3133,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -3246,7 +3309,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -3281,7 +3344,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -3315,7 +3378,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -3372,7 +3435,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -3476,7 +3539,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3650,7 +3713,7 @@ Required::
 
 | `name`
 | `string`
-| Name of the referent. When not set, all resources are matched.
+| Name of the referent. When not set, all resources in the namespace are matched.
 
 | `namespace`
 | `string`
@@ -4088,10 +4151,22 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
@@ -4596,7 +4671,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4762,7 +4837,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4824,7 +4899,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4881,7 +4956,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4985,7 +5060,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5100,7 +5175,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5157,7 +5232,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -5261,7 +5336,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5295,6 +5370,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.initContainers[].resources
 Description::
@@ -5317,7 +5434,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -5329,7 +5446,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.initContainers[].resources.claims
@@ -5338,7 +5455,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -5514,7 +5631,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -5549,7 +5666,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -5583,7 +5700,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5640,7 +5757,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -5744,7 +5861,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5915,7 +6032,8 @@ Required::
 Description::
 +
 --
-PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods.
+PodMetadata configures labels and annotations which are propagated to the ThanosRuler pods. 
+ The following items are reserved and cannot be overridden: * "app.kubernetes.io/name" label, set to "thanos-ruler". * "app.kubernetes.io/managed-by" label, set to "prometheus-operator". * "app.kubernetes.io/instance" label, set to the name of the ThanosRuler instance. * "thanos-ruler" label, set to the name of the ThanosRuler instance. * "kubectl.kubernetes.io/default-container" annotation, set to "thanos-ruler".
 --
 
 Type::
@@ -5976,11 +6094,11 @@ Required::
 
 | `ruleName`
 | `string`
-| RuleNamespace - name of excluded rule
+| Name of the excluded PrometheusRule object.
 
 | `ruleNamespace`
 | `string`
-| RuleNamespace - namespace of excluded rule
+| Namespace of the excluded PrometheusRule object.
 
 |===
 === .spec.queryConfig
@@ -6036,7 +6154,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -6048,7 +6166,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.resources.claims
@@ -6057,7 +6175,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -6361,7 +6479,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6438,7 +6556,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6464,26 +6582,26 @@ Type::
 
 | `disableMountSubPath`
 | `boolean`
-| Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.
+| *Deprecated: subPath usage will be removed in a future release.*
 
 | `emptyDir`
 | `object`
-| EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+| EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
 
 | `ephemeral`
 | `object`
-| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
+| EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
 
 | `volumeClaimTemplate`
 | `object`
-| A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes.
+| Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
 
 |===
 === .spec.storage.emptyDir
 Description::
 +
 --
-EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
 --
 
 Type::
@@ -6502,14 +6620,14 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.storage.ephemeral
 Description::
 +
 --
-EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
+EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
 --
 
 Type::
@@ -6715,7 +6833,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -6727,7 +6845,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.storage.ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -6736,7 +6854,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -6849,7 +6967,7 @@ Required::
 Description::
 +
 --
-A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes.
+Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes.
 --
 
 Type::
@@ -6876,11 +6994,11 @@ Type::
 
 | `spec`
 | `object`
-| Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+| Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 
 | `status`
 | `object`
-| Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+| *Deprecated: this field is never set.*
 
 |===
 === .spec.storage.volumeClaimTemplate.metadata
@@ -6917,7 +7035,7 @@ Type::
 Description::
 +
 --
-Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 --
 
 Type::
@@ -7054,7 +7172,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -7066,7 +7184,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.storage.volumeClaimTemplate.spec.resources.claims
@@ -7075,7 +7193,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -7188,7 +7306,7 @@ Required::
 Description::
 +
 --
-Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+*Deprecated: this field is never set.*
 --
 
 Type::
@@ -7205,9 +7323,19 @@ Type::
 | `array (string)`
 | accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 
+| `allocatedResourceStatuses`
+| `object (string)`
+| allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. 
+ ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC. 
+ A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. 
+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
 | `allocatedResources`
 | `integer-or-string`
-| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+| allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. 
+ Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. 
+ A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. 
+ This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
 | `integer-or-string`
@@ -7219,16 +7347,12 @@ Type::
 
 | `conditions[]`
 | `object`
-| PersistentVolumeClaimCondition contails details about state of pvc
+| PersistentVolumeClaimCondition contains details about state of pvc
 
 | `phase`
 | `string`
 | phase represents the current phase of PersistentVolumeClaim.
 
-| `resizeStatus`
-| `string`
-| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
-
 |===
 === .spec.storage.volumeClaimTemplate.status.conditions
 Description::
@@ -7247,7 +7371,7 @@ Type::
 Description::
 +
 --
-PersistentVolumeClaimCondition contails details about state of pvc
+PersistentVolumeClaimCondition contains details about state of pvc
 --
 
 Type::
@@ -7379,7 +7503,8 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -7517,6 +7642,64 @@ Required::
 | `boolean`
 | Specify whether the Secret or its key must be defined
 
+|===
+=== .spec.volumeMounts
+Description::
++
+--
+VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the ruler container, that are generated as a result of StorageSpec objects.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.volumeMounts[]
+Description::
++
+--
+VolumeMount describes a mounting of a Volume within a container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `mountPath`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `mountPath`
+| `string`
+| Path within the container at which the volume should be mounted.  Must not contain ':'.
+
+| `mountPropagation`
+| `string`
+| mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+| `name`
+| `string`
+| This must match the Name of a Volume.
+
+| `readOnly`
+| `boolean`
+| Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+| `subPath`
+| `string`
+| Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+| `subPathExpr`
+| `string`
+| Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
 |===
 === .spec.volumes
 Description::
@@ -8221,7 +8404,7 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.volumes[].ephemeral
@@ -8438,7 +8621,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -8450,7 +8633,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -8459,7 +8642,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -9824,7 +10007,7 @@ Required::
 Description::
 +
 --
-Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+Most recent observed status of the ThanosRuler cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 --
 
 Type::
@@ -9847,6 +10030,14 @@ Required::
 | `integer`
 | Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment.
 
+| `conditions`
+| `array`
+| The current state of the Alertmanager object.
+
+| `conditions[]`
+| `object`
+| Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
+
 | `paused`
 | `boolean`
 | Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.
@@ -9863,6 +10054,65 @@ Required::
 | `integer`
 | Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec.
 
+|===
+=== .status.conditions
+Description::
++
+--
+The current state of the Alertmanager object.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `lastTransitionTime`
+  - `status`
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| lastTransitionTime is the time of the last update to the current status property.
+
+| `message`
+| `string`
+| Human-readable message indicating details for the condition's last transition.
+
+| `observedGeneration`
+| `integer`
+| ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance.
+
+| `reason`
+| `string`
+| Reason for the condition's last transition.
+
+| `status`
+| `string`
+| Status of the condition.
+
+| `type`
+| `string`
+| Type of the condition being reported.
+
 |===
 
 == API endpoints
@@ -9880,54 +10130,15 @@ The following API endpoints are available:
 - `GET`: read the specified ThanosRuler
 - `PATCH`: partially update the specified ThanosRuler
 - `PUT`: replace the specified ThanosRuler
+* `/apis/monitoring.coreos.com/v1/namespaces/{namespace}/thanosrulers/{name}/status`
+- `GET`: read status of the specified ThanosRuler
+- `PATCH`: partially update status of the specified ThanosRuler
+- `PUT`: replace status of the specified ThanosRuler
 
 
 === /apis/monitoring.coreos.com/v1/thanosrulers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -9949,23 +10160,7 @@ Description::
 
 === /apis/monitoring.coreos.com/v1/namespaces/{namespace}/thanosrulers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -9974,46 +10169,6 @@ Description::
   delete collection of ThanosRuler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -10033,46 +10188,6 @@ Description::
   list objects of kind ThanosRuler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -10099,12 +10214,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10140,19 +10252,8 @@ Description::
 | `name`
 | `string`
 | name of the ThanosRuler
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -10168,25 +10269,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10207,15 +10291,35 @@ Description::
   read the specified ThanosRuler
 
 
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc#thanosruler-monitoring-coreos-com-v1[`ThanosRuler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified ThanosRuler
+
+
 .Query parameters
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `resourceVersion`
+| `dryRun`
 | `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 
@@ -10230,10 +10334,10 @@ Defaults to unset
 |===
 
 HTTP method::
-  `PATCH`
+  `PUT`
 
 Description::
-  partially update the specified ThanosRuler
+  replace the specified ThanosRuler
 
 
 .Query parameters
@@ -10243,12 +10347,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10256,7 +10357,7 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+| xref:../monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc#thanosruler-monitoring-coreos-com-v1[`ThanosRuler`] schema
 | 
 |===
 
@@ -10266,15 +10367,49 @@ Description::
 | HTTP code | Reponse body
 | 200 - OK
 | xref:../monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc#thanosruler-monitoring-coreos-com-v1[`ThanosRuler`] schema
+| 201 - Created
+| xref:../monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc#thanosruler-monitoring-coreos-com-v1[`ThanosRuler`] schema
 | 401 - Unauthorized
 | Empty
 |===
 
+
+=== /apis/monitoring.coreos.com/v1/namespaces/{namespace}/thanosrulers/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the ThanosRuler
+|===
+
+
 HTTP method::
-  `PUT`
+  `GET`
 
 Description::
-  replace the specified ThanosRuler
+  read status of the specified ThanosRuler
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc#thanosruler-monitoring-coreos-com-v1[`ThanosRuler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified ThanosRuler
 
 
 .Query parameters
@@ -10284,12 +10419,39 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
+| `fieldValidation`
 | `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../monitoring_apis/thanosruler-monitoring-coreos-com-v1.adoc#thanosruler-monitoring-coreos-com-v1[`ThanosRuler`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified ThanosRuler
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc b/rest_api/network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc
new file mode 100644
index 000000000000..edf52768c812
--- /dev/null
+++ b/rest_api/network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc
@@ -0,0 +1,824 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="adminpolicybasedexternalroute-k8s-ovn-org-v1"]
+= AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+AdminPolicyBasedExternalRoute is a CRD allowing the cluster administrators to configure policies for external gateway IPs to be applied to all the pods contained in selected namespaces. Egress traffic from the pods that belong to the selected namespaces to outside the cluster is routed through these external gateway IPs.
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| AdminPolicyBasedExternalRouteSpec defines the desired state of AdminPolicyBasedExternalRoute
+
+| `status`
+| `object`
+| AdminPolicyBasedRouteStatus contains the observed status of the AdminPolicyBased route types.
+
+|===
+=== .spec
+Description::
++
+--
+AdminPolicyBasedExternalRouteSpec defines the desired state of AdminPolicyBasedExternalRoute
+--
+
+Type::
+  `object`
+
+Required::
+  - `from`
+  - `nextHops`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `from`
+| `object`
+| From defines the selectors that will determine the target namespaces to this CR.
+
+| `nextHops`
+| `object`
+| NextHops defines two types of hops: Static and Dynamic. Each hop defines at least one external gateway IP.
+
+|===
+=== .spec.from
+Description::
++
+--
+From defines the selectors that will determine the target namespaces to this CR.
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespaceSelector`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `namespaceSelector`
+| `object`
+| NamespaceSelector defines a selector to be used to determine which namespaces will be targeted by this CR
+
+|===
+=== .spec.from.namespaceSelector
+Description::
++
+--
+NamespaceSelector defines a selector to be used to determine which namespaces will be targeted by this CR
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.from.namespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.from.namespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.nextHops
+Description::
++
+--
+NextHops defines two types of hops: Static and Dynamic. Each hop defines at least one external gateway IP.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `dynamic`
+| `array`
+| DynamicHops defines a slices of DynamicHop. This field is optional.
+
+| `dynamic[]`
+| `object`
+| DynamicHop defines the configuration for a dynamic external gateway interface. These interfaces are wrapped around a pod object that resides inside the cluster. The field NetworkAttachmentName captures the name of the multus network name to use when retrieving the gateway IP to use. The PodSelector and the NamespaceSelector are mandatory fields.
+
+| `static`
+| `array`
+| StaticHops defines a slice of StaticHop. This field is optional.
+
+| `static[]`
+| `object`
+| StaticHop defines the configuration of a static IP that acts as an external Gateway Interface. IP field is mandatory.
+
+|===
+=== .spec.nextHops.dynamic
+Description::
++
+--
+DynamicHops defines a slices of DynamicHop. This field is optional.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nextHops.dynamic[]
+Description::
++
+--
+DynamicHop defines the configuration for a dynamic external gateway interface. These interfaces are wrapped around a pod object that resides inside the cluster. The field NetworkAttachmentName captures the name of the multus network name to use when retrieving the gateway IP to use. The PodSelector and the NamespaceSelector are mandatory fields.
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespaceSelector`
+  - `podSelector`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `bfdEnabled`
+| `boolean`
+| BFDEnabled determines if the interface implements the Bidirectional Forward Detection protocol. Defaults to false.
+
+| `namespaceSelector`
+| `object`
+| NamespaceSelector defines a selector to filter the namespaces where the pod gateways are located.
+
+| `networkAttachmentName`
+| `string`
+| NetworkAttachmentName determines the multus network name to use when retrieving the pod IPs that will be used as the gateway IP. When this field is empty, the logic assumes that the pod is configured with HostNetwork and is using the node's IP as gateway.
+
+| `podSelector`
+| `object`
+| PodSelector defines the selector to filter the pods that are external gateways.
+
+|===
+=== .spec.nextHops.dynamic[].namespaceSelector
+Description::
++
+--
+NamespaceSelector defines a selector to filter the namespaces where the pod gateways are located.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.nextHops.dynamic[].namespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nextHops.dynamic[].namespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.nextHops.dynamic[].podSelector
+Description::
++
+--
+PodSelector defines the selector to filter the pods that are external gateways.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.nextHops.dynamic[].podSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nextHops.dynamic[].podSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.nextHops.static
+Description::
++
+--
+StaticHops defines a slice of StaticHop. This field is optional.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nextHops.static[]
+Description::
++
+--
+StaticHop defines the configuration of a static IP that acts as an external Gateway Interface. IP field is mandatory.
+--
+
+Type::
+  `object`
+
+Required::
+  - `ip`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `bfdEnabled`
+| `boolean`
+| BFDEnabled determines if the interface implements the Bidirectional Forward Detection protocol. Defaults to false.
+
+| `ip`
+| `string`
+| IP defines the static IP to be used for egress traffic. The IP can be either IPv4 or IPv6.
+
+|===
+=== .status
+Description::
++
+--
+AdminPolicyBasedRouteStatus contains the observed status of the AdminPolicyBased route types.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| Captures the time when the last change was applied.
+
+| `messages`
+| `array (string)`
+| An array of Human-readable messages indicating details about the status of the object.
+
+| `status`
+| `string`
+| A concise indication of whether the AdminPolicyBasedRoute resource is applied with success
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/k8s.ovn.org/v1/adminpolicybasedexternalroutes`
+- `DELETE`: delete collection of AdminPolicyBasedExternalRoute
+- `GET`: list objects of kind AdminPolicyBasedExternalRoute
+- `POST`: create an AdminPolicyBasedExternalRoute
+* `/apis/k8s.ovn.org/v1/adminpolicybasedexternalroutes/{name}`
+- `DELETE`: delete an AdminPolicyBasedExternalRoute
+- `GET`: read the specified AdminPolicyBasedExternalRoute
+- `PATCH`: partially update the specified AdminPolicyBasedExternalRoute
+- `PUT`: replace the specified AdminPolicyBasedExternalRoute
+* `/apis/k8s.ovn.org/v1/adminpolicybasedexternalroutes/{name}/status`
+- `GET`: read status of the specified AdminPolicyBasedExternalRoute
+- `PATCH`: partially update status of the specified AdminPolicyBasedExternalRoute
+- `PUT`: replace status of the specified AdminPolicyBasedExternalRoute
+
+
+=== /apis/k8s.ovn.org/v1/adminpolicybasedexternalroutes
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of AdminPolicyBasedExternalRoute
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind AdminPolicyBasedExternalRoute
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#org.ovn.k8s.v1.AdminPolicyBasedExternalRouteList[`AdminPolicyBasedExternalRouteList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an AdminPolicyBasedExternalRoute
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 201 - Created
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 202 - Accepted
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/k8s.ovn.org/v1/adminpolicybasedexternalroutes/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the AdminPolicyBasedExternalRoute
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an AdminPolicyBasedExternalRoute
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified AdminPolicyBasedExternalRoute
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified AdminPolicyBasedExternalRoute
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified AdminPolicyBasedExternalRoute
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 201 - Created
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/k8s.ovn.org/v1/adminpolicybasedexternalroutes/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the AdminPolicyBasedExternalRoute
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified AdminPolicyBasedExternalRoute
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified AdminPolicyBasedExternalRoute
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified AdminPolicyBasedExternalRoute
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 201 - Created
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`AdminPolicyBasedExternalRoute`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc b/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc
index 441f703523c2..d79e062cde29 100644
--- a/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc
+++ b/rest_api/network_apis/cloudprivateipconfig-cloud-network-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cloudprivateipconfig-cloud-network-openshift-io-v1"]
 = CloudPrivateIPConfig [cloud.network.openshift.io/v1]
 :toc: macro
@@ -189,14 +189,6 @@ The following API endpoints are available:
 === /apis/cloud.network.openshift.io/v1/cloudprivateipconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -205,46 +197,6 @@ Description::
   delete collection of CloudPrivateIPConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -264,46 +216,6 @@ Description::
   list objects of kind CloudPrivateIPConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -330,12 +242,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -373,14 +282,6 @@ Description::
 | name of the CloudPrivateIPConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -396,25 +297,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -435,16 +319,6 @@ Description::
   read the specified CloudPrivateIPConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -471,22 +345,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -512,12 +375,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -553,14 +413,6 @@ Description::
 | name of the CloudPrivateIPConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -569,16 +421,6 @@ Description::
   read status of the specified CloudPrivateIPConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -605,22 +447,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -646,12 +477,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/egressfirewall-k8s-ovn-org-v1.adoc b/rest_api/network_apis/egressfirewall-k8s-ovn-org-v1.adoc
index 1cd175148c5d..fbbcda972635 100644
--- a/rest_api/network_apis/egressfirewall-k8s-ovn-org-v1.adoc
+++ b/rest_api/network_apis/egressfirewall-k8s-ovn-org-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="egressfirewall-k8s-ovn-org-v1"]
 = EgressFirewall [k8s.ovn.org/v1]
 :toc: macro
@@ -291,6 +291,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `messages`
+| `array (string)`
+| 
+
 | `status`
 | `string`
 | 
@@ -312,54 +316,15 @@ The following API endpoints are available:
 - `GET`: read the specified EgressFirewall
 - `PATCH`: partially update the specified EgressFirewall
 - `PUT`: replace the specified EgressFirewall
+* `/apis/k8s.ovn.org/v1/namespaces/{namespace}/egressfirewalls/{name}/status`
+- `GET`: read status of the specified EgressFirewall
+- `PATCH`: partially update status of the specified EgressFirewall
+- `PUT`: replace status of the specified EgressFirewall
 
 
 === /apis/k8s.ovn.org/v1/egressfirewalls
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -381,23 +346,7 @@ Description::
 
 === /apis/k8s.ovn.org/v1/namespaces/{namespace}/egressfirewalls
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -406,46 +355,6 @@ Description::
   delete collection of EgressFirewall
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -465,46 +374,6 @@ Description::
   list objects of kind EgressFirewall
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -531,12 +400,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -572,19 +438,8 @@ Description::
 | `name`
 | `string`
 | name of the EgressFirewall
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -600,25 +455,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -639,15 +477,35 @@ Description::
   read the specified EgressFirewall
 
 
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[`EgressFirewall`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified EgressFirewall
+
+
 .Query parameters
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `resourceVersion`
+| `dryRun`
 | `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 
@@ -662,10 +520,10 @@ Defaults to unset
 |===
 
 HTTP method::
-  `PATCH`
+  `PUT`
 
 Description::
-  partially update the specified EgressFirewall
+  replace the specified EgressFirewall
 
 
 .Query parameters
@@ -675,12 +533,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -688,7 +543,7 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+| xref:../network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[`EgressFirewall`] schema
 | 
 |===
 
@@ -698,15 +553,49 @@ Description::
 | HTTP code | Reponse body
 | 200 - OK
 | xref:../network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[`EgressFirewall`] schema
+| 201 - Created
+| xref:../network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[`EgressFirewall`] schema
 | 401 - Unauthorized
 | Empty
 |===
 
+
+=== /apis/k8s.ovn.org/v1/namespaces/{namespace}/egressfirewalls/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the EgressFirewall
+|===
+
+
 HTTP method::
-  `PUT`
+  `GET`
 
 Description::
-  replace the specified EgressFirewall
+  read status of the specified EgressFirewall
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[`EgressFirewall`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified EgressFirewall
 
 
 .Query parameters
@@ -716,12 +605,39 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressfirewall-k8s-ovn-org-v1.adoc#egressfirewall-k8s-ovn-org-v1[`EgressFirewall`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified EgressFirewall
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
 | `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/egressip-k8s-ovn-org-v1.adoc b/rest_api/network_apis/egressip-k8s-ovn-org-v1.adoc
index 0b615e4796c3..6be9f72aedd5 100644
--- a/rest_api/network_apis/egressip-k8s-ovn-org-v1.adoc
+++ b/rest_api/network_apis/egressip-k8s-ovn-org-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="egressip-k8s-ovn-org-v1"]
 = EgressIP [k8s.ovn.org/v1]
 :toc: macro
@@ -322,14 +322,6 @@ The following API endpoints are available:
 === /apis/k8s.ovn.org/v1/egressips
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -338,46 +330,6 @@ Description::
   delete collection of EgressIP
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -397,46 +349,6 @@ Description::
   list objects of kind EgressIP
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -463,12 +375,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -506,14 +415,6 @@ Description::
 | name of the EgressIP
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -529,25 +430,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -568,16 +452,6 @@ Description::
   read the specified EgressIP
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -604,22 +478,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -645,12 +508,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/egressqos-k8s-ovn-org-v1.adoc b/rest_api/network_apis/egressqos-k8s-ovn-org-v1.adoc
index 66811d154c1f..8f71d66b362b 100644
--- a/rest_api/network_apis/egressqos-k8s-ovn-org-v1.adoc
+++ b/rest_api/network_apis/egressqos-k8s-ovn-org-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="egressqos-k8s-ovn-org-v1"]
 = EgressQoS [k8s.ovn.org/v1]
 :toc: macro
@@ -233,49 +233,6 @@ The following API endpoints are available:
 === /apis/k8s.ovn.org/v1/egressqoses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -297,23 +254,7 @@ Description::
 
 === /apis/k8s.ovn.org/v1/namespaces/{namespace}/egressqoses
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -322,46 +263,6 @@ Description::
   delete collection of EgressQoS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -381,46 +282,6 @@ Description::
   list objects of kind EgressQoS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -447,12 +308,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -488,19 +346,8 @@ Description::
 | `name`
 | `string`
 | name of the EgressQoS
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -516,25 +363,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -555,16 +385,6 @@ Description::
   read the specified EgressQoS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -591,22 +411,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -632,12 +441,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -671,19 +477,8 @@ Description::
 | `name`
 | `string`
 | name of the EgressQoS
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -692,16 +487,6 @@ Description::
   read status of the specified EgressQoS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -728,22 +513,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -769,12 +543,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc b/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc
index 0fddda04b73a..c59a5ead8f2a 100644
--- a/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc
+++ b/rest_api/network_apis/egressrouter-network-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="egressrouter-network-operator-openshift-io-v1"]
 = EgressRouter [network.operator.openshift.io/v1]
 :toc: macro
@@ -372,49 +372,6 @@ The following API endpoints are available:
 === /apis/network.operator.openshift.io/v1/egressrouters
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -436,23 +393,7 @@ Description::
 
 === /apis/network.operator.openshift.io/v1/namespaces/{namespace}/egressrouters
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -461,46 +402,6 @@ Description::
   delete collection of EgressRouter
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -520,46 +421,6 @@ Description::
   list objects of kind EgressRouter
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -586,12 +447,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -627,19 +485,8 @@ Description::
 | `name`
 | `string`
 | name of the EgressRouter
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -655,25 +502,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -694,16 +524,6 @@ Description::
   read the specified EgressRouter
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -730,22 +550,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -771,12 +580,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -810,19 +616,8 @@ Description::
 | `name`
 | `string`
 | name of the EgressRouter
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -831,16 +626,6 @@ Description::
   read status of the specified EgressRouter
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -867,22 +652,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -908,12 +682,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/egressservice-k8s-ovn-org-v1.adoc b/rest_api/network_apis/egressservice-k8s-ovn-org-v1.adoc
new file mode 100644
index 000000000000..bc18e015749e
--- /dev/null
+++ b/rest_api/network_apis/egressservice-k8s-ovn-org-v1.adoc
@@ -0,0 +1,540 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="egressservice-k8s-ovn-org-v1"]
+= EgressService [k8s.ovn.org/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+EgressService is a CRD that allows the user to request that the source IP of egress packets originating from all of the pods that are endpoints of the corresponding LoadBalancer Service would be its ingress IP. In addition, it allows the user to request that egress packets originating from all of the pods that are endpoints of the LoadBalancer service would use a different network than the main one.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| EgressServiceSpec defines the desired state of EgressService
+
+| `status`
+| `object`
+| EgressServiceStatus defines the observed state of EgressService
+
+|===
+=== .spec
+Description::
++
+--
+EgressServiceSpec defines the desired state of EgressService
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `network`
+| `string`
+| The network which this service should send egress and corresponding ingress replies to. This is typically implemented as VRF mapping, representing a numeric id or string name of a routing table which by omission uses the default host routing.
+
+| `nodeSelector`
+| `object`
+| Allows limiting the nodes that can be selected to handle the service's traffic when sourceIPBy=LoadBalancerIP. When present only a node whose labels match the specified selectors can be selected for handling the service's traffic. When it is not specified any node in the cluster can be chosen to manage the service's traffic.
+
+| `sourceIPBy`
+| `string`
+| Determines the source IP of egress traffic originating from the pods backing the LoadBalancer Service. When `LoadBalancerIP` the source IP is set to its LoadBalancer ingress IP. When `Network` the source IP is set according to the interface of the Network, leveraging the masquerade rules that are already in place. Typically these rules specify SNAT to the IP of the outgoing interface, which means the packet will typically leave with the IP of the node.
+
+|===
+=== .spec.nodeSelector
+Description::
++
+--
+Allows limiting the nodes that can be selected to handle the service's traffic when sourceIPBy=LoadBalancerIP. When present only a node whose labels match the specified selectors can be selected for handling the service's traffic. When it is not specified any node in the cluster can be chosen to manage the service's traffic.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.nodeSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.nodeSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .status
+Description::
++
+--
+EgressServiceStatus defines the observed state of EgressService
+--
+
+Type::
+  `object`
+
+Required::
+  - `host`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `host`
+| `string`
+| The name of the node selected to handle the service's traffic. In case sourceIPBy=Network the field will be set to "ALL".
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/k8s.ovn.org/v1/egressservices`
+- `GET`: list objects of kind EgressService
+* `/apis/k8s.ovn.org/v1/namespaces/{namespace}/egressservices`
+- `DELETE`: delete collection of EgressService
+- `GET`: list objects of kind EgressService
+- `POST`: create an EgressService
+* `/apis/k8s.ovn.org/v1/namespaces/{namespace}/egressservices/{name}`
+- `DELETE`: delete an EgressService
+- `GET`: read the specified EgressService
+- `PATCH`: partially update the specified EgressService
+- `PUT`: replace the specified EgressService
+* `/apis/k8s.ovn.org/v1/namespaces/{namespace}/egressservices/{name}/status`
+- `GET`: read status of the specified EgressService
+- `PATCH`: partially update status of the specified EgressService
+- `PUT`: replace status of the specified EgressService
+
+
+=== /apis/k8s.ovn.org/v1/egressservices
+
+
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind EgressService
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#org.ovn.k8s.v1.EgressServiceList[`EgressServiceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/k8s.ovn.org/v1/namespaces/{namespace}/egressservices
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of EgressService
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind EgressService
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#org.ovn.k8s.v1.EgressServiceList[`EgressServiceList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create an EgressService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 201 - Created
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 202 - Accepted
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/k8s.ovn.org/v1/namespaces/{namespace}/egressservices/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the EgressService
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete an EgressService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified EgressService
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified EgressService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified EgressService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 201 - Created
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/k8s.ovn.org/v1/namespaces/{namespace}/egressservices/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the EgressService
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified EgressService
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified EgressService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified EgressService
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 201 - Created
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`EgressService`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/network_apis/endpoints-v1.adoc b/rest_api/network_apis/endpoints-v1.adoc
index 5f5d01ca5338..032b762840d4 100644
--- a/rest_api/network_apis/endpoints-v1.adoc
+++ b/rest_api/network_apis/endpoints-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="endpoints-v1"]
 = Endpoints [v1]
 :toc: macro
@@ -171,7 +171,7 @@ Required::
 
 | `ip`
 | `string`
-| The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also accepted but not fully supported on all platforms. Also, certain kubernetes components, like kube-proxy, are not IPv6 ready.
+| The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).
 
 | `nodeName`
 | `string`
@@ -266,7 +266,7 @@ Required::
 
 | `ip`
 | `string`
-| The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also accepted but not fully supported on all platforms. Also, certain kubernetes components, like kube-proxy, are not IPv6 ready.
+| The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).
 
 | `nodeName`
 | `string`
@@ -357,7 +357,16 @@ Required::
 
 | `appProtocol`
 | `string`
-| The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+| The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
+
+* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
+
+* Kubernetes-defined prefixed names:
+  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
 
 | `name`
 | `string`
@@ -404,49 +413,6 @@ The following API endpoints are available:
 === /api/v1/endpoints
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -469,49 +435,6 @@ Description::
 === /api/v1/watch/endpoints
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -533,23 +456,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/endpoints
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -562,57 +469,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -631,46 +492,6 @@ Description::
   list or watch objects of kind Endpoints
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -697,12 +518,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -731,58 +549,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/endpoints
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -811,19 +578,8 @@ Description::
 | `name`
 | `string`
 | name of the Endpoints
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -839,25 +595,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -902,25 +641,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -948,12 +673,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -987,54 +709,8 @@ Description::
 | `name`
 | `string`
 | name of the Endpoints
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc b/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc
index 74c9a240c4b6..bd24649f4674 100644
--- a/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc
+++ b/rest_api/network_apis/endpointslice-discovery-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="endpointslice-discovery-k8s-io-v1"]
 = EndpointSlice [discovery.k8s.io/v1]
 :toc: macro
@@ -150,7 +150,7 @@ Type::
 
 | `ready`
 | `boolean`
-| ready indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint. A nil value indicates an unknown state. In most cases consumers should interpret this unknown state as ready. For compatibility reasons, ready should never be "true" for terminating endpoints.
+| ready indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint. A nil value indicates an unknown state. In most cases consumers should interpret this unknown state as ready. For compatibility reasons, ready should never be "true" for terminating endpoints, except when the normal readiness behavior is being explicitly overridden, for example when the associated Service has set the publishNotReadyAddresses flag.
 
 | `serving`
 | `boolean`
@@ -256,19 +256,33 @@ Type::
 
 | `appProtocol`
 | `string`
-| The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+| The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
+
+* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
+
+* Kubernetes-defined prefixed names:
+  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
 
 | `name`
 | `string`
-| The name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.
+| name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.
 
 | `port`
 | `integer`
-| The port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.
+| port represents the port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.
 
 | `protocol`
 | `string`
-| The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
+| protocol represents the IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
 
 |===
 
@@ -298,49 +312,6 @@ The following API endpoints are available:
 === /apis/discovery.k8s.io/v1/endpointslices
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -363,49 +334,6 @@ Description::
 === /apis/discovery.k8s.io/v1/watch/endpointslices
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -427,23 +355,7 @@ Description::
 
 === /apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -456,57 +368,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -525,46 +391,6 @@ Description::
   list or watch objects of kind EndpointSlice
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -591,12 +417,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -625,58 +448,7 @@ Description::
 
 === /apis/discovery.k8s.io/v1/watch/namespaces/{namespace}/endpointslices
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -705,19 +477,8 @@ Description::
 | `name`
 | `string`
 | name of the EndpointSlice
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -733,25 +494,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -796,25 +540,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -842,12 +572,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -881,54 +608,8 @@ Description::
 | `name`
 | `string`
 | name of the EndpointSlice
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc b/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc
index 6c31c44a7c7d..589596c690a2 100644
--- a/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc
+++ b/rest_api/network_apis/ingress-networking-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingress-networking-k8s-io-v1"]
 = Ingress [networking.k8s.io/v1]
 :toc: macro
@@ -69,11 +69,11 @@ Type::
 
 | `ingressClassName`
 | `string`
-| IngressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present.
+| ingressClassName is the name of an IngressClass cluster resource. Ingress controller implementations use this field to know whether they should be serving this Ingress resource, by a transitive connection (controller -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` annotation (simple constant name) was never formally defined, it was widely supported by Ingress controllers to create a direct binding between Ingress controller and Ingress resources. Newly created Ingress resources should prefer using the field. However, even though the annotation is officially deprecated, for backwards compatibility reasons, ingress controllers should still honor that annotation if present.
 
 | `rules`
 | `array`
-| A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
+| rules is a list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
 
 | `rules[]`
 | `object`
@@ -81,11 +81,11 @@ Type::
 
 | `tls`
 | `array`
-| TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
+| tls represents the TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
 
 | `tls[]`
 | `object`
-| IngressTLS describes the transport layer security associated with an Ingress.
+| IngressTLS describes the transport layer security associated with an ingress.
 
 |===
 === .spec.defaultBackend
@@ -107,7 +107,7 @@ Type::
 
 | `resource`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.TypedLocalObjectReference[`TypedLocalObjectReference`]
-| Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
+| resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
 
 | `service`
 | `object`
@@ -135,7 +135,7 @@ Required::
 
 | `name`
 | `string`
-| Name is the referenced service. The service must exist in the same namespace as the Ingress object.
+| name is the referenced service. The service must exist in the same namespace as the Ingress object.
 
 | `port`
 | `object`
@@ -161,18 +161,18 @@ Type::
 
 | `name`
 | `string`
-| Name is the name of the port on the Service. This is a mutually exclusive setting with "Number".
+| name is the name of the port on the Service. This is a mutually exclusive setting with "Number".
 
 | `number`
 | `integer`
-| Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name".
+| number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name".
 
 |===
 === .spec.rules
 Description::
 +
 --
-A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
+rules is a list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.
 --
 
 Type::
@@ -200,14 +200,14 @@ Type::
 
 | `host`
 | `string`
-| Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
+| host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
    the IP in the Spec of the parent Ingress.
 2. The `:` delimiter is not respected because ports are not allowed.
 	  Currently the port of an Ingress is implicitly :80 for http and
 	  :443 for https.
 Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.
 
-Host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule.
+host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If host is precise, the request matches this rule if the http host header is equal to Host. 2. If host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule.
 
 | `http`
 | `object`
@@ -235,7 +235,7 @@ Required::
 
 | `paths`
 | `array`
-| A collection of paths that map requests to backends.
+| paths is a collection of paths that map requests to backends.
 
 | `paths[]`
 | `object`
@@ -246,7 +246,7 @@ Required::
 Description::
 +
 --
-A collection of paths that map requests to backends.
+paths is a collection of paths that map requests to backends.
 --
 
 Type::
@@ -281,11 +281,11 @@ Required::
 
 | `path`
 | `string`
-| Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
+| path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
 
 | `pathType`
 | `string`
-| PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
+| pathType determines the interpretation of the path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
   done on a path element by element basis. A path element refers is the
   list of labels in the path split by the '/' separator. A request is a
   match for path p if every p is an element-wise prefix of p of the
@@ -297,6 +297,11 @@ Required::
   or treat it identically to Prefix or Exact path types.
 Implementations are required to support all path types.
 
+Possible enum values:
+ - `"Exact"` matches the URL path exactly and with case sensitivity.
+ - `"ImplementationSpecific"` matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types.
+ - `"Prefix"` matches based on a URL path prefix split by '/'. Matching is case sensitive and done on a path element by element basis. A path element refers to the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). If multiple matching paths exist in an Ingress spec, the longest matching path is given priority. Examples: - /foo/bar does not match requests to /foo/barbaz - /foo/bar matches request to /foo/bar and /foo/bar/baz - /foo and /foo/ both match requests to /foo and /foo/. If both paths are present in an Ingress spec, the longest matching path (/foo/) is given priority.
+
 |===
 === .spec.rules[].http.paths[].backend
 Description::
@@ -317,7 +322,7 @@ Type::
 
 | `resource`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.TypedLocalObjectReference[`TypedLocalObjectReference`]
-| Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
+| resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
 
 | `service`
 | `object`
@@ -345,7 +350,7 @@ Required::
 
 | `name`
 | `string`
-| Name is the referenced service. The service must exist in the same namespace as the Ingress object.
+| name is the referenced service. The service must exist in the same namespace as the Ingress object.
 
 | `port`
 | `object`
@@ -371,18 +376,18 @@ Type::
 
 | `name`
 | `string`
-| Name is the name of the port on the Service. This is a mutually exclusive setting with "Number".
+| name is the name of the port on the Service. This is a mutually exclusive setting with "Number".
 
 | `number`
 | `integer`
-| Number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name".
+| number is the numerical port number (e.g. 80) on the Service. This is a mutually exclusive setting with "Name".
 
 |===
 === .spec.tls
 Description::
 +
 --
-TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
+tls represents the TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
 --
 
 Type::
@@ -395,7 +400,7 @@ Type::
 Description::
 +
 --
-IngressTLS describes the transport layer security associated with an Ingress.
+IngressTLS describes the transport layer security associated with an ingress.
 --
 
 Type::
@@ -410,11 +415,11 @@ Type::
 
 | `hosts`
 | `array (string)`
-| Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+| hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
 
 | `secretName`
 | `string`
-| SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.
+| secretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the "Host" header is used for routing.
 
 |===
 === .status
@@ -458,7 +463,7 @@ Type::
 
 | `ingress`
 | `array`
-| Ingress is a list containing ingress points for the load-balancer.
+| ingress is a list containing ingress points for the load-balancer.
 
 | `ingress[]`
 | `object`
@@ -469,7 +474,7 @@ Type::
 Description::
 +
 --
-Ingress is a list containing ingress points for the load-balancer.
+ingress is a list containing ingress points for the load-balancer.
 --
 
 Type::
@@ -497,15 +502,15 @@ Type::
 
 | `hostname`
 | `string`
-| Hostname is set for load-balancer ingress points that are DNS based.
+| hostname is set for load-balancer ingress points that are DNS based.
 
 | `ip`
 | `string`
-| IP is set for load-balancer ingress points that are IP based.
+| ip is set for load-balancer ingress points that are IP based.
 
 | `ports`
 | `array`
-| Ports provides information about the ports exposed by this LoadBalancer.
+| ports provides information about the ports exposed by this LoadBalancer.
 
 | `ports[]`
 | `object`
@@ -516,7 +521,7 @@ Type::
 Description::
 +
 --
-Ports provides information about the ports exposed by this LoadBalancer.
+ports provides information about the ports exposed by this LoadBalancer.
 --
 
 Type::
@@ -547,18 +552,18 @@ Required::
 
 | `error`
 | `string`
-| Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use
+| error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use
   CamelCase names
 - cloud provider specific error values must have names that comply with the
   format foo.example.com/CamelCase.
 
 | `port`
 | `integer`
-| Port is the port number of the ingress port.
+| port is the port number of the ingress port.
 
 | `protocol`
 | `string`
-| Protocol is the protocol of the ingress port. The supported values are: "TCP", "UDP", "SCTP"
+| protocol is the protocol of the ingress port. The supported values are: "TCP", "UDP", "SCTP"
 
 Possible enum values:
  - `"SCTP"` is the SCTP protocol.
@@ -597,49 +602,6 @@ The following API endpoints are available:
 === /apis/networking.k8s.io/v1/ingresses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -662,49 +624,6 @@ Description::
 === /apis/networking.k8s.io/v1/watch/ingresses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -726,23 +645,7 @@ Description::
 
 === /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -755,57 +658,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -824,46 +681,6 @@ Description::
   list or watch objects of kind Ingress
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -890,12 +707,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -924,58 +738,7 @@ Description::
 
 === /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/ingresses
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1004,19 +767,8 @@ Description::
 | `name`
 | `string`
 | name of the Ingress
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1032,25 +784,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1095,25 +830,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1141,12 +862,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1180,54 +898,8 @@ Description::
 | `name`
 | `string`
 | name of the Ingress
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1256,19 +928,8 @@ Description::
 | `name`
 | `string`
 | name of the Ingress
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1301,25 +962,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1347,12 +994,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/ingressclass-networking-k8s-io-v1.adoc b/rest_api/network_apis/ingressclass-networking-k8s-io-v1.adoc
index d79ff22466ab..d1a1ded22aae 100644
--- a/rest_api/network_apis/ingressclass-networking-k8s-io-v1.adoc
+++ b/rest_api/network_apis/ingressclass-networking-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingressclass-networking-k8s-io-v1"]
 = IngressClass [networking.k8s.io/v1]
 :toc: macro
@@ -61,7 +61,7 @@ Type::
 
 | `controller`
 | `string`
-| Controller refers to the name of the controller that should handle this class. This allows for different "flavors" that are controlled by the same controller. For example, you may have different Parameters for the same implementing controller. This should be specified as a domain-prefixed path no more than 250 characters in length, e.g. "acme.io/ingress-controller". This field is immutable.
+| controller refers to the name of the controller that should handle this class. This allows for different "flavors" that are controlled by the same controller. For example, you may have different parameters for the same implementing controller. This should be specified as a domain-prefixed path no more than 250 characters in length, e.g. "acme.io/ingress-controller". This field is immutable.
 
 | `parameters`
 | `object`
@@ -90,23 +90,23 @@ Required::
 
 | `apiGroup`
 | `string`
-| APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+| apiGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 
 | `kind`
 | `string`
-| Kind is the type of resource being referenced.
+| kind is the type of resource being referenced.
 
 | `name`
 | `string`
-| Name is the name of resource being referenced.
+| name is the name of resource being referenced.
 
 | `namespace`
 | `string`
-| Namespace is the namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".
+| namespace is the namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".
 
 | `scope`
 | `string`
-| Scope represents if this refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace".
+| scope represents if this refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace".
 
 |===
 
@@ -132,14 +132,6 @@ The following API endpoints are available:
 === /apis/networking.k8s.io/v1/ingressclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -152,57 +144,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -221,46 +167,6 @@ Description::
   list or watch objects of kind IngressClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -287,12 +193,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -322,49 +225,6 @@ Description::
 === /apis/networking.k8s.io/v1/watch/ingressclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -395,14 +255,6 @@ Description::
 | name of the IngressClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -418,25 +270,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -481,25 +316,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -527,12 +348,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -568,49 +386,6 @@ Description::
 | name of the IngressClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/network_apis/ippool-whereabouts-cni-cncf-io-v1alpha1.adoc b/rest_api/network_apis/ippool-whereabouts-cni-cncf-io-v1alpha1.adoc
index 1cedb40024ae..1d293718c520 100644
--- a/rest_api/network_apis/ippool-whereabouts-cni-cncf-io-v1alpha1.adoc
+++ b/rest_api/network_apis/ippool-whereabouts-cni-cncf-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ippool-whereabouts-cni-cncf-io-v1alpha1"]
 = IPPool [whereabouts.cni.cncf.io/v1alpha1]
 :toc: macro
@@ -137,49 +137,6 @@ The following API endpoints are available:
 === /apis/whereabouts.cni.cncf.io/v1alpha1/ippools
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -201,23 +158,7 @@ Description::
 
 === /apis/whereabouts.cni.cncf.io/v1alpha1/namespaces/{namespace}/ippools
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -226,46 +167,6 @@ Description::
   delete collection of IPPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -285,46 +186,6 @@ Description::
   list objects of kind IPPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -351,12 +212,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -392,19 +250,8 @@ Description::
 | `name`
 | `string`
 | name of the IPPool
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -420,25 +267,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -459,16 +289,6 @@ Description::
   read the specified IPPool
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -495,22 +315,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -536,12 +345,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/network-apis-index.adoc b/rest_api/network_apis/network-apis-index.adoc
index 1df68970f6b6..35c4e82b89b5 100644
--- a/rest_api/network_apis/network-apis-index.adoc
+++ b/rest_api/network_apis/network-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="network-apis"]
 = Network APIs
 :toc: macro
@@ -7,6 +7,17 @@
 
 toc::[]
 
+== AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]
+
+Description::
++
+--
+AdminPolicyBasedExternalRoute is a CRD allowing the cluster administrators to configure policies for external gateway IPs to be applied to all the pods contained in selected namespaces. Egress traffic from the pods that belong to the selected namespaces to outside the cluster is routed through these external gateway IPs.
+--
+
+Type::
+  `object`
+
 == CloudPrivateIPConfig [cloud.network.openshift.io/v1]
 
 Description::
@@ -49,6 +60,17 @@ Description::
 EgressQoS is a CRD that allows the user to define a DSCP value for pods egress traffic on its namespace to specified CIDRs. Traffic from these pods will be checked against each EgressQoSRule in the namespace's EgressQoS, and if there is a match the traffic is marked with the relevant DSCP value.
 --
 
+Type::
+  `object`
+
+== EgressService [k8s.ovn.org/v1]
+
+Description::
++
+--
+EgressService is a CRD that allows the user to request that the source IP of egress packets originating from all of the pods that are endpoints of the corresponding LoadBalancer Service would be its ingress IP. In addition, it allows the user to request that egress packets originating from all of the pods that are endpoints of the LoadBalancer service would use a different network than the main one.
+--
+
 Type::
   `object`
 
diff --git a/rest_api/network_apis/networkattachmentdefinition-k8s-cni-cncf-io-v1.adoc b/rest_api/network_apis/networkattachmentdefinition-k8s-cni-cncf-io-v1.adoc
index 6037b17a5bf8..1800cb934a06 100644
--- a/rest_api/network_apis/networkattachmentdefinition-k8s-cni-cncf-io-v1.adoc
+++ b/rest_api/network_apis/networkattachmentdefinition-k8s-cni-cncf-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="networkattachmentdefinition-k8s-cni-cncf-io-v1"]
 = NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
 :toc: macro
@@ -85,49 +85,6 @@ The following API endpoints are available:
 === /apis/k8s.cni.cncf.io/v1/network-attachment-definitions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -149,23 +106,7 @@ Description::
 
 === /apis/k8s.cni.cncf.io/v1/namespaces/{namespace}/network-attachment-definitions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -174,46 +115,6 @@ Description::
   delete collection of NetworkAttachmentDefinition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -233,46 +134,6 @@ Description::
   list objects of kind NetworkAttachmentDefinition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -299,12 +160,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -340,19 +198,8 @@ Description::
 | `name`
 | `string`
 | name of the NetworkAttachmentDefinition
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -368,25 +215,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -407,16 +237,6 @@ Description::
   read the specified NetworkAttachmentDefinition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -443,22 +263,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -484,12 +293,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc b/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc
index 6e73b68ece6f..e45f848a09f3 100644
--- a/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc
+++ b/rest_api/network_apis/networkpolicy-networking-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="networkpolicy-networking-k8s-io-v1"]
 = NetworkPolicy [networking.k8s.io/v1]
 :toc: macro
@@ -41,10 +41,6 @@ Type::
 | `object`
 | NetworkPolicySpec provides the specification of a NetworkPolicy
 
-| `status`
-| `object`
-| NetworkPolicyStatus describe the current state of the NetworkPolicy.
-
 |===
 === .spec
 Description::
@@ -67,7 +63,7 @@ Required::
 
 | `egress`
 | `array`
-| List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
+| egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
 
 | `egress[]`
 | `object`
@@ -75,7 +71,7 @@ Required::
 
 | `ingress`
 | `array`
-| List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
+| ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
 
 | `ingress[]`
 | `object`
@@ -83,18 +79,18 @@ Required::
 
 | `podSelector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
-| Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.
+| podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.
 
 | `policyTypes`
 | `array (string)`
-| List of rule types that the NetworkPolicy relates to. Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8
+| policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8
 
 |===
 === .spec.egress
 Description::
 +
 --
-List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
+egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
 --
 
 Type::
@@ -122,7 +118,7 @@ Type::
 
 | `ports`
 | `array`
-| List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+| ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
 
 | `ports[]`
 | `object`
@@ -130,7 +126,7 @@ Type::
 
 | `to`
 | `array`
-| List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+| to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
 
 | `to[]`
 | `object`
@@ -141,7 +137,7 @@ Type::
 Description::
 +
 --
-List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
 --
 
 Type::
@@ -169,22 +165,27 @@ Type::
 
 | `endPort`
 | `integer`
-| If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.
+| endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.
 
 | `port`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
-| The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
+| port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
 
 | `protocol`
 | `string`
-| The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+| protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
 
 |===
 === .spec.egress[].to
 Description::
 +
 --
-List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
 --
 
 Type::
@@ -216,15 +217,15 @@ Type::
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
-| Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.
+| namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.
 
-If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
+If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.
 
 | `podSelector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
-| This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.
+| podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods.
 
-If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
+If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.
 
 |===
 === .spec.egress[].to[].ipBlock
@@ -248,18 +249,18 @@ Required::
 
 | `cidr`
 | `string`
-| CIDR is a string representing the IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64"
+| cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"
 
 | `except`
 | `array (string)`
-| Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the CIDR range
+| except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range
 
 |===
 === .spec.ingress
 Description::
 +
 --
-List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
+ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
 --
 
 Type::
@@ -287,7 +288,7 @@ Type::
 
 | `from`
 | `array`
-| List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
+| from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
 
 | `from[]`
 | `object`
@@ -295,7 +296,7 @@ Type::
 
 | `ports`
 | `array`
-| List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+| ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
 
 | `ports[]`
 | `object`
@@ -306,7 +307,7 @@ Type::
 Description::
 +
 --
-List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
+from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
 --
 
 Type::
@@ -338,15 +339,15 @@ Type::
 
 | `namespaceSelector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
-| Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.
+| namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.
 
-If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
+If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.
 
 | `podSelector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
-| This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.
+| podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods.
 
-If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
+If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.
 
 |===
 === .spec.ingress[].from[].ipBlock
@@ -370,18 +371,18 @@ Required::
 
 | `cidr`
 | `string`
-| CIDR is a string representing the IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64"
+| cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"
 
 | `except`
 | `array (string)`
-| Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the CIDR range
+| except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range
 
 |===
 === .spec.ingress[].ports
 Description::
 +
 --
-List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
 --
 
 Type::
@@ -409,37 +410,20 @@ Type::
 
 | `endPort`
 | `integer`
-| If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.
+| endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.
 
 | `port`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
-| The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
+| port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
 
 | `protocol`
 | `string`
-| The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
-
-|===
-=== .status
-Description::
-+
---
-NetworkPolicyStatus describe the current state of the NetworkPolicy.
---
-
-Type::
-  `object`
-
-
+| protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
 
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `conditions`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Condition[`array (Condition)`]
-| Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state
+Possible enum values:
+ - `"SCTP"` is the SCTP protocol.
+ - `"TCP"` is the TCP protocol.
+ - `"UDP"` is the UDP protocol.
 
 |===
 
@@ -464,58 +448,11 @@ The following API endpoints are available:
 - `PUT`: replace the specified NetworkPolicy
 * `/apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies/{name}`
 - `GET`: watch changes to an object of kind NetworkPolicy. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
-* `/apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status`
-- `GET`: read status of the specified NetworkPolicy
-- `PATCH`: partially update status of the specified NetworkPolicy
-- `PUT`: replace status of the specified NetworkPolicy
 
 
 === /apis/networking.k8s.io/v1/networkpolicies
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -538,49 +475,6 @@ Description::
 === /apis/networking.k8s.io/v1/watch/networkpolicies
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -602,23 +496,7 @@ Description::
 
 === /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -631,57 +509,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -700,46 +532,6 @@ Description::
   list or watch objects of kind NetworkPolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -766,12 +558,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -800,58 +589,7 @@ Description::
 
 === /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -880,19 +618,8 @@ Description::
 | `name`
 | `string`
 | name of the NetworkPolicy
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -908,25 +635,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -971,25 +681,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1017,12 +713,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1056,54 +749,8 @@ Description::
 | `name`
 | `string`
 | name of the NetworkPolicy
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1123,133 +770,3 @@ Description::
 |===
 
 
-=== /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}/status
-
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `name`
-| `string`
-| name of the NetworkPolicy
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
-
-HTTP method::
-  `GET`
-
-Description::
-  read status of the specified NetworkPolicy
-
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
-| 401 - Unauthorized
-| Empty
-|===
-
-HTTP method::
-  `PATCH`
-
-Description::
-  partially update status of the specified NetworkPolicy
-
-
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `dryRun`
-| `string`
-| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
-| `fieldValidation`
-| `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
-|===
-
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
-| 201 - Created
-| xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
-| 401 - Unauthorized
-| Empty
-|===
-
-HTTP method::
-  `PUT`
-
-Description::
-  replace status of the specified NetworkPolicy
-
-
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `dryRun`
-| `string`
-| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
-| `fieldValidation`
-| `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-|===
-
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
-| 
-|===
-
-.HTTP responses
-[cols="1,1",options="header"]
-|===
-| HTTP code | Reponse body
-| 200 - OK
-| xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
-| 201 - Created
-| xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`NetworkPolicy`] schema
-| 401 - Unauthorized
-| Empty
-|===
-
-
diff --git a/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc b/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc
index aa9aa72b4eb6..c1ebd22c80ff 100644
--- a/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc
+++ b/rest_api/network_apis/overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overlappingrangeipreservation-whereabouts-cni-cncf-io-v1alpha1"]
 = OverlappingRangeIPReservation [whereabouts.cni.cncf.io/v1alpha1]
 :toc: macro
@@ -93,49 +93,6 @@ The following API endpoints are available:
 === /apis/whereabouts.cni.cncf.io/v1alpha1/overlappingrangeipreservations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -157,23 +114,7 @@ Description::
 
 === /apis/whereabouts.cni.cncf.io/v1alpha1/namespaces/{namespace}/overlappingrangeipreservations
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -182,46 +123,6 @@ Description::
   delete collection of OverlappingRangeIPReservation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -241,46 +142,6 @@ Description::
   list objects of kind OverlappingRangeIPReservation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -307,12 +168,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -348,19 +206,8 @@ Description::
 | `name`
 | `string`
 | name of the OverlappingRangeIPReservation
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -376,25 +223,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -415,16 +245,6 @@ Description::
   read the specified OverlappingRangeIPReservation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -451,22 +271,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -492,12 +301,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc b/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc
index 8bdbcbdc63ce..744bba870eb1 100644
--- a/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc
+++ b/rest_api/network_apis/podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="podnetworkconnectivitycheck-controlplane-operator-openshift-io-v1alpha1"]
 = PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
 :toc: macro
@@ -506,49 +506,6 @@ The following API endpoints are available:
 === /apis/controlplane.operator.openshift.io/v1alpha1/podnetworkconnectivitychecks
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -570,23 +527,7 @@ Description::
 
 === /apis/controlplane.operator.openshift.io/v1alpha1/namespaces/{namespace}/podnetworkconnectivitychecks
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -595,46 +536,6 @@ Description::
   delete collection of PodNetworkConnectivityCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -654,46 +555,6 @@ Description::
   list objects of kind PodNetworkConnectivityCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -720,12 +581,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -761,19 +619,8 @@ Description::
 | `name`
 | `string`
 | name of the PodNetworkConnectivityCheck
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -789,25 +636,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -828,16 +658,6 @@ Description::
   read the specified PodNetworkConnectivityCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -864,22 +684,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -905,12 +714,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -944,19 +750,8 @@ Description::
 | `name`
 | `string`
 | name of the PodNetworkConnectivityCheck
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -965,16 +760,6 @@ Description::
   read status of the specified PodNetworkConnectivityCheck
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1001,22 +786,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1042,12 +816,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/route-route-openshift-io-v1.adoc b/rest_api/network_apis/route-route-openshift-io-v1.adoc
index 743258f3092d..f7520d17847d 100644
--- a/rest_api/network_apis/route-route-openshift-io-v1.adoc
+++ b/rest_api/network_apis/route-route-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="route-route-openshift-io-v1"]
 = Route [route.openshift.io/v1]
 :toc: macro
@@ -47,7 +47,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -93,6 +93,10 @@ Required::
 | `string`
 | host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.
 
+| `httpHeaders`
+| `object`
+| RouteHTTPHeaders defines policy for HTTP headers.
+
 | `path`
 | `string`
 | path that the router watches for, to route traffic for to the service. Optional
@@ -165,6 +169,250 @@ Required::
 | `integer`
 | weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.
 
+|===
+=== .spec.httpHeaders
+Description::
++
+--
+RouteHTTPHeaders defines policy for HTTP headers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `actions`
+| `object`
+| RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.
+
+|===
+=== .spec.httpHeaders.actions
+Description::
++
+--
+RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `request`
+| `array`
+| request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.
+
+| `request[]`
+| `object`
+| RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+
+| `response`
+| `array`
+| response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.
+
+| `response[]`
+| `object`
+| RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+
+|===
+=== .spec.httpHeaders.actions.request
+Description::
++
+--
+request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.httpHeaders.actions.request[]
+Description::
++
+--
+RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `action`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `object`
+| RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.
+
+| `name`
+| `string`
+| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.
+
+|===
+=== .spec.httpHeaders.actions.request[].action
+Description::
++
+--
+RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `set`
+| `object`
+| RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.
+
+| `type`
+| `string`
+| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+
+|===
+=== .spec.httpHeaders.actions.request[].action.set
+Description::
++
+--
+RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `value`
+| `string`
+| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+
+|===
+=== .spec.httpHeaders.actions.response
+Description::
++
+--
+response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.httpHeaders.actions.response[]
+Description::
++
+--
+RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+  - `action`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `object`
+| RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.
+
+| `name`
+| `string`
+| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.
+
+|===
+=== .spec.httpHeaders.actions.response[].action
+Description::
++
+--
+RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `set`
+| `object`
+| RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.
+
+| `type`
+| `string`
+| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+
+|===
+=== .spec.httpHeaders.actions.response[].action.set
+Description::
++
+--
+RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `value`
+| `string`
+| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+
 |===
 === .spec.port
 Description::
@@ -221,11 +469,15 @@ Required::
 | `string`
 | destinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.
 
+| `externalCertificate`
+| `object`
+| LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+
 | `insecureEdgeTerminationPolicy`
 | `string`
 | insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.
 
-* Allow - traffic is sent to the server on the insecure port (default) * Disable - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.
+* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). * None - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.
 
 | `key`
 | `string`
@@ -237,6 +489,30 @@ Required::
 
 * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend
 
+Note: passthrough termination is incompatible with httpHeader actions
+
+|===
+=== .spec.tls.externalCertificate
+Description::
++
+--
+LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
 |===
 === .spec.to
 Description::
@@ -437,49 +713,6 @@ The following API endpoints are available:
 === /apis/route.openshift.io/v1/routes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -502,49 +735,6 @@ Description::
 === /apis/route.openshift.io/v1/watch/routes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -566,23 +756,7 @@ Description::
 
 === /apis/route.openshift.io/v1/namespaces/{namespace}/routes
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -595,57 +769,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -664,46 +792,6 @@ Description::
   list or watch objects of kind Route
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -730,12 +818,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -764,58 +849,7 @@ Description::
 
 === /apis/route.openshift.io/v1/watch/namespaces/{namespace}/routes
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -844,19 +878,8 @@ Description::
 | `name`
 | `string`
 | name of the Route
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -872,25 +895,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -935,25 +941,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -981,12 +973,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1020,54 +1009,8 @@ Description::
 | `name`
 | `string`
 | name of the Route
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1096,19 +1039,8 @@ Description::
 | `name`
 | `string`
 | name of the Route
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1141,25 +1073,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1187,12 +1105,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/network_apis/service-v1.adoc b/rest_api/network_apis/service-v1.adoc
index 191bbe15a18e..6b99b51b54c8 100644
--- a/rest_api/network_apis/service-v1.adoc
+++ b/rest_api/network_apis/service-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="service-v1"]
 = Service [v1]
 :toc: macro
@@ -90,7 +90,9 @@ This field may hold a maximum of two entries (dual-stack IPs, in either order).
 | externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
 
 Possible enum values:
+ - `"Cluster"`
  - `"Cluster"` routes traffic to all endpoints.
+ - `"Local"`
  - `"Local"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).
 
 | `healthCheckNodePort`
@@ -101,6 +103,10 @@ Possible enum values:
 | `string`
 | InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
 
+Possible enum values:
+ - `"Cluster"` routes traffic to all endpoints.
+ - `"Local"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).
+
 | `ipFamilies`
 | `array (string)`
 | IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6".  This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName.
@@ -111,13 +117,18 @@ This field may hold a maximum of two entries (dual-stack families, in either ord
 | `string`
 | IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
 
+Possible enum values:
+ - `"PreferDualStack"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster
+ - `"RequireDualStack"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver
+ - `"SingleStack"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field
+
 | `loadBalancerClass`
 | `string`
 | loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
 
 | `loadBalancerIP`
 | `string`
-| Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.
+| Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.
 
 | `loadBalancerSourceRanges`
 | `array (string)`
@@ -196,7 +207,16 @@ Required::
 
 | `appProtocol`
 | `string`
-| The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+| The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
+
+* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
+
+* Kubernetes-defined prefixed names:
+  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+
+* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
 
 | `name`
 | `string`
@@ -452,49 +472,6 @@ The following API endpoints are available:
 === /api/v1/services
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -517,49 +494,6 @@ Description::
 === /api/v1/watch/services
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -581,23 +515,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/services
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -610,57 +528,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -679,46 +551,6 @@ Description::
   list or watch objects of kind Service
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -745,12 +577,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -779,58 +608,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/services
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -859,19 +637,8 @@ Description::
 | `name`
 | `string`
 | name of the Service
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -887,25 +654,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -950,25 +700,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -996,12 +732,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1035,54 +768,8 @@ Description::
 | `name`
 | `string`
 | name of the Service
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1111,19 +798,8 @@ Description::
 | `name`
 | `string`
 | name of the Service
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1156,25 +832,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1202,12 +864,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/node_apis/node-apis-index.adoc b/rest_api/node_apis/node-apis-index.adoc
index ec280134200d..4b0f4af41661 100644
--- a/rest_api/node_apis/node-apis-index.adoc
+++ b/rest_api/node_apis/node-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="node-apis"]
 = Node APIs
 :toc: macro
diff --git a/rest_api/node_apis/node-v1.adoc b/rest_api/node_apis/node-v1.adoc
index ec01a411794f..aa8e68698c90 100644
--- a/rest_api/node_apis/node-v1.adoc
+++ b/rest_api/node_apis/node-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="node-v1"]
 = Node [v1]
 :toc: macro
@@ -234,7 +234,7 @@ Type::
 
 | `addresses`
 | `array`
-| List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
+| List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).
 
 | `addresses[]`
 | `object`
@@ -302,7 +302,7 @@ Possible enum values:
 Description::
 +
 --
-List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
+List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).
 --
 
 Type::
@@ -847,14 +847,6 @@ The following API endpoints are available:
 === /api/v1/nodes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -867,57 +859,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -936,46 +882,6 @@ Description::
   list or watch objects of kind Node
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1002,12 +908,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1037,49 +940,6 @@ Description::
 === /api/v1/watch/nodes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1110,14 +970,6 @@ Description::
 | name of the Node
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1133,25 +985,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1196,25 +1031,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1242,12 +1063,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1283,49 +1101,6 @@ Description::
 | name of the Node
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1356,14 +1131,6 @@ Description::
 | name of the Node
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1396,25 +1163,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1442,12 +1195,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc b/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc
index b2f26f1d7fa2..01c0e39d5a3c 100644
--- a/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc
+++ b/rest_api/node_apis/performanceprofile-performance-openshift-io-v2.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="performanceprofile-performance-openshift-io-v2"]
 = PerformanceProfile [performance.openshift.io/v2]
 :toc: macro
@@ -68,7 +68,7 @@ Required::
 
 | `additionalKernelArgs`
 | `array (string)`
-| Addional kernel arguments.
+| Additional kernel arguments.
 
 | `cpu`
 | `object`
@@ -147,6 +147,10 @@ Required::
 | `string`
 | Reserved defines a set of CPUs that will not be used for any container workloads initiated by kubelet.
 
+| `shared`
+| `string`
+| Shared defines a set of CPUs that will be shared among guaranteed workloads that needs additional cpus which are not exclusive, alongside the isolated, exclusive resources that are being used already by those workloads.
+
 |===
 === .spec.hugepages
 Description::
@@ -357,15 +361,19 @@ Type::
 
 | `highPowerConsumption`
 | `boolean`
-| HighPowerConsumption defines if the node should be configured in high power consumption mode. The flag will affect the power consumption but will improve the CPUs latency.
+| HighPowerConsumption defines if the node should be configured in high power consumption mode. The flag will affect the power consumption but will improve the CPUs latency. Defaults to false.
+
+| `mixedCpus`
+| `boolean`
+| MixedCpus enables the mixed-cpu-node-plugin on the node. Defaults to false.
 
 | `perPodPowerManagement`
 | `boolean`
-| PerPodPowerManagement defines if the node should be configured in per pod power management. PerPodPowerManagement and HighPowerConsumption hints can not be enabled together.
+| PerPodPowerManagement defines if the node should be configured in per pod power management. PerPodPowerManagement and HighPowerConsumption hints can not be enabled together. Defaults to false.
 
 | `realTime`
 | `boolean`
-| RealTime defines if the node should be configured for the real time workload.
+| RealTime defines if the node should be configured for the real time workload. Defaults to true.
 
 |===
 === .status
@@ -483,14 +491,6 @@ The following API endpoints are available:
 === /apis/performance.openshift.io/v2/performanceprofiles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -499,46 +499,6 @@ Description::
   delete collection of PerformanceProfile
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -558,46 +518,6 @@ Description::
   list objects of kind PerformanceProfile
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -624,12 +544,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -667,14 +584,6 @@ Description::
 | name of the PerformanceProfile
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -690,25 +599,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -729,16 +621,6 @@ Description::
   read the specified PerformanceProfile
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -765,22 +647,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -806,12 +677,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -847,14 +715,6 @@ Description::
 | name of the PerformanceProfile
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -863,16 +723,6 @@ Description::
   read status of the specified PerformanceProfile
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -899,22 +749,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -940,12 +779,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc b/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc
index 3d5c83f10529..c96f260d27b5 100644
--- a/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc
+++ b/rest_api/node_apis/profile-tuned-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="profile-tuned-openshift-io-v1"]
 = Profile [tuned.openshift.io/v1]
 :toc: macro
@@ -147,10 +147,6 @@ Required::
 |===
 | Property | Type | Description
 
-| `bootcmdline`
-| `string`
-| kernel parameters calculated by tuned for the active Tuned profile
-
 | `conditions`
 | `array`
 | conditions represents the state of the per-node Profile application
@@ -235,54 +231,15 @@ The following API endpoints are available:
 - `GET`: read the specified Profile
 - `PATCH`: partially update the specified Profile
 - `PUT`: replace the specified Profile
+* `/apis/tuned.openshift.io/v1/namespaces/{namespace}/profiles/{name}/status`
+- `GET`: read status of the specified Profile
+- `PATCH`: partially update status of the specified Profile
+- `PUT`: replace status of the specified Profile
 
 
 === /apis/tuned.openshift.io/v1/profiles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -304,23 +261,7 @@ Description::
 
 === /apis/tuned.openshift.io/v1/namespaces/{namespace}/profiles
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -329,46 +270,6 @@ Description::
   delete collection of Profile
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -388,46 +289,6 @@ Description::
   list objects of kind Profile
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -454,12 +315,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -495,19 +353,8 @@ Description::
 | `name`
 | `string`
 | name of the Profile
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -523,25 +370,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -562,15 +392,35 @@ Description::
   read the specified Profile
 
 
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[`Profile`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified Profile
+
+
 .Query parameters
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `resourceVersion`
+| `dryRun`
 | `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 
@@ -585,10 +435,10 @@ Defaults to unset
 |===
 
 HTTP method::
-  `PATCH`
+  `PUT`
 
 Description::
-  partially update the specified Profile
+  replace the specified Profile
 
 
 .Query parameters
@@ -598,12 +448,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -611,7 +458,7 @@ Description::
 |===
 | Parameter | Type | Description
 | `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
+| xref:../node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[`Profile`] schema
 | 
 |===
 
@@ -621,15 +468,49 @@ Description::
 | HTTP code | Reponse body
 | 200 - OK
 | xref:../node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[`Profile`] schema
+| 201 - Created
+| xref:../node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[`Profile`] schema
 | 401 - Unauthorized
 | Empty
 |===
 
+
+=== /apis/tuned.openshift.io/v1/namespaces/{namespace}/profiles/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the Profile
+|===
+
+
 HTTP method::
-  `PUT`
+  `GET`
 
 Description::
-  replace the specified Profile
+  read status of the specified Profile
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[`Profile`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified Profile
 
 
 .Query parameters
@@ -639,12 +520,39 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../node_apis/profile-tuned-openshift-io-v1.adoc#profile-tuned-openshift-io-v1[`Profile`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified Profile
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
 | `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc b/rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc
index 4568810c6780..051ea1c50e99 100644
--- a/rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc
+++ b/rest_api/node_apis/runtimeclass-node-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="runtimeclass-node-k8s-io-v1"]
 = RuntimeClass [node.k8s.io/v1]
 :toc: macro
@@ -33,7 +33,7 @@ Required::
 
 | `handler`
 | `string`
-| Handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration.  It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.
+| handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration.  It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.
 
 | `kind`
 | `string`
@@ -71,7 +71,7 @@ Type::
 
 | `podFixed`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| PodFixed represents the fixed resource overhead associated with running a pod.
+| podFixed represents the fixed resource overhead associated with running a pod.
 
 |===
 === .scheduling
@@ -123,14 +123,6 @@ The following API endpoints are available:
 === /apis/node.k8s.io/v1/runtimeclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -143,57 +135,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -212,46 +158,6 @@ Description::
   list or watch objects of kind RuntimeClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -278,12 +184,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -313,49 +216,6 @@ Description::
 === /apis/node.k8s.io/v1/watch/runtimeclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -386,14 +246,6 @@ Description::
 | name of the RuntimeClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -409,25 +261,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -472,25 +307,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -518,12 +339,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -559,49 +377,6 @@ Description::
 | name of the RuntimeClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc b/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc
index 7bc47b056a04..edfdc226397a 100644
--- a/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc
+++ b/rest_api/node_apis/tuned-tuned-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tuned-tuned-openshift-io-v1"]
 = Tuned [tuned.openshift.io/v1]
 :toc: macro
@@ -315,49 +315,6 @@ The following API endpoints are available:
 === /apis/tuned.openshift.io/v1/tuneds
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -379,23 +336,7 @@ Description::
 
 === /apis/tuned.openshift.io/v1/namespaces/{namespace}/tuneds
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -404,46 +345,6 @@ Description::
   delete collection of Tuned
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -463,46 +364,6 @@ Description::
   list objects of kind Tuned
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -529,12 +390,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -570,19 +428,8 @@ Description::
 | `name`
 | `string`
 | name of the Tuned
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -598,25 +445,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -637,16 +467,6 @@ Description::
   read the specified Tuned
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -673,22 +493,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -714,12 +523,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/oauth_apis/oauth-apis-index.adoc b/rest_api/oauth_apis/oauth-apis-index.adoc
index 95d4d7df1eaf..7fe5bd6540e4 100644
--- a/rest_api/oauth_apis/oauth-apis-index.adoc
+++ b/rest_api/oauth_apis/oauth-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oauth-apis"]
 = OAuth APIs
 :toc: macro
diff --git a/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc
index ee57a5641580..abfbb5784782 100644
--- a/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthaccesstoken-oauth-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oauthaccesstoken-oauth-openshift-io-v1"]
 = OAuthAccessToken [oauth.openshift.io/v1]
 :toc: macro
@@ -54,8 +54,8 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURI`
 | `string`
@@ -107,7 +107,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -123,7 +123,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -140,15 +140,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -159,6 +159,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -196,10 +211,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -210,7 +225,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -223,6 +238,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -259,6 +289,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -294,10 +327,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -308,12 +341,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -324,6 +357,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -367,7 +415,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -389,10 +437,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -450,9 +498,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -493,6 +544,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -534,10 +588,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -548,12 +602,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -564,6 +618,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc
index 289a8be50a42..f717dab0a1ee 100644
--- a/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthauthorizetoken-oauth-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oauthauthorizetoken-oauth-openshift-io-v1"]
 = OAuthAuthorizeToken [oauth.openshift.io/v1]
 :toc: macro
@@ -52,8 +52,8 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURI`
 | `string`
@@ -105,7 +105,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -121,7 +121,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -138,15 +138,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -157,6 +157,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -194,10 +209,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -208,7 +223,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -221,6 +236,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -257,6 +287,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -292,10 +325,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -306,12 +339,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -322,6 +355,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -365,7 +413,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -387,10 +435,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -448,9 +496,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -491,6 +542,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -532,10 +586,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -546,12 +600,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -562,6 +616,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc
index 77cef785315b..4a66c9e3c78c 100644
--- a/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthclient-oauth-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oauthclient-oauth-openshift-io-v1"]
 = OAuthClient [oauth.openshift.io/v1]
 :toc: macro
@@ -56,8 +56,8 @@ WARNING: existing tokens' timeout will not be affected (lowered) by changing thi
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURIs`
 | `array (string)`
@@ -182,7 +182,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -198,7 +198,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -215,15 +215,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -234,6 +234,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -271,10 +286,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -285,7 +300,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -298,6 +313,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -334,6 +364,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -369,10 +402,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -383,12 +416,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -399,6 +432,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -442,7 +490,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -464,10 +512,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -525,9 +573,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -568,6 +619,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -609,10 +663,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -623,12 +677,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -639,6 +693,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc
index 81e8b9716ff5..52474dcf31a6 100644
--- a/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/oauthclientauthorization-oauth-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="oauthclientauthorization-oauth-openshift-io-v1"]
 = OAuthClientAuthorization [oauth.openshift.io/v1]
 :toc: macro
@@ -40,8 +40,8 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `scopes`
 | `array (string)`
@@ -85,7 +85,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -101,7 +101,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -118,15 +118,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -137,6 +137,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -174,10 +189,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -188,7 +203,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -201,6 +216,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -237,6 +267,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -272,10 +305,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -286,12 +319,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -302,6 +335,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -345,7 +393,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -367,10 +415,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -428,9 +476,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -471,6 +522,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -512,10 +566,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -526,12 +580,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -542,6 +596,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc b/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc
index b6f2120e65ab..220bc38fca7e 100644
--- a/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc
+++ b/rest_api/oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="useroauthaccesstoken-oauth-openshift-io-v1"]
 = UserOAuthAccessToken [oauth.openshift.io/v1]
 :toc: macro
@@ -50,8 +50,8 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `redirectURI`
 | `string`
@@ -99,10 +99,10 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -113,12 +113,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -129,6 +129,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -164,10 +179,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -178,12 +193,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -194,6 +209,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -237,7 +267,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -259,10 +289,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -321,10 +351,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -335,12 +365,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -351,6 +381,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/objects/index.adoc b/rest_api/objects/index.adoc
index 28906c5b4050..4892c674ed86 100644
--- a/rest_api/objects/index.adoc
+++ b/rest_api/objects/index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="api-object-reference"]
 = Common object reference
 :toc: macro
@@ -702,7 +702,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -745,7 +745,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -788,7 +788,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -831,7 +831,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -874,7 +874,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -917,7 +917,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -960,7 +960,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1003,7 +1003,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1046,7 +1046,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1089,7 +1089,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1132,7 +1132,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1175,7 +1175,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1218,7 +1218,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1261,7 +1261,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1304,7 +1304,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1339,7 +1339,7 @@ Required::
 
 | `items`
 | xref:../oauth_apis/useroauthaccesstoken-oauth-openshift-io-v1.adoc#useroauthaccesstoken-oauth-openshift-io-v1[`array (UserOAuthAccessToken)`]
-|
+| 
 
 | `kind`
 | `string`
@@ -1347,7 +1347,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1390,7 +1390,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1433,7 +1433,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1476,7 +1476,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1519,7 +1519,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1562,7 +1562,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1605,7 +1605,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1648,7 +1648,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1691,7 +1691,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1734,7 +1734,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1777,7 +1777,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -1819,11 +1819,11 @@ Type::
 
 | `owned`
 | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.APIServiceDescription[`array (APIServiceDescription)`]
-|
+| 
 
 | `required`
 | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.APIServiceDescription[`array (APIServiceDescription)`]
-|
+| 
 
 |===
 
@@ -1852,11 +1852,11 @@ Type::
 
 | `owned`
 | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.CRDDescription[`array (CRDDescription)`]
-|
+| 
 
 | `required`
 | xref:../objects/index.adoc#com.github.operator-framework.api.pkg.operators.v1alpha1.CRDDescription[`array (CRDDescription)`]
-|
+| 
 
 |===
 
@@ -1886,11 +1886,11 @@ Required::
 
 | `supported`
 | `boolean`
-|
+| 
 
 | `type`
 | `string`
-|
+| 
 
 |===
 
@@ -1923,7 +1923,7 @@ Required::
 
 | `items`
 | xref:../operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc#packagemanifest-packages-operators-coreos-com-v1[`array (PackageManifest)`]
-|
+| 
 
 | `kind`
 | `string`
@@ -1931,7 +1931,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| 
 
 |===
 
@@ -2505,7 +2505,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
-|
+| 
 
 |===
 
@@ -2538,7 +2538,7 @@ Required::
 
 | `items`
 | xref:../metadata_apis/lease-coordination-k8s-io-v1.adoc#lease-coordination-k8s-io-v1[`array (Lease)`]
-| Items is a list of schema objects.
+| items is a list of schema objects.
 
 | `kind`
 | `string`
@@ -2962,15 +2962,15 @@ Required::
 
 | `lastTransitionTime`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
-|
+| 
 
 | `message`
 | `string`
-|
+| 
 
 | `reason`
 | `string`
-|
+| 
 
 | `status`
 | `string`
@@ -3208,6 +3208,10 @@ Type::
 | `string`
 | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `volumeName`
 | `string`
 | volumeName is the binding reference to the PersistentVolume backing this claim.
@@ -3322,7 +3326,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 ..spec.resources.claims
@@ -3383,9 +3387,52 @@ Type::
 | `array (string)`
 | accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 
+| `allocatedResourceStatuses`
+| `object (string)`
+| allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:
+	* Un-prefixed keys:
+		- storage - the capacity of the volume.
+	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
+
+ClaimResourceStatus can be in any of following states:
+	- ControllerResizeInProgress:
+		State set when resize controller starts resizing the volume in control-plane.
+	- ControllerResizeFailed:
+		State set when resize has failed in resize controller with a terminal error.
+	- NodeResizePending:
+		State set when resize controller has finished resizing the volume but further resizing of
+		volume is needed on the node.
+	- NodeResizeInProgress:
+		State set when kubelet starts resizing the volume.
+	- NodeResizeFailed:
+		State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
+		NodeResizeFailed.
+For example: if expanding a PVC for more capacity - this field can be one of the following states:
+	- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
+     - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
+     - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
+     - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
+     - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
+When this field is not set, it means that no resize operation is in progress for the given PVC.
+
+A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
+
+This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
 | `allocatedResources`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+| allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:
+	* Un-prefixed keys:
+		- storage - the capacity of the volume.
+	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
+
+Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.
+
+A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
+
+This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
@@ -3397,7 +3444,7 @@ Type::
 
 | `conditions[]`
 | `object`
-| PersistentVolumeClaimCondition contails details about state of pvc
+| PersistentVolumeClaimCondition contains details about state of pvc
 
 | `phase`
 | `string`
@@ -3408,10 +3455,6 @@ Possible enum values:
  - `"Lost"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.
  - `"Pending"` used for PersistentVolumeClaims that are not yet bound
 
-| `resizeStatus`
-| `string`
-| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
-
 |===
 ..status.conditions
 Description::
@@ -3428,7 +3471,7 @@ Type::
 Description::
 +
 --
-PersistentVolumeClaimCondition contails details about state of pvc
+PersistentVolumeClaimCondition contains details about state of pvc
 --
 
 Type::
@@ -3461,11 +3504,11 @@ Required::
 
 | `status`
 | `string`
-|
+| 
 
 | `type`
 | `string`
-|
+| 
 
 |===
 
@@ -3693,6 +3736,10 @@ Possible enum values:
 | `string`
 | volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `vsphereVolume`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource[`VsphereVirtualDiskVolumeSource`]
 | vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
@@ -3960,8 +4007,8 @@ Type::
 
 |===
 
-[id="io.k8s.api.core.v1.ResourceRequirements_v2"]
-== io.k8s.api.core.v1.ResourceRequirements_v2 schema
+[id="io.k8s.api.core.v1.ResourceRequirements"]
+== io.k8s.api.core.v1.ResourceRequirements schema
 
 
 Description::
@@ -3987,7 +4034,7 @@ Type::
 
 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
 
-This field is immutable.
+This field is immutable. It can only be set for containers.
 
 | `limits`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
@@ -3995,7 +4042,7 @@ This field is immutable.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 
@@ -4360,7 +4407,7 @@ Required::
 
 | `items`
 | xref:../network_apis/endpointslice-discovery-k8s-io-v1.adoc#endpointslice-discovery-k8s-io-v1[`array (EndpointSlice)`]
-| List of endpoint slices
+| items is the list of endpoint slices
 
 | `kind`
 | `string`
@@ -4413,6 +4460,88 @@ Required::
 
 |===
 
+[id="io.k8s.api.flowcontrol.v1beta3.FlowSchemaList"]
+== io.k8s.api.flowcontrol.v1beta3.FlowSchemaList schema
+
+
+Description::
++
+--
+FlowSchemaList is a list of FlowSchema objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`array (FlowSchema)`]
+| `items` is a list of FlowSchemas.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| `metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
+[id="io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationList"]
+== io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationList schema
+
+
+Description::
++
+--
+PriorityLevelConfigurationList is a list of PriorityLevelConfiguration objects.
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`array (PriorityLevelConfiguration)`]
+| `items` is a list of request-priorities.
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+|===
+
 [id="io.k8s.api.networking.v1.IngressClassList"]
 == io.k8s.api.networking.v1.IngressClassList schema
 
@@ -4442,7 +4571,7 @@ Required::
 
 | `items`
 | xref:../network_apis/ingressclass-networking-k8s-io-v1.adoc#ingressclass-networking-k8s-io-v1[`array (IngressClass)`]
-| Items is the list of IngressClasses.
+| items is the list of IngressClasses.
 
 | `kind`
 | `string`
@@ -4483,7 +4612,7 @@ Required::
 
 | `items`
 | xref:../network_apis/ingress-networking-k8s-io-v1.adoc#ingress-networking-k8s-io-v1[`array (Ingress)`]
-| Items is the list of Ingress.
+| items is the list of Ingress.
 
 | `kind`
 | `string`
@@ -4524,7 +4653,7 @@ Required::
 
 | `items`
 | xref:../network_apis/networkpolicy-networking-k8s-io-v1.adoc#networkpolicy-networking-k8s-io-v1[`array (NetworkPolicy)`]
-| Items is a list of schema objects.
+| items is a list of schema objects.
 
 | `kind`
 | `string`
@@ -4565,7 +4694,7 @@ Required::
 
 | `items`
 | xref:../node_apis/runtimeclass-node-k8s-io-v1.adoc#runtimeclass-node-k8s-io-v1[`array (RuntimeClass)`]
-| Items is a list of schema objects.
+| items is a list of schema objects.
 
 | `kind`
 | `string`
@@ -4961,7 +5090,7 @@ Required::
 
 | `items`
 | xref:../storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc#csistoragecapacity-storage-k8s-io-v1[`array (CSIStorageCapacity)`]
-| Items is the list of CSIStorageCapacity objects.
+| items is the list of CSIStorageCapacity objects.
 
 | `kind`
 | `string`
@@ -5002,7 +5131,7 @@ Required::
 
 | `items`
 | xref:../storage_apis/storageclass-storage-k8s-io-v1.adoc#storageclass-storage-k8s-io-v1[`array (StorageClass)`]
-| Items is the list of StorageClasses
+| items is the list of StorageClasses
 
 | `kind`
 | `string`
@@ -5043,7 +5172,7 @@ Required::
 
 | `items`
 | xref:../storage_apis/volumeattachment-storage-k8s-io-v1.adoc#volumeattachment-storage-k8s-io-v1[`array (VolumeAttachment)`]
-| Items is the list of VolumeAttachments
+| items is the list of VolumeAttachments
 
 | `kind`
 | `string`
@@ -5119,27 +5248,27 @@ Type::
 
 | `$ref`
 | `string`
-|
+| 
 
 | `$schema`
 | `string`
-|
+| 
 
 | `additionalItems`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool[``]
-|
+| 
 
 | `additionalProperties`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool[``]
-|
+| 
 
 | `allOf`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`]
-|
+| 
 
 | `anyOf`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`]
-|
+| 
 
 | `default`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`JSON`]
@@ -5147,35 +5276,35 @@ Type::
 
 | `definitions`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`]
-|
+| 
 
 | `dependencies`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray[`object (undefined)`]
-|
+| 
 
 | `description`
 | `string`
-|
+| 
 
 | `enum`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`array (JSON)`]
-|
+| 
 
 | `example`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSON[`JSON`]
-|
+| 
 
 | `exclusiveMaximum`
 | `boolean`
-|
+| 
 
 | `exclusiveMinimum`
 | `boolean`
-|
+| 
 
 | `externalDocs`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.ExternalDocumentation[`ExternalDocumentation`]
-|
+| 
 
 | `format`
 | `string`
@@ -5185,87 +5314,87 @@ Type::
 
 | `id`
 | `string`
-|
+| 
 
 | `items`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray[``]
-|
+| 
 
 | `maxItems`
 | `integer`
-|
+| 
 
 | `maxLength`
 | `integer`
-|
+| 
 
 | `maxProperties`
 | `integer`
-|
+| 
 
 | `maximum`
 | `number`
-|
+| 
 
 | `minItems`
 | `integer`
-|
+| 
 
 | `minLength`
 | `integer`
-|
+| 
 
 | `minProperties`
 | `integer`
-|
+| 
 
 | `minimum`
 | `number`
-|
+| 
 
 | `multipleOf`
 | `number`
-|
+| 
 
 | `not`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[``]
-|
+| 
 
 | `nullable`
 | `boolean`
-|
+| 
 
 | `oneOf`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`array (undefined)`]
-|
+| 
 
 | `pattern`
 | `string`
-|
+| 
 
 | `patternProperties`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`]
-|
+| 
 
 | `properties`
 | xref:../objects/index.adoc#io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.JSONSchemaProps[`object (undefined)`]
-|
+| 
 
 | `required`
 | `array (string)`
-|
+| 
 
 | `title`
 | `string`
-|
+| 
 
 | `type`
 | `string`
-|
+| 
 
 | `uniqueItems`
 | `boolean`
-|
+| 
 
 | `x-kubernetes-embedded-resource`
 | `boolean`
@@ -5341,13 +5470,19 @@ Quantity is a fixed-point representation of a number. It provides convenient mar
 
 The serialization format is:
 
-<quantity>        ::= <signedNumber><suffix>
-  (Note that <suffix> may be empty, from the "" case in <decimalSI>.)
-<digit>           ::= 0 | 1 | ... | 9 <digits>          ::= <digit> | <digit><digits> <number>          ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign>            ::= "+" | "-" <signedNumber>    ::= <number> | <sign><number> <suffix>          ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI>        ::= Ki | Mi | Gi | Ti | Pi | Ei
-  (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
-<decimalSI>       ::= m | "" | k | M | G | T | P | E
-  (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
-<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber>
+ <quantity>        ::= <signedNumber><suffix>
+
+	(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
+
+<digit>           ::= 0 \| 1 \| ... \| 9 <digits>          ::= <digit> \| <digit><digits> <number>          ::= <digits> \| <digits>.<digits> \| <digits>. \| .<digits> <sign>            ::= "+" \| "-" <signedNumber>    ::= <number> \| <sign><number> <suffix>          ::= <binarySI> \| <decimalExponent> \| <decimalSI> <binarySI>        ::= Ki \| Mi \| Gi \| Ti \| Pi \| Ei
+
+	(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
+
+<decimalSI>       ::= m \| "" \| k \| M \| G \| T \| P \| E
+
+	(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
+
+<decimalExponent> ::= "e" <signedNumber> \| "E" <signedNumber> 
 
 No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
 
@@ -5506,15 +5641,15 @@ Required::
 
 | `group`
 | `string`
-|
+| 
 
 | `kind`
 | `string`
-|
+| 
 
 | `version`
 | `string`
-|
+| 
 
 |===
 
@@ -5626,110 +5761,7 @@ Type::
 
 | `annotations`
 | `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
-
-| `creationTimestamp`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
-| CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-
-Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-
-| `deletionGracePeriodSeconds`
-| `integer`
-| Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
-
-| `deletionTimestamp`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
-| DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
-
-Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-
-| `finalizers`
-| `array (string)`
-| Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order.  Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
-
-| `generateName`
-| `string`
-| GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
-
-If this field is specified and the generated name exists, the server will return a 409.
-
-Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
-
-| `generation`
-| `integer`
-| A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
-
-| `labels`
-| `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
-
-| `managedFields`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry[`array (ManagedFieldsEntry)`]
-| ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
-
-| `name`
-| `string`
-| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
-
-| `namespace`
-| `string`
-| Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
-
-Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
-
-| `ownerReferences`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference[`array (OwnerReference)`]
-| List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
-
-| `resourceVersion`
-| `string`
-| An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
-
-Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
-
-| `selfLink`
-| `string`
-| Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
-
-| `uid`
-| `string`
-| UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
-
-Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
-
-|===
-
-[id="io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2"]
-== io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2 schema
-
-
-Description::
-+
---
-ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
---
-
-Type::
-  `object`
-
-
-[discrete]
-=== Schema
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `annotations`
-| `object (string)`
-| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
-
-| `clusterName`
-| `string`
-| Deprecated: ClusterName is a legacy field that was always cleared by the system and never used; it will be removed completely in 1.25.
-
-The name in the go struct is changed to help clients detect accidental use.
+| Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
 
 | `creationTimestamp`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
@@ -5765,7 +5797,7 @@ Applied only if Name is not specified. More info: https://git.k8s.io/community/c
 
 | `labels`
 | `object (string)`
-| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+| Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
 
 | `managedFields`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry[`array (ManagedFieldsEntry)`]
@@ -5773,13 +5805,13 @@ Applied only if Name is not specified. More info: https://git.k8s.io/community/c
 
 | `name`
 | `string`
-| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+| Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
 
 | `namespace`
 | `string`
 | Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
 
-Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
+Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
 
 | `ownerReferences`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference[`array (OwnerReference)`]
@@ -5799,7 +5831,7 @@ Populated by the system. Read-only. Value must be treated as opaque by clients a
 | `string`
 | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
 
-Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
 
 |===
 
@@ -5922,7 +5954,7 @@ Required::
 
 | `type`
 | `string`
-|
+| 
 
 |===
 
@@ -7838,6 +7870,47 @@ Required::
 
 |===
 
+[id="io.openshift.console.v1.ConsoleSampleList"]
+== io.openshift.console.v1.ConsoleSampleList schema
+
+
+Description::
++
+--
+ConsoleSampleList is a list of ConsoleSample
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../console_apis/consolesample-console-openshift-io-v1.adoc#consolesample-console-openshift-io-v1[`array (ConsoleSample)`]
+| List of consolesamples. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
 [id="io.openshift.console.v1.ConsoleYAMLSampleList"]
 == io.openshift.console.v1.ConsoleYAMLSampleList schema
 
@@ -8330,6 +8403,129 @@ Required::
 
 |===
 
+[id="io.openshift.machineconfiguration.v1alpha1.MachineConfigNodeList"]
+== io.openshift.machineconfiguration.v1alpha1.MachineConfigNodeList schema
+
+
+Description::
++
+--
+MachineConfigNodeList is a list of MachineConfigNode
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../machine_apis/machineconfignode-machineconfiguration-openshift-io-v1alpha1.adoc#machineconfignode-machineconfiguration-openshift-io-v1alpha1[`array (MachineConfigNode)`]
+| List of machineconfignodes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.openshift.monitoring.v1.AlertingRuleList"]
+== io.openshift.monitoring.v1.AlertingRuleList schema
+
+
+Description::
++
+--
+AlertingRuleList is a list of AlertingRule
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../monitoring_apis/alertingrule-monitoring-openshift-io-v1.adoc#alertingrule-monitoring-openshift-io-v1[`array (AlertingRule)`]
+| List of alertingrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
+[id="io.openshift.monitoring.v1.AlertRelabelConfigList"]
+== io.openshift.monitoring.v1.AlertRelabelConfigList schema
+
+
+Description::
++
+--
+AlertRelabelConfigList is a list of AlertRelabelConfig
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../monitoring_apis/alertrelabelconfig-monitoring-openshift-io-v1.adoc#alertrelabelconfig-monitoring-openshift-io-v1[`array (AlertRelabelConfig)`]
+| List of alertrelabelconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
 [id="io.openshift.network.cloud.v1.CloudPrivateIPConfigList"]
 == io.openshift.network.cloud.v1.CloudPrivateIPConfigList schema
 
@@ -9232,6 +9428,47 @@ Required::
 
 |===
 
+[id="io.openshift.operator.v1.MachineConfigurationList"]
+== io.openshift.operator.v1.MachineConfigurationList schema
+
+
+Description::
++
+--
+MachineConfigurationList is a list of MachineConfiguration
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`array (MachineConfiguration)`]
+| List of machineconfigurations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
 [id="io.openshift.operator.v1.NetworkList"]
 == io.openshift.operator.v1.NetworkList schema
 
@@ -9765,6 +10002,47 @@ Required::
 
 |===
 
+[id="org.ovn.k8s.v1.AdminPolicyBasedExternalRouteList"]
+== org.ovn.k8s.v1.AdminPolicyBasedExternalRouteList schema
+
+
+Description::
++
+--
+AdminPolicyBasedExternalRouteList is a list of AdminPolicyBasedExternalRoute
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../network_apis/adminpolicybasedexternalroute-k8s-ovn-org-v1.adoc#adminpolicybasedexternalroute-k8s-ovn-org-v1[`array (AdminPolicyBasedExternalRoute)`]
+| List of adminpolicybasedexternalroutes. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
 [id="org.ovn.k8s.v1.EgressFirewallList"]
 == org.ovn.k8s.v1.EgressFirewallList schema
 
@@ -9888,3 +10166,44 @@ Required::
 
 |===
 
+[id="org.ovn.k8s.v1.EgressServiceList"]
+== org.ovn.k8s.v1.EgressServiceList schema
+
+
+Description::
++
+--
+EgressServiceList is a list of EgressService
+--
+
+Type::
+  `object`
+
+Required::
+  - `items`
+
+[discrete]
+=== Schema
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `items`
+| xref:../network_apis/egressservice-k8s-ovn-org-v1.adoc#egressservice-k8s-ovn-org-v1[`array (EgressService)`]
+| List of egressservices. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta[`ListMeta`]
+| Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+|===
+
diff --git a/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc b/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc
index b0ef6118a583..8231c1dc1509 100644
--- a/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/authentication-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="authentication-operator-openshift-io-v1"]
 = Authentication [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -290,14 +290,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/authentications
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -306,46 +298,6 @@ Description::
   delete collection of Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -365,46 +317,6 @@ Description::
   list objects of kind Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -431,12 +343,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -474,14 +383,6 @@ Description::
 | name of the Authentication
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -497,25 +398,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -536,16 +420,6 @@ Description::
   read the specified Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -572,22 +446,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -613,12 +476,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -654,14 +514,6 @@ Description::
 | name of the Authentication
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -670,16 +522,6 @@ Description::
   read status of the specified Authentication
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -706,22 +548,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -747,12 +578,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc b/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc
index db836cf90453..9f91b1f48b11 100644
--- a/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/cloudcredential-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cloudcredential-operator-openshift-io-v1"]
 = CloudCredential [operator.openshift.io/v1]
 :toc: macro
@@ -90,7 +90,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -268,14 +268,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/cloudcredentials
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -284,46 +276,6 @@ Description::
   delete collection of CloudCredential
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -343,46 +295,6 @@ Description::
   list objects of kind CloudCredential
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -409,12 +321,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -452,14 +361,6 @@ Description::
 | name of the CloudCredential
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -475,25 +376,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -514,16 +398,6 @@ Description::
   read the specified CloudCredential
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -550,22 +424,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -591,12 +454,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -632,14 +492,6 @@ Description::
 | name of the CloudCredential
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -648,16 +500,6 @@ Description::
   read status of the specified CloudCredential
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -684,22 +526,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -725,12 +556,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc b/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc
index c651b2aae78b..be5226337e7d 100644
--- a/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/clustercsidriver-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clustercsidriver-operator-openshift-io-v1"]
 = ClusterCSIDriver [operator.openshift.io/v1]
 :toc: macro
@@ -94,7 +94,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .spec.driverConfig
@@ -126,12 +126,16 @@ Required::
 
 | `driverType`
 | `string`
-| driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, vSphere and omitted. Consumers should treat unknown values as a NO-OP.
+| driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.
 
 | `gcp`
 | `object`
 | gcp is used to configure the GCP CSI driver.
 
+| `ibmcloud`
+| `object`
+| ibmcloud is used to configure the IBM Cloud CSI driver.
+
 | `vSphere`
 | `object`
 | vsphere is used to configure the vsphere CSI driver.
@@ -274,6 +278,30 @@ Required::
 | `string`
 | projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.
 
+|===
+=== .spec.driverConfig.ibmcloud
+Description::
++
+--
+ibmcloud is used to configure the IBM Cloud CSI driver.
+--
+
+Type::
+  `object`
+
+Required::
+  - `encryptionKeyCRN`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `encryptionKeyCRN`
+| `string`
+| encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.
+
 |===
 === .spec.driverConfig.vSphere
 Description::
@@ -472,14 +500,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/clustercsidrivers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -488,46 +508,6 @@ Description::
   delete collection of ClusterCSIDriver
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -547,46 +527,6 @@ Description::
   list objects of kind ClusterCSIDriver
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -613,12 +553,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -656,14 +593,6 @@ Description::
 | name of the ClusterCSIDriver
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -679,25 +608,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -718,16 +630,6 @@ Description::
   read the specified ClusterCSIDriver
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -754,22 +656,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -795,12 +686,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -836,14 +724,6 @@ Description::
 | name of the ClusterCSIDriver
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -852,16 +732,6 @@ Description::
   read status of the specified ClusterCSIDriver
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -888,22 +758,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -929,12 +788,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc b/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc
index 94d12eb8dd1d..b3a3abc9caac 100644
--- a/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/config-imageregistry-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="config-imageregistry-operator-openshift-io-v1"]
 = Config [imageregistry.operator.openshift.io/v1]
 :toc: macro
@@ -165,7 +165,7 @@ Required::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .spec.affinity
@@ -1630,7 +1630,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -1642,7 +1642,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.resources.claims
@@ -1651,7 +1651,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -1812,6 +1812,70 @@ Type::
 | `string`
 | container defines Azure's container to be used by registry.
 
+| `networkAccess`
+| `object`
+| networkAccess defines the network access properties for the storage account. Defaults to type: External.
+
+|===
+=== .spec.storage.azure.networkAccess
+Description::
++
+--
+networkAccess defines the network access properties for the storage account. Defaults to type: External.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `internal`
+| `object`
+| internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
+
+| `type`
+| `string`
+| type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster's vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External".
+
+|===
+=== .spec.storage.azure.networkAccess.internal
+Description::
++
+--
+internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `networkResourceGroupName`
+| `string`
+| networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.
+
+| `privateEndpointName`
+| `string`
+| privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.
+
+| `subnetName`
+| `string`
+| subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.<cluster-id>` tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).
+
+| `vnetName`
+| `string`
+| vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.<cluster-id>` tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.
+
 |===
 === .spec.storage.emptyDir
 Description::
@@ -2289,7 +2353,8 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -2642,6 +2707,70 @@ Type::
 | `string`
 | container defines Azure's container to be used by registry.
 
+| `networkAccess`
+| `object`
+| networkAccess defines the network access properties for the storage account. Defaults to type: External.
+
+|===
+=== .status.storage.azure.networkAccess
+Description::
++
+--
+networkAccess defines the network access properties for the storage account. Defaults to type: External.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `internal`
+| `object`
+| internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
+
+| `type`
+| `string`
+| type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster's vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External".
+
+|===
+=== .status.storage.azure.networkAccess.internal
+Description::
++
+--
+internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `networkResourceGroupName`
+| `string`
+| networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.
+
+| `privateEndpointName`
+| `string`
+| privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.
+
+| `subnetName`
+| `string`
+| subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.<cluster-id>` tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).
+
+| `vnetName`
+| `string`
+| vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.<cluster-id>` tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.
+
 |===
 === .status.storage.emptyDir
 Description::
@@ -3051,14 +3180,6 @@ The following API endpoints are available:
 === /apis/imageregistry.operator.openshift.io/v1/configs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -3067,46 +3188,6 @@ Description::
   delete collection of Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -3126,46 +3207,6 @@ Description::
   list objects of kind Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -3192,12 +3233,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -3235,14 +3273,6 @@ Description::
 | name of the Config
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -3258,25 +3288,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -3297,16 +3310,6 @@ Description::
   read the specified Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -3333,22 +3336,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -3374,12 +3366,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -3415,14 +3404,6 @@ Description::
 | name of the Config
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -3431,16 +3412,6 @@ Description::
   read status of the specified Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -3467,22 +3438,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -3508,12 +3468,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/config-operator-openshift-io-v1.adoc b/rest_api/operator_apis/config-operator-openshift-io-v1.adoc
index 5f77c884c197..7ea5fe1c6258 100644
--- a/rest_api/operator_apis/config-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/config-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="config-operator-openshift-io-v1"]
 = Config [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -264,14 +264,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/configs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -280,46 +272,6 @@ Description::
   delete collection of Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -339,46 +291,6 @@ Description::
   list objects of kind Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -405,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -448,14 +357,6 @@ Description::
 | name of the Config
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -471,25 +372,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -510,16 +394,6 @@ Description::
   read the specified Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -546,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -587,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -628,14 +488,6 @@ Description::
 | name of the Config
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -644,16 +496,6 @@ Description::
   read status of the specified Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -680,22 +522,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -721,12 +552,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/config-samples-operator-openshift-io-v1.adoc b/rest_api/operator_apis/config-samples-operator-openshift-io-v1.adoc
index ba866dbce4b9..60dcc45ec7e4 100644
--- a/rest_api/operator_apis/config-samples-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/config-samples-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="config-samples-operator-openshift-io-v1"]
 = Config [samples.operator.openshift.io/v1]
 :toc: macro
@@ -11,7 +11,8 @@ toc::[]
 Description::
 +
 --
-Config contains the configuration and detailed condition status for the Samples Operator.
+Config contains the configuration and detailed condition status for the Samples Operator. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -218,14 +219,6 @@ The following API endpoints are available:
 === /apis/samples.operator.openshift.io/v1/configs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -234,46 +227,6 @@ Description::
   delete collection of Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -293,46 +246,6 @@ Description::
   list objects of kind Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -359,12 +272,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -402,14 +312,6 @@ Description::
 | name of the Config
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -425,25 +327,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -464,16 +349,6 @@ Description::
   read the specified Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -500,22 +375,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -541,12 +405,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -582,14 +443,6 @@ Description::
 | name of the Config
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -598,16 +451,6 @@ Description::
   read status of the specified Config
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -634,22 +477,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -675,12 +507,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/console-operator-openshift-io-v1.adoc b/rest_api/operator_apis/console-operator-openshift-io-v1.adoc
index 4cde080fc3d8..0808c18321be 100644
--- a/rest_api/operator_apis/console-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/console-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="console-operator-openshift-io-v1"]
 = Console [operator.openshift.io/v1]
 :toc: macro
@@ -102,7 +102,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .spec.customization
@@ -963,14 +963,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/consoles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -979,46 +971,6 @@ Description::
   delete collection of Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1038,46 +990,6 @@ Description::
   list objects of kind Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1104,12 +1016,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1147,14 +1056,6 @@ Description::
 | name of the Console
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1170,25 +1071,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1209,16 +1093,6 @@ Description::
   read the specified Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1245,22 +1119,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1286,12 +1149,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1327,14 +1187,6 @@ Description::
 | name of the Console
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1343,16 +1195,6 @@ Description::
   read status of the specified Console
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1379,22 +1221,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1420,12 +1251,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc b/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc
index cef2a8523cea..fb229cfd6d1e 100644
--- a/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/csisnapshotcontroller-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="csisnapshotcontroller-operator-openshift-io-v1"]
 = CSISnapshotController [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -264,14 +264,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/csisnapshotcontrollers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -280,46 +272,6 @@ Description::
   delete collection of CSISnapshotController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -339,46 +291,6 @@ Description::
   list objects of kind CSISnapshotController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -405,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -448,14 +357,6 @@ Description::
 | name of the CSISnapshotController
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -471,25 +372,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -510,16 +394,6 @@ Description::
   read the specified CSISnapshotController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -546,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -587,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -628,14 +488,6 @@ Description::
 | name of the CSISnapshotController
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -644,16 +496,6 @@ Description::
   read status of the specified CSISnapshotController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -680,22 +522,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -721,12 +552,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc b/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc
index 65ee93caa45a..48f25182c66d 100644
--- a/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/dns-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dns-operator-openshift-io-v1"]
 = DNS [operator.openshift.io/v1]
 :toc: macro
@@ -291,6 +291,10 @@ Type::
  * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. 
  The default value is "Random"
 
+| `protocolStrategy`
+| `string`
+| protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.
+
 | `transportConfig`
 | `object`
 | transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. 
@@ -408,6 +412,10 @@ Type::
  * "Random" picks a random upstream server for each query. * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. 
  The default value is "Sequential"
 
+| `protocolStrategy`
+| `string`
+| protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are "TCP" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. "TCP" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. "TCP" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.
+
 | `transportConfig`
 | `object`
 | transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver. 
@@ -673,14 +681,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/dnses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -689,46 +689,6 @@ Description::
   delete collection of DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -748,46 +708,6 @@ Description::
   list objects of kind DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -814,12 +734,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -857,14 +774,6 @@ Description::
 | name of the DNS
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -880,25 +789,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -919,16 +811,6 @@ Description::
   read the specified DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -955,22 +837,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -996,12 +867,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1037,14 +905,6 @@ Description::
 | name of the DNS
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1053,16 +913,6 @@ Description::
   read status of the specified DNS
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1089,22 +939,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1130,12 +969,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc b/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc
index 81ad1be6760d..2d44ff20e278 100644
--- a/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/dnsrecord-ingress-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dnsrecord-ingress-operator-openshift-io-v1"]
 = DNSRecord [ingress.operator.openshift.io/v1]
 :toc: macro
@@ -278,49 +278,6 @@ The following API endpoints are available:
 === /apis/ingress.operator.openshift.io/v1/dnsrecords
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -342,23 +299,7 @@ Description::
 
 === /apis/ingress.operator.openshift.io/v1/namespaces/{namespace}/dnsrecords
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -367,46 +308,6 @@ Description::
   delete collection of DNSRecord
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -426,46 +327,6 @@ Description::
   list objects of kind DNSRecord
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -492,12 +353,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -533,19 +391,8 @@ Description::
 | `name`
 | `string`
 | name of the DNSRecord
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -561,25 +408,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -600,16 +430,6 @@ Description::
   read the specified DNSRecord
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -636,22 +456,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -677,12 +486,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -716,19 +522,8 @@ Description::
 | `name`
 | `string`
 | name of the DNSRecord
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -737,16 +532,6 @@ Description::
   read status of the specified DNSRecord
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -773,22 +558,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -814,12 +588,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc b/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc
index bb0a0d4cd42b..711738983420 100644
--- a/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/etcd-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="etcd-operator-openshift-io-v1"]
 = Etcd [operator.openshift.io/v1]
 :toc: macro
@@ -98,7 +98,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -126,6 +126,10 @@ Type::
 | `object`
 | OperatorCondition is just the standard condition fields.
 
+| `controlPlaneHardwareSpeed`
+| `string`
+| ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels
+
 | `generations`
 | `array`
 | generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
@@ -359,14 +363,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/etcds
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -375,46 +371,6 @@ Description::
   delete collection of Etcd
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -434,46 +390,6 @@ Description::
   list objects of kind Etcd
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -500,12 +416,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -543,14 +456,6 @@ Description::
 | name of the Etcd
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -566,25 +471,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -605,16 +493,6 @@ Description::
   read the specified Etcd
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -641,22 +519,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -682,12 +549,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -723,14 +587,6 @@ Description::
 | name of the Etcd
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -739,16 +595,6 @@ Description::
   read status of the specified Etcd
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -775,22 +621,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -816,12 +651,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc b/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc
index 6f6a6674b5a4..77e0702ef810 100644
--- a/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc
+++ b/rest_api/operator_apis/imagecontentsourcepolicy-operator-openshift-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagecontentsourcepolicy-operator-openshift-io-v1alpha1"]
 = ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
 :toc: macro
@@ -139,14 +139,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1alpha1/imagecontentsourcepolicies
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -155,46 +147,6 @@ Description::
   delete collection of ImageContentSourcePolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -214,46 +166,6 @@ Description::
   list objects of kind ImageContentSourcePolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -280,12 +192,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -323,14 +232,6 @@ Description::
 | name of the ImageContentSourcePolicy
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -346,25 +247,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -385,16 +269,6 @@ Description::
   read the specified ImageContentSourcePolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -421,22 +295,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -462,12 +325,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -503,14 +363,6 @@ Description::
 | name of the ImageContentSourcePolicy
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -519,16 +371,6 @@ Description::
   read status of the specified ImageContentSourcePolicy
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -555,22 +397,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -596,12 +427,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc b/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc
index ee1ea8b10090..94c63b5ce9d6 100644
--- a/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/imagepruner-imageregistry-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="imagepruner-imageregistry-operator-openshift-io-v1"]
 = ImagePruner [imageregistry.operator.openshift.io/v1]
 :toc: macro
@@ -1471,7 +1471,7 @@ Type::
 | `array`
 | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 
 | `claims[]`
 | `object`
@@ -1483,7 +1483,7 @@ Type::
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.resources.claims
@@ -1492,7 +1492,7 @@ Description::
 --
 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
  This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
- This field is immutable.
+ This field is immutable. It can only be set for containers.
 --
 
 Type::
@@ -1680,14 +1680,6 @@ The following API endpoints are available:
 === /apis/imageregistry.operator.openshift.io/v1/imagepruners
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1696,46 +1688,6 @@ Description::
   delete collection of ImagePruner
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1755,46 +1707,6 @@ Description::
   list objects of kind ImagePruner
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1821,12 +1733,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1864,14 +1773,6 @@ Description::
 | name of the ImagePruner
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1887,25 +1788,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1926,16 +1810,6 @@ Description::
   read the specified ImagePruner
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1962,22 +1836,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2003,12 +1866,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2044,14 +1904,6 @@ Description::
 | name of the ImagePruner
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -2060,16 +1912,6 @@ Description::
   read status of the specified ImagePruner
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -2096,22 +1938,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2137,12 +1968,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
index 3c1068e6d6dd..ff22cb7b68f8 100644
--- a/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ingresscontroller-operator-openshift-io-v1"]
 = IngressController [operator.openshift.io/v1]
 :toc: macro
@@ -664,6 +664,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `actions`
+| `object`
+| actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.
+
 | `forwardedHeaderPolicy`
 | `string`
 | forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers.  The value may be one of the following: 
@@ -685,6 +689,228 @@ Type::
 | uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request.  The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests. 
  If this field is empty, no such header is injected into requests.
 
+|===
+=== .spec.httpHeaders.actions
+Description::
++
+--
+actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `request`
+| `array`
+| request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+
+| `request[]`
+| `object`
+| IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
+
+| `response`
+| `array`
+| response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+
+| `response[]`
+| `object`
+| IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
+
+|===
+=== .spec.httpHeaders.actions.request
+Description::
++
+--
+request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.httpHeaders.actions.request[]
+Description::
++
+--
+IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `action`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `object`
+| action specifies actions to perform on headers, such as setting or deleting headers.
+
+| `name`
+| `string`
+| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.
+
+|===
+=== .spec.httpHeaders.actions.request[].action
+Description::
++
+--
+action specifies actions to perform on headers, such as setting or deleting headers.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `set`
+| `object`
+| set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+
+| `type`
+| `string`
+| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+
+|===
+=== .spec.httpHeaders.actions.request[].action.set
+Description::
++
+--
+set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+--
+
+Type::
+  `object`
+
+Required::
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `value`
+| `string`
+| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6  and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+
+|===
+=== .spec.httpHeaders.actions.response
+Description::
++
+--
+response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.httpHeaders.actions.response[]
+Description::
++
+--
+IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.
+--
+
+Type::
+  `object`
+
+Required::
+  - `action`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `action`
+| `object`
+| action specifies actions to perform on headers, such as setting or deleting headers.
+
+| `name`
+| `string`
+| name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.
+
+|===
+=== .spec.httpHeaders.actions.response[].action
+Description::
++
+--
+action specifies actions to perform on headers, such as setting or deleting headers.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `set`
+| `object`
+| set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+
+| `type`
+| `string`
+| type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+
+|===
+=== .spec.httpHeaders.actions.response[].action.set
+Description::
++
+--
+set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.
+--
+
+Type::
+  `object`
+
+Required::
+  - `value`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `value`
+| `string`
+| value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6  and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+
 |===
 === .spec.httpHeaders.uniqueId
 Description::
@@ -829,6 +1055,17 @@ Type::
 
 
 
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `maxLength`
+| `integer`
+| maxLength is the maximum length of the log message. 
+ Valid values are integers in the range 480 to 8192, inclusive. 
+ When omitted, the default value is 1024.
+
+|===
 === .spec.logging.access.destination.syslog
 Description::
 +
@@ -860,8 +1097,9 @@ Required::
 
 | `maxLength`
 | `integer`
-| maxLength is the maximum length of the syslog message 
- If this field is empty, the maxLength is set to "1024".
+| maxLength is the maximum length of the log message. 
+ Valid values are integers in the range 480 to 4096, inclusive. 
+ When omitted, the default value is 1024.
 
 | `port`
 | `integer`
@@ -2090,49 +2328,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/ingresscontrollers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2154,23 +2349,7 @@ Description::
 
 === /apis/operator.openshift.io/v1/namespaces/{namespace}/ingresscontrollers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -2179,46 +2358,6 @@ Description::
   delete collection of IngressController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -2238,46 +2377,6 @@ Description::
   list objects of kind IngressController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -2304,12 +2403,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2345,19 +2441,8 @@ Description::
 | `name`
 | `string`
 | name of the IngressController
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -2373,25 +2458,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2412,16 +2480,6 @@ Description::
   read the specified IngressController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -2448,22 +2506,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2489,12 +2536,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2528,19 +2572,8 @@ Description::
 | `name`
 | `string`
 | name of the IngressController
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -2549,16 +2582,6 @@ Description::
   read scale of the specified IngressController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -2585,22 +2608,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2626,12 +2638,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2665,19 +2674,8 @@ Description::
 | `name`
 | `string`
 | name of the IngressController
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -2686,16 +2684,6 @@ Description::
   read status of the specified IngressController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -2722,22 +2710,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2763,12 +2740,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc b/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc
index 19e876ebedc8..969a32ce8f8e 100644
--- a/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/insightsoperator-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="insightsoperator-operator-openshift-io-v1"]
 = InsightsOperator [operator.openshift.io/v1]
 :toc: macro
@@ -506,14 +506,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/insightsoperators
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -522,46 +514,6 @@ Description::
   delete collection of InsightsOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -581,46 +533,6 @@ Description::
   list objects of kind InsightsOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -647,12 +559,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -690,14 +599,6 @@ Description::
 | name of the InsightsOperator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -713,25 +614,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -752,16 +636,6 @@ Description::
   read the specified InsightsOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -788,22 +662,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -829,12 +692,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -870,14 +730,6 @@ Description::
 | name of the InsightsOperator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -886,16 +738,6 @@ Description::
   read scale of the specified InsightsOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -922,22 +764,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -963,12 +794,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1004,14 +832,6 @@ Description::
 | name of the InsightsOperator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1020,16 +840,6 @@ Description::
   read status of the specified InsightsOperator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1056,22 +866,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1097,12 +896,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc
index 7fb20e542978..f0a32ad05d6a 100644
--- a/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kubeapiserver-operator-openshift-io-v1"]
 = KubeAPIServer [operator.openshift.io/v1]
 :toc: macro
@@ -98,7 +98,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -406,14 +406,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/kubeapiservers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -422,46 +414,6 @@ Description::
   delete collection of KubeAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -481,46 +433,6 @@ Description::
   list objects of kind KubeAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -547,12 +459,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -590,14 +499,6 @@ Description::
 | name of the KubeAPIServer
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -613,25 +514,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -652,16 +536,6 @@ Description::
   read the specified KubeAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -688,22 +562,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -729,12 +592,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -770,14 +630,6 @@ Description::
 | name of the KubeAPIServer
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -786,16 +638,6 @@ Description::
   read status of the specified KubeAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -822,22 +664,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -863,12 +694,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc
index 618506c1c791..b7a959474223 100644
--- a/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kubecontrollermanager-operator-openshift-io-v1"]
 = KubeControllerManager [operator.openshift.io/v1]
 :toc: macro
@@ -98,7 +98,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 | `useMoreSecureServiceCA`
 | `boolean`
@@ -363,14 +363,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/kubecontrollermanagers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -379,46 +371,6 @@ Description::
   delete collection of KubeControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -438,46 +390,6 @@ Description::
   list objects of kind KubeControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -504,12 +416,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -547,14 +456,6 @@ Description::
 | name of the KubeControllerManager
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -570,25 +471,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -609,16 +493,6 @@ Description::
   read the specified KubeControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -645,22 +519,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -686,12 +549,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -727,14 +587,6 @@ Description::
 | name of the KubeControllerManager
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -743,16 +595,6 @@ Description::
   read status of the specified KubeControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -779,22 +621,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -820,12 +651,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc
index 7dbb4ada86fb..7c5fdd5ff071 100644
--- a/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubescheduler-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kubescheduler-operator-openshift-io-v1"]
 = KubeScheduler [operator.openshift.io/v1]
 :toc: macro
@@ -98,7 +98,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -359,14 +359,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/kubeschedulers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -375,46 +367,6 @@ Description::
   delete collection of KubeScheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -434,46 +386,6 @@ Description::
   list objects of kind KubeScheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -500,12 +412,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -543,14 +452,6 @@ Description::
 | name of the KubeScheduler
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -566,25 +467,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -605,16 +489,6 @@ Description::
   read the specified KubeScheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -641,22 +515,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -682,12 +545,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -723,14 +583,6 @@ Description::
 | name of the KubeScheduler
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -739,16 +591,6 @@ Description::
   read status of the specified KubeScheduler
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -775,22 +617,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -816,12 +647,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/kubestorageversionmigrator-operator-openshift-io-v1.adoc b/rest_api/operator_apis/kubestorageversionmigrator-operator-openshift-io-v1.adoc
index 58633691a78c..0ebdd23dd81b 100644
--- a/rest_api/operator_apis/kubestorageversionmigrator-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/kubestorageversionmigrator-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kubestorageversionmigrator-operator-openshift-io-v1"]
 = KubeStorageVersionMigrator [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -264,14 +264,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/kubestorageversionmigrators
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -280,46 +272,6 @@ Description::
   delete collection of KubeStorageVersionMigrator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -339,46 +291,6 @@ Description::
   list objects of kind KubeStorageVersionMigrator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -405,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -448,14 +357,6 @@ Description::
 | name of the KubeStorageVersionMigrator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -471,25 +372,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -510,16 +394,6 @@ Description::
   read the specified KubeStorageVersionMigrator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -546,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -587,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -628,14 +488,6 @@ Description::
 | name of the KubeStorageVersionMigrator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -644,16 +496,6 @@ Description::
   read status of the specified KubeStorageVersionMigrator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -680,22 +522,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -721,12 +552,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc b/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc
new file mode 100644
index 000000000000..e08458bfabbf
--- /dev/null
+++ b/rest_api/operator_apis/machineconfiguration-operator-openshift-io-v1.adoc
@@ -0,0 +1,676 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="machineconfiguration-operator-openshift-io-v1"]
+= MachineConfiguration [operator.openshift.io/v1]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+MachineConfiguration provides information to configure an operator to manage Machine Configuration. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
+Type::
+  `object`
+
+Required::
+  - `spec`
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| spec is the specification of the desired behavior of the Machine Config Operator
+
+| `status`
+| `object`
+| status is the most recently observed status of the Machine Config Operator
+
+|===
+=== .spec
+Description::
++
+--
+spec is the specification of the desired behavior of the Machine Config Operator
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `failedRevisionLimit`
+| `integer`
+| failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+
+| `forceRedeploymentReason`
+| `string`
+| forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.
+
+| `logLevel`
+| `string`
+| logLevel is an intent based logging for an overall component.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. 
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+
+| `managementState`
+| `string`
+| managementState indicates whether and how the operator should manage the component
+
+| `observedConfig`
+| ``
+| observedConfig holds a sparse config that controller has observed from the cluster state.  It exists in spec because it is an input to the level for the operator
+
+| `operatorLogLevel`
+| `string`
+| operatorLogLevel is an intent based logging for the operator itself.  It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. 
+ Valid values are: "Normal", "Debug", "Trace", "TraceAll". Defaults to "Normal".
+
+| `succeededRevisionLimit`
+| `integer`
+| succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)
+
+| `unsupportedConfigOverrides`
+| ``
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
+
+|===
+=== .status
+Description::
++
+--
+status is the most recently observed status of the Machine Config Operator
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| conditions is a list of conditions and their status
+
+| `conditions[]`
+| `object`
+| OperatorCondition is just the standard condition fields.
+
+| `generations`
+| `array`
+| generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
+
+| `generations[]`
+| `object`
+| GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
+
+| `latestAvailableRevision`
+| `integer`
+| latestAvailableRevision is the deploymentID of the most recent deployment
+
+| `latestAvailableRevisionReason`
+| `string`
+| latestAvailableRevisionReason describe the detailed reason for the most recent deployment
+
+| `nodeStatuses`
+| `array`
+| nodeStatuses track the deployment values and errors across individual nodes
+
+| `nodeStatuses[]`
+| `object`
+| NodeStatus provides information about the current state of a particular node managed by this operator.
+
+| `observedGeneration`
+| `integer`
+| observedGeneration is the last generation change you've dealt with
+
+| `readyReplicas`
+| `integer`
+| readyReplicas indicates how many replicas are ready and at the desired state
+
+| `version`
+| `string`
+| version is the level this availability applies to
+
+|===
+=== .status.conditions
+Description::
++
+--
+conditions is a list of conditions and their status
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+OperatorCondition is just the standard condition fields.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| `string`
+| 
+
+| `message`
+| `string`
+| 
+
+| `reason`
+| `string`
+| 
+
+| `status`
+| `string`
+| 
+
+| `type`
+| `string`
+| 
+
+|===
+=== .status.generations
+Description::
++
+--
+generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.generations[]
+Description::
++
+--
+GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `string`
+| group is the group of the thing you're tracking
+
+| `hash`
+| `string`
+| hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps
+
+| `lastGeneration`
+| `integer`
+| lastGeneration is the last generation of the workload controller involved
+
+| `name`
+| `string`
+| name is the name of the thing you're tracking
+
+| `namespace`
+| `string`
+| namespace is where the thing you're tracking is
+
+| `resource`
+| `string`
+| resource is the resource type of the thing you're tracking
+
+|===
+=== .status.nodeStatuses
+Description::
++
+--
+nodeStatuses track the deployment values and errors across individual nodes
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.nodeStatuses[]
+Description::
++
+--
+NodeStatus provides information about the current state of a particular node managed by this operator.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `currentRevision`
+| `integer`
+| currentRevision is the generation of the most recently successful deployment
+
+| `lastFailedCount`
+| `integer`
+| lastFailedCount is how often the installer pod of the last failed revision failed.
+
+| `lastFailedReason`
+| `string`
+| lastFailedReason is a machine readable failure reason string.
+
+| `lastFailedRevision`
+| `integer`
+| lastFailedRevision is the generation of the deployment we tried and failed to deploy.
+
+| `lastFailedRevisionErrors`
+| `array (string)`
+| lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.
+
+| `lastFailedTime`
+| `string`
+| lastFailedTime is the time the last failed revision failed the last time.
+
+| `lastFallbackCount`
+| `integer`
+| lastFallbackCount is how often a fallback to a previous revision happened.
+
+| `nodeName`
+| `string`
+| nodeName is the name of the node
+
+| `targetRevision`
+| `integer`
+| targetRevision is the generation of the deployment we're trying to apply
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/operator.openshift.io/v1/machineconfigurations`
+- `DELETE`: delete collection of MachineConfiguration
+- `GET`: list objects of kind MachineConfiguration
+- `POST`: create a MachineConfiguration
+* `/apis/operator.openshift.io/v1/machineconfigurations/{name}`
+- `DELETE`: delete a MachineConfiguration
+- `GET`: read the specified MachineConfiguration
+- `PATCH`: partially update the specified MachineConfiguration
+- `PUT`: replace the specified MachineConfiguration
+* `/apis/operator.openshift.io/v1/machineconfigurations/{name}/status`
+- `GET`: read status of the specified MachineConfiguration
+- `PATCH`: partially update status of the specified MachineConfiguration
+- `PUT`: replace status of the specified MachineConfiguration
+
+
+=== /apis/operator.openshift.io/v1/machineconfigurations
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of MachineConfiguration
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list objects of kind MachineConfiguration
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.openshift.operator.v1.MachineConfigurationList[`MachineConfigurationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a MachineConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 201 - Created
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 202 - Accepted
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/operator.openshift.io/v1/machineconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the MachineConfiguration
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a MachineConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified MachineConfiguration
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified MachineConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified MachineConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 201 - Created
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/operator.openshift.io/v1/machineconfigurations/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the MachineConfiguration
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified MachineConfiguration
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified MachineConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified MachineConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 201 - Created
+| xref:../operator_apis/machineconfiguration-operator-openshift-io-v1.adoc#machineconfiguration-operator-openshift-io-v1[`MachineConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/operator_apis/network-operator-openshift-io-v1.adoc b/rest_api/operator_apis/network-operator-openshift-io-v1.adoc
index 4d75e71f56ec..f43e8a27c050 100644
--- a/rest_api/operator_apis/network-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/network-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="network-operator-openshift-io-v1"]
 = Network [operator.openshift.io/v1]
 :toc: macro
@@ -132,7 +132,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 | `useMultiNetworkPolicy`
 | `boolean`
@@ -452,10 +452,6 @@ Type::
 |===
 | Property | Type | Description
 
-| `kuryrConfig`
-| `object`
-| KuryrConfig configures the kuryr plugin
-
 | `openshiftSDNConfig`
 | `object`
 | openShiftSDNConfig configures the openshift-sdn plugin
@@ -468,56 +464,6 @@ Type::
 | `string`
 | type is the type of network All NetworkTypes are supported except for NetworkTypeRaw
 
-|===
-=== .spec.defaultNetwork.kuryrConfig
-Description::
-+
---
-KuryrConfig configures the kuryr plugin
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `controllerProbesPort`
-| `integer`
-| The port kuryr-controller will listen for readiness and liveness requests.
-
-| `daemonProbesPort`
-| `integer`
-| The port kuryr-daemon will listen for readiness and liveness requests.
-
-| `enablePortPoolsPrepopulation`
-| `boolean`
-| enablePortPoolsPrepopulation when true will make Kuryr prepopulate each newly created port pool with a minimum number of ports. Kuryr uses Neutron port pooling to fight the fact that it takes a significant amount of time to create one. It creates a number of ports when the first pod that is configured to use the dedicated network for pods is created in a namespace, and keeps them ready to be attached to pods. Port prepopulation is disabled by default.
-
-| `mtu`
-| `integer`
-| mtu is the MTU that Kuryr should use when creating pod networks in Neutron. The value has to be lower or equal to the MTU of the nodes network and Neutron has to allow creation of tenant networks with such MTU. If unset Pod networks will be created with the same MTU as the nodes network has.
-
-| `openStackServiceNetwork`
-| `string`
-| openStackServiceNetwork contains the CIDR of network from which to allocate IPs for OpenStack Octavia's Amphora VMs. Please note that with Amphora driver Octavia uses two IPs from that network for each loadbalancer - one given by OpenShift and second for VRRP connections. As the first one is managed by OpenShift's and second by Neutron's IPAMs, those need to come from different pools. Therefore `openStackServiceNetwork` needs to be at least twice the size of `serviceNetwork`, and whole `serviceNetwork` must be overlapping with `openStackServiceNetwork`. cluster-network-operator will then make sure VRRP IPs are taken from the ranges inside `openStackServiceNetwork` that are not overlapping with `serviceNetwork`, effectivly preventing conflicts. If not set cluster-network-operator will use `serviceNetwork` expanded by decrementing the prefix size by 1.
-
-| `poolBatchPorts`
-| `integer`
-| poolBatchPorts sets a number of ports that should be created in a single batch request to extend the port pool. The default is 3. For more information about port pools see enablePortPoolsPrepopulation setting.
-
-| `poolMaxPorts`
-| `integer`
-| poolMaxPorts sets a maximum number of free ports that are being kept in a port pool. If the number of ports exceeds this setting, free ports will get deleted. Setting 0 will disable this upper bound, effectively preventing pools from shrinking and this is the default value. For more information about port pools see enablePortPoolsPrepopulation setting.
-
-| `poolMinPorts`
-| `integer`
-| poolMinPorts sets a minimum number of free ports that should be kept in a port pool. If the number of ports is lower than this setting, new ports will get created and added to pool. The default is 1. For more information about port pools see enablePortPoolsPrepopulation setting.
-
 |===
 === .spec.defaultNetwork.openshiftSDNConfig
 Description::
@@ -650,10 +596,66 @@ Type::
 |===
 | Property | Type | Description
 
+| `ipForwarding`
+| `string`
+| IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global".
+
+| `ipv4`
+| `object`
+| ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.
+
+| `ipv6`
+| `object`
+| ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.
+
 | `routingViaHost`
 | `boolean`
 | RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.
 
+|===
+=== .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4
+Description::
++
+--
+ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `internalMasqueradeSubnet`
+| `string`
+| internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format
+
+|===
+=== .spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6
+Description::
++
+--
+ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `internalMasqueradeSubnet`
+| `string`
+| internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted
+
 |===
 === .spec.defaultNetwork.ovnKubernetesConfig.hybridOverlayConfig
 Description::
@@ -762,6 +764,10 @@ Type::
 | `integer`
 | maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB
 
+| `maxLogFiles`
+| `integer`
+| maxLogFiles specifies the maximum number of ACL_audit log files that can be present.
+
 | `rateLimit`
 | `integer`
 | rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.
@@ -1223,14 +1229,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/networks
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1239,46 +1237,6 @@ Description::
   delete collection of Network
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1298,46 +1256,6 @@ Description::
   list objects of kind Network
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1364,12 +1282,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1407,14 +1322,6 @@ Description::
 | name of the Network
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1430,25 +1337,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1469,16 +1359,6 @@ Description::
   read the specified Network
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1505,22 +1385,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1546,12 +1415,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc b/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc
index 97d40497de38..3a1fa7fd0e4e 100644
--- a/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/openshiftapiserver-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="openshiftapiserver-operator-openshift-io-v1"]
 = OpenShiftAPIServer [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -268,14 +268,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/openshiftapiservers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -284,46 +276,6 @@ Description::
   delete collection of OpenShiftAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -343,46 +295,6 @@ Description::
   list objects of kind OpenShiftAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -409,12 +321,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -452,14 +361,6 @@ Description::
 | name of the OpenShiftAPIServer
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -475,25 +376,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -514,16 +398,6 @@ Description::
   read the specified OpenShiftAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -550,22 +424,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -591,12 +454,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -632,14 +492,6 @@ Description::
 | name of the OpenShiftAPIServer
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -648,16 +500,6 @@ Description::
   read status of the specified OpenShiftAPIServer
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -684,22 +526,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -725,12 +556,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc b/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc
index 040c209192b1..8686c65cb1ad 100644
--- a/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/openshiftcontrollermanager-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="openshiftcontrollermanager-operator-openshift-io-v1"]
 = OpenShiftControllerManager [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -264,14 +264,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/openshiftcontrollermanagers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -280,46 +272,6 @@ Description::
   delete collection of OpenShiftControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -339,46 +291,6 @@ Description::
   list objects of kind OpenShiftControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -405,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -448,14 +357,6 @@ Description::
 | name of the OpenShiftControllerManager
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -471,25 +372,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -510,16 +394,6 @@ Description::
   read the specified OpenShiftControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -546,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -587,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -628,14 +488,6 @@ Description::
 | name of the OpenShiftControllerManager
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -644,16 +496,6 @@ Description::
   read status of the specified OpenShiftControllerManager
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -680,22 +522,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -721,12 +552,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/operator-apis-index.adoc b/rest_api/operator_apis/operator-apis-index.adoc
index 63aea89a7172..50a91954d718 100644
--- a/rest_api/operator_apis/operator-apis-index.adoc
+++ b/rest_api/operator_apis/operator-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operator-apis"]
 = Operator APIs
 :toc: macro
@@ -84,7 +84,8 @@ Type::
 Description::
 +
 --
-Config contains the configuration and detailed condition status for the Samples Operator.
+Config contains the configuration and detailed condition status for the Samples Operator. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
 Type::
@@ -238,6 +239,18 @@ KubeStorageVersionMigrator provides information to configure an operator to mana
  Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
 --
 
+Type::
+  `object`
+
+== MachineConfiguration [operator.openshift.io/v1]
+
+Description::
++
+--
+MachineConfiguration provides information to configure an operator to manage Machine Configuration. 
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+--
+
 Type::
   `object`
 
@@ -283,7 +296,10 @@ Description::
 +
 --
 OperatorPKI is a simple certificate authority. It is not intended for external use - rather, it is internal to the network operator. The CNO creates a CA and a certificate signed by that CA. The certificate has both ClientAuth and ServerAuth extended usages enabled. 
- More specifically, given an OperatorPKI with <name>, the CNO will manage: - A Secret called <name>-ca with two data keys: - tls.key - the private key - tls.crt - the CA certificate - A ConfigMap called <name>-ca with a single data key: - cabundle.crt - the CA certificate(s) - A Secret called <name>-cert with two data keys: - tls.key - the private key - tls.crt - the certificate, signed by the CA 
+ More specifically, given an OperatorPKI with <name>, the CNO will manage: 
+ - A Secret called <name>-ca with two data keys: - tls.key - the private key - tls.crt - the CA certificate 
+ - A ConfigMap called <name>-ca with a single data key: - cabundle.crt - the CA certificate(s) 
+ - A Secret called <name>-cert with two data keys: - tls.key - the private key - tls.crt - the certificate, signed by the CA 
  The CA certificate will have a validity of 10 years, rotated after 9. The target certificate will have a validity of 6 months, rotated after 3 
  The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation time.
 --
diff --git a/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc b/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc
index 96f90a840c8e..0746e26cf905 100644
--- a/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/operatorpki-network-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operatorpki-network-operator-openshift-io-v1"]
 = OperatorPKI [network.operator.openshift.io/v1]
 :toc: macro
@@ -12,7 +12,10 @@ Description::
 +
 --
 OperatorPKI is a simple certificate authority. It is not intended for external use - rather, it is internal to the network operator. The CNO creates a CA and a certificate signed by that CA. The certificate has both ClientAuth and ServerAuth extended usages enabled. 
- More specifically, given an OperatorPKI with <name>, the CNO will manage: - A Secret called <name>-ca with two data keys: - tls.key - the private key - tls.crt - the CA certificate - A ConfigMap called <name>-ca with a single data key: - cabundle.crt - the CA certificate(s) - A Secret called <name>-cert with two data keys: - tls.key - the private key - tls.crt - the certificate, signed by the CA 
+ More specifically, given an OperatorPKI with <name>, the CNO will manage: 
+ - A Secret called <name>-ca with two data keys: - tls.key - the private key - tls.crt - the CA certificate 
+ - A ConfigMap called <name>-ca with a single data key: - cabundle.crt - the CA certificate(s) 
+ - A Secret called <name>-cert with two data keys: - tls.key - the private key - tls.crt - the certificate, signed by the CA 
  The CA certificate will have a validity of 10 years, rotated after 9. The target certificate will have a validity of 6 months, rotated after 3 
  The CA certificate will have a CommonName of "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation time.
 --
@@ -133,49 +136,6 @@ The following API endpoints are available:
 === /apis/network.operator.openshift.io/v1/operatorpkis
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -197,23 +157,7 @@ Description::
 
 === /apis/network.operator.openshift.io/v1/namespaces/{namespace}/operatorpkis
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -222,46 +166,6 @@ Description::
   delete collection of OperatorPKI
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -281,46 +185,6 @@ Description::
   list objects of kind OperatorPKI
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -347,12 +211,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -388,19 +249,8 @@ Description::
 | `name`
 | `string`
 | name of the OperatorPKI
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -416,25 +266,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -455,16 +288,6 @@ Description::
   read the specified OperatorPKI
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -491,22 +314,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -532,12 +344,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/serviceca-operator-openshift-io-v1.adoc b/rest_api/operator_apis/serviceca-operator-openshift-io-v1.adoc
index fdee09aed2c7..f610f0149e73 100644
--- a/rest_api/operator_apis/serviceca-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/serviceca-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serviceca-operator-openshift-io-v1"]
 = ServiceCA [operator.openshift.io/v1]
 :toc: macro
@@ -86,7 +86,7 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 |===
 === .status
@@ -264,14 +264,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/servicecas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -280,46 +272,6 @@ Description::
   delete collection of ServiceCA
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -339,46 +291,6 @@ Description::
   list objects of kind ServiceCA
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -405,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -448,14 +357,6 @@ Description::
 | name of the ServiceCA
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -471,25 +372,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -510,16 +394,6 @@ Description::
   read the specified ServiceCA
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -546,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -587,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -628,14 +488,6 @@ Description::
 | name of the ServiceCA
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -644,16 +496,6 @@ Description::
   read status of the specified ServiceCA
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -680,22 +522,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -721,12 +552,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc b/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc
index 1054a152b1a9..5f9d0d6e0e76 100644
--- a/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc
+++ b/rest_api/operator_apis/storage-operator-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storage-operator-openshift-io-v1"]
 = Storage [operator.openshift.io/v1]
 :toc: macro
@@ -86,11 +86,11 @@ Type::
 
 | `unsupportedConfigOverrides`
 | ``
-| unsupportedConfigOverrides holds a sparse config that will override any previously set options.  It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides
+| unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
 
 | `vsphereStorageDriver`
 | `string`
-| VSphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is LegacyDeprecatedInTreeDriver. DEPRECATED: This field will be removed in a future release.
+| VSphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.
 
 |===
 === .status
@@ -268,14 +268,6 @@ The following API endpoints are available:
 === /apis/operator.openshift.io/v1/storages
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -284,46 +276,6 @@ Description::
   delete collection of Storage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -343,46 +295,6 @@ Description::
   list objects of kind Storage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -409,12 +321,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -452,14 +361,6 @@ Description::
 | name of the Storage
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -475,25 +376,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -514,16 +398,6 @@ Description::
   read the specified Storage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -550,22 +424,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -591,12 +454,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -632,14 +492,6 @@ Description::
 | name of the Storage
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -648,16 +500,6 @@ Description::
   read status of the specified Storage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -684,22 +526,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -725,12 +556,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc
index b4c5b56c5d97..f415dccb29e3 100644
--- a/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/catalogsource-operators-coreos-com-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="catalogsource-operators-coreos-com-v1alpha1"]
 = CatalogSource [operators.coreos.com/v1alpha1]
 :toc: macro
@@ -104,29 +104,1306 @@ Required::
 | `string`
 | 
 
+| `runAsRoot`
+| `boolean`
+| RunAsRoot allows admins to indicate that they wish to run the CatalogSource pod in a privileged pod as root.  This should only be enabled when running older catalog images which could not be run as non-root.
+
 | `secrets`
 | `array (string)`
 | Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry.
 
-| `sourceType`
-| `string`
-| SourceType is the type of source
+| `sourceType`
+| `string`
+| SourceType is the type of source
+
+| `updateStrategy`
+| `object`
+| UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type
+
+|===
+=== .spec.grpcPodConfig
+Description::
++
+--
+GrpcPodConfig exposes different overrides for the pod spec of the CatalogSource Pod. Only used when SourceType = SourceTypeGrpc and Image is set.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `affinity`
+| `object`
+| Affinity is the catalog source's pod's affinity.
+
+| `extractContent`
+| `object`
+| ExtractContent configures the gRPC catalog Pod to extract catalog metadata from the provided index image and use a well-known version of the `opm` server to expose it. The catalog index image that this CatalogSource is configured to use *must* be using the file-based catalogs in order to utilize this feature.
+
+| `memoryTarget`
+| `integer-or-string`
+| MemoryTarget configures the $GOMEMLIMIT value for the gRPC catalog Pod. This is a soft memory limit for the server, which the runtime will attempt to meet but makes no guarantees that it will do so. If this value is set, the Pod will have the following modifications made to the container running the server: - the $GOMEMLIMIT environment variable will be set to this value in bytes - the memory request will be set to this value 
+ This field should be set if it's desired to reduce the footprint of a catalog server as much as possible, or if a catalog being served is very large and needs more than the default allocation. If your index image has a file- system cache, determine a good approximation for this value by doubling the size of the package cache at /tmp/cache/cache/packages.json in the index image. 
+ This field is best-effort; if unset, no default will be used and no Pod memory limit or $GOMEMLIMIT value will be set.
+
+| `nodeSelector`
+| `object (string)`
+| NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node.
+
+| `priorityClassName`
+| `string`
+| If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
+
+| `securityContextConfig`
+| `string`
+| SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. 
+ In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes. 
+ More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'
+
+| `tolerations`
+| `array`
+| Tolerations are the catalog source's pod's tolerations.
+
+| `tolerations[]`
+| `object`
+| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+
+|===
+=== .spec.grpcPodConfig.affinity
+Description::
++
+--
+Affinity is the catalog source's pod's affinity.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeAffinity`
+| `object`
+| Describes node affinity scheduling rules for the pod.
+
+| `podAffinity`
+| `object`
+| Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+
+| `podAntiAffinity`
+| `object`
+| Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity
+Description::
++
+--
+Describes node affinity scheduling rules for the pod.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `object`
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+--
+
+Type::
+  `object`
+
+Required::
+  - `preference`
+  - `weight`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preference`
+| `object`
+| A node selector term, associated with the corresponding weight.
+
+| `weight`
+| `integer`
+| Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference
+Description::
++
+--
+A node selector term, associated with the corresponding weight.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+--
+
+Type::
+  `object`
+
+Required::
+  - `nodeSelectorTerms`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nodeSelectorTerms`
+| `array`
+| Required. A list of node selector terms. The terms are ORed.
+
+| `nodeSelectorTerms[]`
+| `object`
+| A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
+Description::
++
+--
+Required. A list of node selector terms. The terms are ORed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[]
+Description::
++
+--
+A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| A list of node selector requirements by node's labels.
+
+| `matchExpressions[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchFields`
+| `array`
+| A list of node selector requirements by node's fields.
+
+| `matchFields[]`
+| `object`
+| A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions
+Description::
++
+--
+A list of node selector requirements by node's labels.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields
+Description::
++
+--
+A list of node selector requirements by node's fields.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchFields[]
+Description::
++
+--
+A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| The label key that the selector applies to.
+
+| `operator`
+| `string`
+| Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
+| `values`
+| `array (string)`
+| An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity
+Description::
++
+--
+Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `podAffinityTerm`
+  - `weight`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Required. A pod affinity term, associated with the corresponding weight.
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Required. A pod affinity term, associated with the corresponding weight.
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| `object`
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| `object`
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector
+Description::
++
+--
+A label query over a set of resources, in this case pods.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector
+Description::
++
+--
+A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| `object`
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| `object`
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector
+Description::
++
+--
+A label query over a set of resources, in this case pods.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector
+Description::
++
+--
+A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity
+Description::
++
+--
+Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `preferredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+
+| `preferredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+
+| `requiredDuringSchedulingIgnoredDuringExecution`
+| `array`
+| If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+| `requiredDuringSchedulingIgnoredDuringExecution[]`
+| `object`
+| Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+--
+
+Type::
+  `object`
+
+Required::
+  - `podAffinityTerm`
+  - `weight`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `podAffinityTerm`
+| `object`
+| Required. A pod affinity term, associated with the corresponding weight.
+
+| `weight`
+| `integer`
+| weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm
+Description::
++
+--
+Required. A pod affinity term, associated with the corresponding weight.
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| `object`
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| `object`
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector
+Description::
++
+--
+A label query over a set of resources, in this case pods.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector
+Description::
++
+--
+A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
+| `object`
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.namespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
+Description::
++
+--
+If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[]
+Description::
++
+--
+Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
+--
+
+Type::
+  `object`
+
+Required::
+  - `topologyKey`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `labelSelector`
+| `object`
+| A label query over a set of resources, in this case pods.
+
+| `namespaceSelector`
+| `object`
+| A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+
+| `namespaces`
+| `array (string)`
+| namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+
+| `topologyKey`
+| `string`
+| This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector
+Description::
++
+--
+A label query over a set of resources, in this case pods.
+--
+
+Type::
+  `object`
 
-| `updateStrategy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
+| `array`
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
+| `matchExpressions[]`
 | `object`
-| UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 
 |===
-=== .spec.grpcPodConfig
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions
 Description::
 +
 --
-GrpcPodConfig exposes different overrides for the pod spec of the CatalogSource Pod. Only used when SourceType = SourceTypeGrpc and Image is set.
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 --
 
 Type::
   `object`
 
+Required::
+  - `key`
+  - `operator`
 
 
 
@@ -134,27 +1411,122 @@ Type::
 |===
 | Property | Type | Description
 
-| `nodeSelector`
-| `object (string)`
-| NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node.
-
-| `priorityClassName`
+| `key`
 | `string`
-| If specified, indicates the pod's priority. If not specified, the pod priority will be default or zero if there is no default.
+| key is the label key that the selector applies to.
 
-| `securityContextConfig`
+| `operator`
 | `string`
-| SecurityContextConfig can be one of `legacy` or `restricted`. The CatalogSource's pod is either injected with the right pod.spec.securityContext and pod.spec.container[*].securityContext values to allow the pod to run in Pod Security Admission (PSA) `restricted` mode, or doesn't set these values at all, in which case the pod can only be run in PSA `baseline` or `privileged` namespaces. Currently if the SecurityContextConfig is unspecified, the default value of `legacy` is used. Specifying a value other than `legacy` or `restricted` result in a validation error. When using older catalog images, which could not be run in `restricted` mode, the SecurityContextConfig should be set to `legacy`. 
- In a future version will the default will be set to `restricted`, catalog maintainers should rebuild their catalogs with a version of opm that supports running catalogSource pods in `restricted` mode to prepare for these changes. 
- More information about PSA can be found here: https://kubernetes.io/docs/concepts/security/pod-security-admission/'
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 
-| `tolerations`
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector
+Description::
++
+--
+A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `matchExpressions`
 | `array`
-| Tolerations are the catalog source's pod's tolerations.
+| matchExpressions is a list of label selector requirements. The requirements are ANDed.
 
-| `tolerations[]`
+| `matchExpressions[]`
 | `object`
-| The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+| `matchLabels`
+| `object (string)`
+| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+|===
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions
+Description::
++
+--
+matchExpressions is a list of label selector requirements. The requirements are ANDed.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.grpcPodConfig.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].namespaceSelector.matchExpressions[]
+Description::
++
+--
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+--
+
+Type::
+  `object`
+
+Required::
+  - `key`
+  - `operator`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `key`
+| `string`
+| key is the label key that the selector applies to.
+
+| `operator`
+| `string`
+| operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
+| `values`
+| `array (string)`
+| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+|===
+=== .spec.grpcPodConfig.extractContent
+Description::
++
+--
+ExtractContent configures the gRPC catalog Pod to extract catalog metadata from the provided index image and use a well-known version of the `opm` server to expose it. The catalog index image that this CatalogSource is configured to use *must* be using the file-based catalogs in order to utilize this feature.
+--
+
+Type::
+  `object`
+
+Required::
+  - `cacheDir`
+  - `catalogDir`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `cacheDir`
+| `string`
+| CacheDir is the directory storing the pre-calculated API cache.
+
+| `catalogDir`
+| `string`
+| CatalogDir is the directory storing the file-based catalog contents.
 
 |===
 === .spec.grpcPodConfig.tolerations
@@ -532,49 +1904,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1alpha1/catalogsources
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -596,23 +1925,7 @@ Description::
 
 === /apis/operators.coreos.com/v1alpha1/namespaces/{namespace}/catalogsources
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -621,46 +1934,6 @@ Description::
   delete collection of CatalogSource
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -680,46 +1953,6 @@ Description::
   list objects of kind CatalogSource
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -746,12 +1979,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -787,19 +2017,8 @@ Description::
 | `name`
 | `string`
 | name of the CatalogSource
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -815,25 +2034,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -854,16 +2056,6 @@ Description::
   read the specified CatalogSource
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -890,22 +2082,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -931,12 +2112,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -970,19 +2148,8 @@ Description::
 | `name`
 | `string`
 | name of the CatalogSource
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -991,16 +2158,6 @@ Description::
   read status of the specified CatalogSource
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1027,22 +2184,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1068,12 +2214,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc
index 6617249b8c50..8bffbd057c03 100644
--- a/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/clusterserviceversion-operators-coreos-com-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterserviceversion-operators-coreos-com-v1alpha1"]
 = ClusterServiceVersion [operators.coreos.com/v1alpha1]
 :toc: macro
@@ -88,15 +88,15 @@ Required::
 
 | `description`
 | `string`
-| 
+| Description of the operator. Can include the features, limitations or use-cases of the operator.
 
 | `displayName`
 | `string`
-| 
+| The name of the operator in display format.
 
 | `icon`
 | `array`
-| 
+| The icon for this operator.
 
 | `icon[]`
 | `object`
@@ -116,7 +116,7 @@ Required::
 
 | `keywords`
 | `array (string)`
-| 
+| A list of keywords describing the operator.
 
 | `labels`
 | `object (string)`
@@ -124,7 +124,7 @@ Required::
 
 | `links`
 | `array`
-| 
+| A list of links related to the operator.
 
 | `links[]`
 | `object`
@@ -132,7 +132,7 @@ Required::
 
 | `maintainers`
 | `array`
-| 
+| A list of organizational entities maintaining the operator.
 
 | `maintainers[]`
 | `object`
@@ -156,7 +156,7 @@ Required::
 
 | `provider`
 | `object`
-| 
+| The publishing entity behind the operator.
 
 | `relatedImages`
 | `array`
@@ -302,7 +302,7 @@ Required::
 
 | `resources[]`
 | `object`
-| APIResourceReference is a Kubernetes resource type used by a custom resource
+| APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 
 | `specDescriptors`
 | `array`
@@ -395,7 +395,7 @@ Type::
 Description::
 +
 --
-APIResourceReference is a Kubernetes resource type used by a custom resource
+APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 --
 
 Type::
@@ -414,15 +414,15 @@ Required::
 
 | `kind`
 | `string`
-| 
+| Kind of the referenced resource type.
 
 | `name`
 | `string`
-| 
+| Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.
 
 | `version`
 | `string`
-| 
+| API Version of the referenced resource type.
 
 |===
 === .spec.apiservicedefinitions.owned[].specDescriptors
@@ -608,7 +608,7 @@ Required::
 
 | `resources[]`
 | `object`
-| APIResourceReference is a Kubernetes resource type used by a custom resource
+| APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 
 | `specDescriptors`
 | `array`
@@ -701,7 +701,7 @@ Type::
 Description::
 +
 --
-APIResourceReference is a Kubernetes resource type used by a custom resource
+APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 --
 
 Type::
@@ -720,15 +720,15 @@ Required::
 
 | `kind`
 | `string`
-| 
+| Kind of the referenced resource type.
 
 | `name`
 | `string`
-| 
+| Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.
 
 | `version`
 | `string`
-| 
+| API Version of the referenced resource type.
 
 |===
 === .spec.apiservicedefinitions.required[].specDescriptors
@@ -960,7 +960,7 @@ Required::
 
 | `resources[]`
 | `object`
-| APIResourceReference is a Kubernetes resource type used by a custom resource
+| APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 
 | `specDescriptors`
 | `array`
@@ -1053,7 +1053,7 @@ Type::
 Description::
 +
 --
-APIResourceReference is a Kubernetes resource type used by a custom resource
+APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 --
 
 Type::
@@ -1072,15 +1072,15 @@ Required::
 
 | `kind`
 | `string`
-| 
+| Kind of the referenced resource type.
 
 | `name`
 | `string`
-| 
+| Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.
 
 | `version`
 | `string`
-| 
+| API Version of the referenced resource type.
 
 |===
 === .spec.customresourcedefinitions.owned[].specDescriptors
@@ -1253,7 +1253,7 @@ Required::
 
 | `resources[]`
 | `object`
-| APIResourceReference is a Kubernetes resource type used by a custom resource
+| APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 
 | `specDescriptors`
 | `array`
@@ -1346,7 +1346,7 @@ Type::
 Description::
 +
 --
-APIResourceReference is a Kubernetes resource type used by a custom resource
+APIResourceReference is a reference to a Kubernetes resource type that the referrer utilizes.
 --
 
 Type::
@@ -1365,15 +1365,15 @@ Required::
 
 | `kind`
 | `string`
-| 
+| Kind of the referenced resource type.
 
 | `name`
 | `string`
-| 
+| Plural name of the referenced resource type (CustomResourceDefinition.Spec.Names[].Plural). Empty string if the referenced resource type is not a custom resource.
 
 | `version`
 | `string`
-| 
+| API Version of the referenced resource type.
 
 |===
 === .spec.customresourcedefinitions.required[].specDescriptors
@@ -1486,7 +1486,7 @@ Required::
 Description::
 +
 --
-
+The icon for this operator.
 --
 
 Type::
@@ -1791,7 +1791,7 @@ Required::
 
 | `template`
 | `object`
-| Template describes the pods that will be created.
+| Template describes the pods that will be created. The only allowed template.spec.restartPolicy value is "Always".
 
 |===
 === .spec.install.spec.deployments[].spec.selector
@@ -1926,7 +1926,7 @@ Type::
 Description::
 +
 --
-Template describes the pods that will be created.
+Template describes the pods that will be created. The only allowed template.spec.restartPolicy value is "Always".
 --
 
 Type::
@@ -2090,9 +2090,19 @@ Required::
 | `object`
 | PodReadinessGate contains the reference to a pod condition
 
+| `resourceClaims`
+| `array`
+| ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable.
+
+| `resourceClaims[]`
+| `object`
+| PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+
 | `restartPolicy`
 | `string`
-| Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
 
 | `runtimeClassName`
 | `string`
@@ -2102,6 +2112,16 @@ Required::
 | `string`
 | If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
 
+| `schedulingGates`
+| `array`
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 
+ SchedulingGates can only be set at pod creation time, and be removed only afterwards. 
+ This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+
+| `schedulingGates[]`
+| `object`
+| PodSchedulingGate is associated to a Pod to guard its scheduling.
+
 | `securityContext`
 | `object`
 | SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty.  See type description for default values of each field.
@@ -3568,6 +3588,14 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -4076,7 +4104,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4242,7 +4270,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4304,7 +4332,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4361,7 +4389,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4465,7 +4493,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4580,7 +4608,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4637,7 +4665,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4741,7 +4769,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4775,6 +4803,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.containers[].resources
 Description::
@@ -4793,13 +4863,62 @@ Type::
 |===
 | Property | Type | Description
 
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
 | `limits`
 | `integer-or-string`
 | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.containers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.containers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.containers[].securityContext
@@ -5014,7 +5133,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5071,7 +5190,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -5175,7 +5294,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5472,6 +5591,14 @@ Required::
 | `object`
 | Probes are not allowed for ephemeral containers.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
@@ -5985,7 +6112,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6151,7 +6278,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6213,7 +6340,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6270,7 +6397,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6374,7 +6501,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6489,7 +6616,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6546,7 +6673,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6650,7 +6777,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6684,6 +6811,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].resources
 Description::
@@ -6702,13 +6871,62 @@ Type::
 |===
 | Property | Type | Description
 
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
 | `limits`
 | `integer-or-string`
 | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.ephemeralContainers[].securityContext
@@ -6923,7 +7141,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6980,7 +7198,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -7084,7 +7302,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -7381,6 +7599,14 @@ Required::
 | `object`
 | Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -7889,7 +8115,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -8055,7 +8281,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -8117,7 +8343,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -8174,7 +8400,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -8278,7 +8504,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -8393,7 +8619,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -8450,7 +8676,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -8554,7 +8780,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -8588,6 +8814,48 @@ Required::
 | `integer-or-string`
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.initContainers[].resources
 Description::
@@ -8606,13 +8874,62 @@ Type::
 |===
 | Property | Type | Description
 
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
 | `limits`
 | `integer-or-string`
 | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.initContainers[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.initContainers[].securityContext
@@ -8827,7 +9144,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -8884,7 +9201,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -8988,7 +9305,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -9185,6 +9502,117 @@ Required::
 | `string`
 | ConditionType refers to a condition in the pod's condition list with matching type.
 
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.resourceClaims
+Description::
++
+--
+ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.resourceClaims[]
+Description::
++
+--
+PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.
+
+| `source`
+| `object`
+| Source describes where to find the ResourceClaim.
+
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.resourceClaims[].source
+Description::
++
+--
+Source describes where to find the ResourceClaim.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceClaimName`
+| `string`
+| ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
+
+| `resourceClaimTemplateName`
+| `string`
+| ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 
+ The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). 
+ An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. 
+ This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
+
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.schedulingGates
+Description::
++
+--
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 
+ SchedulingGates can only be set at pod creation time, and be removed only afterwards. 
+ This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.schedulingGates[]
+Description::
++
+--
+PodSchedulingGate is associated to a Pod to guard its scheduling.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name of the scheduling gate. Each scheduling gate must have a unique name field.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.securityContext
 Description::
@@ -9235,7 +9663,7 @@ Type::
 
 | `supplementalGroups`
 | `array (integer)`
-| A list of groups applied to the first process run in each container, in addition to the container's primary GID.  If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.
+| A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.
 
 | `sysctls`
 | `array`
@@ -9480,7 +9908,8 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -9495,12 +9924,12 @@ Required::
 | `nodeAffinityPolicy`
 | `string`
 | NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 
- If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
 | `nodeTaintsPolicy`
 | `string`
 | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 
- If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
 | `topologyKey`
 | `string`
@@ -10290,7 +10719,7 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].ephemeral
@@ -10389,11 +10818,11 @@ Type::
 
 | `dataSource`
 | `object`
-| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
+| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 
 | `dataSourceRef`
 | `object`
-| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 
 | `resources`
 | `object`
@@ -10420,7 +10849,7 @@ Type::
 Description::
 +
 --
-dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
+dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 --
 
 Type::
@@ -10453,7 +10882,7 @@ Required::
 Description::
 +
 --
-dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 --
 
 Type::
@@ -10481,6 +10910,10 @@ Required::
 | `string`
 | Name is the name of resource being referenced
 
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources
 Description::
@@ -10499,13 +10932,62 @@ Type::
 |===
 | Property | Type | Description
 
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
 | `limits`
 | `integer-or-string`
 | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.install.spec.deployments[].spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.install.spec.deployments[].spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 |===
 === .spec.install.spec.deployments[].spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.selector
@@ -11981,7 +12463,7 @@ Required::
 Description::
 +
 --
-
+A list of links related to the operator.
 --
 
 Type::
@@ -12020,7 +12502,7 @@ Type::
 Description::
 +
 --
-
+A list of organizational entities maintaining the operator.
 --
 
 Type::
@@ -12106,7 +12588,7 @@ Required::
 Description::
 +
 --
-
+The publishing entity behind the operator.
 --
 
 Type::
@@ -12870,49 +13352,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1alpha1/clusterserviceversions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -12934,23 +13373,7 @@ Description::
 
 === /apis/operators.coreos.com/v1alpha1/namespaces/{namespace}/clusterserviceversions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -12959,46 +13382,6 @@ Description::
   delete collection of ClusterServiceVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -13018,46 +13401,6 @@ Description::
   list objects of kind ClusterServiceVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -13084,12 +13427,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -13125,19 +13465,8 @@ Description::
 | `name`
 | `string`
 | name of the ClusterServiceVersion
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -13153,25 +13482,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -13192,16 +13504,6 @@ Description::
   read the specified ClusterServiceVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -13228,22 +13530,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -13269,12 +13560,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -13308,19 +13596,8 @@ Description::
 | `name`
 | `string`
 | name of the ClusterServiceVersion
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -13329,16 +13606,6 @@ Description::
   read status of the specified ClusterServiceVersion
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -13365,22 +13632,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -13406,12 +13662,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc
index 4e262c213c36..1fb229f5e954 100644
--- a/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/installplan-operators-coreos-com-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installplan-operators-coreos-com-v1alpha1"]
 = InstallPlan [operators.coreos.com/v1alpha1]
 :toc: macro
@@ -560,49 +560,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1alpha1/installplans
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -624,23 +581,7 @@ Description::
 
 === /apis/operators.coreos.com/v1alpha1/namespaces/{namespace}/installplans
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -649,46 +590,6 @@ Description::
   delete collection of InstallPlan
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -708,46 +609,6 @@ Description::
   list objects of kind InstallPlan
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -774,12 +635,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -815,19 +673,8 @@ Description::
 | `name`
 | `string`
 | name of the InstallPlan
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -843,25 +690,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -882,16 +712,6 @@ Description::
   read the specified InstallPlan
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -918,22 +738,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -959,12 +768,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -998,19 +804,8 @@ Description::
 | `name`
 | `string`
 | name of the InstallPlan
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1019,16 +814,6 @@ Description::
   read status of the specified InstallPlan
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1055,22 +840,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1096,12 +870,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc
index a1cb5fec8732..266eb9e41f06 100644
--- a/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/olmconfig-operators-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="olmconfig-operators-coreos-com-v1"]
 = OLMConfig [operators.coreos.com/v1]
 :toc: macro
@@ -91,6 +91,10 @@ Type::
 | `boolean`
 | DisableCopiedCSVs is used to disable OLM's "Copied CSV" feature for operators installed at the cluster scope, where a cluster scoped operator is one that has been installed in an OperatorGroup that targets all namespaces. When reenabled, OLM will recreate the "Copied CSVs" for each cluster scoped operator.
 
+| `packageServerSyncInterval`
+| `string`
+| PackageServerSyncInterval is used to define the sync interval for packagerserver pods. Packageserver pods periodically check the status of CatalogSources; this specifies the period using duration format (e.g. "60m"). For this parameter, only hours ("h"), minutes ("m"), and seconds ("s") may be specified. When not specified, the period defaults to the value specified within the packageserver.
+
 |===
 === .status
 Description::
@@ -206,14 +210,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1/olmconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -222,46 +218,6 @@ Description::
   delete collection of OLMConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -281,46 +237,6 @@ Description::
   list objects of kind OLMConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -347,12 +263,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -390,14 +303,6 @@ Description::
 | name of the OLMConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -413,25 +318,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -452,16 +340,6 @@ Description::
   read the specified OLMConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -488,22 +366,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -529,12 +396,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -570,14 +434,6 @@ Description::
 | name of the OLMConfig
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -586,16 +442,6 @@ Description::
   read status of the specified OLMConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -622,22 +468,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -663,12 +498,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc
index 82b731bdbe24..b2f19cf812d3 100644
--- a/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/operator-operators-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operator-operators-coreos-com-v1"]
 = Operator [operators.coreos.com/v1]
 :toc: macro
@@ -337,14 +337,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1/operators
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -353,46 +345,6 @@ Description::
   delete collection of Operator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -412,46 +364,6 @@ Description::
   list objects of kind Operator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -478,12 +390,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -521,14 +430,6 @@ Description::
 | name of the Operator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -544,25 +445,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -583,16 +467,6 @@ Description::
   read the specified Operator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -619,22 +493,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -660,12 +523,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -701,14 +561,6 @@ Description::
 | name of the Operator
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -717,16 +569,6 @@ Description::
   read status of the specified Operator
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -753,22 +595,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -794,12 +625,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc b/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc
index 8076985b06f6..420a64e8e19f 100644
--- a/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc
+++ b/rest_api/operatorhub_apis/operatorcondition-operators-coreos-com-v2.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operatorcondition-operators-coreos-com-v2"]
 = OperatorCondition [operators.coreos.com/v2]
 :toc: macro
@@ -335,49 +335,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v2/operatorconditions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -399,23 +356,7 @@ Description::
 
 === /apis/operators.coreos.com/v2/namespaces/{namespace}/operatorconditions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -424,46 +365,6 @@ Description::
   delete collection of OperatorCondition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -483,46 +384,6 @@ Description::
   list objects of kind OperatorCondition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -549,12 +410,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -590,19 +448,8 @@ Description::
 | `name`
 | `string`
 | name of the OperatorCondition
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -618,25 +465,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -657,16 +487,6 @@ Description::
   read the specified OperatorCondition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -693,22 +513,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -734,12 +543,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -773,19 +579,8 @@ Description::
 | `name`
 | `string`
 | name of the OperatorCondition
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -794,16 +589,6 @@ Description::
   read status of the specified OperatorCondition
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -830,22 +615,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -871,12 +645,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc
index fa7bd7102309..7869460bf018 100644
--- a/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/operatorgroup-operators-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operatorgroup-operators-coreos-com-v1"]
 = OperatorGroup [operators.coreos.com/v1]
 :toc: macro
@@ -341,49 +341,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1/operatorgroups
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -405,23 +362,7 @@ Description::
 
 === /apis/operators.coreos.com/v1/namespaces/{namespace}/operatorgroups
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -430,46 +371,6 @@ Description::
   delete collection of OperatorGroup
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -489,46 +390,6 @@ Description::
   list objects of kind OperatorGroup
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -555,12 +416,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -596,19 +454,8 @@ Description::
 | `name`
 | `string`
 | name of the OperatorGroup
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -624,25 +471,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -663,16 +493,6 @@ Description::
   read the specified OperatorGroup
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -699,22 +519,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -740,12 +549,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -779,19 +585,8 @@ Description::
 | `name`
 | `string`
 | name of the OperatorGroup
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -800,16 +595,6 @@ Description::
   read status of the specified OperatorGroup
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -836,22 +621,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -877,12 +651,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/operatorhub_apis/operatorhub-apis-index.adoc b/rest_api/operatorhub_apis/operatorhub-apis-index.adoc
index 985df78ef1f7..ff19007cd5d0 100644
--- a/rest_api/operatorhub_apis/operatorhub-apis-index.adoc
+++ b/rest_api/operatorhub_apis/operatorhub-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="operatorhub-apis"]
 = OperatorHub APIs
 :toc: macro
diff --git a/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc b/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc
index bf4f474fb2b4..4af7396b7150 100644
--- a/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc
+++ b/rest_api/operatorhub_apis/packagemanifest-packages-operators-coreos-com-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="packagemanifest-packages-operators-coreos-com-v1"]
 = PackageManifest [packages.operators.coreos.com/v1]
 :toc: macro
@@ -112,6 +112,10 @@ Required::
 | `string`
 | DefaultChannel is, if specified, the name of the default channel for the package. The default channel will be installed if no other channel is explicitly given. If the package has a single channel, then that channel is implicitly the default.
 
+| `deprecation`
+| `object`
+| Deprecation conveys information regarding a deprecated resource.
+
 | `packageName`
 | `string`
 | PackageName is the name of the overall package, ala `etcd`.
@@ -163,6 +167,10 @@ Required::
 | `object`
 | CSVDescription defines a description of a CSV
 
+| `deprecation`
+| `object`
+| Deprecation conveys information regarding a deprecated resource.
+
 | `entries`
 | `array`
 | Entries lists all CSVs in the channel, with their upgrade edges.
@@ -412,6 +420,30 @@ Type::
 | `string`
 | 
 
+|===
+=== .status.channels[].deprecation
+Description::
++
+--
+Deprecation conveys information regarding a deprecated resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `message`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message is a human readable message describing the deprecation.
+
 |===
 === .status.channels[].entries
 Description::
@@ -445,6 +477,10 @@ Required::
 |===
 | Property | Type | Description
 
+| `deprecation`
+| `object`
+| Deprecation conveys information regarding a deprecated resource.
+
 | `name`
 | `string`
 | Name is the name of the bundle for this entry.
@@ -453,6 +489,54 @@ Required::
 | `string`
 | Version is the version of the bundle for this entry.
 
+|===
+=== .status.channels[].entries[].deprecation
+Description::
++
+--
+Deprecation conveys information regarding a deprecated resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `message`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message is a human readable message describing the deprecation.
+
+|===
+=== .status.deprecation
+Description::
++
+--
+Deprecation conveys information regarding a deprecated resource.
+--
+
+Type::
+  `object`
+
+Required::
+  - `message`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `message`
+| `string`
+| Message is a human readable message describing the deprecation.
+
 |===
 === .status.provider
 Description::
@@ -504,10 +588,10 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -518,12 +602,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -534,6 +618,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -575,10 +674,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -589,12 +688,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -605,6 +704,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -649,7 +763,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
diff --git a/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc b/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc
index 0ca7f39b5d1e..a6046d22f4a7 100644
--- a/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc
+++ b/rest_api/operatorhub_apis/subscription-operators-coreos-com-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="subscription-operators-coreos-com-v1alpha1"]
 = Subscription [operators.coreos.com/v1alpha1]
 :toc: macro
@@ -1813,13 +1813,62 @@ Type::
 |===
 | Property | Type | Description
 
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
 | `limits`
 | `integer-or-string`
 | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.config.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.config.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 |===
 === .spec.config.selector
@@ -2710,7 +2759,7 @@ Type::
 
 | `sizeLimit`
 | `integer-or-string`
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.config.volumes[].ephemeral
@@ -2809,11 +2858,11 @@ Type::
 
 | `dataSource`
 | `object`
-| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
+| dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 
 | `dataSourceRef`
 | `object`
-| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+| dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 
 | `resources`
 | `object`
@@ -2840,7 +2889,7 @@ Type::
 Description::
 +
 --
-dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
+dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 --
 
 Type::
@@ -2873,7 +2922,7 @@ Required::
 Description::
 +
 --
-dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 --
 
 Type::
@@ -2901,6 +2950,10 @@ Required::
 | `string`
 | Name is the name of resource being referenced
 
+| `namespace`
+| `string`
+| Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+
 |===
 === .spec.config.volumes[].ephemeral.volumeClaimTemplate.spec.resources
 Description::
@@ -2919,13 +2972,62 @@ Type::
 |===
 | Property | Type | Description
 
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
 | `limits`
 | `integer-or-string`
 | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 | `requests`
 | `integer-or-string`
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .spec.config.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 
+ This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 
+ This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.config.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 
 |===
 === .spec.config.volumes[].ephemeral.volumeClaimTemplate.spec.selector
@@ -4585,49 +4687,6 @@ The following API endpoints are available:
 === /apis/operators.coreos.com/v1alpha1/subscriptions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -4649,23 +4708,7 @@ Description::
 
 === /apis/operators.coreos.com/v1alpha1/namespaces/{namespace}/subscriptions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -4674,46 +4717,6 @@ Description::
   delete collection of Subscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -4733,46 +4736,6 @@ Description::
   list objects of kind Subscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -4799,12 +4762,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -4840,19 +4800,8 @@ Description::
 | `name`
 | `string`
 | name of the Subscription
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -4868,25 +4817,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -4907,16 +4839,6 @@ Description::
   read the specified Subscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -4943,22 +4865,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -4984,12 +4895,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -5023,19 +4931,8 @@ Description::
 | `name`
 | `string`
 | name of the Subscription
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -5044,16 +4941,6 @@ Description::
   read status of the specified Subscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -5080,22 +4967,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -5121,12 +4997,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/policy_apis/eviction-policy-v1.adoc b/rest_api/policy_apis/eviction-policy-v1.adoc
index bf5c2a3f1c0f..784dd484eac4 100644
--- a/rest_api/policy_apis/eviction-policy-v1.adoc
+++ b/rest_api/policy_apis/eviction-policy-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="eviction-policy-v1"]
 = Eviction [policy/v1]
 :toc: macro
@@ -60,9 +60,6 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the Eviction
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -72,15 +69,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc b/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc
index 294449281b78..be1eb7066ed2 100644
--- a/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc
+++ b/rest_api/policy_apis/poddisruptionbudget-policy-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="poddisruptionbudget-policy-v1"]
 = PodDisruptionBudget [policy/v1]
 :toc: macro
@@ -87,7 +87,11 @@ AlwaysAllow policy means that all running pods (status.phase="Running"), but not
 
 Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
 
-This field is alpha-level. The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy is enabled (disabled by default).
+This field is beta-level. The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default).
+
+Possible enum values:
+ - `"AlwaysAllow"` policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
+ - `"IfHealthyBudget"` policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
 
 |===
 === .status
@@ -180,49 +184,6 @@ The following API endpoints are available:
 === /apis/policy/v1/poddisruptionbudgets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -245,49 +206,6 @@ Description::
 === /apis/policy/v1/watch/poddisruptionbudgets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -309,23 +227,7 @@ Description::
 
 === /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -338,57 +240,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -407,46 +263,6 @@ Description::
   list or watch objects of kind PodDisruptionBudget
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -473,12 +289,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -507,58 +320,7 @@ Description::
 
 === /apis/policy/v1/watch/namespaces/{namespace}/poddisruptionbudgets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -587,19 +349,8 @@ Description::
 | `name`
 | `string`
 | name of the PodDisruptionBudget
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -615,25 +366,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -678,25 +412,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -724,12 +444,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -763,54 +480,8 @@ Description::
 | `name`
 | `string`
 | name of the PodDisruptionBudget
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -839,19 +510,8 @@ Description::
 | `name`
 | `string`
 | name of the PodDisruptionBudget
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -884,25 +544,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -930,12 +576,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/policy_apis/policy-apis-index.adoc b/rest_api/policy_apis/policy-apis-index.adoc
index 20e165597452..70c4d9354e68 100644
--- a/rest_api/policy_apis/policy-apis-index.adoc
+++ b/rest_api/policy_apis/policy-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="policy-apis"]
 = Policy APIs
 :toc: macro
diff --git a/rest_api/project_apis/project-apis-index.adoc b/rest_api/project_apis/project-apis-index.adoc
index abff27b82469..d693ca08afcd 100644
--- a/rest_api/project_apis/project-apis-index.adoc
+++ b/rest_api/project_apis/project-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="project-apis"]
 = Project APIs
 :toc: macro
diff --git a/rest_api/project_apis/project-project-openshift-io-v1.adoc b/rest_api/project_apis/project-project-openshift-io-v1.adoc
index 2525893dc788..ce25fa5efe5e 100644
--- a/rest_api/project_apis/project-project-openshift-io-v1.adoc
+++ b/rest_api/project_apis/project-project-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="project-project-openshift-io-v1"]
 = Project [project.openshift.io/v1]
 :toc: macro
@@ -41,7 +41,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -126,14 +126,6 @@ The following API endpoints are available:
 === /apis/project.openshift.io/v1/projects
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -142,46 +134,6 @@ Description::
   list or watch objects of kind Project
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -208,12 +160,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -243,49 +192,6 @@ Description::
 === /apis/project.openshift.io/v1/watch/projects
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -316,14 +222,6 @@ Description::
 | name of the Project
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -339,25 +237,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -402,25 +283,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -448,12 +315,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -489,49 +353,6 @@ Description::
 | name of the Project
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc b/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc
index e3dc6e04d278..6dc526a2b77d 100644
--- a/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc
+++ b/rest_api/project_apis/projectrequest-project-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="projectrequest-project-openshift-io-v1"]
 = ProjectRequest [project.openshift.io/v1]
 :toc: macro
@@ -45,7 +45,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -61,14 +61,6 @@ The following API endpoints are available:
 === /apis/project.openshift.io/v1/projectrequests
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -77,46 +69,6 @@ Description::
   list objects of kind ProjectRequest
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -143,12 +95,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc
index 1cf6e41f194b..87828dc7687a 100644
--- a/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/baremetalhost-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="baremetalhost-metal3-io-v1alpha1"]
 = BareMetalHost [metal3.io/v1alpha1]
 :toc: macro
@@ -65,6 +65,10 @@ Required::
 |===
 | Property | Type | Description
 
+| `architecture`
+| `string`
+| CPU architecture of the host, e.g. "x86_64" or "aarch64". If unset, eventually populated by inspection.
+
 | `automatedCleaningMode`
 | `string`
 | When set to disabled, automated cleaning will be avoided during provisioning and deprovisioning.
@@ -103,7 +107,7 @@ Required::
 
 | `hardwareProfile`
 | `string`
-| What is the name of the hardware profile for this host? It should only be necessary to set this when inspection cannot automatically determine the profile.
+| What is the name of the hardware profile for this host? Hardware profiles are deprecated and should not be used. Use the separate fields Architecture and RootDeviceHints instead. Set to "empty" to prepare for the future version of the API without hardware profiles.
 
 | `image`
 | `object`
@@ -412,7 +416,7 @@ Type::
 
 | `deviceName`
 | `string`
-| A Linux device name like "/dev/vda". The hint must match the actual value exactly.
+| A Linux device name like "/dev/vda", or a by-path link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match the actual value exactly.
 
 | `hctl`
 | `string`
@@ -932,6 +936,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `alternateNames`
+| `array (string)`
+| A list of alternate Linux device names of the disk, e.g. "/dev/sda". Note that this list is not exhaustive, and names may not be stable across reboots.
+
 | `hctl`
 | `string`
 | The SCSI location of the device
@@ -942,7 +950,7 @@ Type::
 
 | `name`
 | `string`
-| The Linux device name of the disk, e.g. "/dev/sda". Note that this may not be stable across reboots.
+| A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name that is stable across reboots if one is available.
 
 | `rotational`
 | `boolean`
@@ -1333,7 +1341,7 @@ Type::
 
 | `deviceName`
 | `string`
-| A Linux device name like "/dev/vda". The hint must match the actual value exactly.
+| A Linux device name like "/dev/vda", or a by-path link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match the actual value exactly.
 
 | `hctl`
 | `string`
@@ -1449,49 +1457,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/baremetalhosts
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1513,23 +1478,7 @@ Description::
 
 === /apis/metal3.io/v1alpha1/namespaces/{namespace}/baremetalhosts
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1538,46 +1487,6 @@ Description::
   delete collection of BareMetalHost
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1597,46 +1506,6 @@ Description::
   list objects of kind BareMetalHost
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1663,12 +1532,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1704,19 +1570,8 @@ Description::
 | `name`
 | `string`
 | name of the BareMetalHost
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1732,25 +1587,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1771,16 +1609,6 @@ Description::
   read the specified BareMetalHost
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1807,22 +1635,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1848,12 +1665,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1887,19 +1701,8 @@ Description::
 | `name`
 | `string`
 | name of the BareMetalHost
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1908,16 +1711,6 @@ Description::
   read status of the specified BareMetalHost
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -1944,22 +1737,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1985,12 +1767,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc
index 20850aea2c4e..354659871dd8 100644
--- a/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/bmceventsubscription-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="bmceventsubscription-metal3-io-v1alpha1"]
 = BMCEventSubscription [metal3.io/v1alpha1]
 :toc: macro
@@ -157,49 +157,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/bmceventsubscriptions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -221,23 +178,7 @@ Description::
 
 === /apis/metal3.io/v1alpha1/namespaces/{namespace}/bmceventsubscriptions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -246,46 +187,6 @@ Description::
   delete collection of BMCEventSubscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -305,46 +206,6 @@ Description::
   list objects of kind BMCEventSubscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -371,12 +232,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -412,19 +270,8 @@ Description::
 | `name`
 | `string`
 | name of the BMCEventSubscription
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -440,25 +287,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -479,16 +309,6 @@ Description::
   read the specified BMCEventSubscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -515,22 +335,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -556,12 +365,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -595,19 +401,8 @@ Description::
 | `name`
 | `string`
 | name of the BMCEventSubscription
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -616,16 +411,6 @@ Description::
   read status of the specified BMCEventSubscription
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -652,22 +437,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -693,12 +467,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc
index 5f3df1e36689..0d92bd6f1557 100644
--- a/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/firmwareschema-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="firmwareschema-metal3-io-v1alpha1"]
 = FirmwareSchema [metal3.io/v1alpha1]
 :toc: macro
@@ -162,49 +162,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/firmwareschemas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -226,23 +183,7 @@ Description::
 
 === /apis/metal3.io/v1alpha1/namespaces/{namespace}/firmwareschemas
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -251,46 +192,6 @@ Description::
   delete collection of FirmwareSchema
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -310,46 +211,6 @@ Description::
   list objects of kind FirmwareSchema
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -376,12 +237,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -417,19 +275,8 @@ Description::
 | `name`
 | `string`
 | name of the FirmwareSchema
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -445,25 +292,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -484,16 +314,6 @@ Description::
   read the specified FirmwareSchema
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -520,22 +340,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -561,12 +370,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc
index 72906a8de4d9..90857e84bb47 100644
--- a/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/hardwaredata-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="hardwaredata-metal3-io-v1alpha1"]
 = HardwareData [metal3.io/v1alpha1]
 :toc: macro
@@ -344,6 +344,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `alternateNames`
+| `array (string)`
+| A list of alternate Linux device names of the disk, e.g. "/dev/sda". Note that this list is not exhaustive, and names may not be stable across reboots.
+
 | `hctl`
 | `string`
 | The SCSI location of the device
@@ -354,7 +358,7 @@ Type::
 
 | `name`
 | `string`
-| The Linux device name of the disk, e.g. "/dev/sda". Note that this may not be stable across reboots.
+| A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name that is stable across reboots if one is available.
 
 | `rotational`
 | `boolean`
@@ -440,49 +444,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/hardwaredata
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -504,23 +465,7 @@ Description::
 
 === /apis/metal3.io/v1alpha1/namespaces/{namespace}/hardwaredata
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -529,46 +474,6 @@ Description::
   delete collection of HardwareData
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -588,46 +493,6 @@ Description::
   list objects of kind HardwareData
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -654,12 +519,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -695,19 +557,8 @@ Description::
 | `name`
 | `string`
 | name of the HardwareData
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -723,25 +574,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -762,16 +596,6 @@ Description::
   read the specified HardwareData
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -798,22 +622,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -839,12 +652,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc
index eaf8cbb7f662..9fa920735c8b 100644
--- a/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/hostfirmwaresettings-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="hostfirmwaresettings-metal3-io-v1alpha1"]
 = HostFirmwareSettings [metal3.io/v1alpha1]
 :toc: macro
@@ -229,49 +229,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/hostfirmwaresettings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -293,23 +250,7 @@ Description::
 
 === /apis/metal3.io/v1alpha1/namespaces/{namespace}/hostfirmwaresettings
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -318,46 +259,6 @@ Description::
   delete collection of HostFirmwareSettings
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -377,46 +278,6 @@ Description::
   list objects of kind HostFirmwareSettings
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -443,12 +304,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -484,19 +342,8 @@ Description::
 | `name`
 | `string`
 | name of the HostFirmwareSettings
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -512,25 +359,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -551,16 +381,6 @@ Description::
   read the specified HostFirmwareSettings
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -587,22 +407,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -628,12 +437,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -667,19 +473,8 @@ Description::
 | `name`
 | `string`
 | name of the HostFirmwareSettings
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -688,16 +483,6 @@ Description::
   read status of the specified HostFirmwareSettings
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -724,22 +509,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -765,12 +539,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc
index e92204de880e..20c1645747fe 100644
--- a/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc
+++ b/rest_api/provisioning_apis/metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metal3remediation-infrastructure-cluster-x-k8s-io-v1beta1"]
 = Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1]
 :toc: macro
@@ -153,49 +153,6 @@ The following API endpoints are available:
 === /apis/infrastructure.cluster.x-k8s.io/v1beta1/metal3remediations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -217,23 +174,7 @@ Description::
 
 === /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediations
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -242,46 +183,6 @@ Description::
   delete collection of Metal3Remediation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -301,46 +202,6 @@ Description::
   list objects of kind Metal3Remediation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -367,12 +228,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -408,19 +266,8 @@ Description::
 | `name`
 | `string`
 | name of the Metal3Remediation
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -436,25 +283,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -475,16 +305,6 @@ Description::
   read the specified Metal3Remediation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -511,22 +331,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -552,12 +361,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -591,19 +397,8 @@ Description::
 | `name`
 | `string`
 | name of the Metal3Remediation
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -612,16 +407,6 @@ Description::
   read status of the specified Metal3Remediation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -648,22 +433,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -689,12 +463,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc b/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc
index a4309793b580..a812f5ebb729 100644
--- a/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc
+++ b/rest_api/provisioning_apis/metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="metal3remediationtemplate-infrastructure-cluster-x-k8s-io-v1beta1"]
 = Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1]
 :toc: macro
@@ -225,49 +225,6 @@ The following API endpoints are available:
 === /apis/infrastructure.cluster.x-k8s.io/v1beta1/metal3remediationtemplates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -289,23 +246,7 @@ Description::
 
 === /apis/infrastructure.cluster.x-k8s.io/v1beta1/namespaces/{namespace}/metal3remediationtemplates
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -314,46 +255,6 @@ Description::
   delete collection of Metal3RemediationTemplate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -373,46 +274,6 @@ Description::
   list objects of kind Metal3RemediationTemplate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -439,12 +300,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -480,19 +338,8 @@ Description::
 | `name`
 | `string`
 | name of the Metal3RemediationTemplate
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -508,25 +355,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -547,16 +377,6 @@ Description::
   read the specified Metal3RemediationTemplate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -583,22 +403,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -624,12 +433,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -663,19 +469,8 @@ Description::
 | `name`
 | `string`
 | name of the Metal3RemediationTemplate
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -684,16 +479,6 @@ Description::
   read status of the specified Metal3RemediationTemplate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -720,22 +505,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -761,12 +535,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc
index 3c40c6d7de4c..70583646db2b 100644
--- a/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/preprovisioningimage-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preprovisioningimage-metal3-io-v1alpha1"]
 = PreprovisioningImage [metal3.io/v1alpha1]
 :toc: macro
@@ -242,49 +242,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/preprovisioningimages
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -306,23 +263,7 @@ Description::
 
 === /apis/metal3.io/v1alpha1/namespaces/{namespace}/preprovisioningimages
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -331,46 +272,6 @@ Description::
   delete collection of PreprovisioningImage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -390,46 +291,6 @@ Description::
   list objects of kind PreprovisioningImage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -456,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -497,19 +355,8 @@ Description::
 | `name`
 | `string`
 | name of the PreprovisioningImage
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -525,25 +372,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -564,16 +394,6 @@ Description::
   read the specified PreprovisioningImage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -600,22 +420,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -641,12 +450,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -680,19 +486,8 @@ Description::
 | `name`
 | `string`
 | name of the PreprovisioningImage
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -701,16 +496,6 @@ Description::
   read status of the specified PreprovisioningImage
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -737,22 +522,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -778,12 +552,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/provisioning_apis/provisioning-apis-index.adoc b/rest_api/provisioning_apis/provisioning-apis-index.adoc
index 3a24aba2e56a..a07e6c7d0d11 100644
--- a/rest_api/provisioning_apis/provisioning-apis-index.adoc
+++ b/rest_api/provisioning_apis/provisioning-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="provisioning-apis"]
 = Provisioning APIs
 :toc: macro
diff --git a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc
index d1155f6daf43..10f0c7e92100 100644
--- a/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc
+++ b/rest_api/provisioning_apis/provisioning-metal3-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="provisioning-metal3-io-v1alpha1"]
 = Provisioning [metal3.io/v1alpha1]
 :toc: macro
@@ -329,14 +329,6 @@ The following API endpoints are available:
 === /apis/metal3.io/v1alpha1/provisionings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -345,46 +337,6 @@ Description::
   delete collection of Provisioning
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -404,46 +356,6 @@ Description::
   list objects of kind Provisioning
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -470,12 +382,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -513,14 +422,6 @@ Description::
 | name of the Provisioning
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -536,25 +437,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -575,16 +459,6 @@ Description::
   read the specified Provisioning
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -611,22 +485,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -652,12 +515,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -693,14 +553,6 @@ Description::
 | name of the Provisioning
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -709,16 +561,6 @@ Description::
   read status of the specified Provisioning
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -745,22 +587,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -786,12 +617,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc b/rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc
index 6c8eb7877c35..a2e88632d0c9 100644
--- a/rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc
+++ b/rest_api/rbac_apis/clusterrole-rbac-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterrole-rbac-authorization-k8s-io-v1"]
 = ClusterRole [rbac.authorization.k8s.io/v1]
 :toc: macro
@@ -148,14 +148,6 @@ The following API endpoints are available:
 === /apis/rbac.authorization.k8s.io/v1/clusterroles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -168,57 +160,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -237,46 +183,6 @@ Description::
   list or watch objects of kind ClusterRole
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -303,12 +209,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -338,49 +241,6 @@ Description::
 === /apis/rbac.authorization.k8s.io/v1/watch/clusterroles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -411,14 +271,6 @@ Description::
 | name of the ClusterRole
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -434,25 +286,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -497,25 +332,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -543,12 +364,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -584,49 +402,6 @@ Description::
 | name of the ClusterRole
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc b/rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc
index b542c26a334a..d61257923d31 100644
--- a/rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc
+++ b/rest_api/rbac_apis/clusterrolebinding-rbac-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterrolebinding-rbac-authorization-k8s-io-v1"]
 = ClusterRoleBinding [rbac.authorization.k8s.io/v1]
 :toc: macro
@@ -159,14 +159,6 @@ The following API endpoints are available:
 === /apis/rbac.authorization.k8s.io/v1/clusterrolebindings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -179,57 +171,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -248,46 +194,6 @@ Description::
   list or watch objects of kind ClusterRoleBinding
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -314,12 +220,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -349,49 +252,6 @@ Description::
 === /apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -422,14 +282,6 @@ Description::
 | name of the ClusterRoleBinding
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -445,25 +297,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -508,25 +343,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -554,12 +375,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -595,49 +413,6 @@ Description::
 | name of the ClusterRoleBinding
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/rbac_apis/rbac-apis-index.adoc b/rest_api/rbac_apis/rbac-apis-index.adoc
index 63a34b5921e1..2bbf5df5e454 100644
--- a/rest_api/rbac_apis/rbac-apis-index.adoc
+++ b/rest_api/rbac_apis/rbac-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rbac-apis"]
 = RBAC APIs
 :toc: macro
diff --git a/rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc b/rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc
index 186a64896981..808f82b40df5 100644
--- a/rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc
+++ b/rest_api/rbac_apis/role-rbac-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="role-rbac-authorization-k8s-io-v1"]
 = Role [rbac.authorization.k8s.io/v1]
 :toc: macro
@@ -126,49 +126,6 @@ The following API endpoints are available:
 === /apis/rbac.authorization.k8s.io/v1/roles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -191,49 +148,6 @@ Description::
 === /apis/rbac.authorization.k8s.io/v1/watch/roles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -255,23 +169,7 @@ Description::
 
 === /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -284,57 +182,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -353,46 +205,6 @@ Description::
   list or watch objects of kind Role
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -419,12 +231,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -453,58 +262,7 @@ Description::
 
 === /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -533,19 +291,8 @@ Description::
 | `name`
 | `string`
 | name of the Role
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -561,25 +308,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -624,25 +354,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -670,12 +386,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -709,54 +422,8 @@ Description::
 | `name`
 | `string`
 | name of the Role
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc b/rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc
index 34c8842fab69..47d21c14520f 100644
--- a/rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc
+++ b/rest_api/rbac_apis/rolebinding-rbac-authorization-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rolebinding-rbac-authorization-k8s-io-v1"]
 = RoleBinding [rbac.authorization.k8s.io/v1]
 :toc: macro
@@ -163,49 +163,6 @@ The following API endpoints are available:
 === /apis/rbac.authorization.k8s.io/v1/rolebindings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -228,49 +185,6 @@ Description::
 === /apis/rbac.authorization.k8s.io/v1/watch/rolebindings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -292,23 +206,7 @@ Description::
 
 === /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -321,57 +219,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -390,46 +242,6 @@ Description::
   list or watch objects of kind RoleBinding
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -456,12 +268,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -490,58 +299,7 @@ Description::
 
 === /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -570,19 +328,8 @@ Description::
 | `name`
 | `string`
 | name of the RoleBinding
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -598,25 +345,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -661,25 +391,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -707,12 +423,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -746,54 +459,8 @@ Description::
 | `name`
 | `string`
 | name of the RoleBinding
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc b/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc
index 9b4df8bdd631..2828165c29ca 100644
--- a/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc
+++ b/rest_api/role_apis/clusterrole-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterrole-authorization-openshift-io-v1"]
 = ClusterRole [authorization.openshift.io/v1]
 :toc: macro
@@ -43,7 +43,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `rules`
 | `array`
@@ -130,14 +130,6 @@ The following API endpoints are available:
 === /apis/authorization.openshift.io/v1/clusterroles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -146,46 +138,6 @@ Description::
   list objects of kind ClusterRole
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -212,12 +164,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -255,14 +204,6 @@ Description::
 | name of the ClusterRole
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -278,25 +219,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -341,25 +265,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -387,12 +297,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc b/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc
index bad8f22d7823..22b12f11881f 100644
--- a/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc
+++ b/rest_api/role_apis/clusterrolebinding-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterrolebinding-authorization-openshift-io-v1"]
 = ClusterRoleBinding [authorization.openshift.io/v1]
 :toc: macro
@@ -44,7 +44,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `roleRef`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
@@ -77,14 +77,6 @@ The following API endpoints are available:
 === /apis/authorization.openshift.io/v1/clusterrolebindings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -93,46 +85,6 @@ Description::
   list objects of kind ClusterRoleBinding
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -159,12 +111,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -202,14 +151,6 @@ Description::
 | name of the ClusterRoleBinding
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -225,25 +166,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -288,25 +212,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -334,12 +244,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/role_apis/role-apis-index.adoc b/rest_api/role_apis/role-apis-index.adoc
index c3fafcf46572..0368c28d8768 100644
--- a/rest_api/role_apis/role-apis-index.adoc
+++ b/rest_api/role_apis/role-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="role-apis"]
 = Role APIs
 :toc: macro
diff --git a/rest_api/role_apis/role-authorization-openshift-io-v1.adoc b/rest_api/role_apis/role-authorization-openshift-io-v1.adoc
index f3ad87809223..dff5d4dd24ac 100644
--- a/rest_api/role_apis/role-authorization-openshift-io-v1.adoc
+++ b/rest_api/role_apis/role-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="role-authorization-openshift-io-v1"]
 = Role [authorization.openshift.io/v1]
 :toc: macro
@@ -39,7 +39,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `rules`
 | `array`
@@ -128,49 +128,6 @@ The following API endpoints are available:
 === /apis/authorization.openshift.io/v1/roles
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -192,23 +149,7 @@ Description::
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/roles
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -217,46 +158,6 @@ Description::
   list objects of kind Role
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -283,12 +184,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -324,19 +222,8 @@ Description::
 | `name`
 | `string`
 | name of the Role
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -352,25 +239,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -415,25 +285,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -461,12 +317,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc b/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc
index 1046c47bf70d..06e94ab6d024 100644
--- a/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc
+++ b/rest_api/role_apis/rolebinding-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rolebinding-authorization-openshift-io-v1"]
 = RoleBinding [authorization.openshift.io/v1]
 :toc: macro
@@ -44,7 +44,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `roleRef`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
@@ -79,49 +79,6 @@ The following API endpoints are available:
 === /apis/authorization.openshift.io/v1/rolebindings
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -143,23 +100,7 @@ Description::
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/rolebindings
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -168,46 +109,6 @@ Description::
   list objects of kind RoleBinding
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -234,12 +135,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -275,19 +173,8 @@ Description::
 | `name`
 | `string`
 | name of the RoleBinding
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -303,25 +190,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -366,25 +236,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -412,12 +268,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc b/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc
index e92a3ea16462..a7faaa992559 100644
--- a/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc
+++ b/rest_api/role_apis/rolebindingrestriction-authorization-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rolebindingrestriction-authorization-openshift-io-v1"]
 = RoleBindingRestriction [authorization.openshift.io/v1]
 :toc: macro
@@ -94,49 +94,6 @@ The following API endpoints are available:
 === /apis/authorization.openshift.io/v1/rolebindingrestrictions
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -158,23 +115,7 @@ Description::
 
 === /apis/authorization.openshift.io/v1/namespaces/{namespace}/rolebindingrestrictions
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -183,46 +124,6 @@ Description::
   delete collection of RoleBindingRestriction
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -242,46 +143,6 @@ Description::
   list objects of kind RoleBindingRestriction
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -308,12 +169,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -349,19 +207,8 @@ Description::
 | `name`
 | `string`
 | name of the RoleBindingRestriction
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -377,25 +224,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -416,16 +246,6 @@ Description::
   read the specified RoleBindingRestriction
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -452,22 +272,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -493,12 +302,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc b/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc
index 0f20e3045bd6..ba0a36c67e30 100644
--- a/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc
+++ b/rest_api/schedule_and_quota_apis/appliedclusterresourcequota-quota-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="appliedclusterresourcequota-quota-openshift-io-v1"]
 = AppliedClusterResourceQuota [quota.openshift.io/v1]
 :toc: macro
@@ -40,7 +40,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -196,49 +196,6 @@ The following API endpoints are available:
 === /apis/quota.openshift.io/v1/appliedclusterresourcequotas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -260,58 +217,7 @@ Description::
 
 === /apis/quota.openshift.io/v1/namespaces/{namespace}/appliedclusterresourcequotas
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -340,19 +246,8 @@ Description::
 | `name`
 | `string`
 | name of the AppliedClusterResourceQuota
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc b/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc
index 1ca98691398e..9529bd0f2eb9 100644
--- a/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc
+++ b/rest_api/schedule_and_quota_apis/clusterresourcequota-quota-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="clusterresourcequota-quota-openshift-io-v1"]
 = ClusterResourceQuota [quota.openshift.io/v1]
 :toc: macro
@@ -288,14 +288,6 @@ The following API endpoints are available:
 === /apis/quota.openshift.io/v1/clusterresourcequotas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -304,46 +296,6 @@ Description::
   delete collection of ClusterResourceQuota
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -363,46 +315,6 @@ Description::
   list objects of kind ClusterResourceQuota
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -429,12 +341,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -464,49 +373,6 @@ Description::
 === /apis/quota.openshift.io/v1/watch/clusterresourcequotas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -537,14 +403,6 @@ Description::
 | name of the ClusterResourceQuota
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -560,25 +418,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -599,16 +440,6 @@ Description::
   read the specified ClusterResourceQuota
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -635,22 +466,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -676,12 +496,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -717,49 +534,6 @@ Description::
 | name of the ClusterResourceQuota
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -790,14 +564,6 @@ Description::
 | name of the ClusterResourceQuota
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -806,16 +572,6 @@ Description::
   read status of the specified ClusterResourceQuota
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -842,22 +598,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -883,12 +628,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc b/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc
deleted file mode 100644
index 5208be38ce24..000000000000
--- a/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta1.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
-[id="flowschema-flowcontrol-apiserver-k8s-io-v1beta1"]
-= FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]
-:toc: macro
-:toc-title:
-
-toc::[]
-
-
-== API endpoints
-
-The following API endpoints are available:
-
-
-
diff --git a/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc b/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc
new file mode 100644
index 000000000000..bdb2847453b0
--- /dev/null
+++ b/rest_api/schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc
@@ -0,0 +1,901 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="flowschema-flowcontrol-apiserver-k8s-io-v1beta3"]
+= FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| FlowSchemaSpec describes how the FlowSchema's specification looks like.
+
+| `status`
+| `object`
+| FlowSchemaStatus represents the current state of a FlowSchema.
+
+|===
+=== .spec
+Description::
++
+--
+FlowSchemaSpec describes how the FlowSchema's specification looks like.
+--
+
+Type::
+  `object`
+
+Required::
+  - `priorityLevelConfiguration`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `distinguisherMethod`
+| `object`
+| FlowDistinguisherMethod specifies the method of a flow distinguisher.
+
+| `matchingPrecedence`
+| `integer`
+| `matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence.  Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default.
+
+| `priorityLevelConfiguration`
+| `object`
+| PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
+
+| `rules`
+| `array`
+| `rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
+
+| `rules[]`
+| `object`
+| PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
+
+|===
+=== .spec.distinguisherMethod
+Description::
++
+--
+FlowDistinguisherMethod specifies the method of a flow distinguisher.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `type`
+| `string`
+| `type` is the type of flow distinguisher method The supported types are "ByUser" and "ByNamespace". Required.
+
+|===
+=== .spec.priorityLevelConfiguration
+Description::
++
+--
+PriorityLevelConfigurationReference contains information that points to the "request-priority" being used.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the name of the priority level configuration being referenced Required.
+
+|===
+=== .spec.rules
+Description::
++
+--
+`rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[]
+Description::
++
+--
+PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `subjects`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nonResourceRules`
+| `array`
+| `nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
+
+| `nonResourceRules[]`
+| `object`
+| NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
+
+| `resourceRules`
+| `array`
+| `resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty.
+
+| `resourceRules[]`
+| `object`
+| ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace.
+
+| `subjects`
+| `array`
+| subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
+
+| `subjects[]`
+| `object`
+| Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
+
+|===
+=== .spec.rules[].nonResourceRules
+Description::
++
+--
+`nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].nonResourceRules[]
+Description::
++
+--
+NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+  - `nonResourceURLs`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `nonResourceURLs`
+| `array (string)`
+| `nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. For example:
+  - "/healthz" is legal
+  - "/hea*" is illegal
+  - "/hea" is legal but matches nothing
+  - "/hea/*" also matches nothing
+  - "/healthz/*" matches all per-component health checks.
+"*" matches all non-resource urls. if it is present, it must be the only entry. Required.
+
+| `verbs`
+| `array (string)`
+| `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required.
+
+|===
+=== .spec.rules[].resourceRules
+Description::
++
+--
+`resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].resourceRules[]
+Description::
++
+--
+ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) either (d1) the request does not specify a namespace (i.e., `Namespace==""`) and clusterScope is true or (d2) the request specifies a namespace and least one member of namespaces matches the request's namespace.
+--
+
+Type::
+  `object`
+
+Required::
+  - `verbs`
+  - `apiGroups`
+  - `resources`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiGroups`
+| `array (string)`
+| `apiGroups` is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. Required.
+
+| `clusterScope`
+| `boolean`
+| `clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list.
+
+| `namespaces`
+| `array (string)`
+| `namespaces` is a list of target namespaces that restricts matches.  A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*".  Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true.
+
+| `resources`
+| `array (string)`
+| `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource.  For example, [ "services", "nodes/status" ].  This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required.
+
+| `verbs`
+| `array (string)`
+| `verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required.
+
+|===
+=== .spec.rules[].subjects
+Description::
++
+--
+subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.rules[].subjects[]
+Description::
++
+--
+Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
+--
+
+Type::
+  `object`
+
+Required::
+  - `kind`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `group`
+| `object`
+| GroupSubject holds detailed information for group-kind subject.
+
+| `kind`
+| `string`
+| `kind` indicates which one of the other fields is non-empty. Required
+
+| `serviceAccount`
+| `object`
+| ServiceAccountSubject holds detailed information for service-account-kind subject.
+
+| `user`
+| `object`
+| UserSubject holds detailed information for user-kind subject.
+
+|===
+=== .spec.rules[].subjects[].group
+Description::
++
+--
+GroupSubject holds detailed information for group-kind subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.
+
+|===
+=== .spec.rules[].subjects[].serviceAccount
+Description::
++
+--
+ServiceAccountSubject holds detailed information for service-account-kind subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `namespace`
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.
+
+| `namespace`
+| `string`
+| `namespace` is the namespace of matching ServiceAccount objects. Required.
+
+|===
+=== .spec.rules[].subjects[].user
+Description::
++
+--
+UserSubject holds detailed information for user-kind subject.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| `name` is the username that matches, or "*" to match all usernames. Required.
+
+|===
+=== .status
+Description::
++
+--
+FlowSchemaStatus represents the current state of a FlowSchema.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| `conditions` is a list of the current states of FlowSchema.
+
+| `conditions[]`
+| `object`
+| FlowSchemaCondition describes conditions for a FlowSchema.
+
+|===
+=== .status.conditions
+Description::
++
+--
+`conditions` is a list of the current states of FlowSchema.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+FlowSchemaCondition describes conditions for a FlowSchema.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| `lastTransitionTime` is the last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| `message` is a human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| `reason` is a unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| `status` is the status of the condition. Can be True, False, Unknown. Required.
+
+| `type`
+| `string`
+| `type` is the type of the condition. Required.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas`
+- `DELETE`: delete collection of FlowSchema
+- `GET`: list or watch objects of kind FlowSchema
+- `POST`: create a FlowSchema
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas`
+- `GET`: watch individual changes to a list of FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}`
+- `DELETE`: delete a FlowSchema
+- `GET`: read the specified FlowSchema
+- `PATCH`: partially update the specified FlowSchema
+- `PUT`: replace the specified FlowSchema
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}`
+- `GET`: watch changes to an object of kind FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status`
+- `GET`: read status of the specified FlowSchema
+- `PATCH`: partially update status of the specified FlowSchema
+- `PUT`: replace status of the specified FlowSchema
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind FlowSchema
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.flowcontrol.v1beta3.FlowSchemaList[`FlowSchemaList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 202 - Accepted
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas
+
+
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the FlowSchema
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified FlowSchema
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/flowschemas/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the FlowSchema
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind FlowSchema. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the FlowSchema
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified FlowSchema
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified FlowSchema
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/flowschema-flowcontrol-apiserver-k8s-io-v1beta3.adoc#flowschema-flowcontrol-apiserver-k8s-io-v1beta3[`FlowSchema`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/schedule_and_quota_apis/limitrange-v1.adoc b/rest_api/schedule_and_quota_apis/limitrange-v1.adoc
index 48e9fd752499..3411cd1dd406 100644
--- a/rest_api/schedule_and_quota_apis/limitrange-v1.adoc
+++ b/rest_api/schedule_and_quota_apis/limitrange-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="limitrange-v1"]
 = LimitRange [v1]
 :toc: macro
@@ -154,49 +154,6 @@ The following API endpoints are available:
 === /api/v1/limitranges
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -219,49 +176,6 @@ Description::
 === /api/v1/watch/limitranges
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -283,23 +197,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/limitranges
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -312,57 +210,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -381,46 +233,6 @@ Description::
   list or watch objects of kind LimitRange
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -447,12 +259,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -481,58 +290,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/limitranges
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -561,19 +319,8 @@ Description::
 | `name`
 | `string`
 | name of the LimitRange
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -589,25 +336,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -652,25 +382,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -698,12 +414,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -737,54 +450,8 @@ Description::
 | `name`
 | `string`
 | name of the LimitRange
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/schedule_and_quota_apis/priorityclass-scheduling-k8s-io-v1.adoc b/rest_api/schedule_and_quota_apis/priorityclass-scheduling-k8s-io-v1.adoc
index 196d0063a65b..f65cca8571a2 100644
--- a/rest_api/schedule_and_quota_apis/priorityclass-scheduling-k8s-io-v1.adoc
+++ b/rest_api/schedule_and_quota_apis/priorityclass-scheduling-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="priorityclass-scheduling-k8s-io-v1"]
 = PriorityClass [scheduling.k8s.io/v1]
 :toc: macro
@@ -49,11 +49,15 @@ Required::
 
 | `preemptionPolicy`
 | `string`
-| PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+| preemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
+
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
 
 | `value`
 | `integer`
-| The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
+| value represents the integer value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
 
 |===
 
@@ -79,14 +83,6 @@ The following API endpoints are available:
 === /apis/scheduling.k8s.io/v1/priorityclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -99,57 +95,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -168,46 +118,6 @@ Description::
   list or watch objects of kind PriorityClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -234,12 +144,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -269,49 +176,6 @@ Description::
 === /apis/scheduling.k8s.io/v1/watch/priorityclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -342,14 +206,6 @@ Description::
 | name of the PriorityClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -365,25 +221,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -428,25 +267,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -474,12 +299,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -515,49 +337,6 @@ Description::
 | name of the PriorityClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc b/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc
deleted file mode 100644
index c64ab782bc2c..000000000000
--- a/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
-[id="prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta1"]
-= PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]
-:toc: macro
-:toc-title:
-
-toc::[]
-
-
-== API endpoints
-
-The following API endpoints are available:
-
-
-
diff --git a/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc b/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc
new file mode 100644
index 000000000000..d138f0915d55
--- /dev/null
+++ b/rest_api/schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc
@@ -0,0 +1,697 @@
+// Automatically generated by 'openshift-apidocs-gen'. Do not edit.
+:_mod-docs-content-type: ASSEMBLY
+[id="prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3"]
+= PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta3]
+:toc: macro
+:toc-title:
+
+toc::[]
+
+
+Description::
++
+--
+PriorityLevelConfiguration represents the configuration of a priority level.
+--
+
+Type::
+  `object`
+
+
+
+== Specification
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `apiVersion`
+| `string`
+| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
+| `kind`
+| `string`
+| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+| `metadata`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| `metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+| `spec`
+| `object`
+| PriorityLevelConfigurationSpec specifies the configuration of a priority level.
+
+| `status`
+| `object`
+| PriorityLevelConfigurationStatus represents the current state of a "request-priority".
+
+|===
+=== .spec
+Description::
++
+--
+PriorityLevelConfigurationSpec specifies the configuration of a priority level.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `exempt`
+| `object`
+| ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.
+
+| `limited`
+| `object`
+| LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:
+  - How are requests for this priority level limited?
+  - What should be done with requests that exceed the limit?
+
+| `type`
+| `string`
+| `type` indicates whether this priority level is subject to limitation on request execution.  A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.
+
+|===
+=== .spec.exempt
+Description::
++
+--
+ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lendablePercent`
+| `integer`
+| `lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+
+LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+
+| `nominalConcurrencyShares`
+| `integer`
+| `nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:
+
+NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)
+
+Bigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.
+
+|===
+=== .spec.limited
+Description::
++
+--
+LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:
+  - How are requests for this priority level limited?
+  - What should be done with requests that exceed the limit?
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `borrowingLimitPercent`
+| `integer`
+| `borrowingLimitPercent`, if present, configures a limit on how many seats this priority level can borrow from other priority levels. The limit is known as this level's BorrowingConcurrencyLimit (BorrowingCL) and is a limit on the total number of seats that this level may borrow at any one time. This field holds the ratio of that limit to the level's nominal concurrency limit. When this field is non-nil, it must hold a non-negative integer and the limit is calculated as follows.
+
+BorrowingCL(i) = round( NominalCL(i) * borrowingLimitPercent(i)/100.0 )
+
+The value of this field can be more than 100, implying that this priority level can borrow a number of seats that is greater than its own nominal concurrency limit (NominalCL). When this field is left `nil`, the limit is effectively infinite.
+
+| `lendablePercent`
+| `integer`
+| `lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels. The value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+
+LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+
+| `limitResponse`
+| `object`
+| LimitResponse defines how to handle requests that can not be executed right now.
+
+| `nominalConcurrencyShares`
+| `integer`
+| `nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:
+
+NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)
+
+Bigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of 30.
+
+|===
+=== .spec.limited.limitResponse
+Description::
++
+--
+LimitResponse defines how to handle requests that can not be executed right now.
+--
+
+Type::
+  `object`
+
+Required::
+  - `type`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `queuing`
+| `object`
+| QueuingConfiguration holds the configuration parameters for queuing
+
+| `type`
+| `string`
+| `type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required.
+
+|===
+=== .spec.limited.limitResponse.queuing
+Description::
++
+--
+QueuingConfiguration holds the configuration parameters for queuing
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `handSize`
+| `integer`
+| `handSize` is a small positive number that configures the shuffle sharding of requests into queues.  When enqueuing a request at this priority level the request's flow identifier (a string pair) is hashed and the hash value is used to shuffle the list of queues and deal a hand of the size specified here.  The request is put into one of the shortest queues in that hand. `handSize` must be no larger than `queues`, and should be significantly smaller (so that a few heavy flows do not saturate most of the queues).  See the user-facing documentation for more extensive guidance on setting this field.  This field has a default value of 8.
+
+| `queueLengthLimit`
+| `integer`
+| `queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected.  This value must be positive.  If not specified, it will be defaulted to 50.
+
+| `queues`
+| `integer`
+| `queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive.  Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant.  This field has a default value of 64.
+
+|===
+=== .status
+Description::
++
+--
+PriorityLevelConfigurationStatus represents the current state of a "request-priority".
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `conditions`
+| `array`
+| `conditions` is the current state of "request-priority".
+
+| `conditions[]`
+| `object`
+| PriorityLevelConfigurationCondition defines the condition of priority level.
+
+|===
+=== .status.conditions
+Description::
++
+--
+`conditions` is the current state of "request-priority".
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.conditions[]
+Description::
++
+--
+PriorityLevelConfigurationCondition defines the condition of priority level.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `lastTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| `lastTransitionTime` is the last time the condition transitioned from one status to another.
+
+| `message`
+| `string`
+| `message` is a human-readable message indicating details about last transition.
+
+| `reason`
+| `string`
+| `reason` is a unique, one-word, CamelCase reason for the condition's last transition.
+
+| `status`
+| `string`
+| `status` is the status of the condition. Can be True, False, Unknown. Required.
+
+| `type`
+| `string`
+| `type` is the type of the condition. Required.
+
+|===
+
+== API endpoints
+
+The following API endpoints are available:
+
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations`
+- `DELETE`: delete collection of PriorityLevelConfiguration
+- `GET`: list or watch objects of kind PriorityLevelConfiguration
+- `POST`: create a PriorityLevelConfiguration
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations`
+- `GET`: watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}`
+- `DELETE`: delete a PriorityLevelConfiguration
+- `GET`: read the specified PriorityLevelConfiguration
+- `PATCH`: partially update the specified PriorityLevelConfiguration
+- `PUT`: replace the specified PriorityLevelConfiguration
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations/{name}`
+- `GET`: watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+* `/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}/status`
+- `GET`: read status of the specified PriorityLevelConfiguration
+- `PATCH`: partially update status of the specified PriorityLevelConfiguration
+- `PUT`: replace status of the specified PriorityLevelConfiguration
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations
+
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete collection of PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  list or watch objects of kind PriorityLevelConfiguration
+
+
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationList[`PriorityLevelConfigurationList`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `POST`
+
+Description::
+  create a PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 202 - Accepted
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations
+
+
+
+HTTP method::
+  `GET`
+
+Description::
+  watch individual changes to a list of PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityLevelConfiguration
+|===
+
+
+HTTP method::
+  `DELETE`
+
+Description::
+  delete a PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 202 - Accepted
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Status[`Status`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `GET`
+
+Description::
+  read the specified PriorityLevelConfiguration
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/watch/prioritylevelconfigurations/{name}
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityLevelConfiguration
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the &#x27;watch&#x27; parameter with a list operation instead, filtered to a single item with the &#x27;fieldSelector&#x27; parameter.
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent[`WatchEvent`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
+=== /apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations/{name}/status
+
+.Global path parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `name`
+| `string`
+| name of the PriorityLevelConfiguration
+|===
+
+
+HTTP method::
+  `GET`
+
+Description::
+  read status of the specified PriorityLevelConfiguration
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PATCH`
+
+Description::
+  partially update status of the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+HTTP method::
+  `PUT`
+
+Description::
+  replace status of the specified PriorityLevelConfiguration
+
+
+.Query parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `dryRun`
+| `string`
+| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+|===
+
+.Body parameters
+[cols="1,1,2",options="header"]
+|===
+| Parameter | Type | Description
+| `body`
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 
+|===
+
+.HTTP responses
+[cols="1,1",options="header"]
+|===
+| HTTP code | Reponse body
+| 200 - OK
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 201 - Created
+| xref:../schedule_and_quota_apis/prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3.adoc#prioritylevelconfiguration-flowcontrol-apiserver-k8s-io-v1beta3[`PriorityLevelConfiguration`] schema
+| 401 - Unauthorized
+| Empty
+|===
+
+
diff --git a/rest_api/schedule_and_quota_apis/resourcequota-v1.adoc b/rest_api/schedule_and_quota_apis/resourcequota-v1.adoc
index 4b45313054cc..5f536ffeb482 100644
--- a/rest_api/schedule_and_quota_apis/resourcequota-v1.adoc
+++ b/rest_api/schedule_and_quota_apis/resourcequota-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="resourcequota-v1"]
 = ResourceQuota [v1]
 :toc: macro
@@ -219,49 +219,6 @@ The following API endpoints are available:
 === /api/v1/resourcequotas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -284,49 +241,6 @@ Description::
 === /api/v1/watch/resourcequotas
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -348,23 +262,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/resourcequotas
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -377,57 +275,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -446,46 +298,6 @@ Description::
   list or watch objects of kind ResourceQuota
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -512,12 +324,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -546,58 +355,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/resourcequotas
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -626,19 +384,8 @@ Description::
 | `name`
 | `string`
 | name of the ResourceQuota
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -654,25 +401,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -717,25 +447,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -763,12 +479,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -802,54 +515,8 @@ Description::
 | `name`
 | `string`
 | name of the ResourceQuota
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -878,19 +545,8 @@ Description::
 | `name`
 | `string`
 | name of the ResourceQuota
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -923,25 +579,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -969,12 +611,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc b/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc
index 7533c8ee9d79..24d5c8f9cec8 100644
--- a/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc
+++ b/rest_api/schedule_and_quota_apis/schedule-and-quota-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="schedule-and-quota-apis"]
 = Schedule and quota APIs
 :toc: macro
@@ -32,16 +32,16 @@ ClusterResourceQuota mirrors ResourceQuota at a cluster scope.  This object is e
 Type::
   `object`
 
-== FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]
+== FlowSchema [flowcontrol.apiserver.k8s.io/v1beta3]
 
 Description::
 +
 --
-
+FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher".
 --
 
 Type::
-  ``
+  `object`
 
 == LimitRange [v1]
 
@@ -65,16 +65,16 @@ PriorityClass defines mapping from a priority class name to the priority integer
 Type::
   `object`
 
-== PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]
+== PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta3]
 
 Description::
 +
 --
-
+PriorityLevelConfiguration represents the configuration of a priority level.
 --
 
 Type::
-  ``
+  `object`
 
 == ResourceQuota [v1]
 
diff --git a/rest_api/security_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc b/rest_api/security_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc
index 0999958b063d..987cfb18554e 100644
--- a/rest_api/security_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc
+++ b/rest_api/security_apis/certificatesigningrequest-certificates-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="certificatesigningrequest-certificates-k8s-io-v1"]
 = CertificateSigningRequest [certificates.k8s.io/v1]
 :toc: macro
@@ -318,14 +318,6 @@ The following API endpoints are available:
 === /apis/certificates.k8s.io/v1/certificatesigningrequests
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -338,57 +330,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -407,46 +353,6 @@ Description::
   list or watch objects of kind CertificateSigningRequest
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -473,12 +379,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -508,49 +411,6 @@ Description::
 === /apis/certificates.k8s.io/v1/watch/certificatesigningrequests
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -581,14 +441,6 @@ Description::
 | name of the CertificateSigningRequest
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -604,25 +456,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -667,25 +502,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -713,12 +534,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -754,49 +572,6 @@ Description::
 | name of the CertificateSigningRequest
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -827,14 +602,6 @@ Description::
 | name of the CertificateSigningRequest
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -867,25 +634,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -913,12 +666,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -954,14 +704,6 @@ Description::
 | name of the CertificateSigningRequest
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -994,25 +736,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1040,12 +768,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc b/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc
index a186d1c6355d..808339f277f4 100644
--- a/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc
+++ b/rest_api/security_apis/credentialsrequest-cloudcredential-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="credentialsrequest-cloudcredential-openshift-io-v1"]
 = CredentialsRequest [cloudcredential.openshift.io/v1]
 :toc: macro
@@ -67,6 +67,11 @@ Required::
 |===
 | Property | Type | Description
 
+| `cloudTokenPath`
+| `string`
+| cloudTokenPath is the path where the Kubernetes ServiceAccount token (JSON Web Token) is mounted on the deployment for the workload requesting a credentials secret. The presence of this field in combination with fields such as spec.providerSpec.stsIAMRoleARN indicate that CCO should broker creation of a credentials secret containing fields necessary for token based authentication methods such as with the AWS Secure Token Service (STS). 
+ cloudTokenPath may also be used to specify the azure_federated_token_file path used in Azure configuration secrets generated by ccoctl. Defaults to "/var/run/secrets/openshift/serviceaccount/token".
+
 | `providerSpec`
 | ``
 | ProviderSpec contains the cloud provider specific credentials specification.
@@ -258,49 +263,6 @@ The following API endpoints are available:
 === /apis/cloudcredential.openshift.io/v1/credentialsrequests
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -322,23 +284,7 @@ Description::
 
 === /apis/cloudcredential.openshift.io/v1/namespaces/{namespace}/credentialsrequests
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -347,46 +293,6 @@ Description::
   delete collection of CredentialsRequest
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -406,46 +312,6 @@ Description::
   list objects of kind CredentialsRequest
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -472,12 +338,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -513,19 +376,8 @@ Description::
 | `name`
 | `string`
 | name of the CredentialsRequest
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -541,25 +393,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -580,16 +415,6 @@ Description::
   read the specified CredentialsRequest
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -616,22 +441,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -657,12 +471,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -696,19 +507,8 @@ Description::
 | `name`
 | `string`
 | name of the CredentialsRequest
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -717,16 +517,6 @@ Description::
   read status of the specified CredentialsRequest
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -753,22 +543,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -794,12 +573,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc b/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc
index e23a462e4fe4..4bba4bdeb796 100644
--- a/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/podsecuritypolicyreview-security-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="podsecuritypolicyreview-security-openshift-io-v1"]
 = PodSecurityPolicyReview [security.openshift.io/v1]
 :toc: macro
@@ -162,14 +162,6 @@ The following API endpoints are available:
 
 === /apis/security.openshift.io/v1/namespaces/{namespace}/podsecuritypolicyreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -178,15 +170,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc b/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc
index 8917ae0cf556..2dfad4ddb597 100644
--- a/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/podsecuritypolicyselfsubjectreview-security-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="podsecuritypolicyselfsubjectreview-security-openshift-io-v1"]
 = PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
 :toc: macro
@@ -111,14 +111,6 @@ The following API endpoints are available:
 
 === /apis/security.openshift.io/v1/namespaces/{namespace}/podsecuritypolicyselfsubjectreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -127,15 +119,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc b/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc
index 83ccc163301e..803cba969c2c 100644
--- a/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/podsecuritypolicysubjectreview-security-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="podsecuritypolicysubjectreview-security-openshift-io-v1"]
 = PodSecurityPolicySubjectReview [security.openshift.io/v1]
 :toc: macro
@@ -119,14 +119,6 @@ The following API endpoints are available:
 
 === /apis/security.openshift.io/v1/namespaces/{namespace}/podsecuritypolicysubjectreviews
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -135,15 +127,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc b/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc
index 10ce421a3519..22a0c256ea0f 100644
--- a/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/rangeallocation-security-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rangeallocation-security-openshift-io-v1"]
 = RangeAllocation [security.openshift.io/v1]
 :toc: macro
@@ -44,7 +44,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `range`
 | `string`
@@ -74,14 +74,6 @@ The following API endpoints are available:
 === /apis/security.openshift.io/v1/rangeallocations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -94,57 +86,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -163,46 +109,6 @@ Description::
   list or watch objects of kind RangeAllocation
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -229,12 +135,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -264,49 +167,6 @@ Description::
 === /apis/security.openshift.io/v1/watch/rangeallocations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -337,14 +197,6 @@ Description::
 | name of the RangeAllocation
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -360,25 +212,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -423,25 +258,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -469,12 +290,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -510,49 +328,6 @@ Description::
 | name of the RangeAllocation
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/security_apis/secret-v1.adoc b/rest_api/security_apis/secret-v1.adoc
index c01134894a5d..5485aff3fae1 100644
--- a/rest_api/security_apis/secret-v1.adoc
+++ b/rest_api/security_apis/secret-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="secret-v1"]
 = Secret [v1]
 :toc: macro
@@ -81,49 +81,6 @@ The following API endpoints are available:
 === /api/v1/secrets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -146,49 +103,6 @@ Description::
 === /api/v1/watch/secrets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -210,23 +124,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/secrets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -239,57 +137,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -308,46 +160,6 @@ Description::
   list or watch objects of kind Secret
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -374,12 +186,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -408,58 +217,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/secrets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -488,19 +246,8 @@ Description::
 | `name`
 | `string`
 | name of the Secret
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -516,25 +263,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -579,25 +309,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -625,12 +341,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -664,54 +377,8 @@ Description::
 | `name`
 | `string`
 | name of the Secret
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/security_apis/security-apis-index.adoc b/rest_api/security_apis/security-apis-index.adoc
index cc84e241219a..33137456f741 100644
--- a/rest_api/security_apis/security-apis-index.adoc
+++ b/rest_api/security_apis/security-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-apis"]
 = Security APIs
 :toc: macro
diff --git a/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc b/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
index 4197e1d6e7b3..ad56275b6b5e 100644
--- a/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
+++ b/rest_api/security_apis/securitycontextconstraints-security-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="securitycontextconstraints-security-openshift-io-v1"]
 = SecurityContextConstraints [security.openshift.io/v1]
 :toc: macro
@@ -168,14 +168,6 @@ The following API endpoints are available:
 === /apis/security.openshift.io/v1/securitycontextconstraints
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -184,46 +176,6 @@ Description::
   delete collection of SecurityContextConstraints
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -243,46 +195,6 @@ Description::
   list objects of kind SecurityContextConstraints
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -309,12 +221,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -344,49 +253,6 @@ Description::
 === /apis/security.openshift.io/v1/watch/securitycontextconstraints
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -417,14 +283,6 @@ Description::
 | name of the SecurityContextConstraints
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -440,25 +298,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -479,16 +320,6 @@ Description::
   read the specified SecurityContextConstraints
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -515,22 +346,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -556,12 +376,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -597,49 +414,6 @@ Description::
 | name of the SecurityContextConstraints
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/security_apis/serviceaccount-v1.adoc b/rest_api/security_apis/serviceaccount-v1.adoc
index 1d58ae1cacc7..e95fe34b9d98 100644
--- a/rest_api/security_apis/serviceaccount-v1.adoc
+++ b/rest_api/security_apis/serviceaccount-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serviceaccount-v1"]
 = ServiceAccount [v1]
 :toc: macro
@@ -179,49 +179,6 @@ The following API endpoints are available:
 === /api/v1/serviceaccounts
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -244,49 +201,6 @@ Description::
 === /api/v1/watch/serviceaccounts
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -308,23 +222,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/serviceaccounts
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -337,57 +235,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -406,46 +258,6 @@ Description::
   list or watch objects of kind ServiceAccount
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -472,12 +284,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -506,58 +315,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/serviceaccounts
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -586,19 +344,8 @@ Description::
 | `name`
 | `string`
 | name of the ServiceAccount
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -614,25 +361,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -677,25 +407,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -723,12 +439,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -762,54 +475,8 @@ Description::
 | `name`
 | `string`
 | name of the ServiceAccount
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc b/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc
index 4799e6fe1af6..141f0c149fcb 100644
--- a/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/csidriver-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="csidriver-storage-k8s-io-v1"]
 = CSIDriver [storage.k8s.io/v1]
 :toc: macro
@@ -69,7 +69,7 @@ This field is immutable.
 
 | `fsGroupPolicy`
 | `string`
-| Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details.
+| fsGroupPolicy defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details.
 
 This field is immutable.
 
@@ -77,7 +77,11 @@ Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine
 
 | `podInfoOnMount`
 | `boolean`
-| If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume
+| podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations, if set to true. If set to false, pod information will not be passed on mount. Default is false.
+
+The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext.
+
+The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume
                                 defined by a CSIVolumeSource, otherwise "false"
 
 "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.
@@ -86,13 +90,13 @@ This field is immutable.
 
 | `requiresRepublish`
 | `boolean`
-| RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
+| requiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
 
 Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
 
 | `seLinuxMount`
 | `boolean`
-| SELinuxMount specifies if the CSI driver supports "-o context" mount option.
+| seLinuxMount specifies if the CSI driver supports "-o context" mount option.
 
 When "true", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context.
 
@@ -102,7 +106,7 @@ Default is "false".
 
 | `storageCapacity`
 | `boolean`
-| If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.
+| storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information, if set to true.
 
 The check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.
 
@@ -112,7 +116,7 @@ This field was immutable in Kubernetes <= 1.22 and now is mutable.
 
 | `tokenRequests`
 | `array`
-| TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": {
+| tokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": {
   "<audience>": {
     "token": <token>,
     "expirationTimestamp": <expiration timestamp in RFC3339>,
@@ -128,16 +132,20 @@ Note: Audience in each TokenRequest should be different and at most one token is
 
 | `volumeLifecycleModes`
 | `array (string)`
-| volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. This field is beta.
+| volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism.
 
-This field is immutable.
+The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume.
+
+For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future.
+
+This field is beta. This field is immutable.
 
 |===
 === .spec.tokenRequests
 Description::
 +
 --
-TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": {
+tokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": {
   "<audience>": {
     "token": <token>,
     "expirationTimestamp": <expiration timestamp in RFC3339>,
@@ -175,11 +183,11 @@ Required::
 
 | `audience`
 | `string`
-| Audience is the intended audience of the token in "TokenRequestSpec". It will default to the audiences of kube apiserver.
+| audience is the intended audience of the token in "TokenRequestSpec". It will default to the audiences of kube apiserver.
 
 | `expirationSeconds`
 | `integer`
-| ExpirationSeconds is the duration of validity of the token in "TokenRequestSpec". It has the same default value of "ExpirationSeconds" in "TokenRequestSpec".
+| expirationSeconds is the duration of validity of the token in "TokenRequestSpec". It has the same default value of "ExpirationSeconds" in "TokenRequestSpec".
 
 |===
 
@@ -205,14 +213,6 @@ The following API endpoints are available:
 === /apis/storage.k8s.io/v1/csidrivers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -225,57 +225,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -294,46 +248,6 @@ Description::
   list or watch objects of kind CSIDriver
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -360,12 +274,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -395,49 +306,6 @@ Description::
 === /apis/storage.k8s.io/v1/watch/csidrivers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -468,14 +336,6 @@ Description::
 | name of the CSIDriver
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -491,25 +351,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -554,25 +397,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -600,12 +429,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -641,49 +467,6 @@ Description::
 | name of the CSIDriver
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc b/rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc
index 523b6287bbc6..ecd73ade9dba 100644
--- a/rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/csinode-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="csinode-storage-k8s-io-v1"]
 = CSINode [storage.k8s.io/v1]
 :toc: macro
@@ -37,7 +37,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| metadata.name must be the Kubernetes node name.
+| Standard object's metadata. metadata.name must be the Kubernetes node name.
 
 | `spec`
 | `object`
@@ -111,7 +111,7 @@ Required::
 
 | `name`
 | `string`
-| This is the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver.
+| name represents the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver.
 
 | `nodeID`
 | `string`
@@ -141,7 +141,7 @@ Type::
 
 | `count`
 | `integer`
-| Maximum number of unique volumes managed by the CSI driver that can be used on a node. A volume that is both attached and mounted on a node is considered to be used once, not twice. The same rule applies for a unique volume that is shared among multiple pods on the same node. If this field is not specified, then the supported number of volumes on this node is unbounded.
+| count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node. A volume that is both attached and mounted on a node is considered to be used once, not twice. The same rule applies for a unique volume that is shared among multiple pods on the same node. If this field is not specified, then the supported number of volumes on this node is unbounded.
 
 |===
 
@@ -167,14 +167,6 @@ The following API endpoints are available:
 === /apis/storage.k8s.io/v1/csinodes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -187,57 +179,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -256,46 +202,6 @@ Description::
   list or watch objects of kind CSINode
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -322,12 +228,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -357,49 +260,6 @@ Description::
 === /apis/storage.k8s.io/v1/watch/csinodes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -430,14 +290,6 @@ Description::
 | name of the CSINode
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -453,25 +305,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -516,25 +351,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -562,12 +383,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -603,49 +421,6 @@ Description::
 | name of the CSINode
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc b/rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc
index f87b08d004f1..8ec4ab7500c2 100644
--- a/rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/csistoragecapacity-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="csistoragecapacity-storage-k8s-io-v1"]
 = CSIStorageCapacity [storage.k8s.io/v1]
 :toc: macro
@@ -41,7 +41,7 @@ Required::
 
 | `capacity`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
-| Capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.
+| capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.
 
 The semantic is currently (CSI spec 1.2) defined as: The available capacity, in bytes, of the storage that can be used to provision volumes. If not set, that information is currently unavailable.
 
@@ -51,13 +51,13 @@ The semantic is currently (CSI spec 1.2) defined as: The available capacity, in
 
 | `maximumVolumeSize`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
-| MaximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.
+| maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields.
 
 This is defined since CSI spec 1.4.0 as the largest size that may be used in a CreateVolumeRequest.capacity_range.required_bytes field to create a volume with the same parameters as those in GetCapacityRequest. The corresponding value in the Kubernetes API is ResourceRequirements.Requests in a volume claim.
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| Standard object's metadata. The name has no particular meaning. It must be be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-<uuid>, a generated name, or a reverse-domain name which ends with the unique CSI driver name.
+| Standard object's metadata. The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-<uuid>, a generated name, or a reverse-domain name which ends with the unique CSI driver name.
 
 Objects are namespaced.
 
@@ -65,11 +65,11 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-
 
 | `nodeTopology`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
-| NodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable.
+| nodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable.
 
 | `storageClassName`
 | `string`
-| The name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.
+| storageClassName represents the name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.
 
 |===
 
@@ -99,49 +99,6 @@ The following API endpoints are available:
 === /apis/storage.k8s.io/v1/csistoragecapacities
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -164,49 +121,6 @@ Description::
 === /apis/storage.k8s.io/v1/watch/csistoragecapacities
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -228,23 +142,7 @@ Description::
 
 === /apis/storage.k8s.io/v1/namespaces/{namespace}/csistoragecapacities
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -257,57 +155,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -326,46 +178,6 @@ Description::
   list or watch objects of kind CSIStorageCapacity
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -392,12 +204,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -426,58 +235,7 @@ Description::
 
 === /apis/storage.k8s.io/v1/watch/namespaces/{namespace}/csistoragecapacities
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -506,19 +264,8 @@ Description::
 | `name`
 | `string`
 | name of the CSIStorageCapacity
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -534,25 +281,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -597,25 +327,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -643,12 +359,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -682,54 +395,8 @@ Description::
 | `name`
 | `string`
 | name of the CSIStorageCapacity
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/storage_apis/persistentvolume-v1.adoc b/rest_api/storage_apis/persistentvolume-v1.adoc
index 62cef3b2a15a..f2ba9e711e18 100644
--- a/rest_api/storage_apis/persistentvolume-v1.adoc
+++ b/rest_api/storage_apis/persistentvolume-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistentvolume-v1"]
 = PersistentVolume [v1]
 :toc: macro
@@ -188,6 +188,10 @@ Possible enum values:
 | `string`
 | volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `vsphereVolume`
 | `object`
 | Represents a vSphere volume resource.
@@ -255,6 +259,11 @@ Required::
 | `string`
 | cachingMode is the Host Caching mode: None, Read Only, Read Write.
 
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
 | `diskName`
 | `string`
 | diskName is the Name of the data disk in the blob storage
@@ -271,6 +280,11 @@ Required::
 | `string`
 | kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
 
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
 | `readOnly`
 | `boolean`
 | readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
@@ -914,6 +928,16 @@ Required::
 | `string`
 | type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
 |===
 === .spec.iscsi
 Description::
@@ -1682,6 +1706,10 @@ Type::
 |===
 | Property | Type | Description
 
+| `lastPhaseTransitionTime`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
+| lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
+
 | `message`
 | `string`
 | message is a human-readable message indicating details about why the volume is in this state.
@@ -1729,14 +1757,6 @@ The following API endpoints are available:
 === /api/v1/persistentvolumes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1749,57 +1769,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1818,46 +1792,6 @@ Description::
   list or watch objects of kind PersistentVolume
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1884,12 +1818,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1919,49 +1850,6 @@ Description::
 === /api/v1/watch/persistentvolumes
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1992,14 +1880,6 @@ Description::
 | name of the PersistentVolume
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -2015,25 +1895,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2078,25 +1941,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2124,12 +1973,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2165,49 +2011,6 @@ Description::
 | name of the PersistentVolume
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2238,14 +2041,6 @@ Description::
 | name of the PersistentVolume
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -2278,25 +2073,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2324,12 +2105,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc
index e40343b045f4..26e3a9d87693 100644
--- a/rest_api/storage_apis/persistentvolumeclaim-v1.adoc
+++ b/rest_api/storage_apis/persistentvolumeclaim-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistentvolumeclaim-v1"]
 = PersistentVolumeClaim [v1]
 :toc: macro
@@ -98,6 +98,10 @@ Type::
 | `string`
 | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `volumeName`
 | `string`
 | volumeName is the binding reference to the PersistentVolume backing this claim.
@@ -215,7 +219,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.resources.claims
@@ -280,9 +284,52 @@ Type::
 | `array (string)`
 | accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 
+| `allocatedResourceStatuses`
+| `object (string)`
+| allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:
+	* Un-prefixed keys:
+		- storage - the capacity of the volume.
+	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
+
+ClaimResourceStatus can be in any of following states:
+	- ControllerResizeInProgress:
+		State set when resize controller starts resizing the volume in control-plane.
+	- ControllerResizeFailed:
+		State set when resize has failed in resize controller with a terminal error.
+	- NodeResizePending:
+		State set when resize controller has finished resizing the volume but further resizing of
+		volume is needed on the node.
+	- NodeResizeInProgress:
+		State set when kubelet starts resizing the volume.
+	- NodeResizeFailed:
+		State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
+		NodeResizeFailed.
+For example: if expanding a PVC for more capacity - this field can be one of the following states:
+	- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
+     - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
+     - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
+     - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
+     - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
+When this field is not set, it means that no resize operation is in progress for the given PVC.
+
+A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
+
+This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+
 | `allocatedResources`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+| allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:
+	* Un-prefixed keys:
+		- storage - the capacity of the volume.
+	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
+
+Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.
+
+A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
+
+This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 
 | `capacity`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
@@ -294,7 +341,7 @@ Type::
 
 | `conditions[]`
 | `object`
-| PersistentVolumeClaimCondition contails details about state of pvc
+| PersistentVolumeClaimCondition contains details about state of pvc
 
 | `phase`
 | `string`
@@ -305,10 +352,6 @@ Possible enum values:
  - `"Lost"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.
  - `"Pending"` used for PersistentVolumeClaims that are not yet bound
 
-| `resizeStatus`
-| `string`
-| resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
-
 |===
 === .status.conditions
 Description::
@@ -327,7 +370,7 @@ Type::
 Description::
 +
 --
-PersistentVolumeClaimCondition contails details about state of pvc
+PersistentVolumeClaimCondition contains details about state of pvc
 --
 
 Type::
@@ -399,49 +442,6 @@ The following API endpoints are available:
 === /api/v1/persistentvolumeclaims
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -464,49 +464,6 @@ Description::
 === /api/v1/watch/persistentvolumeclaims
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -528,23 +485,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/persistentvolumeclaims
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -557,57 +498,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -626,46 +521,6 @@ Description::
   list or watch objects of kind PersistentVolumeClaim
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -692,12 +547,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -726,58 +578,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/persistentvolumeclaims
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -806,19 +607,8 @@ Description::
 | `name`
 | `string`
 | name of the PersistentVolumeClaim
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -834,25 +624,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -897,25 +670,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -943,12 +702,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -982,54 +738,8 @@ Description::
 | `name`
 | `string`
 | name of the PersistentVolumeClaim
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1058,19 +768,8 @@ Description::
 | `name`
 | `string`
 | name of the PersistentVolumeClaim
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1103,25 +802,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1149,12 +834,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/storage-apis-index.adoc b/rest_api/storage_apis/storage-apis-index.adoc
index 484fed427935..762968f3e256 100644
--- a/rest_api/storage_apis/storage-apis-index.adoc
+++ b/rest_api/storage_apis/storage-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storage-apis"]
 = Storage APIs
 :toc: macro
diff --git a/rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc b/rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc
index 624245ec76ca..029508222dde 100644
--- a/rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/storageclass-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storageclass-storage-k8s-io-v1"]
 = StorageClass [storage.k8s.io/v1]
 :toc: macro
@@ -31,11 +31,11 @@ Required::
 
 | `allowVolumeExpansion`
 | `boolean`
-| AllowVolumeExpansion shows whether the storage class allow volume expand
+| allowVolumeExpansion shows whether the storage class allow volume expand.
 
 | `allowedTopologies`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.TopologySelectorTerm[`array (TopologySelectorTerm)`]
-| Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.
+| allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.
 
 | `apiVersion`
 | `string`
@@ -51,23 +51,32 @@ Required::
 
 | `mountOptions`
 | `array (string)`
-| Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. ["ro", "soft"]. Not validated - mount of the PVs will simply fail if one is invalid.
+| mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. e.g. ["ro", "soft"]. Not validated - mount of the PVs will simply fail if one is invalid.
 
 | `parameters`
 | `object (string)`
-| Parameters holds the parameters for the provisioner that should create volumes of this storage class.
+| parameters holds the parameters for the provisioner that should create volumes of this storage class.
 
 | `provisioner`
 | `string`
-| Provisioner indicates the type of the provisioner.
+| provisioner indicates the type of the provisioner.
 
 | `reclaimPolicy`
 | `string`
-| Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete.
+| reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. Defaults to Delete.
+
+Possible enum values:
+ - `"Delete"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.
+ - `"Recycle"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.
+ - `"Retain"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.
 
 | `volumeBindingMode`
 | `string`
-| VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound.  When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.
+| volumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound.  When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.
+
+Possible enum values:
+ - `"Immediate"` indicates that PersistentVolumeClaims should be immediately provisioned and bound. This is the default mode.
+ - `"WaitForFirstConsumer"` indicates that PersistentVolumeClaims should not be provisioned and bound until the first Pod is created that references the PeristentVolumeClaim. The volume provisioning and binding will occur during Pod scheduing.
 
 |===
 
@@ -93,14 +102,6 @@ The following API endpoints are available:
 === /apis/storage.k8s.io/v1/storageclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -113,57 +114,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -182,46 +137,6 @@ Description::
   list or watch objects of kind StorageClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -248,12 +163,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -283,49 +195,6 @@ Description::
 === /apis/storage.k8s.io/v1/watch/storageclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -356,14 +225,6 @@ Description::
 | name of the StorageClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -379,25 +240,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -442,25 +286,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -488,12 +318,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -529,49 +356,6 @@ Description::
 | name of the StorageClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/storage_apis/storagestate-migration-k8s-io-v1alpha1.adoc b/rest_api/storage_apis/storagestate-migration-k8s-io-v1alpha1.adoc
index becf4c7a47e7..361b5edb2c20 100644
--- a/rest_api/storage_apis/storagestate-migration-k8s-io-v1alpha1.adoc
+++ b/rest_api/storage_apis/storagestate-migration-k8s-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storagestate-migration-k8s-io-v1alpha1"]
 = StorageState [migration.k8s.io/v1alpha1]
 :toc: macro
@@ -147,14 +147,6 @@ The following API endpoints are available:
 === /apis/migration.k8s.io/v1alpha1/storagestates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -163,46 +155,6 @@ Description::
   delete collection of StorageState
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -222,46 +174,6 @@ Description::
   list objects of kind StorageState
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -288,12 +200,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -331,14 +240,6 @@ Description::
 | name of the StorageState
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -354,25 +255,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -393,16 +277,6 @@ Description::
   read the specified StorageState
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -429,22 +303,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -470,12 +333,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -511,14 +371,6 @@ Description::
 | name of the StorageState
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -527,16 +379,6 @@ Description::
   read status of the specified StorageState
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -563,22 +405,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -604,12 +435,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc b/rest_api/storage_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc
index e63933b540ed..ed207b9453d6 100644
--- a/rest_api/storage_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc
+++ b/rest_api/storage_apis/storageversionmigration-migration-k8s-io-v1alpha1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storageversionmigration-migration-k8s-io-v1alpha1"]
 = StorageVersionMigration [migration.k8s.io/v1alpha1]
 :toc: macro
@@ -207,14 +207,6 @@ The following API endpoints are available:
 === /apis/migration.k8s.io/v1alpha1/storageversionmigrations
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -223,46 +215,6 @@ Description::
   delete collection of StorageVersionMigration
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -282,46 +234,6 @@ Description::
   list objects of kind StorageVersionMigration
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -348,12 +260,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -391,14 +300,6 @@ Description::
 | name of the StorageVersionMigration
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -414,25 +315,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -453,16 +337,6 @@ Description::
   read the specified StorageVersionMigration
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -489,22 +363,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -530,12 +393,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -571,14 +431,6 @@ Description::
 | name of the StorageVersionMigration
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -587,16 +439,6 @@ Description::
   read status of the specified StorageVersionMigration
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -623,22 +465,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -664,12 +495,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc b/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc
index 922a1c2da41b..081b7709e399 100644
--- a/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/volumeattachment-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="volumeattachment-storage-k8s-io-v1"]
 = VolumeAttachment [storage.k8s.io/v1]
 :toc: macro
@@ -73,11 +73,11 @@ Required::
 
 | `attacher`
 | `string`
-| Attacher indicates the name of the volume driver that MUST handle this request. This is the name returned by GetPluginName().
+| attacher indicates the name of the volume driver that MUST handle this request. This is the name returned by GetPluginName().
 
 | `nodeName`
 | `string`
-| The node that the volume should be attached to.
+| nodeName represents the node that the volume should be attached to.
 
 | `source`
 | `object`
@@ -107,7 +107,7 @@ Type::
 
 | `persistentVolumeName`
 | `string`
-| Name of the persistent volume to attach.
+| persistentVolumeName represents the name of the persistent volume to attach.
 
 |===
 === .status
@@ -135,11 +135,11 @@ Required::
 
 | `attached`
 | `boolean`
-| Indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+| attached indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
 
 | `attachmentMetadata`
 | `object (string)`
-| Upon successful attach, this field is populated with any information returned by the attach operation that must be passed into subsequent WaitForAttach or Mount calls. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+| attachmentMetadata is populated with any information returned by the attach operation, upon successful attach, that must be passed into subsequent WaitForAttach or Mount calls. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
 
 | `detachError`
 | `object`
@@ -165,11 +165,11 @@ Type::
 
 | `message`
 | `string`
-| String detailing the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.
+| message represents the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.
 
 | `time`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
-| Time the error was encountered.
+| time represents the time the error was encountered.
 
 |===
 === .status.detachError
@@ -191,11 +191,11 @@ Type::
 
 | `message`
 | `string`
-| String detailing the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.
+| message represents the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.
 
 | `time`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
-| Time the error was encountered.
+| time represents the time the error was encountered.
 
 |===
 
@@ -225,14 +225,6 @@ The following API endpoints are available:
 === /apis/storage.k8s.io/v1/volumeattachments
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -245,57 +237,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -314,46 +260,6 @@ Description::
   list or watch objects of kind VolumeAttachment
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -380,12 +286,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -415,49 +318,6 @@ Description::
 === /apis/storage.k8s.io/v1/watch/volumeattachments
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -488,14 +348,6 @@ Description::
 | name of the VolumeAttachment
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -511,25 +363,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -574,25 +409,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -620,12 +441,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -661,49 +479,6 @@ Description::
 | name of the VolumeAttachment
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -734,14 +509,6 @@ Description::
 | name of the VolumeAttachment
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -774,25 +541,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -820,12 +573,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc b/rest_api/storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc
index b2476bd81983..128b47faccf5 100644
--- a/rest_api/storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/volumesnapshot-snapshot-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="volumesnapshot-snapshot-storage-k8s-io-v1"]
 = VolumeSnapshot [snapshot.storage.k8s.io/v1]
 :toc: macro
@@ -191,49 +191,6 @@ The following API endpoints are available:
 === /apis/snapshot.storage.k8s.io/v1/volumesnapshots
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -255,23 +212,7 @@ Description::
 
 === /apis/snapshot.storage.k8s.io/v1/namespaces/{namespace}/volumesnapshots
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -280,46 +221,6 @@ Description::
   delete collection of VolumeSnapshot
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -339,46 +240,6 @@ Description::
   list objects of kind VolumeSnapshot
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -405,12 +266,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -446,19 +304,8 @@ Description::
 | `name`
 | `string`
 | name of the VolumeSnapshot
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -474,25 +321,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -513,16 +343,6 @@ Description::
   read the specified VolumeSnapshot
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -549,22 +369,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -590,12 +399,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -629,19 +435,8 @@ Description::
 | `name`
 | `string`
 | name of the VolumeSnapshot
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -650,16 +445,6 @@ Description::
   read status of the specified VolumeSnapshot
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -686,22 +471,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -727,12 +501,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc b/rest_api/storage_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc
index a2ab0b6b6df0..621330b213c4 100644
--- a/rest_api/storage_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/volumesnapshotclass-snapshot-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="volumesnapshotclass-snapshot-storage-k8s-io-v1"]
 = VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
 :toc: macro
@@ -72,14 +72,6 @@ The following API endpoints are available:
 === /apis/snapshot.storage.k8s.io/v1/volumesnapshotclasses
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -88,46 +80,6 @@ Description::
   delete collection of VolumeSnapshotClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -147,46 +99,6 @@ Description::
   list objects of kind VolumeSnapshotClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -213,12 +125,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -256,14 +165,6 @@ Description::
 | name of the VolumeSnapshotClass
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -279,25 +180,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -318,16 +202,6 @@ Description::
   read the specified VolumeSnapshotClass
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -354,22 +228,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -395,12 +258,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/storage_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc b/rest_api/storage_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc
index bcb90673e60a..d796b40595d4 100644
--- a/rest_api/storage_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc
+++ b/rest_api/storage_apis/volumesnapshotcontent-snapshot-storage-k8s-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="volumesnapshotcontent-snapshot-storage-k8s-io-v1"]
 = VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
 :toc: macro
@@ -254,14 +254,6 @@ The following API endpoints are available:
 === /apis/snapshot.storage.k8s.io/v1/volumesnapshotcontents
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -270,46 +262,6 @@ Description::
   delete collection of VolumeSnapshotContent
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -329,46 +281,6 @@ Description::
   list objects of kind VolumeSnapshotContent
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -395,12 +307,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -438,14 +347,6 @@ Description::
 | name of the VolumeSnapshotContent
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -461,25 +362,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -500,16 +384,6 @@ Description::
   read the specified VolumeSnapshotContent
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -536,22 +410,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -577,12 +440,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -618,14 +478,6 @@ Description::
 | name of the VolumeSnapshotContent
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -634,16 +486,6 @@ Description::
   read status of the specified VolumeSnapshotContent
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-|===
 
 
 .HTTP responses
@@ -670,22 +512,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -711,12 +542,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc
index b9913c285124..47c57be5ec09 100644
--- a/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc
+++ b/rest_api/template_apis/brokertemplateinstance-template-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="brokertemplateinstance-template-openshift-io-v1"]
 = BrokerTemplateInstance [template.openshift.io/v1]
 :toc: macro
@@ -39,7 +39,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -102,14 +102,6 @@ The following API endpoints are available:
 === /apis/template.openshift.io/v1/brokertemplateinstances
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -122,57 +114,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -191,46 +137,6 @@ Description::
   list or watch objects of kind BrokerTemplateInstance
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -257,12 +163,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -292,49 +195,6 @@ Description::
 === /apis/template.openshift.io/v1/watch/brokertemplateinstances
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -365,14 +225,6 @@ Description::
 | name of the BrokerTemplateInstance
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -388,25 +240,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -451,25 +286,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -497,12 +318,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -538,49 +356,6 @@ Description::
 | name of the BrokerTemplateInstance
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/template_apis/podtemplate-v1.adoc b/rest_api/template_apis/podtemplate-v1.adoc
index f24689721548..08b8b6f7e01c 100644
--- a/rest_api/template_apis/podtemplate-v1.adoc
+++ b/rest_api/template_apis/podtemplate-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="podtemplate-v1"]
 = PodTemplate [v1]
 :toc: macro
@@ -199,6 +199,10 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
 | `string`
 | PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
 
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
 | `priority`
 | `integer`
 | The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
@@ -229,7 +233,7 @@ This field is immutable.
 
 | `restartPolicy`
 | `string`
-| Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
 
 Possible enum values:
  - `"Always"`
@@ -246,9 +250,11 @@ Possible enum values:
 
 | `schedulingGates`
 | `array`
-| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
 
-This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
 
 | `schedulingGates[]`
 | `object`
@@ -1149,10 +1155,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -1673,7 +1691,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -1843,7 +1861,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -1905,7 +1923,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -1962,7 +1980,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2071,7 +2089,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2191,7 +2209,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2248,7 +2266,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2357,7 +2375,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2391,6 +2409,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .template.spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .template.spec.containers[].resources
 Description::
@@ -2427,7 +2487,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .template.spec.containers[].resources.claims
@@ -2504,6 +2564,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -2614,7 +2678,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -2655,7 +2719,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -2689,7 +2753,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2746,7 +2810,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2855,7 +2919,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2973,6 +3037,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -3158,10 +3227,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -3688,7 +3769,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3858,7 +3939,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3920,7 +4001,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -3977,7 +4058,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4086,7 +4167,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4206,7 +4287,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4263,7 +4344,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4372,7 +4453,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4406,6 +4487,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .template.spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .template.spec.ephemeralContainers[].resources
 Description::
@@ -4442,7 +4565,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .template.spec.ephemeralContainers[].resources.claims
@@ -4519,6 +4642,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -4629,7 +4756,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -4670,7 +4797,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -4704,7 +4831,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4761,7 +4888,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4870,7 +4997,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4988,6 +5115,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -5172,10 +5304,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -5696,7 +5840,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5866,7 +6010,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5928,7 +6072,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5985,7 +6129,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6094,7 +6238,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6214,7 +6358,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6271,7 +6415,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6380,7 +6524,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6414,6 +6558,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .template.spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .template.spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .template.spec.initContainers[].resources
 Description::
@@ -6450,7 +6636,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .template.spec.initContainers[].resources.claims
@@ -6527,6 +6713,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -6637,7 +6827,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6678,7 +6868,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6712,7 +6902,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6769,7 +6959,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6878,7 +7068,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6996,6 +7186,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -7148,9 +7343,7 @@ Type::
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
 
-The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
-
-An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
 
 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
 
@@ -7159,9 +7352,11 @@ This field is immutable and no changes will be made to the corresponding Resourc
 Description::
 +
 --
-SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
 
-This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
 --
 
 Type::
@@ -7223,6 +7418,10 @@ If unset, the Kubelet will not modify the ownership and permissions of any volum
 | `string`
 | fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
 | `runAsGroup`
 | `integer`
 | The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
@@ -7315,7 +7514,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -7398,7 +7597,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -7505,7 +7704,9 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -7525,12 +7726,20 @@ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate
 
 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
 | `nodeTaintsPolicy`
 | `string`
 | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
 
 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
 | `topologyKey`
 | `string`
 | TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
@@ -7772,6 +7981,11 @@ Required::
 | `string`
 | cachingMode is the Host Caching mode: None, Read Only, Read Write.
 
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
 | `diskName`
 | `string`
 | diskName is the Name of the data disk in the blob storage
@@ -7788,6 +8002,11 @@ Required::
 | `string`
 | kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
 
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
 | `readOnly`
 | `boolean`
 | readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
@@ -8260,7 +8479,7 @@ Type::
 
 | `sizeLimit`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .template.spec.volumes[].ephemeral
@@ -8365,6 +8584,10 @@ Type::
 | `string`
 | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `volumeName`
 | `string`
 | volumeName is the binding reference to the PersistentVolume backing this claim.
@@ -8482,7 +8705,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -8784,6 +9007,16 @@ Required::
 | `string`
 | type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
 |===
 === .template.spec.volumes[].iscsi
 Description::
@@ -9819,49 +10052,6 @@ The following API endpoints are available:
 === /api/v1/podtemplates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -9884,49 +10074,6 @@ Description::
 === /api/v1/watch/podtemplates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -9948,23 +10095,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/podtemplates
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -9977,57 +10108,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10046,46 +10131,6 @@ Description::
   list or watch objects of kind PodTemplate
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -10112,12 +10157,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10146,58 +10188,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/podtemplates
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -10226,19 +10217,8 @@ Description::
 | `name`
 | `string`
 | name of the PodTemplate
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -10254,25 +10234,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10317,25 +10280,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10363,12 +10312,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10402,54 +10348,8 @@ Description::
 | `name`
 | `string`
 | name of the PodTemplate
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/template_apis/template-apis-index.adoc b/rest_api/template_apis/template-apis-index.adoc
index ef78fd857c5f..ca84a65195bc 100644
--- a/rest_api/template_apis/template-apis-index.adoc
+++ b/rest_api/template_apis/template-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="template-apis"]
 = Template APIs
 :toc: macro
diff --git a/rest_api/template_apis/template-template-openshift-io-v1.adoc b/rest_api/template_apis/template-template-openshift-io-v1.adoc
index c3fbcda929d0..2e978ea49ed8 100644
--- a/rest_api/template_apis/template-template-openshift-io-v1.adoc
+++ b/rest_api/template_apis/template-template-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="template-template-openshift-io-v1"]
 = Template [template.openshift.io/v1]
 :toc: macro
@@ -47,7 +47,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `objects`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`array (RawExtension)`]
@@ -158,49 +158,6 @@ The following API endpoints are available:
 === /apis/template.openshift.io/v1/templates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -223,49 +180,6 @@ Description::
 === /apis/template.openshift.io/v1/watch/templates
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -287,23 +201,7 @@ Description::
 
 === /apis/template.openshift.io/v1/namespaces/{namespace}/templates
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -316,57 +214,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -385,46 +237,6 @@ Description::
   list or watch objects of kind Template
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -451,12 +263,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -485,58 +294,7 @@ Description::
 
 === /apis/template.openshift.io/v1/watch/namespaces/{namespace}/templates
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -565,19 +323,8 @@ Description::
 | `name`
 | `string`
 | name of the Template
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -593,25 +340,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -656,25 +386,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -702,12 +418,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -734,14 +447,6 @@ Description::
 
 === /apis/template.openshift.io/v1/namespaces/{namespace}/processedtemplates
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
 .Global query parameters
 [cols="1,1,2",options="header"]
@@ -750,15 +455,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
@@ -802,54 +501,8 @@ Description::
 | `name`
 | `string`
 | name of the Template
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc
index 9dfc549149e7..dc39a8547668 100644
--- a/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc
+++ b/rest_api/template_apis/templateinstance-template-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="templateinstance-template-openshift-io-v1"]
 = TemplateInstance [template.openshift.io/v1]
 :toc: macro
@@ -39,7 +39,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -174,7 +174,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `objects`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.runtime.RawExtension[`array (RawExtension)`]
@@ -413,49 +413,6 @@ The following API endpoints are available:
 === /apis/template.openshift.io/v1/templateinstances
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -478,49 +435,6 @@ Description::
 === /apis/template.openshift.io/v1/watch/templateinstances
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -542,23 +456,7 @@ Description::
 
 === /apis/template.openshift.io/v1/namespaces/{namespace}/templateinstances
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -571,57 +469,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -640,46 +492,6 @@ Description::
   list or watch objects of kind TemplateInstance
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -706,12 +518,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -740,58 +549,7 @@ Description::
 
 === /apis/template.openshift.io/v1/watch/namespaces/{namespace}/templateinstances
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -820,19 +578,8 @@ Description::
 | `name`
 | `string`
 | name of the TemplateInstance
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -848,25 +595,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -911,25 +641,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -957,12 +673,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -996,54 +709,8 @@ Description::
 | `name`
 | `string`
 | name of the TemplateInstance
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1072,19 +739,8 @@ Description::
 | `name`
 | `string`
 | name of the TemplateInstance
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1117,25 +773,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1163,12 +805,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/understanding-api-support-tiers.adoc b/rest_api/understanding-api-support-tiers.adoc
index 4ca1a7b8acb5..ac35820068da 100644
--- a/rest_api/understanding-api-support-tiers.adoc
+++ b/rest_api/understanding-api-support-tiers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-api-support-tiers"]
 = Understanding API tiers
 include::_attributes/common-attributes.adoc[]
diff --git a/rest_api/understanding-compatibility-guidelines.adoc b/rest_api/understanding-compatibility-guidelines.adoc
index b2153251d9e2..e284f23afb31 100644
--- a/rest_api/understanding-compatibility-guidelines.adoc
+++ b/rest_api/understanding-compatibility-guidelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compatibility-guidelines"]
 = Understanding API compatibility guidelines
 include::_attributes/common-attributes.adoc[]
diff --git a/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc
index d8978339f7e6..7ad5481dca0d 100644
--- a/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/group-user-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="group-user-openshift-io-v1"]
 = Group [user.openshift.io/v1]
 :toc: macro
@@ -38,8 +38,8 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `users`
 | `array (string)`
@@ -75,7 +75,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -91,7 +91,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -108,15 +108,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -127,6 +127,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -164,10 +179,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -178,7 +193,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -191,6 +206,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -227,6 +257,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -262,10 +295,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -276,12 +309,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -292,6 +325,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -335,7 +383,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -357,10 +405,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -418,9 +466,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -461,6 +512,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -502,10 +556,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -516,12 +570,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -532,6 +586,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc
index d45fb09334a7..e3468ee4d97b 100644
--- a/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/identity-user-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="identity-user-openshift-io-v1"]
 = Identity [user.openshift.io/v1]
 :toc: macro
@@ -44,8 +44,8 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `providerName`
 | `string`
@@ -89,7 +89,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -105,7 +105,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -122,15 +122,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -141,6 +141,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -178,10 +193,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -192,7 +207,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -205,6 +220,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -241,6 +271,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -276,10 +309,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -290,12 +323,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -306,6 +339,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -349,7 +397,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -371,10 +419,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -432,9 +480,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -475,6 +526,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -516,10 +570,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -530,12 +584,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -546,6 +600,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/user_and_group_apis/user-and-group-apis-index.adoc b/rest_api/user_and_group_apis/user-and-group-apis-index.adoc
index 141cc5d061cc..ca6ce3a0ab8a 100644
--- a/rest_api/user_and_group_apis/user-and-group-apis-index.adoc
+++ b/rest_api/user_and_group_apis/user-and-group-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="user-and-group-apis"]
 = User and group APIs
 :toc: macro
diff --git a/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc
index 0cebe0b5d2a8..d72be9c884d4 100644
--- a/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/user-user-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="user-user-openshift-io-v1"]
 = User [user.openshift.io/v1]
 :toc: macro
@@ -50,8 +50,8 @@ Required::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 |===
 
@@ -83,7 +83,7 @@ The following API endpoints are available:
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -99,7 +99,7 @@ Description::
 | Parameter | Type | Description
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
@@ -116,15 +116,15 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -135,6 +135,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -172,10 +187,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -186,7 +201,7 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `resourceVersion`
@@ -199,6 +214,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -235,6 +265,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -270,10 +303,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -284,12 +317,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -300,6 +333,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
@@ -343,7 +391,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -365,10 +413,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -426,9 +474,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -469,6 +520,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -510,10 +564,10 @@ Description::
 | Parameter | Type | Description
 | `allowWatchBookmarks`
 | `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+| allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
 | `continue`
 | `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
+| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key".
 
 This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `fieldSelector`
@@ -524,12 +578,12 @@ This field is not supported when watch is true. Clients may start a watch from t
 | A selector to restrict the list of returned objects by their labels. Defaults to everything.
 | `limit`
 | `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
+| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
 The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 | `resourceVersion`
 | `string`
 | resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
@@ -540,6 +594,21 @@ Defaults to unset
 | resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
 Defaults to unset
+| `sendInitialEvents`
+| `boolean`
+| `sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic "Bookmark" event  will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.
+
+When `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan
+  is interpreted as "data at least as new as the provided `resourceVersion`"
+  and the bookmark event is send when the state is synced
+  to a `resourceVersion` at least as fresh as the one provided by the ListOptions.
+  If `resourceVersion` is unset, this is interpreted as "consistent read" and the
+  bookmark event is send when the state is synced at least to the moment
+  when request started being processed.
+- `resourceVersionMatch` set to any other value or unset
+  Invalid error is returned.
+
+Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward compatibility reasons) and to false otherwise.
 | `timeoutSeconds`
 | `integer`
 | Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
diff --git a/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc b/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc
index 52298feb84f5..e1f415c810e7 100644
--- a/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc
+++ b/rest_api/user_and_group_apis/useridentitymapping-user-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="useridentitymapping-user-openshift-io-v1"]
 = UserIdentityMapping [user.openshift.io/v1]
 :toc: macro
@@ -40,8 +40,8 @@ Type::
 | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 
 | `metadata`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2[`ObjectMeta_v2`]
-| 
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `user`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.ObjectReference[`ObjectReference`]
@@ -75,9 +75,12 @@ The following API endpoints are available:
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -129,7 +132,7 @@ Description::
 | Parameter | Type | Description
 | `pretty`
 | `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| If 'true', then the output is pretty printed.
 |===
 
 HTTP method::
@@ -151,10 +154,10 @@ Description::
 | The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
 | `orphanDependents`
 | `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
+| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
 | `propagationPolicy`
 | `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
+| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
 |===
 
 .Body parameters
@@ -212,9 +215,12 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 | `force`
 | `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
 |===
 
 .Body parameters
@@ -255,6 +261,9 @@ Description::
 | `fieldManager`
 | `string`
 | fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
+| `fieldValidation`
+| `string`
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/build-build-openshift-io-v1.adoc b/rest_api/workloads_apis/build-build-openshift-io-v1.adoc
index 5478da985f58..599be12daf02 100644
--- a/rest_api/workloads_apis/build-build-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/build-build-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="build-build-openshift-io-v1"]
 = Build [build.openshift.io/v1]
 :toc: macro
@@ -37,7 +37,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -146,7 +146,7 @@ There are five different ways to configure the hook. As an example, all forms be
 It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.
 
 | `resources`
-| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements_v2[`ResourceRequirements_v2`]
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`]
 | resources computes resource requirements to execute the build.
 
 | `revision`
@@ -2226,49 +2226,6 @@ The following API endpoints are available:
 === /apis/build.openshift.io/v1/builds
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2291,49 +2248,6 @@ Description::
 === /apis/build.openshift.io/v1/watch/builds
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2355,23 +2269,7 @@ Description::
 
 === /apis/build.openshift.io/v1/namespaces/{namespace}/builds
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -2384,57 +2282,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2453,46 +2305,6 @@ Description::
   list or watch objects of kind Build
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -2519,12 +2331,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2553,58 +2362,7 @@ Description::
 
 === /apis/build.openshift.io/v1/watch/namespaces/{namespace}/builds
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2633,19 +2391,8 @@ Description::
 | `name`
 | `string`
 | name of the Build
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -2661,25 +2408,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2724,25 +2454,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2770,12 +2486,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2809,54 +2522,8 @@ Description::
 | `name`
 | `string`
 | name of the Build
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2885,9 +2552,6 @@ Description::
 | `name`
 | `string`
 | name of the Build
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -2897,15 +2561,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
@@ -2947,19 +2605,8 @@ Description::
 | `name`
 | `string`
 | name of the Build
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `path`
-| `string`
-| Path is the URL path to use for the current proxy request to pod.
-|===
 
 HTTP method::
   `POST`
@@ -2988,22 +2635,8 @@ Description::
 | `name`
 | `string`
 | name of the Build
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-| `path`
-| `string`
-| path to the resource
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `path`
-| `string`
-| Path is the URL path to use for the current proxy request to pod.
-|===
 
 HTTP method::
   `POST`
diff --git a/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc
index c76771fda569..095f945a3da6 100644
--- a/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/buildconfig-build-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="buildconfig-build-openshift-io-v1"]
 = BuildConfig [build.openshift.io/v1]
 :toc: macro
@@ -41,7 +41,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -154,7 +154,7 @@ There are five different ways to configure the hook. As an example, all forms be
 It is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.
 
 | `resources`
-| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements_v2[`ResourceRequirements_v2`]
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`]
 | resources computes resource requirements to execute the build.
 
 | `revision`
@@ -1733,49 +1733,6 @@ The following API endpoints are available:
 === /apis/build.openshift.io/v1/buildconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1798,49 +1755,6 @@ Description::
 === /apis/build.openshift.io/v1/watch/buildconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1862,23 +1776,7 @@ Description::
 
 === /apis/build.openshift.io/v1/namespaces/{namespace}/buildconfigs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1891,57 +1789,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1960,46 +1812,6 @@ Description::
   list or watch objects of kind BuildConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -2026,12 +1838,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2060,58 +1869,7 @@ Description::
 
 === /apis/build.openshift.io/v1/watch/namespaces/{namespace}/buildconfigs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -2140,19 +1898,8 @@ Description::
 | `name`
 | `string`
 | name of the BuildConfig
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -2168,25 +1915,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2231,25 +1961,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -2277,12 +1993,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -2316,54 +2029,8 @@ Description::
 | `name`
 | `string`
 | name of the BuildConfig
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/workloads_apis/buildlog-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildlog-build-openshift-io-v1.adoc
index 0a2eccd81d63..c74ef0d82a96 100644
--- a/rest_api/workloads_apis/buildlog-build-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/buildlog-build-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="buildlog-build-openshift-io-v1"]
 = BuildLog [build.openshift.io/v1]
 :toc: macro
@@ -54,49 +54,8 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the BuildLog
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `container`
-| `string`
-| cointainer for which to stream logs. Defaults to only container if there is one container in the pod.
-| `follow`
-| `boolean`
-| follow if true indicates that the build log should be streamed until the build terminates.
-| `insecureSkipTLSVerifyBackend`
-| `boolean`
-| insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to.  This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet.  If the kubelet is configured to verify the apiserver&#x27;s TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).
-| `limitBytes`
-| `integer`
-| limitBytes, If set, is the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.
-| `nowait`
-| `boolean`
-| noWait if true causes the call to return immediately even if the build is not available yet. Otherwise the server will wait until the build has started.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `previous`
-| `boolean`
-| previous returns previous build logs. Defaults to false.
-| `sinceSeconds`
-| `integer`
-| sinceSeconds is a relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.
-| `tailLines`
-| `integer`
-| tailLines, If set, is the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime
-| `timestamps`
-| `boolean`
-| timestamps, If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.
-| `version`
-| `integer`
-| version of the build for which to view logs.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc b/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc
index 8050ca049221..184c49014ab3 100644
--- a/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/buildrequest-build-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="buildrequest-build-openshift-io-v1"]
 = BuildRequest [build.openshift.io/v1]
 :toc: macro
@@ -57,7 +57,7 @@ Type::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `revision`
 | `object`
@@ -925,9 +925,6 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the BuildRequest
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -937,15 +934,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
@@ -989,9 +980,6 @@ Description::
 | `name`
 | `string`
 | name of the BuildRequest
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -1001,15 +989,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/workloads_apis/cronjob-batch-v1.adoc b/rest_api/workloads_apis/cronjob-batch-v1.adoc
index 0afac16bb6dd..5df32652ff4f 100644
--- a/rest_api/workloads_apis/cronjob-batch-v1.adoc
+++ b/rest_api/workloads_apis/cronjob-batch-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cronjob-batch-v1"]
 = CronJob [batch/v1]
 :toc: macro
@@ -68,7 +68,9 @@ Required::
 
 | `concurrencyPolicy`
 | `string`
-| Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
+| Specifies how to treat concurrent executions of a Job. Valid values are:
+
+- "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
 
 Possible enum values:
  - `"Allow"` allows CronJobs to run concurrently.
@@ -101,7 +103,7 @@ Possible enum values:
 
 | `timeZone`
 | `string`
-| The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones This is beta field and must be enabled via the `CronJobTimeZone` feature gate.
+| The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. The set of valid time zone names and the time zone offset is loaded from the system-wide time zone database by the API server during CronJob validation and the controller manager during execution. If no system-wide time zone database can be found a bundled version of the database is used instead. If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host configuration, the controller will stop creating new new Jobs and will create a system event with the reason UnknownTimeZone. More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones
 
 |===
 === .spec.jobTemplate
@@ -157,9 +159,13 @@ Required::
 | `integer`
 | Specifies the number of retries before marking this job failed. Defaults to 6
 
+| `backoffLimitPerIndex`
+| `integer`
+| Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
+
 | `completionMode`
 | `string`
-| CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.
+| completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.
 
 `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.
 
@@ -167,14 +173,22 @@ Required::
 
 More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.
 
+Possible enum values:
+ - `"Indexed"` is a Job completion mode. In this mode, the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1). The Job is considered complete when a Pod completes for each completion index.
+ - `"NonIndexed"` is a Job completion mode. In this mode, the Job is considered complete when there have been .spec.completions successfully completed Pods. Pod completions are homologous to each other.
+
 | `completions`
 | `integer`
-| Specifies the desired number of successfully finished pods the job should be run with.  Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value.  Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+| Specifies the desired number of successfully finished pods the job should be run with.  Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value.  Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 
 | `manualSelector`
 | `boolean`
 | manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template.  When true, the user is responsible for picking unique labels and specifying the selector.  Failure to pick a unique label may cause this and other jobs to not function correctly.  However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
 
+| `maxFailedIndexes`
+| `integer`
+| Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
+
 | `parallelism`
 | `integer`
 | Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
@@ -183,17 +197,30 @@ More completion modes can be added in the future. If the Job controller observes
 | `object`
 | PodFailurePolicy describes how failed pods influence the backoffLimit.
 
+| `podReplacementPolicy`
+| `string`
+| podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods
+  when they are terminating (has a metadata.deletionTimestamp) or failed.
+- Failed means to wait until a previously created Pod is fully terminated (has phase
+  Failed or Succeeded) before creating a replacement Pod.
+
+When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+
+Possible enum values:
+ - `"Failed"` means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod.
+ - `"TerminatingOrFailed"` means that we recreate pods when they are terminating (has a metadata.deletionTimestamp) or failed.
+
 | `selector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
 | A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 
 | `suspend`
 | `boolean`
-| Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+| suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
 
 | `template`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
-| Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+| Describes the pod that will be created when executing a job. The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 
 | `ttlSecondsAfterFinished`
 | `integer`
@@ -225,7 +252,7 @@ Required::
 
 | `rules[]`
 | `object`
-| PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.
+| PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
 
 |===
 === .spec.jobTemplate.spec.podFailurePolicy.rules
@@ -245,7 +272,7 @@ Type::
 Description::
 +
 --
-PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.
+PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
 --
 
 Type::
@@ -253,7 +280,6 @@ Type::
 
 Required::
   - `action`
-  - `onPodConditions`
 
 
 
@@ -263,8 +289,14 @@ Required::
 
 | `action`
 | `string`
-| Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all
+| Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:
+
+- FailJob: indicates that the pod's job is marked as Failed and all
   running pods are terminated.
+- FailIndex: indicates that the pod's index is marked as Failed and will
+  not be restarted.
+  This value is alpha-level. It can be used when the
+  `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
 - Ignore: indicates that the counter towards the .backoffLimit is not
   incremented and a replacement pod is created.
 - Count: indicates that the pod is handled in the default way - the
@@ -273,6 +305,7 @@ Additional values are considered to be added in the future. Clients should react
 
 Possible enum values:
  - `"Count"` This is an action which might be taken on a pod failure - the pod failure is handled in the default way - the counter towards .backoffLimit, represented by the job's .status.failed field, is incremented.
+ - `"FailIndex"` This is an action which might be taken on a pod failure - mark the Job's index as failed to avoid restarts within this index. This action can only be used when backoffLimitPerIndex is set.
  - `"FailJob"` This is an action which might be taken on a pod failure - mark the pod's job as Failed and terminate all running pods.
  - `"Ignore"` This is an action which might be taken on a pod failure - the counter towards .backoffLimit, represented by the job's .status.failed field, is not incremented and a replacement pod is created.
 
@@ -315,7 +348,9 @@ Required::
 
 | `operator`
 | `string`
-| Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code
+| Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are:
+
+- In: the requirement is satisfied if at least one container exit code
   (might be multiple if there are multiple containers not restricted
   by the 'containerName' field) is in the set of specified values.
 - NotIn: the requirement is satisfied if at least one container exit code
@@ -435,49 +470,6 @@ The following API endpoints are available:
 === /apis/batch/v1/cronjobs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -500,49 +492,6 @@ Description::
 === /apis/batch/v1/watch/cronjobs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -564,23 +513,7 @@ Description::
 
 === /apis/batch/v1/namespaces/{namespace}/cronjobs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -593,57 +526,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -662,46 +549,6 @@ Description::
   list or watch objects of kind CronJob
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -728,12 +575,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -762,58 +606,7 @@ Description::
 
 === /apis/batch/v1/watch/namespaces/{namespace}/cronjobs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -842,19 +635,8 @@ Description::
 | `name`
 | `string`
 | name of the CronJob
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -870,25 +652,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -933,25 +698,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -979,12 +730,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1018,54 +766,8 @@ Description::
 | `name`
 | `string`
 | name of the CronJob
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1094,19 +796,8 @@ Description::
 | `name`
 | `string`
 | name of the CronJob
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1139,25 +830,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1185,12 +862,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/daemonset-apps-v1.adoc b/rest_api/workloads_apis/daemonset-apps-v1.adoc
index 213fb2baf46d..7173be762dd5 100644
--- a/rest_api/workloads_apis/daemonset-apps-v1.adoc
+++ b/rest_api/workloads_apis/daemonset-apps-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="daemonset-apps-v1"]
 = DaemonSet [apps/v1]
 :toc: macro
@@ -80,7 +80,7 @@ Required::
 
 | `template`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
-| An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
+| An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). The only allowed template.spec.restartPolicy value is "Always". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
 
 | `updateStrategy`
 | `object`
@@ -295,49 +295,6 @@ The following API endpoints are available:
 === /apis/apps/v1/daemonsets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -360,49 +317,6 @@ Description::
 === /apis/apps/v1/watch/daemonsets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -424,23 +338,7 @@ Description::
 
 === /apis/apps/v1/namespaces/{namespace}/daemonsets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -453,57 +351,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -522,46 +374,6 @@ Description::
   list or watch objects of kind DaemonSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -588,12 +400,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -622,58 +431,7 @@ Description::
 
 === /apis/apps/v1/watch/namespaces/{namespace}/daemonsets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -702,19 +460,8 @@ Description::
 | `name`
 | `string`
 | name of the DaemonSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -730,25 +477,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -793,25 +523,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -839,12 +555,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -878,54 +591,8 @@ Description::
 | `name`
 | `string`
 | name of the DaemonSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -954,19 +621,8 @@ Description::
 | `name`
 | `string`
 | name of the DaemonSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -999,25 +655,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1045,12 +687,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/deployment-apps-v1.adoc b/rest_api/workloads_apis/deployment-apps-v1.adoc
index 3a3821f7cf59..725e1ebca2fa 100644
--- a/rest_api/workloads_apis/deployment-apps-v1.adoc
+++ b/rest_api/workloads_apis/deployment-apps-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deployment-apps-v1"]
 = Deployment [apps/v1]
 :toc: macro
@@ -96,7 +96,7 @@ Required::
 
 | `template`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
-| Template describes the pods that will be created.
+| Template describes the pods that will be created. The only allowed template.spec.restartPolicy value is "Always".
 
 |===
 === .spec.strategy
@@ -298,49 +298,6 @@ The following API endpoints are available:
 === /apis/apps/v1/deployments
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -363,49 +320,6 @@ Description::
 === /apis/apps/v1/watch/deployments
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -427,23 +341,7 @@ Description::
 
 === /apis/apps/v1/namespaces/{namespace}/deployments
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -456,57 +354,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -525,46 +377,6 @@ Description::
   list or watch objects of kind Deployment
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -591,12 +403,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -625,58 +434,7 @@ Description::
 
 === /apis/apps/v1/watch/namespaces/{namespace}/deployments
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -705,19 +463,8 @@ Description::
 | `name`
 | `string`
 | name of the Deployment
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -733,25 +480,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -796,25 +526,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -842,12 +558,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -881,54 +594,8 @@ Description::
 | `name`
 | `string`
 | name of the Deployment
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -957,19 +624,8 @@ Description::
 | `name`
 | `string`
 | name of the Deployment
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1002,25 +658,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1048,12 +690,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc
index 6831fd42e7c7..e78ecc144874 100644
--- a/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/deploymentconfig-apps-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploymentconfig-apps-openshift-io-v1"]
 = DeploymentConfig [apps.openshift.io/v1]
 :toc: macro
@@ -15,7 +15,7 @@ Deployment Configs define the template for a pod and manages deploying new image
 
 A deployment is "triggered" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The "strategy" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.
 
-Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.
 --
 
 Type::
@@ -41,7 +41,7 @@ Required::
 
 | `metadata`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta[`ObjectMeta`]
-| 
+| metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 | `spec`
 | `object`
@@ -148,7 +148,7 @@ Type::
 | RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.
 
 | `resources`
-| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements_v2[`ResourceRequirements_v2`]
+| xref:../objects/index.adoc#io.k8s.api.core.v1.ResourceRequirements[`ResourceRequirements`]
 | Resources contains resource requirements to execute the deployment and any hooks.
 
 | `rollingParams`
@@ -1179,49 +1179,6 @@ The following API endpoints are available:
 === /apis/apps.openshift.io/v1/deploymentconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1244,49 +1201,6 @@ Description::
 === /apis/apps.openshift.io/v1/watch/deploymentconfigs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1308,23 +1222,7 @@ Description::
 
 === /apis/apps.openshift.io/v1/namespaces/{namespace}/deploymentconfigs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1337,57 +1235,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1406,46 +1258,6 @@ Description::
   list or watch objects of kind DeploymentConfig
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -1472,12 +1284,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1506,58 +1315,7 @@ Description::
 
 === /apis/apps.openshift.io/v1/watch/namespaces/{namespace}/deploymentconfigs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1586,19 +1344,8 @@ Description::
 | `name`
 | `string`
 | name of the DeploymentConfig
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -1614,25 +1361,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1677,25 +1407,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1723,12 +1439,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1762,54 +1475,8 @@ Description::
 | `name`
 | `string`
 | name of the DeploymentConfig
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1838,19 +1505,8 @@ Description::
 | `name`
 | `string`
 | name of the DeploymentConfig
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1883,25 +1539,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1929,12 +1571,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc
index a2f88a0c884d..d1bb3abe89c1 100644
--- a/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/deploymentconfigrollback-apps-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploymentconfigrollback-apps-openshift-io-v1"]
 = DeploymentConfigRollback [apps.openshift.io/v1]
 :toc: macro
@@ -117,9 +117,6 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the DeploymentConfigRollback
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -129,15 +126,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/workloads_apis/deploymentlog-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentlog-apps-openshift-io-v1.adoc
index 0b9b3cd21a97..2a3385963675 100644
--- a/rest_api/workloads_apis/deploymentlog-apps-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/deploymentlog-apps-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploymentlog-apps-openshift-io-v1"]
 = DeploymentLog [apps.openshift.io/v1]
 :toc: macro
@@ -54,46 +54,8 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the DeploymentLog
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `container`
-| `string`
-| The container for which to stream logs. Defaults to only container if there is one container in the pod.
-| `follow`
-| `boolean`
-| Follow if true indicates that the build log should be streamed until the build terminates.
-| `limitBytes`
-| `integer`
-| If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.
-| `nowait`
-| `boolean`
-| NoWait if true causes the call to return immediately even if the deployment is not available yet. Otherwise the server will wait until the deployment has started.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `previous`
-| `boolean`
-| Return previous deployment logs. Defaults to false.
-| `sinceSeconds`
-| `integer`
-| A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.
-| `tailLines`
-| `integer`
-| If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime
-| `timestamps`
-| `boolean`
-| If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.
-| `version`
-| `integer`
-| Version of the deployment for which to view logs.
-|===
 
 HTTP method::
   `GET`
diff --git a/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc b/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc
index 476eff4da9a0..a3190fd88230 100644
--- a/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc
+++ b/rest_api/workloads_apis/deploymentrequest-apps-openshift-io-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploymentrequest-apps-openshift-io-v1"]
 = DeploymentRequest [apps.openshift.io/v1]
 :toc: macro
@@ -74,9 +74,6 @@ The following API endpoints are available:
 | `name`
 | `string`
 | name of the DeploymentRequest
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
 .Global query parameters
@@ -86,15 +83,9 @@ The following API endpoints are available:
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 HTTP method::
diff --git a/rest_api/workloads_apis/job-batch-v1.adoc b/rest_api/workloads_apis/job-batch-v1.adoc
index ce1b1bc58730..b149d7fbdd14 100644
--- a/rest_api/workloads_apis/job-batch-v1.adoc
+++ b/rest_api/workloads_apis/job-batch-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="job-batch-v1"]
 = Job [batch/v1]
 :toc: macro
@@ -73,9 +73,13 @@ Required::
 | `integer`
 | Specifies the number of retries before marking this job failed. Defaults to 6
 
+| `backoffLimitPerIndex`
+| `integer`
+| Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
+
 | `completionMode`
 | `string`
-| CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.
+| completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.
 
 `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.
 
@@ -83,14 +87,22 @@ Required::
 
 More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.
 
+Possible enum values:
+ - `"Indexed"` is a Job completion mode. In this mode, the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1). The Job is considered complete when a Pod completes for each completion index.
+ - `"NonIndexed"` is a Job completion mode. In this mode, the Job is considered complete when there have been .spec.completions successfully completed Pods. Pod completions are homologous to each other.
+
 | `completions`
 | `integer`
-| Specifies the desired number of successfully finished pods the job should be run with.  Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value.  Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+| Specifies the desired number of successfully finished pods the job should be run with.  Setting to null means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value.  Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 
 | `manualSelector`
 | `boolean`
 | manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template.  When true, the user is responsible for picking unique labels and specifying the selector.  Failure to pick a unique label may cause this and other jobs to not function correctly.  However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
 
+| `maxFailedIndexes`
+| `integer`
+| Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
+
 | `parallelism`
 | `integer`
 | Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
@@ -99,17 +111,30 @@ More completion modes can be added in the future. If the Job controller observes
 | `object`
 | PodFailurePolicy describes how failed pods influence the backoffLimit.
 
+| `podReplacementPolicy`
+| `string`
+| podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods
+  when they are terminating (has a metadata.deletionTimestamp) or failed.
+- Failed means to wait until a previously created Pod is fully terminated (has phase
+  Failed or Succeeded) before creating a replacement Pod.
+
+When using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+
+Possible enum values:
+ - `"Failed"` means to wait until a previously created Pod is fully terminated (has phase Failed or Succeeded) before creating a replacement Pod.
+ - `"TerminatingOrFailed"` means that we recreate pods when they are terminating (has a metadata.deletionTimestamp) or failed.
+
 | `selector`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector[`LabelSelector`]
 | A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 
 | `suspend`
 | `boolean`
-| Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+| suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
 
 | `template`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
-| Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+| Describes the pod that will be created when executing a job. The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 
 | `ttlSecondsAfterFinished`
 | `integer`
@@ -141,7 +166,7 @@ Required::
 
 | `rules[]`
 | `object`
-| PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.
+| PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
 
 |===
 === .spec.podFailurePolicy.rules
@@ -161,7 +186,7 @@ Type::
 Description::
 +
 --
-PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.
+PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.
 --
 
 Type::
@@ -169,7 +194,6 @@ Type::
 
 Required::
   - `action`
-  - `onPodConditions`
 
 
 
@@ -179,8 +203,14 @@ Required::
 
 | `action`
 | `string`
-| Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all
+| Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:
+
+- FailJob: indicates that the pod's job is marked as Failed and all
   running pods are terminated.
+- FailIndex: indicates that the pod's index is marked as Failed and will
+  not be restarted.
+  This value is alpha-level. It can be used when the
+  `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
 - Ignore: indicates that the counter towards the .backoffLimit is not
   incremented and a replacement pod is created.
 - Count: indicates that the pod is handled in the default way - the
@@ -189,6 +219,7 @@ Additional values are considered to be added in the future. Clients should react
 
 Possible enum values:
  - `"Count"` This is an action which might be taken on a pod failure - the pod failure is handled in the default way - the counter towards .backoffLimit, represented by the job's .status.failed field, is incremented.
+ - `"FailIndex"` This is an action which might be taken on a pod failure - mark the Job's index as failed to avoid restarts within this index. This action can only be used when backoffLimitPerIndex is set.
  - `"FailJob"` This is an action which might be taken on a pod failure - mark the pod's job as Failed and terminate all running pods.
  - `"Ignore"` This is an action which might be taken on a pod failure - the counter towards .backoffLimit, represented by the job's .status.failed field, is not incremented and a replacement pod is created.
 
@@ -231,7 +262,9 @@ Required::
 
 | `operator`
 | `string`
-| Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code
+| Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are:
+
+- In: the requirement is satisfied if at least one container exit code
   (might be multiple if there are multiple containers not restricted
   by the 'containerName' field) is in the set of specified values.
 - NotIn: the requirement is satisfied if at least one container exit code
@@ -313,7 +346,7 @@ Type::
 
 | `completedIndexes`
 | `string`
-| CompletedIndexes holds the completed indexes when .spec.completionMode = "Indexed" in a text format. The indexes are represented as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the completed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7".
+| completedIndexes holds the completed indexes when .spec.completionMode = "Indexed" in a text format. The indexes are represented as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the completed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7".
 
 | `completionTime`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
@@ -331,6 +364,10 @@ Type::
 | `integer`
 | The number of pods which reached phase Failed.
 
+| `failedIndexes`
+| `string`
+| FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. The indexes are represented in the text format analogous as for the `completedIndexes` field, ie. they are kept as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the failed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7". This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
+
 | `ready`
 | `integer`
 | The number of pods which have a Ready condition.
@@ -345,6 +382,12 @@ This field is beta-level. The job controller populates the field when the featur
 | `integer`
 | The number of pods which reached phase Succeeded.
 
+| `terminating`
+| `integer`
+| The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp).
+
+This field is alpha-level. The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (disabled by default).
+
 | `uncountedTerminatedPods`
 | `object`
 | UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.
@@ -427,11 +470,11 @@ Type::
 
 | `failed`
 | `array (string)`
-| Failed holds UIDs of failed Pods.
+| failed holds UIDs of failed Pods.
 
 | `succeeded`
 | `array (string)`
-| Succeeded holds UIDs of succeeded Pods.
+| succeeded holds UIDs of succeeded Pods.
 
 |===
 
@@ -465,49 +508,6 @@ The following API endpoints are available:
 === /apis/batch/v1/jobs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -530,49 +530,6 @@ Description::
 === /apis/batch/v1/watch/jobs
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -594,23 +551,7 @@ Description::
 
 === /apis/batch/v1/namespaces/{namespace}/jobs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -623,57 +564,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -692,46 +587,6 @@ Description::
   list or watch objects of kind Job
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -758,12 +613,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -792,58 +644,7 @@ Description::
 
 === /apis/batch/v1/watch/namespaces/{namespace}/jobs
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -872,19 +673,8 @@ Description::
 | `name`
 | `string`
 | name of the Job
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -900,25 +690,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -963,25 +736,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1009,12 +768,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -1048,54 +804,8 @@ Description::
 | `name`
 | `string`
 | name of the Job
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
 
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1124,19 +834,8 @@ Description::
 | `name`
 | `string`
 | name of the Job
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1169,25 +868,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1215,12 +900,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/persistentvolume-core-v1.adoc b/rest_api/workloads_apis/persistentvolume-core-v1.adoc
index 3ab1d5424e1f..690c5af0aa22 100644
--- a/rest_api/workloads_apis/persistentvolume-core-v1.adoc
+++ b/rest_api/workloads_apis/persistentvolume-core-v1.adoc
@@ -305,7 +305,7 @@ Defaults to unset
 | Parameter | Type | Description
 | `body`
 | xref:../objects/index.adoc#deleteoptions-meta-v1[`DeleteOptions meta/v1`]
-| 
+|
 |===
 
 .HTTP responses
@@ -398,7 +398,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../workloads_apis/persistentvolume-core-v1.adoc#persistentvolume-core-v1[`PersistentVolume core/v1`]
-| 
+|
 |===
 
 .HTTP responses
@@ -461,7 +461,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../objects/index.adoc#deleteoptions-meta-v1[`DeleteOptions meta/v1`]
-| 
+|
 |===
 
 .HTTP responses
@@ -515,7 +515,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../objects/index.adoc#patch-meta-v1[`Patch meta/v1`]
-| 
+|
 |===
 
 .HTTP responses
@@ -551,7 +551,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../workloads_apis/persistentvolume-core-v1.adoc#persistentvolume-core-v1[`PersistentVolume core/v1`]
-| 
+|
 |===
 
 .HTTP responses
@@ -626,7 +626,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../objects/index.adoc#patch-meta-v1[`Patch meta/v1`]
-| 
+|
 |===
 
 .HTTP responses
@@ -662,7 +662,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../workloads_apis/persistentvolume-core-v1.adoc#persistentvolume-core-v1[`PersistentVolume core/v1`]
-| 
+|
 |===
 
 .HTTP responses
diff --git a/rest_api/workloads_apis/pod-v1.adoc b/rest_api/workloads_apis/pod-v1.adoc
index 3eb74f90c293..da4d79a50228 100644
--- a/rest_api/workloads_apis/pod-v1.adoc
+++ b/rest_api/workloads_apis/pod-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="pod-v1"]
 = Pod [v1]
 :toc: macro
@@ -177,6 +177,10 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
 | `string`
 | PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
 
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
 | `priority`
 | `integer`
 | The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
@@ -207,7 +211,7 @@ This field is immutable.
 
 | `restartPolicy`
 | `string`
-| Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
 
 Possible enum values:
  - `"Always"`
@@ -224,9 +228,11 @@ Possible enum values:
 
 | `schedulingGates`
 | `array`
-| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
 
-This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
 
 | `schedulingGates[]`
 | `object`
@@ -1127,10 +1133,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -1651,7 +1669,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -1821,7 +1839,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -1883,7 +1901,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -1940,7 +1958,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2049,7 +2067,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2169,7 +2187,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2226,7 +2244,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2335,7 +2353,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2369,6 +2387,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.containers[].resources
 Description::
@@ -2405,7 +2465,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.containers[].resources.claims
@@ -2482,6 +2542,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -2592,7 +2656,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -2633,7 +2697,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -2667,7 +2731,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2724,7 +2788,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2833,7 +2897,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2951,6 +3015,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -3136,10 +3205,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -3666,7 +3747,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3836,7 +3917,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3898,7 +3979,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -3955,7 +4036,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4064,7 +4145,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4184,7 +4265,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4241,7 +4322,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4350,7 +4431,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4384,6 +4465,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.ephemeralContainers[].resources
 Description::
@@ -4420,7 +4543,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.ephemeralContainers[].resources.claims
@@ -4497,6 +4620,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -4607,7 +4734,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -4648,7 +4775,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -4682,7 +4809,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4739,7 +4866,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4848,7 +4975,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4966,6 +5093,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -5150,10 +5282,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -5674,7 +5818,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5844,7 +5988,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5906,7 +6050,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -5963,7 +6107,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6072,7 +6216,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6192,7 +6336,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6249,7 +6393,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6358,7 +6502,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6392,6 +6536,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.initContainers[].resources
 Description::
@@ -6428,7 +6614,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.initContainers[].resources.claims
@@ -6505,6 +6691,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -6615,7 +6805,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6656,7 +6846,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6690,7 +6880,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6747,7 +6937,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6856,7 +7046,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6974,6 +7164,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -7126,9 +7321,7 @@ Type::
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
 
-The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
-
-An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
 
 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
 
@@ -7137,9 +7330,11 @@ This field is immutable and no changes will be made to the corresponding Resourc
 Description::
 +
 --
-SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
 
-This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
 --
 
 Type::
@@ -7201,6 +7396,10 @@ If unset, the Kubelet will not modify the ownership and permissions of any volum
 | `string`
 | fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
 | `runAsGroup`
 | `integer`
 | The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
@@ -7293,7 +7492,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -7376,7 +7575,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -7483,7 +7682,9 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -7503,12 +7704,20 @@ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate
 
 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
 | `nodeTaintsPolicy`
 | `string`
 | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
 
 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
 | `topologyKey`
 | `string`
 | TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
@@ -7750,6 +7959,11 @@ Required::
 | `string`
 | cachingMode is the Host Caching mode: None, Read Only, Read Write.
 
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
 | `diskName`
 | `string`
 | diskName is the Name of the data disk in the blob storage
@@ -7766,6 +7980,11 @@ Required::
 | `string`
 | kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
 
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
 | `readOnly`
 | `boolean`
 | readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
@@ -8238,7 +8457,7 @@ Type::
 
 | `sizeLimit`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.volumes[].ephemeral
@@ -8343,6 +8562,10 @@ Type::
 | `string`
 | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `volumeName`
 | `string`
 | volumeName is the binding reference to the PersistentVolume backing this claim.
@@ -8460,7 +8683,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -8762,6 +8985,16 @@ Required::
 | `string`
 | type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
 |===
 === .spec.volumes[].iscsi
 Description::
@@ -9813,7 +10046,15 @@ Type::
 
 | `hostIP`
 | `string`
-| IP address of the host to which the pod is assigned. Empty if not yet scheduled.
+| hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod
+
+| `hostIPs`
+| `array`
+| hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.
+
+| `hostIPs[]`
+| `object`
+| HostIP represents a single IP address allocated to the host.
 
 | `initContainerStatuses`
 | `array`
@@ -9848,7 +10089,7 @@ Possible enum values:
 
 | `podIP`
 | `string`
-| IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.
+| podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.
 
 | `podIPs`
 | `array`
@@ -9856,13 +10097,11 @@ Possible enum values:
 
 | `podIPs[]`
 | `object`
-| IP address information for entries in the (plural) PodIPs field. Each entry includes:
-
-	IP: An IP address allocated to the pod. Routable at least within the cluster.
+| PodIP represents a single IP address allocated to the pod.
 
 | `qosClass`
 | `string`
-| The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md
+| The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
 
 Possible enum values:
  - `"BestEffort"` is the BestEffort qos class.
@@ -9873,6 +10112,18 @@ Possible enum values:
 | `string`
 | A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'
 
+| `resize`
+| `string`
+| Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to "Proposed"
+
+| `resourceClaimStatuses`
+| `array`
+| Status of resource claims.
+
+| `resourceClaimStatuses[]`
+| `object`
+| PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.
+
 | `startTime`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Time[`Time`]
 | RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.
@@ -9972,17 +10223,21 @@ Required::
 |===
 | Property | Type | Description
 
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
+
 | `containerID`
 | `string`
-| Container's ID in the format '<type>://<container_id>'.
+| ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
 
 | `image`
 | `string`
-| The image the container is running. More info: https://kubernetes.io/docs/concepts/containers/images.
+| Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.
 
 | `imageID`
 | `string`
-| ImageID of the container's image.
+| ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.
 
 | `lastState`
 | `object`
@@ -9990,19 +10245,25 @@ Required::
 
 | `name`
 | `string`
-| This must be a DNS_LABEL. Each container in a pod must have a unique name. Cannot be updated.
+| Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.
 
 | `ready`
 | `boolean`
-| Specifies whether the container has passed its readiness probe.
+| Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
+
+The value is typically used to determine whether a container is ready to accept traffic.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
 
 | `restartCount`
 | `integer`
-| The number of times the container has been restarted.
+| RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.
 
 | `started`
 | `boolean`
-| Specifies whether the container has passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. Is always true when no startupProbe is defined.
+| Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.
 
 | `state`
 | `object`
@@ -10134,6 +10395,85 @@ Type::
 | `string`
 | (brief) reason the container is not yet running.
 
+|===
+=== .status.containerStatuses[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .status.containerStatuses[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.containerStatuses[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
 |===
 === .status.containerStatuses[].state
 Description::
@@ -10297,17 +10637,21 @@ Required::
 |===
 | Property | Type | Description
 
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
+
 | `containerID`
 | `string`
-| Container's ID in the format '<type>://<container_id>'.
+| ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
 
 | `image`
 | `string`
-| The image the container is running. More info: https://kubernetes.io/docs/concepts/containers/images.
+| Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.
 
 | `imageID`
 | `string`
-| ImageID of the container's image.
+| ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.
 
 | `lastState`
 | `object`
@@ -10315,19 +10659,25 @@ Required::
 
 | `name`
 | `string`
-| This must be a DNS_LABEL. Each container in a pod must have a unique name. Cannot be updated.
+| Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.
 
 | `ready`
 | `boolean`
-| Specifies whether the container has passed its readiness probe.
+| Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
+
+The value is typically used to determine whether a container is ready to accept traffic.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
 
 | `restartCount`
 | `integer`
-| The number of times the container has been restarted.
+| RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.
 
 | `started`
 | `boolean`
-| Specifies whether the container has passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. Is always true when no startupProbe is defined.
+| Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.
 
 | `state`
 | `object`
@@ -10460,11 +10810,11 @@ Type::
 | (brief) reason the container is not yet running.
 
 |===
-=== .status.ephemeralContainerStatuses[].state
+=== .status.ephemeralContainerStatuses[].resources
 Description::
 +
 --
-ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+ResourceRequirements describes the compute resource requirements.
 --
 
 Type::
@@ -10477,7 +10827,86 @@ Type::
 |===
 | Property | Type | Description
 
-| `running`
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .status.ephemeralContainerStatuses[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.ephemeralContainerStatuses[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
+|===
+=== .status.ephemeralContainerStatuses[].state
+Description::
++
+--
+ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `running`
 | `object`
 | ContainerStateRunning is a running state of a container.
 
@@ -10585,6 +11014,41 @@ Type::
 | `string`
 | (brief) reason the container is not yet running.
 
+|===
+=== .status.hostIPs
+Description::
++
+--
+hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.hostIPs[]
+Description::
++
+--
+HostIP represents a single IP address allocated to the host.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `ip`
+| `string`
+| IP is the IP address assigned to the host
+
 |===
 === .status.initContainerStatuses
 Description::
@@ -10622,17 +11086,21 @@ Required::
 |===
 | Property | Type | Description
 
+| `allocatedResources`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.
+
 | `containerID`
 | `string`
-| Container's ID in the format '<type>://<container_id>'.
+| ContainerID is the ID of the container in the format '<type>://<container_id>'. Where type is a container runtime identifier, returned from Version call of CRI API (for example "containerd").
 
 | `image`
 | `string`
-| The image the container is running. More info: https://kubernetes.io/docs/concepts/containers/images.
+| Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.
 
 | `imageID`
 | `string`
-| ImageID of the container's image.
+| ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.
 
 | `lastState`
 | `object`
@@ -10640,19 +11108,25 @@ Required::
 
 | `name`
 | `string`
-| This must be a DNS_LABEL. Each container in a pod must have a unique name. Cannot be updated.
+| Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.
 
 | `ready`
 | `boolean`
-| Specifies whether the container has passed its readiness probe.
+| Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).
+
+The value is typically used to determine whether a container is ready to accept traffic.
+
+| `resources`
+| `object`
+| ResourceRequirements describes the compute resource requirements.
 
 | `restartCount`
 | `integer`
-| The number of times the container has been restarted.
+| RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.
 
 | `started`
 | `boolean`
-| Specifies whether the container has passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. Is always true when no startupProbe is defined.
+| Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.
 
 | `state`
 | `object`
@@ -10784,6 +11258,85 @@ Type::
 | `string`
 | (brief) reason the container is not yet running.
 
+|===
+=== .status.initContainerStatuses[].resources
+Description::
++
+--
+ResourceRequirements describes the compute resource requirements.
+--
+
+Type::
+  `object`
+
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `claims`
+| `array`
+| Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+
+| `claims[]`
+| `object`
+| ResourceClaim references one entry in PodSpec.ResourceClaims.
+
+| `limits`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+| `requests`
+| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+|===
+=== .status.initContainerStatuses[].resources.claims
+Description::
++
+--
+Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
+
+This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
+
+This field is immutable. It can only be set for containers.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.initContainerStatuses[].resources.claims[]
+Description::
++
+--
+ResourceClaim references one entry in PodSpec.ResourceClaims.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
+
 |===
 === .status.initContainerStatuses[].state
 Description::
@@ -10928,9 +11481,7 @@ Type::
 Description::
 +
 --
-IP address information for entries in the (plural) PodIPs field. Each entry includes:
-
-	IP: An IP address allocated to the pod. Routable at least within the cluster.
+PodIP represents a single IP address allocated to the pod.
 --
 
 Type::
@@ -10945,7 +11496,48 @@ Type::
 
 | `ip`
 | `string`
-| ip is an IP address (IPv4 or IPv6) assigned to the pod
+| IP is the IP address assigned to the pod
+
+|===
+=== .status.resourceClaimStatuses
+Description::
++
+--
+Status of resource claims.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .status.resourceClaimStatuses[]
+Description::
++
+--
+PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.
+--
+
+Type::
+  `object`
+
+Required::
+  - `name`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `name`
+| `string`
+| Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.
+
+| `resourceClaimName`
+| `string`
+| ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. It this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.
 
 |===
 
@@ -10985,49 +11577,6 @@ The following API endpoints are available:
 === /api/v1/pods
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -11050,49 +11599,6 @@ Description::
 === /api/v1/watch/pods
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -11114,23 +11620,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/pods
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -11143,57 +11633,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11212,46 +11656,6 @@ Description::
   list or watch objects of kind Pod
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -11278,12 +11682,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -11312,58 +11713,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/pods
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -11392,19 +11742,8 @@ Description::
 | `name`
 | `string`
 | name of the Pod
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -11420,25 +11759,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11483,25 +11805,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11529,12 +11837,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -11568,43 +11873,8 @@ Description::
 | `name`
 | `string`
 | name of the Pod
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `container`
-| `string`
-| The container for which to stream logs. Defaults to only container if there is one container in the pod.
-| `follow`
-| `boolean`
-| Follow the log stream of the pod. Defaults to false.
-| `insecureSkipTLSVerifyBackend`
-| `boolean`
-| insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to.  This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet.  If the kubelet is configured to verify the apiserver&#x27;s TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).
-| `limitBytes`
-| `integer`
-| If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `previous`
-| `boolean`
-| Return previous terminated container logs. Defaults to false.
-| `sinceSeconds`
-| `integer`
-| A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.
-| `tailLines`
-| `integer`
-| If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime
-| `timestamps`
-| `boolean`
-| If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.
-|===
 
 HTTP method::
   `GET`
@@ -11633,54 +11903,8 @@ Description::
 | `name`
 | `string`
 | name of the Pod
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -11709,19 +11933,8 @@ Description::
 | `name`
 | `string`
 | name of the Pod
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -11754,25 +11967,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11800,12 +11999,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -11839,19 +12035,8 @@ Description::
 | `name`
 | `string`
 | name of the Pod
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -11884,25 +12069,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -11930,12 +12101,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/replicaset-apps-v1.adoc b/rest_api/workloads_apis/replicaset-apps-v1.adoc
index 2889690b68a1..2b6311bf60fb 100644
--- a/rest_api/workloads_apis/replicaset-apps-v1.adoc
+++ b/rest_api/workloads_apis/replicaset-apps-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="replicaset-apps-v1"]
 = ReplicaSet [apps/v1]
 :toc: macro
@@ -215,49 +215,6 @@ The following API endpoints are available:
 === /apis/apps/v1/replicasets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -280,49 +237,6 @@ Description::
 === /apis/apps/v1/watch/replicasets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -344,23 +258,7 @@ Description::
 
 === /apis/apps/v1/namespaces/{namespace}/replicasets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -373,57 +271,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -442,46 +294,6 @@ Description::
   list or watch objects of kind ReplicaSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -508,12 +320,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -542,58 +351,7 @@ Description::
 
 === /apis/apps/v1/watch/namespaces/{namespace}/replicasets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -622,19 +380,8 @@ Description::
 | `name`
 | `string`
 | name of the ReplicaSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -650,25 +397,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -713,25 +443,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -759,12 +475,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -798,54 +511,8 @@ Description::
 | `name`
 | `string`
 | name of the ReplicaSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -874,19 +541,8 @@ Description::
 | `name`
 | `string`
 | name of the ReplicaSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -919,25 +575,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -965,12 +607,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/replicationcontroller-v1.adoc b/rest_api/workloads_apis/replicationcontroller-v1.adoc
index 7e7d55920cc5..c73d9f825099 100644
--- a/rest_api/workloads_apis/replicationcontroller-v1.adoc
+++ b/rest_api/workloads_apis/replicationcontroller-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="replicationcontroller-v1"]
 = ReplicationController [v1]
 :toc: macro
@@ -237,6 +237,10 @@ To add an ephemeral container, use the ephemeralcontainers subresource of an exi
 | `string`
 | PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
 
+Possible enum values:
+ - `"Never"` means that pod never preempts other pods with lower priority.
+ - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority.
+
 | `priority`
 | `integer`
 | The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
@@ -267,7 +271,7 @@ This field is immutable.
 
 | `restartPolicy`
 | `string`
-| Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+| Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
 
 Possible enum values:
  - `"Always"`
@@ -284,9 +288,11 @@ Possible enum values:
 
 | `schedulingGates`
 | `array`
-| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.
+| SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
 
-This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
 
 | `schedulingGates[]`
 | `object`
@@ -1187,10 +1193,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -1711,7 +1729,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -1881,7 +1899,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -1943,7 +1961,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2000,7 +2018,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2109,7 +2127,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2229,7 +2247,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2286,7 +2304,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2395,7 +2413,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -2429,6 +2447,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.template.spec.containers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.containers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.template.spec.containers[].resources
 Description::
@@ -2465,7 +2525,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.template.spec.containers[].resources.claims
@@ -2542,6 +2602,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -2652,7 +2716,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -2693,7 +2757,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -2727,7 +2791,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -2784,7 +2848,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -2893,7 +2957,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3011,6 +3075,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -3196,10 +3265,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -3726,7 +3807,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3896,7 +3977,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -3958,7 +4039,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4015,7 +4096,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4124,7 +4205,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4244,7 +4325,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4301,7 +4382,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4410,7 +4491,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -4444,6 +4525,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.template.spec.ephemeralContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.ephemeralContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.template.spec.ephemeralContainers[].resources
 Description::
@@ -4480,7 +4603,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.template.spec.ephemeralContainers[].resources.claims
@@ -4557,6 +4680,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -4667,7 +4794,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -4708,7 +4835,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -4742,7 +4869,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -4799,7 +4926,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -4908,7 +5035,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5026,6 +5153,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -5210,10 +5342,22 @@ Possible enum values:
 | `object`
 | Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
 
+| `resizePolicy`
+| `array`
+| Resources resize policy for the container.
+
+| `resizePolicy[]`
+| `object`
+| ContainerResizePolicy represents resource resize policy for the container.
+
 | `resources`
 | `object`
 | ResourceRequirements describes the compute resource requirements.
 
+| `restartPolicy`
+| `string`
+| RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
+
 | `securityContext`
 | `object`
 | SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.
@@ -5734,7 +5878,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5904,7 +6048,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -5966,7 +6110,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6023,7 +6167,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6132,7 +6276,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6252,7 +6396,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6309,7 +6453,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6418,7 +6562,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -6452,6 +6596,48 @@ Required::
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.util.intstr.IntOrString[`IntOrString`]
 | Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 
+|===
+=== .spec.template.spec.initContainers[].resizePolicy
+Description::
++
+--
+Resources resize policy for the container.
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.template.spec.initContainers[].resizePolicy[]
+Description::
++
+--
+ContainerResizePolicy represents resource resize policy for the container.
+--
+
+Type::
+  `object`
+
+Required::
+  - `resourceName`
+  - `restartPolicy`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `resourceName`
+| `string`
+| Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
+
+| `restartPolicy`
+| `string`
+| Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
+
 |===
 === .spec.template.spec.initContainers[].resources
 Description::
@@ -6488,7 +6674,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.template.spec.initContainers[].resources.claims
@@ -6565,6 +6751,10 @@ Type::
 | `string`
 | procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.
+ - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.
+
 | `readOnlyRootFilesystem`
 | `boolean`
 | Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
@@ -6675,7 +6865,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -6716,7 +6906,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -6750,7 +6940,7 @@ Type::
 
 | `grpc`
 | `object`
-| GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+| GRPC specifies an action involving a GRPC port.
 
 | `httpGet`
 | `object`
@@ -6807,7 +6997,7 @@ Type::
 Description::
 +
 --
-GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+GRPC specifies an action involving a GRPC port.
 --
 
 Type::
@@ -6916,7 +7106,7 @@ Required::
 
 | `name`
 | `string`
-| The header field name
+| The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 
 | `value`
 | `string`
@@ -7034,6 +7224,11 @@ Required::
 | `string`
 | mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
 
+Possible enum values:
+ - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology).
+ - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology).
+ - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology.
+
 | `name`
 | `string`
 | This must match the Name of a Volume.
@@ -7186,9 +7381,7 @@ Type::
 | `string`
 | ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.
 
-The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).
-
-An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.
+The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
 
 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.
 
@@ -7197,9 +7390,11 @@ This field is immutable and no changes will be made to the corresponding Resourc
 Description::
 +
 --
-SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness.
+SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.
+
+SchedulingGates can only be set at pod creation time, and be removed only afterwards.
 
-This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.
+This is a beta feature enabled by the PodSchedulingReadiness feature gate.
 --
 
 Type::
@@ -7261,6 +7456,10 @@ If unset, the Kubelet will not modify the ownership and permissions of any volum
 | `string`
 | fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
 
+Possible enum values:
+ - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.
+ - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.
+
 | `runAsGroup`
 | `integer`
 | The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext.  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
@@ -7353,7 +7552,7 @@ Required::
 
 | `localhostProfile`
 | `string`
-| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+| localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 
 | `type`
 | `string`
@@ -7436,7 +7635,7 @@ Type::
 
 | `hostProcess`
 | `boolean`
-| HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+| HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 
 | `runAsUserName`
 | `string`
@@ -7543,7 +7742,9 @@ Required::
 
 | `matchLabelKeys`
 | `array (string)`
-| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+| MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+
+This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
 
 | `maxSkew`
 | `integer`
@@ -7563,12 +7764,20 @@ This is a beta field and requires the MinDomainsInPodTopologySpread feature gate
 
 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
 | `nodeTaintsPolicy`
 | `string`
 | NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
 
 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 
+Possible enum values:
+ - `"Honor"` means use this scheduling directive when calculating pod topology spread skew.
+ - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew.
+
 | `topologyKey`
 | `string`
 | TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
@@ -7810,6 +8019,11 @@ Required::
 | `string`
 | cachingMode is the Host Caching mode: None, Read Only, Read Write.
 
+Possible enum values:
+ - `"None"`
+ - `"ReadOnly"`
+ - `"ReadWrite"`
+
 | `diskName`
 | `string`
 | diskName is the Name of the data disk in the blob storage
@@ -7826,6 +8040,11 @@ Required::
 | `string`
 | kind expected values are Shared: multiple blob disks per storage account  Dedicated: single blob disk per storage account  Managed: azure managed data disk (only in managed availability set). defaults to shared
 
+Possible enum values:
+ - `"Dedicated"`
+ - `"Managed"`
+ - `"Shared"`
+
 | `readOnly`
 | `boolean`
 | readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
@@ -8298,7 +8517,7 @@ Type::
 
 | `sizeLimit`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`Quantity`]
-| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+| sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 
 |===
 === .spec.template.spec.volumes[].ephemeral
@@ -8403,6 +8622,10 @@ Type::
 | `string`
 | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 
+Possible enum values:
+ - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device.
+ - `"Filesystem"` means the volume will be or is formatted with a filesystem.
+
 | `volumeName`
 | `string`
 | volumeName is the binding reference to the PersistentVolume backing this claim.
@@ -8520,7 +8743,7 @@ This field is immutable. It can only be set for containers.
 
 | `requests`
 | xref:../objects/index.adoc#io.k8s.apimachinery.pkg.api.resource.Quantity[`object (Quantity)`]
-| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+| Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
 |===
 === .spec.template.spec.volumes[].ephemeral.volumeClaimTemplate.spec.resources.claims
@@ -8822,6 +9045,16 @@ Required::
 | `string`
 | type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 
+Possible enum values:
+ - `""` For backwards compatible, leave it empty if unset
+ - `"BlockDevice"` A block device must exist at the given path
+ - `"CharDevice"` A character device must exist at the given path
+ - `"Directory"` A directory must exist at the given path
+ - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.
+ - `"File"` A file must exist at the given path
+ - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.
+ - `"Socket"` A UNIX socket must exist at the given path
+
 |===
 === .spec.template.spec.volumes[].iscsi
 Description::
@@ -9963,49 +10196,6 @@ The following API endpoints are available:
 === /api/v1/replicationcontrollers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -10028,49 +10218,6 @@ Description::
 === /api/v1/watch/replicationcontrollers
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -10092,23 +10239,7 @@ Description::
 
 === /api/v1/namespaces/{namespace}/replicationcontrollers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -10121,57 +10252,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10190,46 +10275,6 @@ Description::
   list or watch objects of kind ReplicationController
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -10256,12 +10301,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10290,58 +10332,7 @@ Description::
 
 === /api/v1/watch/namespaces/{namespace}/replicationcontrollers
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -10370,19 +10361,8 @@ Description::
 | `name`
 | `string`
 | name of the ReplicationController
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -10398,25 +10378,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10461,25 +10424,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10507,12 +10456,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -10546,54 +10492,8 @@ Description::
 | `name`
 | `string`
 | name of the ReplicationController
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -10622,19 +10522,8 @@ Description::
 | `name`
 | `string`
 | name of the ReplicationController
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -10667,25 +10556,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -10713,12 +10588,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/statefulset-apps-v1.adoc b/rest_api/workloads_apis/statefulset-apps-v1.adoc
index 8bcac577c7ff..340a08ae9c94 100644
--- a/rest_api/workloads_apis/statefulset-apps-v1.adoc
+++ b/rest_api/workloads_apis/statefulset-apps-v1.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="statefulset-apps-v1"]
 = StatefulSet [apps/v1]
 :toc: macro
@@ -109,7 +109,7 @@ Possible enum values:
 
 | `template`
 | xref:../objects/index.adoc#io.k8s.api.core.v1.PodTemplateSpec[`PodTemplateSpec`]
-| template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3".
+| template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3". The only allowed template.spec.restartPolicy value is "Always".
 
 | `updateStrategy`
 | `object`
@@ -376,49 +376,6 @@ The following API endpoints are available:
 === /apis/apps/v1/statefulsets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -441,49 +398,6 @@ Description::
 === /apis/apps/v1/watch/statefulsets
 
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -505,23 +419,7 @@ Description::
 
 === /apis/apps/v1/namespaces/{namespace}/statefulsets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -534,57 +432,11 @@ Description::
 [cols="1,1,2",options="header"]
 |===
 | Parameter | Type | Description
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -603,46 +455,6 @@ Description::
   list or watch objects of kind StatefulSet
 
 
-.Query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 
 .HTTP responses
@@ -669,12 +481,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -703,58 +512,7 @@ Description::
 
 === /apis/apps/v1/watch/namespaces/{namespace}/statefulsets
 
-.Global path parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
-
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
 
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -783,19 +541,8 @@ Description::
 | `name`
 | `string`
 | name of the StatefulSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `DELETE`
@@ -811,25 +558,8 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `gracePeriodSeconds`
-| `integer`
-| The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
-| `orphanDependents`
-| `boolean`
-| Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the &quot;orphan&quot; finalizer will be added to/removed from the object&#x27;s finalizers list. Either this field or PropagationPolicy may be set, but not both.
-| `propagationPolicy`
-| `string`
-| Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: &#x27;Orphan&#x27; - orphan the dependents; &#x27;Background&#x27; - allow the garbage collector to delete the dependents in the background; &#x27;Foreground&#x27; - a cascading policy that deletes all dependents in the foreground.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions[`DeleteOptions`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -874,25 +604,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -920,12 +636,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
@@ -959,54 +672,8 @@ Description::
 | `name`
 | `string`
 | name of the StatefulSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
-|===
-
-.Global query parameters
-[cols="1,1,2",options="header"]
 |===
-| Parameter | Type | Description
-| `allowWatchBookmarks`
-| `boolean`
-| allowWatchBookmarks requests watch events with type &quot;BOOKMARK&quot;. Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server&#x27;s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
-| `continue`
-| `string`
-| The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the &quot;next key&quot;.
-
-This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
-| `fieldSelector`
-| `string`
-| A selector to restrict the list of returned objects by their fields. Defaults to everything.
-| `labelSelector`
-| `string`
-| A selector to restrict the list of returned objects by their labels. Defaults to everything.
-| `limit`
-| `integer`
-| limit is a maximum number of responses to return for a list call. If more items exist, the server will set the &#x60;continue&#x60; field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.
 
-The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-| `resourceVersion`
-| `string`
-| resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `resourceVersionMatch`
-| `string`
-| resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.
-
-Defaults to unset
-| `timeoutSeconds`
-| `integer`
-| Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
-| `watch`
-| `boolean`
-| Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
-|===
 
 HTTP method::
   `GET`
@@ -1035,19 +702,8 @@ Description::
 | `name`
 | `string`
 | name of the StatefulSet
-| `namespace`
-| `string`
-| object name and auth scope, such as for teams and projects
 |===
 
-.Global query parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `pretty`
-| `string`
-| If &#x27;true&#x27;, then the output is pretty printed.
-|===
 
 HTTP method::
   `GET`
@@ -1080,25 +736,11 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
-| `force`
-| `boolean`
-| Force is going to &quot;force&quot; Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
-.Body parameters
-[cols="1,1,2",options="header"]
-|===
-| Parameter | Type | Description
-| `body`
-| xref:../objects/index.adoc#io.k8s.apimachinery.pkg.apis.meta.v1.Patch[`Patch`] schema
-| 
-|===
 
 .HTTP responses
 [cols="1,1",options="header"]
@@ -1126,12 +768,9 @@ Description::
 | `dryRun`
 | `string`
 | When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
-| `fieldManager`
-| `string`
-| fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
 | `fieldValidation`
 | `string`
-| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the &#x60;ServerSideFieldValidation&#x60; feature gate is also enabled. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the &#x60;ServerSideFieldValidation&#x60; feature gate is disabled. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the &#x60;ServerSideFieldValidation&#x60; feature gate is enabled. - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
 |===
 
 .Body parameters
diff --git a/rest_api/workloads_apis/workloads-apis-index.adoc b/rest_api/workloads_apis/workloads-apis-index.adoc
index 7343f1e80d37..c35ff4dafe14 100644
--- a/rest_api/workloads_apis/workloads-apis-index.adoc
+++ b/rest_api/workloads_apis/workloads-apis-index.adoc
@@ -1,5 +1,5 @@
 // Automatically generated by 'openshift-apidocs-gen'. Do not edit.
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="workloads-apis"]
 = Workloads APIs
 :toc: macro
@@ -103,7 +103,7 @@ Deployment Configs define the template for a pod and manages deploying new image
 
 A deployment is "triggered" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The "strategy" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.
 
-Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.
 --
 
 Type::
diff --git a/rosa_architecture/rosa-admission-plug-ins.adoc b/rosa_architecture/rosa-admission-plug-ins.adoc
new file mode 100644
index 000000000000..20877affd81c
--- /dev/null
+++ b/rosa_architecture/rosa-admission-plug-ins.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-admission-plug-ins"]
+= Admission plugins
+include::_attributes/common-attributes.adoc[]
+:context: admission-plug-ins
+
+toc::[]
+
+
+Admission plugins are used to help regulate how {product-title} functions. 
+
+// Concept modules
+include::modules/admission-plug-ins-about.adoc[leveloffset=+1]
+
+include::modules/admission-plug-ins-default.adoc[leveloffset=+1]
+
+include::modules/admission-webhooks-about.adoc[leveloffset=+1]
+
+include::modules/admission-webhook-types.adoc[leveloffset=+1]
+
+// user (groups=["dedicated-admins" "system:authenticated:oauth" "system:authenticated"]) is attempting to grant RBAC permissions not currently held, clusterroles.rbac.authorization.k8s.io "system:openshift:online:my-webhook-server" not found, cannot get resource "rolebindings", cannot create resource "apiservices", cannot create resource "validatingwebhookconfigurations" 
+ifndef::openshift-rosa,openshift-dedicated[]
+// Procedure module
+include::modules/configuring-dynamic-admission.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+[role="_additional-resources"]
+[id="admission-plug-ins-additional-resources"]
+== Additional resources
+
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref: /networking/hardware_networks/configuring-sriov-operator.adoc#configuring-sriov-operator[Configuring the SR-IOV Network Operator]
+endif::openshift-rosa,openshift-dedicated[]
+
+* xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations_dedicating_nodes-scheduler-taints-tolerations[Controlling pod placement using node taints]
+
+* xref:../nodes/pods/nodes-pods-priority.adoc#admin-guide-priority-preemption-names_nodes-pods-priority[Pod priority names]
+
diff --git a/rosa_architecture/rosa-getting-support.adoc b/rosa_architecture/rosa-getting-support.adoc
deleted file mode 100644
index 91c34dc5feb6..000000000000
--- a/rosa_architecture/rosa-getting-support.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-getting-support"]
-= Getting support for {product-title}
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-getting-support
-toc::[]
-
-Get support for {product-title} (ROSA).
-
-include::modules/rosa-getting-support.adoc[leveloffset=+1]
diff --git a/rosa_architecture/rosa-oidc-overview.adoc b/rosa_architecture/rosa-oidc-overview.adoc
index f037d685700a..e61f44dff1df 100644
--- a/rosa_architecture/rosa-oidc-overview.adoc
+++ b/rosa_architecture/rosa-oidc-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-oidc-overview"]
 = OpenID Connect Overview
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -16,9 +16,9 @@ include::modules/rosa-oidc-understanding.adoc[leveloffset=+1]
 
 include::modules/rosa-oidc-config-overview.adoc[leveloffset=+1]
 [discrete]
-include::modules/rosa-hcp-byo-oidc.adoc[leveloffset=+3]
+include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+3]
 [discrete]
-include::modules/rosa-hcp-byo-oidc-options.adoc[leveloffset=+3]
+include::modules/rosa-sts-byo-oidc-options.adoc[leveloffset=+3]
 
 include::modules/rosa-sts-oidc-provider-command.adoc[leveloffset=+1]
 
@@ -27,4 +27,4 @@ include::modules/rosa-sts-oidc-provider-command.adoc[leveloffset=+1]
 == Additional resources
 
 * See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-byo-odic-overview_rosa-sts-about-iam-resources[Creating an OpenID Connect Configuration] for the ROSA Classic instructions.
-* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions.
\ No newline at end of file
+* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions.
\ No newline at end of file
diff --git a/rosa_architecture/rosa-sts-about-iam-resources.adoc b/rosa_architecture/rosa-sts-about-iam-resources.adoc
index b7ac0d6e0bd2..26a0afbc2e5a 100644
--- a/rosa_architecture/rosa-sts-about-iam-resources.adoc
+++ b/rosa_architecture/rosa-sts-about-iam-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-about-iam-resources"]
 = About IAM resources for ROSA clusters that use STS
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -94,8 +94,8 @@ include::modules/rosa-sts-oidc-provider-command.adoc[leveloffset=+2]
 
 include::modules/rosa-oidc-config-overview.adoc[leveloffset=+2]
 [discrete]
-include::modules/rosa-hcp-byo-oidc.adoc[leveloffset=+3]
+include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+3]
 [discrete]
-include::modules/rosa-hcp-byo-oidc-options.adoc[leveloffset=+3]
+include::modules/rosa-sts-byo-oidc-options.adoc[leveloffset=+3]
 
 include::modules/rosa-aws-scp.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/rosa_architecture/rosa-understanding.adoc b/rosa_architecture/rosa-understanding.adoc
index ec1f949cb53e..6a692c14feac 100644
--- a/rosa_architecture/rosa-understanding.adoc
+++ b/rosa_architecture/rosa-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-understanding"]
 = Understanding ROSA
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -17,7 +17,7 @@ You subscribe to the service directly from your AWS account. After the clusters
 You receive OpenShift updates with new feature releases and a shared, common source for alignment with OpenShift Container Platform. ROSA supports the same versions of OpenShift as Red Hat OpenShift Dedicated and OpenShift Container Platform to achieve version consistency.
 
 image::291_OpenShift_on_AWS_Intro_1122_docs.png[{product-title}]
-For additional information on ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat Openshift Service on AWS (ROSA) interactive walkthrough].
+For additional information on ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat OpenShift Service on AWS (ROSA) interactive walkthrough].
 
 [id="rosa-understanding-credential-modes_{context}"]
 == Credential modes
diff --git a/rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc b/rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc
index 14f30c7fa58f..0a2ee124442c 100644
--- a/rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc
+++ b/rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-architecture-models"]
 = Architecture models
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -6,11 +6,12 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-ROSA architecture supports the following network configuration types:
+ROSA has two installation offerings. The architecture supports the following network configuration types:
 
 * Public network
 * Private network
-* AWS PrivateLink
+* AWS PrivateLink (ROSA Classic only)
 
 include::modules/rosa-architecture.adoc[leveloffset=+1]
 include::modules/osd-aws-privatelink-architecture.adoc[leveloffset=+1]
+include::modules/rosa-architecture-local-zones.adoc[leveloffset=+1]
diff --git a/rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc b/rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc
index 7840f85ed3b5..7debb4ecad46 100644
--- a/rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc
+++ b/rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-basic-architecture-concepts"]
 = Architecture concepts
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
new file mode 100644
index 000000000000..78a554db7e1d
--- /dev/null
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-hcp-life-cycle
+[id="rosa-hcp-life-cycle"]
+= {hcp-title} update life cycle
+
+toc::[]
+
+include::modules/life-cycle-overview.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[{product-title} service definition]
+
+include::modules/life-cycle-definitions.adoc[leveloffset=+1]
+include::modules/life-cycle-major-versions.adoc[leveloffset=+1]
+include::modules/life-cycle-minor-versions.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-limited-support_rosa-life-cycle[{product-title} limited support status]
+
+include::modules/life-cycle-patch-versions.adoc[leveloffset=+1]
+include::modules/life-cycle-limited-support.adoc[leveloffset=+1]
+include::modules/life-cycle-supported-versions.adoc[leveloffset=+1]
+include::modules/life-cycle-install.adoc[leveloffset=+1]
+include::modules/life-cycle-mandatory-upgrades.adoc[leveloffset=+1]
+include::modules/life-cycle-dates.adoc[leveloffset=+1]
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
new file mode 100644
index 000000000000..918513651199
--- /dev/null
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
@@ -0,0 +1,56 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-hcp-service-definition
+[id="rosa-hcp-service-definition"]
+= {hcp-title-first} service definition
+
+toc::[]
+
+This documentation outlines the service definition for the {hcp-title-first} managed service.
+
+[id="rosa-hcp-sdpolicy-account-management_{context}"]
+== Account management
+
+This section provides information about the service definition for {product-title} account management.
+
+include::modules/rosa-sdpolicy-am-billing.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-am-cluster-self-service.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-am-compute.adoc[leveloffset=+2]
+include::snippets/pid-limits.adoc[]
+
+[role="_additional-resources"]
+.Additional Resources
+
+* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-red-hat-operator_rosa-service-definition[Red Hat Operator Support]
+
+include::modules/rosa-sdpolicy-am-aws-compute-types.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional Resources
+
+* link:https://aws.amazon.com/ec2/instance-types[AWS Instance Types]
+
+include::modules/rosa-sdpolicy-am-regions-az.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-am-local-zones.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-am-sla.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-am-limited-support.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-am-support.adoc[leveloffset=+2]
+include::modules/rosa-sdpolicy-logging.adoc[leveloffset=+1]
+include::modules/rosa-sdpolicy-monitoring.adoc[leveloffset=+1]
+include::modules/rosa-sdpolicy-networking.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about the network verification checks, see xref:../../networking/network-verification.adoc#network-verification[Network verification].
+
+include::modules/rosa-sdpolicy-storage.adoc[leveloffset=+1]
+include::modules/rosa-sdpolicy-platform.adoc[leveloffset=+1]
+include::modules/rosa-sdpolicy-security.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_rosa-hcp-service-definition"]
+== Additional resources
+
+* See xref:../rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security for ROSA] for the latest compliance information.
+* See xref:../rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[ROSA life cycle]
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
index 774c1bbd5b5c..c478121c4cc1 100644
--- a/rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-life-cycle
 [id="rosa-life-cycle"]
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
index 44bb0a13d5df..f2dfbd990fe7 100644
--- a/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-policy-process-security
 [id="rosa-policy-process-security"]
-= Understanding process and security for {product-title}
+= Understanding security for {product-title}
 
 toc::[]
 
-This document details the Red Hat responsibilities for the managed {product-title} (ROSA).
+This document details the Red Hat, Amazon Web Services (AWS), and customer security responsibilities for the managed {product-title} (ROSA).
 
 .Acronyms and terms
 
@@ -19,15 +19,13 @@ This document details the Red Hat responsibilities for the managed {product-titl
 * *SRE* - Red Hat Site Reliability Engineering
 * *VPC* - Virtual Private Cloud
 
-include::modules/rosa-policy-incident.adoc[leveloffset=+1]
-include::modules/rosa-policy-change-management.adoc[leveloffset=+1]
-include::modules/rosa-policy-identity-access-management.adoc[leveloffset=+1]
 include::modules/rosa-policy-security-regulation-compliance.adoc[leveloffset=+1]
-include::modules/rosa-policy-disaster-recovery.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
+* See link:https://access.redhat.com/articles/5528091[Red Hat Subprocessor List] for information on SRE residency.
+
 * For more information about customer or shared responsibilities, see the xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[ROSA Responsibilities] document.
 
 * For more information about ROSA and its components, see the xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition].
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
index b112d4664651..a84fd038bc8c 100644
--- a/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-policy-responsibility-matrix
 [id="rosa-policy-responsibility-matrix"]
@@ -11,9 +11,19 @@ This documentation outlines Red Hat, Amazon Web Services (AWS), and customer res
 include::modules/rosa-policy-responsibilities.adoc[leveloffset=+1]
 include::modules/rosa-policy-shared-responsibility.adoc[leveloffset=+1]
 
+include::modules/rosa-policy-incident.adoc[leveloffset=+1]
+include::modules/rosa-policy-change-management.adoc[leveloffset=+1]
+include::modules/rosa-policy-security-and-compliance.adoc[leveloffset=+1]
+include::modules/rosa-policy-disaster-recovery.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc#rosa-nodes-machinepools-about[About machine pools]
 
 include::modules/rosa-policy-customer-responsibility.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+* For more information about Red Hat site reliability engineering (SRE) teams access, see xref:../../rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc#rosa-policy-identity-access-management_rosa-sre-access[Identity and access management].
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc
index e1fb93762157..b4e4a9b082df 100644
--- a/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-policy-understand-availability"]
 :context: rosa-policy-understand-availability
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
index f69670617a3d..851d1ab9c747 100644
--- a/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-service-definition
 [id="rosa-service-definition"]
@@ -22,6 +22,7 @@ include::snippets/pid-limits.adoc[]
 .Additional Resources
 
 * xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-red-hat-operator_rosa-service-definition[Red Hat Operator Support]
+* xref:../../rosa_cluster_admin/rosa-configuring-pid-limits.adoc#rosa-configuring-pid-limits[Configuring PID limits]
 
 include::modules/rosa-sdpolicy-am-aws-compute-types.adoc[leveloffset=+2]
 
diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
new file mode 100644
index 000000000000..4f34fa260365
--- /dev/null
+++ b/rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-sre-access
+[id="rosa-sre-access"]
+= SRE and service account access
+
+Red Hat site reliability engineering (SRE) access to {product-title} (ROSA) clusters is outlined through identity and access management.
+
+[id="rosa-policy-identity-access-management_{context}"]
+== Identity and access management
+Most access by Red Hat SRE teams is done by using cluster Operators through automated configuration management.
+
+[id="subprocessors_{context}"]
+.Subprocessors
+For a list of the available subprocessors, see the link:https://access.redhat.com/articles/5528091[Red Hat Subprocessor List] on the Red Hat Customer Portal.
+
+include::modules/sre-cluster-access.adoc[leveloffset=+1]
+include::modules/rosa-red-hat-support-access.adoc[leveloffset=+1]
+include::modules/rosa-customer-access.adoc[leveloffset=+1]
+include::modules/rosa-access-approval-review.adoc[leveloffset=+1]
+include::modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about the AWS IAM roles used by the cluster Operators, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-operator-roles_rosa-sts-about-iam-resources[Cluster-specific Operator IAM role reference].
+* For more information about the policies and permissions that the cluster Operators require, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[Methods of account-wide role creation].
\ No newline at end of file
diff --git a/rosa_backing_up_and_restoring_applications/backing-up-applications.adoc b/rosa_backing_up_and_restoring_applications/backing-up-applications.adoc
index bd7b48a4e8fa..7c79d9079aca 100644
--- a/rosa_backing_up_and_restoring_applications/backing-up-applications.adoc
+++ b/rosa_backing_up_and_restoring_applications/backing-up-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-backing-up-applications"]
 = Backing up applications
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,38 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can employ OpenShift API for Data Protection (OADP) with Red Hat OpenShift Service on AWS (ROSA) clusters to backup and restore application data. A ROSA deployment of OpenShift is configured specifically for AWS services.
+You can employ OpenShift API for Data Protection (OADP) with Red Hat OpenShift Service on AWS (ROSA) clusters to backup and restore application data. Before installing OADP, you must set up role and policy credentials for OADP so that it can use the AWS API.
 
-include::modules/oadp-installing-oadp-rosa-sts.adoc[leveloffset=+1]
\ No newline at end of file
+This is a two stage process:
+
+. Prepare AWS credentials.
+. Install the OADP Operator and provide it with the IAM role.
+
+include::modules/oadp-preparing-aws-credentials.adoc[leveloffset=+1]
+
+include::modules/oadp-installing-oadp-rosa-sts.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="oadp-addtl-resources_{context}"]
+.Additional resources
+
+* xref:../rosa_backing_up_and_restoring_applications/backing-up-applications.adoc#oadp-preparing-aws-credentials_rosa-backing-up-applications[Preparing AWS credentials]
+
+[id="rosa-backing-up-applications-known-issues"]
+== Known issues
+.Restic, Kopia, and DataMover are not supported or recommended
+
+* link:https://issues.redhat.com/browse/OADP-1054[CloudStorage: openshift-adp-controller-manager crashloop seg fault with Restic enabled]
+* link:https://issues.redhat.com/browse/OADP-1057[Cloudstorage API: CSI Backup of an app with internal images partially fails with plugin panicked error]
+* (Affects OADP 1.1.x_ only): link:https://issues.redhat.com/browse/OADP-1055[CloudStorage: bucket is removed on CS CR delete, although it doesn't have "oadp.openshift.io/cloudstorage-delete": "true"]
+
+[role="_additional-resources"]
+[id="additional-resources_rosa-backing-up-applications"]
+== Additional resources
+
+* link:https://docs.openshift.com/rosa/rosa_architecture/rosa-understanding.html[Understanding ROSA with STS]
+* link:https://docs.openshift.com/rosa/rosa_getting_started/rosa-sts-getting-started-workflow.html[Getting started with ROSA STS]
+* link:https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.html[Creating a ROSA cluster with STS]
+* link:https://docs.openshift.com/container-platform/4.13/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html[About installing OADP]
+* link:https://docs.openshift.com/container-platform/4.13/storage/container_storage_interface/persistent-storage-csi.html[Configuring CSI volumes]
+* link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-sdpolicy-storage_rosa-service-definition[ROSA storage options]
diff --git a/rosa_cli/rosa-checking-acct-version-cli.adoc b/rosa_cli/rosa-checking-acct-version-cli.adoc
deleted file mode 100644
index 1b7166886761..000000000000
--- a/rosa_cli/rosa-checking-acct-version-cli.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="rosa-acct-version-cli"]
-= Checking account and version information with the ROSA CLI
-:context: rosa-checking-acct-version-cli
-
-toc::[]
-
-include::modules/rosa-checking-account-version-info-cli.adoc[leveloffset=+1]
diff --git a/rosa_cli/rosa-checking-logs-cli.adoc b/rosa_cli/rosa-checking-logs-cli.adoc
deleted file mode 100644
index 301ea498579b..000000000000
--- a/rosa_cli/rosa-checking-logs-cli.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="rosa-checking-logs-cli"]
-= Checking logs with the ROSA CLI
-:context: rosa-checking-logs-cli
-
-toc::[]
-
-include::modules/rosa-logs.adoc[leveloffset=+1]
diff --git a/rosa_cli/rosa-get-started-cli.adoc b/rosa_cli/rosa-get-started-cli.adoc
deleted file mode 100644
index d7f8d4f67987..000000000000
--- a/rosa_cli/rosa-get-started-cli.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="rosa-get-started-cli"]
-= Getting started with the {product-title} (ROSA) CLI, `rosa`
-:context: rosa-getting-started-cli
-toc::[]
-
-Setup and basic usage of the {product-title} (ROSA) CLI, `rosa`.
-
-include::modules/rosa-about.adoc[leveloffset=+1]
-include::modules/rosa-setting-up-cli.adoc[leveloffset=+1]
-include::modules/rosa-configure.adoc[leveloffset=+1]
-include::modules/rosa-initialize.adoc[leveloffset=+1]
-include::modules/rosa-using-bash-script.adoc[leveloffset=+1]
-include::modules/rosa-updating-rosa-cli.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/rosa_cli/rosa-manage-objects-cli.adoc b/rosa_cli/rosa-manage-objects-cli.adoc
deleted file mode 100644
index 9b0f9cf18395..000000000000
--- a/rosa_cli/rosa-manage-objects-cli.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="rosa-managing-objects-cli"]
-= Managing objects with the ROSA CLI
-
-:context: rosa-managing-objects-cli
-
-toc::[]
-
-Managing objects with the {product-title} (ROSA) CLI, `rosa`, such as adding `dedicated-admin` users, managing clusters, and scheduling cluster upgrades.
-
-include::modules/rosa-common-commands.adoc[leveloffset=+1]
-include::modules/rosa-parent-commands.adoc[leveloffset=+1]
-include::modules/rosa-create-objects.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-== Additional resources
-* See xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-aws-instance-types_rosa-service-definition[AWS Instance types] for a list of supported instance types.
-* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies_rosa-sts-about-iam-resources[Account-wide IAM role and policy reference] for a list of IAM roles needed for cluster creation.
-* See xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-understanding-aws-account-association_rosa-sts-creating-a-cluster-with-customizations[Understanding AWS account association] for more information about the OCM role and user role.
-
-include::modules/rosa-edit-objects.adoc[leveloffset=+1]
-include::modules/rosa-delete-objects.adoc[leveloffset=+1]
-include::modules/rosa-install-uninstall-addon.adoc[leveloffset=+1]
-include::modules/rosa-list-objects.adoc[leveloffset=+1]
-include::modules/rosa-upgrade-cluster-cli.adoc[leveloffset=+1]
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-access.adoc b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-access.adoc
index bde71ada2870..1a5fd88d4e39 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-access.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-access.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-aws-access"]
 = Accessing AWS infrastructure
 include::_attributes/common-attributes.adoc[]
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-dc.adoc b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-dc.adoc
index 75cfe9f154dc..7247b03acdf8 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-dc.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-dc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-aws-dc"]
 = Configuring AWS Direct Connect
 include::_attributes/common-attributes.adoc[]
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
index 726127286b21..07ba089ef143 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-peering.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-aws-peering"]
 = Configuring AWS VPC peering
 include::_attributes/common-attributes.adoc[]
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-private-cluster.adoc b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-private-cluster.adoc
index efd721cafd62..e44fb534a663 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-private-cluster.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-private-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-aws-private-cluster"]
 = Configuring a private cluster
 include::_attributes/common-attributes.adoc[]
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-vpn.adoc b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-vpn.adoc
index 6a8b8eaabce4..3b102d0aa9cc 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-vpn.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-aws-vpn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dedicated-aws-vpn"]
 = Configuring AWS VPN
 include::_attributes/common-attributes.adoc[]
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-understanding-aws.adoc b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-understanding-aws.adoc
index 6c828ec11a9f..25874c526a60 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/dedicated-understanding-aws.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/dedicated-understanding-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: dedicated-understanding-aws
 [id="welcome-index"]
 = Understanding cloud infrastructure access
diff --git a/rosa_cluster_admin/cloud_infrastructure_access/rosa-configuring-private-connections.adoc b/rosa_cluster_admin/cloud_infrastructure_access/rosa-configuring-private-connections.adoc
index bbbaea528075..c4c3aa005038 100644
--- a/rosa_cluster_admin/cloud_infrastructure_access/rosa-configuring-private-connections.adoc
+++ b/rosa_cluster_admin/cloud_infrastructure_access/rosa-configuring-private-connections.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-configuring-private-connections"]
 = Configuring private connections
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_cluster_admin/rosa-cluster-autoscaling.adoc b/rosa_cluster_admin/rosa-cluster-autoscaling.adoc
new file mode 100644
index 000000000000..da74872700b0
--- /dev/null
+++ b/rosa_cluster_admin/rosa-cluster-autoscaling.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-cluster-autoscaling"]
+= Cluster autoscaling
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-cluster-autoscaling
+
+toc::[]
+
+Applying autoscaling to {product-title} clusters involves configuring a cluster autoscaler and then configuring a machine autoscaler for at least one machine pool in your cluster.
+
+[IMPORTANT]
+====
+You can configure the cluster autoscaler only in clusters where the machine API is operational.
+
+Only one cluster autoscaler can be created per cluster.
+====
+
+include::modules/cluster-autoscaler-about.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-ui-during.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-ui-after.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-ui-settings.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-cli-interactive-during.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-cli-interactive-after.adoc[leveloffset=+2]
+
+include::modules/rosa-cluster-autoscaler-cli-during.adoc[leveloffset=+1]
+
+include::modules/rosa-cluster-autoscaler-cli-after.adoc[leveloffset=+2]
+
+include::modules/rosa-cluster-autoscaler-cli-edit.adoc[leveloffset=+2]
+
+include::modules/rosa-cluster-autoscaler-cli-delete.adoc[leveloffset=+2]
+
+include::modules/rosa-cluster-autoscaler-cli-settings.adoc[leveloffset=+1]
diff --git a/rosa_cluster_admin/rosa-configuring-pid-limits.adoc b/rosa_cluster_admin/rosa-configuring-pid-limits.adoc
new file mode 100644
index 000000000000..644f79eaef2d
--- /dev/null
+++ b/rosa_cluster_admin/rosa-configuring-pid-limits.adoc
@@ -0,0 +1,40 @@
+// This assembly covers how to configure cluster-wide PID limits by configuring
+// the kubeletconfig. Eventually, additional cluster-wide parameters should be
+// available for configuration. As additional parameters are added, it might be 
+// better to change this assembly to be "Configuring cluster parameters" or 
+// something similar.
+//
+// Also, this content theoretically applies to OSD as well, but the PID limits
+// can only be configured through the ROSA CLI. When other methods are added for
+// configuring PID limits, this assembly and its modules can be evaluated for 
+// inclusion in the OSD docs.
+
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-configuring-pid-limits"]
+= Configuring PID limits
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-configuring-pid-limits
+
+toc::[]
+
+A process identifier (PID) is a unique identifier assigned by the Linux kernel to each process or thread currently running on a system. The number of processes that can run simultaneously on a system is limited to 4,194,304 by the Linux kernel. This number might also be affected by limited access to other system resources such as memory, CPU, and disk space.
+
+In {product-title} 4.11 and later, by default, a pod can have a maximum of 4,096 PIDs. If your workload requires more than that, you can increase the allowed maximum number of PIDs.
+
+// Understanding process ID limits
+include::modules/sd-understanding-process-id-limits.adoc[leveloffset=+1]
+
+// Risks of setting higher process ID limits
+include::modules/risks-setting-higher-process-id-limits.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
+
+* xref:../rosa_planning/rosa-planning-environment.adoc#rosa-planning-environment[Planning your environment]
+
+* xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
+
+// Setting a higher pid limit on an existing cluster
+include::modules/setting-higher-pid-limit-on-existing-cluster.adoc[leveloffset=+1]
diff --git a/rosa_cluster_admin/rosa_logging/rosa-accessing-the-service-logs.adoc b/rosa_cluster_admin/rosa_logging/rosa-accessing-the-service-logs.adoc
index 2e847e54113a..362f375a2562 100644
--- a/rosa_cluster_admin/rosa_logging/rosa-accessing-the-service-logs.adoc
+++ b/rosa_cluster_admin/rosa_logging/rosa-accessing-the-service-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-accessing-the-service-logs"]
 = Accessing the service logs for ROSA clusters
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_cluster_admin/rosa_logging/rosa-viewing-logs.adoc b/rosa_cluster_admin/rosa_logging/rosa-viewing-logs.adoc
index da1a5040d7c5..2849a02df98e 100644
--- a/rosa_cluster_admin/rosa_logging/rosa-viewing-logs.adoc
+++ b/rosa_cluster_admin/rosa_logging/rosa-viewing-logs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-viewing-logs"]
 = Viewing cluster logs in the AWS Console
diff --git a/rosa_cluster_admin/rosa_nodes/nodes-cluster-resource-configure.adoc b/rosa_cluster_admin/rosa_nodes/nodes-cluster-resource-configure.adoc
new file mode 120000
index 000000000000..9cd6a9a9fef1
--- /dev/null
+++ b/rosa_cluster_admin/rosa_nodes/nodes-cluster-resource-configure.adoc
@@ -0,0 +1 @@
+../../nodes/clusters/nodes-cluster-resource-configure.adoc
\ No newline at end of file
diff --git a/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc b/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
index ff7ceef8166c..40efef28f84d 100644
--- a/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
+++ b/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-managing-worker-nodes"]
 = Managing compute nodes
@@ -13,12 +13,24 @@ You can edit machine pool configuration options such as scaling, adding node lab
 
 include::modules/creating-a-machine-pool.adoc[leveloffset=+1]
 include::modules/creating-a-machine-pool-ocm.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups]
+
 include::modules/creating-a-machine-pool-cli.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
+* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups]
+
+include::modules/configuring-machine-pool-disk-volume.adoc[leveloffset=+1]
+include::modules/configuring-machine-pool-disk-volume-ocm.adoc[leveloffset=+2]
+include::modules/configuring-machine-pool-disk-volume-cli.adoc[leveloffset=+2]
 
-* For a detailed list of the arguments that are available for the `rosa create machinepool` subcommand, see xref:../../rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-machinepool_rosa-managing-objects-cli[Managing objects with the ROSA CLI].
+[role="_additional-resources"]
+.Additional resources
+* For a detailed list of the arguments that are available for the `rosa create machinepool` subcommand, see xref:../../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-managing-objects-cli[Managing objects with the ROSA CLI].
 
 include::modules/deleting-machine-pools.adoc[leveloffset=+1]
 include::modules/deleting-machine-pools-ocm.adoc[leveloffset=+2]
@@ -32,20 +44,19 @@ include::modules/rosa-osd-node-label-about.adoc[leveloffset=+1]
 * For more information about labels, see link:https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/[Kubernetes Labels and Selectors overview].
 
 include::modules/rosa-adding-node-labels.adoc[leveloffset=+2]
-include::modules/rosa-imds-machine-pools.adoc[leveloffset=+1]
+// include::modules/rosa-imds-machine-pools.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
+// [role="_additional-resources"]
+// .Additional resources
 
-* For more information about Instance Metadata Service, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html[Use IMDSv2] in the AWS documentation.
+// * For more information about Instance Metadata Service, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html[Use IMDSv2] in the AWS documentation.
 
-include::modules/rosa-imds-machine-pools-ui.adoc[leveloffset=+2]
-include::modules/rosa-imds-machine-pools-cli.adoc[leveloffset=+2]
+// include::modules/rosa-imds-machine-pools-ui.adoc[leveloffset=+2]
+// include::modules/rosa-imds-machine-pools-cli.adoc[leveloffset=+2]
 include::modules/rosa-adding-taints.adoc[leveloffset=+1]
 include::modules/rosa-adding-taints-ocm.adoc[leveloffset=+2]
 include::modules/rosa-adding-taints-cli.adoc[leveloffset=+2]
 
-
 include::modules/rosa-adding-tuning.adoc[leveloffset=+1]
 
 == Additional resources
diff --git a/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc b/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc
index 6b8d2b78d825..540466bf7c25 100644
--- a/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc
+++ b/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-nodes-about-autoscaling-nodes"]
 = About autoscaling nodes on a cluster
@@ -72,8 +72,9 @@ endif::[]
 
 [id="nodes-about-autoscaling-nodes-additional-resources"]
 == Additional resources
+* link:https://access.redhat.com/solutions/6821651[Troubleshooting: Autoscaling is not scaling down nodes]
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc#rosa-nodes-machinepools-about[About machinepools]
 ifdef::openshift-rosa[]
-* xref:../../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-managing-worker-nodes[Managing worker nodes]
-* xref:../../rosa_cli/rosa-manage-objects-cli.adoc#rosa-managing-objects-cli[Managing objects with the ROSA CLI]
+* xref:../../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-managing-worker-nodes[Managing compute nodes]
+* xref:../../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-managing-objects-cli[Managing objects with the ROSA CLI]
 endif::[]
diff --git a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc
index 303af166951d..7a6169b7f554 100644
--- a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc
+++ b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-nodes-machinepools-about"]
 = About machine pools
@@ -27,26 +27,35 @@ Machine pools are a higher level construct to compute machine sets.
 
 A machine pool creates compute machine sets that are all clones of the same configuration across availability zones. Machine pools perform all of the host node provisioning management actions on a worker node. If you need more machines or must scale them down, change the number of replicas in the machine pool to meet your compute needs. You can manually configure scaling or set autoscaling.
 
-By default, a cluster has one machine pool. During cluster installation, you can label this machine pool. After the cluster is installed, the `Default` machine pool cannot be deleted, and its node type or size cannot be changed.
+By default, a cluster has one machine pool. During cluster installation, you can define instance type or size and add labels to this machine pool.
 
 After a cluster's installation:
 
-* You can relabel a `Default` machine pool.
+* You can remove or add labels to any machine pool.
 * You can add additional machine pools to an existing cluster.
+* You can add taints to any machine pool as long as there is one machine pool without any taints.
+* You can create or delete a machine pool as long as there is one machine pool without any taints and at least two replicas for a Single-AZ cluster or three replicas for a Multi-AZ cluster.
 +
 [NOTE]
 ====
 You cannot change the machine pool node type or size. The machine pool node type or size is specified during their creation only. If you need a different node type or size, you must re-create a machine pool and specify the required node type or size values.
 ====
 * You can add a label to each added machine pool.
-* You cannot delete the `Default` machine pool. However, you can delete the non-default machine pools. 
 
 Multiple machine pools can exist on a single cluster, and each machine pool can contain a unique node type and node size configuration.
 
 == Machine pools in multiple zone clusters
-When you create a machine pool in a multiple availability zone (Multi-AZ) cluster, that one machine pool has 3 zones. The machine pool, in turn, creates a total of 3 compute machine sets - one for each zone in the cluster. Each of those compute machine sets manages one or more machines in its respective availability zone.
+In a cluster created across multiple Availability Zones (AZ), the machine pools can be created across either all of the three AZs or any single AZ of your choice. The machine pool created by default at the time of cluster creation will be created with machines in all three AZs and scale in multiples of three.
 
-If you create a new Multi-AZ cluster, the machine pools are replicated to those zones automatically. If you add a machine pool to an existing Multi-AZ, the new pool is automatically created in those zones. Similarly, deleting a machine pool will delete it from all zones.
+
+If you create a new Multi-AZ cluster, the machine pools are replicated to those zones automatically. By default, if you add a machine pool to an existing Multi-AZ cluster, the new machine pool is automatically created in all of the zones.
+
+[NOTE]
+====
+You can override this default setting and create a machine pool in a Single-AZ of your choice.
+====
+
+Similarly, deleting a machine pool will delete it from all zones.
 Due to this multiplicative effect, using machine pools in Multi-AZ cluster can consume more of your project's quota for a specific region when creating machine pools.
 
 == Additional resources
@@ -54,3 +63,4 @@ ifdef::openshift-rosa[]
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-managing-worker-nodes[Managing compute nodes]
 endif::[]
 * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[About autoscaling]
+* xref:../../rosa_cluster_admin/rosa-configuring-pid-limits.adoc#rosa-configuring-pid-limits[Configuring PID limits]
diff --git a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.adoc b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.adoc
index 891707772d2c..d10e7ba9fda7 100644
--- a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.adoc
+++ b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-nodes-machinepools-configuring"]
 = Configuring machine pools in Local Zones
diff --git a/rosa_getting_started/rosa-getting-started.adoc b/rosa_getting_started/rosa-getting-started.adoc
index 4097a9b94c98..63cf9b65fed0 100644
--- a/rosa_getting_started/rosa-getting-started.adoc
+++ b/rosa_getting_started/rosa-getting-started.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-getting-started"]
 = Comprehensive guide to getting started with {product-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -61,6 +61,13 @@ include::modules/rosa-getting-started-configure-an-idp.adoc[leveloffset=+2]
 
 include::modules/rosa-getting-started-grant-user-access.adoc[leveloffset=+2]
 include::modules/rosa-getting-started-grant-admin-privileges.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-cluster-admin-role_rosa-service-definition[Cluster administration role]
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-customer-admin-user_rosa-service-definition[Customer administrator user]
+
 include::modules/rosa-getting-started-access-cluster-web-console.adoc[leveloffset=+1]
 include::modules/deploy-app.adoc[leveloffset=+1]
 include::modules/rosa-getting-started-revoking-admin-privileges-and-user-access.adoc[leveloffset=+1]
@@ -73,7 +80,7 @@ include::modules/rosa-getting-started-deleting-a-cluster.adoc[leveloffset=+1]
 
 * xref:../adding_service_cluster/adding-service.adoc#adding-service[Adding services to a cluster using the {cluster-manager} console]
 * xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-managing-worker-nodes[Managing compute nodes]
-* xref:../monitoring/rosa-configuring-the-monitoring-stack.adoc#rosa-configuring-the-monitoring-stack[Configuring the monitoring stack]
+* xref:../monitoring/configuring-the-monitoring-stack.adoc[Configuring the monitoring stack]
 
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
diff --git a/rosa_getting_started/rosa-quickstart-guide-ui.adoc b/rosa_getting_started/rosa-quickstart-guide-ui.adoc
index 38fa5405649e..aafb1bccbae8 100644
--- a/rosa_getting_started/rosa-quickstart-guide-ui.adoc
+++ b/rosa_getting_started/rosa-quickstart-guide-ui.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-quickstart-guide-ui"]
 = {product-title} quickstart guide
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -8,7 +8,7 @@ toc::[]
 
 [NOTE]
 ====
-If you are looking for a comprehensive getting started guide for ROSA, see xref:../rosa_getting_started/rosa-getting-started.adoc#rosa-getting-started[Comprehensive guide to getting started with {product-title}]. For additional information on ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat Openshift Service on AWS (ROSA) interactive walkthrough].
+If you are looking for a comprehensive getting started guide for ROSA, see xref:../rosa_getting_started/rosa-getting-started.adoc#rosa-getting-started[Comprehensive guide to getting started with {product-title}]. For additional information on ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red Hat OpenShift Service on AWS (ROSA) interactive walkthrough].
 ====
 
 Follow this guide to quickly create a {product-title} (ROSA) cluster using the {cluster-manager-first} {hybrid-console-second}, grant user access, deploy your first application, and learn how to revoke user access and delete your cluster.
@@ -118,6 +118,11 @@ include::modules/rosa-getting-started-grant-user-access.adoc[leveloffset=+2]
 [discrete]
 include::modules/rosa-getting-started-grant-admin-privileges.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-cluster-admin-role_rosa-service-definition[Cluster administration role]
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-customer-admin-user_rosa-service-definition[Customer administrator user]
 
 //This content is pulled from rosa-getting-started-access-cluster-web-console.adoc
 include::modules/rosa-getting-started-access-cluster-web-console.adoc[leveloffset=+1]
@@ -149,7 +154,7 @@ include::modules/rosa-getting-started-deleting-a-cluster.adoc[leveloffset=+1]
 
 * xref:../adding_service_cluster/adding-service.adoc#adding-service[Adding services to a cluster using the {cluster-manager} console]
 * xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-managing-worker-nodes[Managing compute nodes]
-* xref:../monitoring/rosa-configuring-the-monitoring-stack.adoc#rosa-configuring-the-monitoring-stack[Configuring the monitoring stack]
+* xref:../monitoring/configuring-the-monitoring-stack.adoc[Configuring the monitoring stack]
 
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
diff --git a/rosa_getting_started/rosa-sts-getting-started-workflow.adoc b/rosa_getting_started/rosa-sts-getting-started-workflow.adoc
index 1a5e281e2bd6..e5399c550edb 100644
--- a/rosa_getting_started/rosa-sts-getting-started-workflow.adoc
+++ b/rosa_getting_started/rosa-sts-getting-started-workflow.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-understanding-the-deployment-workflow"]
 = Understanding the ROSA with STS deployment workflow
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc
new file mode 100644
index 000000000000..92a65dee264a
--- /dev/null
+++ b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc
@@ -0,0 +1,82 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-hcp-creating-cluster-with-aws-kms-key"]
+= Creating ROSA with HCP clusters using a custom AWS KMS encryption key
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-hcp-creating-cluster-with-aws-kms-key
+
+toc::[]
+
+Create a {product-title} (ROSA) with a {hcp} (HCP) cluster  using a custom AWS Key Management Service (KMS) key.
+
+//include::modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc[leveloffset=+1]
+//include::modules/rosa-sts-associating-your-aws-account.adoc[leveloffset=+2]
+
+[id="rosa-hcp-creating-cluster-with-aws-kms-key-prereqs"]
+== {hcp-title} Prerequisites
+
+To create a {hcp-title} cluster, you must have the following items:
+
+* A configured virtual private cloud (VPC)
+* Account-wide roles
+* An OIDC configuration
+* Operator roles
+
+[id="rosa-hcp-creating-cluster-with-aws-kms-key-creating-vpc"]
+=== Creating a Virtual Private Cloud for your {hcp-title} clusters
+
+You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC: 
+
+* Create a VPC by using a Terraform template
+* Manually create the VPC resources in the AWS console
+
+[NOTE]
+====
+The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`.
+====
+
+[discrete]
+include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See the link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC] repository for a detailed list of all options available when customizing the VPC for your needs.
+
+[discrete]
+include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html[Get Started with Amazon VPC]
+* link:https://developer.hashicorp.com/terraform[HashiCorp Terraform documentation]
+
+include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]
+
+include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2]
+
+include::modules/rosa-operator-config.adoc[leveloffset=+2]
+
+include::modules/creating-cluster-with-aws-kms-key.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_rosa-hcp-operator-prefix"]
+
+[id="next-steps-2_{context}"]
+== Next steps
+
+* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster]
+
+[role="_additional-resources"]
+[id="additional-resources_rosa-hcp-creating-cluster-with-aws-kms-key"]
+== Additional resources
+
+* For information on using the CLI to create a cluster, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a ROSA with HCP cluster using the CLI].
+* For steps to deploy a ROSA cluster using manual mode, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations].
+* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS].
+* For details about optionally setting an Operator role name prefix, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes].
+* For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS].
+* For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes].
+* For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers].
+* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations.adoc#rosa-troubleshooting-installations[Troubleshooting installations].
+* For steps to contact Red Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red Hat OpenShift Service on AWS].
diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
index 65a4a8dfbb21..2788090cb24c 100644
--- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
+++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-hcp-sts-creating-a-cluster-quickly"]
 = Creating ROSA with HCP clusters using the default options
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -13,9 +13,6 @@ If you are looking for a quickstart guide for ROSA Classic, see xref:../rosa_get
 
 {hcp-title-first} offers a more efficient and reliable architecture for creating {product-title} (ROSA) clusters. With {hcp-title}, each cluster has a dedicated control plane that is isolated in a ROSA service account.
 
-:FeatureName: {hcp-title-first} 
-include::snippets/technology-preview.adoc[]
-
 Create a {hcp-title} cluster quickly by using the default options and automatic AWS Identity and Access Management (IAM) resource creation. You can deploy your cluster by using the ROSA CLI (`rosa`).
 
 [IMPORTANT]
@@ -28,6 +25,9 @@ Since it is not possible to upgrade or convert existing ROSA clusters to a {hcp}
 {hcp-title} clusters only support AWS Security Token Service (STS) authentication.
 ====
 
+.Further reading
+* See the AWS documentation for information about link:https://docs.aws.amazon.com/rosa/latest/userguide/getting-started-hcp.html[Getting started with ROSA with HCP using the ROSA CLI in auto mode].
+
 include::modules/rosa-hcp-classic-comparison.adoc[leveloffset=+1]
 
 .Additional resources
@@ -72,7 +72,7 @@ To create a {hcp-title} cluster, you must have the following items:
 [id="rosa-hcp-creating-vpc"]
 === Creating a Virtual Private Cloud for your {hcp-title} clusters
 
-You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC: 
+You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC:
 
 * Create a VPC by using a Terraform template
 * Manually create the VPC resources in the AWS console
@@ -103,7 +103,7 @@ include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3]
 
 include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]
 
-include::modules/rosa-hcp-byo-oidc.adoc[leveloffset=+2]
+include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2]
 
 include::modules/rosa-operator-config.adoc[leveloffset=+2]
 
@@ -130,5 +130,5 @@ include::modules/rosa-hcp-sts-creating-a-cluster-cli.adoc[leveloffset=+1]
 * For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS].
 * For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes].
 * For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation.
-* For more information about troubleshooting ROSA cluster installations, see xref:../sd_support/rosa-troubleshooting-installations.adoc#rosa-troubleshooting-installations[Troubleshooting installations].
-* For steps to contact Red Hat Support for assistance, see xref:../rosa_architecture/rosa-getting-support.adoc#rosa-getting-support[Getting support for Red Hat OpenShift Service on AWS].
+* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations.adoc#rosa-troubleshooting-installations[Troubleshooting installations].
+* For steps to contact Red Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red Hat OpenShift Service on AWS].
diff --git a/rosa_hcp/rosa-tuning-config.adoc b/rosa_hcp/rosa-tuning-config.adoc
index 86b0045d8f38..c36dca68140a 100644
--- a/rosa_hcp/rosa-tuning-config.adoc
+++ b/rosa_hcp/rosa-tuning-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-tuning-config"]
 = Using the Node Tuning Operator on {hcp-title} clusters
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -8,9 +8,6 @@ toc::[]
 
 {hcp-title-first} supports the Node Tuning Operator to improve performance of your nodes on your {hcp-title} clusters. Prior to creating a node tuning configuration, you must create a custom tuning specification.
 
-:FeatureName: {hcp-title-first} 
-include::snippets/technology-preview.adoc[]
-
 include::modules/node-tuning-operator.adoc[leveloffset=+1]
 
 include::modules/custom-tuning-specification.adoc[leveloffset=+1]
diff --git a/rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc b/rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc
index 6ac7c7cd3679..57faa670a7ff 100644
--- a/rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-aws-privatelink-creating-cluster"]
 = Creating an AWS PrivateLink cluster on ROSA
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc b/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc
new file mode 100644
index 000000000000..d11c910fe985
--- /dev/null
+++ b/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc
@@ -0,0 +1,48 @@
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-shared-vpc-config"]
+= Configuring a shared VPC for ROSA clusters
+:context: rosa-shared-vpc-config
+
+toc::[]
+
+You can create {product-title} 
+ifdef::openshift-rosa[]
+(ROSA)
+endif::openshift-rosa[]
+clusters in shared, centrally-managed AWS virtual private clouds (VPCs). 
+
+[NOTE]
+====
+This process requires *two separate* AWS accounts that belong to the same AWS organization. One account functions as the VPC-owning AWS account (*VPC Owner*), while the other account creates the cluster in the cluster-creating AWS account (*Cluster Creator*).
+====
+
+image::372_OpenShift_on_AWS_persona_worflows_0923_all.png[]
+.Prerequisites for the *VPC Owner*
+* You have an AWS account with the proper permissions to create roles and share resources.
+* The *Cluster Creator's* AWS account is separate from the *VPC Owner's* AWS account.
+* Both AWS accounts belong to the same AWS organization.
+* You enabled resource sharing from the management account for your organization.
+* You have access to the link:https://signin.aws.amazon.com[AWS console].
+
+.Prerequisites for the *Cluster Creator*
+* You installed the link:https://console.redhat.com/openshift/downloads#tool-rosa[ROSA CLI (`rosa`)] 1.2.26 or later.
+* You created all of the required xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-account-wide-sts-roles-and-policies_rosa-sts-creating-a-cluster-quickly[ROSA account roles] for creating a cluster.
+* The *Cluster Creator's* AWS account is separate from the *VPC Owner's* AWS account.
+* Both AWS accounts belong to the same AWS organization.
+
+[NOTE]
+====
+Installing a cluster in a shared VPC is supported only for OpenShift 4.12.34 and later, 4.13.10 and later, and all future 4.y-streams.
+====
+
+include::modules/rosa-sharing-vpc-creation-and-sharing.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_shared-vpc_vpc-creation"]
+[discrete]
+=== Additional resources
+* See the AWS documentation for link:https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html[sharing your AWS resources].
+
+include::modules/rosa-sharing-vpc-dns-and-roles.adoc[leveloffset=+1]
+include::modules/rosa-sharing-vpc-hosted-zones.adoc[leveloffset=+1]
+include::modules/rosa-sharing-vpc-cluster-creation.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc b/rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
index 5d182e26b6ba..1429eff2c085 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-sts-accessing-cluster"]
 = Accessing a ROSA cluster
@@ -13,8 +13,19 @@ This document describes how to access a cluster and set up an IDP using the ROSA
 include::modules/rosa-accessing-your-cluster-quick.adoc[leveloffset=+1]
 include::modules/rosa-accessing-your-cluster.adoc[leveloffset=+1]
 include::modules/rosa-create-cluster-admins.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-cluster-admin-role_rosa-service-definition[Cluster administration role]
+
 include::modules/rosa-create-dedicated-cluster-admins.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-customer-admin-user_rosa-service-definition[Customer administrator user]
+
 [role="_additional-resources"]
 == Additional resources
 * xref:../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers using {cluster-manager-first} console]
diff --git a/rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc b/rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
index f8d1f66a88f5..a2b6dfe49dfe 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-config-identity-providers"]
 = Configuring identity providers for STS
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -11,6 +11,7 @@ After your {product-title} (ROSA) cluster is created, you must configure identit
 The following topics describe how to configure an identity provider using {cluster-manager} console. Alternatively, you can use the ROSA CLI (`rosa`) to configure an identity provider and access the cluster.
 
 include::modules/understanding-idp.adoc[leveloffset=+1]
+include::modules/identity-provider-parameters.adoc[leveloffset=+2]
 include::modules/config-github-idp.adoc[leveloffset=+1]
 include::modules/config-gitlab-idp.adoc[leveloffset=+1]
 include::modules/config-google-idp.adoc[leveloffset=+1]
diff --git a/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
index 8d63baabfd09..e581615ed8cf 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-creating-a-cluster-quickly"]
 = Creating a ROSA cluster with STS using the default options
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -21,7 +21,7 @@ Alternatively, you can use `manual` mode, which outputs the `aws` commands neede
 .Next steps
 
 * Ensure that you have completed the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc[AWS prerequisites].
-
+include::snippets/oidc-cloudfront.adoc[]
 include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[leveloffset=+1]
 include::modules/rosa-sts-understanding-aws-account-association.adoc[leveloffset=+1]
 
@@ -41,6 +41,7 @@ include::modules/osd-aws-vpc-required-resources.adoc[leveloffset=+1]
 include::modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc[leveloffset=+1]
 include::modules/rosa-sts-associating-your-aws-account.adoc[leveloffset=+2]
 include::modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]
+include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2]
 include::modules/rosa-sts-creating-a-cluster-using-defaults-ocm.adoc[leveloffset=+2]
 include::modules/rosa-sts-creating-a-cluster-quickly-cli.adoc[leveloffset=+1]
 
@@ -59,5 +60,5 @@ include::modules/rosa-sts-creating-a-cluster-quickly-cli.adoc[leveloffset=+1]
 * For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS].
 * For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes].
 * For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation.
-* For more information about troubleshooting ROSA cluster installations, see xref:../sd_support/rosa-troubleshooting-installations.adoc#rosa-troubleshooting-installations[Troubleshooting installations].
-* For steps to contact Red Hat Support for assistance, see xref:../rosa_architecture/rosa-getting-support.adoc#rosa-getting-support[Getting support for Red Hat OpenShift Service on AWS].
\ No newline at end of file
+* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations.adoc#rosa-troubleshooting-installations[Troubleshooting installations].
+* For steps to contact Red Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red Hat OpenShift Service on AWS].
\ No newline at end of file
diff --git a/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
index d0c5c681779a..d6b20b702664 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-creating-a-cluster-with-customizations"]
 = Creating a ROSA cluster with STS using customizations
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -6,8 +6,6 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-include::snippets/rosa-4-11-12-snippet.adoc[]
-
 Create a {product-title} (ROSA) cluster with the AWS Security Token Service (STS) using customizations. You can deploy your cluster by using {cluster-manager-first} or the ROSA CLI (`rosa`).
 
 With the procedures in this document, you can also choose between the `auto` and `manual` modes when creating the required AWS Identity and Access Management (IAM) resources.
@@ -38,14 +36,19 @@ include::modules/osd-aws-vpc-required-resources.adoc[leveloffset=+1]
 * For more information about the default components required for an AWS cluster, see link:https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html[Default VPCs] in the AWS documentation.
 * For instructions on creating a VPC in the AWS console, see link:https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html[Create a VPC] in the AWS documentation.
 
+include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+1]
 include::modules/rosa-sts-creating-a-cluster-using-customizations.adoc[leveloffset=+1]
 include::modules/rosa-sts-creating-a-cluster-with-customizations-ocm.adoc[leveloffset=+2]
-
 [role="_additional-resources"]
 .Additional resources
-* xref:../rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-cluster-command_rosa-managing-objects-cli[create cluster] in _Managing objects with the ROSA CLI_.
+* xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-cluster-command_rosa-managing-objects-cli[create cluster] in _Managing objects with the ROSA CLI_
+* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[Methods of account-wide role creation]
 
 include::modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups]
+* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[Methods of account-wide role creation]
 
 [id="next-steps_{context}"]
 == Next steps
@@ -56,6 +59,7 @@ include::modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc[levelo
 [id="additional-resources_rosa-sts-creating-a-cluster-with-customizations"]
 == Additional resources
 
+* For more information on configuring a ROSA cluster within a shared virtual private cloud (VPC), see xref:../rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc#rosa-shared-vpc-config[Configuring a shared VPC for ROSA clusters].
 * For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS].
 * For details about optionally setting an Operator role name prefix, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes].
 * For an overview of the options that are presented when you create the AWS IAM resources and clusters by using interactive mode, see xref:../rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc#rosa-sts-interactive-mode-reference[Interactive cluster creation mode reference].
@@ -63,5 +67,5 @@ include::modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc[levelo
 * For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation.
 * For more information about etcd encryption, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-etcd-encryption_rosa-service-definition[etcd encryption service definition].
 * For information about configuring a proxy with ROSA, see xref:../networking/configuring-cluster-wide-proxy.adoc#configuring-a-cluster-wide-proxy[Configuring a cluster-wide proxy].
-* For more information about troubleshooting ROSA cluster installations, see xref:../sd_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deployments[Troubleshooting cluster deployments].
-* For steps to contact Red Hat Support for assistance, see xref:../rosa_architecture/rosa-getting-support.adoc#rosa-getting-support[Getting support for Red Hat OpenShift Service on AWS].
+* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deployments[Troubleshooting cluster deployments].
+* For steps to contact Red Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red Hat OpenShift Service on AWS].
diff --git a/rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc b/rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc
index 9a23b484f7ae..618f4499e446 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-sts-deleting-access-cluster"]
 = Revoking access to a ROSA cluster
diff --git a/rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc b/rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc
index cd0b0d12a68e..f93108a4cc3b 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-sts-deleting-cluster"]
 = Deleting a ROSA cluster
@@ -19,6 +19,12 @@ If these configurations and services remain, the cluster does not delete properl
 
 include::modules/rosa-deleting-cluster.adoc[leveloffset=+1]
 
+.Troubleshooting
+* If the cluster cannot be deleted because of missing IAM roles, see Additional xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted].
+* If the cluster cannot be deleted for other reasons:
+** Check that there are no Add-ons for your cluster pending in the link:https://console.redhat.com/openshift[Hybrid Cloud Console].
+** Check that all AWS resources and dependencies have been deleted in the Amazon Web Console.
+
 [role="_additional-resources"]
 .Additional resources
 
@@ -35,4 +41,4 @@ include::modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc[levelof
 == Additional resources
 
 * For information about the AWS IAM resources for ROSA clusters that use STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for ROSA clusters that use STS].
-* For information on cluster errors that are due to missing IAM roles, see xref:../sd_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted].
+* For information on cluster errors that are due to missing IAM roles, see xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted].
diff --git a/rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc b/rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc
index d76dbc9565e2..4f1fe10c7074 100644
--- a/rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc
+++ b/rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-interactive-mode-reference"]
 = Interactive cluster creation mode reference
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc
index c9640f205348..1ea1282d867d 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-accessing-cluster"]
 = Accessing a ROSA cluster
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc
index aea2306b57d4..08475bece2ff 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: prerequisites
 
@@ -13,7 +13,6 @@ You must ensure that the prerequisites are met before installing ROSA. This requ
 
 include::snippets/rosa-sts.adoc[]
 
-include::modules/rosa-aws-understand.adoc[leveloffset=+1]
 include::modules/rosa-aws-requirements.adoc[leveloffset=+1]
 include::modules/rosa-aws-procedure.adoc[leveloffset=+1]
 include::modules/rosa-aws-scp.adoc[leveloffset=+2]
@@ -21,6 +20,13 @@ include::modules/rosa-aws-iam.adoc[leveloffset=+1]
 include::modules/rosa-aws-provisioned.adoc[leveloffset=+1]
 include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups]
+* xref:../../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas]
+
 == Next steps
 * xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Review the required AWS service quotas]
 
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc
index d0f9fe0b9ee1..33a505d0a977 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-config-aws-account"]
 = Configuring your AWS account
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
index 90f115f1cc6b..fc59525cfa90 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-config-identity-providers"]
 = Configuring identity providers
@@ -13,6 +13,7 @@ The following topics describe how to configure an identity provider using {clust
 include::snippets/rosa-sts.adoc[]
 
 include::modules/understanding-idp.adoc[leveloffset=+1]
+include::modules/identity-provider-parameters.adoc[leveloffset=+2]
 include::modules/config-github-idp.adoc[leveloffset=+1]
 include::modules/config-gitlab-idp.adoc[leveloffset=+1]
 include::modules/config-google-idp.adoc[leveloffset=+1]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc
index f3329706cc4a..b383cb2f762a 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-creating-cluster"]
 = Creating a ROSA cluster without AWS STS
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc
index 304524bb5608..214fc97913f5 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-deleting-access-cluster"]
 = Deleting access to a ROSA cluster
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc
index 5aade99e1a7d..d976e062b660 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-deleting-cluster"]
 = Deleting a ROSA cluster
@@ -20,3 +20,8 @@ include::snippets/rosa-sts.adoc[]
 If these configurations and services remain, the cluster does not delete properly.
 
 include::modules/rosa-deleting-cluster.adoc[leveloffset=+1]
+.Troubleshooting
+* If the cluster cannot be deleted because of missing IAM roles, see Additional xref:../../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted].
+* If the cluster cannot be deleted for other reasons:
+** Check that there are no Add-ons for your cluster pending in the link:https://console.redhat.com/openshift[Hybrid Cloud Console].
+** Check that all AWS resources and dependencies have been deleted in the Amazon Web Console.
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc
index 090981d18754..e26742740ef6 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-understanding-the-deployment-workflow"]
 = Understanding the ROSA deployment workflow
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -6,9 +6,9 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-Before you create a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment.
+Before you create a {product-title} (ROSA) cluster, you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment.
 
-This document provides an overview of the ROSA with STS deployment workflow stages and refers to detailed resources for each stage.
+This document provides an overview of the ROSA workflow stages and refers to detailed resources for each stage.
 
 include::snippets/rosa-sts.adoc[]
 
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc
index 9b26dcd95f17..f0778030907c 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-installing-cli"]
 = Installing the {product-title} (ROSA) CLI, `rosa`
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-private-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-private-cluster.adoc
index a89d35143cbb..0ba5ee329d53 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-private-cluster.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-private-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-private-cluster"]
 = Configuring a private cluster
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc
index 9475c9a94236..0cb7cbc82052 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-command-reference"]
 = Command quick reference for creating clusters and users
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc
index e3f20de90cc1..31a3d5c06e1e 100644
--- a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc
+++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-required-aws-service-quotas"]
 = Required AWS service quotas
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_install_access_delete_clusters/terraform/_attributes b/rosa_install_access_delete_clusters/terraform/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/rosa_install_access_delete_clusters/terraform/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/rosa_install_access_delete_clusters/terraform/images b/rosa_install_access_delete_clusters/terraform/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/rosa_install_access_delete_clusters/terraform/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/rosa_install_access_delete_clusters/terraform/modules b/rosa_install_access_delete_clusters/terraform/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/rosa_install_access_delete_clusters/terraform/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/rosa_install_access_delete_clusters/terraform/rosa-sts-creating-a-cluster-quickly-terraform.adoc b/rosa_install_access_delete_clusters/terraform/rosa-sts-creating-a-cluster-quickly-terraform.adoc
new file mode 100644
index 000000000000..702f2da0e0dc
--- /dev/null
+++ b/rosa_install_access_delete_clusters/terraform/rosa-sts-creating-a-cluster-quickly-terraform.adoc
@@ -0,0 +1,41 @@
+:_content-type: ASSEMBLY
+[id="rosa-sts-creating-a-cluster-quickly-terraform"]
+= Creating a default ROSA Classic cluster using Terraform
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-sts-creating-a-cluster-quickly-terraform
+
+toc::[]
+
+Quickly create a {product-title} (ROSA) cluster quickly by using a Terraform cluster template that is configured with the default cluster options.
+
+[NOTE]
+====
+* For a quickstart guide for ROSA, see xref:../../rosa_getting_started/rosa-quickstart-guide-ui.adoc#rosa-quickstart-guide-ui[{product-title} quickstart guide].
+* To install ROSA clusters with the default options by using the CLI or {cluster-manager-url}, see xref:../../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly-ocm_rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS using the default options].
+* For steps to deploy a ROSA cluster by using `manual` mode or with customizations, see xref:../../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations].
+====
+
+The cluster creation process described below uses a Terraform configuration that prepares a ROSA Classic AWS Security Token Service (STS) cluster with the following resources:
+
+* An OIDC provider with a managed `oidc-config`
+* Prerequisite Operator roles with policies
+* IAM account roles with policies
+* All other AWS resources required to create a ROSA with STS cluster
+
+[id="next-steps_{context}"]
+.Prerequisites
+
+* You have completed the xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc[Detailed requirements for deploying ROSA using STS].
+* You have completed the xref:../../rosa_planning/rosa-understanding-terraform.adoc#rosa-sts-terraform-prerequisites_rosa-understanding-terraform[Prerequisites for Terraform].
+
+include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[leveloffset=+1]
+
+[id="rosa-sts-creating-a-cluster-quickly-terraform-procedure"]
+== Creating a default ROSA cluster using Terraform
+
+The cluster creation process outlined below shows how to use Terraform to create your account-wide IAM roles and a ROSA cluster with a managed OIDC configuration.
+
+include::modules/rosa-sts-cluster-terraform-setup.adoc[leveloffset=+2]
+include::modules/rosa-sts-cluster-terraform-file-creation.adoc[leveloffset=+2]
+include::modules/rosa-sts-cluster-terraform-execute.adoc[leveloffset=+2]
+include::modules/rosa-sts-cluster-terraform-destroy.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/rosa_install_access_delete_clusters/terraform/rosa-sts-creating-a-cluster-with-customizations-terraform.adoc b/rosa_install_access_delete_clusters/terraform/rosa-sts-creating-a-cluster-with-customizations-terraform.adoc
new file mode 100644
index 000000000000..02f019dd6bb3
--- /dev/null
+++ b/rosa_install_access_delete_clusters/terraform/rosa-sts-creating-a-cluster-with-customizations-terraform.adoc
@@ -0,0 +1,71 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-sts-creating-a-cluster-with-customizations-terraform"]
+= Customizing a ROSA cluster with Terraform
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-sts-creating-a-cluster-with-customizations-terraform
+
+toc::[]
+
+You can use Terraform to create a customized {product-title} (ROSA) cluster by using Terraform to customize the cluster's details.
+
+[NOTE]
+====
+This guide assumes a basic understanding of ROSA. See the additional resources for conceptual information about ROSA clusters.
+====
+
+.Prerequisites
+
+* You have generated and stored an link:https://console.redhat.com/openshift/token[offline {cluster-manager-first} token].
+* You have an AWS account with the correct permissions.
+* You completed the xref:../../rosa_planning/rosa-cloud-expert-prereq-checklist.adoc[Prerequisites checklist for deploying ROSA using STS]
+* You completed the setup steps in xref:../../rosa_planning/rosa-understanding-terraform.adoc[Preparing Terraform to install ROSA clusters]
+* You have installed link:https://developer.hashicorp.com/terraform/install[the `terraform` CLI tool].
+
+[id="rosa-sts-creating-a-cluster-with-customizations-terraform-creating"]
+== Creating a ROSA Classic cluster using Terraform
+
+The cluster creation process outlined below shows how to use Terraform to create your account-wide IAM roles and a default ROSA cluster with a managed OIDC configuration.
+
+[NOTE]
+====
+Clusters are customized by editing the default `main.tf`, `variables.tf`, and `terraform.tfvar` files. Cluster customizations must be performed *before* cluster creation. To customize, copy the default Terraform file from the procedure below and make the desired changes.
+====
+
+include::modules/rosa-sts-cluster-terraform-setup.adoc[leveloffset=+2]
+include::modules/rosa-sts-cluster-terraform-file-creation.adoc[leveloffset=+2]
+
+[id="rosa-sts-creating-a-cluster-with-customizations-terraform-customizing"]
+== Terraform customization options
+
+The following sections detail individual customizations you can add to your `main.tf`, `variables.tf`, and `terraform.tfvar` files.
+
+include::modules/rosa-cluster-cluster-role-name-change.adoc[leveloffset=+2]
+include::modules/rosa-sts-cluster-terraform-execute.adoc[leveloffset=+1]
+include::modules/rosa-sts-cluster-terraform-destroy.adoc[leveloffset=+1]
+
+[id="next-steps_{context}"]
+== Next steps
+
+* xref:../../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster]
+
+[role="_additional-resources"]
+[id="additional-resources_rosa-sts-creating-a-cluster-with-customizations-terraform"]
+== Additional resources
+
+* For information about the managing objects with the CLI, see the xref:../../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-cluster-command_rosa-managing-objects-cli[create cluster] section.
+* For information about the security groups, see xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups] in the AWS documentation.
+* For details on creating account-wide roles, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[Methods of account-wide role creation].
+* For detailed steps to create and link the {cluster-manager} and user IAM roles, see xref:../../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-customizations-ocm_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster with customizations by using OpenShift Cluster Manager].
+* For the steps to specify custom ARN paths for IAM resources when you create {product-title} clusters, see xref:../../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations].
+* For more information about the default components required for an AWS cluster, see link:https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html[Default VPCs] in the AWS documentation.
+* For instructions on creating a VPC in the AWS console, see link:https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html[Create a VPC] in the AWS documentation.
+* For more information on configuring a ROSA cluster within a shared virtual private cloud (VPC), see xref:../../rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc#rosa-shared-vpc-config[Configuring a shared VPC for ROSA clusters].
+* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS].
+* For details about optionally setting an Operator role name prefix, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes].
+* For an overview of the options that are presented when you create the AWS IAM resources and clusters by using interactive mode, see xref:../../rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc#rosa-sts-interactive-mode-reference[Interactive cluster creation mode reference].
+* For information about the prerequisites to installing ROSA with STS, see xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS].
+* For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation.
+* For more information about etcd encryption, see the xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-etcd-encryption_rosa-service-definition[etcd encryption service definition].
+* For information about configuring a proxy with ROSA, see xref:../../networking/configuring-cluster-wide-proxy.adoc#configuring-a-cluster-wide-proxy[Configuring a cluster-wide proxy].
+* For more information about troubleshooting ROSA cluster installations, see xref:../../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deployments[Troubleshooting cluster deployments].
+* For steps to contact Red Hat Support for assistance, see xref:../../support/getting-support.adoc#getting-support[Getting support for Red Hat OpenShift Service on AWS].
diff --git a/rosa_install_access_delete_clusters/terraform/snippets b/rosa_install_access_delete_clusters/terraform/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/rosa_install_access_delete_clusters/terraform/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc b/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc
new file mode 100644
index 000000000000..2b49c4aec05a
--- /dev/null
+++ b/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc
@@ -0,0 +1,207 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: rosa-cloud-expert-prereq-checklist
+[id="rosa-cloud-expert-prereq-checklist"]
+= Prerequisites checklist for deploying ROSA using STS
+
+toc::[]
+
+//Mobb content metadata
+//Brought into ROSA product docs 2023-09-15; does not follow typical OpenShift documentation formatting
+//---
+//date: '2023-07-27'
+//title: Prerequisites Checklist to Deploy ROSA Cluster with STS
+//tags: ["ROSA", "STS"]
+//authors:
+//  - Byron Miller
+//  - Connor Wooley
+//  - Diana Sari
+//---
+
+This is a checklist of prerequisites needed to create a {product-title} (ROSA) classic cluster with link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html[STS].
+
+[NOTE]
+====
+This is a high level checklist and your implementation can vary.
+====
+
+Before running the installation process, verify that you deploy this from a machine that has access to:
+
+* The API services for the cloud to which you provision.
+* Access to `api.openshift.com` and `sso.redhat.com`.
+* The hosts on the network that you provision.
+* The internet to obtain installation media.
+
+== Accounts and CLIs Prerequisites
+
+Accounts and CLIs you must install to deploy the cluster.
+
+=== AWS account
+
+* Gather the following details:
+** AWS IAM User
+** AWS Access Key ID
+** AWS Secret Access Key
+* Ensure that you have the right permissions as detailed link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA] and xref:../rosa_architecture/rosa-sts-about-iam-resources.html[About IAM resources for ROSA clusters that use STS].
+* See xref:../rosa_planning/rosa-sts-aws-prereqs.html#rosa-account_rosa-sts-aws-prereqs[Account] for more details.
+
+=== AWS CLI (`aws`)
+
+* Install from link:https://aws.amazon.com/cli/[AWS Command Line Interface] if you have not already.
+* Configure the CLI:
++
+. Enter `aws configure` in the terminal:
++
+[source,terminal]
+----
+$ aws configure
+----
++
+. Enter the AWS Access Key ID and press *enter*.
+. Enter the AWS Secret Access Key and press *enter*.
+. Enter the default region you want to deploy into.
+. Enter the output format you want, “table” or “json”.
+. Verify the output by running:
++
+[source,terminal]
+----
+ $ aws sts get-caller-identity
+----
++
+. Ensure that the service role for ELB already exists by running:
++
+[source,terminal]
+----
+$ aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing"
+----
++
+.. If it does not exist, run:
++
+[source,terminal]
+----
+$ aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"
+----
+
+=== Red Hat account
+
+* Create a link:https://console.redhat.com/[{hybrid-console}]  account if you have not already.
+
+=== ROSA CLI (`rosa`)
+
+. Enable ROSA from your AWS account on the link:https://console.aws.amazon.com/rosa/[AWS console] if you have not already.
+. Install the CLI from xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.html[Installing the Red Hat OpenShift Service on AWS (ROSA) CLI, rosa] or from the OpenShift console link:https://console.redhat.com/openshift/downloads#tool-rosa[AWS console].
+. Enter `rosa login` in a terminal, and this will prompt you to go to the link:https://console.redhat.com/openshift/token/rosa[token page] through the console:
++
+[source,terminal]
+----
+$ rosa login
+----
++
+. Log in with your Red Hat account credentials.
+. Click the *Load token* button.
+. Copy the token and paste it back into the CLI prompt and press *enter*.
++
+* Alternatively, you can copy the full `$ rosa login --token=abc...` command and paste that in the terminal:
++
+[source,terminal]
+----
+$ rosa login --token=<abc..>
+----
++
+. Verify your credentials by running:
++
+[source,terminal]
+----
+$ rosa whoami
+----
++
+. Ensure you have sufficient quota by running:
++
+[source,terminal]
+----
+$ rosa verify quota
+----
++
+* See xref:../rosa_planning/rosa-sts-aws-prereqs.html#rosa-aws-policy-provisioned_rosa-sts-aws-prereqs[Provisioned AWS Infrastructure] for more details on AWS services provisioned for ROSA cluster.
+* See xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas] for more details on AWS services quota.
+
+
+=== OpenShift CLI (`oc`)
+
+. Install from xref:../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[Getting started with the OpenShift CLI] or from the OpenShift console link:https://console.redhat.com/openshift/downloads#tool-oc[Command-line interface (CLI) tools].
+. Verify that the OpenShift CLI has been installed correctly by running:
++
+[source,terminal]
+----
+$ rosa verify openshift-client
+----
+
+Once you have the above prerequisites installed and enabled, proceed to the next steps.
+
+
+== SCP Prerequisites
+
+ROSA clusters are hosted in an AWS account within an AWS organizational unit. A link:https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html[service control policy (SCP)] is created and applied to the AWS organizational unit that manages what services the AWS sub-accounts are permitted to access.
+
+* Ensure that your organization's SCPs are not more restrictive than the roles and policies required by the cluster.
+* Ensure that your SCP is configured to allow the required `aws-marketplace:Subscribe` permission when you choose *Enable ROSA* from the console, and see link:https://docs.aws.amazon.com/ROSA/latest/userguide/troubleshoot-rosa-enablement.html#error-aws-orgs-scp-denies-permissions[AWS Organizations service control policy (SCP) is denying required AWS Marketplace permissions] for more details.
+* When you create a ROSA classic cluster, an associated AWS OpenID Connect (OIDC) identity provider is created.
+** This OIDC provider configuration relies on a public key that is located in the `us-east-1` AWS region.
+** Customers with AWS SCPs must allow the use of the `us-east-1` AWS region, even if these clusters are deployed in a different region.
+
+== Networking Prerequisites
+
+Prerequisites needed from a networking standpoint.
+
+=== Firewall
+
+* Configure your firewall to allow access to the domains and ports listed in xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites].
+
+=== Additional custom security groups
+
+When you create a cluster using an existing non-managed VPC, you can add additional custom security groups during cluster creation. Complete these prerequisites before you create the cluster:
+
+* Create the custom security groups in AWS before you create the cluster.
+* Associate the custom security groups with the VPC that you are using to create the cluster. Do not associate the custom security groups with any other VPC.
+* You may need to request additional AWS quota for `Security groups per network interface`.
+
+For more details see the detailed requirements for xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups].
+
+=== Custom DNS
+
+* If you want to use custom DNS, then the ROSA installer must be able to use VPC DNS with default DHCP options so it can resolve hosts locally.
+** To do so, run `aws ec2 describe-dhcp-options` and see if the VPC is using VPC Resolver:
++
+[source,terminal]
+----
+$ aws ec2 describe-dhcp-options
+----
++
+* Otherwise, the upstream DNS will need to forward the cluster scope to this VPC so the cluster can resolve internal IPs and services.
+
+== PrivateLink Prerequisites
+
+If you choose to deploy a PrivateLink cluster, then be sure to deploy the cluster in the pre-existing BYO VPC:
+
+* Create a public and private subnet for each AZ that your cluster uses.
+** Alternatively, implement transit gateway for internet and egress with appropriate routes.
+* The VPC's CIDR block must contain the `Networking.MachineCIDR` range, which is the IP address for cluster machines.
+** The subnet CIDR blocks must belong to the machine CIDR that you specify.
+* Set both `enableDnsHostnames` and `enableDnsSupport` to `true`.
+** That way, the cluster can use the Route 53 zones that are attached to the VPC to resolve cluster internal DNS records.
+* Verify route tables by running:
++
+[source,terminal]
+ ----
+ $ aws ec2 describe-route-tables --filters "Name=vpc-id,Values=<vpc-id>"
+ ----
+
+** Ensure that the cluster can egress either through NAT gateway in public subnet or through transit gateway.
+** Ensure whatever UDR you would like to follow is set up.
+* You can also configure a cluster-wide proxy during or after install.
+xref:../networking/configuring-cluster-wide-proxy.adoc#configuring-cluster-wide-proxy[Configuring a cluster-wide proxy] for more details.
+
+[NOTE]
+====
+You can install a non-PrivateLink ROSA cluster in a pre-existing BYO VPC.
+====
diff --git a/rosa_planning/rosa-hcp-prereqs.adoc b/rosa_planning/rosa-hcp-prereqs.adoc
index f910fd7943d8..e59738492a51 100644
--- a/rosa_planning/rosa-hcp-prereqs.adoc
+++ b/rosa_planning/rosa-hcp-prereqs.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-sts-aws-prereqs
+:context: rosa-hcp-aws-prereqs
 [id="rosa-hcp-prereqs"]
 = AWS prerequisites for {hcp-title}
 
@@ -10,8 +10,6 @@ toc::[]
 
 Ensure that the following AWS prerequisites are met before installing ROSA with STS.
 
-include::modules/rosa-aws-understand.adoc[leveloffset=+1]
-
 [IMPORTANT]
 ====
 When you create a ROSA cluster using AWS STS, an associated AWS OpenID Connect (OIDC) identity provider is created as well. This OIDC provider configuration relies on a public key that is located in the `us-east-1` AWS region. Customers with AWS SCPs must allow the use of the `us-east-1` AWS region, even if these clusters are deployed in a different region.
@@ -27,7 +25,7 @@ include::modules/rosa-sts-aws-requirements-account.adoc[leveloffset=+2]
 [id="additional-resources_aws-account-requirements_{context}"]
 .Additional resources
 * xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
-* xref:../sd_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-general-deployment-elb[Creating the Elastic Load Balancing (ELB) service-linked role]
+* xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-elb-service-role_rosa-troubleshooting-cluster-deployments[Creating the Elastic Load Balancing (ELB) service-linked role]
 
 include::modules/rosa-sts-aws-requirements-access-req.adoc[leveloffset=+2]
 
@@ -44,6 +42,11 @@ include::modules/rosa-sts-aws-requirements-security-req.adoc[leveloffset=+2]
 .Additional resources
 * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
 
+[role="_additional-resources"]
+.Additional resources
+
+*  xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+
 include::modules/rosa-sts-aws-requirements-ocm.adoc[leveloffset=+2]
 include::modules/rosa-sts-aws-requirements-association-concept.adoc[leveloffset=+3]
 include::modules/rosa-sts-aws-requirements-creating-association.adoc[leveloffset=+3]
@@ -80,4 +83,4 @@ include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+1]
 == Additional resources
 * xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red Hat OpenShift Service on AWS clusters]
 * xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-applications-config-custom-domains[Configuring custom domains for applications]
-* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
\ No newline at end of file
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
diff --git a/rosa_planning/rosa-limits-scalability.adoc b/rosa_planning/rosa-limits-scalability.adoc
index 732b4c636089..2e410382adca 100644
--- a/rosa_planning/rosa-limits-scalability.adoc
+++ b/rosa_planning/rosa-limits-scalability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 
 [id="rosa-limits-scalability"]
diff --git a/rosa_planning/rosa-planning-environment.adoc b/rosa_planning/rosa-planning-environment.adoc
index 9f02126860ca..10416b9abea9 100644
--- a/rosa_planning/rosa-planning-environment.adoc
+++ b/rosa_planning/rosa-planning-environment.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 
 [id="rosa-planning-environment"]
diff --git a/rosa_planning/rosa-sts-aws-prereqs.adoc b/rosa_planning/rosa-sts-aws-prereqs.adoc
index 3d5f51820093..5c33064376e0 100644
--- a/rosa_planning/rosa-sts-aws-prereqs.adoc
+++ b/rosa_planning/rosa-sts-aws-prereqs.adoc
@@ -1,8 +1,8 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-sts-aws-prereqs
 [id="rosa-sts-aws-prereqs"]
-= AWS prerequisites for ROSA with STS
+= Detailed requirements for deploying ROSA using STS
 
 toc::[]
 
@@ -12,8 +12,6 @@ include::snippets/rosa-sts.adoc[]
 
 Ensure that the following AWS prerequisites are met before installing ROSA with STS.
 
-include::modules/rosa-aws-understand.adoc[leveloffset=+1]
-
 [IMPORTANT]
 ====
 When you create a ROSA cluster using AWS STS, an associated AWS OpenID Connect (OIDC) identity provider is created as well. This OIDC provider configuration relies on a public key that is located in the `us-east-1` AWS region. Customers with AWS SCPs must allow the use of the `us-east-1` AWS region, even if these clusters are deployed in a different region.
@@ -29,7 +27,7 @@ include::modules/rosa-sts-aws-requirements-account.adoc[leveloffset=+2]
 [id="additional-resources_aws-account-requirements_{context}"]
 .Additional resources
 * xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
-* xref:../sd_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-general-deployment-elb[Creating the Elastic Load Balancing (ELB) service-linked role]
+* xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-elb-service-role_rosa-troubleshooting-cluster-deployments[Creating the Elastic Load Balancing (ELB) service-linked role]
 
 include::modules/rosa-sts-aws-requirements-access-req.adoc[leveloffset=+2]
 
@@ -74,6 +72,11 @@ With the STS deployment model, Red Hat is no longer responsible for creating and
 include::modules/rosa-aws-provisioned.adoc[leveloffset=+1]
 include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+*  xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+
 == Next steps
 * xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Review the required AWS service quotas]
 
@@ -82,4 +85,4 @@ include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+1]
 == Additional resources
 * xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red Hat OpenShift Service on AWS clusters]
 * xref:../applications/deployments/osd-config-custom-domains-applications.adoc#osd-applications-config-custom-domains[Configuring custom domains for applications]
-* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
\ No newline at end of file
+* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
diff --git a/rosa_planning/rosa-sts-ocm-role.adoc b/rosa_planning/rosa-sts-ocm-role.adoc
index ff87137b5607..b15473ae00b8 100644
--- a/rosa_planning/rosa-sts-ocm-role.adoc
+++ b/rosa_planning/rosa-sts-ocm-role.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: rosa-sts-ocm-role
 [id="rosa-sts-ocm-role"]
@@ -6,7 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-{product-title} (ROSA) web UI requires that you have specific permissions on your AWS account that create a trust relationship to provide the end-user experience at {cluster-manager-url} and for the `rosa` command line interface (CLI). 
+{product-title} (ROSA) web UI requires that you have specific permissions on your AWS account that create a trust relationship to provide the end-user experience at {cluster-manager-url} and for the `rosa` command line interface (CLI).
 
 This trust relationship is achieved through the creation and association of the `ocm-role` AWS IAM role. This role has a trust policy with the AWS installer that links your Red Hat account to your AWS account. In addition, you also need a `user-role` AWS IAM role for each web UI user, which serves to identify these users. This `user-role` AWS IAM role has no permissions.
 
@@ -54,7 +54,7 @@ include::modules/rosa-sts-user-role-creation.adoc[leveloffset=+2]
 
 [IMPORTANT]
 ====
-If you unlink or delete your `user-role` IAM role prior to deleting your cluster, an error prevents you from deleting your cluster. You must create or relink this role to proceed with the deletion process. See xref:../sd_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted] for more information.
+If you unlink or delete your `user-role` IAM role prior to deleting your cluster, an error prevents you from deleting your cluster. You must create or relink this role to proceed with the deletion process. See xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted] for more information.
 ====
 
 include::modules/rosa-sts-aws-requirements-association-concept.adoc[leveloffset=+1]
@@ -63,5 +63,5 @@ include::modules/rosa-sts-aws-requirements-creating-multi-association.adoc[level
 
 [role="_additional-resources"]
 == Additional resources
-* See xref:../sd_support/rosa-troubleshooting-iam-resources.adoc#rosa-sts-ocm-roles-and-permissions-troubleshooting[Troubleshooting IAM roles]
+* See xref:../support/troubleshooting/rosa-troubleshooting-iam-resources.adoc#rosa-sts-ocm-roles-and-permissions-troubleshooting[Troubleshooting IAM roles]
 * See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies[Account-wide IAM role and policy reference] for a list of IAM roles needed for cluster creation.
\ No newline at end of file
diff --git a/rosa_planning/rosa-sts-required-aws-service-quotas.adoc b/rosa_planning/rosa-sts-required-aws-service-quotas.adoc
index 0f14d57b52cb..d397920bd51a 100644
--- a/rosa_planning/rosa-sts-required-aws-service-quotas.adoc
+++ b/rosa_planning/rosa-sts-required-aws-service-quotas.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-sts-required-aws-service-quotas"]
 = Required AWS service quotas
diff --git a/rosa_planning/rosa-sts-setting-up-environment.adoc b/rosa_planning/rosa-sts-setting-up-environment.adoc
index 5814ca97e40d..2ae41b6ccd6a 100644
--- a/rosa_planning/rosa-sts-setting-up-environment.adoc
+++ b/rosa_planning/rosa-sts-setting-up-environment.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-sts-setting-up-environment"]
 = Setting up the environment for using STS
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/rosa_planning/rosa-understanding-terraform.adoc b/rosa_planning/rosa-understanding-terraform.adoc
new file mode 100644
index 000000000000..b215d08eb478
--- /dev/null
+++ b/rosa_planning/rosa-understanding-terraform.adoc
@@ -0,0 +1,36 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+
+[id="rosa-understanding-terraform"]
+= Preparing Terraform to install ROSA clusters
+:context: rosa-understanding-terraform
+
+toc::[]
+
+Terraform is an infrastructure-as-code tool that provides a way to configure your resources once and replicate those resources as desired. Terraform accomplishes the creation tasks by using declarative language. You declare what you want the final state of the infrastructure resource to be, and Terraform creates these resources to your specifications.
+
+include::modules/rosa-sts-terraform-prerequisites.adoc[leveloffset=+1]
+
+[discrete]
+[role="_additional-resources"]
+[id="additional-resources_rosa-terraform-prereq"]
+.Additional resources
+
+* See xref:../rosa_planning/rosa-cloud-expert-prereq-checklist.adoc#rosa-cloud-expert-prereq-checklist[Prerequisites checklist for deploying ROSA using STS] for a list of requirements that must be met before you can create ROSA clusters by using STS.
+* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc[About IAM resources for ROSA clusters that use STS] for information about the AWS account roles.
+* See xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc[Getting started with the ROSA CLI] for information about installing the ROSA CLI.
+* See Hashicorp's link:https://developer.hashicorp.com/terraform[Terraform documentation] for a comprehensive guide to Terraform.
+* See this xref:../rosa_planning/rosa-understanding-terraform.adoc#sd-terraform-account-roles_rosa-understanding-terraform[Terraform example] to create your account-wide IAM roles.
+
+include::modules/rosa-sts-account-roles-terraform.adoc[leveloffset=+1]
+
+[id="next-steps_rosa-understanding-terraform"]
+== Next steps
+
+* xref:../rosa_planning/rosa-planning-environment.adoc#rosa-planning-environment[Planning your environment]
+
+[role="_additional-resources"]
+[id="additional-resources_rosa-understanding-terraform"]
+== Additional resources
+
+* xref:../logging/sd-accessing-the-service-logs.adoc#sd-accessing-the-service-logs[Accessing the service logs for ROSA clusters]
diff --git a/rosa_release_notes/rosa-release-notes.adoc b/rosa_release_notes/rosa-release-notes.adoc
index ab73428ffae4..d7618f5c055e 100644
--- a/rosa_release_notes/rosa-release-notes.adoc
+++ b/rosa_release_notes/rosa-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-whats-new"]
 = What's new with {product-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -10,17 +10,65 @@ toc::[]
 
 {product-title} clusters are available on the link:https://console.redhat.com/openshift[Hybrid Cloud Console]. With the Red Hat OpenShift Cluster Manager application for ROSA, you can deploy {product-title} clusters to either on-premises or cloud environments.
 
-include::modules/rosa-update-cli-tool.adoc[]
-
 [id="rosa-new-changes-and-updates_{context}"]
 == New changes and updates
 
+[id="rosa-q1-2024_{context}"]
+=== Q1 2024
+
+* **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.34[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI].
+
+[id="rosa-q4-2023_{context}"]
+=== Q4 2023
+
+* **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.32[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI].
+
+* **Delete cluster command enhancement.** With the release of ROSA CLI (`rosa`) version 1.2.31, the `--best-effort` argument was added, which allows you to force-delete clusters when using the `rosa delete cluster` command. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-delete-cluster_rosa-managing-objects-cli[delete cluster].
+
+* **{hcp-title-first}.** {hcp-title} is now generally available. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating ROSA with HCP clusters using the default options].
+
+* **Configurable process identifier (PID) limits.** With the release of ROSA CLI (`rosa`) version 1.2.31, administrators can use the `rosa create kubeletconfig` and `rosa edit kubeletconfig` commands to set the maximum PIDs for an existing cluster. For more information, see link:https://access.redhat.com/articles/7033551[Changing the maximum number of process IDs per pod (podPidsLimit) for ROSA].
+
+* **Configure custom security groups.** With the release of ROSA CLI (`rosa`) version 1.2.31, administrators can use the `rosa create` command or the OpenShift Cluster Manager to create a new cluster or a new machine pool with up to 5 additional custom security groups. Configuring custom security groups gives administrators greater control over resource access in new clusters and machine pools. For more information, see xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups].
+
+* **Command update.** With the release of ROSA CLI (`rosa`) version 1.2.28, a new command, `rosa describe machinepool`, was added that allows you to check detailed information regarding a specific ROSA cluster machine pool. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-describe-machinepool_rosa-managing-objects-cli[describe machinepool].
+
+* **Documentation update.** The Operators section was added to the ROSA documentation. Operators are the preferred method of packaging, deploying, and managing services on the control plane. For more information, see xref:../operators/index.adoc[Operators overview].
+
+* **{VirtProductName} support.** The release of {VirtProductName} 4.14 added support for running {VirtProductName} on ROSA Classic clusters. For more information, see link:https://docs.openshift.com/container-platform/4.14/virt/install/preparing-cluster-for-virt.html#virt-aws-bm_preparing-cluster-for-virt[{VirtProductName} on AWS bare metal] in the {OCP} documentation.
+
+[id="rosa-q3-2023_{context}"]
+=== Q3 2023
+
+* **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.27[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI].
+
+* **Cluster autoscaling.** You can now enable cluster autoscaling using ROSA clusters. Cluster autoscaling automatically adjusts the size of a cluster so that all pods have a place to run, and there are no unneeded nodes. You can enable autoscaling during and after cluster creation using either OpenShift Cluster Manager or the ROSA CLI (`rosa`). For more information, see xref:../rosa_cluster_admin/rosa-cluster-autoscaling.adoc[Cluster autoscaling].
+
+* **Shared virtual private clouds.** ROSA now supports installing clusters into VPCs shared among AWS accounts that are part of AWS organizations. AWS account installing ROSA cluster can now use shared subnets owned by a management account. For more information, see xref:../rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc[Configuring a shared virtual private cloud for ROSA clusters].
+
+* **Machine pool disk volume size.** You can now configure your machine pool disk volume size for additional flexibility. You can select your own sizing for the disk volumes of their worker machine pool nodes. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#configuring_machine_pool_disk_volumerosa-managing-worker-nodes[Configuring machine pool disk volume].
+
+* **Machine pool update.** You can now add taints to the machine pool that is automatically generated during cluster creation. You can also delete this machine pool. This new feature provides more flexibility and cost-effectiveness for cluster administrators, specifically in regards to scaling infrastructure based on changing resource requirements. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#creating_a_machine_pool_rosa-managing-worker-nodes[Creating a machine pool].
+
+* **ROSA regional availability update.** {product-title} (ROSA) is now available in the following regions:
++
+** Spain (`eu-south-2`)
+** Hyderabad (`ap-south-2`)
+** Melbourne (`ap-southeast-4`)
+** Zurich (`eu-central-2`)
++
+For more information on region availabilities, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones].
+
+* **Documentation update.** The CLI Tools section was added to the ROSA documentation and includes more detailed information to help you fully use all of the supported CLI tools. The ROSA CLI section can now be found nested inside the CLI Tools heading. For more information, see xref:../cli_reference/index.adoc[CLI tools overview].
+
+* **Documentation update.** The Monitoring section in the documentation was expanded and now includes more detailed information to help you conveniently manage your ROSA clusters. For more information, see xref:../monitoring/monitoring-overview.adoc#about-openshift-monitoring[About Red Hat OpenShift Service on AWS monitoring].
+
 [id="rosa-q2-2023_{context}"]
 === Q2 2023
 
-* **ROSA CLI update:** The ROSA CLI (`rosa`) has been updated to a new version. For information about what's changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.23[release notes]. For more information about the ROSA CLI (`rosa`,) see xref:../rosa_cli/rosa-get-started-cli.html[Getting started with the rosa CLI].
+* **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.23[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI].
 
-* **ROSA regional availability update:** {product-title} (ROSA) is now available in the United Arab Emirates (`me-central-1`) region. For more information on region availability, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones].
+* **ROSA regional availability update.** {product-title} (ROSA) is now available in the United Arab Emirates (`me-central-1`) region. For more information on region availability, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones].
 
 include::snippets/rosa-hcp-rn.adoc[leveloffset=+1]
 :featureName: ROSA with HCP
@@ -29,17 +77,19 @@ include::snippets/technology-preview.adoc[leveloffset=+1]
 [id="rosa-q1-2023_{context}"]
 === Q1 2023
 
-* **OIDC provider endpoint URL update:** Starting with ROSA CLI version 1.2.7, all new cluster OIDC provider endpoint URLs are no longer regional. AWS CloudFront is part of this implementation to improve access speed, reduce latency, and improve resiliency. This change is only available for new clusters created with ROSA CLI 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.
+* **OIDC provider endpoint URL update.** Starting with ROSA CLI version 1.2.7, all new cluster OIDC provider endpoint URLs are no longer regional. Amazon CloudFront is part of this implementation to improve access speed, reduce latency, and improve resiliency. This change is only available for new clusters created with ROSA CLI 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.
 
 [id="rosa-known-issues_{context}"]
 == Known issues
 * The OpenShift Cluster Manager roles (`ocm-role`) and user roles (`user-role`) that are key to the ROSA provisioning wizard might get enabled accidentally in your Red Hat organization by another user. However, this behavior does not affect the usability.
 * The `htpasswd` identity provider does not function as expected in all scenarios against the `rosa create admin` function.
 
+include::modules/rosa-update-cli-tool.adoc[]
+
 [id="rosa-deprecated-removed-features_{context}"]
 == Deprecated and removed features
 Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in ROSA and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
 
-* **ROSA non-STS deployment mode:** ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard.
+* **ROSA non-STS deployment mode.** ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard.
 
-* **Label removal on core namespaces:** ROSA is no longer labeling OpenShift core using the `name` label. Customers should migrate to referencing the `kubernetes.io/metadata.name` label if needed for Network Policies or other use cases.
+* **Label removal on core namespaces.** ROSA is no longer labeling OpenShift core using the `name` label. Customers should migrate to referencing the `kubernetes.io/metadata.name` label if needed for Network Policies or other use cases.
diff --git a/rosa_release_notes/whats-new-template.adoc b/rosa_release_notes/whats-new-template.adoc
index 5d619c07ae1b..42971150051e 100644
--- a/rosa_release_notes/whats-new-template.adoc
+++ b/rosa_release_notes/whats-new-template.adoc
@@ -2,5 +2,5 @@
 //
 // * rosa_release_notes/rosa-release-notes.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 * With {product-title} <release-version>, {product-title} does <something>. This functionality offers <benefits>. For more information, see link:<link-to-relevant-docs>[Documentation].
\ No newline at end of file
diff --git a/rosa_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc b/rosa_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
deleted file mode 100644
index d4ac74ca6eb0..000000000000
--- a/rosa_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="showing-data-collected-by-remote-health-monitoring"]
-= Showing data collected by remote health monitoring
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: showing-data-collected-by-remote-health-monitoring
-
-toc::[]
-
-As an administrator, you can review the metrics collected by Telemetry and the Insights Operator.
-
-include::modules/telemetry-showing-data-collected-from-the-cluster.adoc[leveloffset=+1]
-
-include::modules/insights-operator-showing-data-collected-from-the-cluster.adoc[leveloffset=+1]
diff --git a/sandboxed_containers/sandboxed-containers-moved.adoc b/sandboxed_containers/sandboxed-containers-moved.adoc
index b63935c317df..23c52b199872 100644
--- a/sandboxed_containers/sandboxed-containers-moved.adoc
+++ b/sandboxed_containers/sandboxed-containers-moved.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="sandboxed-containers-moved"]
 = {sandboxed-containers-first} documentation has been moved
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/cnf-create-performance-profiles.adoc b/scalability_and_performance/cnf-create-performance-profiles.adoc
index 01bec29ecaf3..2caae812a162 100644
--- a/scalability_and_performance/cnf-create-performance-profiles.adoc
+++ b/scalability_and_performance/cnf-create-performance-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cnf-create-performance-profiles"]
 = Creating a performance profile
 include::_attributes/common-attributes.adoc[]
@@ -10,7 +10,7 @@ Learn about the Performance Profile Creator (PPC) and how you can use it to crea
 
 [NOTE]
 ====
-Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performace profiles. 
+Currently, disabling CPU load balancing is not supported by cgroup v2. As a result, you might not get the desired behavior from performance profiles if you have cgroup v2 enabled. Enabling cgroup v2 is not recommended if you are using performance profiles.
 ====
 
 include::modules/cnf-about-the-profile-creator-tool.adoc[leveloffset=+1]
diff --git a/scalability_and_performance/cnf-low-latency-tuning.adoc b/scalability_and_performance/cnf-low-latency-tuning.adoc
index 9d82a250c65d..539df10e73cb 100644
--- a/scalability_and_performance/cnf-low-latency-tuning.adoc
+++ b/scalability_and_performance/cnf-low-latency-tuning.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cnf-low-latency-tuning"]
 = Low latency tuning
 include::_attributes/common-attributes.adoc[]
@@ -48,10 +48,15 @@ include::modules/cnf-understanding-workload-hints.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* For information on using the Performance Profile Creator (PPC) to generate a performance profile, see xref:../scalability_and_performance/cnf-create-performance-profiles.adoc#cnf-create-performance-profiles[Creating a performance profile].
+* For information about using the Performance Profile Creator (PPC) to generate a performance profile, see xref:../scalability_and_performance/cnf-create-performance-profiles.adoc#cnf-create-performance-profiles[Creating a performance profile].
 
 include::modules/cnf-configuring-workload-hints.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+
+* For information about reducing CPU throttling for individual guaranteed pods, see xref:../scalability_and_performance/cnf-low-latency-tuning.adoc#disabling-cpu-cfs-quota_cnf-master[Disabling CPU CFS quota].
+
 include::modules/cnf-cpu-infra-container.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -81,6 +86,8 @@ include::modules/cnf-collecting-low-latency-tuning-debugging-data-for-red-hat-su
 [role="_additional-resources"]
 .Additional resources
 
+* For more information about the `must-gather` tool, see xref:../support/gathering-cluster-data.adoc#gathering-cluster-data[Gathering data about your cluster]
+
 * For more information about MachineConfig and KubeletConfig,
 see xref:../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing[Managing nodes].
 
diff --git a/scalability_and_performance/cnf-numa-aware-scheduling.adoc b/scalability_and_performance/cnf-numa-aware-scheduling.adoc
index 9688a7c02c8b..11996d852d9a 100644
--- a/scalability_and_performance/cnf-numa-aware-scheduling.adoc
+++ b/scalability_and_performance/cnf-numa-aware-scheduling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cnf-numa-aware-scheduling"]
 = Scheduling NUMA-aware workloads
 include::_attributes/common-attributes.adoc[]
@@ -56,3 +56,5 @@ include::modules/cnf-checking-numa-aware-scheduler-logs.adoc[leveloffset=+2]
 include::modules/cnf-troubleshooting-resource-topo-exporter.adoc[leveloffset=+2]
 
 include::modules/cnf-troubleshooting-missing-rte-config-maps.adoc[leveloffset=+2]
+
+include::modules/cnf-about-collecting-nro-data.adoc[leveloffset=+2]
diff --git a/scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc b/scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
index 55e782786f76..4a22d01b0d97 100644
--- a/scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
+++ b/scalability_and_performance/cnf-performing-platform-verification-latency-tests.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cnf-performing-platform-verification-latency-tests"]
 = Performing latency tests for platform verification
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc b/scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
deleted file mode 100644
index 6072869746ee..000000000000
--- a/scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-:_content-type: ASSEMBLY
-[id="cnf-talm-for-cluster-updates"]
-= {cgu-operator-full} for cluster updates
-include::_attributes/common-attributes.adoc[]
-:context: cnf-topology-aware-lifecycle-manager
-
-toc::[]
-
-You can use the {cgu-operator-first} to manage the software lifecycle of multiple clusters. {cgu-operator} uses {rh-rhacm-first} policies to perform changes on the target clusters.
-
-:FeatureName: {cgu-operator-full}
-
-include::modules/cnf-about-topology-aware-lifecycle-manager-config.adoc[leveloffset=+1]
-
-include::modules/cnf-about-topology-aware-lifecycle-manager-policies.adoc[leveloffset=+1]
-
-include::modules/cnf-topology-aware-lifecycle-manager-installation-web-console.adoc[leveloffset=+1]
-
-include::modules/cnf-topology-aware-lifecycle-manager-installation-cli.adoc[leveloffset=+1]
-
-include::modules/cnf-topology-aware-lifecycle-manager-about-cgu-crs.adoc[leveloffset=+1]
-
-include::modules/cnf-about-topology-aware-lifecycle-manager-blocking-crs.adoc[leveloffset=+2]
-
-include::modules/cnf-topology-aware-lifecycle-manager-policies-concept.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-For more information about the `PolicyGenTemplate` CRD, see xref:../scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc#ztp-the-policygentemplate_ztp-configuring-managed-clusters-policies[About the PolicyGenTemplate CRD].
-
-include::modules/cnf-topology-aware-lifecycle-manager-apply-policies.adoc[leveloffset=+2]
-
-include::modules/cnf-topology-aware-lifecycle-manager-backup-concept.adoc[leveloffset=+1]
-
-include::modules/cnf-topology-aware-lifecycle-manager-backup-feature.adoc[leveloffset=+2]
-
-include::modules/cnf-topology-aware-lifecycle-manager-backup-recovery.adoc[leveloffset=+2]
-
-include::modules/cnf-topology-aware-lifecycle-manager-precache-concept.adoc[leveloffset=+1]
-
-include::modules/cnf-topology-aware-lifecycle-manager-precache-image-filter.adoc[leveloffset=+2]
-
-include::modules/cnf-topology-aware-lifecycle-manager-precache-feature.adoc[leveloffset=+2]
-
-include::modules/cnf-topology-aware-lifecycle-manager-troubleshooting.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For information about troubleshooting, see xref:../support/troubleshooting/troubleshooting-operator-issues.adoc[OpenShift Container Platform Troubleshooting Operator Issues].
-
-* For more information about using {cgu-operator-full} in the ZTP workflow, see xref:../scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc#ztp-topology-aware-lifecycle-manager[Updating managed policies with {cgu-operator-full}].
-
-* For more information about the `PolicyGenTemplate` CRD, see xref:../scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc#ztp-the-policygentemplate_ztp-configuring-managed-clusters-policies[About the PolicyGenTemplate CRD]
\ No newline at end of file
diff --git a/scalability_and_performance/enabling-workload-partitioning.adoc b/scalability_and_performance/enabling-workload-partitioning.adoc
index 9bdce1dc5021..d74f21fd57e9 100644
--- a/scalability_and_performance/enabling-workload-partitioning.adoc
+++ b/scalability_and_performance/enabling-workload-partitioning.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-workload-partitioning"]
 = Workload partitioning
 include::_attributes/common-attributes.adoc[]
@@ -6,10 +6,6 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-:FeatureName: Workload partitioning
-include::snippets/technology-preview.adoc[]
-:!FeatureName:
-
 In resource-constrained environments, you can use workload partitioning to isolate {product-title} services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs.
 
 The minimum number of reserved CPUs required for the cluster management is four CPU Hyper-Threads (HTs).
@@ -35,41 +31,31 @@ compute:
     platform: {}
     replicas: 3
 controlPlane:
-  architecture: amd64  
+  architecture: amd64
   hyperthreading: Enabled
   name: master
   platform: {}
   replicas: 3
 ----
-<1> Sets up a cluster for CPU partitioning at install time. The default value is `None`. 
+<1> Sets up a cluster for CPU partitioning at install time. The default value is `None`.
 +
 [NOTE]
 ====
-Workload partitioning can only be enabled during cluster installation. You cannot disable workload partitioning post-installation.
+Workload partitioning can only be enabled during cluster installation. You cannot disable workload partitioning postinstallation.
 ====
 
-. In the performance profile, specify the `isolated` and `reserved` CPUs. 
+. In the performance profile, specify the `isolated` and `reserved` CPUs.
 +
+.Recommended performance profile configuration
 [source,yaml]
 ----
-apiVersion: performance.openshift.io/v2
-kind: PerformanceProfile
-metadata:
-  name: openshift-node-workload-partitioning-worker
-spec:
-  cpu:
-    isolated: 0,1 <1>
-    reserved: "2-3" <2>
-  machineConfigPoolSelector:
-    pools.operator.machineconfiguration.openshift.io/worker: ""
-  nodeSelector:
-    node-role.kubernetes.io/worker: ""
+include::snippets/ztp_PerformanceProfile.yaml[]
 ----
-<1> Sets the isolated CPUs. Ensure all of the Hyper-Threading pairs match.
-<2> Specifies the CPU set to pin the workloads and the {product-title} infrastructure pods to. When workload partitioning is enabled, platform containers and platform services such as `systemd`, `CRI-O`, and `Kubelet`  are restricted to these CPUs. All CPUs that are not isolated should be reserved.
++
+include::snippets/performance-profile-workload-partitioning.adoc[]
 
 Workload partitioning introduces an extended `management.workload.openshift.io/cores` resource type for platform pods.
-Kubelet advertises the resources and CPU requests by pods allocated to the pool within the corresponding resource.
+kubelet advertises the resources and CPU requests by pods allocated to the pool within the corresponding resource.
 When workload partitioning is enabled, the `management.workload.openshift.io/cores` resource allows the scheduler to correctly assign pods based on the `cpushares` capacity of the host, not just the default `cpuset`.
 
 [role="_additional-resources"]
diff --git a/scalability_and_performance/ibm-z-recommended-host-practices.adoc b/scalability_and_performance/ibm-z-recommended-host-practices.adoc
index 2aa6ecdfcfec..ee1ab1fc0104 100644
--- a/scalability_and_performance/ibm-z-recommended-host-practices.adoc
+++ b/scalability_and_performance/ibm-z-recommended-host-practices.adoc
@@ -1,12 +1,12 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ibm-z-recommended-host-practices"]
-= Recommended host practices for {ibmzProductName} & {linuxoneProductName} environments
+= Recommended host practices for {ibm-z-title} & {ibm-linuxone-title} environments
 include::_attributes/common-attributes.adoc[]
 :context: ibm-z-recommended-host-practices
 
 toc::[]
 
-This topic provides recommended host practices for {product-title} on {ibmzProductName} and {linuxoneProductName}.
+This topic provides recommended host practices for {product-title} on {ibm-z-name} and {ibm-linuxone-name}.
 
 [NOTE]
 ====
@@ -15,7 +15,7 @@ The s390x architecture is unique in many aspects. Therefore, some recommendation
 
 [NOTE]
 ====
-Unless stated otherwise, these practices apply to both z/VM and {op-system-base-full} KVM installations on {ibmzProductName} and {linuxoneProductName}.
+Unless stated otherwise, these practices apply to both z/VM and {op-system-base-full} KVM installations on {ibm-z-name} and {ibm-linuxone-name}.
 ====
 
 include::modules/ibm-z-managing-cpu-overcommitment.adoc[leveloffset=+1]
@@ -37,7 +37,7 @@ include::modules/ibm-z-boost-networking-performance-with-rfs.adoc[leveloffset=+1
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://developer.ibm.com/tutorials/red-hat-openshift-on-ibm-z-tune-your-network-performance-with-rfs/[{product-title} on IBM Z: Tune your network performance with RFS]
+* link:https://developer.ibm.com/tutorials/red-hat-openshift-on-ibm-z-tune-your-network-performance-with-rfs/[{product-title} on {ibm-z-name}: Tune your network performance with RFS]
 
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/performance_tuning_guide/sect-red_hat_enterprise_linux-performance_tuning_guide-networking-configuration_tools#sect-Red_Hat_Enterprise_Linux-Performance_Tuning_Guide-Configuration_tools-Configuring_Receive_Flow_Steering_RFS[Configuring Receive Flow Steering (RFS)]
 
@@ -48,9 +48,9 @@ include::modules/ibm-z-choose-networking-setup.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=openshift-performance#openshift_perf__ocp_eval[{product-title} on IBM Z - Performance Experiences, Hints and Tips]
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=openshift-performance#openshift_perf__ocp_eval[{product-title} on {ibm-z-name} - Performance Experiences, Hints and Tips]
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=openshift-performance#openshift_perf__ocp_net[{product-title} on IBM Z Networking Performance]
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=openshift-performance#openshift_perf__ocp_net[{product-title} on {ibm-z-name} Networking Performance]
 
 * xref:../nodes/scheduling/nodes-scheduler-node-affinity.adoc[Controlling pod placement on nodes using node affinity rules]
 
@@ -61,13 +61,13 @@ include::modules/ibm-z-ensure-high-disk-performance-hyperpav.adoc[leveloffset=+1
 
 * link:https://www.ibm.com/docs/en/linux-on-systems?topic=io-using-hyperpav-eckd-dasd[Using HyperPAV for ECKD DASD]
 
-* link:http://public.dhe.ibm.com/software/dw/linux390/perf/zvm_hpav00.pdf[Scaling HyperPAV alias devices on Linux guests on z/VM]
+* link:https://public.dhe.ibm.com/software/dw/linux390/perf/zvm_hpav00.pdf[Scaling HyperPAV alias devices on Linux guests on z/VM]
 
 include::modules/ibm-z-rhel-kvm-host-recommendations.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://www.ibm.com/docs/en/linux-on-systems?topic=v-kvm[Linux on IBM Z Performance Tuning for KVM]
+* link:https://www.ibm.com/docs/en/linux-on-systems?topic=v-kvm[Linux on {ibm-z-name} Performance Tuning for KVM]
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_virtualization/getting-started-with-virtualization-in-rhel-8-on-ibm-z_configuring-and-managing-virtualization[Getting started with virtualization on IBM Z]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_virtualization/getting-started-with-virtualization-in-rhel-8-on-ibm-z_configuring-and-managing-virtualization[Getting started with virtualization on {ibm-z-name}]
diff --git a/scalability_and_performance/managing-bare-metal-hosts.adoc b/scalability_and_performance/managing-bare-metal-hosts.adoc
index 82d9aa919412..13319e353022 100644
--- a/scalability_and_performance/managing-bare-metal-hosts.adoc
+++ b/scalability_and_performance/managing-bare-metal-hosts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-bare-metal-hosts"]
 = Managing bare metal hosts
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/node-observability-operator.adoc b/scalability_and_performance/node-observability-operator.adoc
index 4bc04081867b..d1552aca5e1a 100644
--- a/scalability_and_performance/node-observability-operator.adoc
+++ b/scalability_and_performance/node-observability-operator.adoc
@@ -1,13 +1,15 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-node-observability-operator"]
-= Requesting CRI-O and Kubelet profiling data by using the Node Observability Operator
+= Using the Node Observability Operator
 include::_attributes/common-attributes.adoc[]
 :context: node-observability-operator
 
 toc::[]
 
+The Node Observability Operator collects and stores CRI-O and Kubelet profiling or metrics from scripts of compute nodes.
+
+With the Node Observability Operator, you can query the profiling data, enabling analysis of performance trends in CRI-O and Kubelet. It supports debugging performance-related issues and executing embedded scripts for network metrics by using the `run` field in the custom resource definition. To enable CRI-O and Kubelet profiling or scripting, you can configure the `type` field in the custom resource definition.
 
-The Node Observability Operator collects and stores the CRI-O and Kubelet profiling data of worker nodes. You can query the profiling data to analyze the CRI-O and Kubelet performance trends and debug the performance-related issues.
 
 :FeatureName: The Node Observability Operator
 include::snippets/technology-preview.adoc[leveloffset=+0]
@@ -20,6 +22,30 @@ include::modules/node-observability-install-cli.adoc[leveloffset=+2]
 
 include::modules/node-observability-install-web-console.adoc[leveloffset=+2]
 
-include::modules/node-observability-create-custom-resource.adoc[leveloffset=+1]
 
-include::modules/node-observability-run-profiling-query.adoc[leveloffset=+1]
+[id="requesting-crio-kubelet-profiling-using-noo_{context}"]
+== Requesting CRI-O and Kubelet profiling data using the Node Observability Operator
+
+Creating a Node Observability custom resource to collect CRI-O and Kubelet profiling data.
+
+include::modules/node-observability-create-custom-resource.adoc[leveloffset=+2]
+
+include::modules/node-observability-run-profiling-query.adoc[leveloffset=+2]
+
+
+[id="node-observability-operator-scripting_{context}"]
+== Node Observability Operator scripting
+
+Scripting allows you to run pre-configured bash scripts, using the current Node Observability Operator and Node Observability Agent.
+
+These scripts monitor key metrics like CPU load, memory pressure, and worker node issues. They also collect sar reports and custom performance metrics. 
+
+include::modules/node-observability-scripting-cr.adoc[leveloffset=+2]
+
+include::modules/node-observability-scripting.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_node-observability-operator"]
+== Additional resources
+
+For more information on how to collect worker metrics, see link:https://access.redhat.com/solutions/5343671[Red Hat Knowledgebase article].
\ No newline at end of file
diff --git a/scalability_and_performance/optimization/optimizing-cpu-usage.adoc b/scalability_and_performance/optimization/optimizing-cpu-usage.adoc
index 1fa675132a30..b8459e071020 100644
--- a/scalability_and_performance/optimization/optimizing-cpu-usage.adoc
+++ b/scalability_and_performance/optimization/optimizing-cpu-usage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="optimizing-cpu-usage"]
 = Optimizing CPU usage with mount namespace encapsulation
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/optimization/optimizing-networking.adoc b/scalability_and_performance/optimization/optimizing-networking.adoc
index d478a760b8e3..f00fa40d1bb4 100644
--- a/scalability_and_performance/optimization/optimizing-networking.adoc
+++ b/scalability_and_performance/optimization/optimizing-networking.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="optimizing-networking"]
 = Optimizing networking
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/optimization/optimizing-storage.adoc b/scalability_and_performance/optimization/optimizing-storage.adoc
index 98cd0521dff8..c6d7593ede43 100644
--- a/scalability_and_performance/optimization/optimizing-storage.adoc
+++ b/scalability_and_performance/optimization/optimizing-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="optimizing-storage"]
 = Optimizing storage
 include::_attributes/common-attributes.adoc[]
@@ -35,5 +35,4 @@ include::modules/optimizing-storage-azure.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="admission-plug-ins-additional-resources"]
 == Additional resources
-
-* xref:../../logging/config/cluster-logging-log-store.html#cluster-logging-elasticsearch-storage_cluster-logging-store[Configuring persistent storage for the log store]
+* xref:../../logging/log_storage/logging-config-es-store.adoc#logging-config-es-store[Configuring the Elasticsearch log store]
diff --git a/scalability_and_performance/optimization/routing-optimization.adoc b/scalability_and_performance/optimization/routing-optimization.adoc
index 0e57b93ccab5..21078ae68d97 100644
--- a/scalability_and_performance/optimization/routing-optimization.adoc
+++ b/scalability_and_performance/optimization/routing-optimization.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="routing-optimization"]
 = Optimizing routing
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/planning-your-environment-according-to-object-maximums.adoc b/scalability_and_performance/planning-your-environment-according-to-object-maximums.adoc
index 97c22b39e7b7..9b2ab419050e 100644
--- a/scalability_and_performance/planning-your-environment-according-to-object-maximums.adoc
+++ b/scalability_and_performance/planning-your-environment-according-to-object-maximums.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="planning-your-environment-according-to-object-maximums"]
 = Planning your environment according to object maximums
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc b/scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc
index 53966e012d7e..02cd1d226c00 100644
--- a/scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc
+++ b/scalability_and_performance/recommended-performance-scale-practices/recommended-control-plane-practices.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="recommended-control-plane-practices"]
 = Recommended control plane practices
 include::_attributes/common-attributes.adoc[]
@@ -21,7 +21,7 @@ If the control plane machines in an Amazon Web Services (AWS) cluster require mo
 ====
 The procedure for clusters that use a control plane machine set is different from the procedure for clusters that do not use a control plane machine set.
 
-If you are uncertain about the state of the `ControlPlaneMachineSet` CR in your cluster, you can xref:../../machine_management/control_plane_machine_management/cpmso-getting-started.html#cpmso-checking-status_cpmso-getting-started[verify the CR status].
+If you are uncertain about the state of the `ControlPlaneMachineSet` CR in your cluster, you can xref:../../machine_management/control_plane_machine_management/cpmso-getting-started.adoc#cpmso-checking-status_cpmso-getting-started[verify the CR status].
 ====
 
 //Changing the Amazon Web Services instance type by using a control plane machine set
diff --git a/scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc b/scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
index c7604cc88f0a..6bf42d4a4bff 100644
--- a/scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
+++ b/scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="recommended-etcd-practices"]
 = Recommended etcd practices
 include::_attributes/common-attributes.adoc[]
@@ -22,3 +22,5 @@ include::modules/move-etcd-different-disk.adoc[leveloffset=+1]
 * link:https://docs.openshift.com/container-platform/4.11/architecture/architecture-rhcos.html[Red Hat Enterprise Linux CoreOS (RHCOS)]
 
 include::modules/etcd-defrag.adoc[leveloffset=+1]
+
+include::modules/etcd-tuning-parameters.adoc[leveloffset=+1]
diff --git a/scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc b/scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc
index 6eb804a2ee63..b57c58758ed1 100644
--- a/scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc
+++ b/scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="recommended-infrastructure-practices"]
 = Recommended infrastructure practices
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc b/scalability_and_performance/scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/scalability_and_performance/scaling-worker-latency-profiles.adoc b/scalability_and_performance/scaling-worker-latency-profiles.adoc
index 57a76d101f75..e02cd95db1a2 100644
--- a/scalability_and_performance/scaling-worker-latency-profiles.adoc
+++ b/scalability_and_performance/scaling-worker-latency-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :context: scaling-worker-latency-profiles
 [id="scaling-worker-latency-profiles"]
 = Improving cluster stability in high latency environments using worker latency profiles
@@ -16,8 +16,10 @@ toc::[]
 
 include::snippets/worker-latency-profile-intro.adoc[]
 
-You can configure worker latency profiles when installing a cluster or at any time you notice increased latency in your cluster network.
-
 include::modules/nodes-cluster-worker-latency-profiles-about.adoc[leveloffset=+1]
 
+include::modules/nodes-cluster-worker-latency-profiles-using-at-creation.adoc[leveloffset=+1]
+
 include::modules/nodes-cluster-worker-latency-profiles-using.adoc[leveloffset=+1]
+
+include::modules/nodes-cluster-worker-latency-profiles-examining.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/scalability_and_performance/using-cpu-manager.adoc b/scalability_and_performance/using-cpu-manager.adoc
index 9b8b05a3e288..fbcd73447d1d 100644
--- a/scalability_and_performance/using-cpu-manager.adoc
+++ b/scalability_and_performance/using-cpu-manager.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='using-cpu-manager']
 = Using CPU Manager and Topology Manager
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/using-node-tuning-operator.adoc b/scalability_and_performance/using-node-tuning-operator.adoc
index 8f4cffa42fcf..83ad562652c2 100644
--- a/scalability_and_performance/using-node-tuning-operator.adoc
+++ b/scalability_and_performance/using-node-tuning-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-node-tuning-operator"]
 = Using the Node Tuning Operator
 include::_attributes/common-attributes.adoc[]
@@ -30,4 +30,4 @@ include::modules/advanced-node-tuning-hosted-cluster.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-For more information about hosted control planes, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#hosted-control-planes-intro[Hosted control planes (Technology Preview)].
+For more information about hosted control planes, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-control-planes-intro[Hosted control planes].
diff --git a/monitoring/using-rfhe.adoc b/scalability_and_performance/using-rfhe.adoc
similarity index 98%
rename from monitoring/using-rfhe.adoc
rename to scalability_and_performance/using-rfhe.adoc
index 518e6d7c7358..94b9196b2ddb 100644
--- a/monitoring/using-rfhe.adoc
+++ b/scalability_and_performance/using-rfhe.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-rfhe"]
 = Monitoring bare-metal events with the {redfish-operator}
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc b/scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc
index b82d461c7e1a..72e50d8853b6 100644
--- a/scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc
+++ b/scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='what-huge-pages-do-and-how-they-are-consumed']
 = What huge pages do and how they are consumed by applications
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc b/scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc
new file mode 100644
index 000000000000..77415b6c34fc
--- /dev/null
+++ b/scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc
@@ -0,0 +1,57 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cnf-talm-for-cluster-updates"]
+= Updating managed clusters with the {cgu-operator-full}
+include::_attributes/common-attributes.adoc[]
+:context: cnf-topology-aware-lifecycle-manager
+
+toc::[]
+
+You can use the {cgu-operator-first} to manage the software lifecycle of multiple clusters. {cgu-operator} uses {rh-rhacm-first} policies to perform changes on the target clusters.
+
+:FeatureName: {cgu-operator-full}
+
+include::modules/cnf-about-topology-aware-lifecycle-manager-config.adoc[leveloffset=+1]
+
+include::modules/cnf-about-topology-aware-lifecycle-manager-policies.adoc[leveloffset=+1]
+
+include::modules/cnf-topology-aware-lifecycle-manager-installation-web-console.adoc[leveloffset=+1]
+
+include::modules/cnf-topology-aware-lifecycle-manager-installation-cli.adoc[leveloffset=+1]
+
+include::modules/cnf-topology-aware-lifecycle-manager-about-cgu-crs.adoc[leveloffset=+1]
+
+include::modules/cnf-about-topology-aware-lifecycle-manager-blocking-crs.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-policies-concept.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+For more information about the `PolicyGenTemplate` CRD, see xref:../../scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc#ztp-the-policygentemplate_ztp-configuring-managed-clusters-policies[About the PolicyGenTemplate CRD].
+
+include::modules/cnf-topology-aware-lifecycle-manager-about-subscription-crs.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-apply-policies.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-backup-concept.adoc[leveloffset=+1]
+
+include::modules/cnf-topology-aware-lifecycle-manager-backup-feature.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-backup-recovery.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-precache-concept.adoc[leveloffset=+1]
+
+include::modules/cnf-topology-aware-lifecycle-manager-precache-image-filter.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-precache-feature.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-troubleshooting.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For information about troubleshooting, see xref:../../support/troubleshooting/troubleshooting-operator-issues.adoc[OpenShift Container Platform Troubleshooting Operator Issues].
+
+* For more information about using {cgu-operator-full} in the ZTP workflow, see xref:../../scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc#ztp-topology-aware-lifecycle-manager[Updating managed policies with {cgu-operator-full}].
+
+* For more information about the `PolicyGenTemplate` CRD, see xref:../../scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc#ztp-the-policygentemplate_ztp-configuring-managed-clusters-policies[About the PolicyGenTemplate CRD]
\ No newline at end of file
diff --git a/scalability_and_performance/ztp_far_edge/ztp-advanced-install-ztp.adoc b/scalability_and_performance/ztp_far_edge/ztp-advanced-install-ztp.adoc
index 0b4b51311011..576138ce2414 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-advanced-install-ztp.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-advanced-install-ztp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-advanced-install-ztp"]
 = Advanced managed cluster configuration with SiteConfig resources
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc b/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
index d40021879d12..c38549caaf4c 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-advanced-policy-config"]
 = Advanced managed cluster configuration with PolicyGenTemplate resources
 include::_attributes/common-attributes.adoc[]
@@ -19,11 +19,6 @@ include::modules/ztp-using-pgt-to-update-source-crs.adoc[leveloffset=+1]
 
 include::modules/ztp-adding-new-content-to-gitops-ztp.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
-
-* Alternatively, you can patch the ArgoCD instance as described in xref:../../scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc#ztp-configuring-hub-cluster-with-argocd_ztp-preparing-the-hub-cluster[Configuring the hub cluster with ArgoCD] by modifying `argocd-openshift-gitops-patch.json` with an updated `initContainer` image before applying the patch file.
-
 include::modules/ztp-configuring-pgt-compliance-eval-timeouts.adoc[leveloffset=+1]
 
 include::modules/ztp-creating-a-validator-inform-policy.adoc[leveloffset=+1]
@@ -80,7 +75,7 @@ include::modules/ztp-configuring-ptp-fast-events-amqp.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../networking/using-ptp.adoc#cnf-installing-amq-interconnect-messaging-bus_using-ptp[Installing the AMQ messaging bus]
+* xref:../../networking/ptp/using-ptp-events.adoc#cnf-installing-amq-interconnect-messaging-bus_using-ptp-events[Installing the AMQ messaging bus]
 * For more information about container image registries, see xref:../../registry/index.adoc#registry-overview[{product-registry} overview].
 
 [id="ztp-advanced-policy-config-bare-metal_{context}"]
@@ -95,9 +90,9 @@ include::modules/ztp-configuring-hwevents-using-pgt.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../monitoring/using-rfhe.adoc#nw-rfhe-installing-operator-cli_using-rfhe[Installing the {redfish-operator} using the CLI]
+* xref:../../scalability_and_performance/using-rfhe.adoc#nw-rfhe-installing-operator-cli_using-rfhe[Installing the {redfish-operator} using the CLI]
 
-* xref:../../monitoring/using-rfhe.adoc#nw-rfhe-creating-hardware-event_using-rfhe[Creating the bare-metal event and Secret CRs]
+* xref:../../scalability_and_performance/using-rfhe.adoc#nw-rfhe-creating-hardware-event_using-rfhe[Creating the bare-metal event and Secret CRs]
 
 include::modules/ztp-creating-hwevents-amqp.adoc[leveloffset=+2]
 
@@ -128,6 +123,4 @@ include::modules/ztp-example-hub-template-functions.adoc[leveloffset=+2]
 
 include::modules/ztp-specifying-nics-in-pgt-crs-with-hub-cluster-templates.adoc[leveloffset=+2]
 
-include::modules/ztp-managing-sriov-vlan-with-hub-cluster-templates-in-pgt.adoc[leveloffset=+2]
-
 include::modules/ztp-syncing-new-configmap-changes-to-existing-pgt-crs.adoc[leveloffset=+2]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc b/scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
index 3837ffe14629..551629a8a0f5 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-configuring-managed-clusters-policies.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-configuring-managed-clusters-policies"]
 = Configuring managed clusters with policies and PolicyGenTemplate resources
 include::_attributes/common-attributes.adoc[]
@@ -48,6 +48,8 @@ include::modules/ztp-restarting-policies-reconciliation.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* For information about using {cgu-operator-first} to construct your own `ClusterGroupUpgrade` CR, see xref:../../scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc#talo-about-cgu-crs_cnf-topology-aware-lifecycle-manager[About the ClusterGroupUpgrade CR].
+* For information about using {cgu-operator-first} to construct your own `ClusterGroupUpgrade` CR, see xref:../../scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc#talo-about-cgu-crs_cnf-topology-aware-lifecycle-manager[About the ClusterGroupUpgrade CR].
+
+include::modules/ztp-removing-content-from-managed-clusters.adoc[leveloffset=+1]
 
 include::modules/ztp-definition-of-done-for-ztp-installations.adoc[leveloffset=+1]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc b/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
index fbdc999334ef..22db0e5fcc38 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-clusters-at-scale.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-deploying-far-edge-clusters-at-scale"]
 = Challenges of the network far edge
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc b/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
index 2288d1bc1ac3..742bd1c7f089 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-deploying-far-edge-sites"]
 = Installing managed clusters with {rh-rhacm} and SiteConfig resources
 include::_attributes/common-attributes.adoc[]
@@ -26,6 +26,13 @@ include::modules/ztp-deploying-a-site.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
+* xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc#ztp-sno-siteconfig-config-reference_ztp-deploying-far-edge-sites[{sno-caps} SiteConfig CR installation reference]
+
+include::modules/ztp-sno-siteconfig-config-reference.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
 * xref:../../scalability_and_performance/ztp_far_edge/ztp-advanced-install-ztp.adoc#ztp-customizing-the-install-extra-manifests_ztp-advanced-install-ztp[Customizing extra installation manifests in the {ztp} pipeline]
 
 * xref:../../scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc#ztp-preparing-the-ztp-git-repository_ztp-preparing-the-hub-cluster[Preparing the {ztp} site configuration repository]
@@ -38,16 +45,20 @@ include::modules/ztp-deploying-a-site.adoc[leveloffset=+1]
 
 * xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#bmc-addressing_ipi-install-installation-workflow[BMC addressing]
 
+* xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#root-device-hints_preparing-to-install-with-agent-based-installer[About root device hints]
+
 include::modules/ztp-monitoring-installation-progress.adoc[leveloffset=+1]
 
 include::modules/ztp-troubleshooting-ztp-gitops-installation-crs.adoc[leveloffset=+1]
 
+include::modules/ztp-troubleshooting-ztp-gitops-supermicro-tls.adoc[leveloffset=+1]
+
 include::modules/ztp-site-cleanup.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* For information about removing a cluster, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#remove-managed-cluster[Removing a cluster from management].
+* For information about removing a cluster, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#remove-managed-cluster[Removing a cluster from management].
 
 include::modules/ztp-removing-obsolete-content.adoc[leveloffset=+1]
 
diff --git a/scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc b/scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
index ec34fc2b872e..4be76c0eb316 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-manual-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-manual-install"]
 = Manually installing a {sno} cluster with ZTP
 include::_attributes/common-attributes.adoc[]
@@ -27,6 +27,10 @@ include::modules/ztp-generating-install-and-config-crs-manually.adoc[leveloffset
 
 * xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#bmc-addressing_ipi-install-installation-workflow[BMC addressing]
 
+* xref:../../installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.adoc#root-device-hints_preparing-to-install-with-agent-based-installer[About root device hints]
+
+* xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc#ztp-sno-siteconfig-config-reference_ztp-deploying-far-edge-sites[{sno-caps} SiteConfig CR installation reference]
+
 include::modules/ztp-creating-the-site-secrets.adoc[leveloffset=+1]
 
 include::modules/ztp-configuring-kernel-arguments-for-discovery-iso-in-manual-installations.adoc[leveloffset=+1]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc b/scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc
index cf1a2629865a..aabeb3a2b738 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-precaching-tool.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-pre-staging-tool"]
 = Pre-caching images for {sno} deployments
 include::_attributes/common-attributes.adoc[]
@@ -45,7 +45,7 @@ include::modules/ztp-precaching-downloading-artifacts.adoc[leveloffset=+1]
 
 * To access the online Red Hat registries, see link:https://console.redhat.com/openshift/downloads#tool-pull-secret[OpenShift installation customization tools].
 
-* For more information about using the multicluster engine, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/clusters/cluster_mce_overview#mce-intro[About cluster lifecycle with the multicluster engine operator].
+* For more information about using the multicluster engine, see link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#mce-intro[About cluster lifecycle with the multicluster engine operator].
 
 include::modules/ztp-precaching-ztp-config.adoc[leveloffset=+1]
 
diff --git a/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc b/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
index b400139b3bef..e11a610f366f 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-preparing-the-hub-cluster"]
 = Preparing the hub cluster for ZTP
 include::_attributes/common-attributes.adoc[]
@@ -10,14 +10,21 @@ To use {rh-rhacm} in a disconnected environment, create a mirror registry that m
 
 include::modules/ztp-telco-ran-software-versions.adoc[leveloffset=+1]
 
+include::modules/ztp-gitops-ztp-max-spoke-clusters.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/install/installing#single-node[Creating and managing {sno} clusters with {rh-rhacm}]
+
 include::modules/ztp-acm-installing-disconnected-rhacm.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../cicd/gitops/installing-openshift-gitops.adoc#getting-started-with-openshift-gitops[Installing OpenShift GitOps]
+* link:https://docs.openshift.com/gitops/latest/installing_gitops/installing-openshift-gitops.html#installing-openshift-gitops[Installing OpenShift GitOps]
 
-* xref:../../scalability_and_performance/cnf-talm-for-cluster-upgrades.html#installing-topology-aware-lifecycle-manager-using-cli_cnf-topology-aware-lifecycle-manager[Installing {cgu-operator}]
+* xref:../../scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc#installing-topology-aware-lifecycle-manager-using-cli_cnf-topology-aware-lifecycle-manager[Installing {cgu-operator}]
 
 * xref:../../operators/admin/olm-restricted-networks.adoc#olm-mirror-catalog_olm-restricted-networks[Mirroring an Operator catalog]
 
@@ -43,4 +50,6 @@ include::modules/ztp-configuring-the-hub-cluster-to-use-unauthenticated-registri
 
 include::modules/ztp-preparing-the-hub-cluster-for-ztp.adoc[leveloffset=+1]
 
-include::modules/ztp-preparing-the-ztp-git-repository.adoc[leveloffset=+1]
\ No newline at end of file
+include::modules/ztp-preparing-the-ztp-git-repository.adoc[leveloffset=+1]
+
+include::modules/ztp-preparing-the-ztp-git-repository-ver-ind.adoc[leveloffset=+2]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc b/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
index f88b1e983797..44a87224fb67 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="sno-configure-for-vdu"]
 = Recommended {sno} cluster configuration for vDU application workloads
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Use the following reference information to understand the {sno} configurations required to deploy virtual distributed unit (vDU) applications in the cluster. Configurations include cluster optimizations for high performance workloads, enabling workload partitioning, and minimizing the number of reboots required post-installation.
+Use the following reference information to understand the {sno} configurations required to deploy virtual distributed unit (vDU) applications in the cluster. Configurations include cluster optimizations for high performance workloads, enabling workload partitioning, and minimizing the number of reboots required postinstallation.
 
 [role="_additional-resources"]
 .Additional resources
@@ -31,7 +31,7 @@ include::modules/ztp-enabling-workload-partitioning-sno.adoc[leveloffset=+1]
 * For the recommended {sno} workload partitioning configuration, see xref:../../scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc#ztp-sno-du-enabling-workload-partitioning_sno-configure-for-vdu[Workload partitioning].
 
 [id="ztp-sno-install-time-cluster-config"]
-== Recommended installation-time cluster configurations
+== Recommended cluster install manifests
 
 The ZTP pipeline applies the following custom resources (CRs) during cluster installation. These configuration CRs ensure that the cluster meets the feature and performance requirements necessary for running a vDU application.
 
@@ -50,18 +50,22 @@ include::modules/ztp-sno-du-enabling-sctp.adoc[leveloffset=+2]
 
 include::modules/ztp-sno-du-accelerating-container-startup.adoc[leveloffset=+2]
 
+include::modules/ztp-sno-du-setting-rcu-normal.adoc[leveloffset=+2]
+
 include::modules/ztp-sno-du-enabling-kdump.adoc[leveloffset=+2]
 
+include::modules/ztp-sno-du-disabling-crio-wipe.adoc[leveloffset=+2]
+
 include::modules/ztp-sno-du-configuring-crun-container-runtime.adoc[leveloffset=+2]
 
 [id="ztp-sno-post-install-time-cluster-config"]
-== Recommended post-installation cluster configurations
+== Recommended postinstallation cluster configurations
 
 When the cluster installation is complete, the ZTP pipeline applies the following custom resources (CRs) that are required to run DU workloads.
 
 [NOTE]
 ====
-In {ztp} v4.10 and earlier, you configure UEFI secure boot with a `MachineConfig` CR. This is no longer required in {ztp} v4.11 and later. In v4.11, you configure UEFI secure boot for {sno} clusters using Performance profile CRs. For more information, see xref:../../scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc#ztp-sno-du-configuring-performance-addons_sno-configure-for-vdu[Performance profile].
+In {ztp} v4.10 and earlier, you configure UEFI secure boot with a `MachineConfig` CR. This is no longer required in {ztp} v4.11 and later. In v4.11, you configure UEFI secure boot for {sno} clusters by updating the `spec.clusters.nodes.bootMode` field in the `SiteConfig` CR that you use to install the cluster. For more information, see xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc#ztp-deploying-a-site_ztp-deploying-far-edge-sites[Deploying a managed cluster with SiteConfig and {ztp}].
 ====
 
 include::modules/ztp-sno-du-configuring-the-operators.adoc[leveloffset=+2]
@@ -72,6 +76,8 @@ include::modules/ztp-sno-du-configuring-logging-locally-and-forwarding.adoc[leve
 
 include::modules/ztp-sno-du-configuring-performance-addons.adoc[leveloffset=+2]
 
+include::modules/ztp-sno-du-configuring-time-sync.adoc[leveloffset=+2]
+
 include::modules/ztp-sno-du-configuring-ptp.adoc[leveloffset=+2]
 
 include::modules/ztp-sno-du-tuning-the-performance-patch.adoc[leveloffset=+2]
@@ -82,16 +88,13 @@ include::modules/ztp-sno-du-removing-the-console-operator.adoc[leveloffset=+2]
 
 include::modules/ztp-sno-du-reducing-resource-usage-with-cluster-monitoring.adoc[leveloffset=+2]
 
+include::modules/ztp-sno-du-reducing-resource-usage-with-olm-pprof.adoc[leveloffset=+2]
+
 include::modules/ztp-sno-du-configuring-lvms.adoc[leveloffset=+2]
 
 include::modules/ztp-sno-du-disabling-network-diagnostics.adoc[leveloffset=+2]
 
-include::modules/ztp-sno-node-reboot-scenarios.adoc[leveloffset=+2]
-
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-evacuating_nodes-nodes-working[Understanding how to evacuate pods on nodes
-]
-
 * xref:../../scalability_and_performance/ztp_far_edge/ztp-deploying-far-edge-sites.adoc#ztp-deploying-far-edge-sites[Deploying far edge sites using ZTP]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc b/scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
index 04de0af8a3c3..41f9833fa54f 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-sno-additional-worker-node.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-sno-additional-worker-node"]
 = Expanding {sno} clusters with {ztp}
 include::_attributes/common-attributes.adoc[]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc b/scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
index da827b86455b..f11b6a3492e1 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-topology-aware-lifecycle-manager"]
-= Updating managed clusters with the {cgu-operator-full}
+= Updating managed clusters in a disconnected environment with the {cgu-operator-full}
 include::_attributes/common-attributes.adoc[]
 :context: ztp-talm
 
@@ -13,7 +13,7 @@ You can use the {cgu-operator-first} to manage the software lifecycle of {produc
 [role="_additional-resources"]
 .Additional resources
 
-* For more information about the {cgu-operator-full}, see xref:../../scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc#cnf-about-topology-aware-lifecycle-manager-config_cnf-topology-aware-lifecycle-manager[About the {cgu-operator-full}].
+* For more information about the {cgu-operator-full}, see xref:../../scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc#cnf-about-topology-aware-lifecycle-manager-config_cnf-topology-aware-lifecycle-manager[About the {cgu-operator-full}].
 
 include::modules/cnf-topology-aware-lifecycle-manager-preparing-for-updates.adoc[leveloffset=+1]
 
@@ -28,7 +28,7 @@ include::modules/cnf-topology-aware-lifecycle-manager-preparing-for-updates.adoc
 
 * For more information about how to prepare the disconnected environment and mirroring the desired image repository, see xref:../../scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc#ztp-preparing-the-hub-cluster[Preparing the disconnected environment].
 
-* For more information about update channels and releases, see xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases].
+* For more information about update channels and releases, see xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases].
 
 include::modules/cnf-topology-aware-lifecycle-manager-platform-update.adoc[leveloffset=+2]
 
@@ -44,8 +44,21 @@ include::modules/cnf-topology-aware-lifecycle-manager-operator-update.adoc[level
 
 * For more information about updating {ztp}, see xref:../../scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc#ztp-updating-gitops[Upgrading {ztp}].
 
+* xref:../../scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc#cnf-topology-aware-lifecycle-manager-operator-troubleshooting_ztp-talm[Troubleshooting missed Operator updates due to out-of-date policy compliance states].
+
+include::modules/cnf-topology-aware-lifecycle-manager-operator-troubleshooting.adoc[leveloffset=+3]
+
 include::modules/cnf-topology-aware-lifecycle-manager-operator-and-platform-update.adoc[leveloffset=+2]
 
 include::modules/cnf-topology-aware-lifecycle-manager-pao-update.adoc[leveloffset=+2]
 
+include::modules/cnf-topology-aware-lifecycle-manager-precache-user-spec-images.adoc[leveloffset=+2]
+
+include::modules/cnf-topology-aware-lifecycle-manager-creating-custom-resources.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about the {cgu-operator} pre-caching workflow, see xref:../../scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc#talo-precache-feature-concept_cnf-topology-aware-lifecycle-manager[Using the container image pre-cache feature].
+
 include::modules/cnf-topology-aware-lifecycle-manager-autocreate-cgu-cr-ztp.adoc[leveloffset=+1]
diff --git a/scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc b/scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
index c328b1573050..b8dea82c2bac 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-updating-gitops.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-updating-gitops"]
 = Updating {ztp}
 include::_attributes/common-attributes.adoc[]
@@ -30,6 +30,6 @@ include::modules/ztp-roll-out-the-configuration-changes.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* For information about the {cgu-operator-first}, see xref:../../scalability_and_performance/cnf-talm-for-cluster-upgrades.adoc#cnf-about-topology-aware-lifecycle-manager-config_cnf-topology-aware-lifecycle-manager[About the {cgu-operator-full} configuration].
+* For information about the {cgu-operator-first}, see xref:../../scalability_and_performance/ztp_far_edge/cnf-talm-for-cluster-upgrades.adoc#cnf-about-topology-aware-lifecycle-manager-config_cnf-topology-aware-lifecycle-manager[About the {cgu-operator-full} configuration].
 
 * For information about creating `ClusterGroupUpgrade` CRs, see xref:../../scalability_and_performance/ztp_far_edge/ztp-talm-updating-managed-policies.adoc#talo-precache-autocreated-cgu-for-ztp_ztp-talm[About the auto-created ClusterGroupUpgrade CR for ZTP].
diff --git a/scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc b/scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc
index 6b13e173e8c1..e3c484792d54 100644
--- a/scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc
+++ b/scalability_and_performance/ztp_far_edge/ztp-vdu-validating-cluster-tuning.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ztp-vdu-configuration-reference"]
 = Validating {sno} cluster tuning for vDU application workloads
 include::_attributes/common-attributes.adoc[]
diff --git a/scripts/check-asciidoctor-build.sh b/scripts/check-asciidoctor-build.sh
index 142269733d1d..f23a5b359cb6 100755
--- a/scripts/check-asciidoctor-build.sh
+++ b/scripts/check-asciidoctor-build.sh
@@ -1,17 +1,14 @@
 #!/bin/bash
 
-set -e
-
 # ensure asciidoctor is installed
 if ! command -v asciidoctor &>/dev/null ;
 then
-    echo "Asciidoctor is not installed. Please install it and try again."
+    echo "Asciidoctor is not installed. Please install it and try again. 👻"
     exit 127
 fi
 
 # get the *.adoc modules and assemblies in the pull request
 FILES=$(git diff --name-only HEAD~1 HEAD --diff-filter=d "*.adoc" ':(exclude)_unused_topics/*')
-
 REPO_PATH=$(git rev-parse --show-toplevel)
 
 # get the modules in the PR, search for assemblies that include them, and concat with any updated assemblies files
@@ -21,6 +18,13 @@ check_updated_assemblies () {
     then
         # $UPDATED_ASSEMBLIES is the list of assemblies that contains changed modules
         UPDATED_ASSEMBLIES=$(grep -rnwl "$REPO_PATH" --include=\*.adoc --exclude-dir={snippets,modules} -e "$MODULES")
+        # Exit 0 if there are no modified assemblies
+        if [[ -z "${UPDATED_ASSEMBLIES}" ]]
+        then
+            echo "No updated assemblies found! ✅"
+            exit 0
+        fi
+        update_log
         # subtract $REPO_PATH from path with bash substring replacement
         UPDATED_ASSEMBLIES=${UPDATED_ASSEMBLIES//"$REPO_PATH/"/}
     fi
@@ -29,19 +33,47 @@ check_updated_assemblies () {
     # concatenate both lists and remove dupe entries
     ALL_ASSEMBLIES=$(echo "$UPDATED_ASSEMBLIES $ASSEMBLIES" | tr ' ' '\n' | sort -u)
     # check that assemblies are in a topic_map
-    for ASSEMBLY in $ALL_ASSEMBLIES; do
+    for ASSEMBLY in ${ALL_ASSEMBLIES}; do
         # get the page name to search the topic_map
         # search for files only, not folders
         PAGE="File: $(basename "$ASSEMBLY" .adoc)"
         # don't validate the assembly if it is not in a topic map
         if grep -rq "$PAGE" --include "*.yml" _topic_maps ; then
             # validate the assembly
-            echo "Validating $ASSEMBLY. Validation will fail with FAILED, ERROR, or WARNING messages..."
-            asciidoctor "$ASSEMBLY" -a source-highlighter=rouge -a icons! -o /tmp/out.html -v --failure-level WARN --trace
+            echo "Validating $ASSEMBLY ..."
+            RED='\033[0;31m'
+            NC='\033[0m'
+            OUTPUT=$(asciidoctor "$ASSEMBLY" -a source-highlighter=rouge -a icons! -o /tmp/out.html -v --failure-level WARN --trace 2>&1)
+            # check assemblies and fail if errors are reported
+            if [[ $? != 0 ]];
+            then
+                echo -e "${RED}$OUTPUT${NC}"
+                ERRORS=true
+            else
+                echo "No errors found for $ASSEMBLY! ✅"
+            fi
         else
-            echo "$ASSEMBLY is not in a topic_map"
+            echo "$ASSEMBLY is not in a topic_map, skipping validation... 😙"
         fi
     done
+    if [ "$ERRORS" = true ]; then
+        echo "Validation errors found! ❌"
+        exit 1
+    fi
+}
+
+update_log () {
+    echo ""
+    echo "****************************************************************************"
+    echo ""
+    echo "Validating all AsciiDoc assemblies that are modifed by the pull request.  🕵"
+    echo "All assemblies that include modifed modules are validated.                🙀"
+    echo "This might include assemblies that are not in the pull request!           🤬"
+    echo "Validation will fail with FAILED, ERROR, or WARNING messages.             ❌"
+    echo "Correct all reported AsciiDoc errors to pass the validation build.        🤟"
+    echo ""
+    echo "****************************************************************************"
+    echo ""
 }
 
 # check assemblies and fail if errors are reported
@@ -49,5 +81,6 @@ if [ -n "${FILES}" ] ;
 then
     check_updated_assemblies
 else
-    echo "No modified AsciiDoc files found."
+    echo "No modified AsciiDoc files found! 🥳"
+    exit 0
 fi
diff --git a/scripts/check-rn-link-perms.sh b/scripts/check-rn-link-perms.sh
new file mode 100755
index 000000000000..c49baa02206f
--- /dev/null
+++ b/scripts/check-rn-link-perms.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Report errors for links to Red Hat JIRA bugs that are behind a login
+
+# Get modifed lines, remove deleted lines from the diff 
+git_diff=$(git diff --unified=0 --stat --diff-filter=AM HEAD~1 HEAD "*release-notes*.adoc" ':(exclude)_unused_topics/*' | grep '^+' | grep -Ev '^(\+\+\+ a/ b/)')
+
+# Exit zero if there are no release-notes changes 
+if [ -z "${git_diff}" ]; then
+    exit 0
+fi
+
+# Remove all multi-line comments and single line comments
+git_diff=$(echo "${git_diff}" | sed '\|^+////|,\|^+////|c\\' | sed '\|^+//| s|.*|//|')
+
+# Search the git diff for links
+link_regex='https://issues\.redhat\.com/browse/[A-Z]+-[0-9]+'
+links=$(echo "${git_diff}" | grep -o -E "$link_regex" | sort -u)
+
+for link in ${links}; do
+    # Check for links that require a login
+    response=$(curl -I "${link}" 2>&1)
+    if echo "${response}" | grep -q "permissionViolation"; then
+        errors=true
+        echo -e "\e[31mERROR: Do not include links to JIRA issues that require a login (${link})\n"
+    fi
+done
+
+if [ "$errors" = true ]; then
+    exit 1
+fi
diff --git a/scripts/get-updated-distros.sh b/scripts/get-updated-distros.sh
new file mode 100755
index 000000000000..00b97d8b25d3
--- /dev/null
+++ b/scripts/get-updated-distros.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Returns a list of updated _topic_map.yml files.
+# The list includes any topic maps that are themselves modified, and indirectly modifed topic maps where incldued AsciiDoc files have been updated.
+
+# Get the *.adoc and distro maps files in the pull request
+FILES=$(git diff --name-only HEAD~1 HEAD --diff-filter=AMRD "*.yml" "*.adoc" ':(exclude)_unused_topics/*')
+
+REPO_PATH=$(git rev-parse --show-toplevel)
+
+# Init an empty array
+DISTROS=()
+
+# Get the modules in the PR, search for assemblies that include them, and concat with any updated assemblies files
+MODULES=$(echo "$FILES" | awk '/modules\/(.*)\.adoc/')
+if [ "${MODULES}" ]
+then
+    # $UPDATED_ASSEMBLIES is the list of assemblies that contains changed modules
+    UPDATED_ASSEMBLIES=$(grep -rnwl "$REPO_PATH" --include=\*.adoc --exclude-dir={snippets,modules} -e "$MODULES")
+
+    # Subtract $REPO_PATH from path with bash substring replacement
+    UPDATED_ASSEMBLIES=${UPDATED_ASSEMBLIES//"$REPO_PATH/"/}
+fi
+
+# ASSEMBLIES is the list of modifed assemblies
+ASSEMBLIES=$(echo "$FILES" | awk '!/modules\/(.*)\.adoc/')
+# Concatenate both lists and remove dupe entries
+ALL_ASSEMBLIES=$(echo "$UPDATED_ASSEMBLIES $ASSEMBLIES" | tr ' ' '\n' | sort -u)
+# Check that assemblies are in a topic_map
+for ASSEMBLY in $ALL_ASSEMBLIES; do
+    # Get the page name to search the topic_map
+    # Search for files only, not folders
+    PAGE="File: $(basename "$ASSEMBLY" .adoc)"
+    # Don't include the assembly if it is not in a topic map
+    if grep -rq "$PAGE" --include "*.yml" _topic_maps ; then
+        DISTROS+=("$(grep -rl "$PAGE" _topic_maps/*.yml)")
+    fi
+done
+
+# Handle modified topic maps
+UPDATED_DISTROS=$(echo "$FILES" | awk '/_topic_maps\/(.*)\.yml/')
+# Concat all the updated topic maps
+DISTROS+=("${UPDATED_DISTROS}")
+# Clean up and remove duplicates
+echo "${DISTROS[@]}" | tr ' ' '\n' | sort | uniq
diff --git a/scripts/get-updated-preview-urls.sh b/scripts/get-updated-preview-urls.sh
new file mode 100755
index 000000000000..dc33da88861e
--- /dev/null
+++ b/scripts/get-updated-preview-urls.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Returns a list of page preview URLs for use with Prow CI jobs
+# To run locally, clean the _preview folder and do a new asciibinder build before running the script
+
+# Check if jq is installed
+hash jq 2>/dev/null || { echo >&2 "Error: jq is not installed"; exit 1; }
+
+pr_branch="$(git rev-parse --abbrev-ref HEAD)"
+commit_id=$(git log -n 1 --pretty=format:"%H")
+pr_number="$(curl -s "https://api.github.com/search/issues?q=$commit_id" | jq '.items[0].number')"
+preview_url_slug="ocpdocs-pr"
+preview_url="https://${pr_number}--${preview_url_slug}.netlify.app"
+assemblies=()
+pages=()
+files=$(git diff --name-only HEAD~1 HEAD --diff-filter=AMRD "*.adoc" ':(exclude)_unused_topics/*')
+
+# Get the full list of HTML build files
+if [ -e "_preview" ]; then
+    built_pages=$(find _preview -type f -name "*.html" -printf "%P\n")
+else
+    echo "_preview output folder not found"
+    exit 1
+fi
+
+# Search for $file references in all *.adoc files that are not in a folder called modules/, snippets/, or _unused_topics/
+for file in $files; do
+    found_file=$(find . -name '*.adoc' -not -path "./modules/*" -not -path "./snippets/*" -not -path "./_unused_topics/*" -exec grep -rl "$file" {} +)
+    assemblies+=("$found_file")
+done
+
+# Make the HTML URL slug
+if [ ${#assemblies[@]} -gt 0 ]; then
+    updated_pages=$(echo "${assemblies[@]}" | xargs -n1 basename | sed 's/\.adoc$/.html/' | sort | uniq)
+else
+    # No updated pages, just add default URL
+    pages+=("${preview_url}")
+fi
+
+# Search built_pages for every entry in updated_pages and add to pages array when it is found
+for updated_page in $updated_pages; do
+    # sed $pr_branch > "latest" to match the Prow build URL
+    found_page=$(echo "${built_pages}" | grep "${updated_page}" | sed "s/$pr_branch/latest/")
+    pages+=("${preview_url}/${found_page}")
+done
+
+printf '%s\n' "${pages[@]}"
diff --git a/scripts/lint-topicmaps.sh b/scripts/lint-topicmaps.sh
new file mode 100755
index 000000000000..5cf6cdd0a9aa
--- /dev/null
+++ b/scripts/lint-topicmaps.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Use yamllint to lint and report errors for modified topic_map.yml files
+
+# Ensure yamllint is installed
+if ! command -v yamllint &>/dev/null; then
+    echo "yamllint is not installed. Please install it and try again 👻"
+    exit 127
+fi
+
+# List of modified topic_map files
+FILES=$(git diff --name-only HEAD~1 HEAD --diff-filter=d "./_topic_maps/*.yml")
+
+if [ -n "${FILES}" ]; then
+    has_errors=0
+    for FILE in ${FILES[@]}; do
+        if ! yamllint "$FILE"; then
+            echo "YAML error(s) found in $FILE 😥"
+            has_errors=1
+        fi
+    done
+
+    if [ $has_errors -eq 1 ]; then
+        exit 1
+    else
+        echo "No YAML errors found 🥳"
+        exit 0
+    fi
+else
+    echo "No updated topic_maps... 😙"
+    exit 0
+fi
diff --git a/scripts/manualpreview.sh b/scripts/manualpreview.sh
index 454fd9bec0ef..f959e28ed33f 100755
--- a/scripts/manualpreview.sh
+++ b/scripts/manualpreview.sh
@@ -2,6 +2,14 @@
 
 set -e
 
+git_root=$(git rev-parse --show-toplevel)
+
+# Exit if Travis is not being used
+if [ -f "${git_root}/.travis.yml.old" ]; then
+    echo "Travis CI is not in use. Exiting..."
+    exit 0
+fi
+
 # Check if jq is installed
 hash jq 2>/dev/null || { echo >&2 "Error: jq is not installed. Please install jq before running this script."; exit 1; }
 
diff --git a/scripts/ocpdocs/_previewpage b/scripts/ocpdocs/_previewpage
index fea02fc97cb3..75951574d617 100644
--- a/scripts/ocpdocs/_previewpage
+++ b/scripts/ocpdocs/_previewpage
@@ -107,7 +107,7 @@
                 <a
                   role="button"
                   class="btn btn-primary"
-                  href="/microshift/latest/welcome/index.html"
+                  href="/microshift/latest/microshift_welcome/index.html"
                 >
                   <i class="fa fa-arrow-circle-o-right"></i> MicroShift</a
                 >
@@ -153,8 +153,6 @@
               </p>
             </div>
           </div>
-        </div>
-        <div class="row">
           <div class="col-sm-6 text-center">
             <h2>OpenShift Pipelines</h2>
             <div class="list-group">
@@ -162,13 +160,47 @@
                 <a
                   role="button"
                   class="btn btn-primary"
-                  href="/openshift-pipelines/latest/pipelines/understanding-openshift-pipelines.html"
+                  href="/openshift-pipelines/latest/about/understanding-openshift-pipelines.html"
                 >
-                  <i class="fa fa-arrow-circle-o-right"></i> Serverless</a
+                  <i class="fa fa-arrow-circle-o-right"></i> Pipelines</a
                 >
               </p>
               <p class="list-group-item-text">
-                Standalone OpenShift Serverless documentation.
+                Standalone OpenShift Pipelines documentation.
+              </p>
+            </div>
+          </div>
+          <div class="col-sm-6 text-center">
+            <h2>OpenShift Builds</h2>
+            <div class="list-group">
+              <p>
+                <a
+                  role="button"
+                  class="btn btn-primary"
+                  href="/openshift-builds/latest/about/overview-openshift-builds.html"
+                >
+                  <i class="fa fa-arrow-circle-o-right"></i> Builds</a
+                >
+              </p>
+              <p class="list-group-item-text">
+                Standalone OpenShift Builds documentation.
+              </p>
+            </div>
+          </div>
+          <div class="col-sm-6 text-center">
+            <h2>OpenShift GitOps</h2>
+            <div class="list-group">
+              <p>
+                <a
+                  role="button"
+                  class="btn btn-primary"
+                  href="/openshift-gitops/latest/understanding_openshift_gitops/what-is-gitops.html"
+                >
+                  <i class="fa fa-arrow-circle-o-right"></i> GitOps</a
+                >
+              </p>
+              <p class="list-group-item-text">
+                Standalone OpenShift GitOps documentation.
               </p>
             </div>
           </div>
diff --git a/sd_support/osd-summarizing-cluster-specifications.adoc b/sd_support/osd-summarizing-cluster-specifications.adoc
deleted file mode 100644
index 5c7495db81be..000000000000
--- a/sd_support/osd-summarizing-cluster-specifications.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="summarizing-cluster-specifications"]
-= Summarizing cluster specifications
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: summarizing-cluster-specifications
-
-toc::[]
-
-// Summarizing cluster specifications through `clusterversion`
-include::modules/summarizing-cluster-specifications-through-clusterversion.adoc[leveloffset=+1]
diff --git a/sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc b/sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
deleted file mode 100644
index f98ce6468661..000000000000
--- a/sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc
+++ /dev/null
@@ -1,113 +0,0 @@
-:_content-type: ASSEMBLY
-[id="about-remote-health-monitoring"]
-= About remote health monitoring
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: about-remote-health-monitoring
-
-toc::[]
-
-{product-title} collects telemetry and configuration data about your cluster and reports it to Red Hat by using the Telemeter Client and the Insights Operator. The data that is provided to Red Hat enables the benefits outlined in this document.
-
-A cluster that reports data to Red Hat through Telemetry and the Insights Operator is considered a _connected cluster_.
-
-*Telemetry* is the term that Red Hat uses to describe the information being sent to Red Hat by the {product-title} Telemeter Client. Lightweight attributes are sent from connected clusters to Red Hat to enable subscription management automation, monitor the health of clusters, assist with support, and improve customer experience.
-
-The *Insights Operator* gathers {product-title} configuration data and sends it to Red Hat. The data is used to produce insights about potential issues that a cluster might be exposed to. These insights are communicated to cluster administrators on {cluster-manager-url}.
-
-More information is provided in this document about these two processes.
-
-.Telemetry and Insights Operator benefits
-
-Telemetry and the Insights Operator enable the following benefits for end-users:
-
-* *Enhanced identification and resolution of issues*. Events that might seem normal to an end-user can be observed by Red Hat from a broader perspective across a fleet of clusters. Some issues can be more rapidly identified from this point of view and resolved without an end-user needing to open a support case or file a https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332330&summary=Summary&issuetype=1&priority=10200&versions=12385624[Jira issue].
-
-* *Advanced release management*. {product-title} offers the `candidate`, `fast`, and `stable` release channels, which enable you to choose an update strategy. The graduation of a release from `fast` to `stable` is dependent on the success rate of updates and on the events seen during upgrades. With the information provided by connected clusters, Red Hat can improve the quality of releases to `stable` channels and react more rapidly to issues found in the `fast` channels.
-
-* *Targeted prioritization of new features and functionality*. The data collected provides insights about which areas of {product-title} are used most. With this information, Red Hat can focus on developing the new features and functionality that have the greatest impact for our customers.
-
-* *A streamlined support experience*. You can provide a cluster ID for a connected cluster when creating a support ticket on the link:https://access.redhat.com/support/[Red Hat Customer Portal]. This enables Red Hat to deliver a streamlined support experience that is specific to your cluster, by using the connected information. This document provides more information about that enhanced support experience.
-
-* *Predictive analytics*. The insights displayed for your cluster on {cluster-manager-url} are enabled by the information collected from connected clusters. Red Hat is investing in applying deep learning, machine learning, and artificial intelligence automation to help identify issues that {product-title} clusters are exposed to.
-
-ifdef::openshift-origin[]
-{product-title} may be installed without a pull secret received at console.redhat.com. In this case default imagestreams will not be imported and telemetry data will not be sent.
-endif::[]
-
-include::modules/telemetry-about-telemetry.adoc[leveloffset=+1]
-
-ifndef::openshift-dedicated,openshift-rosa[]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See the xref:../../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[{product-title} update documentation] for more information about updating or upgrading a cluster.
-endif::[]
-
-include::modules/telemetry-what-information-is-collected.adoc[leveloffset=+2]
-
-include::modules/telemetry-user-telemetry.adoc[leveloffset=+2]
-
-ifndef::openshift-dedicated,openshift-rosa[]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc#showing-data-collected-from-the-cluster_showing-data-collected-by-remote-health-monitoring[Showing data collected by Telemetry] for details about how to list the attributes that Telemetry gathers from Prometheus in {product-title}.
-
-* See the link:https://github.com/openshift/cluster-monitoring-operator/blob/master/manifests/0000_50_cluster-monitoring-operator_04-config.yaml[upstream cluster-monitoring-operator source code] for a list of the attributes that Telemetry gathers from Prometheus.
-
-* Telemetry is installed and enabled by default.
-endif::[]
-
-include::modules/insights-operator-about.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* The Insights Operator is installed and enabled by default.
-
-include::modules/insights-operator-what-information-is-collected.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-ifndef::openshift-dedicated,openshift-rosa[]
-* See xref:../../sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.html#insights-operator-showing-data-collected-from-the-cluster_showing-data-collected-by-remote-health-monitoring[Showing data collected by the Insights Operator] for details about how to review the data that is collected by the Insights Operator.
-endif::[]
-
-* The Insights Operator source code is available for review and contribution. See the link:https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md[Insights Operator upstream project] for a list of the items collected by the Insights Operator.
-
-include::modules/understanding-telemetry-and-insights-operator-data-flow.adoc[leveloffset=+1]
-
-ifndef::openshift-dedicated,openshift-rosa[]
-
-[role="_additional-resources"]
-.Additional resources
-
-* See xref:../../monitoring/monitoring-overview.adoc#monitoring-overview_monitoring-overview[Monitoring overview] for more information about the {product-title} monitoring stack.
-
-* See xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[Configuring your firewall] for details about configuring a firewall and enabling endpoints for Telemetry and Insights
-endif::[]
-
-[id="additional-details-about-how-remote-health-monitoring-data-is-used"]
-== Additional details about how remote health monitoring data is used
-
-The information collected to enable remote health monitoring is detailed in xref:../../sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc#what-information-is-collected_about-remote-health-monitoring[Information collected by Telemetry] and xref:../../sd_support/remote_health_monitoring/about-remote-health-monitoring.adoc#insights-operator-what-information-is-collected_about-remote-health-monitoring[Information collected by the Insights Operator].
-
-As further described in the preceding sections of this document, Red Hat collects data about your use of the Red Hat Product(s) for purposes such as providing support and upgrades, optimizing performance or configuration, minimizing service impacts, identifying and remediating threats, troubleshooting, improving the offerings and user experience, responding to issues, and for billing purposes if applicable.
-
-.Collection safeguards
-
-Red Hat employs technical and organizational measures designed to protect the telemetry and configuration data.
-
-.Sharing
-
-Red Hat may share the data collected through Telemetry and the Insights Operator internally within Red Hat to improve your user experience. Red Hat may share telemetry and configuration data with its business partners in an aggregated form that does not identify customers to help the partners better understand their markets and their customers’ use of Red Hat offerings or to ensure the successful integration of products jointly supported by those partners.
-
-.Third parties
-
-Red Hat may engage certain third parties to assist in the collection, analysis, and storage of the Telemetry and configuration data.
\ No newline at end of file
diff --git a/sd_support/remote_health_monitoring/enabling-remote-health-reporting.adoc b/sd_support/remote_health_monitoring/enabling-remote-health-reporting.adoc
deleted file mode 100644
index 3addca1d1505..000000000000
--- a/sd_support/remote_health_monitoring/enabling-remote-health-reporting.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="enabling-remote-health-reporting"]
-= Enabling remote health reporting
-include::_attributes/common-attributes.adoc[]
-
-:context: enabling-remote-health-reporting
-
-toc::[]
-
-
-If you or your organization have disabled remote health reporting, you can enable this feature again. You can see that remote health reporting is disabled from the message "Insights not available" in the *Status* tile on the {product-title} Web Console Overview page.
-
-To enable remote health reporting, you must xref:../../support/remote_health_monitoring/enabling-remote-health-reporting.adoc#insights-operator-new-pull-secret-enable_enabling-remote-health-reporting[Modify the global cluster pull secret] with a new authorization token.
-
-[NOTE]
-====
-Enabling remote health reporting enables both Insights Operator and Telemetry.
-====
-
-include::modules/insights-operator-new-pull-secret-enable.adoc[leveloffset=+1]
diff --git a/sd_support/remote_health_monitoring/insights-operator-simple-access.adoc b/sd_support/remote_health_monitoring/insights-operator-simple-access.adoc
deleted file mode 100644
index 39fd51c636fe..000000000000
--- a/sd_support/remote_health_monitoring/insights-operator-simple-access.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="insights-operator-simple-access"]
-= Importing simple content access certificates with Insights Operator
-include::_attributes/common-attributes.adoc[]
-:context: remote-health-reporting-from-restricted-network
-:FeatureName: `InsightsOperatorPullingSCA`
-
-toc::[]
-
-Insights Operator periodically imports your simple content access certificates from {cluster-manager-url} and stores them in the `etc-pki-entitlement` secret in the `openshift-config-managed` namespace. Simple content access is a capability in Red Hat subscription tools which simplifies the behavior of the entitlement tooling. This feature makes it easier to consume the content provided by your Red Hat subscriptions without the complexity of configuring subscription tooling.
-
-Insights Operator imports simple content access certificates every 8 hours by default, but can be configured or disabled using the `support` secret in the `openshift-config` namespace.
-
-[role="_additional-resources"]
-.Additional resources
-
-* See link:https://access.redhat.com/documentation/en-us/subscription_central/2021/html-single/getting_started_with_simple_content_access/index#assembly-about-simplecontent[About simple content access] in the Red Hat Subscription Central documentation, for more information about simple content access.
-
-* See xref:../../cicd/builds/running-entitled-builds.adoc[Using Red Hat subscriptions in builds], for more information about using simple content access certificates in {product-title} entitled builds.
-
-include::modules/insights-operator-configuring-sca.adoc[leveloffset=+1]
-
-include::modules/insights-operator-disabling-sca.adoc[leveloffset=+1]
diff --git a/sd_support/remote_health_monitoring/modules b/sd_support/remote_health_monitoring/modules
deleted file mode 120000
index 8b0e8540076d..000000000000
--- a/sd_support/remote_health_monitoring/modules
+++ /dev/null
@@ -1 +0,0 @@
-../../modules
\ No newline at end of file
diff --git a/sd_support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc b/sd_support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
deleted file mode 100644
index f9e5dd9a276f..000000000000
--- a/sd_support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-:_content-type: ASSEMBLY
-[id="opting-out-remote-health-reporting"]
-= Opting out of remote health reporting
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: opting-out-remote-health-reporting
-
-toc::[]
-
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-You may choose to opt out of reporting health and usage data for your cluster.
-endif::[]
-
-ifdef::openshift-dedicated[]
-On {product-title}, remote health reporting is always enabled. You cannot opt out.
-
-// TODO: Is there even a reason to include this assembly for OSD? Could you remove it, and just mention in the other assemblies that you can't opt out?
-endif::[]
-
-ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
-
-To opt out of remote health reporting, you must:
-
-. xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-new-pull-secret_opting-out-remote-health-reporting[Modify the global cluster pull secret] to disable remote health reporting.
-. xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#images-update-global-pull-secret_opting-out-remote-health-reporting[Update the cluster] to use this modified pull secret.
-
-include::modules/telemetry-consequences-of-disabling-telemetry.adoc[leveloffset=+1]
-
-include::modules/insights-operator-new-pull-secret-disabled.adoc[leveloffset=+1]
-
-include::modules/images-update-global-pull-secret.adoc[leveloffset=+1]
-
-endif::[]
diff --git a/sd_support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc b/sd_support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
deleted file mode 100644
index 64d76d1d4cf1..000000000000
--- a/sd_support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-:_content-type: ASSEMBLY
-[id="remote-health-reporting-from-restricted-network"]
-= Using remote health reporting in a restricted network
-include::_attributes/common-attributes.adoc[]
-:context: remote-health-reporting-from-restricted-network
-
-toc::[]
-
-You can manually gather and upload Insights Operator archives to diagnose issues from a restricted network.
-
-To use the Insights Operator in a restricted network, you must:
-
-* Create a copy of your Insights Operator archive.
-* Upload the Insights Operator archive to link:https://console.redhat.com[console.redhat.com].
-
-Additionally, you can choose to xref:../../support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc#insights-operator-enable-obfuscation_remote-health-reporting-from-restricted-network[obfuscate] the Insights Operator data before upload.
-
-
-include::modules/insights-operator-one-time-gather.adoc[leveloffset=+1]
-
-include::modules/insights-operator-manual-upload.adoc[leveloffset=+1]
-
-include::modules/insights-operator-enable-obfuscation.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* For more information on how to download your Insights Operator archive, see xref:../../support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc#insights-operator-showing-data-collected-from-the-cluster_showing-data-collected-by-remote-health-monitoring[Showing data collected by the Insights Operator].
diff --git a/sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc b/sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
deleted file mode 100644
index d4ac74ca6eb0..000000000000
--- a/sd_support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="showing-data-collected-by-remote-health-monitoring"]
-= Showing data collected by remote health monitoring
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: showing-data-collected-by-remote-health-monitoring
-
-toc::[]
-
-As an administrator, you can review the metrics collected by Telemetry and the Insights Operator.
-
-include::modules/telemetry-showing-data-collected-from-the-cluster.adoc[leveloffset=+1]
-
-include::modules/insights-operator-showing-data-collected-from-the-cluster.adoc[leveloffset=+1]
diff --git a/sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc b/sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
deleted file mode 100644
index b4380a896956..000000000000
--- a/sd_support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="using-insights-to-identify-issues-with-your-cluster"]
-= Using Insights to identify issues with your cluster
-include::_attributes/common-attributes.adoc[]
-ifdef::openshift-dedicated[]
-include::_attributes/attributes-openshift-dedicated.adoc[]
-endif::[]
-:context: using-insights-to-identify-issues-with-your-cluster
-
-toc::[]
-
-Insights repeatedly analyzes the data Insights Operator sends. Users of {product-title} can display the report in the *Insights* tab of each cluster on {cluster-manager-url}.
-
-include::modules/insights-operator-advisor-overview.adoc[leveloffset=+1]
-include::modules/insights-operator-advisor-recommendations.adoc[leveloffset=+1]
-include::modules/displaying-potential-issues-with-your-cluster.adoc[leveloffset=+1]
-include::modules/displaying-all-insights-advisor-recommendations.adoc[leveloffset=+1]
-include::modules/disabling-insights-advisor-recommendations.adoc[leveloffset=+1]
-include::modules/enabling-insights-advisor-recommendations.adoc[leveloffset=+1]
-include::modules/displaying-the-insights-status-in-the-web-console.adoc[leveloffset=+1]
diff --git a/sd_support/rosa-getting-support.adoc b/sd_support/rosa-getting-support.adoc
deleted file mode 100644
index 91c34dc5feb6..000000000000
--- a/sd_support/rosa-getting-support.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-:_content-type: ASSEMBLY
-[id="rosa-getting-support"]
-= Getting support for {product-title}
-include::_attributes/attributes-openshift-dedicated.adoc[]
-:context: rosa-getting-support
-toc::[]
-
-Get support for {product-title} (ROSA).
-
-include::modules/rosa-getting-support.adoc[leveloffset=+1]
diff --git a/sd_support/rosa-troubleshooting-installations.adoc b/sd_support/rosa-troubleshooting-installations.adoc
deleted file mode 100644
index d1d39b5b6a95..000000000000
--- a/sd_support/rosa-troubleshooting-installations.adoc
+++ /dev/null
@@ -1,9 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/attributes-openshift-dedicated.adoc[]
-[id="rosa-troubleshooting-installations"]
-= Troubleshooting installations
-:context: rosa-troubleshooting-installations
-
-toc::[]
-
-include::modules/rosa-troubleshooting-installing.adoc[leveloffset=+1]
diff --git a/security/allowing-javascript-access-api-server.adoc b/security/allowing-javascript-access-api-server.adoc
index 4450a04c7d26..a99d0ecf92a8 100644
--- a/security/allowing-javascript-access-api-server.adoc
+++ b/security/allowing-javascript-access-api-server.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="allowing-javascript-based-access-api-server"]
 = Allowing JavaScript-based access to the API server from additional hosts
 include::_attributes/common-attributes.adoc[]
diff --git a/security/audit-log-policy-config.adoc b/security/audit-log-policy-config.adoc
index 5e335e7328c7..898eb2fde378 100644
--- a/security/audit-log-policy-config.adoc
+++ b/security/audit-log-policy-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="audit-log-policy-config"]
 = Configuring the audit log policy
 include::_attributes/common-attributes.adoc[]
diff --git a/security/audit-log-view.adoc b/security/audit-log-view.adoc
index e0702ad05de4..96068a8c257e 100644
--- a/security/audit-log-view.adoc
+++ b/security/audit-log-view.adoc
@@ -1,22 +1,30 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/common-attributes.adoc[]
+ifndef::openshift-rosa,openshift-dedicated[]
 [id="audit-log-view"]
 = Viewing audit logs
-include::_attributes/common-attributes.adoc[]
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="audit-log-view"]
+= Audit logs
+endif::openshift-rosa,openshift-dedicated[]
 :context: audit-log-view
 
 toc::[]
 
 {product-title} auditing provides a security-relevant chronological set of records documenting the sequence of activities that have affected the system by individual users, administrators, or other components of the system.
 
-// About the API audit log
 include::modules/nodes-nodes-audit-log-basic.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 // Viewing the audit log
 include::modules/nodes-nodes-audit-log-basic-viewing.adoc[leveloffset=+1]
 
 // Filtering audit logs
 include::modules/security-audit-log-filtering.adoc[leveloffset=+1]
-
+endif::openshift-rosa,openshift-dedicated[]
 // Gathering audit logs
 include::modules/gathering-data-audit-logs.adoc[leveloffset=+1]
 
@@ -28,5 +36,5 @@ ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../support/gathering-cluster-data.adoc#about-must-gather_gathering-cluster-data[Must-gather tool]
 * link:https://github.com/kubernetes/apiserver/blob/master/pkg/apis/audit/v1/types.go#L72[API audit log event structure]
 * xref:../security/audit-log-policy-config.adoc#audit-log-policy-config[Configuring the audit log policy]
-* xref:../logging/cluster-logging-external.adoc#cluster-logging-external[Forwarding logs to third party systems]
+* xref:../logging/log_collection_forwarding/log-forwarding.adoc#log-forwarding[About log forwarding]
 endif::[]
diff --git a/security/cert_manager_operator/cert-manager-authenticate-aws.adoc b/security/cert_manager_operator/cert-manager-authenticate-aws.adoc
index 6635ed373d2d..d3cd48fb8400 100644
--- a/security/cert_manager_operator/cert-manager-authenticate-aws.adoc
+++ b/security/cert_manager_operator/cert-manager-authenticate-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-authenticate-aws"]
 = Authenticating the {cert-manager-operator} with AWS Security Token Service
 include::_attributes/common-attributes.adoc[]
@@ -13,4 +13,4 @@ include::modules/cert-manager-configure-cloud-credentials-aws-sts.adoc[leveloffs
 [role="_additional-resources"]
 [id="additional-resources_cert-manager-authenticate-gcp"]
 == Additional resources
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-ccoctl-configuring_cco-mode-sts[Configuring the Cloud Credential Operator utility]
\ No newline at end of file
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
\ No newline at end of file
diff --git a/security/cert_manager_operator/cert-manager-authenticate-gcp.adoc b/security/cert_manager_operator/cert-manager-authenticate-gcp.adoc
index 14ff93ba08d8..ef24be242a47 100644
--- a/security/cert_manager_operator/cert-manager-authenticate-gcp.adoc
+++ b/security/cert_manager_operator/cert-manager-authenticate-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-authenticate-gcp"]
 = Authenticating the {cert-manager-operator} with GCP Workload Identity
 include::_attributes/common-attributes.adoc[]
@@ -13,5 +13,4 @@ include::modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc[leveloffs
 [role="_additional-resources"]
 [id="additional-resources_cert-manager-authenticate-gcp-workload-identity"]
 == Additional resources
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-ccoctl-configuring_cco-mode-sts[Configuring the Cloud Credential Operator utility]
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc#gcp-workload-identity-mode-installing[Configuring an {product-title} cluster by using the manual mode with GCP Workload Identity]
\ No newline at end of file
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#cco-ccoctl-configuring_installing-gcp-customizations[Configuring the Cloud Credential Operator utility]
\ No newline at end of file
diff --git a/security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc b/security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc
index b5b6cae5c9b4..86b71ad4b7d4 100644
--- a/security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc
+++ b/security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-authenticate-non-sts-gcp"]
 = Authenticating the {cert-manager-operator} on GCP
 include::_attributes/common-attributes.adoc[]
diff --git a/security/cert_manager_operator/cert-manager-authentication-non-sts.adoc b/security/cert_manager_operator/cert-manager-authentication-non-sts.adoc
index a616febe2447..892b2e875d81 100644
--- a/security/cert_manager_operator/cert-manager-authentication-non-sts.adoc
+++ b/security/cert_manager_operator/cert-manager-authentication-non-sts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-authentication-non-sts"]
 = Authenticating the {cert-manager-operator} on AWS
 include::_attributes/common-attributes.adoc[]
diff --git a/security/cert_manager_operator/cert-manager-creating-certificate.adoc b/security/cert_manager_operator/cert-manager-creating-certificate.adoc
new file mode 100644
index 000000000000..ced717dda4d4
--- /dev/null
+++ b/security/cert_manager_operator/cert-manager-creating-certificate.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cert-manager-creating-certificate"]
+= Configuring certificates with an issuer
+include::_attributes/common-attributes.adoc[]
+:context: cert-manager-creating-certificate
+
+toc::[]
+
+By using the {cert-manager-operator}, you can manage certificates, handling tasks such as renewal and issuance, for workloads within the cluster, as well as components interacting externally to the cluster.
+
+include::modules/cert-manager-certificate-mgmt.adoc[leveloffset=+1]
+
+include::modules/cert-manager-certificate-api-server.adoc[leveloffset=+1]
+
+include::modules/cert-manager-certificate-ingress.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_cert-manager-creating-certificate"]
+== Additional resources
+* Configuring an issuer
+
+** xref:../../security/cert_manager_operator/index.adoc#cert-manager-issuer-types_cert-manager-operator-about[Supported issuer types]
+
+** xref:../../security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc#cert-manager-operator-issuer-acme[Configuring an ACME issuer]
+
+* xref:../../security/certificates/api-server.adoc#customize-certificates-api-add-named_api-server-certificates[Adding an API server named certificate]
+
+* xref:../../security/certificates/replacing-default-ingress-certificate.adoc#replacing-default-ingress[Replacing the default ingress certificate]
\ No newline at end of file
diff --git a/security/cert_manager_operator/cert-manager-customizing-api-fields.adoc b/security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
index 553d4b0ccb54..35f24a090f4c 100644
--- a/security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
+++ b/security/cert_manager_operator/cert-manager-customizing-api-fields.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-customizing-api-fields"]
 = Customizing cert-manager Operator API fields
 include::_attributes/common-attributes.adoc[]
@@ -15,4 +15,8 @@ To override unsupported arguments, you can add `spec.unsupportedConfigOverrides`
 
 include::modules/cert-manager-override-environment-variables.adoc[leveloffset=+1]
 
-include::modules/cert-manager-override-arguments.adoc[leveloffset=+1]
\ No newline at end of file
+include::modules/cert-manager-override-arguments.adoc[leveloffset=+1]
+
+include::modules/cert-manager-override-flag-controller.adoc[leveloffset=+1]
+
+include::modules/cert-manager-configure-cpu-memory.adoc[leveloffset=+1]
diff --git a/security/cert_manager_operator/cert-manager-log-levels.adoc b/security/cert_manager_operator/cert-manager-log-levels.adoc
index 05e390bcdaba..f4bc4fdd5e56 100644
--- a/security/cert_manager_operator/cert-manager-log-levels.adoc
+++ b/security/cert_manager_operator/cert-manager-log-levels.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-log-levels"]
 = Configuring log levels for cert-manager and the {cert-manager-operator}
 include::_attributes/common-attributes.adoc[]
diff --git a/security/cert_manager_operator/cert-manager-monitoring.adoc b/security/cert_manager_operator/cert-manager-monitoring.adoc
index bab37dd910e3..4bb6ecbeb93c 100644
--- a/security/cert_manager_operator/cert-manager-monitoring.adoc
+++ b/security/cert_manager_operator/cert-manager-monitoring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-monitoring"]
 = Enabling monitoring for the {cert-manager-operator}
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,6 @@ include::modules/cert-manager-enable-metrics.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../monitoring/enabling-monitoring-for-user-defined-projects.adoc#enabling-monitoring-for-user-defined-projects_enabling-monitoring-for-user-defined-projects[Enabling monitoring for user-defined projects]
 * xref:../../monitoring/managing-metrics.adoc#setting-up-metrics-collection-for-user-defined-projects_managing-metrics[Setting up metrics collection for user-defined projects]
 
 // Querying metrics for the {cert-manager-operator}
diff --git a/security/cert_manager_operator/cert-manager-operator-install.adoc b/security/cert_manager_operator/cert-manager-operator-install.adoc
index f0b9db815a53..c53b264a300b 100644
--- a/security/cert_manager_operator/cert-manager-operator-install.adoc
+++ b/security/cert_manager_operator/cert-manager-operator-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-operator-install"]
 = Installing the {cert-manager-operator}
 include::_attributes/common-attributes.adoc[]
@@ -11,8 +11,12 @@ The {cert-manager-operator} is not installed in {product-title} by default. You
 // Installing the {cert-manager-operator} using the web console
 include::modules/cert-manager-install-console.adoc[leveloffset=+1]
 
+// Updating paths for the {cert-manager-operator}
+include::modules/cert-manager-operator-update-channels.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 [id="cert-manager-operator-install_additional-resources"]
 == Additional resources
 
 * xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-adding-operators-to-a-cluster[Adding Operators to a cluster]
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
diff --git a/security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc b/security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
index 2564cb8dde08..ac899f062f85 100644
--- a/security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
+++ b/security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc
@@ -1,12 +1,34 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-operator-issuer-acme"]
-= Managing certificates with an ACME issuer
+= Configuring an ACME issuer
 include::_attributes/common-attributes.adoc[]
 :context: cert-manager-operator-issuer-acme
 
 toc::[]
 
-The {cert-manager-operator} supports using ACME CA servers, such as Let's Encrypt, to issue certificates.
+The {cert-manager-operator} supports using Automated Certificate Management Environment (ACME) CA servers, such as _Let's Encrypt_, to issue certificates. Explicit credentials are configured by specifying the secret details in the `Issuer` API object. Ambient credentials are extracted from the environment, metadata services, or local files which are not explicitly configured in the `Issuer` API object.
+
+[NOTE]
+====
+The `Issuer` object is namespace scoped. It can only issue certificates from the same namespace. You can also use the `ClusterIssuer` object to issue certificates across all namespaces in the cluster.
+
+.Example YAML file that defines the `ClusterIssuer` object
+[source,yaml]
+----
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: acme-cluster-issuer
+spec:
+  acme:
+    ...
+----
+====
+
+[NOTE]
+====
+By default, you can use the `ClusterIssuer` object with ambient credentials. To use the `Issuer` object with ambient credentials, you must enable the `--issuer-ambient-credentials` setting for the cert-manager controller.
+====
 
 // About ACME issuers
 include::modules/cert-manager-acme-about.adoc[leveloffset=+1]
@@ -20,5 +42,29 @@ include::modules/cert-manager-acme-dns-providers.adoc[leveloffset=+2]
 // Configuring an ACME issuer to solve HTTP01 challenges
 include::modules/cert-manager-acme-http01.adoc[leveloffset=+1]
 
-// Configuring an ACME issuer to solve DNS01 challenges
-include::modules/cert-manager-acme-dns01-aws.adoc[leveloffset=+1]
+// Configuring an ACME issuer to solve DNS01 challenges by using explicit credentials on AWS
+include::modules/cert-manager-acme-dns01-explicit-aws.adoc[leveloffset=+1]
+
+//Configuring an ACME issuer to solve DNS01 challenges by using ambient credentials on AWS
+include::modules/cert-manager-acme-dns01-ambient-aws.adoc[leveloffset=+1]
+
+// Configuring an ACME issuer to solve DNS01 challenges by using explicit credentials on GCP
+include::modules/cert-manager-acme-dns01-explicit-gcp.adoc[leveloffset=+1]
+
+// Configuring an ACME issuer to solve DNS01 challenges by using ambient credentials on GCP
+include::modules/cert-manager-acme-dns01-ambient-gcp.adoc[leveloffset=+1]
+
+// Configuring an ACME issuer to solve DNS01 challenges by using explicit credentials on Microsoft Azure
+include::modules/cert-manager-acme-dns01-explicit-azure.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_cert-manager-operator-issuer-acme"]
+== Additional resources
+
+* xref:../../security/cert_manager_operator/cert-manager-authenticate-aws.adoc#cert-manager-configure-cloud-credentials-aws-sts_cert-manager-authenticate-aws[Configuring cloud credentials for the {cert-manager-operator} for the AWS Security Token Service cluster]
+
+* xref:../../security/cert_manager_operator/cert-manager-authentication-non-sts.adoc#cert-manager-configure-cloud-credentials-aws-non-sts_cert-manager-authentication-non-sts[Configuring cloud credentials for the {cert-manager-operator} on AWS]
+
+* xref:../../security/cert_manager_operator/cert-manager-authenticate-gcp.adoc#cert-manager-configure-cloud-credentials-gcp-sts_cert-manager-authenticate-gcp[Configuring cloud credentials for the {cert-manager-operator} with GCP Workload Identity]
+
+* xref:../../security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc#cert-manager-configure-cloud-credentials-gcp-non-sts_cert-manager-authenticate-non-sts-gcp[Configuring cloud credentials for the {cert-manager-operator} on GCP]
\ No newline at end of file
diff --git a/security/cert_manager_operator/cert-manager-operator-proxy.adoc b/security/cert_manager_operator/cert-manager-operator-proxy.adoc
index a83078fc445b..518556fc8356 100644
--- a/security/cert_manager_operator/cert-manager-operator-proxy.adoc
+++ b/security/cert_manager_operator/cert-manager-operator-proxy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-operator-proxy"]
 = Configuring the egress proxy for the {cert-manager-operator}
 include::_attributes/common-attributes.adoc[]
diff --git a/security/cert_manager_operator/cert-manager-operator-release-notes.adoc b/security/cert_manager_operator/cert-manager-operator-release-notes.adoc
index a854aa5a2de7..907bfc831ad5 100644
--- a/security/cert_manager_operator/cert-manager-operator-release-notes.adoc
+++ b/security/cert_manager_operator/cert-manager-operator-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-operator-release-notes"]
 = {cert-manager-operator} release notes
 include::_attributes/common-attributes.adoc[]
@@ -12,116 +12,32 @@ These release notes track the development of {cert-manager-operator}.
 
 For more information, see xref:../../security/cert_manager_operator/index.adoc#cert-manager-operator-about[About the {cert-manager-operator}].
 
-[id="cert-manager-operator-release-notes-1.11.1"]
-== Release notes for {cert-manager-operator} 1.11.1
+[id="cert-manager-operator-release-notes-1-13"]
+== Release notes for {cert-manager-operator} 1.13.0
 
-Issued: 2023-06-21
+Issued: 2024-01-16
 
-The following advisory is available for the {cert-manager-operator} 1.11.1:
+The following advisory is available for the {cert-manager-operator} 1.13.0:
 
-* link:https://access.redhat.com/errata/RHEA-2023:3439[RHEA-2023:3439]
+* link:https://access.redhat.com/errata/RHEA-2024:0259[RHEA-2024:0259]
 
-For more information, see the link:https://cert-manager.io/docs/release-notes/release-notes-1.11/[cert-manager project release notes for v1.11].
+Version `1.13.0` of the {cert-manager-operator} is based on the upstream cert-manager version `v1.13.3`. For more information, see the link:https://cert-manager.io/docs/release-notes/release-notes-1.13/#v1133[cert-manager project release notes for v1.13.0].
 
-[id="cert-manager-operator-1.11.1-new-features-and-enhancements"]
+[id="cert-manager-operator-new-features-1-13"]
 === New features and enhancements
 
-This is the general availability (GA) release of the {cert-manager-operator}.
+* You can now manage certificates for API Server and Ingress Controller by using the {cert-manager-operator}.
+For more information, see xref:../../security/cert_manager_operator/cert-manager-creating-certificate.adoc#cert-manager-creating-certificate[Configuring certificates with an issuer].
 
-[id="cert-manager-log-level-1.11.1"]
-==== Setting log levels for cert-manager and the {cert-manager-operator}
-* To troubleshoot issues with cert-manager and the {cert-manager-operator}, you can now configure the log level verbosity by setting a log level for cert-manager and the {cert-manager-operator}. For more information, see xref:../../security/cert_manager_operator/cert-manager-log-levels.adoc#cert-manager-log-levels[Configuring log levels for cert-manager and the {cert-manager-operator}].
+* With this release, the scope of the {cert-manager-operator}, which was previously limited to the {product-title} on AMD64 architecture, has now been expanded to include support for managing certificates on {product-title} running on {ibm-z-name} (`s390x`), {ibm-power-name} (`ppc64le`) and ARM64 architectures.
 
-[id="cert-manager-authentication-aws-1.11.1"]
-==== Authenticating the {cert-manager-operator} with AWS
-* You can now configure cloud credentials for the {cert-manager-operator} on AWS clusters with Security Token Service (STS) and without STS. For more information, see xref:../../security/cert_manager_operator/cert-manager-authenticate-aws.adoc#cert-manager-authenticate-aws[Authenticating the {cert-manager-operator} on AWS  Security Token Service] and xref:../../security/cert_manager_operator/cert-manager-authentication-non-sts.adoc#cert-manager-authentication-non-sts[Authenticating the {cert-manager-operator} on AWS].
+* With this release, you can use DNS over HTTPS (DoH) for performing the self-checks during the ACME DNS-01 challenge verification. The DNS self-check method can be controlled by using the command line flags, `--dns01-recursive-nameservers-only` and `--dns01-recursive-nameservers`.
+For more information, see xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.html#cert-manager-override-arguments_cert-manager-customizing-api-fields[Customizing cert-manager by overriding arguments from the cert-manager Operator API].
 
-[id="cert-manager-authentication-gcp-1.11.1"]
-==== Authenticating the {cert-manager-operator} with GCP
-* You can now configure cloud credentials for the {cert-manager-operator} on GCP clusters with Workload Identity and without Workload Identity. For more information, see xref:../../security/cert_manager_operator/cert-manager-authenticate-gcp.adoc#cert-manager-authenticate-gcp[Authenticating the {cert-manager-operator} with GCP Workload Identity] and xref:../../security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc#cert-manager-authenticate-non-sts-gcp[Authenticating the {cert-manager-operator} with GCP]
+[id="cert-manager-operator-1-13-CVEs"]
+=== CVEs
 
-[id="cert-manager-operator-1.11.1-bug-fixes"]
-=== Bug fixes
-
-* Previously, the `cm-acme-http-solver` pod did not use the latest published Red Hat image `registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9`. With this release, the `cm-acme-http-solver` pod uses the latest published Red Hat image `registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9`. (link:https://issues.redhat.com/browse/OCPBUGS-10821[*OCPBUGS-10821*])
-
-* Previously, the {cert-manager-operator} did not support changing labels for cert-manager pods such as controller, CA injector, and Webhook pods. With this release, you can add labels to cert-manager pods. (link:https://issues.redhat.com/browse/OCPBUGS-8466[*OCPBUGS-8466*])
-
-* Previously, you could not update the log verbosity level in the {cert-manager-operator}. You can now update the log verbosity level by using an environmental variable `OPERATOR_LOG_LEVEL` in its subscription resource. (link:https://issues.redhat.com/browse/OCPBUGS-9994[*OCPBUGS-9994*])
-
-* Previously, when uninstalling the {cert-manager-operator}, if you select the *Delete all operand instances for this operator* checkbox in the {product-title} web console, the Operator was not uninstalled properly. The {cert-manager-operator} is now properly uninstalled. (link:https://issues.redhat.com/browse/OCPBUGS-9960[*OCPBUGS-9960*])
-
-* Previously, the {cert-manager-operator} did not support using Google workload identity federation. The {cert-manager-operator} now supports using Google workload identity federation. (link:https://issues.redhat.com/browse/OCPBUGS-9998[*OCPBUGS-9998*])
-
-[id="cert-manager-operator-1.11.1-known-issues"]
-=== Known issues
-
-* After installing the {cert-manager-operator}, if you navigate to *Operators → Installed Operators* and select *Operator details* in the {product-title} web console, you cannot see the cert-manager resources that are created across all namespaces. As a workaround, you can navigate to *Home -> API Explorer* to see the cert-manager resources. (link:https://issues.redhat.com/browse/OCPBUGS-11647[*OCPBUGS-11647*])
-
-* After uninstalling the {cert-manager-operator} by using the web console, the {cert-manager-operator} does not remove the cert-manager controller, CA injector, and Webhook pods automatically from the `cert-manager` namespace. As a workaround, you can manually delete the cert-manager controller, CA injector, and Webhook pod deployments present in the `cert-manager` namespace. (link:https://issues.redhat.com/browse/OCPBUGS-13679[*OCPBUGS-13679*])
-
-[id="cert-manager-operator-release-notes-1.10.2"]
-== Release notes for {cert-manager-operator} 1.10.2
-
-Issued: 2023-03-23
-
-The following advisory is available for the {cert-manager-operator} 1.10.2:
-
-* link:https://access.redhat.com/errata/RHEA-2023:1238[RHEA-2023:1238]
-
-For more information, see the link:https://cert-manager.io/docs/release-notes/release-notes-1.10[cert-manager project release notes for v1.10].
-
-[IMPORTANT]
-====
-If you used the Technology Preview version of the {cert-manager-operator}, you must uninstall it and remove all related resources for the Technology Preview version before installing this version of the {cert-manager-operator}.
-
-For more information, see xref:../../security/cert_manager_operator/cert-manager-operator-uninstall.adoc#cert-manager-operator-uninstall[Uninstalling the {cert-manager-operator}].
-====
-
-[id="cert-manager-operator-1.10.2-new-features-and-enhancements"]
-=== New features and enhancements
-
-This is the general availability (GA) release of the {cert-manager-operator}.
-
-* The following issuer types are supported:
-** Automated Certificate Management Environment (ACME)
-** Certificate authority (CA)
-** Self-signed
-
-* The following ACME challenge types are supported:
-** DNS-01
-** HTTP-01
-
-* The following DNS-01 providers for ACME issuers are supported:
-** Amazon Route 53
-** Azure DNS
-** Google Cloud DNS
-
-* The {cert-manager-operator} now supports injecting custom CA certificates and propagating cluster-wide egress proxy environment variables.
-
-* You can customize the {cert-manager-operator} API fields by overriding environment variables and arguments. For more information, see xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-customizing-api-fields[Customizing cert-manager Operator API fields]
-
-* You can enable monitoring and metrics collection for the {cert-manager-operator} by using a service monitor to perform the custom metrics scraping. After you have enabled monitoring for the {cert-manager-operator}, you can query its metrics by using the {product-title} web console. For more information, see xref:../../security/cert_manager_operator/cert-manager-monitoring.adoc#cert-manager-monitoring[Enabling monitoring for the {cert-manager-operator}]
-
-[id="cert-manager-operator-1.10.2-bug-fixes"]
-=== Bug fixes
-
-* Previously, the `unsupportedConfigOverrides` field replaced user-provided arguments instead of appending them. Now, the `unsupportedConfigOverrides` field properly appends user-provided arguments. (link:https://issues.redhat.com/browse/CM-23[*CM-23*])
-+
-[WARNING]
-====
-Using the `unsupportedConfigOverrides` section to modify the configuration of an Operator is unsupported and might block cluster upgrades.
-====
-
-* Previously, the {cert-manager-operator} was installed as a cluster Operator. With this release, the {cert-manager-operator} is now properly installed as an OLM Operator. (link:https://issues.redhat.com/browse/CM-35[*CM-35*])
-
-[id="cert-manager-operator-1.10.2-known-issues"]
-=== Known issues
-
-* Using `Route` objects is not fully supported. Currently, to use {cert-manager-operator} with `Routes`, users must create `Ingress` objects, which are translated to `Route` objects by the Ingress-to-Route Controller. (link:https://issues.redhat.com/browse/CM-16[*CM-16*])
-
-* The {cert-manager-operator} does not support using Azure Active Directory (Azure AD) pod identities to assign a managed identity to a pod. As a workaround, you can use a service principal to assign a managed identity. (link:https://issues.redhat.com/browse/OCPBUGS-8665[*OCPBUGS-8665*])
-
-* The {cert-manager-operator} does not support using Google workload identity federation. (link:https://issues.redhat.com/browse/OCPBUGS-9998[*OCPBUGS-9998*])
-
-* When uninstalling the {cert-manager-operator}, if you select the *Delete all operand instances for this operator* checkbox in the {product-title} web console, the Operator is not uninstalled properly. As a workaround, do not select this checkbox when uninstalling the {cert-manager-operator}. (link:https://issues.redhat.com/browse/OCPBUGS-9960[*OCPBUGS-9960*])
\ No newline at end of file
+* link:https://access.redhat.com/security/cve/CVE-2023-39615[CVE-2023-39615]
+* link:https://access.redhat.com/security/cve/CVE-2023-3978[CVE-2023-3978]
+* link:https://access.redhat.com/security/cve/CVE-2023-37788[CVE-2023-37788]
+* link:https://access.redhat.com/security/cve/CVE-2023-29406[CVE-2023-29406]
diff --git a/security/cert_manager_operator/cert-manager-operator-uninstall.adoc b/security/cert_manager_operator/cert-manager-operator-uninstall.adoc
index 5184d386da90..7b41223b021d 100644
--- a/security/cert_manager_operator/cert-manager-operator-uninstall.adoc
+++ b/security/cert_manager_operator/cert-manager-operator-uninstall.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-operator-uninstall"]
 = Uninstalling the {cert-manager-operator}
 include::_attributes/common-attributes.adoc[]
diff --git a/security/cert_manager_operator/index.adoc b/security/cert_manager_operator/index.adoc
index ab693aba259b..dfb1618d19ee 100644
--- a/security/cert_manager_operator/index.adoc
+++ b/security/cert_manager_operator/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-manager-operator-about"]
 = {cert-manager-operator} overview
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/aggregated-api-client-certificates.adoc b/security/certificate_types_descriptions/aggregated-api-client-certificates.adoc
index 9b2ebb8f4d63..213351c82775 100644
--- a/security/certificate_types_descriptions/aggregated-api-client-certificates.adoc
+++ b/security/certificate_types_descriptions/aggregated-api-client-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-aggregated-api-client-certificates"]
 = Aggregated API client certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/bootstrap-certificates.adoc b/security/certificate_types_descriptions/bootstrap-certificates.adoc
index 1afdfdf56e75..5bd0e542179b 100644
--- a/security/certificate_types_descriptions/bootstrap-certificates.adoc
+++ b/security/certificate_types_descriptions/bootstrap-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-bootstrap-certificates"]
 = Bootstrap certificates
 include::_attributes/common-attributes.adoc[]
@@ -17,13 +17,13 @@ In that process, the kubelet generates a CSR while communicating over the bootst
 These certificates are managed by the system and not the user.
 
 == Expiration
-This bootstrap CA is valid for 10 years.
+This bootstrap certificate is valid for 10 years.
 
 The kubelet-managed certificate is valid for one year and rotates automatically at around the 80 percent mark of that one year.
 
 [NOTE]
 ====
-OpenShift Lifecycle Manager (OLM) does not update the certificates of Operators that it manages in proxy environments. These certificates must be managed by the user using the subscription config.
+OpenShift Lifecycle Manager (OLM) does not update the bootstrap certificate.
 ====
 
 == Customization
diff --git a/security/certificate_types_descriptions/certificate-types-descriptions-index.adoc b/security/certificate_types_descriptions/certificate-types-descriptions-index.adoc
index c1be9e0fdf5c..7ecb92a38c21 100644
--- a/security/certificate_types_descriptions/certificate-types-descriptions-index.adoc
+++ b/security/certificate_types_descriptions/certificate-types-descriptions-index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ocp-certificates"]
 = Certificate types and descriptions
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/control-plane-certificates.adoc b/security/certificate_types_descriptions/control-plane-certificates.adoc
index c3b3166b29b6..142e0d3052aa 100644
--- a/security/certificate_types_descriptions/control-plane-certificates.adoc
+++ b/security/certificate_types_descriptions/control-plane-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-control-plane-certificates"]
 = Control plane certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/etcd-certificates.adoc b/security/certificate_types_descriptions/etcd-certificates.adoc
index 99f17e2b6c67..268ed00dd495 100644
--- a/security/certificate_types_descriptions/etcd-certificates.adoc
+++ b/security/certificate_types_descriptions/etcd-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-etcd-certificates"]
 = etcd certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/ingress-certificates.adoc b/security/certificate_types_descriptions/ingress-certificates.adoc
index df858ab9ecfa..6de6bcc0d31f 100644
--- a/security/certificate_types_descriptions/ingress-certificates.adoc
+++ b/security/certificate_types_descriptions/ingress-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-ingress-certificates"]
 = Ingress certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/machine-config-operator-certificates.adoc b/security/certificate_types_descriptions/machine-config-operator-certificates.adoc
index 149e8b14714a..6ec727423c6a 100644
--- a/security/certificate_types_descriptions/machine-config-operator-certificates.adoc
+++ b/security/certificate_types_descriptions/machine-config-operator-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-machine-config-operator-certificates"]
 = Machine Config Operator certificates
 include::_attributes/common-attributes.adoc[]
@@ -8,24 +8,48 @@ toc::[]
 
 == Purpose
 
-Machine Config Operator certificates are used to secure connections between the Red Hat Enterprise Linux CoreOS (RHCOS) nodes and the Machine Config Server.
+This certificate authority is used to secure connections from nodes to Machine Config Server (MCS) during initial provisioning.
+
+There are two certificates:
+. A self-signed CA, the MCS CA
+. A derived certificate, the MCS cert
+
+=== Provisioning details
+
+{product-title} installations that use {op-system-first} are installed by using Ignition. This process is split into two parts:
+
+. An Ignition config is created that references a URL for the full configuration served by the MCS.
+. For user-provisioned infrastucture installation methods, the Ignition config manifests as a `worker.ign` file created by the `openshift-install` command. For installer-provisioned infrastructure installation methods that use the Machine API Operator, this configuration appears as the `worker-user-data` secret.
 
 include::snippets/mcs-endpoint-limitation.adoc[]
 
 .Additional resources
 
+* xref:../../post_installation_configuration/machine-configuration-tasks.adoc#understanding-the-machine-config-operator[Understanding the Machine Config Operator].
+
 * xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[About the OpenShift SDN network plugin].
 
+=== Provisioning chain of trust
+
+The MCS CA is injected into the Ignition configuration under the `security.tls.certificateAuthorities` configuration field. The MCS then provides the complete configuration using the MCS cert presented by the web server.
+
+The client validates that the MCS cert presented by the server has a chain of trust to an authority it recognizes. In this case, the MCS CA is that authority, and it signs the MCS cert. This ensures that the client is accessing the correct server. The client in this case is Ignition running on a machine in the initramfs.
+
+=== Key material inside a cluster
+
+The MCS CA appears in the cluster as a config map in the `kube-system` namespace, `root-ca` object, with `ca.crt` key.  The private key is not stored in the cluster and is discarded after the installation completes.
+
+The MCS cert appears in the cluster as a secret in the `openshift-machine-config-operator` namespace and `machine-config-server-tls` object with the `tls.crt` and `tls.key` keys.
 
 == Management
 
-These certificates are managed by the system and not the user.
+At this time, directly modifying either of these certificates is not supported.
 
 == Expiration
-This CA is valid for 10 years.
+The MCS CA is valid for 10 years.
 
 The issued serving certificates are valid for 10 years.
 
 == Customization
 
-You cannot customize the Machine Config Operator certificates.
\ No newline at end of file
+You cannot customize the Machine Config Operator certificates.
diff --git a/security/certificate_types_descriptions/monitoring-and-cluster-logging-operator-component-certificates.adoc b/security/certificate_types_descriptions/monitoring-and-cluster-logging-operator-component-certificates.adoc
index 13345ffe8417..03bdedba6e3b 100644
--- a/security/certificate_types_descriptions/monitoring-and-cluster-logging-operator-component-certificates.adoc
+++ b/security/certificate_types_descriptions/monitoring-and-cluster-logging-operator-component-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-monitoring-and-cluster-logging-operator-component-certificates"]
 = Monitoring and OpenShift Logging Operator component certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/node-certificates.adoc b/security/certificate_types_descriptions/node-certificates.adoc
index 2965a70d9fbc..e96826500887 100644
--- a/security/certificate_types_descriptions/node-certificates.adoc
+++ b/security/certificate_types_descriptions/node-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-node-certificates"]
 = Node certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/olm-certificates.adoc b/security/certificate_types_descriptions/olm-certificates.adoc
index a926a8b3bbbe..a2597df93d60 100644
--- a/security/certificate_types_descriptions/olm-certificates.adoc
+++ b/security/certificate_types_descriptions/olm-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-olm-certificates"]
 = OLM certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/proxy-certificates.adoc b/security/certificate_types_descriptions/proxy-certificates.adoc
index ffb3865378f1..e2ee088d8be8 100644
--- a/security/certificate_types_descriptions/proxy-certificates.adoc
+++ b/security/certificate_types_descriptions/proxy-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-proxy-certificates"]
 = Proxy certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/service-ca-certificates.adoc b/security/certificate_types_descriptions/service-ca-certificates.adoc
index d151323d1e0e..e6041ab81afa 100644
--- a/security/certificate_types_descriptions/service-ca-certificates.adoc
+++ b/security/certificate_types_descriptions/service-ca-certificates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-service-ca-certificates"]
 = Service CA certificates
 include::_attributes/common-attributes.adoc[]
@@ -47,11 +47,13 @@ Services that use service CA certificates include:
 * cluster-openshift-apiserver-operator
 * cluster-openshift-controller-manager-operator
 * cluster-samples-operator
+* cluster-storage-operator
 * machine-config-operator
 * console-operator
 * insights-operator
 * machine-api-operator
 * operator-lifecycle-manager
+* CSI driver operators
 
 This is not a comprehensive list.
 
diff --git a/security/certificate_types_descriptions/user-provided-certificates-for-api-server.adoc b/security/certificate_types_descriptions/user-provided-certificates-for-api-server.adoc
index 06083ccf6c9e..7b8eca667216 100644
--- a/security/certificate_types_descriptions/user-provided-certificates-for-api-server.adoc
+++ b/security/certificate_types_descriptions/user-provided-certificates-for-api-server.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-user-provided-certificates-for-the-api-server"]
 = User-provided certificates for the API server
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificate_types_descriptions/user-provided-certificates-for-default-ingress.adoc b/security/certificate_types_descriptions/user-provided-certificates-for-default-ingress.adoc
index 7fc5da412185..9d840308c609 100644
--- a/security/certificate_types_descriptions/user-provided-certificates-for-default-ingress.adoc
+++ b/security/certificate_types_descriptions/user-provided-certificates-for-default-ingress.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="cert-types-user-provided-certificates-for-default-ingress"]
 = User-provided certificates for default ingress
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificates/api-server.adoc b/security/certificates/api-server.adoc
index 5645e7116973..425fd4347aab 100644
--- a/security/certificates/api-server.adoc
+++ b/security/certificates/api-server.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="api-server-certificates"]
 = Adding API server certificates
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificates/replacing-default-ingress-certificate.adoc b/security/certificates/replacing-default-ingress-certificate.adoc
index 584de1560af0..d97e13c3d846 100644
--- a/security/certificates/replacing-default-ingress-certificate.adoc
+++ b/security/certificates/replacing-default-ingress-certificate.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="replacing-default-ingress"]
 = Replacing the default ingress certificate
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificates/service-serving-certificate.adoc b/security/certificates/service-serving-certificate.adoc
index 773d690d3fd9..5f45ab2296aa 100644
--- a/security/certificates/service-serving-certificate.adoc
+++ b/security/certificates/service-serving-certificate.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="add-service-serving"]
 = Securing service traffic using service serving certificate secrets
 include::_attributes/common-attributes.adoc[]
diff --git a/security/certificates/updating-ca-bundle.adoc b/security/certificates/updating-ca-bundle.adoc
index f30d51dea8b9..96ad6e686adf 100644
--- a/security/certificates/updating-ca-bundle.adoc
+++ b/security/certificates/updating-ca-bundle.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-ca-bundle"]
 = Updating the CA bundle
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+
 include::modules/ca-bundle-understanding.adoc[leveloffset=+1]
 
 include::modules/ca-bundle-replacing.adoc[leveloffset=+1]
diff --git a/security/compliance_operator/co-concepts/_attributes b/security/compliance_operator/co-concepts/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/security/compliance_operator/co-concepts/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/security/compliance_operator/compliance-operator-crd.adoc b/security/compliance_operator/co-concepts/compliance-operator-crd.adoc
similarity index 98%
rename from security/compliance_operator/compliance-operator-crd.adoc
rename to security/compliance_operator/co-concepts/compliance-operator-crd.adoc
index 56591041b06e..f925f597a518 100644
--- a/security/compliance_operator/compliance-operator-crd.adoc
+++ b/security/compliance_operator/co-concepts/compliance-operator-crd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="custom-resource-definitions"]
 = Understanding the Custom Resource Definitions
 include::_attributes/common-attributes.adoc[]
diff --git a/security/compliance_operator/compliance-operator-understanding.adoc b/security/compliance_operator/co-concepts/compliance-operator-understanding.adoc
similarity index 81%
rename from security/compliance_operator/compliance-operator-understanding.adoc
rename to security/compliance_operator/co-concepts/compliance-operator-understanding.adoc
index d4dd18ebf332..ab8f9a832144 100644
--- a/security/compliance_operator/compliance-operator-understanding.adoc
+++ b/security/compliance_operator/co-concepts/compliance-operator-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-compliance-operator"]
 = Understanding the Compliance Operator
 include::_attributes/common-attributes.adoc[]
@@ -19,4 +19,4 @@ include::modules/compliance-profiles.adoc[leveloffset=+1]
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../security/compliance_operator/compliance-operator-supported-profiles.html#compliance-operator-supported-profiles[Supported compliance profiles]
+* xref:../../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]
diff --git a/security/compliance_operator/co-concepts/images b/security/compliance_operator/co-concepts/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/security/compliance_operator/co-concepts/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/security/compliance_operator/co-concepts/modules b/security/compliance_operator/co-concepts/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/security/compliance_operator/co-concepts/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/security/compliance_operator/co-concepts/snippets b/security/compliance_operator/co-concepts/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/security/compliance_operator/co-concepts/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/security/compliance_operator/co-management/_attributes b/security/compliance_operator/co-management/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/security/compliance_operator/co-management/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/security/compliance_operator/co-management/compliance-operator-installation.adoc b/security/compliance_operator/co-management/compliance-operator-installation.adoc
new file mode 100644
index 000000000000..95ec138ebc9d
--- /dev/null
+++ b/security/compliance_operator/co-management/compliance-operator-installation.adoc
@@ -0,0 +1,50 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="compliance-operator-installation"]
+= Installing the Compliance Operator
+include::_attributes/common-attributes.adoc[]
+:context: compliance-operator-installation
+
+toc::[]
+
+Before you can use the Compliance Operator, you must ensure it is deployed in the cluster.
+
+[IMPORTANT]
+====
+The Compliance Operator might report incorrect results on managed platforms, such as OpenShift Dedicated, Red Hat OpenShift Service on AWS, and Microsoft Azure Red Hat OpenShift. For more information, see the link:https://access.redhat.com/solutions/6983418[Red Hat Knowledgebase Solution #6983418].
+====
+
+include::modules/compliance-operator-console-installation.adoc[leveloffset=+1]
+
+[IMPORTANT]
+====
+If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues.
+
+You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
+====
+
+include::modules/compliance-operator-cli-installation.adoc[leveloffset=+1]
+
+[IMPORTANT]
+====
+If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues.
+
+You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
+====
+
+// only applies to 4.11+
+include::modules/compliance-operator-hcp-install.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+// 4.13+
+* xref:../../../hosted_control_planes/index.adoc#hcp-overview[Hosted control planes overview]
+//
+// 4.11-4.12, commenting out of 4.13-main
+//* xref:../../../architecture/control-plane.adoc#hosted-control-planes-overview_control-plane[Overview of hosted control planes (Technology Preview)]
+
+[id="additional-resources-installing-the-compliance-operator"]
+[role="_additional-resources"]
+== Additional resources
+
+* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
diff --git a/security/compliance_operator/co-management/compliance-operator-manage.adoc b/security/compliance_operator/co-management/compliance-operator-manage.adoc
new file mode 100644
index 000000000000..ce10a516bad5
--- /dev/null
+++ b/security/compliance_operator/co-management/compliance-operator-manage.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="compliance-operator-understanding"]
+= Managing the Compliance Operator
+include::_attributes/common-attributes.adoc[]
+:context: managing-compliance
+
+toc::[]
+
+This section describes the lifecycle of security content, including how to use an updated version of compliance content and how to create a custom `ProfileBundle` object.
+
+include::modules/compliance-profilebundle.adoc[leveloffset=+1]
+
+include::modules/compliance-update.adoc[leveloffset=+1]
+
+[id="additional-resources_managing-the-compliance-operator"]
+[role="_additional-resources"]
+== Additional resources
+
+* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
diff --git a/security/compliance_operator/compliance-operator-uninstallation.adoc b/security/compliance_operator/co-management/compliance-operator-uninstallation.adoc
similarity index 83%
rename from security/compliance_operator/compliance-operator-uninstallation.adoc
rename to security/compliance_operator/co-management/compliance-operator-uninstallation.adoc
index 38f7718d73ee..5a62eef99ec3 100644
--- a/security/compliance_operator/compliance-operator-uninstallation.adoc
+++ b/security/compliance_operator/co-management/compliance-operator-uninstallation.adoc
@@ -1,5 +1,5 @@
-:_content-type: ASSEMBLY
-[id="compliance-operator-uninstallation_{context}"]
+:_mod-docs-content-type: ASSEMBLY
+[id="compliance-operator-uninstallation"]
 = Uninstalling the Compliance Operator
 include::_attributes/common-attributes.adoc[]
 :context: compliance-operator-uninstallation
diff --git a/security/compliance_operator/co-management/compliance-operator-updating.adoc b/security/compliance_operator/co-management/compliance-operator-updating.adoc
new file mode 100644
index 000000000000..a1d9f2bcd0dd
--- /dev/null
+++ b/security/compliance_operator/co-management/compliance-operator-updating.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="compliance-operator-updating"]
+= Updating the Compliance Operator
+include::_attributes/common-attributes.adoc[]
+:context: compliance-operator-updating
+
+toc::[]
+
+As a cluster administrator, you can update the Compliance Operator on your {product-title} cluster.
+//
+// This will be un-commented for OCP 4.11-4.14 releases. Commented out in the main branch.
+//
+// [IMPORTANT]
+// ====
+// It is recommended to update the Compliance Operator to version 1.3.1 or later before updating your {product-title} cluster to version 4.14 or later.
+// ====
+
+include::modules/olm-preparing-upgrade.adoc[leveloffset=+1]
+include::modules/olm-changing-update-channel.adoc[leveloffset=+1]
+include::modules/olm-approving-pending-upgrade.adoc[leveloffset=+1]
+
+// [id="additional-resources-updating-the-compliance-operator"]
+// [role="_additional-resources"]
+// == Additional resources
+//
+// * For more information, see xref:../../../operators/admin/
\ No newline at end of file
diff --git a/security/compliance_operator/co-management/images b/security/compliance_operator/co-management/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/security/compliance_operator/co-management/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/security/compliance_operator/co-management/modules b/security/compliance_operator/co-management/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/security/compliance_operator/co-management/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/security/compliance_operator/co-management/snippets b/security/compliance_operator/co-management/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/security/compliance_operator/co-management/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/security/compliance_operator/co-overview.adoc b/security/compliance_operator/co-overview.adoc
new file mode 100644
index 000000000000..ab9701d0c6ca
--- /dev/null
+++ b/security/compliance_operator/co-overview.adoc
@@ -0,0 +1,50 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="co-overview"]
+= Compliance Operator overview
+include::_attributes/common-attributes.adoc[]
+:context: co-overview
+
+{product-title} Compliance Operator (CO) runs compliance scans and provides remediations to assist users in meeting compliance standards. For the latest updates, see the xref:../../security/compliance_operator/compliance-operator-release-notes.adoc#compliance-operator-release-notes[Compliance Operator release notes]. If needed, you can engage link:https://access.redhat.com/support/[Red Hat support].
+
+[IMPORTANT]
+====
+The Compliance Operator does not automatically perform remediations. Ensuring compliance standards are met is required by the user.
+====
+
+[discrete]
+==== Compliance Operator concepts
+
+xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#compliance-operator-understanding[Understanding the Compliance Operator]
+
+xref:../../security/compliance_operator/co-concepts/compliance-operator-crd.adoc#custom-resource-definitions[Understanding the Custom Resource Definitions]
+//[new page] Quick start?
+
+[discrete]
+==== Compliance Operator management
+
+xref:../../security/compliance_operator/co-management/compliance-operator-installation.adoc#compliance-operator-installation[Installing the Compliance Operator]
+
+xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#compliance-operator-updating[Updating the Compliance Operator]
+
+xref:../../security/compliance_operator/co-management/compliance-operator-manage.adoc#compliance-operator-understanding[Managing the Compliance Operator]
+
+xref:../../security/compliance_operator/co-management/compliance-operator-uninstallation.adoc#compliance-operator-uninstallation[Uninstalling the Compliance Operator]
+
+[discrete]
+==== Compliance Operator scan management
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]
+
+xref:../../security/compliance_operator/co-scans/compliance-scans.adoc#compliance-operator-scans[Compliance Operator scans]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-tailor.adoc#compliance-operator-tailor[Tailoring the Compliance Operator]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-raw-results.adoc#compliance-operator-raw-results[Retrieving Compliance Operator raw results]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-operator-remediation[Managing Compliance Operator remediation]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-operator-advanced[Performing advanced Compliance Operator tasks]
+
+xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-operator-troubleshooting[Troubleshooting the Compliance Operator]
+
+xref:../../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[Using the oc-compliance plugin]
\ No newline at end of file
diff --git a/security/compliance_operator/co-scans/_attributes b/security/compliance_operator/co-scans/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/security/compliance_operator/co-scans/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/security/compliance_operator/compliance-operator-advanced.adoc b/security/compliance_operator/co-scans/compliance-operator-advanced.adoc
similarity index 86%
rename from security/compliance_operator/compliance-operator-advanced.adoc
rename to security/compliance_operator/co-scans/compliance-operator-advanced.adoc
index a7aa0af28008..7ceb9ab69a40 100644
--- a/security/compliance_operator/compliance-operator-advanced.adoc
+++ b/security/compliance_operator/co-scans/compliance-operator-advanced.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compliance-operator-advanced"]
 = Performing advanced Compliance Operator tasks
 include::_attributes/common-attributes.adoc[]
@@ -27,4 +27,4 @@ include::modules/compliance-custom-scc.adoc[leveloffset=+1]
 [id="additional-resources_compliance-operator-advanced"]
 [role="_additional-resources"]
 == Additional resources
-* xref:../../authentication/managing-security-context-constraints.adoc[Managing security context constraints]
+* xref:../../../authentication/managing-security-context-constraints.adoc[Managing security context constraints]
diff --git a/security/compliance_operator/compliance-operator-raw-results.adoc b/security/compliance_operator/co-scans/compliance-operator-raw-results.adoc
similarity index 91%
rename from security/compliance_operator/compliance-operator-raw-results.adoc
rename to security/compliance_operator/co-scans/compliance-operator-raw-results.adoc
index b685181c461b..e15ca5e95383 100644
--- a/security/compliance_operator/compliance-operator-raw-results.adoc
+++ b/security/compliance_operator/co-scans/compliance-operator-raw-results.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compliance-operator-raw-results"]
 = Retrieving Compliance Operator raw results
 include::_attributes/common-attributes.adoc[]
diff --git a/security/compliance_operator/co-scans/compliance-operator-remediation.adoc b/security/compliance_operator/co-scans/compliance-operator-remediation.adoc
new file mode 100644
index 000000000000..d066f852b1ec
--- /dev/null
+++ b/security/compliance_operator/co-scans/compliance-operator-remediation.adoc
@@ -0,0 +1,49 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="compliance-operator-remediation"]
+= Managing Compliance Operator result and remediation
+include::_attributes/common-attributes.adoc[]
+:context: compliance-remediation
+
+toc::[]
+
+Each `ComplianceCheckResult` represents a result of one compliance rule check. If the rule can be remediated automatically, a `ComplianceRemediation` object with the same name, owned by the `ComplianceCheckResult` is created. Unless requested, the remediations are not applied automatically, which gives an {product-title} administrator the opportunity to review what the remediation does and only apply a remediation once it has been verified.
+
+[IMPORTANT]
+====
+Full remediation for Federal Information Processing Standards (FIPS) compliance requires enabling FIPS mode for the cluster. To enable FIPS mode, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode].
+
+FIPS mode is supported on the following architectures:
+
+* `x86_64`
+* `ppc64le`
+* `s390x`
+====
+
+include::modules/compliance-filtering-results.adoc[leveloffset=+1]
+
+include::modules/compliance-review.adoc[leveloffset=+1]
+
+include::modules/compliance-apply-remediation-for-customized-mcp.adoc[leveloffset=+1]
+
+include::modules/compliance-evaluate-kubeletconfig-rules.adoc[leveloffset=+1]
+
+include::modules/compliance-custom-node-pools.adoc[leveloffset=+1]
+
+include::modules/compliance-kubeletconfig-sub-pool-remediation.adoc[leveloffset=+1]
+
+include::modules/compliance-applying.adoc[leveloffset=+1]
+
+include::modules/compliance-manual.adoc[leveloffset=+1]
+
+include::modules/compliance-updating.adoc[leveloffset=+1]
+
+include::modules/compliance-unapplying.adoc[leveloffset=+1]
+
+include::modules/compliance-removing-kubeletconfig.adoc[leveloffset=+1]
+
+include::modules/compliance-inconsistent.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+*  xref:../../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing-about_nodes-nodes-managing[Modifying nodes].
diff --git a/security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc b/security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc
new file mode 100644
index 000000000000..2ec6ad5bc455
--- /dev/null
+++ b/security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="compliance-operator-supported-profiles"]
+= Supported compliance profiles
+include::_attributes/common-attributes.adoc[]
+:context: compliance-operator-supported-profiles
+
+There are several profiles available as part of the Compliance Operator (CO) installation. While you can use the following profiles to assess gaps in a cluster, usage alone does not infer or guarantee compliance with a particular profile.
+
+
+[IMPORTANT]
+====
+The Compliance Operator might report incorrect results on managed platforms, such as OpenShift Dedicated, Red Hat OpenShift Service on AWS, and Azure Red Hat OpenShift. For more information, see the link:https://access.redhat.com/solutions/6983418[Red Hat Knowledgebase Solution #6983418].
+====
+
+include::modules/compliance-supported-profiles.adoc[leveloffset=+1]
+
+[id="additional-resources-compliance-operator-"]
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../../security/compliance_operator/co-concepts/compliance-operator-understanding.html#compliance_profile_types_understanding-compliance[Compliance Operator profile types]
\ No newline at end of file
diff --git a/security/compliance_operator/compliance-operator-tailor.adoc b/security/compliance_operator/co-scans/compliance-operator-tailor.adoc
similarity index 94%
rename from security/compliance_operator/compliance-operator-tailor.adoc
rename to security/compliance_operator/co-scans/compliance-operator-tailor.adoc
index d4fe02086b53..f8456e4c92d2 100644
--- a/security/compliance_operator/compliance-operator-tailor.adoc
+++ b/security/compliance_operator/co-scans/compliance-operator-tailor.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compliance-operator-tailor"]
 = Tailoring the Compliance Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/compliance_operator/compliance-operator-troubleshooting.adoc b/security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
similarity index 98%
rename from security/compliance_operator/compliance-operator-troubleshooting.adoc
rename to security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
index cbbe8d134efa..2de7afde065d 100644
--- a/security/compliance_operator/compliance-operator-troubleshooting.adoc
+++ b/security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compliance-operator-troubleshooting"]
 = Troubleshooting the Compliance Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/compliance_operator/compliance-scans.adoc b/security/compliance_operator/co-scans/compliance-scans.adoc
similarity index 88%
rename from security/compliance_operator/compliance-scans.adoc
rename to security/compliance_operator/co-scans/compliance-scans.adoc
index 9ce227458bd7..13317d8d2f99 100644
--- a/security/compliance_operator/compliance-scans.adoc
+++ b/security/compliance_operator/co-scans/compliance-scans.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="compliance-operator-scans"]
 = Compliance Operator scans
 include::_attributes/common-attributes.adoc[]
@@ -26,6 +26,8 @@ include::modules/running-compliance-scans-worker-node.adoc[leveloffset=+1]
 
 include::modules/compliance-scansetting-cr.adoc[leveloffset=+1]
 
+include::modules/compliance-operator-hcp-mgmt-config.adoc[leveloffset=+1]
+
 include::modules/compliance-applying-resource-requests-and-limits.adoc[leveloffset=+1]
 
 include::modules/compliance-scheduling-pods-with-resource-requests.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/security/compliance_operator/co-scans/images b/security/compliance_operator/co-scans/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/security/compliance_operator/co-scans/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/security/compliance_operator/co-scans/modules b/security/compliance_operator/co-scans/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/security/compliance_operator/co-scans/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc b/security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc
new file mode 100644
index 000000000000..23838ba5eab9
--- /dev/null
+++ b/security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="using-oc-compliance-plug-in"]
+= Using the oc-compliance plugin
+include::_attributes/common-attributes.adoc[]
+:context: oc-compliance-plug-in-understanding
+
+toc::[]
+
+Although the xref:../../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] automates many of the checks and remediations for the cluster, the full process of bringing a cluster into compliance often requires administrator interaction with the Compliance Operator API and other components. The `oc-compliance` plugin makes the process easier.
+
+
+include::modules/oc-compliance-installing.adoc[leveloffset=+1]
+
+include::modules/oc-compliance-fetching-raw-results.adoc[leveloffset=+1]
+
+include::modules/oc-compliance-rerunning-scans.adoc[leveloffset=+1]
+
+include::modules/oc-compliance-using-scan-setting-bindings.adoc[leveloffset=+1]
+
+include::modules/oc-compliance-printing-controls.adoc[leveloffset=+1]
+
+include::modules/oc-compliance-fetching-compliance-remediation-details.adoc[leveloffset=+1]
+
+include::modules/oc-compliance-viewing-compliance-check-result-details.adoc[leveloffset=+1]
diff --git a/security/compliance_operator/co-scans/snippets b/security/compliance_operator/co-scans/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/security/compliance_operator/co-scans/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/security/compliance_operator/compliance-operator-installation.adoc b/security/compliance_operator/compliance-operator-installation.adoc
deleted file mode 100644
index 05b4dc9376c1..000000000000
--- a/security/compliance_operator/compliance-operator-installation.adoc
+++ /dev/null
@@ -1,38 +0,0 @@
-:_content-type: ASSEMBLY
-[id="compliance-operator-installation"]
-= Installing the Compliance Operator
-include::_attributes/common-attributes.adoc[]
-:context: compliance-operator-installation
-
-toc::[]
-
-Before you can use the Compliance Operator, you must ensure it is deployed in the cluster.
-
-[IMPORTANT]
-====
-The Compliance Operator might report incorrect results on managed platforms, such as OpenShift Dedicated, Red Hat OpenShift Service on AWS, and Microsoft Azure Red Hat OpenShift. For more information, see the link:https://access.redhat.com/solutions/6983418[Red Hat Knowledgebase Solution #6983418].
-====
-
-include::modules/compliance-operator-console-installation.adoc[leveloffset=+1]
-
-[IMPORTANT]
-====
-If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues.
-
-You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
-====
-
-include::modules/compliance-operator-cli-installation.adoc[leveloffset=+1]
-
-[IMPORTANT]
-====
-If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues.
-
-You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator].
-====
-
-[id="additional-resources-installing-the-compliance-operator"]
-[role="_additional-resources"]
-== Additional resources
-
-* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
diff --git a/security/compliance_operator/compliance-operator-manage.adoc b/security/compliance_operator/compliance-operator-manage.adoc
deleted file mode 100644
index f37d672cc452..000000000000
--- a/security/compliance_operator/compliance-operator-manage.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-[id="compliance-operator-understanding"]
-= Managing the Compliance Operator
-include::_attributes/common-attributes.adoc[]
-:context: managing-compliance
-
-toc::[]
-
-This section describes the lifecycle of security content, including how to use an updated version of compliance content and how to create a custom `ProfileBundle` object.
-
-include::modules/compliance-profilebundle.adoc[leveloffset=+1]
-
-include::modules/compliance-update.adoc[leveloffset=+1]
-
-[id="additional-resources_managing-the-compliance-operator"]
-[role="_additional-resources"]
-== Additional resources
-
-* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc
index 8d6191deb849..a2c4ac128094 100644
--- a/security/compliance_operator/compliance-operator-release-notes.adoc
+++ b/security/compliance_operator/compliance-operator-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 //OpenShift Compliance Operator Release Notes
 [id="compliance-operator-release-notes"]
 = Compliance Operator release notes
@@ -11,9 +11,154 @@ The Compliance Operator lets {product-title} administrators describe the require
 
 These release notes track the development of the Compliance Operator in the {product-title}.
 
-For an overview of the Compliance Operator, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator].
+For an overview of the Compliance Operator, see xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator].
 
-To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
+To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
+
+[id="compliance-operator-release-notes-1-4-0"]
+== OpenShift Compliance Operator 1.4.0
+
+The following advisory is available for the OpenShift Compliance Operator 1.4.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:7658[RHBA-2023:7658 - OpenShift Compliance Operator bug fix and enhancement update]
+
+[id="compliance-operator-1-4-0-new-features-and-enhancements"]
+=== New features and enhancements
+
+* With this update, clusters which use custom node pools outside the default `worker` and `master` node pools no longer need to supply additional variables to ensure Compliance Operator aggregates the configuration file for that node pool.
+
+* Users can now pause scan schedules by setting the `ScanSetting.suspend` attribute to `True`. This allows users to suspend a scan schedule and reactivate it without the need to delete and re-create the `ScanSettingBinding`. This simplifies pausing scan schedules during maintenance periods. (link:https://issues.redhat.com/browse/CMP-2123[*CMP-2123*])
+
+* Compliance Operator now supports an optional `version` attribute on `Profile` custom resources. (link:https://issues.redhat.com/browse/CMP-2125[*CMP-2125*])
+
+* Compliance Operator now supports profile names in `ComplianceRules`. (link:https://issues.redhat.com/browse/CMP-2126[*CMP-2126*])
+
+* Compliance Operator compatibility with improved `cronjob` API improvements is available in this release. (link:https://issues.redhat.com/browse/CMP-2310[*CMP-2310*])
+
+[id="compliance-operator-1-4-0-bug-fixes"]
+=== Bug fixes
+
+* Previously, on a cluster with Windows nodes, some rules will FAIL after auto remediation is applied because the Windows nodes were not skipped by the compliance scan. With this release, Windows nodes are correctly skipped when scanning. (link:https://issues.redhat.com/browse/OCPBUGS-7355[*OCPBUGS-7355*])
+
+* With this update, `rprivate` default mount propagation is now handled correctly for root volume mounts of pods that rely on multipathing. (link:https://issues.redhat.com/browse/OCPBUGS-17494[*OCPBUGS-17494*])
+
+* Previously, the Compliance Operator would generate a remediation for `coreos_vsyscall_kernel_argument` without reconciling the rule even while applying the remediation. With release 1.4.0, the `coreos_vsyscall_kernel_argument` rule properly evaluates kernel arguments and generates an appropriate remediation.(link:https://issues.redhat.com/browse/OCPBUGS-8041[*OCPBUGS-8041*])
+
+* Before this update, rule `rhcos4-audit-rules-login-events-faillock` would fail even after auto-remediation has been applied. With this update, `rhcos4-audit-rules-login-events-faillock` failure locks are now applied correctly after auto-remediation. (link:https://issues.redhat.com/browse/OCPBUGS-24594[*OCPBUGS-24594*])
+
+* Previously, upgrades from Compliance Operator 1.3.1 to Compliance Operator 1.4.0 would cause OVS rules scan results to go from `PASS` to `NOT-APPLICABLE`. With this update, OVS rules scan results now show `PASS` (link:https://issues.redhat.com/browse/OCPBUGS-25323[*OCPBUGS-25323*])
+
+[id="compliance-operator-release-notes-1-3-1"]
+== OpenShift Compliance Operator 1.3.1
+
+The following advisory is available for the OpenShift Compliance Operator 1.3.1:
+
+* link:https://access.redhat.com/errata/RHBA-2023:5669[RHBA-2023:5669 - OpenShift Compliance Operator bug fix and enhancement update]
+
+This update addresses a CVE in an underlying dependency.
+//
+// This will be un-commented for OCP 4.11-4.14 releases. Commented out in the main branch.
+//
+// [IMPORTANT]
+// ====
+// It is recommended to update the Compliance Operator to version 1.3.1 or later before updating your {product-title} cluster to version 4.14 or later.
+// ====
+
+[id="compliance-operator-1-3-1-new-features-and-enhancements"]
+=== New features and enhancements
+
+* You can install and use the Compliance Operator in an {product-title} cluster running in FIPS mode.
++
+[IMPORTANT]
+====
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode].
+====
+
+[id="compliance-operator-1-3-1-known-issue"]
+=== Known issue
+
+* On a cluster with Windows nodes, some rules will FAIL after auto remediation is applied because the Windows nodes are not skipped by the compliance scan. This differs from the expected results because the Windows nodes must be skipped when scanning. (link:https://issues.redhat.com/browse/OCPBUGS-7355[*OCPBUGS-7355*])
+
+[id="compliance-operator-release-notes-1-3-0"]
+== OpenShift Compliance Operator 1.3.0
+
+The following advisory is available for the OpenShift Compliance Operator 1.3.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:5102[RHBA-2023:5102 - OpenShift Compliance Operator enhancement update]
+
+[id="compliance-operator-1-3-0-new-features-and-enhancements"]
+=== New features and enhancements
+
+* The Defense Information Systems Agency Security Technical Implementation Guide (DISA-STIG) for {product-title} is now available from Compliance Operator 1.3.0. See xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-supported-profiles_compliance-operator-supported-profiles[Supported compliance profiles] for additional information.
+
+* Compliance Operator 1.3.0 now supports {ibm-power-name} and {ibm-z-name} for NIST 800-53 Moderate-Impact Baseline for {product-title} platform and node profiles.
+
+[id="compliance-operator-release-notes-1-2-0"]
+== OpenShift Compliance Operator 1.2.0
+
+The following advisory is available for the OpenShift Compliance Operator 1.2.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:4245[RHBA-2023:4245 - OpenShift Compliance Operator enhancement update]
+
+[id="compliance-operator-1-2-0-new-features-and-enhancements"]
+=== New features and enhancements
+
+* The CIS {product-title} 4 Benchmark v1.4.0 profile is now available for platform and node applications. To locate the CIS {product-title} v4 Benchmark, go to  link:https://www.cisecurity.org/benchmark/kubernetes[CIS Benchmarks] and click *Download Latest CIS Benchmark*, where you can then register to download the benchmark.
++
+[IMPORTANT]
+====
+Upgrading to Compliance Operator 1.2.0 will overwrite the CIS {product-title} 4 Benchmark 1.1.0 profiles.
+
+If your {product-title} environment contains existing `cis` and `cis-node` remediations, there might be some differences in scan results after upgrading to Compliance Operator 1.2.0.
+====
+
+* Additional clarity for auditing security context constraints (SCCs) is now available for the `scc-limit-container-allowed-capabilities` rule.
+
+[id="compliance-operator-release-notes-1-1-0"]
+== OpenShift Compliance Operator 1.1.0
+
+The following advisory is available for the OpenShift Compliance Operator 1.1.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:3630[RHBA-2023:3630 - OpenShift Compliance Operator bug fix and enhancement update]
+
+[id="compliance-operator-1-1-0-new-features-and-enhancements"]
+=== New features and enhancements
+
+* A start and end timestamp is now available in the `ComplianceScan` custom resource definition (CRD) status.
+
+* The Compliance Operator can now be deployed on Hosted Control Planes using the OperatorHub by creating a `Subscription` file. For more information, see xref:../../security/compliance_operator/co-management/compliance-operator-installation.adoc#installing-compliance-operator-hcp_compliance-operator-installation[Installing the Compliance Operator on Hosted Control Planes].
+
+[id="compliance-operator-1-1-0-bug-fixes"]
+=== Bug fixes
+
+* Before this update, some Compliance Operator rule instructions were not present. After this update, instructions are improved for the following rules:
++
+** `classification_banner`
+** `oauth_login_template_set`
+** `oauth_logout_url_set`
+** `oauth_provider_selection_set`
+** `ocp_allowed_registries`
+** `ocp_allowed_registries_for_import`
++
+(link:https://issues.redhat.com/browse/OCPBUGS-10473[*OCPBUGS-10473*])
+
+* Before this update, check accuracy and rule instructions were unclear. After this update, the check accuracy and instructions are improved for the following `sysctl` rules:
++
+** `kubelet-enable-protect-kernel-sysctl`
+** `kubelet-enable-protect-kernel-sysctl-kernel-keys-root-maxbytes`
+** `kubelet-enable-protect-kernel-sysctl-kernel-keys-root-maxkeys`
+** `kubelet-enable-protect-kernel-sysctl-kernel-panic`
+** `kubelet-enable-protect-kernel-sysctl-kernel-panic-on-oops`
+** `kubelet-enable-protect-kernel-sysctl-vm-overcommit-memory`
+** `kubelet-enable-protect-kernel-sysctl-vm-panic-on-oom`
++
+(link:https://issues.redhat.com/browse/OCPBUGS-11334[*OCPBUGS-11334*])
+
+* Before this update, the `ocp4-alert-receiver-configured` rule did not include instructions. With this update, the `ocp4-alert-receiver-configured` rule now includes improved instructions. (link:https://issues.redhat.com/browse/OCPBUGS-7307[*OCPBUGS-7307*])
+
+* Before this update, the `rhcos4-sshd-set-loglevel-info` rule would fail for the `rhcos4-e8` profile. With this update, the remediation for the `sshd-set-loglevel-info` rule was updated to apply the correct configuration changes, allowing subsequent scans to pass after the remediation is applied. (link:https://issues.redhat.com/browse/OCPBUGS-7816[*OCPBUGS-7816*])
+
+* Before this update, a new installation of {product-title} with the latest Compliance Operator install failed on the `scheduler-no-bind-address` rule. With this update, the `scheduler-no-bind-address` rule has been disabled on newer versions of {product-title} since the parameter was removed. (link:https://issues.redhat.com/browse/OCPBUGS-8347[*OCPBUGS-8347*])
 
 [id="compliance-operator-release-notes-1-0-0"]
 == OpenShift Compliance Operator 1.0.0
@@ -25,7 +170,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.0.0:
 [id="compliance-operator-1-0-0-new-features-and-enhancements"]
 === New features and enhancements
 
-* The Compliance Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
+* The Compliance Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator].
 
 [id="compliance-operator-1-0-0-bug-fixes"]
 === Bug fixes
@@ -49,7 +194,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.61
 [id="compliance-operator-0-1-61-new-features-and-enhancements"]
 === New features and enhancements
 
-* The Compliance Operator now supports timeout configuration for Scanner Pods. The timeout is specified in the `ScanSetting` object. If the scan is not completed within the timeout, the scan retries until the maximum number of retries is reached. See xref:../../security/compliance_operator/compliance-operator-troubleshooting.adoc#compliance-timeout_compliance-troubleshooting[Configuring ScanSetting timeout] for more information.
+* The Compliance Operator now supports timeout configuration for Scanner Pods. The timeout is specified in the `ScanSetting` object. If the scan is not completed within the timeout, the scan retries until the maximum number of retries is reached. See xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-timeout_compliance-troubleshooting[Configuring ScanSetting timeout] for more information.
 
 [id="compliance-operator-0-1-61-bug-fixes"]
 === Bug fixes
@@ -58,8 +203,6 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.61
 
 * Before this update, the instructions for `ocp4-kubelet-configure-tls-cipher-suites` were incomplete, requiring users to refine the query manually. With this update, the query provided in `ocp4-kubelet-configure-tls-cipher-suites` returns the actual results to perform the audit steps. (link:https://issues.redhat.com/browse/OCPBUGS-3017[*OCPBUGS-3017*])
 
-* Before this update,`ScanSettingBinding` objects created without a `settingRef` variable did not use an appropriate default value. With this update, the `ScanSettingBinding` objects without a `settingRef` variable use the `default` value. (link:https://issues.redhat.com/browse/OCPBUGS-3420[*OCPBUGS-3420*])
-
 * Before this update, system reserved parameters were not generated in kubelet configuration files, causing the Compliance Operator to fail to unpause the machine config pool. With this update, the Compliance Operator omits system reserved parameters during machine configuration pool evaluation. (link:https://issues.redhat.com/browse/OCPBUGS-4445[*OCPBUGS-4445*])
 
 * Before this update, `ComplianceCheckResult` objects did not have correct descriptions. With this update, the Compliance Operator sources the `ComplianceCheckResult` information from the rule description. (link:https://issues.redhat.com/browse/OCPBUGS-4615[*OCPBUGS-4615*])
@@ -68,8 +211,6 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.61
 
 * Before this update, the Compliance Operator generated remediations for kubelet evictions based on machine config pool name and a grace period, resulting in multiple remediations for a single eviction rule. With this update, the Compliance Operator applies all remediations for a single rule. (link:https://issues.redhat.com/browse/OCPBUGS-4338[*OCPBUGS-4338*])
 
-* Before this update, re-running scans on remediations that previously `Applied` might have been marked as `Outdated` after rescans were performed, despite no changes in the remediation content. The comparison of scans did not account for remediation metadata correctly. With this update, remediations retain the previously generated `Applied` status. (link:https://issues.redhat.com/browse/OCPBUGS-6710[*OCPBUGS-6710*])
-
 * Before this update, a regression occurred when attempting to create a `ScanSettingBinding` that was using a `TailoredProfile` with a non-default `MachineConfigPool` marked the `ScanSettingBinding` as `Failed`. With this update, functionality is restored and custom `ScanSettingBinding` using a `TailoredProfile` performs correctly. (link:https://issues.redhat.com/browse/OCPBUGS-6827[*OCPBUGS-6827*])
 
 * Before this update, some kubelet configuration parameters did not have default values. With this update, the following parameters contain default values (link:https://issues.redhat.com/browse/OCPBUGS-6708[*OCPBUGS-6708*]):
@@ -100,8 +241,6 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.59
 
 * Previously, after the recent update to version 0.1.57, the `rerunner` service account (SA) was no longer owned by the cluster service version (CSV), which caused the SA to be removed during the Operator upgrade. Now, the CSV owns the `rerunner` SA in 0.1.59, and upgrades from any previous version will not result in a missing SA. (link:https://issues.redhat.com/browse/OCPBUGS-3452[*OCPBUGS-3452*])
 
-* In 0.1.57, the Operator started the controller metrics endpoint listening on port `8080`. This resulted in `TargetDown` alerts since cluster monitoring expected port is `8383`. With 0.1.59, the Operator starts the endpoint listening on port `8383` as expected. (link:https://issues.redhat.com/browse/OCPBUGS-3097[*OCPBUGS-3097*])
-
 [id="compliance-operator-release-notes-0-1-57"]
 == OpenShift Compliance Operator 0.1.57
 
@@ -112,18 +251,18 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.57
 [id="compliance-operator-0-1-57-new-features-and-enhancements"]
 === New features and enhancements
 
-* `KubeletConfig` checks changed from `Node` to `Platform` type. `KubeletConfig` checks the default configuration of the `KubeletConfig`. The configuration files are aggregated from all nodes into a single location per node pool. See xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[Evaluating `KubeletConfig` rules against default configuration values].
+* `KubeletConfig` checks changed from `Node` to `Platform` type. `KubeletConfig` checks the default configuration of the `KubeletConfig`. The configuration files are aggregated from all nodes into a single location per node pool. See xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[Evaluating `KubeletConfig` rules against default configuration values].
 
-* The `ScanSetting` Custom Resource now allows users to override the default CPU and memory limits of scanner pods through the `scanLimits` attribute. For more information, see xref:../../security/compliance_operator/compliance-operator-troubleshooting.adoc#compliance-increasing-operator-limits_compliance-troubleshooting[Increasing Compliance Operator resource limits].
+* The `ScanSetting` Custom Resource now allows users to override the default CPU and memory limits of scanner pods through the `scanLimits` attribute. For more information, see xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-increasing-operator-limits_compliance-troubleshooting[Increasing Compliance Operator resource limits].
 
-* A `PriorityClass` object can now be set through `ScanSetting`. This ensures the Compliance Operator is prioritized and minimizes the chance that the cluster falls out of compliance. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-priorityclass_compliance-advanced[Setting `PriorityClass` for `ScanSetting` scans].
+* A `PriorityClass` object can now be set through `ScanSetting`. This ensures the Compliance Operator is prioritized and minimizes the chance that the cluster falls out of compliance. For more information, see xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-priorityclass_compliance-advanced[Setting `PriorityClass` for `ScanSetting` scans].
 
 [id="compliance-operator-0-1-57-bug-fixes"]
 === Bug fixes
 
 * Previously, the Compliance Operator hard-coded notifications to the default `openshift-compliance` namespace. If the Operator were installed in a non-default namespace, the notifications would not work as expected. Now, notifications work in non-default `openshift-compliance` namespaces. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2060726[*BZ#2060726*])
 
-* Previously, the Compliance Operator was unable to evaluate default configurations used by kubelet objects, resulting in inaccurate results and false positives. xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[This new feature] evaluates the kubelet configuration and now reports accurately. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2075041[*BZ#2075041*])
+* Previously, the Compliance Operator was unable to evaluate default configurations used by kubelet objects, resulting in inaccurate results and false positives. xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[This new feature] evaluates the kubelet configuration and now reports accurately. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2075041[*BZ#2075041*])
 
 * Previously, the Compliance Operator reported the `ocp4-kubelet-configure-event-creation` rule in a `FAIL` state after applying an automatic remediation because the `eventRecordQPS` value was set higher than the default value. Now, the `ocp4-kubelet-configure-event-creation` rule remediation sets the default value, and the rule applies correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2082416[*BZ#2082416*])
 
@@ -160,7 +299,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.53
 
 * Previously, the `ocp4-kubelet-enable-streaming-connections` rule contained an incorrect variable comparison, resulting in false positive scan results. Now, the Compliance Operator provides accurate scan results when setting `streamingConnectionIdleTimeout`.  (link:https://bugzilla.redhat.com/show_bug.cgi?id=2069891[*BZ#2069891*])
 
-* Previously, group ownership for `/etc/openvswitch/conf.db` was incorrect on IBM Z architectures, resulting in `ocp4-cis-node-worker-file-groupowner-ovs-conf-db` check failures. Now, the check is marked `NOT-APPLICABLE` on IBM Z architecture systems. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2072597[*BZ#2072597*])
+* Previously, group ownership for `/etc/openvswitch/conf.db` was incorrect on {ibm-z-name} architectures, resulting in `ocp4-cis-node-worker-file-groupowner-ovs-conf-db` check failures. Now, the check is marked `NOT-APPLICABLE` on {ibm-z-name} architecture systems. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2072597[*BZ#2072597*])
 
 * Previously, the `ocp4-cis-scc-limit-container-allowed-capabilities` rule reported in a `FAIL` state due to incomplete data regarding the security context constraints (SCC) rules in the deployment. Now, the result is `MANUAL`, which is consistent with other checks that require human intervention. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2077916[*BZ#2077916*])
 
@@ -205,7 +344,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52
 [id="compliance-operator-0-1-52-new-features-and-enhancements"]
 === New features and enhancements
 
-* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles].
+* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles].
 
 [id="compliance-operator-0-1-52-bug-fixes"]
 === Bug fixes
@@ -244,9 +383,9 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.49
 
 * The Compliance Operator is now supported on the following architectures:
 +
-** IBM Power
-** IBM Z
-** IBM LinuxONE
+** {ibm-power-name}
+** {ibm-z-name}
+** {ibm-linuxone-name}
 
 [id="compliance-operator-0-1-49-bug-fixes"]
 === Bug fixes
@@ -259,7 +398,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.49
 
 * Previously, remediations using the `sshd jinja` macros were hard-coded to specific sshd configurations. As a result, the configurations were inconsistent with the content the rules were checking for and the check would fail. Now, the sshd configuration is parameterized and the rules apply successfully. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2049141[*BZ#2049141*])
 
-* Previously, the `ocp4-cluster-version-operator-verify-integrity` always checked the first entry in the Cluter Version Operator (CVO) history. As a result, the upgrade would fail in situations where subsequent versions of {product-name} would be verified. Now, the compliance check result for `ocp4-cluster-version-operator-verify-integrity` is able to detect verified versions and is accurate with the CVO history. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2053602[*BZ#2053602*])
+* Previously, the `ocp4-cluster-version-operator-verify-integrity` always checked the first entry in the Cluter Version Operator (CVO) history. As a result, the upgrade would fail in situations where subsequent versions of {product-title} would be verified. Now, the compliance check result for `ocp4-cluster-version-operator-verify-integrity` is able to detect verified versions and is accurate with the CVO history. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2053602[*BZ#2053602*])
 
 * Previously, the `ocp4-api-server-no-adm-ctrl-plugins-disabled` rule did not check for a list of empty admission controller plugins. As a result, the rule would always fail, even if all admission plugins were enabled. Now, more robust checking of the `ocp4-api-server-no-adm-ctrl-plugins-disabled` rule accurately passes with all admission controller plugins enabled. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2058631[*BZ#2058631*])
 
@@ -370,11 +509,11 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.39
 [id="compliance-operator-0-1-39-new-features-and-enhancements"]
 === New features and enhancements
 
-* Previously, the Compliance Operator was unable to parse Payment Card Industry Data Security Standard (PCI DSS) references. Now, the Operator can parse compliance content that ships with PCI DSS profiles.
+* Previously, the Compliance Operator was unable to parse Payment Card Industry Data Security Standard (PCI DSS) references. Now, the Operator can parse compliance content that is provided with PCI DSS profiles.
 +
 * Previously, the Compliance Operator was unable to execute rules for AU-5 control in the moderate profile. Now, permission is added to the Operator so that it can read *Prometheusrules.monitoring.coreos.com* objects and run the rules that cover AU-5 control in the moderate profile.
 
 [id="compliance-operator-release-notes_additional-resources"]
 [role="_additional-resources"]
 == Additional resources
-* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator]
+* xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator]
diff --git a/security/compliance_operator/compliance-operator-remediation.adoc b/security/compliance_operator/compliance-operator-remediation.adoc
deleted file mode 100644
index 9ac66caae532..000000000000
--- a/security/compliance_operator/compliance-operator-remediation.adoc
+++ /dev/null
@@ -1,38 +0,0 @@
-:_content-type: ASSEMBLY
-[id="compliance-operator-remediation"]
-= Managing Compliance Operator result and remediation
-include::_attributes/common-attributes.adoc[]
-:context: compliance-remediation
-
-toc::[]
-
-Each `ComplianceCheckResult` represents a result of one compliance rule check. If the rule can be remediated automatically, a `ComplianceRemediation` object with the same name, owned by the `ComplianceCheckResult` is created. Unless requested, the remediations are not applied automatically, which gives an {product-title} administrator the opportunity to review what the remediation does and only apply a remediation once it has been verified.
-
-include::modules/compliance-filtering-results.adoc[leveloffset=+1]
-
-include::modules/compliance-review.adoc[leveloffset=+1]
-
-include::modules/compliance-apply-remediation-for-customized-mcp.adoc[leveloffset=+1]
-
-include::modules/compliance-evaluate-kubeletconfig-rules.adoc[leveloffset=+1]
-
-include::modules/compliance-custom-node-pools.adoc[leveloffset=+1]
-
-include::modules/compliance-kubeletconfig-sub-pool-remediation.adoc[leveloffset=+1]
-
-include::modules/compliance-applying.adoc[leveloffset=+1]
-
-include::modules/compliance-manual.adoc[leveloffset=+1]
-
-include::modules/compliance-updating.adoc[leveloffset=+1]
-
-include::modules/compliance-unapplying.adoc[leveloffset=+1]
-
-include::modules/compliance-removing-kubeletconfig.adoc[leveloffset=+1]
-
-include::modules/compliance-inconsistent.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-== Additional resources
-
-*  xref:../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing-about_nodes-nodes-managing[Modifying nodes].
diff --git a/security/compliance_operator/compliance-operator-supported-profiles.adoc b/security/compliance_operator/compliance-operator-supported-profiles.adoc
deleted file mode 100644
index b0fe54302169..000000000000
--- a/security/compliance_operator/compliance-operator-supported-profiles.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: ASSEMBLY
-[id="compliance-operator-supported-profiles"]
-= Supported compliance profiles
-include::_attributes/common-attributes.adoc[]
-:context: compliance-operator-supported-profiles
-
-There are several profiles available as part of the Compliance Operator (CO) installation.
-
-[IMPORTANT]
-====
-The Compliance Operator might report incorrect results on managed platforms, such as OpenShift Dedicated, Red Hat OpenShift Service on AWS, and Azure Red Hat OpenShift. For more information, see the link:https://access.redhat.com/solutions/6983418[Red Hat Knowledgebase Solution #6983418].
-====
-
-include::modules/compliance-supported-profiles.adoc[leveloffset=+1]
-
-[id="additional-resources-compliance-operator-"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profiles_understanding-compliance[Compliance Operator profiles]
-
-* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profile_typesunderstanding-compliance[Compliance Operator profile types]
\ No newline at end of file
diff --git a/security/compliance_operator/compliance-operator-updating.adoc b/security/compliance_operator/compliance-operator-updating.adoc
deleted file mode 100644
index 525eb3f3f5bb..000000000000
--- a/security/compliance_operator/compliance-operator-updating.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-[id="compliance-operator-updating"]
-= Updating the Compliance Operator
-include::_attributes/common-attributes.adoc[]
-:context: compliance-operator-updating
-
-toc::[]
-
-As a cluster administrator, you can update the Compliance Operator on your {product-title} cluster.
-
-include::modules/olm-preparing-upgrade.adoc[leveloffset=+1]
-include::modules/olm-changing-update-channel.adoc[leveloffset=+1]
-include::modules/olm-approving-pending-upgrade.adoc[leveloffset=+1]
-
-// [id="additional-resources-updating-the-compliance-operator"]
-// [role="_additional-resources"]
-// == Additional resources
-//
-// * For more information, see xref:../../operators/admin/
\ No newline at end of file
diff --git a/security/compliance_operator/oc-compliance-plug-in-using.adoc b/security/compliance_operator/oc-compliance-plug-in-using.adoc
deleted file mode 100644
index 11a16b45f7ef..000000000000
--- a/security/compliance_operator/oc-compliance-plug-in-using.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-:_content-type: ASSEMBLY
-[id="using-oc-compliance-plug-in"]
-= Using the oc-compliance plugin
-include::_attributes/common-attributes.adoc[]
-:context: oc-compliance-plug-in-understanding
-
-toc::[]
-
-Although the xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] automates many of the checks and remediations for the cluster, the full process of bringing a cluster into compliance often requires administrator interaction with the Compliance Operator API and other components. The `oc-compliance` plugin makes the process easier.
-
-
-include::modules/oc-compliance-installing.adoc[leveloffset=+1]
-
-include::modules/oc-compliance-fetching-raw-results.adoc[leveloffset=+1]
-
-include::modules/oc-compliance-rerunning-scans.adoc[leveloffset=+1]
-
-include::modules/oc-compliance-using-scan-setting-bindings.adoc[leveloffset=+1]
-
-include::modules/oc-compliance-printing-controls.adoc[leveloffset=+1]
-
-include::modules/oc-compliance-fetching-compliance-remediation-details.adoc[leveloffset=+1]
-
-include::modules/oc-compliance-viewing-compliance-check-result-details.adoc[leveloffset=+1]
diff --git a/security/container_security/security-build.adoc b/security/container_security/security-build.adoc
index a34c62ac1c36..86c028196d21 100644
--- a/security/container_security/security-build.adoc
+++ b/security/container_security/security-build.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-build"]
 = Securing the build process
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-compliance.adoc b/security/container_security/security-compliance.adoc
index 9f0516a931d3..8a7904378f9b 100644
--- a/security/container_security/security-compliance.adoc
+++ b/security/container_security/security-compliance.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-compliance"]
 = Understanding compliance
 include::_attributes/common-attributes.adoc[]
@@ -13,12 +13,9 @@ standards or the organization's corporate governance framework.
 
 // Compliance and the NIST risk management model
 include::modules/security-compliance-nist.adoc[leveloffset=+1]
-
-////
 ifndef::openshift-origin[]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../../installing/installing-fips.adoc#installing-fips-mode_installing-fips[Installing a cluster in FIPS mode]
 endif::[]
-////
diff --git a/security/container_security/security-container-content.adoc b/security/container_security/security-container-content.adoc
index dc545a5d3dd4..3af96eb7d795 100644
--- a/security/container_security/security-container-content.adoc
+++ b/security/container_security/security-container-content.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-container-content"]
 = Securing container content
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-container-signature.adoc b/security/container_security/security-container-signature.adoc
index 5315252f363b..d5f9937e864c 100644
--- a/security/container_security/security-container-signature.adoc
+++ b/security/container_security/security-container-signature.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-container-signature"]
 = Container image signatures
 include::_attributes/common-attributes.adoc[]
@@ -18,6 +18,18 @@ include::modules/containers-signature-verify-enable.adoc[leveloffset=+1]
 //Verifying that the enable signature verification is active
 include::modules/containers-signature-verify-application.adoc[leveloffset=+1]
 
+//Understanding the verification of container images lacking verifiable signatures
+include::modules/containers-signature-verify-unsigned.adoc[leveloffset=+1]
+
+//additional resources for unsigned container module
+[id="additional-resources"]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Introduction to OpenShift Updates]
+
+//Using skopeo to verify signatures of Red Hat container images
+include::modules/containers-signature-verify-skopeo.adoc[leveloffset=+2]
+
 [id="additional-resources_security-container-signature"]
 [role="_additional-resources"]
 == Additional resources
diff --git a/security/container_security/security-deploy.adoc b/security/container_security/security-deploy.adoc
index 179148d7867a..158d0a6f72da 100644
--- a/security/container_security/security-deploy.adoc
+++ b/security/container_security/security-deploy.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-deploy"]
 = Deploying containers
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-hardening.adoc b/security/container_security/security-hardening.adoc
index ffc6c3a3bf79..660c392632cb 100644
--- a/security/container_security/security-hardening.adoc
+++ b/security/container_security/security-hardening.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-hardening"]
 = Hardening {op-system}
 include::_attributes/common-attributes.adoc[]
@@ -44,8 +44,6 @@ include::modules/security-hardening-how.adoc[leveloffset=+1]
 * xref:../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-kernel-arguments_nodes-nodes-managing[Adding kernel arguments to Nodes]
 ifndef::openshift-origin[]
 * xref:../../installing/installing_aws/installing-aws-customizations.adoc#installation-configuration-parameters_installing-aws-customizations[Installation configuration parameters] - see `fips`
+* xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography]
 * link:https://access.redhat.com/articles/3359851[{op-system-base} core crypto components]
-////
- * xref:../../installing/installing-fips.adoc#installing-fips[Support for FIPS cryptography]
-////
 endif::[]
diff --git a/security/container_security/security-hosts-vms.adoc b/security/container_security/security-hosts-vms.adoc
index e77027841478..f11356884062 100644
--- a/security/container_security/security-hosts-vms.adoc
+++ b/security/container_security/security-hosts-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-hosts-vms"]
 = Understanding host and VM security
 include::_attributes/common-attributes.adoc[]
@@ -29,14 +29,18 @@ include::modules/security-hosts-vms-rhcos.adoc[leveloffset=+1]
 * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-encrypt-disk_installing-customizing[Disk encryption]
 * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-chrony_installing-customizing[Chrony time service]
 * xref:../../updating/understanding_updates/intro-to-updates.adoc#update-service-about_understanding-openshift-updates[About the OpenShift Update Service]
-////
 ifndef::openshift-origin[]
 * xref:../../installing/installing-fips.adoc#installing-fips[FIPS cryptography]
 endif::[]
-////
 
 // Virtualization versus containers
 include::modules/security-hosts-vms-vs-containers.adoc[leveloffset=+1]
 
 // Securing OpenShift
 include::modules/security-hosts-vms-openshift.adoc[leveloffset=+1]
+
+ifndef::openshift-origin[]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing-fips.adoc#installing-fips[FIPS cryptography]
+endif::[]
diff --git a/security/container_security/security-monitoring.adoc b/security/container_security/security-monitoring.adoc
index 513618c58907..547d17e256ca 100644
--- a/security/container_security/security-monitoring.adoc
+++ b/security/container_security/security-monitoring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-monitoring"]
 = Monitoring cluster events and logs
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-network.adoc b/security/container_security/security-network.adoc
index 46da209ed0d2..d6d477de6a1a 100644
--- a/security/container_security/security-network.adoc
+++ b/security/container_security/security-network.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-network"]
 = Securing networks
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-platform.adoc b/security/container_security/security-platform.adoc
index 3fac901155ae..f28303e54be9 100644
--- a/security/container_security/security-platform.adoc
+++ b/security/container_security/security-platform.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-platform"]
 = Securing the container platform
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-registries.adoc b/security/container_security/security-registries.adoc
index 84ceabbca81e..cd44baf0f24a 100644
--- a/security/container_security/security-registries.adoc
+++ b/security/container_security/security-registries.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-registries"]
 = Using container registries securely
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-storage.adoc b/security/container_security/security-storage.adoc
index f7c67dcafb1a..5642a14962f8 100644
--- a/security/container_security/security-storage.adoc
+++ b/security/container_security/security-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-storage"]
 = Securing attached storage
 include::_attributes/common-attributes.adoc[]
diff --git a/security/container_security/security-understanding.adoc b/security/container_security/security-understanding.adoc
index 183dc81e3b6d..e3cb44d56832 100644
--- a/security/container_security/security-understanding.adoc
+++ b/security/container_security/security-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-understanding"]
 = Understanding container security
 include::_attributes/common-attributes.adoc[]
diff --git a/security/encrypting-etcd.adoc b/security/encrypting-etcd.adoc
index cd0afdb168d5..6bb2c3cb4190 100644
--- a/security/encrypting-etcd.adoc
+++ b/security/encrypting-etcd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="encrypting-etcd"]
 = Encrypting etcd data
 include::_attributes/common-attributes.adoc[]
diff --git a/security/file_integrity_operator/file-integrity-operator-advanced-usage.adoc b/security/file_integrity_operator/file-integrity-operator-advanced-usage.adoc
index 23eb8cc79151..3a6a333b1864 100644
--- a/security/file_integrity_operator/file-integrity-operator-advanced-usage.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-advanced-usage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="file-integrity-operator-advanced-usage"]
 = Performing advanced Custom File Integrity Operator tasks
 include::_attributes/common-attributes.adoc[]
diff --git a/security/file_integrity_operator/file-integrity-operator-configuring.adoc b/security/file_integrity_operator/file-integrity-operator-configuring.adoc
index dc45096f8642..be0fc19be93b 100644
--- a/security/file_integrity_operator/file-integrity-operator-configuring.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-configuring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-file-integrity-operator"]
 = Configuring the Custom File Integrity Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/file_integrity_operator/file-integrity-operator-installation.adoc b/security/file_integrity_operator/file-integrity-operator-installation.adoc
index 0267c4391a7a..6181e4b13566 100644
--- a/security/file_integrity_operator/file-integrity-operator-installation.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-installation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-file-integrity-operator"]
 = Installing the File Integrity Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
index 41279317e034..fd4019ae59f9 100644
--- a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
@@ -1,5 +1,5 @@
 //OpenShift File Integrity Operator Release Notes
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="file-integrity-operator-release-notes"]
 = File Integrity Operator release notes
 :context: file-integrity-operator-release-notes-v0
@@ -15,6 +15,69 @@ For an overview of the File Integrity Operator, see xref:../../security/file_int
 
 To access the latest release, see xref:../../security/file_integrity_operator/file-integrity-operator-updating.adoc#olm-preparing-upgrade_file-integrity-operator-updating[Updating the File Integrity Operator].
 
+[id="file-integrity-operator-release-notes-1-3-3"]
+== OpenShift File Integrity Operator 1.3.3
+
+The following advisory is available for the OpenShift File Integrity Operator 1.3.3:
+
+* link:https://access.redhat.com/errata/RHBA-2023:5652[RHBA-2023:5652 OpenShift File Integrity Operator Bug Fix and Enhancement Update]
+
+This update addresses a CVE in an underlying dependency.
+
+[id="file-integrity-operator-1-3-3-new-features-and-enhancements"]
+=== New features and enhancements
+
+* You can install and use the File Integrity Operator in an {product-title} cluster running in FIPS mode.
+
+[IMPORTANT]
+====
+To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see (link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode])
+====
+
+[id="file-integrity-operator-1-3-3-bug-fixes"]
+=== Bug fixes
+
+* Previously, some FIO pods with private default mount propagation in combination with `hostPath: path: /` volume mounts would break the CSI driver relying on multipath. This problem has been fixed and the CSI driver works correctly. (link:https://access.redhat.com/solutions/7017081[Some OpenShift Operator pods blocking unmounting of CSI volumes when multipath is in use])
+
+* This update resolves CVE-2023-39325. (link:https://access.redhat.com/security/cve/CVE-2023-39325[*CVE-2023-39325*])
+
+[id="file-integrity-operator-release-notes-1-3-2"]
+== OpenShift File Integrity Operator 1.3.2
+
+The following advisory is available for the OpenShift File Integrity Operator 1.3.2:
+
+* link:https://access.redhat.com/errata/RHBA-2023:5107[RHBA-2023:5107 OpenShift File Integrity Operator Bug Fix Update]
+
+This update addresses a CVE in an underlying dependency.
+
+[id="file-integrity-operator-release-notes-1-3-1"]
+== OpenShift File Integrity Operator 1.3.1
+
+The following advisory is available for the OpenShift File Integrity Operator 1.3.1:
+
+* link:https://access.redhat.com/errata/RHBA-2023:3600[RHBA-2023:3600 OpenShift File Integrity Operator Bug Fix Update]
+
+[id="file-integrity-operator-1-3-1-new-features-and-enhancements"]
+=== New features and enhancements
+
+* FIO now includes kubelet certificates as default files, excluding them from issuing warnings when they're managed by {product-title}. (link:https://issues.redhat.com/browse/OCPBUGS-14348[*OCPBUGS-14348*])
+
+* FIO now correctly directs email to the address for Red Hat Technical Support. (link:https://issues.redhat.com/browse/OCPBUGS-5023[*OCPBUGS-5023*])
+
+[id="file-integrity-operator-1-3-1-bug-fixes"]
+=== Bug fixes
+
+* Previously, FIO would not clean up `FileIntegrityNodeStatus` CRDs when nodes are removed from the cluster. FIO has been updated to correctly clean up node status CRDs on node removal.  (link:https://issues.redhat.com/browse/OCPBUGS-4321[*OCPBUGS-4321*])
+
+* Previously, FIO would also erroneously indicate that new nodes failed integrity checks. FIO has been updated to correctly show node status CRDs when adding new nodes to the cluster. This provides correct node status notifications. (link:https://issues.redhat.com/browse/OCPBUGS-8502[*OCPBUGS-8502*])
+
+* Previously, when FIO was reconciling `FileIntegrity` CRDs, it would pause scanning until the reconciliation was done. This caused an overly aggressive re-initiatization process on nodes not impacted by the reconciliation. This problem also resulted in unnecessary daemonsets for machine config pools which are unrelated to the `FileIntegrity` being changed. FIO correctly handles these cases and only pauses AIDE scanning for nodes that are affected by file integrity changes. (link:https://issues.redhat.com/browse/CMP-1097[*CMP-1097*])
+
+[id="file-integrity-operator-1-3-1-known-issues"]
+=== Known Issues
+
+In FIO 1.3.1, increasing nodes in {ibm-z-name} clusters might result in `Failed` File Integrity node status. For more information, see link:https://access.redhat.com/solutions/7028861[Adding nodes in {ibm-power-name} clusters can result in failed File Integrity node status].
+
 [id="file-integrity-operator-release-notes-1-2-1"]
 == OpenShift File Integrity Operator 1.2.1
 
@@ -36,7 +99,7 @@ The following advisory is available for the OpenShift File Integrity Operator 1.
 
 * The File Integrity Operator Custom Resource (CR) now contains an `initialDelay` feature that specifies the number of seconds to wait before starting the first AIDE integrity check. For more information, see xref:../../security/file_integrity_operator/file-integrity-operator-understanding.adoc#understanding-file-integrity-custom-resource_file-integrity-operator[Creating the FileIntegrity custom resource].
 
-* The File Integrity Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/file_integrity_operator/file-integrity-operator-updating.html#olm-preparing-upgrade_file-integrity-operator-updating[Updating the File Integrity Operator].
+* The File Integrity Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/file_integrity_operator/file-integrity-operator-updating.adoc#olm-preparing-upgrade_file-integrity-operator-updating[Updating the File Integrity Operator].
 
 [id="file-integrity-operator-release-notes-1-0-0"]
 == OpenShift File Integrity Operator 1.0.0
@@ -71,8 +134,8 @@ The following advisory is available for the OpenShift File Integrity Operator 0.
 
 * The File Integrity Operator is now supported on the following architectures:
 +
-** IBM Power
-** IBM Z and LinuxONE
+** {ibm-power-name}
+** {ibm-z-name} and {ibm-linuxone-name}
 
 [id="file-integrity-operator-0-1-30-bug-fixes"]
 === Bug fixes
diff --git a/security/file_integrity_operator/file-integrity-operator-troubleshooting.adoc b/security/file_integrity_operator/file-integrity-operator-troubleshooting.adoc
index 5c881aeb0555..051e77f8da21 100644
--- a/security/file_integrity_operator/file-integrity-operator-troubleshooting.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-file-integrity-operator"]
 = Troubleshooting the File Integrity Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/file_integrity_operator/file-integrity-operator-understanding.adoc b/security/file_integrity_operator/file-integrity-operator-understanding.adoc
index 9965c8efd426..67ff62c3e287 100644
--- a/security/file_integrity_operator/file-integrity-operator-understanding.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-file-integrity-operator"]
 = Understanding the File Integrity Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/file_integrity_operator/file-integrity-operator-updating.adoc b/security/file_integrity_operator/file-integrity-operator-updating.adoc
index aa323ff1bd30..0dc52b8db8b4 100644
--- a/security/file_integrity_operator/file-integrity-operator-updating.adoc
+++ b/security/file_integrity_operator/file-integrity-operator-updating.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="file-integrity-operator-updating"]
 = Updating the File Integrity Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/index.adoc b/security/index.adoc
index a83be283cf19..c68a66f5b2ff 100644
--- a/security/index.adoc
+++ b/security/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="security-compliance-overview"]
 = {product-title} security and compliance
 include::_attributes/common-attributes.adoc[]
@@ -78,7 +78,7 @@ For many {product-title} customers, regulatory readiness, or compliance, on some
 [id="compliance-checking"]
 === Compliance checking
 
-Administrators can use the xref:../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] to run compliance scans and recommend remediations for any issues found. The xref:../security/compliance_operator/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[`oc-compliance` plugin] is an OpenShift CLI (`oc`) plugin that provides a set of utilities to easily interact with the Compliance Operator.
+Administrators can use the xref:../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] to run compliance scans and recommend remediations for any issues found. The xref:../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[`oc-compliance` plugin] is an OpenShift CLI (`oc`) plugin that provides a set of utilities to easily interact with the Compliance Operator.
 
 [discrete]
 [id="file-integrity-checking"]
diff --git a/security/nbde_tang_server_operator/_attributes b/security/nbde_tang_server_operator/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/security/nbde_tang_server_operator/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/security/nbde_tang_server_operator/images b/security/nbde_tang_server_operator/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/security/nbde_tang_server_operator/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/security/nbde_tang_server_operator/modules b/security/nbde_tang_server_operator/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/security/nbde_tang_server_operator/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc b/security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc
new file mode 100644
index 000000000000..e9ffdbba84cf
--- /dev/null
+++ b/security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="configuring-and-managing-nbde-tang-server-operator"]
+= Configuring and managing Tang servers using the NBDE Tang Server Operator
+include::_attributes/common-attributes.adoc[]
+:context: configuring-and-managing-nbde-tang-server-operator
+
+toc::[]
+
+With the NBDE Tang Server Operator, you can deploy and quickly configure Tang servers. On the deployed Tang servers, you can list existing keys and rotate them.
+
+include::modules/nbde-tang-server-operator-deploying.adoc[leveloffset=+1]
+
+include::modules/nbde-tang-server-operator-rotating-keys.adoc[leveloffset=+1]
+
+include::modules/nbde-tang-server-operator-removing-hidden-keys.adoc[leveloffset=+1]
+
+
+
diff --git a/security/nbde_tang_server_operator/nbde-tang-server-operator-identifying-url.adoc b/security/nbde_tang_server_operator/nbde-tang-server-operator-identifying-url.adoc
new file mode 100644
index 000000000000..ceb0fbec6ea4
--- /dev/null
+++ b/security/nbde_tang_server_operator/nbde-tang-server-operator-identifying-url.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="identifying-url-nbde-tang-server-operator"]
+= Identifying URL of a Tang server deployed with the NBDE Tang Server Operator
+include::_attributes/common-attributes.adoc[]
+:context: identifying-url-nbde-tang-server-operator
+
+toc::[]
+
+Before you can configure your Clevis clients to use encryption keys advertised by your Tang servers, you must identify the URLs of the servers.
+
+include::modules/nbde-tang-server-operator-identifying-url-web-console.adoc[leveloffset=+1]
+
+include::modules/nbde-tang-server-operator-identifying-url-cli.adoc[leveloffset=+1]
+
+[id="additional-resources-identifying-url-nbde-tang-server-operator"]
+[role="_additional-resources"]
+== Additional resources
+
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#configuring-manual-enrollment-of-volumes-using-clevis_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Configuring manual enrollment of LUKS-encrypted volumes] section in the RHEL 9 Security hardening document.
diff --git a/security/nbde_tang_server_operator/nbde-tang-server-operator-installing.adoc b/security/nbde_tang_server_operator/nbde-tang-server-operator-installing.adoc
new file mode 100644
index 000000000000..8cc5850655f6
--- /dev/null
+++ b/security/nbde_tang_server_operator/nbde-tang-server-operator-installing.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-nbde-tang-server-operator"]
+= Installing the NBDE Tang Server Operator
+include::_attributes/common-attributes.adoc[]
+:context: installing-nbde-tang-server-operator
+
+toc::[]
+
+You can install the NBDE Tang Operator either by using the web console or through the `oc` command from CLI.
+
+include::modules/nbde-tang-server-operator-installing-web-console.adoc[leveloffset=+1]
+
+include::modules/nbde-tang-server-operator-installing-cli.adoc[leveloffset=+1]
+
+
+
+
diff --git a/security/nbde_tang_server_operator/nbde-tang-server-operator-overview.adoc b/security/nbde_tang_server_operator/nbde-tang-server-operator-overview.adoc
new file mode 100644
index 000000000000..9abdbd9f51df
--- /dev/null
+++ b/security/nbde_tang_server_operator/nbde-tang-server-operator-overview.adoc
@@ -0,0 +1,12 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="nbde-tang-server-operator-overview"]
+= NBDE Tang Server Operator overview
+include::_attributes/common-attributes.adoc[]
+:context: nbde-tang-server-operator-overview
+
+toc::[]
+
+Network-bound Disk Encryption (NBDE) provides an automated unlocking of LUKS-encrypted volumes using one or more dedicated network-binding servers. The client side of NBDE is called the Clevis decryption policy framework and the server side is represented by Tang.
+
+The NBDE Tang Server Operator allows the automation of deployments of one or several Tang servers in the OpenShift Container Platform (OCP) environment.
+
diff --git a/security/nbde_tang_server_operator/nbde-tang-server-operator-release-notes.adoc b/security/nbde_tang_server_operator/nbde-tang-server-operator-release-notes.adoc
new file mode 100644
index 000000000000..d15ee48e1541
--- /dev/null
+++ b/security/nbde_tang_server_operator/nbde-tang-server-operator-release-notes.adoc
@@ -0,0 +1,42 @@
+//NBDE Tang Server Operator Release Notes
+:_mod-docs-content-type: ASSEMBLY
+[id="nbde-tang-server-operator-release-notes"]
+= NBDE Tang Server Operator release notes
+:context: nbde-tang-server-operator-release-notes
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The following release notes track the development of the Security Profiles Operator in the OpenShift Container Platform.
+
+* link:https://access.redhat.com/errata/RHEA-2023:7491[RHEA-2023:7491 - Release of the NBDE Tang Server Operator 1.0]
+
+////
+A template for a future use
+
+[id="nbde-tang-server-operator-release-notes-1-0-0"]
+== NBDE Tang Server Operator 1.0.0
+
+The following advisory is available for the NBDE Tang Server Operator 1.0.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:XXXX[RHBA-2023:XXXX NBDE Tang Server Operator bug fix update]
+
+[id="nbde-tang-server-operator-1-0-0-new-features-and-enhancements"]
+=== New features and enhancements
+
+* Lorem ipsum. (link:https://issues.redhat.com/browse/OCPBUGS-XXXXX[*OCPBUGS-XXXXX*])
+
+
+[id="nbde-tang-server-operator-1-0-0-bug-fixes"]
+=== Bug fixes
+
+* Lorem ipsum. (link:https://issues.redhat.com/browse/OCPBUGS-XXXXX[*OCPBUGS-XXXXX*])
+
+////
+
+////
+[id="nbde-tang-server-operator-release-notes_additional-resources"]
+[role="_additional-resources"]
+== Additional resources
+xref:../../security/nbde_tang_server_operator/nbde-tang-server-operator-understanding.adoc#understanding-nbde-tang-server-operator[Understanding the NBDE Tang Server Operator]
+////
diff --git a/security/nbde_tang_server_operator/nbde-tang-server-operator-understanding.adoc b/security/nbde_tang_server_operator/nbde-tang-server-operator-understanding.adoc
new file mode 100644
index 000000000000..9f712398aa73
--- /dev/null
+++ b/security/nbde_tang_server_operator/nbde-tang-server-operator-understanding.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="understanding-nbde-tang-server-operator"]
+= Understanding the NBDE Tang Server Operator
+include::_attributes/common-attributes.adoc[]
+:context: understanding-nbde-tang-server-operator
+
+toc::[]
+
+You can use the NBDE Tang Server Operator to automate the deployment of a Tang server in an {product-title} cluster that requires Network Bound Disk Encryption (NBDE) internally, leveraging the tools that {product-title} provides to achieve this automation.
+
+The NBDE Tang Server Operator simplifies the installation process and uses native features provided by the {product-title} environment, such as multi-replica deployment, scaling, traffic load balancing, and so on. The Operator also provides automation of certain operations that are error-prone when you perform them manually, for example:
+
+* server deployment and configuration
+* key rotation
+* hidden keys deletion
+
+The NBDE Tang Server Operator is implemented using the Operator SDK and allows the deployment of one or more Tang servers in OpenShift through custom resource definitions (CRDs).
+
+
+[id="understanding-nbde-tang-server-operator_additional-resources"]
+[role="_additional-resources"]
+== Additional resources
+* link:https://cloud.redhat.com/blog/tang-operator-providing-nbde-in-openshift[Tang-Operator: Providing NBDE in OpenShift] Red Hat Hybrid Cloud blog article
+* link:https://github.com/latchset/tang-operator[tang-operator] Github project
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption] chapter in the RHEL 9 Security hardening document
+
diff --git a/security/nbde_tang_server_operator/snippets b/security/nbde_tang_server_operator/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/security/nbde_tang_server_operator/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/security/network_bound_disk_encryption/nbde-about-disk-encryption-technology.adoc b/security/network_bound_disk_encryption/nbde-about-disk-encryption-technology.adoc
index 2815a11684e5..2802a500181a 100644
--- a/security/network_bound_disk_encryption/nbde-about-disk-encryption-technology.adoc
+++ b/security/network_bound_disk_encryption/nbde-about-disk-encryption-technology.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 // CNF-2127 assembly
 [id="nbde-about-disk-encryption-technology"]
 = About disk encryption technology
diff --git a/security/network_bound_disk_encryption/nbde-disaster-recovery-considerations.adoc b/security/network_bound_disk_encryption/nbde-disaster-recovery-considerations.adoc
index 05cf30a7059b..a92df7335b4c 100644
--- a/security/network_bound_disk_encryption/nbde-disaster-recovery-considerations.adoc
+++ b/security/network_bound_disk_encryption/nbde-disaster-recovery-considerations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 // CNF-2127 assembly
 [id="nbde-disaster-recovery-considerations"]
 = Disaster recovery considerations
diff --git a/security/network_bound_disk_encryption/nbde-managing-encryption-keys.adoc b/security/network_bound_disk_encryption/nbde-managing-encryption-keys.adoc
index 439fad6d1db2..ac5b365ace33 100644
--- a/security/network_bound_disk_encryption/nbde-managing-encryption-keys.adoc
+++ b/security/network_bound_disk_encryption/nbde-managing-encryption-keys.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 // CNF-2127 assembly
 [id="nbde-managing-encryption-keys"]
 = Tang server encryption key management
diff --git a/security/network_bound_disk_encryption/nbde-tang-server-installation-considerations.adoc b/security/network_bound_disk_encryption/nbde-tang-server-installation-considerations.adoc
index d7b583190abc..3e8bc484a430 100644
--- a/security/network_bound_disk_encryption/nbde-tang-server-installation-considerations.adoc
+++ b/security/network_bound_disk_encryption/nbde-tang-server-installation-considerations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 // CNF-2127 assembly
 [id="nbde-tang-server-installation-considerations"]
 = Tang server installation considerations
@@ -7,9 +7,20 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+Network-Bound Disk Encryption (NBDE) must be enabled when a cluster node is installed. However, you can change the disk encryption policy at any time after it was initialized at installation.
+
 include::modules/nbde-installation-scenarios.adoc[leveloffset=+1]
 
-include::modules/nbde-installing-a-tang-server.adoc[leveloffset=+1]
+[id="nbde-installing-a-tang-server_{context}"]
+== Installing a Tang server
+
+To deploy one or more Tang servers, you can choose from the following options depending on your scenario:
+
+. xref:../../security/nbde_tang_server_operator/nbde-tang-server-operator-configuring-managing.adoc#deploying-nbde-tang-server_configuring-and-managing-nbde-tang-server-operator[Deploying a Tang server using the NBDE Tang Server Operator]
+. link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#deploying-a-tang-server-with-selinux-in-enforcing-mode_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Deploying a Tang server with SELinux in enforcing mode on RHEL systems]
+. link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#configuring-automated-unlocking-using-a-tang-key-in-the-web-console_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Configuring a Tang server in the RHEL web console]
+. link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#proc_deploying-tang-as-a-container_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Deploying Tang as a container]
+. link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening#using-the-nbde_server-system-role-for-setting-up-multiple-tang-servers_configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption[Using the nbde_server System Role for setting up multiple Tang servers]
 
 include::modules/nbde-compute-requirements.adoc[leveloffset=+2]
 
@@ -17,10 +28,8 @@ include::modules/nbde-automatic-start-at-boot.adoc[leveloffset=+2]
 
 include::modules/nbde-http-versus-https.adoc[leveloffset=+2]
 
-include::modules/nbde-openshift-installation-with-nbde.adoc[leveloffset=+1]
-
 [role="_additional-resources"]
 .Additional resources
-* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption]
+* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption] in the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/index[RHEL 8 Security hardening] document
 * https://catalog.redhat.com/software/containers/detail/5fbc405674aa0cc23b445f8f?container-tabs=overview&gti-tabs=registry-tokens[Official Tang server container]
 * xref:../../installing/install_config/installing-customizing.adoc#installation-special-config-storage_installing-customizing[Encrypting and mirroring disks during installation]
diff --git a/security/pod-vulnerability-scan.adoc b/security/pod-vulnerability-scan.adoc
index 17b220ddfab3..00effbe42d1c 100644
--- a/security/pod-vulnerability-scan.adoc
+++ b/security/pod-vulnerability-scan.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="pod-vulnerability-scan"]
 = Scanning pods for vulnerabilities
 include::_attributes/common-attributes.adoc[]
@@ -23,6 +23,7 @@ namespace, so it is available to all namespaces on your {product-title} cluster.
 
 //
 include::modules/security-pod-scan-cso.adoc[leveloffset=+1]
+include::modules/security-pod-scan-cso-using.adoc[leveloffset=+1]
 
 //
 include::modules/security-pod-scan-query-cli.adoc[leveloffset=+1]
diff --git a/security/rosa-adding-additional-constraints-for-ip-based-aws-role-assumption.adoc b/security/rosa-adding-additional-constraints-for-ip-based-aws-role-assumption.adoc
new file mode 100644
index 000000000000..fb45e1ed76d4
--- /dev/null
+++ b/security/rosa-adding-additional-constraints-for-ip-based-aws-role-assumption.adoc
@@ -0,0 +1,20 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="rosa-adding-additional-constraints-for-ip-based-aws-role-assumption_{context}"]
+include::_attributes/attributes-openshift-dedicated.adoc[]
+include::_attributes/common-attributes.adoc[]
+= Adding additional constraints for IP-based AWS role assumption
+
+:context: rosa-adding-additional-constraints-for-ip-based-aws-role-assumption
+
+toc::[]
+
+You can implement an additional layer of security in your AWS account to prevent role assumption from non-allowlisted IP addresses.
+
+include::modules/rosa-create-an-identity-based-policy.adoc[leveloffset=+1]
+include::modules/rosa-attaching-the-policy.adoc[leveloffset=+1]
+
+
+[role="_additional-resources"]
+== Additional resources
+
+* For more information about denying access based on the source IP, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-ip.html[AWS: Denies access to AWS based on the source IP] in the AWS documentation.
diff --git a/security/seccomp-profiles.adoc b/security/seccomp-profiles.adoc
index b053ce5e8520..72f85eb5a516 100644
--- a/security/seccomp-profiles.adoc
+++ b/security/seccomp-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="seccomp-profiles"]
 = Configuring seccomp profiles
 include::_attributes/common-attributes.adoc[]
@@ -52,4 +52,4 @@ The custom SCC must have the appropriate priority to be automatically assigned t
 [role="_additional-resources"]
 == Additional resources
 * xref:../authentication/managing-security-context-constraints.adoc[Managing security context constraints]
-* xref:../post_installation_configuration/machine-configuration-tasks.adoc[Post-installation machine configuration tasks]
+* xref:../post_installation_configuration/machine-configuration-tasks.adoc[Postinstallation machine configuration tasks]
diff --git a/security/security_profiles_operator/spo-advanced.adoc b/security/security_profiles_operator/spo-advanced.adoc
index 7df25eaae8e1..7edee4c8fadc 100644
--- a/security/security_profiles_operator/spo-advanced.adoc
+++ b/security/security_profiles_operator/spo-advanced.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-advanced"]
 = Advanced Security Profiles Operator tasks
 include::_attributes/common-attributes.adoc[]
diff --git a/security/security_profiles_operator/spo-enabling.adoc b/security/security_profiles_operator/spo-enabling.adoc
index f7f3755b36be..2f02f5747083 100644
--- a/security/security_profiles_operator/spo-enabling.adoc
+++ b/security/security_profiles_operator/spo-enabling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-enabling"]
 = Enabling the Security Profiles Operator
 include::_attributes/common-attributes.adoc[]
@@ -8,6 +8,16 @@ toc::[]
 
 Before you can use the Security Profiles Operator, you must ensure the Operator is deployed in the cluster.
 
+[IMPORTANT]
+====
+The Security Profiles Operator supports only Red Hat Enterprise Linux CoreOS (RHCOS) worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.
+====
+
+[IMPORTANT]
+====
+The Security Profiles Operator only supports `x86_64` architecture.
+====
+
 include::modules/spo-installing.adoc[leveloffset=+1]
 
 include::modules/spo-installing-cli.adoc[leveloffset=+1]
diff --git a/security/security_profiles_operator/spo-overview.adoc b/security/security_profiles_operator/spo-overview.adoc
index f8af6417686a..4f45e7b0f721 100644
--- a/security/security_profiles_operator/spo-overview.adoc
+++ b/security/security_profiles_operator/spo-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-overview"]
 = Security Profiles Operator overview
 include::_attributes/common-attributes.adoc[]
diff --git a/security/security_profiles_operator/spo-release-notes.adoc b/security/security_profiles_operator/spo-release-notes.adoc
index 08d9fe8411f9..ddd9f4430e6f 100644
--- a/security/security_profiles_operator/spo-release-notes.adoc
+++ b/security/security_profiles_operator/spo-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-release-notes"]
 = Security Profiles Operator release notes
 include::_attributes/common-attributes.adoc[]
@@ -12,6 +12,42 @@ These release notes track the development of the Security Profiles Operator in {
 
 For an overview of the Security Profiles Operator, see xref:../../security/security_profiles_operator/spo-overview.adoc#[Security Profiles Operator Overview].
 
+[id="spo-release-notes-0-8-2"]
+== Security Profiles Operator 0.8.2
+
+The following advisory is available for the Security Profiles Operator 0.8.2:
+
+* link:https://access.redhat.com/errata/RHBA-2023:5958[RHBA-2023:5958 - OpenShift Security Profiles Operator bug fix update]
+
+[id="spo-0-8-2-bug-fixes"]
+=== Bug fixes
+
+* Previously, `SELinuxProfile` objects did not inherit custom attributes from the same namespace. With this update, the issue has now been resolved and `SELinuxProfile` object attributes are inherited from the same namespace as expected. (link:https://issues.redhat.com/browse/OCPBUGS-17164[*OCPBUGS-17164*])
+
+* Previously, RawSELinuxProfiles would hang during the creation process and would not reach an `Installed` state. With this update, the issue has been resolved and RawSELinuxProfiles are created successfully. (link:https://issues.redhat.com/browse/OCPBUGS-19744[*OCPBUGS-19744*])
+
+* Previously, patching the `enableLogEnricher` to `true` would cause the `seccompProfile` `log-enricher-trace` pods to be stuck in a `Pending` state. With this update, `log-enricher-trace` pods reach an `Installed` state as expected. (link:https://issues.redhat.com/browse/OCPBUGS-22182[*OCPBUGS-22182*])
+
+* Previously, the Security Profiles Operator generated high cardinality metrics, causing Prometheus pods using high amounts of memory. With this update, the following metrics will no longer apply in the Security Profiles Operator namespace:
++
+** `rest_client_request_duration_seconds`
+** `rest_client_request_size_bytes`
+** `rest_client_response_size_bytes`
++
+(link:https://issues.redhat.com/browse/OCPBUGS-22406[*OCPBUGS-22406*])
+
+[id="spo-release-notes-0-8-0"]
+== Security Profiles Operator 0.8.0
+
+The following advisory is available for the Security Profiles Operator 0.8.0:
+
+* link:https://access.redhat.com/errata/RHBA-2023:4689[RHBA-2023:4689 - OpenShift Security Profiles Operator bug fix update]
+
+[id="spo-0-8-0-bug-fixes"]
+=== Bug fixes
+
+* Previously, while trying to install Security Profiles Operator in a disconnected cluster, the secure hashes provided were incorrect due to a SHA relabeling issue. With this update, the SHAs provided work consistently with disconnected environments. (link:https://issues.redhat.com/browse/OCPBUGS-14404[*OCPBUGS-14404*])
+
 [id="spo-release-notes-0-7-1"]
 == Security Profiles Operator 0.7.1
 
@@ -54,7 +90,7 @@ SPO memory optimization is not enabled by default.
 [id="spo-0-7-1-known-issue"]
 === Known issue
 
-* When uninstalling the Security Profiles Operator, the `MutatingWebhookConfiguration` object is not deleted and must be manually removed. As a workaround, delete the `MutatingWebhookConfiguration` object after uninstalling the Security Profiles Operator. These steps are defined in xref:../security_profiles_operator/spo-uninstalling.adoc#[Uninstalling the Security Profiles Operator]. (link:https://issues.redhat.com/browse/OCPBUGS-4687[*OCPBUGS-4687*])
+* When uninstalling the Security Profiles Operator, the `MutatingWebhookConfiguration` object is not deleted and must be manually removed. As a workaround, delete the `MutatingWebhookConfiguration` object after uninstalling the Security Profiles Operator. These steps are defined in xref:../../security/security_profiles_operator/spo-uninstalling.adoc#spo-uninstalling[Uninstalling the Security Profiles Operator]. (link:https://issues.redhat.com/browse/OCPBUGS-4687[*OCPBUGS-4687*])
 
 [id="spo-release-notes-0-5-2"]
 == Security Profiles Operator 0.5.2
@@ -69,7 +105,7 @@ This update addresses a CVE in an underlying dependency.
 [id="spo-0-5-2-known-issue"]
 === Known issue
 
-* When uninstalling the Security Profiles Operator, the `MutatingWebhookConfiguration` object is not deleted and must be manually removed. As a workaround, delete the `MutatingWebhookConfiguration` object after uninstalling the Security Profiles Operator. These steps are defined in xref:../security_profiles_operator/spo-uninstalling.adoc#[Uninstalling the Security Profiles Operator]. (link:https://issues.redhat.com/browse/OCPBUGS-4687[*OCPBUGS-4687*])
+* When uninstalling the Security Profiles Operator, the `MutatingWebhookConfiguration` object is not deleted and must be manually removed. As a workaround, delete the `MutatingWebhookConfiguration` object after uninstalling the Security Profiles Operator. These steps are defined in xref:../../security/security_profiles_operator/spo-uninstalling.adoc#spo-uninstalling[Uninstalling the Security Profiles Operator]. (link:https://issues.redhat.com/browse/OCPBUGS-4687[*OCPBUGS-4687*])
 
 [id="spo-release-notes-0-5-0"]
 == Security Profiles Operator 0.5.0
@@ -82,4 +118,4 @@ The following advisory is available for the Security Profiles Operator 0.5.0:
 [id="spo-0-5-0-known-issue"]
 === Known issue
 
-* When uninstalling the Security Profiles Operator, the `MutatingWebhookConfiguration` object is not deleted and must be manually removed. As a workaround, delete the `MutatingWebhookConfiguration` object after uninstalling the Security Profiles Operator. These steps are defined in xref:../security_profiles_operator/spo-uninstalling.adoc#[Uninstalling the Security Profiles Operator]. (link:https://issues.redhat.com/browse/OCPBUGS-4687[*OCPBUGS-4687*])
+* When uninstalling the Security Profiles Operator, the `MutatingWebhookConfiguration` object is not deleted and must be manually removed. As a workaround, delete the `MutatingWebhookConfiguration` object after uninstalling the Security Profiles Operator. These steps are defined in xref:../../security/security_profiles_operator/spo-uninstalling.adoc#spo-uninstalling[Uninstalling the Security Profiles Operator]. (link:https://issues.redhat.com/browse/OCPBUGS-4687[*OCPBUGS-4687*])
diff --git a/security/security_profiles_operator/spo-seccomp.adoc b/security/security_profiles_operator/spo-seccomp.adoc
index 03a19282eefe..ae4373bd75d8 100644
--- a/security/security_profiles_operator/spo-seccomp.adoc
+++ b/security/security_profiles_operator/spo-seccomp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-seccomp"]
 = Managing seccomp profiles
 include::_attributes/common-attributes.adoc[]
@@ -8,6 +8,11 @@ toc::[]
 
 Create and manage seccomp profiles and bind them to workloads.
 
+[IMPORTANT]
+====
+The Security Profiles Operator supports only Red Hat Enterprise Linux CoreOS (RHCOS) worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.
+====
+
 include::modules/spo-creating-profiles.adoc[leveloffset=+1]
 
 include::modules/spo-applying-profiles.adoc[leveloffset=+1]
@@ -25,5 +30,5 @@ include::modules/spo-container-profile-instances.adoc[leveloffset=+2]
 
 * xref:../../authentication/managing-security-context-constraints.adoc[Managing security context constraints]
 * link:https://cloud.redhat.com/blog/managing-sccs-in-openshift[Managing SCCs in OpenShift]
-* xref:../../security/security_profiles_operator/spo-advanced.html#spo-log-enricher_spo-advanced[Using the log enricher]
-* xref:../../security/security_profiles_operator/spo-understanding.html#spo-about_spo-understanding[About security profiles]
\ No newline at end of file
+* xref:../../security/security_profiles_operator/spo-advanced.adoc#spo-log-enricher_spo-advanced[Using the log enricher]
+* xref:../../security/security_profiles_operator/spo-understanding.adoc#spo-about_spo-understanding[About security profiles]
\ No newline at end of file
diff --git a/security/security_profiles_operator/spo-selinux.adoc b/security/security_profiles_operator/spo-selinux.adoc
index 9d167864ce6a..c017003205a5 100644
--- a/security/security_profiles_operator/spo-selinux.adoc
+++ b/security/security_profiles_operator/spo-selinux.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-selinux"]
 = Managing SELinux profiles
 include::_attributes/common-attributes.adoc[]
@@ -8,6 +8,11 @@ toc::[]
 
 Create and manage SELinux profiles and bind them to workloads.
 
+[IMPORTANT]
+====
+The Security Profiles Operator supports only Red Hat Enterprise Linux CoreOS (RHCOS) worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.
+====
+
 include::modules/spo-creating-profiles.adoc[leveloffset=+1]
 
 include::modules/spo-applying-profiles.adoc[leveloffset=+1]
@@ -31,5 +36,5 @@ include::modules/spo-selinux-runasany.adoc[leveloffset=+2]
 
 * xref:../../authentication/managing-security-context-constraints.adoc[Managing security context constraints]
 * link:https://cloud.redhat.com/blog/managing-sccs-in-openshift[Managing SCCs in OpenShift]
-* xref:../../security/security_profiles_operator/spo-advanced.html#spo-log-enricher_spo-advanced[Using the log enricher]
-* xref:../../security/security_profiles_operator/spo-understanding.html#spo-about_spo-understanding[About security profiles]
\ No newline at end of file
+* xref:../../security/security_profiles_operator/spo-advanced.adoc#spo-log-enricher_spo-advanced[Using the log enricher]
+* xref:../../security/security_profiles_operator/spo-understanding.adoc#spo-about_spo-understanding[About security profiles]
\ No newline at end of file
diff --git a/security/security_profiles_operator/spo-troubleshooting.adoc b/security/security_profiles_operator/spo-troubleshooting.adoc
index 51ac7bc34cc5..71e6eb138262 100644
--- a/security/security_profiles_operator/spo-troubleshooting.adoc
+++ b/security/security_profiles_operator/spo-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-troubleshooting"]
 = Troubleshooting the Security Profiles Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/security_profiles_operator/spo-understanding.adoc b/security/security_profiles_operator/spo-understanding.adoc
index 6c3d3bbe7d48..66fd622e3fdc 100644
--- a/security/security_profiles_operator/spo-understanding.adoc
+++ b/security/security_profiles_operator/spo-understanding.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-understanding"]
 = Understanding the Security Profiles Operator
 include::_attributes/common-attributes.adoc[]
@@ -8,4 +8,9 @@ toc::[]
 
 {product-title} administrators can use the Security Profiles Operator to define increased security measures in clusters.
 
+[IMPORTANT]
+====
+The Security Profiles Operator supports only Red Hat Enterprise Linux CoreOS (RHCOS) worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported.
+====
+
 include::modules/spo-about.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/security/security_profiles_operator/spo-uninstalling.adoc b/security/security_profiles_operator/spo-uninstalling.adoc
index 63aff012f5e9..baea35fbdd8f 100644
--- a/security/security_profiles_operator/spo-uninstalling.adoc
+++ b/security/security_profiles_operator/spo-uninstalling.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="spo-uninstalling"]
 = Uninstalling the Security Profiles Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/security/tls-security-profiles.adoc b/security/tls-security-profiles.adoc
index fccd0dcdcff4..b304397b9cd5 100644
--- a/security/tls-security-profiles.adoc
+++ b/security/tls-security-profiles.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="tls-security-profiles"]
 = Configuring TLS security profiles
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/about/about-knative-eventing.adoc b/serverless/about/about-knative-eventing.adoc
index 108d0799d78b..8d6cfbe15d9b 100644
--- a/serverless/about/about-knative-eventing.adoc
+++ b/serverless/about/about-knative-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-knative-eventing"]
 = Knative Eventing
 :context: about-knative-eventing
diff --git a/serverless/about/about-knative-serving.adoc b/serverless/about/about-knative-serving.adoc
index 557d5750b1d1..bd6edc2ecd5c 100644
--- a/serverless/about/about-knative-serving.adoc
+++ b/serverless/about/about-knative-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-knative-serving"]
 = Knative Serving
 :context: about-knative-serving
diff --git a/serverless/about/about-serverless.adoc b/serverless/about/about-serverless.adoc
index 21ff6a81b245..1577aa3fe1ba 100644
--- a/serverless/about/about-serverless.adoc
+++ b/serverless/about/about-serverless.adoc
@@ -1,8 +1,8 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-serverless"]
+include::_attributes/common-attributes.adoc[]
 = {ServerlessProductName} overview
 :context: about-serverless
-include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
@@ -10,7 +10,7 @@ toc::[]
 
 [NOTE]
 ====
-Because {ServerlessProductName} releases on a different cadence from {product-title}, the {ServerlessProductName} documentation is now available as separate documentation sets for each minor version of the product. 
+Because {ServerlessProductName} releases on a different cadence from {product-title}, the {ServerlessProductName} documentation is now available as separate documentation sets for each minor version of the product.
 
 The {ServerlessProductName} documentation is available at link:https://docs.openshift.com/serverless/[].
 
diff --git a/serverless/about/serverless-functions-about.adoc b/serverless/about/serverless-functions-about.adoc
index 1bd87575f473..0572284dba68 100644
--- a/serverless/about/serverless-functions-about.adoc
+++ b/serverless/about/serverless-functions-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-about"]
 = About {FunctionsProductName}
 :context: serverless-functions-about
diff --git a/serverless/cli_tools/advanced-kn-config.adoc b/serverless/cli_tools/advanced-kn-config.adoc
index 25ba591bd103..6d5cdf4b1f9b 100644
--- a/serverless/cli_tools/advanced-kn-config.adoc
+++ b/serverless/cli_tools/advanced-kn-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="advanced-kn-config"]
 = Configuring the Knative CLI
 :context: advanced-kn-config
diff --git a/serverless/cli_tools/eventing_cli/kn-source.adoc b/serverless/cli_tools/eventing_cli/kn-source.adoc
index 8ff796170c09..da4833c0c642 100644
--- a/serverless/cli_tools/eventing_cli/kn-source.adoc
+++ b/serverless/cli_tools/eventing_cli/kn-source.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kn-source"]
 = kn source commands
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/cli_tools/functions_cli/kn-functions.adoc b/serverless/cli_tools/functions_cli/kn-functions.adoc
index 814c801866c6..5623006c6878 100644
--- a/serverless/cli_tools/functions_cli/kn-functions.adoc
+++ b/serverless/cli_tools/functions_cli/kn-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-functions"]
 = kn functions commands
diff --git a/serverless/cli_tools/kn-plugins.adoc b/serverless/cli_tools/kn-plugins.adoc
index 56081aa95c3b..325addba3163 100644
--- a/serverless/cli_tools/kn-plugins.adoc
+++ b/serverless/cli_tools/kn-plugins.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kn-plugins"]
 = Knative CLI plugins
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/cli_tools/serving_cli/kn-container.adoc b/serverless/cli_tools/serving_cli/kn-container.adoc
index 016fbf8ab17d..1418a2d21c3a 100644
--- a/serverless/cli_tools/serving_cli/kn-container.adoc
+++ b/serverless/cli_tools/serving_cli/kn-container.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-container"]
 = kn container commands
diff --git a/serverless/cli_tools/serving_cli/kn-domain.adoc b/serverless/cli_tools/serving_cli/kn-domain.adoc
index fb4fcd413e28..969a99883431 100644
--- a/serverless/cli_tools/serving_cli/kn-domain.adoc
+++ b/serverless/cli_tools/serving_cli/kn-domain.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-domain"]
 = kn domain commands
diff --git a/serverless/cli_tools/serving_cli/kn-service-offline.adoc b/serverless/cli_tools/serving_cli/kn-service-offline.adoc
index f2c42cf0d847..14c2c57ba66d 100644
--- a/serverless/cli_tools/serving_cli/kn-service-offline.adoc
+++ b/serverless/cli_tools/serving_cli/kn-service-offline.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-service-offline"]
 = kn service commands in offline mode
diff --git a/serverless/cli_tools/serving_cli/kn-service.adoc b/serverless/cli_tools/serving_cli/kn-service.adoc
index 5812e03c4936..7021a9f47d6b 100644
--- a/serverless/cli_tools/serving_cli/kn-service.adoc
+++ b/serverless/cli_tools/serving_cli/kn-service.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-service"]
 = kn service commands
diff --git a/serverless/eventing/brokers/kafka-broker.adoc b/serverless/eventing/brokers/kafka-broker.adoc
index 5aa351fc8f53..037dedb429df 100644
--- a/serverless/eventing/brokers/kafka-broker.adoc
+++ b/serverless/eventing/brokers/kafka-broker.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kafka-broker"]
 = Knative broker implementation for Apache Kafka
diff --git a/serverless/eventing/brokers/serverless-broker-backing-channel-default.adoc b/serverless/eventing/brokers/serverless-broker-backing-channel-default.adoc
index 5eeacb9adc4b..d400edd7ca68 100644
--- a/serverless/eventing/brokers/serverless-broker-backing-channel-default.adoc
+++ b/serverless/eventing/brokers/serverless-broker-backing-channel-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-broker-backing-channel-default"]
 = Configuring the default broker backing channel
diff --git a/serverless/eventing/brokers/serverless-broker-types.adoc b/serverless/eventing/brokers/serverless-broker-types.adoc
index 9be26bbcc05e..39dda27a81a9 100644
--- a/serverless/eventing/brokers/serverless-broker-types.adoc
+++ b/serverless/eventing/brokers/serverless-broker-types.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-broker-types"]
 = Broker types
diff --git a/serverless/eventing/brokers/serverless-brokers.adoc b/serverless/eventing/brokers/serverless-brokers.adoc
index 97bbb8cc1e78..69935ba13eaa 100644
--- a/serverless/eventing/brokers/serverless-brokers.adoc
+++ b/serverless/eventing/brokers/serverless-brokers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-brokers"]
 = Brokers
diff --git a/serverless/eventing/brokers/serverless-event-delivery.adoc b/serverless/eventing/brokers/serverless-event-delivery.adoc
index 9eaaaa182e8d..633ff0102fdf 100644
--- a/serverless/eventing/brokers/serverless-event-delivery.adoc
+++ b/serverless/eventing/brokers/serverless-event-delivery.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-event-delivery"]
 = Event delivery
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/eventing/brokers/serverless-global-config-broker-class-default.adoc b/serverless/eventing/brokers/serverless-global-config-broker-class-default.adoc
index 6ef322bef7ab..8211ffdf0c62 100644
--- a/serverless/eventing/brokers/serverless-global-config-broker-class-default.adoc
+++ b/serverless/eventing/brokers/serverless-global-config-broker-class-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-global-config-broker-class-default"]
 = Configuring the default broker class
diff --git a/serverless/eventing/brokers/serverless-using-brokers-managing-brokers.adoc b/serverless/eventing/brokers/serverless-using-brokers-managing-brokers.adoc
index 4bed8c2c43e2..f4ad431bbe6c 100644
--- a/serverless/eventing/brokers/serverless-using-brokers-managing-brokers.adoc
+++ b/serverless/eventing/brokers/serverless-using-brokers-managing-brokers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-using-brokers-managing-brokers"]
 = Managing brokers
diff --git a/serverless/eventing/brokers/serverless-using-brokers.adoc b/serverless/eventing/brokers/serverless-using-brokers.adoc
index 511c55f2f428..33e4aaac70c3 100644
--- a/serverless/eventing/brokers/serverless-using-brokers.adoc
+++ b/serverless/eventing/brokers/serverless-using-brokers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-using-brokers"]
 = Creating brokers
diff --git a/serverless/eventing/channels/connecting-channels-sinks.adoc b/serverless/eventing/channels/connecting-channels-sinks.adoc
index c82f7d64f91c..a63897927ff7 100644
--- a/serverless/eventing/channels/connecting-channels-sinks.adoc
+++ b/serverless/eventing/channels/connecting-channels-sinks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="connecting-channels-sinks"]
 = Connecting channels to sinks
diff --git a/serverless/eventing/channels/serverless-channel-default.adoc b/serverless/eventing/channels/serverless-channel-default.adoc
index cdd78af2cf73..55d16c203e43 100644
--- a/serverless/eventing/channels/serverless-channel-default.adoc
+++ b/serverless/eventing/channels/serverless-channel-default.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-channel-default"]
 = Default channel implementation
diff --git a/serverless/eventing/channels/serverless-channels.adoc b/serverless/eventing/channels/serverless-channels.adoc
index 9dc691162bb4..b50e2f259220 100644
--- a/serverless/eventing/channels/serverless-channels.adoc
+++ b/serverless/eventing/channels/serverless-channels.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-channels"]
 = Channels and subscriptions
diff --git a/serverless/eventing/channels/serverless-creating-channels.adoc b/serverless/eventing/channels/serverless-creating-channels.adoc
index e0a50695f436..cb51e6c6e28e 100644
--- a/serverless/eventing/channels/serverless-creating-channels.adoc
+++ b/serverless/eventing/channels/serverless-creating-channels.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-creating-channels"]
 = Creating channels
diff --git a/serverless/eventing/channels/serverless-kafka-admin-security-channels.adoc b/serverless/eventing/channels/serverless-kafka-admin-security-channels.adoc
index a4c9702df354..b8aaf8b888bc 100644
--- a/serverless/eventing/channels/serverless-kafka-admin-security-channels.adoc
+++ b/serverless/eventing/channels/serverless-kafka-admin-security-channels.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-kafka-admin-security-channels"]
 = Security configuration for channels
diff --git a/serverless/eventing/discovery/list-event-source-types-cli.adoc b/serverless/eventing/discovery/list-event-source-types-cli.adoc
index 94ca3e6aea84..2a440b2542c9 100644
--- a/serverless/eventing/discovery/list-event-source-types-cli.adoc
+++ b/serverless/eventing/discovery/list-event-source-types-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="list-event-source-types-cli"]
 = Listing event source types from the command line
diff --git a/serverless/eventing/discovery/list-event-source-types-odc.adoc b/serverless/eventing/discovery/list-event-source-types-odc.adoc
index 4e9efae0ef4f..9075bf049c2d 100644
--- a/serverless/eventing/discovery/list-event-source-types-odc.adoc
+++ b/serverless/eventing/discovery/list-event-source-types-odc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="list-event-source-types-odc"]
 = Listing event source types from the Developer perspective
diff --git a/serverless/eventing/discovery/list-event-sources-cli.adoc b/serverless/eventing/discovery/list-event-sources-cli.adoc
index a276af197d04..6aa6915236a6 100644
--- a/serverless/eventing/discovery/list-event-sources-cli.adoc
+++ b/serverless/eventing/discovery/list-event-sources-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="list-event-sources-cli"]
 = Listing event sources from the command line
diff --git a/serverless/eventing/discovery/serverless-listing-event-sources.adoc b/serverless/eventing/discovery/serverless-listing-event-sources.adoc
index 97c6b0b0e00a..1299eee69af6 100644
--- a/serverless/eventing/discovery/serverless-listing-event-sources.adoc
+++ b/serverless/eventing/discovery/serverless-listing-event-sources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-listing-event-sources"]
 = Listing event sources and event source types
diff --git a/serverless/eventing/event-sinks/serverless-creating-sinks.adoc b/serverless/eventing/event-sinks/serverless-creating-sinks.adoc
index 4150f7069f27..a1b2d24c7c23 100644
--- a/serverless/eventing/event-sinks/serverless-creating-sinks.adoc
+++ b/serverless/eventing/event-sinks/serverless-creating-sinks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-creating-sinks"]
 = Creating event sinks
diff --git a/serverless/eventing/event-sinks/serverless-event-sinks.adoc b/serverless/eventing/event-sinks/serverless-event-sinks.adoc
index 18fe171f2303..bd2f03422d32 100644
--- a/serverless/eventing/event-sinks/serverless-event-sinks.adoc
+++ b/serverless/eventing/event-sinks/serverless-event-sinks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-event-sinks"]
 = Event sinks
diff --git a/serverless/eventing/event-sinks/serverless-kafka-developer-sink.adoc b/serverless/eventing/event-sinks/serverless-kafka-developer-sink.adoc
index 77862e494e9e..903e7f932c62 100644
--- a/serverless/eventing/event-sinks/serverless-kafka-developer-sink.adoc
+++ b/serverless/eventing/event-sinks/serverless-kafka-developer-sink.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-kafka-developer-sink"]
 = Sink for Apache Kafka
diff --git a/serverless/eventing/event-sources/event-source-admin-perspective.adoc b/serverless/eventing/event-sources/event-source-admin-perspective.adoc
index d2d9063b500e..c660bf4e7fe2 100644
--- a/serverless/eventing/event-sources/event-source-admin-perspective.adoc
+++ b/serverless/eventing/event-sources/event-source-admin-perspective.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="event-source-admin-perspective"]
 = Event source in the Administrator perspective
diff --git a/serverless/eventing/event-sources/knative-event-sources.adoc b/serverless/eventing/event-sources/knative-event-sources.adoc
index a25d7a136494..d85871a4705e 100644
--- a/serverless/eventing/event-sources/knative-event-sources.adoc
+++ b/serverless/eventing/event-sources/knative-event-sources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="knative-event-sources"]
 = Event sources
diff --git a/serverless/eventing/event-sources/serverless-apiserversource.adoc b/serverless/eventing/event-sources/serverless-apiserversource.adoc
index b608379f0a26..48f4c5532ecd 100644
--- a/serverless/eventing/event-sources/serverless-apiserversource.adoc
+++ b/serverless/eventing/event-sources/serverless-apiserversource.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-apiserversource"]
 = Creating an API server source
diff --git a/serverless/eventing/event-sources/serverless-custom-event-sources.adoc b/serverless/eventing/event-sources/serverless-custom-event-sources.adoc
index 1310b67422a3..8f4c494e732e 100644
--- a/serverless/eventing/event-sources/serverless-custom-event-sources.adoc
+++ b/serverless/eventing/event-sources/serverless-custom-event-sources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-custom-event-sources"]
 = Custom event sources
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/eventing/event-sources/serverless-kafka-developer-source.adoc b/serverless/eventing/event-sources/serverless-kafka-developer-source.adoc
index 834fbb1dee5c..b67900877dd9 100644
--- a/serverless/eventing/event-sources/serverless-kafka-developer-source.adoc
+++ b/serverless/eventing/event-sources/serverless-kafka-developer-source.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-kafka-developer-source"]
 = Source for Apache Kafka
diff --git a/serverless/eventing/event-sources/serverless-pingsource.adoc b/serverless/eventing/event-sources/serverless-pingsource.adoc
index c247f9328359..4c9568bbc306 100644
--- a/serverless/eventing/event-sources/serverless-pingsource.adoc
+++ b/serverless/eventing/event-sources/serverless-pingsource.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-pingsource"]
 = Creating a ping source
 :context: serverless-pingsource
diff --git a/serverless/eventing/event-sources/serverless-sink-source-odc.adoc b/serverless/eventing/event-sources/serverless-sink-source-odc.adoc
index 2fef7c00628f..8e74cd449c01 100644
--- a/serverless/eventing/event-sources/serverless-sink-source-odc.adoc
+++ b/serverless/eventing/event-sources/serverless-sink-source-odc.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-sink-source-odc"]
 = Connecting an event source to a sink using the Developer perspective
diff --git a/serverless/eventing/kn-event-plugin/kn-plugins-events.adoc b/serverless/eventing/kn-event-plugin/kn-plugins-events.adoc
index 5494bc236ae5..3b06317a6a5d 100644
--- a/serverless/eventing/kn-event-plugin/kn-plugins-events.adoc
+++ b/serverless/eventing/kn-event-plugin/kn-plugins-events.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kn-plugins-events"]
 = Knative CLI plugins
diff --git a/serverless/eventing/knative-eventing.adoc b/serverless/eventing/knative-eventing.adoc
index 852b2dcba83c..56bda5df70e2 100644
--- a/serverless/eventing/knative-eventing.adoc
+++ b/serverless/eventing/knative-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="knative-eventing-overview"]
 = Knative Eventing
diff --git a/serverless/eventing/subscriptions/serverless-subs-managing.adoc b/serverless/eventing/subscriptions/serverless-subs-managing.adoc
index d24087ea3cdb..45692e2883fa 100644
--- a/serverless/eventing/subscriptions/serverless-subs-managing.adoc
+++ b/serverless/eventing/subscriptions/serverless-subs-managing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-subs-managing"]
 = Managing subscriptions
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/eventing/subscriptions/serverless-subs.adoc b/serverless/eventing/subscriptions/serverless-subs.adoc
index 440ed0d31418..b38dfcf622ae 100644
--- a/serverless/eventing/subscriptions/serverless-subs.adoc
+++ b/serverless/eventing/subscriptions/serverless-subs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-subs"]
 = Creating subscriptions
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/eventing/triggers/connect-trigger-sink.adoc b/serverless/eventing/triggers/connect-trigger-sink.adoc
index 19d72d73792b..49baed285ab9 100644
--- a/serverless/eventing/triggers/connect-trigger-sink.adoc
+++ b/serverless/eventing/triggers/connect-trigger-sink.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="connect-trigger-sink"]
 = Connecting a trigger to a sink
diff --git a/serverless/eventing/triggers/create-triggers.adoc b/serverless/eventing/triggers/create-triggers.adoc
index 8d56712bedba..cb4d87ae0d33 100644
--- a/serverless/eventing/triggers/create-triggers.adoc
+++ b/serverless/eventing/triggers/create-triggers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="create-triggers"]
 = Creating triggers
diff --git a/serverless/eventing/triggers/delete-triggers-cli.adoc b/serverless/eventing/triggers/delete-triggers-cli.adoc
index a9929ed26ad7..9c731eb6f863 100644
--- a/serverless/eventing/triggers/delete-triggers-cli.adoc
+++ b/serverless/eventing/triggers/delete-triggers-cli.adoc
@@ -1,9 +1,9 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="delete-triggers-cli"]
 = Deleting triggers from the command line
 :context: delete-triggers-cli
 
-Using the Knative (`kn`) CLI to delete a trigger provides a streamlined and intuitive user interface. 
+Using the Knative (`kn`) CLI to delete a trigger provides a streamlined and intuitive user interface.
 
 include::modules/delete-kn-trigger.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/serverless/eventing/triggers/describe-triggers-cli.adoc b/serverless/eventing/triggers/describe-triggers-cli.adoc
index 57902c122e47..ad5912f8130c 100644
--- a/serverless/eventing/triggers/describe-triggers-cli.adoc
+++ b/serverless/eventing/triggers/describe-triggers-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="describe-triggers-cli"]
 = Describe triggers from the command line
diff --git a/serverless/eventing/triggers/filter-triggers-cli.adoc b/serverless/eventing/triggers/filter-triggers-cli.adoc
index 51806753c520..383f6010a34a 100644
--- a/serverless/eventing/triggers/filter-triggers-cli.adoc
+++ b/serverless/eventing/triggers/filter-triggers-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="filter-triggers-cli"]
 = Filtering triggers from the command line
diff --git a/serverless/eventing/triggers/list-triggers-cli.adoc b/serverless/eventing/triggers/list-triggers-cli.adoc
index d9a929078d75..a732227fab3b 100644
--- a/serverless/eventing/triggers/list-triggers-cli.adoc
+++ b/serverless/eventing/triggers/list-triggers-cli.adoc
@@ -1,9 +1,9 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="list-triggers-cli"]
 = List triggers from the command line
 :context: list-triggers-cli
 
-Using the Knative (`kn`) CLI to list triggers provides a streamlined and intuitive user interface. 
+Using the Knative (`kn`) CLI to list triggers provides a streamlined and intuitive user interface.
 
 include::modules/kn-trigger-list.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/serverless/eventing/triggers/serverless-triggers.adoc b/serverless/eventing/triggers/serverless-triggers.adoc
index 53b337966844..66d9c41b4a9b 100644
--- a/serverless/eventing/triggers/serverless-triggers.adoc
+++ b/serverless/eventing/triggers/serverless-triggers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-triggers"]
 = Triggers overview
diff --git a/serverless/eventing/triggers/update-triggers-cli.adoc b/serverless/eventing/triggers/update-triggers-cli.adoc
index f7912f722e62..9533bc9f22ab 100644
--- a/serverless/eventing/triggers/update-triggers-cli.adoc
+++ b/serverless/eventing/triggers/update-triggers-cli.adoc
@@ -1,9 +1,9 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="update-triggers-cli"]
 = Updating triggers from the command line
 :context: update-triggers-cli
 
-Using the Knative (`kn`) CLI to update triggers provides a streamlined and intuitive user interface. 
+Using the Knative (`kn`) CLI to update triggers provides a streamlined and intuitive user interface.
 
 include::modules/kn-trigger-update.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/serverless/eventing/tuning/overriding-config-eventing.adoc b/serverless/eventing/tuning/overriding-config-eventing.adoc
index 7368ce765e97..dda6bb470cf0 100644
--- a/serverless/eventing/tuning/overriding-config-eventing.adoc
+++ b/serverless/eventing/tuning/overriding-config-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="overriding-config-eventing"]
 =  Overriding Knative Eventing system deployment configurations
diff --git a/serverless/eventing/tuning/serverless-ha.adoc b/serverless/eventing/tuning/serverless-ha.adoc
index 374943c5b348..f7ee854916ee 100644
--- a/serverless/eventing/tuning/serverless-ha.adoc
+++ b/serverless/eventing/tuning/serverless-ha.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-ha"]
 = High availability
diff --git a/serverless/functions/serverless-developing-go-functions.adoc b/serverless/functions/serverless-developing-go-functions.adoc
index 776c7462f909..ecf5193d7ca3 100644
--- a/serverless/functions/serverless-developing-go-functions.adoc
+++ b/serverless/functions/serverless-developing-go-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-developing-go-functions"]
 = Developing Go functions
 :context: serverless-developing-go-functions
diff --git a/serverless/functions/serverless-developing-nodejs-functions.adoc b/serverless/functions/serverless-developing-nodejs-functions.adoc
index 59821d2a27f4..83739da52cc4 100644
--- a/serverless/functions/serverless-developing-nodejs-functions.adoc
+++ b/serverless/functions/serverless-developing-nodejs-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-developing-nodejs-functions"]
 = Developing Node.js functions
 :context: serverless-developing-nodejs-functions
diff --git a/serverless/functions/serverless-developing-python-functions.adoc b/serverless/functions/serverless-developing-python-functions.adoc
index 602e82eff403..c4a5147fe51d 100644
--- a/serverless/functions/serverless-developing-python-functions.adoc
+++ b/serverless/functions/serverless-developing-python-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-developing-python-functions"]
 = Developing Python functions
 :context: serverless-developing-python-functions
diff --git a/serverless/functions/serverless-developing-quarkus-functions.adoc b/serverless/functions/serverless-developing-quarkus-functions.adoc
index 26214d3eb67f..171f9cdb70da 100644
--- a/serverless/functions/serverless-developing-quarkus-functions.adoc
+++ b/serverless/functions/serverless-developing-quarkus-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-developing-quarkus-functions"]
 = Developing Quarkus functions
 :context: serverless-developing-quarkus-functions
diff --git a/serverless/functions/serverless-developing-typescript-functions.adoc b/serverless/functions/serverless-developing-typescript-functions.adoc
index fa65aa86920b..8db7198b5a4f 100644
--- a/serverless/functions/serverless-developing-typescript-functions.adoc
+++ b/serverless/functions/serverless-developing-typescript-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-developing-typescript-functions"]
 = Developing TypeScript functions
 :context: serverless-developing-typescript-functions
diff --git a/serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc b/serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
index 4b2c65825b29..a412f00c29e5 100644
--- a/serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
+++ b/serverless/functions/serverless-functions-accessing-secrets-configmaps.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-accessing-secrets-configmaps"]
 = Accessing secrets and config maps from functions
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/functions/serverless-functions-annotations.adoc b/serverless/functions/serverless-functions-annotations.adoc
index 4e2f443c1524..e6aca656519c 100644
--- a/serverless/functions/serverless-functions-annotations.adoc
+++ b/serverless/functions/serverless-functions-annotations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-attributes"]
 = Adding annotations to functions
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/functions/serverless-functions-eventing.adoc b/serverless/functions/serverless-functions-eventing.adoc
index d5e4003f5eaf..65eb0e188849 100644
--- a/serverless/functions/serverless-functions-eventing.adoc
+++ b/serverless/functions/serverless-functions-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-eventing"]
 = Using functions with Knative Eventing
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/functions/serverless-functions-getting-started.adoc b/serverless/functions/serverless-functions-getting-started.adoc
index aa5c2dc8999d..0bb02fc27013 100644
--- a/serverless/functions/serverless-functions-getting-started.adoc
+++ b/serverless/functions/serverless-functions-getting-started.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-getting-started"]
 = Getting started with functions
 :context: serverless-functions-getting-started
diff --git a/serverless/functions/serverless-functions-on-cluster-builds.adoc b/serverless/functions/serverless-functions-on-cluster-builds.adoc
index a2bafde07766..9172046a24cc 100644
--- a/serverless/functions/serverless-functions-on-cluster-builds.adoc
+++ b/serverless/functions/serverless-functions-on-cluster-builds.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-on-cluster-builds"]
 = On-cluster function building and deploying
 :context: serverless-functions-on-cluster-builds
diff --git a/serverless/functions/serverless-functions-reference-guide.adoc b/serverless/functions/serverless-functions-reference-guide.adoc
index f2ae408c8206..1691c26d2643 100644
--- a/serverless/functions/serverless-functions-reference-guide.adoc
+++ b/serverless/functions/serverless-functions-reference-guide.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-reference-guide"]
 = Functions development reference guide
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/functions/serverless-functions-setup.adoc b/serverless/functions/serverless-functions-setup.adoc
index 9ba2cfd7491c..088ed9e7f5fa 100644
--- a/serverless/functions/serverless-functions-setup.adoc
+++ b/serverless/functions/serverless-functions-setup.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-functions-setup"]
 = Setting up {FunctionsProductName}
diff --git a/serverless/functions/serverless-functions-yaml.adoc b/serverless/functions/serverless-functions-yaml.adoc
index 60ed9f1a654f..d69fd0ebf83b 100644
--- a/serverless/functions/serverless-functions-yaml.adoc
+++ b/serverless/functions/serverless-functions-yaml.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-functions-project-configuration"]
 = Function project configuration in func.yaml
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/install/configuring-serverless-functions.adoc b/serverless/install/configuring-serverless-functions.adoc
index f96b38b99c29..6306b3ca36e8 100644
--- a/serverless/install/configuring-serverless-functions.adoc
+++ b/serverless/install/configuring-serverless-functions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="configuring-serverless-functions"]
 = Configuring {FunctionsProductName}
diff --git a/serverless/install/install-serverless-operator.adoc b/serverless/install/install-serverless-operator.adoc
index e7ae098018d1..4e7802f325f2 100644
--- a/serverless/install/install-serverless-operator.adoc
+++ b/serverless/install/install-serverless-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="install-serverless-operator"]
 = Installing the {ServerlessOperatorName}
diff --git a/serverless/install/installing-knative-eventing.adoc b/serverless/install/installing-knative-eventing.adoc
index 54fafbfc17c3..5dc011669110 100644
--- a/serverless/install/installing-knative-eventing.adoc
+++ b/serverless/install/installing-knative-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-knative-eventing"]
 = Installing Knative Eventing
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/install/installing-knative-serving.adoc b/serverless/install/installing-knative-serving.adoc
index 49a4c1a5bb08..2e7db9260a12 100644
--- a/serverless/install/installing-knative-serving.adoc
+++ b/serverless/install/installing-knative-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-knative-serving"]
 = Installing Knative Serving
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/install/preparing-serverless-install.adoc b/serverless/install/preparing-serverless-install.adoc
index 66710bf4d2b8..d11df4e1ffc9 100644
--- a/serverless/install/preparing-serverless-install.adoc
+++ b/serverless/install/preparing-serverless-install.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="preparing-serverless-install"]
 = Preparing to install {ServerlessProductName}
diff --git a/serverless/install/serverless-kafka-admin.adoc b/serverless/install/serverless-kafka-admin.adoc
index af813587941b..936e1e2d140e 100644
--- a/serverless/install/serverless-kafka-admin.adoc
+++ b/serverless/install/serverless-kafka-admin.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-kafka-admin"]
 = Configuring Knative broker for Apache Kafka
diff --git a/serverless/install/serverless-upgrades.adoc b/serverless/install/serverless-upgrades.adoc
index 5a18179ee519..95c169494d68 100644
--- a/serverless/install/serverless-upgrades.adoc
+++ b/serverless/install/serverless-upgrades.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-upgrades"]
 = Serverless upgrades
diff --git a/serverless/integrations/gpu-resources.adoc b/serverless/integrations/gpu-resources.adoc
index c5c2d9a3970d..fdf793ec5b4d 100644
--- a/serverless/integrations/gpu-resources.adoc
+++ b/serverless/integrations/gpu-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="gpu-resources"]
 = Using NVIDIA GPU resources with serverless applications
diff --git a/serverless/integrations/serverless-cost-management-integration.adoc b/serverless/integrations/serverless-cost-management-integration.adoc
index 2de3d6204ce9..7bb4f816c112 100644
--- a/serverless/integrations/serverless-cost-management-integration.adoc
+++ b/serverless/integrations/serverless-cost-management-integration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-cost-management-integration"]
 = Integrating {ServerlessProductShortName} with the cost management service
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/integrations/serverless-ossm-setup.adoc b/serverless/integrations/serverless-ossm-setup.adoc
index 60c8531e2d57..8a391bd2a201 100644
--- a/serverless/integrations/serverless-ossm-setup.adoc
+++ b/serverless/integrations/serverless-ossm-setup.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-ossm-setup"]
 = Integrating {SMProductShortName} with {ServerlessProductName}
diff --git a/serverless/knative-serving/autoscaling/serverless-autoscaling-developer-scale-bounds.adoc b/serverless/knative-serving/autoscaling/serverless-autoscaling-developer-scale-bounds.adoc
index da7d15668ddd..4a521f2c51a9 100644
--- a/serverless/knative-serving/autoscaling/serverless-autoscaling-developer-scale-bounds.adoc
+++ b/serverless/knative-serving/autoscaling/serverless-autoscaling-developer-scale-bounds.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-autoscaling-developer-scale-bounds"]
 = Scale bounds
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc b/serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
index 4fb5626c7786..8e3d4b1e86a6 100644
--- a/serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
+++ b/serverless/knative-serving/autoscaling/serverless-autoscaling-developer.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-autoscaling-developer"]
 = Autoscaling
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/autoscaling/serverless-autoscaling-scale-to-zero.adoc b/serverless/knative-serving/autoscaling/serverless-autoscaling-scale-to-zero.adoc
index 4724a2f9aa24..ba1467ac0622 100644
--- a/serverless/knative-serving/autoscaling/serverless-autoscaling-scale-to-zero.adoc
+++ b/serverless/knative-serving/autoscaling/serverless-autoscaling-scale-to-zero.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-autoscaling-scale-to-zero"]
 = Scale-to-zero
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Knative Serving provides automatic scaling, or _autoscaling_, for applications to match incoming demand. 
+Knative Serving provides automatic scaling, or _autoscaling_, for applications to match incoming demand.
 
 include::modules/serverless-enable-scale-to-zero.adoc[leveloffset=+1]
 
diff --git a/serverless/knative-serving/autoscaling/serverless-concurrency.adoc b/serverless/knative-serving/autoscaling/serverless-concurrency.adoc
index 5464b99de63c..6f0e6c25f641 100644
--- a/serverless/knative-serving/autoscaling/serverless-concurrency.adoc
+++ b/serverless/knative-serving/autoscaling/serverless-concurrency.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-concurrency"]
 = Concurrency
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/config-access/serverless-ossm-v1x-jwt.adoc b/serverless/knative-serving/config-access/serverless-ossm-v1x-jwt.adoc
index 462a372b0494..2ba2f13ca30e 100644
--- a/serverless/knative-serving/config-access/serverless-ossm-v1x-jwt.adoc
+++ b/serverless/knative-serving/config-access/serverless-ossm-v1x-jwt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-ossm-v1x-jwt"]
 = Using JSON Web Token authentication with {SMProductShortName} 1.x
diff --git a/serverless/knative-serving/config-access/serverless-ossm-v2x-jwt.adoc b/serverless/knative-serving/config-access/serverless-ossm-v2x-jwt.adoc
index 8b67f4767c69..66f1abe0ed7b 100644
--- a/serverless/knative-serving/config-access/serverless-ossm-v2x-jwt.adoc
+++ b/serverless/knative-serving/config-access/serverless-ossm-v2x-jwt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-ossm-v2x-jwt"]
 = Using JSON Web Token authentication with {SMProductShortName} 2.x
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/config-access/serverless-ossm-with-kourier-jwt.adoc b/serverless/knative-serving/config-access/serverless-ossm-with-kourier-jwt.adoc
index 547d76fcc022..7ddcb27d1ab6 100644
--- a/serverless/knative-serving/config-access/serverless-ossm-with-kourier-jwt.adoc
+++ b/serverless/knative-serving/config-access/serverless-ossm-with-kourier-jwt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-ossm-with-kourier-jwt"]
 = Configuring JSON Web Token authentication for Knative services
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/config-applications/empty-dir.adoc b/serverless/knative-serving/config-applications/empty-dir.adoc
index 5fade19bcb9c..48bb3dafcc75 100644
--- a/serverless/knative-serving/config-applications/empty-dir.adoc
+++ b/serverless/knative-serving/config-applications/empty-dir.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="empty-dir"]
 = EmptyDir volumes
diff --git a/serverless/knative-serving/config-applications/init-containers.adoc b/serverless/knative-serving/config-applications/init-containers.adoc
index 72feb20aeb71..c8bb566438a9 100644
--- a/serverless/knative-serving/config-applications/init-containers.adoc
+++ b/serverless/knative-serving/config-applications/init-containers.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="init-containers"]
 = Init containers
diff --git a/serverless/knative-serving/config-applications/multi-container-support-for-serving.adoc b/serverless/knative-serving/config-applications/multi-container-support-for-serving.adoc
index 8e092f106d07..5a4454a363bb 100644
--- a/serverless/knative-serving/config-applications/multi-container-support-for-serving.adoc
+++ b/serverless/knative-serving/config-applications/multi-container-support-for-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="multi-container-support-for-serving"]
 = Multi-container support for Serving
diff --git a/serverless/knative-serving/config-applications/overriding-config-serving.adoc b/serverless/knative-serving/config-applications/overriding-config-serving.adoc
index 0ee1c2371c23..bf10b8ac994a 100644
--- a/serverless/knative-serving/config-applications/overriding-config-serving.adoc
+++ b/serverless/knative-serving/config-applications/overriding-config-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overriding-config-serving"]
 = Overriding Knative Serving system deployment configurations
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/config-applications/pvcs-for-serving.adoc b/serverless/knative-serving/config-applications/pvcs-for-serving.adoc
index 6063a02fb82e..b077a1267c2d 100644
--- a/serverless/knative-serving/config-applications/pvcs-for-serving.adoc
+++ b/serverless/knative-serving/config-applications/pvcs-for-serving.adoc
@@ -1,10 +1,10 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="pvcs-for-serving"]
 = Persistent Volume Claims for Serving
 :context: pvcs-for-serving
 
-Some serverless applications need permanent data storage. 
+Some serverless applications need permanent data storage.
 To achieve this, you can configure persistent volume claims (PVCs) for your Knative services.
 
 // Enabling PVC for Serving
diff --git a/serverless/knative-serving/config-applications/resolving-image-tags-to-digests.adoc b/serverless/knative-serving/config-applications/resolving-image-tags-to-digests.adoc
index 092a73e58208..d4671a05d85a 100644
--- a/serverless/knative-serving/config-applications/resolving-image-tags-to-digests.adoc
+++ b/serverless/knative-serving/config-applications/resolving-image-tags-to-digests.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="resolving-image-tags-to-digests"]
 = Resolving image tags to digests
diff --git a/serverless/knative-serving/config-applications/restrictive-network-policies.adoc b/serverless/knative-serving/config-applications/restrictive-network-policies.adoc
index d2852e21b88b..a9708c1f2e46 100644
--- a/serverless/knative-serving/config-applications/restrictive-network-policies.adoc
+++ b/serverless/knative-serving/config-applications/restrictive-network-policies.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="restrictive-network-policies"]
 = Restrictive network policies
diff --git a/serverless/knative-serving/config-applications/serverless-config-tls.adoc b/serverless/knative-serving/config-applications/serverless-config-tls.adoc
index 4e9dddfc22e5..3f8873ad322b 100644
--- a/serverless/knative-serving/config-applications/serverless-config-tls.adoc
+++ b/serverless/knative-serving/config-applications/serverless-config-tls.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-config-tls"]
 = Configuring TLS authentication
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/config-custom-domains/create-domain-mapping-kn.adoc b/serverless/knative-serving/config-custom-domains/create-domain-mapping-kn.adoc
index fcf121cc309e..083d372f9245 100644
--- a/serverless/knative-serving/config-custom-domains/create-domain-mapping-kn.adoc
+++ b/serverless/knative-serving/config-custom-domains/create-domain-mapping-kn.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="create-domain-mapping-kn"]
 = Custom domains for Knative services using the Knative CLI
diff --git a/serverless/knative-serving/config-custom-domains/create-domain-mapping.adoc b/serverless/knative-serving/config-custom-domains/create-domain-mapping.adoc
index c333c8f9c66d..dc8773b096d7 100644
--- a/serverless/knative-serving/config-custom-domains/create-domain-mapping.adoc
+++ b/serverless/knative-serving/config-custom-domains/create-domain-mapping.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="create-domain-mapping"]
 = Custom domain mapping
diff --git a/serverless/knative-serving/config-custom-domains/domain-mapping-custom-tls-cert.adoc b/serverless/knative-serving/config-custom-domains/domain-mapping-custom-tls-cert.adoc
index 1a1f587ca1d3..58865e29e543 100644
--- a/serverless/knative-serving/config-custom-domains/domain-mapping-custom-tls-cert.adoc
+++ b/serverless/knative-serving/config-custom-domains/domain-mapping-custom-tls-cert.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="domain-mapping-custom-tls-cert"]
 = Securing a mapped service using a TLS certificate
diff --git a/serverless/knative-serving/config-custom-domains/domain-mapping-odc-admin.adoc b/serverless/knative-serving/config-custom-domains/domain-mapping-odc-admin.adoc
index ba8414eea9bf..f8079ccc0845 100644
--- a/serverless/knative-serving/config-custom-domains/domain-mapping-odc-admin.adoc
+++ b/serverless/knative-serving/config-custom-domains/domain-mapping-odc-admin.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="domain-mapping-odc-admin"]
 = Domain mapping using the Administrator perspective
diff --git a/serverless/knative-serving/config-custom-domains/domain-mapping-odc-developer.adoc b/serverless/knative-serving/config-custom-domains/domain-mapping-odc-developer.adoc
index f9f084a3213f..dd26594ad0a5 100644
--- a/serverless/knative-serving/config-custom-domains/domain-mapping-odc-developer.adoc
+++ b/serverless/knative-serving/config-custom-domains/domain-mapping-odc-developer.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="domain-mapping-odc-developer"]
 = Domain mapping using the Developer perspective
diff --git a/serverless/knative-serving/config-custom-domains/serverless-custom-domains.adoc b/serverless/knative-serving/config-custom-domains/serverless-custom-domains.adoc
index ecaffcfefcaa..6c5f2b257338 100644
--- a/serverless/knative-serving/config-custom-domains/serverless-custom-domains.adoc
+++ b/serverless/knative-serving/config-custom-domains/serverless-custom-domains.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-custom-domains"]
 = Configuring a custom domain for a Knative service
diff --git a/serverless/knative-serving/config-ha-services/ha-replicas-serving.adoc b/serverless/knative-serving/config-ha-services/ha-replicas-serving.adoc
index 41e70d9d65ea..49eb7bd6eea5 100644
--- a/serverless/knative-serving/config-ha-services/ha-replicas-serving.adoc
+++ b/serverless/knative-serving/config-ha-services/ha-replicas-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="ha-replicas-serving"]
 = High availability for Knative services
diff --git a/serverless/knative-serving/config-ha-services/ha-services-overview.adoc b/serverless/knative-serving/config-ha-services/ha-services-overview.adoc
index b36cfaea5040..d5bb5fe72c26 100644
--- a/serverless/knative-serving/config-ha-services/ha-services-overview.adoc
+++ b/serverless/knative-serving/config-ha-services/ha-services-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="ha-services-overview"]
 = High availability for Knative services
diff --git a/serverless/knative-serving/external-ingress-routing/cluster-local-availability.adoc b/serverless/knative-serving/external-ingress-routing/cluster-local-availability.adoc
index 4037df240a9e..6736807199ba 100644
--- a/serverless/knative-serving/external-ingress-routing/cluster-local-availability.adoc
+++ b/serverless/knative-serving/external-ingress-routing/cluster-local-availability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="cluster-local-availability"]
 = Cluster local availability
diff --git a/serverless/knative-serving/external-ingress-routing/configuring-service-routes.adoc b/serverless/knative-serving/external-ingress-routing/configuring-service-routes.adoc
index 012224f4baac..a3747389d38d 100644
--- a/serverless/knative-serving/external-ingress-routing/configuring-service-routes.adoc
+++ b/serverless/knative-serving/external-ingress-routing/configuring-service-routes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="configuring-service-routes"]
 = Configuring routes for Knative services
diff --git a/serverless/knative-serving/external-ingress-routing/customize-labels-annotations-routes.adoc b/serverless/knative-serving/external-ingress-routing/customize-labels-annotations-routes.adoc
index a34ede8534bd..a51687cd797e 100644
--- a/serverless/knative-serving/external-ingress-routing/customize-labels-annotations-routes.adoc
+++ b/serverless/knative-serving/external-ingress-routing/customize-labels-annotations-routes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="customize-labels-annotations-routes"]
 = Customizing labels and annotations
diff --git a/serverless/knative-serving/external-ingress-routing/https-redirect-global.adoc b/serverless/knative-serving/external-ingress-routing/https-redirect-global.adoc
index f572cb3c22d1..4633e63933aa 100644
--- a/serverless/knative-serving/external-ingress-routing/https-redirect-global.adoc
+++ b/serverless/knative-serving/external-ingress-routing/https-redirect-global.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="https-redirect-global"]
 = Global HTTPS redirection
diff --git a/serverless/knative-serving/external-ingress-routing/https-redirect-per-service.adoc b/serverless/knative-serving/external-ingress-routing/https-redirect-per-service.adoc
index 1bcda7254951..e02d6e481587 100644
--- a/serverless/knative-serving/external-ingress-routing/https-redirect-per-service.adoc
+++ b/serverless/knative-serving/external-ingress-routing/https-redirect-per-service.adoc
@@ -1,10 +1,10 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="https-redirect-per-service"]
 = HTTPS redirection per service
 :context: https-redirect-per-service
 
-You can enable or disable HTTPS redirection for a service by configuring the `networking.knative.dev/http-option` annotation. 
+You can enable or disable HTTPS redirection for a service by configuring the `networking.knative.dev/http-option` annotation.
 
 include::modules/serverless-https-redirect-service.adoc[leveloffset=+1]
 
diff --git a/serverless/knative-serving/external-ingress-routing/kourier-gateway-service-type.adoc b/serverless/knative-serving/external-ingress-routing/kourier-gateway-service-type.adoc
index fc7ff0370021..7438c9e81c34 100644
--- a/serverless/knative-serving/external-ingress-routing/kourier-gateway-service-type.adoc
+++ b/serverless/knative-serving/external-ingress-routing/kourier-gateway-service-type.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="kourier-gateway-service-type"]
 = Kourier Gateway service type
diff --git a/serverless/knative-serving/external-ingress-routing/routing-overview.adoc b/serverless/knative-serving/external-ingress-routing/routing-overview.adoc
index 7d8083723796..53780ec394e6 100644
--- a/serverless/knative-serving/external-ingress-routing/routing-overview.adoc
+++ b/serverless/knative-serving/external-ingress-routing/routing-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="routing-overview"]
 = Routing overview
diff --git a/serverless/knative-serving/external-ingress-routing/url-scheme-external-routes.adoc b/serverless/knative-serving/external-ingress-routing/url-scheme-external-routes.adoc
index 4514b8913bf1..d6ac8148da6a 100644
--- a/serverless/knative-serving/external-ingress-routing/url-scheme-external-routes.adoc
+++ b/serverless/knative-serving/external-ingress-routing/url-scheme-external-routes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="url-scheme-external-routes"]
 = URL scheme for external routes
diff --git a/serverless/knative-serving/external-ingress-routing/using-http2-gRPC.adoc b/serverless/knative-serving/external-ingress-routing/using-http2-gRPC.adoc
index 3d0ce1701289..7d1a7b59fe1d 100644
--- a/serverless/knative-serving/external-ingress-routing/using-http2-gRPC.adoc
+++ b/serverless/knative-serving/external-ingress-routing/using-http2-gRPC.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="using-http2-gRPC_{context}"]
 = Using HTTP2 and gRPC
diff --git a/serverless/knative-serving/getting-started/serverless-applications.adoc b/serverless/knative-serving/getting-started/serverless-applications.adoc
index a229d9943d91..d5c79d55ff4e 100644
--- a/serverless/knative-serving/getting-started/serverless-applications.adoc
+++ b/serverless/knative-serving/getting-started/serverless-applications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="serverless-applications"]
 = Serverless applications
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/getting-started/verifying-application-deployment.adoc b/serverless/knative-serving/getting-started/verifying-application-deployment.adoc
index ba10fe868cf0..7cfc725642ba 100644
--- a/serverless/knative-serving/getting-started/verifying-application-deployment.adoc
+++ b/serverless/knative-serving/getting-started/verifying-application-deployment.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="verifying-application-deployment"]
 = Verifying your serverless application deployment
 include::_attributes/common-attributes.adoc[]
diff --git a/serverless/knative-serving/traffic-splitting/traffic-spec-examples.adoc b/serverless/knative-serving/traffic-splitting/traffic-spec-examples.adoc
index 6fddaadf8d7f..34673b07bc55 100644
--- a/serverless/knative-serving/traffic-splitting/traffic-spec-examples.adoc
+++ b/serverless/knative-serving/traffic-splitting/traffic-spec-examples.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="traffic-spec-examples"]
 = Traffic spec examples
diff --git a/serverless/knative-serving/traffic-splitting/traffic-splitting-blue-green.adoc b/serverless/knative-serving/traffic-splitting/traffic-splitting-blue-green.adoc
index b2d8b13a59f1..7985466f7d52 100644
--- a/serverless/knative-serving/traffic-splitting/traffic-splitting-blue-green.adoc
+++ b/serverless/knative-serving/traffic-splitting/traffic-splitting-blue-green.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="traffic-splitting-blue-green"]
 = Rerouting traffic using blue-green strategy
diff --git a/serverless/knative-serving/traffic-splitting/traffic-splitting-flags.adoc b/serverless/knative-serving/traffic-splitting/traffic-splitting-flags.adoc
index 5b5ef0bac78c..c9c3b1608739 100644
--- a/serverless/knative-serving/traffic-splitting/traffic-splitting-flags.adoc
+++ b/serverless/knative-serving/traffic-splitting/traffic-splitting-flags.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="traffic-splitting-flags"]
 = CLI flags for traffic splitting
diff --git a/serverless/knative-serving/traffic-splitting/traffic-splitting-overview.adoc b/serverless/knative-serving/traffic-splitting/traffic-splitting-overview.adoc
index 9f3fd4c2c82f..232ee1b0d379 100644
--- a/serverless/knative-serving/traffic-splitting/traffic-splitting-overview.adoc
+++ b/serverless/knative-serving/traffic-splitting/traffic-splitting-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="traffic-splitting-overview"]
 = Traffic splitting overview
diff --git a/serverless/knative-serving/traffic-splitting/traffic-splitting-revisions.adoc b/serverless/knative-serving/traffic-splitting/traffic-splitting-revisions.adoc
index ac0281fe1f4b..fac094902006 100644
--- a/serverless/knative-serving/traffic-splitting/traffic-splitting-revisions.adoc
+++ b/serverless/knative-serving/traffic-splitting/traffic-splitting-revisions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="traffic-splitting-revisions"]
 = Splitting traffic between revisions
diff --git a/serverless/knative-serving/traffic-splitting/traffic-splitting-using-cli.adoc b/serverless/knative-serving/traffic-splitting/traffic-splitting-using-cli.adoc
index fdab469dd416..fbc2c2a7a6f5 100644
--- a/serverless/knative-serving/traffic-splitting/traffic-splitting-using-cli.adoc
+++ b/serverless/knative-serving/traffic-splitting/traffic-splitting-using-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="traffic-splitting-using-cli"]
 = Traffic splitting using the Knative CLI
diff --git a/serverless/observability/admin-metrics/serverless-admin-metrics-eventing.adoc b/serverless/observability/admin-metrics/serverless-admin-metrics-eventing.adoc
index dce3cb0f2dbe..b8c41143173c 100644
--- a/serverless/observability/admin-metrics/serverless-admin-metrics-eventing.adoc
+++ b/serverless/observability/admin-metrics/serverless-admin-metrics-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-admin-metrics-eventing"]
 = Knative Eventing metrics
diff --git a/serverless/observability/admin-metrics/serverless-admin-metrics-serving.adoc b/serverless/observability/admin-metrics/serverless-admin-metrics-serving.adoc
index f0bf0b622368..a3818746aba0 100644
--- a/serverless/observability/admin-metrics/serverless-admin-metrics-serving.adoc
+++ b/serverless/observability/admin-metrics/serverless-admin-metrics-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-admin-metrics-serving"]
 = Knative Serving metrics
diff --git a/serverless/observability/admin-metrics/serverless-admin-metrics.adoc b/serverless/observability/admin-metrics/serverless-admin-metrics.adoc
index 82d32b8a43d9..fb093d70f7a4 100644
--- a/serverless/observability/admin-metrics/serverless-admin-metrics.adoc
+++ b/serverless/observability/admin-metrics/serverless-admin-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-admin-metrics"]
 = {ServerlessProductShortName} administrator metrics
diff --git a/serverless/observability/admin-metrics/serverless-controller-metrics.adoc b/serverless/observability/admin-metrics/serverless-controller-metrics.adoc
index 96c46351bd52..9b1deca9d37c 100644
--- a/serverless/observability/admin-metrics/serverless-controller-metrics.adoc
+++ b/serverless/observability/admin-metrics/serverless-controller-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-controller-metrics"]
 = {ServerlessProductShortName} controller metrics
diff --git a/serverless/observability/admin-metrics/serverless-webhook-metrics.adoc b/serverless/observability/admin-metrics/serverless-webhook-metrics.adoc
index 1707ba81af6a..e8575750e107 100644
--- a/serverless/observability/admin-metrics/serverless-webhook-metrics.adoc
+++ b/serverless/observability/admin-metrics/serverless-webhook-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-webhook-metrics"]
 = Webhook metrics
diff --git a/serverless/observability/cluster-logging/cluster-logging-serverless.adoc b/serverless/observability/cluster-logging/cluster-logging-serverless.adoc
index 3d9dc2799a81..88b91ca6292d 100644
--- a/serverless/observability/cluster-logging/cluster-logging-serverless.adoc
+++ b/serverless/observability/cluster-logging/cluster-logging-serverless.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="cluster-logging-serverless"]
 = Using OpenShift Logging with {ServerlessProductName}
diff --git a/serverless/observability/cluster-logging/finding-serving-logs-components.adoc b/serverless/observability/cluster-logging/finding-serving-logs-components.adoc
index 5cb8407e3276..f1cd305b5f11 100644
--- a/serverless/observability/cluster-logging/finding-serving-logs-components.adoc
+++ b/serverless/observability/cluster-logging/finding-serving-logs-components.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="finding-serving-logs-components"]
 = Finding logs for Knative Serving components
diff --git a/serverless/observability/cluster-logging/finding-serving-logs-services.adoc b/serverless/observability/cluster-logging/finding-serving-logs-services.adoc
index f79bff873f9b..88b54bc5ec72 100644
--- a/serverless/observability/cluster-logging/finding-serving-logs-services.adoc
+++ b/serverless/observability/cluster-logging/finding-serving-logs-services.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="finding-serving-logs-services"]
 = Finding logs for Knative Serving services
diff --git a/serverless/observability/developer-metrics/serverless-developer-metrics-dashboard.adoc b/serverless/observability/developer-metrics/serverless-developer-metrics-dashboard.adoc
index f712c4356108..4b2cd0f8ff94 100644
--- a/serverless/observability/developer-metrics/serverless-developer-metrics-dashboard.adoc
+++ b/serverless/observability/developer-metrics/serverless-developer-metrics-dashboard.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-developer-metrics-dashboard"]
 = Dashboard for service metrics
diff --git a/serverless/observability/developer-metrics/serverless-developer-metrics.adoc b/serverless/observability/developer-metrics/serverless-developer-metrics.adoc
index 88e5d96faace..379819e01035 100644
--- a/serverless/observability/developer-metrics/serverless-developer-metrics.adoc
+++ b/serverless/observability/developer-metrics/serverless-developer-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-developer-metrics"]
 = {ServerlessProductShortName} developer metrics overview
diff --git a/serverless/observability/developer-metrics/serverless-monitoring-services-configuration-scraping.adoc b/serverless/observability/developer-metrics/serverless-monitoring-services-configuration-scraping.adoc
index fc0d2a7053fe..d25d1f2c1d38 100644
--- a/serverless/observability/developer-metrics/serverless-monitoring-services-configuration-scraping.adoc
+++ b/serverless/observability/developer-metrics/serverless-monitoring-services-configuration-scraping.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-monitoring-services-configuration-scraping"]
 = Configuration for scraping custom metrics
diff --git a/serverless/observability/developer-metrics/serverless-monitoring-services-custom-metrics.adoc b/serverless/observability/developer-metrics/serverless-monitoring-services-custom-metrics.adoc
index c637269462b9..d1d5ab50a2c6 100644
--- a/serverless/observability/developer-metrics/serverless-monitoring-services-custom-metrics.adoc
+++ b/serverless/observability/developer-metrics/serverless-monitoring-services-custom-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-monitoring-services-custom-metrics"]
 = Knative service with custom application metrics
diff --git a/serverless/observability/developer-metrics/serverless-monitoring-services-default-metrics.adoc b/serverless/observability/developer-metrics/serverless-monitoring-services-default-metrics.adoc
index 5620190ede68..b826b79c81cc 100644
--- a/serverless/observability/developer-metrics/serverless-monitoring-services-default-metrics.adoc
+++ b/serverless/observability/developer-metrics/serverless-monitoring-services-default-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-monitoring-services-default-metrics"]
 = Knative service metrics exposed by default
diff --git a/serverless/observability/developer-metrics/serverless-monitoring-services-examining-metrics.adoc b/serverless/observability/developer-metrics/serverless-monitoring-services-examining-metrics.adoc
index 32d2b772525e..d22badb6bedf 100644
--- a/serverless/observability/developer-metrics/serverless-monitoring-services-examining-metrics.adoc
+++ b/serverless/observability/developer-metrics/serverless-monitoring-services-examining-metrics.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-monitoring-services-examining-metrics"]
 = Examining metrics of a service
diff --git a/serverless/observability/tracing/serverless-tracing-jaeger.adoc b/serverless/observability/tracing/serverless-tracing-jaeger.adoc
index de6575649b65..091730b4c0fe 100644
--- a/serverless/observability/tracing/serverless-tracing-jaeger.adoc
+++ b/serverless/observability/tracing/serverless-tracing-jaeger.adoc
@@ -1,11 +1,11 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-tracing-jaeger"]
 = Using Jaeger distributed tracing
 :context: serverless-tracing-jaeger
 
 
-If you do not want to install all of the components of {DTProductName}, you can still use distributed tracing on {product-title} with {ServerlessProductName}. 
+If you do not want to install all of the components of {DTProductName}, you can still use distributed tracing on {product-title} with {ServerlessProductName}.
 
 // standalone Jaeger only integration
 include::modules/serverless-jaeger-config.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/serverless/observability/tracing/serverless-tracing-open-telemetry.adoc b/serverless/observability/tracing/serverless-tracing-open-telemetry.adoc
index f3ad6da3d21f..3e9fac267c24 100644
--- a/serverless/observability/tracing/serverless-tracing-open-telemetry.adoc
+++ b/serverless/observability/tracing/serverless-tracing-open-telemetry.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-tracing-open-telemetry"]
 = Using Red Hat OpenShift distributed tracing
diff --git a/serverless/observability/tracing/serverless-tracing.adoc b/serverless/observability/tracing/serverless-tracing.adoc
index 4e1b5a528051..05a7c0ce62aa 100644
--- a/serverless/observability/tracing/serverless-tracing.adoc
+++ b/serverless/observability/tracing/serverless-tracing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-tracing"]
 = Tracing requests
diff --git a/serverless/removing/deleting-serverless-crds.adoc b/serverless/removing/deleting-serverless-crds.adoc
index e4e46ca8d632..3bc1611f6593 100644
--- a/serverless/removing/deleting-serverless-crds.adoc
+++ b/serverless/removing/deleting-serverless-crds.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="deleting-serverless-crds"]
 = Deleting {ServerlessProductName} custom resource definitions
diff --git a/serverless/removing/removing-openshift-serverless.adoc b/serverless/removing/removing-openshift-serverless.adoc
index 33461fd5be40..ca535936ee7e 100644
--- a/serverless/removing/removing-openshift-serverless.adoc
+++ b/serverless/removing/removing-openshift-serverless.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="removing-openshift-serverless"]
 = Removing {ServerlessProductName} overview
diff --git a/serverless/removing/removing-serverless-operator.adoc b/serverless/removing/removing-serverless-operator.adoc
index 9b5898e23616..44909f0c5121 100644
--- a/serverless/removing/removing-serverless-operator.adoc
+++ b/serverless/removing/removing-serverless-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="removing-serverless-operator"]
 = Removing the {ServerlessOperatorName}
diff --git a/serverless/removing/uninstalling-knative-eventing.adoc b/serverless/removing/uninstalling-knative-eventing.adoc
index cfefde64df5a..5475edc77a0c 100644
--- a/serverless/removing/uninstalling-knative-eventing.adoc
+++ b/serverless/removing/uninstalling-knative-eventing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="uninstalling-knative-eventing"]
 = Uninstalling {ServerlessProductName} Knative Eventing
diff --git a/serverless/removing/uninstalling-knative-serving.adoc b/serverless/removing/uninstalling-knative-serving.adoc
index 9f649c5996a3..c762bcd8e58d 100644
--- a/serverless/removing/uninstalling-knative-serving.adoc
+++ b/serverless/removing/uninstalling-knative-serving.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="uninstalling-knative-serving"]
 = Uninstalling {ServerlessProductName} Knative Serving
diff --git a/serverless/serverless-release-notes.adoc b/serverless/serverless-release-notes.adoc
index e59aa0d58b73..1fd6d3a3794a 100644
--- a/serverless/serverless-release-notes.adoc
+++ b/serverless/serverless-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-release-notes"]
 = Release notes
diff --git a/serverless/serverless-support.adoc b/serverless/serverless-support.adoc
index 6a94f0ea1efa..47ad5f633d5b 100644
--- a/serverless/serverless-support.adoc
+++ b/serverless/serverless-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="serverless-support"]
 = {ServerlessProductName} support
diff --git a/service_mesh/v1x/installing-ossm.adoc b/service_mesh/v1x/installing-ossm.adoc
index af351fca4f0c..9ea31c524383 100644
--- a/service_mesh/v1x/installing-ossm.adoc
+++ b/service_mesh/v1x/installing-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ossm-v1x"]
 = Installing Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/ossm-architecture.adoc b/service_mesh/v1x/ossm-architecture.adoc
index a73eaf6669cd..c4e52acb8727 100644
--- a/service_mesh/v1x/ossm-architecture.adoc
+++ b/service_mesh/v1x/ossm-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-architecture-v1x"]
 = Understanding Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/ossm-config.adoc b/service_mesh/v1x/ossm-config.adoc
index 31dd858f280b..bc83b36a2863 100644
--- a/service_mesh/v1x/ossm-config.adoc
+++ b/service_mesh/v1x/ossm-config.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-config-v1x"]
 = Configuring Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/ossm-custom-resources.adoc b/service_mesh/v1x/ossm-custom-resources.adoc
index 58a582fc7482..8807a3082092 100644
--- a/service_mesh/v1x/ossm-custom-resources.adoc
+++ b/service_mesh/v1x/ossm-custom-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-custom-resources-v1x"]
 = Custom resources
 include::_attributes/common-attributes.adoc[]
@@ -24,7 +24,7 @@ include::modules/ossm-cr-istio-global.adoc[leveloffset=+2]
 include::modules/ossm-cr-gateway.adoc[leveloffset=+2]
 
 ifdef::openshift-enterprise[]
-Cluster administrators can refer to xref:../../networking/ingress-operator.html#using-wildcard-routes_configuring-ingress[Using wildcard routes] for instructions on how to enable subdomains.
+Cluster administrators can refer to xref:../../networking/ingress-operator.adoc#using-wildcard-routes_configuring-ingress[Using wildcard routes] for instructions on how to enable subdomains.
 endif::[]
 
 include::modules/ossm-cr-mixer.adoc[leveloffset=+2]
@@ -42,7 +42,7 @@ include::modules/ossm-jaeger-config-elasticsearch-v1x.adoc[leveloffset=+2]
 include::modules/ossm-jaeger-config-es-cleaner-v1x.adoc[leveloffset=+2]
 
 ifdef::openshift-enterprise[]
-For more information about configuring Elasticsearch with {product-title}, see  xref:../../logging/config/cluster-logging-log-store.adoc[Configuring the log store].
+For more information about configuring Elasticsearch with {product-title}, see  xref:../../logging/log_storage/logging-config-es-store.adoc#logging-config-es-store[Configuring the Elasticsearch log store].
 endif::[]
 
 include::modules/ossm-cr-threescale.adoc[leveloffset=+1]
diff --git a/service_mesh/v1x/ossm-observability.adoc b/service_mesh/v1x/ossm-observability.adoc
index be93d86fdc20..dc8a122787eb 100644
--- a/service_mesh/v1x/ossm-observability.adoc
+++ b/service_mesh/v1x/ossm-observability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-observability-v1x"]
 = Data visualization and observability
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/ossm-security.adoc b/service_mesh/v1x/ossm-security.adoc
index 8b73364c682d..fdec27a62ed9 100644
--- a/service_mesh/v1x/ossm-security.adoc
+++ b/service_mesh/v1x/ossm-security.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-security-v1x"]
 = Customizing security in a Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/ossm-traffic-manage.adoc b/service_mesh/v1x/ossm-traffic-manage.adoc
index 183bb6f7d83f..12263bfd9526 100644
--- a/service_mesh/v1x/ossm-traffic-manage.adoc
+++ b/service_mesh/v1x/ossm-traffic-manage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-routing-traffic-v1x"]
 = Traffic management
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/ossm-vs-community.adoc b/service_mesh/v1x/ossm-vs-community.adoc
index 8c571b628695..f92e3729fc36 100644
--- a/service_mesh/v1x/ossm-vs-community.adoc
+++ b/service_mesh/v1x/ossm-vs-community.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-vs-community-v1x"]
 = Service Mesh and Istio differences
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc b/service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
index 5d40a7738f6d..826243eb8ac1 100644
--- a/service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
+++ b/service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-applications-ossm-v1x"]
 = Deploying applications on Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/preparing-ossm-installation.adoc b/service_mesh/v1x/preparing-ossm-installation.adoc
index 9876a14979fe..37fdfea1ee48 100644
--- a/service_mesh/v1x/preparing-ossm-installation.adoc
+++ b/service_mesh/v1x/preparing-ossm-installation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-ossm-installation-v1x"]
 = Preparing to install Service Mesh
 include::_attributes/common-attributes.adoc[]
@@ -20,7 +20,7 @@ ifdef::openshift-enterprise[]
 ** xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Install {product-title} {product-version} on AWS]
 ** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Install {product-title} {product-version} on user-provisioned AWS]
 ** xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Install {product-title} {product-version} on bare metal]
-** xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[Install {product-title} {product-version} on vSphere]
+** xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[Install {product-title} {product-version} on vSphere]
 +
 [NOTE]
 ====
@@ -42,7 +42,7 @@ include::modules/ossm-installation-activities.adoc[leveloffset=+1]
 ifdef::openshift-enterprise[]
 [WARNING]
 ====
-See xref:../../logging/config/cluster-logging-log-store.adoc[Configuring the log store] for details on configuring the default Jaeger parameters for Elasticsearch in a production environment.
+See xref:../../logging/log_storage/logging-config-es-store.adoc#logging-config-es-store[Configuring the Elasticsearch log store] for details on configuring the default Jaeger parameters for Elasticsearch in a production environment.
 ====
 
 == Next steps
diff --git a/service_mesh/v1x/removing-ossm.adoc b/service_mesh/v1x/removing-ossm.adoc
index db5c59c0ac35..8302c6bd6ba2 100644
--- a/service_mesh/v1x/removing-ossm.adoc
+++ b/service_mesh/v1x/removing-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-ossm-v1x"]
 = Removing Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v1x/servicemesh-release-notes.adoc b/service_mesh/v1x/servicemesh-release-notes.adoc
index 7f0da85456a2..318b9a419097 100644
--- a/service_mesh/v1x/servicemesh-release-notes.adoc
+++ b/service_mesh/v1x/servicemesh-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="service-mesh-release-notes-v1x"]
 = Service Mesh Release Notes
 include::_attributes/common-attributes.adoc[]
@@ -47,8 +47,4 @@ include::modules/ossm-rn-deprecated-features-1x.adoc[leveloffset=+1]
 
 include::modules/ossm-rn-known-issues-1x.adoc[leveloffset=+1]
 
-include::modules/distr-tracing-rn-known-issues.adoc[leveloffset=+2]
-
 include::modules/ossm-rn-fixed-issues-1x.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-rn-fixed-issues.adoc[leveloffset=+2]
diff --git a/service_mesh/v1x/threescale-adapter.adoc b/service_mesh/v1x/threescale-adapter.adoc
index 1b6fe53ca7fd..f5c7cd68b391 100644
--- a/service_mesh/v1x/threescale-adapter.adoc
+++ b/service_mesh/v1x/threescale-adapter.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="threescale-adapter-v1x"]
 = Using the 3scale Istio adapter
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/installing-ossm.adoc b/service_mesh/v2x/installing-ossm.adoc
index 112bda37ff0c..64f6b55e7ae5 100644
--- a/service_mesh/v2x/installing-ossm.adoc
+++ b/service_mesh/v2x/installing-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-ossm"]
 = Installing the Operators
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,12 @@ This basic installation is configured based on the default OpenShift settings an
 
 .Prerequisites
 * Read the xref:../../service_mesh/v2x/preparing-ossm-installation.adoc#preparing-ossm-installation[Preparing to install {SMProductName}] process.
+ifdef::openshift-rosa[]
+* An account with the `cluster-admin` role.
+endif::openshift-rosa[]
+ifndef::openshift-rosa[]
 * An account with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
+endif::openshift-rosa[]
 
 The following steps show how to install a basic instance of {SMProductName} on {product-title}.
 
@@ -28,10 +33,14 @@ Do not install Community versions of the Operators. Community Operators are not
 
 include::modules/ossm-install-ossm-operator.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa[]
+
 include::modules/ossm-config-operator-infrastructure-node.adoc[leveloffset=+1]
 
 include::modules/ossm-confirm-operator-infrastructure-node.adoc[leveloffset=+1]
 
+endif::openshift-rosa[]
+
 == Next steps
 
 * The {SMProductName} Operator does not create the {SMProductShortName} custom resource definitions (CRDs) until you deploy a {SMProductShortName} control plane. You can use the `ServiceMeshControlPlane` resource to install and configure the {SMProductShortName} components. For more information, see xref:../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-create-smcp[Creating the ServiceMeshControlPlane].
diff --git a/service_mesh/v2x/ossm-about.adoc b/service_mesh/v2x/ossm-about.adoc
index 786aa323a0d5..c1b12b655e82 100644
--- a/service_mesh/v2x/ossm-about.adoc
+++ b/service_mesh/v2x/ossm-about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-about"]
 = About OpenShift Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-architecture.adoc b/service_mesh/v2x/ossm-architecture.adoc
index 54e177cbbf67..e2b13b9c8132 100644
--- a/service_mesh/v2x/ossm-architecture.adoc
+++ b/service_mesh/v2x/ossm-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-architecture"]
 = Understanding Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-create-mesh.adoc b/service_mesh/v2x/ossm-create-mesh.adoc
index eadfba777091..165912e6646f 100644
--- a/service_mesh/v2x/ossm-create-mesh.adoc
+++ b/service_mesh/v2x/ossm-create-mesh.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-create-mesh"]
 = Adding services to a service mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-create-smcp.adoc b/service_mesh/v2x/ossm-create-smcp.adoc
index 5aca0610a7cf..a51adf3c0438 100644
--- a/service_mesh/v2x/ossm-create-smcp.adoc
+++ b/service_mesh/v2x/ossm-create-smcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-create-smcp"]
 = Creating the ServiceMeshControlPlane
 include::_attributes/common-attributes.adoc[]
@@ -14,6 +14,8 @@ include::modules/ossm-control-plane-cli.adoc[leveloffset=+2]
 
 include::modules/ossm-validate-smcp-cli.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa[]
+
 include::modules/ossm-about-control-plane-components-and-infrastructure-nodes.adoc[leveloffset=+1]
 
 include::modules/ossm-config-control-plane-infrastructure-node-console.adoc[leveloffset=+2]
@@ -26,6 +28,8 @@ include::modules/ossm-config-individual-control-plane-infrastructure-node-cli.ad
 
 include::modules/ossm-confirm-smcp-infrastructure-node.adoc[leveloffset=+2]
 
+endif::openshift-rosa[]
+
 include::modules/ossm-about-control-plane-and-cluster-wide-deployment.adoc[leveloffset=+1]
 
 include::modules/ossm-deploy-cluster-wide-control-plane-console.adoc[leveloffset=+2]
diff --git a/service_mesh/v2x/ossm-deploy-production.adoc b/service_mesh/v2x/ossm-deploy-production.adoc
index c139ba5a4e31..9a0439a568e6 100644
--- a/service_mesh/v2x/ossm-deploy-production.adoc
+++ b/service_mesh/v2x/ossm-deploy-production.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-production"]
 = Configuring Service Mesh for production
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-deployment-models.adoc b/service_mesh/v2x/ossm-deployment-models.adoc
index 722cf69d4c1a..1fadc03d534c 100644
--- a/service_mesh/v2x/ossm-deployment-models.adoc
+++ b/service_mesh/v2x/ossm-deployment-models.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-deployment-models"]
 = Service mesh deployment models
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-distr-tracing.adoc b/service_mesh/v2x/ossm-distr-tracing.adoc
index 67c15b19fd93..64d2d0dedff0 100644
--- a/service_mesh/v2x/ossm-distr-tracing.adoc
+++ b/service_mesh/v2x/ossm-distr-tracing.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-dist-trac"]
 = Distributed tracing
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-extensions.adoc b/service_mesh/v2x/ossm-extensions.adoc
index bfefb969800e..f2facd5a2201 100644
--- a/service_mesh/v2x/ossm-extensions.adoc
+++ b/service_mesh/v2x/ossm-extensions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-extensions"]
 = Extensions
 include::_attributes/common-attributes.adoc[]
@@ -11,7 +11,7 @@ You can use WebAssembly extensions to add new features directly into the {SMProd
 ifndef::openshift-rosa[]
 [NOTE]
 ====
-WebAssembly extensions are not supported on {ibmzProductName} and {ibmpowerProductName}.
+WebAssembly extensions are not supported on {ibm-z-name} and {ibm-power-name}.
 ====
 
 endif::openshift-rosa[]
diff --git a/service_mesh/v2x/ossm-federation.adoc b/service_mesh/v2x/ossm-federation.adoc
index a78e146af3a6..0284399a6676 100644
--- a/service_mesh/v2x/ossm-federation.adoc
+++ b/service_mesh/v2x/ossm-federation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-federation"]
 = Connecting service meshes
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-observability.adoc b/service_mesh/v2x/ossm-observability.adoc
index 785e4dcd9f1f..e55dab0cbdac 100644
--- a/service_mesh/v2x/ossm-observability.adoc
+++ b/service_mesh/v2x/ossm-observability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-observability"]
 = Metrics, logs, and traces
 include::_attributes/common-attributes.adoc[]
@@ -27,9 +27,19 @@ include::modules/ossm-config-sampling.adoc[leveloffset=+2]
 include::modules/ossm-jaeger-accessing-console.adoc[leveloffset=+1]
 
 ifdef::openshift-enterprise[]
-For more information about configuring Jaeger, see the xref:../../distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc#distr-tracing-deploy-default_deploying-distributed-tracing-platform[distributed tracing documentation].
+For more information about configuring Jaeger, see the xref:../../distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc#distr-tracing-deploy-default_deploying-distributed-tracing-platform[distributed tracing documentation].
 endif::[]
 
 include::modules/ossm-access-grafana.adoc[leveloffset=+1]
 
 include::modules/ossm-access-prometheus.adoc[leveloffset=+1]
+
+include::modules/ossm-integrating-with-user-workload-monitoring.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_user-workload-monitoring"]
+== Additional resources
+
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref:../../monitoring/enabling-monitoring-for-user-defined-projects.adoc[Enabling monitoring for user-defined projects]
+endif::[]
\ No newline at end of file
diff --git a/service_mesh/v2x/ossm-performance-scalability.adoc b/service_mesh/v2x/ossm-performance-scalability.adoc
index 7e6a9db5bcb9..f95989f27189 100644
--- a/service_mesh/v2x/ossm-performance-scalability.adoc
+++ b/service_mesh/v2x/ossm-performance-scalability.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-performance-scalability"]
 = Performance and scalability
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-profiles-users.adoc b/service_mesh/v2x/ossm-profiles-users.adoc
index b8d03a22d69b..2b8a33b44418 100644
--- a/service_mesh/v2x/ossm-profiles-users.adoc
+++ b/service_mesh/v2x/ossm-profiles-users.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-profiles-users"]
 = Managing users and profiles
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-reference-jaeger.adoc b/service_mesh/v2x/ossm-reference-jaeger.adoc
index d49aefa046d7..2eb2a777bd43 100644
--- a/service_mesh/v2x/ossm-reference-jaeger.adoc
+++ b/service_mesh/v2x/ossm-reference-jaeger.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="jaeger-config-ref"]
 = Jaeger configuration reference
 include::_attributes/common-attributes.adoc[]
@@ -8,6 +8,11 @@ toc::[]
 
 When the {SMProductShortName} Operator deploys the `ServiceMeshControlPlane` resource, it can also create the resources for distributed tracing. {SMProductShortName} uses Jaeger for distributed tracing.
 
+[IMPORTANT]
+====
+Jaeger does not use FIPS validated cryptographic modules.
+====
+
 include::modules/ossm-enabling-jaeger.adoc[leveloffset=+1]
 
 include::modules/ossm-config-smcp-jaeger.adoc[leveloffset=+1]
@@ -37,9 +42,9 @@ include::modules/distr-tracing-config-sampling.adoc[leveloffset=+2]
 include::modules/distr-tracing-config-storage.adoc[leveloffset=+2]
 
 ifdef::openshift-enterprise,openshift-dedicated[]
-For more information about configuring Elasticsearch with {product-title}, see xref:../../logging/config/cluster-logging-log-store.adoc[Configuring the log store] or xref:../../distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc[Configuring and deploying distributed tracing].
+For more information about configuring Elasticsearch with {product-title}, see xref:../../logging/log_storage/logging-config-es-store.adoc#logging-config-es-store[Configuring the Elasticsearch log store] or xref:../../distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc[Configuring and deploying distributed tracing].
 
-//TO DO For information about connecting to an external Elasticsearch instance, see xref:../../distr_tracing/distr_tracing_install/distr-tracing-deploying-jaeger.adoc#jaeger-config-external-es_jaeger-deploying[Connecting to an existing Elasticsearch instance].
+//TO DO For information about connecting to an external Elasticsearch instance, see xref:../../distr_tracing/distr_tracing_jaeger/distr-tracing-jaeger-configuring.adoc#jaeger-config-external-es_jaeger-deploying[Connecting to an existing Elasticsearch instance].
 endif::[]
 
 include::modules/distr-tracing-config-query.adoc[leveloffset=+2]
diff --git a/service_mesh/v2x/ossm-reference-kiali.adoc b/service_mesh/v2x/ossm-reference-kiali.adoc
index 26ff7bc5353c..62655cab6d23 100644
--- a/service_mesh/v2x/ossm-reference-kiali.adoc
+++ b/service_mesh/v2x/ossm-reference-kiali.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kiali-config-ref"]
 = Kiali configuration reference
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-reference-smcp.adoc b/service_mesh/v2x/ossm-reference-smcp.adoc
index 67ce0d364f25..c08070c627ea 100644
--- a/service_mesh/v2x/ossm-reference-smcp.adoc
+++ b/service_mesh/v2x/ossm-reference-smcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-reference"]
 = Service Mesh control plane configuration reference
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-security.adoc b/service_mesh/v2x/ossm-security.adoc
index 07c005c6af34..2afefc60ab1f 100644
--- a/service_mesh/v2x/ossm-security.adoc
+++ b/service_mesh/v2x/ossm-security.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-security"]
 = Security
 include::_attributes/common-attributes.adoc[]
@@ -30,6 +30,8 @@ include::modules/ossm-security-auth-policy.adoc[leveloffset=+1]
 
 include::modules/ossm-security-cipher.adoc[leveloffset=+1]
 
+include::modules/ossm-configuring-jwks-resolver-ca.adoc[leveloffset=+1]
+
 include::modules/ossm-security-cert-manage.adoc[leveloffset=+1]
 
 include::modules/ossm-cert-manage-add-cert-key.adoc[leveloffset=+1]
@@ -44,7 +46,7 @@ include::modules/ossm-cert-manager-installation.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 [id="additional-resources_cert-manager-operator-red-hat-openshift"]
-== Additional resources 
+== Additional resources
 
 For information about how to install the cert-manager Operator for {product-title}, see:
 ifndef::openshift-rosa,openshift-dedicated[]
diff --git a/service_mesh/v2x/ossm-support.adoc b/service_mesh/v2x/ossm-support.adoc
index 608e6982cec2..0d19c2782513 100644
--- a/service_mesh/v2x/ossm-support.adoc
+++ b/service_mesh/v2x/ossm-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-support"]
 = Getting support
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-threescale-webassembly-module.adoc b/service_mesh/v2x/ossm-threescale-webassembly-module.adoc
index 01c595731685..f9fb7d76893f 100644
--- a/service_mesh/v2x/ossm-threescale-webassembly-module.adoc
+++ b/service_mesh/v2x/ossm-threescale-webassembly-module.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-threescale-webassembly-module"]
 = Using the 3scale WebAssembly module
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-traffic-manage.adoc b/service_mesh/v2x/ossm-traffic-manage.adoc
index 5bb63e57c47a..2a0c535c8c25 100644
--- a/service_mesh/v2x/ossm-traffic-manage.adoc
+++ b/service_mesh/v2x/ossm-traffic-manage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-routing-traffic"]
 = Managing traffic in your service mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-troubleshooting-istio.adoc b/service_mesh/v2x/ossm-troubleshooting-istio.adoc
index 2230bec690b9..cdc1e5ebc5a2 100644
--- a/service_mesh/v2x/ossm-troubleshooting-istio.adoc
+++ b/service_mesh/v2x/ossm-troubleshooting-istio.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-troubleshooting"]
 = Troubleshooting your service mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/ossm-vs-community.adoc b/service_mesh/v2x/ossm-vs-community.adoc
index 1303968505da..5957ed78ef19 100644
--- a/service_mesh/v2x/ossm-vs-community.adoc
+++ b/service_mesh/v2x/ossm-vs-community.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ossm-vs-community"]
 = Service Mesh and Istio differences
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc b/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
index 4bd711a9314d..7b3a60122f8e 100644
--- a/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
+++ b/service_mesh/v2x/prepare-to-deploy-applications-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploying-applications-ossm"]
 = Enabling sidecar injection
 include::_attributes/common-attributes.adoc[]
@@ -11,9 +11,16 @@ After adding the namespaces that contain your services to your mesh, the next st
 If you have installed the Bookinfo sample application, the application was deployed and the sidecars were injected as part of the installation procedure. If you are using your own project and service, deploy your applications on {product-title}.
 
 ifdef::openshift-enterprise[]
-For more information, see the {product-title} documentation, xref:../../applications/deployments/what-deployments-are.html[Understanding Deployment and DeploymentConfig objects].
+For more information, see the {product-title} documentation, xref:../../applications/deployments/what-deployments-are.adoc[Understanding deployments].
 endif::[]
 
+[NOTE]
+====
+Traffic started by Init Containers, specialized containers that run before the application containers in a pod, cannot travel outside of the service mesh by default. Any action Init Containers perform that requires establishing a network traffic connection outside of the mesh fails.
+
+For more information about connecting Init Containers to a service, see the Red Hat Knowledgebase solution link:https://access.redhat.com/solutions/6653601[initContainer in CrashLoopBackOff on pod with Service Mesh sidecar injected]
+====
+
 == Prerequisites
 
 * xref:../../service_mesh/v2x/ossm-create-mesh.adoc#ossm-tutorial-bookinfo-overview_ossm-create-mesh[Services deployed to the mesh], for example the Bookinfo sample application.
diff --git a/service_mesh/v2x/preparing-ossm-installation.adoc b/service_mesh/v2x/preparing-ossm-installation.adoc
index 5a1edcaaad1e..797b0ca2773e 100644
--- a/service_mesh/v2x/preparing-ossm-installation.adoc
+++ b/service_mesh/v2x/preparing-ossm-installation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-ossm-installation"]
 = Preparing to install Service Mesh
 include::_attributes/common-attributes.adoc[]
@@ -18,9 +18,9 @@ ifdef::openshift-enterprise[]
 ** xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Install {product-title} {product-version} on AWS]
 ** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Install {product-title} {product-version} on user-provisioned AWS]
 ** xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Install {product-title} {product-version} on bare metal]
-** xref:../../installing/installing_vsphere/installing-vsphere.adoc#installing-vsphere[Install {product-title} {product-version} on vSphere]
-** xref:../../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Install {product-title} {product-version} on {ibmzProductName} and {linuxoneProductName}]
-** xref:../../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install {product-title} {product-version} on {ibmpowerProductName}]
+** xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installing-vsphere[Install {product-title} {product-version} on vSphere]
+** xref:../../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Install {product-title} {product-version} on {ibm-z-name} and {ibm-linuxone-name}]
+** xref:../../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install {product-title} {product-version} on {ibm-power-name}]
 endif::[]
 
 * Install the version of the {product-title} command line utility (the `oc` client tool) that matches your {product-title} version and add it to your path.
diff --git a/service_mesh/v2x/removing-ossm.adoc b/service_mesh/v2x/removing-ossm.adoc
index d2046ba0d01c..dd86a7439893 100644
--- a/service_mesh/v2x/removing-ossm.adoc
+++ b/service_mesh/v2x/removing-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-ossm"]
 = Uninstalling Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/service_mesh/v2x/servicemesh-release-notes.adoc b/service_mesh/v2x/servicemesh-release-notes.adoc
index bbd1bc442286..a268e896467d 100644
--- a/service_mesh/v2x/servicemesh-release-notes.adoc
+++ b/service_mesh/v2x/servicemesh-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="service-mesh-release-notes"]
 = Service Mesh Release Notes
 include::_attributes/common-attributes.adoc[]
@@ -18,8 +18,4 @@ include::modules/ossm-rn-deprecated-features.adoc[leveloffset=+1]
 
 include::modules/ossm-rn-known-issues.adoc[leveloffset=+1]
 
-include::modules/distr-tracing-rn-known-issues.adoc[leveloffset=+2]
-
 include::modules/ossm-rn-fixed-issues.adoc[leveloffset=+1]
-
-include::modules/distr-tracing-rn-fixed-issues.adoc[leveloffset=+2]
diff --git a/service_mesh/v2x/threescale-adapter.adoc b/service_mesh/v2x/threescale-adapter.adoc
index fb80d0958621..42fe6eca1cf7 100644
--- a/service_mesh/v2x/threescale-adapter.adoc
+++ b/service_mesh/v2x/threescale-adapter.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="threescale-adapter"]
 = Using the 3scale Istio adapter
 include::_attributes/common-attributes.adoc[]
@@ -11,7 +11,7 @@ It is not required for {SMProductName}.
 
 [IMPORTANT]
 ====
-You can only use the 3scale Istio adapter with {SMProductName} versions 2.0 and below. The Mixer component was deprecated in release 2.0 and removed in release 2.1. For {SMProductName} versions 2.1.0 and later you should use the xref:../../service_mesh/v2x/ossm-threescale-webassembly-module.adoc[3scale WebAssembly module].
+You can only use the 3scale Istio adapter with {SMProductName} versions 2.0 and below. The Mixer component was deprecated in release 2.0 and removed in release 2.1. For {SMProductName} versions 2.1.0 and later you should use the xref:../../service_mesh/v2x/ossm-threescale-webassembly-module.adoc#ossm-threescale-webassembly-module[3scale WebAssembly module].
 
 If you want to enable 3scale backend cache with the 3scale Istio adapter, you must also enable Mixer policy and Mixer telemetry. See xref:../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-create-smcp[Deploying the Red Hat OpenShift Service Mesh control plane].
 ====
diff --git a/service_mesh/v2x/upgrading-ossm.adoc b/service_mesh/v2x/upgrading-ossm.adoc
index 13c360d17869..4b69e7844629 100644
--- a/service_mesh/v2x/upgrading-ossm.adoc
+++ b/service_mesh/v2x/upgrading-ossm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="upgrading-ossm"]
 = Upgrading Service Mesh
 include::_attributes/common-attributes.adoc[]
diff --git a/snippets/about-crio-snippet.adoc b/snippets/about-crio-snippet.adoc
index 61c362e9d354..a9483203c99d 100644
--- a/snippets/about-crio-snippet.adoc
+++ b/snippets/about-crio-snippet.adoc
@@ -3,6 +3,6 @@
 // * modules/about-crio.adoc
 // * modules/nodes-containers-using.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 CRI-O is a Kubernetes-native container engine implementation that integrates closely with the operating system to deliver an efficient and optimized Kubernetes experience. The CRI-O container engine runs as a systemd service on each {product-title} cluster node.
diff --git a/snippets/about-node-selectors.adoc b/snippets/about-node-selectors.adoc
new file mode 100644
index 000000000000..61541fb54e85
--- /dev/null
+++ b/snippets/about-node-selectors.adoc
@@ -0,0 +1,10 @@
+// Snippets included in the following assemblies and modules:
+//
+// * nodes/scheduling/nodes-scheduler-node-selectors.adoc
+// * logging/scheduling_resources/logging-node-selection.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+A _node selector_ specifies a map of key/value pairs that are defined using custom labels on nodes and selectors specified in pods.
+
+For the pod to be eligible to run on a node, the pod must have the same key/value node selector as the label on the node.
diff --git a/snippets/about-pod-affinity.adoc b/snippets/about-pod-affinity.adoc
new file mode 100644
index 000000000000..c860d5717aec
--- /dev/null
+++ b/snippets/about-pod-affinity.adoc
@@ -0,0 +1,11 @@
+// Snippets included in the following assemblies and modules:
+//
+// * /nodes/scheduling/nodes-scheduler-pod-affinity.adoc
+// * /modules/logging-loki-reliability-hardening.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+Affinity is a property of pods that controls the nodes on which they prefer to be scheduled. Anti-affinity is a property of pods
+that prevents a pod from being scheduled on a node.
+
+In {product-title}, _pod affinity_ and _pod anti-affinity_ allow you to constrain which nodes your pod is eligible to be scheduled on based on the key-value labels on other pods.
diff --git a/snippets/access-cluster-configuration-console.adoc b/snippets/access-cluster-configuration-console.adoc
index 408d9a4d7c05..24e1944026d4 100644
--- a/snippets/access-cluster-configuration-console.adoc
+++ b/snippets/access-cluster-configuration-console.adoc
@@ -4,7 +4,7 @@
 // * modules/configure-web-terminal-image-admin.adoc
 // * modules/configure-web-terminal-timeout-admin.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 .Procedure
 
diff --git a/snippets/capabilities-table.adoc b/snippets/capabilities-table.adoc
index 949235b677ae..726e9c42b5c1 100644
--- a/snippets/capabilities-table.adoc
+++ b/snippets/capabilities-table.adoc
@@ -1,4 +1,4 @@
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 The following table describes the `baselineCapabilitySet` values.
 
@@ -8,18 +8,21 @@ The following table describes the `baselineCapabilitySet` values.
 |Value|Description
 
 |`vCurrent`
-|Specify when you want to automatically add new capabilities as they become recommended.
+|Specify this option when you want to automatically add new, default capabilities that are introduced in new releases.
 
 |`v4.11`
-|Specify when you want the capabilities recommended in {product-title} 4.11 and not automatically enable capabilities, which might be introduced in later versions. The capabilities recommended in {product-title} 4.11 are `baremetal`, `marketplace`, and `openshift-samples`.
+|Specify this option when you want to enable the default capabilities for {product-title} 4.11. By specifying `v4.11`, capabilities that are introduced in newer versions of {product-title} are not enabled. The default capabilities in {product-title} 4.11 are `baremetal`, `MachineAPI`, `marketplace`, and `openshift-samples`.
 
 |`v4.12`
-|Specify when you want the capabilities recommended in {product-title} 4.12 and not automatically enable capabilities, which might be introduced in later versions. The capabilities recommended in {product-title} 4.12 are `baremetal`, `marketplace`, `openshift-samples`, `Console`, `Insights`, `Storage` and `CSISnapshot`. 
+|Specify this option when you want to enable the default capabilities for {product-title} 4.12. By specifying `v4.12`, capabilities that are introduced in newer versions of {product-title} are not enabled. The default capabilities in {product-title} 4.12 are `baremetal`, `MachineAPI`, `marketplace`, `openshift-samples`, `Console`, `Insights`, `Storage`, and `CSISnapshot`.
 
 |`v4.13`
-|Specify when you want the capabilities recommended in {product-title} 4.13 and not automatically enable capabilities, which might be introduced in later versions. The capabilities recommended in {product-title} 4.12 are `baremetal`, `marketplace`, `openshift-samples`, `Console`, `Insights`, `Storage`, `CSISnapshot` and `NodeTuning`. 
+|Specify this option when you want to enable the default capabilities for {product-title} 4.13. By specifying `v4.13`, capabilities that are introduced in newer versions of {product-title} are not enabled. The default capabilities in {product-title} 4.13 are `baremetal`, `MachineAPI`, `marketplace`, `openshift-samples`, `Console`, `Insights`, `Storage`, `CSISnapshot`, and `NodeTuning`.
+
+|`v4.14`
+|Specify this option when you want to enable the default capabilities for {product-title} 4.14. By specifying `v4.14`, capabilities that are introduced in newer versions of {product-title} are not enabled. The default capabilities in {product-title} 4.14 are `baremetal`, `MachineAPI`, `marketplace`, `openshift-samples`, `Console`, `Insights`, `Storage`, `CSISnapshot`, `NodeTuning`, `ImageRegistry`, `Build`, and `DeploymentConfig`.
 
 |`None`
 |Specify when the other sets are too large, and you do not need any capabilities or want to fine-tune via `additionalEnabledCapabilities`.
 
-|===
\ No newline at end of file
+|===
diff --git a/snippets/cgroupv2-vs-cgroupv1.adoc b/snippets/cgroupv2-vs-cgroupv1.adoc
new file mode 100644
index 000000000000..3dd8922b1baf
--- /dev/null
+++ b/snippets/cgroupv2-vs-cgroupv1.adoc
@@ -0,0 +1,10 @@
+// Text snippet included in the following modules:
+//
+// * installing/install-config/enabling-cgroup-v1.adoc
+// * nodes/clusters/nodes-cluster-cgroups-2.adoc 
+
+:_mod-docs-content-type: SNIPPET
+
+// * Text included in modules/nodes-cluster-cgroups-2.adoc as text, not a snippet because snippets cannt be in an ifdef. Also update there if you edit this text.
+cgroup v2 is the current version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation. However, cgroup v2 has different CPU, memory, and I/O management characteristics than cgroup v1. Therefore, some workloads might experience slight differences in memory or CPU usage on clusters that run cgroup v2.
+
diff --git a/snippets/cnf-example-upgrade-policy.adoc b/snippets/cnf-example-upgrade-policy.adoc
new file mode 100644
index 000000000000..299392a0d929
--- /dev/null
+++ b/snippets/cnf-example-upgrade-policy.adoc
@@ -0,0 +1,43 @@
+:_mod-docs-content-type: SNIPPET
+.Example upgrade policy
+[source,yaml,subs="attributes+"]
+----
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: ocp-4.9.4
+  namespace: platform-upgrade
+spec:
+  disabled: false
+  policy-templates:
+  - objectDefinition:
+      apiVersion: policy.open-cluster-management.io/v1
+      kind: ConfigurationPolicy
+      metadata:
+        name: upgrade
+      spec:
+        namespaceselector:
+          exclude:
+          - kube-*
+          include:
+          - '*'
+        object-templates:
+        - complianceType: musthave
+          objectDefinition:
+            apiVersion: config.openshift.io/v1
+            kind: ClusterVersion
+            metadata:
+              name: version
+            spec:
+              channel: stable-4.9
+              desiredUpdate:
+                version: 4.9.4
+              upstream: https://api.openshift.com/api/upgrades_info/v1/graph
+            status:
+              history:
+                - state: Completed
+                  version: 4.9.4
+        remediationAction: inform
+        severity: low
+  remediationAction: inform
+----
\ No newline at end of file
diff --git a/snippets/custom-dns-server.adoc b/snippets/custom-dns-server.adoc
index 2235cc4e2da5..dbf46f6ff394 100644
--- a/snippets/custom-dns-server.adoc
+++ b/snippets/custom-dns-server.adoc
@@ -6,7 +6,7 @@
 // * modules/installation-custom-alibaba-vpc.adoc
 // * modules/installation-ibm-power-vs.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
diff --git a/snippets/default-projects.adoc b/snippets/default-projects.adoc
new file mode 100644
index 000000000000..a1f649e6414b
--- /dev/null
+++ b/snippets/default-projects.adoc
@@ -0,0 +1,25 @@
+// Text snippet included in the following assemblies:
+//
+// * applications/projects/working-with-projects.adoc
+// * applications/quotas/quotas-setting-across-multiple-projects.adoc
+// * openshift_images/image-streams-manage.adoc
+//
+// Text snippet included in the following modules:
+//
+// * modules/admission-plug-ins-about.adoc
+// * modules/creating-a-project-using-the-CLI.adoc
+// * modules/creating-a-project-using-the-web-console.adoc
+// * modules/images-managing-images-enabling-imagestreams-kube.adoc
+// * modules/odc-creating-projects-using-developer-perspective.adoc
+// * modules/rbac-default-projects.adoc
+// * modules/security-context-constraints-psa-about.adoc
+// * modules/security-context-constraints-rbac.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[IMPORTANT]
+====
+Do not run workloads in or share access to default projects. Default projects are reserved for running core cluster components.
+
+The following default projects are considered highly privileged: `default`, `kube-public`, `kube-system`, `openshift`, `openshift-infra`, `openshift-node`, and other system-created projects that have the `openshift.io/run-level` label set to `0` or `1`. Functionality that relies on admission plugins, such as pod security admission, security context constraints, cluster resource quotas, and image reference resolution, does not work in highly privileged projects.
+====
diff --git a/snippets/deployment-config-deprecated.adoc b/snippets/deployment-config-deprecated.adoc
new file mode 100644
index 000000000000..e9dabe1f6903
--- /dev/null
+++ b/snippets/deployment-config-deprecated.adoc
@@ -0,0 +1,18 @@
+// Text snippet included in the following assemblies:
+//
+// * applications/deployments/what-deployments-are.adoc
+// * applications/deployments/managing-deployment-processes.adoc
+//
+// Text snippet included in the following modules:
+//
+// * modules/deployments-deploymentconfigs.adoc
+// * modules/deployments-comparing-deploymentconfigs.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[IMPORTANT]
+====
+As of {product-title} 4.14, `DeploymentConfig` objects are deprecated. `DeploymentConfig` objects are still supported, but are not recommended for new installations. Only security-related and critical issues will be fixed.
+
+Instead, use `Deployment` objects or another alternative to provide declarative updates for pods.
+====
diff --git a/snippets/deprecated-feature.adoc b/snippets/deprecated-feature.adoc
index 5e6f5b7e3445..e30dac75e985 100644
--- a/snippets/deprecated-feature.adoc
+++ b/snippets/deprecated-feature.adoc
@@ -6,7 +6,9 @@
 [subs="attributes+"]
 {FeatureName} is a deprecated feature. Deprecated functionality is still included in {product-title} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 For the most recent list of major functionality that has been deprecated or removed within {product-title}, refer to the _Deprecated and removed features_ section of the {product-title} release notes.
+endif::openshift-rosa,openshift-dedicated[]
 ====
 // Undefine {FeatureName} attribute, so that any mistakes are easily spotted
 :!FeatureName:
diff --git a/snippets/distr-tracing-tempo-required-secret-parameters.adoc b/snippets/distr-tracing-tempo-required-secret-parameters.adoc
new file mode 100644
index 000000000000..dd3712b459a5
--- /dev/null
+++ b/snippets/distr-tracing-tempo-required-secret-parameters.adoc
@@ -0,0 +1,72 @@
+// Text snippet included in the following modules:
+//
+// * distr-tracing-tempo-install-web-console.adoc
+// * distr-tracing-tempo-install-cli.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+.Required secret parameters
+[cols="25h,~"]
+|===
+| Storage provider | Secret parameters
+
+//source: https://github.com/grafana/tempo-operator/blob/main/docs/tempostack/object_storage.md
+
+|link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/[Red Hat OpenShift Data Foundation]
+|
+`name: tempostack-dev-odf # example`
+
+`bucket: <bucket_name> # requires an ObjectBucketClaim`
+
+`+endpoint: https://s3.openshift-storage.svc+`
+
+`access_key_id: <data_foundation_access_key_id>`
+
+`access_key_secret: <data_foundation_access_key_secret>`
+
+
+|MinIO
+|
+See link:https://operator.min.io/[MinIO Operator].
+
+`name: tempostack-dev-minio # example`
+
+`bucket: <minio_bucket_name> # link:https://min.io/docs/minio/linux/reference/minio-mc/mc-mb.html#command-mc.mb[MinIO documentation]`
+
+`endpoint: <minio_bucket_endpoint>`
+
+`access_key_id: <minio_access_key_id>`
+
+`access_key_secret: <minio_access_key_secret>`
+
+|Amazon S3
+|
+`name: tempostack-dev-s3 # example`
+
+`bucket: <s3_bucket_name> # link:https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html[Amazon S3 documentation]`
+
+`endpoint: <s3_bucket_endpoint>`
+
+`access_key_id: <s3_access_key_id>`
+
+`access_key_secret: <s3_access_key_secret>`
+
+|Microsoft Azure Blob Storage
+|
+`name: tempostack-dev-azure # example`
+
+`container: <azure_blob_storage_container_name> # link:https://learn.microsoft.com/en-us/rest/api/storageservices/create-container?tabs=azure-ad[Microsoft Azure documentation]`
+
+`account_name: <azure_blob_storage_account_name>`
+
+`account_key: <azure_blob_storage_account_key>`
+
+|Google Cloud Storage on Google Cloud Platform (GCP)
+|
+`name: tempostack-dev-gcs # example`
+
+`bucketname: <google_cloud_storage_bucket_name> # requires a link:https://cloud.google.com/storage/docs/creating-buckets[bucket] created in a link:https://cloud.google.com/resource-manager/docs/creating-managing-projects[GCP project]`
+
+`key.json: <path/to/key.json> # requires a link:https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account[service account] in the bucket's GCP project for GCP authentication`
+
+|===
diff --git a/snippets/distr-tracing-tempo-secret-example.adoc b/snippets/distr-tracing-tempo-secret-example.adoc
new file mode 100644
index 000000000000..fec699554853
--- /dev/null
+++ b/snippets/distr-tracing-tempo-secret-example.adoc
@@ -0,0 +1,21 @@
+// Text snippet included in the following modules:
+//
+// * distr-tracing-tempo-install-web-console.adoc
+// * distr-tracing-tempo-install-cli.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+.Example secret for Amazon S3 and MinIO storage
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-test
+stringData:
+  endpoint: http://minio.minio.svc:9000
+  bucket: tempo
+  access_key_id: tempo
+  access_key_secret: <secret>
+type: Opaque
+----
diff --git a/snippets/es-pod-var-logging.adoc b/snippets/es-pod-var-logging.adoc
new file mode 100644
index 000000000000..14dae688e54f
--- /dev/null
+++ b/snippets/es-pod-var-logging.adoc
@@ -0,0 +1,31 @@
+// Snippet included in the following assemblies:
+//
+//
+// Snippet included in the following modules:
+//
+// * es-node-disk-low-watermark-reached.adoc
+// * es-node-disk-high-watermark-reached.adoc
+// * es-node-disk-flood-watermark-reached.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[TIP]
+====
+Some commands in this documentation reference an Elasticsearch pod by using a `$ES_POD_NAME` shell variable. If you want to copy and paste the commands directly from this documentation, you must set this variable to a value that is valid for your Elasticsearch cluster.
+
+You can list the available Elasticsearch pods by running the following command:
+
+[source,terminal]
+----
+$ oc -n openshift-logging get pods -l component=elasticsearch
+----
+
+Choose one of the pods listed and set the `$ES_POD_NAME` variable, by running the following command:
+
+[source,terminal]
+----
+$ export ES_POD_NAME=<elasticsearch_pod_name>
+----
+
+You can now use the `$ES_POD_NAME` variable in commands.
+====
diff --git a/snippets/grandmaster-clock-ptp-config.adoc b/snippets/grandmaster-clock-ptp-config.adoc
deleted file mode 100644
index b3d240a89577..000000000000
--- a/snippets/grandmaster-clock-ptp-config.adoc
+++ /dev/null
@@ -1,146 +0,0 @@
-.Recommended PTP grandmaster clock configuration
-[source,yaml]
-----
-apiVersion: ptp.openshift.io/v1
-kind: PtpConfig
-metadata:
-  name: grandmaster
-  namespace: openshift-ptp
-spec:
-  profile:
-  - name: "grandmaster"
-    ptp4lOpts: "-2 --summary_interval -4"
-    phc2sysOpts: -r -u 0 -m -O -37 -N 8 -R 16 -s ens2f1 -n 24
-    ptpSchedulingPolicy: SCHED_FIFO
-    ptpSchedulingPriority: 10
-    plugins:
-      e810:
-        enableDefaultConfig: true
-    ts2phcOpts: " "
-    ts2phcConf: |
-      [nmea]
-      ts2phc.master 1
-      [global]
-      use_syslog  0
-      verbose 1
-      logging_level 7
-      ts2phc.pulsewidth 100000000
-      #GNSS module - ls /dev/gnss* -al
-      ts2phc.nmea_serialport /dev/gnss0
-      leapfile  /usr/share/zoneinfo/leap-seconds.list
-      [ens2f1]
-      ts2phc.extts_polarity rising
-      ts2phc.extts_correction 0
-    ptp4lConf: |
-      [ens2f1]
-      masterOnly 1
-      [ens2f2]
-      masterOnly 1
-      [ens2f3]
-      masterOnly 1
-      [ens2f4]
-      masterOnly 1
-      [global]
-      #
-      # Default Data Set
-      #
-      twoStepFlag 1
-      priority1 128
-      priority2 128
-      domainNumber 24
-      #utc_offset 37
-      clockClass 6
-      clockAccuracy 0x27
-      offsetScaledLogVariance 0xFFFF
-      free_running 0
-      freq_est_interval 1
-      dscp_event 0
-      dscp_general 0
-      dataset_comparison G.8275.x
-      G.8275.defaultDS.localPriority 128
-      #
-      # Port Data Set
-      #
-      logAnnounceInterval -3
-      logSyncInterval -4
-      logMinDelayReqInterval -4
-      logMinPdelayReqInterval 0
-      announceReceiptTimeout 3
-      syncReceiptTimeout 0
-      delayAsymmetry 0
-      fault_reset_interval 4
-      neighborPropDelayThresh 20000000
-      masterOnly 0
-      G.8275.portDS.localPriority 128
-      #
-      # Run time options
-      #
-      assume_two_step 0
-      logging_level 6
-      path_trace_enabled 0
-      follow_up_info 0
-      hybrid_e2e 0
-      inhibit_multicast_service 0
-      net_sync_monitor 0
-      tc_spanning_tree 0
-      tx_timestamp_timeout 50
-      unicast_listen 0
-      unicast_master_table 0
-      unicast_req_duration 3600
-      use_syslog 1
-      verbose 0
-      summary_interval -4
-      kernel_leap 1
-      check_fup_sync 0
-      #
-      # Servo Options
-      #
-      pi_proportional_const 0.0
-      pi_integral_const 0.0
-      pi_proportional_scale 0.0
-      pi_proportional_exponent -0.3
-      pi_proportional_norm_max 0.7
-      pi_integral_scale 0.0
-      pi_integral_exponent 0.4
-      pi_integral_norm_max 0.3
-      step_threshold 0.0
-      first_step_threshold 0.00002
-      clock_servo pi
-      sanity_freq_limit  200000000
-      ntpshm_segment 0
-      #
-      # Transport options
-      #
-      transportSpecific 0x0
-      ptp_dst_mac 01:1B:19:00:00:00
-      p2p_dst_mac 01:80:C2:00:00:0E
-      udp_ttl 1
-      udp6_scope 0x0E
-      uds_address /var/run/ptp4l
-      #
-      # Default interface options
-      #
-      clock_type BC
-      network_transport L2
-      delay_mechanism E2E
-      time_stamping hardware
-      tsproc_mode filter
-      delay_filter moving_median
-      delay_filter_length 10
-      egressLatency 0
-      ingressLatency 0
-      boundary_clock_jbod 0
-      #
-      # Clock description
-      #
-      productDescription ;;
-      revisionData ;;
-      manufacturerIdentity 00:00:00
-      userDescription ;
-      timeSource 0x20
-  recommend:
-  - profile: "grandmaster"
-    priority: 4
-    match:
-    - nodeLabel: "node-role.kubernetes.io/worker"
-----
diff --git a/snippets/logging-5.7-outputs-snip.adoc b/snippets/logging-5.7-outputs-snip.adoc
deleted file mode 100644
index ab3be7c214c3..000000000000
--- a/snippets/logging-5.7-outputs-snip.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-// Text snippet included in the following assemblies:
-//
-//
-// Text snippet included in the following modules:
-//
-//
-:_content-type: SNIPPET
-.Logging 5.7 outputs
-[options="header"]
-|====================================================================================================
-| Output                | Protocol           | Tested with                      | Fluentd  | Vector
-| Cloudwatch            | REST over HTTP(S)  |                                  | &#10003; | &#10003;
-| Elasticsearch v6      |                    | v6.8.1                           | &#10003; | &#10003;
-| Elasticsearch v7      |                    | v7.12.2, 7.17.7                  | &#10003; | &#10003;
-| Elasticsearch v8      |                    | v8.4.3                           | &#10003; | &#10003;
-| Fluent Forward        | Fluentd forward v1 | Fluentd 1.14.6, Logstash 7.10.1  | &#10003; |
-| Google Cloud Logging  |                    |                                  |          | &#10003;
-| HTTP                  | HTTP 1.1           | Fluentd 1.14.6, Vector 0.21      | &#10003; | &#10003;
-| Kafka                 | Kafka 0.11         | Kafka 2.4.1, 2.7.0, 3.3.1        | &#10003; | &#10003;
-| Loki                  | REST over HTTP(S)  | Loki 2.3.0, 2.7                  | &#10003; | &#10003;
-| Splunk                | HEC                | v8.2.9, 9.0.0                    |          | &#10003;
-| Syslog                | RFC3164, RFC5424   | Rsyslog 8.37.0-9.el7             | &#10003; | &#10003;
-|====================================================================================================
diff --git a/snippets/logging-alertingrule-app-callouts-snip.adoc b/snippets/logging-alertingrule-app-callouts-snip.adoc
deleted file mode 100644
index 5c3d0113d951..000000000000
--- a/snippets/logging-alertingrule-app-callouts-snip.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-.Example application AlertingRule CR
-[source,yaml]
-----
-  apiVersion: loki.grafana.com/v1
-  kind: AlertingRule
-  metadata:
-    name: app-user-workload
-    namespace: app-ns <1>
-    labels: <2>
-      openshift.io/cluster-monitoring: "true"
-  spec:
-    tenantID: "application"
-    groups:
-      - name: AppUserWorkloadHighError
-        rules:
-          - alert:
-            expr: | <3>
-            sum(rate({kubernetes_namespace_name="app-ns", kubernetes_pod_name=~"podName.*"} |= "error" [1m])) by (job)
-            for: 10s
-            labels:
-              severity: critical <4>
-            annotations:
-              summary:  <5>
-              description:  <6>
-----
-<1> The `namespace` where this AlertingRule is created must have a label matching the LokiStack `spec.rules.namespaceSelector` definition.
-<2> The `labels` block must match the LokiStack `spec.rules.selector` definition.
-<3> Value for `kubernetes_namespace_name:` must match the value for `metadata.namespace`.
-<4> Mandatory field. Must be `critical`, `warning`, or `info`.
-<5> Mandatory field. Summary of the rule.
-<6> Mandatory field. Detailed description of the rule.
diff --git a/snippets/logging-alertingrule-inf-callouts-snip.adoc b/snippets/logging-alertingrule-inf-callouts-snip.adoc
deleted file mode 100644
index 59875b6cf669..000000000000
--- a/snippets/logging-alertingrule-inf-callouts-snip.adoc
+++ /dev/null
@@ -1,35 +0,0 @@
-.Example infrastructure AlertingRule CR
-[source,yaml]
-----
-  apiVersion: loki.grafana.com/v1
-  kind: AlertingRule
-  metadata:
-    name: loki-operator-alerts
-    namespace: openshift-operators-redhat <1>
-    labels: <2>
-      openshift.io/cluster-monitoring: "true"
-  spec:
-    tenantID: "infrastructure" <3>
-    groups:
-      - name: LokiOperatorHighReconciliationError
-        rules:
-          - alert: HighPercentageError
-            expr: | <4>
-              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"} |= "error" [1m])) by (job)
-                /
-              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"}[1m])) by (job)
-                > 0.01
-            for: 10s
-            labels:
-              severity: critical <5>
-            annotations:
-              summary: High Loki Operator Reconciliation Errors <6>
-              description: High Loki Operator Reconciliation Errors <7>
-----
-<1> The `namespace` where this AlertingRule is created must have a label matching the LokiStack `spec.rules.namespaceSelector` definition.
-<2> The `labels` block must match the LokiStack `spec.rules.selector` definition.
-<3> AlertingRules for `infrastructure` tenants are only supported in the `openshift-\*`, `kube-\*`, or `default` namespaces.
-<4> Value for `kubernetes_namespace_name:` must match the value for `metadata.namespace`.
-<5> Mandatory field. Must be `critical`, `warning`, or `info`.
-<6> Mandatory field.
-<7> Mandatory field.
diff --git a/snippets/logging-alertingruleCR-callouts-snip.adoc b/snippets/logging-alertingruleCR-callouts-snip.adoc
deleted file mode 100644
index 9ec8e35fb430..000000000000
--- a/snippets/logging-alertingruleCR-callouts-snip.adoc
+++ /dev/null
@@ -1,37 +0,0 @@
-.Example AlertingRule CR
-[source,yaml]
-----
-  apiVersion: loki.grafana.com/v1
-  kind: AlertingRule
-  metadata:
-    name: loki-operator-alerts
-    namespace: openshift-operators-redhat <1>
-    labels: <2>
-      openshift.io/cluster-monitoring: "true"
-  spec:
-    tenantID: "infrastructure" <3> <4> <5>
-    groups:
-      - name: LokiOperatorHighReconciliationError
-        rules:
-          - alert: HighPercentageError
-            expr: | <6>
-              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"} |= "error" [1m])) by (job)
-                /
-              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"}[1m])) by (job)
-                > 0.01
-            for: 10s
-            labels:
-              severity: critical <7>
-            annotations:
-              summary: High Loki Operator Reconciliation Errors <8>
-              description: High Loki Operator Reconciliation Errors <9>
-----
-<1> The `namespace` where this AlertingRule is created must have a label matching the LokiStack `spec.rules.namespaceSelector` definition.
-<2> The `labels` block must match the LokiStack `spec.rules.selector` definition.
-<3> Must be `application`, `infrastructure`, or `audit`.
-<4> AlertingRules for `infrastructure` tenants are only supported in the `openshift-\*`, `kube-\*`, or `default` namespaces.
-<5> AlertingRules for `audit` tenants are only supported in the `openshift-logging` namespace.
-<6> Value for `kubernetes_namespace_name:` must match the value for `metadata.namespace`.
-<7> Mandatory field. Must be `critical`, `warning`, or `info`.
-<8> Mandatory field.
-<9> Mandatory field.
diff --git a/snippets/logging-alertingruleCR-snip.adoc b/snippets/logging-alertingruleCR-snip.adoc
deleted file mode 100644
index 550f23eb365e..000000000000
--- a/snippets/logging-alertingruleCR-snip.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-// Text snippet included in the following assemblies:
-// Text snippet included in the following modules: 
-
-:_content-type: SNIPPET
-
-.Example AlertingRule CR
-[source,yaml]
-----
-  apiVersion: loki.grafana.com/v1
-  kind: AlertingRule
-  metadata:
-    name: loki-operator-alerts
-    namespace: openshift-operators-redhat
-    labels:
-      openshift.io/cluster-monitoring: "true"
-  spec:
-    tenantID: "infrastructure"
-    groups:
-      - name: LokiOperatorHighReconciliationError
-        rules:
-          - alert: HighPercentageError
-            expr: |
-              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"} |= "error" [1m])) by (job)
-                /
-              sum(rate({kubernetes_namespace_name="openshift-operators-redhat", kubernetes_pod_name=~"loki-operator-controller-manager.*"}[1m])) by (job)
-                > 0.01
-            for: 10s
-            labels:
-              severity: critical
-            annotations:
-              summary: High Loki Operator Reconciliation Errors
-              description: High Loki Operator Reconciliation Errors
-----
diff --git a/snippets/logging-approval-strategy-snip.adoc b/snippets/logging-approval-strategy-snip.adoc
index 9cce0cde081d..d5b9830fc561 100644
--- a/snippets/logging-approval-strategy-snip.adoc
+++ b/snippets/logging-approval-strategy-snip.adoc
@@ -2,8 +2,8 @@
 //
 //
 // Text snippet included in the following modules:
+//logging-loki-gui-install.adoc
 //
-//
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 If the approval strategy in the subscription is set to *Automatic*, the update process initiates as soon as a new Operator version is available in the selected channel. If the approval strategy is set to *Manual*, you must manually approve pending updates.
diff --git a/snippets/logging-clusteradmin-access-logs-snip.adoc b/snippets/logging-clusteradmin-access-logs-snip.adoc
new file mode 100644
index 000000000000..caaefe596aa3
--- /dev/null
+++ b/snippets/logging-clusteradmin-access-logs-snip.adoc
@@ -0,0 +1,14 @@
+// Text snippet included in the following assemblies:
+//
+//
+// Text snippet included in the following modules:
+//
+// * modules/logging-creating-new-group-cluster-admin-user-role.adoc
+// * modules/network-observability-lokistack-create.adoc
+//
+:_mod-docs-content-type: SNIPPET
+
+[IMPORTANT]
+====
+Querying application logs for multiple namespaces as a `cluster-admin` user, where the sum total of characters of all of the namespaces in the cluster is greater than 5120, results in the error `Parse error: input size too long (XXXX > 5120)`. For better control over access to logs in LokiStack, make the `cluster-admin` user a member of the `cluster-admin` group. If the `cluster-admin` group does not exist, create it and add the desired users to it.
+====
\ No newline at end of file
diff --git a/snippets/logging-compatibility-snip.adoc b/snippets/logging-compatibility-snip.adoc
index 947b32f420a4..d2d72bed1325 100644
--- a/snippets/logging-compatibility-snip.adoc
+++ b/snippets/logging-compatibility-snip.adoc
@@ -1,12 +1,16 @@
 // Text snippet included in the following assemblies:
 //
+// logging/cluster-logging-support.adoc
+// logging/logging_release_notes/logging-5-7-release-notes.adoc
+// logging/logging_release_notes/logging-5-8-release-notes.adoc
 //
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
-Logging is provided as an installable component, with a distinct release cycle from the core {product-title}. The link:https://access.redhat.com/support/policy/updates/openshift#logging[Red Hat OpenShift Container Platform Life Cycle Policy] outlines release compatibility.
+Logging is provided as an installable component, with a distinct release cycle from the core {product-title}. The link:https://access.redhat.com/support/policy/updates/openshift_operators#platform-agnostic[Red Hat OpenShift Container Platform Life Cycle Policy] outlines release compatibility.
 ====
diff --git a/snippets/logging-create-apply-cr-snip.adoc b/snippets/logging-create-apply-cr-snip.adoc
deleted file mode 100644
index 2307c2cb6ea6..000000000000
--- a/snippets/logging-create-apply-cr-snip.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Text snippet included in the following assemblies:
-//
-//
-// Text snippet included in the following modules:
-//
-//
-:_content-type: SNIPPET
-
-[source,yaml]
-----
-oc create -f <file-name>.yaml
-----
-
-[source,yaml]
-----
-oc apply -f <file-name>.yaml
-----
diff --git a/snippets/logging-create-secret-snip.adoc b/snippets/logging-create-secret-snip.adoc
index d614da14bb55..4a1fb35c29c2 100644
--- a/snippets/logging-create-secret-snip.adoc
+++ b/snippets/logging-create-secret-snip.adoc
@@ -4,7 +4,7 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 You can create a secret in the directory that contains your certificate and key files by using the following command:
 [subs="+quotes"]
diff --git a/snippets/logging-crs-by-operator-snip.adoc b/snippets/logging-crs-by-operator-snip.adoc
deleted file mode 100644
index 09787341e622..000000000000
--- a/snippets/logging-crs-by-operator-snip.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-// Text snippet included in the following assemblies:
-//
-//
-// Text snippet included in the following modules:
-//
-//
-:_content-type: SNIPPET
-
-You can configure your {logging} deployment with Custom Resource (CR) YAML files implemented by each Operator.
-
-*Red Hat Openshift Logging Operator*:
-
-* `ClusterLogging` (CL) - Deploys the collector and forwarder which currently are both implemented by a daemonset running on each node.
-
-* `ClusterLogForwarder` (CLF) - Generates collector configuration to forward logs per user configuration.
-
-*Loki Operator*:
-
-* `LokiStack` - Controls the Loki cluster as log store and the web proxy with OpenShift Container Platform authentication integration to enforce multi-tenancy.
-
-*OpenShift Elasticsearch Operator*:
-
-[NOTE]
-====
-These CRs are generated and managed by the `ClusterLogging` Operator, manual changes cannot be made without being overwritten by the Operator.
-====
-
-* `ElasticSearch` - Configure and deploy an Elasticsearch instance as the default log store.
-
-* `Kibana` - Configure and deploy Kibana instance to search, query and view logs.
diff --git a/snippets/logging-elastic-dep-snip.adoc b/snippets/logging-elastic-dep-snip.adoc
index 1dba65c9bf34..cadfc6fbb2aa 100644
--- a/snippets/logging-elastic-dep-snip.adoc
+++ b/snippets/logging-elastic-dep-snip.adoc
@@ -1,12 +1,14 @@
 // Text snippet included in the following assemblies:
 //
+// * logging/cluster-logging-deploying.adoc
 //
 // Text snippet included in the following modules:
 //
-//
-:_content-type: SNIPPET
+// * configuring-log-storage-cr.adoc
+
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
-As of logging version 5.4.3 the OpenShift Elasticsearch Operator is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to using the OpenShift Elasticsearch Operator to manage the default log storage, you can use the Loki Operator.
+The {es-op} is deprecated and is planned to be removed in a future release. Red{nbsp}Hat provides bug fixes and support for this feature during the current release lifecycle, but this feature no longer receives enhancements. As an alternative to using the {es-op} to manage the default log storage, you can use the {loki-op}.
 ====
diff --git a/snippets/logging-fluentd-dep-snip.adoc b/snippets/logging-fluentd-dep-snip.adoc
index 89440134e43f..5697c1338a91 100644
--- a/snippets/logging-fluentd-dep-snip.adoc
+++ b/snippets/logging-fluentd-dep-snip.adoc
@@ -1,12 +1,14 @@
 // Text snippet included in the following assemblies:
 //
+// * logging/cluster-logging-deploying.adoc
 //
 // Text snippet included in the following modules:
 //
-//
-:_content-type: SNIPPET
+// * configuring-logging-collector.adoc
+
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
-As of logging version 5.6 Fluentd is deprecated and is planned to be removed in a future release. Red Hat will provide bug fixes and support for this feature during the current release lifecycle, but this feature will no longer receive enhancements and will be removed. As an alternative to Fluentd, you can use Vector instead.
+Fluentd is deprecated and is planned to be removed in a future release. Red Hat provides bug fixes and support for this feature during the current release lifecycle, but this feature no longer receives enhancements. As an alternative to Fluentd, you can use Vector instead.
 ====
diff --git a/snippets/logging-get-clusterid-snip.adoc b/snippets/logging-get-clusterid-snip.adoc
index bf0f75dc62b1..ee6204095268 100644
--- a/snippets/logging-get-clusterid-snip.adoc
+++ b/snippets/logging-get-clusterid-snip.adoc
@@ -1,7 +1,7 @@
 // Text snippet included in the following modules and assemblies:
 //
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 Logs from any source contain a field `openshift.cluster_id`, the unique identifier of the cluster in which the Operator is deployed.
 
diff --git a/snippets/logging-kibana-dep-snip.adoc b/snippets/logging-kibana-dep-snip.adoc
new file mode 100644
index 000000000000..859935220381
--- /dev/null
+++ b/snippets/logging-kibana-dep-snip.adoc
@@ -0,0 +1,14 @@
+// Text snippet included in the following assemblies:
+//
+// logging/cluster-logging.adoc
+//
+// Text snippet included in the following modules:
+//
+//
+
+:_mod-docs-content-type: SNIPPET
+
+[NOTE]
+====
+The Kibana web console is now deprecated is planned to be removed in a future logging release.
+====
diff --git a/snippets/logging-log-types-snip.adoc b/snippets/logging-log-types-snip.adoc
index 9e0d969c8ea1..17b994dbbf21 100644
--- a/snippets/logging-log-types-snip.adoc
+++ b/snippets/logging-log-types-snip.adoc
@@ -4,12 +4,12 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
-The {logging-title} collects container logs and node logs. These are categorized into types:
+{logging-uc} collects container logs and node logs. These are categorized into types:
 
 * `application` - Container logs generated by non-infrastructure containers.
 
 * `infrastructure` - Container logs from namespaces `kube-\*` and `openshift-\*`, and node logs from `journald`.
 
-* `audit` - Logs from `auditd`, `kube-apiserver`, `openshift-apiserver`, and `ovn` if enabled.  
+* `audit` - Logs from `auditd`, `kube-apiserver`, `openshift-apiserver`, and `ovn` if enabled.
diff --git a/snippets/logging-loki-vs-lokistack-snip.adoc b/snippets/logging-loki-vs-lokistack-snip.adoc
index 425212b4cc99..fbca02e2cbc3 100644
--- a/snippets/logging-loki-vs-lokistack-snip.adoc
+++ b/snippets/logging-loki-vs-lokistack-snip.adoc
@@ -4,6 +4,6 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
-In logging subsystem documentation, LokiStack refers to the logging subsystem supported combination of Loki, and web proxy with OpenShift Container Platform authentication integration. LokiStack’s proxy uses OpenShift Container Platform authentication to enforce multi-tenancy. Loki refers to the log store as either the individual component or an external store.
+In logging documentation, LokiStack refers to the supported combination of Loki and web proxy with OpenShift Container Platform authentication integration. LokiStack’s proxy uses OpenShift Container Platform authentication to enforce multi-tenancy. Loki refers to the log store as either the individual component or an external store.
diff --git a/snippets/logging-outputs-5.5-snip.adoc b/snippets/logging-outputs-5.5-snip.adoc
index 9af36b0754fe..54e9e0278a67 100644
--- a/snippets/logging-outputs-5.5-snip.adoc
+++ b/snippets/logging-outputs-5.5-snip.adoc
@@ -4,7 +4,7 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 .Output Destinations
 [options="header"]
diff --git a/snippets/logging-outputs-5.6-snip.adoc b/snippets/logging-outputs-5.6-snip.adoc
index 25cd513aee6c..74aa6aa8244b 100644
--- a/snippets/logging-outputs-5.6-snip.adoc
+++ b/snippets/logging-outputs-5.6-snip.adoc
@@ -4,7 +4,7 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [options="header"]
 |====================================================================================================
diff --git a/snippets/logging-restructure-snip.adoc b/snippets/logging-restructure-snip.adoc
index 6f4f0fa70eee..1c4da7ef9b89 100644
--- a/snippets/logging-restructure-snip.adoc
+++ b/snippets/logging-restructure-snip.adoc
@@ -4,10 +4,10 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 
 [NOTE]
 ====
-For Logging 5.5 and higher, documentation is organized by version.  
+For Logging 5.5 and higher, documentation is organized by version.
 ====
diff --git a/snippets/logging-stable-updates-snip.adoc b/snippets/logging-stable-updates-snip.adoc
index 5296cf832a46..d2570a2ed29a 100644
--- a/snippets/logging-stable-updates-snip.adoc
+++ b/snippets/logging-stable-updates-snip.adoc
@@ -1,12 +1,15 @@
 // Text snippet included in the following assemblies:
 //
+// logging/logging_release_notes/logging-5-7-release-notes.adoc
+// logging/logging_release_notes/logging-5-8-release-notes.adoc
 //
 // Text snippet included in the following modules:
+// logging-loki-gui-install.adoc
+// cluster-logging-deploy-console.adoc
 //
-//
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
-The `stable` channel only provides updates to the most recent release of logging. To continue receiving updates for prior releases, you must change your subscription channel to `stable-X` where `X` is the version of logging you have installed.
+The *stable* channel only provides updates to the most recent release of logging. To continue receiving updates for prior releases, you must change your subscription channel to *stable-x.y*, where `x.y` represents the major and minor version of logging you have installed. For example, *stable-5.7*.
 ====
diff --git a/snippets/logging-subscription-object-snip.adoc b/snippets/logging-subscription-object-snip.adoc
index 3b0216c62e31..0be3307393a5 100644
--- a/snippets/logging-subscription-object-snip.adoc
+++ b/snippets/logging-subscription-object-snip.adoc
@@ -4,7 +4,7 @@
 // Text snippet included in the following modules:
 //
 //
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [source,YAML]
 ----
diff --git a/snippets/logging-supported-config-snip.adoc b/snippets/logging-supported-config-snip.adoc
index 622a3930b311..9ed256e6f7c8 100644
--- a/snippets/logging-supported-config-snip.adoc
+++ b/snippets/logging-supported-config-snip.adoc
@@ -1,14 +1,17 @@
 // Text snippet included in the following assemblies:
 //
+// logging/cluster-logging-support.adoc
 //
 // Text snippet included in the following modules:
 //
-//
-:_content-type: SNIPPET
 
-The supported way of configuring the logging subsystem for Red Hat OpenShift is by configuring it using the options described in this documentation. Do not use other configurations, as they are unsupported. Configuration paradigms might change across OpenShift Container Platform releases, and such cases can only be handled gracefully if all configuration possibilities are controlled. If you use configurations other than those described in this documentation, your changes will disappear because the Operators reconcile any differences. The Operators reverse everything to the defined state by default and by design.
+:_mod-docs-content-type: SNIPPET
+
+Only the configuration options described in this documentation are supported for {logging}.
+
+Do not use any other configuration options, as they are unsupported. Configuration paradigms might change across {product-title} releases, and such cases can only be handled gracefully if all configuration possibilities are controlled. If you use configurations other than those described in this documentation, your changes will be overwritten, because Operators are designed to reconcile any differences.
 
 [NOTE]
 ====
-If you must perform configurations not described in the OpenShift Container Platform documentation, you must set your Red Hat OpenShift Logging Operator to `Unmanaged`. An unmanaged OpenShift Logging environment is not supported and does not receive updates until you return OpenShift Logging to `Managed`.
+If you must perform configurations not described in the {product-title} documentation, you must set your Red Hat OpenShift Logging Operator to `Unmanaged`. An unmanaged {logging} instance is not supported and does not receive updates until you return its status to `Managed`.
 ====
diff --git a/snippets/logging-under-construction-snip.adoc b/snippets/logging-under-construction-snip.adoc
deleted file mode 100644
index 093765da16a5..000000000000
--- a/snippets/logging-under-construction-snip.adoc
+++ /dev/null
@@ -1,12 +0,0 @@
-// Text snippet included in the following assemblies:
-//
-//
-// Text snippet included in the following modules:
-//
-//
-:_content-type: SNIPPET
-
-[NOTE]
-====
-As of logging version 5.5, you have the option of choosing from *Fluentd* or *Vector* collector implementations, and *Elasticsearch* or *LokiStack* as log stores. Documentation for logging is in the process of being updated to reflect these underlying component changes.
-====
diff --git a/snippets/lvms-disconnected-ImageSetConfig.adoc b/snippets/lvms-disconnected-ImageSetConfig.adoc
index b2954f91e2c3..d5eaf649cfba 100644
--- a/snippets/lvms-disconnected-ImageSetConfig.adoc
+++ b/snippets/lvms-disconnected-ImageSetConfig.adoc
@@ -1,4 +1,4 @@
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 .Example ImageSetConfiguration file for {lvms}
 [source,yaml,subs="attributes+"]
 ----
diff --git a/snippets/mcs-endpoint-limitation.adoc b/snippets/mcs-endpoint-limitation.adoc
index 61afa69a56c5..ec338e791d84 100644
--- a/snippets/mcs-endpoint-limitation.adoc
+++ b/snippets/mcs-endpoint-limitation.adoc
@@ -4,7 +4,7 @@
 // * modules/machine-config-operator.adoc
 // * security/certificate_types_descriptions/machine-config-operator-certificates.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [IMPORTANT]
 ====
diff --git a/snippets/microshift-greenboot-status-snip.adoc b/snippets/microshift-greenboot-status-snip.adoc
new file mode 100644
index 000000000000..96e507b353d5
--- /dev/null
+++ b/snippets/microshift-greenboot-status-snip.adoc
@@ -0,0 +1,14 @@
+// Text snippet included in the following assemblies:
+//
+// * microshift_configuring/microshift-using-config-tools.adoc
+//
+// Text snippet included in the following modules:
+//
+// *
+
+:_mod-docs-content-type: SNIPPET
+
+[NOTE]
+====
+If you want to make configuration changes or deploy applications through the {microshift-short} API with tools other than `kustomize` manifests, you must wait until the Greenboot health checks have finished. This ensures that your changes are not lost if Greenboot rolls your `rpm-ostree` system back to an earlier state.
+====
\ No newline at end of file
diff --git a/snippets/microshift-rhde-compatibility-table-snip.adoc b/snippets/microshift-rhde-compatibility-table-snip.adoc
new file mode 100644
index 000000000000..488056718713
--- /dev/null
+++ b/snippets/microshift-rhde-compatibility-table-snip.adoc
@@ -0,0 +1,38 @@
+//Snippet included in the following assemblies:
+//
+//* microshift_updating/microshift-about-updates.adoc
+//* microshift_updating/microshift-update-options.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+.{op-system-bundle} release compatibility matrix
+
+The two products of {op-system-bundle} work together as a single solution for device-edge computing. To successfully pair your products, use the verified releases together for each as listed in the following table:
+
+[cols="4",%autowidth]
+|===
+^|*{op-system-ostree} Version(s)*
+^|*{microshift-short} Version*
+^|*{microshift-short} Release Status*
+^|*{microshift-short} Supported Updates*
+
+^|9.2, 9.3
+^|4.15
+^|Generally Available
+^|4.15.0&#8594;4.15.z and 4.15&#8594;future minor version
+
+^|9.2, 9.3
+^|4.14
+^|Generally Available
+^|4.14.0&#8594;4.14.z and 4.14&#8594;4.15
+
+^|9.2
+^|4.13
+^|Technology Preview
+^|None
+
+^|8.7
+^|4.12
+^|Developer Preview
+^|None
+|===
\ No newline at end of file
diff --git a/snippets/microshift-update-paths-snip.adoc b/snippets/microshift-update-paths-snip.adoc
new file mode 100644
index 000000000000..56959acffe77
--- /dev/null
+++ b/snippets/microshift-update-paths-snip.adoc
@@ -0,0 +1,19 @@
+//Snippet included in the following assemblies:
+//
+//* microshift_updating/microshift-about-updates.adoc
+//* microshift_updating/microshift-update-options.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[id="microshift-about-updates-checking-version-update-path_{context}"]
+= Checking version update path
+
+Before attempting an update of either {op-system-bundle} component, determine which versions of {microshift-short} and {op-system-ostree} or {op-system} are installed. Plan for the versions of each that you intend to use.
+
+*{product-title} update paths*
+
+* Generally Available Version 4.14 to 4.14.z or 4.15 on {op-system-ostree} 9.2 or 9.3
+* Generally Available Version 4.14 to 4.14.z or 4.15 on {op-system} 9.2 or 9.3
+
+* Generally Available Version 4.15 to 4.15.z on {op-system-ostree} 9.2 or 9.3
+* Generally Available Version 4.15 to 4.15.z on {op-system} 9.2 or 9.3
\ No newline at end of file
diff --git a/snippets/microshift-upload-cont2-mirror-script.adoc b/snippets/microshift-upload-cont2-mirror-script.adoc
new file mode 100644
index 000000000000..6784dd4d917e
--- /dev/null
+++ b/snippets/microshift-upload-cont2-mirror-script.adoc
@@ -0,0 +1,27 @@
+[source,terminal]
+----
+image_tag=mirror-$(date +%y%m%d%H%M%S)
+image_cnt=1
+   # Uses timestamp and counter as a tag on the target images to avoid
+   # their overwrite by the 'latest' automatic tagging
+
+pushd "${IMAGE_LOCAL_DIR}" >/dev/null
+while read -r src_manifest ; do
+   # Remove the manifest.json file name
+   src_img=$(dirname "${src_manifest}")
+   # Add the target registry prefix and remove SHA
+   dst_img="${TARGET_REGISTRY}/${src_img}"
+   dst_img=$(echo "${dst_img}" | awk -F'@' '{print $1}')
+
+   # Run the image upload command
+   echo "Uploading '${src_img}' to '${dst_img}'"
+   skopeo copy --all --quiet \
+      --preserve-digests \
+      --authfile "${IMAGE_PULL_FILE}" \
+      dir://"${IMAGE_LOCAL_DIR}/${src_img}" docker://"${dst_img}:${image_tag}-${image_cnt}"
+   # Increment the counter
+   (( image_cnt += 1 ))
+
+done < <(find . -type f -name manifest.json -printf '%P\n')
+popd >/dev/null
+----
\ No newline at end of file
diff --git a/snippets/mobb-support-statement.adoc b/snippets/mobb-support-statement.adoc
new file mode 100644
index 000000000000..21f4d1dff82d
--- /dev/null
+++ b/snippets/mobb-support-statement.adoc
@@ -0,0 +1,4 @@
+[IMPORTANT]
+====
+This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
+====
\ No newline at end of file
diff --git a/snippets/monitoring-custom-prometheus-note.adoc b/snippets/monitoring-custom-prometheus-note.adoc
index 321948cb119d..1eca124798ac 100644
--- a/snippets/monitoring-custom-prometheus-note.adoc
+++ b/snippets/monitoring-custom-prometheus-note.adoc
@@ -2,7 +2,7 @@
 //
 // * modules/monitoring-enabling-monitoring-for-user-defined-projects.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
diff --git a/snippets/network-observability-clusterrole-reader.adoc b/snippets/network-observability-clusterrole-reader.adoc
new file mode 100644
index 000000000000..117c5e6f058b
--- /dev/null
+++ b/snippets/network-observability-clusterrole-reader.adoc
@@ -0,0 +1,27 @@
+// Text snippet included in the following assemblies:
+//
+//
+//
+// Text snippet included in the following modules:
+//
+// * modules/network-observability-auth-multi-tenancy.adoc
+
+:_mod-docs-content-type: SNIPPET
+.Example ClusterRole reader yaml
+[source, yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: netobserv-reader    <1>
+rules:
+- apiGroups:
+  - 'loki.grafana.com'
+  resources:
+  - network
+  resourceNames:
+  - logs
+  verbs:
+  - 'get'
+----
+<1> This role can be used for multi-tenancy.
\ No newline at end of file
diff --git a/snippets/network-observability-clusterrole-writer.adoc b/snippets/network-observability-clusterrole-writer.adoc
new file mode 100644
index 000000000000..bf9704d1ef2d
--- /dev/null
+++ b/snippets/network-observability-clusterrole-writer.adoc
@@ -0,0 +1,26 @@
+// Text snippet included in the following assemblies:
+//
+//
+//
+// Text snippet included in the following modules:
+//
+// * modules/network-observability-auth-multi-tenancy.adoc
+
+:_mod-docs-content-type: SNIPPET
+.Example ClusterRole writer yaml
+[source,yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: netobserv-writer
+rules:
+- apiGroups:
+  - 'loki.grafana.com'
+  resources:
+  - network
+  resourceNames:
+  - logs
+  verbs:
+  - 'create'
+----
\ No newline at end of file
diff --git a/snippets/network-observability-clusterrolebinding.adoc b/snippets/network-observability-clusterrolebinding.adoc
new file mode 100644
index 000000000000..76906006ab27
--- /dev/null
+++ b/snippets/network-observability-clusterrolebinding.adoc
@@ -0,0 +1,30 @@
+// Text snippet included in the following assemblies:
+//
+//
+//
+// Text snippet included in the following modules:
+//
+// * modules/network-observability-auth-multi-tenancy.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+.Example ClusterRoleBinding yaml
+[source, yaml]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: netobserv-writer-flp
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: netobserv-writer
+subjects:
+- kind: ServiceAccount
+  name: flowlogs-pipeline    <1>
+  namespace: netobserv
+- kind: ServiceAccount
+  name: flowlogs-pipeline-transformer
+  namespace: netobserv
+----
+<1> The `flowlogs-pipeline` writes to Loki. If you are using Kafka, this value is `flowlogs-pipeline-transformer`.
\ No newline at end of file
diff --git a/snippets/node-icsp-no-drain.adoc b/snippets/node-icsp-no-drain.adoc
index b86a96e7df79..9fe19dc6e203 100644
--- a/snippets/node-icsp-no-drain.adoc
+++ b/snippets/node-icsp-no-drain.adoc
@@ -3,7 +3,7 @@
 // * modules/about-crio.adoc
 // * modules/nodes-containers-using.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 The following modifications do not trigger a node reboot:
 
diff --git a/snippets/nodes-cluster-enabling-features-verification.adoc b/snippets/nodes-cluster-enabling-features-verification.adoc
index 06b54f107245..7991aa4e479c 100644
--- a/snippets/nodes-cluster-enabling-features-verification.adoc
+++ b/snippets/nodes-cluster-enabling-features-verification.adoc
@@ -4,7 +4,7 @@
 // * modules/clusters/nodes-cluster-enabling-features-console.adoc
 // * modules/nodes-cluster-enabling-features-cli.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 
 You can verify that the feature gates are enabled by looking at the `kubelet.conf` file on a node after the nodes return to the ready state.
@@ -33,11 +33,11 @@ sh-4.2# cat /etc/kubernetes/kubelet.conf
 +
 [source,terminal]
 ----
- ...
+# ...
 featureGates:
   InsightsOperatorPullingSCA: true,
   LegacyNodeRoleBehavior: false
- ...
+# ...
 ----
 +
 The features that are listed as `true` are enabled on your cluster.
diff --git a/snippets/oadp-ceph-cr-prerequisites.adoc b/snippets/oadp-ceph-cr-prerequisites.adoc
index 2e6ade943114..672ae8afcf81 100644
--- a/snippets/oadp-ceph-cr-prerequisites.adoc
+++ b/snippets/oadp-ceph-cr-prerequisites.adoc
@@ -2,7 +2,7 @@
 //
 // * backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 .Prerequisites
 
diff --git a/snippets/oadp-mtc-operator.adoc b/snippets/oadp-mtc-operator.adoc
index 4504f980dbd1..152af32d22c6 100644
--- a/snippets/oadp-mtc-operator.adoc
+++ b/snippets/oadp-mtc-operator.adoc
@@ -8,7 +8,7 @@
 // * .../backup_and_restore/backing_up_and_restoring/installing/installing-oadp-mcg.adoc
 // * .../backup_and_restore/backing_up_and_restoring/installing/installing-oadp-ocs.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 [NOTE]
 ====
 Starting from OADP 1.0.4, all OADP 1.0._z_ versions can only be used as a dependency of the MTC Operator and are not available as a standalone Operator.
diff --git a/snippets/oadp-ocp-compat.adoc b/snippets/oadp-ocp-compat.adoc
index 08fbcb46bb8d..ef1ce9f5af27 100644
--- a/snippets/oadp-ocp-compat.adoc
+++ b/snippets/oadp-ocp-compat.adoc
@@ -4,7 +4,7 @@
 // * .../backup_and_restore/backing_up_and_restoring/installing/about-installing-oadp.adoc
 // * .../backup_and_restore/index.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 [NOTE]
 ====
 If you want to use CSI backup on OCP 4.11 and later, install OADP 1.1._x_.
diff --git a/snippets/oidc-cloudfront.adoc b/snippets/oidc-cloudfront.adoc
new file mode 100644
index 000000000000..10016765a509
--- /dev/null
+++ b/snippets/oidc-cloudfront.adoc
@@ -0,0 +1,12 @@
+
+//This snippet appears in the following assemblies:
+//
+// * ../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+
+:_content-type: SNIPPET
+[NOTE]
+====
+ROSA CLI 1.2.7 introduces changes to the OIDC provider endpoint URL format for new clusters. {product-title} cluster OIDC provider URLs are no longer regional. The AWS CloudFront implementation provides improved access speed and resiliency and reduces latency.
+
+Because this change is only available to new clusters created by using ROSA CLI 1.2.7 or later, existing OIDC-provider configurations do not have any supported migration paths.
+====
\ No newline at end of file
diff --git a/snippets/olmv1-cli-only.adoc b/snippets/olmv1-cli-only.adoc
new file mode 100644
index 000000000000..a1a399e8dec0
--- /dev/null
+++ b/snippets/olmv1-cli-only.adoc
@@ -0,0 +1,11 @@
+// Text snippet included in the following modules:
+//
+// * operators/olm_v1/olmv1-installing-an-operator-from-a-catalog.adoc
+// * operators/olm_v1/olmv1-managing-plain-bundles.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[NOTE]
+====
+For {product-title} 4.14, documented procedures for {olmv1} are CLI-based only. Alternatively, administrators can create and view related objects in the web console by using normal methods, such as the *Import YAML* and *Search* pages. However, the existing *OperatorHub* and *Installed Operators* pages do not yet display {olmv1} components.
+====
diff --git a/snippets/olmv1-multi-catalog-admon.adoc b/snippets/olmv1-multi-catalog-admon.adoc
new file mode 100644
index 000000000000..9d85d0cd12f6
--- /dev/null
+++ b/snippets/olmv1-multi-catalog-admon.adoc
@@ -0,0 +1,13 @@
+// Text snippet included in the following modules:
+//
+// * modules/olmv1-about-catalogs.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[IMPORTANT]
+====
+If you try to install an Operator or extension that does not have unique name, the installation might fail or lead to an unpredictable result. This occurs for the following reasons:
+
+* If mulitple catalogs are installed on a cluster, {olmv1} does not include a mechanism to specify a catalog when you install an Operator or extension.
+* Dependency resolution in {olmv1-first} requires that all of the Operators and extensions that are available to install on a cluster use a unique name for their bundles and packages.
+====
diff --git a/snippets/olmv1-operator-api-group.adoc b/snippets/olmv1-operator-api-group.adoc
new file mode 100644
index 000000000000..b03527546c3f
--- /dev/null
+++ b/snippets/olmv1-operator-api-group.adoc
@@ -0,0 +1,17 @@
+// Text snippet included in the following modules:
+//
+// * modules/olmv1-operator-api.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+[NOTE]
+====
+When using the OpenShift CLI (`oc)`, the `Operator` resource provided with {olmv1} during this Technology Preview phase requires specifying the full `<resource>.<group>` format: `operator.operators.operatorframework.io`. For example:
+
+[source,terminal]
+----
+$ oc get operator.operators.operatorframework.io
+----
+
+If you specify only the `Operator` resource without the API group, the CLI returns results for an earlier API (`operator.operators.coreos.com`) that is unrelated to {olmv1}.
+====
diff --git a/snippets/olmv1-secure-registry-pull-secret.adoc b/snippets/olmv1-secure-registry-pull-secret.adoc
new file mode 100644
index 000000000000..9da1beea3f68
--- /dev/null
+++ b/snippets/olmv1-secure-registry-pull-secret.adoc
@@ -0,0 +1,17 @@
+// Text snippet included in the following modules:
+//
+// * modules/olmv1-adding-a-catalog.adoc
+// * modules/olmv1-creating-a-pull-secret-for-catalogd.adoc
+// * modules/olmv1-red-hat-catalogs.adoc
+
+:_mod-docs-content-type: SNIPPET
+
+If you want to use a catalog that is hosted on a secure registry, such as Red Hat-provided Operator catalogs from `registry.redhat.io`, you must have a pull secret scoped to the `openshift-catalogd` namespace.
+ifndef::olmv1-pullsecret-proc[For more information, see "Creating a pull secret for catalogs hosted on a secure registry".]
+
+ifdef::olmv1-pullsecret-proc[]
+[NOTE]
+====
+Currently, catalogd cannot read global pull secrets from {product-title} clusters. Catalogd can read references to secrets only in the namespace where it is deployed.
+====
+endif::[]
diff --git a/snippets/operator-group-unique-name.adoc b/snippets/operator-group-unique-name.adoc
new file mode 100644
index 000000000000..1f6c0215ff72
--- /dev/null
+++ b/snippets/operator-group-unique-name.adoc
@@ -0,0 +1,15 @@
+// Text snippet included in the following assemblies:
+//
+
+:_mod-docs-content-type: SNIPPET
+
+[WARNING]
+====
+Operator Lifecycle Manager (OLM) creates the following cluster roles for each Operator group:
+
+* `<operatorgroup_name>-admin`
+* `<operatorgroup_name>-edit`
+* `<operatorgroup_name>-view`
+
+When you manually create an Operator group, you must specify a unique name that does not conflict with the existing cluster roles or other Operator groups on the cluster.
+====
diff --git a/snippets/operator-not-available.adoc b/snippets/operator-not-available.adoc
new file mode 100644
index 000000000000..24cbc1eec6a0
--- /dev/null
+++ b/snippets/operator-not-available.adoc
@@ -0,0 +1,9 @@
+// When including this file, ensure that {operator-name} is set immediately before
+// the include. Otherwise it will result in an incorrect replacement.
+
+[IMPORTANT]
+====
+{operator-name} is not currently available for {product-title} {product-version}. The Operator is planned to be released in the near future.
+====
+// Undefine {operator-name} attribute, so that any mistakes are easily spotted
+:!operator-name:
diff --git a/snippets/ossm-out-of-support.adoc b/snippets/ossm-out-of-support.adoc
index 9933975fdce2..3ecfd9fd9c96 100644
--- a/snippets/ossm-out-of-support.adoc
+++ b/snippets/ossm-out-of-support.adoc
@@ -2,7 +2,7 @@
 // NOTE: The OpenShift docs standards state that snippets should NOT contain xrefs.   https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/doc_guidelines.adoc#writing-text-snippets
 //Because this snippet contains two xrefs it should ONLY be used in the v1 assemblies and never in a module.
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [WARNING]
 ====
diff --git a/snippets/performance-profile-workload-partitioning.adoc b/snippets/performance-profile-workload-partitioning.adoc
new file mode 100644
index 000000000000..471dca7a2f4d
--- /dev/null
+++ b/snippets/performance-profile-workload-partitioning.adoc
@@ -0,0 +1,39 @@
+:_mod-docs-content-type: SNIPPET
+.PerformanceProfile CR options for {sno} clusters
+[cols=2*, width="90%", options="header"]
+|====
+|PerformanceProfile CR field
+|Description
+
+|`metadata.name`
+a|Ensure that `name` matches the following fields set in related {ztp} custom resources (CRs):
+
+* `include=openshift-node-performance-${PerformanceProfile.metadata.name}` in `TunedPerformancePatch.yaml`
+* `name: 50-performance-${PerformanceProfile.metadata.name}` in `validatorCRs/informDuValidator.yaml`
+
+|`spec.additionalKernelArgs`
+|`"efi=runtime"` Configures UEFI secure boot for the cluster host.
+
+|`spec.cpu.isolated`
+a|Set the isolated CPUs. Ensure all of the Hyper-Threading pairs match.
+
+[IMPORTANT]
+====
+The reserved and isolated CPU pools must not overlap and together must span all available cores. CPU cores that are not accounted for cause an undefined behaviour in the system.
+====
+
+|`spec.cpu.reserved`
+|Set the reserved CPUs. When workload partitioning is enabled, system processes, kernel threads, and system container threads are restricted to these CPUs. All CPUs that are not isolated should be reserved.
+
+|`spec.hugepages.pages`
+a|* Set the number of huge pages (`count`)
+* Set the huge pages size (`size`).
+* Set `node` to the NUMA node where the `hugepages` are allocated (`node`)
+
+|`spec.realTimeKernel`
+|Set `enabled` to `true` to use the realtime kernel.
+
+|`spec.workloadHints`
+|Use `workloadHints` to define the set of top level flags for different type of workloads.
+The example configuration configures the cluster for low latency and high performance.
+|====
diff --git a/snippets/pid-limits.adoc b/snippets/pid-limits.adoc
index 4a00ac191fd9..65f578ccc0f7 100644
--- a/snippets/pid-limits.adoc
+++ b/snippets/pid-limits.adoc
@@ -13,11 +13,19 @@
 // * /rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc
 //
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
+
+// The PID limits are only configurable through the ROSA CLI. Once they are configurable through OCM, the conditionalization can be removed.
 
 [IMPORTANT]
 ====
-As of the {product-title} versions 4.8.35, 4.9.26, 4.10.6, the {product-title} default per-pod pid limit is `4096`. If you want to enable this PID limit, you must upgrade your {product-title} clusters to these versions or later. {product-title} clusters with prior versions use a default PID limit of `1024`.
+As of {product-title} 4.11, the default per-pod PID limit is `4096`. If you want to enable this PID limit, you must upgrade your {product-title} clusters to this version or later. {product-title} clusters running on earlier versions use a default PID limit of `1024`.
+
+ifdef::openshift-rosa[]
+You can configure the per-pod PID limit on a {product-title} cluster by using the ROSA CLI. For more information, see "Configuring PID limits".
+endif::openshift-rosa[]
 
+ifdef::openshift-dedicated[]
 You cannot configure the per-pod PID limit on any {product-title} cluster.
-====
\ No newline at end of file
+endif::openshift-dedicated[]
+====
diff --git a/snippets/ptp-clock-holdover-note.adoc b/snippets/ptp-clock-holdover-note.adoc
new file mode 100644
index 000000000000..5ba4867e0729
--- /dev/null
+++ b/snippets/ptp-clock-holdover-note.adoc
@@ -0,0 +1,10 @@
+:_mod-docs-content-type: SNIPPET
+[NOTE]
+====
+During holdover, the T-GM or T-BC uses the internal system clock to continue generating time synchronization signals as accurately as possible based on the last known good reference.
+
+You can set the time holdover specification threshold controlling the time spent advertising `ClockClass` values `7` or `135` to `0` so that the T-GM or T-BC advertises a degraded `ClockClass` value directly after losing traceability to a PRTC.
+In this case, after initially advertising `ClockClass` values between `140–165`, a clock can still be within the holdover specification.
+====
+
+For more information, see link:https://www.itu.int/rec/T-REC-G.8275.1-202211-I/en["Phase/time traceability information", ITU-T G.8275.1/Y.1369.1 Recommendations].
diff --git a/snippets/ptp_PtpConfigBoundary.yaml b/snippets/ptp_PtpConfigBoundary.yaml
new file mode 100644
index 000000000000..8e9c471f8dad
--- /dev/null
+++ b/snippets/ptp_PtpConfigBoundary.yaml
@@ -0,0 +1,131 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: boundary-clock
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  profile:
+    - name: boundary-clock
+      ptp4lOpts: "-2"
+      phc2sysOpts: "-a -r -n 24"
+      ptpSchedulingPolicy: SCHED_FIFO
+      ptpSchedulingPriority: 10
+      ptpSettings:
+        logReduce: "true"
+      ptp4lConf: |
+        # The interface name is hardware-specific
+        [$iface_slave]
+        masterOnly 0
+        [$iface_master_1]
+        masterOnly 1
+        [$iface_master_2]
+        masterOnly 1
+        [$iface_master_3]
+        masterOnly 1
+        [global]
+        #
+        # Default Data Set
+        #
+        twoStepFlag 1
+        slaveOnly 0
+        priority1 128
+        priority2 128
+        domainNumber 24
+        #utc_offset 37
+        clockClass 248
+        clockAccuracy 0xFE
+        offsetScaledLogVariance 0xFFFF
+        free_running 0
+        freq_est_interval 1
+        dscp_event 0
+        dscp_general 0
+        dataset_comparison G.8275.x
+        G.8275.defaultDS.localPriority 128
+        #
+        # Port Data Set
+        #
+        logAnnounceInterval -3
+        logSyncInterval -4
+        logMinDelayReqInterval -4
+        logMinPdelayReqInterval -4
+        announceReceiptTimeout 3
+        syncReceiptTimeout 0
+        delayAsymmetry 0
+        fault_reset_interval -4
+        neighborPropDelayThresh 20000000
+        masterOnly 0
+        G.8275.portDS.localPriority 128
+        #
+        # Run time options
+        #
+        assume_two_step 0
+        logging_level 6
+        path_trace_enabled 0
+        follow_up_info 0
+        hybrid_e2e 0
+        inhibit_multicast_service 0
+        net_sync_monitor 0
+        tc_spanning_tree 0
+        tx_timestamp_timeout 50
+        unicast_listen 0
+        unicast_master_table 0
+        unicast_req_duration 3600
+        use_syslog 1
+        verbose 0
+        summary_interval 0
+        kernel_leap 1
+        check_fup_sync 0
+        clock_class_threshold 135
+        #
+        # Servo Options
+        #
+        pi_proportional_const 0.0
+        pi_integral_const 0.0
+        pi_proportional_scale 0.0
+        pi_proportional_exponent -0.3
+        pi_proportional_norm_max 0.7
+        pi_integral_scale 0.0
+        pi_integral_exponent 0.4
+        pi_integral_norm_max 0.3
+        step_threshold 2.0
+        first_step_threshold 0.00002
+        max_frequency 900000000
+        clock_servo pi
+        sanity_freq_limit 200000000
+        ntpshm_segment 0
+        #
+        # Transport options
+        #
+        transportSpecific 0x0
+        ptp_dst_mac 01:1B:19:00:00:00
+        p2p_dst_mac 01:80:C2:00:00:0E
+        udp_ttl 1
+        udp6_scope 0x0E
+        uds_address /var/run/ptp4l
+        #
+        # Default interface options
+        #
+        clock_type BC
+        network_transport L2
+        delay_mechanism E2E
+        time_stamping hardware
+        tsproc_mode filter
+        delay_filter moving_median
+        delay_filter_length 10
+        egressLatency 0
+        ingressLatency 0
+        boundary_clock_jbod 0
+        #
+        # Clock description
+        #
+        productDescription ;;
+        revisionData ;;
+        manufacturerIdentity 00:00:00
+        userDescription ;
+        timeSource 0xA0
+  recommend:
+    - profile: boundary-clock
+      priority: 4
+      match:
+        - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/ptp_PtpConfigGmWpc.yaml b/snippets/ptp_PtpConfigGmWpc.yaml
new file mode 100644
index 000000000000..ff7da9d7887e
--- /dev/null
+++ b/snippets/ptp_PtpConfigGmWpc.yaml
@@ -0,0 +1,208 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: grandmaster
+  namespace: openshift-ptp
+spec:
+  profile:
+  - name: "grandmaster"
+    ptp4lOpts: "-2 --summary_interval -4"
+    phc2sysOpts: -r -u 0 -m -O -37 -N 8 -R 16 -s $iface_master -n 24
+    ptpSchedulingPolicy: SCHED_FIFO
+    ptpSchedulingPriority: 10
+    ptpSettings:
+      logReduce: "true"
+    plugins:
+      e810:
+        enableDefaultConfig: false
+        settings:
+          LocalMaxHoldoverOffSet: 1500
+          LocalHoldoverTimeout: 14400
+          MaxInSpecOffset: 100
+        pins: $e810_pins
+        #  "$iface_master":
+        #    "U.FL2": "0 2"
+        #    "U.FL1": "0 1"
+        #    "SMA2": "0 2"
+        #    "SMA1": "0 1"
+        ublxCmds:
+          - args: #ubxtool -P 29.20 -z CFG-HW-ANT_CFG_VOLTCTRL,1
+              - "-P"
+              - "29.20"
+              - "-z"
+              - "CFG-HW-ANT_CFG_VOLTCTRL,1"
+            reportOutput: false
+          - args: #ubxtool -P 29.20 -e GPS
+              - "-P"
+              - "29.20"
+              - "-e"
+              - "GPS"
+            reportOutput: false
+          - args: #ubxtool -P 29.20 -d Galileo
+              - "-P"
+              - "29.20"
+              - "-d"
+              - "Galileo"
+            reportOutput: false
+          - args: #ubxtool -P 29.20 -d GLONASS
+              - "-P"
+              - "29.20"
+              - "-d"
+              - "GLONASS"
+            reportOutput: false
+          - args: #ubxtool -P 29.20 -d BeiDou
+              - "-P"
+              - "29.20"
+              - "-d"
+              - "BeiDou"
+            reportOutput: false
+          - args: #ubxtool -P 29.20 -d SBAS
+              - "-P"
+              - "29.20"
+              - "-d"
+              - "SBAS"
+            reportOutput: false
+          - args: #ubxtool -P 29.20 -t -w 5 -v 1 -e SURVEYIN,600,50000
+              - "-P"
+              - "29.20"
+              - "-t"
+              - "-w"
+              - "5"
+              - "-v"
+              - "1"
+              - "-e"
+              - "SURVEYIN,600,50000"
+            reportOutput: true  
+          - args: #ubxtool -P 29.20 -p MON-HW
+              - "-P"
+              - "29.20"
+              - "-p"
+              - "MON-HW"
+            reportOutput: true
+    ts2phcOpts: " "
+    ts2phcConf: |
+      [nmea]
+      ts2phc.master 1
+      [global]
+      use_syslog  0
+      verbose 1
+      logging_level 7
+      ts2phc.pulsewidth 100000000
+      ts2phc.nmea_serialport $gnss_serialport
+      leapfile  /usr/share/zoneinfo/leap-seconds.list
+      [$iface_master]
+      ts2phc.extts_polarity rising
+      ts2phc.extts_correction 0
+    ptp4lConf: |
+      [$iface_master]
+      masterOnly 1
+      [$iface_master_1]
+      masterOnly 1
+      [$iface_master_2]
+      masterOnly 1
+      [$iface_master_3]
+      masterOnly 1
+      [global]
+      #
+      # Default Data Set
+      #
+      twoStepFlag 1
+      priority1 128
+      priority2 128
+      domainNumber 24
+      #utc_offset 37
+      clockClass 6
+      clockAccuracy 0x27
+      offsetScaledLogVariance 0xFFFF
+      free_running 0
+      freq_est_interval 1
+      dscp_event 0
+      dscp_general 0
+      dataset_comparison G.8275.x
+      G.8275.defaultDS.localPriority 128
+      #
+      # Port Data Set
+      #
+      logAnnounceInterval -3
+      logSyncInterval -4
+      logMinDelayReqInterval -4
+      logMinPdelayReqInterval 0
+      announceReceiptTimeout 3
+      syncReceiptTimeout 0
+      delayAsymmetry 0
+      fault_reset_interval -4
+      neighborPropDelayThresh 20000000
+      masterOnly 0
+      G.8275.portDS.localPriority 128
+      #
+      # Run time options
+      #
+      assume_two_step 0
+      logging_level 6
+      path_trace_enabled 0
+      follow_up_info 0
+      hybrid_e2e 0
+      inhibit_multicast_service 0
+      net_sync_monitor 0
+      tc_spanning_tree 0
+      tx_timestamp_timeout 50
+      unicast_listen 0
+      unicast_master_table 0
+      unicast_req_duration 3600
+      use_syslog 1
+      verbose 0
+      summary_interval -4
+      kernel_leap 1
+      check_fup_sync 0
+      clock_class_threshold 7
+      #
+      # Servo Options
+      #
+      pi_proportional_const 0.0
+      pi_integral_const 0.0
+      pi_proportional_scale 0.0
+      pi_proportional_exponent -0.3
+      pi_proportional_norm_max 0.7
+      pi_integral_scale 0.0
+      pi_integral_exponent 0.4
+      pi_integral_norm_max 0.3
+      step_threshold 2.0
+      first_step_threshold 0.00002
+      clock_servo pi
+      sanity_freq_limit  200000000
+      ntpshm_segment 0
+      #
+      # Transport options
+      #
+      transportSpecific 0x0
+      ptp_dst_mac 01:1B:19:00:00:00
+      p2p_dst_mac 01:80:C2:00:00:0E
+      udp_ttl 1
+      udp6_scope 0x0E
+      uds_address /var/run/ptp4l
+      #
+      # Default interface options
+      #
+      clock_type BC
+      network_transport L2
+      delay_mechanism E2E
+      time_stamping hardware
+      tsproc_mode filter
+      delay_filter moving_median
+      delay_filter_length 10
+      egressLatency 0
+      ingressLatency 0
+      boundary_clock_jbod 0
+      #
+      # Clock description
+      #
+      productDescription ;;
+      revisionData ;;
+      manufacturerIdentity 00:00:00
+      userDescription ;
+      timeSource 0x20
+  recommend:
+  - profile: "grandmaster"
+    priority: 4
+    match:
+    - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/ptp_PtpConfigMaster.yaml b/snippets/ptp_PtpConfigMaster.yaml
new file mode 100644
index 000000000000..2b8160d0b693
--- /dev/null
+++ b/snippets/ptp_PtpConfigMaster.yaml
@@ -0,0 +1,124 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: grandmaster-clock
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  profile:
+    - name: grandmaster-clock
+      # The interface name is hardware-specific
+      interface: $interface
+      ptp4lOpts: "-2"
+      phc2sysOpts: "-a -r -r -n 24"
+      ptpSchedulingPolicy: SCHED_FIFO
+      ptpSchedulingPriority: 10
+      ptpSettings:
+        logReduce: "true"
+      ptp4lConf: |
+        [global]
+        #
+        # Default Data Set
+        #
+        twoStepFlag 1
+        slaveOnly 0
+        priority1 128
+        priority2 128
+        domainNumber 24
+        #utc_offset 37
+        clockClass 255
+        clockAccuracy 0xFE
+        offsetScaledLogVariance 0xFFFF
+        free_running 0
+        freq_est_interval 1
+        dscp_event 0
+        dscp_general 0
+        dataset_comparison G.8275.x
+        G.8275.defaultDS.localPriority 128
+        #
+        # Port Data Set
+        #
+        logAnnounceInterval -3
+        logSyncInterval -4
+        logMinDelayReqInterval -4
+        logMinPdelayReqInterval -4
+        announceReceiptTimeout 3
+        syncReceiptTimeout 0
+        delayAsymmetry 0
+        fault_reset_interval -4
+        neighborPropDelayThresh 20000000
+        masterOnly 0
+        G.8275.portDS.localPriority 128
+        #
+        # Run time options
+        #
+        assume_two_step 0
+        logging_level 6
+        path_trace_enabled 0
+        follow_up_info 0
+        hybrid_e2e 0
+        inhibit_multicast_service 0
+        net_sync_monitor 0
+        tc_spanning_tree 0
+        tx_timestamp_timeout 50
+        unicast_listen 0
+        unicast_master_table 0
+        unicast_req_duration 3600
+        use_syslog 1
+        verbose 0
+        summary_interval 0
+        kernel_leap 1
+        check_fup_sync 0
+        clock_class_threshold 7
+        #
+        # Servo Options
+        #
+        pi_proportional_const 0.0
+        pi_integral_const 0.0
+        pi_proportional_scale 0.0
+        pi_proportional_exponent -0.3
+        pi_proportional_norm_max 0.7
+        pi_integral_scale 0.0
+        pi_integral_exponent 0.4
+        pi_integral_norm_max 0.3
+        step_threshold 2.0
+        first_step_threshold 0.00002
+        max_frequency 900000000
+        clock_servo pi
+        sanity_freq_limit 200000000
+        ntpshm_segment 0
+        #
+        # Transport options
+        #
+        transportSpecific 0x0
+        ptp_dst_mac 01:1B:19:00:00:00
+        p2p_dst_mac 01:80:C2:00:00:0E
+        udp_ttl 1
+        udp6_scope 0x0E
+        uds_address /var/run/ptp4l
+        #
+        # Default interface options
+        #
+        clock_type OC
+        network_transport L2
+        delay_mechanism E2E
+        time_stamping hardware
+        tsproc_mode filter
+        delay_filter moving_median
+        delay_filter_length 10
+        egressLatency 0
+        ingressLatency 0
+        boundary_clock_jbod 0
+        #
+        # Clock description
+        #
+        productDescription ;;
+        revisionData ;;
+        manufacturerIdentity 00:00:00
+        userDescription ;
+        timeSource 0xA0
+  recommend:
+    - profile: grandmaster-clock
+      priority: 4
+      match:
+        - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/ptp_PtpConfigOrdinaryClock.yaml b/snippets/ptp_PtpConfigOrdinaryClock.yaml
new file mode 100644
index 000000000000..08ab6e8a8240
--- /dev/null
+++ b/snippets/ptp_PtpConfigOrdinaryClock.yaml
@@ -0,0 +1,124 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: ordinary-clock
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  profile:
+    - name: ordinary-clock
+      # The interface name is hardware-specific
+      interface: $interface
+      ptp4lOpts: "-2 -s"
+      phc2sysOpts: "-a -r -n 24"
+      ptpSchedulingPolicy: SCHED_FIFO
+      ptpSchedulingPriority: 10
+      ptpSettings:
+        logReduce: "true"
+      ptp4lConf: |
+        [global]
+        #
+        # Default Data Set
+        #
+        twoStepFlag 1
+        slaveOnly 1
+        priority1 128
+        priority2 128
+        domainNumber 24
+        #utc_offset 37
+        clockClass 255
+        clockAccuracy 0xFE
+        offsetScaledLogVariance 0xFFFF
+        free_running 0
+        freq_est_interval 1
+        dscp_event 0
+        dscp_general 0
+        dataset_comparison G.8275.x
+        G.8275.defaultDS.localPriority 128
+        #
+        # Port Data Set
+        #
+        logAnnounceInterval -3
+        logSyncInterval -4
+        logMinDelayReqInterval -4
+        logMinPdelayReqInterval -4
+        announceReceiptTimeout 3
+        syncReceiptTimeout 0
+        delayAsymmetry 0
+        fault_reset_interval -4
+        neighborPropDelayThresh 20000000
+        masterOnly 0
+        G.8275.portDS.localPriority 128
+        #
+        # Run time options
+        #
+        assume_two_step 0
+        logging_level 6
+        path_trace_enabled 0
+        follow_up_info 0
+        hybrid_e2e 0
+        inhibit_multicast_service 0
+        net_sync_monitor 0
+        tc_spanning_tree 0
+        tx_timestamp_timeout 50
+        unicast_listen 0
+        unicast_master_table 0
+        unicast_req_duration 3600
+        use_syslog 1
+        verbose 0
+        summary_interval 0
+        kernel_leap 1
+        check_fup_sync 0
+        clock_class_threshold 7
+        #
+        # Servo Options
+        #
+        pi_proportional_const 0.0
+        pi_integral_const 0.0
+        pi_proportional_scale 0.0
+        pi_proportional_exponent -0.3
+        pi_proportional_norm_max 0.7
+        pi_integral_scale 0.0
+        pi_integral_exponent 0.4
+        pi_integral_norm_max 0.3
+        step_threshold 2.0
+        first_step_threshold 0.00002
+        max_frequency 900000000
+        clock_servo pi
+        sanity_freq_limit 200000000
+        ntpshm_segment 0
+        #
+        # Transport options
+        #
+        transportSpecific 0x0
+        ptp_dst_mac 01:1B:19:00:00:00
+        p2p_dst_mac 01:80:C2:00:00:0E
+        udp_ttl 1
+        udp6_scope 0x0E
+        uds_address /var/run/ptp4l
+        #
+        # Default interface options
+        #
+        clock_type OC
+        network_transport L2
+        delay_mechanism E2E
+        time_stamping hardware
+        tsproc_mode filter
+        delay_filter moving_median
+        delay_filter_length 10
+        egressLatency 0
+        ingressLatency 0
+        boundary_clock_jbod 0
+        #
+        # Clock description
+        #
+        productDescription ;;
+        revisionData ;;
+        manufacturerIdentity 00:00:00
+        userDescription ;
+        timeSource 0xA0
+  recommend:
+    - profile: ordinary-clock
+      priority: 4
+      match:
+        - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/rosa-hcp-rn.adoc b/snippets/rosa-hcp-rn.adoc
index a77829fdbbf9..7bd29c9930e5 100644
--- a/snippets/rosa-hcp-rn.adoc
+++ b/snippets/rosa-hcp-rn.adoc
@@ -2,5 +2,5 @@
 //
 // * rosa_release_notes/rosa-release-notes.adoc
 
-:_content-type: SNIPPET
-* **Hosted control planes:** {hcp-title-first} clusters are now available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.html[Creating {hcp-title} clusters using the default options].
\ No newline at end of file
+:_mod-docs-content-type: SNIPPET
+* **Hosted control planes.** {hcp-title-first} clusters are now available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc[Creating {hcp-title} clusters using the default options].
\ No newline at end of file
diff --git a/snippets/routing-odc.adoc b/snippets/routing-odc.adoc
index bab0f6a8f5d5..cc1cfdf568a0 100644
--- a/snippets/routing-odc.adoc
+++ b/snippets/routing-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * modules/odc-importing-codebase-from-git-to-create-application.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 Routing:: By clicking the *Routing* link, you can perform the following actions:
 * Customize the hostname for the route.
diff --git a/snippets/scaling-odc.adoc b/snippets/scaling-odc.adoc
index 3ee0c851a85e..a6cf09f41ecc 100644
--- a/snippets/scaling-odc.adoc
+++ b/snippets/scaling-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * modules/odc-importing-codebase-from-git-to-create-application.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 Scaling:: Click the *Scaling* link to define the number of pods or instances of the application you want to deploy initially.
 +
diff --git a/snippets/serverless-about-event-sinks.adoc b/snippets/serverless-about-event-sinks.adoc
index aa20462f6a3a..b68db05004a0 100644
--- a/snippets/serverless-about-event-sinks.adoc
+++ b/snippets/serverless-about-event-sinks.adoc
@@ -3,6 +3,6 @@
 // * /serverless/eventing/event-sinks/serverless-event-sinks
 // * /serverless/eventing/event-sinks/serverless-creating-sinks
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 When you create an event source, you can specify an event sink where events are sent to from the source. An event sink is an addressable or a callable resource that can receive incoming events from other resources. Knative services, channels, and brokers are all examples of event sinks. There is also a specific Apache Kafka sink type available.
\ No newline at end of file
diff --git a/snippets/serverless-about-kafka-broker.adoc b/snippets/serverless-about-kafka-broker.adoc
index b0b4e20f5acb..08e433a9e45a 100644
--- a/snippets/serverless-about-kafka-broker.adoc
+++ b/snippets/serverless-about-kafka-broker.adoc
@@ -3,7 +3,7 @@
 // * /modules/serverless-broker-types.adoc
 // * /serverless/develop/kafka-broker.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 For production-ready Knative Eventing deployments, Red Hat recommends using the Knative broker implementation for Apache Kafka. The broker is an Apache Kafka native implementation of the Knative broker, which sends CloudEvents directly to the Kafka instance.
 
diff --git a/snippets/serverless-apps.adoc b/snippets/serverless-apps.adoc
index 62e9ac76b1e6..942e1ed04d67 100644
--- a/snippets/serverless-apps.adoc
+++ b/snippets/serverless-apps.adoc
@@ -3,7 +3,7 @@
 // * /serverless/develop/serverless-applications.adoc
 // * /modules/creating-serverless-apps-admin-console.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 Serverless applications are created and deployed as Kubernetes services, defined by a route and a configuration, and contained in a YAML file. To deploy a serverless application using {ServerlessProductName}, you must create a Knative `Service` object.
 
diff --git a/snippets/serverless-brokers-intro.adoc b/snippets/serverless-brokers-intro.adoc
index 681b4133a1b0..8eb36d344f67 100644
--- a/snippets/serverless-brokers-intro.adoc
+++ b/snippets/serverless-brokers-intro.adoc
@@ -6,7 +6,7 @@
 // * /modules/serverless-creating-trigger-admin-web-console.adoc
 // * /serverless/discover/serverless-brokers.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 Brokers can be used in combination with triggers to deliver events from an event source to an event sink. Events are sent from an event source to a broker as an HTTP `POST` request. After events have entered the broker, they can be filtered by https://github.com/cloudevents/spec/blob/v1.0/spec.md#context-attributes[CloudEvent attributes] using triggers, and sent as an HTTP `POST` request to an event sink.
 
diff --git a/snippets/serverless-domain-mapping-odc.adoc b/snippets/serverless-domain-mapping-odc.adoc
index d1efc7f50451..6e9f41838dcb 100644
--- a/snippets/serverless-domain-mapping-odc.adoc
+++ b/snippets/serverless-domain-mapping-odc.adoc
@@ -2,7 +2,7 @@
 //
 // * modules/odc-importing-codebase-from-git-to-create-application.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 Domain mapping:: If you are creating a *Serverless Deployment*, you can add a custom domain mapping to the Knative service during creation.
 +
diff --git a/snippets/serverless-service-account-apiserversource.adoc b/snippets/serverless-service-account-apiserversource.adoc
index f7c6bf3fd8a8..40d3706b45ee 100644
--- a/snippets/serverless-service-account-apiserversource.adoc
+++ b/snippets/serverless-service-account-apiserversource.adoc
@@ -4,7 +4,7 @@
 // * /modules/odc-creating-apiserversource.adoc
 // * /modules/apiserversource-kn.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
diff --git a/snippets/service-account-auto-secret-removed.adoc b/snippets/service-account-auto-secret-removed.adoc
deleted file mode 100644
index 0a4c744a9e88..000000000000
--- a/snippets/service-account-auto-secret-removed.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-// When including this file, ensure that {FeatureName} is set immediately before
-// the include. Otherwise it will result in an incorrect replacement.
-
-[id="auto-generated-sa-token-secrets_{context}"]
-== About automatically-generated service account token secrets
-
-In {product-version}, {product-title} is adopting an link:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#urgent-upgrade-notes-1[enhancement from upstream Kubernetes], which enables the `LegacyServiceAccountTokenNoAutoGeneration` feature by default. As a result, when creating new service accounts (SA), a service account token secret is no longer automatically generated. Previously, {product-title} automatically added a service account token to a secret for each new SA. 
-
-However, some features and workloads need service account token secrets to communicate with the Kubernetes API server, for example, the OpenShift Controller Manager. While this requirement will be changed in a future release, it remains in {product-title} {product-version}. As a result, if you need a service account token secret, you must manually use the TokenRequest API to request bound service account tokens or create a service account token secret.
-
-After upgrading to {product-version}, existing service account token secrets are not deleted and continue to function as expected.
-
-[NOTE]
-====
-In {product-version}, service account token secrets are still automatically generated. Instead of creating two secrets per service account, {product-title} now only creates one. In a future release, the number will be further reduced to zero. Note that `dockercfg` secrets are still generated and no secrets are deleted during upgrades.
-====
diff --git a/snippets/snip-noobaa-and-mcg.adoc b/snippets/snip-noobaa-and-mcg.adoc
new file mode 100644
index 000000000000..de7ae0dcf9e3
--- /dev/null
+++ b/snippets/snip-noobaa-and-mcg.adoc
@@ -0,0 +1,8 @@
+:_mod-docs-content-type: SNIPPET
+
+[NOTE]
+====
+Unless specified otherwise, "NooBaa" refers to the open source project that provides lightweight object storage, while "Multicloud Object Gateway (MCG)" refers to the Red Hat distribution of NooBaa.
+
+For more information on the MCG, see link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html-single/managing_hybrid_and_multicloud_resources/index#accessing-the-multicloud-object-gateway-with-your-applications_rhodf[Accessing the Multicloud Object Gateway with your applications].
+====
diff --git a/snippets/snip-post-mig-hook b/snippets/snip-post-mig-hook
new file mode 100644
index 000000000000..1595f97bcf77
--- /dev/null
+++ b/snippets/snip-post-mig-hook
@@ -0,0 +1,10 @@
+:_mod-docs-content-type: SNIPPET
+
+[NOTE]
+====
+Post-migration hooks are not likely to work well with the OADP 1.3 Data Mover.
+
+The OADP 1.1 and OADP 1.2 Data Movers use synchronous processes to back up and restore application data. Because the processes are synchronous, users can be sure that any post-restore hooks start only after the persistent volumes (PVs) of the related pods are released by the persistent volume claim (PVC) of the Data Mover.
+
+However, the OADP 1.3 Data Mover uses an asynchronous process. As a result of this difference in sequencing, a post-restore hook might be called before the related PVs were released by the PVC of the Data Mover. If this happens, the pod remains in `Pending` status and cannot run the hook. The hook attempt might time out before the pod is released, leading to a `PartiallyFailed` restore operation.
+====
diff --git a/snippets/snip-private-clusters-public-ingress.adoc b/snippets/snip-private-clusters-public-ingress.adoc
index d991d57bde07..5e3e6427c0ec 100644
--- a/snippets/snip-private-clusters-public-ingress.adoc
+++ b/snippets/snip-private-clusters-public-ingress.adoc
@@ -4,7 +4,7 @@
 // * modules/private-clusters-about.adoc
 // * modules/private-clusters-about-aws.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [IMPORTANT]
 ====
diff --git a/snippets/technology-preview.adoc b/snippets/technology-preview.adoc
index 2ebd7dde423b..9c1acea0a89b 100644
--- a/snippets/technology-preview.adoc
+++ b/snippets/technology-preview.adoc
@@ -4,12 +4,7 @@
 [IMPORTANT]
 ====
 [subs="attributes+"]
-{FeatureName} is a Technology Preview feature only. Technology Preview features
-are not supported with Red Hat production service level agreements (SLAs) and
-might not be functionally complete. Red Hat does not recommend using them
-in production. These features provide early access to upcoming product
-features, enabling customers to test functionality and provide feedback during
-the development process.
+{FeatureName} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
 
 For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
 ====
diff --git a/snippets/telco-core_01-rook-ceph-external-cluster-details.secret.yaml b/snippets/telco-core_01-rook-ceph-external-cluster-details.secret.yaml
new file mode 100644
index 000000000000..0954ce355692
--- /dev/null
+++ b/snippets/telco-core_01-rook-ceph-external-cluster-details.secret.yaml
@@ -0,0 +1,12 @@
+# required
+# count: 1
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rook-ceph-external-cluster-details
+  namespace: openshift-storage
+type: Opaque
+data:
+  # encoded content has been made generic
+  external_cluster_details: eyJuYW1lIjoicm9vay1jZXBoLW1vbi1lbmRwb2ludHMiLCJraW5kIjoiQ29uZmlnTWFwIiwiZGF0YSI6eyJkYXRhIjoiY2VwaHVzYTE9MS4yLjMuNDo2Nzg5IiwibWF4TW9uSWQiOiIwIiwibWFwcGluZyI6Int9In19LHsibmFtZSI6InJvb2stY2VwaC1tb24iLCJraW5kIjoiU2VjcmV0IiwiZGF0YSI6eyJhZG1pbi1zZWNyZXQiOiJhZG1pbi1zZWNyZXQiLCJmc2lkIjoiMTExMTExMTEtMTExMS0xMTExLTExMTEtMTExMTExMTExMTExIiwibW9uLXNlY3JldCI6Im1vbi1zZWNyZXQifX0seyJuYW1lIjoicm9vay1jZXBoLW9wZXJhdG9yLWNyZWRzIiwia2luZCI6IlNlY3JldCIsImRhdGEiOnsidXNlcklEIjoiY2xpZW50LmhlYWx0aGNoZWNrZXIiLCJ1c2VyS2V5IjoiYzJWamNtVjAifX0seyJuYW1lIjoibW9uaXRvcmluZy1lbmRwb2ludCIsImtpbmQiOiJDZXBoQ2x1c3RlciIsImRhdGEiOnsiTW9uaXRvcmluZ0VuZHBvaW50IjoiMS4yLjMuNCwxLjIuMy4zLDEuMi4zLjIiLCJNb25pdG9yaW5nUG9ydCI6IjkyODMifX0seyJuYW1lIjoiY2VwaC1yYmQiLCJraW5kIjoiU3RvcmFnZUNsYXNzIiwiZGF0YSI6eyJwb29sIjoib2RmX3Bvb2wifX0seyJuYW1lIjoicm9vay1jc2ktcmJkLW5vZGUiLCJraW5kIjoiU2VjcmV0IiwiZGF0YSI6eyJ1c2VySUQiOiJjc2ktcmJkLW5vZGUiLCJ1c2VyS2V5IjoiIn19LHsibmFtZSI6InJvb2stY3NpLXJiZC1wcm92aXNpb25lciIsImtpbmQiOiJTZWNyZXQiLCJkYXRhIjp7InVzZXJJRCI6ImNzaS1yYmQtcHJvdmlzaW9uZXIiLCJ1c2VyS2V5IjoiYzJWamNtVjAifX0seyJuYW1lIjoicm9vay1jc2ktY2VwaGZzLXByb3Zpc2lvbmVyIiwia2luZCI6IlNlY3JldCIsImRhdGEiOnsiYWRtaW5JRCI6ImNzaS1jZXBoZnMtcHJvdmlzaW9uZXIiLCJhZG1pbktleSI6IiJ9fSx7Im5hbWUiOiJyb29rLWNzaS1jZXBoZnMtbm9kZSIsImtpbmQiOiJTZWNyZXQiLCJkYXRhIjp7ImFkbWluSUQiOiJjc2ktY2VwaGZzLW5vZGUiLCJhZG1pbktleSI6ImMyVmpjbVYwIn19LHsibmFtZSI6ImNlcGhmcyIsImtpbmQiOiJTdG9yYWdlQ2xhc3MiLCJkYXRhIjp7ImZzTmFtZSI6ImNlcGhmcyIsInBvb2wiOiJtYW5pbGFfZGF0YSJ9fQ==
diff --git a/snippets/telco-core_02-ocs-external-storagecluster.yaml b/snippets/telco-core_02-ocs-external-storagecluster.yaml
new file mode 100644
index 000000000000..592e5ba9c3f7
--- /dev/null
+++ b/snippets/telco-core_02-ocs-external-storagecluster.yaml
@@ -0,0 +1,12 @@
+# required
+# count: 1
+---
+apiVersion: ocs.openshift.io/v1
+kind: StorageCluster
+metadata:
+  name: ocs-external-storagecluster
+  namespace: openshift-storage
+spec:
+  externalStorage:
+    enable: true
+  labelSelector: {}
diff --git a/snippets/telco-core_ClusterLogForwarder.yaml b/snippets/telco-core_ClusterLogForwarder.yaml
new file mode 100644
index 000000000000..23a63c7bfdf6
--- /dev/null
+++ b/snippets/telco-core_ClusterLogForwarder.yaml
@@ -0,0 +1,26 @@
+# required
+# count: 1
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  outputs:
+    - type: "kafka"
+      name: kafka-open
+      url: tcp://10.11.12.13:9092/test
+  pipelines:
+    - inputRefs:
+        - infrastructure
+        #- application
+        - audit
+      labels:
+        label1: test1
+        label2: test2
+        label3: test3
+        label4: test4
+        label5: test5
+      name: all-to-default
+      outputRefs:
+        - kafka-open
diff --git a/snippets/telco-core_ClusterLogNS.yaml b/snippets/telco-core_ClusterLogNS.yaml
new file mode 100644
index 000000000000..1fcd5d63d7aa
--- /dev/null
+++ b/snippets/telco-core_ClusterLogNS.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-logging
+  annotations:
+    workload.openshift.io/allowed: management
diff --git a/snippets/telco-core_ClusterLogOperGroup.yaml b/snippets/telco-core_ClusterLogOperGroup.yaml
new file mode 100644
index 000000000000..767217077857
--- /dev/null
+++ b/snippets/telco-core_ClusterLogOperGroup.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+spec:
+  targetNamespaces:
+    - openshift-logging
diff --git a/snippets/telco-core_ClusterLogSubscription.yaml b/snippets/telco-core_ClusterLogSubscription.yaml
new file mode 100644
index 000000000000..25f04189e302
--- /dev/null
+++ b/snippets/telco-core_ClusterLogSubscription.yaml
@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+spec:
+  channel: "stable"
+  name: cluster-logging
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic
diff --git a/snippets/telco-core_ClusterLogging.yaml b/snippets/telco-core_ClusterLogging.yaml
new file mode 100644
index 000000000000..58586fb2530e
--- /dev/null
+++ b/snippets/telco-core_ClusterLogging.yaml
@@ -0,0 +1,11 @@
+# required
+# count: 1
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+  name: instance
+  namespace: openshift-logging
+spec:
+  collection:
+    type: vector
+  managementState: Managed
diff --git a/snippets/telco-core_NROPSubscription.yaml b/snippets/telco-core_NROPSubscription.yaml
new file mode 100644
index 000000000000..ee51950a43d1
--- /dev/null
+++ b/snippets/telco-core_NROPSubscription.yaml
@@ -0,0 +1,12 @@
+# required
+# count: 1
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: numaresources-operator
+  namespace: openshift-numaresources
+spec:
+  channel: "4.14"
+  name: numaresources-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
diff --git a/snippets/telco-core_NROPSubscriptionNS.yaml b/snippets/telco-core_NROPSubscriptionNS.yaml
new file mode 100644
index 000000000000..234fc27991b8
--- /dev/null
+++ b/snippets/telco-core_NROPSubscriptionNS.yaml
@@ -0,0 +1,8 @@
+# required: yes
+# count: 1
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-numaresources
+  annotations:
+    workload.openshift.io/allowed: management
diff --git a/snippets/telco-core_NROPSubscriptionOperGroup.yaml b/snippets/telco-core_NROPSubscriptionOperGroup.yaml
new file mode 100644
index 000000000000..fac93ccf0e5a
--- /dev/null
+++ b/snippets/telco-core_NROPSubscriptionOperGroup.yaml
@@ -0,0 +1,10 @@
+# required: yes
+# count: 1
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: numaresources-operator
+  namespace: openshift-numaresources
+spec:
+  targetNamespaces:
+    - openshift-numaresources
diff --git a/snippets/telco-core_Network.yaml b/snippets/telco-core_Network.yaml
new file mode 100644
index 000000000000..f9e550c8083f
--- /dev/null
+++ b/snippets/telco-core_Network.yaml
@@ -0,0 +1,22 @@
+# required
+# count: 1
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
+  defaultNetwork:
+    ovnKubernetesConfig:
+      gatewayConfig:
+        routingViaHost: true
+  # additional networks are optional and may alternatively be specified using NetworkAttachmentDefinition CRs
+  additionalNetworks: [$additionalNetworks]
+  # eg
+  #- name: add-net-1
+  #  namespace: app-ns-1
+  #  rawCNIConfig: '{ "cniVersion": "0.3.1", "name": "add-net-1", "plugins": [{"type": "macvlan", "master": "bond1", "ipam": {}}] }'
+  #  type: Raw
+  #- name: add-net-2
+  #  namespace: app-ns-1
+  #  rawCNIConfig: '{ "cniVersion": "0.4.0", "name": "add-net-2", "plugins": [ {"type": "macvlan", "master": "bond1", "mode": "private" },{ "type": "tuning", "name": "tuning-arp" }] }'
+  #  type: Raw
diff --git a/snippets/telco-core_PerformanceProfile.yaml b/snippets/telco-core_PerformanceProfile.yaml
new file mode 100644
index 000000000000..1a0021e2de50
--- /dev/null
+++ b/snippets/telco-core_PerformanceProfile.yaml
@@ -0,0 +1,53 @@
+# required
+# count: 1
+apiVersion: performance.openshift.io/v2
+kind: PerformanceProfile
+metadata:
+  name: $name
+  annotations:
+    # Some pods want the kernel stack to ignore IPv6 router Advertisement.
+    kubeletconfig.experimental: |
+      {"allowedUnsafeSysctls":["net.ipv6.conf.all.accept_ra"]}
+spec:
+  cpu:
+    # node0 CPUs: 0-17,36-53
+    # node1 CPUs: 18-34,54-71
+    # siblings: (0,36), (1,37)...
+    # we want to reserve the first Core of each NUMA socket
+    #
+    # no CPU left behind! all-cpus == isolated + reserved
+    isolated: $isolated # eg 1-17,19-35,37-53,55-71
+    reserved: $reserved # eg 0,18,36,54
+  # Guaranteed QoS pods will disable IRQ balancing for cores allocated to the pod.
+  # default value of globallyDisableIrqLoadBalancing is false
+  globallyDisableIrqLoadBalancing: false
+  hugepages:
+    defaultHugepagesSize: 1G
+    pages:
+      # 32GB per numa node
+      - count: $count # eg 64
+        size: 1G
+  machineConfigPoolSelector:
+    # For SNO: machineconfiguration.openshift.io/role: 'master'
+    pools.operator.machineconfiguration.openshift.io/worker: ''
+  nodeSelector:
+    # For SNO: node-role.kubernetes.io/master: ""
+    node-role.kubernetes.io/worker: ""
+  workloadHints:
+    realTime: false
+    highPowerConsumption: false
+    perPodPowerManagement: true
+  realTimeKernel:
+    enabled: false
+  numa:
+    # All guaranteed QoS containers get resources from a single NUMA node
+    topologyPolicy: "single-numa-node"
+  net:
+    # Limit the number or IRQs to 8 (number or reserved CPUs)
+    # => this is good enough as I have only 262 IT now instead of 501
+    # but this is a waste... TODO: now waste (see below)!
+    #
+    # This is more than enough for eno1 (host and OVN)
+    # eno2 should be down. TODO: add MCO or use NMSTATE in OCP4.10
+    # SR-IOV PFs: only VFs are used. TODO: MCO to have a single IRQ
+    userLevelNetworking: false
diff --git a/snippets/telco-core_SriovOperatorConfig.yaml b/snippets/telco-core_SriovOperatorConfig.yaml
new file mode 100644
index 000000000000..8e13cfcf0f20
--- /dev/null
+++ b/snippets/telco-core_SriovOperatorConfig.yaml
@@ -0,0 +1,13 @@
+# required
+# count: 1
+---
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovOperatorConfig
+metadata:
+  name: default
+  namespace: openshift-sriov-network-operator
+spec:
+  configDaemonNodeSelector:
+    node-role.kubernetes.io/worker: ""
+  enableInjector: true
+  enableOperatorWebhook: true
diff --git a/snippets/telco-core_SriovSubscription.yaml b/snippets/telco-core_SriovSubscription.yaml
new file mode 100644
index 000000000000..d3badc35f336
--- /dev/null
+++ b/snippets/telco-core_SriovSubscription.yaml
@@ -0,0 +1,13 @@
+# required: yes
+# count: 1
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: sriov-network-operator-subscription
+  namespace: openshift-sriov-network-operator
+spec:
+  channel: "stable"
+  name: sriov-network-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic
diff --git a/snippets/telco-core_SriovSubscriptionNS.yaml b/snippets/telco-core_SriovSubscriptionNS.yaml
new file mode 100644
index 000000000000..226d8a1a54ed
--- /dev/null
+++ b/snippets/telco-core_SriovSubscriptionNS.yaml
@@ -0,0 +1,8 @@
+# required: yes
+# count: 1
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-sriov-network-operator
+  annotations:
+    workload.openshift.io/allowed: management
diff --git a/snippets/telco-core_SriovSubscriptionOperGroup.yaml b/snippets/telco-core_SriovSubscriptionOperGroup.yaml
new file mode 100644
index 000000000000..de35000cee50
--- /dev/null
+++ b/snippets/telco-core_SriovSubscriptionOperGroup.yaml
@@ -0,0 +1,10 @@
+# required: yes
+# count: 1
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: sriov-network-operators
+  namespace: openshift-sriov-network-operator
+spec:
+  targetNamespaces:
+    - openshift-sriov-network-operator
diff --git a/snippets/telco-core_addr-pool.yaml b/snippets/telco-core_addr-pool.yaml
new file mode 100644
index 000000000000..94642da26cc9
--- /dev/null
+++ b/snippets/telco-core_addr-pool.yaml
@@ -0,0 +1,16 @@
+# required
+# count: 1-N
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: $name # eg addresspool3
+  namespace: metallb-system
+  annotations:
+    metallb.universe.tf/address-pool: $name # eg addresspool3
+spec:
+  ##############
+  # Expected variation in this configuration
+  addresses: [$pools]
+  #- 3.3.3.0/24
+  autoAssign: true
+  ##############
diff --git a/snippets/telco-core_bfd-profile.yaml b/snippets/telco-core_bfd-profile.yaml
new file mode 100644
index 000000000000..7145d3bca1fc
--- /dev/null
+++ b/snippets/telco-core_bfd-profile.yaml
@@ -0,0 +1,19 @@
+# required
+# count: 1-N
+apiVersion: metallb.io/v1beta1
+kind: BFDProfile
+metadata:
+  name: bfdprofile
+  namespace: metallb-system
+spec:
+  ################
+  # These values may vary. Recommended values are included as default
+  receiveInterval: 150 # default 300ms
+  transmitInterval: 150 # default 300ms
+  #echoInterval: 300 # default 50ms
+  detectMultiplier: 10 # default 3
+  echoMode: true
+  passiveMode: true
+  minimumTtl: 5 # default 254
+  #
+  ################
diff --git a/snippets/telco-core_bgp-advr.yaml b/snippets/telco-core_bgp-advr.yaml
new file mode 100644
index 000000000000..ef0a45cdf519
--- /dev/null
+++ b/snippets/telco-core_bgp-advr.yaml
@@ -0,0 +1,24 @@
+# required
+# count: 1-N
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: $name # eg bgpadvertisement-1
+  namespace: metallb-system
+spec:
+  ipAddressPools: [$pool]
+  # eg:
+
+  #  - addresspool3
+  peers: [$peers]
+  # eg:
+
+  #    - peer-one
+  communities: [$communities]
+  # Note correlation with address pool.
+  # eg:
+
+  #    - 65535:65282
+  aggregationLength: 32
+  aggregationLengthV6: 128
+  localPref: 100
diff --git a/snippets/telco-core_bgp-peer.yaml b/snippets/telco-core_bgp-peer.yaml
new file mode 100644
index 000000000000..0f71716217e1
--- /dev/null
+++ b/snippets/telco-core_bgp-peer.yaml
@@ -0,0 +1,13 @@
+# required
+# count: 1-N
+apiVersion: metallb.io/v1beta1
+kind: BGPPeer
+metadata:
+  name: $name
+  namespace: metallb-system
+spec:
+  peerAddress: $ip # eg 192.168.1.2
+  peerASN: $peerasn # eg 64501
+  myASN: $myasn # eg 64500
+  routerID: $id # eg 10.10.10.10
+  bfdProfile: bfdprofile
diff --git a/snippets/telco-core_catalog-source.yaml b/snippets/telco-core_catalog-source.yaml
new file mode 100644
index 000000000000..cea0e5cb5f08
--- /dev/null
+++ b/snippets/telco-core_catalog-source.yaml
@@ -0,0 +1,18 @@
+# required
+# count: 1..N
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: redhat-operators-disconnected
+  namespace: openshift-marketplace
+spec:
+  displayName: Red Hat Disconnected Operators Catalog
+  image: $imageUrl
+  publisher: Red Hat
+  sourceType: grpc
+#  updateStrategy:
+#    registryPoll:
+#      interval: 1h
+#status:
+#    connectionState:
+#        lastObservedState: READY
diff --git a/snippets/telco-core_control-plane-load-kernel-modules.yaml b/snippets/telco-core_control-plane-load-kernel-modules.yaml
new file mode 100644
index 000000000000..f20693b42d18
--- /dev/null
+++ b/snippets/telco-core_control-plane-load-kernel-modules.yaml
@@ -0,0 +1,25 @@
+# optional
+# count: 1
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 40-load-kernel-modules-control-plane
+spec:
+  config:
+    # Release info found in https://github.com/coreos/butane/releases
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:,
+          mode: 420
+          overwrite: true
+          path: /etc/modprobe.d/kernel-blacklist.conf
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,aXBfZ3JlCmlwNl90YWJsZXMKaXA2dF9SRUpFQ1QKaXA2dGFibGVfZmlsdGVyCmlwNnRhYmxlX21hbmdsZQppcHRhYmxlX2ZpbHRlcgppcHRhYmxlX21hbmdsZQppcHRhYmxlX25hdAp4dF9tdWx0aXBvcnQKeHRfb3duZXIKeHRfUkVESVJFQ1QKeHRfc3RhdGlzdGljCnh0X1RDUE1TUwp4dF91MzI=
+          mode: 420
+          overwrite: true
+          path: /etc/modules-load.d/kernel-load.conf
diff --git a/snippets/telco-core_control-plane-system-reserved.yaml b/snippets/telco-core_control-plane-system-reserved.yaml
new file mode 100644
index 000000000000..49ba247cf5b0
--- /dev/null
+++ b/snippets/telco-core_control-plane-system-reserved.yaml
@@ -0,0 +1,11 @@
+# optional
+# count: 1
+apiVersion: machineconfiguration.openshift.io/v1
+kind: KubeletConfig
+metadata:
+  name: autosizing-master
+spec:
+  autoSizingReserved: true
+  machineConfigPoolSelector:
+    matchLabels:
+      pools.operator.machineconfiguration.openshift.io/master: ""
diff --git a/snippets/telco-core_icsp.yaml b/snippets/telco-core_icsp.yaml
new file mode 100644
index 000000000000..8b280a7e9f29
--- /dev/null
+++ b/snippets/telco-core_icsp.yaml
@@ -0,0 +1,9 @@
+# required
+# count: 1
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: disconnected-internal-icsp
+spec:
+  repositoryDigestMirrors: []
+#    - $mirrors
diff --git a/snippets/telco-core_mc_rootless_pods_selinux.yaml b/snippets/telco-core_mc_rootless_pods_selinux.yaml
new file mode 100644
index 000000000000..af71b9247ce1
--- /dev/null
+++ b/snippets/telco-core_mc_rootless_pods_selinux.yaml
@@ -0,0 +1,26 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-worker-setsebool
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Set SELinux boolean for tap cni plugin
+            Before=kubelet.service
+
+            [Service]
+            Type=oneshot
+            ExecStart=/sbin/setsebool container_use_devices=on
+            RemainAfterExit=true
+
+            [Install]
+            WantedBy=multi-user.target graphical.target
+          enabled: true
+          name: setsebool.service
diff --git a/snippets/telco-core_metallb.yaml b/snippets/telco-core_metallb.yaml
new file mode 100644
index 000000000000..6a76d8ba5781
--- /dev/null
+++ b/snippets/telco-core_metallb.yaml
@@ -0,0 +1,10 @@
+# required
+# count: 1
+apiVersion: metallb.io/v1beta1
+kind: MetalLB
+metadata:
+  name: metallb
+  namespace: metallb-system
+spec:
+  nodeSelector:
+    node-role.kubernetes.io/worker: ""
diff --git a/snippets/telco-core_metallbNS.yaml b/snippets/telco-core_metallbNS.yaml
new file mode 100644
index 000000000000..84af127aea90
--- /dev/null
+++ b/snippets/telco-core_metallbNS.yaml
@@ -0,0 +1,11 @@
+# required: yes
+# count: 1
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  annotations:
+    workload.openshift.io/allowed: management
+  labels:
+    openshift.io/cluster-monitoring: "true"
diff --git a/snippets/telco-core_metallbOperGroup.yaml b/snippets/telco-core_metallbOperGroup.yaml
new file mode 100644
index 000000000000..f91d0c35ab6f
--- /dev/null
+++ b/snippets/telco-core_metallbOperGroup.yaml
@@ -0,0 +1,8 @@
+# required: yes
+# count: 1
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: metallb-operator
+  namespace: metallb-system
diff --git a/snippets/telco-core_metallbSubscription.yaml b/snippets/telco-core_metallbSubscription.yaml
new file mode 100644
index 000000000000..01c7f463f14f
--- /dev/null
+++ b/snippets/telco-core_metallbSubscription.yaml
@@ -0,0 +1,14 @@
+# required: yes
+# count: 1
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: metallb-operator-sub
+  namespace: metallb-system
+spec:
+  channel: stable
+  name: metallb-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic
diff --git a/snippets/telco-core_monitoring-config-cm.yaml b/snippets/telco-core_monitoring-config-cm.yaml
new file mode 100644
index 000000000000..08f2d17abb13
--- /dev/null
+++ b/snippets/telco-core_monitoring-config-cm.yaml
@@ -0,0 +1,28 @@
+# optional
+# count: 1
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-monitoring-config
+  namespace: openshift-monitoring
+data:
+  config.yaml: |
+    k8sPrometheusAdapter:
+      dedicatedServiceMonitors:
+        enabled: true
+    prometheusK8s:
+      retention: 15d
+      volumeClaimTemplate:
+        spec:
+          storageClassName: ocs-external-storagecluster-ceph-rbd
+          resources:
+            requests:
+              storage: 100Gi
+    alertmanagerMain:
+      volumeClaimTemplate:
+        spec:
+          storageClassName: ocs-external-storagecluster-ceph-rbd
+          resources:
+            requests:
+              storage: 20Gi
diff --git a/snippets/telco-core_networkAttachmentDefinition.yaml b/snippets/telco-core_networkAttachmentDefinition.yaml
new file mode 100644
index 000000000000..4c2d0c05c30a
--- /dev/null
+++ b/snippets/telco-core_networkAttachmentDefinition.yaml
@@ -0,0 +1,23 @@
+# optional
+# copies: 0-N
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: $name
+  namespace: $ns
+spec:
+  nodeSelector:
+    kubernetes.io/hostname: $nodeName
+  config: $config
+  #eg
+  #config: '{
+  #  "cniVersion": "0.3.1",
+  #  "name": "external-169",
+  #  "type": "vlan",
+  #  "master": "ens8f0",
+  #  "mode": "bridge",
+  #  "vlanid": 169,
+  #  "ipam": {
+  #    "type": "static",
+  #  }
+  #}'
diff --git a/snippets/telco-core_nrop.yaml b/snippets/telco-core_nrop.yaml
new file mode 100644
index 000000000000..a61b936180db
--- /dev/null
+++ b/snippets/telco-core_nrop.yaml
@@ -0,0 +1,15 @@
+# Optional
+# count: 1
+apiVersion: nodetopology.openshift.io/v1
+kind: NUMAResourcesOperator
+metadata:
+  name: numaresourcesoperator
+spec:
+  nodeGroups:
+    - config:
+        # Periodic is the default setting
+        infoRefreshMode: Periodic
+      machineConfigPoolSelector:
+        matchLabels:
+          # This label must match the pool(s) you want to run NUMA-aligned workloads
+          pools.operator.machineconfiguration.openshift.io/worker: ""
diff --git a/snippets/telco-core_odfNS.yaml b/snippets/telco-core_odfNS.yaml
new file mode 100644
index 000000000000..bd267698a02f
--- /dev/null
+++ b/snippets/telco-core_odfNS.yaml
@@ -0,0 +1,11 @@
+# required: yes
+# count: 1
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-storage
+  annotations:
+    workload.openshift.io/allowed: management
+  labels:
+    openshift.io/cluster-monitoring: "true"
diff --git a/snippets/telco-core_odfOperGroup.yaml b/snippets/telco-core_odfOperGroup.yaml
new file mode 100644
index 000000000000..4efc3206a36c
--- /dev/null
+++ b/snippets/telco-core_odfOperGroup.yaml
@@ -0,0 +1,11 @@
+# required: yes
+# count: 1
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-storage-operatorgroup
+  namespace: openshift-storage
+spec:
+  targetNamespaces:
+    - openshift-storage
diff --git a/snippets/telco-core_odfSubscription.yaml b/snippets/telco-core_odfSubscription.yaml
new file mode 100644
index 000000000000..865ff3a7759b
--- /dev/null
+++ b/snippets/telco-core_odfSubscription.yaml
@@ -0,0 +1,14 @@
+# required: yes
+# count: 1
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: odf-operator
+  namespace: openshift-storage
+spec:
+  channel: "stable-4.14"
+  name: odf-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic
diff --git a/snippets/telco-core_operator-hub.yaml b/snippets/telco-core_operator-hub.yaml
new file mode 100644
index 000000000000..bf2247738100
--- /dev/null
+++ b/snippets/telco-core_operator-hub.yaml
@@ -0,0 +1,8 @@
+# required
+# count: 1
+apiVersion: config.openshift.io/v1
+kind: OperatorHub
+metadata:
+  name: cluster
+spec:
+  disableAllDefaultSources: true
diff --git a/snippets/telco-core_pid-limits-cr.yaml b/snippets/telco-core_pid-limits-cr.yaml
new file mode 100644
index 000000000000..4a279091ed7b
--- /dev/null
+++ b/snippets/telco-core_pid-limits-cr.yaml
@@ -0,0 +1,15 @@
+# optional
+# count: 1
+apiVersion: machineconfiguration.openshift.io/v1
+kind: ContainerRuntimeConfig
+metadata:
+  name: 99-change-pidslimit-custom
+spec:
+  machineConfigPoolSelector:
+    matchLabels:
+      # Set to appropriate MCP
+      pools.operator.machineconfiguration.openshift.io/master: ""
+  containerRuntimeConfig:
+    pidsLimit: $pidsLimit
+    # Example:
+    #pidsLimit: 4096
diff --git a/snippets/telco-core_sched.yaml b/snippets/telco-core_sched.yaml
new file mode 100644
index 000000000000..bca323366ba0
--- /dev/null
+++ b/snippets/telco-core_sched.yaml
@@ -0,0 +1,12 @@
+# Optional
+# count: 1
+apiVersion: nodetopology.openshift.io/v1
+kind: NUMAResourcesScheduler
+metadata:
+  name: numaresourcesscheduler
+spec:
+  #cacheResyncPeriod: "0"
+  # Image spec should be the latest for the release
+  imageSpec: "registry.redhat.io/openshift4/noderesourcetopology-scheduler-rhel9:v4.14.0"
+  #logLevel: "Trace"
+  schedulerName: topo-aware-scheduler
diff --git a/snippets/telco-core_sctp_module_mc.yaml b/snippets/telco-core_sctp_module_mc.yaml
new file mode 100644
index 000000000000..adc546d2eaa3
--- /dev/null
+++ b/snippets/telco-core_sctp_module_mc.yaml
@@ -0,0 +1,25 @@
+# optional
+# count: 1
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: load-sctp-module
+spec:
+  config:
+    ignition:
+      version: 2.2.0
+    storage:
+      files:
+        - contents:
+            source: data:,
+            verification: {}
+          filesystem: root
+          mode: 420
+          path: /etc/modprobe.d/sctp-blacklist.conf
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,c2N0cA==
+          filesystem: root
+          mode: 420
+          path: /etc/modules-load.d/sctp-load.conf
diff --git a/snippets/telco-core_sriovNetwork.yaml b/snippets/telco-core_sriovNetwork.yaml
new file mode 100644
index 000000000000..c81e023bd653
--- /dev/null
+++ b/snippets/telco-core_sriovNetwork.yaml
@@ -0,0 +1,12 @@
+# optional (though expected for all)
+# count: 0-N
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetwork
+metadata:
+  name: $name # eg sriov-network-abcd
+  namespace: openshift-sriov-network-operator
+spec:
+  capabilities: "$capabilities" # eg '{"mac": true, "ips": true}'
+  ipam: "$ipam" # eg '{ "type": "host-local", "subnet": "10.3.38.0/24" }'
+  networkNamespace: $nns # eg cni-test
+  resourceName: $resource # eg resourceTest
diff --git a/snippets/telco-core_sriovNetworkNodePolicy.yaml b/snippets/telco-core_sriovNetworkNodePolicy.yaml
new file mode 100644
index 000000000000..84071480e5a0
--- /dev/null
+++ b/snippets/telco-core_sriovNetworkNodePolicy.yaml
@@ -0,0 +1,23 @@
+# optional (though expected in all deployments)
+# count: 0-N
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+  name: $name
+  namespace: openshift-sriov-network-operator
+spec: {} # $spec
+# eg
+#deviceType: netdevice
+#nicSelector:
+#  deviceID: "1593"
+#  pfNames:
+#  - ens8f0np0#0-9
+#  rootDevices:
+#  - 0000:d8:00.0
+#  vendor: "8086"
+#nodeSelector:
+#  kubernetes.io/hostname: host.sample.lab
+#numVfs: 20
+#priority: 99
+#excludeTopology: true
+#resourceName: resourceNameABCD
diff --git a/snippets/telco-core_worker-load-kernel-modules.yaml b/snippets/telco-core_worker-load-kernel-modules.yaml
new file mode 100644
index 000000000000..ff1546601e9e
--- /dev/null
+++ b/snippets/telco-core_worker-load-kernel-modules.yaml
@@ -0,0 +1,25 @@
+# optional
+# count: 1
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 40-load-kernel-modules-worker
+spec:
+  config:
+    # Release info found in https://github.com/coreos/butane/releases
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:,
+          mode: 420
+          overwrite: true
+          path: /etc/modprobe.d/kernel-blacklist.conf
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,aXBfZ3JlCmlwNl90YWJsZXMKaXA2dF9SRUpFQ1QKaXA2dGFibGVfZmlsdGVyCmlwNnRhYmxlX21hbmdsZQppcHRhYmxlX2ZpbHRlcgppcHRhYmxlX21hbmdsZQppcHRhYmxlX25hdAp4dF9tdWx0aXBvcnQKeHRfb3duZXIKeHRfUkVESVJFQ1QKeHRfc3RhdGlzdGljCnh0X1RDUE1TUwp4dF91MzI=
+          mode: 420
+          overwrite: true
+          path: /etc/modules-load.d/kernel-load.conf
diff --git a/snippets/vcenter-support.adoc b/snippets/vcenter-support.adoc
index 91e78f5e7bdc..1101155977b7 100644
--- a/snippets/vcenter-support.adoc
+++ b/snippets/vcenter-support.adoc
@@ -8,7 +8,7 @@
 // * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
 [NOTE]
 ====
diff --git a/snippets/worker-latency-profile-intro.adoc b/snippets/worker-latency-profile-intro.adoc
index 46c6964728c2..96e8c1606270 100644
--- a/snippets/worker-latency-profile-intro.adoc
+++ b/snippets/worker-latency-profile-intro.adoc
@@ -3,21 +3,28 @@
 // * nodes/clusters/nodes-cluster-worker-latency-profiles
 // * nodes/edge/nodes-edge-remote-workers
 // * post_installation_configuration/cluster-tasks
-// * scalability_and_performance/scaling-worker-latency-profiles.adoc 
+// * scalability_and_performance/scaling-worker-latency-profiles.adoc
 
 
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 
-All nodes send heartbeats to the Kubernetes Controller Manager Operator (kube controller) in the {product-title} cluster every 10 seconds, by default. If the cluster does not receive heartbeats from a node, {product-title} responds using several default mechanisms.
 
-For example, if the Kubernetes Controller Manager Operator loses contact with a node after a configured period:
 
-. The node controller on the control plane updates the node health to `Unhealthy` and marks the node `Ready` condition as `Unknown`.
+If the cluster administrator has performed latency tests for platform verification, they can discover the need to adjust the operation of the cluster to ensure stability in cases of high latency. The cluster administrator need change only one parameter, recorded in a file, which controls four parameters affecting how supervisory processes read status and interpret the health of the cluster. Changing only the one parameter provides cluster tuning in an easy, supportable manner.
+
+The `Kubelet` process provides the starting point for monitoring cluster health. The `Kubelet` sets status values for all nodes in the {product-title} cluster. The Kubernetes Controller Manager (`kube controller`) reads the status values every 10 seconds, by default.
+If the `kube controller` cannot read a node status value, it loses contact with that node after a configured period. The default behavior is:
+
+. The node controller on the control plane updates the node health to `Unhealthy` and marks the node `Ready` condition`Unknown`.
 
 . In response, the scheduler stops scheduling pods to that node.
 
-. The on-premise node controller adds a `node.kubernetes.io/unreachable` taint with a `NoExecute` effect to the node and schedules any pods on the node for eviction after five minutes, by default.
+. The Node Lifecycle Controller adds a `node.kubernetes.io/unreachable` taint with a `NoExecute` effect to the node and schedules any pods on the node for eviction after five minutes, by default.
+
+This behavior can cause problems if your network is prone to latency issues, especially if you have nodes at the network edge. In some cases, the Kubernetes Controller Manager might not receive an update from a healthy node due to network latency. The `Kubelet` evicts pods from the node even though the node is healthy. 
+
+To avoid this problem, you can use _worker latency profiles_ to adjust the frequency that the `Kubelet` and the Kubernetes Controller Manager wait for status updates before taking action. These adjustments help to ensure that your cluster runs properly if network latency between the control plane and the worker nodes is not optimal.
 
-This behavior can cause problems if your network is prone to latency issues, especially if you have nodes at the network edge. In some cases, the Kubernetes Controller Manager Operator might not receive an update from a healthy node due to network latency. The Kubernetes Controller Manager Operator would then evict pods from the node even though the node is healthy. To avoid this problem, you can use _worker latency profiles_ to adjust the frequency that the kubelet and the Kubernetes Controller Manager Operator wait for status updates before taking action. These adjustments help to ensure that your cluster runs properly in the event that network latency between the control plane and the worker nodes is not optimal.
+These worker latency profiles contain three sets of parameters that are pre-defined with carefully tuned values to control the reaction of the cluster to increased latency. No need to experimentally find the best values manually.
 
-These worker latency profiles are three sets of parameters that are pre-defined with carefully tuned values that let you control the reaction of the cluster to latency issues  without needing to determine the best values manually.
+You can configure worker latency profiles when installing a cluster or at any time you notice increased latency in your cluster network.
\ No newline at end of file
diff --git a/snippets/ztp-02-master-workload-partitioning.adoc b/snippets/ztp-02-master-workload-partitioning.adoc
deleted file mode 100644
index 58f26e1454b7..000000000000
--- a/snippets/ztp-02-master-workload-partitioning.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-:_content-type: SNIPPET
-.Recommended workload partitioning configuration
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: master
-  name: 02-master-workload-partitioning
-spec:
-  config:
-    ignition:
-      version: 3.2.0
-    storage:
-      files:
-      - contents:
-          source: data:text/plain;charset=utf-8;base64,W2NyaW8ucnVudGltZS53b3JrbG9hZHMubWFuYWdlbWVudF0KYWN0aXZhdGlvbl9hbm5vdGF0aW9uID0gInRhcmdldC53b3JrbG9hZC5vcGVuc2hpZnQuaW8vbWFuYWdlbWVudCIKYW5ub3RhdGlvbl9wcmVmaXggPSAicmVzb3VyY2VzLndvcmtsb2FkLm9wZW5zaGlmdC5pbyIKcmVzb3VyY2VzID0geyAiY3B1c2hhcmVzIiA9IDAsICJjcHVzZXQiID0gIjAtMSw1Mi01MyIgfQo=
-        mode: 420
-        overwrite: true
-        path: /etc/crio/crio.conf.d/01-workload-partitioning
-        user:
-          name: root
-      - contents:
-          source: data:text/plain;charset=utf-8;base64,ewogICJtYW5hZ2VtZW50IjogewogICAgImNwdXNldCI6ICIwLTEsNTItNTMiCiAgfQp9Cg==
-        mode: 420
-        overwrite: true
-        path: /etc/kubernetes/openshift-workload-pinning
-        user:
-          name: root
-----
diff --git a/snippets/ztp-04-accelerated-container-startup-master.adoc b/snippets/ztp-04-accelerated-container-startup-master.adoc
deleted file mode 100644
index 81d28130af4a..000000000000
--- a/snippets/ztp-04-accelerated-container-startup-master.adoc
+++ /dev/null
@@ -1,88 +0,0 @@
-:_content-type: SNIPPET
-.Recommended accelerated container startup configuration
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: master
-  name: 04-accelerated-container-startup-master
-spec:
-  config:
-    ignition:
-      version: 3.2.0
-    storage:
-      files:
-      - contents:
-          source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKIwojIFRlbXBvcmFyaWx5IHJlc2V0IHRoZSBjb3JlIHN5c3RlbSBwcm9jZXNzZXMncyBDUFUgYWZmaW5pdHkgdG8gYmUgdW5yZXN0cmljdGVkIHRvIGFjY2VsZXJhdGUgc3RhcnR1cCBhbmQgc2h1dGRvd24KIwojIFRoZSBkZWZhdWx0cyBiZWxvdyBjYW4gYmUgb3ZlcnJpZGRlbiB2aWEgZW52aXJvbm1lbnQgdmFyaWFibGVzCiMKCiMgVGhlIGRlZmF1bHQgc2V0IG9mIGNyaXRpY2FsIHByb2Nlc3NlcyB3aG9zZSBhZmZpbml0eSBzaG91bGQgYmUgdGVtcG9yYXJpbHkgdW5ib3VuZDoKQ1JJVElDQUxfUFJPQ0VTU0VTPSR7Q1JJVElDQUxfUFJPQ0VTU0VTOi0ic3lzdGVtZCBvdnMgY3JpbyBrdWJlbGV0IE5ldHdvcmtNYW5hZ2VyIGNvbm1vbiBkYnVzIn0KCiMgRGVmYXVsdCB3YWl0IHRpbWUgaXMgNjAwcyA9IDEwbToKTUFYSU1VTV9XQUlUX1RJTUU9JHtNQVhJTVVNX1dBSVRfVElNRTotNjAwfQoKIyBEZWZhdWx0IHN0ZWFkeS1zdGF0ZSB0aHJlc2hvbGQgPSAyJQojIEFsbG93ZWQgdmFsdWVzOgojICA0ICAtIGFic29sdXRlIHBvZCBjb3VudCAoKy8tKQojICA0JSAtIHBlcmNlbnQgY2hhbmdlICgrLy0pCiMgIC0xIC0gZGlzYWJsZSB0aGUgc3RlYWR5LXN0YXRlIGNoZWNrClNURUFEWV9TVEFURV9USFJFU0hPTEQ9JHtTVEVBRFlfU1RBVEVfVEhSRVNIT0xEOi0yJX0KCiMgRGVmYXVsdCBzdGVhZHktc3RhdGUgd2luZG93ID0gNjBzCiMgSWYgdGhlIHJ1bm5pbmcgcG9kIGNvdW50IHN0YXlzIHdpdGhpbiB0aGUgZ2l2ZW4gdGhyZXNob2xkIGZvciB0aGlzIHRpbWUKIyBwZXJpb2QsIHJldHVybiBDUFUgdXRpbGl6YXRpb24gdG8gbm9ybWFsIGJlZm9yZSB0aGUgbWF4aW11bSB3YWl0IHRpbWUgaGFzCiMgZXhwaXJlcwpTVEVBRFlfU1RBVEVfV0lORE9XPSR7U1RFQURZX1NUQVRFX1dJTkRPVzotNjB9CgojIERlZmF1bHQgc3RlYWR5LXN0YXRlIGFsbG93cyBhbnkgcG9kIGNvdW50IHRvIGJlICJzdGVhZHkgc3RhdGUiCiMgSW5jcmVhc2luZyB0aGlzIHdpbGwgc2tpcCBhbnkgc3RlYWR5LXN0YXRlIGNoZWNrcyB1bnRpbCB0aGUgY291bnQgcmlzZXMgYWJvdmUKIyB0aGlzIG51bWJlciB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMgaWYgdGhlcmUgYXJlIHNvbWUgcGVyaW9kcyB3aGVyZSB0aGUKIyBjb3VudCBkb2Vzbid0IGluY3JlYXNlIGJ1dCB3ZSBrbm93IHdlIGNhbid0IGJlIGF0IHN0ZWFkeS1zdGF0ZSB5ZXQuClNURUFEWV9TVEFURV9NSU5JTVVNPSR7U1RFQURZX1NUQVRFX01JTklNVU06LTB9CgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgpLVUJFTEVUX0NQVV9TVEFURT0vdmFyL2xpYi9rdWJlbGV0L2NwdV9tYW5hZ2VyX3N0YXRlCkZVTExfQ1BVX1NUQVRFPS9zeXMvZnMvY2dyb3VwL2NwdXNldC9jcHVzZXQuY3B1cwp1bnJlc3RyaWN0ZWRDcHVzZXQoKSB7CiAgbG9jYWwgY3B1cwogIGlmIFtbIC1lICRLVUJFTEVUX0NQVV9TVEFURSBdXTsgdGhlbgogICAgICBjcHVzPSQoanEgLXIgJy5kZWZhdWx0Q3B1U2V0JyA8JEtVQkVMRVRfQ1BVX1NUQVRFKQogIGZpCiAgaWYgW1sgLXogJGNwdXMgXV07IHRoZW4KICAgICMgZmFsbCBiYWNrIHRvIHVzaW5nIGFsbCBjcHVzIGlmIHRoZSBrdWJlbGV0IHN0YXRlIGlzIG5vdCBjb25maWd1cmVkIHlldAogICAgW1sgLWUgJEZVTExfQ1BVX1NUQVRFIF1dIHx8IHJldHVybiAxCiAgICBjcHVzPSQoPCRGVUxMX0NQVV9TVEFURSkKICBmaQogIGVjaG8gJGNwdXMKfQoKcmVzdHJpY3RlZENwdXNldCgpIHsKICBmb3IgYXJnIGluICQoPC9wcm9jL2NtZGxpbmUpOyBkbwogICAgaWYgW1sgJGFyZyA9fiBec3lzdGVtZC5jcHVfYWZmaW5pdHk9IF1dOyB0aGVuCiAgICAgIGVjaG8gJHthcmcjKj19CiAgICAgIHJldHVybiAwCiAgICBmaQogIGRvbmUKICByZXR1cm4gMQp9CgpnZXRDUFVDb3VudCAoKSB7CiAgbG9jYWwgY3B1c2V0PSIkMSIKICBsb2NhbCBjcHVsaXN0PSgpCiAgbG9jYWwgY3B1cz0wCiAgbG9jYWwgbWluY3B1cz0yCgogIGlmIFtbIC16ICRjcHVzZXQgfHwgJGNwdXNldCA9fiBbXjAtOSwtXSBdXTsgdGhlbgogICAgZWNobyAkbWluY3B1cwogICAgcmV0dXJuIDEKICBmaQoKICBJRlM9JywnIHJlYWQgLXJhIGNwdWxpc3QgPDw8ICRjcHVzZXQKCiAgZm9yIGVsbSBpbiAiJHtjcHVsaXN0W0BdfSI7IGRvCiAgICBpZiBbWyAkZWxtID1+IF5bMC05XSskIF1dOyB0aGVuCiAgICAgICgoIGNwdXMrKyApKQogICAgZWxpZiBbWyAkZWxtID1+IF5bMC05XSstWzAtOV0rJCBdXTsgdGhlbgogICAgICBsb2NhbCBsb3c9MCBoaWdoPTAKICAgICAgSUZTPSctJyByZWFkIGxvdyBoaWdoIDw8PCAkZWxtCiAgICAgICgoIGNwdXMgKz0gaGlnaCAtIGxvdyArIDEgKSkKICAgIGVsc2UKICAgICAgZWNobyAkbWluY3B1cwogICAgICByZXR1cm4gMQogICAgZmkKICBkb25lCgogICMgUmV0dXJuIGEgbWluaW11bSBvZiAyIGNwdXMKICBlY2hvICQoKCBjcHVzID4gJG1pbmNwdXMgPyBjcHVzIDogJG1pbmNwdXMgKSkKICByZXR1cm4gMAp9CgpyZXNldE9WU3RocmVhZHMgKCkgewogIGxvY2FsIGNwdWNvdW50PSIkMSIKICBsb2NhbCBjdXJSZXZhbGlkYXRvcnM9MAogIGxvY2FsIGN1ckhhbmRsZXJzPTAKICBsb2NhbCBkZXNpcmVkUmV2YWxpZGF0b3JzPTAKICBsb2NhbCBkZXNpcmVkSGFuZGxlcnM9MAogIGxvY2FsIHJjPTAKCiAgY3VyUmV2YWxpZGF0b3JzPSQocHMgLVRlbyBwaWQsdGlkLGNvbW0sY21kIHwgZ3JlcCAtZSByZXZhbGlkYXRvciB8IGdyZXAgLWMgb3ZzLXZzd2l0Y2hkKQogIGN1ckhhbmRsZXJzPSQocHMgLVRlbyBwaWQsdGlkLGNvbW0sY21kIHwgZ3JlcCAtZSBoYW5kbGVyIHwgZ3JlcCAtYyBvdnMtdnN3aXRjaGQpCgogICMgQ2FsY3VsYXRlIHRoZSBkZXNpcmVkIG51bWJlciBvZiB0aHJlYWRzIHRoZSBzYW1lIHdheSBPVlMgZG9lcy4KICAjIE9WUyB3aWxsIHNldCB0aGVzZSB0aHJlYWQgY291bnQgYXMgYSBvbmUgc2hvdCBwcm9jZXNzIG9uIHN0YXJ0dXAsIHNvIHdlCiAgIyBoYXZlIHRvIGFkanVzdCB1cCBvciBkb3duIGR1cmluZyB0aGUgYm9vdCB1cCBwcm9jZXNzLiBUaGUgZGVzaXJlZCBvdXRjb21lIGlzCiAgIyB0byBub3QgcmVzdHJpY3QgdGhlIG51bWJlciBvZiB0aHJlYWQgYXQgc3RhcnR1cCB1bnRpbCB3ZSByZWFjaCBhIHN0ZWFkeQogICMgc3RhdGUuICBBdCB3aGljaCBwb2ludCB3ZSBuZWVkIHRvIHJlc2V0IHRoZXNlIGJhc2VkIG9uIG91ciByZXN0cmljdGVkICBzZXQKICAjIG9mIGNvcmVzLgogICMgU2VlIE9WUyBmdW5jdGlvbiB0aGF0IGNhbGN1bGF0ZXMgdGhlc2UgdGhyZWFkIGNvdW50czoKICAjIGh0dHBzOi8vZ2l0aHViLmNvbS9vcGVudnN3aXRjaC9vdnMvYmxvYi9tYXN0ZXIvb2Zwcm90by9vZnByb3RvLWRwaWYtdXBjYWxsLmMjTDYzNQogICgoIGRlc2lyZWRSZXZhbGlkYXRvcnM9JGNwdWNvdW50IC8gNCArIDEgKSkKICAoKCBkZXNpcmVkSGFuZGxlcnM9JGNwdWNvdW50IC0gJGRlc2lyZWRSZXZhbGlkYXRvcnMgKSkKCgogIGlmIFtbICRjdXJSZXZhbGlkYXRvcnMgLW5lICRkZXNpcmVkUmV2YWxpZGF0b3JzIHx8ICRjdXJIYW5kbGVycyAtbmUgJGRlc2lyZWRIYW5kbGVycyBdXTsgdGhlbgoKICAgIGxvZ2dlciAiUmVjb3Zlcnk6IFJlLXNldHRpbmcgT1ZTIHJldmFsaWRhdG9yIHRocmVhZHM6ICR7Y3VyUmV2YWxpZGF0b3JzfSAtPiAke2Rlc2lyZWRSZXZhbGlkYXRvcnN9IgogICAgbG9nZ2VyICJSZWNvdmVyeTogUmUtc2V0dGluZyBPVlMgaGFuZGxlciB0aHJlYWRzOiAke2N1ckhhbmRsZXJzfSAtPiAke2Rlc2lyZWRIYW5kbGVyc30iCgogICAgb3ZzLXZzY3RsIHNldCBcCiAgICAgIE9wZW5fdlN3aXRjaCAuIFwKICAgICAgb3RoZXItY29uZmlnOm4taGFuZGxlci10aHJlYWRzPSR7ZGVzaXJlZEhhbmRsZXJzfSBcCiAgICAgIG90aGVyLWNvbmZpZzpuLXJldmFsaWRhdG9yLXRocmVhZHM9JHtkZXNpcmVkUmV2YWxpZGF0b3JzfQogICAgcmM9JD8KICBmaQoKICByZXR1cm4gJHJjCn0KCnJlc2V0QWZmaW5pdHkoKSB7CiAgbG9jYWwgY3B1c2V0PSIkMSIKICBsb2NhbCBmYWlsY291bnQ9MAogIGxvY2FsIHN1Y2Nlc3Njb3VudD0wCiAgbG9nZ2VyICJSZWNvdmVyeTogU2V0dGluZyBDUFUgYWZmaW5pdHkgZm9yIGNyaXRpY2FsIHByb2Nlc3NlcyBcIiRDUklUSUNBTF9QUk9DRVNTRVNcIiB0byAkY3B1c2V0IgogIGZvciBwcm9jIGluICRDUklUSUNBTF9QUk9DRVNTRVM7IGRvCiAgICBsb2NhbCBwaWRzPSIkKHBncmVwICRwcm9jKSIKICAgIGZvciBwaWQgaW4gJHBpZHM7IGRvCiAgICAgIGxvY2FsIHRhc2tzZXRPdXRwdXQKICAgICAgdGFza3NldE91dHB1dD0iJCh0YXNrc2V0IC1hcGMgIiRjcHVzZXQiICRwaWQgMj4mMSkiCiAgICAgIGlmIFtbICQ/IC1uZSAwIF1dOyB0aGVuCiAgICAgICAgZWNobyAiRVJST1I6ICR0YXNrc2V0T3V0cHV0IgogICAgICAgICgoZmFpbGNvdW50KyspKQogICAgICBlbHNlCiAgICAgICAgKChzdWNjZXNzY291bnQrKykpCiAgICAgIGZpCiAgICBkb25lCiAgZG9uZQoKICByZXNldE9WU3RocmVhZHMgIiQoZ2V0Q1BVQ291bnQgJHtjcHVzZXR9KSIKICBpZiBbWyAkPyAtbmUgMCBdXTsgdGhlbgogICAgKChmYWlsY291bnQrKykpCiAgZWxzZQogICAgKChzdWNjZXNzY291bnQrKykpCiAgZmkKCiAgbG9nZ2VyICJSZWNvdmVyeTogUmUtYWZmaW5lZCAkc3VjY2Vzc2NvdW50IHBpZHMgc3VjY2Vzc2Z1bGx5IgogIGlmIFtbICRmYWlsY291bnQgLWd0IDAgXV07IHRoZW4KICAgIGxvZ2dlciAiUmVjb3Zlcnk6IEZhaWxlZCB0byByZS1hZmZpbmUgJGZhaWxjb3VudCBwcm9jZXNzZXMiCiAgICByZXR1cm4gMQogIGZpCn0KCnNldFVucmVzdHJpY3RlZCgpIHsKICBsb2dnZXIgIlJlY292ZXJ5OiBTZXR0aW5nIGNyaXRpY2FsIHN5c3RlbSBwcm9jZXNzZXMgdG8gaGF2ZSB1bnJlc3RyaWN0ZWQgQ1BVIGFjY2VzcyIKICByZXNldEFmZmluaXR5ICIkKHVucmVzdHJpY3RlZENwdXNldCkiCn0KCnNldFJlc3RyaWN0ZWQoKSB7CiAgbG9nZ2VyICJSZWNvdmVyeTogUmVzZXR0aW5nIGNyaXRpY2FsIHN5c3RlbSBwcm9jZXNzZXMgYmFjayB0byBub3JtYWxseSByZXN0cmljdGVkIGFjY2VzcyIKICByZXNldEFmZmluaXR5ICIkKHJlc3RyaWN0ZWRDcHVzZXQpIgp9CgpjdXJyZW50QWZmaW5pdHkoKSB7CiAgbG9jYWwgcGlkPSIkMSIKICB0YXNrc2V0IC1wYyAkcGlkIHwgYXdrIC1GJzogJyAne3ByaW50ICQyfScKfQoKd2l0aGluKCkgewogIGxvY2FsIGxhc3Q9JDEgY3VycmVudD0kMiB0aHJlc2hvbGQ9JDMKICBsb2NhbCBkZWx0YT0wIHBjaGFuZ2UKICBkZWx0YT0kKCggY3VycmVudCAtIGxhc3QgKSkKICBpZiBbWyAkY3VycmVudCAtZXEgJGxhc3QgXV07IHRoZW4KICAgIHBjaGFuZ2U9MAogIGVsaWYgW1sgJGxhc3QgLWVxIDAgXV07IHRoZW4KICAgIHBjaGFuZ2U9MTAwMDAwMAogIGVsc2UKICAgIHBjaGFuZ2U9JCgoICggJGRlbHRhICogMTAwKSAvIGxhc3QgKSkKICBmaQogIGVjaG8gLW4gImxhc3Q6JGxhc3QgY3VycmVudDokY3VycmVudCBkZWx0YTokZGVsdGEgcGNoYW5nZToke3BjaGFuZ2V9JTogIgogIGxvY2FsIGFic29sdXRlIGxpbWl0CiAgY2FzZSAkdGhyZXNob2xkIGluCiAgICAqJSkKICAgICAgYWJzb2x1dGU9JHtwY2hhbmdlIyMtfSAjIGFic29sdXRlIHZhbHVlCiAgICAgIGxpbWl0PSR7dGhyZXNob2xkJSUlfQogICAgICA7OwogICAgKikKICAgICAgYWJzb2x1dGU9JHtkZWx0YSMjLX0gIyBhYnNvbHV0ZSB2YWx1ZQogICAgICBsaW1pdD0kdGhyZXNob2xkCiAgICAgIDs7CiAgZXNhYwogIGlmIFtbICRhYnNvbHV0ZSAtbGUgJGxpbWl0IF1dOyB0aGVuCiAgICBlY2hvICJ3aXRoaW4gKCsvLSkkdGhyZXNob2xkIgogICAgcmV0dXJuIDAKICBlbHNlCiAgICBlY2hvICJvdXRzaWRlICgrLy0pJHRocmVzaG9sZCIKICAgIHJldHVybiAxCiAgZmkKfQoKc3RlYWR5c3RhdGUoKSB7CiAgbG9jYWwgbGFzdD0kMSBjdXJyZW50PSQyCiAgaWYgW1sgJGxhc3QgLWx0ICRTVEVBRFlfU1RBVEVfTUlOSU1VTSBdXTsgdGhlbgogICAgZWNobyAibGFzdDokbGFzdCBjdXJyZW50OiRjdXJyZW50IFdhaXRpbmcgdG8gcmVhY2ggJFNURUFEWV9TVEFURV9NSU5JTVVNIGJlZm9yZSBjaGVja2luZyBmb3Igc3RlYWR5LXN0YXRlIgogICAgcmV0dXJuIDEKICBmaQogIHdpdGhpbiAkbGFzdCAkY3VycmVudCAkU1RFQURZX1NUQVRFX1RIUkVTSE9MRAp9Cgp3YWl0Rm9yUmVhZHkoKSB7CiAgbG9nZ2VyICJSZWNvdmVyeTogV2FpdGluZyAke01BWElNVU1fV0FJVF9USU1FfXMgZm9yIHRoZSBpbml0aWFsaXphdGlvbiB0byBjb21wbGV0ZSIKICBsb2NhbCBsYXN0U3lzdGVtZENwdXNldD0iJChjdXJyZW50QWZmaW5pdHkgMSkiCiAgbG9jYWwgbGFzdERlc2lyZWRDcHVzZXQ9IiQodW5yZXN0cmljdGVkQ3B1c2V0KSIKICBsb2NhbCB0PTAgcz0xMAogIGxvY2FsIGxhc3RDY291bnQ9MCBjY291bnQ9MCBzdGVhZHlTdGF0ZVRpbWU9MAogIHdoaWxlIFtbICR0IC1sdCAkTUFYSU1VTV9XQUlUX1RJTUUgXV07IGRvCiAgICBzbGVlcCAkcwogICAgKCh0ICs9IHMpKQogICAgIyBSZS1jaGVjayB0aGUgY3VycmVudCBhZmZpbml0eSBvZiBzeXN0ZW1kLCBpbiBjYXNlIHNvbWUgb3RoZXIgcHJvY2VzcyBoYXMgY2hhbmdlZCBpdAogICAgbG9jYWwgc3lzdGVtZENwdXNldD0iJChjdXJyZW50QWZmaW5pdHkgMSkiCiAgICAjIFJlLWNoZWNrIHRoZSB1bnJlc3RyaWN0ZWQgQ3B1c2V0LCBhcyB0aGUgYWxsb3dlZCBzZXQgb2YgdW5yZXNlcnZlZCBjb3JlcyBtYXkgY2hhbmdlIGFzIHBvZHMgYXJlIGFzc2lnbmVkIHRvIGNvcmVzCiAgICBsb2NhbCBkZXNpcmVkQ3B1c2V0PSIkKHVucmVzdHJpY3RlZENwdXNldCkiCiAgICBpZiBbWyAkc3lzdGVtZENwdXNldCAhPSAkbGFzdFN5c3RlbWRDcHVzZXQgfHwgJGxhc3REZXNpcmVkQ3B1c2V0ICE9ICRkZXNpcmVkQ3B1c2V0IF1dOyB0aGVuCiAgICAgIHJlc2V0QWZmaW5pdHkgIiRkZXNpcmVkQ3B1c2V0IgogICAgICBsYXN0U3lzdGVtZENwdXNldD0iJChjdXJyZW50QWZmaW5pdHkgMSkiCiAgICAgIGxhc3REZXNpcmVkQ3B1c2V0PSIkZGVzaXJlZENwdXNldCIKICAgIGZpCgogICAgIyBEZXRlY3Qgc3RlYWR5LXN0YXRlIHBvZCBjb3VudAogICAgY2NvdW50PSQoY3JpY3RsIHBzIHwgd2MgLWwpCiAgICBpZiBzdGVhZHlzdGF0ZSAkbGFzdENjb3VudCAkY2NvdW50OyB0aGVuCiAgICAgICgoc3RlYWR5U3RhdGVUaW1lICs9IHMpKQogICAgICBlY2hvICJTdGVhZHktc3RhdGUgZm9yICR7c3RlYWR5U3RhdGVUaW1lfXMvJHtTVEVBRFlfU1RBVEVfV0lORE9XfXMiCiAgICAgIGlmIFtbICRzdGVhZHlTdGF0ZVRpbWUgLWdlICRTVEVBRFlfU1RBVEVfV0lORE9XIF1dOyB0aGVuCiAgICAgICAgbG9nZ2VyICJSZWNvdmVyeTogU3RlYWR5LXN0YXRlICgrLy0gJFNURUFEWV9TVEFURV9USFJFU0hPTEQpIGZvciAke1NURUFEWV9TVEFURV9XSU5ET1d9czogRG9uZSIKICAgICAgICByZXR1cm4gMAogICAgICBmaQogICAgZWxzZQogICAgICBpZiBbWyAkc3RlYWR5U3RhdGVUaW1lIC1ndCAwIF1dOyB0aGVuCiAgICAgICAgZWNobyAiUmVzZXR0aW5nIHN0ZWFkeS1zdGF0ZSB0aW1lciIKICAgICAgICBzdGVhZHlTdGF0ZVRpbWU9MAogICAgICBmaQogICAgZmkKICAgIGxhc3RDY291bnQ9JGNjb3VudAogIGRvbmUKICBsb2dnZXIgIlJlY292ZXJ5OiBSZWNvdmVyeSBDb21wbGV0ZSBUaW1lb3V0Igp9CgptYWluKCkgewogIGlmICEgdW5yZXN0cmljdGVkQ3B1c2V0ID4mL2Rldi9udWxsOyB0aGVuCiAgICBsb2dnZXIgIlJlY292ZXJ5OiBObyB1bnJlc3RyaWN0ZWQgQ3B1c2V0IGNvdWxkIGJlIGRldGVjdGVkIgogICAgcmV0dXJuIDEKICBmaQoKICBpZiAhIHJlc3RyaWN0ZWRDcHVzZXQgPiYvZGV2L251bGw7IHRoZW4KICAgIGxvZ2dlciAiUmVjb3Zlcnk6IE5vIHJlc3RyaWN0ZWQgQ3B1c2V0IGhhcyBiZWVuIGNvbmZpZ3VyZWQuICBXZSBhcmUgYWxyZWFkeSBydW5uaW5nIHVucmVzdHJpY3RlZC4iCiAgICByZXR1cm4gMAogIGZpCgogICMgRW5zdXJlIHdlIHJlc2V0IHRoZSBDUFUgYWZmaW5pdHkgd2hlbiB3ZSBleGl0IHRoaXMgc2NyaXB0IGZvciBhbnkgcmVhc29uCiAgIyBUaGlzIHdheSBlaXRoZXIgYWZ0ZXIgdGhlIHRpbWVyIGV4cGlyZXMgb3IgYWZ0ZXIgdGhlIHByb2Nlc3MgaXMgaW50ZXJydXB0ZWQKICAjIHZpYSBeQyBvciBTSUdURVJNLCB3ZSByZXR1cm4gdGhpbmdzIGJhY2sgdG8gdGhlIHdheSB0aGV5IHNob3VsZCBiZS4KICB0cmFwIHNldFJlc3RyaWN0ZWQgRVhJVAoKICBsb2dnZXIgIlJlY292ZXJ5OiBSZWNvdmVyeSBNb2RlIFN0YXJ0aW5nIgogIHNldFVucmVzdHJpY3RlZAogIHdhaXRGb3JSZWFkeQp9CgppZiBbWyAiJHtCQVNIX1NPVVJDRVswXX0iID0gIiR7MH0iIF1dOyB0aGVuCiAgbWFpbiAiJHtAfSIKICBleGl0ICQ/CmZpCg==
-        mode: 493
-        path: /usr/local/bin/accelerated-container-startup.sh
-    systemd:
-      units:
-      - contents: |
-          [Unit]
-          Description=Unlocks more CPUs for critical system processes during container startup
-
-          [Service]
-          Type=simple
-          ExecStart=/usr/local/bin/accelerated-container-startup.sh
-
-          # Maximum wait time is 600s = 10m:
-          Environment=MAXIMUM_WAIT_TIME=600
-
-          # Steady-state threshold = 2%
-          # Allowed values:
-          #  4  - absolute pod count (+/-)
-          #  4% - percent change (+/-)
-          #  -1 - disable the steady-state check
-          # Note: '%' must be escaped as '%%' in systemd unit files
-          Environment=STEADY_STATE_THRESHOLD=2%%
-
-          # Steady-state window = 120s
-          # If the running pod count stays within the given threshold for this time
-          # period, return CPU utilization to normal before the maximum wait time has
-          # expires
-          Environment=STEADY_STATE_WINDOW=120
-
-          # Steady-state minimum = 40
-          # Increasing this will skip any steady-state checks until the count rises above
-          # this number to avoid false positives if there are some periods where the
-          # count doesn't increase but we know we can't be at steady-state yet.
-          Environment=STEADY_STATE_MINIMUM=40
-
-          [Install]
-          WantedBy=multi-user.target
-        enabled: true
-        name: accelerated-container-startup.service
-      - contents: |
-          [Unit]
-          Description=Unlocks more CPUs for critical system processes during container shutdown
-          DefaultDependencies=no
-
-          [Service]
-          Type=simple
-          ExecStart=/usr/local/bin/accelerated-container-startup.sh
-
-          # Maximum wait time is 600s = 10m:
-          Environment=MAXIMUM_WAIT_TIME=600
-
-          # Steady-state threshold
-          # Allowed values:
-          #  4  - absolute pod count (+/-)
-          #  4% - percent change (+/-)
-          #  -1 - disable the steady-state check
-          # Note: '%' must be escaped as '%%' in systemd unit files
-          Environment=STEADY_STATE_THRESHOLD=-1
-
-          # Steady-state window = 60s
-          # If the running pod count stays within the given threshold for this time
-          # period, return CPU utilization to normal before the maximum wait time has
-          # expires
-          Environment=STEADY_STATE_WINDOW=60
-
-          [Install]
-          WantedBy=shutdown.target reboot.target halt.target
-        enabled: true
-        name: accelerated-container-shutdown.service
-----
diff --git a/snippets/ztp-06-kdump-enable-master.adoc b/snippets/ztp-06-kdump-enable-master.adoc
deleted file mode 100644
index 954a70d7a898..000000000000
--- a/snippets/ztp-06-kdump-enable-master.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-:_content-type: SNIPPET
-.Recommended kdump configuration
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: master
-  name: 06-kdump-enable-master
-spec:
-  config:
-    ignition:
-      version: 3.2.0
-    systemd:
-      units:
-      - enabled: true
-        name: kdump.service
-  kernelArguments:
-    - crashkernel=512M
-----
diff --git a/snippets/ztp-07-ztp-sno-du-configuring-crun-container-runtime-master.adoc b/snippets/ztp-07-ztp-sno-du-configuring-crun-container-runtime-master.adoc
deleted file mode 100644
index 59070a8d765f..000000000000
--- a/snippets/ztp-07-ztp-sno-du-configuring-crun-container-runtime-master.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: SNIPPET
-.Recommended `ContainerRuntimeConfig` CR for control plane nodes
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: ContainerRuntimeConfig
-metadata:
- name: enable-crun-master
-spec:
- machineConfigPoolSelector:
-   matchLabels:
-     pools.operator.machineconfiguration.openshift.io/master: ""
- containerRuntimeConfig:
-   defaultRuntime: crun
-----
diff --git a/snippets/ztp-08-ztp-sno-du-configuring-crun-container-runtime-worker.adoc b/snippets/ztp-08-ztp-sno-du-configuring-crun-container-runtime-worker.adoc
deleted file mode 100644
index f754179643e2..000000000000
--- a/snippets/ztp-08-ztp-sno-du-configuring-crun-container-runtime-worker.adoc
+++ /dev/null
@@ -1,15 +0,0 @@
-:_content-type: SNIPPET
-.Recommended `ContainerRuntimeConfig` CR for worker nodes
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: ContainerRuntimeConfig
-metadata:
- name: enable-crun-worker
-spec:
- machineConfigPoolSelector:
-   matchLabels:
-     pools.operator.machineconfiguration.openshift.io/worker: ""
- containerRuntimeConfig:
-   defaultRuntime: crun
-----
diff --git a/snippets/ztp-cluster-logging.adoc b/snippets/ztp-cluster-logging.adoc
deleted file mode 100644
index ff2dd0f804bb..000000000000
--- a/snippets/ztp-cluster-logging.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-:_content-type: SNIPPET
-.Recommended cluster logging and log forwarding configuration
-[source,yaml]
-----
-apiVersion: logging.openshift.io/v1
-kind: ClusterLogging <1>
-metadata:
-  name: instance
-  namespace: openshift-logging
-spec:
-  collection:
-    logs:
-      fluentd: {}
-      type: fluentd
-  curation:
-    type: "curator"
-    curator:
-      schedule: "30 3 * * *"
-  managementState: Managed
----
-apiVersion: logging.openshift.io/v1
-kind: ClusterLogForwarder <2>
-metadata:
-  name: instance
-  namespace: openshift-logging
-spec:
-  inputs:
-    - infrastructure: {}
-      name: infra-logs
-  outputs:
-    - name: kafka-open
-      type: kafka
-      url: tcp://10.46.55.190:9092/test    <3>
-  pipelines:
-    - inputRefs:
-      - audit
-      name: audit-logs
-      outputRefs:
-      - kafka-open
-    - inputRefs:
-      - infrastructure
-      name: infrastructure-logs
-      outputRefs:
-      - kafka-open
-----
-<1> Updates the existing `ClusterLogging` instance or creates the instance if it does not exist.
-<2> Updates the existing `ClusterLogForwarder` instance or creates the instance if it does not exist.
-<3> Specifies the URL of the Kafka server where the logs are forwarded to.
diff --git a/snippets/ztp-cluster-monitoring.adoc b/snippets/ztp-cluster-monitoring.adoc
deleted file mode 100644
index 21c74a89b625..000000000000
--- a/snippets/ztp-cluster-monitoring.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-:_content-type: SNIPPET
-.Recommended cluster monitoring configuration
-[source,yaml]
-----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-monitoring-config
-  namespace: openshift-monitoring
-data:
-  config.yaml: |
-    grafana:
-      enabled: false
-    alertmanagerMain:
-      enabled: false
-    prometheusK8s:
-       retention: 24h
-----
diff --git a/snippets/ztp-container-mount-namespace-and-kubelet-conf-master.adoc b/snippets/ztp-container-mount-namespace-and-kubelet-conf-master.adoc
deleted file mode 100644
index 5f91ce477f8d..000000000000
--- a/snippets/ztp-container-mount-namespace-and-kubelet-conf-master.adoc
+++ /dev/null
@@ -1,76 +0,0 @@
-:_content-type: SNIPPET
-.Recommended container mount namespace configuration
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: master
-  name: container-mount-namespace-and-kubelet-conf-master
-spec:
-  config:
-    ignition:
-      version: 3.2.0
-    storage:
-      files:
-      - contents:
-          source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKCmRlYnVnKCkgewogIGVjaG8gJEAgPiYyCn0KCnVzYWdlKCkgewogIGVjaG8gVXNhZ2U6ICQoYmFzZW5hbWUgJDApIFVOSVQgW2VudmZpbGUgW3Zhcm5hbWVdXQogIGVjaG8KICBlY2hvIEV4dHJhY3QgdGhlIGNvbnRlbnRzIG9mIHRoZSBmaXJzdCBFeGVjU3RhcnQgc3RhbnphIGZyb20gdGhlIGdpdmVuIHN5c3RlbWQgdW5pdCBhbmQgcmV0dXJuIGl0IHRvIHN0ZG91dAogIGVjaG8KICBlY2hvICJJZiAnZW52ZmlsZScgaXMgcHJvdmlkZWQsIHB1dCBpdCBpbiB0aGVyZSBpbnN0ZWFkLCBhcyBhbiBlbnZpcm9ubWVudCB2YXJpYWJsZSBuYW1lZCAndmFybmFtZSciCiAgZWNobyAiRGVmYXVsdCAndmFybmFtZScgaXMgRVhFQ1NUQVJUIGlmIG5vdCBzcGVjaWZpZWQiCiAgZXhpdCAxCn0KClVOSVQ9JDEKRU5WRklMRT0kMgpWQVJOQU1FPSQzCmlmIFtbIC16ICRVTklUIHx8ICRVTklUID09ICItLWhlbHAiIHx8ICRVTklUID09ICItaCIgXV07IHRoZW4KICB1c2FnZQpmaQpkZWJ1ZyAiRXh0cmFjdGluZyBFeGVjU3RhcnQgZnJvbSAkVU5JVCIKRklMRT0kKHN5c3RlbWN0bCBjYXQgJFVOSVQgfCBoZWFkIC1uIDEpCkZJTEU9JHtGSUxFI1wjIH0KaWYgW1sgISAtZiAkRklMRSBdXTsgdGhlbgogIGRlYnVnICJGYWlsZWQgdG8gZmluZCByb290IGZpbGUgZm9yIHVuaXQgJFVOSVQgKCRGSUxFKSIKICBleGl0CmZpCmRlYnVnICJTZXJ2aWNlIGRlZmluaXRpb24gaXMgaW4gJEZJTEUiCkVYRUNTVEFSVD0kKHNlZCAtbiAtZSAnL15FeGVjU3RhcnQ9LipcXCQvLC9bXlxcXSQvIHsgcy9eRXhlY1N0YXJ0PS8vOyBwIH0nIC1lICcvXkV4ZWNTdGFydD0uKlteXFxdJC8geyBzL15FeGVjU3RhcnQ9Ly87IHAgfScgJEZJTEUpCgppZiBbWyAkRU5WRklMRSBdXTsgdGhlbgogIFZBUk5BTUU9JHtWQVJOQU1FOi1FWEVDU1RBUlR9CiAgZWNobyAiJHtWQVJOQU1FfT0ke0VYRUNTVEFSVH0iID4gJEVOVkZJTEUKZWxzZQogIGVjaG8gJEVYRUNTVEFSVApmaQo=
-        mode: 493
-        path: /usr/local/bin/extractExecStart
-      - contents:
-          source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKbnNlbnRlciAtLW1vdW50PS9ydW4vY29udGFpbmVyLW1vdW50LW5hbWVzcGFjZS9tbnQgIiRAIgo=
-        mode: 493
-        path: /usr/local/bin/nsenterCmns
-    systemd:
-      units:
-      - contents: |
-          [Unit]
-          Description=Manages a mount namespace that both kubelet and crio can use to share their container-specific mounts
-
-          [Service]
-          Type=oneshot
-          RemainAfterExit=yes
-          RuntimeDirectory=container-mount-namespace
-          Environment=RUNTIME_DIRECTORY=%t/container-mount-namespace
-          Environment=BIND_POINT=%t/container-mount-namespace/mnt
-          ExecStartPre=bash -c "findmnt ${RUNTIME_DIRECTORY} || mount --make-unbindable --bind ${RUNTIME_DIRECTORY} ${RUNTIME_DIRECTORY}"
-          ExecStartPre=touch ${BIND_POINT}
-          ExecStart=unshare --mount=${BIND_POINT} --propagation slave mount --make-rshared /
-          ExecStop=umount -R ${RUNTIME_DIRECTORY}
-        enabled: true
-        name: container-mount-namespace.service
-      - dropins:
-        - contents: |
-            [Unit]
-            Wants=container-mount-namespace.service
-            After=container-mount-namespace.service
-
-            [Service]
-            ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
-            EnvironmentFile=-/%t/%N-execstart.env
-            ExecStart=
-            ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
-                ${ORIG_EXECSTART}"
-          name: 90-container-mount-namespace.conf
-        name: crio.service
-      - dropins:
-        - contents: |
-            [Unit]
-            Wants=container-mount-namespace.service
-            After=container-mount-namespace.service
-
-            [Service]
-            ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
-            EnvironmentFile=-/%t/%N-execstart.env
-            ExecStart=
-            ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
-                ${ORIG_EXECSTART} --housekeeping-interval=30s"
-          name: 90-container-mount-namespace.conf
-        - contents: |
-            [Service]
-            Environment="OPENSHIFT_MAX_HOUSEKEEPING_INTERVAL_DURATION=60s"
-            Environment="OPENSHIFT_EVICTION_MONITORING_PERIOD_DURATION=30s"
-          name: 30-kubelet-interval-tuning.conf
-        name: kubelet.service
-----
diff --git a/snippets/ztp-disable-console.adoc b/snippets/ztp-disable-console.adoc
deleted file mode 100644
index 7147b1b6ac39..000000000000
--- a/snippets/ztp-disable-console.adoc
+++ /dev/null
@@ -1,18 +0,0 @@
-:_content-type: SNIPPET
-.Recommended console configuration
-[source,yaml]
-----
-apiVersion: operator.openshift.io/v1
-kind: Console
-metadata:
-  annotations:
-    include.release.openshift.io/ibm-cloud-managed: "false"
-    include.release.openshift.io/self-managed-high-availability: "false"
-    include.release.openshift.io/single-node-developer: "false"
-    release.openshift.io/create-only: "true"
-  name: cluster
-spec:
-  logLevel: Normal
-  managementState: Removed
-  operatorLogLevel: Normal
-----
diff --git a/snippets/ztp-disable-ntp.adoc b/snippets/ztp-disable-ntp.adoc
deleted file mode 100644
index d5743e8d05f2..000000000000
--- a/snippets/ztp-disable-ntp.adoc
+++ /dev/null
@@ -1,36 +0,0 @@
-:_content-type: SNIPPET
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: master
-  name: disable-chronyd
-spec:
-  config:
-    systemd:
-      units:
-        - contents: |
-            [Unit]
-            Description=NTP client/server
-            Documentation=man:chronyd(8) man:chrony.conf(5)
-            After=ntpdate.service sntp.service ntpd.service
-            Conflicts=ntpd.service systemd-timesyncd.service
-            ConditionCapability=CAP_SYS_TIME
-            [Service]
-            Type=forking
-            PIDFile=/run/chrony/chronyd.pid
-            EnvironmentFile=-/etc/sysconfig/chronyd
-            ExecStart=/usr/sbin/chronyd $OPTIONS
-            ExecStartPost=/usr/libexec/chrony-helper update-daemon
-            PrivateTmp=yes
-            ProtectHome=yes
-            ProtectSystem=full
-            [Install]
-            WantedBy=multi-user.target
-          enabled: false
-          name: chronyd.service
-    ignition:
-      version: 2.2.0
-----
diff --git a/snippets/ztp-example-siteconfig.adoc b/snippets/ztp-example-siteconfig.adoc
index 7ae5e19bc396..27fd58a58b93 100644
--- a/snippets/ztp-example-siteconfig.adoc
+++ b/snippets/ztp-example-siteconfig.adoc
@@ -1,4 +1,4 @@
-:_content-type: SNIPPET
+:_mod-docs-content-type: SNIPPET
 .Example {sno} cluster SiteConfig CR
 [source,yaml,subs="attributes+"]
 ----
@@ -34,15 +34,19 @@ spec:
     nodes:
       - hostName: "example-node.example.com" <6>
         role: "master"
-        bmcAddress: idrac-virtualmedia://<out_of_band_ip>/<system_id>/ <7>
+        nodeLabels: <7>
+          node-role.kubernetes.io/example-label:
+          custom-label/parameter1: true
+      # automatedCleaningMode: "disabled" <8>
+        bmcAddress: idrac-virtualmedia://<out_of_band_ip>/<system_id>/ <9>
         bmcCredentialsName:
-          name: "bmh-secret" <8>
+          name: "bmh-secret" <10>
         bootMACAddress: "AA:BB:CC:DD:EE:11"
-        bootMode: "UEFI" <9>
-        rootDeviceHints:
+        bootMode: "UEFI" <11>
+        rootDeviceHints: <12>
           wwn: "0x11111000000asd123"
-        cpuset: "0-1,52-53"  <10>
-        nodeNetwork: <11>
+        cpuset: "0-1,52-53"  <13>
+        nodeNetwork: <14>
           interfaces:
             - name: eno1
               macAddress: "AA:BB:CC:DD:EE:11"
@@ -53,7 +57,7 @@ spec:
                 state: up
                 ipv4:
                   enabled: false
-                ipv6: <12>
+                ipv6: <15>
                   enabled: true
                   address:
                   - ip: 1111:2222:3333:4444::aaaa:1
@@ -77,9 +81,12 @@ spec:
 <4> Cluster labels must correspond to the `bindingRules` field in the `PolicyGenTemplate` CRs that you define. For example, `policygentemplates/common-ranGen.yaml` applies to all clusters with `common: true` set, `policygentemplates/group-du-sno-ranGen.yaml` applies to all clusters with `group-du-sno: ""` set.
 <5> Optional. The CR specifed under `KlusterletAddonConfig` is used to override the default `KlusterletAddonConfig` that is created for the cluster.
 <6> For single-node deployments, define a single host. For three-node deployments, define three hosts. For standard deployments, define three hosts with `role: master` and two or more hosts defined with `role: worker`.
-<7> BMC address that you use to access the host. Applies to all cluster types. {ztp} supports iPXE and virtual media booting by using Redfish or IPMI protocols. To use iPXE booting, you must use {rh-rhacm} 2.8 or later. For more information about BMC addressing, see the _Additional resources_ section. 
-<8> Name of the `bmh-secret` CR that you separately create with the host BMC credentials. When creating the `bmh-secret` CR, use the same namespace as the `SiteConfig` CR that provisions the host.
-<9> Configures the boot mode for the host. The default value is `UEFI`. Use `UEFISecureBoot` to enable secure boot on the host.
-<10> `cpuset` must match the value set in the cluster `PerformanceProfile` CR `spec.cpu.reserved` field for workload partitioning.
-<11> Specifies the network settings for the node.
-<12> Configures the IPv6 address for the host. For {sno} clusters with static IP addresses, the node-specific API and Ingress IPs should be the same.
+<7> Specify custom roles to your nodes in your managed clusters. These are additional roles which are not used by any {product-title} components, only by the user. When you add a custom role, it can be associated with a custom machine config pool that references a specific configuration for that role. Adding your custom labels or roles during installation makes the deployment process more effective and prevents the need for additional reboots after the installation is complete.
+<8> Optional. If the value is set to `metadata`, the partitioning table of the disk is removed, but the disk is not fully wiped. By default, the `automatedCleaningMode` field is disabled. To enable removing the partitioning table, uncomment this line and set the value to `metadata`.
+<9> BMC address that you use to access the host. Applies to all cluster types. {ztp} supports iPXE and virtual media booting by using Redfish or IPMI protocols. To use iPXE booting, you must use {rh-rhacm} 2.8 or later. For more information about BMC addressing, see the _Additional resources_ section.
+<10> Name of the `bmh-secret` CR that you separately create with the host BMC credentials. When creating the `bmh-secret` CR, use the same namespace as the `SiteConfig` CR that provisions the host.
+<11> Configures the boot mode for the host. The default value is `UEFI`. Use `UEFISecureBoot` to enable secure boot on the host.
+<12> Specifies the device for deployment. Identifiers that are stable across reboots are recommended, for example `wwn: <disk_wwn>` or `deviceName: /dev/disk/by-path/<device_path>`. For a detailed list of stable identifiers, see the _About root device hints_ section.
+<13> `cpuset` must match the value set in the cluster `PerformanceProfile` CR `spec.cpu.reserved` field for workload partitioning.
+<14> Specifies the network settings for the node.
+<15> Configures the IPv6 address for the host. For {sno} clusters with static IP addresses, the node-specific API and Ingress IP addresses must be the same.
diff --git a/snippets/ztp-hub-cluster-scale-test-specs.adoc b/snippets/ztp-hub-cluster-scale-test-specs.adoc
new file mode 100644
index 000000000000..725846d1836f
--- /dev/null
+++ b/snippets/ztp-hub-cluster-scale-test-specs.adoc
@@ -0,0 +1,56 @@
+:_mod-docs-content-type: SNIPPET
+[IMPORTANT]
+====
+The following guidelines are based on internal lab benchmark testing only and do not represent a complete real-world host specification.
+====
+
+.Representative three-node hub cluster machine specifications
+[cols=2*, width="90%", options="header"]
+|====
+|Requirement
+|Description
+
+|{product-title}
+|version 4.13
+
+|{rh-rhacm}
+|version 2.7
+
+|{cgu-operator-first}
+|version 4.13
+
+|Server hardware
+|3 x Dell PowerEdge R650 rack servers
+
+|NVMe hard disks
+a|* 50 GB disk for `/var/lib/etcd`
+* 2.9 TB disk for `/var/lib/containers`
+
+|SSD hard disks
+a|* 1 SSD split into 15 200GB thin-provisioned logical volumes provisioned as `PV` CRs
+* 1 SSD serving as an extra large `PV` resource
+
+|Number of applied DU profile policies
+|5
+|====
+
+[IMPORTANT]
+====
+The following network specifications are representative of a typical real-world RAN network and were applied to the scale lab environment during testing.
+====
+
+.Simulated lab environment network specifications
+[cols=2*, width="90%", options="header"]
+|====
+|Specification
+|Description
+
+|Round-trip time (RTT) latency
+|50 ms
+
+|Packet loss
+|0.02% packet loss
+
+|Network bandwidth limit
+|20 Mbps
+|====
diff --git a/snippets/ztp-load-sctp-module.adoc b/snippets/ztp-load-sctp-module.adoc
deleted file mode 100644
index 802c376c5351..000000000000
--- a/snippets/ztp-load-sctp-module.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-:_content-type: SNIPPET
-.Recommended SCTP configuration
-[source,yaml]
-----
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-metadata:
-  labels:
-    machineconfiguration.openshift.io/role: master
-  name: load-sctp-module
-spec:
-  config:
-    ignition:
-      version: 2.2.0
-    storage:
-      files:
-        - contents:
-            source: data:,
-            verification: {}
-          filesystem: root
-            mode: 420
-            path: /etc/modprobe.d/sctp-blacklist.conf
-        - contents:
-            source: data:text/plain;charset=utf-8,sctp
-          filesystem: root
-            mode: 420
-            path: /etc/modules-load.d/sctp-load.conf
-----
diff --git a/snippets/ztp-network-diagnostics.adoc b/snippets/ztp-network-diagnostics.adoc
deleted file mode 100644
index 9d77430bf2a2..000000000000
--- a/snippets/ztp-network-diagnostics.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: SNIPPET
-.Recommended network diagnostics configuration
-[source,yaml]
-----
-apiVersion: operator.openshift.io/v1
-kind: Network
-metadata:
-  name: cluster
-spec:
-  disableNetworkDiagnostics: true
-----
diff --git a/snippets/ztp-operator-groups-namespace.adoc b/snippets/ztp-operator-groups-namespace.adoc
deleted file mode 100644
index 12e14132ee2e..000000000000
--- a/snippets/ztp-operator-groups-namespace.adoc
+++ /dev/null
@@ -1,70 +0,0 @@
-:_content-type: SNIPPET
-.Recommended Operator Namespace and OperatorGroup configuration
-[source,yaml]
-----
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    workload.openshift.io/allowed: management
-  name: openshift-local-storage
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: openshift-local-storage
-  namespace: openshift-local-storage
-spec:
-  targetNamespaces:
-    - openshift-local-storage
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    workload.openshift.io/allowed: management
-  name: openshift-logging
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: cluster-logging
-  namespace: openshift-logging
-spec:
-  targetNamespaces:
-    - openshift-logging
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    workload.openshift.io/allowed: management
-  labels:
-    openshift.io/cluster-monitoring: "true"
-  name: openshift-ptp
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: ptp-operators
-  namespace: openshift-ptp
-spec:
-  targetNamespaces:
-    - openshift-ptp
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    workload.openshift.io/allowed: management
-    name: openshift-sriov-network-operator
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: sriov-network-operators
-  namespace: openshift-sriov-network-operator
-spec:
-  targetNamespaces:
-    - openshift-sriov-network-operator
-----
diff --git a/snippets/ztp-operator-subs.adoc b/snippets/ztp-operator-subs.adoc
deleted file mode 100644
index bd5e4c65be7a..000000000000
--- a/snippets/ztp-operator-subs.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-:_content-type: SNIPPET
-.Recommended Operator subscriptions
-[source,yaml]
-----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: cluster-logging
-  namespace: openshift-logging
-spec:
-  channel: "stable" <1>
-  name: cluster-logging
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  installPlanApproval: Manual <2>
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: local-storage-operator
-  namespace: openshift-local-storage
-spec:
-  channel: "stable"
-  installPlanApproval: Automatic
-  name: local-storage-operator
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  installPlanApproval: Manual
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-    name: ptp-operator-subscription
-    namespace: openshift-ptp
-spec:
-  channel: "stable"
-  name: ptp-operator
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  installPlanApproval: Manual
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: sriov-network-operator-subscription
-  namespace: openshift-sriov-network-operator
-spec:
-  channel: "stable"
-  name: sriov-network-operator
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  installPlanApproval: Manual
-----
-<1> Specify the channel to get the Operator from. `stable` is the recommended channel.
-<2> Specify `Manual` or `Automatic`. In `Automatic` mode, the Operator automatically updates to the latest versions in the channel as they become available in the registry. In `Manual` mode, new Operator versions are installed only after they are explicitly approved.
diff --git a/snippets/ztp-performance-patch.adoc b/snippets/ztp-performance-patch.adoc
deleted file mode 100644
index 73b36cce7315..000000000000
--- a/snippets/ztp-performance-patch.adoc
+++ /dev/null
@@ -1,31 +0,0 @@
-:_content-type: SNIPPET
-.Recommended extended Tuned profile configuration
-[source,yaml]
-----
-apiVersion: tuned.openshift.io/v1
-kind: Tuned
-metadata:
-  name: performance-patch
-  namespace: openshift-cluster-node-tuning-operator
-spec:
-  profile:
-    - data: |
-        [main]
-        summary=Configuration changes profile inherited from performance created tuned
-        include=openshift-node-performance-openshift-node-performance-profile
-        [bootloader]
-        cmdline_crash=nohz_full=2-51,54-103
-        [sysctl]
-        kernel.timer_migration=1
-        [scheduler]
-        group.ice-ptp=0:f:10:*:ice-ptp.*
-        [service]
-        service.stalld=start,enable
-        service.chronyd=stop,disable
-      name: performance-patch
-  recommend:
-    - machineConfigLabels:
-        machineconfiguration.openshift.io/role: master
-      priority: 19
-      profile: performance-patch
-----
diff --git a/snippets/ztp-performance-profile.adoc b/snippets/ztp-performance-profile.adoc
deleted file mode 100644
index 3f31031c6e88..000000000000
--- a/snippets/ztp-performance-profile.adoc
+++ /dev/null
@@ -1,43 +0,0 @@
-:_content-type: SNIPPET
-.Recommended performance profile configuration
-[source,yaml]
-----
-apiVersion: performance.openshift.io/v2
-kind: PerformanceProfile
-metadata:
-  name: openshift-node-performance-profile <1>
-spec:
-  additionalKernelArgs:
-  - "rcupdate.rcu_normal_after_boot=0"
-  - "efi=runtime" <2>
-  cpu:
-    isolated: 2-51,54-103 <3>
-    reserved: 0-1,52-53   <4>
-  hugepages:
-    defaultHugepagesSize: 1G
-    pages:
-      - count: 32 <5>
-        size: 1G  <6>
-        node: 0 <7>
-  machineConfigPoolSelector:
-    pools.operator.machineconfiguration.openshift.io/master: ""
-  nodeSelector:
-    node-role.kubernetes.io/master: ""
-  numa:
-    topologyPolicy: "restricted"
-  realTimeKernel:
-    enabled: true    <8>
-----
-<1> Ensure that the value for `name` matches that specified in the `spec.profile.data` field of `TunedPerformancePatch.yaml` and the `status.configuration.source.name` field of `validatorCRs/informDuValidator.yaml`.
-<2> Configures UEFI secure boot for the cluster host.
-<3> Set the isolated CPUs. Ensure all of the Hyper-Threading pairs match.
-+
-[IMPORTANT]
-====
-The reserved and isolated CPU pools must not overlap and together must span all available cores. CPU cores that are not accounted for cause an undefined behaviour in the system.
-====
-<4> Set the reserved CPUs. When workload partitioning is enabled, system processes, kernel threads, and system container threads are restricted to these CPUs. All CPUs that are not isolated should be reserved.
-<5> Set the number of huge pages.
-<6> Set the huge page size.
-<7> Set `node` to the NUMA node where the `hugepages` are allocated.
-<8> Set `enabled` to `true` to install the real-time Linux kernel.
diff --git a/snippets/ztp-ptp-config.adoc b/snippets/ztp-ptp-config.adoc
deleted file mode 100644
index 868f7f1fb5db..000000000000
--- a/snippets/ztp-ptp-config.adoc
+++ /dev/null
@@ -1,123 +0,0 @@
-:_content-type: SNIPPET
-.Recommended PTP configuration
-[source,yaml]
-----
-apiVersion: ptp.openshift.io/v1
-kind: PtpConfig
-metadata:
-  name: du-ptp-slave
-  namespace: openshift-ptp
-spec:
-  profile:
-    - interface: ens5f0     <1>
-      name: slave
-      phc2sysOpts: -a -r -n 24
-      ptp4lConf: |
-        [global]
-        #
-        # Default Data Set
-        #
-        twoStepFlag 1
-        slaveOnly 0
-        priority1 128
-        priority2 128
-        domainNumber 24
-        #utc_offset 37
-        clockClass 248
-        clockAccuracy 0xFE
-        offsetScaledLogVariance 0xFFFF
-        free_running 0
-        freq_est_interval 1
-        dscp_event 0
-        dscp_general 0
-        dataset_comparison ieee1588
-        G.8275.defaultDS.localPriority 128
-        #
-        # Port Data Set
-        #
-        logAnnounceInterval -3
-        logSyncInterval -4
-        logMinDelayReqInterval -4
-        logMinPdelayReqInterval -4
-        announceReceiptTimeout 3
-        syncReceiptTimeout 0
-        delayAsymmetry 0
-        fault_reset_interval 4
-        neighborPropDelayThresh 20000000
-        masterOnly 0
-        G.8275.portDS.localPriority 128
-        #
-        # Run time options
-        #
-        assume_two_step 0
-        logging_level 6
-        path_trace_enabled 0
-        follow_up_info 0
-        hybrid_e2e 0
-        inhibit_multicast_service 0
-        net_sync_monitor 0
-        tc_spanning_tree 0
-        tx_timestamp_timeout 1
-        unicast_listen 0
-        unicast_master_table 0
-        unicast_req_duration 3600
-        use_syslog 1
-        verbose 0
-        summary_interval 0
-        kernel_leap 1
-        check_fup_sync 0
-        #
-        # Servo Options
-        #
-        pi_proportional_const 0.0
-        pi_integral_const 0.0
-        pi_proportional_scale 0.0
-        pi_proportional_exponent -0.3
-        pi_proportional_norm_max 0.7
-        pi_integral_scale 0.0
-        pi_integral_exponent 0.4
-        pi_integral_norm_max 0.3
-        step_threshold 2.0
-        first_step_threshold 0.00002
-        max_frequency 900000000
-        clock_servo pi
-        sanity_freq_limit 200000000
-        ntpshm_segment 0
-        #
-        # Transport options
-        #
-        transportSpecific 0x0
-        ptp_dst_mac 01:1B:19:00:00:00
-        p2p_dst_mac 01:80:C2:00:00:0E
-        udp_ttl 1
-        udp6_scope 0x0E
-        uds_address /var/run/ptp4l
-        #
-        # Default interface options
-        #
-        clock_type OC
-        network_transport L2
-        delay_mechanism E2E
-        time_stamping hardware
-        tsproc_mode filter
-        delay_filter moving_median
-        delay_filter_length 10
-        egressLatency 0
-        ingressLatency 0
-        boundary_clock_jbod 0
-        #
-        # Clock description
-        #
-        productDescription ;;
-        revisionData ;;
-        manufacturerIdentity 00:00:00
-        userDescription ;
-        timeSource 0xA0
-      ptp4lOpts: -2 -s --summary_interval -4
-recommend:
-  - match:
-      - nodeLabel: node-role.kubernetes.io/master
-    priority: 4
-    profile: slave
-----
-<1> Sets the interface used to receive the PTP clock signal.
diff --git a/snippets/ztp-sriov-du-config.adoc b/snippets/ztp-sriov-du-config.adoc
deleted file mode 100644
index a72c68dbe593..000000000000
--- a/snippets/ztp-sriov-du-config.adoc
+++ /dev/null
@@ -1,78 +0,0 @@
-:_content-type: SNIPPET
-.Recommended SR-IOV configuration
-[source,yaml]
-----
-apiVersion: sriovnetwork.openshift.io/v1
-kind: SriovOperatorConfig
-metadata:
-  name: default
-  namespace: openshift-sriov-network-operator
-spec:
-  configDaemonNodeSelector:
-    node-role.kubernetes.io/master: ""
-  disableDrain: true
-  enableInjector: true
-  enableOperatorWebhook: true
----
-apiVersion: sriovnetwork.openshift.io/v1
-kind: SriovNetwork
-metadata:
-  name: sriov-nw-du-mh
-  namespace: openshift-sriov-network-operator
-spec:
-  networkNamespace: openshift-sriov-network-operator
-  resourceName: du_mh
-  vlan: 150 <1>
----
-apiVersion: sriovnetwork.openshift.io/v1
-kind: SriovNetworkNodePolicy
-metadata:
-  name: sriov-nnp-du-mh
-  namespace: openshift-sriov-network-operator
-spec:
-  deviceType: vfio-pci <2>
-  isRdma: false
-  nicSelector:
-    pfNames:
-      - ens7f0 <3>
-  nodeSelector:
-    node-role.kubernetes.io/master: ""
-  numVfs: 8 <4>
-  priority: 10
-  resourceName: du_mh
----
-apiVersion: sriovnetwork.openshift.io/v1
-kind: SriovNetwork
-metadata:
-  name: sriov-nw-du-fh
-  namespace: openshift-sriov-network-operator
-spec:
-  networkNamespace: openshift-sriov-network-operator
-  resourceName: du_fh
-  vlan: 140 <5>
----
-apiVersion: sriovnetwork.openshift.io/v1
-kind: SriovNetworkNodePolicy
-metadata:
-  name: sriov-nnp-du-fh
-  namespace: openshift-sriov-network-operator
-spec:
-  deviceType: netdevice <6>
-  isRdma: true
-  nicSelector:
-    pfNames:
-      - ens5f0 <7>
-  nodeSelector:
-    node-role.kubernetes.io/master: ""
-  numVfs: 8 <8>
-  priority: 10
-  resourceName: du_fh
-----
-<1> Specifies the VLAN for the midhaul network.
-<2> Select either `vfio-pci` or `netdevice`, as needed.
-<3> Specifies the interface connected to the midhaul network.
-<4> Specifies the number of VFs for the midhaul network.
-<5> The VLAN for the fronthaul network.
-<6> Select either `vfio-pci` or `netdevice`, as needed.
-<7> Specifies the interface connected to the fronthaul network.
-<8> Specifies the number of VFs for the fronthaul network.
diff --git a/snippets/ztp-storage-lvms.adoc b/snippets/ztp-storage-lvms.adoc
deleted file mode 100644
index fb8f87189a7b..000000000000
--- a/snippets/ztp-storage-lvms.adoc
+++ /dev/null
@@ -1,22 +0,0 @@
-:_content-type: SNIPPET
-.Recommended LVMCluster configuration
-[source,yaml]
-----
-apiVersion: lvm.topolvm.io/v1alpha1
-kind: LVMCluster
-metadata:
-  name: odf-lvmcluster
-  namespace: openshift-storage
-spec:
-  storage:
-    deviceClasses:
-    - name: vg1
-      deviceSelector: <1>
-        paths:
-        - /usr/disk/by-path/pci-0000:11:00.0-nvme-1
-      thinPoolConfig:
-        name: thin-pool-1
-        overprovisionRatio: 10
-        sizePercent: 90
-----
-<1> If no disks are specified in the `deviceSelector.paths` field, the {lvms} uses all the unused disks in the specified thin pool.
\ No newline at end of file
diff --git a/snippets/ztp_01-container-mount-ns-and-kubelet-conf-master.yaml b/snippets/ztp_01-container-mount-ns-and-kubelet-conf-master.yaml
new file mode 100644
index 000000000000..4678a3ffe604
--- /dev/null
+++ b/snippets/ztp_01-container-mount-ns-and-kubelet-conf-master.yaml
@@ -0,0 +1,70 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: container-mount-namespace-and-kubelet-conf-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKCmRlYnVnKCkgewogIGVjaG8gJEAgPiYyCn0KCnVzYWdlKCkgewogIGVjaG8gVXNhZ2U6ICQoYmFzZW5hbWUgJDApIFVOSVQgW2VudmZpbGUgW3Zhcm5hbWVdXQogIGVjaG8KICBlY2hvIEV4dHJhY3QgdGhlIGNvbnRlbnRzIG9mIHRoZSBmaXJzdCBFeGVjU3RhcnQgc3RhbnphIGZyb20gdGhlIGdpdmVuIHN5c3RlbWQgdW5pdCBhbmQgcmV0dXJuIGl0IHRvIHN0ZG91dAogIGVjaG8KICBlY2hvICJJZiAnZW52ZmlsZScgaXMgcHJvdmlkZWQsIHB1dCBpdCBpbiB0aGVyZSBpbnN0ZWFkLCBhcyBhbiBlbnZpcm9ubWVudCB2YXJpYWJsZSBuYW1lZCAndmFybmFtZSciCiAgZWNobyAiRGVmYXVsdCAndmFybmFtZScgaXMgRVhFQ1NUQVJUIGlmIG5vdCBzcGVjaWZpZWQiCiAgZXhpdCAxCn0KClVOSVQ9JDEKRU5WRklMRT0kMgpWQVJOQU1FPSQzCmlmIFtbIC16ICRVTklUIHx8ICRVTklUID09ICItLWhlbHAiIHx8ICRVTklUID09ICItaCIgXV07IHRoZW4KICB1c2FnZQpmaQpkZWJ1ZyAiRXh0cmFjdGluZyBFeGVjU3RhcnQgZnJvbSAkVU5JVCIKRklMRT0kKHN5c3RlbWN0bCBjYXQgJFVOSVQgfCBoZWFkIC1uIDEpCkZJTEU9JHtGSUxFI1wjIH0KaWYgW1sgISAtZiAkRklMRSBdXTsgdGhlbgogIGRlYnVnICJGYWlsZWQgdG8gZmluZCByb290IGZpbGUgZm9yIHVuaXQgJFVOSVQgKCRGSUxFKSIKICBleGl0CmZpCmRlYnVnICJTZXJ2aWNlIGRlZmluaXRpb24gaXMgaW4gJEZJTEUiCkVYRUNTVEFSVD0kKHNlZCAtbiAtZSAnL15FeGVjU3RhcnQ9LipcXCQvLC9bXlxcXSQvIHsgcy9eRXhlY1N0YXJ0PS8vOyBwIH0nIC1lICcvXkV4ZWNTdGFydD0uKlteXFxdJC8geyBzL15FeGVjU3RhcnQ9Ly87IHAgfScgJEZJTEUpCgppZiBbWyAkRU5WRklMRSBdXTsgdGhlbgogIFZBUk5BTUU9JHtWQVJOQU1FOi1FWEVDU1RBUlR9CiAgZWNobyAiJHtWQVJOQU1FfT0ke0VYRUNTVEFSVH0iID4gJEVOVkZJTEUKZWxzZQogIGVjaG8gJEVYRUNTVEFSVApmaQo=
+          mode: 493
+          path: /usr/local/bin/extractExecStart
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKbnNlbnRlciAtLW1vdW50PS9ydW4vY29udGFpbmVyLW1vdW50LW5hbWVzcGFjZS9tbnQgIiRAIgo=
+          mode: 493
+          path: /usr/local/bin/nsenterCmns
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Manages a mount namespace that both kubelet and crio can use to share their container-specific mounts
+
+            [Service]
+            Type=oneshot
+            RemainAfterExit=yes
+            RuntimeDirectory=container-mount-namespace
+            Environment=RUNTIME_DIRECTORY=%t/container-mount-namespace
+            Environment=BIND_POINT=%t/container-mount-namespace/mnt
+            ExecStartPre=bash -c "findmnt ${RUNTIME_DIRECTORY} || mount --make-unbindable --bind ${RUNTIME_DIRECTORY} ${RUNTIME_DIRECTORY}"
+            ExecStartPre=touch ${BIND_POINT}
+            ExecStart=unshare --mount=${BIND_POINT} --propagation slave mount --make-rshared /
+            ExecStop=umount -R ${RUNTIME_DIRECTORY}
+          name: container-mount-namespace.service
+        - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART}"
+              name: 90-container-mount-namespace.conf
+          name: crio.service
+        - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART} --housekeeping-interval=30s"
+              name: 90-container-mount-namespace.conf
+            - contents: |
+                [Service]
+                Environment="OPENSHIFT_MAX_HOUSEKEEPING_INTERVAL_DURATION=60s"
+                Environment="OPENSHIFT_EVICTION_MONITORING_PERIOD_DURATION=30s"
+              name: 30-kubelet-interval-tuning.conf
+          name: kubelet.service
diff --git a/snippets/ztp_01-container-mount-ns-and-kubelet-conf-worker.yaml b/snippets/ztp_01-container-mount-ns-and-kubelet-conf-worker.yaml
new file mode 100644
index 000000000000..bedf700823c1
--- /dev/null
+++ b/snippets/ztp_01-container-mount-ns-and-kubelet-conf-worker.yaml
@@ -0,0 +1,70 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: container-mount-namespace-and-kubelet-conf-worker
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKCmRlYnVnKCkgewogIGVjaG8gJEAgPiYyCn0KCnVzYWdlKCkgewogIGVjaG8gVXNhZ2U6ICQoYmFzZW5hbWUgJDApIFVOSVQgW2VudmZpbGUgW3Zhcm5hbWVdXQogIGVjaG8KICBlY2hvIEV4dHJhY3QgdGhlIGNvbnRlbnRzIG9mIHRoZSBmaXJzdCBFeGVjU3RhcnQgc3RhbnphIGZyb20gdGhlIGdpdmVuIHN5c3RlbWQgdW5pdCBhbmQgcmV0dXJuIGl0IHRvIHN0ZG91dAogIGVjaG8KICBlY2hvICJJZiAnZW52ZmlsZScgaXMgcHJvdmlkZWQsIHB1dCBpdCBpbiB0aGVyZSBpbnN0ZWFkLCBhcyBhbiBlbnZpcm9ubWVudCB2YXJpYWJsZSBuYW1lZCAndmFybmFtZSciCiAgZWNobyAiRGVmYXVsdCAndmFybmFtZScgaXMgRVhFQ1NUQVJUIGlmIG5vdCBzcGVjaWZpZWQiCiAgZXhpdCAxCn0KClVOSVQ9JDEKRU5WRklMRT0kMgpWQVJOQU1FPSQzCmlmIFtbIC16ICRVTklUIHx8ICRVTklUID09ICItLWhlbHAiIHx8ICRVTklUID09ICItaCIgXV07IHRoZW4KICB1c2FnZQpmaQpkZWJ1ZyAiRXh0cmFjdGluZyBFeGVjU3RhcnQgZnJvbSAkVU5JVCIKRklMRT0kKHN5c3RlbWN0bCBjYXQgJFVOSVQgfCBoZWFkIC1uIDEpCkZJTEU9JHtGSUxFI1wjIH0KaWYgW1sgISAtZiAkRklMRSBdXTsgdGhlbgogIGRlYnVnICJGYWlsZWQgdG8gZmluZCByb290IGZpbGUgZm9yIHVuaXQgJFVOSVQgKCRGSUxFKSIKICBleGl0CmZpCmRlYnVnICJTZXJ2aWNlIGRlZmluaXRpb24gaXMgaW4gJEZJTEUiCkVYRUNTVEFSVD0kKHNlZCAtbiAtZSAnL15FeGVjU3RhcnQ9LipcXCQvLC9bXlxcXSQvIHsgcy9eRXhlY1N0YXJ0PS8vOyBwIH0nIC1lICcvXkV4ZWNTdGFydD0uKlteXFxdJC8geyBzL15FeGVjU3RhcnQ9Ly87IHAgfScgJEZJTEUpCgppZiBbWyAkRU5WRklMRSBdXTsgdGhlbgogIFZBUk5BTUU9JHtWQVJOQU1FOi1FWEVDU1RBUlR9CiAgZWNobyAiJHtWQVJOQU1FfT0ke0VYRUNTVEFSVH0iID4gJEVOVkZJTEUKZWxzZQogIGVjaG8gJEVYRUNTVEFSVApmaQo=
+          mode: 493
+          path: /usr/local/bin/extractExecStart
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKbnNlbnRlciAtLW1vdW50PS9ydW4vY29udGFpbmVyLW1vdW50LW5hbWVzcGFjZS9tbnQgIiRAIgo=
+          mode: 493
+          path: /usr/local/bin/nsenterCmns
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Manages a mount namespace that both kubelet and crio can use to share their container-specific mounts
+
+            [Service]
+            Type=oneshot
+            RemainAfterExit=yes
+            RuntimeDirectory=container-mount-namespace
+            Environment=RUNTIME_DIRECTORY=%t/container-mount-namespace
+            Environment=BIND_POINT=%t/container-mount-namespace/mnt
+            ExecStartPre=bash -c "findmnt ${RUNTIME_DIRECTORY} || mount --make-unbindable --bind ${RUNTIME_DIRECTORY} ${RUNTIME_DIRECTORY}"
+            ExecStartPre=touch ${BIND_POINT}
+            ExecStart=unshare --mount=${BIND_POINT} --propagation slave mount --make-rshared /
+            ExecStop=umount -R ${RUNTIME_DIRECTORY}
+          name: container-mount-namespace.service
+        - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART}"
+              name: 90-container-mount-namespace.conf
+          name: crio.service
+        - dropins:
+            - contents: |
+                [Unit]
+                Wants=container-mount-namespace.service
+                After=container-mount-namespace.service
+
+                [Service]
+                ExecStartPre=/usr/local/bin/extractExecStart %n /%t/%N-execstart.env ORIG_EXECSTART
+                EnvironmentFile=-/%t/%N-execstart.env
+                ExecStart=
+                ExecStart=bash -c "nsenter --mount=%t/container-mount-namespace/mnt \
+                    ${ORIG_EXECSTART} --housekeeping-interval=30s"
+              name: 90-container-mount-namespace.conf
+            - contents: |
+                [Service]
+                Environment="OPENSHIFT_MAX_HOUSEKEEPING_INTERVAL_DURATION=60s"
+                Environment="OPENSHIFT_EVICTION_MONITORING_PERIOD_DURATION=30s"
+              name: 30-kubelet-interval-tuning.conf
+          name: kubelet.service
diff --git a/snippets/ztp_03-sctp-machine-config-master.yaml b/snippets/ztp_03-sctp-machine-config-master.yaml
new file mode 100644
index 000000000000..cf4d830154af
--- /dev/null
+++ b/snippets/ztp_03-sctp-machine-config-master.yaml
@@ -0,0 +1,23 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: load-sctp-module-master
+spec:
+  config:
+    ignition:
+      version: 2.2.0
+    storage:
+      files:
+        - contents:
+            source: data:,
+            verification: {}
+          filesystem: root
+          mode: 420
+          path: /etc/modprobe.d/sctp-blacklist.conf
+        - contents:
+            source: data:text/plain;charset=utf-8,sctp
+          filesystem: root
+          mode: 420
+          path: /etc/modules-load.d/sctp-load.conf
diff --git a/snippets/ztp_03-sctp-machine-config-worker.yaml b/snippets/ztp_03-sctp-machine-config-worker.yaml
new file mode 100644
index 000000000000..440d036045d0
--- /dev/null
+++ b/snippets/ztp_03-sctp-machine-config-worker.yaml
@@ -0,0 +1,23 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: load-sctp-module-worker
+spec:
+  config:
+    ignition:
+      version: 2.2.0
+    storage:
+      files:
+        - contents:
+            source: data:,
+            verification: {}
+          filesystem: root
+          mode: 420
+          path: /etc/modprobe.d/sctp-blacklist.conf
+        - contents:
+            source: data:text/plain;charset=utf-8,sctp
+          filesystem: root
+          mode: 420
+          path: /etc/modules-load.d/sctp-load.conf
diff --git a/snippets/ztp_03-workload-partitioning.yaml b/snippets/ztp_03-workload-partitioning.yaml
new file mode 100644
index 000000000000..235015272e52
--- /dev/null
+++ b/snippets/ztp_03-workload-partitioning.yaml
@@ -0,0 +1,26 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: $mcp
+  name: 02-$mcp-workload-partitioning
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,$crio
+          mode: 420
+          overwrite: true
+          path: /etc/crio/crio.conf.d/01-workload-partitioning
+          user:
+            name: root
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,$k8s
+          mode: 420
+          overwrite: true
+          path: /etc/kubernetes/openshift-workload-pinning
+          user:
+            name: root
diff --git a/snippets/ztp_04-accelerated-container-startup-master.yaml b/snippets/ztp_04-accelerated-container-startup-master.yaml
new file mode 100644
index 000000000000..0db3064e6002
--- /dev/null
+++ b/snippets/ztp_04-accelerated-container-startup-master.yaml
@@ -0,0 +1,83 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 04-accelerated-container-startup-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKIwojIFRlbXBvcmFyaWx5IHJlc2V0IHRoZSBjb3JlIHN5c3RlbSBwcm9jZXNzZXMncyBDUFUgYWZmaW5pdHkgdG8gYmUgdW5yZXN0cmljdGVkIHRvIGFjY2VsZXJhdGUgc3RhcnR1cCBhbmQgc2h1dGRvd24KIwojIFRoZSBkZWZhdWx0cyBiZWxvdyBjYW4gYmUgb3ZlcnJpZGRlbiB2aWEgZW52aXJvbm1lbnQgdmFyaWFibGVzCiMKCiMgVGhlIGRlZmF1bHQgc2V0IG9mIGNyaXRpY2FsIHByb2Nlc3NlcyB3aG9zZSBhZmZpbml0eSBzaG91bGQgYmUgdGVtcG9yYXJpbHkgdW5ib3VuZDoKQ1JJVElDQUxfUFJPQ0VTU0VTPSR7Q1JJVElDQUxfUFJPQ0VTU0VTOi0iY3JpbyBrdWJlbGV0IE5ldHdvcmtNYW5hZ2VyIGNvbm1vbiBkYnVzIn0KCiMgRGVmYXVsdCB3YWl0IHRpbWUgaXMgNjAwcyA9IDEwbToKTUFYSU1VTV9XQUlUX1RJTUU9JHtNQVhJTVVNX1dBSVRfVElNRTotNjAwfQoKIyBEZWZhdWx0IHN0ZWFkeS1zdGF0ZSB0aHJlc2hvbGQgPSAyJQojIEFsbG93ZWQgdmFsdWVzOgojICA0ICAtIGFic29sdXRlIHBvZCBjb3VudCAoKy8tKQojICA0JSAtIHBlcmNlbnQgY2hhbmdlICgrLy0pCiMgIC0xIC0gZGlzYWJsZSB0aGUgc3RlYWR5LXN0YXRlIGNoZWNrClNURUFEWV9TVEFURV9USFJFU0hPTEQ9JHtTVEVBRFlfU1RBVEVfVEhSRVNIT0xEOi0yJX0KCiMgRGVmYXVsdCBzdGVhZHktc3RhdGUgd2luZG93ID0gNjBzCiMgSWYgdGhlIHJ1bm5pbmcgcG9kIGNvdW50IHN0YXlzIHdpdGhpbiB0aGUgZ2l2ZW4gdGhyZXNob2xkIGZvciB0aGlzIHRpbWUKIyBwZXJpb2QsIHJldHVybiBDUFUgdXRpbGl6YXRpb24gdG8gbm9ybWFsIGJlZm9yZSB0aGUgbWF4aW11bSB3YWl0IHRpbWUgaGFzCiMgZXhwaXJlcwpTVEVBRFlfU1RBVEVfV0lORE9XPSR7U1RFQURZX1NUQVRFX1dJTkRPVzotNjB9CgojIERlZmF1bHQgc3RlYWR5LXN0YXRlIGFsbG93cyBhbnkgcG9kIGNvdW50IHRvIGJlICJzdGVhZHkgc3RhdGUiCiMgSW5jcmVhc2luZyB0aGlzIHdpbGwgc2tpcCBhbnkgc3RlYWR5LXN0YXRlIGNoZWNrcyB1bnRpbCB0aGUgY291bnQgcmlzZXMgYWJvdmUKIyB0aGlzIG51bWJlciB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMgaWYgdGhlcmUgYXJlIHNvbWUgcGVyaW9kcyB3aGVyZSB0aGUKIyBjb3VudCBkb2Vzbid0IGluY3JlYXNlIGJ1dCB3ZSBrbm93IHdlIGNhbid0IGJlIGF0IHN0ZWFkeS1zdGF0ZSB5ZXQuClNURUFEWV9TVEFURV9NSU5JTVVNPSR7U1RFQURZX1NUQVRFX01JTklNVU06LTB9CgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgpLVUJFTEVUX0NQVV9TVEFURT0vdmFyL2xpYi9rdWJlbGV0L2NwdV9tYW5hZ2VyX3N0YXRlCkZVTExfQ1BVX1NUQVRFPS9zeXMvZnMvY2dyb3VwL2NwdXNldC9jcHVzZXQuY3B1cwpLVUJFTEVUX0NPTkY9L2V0Yy9rdWJlcm5ldGVzL2t1YmVsZXQuY29uZgp1bnJlc3RyaWN0ZWRDcHVzZXQoKSB7CiAgbG9jYWwgY3B1cwogIGlmIFtbIC1lICRLVUJFTEVUX0NQVV9TVEFURSBdXTsgdGhlbgogICAgY3B1cz0kKGpxIC1yICcuZGVmYXVsdENwdVNldCcgPCRLVUJFTEVUX0NQVV9TVEFURSkKICAgIGlmIFtbIC1uICIke2NwdXN9IiAmJiAtZSAke0tVQkVMRVRfQ09ORn0gXV07IHRoZW4KICAgICAgcmVzZXJ2ZWRfY3B1cz0kKGpxIC1yICcucmVzZXJ2ZWRTeXN0ZW1DUFVzJyA8L2V0Yy9rdWJlcm5ldGVzL2t1YmVsZXQuY29uZikKICAgICAgaWYgW1sgLW4gIiR7cmVzZXJ2ZWRfY3B1c30iIF1dOyB0aGVuCiAgICAgICAgIyBVc2UgdGFza3NldCB0byBtZXJnZSB0aGUgdHdvIGNwdXNldHMKICAgICAgICBjcHVzPSQodGFza3NldCAtYyAiJHtyZXNlcnZlZF9jcHVzfSwke2NwdXN9IiBncmVwIC1pIENwdXNfYWxsb3dlZF9saXN0IC9wcm9jL3NlbGYvc3RhdHVzIHwgYXdrICd7cHJpbnQgJDJ9JykKICAgICAgZmkKICAgIGZpCiAgZmkKICBpZiBbWyAteiAkY3B1cyBdXTsgdGhlbgogICAgIyBmYWxsIGJhY2sgdG8gdXNpbmcgYWxsIGNwdXMgaWYgdGhlIGt1YmVsZXQgc3RhdGUgaXMgbm90IGNvbmZpZ3VyZWQgeWV0CiAgICBbWyAtZSAkRlVMTF9DUFVfU1RBVEUgXV0gfHwgcmV0dXJuIDEKICAgIGNwdXM9JCg8JEZVTExfQ1BVX1NUQVRFKQogIGZpCiAgZWNobyAkY3B1cwp9CgpyZXN0cmljdGVkQ3B1c2V0KCkgewogIGZvciBhcmcgaW4gJCg8L3Byb2MvY21kbGluZSk7IGRvCiAgICBpZiBbWyAkYXJnID1+IF5zeXN0ZW1kLmNwdV9hZmZpbml0eT0gXV07IHRoZW4KICAgICAgZWNobyAke2FyZyMqPX0KICAgICAgcmV0dXJuIDAKICAgIGZpCiAgZG9uZQogIHJldHVybiAxCn0KCnJlc2V0QWZmaW5pdHkoKSB7CiAgbG9jYWwgY3B1c2V0PSIkMSIKICBsb2NhbCBmYWlsY291bnQ9MAogIGxvY2FsIHN1Y2Nlc3Njb3VudD0wCiAgbG9nZ2VyICJSZWNvdmVyeTogU2V0dGluZyBDUFUgYWZmaW5pdHkgZm9yIGNyaXRpY2FsIHByb2Nlc3NlcyBcIiRDUklUSUNBTF9QUk9DRVNTRVNcIiB0byAkY3B1c2V0IgogIGZvciBwcm9jIGluICRDUklUSUNBTF9QUk9DRVNTRVM7IGRvCiAgICBsb2NhbCBwaWRzPSIkKHBncmVwICRwcm9jKSIKICAgIGZvciBwaWQgaW4gJHBpZHM7IGRvCiAgICAgIGxvY2FsIHRhc2tzZXRPdXRwdXQKICAgICAgdGFza3NldE91dHB1dD0iJCh0YXNrc2V0IC1hcGMgIiRjcHVzZXQiICRwaWQgMj4mMSkiCiAgICAgIGlmIFtbICQ/IC1uZSAwIF1dOyB0aGVuCiAgICAgICAgZWNobyAiRVJST1I6ICR0YXNrc2V0T3V0cHV0IgogICAgICAgICgoZmFpbGNvdW50KyspKQogICAgICBlbHNlCiAgICAgICAgKChzdWNjZXNzY291bnQrKykpCiAgICAgIGZpCiAgICBkb25lCiAgZG9uZQoKICBsb2dnZXIgIlJlY292ZXJ5OiBSZS1hZmZpbmVkICRzdWNjZXNzY291bnQgcGlkcyBzdWNjZXNzZnVsbHkiCiAgaWYgW1sgJGZhaWxjb3VudCAtZ3QgMCBdXTsgdGhlbgogICAgbG9nZ2VyICJSZWNvdmVyeTogRmFpbGVkIHRvIHJlLWFmZmluZSAkZmFpbGNvdW50IHByb2Nlc3NlcyIKICAgIHJldHVybiAxCiAgZmkKfQoKc2V0VW5yZXN0cmljdGVkKCkgewogIGxvZ2dlciAiUmVjb3Zlcnk6IFNldHRpbmcgY3JpdGljYWwgc3lzdGVtIHByb2Nlc3NlcyB0byBoYXZlIHVucmVzdHJpY3RlZCBDUFUgYWNjZXNzIgogIHJlc2V0QWZmaW5pdHkgIiQodW5yZXN0cmljdGVkQ3B1c2V0KSIKfQoKc2V0UmVzdHJpY3RlZCgpIHsKICBsb2dnZXIgIlJlY292ZXJ5OiBSZXNldHRpbmcgY3JpdGljYWwgc3lzdGVtIHByb2Nlc3NlcyBiYWNrIHRvIG5vcm1hbGx5IHJlc3RyaWN0ZWQgYWNjZXNzIgogIHJlc2V0QWZmaW5pdHkgIiQocmVzdHJpY3RlZENwdXNldCkiCn0KCmN1cnJlbnRBZmZpbml0eSgpIHsKICBsb2NhbCBwaWQ9IiQxIgogIHRhc2tzZXQgLXBjICRwaWQgfCBhd2sgLUYnOiAnICd7cHJpbnQgJDJ9Jwp9Cgp3aXRoaW4oKSB7CiAgbG9jYWwgbGFzdD0kMSBjdXJyZW50PSQyIHRocmVzaG9sZD0kMwogIGxvY2FsIGRlbHRhPTAgcGNoYW5nZQogIGRlbHRhPSQoKCBjdXJyZW50IC0gbGFzdCApKQogIGlmIFtbICRjdXJyZW50IC1lcSAkbGFzdCBdXTsgdGhlbgogICAgcGNoYW5nZT0wCiAgZWxpZiBbWyAkbGFzdCAtZXEgMCBdXTsgdGhlbgogICAgcGNoYW5nZT0xMDAwMDAwCiAgZWxzZQogICAgcGNoYW5nZT0kKCggKCAkZGVsdGEgKiAxMDApIC8gbGFzdCApKQogIGZpCiAgZWNobyAtbiAibGFzdDokbGFzdCBjdXJyZW50OiRjdXJyZW50IGRlbHRhOiRkZWx0YSBwY2hhbmdlOiR7cGNoYW5nZX0lOiAiCiAgbG9jYWwgYWJzb2x1dGUgbGltaXQKICBjYXNlICR0aHJlc2hvbGQgaW4KICAgIColKQogICAgICBhYnNvbHV0ZT0ke3BjaGFuZ2UjIy19ICMgYWJzb2x1dGUgdmFsdWUKICAgICAgbGltaXQ9JHt0aHJlc2hvbGQlJSV9CiAgICAgIDs7CiAgICAqKQogICAgICBhYnNvbHV0ZT0ke2RlbHRhIyMtfSAjIGFic29sdXRlIHZhbHVlCiAgICAgIGxpbWl0PSR0aHJlc2hvbGQKICAgICAgOzsKICBlc2FjCiAgaWYgW1sgJGFic29sdXRlIC1sZSAkbGltaXQgXV07IHRoZW4KICAgIGVjaG8gIndpdGhpbiAoKy8tKSR0aHJlc2hvbGQiCiAgICByZXR1cm4gMAogIGVsc2UKICAgIGVjaG8gIm91dHNpZGUgKCsvLSkkdGhyZXNob2xkIgogICAgcmV0dXJuIDEKICBmaQp9CgpzdGVhZHlzdGF0ZSgpIHsKICBsb2NhbCBsYXN0PSQxIGN1cnJlbnQ9JDIKICBpZiBbWyAkbGFzdCAtbHQgJFNURUFEWV9TVEFURV9NSU5JTVVNIF1dOyB0aGVuCiAgICBlY2hvICJsYXN0OiRsYXN0IGN1cnJlbnQ6JGN1cnJlbnQgV2FpdGluZyB0byByZWFjaCAkU1RFQURZX1NUQVRFX01JTklNVU0gYmVmb3JlIGNoZWNraW5nIGZvciBzdGVhZHktc3RhdGUiCiAgICByZXR1cm4gMQogIGZpCiAgd2l0aGluICRsYXN0ICRjdXJyZW50ICRTVEVBRFlfU1RBVEVfVEhSRVNIT0xECn0KCndhaXRGb3JSZWFkeSgpIHsKICBsb2dnZXIgIlJlY292ZXJ5OiBXYWl0aW5nICR7TUFYSU1VTV9XQUlUX1RJTUV9cyBmb3IgdGhlIGluaXRpYWxpemF0aW9uIHRvIGNvbXBsZXRlIgogIGxvY2FsIGxhc3RTeXN0ZW1kQ3B1c2V0PSIkKGN1cnJlbnRBZmZpbml0eSAxKSIKICBsb2NhbCBsYXN0RGVzaXJlZENwdXNldD0iJCh1bnJlc3RyaWN0ZWRDcHVzZXQpIgogIGxvY2FsIHQ9MCBzPTEwCiAgbG9jYWwgbGFzdENjb3VudD0wIGNjb3VudD0wIHN0ZWFkeVN0YXRlVGltZT0wCiAgd2hpbGUgW1sgJHQgLWx0ICRNQVhJTVVNX1dBSVRfVElNRSBdXTsgZG8KICAgIHNsZWVwICRzCiAgICAoKHQgKz0gcykpCiAgICAjIFJlLWNoZWNrIHRoZSBjdXJyZW50IGFmZmluaXR5IG9mIHN5c3RlbWQsIGluIGNhc2Ugc29tZSBvdGhlciBwcm9jZXNzIGhhcyBjaGFuZ2VkIGl0CiAgICBsb2NhbCBzeXN0ZW1kQ3B1c2V0PSIkKGN1cnJlbnRBZmZpbml0eSAxKSIKICAgICMgUmUtY2hlY2sgdGhlIHVucmVzdHJpY3RlZCBDcHVzZXQsIGFzIHRoZSBhbGxvd2VkIHNldCBvZiB1bnJlc2VydmVkIGNvcmVzIG1heSBjaGFuZ2UgYXMgcG9kcyBhcmUgYXNzaWduZWQgdG8gY29yZXMKICAgIGxvY2FsIGRlc2lyZWRDcHVzZXQ9IiQodW5yZXN0cmljdGVkQ3B1c2V0KSIKICAgIGlmIFtbICRzeXN0ZW1kQ3B1c2V0ICE9ICRsYXN0U3lzdGVtZENwdXNldCB8fCAkbGFzdERlc2lyZWRDcHVzZXQgIT0gJGRlc2lyZWRDcHVzZXQgXV07IHRoZW4KICAgICAgcmVzZXRBZmZpbml0eSAiJGRlc2lyZWRDcHVzZXQiCiAgICAgIGxhc3RTeXN0ZW1kQ3B1c2V0PSIkKGN1cnJlbnRBZmZpbml0eSAxKSIKICAgICAgbGFzdERlc2lyZWRDcHVzZXQ9IiRkZXNpcmVkQ3B1c2V0IgogICAgZmkKCiAgICAjIERldGVjdCBzdGVhZHktc3RhdGUgcG9kIGNvdW50CiAgICBjY291bnQ9JChjcmljdGwgcHMgfCB3YyAtbCkKICAgIGlmIHN0ZWFkeXN0YXRlICRsYXN0Q2NvdW50ICRjY291bnQ7IHRoZW4KICAgICAgKChzdGVhZHlTdGF0ZVRpbWUgKz0gcykpCiAgICAgIGVjaG8gIlN0ZWFkeS1zdGF0ZSBmb3IgJHtzdGVhZHlTdGF0ZVRpbWV9cy8ke1NURUFEWV9TVEFURV9XSU5ET1d9cyIKICAgICAgaWYgW1sgJHN0ZWFkeVN0YXRlVGltZSAtZ2UgJFNURUFEWV9TVEFURV9XSU5ET1cgXV07IHRoZW4KICAgICAgICBsb2dnZXIgIlJlY292ZXJ5OiBTdGVhZHktc3RhdGUgKCsvLSAkU1RFQURZX1NUQVRFX1RIUkVTSE9MRCkgZm9yICR7U1RFQURZX1NUQVRFX1dJTkRPV31zOiBEb25lIgogICAgICAgIHJldHVybiAwCiAgICAgIGZpCiAgICBlbHNlCiAgICAgIGlmIFtbICRzdGVhZHlTdGF0ZVRpbWUgLWd0IDAgXV07IHRoZW4KICAgICAgICBlY2hvICJSZXNldHRpbmcgc3RlYWR5LXN0YXRlIHRpbWVyIgogICAgICAgIHN0ZWFkeVN0YXRlVGltZT0wCiAgICAgIGZpCiAgICBmaQogICAgbGFzdENjb3VudD0kY2NvdW50CiAgZG9uZQogIGxvZ2dlciAiUmVjb3Zlcnk6IFJlY292ZXJ5IENvbXBsZXRlIFRpbWVvdXQiCn0KCm1haW4oKSB7CiAgaWYgISB1bnJlc3RyaWN0ZWRDcHVzZXQgPiYvZGV2L251bGw7IHRoZW4KICAgIGxvZ2dlciAiUmVjb3Zlcnk6IE5vIHVucmVzdHJpY3RlZCBDcHVzZXQgY291bGQgYmUgZGV0ZWN0ZWQiCiAgICByZXR1cm4gMQogIGZpCgogIGlmICEgcmVzdHJpY3RlZENwdXNldCA+Ji9kZXYvbnVsbDsgdGhlbgogICAgbG9nZ2VyICJSZWNvdmVyeTogTm8gcmVzdHJpY3RlZCBDcHVzZXQgaGFzIGJlZW4gY29uZmlndXJlZC4gIFdlIGFyZSBhbHJlYWR5IHJ1bm5pbmcgdW5yZXN0cmljdGVkLiIKICAgIHJldHVybiAwCiAgZmkKCiAgIyBFbnN1cmUgd2UgcmVzZXQgdGhlIENQVSBhZmZpbml0eSB3aGVuIHdlIGV4aXQgdGhpcyBzY3JpcHQgZm9yIGFueSByZWFzb24KICAjIFRoaXMgd2F5IGVpdGhlciBhZnRlciB0aGUgdGltZXIgZXhwaXJlcyBvciBhZnRlciB0aGUgcHJvY2VzcyBpcyBpbnRlcnJ1cHRlZAogICMgdmlhIF5DIG9yIFNJR1RFUk0sIHdlIHJldHVybiB0aGluZ3MgYmFjayB0byB0aGUgd2F5IHRoZXkgc2hvdWxkIGJlLgogIHRyYXAgc2V0UmVzdHJpY3RlZCBFWElUCgogIGxvZ2dlciAiUmVjb3Zlcnk6IFJlY292ZXJ5IE1vZGUgU3RhcnRpbmciCiAgc2V0VW5yZXN0cmljdGVkCiAgd2FpdEZvclJlYWR5Cn0KCmlmIFtbICIke0JBU0hfU09VUkNFWzBdfSIgPSAiJHswfSIgXV07IHRoZW4KICBtYWluICIke0B9IgogIGV4aXQgJD8KZmkK
+          mode: 493
+          path: /usr/local/bin/accelerated-container-startup.sh
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Unlocks more CPUs for critical system processes during container startup
+
+            [Service]
+            Type=simple
+            ExecStart=/usr/local/bin/accelerated-container-startup.sh
+
+            # Maximum wait time is 600s = 10m:
+            Environment=MAXIMUM_WAIT_TIME=600
+
+            # Steady-state threshold = 2%
+            # Allowed values:
+            #  4  - absolute pod count (+/-)
+            #  4% - percent change (+/-)
+            #  -1 - disable the steady-state check
+            # Note: '%' must be escaped as '%%' in systemd unit files
+            Environment=STEADY_STATE_THRESHOLD=2%%
+
+            # Steady-state window = 120s
+            # If the running pod count stays within the given threshold for this time
+            # period, return CPU utilization to normal before the maximum wait time has
+            # expires
+            Environment=STEADY_STATE_WINDOW=120
+
+            # Steady-state minimum = 40
+            # Increasing this will skip any steady-state checks until the count rises above
+            # this number to avoid false positives if there are some periods where the
+            # count doesn't increase but we know we can't be at steady-state yet.
+            Environment=STEADY_STATE_MINIMUM=40
+
+            [Install]
+            WantedBy=multi-user.target
+          enabled: true
+          name: accelerated-container-startup.service
+        - contents: |
+            [Unit]
+            Description=Unlocks more CPUs for critical system processes during container shutdown
+            DefaultDependencies=no
+
+            [Service]
+            Type=simple
+            ExecStart=/usr/local/bin/accelerated-container-startup.sh
+
+            # Maximum wait time is 600s = 10m:
+            Environment=MAXIMUM_WAIT_TIME=600
+
+            # Steady-state threshold
+            # Allowed values:
+            #  4  - absolute pod count (+/-)
+            #  4% - percent change (+/-)
+            #  -1 - disable the steady-state check
+            # Note: '%' must be escaped as '%%' in systemd unit files
+            Environment=STEADY_STATE_THRESHOLD=-1
+
+            # Steady-state window = 60s
+            # If the running pod count stays within the given threshold for this time
+            # period, return CPU utilization to normal before the maximum wait time has
+            # expires
+            Environment=STEADY_STATE_WINDOW=60
+
+            [Install]
+            WantedBy=shutdown.target reboot.target halt.target
+          enabled: true
+          name: accelerated-container-shutdown.service
diff --git a/snippets/ztp_05-kdump-config-master.yaml b/snippets/ztp_05-kdump-config-master.yaml
new file mode 100644
index 000000000000..835fffd5a98a
--- /dev/null
+++ b/snippets/ztp_05-kdump-config-master.yaml
@@ -0,0 +1,30 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 05-kdump-config-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - enabled: true
+          name: kdump-remove-ice-module.service
+          contents: |
+            [Unit]
+            Description=Remove ice module when doing kdump
+            Before=kdump.service
+            [Service]
+            Type=oneshot
+            RemainAfterExit=true
+            ExecStart=/usr/local/bin/kdump-remove-ice-module.sh
+            [Install]
+            WantedBy=multi-user.target
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyBUaGlzIHNjcmlwdCByZW1vdmVzIHRoZSBpY2UgbW9kdWxlIGZyb20ga2R1bXAgdG8gcHJldmVudCBrZHVtcCBmYWlsdXJlcyBvbiBjZXJ0YWluIHNlcnZlcnMuCiMgVGhpcyBpcyBhIHRlbXBvcmFyeSB3b3JrYXJvdW5kIGZvciBSSEVMUExBTi0xMzgyMzYgYW5kIGNhbiBiZSByZW1vdmVkIHdoZW4gdGhhdCBpc3N1ZSBpcwojIGZpeGVkLgoKc2V0IC14CgpTRUQ9Ii91c3IvYmluL3NlZCIKR1JFUD0iL3Vzci9iaW4vZ3JlcCIKCiMgb3ZlcnJpZGUgZm9yIHRlc3RpbmcgcHVycG9zZXMKS0RVTVBfQ09ORj0iJHsxOi0vZXRjL3N5c2NvbmZpZy9rZHVtcH0iClJFTU9WRV9JQ0VfU1RSPSJtb2R1bGVfYmxhY2tsaXN0PWljZSIKCiMgZXhpdCBpZiBmaWxlIGRvZXNuJ3QgZXhpc3QKWyAhIC1mICR7S0RVTVBfQ09ORn0gXSAmJiBleGl0IDAKCiMgZXhpdCBpZiBmaWxlIGFscmVhZHkgdXBkYXRlZAoke0dSRVB9IC1GcSAke1JFTU9WRV9JQ0VfU1RSfSAke0tEVU1QX0NPTkZ9ICYmIGV4aXQgMAoKIyBUYXJnZXQgbGluZSBsb29rcyBzb21ldGhpbmcgbGlrZSB0aGlzOgojIEtEVU1QX0NPTU1BTkRMSU5FX0FQUEVORD0iaXJxcG9sbCBucl9jcHVzPTEgLi4uIGhlc3RfZGlzYWJsZSIKIyBVc2Ugc2VkIHRvIG1hdGNoIGV2ZXJ5dGhpbmcgYmV0d2VlbiB0aGUgcXVvdGVzIGFuZCBhcHBlbmQgdGhlIFJFTU9WRV9JQ0VfU1RSIHRvIGl0CiR7U0VEfSAtaSAncy9eS0RVTVBfQ09NTUFORExJTkVfQVBQRU5EPSJbXiJdKi8mICcke1JFTU9WRV9JQ0VfU1RSfScvJyAke0tEVU1QX0NPTkZ9IHx8IGV4aXQgMAo=
+          mode: 448
+          path: /usr/local/bin/kdump-remove-ice-module.sh
diff --git a/snippets/ztp_05-kdump-config-worker.yaml b/snippets/ztp_05-kdump-config-worker.yaml
new file mode 100644
index 000000000000..72c8f5ee98eb
--- /dev/null
+++ b/snippets/ztp_05-kdump-config-worker.yaml
@@ -0,0 +1,30 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 05-kdump-config-worker
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - enabled: true
+          name: kdump-remove-ice-module.service
+          contents: |
+            [Unit]
+            Description=Remove ice module when doing kdump
+            Before=kdump.service
+            [Service]
+            Type=oneshot
+            RemainAfterExit=true
+            ExecStart=/usr/local/bin/kdump-remove-ice-module.sh
+            [Install]
+            WantedBy=multi-user.target
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvdXNyL2Jpbi9lbnYgYmFzaAoKIyBUaGlzIHNjcmlwdCByZW1vdmVzIHRoZSBpY2UgbW9kdWxlIGZyb20ga2R1bXAgdG8gcHJldmVudCBrZHVtcCBmYWlsdXJlcyBvbiBjZXJ0YWluIHNlcnZlcnMuCiMgVGhpcyBpcyBhIHRlbXBvcmFyeSB3b3JrYXJvdW5kIGZvciBSSEVMUExBTi0xMzgyMzYgYW5kIGNhbiBiZSByZW1vdmVkIHdoZW4gdGhhdCBpc3N1ZSBpcwojIGZpeGVkLgoKc2V0IC14CgpTRUQ9Ii91c3IvYmluL3NlZCIKR1JFUD0iL3Vzci9iaW4vZ3JlcCIKCiMgb3ZlcnJpZGUgZm9yIHRlc3RpbmcgcHVycG9zZXMKS0RVTVBfQ09ORj0iJHsxOi0vZXRjL3N5c2NvbmZpZy9rZHVtcH0iClJFTU9WRV9JQ0VfU1RSPSJtb2R1bGVfYmxhY2tsaXN0PWljZSIKCiMgZXhpdCBpZiBmaWxlIGRvZXNuJ3QgZXhpc3QKWyAhIC1mICR7S0RVTVBfQ09ORn0gXSAmJiBleGl0IDAKCiMgZXhpdCBpZiBmaWxlIGFscmVhZHkgdXBkYXRlZAoke0dSRVB9IC1GcSAke1JFTU9WRV9JQ0VfU1RSfSAke0tEVU1QX0NPTkZ9ICYmIGV4aXQgMAoKIyBUYXJnZXQgbGluZSBsb29rcyBzb21ldGhpbmcgbGlrZSB0aGlzOgojIEtEVU1QX0NPTU1BTkRMSU5FX0FQUEVORD0iaXJxcG9sbCBucl9jcHVzPTEgLi4uIGhlc3RfZGlzYWJsZSIKIyBVc2Ugc2VkIHRvIG1hdGNoIGV2ZXJ5dGhpbmcgYmV0d2VlbiB0aGUgcXVvdGVzIGFuZCBhcHBlbmQgdGhlIFJFTU9WRV9JQ0VfU1RSIHRvIGl0CiR7U0VEfSAtaSAncy9eS0RVTVBfQ09NTUFORExJTkVfQVBQRU5EPSJbXiJdKi8mICcke1JFTU9WRV9JQ0VfU1RSfScvJyAke0tEVU1QX0NPTkZ9IHx8IGV4aXQgMAo=
+          mode: 448
+          path: /usr/local/bin/kdump-remove-ice-module.sh
diff --git a/snippets/ztp_06-kdump-master.yaml b/snippets/ztp_06-kdump-master.yaml
new file mode 100644
index 000000000000..97b00cac89cb
--- /dev/null
+++ b/snippets/ztp_06-kdump-master.yaml
@@ -0,0 +1,16 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 06-kdump-enable-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - enabled: true
+          name: kdump.service
+  kernelArguments:
+    - crashkernel=512M
diff --git a/snippets/ztp_06-kdump-worker.yaml b/snippets/ztp_06-kdump-worker.yaml
new file mode 100644
index 000000000000..640435445c5c
--- /dev/null
+++ b/snippets/ztp_06-kdump-worker.yaml
@@ -0,0 +1,16 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 06-kdump-enable-worker
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - enabled: true
+          name: kdump.service
+  kernelArguments:
+    - crashkernel=512M
diff --git a/snippets/ztp_07-sriov-related-kernel-args-master.yaml b/snippets/ztp_07-sriov-related-kernel-args-master.yaml
new file mode 100644
index 000000000000..6b191623a69b
--- /dev/null
+++ b/snippets/ztp_07-sriov-related-kernel-args-master.yaml
@@ -0,0 +1,13 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 07-sriov-related-kernel-args-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+  kernelArguments:
+    - intel_iommu=on
+    - iommu=pt
diff --git a/snippets/ztp_07-sriov-related-kernel-args-worker.yaml b/snippets/ztp_07-sriov-related-kernel-args-worker.yaml
new file mode 100644
index 000000000000..1dfeff223ea0
--- /dev/null
+++ b/snippets/ztp_07-sriov-related-kernel-args-worker.yaml
@@ -0,0 +1,15 @@
+# Automatically generated by extra-manifests-builder
+# Do not make changes directly.
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 07-sriov-related-kernel-args-worker
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+  kernelArguments:
+    - intel_iommu=on
+    - iommu=pt
diff --git a/snippets/ztp_08-set-rcu-normal-master.yaml b/snippets/ztp_08-set-rcu-normal-master.yaml
new file mode 100644
index 000000000000..d358e5c7bd69
--- /dev/null
+++ b/snippets/ztp_08-set-rcu-normal-master.yaml
@@ -0,0 +1,53 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 08-set-rcu-normal-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,IyEvYmluL2Jhc2gKIwojIERpc2FibGUgcmN1X2V4cGVkaXRlZCBhZnRlciBub2RlIGhhcyBmaW5pc2hlZCBib290aW5nCiMKIyBUaGUgZGVmYXVsdHMgYmVsb3cgY2FuIGJlIG92ZXJyaWRkZW4gdmlhIGVudmlyb25tZW50IHZhcmlhYmxlcwojCgojIERlZmF1bHQgd2FpdCB0aW1lIGlzIDYwMHMgPSAxMG06Ck1BWElNVU1fV0FJVF9USU1FPSR7TUFYSU1VTV9XQUlUX1RJTUU6LTYwMH0KCiMgRGVmYXVsdCBzdGVhZHktc3RhdGUgdGhyZXNob2xkID0gMiUKIyBBbGxvd2VkIHZhbHVlczoKIyAgNCAgLSBhYnNvbHV0ZSBwb2QgY291bnQgKCsvLSkKIyAgNCUgLSBwZXJjZW50IGNoYW5nZSAoKy8tKQojICAtMSAtIGRpc2FibGUgdGhlIHN0ZWFkeS1zdGF0ZSBjaGVjawpTVEVBRFlfU1RBVEVfVEhSRVNIT0xEPSR7U1RFQURZX1NUQVRFX1RIUkVTSE9MRDotMiV9CgojIERlZmF1bHQgc3RlYWR5LXN0YXRlIHdpbmRvdyA9IDYwcwojIElmIHRoZSBydW5uaW5nIHBvZCBjb3VudCBzdGF5cyB3aXRoaW4gdGhlIGdpdmVuIHRocmVzaG9sZCBmb3IgdGhpcyB0aW1lCiMgcGVyaW9kLCByZXR1cm4gQ1BVIHV0aWxpemF0aW9uIHRvIG5vcm1hbCBiZWZvcmUgdGhlIG1heGltdW0gd2FpdCB0aW1lIGhhcwojIGV4cGlyZXMKU1RFQURZX1NUQVRFX1dJTkRPVz0ke1NURUFEWV9TVEFURV9XSU5ET1c6LTYwfQoKIyBEZWZhdWx0IHN0ZWFkeS1zdGF0ZSBhbGxvd3MgYW55IHBvZCBjb3VudCB0byBiZSAic3RlYWR5IHN0YXRlIgojIEluY3JlYXNpbmcgdGhpcyB3aWxsIHNraXAgYW55IHN0ZWFkeS1zdGF0ZSBjaGVja3MgdW50aWwgdGhlIGNvdW50IHJpc2VzIGFib3ZlCiMgdGhpcyBudW1iZXIgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzIGlmIHRoZXJlIGFyZSBzb21lIHBlcmlvZHMgd2hlcmUgdGhlCiMgY291bnQgZG9lc24ndCBpbmNyZWFzZSBidXQgd2Uga25vdyB3ZSBjYW4ndCBiZSBhdCBzdGVhZHktc3RhdGUgeWV0LgpTVEVBRFlfU1RBVEVfTUlOSU1VTT0ke1NURUFEWV9TVEFURV9NSU5JTVVNOi0wfQoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKd2l0aGluKCkgewogIGxvY2FsIGxhc3Q9JDEgY3VycmVudD0kMiB0aHJlc2hvbGQ9JDMKICBsb2NhbCBkZWx0YT0wIHBjaGFuZ2UKICBkZWx0YT0kKCggY3VycmVudCAtIGxhc3QgKSkKICBpZiBbWyAkY3VycmVudCAtZXEgJGxhc3QgXV07IHRoZW4KICAgIHBjaGFuZ2U9MAogIGVsaWYgW1sgJGxhc3QgLWVxIDAgXV07IHRoZW4KICAgIHBjaGFuZ2U9MTAwMDAwMAogIGVsc2UKICAgIHBjaGFuZ2U9JCgoICggIiRkZWx0YSIgKiAxMDApIC8gbGFzdCApKQogIGZpCiAgZWNobyAtbiAibGFzdDokbGFzdCBjdXJyZW50OiRjdXJyZW50IGRlbHRhOiRkZWx0YSBwY2hhbmdlOiR7cGNoYW5nZX0lOiAiCiAgbG9jYWwgYWJzb2x1dGUgbGltaXQKICBjYXNlICR0aHJlc2hvbGQgaW4KICAgIColKQogICAgICBhYnNvbHV0ZT0ke3BjaGFuZ2UjIy19ICMgYWJzb2x1dGUgdmFsdWUKICAgICAgbGltaXQ9JHt0aHJlc2hvbGQlJSV9CiAgICAgIDs7CiAgICAqKQogICAgICBhYnNvbHV0ZT0ke2RlbHRhIyMtfSAjIGFic29sdXRlIHZhbHVlCiAgICAgIGxpbWl0PSR0aHJlc2hvbGQKICAgICAgOzsKICBlc2FjCiAgaWYgW1sgJGFic29sdXRlIC1sZSAkbGltaXQgXV07IHRoZW4KICAgIGVjaG8gIndpdGhpbiAoKy8tKSR0aHJlc2hvbGQiCiAgICByZXR1cm4gMAogIGVsc2UKICAgIGVjaG8gIm91dHNpZGUgKCsvLSkkdGhyZXNob2xkIgogICAgcmV0dXJuIDEKICBmaQp9CgpzdGVhZHlzdGF0ZSgpIHsKICBsb2NhbCBsYXN0PSQxIGN1cnJlbnQ9JDIKICBpZiBbWyAkbGFzdCAtbHQgJFNURUFEWV9TVEFURV9NSU5JTVVNIF1dOyB0aGVuCiAgICBlY2hvICJsYXN0OiRsYXN0IGN1cnJlbnQ6JGN1cnJlbnQgV2FpdGluZyB0byByZWFjaCAkU1RFQURZX1NUQVRFX01JTklNVU0gYmVmb3JlIGNoZWNraW5nIGZvciBzdGVhZHktc3RhdGUiCiAgICByZXR1cm4gMQogIGZpCiAgd2l0aGluICIkbGFzdCIgIiRjdXJyZW50IiAiJFNURUFEWV9TVEFURV9USFJFU0hPTEQiCn0KCndhaXRGb3JSZWFkeSgpIHsKICBsb2dnZXIgIlJlY292ZXJ5OiBXYWl0aW5nICR7TUFYSU1VTV9XQUlUX1RJTUV9cyBmb3IgdGhlIGluaXRpYWxpemF0aW9uIHRvIGNvbXBsZXRlIgogIGxvY2FsIHQ9MCBzPTEwCiAgbG9jYWwgbGFzdENjb3VudD0wIGNjb3VudD0wIHN0ZWFkeVN0YXRlVGltZT0wCiAgd2hpbGUgW1sgJHQgLWx0ICRNQVhJTVVNX1dBSVRfVElNRSBdXTsgZG8KICAgIHNsZWVwICRzCiAgICAoKHQgKz0gcykpCiAgICAjIERldGVjdCBzdGVhZHktc3RhdGUgcG9kIGNvdW50CiAgICBjY291bnQ9JChjcmljdGwgcHMgMj4vZGV2L251bGwgfCB3YyAtbCkKICAgIGlmIFtbICRjY291bnQgLWd0IDAgXV0gJiYgc3RlYWR5c3RhdGUgIiRsYXN0Q2NvdW50IiAiJGNjb3VudCI7IHRoZW4KICAgICAgKChzdGVhZHlTdGF0ZVRpbWUgKz0gcykpCiAgICAgIGVjaG8gIlN0ZWFkeS1zdGF0ZSBmb3IgJHtzdGVhZHlTdGF0ZVRpbWV9cy8ke1NURUFEWV9TVEFURV9XSU5ET1d9cyIKICAgICAgaWYgW1sgJHN0ZWFkeVN0YXRlVGltZSAtZ2UgJFNURUFEWV9TVEFURV9XSU5ET1cgXV07IHRoZW4KICAgICAgICBsb2dnZXIgIlJlY292ZXJ5OiBTdGVhZHktc3RhdGUgKCsvLSAkU1RFQURZX1NUQVRFX1RIUkVTSE9MRCkgZm9yICR7U1RFQURZX1NUQVRFX1dJTkRPV31zOiBEb25lIgogICAgICAgIHJldHVybiAwCiAgICAgIGZpCiAgICBlbHNlCiAgICAgIGlmIFtbICRzdGVhZHlTdGF0ZVRpbWUgLWd0IDAgXV07IHRoZW4KICAgICAgICBlY2hvICJSZXNldHRpbmcgc3RlYWR5LXN0YXRlIHRpbWVyIgogICAgICAgIHN0ZWFkeVN0YXRlVGltZT0wCiAgICAgIGZpCiAgICBmaQogICAgbGFzdENjb3VudD0kY2NvdW50CiAgZG9uZQogIGxvZ2dlciAiUmVjb3Zlcnk6IFJlY292ZXJ5IENvbXBsZXRlIFRpbWVvdXQiCn0KCnNldFJjdU5vcm1hbCgpIHsKICBlY2hvICJTZXR0aW5nIHJjdV9ub3JtYWwgdG8gMSIKICBlY2hvIDEgPiAvc3lzL2tlcm5lbC9yY3Vfbm9ybWFsCn0KCm1haW4oKSB7CiAgd2FpdEZvclJlYWR5CiAgZWNobyAiV2FpdGluZyBmb3Igc3RlYWR5IHN0YXRlIHRvb2s6ICQoYXdrICd7cHJpbnQgaW50KCQxLzM2MDApImgiLCBpbnQoKCQxJTM2MDApLzYwKSJtIiwgaW50KCQxJTYwKSJzIn0nIC9wcm9jL3VwdGltZSkiCiAgc2V0UmN1Tm9ybWFsCn0KCmlmIFtbICIke0JBU0hfU09VUkNFWzBdfSIgPSAiJHswfSIgXV07IHRoZW4KICBtYWluICIke0B9IgogIGV4aXQgJD8KZmkK
+          mode: 493
+          path: /usr/local/bin/set-rcu-normal.sh
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Disable rcu_expedited after node has finished booting by setting rcu_normal to 1
+
+            [Service]
+            Type=simple
+            ExecStart=/usr/local/bin/set-rcu-normal.sh
+
+            # Maximum wait time is 600s = 10m:
+            Environment=MAXIMUM_WAIT_TIME=600
+
+            # Steady-state threshold = 2%
+            # Allowed values:
+            #  4  - absolute pod count (+/-)
+            #  4% - percent change (+/-)
+            #  -1 - disable the steady-state check
+            # Note: '%' must be escaped as '%%' in systemd unit files
+            Environment=STEADY_STATE_THRESHOLD=2%%
+
+            # Steady-state window = 120s
+            # If the running pod count stays within the given threshold for this time
+            # period, return CPU utilization to normal before the maximum wait time has
+            # expires
+            Environment=STEADY_STATE_WINDOW=120
+
+            # Steady-state minimum = 40
+            # Increasing this will skip any steady-state checks until the count rises above
+            # this number to avoid false positives if there are some periods where the
+            # count doesn't increase but we know we can't be at steady-state yet.
+            Environment=STEADY_STATE_MINIMUM=40
+
+            [Install]
+            WantedBy=multi-user.target
+          enabled: true
+          name: set-rcu-normal.service
diff --git a/snippets/ztp_99-crio-disable-wipe-master.yaml b/snippets/ztp_99-crio-disable-wipe-master.yaml
new file mode 100644
index 000000000000..8117a918620a
--- /dev/null
+++ b/snippets/ztp_99-crio-disable-wipe-master.yaml
@@ -0,0 +1,16 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 99-crio-disable-wipe-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,W2NyaW9dCmNsZWFuX3NodXRkb3duX2ZpbGUgPSAiIgo=
+          mode: 420
+          path: /etc/crio/crio.conf.d/99-crio-disable-wipe.toml
diff --git a/snippets/ztp_99-crio-disable-wipe-worker.yaml b/snippets/ztp_99-crio-disable-wipe-worker.yaml
new file mode 100644
index 000000000000..f90c9b154591
--- /dev/null
+++ b/snippets/ztp_99-crio-disable-wipe-worker.yaml
@@ -0,0 +1,16 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-crio-disable-wipe-worker
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,W2NyaW9dCmNsZWFuX3NodXRkb3duX2ZpbGUgPSAiIgo=
+          mode: 420
+          path: /etc/crio/crio.conf.d/99-crio-disable-wipe.toml
diff --git a/snippets/ztp_99-sync-time-once-master.yaml b/snippets/ztp_99-sync-time-once-master.yaml
new file mode 100644
index 000000000000..a215a78f2a67
--- /dev/null
+++ b/snippets/ztp_99-sync-time-once-master.yaml
@@ -0,0 +1,25 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 99-sync-time-once-master
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Sync time once
+            After=network.service
+            [Service]
+            Type=oneshot
+            TimeoutStartSec=300
+            ExecStart=/usr/sbin/chronyd -n -f /etc/chrony.conf -q
+            RemainAfterExit=yes
+            [Install]
+            WantedBy=multi-user.target
+          enabled: true
+          name: sync-time-once.service
diff --git a/snippets/ztp_99-sync-time-once-worker.yaml b/snippets/ztp_99-sync-time-once-worker.yaml
new file mode 100644
index 000000000000..d1dbb45e9feb
--- /dev/null
+++ b/snippets/ztp_99-sync-time-once-worker.yaml
@@ -0,0 +1,25 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-sync-time-once-worker
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    systemd:
+      units:
+        - contents: |
+            [Unit]
+            Description=Sync time once
+            After=network.service
+            [Service]
+            Type=oneshot
+            TimeoutStartSec=300
+            ExecStart=/usr/sbin/chronyd -n -f /etc/chrony.conf -q
+            RemainAfterExit=yes
+            [Install]
+            WantedBy=multi-user.target
+          enabled: true
+          name: sync-time-once.service
diff --git a/snippets/ztp_AcceleratorsNS.yaml b/snippets/ztp_AcceleratorsNS.yaml
new file mode 100644
index 000000000000..32aed4d54ec0
--- /dev/null
+++ b/snippets/ztp_AcceleratorsNS.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vran-acceleration-operators
+  annotations: {}
diff --git a/snippets/ztp_AcceleratorsOperGroup.yaml b/snippets/ztp_AcceleratorsOperGroup.yaml
new file mode 100644
index 000000000000..01fbc7972ddd
--- /dev/null
+++ b/snippets/ztp_AcceleratorsOperGroup.yaml
@@ -0,0 +1,9 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: vran-operators
+  namespace: vran-acceleration-operators
+  annotations: {}
+spec:
+  targetNamespaces:
+    - vran-acceleration-operators
diff --git a/snippets/ztp_AcceleratorsSubscription.yaml b/snippets/ztp_AcceleratorsSubscription.yaml
new file mode 100644
index 000000000000..ae8ef9bef179
--- /dev/null
+++ b/snippets/ztp_AcceleratorsSubscription.yaml
@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: sriov-fec-subscription
+  namespace: vran-acceleration-operators
+  annotations: {}
+spec:
+  channel: stable
+  name: sriov-fec
+  source: certified-operators
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Manual
+status:
+  state: AtLatestKnown
diff --git a/snippets/ztp_ClusterLogForwarder.yaml b/snippets/ztp_ClusterLogForwarder.yaml
new file mode 100644
index 000000000000..5afd24c48700
--- /dev/null
+++ b/snippets/ztp_ClusterLogForwarder.yaml
@@ -0,0 +1,9 @@
+apiVersion: "logging.openshift.io/v1"
+kind: ClusterLogForwarder
+metadata:
+  name: instance
+  namespace: openshift-logging
+  annotations: {}
+spec:
+  outputs: $outputs
+  pipelines: $pipelines
diff --git a/snippets/ztp_ClusterLogNS.yaml b/snippets/ztp_ClusterLogNS.yaml
new file mode 100644
index 000000000000..1fcd5d63d7aa
--- /dev/null
+++ b/snippets/ztp_ClusterLogNS.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-logging
+  annotations:
+    workload.openshift.io/allowed: management
diff --git a/snippets/ztp_ClusterLogOperGroup.yaml b/snippets/ztp_ClusterLogOperGroup.yaml
new file mode 100644
index 000000000000..0fa1bdcc1113
--- /dev/null
+++ b/snippets/ztp_ClusterLogOperGroup.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+  annotations: {}
+spec:
+  targetNamespaces:
+    - openshift-logging
diff --git a/snippets/ztp_ClusterLogSubscription.yaml b/snippets/ztp_ClusterLogSubscription.yaml
new file mode 100644
index 000000000000..6719e1878237
--- /dev/null
+++ b/snippets/ztp_ClusterLogSubscription.yaml
@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: cluster-logging
+  namespace: openshift-logging
+  annotations: {}
+spec:
+  channel: "stable"
+  name: cluster-logging
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Manual
+status:
+  state: AtLatestKnown
diff --git a/snippets/ztp_ClusterLogging.yaml b/snippets/ztp_ClusterLogging.yaml
new file mode 100644
index 000000000000..a83b3a3114bc
--- /dev/null
+++ b/snippets/ztp_ClusterLogging.yaml
@@ -0,0 +1,11 @@
+apiVersion: logging.openshift.io/v1
+kind: ClusterLogging
+metadata:
+  name: instance
+  namespace: openshift-logging
+  annotations: {}
+spec:
+  managementState: "Managed"
+  collection:
+    logs:
+      type: "vector"
diff --git a/snippets/ztp_DefaultCatsrc.yaml b/snippets/ztp_DefaultCatsrc.yaml
new file mode 100644
index 000000000000..097de0b8d926
--- /dev/null
+++ b/snippets/ztp_DefaultCatsrc.yaml
@@ -0,0 +1,18 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: default-cat-source
+  namespace: openshift-marketplace
+  annotations:
+    target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+spec:
+  displayName: default-cat-source
+  image: $imageUrl
+  publisher: Red Hat
+  sourceType: grpc
+  updateStrategy:
+    registryPoll:
+      interval: 1h
+status:
+  connectionState:
+    lastObservedState: READY
diff --git a/snippets/ztp_DisableSnoNetworkDiag.yaml b/snippets/ztp_DisableSnoNetworkDiag.yaml
new file mode 100644
index 000000000000..d09e93dceedb
--- /dev/null
+++ b/snippets/ztp_DisableSnoNetworkDiag.yaml
@@ -0,0 +1,7 @@
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+  annotations: {}
+spec:
+  disableNetworkDiagnostics: true
diff --git a/snippets/ztp_DisconnectedICSP.yaml b/snippets/ztp_DisconnectedICSP.yaml
new file mode 100644
index 000000000000..1dde92c31d6c
--- /dev/null
+++ b/snippets/ztp_DisconnectedICSP.yaml
@@ -0,0 +1,8 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: disconnected-internal-icsp
+  annotations: {}
+spec:
+  repositoryDigestMirrors:
+    - $mirrors
diff --git a/snippets/ztp_OperatorHub.yaml b/snippets/ztp_OperatorHub.yaml
new file mode 100644
index 000000000000..ce3e4cc2bf24
--- /dev/null
+++ b/snippets/ztp_OperatorHub.yaml
@@ -0,0 +1,7 @@
+apiVersion: config.openshift.io/v1
+kind: OperatorHub
+metadata:
+  name: cluster
+  annotations: {}
+spec:
+  disableAllDefaultSources: true
diff --git a/snippets/ztp_PerformanceProfile.yaml b/snippets/ztp_PerformanceProfile.yaml
new file mode 100644
index 000000000000..c8e268dc59f4
--- /dev/null
+++ b/snippets/ztp_PerformanceProfile.yaml
@@ -0,0 +1,43 @@
+apiVersion: performance.openshift.io/v2
+kind: PerformanceProfile
+metadata:
+  # if you change this name make sure the 'include' line in TunedPerformancePatch.yaml
+  # matches this name: include=openshift-node-performance-${PerformanceProfile.metadata.name}
+  # Also in file 'validatorCRs/informDuValidator.yaml': 
+  # name: 50-performance-${PerformanceProfile.metadata.name}
+  name: openshift-node-performance-profile
+  annotations:
+    ran.openshift.io/reference-configuration: "ran-du.redhat.com"
+spec:
+  additionalKernelArgs:
+    - "rcupdate.rcu_normal_after_boot=0"
+    - "efi=runtime"
+    - "vfio_pci.enable_sriov=1"
+    - "vfio_pci.disable_idle_d3=1"
+    - "module_blacklist=irdma"
+  cpu:
+    isolated: $isolated
+    reserved: $reserved
+  hugepages:
+    defaultHugepagesSize: $defaultHugepagesSize
+    pages:
+      - size: $size
+        count: $count
+        node: $node
+  machineConfigPoolSelector:
+    pools.operator.machineconfiguration.openshift.io/$mcp: ""
+  nodeSelector:
+    node-role.kubernetes.io/$mcp: ""
+  numa:
+    topologyPolicy: "restricted"
+  # To use the standard (non-realtime) kernel, set enabled to false
+  realTimeKernel:
+    enabled: true
+  workloadHints:
+    # WorkloadHints defines the set of upper level flags for different type of workloads.
+    # See https://github.com/openshift/cluster-node-tuning-operator/blob/master/docs/performanceprofile/performance_profile.md#workloadhints
+    # for detailed descriptions of each item.
+    # The configuration below is set for a low latency, performance mode.
+    realTime: true
+    highPowerConsumption: false
+    perPodPowerManagement: false
diff --git a/snippets/ztp_PtpConfigBoundary.yaml b/snippets/ztp_PtpConfigBoundary.yaml
new file mode 100644
index 000000000000..22597f8ccc4a
--- /dev/null
+++ b/snippets/ztp_PtpConfigBoundary.yaml
@@ -0,0 +1,131 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: boundary
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  profile:
+    - name: "boundary"
+      ptp4lOpts: "-2"
+      phc2sysOpts: "-a -r -n 24"
+      ptpSchedulingPolicy: SCHED_FIFO
+      ptpSchedulingPriority: 10
+      ptpSettings:
+        logReduce: "true"
+      ptp4lConf: |
+        # The interface name is hardware-specific
+        [$iface_slave]
+        masterOnly 0
+        [$iface_master_1]
+        masterOnly 1
+        [$iface_master_2]
+        masterOnly 1
+        [$iface_master_3]
+        masterOnly 1
+        [global]
+        #
+        # Default Data Set
+        #
+        twoStepFlag 1
+        slaveOnly 0
+        priority1 128
+        priority2 128
+        domainNumber 24
+        #utc_offset 37
+        clockClass 248
+        clockAccuracy 0xFE
+        offsetScaledLogVariance 0xFFFF
+        free_running 0
+        freq_est_interval 1
+        dscp_event 0
+        dscp_general 0
+        dataset_comparison G.8275.x
+        G.8275.defaultDS.localPriority 128
+        #
+        # Port Data Set
+        #
+        logAnnounceInterval -3
+        logSyncInterval -4
+        logMinDelayReqInterval -4
+        logMinPdelayReqInterval -4
+        announceReceiptTimeout 3
+        syncReceiptTimeout 0
+        delayAsymmetry 0
+        fault_reset_interval -4
+        neighborPropDelayThresh 20000000
+        masterOnly 0
+        G.8275.portDS.localPriority 128
+        #
+        # Run time options
+        #
+        assume_two_step 0
+        logging_level 6
+        path_trace_enabled 0
+        follow_up_info 0
+        hybrid_e2e 0
+        inhibit_multicast_service 0
+        net_sync_monitor 0
+        tc_spanning_tree 0
+        tx_timestamp_timeout 50
+        unicast_listen 0
+        unicast_master_table 0
+        unicast_req_duration 3600
+        use_syslog 1
+        verbose 0
+        summary_interval 0
+        kernel_leap 1
+        check_fup_sync 0
+        clock_class_threshold 135
+        #
+        # Servo Options
+        #
+        pi_proportional_const 0.0
+        pi_integral_const 0.0
+        pi_proportional_scale 0.0
+        pi_proportional_exponent -0.3
+        pi_proportional_norm_max 0.7
+        pi_integral_scale 0.0
+        pi_integral_exponent 0.4
+        pi_integral_norm_max 0.3
+        step_threshold 2.0
+        first_step_threshold 0.00002
+        max_frequency 900000000
+        clock_servo pi
+        sanity_freq_limit 200000000
+        ntpshm_segment 0
+        #
+        # Transport options
+        #
+        transportSpecific 0x0
+        ptp_dst_mac 01:1B:19:00:00:00
+        p2p_dst_mac 01:80:C2:00:00:0E
+        udp_ttl 1
+        udp6_scope 0x0E
+        uds_address /var/run/ptp4l
+        #
+        # Default interface options
+        #
+        clock_type BC
+        network_transport L2
+        delay_mechanism E2E
+        time_stamping hardware
+        tsproc_mode filter
+        delay_filter moving_median
+        delay_filter_length 10
+        egressLatency 0
+        ingressLatency 0
+        boundary_clock_jbod 0
+        #
+        # Clock description
+        #
+        productDescription ;;
+        revisionData ;;
+        manufacturerIdentity 00:00:00
+        userDescription ;
+        timeSource 0xA0
+  recommend:
+    - profile: "boundary"
+      priority: 4
+      match:
+        - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/ztp_PtpConfigGmWpc.yaml b/snippets/ztp_PtpConfigGmWpc.yaml
new file mode 100644
index 000000000000..517baff9d9ef
--- /dev/null
+++ b/snippets/ztp_PtpConfigGmWpc.yaml
@@ -0,0 +1,212 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: grandmaster
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  profile:
+    - name: "grandmaster"
+      ptp4lOpts: "-2 --summary_interval -4"
+      phc2sysOpts: -r -u 0 -m -O -37 -N 8 -R 16 -s $iface_master -n 24
+      ptpSchedulingPolicy: SCHED_FIFO
+      ptpSchedulingPriority: 10
+      ptpSettings:
+        logReduce: "true"
+      plugins:
+        e810:
+          enableDefaultConfig: false
+          settings:
+            LocalMaxHoldoverOffSet: 1500
+            LocalHoldoverTimeout: 14400
+            MaxInSpecOffset: 100
+          pins: $e810_pins
+          #  "$iface_master":
+          #    "U.FL2": "0 2"
+          #    "U.FL1": "0 1"
+          #    "SMA2": "0 2"
+          #    "SMA1": "0 1"
+          ublxCmds:
+            - args: #ubxtool -P 29.20 -z CFG-HW-ANT_CFG_VOLTCTRL,1
+                - "-P"
+                - "29.20"
+                - "-z"
+                - "CFG-HW-ANT_CFG_VOLTCTRL,1"
+              reportOutput: false
+            - args: #ubxtool -P 29.20 -e GPS
+                - "-P"
+                - "29.20"
+                - "-e"
+                - "GPS"
+              reportOutput: false
+            - args: #ubxtool -P 29.20 -d Galileo
+                - "-P"
+                - "29.20"
+                - "-d"
+                - "Galileo"
+              reportOutput: false
+            - args: #ubxtool -P 29.20 -d GLONASS
+                - "-P"
+                - "29.20"
+                - "-d"
+                - "GLONASS"
+              reportOutput: false
+            - args: #ubxtool -P 29.20 -d BeiDou
+                - "-P"
+                - "29.20"
+                - "-d"
+                - "BeiDou"
+              reportOutput: false
+            - args: #ubxtool -P 29.20 -d SBAS
+                - "-P"
+                - "29.20"
+                - "-d"
+                - "SBAS"
+              reportOutput: false
+            - args: #ubxtool -P 29.20 -t -w 5 -v 1 -e SURVEYIN,600,50000
+                - "-P"
+                - "29.20"
+                - "-t"
+                - "-w"
+                - "5"
+                - "-v"
+                - "1"
+                - "-e"
+                - "SURVEYIN,600,50000"
+              reportOutput: true
+            - args: #ubxtool -P 29.20 -p MON-HW
+                - "-P"
+                - "29.20"
+                - "-p"
+                - "MON-HW"
+              reportOutput: true
+      ts2phcOpts: " "
+      ts2phcConf: |
+        [nmea]
+        ts2phc.master 1
+        [global]
+        use_syslog  0
+        verbose 1
+        logging_level 7
+        ts2phc.pulsewidth 100000000
+        #GNSS module s /dev/ttyGNSS* -al use _0
+        #cat /dev/ttyGNSS_1700_0 to find available serial port
+        #example value of gnss_serialport is /dev/ttyGNSS_1700_0
+        ts2phc.nmea_serialport $gnss_serialport
+        leapfile  /usr/share/zoneinfo/leap-seconds.list
+        [$iface_master]
+        ts2phc.extts_polarity rising
+        ts2phc.extts_correction 0
+      ptp4lConf: |
+        [$iface_master]
+        masterOnly 1
+        [$iface_master_1]
+        masterOnly 1
+        [$iface_master_2]
+        masterOnly 1
+        [$iface_master_3]
+        masterOnly 1
+        [global]
+        #
+        # Default Data Set
+        #
+        twoStepFlag 1
+        priority1 128
+        priority2 128
+        domainNumber 24
+        #utc_offset 37
+        clockClass 6
+        clockAccuracy 0x27
+        offsetScaledLogVariance 0xFFFF
+        free_running 0
+        freq_est_interval 1
+        dscp_event 0
+        dscp_general 0
+        dataset_comparison G.8275.x
+        G.8275.defaultDS.localPriority 128
+        #
+        # Port Data Set
+        #
+        logAnnounceInterval -3
+        logSyncInterval -4
+        logMinDelayReqInterval -4
+        logMinPdelayReqInterval 0
+        announceReceiptTimeout 3
+        syncReceiptTimeout 0
+        delayAsymmetry 0
+        fault_reset_interval -4
+        neighborPropDelayThresh 20000000
+        masterOnly 0
+        G.8275.portDS.localPriority 128
+        #
+        # Run time options
+        #
+        assume_two_step 0
+        logging_level 6
+        path_trace_enabled 0
+        follow_up_info 0
+        hybrid_e2e 0
+        inhibit_multicast_service 0
+        net_sync_monitor 0
+        tc_spanning_tree 0
+        tx_timestamp_timeout 50
+        unicast_listen 0
+        unicast_master_table 0
+        unicast_req_duration 3600
+        use_syslog 1
+        verbose 0
+        summary_interval -4
+        kernel_leap 1
+        check_fup_sync 0
+        clock_class_threshold 7
+        #
+        # Servo Options
+        #
+        pi_proportional_const 0.0
+        pi_integral_const 0.0
+        pi_proportional_scale 0.0
+        pi_proportional_exponent -0.3
+        pi_proportional_norm_max 0.7
+        pi_integral_scale 0.0
+        pi_integral_exponent 0.4
+        pi_integral_norm_max 0.3
+        step_threshold 2.0
+        first_step_threshold 0.00002
+        clock_servo pi
+        sanity_freq_limit  200000000
+        ntpshm_segment 0
+        #
+        # Transport options
+        #
+        transportSpecific 0x0
+        ptp_dst_mac 01:1B:19:00:00:00
+        p2p_dst_mac 01:80:C2:00:00:0E
+        udp_ttl 1
+        udp6_scope 0x0E
+        uds_address /var/run/ptp4l
+        #
+        # Default interface options
+        #
+        clock_type BC
+        network_transport L2
+        delay_mechanism E2E
+        time_stamping hardware
+        tsproc_mode filter
+        delay_filter moving_median
+        delay_filter_length 10
+        egressLatency 0
+        ingressLatency 0
+        boundary_clock_jbod 0
+        #
+        # Clock description
+        #
+        productDescription ;;
+        revisionData ;;
+        manufacturerIdentity 00:00:00
+        userDescription ;
+        timeSource 0x20
+  recommend:
+    - profile: "grandmaster"
+      priority: 4
+      match:
+        - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/ztp_PtpConfigSlave.yaml b/snippets/ztp_PtpConfigSlave.yaml
new file mode 100644
index 000000000000..498ceb067e96
--- /dev/null
+++ b/snippets/ztp_PtpConfigSlave.yaml
@@ -0,0 +1,124 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpConfig
+metadata:
+  name: slave
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  profile:
+    - name: "slave"
+      # The interface name is hardware-specific
+      interface: $interface
+      ptp4lOpts: "-2 -s"
+      phc2sysOpts: "-a -r -n 24"
+      ptpSchedulingPolicy: SCHED_FIFO
+      ptpSchedulingPriority: 10
+      ptpSettings:
+        logReduce: "true"
+      ptp4lConf: |
+        [global]
+        #
+        # Default Data Set
+        #
+        twoStepFlag 1
+        slaveOnly 1
+        priority1 128
+        priority2 128
+        domainNumber 24
+        #utc_offset 37
+        clockClass 255
+        clockAccuracy 0xFE
+        offsetScaledLogVariance 0xFFFF
+        free_running 0
+        freq_est_interval 1
+        dscp_event 0
+        dscp_general 0
+        dataset_comparison G.8275.x
+        G.8275.defaultDS.localPriority 128
+        #
+        # Port Data Set
+        #
+        logAnnounceInterval -3
+        logSyncInterval -4
+        logMinDelayReqInterval -4
+        logMinPdelayReqInterval -4
+        announceReceiptTimeout 3
+        syncReceiptTimeout 0
+        delayAsymmetry 0
+        fault_reset_interval -4
+        neighborPropDelayThresh 20000000
+        masterOnly 0
+        G.8275.portDS.localPriority 128
+        #
+        # Run time options
+        #
+        assume_two_step 0
+        logging_level 6
+        path_trace_enabled 0
+        follow_up_info 0
+        hybrid_e2e 0
+        inhibit_multicast_service 0
+        net_sync_monitor 0
+        tc_spanning_tree 0
+        tx_timestamp_timeout 50
+        unicast_listen 0
+        unicast_master_table 0
+        unicast_req_duration 3600
+        use_syslog 1
+        verbose 0
+        summary_interval 0
+        kernel_leap 1
+        check_fup_sync 0
+        clock_class_threshold 7
+        #
+        # Servo Options
+        #
+        pi_proportional_const 0.0
+        pi_integral_const 0.0
+        pi_proportional_scale 0.0
+        pi_proportional_exponent -0.3
+        pi_proportional_norm_max 0.7
+        pi_integral_scale 0.0
+        pi_integral_exponent 0.4
+        pi_integral_norm_max 0.3
+        step_threshold 2.0
+        first_step_threshold 0.00002
+        max_frequency 900000000
+        clock_servo pi
+        sanity_freq_limit 200000000
+        ntpshm_segment 0
+        #
+        # Transport options
+        #
+        transportSpecific 0x0
+        ptp_dst_mac 01:1B:19:00:00:00
+        p2p_dst_mac 01:80:C2:00:00:0E
+        udp_ttl 1
+        udp6_scope 0x0E
+        uds_address /var/run/ptp4l
+        #
+        # Default interface options
+        #
+        clock_type OC
+        network_transport L2
+        delay_mechanism E2E
+        time_stamping hardware
+        tsproc_mode filter
+        delay_filter moving_median
+        delay_filter_length 10
+        egressLatency 0
+        ingressLatency 0
+        boundary_clock_jbod 0
+        #
+        # Clock description
+        #
+        productDescription ;;
+        revisionData ;;
+        manufacturerIdentity 00:00:00
+        userDescription ;
+        timeSource 0xA0
+  recommend:
+    - profile: "slave"
+      priority: 4
+      match:
+        - nodeLabel: "node-role.kubernetes.io/$mcp"
diff --git a/snippets/ztp_PtpOperatorConfigForEvent.yaml b/snippets/ztp_PtpOperatorConfigForEvent.yaml
new file mode 100644
index 000000000000..6e51e8504bd4
--- /dev/null
+++ b/snippets/ztp_PtpOperatorConfigForEvent.yaml
@@ -0,0 +1,12 @@
+apiVersion: ptp.openshift.io/v1
+kind: PtpOperatorConfig
+metadata:
+  name: default
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  daemonNodeSelector:
+    node-role.kubernetes.io/$mcp: ""
+  ptpEventConfig:
+    enableEventPublisher: true
+    transportHost: "http://ptp-event-publisher-service-NODE_NAME.openshift-ptp.svc.cluster.local:9043"
diff --git a/snippets/ztp_PtpSubscription.yaml b/snippets/ztp_PtpSubscription.yaml
new file mode 100644
index 000000000000..2cd3716b9aeb
--- /dev/null
+++ b/snippets/ztp_PtpSubscription.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: ptp-operator-subscription
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  channel: "stable"
+  name: ptp-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Manual
+status:
+  state: AtLatestKnown
diff --git a/snippets/ztp_PtpSubscriptionNS.yaml b/snippets/ztp_PtpSubscriptionNS.yaml
new file mode 100644
index 000000000000..b4d149c054f1
--- /dev/null
+++ b/snippets/ztp_PtpSubscriptionNS.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-ptp
+  annotations:
+    workload.openshift.io/allowed: management
+  labels:
+    openshift.io/cluster-monitoring: "true"
diff --git a/snippets/ztp_PtpSubscriptionOperGroup.yaml b/snippets/ztp_PtpSubscriptionOperGroup.yaml
new file mode 100644
index 000000000000..fb02c5a11b4a
--- /dev/null
+++ b/snippets/ztp_PtpSubscriptionOperGroup.yaml
@@ -0,0 +1,9 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: ptp-operators
+  namespace: openshift-ptp
+  annotations: {}
+spec:
+  targetNamespaces:
+    - openshift-ptp
diff --git a/snippets/ztp_ReduceMonitoringFootprint.yaml b/snippets/ztp_ReduceMonitoringFootprint.yaml
new file mode 100644
index 000000000000..0e4bbd55c5b3
--- /dev/null
+++ b/snippets/ztp_ReduceMonitoringFootprint.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-monitoring-config
+  namespace: openshift-monitoring
+  annotations: {}
+data:
+  config.yaml: |
+    grafana:
+      enabled: false
+    alertmanagerMain:
+      enabled: false
+    telemeterClient:
+      enabled: false
+    prometheusK8s:
+       retention: 24h
diff --git a/snippets/ztp_ReduceOLMFootprint.yaml b/snippets/ztp_ReduceOLMFootprint.yaml
new file mode 100644
index 000000000000..bc6d024baf9f
--- /dev/null
+++ b/snippets/ztp_ReduceOLMFootprint.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: collect-profiles-config
+  namespace: openshift-operator-lifecycle-manager
+data:
+  pprof-config.yaml: |
+    disabled: True
+    
\ No newline at end of file
diff --git a/snippets/ztp_SriovFecClusterConfig.yaml b/snippets/ztp_SriovFecClusterConfig.yaml
new file mode 100644
index 000000000000..2d9a144ea051
--- /dev/null
+++ b/snippets/ztp_SriovFecClusterConfig.yaml
@@ -0,0 +1,20 @@
+apiVersion: sriovfec.intel.com/v2
+kind: SriovFecClusterConfig
+metadata:
+  name: config
+  namespace: vran-acceleration-operators
+  annotations: {}
+spec:
+  drainSkip: $drainSkip # true if SNO, false by default
+  priority: 1
+  nodeSelector:
+    node-role.kubernetes.io/master: ""
+  acceleratorSelector:
+    pciAddress: $pciAddress
+  physicalFunction:
+    pfDriver: "vfio-pci"
+    vfDriver: "vfio-pci"
+    vfAmount: 16
+    bbDevConfig: $bbDevConfig
+#Recommended configuration for Intel ACC100 (Mount Bryce) FPGA here: https://github.com/smart-edge-open/openshift-operator/blob/main/spec/openshift-sriov-fec-operator.md#sample-cr-for-wireless-fec-acc100
+#Recommended configuration for Intel N3000 FPGA here: https://github.com/smart-edge-open/openshift-operator/blob/main/spec/openshift-sriov-fec-operator.md#sample-cr-for-wireless-fec-n3000
diff --git a/snippets/ztp_SriovNetwork.yaml b/snippets/ztp_SriovNetwork.yaml
new file mode 100644
index 000000000000..c93053a891f3
--- /dev/null
+++ b/snippets/ztp_SriovNetwork.yaml
@@ -0,0 +1,18 @@
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetwork
+metadata:
+  name: ""
+  namespace: openshift-sriov-network-operator
+  annotations: {}
+spec:
+  #  resourceName: ""
+  networkNamespace: openshift-sriov-network-operator
+#  vlan: ""
+#  spoofChk: ""
+#  ipam: ""
+#  linkState: ""
+#  maxTxRate: ""
+#  minTxRate: ""
+#  vlanQoS: ""
+#  trust: ""
+#  capabilities: ""
diff --git a/snippets/ztp_SriovNetworkNodePolicy.yaml b/snippets/ztp_SriovNetworkNodePolicy.yaml
new file mode 100644
index 000000000000..8a8dedde903b
--- /dev/null
+++ b/snippets/ztp_SriovNetworkNodePolicy.yaml
@@ -0,0 +1,20 @@
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+  name: $name
+  namespace: openshift-sriov-network-operator
+  annotations: {}
+spec:
+  # The attributes for Mellanox/Intel based NICs as below.
+  #     deviceType: netdevice/vfio-pci
+  #     isRdma: true/false
+  deviceType: $deviceType
+  isRdma: $isRdma
+  nicSelector:
+    # The exact physical function name must match the hardware used
+    pfNames: [$pfNames]
+  nodeSelector:
+    node-role.kubernetes.io/$mcp: ""
+  numVfs: $numVfs
+  priority: $priority
+  resourceName: $resourceName
diff --git a/snippets/ztp_SriovOperatorConfig.yaml b/snippets/ztp_SriovOperatorConfig.yaml
new file mode 100644
index 000000000000..fafae3ee7df6
--- /dev/null
+++ b/snippets/ztp_SriovOperatorConfig.yaml
@@ -0,0 +1,25 @@
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovOperatorConfig
+metadata:
+  name: default
+  namespace: openshift-sriov-network-operator
+  annotations: {}
+spec:
+  configDaemonNodeSelector:
+    "node-role.kubernetes.io/$mcp": ""
+  # Injector and OperatorWebhook pods can be disabled (set to "false") below
+  # to reduce the number of management pods. It is recommended to start with the 
+  # webhook and injector pods enabled, and only disable them after verifying the
+  # correctness of user manifests.
+  #   If the injector is disabled, containers using sr-iov resources must explicitly assign
+  #   them in the  "requests"/"limits" section of the container spec, for example:
+  #    containers:
+  #    - name: my-sriov-workload-container
+  #      resources:
+  #        limits:
+  #          openshift.io/<resource_name>:  "1"
+  #        requests:
+  #          openshift.io/<resource_name>:  "1"
+  enableInjector: true
+  enableOperatorWebhook: true
+  logLevel: 0
diff --git a/snippets/ztp_SriovSubscription.yaml b/snippets/ztp_SriovSubscription.yaml
new file mode 100644
index 000000000000..cd341a27a61e
--- /dev/null
+++ b/snippets/ztp_SriovSubscription.yaml
@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: sriov-network-operator-subscription
+  namespace: openshift-sriov-network-operator
+  annotations: {}
+spec:
+  channel: "stable"
+  name: sriov-network-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Manual
+status:
+  state: AtLatestKnown
diff --git a/snippets/ztp_SriovSubscriptionNS.yaml b/snippets/ztp_SriovSubscriptionNS.yaml
new file mode 100644
index 000000000000..0071359bb25e
--- /dev/null
+++ b/snippets/ztp_SriovSubscriptionNS.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-sriov-network-operator
+  annotations:
+    workload.openshift.io/allowed: management
diff --git a/snippets/ztp_SriovSubscriptionOperGroup.yaml b/snippets/ztp_SriovSubscriptionOperGroup.yaml
new file mode 100644
index 000000000000..a57098fd93cf
--- /dev/null
+++ b/snippets/ztp_SriovSubscriptionOperGroup.yaml
@@ -0,0 +1,9 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: sriov-network-operators
+  namespace: openshift-sriov-network-operator
+  annotations: {}
+spec:
+  targetNamespaces:
+    - openshift-sriov-network-operator
diff --git a/snippets/ztp_StorageClass.yaml b/snippets/ztp_StorageClass.yaml
new file mode 100644
index 000000000000..e18f6d9e3232
--- /dev/null
+++ b/snippets/ztp_StorageClass.yaml
@@ -0,0 +1,7 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  annotations: {}
+  name: example-storage-class
+provisioner: kubernetes.io/no-provisioner
+reclaimPolicy: Delete
diff --git a/snippets/ztp_StorageLV.yaml b/snippets/ztp_StorageLV.yaml
new file mode 100644
index 000000000000..9c0e7625fac9
--- /dev/null
+++ b/snippets/ztp_StorageLV.yaml
@@ -0,0 +1,58 @@
+apiVersion: "local.storage.openshift.io/v1"
+kind: "LocalVolume"
+metadata:
+  name: "local-disks"
+  namespace: "openshift-local-storage"
+  annotations: {}
+spec:
+  logLevel: Normal
+  managementState: Managed
+  storageClassDevices:
+    # The list of storage classes and associated devicePaths need to be specified like this example:
+    - storageClassName: "example-storage-class"
+      volumeMode: Filesystem
+      fsType: xfs
+      # The below must be adjusted to the hardware.
+      # For stability and reliability, it's recommended to use persistent
+      # naming conventions for devicePaths, such as /dev/disk/by-path.
+      devicePaths:
+        - /dev/disk/by-path/pci-0000:05:00.0-nvme-1
+#---
+## How to verify
+## 1. Create a PVC
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: local-pvc-name 
+# spec:
+#   accessModes:
+#   - ReadWriteOnce
+#   volumeMode: Filesystem 
+#   resources:
+#     requests:
+#       storage: 100Gi 
+#   storageClassName: example-storage-class
+#---
+## 2. Create a pod that mounts it
+# apiVersion: v1
+# kind: Pod
+# metadata:
+#   labels:
+#     run: busybox
+#   name: busybox
+# spec:
+#   containers:
+#   - image: quay.io/quay/busybox:latest
+#     name: busybox
+#     resources: {}
+#     command: ["/bin/sh", "-c", "sleep infinity"]
+#     volumeMounts:
+#     - name: local-pvc 
+#       mountPath: /data
+#   volumes:
+#   - name: local-pvc
+#     persistentVolumeClaim:
+#       claimName: local-pvc-name
+#   dnsPolicy: ClusterFirst
+#   restartPolicy: Always
+## 3. Run the pod on the cluster and verify the size and access of the `/data` mount
diff --git a/snippets/ztp_StorageLVMCluster.yaml b/snippets/ztp_StorageLVMCluster.yaml
new file mode 100644
index 000000000000..b37664026423
--- /dev/null
+++ b/snippets/ztp_StorageLVMCluster.yaml
@@ -0,0 +1,16 @@
+apiVersion: lvm.topolvm.io/v1alpha1
+kind: LVMCluster
+metadata:
+  name: odf-lvmcluster
+  namespace: openshift-storage
+spec:
+  storage:
+    deviceClasses:
+    - name: vg1
+      deviceSelector:
+        paths:
+        - /usr/disk/by-path/pci-0000:11:00.0-nvme-1
+      thinPoolConfig:
+        name: thin-pool-1
+        overprovisionRatio: 10
+        sizePercent: 90
diff --git a/snippets/ztp_StorageNS.yaml b/snippets/ztp_StorageNS.yaml
new file mode 100644
index 000000000000..a9ebbc39b914
--- /dev/null
+++ b/snippets/ztp_StorageNS.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-local-storage
+  annotations:
+    workload.openshift.io/allowed: management
diff --git a/snippets/ztp_StorageOperGroup.yaml b/snippets/ztp_StorageOperGroup.yaml
new file mode 100644
index 000000000000..a2ecf2220f79
--- /dev/null
+++ b/snippets/ztp_StorageOperGroup.yaml
@@ -0,0 +1,9 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-local-storage
+  namespace: openshift-local-storage
+  annotations: {}
+spec:
+  targetNamespaces:
+    - openshift-local-storage
diff --git a/snippets/ztp_StorageSubscription.yaml b/snippets/ztp_StorageSubscription.yaml
new file mode 100644
index 000000000000..68feca8c3018
--- /dev/null
+++ b/snippets/ztp_StorageSubscription.yaml
@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: local-storage-operator
+  namespace: openshift-local-storage
+  annotations: {}
+spec:
+  channel: "stable"
+  name: local-storage-operator
+  source: redhat-operators-disconnected
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Manual
+status:
+  state: AtLatestKnown
diff --git a/snippets/ztp_TunedPerformancePatch.yaml b/snippets/ztp_TunedPerformancePatch.yaml
new file mode 100644
index 000000000000..f7e8d90732e1
--- /dev/null
+++ b/snippets/ztp_TunedPerformancePatch.yaml
@@ -0,0 +1,31 @@
+apiVersion: tuned.openshift.io/v1
+kind: Tuned
+metadata:
+  name: performance-patch
+  namespace: openshift-cluster-node-tuning-operator
+  annotations: {}
+spec:
+  profile:
+    - name: performance-patch
+      # Please note:
+      # - The 'include' line must match the associated PerformanceProfile name, following below pattern
+      #   include=openshift-node-performance-${PerformanceProfile.metadata.name}
+      # - When using the standard (non-realtime) kernel, remove the kernel.timer_migration override from
+      #   the [sysctl] section and remove the entire section if it is empty.
+      data: |
+        [main]
+        summary=Configuration changes profile inherited from performance created tuned
+        include=openshift-node-performance-openshift-node-performance-profile
+        [sysctl]
+        kernel.timer_migration=1
+        [scheduler]
+        group.ice-ptp=0:f:10:*:ice-ptp.*
+        group.ice-gnss=0:f:10:*:ice-gnss.*
+        [service]
+        service.stalld=start,enable
+        service.chronyd=stop,disable
+  recommend:
+    - machineConfigLabels:
+        machineconfiguration.openshift.io/role: "$mcp"
+      priority: 19
+      profile: performance-patch
diff --git a/snippets/ztp_enable-crun-master.yaml b/snippets/ztp_enable-crun-master.yaml
new file mode 100644
index 000000000000..84091e0f0926
--- /dev/null
+++ b/snippets/ztp_enable-crun-master.yaml
@@ -0,0 +1,10 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: ContainerRuntimeConfig
+metadata:
+  name: enable-crun-master
+spec:
+  machineConfigPoolSelector:
+    matchLabels:
+      pools.operator.machineconfiguration.openshift.io/master: ""
+  containerRuntimeConfig:
+    defaultRuntime: crun
diff --git a/snippets/ztp_enable-crun-worker.yaml b/snippets/ztp_enable-crun-worker.yaml
new file mode 100644
index 000000000000..ee8621ad3049
--- /dev/null
+++ b/snippets/ztp_enable-crun-worker.yaml
@@ -0,0 +1,10 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: ContainerRuntimeConfig
+metadata:
+  name: enable-crun-worker
+spec:
+  machineConfigPoolSelector:
+    matchLabels:
+      pools.operator.machineconfiguration.openshift.io/worker: ""
+  containerRuntimeConfig:
+    defaultRuntime: crun
diff --git a/snippets/ztp_example-sno.yaml b/snippets/ztp_example-sno.yaml
new file mode 100644
index 000000000000..730a8aa74ec5
--- /dev/null
+++ b/snippets/ztp_example-sno.yaml
@@ -0,0 +1,106 @@
+# example-node1-bmh-secret & assisted-deployment-pull-secret need to be created under same namespace example-sno
+---
+apiVersion: ran.openshift.io/v1
+kind: SiteConfig
+metadata:
+  name: "example-sno"
+  namespace: "example-sno"
+spec:
+  baseDomain: "example.com"
+  pullSecretRef:
+    name: "assisted-deployment-pull-secret"
+  clusterImageSetNameRef: "openshift-4.10"
+  sshPublicKey: "ssh-rsa AAAA..."
+  clusters:
+    - clusterName: "example-sno"
+      networkType: "OVNKubernetes"
+      # installConfigOverrides is a generic way of passing install-config
+      # parameters through the siteConfig.  The 'capabilities' field configures
+      # the composable openshift feature.  In this 'capabilities' setting, we
+      # remove all but the marketplace component from the optional set of
+      # components.
+      # Notes:
+      # - NodeTuning is needed for 4.13 and later, not for 4.12 and earlier
+      installConfigOverrides: '{"capabilities":{"baselineCapabilitySet": "None", "additionalEnabledCapabilities": [ "marketplace", "NodeTuning" ] }}'
+      # It is strongly recommended to include crun manifests as part of the additional install-time manifests for 4.13+.
+      # The crun manifests can be obtained from source-crs/optional-extra-manifest/ and added to the git repo ie.sno-extra-manifest.
+      # extraManifestPath: sno-extra-manifest
+      clusterLabels:
+        # These example cluster labels correspond to the bindingRules in the PolicyGenTemplate examples
+        du-profile: "4.14"
+        # These example cluster labels correspond to the bindingRules in the PolicyGenTemplate examples in ../policygentemplates:
+        # ../policygentemplates/common-ranGen.yaml will apply to all clusters with 'common: true'
+        common: true
+        # ../policygentemplates/group-du-sno-ranGen.yaml will apply to all clusters with 'group-du-sno: ""'
+        group-du-sno: ""
+        # ../policygentemplates/example-sno-site.yaml will apply to all clusters with 'sites: "example-sno"'
+        # Normally this should match or contain the cluster name so it only applies to a single cluster
+        sites: "example-sno"
+      clusterNetwork:
+        - cidr: 1001:1::/48
+          hostPrefix: 64
+      machineNetwork:
+        - cidr: 1111:2222:3333:4444::/64
+      serviceNetwork:
+        - 1001:2::/112
+      additionalNTPSources:
+        - 1111:2222:3333:4444::2
+      # Initiates the cluster for workload partitioning. Setting specific reserved/isolated CPUSets is done via PolicyTemplate
+      # please see Workload Partitioning Feature for a complete guide.
+      cpuPartitioningMode: AllNodes
+      # Optionally; This can be used to override the KlusterletAddonConfig that is created for this cluster:
+      #crTemplates:
+      #  KlusterletAddonConfig: "KlusterletAddonConfigOverride.yaml"
+      nodes:
+        - hostName: "example-node1.example.com"
+          role: "master"
+          # Optionally; This can be used to configure desired BIOS setting on a host:
+          #biosConfigRef:
+          #  filePath: "example-hw.profile"
+          bmcAddress: "idrac-virtualmedia+https://[1111:2222:3333:4444::bbbb:1]/redfish/v1/Systems/System.Embedded.1"
+          bmcCredentialsName:
+            name: "example-node1-bmh-secret"
+          bootMACAddress: "AA:BB:CC:DD:EE:11"
+          # Use UEFISecureBoot to enable secure boot
+          bootMode: "UEFI"
+          rootDeviceHints:
+            wwn: "0x11111000000asd123"
+            # example of diskPartition below is used for image registry (check ImageRegistry.md for more details), but it's not limited to this use case
+          #        diskPartition:
+          #          - device: /dev/disk/by-id/wwn-0x11111000000asd123 # match rootDeviceHints
+          #            partitions:
+          #              - mount_point: /var/imageregistry
+          #                size: 102500
+          #                start: 344844
+
+          nodeNetwork:
+            interfaces:
+              - name: eno1
+                macAddress: "AA:BB:CC:DD:EE:11"
+            config:
+              interfaces:
+                - name: eno1
+                  type: ethernet
+                  state: up
+                  ipv4:
+                    enabled: false
+                  ipv6:
+                    enabled: true
+                    address:
+                      # For SNO sites with static IP addresses, the node-specific,
+                      # API and Ingress IPs should all be the same and configured on
+                      # the interface
+                      - ip: 1111:2222:3333:4444::aaaa:1
+                        prefix-length: 64
+              dns-resolver:
+                config:
+                  search:
+                    - example.com
+                  server:
+                    - 1111:2222:3333:4444::2
+              routes:
+                config:
+                  - destination: ::/0
+                    next-hop-interface: eno1
+                    next-hop-address: 1111:2222:3333:4444::1
+                    table-id: 254
diff --git a/storage/container_storage_interface/ephemeral-storage-csi-inline.adoc b/storage/container_storage_interface/ephemeral-storage-csi-inline.adoc
index 6915b1fbe859..1ab952de8df0 100644
--- a/storage/container_storage_interface/ephemeral-storage-csi-inline.adoc
+++ b/storage/container_storage_interface/ephemeral-storage-csi-inline.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ephemeral-storage-csi-inline"]
 = CSI inline ephemeral volumes
 include::_attributes/common-attributes.adoc[]
@@ -11,8 +11,10 @@ toc::[]
 Container Storage Interface (CSI) inline ephemeral volumes allow you to define a `Pod` spec that creates inline ephemeral volumes when a pod is deployed and delete them when a pod is destroyed.
 
 This feature is only available with supported Container Storage Interface (CSI) drivers:
+
 * Shared Resource CSI driver
 * Azure File CSI driver
+* {secrets-store-driver}
 
 include::modules/ephemeral-storage-csi-inline-overview.adoc[leveloffset=+1]
 
diff --git a/storage/container_storage_interface/ephemeral-storage-shared-resource-csi-driver-operator.adoc b/storage/container_storage_interface/ephemeral-storage-shared-resource-csi-driver-operator.adoc
index c551a688c308..8a202a256b43 100644
--- a/storage/container_storage_interface/ephemeral-storage-shared-resource-csi-driver-operator.adoc
+++ b/storage/container_storage_interface/ephemeral-storage-shared-resource-csi-driver-operator.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ephemeral-storage-shared-resource-csi-driver-operator"]
 = Shared Resource CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
@@ -40,4 +40,4 @@ include::modules/ephemeral-storage-integration-between-shared-resources-insights
 .Additional resources
 
 * xref:../../support/remote_health_monitoring/insights-operator-simple-access.adoc#insights-operator-simple-access[Importing simple content access certificates with Insights Operator]
-* xref:../../cicd/builds/running-entitled-builds.html#builds-source-secrets-entitlements_running-entitled-builds[Adding subscription entitlements as a build secret]
+* xref:../../cicd/builds/running-entitled-builds.adoc#builds-source-secrets-entitlements_running-entitled-builds[Adding subscription entitlements as a build secret]
diff --git a/storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc b/storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
index 8eab7664b6ba..4e68c0219b6d 100644
--- a/storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
+++ b/storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-persistent-storage-aws-efs-csi"]
 = Setting up AWS Elastic File Service CSI Driver Operator
 include::_attributes//attributes-openshift-dedicated.adoc[]
@@ -9,14 +9,14 @@ toc::[]
 
 [IMPORTANT]
 ====
-This procedure is specific to the Amazon Web Services Elastic File System (AWS EFS) CSI Driver Operator, which is only applicable for {product-title} 4.10 and later versions.
+This procedure is specific to the link:https://github.com/openshift/aws-efs-csi-driver-operator[AWS EFS CSI Driver Operator] (a Red Hat operator), which is only applicable for {product-title} 4.10 and later versions.
 ====
 
 == Overview
 
-{product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for AWS Elastic File Service (EFS).
+{product-title} is capable of provisioning persistent volumes (PVs) using the link:https://github.com/openshift/aws-efs-csi-driver[AWS EFS CSI driver].
 
-Familiarity with link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/storage/index#persistent-storage-overview_understanding-persistent-storage[persistent storage] and link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/storage/index#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI Operator and driver.
+Familiarity with link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/storage/index#persistent-storage-overview_understanding-persistent-storage[persistent storage] and link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/storage/index#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI Operator and driver.
 
 After installing the AWS EFS CSI Driver Operator, {product-title} installs the AWS EFS CSI Operator and the AWS EFS CSI driver by default in the `openshift-cluster-csi-drivers` namespace. This allows the AWS EFS CSI Driver Operator to create CSI-provisioned PVs that mount to AWS EFS assets.
 
@@ -28,7 +28,7 @@ This eliminates the need for cluster administrators to pre-provision storage.
 
 [NOTE]
 ====
-AWS EFS only supports regional volumes, not zonal volumes.
+Amazon Elastic File Storage (Amazon EFS) only supports regional volumes, not zonal volumes.
 ====
 
 include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
@@ -39,7 +39,7 @@ include::modules/persistent-storage-efs-csi-driver-operator-setup.adoc[leveloffs
 include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
 .Next steps
 ifdef::openshift-rosa[]
-* If you are using {FeatureName} with AWS Secure Token Service (STS), you must configure the {FeatureName} CSI Driver with STS. For more information, see xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-sts_osd-persistent-storage-aws-efs-csi[Configuring {FeatureName} CSI Driver with STS].
+* If you are using Amazon EFS with AWS Secure Token Service (STS), you must configure the {FeatureName} CSI driver with STS. For more information, see xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-sts_osd-persistent-storage-aws-efs-csi[Configuring {FeatureName} CSI Driver with STS].
 endif::openshift-rosa[]
 ifdef::openshift-dedicated[]
 * xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#persistent-storage-csi-efs-driver-install_osd-persistent-storage-aws-efs-csi[Installing the {FeatureName} CSI Driver]
@@ -65,17 +65,17 @@ include::modules/storage-create-storage-class-cli.adoc[leveloffset=+2]
 include::modules/persistent-storage-csi-efs-create-volume.adoc[leveloffset=+1]
 
 include::modules/persistent-storage-csi-dynamic-provisioning-aws-efs.adoc[leveloffset=+1]
-If you have problems setting up dynamic provisioning, see xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-troubleshooting_osd-persistent-storage-aws-efs-csi[{FeatureName} troubleshooting].
+If you have problems setting up dynamic provisioning, see xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-troubleshooting_osd-persistent-storage-aws-efs-csi[Amazon Elastic File Storage troubleshooting].
 [role="_additional-resources"]
 .Additional resources
-* xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-create-volume_osd-persistent-storage-aws-efs-csi[Creating and configuring access to {FeatureName} volume(s)]
+* xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-create-volume_osd-persistent-storage-aws-efs-csi[Creating and configuring access to Amazon EFS volume(s)]
 * xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#storage-create-storage-class_osd-persistent-storage-aws-efs-csi[Creating the {FeatureName} storage class]
 
 // Undefine {StorageClass} attribute, so that any mistakes are easily spotted
 :!StorageClass:
 
 include::modules/persistent-storage-csi-efs-static-pv.adoc[leveloffset=+1]
-If you have problems setting up static PVs, see xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-troubleshooting_osd-persistent-storage-aws-efs-csi[{FeatureName} troubleshooting].
+If you have problems setting up static PVs, see xref:../../storage/container_storage_interface/osd-persistent-storage-aws-efs-csi.adoc#efs-troubleshooting_osd-persistent-storage-aws-efs-csi[Amazon Elastic File Storage troubleshooting].
 
 include::modules/persistent-storage-csi-efs-security.adoc[leveloffset=+1]
 
@@ -87,5 +87,5 @@ include::modules/persistent-storage-csi-olm-operator-uninstall.adoc[leveloffset=
 [role="_additional-resources"]
 == Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/storage/index#persistent-storage-csi[Configuring CSI volumes]
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/storage/index#persistent-storage-csi[Configuring CSI volumes]
 
diff --git a/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc b/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
index 8d1853534776..aeb48aa84b66 100644
--- a/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-aws-efs"]
 = AWS Elastic File Service CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
@@ -32,16 +32,20 @@ include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 :FeatureName: AWS EFS
 include::modules/persistent-storage-efs-csi-driver-operator-setup.adoc[leveloffset=+1]
 
-include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
-.Next steps
-* If you are using {FeatureName} with AWS Secure Token Service (STS), you must configure the {FeatureName} CSI Driver with STS. For more information, see xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#efs-sts_persistent-storage-csi-aws-efs[Configuring AWS EFS CSI Driver with STS].
-
+ifdef::openshift-rosa,openshift-enterprise[]
 include::modules/persistent-storage-csi-efs-sts.adoc[leveloffset=+2]
+
+xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver Operator].
 [role="_additional-resources"]
 .Additional resources
 * xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Installing the AWS EFS CSI Driver Operator]
-* xref:../../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#cco-ccoctl-configuring_cco-mode-sts[Configuring the Cloud Credential Operator utility]
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
 * xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Installing the {FeatureName} CSI Driver]
+endif::[]
+
+include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
+
+xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver].
 
 include::modules/persistent-storage-csi-efs-driver-install.adoc[leveloffset=+2]
 
diff --git a/storage/container_storage_interface/persistent-storage-csi-azure-file.adoc b/storage/container_storage_interface/persistent-storage-csi-azure-file.adoc
index 8ea4319fcf8d..91000417b36b 100644
--- a/storage/container_storage_interface/persistent-storage-csi-azure-file.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-azure-file.adoc
@@ -17,16 +17,16 @@ To create CSI-provisioned PVs that mount to Azure File storage assets, {product-
 
 * The _Azure File CSI driver_ enables you to create and mount Azure File PVs. The Azure File CSI driver supports dynamic volume provisioning by allowing storage volumes to be created on-demand, eliminating the need for cluster administrators to pre-provision storage.
 
-Azure File CSI Driver Operator does not support:
+Azure File CSI Driver Operator does _not_ support:
 
 * Virtual hard disks (VHD)
 
-* Network File System (NFS): {product-title} does not deploy a NFS-backed storage class.
-
-* Running on nodes with FIPS mode enabled.
+* Running on nodes with Federal Information Processing Standard (FIPS) mode enabled for Server Message Block (SMB) file share. However, Network File System (NFS) does support FIPS mode.
 
 For more information about supported features, see xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#csi-drivers-supported_persistent-storage-csi[Supported CSI drivers and features].
 
+include::modules/persistent-storage-csi-azure-file-nfs.adoc[leveloffset=+1]
+
 include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/storage/container_storage_interface/persistent-storage-csi-azure-stack-hub.adoc b/storage/container_storage_interface/persistent-storage-csi-azure-stack-hub.adoc
index 09634be5614b..390298dd3d7e 100644
--- a/storage/container_storage_interface/persistent-storage-csi-azure-stack-hub.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-azure-stack-hub.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-azure-stack-hub"]
 = Azure Stack Hub CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-azure.adoc b/storage/container_storage_interface/persistent-storage-csi-azure.adoc
index 915f13b83965..85f876973a4a 100644
--- a/storage/container_storage_interface/persistent-storage-csi-azure.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-azure-disk"]
 = Azure Disk CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-cinder.adoc b/storage/container_storage_interface/persistent-storage-csi-cinder.adoc
index a345d9af4885..2c275e92dd56 100644
--- a/storage/container_storage_interface/persistent-storage-csi-cinder.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-cinder.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-cinder"]
 = OpenStack Cinder CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-cloning.adoc b/storage/container_storage_interface/persistent-storage-csi-cloning.adoc
index 690dd886fb75..a95f2d838cb8 100644
--- a/storage/container_storage_interface/persistent-storage-csi-cloning.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-cloning.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-cloning"]
 = CSI volume cloning
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-ebs.adoc b/storage/container_storage_interface/persistent-storage-csi-ebs.adoc
index d6edbc58bd3d..43323d0ce8ca 100644
--- a/storage/container_storage_interface/persistent-storage-csi-ebs.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-ebs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-ebs"]
 = AWS Elastic Block Store CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
@@ -8,13 +8,13 @@ toc::[]
 
 == Overview
 
-{product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for AWS Elastic Block Store (EBS).
+{product-title} is capable of provisioning persistent volumes (PVs) using the link:https://github.com/openshift/aws-ebs-csi-driver[AWS EBS CSI driver].
 
 Familiarity with xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] and xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[configuring CSI volumes] is recommended when working with a Container Storage Interface (CSI) Operator and driver.
 
-To create CSI-provisioned PVs that mount to AWS EBS storage assets, {product-title} installs the AWS EBS CSI Driver Operator and the AWS EBS CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
+To create CSI-provisioned PVs that mount to AWS EBS storage assets, {product-title} installs the link:https://github.com/openshift/aws-ebs-csi-driver-operator[AWS EBS CSI Driver Operator] (a Red Hat operator) and the AWS EBS CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
 
-* The _AWS EBS CSI Driver Operator_ provides a StorageClass by default that you can use to create PVCs. You can disable this default storage class if desired (see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]). You also have the option to create the AWS EBS StorageClass as described in xref:../../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-aws[Persistent storage using AWS Elastic Block Store]. 
+* The _AWS EBS CSI Driver Operator_ provides a StorageClass by default that you can use to create PVCs. You can disable this default storage class if desired (see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]). You also have the option to create the AWS EBS StorageClass as described in xref:../../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-aws[Persistent storage using Amazon Elastic Block Store].
 
 * The _AWS EBS CSI driver_ enables you to create and mount AWS EBS PVs.
 
@@ -29,10 +29,10 @@ include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 
 [IMPORTANT]
 ====
-{product-title} defaults to using the CSI plugin to provision AWS EBS storage.
+{product-title} defaults to using the CSI plugin to provision Amazon Elastic Block Store (Amazon EBS) storage.
 ====
 
-For information about dynamically provisioning AWS EBS persistent volumes in {product-title}, see xref:../../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-aws[Persistent storage using AWS Elastic Block Store].
+For information about dynamically provisioning AWS EBS persistent volumes in {product-title}, see xref:../../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-aws[Persistent storage using Amazon Elastic Block Store].
 
 ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/persistent-storage-byok.adoc[leveloffset=+1]
@@ -42,10 +42,10 @@ include::modules/persistent-storage-byok.adoc[leveloffset=+1]
 If there is no encrypted key defined in the storage class, only set `encrypted: "true"` in the storage class. The AWS EBS CSI driver uses the AWS managed alias/aws/ebs, which is created by Amazon EBS automatically in each region by default to encrypt provisioned storage volumes. In addition, the managed storage classes all have the `encrypted: "true"` setting.
 ====
 
-For information about installing with user-managed encryption for AWS EBS, see xref:../../installing/installing_aws/installing-aws-customizations.adoc#installation-configuration-parameters_installing-aws-customizations[Installation configuration parameters].
+For information about installing with user-managed encryption for Amazon EBS, see xref:../../installing/installing_aws/installing-aws-customizations.adoc#installation-configuration-parameters_installing-aws-customizations[Installation configuration parameters].
 endif::openshift-rosa,openshift-dedicated[]
 
 [role="_additional-resources"]
-== Additional resources
-* xref:../../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-aws[Persistent storage using AWS Elastic Block Store]
+.Additional resources
+* xref:../../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-aws[Persistent storage using Amazon Elastic Block Store]
 * xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Configuring CSI volumes]
diff --git a/storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc b/storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc
index d2ae0e615157..689da5c5b191 100644
--- a/storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-gcp-pd"]
 = GCP PD CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc b/storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc
index d73114b13c6c..a8c2a88363fa 100644
--- a/storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc
@@ -12,9 +12,6 @@ toc::[]
 
 {product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for Google Compute Platform (GCP) Filestore Storage.
 
-:FeatureName: GCP Filestore CSI Driver Operator
-include::snippets/technology-preview.adoc[leveloffset=+1]
-
 Familiarity with xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] and xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI Operator and driver.
 
 To create CSI-provisioned PVs that mount to GCP Filestore Storage assets, you install the GCP Filestore CSI Driver Operator and the GCP Filestore CSI driver in the `openshift-cluster-csi-drivers` namespace.
@@ -30,7 +27,7 @@ include::modules/persistent-storage-csi-gcp-file-install.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 * link:https://cloud.google.com/endpoints/docs/openapi/enable-api[Enabling an API in your Google Cloud].
-* link:https://support.google.com/googleapi/answer/6158841?hl=en[Enablilng an API using the Google Cloud web console].
+* link:https://support.google.com/googleapi/answer/6158841?hl=en[Enabling an API using the Google Cloud web console].
 
 include::modules/persistent-storage-csi-google-cloud-file-create-sc.adoc[leveloffset=+1]
 
diff --git a/storage/container_storage_interface/persistent-storage-csi-ibm-powervs-block.adoc b/storage/container_storage_interface/persistent-storage-csi-ibm-powervs-block.adoc
index 4da40b68b4e8..d65b1148eeb1 100644
--- a/storage/container_storage_interface/persistent-storage-csi-ibm-powervs-block.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-ibm-powervs-block.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-ibm-powervs-block"]
-= {ibmpowerProductName} Virtual Server Block CSI Driver Operator
+= {ibm-power-server-title} Block CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
 :context: persistent-storage-csi-ibm-powervs-block
 
@@ -9,23 +9,23 @@ toc::[]
 [id="persistent-storage-csi-ibm-powervs-block-introduction_{context}"]
 == Introduction
 
-The IBM Power Virtual Server Block CSI Driver will be installed through IBM Power Virtual Server Block CSI Driver Operator and the operator is based on libarary-go. The OpenShift library-go is a collection of functions that allow us to build OpenShift operators easily. Most of the functionality of a CSI driver operator is already available there. The IBM Power Virtual Server Block CSI Driver Operator is installed by the cluster-storage-operator. The Cluster-storage-operator installs the IBM Power Virtual Server Block CSI Driver Operator if the Platform type is Power Virtual Servers.
+The {ibm-power-server-name} Block CSI Driver will be installed through {ibm-power-server-name} Block CSI Driver Operator and the operator is based on libarary-go. The OpenShift library-go is a collection of functions that allow us to build OpenShift operators easily. Most of the functionality of a CSI driver operator is already available there. The {ibm-power-server-name} Block CSI Driver Operator is installed by the cluster-storage-operator. The Cluster-storage-operator installs the {ibm-power-server-name} Block CSI Driver Operator if the Platform type is Power Virtual Servers.
 
 [id="persistent-storage-csi-ibm-powervs-block-overview_{context}"]
 == Overview
 
-{product-title} can provision persistent volumes (PVs) by using the Container Storage Interface (CSI) driver for {ibmpowerProductName} Virtual Server Block Storage.
+{product-title} can provision persistent volumes (PVs) by using the Container Storage Interface (CSI) driver for {ibm-power-server-name} Block Storage.
 
-:FeatureName: {ibmpowerProductName} Virtual Server Block CSI Driver Operator
+:FeatureName: {ibm-power-server-title} Block CSI Driver Operator
 include::snippets/technology-preview.adoc[leveloffset=+1]
 
 Familiarity with xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] and xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[configuring CSI volumes] is helpful when working with a CSI Operator and driver.
 
-To create CSI-provisioned PVs that mount to {ibmpowerProductName} Virtual Server Block storage assets, {product-title} installs the {ibmpowerProductName} Virtual Server Block CSI Driver Operator and the {ibmpowerProductName} Virtual Server Block CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
+To create CSI-provisioned PVs that mount to {ibm-power-server-name} Block storage assets, {product-title} installs the {ibm-power-server-name} Block CSI Driver Operator and the {ibm-power-server-name} Block CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
 
-* The _{ibmpowerProductName} Virtual Server Block CSI Driver Operator_ provides two storage classes named `ibm-powervs-tier1` (default), and `ibm-powervs-tier3` for different tiers that you can use to create persistent volume claims (PVCs). The {ibmpowerProductName} Virtual Server Block CSI Driver Operator supports dynamic volume provisioning by allowing storage volumes to be created on demand, eliminating the need for cluster administrators to pre-provision storage.
+* The _{ibm-power-server-name} Block CSI Driver Operator_ provides two storage classes named `ibm-powervs-tier1` (default), and `ibm-powervs-tier3` for different tiers that you can use to create persistent volume claims (PVCs). The {ibm-power-server-name} Block CSI Driver Operator supports dynamic volume provisioning by allowing storage volumes to be created on demand, eliminating the need for cluster administrators to pre-provision storage.
 
-* The _{ibmpowerProductName} Virtual Server Block CSI driver_ allows you to create and mount {ibmpowerProductName} Virtual Server Block PVs.
+* The _{ibm-power-server-name} Block CSI driver_ allows you to create and mount {ibm-power-server-name} Block PVs.
 
 include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 
diff --git a/storage/container_storage_interface/persistent-storage-csi-ibm-vpc-block.adoc b/storage/container_storage_interface/persistent-storage-csi-ibm-vpc-block.adoc
index 8fefe0edd1dc..0d0344f3b4dc 100644
--- a/storage/container_storage_interface/persistent-storage-csi-ibm-vpc-block.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-ibm-vpc-block.adoc
@@ -1,5 +1,5 @@
 [id="persistent-storage-csi-ibm-vpc-block"]
-= IBM VPC Block CSI Driver Operator
+= {ibm-title} VPC Block CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
 :context: persistent-storage-csi-ibm-vpc-block
 
@@ -7,18 +7,24 @@ toc::[]
 
 == Overview
 
-{product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for IBM Virtual Private Cloud (VPC) Block Storage.
+{product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for {ibm-name} Virtual Private Cloud (VPC) Block Storage.
 
 Familiarity with xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] and xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI Operator and driver.
 
-To create CSI-provisioned PVs that mount to IBM VPC Block storage assets, {product-title} installs the IBM VPC Block CSI Driver Operator and the IBM VPC Block CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
+To create CSI-provisioned PVs that mount to {ibm-name} VPC Block storage assets, {product-title} installs the {ibm-name} VPC Block CSI Driver Operator and the {ibm-name} VPC Block CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
 
-* The _IBM VPC Block CSI Driver Operator_ provides three storage classes named `ibmc-vpc-block-10iops-tier` (default), `ibmc-vpc-block-5iops-tier`, and `ibmc-vpc-block-custom` for different tiers that you can use to create persistent volume claims (PVCs). The IBM VPC Block CSI Driver Operator supports dynamic volume provisioning by allowing storage volumes to be created on demand, eliminating the need for cluster administrators to pre-provision storage. You can disable this default storage class if desired (see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]).
+* The _{ibm-name} VPC Block CSI Driver Operator_ provides three storage classes named `ibmc-vpc-block-10iops-tier` (default), `ibmc-vpc-block-5iops-tier`, and `ibmc-vpc-block-custom` for different tiers that you can use to create persistent volume claims (PVCs). The {ibm-name} VPC Block CSI Driver Operator supports dynamic volume provisioning by allowing storage volumes to be created on demand, eliminating the need for cluster administrators to pre-provision storage. You can disable this default storage class if desired (see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]).
 
-* The _IBM VPC Block CSI driver_ enables you to create and mount IBM VPC Block PVs.
+* The _{ibm-name} VPC Block CSI driver_ enables you to create and mount {ibm-name} VPC Block PVs.
 
 include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
+include::modules/persistent-storage-byok.adoc[leveloffset=+1]
+
+For information about installing with user-managed encryption for IBM VPC, see xref:../../installing/installing_ibm_cloud_public/user-managed-encryption-ibm-cloud.adoc[User-managed encryption for IBM Cloud] and xref:../../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc[Preparing to install on IBM Cloud].
+endif::openshift-rosa,openshift-dedicated[]
+
 [role="_additional-resources"]
 .Additional resources
 * xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Configuring CSI volumes]
diff --git a/storage/container_storage_interface/persistent-storage-csi-manila.adoc b/storage/container_storage_interface/persistent-storage-csi-manila.adoc
index ef4345a4430e..1b155341de12 100644
--- a/storage/container_storage_interface/persistent-storage-csi-manila.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-manila.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-manila"]
 = OpenStack Manila CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-migration.adoc b/storage/container_storage_interface/persistent-storage-csi-migration.adoc
index 12b2727a5a50..f9526e87bee0 100644
--- a/storage/container_storage_interface/persistent-storage-csi-migration.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-migration.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-migration"]
 = CSI automatic migration
 include::_attributes/common-attributes.adoc[]
@@ -13,4 +13,3 @@ include::modules/persistent-storage-csi-migration-sc.adoc[leveloffset=+1]
 
 To change the default storage class, see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#change-default-storage-class_persistent-storage-csi-sc-manage[Changing the default storage class].
 
-include::modules/persistent-storage-csi-migration-vsphere.adoc[leveloffset=+1]
diff --git a/storage/container_storage_interface/persistent-storage-csi-ovirt.adoc b/storage/container_storage_interface/persistent-storage-csi-ovirt.adoc
deleted file mode 100644
index e635d5389758..000000000000
--- a/storage/container_storage_interface/persistent-storage-csi-ovirt.adoc
+++ /dev/null
@@ -1,32 +0,0 @@
-:_content-type: ASSEMBLY
-[id="persistent-storage-csi-ovirt"]
-= Red Hat Virtualization CSI Driver Operator
-include::_attributes/common-attributes.adoc[]
-:context: persistent-storage-csi-ovirt
-
-toc::[]
-
-== Overview
-
-{product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for {rh-virtualization-first}.
-
-Familiarity with xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] and xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[configuring CSI volumes] is recommended when working with a Container Storage Interface (CSI) Operator and driver.
-
-To create CSI-provisioned PVs that mount to {rh-virtualization} storage assets, {product-title} installs the oVirt CSI Driver Operator and the oVirt CSI driver by default in the `openshift-cluster-csi-drivers` namespace.
-
-* The _oVirt CSI Driver Operator_ provides a default `StorageClass` object that you can use to create Persistent Volume Claims (PVCs). You can disable this default storage class if desired (see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]).
-
-* The _oVirt CSI driver_ enables you to create and mount oVirt PVs.
-
-include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
-[NOTE]
-====
-The oVirt CSI driver does not support snapshots.
-====
-include::modules/ovirt-csi-driver-storage-class.adoc[leveloffset=+1]
-include::modules/persistent-storage-rhv.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Configuring CSI volumes]
-* xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#csi-dynamic-provisioning_persistent-storage-csi[Dynamic Provisioning]
diff --git a/storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc b/storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc
index 81e7a6bc1fd2..b255c9a15069 100644
--- a/storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-sc-manage"]
 = Managing the default storage class
 include::_attributes/common-attributes.adoc[]
@@ -37,12 +37,10 @@ Managing the default storage classes is supported by the following Container Sto
 
 * xref:../../storage/container_storage_interface/persistent-storage-csi-gcp-pd.adoc#persistent-storage-csi-gcp-pd[Google Cloud Platform (GCP) Persistent Disk (PD)]
 
-* xref:../../storage/container_storage_interface/persistent-storage-csi-ibm-vpc-block.adoc#persistent-storage-csi-ibm-vpc-block[IBM VPC Block]
+* xref:../../storage/container_storage_interface/persistent-storage-csi-ibm-vpc-block.adoc#persistent-storage-csi-ibm-vpc-block[{ibm-name} VPC Block]
 
 * xref:../../storage/container_storage_interface/persistent-storage-csi-cinder.adoc#persistent-storage-csi-cinder[OpenStack Cinder]
 
-* xref:../../storage/container_storage_interface/persistent-storage-csi-ovirt.adoc#persistent-storage-csi-ovirt[Red Hat Virtualization]
-
 * xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-vsphere[VMware vSphere]
 endif::openshift-rosa,openshift-dedicated[]
 
diff --git a/storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc b/storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc
new file mode 100644
index 000000000000..bd14f474a385
--- /dev/null
+++ b/storage/container_storage_interface/persistent-storage-csi-secrets-store.adoc
@@ -0,0 +1,32 @@
+[id="persistent-storage-csi-secrets-store"]
+= {secrets-store-driver}
+include::_attributes/common-attributes.adoc[]
+:context: persistent-storage-csi-secrets-store
+
+toc::[]
+
+include::modules/persistent-storage-csi-secrets-store-driver-overview.adoc[leveloffset=+1]
+
+For more information about CSI inline volumes, see xref:../../storage/container_storage_interface/ephemeral-storage-csi-inline.adoc#ephemeral-storage-csi-inline[CSI inline ephemeral volumes].
+
+:FeatureName: The {secrets-store-operator}
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+Familiarity with xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] and xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI driver.
+
+// Secrets store providers
+include::modules/secrets-store-providers.adoc[leveloffset=+2]
+
+include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
+
+include::modules/persistent-storage-csi-secrets-store-driver-install.adoc[leveloffset=+1]
+
+.Next steps
+
+* xref:../../nodes/pods/nodes-pods-secrets-store.adoc#mounting-secrets-external-secrets-store[Mounting secrets from an external secrets store to a CSI volume]
+
+include::modules/persistent-storage-csi-secrets-store-driver-uninstall.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+* xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Configuring CSI volumes]
diff --git a/storage/container_storage_interface/persistent-storage-csi-snapshots.adoc b/storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
index 7120c26cbbfd..421063d62510 100644
--- a/storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-snapshots.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi-snapshots"]
 = CSI volume snapshots
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/container_storage_interface/persistent-storage-csi-vol-detach-non-graceful-shutdown.adoc b/storage/container_storage_interface/persistent-storage-csi-vol-detach-non-graceful-shutdown.adoc
index d519eb9e9bb9..a01e2e35ef7f 100644
--- a/storage/container_storage_interface/persistent-storage-csi-vol-detach-non-graceful-shutdown.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-vol-detach-non-graceful-shutdown.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="ephemeral-storage-csi-vol-detach-non-graceful-shutdown"]
 = Detach CSI volumes after non-graceful node shutdown
 include::_attributes/common-attributes.adoc[]
@@ -8,9 +8,6 @@ toc::[]
 
 This feature allows Container Storage Interface (CSI) drivers to automatically detach volumes when a node goes down non-gracefully.
 
-:FeatureName: Detach CSI volumes after non-graceful node shutdown
-include::snippets/technology-preview.adoc[leveloffset=+1]
-
 include::modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-overview.adoc[leveloffset=+1]
 
 include::modules/persistent-storage-csi-vol-detach-non-graceful-shutdown-procedure.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/storage/container_storage_interface/persistent-storage-csi-vsphere.adoc b/storage/container_storage_interface/persistent-storage-csi-vsphere.adoc
index 71f8c992e679..fd03a85ff151 100644
--- a/storage/container_storage_interface/persistent-storage-csi-vsphere.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-vsphere"]
 = VMware vSphere CSI Driver Operator
 include::_attributes/common-attributes.adoc[]
@@ -16,23 +16,17 @@ To create CSI-provisioned persistent volumes (PVs) that mount to vSphere storage
 
 * *vSphere CSI Driver Operator*: The Operator provides a storage class, called `thin-csi`, that you can use to create persistent volumes claims (PVCs). The vSphere CSI Driver Operator supports dynamic volume provisioning by allowing storage volumes to be created on-demand, eliminating the need for cluster administrators to pre-provision storage. You can disable this default storage class if desired (see xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]).
 
-* *vSphere CSI driver*: The driver enables you to create and mount vSphere PVs. In {product-title} 4.13, the driver version is 3.0.1. The vSphere CSI driver supports all of the file systems supported by the underlying Red Hat Core OS release, including XFS and Ext4. For more information about supported file systems, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_file_systems/assembly_overview-of-available-file-systems_managing-file-systems[Overview of available file systems].
+* *vSphere CSI driver*: The driver enables you to create and mount vSphere PVs. In {product-title} 4.15, the driver version is 3.0.2. The vSphere CSI driver supports all of the file systems supported by the underlying Red Hat Core OS release, including XFS and Ext4. For more information about supported file systems, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_file_systems/assembly_overview-of-available-file-systems_managing-file-systems[Overview of available file systems].
 
 //Please update driver version as needed with each major OCP release starting with 4.13.
 
 //Listing the VMWare driver version here because it has a more variable set of features. The Operator version does not change independently (is parallel).
 
-[IMPORTANT]
+[NOTE]
 ====
-For vSphere:
-
-* For new installations of {product-title} 4.13, or later, automatic migration is enabled by default.
-+
-CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes. For more information about migration, see xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration[CSI automatic migration].
-
-* When upgrading from {product-title} 4.12, or earlier, to 4.13, automatic CSI migration for vSphere only occurs if you opt in. If you do not opt in, {product-title} defaults to using the in-tree (non-CSI) plugin to provision vSphere storage. xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#upgrading-openshift-container-platform[Carefully review the indicated consequences before opting in to migration].
+For new installations, {product-title} 4.13 and later provides automatic migration for the vSphere in-tree volume plugin to its equivalent CSI driver. Updating to {product-title} 4.15 and later also provides automatic migration. For more information about updating and migration, see xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration[CSI automatic migration].
 
-After full migration, in-tree plugins will eventually be removed in future versions of {product-title}.
+CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes.
 ====
 
 [NOTE]
@@ -55,28 +49,28 @@ include::modules/persistent-storage-csi-vsphere-install-issues.adoc[leveloffset=
 [id="vsphere-pv-encryption"]
 == vSphere persistent disks encryption
 
-You can encrypt virtual machines (VMs) and dynamically provisioned persistent volumes (PVs) on {product-title} running on top of vSphere. 
+You can encrypt virtual machines (VMs) and dynamically provisioned persistent volumes (PVs) on {product-title} running on top of vSphere.
 
 [NOTE]
 ====
 {product-title} does not support RWX-encrypted PVs. You cannot request RWX PVs out of a storage class that uses an encrypted storage policy.
 ====
 
-You must encrypt VMs before you can encrypt PVs, which you can do during installation or post-installation. 
+You must encrypt VMs before you can encrypt PVs, which you can do during installation or postinstallation.
 
 For information about encrypting VMs, see:
 
-* xref:../../installing/installing_vsphere/installing-vsphere.adoc#installation-vsphere-encrypted-vms_installing-vsphere[Requirements for encrypting virtual machines]
+* xref:../../installing/installing_vsphere/upi/upi-vsphere-installation-reqs.adoc#installation-vsphere-encrypted-vms_upi-vsphere-installation-reqs[Requirements for encrypting virtual machines]
 
-* xref:../../installing/installing_vsphere/installing-vsphere.adoc#installation-vsphere-machines_installing-vsphere[During installation: Step 7 of Installing RHCOS and starting the {product-title} bootstrap process]
+* xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc#installation-vsphere-machines_installing-vsphere[During installation: Step 7 of Installing RHCOS and starting the {product-title} bootstrap process]
 
-* xref:../../post_installation_configuration/vsphere-post-installation-encryption.adoc[Post-installation enabling encryption on a vSphere cluster]
+* xref:../../post_installation_configuration/vsphere-post-installation-encryption.adoc[Postinstallation enabling encryption on a vSphere cluster]
 
 After encrypting VMs, you can configure a storage class that supports dynamic encryption volume provisioning using the vSphere Container Storage Interface (CSI) driver. This can be accomplished in one of two ways using:
 
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-encryption-datastore-url_persistent-storage-csi-vsphere[Datastore URL]: This approach is not very flexible, and forces you to use a single datastore. It also does not support topology-aware provisioning. 
+* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-encryption-datastore-url_persistent-storage-csi-vsphere[Datastore URL]: This approach is not very flexible, and forces you to use a single datastore. It also does not support topology-aware provisioning.
 
-* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-encryption-tag-based_persistent-storage-csi-vsphere[Tag-based placement]: Encrypts the provisioned volumes and uses tag-based placement to target specific datastores. 
+* xref:../../storage/container_storage_interface/persistent-storage-csi-vsphere.adoc#persistent-storage-csi-vsphere-encryption-tag-based_persistent-storage-csi-vsphere[Tag-based placement]: Encrypts the provisioned volumes and uses tag-based placement to target specific datastores.
 
 include::modules/persistent-storage-csi-vsphere-encryption-datastore-url.adoc[leveloffset=+2]
 
@@ -87,20 +81,20 @@ include::modules/persistent-storage-csi-vsphere-top-aware-overview.adoc[leveloff
 include::modules/persistent-storage-csi-vsphere-top-aware-during-install.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
-* xref:../../installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc#configuring-vsphere-regions-zones_installing-vsphere-installer-provisioned-network-customizations[Configuring regions and zones for a VMware vCenter]
+* xref:../../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc#configuring-vsphere-regions-zones_installing-vsphere-installer-provisioned-network-customizations[Configuring regions and zones for a VMware vCenter]
 
 include::modules/persistent-storage-csi-vsphere-top-aware-post-install.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../post_installation_configuration/post-install-vsphere-zones-regions-configuration.adoc#specifying-regions-zones-infrastructure-vsphere_post-install-vsphere-zones-regions-configuration[Specifying multiple regions and zones for your cluster on vSphere]
-* https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-16422FF7-235B-4A44-92E2-532F6AED0923.html?hWord=N4IghgNiBcIC5gOYgL5A[VMware vSphere tag documenation]
+* https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-16422FF7-235B-4A44-92E2-532F6AED0923.html?hWord=N4IghgNiBcIC5gOYgL5A[VMware vSphere tag documentation]
 
 include::modules/persistent-storage-csi-vsphere-top-aware-infra-top.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
-* https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-16422FF7-235B-4A44-92E2-532F6AED0923.html?hWord=N4IghgNiBcIC5gOYgL5A[VMware vSphere tag documenation]
+* https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-16422FF7-235B-4A44-92E2-532F6AED0923.html?hWord=N4IghgNiBcIC5gOYgL5A[VMware vSphere tag documentation]
 
 include::modules/persistent-storage-csi-vsphere-top-aware-results.adoc[leveloffset=+2]
 
 == Additional resources
-* xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Configuring CSI volumes]
\ No newline at end of file
+* xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Configuring CSI volumes]
diff --git a/storage/container_storage_interface/persistent-storage-csi.adoc b/storage/container_storage_interface/persistent-storage-csi.adoc
index b8ea0ff6b74b..9a98f90be116 100644
--- a/storage/container_storage_interface/persistent-storage-csi.adoc
+++ b/storage/container_storage_interface/persistent-storage-csi.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-csi"]
 = Configuring CSI volumes
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/dynamic-provisioning.adoc b/storage/dynamic-provisioning.adoc
index 4838b14b7cd5..2dce801925e6 100644
--- a/storage/dynamic-provisioning.adoc
+++ b/storage/dynamic-provisioning.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dynamic-provisioning"]
 = Dynamic provisioning
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/expanding-persistent-volumes.adoc b/storage/expanding-persistent-volumes.adoc
index 3c1dd9c39871..f88ba3081402 100644
--- a/storage/expanding-persistent-volumes.adoc
+++ b/storage/expanding-persistent-volumes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="expanding-persistent-volumes"]
 = Expanding persistent volumes
 include::_attributes/common-attributes.adoc[]
@@ -23,6 +23,6 @@ include::modules/storage-expanding-recovering-failure.adoc[leveloffset=+1]
 endif::openshift-enterprise,openshift-webscale,openshift-origin[]
 
 [role="_additional-resources"]
-.Additional resources 
+.Additional resources
 
 * The controlling `StorageClass` object has `allowVolumeExpansion` set to `true` (see xref:../storage/expanding-persistent-volumes.adoc#add-volume-expansion_expanding-persistent-volumes[Enabling volume expansion support]).
\ No newline at end of file
diff --git a/storage/generic-ephemeral-vols.adoc b/storage/generic-ephemeral-vols.adoc
index 0d4fbb5e035b..db0f0277efae 100644
--- a/storage/generic-ephemeral-vols.adoc
+++ b/storage/generic-ephemeral-vols.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="generic-ephemeral-volumes"]
 = Generic ephemeral volumes
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/index.adoc b/storage/index.adoc
index 9081319b743a..ded45122eee0 100644
--- a/storage/index.adoc
+++ b/storage/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="storage-overview"]
 = {product-title} storage overview
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-aws.adoc b/storage/persistent_storage/persistent-storage-aws.adoc
index e73692771885..5b1eb590217a 100644
--- a/storage/persistent_storage/persistent-storage-aws.adoc
+++ b/storage/persistent_storage/persistent-storage-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-aws"]
 = Persistent storage using AWS Elastic Block Store
 include::_attributes/common-attributes.adoc[]
@@ -7,7 +7,7 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 ifdef::openshift-rosa,openshift-dedicated[]
-{product-title} clusters are prebuilt with four storage classes that use AWS Elastic Block Store (EBS) volumes. These storage classes are ready to use and some familiarity with Kubernetes and AWS is assumed.
+{product-title} clusters are prebuilt with four storage classes that use Amazon Elastic Block Store (Amazon EBS) volumes. These storage classes are ready to use and some familiarity with Kubernetes and AWS is assumed.
 
 Following are the four prebuilt storage classes:
 [options="header"]
@@ -29,7 +29,7 @@ The gp3 storage class is set as default; however, you can select any of the stor
 endif::openshift-rosa,openshift-dedicated[]
 
 ifndef::openshift-rosa,openshift-dedicated[]
-{product-title} supports AWS Elastic Block Store volumes (EBS).
+{product-title} supports Amazon Elastic Block Store (EBS) volumes.
 You can provision your {product-title} cluster with persistent storage by using link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html[Amazon EC2].
 endif::openshift-rosa,openshift-dedicated[]
 
@@ -38,7 +38,7 @@ You can dynamically provision Amazon EBS volumes.
 Persistent volumes are not bound to a single project or namespace; they can be shared across the {product-title} cluster.
 Persistent volume claims are specific to a project or namespace and can be requested by users.
 You can define a KMS key to encrypt container-persistent volumes on AWS.
-By default, newly created clusters using {product-title} version 4.10 and later use gp3 storage and the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver.
+By default, newly created clusters using {product-title} version 4.10 and later use gp3 storage and the link:https://github.com/openshift/aws-ebs-csi-driver[AWS EBS CSI driver].
 
 [IMPORTANT]
 ====
diff --git a/storage/persistent_storage/persistent-storage-azure-file.adoc b/storage/persistent_storage/persistent-storage-azure-file.adoc
index 8d22cc6ebe49..0680421a5132 100644
--- a/storage/persistent_storage/persistent-storage-azure-file.adoc
+++ b/storage/persistent_storage/persistent-storage-azure-file.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-azure-file"]
 = Persistent storage using Azure File
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-azure.adoc b/storage/persistent_storage/persistent-storage-azure.adoc
index 7f33407753fa..87c8dd36eb8d 100644
--- a/storage/persistent_storage/persistent-storage-azure.adoc
+++ b/storage/persistent_storage/persistent-storage-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-azure"]
 = Persistent storage using Azure
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-cinder.adoc b/storage/persistent_storage/persistent-storage-cinder.adoc
index c06a70631401..ed26326233b9 100644
--- a/storage/persistent_storage/persistent-storage-cinder.adoc
+++ b/storage/persistent_storage/persistent-storage-cinder.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-cinder"]
 = Persistent storage using Cinder
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-fibre.adoc b/storage/persistent_storage/persistent-storage-fibre.adoc
index d6826cc009d3..a5ebbd1c662b 100644
--- a/storage/persistent_storage/persistent-storage-fibre.adoc
+++ b/storage/persistent_storage/persistent-storage-fibre.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-fibre"]
 = Persistent storage using Fibre Channel
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-flexvolume.adoc b/storage/persistent_storage/persistent-storage-flexvolume.adoc
index f4743f395ea8..f5dbfd238489 100644
--- a/storage/persistent_storage/persistent-storage-flexvolume.adoc
+++ b/storage/persistent_storage/persistent-storage-flexvolume.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-flexvolume"]
 = Persistent storage using FlexVolume
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-gce.adoc b/storage/persistent_storage/persistent-storage-gce.adoc
index 592c1f137dd2..cf6fc4c53d9c 100644
--- a/storage/persistent_storage/persistent-storage-gce.adoc
+++ b/storage/persistent_storage/persistent-storage-gce.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-gce"]
 = Persistent storage using GCE Persistent Disk
 include::_attributes/common-attributes.adoc[]
@@ -27,7 +27,7 @@ requested by users.
 ====
 {product-title} defaults to using an in-tree (non-CSI) plugin to provision gcePD storage.
 
-In future {product-title} versions, volumes provisioned using existing in-tree plug-ins are planned for migration to their equivalent CSI driver. CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes. 
+In future {product-title} versions, volumes provisioned using existing in-tree plug-ins are planned for migration to their equivalent CSI driver. CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes.
 ifndef::openshift-dedicated[]
 For more information about migration, see xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration[CSI automatic migration].
 endif::openshift-dedicated[]
diff --git a/storage/persistent_storage/persistent-storage-iscsi.adoc b/storage/persistent_storage/persistent-storage-iscsi.adoc
index 8485718d789b..975dcd59cf7a 100644
--- a/storage/persistent_storage/persistent-storage-iscsi.adoc
+++ b/storage/persistent_storage/persistent-storage-iscsi.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-iscsi"]
 = Persistent storage using iSCSI
 include::_attributes/common-attributes.adoc[]
@@ -31,10 +31,10 @@ By default, they are ports `860` and `3260`.
 
 [IMPORTANT]
 ====
-Users must ensure that the iSCSI initiator is already configured on all 
-{product-title} nodes by installing the `iscsi-initiator-utils` 
-package and configuring their initiator name in `/etc/iscsi/initiatorname.iscsi`. 
-The `iscsi-initiator-utils` package is already installed on deployments 
+Users must ensure that the iSCSI initiator is already configured on all
+{product-title} nodes by installing the `iscsi-initiator-utils`
+package and configuring their initiator name in `/etc/iscsi/initiatorname.iscsi`.
+The `iscsi-initiator-utils` package is already installed on deployments
 that use {op-system-first}.
 
 For more information, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/managing_storage_devices/index#configuring-an-iscsi-initiator_managing-storage-devices[Managing Storage Devices].
diff --git a/storage/persistent_storage/persistent-storage-nfs.adoc b/storage/persistent_storage/persistent-storage-nfs.adoc
index d28cd0669f0f..7a89412dc5a5 100644
--- a/storage/persistent_storage/persistent-storage-nfs.adoc
+++ b/storage/persistent_storage/persistent-storage-nfs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-nfs"]
 = Persistent storage using NFS
 include::_attributes/common-attributes.adoc[]
@@ -16,7 +16,7 @@ distinct cluster resource, making the volume more susceptible to conflicts.
 [role="_additional-resources"]
 .Additional resources
 
-* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/ch-nfs[Network File System (NFS)]
+* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_file_systems/mounting-nfs-shares_managing-file-systems[Mounting NFS shares]
 
 include::modules/storage-persistent-storage-nfs-provisioning.adoc[leveloffset=+1]
 
diff --git a/storage/persistent_storage/persistent-storage-ocs.adoc b/storage/persistent_storage/persistent-storage-ocs.adoc
index 4c60b8560dc3..141b6bdc5723 100644
--- a/storage/persistent_storage/persistent-storage-ocs.adoc
+++ b/storage/persistent_storage/persistent-storage-ocs.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="red-hat-openshift-data-foundation"]
 = Red Hat OpenShift Data Foundation
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent-storage-vsphere.adoc b/storage/persistent_storage/persistent-storage-vsphere.adoc
index 29b0e4473fb5..8bd9162bb3c2 100644
--- a/storage/persistent_storage/persistent-storage-vsphere.adoc
+++ b/storage/persistent_storage/persistent-storage-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-vsphere"]
 = Persistent storage using VMware vSphere volumes
 include::_attributes/common-attributes.adoc[]
@@ -26,11 +26,9 @@ requested by users.
 
 [IMPORTANT]
 ====
-{product-title} defaults to using an in-tree (non-CSI) plugin to provision vSphere storage.
+For new installations, {product-title} 4.13 and later provides automatic migration for the vSphere in-tree volume plugin to its equivalent CSI driver. Updating to {product-title} 4.15 and later also provides automatic migration. For more information about updating and migration, see xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration[CSI automatic migration].
 
-In future {product-title} versions, volumes provisioned using existing in-tree plugins are planned for migration to their equivalent CSI driver. CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes. For more information about migration, see xref:../../storage/container_storage_interface/persistent-storage-csi-migration.adoc#persistent-storage-csi-migration[CSI automatic migration].
-
-After full migration, in-tree plugins will eventually be removed in future versions of {product-title}.
+CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes.
 ====
 
 [role="_additional-resources"]
@@ -43,7 +41,7 @@ After full migration, in-tree plugins will eventually be removed in future versi
 Dynamically provisioning VMware vSphere volumes is the recommended method.
 
 == Prerequisites
-* An {product-title} cluster installed on a VMware vSphere version that meets the requirements for the components that you use. See xref:../../installing/installing_vsphere/installing-vsphere.adoc[Installing a cluster on vSphere] for information about vSphere version support.
+* An {product-title} cluster installed on a VMware vSphere version that meets the requirements for the components that you use. See xref:../../installing/installing_vsphere/upi/installing-vsphere.adoc[Installing a cluster on vSphere] for information about vSphere version support.
 
 You can use either of the following procedures to dynamically provision these volumes using the default storage class.
 
diff --git a/storage/persistent_storage/persistent_storage_local/persistent-storage-hostpath.adoc b/storage/persistent_storage/persistent_storage_local/persistent-storage-hostpath.adoc
index 77eebe0eaa98..250fa448c698 100644
--- a/storage/persistent_storage/persistent_storage_local/persistent-storage-hostpath.adoc
+++ b/storage/persistent_storage/persistent_storage_local/persistent-storage-hostpath.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-hostpath"]
 = Persistent storage using hostPath
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc b/storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc
index 378f0d33dd6f..410ba92e8b5c 100644
--- a/storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc
+++ b/storage/persistent_storage/persistent_storage_local/persistent-storage-local.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-local-volume"]
 = Persistent storage using local volumes
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc b/storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
index d084354f91f3..30358cbc82f0 100644
--- a/storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
+++ b/storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="persistent-storage-using-lvms"]
 = Persistent storage using logical volume manager storage
 include::_attributes/common-attributes.adoc[]
@@ -6,9 +6,9 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-{lvms-first} uses the TopoLVM CSI driver to dynamically provision local storage on {sno} clusters.
+{lvms-first} uses the TopoLVM CSI driver to dynamically provision local storage on the clusters.
 
-{lvms} creates thin-provisioned volumes using Logical Volume Manager and provides dynamic provisioning of block storage on a limited resources {sno} cluster.
+{lvms} creates thin-provisioned volumes using Logical Volume Manager and provides dynamic provisioning of block storage on a limited resources cluster.
 
 //deploying/requirements with RHACM
 include::modules/deploying-lvms-on-sno-cluster.adoc[leveloffset=+1]
@@ -16,7 +16,7 @@ include::modules/deploying-lvms-on-sno-cluster.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online[Red Hat Advanced Cluster Management for Kubernetes: Installing while connected online]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/{rh-rhacm-version}/html/install/installing#installing-while-connected-online[Red Hat Advanced Cluster Management for Kubernetes: Installing while connected online]
 
 include::modules/lvms-installing-logical-volume-manager-operator-using-cli.adoc[leveloffset=+2]
 
@@ -47,7 +47,7 @@ include::modules/lvms-installing-logical-volume-manager-operator-using-rhacm.ado
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online[Red Hat Advanced Cluster Management for Kubernetes: Installing while connected online]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/{rh-rhacm-version}/html/install/installing#installing-while-connected-online[Red Hat Advanced Cluster Management for Kubernetes: Installing while connected online]
 
 * xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-reference-file_logical-volume-manager-storage[{lvms} reference YAML file]
 
@@ -60,14 +60,28 @@ include::modules/lvms-uninstalling-logical-volume-manager-operator-using-rhacm.a
 * xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-reference-file_logical-volume-manager-storage[{lvms} reference YAML file]
 
 include::modules/lvms-creating-logical-volume-manager-cluster.adoc[leveloffset=+1]
+include::modules/lvms-unsupported-devices.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../../nodes/nodes/nodes-sno-worker-nodes.adoc[Adding worker nodes to {sno} clusters].
+* xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-integrating-software-raid-arrays_logical-volume-manager-storage[Integrating software RAID arrays with {lvms}]
+
+* xref:../../../nodes/nodes/nodes-sno-worker-nodes.adoc[Adding worker nodes to {sno} clusters]
 
 * xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-reference-file_logical-volume-manager-storage[{lvms} reference YAML file]
 
+//Integrating software RAID arrays
+include::modules/lvms-integrating-software-raid-arrays.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../installing/install_config/installing-customizing.adoc#installation-special-config-raid_installing-customizing[Configuring a RAID-enabled data volume]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_storage_devices/managing-raid_managing-storage-devices#creating-a-software-raid-on-an-installed-system_managing-raid[Creating a software RAID on an installed system]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_storage_devices/managing-raid_managing-storage-devices#replacing-a-failed-disk-in-raid_managing-raid[Replacing a failed disk in RAID]
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_storage_devices/managing-raid_managing-storage-devices#repairing-raid-disks_managing-raid[Repairing RAID disks]
+
 //Provisioning
 include::modules/lvms-provisioning-storage-using-logical-volume-manager-operator.adoc[leveloffset=+1]
 
@@ -77,9 +91,9 @@ include::modules/lvms-monitoring-logical-volume-manager-operator.adoc[leveloffse
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/observability/index[Observability]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/{rh-rhacm-version}/html-single/observability/index[Observability]
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/observability/index#adding-custom-metrics[Adding custom metrics]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/{rh-rhacm-version}/html-single/observability/index#adding-custom-metrics[Adding custom metrics]
 
 //Scaling
 include::modules/lvms-scaling-storage-of-single-node-open-concept.adoc[leveloffset=+1]
@@ -101,7 +115,7 @@ include::modules/lvms-scaling-storage-of-single-node-openshift-cluster-using-rha
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online[Red Hat Advanced Cluster Management for Kubernetes: Installing while connected online]
+* link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/{rh-rhacm-version}/html/install/installing#installing-while-connected-online[Red Hat Advanced Cluster Management for Kubernetes: Installing while connected online]
 
 * xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-reference-file_logical-volume-manager-storage[{lvms} reference YAML file]
 
@@ -110,9 +124,9 @@ include::modules/lvms-scaling-storage-expand-pvc.adoc[leveloffset=+2]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-scaling-storage-of-single-node-openshift-cluster_logical-volume-manager-storage[Scaling up storage by adding capacity to your {sno} cluster]
+* xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-scaling-storage-of-single-node-openshift-cluster_logical-volume-manager-storage[Scaling up storage by adding capacity to your cluster]
 
-* xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm_logical-volume-manager-storage[Scaling up storage by adding capacity to your single-node OpenShift cluster using RHACM]
+* xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-scaling-storage-of-single-node-openshift-cluster-using-rhacm_logical-volume-manager-storage[Scaling up storage by adding capacity to your cluster using {rh-rhacm}]
 
 * xref:../../../storage/expanding-persistent-volumes.adoc#add-volume-expansion_expanding-persistent-volumes[Enabling volume expansion support]
 
@@ -122,6 +136,11 @@ include::modules/lvms-upgrading-lvms-on-sno.adoc[leveloffset=+1]
 //Volume snapshots
 include::modules/lvms-volume-snapshots-in-single-node-openshift.adoc[leveloffset=+1]
 
+[NOTE]
+====
+Before creating volume snapshots, you must be aware of the limitations. For information about the limitations, see xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-limitations-for-creating-snapshots-and-clones_logical-volume-manager-storage[Limitations for creating volume snapshots and volume clones].
+====
+
 [role="_additional-resources"]
 .Additional resources
 
@@ -133,9 +152,18 @@ include::modules/lvms-deleting-volume-snapshots-in-single-node-openshift.adoc[le
 
 //Volume cloning
 include::modules/lvms-volume-clones-in-single-node-openshift.adoc[leveloffset=+1]
+
+[NOTE]
+====
+Before creating volume clones, you must be aware of the limitations. For information about limitations, see xref:../../../storage/persistent_storage/persistent_storage_local/persistent-storage-using-lvms.adoc#lvms-limitations-for-creating-snapshots-and-clones_logical-volume-manager-storage[Limitations for creating volume snapshots and volume clones].
+====
+
 include::modules/lvms-creating-volume-clones-in-single-node-openshift.adoc[leveloffset=+2]
 include::modules/lvms-deleting-cloned-volumes-in-single-node-openshift.adoc[leveloffset=+2]
 
+//Limitations for creating volume snapshots and volume clones
+include::modules/lvms-limitations-for-creating-snapshots-and-clones.adoc[leveloffset=+1]
+
 //Must-gather
 include::modules/lvms-download-log-files-and-diagnostics.adoc[leveloffset=+1]
 
diff --git a/storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc b/storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
new file mode 100644
index 000000000000..3ae4d7e76db5
--- /dev/null
+++ b/storage/persistent_storage/persistent_storage_local/troubleshooting-local-persistent-storage-using-lvms.adoc
@@ -0,0 +1,31 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="troubleshooting-local-persistent-storage"]
+= Troubleshooting local persistent storage using LVMS
+include::_attributes/common-attributes.adoc[]
+:context: troubleshooting-local-persistent-storage-using-lvms
+
+toc::[]
+
+Because {product-title} does not scope a persistent volume (PV) to a single project, it can be shared across the cluster and claimed by any project using a persistent volume claim (PVC). This can lead to a number of issues that require troubleshooting.
+
+include::modules/lvms-troubleshooting-investigating-a-pvc-stuck-in-the-pending-state.adoc[leveloffset=+1]
+
+include::modules/lvms-troubleshooting-recovering-from-missing-lvms-or-operator-components.adoc[leveloffset=+1]
+
+include::modules/lvms-troubleshooting-recovering-from-node-failure.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources-forced-cleanup-1"]
+.Additional resources
+
+* xref:../../../troubleshooting-local-persistent-storage-using-lvms.adoc#performing-a-forced-cleanup_troubleshooting-local-persistent-storage-using-lvms[Performing a forced cleanup]
+
+include::modules/lvms-troubleshooting-recovering-from-disk-failure.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources-forced-cleanup-2"]
+.Additional resources
+
+* xref:../../../troubleshooting-local-persistent-storage-using-lvms.adoc#performing-a-forced-cleanup_troubleshooting-local-persistent-storage-using-lvms[Performing a forced cleanup]
+
+include::modules/lvms-troubleshooting-performing-a-forced-cleanup.adoc[leveloffset=+1]
diff --git a/storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc b/storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc
index 6114a53cfe0d..1f25cab6ce69 100644
--- a/storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc
+++ b/storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-persistent-storage-aws-efs-csi"]
 = Setting up AWS Elastic File Service CSI Driver Operator
 include::_attributes//attributes-openshift-dedicated.adoc[]
@@ -16,7 +16,7 @@ This procedure is specific to the Amazon Web Services Elastic File System (AWS E
 
 {product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for AWS Elastic File Service (EFS).
 
-Familiarity with link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/storage/index#persistent-storage-overview_understanding-persistent-storage[persistent storage] and link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/storage/index#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI Operator and driver.
+Familiarity with link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/storage/index#persistent-storage-overview_understanding-persistent-storage[persistent storage] and link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/storage/index#persistent-storage-csi[configuring CSI volumes] is recommended when working with a CSI Operator and driver.
 
 After installing the AWS EFS CSI Driver Operator, {product-title} installs the AWS EFS CSI Operator and the AWS EFS CSI driver by default in the `openshift-cluster-csi-drivers` namespace. This allows the AWS EFS CSI Driver Operator to create CSI-provisioned PVs that mount to AWS EFS assets.
 
@@ -51,7 +51,7 @@ include::modules/persistent-storage-csi-efs-sts.adoc[leveloffset=+1]
 * xref:../../storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc#persistent-storage-csi-olm-operator-install_rosa-persistent-storage-aws-efs-csi[Installing the AWS EFS CSI Driver Operator]
 
 
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/authentication_and_authorization/index#cco-ccoctl-configuring_cco-mode-sts[Configuring the Cloud Credential Operator utility]
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/authentication_and_authorization/index#cco-ccoctl-configuring_cco-mode-sts[Configuring the Cloud Credential Operator utility]
 
 :StorageClass: AWS EFS
 :Provisioner: efs.csi.aws.com
@@ -80,5 +80,5 @@ include::modules/persistent-storage-csi-olm-operator-uninstall.adoc[leveloffset=
 [role="_additional-resources"]
 == Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html-single/storage/index#persistent-storage-csi[Configuring CSI volumes]
+* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.15/html-single/storage/index#persistent-storage-csi[Configuring CSI volumes]
 
diff --git a/storage/understanding-ephemeral-storage.adoc b/storage/understanding-ephemeral-storage.adoc
index 97fefcb1d0ca..5be9e00c415c 100644
--- a/storage/understanding-ephemeral-storage.adoc
+++ b/storage/understanding-ephemeral-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-ephemeral-storage"]
 = Understanding ephemeral storage
 include::_attributes/common-attributes.adoc[]
diff --git a/storage/understanding-persistent-storage.adoc b/storage/understanding-persistent-storage.adoc
index 9c7d7ff70fe4..ae113327491d 100644
--- a/storage/understanding-persistent-storage.adoc
+++ b/storage/understanding-persistent-storage.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-persistent-storage"]
 = Understanding persistent storage
 include::_attributes/common-attributes.adoc[]
diff --git a/support/gathering-cluster-data.adoc b/support/gathering-cluster-data.adoc
index fa5cae486374..95c633e2be00 100644
--- a/support/gathering-cluster-data.adoc
+++ b/support/gathering-cluster-data.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="gathering-cluster-data"]
 = Gathering data about your cluster
 include::_attributes/common-attributes.adoc[]
@@ -20,7 +20,7 @@ It is recommended to provide:
 endif::openshift-origin[]
 
 ifdef::openshift-origin[]
-You can use the following tools to get debugging information about your {product-title} cluster. 
+You can use the following tools to get debugging information about your {product-title} cluster.
 endif::openshift-origin[]
 
 // About the must-gather tool
@@ -36,12 +36,16 @@ include::modules/gathering-data-specific-features.adoc[leveloffset=+2]
 
 == Additional resources
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../nodes/cma/nodes-cma-autoscaling-custom.adoc#nodes-cma-autoscaling-custom-gather[Gathering debugging data] for the Custom Metrics Autoscaler.
+endif::openshift-rosa,openshift-dedicated[]
 
 * link:https://access.redhat.com/support/policy/updates/openshift[Red Hat {product-title} Life Cycle Policy]
 
+ifdef::openshift-rosa,openshift-dedicated[]
 // Gathering audit logs
 include::modules/gathering-data-audit-logs.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 // Gathering network logs
 include::modules/gathering-data-network-logs.adoc[leveloffset=+2]
diff --git a/support/getting-support.adoc b/support/getting-support.adoc
index b34337338f36..7b777a580f7a 100644
--- a/support/getting-support.adoc
+++ b/support/getting-support.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="getting-support"]
 = Getting support
 include::_attributes/common-attributes.adoc[]
@@ -10,15 +10,12 @@ endif::[]
 toc::[]
 
 // Getting support
-ifdef::openshift-enterprise,openshift-webscale,openshift-dedicated,openshift-origin[]
 
 include::modules/support.adoc[leveloffset=+1]
 include::modules/support-knowledgebase-about.adoc[leveloffset=+1]
 include::modules/support-knowledgebase-search.adoc[leveloffset=+1]
 include::modules/support-submitting-a-case.adoc[leveloffset=+1]
 
-endif::openshift-enterprise,openshift-webscale,openshift-dedicated,openshift-origin[]
-
 [id="getting-support-additional-resources"]
 [role="_additional-resources"]
 == Additional resources
diff --git a/support/index.adoc b/support/index.adoc
index dd799475c75a..aa60dd222cc2 100644
--- a/support/index.adoc
+++ b/support/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id='support-overview']
 = Support overview
 include::_attributes/common-attributes.adoc[]
@@ -12,10 +12,20 @@ Red Hat offers cluster administrators tools for gathering data for your cluster,
 == Get support
 xref:../support/getting-support.adoc#getting-support[Get support]: Visit the Red Hat Customer Portal to review knowledge base articles, submit a support case, and review additional product documentation and resources.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [id='support-overview-remote-health-monitoring']
 == Remote health monitoring issues
 xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[Remote health monitoring issues]:
 {product-title} collects telemetry and configuration data about your cluster and reports it to Red Hat by using the Telemeter Client and the Insights Operator. Red Hat uses this data to understand and resolve issues in _connected cluster_. Similar to connected clusters, you can xref:../support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc#remote-health-reporting-from-restricted-network[Use remote health monitoring in a restricted network]. {product-title} collects data and monitors health using the following:
+endif::openshift-rosa,openshift-dedicated[]
+
+// Removed sentence on restricted networks, not supported in ROSA/OSD
+ifdef::openshift-rosa,openshift-dedicated[]
+[id='support-overview-remote-health-monitoring']
+== Remote health monitoring issues
+xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[Remote health monitoring issues]:
+{product-title} collects telemetry and configuration data about your cluster and reports it to Red Hat by using the Telemeter Client and the Insights Operator. Red Hat uses this data to understand and resolve issues in _connected cluster_. {product-title} collects data and monitors health using the following:
+endif::openshift-rosa,openshift-dedicated[]
 
 * *Telemetry*: The Telemetry Client gathers and uploads the metrics values to Red Hat every four minutes and thirty seconds. Red Hat uses this data to:
 
@@ -28,10 +38,12 @@ xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#abo
 ** Identify potential cluster issues proactively.
 ** Provide a solution and preventive action in {cluster-manager-first}.
 
-You can xref:../support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc#showing-data-collected-by-remote-health-monitoring[Review telemetry information].
+You can xref:../support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc#showing-data-collected-by-remote-health-monitoring[review telemetry information].
 
 If you have enabled remote health reporting, xref:../support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc#using-insights-to-identify-issues-with-your-cluster[Use Insights to identify issues]. You can optionally disable remote health reporting.
 
+// must-gather not supported for customers, per Dustin Row, cannot create resource "namespaces"
+ifndef::openshift-rosa,openshift-dedicated[]
 [id='support-overview-gather-data-cluster']
 == Gather data about your cluster
 xref:../support/gathering-cluster-data.adoc#gathering-cluster-data[Gather data about your cluster]: Red Hat recommends gathering your debugging information when opening a support case. This helps Red Hat Support to perform a root cause analysis. A cluster administrator can use the following to gather data about your cluster:
@@ -43,24 +55,28 @@ xref:../support/gathering-cluster-data.adoc#gathering-cluster-data[Gather data a
 * *Cluster node journal logs*: Gather `journald` unit logs and logs within `/var/log` on individual cluster nodes to troubleshoot node-related issues.
 * *A network trace*: Provide a network packet trace from a specific {product-title} cluster node or a container to Red Hat Support to help troubleshoot network-related issues.
 * *Diagnostic data*: Use the `redhat-support-tool` command to gather(?) diagnostic data about your cluster.
+endif::openshift-rosa,openshift-dedicated[]
 
 [id='support-overview-troubleshooting-issues']
 == Troubleshooting issues
 
 A cluster administrator can monitor and troubleshoot the following {product-title} component issues:
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../support/troubleshooting/troubleshooting-installations.adoc#troubleshooting-installations[Installation issues]: {product-title} installation proceeds through various stages. You can perform the following:
 
 ** Monitor the installation stages.
 ** Determine at which stage installation issues occur.
 ** Investigate multiple installation issues.
 ** Gather logs from a failed installation.
+endif::openshift-rosa,openshift-dedicated[]
 
 * xref:../support/troubleshooting/verifying-node-health.adoc#verifying-node-health[Node issues]: A cluster administrator can verify and troubleshoot node-related issues by reviewing the status, resource usage, and configuration of a node. You can query the following:
 
 ** Kubelet’s status on a node.
 ** Cluster node journal logs.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../support/troubleshooting/troubleshooting-crio-issues.adoc#troubleshooting-crio-issues[Crio issues]: A cluster administrator can verify CRI-O container runtime engine status on each cluster node. If you experience container runtime issues, perform the following:
 
 ** Gather CRI-O journald unit logs.
@@ -71,12 +87,15 @@ A cluster administrator can monitor and troubleshoot the following {product-titl
 ** Enable kdump.
 ** Test the kdump configuration.
 ** Analyze a core dump.
+endif::openshift-rosa,openshift-dedicated[]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../support/troubleshooting/troubleshooting-network-issues.adoc#troubleshooting-network-issues[Network issues]: To troubleshoot Open vSwitch issues, a cluster administrator can perform the following:
 
 ** Configure the Open vSwitch log level temporarily.
 ** Configure the Open vSwitch log level permanently.
 ** Display Open vSwitch logs.
+endif::openshift-rosa,openshift-dedicated[]
 
 * xref:../support/troubleshooting/troubleshooting-operator-issues.adoc#troubleshooting-operator-issues[Operator issues]: A cluster administrator can do the following to resolve Operator issues:
 
@@ -89,10 +108,12 @@ A cluster administrator can monitor and troubleshoot the following {product-titl
 ** Review pod and container logs.
 ** Start debug pods with root access.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../support/troubleshooting/troubleshooting-s2i.adoc#troubleshooting-s2i[Source-to-image issues]: A cluster administrator can observe the S2I stages to determine where in the S2I process a failure occurred. Gather the following to resolve Source-to-Image (S2I) issues:
 
 ** Source-to-Image diagnostic data.
 ** Application diagnostic data to investigate application failure.
+endif::openshift-rosa,openshift-dedicated[]
 
 * xref:../support/troubleshooting/troubleshooting-storage-issues.adoc#troubleshooting-storage-issues[Storage issues]: A multi-attach storage error occurs when the mounting volume on a new node is not possible because the failed node cannot unmount the attached volume. A cluster administrator can do the following to resolve multi-attach storage issues:
 
@@ -104,11 +125,11 @@ A cluster administrator can monitor and troubleshoot the following {product-titl
 ** Investigate why user-defined metrics are unavailable.
 ** Determine why Prometheus is consuming a lot of disk space.
 
-* xref:../logging/cluster-logging.adoc#cluster-logging[Logging issues]: A cluster administrator can follow the procedures on the troubleshooting page for OpenShift Logging issues. Check the following to resolve logging issues:
+* xref:../logging/cluster-logging.adoc#cluster-logging[Logging issues]: A cluster administrator can follow the procedures in the "Support" and "Troubleshooting logging" sections to resolve logging issues:
 
-** xref:../logging/troubleshooting/cluster-logging-cluster-status.adoc#cluster-logging-cluster-status[Status of the Logging Operator].
-** xref:../logging/troubleshooting/cluster-logging-cluster-status.adoc#cluster-logging-cluster-status[Status of the Log store].
-** xref:../logging/troubleshooting/cluster-logging-alerts.adoc#cluster-logging-alerts[OpenShift Logging alerts].
-** xref:../logging/troubleshooting/cluster-logging-must-gather.adoc#cluster-logging-must-gather[Information about your OpenShift logging environment using `oc adm must-gather` command].
+** xref:../logging/troubleshooting/cluster-logging-cluster-status.adoc#cluster-logging-clo-status_cluster-logging-cluster-status[Viewing the status of the {clo}].
+** xref:../logging/troubleshooting/cluster-logging-cluster-status.adoc#cluster-logging-clo-status-comp_cluster-logging-cluster-status[Viewing the status of {logging} components].
+** xref:../logging/troubleshooting/troubleshooting-logging-alerts.adoc#troubleshooting-logging-alerts[Troubleshooting logging alerts].
+** xref:../logging/cluster-logging-support.adoc#cluster-logging-must-gather-collecting_cluster-logging-support[Collecting information about your logging environment by using the `oc adm must-gather` command].
 
-* xref:../support/troubleshooting/diagnosing-oc-issues.adoc#diagnosing-oc-issues[OpenShift CLI (oc) issues]: Investigate OpenShift CLI (oc) issues by increasing the log level.
+* xref:../support/troubleshooting/diagnosing-oc-issues.adoc#diagnosing-oc-issues[{oc-first} issues]: Investigate {oc-first} issues by increasing the log level.
diff --git a/support/managing-cluster-resources.adoc b/support/managing-cluster-resources.adoc
index fef8d50de950..2b68f2a241cf 100644
--- a/support/managing-cluster-resources.adoc
+++ b/support/managing-cluster-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="managing-cluster-resources"]
 = Managing your cluster resources
 include::_attributes/common-attributes.adoc[]
diff --git a/support/osd-managed-resources.adoc b/support/osd-managed-resources.adoc
index 1b08284fe570..d8fef69fd584 100644
--- a/support/osd-managed-resources.adoc
+++ b/support/osd-managed-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-managed-resources"]
 = {product-title} managed resources
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/support/remote_health_monitoring/about-remote-health-monitoring.adoc b/support/remote_health_monitoring/about-remote-health-monitoring.adoc
index 3d7612eeaf67..b629dc93e701 100644
--- a/support/remote_health_monitoring/about-remote-health-monitoring.adoc
+++ b/support/remote_health_monitoring/about-remote-health-monitoring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-remote-health-monitoring"]
 = About remote health monitoring
 include::_attributes/common-attributes.adoc[]
@@ -33,23 +33,29 @@ Telemetry and the Insights Operator enable the following benefits for end-users:
 
 * *Predictive analytics*. The insights displayed for your cluster on {cluster-manager-url} are enabled by the information collected from connected clusters. Red Hat is investing in applying deep learning, machine learning, and artificial intelligence automation to help identify issues that {product-title} clusters are exposed to.
 
+ifdef::openshift-rosa,openshift-dedicated[]
+On {product-title}, remote health reporting is always enabled. You cannot opt out of it.
+endif::openshift-rosa,openshift-dedicated[]
+
 ifdef::openshift-origin[]
 {product-title} may be installed without a pull secret received at console.redhat.com. In this case default imagestreams will not be imported and telemetry data will not be sent.
 endif::[]
 
 include::modules/telemetry-about-telemetry.adoc[leveloffset=+1]
 
-ifndef::openshift-dedicated[]
+ifndef::openshift-rosa,openshift-dedicated[]
 
 [role="_additional-resources"]
 .Additional resources
 
 * See the xref:../../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[{product-title} update documentation] for more information about updating or upgrading a cluster.
-endif::[]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/telemetry-what-information-is-collected.adoc[leveloffset=+2]
-
-ifndef::openshift-dedicated[]
+// Module is not in OCP
+ifdef::openshift-rosa,openshift-dedicated[]
+include::modules/telemetry-user-telemetry.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 [role="_additional-resources"]
 .Additional resources
@@ -58,42 +64,40 @@ ifndef::openshift-dedicated[]
 
 * See the link:https://github.com/openshift/cluster-monitoring-operator/blob/master/manifests/0000_50_cluster-monitoring-operator_04-config.yaml[upstream cluster-monitoring-operator source code] for a list of the attributes that Telemetry gathers from Prometheus.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * Telemetry is installed and enabled by default. If you need to opt out of remote health reporting, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting[Opting out of remote health reporting].
-endif::[]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/insights-operator-about.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
 * The Insights Operator is installed and enabled by default. If you need to opt out of remote health reporting, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting[Opting out of remote health reporting].
-
-ifdef::openshift-dedicated[]
-// TODO: When you click on that link, you actually can't opt out. Should this additional resources link be removed?
-endif::[]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/insights-operator-what-information-is-collected.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-ifndef::openshift-dedicated[]
-* See xref:../../support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.html#insights-operator-showing-data-collected-from-the-cluster_showing-data-collected-by-remote-health-monitoring[Showing data collected by the Insights Operator] for details about how to review the data that is collected by the Insights Operator.
-endif::[]
+ifndef::openshift-rosa,openshift-dedicated[]
+* See xref:../../support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc#insights-operator-showing-data-collected-from-the-cluster_showing-data-collected-by-remote-health-monitoring[Showing data collected by the Insights Operator] for details about how to review the data that is collected by the Insights Operator.
+endif::openshift-rosa,openshift-dedicated[]
 
 * The Insights Operator source code is available for review and contribution. See the link:https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md[Insights Operator upstream project] for a list of the items collected by the Insights Operator.
 
 include::modules/understanding-telemetry-and-insights-operator-data-flow.adoc[leveloffset=+1]
 
-ifndef::openshift-dedicated[]
-
 [role="_additional-resources"]
 .Additional resources
 
 * See xref:../../monitoring/monitoring-overview.adoc#monitoring-overview_monitoring-overview[Monitoring overview] for more information about the {product-title} monitoring stack.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * See xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[Configuring your firewall] for details about configuring a firewall and enabling endpoints for Telemetry and Insights
-endif::[]
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="additional-details-about-how-remote-health-monitoring-data-is-used"]
 == Additional details about how remote health monitoring data is used
@@ -116,8 +120,6 @@ Red Hat may engage certain third parties to assist in the collection, analysis,
 
 .User control / enabling and disabling telemetry and configuration data collection
 
+ifndef::openshift-rosa,openshift-dedicated[]
 You may disable {product-title} Telemetry and the Insights Operator by following the instructions in xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting[Opting out of remote health reporting].
-
-ifdef::openshift-dedicated[]
-// TODO: Same question about should this be removed or updated, since you can't actually opt out for dedicated?
-endif::[]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/support/remote_health_monitoring/enabling-remote-health-reporting.adoc b/support/remote_health_monitoring/enabling-remote-health-reporting.adoc
index 3addca1d1505..4b52b1fc24d4 100644
--- a/support/remote_health_monitoring/enabling-remote-health-reporting.adoc
+++ b/support/remote_health_monitoring/enabling-remote-health-reporting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-remote-health-reporting"]
 = Enabling remote health reporting
 include::_attributes/common-attributes.adoc[]
diff --git a/support/remote_health_monitoring/insights-operator-simple-access.adoc b/support/remote_health_monitoring/insights-operator-simple-access.adoc
index 7b8f8574d6d7..fc2051db738f 100644
--- a/support/remote_health_monitoring/insights-operator-simple-access.adoc
+++ b/support/remote_health_monitoring/insights-operator-simple-access.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="insights-operator-simple-access"]
 = Importing simple content access entitlements with Insights Operator
 include::_attributes/common-attributes.adoc[]
@@ -13,7 +13,7 @@ Insights Operator imports simple content access entitlements every eight hours,
 
 [NOTE]
 =====
-Simple content access must be enabled in Red Hat Subscription Management for the importing to function. 
+Simple content access must be enabled in Red Hat Subscription Management for the importing to function.
 =====
 
 [role="_additional-resources"]
@@ -21,8 +21,12 @@ Simple content access must be enabled in Red Hat Subscription Management for the
 
 * See link:https://access.redhat.com/documentation/en-us/subscription_central/2021/html-single/getting_started_with_simple_content_access/index#assembly-about-simplecontent[About simple content access] in the Red Hat Subscription Central documentation, for more information about simple content access.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * See xref:../../cicd/builds/running-entitled-builds.adoc[Using Red Hat subscriptions in builds] for more information about using simple content access entitlements in {product-title} builds.
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/insights-operator-configuring-sca.adoc[leveloffset=+1]
 
 include::modules/insights-operator-disabling-sca.adoc[leveloffset=+1]
+
+include::modules/insights-operator-enabling-sca.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc b/support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
index f9e5dd9a276f..3923aeb2706c 100644
--- a/support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
+++ b/support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="opting-out-remote-health-reporting"]
 = Opting out of remote health reporting
 include::_attributes/common-attributes.adoc[]
@@ -13,11 +13,7 @@ ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 You may choose to opt out of reporting health and usage data for your cluster.
 endif::[]
 
-ifdef::openshift-dedicated[]
-On {product-title}, remote health reporting is always enabled. You cannot opt out.
-
-// TODO: Is there even a reason to include this assembly for OSD? Could you remove it, and just mention in the other assemblies that you can't opt out?
-endif::[]
+// moved OSD note on not able to opt out to about telemetery
 
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 
@@ -30,6 +26,13 @@ include::modules/telemetry-consequences-of-disabling-telemetry.adoc[leveloffset=
 
 include::modules/insights-operator-new-pull-secret-disabled.adoc[leveloffset=+1]
 
+include::modules/insights-operator-register-disconnected-cluster.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#telemetry-consequences-of-disabling-telemetry_opting-out-remote-health-reporting[Consequences of disabling remote health reporting]
+* link:https://access.redhat.com/documentation/en-us/subscription_central/2023/html/getting_started_with_the_subscriptions_service/con-how-does-subscriptionwatch-show-data_assembly-viewing-understanding-subscriptionwatch-data-ctxt[How does the subscriptions service show my subscription data?](Getting Started with the Subscription Service)
+
 include::modules/images-update-global-pull-secret.adoc[leveloffset=+1]
 
 endif::[]
diff --git a/support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc b/support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
index 64d76d1d4cf1..7e951eee22a9 100644
--- a/support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
+++ b/support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="remote-health-reporting-from-restricted-network"]
 = Using remote health reporting in a restricted network
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,6 @@ To use the Insights Operator in a restricted network, you must:
 
 Additionally, you can choose to xref:../../support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc#insights-operator-enable-obfuscation_remote-health-reporting-from-restricted-network[obfuscate] the Insights Operator data before upload.
 
-
 include::modules/insights-operator-one-time-gather.adoc[leveloffset=+1]
 
 include::modules/insights-operator-manual-upload.adoc[leveloffset=+1]
diff --git a/support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc b/support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
index d4ac74ca6eb0..2844c800ae1a 100644
--- a/support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
+++ b/support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="showing-data-collected-by-remote-health-monitoring"]
 = Showing data collected by remote health monitoring
 include::_attributes/common-attributes.adoc[]
@@ -13,4 +13,7 @@ As an administrator, you can review the metrics collected by Telemetry and the I
 
 include::modules/telemetry-showing-data-collected-from-the-cluster.adoc[leveloffset=+1]
 
+// cannot create resource "pods/exec" in API group "" in the namespace "openshift-insights"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/insights-operator-showing-data-collected-from-the-cluster.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/support/remote_health_monitoring/using-insights-operator.adoc b/support/remote_health_monitoring/using-insights-operator.adoc
index 8dbf61dab6ab..64b51f91dd78 100644
--- a/support/remote_health_monitoring/using-insights-operator.adoc
+++ b/support/remote_health_monitoring/using-insights-operator.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-insights-operator"]
-= Using Insights Operator
+= Using the Insights Operator
 include::_attributes/common-attributes.adoc[]
 ifdef::openshift-dedicated[]
 include::_attributes/attributes-openshift-dedicated.adoc[]
@@ -14,13 +14,46 @@ The Insights Operator periodically gathers configuration and component failure s
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * The Insights Operator is installed and enabled by default. If you need to opt out of remote health reporting, see xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting[Opting out of remote health reporting].
+endif::openshift-rosa,openshift-dedicated[]
 
 * For more information on using Insights Advisor to identify issues with your cluster, see xref:../../support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc#using-insights-to-identify-issues-with-your-cluster[Using Insights to identify issues with your cluster].
 
 include::modules/understanding-insights-operator-alerts.adoc[leveloffset=+1]
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/disabling-insights-operator-alerts.adoc[leveloffset=+1]
+include::modules/enabling-insights-operator-alerts.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+// cannot create resource "pods/exec" in API group "" in the namespace "openshift-insights"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/insights-operator-downloading-archive.adoc[leveloffset=+1]
+// cannot download archive using previous module
 include::modules/insights-operator-gather-duration.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+// InsightsDataGather is a Tech Preview feature. When the feature goes GA, verify if it can be added to ROSA/OSD.
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/disabling-insights-operator-gather.adoc[leveloffset=+1]
+include::modules/enabling-insights-operator-gather.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+// tech preview feature
+ifndef::openshift-rosa,openshift-dedicated[]
+[id="running-insights-operator-gather_using-insights-operator"]
+== Running an Insights Operator gather operation
+
+You can run Insights Operator data gather operations on demand. The following procedures describe how to run the default list of gather operations using the OpenShift web console or CLI. You can customize the on demand gather function to exclude any gather operations you choose. Disabling gather operations from the default list degrades Insights Advisor's ability to offer effective recommendations for your cluster. If you have previously disabled Insights Operator gather operations in your cluster, this procedure will override those parameters.
+
+:FeatureName: The `DataGather` custom resource
+include::snippets/technology-preview.adoc[]
+
+[NOTE]
+====
+If you enable Technology Preview in your cluster, the Insights Operator runs gather operations in individual pods. This is part of the Technology Preview feature set for the Insights Operator and supports the new data gathering features.
+====
+include::modules/running-insights-operator-gather-web-console.adoc[leveloffset=+2]
+include::modules/running-insights-operator-gather-cli.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
+// cannot list resource "secrets" in API group "" in the namespace "openshift-config"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/insights-operator-configuring.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc b/support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
index 414b79b86ea9..7e622370e030 100644
--- a/support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
+++ b/support/remote_health_monitoring/using-insights-to-identify-issues-with-your-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-insights-to-identify-issues-with-your-cluster"]
 = Using Insights to identify issues with your cluster
 include::_attributes/common-attributes.adoc[]
@@ -15,6 +15,9 @@ include::modules/insights-operator-advisor-overview.adoc[leveloffset=+1]
 include::modules/insights-operator-advisor-recommendations.adoc[leveloffset=+1]
 include::modules/displaying-potential-issues-with-your-cluster.adoc[leveloffset=+1]
 include::modules/displaying-all-insights-advisor-recommendations.adoc[leveloffset=+1]
+include::modules/insights-advisor-recommendations-filters.adoc[leveloffset=+1]
+include::modules/filtering-insights-advisor-recommendations.adoc[leveloffset=+2]
+include::modules/removing-filters-from-insights-advisor-recommendations.adoc[leveloffset=+2]
 include::modules/disabling-insights-advisor-recommendations.adoc[leveloffset=+1]
 include::modules/enabling-insights-advisor-recommendations.adoc[leveloffset=+1]
 include::modules/displaying-the-insights-status-in-the-web-console.adoc[leveloffset=+1]
diff --git a/support/summarizing-cluster-specifications.adoc b/support/summarizing-cluster-specifications.adoc
index 5c7495db81be..bc29abb1d70a 100644
--- a/support/summarizing-cluster-specifications.adoc
+++ b/support/summarizing-cluster-specifications.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="summarizing-cluster-specifications"]
 = Summarizing cluster specifications
 include::_attributes/common-attributes.adoc[]
diff --git a/support/troubleshooting/diagnosing-oc-issues.adoc b/support/troubleshooting/diagnosing-oc-issues.adoc
index d292820b428d..526fc23a31c8 100644
--- a/support/troubleshooting/diagnosing-oc-issues.adoc
+++ b/support/troubleshooting/diagnosing-oc-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="diagnosing-oc-issues"]
 = Diagnosing OpenShift CLI (`oc`) issues
 include::_attributes/common-attributes.adoc[]
diff --git a/support/troubleshooting/investigating-monitoring-issues.adoc b/support/troubleshooting/investigating-monitoring-issues.adoc
index 3c0a9304f1d0..38fc61b2baf1 100644
--- a/support/troubleshooting/investigating-monitoring-issues.adoc
+++ b/support/troubleshooting/investigating-monitoring-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="investigating-monitoring-issues"]
 = Investigating monitoring issues
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-{product-title} includes a pre-configured, pre-installed, and self-updating monitoring stack that provides monitoring for core platform components. In {product-title} {product-version}, cluster administrators can optionally enable monitoring for user-defined projects.
+{product-title} includes a preconfigured, preinstalled, and self-updating monitoring stack that provides monitoring for core platform components. In {product-title} {product-version}, cluster administrators can optionally enable monitoring for user-defined projects.
 
 // Note - please update the following sentence if you add further modules to this assembly.
 You can follow these procedures if your own metrics are unavailable or if Prometheus is consuming a lot of disk space.
@@ -19,7 +19,7 @@ include::modules/monitoring-investigating-why-user-defined-metrics-are-unavailab
 
 * xref:../../monitoring/configuring-the-monitoring-stack.adoc#creating-user-defined-workload-monitoring-configmap_configuring-the-monitoring-stack[Creating a user-defined workload monitoring config map]
 * See xref:../../monitoring/managing-metrics.adoc#specifying-how-a-service-is-monitored_managing-metrics[Specifying how a service is monitored] for details on how to create a service monitor or pod monitor
-* See xref:../../monitoring/managing-metrics-targets.adoc#monitoring-accessing-the-metrics-targets-page_managing-metrics-targets[Accessing metrics targets in the Administrator perspective]
+* See xref:../../monitoring/managing-metrics.adoc#getting-detailed-information-about-a-target_managing-metrics[Getting detailed information about a metrics target]
 
 // Determining why Prometheus is consuming a lot of disk space
 include::modules/monitoring-determining-why-prometheus-is-consuming-disk-space.adoc[leveloffset=+1]
diff --git a/support/troubleshooting/investigating-pod-issues.adoc b/support/troubleshooting/investigating-pod-issues.adoc
index a03b7d618226..67860e98e0af 100644
--- a/support/troubleshooting/investigating-pod-issues.adoc
+++ b/support/troubleshooting/investigating-pod-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="investigating-pod-issues"]
 = Investigating pod issues
 include::_attributes/common-attributes.adoc[]
diff --git a/sd_support/osd-managed-resources.adoc b/support/troubleshooting/osd-managed-resources.adoc
similarity index 98%
rename from sd_support/osd-managed-resources.adoc
rename to support/troubleshooting/osd-managed-resources.adoc
index 0e6c53a37288..cb47fcfd4339 100644
--- a/sd_support/osd-managed-resources.adoc
+++ b/support/troubleshooting/osd-managed-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-managed-resources"]
 = {product-title} managed resources
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/sd_support/rosa-managed-resources.adoc b/support/troubleshooting/rosa-managed-resources.adoc
similarity index 98%
rename from sd_support/rosa-managed-resources.adoc
rename to support/troubleshooting/rosa-managed-resources.adoc
index a0f51b47de79..75a293bc3a3d 100644
--- a/sd_support/rosa-managed-resources.adoc
+++ b/support/troubleshooting/rosa-managed-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-managed-resources"]
 = {product-title} managed resources
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/sd_support/rosa-troubleshooting-deployments.adoc b/support/troubleshooting/rosa-troubleshooting-deployments.adoc
similarity index 94%
rename from sd_support/rosa-troubleshooting-deployments.adoc
rename to support/troubleshooting/rosa-troubleshooting-deployments.adoc
index f3fe5dbb30af..c978891236a4 100644
--- a/sd_support/rosa-troubleshooting-deployments.adoc
+++ b/support/troubleshooting/rosa-troubleshooting-deployments.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-troubleshooting-cluster-deployments"]
 = Troubleshooting cluster deployments
diff --git a/sd_support/rosa-troubleshooting-expired-tokens.adoc b/support/troubleshooting/rosa-troubleshooting-expired-tokens.adoc
similarity index 88%
rename from sd_support/rosa-troubleshooting-expired-tokens.adoc
rename to support/troubleshooting/rosa-troubleshooting-expired-tokens.adoc
index b5a7c6807be2..2154dd78b6e7 100644
--- a/sd_support/rosa-troubleshooting-expired-tokens.adoc
+++ b/support/troubleshooting/rosa-troubleshooting-expired-tokens.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-troubleshooting-expired-tokens"]
 = Troubleshooting expired tokens
diff --git a/sd_support/rosa-troubleshooting-iam-resources.adoc b/support/troubleshooting/rosa-troubleshooting-iam-resources.adoc
similarity index 94%
rename from sd_support/rosa-troubleshooting-iam-resources.adoc
rename to support/troubleshooting/rosa-troubleshooting-iam-resources.adoc
index 2b78f84d920e..8c8521c5a30a 100644
--- a/sd_support/rosa-troubleshooting-iam-resources.adoc
+++ b/support/troubleshooting/rosa-troubleshooting-iam-resources.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/attributes-openshift-dedicated.adoc[]
 [id="rosa-troubleshooting-iam-resources"]
 = Troubleshooting IAM roles
diff --git a/support/troubleshooting/rosa-troubleshooting-installations.adoc b/support/troubleshooting/rosa-troubleshooting-installations.adoc
new file mode 100644
index 000000000000..7852aaa9631c
--- /dev/null
+++ b/support/troubleshooting/rosa-troubleshooting-installations.adoc
@@ -0,0 +1,9 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-troubleshooting-installations"]
+= Troubleshooting {product-title} installations
+:context: rosa-troubleshooting-installations
+
+toc::[]
+
+include::modules/rosa-troubleshooting-installing.adoc[leveloffset=+1]
diff --git a/support/troubleshooting/rosa-troubleshooting-networking.adoc b/support/troubleshooting/rosa-troubleshooting-networking.adoc
new file mode 100644
index 000000000000..d8e4049e9a88
--- /dev/null
+++ b/support/troubleshooting/rosa-troubleshooting-networking.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+include::_attributes/attributes-openshift-dedicated.adoc[]
+[id="rosa-troubleshooting-networking"]
+= Troubleshooting networking
+:context: rosa-troubleshooting-networking
+
+toc::[]
+
+This document describes how to troubleshoot networking errors.
+
+include::modules/rosa-troubleshooting-networking-nlb.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/support/troubleshooting/troubleshooting-crio-issues.adoc b/support/troubleshooting/troubleshooting-crio-issues.adoc
index 3529e8aa2b54..6dba73c4b074 100644
--- a/support/troubleshooting/troubleshooting-crio-issues.adoc
+++ b/support/troubleshooting/troubleshooting-crio-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-crio-issues"]
 = Troubleshooting CRI-O container runtime issues
 include::_attributes/common-attributes.adoc[]
@@ -12,8 +12,11 @@ include::modules/about-crio.adoc[leveloffset=+1]
 // Verifying CRI-O runtime engine status
 include::modules/verifying-crio-status.adoc[leveloffset=+1]
 
+// Prevented from accessing Red Hat managed resources
+ifndef::openshift-rosa,openshift-dedicated[]
 // Gathering CRI-O journald unit logs
 include::modules/gathering-crio-logs.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
 // Cleaning CRI-O storage
 include::modules/cleaning-crio-storage.adoc[leveloffset=+1]
diff --git a/support/troubleshooting/troubleshooting-installations.adoc b/support/troubleshooting/troubleshooting-installations.adoc
index 960c95495458..7f341e4d80b5 100644
--- a/support/troubleshooting/troubleshooting-installations.adoc
+++ b/support/troubleshooting/troubleshooting-installations.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-installations"]
 = Troubleshooting installations
 include::_attributes/common-attributes.adoc[]
@@ -45,9 +45,11 @@ include::modules/querying-operator-status-after-installation.adoc[leveloffset=+1
 // Gathering logs from a failed installation
 include::modules/installation-bootstrap-gather.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 == Additional resources
 
 * See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more details on {product-title} installation types and process.
+endif::openshift-rosa,openshift-dedicated[]
 
 // TODO: xref to UPI recommendations for respective versions, with ifdefs.
diff --git a/support/troubleshooting/troubleshooting-network-issues.adoc b/support/troubleshooting/troubleshooting-network-issues.adoc
index 7adaa620451e..2df95543a80f 100644
--- a/support/troubleshooting/troubleshooting-network-issues.adoc
+++ b/support/troubleshooting/troubleshooting-network-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-network-issues"]
 = Troubleshooting network issues
 include::_attributes/common-attributes.adoc[]
diff --git a/support/troubleshooting/troubleshooting-operating-system-issues.adoc b/support/troubleshooting/troubleshooting-operating-system-issues.adoc
index 14b3600c1b06..f5cf34a39988 100644
--- a/support/troubleshooting/troubleshooting-operating-system-issues.adoc
+++ b/support/troubleshooting/troubleshooting-operating-system-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-operating-system-issues"]
 = Troubleshooting operating system issues
 include::_attributes/common-attributes.adoc[]
diff --git a/support/troubleshooting/troubleshooting-operator-issues.adoc b/support/troubleshooting/troubleshooting-operator-issues.adoc
index a836e0dd020e..d96ec389f167 100644
--- a/support/troubleshooting/troubleshooting-operator-issues.adoc
+++ b/support/troubleshooting/troubleshooting-operator-issues.adoc
@@ -1,9 +1,11 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-operator-issues"]
 = Troubleshooting Operator issues
 include::_attributes/common-attributes.adoc[]
 :context: troubleshooting-operator-issues
 
+// This assembly is duplicated in operators/admin/olm-troubleshooting-operator-issues.adoc.
+
 toc::[]
 
 Operators are a method of packaging, deploying, and managing an {product-title} application. They act like an extension of the software vendor's engineering team, watching over an {product-title} environment and using its current state to make decisions in real time. Operators are designed to handle upgrades seamlessly, react to failures automatically, and not take shortcuts, such as skipping a software backup process to save time.
@@ -16,6 +18,10 @@ If you experience Operator issues, verify Operator subscription status. Check Op
 
 // Operator subscription condition types
 include::modules/olm-status-conditions.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-cs-health_olm-understanding-olm[Catalog health requirements]
 
 // Viewing Operator subscription status by using the CLI
 include::modules/olm-status-viewing-cli.adoc[leveloffset=+1]
@@ -26,9 +32,13 @@ include::modules/olm-cs-status-cli.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource_olm-understanding-olm[Operator Lifecycle Manager concepts and resources -> Catalog source]
+endif::openshift-rosa,openshift-dedicated[]
 * gRPC documentation: link:https://grpc.github.io/grpc/core/md_doc_connectivity-semantics-and-api.html[States of Connectivity]
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries]
+endif::openshift-rosa,openshift-dedicated[]
 
 // Querying Operator Pod status
 include::modules/querying-operator-pod-status.adoc[leveloffset=+1]
@@ -36,21 +46,32 @@ include::modules/querying-operator-pod-status.adoc[leveloffset=+1]
 // Gathering Operator logs
 include::modules/gathering-operator-logs.adoc[leveloffset=+1]
 
+// cannot patch resource "machineconfigpools"
+ifndef::openshift-rosa,openshift-dedicated[]
 // Disabling Machine Config Operator from autorebooting
 include::modules/troubleshooting-disabling-autoreboot-mco.adoc[leveloffset=+1]
 include::modules/troubleshooting-disabling-autoreboot-mco-console.adoc[leveloffset=+2]
 include::modules/troubleshooting-disabling-autoreboot-mco-cli.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 // Refreshing failing subscriptions
+// cannot delete resource "clusterserviceversions", "jobs" in API group "operators.coreos.com" in the namespace "openshift-apiserver"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/olm-refresh-subs.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
 // Reinstalling Operators after failed uninstallation
+// cannot delete resource "customresourcedefinitions"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/olm-reinstall.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 
 * xref:../../operators/admin/olm-deleting-operators-from-cluster.adoc#olm-deleting-operators-from-a-cluster[Deleting Operators from a cluster]
 * xref:../../operators/admin/olm-adding-operators-to-cluster.adoc#olm-adding-operators-to-a-cluster[Adding Operators to a cluster]
-
+endif::openshift-rosa,openshift-dedicated[]
 
 
diff --git a/support/troubleshooting/troubleshooting-s2i.adoc b/support/troubleshooting/troubleshooting-s2i.adoc
index fc4c273ad77a..dc1e4bf9abf6 100644
--- a/support/troubleshooting/troubleshooting-s2i.adoc
+++ b/support/troubleshooting/troubleshooting-s2i.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-s2i"]
 = Troubleshooting the Source-to-Image process
 include::_attributes/common-attributes.adoc[]
@@ -15,7 +15,9 @@ include::modules/gathering-s2i-diagnostic-data.adoc[leveloffset=+1]
 // Gathering application diagnostic data to investigate application failures
 include::modules/gathering-application-diagnostic-data.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 == Additional resources
 
 * See xref:../../cicd/builds/build-strategies.adoc#build-strategy-s2i_build-strategies[Source-to-Image (S2I) build] for more details about the S2I build strategy.
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/support/troubleshooting/troubleshooting-storage-issues.adoc b/support/troubleshooting/troubleshooting-storage-issues.adoc
index 97254ac42b3b..44505ff0e16c 100644
--- a/support/troubleshooting/troubleshooting-storage-issues.adoc
+++ b/support/troubleshooting/troubleshooting-storage-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-storage-issues"]
 = Troubleshooting storage issues
 include::_attributes/common-attributes.adoc[]
diff --git a/support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc b/support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
index 0f1b1b558801..f68488a6226d 100644
--- a/support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
+++ b/support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-windows-container-workload-issues"]
 = Troubleshooting Windows container workload issues
 include::_attributes/common-attributes.adoc[]
diff --git a/support/troubleshooting/verifying-node-health.adoc b/support/troubleshooting/verifying-node-health.adoc
index 707df7a06d8a..ea0503438e17 100644
--- a/support/troubleshooting/verifying-node-health.adoc
+++ b/support/troubleshooting/verifying-node-health.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="verifying-node-health"]
 = Verifying node health
 include::_attributes/common-attributes.adoc[]
@@ -9,8 +9,13 @@ toc::[]
 // Reviewing node status, resource usage, and configuration
 include::modules/reviewing-node-status-usage-and-configuration.adoc[leveloffset=+1]
 
+// cannot create resource "namespaces"
+ifndef::openshift-rosa,openshift-dedicated[]
 // Querying the kubelet's status on a node
 include::modules/querying-kubelet-status-on-a-node.adoc[leveloffset=+1]
 
+// cannot get resource "nodes/proxy"
 // Querying node journal logs
 include::modules/querying-cluster-node-journal-logs.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
+
diff --git a/telco_ref_design_specs/_attributes b/telco_ref_design_specs/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/telco_ref_design_specs/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/telco_ref_design_specs/core/_attributes b/telco_ref_design_specs/core/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/telco_ref_design_specs/core/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/telco_ref_design_specs/core/images b/telco_ref_design_specs/core/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/telco_ref_design_specs/core/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/telco_ref_design_specs/core/modules b/telco_ref_design_specs/core/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/telco_ref_design_specs/core/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/telco_ref_design_specs/core/snippets b/telco_ref_design_specs/core/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/telco_ref_design_specs/core/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/telco_ref_design_specs/core/telco-core-rds-overview.adoc b/telco_ref_design_specs/core/telco-core-rds-overview.adoc
new file mode 100644
index 000000000000..342dad622895
--- /dev/null
+++ b/telco_ref_design_specs/core/telco-core-rds-overview.adoc
@@ -0,0 +1,14 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-core:
+[id="telco-core-ref-design-overview"]
+= {rds-caps} {product-version} reference design overview
+:context: core-ref-design-overview
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The {rds} reference design specification (RDS) configures a {product-title} cluster running on commodity hardware to host {rds} workloads.
+
+include::modules/telco-core-414-whats-new-ref-design.adoc[leveloffset=+1]
+
+:!telco-core:
diff --git a/telco_ref_design_specs/core/telco-core-rds-use-cases.adoc b/telco_ref_design_specs/core/telco-core-rds-use-cases.adoc
new file mode 100644
index 000000000000..1c2e17f5422a
--- /dev/null
+++ b/telco_ref_design_specs/core/telco-core-rds-use-cases.adoc
@@ -0,0 +1,26 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-core:
+[id="telco-ran-rds-overview"]
+= {rds-caps} {product-version} use model overview
+:context: ran-core-design-overview
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The {rds-caps} reference design specification (RDS) describes a platform that supports large-scale telco applications including control plane functions such as signaling and aggregation. It also includes some centralized data plane functions, for example, user plane functions (UPF). These functions generally require scalability, complex networking support, resilient software-defined storage, and support performance requirements that are less stringent and constrained than far-edge deployments like RAN.
+
+.Telco core use model architecture
+image:473_OpenShift_Telco_Core_Reference_arch_1123.png[Use model architecture]
+
+The networking prerequisites for {rds} functions are diverse and encompass an array of networking attributes and performance benchmarks. IPv6 is mandatory, with dual-stack configurations being prevalent. Certain functions demand maximum throughput and transaction rates, necessitating user plane networking support such as DPDK. Other functions adhere to conventional cloud-native patterns and can use solutions such as OVN-K, kernel networking, and load balancing.
+
+{rds-caps} clusters are configured as standard three control plane clusters with worker nodes configured with the stock non real-time (RT) kernel. To support workloads with varying networking and performance requirements, worker nodes are segmented using `MachineConfigPool` CRs. For example, this is done to separate non-user data plane nodes from high-throughput nodes. To support the required telco operational features, the clusters have a standard set of Operator Lifecycle Manager (OLM) Day 2 Operators installed.
+
+include::modules/telco-core-ref-design-baseline-model.adoc[leveloffset=+1]
+
+include::modules/telco-core-ref-eng-usecase-model.adoc[leveloffset=+2]
+
+include::modules/telco-core-ref-application-workloads.adoc[leveloffset=+2]
+
+:!telco-core:
+
diff --git a/telco_ref_design_specs/core/telco-core-ref-crs.adoc b/telco_ref_design_specs/core/telco-core-ref-crs.adoc
new file mode 100644
index 000000000000..41194dafdc15
--- /dev/null
+++ b/telco_ref_design_specs/core/telco-core-ref-crs.adoc
@@ -0,0 +1,41 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-core:
+[id="telco-core-ref-du-crs"]
+= {rds-caps} {product-version} reference configuration CRs
+:context: ran-core-ref-design-crs
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+Use the following custom resources (CRs) to configure and deploy {product-title} clusters with the {rds} profile.
+Use the CRs to form the common baseline used in all the specific use models unless otherwise indicated.
+
+[NOTE]
+====
+The {rds} CRs are available in link:https://github.com/openshift-kni/telco-reference/tree/release-4.14[GitHub].
+====
+
+include::modules/telco-core-crs-resource-tuning.adoc[leveloffset=+1]
+
+include::modules/telco-core-crs-storage.adoc[leveloffset=+1]
+
+include::modules/telco-core-crs-networking.adoc[leveloffset=+1]
+
+include::modules/telco-core-crs-scheduling.adoc[leveloffset=+1]
+
+include::modules/telco-core-crs-other.adoc[leveloffset=+1]
+
+[id="telco-reference-core-use-case-yaml_{context}"]
+== YAML reference
+
+include::modules/telco-core-yaml-ref-resource-tuning.adoc[leveloffset=+2]
+
+include::modules/telco-core-yaml-ref-storage.adoc[leveloffset=+2]
+
+include::modules/telco-core-yaml-ref-networking.adoc[leveloffset=+2]
+
+include::modules/telco-core-yaml-ref-scheduling.adoc[leveloffset=+2]
+
+include::modules/telco-core-yaml-ref-other.adoc[leveloffset=+2]
+
+:!telco-core:
diff --git a/telco_ref_design_specs/core/telco-core-ref-design-components.adoc b/telco_ref_design_specs/core/telco-core-ref-design-components.adoc
new file mode 100644
index 000000000000..233547ac20d7
--- /dev/null
+++ b/telco_ref_design_specs/core/telco-core-ref-design-components.adoc
@@ -0,0 +1,49 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-core:
+[id="telco-core-ref-components"]
+= {rds-caps} reference design components
+:context: core-ref-design-components
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The following sections describe the various {product-title} components and configurations that you use to configure and deploy clusters to run {rds} workloads.
+
+include::modules/telco-core-cpu-partitioning-performance-tune.adoc[leveloffset=+1]
+
+include::modules/telco-core-service-mesh.adoc[leveloffset=+1]
+
+include::modules/telco-core-rds-networking.adoc[leveloffset=+1]
+
+include::modules/telco-core-cluster-network-operator.adoc[leveloffset=+2]
+
+include::modules/telco-core-load-balancer.adoc[leveloffset=+2]
+
+include::modules/telco-core-sriov.adoc[leveloffset=+2]
+
+include::modules/telco-nmstate-operator.adoc[leveloffset=+2]
+
+include::modules/telco-core-logging.adoc[leveloffset=+1]
+
+include::modules/telco-core-power-management.adoc[leveloffset=+1]
+
+include::modules/telco-core-storage.adoc[leveloffset=+1]
+
+include::modules/telco-core-monitoring.adoc[leveloffset=+1]
+
+include::modules/telco-core-scheduling.adoc[leveloffset=+1]
+
+include::modules/telco-core-installation.adoc[leveloffset=+1]
+
+include::modules/telco-core-security.adoc[leveloffset=+1]
+
+include::modules/telco-core-scalability.adoc[leveloffset=+1]
+
+[id="telco-core-additional-config"]
+== Additional configuration
+
+include::modules/telco-core-rds-disconnected.adoc[leveloffset=+2]
+
+include::modules/telco-core-kernel.adoc[leveloffset=+2]
+
+:!telco-core:
diff --git a/telco_ref_design_specs/images b/telco_ref_design_specs/images
new file mode 120000
index 000000000000..e4c5bd02a10a
--- /dev/null
+++ b/telco_ref_design_specs/images
@@ -0,0 +1 @@
+../images/
\ No newline at end of file
diff --git a/telco_ref_design_specs/modules b/telco_ref_design_specs/modules
new file mode 120000
index 000000000000..43aab75b53c9
--- /dev/null
+++ b/telco_ref_design_specs/modules
@@ -0,0 +1 @@
+../modules/
\ No newline at end of file
diff --git a/telco_ref_design_specs/ran/_attributes b/telco_ref_design_specs/ran/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/telco_ref_design_specs/ran/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/telco_ref_design_specs/ran/images b/telco_ref_design_specs/ran/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/telco_ref_design_specs/ran/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/telco_ref_design_specs/ran/modules b/telco_ref_design_specs/ran/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/telco_ref_design_specs/ran/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/telco_ref_design_specs/ran/snippets b/telco_ref_design_specs/ran/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/telco_ref_design_specs/ran/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/telco_ref_design_specs/ran/telco-ran-du-overview.adoc b/telco_ref_design_specs/ran/telco-ran-du-overview.adoc
new file mode 100644
index 000000000000..248426b7f92d
--- /dev/null
+++ b/telco_ref_design_specs/ran/telco-ran-du-overview.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-ran:
+[id="telco-ran-du-overview"]
+= {rds-caps} use model overview
+:context: ran-ref-design-overview
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+Use the following information to plan {rds} workloads, cluster resources, and hardware specifications for the hub cluster and managed {sno} clusters.
+
+include::modules/telco-ran-du-application-workloads.adoc[leveloffset=+1]
+
+include::modules/telco-reference-application-workload-characteristics.adoc[leveloffset=+1]
+
+include::modules/telco-ran-managed-cluster-resources.adoc[leveloffset=+1]
+
+include::modules/telco-ran-hub-cluster-management.adoc[leveloffset=+1]
+
+include::modules/telco-ran-du-reference-components.adoc[leveloffset=+1]
+
+include::modules/telco-ran-measured-kpi-results.adoc[leveloffset=+1]
+
+:!telco-ran:
diff --git a/telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc b/telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
new file mode 100644
index 000000000000..34bcb0fc4184
--- /dev/null
+++ b/telco_ref_design_specs/ran/telco-ran-ref-design-spec.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-ran:
+[id="telco-ran-ref-design-spec"]
+= {rds-caps} {product-version} reference design overview
+:context: ran-ref-design-spec
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The {rds-first} {product-version} reference design configures an {product-title} {product-version} cluster running on commodity hardware to host {rds} workloads.
+It captures the recommended, tested, and supported configurations to get reliable and repeatable performance for a cluster running the {rds} profile.
+
+include::modules/telco-ran-414-ref-design-features.adoc[leveloffset=+1]
+
+include::modules/telco-ran-architecture-overview.adoc[leveloffset=+1]
+
+:!telco-ran:
diff --git a/telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc b/telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
new file mode 100644
index 000000000000..757a1d23e4db
--- /dev/null
+++ b/telco_ref_design_specs/ran/telco-ran-ref-du-components.adoc
@@ -0,0 +1,52 @@
+:_mod-docs-content-type: ASSEMBLY
+:telco-ran:
+[id="telco-ran-ref-du-components"]
+= {rds-caps} {product-version} reference design components
+:context: ran-ref-design-components
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The following sections describe the various {product-title} components and configurations that you use to configure and deploy clusters to run RAN DU workloads.
+
+include::modules/telco-ran-bios-tuning.adoc[leveloffset=+1]
+
+include::modules/telco-ran-node-tuning-operator.adoc[leveloffset=+1]
+
+include::modules/telco-ran-ptp-operator.adoc[leveloffset=+1]
+
+include::modules/telco-ran-sr-iov-operator.adoc[leveloffset=+1]
+
+include::modules/telco-ran-logging.adoc[leveloffset=+1]
+
+include::modules/telco-ran-sriov-fec-operator.adoc[leveloffset=+1]
+
+include::modules/telco-ran-local-storage-operator.adoc[leveloffset=+1]
+
+include::modules/telco-ran-lvms-operator.adoc[leveloffset=+1]
+
+include::modules/telco-ran-workload-partitioning.adoc[leveloffset=+1]
+
+include::modules/telco-ran-cluster-tuning.adoc[leveloffset=+1]
+
+include::modules/telco-ran-machine-configuration.adoc[leveloffset=+1]
+
+[id="telco-reference-ran-du-deployment-components_{context}"]
+== Reference design deployment components
+
+The following sections describe the various {product-title} components and configurations that you use to configure the hub cluster with {rh-rhacm-first}.
+
+include::modules/telco-ran-red-hat-advanced-cluster-management-rhacm.adoc[leveloffset=+2]
+
+include::modules/telco-ran-topology-aware-lifecycle-manager-talm.adoc[leveloffset=+2]
+
+include::modules/telco-ran-gitops-operator-and-ztp-plugins.adoc[leveloffset=+2]
+
+include::modules/telco-ran-agent-based-installer-abi.adoc[leveloffset=+2]
+
+[id="telco-ran-additional-components_{context}"]
+== Additional components
+
+include::modules/telco-ran-redfish-operator.adoc[leveloffset=+2]
+
+:!telco-ran:
diff --git a/telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc b/telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
new file mode 100644
index 000000000000..dff1e86dd631
--- /dev/null
+++ b/telco_ref_design_specs/ran/telco-ran-ref-du-crs.adoc
@@ -0,0 +1,37 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="telco-ran-ref-du-crs"]
+= {rds-first} reference configuration CRs
+:telco-ran:
+:context: ran-ref-design-crs
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+Use the following custom resources (CRs) to configure and deploy {product-title} clusters with the {rds} profile.
+Some of the CRs are optional depending on your requirements.
+CR fields you can change are annotated in the CR with YAML comments.
+
+[NOTE]
+====
+You can extract the complete set of RAN DU CRs from the `ztp-site-generate` container image.
+See link:https://docs.openshift.com/container-platform/latest/scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.html#ztp-preparing-the-ztp-git-repository_ztp-preparing-the-hub-cluster[Preparing the GitOps ZTP site configuration repository] for more information.
+====
+
+include::modules/telco-ran-crs-day-2-operators.adoc[leveloffset=+1]
+
+include::modules/telco-ran-crs-cluster-tuning.adoc[leveloffset=+1]
+
+include::modules/telco-ran-crs-machine-configuration.adoc[leveloffset=+1]
+
+[id="telco-reference-ran-du-use-case-yaml_{context}"]
+== YAML reference
+
+The following is a complete reference for all the custom resources (CRs) that make up the {rds} {product-version} reference configuration.
+
+include::modules/telco-ran-yaml-ref-day-2-operators.adoc[leveloffset=+2]
+
+include::modules/telco-ran-yaml-ref-cluster-tuning.adoc[leveloffset=+2]
+
+include::modules/telco-ran-yaml-ref-machine-configuration.adoc[leveloffset=+2]
+
+:!telco-ran:
diff --git a/telco_ref_design_specs/ran/telco-ran-ref-software-artifacts.adoc b/telco_ref_design_specs/ran/telco-ran-ref-software-artifacts.adoc
new file mode 100644
index 000000000000..4da502b26b24
--- /dev/null
+++ b/telco_ref_design_specs/ran/telco-ran-ref-software-artifacts.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="telco-ran-ref-software-artifacts"]
+= Telco RAN DU reference configuration software specifications
+:context: ran-ref-design-validation
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The following information describes the telco RAN DU reference design specification (RDS) validated software versions.
+
+include::modules/ztp-telco-ran-software-versions.adoc[leveloffset=+1]
diff --git a/telco_ref_design_specs/snippets b/telco_ref_design_specs/snippets
new file mode 120000
index 000000000000..9d58b92e5058
--- /dev/null
+++ b/telco_ref_design_specs/snippets
@@ -0,0 +1 @@
+../snippets/
\ No newline at end of file
diff --git a/telco_ref_design_specs/telco-ref-design-specs-overview.adoc b/telco_ref_design_specs/telco-ref-design-specs-overview.adoc
new file mode 100644
index 000000000000..7fff8bfaeeb3
--- /dev/null
+++ b/telco_ref_design_specs/telco-ref-design-specs-overview.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="telco-ref-design-specs-overview"]
+= Telco core and RAN DU reference design specifications
+:context: telco_ref_design_specs
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+The telco core reference design specification (RDS) describes {product-title} {product-version} clusters running on commodity hardware that can support large scale telco applications including control plane and some centralized data plane functions.
+
+The telco RAN RDS describes the configuration for clusters running on commodity hardware to host 5G workloads in the Radio Access Network (RAN).
+
+include::modules/telco-ref-design-overview.adoc[leveloffset=+1]
+
+include::modules/telco-ran-core-ref-design-spec.adoc[leveloffset=+1]
+
+include::modules/telco-deviations-from-the-ref-design.adoc[leveloffset=+1]
diff --git a/updating/index.adoc b/updating/index.adoc
index 11b872541614..5ee4b0d6be2c 100644
--- a/updating/index.adoc
+++ b/updating/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-clusters-overview"]
 = Updating clusters overview
 include::_attributes/common-attributes.adoc[]
@@ -8,43 +8,13 @@ toc::[]
 
 You can update an {product-title} 4 cluster with a single operation by using the web console or the OpenShift CLI (`oc`).
 
-ifndef::openshift-origin[]
-[id="updating-clusters-overview-understanding-container-platform-updates"]
-== Understanding OpenShift Container Platform updates
-xref:../updating/understanding_updates/intro-to-updates.adoc#update-service-about_understanding-openshift-updates[About the OpenShift Update Service]: For clusters with internet access, Red Hat provides over-the-air updates by using an {product-title} update service as a hosted service located behind public APIs.
-endif::openshift-origin[]
-
-[id="updating-clusters-overview-upgrade-channels-and-releases"]
+[id="updating-clusters-overview-update-channels-and-releases"]
 == Understanding update channels and releases
-ifndef::openshift-origin[]
-xref:../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Update channels and releases]: With update channels, you can choose an update strategy. Update channels are specific to a minor version of {product-title}. Update channels only control release selection and do not impact the version of the cluster that you install. The `openshift-install` binary file for a specific version of the {product-title} always installs that minor version. For more information, see the following:
-
-* xref:../updating/understanding-upgrade-channels-release.adoc#upgrade-version-paths_understanding-upgrade-channels-releases[Upgrading version paths]
-* xref:../updating/understanding-upgrade-channels-release.adoc#fast-stable-channel-strategies_understanding-upgrade-channels-releases[Understanding fast and stable channel use and strategies]
-* xref:../updating/understanding-upgrade-channels-release.adoc#restricted-network-clusters_understanding-upgrade-channels-releases[Understanding restricted network clusters]
-* xref:../updating/understanding-upgrade-channels-release.adoc#switching-between-channels_understanding-upgrade-channels-releases[Switching between channels]
-* xref:../updating/understanding-upgrade-channels-release.adoc#conditional-updates-overview_understanding-upgrade-channels-releases[Understanding conditional updates]
-endif::openshift-origin[]
-ifdef::openshift-origin[]
 With update channels, you can choose an update strategy. Update channels are specific to a minor version of {product-title}. Update channels only control release selection and do not impact the version of the cluster that you install. The `openshift-install` binary file for a specific version of the {product-title} always installs that minor version.
 
 {product-title} {product-version} offers the following update channel:
 
 * `stable-4`
-endif::openshift-origin[]
-
-
-include::modules/determining-upgrade-viability-conditiontype.adoc[leveloffset=+1]
-
-include::modules/determining-upgrade-viability-cv-conditiontype.adoc[leveloffset=+1]
-
-ifndef::openshift-origin[]
-[id="updating-clusters-overview-prepare-eus-to-eus-update"]
-== Performing an EUS-to-EUS update
-xref:../updating/updating_a_cluster/eus-eus-update.adoc#eus-eus-update[Performing an EUS-to-EUS update]: Due to fundamental Kubernetes design, all {product-title} updates between minor versions must be serialized. You must update from {product-title} 4.10 to 4.11, and then to 4.12. You cannot update from {product-title} 4.10 to 4.12 directly. However, if you want to update between two Extended Update Support (EUS) versions, you can do so by incurring only a single reboot of non-control plane hosts. For more information, see the following:
-
-* xref:../updating/updating_a_cluster/eus-eus-update.adoc#updating-eus-to-eus-upgrade_eus-to-eus-update[EUS-to-EUS update]
-endif::openshift-origin[]
 
 [id="updating-clusters-overview-update-cluster-using-web-console"]
 == Updating a cluster using the web console
@@ -75,16 +45,6 @@ xref:../updating/updating_a_cluster/update-using-custom-machine-config-pools.ado
 * xref:../updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc#update-using-custom-machine-config-pools-unpause_update-using-custom-machine-config-pools[Unpausing the machine configuration pools]
 * xref:../updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc#update-using-custom-machine-config-pools-mcp-remove_update-using-custom-machine-config-pools[Moving a node to the original machine configuration pool]
 
-ifndef::openshift-origin[]
-[id="updating-clusters-overview-update-cluster-with-rhel-compute-machines"]
-== Updating a cluster that includes {op-system-base} compute machines
-xref:../updating/updating_a_cluster/updating-cluster-rhel-compute.adoc#updating-cluster-rhel-compute[Updating a cluster that includes {op-system-base} compute machines]: If your cluster contains {op-system-base-full} machines, you must perform additional steps to update those machines. You can perform the following procedures:
-
-* xref:../updating/updating_a_cluster/updating-cluster-rhel-compute.adoc#update-upgrading-web_updating-cluster-rhel-compute[Updating a cluster by using the web console]
-* xref:../updating/updating_a_cluster/updating-cluster-rhel-compute.adoc#updating-cluster-rhel-compute-hooks[Optional: Adding hooks to perform Ansible tasks on {op-system-base} machines]
-* xref:../updating/updating_a_cluster/updating-cluster-rhel-compute.adoc#rhel-compute-updating-minor_updating-cluster-rhel-compute[Updating {op-system-base} compute machines in your cluster]
-endif::openshift-origin[]
-
 [id="updating-clusters-overview-update-restricted-network-cluster"]
 == Updating a cluster in a disconnected environment
 xref:../updating/updating_a_cluster/updating_disconnected_cluster/index.adoc#about-restricted-network-updates[About cluster updates in a disconnected environment]: If your mirror host cannot access both the internet and the cluster, you can mirror the images to a file system that is disconnected from that environment. You can then bring that host or removable media across that gap. If the local container registry and the cluster are connected to the mirror host of a registry, you can directly push the release images to the local registry.
@@ -103,14 +63,14 @@ xref:../updating/updating_a_cluster/updating_disconnected_cluster/index.adoc#abo
 [id="updating-clusters-overview-vsphere-updating-hardware"]
 == Updating hardware on nodes running in vSphere
 
-xref:../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on vSphere]: You must ensure that your nodes running in vSphere are running on the hardware version supported by OpenShift Container Platform. Currently, hardware version 13 or later is supported for vSphere virtual machines in a cluster. For more information, see the following:
+xref:../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-hardware-on-nodes-running-on-vsphere[Updating hardware on vSphere]: You must ensure that your nodes running in vSphere are running on the hardware version supported by OpenShift Container Platform. Currently, hardware version 15 or later is supported for vSphere virtual machines in a cluster. For more information, see the following:
 
 * xref:../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#updating-virtual-hardware-on-vsphere_updating-hardware-on-nodes-running-in-vsphere[Updating virtual hardware on vSphere]
 * xref:../updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc#scheduling-virtual-hardware-update-on-vsphere_updating-hardware-on-nodes-running-in-vsphere[Scheduling an update for virtual hardware on vSphere]
 
 [IMPORTANT]
 ====
-Using hardware version 13 for your cluster nodes running on vSphere is now deprecated. This version is still fully supported, but support will be removed in a future version of {product-title}. Hardware version 15 is now the default for vSphere virtual machines in {product-title}.
+Version {product-version} of {product-title} requires VMware virtual hardware version 15 or later.
 ====
 
 [id="updating-clusters-overview-hosted-control-planes"]
diff --git a/updating/preparing-manual-creds-update.adoc b/updating/preparing-manual-creds-update.adoc
deleted file mode 100644
index 2cae836be850..000000000000
--- a/updating/preparing-manual-creds-update.adoc
+++ /dev/null
@@ -1,66 +0,0 @@
-:_content-type: ASSEMBLY
-[id="preparing-manual-creds-update"]
-= Preparing to update a cluster with manually maintained credentials
-include::_attributes/common-attributes.adoc[]
-:context: preparing-manual-creds-update
-
-toc::[]
-
-The Cloud Credential Operator (CCO) `Upgradable` status for a cluster with manually maintained credentials is `False` by default.
-
-* For minor releases, for example, from 4.12 to 4.13, this status prevents you from updating until you have addressed any updated permissions and annotated the `CloudCredential` resource to indicate that the permissions are updated as needed for the next version. This annotation changes the `Upgradable` status to `True`.
-
-* For z-stream releases, for example, from 4.13.0 to 4.13.1, no permissions are added or changed, so the update is not blocked.
-
-Before updating a cluster with manually maintained credentials, you must accommodate any new or changed credentials in the release image for the version of {product-title} you are updating to.
-
-//Upgrading clusters with manually maintained credentials
-include::modules/about-manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
-[role="_additional-resources"]
-.Additional resources
-* xref:../updating/preparing-manual-creds-update.adoc#cco-determine-mode-gui_preparing-manual-creds-update[Determining the Cloud Credential Operator mode by using the web console]
-* xref:../updating/preparing-manual-creds-update.adoc#cco-determine-mode-cli_preparing-manual-creds-update[Determining the Cloud Credential Operator mode by using the CLI]
-* xref:../updating/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
-* xref:../updating/preparing-manual-creds-update.adoc#manually-maintained-credentials-upgrade_preparing-manual-creds-update[Updating cloud provider resources with manually maintained credentials]
-* xref:../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator]
-
-//Determining the Cloud Credential Operator mode by using the web console
-include::modules/cco-determine-mode-gui.adoc[leveloffset=+2]
-[role="_additional-resources"]
-.Additional resources
-* xref:../updating/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
-* xref:../updating/preparing-manual-creds-update.adoc#manually-maintained-credentials-upgrade_preparing-manual-creds-update[Updating cloud provider resources with manually maintained credentials]
-
-//Determining the Cloud Credential Operator mode by using the CLI
-include::modules/cco-determine-mode-cli.adoc[leveloffset=+2]
-[role="_additional-resources"]
-.Additional resources
-* xref:../updating/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
-* xref:../updating/preparing-manual-creds-update.adoc#manually-maintained-credentials-upgrade_preparing-manual-creds-update[Updating cloud provider resources with manually maintained credentials]
-
-//Configuring the Cloud Credential Operator utility for a cluster update
-include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
-
-//Updating cloud provider resources with the Cloud Credential Operator utility
-include::modules/cco-ccoctl-upgrading.adoc[leveloffset=+1]
-[role="_additional-resources"]
-.Additional resources
-* xref:../installing/installing_alibaba/installing-alibaba-default.adoc#cco-ccoctl-creating-at-once_installing-alibaba-default[Creating {alibaba} credentials for {product-title} components with the `ccoctl` tool]
-* xref:../authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc#sts-mode-create-aws-resources-ccoctl_cco-mode-sts[Creating AWS resources with the Cloud Credential Operator utility]
-* xref:../authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc#cco-ccoctl-creating-at-once_cco-mode-gcp-workload-identity[Creating GCP resources with the Cloud Credential Operator utility]
-* xref:../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#manually-create-iam-ibm-cloud_installing-ibm-cloud-customizations[Manually creating IAM for IBM Cloud VPC]
-* xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#manually-create-iam-nutanix_installing-nutanix-installer-provisioned[Configuring IAM for Nutanix]
-* xref:../updating/preparing-manual-creds-update.adoc#cco-manual-upgrade-annotation_preparing-manual-creds-update[Indicating that the cluster is ready to upgrade]
-
-//Updating cloud provider resources with manually maintained credentials
-include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
-[role="_additional-resources"]
-.Additional resources
-* xref:../installing/installing_aws/manually-creating-iam.adoc#manually-create-iam_manually-creating-iam-aws[Manually creating IAM for AWS]
-* xref:../installing/installing_azure/manually-creating-iam-azure.adoc#manually-create-iam_manually-creating-iam-azure[Manually creating IAM for Azure]
-* xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#manually-create-iam_installing-azure-stack-hub-default[Manually creating IAM for Azure Stack Hub]
-* xref:../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-create-iam_manually-creating-iam-gcp[Manually creating IAM for GCP]
-* xref:../updating/preparing-manual-creds-update.adoc#cco-manual-upgrade-annotation_preparing-manual-creds-update[Indicating that the cluster is ready to upgrade]
-
-//Indicating that the cluster is ready to upgrade
-include::modules/cco-manual-upgrade-annotation.adoc[leveloffset=+1]
diff --git a/updating/preparing_for_updates/_attributes b/updating/preparing_for_updates/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/updating/preparing_for_updates/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/updating/preparing_for_updates/images b/updating/preparing_for_updates/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/updating/preparing_for_updates/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/updating/kmm-preflight-validation.adoc b/updating/preparing_for_updates/kmm-preflight-validation.adoc
similarity index 78%
rename from updating/kmm-preflight-validation.adoc
rename to updating/preparing_for_updates/kmm-preflight-validation.adoc
index 40c8b63f8840..5d5da309c730 100644
--- a/updating/kmm-preflight-validation.adoc
+++ b/updating/preparing_for_updates/kmm-preflight-validation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="kmm-preflight-validation"]
 = Preflight validation for Kernel Module Management (KMM) Modules
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 Before performing an upgrade on the cluster with applied KMM modules, the administrator must verify that kernel modules installed using KMM are able to be installed on the nodes after the cluster upgrade and possible kernel upgrade. Preflight attempts to validate every `Module` loaded in the cluster, in parallel. Preflight does not wait for validation of one `Module` to complete before starting validation of another `Module`.
 
 :FeatureName: Kernel Module Management Operator Preflight validation
diff --git a/updating/preparing_for_updates/modules b/updating/preparing_for_updates/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/updating/preparing_for_updates/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/updating/preparing_for_updates/preparing-manual-creds-update.adoc b/updating/preparing_for_updates/preparing-manual-creds-update.adoc
new file mode 100644
index 000000000000..2c19bb699e64
--- /dev/null
+++ b/updating/preparing_for_updates/preparing-manual-creds-update.adoc
@@ -0,0 +1,72 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="preparing-manual-creds-update"]
+= Preparing to update a cluster with manually maintained credentials
+include::_attributes/common-attributes.adoc[]
+:context: preparing-manual-creds-update
+
+toc::[]
+
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
+The Cloud Credential Operator (CCO) `Upgradable` status for a cluster with manually maintained credentials is `False` by default.
+
+* For minor releases, for example, from 4.12 to 4.13, this status prevents you from updating until you have addressed any updated permissions and annotated the `CloudCredential` resource to indicate that the permissions are updated as needed for the next version. This annotation changes the `Upgradable` status to `True`.
+
+* For z-stream releases, for example, from 4.13.0 to 4.13.1, no permissions are added or changed, so the update is not blocked.
+
+Before updating a cluster with manually maintained credentials, you must accommodate any new or changed credentials in the release image for the version of {product-title} you are updating to.
+
+//Upgrading clusters with manually maintained credentials
+include::modules/about-manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-determine-mode-gui_preparing-manual-creds-update[Determining the Cloud Credential Operator mode by using the web console]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-determine-mode-cli_preparing-manual-creds-update[Determining the Cloud Credential Operator mode by using the CLI]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-ccoctl-upgrading-extracting_preparing-manual-creds-update[Extracting and preparing credentials request resources]
+* xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator]
+
+//Determining the Cloud Credential Operator mode by using the web console
+include::modules/cco-determine-mode-gui.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-ccoctl-upgrading-extracting_preparing-manual-creds-update[Extracting and preparing credentials request resources]
+
+//Determining the Cloud Credential Operator mode by using the CLI
+include::modules/cco-determine-mode-cli.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-ccoctl-upgrading-extracting_preparing-manual-creds-update[Extracting and preparing credentials request resources]
+
+//Extracting and preparing credentials request resources
+include::modules/manually-maintained-credentials-upgrade-extract.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-ccoctl-configuring_preparing-manual-creds-update[Configuring the Cloud Credential Operator utility for a cluster update]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#manually-maintained-credentials-upgrade_preparing-manual-creds-update[Manually updating cloud provider resources]
+
+//Configuring the Cloud Credential Operator utility for a cluster update
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]
+
+//Updating cloud provider resources with the Cloud Credential Operator utility
+include::modules/cco-ccoctl-upgrading.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-manual-upgrade-annotation_preparing-manual-creds-update[Indicating that the cluster is ready to upgrade]
+
+//Manually updating cloud provider resources
+include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials for AWS]
+* xref:../../installing/installing_azure/installing-azure-customizations.adoc#manually-create-iam_installing-azure-customizations[Manually creating long-term credentials for Azure]
+* xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#manually-create-iam_installing-azure-stack-hub-default[Manually creating long-term credentials for Azure Stack Hub]
+* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials for GCP]
+* xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#cco-manual-upgrade-annotation_preparing-manual-creds-update[Indicating that the cluster is ready to upgrade]
+
+//Indicating that the cluster is ready to upgrade
+include::modules/cco-manual-upgrade-annotation.adoc[leveloffset=+1]
+
diff --git a/updating/preparing_for_updates/snippets b/updating/preparing_for_updates/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/updating/preparing_for_updates/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/updating/preparing_for_updates/updating-cluster-prepare.adoc b/updating/preparing_for_updates/updating-cluster-prepare.adoc
new file mode 100644
index 000000000000..8dd4c54575dd
--- /dev/null
+++ b/updating/preparing_for_updates/updating-cluster-prepare.adoc
@@ -0,0 +1,66 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="updating-cluster-prepare"]
+= Preparing to update to {product-title} 4.15
+include::_attributes/common-attributes.adoc[]
+:context: updating-cluster-prepare
+
+toc::[]
+
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
+Learn more about administrative tasks that cluster admins must perform to successfully initialize an update, as well as optional guidelines for ensuring a successful update.
+
+[id="kube-api-removals_{context}"]
+== Kubernetes API removals
+
+There are no Kubernetes API removals in {product-title} 4.15.
+
+// Commenting out this section because there are no APIs being removed in OCP 4.15 / Kube 1.28. But we'll need this section again for 4.16
+////
+{product-title} 4.14 uses Kubernetes 1.27, which removed several deprecated APIs.
+
+A cluster administrator must provide a manual acknowledgment before the cluster can be updated from {product-title} 4.13 to 4.14. This is to help prevent issues after upgrading to {product-title} 4.14, where APIs that have been removed are still in use by workloads, tools, or other components running on or interacting with the cluster. Administrators must evaluate their cluster for any APIs in use that will be removed and migrate the affected components to use the appropriate new API version. After this evaluation and migration is complete, the administrator can provide the acknowledgment.
+
+Before you can update your {product-title} 4.13 cluster to 4.14, you must provide the administrator acknowledgment.
+
+// Removed Kubernetes APIs
+include::modules/update-preparing-list.adoc[leveloffset=+2]
+
+[id="evaluating-cluster-removed-apis"]
+=== Evaluating your cluster for removed APIs
+
+There are several methods to help administrators identify where APIs that will be removed are in use. However, {product-title} cannot identify all instances, especially workloads that are idle or external tools that are used. It is the responsibility of the administrator to properly evaluate all workloads and other integrations for instances of removed APIs.
+
+// Reviewing alerts to identify uses of removed APIs
+include::modules/update-preparing-evaluate-alerts.adoc[leveloffset=+3]
+
+// Using APIRequestCount to identify uses of removed APIs
+include::modules/update-preparing-evaluate-apirequestcount.adoc[leveloffset=+3]
+
+// Using APIRequestCount to identify which workloads are using the removed APIs
+include::modules/update-preparing-evaluate-apirequestcount-workloads.adoc[leveloffset=+3]
+
+// Migrating instances of removed APIs
+include::modules/update-preparing-migrate.adoc[leveloffset=+2]
+
+// Providing the administrator acknowledgment
+include::modules/update-preparing-ack.adoc[leveloffset=+2]
+////
+
+// Assessing the risk of conditional updates
+include::modules/update-preparing-conditional.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/understanding_updates/how-updates-work.adoc#update-evaluate-availability_how-updates-work[Evaluation of update availability]
+
+// Best practices for cluster updates
+include::modules/update-best-practices.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding_clusteroperator_conditiontypes_understanding-openshift-updates[Understanding cluster Operator condition types]
diff --git a/updating/troubleshooting_updates/_attributes b/updating/troubleshooting_updates/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/updating/troubleshooting_updates/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/updating/troubleshooting_updates/gathering-data-cluster-update.adoc b/updating/troubleshooting_updates/gathering-data-cluster-update.adoc
new file mode 100644
index 000000000000..581517185fd4
--- /dev/null
+++ b/updating/troubleshooting_updates/gathering-data-cluster-update.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="gathering-data-cluster-update"]
+= Gathering data about your cluster update
+include::_attributes/common-attributes.adoc[]
+:context: troubleshooting_updates
+
+toc::[]
+
+ifndef::openshift-origin[]
+When reaching out to Red Hat support for issues with an update, it is important to provide data for the support team to use for troubleshooting your failed cluster update.
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+If your cluster update fails, you can examine cluster data to troubleshoot the failure.
+endif::openshift-origin[]
+
+include::modules/gathering-log-data.adoc[leveloffset=+1]
+
+include::modules/gathering-clusterversion-history.adoc[leveloffset=+1]
+
+include::modules/gathering-clusterversion-history-console.adoc[leveloffset=+2]
+
+include::modules/gathering-clusterversion-history-cli.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_gathering-cluster-data"]
+.Additional resources
+
+* xref:../../support/gathering-cluster-data.adoc#support_gathering_data_gathering-cluster-data[Gathering data about your cluster]
diff --git a/updating/troubleshooting_updates/images b/updating/troubleshooting_updates/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/updating/troubleshooting_updates/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/updating/troubleshooting_updates/modules b/updating/troubleshooting_updates/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/updating/troubleshooting_updates/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/updating/troubleshooting_updates/recovering-update-before-applied.adoc b/updating/troubleshooting_updates/recovering-update-before-applied.adoc
new file mode 100644
index 000000000000..20fd577c0d73
--- /dev/null
+++ b/updating/troubleshooting_updates/recovering-update-before-applied.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="recovering-update-before-applied"]
+= Recovering when an update fails before it is applied
+include::_attributes/common-attributes.adoc[]
+:context: troubleshooting_updates
+
+toc::[]
+
+In some situations, you can recover from a failed update of {product-title}. 
+
+include::modules/updating-troubleshooting-clear.adoc[leveloffset=+1]
diff --git a/updating/troubleshooting_updates/snippets b/updating/troubleshooting_updates/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/updating/troubleshooting_updates/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/updating/understanding-openshift-update-duration.adoc b/updating/understanding-openshift-update-duration.adoc
deleted file mode 100644
index 91a538cac960..000000000000
--- a/updating/understanding-openshift-update-duration.adoc
+++ /dev/null
@@ -1,49 +0,0 @@
-:_content-type: ASSEMBLY
-[id="understanding-openshift-update-duration"]
-= Understanding {product-title} update duration
-include::_attributes/common-attributes.adoc[]
-:context: openshift-update-duration
-
-toc::[]
-
-{product-title} update duration varies based on the deployment topology. This page helps you understand the factors that affect update duration and estimate how long the cluster update takes in your environment.
-
-[id="update-duration-prerequisites"]
-== Prerequisites
-* You are familiar with xref:../architecture/architecture.adoc#architecture[OpenShift Container Platform architecture] and xref:../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[OpenShift Container Platform updates].
-
-include::modules/update-duration-factors.adoc[leveloffset=+1]
-
-[id="cluster-update-phases"]
-== Cluster update phases
-In {product-title}, the cluster update happens in two phases:
-
-* Cluster Version Operator (CVO) target update payload deployment
-* Machine Config Operator (MCO) node updates
-
-
-include::modules/update-duration-cvo.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Introduction to OpenShift Updates]
-
-include::modules/update-duration-mco.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../post_installation_configuration/machine-configuration-tasks.adoc#machine-config-overview-post-install-machine-configuration-tasks[Machine config overview]
-* xref:../nodes/pods/nodes-pods-configuring.adoc#nodes-pods-configuring-pod-distruption-about_nodes-pods-configuring[Pod disruption budget]
-
-include::modules/update-duration-estimate-cluster-update-time.adoc[leveloffset=+1]
-
-ifndef::openshift-origin[]
-include::modules/update-duration-rhel-nodes.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../updating/updating_a_cluster/updating-cluster-rhel-compute.adoc#updating-cluster-rhel-compute[Updating RHEL compute machines]
-endif::openshift-origin[]
diff --git a/updating/understanding-upgrade-channels-release.adoc b/updating/understanding-upgrade-channels-release.adoc
deleted file mode 100644
index da5a571c4d1f..000000000000
--- a/updating/understanding-upgrade-channels-release.adoc
+++ /dev/null
@@ -1,53 +0,0 @@
-:_content-type: ASSEMBLY
-[id="understanding-upgrade-channels-releases"]
-= Understanding update channels and releases
-include::_attributes/common-attributes.adoc[]
-:context: understanding-upgrade-channels-releases
-
-toc::[]
-
-Update channels are the mechanism by which users declare the {product-title} minor version they intend to update their clusters to. They also allow users to choose the timing and level of support their updates will have through the `fast`, `stable`, `candidate`, and `eus` channel options. The Cluster Version Operator uses an update graph based on the channel declaration, along with other conditional information, to provide a list of recommended and conditional updates available to the cluster.
-
-Update channels correspond to a minor version of {product-title}. The version number in the channel represents the target minor version that the cluster will eventually be updated to, even if it is higher than the cluster's current minor version.
-
-For instance, {product-title} 4.10 update channels provide the following recommendations:
-
-* Updates within 4.10.
-* Updates within 4.9.
-* Updates from 4.9 to 4.10, allowing all 4.9 clusters to eventually update to 4.10, even if they do not immediately meet the minimum z-stream version requirements.
-* `eus-4.10` only: updates within 4.8.
-* `eus-4.10` only: updates from 4.8 to 4.9 to 4.10, allowing all 4.8 clusters to eventually update to 4.10.
-
-4.10 update channels do not recommend updates to 4.11 or later releases. This strategy ensures that administrators must explicitly decide to update to the next minor version of {product-title}.
-
-Update channels control only release selection and do not impact the version of the cluster that you install. The `openshift-install` binary file for a specific version of {product-title} always installs that version.
-
-ifndef::openshift-origin[]
-{product-title} {product-version} offers the following update channels:
-
-* `stable-{product-version}`
-* `eus-4.y` (only offered for EUS versions and meant to facilitate updates between EUS versions)
-* `fast-{product-version}`
-* `candidate-{product-version}`
-
-If you do not want the Cluster Version Operator to fetch available updates from the update recommendation service, you can use the `oc adm upgrade channel` command in the OpenShift CLI to configure an empty channel. This configuration can be helpful if, for example, a cluster has restricted network access and there is no local, reachable update recommendation service.
-
-[WARNING]
-====
-Red Hat recommends updating to versions suggested by OpenShift Update Service only. For a minor version update, versions must be contiguous. Red Hat does not test updates to noncontiguous versions and cannot guarantee compatibility with earlier versions.
-====
-
-endif::openshift-origin[]
-ifdef::openshift-origin[]
-{product-title} {product-version} offers the following update channel:
-
-* `stable-4`
-
-endif::openshift-origin[]
-
-include::modules/understanding-upgrade-channels.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#update-conditional-upgrade-pathupdating-cluster-cli[Updating along a conditional upgrade path]
-* xref:../updating/understanding-upgrade-channels-release.html#fast-stable-channel-strategies_{context}[Choosing the correct channel for your cluster]
diff --git a/updating/understanding_updates/how-updates-work.adoc b/updating/understanding_updates/how-updates-work.adoc
index f1262381fa67..47f5da1e0347 100644
--- a/updating/understanding_updates/how-updates-work.adoc
+++ b/updating/understanding_updates/how-updates-work.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="how-updates-work"]
 = How cluster updates work
 include::_attributes/common-attributes.adoc[]
@@ -8,24 +8,35 @@ toc::[]
 
 The following sections describe each major aspect of the {product-title} (OCP) update process in detail. For a general overview of how updates work, see the xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Introduction to OpenShift updates].
 
-include::modules/update-evaluate-availability.adoc[leveloffset=+1]
+// The Cluster Version Operator
+include::modules/update-cvo.adoc[leveloffset=+1]
+
+// The ClusterVersion object
+include::modules/update-cluster-version-object.adoc[leveloffset=+2]
+
+// Evaluation of update availability
+include::modules/update-evaluate-availability.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/understanding-upgrade-channels-release.adoc#conditional-updates-overview_understanding-upgrade-channels-releases[Update recommendation removals and Conditional Updates]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#conditional-updates-overview_understanding-update-channels-releases[Update recommendation removals and Conditional Updates]
 
+// Release images
 include::modules/update-release-images.adoc[leveloffset=+1]
 
+// Update process workflow
 include::modules/update-process-workflow.adoc[leveloffset=+1]
 
+// Understanding how manifests are applied during an update
 include::modules/update-manifest-application.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/understanding-openshift-update-duration.adoc#understanding-openshift-update-duration[Understanding {product-title} update duration]
+* xref:../../updating/understanding_updates/understanding-openshift-update-duration.adoc#understanding-openshift-update-duration[Understanding {product-title} update duration]
 
+// Understanding how the Machine Config Operator updates nodes
 include::modules/update-mco-process.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
diff --git a/updating/understanding_updates/intro-to-updates.adoc b/updating/understanding_updates/intro-to-updates.adoc
index 019c3d59caba..8c4b6c9ce4cb 100644
--- a/updating/understanding_updates/intro-to-updates.adoc
+++ b/updating/understanding_updates/intro-to-updates.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-openshift-updates"]
 = Introduction to OpenShift updates
 include::_attributes/common-attributes.adoc[]
@@ -28,15 +28,28 @@ As the CVO applies a manifest to a cluster Operator, the Operator might perform
 The CVO monitors the state of each applied resource and the states reported by all cluster Operators. The CVO only proceeds with the update when all manifests and cluster Operators in the active Runlevel reach a stable condition.
 After the CVO updates the entire control plane through this process, the Machine Config Operator (MCO) updates the operating system and configuration of every node in the cluster.
 
+ifdef::openshift-enterprise[]
+
+// Common questions about update availability
 include::modules/update-availability-faq.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
+
+endif::openshift-enterprise[]
 
+// About the OpenShift Update Service
 include::modules/update-service-overview.adoc[leveloffset=+1]
 
+// Understanding cluster Operator condition types
+include::modules/determining-upgrade-viability-conditiontype.adoc[leveloffset=+1]
+
+// Understanding cluster version condition types
+include::modules/determining-upgrade-viability-cv-conditiontype.adoc[leveloffset=+1]
+
+// Common terms
 include::modules/update-common-terms.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -45,10 +58,11 @@ include::modules/update-common-terms.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/machine-configuration-tasks.adoc#machine-config-overview-post-install-machine-configuration-tasks[Machine config overview]
 ifdef::openshift-enterprise[]
 * xref:../../updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc#update-service-overview_updating-restricted-network-cluster-osus[Using the OpenShift Update Service in a disconnected environment]
-endif::openshift-enterprise[]
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels_understanding-upgrade-channels-releases[Update channels]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels_understanding-update-channels-releases[Update channels]
 
 [id="{context}-additional-resources"]
 [role="_additional-resources"]
 == Additional resources
-* For more detailed information about each major aspect of the update process, see xref:../../updating/understanding_updates/how-updates-work.adoc#how-updates-work[How cluster updates work].
\ No newline at end of file
+* xref:../../updating/understanding_updates/how-updates-work.adoc#how-updates-work[How cluster updates work].
+
+endif::openshift-enterprise[]
\ No newline at end of file
diff --git a/updating/understanding_updates/understanding-openshift-update-duration.adoc b/updating/understanding_updates/understanding-openshift-update-duration.adoc
new file mode 100644
index 000000000000..5a496028f444
--- /dev/null
+++ b/updating/understanding_updates/understanding-openshift-update-duration.adoc
@@ -0,0 +1,66 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="understanding-openshift-update-duration"]
+= Understanding {product-title} update duration
+include::_attributes/common-attributes.adoc[]
+:context: openshift-update-duration
+
+toc::[]
+
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
+{product-title} update duration varies based on the deployment topology. This page helps you understand the factors that affect update duration and estimate how long the cluster update takes in your environment.
+
+// Factors affecting update duration
+include::modules/update-duration-factors.adoc[leveloffset=+1]
+
+[id="cluster-update-phases"]
+== Cluster update phases
+In {product-title}, the cluster update happens in two phases:
+
+* Cluster Version Operator (CVO) target update payload deployment
+* Machine Config Operator (MCO) node updates
+
+// Cluster Version Operator target update payload deployment
+include::modules/update-duration-cvo.adoc[leveloffset=+2]
+
+// Machine Config Operator node updates
+include::modules/update-duration-mco.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../post_installation_configuration/machine-configuration-tasks.adoc#machine-config-overview-post-install-machine-configuration-tasks[Machine config overview]
+* xref:../../nodes/pods/nodes-pods-configuring.adoc#nodes-pods-configuring-pod-distruption-about_nodes-pods-configuring[Pod disruption budget]
+
+//Example update duration of cluster Operators
+include::modules/update-duration-example.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Introduction to OpenShift updates]
+* xref:../../updating/understanding_updates/how-updates-work.adoc#update-manifest-application_how-updates-work[Understanding how manifests are applied during an update]
+
+// Estimating cluster update time
+include::modules/update-duration-estimate-cluster-update-time.adoc[leveloffset=+1]
+
+ifndef::openshift-origin[]
+// {op-system-base-full} compute nodes
+include::modules/update-duration-rhel-nodes.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../updating/updating_a_cluster/updating-cluster-rhel-compute.adoc#updating-cluster-rhel-compute[Updating RHEL compute machines]
+endif::openshift-origin[]
+
+[role="_additional-resources"]
+[id="additional-resources_update-duration"]
+== Additional resources
+
+* xref:../../architecture/architecture.adoc#architecture[OpenShift Container Platform architecture]
+* xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[OpenShift Container Platform updates]
\ No newline at end of file
diff --git a/updating/understanding_updates/understanding-update-channels-release.adoc b/updating/understanding_updates/understanding-update-channels-release.adoc
new file mode 100644
index 000000000000..fe6551a3ab61
--- /dev/null
+++ b/updating/understanding_updates/understanding-update-channels-release.adoc
@@ -0,0 +1,60 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="understanding-update-channels-releases"]
+= Understanding update channels and releases
+include::_attributes/common-attributes.adoc[]
+:context: understanding-update-channels-releases
+
+toc::[]
+
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
+Update channels are the mechanism by which users declare the {product-title} minor version they intend to update their clusters to. They also allow users to choose the timing and level of support their updates will have through the `fast`, `stable`, `candidate`, and `eus` channel options. The Cluster Version Operator uses an update graph based on the channel declaration, along with other conditional information, to provide a list of recommended and conditional updates available to the cluster.
+
+Update channels correspond to a minor version of {product-title}. The version number in the channel represents the target minor version that the cluster will eventually be updated to, even if it is higher than the cluster's current minor version.
+
+For instance, {product-title} 4.10 update channels provide the following recommendations:
+
+* Updates within 4.10.
+* Updates within 4.9.
+* Updates from 4.9 to 4.10, allowing all 4.9 clusters to eventually update to 4.10, even if they do not immediately meet the minimum z-stream version requirements.
+* `eus-4.10` only: updates within 4.8.
+* `eus-4.10` only: updates from 4.8 to 4.9 to 4.10, allowing all 4.8 clusters to eventually update to 4.10.
+
+4.10 update channels do not recommend updates to 4.11 or later releases. This strategy ensures that administrators must explicitly decide to update to the next minor version of {product-title}.
+
+Update channels control only release selection and do not impact the version of the cluster that you install. The `openshift-install` binary file for a specific version of {product-title} always installs that version.
+
+ifndef::openshift-origin[]
+{product-title} {product-version} offers the following update channels:
+
+* `stable-{product-version}`
+* `eus-4.y` (only offered for EUS versions and meant to facilitate updates between EUS versions)
+* `fast-{product-version}`
+* `candidate-{product-version}`
+
+If you do not want the Cluster Version Operator to fetch available updates from the update recommendation service, you can use the `oc adm upgrade channel` command in the OpenShift CLI to configure an empty channel. This configuration can be helpful if, for example, a cluster has restricted network access and there is no local, reachable update recommendation service.
+
+[WARNING]
+====
+Red Hat recommends updating to versions suggested by OpenShift Update Service only. For a minor version update, versions must be contiguous. Red Hat does not test updates to noncontiguous versions and cannot guarantee compatibility with earlier versions.
+====
+
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+{product-title} {product-version} offers the following update channel:
+
+* `stable-4`
+
+endif::openshift-origin[]
+
+// Update channels
+include::modules/understanding-update-channels.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../updating/updating_a_cluster/updating-cluster-cli.adoc#update-conditional-upgrade-pathupdating-cluster-cli[Updating along a conditional upgrade path]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#fast-stable-channel-strategies_understanding-update-channels-releases[Choosing the correct channel for your cluster]
diff --git a/updating/updating-cluster-prepare.adoc b/updating/updating-cluster-prepare.adoc
deleted file mode 100644
index 64a0bc1c08b0..000000000000
--- a/updating/updating-cluster-prepare.adoc
+++ /dev/null
@@ -1,36 +0,0 @@
-:_content-type: ASSEMBLY
-[id="updating-cluster-prepare"]
-= Preparing to update to {product-title} 4.13
-include::_attributes/common-attributes.adoc[]
-:context: updating-cluster-prepare
-
-toc::[]
-
-{product-title} 4.13 uses Kubernetes 1.26, which removed several deprecated APIs.
-
-A cluster administrator must provide a manual acknowledgment before the cluster can be updated from {product-title} 4.12 to 4.13. This is to help prevent issues after upgrading to {product-title} 4.13, where APIs that have been removed are still in use by workloads, tools, or other components running on or interacting with the cluster. Administrators must evaluate their cluster for any APIs in use that will be removed and migrate the affected components to use the appropriate new API version. After this evaluation and migration is complete, the administrator can provide the acknowledgment.
-
-Before you can update your {product-title} 4.12 cluster to 4.13, you must provide the administrator acknowledgment.
-
-// Removed Kubernetes APIs
-include::modules/update-preparing-list.adoc[leveloffset=+1]
-
-[id="evaluating-cluster-removed-apis"]
-== Evaluating your cluster for removed APIs
-
-There are several methods to help administrators identify where APIs that will be removed are in use. However, {product-title} cannot identify all instances, especially workloads that are idle or external tools that are used. It is the responsibility of the administrator to properly evaluate all workloads and other integrations for instances of removed APIs.
-
-// Reviewing alerts to identify uses of removed APIs
-include::modules/update-preparing-evaluate-alerts.adoc[leveloffset=+2]
-
-// Using APIRequestCount to identify uses of removed APIs
-include::modules/update-preparing-evaluate-apirequestcount.adoc[leveloffset=+2]
-
-// Using APIRequestCount to identify which workloads are using the removed APIs
-include::modules/update-preparing-evaluate-apirequestcount-workloads.adoc[leveloffset=+2]
-
-// Migrating instances of removed APIs
-include::modules/update-preparing-migrate.adoc[leveloffset=+1]
-
-// Providing the administrator acknowledgment
-include::modules/update-preparing-ack.adoc[leveloffset=+1]
diff --git a/updating/updating-troubleshooting.adoc b/updating/updating-troubleshooting.adoc
deleted file mode 100644
index 303da4afab93..000000000000
--- a/updating/updating-troubleshooting.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-:_content-type: ASSEMBLY
-[id="updating-troubleshooting"]
-= Troubleshooting an update
-include::_attributes/common-attributes.adoc[]
-:context: updating-troubleshooting
-
-toc::[]
-
-In some situations, you can recover from a failed update of {product-title}.
-
-[IMPORTANT]
-====
-If an update fails at any other point, you must contact Red Hat support. Rolling
-your cluster back to a previous version is not supported.
-====
-
-include::modules/updating-clear.adoc[leveloffset=+1]
diff --git a/updating/updating_a_cluster/eus-eus-update.adoc b/updating/updating_a_cluster/eus-eus-update.adoc
index 34f9c1921cd1..b4459cef7073 100644
--- a/updating/updating_a_cluster/eus-eus-update.adoc
+++ b/updating/updating_a_cluster/eus-eus-update.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="eus-eus-update"]
 = Performing an EUS-to-EUS update
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 Due to fundamental Kubernetes design, all {product-title} updates between minor versions must be serialized.
 You must update from {product-title} <4.y> to <4.y+1>, and then to <4.y+2>. You cannot update from {product-title} <4.y> to <4.y+2> directly.
 However, administrators who want to update between two Extended Update Support (EUS) versions can do so incurring only a single reboot of non-control plane hosts.
@@ -26,19 +32,20 @@ There are a number of caveats to consider when attempting an EUS-to-EUS update.
 
 * All the clusters might update using EUS channels for a conventional update without pools paused, but only clusters with non control-plane `MachineConfigPools` objects can do EUS-to-EUS update with pools paused.
 
+// EUS-to-EUS update
 include::modules/updating-eus-to-eus-upgrade.adoc[leveloffset=+1]
 
+// EUS-to-EUS update using the web console
 include::modules/updating-eus-to-eus-upgrade-console.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 [id="additional-resources_updating-eus-to-eus-upgrade-console"]
 .Additional resources
 
-* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Preparing for an Operator update]
-* xref:../../updating/updating_a_cluster/updating-cluster-web-console.adoc#update-upgrading-web_updating-cluster-web-console[Updating a cluster by using the web console]
 * xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
+* xref:../../updating/updating_a_cluster/updating-cluster-web-console.adoc#update-upgrading-web_updating-cluster-web-console[Updating a cluster by using the web console]
 
-
+// EUS-to-EUS update using the CLI
 include::modules/updating-eus-to-eus-upgrade-cli.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -48,10 +55,11 @@ include::modules/updating-eus-to-eus-upgrade-cli.adoc[leveloffset=+2]
 * xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
 
 include::modules/updating-eus-to-eus-layered-products.adoc[leveloffset=+2]
+
 [role="_additional-resources"]
 [id="additional-resources_updating-eus-to-eus-layered-products"]
 .Additional resources
 
-* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-preparing-upgrade_olm-upgrading-operators[Preparing for an Operator update]
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
 * xref:../../updating/updating_a_cluster/eus-eus-update.adoc#updating-eus-to-eus-upgrade-console_eus-to-eus-update[EUS-to-EUS update using the web console]
 * xref:../../updating/updating_a_cluster/eus-eus-update.adoc#updating-eus-to-eus-upgrade-cli_eus-to-eus-update[EUS-to-EUS update using the CLI]
\ No newline at end of file
diff --git a/updating/updating_a_cluster/migrating-to-multi-payload.adoc b/updating/updating_a_cluster/migrating-to-multi-payload.adoc
index 0326fb4d5d18..869005a62142 100644
--- a/updating/updating_a_cluster/migrating-to-multi-payload.adoc
+++ b/updating/updating_a_cluster/migrating-to-multi-payload.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="migrating-clusters-to-multi-payload"]
 = Migrating to a cluster with multi-architecture compute machines
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 You can migrate your current cluster with single-architecture compute machines to a cluster with multi-architecture compute machines by updating to a multi-architecture, manifest-listed payload. This allows you to add mixed architecture compute nodes to your cluster.
 
 For information about configuring your multi-architecture compute machines, see _Configuring multi-architecture compute machines on an {product-title} cluster_.
@@ -15,14 +21,15 @@ For information about configuring your multi-architecture compute machines, see
 Migration from a multi-architecture payload to a single-architecture payload is not supported. Once a cluster has transitioned to using a multi-architecture payload, it can no longer accept a single-architecture update payload.
 ====
 
+// Migrating to a cluster with multi-architecture compute machines using the CLI
 include::modules/migrating-to-multi-arch-cli.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../post_installation_configuration/multi-architecture-configuration.adoc#multi-architecture-configuration[Configuring multi-architecture compute machines on an {product-title} cluster]
+* xref:../../post_installation_configuration/configuring-multi-arch-compute-machines/multi-architecture-configuration.adoc#multi-architecture-configuration[Configuring multi-architecture compute machines on an {product-title} cluster]
 * xref:../../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[Updating a cluster using the web console]
 * xref:../../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI]
-* xref:../../updating/index.adoc#understanding-clusterversion-conditiontypes_updating-clusters-overview[Understanding cluster version condition types]
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+* xref:../../updating/understanding_updates/intro-to-updates.adoc#understanding-clusterversion-conditiontypes_understanding-openshift-updates[Understanding cluster version condition types]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
 * xref:../../installing/installing-preparing.adoc#installing-preparing-selecting-cluster-type[Selecting a cluster installation type]
 * xref:../../machine_management/deploying-machine-health-checks.adoc#machine-health-checks-about_deploying-machine-health-checks[About machine health checks]
diff --git a/updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc b/updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
index 605dae6047e0..f2f9487fbded 100644
--- a/updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
+++ b/updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="update-using-custom-machine-config-pools"]
 = Performing a canary rollout update
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,11 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
 
+To do: Remove this comment once 4.13 docs are EOL.
+////
 
 There might be some scenarios where you want a more controlled rollout of an update to the worker nodes in order to ensure that mission-critical applications stay available during the whole update, even if the update process causes your applications to fail. Depending on your organizational needs, you might want to update a small subset of worker nodes, evaluate cluster and workload health over a period of time, then update the remaining nodes. This is commonly referred to as a _canary_ update. Or, you might also want to fit worker node updates, which often require a host reboot, into smaller defined maintenance windows when it is not possible to take a large maintenance window to update the entire cluster at one time.
 
@@ -55,8 +59,13 @@ Also, you need to consider how much extra capacity you have available in your cl
 
 You can use this update process with all documented {product-title} update processes. However, the process does not work with {op-system-base-full} machines, which are updated using Ansible playbooks.
 
+// About performing a canary rollout update
 include::modules/update-using-custom-machine-config-pools-about.adoc[leveloffset=+1]
+
+// Creating machine config pools to perform a canary rollout update
 include::modules/update-using-custom-machine-config-pools-mcp.adoc[leveloffset=+1]
+
+// Pausing the machine config pools
 include::modules/update-using-custom-machine-config-pools-pause.adoc[leveloffset=+1]
 
 [id="update-using-custom-machine-config-pools-update_{context}"]
@@ -69,6 +78,8 @@ When the MCPs enter ready state, you can perform the cluster update. See one of
 
 After the update is complete, you can start to unpause the MCPs one-by-one.
 
+// Unpausing the machine config pools
 include::modules/update-using-custom-machine-config-pools-unpause.adoc[leveloffset=+1]
 
+// Moving a node to the original machine config pool
 include::modules/update-using-custom-machine-config-pools-mcp-remove.adoc[leveloffset=+1]
diff --git a/updating/updating_a_cluster/updating-cluster-cli.adoc b/updating/updating_a_cluster/updating-cluster-cli.adoc
index 7c2efc9d1146..737eb800debe 100644
--- a/updating/updating_a_cluster/updating-cluster-cli.adoc
+++ b/updating/updating_a_cluster/updating-cluster-cli.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-cluster-cli"]
 = Updating a cluster using the CLI
 include::_attributes/common-attributes.adoc[]
@@ -11,6 +11,12 @@ All OpenShift advisories link directly to this assembly. If you are doing work t
 But if you really need to, please contact the release notes team so they can change the advisory templates. These templates are not part of the openshift-docs repo.
 ////
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 You can update, or upgrade, an {product-title} cluster within a minor version by using the OpenShift CLI (`oc`). You can also update a cluster between minor versions by following the same instructions.
 
 == Prerequisites
@@ -18,17 +24,18 @@ You can update, or upgrade, an {product-title} cluster within a minor version by
 * Have access to the cluster as a user with `admin` privileges.
 See xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions].
 * Have a recent xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[etcd backup] in case your update fails and you must restore your cluster to a previous state.
-* Support for {op-system-base}7 workers is removed in {product-title} {product-version}. You must replace {op-system-base}7 workers with {op-system-base}8 or {op-system} workers before updating to {product-title} {product-version}. Red Hat does not support in-place {op-system-base}7 to {op-system-base}8 updates for {op-system-base} workers; those hosts must be replaced with a clean operating system install.
-* Ensure all Operators previously installed through Operator Lifecycle Manager (OLM) are updated to their latest version in their latest channel. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators] for more information.
+* Have a recent xref:../../backup_and_restore/application_backup_and_restore/installing/oadp-backup-restore-csi-snapshots.adoc[Container Storage Interface (CSI) volume snapshot] in case you need to restore persistent volumes due to a pod failure.
+* Your {op-system-base}7 workers are replaced with {op-system-base}8 or {op-system} workers. Red{nbsp}Hat does not support in-place {op-system-base}7 to {op-system-base}8 updates for {op-system-base} workers; those hosts must be replaced with a clean operating system install.
+* You have updated all Operators previously installed through Operator Lifecycle Manager (OLM) to a version that is compatible with your target release. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators] for more information on how to check compatibility and, if necessary, update the installed Operators.
 * Ensure that all machine config pools (MCPs) are running and not paused. Nodes associated with a paused MCP are skipped during the update process. You can pause the MCPs if you are performing a canary rollout update strategy.
-* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
+* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
 * Ensure that you address all `Upgradeable=False` conditions so the cluster allows an update to the next minor version. An alert displays at the top of the *Cluster Settings* page when you have one or more cluster Operators that cannot be updated. You can still update to the next available patch update for the minor release you are currently on.
-* Review the list of APIs that were removed in Kubernetes 1.26, migrate any affected components to use the new API version, and provide the administrator acknowledgment. For more information, see xref:../../updating/updating-cluster-prepare.adoc#updating-cluster-prepare[Preparing to update to {product-title} 4.13].
+// * Review the list of APIs that were removed in Kubernetes 1.28, migrate any affected components to use the new API version, and provide the administrator acknowledgment. For more information, see xref:../../updating/preparing_for_updates/updating-cluster-prepare.adoc#updating-cluster-prepare[Preparing to update to {product-title} 4.14].
 * If you run an Operator or you have configured any application with the pod disruption budget, you might experience an interruption during the update process. If `minAvailable` is set to 1 in `PodDisruptionBudget`, the nodes are drained to apply pending machine configs which might block the eviction process. If several nodes are rebooted, all the pods might run on only one node, and the `PodDisruptionBudget` field can prevent the node drain.
 
 [IMPORTANT]
 ====
-* When an update is failing to complete, the Cluster Version Operator (CVO) reports the status of any blocking components while attempting to reconcile the update. Rolling your cluster back to a previous version is not supported.  If your update is failing to complete, contact Red Hat support.
+* When an update is failing to complete, the Cluster Version Operator (CVO) reports the status of any blocking components while attempting to reconcile the update. Rolling your cluster back to a previous version is not supported. If your update is failing to complete, contact Red{nbsp}Hat support.
 * Using the `unsupportedConfigOverrides` section to modify the configuration of an Operator is unsupported and might block cluster updates. You must remove this setting before you can update your cluster.
 ====
 
@@ -36,8 +43,10 @@ See xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define an
 .Additional resources
 * xref:../../architecture/architecture-installation.adoc#unmanaged-operators_architecture-installation[Support policy for unmanaged Operators]
 
+// Pausing a MachineHealthCheck resource
 include::modules/machine-health-checks-pausing.adoc[leveloffset=+1]
 
+// About updating single node {product-title}
 include::modules/updating-sno.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
@@ -45,14 +54,21 @@ include::modules/updating-sno.adoc[leveloffset=+1]
 
 * For information on which machine configuration changes require a reboot, see the note in xref:../../architecture/control-plane.adoc#about-machine-config-operator_control-plane[About the Machine Config Operator].
 
+// Updating a cluster by using the CLI
 include::modules/update-upgrading-cli.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-origin[]
 * xref:../../updating/updating_a_cluster/eus-eus-update.adoc#eus-eus-update[Performing an EUS-to-EUS update]
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+endif::openshift-origin[]
+* xref:../../updating/updating_a_cluster/updating-cluster-cli.adoc#update-conditional-upgrade-pathupdating-cluster-cli[Updating along a conditional update path]
+ifndef::openshift-origin[]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
+endif::openshift-origin[]
 
+// Updating along a conditional update path
 include::modules/update-conditional-updates.adoc[leveloffset=+1]
 
 // OKD removed the section that this link points to.
@@ -62,8 +78,9 @@ ifndef::openshift-origin[]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
 
 endif::openshift-origin[]
 
+// Changing the update server by using the CLI
 include::modules/update-changing-update-server-cli.adoc[leveloffset=+1]
diff --git a/updating/updating_a_cluster/updating-cluster-rhel-compute.adoc b/updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
index 67605a77a333..8c8bf0d246c5 100644
--- a/updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
+++ b/updating/updating_a_cluster/updating-cluster-rhel-compute.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-cluster-rhel-compute"]
 = Updating a cluster that includes RHEL compute machines
 include::_attributes/common-attributes.adoc[]
@@ -6,17 +6,21 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can update, or upgrade, an {product-title} cluster. If your cluster contains
-Red Hat Enterprise Linux (RHEL) machines, you must perform more steps to update
-those machines.
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
+You can update an {product-title} cluster. If your cluster contains {op-system-base-full} machines, you must perform more steps to update those machines.
 
 == Prerequisites
 
 * Have access to the cluster as a user with `admin` privileges.
 See xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions].
 * Have a recent xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[etcd backup] in case your update fails and you must restore your cluster to a previous state.
-* Support for {op-system-base}7 workers is removed in {product-title} {product-version}. You must replace {op-system-base}7 workers with {op-system-base}8 or {op-system} workers before updating to {product-title} {product-version}. Red Hat does not support in-place {op-system-base}7 to {op-system-base}8 updates for {op-system-base} workers; those hosts must be replaced with a clean operating system install.
-* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
+* Your {op-system-base}7 workers are replaced with {op-system-base}8 or {op-system} workers. Red{nbsp}Hat does not support in-place {op-system-base}7 to {op-system-base}8 updates for {op-system-base} workers; those hosts must be replaced with a clean operating system install.
+* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
 * If you run an Operator or you have configured any application with the pod disruption budget, you might experience an interruption during the update process. If `minAvailable` is set to 1 in `PodDisruptionBudget`, the nodes are drained to apply pending machine configs which might block the eviction process. If several nodes are rebooted, all the pods might run on only one node, and the `PodDisruptionBudget` field can prevent the node drain.
 
 [role="_additional-resources"]
@@ -24,19 +28,28 @@ See xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define an
 
 * xref:../../architecture/architecture-installation.adoc#unmanaged-operators_architecture-installation[Support policy for unmanaged Operators]
 
-
+// Updating a cluster by using the web console
 include::modules/update-upgrading-web.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
+
 [id="updating-cluster-rhel-compute-hooks"]
 == Optional: Adding hooks to perform Ansible tasks on RHEL machines
 
 You can use _hooks_ to run Ansible tasks on the RHEL compute machines during
 the {product-title} update.
 
+// About Ansible hooks for updates
 include::modules/rhel-compute-about-hooks.adoc[leveloffset=+2]
 
+// Configuring the Ansible inventory file to use hooks
 include::modules/rhel-compute-using-hooks.adoc[leveloffset=+2]
 
+// Available hooks for RHEL compute machines
 include::modules/rhel-compute-available-hooks.adoc[leveloffset=+2]
 
+// Updating {op-system-base} compute machines in your cluster
 include::modules/rhel-compute-updating.adoc[leveloffset=+1]
diff --git a/updating/updating_a_cluster/updating-cluster-web-console.adoc b/updating/updating_a_cluster/updating-cluster-web-console.adoc
index 0b2e856d92f7..14f7a921df0a 100644
--- a/updating/updating_a_cluster/updating-cluster-web-console.adoc
+++ b/updating/updating_a_cluster/updating-cluster-web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-cluster-web-console"]
 = Updating a cluster using the web console
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 You can update, or upgrade, an {product-title} cluster by using the web console. The following steps update a cluster within a minor version. You can use the same instructions for updating a cluster between minor versions.
 
 [NOTE]
@@ -13,49 +19,46 @@ You can update, or upgrade, an {product-title} cluster by using the web console.
 Use the web console or `oc adm upgrade channel _<channel>_` to change the update channel. You can follow the steps in xref:../../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI] to complete the update after you change to a {product-version} channel.
 ====
 
-== Prerequisites
-
-* Have access to the cluster as a user with `admin` privileges.
-See xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions].
-* Have a recent xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[etcd backup] in case your update fails and you must restore your cluster to a previous state.
-* Support for {op-system-base}7 workers is removed in {product-title} {product-version}. You must replace {op-system-base}7 workers with {op-system-base}8 or {op-system} workers before updating to {product-title} {product-version}. Red Hat does not support in-place {op-system-base}7 to {op-system-base}8 updates for {op-system-base} workers; those hosts must be replaced with a clean operating system install.
-* Ensure all Operators previously installed through Operator Lifecycle Manager (OLM) are updated to their latest version in their latest channel. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators] for more information.
-* Ensure that all machine config pools (MCPs) are running and not paused. Nodes associated with a paused MCP are skipped during the update process. You can pause the MCPs if you are performing a canary rollout update strategy.
-//remove this???^ or maybe just add another bullet that you can break up the update?
-* To accommodate the time it takes to update, you are able to do a partial update by updating the worker or custom pool nodes. You can pause and resume within the progress bar of each pool.
-* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
-* Review the list of APIs that were removed in Kubernetes 1.26, migrate any affected components to use the new API version, and provide the administrator acknowledgment. For more information, see xref:../../updating/updating-cluster-prepare.adoc#updating-cluster-prepare[Preparing to update to {product-title} 4.13].
-* If you run an Operator or you have configured any application with the pod disruption budget, you might experience an interruption during the update process. If `minAvailable` is set to 1 in `PodDisruptionBudget`, the nodes are drained to apply pending machine configs which might block the eviction process. If several nodes are rebooted, all the pods might run on only one node, and the `PodDisruptionBudget` field can prevent the node drain.
+include::modules/before-updating-ocp.adoc[leveloffset=+1]
 
 [IMPORTANT]
 ====
-* When an update is failing to complete, the Cluster Version Operator (CVO) reports the status of any blocking components while attempting to reconcile the update. Rolling your cluster back to a previous version is not supported.  If your update is failing to complete, contact Red Hat support.
+* When an update is failing to complete, the Cluster Version Operator (CVO) reports the status of any blocking components while attempting to reconcile the update. Rolling your cluster back to a previous version is not supported. If your update is failing to complete, contact Red{nbsp}Hat support.
 * Using the `unsupportedConfigOverrides` section to modify the configuration of an Operator is unsupported and might block cluster updates. You must remove this setting before you can update your cluster.
 ====
 
+include::modules/update-changing-update-server-web.adoc[leveloffset=+1]
+
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../architecture/architecture-installation.adoc#unmanaged-operators_architecture-installation[Support policy for unmanaged Operators]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
 
-include::modules/update-using-custom-machine-config-pools-canary.adoc[leveloffset=+1]
+include::modules/machine-health-checks-pausing-web-console.adoc[leveloffset=+1]
 
-If you want to use the canary rollout update process, see xref:../../updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc#update-using-custom-machine-config-pools[Performing a canary rollout update].
+include::modules/update-upgrading-web.adoc[leveloffset=+1]
 
-include::modules/machine-health-checks-pausing-web-console.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
 
-include::modules/updating-sno.adoc[leveloffset=+1]
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
+
+include::modules/update-conditional-web-console.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* For information on which machine configuration changes require a reboot, see the note in xref:../../architecture/control-plane.adoc#about-machine-config-operator_control-plane[About the Machine Config Operator].
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]
 
-include::modules/update-upgrading-web.adoc[leveloffset=+1]
+* xref:../../updating/understanding_updates/understanding-update-channels-release.adoc#conditional-updates-overview_understanding-update-channels-releases[Update recommendations and Conditional Updates]
 
-include::modules/update-changing-update-server-web.adoc[leveloffset=+1]
+include::modules/update-using-custom-machine-config-pools-canary.adoc[leveloffset=+1]
+
+If you want to use the canary rollout update process, see xref:../../updating/updating_a_cluster/update-using-custom-machine-config-pools.adoc#update-using-custom-machine-config-pools[Performing a canary rollout update].
+
+include::modules/updating-sno.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+* xref:../../architecture/control-plane.adoc#about-machine-config-operator_control-plane[About the Machine Config Operator].
\ No newline at end of file
diff --git a/updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc b/updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc
index 17bd9570a6a6..21d77735d49d 100644
--- a/updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc
+++ b/updating/updating_a_cluster/updating-hardware-on-nodes-running-on-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-hardware-on-nodes-running-on-vsphere"]
 = Updating hardware on nodes running on vSphere
 include::_attributes/common-attributes.adoc[]
@@ -6,13 +6,21 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You must ensure that your nodes running in vSphere are running on the hardware version supported by {product-title}. Currently, hardware version 13 or later is supported for vSphere virtual machines in a cluster.
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
+You must ensure that your nodes running in vSphere are running on the hardware version supported by {product-title}. Currently, hardware version 15 or later is supported for vSphere virtual machines in a cluster.
 
 You can update your virtual hardware immediately or schedule an update in vCenter.
 
 [IMPORTANT]
 ====
-Before upgrading Openshift 4.12 to Openshift 4.13, you must update vSphere to *v7.0.2 or later*; otherwise, the Openshift 4.12 cluster is marked *un-upgradeable*.
+* Version {product-version} of {product-title} requires VMware virtual hardware version 15 or later.
+
+* Before upgrading OpenShift 4.12 to OpenShift 4.13, you must update vSphere to *v7.0.2 or later*; otherwise, the OpenShift 4.12 cluster is marked *un-upgradeable*.
 ====
 
 [id="updating-virtual-hardware-on-vsphere_{context}"]
@@ -25,8 +33,13 @@ To update the hardware of your virtual machines (VMs) on VMware vSphere, update
 As of {product-title} 4.13, VMware virtual hardware version 13 is no longer supported. You need to update to VMware version 15 or later for supporting functionality.
 ====
 
+// Updating the virtual hardware for control plane nodes on vSphere
 include::modules/update-vsphere-virtual-hardware-on-control-plane-nodes.adoc[leveloffset=+2]
+
+// Updating the virtual hardware for compute nodes on vSphere
 include::modules/update-vsphere-virtual-hardware-on-compute-nodes.adoc[leveloffset=+2]
+
+// Updating the virtual hardware for template on vSphere
 include::modules/update-vsphere-virtual-hardware-on-template.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -34,4 +47,5 @@ include::modules/update-vsphere-virtual-hardware-on-template.adoc[leveloffset=+2
 
 * xref:../../nodes/nodes/nodes-nodes-working.adoc#nodes-nodes-working-evacuating_nodes-nodes-working[Understanding how to evacuate pods on nodes]
 
+// Scheduling an update for virtual hardware on vSphere
 include::modules/scheduling-virtual-hardware-update-on-vsphere.adoc[leveloffset=+1]
diff --git a/updating/updating_a_cluster/updating-hosted-control-planes.adoc b/updating/updating_a_cluster/updating-hosted-control-planes.adoc
index c30c4f38f8ea..28c8d1acd175 100644
--- a/updating/updating_a_cluster/updating-hosted-control-planes.adoc
+++ b/updating/updating_a_cluster/updating-hosted-control-planes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-hosted-control-planes"]
 = Updating hosted control planes
 include::_attributes/common-attributes.adoc[]
@@ -6,8 +6,19 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 On hosted control planes for {product-title}, updates are decoupled between the control plane and the nodes. Your service cluster provider, which is the user that hosts the cluster control planes, can manage the updates as needed. The hosted cluster handles control plane updates, and node pools handle node updates.
 
+// Updates for hosted control planes
 include::modules/updates-for-hosted-control-planes.adoc[leveloffset=+1]
+
+// Updating node pools for hosted control planes
 include::modules/updating-node-pools-for-hcp.adoc[leveloffset=+1]
+
+// Configuring node pools for hosted control planes
 include::modules/configuring-node-pools-for-hcp.adoc[leveloffset=+1]
diff --git a/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc b/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
index 6fe32b327a35..eb88863818e4 100644
--- a/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
+++ b/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="updating-restricted-network-cluster-OSUS"]
 = Updating a cluster in a disconnected environment using the OpenShift Update Service
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 To get an update experience similar to connected clusters, you can use the following procedures to install and configure the OpenShift Update Service (OSUS) in a disconnected environment.
 
 The following steps outline the high-level workflow on how to update a cluster in a disconnected environment using OSUS:
@@ -22,12 +28,13 @@ The following steps outline the high-level workflow on how to update a cluster i
 
 . Perform a supported update procedure from the documentation as you would with a connected cluster.
 
+// Using the OpenShift Update Service in a disconnected environment
 include::modules/disconnected-osus-overview.adoc[leveloffset=+1]
 
 .Additional resources
 
 * xref:../../../updating/understanding_updates/intro-to-updates.adoc#update-service-about_understanding-openshift-updates[About the OpenShift Update Service]
-* xref:../../../updating/understanding-upgrade-channels-release.adoc#understanding-upgrade-channels-releases[Understanding update channels and releases]
+* xref:../../../updating/understanding_updates/understanding-update-channels-release.adoc#understanding-update-channels-releases[Understanding update channels and releases]
 
 [id="update-service-prereqs"]
 == Prerequisites
@@ -62,6 +69,7 @@ data:
 <1> The OpenShift Update Service Operator requires the config map key name updateservice-registry in the registry CA cert.
 <2> If the registry has the port, such as `registry-with-port.example.com:5000`, `:` should be replaced with `..`.
 
+// Updating the global cluster pull secret
 include::modules/images-update-global-pull-secret.adoc[leveloffset=+1]
 
 [id="update-service-install"]
@@ -74,8 +82,10 @@ To install the OpenShift Update Service, you must first install the OpenShift Up
 For clusters that are installed in disconnected environments, also known as disconnected clusters, Operator Lifecycle Manager by default cannot access the Red Hat-provided OperatorHub sources hosted on remote registries because those remote sources require full internet connectivity. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
 ====
 
+// Installing the OpenShift Update Service Operator by using the web console
 include::modules/update-service-install-web-console.adoc[leveloffset=+2]
 
+// Installing the OpenShift Update Service Operator by using the CLI
 include::modules/update-service-install-cli.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -83,6 +93,7 @@ include::modules/update-service-install-cli.adoc[leveloffset=+2]
 
 * xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Installing Operators in your namespace].
 
+// Creating the OpenShift Update Service graph data container image
 include::modules/update-service-graph-data.adoc[leveloffset=+1]
 
 [id="update-service-create-service"]
@@ -90,8 +101,10 @@ include::modules/update-service-graph-data.adoc[leveloffset=+1]
 
 You can create an OpenShift Update Service application by using the {product-title} web console or CLI.
 
+// Creating an OpenShift Update Service application by using the web console
 include::modules/update-service-create-service-web-console.adoc[leveloffset=+2]
 
+// Creating an OpenShift Update Service application by using the CLI
 include::modules/update-service-create-service-cli.adoc[leveloffset=+2]
 
 [NOTE]
@@ -100,6 +113,7 @@ The policy engine route name must not be more than 63 characters based on RFC-11
 and must be no more than 63 characters`, try creating the Update Service with a shorter name.
 ====
 
+// Configuring the Cluster Version Operator (CVO)
 include::modules/update-service-configure-cvo.adoc[leveloffset=+3]
 
 [NOTE]
@@ -121,6 +135,13 @@ The release image signature config map allows the Cluster Version Operator (CVO)
 ====
 * The current release and update target release images are mirrored to a locally accessible registry.
 * A recent graph data container image has been mirrored to your local registry.
+* A recent version of the OpenShift Update Service Operator is installed.
++
+[NOTE]
+====
+If you have not recently installed or updated the OpenShift Update Service Operator, there might be a more recent version available.
+See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for more information about how to update your OLM catalog in a disconnected environment.
+====
 
 After you configure your cluster to use the locally-installed OpenShift Update Service and local mirror registry, you can use any of the following update methods:
 
diff --git a/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc b/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
index c5502afccda9..30a548e2c113 100644
--- a/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
+++ b/updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 ifndef::openshift-origin[]
 [id="updating-restricted-network-cluster"]
 = Updating a cluster in a disconnected environment without the OpenShift Update Service
@@ -12,6 +12,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 Use the following procedures to update a cluster in a disconnected environment without access to the OpenShift Update Service.
 
 == Prerequisites
@@ -21,8 +27,9 @@ Use the following procedures to update a cluster in a disconnected environment w
 * You must have access to the cluster as a user with `admin` privileges.
 See xref:../../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions].
 * You must have a recent xref:../../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[etcd backup] in case your update fails and you must xref:../../../backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc#dr-restoring-cluster-state[restore your cluster to a previous state].
+* You have updated all Operators previously installed through Operator Lifecycle Manager (OLM) to a version that is compatible with your target release. Updating the Operators ensures they have a valid update path when the default OperatorHub catalogs switch from the current minor version to the next during a cluster update. See xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators] for more information on how to check compatibility and, if necessary, update the installed Operators.
 * You must ensure that all machine config pools (MCPs) are running and not paused. Nodes associated with a paused MCP are skipped during the update process. You can pause the MCPs if you are performing a canary rollout update strategy.
-* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../../updating/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
+* If your cluster uses manually maintained credentials, update the cloud provider resources for the new release. For more information, including how to determine if this is a requirement for your cluster, see xref:../../../updating/preparing_for_updates/preparing-manual-creds-update.adoc#preparing-manual-creds-update[Preparing to update a cluster with manually maintained credentials].
 * If you run an Operator or you have configured any application with the pod disruption budget, you might experience an interruption during the update process. If `minAvailable` is set to 1 in `PodDisruptionBudget`, the nodes are drained to apply pending machine configs which might block the eviction process. If several nodes are rebooted, all the pods might run on only one node, and the `PodDisruptionBudget` field can prevent the node drain.
 
 [NOTE]
@@ -30,16 +37,27 @@ See xref:../../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define
 If you run an Operator or you have configured any application with the pod disruption budget, you might experience an interruption during the update process. If `minAvailable` is set to 1 in `PodDisruptionBudget`, the nodes are drained to apply pending machine configs which might block the eviction process. If several nodes are rebooted, all the pods might run on only one node, and the `PodDisruptionBudget` field can prevent the node drain.
 ====
 
+// Pausing a MachineHealthCheck resource
 include::modules/machine-health-checks-pausing.adoc[leveloffset=+1]
 
+// Retrieving a release image digest
 include::modules/update-restricted-image-digests.adoc[leveloffset=+1]
 
+// Updating the disconnected cluster
 include::modules/update-restricted.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc#mirroring-ocp-image-repository[Mirroring {product-title} images]
+
+// Configuring image registry repository mirroring
 include::modules/images-configuration-registry-mirror.adoc[leveloffset=+1]
 
+// Converting ImageContentSourcePolicy (ICSP) files for image registry repository mirroring
 include::modules/images-configuration-registry-mirror-convert.adoc[leveloffset=+2]
 
+// Widening the scope of the mirror image catalog to reduce the frequency of cluster node reboots
 include::modules/generating-icsp-object-scoped-to-a-registry.adoc[leveloffset=+1]
 
 [id="additional-resources_security-container-signature"]
diff --git a/updating/updating_a_cluster/updating_disconnected_cluster/index.adoc b/updating/updating_a_cluster/updating_disconnected_cluster/index.adoc
index c14543c04c44..39a06c26ae50 100644
--- a/updating/updating_a_cluster/updating_disconnected_cluster/index.adoc
+++ b/updating/updating_a_cluster/updating_disconnected_cluster/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="about-restricted-network-updates"]
 = About cluster updates in a disconnected environment
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 A disconnected environment is one in which your cluster nodes cannot access the internet.
 For this reason, you must populate a registry with the installation images.
 If your registry host cannot access both the internet and the cluster, you can mirror the images to a file system that is disconnected from that environment and then bring that host or removable media across that gap.
diff --git a/updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc b/updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
index a01e881331f9..aef8eb8f50e6 100644
--- a/updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
+++ b/updating/updating_a_cluster/updating_disconnected_cluster/mirroring-image-repository.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="mirroring-ocp-image-repository"]
 = Mirroring {product-title} images
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 You must mirror container images onto a mirror registry before you can update a cluster in a disconnected environment. You can also use this procedure in connected environments to ensure your clusters run only approved container images that have satisfied your organizational controls for external content.
 
 [NOTE]
@@ -54,7 +60,7 @@ Compared to using the `oc adm release mirror` command, the oc-mirror plugin has
 +
 [NOTE]
 ====
-If you use Red Hat Quay, you must use version 3.6 or later with the oc-mirror plugin. If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.6/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3.6/html/deploy_red_hat_quay_on_openshift_with_the_quay_operator/[by using the Quay Operator]. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat Support.
+If you use Red Hat Quay, you must use version 3.6 or later with the oc-mirror plugin. If you have an entitlement to Red Hat Quay, see the documentation on deploying Red Hat Quay link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/[for proof-of-concept purposes] or link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/deploying_the_red_hat_quay_operator_on_openshift_container_platform/index[by using the Quay Operator]. If you need additional assistance selecting and installing a registry, contact your sales representative or Red Hat Support.
 ====
 +
 If you do not have an existing solution for a container image registry, the xref:../../../installing/disconnected_install/installing-mirroring-creating-registry.adoc#installing-mirroring-creating-registry[mirror registry for Red Hat OpenShift] is included in {product-title} subscriptions. The _mirror registry for Red Hat OpenShift_ is a small-scale container registry that you can use to mirror {product-title} container images in disconnected installations and updates.
@@ -64,6 +70,7 @@ If you do not have an existing solution for a container image registry, the xref
 
 Before you perform the mirror procedure, you must prepare the host to retrieve content and push it to the remote location.
 
+// Installing the OpenShift CLI by downloading the binary
 include::modules/cli-installing-cli.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -71,6 +78,7 @@ include::modules/cli-installing-cli.adoc[leveloffset=+2]
 
 * xref:../../../cli_reference/openshift_cli/extending-cli-plugins.adoc#cli-installing-plugins_cli-extend-plugins[Installing and using CLI plugins]
 
+// Configuring credentials that allow images to be mirrored
 include::modules/installation-adding-registry-pull-secret.adoc[leveloffset=+2]
 
 [id=mirroring-ocp-resources-ocmirror]
@@ -175,4 +183,5 @@ include::modules/oc-mirror-image-set-config-examples.adoc[leveloffset=+2]
 // Command reference for oc-mirror
 include::modules/oc-mirror-command-reference.adoc[leveloffset=+2]
 
+// Mirroring images using the oc adm release mirror command
 include::modules/update-mirror-repository.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc b/updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
index f82a4273d95d..816410ed7af7 100644
--- a/updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
+++ b/updating/updating_a_cluster/updating_disconnected_cluster/uninstalling-osus.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-osus"]
 = Uninstalling the OpenShift Update Service from a cluster
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,12 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+////
+WARNING: This assembly has been moved into a subdirectory for 4.14+. Changes to this assembly for earlier versions should be done in separate PRs based off of their respective version branches. Otherwise, your cherry picks may fail.
+
+To do: Remove this comment once 4.13 docs are EOL.
+////
+
 To remove a local copy of the OpenShift Update Service (OSUS) from your cluster, you must first delete the OSUS application and then uninstall the OSUS Operator.
 
 [id="update-service-delete-service"]
@@ -13,8 +19,10 @@ To remove a local copy of the OpenShift Update Service (OSUS) from your cluster,
 
 You can delete an OpenShift Update Service application by using the {product-title} web console or CLI.
 
+// Deleting an OpenShift Update Service application by using the web console
 include::modules/update-service-delete-service-web-console.adoc[leveloffset=+2]
 
+// Deleting an OpenShift Update Service application by using the CLI
 include::modules/update-service-delete-service-cli.adoc[leveloffset=+2]
 
 [id="update-service-uninstall"]
@@ -22,6 +30,8 @@ include::modules/update-service-delete-service-cli.adoc[leveloffset=+2]
 
 You can uninstall the OpenShift Update Service Operator by using the {product-title} web console or CLI.
 
+// Uninstalling the OpenShift Update Service Operator by using the web console
 include::modules/update-service-uninstall-web-console.adoc[leveloffset=+2]
 
+// Uninstalling the OpenShift Update Service Operator by using the CLI
 include::modules/update-service-uninstall-cli.adoc[leveloffset=+2]
diff --git a/upgrading/osd-upgrades.adoc b/upgrading/osd-upgrades.adoc
index ca864d6ea178..122c6e44997b 100644
--- a/upgrading/osd-upgrades.adoc
+++ b/upgrading/osd-upgrades.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="osd-upgrades"]
 = {product-title} cluster upgrades
 :context: osd-upgrades
diff --git a/upgrading/rosa-hcp-upgrading.adoc b/upgrading/rosa-hcp-upgrading.adoc
index c0583c393f6b..3455c7402116 100644
--- a/upgrading/rosa-hcp-upgrading.adoc
+++ b/upgrading/rosa-hcp-upgrading.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-hcp-upgrading"]
 = Upgrading {hcp-title}
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/upgrading/rosa-upgrading-sts.adoc b/upgrading/rosa-upgrading-sts.adoc
index 709853d707b3..4d1cbc3ff566 100644
--- a/upgrading/rosa-upgrading-sts.adoc
+++ b/upgrading/rosa-upgrading-sts.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-upgrading-sts"]
 = Upgrading ROSA clusters with STS
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/upgrading/rosa-upgrading.adoc b/upgrading/rosa-upgrading.adoc
index 0db8d5a1658b..c4d8b72fe976 100644
--- a/upgrading/rosa-upgrading.adoc
+++ b/upgrading/rosa-upgrading.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="rosa-upgrading"]
 = Upgrading ROSA clusters
 include::_attributes/attributes-openshift-dedicated.adoc[]
diff --git a/virt/about_virt/about-virt.adoc b/virt/about_virt/about-virt.adoc
index 5b883289bfb0..4cc8d96eb843 100644
--- a/virt/about_virt/about-virt.adoc
+++ b/virt/about_virt/about-virt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="about-virt"]
 = About {VirtProductName}
@@ -15,10 +15,7 @@ include::modules/virt-what-you-can-do-with-virt.adoc[leveloffset=+1]
 
 You can use {VirtProductName} with xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes], xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[OpenShift SDN], or one of the other certified network plugins listed in link:https://access.redhat.com/articles/5436171[Certified OpenShift CNI Plug-ins].
 
-You can check your {VirtProductName} cluster for compliance issues by installing the xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance[Compliance Operator] and running a scan with the `ocp4-moderate` and `ocp4-moderate-node` xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[profiles]. The Compliance Operator uses OpenSCAP, a link:https://www.nist.gov/[NIST-certified tool], to scan and enforce security policies.
-
-:FeatureName: {VirtProductName} integration with the Compliance Operator
-include::snippets/technology-preview.adoc[]
+You can check your {VirtProductName} cluster for compliance issues by installing the xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance[Compliance Operator] and running a scan with the `ocp4-moderate` and `ocp4-moderate-node` xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[profiles]. The Compliance Operator uses OpenSCAP, a link:https://www.nist.gov/[NIST-certified tool], to scan and enforce security policies.
 
 include::modules/virt-supported-cluster-version.adoc[leveloffset=+2]
 
@@ -33,8 +30,7 @@ include::modules/virt-sno-differences.adoc[leveloffset=+1]
 * xref:../../storage/index.adoc#openshift-storage-common-terms_storage-overview[Glossary of common terms for {product-title} storage]
 * xref:../../installing/installing_sno/install-sno-preparing-to-install-sno.adoc#install-sno-about-installing-on-a-single-node_install-sno-preparing[About {sno}]
 * link:https://cloud.redhat.com/blog/using-the-openshift-assisted-installer-service-to-deploy-an-openshift-cluster-on-metal-and-vsphere[Assisted installer]
-* xref:../../virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc#virt-configuring-local-storage-for-vms[Hostpath Provisioner (HPP)]
 * xref:../../nodes/pods/nodes-pods-priority.adoc#priority-preemption-other_nodes-pods-priority[Pod disruption budgets]
-* xref:../../virt/live_migration/virt-live-migration.adoc#virt-live-migration[Live migration]
-* xref:../../virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc#virt-configuring-vmi-eviction-strategy[Eviction strategy]
+* xref:../../virt/live_migration/virt-about-live-migration.adoc#virt-about-live-migration[About live migration]
+* xref:../../virt/nodes/virt-node-maintenance.adoc#eviction-strategies[Eviction strategies]
 * link:https://access.redhat.com/articles/6994974[Tuning & Scaling Guide]
\ No newline at end of file
diff --git a/virt/about_virt/virt-architecture.adoc b/virt/about_virt/virt-architecture.adoc
index 1e847c675a12..ae902a55b452 100644
--- a/virt/about_virt/virt-architecture.adoc
+++ b/virt/about_virt/virt-architecture.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="virt-architecture"]
 = {VirtProductName} Architecture
@@ -18,9 +18,9 @@ OLM also deploys the `hyperconverged-cluster-operator` pod, which is responsible
 
 After all operator pods are successfully deployed, you should create the `HyperConverged` custom resource (CR). The configurations set in the `HyperConverged` CR serve as the single source of truth and the entrypoint for {VirtProductName}, and guide the behavior of the CRs.
 
-The `HyperConverged` CR creates corresponding CRs for the operators of all other components within its reconciliation loop. Each operator then creates resources such as daemon sets, config maps, and additional components for the {VirtProductName} control plane. For example, when the `hco-operator` creates the `KubeVirt` CR, the `virt-operator` reconciles it and create additional resources such as `virt-controller`, `virt-handler`, and `virt-api`.
+The `HyperConverged` CR creates corresponding CRs for the operators of all other components within its reconciliation loop. Each operator then creates resources such as daemon sets, config maps, and additional components for the {VirtProductName} control plane. For example, when the HyperConverged Operator (HCO) creates the `KubeVirt` CR, the {VirtProductName} Operator reconciles it and creates additional resources such as `virt-controller`, `virt-handler`, and `virt-api`.
 
-The OLM deploys the `hostpath-provisioner-operator`, but it is not functional until you create a `hostpath provisioner` (HPP) CR.
+The OLM deploys the Hostpath Provisioner (HPP) Operator, but it is not functional until you create a `hostpath-provisioner` CR.
 
 image::cnv_components_main.png[Deployments]
 
@@ -36,6 +36,4 @@ include::modules/virt-about-hpp-operator.adoc[leveloffset=+1]
 
 include::modules/virt-about-ssp-operator.adoc[leveloffset=+1]
 
-include::modules/virt-about-tekton-tasks-operator.adoc[leveloffset=+1]
-
 include::modules/virt-about-virt-operator.adoc[leveloffset=+1]
diff --git a/virt/about_virt/virt-security-policies.adoc b/virt/about_virt/virt-security-policies.adoc
index 9507806a74bf..bec9bf03f075 100644
--- a/virt/about_virt/virt-security-policies.adoc
+++ b/virt/about_virt/virt-security-policies.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-security-policies"]
 = Security policies
 include::_attributes/common-attributes.adoc[]
@@ -10,22 +10,27 @@ Learn about {VirtProductName} security and authorization.
 
 .Key points
 * {VirtProductName} adheres to the `restricted` link:https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted[Kubernetes pod security standards] profile, which aims to enforce the current best practices for pod security.
-
 * Virtual machine (VM) workloads run as unprivileged pods.
-
 * xref:../../authentication/managing-security-context-constraints.adoc#security-context-constraints-about_configuring-internal-oauth[Security context constraints] (SCCs) are defined for the `kubevirt-controller` service account.
+* TLS certificates for {VirtProductName} components are renewed and rotated automatically.
 
 include::modules/virt-about-workload-security.adoc[leveloffset=+1]
 
-include::modules/virt-additional-scc-for-kubevirt-controller.adoc[leveloffset=+1]
+include::modules/virt-automatic-certificates-renewal.adoc[leveloffset=+1]
 
 [id="authorization_virt-security-policies"]
 == Authorization
 
-{VirtProductName} uses xref:../../authentication/using-rbac.adoc#using-rbac[role-based access control] (RBAC) for authorization. For example, an administrator can create an RBAC role that provides the permissions required to launch a virtual machine. The administrator can then restrict access to that feature by binding the role to specific users.
+{VirtProductName} uses xref:../../authentication/using-rbac.adoc#using-rbac[role-based access control] (RBAC) to define permissions for human users and service accounts. The permissions defined for service accounts control the actions that {VirtProductName} components can perform.
+
+You can also use RBAC roles to manage user access to virtualization features. For example, an administrator can create an RBAC role that provides the permissions required to launch a virtual machine. The administrator can then restrict access by binding the role to specific users.
 
 include::modules/virt-default-cluster-roles.adoc[leveloffset=+2]
 
+include::modules/virt-storage-rbac-roles.adoc[leveloffset=+2]
+
+include::modules/virt-additional-scc-for-kubevirt-controller.adoc[leveloffset=+2]
+
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
 == Additional resources
@@ -33,4 +38,5 @@ include::modules/virt-default-cluster-roles.adoc[leveloffset=+2]
 * xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions]
 * xref:../../authentication/using-rbac.adoc#creating-cluster-role_using-rbac[Creating a cluster role]
 * xref:../../authentication/using-rbac.adoc#cluster-role-binding-commands_using-rbac[Cluster role binding commands]
-* xref:../../virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[Enabling user permissions to clone data volumes across namespaces]
\ No newline at end of file
+* xref:../../virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[Enabling user permissions to clone data volumes across namespaces]
+
diff --git a/virt/backup_restore/virt-backing-up-vms.adoc b/virt/backup_restore/virt-backing-up-vms.adoc
index b7bb8a12b302..4b2a2cdde4c6 100644
--- a/virt/backup_restore/virt-backing-up-vms.adoc
+++ b/virt/backup_restore/virt-backing-up-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="virt-backing-up-vms"]
 = Backing up virtual machines
@@ -14,7 +14,7 @@ The `Backup` CR performs the following actions:
 * Backs up VM disks by using one of the following options:
 
 ** xref:../../virt/backup_restore/virt-backing-up-vms.adoc#oadp-backing-up-pvs-csi_virt-backing-up-vms[Container Storage Interface (CSI) snapshots] on CSI-enabled cloud storage, such as Ceph RBD or Ceph FS.
-** xref:../../virt/backup_restore/virt-backing-up-vms.adoc#oadp-backing-up-applications-restic_virt-backing-up-vms[Restic file system backups] on object storage.
+** xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc#backing-up-applications[Backing up applications with File System Backup: Kopia or Restic] on object storage.
 
 [NOTE]
 ====
@@ -22,20 +22,18 @@ OADP provides backup hooks to freeze the VM file system before the backup operat
 
 The `kubevirt-controller` creates the `virt-launcher` pods with annotations that enable Velero to run the `virt-freezer` binary before and after the backup operation.
 
-The `freeze` and `unfreeze` APIs are subresources of the VM snapshot API. See xref:../../virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc#virt-about-vm-snapshots_virt-managing-vm-snapshots[About virtual machine snapshots] for details.
+The `freeze` and `unfreeze` APIs are subresources of the VM snapshot API. See xref:../../virt/backup_restore/virt-backup-restore-snapshots.adoc#virt-about-vm-snapshots_virt-backup-restore-snapshots[About virtual machine snapshots] for details.
 ====
 
-You can add xref:../../virt/backup_restore/virt-backing-up-vms.adoc#oadp-creating-backup-hooks_virt-backing-up-vms[hooks] to the `Backup` CR to run commands on specific VMs before or after the backup operation.
+You can add xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-hooks-doc.adoc#backing-up-applications[hooks] to the `Backup` CR to run commands on specific VMs before or after the backup operation.
 
-You schedule a backup by creating a xref:../../virt/backup_restore/virt-backing-up-vms.adoc#oadp-scheduling-backups_virt-backing-up-vms[`Schedule` CR] instead of a `Backup` CR.
+You schedule a backup by creating a xref:../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-scheduling-backups-doc.adoc#backing-up-applications[`Schedule` CR] instead of a `Backup` CR.
 
 include::modules/oadp-creating-backup-cr.adoc[leveloffset=+1]
 include::modules/oadp-backing-up-pvs-csi.adoc[leveloffset=+2]
 include::modules/oadp-backing-up-applications-restic.adoc[leveloffset=+2]
 include::modules/oadp-creating-backup-hooks.adoc[leveloffset=+2]
 
-include::modules/oadp-scheduling-backups.adoc[leveloffset=+1]
-
 [id="additional-resources_virt-backing-up-vms"]
 == Additional resources
 
diff --git a/virt/backup_restore/virt-backup-restore-overview.adoc b/virt/backup_restore/virt-backup-restore-overview.adoc
index 9373d0d93ef8..94292b2e9d86 100644
--- a/virt/backup_restore/virt-backup-restore-overview.adoc
+++ b/virt/backup_restore/virt-backup-restore-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="virt-backup-restore-overview"]
 = Backing up and restoring virtual machines
diff --git a/virt/backup_restore/virt-backup-restore-snapshots.adoc b/virt/backup_restore/virt-backup-restore-snapshots.adoc
new file mode 100644
index 000000000000..e73678a4866e
--- /dev/null
+++ b/virt/backup_restore/virt-backup-restore-snapshots.adoc
@@ -0,0 +1,59 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-backup-restore-snapshots"]
+= Backup and restore by using VM snapshots
+include::_attributes/common-attributes.adoc[]
+:context: virt-backup-restore-snapshots
+
+toc::[]
+
+You can back up and restore virtual machines (VMs) by using snapshots. Snapshots are supported by the following storage providers:
+
+* {rh-storage-first}
+* Any other cloud storage provider with the Container Storage Interface (CSI) driver that supports the Kubernetes Volume Snapshot API
+
+Online snapshots have a default time deadline of five minutes (`5m`) that can be changed, if needed.
+
+[IMPORTANT]
+====
+Online snapshots are supported for virtual machines that have hot plugged virtual disks. However, hot plugged disks that are not in the virtual machine specification are not included in the snapshot.
+====
+
+To create snapshots of an online (Running state) VM with the highest integrity, install the QEMU guest agent if it is not included with your operating system. The QEMU guest agent is included with the default Red Hat templates.
+
+The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
+
+include::modules/virt-about-vm-snapshots.adoc[leveloffset=+1]
+
+[id="creating-snapshots_virt-backup-restore-snapshots"]
+== Creating snapshots
+
+You can create snapshots of virtual machines (VMs) by using the {product-title} web console or the command line.
+
+include::modules/virt-creating-vm-snapshot-web.adoc[leveloffset=+2]
+
+include::modules/virt-creating-vm-snapshot-cli.adoc[leveloffset=+2]
+
+include::modules/virt-verifying-online-snapshot-creation-with-snapshot-indications.adoc[leveloffset=+1]
+
+[id="restoring-vms-from-snapshots_virt-backup-restore-snapshots"]
+== Restoring virtual machines from snapshots
+
+You can restore virtual machines (VMs) from snapshots by using the {product-title} web console or the command line.
+
+include::modules/virt-restoring-vm-from-snapshot-web.adoc[leveloffset=+2]
+
+include::modules/virt-restoring-vm-from-snapshot-cli.adoc[leveloffset=+2]
+
+[id="deleting-snapshots_virt-backup-restore-snapshots"]
+== Deleting snapshots
+
+You can delete snapshots of virtual machines (VMs) by using the {product-title} web console or the command line.
+
+include::modules/virt-deleting-vm-snapshot-web.adoc[leveloffset=+2]
+
+include::modules/virt-deleting-vm-snapshot-cli.adoc[leveloffset=+2]
+
+[role="_additional-resources-snapshots"]
+== Additional resources
+
+* xref:../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots[CSI Volume Snapshots]
diff --git a/virt/backup_restore/virt-installing-configuring-oadp.adoc b/virt/backup_restore/virt-installing-configuring-oadp.adoc
index 6088e626c0cc..abcc0ad7c67f 100644
--- a/virt/backup_restore/virt-installing-configuring-oadp.adoc
+++ b/virt/backup_restore/virt-installing-configuring-oadp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="virt-installing-configuring-oadp"]
 = Installing and configuring OADP
@@ -27,7 +27,8 @@ You can configure the Data Protection Application by setting Velero resource all
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
-include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-2-and-earlier.adoc[leveloffset=+1]
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
 include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 [id="uninstalling-oadp_{context}"]
diff --git a/virt/backup_restore/virt-restoring-vms.adoc b/virt/backup_restore/virt-restoring-vms.adoc
index 0080f75feb70..fdac38112e7b 100644
--- a/virt/backup_restore/virt-restoring-vms.adoc
+++ b/virt/backup_restore/virt-restoring-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="virt-restoring-vms"]
 = Restoring virtual machines
diff --git a/virt/getting_started/virt-getting-started.adoc b/virt/getting_started/virt-getting-started.adoc
index 359ca878e5a1..d4d999846714 100644
--- a/virt/getting_started/virt-getting-started.adoc
+++ b/virt/getting_started/virt-getting-started.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-getting-started"]
 = Getting started with {VirtProductName}
 include::_attributes/common-attributes.adoc[]
@@ -30,7 +30,7 @@ Plan and install {VirtProductName} on an {product-title} cluster:
 
 * xref:../../virt/install/preparing-cluster-for-virt.adoc#virt-about-storage-volumes-for-vm-disks_preparing-cluster-for-virt[About storage volumes for virtual machine disks].
 * xref:../../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Using a CSI-enabled storage provider].
-* xref:../../virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc#virt-configuring-local-storage-for-vms[Configuring local storage for virtual machines].
+* xref:../../virt/storage/virt-configuring-local-storage-with-hpp.adoc#virt-configuring-local-storage-with-hpp[Configuring local storage for virtual machines].
 * xref:../../networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc#installing-the-kubernetes-nmstate-operator-cli[Installing the Kubernetes NMState Operator].
 * xref:../../virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc#virt-specifying-nodes-for-vms[Specifying nodes for virtual machines].
 * xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#virt-virtctl-commands_virt-using-the-cli-tools[`Virtctl` commands].
@@ -38,37 +38,48 @@ Plan and install {VirtProductName} on an {product-title} cluster:
 [id="creating-and-managing-vms_{context}"]
 == Creating and managing virtual machines
 
-Create virtual machines (VMs) by using the web console:
+Create a virtual machine (VM):
 
-* xref:../../virt/virtual_machines/virt-create-vms.adoc#virt-quick-creating-vm_virt-create-vms[Quick create a VM].
-* xref:../../virt/virtual_machines/virt-create-vms.adoc#virt-creating-vm-custom-template_virt-create-vms[Customize a template to create a VM].
+* xref:../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc#virt-creating-vms-from-rh-images-overview[Create a VM from a Red Hat image].
++
+You can create a VM by using a Red Hat template or an instance type.
++
+:FeatureName: Creating a VM from an instance type
+include::snippets/technology-preview.adoc[]
 
-Connect to VMs:
+* xref:../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-custom-images-overview.adoc#virt-creating-vms-from-custom-images-overview[Create a VM from a custom image].
++
+You can create a VM by importing a custom image from a container registry or a web page, by uploading an image from your local machine, or by cloning a persistent volume claim (PVC).
 
-* Connect to the xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#virt-vm-serial-console-web_virt-accessing-vm-consoles[serial console] or xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#virt-connecting-vnc-console_virt-accessing-vm-consoles[VNC console] of a VM by using the web console.
-* xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#virt-accessing-vmi-ssh_virt-accessing-vm-consoles[Connect to a VM by using SSH].
-* xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#virt-vm-rdp-console-web_virt-accessing-vm-consoles[Connect to a Windows VM by using RDP].
+Connect a VM to a secondary network:
 
-Manage VMs:
+* xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[Linux bridge network].
+* xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#virt-connecting-vm-to-ovn-secondary-network[Open Virtual Network (OVN)-Kubernetes secondary network].
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-connecting-vm-to-sriov[Single Root I/O Virtualization (SR-IOV) network].
++
+[NOTE]
+====
+VMs are connected to the pod network by default.
+====
 
-* xref:../../virt/virtual_machines/virt-controlling-vm-states.adoc#virt-controlling-vm-states[Stop, start, pause, and restart a VM by using the web console].
-* xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#virt-virtctl-commands_virt-using-the-cli-tools[Manage a VM, expose a port, or connect to the serial console by using the `virtctl` CLI tool].
-* xref:../../virt/virtual_machines/virt-exporting-vms.adoc#virt-accessing-exported-vm-manifests_virt-exporting-vms[Export VMs].
+Connect to a VM:
 
+* Connect to the xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#serial-console_virt-accessing-vm-consoles[serial console] or xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#vnc-console_virt-accessing-vm-consoles[VNC console] of a VM.
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#virt-accessing-vm-ssh[Connect to a VM by using SSH].
+* xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#desktop-viewer_virt-accessing-vm-consoles[Connect to the desktop viewer for Windows VMs].
 
-[id="next-steps_{context}"]
-== Next steps
+Manage a VM:
 
-* Connect the VMs to secondary networks:
+* xref:../../virt/virtual_machines/virt-controlling-vm-states.adoc#virt-controlling-vm-states[Manage a VM by using the web console].
+* xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#virt-virtctl-commands_virt-using-the-cli-tools[Manage a VM by using the `virtctl` CLI tool].
+* xref:../../virt/virtual_machines/virt-exporting-vms.adoc#virt-accessing-exported-vm-manifests_virt-exporting-vms[Export a VM].
 
-** xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc#virt-attaching-vm-multiple-networks[Connect a VM to a Linux bridge network].
-** xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc#virt-attaching-vm-to-sriov-network[Connect a VM to an SR-IOV network].
-+
-[NOTE]
-====
-VMs are connected to the pod network by default. You must configure a secondary network, such as Linux bridge or SR-IOV, and then add the network to the VM configuration.
-====
+[id="next-steps_{context}"]
+== Next steps
 
-* xref:../../virt/live_migration/virt-live-migration.adoc#virt-live-migration[Live migrate VMs].
+* xref:../../virt/post_installation_configuration/virt-post-install-config.adoc#virt-post-install-config[Review postinstallation configuration options].
+* xref:../../virt/storage/virt-storage-config-overview.adoc#virt-storage-config-overview[Configure storage options and automatic boot source updates].
+* xref:../../virt/monitoring/virt-monitoring-overview.adoc#virt-monitoring-overview[Learn about monitoring and health checks].
+* xref:../../virt/live_migration/virt-about-live-migration.adoc#virt-about-live-migration[Learn about live migration].
 * xref:../../virt/backup_restore/virt-backup-restore-overview.adoc#virt-backup-restore-overview[Back up and restore VMs].
-* link:https://access.redhat.com/articles/6994974[Tune and scale your cluster].
\ No newline at end of file
+* link:https://access.redhat.com/articles/6994974[Tune and scale your cluster].
diff --git a/virt/getting_started/virt-using-the-cli-tools.adoc b/virt/getting_started/virt-using-the-cli-tools.adoc
index ce4c4ae77915..779c00d1a161 100644
--- a/virt/getting_started/virt-using-the-cli-tools.adoc
+++ b/virt/getting_started/virt-using-the-cli-tools.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-using-the-cli-tools"]
 = Using the virtctl and libguestfs CLI tools
 include::_attributes/common-attributes.adoc[]
@@ -9,24 +9,22 @@ toc::[]
 
 You can manage {VirtProductName} resources by using the `virtctl` command line tool.
 
-You can also deploy a `libguestfs-tools` container by using `virtctl`. link:https://libguestfs.org[`Libguestfs`] is a set of tools for accessing and modifying virtual machine (VM) disk images.
+You can access and modify virtual machine (VM) disk images by using the link:https://libguestfs.org[`libguestfs`] command line tool. You deploy `libguestfs` by using the `virtctl libguestfs` command.
 
 [id="installing-virtctl_virt-using-the-cli-tools"]
 == Installing virtctl
 
-To install `virtctl` on Linux, Windows, and MacOS operating systems, you download  and install the the `virtctl` binary file.
+To install `virtctl` on {op-system-base-full} 9 or later, Linux, Windows, and MacOS operating systems, you can download and install the `virtctl` binary file.
 
-To install `virtctl` on {op-system-base-full}, you enable the {VirtProductName} repository and then install the `kubevirt-virtctl` package.
+To install `virtctl` on {op-system-base} 8, you can enable the {VirtProductName} repository and then install the `kubevirt-virtctl` RPM package.
 
-include::modules/virt-installing-virtctl-client.adoc[leveloffset=+2]
+include::modules/virt-installing-virtctl-binary.adoc[leveloffset=+2]
 
-include::modules/virt-installing-virtctl-client-yum.adoc[leveloffset=+2]
+include::modules/virt-installing-virtctl-rhel8-rpm.adoc[leveloffset=+2]
 
 include::modules/virt-virtctl-commands.adoc[leveloffset=+1]
 
-== Using libguestfs
-
-include::modules/virt-creating-pvc-with-virtctl-guestfs.adoc[leveloffset=+2]
+include::modules/virt-deploying-libguestfs-with-virtctl.adoc[leveloffset=+1]
 
 include::modules/virt-about-libguestfs-tools-virtctl-guestfs.adoc[leveloffset=+2]
 
diff --git a/virt/getting_started/virt-web-console-overview.adoc b/virt/getting_started/virt-web-console-overview.adoc
index 9aa0ec3f0b22..4adb03a831c6 100644
--- a/virt/getting_started/virt-web-console-overview.adoc
+++ b/virt/getting_started/virt-web-console-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-web-console-overview"]
 = Web console overview
 include::_attributes/common-attributes.adoc[]
@@ -9,29 +9,35 @@ toc::[]
 
 The *Virtualization* section of the {product-title} web console contains the following pages for managing and monitoring your {VirtProductName} environment.
 
-.Virtualization pages
+.*Virtualization* pages
 [cols="1,3", options="header"]
 |====
 |Page
 |Description
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-page[Overview page]
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-page_virt-web-console-overview[*Overview* page]
 |Manage and monitor the {VirtProductName} environment.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-catalog-page[Catalog page]
-|Create VirtualMachines from a catalog of templates.
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#catalog-page_virt-web-console-overview[*Catalog* page]
+|Create virtual machines from a catalog of templates.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachines-page[VirtualMachines page]
-|Configure and monitor VirtualMachines.
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachines-page_virt-web-console-overview[*VirtualMachines* page]
+|Create and manage virtual machines.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-templates-page[Templates page]
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#templates-page_virt-web-console-overview[*Templates* page]
 |Create and manage templates.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-datasources-page[DataSources page]
-|Create and manage DataSources for VirtualMachine boot sources.
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#instancetypes-page_virt-web-console-overview[*InstanceTypes* page]
+|Create and manage virtual machine instance types.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-migrationpolicies-page[MigrationPolicies page]
-|Create and manage MigrationPolicies for workloads.
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#instancetypes-page_virt-web-console-overview[*Preferences* page]
+|Create and manage virtual machine preferences.
+
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#bootablevolumes-page_virt-web-console-overview[*Bootable volumes* page]
+|Create and manage DataSources for bootable volumes.
+
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#migrationpolicies-page_virt-web-console-overview[*MigrationPolicies* page]
+|Create and manage migration policies for workloads.
 |====
 
 .Key
@@ -47,12 +53,12 @@ The *Virtualization* section of the {product-title} web console contains the fol
 |Link icon
 |====
 
-[id="virtualization-overview-page"]
+[id="overview-page_virt-web-console-overview"]
 == Overview page
 
-The Overview page displays resources, metrics, migration progress, and cluster-level settings.
+The *Overview* page displays resources, metrics, migration progress, and cluster-level settings.
 
-.Overview page
+.*Overview* page
 [%collapsible]
 =====
 [cols="1,3", options="header"]
@@ -63,21 +69,32 @@ The Overview page displays resources, metrics, migration progress, and cluster-l
 |*Download virtctl* image:icon-link.png[title="link icon",20]
 |Download the `virtctl` command line tool to manage resources.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-overview[*Overview* tab]
-|Resources, usage, alerts, and status
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-overview_virt-web-console-overview[*Overview* tab]
+|Resources, usage, alerts, and status.
+
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-top-consumers_virt-web-console-overview[*Top consumers* tab]
+|Top consumers of CPU, memory, and storage resources.
+
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-migrations_virt-web-console-overview[*Migrations* tab]
+|Status of live migrations.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-top-consumers[*Top consumers* tab]
-|Top consumers of CPU, memory, and storage resources
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings_virt-web-console-overview[*Settings* tab]
+|The *Settings* tab contains the *Cluster* tab, *User* tab, and *Preview features* tab.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-migrations[*Migrations* tab]
-|Status of live migrations
+|*Settings* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[*Cluster* tab]
+|{VirtProductName} version, update status, live migration, templates project, preview features, and load balancer service settings.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-settings[*Settings* tab]
-|Cluster-wide settings, including live migration limits and user permissions
+|*Settings* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-user_virt-web-console-overview[*User* tab]
+|Public SSH keys, user permissions, and welcome information settings.
+
+|*Settings* -> *Preview features*
+|Enable select link:https://access.redhat.com/support/offerings/techpreview/[preview features] in the UI. Features in this tab change frequently.
+
+Preview features are disabled by default and must not be enabled in production environments.
 |====
 =====
 
-[id="virtualization-overview-overview"]
+[id="overview-overview_virt-web-console-overview"]
 === Overview tab
 
 The *Overview* tab displays resources, usage, alerts, and status.
@@ -91,33 +108,33 @@ The *Overview* tab displays resources, usage, alerts, and status.
 |Description
 
 |*Getting started resources* card
-|* *Quick Starts* tile: Learn how to create, import, and run VirtualMachines with step-by-step instructions and tasks.
+|* *Quick Starts* tile: Learn how to create, import, and run virtual machines with step-by-step instructions and tasks.
 * *Feature highlights* tile: Read the latest information about key virtualization features.
 * *Related operators* tile: Install Operators such as the Kubernetes NMState Operator or the {rh-storage} Operator.
 
-|*VirtualMachines* tile
-|Number of VirtualMachines, with a chart showing the last 7 days' trend
-
-|*vCPU usage* tile
-|vCPU usage, with a chart showing the last 7 days' trend
-
 |*Memory* tile
-|Memory usage, with a chart showing the last 7 days' trend
+|Memory usage, with a chart showing the last 7 days' trend.
 
 |*Storage* tile
-|Storage usage, with a chart showing the last 7 days' trend
+|Storage usage, with a chart showing the last 7 days' trend.
 
-|*Alerts* tile|{VirtProductName} alerts, grouped by severity
+|*VirtualMachines* tile
+|Number of virtual machines, with a chart showing the last 7 days' trend.
+
+|*vCPU usage* tile
+|vCPU usage, with a chart showing the last 7 days' trend.
 
 |*VirtualMachine statuses* tile
-|Number of VirtualMachines, grouped by status
+|Number of virtual machines, grouped by status.
+
+|*Alerts* tile|{VirtProductName} alerts, grouped by severity.
 
-|*VirtualMachines per template* chart
-|Number of VirtualMachines created from templates, grouped by template name
+|*VirtualMachines per resource* chart
+|Number of virtual machines created from templates and instance types.
 |====
 =====
 
-[id="virtualization-overview-top-consumers"]
+[id="overview-top-consumers_virt-web-console-overview"]
 === Top consumers tab
 
 The *Top consumers* tab displays the top consumers of CPU, memory, and storage.
@@ -131,7 +148,7 @@ The *Top consumers* tab displays the top consumers of CPU, memory, and storage.
 |Description
 
 |*View virtualization dashboard* image:icon-link.png[title="link icon",20]
-|Link to *Observe -> Dashboards*, which displays the top consumers for {VirtProductName}
+|Link to *Observe -> Dashboards*, which displays the top consumers for {VirtProductName}.
 
 |*Time period* list
 |Select a time period to filter the results.
@@ -140,28 +157,29 @@ The *Top consumers* tab displays the top consumers of CPU, memory, and storage.
 |Select the number of top consumers to filter the results.
 
 |*CPU* chart
-|VirtualMachines with the highest CPU usage
+|Virtual machines with the highest CPU usage.
 
 |*Memory* chart
-|VirtualMachines with the highest memory usage
+|Virtual machines with the highest memory usage.
 
 |*Memory swap traffic* chart
-|VirtualMachines with the highest memory swap traffic
+|Virtual machines with the highest memory swap traffic.
 
 |*vCPU wait* chart
-|VirtualMachines with the highest vCPU wait periods
+|Virtual machines with the highest vCPU wait periods.
 
 |*Storage throughput* chart
-|VirtualMachines with the highest storage throughput usage
+|Virtual machines with the highest storage throughput usage.
 
-|*Storage IOPS* chart |VirtualMachines with the highest storage input/output operations per second usage
+|*Storage IOPS* chart
+|Virtual machines with the highest storage input/output operations per second usage.
 |====
 =====
 
-[id="virtualization-overview-migrations"]
+[id="overview-migrations_virt-web-console-overview"]
 === Migrations tab
 
-The *Migrations* tab displays the status of VirtualMachineInstance migrations.
+The *Migrations* tab displays the status of virtual machine migrations.
 
 .*Migrations* tab
 [%collapsible]
@@ -172,135 +190,127 @@ The *Migrations* tab displays the status of VirtualMachineInstance migrations.
 |Description
 
 |*Time period* list
-|Select a time period to filter VirtualMachineInstanceMigrations.
+|Select a time period to filter virtual machine migrations.
 
-|*VirtualMachineInstanceMigrations* table
-|List of VirtualMachineInstance migrations
+|*VirtualMachineInstanceMigrations information* table
+|List of virtual machine migrations.
 |====
 =====
 
-[id="virtualization-overview-settings"]
+[id="overview-settings_virt-web-console-overview"]
 === Settings tab
 
-The *Settings* tab displays cluster-wide settings on the following tabs:
+The *Settings* tab displays cluster-wide settings.
 
-.Tabs on *Settings* tab
+.Tabs on the *Settings* tab
+[%collapsible]
+=====
 [cols="1,3", options="header"]
 |====
 |Tab
 |Description
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualization-settings-general[*General* tab]
-|{VirtProductName} version and update status
-
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualization-settings-live-migration[*Live migration* tab]
-|Live migration limits and network settings
-
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualization-settings-templates-project[*Templates project* tab]
-|Project for Red Hat templates
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[*Cluster* tab]
+|{VirtProductName} version and update status, live migration, templates project, and load balancer service settings.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualization-settings-user-permissions[*User permissions* tab]
-|Cluster-wide user permissions
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-user_virt-web-console-overview[*User* tab]
+|Public SSH key management, user permissions, and welcome information settings.
 |====
+=====
 
-[id="ui-virtualization-settings-general"]
-==== General tab
+[id="overview-settings-cluster_virt-web-console-overview"]
+==== Cluster tab
 
-The *General* tab displays the {VirtProductName} version and update status.
+The *Cluster* tab displays the {VirtProductName} version and update status. You configure live migration and other settings on the *Cluster* tab.
 
-.*General* tab
+.*Cluster* tab
 [%collapsible]
 =====
 [cols="1,3", options="header"]
 |====
-|Label
+|Element
 |Description
 
-|Service name
-|{VirtProductName}
+|*Installed version*
+|{VirtProductName} version.
 
-|Provider
-|Red Hat
+|*Update status*
+|{VirtProductName} update status.
 
-|Installed version
-|{HCOVersion}
+|*Channel*
+|{VirtProductName} update channel.
 
-|Update status
-|Example: `Up to date`
+|*Live Migration* section
+|Expand this section to configure live migration settings.
 
-|Channel
-|Channel selected for updates
-|====
-=====
-
-[id="ui-virtualization-settings-live-migration"]
-==== Live migration tab
-
-You can configure live migration on the *Live migration* tab.
-
-.*Live migration* tab
-[%collapsible]
-=====
-[cols="1,3", options="header"]
-|====
-|Element
-|Description
-
-|*Max. migrations per cluster* field
+|*Live Migration* -> *Max. migrations per cluster* field
 |Select the maximum number of live migrations per cluster.
 
-|*Max. migrations per node* field
+|*Live Migration* -> *Max. migrations per node* field
 |Select the maximum number of live migrations per node.
 
-|*Live migration network* list
+|*Live Migration* -> *Live migration network* list
 |Select a dedicated secondary network for live migration.
-|====
-=====
 
-[id="ui-virtualization-settings-templates-project"]
-==== Templates project tab
+|*SSH Configuration* -> *SSH over LoadBalancer service* switch
+|Enable the creation of LoadBalancer services for SSH connections to VMs. 
 
-You can select a project for templates on the *Templates project* tab.
+You must configure a load balancer.
 
-.*Templates project* tab
-[%collapsible]
-=====
-[cols="1,3a", options="header"]
-|====
-|Element
-|Description
+|*Automatic subscription of new RHEL VirtualMachines* section
+|Expand this section to enable automatic subscription for {op-system-base-full} virtual machines.
 
-|*Project* list
-|Select a project in which to store Red Hat templates. The default template project is `openshift`.
+To enable this feature, you need cluster administrator permissions, an organization ID, and an activation key.
 
-If you want to define multiple template projects, you must clone the templates on the xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-templates-page[Templates page] for each project.
+|*LoadBalancer* section
+|Expand this section to enable the creation of load balancer services for SSH access to virtual machines.
+
+The cluster must have a load balancer configured.
+
+|*Template project* section
+|Expand this section to select a project for Red Hat templates. The default project is `openshift`.
+
+To store Red Hat templates in multiple projects, xref:../../virt/getting_started/virt-web-console-overview.adoc#templates-page_virt-web-console-overview[clone the template] and then select a project for the cloned template.
 |====
 =====
 
-[id="ui-virtualization-settings-user-permissions"]
-==== User permissions tab
+[id="overview-settings-user_virt-web-console-overview"]
+==== User tab
 
-The *User permissions* tab displays cluster-wide user permissions for tasks.
+You view user permissions and manage public SSH keys and welcome information on the *User* tab.
 
-.*User permissions* tab
+.*User* tab
 [%collapsible]
 =====
-[cols="2,2", options="header"]
+[cols="1,3", options="header"]
 |====
 |Element
 |Description
 
-|*User permissions* table
-|List of tasks, such as *Share templates*, and permissions
+|*Manage SSH keys* section
+|Expand this section to add public SSH keys to a project.
+
+The keys are added automatically to all virtual machines that you subsequently create in the selected project.
+
+|*Permissions* section
+|Expand this section to view cluster-wide user permissions.
+
+|*Welcome information* section
+|Expand this section to show or hide the *Welcome information* dialog.
 |====
 =====
 
-[id="ui-catalog-page"]
+[id="overview-settings-preview_virt-web-console-overview"]
+==== Preview features tab
+
+Enable select link:https://access.redhat.com/support/offerings/techpreview/[preview features] in the UI. Features in this tab change frequently.
+
+[id="catalog-page_virt-web-console-overview"]
 == Catalog page
 
-You can create a VirtualMachine by selecting a template or boot source on the Catalog page.
+You create a virtual machine from a template or instance type on the *Catalog* page.
 
-.Catalog page
+.*Catalog* page
 [%collapsible]
 =====
 [cols="1,3", options="header"]
@@ -308,13 +318,20 @@ You can create a VirtualMachine by selecting a template or boot source on the Ca
 |Element
 |Description
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-catalog-template_virt-web-console-overview[*Template catalog* tab]
-|Select a template to create a VirtualMachine from.
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#catalog-template_virt-web-console-overview[*Template catalog* tab]
+|Displays a catalog of templates for creating a virtual machine.
+
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#catalog-instancetypes_virt-web-console-overview[*InstanceTypes* tab]
+|Displays bootable volumes and instance types for creating a virtual machine.
 |====
 =====
 
-[id="virtualization-catalog-template_{context}"]
+[id="catalog-template_virt-web-console-overview"]
 === Template catalog tab
+
+You select a template on the *Template catalog* tab to create a virtual machine.
+
+.*Template catalog* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -323,12 +340,12 @@ You can create a VirtualMachine by selecting a template or boot source on the Ca
 |Description
 
 |*Template project* list
-|Select the project in which your templates are located.
+|Select the project in which Red Hat templates are located.
 
-By default, Red Hat templates are stored in the `openshift` project. You can edit the template project on the xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualization-settings-templates-project[*Overview -> Settings -> Template project* tab].
+By default, Red Hat templates are stored in the `openshift` project. You can edit the template project on the xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[*Overview* page -> *Settings* tab -> *Cluster* tab].
 
 |*All items*\|*Default templates*
-|Click *Default templates* to display only default templates.
+|Click *All items* to display all available templates.
 
 |*Boot source available* checkbox
 |Select the checkbox to display templates with an available boot source.
@@ -343,13 +360,15 @@ By default, Red Hat templates are stored in the `openshift` project. You can edi
 |Search templates by keyword.
 
 |Template tiles
-|Click a template tile to view template details and to create a VirtualMachine.
+|Click a template tile to view template details and to create a virtual machine.
 |====
 =====
 
-[id="virtualization-instancetype_{context}"]
+[id="catalog-instancetypes_virt-web-console-overview"]
 === InstanceTypes tab
 
+You create a virtual machine from an instance type on the *InstanceTypes* tab.
+
 :FeatureName: Creating a virtual machine from an instance type
 include::snippets/technology-preview.adoc[]
 
@@ -360,41 +379,56 @@ include::snippets/technology-preview.adoc[]
 |Element
 |Description
 
-|*Volumes project*
-|The current namespace.
+|*Volumes project* field
+|Project in which bootable volumes are stored. The default is `openshift-virtualization-os-images`.
 
-|*Select volume to boot from*
-|Select a volume from the list to boot your virtual machine from.
-
-|*Add volume*
-|Upload a new volume or use an existing PersistentVolumeClaim.
+|*Add volume* button
+|Click to upload a new volume or to use an existing persistent volume claim.
 
 |*Filter* field
-|Filter boot sources by operating system.
+|Filter boot sources by operating system or resource.
 
 |Search field
-|Search boot sources by keyword.
+|Search boot sources by name.
+
+|*Manage columns* icon
+|Select up to 9 columns to display in the table.
+
+|Volume table
+|Select a bootable volume for your virtual machine.
 
-|*Select InstanceType*
-|Select an instance type based on the number of CPUs and amount of memory available.
+|*Red Hat provided* tab
+|Select an instance type provided by Red Hat.
+
+|*User provided* tab
+|Select an instance type that you created on the *InstanceType* page.
 
 |*VirtualMachine details* pane
-|Displays the current virtual machine settings. You can change the name of the virtual machine during this step.
+|Displays the virtual machine settings.
+
+|*Name* field
+|Optional: Enter the virtual machine name.
+
+|*SSH key name*
+|Click the edit icon to add a public SSH key.
 
 |*Start this VirtualMachine after creation* checkbox
 |Clear this checkbox to prevent the virtual machine from starting automatically.
 
-|*Create VirtualMachine*
-|Creates a virtual machine using the boot source and settings chosen on the *InstanceTypes* tab.
+|*Create VirtualMachine* button
+|Creates a virtual machine.
+
+|*YAML & CLI* button
+|Displays the YAML configuration file and the `virtctl create` command to create the virtual machine from the command line.
 |====
 =====
 
-[id="ui-virtualmachines-page"]
+[id="virtualmachines-page_virt-web-console-overview"]
 == VirtualMachines page
 
-You can create and manage VirtualMachines on the VirtualMachines page.
+You create and manage virtual machines on the *VirtualMachines* page.
 
-.VirtualMachines page
+.*VirtualMachines* page
 [%collapsible]
 =====
 [cols="1,3", options="header"]
@@ -402,33 +436,33 @@ You can create and manage VirtualMachines on the VirtualMachines page.
 |Element
 |Description
 
-|*Create -> From template*
-|Create a VirtualMachine on the *Catalog* page -> *Template catalog* tab.
-
-|*Create -> From YAML*
-|Create a VirtualMachine by editing a YAML configuration file.
+|*Create* button
+|Create a virtual machine from a template, volume, or YAML configuration file.
 
 |*Filter* field
-|Filter VirtualMachines by status, template, operating system, or node.
+|Filter virtual machines by status, template, operating system, or node.
 
 |Search field
-|Search for VirtualMachines by name or by label.
+|Search for virtual machines by name or by label.
+
+|*Manage columns* icon
+|Select up to 9 columns to display in the table. The *Namespace* column is only displayed when *All Projects* is selected from the *Projects* list.
 
-|*VirtualMachines* table
-|List of VirtualMachines
+|Virtual machines table
+|List of virtual machines.
 
-Click the *Options* menu {kebab} beside a VirtualMachine to select *Stop*, *Restart*, *Pause*, *Clone*, *Migrate*, *Copy SSH command*, *Edit labels*, *Edit annotations*, or *Delete*.
+Click the actions menu {kebab} beside a virtual machine to select *Stop*, *Restart*, *Pause*, *Clone*, *Migrate*, *Copy SSH command*, *Edit labels*, *Edit annotations*, or *Delete*. If you select *Stop*, *Force stop* replaces *Stop* in the action menu. Use *Force stop* to initiate an immediate shutdown if the operating system becomes unresponsive.
 
-Click a VirtualMachine to navigate to the VirtualMachine details page.
+Click a virtual machine to navigate to the *VirtualMachine details* page.
 |====
 =====
 
-[id="ui-virtualmachine-details-page"]
+[id="virtualmachine-details-page_virt-web-console-overview"]
 === VirtualMachine details page
 
-You can configure a VirtualMachine on the VirtualMachine details page.
+You configure a virtual machine on the *VirtualMachine details* page.
 
-.VirtualMachine details page
+.*VirtualMachine details* page
 [%collapsible]
 =====
 [cols="1,3", options="header"]
@@ -437,58 +471,58 @@ You can configure a VirtualMachine on the VirtualMachine details page.
 |Description
 
 |*Actions* menu
-|Click the *Actions* menu to select *Stop*, *Restart*, *Pause*, *Clone*, *Migrate*, *Copy SSH command*, *Edit labels*, *Edit annotations*, or *Delete*.
+|Click the *Actions* menu to select *Stop*, *Restart*, *Pause*, *Clone*, *Migrate*, *Copy SSH command*, *Edit labels*, *Edit annotations*, or *Delete*. If you select *Stop*, *Force stop* replaces *Stop* in the action menu. Use *Force stop* to initiate an immediate shutdown if the operating system becomes unresponsive.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-overview[*Overview* tab]
-|Resource usage, alerts, disks, and devices
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-overview_virt-web-console-overview[*Overview* tab]
+|Resource usage, alerts, disks, and devices.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-details[*Details* tab]
-|VirtualMachine details and configurations
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-details_virt-web-console-overview[*Details* tab]
+|Virtual machine details and configurations.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-metrics[*Metrics* tab]
-|Memory, CPU, storage, network, and migration metrics
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-metrics_virt-web-console-overview[*Metrics* tab]
+|Memory, CPU, storage, network, and migration metrics.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-yaml[*YAML* tab]
-|VirtualMachine YAML configuration file
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-yaml_virt-web-console-overview[*YAML* tab]
+|Virtual machine YAML configuration file.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-configuration[*Configuration* tab]
-|Contains the *Scheduling*, *Environment*, *Network interfaces*, *Disks*, and *Scripts* tabs
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-configuration_virt-web-console-overview[*Configuration* tab]
+|Contains the *Disks*, *Network interfaces*, *Scheduling*, *Environment*, and *Scripts* tabs.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-scheduling[*Configuration* -> *Scheduling* tab]
-|Scheduling a VirtualMachine to run on specific nodes
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-disks_virt-web-console-overview[*Configuration* -> *Disks* tab]
+|Disks.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-environment[*Configuration* -> *Environment* tab]
-|Config map, secret, and service account management
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-network-interfaces_virt-web-console-overview[*Configuration* -> *Network interfaces* tab]
+|Network interfaces.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-network-interfaces[*Configuration* -> *Network interfaces* tab]
-|Network interfaces
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-scheduling_virt-web-console-overview[*Configuration* -> *Scheduling* tab]
+|Scheduling a virtual machine to run on specific nodes.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-disks[*Configuration* -> *Disks* tab]
-|Disks
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-environment_virt-web-console-overview[*Configuration* -> *Environment* tab]
+|Config map, secret, and service account management.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-scripts[*Configuration* -> *Scripts* tab]
-|Cloud-init settings, SSH key for Linux VirtualMachines, Sysprep answer file for Windows VirtualMachines
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-scripts_virt-web-console-overview[*Configuration* -> *Scripts* tab]
+|Cloud-init settings, public SSH key and dynamic key injection for Linux virtual machines, Sysprep settings for Windows virtual machines.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-events[*Events* tab]
-|VirtualMachine event stream
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-events_virt-web-console-overview[*Events* tab]
+|Virtual machine event stream.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-console[*Console* tab]
-|Console session management
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-console_virt-web-console-overview[*Console* tab]
+|Console session management.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-snapshots[*Snapshots* tab]
-|Snapshot management
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-snapshots_virt-web-console-overview[*Snapshots* tab]
+|Snapshot management.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-diagnostics[*Diagnostics* tab]
-|Status conditions and volume snapshot status
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-diagnostics_virt-web-console-overview[*Diagnostics* tab]
+|Status conditions and volume snapshot status.
 |====
 =====
 
-[id="ui-virtualmachine-details-overview"]
+[id="virtualmachine-details-overview_virt-web-console-overview"]
 ==== Overview tab
 
 The *Overview* tab displays resource usage, alerts, and configuration information.
 
-.Overview tab
+.*Overview* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -497,34 +531,34 @@ The *Overview* tab displays resource usage, alerts, and configuration informatio
 |Description
 
 |*Details* tile
-|General VirtualMachine information
+|General virtual machine information.
 
 |*Utilization* tile
 |*CPU*, *Memory*, *Storage*, and *Network transfer* charts. By default, *Network transfer* displays the sum of all networks. To view the breakdown for a specific network, click *Breakdown by network*.
 
 |*Hardware devices* tile
-|GPU and host devices
+|GPU and host devices.
 
 |*Alerts* tile
-|{VirtProductName} alerts, grouped by severity
+|{VirtProductName} alerts, grouped by severity.
 
 |*Snapshots* tile
-|*Take snapshot* image:icon-link.png[title="link icon",20] and *Snapshots* table
+|*Take snapshot* image:icon-link.png[title="link icon",20] and snapshots table.
 
 |*Network interfaces* tile
-|*Network interfaces* table
+|Network interfaces table.
 
 |*Disks* tile
-|*Disks* table
+|Disks table.
 |====
 =====
 
-[id="ui-virtualmachine-details-details"]
+[id="virtualmachine-details-details_virt-web-console-overview"]
 ==== Details tab
 
-You can view information about the VirtualMachine and edit labels, annotations, and other metadata and on the *Details* tab.
+You view information about the virtual machine and edit labels, annotations, and other metadata and on the *Details* tab.
 
-.Details tab
+.*Details* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -535,103 +569,108 @@ You can view information about the VirtualMachine and edit labels, annotations,
 |*YAML* switch
 |Set to *ON* to view your live changes in the YAML configuration file.
 
-|Name
-|VirtualMachine name
+|*Name*
+|Virtual machine name.
 
-|Namespace
-|VirtualMachine namespace
+|*Namespace*
+|Virtual machine namespace or project.
 
-|Labels
+|*Labels*
 |Click the edit icon to edit the labels.
 
-|Annotations
+|*Annotations*
 |Click the edit icon to edit the annotations.
 
-|Description
+|*Description*
 |Click the edit icon to enter a description.
 
-|Operating system
-|Operating system name
+|*Operating system*
+|Operating system name.
 
-|CPU\|Memory
-|Click the edit icon to edit the CPU\|Memory request.
+|*CPU\|Memory*
+|Click the edit icon to edit the CPU\|Memory request. Restart the virtual machine to apply the change.
 
 The number of CPUs is calculated by using the following formula: `sockets * threads * cores`.
 
-|Machine type
-|VirtualMachine machine type
+|*Machine type*
+|Machine type.
 
-|Boot mode
-|Click the edit icon to edit the boot mode.
+|*Boot mode*
+|Click the edit icon to edit the boot mode. Restart the virtual machine to apply the change.
 
-|Start in pause mode
-|Click the edit icon to enable this setting.
+|*Start in pause mode*
+|Click the edit icon to enable this setting. Restart the virtual machine to apply the change.
 
-|Template
-|Name of the template used to create the VirtualMachine
+|*Template*
+|Name of the template used to create the virtual machine.
 
-|Created at
-|VirtualMachine creation date
+|*Created at*
+|Virtual machine creation date.
 
-|Owner
-|VirtualMachine owner
+|*Owner*
+|Virtual machine owner.
 
-|Status
-|VirtualMachine status
+|*Status*
+|Virtual machine status.
 
-|Pod
-|`virt-launcher` pod name
+|*Pod*
+|`virt-launcher` pod name.
 
-|VirtualMachineInstance
-|VirtualMachineInstance name
+|*VirtualMachineInstance*
+|Virtual machine instance name.
 
-|Boot order
-|Click the edit icon to select a boot source.
+|*Boot order*
+|Click the edit icon to select a boot source. Restart the virtual machine to apply the change.
 
-|IP address
-|IP address of the VirtualMachine
+|*IP address*
+|IP address of the virtual machine.
 
-|Hostname
-|Hostname of the VirtualMachine
+|*Hostname*
+|Hostname of the virtual machine. Restart the virtual machine to apply the change.
 
-|Time zone
-|Time zone of the VirtualMachine
+|*Time zone*
+|Time zone of the virtual machine.
 
-|Node
-|Node on which the VirtualMachine is running
+|*Node*
+|Node on which the virtual machine is running.
 
-|Workload profile
+|*Workload profile*
 |Click the edit icon to edit the workload profile.
 
-|SSH using virtctl
-|Click the copy icon to copy the `virtctl ssh` command to the clipboard.
+|*SSH access*
+|These settings apply to Linux.
 
-|SSH service type options
-|Select *SSH over LoadBalancer* or *SSH over NodePort*.
+|*SSH using virtctl*
+|Click the copy icon to copy the `virtctl ssh` command to the clipboard. This feature is disabled if the virtual machine does not have a public SSH key.
 
-|GPU devices
-|Click the edit icon to add a GPU device.
+|*SSH service type*
+|Select *SSH over LoadBalancer*.
 
-|Host devices
-|Click the edit icon to add a host device.
+After you create a service, the SSH command is displayed. Click the copy icon to copy the command to the clipboard.
 
-|Headless mode
-|Click the edit icon to enable headless mode.
+|*GPU devices*
+|Click the edit icon to add a GPU device. Restart the virtual machine to apply the change.
 
-|Services section
-|Displays services if QEMU guest agent is installed.
+|*Host devices*
+|Click the edit icon to add a host device. Restart the virtual machine to apply the change.
 
-|Active users section
-|Displays active users if QEMU guest agent is installed.
+|*Headless mode*
+|Click the edit icon to set headless mode to *ON* and to disable VNC console. Restart the virtual machine to apply the change.
+
+|*Services*
+|Displays a list of services if QEMU guest agent is installed.
+
+|*Active users*
+|Displays a list of active users if QEMU guest agent is installed.
 |====
 =====
 
-[id="ui-virtualmachine-details-metrics"]
+[id="virtualmachine-details-metrics_virt-web-console-overview"]
 ==== Metrics tab
 
-The *Metrics* tab displays memory, CPU, storage, network, and migration usage charts.
+The *Metrics* tab displays memory, CPU, network, storage, and migration usage charts, as well as live migration progress.
 
-.Metrics tab
+.*Metrics* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -643,28 +682,31 @@ The *Metrics* tab displays memory, CPU, storage, network, and migration usage ch
 |Select a time range to filter the results.
 
 |*Virtualization dashboard* image:icon-link.png[title="link icon",20]
-|Link to the *Workloads* tab of the current project
+|Link to the *Workloads* tab of the current project.
+
+|*Utilization*
+|*Memory* and *CPU* charts.
 
-|Utilization section
-|*Memory* and *CPU* charts
+|*Storage*
+|*Storage total read/write* and *Storage IOPS total read/write* charts.
 
-|Storage section
-|*Storage total read/write* and *Storage IOPS total read/write* charts
+|*Network*
+|*Network in*, *Network out*, *Network bandwidth*, and *Network interface* charts. Select *All networks* or a specific network from the *Network interface* list.
 
-|Network section
-|*Network in*, *Network out*, *Network bandwidth*, and *Network interface* charts. Select *All networks* or a specific network from the *Network interface* dropdown.
+|*Migration*
+|*Migration* and *KV data transfer rate* charts.
 
-|Migration section
-|*Migration* and *KV data transfer rate* charts
+|*LiveMigration progress*
+|*LiveMigration* completion status.
 |====
 =====
 
-[id="ui-virtualmachine-details-yaml"]
+[id="virtualmachine-details-yaml_virt-web-console-overview"]
 ==== YAML tab
 
-You can configure the VirtualMachine by editing the YAML file on the *YAML* tab.
+You configure the virtual machine by editing the YAML file on the *YAML* tab.
 
-.YAML tab
+.*YAML* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -686,42 +728,45 @@ You can configure the VirtualMachine by editing the YAML file on the *YAML* tab.
 |====
 =====
 
-[id="ui-virtualmachine-details-configuration"]
+[id="virtualmachine-details-configuration_virt-web-console-overview"]
 ==== Configuration tab
 
-You can configure scheduling, network interfaces, disks, and other options on the *Configuration* tab.
+You configure scheduling, network interfaces, disks, and other options on the *Configuration* tab.
 
-.Tabs on the Configuration tab
+.Tabs on the *Configuration* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
 |====
-|Tab
+|Element
 |Description
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-scheduling[*Scheduling* tab]
-|Scheduling a VirtualMachine to run on specific nodes
+|*YAML* switch
+|Set to *ON* to view your live changes in the YAML configuration file.
+
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-disks_virt-web-console-overview[*Disks* tab]
+|Disks.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-environment[*Environment* tab]
-|Config maps, secrets, and service accounts
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-network-interfaces_virt-web-console-overview[*Network interfaces* tab]
+|Network interfaces.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-network-interfaces[*Network interfaces* tab]
-|Network interfaces
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-scheduling_virt-web-console-overview[*Scheduling* tab]
+|Scheduling and resource requirements.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-disks[*Disks* tab]
-|Disks
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-environment_virt-web-console-overview[*Environment* tab]
+|Config maps, secrets, and service accounts.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-scripts[*Scripts* tab]
-|Cloud-init settings, SSH key for Linux VirtualMachines, Sysprep answer file for Windows VirtualMachines
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-scripts_virt-web-console-overview[*Scripts* tab]
+|Cloud-init settings, public SSH key for Linux virtual machines, Sysprep answer file for Windows virtual machines.
 |====
 =====
 
-[id="ui-virtualmachine-details-scheduling"]
-===== Scheduling tab
+[id="virtualmachine-details-disks_virt-web-console-overview"]
+===== Disks tab
 
-You can configure VirtualMachines to run on specific nodes on the *Scheduling* tab.
+You manage disks on the *Disks* tab.
 
-.Scheduling tab
+.*Disks* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -729,56 +774,34 @@ You can configure VirtualMachines to run on specific nodes on the *Scheduling* t
 |Setting
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
-|Node selector
-|Click the edit icon to add a label to specify qualifying nodes.
-
-|Tolerations
-|Click the edit icon to add a toleration to specify qualifying nodes.
-
-|Affinity rules
-|Click the edit icon to add an affinity rule.
-
-|*Descheduler* switch
-|Enable or disable the descheduler. The descheduler evicts a running pod so that the pod can be rescheduled onto a more suitable node.
-
-|Dedicated resources
-|Click the edit icon to select *Schedule this workload with dedicated resources (guaranteed policy)*.
+|*Add disk* button
+|Add a disk to the virtual machine.
 
-|Eviction strategy
-|Click the edit icon to select *LiveMigrate* as the VirtualMachineInstance eviction strategy.
-|====
-=====
+|*Filter* field
+|Filter by disk type.
 
-[id="ui-virtualmachine-details-environment"]
-===== Environment tab
+|Search field
+|Search for a disk by name.
 
-You can manage config maps, secrets, and service accounts on the *Environment* tab.
+|*Mount Windows drivers disk* checkbox
+|Select to mount a `virtio-win` container disk as a CD-ROM to install VirtIO drivers.
 
-.Environment tab
-[%collapsible]
-=====
-[cols="1,3a", options="header"]
-|====
-|Element
-|Description
+|*Disks* table
+|List of virtual machine disks.
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
+Click the actions menu {kebab} beside a disk to select *Edit* or *Detach*.
 
-|*Add Config Map, Secret or Service Account* image:icon-link.png[title="link icon",20]
-|Click the link and select a config map, secret, or service account from the resource list.
+|*File systems* table
+|List of virtual machine file systems.
 |====
 =====
 
-[id="ui-virtualmachine-details-network-interfaces"]
+[id="virtualmachine-details-network-interfaces_virt-web-console-overview"]
 ===== Network interfaces tab
 
-You can manage network interfaces on the *Network interfaces* tab.
+You manage network interfaces on the *Network interfaces* tab.
 
-.Network interfaces tab
+.*Network interfaces* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -786,11 +809,8 @@ You can manage network interfaces on the *Network interfaces* tab.
 |Setting
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
 |*Add network interface* button
-|Add a network interface to the VirtualMachine.
+|Add a network interface to the virtual machine.
 
 |*Filter* field
 |Filter by interface type.
@@ -799,18 +819,20 @@ You can manage network interfaces on the *Network interfaces* tab.
 |Search for a network interface by name or by label.
 
 |*Network interface* table
-|List of network interfaces
+|List of network interfaces.
 
-Click the *Options* menu {kebab} beside a network interface to select *Edit* or *Delete*.
+Click the actions menu {kebab} beside a network interface to select *Edit* or *Delete*.
 |====
 =====
 
-[id="ui-virtualmachine-details-disks"]
-===== Disks tab
+[id="virtualmachine-details-scheduling_virt-web-console-overview"]
+===== Scheduling tab
 
-You can manage disks on the *Disks* tab.
+You configure virtual machines to run on specific nodes on the *Scheduling* tab.
 
-.Disks tab
+Restart the virtual machine to apply changes.
+
+.*Scheduling* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -818,37 +840,54 @@ You can manage disks on the *Disks* tab.
 |Setting
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
+|*Node selector*
+|Click the edit icon to add a label to specify qualifying nodes.
 
-|*Add disk* button
-|Add a disk to the VirtualMachine.
+|*Tolerations*
+|Click the edit icon to add a toleration to specify qualifying nodes.
 
-|*Filter* field
-|Filter by disk type.
+|*Affinity rules*
+|Click the edit icon to add an affinity rule.
 
-|Search field
-|Search for a disk by name.
+|*Descheduler* switch
+|Enable or disable the descheduler. The descheduler evicts a running pod so that the pod can be rescheduled onto a more suitable node.
 
-|*Mount Windows drivers disk* checkbox
-|Select to mount an ephemeral container disk as a CD-ROM.
+This field is disabled if the virtual machine cannot be live migrated.
 
-|*Disks* table
-|List of VirtualMachine disks
+|*Dedicated resources*
+|Click the edit icon to select *Schedule this workload with dedicated resources (guaranteed policy)*.
 
-Click the *Options* menu {kebab} beside a disk to select *Edit*, *Detach*, or *Make persistent*.
+|*Eviction strategy*
+|Click the edit icon to select *LiveMigrate* as the virtual machine eviction strategy.
+|====
+=====
 
-|*File systems* table
-|List of VirtualMachine file systems if QEMU guest agent is installed
+[id="virtualmachine-details-environment_virt-web-console-overview"]
+===== Environment tab
+
+You manage config maps, secrets, and service accounts on the *Environment* tab.
+
+.*Environment* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Add Config Map, Secret or Service Account* image:icon-link.png[title="link icon",20]
+|Click the link and select a config map, secret, or service account from the resource list.
 |====
 =====
 
-[id="ui-virtualmachine-details-scripts"]
+[id="virtualmachine-details-scripts_virt-web-console-overview"]
 ===== Scripts tab
 
-You can configure cloud-init, add an SSH key for a Linux VirtualMachine, and upload a Sysprep answer file for a Windows VirtualMachine on the *Scripts* tab.
+You manage cloud-init settings, add SSH keys, or configure Sysprep for Windows virtual machines on the *Scripts* tab.
+
+Restart the virtual machine to apply changes.
 
-.Scripts tab
+.*Scripts* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -856,31 +895,35 @@ You can configure cloud-init, add an SSH key for a Linux VirtualMachine, and upl
 |Element
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
-|Cloud-init
+|*Cloud-init*
 |Click the edit icon to edit the cloud-init settings.
 
-|Authorized SSH Key
-|Click the edit icon to create a new secret or to attach an existing secret.
+|*Public SSH key*
+|Click the edit icon to add a public SSH key to a Linux virtual machine.
+
+The key is added as a cloud-init data source at first boot.
 
-|Sysprep
-|Click the edit icon to upload an `Autounattend.xml` or `Unattend.xml` answer file to automate Windows VirtualMachine setup.
+|*Dynamic SSH key injection* switch
+|Set *Dynamic SSH key injection* to on to enable dynamic public SSH key injection. Then, you can add or revoke the key at runtime.
+
+Dynamic SSH key injection is only supported by {op-system-base-full} 9. If you manually disable this setting, the virtual machine inherits the SSH key settings of the image from which it was created.
+
+|*Sysprep*
+|Click the edit icon to upload an `Autounattend.xml` or `Unattend.xml` answer file to automate Windows virtual machine setup.
 |====
 =====
 
-[id="ui-virtualmachine-details-events"]
+[id="virtualmachine-details-events_virt-web-console-overview"]
 ==== Events tab
 
-The *Events* tab displays a list of VirtualMachine events.
+The *Events* tab displays a list of virtual machine events.
 
-[id="ui-virtualmachine-details-console"]
+[id="virtualmachine-details-console_virt-web-console-overview"]
 ==== Console tab
 
-You can open a console session to the VirtualMachine on the *Console* tab.
+You can open a console session to the virtual machine on the *Console* tab.
 
-.Console tab
+.*Console* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -894,7 +937,7 @@ You can open a console session to the VirtualMachine on the *Console* tab.
 |*Console* list
 |Select *VNC console* or *Serial console*.
 
-You can select *Desktop viewer* to connect to Windows VirtualMachines by using Remote Desktop Protocol (RDP). You must install an RDP client on a machine on the same network.
+The *Desktop viewer* option is displayed for Windows virtual machines. You must install an RDP client on a machine on the same network.
 
 |*Send key* list
 |Select a key-stroke combination to send to the console.
@@ -905,16 +948,16 @@ You can select *Desktop viewer* to connect to Windows VirtualMachines by using R
 You must manually disconnect the console connection if you open a new console session. Otherwise, the first console session continues to run in the background.
 
 |*Paste* button
-|You can paste a string from your client’s clipboard into the guest when using the VNC console.
+|Paste a string from your clipboard to the VNC console.
 |====
 =====
 
-[id="ui-virtualmachine-details-snapshots"]
+[id="virtualmachine-details-snapshots_virt-web-console-overview"]
 ==== Snapshots tab
 
-You can create snapshots and restore VirtualMachines from snapshots on the *Snapshots* tab.
+You create snapshots and restore virtual machines from snapshots on the *Snapshots* tab.
 
-.Snapshots tab
+.*Snapshots* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -936,16 +979,16 @@ You can create snapshots and restore VirtualMachines from snapshots on the *Snap
 
 Click the snapshot name to edit the labels or annotations.
 
-Click the *Options* menu {kebab} beside a snapshot to select *Restore* or *Delete*.
+Click the actions menu {kebab} beside a snapshot to select *Restore* or *Delete*.
 |====
 =====
 
-[id="ui-virtualmachine-details-diagnostics"]
+[id="virtualmachine-details-diagnostics_virt-web-console-overview"]
 ==== Diagnostics tab
 
-You can view the status conditions and volume snapshot status on the *Diagnostics* tab.
+You view the status conditions and volume snapshot status on the *Diagnostics* tab.
 
-.Diagnostics tab
+.*Diagnostics* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -954,33 +997,33 @@ You can view the status conditions and volume snapshot status on the *Diagnostic
 |Description
 
 |*Status conditions* table
-|Display a list of conditions that are reported for all aspects of a VM.
+|Display a list of conditions that are reported for the virtual machine.
 
 |*Filter* field
 |Filter status conditions by category and condition.
 
-|*Search* field
+|Search field
 |Search status conditions by reason.
 
 |*Manage columns* icon
-|Select columns to display.
+|Select up to 9 columns to display in the table.
 
-|*Volume snapshot* table
-|List of volumes, their snapshot enablement status, and reason
+|*Volume snapshot status* table
+|List of volumes, their snapshot enablement status, and reason.
 |====
 =====
 
-[id="ui-templates-page"]
+[id="templates-page_virt-web-console-overview"]
 == Templates page
 
-You can create, edit, and clone VirtualMachine templates on the Templates page.
+You create, edit, and clone virtual machine templates on the *VirtualMachine Templates* page.
 
 [NOTE]
 ====
-You cannot edit a Red Hat template. You can clone a Red Hat template and edit it to create a custom template.
+You cannot edit a Red Hat template. However, you can clone a Red Hat template and edit it to create a custom template.
 ====
 
-.Templates page
+.*VirtualMachine Templates* page
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -997,19 +1040,22 @@ You cannot edit a Red Hat template. You can clone a Red Hat template and edit it
 |Search field
 |Search for templates by name or by label.
 
-|*Templates* table
-|List of templates
+|*Manage columns* icon
+|Select up to 9 columns to display in the table. The *Namespace* column is only displayed when *All Projects* is selected from the *Projects* list.
+
+|Virtual machine templates table
+|List of virtual machine templates.
 
-Click the *Options* menu {kebab} beside a template to select *Edit*, *Clone*, *Edit boot source*, *Edit boot source reference*, *Edit labels*, *Edit annotations*, or *Delete*.
+Click the actions menu {kebab} beside a template to select *Edit*, *Clone*, *Edit boot source*, *Edit boot source reference*, *Edit labels*, *Edit annotations*, or *Delete*. You cannot edit a Red Hat provided template. You can clone the Red Hat template and then edit the custom template.
 |====
 =====
 
-[id="ui-template-details-page"]
+[id="template-details-page_virt-web-console-overview"]
 === Template details page
 
-You can view template settings and edit custom templates on the Template details page.
+You view template settings and edit custom templates on the *Template details* page.
 
-.Template details page
+.*Template details* page
 [%collapsible]
 =====
 [cols="1,3", options="header"]
@@ -1017,38 +1063,41 @@ You can view template settings and edit custom templates on the Template details
 |Element
 |Description
 
+|*YAML* switch
+|Set to *ON* to view your live changes in the YAML configuration file.
+
 |*Actions* menu
 |Click the *Actions* menu to select *Edit*, *Clone*, *Edit boot source*, *Edit boot source reference*, *Edit labels*, *Edit annotations*, or *Delete*.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-details[*Details* tab]
-|Template settings and configurations
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-details_virt-web-console-overview[*Details* tab]
+|Template settings and configurations.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-yaml[*YAML* tab]
-|YAML configuration file
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-yaml_virt-web-console-overview[*YAML* tab]
+|YAML configuration file.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-scheduling[*Scheduling* tab]
-|Scheduling configurations
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-scheduling_virt-web-console-overview[*Scheduling* tab]
+|Scheduling configurations.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-network-interfaces[*Network interfaces* tab]
-|Network interface management
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-network-interfaces_virt-web-console-overview[*Network interfaces* tab]
+|Network interface management.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-disks[*Disks* tab]
-|Disk management
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-disks_virt-web-console-overview[*Disks* tab]
+|Disk management.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-scripts[*Scripts* tab]
-|Cloud-init, SSH key, and Sysprep management
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-scripts_virt-web-console-overview[*Scripts* tab]
+|Cloud-init, SSH key, and Sysprep management.
 
-|xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-template-details-parameters[*Parameters* tab]
-|Parameters
+|xref:../../virt/getting_started/virt-web-console-overview.adoc#template-details-parameters_virt-web-console-overview[*Parameters* tab]
+|Name and cloud user password management.
 |====
 =====
 
-[id="ui-template-details-details"]
+[id="template-details-details_virt-web-console-overview"]
 ==== Details tab
 
-You can configure a custom template on the *Details* tab.
+You configure a custom template on the *Details* tab.
 
-.Details tab
+.*Details* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1056,76 +1105,76 @@ You can configure a custom template on the *Details* tab.
 |Element
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
-|Name
-|Template name
+|*Name*
+|Template name.
 
-|Namespace
-|Template namespace
+|*Namespace*
+|Template namespace.
 
-|Labels
+|*Labels*
 |Click the edit icon to edit the labels.
 
-|Annotations
+|*Annotations*
 |Click the edit icon to edit the annotations.
 
-|Display name
+|*Display name*
 |Click the edit icon to edit the display name.
 
-|Description
+|*Description*
 |Click the edit icon to enter a description.
 
-|Operating system
-|Operating system name
+|*Operating system*
+|Operating system name.
 
-|CPU\|Memory
+|*CPU\|Memory*
 |Click the edit icon to edit the CPU\|Memory request.
 
 The number of CPUs is calculated by using the following formula: `sockets * threads * cores`.
 
-|Machine type
-|Template machine type
+|*Machine type*
+|Template machine type.
 
-|Boot mode
+|*Boot mode*
 |Click the edit icon to edit the boot mode.
 
-|Base template
-|Name of the base template used to create this template
+|*Base template*
+|Name of the base template used to create this template.
 
-|Created at
-|Template creation date
+|*Created at*
+|Template creation date.
 
-|Owner
-|Template owner
+|*Owner*
+|Template owner.
 
-|Boot order
-|Template boot order
+|*Boot order*
+|Template boot order.
 
-|Boot source
-|Boot source availability
+|*Boot source*
+|Boot source availability.
 
-|Provider
-|Template provider
+|*Provider*
+|Template provider.
 
-|Support
-|Template support level
+|*Support*
+|Template support level.
 
-|GPU devices
+|*GPU devices*
 |Click the edit icon to add a GPU device.
 
-|Host devices
+|*Host devices*
 |Click the edit icon to add a host device.
+
+|*Headless mode*
+|Click the edit icon to set headless mode to *ON* and to disable VNC console.
 |====
 =====
 
-[id="ui-template-details-yaml"]
+[id="template-details-yaml_virt-web-console-overview"]
 ==== YAML tab
 
-You can configure a custom template by editing the YAML file on the *YAML* tab.
+You configure a custom template by editing the YAML file on the *YAML* tab.
 
-.YAML tab
+.*YAML* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1147,12 +1196,12 @@ You can configure a custom template by editing the YAML file on the *YAML* tab.
 |====
 =====
 
-[id="ui-template-details-scheduling"]
+[id="template-details-scheduling_virt-web-console-overview"]
 ==== Scheduling tab
 
-You can configure scheduling on the *Scheduling* tab.
+You configure scheduling on the *Scheduling* tab.
 
-.Scheduling tab
+.*Scheduling* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1160,35 +1209,32 @@ You can configure scheduling on the *Scheduling* tab.
 |Setting
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
-|Node selector
+|*Node selector*
 |Click the edit icon to add a label to specify qualifying nodes.
 
-|Tolerations
+|*Tolerations*
 |Click the edit icon to add a toleration to specify qualifying nodes.
 
-|Affinity rules
+|*Affinity rules*
 |Click the edit icon to add an affinity rule.
 
 |*Descheduler* switch
 |Enable or disable the descheduler. The descheduler evicts a running pod so that the pod can be rescheduled onto a more suitable node.
 
-|Dedicated resources
+|*Dedicated resources*
 |Click the edit icon to select *Schedule this workload with dedicated resources (guaranteed policy)*.
 
-|Eviction strategy
-|Click the edit icon to select *LiveMigrate* as the VirtualMachineInstance eviction strategy.
+|*Eviction strategy*
+|Click the edit icon to select *LiveMigrate* as the virtual machine eviction strategy.
 |====
 =====
 
-[id="ui-template-details-network-interfaces"]
+[id="template-details-network-interfaces_virt-web-console-overview"]
 ==== Network interfaces tab
 
-You can manage network interfaces on the *Network interfaces* tab.
+You manage network interfaces on the *Network interfaces* tab.
 
-.Network interfaces tab
+.*Network interfaces* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1196,9 +1242,6 @@ You can manage network interfaces on the *Network interfaces* tab.
 |Setting
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
 |*Add network interface* button
 |Add a network interface to the template.
 
@@ -1208,19 +1251,19 @@ You can manage network interfaces on the *Network interfaces* tab.
 |Search field
 |Search for a network interface by name or by label.
 
-|*Network interface* table
-|List of network interfaces
+|Network interface table
+|List of network interfaces.
 
-Click the *Options* menu {kebab} beside a network interface to select *Edit* or *Delete*.
+Click the actions menu {kebab} beside a network interface to select *Edit* or *Delete*.
 |====
 =====
 
-[id="ui-template-details-disks"]
+[id="template-details-disks_virt-web-console-overview"]
 ==== Disks tab
 
-You can manage disks on the *Disks* tab.
+You manage disks on the *Disks* tab.
 
-.Disks tab
+.*Disks* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1228,9 +1271,6 @@ You can manage disks on the *Disks* tab.
 |Setting
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
 |*Add disk* button
 |Add a disk to the template.
 
@@ -1240,19 +1280,19 @@ You can manage disks on the *Disks* tab.
 |Search field
 |Search for a disk by name.
 
-|*Disks* table
-|List of template disks
+|Disks table
+|List of template disks.
 
-Click the *Options* menu {kebab} beside a disk to select *Edit* or *Detach*.
+Click the actions menu {kebab} beside a disk to select *Edit* or *Detach*.
 |====
 =====
 
-[id="ui-template-details-scripts"]
+[id="template-details-scripts_virt-web-console-overview"]
 ==== Scripts tab
 
-You can manage the cloud-init settings, SSH keys, and Sysprep answer files on the *Scripts* tab.
+You manage the cloud-init settings, SSH keys, and Sysprep answer files on the *Scripts* tab.
 
-.Scripts tab
+.*Scripts* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1260,26 +1300,23 @@ You can manage the cloud-init settings, SSH keys, and Sysprep answer files on th
 |Element
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
-
-|Cloud-init
+|*Cloud-init*
 |Click the edit icon to edit the cloud-init settings.
 
-|Authorized SSH Key
-|Click the edit icon to create a new secret or to attach an existing secret.
+|*Public SSH key*
+|Click the edit icon to create a new secret or to attach an existing secret to a Linux virtual machine.
 
-|Sysprep
-|Click the edit icon to upload an `Autounattend.xml` or `Unattend.xml` answer file to automate Windows VirtualMachine setup.
+|*Sysprep*
+|Click the edit icon to upload an `Autounattend.xml` or `Unattend.xml` answer file to automate Windows virtual machine setup.
 |====
 =====
 
-[id="ui-template-details-parameters"]
+[id="template-details-parameters_virt-web-console-overview"]
 ==== Parameters tab
 
-You can edit selected template settings on the *Parameters* tab.
+You edit selected template settings on the *Parameters* tab.
 
-.Parameters tab
+.*Parameters* tab
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1287,31 +1324,51 @@ You can edit selected template settings on the *Parameters* tab.
 |Element
 |Description
 
-|*YAML* switch
-|Set to *ON* to view your live changes in the YAML configuration file.
+|*NAME*
+|Set the name parameters for a virtual machine created from this template.
 
-|VM name
-|Select *Generated (expression)* for a generated value, *Value* to set a default value, or *None* from the *Default value type* list.
+|*CLOUD_USER_PASSWORD*
+|Set the cloud user password parameters for a virtual machine created from this template.
+|====
+=====
+
+[id="instancetypes-page_virt-web-console-overview"]
+== InstanceTypes page
+
+You view and manage virtual machine instance types on the *InstanceTypes* page.
+
+.*VirtualMachineClusterInstancetypes* page
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Create* button
+|Create an instance type by editing a YAML configuration file.
+
+|Search field
+|Search for an instance type by name or by label.
 
-|DataSource name
-|Select *Generated (expression)* for a generated value, *Value* to set a default value, or *None* from the *Default value type* list.
+|*Manage columns* icon
+|Select up to 9 columns to display in the table. The *Namespace* column is only displayed when *All Projects* is selected from the *Projects* list.
 
-|DataSource namespace
-|Select *Generated (expression)* for a generated value, *Value* to set a default value, or *None* from the *Default value type* list.
+|Instance types table
+|List of instance.
 
-|Cloud user password
-|Select *Generated (expression)* for a generated value, *Value* to set a default value, or *None* from the *Default value type* list.
+Click the actions menu {kebab} beside an instance type to select *Clone* or *Delete*.
 |====
 =====
 
-[id="ui-datasources-page"]
-== DataSources page
+Click an instance type to view the *VirtualMachineClusterInstancetypes details* page.
 
-You can create and configure DataSources for VirtualMachine boot sources on the DataSources page.
+[id="instancetypes-details-page_virt-web-console-overview"]
+=== VirtualMachineClusterInstancetypes details page
 
-When you create a DataSource, a `DataImportCron` resource defines a cron job to poll and import the disk image unless you disable automatic boot source updates.
+You configure an instance type on the *VirtualMachineClusterInstancetypes details* page.
 
-.DataSources page
+.*VirtualMachineClusterInstancetypes details* page
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1319,33 +1376,226 @@ When you create a DataSource, a `DataImportCron` resource defines a cron job to
 |Element
 |Description
 
-|*Create DataSource -> With form*
-|Create a DataSource by entering the registry URL, disk size, number of revisions, and cron expression in a form.
+|*Details* tab
+|Configure an instance type by editing a form.
+
+|*YAML* tab
+|Configure an instance type by editing a YAML configuration file.
 
-|*Create DataSources -> With YAML*
-|Create a DataSource by editing a YAML configuration file.
+|*Actions* menu
+|Select *Edit labels*, *Edit annotations*, *Edit VirtualMachineClusterInstancetype*, or *Delete VirtualMachineClusterInstancetype*.
+|====
+=====
+
+[id="instancetypes-details-details_virt-web-console-overview"]
+==== Details tab
+
+You configure an instance type by editing a form on the *Details* tab.
+
+.*Details* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Name*
+|VirtualMachineClusterInstancetype name.
+
+|*Labels*
+|Click the edit icon to edit the labels.
+
+|*Annotations*
+|Click the edit icon to edit the annotations.
+
+|*Created at*
+|Instance type creation date.
+
+|*Owner*
+|Instance type owner.
+|====
+=====
+
+[id="instancetypes-details-yaml_virt-web-console-overview"]
+==== YAML tab
+
+You configure an instance type by editing the YAML file on the *YAML* tab.
+
+.*YAML* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Save* button
+|Save changes to the YAML file.
+
+|*Reload* button
+|Discard your changes and reload the YAML file.
+
+|*Cancel* button
+|Exit the *YAML* tab.
+
+|*Download* button
+|Download the YAML file to your local machine.
+|====
+=====
+
+[id="preferences-page_virt-web-console-overview"]
+== Preferences page
+
+You view and manage virtual machine preferences on the *Preferences* page.
+
+.*VirtualMachineClusterPreferences* page
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Create* button
+|Create a preference by editing a YAML configuration file.
+
+|Search field
+|Search for a preference by name or by label.
+
+|*Manage columns* icon
+|Select up to 9 columns to display in the table. The *Namespace* column is only displayed when *All Projects* is selected from the *Projects* list.
+
+|Preferences table
+|List of preferences.
+
+Click the actions menu {kebab} beside a preference to select *Clone* or *Delete*.
+|====
+=====
+
+Click a preference to view the *VirtualMachineClusterPreference details* page.
+
+[id="preferences-details-page_virt-web-console-overview"]
+=== VirtualMachineClusterPreference details page
+
+You configure a preference on the *VirtualMachineClusterPreference details* page.
+
+.*VirtualMachineClusterPreference details* page
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Details* tab
+|Configure a preference by editing a form.
+
+|*YAML* tab
+|Configure a preference by editing a YAML configuration file.
+
+|*Actions* menu
+|Select *Edit labels*, *Edit annotations*, *Edit VirtualMachineClusterPreference*, or *Delete VirtualMachineClusterPreference*.
+|====
+=====
+
+[id="preferences-details-details_virt-web-console-overview"]
+==== Details tab
+
+You configure a preference by editing a form on the *Details* tab.
+
+.*Details* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Name*
+|VirtualMachineClusterPreference name.
+
+|*Labels*
+|Click the edit icon to edit the labels.
+
+|*Annotations*
+|Click the edit icon to edit the annotations.
+
+|*Created at*
+|Preference creation date.
+
+|*Owner*
+|Preference owner.
+|====
+=====
+
+[id="preferences-details-yaml_virt-web-console-overview"]
+==== YAML tab
+
+You configure a preference type by editing the YAML file on the *YAML* tab.
+
+.*YAML* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Save* button
+|Save changes to the YAML file.
+
+|*Reload* button
+|Discard your changes and reload the YAML file.
+
+|*Cancel* button
+|Exit the *YAML* tab.
+
+|*Download* button
+|Download the YAML file to your local machine.
+|====
+=====
+
+[id="bootablevolumes-page_virt-web-console-overview"]
+== Bootable volumes page
+
+You view and manage available bootable volumes on the *Bootable volumes* page.
+
+.*Bootable volumes* page
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Add volume* button
+|Add a bootable volume by completing a form or by editing a YAML configuration file.
 
 |*Filter* field
-|Filter DataSources by attributes such as DataImportCron available.
+|Filter bootable volumes by operating system and resource type.
 
-|*Search* field
-|Search for a DataSource by name or by label.
+|Search field
+|Search for bootable volumes by name or by label.
 
-|*DataSources* table
-|List of DataSources
+|*Manage columns* icon
+|Select up to 9 columns to display in the table. The *Namespace* column is only displayed when *All Projects* is selected from the *Projects* list.
+
+|Bootable volumes table
+|List of bootable volumes.
 
-Click the *Options* menu {kebab} beside a DataSource to select *Edit labels*, *Edit annotations*, or *Delete*.
+Click the actions menu {kebab} beside a bootable volume to select *Edit*, *Remove from list*, or *Delete*.
 |====
 =====
 
-Click a DataSource to view the DataSource details page.
+Click a bootable volume to view the *PersistentVolumeClaim details* page.
 
-[id="ui-datasource-details-page"]
-=== DataSource details page
+[id="pvc-details-page_virt-web-console-overview"]
+=== PersistentVolumeClaim details page
 
-You can configure a DataSource on the DataSource details page.
+You configure the persistent volume claim (PVC) of a bootable volume on the *PersistentVolumeClaim details* page.
 
-.DataSource details page
+.*PersistentVolumeClaim details* page
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1354,46 +1604,115 @@ You can configure a DataSource on the DataSource details page.
 |Description
 
 |*Details* tab
-|Configure a DataSource by editing a form.
+|Configure the PVC by editing a form.
 
 |*YAML* tab
-|Configure a DataSource by editing a YAML configuration file.
+|Configure the PVC by editing a YAML configuration file.
+
+|*Events* tab
+|The *Events* tab displays a list of PVC events.
+
+|*VolumeSnapshots* tab
+|The *VolumeSnapshots* tab displays a list of volume snapshots.
 
 |*Actions* menu
-|Select *Edit labels*, *Edit annotations*, *Delete*, or *Manage source*.
+|Select *Expand PVC*, *Create snapshot*, *Clone PVC*, *Edit labels*, *Edit annotations*, *Edit PersistentVolumeClaim* or *Delete PersistentVolumeClaim*.
+|====
+=====
 
-|Name
-|DataSource name
+[id="pvc-details-details_virt-web-console-overview"]
+==== Details tab
 
-|Namespace
-|DataSource namespace
+You configure the persistent volume claim (PVC) of the bootable volume by editing a form on the *Details* tab.
 
-|DataImportCron
-|DataSource DataImportCron
+.*Details* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
 
-|Labels
+|*Name*
+|PVC name.
+
+|*Namespace*
+|PVC namespace.
+
+|*Labels*
 |Click the edit icon to edit the labels.
 
-|Annotations
+|*Annotations*
 |Click the edit icon to edit the annotations.
 
-|Conditions
-|Displays the status conditions of the DataSource.
+|*Created at*
+|PVC creation date.
+
+|*Owner*
+|PVC owner.
+
+|*Status*
+|Status of the PVC, for example, *Bound*.
+
+|*Requested capacity*
+|Requested capacity of the PVC.
+
+|*Capacity*
+|Capacity of the PVC.
 
-|Created at
-|DataSource creation date
+|*Used*
+|Used space of the PVC.
 
-|Owner
-|DataSource owner
+|*Access modes*
+|PVC access modes.
+
+|*Volume mode*
+|PVC volume mode.
+
+|*StorageClasses*
+|PVC storage class.
+
+|*PersistentVolumes*
+|Persistent volume associated with the PVC.
+
+|*Conditions* table
+|Displays the status of the PVC.
 |====
 =====
 
-[id="ui-migrationpolicies-page"]
+[id="pvc-details-yaml_virt-web-console-overview"]
+==== YAML tab
+
+You configure the persistent volume claim of the bootable volume by editing the YAML file on the *YAML* tab.
+
+.*YAML* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Save* button
+|Save changes to the YAML file.
+
+|*Reload* button
+|Discard your changes and reload the YAML file.
+
+|*Cancel* button
+|Exit the *YAML* tab.
+
+|*Download* button
+|Download the YAML file to your local machine.
+|====
+=====
+
+[id="migrationpolicies-page_virt-web-console-overview"]
 == MigrationPolicies page
 
-You can manage MigrationPolicies for your workloads on the MigrationPolicies page.
+You manage migration policies for workloads on the *MigrationPolicies* page.
 
-.MigrationPolicies page
+.*MigrationPolicies* page
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1401,30 +1720,30 @@ You can manage MigrationPolicies for your workloads on the MigrationPolicies pag
 |Element
 |Description
 
-|*Create MigrationPolicy -> With form*
-|Create a MigrationPolicy by entering configurations and labels in a form.
+|*Create MigrationPolicy*
+|Create a migration policy by entering configurations and labels in a form or by editing a YAML file.
 
-|*Create MigrationPolicy -> With YAML*
-|Create a MigrationPolicy by editing a YAML configuration file.
+|Search field
+|Search for a migration policy by name or by label.
 
-|*Name \| Label* search field
-|Search for a MigrationPolicy by name or by label.
+|*Manage columns* icon
+|Select up to 9 columns to display in the table. The *Namespace* column is only displayed when *All Projects* is selected from the *Projects* list.
 
 |*MigrationPolicies* table
-|List of MigrationPolicies
+|List of migration policies.
 
-Click the *Options* menu {kebab} beside a MigrationPolicy to select *Edit* or *Delete*.
+Click the actions menu {kebab} beside a migration policy to select *Edit* or *Delete*.
 |====
 =====
 
-Click a MigrationPolicy to view the MigrationPolicy details page.
+Click a migration policy to view the *MigrationPolicy details* page.
 
-[id="ui-migrationpolicy-details-page"]
+[id="migrationpolicy-details-page_virt-web-console-overview"]
 === MigrationPolicy details page
 
-You can configure a MigrationPolicy on the MigrationPolicy details page.
+You configure a migration policy on the *MigrationPolicy details* page.
 
-.MigrationPolicy details page
+.*MigrationPolicy details* page
 [%collapsible]
 =====
 [cols="1,3a", options="header"]
@@ -1433,39 +1752,81 @@ You can configure a MigrationPolicy on the MigrationPolicy details page.
 |Description
 
 |*Details* tab
-|Configure a MigrationPolicy by editing a form.
+|Configure a migration policy by editing a form.
 
 |*YAML* tab
-|Configure a MigrationPolicy by editing a YAML configuration file.
+|Configure a migration policy by editing a YAML configuration file.
 
 |*Actions* menu
 |Select *Edit* or *Delete*.
+|====
+=====
 
-|Name
-|MigrationPolicy name
+[id="migrationpolicy-details-details_virt-web-console-overview"]
+==== Details tab
 
+You configure a custom template on the *Details* tab.
+
+.*Details* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
 |Description
-|MigrationPolicy description
 
-|Configurations
-|Click the edit icon to update the MigrationPolicy configurations.
+|*Name*
+|Migration policy name.
 
-|Bandwidth per migration
+|*Description*
+|Migration policy description.
+
+|*Configurations*
+|Click the edit icon to update the migration policy configurations.
+
+|*Bandwidth per migration*
 |Bandwidth request per migration. For unlimited bandwidth, set the value to `0`.
 
-|Auto converge
-|Auto converge policy
+|*Auto converge*
+|When auto converge is enabled, the performance and availability of the virtual machines might be reduced to ensure that migration is successful.
 
-|Post-copy
-|Post-copy policy
+|*Post-copy*
+|Post-copy policy.
 
-|Completion timeout
-|Completion timeout value in seconds
+|*Completion timeout*
+|Completion timeout value in seconds.
 
-|Project labels
+|*Project labels*
 |Click *Edit* to edit the project labels.
 
-|VirtualMachine labels
-|Click *Edit* to edit the VirtualMachine labels.
+|*VirtualMachine labels*
+|Click *Edit* to edit the virtual machine labels.
+|====
+=====
+
+[id="migrationpolicy-details-yaml_virt-web-console-overview"]
+==== YAML tab
+
+You configure the migration polic by editing the YAML file on the *YAML* tab.
+
+.*YAML* tab
+[%collapsible]
+=====
+[cols="1,3a", options="header"]
+|====
+|Element
+|Description
+
+|*Save* button
+|Save changes to the YAML file.
+
+|*Reload* button
+|Discard your changes and reload the YAML file.
+
+|*Cancel* button
+|Exit the *YAML* tab.
+
+|*Download* button
+|Download the YAML file to your local machine.
 |====
 =====
\ No newline at end of file
diff --git a/virt/install/installing-virt.adoc b/virt/install/installing-virt.adoc
index 412e411af844..41b62657d87a 100644
--- a/virt/install/installing-virt.adoc
+++ b/virt/install/installing-virt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="installing-virt"]
 = Installing {VirtProductName}
@@ -39,4 +39,4 @@ include::modules/virt-deploying-operator-cli.adoc[leveloffset=+3]
 [id="installing-virt-web-next-steps"]
 == Next steps
 
-* The xref:../../virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc#virt-creating-hpp-basic-storage-pool_virt-configuring-local-storage-for-vms[hostpath provisioner] is a local storage provisioner designed for {VirtProductName}. If you want to configure local storage for virtual machines, you must enable the hostpath provisioner first.
+* The xref:../../virt/storage/virt-configuring-local-storage-with-hpp.adoc#virt-creating-hpp-basic-storage-pool_virt-configuring-local-storage-with-hpp[hostpath provisioner] is a local storage provisioner designed for {VirtProductName}. If you want to configure local storage for virtual machines, you must enable the hostpath provisioner first.
diff --git a/virt/install/preparing-cluster-for-virt.adoc b/virt/install/preparing-cluster-for-virt.adoc
index ce38842a6d72..3e71be5ad910 100644
--- a/virt/install/preparing-cluster-for-virt.adoc
+++ b/virt/install/preparing-cluster-for-virt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="preparing-cluster-for-virt"]
 = Preparing your cluster for {VirtProductName}
 include::_attributes/common-attributes.adoc[]
@@ -21,43 +21,44 @@ IPv6::
 You cannot run {VirtProductName} on a single-stack IPv6 cluster.
 ====
 
-////
 .FIPS mode
 
 If you install your cluster in xref:../../installing/installing-fips.adoc#installing-fips-mode_installing-fips[FIPS mode], no additional setup is required for {VirtProductName}.
-////
-
-// Section is in assembly so that we can use xrefs
-[id="virt-hardware-os-requirements_preparing-cluster-for-virt"]
-== Hardware and operating system requirements
-
-Review the following hardware and operating system requirements for {VirtProductName}.
 
 [id="supported-platforms_preparing-cluster-for-virt"]
-=== Supported platforms
+== Supported platforms
+
+You can use the following platforms with {VirtProductName}:
 
 * On-premise bare metal servers. See xref:../../installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc#virt-planning-bare-metal-cluster-for-ocp-virt_preparing-to-install-on-bare-metal[Planning a bare metal cluster for {VirtProductName}].
-* Amazon Web Services bare metal instances. See link:https://access.redhat.com/articles/6409731[Deploy {VirtProductName} on AWS metal instance types].
-+
---
-ifdef::openshift-enterprise[]
-:FeatureName: Installing OpenShift Virtualization on AWS bare metal instances
-include::snippets/technology-preview.adoc[]
-:!FeatureName:
-endif::[]
---
 
-* IBM Cloud Bare Metal Servers. See link:https://access.redhat.com/articles/6738731[Deploy {VirtProductName} on IBM Cloud Bare Metal nodes].
+* Amazon Web Services bare metal instances. See xref:../../installing/installing_aws/installing-aws-customizations.html#installing-aws-customizations[Installing a cluster on AWS with customizations].
+//See link:https://access.redhat.com/articles/6409731[Deploy {VirtProductName} on AWS metal instance types]. // seems outdated with references to OCS - remove?
+
+* {ibm-cloud-name} Bare Metal Servers. See link:https://access.redhat.com/articles/6738731[Deploy {VirtProductName} on {ibm-cloud-name} Bare Metal nodes].
 +
 --
 ifdef::openshift-enterprise[]
-:FeatureName: Installing OpenShift Virtualization on IBM Cloud Bare Metal Servers
+:FeatureName: Installing OpenShift Virtualization on {ibm-cloud-name} Bare Metal Servers
 include::snippets/technology-preview.adoc[]
 :!FeatureName:
 endif::[]
 --
-+
-*Bare metal instances or servers offered by other cloud providers are not supported.*
+
+Bare metal instances or servers offered by other cloud providers are not supported.
+
+include::modules/virt-aws-bm.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#virt-connecting-vm-to-ovn-secondary-network[Connecting a virtual machine to an OVN-Kubernetes secondary network]
+* xref:../../virt/vm_networking/virt-exposing-vm-with-service.adoc#virt-exposing-vm-with-service[Exposing a virtual machine by using a service]
+
+// Section is in assembly so that we can use xrefs
+[id="virt-hardware-os-requirements_preparing-cluster-for-virt"]
+== Hardware and operating system requirements
+
+Review the following hardware and operating system requirements for {VirtProductName}.
 
 [id="cpu-requirements_preparing-cluster-for-virt"]
 === CPU requirements
@@ -73,6 +74,7 @@ If your worker nodes have different CPUs, live migration failures might occur be
 See xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity-configuring-required_nodes-scheduler-node-affinity[Configuring a required node affinity rule] for details.
 ====
 
+* Support for AMD and Intel 64-bit architectures (x86-64-v2).
 * Support for Intel 64 or AMD64 CPU extensions.
 * Intel VT or AMD-V hardware virtualization extensions enabled.
 * NX (no execute) flag enabled.
@@ -96,6 +98,13 @@ See xref:../../architecture/architecture-rhcos.adoc#rhcos-about_architecture-rhc
 
 * {rh-storage-first}: You must create a dedicated storage class for Windows virtual machine disks. See link:https://access.redhat.com/articles/6978371[Optimizing ODF PersistentVolumes for Windows VMs] for details.
 
+[NOTE]
+====
+You must specify a default storage class for the cluster. See xref:../../storage/container_storage_interface/persistent-storage-csi-sc-manage.adoc#persistent-storage-csi-sc-manage[Managing the default storage class]. If the default storage class provisioner supports the `ReadWriteMany` (RWX) xref:../../storage/understanding-persistent-storage.adoc#pv-access-modes_understanding-persistent-storage[access mode], use the RWX mode for the associated persistent volumes for optimal performance.
+
+If the storage provisioner supports snapshots, there must be a xref:../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#volume-snapshot-crds[`VolumeSnapshotClass`] object associated with the default storage class.
+====
+
 include::modules/virt-about-storage-volumes-for-vm-disks.adoc[leveloffset=+3]
 
 [id="live-migration_preparing-cluster-for-virt"]
@@ -103,8 +112,7 @@ include::modules/virt-about-storage-volumes-for-vm-disks.adoc[leveloffset=+3]
 
 * Shared storage with `ReadWriteMany` (RWX) access mode.
 * Sufficient RAM and network bandwidth.
-* If the virtual machine uses a host model CPU, the nodes must support the virtual machine's host model CPU.
-
++
 [NOTE]
 ====
 You must ensure that there is enough memory request capacity in the cluster to support node drains that result in live migrations. You can determine the approximate required spare memory by using the following calculation:
@@ -113,9 +121,12 @@ You must ensure that there is enough memory request capacity in the cluster to s
 Product of (Maximum number of nodes that can drain in parallel) and (Highest total VM memory request allocations across nodes)
 ----
 
-The default xref:../../virt/live_migration/virt-live-migration-limits.adoc#virt-live-migration-limits[number of migrations that can run in parallel] in the cluster is 5.
+The default xref:../../virt/live_migration/virt-configuring-live-migration#virt-configuring-live-migration-limits_virt-configuring-live-migration[number of migrations that can run in parallel] in the cluster is 5.
 ====
 
+* If the virtual machine uses a host model CPU, the nodes must support the virtual machine's host model CPU.
+* A xref:../../virt/vm_networking/virt-dedicated-network-live-migration.adoc#virt-dedicated-network-live-migration[dedicated Multus network] for live migration is highly recommended. A dedicated network minimizes the effects of network saturation on tenant workloads during migration.
+
 include::modules/virt-cluster-resource-requirements.adoc[leveloffset=+1]
 
 include::modules/virt-sno-differences.adoc[leveloffset=+1]
@@ -143,7 +154,7 @@ You can configure one of the following high-availability (HA) options for your c
 +
 [NOTE]
 ====
-In {product-title} clusters installed using installer-provisioned infrastructure and with MachineHealthCheck properly configured, if a node fails the MachineHealthCheck and becomes unavailable to the cluster, it is recycled. What happens next with VMs that ran on the failed node depends on a series of conditions. See xref:../../virt/virtual_machines/virt-create-vms.adoc#virt-about-runstrategies-vms_virt-create-vms[About RunStrategies for virtual machines] for more detailed information about the potential outcomes and how RunStrategies affect those outcomes.
+In {product-title} clusters installed using installer-provisioned infrastructure and with a properly configured `MachineHealthCheck` resource, if a node fails the machine health check and becomes unavailable to the cluster, it is recycled. What happens next with VMs that ran on the failed node depends on a series of conditions. See xref:../../virt/nodes/virt-node-maintenance.adoc#run-strategies[Run strategies] for more detailed information about the potential outcomes and how run strategies affect those outcomes.
 ====
 
 * Automatic high availability for both IPI and non-IPI is available by using the *Node Health Check Operator* on the {product-title} cluster to deploy the `NodeHealthCheck` controller. The controller identifies unhealthy nodes and uses the Self Node Remediation Operator to remediate the unhealthy nodes. For more information on remediation, fencing, and maintaining nodes, see the link:https://access.redhat.com/documentation/en-us/workload_availability_for_red_hat_openshift/23.2/html-single/remediation_fencing_and_maintenance/index#about-remediation-fencing-maintenance[Workload Availability for Red Hat OpenShift] documentation.
diff --git a/virt/install/uninstalling-virt.adoc b/virt/install/uninstalling-virt.adoc
index e70686eda0b5..c54667a58445 100644
--- a/virt/install/uninstalling-virt.adoc
+++ b/virt/install/uninstalling-virt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-virt"]
 = Uninstalling {VirtProductName}
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/install/virt-specifying-nodes-for-virtualization-components.adoc b/virt/install/virt-specifying-nodes-for-virtualization-components.adoc
deleted file mode 100644
index df446664f30b..000000000000
--- a/virt/install/virt-specifying-nodes-for-virtualization-components.adoc
+++ /dev/null
@@ -1,48 +0,0 @@
-:_content-type: ASSEMBLY
-include::_attributes/common-attributes.adoc[]
-[id="virt-specifying-nodes-for-virtualization-components"]
-= Specifying nodes for {VirtProductName} components
-:context: virt-specifying-nodes-for-virtualization-components
-
-toc::[]
-
-Specify the nodes where you want to deploy {VirtProductName} Operators, workloads, and controllers by configuring node placement rules.
-
-[NOTE]
-====
-You can configure node placement for some components after installing {VirtProductName}, but there must not be virtual machines present if you want to configure node placement for workloads.
-====
-
-include::modules/virt-about-node-placement-virtualization-components.adoc[leveloffset=+1]
-
-[id="additional-resources_{context}"]
-[role="_additional-resources"]
-=== Additional resources
-* xref:../../virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc#virt-specifying-nodes-for-vms[Specifying nodes for virtual machines]
-* xref:../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
-* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity[Controlling pod placement on nodes using node affinity rules]
-* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints]
-* xref:../../virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc#virt-configuring-local-storage-for-vms[Configuring local storage for virtual machines]
-
-[id="example-manifests_{context}"]
-== Example manifests
-
-The following example YAML files use `nodePlacement`, `affinity`, and `tolerations` objects to customize node placement for {VirtProductName} components.
-
-[id="olm-subscription-examples_{context}"]
-=== Operator Lifecycle Manager Subscription object
-
-include::modules/virt-example-node-placement-node-selector-olm-subscription.adoc[leveloffset=+3]
-include::modules/virt-example-node-placement-tolerations-olm-subscription.adoc[leveloffset=+3]
-
-[id="hyperconverged-cluster-cr-examples_{context}"]
-=== HyperConverged object
-
-include::modules/virt-example-node-placement-node-selector-hyperconverged-cr.adoc[leveloffset=+3]
-include::modules/virt-example-node-placement-affinity-hyperconverged-cr.adoc[leveloffset=+3]
-include::modules/virt-example-node-placement-tolerations-hyperconverged-cr.adoc[leveloffset=+3]
-
-[id="hpp-object-examples_{context}"]
-=== HostPathProvisioner object
-
-include::modules/virt-example-node-placement-node-selector-hpp.adoc[leveloffset=+3]
diff --git a/virt/live_migration/virt-about-live-migration.adoc b/virt/live_migration/virt-about-live-migration.adoc
new file mode 100644
index 000000000000..dc2c840c72d2
--- /dev/null
+++ b/virt/live_migration/virt-about-live-migration.adoc
@@ -0,0 +1,54 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-about-live-migration"]
+= About live migration
+include::_attributes/common-attributes.adoc[]
+:context: virt-about-live-migration
+
+toc::[]
+
+Live migration is the process of moving a running virtual machine (VM) to another node in the cluster without interrupting the virtual workload. By default, live migration traffic is encrypted using Transport Layer Security (TLS).
+
+[id="live-migration-requirements_virt-about-live-migration"]
+== Live migration requirements
+
+Live migration has the following requirements:
+
+* The cluster must have shared storage with `ReadWriteMany` (RWX) access mode.
+* The cluster must have sufficient RAM and network bandwidth.
++
+[NOTE]
+====
+You must ensure that there is enough memory request capacity in the cluster to support node drains that result in live migrations. You can determine the approximate required spare memory by using the following calculation:
+
+----
+Product of (Maximum number of nodes that can drain in parallel) and (Highest total VM memory request allocations across nodes)
+----
+
+The default number of migrations that can run in parallel in the cluster is 5.
+====
+
+* If a VM uses a host model CPU, the nodes must support the CPU.
+* xref:../../virt/vm_networking/virt-dedicated-network-live-migration.adoc#virt-dedicated-network-live-migration[Configuring a dedicated Multus network] for live migration is highly recommended. A dedicated network minimizes the effects of network saturation on tenant workloads during migration.
+
+[id="common-live-migration-tasks_virt-about-live-migration"]
+== Common live migration tasks
+
+You can perform the following live migration tasks:
+
+* Configure live migration settings:
+
+** xref:../../virt/live_migration/virt-configuring-live-migration.adoc#virt-configuring-live-migration-limits_virt-configuring-live-migration[Limits and timeouts]
+** xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[Maximum number of migrations per node or cluster]
+** xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[Select a dedicated live migration network from existing networks]
+
+* xref:../../virt/live_migration/virt-initiating-live-migration.adoc#virt-initiating-live-migration[Initiate and cancel live migration]
+* xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-migrations_virt-web-console-overview[Monitor the progress of all live migrations]
+* xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-metrics_virt-web-console-overview[View VM migration metrics]
+
+
+[id="additional-resources_virt-about-live-migration"]
+== Additional resources
+* xref:../../virt/monitoring/virt-prometheus-queries.adoc#virt-live-migration-metrics_virt-prometheus-queries[Prometheus queries for live migration]
+* link:https://access.redhat.com/articles/6994974#vm-migration-tuning[VM migration tuning]
+* xref:../../virt/nodes/virt-node-maintenance.adoc#run-strategies[VM run strategies]
+* xref:../../virt/nodes/virt-node-maintenance.adoc#eviction-strategies[VM and cluster eviction strategies]
\ No newline at end of file
diff --git a/virt/live_migration/virt-cancel-vmi-migration.adoc b/virt/live_migration/virt-cancel-vmi-migration.adoc
deleted file mode 100644
index 9b1f1dfa2bbe..000000000000
--- a/virt/live_migration/virt-cancel-vmi-migration.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-cancel-vmi-migration"]
-= Cancelling the live migration of a virtual machine instance
-include::_attributes/common-attributes.adoc[]
-:context: virt-cancel-vmi-migration
-
-toc::[]
-
-Cancel the live migration so that the virtual machine instance remains
-on the original node.
-
-You can cancel a live migration from either the web console or the CLI.
-
-include::modules/virt-cancelling-vm-migration-web.adoc[leveloffset=+1]
-
-include::modules/virt-cancelling-vm-migration-cli.adoc[leveloffset=+1]
diff --git a/virt/live_migration/virt-configuring-live-migration-policies.adoc b/virt/live_migration/virt-configuring-live-migration-policies.adoc
deleted file mode 100644
index 3a486f591a95..000000000000
--- a/virt/live_migration/virt-configuring-live-migration-policies.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-live-migration-policies"]
-= Configuring live migration policies
-include::_attributes/common-attributes.adoc[]
-:context: virt-live-migration
-
-toc::[]
-
-You can define different migration configurations for specified groups of virtual machine instances (VMIs) by using a live migration policy.
-
-:FeatureName: Live migration policy
-include::snippets/technology-preview.adoc[]
-
-To configure a live migration policy by using the web console, see the xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-migrationpolicies-page[MigrationPolicies page documentation].
-
-include::modules/virt-configuring-a-live-migration-policy.adoc[leveloffset=+1]
diff --git a/virt/live_migration/virt-configuring-live-migration.adoc b/virt/live_migration/virt-configuring-live-migration.adoc
new file mode 100644
index 000000000000..0099dca53c68
--- /dev/null
+++ b/virt/live_migration/virt-configuring-live-migration.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-configuring-live-migration"]
+= Configuring live migration
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-live-migration
+
+toc::[]
+
+You can configure live migration settings to ensure that the migration processes do not overwhelm the cluster.
+
+You can configure live migration policies to apply different migration configurations to groups of virtual machines (VMs).
+
+[id="live-migration-settings"]
+== Live migration settings
+
+You can configure the following live migration settings:
+
+* xref:../../virt/live_migration/virt-configuring-live-migration.adoc#virt-configuring-live-migration-limits_virt-configuring-live-migration[Limits and timeouts]
+* xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[Maximum number of migrations per node or cluster]
+
+include::modules/virt-configuring-live-migration-limits.adoc[leveloffset=+2]
+
+[id="live-migration-policies"]
+== Live migration policies
+
+You can create live migration policies to apply different migration configurations to groups of VMs that are defined by VM or project labels.
+
+[TIP]
+====
+You can create live migration policies by using the xref:../../virt/getting_started/virt-web-console-overview.adoc#migrationpolicies-page_virt-web-console-overview[web console].
+====
+
+include::modules/virt-configuring-a-live-migration-policy.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-configuring-live-migration"]
+== Additional resources
+* xref:../../virt/vm_networking/virt-dedicated-network-live-migration.adoc#virt-dedicated-network-live-migration[Configuring a dedicated Multus network for live migration]
diff --git a/virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc b/virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc
deleted file mode 100644
index d06421e0861c..000000000000
--- a/virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc
+++ /dev/null
@@ -1,14 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-vmi-eviction-strategy"]
-= Configuring virtual machine eviction strategy
-include::_attributes/common-attributes.adoc[]
-:context: virt-configuring-vmi-eviction-strategy
-
-toc::[]
-
-The `LiveMigrate` eviction strategy ensures that a virtual machine instance is
-not interrupted if the node is placed into maintenance or drained.
-Virtual machines instances with this eviction strategy will be live migrated to
-another node.
-
-include::modules/virt-configuring-vm-live-migration-cli.adoc[leveloffset=+1]
diff --git a/virt/live_migration/virt-initiating-live-migration.adoc b/virt/live_migration/virt-initiating-live-migration.adoc
new file mode 100644
index 000000000000..26022525d792
--- /dev/null
+++ b/virt/live_migration/virt-initiating-live-migration.adoc
@@ -0,0 +1,36 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-initiating-live-migration"]
+= Initiating and canceling live migration
+include::_attributes/common-attributes.adoc[]
+:context: virt-initiating-live-migration
+
+toc::[]
+
+You can initiate the live migration of a virtual machine (VM) to another node by using the xref:../../virt/live_migration/virt-initiating-live-migration.adoc#virt-initiating-vm-migration-web_virt-initiating-live-migration[{product-title} web console] or the xref:../../virt/live_migration/virt-initiating-live-migration.adoc#virt-initiating-vm-migration-cli_virt-initiating-live-migration[command line].
+
+You can cancel a live migration by using the xref:../../virt/live_migration/virt-initiating-live-migration.adoc#virt-canceling-vm-migration-web_virt-initiating-live-migration[web console] or the xref:../../virt/live_migration/virt-initiating-live-migration.adoc#virt-canceling-vm-migration-cli_virt-initiating-live-migration[command line]. The VM remains on its original node.
+
+[TIP]
+====
+You can also initiate and cancel live migration by using the `virtctl migrate <vm_name>` and `virtctl migrate-cancel <vm_name>` commands.
+====
+
+[id="initating-live-migration_initiating-canceling"]
+== Initiating live migration
+
+include::modules/virt-initiating-vm-migration-web.adoc[leveloffset=+2]
+
+include::modules/virt-initiating-vm-migration-cli.adoc[leveloffset=+2]
+
+[id="canceling-live-migration_initiating-canceling"]
+== Canceling live migration
+
+include::modules/virt-canceling-vm-migration-web.adoc[leveloffset=+2]
+
+include::modules/virt-canceling-vm-migration-cli.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-initiating-live-migration"]
+== Additional resources
+* xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-migrations_virt-web-console-overview[Monitoring the progress of all live migrations by using the web console]
+* xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-metrics_virt-web-console-overview[Viewing VM migration metrics by using the web console]
\ No newline at end of file
diff --git a/virt/live_migration/virt-live-migration-limits.adoc b/virt/live_migration/virt-live-migration-limits.adoc
deleted file mode 100644
index 1027e3761e93..000000000000
--- a/virt/live_migration/virt-live-migration-limits.adoc
+++ /dev/null
@@ -1,14 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-live-migration-limits"]
-= Live migration limits and timeouts
-include::_attributes/common-attributes.adoc[]
-:context: virt-live-migration-limits
-
-toc::[]
-
-Apply live migration limits and timeouts so that migration processes do
-not overwhelm the cluster. Configure these settings by editing the
-`HyperConverged` custom resource (CR).
-
-include::modules/virt-configuring-live-migration-limits.adoc[leveloffset=+1]
-include::modules/virt-live-migration-limits-reftable.adoc[leveloffset=+1]
diff --git a/virt/live_migration/virt-live-migration.adoc b/virt/live_migration/virt-live-migration.adoc
deleted file mode 100644
index 42e5021d985c..000000000000
--- a/virt/live_migration/virt-live-migration.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-live-migration"]
-= Virtual machine live migration
-include::_attributes/common-attributes.adoc[]
-:context: virt-live-migration
-
-toc::[]
-
-include::modules/virt-about-live-migration.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources_virt-live-migration"]
-== Additional resources
-
-* xref:../../virt/live_migration/virt-migrate-vmi.adoc#virt-migrate-vmi[Migrating a virtual machine instance to another node]
-* xref:../../virt/monitoring/virt-prometheus-queries.adoc#virt-live-migration-metrics_virt-prometheus-queries[Live migration metrics]
-* xref:../../virt/live_migration/virt-live-migration-limits.adoc#virt-live-migration-limits[Live migration limiting]
-* xref:../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile]
-* link:https://access.redhat.com/articles/6994974#vm-migration-tuning[VM migration tuning]
\ No newline at end of file
diff --git a/virt/live_migration/virt-migrate-vmi.adoc b/virt/live_migration/virt-migrate-vmi.adoc
deleted file mode 100644
index 6c9909651396..000000000000
--- a/virt/live_migration/virt-migrate-vmi.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-migrate-vmi"]
-= Migrating a virtual machine instance to another node
-include::_attributes/common-attributes.adoc[]
-:context: virt-migrate-vmi
-
-toc::[]
-
-Manually initiate a live migration of a virtual machine instance to another node using either the web console or the CLI.
-
-[NOTE]
-====
-If a virtual machine uses a host model CPU, you can perform live migration of that virtual machine only between nodes that support its host CPU model.
-====
-
-include::modules/virt-initiating-vm-migration-web.adoc[leveloffset=+1]
-
-[id="monitoring-live-migration-by-using-the-web-console_{context}"]
-=== Monitoring live migration by using the web console
-
-You can monitor the progress of all live migrations on the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-migrations[*Overview* -> *Migrations* tab] in the web console.
-
-You can view the migration metrics of a virtual machine on the xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-metrics[*VirtualMachine details* -> *Metrics* tab] in the web console.
-
-include::modules/virt-initiating-vm-migration-cli.adoc[leveloffset=+1]
-
-include::modules/virt-monitoring-vm-migration-cli.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-[id="virt-migrate-vmi_additional-resources"]
-== Additional resources
-
-* xref:../../virt/live_migration/virt-cancel-vmi-migration.adoc#virt-cancel-vmi-migration[Cancelling the live migration of a virtual machine instance]
diff --git a/virt/live_migration/virt-migrating-vm-on-secondary-network.adoc b/virt/live_migration/virt-migrating-vm-on-secondary-network.adoc
deleted file mode 100644
index 03a842a122ef..000000000000
--- a/virt/live_migration/virt-migrating-vm-on-secondary-network.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-migrating-vm-on-secondary-network"]
-= Migrating a virtual machine over a dedicated additional network
-include::_attributes/common-attributes.adoc[]
-:context: virt-migrating-vm-on-secondary-network
-
-toc::[]
-
-You can configure a dedicated xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc#virt-attaching-vm-multiple-networks[Multus network] for live migration. A dedicated network minimizes the effects of network saturation on tenant workloads during live migration.
-
-include::modules/virt-configuring-secondary-network-vm-live-migration.adoc[leveloffset=+1]
-
-include::modules/virt-selecting-migration-network-ui.adoc[leveloffset=+1]
-
-[id="additional-resources_virt-migrating-vm-on-secondary-network"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../virt/live_migration/virt-live-migration-limits.adoc#virt-live-migration-limits[Live migration limits and timeouts]
diff --git a/virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc b/virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
index b40c8bedd943..357028aa89ca 100644
--- a/virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
+++ b/virt/monitoring/virt-exposing-custom-metrics-for-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-exposing-custom-metrics-for-vms"]
 = Exposing custom metrics for virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-{product-title} includes a pre-configured, pre-installed, and self-updating monitoring stack that provides monitoring for core platform components. This monitoring stack is based on the Prometheus monitoring system. Prometheus is a time-series database and a rule evaluation engine for metrics.
+{product-title} includes a preconfigured, preinstalled, and self-updating monitoring stack that provides monitoring for core platform components. This monitoring stack is based on the Prometheus monitoring system. Prometheus is a time-series database and a rule evaluation engine for metrics.
 
 In addition to using the {product-title} monitoring stack, you can enable monitoring for user-defined projects by using the CLI and query custom metrics that are exposed for virtual machines through the `node-exporter` service.
 
diff --git a/virt/monitoring/virt-monitoring-overview.adoc b/virt/monitoring/virt-monitoring-overview.adoc
index 8b524eb2376b..9c2392f91022 100644
--- a/virt/monitoring/virt-monitoring-overview.adoc
+++ b/virt/monitoring/virt-monitoring-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-monitoring-overview"]
 = Monitoring overview
 include::_attributes/common-attributes.adoc[]
@@ -8,13 +8,16 @@ toc::[]
 
 You can monitor the health of your cluster and virtual machines (VMs) with the following tools:
 
+Monitoring OpenShift Virtualization VMs health status::
+View the overall health of your OpenShift Virtualization environment in the web console by navigating to the *Home* -> *Overview* page in the {product-title} web console. The *Status* card displays the overall health of OpenShift Virtualization based on the alerts and conditions.
+
 xref:../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-running-cluster-checkups[{product-title} cluster checkup framework]::
 Run automated tests on your cluster with the {product-title} cluster checkup framework to check the following conditions:
 * Network connectivity and latency between two VMs attached to a secondary network interface
 * VM running a Data Plane Development Kit (DPDK) workload with zero packet loss
 
-:FeatureName: The {product-title} cluster checkup framework
-include::snippets/technology-preview.adoc[]
+//:FeatureName: The {product-title} cluster checkup framework
+//include::snippets/technology-preview.adoc[]
 
 xref:../../virt/monitoring/virt-prometheus-queries.adoc#virt-prometheus-queries[Prometheus queries for virtual resources]::
 Query vCPU, network, storage, and guest memory swapping usage and live migration progress.
@@ -28,5 +31,5 @@ Configure readiness, liveness, and guest agent ping probes and a watchdog for VM
 xref:../../virt/monitoring/virt-runbooks.adoc#virt-runbooks[Runbooks]::
 Diagnose and resolve issues that trigger {VirtProductName} xref:../../monitoring/managing-alerts.adoc#managing-alerts[alerts] in the {product-title} web console.
 
-:FeatureName: The guest agent ping probe
-include::snippets/technology-preview.adoc[]
+//:FeatureName: The guest agent ping probe
+//include::snippets/technology-preview.adoc[]
\ No newline at end of file
diff --git a/virt/monitoring/virt-monitoring-vm-health.adoc b/virt/monitoring/virt-monitoring-vm-health.adoc
index 3c0f84dc8e92..d30060716503 100644
--- a/virt/monitoring/virt-monitoring-vm-health.adoc
+++ b/virt/monitoring/virt-monitoring-vm-health.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-monitoring-vm-health"]
 = Virtual machine health checks
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/monitoring/virt-prometheus-queries.adoc b/virt/monitoring/virt-prometheus-queries.adoc
index a416bb83f0a3..b4b4c438f433 100644
--- a/virt/monitoring/virt-prometheus-queries.adoc
+++ b/virt/monitoring/virt-prometheus-queries.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-prometheus-queries"]
 = Prometheus queries for virtual resources
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/monitoring/virt-runbooks.adoc b/virt/monitoring/virt-runbooks.adoc
index 63d36d05bcff..a6f5837c5697 100644
--- a/virt/monitoring/virt-runbooks.adoc
+++ b/virt/monitoring/virt-runbooks.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-runbooks"]
 = {VirtProductName} runbooks
 include::_attributes/common-attributes.adoc[]
@@ -6,15 +6,23 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
+
+:!virt-runbooks:
 You can use the procedures in these runbooks to diagnose and resolve issues that trigger {VirtProductName} xref:../../monitoring/managing-alerts.adoc#managing-alerts[alerts].
 
-{VirtProductName} alerts are displayed on the *Virtualization* -> *Overview* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-overview[*Overview* tab] in the web console.
+{VirtProductName} alerts are displayed on the *Virtualization* -> *Overview* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-overview_virt-web-console-overview[*Overview* tab] in the web console.
 
 
 include::modules/virt-runbook-cdidataimportcronoutdated.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-cdidatavolumeunusualrestartcount.adoc[leveloffset=+1]
 
+include::modules/virt-runbook-cdidefaultstorageclassdegraded.adoc[leveloffset=+1]
+
+include::modules/virt-runbook-cdimultipledefaultvirtstorageclasses.adoc[leveloffset=+1]
+
+include::modules/virt-runbook-cdinodefaultstorageclass.adoc[leveloffset=+1]
+
 include::modules/virt-runbook-cdinotready.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-cdioperatordown.adoc[leveloffset=+1]
@@ -23,6 +31,8 @@ include::modules/virt-runbook-cdistorageprofilesincomplete.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-cnaodown.adoc[leveloffset=+1]
 
+include::modules/virt-runbook-hcoinstallationincomplete.adoc[leveloffset=+1]
+
 include::modules/virt-runbook-hppnotready.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-hppoperatordown.adoc[leveloffset=+1]
@@ -37,13 +47,9 @@ include::modules/virt-runbook-kubevirtcomponentexceedsrequestedcpu.adoc[leveloff
 
 include::modules/virt-runbook-kubevirtcomponentexceedsrequestedmemory.adoc[leveloffset=+1]
 
-include::modules/virt-runbook-kubevirtdeprecatedapirequested.adoc[leveloffset=+1]
+include::modules/virt-runbook-kubevirtcrmodified.adoc[leveloffset=+1]
 
-include::modules/virt-runbook-kubevirthyperconvergedclusteroperatorcrmodification.adoc[leveloffset=+1]
-
-include::modules/virt-runbook-kubevirthyperconvergedclusteroperatorinstallationnotcompletedalert.adoc[leveloffset=+1]
-
-include::modules/virt-runbook-kubevirthyperconvergedclusteroperatorusmodification.adoc[leveloffset=+1]
+include::modules/virt-runbook-kubevirtdeprecatedapirequested.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-kubevirtnoavailablenodestorunvms.adoc[leveloffset=+1]
 
@@ -75,6 +81,8 @@ include::modules/virt-runbook-orphanedvirtualmachineinstances.adoc[leveloffset=+
 
 include::modules/virt-runbook-outdatedvirtualmachineinstanceworkloads.adoc[leveloffset=+1]
 
+include::modules/virt-runbook-singlestackipv6unsupported.adoc[leveloffset=+1]
+
 include::modules/virt-runbook-sspcommontemplatesmodificationreverted.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-sspdown.adoc[leveloffset=+1]
@@ -85,6 +93,8 @@ include::modules/virt-runbook-ssphighraterejectedvms.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-ssptemplatevalidatordown.adoc[leveloffset=+1]
 
+include::modules/virt-runbook-unsupportedhcomodification.adoc[leveloffset=+1]
+
 include::modules/virt-runbook-virtapidown.adoc[leveloffset=+1]
 
 include::modules/virt-runbook-virtapiresterrorsburst.adoc[leveloffset=+1]
diff --git a/virt/monitoring/virt-running-cluster-checkups.adoc b/virt/monitoring/virt-running-cluster-checkups.adoc
index 7fed8d24f605..c2806dc94606 100644
--- a/virt/monitoring/virt-running-cluster-checkups.adoc
+++ b/virt/monitoring/virt-running-cluster-checkups.adoc
@@ -1,30 +1,35 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-running-cluster-checkups"]
-= {product-title} cluster checkup framework
+= {VirtProductName} cluster checkup framework
 include::_attributes/common-attributes.adoc[]
 :context: virt-running-cluster-checkups
 
 toc::[]
 
-{VirtProductName} includes predefined checkups that can be used for cluster maintenance and troubleshooting.
+{VirtProductName} includes the following predefined checkups that can be used for cluster maintenance and troubleshooting:
 
-:FeatureName: The {product-title} cluster checkup framework
+xref:../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-measuring-latency-vm-secondary-network_virt-running-cluster-checkups[Latency checkup]::
+Verifies network connectivity and measures latency between two virtual machines (VMs) that are attached to a secondary network interface.
+xref:../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-checking-cluster-dpdk-readiness_virt-running-cluster-checkups[DPDK checkup]::
+Verifies that a node can run a VM with a Data Plane Development Kit (DPDK) workload with zero packet loss.
+
+:FeatureName: The {VirtProductName} cluster checkup framework
 include::snippets/technology-preview.adoc[]
 
 include::modules/virt-about-cluster-checkup-framework.adoc[leveloffset=+1]
 
-include::modules/virt-measuring-latency-vm-secondary-network.adoc[leveloffset=+1]
+include::modules/virt-measuring-latency-vm-secondary-network.adoc[leveloffset=+2]
 
-include::modules/virt-checking-cluster-dpdk-readiness.adoc[leveloffset=+1]
+include::modules/virt-checking-cluster-dpdk-readiness.adoc[leveloffset=+2]
 
-include::modules/virt-dpdk-config-map-parameters.adoc[leveloffset=+2]
+include::modules/virt-dpdk-config-map-parameters.adoc[leveloffset=+3]
 
-include::modules/virt-building-vm-containerdisk-image.adoc[leveloffset=+2]
+include::modules/virt-building-vm-containerdisk-image.adoc[leveloffset=+3]
 
 [role="_additional-resources"]
 [id="additional-resources_running-cluster-checkups"]
 == Additional resources
-* xref:../../virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc#virt-attaching-vm-multiple-networks[Attaching a virtual machine to multiple networks]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[Attaching a virtual machine to multiple networks]
 * xref:../../networking/hardware_networks/using-dpdk-and-rdma.adoc#example-vf-use-in-dpdk-mode-intel_using-dpdk-and-rdma[Using a virtual function in DPDK mode with an Intel NIC]
 * xref:../../networking/hardware_networks/using-dpdk-and-rdma.adoc#nw-example-dpdk-line-rate_using-dpdk-and-rdma[Using SR-IOV and the Node Tuning Operator to achieve a DPDK line rate]
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/composing_a_customized_rhel_system_image/installing-composer_composing-a-customized-rhel-system-image[Installing image builder]
diff --git a/virt/node_maintenance/images b/virt/node_maintenance/images
deleted file mode 120000
index 5fa6987088da..000000000000
--- a/virt/node_maintenance/images
+++ /dev/null
@@ -1 +0,0 @@
-../../images
\ No newline at end of file
diff --git a/virt/node_maintenance/virt-about-node-maintenance.adoc b/virt/node_maintenance/virt-about-node-maintenance.adoc
deleted file mode 100644
index 99624a60ec2a..000000000000
--- a/virt/node_maintenance/virt-about-node-maintenance.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-about-node-maintenance"]
-= About node maintenance
-include::_attributes/common-attributes.adoc[]
-:context: virt-about-node-maintenance
-
-toc::[]
-
-include::modules/virt-about-node-maintenance.adoc[leveloffset=+1]
-
-include::modules/virt-maintaining-bare-metal-nodes.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources_virt-about-node-maintenance"]
-== Additional resources
-* xref:../../nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc#nodes-remediating-fencing-maintaining-rhwa[Installing the Node Maintenance Operator by using the CLI]
-* xref:../../nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc#nodes-remediating-fencing-maintaining-rhwa[Setting a node to maintenance mode]
-* xref:../../nodes/nodes/nodes-remediating-fencing-maintaining-rhwa.adoc#nodes-remediating-fencing-maintaining-rhwa[Resuming a node from maintenance mode]
-* xref:../../virt/virtual_machines/virt-create-vms.adoc#virt-about-runstrategies-vms_virt-create-vms[About RunStrategies for virtual machines]
-* xref:../../virt/live_migration/virt-live-migration.adoc#virt-live-migration[Virtual machine live migration]
-* xref:../../virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc#virt-configuring-vmi-eviction-strategy[Configuring virtual machine eviction strategy]
diff --git a/virt/node_maintenance/virt-automatic-certificates.adoc b/virt/node_maintenance/virt-automatic-certificates.adoc
deleted file mode 100644
index c8fdef5d1ec4..000000000000
--- a/virt/node_maintenance/virt-automatic-certificates.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-automatic-certificates"]
-= Automatic renewal of TLS certificates
-include::_attributes/common-attributes.adoc[]
-:context: virt-automatic-certificates
-
-toc::[]
-
-All TLS certificates for {VirtProductName} components are renewed and rotated automatically. You are not required to refresh them manually.
-
-include::modules/virt-automatic-certificates-renewal.adoc[leveloffset=+1]
diff --git a/virt/node_maintenance/virt-preventing-node-reconciliation.adoc b/virt/node_maintenance/virt-preventing-node-reconciliation.adoc
deleted file mode 100644
index eb7ede97e077..000000000000
--- a/virt/node_maintenance/virt-preventing-node-reconciliation.adoc
+++ /dev/null
@@ -1,17 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-using-skip-node"]
-= Preventing node reconciliation
-include::_attributes/common-attributes.adoc[]
-:context: virt-preventing-node-reconciliation
-
-toc::[]
-
-Use `skip-node` annotation to prevent the `node-labeller` from reconciling a node.
-
-include::modules/virt-using-skip-node.adoc[leveloffset=+1]
-
-[id="additional-resources_{context}"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc#virt-managing-node-labeling-obsolete-cpu-models[Managing node labeling for obsolete CPU models]
diff --git a/virt/nodes/_attributes b/virt/nodes/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/virt/nodes/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/sd_support/remote_health_monitoring/images b/virt/nodes/images
similarity index 100%
rename from sd_support/remote_health_monitoring/images
rename to virt/nodes/images
diff --git a/virt/nodes/modules b/virt/nodes/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/virt/nodes/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/virt/nodes/snippets b/virt/nodes/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/virt/nodes/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc b/virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc
similarity index 94%
rename from virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc
rename to virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc
index 53b71226b277..5722228d0382 100644
--- a/virt/node_maintenance/virt-managing-node-labeling-obsolete-cpu-models.adoc
+++ b/virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-managing-node-labeling-obsolete-cpu-models"]
 = Managing node labeling for obsolete CPU models
 include::_attributes/common-attributes.adoc[]
@@ -9,5 +9,7 @@ toc::[]
 You can schedule a virtual machine (VM) on a node as long as the VM CPU model and policy are supported by the node.
 
 include::modules/virt-about-node-labeling-obsolete-cpu-models.adoc[leveloffset=+1]
+
 include::modules/virt-about-node-labeling-cpu-features.adoc[leveloffset=+1]
+
 include::modules/virt-configuring-obsolete-cpu-models.adoc[leveloffset=+1]
diff --git a/virt/nodes/virt-node-maintenance.adoc b/virt/nodes/virt-node-maintenance.adoc
new file mode 100644
index 000000000000..7a524d23f576
--- /dev/null
+++ b/virt/nodes/virt-node-maintenance.adoc
@@ -0,0 +1,100 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-node-maintenance"]
+= Node maintenance
+include::_attributes/common-attributes.adoc[]
+:context: virt-node-maintenance
+
+toc::[]
+
+Nodes can be placed into maintenance mode by using the `oc adm` utility or `NodeMaintenance` custom resources (CRs).
+
+[NOTE]
+====
+The `node-maintenance-operator` (NMO) is no longer shipped with {VirtProductName}. It is deployed as a standalone Operator from the *OperatorHub* in the {product-title} web console or by using the OpenShift CLI (`oc`).
+
+For more information on remediation, fencing, and maintaining nodes, see the link:https://access.redhat.com/documentation/en-us/workload_availability_for_red_hat_openshift/23.2/html-single/remediation_fencing_and_maintenance/index#about-remediation-fencing-maintenance[Workload Availability for Red Hat OpenShift] documentation.
+====
+
+[IMPORTANT]
+====
+Virtual machines (VMs) must have a persistent volume claim (PVC) with a shared `ReadWriteMany` (RWX) access mode to be live migrated.
+====
+
+The Node Maintenance Operator watches for new or deleted `NodeMaintenance` CRs. When a new `NodeMaintenance` CR is detected, no new workloads are scheduled and the node is cordoned off from the rest of the cluster. All pods that can be evicted are evicted from the node. When a `NodeMaintenance` CR is deleted, the node that is referenced in the CR is made available for new workloads.
+
+[NOTE]
+====
+Using a `NodeMaintenance` CR for node maintenance tasks achieves the same results as the `oc adm cordon` and `oc adm drain` commands using standard {product-title} custom resource processing.
+====
+
+[id="eviction-strategies"]
+== Eviction strategies
+
+Placing a node into maintenance marks the node as unschedulable and drains all the VMs and pods from it.
+
+You can configure eviction strategies for virtual machines (VMs) or for the cluster.
+
+VM eviction strategy::
+
+The VM `LiveMigrate` eviction strategy ensures that a virtual machine instance (VMI) is not interrupted if the node is placed into maintenance or drained. VMIs with this eviction strategy will be live migrated to another node.
++
+You can configure eviction strategies for virtual machines (VMs) by using the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-scheduling_virt-web-console-overview[web console] or the xref:../../virt/live_migration/virt-configuring-live-migration.adoc#virt-configuring-a-live-migration-policy_virt-configuring-live-migration[command line].
++
+[IMPORTANT]
+====
+The default eviction strategy is `LiveMigrate`. A non-migratable VM with a `LiveMigrate` eviction strategy might prevent nodes from draining or block an infrastructure upgrade because the VM is not evicted from the node. This situation causes a migration to remain in a `Pending` or `Scheduling` state unless you shut down the VM manually.
+
+You must set the eviction strategy of non-migratable VMs to `LiveMigrateIfPossible`, which does not block an upgrade, or to `None`, for VMs that should not be migrated.
+====
+
+Cluster eviction strategy::
+
+You can configure an eviction strategy for the cluster to prioritize workload continuity or infrastructure upgrade.
+
+:FeatureName: Configuring a cluster eviction strategy
+include::snippets/technology-preview.adoc[]
+
+.Cluster eviction strategies
+[cols="1,2,1,1",options="header"]
+|====
+|Eviction strategy |Description |Interrupts workflow |Blocks upgrades
+
+|`LiveMigrate` ^1^ |Prioritizes workload continuity over upgrades. |No |Yes ^2^
+
+|`LiveMigrateIfPossible` |Prioritizes upgrades over workload continuity to ensure that the environment is updated. |Yes |No
+
+|`None` ^3^ |Shuts down VMs with no eviction strategy. |Yes |No
+|====
+[.small]
+--
+1. Default eviction strategy for multi-node clusters.
+2. If a VM blocks an upgrade, you must shut down the VM manually.
+3. Default eviction strategy for {sno}.
+--
+
+include::modules/virt-configuring-vm-eviction-strategy-cli.adoc[leveloffset=+2]
+
+include::modules/virt-configuring-cluster-eviction-strategy-cli.adoc[leveloffset=+2]
+
+[id="run-strategies"]
+== Run strategies
+
+A virtual machine (VM) configured with `spec.running: true` is immediately restarted. The `spec.runStrategy` key provides greater flexibility for determining how a VM behaves under certain conditions.
+
+[IMPORTANT]
+====
+The `spec.runStrategy` and `spec.running` keys are mutually exclusive. Only one of them can be used.
+
+A VM configuration with both keys is invalid.
+====
+
+include::modules/virt-runstrategies-vms.adoc[leveloffset=+2]
+
+include::modules/virt-configuring-runstrategy-vm.adoc[leveloffset=+2]
+
+include::modules/virt-maintaining-bare-metal-nodes.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-node-maintenance"]
+== Additional resources
+* xref:../../virt/live_migration/virt-about-live-migration.adoc#virt-about-live-migration[About live migration]
diff --git a/virt/nodes/virt-preventing-node-reconciliation.adoc b/virt/nodes/virt-preventing-node-reconciliation.adoc
new file mode 100644
index 000000000000..d02f81941a64
--- /dev/null
+++ b/virt/nodes/virt-preventing-node-reconciliation.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-using-skip-node"]
+= Preventing node reconciliation
+include::_attributes/common-attributes.adoc[]
+:context: virt-preventing-node-reconciliation
+
+toc::[]
+
+Use `skip-node` annotation to prevent the `node-labeller` from reconciling a node.
+
+include::modules/virt-using-skip-node.adoc[leveloffset=+1]
+
+[id="additional-resources_{context}"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../../virt/nodes/virt-managing-node-labeling-obsolete-cpu-models.adoc#virt-managing-node-labeling-obsolete-cpu-models[Managing node labeling for obsolete CPU models]
diff --git a/virt/virtual_machines/virt-triggering-vm-failover-resolving-failed-node.adoc b/virt/nodes/virt-triggering-vm-failover-resolving-failed-node.adoc
similarity index 76%
rename from virt/virtual_machines/virt-triggering-vm-failover-resolving-failed-node.adoc
rename to virt/nodes/virt-triggering-vm-failover-resolving-failed-node.adoc
index 38e1ebc29c0f..d5c75d4ff63f 100644
--- a/virt/virtual_machines/virt-triggering-vm-failover-resolving-failed-node.adoc
+++ b/virt/nodes/virt-triggering-vm-failover-resolving-failed-node.adoc
@@ -1,26 +1,26 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-triggering-vm-failover-resolving-failed-node"]
-= Triggering virtual machine failover by resolving a failed node
+= Deleting a failed node to trigger virtual machine failover
 include::_attributes/common-attributes.adoc[]
 :context: virt-triggering-vm-failover-resolving-failed-node
 
 toc::[]
 
-If a node fails and xref:../../machine_management/deploying-machine-health-checks.adoc#machine-health-checks-about_deploying-machine-health-checks[machine health checks] are not deployed on your cluster, virtual machines (VMs) with `RunStrategy: Always` configured are not automatically relocated to healthy nodes. To trigger VM failover, you must manually delete the `Node` object.
+If a node fails and xref:../../machine_management/deploying-machine-health-checks.adoc#machine-health-checks-about_deploying-machine-health-checks[machine health checks] are not deployed on your cluster, virtual machines (VMs) with `runStrategy: Always` configured are not automatically relocated to healthy nodes. To trigger VM failover, you must manually delete the `Node` object.
 
 [NOTE]
 ====
-If you installed your cluster by using xref:../../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[installer-provisioned infrastructure] and you properly configured machine health checks:
+If you installed your cluster by using xref:../../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[installer-provisioned infrastructure] and you properly configured machine health checks, the following events occur:
 
 * Failed nodes are automatically recycled.
-* Virtual machines with xref:../../virt/virtual_machines/virt-create-vms.adoc#virt-about-runstrategies-vms_virt-create-vms[`RunStrategy`] set to `Always` or `RerunOnFailure` are automatically scheduled on healthy nodes.
+* Virtual machines with xref:../../virt/nodes/virt-node-maintenance.adoc#run-strategies[`runStrategy`] set to `Always` or `RerunOnFailure` are automatically scheduled on healthy nodes.
 ====
 
 [id="prerequisites_{context}"]
 == Prerequisites
 
 * A node where a virtual machine was running has the `NotReady` xref:../../nodes/nodes/nodes-nodes-viewing.adoc#nodes-nodes-viewing-listing_nodes-nodes-viewing[condition].
-* The virtual machine that was running on the failed node has `RunStrategy` set to `Always`.
+* The virtual machine that was running on the failed node has `runStrategy` set to `Always`.
 * You have installed the OpenShift CLI (`oc`).
 
 include::modules/nodes-nodes-working-deleting-bare-metal.adoc[leveloffset=+1]
diff --git a/virt/post_installation_configuration/_attributes b/virt/post_installation_configuration/_attributes
new file mode 120000
index 000000000000..f27fd275ea6b
--- /dev/null
+++ b/virt/post_installation_configuration/_attributes
@@ -0,0 +1 @@
+../_attributes/
\ No newline at end of file
diff --git a/virt/post_installation_configuration/images b/virt/post_installation_configuration/images
new file mode 120000
index 000000000000..5e67573196d8
--- /dev/null
+++ b/virt/post_installation_configuration/images
@@ -0,0 +1 @@
+../images
\ No newline at end of file
diff --git a/virt/post_installation_configuration/modules b/virt/post_installation_configuration/modules
new file mode 120000
index 000000000000..43aab75b53c9
--- /dev/null
+++ b/virt/post_installation_configuration/modules
@@ -0,0 +1 @@
+../modules/
\ No newline at end of file
diff --git a/virt/post_installation_configuration/snippets b/virt/post_installation_configuration/snippets
new file mode 120000
index 000000000000..9f5bc7e4dde0
--- /dev/null
+++ b/virt/post_installation_configuration/snippets
@@ -0,0 +1 @@
+../snippets
\ No newline at end of file
diff --git a/virt/post_installation_configuration/virt-node-placement-virt-components.adoc b/virt/post_installation_configuration/virt-node-placement-virt-components.adoc
new file mode 100644
index 000000000000..6bda7e09f31a
--- /dev/null
+++ b/virt/post_installation_configuration/virt-node-placement-virt-components.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-node-placement-virt-components"]
+= Specifying nodes for {VirtProductName} components
+include::_attributes/common-attributes.adoc[]
+:context: virt-node-placement-virt-components
+
+toc::[]
+
+The default scheduling for virtual machines (VMs) on bare metal nodes is appropriate. Optionally, you can specify the nodes where you want to deploy {VirtProductName} Operators, workloads, and controllers by configuring node placement rules.
+
+[NOTE]
+====
+You can configure node placement rules for some components after installing {VirtProductName}, but virtual machines cannot be present if you want to configure node placement rules for workloads.
+====
+
+include::modules/virt-about-node-placement-virt-components.adoc[leveloffset=+1]
+
+include::modules/virt-applying-node-placement-rules.adoc[leveloffset=+1]
+
+include::modules/virt-node-placement-rule-examples.adoc[leveloffset=+1]
+
+[id="additional-resources_virt-node-placement-virt-components"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../../virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc#virt-specifying-nodes-for-vms[Specifying nodes for virtual machines]
+* xref:../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
+* xref:../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity[Controlling pod placement on nodes using node affinity rules]
+* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints]
\ No newline at end of file
diff --git a/virt/post_installation_configuration/virt-post-install-config.adoc b/virt/post_installation_configuration/virt-post-install-config.adoc
new file mode 100644
index 000000000000..72934c45a7ed
--- /dev/null
+++ b/virt/post_installation_configuration/virt-post-install-config.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-post-install-config"]
+= Postinstallation configuration
+include::_attributes/common-attributes.adoc[]
+:context: virt-post-install-config
+
+toc::[]
+
+The following procedures are typically performed after {VirtProductName} is installed. You can configure the components that are relevant for your environment:
+
+// * Cluster
+
+* xref:../../virt/post_installation_configuration/virt-node-placement-virt-components.adoc#virt-node-placement-virt-components[Node placement rules for {VirtProductName} Operators, workloads, and controllers]
+
+* xref:../../virt/post_installation_configuration/./.virt-network-config.adoc#virt-post-install-network-config[Network configuration]:
+
+** Installing the Kubernetes NMState and SR-IOV Operators
+** Configuring a Linux bridge network for external access to virtual machines (VMs)
+** Configuring a dedicated secondary network for live migration
+** Configuring an SR-IOV network
+
+** Enabling the creation of load balancer services by using the {product-title} web console
+
+* xref:../../virt/post_installation_configuration/virt-post-install-storage-config.adoc#virt-post-install-storage-config[Storage configuration]:
+** Defining a default storage class for the Container Storage Interface (CSI)
+** Configuring local storage by using the Hostpath Provisioner (HPP)
+
+// * Users
+// * Alerts and notifications
diff --git a/virt/post_installation_configuration/virt-post-install-network-config.adoc b/virt/post_installation_configuration/virt-post-install-network-config.adoc
new file mode 100644
index 000000000000..25f86acc5e29
--- /dev/null
+++ b/virt/post_installation_configuration/virt-post-install-network-config.adoc
@@ -0,0 +1,59 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-post-install-network-config"]
+= Postinstallation network configuration
+include::_attributes/common-attributes.adoc[]
+:context: virt-post-install-network-config
+
+toc::[]
+
+By default, {VirtProductName} is installed with a single, internal pod network.
+
+After you install {VirtProductName}, you can install networking Operators and configure additional networks.
+
+[id="installing-operators"]
+== Installing networking Operators
+
+You must install the xref:../../networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc#k8s-nmstate-about-the-k8s-nmstate-operator[Kubernetes NMState Operator] to configure a Linux bridge network for live migration or external access to virtual machines (VMs).
+
+You can install the xref:../../networking/hardware_networks/about-sriov.adoc#about-sriov[SR-IOV Operator] to manage SR-IOV network devices and network attachments.
+
+include::modules/k8s-nmstate-installing-the-kubernetes-nmstate-operator.adoc[leveloffset=+2]
+
+include::modules/nw-sriov-installing-operator.adoc[leveloffset=+2]
+
+[id="configuring-linux-bridge-network"]
+== Configuring a Linux bridge network
+
+After you install the Kubernetes NMState Operator, you can configure a Linux bridge network for live migration or external access to virtual machines (VMs).
+
+include::modules/virt-creating-linux-bridge-nncp.adoc[leveloffset=+2]
+
+include::modules/virt-creating-linux-bridge-nad-web.adoc[leveloffset=+2]
+
+[id="next-steps_configuring-linux-bridge-network"]
+=== Next steps
+* xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-attaching-vm-secondary-network-cli_virt-connecting-vm-to-linux-bridge[Attaching a virtual machine (VM) to a Linux bridge network]
+
+[id="configuring-network-live-migration"]
+== Configuring a network for live migration
+
+After you have configured a Linux bridge network, you can configure a dedicated network for live migration. A dedicated network minimizes the effects of network saturation on tenant workloads during live migration.
+
+include::modules/virt-configuring-secondary-network-vm-live-migration.adoc[leveloffset=+2]
+
+include::modules/virt-selecting-migration-network-ui.adoc[leveloffset=+2]
+
+[id="configuring-sriov-network"]
+== Configuring an SR-IOV network
+
+After you install the SR-IOV Operator, you can configure an SR-IOV network.
+
+include::modules/nw-sriov-configuring-device.adoc[leveloffset=+2]
+
+include::modules/nw-sriov-network-attachment.adoc[leveloffset=+2]
+
+[id="next-steps_configuring-sriov-network"]
+=== Next steps
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-attaching-vm-to-sriov-network_virt-connecting-vm-to-sriov[Attaching a virtual machine (VM) to an SR-IOV network]
+
+include::modules/virt-enabling-load-balancer-service-web.adoc[leveloffset=+1]
diff --git a/virt/post_installation_configuration/virt-post-install-storage-config.adoc b/virt/post_installation_configuration/virt-post-install-storage-config.adoc
new file mode 100644
index 000000000000..6db65e4a88f2
--- /dev/null
+++ b/virt/post_installation_configuration/virt-post-install-storage-config.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-post-install-storage-config"]
+= Postinstallation storage configuration
+include::_attributes/common-attributes.adoc[]
+:context: virt-post-install-storage-config
+
+toc::[]
+
+The following storage configuration tasks are mandatory:
+
+* You must configure a xref:../../post_installation_configuration/storage-configuration.adoc#defining-storage-classes_post-install-storage-configuration[default storage class] for your cluster. Otherwise, the cluster cannot receive automated boot source updates.
+* You must configure xref:../../virt/storage/virt-configuring-storage-profile.adoc#virt-configuring-storage-profile[storage profiles] if your storage provider is not recognized by CDI. A storage profile provides recommended storage settings based on the associated storage class.
+
+Optional: You can configure local storage by using the hostpath provisioner (HPP).
+
+See the xref:../../virt/storage/virt-storage-config-overview.adoc#virt-storage-config-overview[storage configuration overview] for more options, including configuring the Containerized Data Importer (CDI), data volumes, and automatic boot source updates.
+
+[id="configuring-local-storage-hpp"]
+== Configuring local storage by using the HPP
+
+When you install the {VirtProductName} Operator, the Hostpath Provisioner (HPP) Operator is automatically installed. The HPP Operator creates the HPP provisioner.
+
+The HPP is a local storage provisioner designed for {VirtProductName}. To use the HPP, you must create an HPP custom resource (CR).
+
+[IMPORTANT]
+====
+HPP storage pools must not be in the same partition as the operating system. Otherwise, the storage pools might fill the operating system partition. If the operating system partition is full, performance can be effected or the node can become unstable or unusable.
+====
+
+include::modules/virt-creating-storage-class-csi-driver.adoc[leveloffset=+2]
diff --git a/virt/release_notes/virt-4-11-release-notes.adoc b/virt/release_notes/virt-4-11-release-notes.adoc
new file mode 100644
index 000000000000..a4b3edacd3dc
--- /dev/null
+++ b/virt/release_notes/virt-4-11-release-notes.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="virt-4-11-release-notes"]
+= {VirtProductName} release notes
+include::_attributes/common-attributes.adoc[]
+:context: virt-4-11-release-notes
+toc::[]
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+This file is here to allow builds to work.
diff --git a/virt/release_notes/virt-4-12-release-notes.adoc b/virt/release_notes/virt-4-12-release-notes.adoc
new file mode 100644
index 000000000000..52603a1ef06b
--- /dev/null
+++ b/virt/release_notes/virt-4-12-release-notes.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="virt-4-12-release-notes"]
+= {VirtProductName} release notes
+include::_attributes/common-attributes.adoc[]
+:context: virt-4-12-release-notes
+toc::[]
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+This file is here to allow builds to work.
\ No newline at end of file
diff --git a/virt/release_notes/virt-4-13-release-notes.adoc b/virt/release_notes/virt-4-13-release-notes.adoc
new file mode 100644
index 000000000000..e6c34403c65e
--- /dev/null
+++ b/virt/release_notes/virt-4-13-release-notes.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="virt-4-13-release-notes"]
+= {VirtProductName} release notes
+include::_attributes/common-attributes.adoc[]
+:context: virt-4-13-release-notes
+toc::[]
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+This file is here to allow builds to work.
diff --git a/virt/release_notes/virt-4-14-release-notes.adoc b/virt/release_notes/virt-4-14-release-notes.adoc
new file mode 100644
index 000000000000..ea3afceff374
--- /dev/null
+++ b/virt/release_notes/virt-4-14-release-notes.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="virt-4-14-release-notes"]
+= {VirtProductName} release notes
+include::_attributes/common-attributes.adoc[]
+:context: virt-4-14-release-notes
+toc::[]
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+This file is here to allow builds to work.
\ No newline at end of file
diff --git a/virt/release_notes/virt-4-15-release-notes.adoc b/virt/release_notes/virt-4-15-release-notes.adoc
new file mode 100644
index 000000000000..142aac1001af
--- /dev/null
+++ b/virt/release_notes/virt-4-15-release-notes.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="virt-4-15-release-notes"]
+= {VirtProductName} release notes
+include::_attributes/common-attributes.adoc[]
+:context: virt-4-15-release-notes
+toc::[]
+
+Do not add or edit release notes here. Edit release notes directly in the branch
+that they are relevant for.
+
+This file is here to allow builds to work.
\ No newline at end of file
diff --git a/virt/release_notes/virt-release-notes-placeholder.adoc b/virt/release_notes/virt-release-notes-placeholder.adoc
index 190bba29605d..310bd53bd249 100644
--- a/virt/release_notes/virt-release-notes-placeholder.adoc
+++ b/virt/release_notes/virt-release-notes-placeholder.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-release-notes-placeholder"]
 = {VirtProductName} release notes placeholder
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/storage/_attributes b/virt/storage/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/virt/storage/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/virt/storage/images b/virt/storage/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/virt/storage/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/virt/storage/modules b/virt/storage/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/virt/storage/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/sd_support/remote_health_monitoring/snippets b/virt/storage/snippets
similarity index 100%
rename from sd_support/remote_health_monitoring/snippets
rename to virt/storage/snippets
diff --git a/virt/storage/virt-automatic-bootsource-updates.adoc b/virt/storage/virt-automatic-bootsource-updates.adoc
new file mode 100644
index 000000000000..76eea85b9109
--- /dev/null
+++ b/virt/storage/virt-automatic-bootsource-updates.adoc
@@ -0,0 +1,44 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-automatic-bootsource-updates"]
+= Managing automatic boot source updates
+include::_attributes/common-attributes.adoc[]
+:context: virt-automatic-bootsource-updates
+
+toc::[]
+
+You can manage automatic updates for the following boot sources:
+
+* xref:../../virt/storage/virt-automatic-bootsource-updates.adoc#managing-rh-boot-source-updates_virt-automatic-bootsource-updates[All Red Hat boot sources]
+* xref:../../virt/storage/virt-automatic-bootsource-updates.adoc#managing-custom-boot-source-updates_virt-automatic-bootsource-updates[All custom boot sources]
+* xref:../../virt/storage/virt-automatic-bootsource-updates.adoc#virt-disable-auto-updates-single-boot-source_virt-automatic-bootsource-updates[Individual Red Hat or custom boot sources]
+
+Boot sources can make virtual machine (VM) creation more accessible and efficient for users. If automatic boot source updates are enabled, the Containerized Data Importer (CDI) imports, polls, and updates the images so that they are ready to be cloned for new VMs. By default, CDI automatically updates Red Hat boot sources.
+
+[id="managing-rh-boot-source-updates_virt-automatic-bootsource-updates"]
+== Managing Red Hat boot source updates
+
+You can opt out of automatic updates for all system-defined boot sources by disabling the `enableCommonBootImageImport` feature gate. If you disable this feature gate, all `DataImportCron` objects are deleted. This does not remove previously imported boot source objects that store operating system images, though administrators can delete them manually.
+
+When the `enableCommonBootImageImport` feature gate is disabled, `DataSource` objects are reset so that they no longer point to the original boot source. An administrator can manually provide a boot source by creating a new persistent volume claim (PVC) or volume snapshot for the `DataSource` object, then populating it with an operating system image.
+
+include::modules/virt-managing-auto-update-all-system-boot-sources.adoc[leveloffset=+2]
+
+[id="managing-custom-boot-source-updates_virt-automatic-bootsource-updates"]
+== Managing custom boot source updates
+
+_Custom_ boot sources that are not provided by {VirtProductName} are not controlled by the feature gate. You must manage them individually by editing the `HyperConverged` custom resource (CR).
+
+[IMPORTANT]
+====
+You must configure a storage class. Otherwise, the cluster cannot receive automated updates for custom boot sources. See xref:../../post_installation_configuration/storage-configuration.adoc#defining-storage-classes_post-install-storage-configuration[Defining a storage class] for details.
+====
+
+include::modules/virt-configuring-storage-class-bootsource-update.adoc[leveloffset=+2]
+
+include::modules/virt-autoupdate-custom-bootsource.adoc[leveloffset=+2]
+
+include::modules/virt-enabling-volume-snapshot-boot-source.adoc[leveloffset=+2]
+
+include::modules/virt-disable-auto-updates-single-boot-source.adoc[leveloffset=+1]
+
+include::modules/virt-verify-status-bootsource-update.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/storage/virt-configuring-cdi-for-namespace-resourcequota.adoc b/virt/storage/virt-configuring-cdi-for-namespace-resourcequota.adoc
new file mode 100644
index 000000000000..f84305cc27eb
--- /dev/null
+++ b/virt/storage/virt-configuring-cdi-for-namespace-resourcequota.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-configuring-cdi-for-namespace-resourcequota"]
+= Configuring CDI to override CPU and memory quotas
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-cdi-for-namespace-resourcequota
+
+toc::[]
+
+You can configure the Containerized Data Importer (CDI) to import, upload, and clone virtual machine disks into namespaces that are subject to CPU and memory resource restrictions.
+
+include::modules/virt-about-cpu-and-memory-quota-namespace.adoc[leveloffset=+1]
+
+include::modules/virt-overriding-cpu-and-memory-defaults.adoc[leveloffset=+1]
+
+[id="{context}_additional-resources"]
+[role="_additional-resources"]
+== Additional resources
+* xref:../../applications/quotas/quotas-setting-per-project.adoc#quotas-setting-per-project[Resource quotas per project]
diff --git a/virt/storage/virt-configuring-local-storage-with-hpp.adoc b/virt/storage/virt-configuring-local-storage-with-hpp.adoc
new file mode 100644
index 000000000000..4c28c5ad3f82
--- /dev/null
+++ b/virt/storage/virt-configuring-local-storage-with-hpp.adoc
@@ -0,0 +1,22 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-configuring-local-storage-with-hpp"]
+= Configuring local storage by using the hostpath provisioner
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-local-storage-with-hpp
+
+toc::[]
+
+You can configure local storage for virtual machines by using the hostpath provisioner (HPP).
+
+When you install the {VirtProductName} Operator, the Hostpath Provisioner Operator is automatically installed. HPP is a local storage provisioner designed for {VirtProductName} that is created by the Hostpath Provisioner Operator. To use HPP, you create an HPP custom resource (CR) with a basic storage pool.
+
+include::modules/virt-creating-hpp-basic-storage-pool.adoc[leveloffset=+1]
+
+include::modules/virt-about-creating-storage-classes.adoc[leveloffset=+2]
+
+include::modules/virt-creating-storage-class-csi-driver.adoc[leveloffset=+2]
+
+include::modules/virt-about-storage-pools-pvc-templates.adoc[leveloffset=+1]
+
+include::modules/virt-creating-storage-pool-pvc-template.adoc[leveloffset=+2]
+
diff --git a/virt/storage/virt-configuring-storage-profile.adoc b/virt/storage/virt-configuring-storage-profile.adoc
new file mode 100644
index 000000000000..61d8ba351afc
--- /dev/null
+++ b/virt/storage/virt-configuring-storage-profile.adoc
@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-configuring-storage-profile"]
+= Configuring storage profiles
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-storage-profile
+
+toc::[]
+
+A storage profile provides recommended storage settings based on the associated storage class. A storage profile is allocated for each storage class.
+
+If the Containerized Data Importer (CDI) does not recognize your storage provider, you must configure storage profiles.
+
+For recognized storage types, CDI provides values that optimize the creation of PVCs.  However, you can configure automatic settings for a storage class if you customize the storage profile.
+
+[IMPORTANT]
+====
+When using {VirtProductName} with {rh-storage-first}, specify RBD block mode persistent volume claims (PVCs) when creating virtual machine disks. RBD block mode volumes are more efficient and provide better performance than Ceph FS or RBD filesystem-mode PVCs.
+
+To specify RBD block mode PVCs, use the 'ocs-storagecluster-ceph-rbd' storage class and `VolumeMode: Block`.
+====
+
+include::modules/virt-customizing-storage-profile.adoc[leveloffset=+1]
+
+
+
diff --git a/virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc b/virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc
new file mode 100644
index 000000000000..de7607d5887f
--- /dev/null
+++ b/virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-enabling-user-permissions-to-clone-datavolumes"]
+= Enabling user permissions to clone data volumes across namespaces
+include::_attributes/common-attributes.adoc[]
+:context: virt-enabling-user-permissions-to-clone-datavolumes
+
+toc::[]
+
+The isolating nature of namespaces means that users cannot by default
+clone resources between namespaces.
+
+To enable a user to clone a virtual machine to another namespace, a
+user with the `cluster-admin` role must create a new cluster role. Bind
+this cluster role to a user to enable them to clone virtual machines
+to the destination namespace.
+
+include::modules/virt-creating-rbac-cloning-dvs.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/virtual_disks/virt-managing-data-volume-annotations.adoc b/virt/storage/virt-managing-data-volume-annotations.adoc
similarity index 82%
rename from virt/virtual_machines/virtual_disks/virt-managing-data-volume-annotations.adoc
rename to virt/storage/virt-managing-data-volume-annotations.adoc
index f89b8ca81766..36faebf52cf3 100644
--- a/virt/virtual_machines/virtual_disks/virt-managing-data-volume-annotations.adoc
+++ b/virt/storage/virt-managing-data-volume-annotations.adoc
@@ -1,5 +1,5 @@
-:_content-type: ASSEMBLY
-[id="virt-virt-managing-data-volume-annotations"]
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-managing-data-volume-annotations"]
 = Managing data volume annotations
 include::_attributes/common-attributes.adoc[]
 :context: virt-managing-data-volume-annotations
diff --git a/virt/storage/virt-preparing-cdi-scratch-space.adoc b/virt/storage/virt-preparing-cdi-scratch-space.adoc
new file mode 100644
index 000000000000..705247ce2781
--- /dev/null
+++ b/virt/storage/virt-preparing-cdi-scratch-space.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-preparing-cdi-scratch-space"]
+= Preparing CDI scratch space
+include::_attributes/common-attributes.adoc[]
+:context: virt-preparing-cdi-scratch-space
+
+toc::[]
+
+include::modules/virt-about-scratch-space.adoc[leveloffset=+1]
+
+include::modules/virt-operations-requiring-scratch-space.adoc[leveloffset=+1]
+
+include::modules/virt-defining-storageclass.adoc[leveloffset=+1]
+
+include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
+
+[id="{context}-additional-resources"]
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../storage/dynamic-provisioning.adoc#about_dynamic-provisioning[Dynamic provisioning]
diff --git a/virt/storage/virt-reserving-pvc-space-fs-overhead.adoc b/virt/storage/virt-reserving-pvc-space-fs-overhead.adoc
new file mode 100644
index 000000000000..c503a18a1e78
--- /dev/null
+++ b/virt/storage/virt-reserving-pvc-space-fs-overhead.adoc
@@ -0,0 +1,15 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-reserving-pvc-space-fs-overhead"]
+= Reserving PVC space for file system overhead
+include::_attributes/common-attributes.adoc[]
+:context: virt-reserving-pvc-space-fs-overhead
+
+toc::[]
+
+When you add a virtual machine disk to a persistent volume claim (PVC) that uses the `Filesystem` volume mode, you must ensure that there is enough space on the PVC for the VM disk and for file system overhead, such as metadata.
+
+By default, {VirtProductName} reserves 5.5% of the PVC space for overhead, reducing the space available for virtual machine disks by that amount.
+
+You can configure a different overhead value by editing the `HCO` object. You can change the value globally and you can specify values for specific storage classes.
+
+include::modules/virt-overriding-default-fs-overhead-value.adoc[leveloffset=+1]
diff --git a/virt/storage/virt-storage-config-overview.adoc b/virt/storage/virt-storage-config-overview.adoc
new file mode 100644
index 000000000000..9ba6af4f5a64
--- /dev/null
+++ b/virt/storage/virt-storage-config-overview.adoc
@@ -0,0 +1,69 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-storage-config-overview"]
+= Storage configuration overview
+include::_attributes/common-attributes.adoc[]
+:context: virt-storage-config-overview
+
+toc::[]
+
+You can configure a default storage class, storage profiles, Containerized Data Importer (CDI), data volumes, and automatic boot source updates.
+
+[id="storage-configuration-tasks"]
+== Storage
+
+The following storage configuration tasks are mandatory:
+
+xref:../../post_installation_configuration/storage-configuration.adoc#defining-storage-classes_post-install-storage-configuration[Configure a default storage class]::
+
+You must configure a default storage class for your cluster. Otherwise, the cluster cannot receive automated boot source updates.
+
+xref:../../virt/storage/virt-configuring-storage-profile.adoc#virt-configuring-storage-profile[Configure storage profiles]::
+
+You must configure storage profiles if your storage provider is not recognized by CDI. A storage profile provides recommended storage settings based on the associated storage class.
+
+The following storage configuration tasks are optional:
+
+xref:../../virt/storage/virt-reserving-pvc-space-fs-overhead.adoc#virt-reserving-pvc-space-fs-overhead[Reserve additional PVC space for file system overhead]::
+
+By default, 5.5% of a file system PVC is reserved for overhead, reducing the space available for VM disks by that amount. You can configure a different overhead value.
+
+xref:../../virt/storage/virt-configuring-local-storage-with-hpp.adoc#virt-configuring-local-storage-with-hpp[Configure local storage by using the hostpath provisioner]::
+
+You can configure local storage for virtual machines by using the hostpath provisioner (HPP). When you install the {VirtProductName} Operator, the HPP Operator is automatically installed.
+
+xref:../../virt/storage/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[Configure user permissions to clone data volumes between namespaces]::
+
+You can configure RBAC roles to enable users to clone data volumes between namespaces.
+
+[id="cdi-configuration-tasks"]
+== Containerized Data Importer
+
+You can perform the following Containerized Data Importer (CDI) configuration tasks:
+
+xref:../../virt/storage/virt-configuring-cdi-for-namespace-resourcequota.adoc#virt-configuring-cdi-for-namespace-resourcequota[Override the resource request limits of a namespace]::
+You can configure CDI to import, upload, and clone VM disks into namespaces that are subject to CPU and memory resource restrictions.
+
+xref:../../virt/storage/virt-preparing-cdi-scratch-space.adoc#virt-preparing-cdi-scratch-space[Configure CDI scratch space]::
+CDI requires scratch space (temporary storage) to complete some operations, such as importing and uploading VM images. During this process, CDI provisions a scratch space PVC equal to the size of the PVC backing the destination data volume (DV).
+
+[id="dv-configuration-tasks"]
+== Data volumes
+
+You can perform the following data volume configuration tasks:
+
+xref:../../virt/storage/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Enable preallocation for data volumes]::
+
+CDI can preallocate disk space to improve write performance when creating data volumes. You can enable preallocation for specific data volumes.
+
+xref:../../virt/storage/virt-managing-data-volume-annotations.adoc#virt-managing-data-volume-annotations[Manage data volume annotations]::
+
+Data volume annotations allow you to manage pod behavior. You can add one or more annotations to a data volume, which then propagates to the created importer pods.
+
+[id="boot-source-configuration"]
+== Boot source updates
+
+You can perform the following boot source update configuration task:
+
+xref:../../virt/storage/virt-automatic-bootsource-updates.adoc#virt-automatic-bootsource-updates[Manage automatic boot source updates]::
+
+Boot sources can make virtual machine (VM) creation more accessible and efficient for users. If automatic boot source updates are enabled, CDI imports, polls, and updates the images so that they are ready to be cloned for new VMs. By default, CDI automatically updates Red Hat boot sources. You can enable automatic updates for custom boot sources.
\ No newline at end of file
diff --git a/virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc b/virt/storage/virt-using-preallocation-for-datavolumes.adoc
similarity index 93%
rename from virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc
rename to virt/storage/virt-using-preallocation-for-datavolumes.adoc
index 687f4cbf9ad9..8079aec8dcb2 100644
--- a/virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc
+++ b/virt/storage/virt-using-preallocation-for-datavolumes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-using-preallocation-for-datavolumes"]
 = Using preallocation for data volumes
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/support/virt-collecting-virt-data.adoc b/virt/support/virt-collecting-virt-data.adoc
index 2f28b876202d..b1f6f8554812 100644
--- a/virt/support/virt-collecting-virt-data.adoc
+++ b/virt/support/virt-collecting-virt-data.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="virt-collecting-virt-data"]
 = Collecting data for Red Hat Support
@@ -34,7 +34,7 @@ Collecting data about your environment minimizes the time required to analyze an
 .Procedure
 
 . xref:../../support/gathering-cluster-data.adoc#support_gathering_data_gathering-cluster-data[Collect must-gather data for the cluster].
-. link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html-single/troubleshooting_openshift_data_foundation/index#downloading-log-files-and-diagnostic-information_rhodf[Collect must-gather data for {rh-storage-first}], if necessary.
+. link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.15/html-single/troubleshooting_openshift_data_foundation/index#downloading-log-files-and-diagnostic-information_rhodf[Collect must-gather data for {rh-storage-first}], if necessary.
 . xref:../../virt/support/virt-collecting-virt-data.adoc#virt-using-virt-must-gather_virt-collecting-virt-data[Collect must-gather data for {VirtProductName}].
 . xref:../../monitoring/managing-metrics.adoc#querying-metrics-for-all-projects-as-an-administrator_managing-metrics[Collect Prometheus metrics for the cluster].
 
@@ -45,16 +45,16 @@ Collecting data about malfunctioning virtual machines (VMs) minimizes the time r
 
 .Prerequisites
 
-* Linux VMs: xref:../../virt/virtual_machines/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent-on-linux-vm_virt-installing-qemu-guest-agent[Install the latest QEMU guest agent].
+* Linux VMs: xref:../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent-on-linux-vm_virt-installing-qemu-guest-agent[Install the latest QEMU guest agent].
 * Windows VMs:
 ** Record the Windows patch update details.
 ** link:https://access.redhat.com/solutions/6957701[Install the latest VirtIO drivers].
-** xref:../../virt/virtual_machines/virt-installing-qemu-guest-agent.adoc#virt-installing-virtio-drivers-existing-windows_virt-installing-qemu-guest-agent[Install the latest QEMU guest agent].
-** If Remote Desktop Protocol (RDP) is enabled, try to connect to the VMs with RDP by using the xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#virt-vm-rdp-console-web_virt-accessing-vm-consoles[web console] or the xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#virt-accessing-rdp-console_virt-accessing-vm-consoles[command line] to determine whether there is a problem with the connection software.
+** xref:../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-virtio-drivers-existing-windows_virt-installing-qemu-guest-agent[Install the latest QEMU guest agent].
+** If Remote Desktop Protocol (RDP) is enabled, connect by using the xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#desktop-viewer_virt-accessing-vm-consoles[desktop viewer] to determine whether there is a problem with the connection software.
 
 .Procedure
 
-. xref:../../virt/support/virt-collecting-virt-data.adoc#virt-must-gather-options_virt-collecting-virt-data[Collect must-gather data for the VMs] using the `gather_vms_details` script.
+. xref:../../virt/support/virt-collecting-virt-data.adoc#virt-must-gather-options_virt-collecting-virt-data[Collect must-gather data for the VMs] using the `/usr/bin/gather` script.
 . Collect screenshots of VMs that have crashed _before_ you restart them.
 . xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#vm-memory-dump-commands_virt-using-the-cli-tools[Collect memory dumps from VMs] _before_ remediation attempts.
 . Record factors that the malfunctioning VMs have in common. For example, the VMs have the same host or network.
diff --git a/virt/support/virt-support-overview.adoc b/virt/support/virt-support-overview.adoc
index 0cdfa370deed..266e7fbe024a 100644
--- a/virt/support/virt-support-overview.adoc
+++ b/virt/support/virt-support-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-support-overview"]
 = Support overview
 include::_attributes/common-attributes.adoc[]
@@ -21,22 +21,22 @@ The {product-title} web console displays resource usage, alerts, events, and tre
 |*Overview* page
 |Cluster details, status, alerts, inventory, and resource usage
 
-|*Virtualization* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-overview[*Overview* tab]
+|*Virtualization* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-overview_virt-web-console-overview[*Overview* tab]
 |{VirtProductName} resources, usage, alerts, and status
 
-|*Virtualization* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-top-consumers[*Top consumers* tab]
+|*Virtualization* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-top-consumers_virt-web-console-overview[*Top consumers* tab]
 |Top consumers of CPU, memory, and storage
 
-|*Virtualization* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualization-overview-migrations[*Migrations* tab]
+|*Virtualization* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#overview-migrations_virt-web-console-overview[*Migrations* tab]
 |Progress of live migrations
 
-|*VirtualMachines* -> *VirtualMachine* -> *VirtualMachine details* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-metrics[*Metrics* tab]
+|*VirtualMachines* -> *VirtualMachine* -> *VirtualMachine details* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-metrics_virt-web-console-overview[*Metrics* tab]
 |VM resource usage, storage, network, and migration
 
-|*VirtualMachines* -> *VirtualMachine* -> *VirtualMachine details* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-events[*Events* tab]
+|*VirtualMachines* -> *VirtualMachine* -> *VirtualMachine details* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-events_virt-web-console-overview[*Events* tab]
 |List of VM events
 
-|*VirtualMachines* -> *VirtualMachine* -> *VirtualMachine details* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-diagnostics[*Diagnostics tab*]
+|*VirtualMachines* -> *VirtualMachine* -> *VirtualMachine details* -> xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-diagnostics_virt-web-console-overview[*Diagnostics tab*]
 |VM status conditions and volume snapshot status
 |====
 
diff --git a/virt/support/virt-troubleshooting.adoc b/virt/support/virt-troubleshooting.adoc
index 588de2d9c832..47c9a0ea20da 100644
--- a/virt/support/virt-troubleshooting.adoc
+++ b/virt/support/virt-troubleshooting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-troubleshooting"]
 = Troubleshooting
 include::_attributes/common-attributes.adoc[]
@@ -17,7 +17,7 @@ You can troubleshoot {VirtProductName} components by using the xref:../../virt/s
 
 xref:../../nodes/clusters/nodes-containers-events.adoc#nodes-containers-events[{product-title} events] are records of important life-cycle information and are useful for monitoring and troubleshooting virtual machine, namespace, and resource issues.
 
-* VM events: Navigate to the xref:../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-events[*Events* tab] of the *VirtualMachine details* page in the web console.
+* VM events: Navigate to the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-events_virt-web-console-overview[*Events* tab] of the *VirtualMachine details* page in the web console.
 
 Namespace events::
 You can view namespace events by running the following command:
@@ -69,8 +69,8 @@ include::modules/virt-loki-log-queries.adoc[leveloffset=+3]
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
 ==== Additional resources for LokiStack and LogQL
-* xref:../../logging/cluster-logging-loki.adoc#about-logging-loki_cluster-logging-loki[About the LokiStack]
-* xref:../../logging/cluster-logging-loki.adoc#logging-loki-deploy_cluster-logging-loki[Deploying the LokiStack] on {product-title}
+* xref:../../logging/log_storage/about-log-storage.adoc#about-log-storage[About log storage]
+* xref:../../logging/log_storage/installing-log-storage.adoc#cluster-logging-loki-deploy_installing-log-storage[Deploying the LokiStack]
 * link:https://grafana.com/docs/loki/latest/logql/log_queries/[LogQL log queries] in the Grafana documentation
 
 [id="troubleshooting-data-volumes_{context}"]
diff --git a/virt/updating/upgrading-virt.adoc b/virt/updating/upgrading-virt.adoc
index 8f6a577dfc06..7aa5a14fb3c1 100644
--- a/virt/updating/upgrading-virt.adoc
+++ b/virt/updating/upgrading-virt.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="upgrading-virt"]
 = Updating {VirtProductName}
 include::_attributes/common-attributes.adoc[]
@@ -8,22 +8,19 @@ toc::[]
 
 Learn how Operator Lifecycle Manager (OLM) delivers z-stream and minor version updates for {VirtProductName}.
 
-[IMPORTANT]
-====
-Updating to {VirtProductName} 4.13 from {VirtProductName} 4.12.2 is not supported.
-====
-
 include::modules/virt-rhel-9.adoc[leveloffset=+1]
 
 include::modules/virt-about-upgrading-virt.adoc[leveloffset=+1]
 
 include::modules/virt-about-workload-updates.adoc[leveloffset=+2]
 
+ifndef::openshift-origin[]
 include::modules/virt-about-eus-updates.adoc[leveloffset=+2]
 
 Learn more about xref:../../updating/updating_a_cluster/eus-eus-update.adoc#eus-eus-update[performing an EUS-to-EUS update].
 
 include::modules/virt-preventing-workload-updates-during-eus-update.adoc[leveloffset=+1]
+endif::openshift-origin[]
 
 include::modules/virt-configuring-workload-update-methods.adoc[leveloffset=+1]
 
@@ -47,17 +44,12 @@ Configure workload updates to ensure that VMIs update automatically.
 [id="additional-resources_upgrading-virt"]
 [role="_additional-resources"]
 == Additional resources
-
+ifndef::openshift-origin[]
 * xref:../../updating/updating_a_cluster/eus-eus-update.adoc#eus-eus-update[Performing an EUS-to-EUS update]
-
+endif::openshift-origin[]
 * xref:../../operators/understanding/olm-what-operators-are.adoc#olm-what-operators-are[What are Operators?]
-
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-understanding-olm[Operator Lifecycle Manager concepts and resources]
-
 * xref:../../operators/understanding/olm/olm-understanding-olm.adoc#olm-csv_olm-understanding-olm[Cluster service versions (CSVs)]
-
-* xref:../../virt/live_migration/virt-live-migration.adoc#virt-live-migration[Virtual machine live migration]
-
-* xref:../../virt/live_migration/virt-configuring-vmi-eviction-strategy.adoc#virt-configuring-vmi-eviction-strategy[Configuring virtual machine eviction strategy]
-
-* xref:../../virt/live_migration/virt-live-migration-limits.adoc#virt-configuring-live-migration-limits_virt-live-migration-limits[Configuring live migration limits and timeouts]
+* xref:../../virt/live_migration/virt-about-live-migration.adoc#virt-about-live-migration[About live migration]
+* xref:../../virt/nodes/virt-node-maintenance.adoc#eviction-strategies[Configuring eviction strategies]
+* xref:../../virt/live_migration/virt-configuring-live-migration.adoc#virt-configuring-live-migration-limits_virt-configuring-live-migration[Configuring live migration limits and timeouts]
diff --git a/virt/virt-4-8-release-notes.adoc b/virt/virt-4-8-release-notes.adoc
index 95fcdd059097..8c7e5a3301b1 100644
--- a/virt/virt-4-8-release-notes.adoc
+++ b/virt/virt-4-8-release-notes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-4-8-release-notes"]
 include::_attributes/common-attributes.adoc[]
 = {VirtProductName} release notes
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-certificate-rotation.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-certificate-rotation.adoc
index f51cd59d2e9a..19c23349dd05 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-configuring-certificate-rotation.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-configuring-certificate-rotation.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-configuring-certificate-rotation"]
 = Configuring certificate rotation
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-default-cpu-model.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-default-cpu-model.adoc
index cfafe15317af..e28db3ea5c55 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-configuring-default-cpu-model.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-configuring-default-cpu-model.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-configuring-default-cpu-model"]
 = Configuring the default CPU model
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
deleted file mode 100644
index 9f4a08bfff6f..000000000000
--- a/virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc
+++ /dev/null
@@ -1,47 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-mediated-devices"]
-= Configuring mediated devices
-include::_attributes/common-attributes.adoc[]
-:context: virt-configuring-mediated-devices
-
-toc::[]
-
-{VirtProductName} automatically creates mediated devices, such as virtual GPUs (vGPUs), if you provide a list of devices in the `HyperConverged` custom resource (CR).
-
-ifdef::openshift-enterprise[]
-:FeatureName: Declarative configuration of mediated devices
-include::snippets/technology-preview.adoc[]
-endif::[]
-
-include::modules/about-using-gpu-operator.adoc[leveloffset=+1]
-
-include::modules/virt-about-using-virtual-gpus.adoc[leveloffset=+1]
-
-include::modules/virt-prerequisites-mediated-devices.adoc[leveloffset=+2]
-
-include::modules/virt-virtual-gpus-config-overview.adoc[leveloffset=+2]
-
-include::modules/virt-how-virtual-gpus-assigned-nodes.adoc[leveloffset=+2]
-
-include::modules/virt-about-changing-removing-mediated-devices.adoc[leveloffset=+2]
-
-include::modules/virt-preparing-hosts-for-mediated-devices.adoc[leveloffset=+2]
-
-include::modules/virt-adding-kernel-arguments-enable-iommu.adoc[leveloffset=+3]
-
-include::modules/virt-add-remove-mediated-devices.adoc[leveloffset=+2]
-
-include::modules/virt-creating-and-exposing-mediated-devices.adoc[leveloffset=+3]
-
-include::modules/virt-removing-mediated-device-from-cluster-cli.adoc[leveloffset=+3]
-
-// VM owner task:
-
-include::modules/using-mediated-devices.adoc[leveloffset=+1]
-
-include::modules/virt-assigning-mediated-device-virtual-machine.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-[id="additional-resources_virt-configuring-mediated-devices"]
-== Additional resources
-* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-troubleshooting-enabling_intel_vt_x_and_amd_v_virtualization_hardware_extensions_in_bios[Enabling Intel VT-X and AMD-V Virtualization Hardware Extensions in BIOS]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
index f044ee87e6cf..59776061d752 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-configuring-pci-passthrough"]
 = Configuring PCI passthrough
 include::_attributes/common-attributes.adoc[]
@@ -13,14 +13,28 @@ toc::[]
 //When this feature is available in the web console, please
 //add the new content to this assembly.
 
-The Peripheral Component Interconnect (PCI) passthrough feature enables you to access and manage hardware devices from a virtual machine. When PCI passthrough is configured, the PCI devices function as if they were physically attached to the guest operating system.
+The Peripheral Component Interconnect (PCI) passthrough feature enables you to access and manage hardware devices from a virtual machine (VM). When PCI passthrough is configured, the PCI devices function as if they were physically attached to the guest operating system.
 
 Cluster administrators can expose and manage host devices that are permitted to be used in the cluster by using the `oc` command-line interface (CLI).
 
-include::modules/virt-about-pci-passthrough.adoc[leveloffset=+1]
+[id="virt-preparing-nodes-for-gpu-passthrough"]
+== Preparing nodes for GPU passthrough
+
+You can prevent GPU operands from deploying on worker nodes that you designated for GPU passthrough.
+
+include::modules/virt-preventing-nvidia-gpu-operands-from-deploying-on-nodes.adoc[leveloffset=+2]
+
+[id="virt-preparing-host-devices-for-pci-passthrough"]
+== Preparing host devices for PCI passthrough
+
+include::modules/virt-about-pci-passthrough.adoc[leveloffset=+2]
+
 include::modules/virt-adding-kernel-arguments-enable-iommu.adoc[leveloffset=+2]
+
 include::modules/virt-binding-devices-vfio-driver.adoc[leveloffset=+2]
+
 include::modules/virt-exposing-pci-device-in-cluster-cli.adoc[leveloffset=+2]
+
 include::modules/virt-removing-pci-device-from-cluster-cli.adoc[leveloffset=+2]
 
 [id="virt-configuring-vms-for-pci-passthrough"]
@@ -35,4 +49,4 @@ include::modules/virt-assigning-pci-device-virtual-machine.adoc[leveloffset=+2]
 == Additional resources
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-troubleshooting-enabling_intel_vt_x_and_amd_v_virtualization_hardware_extensions_in_bios[Enabling Intel VT-X and AMD-V Virtualization Hardware Extensions in BIOS]
 * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_managing-file-permissions_configuring-basic-system-settings[Managing file permissions]
-* xref:../../../post_installation_configuration/machine-configuration-tasks.adoc#post-install-machine-configuration-tasks[Post-installation machine configuration tasks]
+* xref:../../../post_installation_configuration/machine-configuration-tasks.adoc#post-install-machine-configuration-tasks[Postinstallation machine configuration tasks]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-pxe-booting.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-pxe-booting.adoc
index 87f8bde18358..e51f6fe0b3c7 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-configuring-pxe-booting.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-configuring-pxe-booting.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-pxe-booting"]
 = Configuring PXE booting for virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,7 @@ image from a PXE server when deploying a new host.
 
 == Prerequisites
 
-* A Linux bridge must be xref:../../../virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc#virt-attaching-vm-multiple-networks[connected].
+* A Linux bridge must be xref:../../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[connected].
 
 * The PXE server must be connected to the same VLAN as the bridge.
 
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-vgpu-passthrough.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-vgpu-passthrough.adoc
deleted file mode 100644
index b7d7feea979c..000000000000
--- a/virt/virtual_machines/advanced_vm_management/virt-configuring-vgpu-passthrough.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-vgpu-passthrough"]
-= Configuring vGPU passthrough
-include::_attributes/common-attributes.adoc[]
-:context: virt-configuring-vgpu-passthrough
-
-toc::[]
-
-Your virtual machines can access a virtual GPU (vGPU) hardware. Assigning a vGPU to your virtual machine allows you do the following:
-
-* Access a fraction of the underlying hardware's GPU to achieve high performance benefits in your virtual machine.
-
-* Streamline resource-intensive I/O operations.
-
-[IMPORTANT]
-====
-vGPU passthrough can only be assigned to devices that are connected to clusters running in a bare metal environment.
-====
-
-include::modules/virt-assign-vgpu-passthrough-to-vm.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources_virt-configuring-vgpu-passthrough"]
-== Additional resources
-* xref:../../../virt/virtual_machines/virt-create-vms.adoc#virt-create-vms[Creating virtual machines]
-* xref:../../../virt/vm_templates/virt-creating-vm-template.adoc#virt-creating-vm-template[Creating virtual machine templates]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc b/virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
new file mode 100644
index 000000000000..1609accf2092
--- /dev/null
+++ b/virt/virtual_machines/advanced_vm_management/virt-configuring-virtual-gpus.adoc
@@ -0,0 +1,63 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-configuring-virtual-gpus"]
+= Configuring virtual GPUs
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-virtual-gpus
+
+toc::[]
+
+If you have graphics processing unit (GPU) cards, {VirtProductName} can automatically create virtual GPUs (vGPUs) that you can assign to virtual machines (VMs).
+
+include::modules/virt-about-using-virtual-gpus.adoc[leveloffset=+1]
+
+[id="preparing-hosts-mdevs_{context}"]
+== Preparing hosts for mediated devices
+
+You must enable the Input-Output Memory Management Unit (IOMMU) driver before you can configure mediated devices.
+
+include::modules/virt-adding-kernel-arguments-enable-iommu.adoc[leveloffset=+2]
+
+[id="configuring-nvidia-gpu-operator_{context}"]
+== Configuring the NVIDIA GPU Operator
+
+You can use the NVIDIA GPU Operator to provision worker nodes for running GPU-accelerated virtual machines (VMs) in {VirtProductName}.
+
+[NOTE]
+====
+The NVIDIA GPU Operator is supported only by NVIDIA. For more information, see link:https://access.redhat.com/solutions/5174941[Obtaining Support from NVIDIA] in the Red Hat Knowledgebase.
+====
+
+include::modules/about-using-gpu-operator.adoc[leveloffset=+2]
+
+include::modules/virt-options-configuring-mdevs.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../virt/virtual_machines/advanced_vm_management/virt-configuring-pci-passthrough.adoc#virt-configuring-pci-passthrough[Configuring PCI passthrough]
+
+include::modules/virt-how-virtual-gpus-assigned-nodes.adoc[leveloffset=+1]
+
+[id="managing-mediated-devices_{context}"]
+== Managing mediated devices
+
+Before you can assign mediated devices to virtual machines, you must create the devices and expose them to the cluster. You can also reconfigure and remove mediated devices.
+
+include::modules/virt-creating-and-exposing-mediated-devices.adoc[leveloffset=+2]
+
+include::modules/virt-about-changing-removing-mediated-devices.adoc[leveloffset=+2]
+
+include::modules/virt-removing-mediated-device-from-cluster-cli.adoc[leveloffset=+2]
+
+[id="using-mediated-devices_{context}"]
+== Using mediated devices
+
+You can assign mediated devices to one or more virtual machines.
+
+include::modules/virt-assigning-vgpu-vm-cli.adoc[leveloffset=+2]
+
+include::modules/virt-assigning-vgpu-vm-web.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-troubleshooting-enabling_intel_vt_x_and_amd_v_virtualization_hardware_extensions_in_bios[Enabling Intel VT-X and AMD-V Virtualization Hardware Extensions in BIOS]
\ No newline at end of file
diff --git a/virt/virtual_machines/advanced_vm_management/virt-dedicated-resources-vm.adoc b/virt/virtual_machines/advanced_vm_management/virt-dedicated-resources-vm.adoc
index 9b1e0abe5d44..58c9aaff6192 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-dedicated-resources-vm.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-dedicated-resources-vm.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-dedicated-resources-vm"]
 = Enabling dedicated resources for virtual machines
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-enabling-descheduler-evictions.adoc b/virt/virtual_machines/advanced_vm_management/virt-enabling-descheduler-evictions.adoc
index f92c1e51b136..e819d745553d 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-enabling-descheduler-evictions.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-enabling-descheduler-evictions.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-enabling-descheduler-evictions"]
 = Enabling descheduler evictions on virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -21,4 +21,4 @@ include::modules/virt-enabling-descheduler-evictions.adoc[leveloffset=+1]
 [role="_additional-resources"]
 [id="additional-resources_enabling-descheduler-evictions"]
 == Additional resources
-* xref:../../../nodes/scheduling/nodes-descheduler.adoc#nodes-descheduler[Evicting pods using the descheduler]
+* xref:../../../nodes/scheduling/descheduler/index.adoc#nodes-descheduler-about[Descheduler overview]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-high-availability-for-vms.adoc b/virt/virtual_machines/advanced_vm_management/virt-high-availability-for-vms.adoc
new file mode 100644
index 000000000000..66c548d076d4
--- /dev/null
+++ b/virt/virtual_machines/advanced_vm_management/virt-high-availability-for-vms.adoc
@@ -0,0 +1,21 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-high-availability-for-vms"]
+= About high availability for virtual machines
+include::_attributes/common-attributes.adoc[]
+:context: virt-high-availability-for-vms
+
+toc::[]
+
+You can enable high availability for virtual machines (VMs) by manually deleting a failed node to trigger VM failover or by configuring remediating nodes.
+
+.Manually deleting a failed node
+
+If a node fails and machine health checks are not deployed on your cluster, virtual machines with `runStrategy: Always` configured are not automatically relocated to healthy nodes. To trigger VM failover, you must manually delete the `Node` object.
+
+See xref:../../../virt/nodes/virt-triggering-vm-failover-resolving-failed-node.adoc#virt-triggering-vm-failover-resolving-failed-node[Deleting a failed node to trigger virtual machine failover].
+
+.Configuring remediating nodes
+
+You can configure remediating nodes by installing the Self Node Remediation Operator from the OperatorHub and enabling machine health checks or node remediation checks.
+
+For more information on remediation, fencing, and maintaining nodes, see the link:https://access.redhat.com/documentation/en-us/workload_availability_for_red_hat_openshift/23.2/html-single/remediation_fencing_and_maintenance/index#about-remediation-fencing-maintenance[Workload Availability for Red Hat OpenShift] documentation.
diff --git a/virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc b/virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
index cffe7a2303e7..af421ccbfce6 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-schedule-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-schedule-vms"]
 = Scheduling virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -9,6 +9,15 @@ toc::[]
 You can schedule a virtual machine (VM) on a node by ensuring that the VM's CPU model and policy attribute are matched for compatibility with the CPU models and policy attributes supported by the node.
 
 include::modules/virt-policy-attributes.adoc[leveloffset=+1]
+
 include::modules/virt-setting-policy-attributes.adoc[leveloffset=+1]
+
 include::modules/virt-schedule-supported-cpu-model-vms.adoc[leveloffset=+1]
+
 include::modules/virt-schedule-cpu-host-model-vms.adoc[leveloffset=+1]
+
+include::modules/virt-vm-custom-scheduler.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../../nodes/scheduling/secondary_scheduler/nodes-secondary-scheduler-configuring.adoc#nodes-secondary-scheduler-configuring-console_secondary-scheduler-configuring[Deploying a secondary scheduler]
\ No newline at end of file
diff --git a/virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc b/virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc
index d89d90378d78..433fa67e5854 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-specifying-nodes-for-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-specifying-nodes-for-vms"]
 = Specifying nodes for virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -24,7 +24,7 @@ include::modules/virt-example-vm-node-placement-tolerations.adoc[leveloffset=+2]
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../../virt/install/virt-specifying-nodes-for-virtualization-components.adoc#virt-specifying-nodes-for-virtualization-components[Specifying nodes for virtualization components]
+* xref:../../../virt/post_installation_configuration/virt-node-placement-virt-components.adoc#virt-node-placement-virt-components[Specifying nodes for virtualization components]
 * xref:../../../nodes/scheduling/nodes-scheduler-node-selectors.adoc#nodes-scheduler-node-selectors[Placing pods on specific nodes using node selectors]
 * xref:../../../nodes/scheduling/nodes-scheduler-node-affinity.adoc#nodes-scheduler-node-affinity[Controlling pod placement on nodes using node affinity rules]
 * xref:../../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations[Controlling pod placement using node taints]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-uefi-mode-for-vms.adoc b/virt/virtual_machines/advanced_vm_management/virt-uefi-mode-for-vms.adoc
index 1569301a30c1..21c11eac8ad2 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-uefi-mode-for-vms.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-uefi-mode-for-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-uefi-mode-for-vms"]
 = Using UEFI mode for virtual machines
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-using-huge-pages-with-vms.adoc b/virt/virtual_machines/advanced_vm_management/virt-using-huge-pages-with-vms.adoc
index 998b13ac82ae..7d1cc0030644 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-using-huge-pages-with-vms.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-using-huge-pages-with-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-using-huge-pages-with-vms"]
 = Using huge pages with virtual machines
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/advanced_vm_management/virt-vm-control-plane-tuning.adoc b/virt/virtual_machines/advanced_vm_management/virt-vm-control-plane-tuning.adoc
new file mode 100644
index 000000000000..00fcda496643
--- /dev/null
+++ b/virt/virtual_machines/advanced_vm_management/virt-vm-control-plane-tuning.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-vm-control-plane-tuning"]
+= Virtual machine control plane tuning
+include::_attributes/common-attributes.adoc[]
+:context: virt-control-plane-tuning
+
+toc::[]
+
+{VirtProductName} offers the following tuning options at the control-plane level:
+
+* The `highBurst` profile, which uses fixed `QPS` and `burst` rates, to create hundreds of virtual machines (VMs) in one batch
+* Migration setting adjustment based on workload type
+
+// this module commented out until jsonpatch is supported or this becomes a TP or DP
+// include::modules/virt-configuring-rate-limiters.adoc[leveloffset=+1]
+
+include::modules/virt-configuring-highburst-profile.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/virtual_machines/advanced_vm_management/virt-working-with-resource-quotas-for-vms.adoc b/virt/virtual_machines/advanced_vm_management/virt-working-with-resource-quotas-for-vms.adoc
index eb652a3241dc..f12df43d98de 100644
--- a/virt/virtual_machines/advanced_vm_management/virt-working-with-resource-quotas-for-vms.adoc
+++ b/virt/virtual_machines/advanced_vm_management/virt-working-with-resource-quotas-for-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-working-with-resource-quotas-for-vms"]
 = Working with resource quotas for virtual machines
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/cloning_vms/images b/virt/virtual_machines/cloning_vms/images
deleted file mode 120000
index 4dd3347de19a..000000000000
--- a/virt/virtual_machines/cloning_vms/images
+++ /dev/null
@@ -1 +0,0 @@
-../../../images
\ No newline at end of file
diff --git a/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-PVC.adoc b/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-PVC.adoc
deleted file mode 100644
index 024249b5ba78..000000000000
--- a/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-PVC.adoc
+++ /dev/null
@@ -1,40 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-cloning-vm-disk-into-new-block-storage-pvc"]
-= Cloning a virtual machine disk into a new block storage persistent volume claim
-include::_attributes/common-attributes.adoc[]
-:context: virt-cloning-vm-disk-into-new-block-storage-pvc
-
-toc::[]
-
-You can clone the persistent volume claim (PVC) of a virtual machine disk into
-a new block PVC by referencing the source PVC in your clone target data volume configuration
-file.
-
-[WARNING]
-====
-Cloning operations between different volume modes are supported, such as cloning from a persistent volume (PV) with `volumeMode: Block` to a PV with `volumeMode: Filesystem`.
-
-However, you can only clone between different volume modes if they are of the `contentType: kubevirt`.
-====
-
-[TIP]
-====
-When you enable preallocation globally, or for a single data volume, the Containerized Data Importer (CDI) preallocates disk space during cloning. Preallocation enhances write performance. For more information, see xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Using preallocation for data volumes].
-====
-
-== Prerequisites
-
-* Users need xref:../../../virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[additional permissions] to clone the PVC of a virtual machine disk into another namespace.
-
-:blockstorage:
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-about-block-pvs.adoc[leveloffset=+1]
-
-include::modules/virt-creating-local-block-pv.adoc[leveloffset=+1]
-
-include::modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-:blockstorage!:
diff --git a/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc b/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
deleted file mode 100644
index 024249b5ba78..000000000000
--- a/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-block-storage-pvc.adoc
+++ /dev/null
@@ -1,40 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-cloning-vm-disk-into-new-block-storage-pvc"]
-= Cloning a virtual machine disk into a new block storage persistent volume claim
-include::_attributes/common-attributes.adoc[]
-:context: virt-cloning-vm-disk-into-new-block-storage-pvc
-
-toc::[]
-
-You can clone the persistent volume claim (PVC) of a virtual machine disk into
-a new block PVC by referencing the source PVC in your clone target data volume configuration
-file.
-
-[WARNING]
-====
-Cloning operations between different volume modes are supported, such as cloning from a persistent volume (PV) with `volumeMode: Block` to a PV with `volumeMode: Filesystem`.
-
-However, you can only clone between different volume modes if they are of the `contentType: kubevirt`.
-====
-
-[TIP]
-====
-When you enable preallocation globally, or for a single data volume, the Containerized Data Importer (CDI) preallocates disk space during cloning. Preallocation enhances write performance. For more information, see xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Using preallocation for data volumes].
-====
-
-== Prerequisites
-
-* Users need xref:../../../virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[additional permissions] to clone the PVC of a virtual machine disk into another namespace.
-
-:blockstorage:
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-about-block-pvs.adoc[leveloffset=+1]
-
-include::modules/virt-creating-local-block-pv.adoc[leveloffset=+1]
-
-include::modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-:blockstorage!:
diff --git a/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc b/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc
deleted file mode 100644
index c0cc04e589fc..000000000000
--- a/virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-cloning-vm-disk-into-new-datavolume"]
-= Cloning a virtual machine disk into a new data volume
-include::_attributes/common-attributes.adoc[]
-:context: virt-cloning-vm-disk-into-new-datavolume
-
-toc::[]
-
-You can clone the persistent volume claim (PVC) of a virtual machine disk into
-a new data volume by referencing the source PVC in your data volume configuration
-file.
-
-[WARNING]
-====
-Cloning operations between different volume modes are supported, such as cloning from a persistent volume (PV) with `volumeMode: Block` to a PV with `volumeMode: Filesystem`.
-
-However, you can only clone between different volume modes if they are of the `contentType: kubevirt`.
-====
-
-[TIP]
-====
-When you enable preallocation globally, or for a single data volume, the Containerized Data Importer (CDI) preallocates disk space during cloning. Preallocation enhances write performance. For more information, see xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Using preallocation for data volumes].
-====
-
-== Prerequisites
-
-* Users need xref:../../../virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[additional permissions] to clone the PVC of a virtual machine disk into another namespace.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-cloning-pvc-of-vm-disk-into-new-datavolume.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/virtual_machines/cloning_vms/virt-cloning-vm-using-datavolumetemplate.adoc b/virt/virtual_machines/cloning_vms/virt-cloning-vm-using-datavolumetemplate.adoc
deleted file mode 100644
index d8a925a13ba7..000000000000
--- a/virt/virtual_machines/cloning_vms/virt-cloning-vm-using-datavolumetemplate.adoc
+++ /dev/null
@@ -1,33 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-cloning-vm-using-datavolumetemplate"]
-= Cloning a virtual machine by using a data volume template
-include::_attributes/common-attributes.adoc[]
-:context: virt-cloning-vm-using-datavolumetemplate
-
-toc::[]
-
-You can create a new virtual machine by cloning the persistent volume claim (PVC) of
-an existing VM. By including a `dataVolumeTemplate` in your virtual machine
-configuration file, you create a new data volume from the original PVC.
-
-[WARNING]
-====
-Cloning operations between different volume modes are supported, such as cloning from a persistent volume (PV) with `volumeMode: Block` to a PV with `volumeMode: Filesystem`.
-
-However, you can only clone between different volume modes if they are of the `contentType: kubevirt`.
-====
-
-[TIP]
-====
-When you enable preallocation globally, or for a single data volume, the Containerized Data Importer (CDI) preallocates disk space during cloning. Preallocation enhances write performance. For more information, see xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Using preallocation for data volumes].
-====
-
-== Prerequisites
-
-* Users need xref:../../../virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[additional permissions] to clone the PVC of a virtual machine disk into another namespace.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-creating-new-vm-from-cloned-pvc-using-datavolumetemplate.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc b/virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc
deleted file mode 100644
index 1ee70302cd8e..000000000000
--- a/virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-enabling-user-permissions-to-clone-datavolumes"]
-= Enabling user permissions to clone data volumes across namespaces
-include::_attributes/common-attributes.adoc[]
-:context: virt-enabling-user-permissions-to-clone-datavolumes
-
-toc::[]
-
-The isolating nature of namespaces means that users cannot by default
-clone resources between namespaces.
-
-To enable a user to clone a virtual machine to another namespace, a
-user with the `cluster-admin` role must create a new cluster role. Bind
-this cluster role to a user to enable them to clone virtual machines
-to the destination namespace.
-
-== Prerequisites
-
-* Only a user with the xref:../../../authentication/using-rbac.adoc#default-roles_using-rbac[`cluster-admin`]
-role can create cluster roles.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-creating-rbac-cloning-dvs.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/creating_vms_custom/_attributes b/virt/virtual_machines/creating_vms_custom/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_custom/images b/virt/virtual_machines/creating_vms_custom/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_custom/modules b/virt/virtual_machines/creating_vms_custom/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_custom/snippets b/virt/virtual_machines/creating_vms_custom/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc
new file mode 100644
index 000000000000..80646c095d68
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-by-cloning-pvcs"]
+= Creating VMs by cloning PVCs
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-by-cloning-pvcs
+
+toc::[]
+
+You can create virtual machines (VMs) by cloning existing persistent volume claims (PVCs) with custom images.
+
+You clone a PVC by creating a data volume that references a source PVC.
+
+You must install the xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[QEMU guest agent] on VMs created from operating system images that are not provided by Red Hat.
+
+include::modules/virt-creating-vm-custom-image-web.adoc[leveloffset=+1]
+
+[id="creating-vm-by-cloning-pvcs-cli"]
+== Creating a VM from a PVC by using the command line
+
+You can create a virtual machine (VM) by cloning the persistent volume claim (PVC) of an existing VM by using the command line.
+
+You can clone a PVC by using one of the following options:
+
+* Cloning a PVC to a new data volume.
++
+This method creates a data volume whose lifecycle is independent of the original VM. Deleting the original VM does not affect the new data volume or its associated PVC.
+
+* Cloning a PVC by creating a `VirtualMachine` manifest with a `dataVolumeTemplates` stanza.
++
+This method creates a data volume whose lifecycle is dependent on the original VM. Deleting the original VM deletes the cloned data volume and its associated PVC.
+
+include::modules/virt-cloning-pvc-to-dv-cli.adoc[leveloffset=+2]
+
+include::modules/virt-creating-vm-cloned-pvc-data-volume-template.adoc[leveloffset=+2]
diff --git a/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc
new file mode 100644
index 000000000000..880b10eb1f53
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-container-disks"]
+= Creating VMs by using container disks
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-from-container-disks
+
+toc::[]
+
+You can create virtual machines (VMs) by using container disks built from operating system images.
+
+You can enable auto updates for your container disks. See xref:../../../virt/storage/virt-automatic-bootsource-updates.adoc#virt-automatic-bootsource-updates[Managing automatic boot source updates] for details.
+
+[IMPORTANT]
+====
+If the container disks are large, the I/O traffic might increase and cause worker nodes to be unavailable. You can perform the following tasks to resolve this issue:
+
+* xref:../../../applications/pruning-objects.adoc#pruning-deployments_pruning-objects[Pruning `DeploymentConfig` objects].
+* xref:../../../nodes/nodes/nodes-nodes-garbage-collection.adoc#nodes-nodes-garbage-collection-configuring_nodes-nodes-configuring[Configuring garbage collection].
+====
+
+You create a VM from a container disk by performing the following steps:
+
+. xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc#virt-preparing-container-disk-for-vms_virt-creating-vms-from-container-disks[Build an operating system image into a container disk and upload it to your container registry].
+. If your container registry does not have TLS, xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc#virt-disabling-tls-for-registry_virt-creating-vms-from-container-disks[configure your environment to disable TLS for your registry].
+. Create a VM with the container disk as the disk source by using the xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc#virt-creating-vm-custom-image-web_virt-creating-vms-from-container-disks[web console] or the xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc#virt-creating-vm-import-cli_virt-creating-vms-from-container-disks[command line].
+
+[IMPORTANT]
+====
+You must install the xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[QEMU guest agent] on VMs created from operating system images that are not provided by Red Hat.
+====
+
+include::modules/virt-preparing-container-disk-for-vms.adoc[leveloffset=+1]
+
+include::modules/virt-disabling-tls-for-registry.adoc[leveloffset=+1]
+
+include::modules/virt-creating-vm-custom-image-web.adoc[leveloffset=+1]
+
+include::modules/virt-creating-vm-import-cli.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-custom-images-overview.adoc b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-custom-images-overview.adoc
new file mode 100644
index 000000000000..408b6f1ad1e9
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-custom-images-overview.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-custom-images-overview"]
+= Creating virtual machines from custom images overview
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-from-custom-images-overview
+
+toc::[]
+
+You can create virtual machines (VMs) from custom operating system images by using one of the following methods:
+
+* xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-container-disks.adoc#virt-creating-vms-from-container-disks[Importing the image as a container disk from a registry].
++
+Optional: You can enable auto updates for your container disks. See xref:../../../virt/storage/virt-automatic-bootsource-updates.adoc#virt-automatic-bootsource-updates[Managing automatic boot source updates] for details.
+
+* xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-web-images.adoc#virt-creating-vms-from-web-images[Importing the image from a web page].
+* xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc#virt-creating-vms-uploading-images[Uploading the image from a local machine].
+* xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-by-cloning-pvcs.adoc#virt-creating-vms-by-cloning-pvcs[Cloning a persistent volume claim (PVC) that contains the image].
+
+The Containerized Data Importer (CDI) imports the image into a PVC by using a data volume. You add the PVC to the VM by using the {product-title} web console or command line.
+
+[IMPORTANT]
+====
+You must install the xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[QEMU guest agent] on VMs created from operating system images that are not provided by Red Hat.
+
+You must also install xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#installing-virtio-drivers[VirtIO drivers] on Windows VMs.
+
+The QEMU guest agent is included with Red Hat images.
+====
diff --git a/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-web-images.adoc b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-web-images.adoc
new file mode 100644
index 000000000000..a1b4107115a0
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-web-images.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-web-images"]
+= Creating VMs by importing images from web pages
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-from-web-images
+
+toc::[]
+
+You can create virtual machines (VMs) by importing operating system images from web pages.
+
+[IMPORTANT]
+====
+You must install the xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[QEMU guest agent] on VMs created from operating system images that are not provided by Red Hat.
+====
+
+include::modules/virt-creating-vm-custom-image-web.adoc[leveloffset=+1]
+
+include::modules/virt-creating-vm-import-cli.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
new file mode 100644
index 000000000000..52d6388e4d0e
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-uploading-images"]
+= Creating VMs by uploading images
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-uploading-images
+
+toc::[]
+
+You can create virtual machines (VMs) by uploading operating system images from your local machine.
+
+You can create a Windows VM by uploading a Windows image to a PVC. Then you clone the PVC when you create the VM.
+
+[IMPORTANT]
+====
+You must install the xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[QEMU guest agent] on VMs created from operating system images that are not provided by Red Hat.
+
+You must also install xref:../../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#installing-virtio-drivers[VirtIO drivers] on Windows VMs.
+====
+
+include::modules/virt-creating-vm-uploaded-image-web.adoc[leveloffset=+1]
+
+include::modules/virt-creating-windows-vm.adoc[leveloffset=+1]
+
+include::modules/virt-generalizing-windows-sysprep.adoc[leveloffset=+2]
+
+include::modules/virt-specializing-windows-sysprep.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources-creating-windows-vms"]
+.Additional resources for creating Windows VMs
+* link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep\--generalize\--a-windows-installation[Microsoft, Sysprep (Generalize) a Windows installation]
+* link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/generalize[Microsoft, generalize]
+* link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/specialize[Microsoft, specialize]
+
+// uploading image with cli
+include::modules/virt-uploading-image-virtctl.adoc[leveloffset=+1]
+
+// To do: Editing VM spec to include DV from uploaded image
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc b/virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
new file mode 100644
index 000000000000..ec3f386422e7
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc
@@ -0,0 +1,63 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-installing-qemu-guest-agent"]
+= Installing the QEMU guest agent and VirtIO drivers
+include::_attributes/common-attributes.adoc[]
+:context: virt-installing-qemu-guest-agent
+
+toc::[]
+
+The QEMU guest agent is a daemon that runs on the virtual machine (VM) and passes information to the host about the VM, users, file systems, and secondary networks.
+
+You must install the QEMU guest agent on VMs created from operating system images that are not provided by Red Hat.
+
+[id="installing-qemu-guest-agent"]
+== Installing the QEMU guest agent
+
+include::modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc[leveloffset=+2]
+
+include::modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc[leveloffset=+2]
+
+[id="installing-virtio-drivers"]
+== Installing VirtIO drivers on Windows VMs
+
+VirtIO drivers are paravirtualized device drivers required for Microsoft Windows virtual machines (VMs) to run in {VirtProductName}. The drivers are shipped with the rest of the images and do not require a separate download.
+
+The `container-native-virtualization/virtio-win` container disk must be attached to the VM as a SATA CD drive to enable driver installation. You can install VirtIO drivers during Windows installation or added to an existing Windows installation.
+
+After the drivers are installed, the `container-native-virtualization/virtio-win` container disk can be removed from the VM.
+
+.Supported drivers
+[options="header"]
+|===
+|Driver name |Hardware ID |Description
+
+|*viostor*
+|VEN_1AF4&DEV_1001 +
+VEN_1AF4&DEV_1042
+|The block driver. Sometimes labeled as an *SCSI Controller* in the *Other devices* group.
+
+|*viorng*
+|VEN_1AF4&DEV_1005 +
+VEN_1AF4&DEV_1044
+|The entropy source driver. Sometimes labeled as a *PCI Device* in the *Other devices* group.
+
+|*NetKVM*
+|VEN_1AF4&DEV_1000 +
+VEN_1AF4&DEV_1041
+|The network driver. Sometimes labeled as an *Ethernet Controller* in the *Other devices* group. Available only if a VirtIO NIC is configured.
+|===
+
+include::modules/virt-attaching-virtio-disk-to-windows.adoc[leveloffset=+2]
+
+include::modules/virt-attaching-virtio-disk-to-windows-existing.adoc[leveloffset=+2]
+
+include::modules/virt-installing-virtio-drivers-installing-windows.adoc[leveloffset=+2]
+
+include::modules/virt-installing-virtio-drivers-existing-windows.adoc[leveloffset=+2]
+
+include::modules/virt-adding-container-disk-as-cd.adoc[leveloffset=+2]
+
+[id="updating-virtio-drivers"]
+== Updating VirtIO drivers
+
+include::modules/virt-updating-virtio-drivers-windows.adoc[leveloffset=+2]
diff --git a/virt/virtual_machines/creating_vms_rh/_attributes b/virt/virtual_machines/creating_vms_rh/_attributes
new file mode 120000
index 000000000000..bf7c2529fdb4
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/_attributes
@@ -0,0 +1 @@
+../../../_attributes/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_rh/images b/virt/virtual_machines/creating_vms_rh/images
new file mode 120000
index 000000000000..4399cbb3c0f3
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/images
@@ -0,0 +1 @@
+../../../images/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_rh/modules b/virt/virtual_machines/creating_vms_rh/modules
new file mode 120000
index 000000000000..7e8b50bee77a
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/modules
@@ -0,0 +1 @@
+../../../modules/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_rh/snippets b/virt/virtual_machines/creating_vms_rh/snippets
new file mode 120000
index 000000000000..ce62fd7c41e2
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/snippets
@@ -0,0 +1 @@
+../../../snippets/
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-cli.adoc b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-cli.adoc
new file mode 100644
index 000000000000..230745eaad2e
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-cli.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-cli"]
+= Creating virtual machines from the command line
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-cli
+
+toc::[]
+
+You can create virtual machines (VMs) from the command line by editing or creating a `VirtualMachine` manifest.
+
+include::modules/virt-creating-vm-cli.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-instance-types.adoc b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-instance-types.adoc
new file mode 100644
index 000000000000..add78359f7e5
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-instance-types.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-instance-types"]
+= Creating virtual machines from instance types
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-from-instance-types
+
+toc::[]
+
+You can create virtual machines (VMs) from instance types by using the {product-title} web console.
+
+include::modules/virt-creating-vm-instancetype.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc
new file mode 100644
index 000000000000..63e1e454f670
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc
@@ -0,0 +1,28 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-rh-images-overview"]
+= Creating virtual machines from Red Hat images overview
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-from-rh-images-overview
+
+toc::[]
+
+Red Hat images are xref:../../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-rh-images-overview.adoc#virt-about-golden-images_virt-creating-vms-from-rh-images-overview[golden images]. They are published as container disks in a secure registry. The Containerized Data Importer (CDI) polls and imports the container disks into your cluster and stores them in the `openshift-virtualization-os-images` project as snapshots or persistent volume claims (PVCs).
+
+Red Hat images are automatically updated. You can disable and re-enable automatic updates for these images. See xref:../../../virt/storage/virt-automatic-bootsource-updates.adoc#managing-rh-boot-source-updates_virt-automatic-bootsource-updates[Managing Red Hat boot source updates].
+
+Cluster administrators can enable automatic subscription for {op-system-base-full} virtual machines in the {VirtProductName} xref:../../../virt/getting_started/virt-web-console-overview.adoc#overview-settings-cluster_virt-web-console-overview[web console].
+
+You can create virtual machines (VMs) from operating system images provided by Red Hat by using one of the following methods:
+
+* xref:../../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc#virt-creating-vms-from-templates[Creating a VM from a template by using the web console]
+* xref:../../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-instance-types.adoc#virt-creating-vms-from-instance-types[Creating a VM from an instance type by using the web console]
+* xref:../../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-cli.adoc#virt-creating-vms-from-cli[Creating a VM from a `VirtualMachine` manifest by using the command line]
+
+[IMPORTANT]
+====
+Do not create VMs in the default `openshift-*` namespaces. Instead, create a new namespace or use an existing namespace without the `openshift` prefix.
+====
+
+include::modules/virt-golden-images.adoc[leveloffset=+1]
+
+include::modules/virt-about-vms-and-boot-sources.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
new file mode 100644
index 000000000000..c1a79b7b1fb7
--- /dev/null
+++ b/virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc
@@ -0,0 +1,33 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-creating-vms-from-templates"]
+= Creating virtual machines from templates
+include::_attributes/common-attributes.adoc[]
+:context: virt-creating-vms-from-templates
+
+toc::[]
+
+You can create virtual machines (VMs) from Red Hat templates by using the {product-title} web console.
+
+[id="virt-about-templates"]
+== About VM templates
+
+Boot sources::
+You can expedite VM creation by using templates that have an available boot source. Templates with a boot source are labeled *Available boot source* if they do not have a custom label.
++
+Templates without a boot source are labeled *Boot source required*. See xref:../../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-from-custom-images-overview.adoc#virt-creating-vms-from-custom-images-overview[Creating virtual machines from custom images].
+
+Customization::
+You can customize the disk source and VM parameters before you start the VM:
+
+* See xref:../../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc#virt-vm-storage-volume-types_virt-creating-vms-from-templates[storage volume types] and xref:../../../virt/virtual_machines/creating_vms_rh/virt-creating-vms-from-templates.adoc#virt-storage-wizard-fields-web_virt-creating-vms-from-templates[storage fields] for details about disk source settings.
+
+* See the xref:../../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-overview_virt-web-console-overview[*Overview*], xref:../../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-yaml_virt-web-console-overview[*YAML*], and xref:../../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-configuration_virt-web-console-overview[*Configuration*] tab documentation for details about VM settings.
+
+{sno-caps}::
+Due to differences in storage behavior, some templates are incompatible with {sno}. To ensure compatibility, do not set the `evictionStrategy` field for templates or VMs that use data volumes or storage profiles.
+
+include::modules/virt-creating-vm-from-template.adoc[leveloffset=+1]
+
+include::modules/virt-vm-storage-volume-types.adoc[leveloffset=+2]
+
+include::modules/virt-storage-wizard-fields-web.adoc[leveloffset=+2]
diff --git a/virt/virtual_machines/importing_vms/images b/virt/virtual_machines/importing_vms/images
deleted file mode 120000
index 4dd3347de19a..000000000000
--- a/virt/virtual_machines/importing_vms/images
+++ /dev/null
@@ -1 +0,0 @@
-../../../images
\ No newline at end of file
diff --git a/virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc b/virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
deleted file mode 100644
index 43f6cbfacac5..000000000000
--- a/virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc
+++ /dev/null
@@ -1,61 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-importing-virtual-machine-images-datavolumes"]
-= Importing virtual machine images with data volumes
-include::_attributes/common-attributes.adoc[]
-:context: virt-importing-virtual-machine-images-datavolumes
-
-toc::[]
-
-You can import an existing virtual machine image into your {product-title} cluster storage. Using the Containerized Data Importer (CDI), you can import the image into a persistent volume claim (PVC) by using a data volume. {VirtProductName} uses one or more data volumes to automate the data import and the creation of an underlying PVC. You can attach a data volume to a virtual machine for persistent storage.
-
-The virtual machine image can be hosted at an HTTP or HTTPS endpoint, or built into a container disk and stored in a container registry.
-
-[IMPORTANT]
-====
-When you import a disk image into a PVC, the disk image is expanded to use the full storage capacity that is requested in the PVC. To use this space, the disk partitions and file system(s) in the virtual machine might need to be expanded.
-
-The resizing procedure varies based on the operating system installed on the virtual machine. See the operating system documentation for details.
-====
-
-== Prerequisites
-
-* If the endpoint requires a TLS certificate, the certificate must be
-xref:../../../virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc#virt-adding-tls-certificates-for-authenticating-dv-imports_virt-tls-certificates-for-dv-imports[included in a config map]
-in the same namespace as the data volume and referenced in the data volume configuration.
-
-* To import a container disk:
-** You might need to xref:../../../virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc#virt-preparing-container-disk-for-vms_virt-using-container-disks-with-vms[prepare a container disk from a virtual machine image] and store it in your container registry before importing it.
-** If the container registry does not have TLS, you must xref:../../../virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc#virt-disabling-tls-for-registry_virt-using-container-disks-with-vms[add the registry to the `insecureRegistries` field of the `HyperConverged` custom resource] before you can import a container disk from it.
-
-* You might need to xref:../../../virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc#virt-defining-storageclass_virt-preparing-cdi-scratch-space[define a storage class or prepare CDI scratch space]
-for this operation to complete successfully.
-
-If you intend to import a virtual machine image into block storage with a data volume, you must have an available xref:../../../virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc#virt-creating-local-block-pv_virt-importing-virtual-machine-images-datavolumes[local block persistent volume].
-
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-[NOTE]
-====
-CDI now uses the {product-title} xref:../../../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[cluster-wide proxy configuration].
-====
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-[id="local-block-persistent-volumes"]
-== Local block persistent volumes
-
-If you intend to import a virtual machine image into block storage with a data volume, you must have an available local block persistent volume.
-
-
-include::modules/virt-about-block-pvs.adoc[leveloffset=+2]
-
-include::modules/virt-creating-local-block-pv.adoc[leveloffset=+2]
-
-include::modules/virt-importing-vm-datavolume.adoc[leveloffset=+1]
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configure preallocation mode] to improve write performance for data volume operations.
diff --git a/virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc b/virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc
deleted file mode 100644
index aea656b5b490..000000000000
--- a/virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-tls-certificates-for-dv-imports"]
-= TLS certificates for data volume imports
-include::_attributes/common-attributes.adoc[]
-:context: virt-tls-certificates-for-dv-imports
-
-toc::[]
-
-include::modules/virt-adding-tls-certificates-for-authenticating-dv-imports.adoc[leveloffset=+1]
-
-include::modules/virt-example-configmap-tls-certificate.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/virt-accessing-vm-consoles.adoc b/virt/virtual_machines/virt-accessing-vm-consoles.adoc
index ba4d7a371db6..12a9bfeff917 100644
--- a/virt/virtual_machines/virt-accessing-vm-consoles.adoc
+++ b/virt/virtual_machines/virt-accessing-vm-consoles.adoc
@@ -1,49 +1,52 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-accessing-vm-consoles"]
-= Accessing virtual machine consoles
+= Connecting to virtual machine consoles
 include::_attributes/common-attributes.adoc[]
 :context: virt-accessing-vm-consoles
+:virt-accessing-vm-consoles:
 
 toc::[]
 
-{VirtProductName} provides different virtual machine consoles that you can
-use to accomplish different product tasks. You can access these consoles through
-the {product-title} web console and by using CLI commands.
+You can connect to the following consoles to access running virtual machines (VMs):
 
-[id="virt-accessing-vm-consoles-web"]
-== Accessing virtual machine consoles in the {product-title} web console
+* xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#vnc-console_virt-accessing-vm-consoles[VNC console]
+* xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#serial-console_virt-accessing-vm-consoles[Serial console]
+* xref:../../virt/virtual_machines/virt-accessing-vm-consoles.adoc#desktop-viewer_virt-accessing-vm-consoles[Desktop viewer for Windows VMs]
 
-You can connect to virtual machines by using the serial console or the VNC console in the {product-title} web console.
+[id="vnc-console_virt-accessing-vm-consoles"]
+== Connecting to the VNC console
 
-You can connect to Windows virtual machines by using the desktop viewer console, which uses RDP (remote desktop protocol), in the {product-title} web console.
+You can connect to the VNC console of a virtual machine by using the {product-title} web console or the `virtctl` command line tool.
 
-include::modules/virt-vm-serial-console-web.adoc[leveloffset=+2]
+:context: vnc-console
+include::modules/virt-connecting-to-vm-console-web.adoc[leveloffset=+2]
+include::modules/virt-connecting-vm-virtctl.adoc[leveloffset=+2]
+:!vnc-console:
 
-include::modules/virt-connecting-vnc-console.adoc[leveloffset=+2]
+:context: vnc-console
+include::modules/virt-temporary-token-VNC.adoc[leveloffset=+2]
+:!vnc-console:
 
-include::modules/virt-vm-rdp-console-web.adoc[leveloffset=+2]
+[id="serial-console_virt-accessing-vm-consoles"]
+== Connecting to the serial console
 
-include::modules/virt-switching-displays.adoc[leveloffset=+2]
+You can connect to the serial console of a virtual machine by using the {product-title} web console or the `virtctl` command line tool.
 
-[role="_additional-resources"]
-.Additional resources
+[NOTE]
+====
+Running concurrent VNC connections to a single virtual machine is not currently supported.
+====
 
-* xref:../../virt/virtual_machines/advanced_vm_management/virt-configuring-mediated-devices.adoc#virt-configuring-mediated-devices[Configuring mediated devices]
+:context: serial-console
+include::modules/virt-connecting-to-vm-console-web.adoc[leveloffset=+2]
+include::modules/virt-connecting-vm-virtctl.adoc[leveloffset=+2]
+:!serial-console:
 
-include::modules/virt-copying-the-ssh-command.adoc[leveloffset=+2]
+[id="desktop-viewer_virt-accessing-vm-consoles"]
+== Connecting to the desktop viewer
 
-[id="virt-accessing-vm-consoles-cli"]
-== Accessing virtual machine consoles by using CLI commands
+You can connect to a Windows virtual machine (VM) by using the desktop viewer and the Remote Desktop Protocol (RDP).
 
-include::modules/virt-accessing-vmi-ssh.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc#virt-creating-service-vm[Creating a service to expose a virtual machine]
-* xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets-about_nodes-pods-secrets[Understanding secrets]
-
-include::modules/virt-accessing-serial-console.adoc[leveloffset=+2]
-
-include::modules/virt-accessing-vnc-console.adoc[leveloffset=+2]
-
-include::modules/virt-accessing-rdp-console.adoc[leveloffset=+2]
+:context: desktop-viewer
+include::modules/virt-connecting-to-vm-console-web.adoc[leveloffset=+2]
+:!desktop-viewer:
diff --git a/virt/virtual_machines/virt-accessing-vm-ssh.adoc b/virt/virtual_machines/virt-accessing-vm-ssh.adoc
new file mode 100644
index 000000000000..af808a19dac3
--- /dev/null
+++ b/virt/virtual_machines/virt-accessing-vm-ssh.adoc
@@ -0,0 +1,149 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-accessing-vm-ssh"]
+= Configuring SSH access to virtual machines
+include::_attributes/common-attributes.adoc[]
+:context: virt-accessing-vm-ssh
+:toclevels: 3
+
+toc::[]
+
+You can configure SSH access to virtual machines (VMs) by using the following methods:
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#using-virtctl-ssh_virt-accessing-vm-ssh[`virtctl ssh` command]
++
+You create an SSH key pair, add the public key to a VM, and connect to the VM by running the `virtctl ssh` command with the private key.
++
+You can add public SSH keys to {op-system-base-full} 9 VMs at runtime or at first boot to VMs with guest operating systems that can be configured by using a cloud-init data source.
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#virt-using-virtctl-port-forward-command_virt-accessing-vm-ssh[`virtctl port-forward` command]
++
+You add the `virtctl port-foward` command to your `.ssh/config` file and connect to the VM by using OpenSSH.
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#using-services-ssh_virt-accessing-vm-ssh[Service]
++
+You create a service, associate the service with the VM, and connect to the IP address and port exposed by the service.
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#using-secondary-networks-ssh_virt-accessing-vm-ssh[Secondary network]
++
+You configure a secondary network, attach a virtual machine (VM) to the secondary network interface, and connect to the DHCP-allocated IP address.
+
+include::modules/virt-access-configuration-considerations.adoc[leveloffset=+1]
+
+[id="using-virtctl-ssh_virt-accessing-vm-ssh"]
+== Using virtctl ssh
+
+You can add a public SSH key to a virtual machine (VM) and connect to the VM by running the `virtctl ssh` command.
+
+This method is simple to configure. However, it is not recommended for high traffic loads because it places a burden on the API server.
+
+include::modules/virt-about-static-and-dynamic-ssh-keys.adoc[leveloffset=+2]
+
+[id="static-key-management-vm"]
+=== Static key management
+
+You can add a statically managed public SSH key when you create a virtual machine (VM) by using the {product-title} web console or the command line. The key is added as a cloud-init data source when the VM boots for the first time.
+
+[TIP]
+====
+You can also add the key to a project by using the {product-title} web console. Afterwards, this key is added automatically to VMs that you create in the project.
+====
+
+:context: static-key
+:static-key:
+include::modules/virt-adding-key-creating-vm-template.adoc[leveloffset=+3]
+
+include::modules/virt-creating-vm-instancetype.adoc[leveloffset=+3]
+
+include::modules/virt-adding-public-key-cli.adoc[leveloffset=+3]
+:!static-key:
+
+:virt-accessing-vm-ssh:
+[id="adding-dynamic-key-vm"]
+=== Dynamic key management
+
+You can enable dynamic key injection for a virtual machine (VM) by using the {product-title} web console or the command line. Then, you can update the key at runtime.
+
+[NOTE]
+====
+Only {op-system-base-full} 9 supports dynamic key injection.
+====
+
+If you disable dynamic key injection, the VM inherits the key management method of the image from which it was created.
+
+:context: dynamic-key
+:dynamic-key:
+include::modules/virt-adding-key-creating-vm-template.adoc[leveloffset=+3]
+
+include::modules/virt-creating-vm-instancetype.adoc[leveloffset=+3]
+
+include::modules/virt-editing-vm-dynamic-key-injection.adoc[leveloffset=+3]
+
+include::modules/virt-adding-public-key-cli.adoc[leveloffset=+3]
+:!dynamic-key:
+
+:context: virt-accessing-vm-ssh
+:virt-accessing-vm-ssh:
+include::modules/virt-using-virtctl-ssh-command.adoc[leveloffset=+2]
+
+[TIP]
+====
+You can copy the `virtctl ssh` command in the web console by selecting *Copy SSH command* from the options {kebab} menu beside a VM on the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachines-page_virt-web-console-overview[*VirtualMachines* page].
+====
+
+include::modules/virt-using-virtctl-port-forward-command.adoc[leveloffset=+1]
+
+[id="using-services-ssh_virt-accessing-vm-ssh"]
+== Using a service for SSH access
+
+You can create a service for a virtual machine (VM) and connect to the IP address and port exposed by the service.
+
+Services provide excellent performance and are recommended for applications that are accessed from outside the cluster or within the cluster. Ingress traffic is protected by firewalls.
+
+If the cluster network cannot handle the traffic load, consider using a secondary network for VM access.
+
+include::modules/virt-about-services.adoc[leveloffset=+2]
+
+[id="creating-services-ssh_virt-accessing-vm-ssh"]
+=== Creating a service
+
+You can create a service to expose a virtual machine (VM) by using the {product-title} web console, `virtctl` command line tool, or a YAML file.
+
+include::modules/virt-enabling-load-balancer-service-web.adoc[leveloffset=+3]
+
+include::modules/virt-creating-service-web.adoc[leveloffset=+3]
+
+include::modules/virt-creating-service-virtctl.adoc[leveloffset=+3]
+
+.Next steps
+
+After you create a service with `virtctl`, you must add `special: key` to the `spec.template.metadata.labels` stanza of the `VirtualMachine` manifest. See xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#virt-creating-service-cli_virt-accessing-vm-ssh[Creating a service by using the command line].
+
+include::modules/virt-creating-service-cli.adoc[leveloffset=+3]
+
+include::modules/virt-connecting-service-ssh.adoc[leveloffset=+2]
+
+[id="using-secondary-networks-ssh_virt-accessing-vm-ssh"]
+== Using a secondary network for SSH access
+
+You can configure a secondary network, attach a virtual machine (VM) to the secondary network interface, and connect to the DHCP-allocated IP address by using SSH.
+
+[IMPORTANT]
+====
+Secondary networks provide excellent performance because the traffic is not handled by the cluster network stack. However, the VMs are exposed directly to the secondary network and are not protected by firewalls. If a VM is compromised, an intruder could gain access to the secondary network. You must configure appropriate security within the operating system of the VM if you use this method.
+====
+
+See the link:https://access.redhat.com/articles/6994974#networking-multus[Multus] and link:https://access.redhat.com/articles/6994974#networking-sriov[SR-IOV] documentation in the link:https://access.redhat.com/articles/6994974[{VirtProductName} Tuning & Scaling Guide] for additional information about networking options.
+
+.Prerequisites
+
+* You configured a secondary network such as xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[Linux bridge] or xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-connecting-vm-to-sriov[SR-IOV].
+* You created a network attachment definition for a xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-creating-linux-bridge-nad-web_virt-connecting-vm-to-linux-bridge[Linux bridge network] or the SR-IOV Network Operator created a xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#nw-sriov-network-attachment_virt-connecting-vm-to-sriov[network attachment definition] when you created an `SriovNetwork` object.
+
+include::modules/virt-vm-creating-nic-web.adoc[leveloffset=+2]
+
+include::modules/virt-connecting-secondary-network-ssh.adoc[leveloffset=+2]
+
+[NOTE]
+====
+You can also xref:../../virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc#virt-accessing-vm-secondary-network-fqdn[access a VM attached to a secondary network interface by using the cluster FQDN].
+====
diff --git a/virt/virtual_machines/virt-automating-windows-sysprep.adoc b/virt/virtual_machines/virt-automating-windows-sysprep.adoc
deleted file mode 100644
index f4625ddd9055..000000000000
--- a/virt/virtual_machines/virt-automating-windows-sysprep.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-automating-windows-sysprep"]
-= Automating Windows installation with sysprep
-include::_attributes/common-attributes.adoc[]
-:context: virt-automating-windows-sysprep
-
-toc::[]
-
-You can use Microsoft DVD images and `sysprep` to automate the installation, setup, and software provisioning of Windows virtual machines.
-
-include::modules/virt-using-windows-dvd-disk-image.adoc[leveloffset=+1]
-
-include::modules/virt-using-disk-image-install-windows.adoc[leveloffset=+1]
-
-include::modules/virt-generalizing-windows-sysprep.adoc[leveloffset=+1]
-
-include::modules/virt-specializing-windows-sysprep.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources-virt-automating-windows-sysprep_{context}"]
-== Additional resources
-* xref:../../virt/virtual_machines/virt-create-vms.adoc#virt-create-vms[Creating virtual machines]
-* link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep\--generalize\--a-windows-installation[Microsoft, Sysprep (Generalize) a Windows installation]
-* link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/generalize[Microsoft, generalize]
-* link:https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/specialize[Microsoft, specialize]
diff --git a/virt/virtual_machines/virt-controlling-vm-states.adoc b/virt/virtual_machines/virt-controlling-vm-states.adoc
index 58d817daffb1..b36c3eddcea4 100644
--- a/virt/virtual_machines/virt-controlling-vm-states.adoc
+++ b/virt/virtual_machines/virt-controlling-vm-states.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-controlling-vm-states"]
 = Controlling virtual machine states
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/virt-create-vms.adoc b/virt/virtual_machines/virt-create-vms.adoc
deleted file mode 100644
index f36cf5df6b23..000000000000
--- a/virt/virtual_machines/virt-create-vms.adoc
+++ /dev/null
@@ -1,80 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-create-vms"]
-= Creating virtual machines
-include::_attributes/common-attributes.adoc[]
-:context: virt-create-vms
-
-toc::[]
-
-Use one of these procedures to create a virtual machine:
-
-* Using the web console *Developer* perspective *+Add* page
-* Quick Start guided tour
-* Quick create from the *Catalog*
-* Pasting a pre-configured YAML file with the virtual machine wizard
-* Using the CLI
-
-[WARNING]
-====
-Do not create virtual machines in `openshift-*` namespaces.
-Instead, create a new namespace or use an existing namespace without the `openshift` prefix.
-====
-
-When you create virtual machines from the web console, select a virtual machine template that is configured with a boot source. Virtual machine templates with a boot source are labeled as *Available boot source* or they display a customized label text. Using templates with an available boot source expedites the process of creating virtual machines.
-
-Templates without a boot source are labeled as *Boot source required*. You can use these templates if you complete the steps for xref:../../virt/vm_templates/virt-creating-vm-template.adoc#virt-adding-a-boot-source-web_virt-creating-vm-template[adding a boot source to the virtual machine].
-
-[IMPORTANT]
-====
-Due to differences in storage behavior, some virtual machine templates are incompatible with {sno}. To ensure compatibility, do not set the `evictionStrategy` field for any templates or virtual machines that use data volumes or storage profiles.
-====
-
-include::modules/odc-creating-vms.adoc[leveloffset=+1]
-
-include::modules/virt-creating-vm-quick-start-web.adoc[leveloffset=+1]
-
-include::modules/virt-quick-creating-vm.adoc[leveloffset=+1]
-
-include::modules/virt-creating-vm-custom-template.adoc[leveloffset=+1]
-
-Refer to the virtual machine fields section when creating a VM from the web console.
-
-:virtualmachine:
-include::modules/virt-networking-wizard-fields-web.adoc[leveloffset=+2]
-
-include::modules/virt-storage-wizard-fields-web.adoc[leveloffset=+2]
-
-include::modules/virt-cloud-init-fields-web.adoc[leveloffset=+2]
-
-To configure storage class defaults, use storage profiles. For more information, see xref:../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile].
-
-include::modules/virt-creating-vm-yaml-web.adoc[leveloffset=+2]
-
-include::modules/virt-creating-vm-cli.adoc[leveloffset=+1]
-
-:virtualmachine!:
-
-include::modules/virt-vm-storage-volume-types.adoc[leveloffset=+1]
-
-include::modules/virt-about-runstrategies-vms.adoc[leveloffset=+1]
-
-include::modules/virt-creating-vm-instancetype.adoc[leveloffset=+1]
-
-
-[id="additional-resources_virt-create-vms_{context}"]
-[role="_additional-resources"]
-== Additional resources
-
-* The `VirtualMachineSpec` definition in the link:https://kubevirt.io/api-reference/{KubeVirtVersion}/definitions.html#_v1_virtualmachinespec[KubeVirt {KubeVirtVersion} API Reference] provides broader context for the parameters and hierarchy of the virtual machine specification.
-
-+
-[NOTE]
-====
-The KubeVirt API Reference is the upstream project reference and might contain parameters that are not supported in {VirtProductName}.
-====
-
-* Enable the xref:../../scalability_and_performance/using-cpu-manager.adoc#using-cpu-manager[CPU Manager] to use the high-performance workload profile.
-* See xref:../../virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc#virt-using-container-disks-with-vms[Prepare a container disk] before adding it to a virtual machine as a `containerDisk` volume.
-* See xref:../../machine_management/deploying-machine-health-checks.adoc#machine-health-checks-about_deploying-machine-health-checks[Deploying machine health checks] for further details on deploying and enabling machine health checks.
-* See xref:../../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[Installer-provisioned infrastructure overview] for further details on installer-provisioned infrastructure.
-* xref:../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile]
diff --git a/virt/virtual_machines/virt-delete-vms.adoc b/virt/virtual_machines/virt-delete-vms.adoc
index 2c5c210e422d..f8ccd34245e5 100644
--- a/virt/virtual_machines/virt-delete-vms.adoc
+++ b/virt/virtual_machines/virt-delete-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-delete-vms"]
 = Deleting virtual machines
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/virt-edit-boot-order.adoc b/virt/virtual_machines/virt-edit-boot-order.adoc
index 3ebc28a58a77..b42250a71404 100644
--- a/virt/virtual_machines/virt-edit-boot-order.adoc
+++ b/virt/virtual_machines/virt-edit-boot-order.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-edit-boot-order"]
 = Editing boot order
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/virt-edit-vms.adoc b/virt/virtual_machines/virt-edit-vms.adoc
index c14ff9b32e82..1a3c5df5f0f4 100644
--- a/virt/virtual_machines/virt-edit-vms.adoc
+++ b/virt/virtual_machines/virt-edit-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-edit-vms"]
 = Editing virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -6,18 +6,14 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can update a virtual machine configuration using either the YAML editor in the web console or the OpenShift CLI on the command line. You can also update a subset of the parameters in the *Virtual Machine Details* screen.
+You can update a virtual machine (VM) configuration by using the {product-title} web console. You can update the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-yaml_virt-web-console-overview[YAML file] or the xref:../../virt/getting_started/virt-web-console-overview.adoc#virtualmachine-details-page_virt-web-console-overview[*VirtualMachine details* page].
 
-include::modules/virt-editing-vm-web.adoc[leveloffset=+1]
-
-include::modules/virt-editing-vm-yaml-web.adoc[leveloffset=+1]
+You can also edit a VM by using the command line.
 
 include::modules/virt-editing-vm-cli.adoc[leveloffset=+1]
 
 include::modules/virt-add-disk-to-vm.adoc[leveloffset=+1]
 
-To configure storage class defaults, use storage profiles. For more information, see xref:../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile].
-
 include::modules/virt-storage-wizard-fields-web.adoc[leveloffset=+2]
 
 include::modules/virt-adding-secret-configmap-service-account-to-vm.adoc[leveloffset=+1]
@@ -30,7 +26,3 @@ include::modules/virt-adding-secret-configmap-service-account-to-vm.adoc[levelof
 * xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets-about[Providing sensitive data to pods]
 * xref:../../authentication/understanding-and-creating-service-accounts.adoc#service-accounts-overview[Understanding and creating service accounts]
 
-
-include::modules/virt-add-nic-to-vm.adoc[leveloffset=+1]
-
-include::modules/virt-networking-wizard-fields-web.adoc[leveloffset=+2]
diff --git a/virt/virtual_machines/virt-exporting-vms.adoc b/virt/virtual_machines/virt-exporting-vms.adoc
index 1418ad6d3bd8..092cfac8a6b7 100644
--- a/virt/virtual_machines/virt-exporting-vms.adoc
+++ b/virt/virtual_machines/virt-exporting-vms.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-exporting-vms"]
 = Exporting virtual machines
 include::_attributes/common-attributes.adoc[]
@@ -12,11 +12,12 @@ You create a `VirtualMachineExport` custom resource (CR) by using the command li
 
 Alternatively, you can use the xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#vm-volume-export-commands_virt-using-the-cli-tools[`virtctl vmexport` command] to create a `VirtualMachineExport` CR and to download exported volumes.
 
+[NOTE]
+====
+You can migrate virtual machines between OpenShift Virtualization clusters by using the link:https://access.redhat.com/products/migration-toolkits-virtualization[Migration Toolkit for Virtualization].
+====
+
 include::modules/virt-creating-virtualmachineexport.adoc[leveloffset=+1]
 
 include::modules/virt-accessing-exported-vm-manifests.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-[id="additional-resources_virt-exporting-vms"]
-== Additional resources
-* xref:../../virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc#virt-importing-virtual-machine-images-datavolumes[Importing virtual machine images with data volumes]
\ No newline at end of file
diff --git a/virt/virtual_machines/virt-installing-qemu-guest-agent.adoc b/virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
deleted file mode 100644
index 5006ce184558..000000000000
--- a/virt/virtual_machines/virt-installing-qemu-guest-agent.adoc
+++ /dev/null
@@ -1,34 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-installing-qemu-guest-agent"]
-= Installing the QEMU guest agent and VirtIO drivers
-include::_attributes/common-attributes.adoc[]
-:context: virt-installing-qemu-guest-agent
-
-toc::[]
-
-The xref:../../virt/virtual_machines/virt-viewing-qemu-guest-agent-web.adoc#virt-viewing-qemu-guest-agent-web[QEMU guest agent] is a daemon that runs on the virtual machine and passes information to the host about the virtual machine, users, file systems, and secondary networks.
-
-[id="installing-qemu-guest-agent"]
-== Installing the QEMU guest agent
-
-include::modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc[leveloffset=+2]
-
-include::modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc[leveloffset=+2]
-
-[id="installing-virtio-drivers"]
-== Installing VirtIO drivers
-
-include::modules/virt-supported-virtio-drivers.adoc[leveloffset=+2]
-
-include::modules/virt-about-virtio-drivers.adoc[leveloffset=+2]
-
-include::modules/virt-installing-virtio-drivers-existing-windows.adoc[leveloffset=+2]
-
-include::modules/virt-installing-virtio-drivers-installing-windows.adoc[leveloffset=+2]
-
-include::modules/virt-adding-virtio-drivers-vm-yaml.adoc[leveloffset=+2]
-
-[id="updating-virtio-drivers"]
-== Updating VirtIO drivers
-
-include::modules/virt-updating-virtio-drivers-windows.adoc[leveloffset=+2]
\ No newline at end of file
diff --git a/virt/virtual_machines/virt-manage-vmis.adoc b/virt/virtual_machines/virt-manage-vmis.adoc
index 777bab165db2..3e23a7effde4 100644
--- a/virt/virtual_machines/virt-manage-vmis.adoc
+++ b/virt/virtual_machines/virt-manage-vmis.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-manage-vmis"]
 = Managing virtual machine instances
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc b/virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
index 78108d2638e9..b2780d089b03 100644
--- a/virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
+++ b/virt/virtual_machines/virt-managing-vms-openshift-pipelines.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-managing-vms-openshift-pipelines"]
 = Managing virtual machines with OpenShift Pipelines
 include::_attributes/common-attributes.adoc[]
@@ -6,9 +6,9 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-xref:../../cicd/pipelines/understanding-openshift-pipelines.adoc#understanding-openshift-pipelines[{pipelines-title}] is a Kubernetes-native CI/CD framework that allows developers to design and run each step of the CI/CD pipeline in its own container.
+link:https://docs.openshift.com/pipelines/latest/about/understanding-openshift-pipelines.html[{pipelines-title}] is a Kubernetes-native CI/CD framework that allows developers to design and run each step of the CI/CD pipeline in its own container.
 
-The Tekton Tasks Operator (TTO) integrates {VirtProductName} with {pipelines-shortname}. TTO includes tasks and example pipelines that allow you to:
+The Scheduling, Scale, and Performance (SSP) Operator integrates {VirtProductName} with {pipelines-shortname}. The SSP Operator includes tasks and example pipelines that allow you to:
 
 * Create and manage virtual machines (VMs), persistent volume claims (PVCs), and data volumes
 * Run commands in VMs
@@ -23,18 +23,18 @@ include::snippets/technology-preview.adoc[]
 
 * You have access to an {product-title} cluster with `cluster-admin` permissions.
 * You have installed the OpenShift CLI (`oc`).
-* You have xref:../../cicd/pipelines/installing-pipelines.adoc#installing-pipelines[installed {pipelines-shortname}].
+* You have link:https://docs.openshift.com/pipelines/latest/install_config/installing-pipelines.html[installed {pipelines-shortname}].
 
 
-include::modules/virt-deploying-tto.adoc[leveloffset=+1]
+include::modules/virt-deploying-ssp.adoc[leveloffset=+1]
 
-include::modules/virt-supported-tekton-tasks.adoc[leveloffset=+1]
+include::modules/virt-supported-ssp-tasks.adoc[leveloffset=+1]
 
 
 [id="example-pipelines_virt-managing-vms-openshift-pipelines"]
 == Example pipelines
 
-The Tekton Tasks Operator includes the following example `Pipeline` manifests. You can run the example pipelines by using the web console or CLI.
+The SSP Operator includes the following example `Pipeline` manifests. You can run the example pipelines by using the web console or CLI.
 
 You might have to run more than one installer pipeline if you need multiple versions of Windows. If you run more than one installer pipeline, each one requires unique parameters, such as the `autounattend` config map and base image name. For example, if you need Windows 10 and Windows 11 or Windows Server 2022 images, you have to run both the Windows efi installer pipeline and the Windows bios installer pipeline. However, if you need Windows 11 and Windows Server 2022 images, you have to run only the Windows efi installer pipeline.
 
@@ -46,15 +46,15 @@ Windows customize pipeline:: This pipeline clones the data volume of a basic Win
 
 [NOTE]
 ====
-The `tekton-tasks-operator` example pipelines use a config map file with `sysprep` predefined by {product-title} and suitable for Microsoft ISO files. For other ISO files, you might need to create a new config map file with a system-specific `sysprep` definition.
+The example pipelines use a config map file with `sysprep` predefined by {product-title} and suitable for Microsoft ISO files. For ISO files pertaining to different Windows editions, it may be necessary to create a new config map file with a system-specific sysprep definition.
 ====
 
-include::modules/virt-running-tto-pipeline-web.adoc[leveloffset=+2]
+include::modules/virt-running-ssp-pipeline-web.adoc[leveloffset=+2]
 
-include::modules/virt-running-tto-pipeline-cli.adoc[leveloffset=+2]
+include::modules/virt-running-ssp-pipeline-cli.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 [id="additional-resources_virt-managing-vms-openshift-pipelines"]
 == Additional resources
-* xref:../../cicd/pipelines/creating-applications-with-cicd-pipelines.adoc#creating-applications-with-cicd-pipelines[Creating CI/CD solutions for applications using {pipelines-title}]
-* xref:../../virt/virtual_machines/virt-automating-windows-sysprep.adoc#virt-automating-windows-sysprep[Automate Windows VM deployments with `sysprep`]
\ No newline at end of file
+* link:https://docs.openshift.com/pipelines/latest/create/creating-applications-with-cicd-pipelines.html[Creating CI/CD solutions for applications using {pipelines-title}]
+* xref:../../virt/virtual_machines/creating_vms_custom/virt-creating-vms-uploading-images.adoc#virt-creating-windows-vm_virt-creating-vms-uploading-images[Creating a Windows VM]
\ No newline at end of file
diff --git a/virt/virtual_machines/virt-using-vtpm-devices.adoc b/virt/virtual_machines/virt-using-vtpm-devices.adoc
index 405186bfc913..b2692c0ddfba 100644
--- a/virt/virtual_machines/virt-using-vtpm-devices.adoc
+++ b/virt/virtual_machines/virt-using-vtpm-devices.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-using-vtpm-devices"]
 = Using virtual Trusted Platform Module devices
 include::_attributes/common-attributes.adoc[]
diff --git a/virt/virtual_machines/virt-viewing-qemu-guest-agent-web.adoc b/virt/virtual_machines/virt-viewing-qemu-guest-agent-web.adoc
deleted file mode 100644
index e962d2b855d9..000000000000
--- a/virt/virtual_machines/virt-viewing-qemu-guest-agent-web.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-viewing-qemu-guest-agent-web"]
-= Viewing the QEMU guest agent information for virtual machines
-include::_attributes/common-attributes.adoc[]
-:context: virt-viewing-qemu-guest-agent-web
-
-toc::[]
-
-When the QEMU guest agent runs on the virtual machine, you can use the web console to view information about the virtual machine, users, file systems, and secondary networks.
-
-If the QEMU guest agent is not installed, the *Overview* and the *Details* tabs display information about the operating system that was specified when the virtual machine was created.
-
-include::modules/virt-viewing-qemu-guest-agent-information-web.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc b/virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc
deleted file mode 100644
index 98d7833be919..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-cloning-a-datavolume-using-smart-cloning"]
-= Cloning a data volume using smart-cloning
-include::_attributes/common-attributes.adoc[]
-:context: virt-cloning-a-datavolume-using-smart-cloning
-
-toc::[]
-
-Smart-cloning is a built-in feature of {rh-storage-first}. Smart-cloning is faster and more efficient than host-assisted cloning.
-
-You do not need to perform any action to enable smart-cloning, but you need to ensure your storage environment is compatible with smart-cloning to use this feature.
-
-When you create a data volume with a persistent volume claim (PVC) source, you automatically initiate the cloning process. You always receive a clone of the data volume if your environment supports smart-cloning or not. However, you will only receive the performance benefits of smart cloning if your storage provider supports smart-cloning.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-about-smart-cloning.adoc[leveloffset=+1]
-
-include::modules/virt-cloning-a-datavolume.adoc[leveloffset=+1]
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../virt/virtual_machines/cloning_vms/virt-cloning-vm-disk-into-new-datavolume.adoc#virt-cloning-pvc-of-vm-disk-into-new-datavolume_virt-cloning-vm-disk-into-new-datavolume[Cloning the persistent volume claim of a virtual machine disk into a new data volume]
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configure preallocation mode] to improve write performance for data volume operations.
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile]
diff --git a/virt/virtual_machines/virtual_disks/virt-configuring-cdi-for-namespace-resourcequota.adoc b/virt/virtual_machines/virtual_disks/virt-configuring-cdi-for-namespace-resourcequota.adoc
deleted file mode 100644
index cb008d74c187..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-configuring-cdi-for-namespace-resourcequota.adoc
+++ /dev/null
@@ -1,19 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-cdi-for-namespace-resourcequota"]
-= Configuring CDI to work with namespaces that have a compute resource quota
-include::_attributes/common-attributes.adoc[]
-:context: virt-configuring-cdi-for-namespace-resourcequota
-
-toc::[]
-
-You can use the Containerized Data Importer (CDI) to import, upload, and clone virtual machine disks into namespaces that are subject to CPU and memory resource restrictions.
-
-include::modules/virt-about-cpu-and-memory-quota-namespace.adoc[leveloffset=+1]
-
-include::modules/virt-overriding-cpu-and-memory-defaults.adoc[leveloffset=+1]
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../applications/quotas/quotas-setting-per-project.adoc#quotas-setting-per-project[Resource quotas per project]
diff --git a/virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc b/virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
deleted file mode 100644
index d4b1ee048b66..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-local-storage-for-vms"]
-= Configuring local storage for virtual machines
-include::_attributes/common-attributes.adoc[]
-:context: virt-configuring-local-storage-for-vms
-
-toc::[]
-
-You can configure local storage for virtual machines by using the hostpath provisioner (HPP). 
-
-When you install the {VirtProductName} Operator, the Hostpath Provisioner (HPP) Operator is automatically installed. The HPP is a local storage provisioner designed for {VirtProductName} that is created by the Hostpath Provisioner Operator. To use the HPP, you must create an HPP custom resource (CR).
-
-include::modules/virt-creating-hpp-basic-storage-pool.adoc[leveloffset=+1]
-
-include::modules/virt-about-creating-storage-classes.adoc[leveloffset=+2]
-
-include::modules/virt-creating-storage-class-csi-driver.adoc[leveloffset=+2]
-
-include::modules/virt-about-storage-pools-pvc-templates.adoc[leveloffset=+1]
-
-include::modules/virt-creating-storage-pool-pvc-template.adoc[leveloffset=+2]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile]
diff --git a/virt/virtual_machines/virtual_disks/virt-configuring-shared-volumes-for-vms.adoc b/virt/virtual_machines/virtual_disks/virt-configuring-shared-volumes-for-vms.adoc
new file mode 100644
index 000000000000..bdab1a3f9c84
--- /dev/null
+++ b/virt/virtual_machines/virtual_disks/virt-configuring-shared-volumes-for-vms.adoc
@@ -0,0 +1,24 @@
+:_content-type: ASSEMBLY
+[id="virt-configuring-shared-volumes-for-vms"]
+= Configuring shared volumes for virtual machines
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-shared-volumes-for-vms
+toc::[]
+
+You can configure shared disks to allow multiple virtual machines (VMs) to share the same underlying storage. A shared disk's volume must be block mode.
+
+You configure disk sharing by exposing the storage as either of these types:
+
+* An ordinary virtual machine disk
+* A logical unit number (LUN) device with an iSCSi connection and raw device mapping, as required for Windows Failover Clustering for shared volumes
+
+include::modules/virt-configuring-vm-disk-sharing.adoc[leveloffset=+1]
+
+include::modules/virt-configuring-disk-sharing-lun.adoc[leveloffset=+1]
+
+include::modules/virt-enabling-persistentreservation-feature-gate.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://www.qemu.org/docs/master/interop/pr-helper.html[Persistent reservation helper protocol]
+* link:https://learn.microsoft.com/en-us/windows-server/failover-clustering/failover-clustering-overview[Failover Clustering in Windows Server and Azure Stack HCI]
\ No newline at end of file
diff --git a/virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc b/virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc
deleted file mode 100644
index b98dd719dce6..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc
+++ /dev/null
@@ -1,42 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-creating-data-volumes"]
-= Creating data volumes
-include::_attributes/common-attributes.adoc[]
-:context: virt-creating-data-volumes
-
-toc::[]
-
-You can create a data volume by using either the PVC or storage API.
-
-[IMPORTANT]
-====
-When using {VirtProductName} with {product-title} Container Storage, specify RBD block mode persistent volume claims (PVCs) when creating virtual machine disks. With virtual machine disks, RBD block mode volumes are more efficient and provide better performance than Ceph FS or RBD filesystem-mode PVCs.
-
-To specify RBD block mode PVCs, use the 'ocs-storagecluster-ceph-rbd' storage class and `VolumeMode: Block`.
-====
-
-[TIP]
-====
-Whenever possible, use the storage API to optimize space allocation and maximize performance.
-====
-
-A _storage profile_ is a custom resource that the CDI manages. It provides recommended storage settings based on the associated storage class. A storage profile is allocated for each storage class.
-
-Storage profiles enable you to create data volumes quickly while reducing coding and minimizing potential errors.
-
-For recognized storage types, the CDI provides values that optimize the creation of PVCs.  However, you can configure automatic settings for a storage class if you customize the storage profile.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-creating-data-volumes-using-storage-api.adoc[leveloffset=+1]
-
-include::modules/virt-creating-data-volumes-using-pvc-api.adoc[leveloffset=+1]
-
-include::modules/virt-customizing-storage-profile.adoc[leveloffset=+1]
-
-[id="additional-resources_creating-data-volumes-using-profiles"]
-[role="_additional-resources"]
-== Additional resources
-* xref:../../../virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc#virt-about-creating-storage-classes_virt-configuring-local-storage-for-vms[About creating storage classes]
-* xref:../../../virt/virtual_machines/virtual_disks/virt-reserving-pvc-space-fs-overhead.adoc#virt-overriding-default-fs-overhead-value_virt-reserving-pvc-space-fs-overhead[Overriding the default file system overhead value]
-* xref:../../../virt/virtual_machines/virtual_disks/virt-cloning-a-datavolume-using-smart-cloning.adoc#virt-cloning-a-datavolume-using-smart-cloning[Cloning a data volume using smart cloning]
diff --git a/virt/virtual_machines/virtual_disks/virt-expanding-virtual-storage-with-blank-disk-images.adoc b/virt/virtual_machines/virtual_disks/virt-expanding-virtual-storage-with-blank-disk-images.adoc
deleted file mode 100644
index 8c6778e71b36..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-expanding-virtual-storage-with-blank-disk-images.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-expanding-virtual-storage-with-blank-disk-images"]
-= Expanding virtual storage by adding blank disk images
-include::_attributes/common-attributes.adoc[]
-:context: virt-expanding-virtual-storage-with-blank-disk-images
-
-toc::[]
-
-You can increase your storage capacity or create new data partitions by adding
-blank disk images to {VirtProductName}.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-creating-blank-disk-datavolumes.adoc[leveloffset=+1]
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configure preallocation mode] to improve write performance for data volume operations.
diff --git a/virt/virtual_machines/virtual_disks/virt-expanding-vm-disk.adoc b/virt/virtual_machines/virtual_disks/virt-expanding-vm-disk.adoc
deleted file mode 100644
index d015a94ee86e..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-expanding-vm-disk.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-vm-disk-resizing"]
-= Expanding a virtual machine disk
-include::_attributes/common-attributes.adoc[]
-:context: virt-expanding-vm-disk
-
-toc::[]
-
-You can enlarge the size of a virtual machine's (VM) disk to provide a greater storage capacity by resizing the disk's persistent volume claim (PVC).
-
-However, you cannot reduce the size of a VM disk.
-
-include::modules/virt-enlarging-vm-disk.adoc[leveloffset=+1]
-
-[id="additional-resources_virt-vm-disk-resizing"]
-[role="_additional-resources"]
-== Additional resources
-
-* link:https://docs.microsoft.com/en-us/windows-server/storage/disk-management/extend-a-basic-volume[Extending a basic volume in Windows].
-* link:https://access.redhat.com/solutions/29095[Extending an existing file system partition without destroying data in Red Hat Enterprise Linux].
-* link:https://access.redhat.com/solutions/24770[Extending a logical volume and its file system online in Red Hat Enterprise Linux].
diff --git a/virt/virtual_machines/virtual_disks/virt-expanding-vm-disks.adoc b/virt/virtual_machines/virtual_disks/virt-expanding-vm-disks.adoc
new file mode 100644
index 000000000000..48aea01daf33
--- /dev/null
+++ b/virt/virtual_machines/virtual_disks/virt-expanding-vm-disks.adoc
@@ -0,0 +1,29 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-expanding-vm-disks"]
+= Expanding virtual machine disks
+include::_attributes/common-attributes.adoc[]
+:context: virt-expanding-vm-disks
+
+toc::[]
+
+You can increase the size of a virtual machine (VM) disk by expanding the persistent volume claim (PVC) of the disk.
+
+If your storage provider does not support volume expansion, you can expand the available virtual storage of a VM by adding blank data volumes.
+
+You cannot reduce the size of a VM disk.
+
+include::modules/virt-expanding-vm-disk-pvc.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources for volume expansion
+* link:https://docs.microsoft.com/en-us/windows-server/storage/disk-management/extend-a-basic-volume[Extending a basic volume in Windows]
+* link:https://access.redhat.com/solutions/29095[Extending an existing file system partition without destroying data in Red Hat Enterprise Linux]
+* link:https://access.redhat.com/solutions/24770[Extending a logical volume and its file system online in Red Hat Enterprise Linux]
+
+include::modules/virt-expanding-storage-with-data-volumes.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources for data volumes
+* xref:../../../virt/storage/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configuring preallocation mode for data volumes]
+* xref:../../../virt/storage/virt-managing-data-volume-annotations.adoc#virt-managing-data-volume-annotations[Managing data volume annotations]
+
diff --git a/virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc b/virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
index 1bfa4d5ef109..b1cc7bf6c810 100644
--- a/virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
+++ b/virt/virtual_machines/virtual_disks/virt-hot-plugging-virtual-disks.adoc
@@ -1,6 +1,6 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="virt-hot-plugging-virtual-disks"]
-= Hot plugging virtual disks
+= Hot-plugging VM disks
 include::_attributes/common-attributes.adoc[]
 :context: virt-hot-plugging-virtual-disks
 
@@ -8,14 +8,22 @@ toc::[]
 
 You can add or remove virtual disks without stopping your virtual machine (VM) or virtual machine instance (VMI).
 
-include::modules/virt-about-hot-plugging-virtual-disks.adoc[leveloffset=+1]
+Only data volumes and persistent volume claims (PVCs) can be hot plugged and hot-unplugged. You cannot hot plug or hot-unplug container disks.
 
-include::modules/virt-about-virtio-scsi.adoc[leveloffset=+1]
+A hot plugged disk remains to the VM even after reboot. You must detach the disk to remove it from the VM.
 
-include::modules/virt-hot-plugging-a-virtual-disk-using-the-cli.adoc[leveloffset=+1]
+You can make a hot plugged disk persistent so that it is permanently mounted on the VM.
+
+[NOTE]
+====
+Each VM has a `virtio-scsi` controller so that hot plugged disks can use the `scsi` bus. The `virtio-scsi` controller overcomes the limitations of `virtio` while retaining its performance advantages. It is highly scalable and supports hot plugging over 4 million disks.
+
+Regular `virtio` is not available for hot plugged disks because it is not scalable. Each `virtio` disk uses one of the limited PCI Express (PCIe) slots in the VM. PCIe slots are also used by other devices and must be reserved in advance. Therefore, slots might not be available on demand.
+====
+
+include::modules/virt-hot-plugging-disks-ui.adoc[leveloffset=+1]
+
+include::modules/virt-hot-plugging-disk-cli.adoc[leveloffset=+1]
 
-include::modules/virt-hot-unplugging-a-virtual-disk-using-the-cli.adoc[leveloffset=+1]
 
-include::modules/virt-hot-plugging-a-virtual-disk-using-the-web-console.adoc[leveloffset=+1]
 
-include::modules/virt-hot-unplugging-a-virtual-disk-using-the-web-console.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc b/virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
deleted file mode 100644
index be6cefbbab4a..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-managing-vm-snapshots.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-managing-vm-snapshots"]
-= Managing virtual machine snapshots
-include::_attributes/common-attributes.adoc[]
-:context: virt-managing-vm-snapshots
-
-toc::[]
-
-You can create and delete virtual machine (VM) snapshots for VMs, whether the VMs are powered off (offline) or on (online). You can only restore to a powered off (offline) VM. {VirtProductName} supports VM snapshots on the following:
-
-* {rh-storage-first}
-* Any other cloud storage provider with the Container Storage Interface (CSI) driver that supports the Kubernetes Volume Snapshot API
-
-Online snapshots have a default time deadline of five minutes (`5m`) that can be changed, if needed.
-
-[IMPORTANT]
-====
-Online snapshots are supported for virtual machines that have hot-plugged virtual disks. However, hot-plugged disks that are not in the virtual machine specification are not included in the snapshot.
-====
-
-[NOTE]
-====
-To create snapshots of an online (Running state) VM with the highest integrity, install the QEMU guest agent.
-
-The QEMU guest agent takes a consistent snapshot by attempting to quiesce the VM file system as much as possible, depending on the system workload. This ensures that in-flight I/O is written to the disk before the snapshot is taken. If the guest agent is not present, quiescing is not possible and a best-effort snapshot is taken. The conditions under which the snapshot was taken are reflected in the snapshot indications that are displayed in the web console or CLI.
-====
-
-include::modules/virt-about-vm-snapshots.adoc[leveloffset=+1]
-
-include::modules/virt-installing-qemu-guest-agent-on-linux-vm.adoc[leveloffset=+1]
-
-include::modules/virt-installing-qemu-guest-agent-on-windows-vm.adoc[leveloffset=+1]
-
-include::modules/virt-installing-virtio-drivers-existing-windows.adoc[leveloffset=+2]
-
-include::modules/virt-updating-virtio-drivers-windows.adoc[leveloffset=+2]
-
-include::modules/virt-creating-vm-snapshot-web.adoc[leveloffset=+1]
-
-include::modules/virt-creating-vm-snapshot-cli.adoc[leveloffset=+1]
-
-include::modules/virt-verifying-online-snapshot-creation-with-snapshot-indications.adoc[leveloffset=+1]
-
-include::modules/virt-restoring-vm-from-snapshot-web.adoc[leveloffset=+1]
-
-include::modules/virt-restoring-vm-from-snapshot-cli.adoc[leveloffset=+1]
-
-include::modules/virt-deleting-vm-snapshot-web.adoc[leveloffset=+1]
-
-include::modules/virt-deleting-vm-snapshot-cli.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots[CSI Volume Snapshots]
diff --git a/virt/virtual_machines/virtual_disks/virt-moving-local-vm-disk-to-different-node.adoc b/virt/virtual_machines/virtual_disks/virt-moving-local-vm-disk-to-different-node.adoc
deleted file mode 100644
index 430ba2be66e9..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-moving-local-vm-disk-to-different-node.adoc
+++ /dev/null
@@ -1,28 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-moving-local-vm-disk-to-different-node"]
-= Moving a local virtual machine disk to a different node
-include::_attributes/common-attributes.adoc[]
-:context: virt-moving-local-vm-disk-to-different-node
-
-toc::[]
-
-Virtual machines that use local volume storage can be moved so that they run on a specific node.
-
-You might want to move the virtual machine to a specific node for the following reasons:
-
-* The current node has limitations to the local storage configuration.
-* The new node is better optimized for the workload of that virtual machine.
-
-To move a virtual machine that uses local storage, you must clone the underlying volume by using a data volume. After the cloning operation is complete, you can xref:../../../virt/virtual_machines/virt-edit-vms.adoc#virt-edit-vms[edit the virtual machine configuration] so that it uses the new data volume, or xref:../../../virt/virtual_machines/virt-edit-vms.adoc#virt-add-disk-to-vm_virt-edit-vms[add the new data volume to another virtual machine].
-
-[TIP]
-====
-When you enable preallocation globally, or for a single data volume, the Containerized Data Importer (CDI) preallocates disk space during cloning. Preallocation enhances write performance. For more information, see xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Using preallocation for data volumes].
-====
-
-[NOTE]
-====
-Users without the `cluster-admin` role require xref:../../../virt/virtual_machines/cloning_vms/virt-enabling-user-permissions-to-clone-datavolumes.adoc#virt-enabling-user-permissions-to-clone-datavolumes[additional user permissions] to clone volumes across namespaces.
-====
-
-include::modules/virt-cloning-local-volume-to-another-node.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc b/virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
deleted file mode 100644
index 09466da7609a..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-preparing-cdi-scratch-space"]
-= Preparing CDI scratch space
-include::_attributes/common-attributes.adoc[]
-:context: virt-preparing-cdi-scratch-space
-
-toc::[]
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-about-scratch-space.adoc[leveloffset=+1]
-
-include::modules/virt-operations-requiring-scratch-space.adoc[leveloffset=+1]
-
-include::modules/virt-defining-storageclass.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-[id="{context}-additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../storage/dynamic-provisioning.adoc#about_dynamic-provisioning[Dynamic provisioning]
diff --git a/virt/virtual_machines/virtual_disks/virt-reserving-pvc-space-fs-overhead.adoc b/virt/virtual_machines/virtual_disks/virt-reserving-pvc-space-fs-overhead.adoc
deleted file mode 100644
index ebbdf341c73e..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-reserving-pvc-space-fs-overhead.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-reserving-pvc-space-fs-overhead"]
-= Reserving PVC space for file system overhead
-include::_attributes/common-attributes.adoc[]
-:context: virt-reserving-pvc-space-fs-overhead
-
-toc::[]
-
-By default, the {VirtProductName} reserves space for file system overhead data in persistent volume claims (PVCs) that use the `Filesystem` volume mode. You can set the percentage to reserve space for this purpose globally and for specific storage classes.
-
-include::modules/virt-how-fs-overhead-affects-space-vm-disks.adoc[leveloffset=+1]
-
-include::modules/virt-overriding-default-fs-overhead-value.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/virtual_disks/virt-reusing-statically-provisioned-persistent-volumes.adoc b/virt/virtual_machines/virtual_disks/virt-reusing-statically-provisioned-persistent-volumes.adoc
deleted file mode 100644
index 7cd1a97a5b26..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-reusing-statically-provisioned-persistent-volumes.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-reusing-persistent-volumes"]
-= Re-using persistent volumes
-include::_attributes/common-attributes.adoc[]
-:context: virt-reusing-statically-provisioned-persistent-volumes
-
-toc::[]
-
-To re-use a statically provisioned persistent volume (PV), you must first reclaim the volume.
-This involves deleting the PV so that the storage configuration can be re-used.
-
-include::modules/virt-about-reclaiming-statically-provisioned-persistent-volumes.adoc[leveloffset=+1]
-include::modules/virt-reclaiming-statically-provisioned-persistent-volumes.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-configuring-local-storage-for-vms.adoc#virt-configuring-local-storage-for-vms[Configuring local storage for virtual machines]
-
-* The {product-title} Storage documentation has more information on xref:../../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[Persistent Storage].
diff --git a/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc b/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
deleted file mode 100644
index ad1b9b737386..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-block.adoc
+++ /dev/null
@@ -1,42 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-uploading-local-disk-images-block"]
-= Uploading a local disk image to a block storage persistent volume claim
-include::_attributes/common-attributes.adoc[]
-:context: virt-uploading-local-disk-images-block
-
-toc::[]
-
-You can upload a local disk image into a block persistent volume claim (PVC) by using the
-`virtctl` command-line utility.
-
-In this workflow, you create a local block device to use as a persistent volume,
-associate this block volume with an `upload` data volume, and use `virtctl`
-to upload the local disk image into the PVC.
-
-== Prerequisites
-
-* xref:../../../virt/getting_started/virt-using-the-cli-tools.adoc#installing-virtctl_virt-using-the-cli-tools[Install `virtctl`].
-
-* You might need to xref:../../../virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc#virt-defining-storageclass_virt-preparing-cdi-scratch-space[define a storage class or prepare CDI scratch space]
-for this operation to complete successfully.
-
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-about-block-pvs.adoc[leveloffset=+1]
-
-include::modules/virt-creating-local-block-pv.adoc[leveloffset=+1]
-
-include::modules/virt-creating-an-upload-dv.adoc[leveloffset=+1]
-
-include::modules/virt-uploading-local-disk-image-dv.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-:blockstorage!:
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configure preallocation mode] to improve write performance for data volume operations.
diff --git a/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-virtctl.adoc b/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-virtctl.adoc
deleted file mode 100644
index 61079cf2eb02..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-virtctl.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-uploading-local-disk-images-virtctl"]
-= Uploading local disk images by using the virtctl tool
-include::_attributes/common-attributes.adoc[]
-:context: virt-uploading-local-disk-images-virtctl
-
-toc::[]
-
-You can upload a locally stored disk image to a new or existing persistent volume claim (PVC) by using the `virtctl` command-line utility.
-
-== Prerequisites
-
-* xref:../../../virt/getting_started/virt-using-the-cli-tools.adoc#installing-virtctl_virt-using-the-cli-tools[Install `virtctl`].
-
-* You might need to xref:../../../virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc#virt-defining-storageclass_virt-preparing-cdi-scratch-space[define a storage class or prepare CDI scratch space]
-for this operation to complete successfully.
-
-include::modules/virt-about-datavolumes.adoc[leveloffset=+1]
-
-include::modules/virt-creating-an-upload-dv.adoc[leveloffset=+1]
-
-include::modules/virt-uploading-local-disk-image-dv.adoc[leveloffset=+1]
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configure preallocation mode] to improve write performance for data volume operations.
diff --git a/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-web.adoc b/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-web.adoc
deleted file mode 100644
index 10cc2c14cffd..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-web.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-uploading-local-disk-images-web"]
-= Uploading local disk images by using the web console
-include::_attributes/common-attributes.adoc[]
-:context: virt-uploading-local-disk-images-web
-
-toc::[]
-
-You can upload a locally stored disk image file by using the web console.
-
-== Prerequisites
-
-* You must have a virtual machine image file in IMG, ISO, or QCOW2 format.
-
-* If you require scratch space according to the
-xref:../../../virt/virtual_machines/virtual_disks/virt-uploading-local-disk-images-web.adoc#virt-cdi-supported-operations-matrix_virt-uploading-local-disk-images-web[CDI supported operations matrix], you must first
-xref:../../../virt/virtual_machines/virtual_disks/virt-preparing-cdi-scratch-space.adoc#virt-defining-storageclass_virt-preparing-cdi-scratch-space[define a storage class or prepare CDI scratch space]
-for this operation to complete successfully.
-
-include::modules/virt-cdi-supported-operations-matrix.adoc[leveloffset=+1]
-
-include::modules/virt-uploading-image-web.adoc[leveloffset=+1]
-
-[id="{context}_additional-resources"]
-[role="_additional-resources"]
-== Additional resources
-
-* xref:../../../virt/virtual_machines/virtual_disks/virt-using-preallocation-for-datavolumes.adoc#virt-using-preallocation-for-datavolumes[Configure preallocation mode] to improve write performance for data volume operations.
-
diff --git a/virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc b/virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc
deleted file mode 100644
index be5dcd3a412c..000000000000
--- a/virt/virtual_machines/virtual_disks/virt-using-container-disks-with-vms.adoc
+++ /dev/null
@@ -1,30 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-using-container-disks-with-vms"]
-= Using container disks with virtual machines
-include::_attributes/common-attributes.adoc[]
-:context: virt-using-container-disks-with-vms
-
-toc::[]
-
-You can build a virtual machine image into a container disk and store it in your container registry. You can then import the container disk into persistent storage for a virtual machine or attach it directly to the virtual machine for ephemeral storage.
-
-[IMPORTANT]
-====
-If you use large container disks, I/O traffic might increase, impacting worker nodes. This can lead to unavailable nodes. You can resolve this by:
-
-* xref:../../../applications/pruning-objects.adoc#pruning-deployments_pruning-objects[Pruning `DeploymentConfig` objects]
-* xref:../../../nodes/nodes/nodes-nodes-garbage-collection.adoc#nodes-nodes-garbage-collection-configuring_nodes-nodes-configuring[Configuring garbage collection]
-====
-
-include::modules/virt-about-container-disks.adoc[leveloffset=+1]
-include::modules/virt-preparing-container-disk-for-vms.adoc[leveloffset=+1]
-
-If your container registry does not have TLS you must add it as an insecure registry before you can import container disks into persistent storage.
-
-include::modules/virt-disabling-tls-for-registry.adoc[leveloffset=+1]
-
-== Next steps
-
-* xref:../../../virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes.adoc#virt-importing-virtual-machine-images-datavolumes[Import the container disk into persistent storage for a virtual machine].
-* xref:../../../virt/virtual_machines/virt-create-vms.adoc#virt-create-vms[Create a virtual machine] that uses
-a `containerDisk` volume for ephemeral storage.
diff --git a/virt/virtual_machines/vm_networking/images b/virt/virtual_machines/vm_networking/images
deleted file mode 120000
index 4dd3347de19a..000000000000
--- a/virt/virtual_machines/vm_networking/images
+++ /dev/null
@@ -1 +0,0 @@
-../../../images
\ No newline at end of file
diff --git a/virt/virtual_machines/vm_networking/modules b/virt/virtual_machines/vm_networking/modules
deleted file mode 120000
index 5be29a99c161..000000000000
--- a/virt/virtual_machines/vm_networking/modules
+++ /dev/null
@@ -1 +0,0 @@
-../../../modules
\ No newline at end of file
diff --git a/virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc b/virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
deleted file mode 100644
index 94d9a033f1ab..000000000000
--- a/virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-accessing-vm-secondary-network-fqdn"]
-= Accessing a virtual machine on a secondary network by using the cluster domain name
-include::_attributes/common-attributes.adoc[]
-:context: virt-accessing-vm-secondary-network-fqdn
-
-toc::[]
-
-You can access a virtual machine (VM) that is attached to a secondary network interface from outside the cluster by using the fully qualified domain name (FQDN) of the cluster.
-
-:FeatureName: Accessing VMs by using the cluster FQDN
-include::snippets/technology-preview.adoc[]
-
-include::modules/virt-configuring-secondary-dns-server.adoc[leveloffset=+1]
-
-include::modules/virt-connecting-vm-secondarynw-using-fqdn.adoc[leveloffset=+1]
-
-
-[role="_additional-resources"]
-[id="additional-resources_accessing-vm-secondary-network-fqdn"]
-== Additional resources
-* xref:../../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc#configuring-ingress-cluster-traffic-load-balancer[Configuring ingress cluster traffic using a load balancer]
-* xref:../../../networking/metallb/about-metallb.adoc#about-metallb[Load balancing with MetalLB]
-* xref:../../../virt/virtual_machines/vm_networking/virt-configuring-ip-for-vms.adoc#virt-configuring-ip-for-vms[Configuring IP addresses for virtual machines]
diff --git a/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc b/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
deleted file mode 100644
index de26f977f5b1..000000000000
--- a/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.adoc
+++ /dev/null
@@ -1,52 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-attaching-vm-multiple-networks"]
-= Connecting a virtual machine to a Linux bridge network
-include::_attributes/common-attributes.adoc[]
-:context: virt-attaching-vm-multiple-networks
-
-toc::[]
-
-By default, {VirtProductName} is installed with a single, internal pod network.
-
-You must create a Linux bridge network attachment definition (NAD) in order to connect to additional networks.
-
-To attach a virtual machine to an additional network:
-
-. Create a Linux bridge node network configuration policy.
-. Create a Linux bridge network attachment definition.
-. Configure the virtual machine, enabling the virtual machine to recognize the network attachment definition.
-
-For more information about scheduling, interface types, and other node networking activities,
-see the xref:../../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#k8s-nmstate-updating-node-network-config[node networking]
-section.
-
-[id="virt-connecting-network-through-nad"]
-== Connecting to the network through the network attachment definition
-
-include::modules/virt-creating-linux-bridge-nncp.adoc[leveloffset=+2]
-
-[id="virt-creating-linux-bridge-network-attachment-definition"]
-== Creating a Linux bridge network attachment definition
-
-[WARNING]
-====
-Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
-====
-
-include::modules/virt-creating-bridge-nad-web.adoc[leveloffset=+2]
-
-include::modules/virt-creating-bridge-nad-cli.adoc[leveloffset=+2]
-
-[id="virt-configuring-vm-for-linux-bridge-network"]
-== Configuring the virtual machine for a Linux bridge network
-
-include::modules/virt-vm-creating-nic-web.adoc[leveloffset=+2]
-
-include::modules/virt-networking-wizard-fields-web.adoc[leveloffset=+2]
-
-include::modules/virt-attaching-vm-secondary-network-cli.adoc[leveloffset=+2]
-
-[id="next-steps_virt-attaching-vm-multiple-networks"]
-== Next steps
-
-* xref:../../../virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc#virt-accessing-vm-secondary-network-fqdn[Accessing a virtual machine on a secondary network by using the cluster domain name]
\ No newline at end of file
diff --git a/virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc b/virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
deleted file mode 100644
index 3d7ccb6d6ca5..000000000000
--- a/virt/virtual_machines/vm_networking/virt-attaching-vm-to-sriov-network.adoc
+++ /dev/null
@@ -1,50 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-attaching-vm-to-sriov-network"]
-= Connecting a virtual machine to an SR-IOV network
-include::_attributes/common-attributes.adoc[]
-:context: virt-attaching-vm-to-sriov-network
-
-toc::[]
-
-You can connect a virtual machine (VM) to a Single Root I/O Virtualization (SR-IOV) network by performing the following steps:
-
-. Configure an SR-IOV network device.
-. Configure an SR-IOV network.
-. Connect the VM to the SR-IOV network.
-
-[id='prerequisites-connecting-vm-to-sriov-network_{context}']
-== Prerequisites
-
-* You must have xref:../../../scalability_and_performance/ztp_far_edge/ztp-reference-cluster-configuration-for-vdu.adoc#ztp-du-configuring-host-firmware-requirements_sno-configure-for-vdu[enabled global SR-IOV and VT-d settings in the firmware for the host].
-* You must have xref:../../../networking/hardware_networks/installing-sriov-operator.adoc#installing-sriov-operator[installed the SR-IOV Network Operator].
-
-include::modules/nw-sriov-configuring-device.adoc[leveloffset=+1]
-
-include::modules/nw-sriov-network-attachment.adoc[leveloffset=+1]
-
-include::modules/virt-attaching-vm-to-sriov-network.adoc[leveloffset=+1]
-
-include::modules/virt-configuring-cluster-dpdk.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../../scalability_and_performance/using-cpu-manager.adoc#using-cpu-manager[Using CPU Manager and Topology Manager]
-* xref:../../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc#configuring-huge-pages_huge-pages[Configuring huge pages]
-* link:https://access.redhat.com/solutions/5688941[Creating a custom machine config pool]
-
-include::modules/virt-configuring-vm-project-dpdk.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../../applications/projects/working-with-projects.adoc#working-with-projects[Working with projects]
-* xref:../../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-measuring-latency-vm-secondary-network_virt-running-cluster-checkups[Virtual machine latency checkup]
-* xref:../../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-checking-cluster-dpdk-readiness_virt-running-cluster-checkups[DPDK checkup]
-
-include::modules/virt-configuring-vm-dpdk.adoc[leveloffset=+1]
-
-
-[id="next-steps_virt-attaching-vm-to-sriov-network"]
-== Next steps
-
-* xref:../../../virt/virtual_machines/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc#virt-accessing-vm-secondary-network-fqdn[Accessing a virtual machine on a secondary network by using the cluster domain name]
-
diff --git a/virt/virtual_machines/vm_networking/virt-configuring-ip-for-vms.adoc b/virt/virtual_machines/vm_networking/virt-configuring-ip-for-vms.adoc
deleted file mode 100644
index 0c115227eb0a..000000000000
--- a/virt/virtual_machines/vm_networking/virt-configuring-ip-for-vms.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-configuring-ip-for-vms"]
-= Configuring IP addresses for virtual machines
-include::_attributes/common-attributes.adoc[]
-:context: virt-configuring-ip-for-vms
-
-toc::[]
-
-You can configure static and dynamic IP addresses for virtual machines.
-
-include::modules/virt-configuring-ip-for-new-vm-cloud-init.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/vm_networking/virt-connecting-vm-to-service-mesh.adoc b/virt/virtual_machines/vm_networking/virt-connecting-vm-to-service-mesh.adoc
deleted file mode 100644
index 4a74e0eb9196..000000000000
--- a/virt/virtual_machines/vm_networking/virt-connecting-vm-to-service-mesh.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-connecting-vm-to-service-mesh"]
-= Connecting a virtual machine to a service mesh
-include::_attributes/common-attributes.adoc[]
-:context: virt-connecting-vm-to-service-mesh
-
-toc::[]
-
-{VirtProductName} is now integrated with OpenShift Service Mesh. You can monitor, visualize, and control traffic between pods that run virtual machine workloads on the default pod network with IPv4.
-
-== Prerequisites
-
-* You must have xref:../../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[installed the Service Mesh Operator] and xref:../../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-create-smcp[deployed the service mesh control plane].
-
-* You must have added the namespace where the virtual machine is created to the xref:../../../service_mesh/v2x/ossm-create-mesh.adoc#ossm-create-mesh[service mesh member roll].
-
-* You must use the `masquerade` binding method for the default pod network.
-
-
-include::modules/virt-adding-vm-to-service-mesh.adoc[leveloffset=+1]
diff --git a/virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc b/virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc
deleted file mode 100644
index e00fd1294e3a..000000000000
--- a/virt/virtual_machines/vm_networking/virt-creating-service-vm.adoc
+++ /dev/null
@@ -1,27 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-creating-service-vm"]
-= Creating a service to expose a virtual machine
-include::_attributes/common-attributes.adoc[]
-:context: virt-creating-service-vm
-
-toc::[]
-
-You can expose a virtual machine within the cluster or outside the cluster by using a `Service` object.
-
-include::modules/virt-about-services.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../../networking/metallb/metallb-operator-install.adoc#metallb-operator-install[Installing the MetalLB Operator]
-* xref:../../../networking/metallb/metallb-configure-services.adoc#metallb-configure-services[Configuring services to use MetalLB]
-
-include::modules/virt-dual-stack-support-services.adoc[leveloffset=+1]
-
-include::modules/virt-creating-a-service-from-a-virtual-machine.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-[id="additional-resources_creating-service-vm"]
-== Additional resources
-* xref:../../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#configuring-ingress-cluster-traffic-nodeport[Configuring ingress cluster traffic using a NodePort]
-* xref:../../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc#configuring-ingress-cluster-traffic-load-balancer[Configuring ingress cluster traffic using a load balancer]
-* xref:../../../virt/getting_started/virt-web-console-overview.adoc#ui-virtualmachine-details-details[Web console overview]
diff --git a/virt/virtual_machines/vm_networking/virt-using-mac-address-pool-for-vms.adoc b/virt/virtual_machines/vm_networking/virt-using-mac-address-pool-for-vms.adoc
deleted file mode 100644
index ca5d5138dad4..000000000000
--- a/virt/virtual_machines/vm_networking/virt-using-mac-address-pool-for-vms.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-using-mac-address-pool-for-vms"]
-= Using a MAC address pool for virtual machines
-include::_attributes/common-attributes.adoc[]
-:context: virt-using-mac-address-pool-for-vms
-
-toc::[]
-
-The _KubeMacPool_ component provides a MAC address pool service for virtual machine NICs in a namespace.
-
-include::modules/virt-about-kubemacpool.adoc[leveloffset=+1]
-
-include::modules/virt-disabling-mac-address-pool-for-namespace-cli.adoc[leveloffset=+1]
-
-include::modules/virt-reenabling-mac-address-pool-for-namespace-cli.adoc[leveloffset=+1]
-
diff --git a/virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc b/virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc
deleted file mode 100644
index 99c5e47d13da..000000000000
--- a/virt/virtual_machines/vm_networking/virt-using-the-default-pod-network-with-virt.adoc
+++ /dev/null
@@ -1,25 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-using-the-default-pod-network-with-virt"]
-= Configuring the virtual machine for the default pod network
-include::_attributes/common-attributes.adoc[]
-:context: virt-using-the-default-pod-network-with-virt
-
-toc::[]
-
-You can connect a virtual machine to the default internal pod network by configuring its network interface to use the `masquerade` binding mode.
-
-[NOTE]
-====
-Traffic on the virtual Network Interface Cards (vNICs) that are attached to the default pod network is interrupted during live migration.
-====
-
-include::modules/virt-configuring-masquerade-mode-cli.adoc[leveloffset=+1]
-
-include::modules/virt-configuring-masquerade-mode-dual-stack.adoc[leveloffset=+1]
-
-include::modules/virt-jumbo-frames-vm-pod-nw.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../../networking/changing-cluster-network-mtu.adoc#changing-cluster-network-mtu[Changing the MTU for the cluster network]
-* xref:../../../scalability_and_performance/optimization/optimizing-networking.adoc#optimizing-mtu_optimizing-networking[Optimizing the MTU for your network]
diff --git a/virt/virtual_machines/vm_networking/virt-viewing-ip-of-vm-nic.adoc b/virt/virtual_machines/vm_networking/virt-viewing-ip-of-vm-nic.adoc
deleted file mode 100644
index 64e19243ee05..000000000000
--- a/virt/virtual_machines/vm_networking/virt-viewing-ip-of-vm-nic.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-viewing-ip-of-vm-nic"]
-= Viewing the IP address of NICs on a virtual machine
-include::_attributes/common-attributes.adoc[]
-:context: virt-viewing-ip-of-vm-vnic
-
-toc::[]
-
-You can view the IP address for a network interface controller (NIC) by using the web console or the `oc` client. The xref:../../../virt/virtual_machines/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[QEMU guest agent] displays additional information about the virtual machine's secondary networks.
-
-[id="prerequisites_virt-viewing-ip-of-vm-vnic"]
-== Prerequisites
-* Install the QEMU guest agent on the virtual machine.
-
-include::modules/virt-viewing-vmi-ip-cli.adoc[leveloffset=+1]
-include::modules/virt-viewing-vmi-ip-web.adoc[leveloffset=+1]
diff --git a/virt/vm_networking/_attributes b/virt/vm_networking/_attributes
new file mode 120000
index 000000000000..20cc1dcb77bf
--- /dev/null
+++ b/virt/vm_networking/_attributes
@@ -0,0 +1 @@
+../../_attributes/
\ No newline at end of file
diff --git a/virt/vm_networking/images b/virt/vm_networking/images
new file mode 120000
index 000000000000..847b03ed0541
--- /dev/null
+++ b/virt/vm_networking/images
@@ -0,0 +1 @@
+../../images/
\ No newline at end of file
diff --git a/virt/vm_networking/modules b/virt/vm_networking/modules
new file mode 120000
index 000000000000..36719b9de743
--- /dev/null
+++ b/virt/vm_networking/modules
@@ -0,0 +1 @@
+../../modules/
\ No newline at end of file
diff --git a/virt/vm_networking/snippets b/virt/vm_networking/snippets
new file mode 120000
index 000000000000..5a3f5add140e
--- /dev/null
+++ b/virt/vm_networking/snippets
@@ -0,0 +1 @@
+../../snippets/
\ No newline at end of file
diff --git a/virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc b/virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
new file mode 100644
index 000000000000..317f418937f4
--- /dev/null
+++ b/virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc
@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-accessing-vm-secondary-network-fqdn"]
+= Accessing a virtual machine by using the cluster FQDN
+include::_attributes/common-attributes.adoc[]
+:context: virt-accessing-vm-secondary-network-fqdn
+
+toc::[]
+
+You can access a virtual machine (VM) that is attached to a secondary network interface from outside the cluster by using the fully qualified domain name (FQDN) of the cluster.
+
+:FeatureName: Accessing VMs by using the cluster FQDN
+include::snippets/technology-preview.adoc[]
+
+include::modules/virt-configuring-secondary-dns-server.adoc[leveloffset=+1]
+
+include::modules/virt-connecting-vm-secondarynw-using-fqdn.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_accessing-vm-secondary-network-fqdn"]
+== Additional resources
+* xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc#configuring-ingress-cluster-traffic-load-balancer[Configuring ingress cluster traffic using a load balancer]
+* xref:../../networking/metallb/about-metallb.adoc#about-metallb[Load balancing with MetalLB]
+* xref:../../virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc#configuring-ips_virt-configuring-viewing-ips-for-vms[Configuring IP addresses for virtual machines]
diff --git a/virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc b/virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc
new file mode 100644
index 000000000000..306093d7c053
--- /dev/null
+++ b/virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc
@@ -0,0 +1,41 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-configuring-viewing-ips-for-vms"]
+= Configuring and viewing IP addresses
+include::_attributes/common-attributes.adoc[]
+:context: virt-configuring-viewing-ips-for-vms
+
+toc::[]
+
+You can configure an IP address when you create a virtual machine (VM). The IP address is provisioned with cloud-init.
+
+You can view the IP address of a VM by using the {product-title} web console or the command line. The network information is collected by the QEMU guest agent.
+
+[id="configuring-ips_virt-configuring-viewing-ips-for-vms"]
+== Configuring IP addresses for virtual machines
+
+You can configure a static IP address when you create a virtual machine (VM) by using the web console or the command line.
+
+You can configure a dynamic IP address when you create a VM by using the command line.
+
+The IP address is provisioned with cloud-init.
+
+// Commenting this out until bug is fixed. https://bugzilla.redhat.com/show_bug.cgi?id=2217541
+// include::modules/virt-configuring-ip-vm-web.adoc[leveloffset=+2]
+
+include::modules/virt-configuring-ip-vm-cli.adoc[leveloffset=+2]
+
+[id="viewing-ips_virt-configuring-viewing-ips-for-vms"]
+== Viewing IP addresses of virtual machines
+
+You can view the IP address of a VM by using the {product-title} web console or the command line.
+
+The network information is collected by the QEMU guest agent.
+
+include::modules/virt-viewing-vmi-ip-web.adoc[leveloffset=+2]
+
+include::modules/virt-viewing-vmi-ip-cli.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-configuring-viewing-ips-for-vms"]
+== Additional resources
+* xref:../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[Installing the QEMU guest agent]
\ No newline at end of file
diff --git a/virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc b/virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc
new file mode 100644
index 000000000000..7359cdaa138b
--- /dev/null
+++ b/virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-connecting-vm-to-default-pod-network"]
+= Connecting a virtual machine to the default pod network
+include::_attributes/common-attributes.adoc[]
+:context: virt-connecting-vm-to-default-pod-network
+
+toc::[]
+
+You can connect a virtual machine to the default internal pod network by configuring its network interface to use the `masquerade` binding mode.
+
+[NOTE]
+====
+Traffic passing through network interfaces to the default pod network is interrupted during live migration.
+====
+
+include::modules/virt-configuring-masquerade-mode-cli.adoc[leveloffset=+1]
+
+include::modules/virt-configuring-masquerade-mode-dual-stack.adoc[leveloffset=+1]
+
+// TO DO: This should be moved to an optimization section
+include::modules/virt-jumbo-frames-vm-pod-nw.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-connecting-vm-to-default-pod-network"]
+== Additional resources
+* xref:../../networking/changing-cluster-network-mtu.adoc#changing-cluster-network-mtu[Changing the MTU for the cluster network]
+* xref:../../scalability_and_performance/optimization/optimizing-networking.adoc#optimizing-mtu_optimizing-networking[Optimizing the MTU for your network]
diff --git a/virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc b/virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
new file mode 100644
index 000000000000..8394fb79f7c1
--- /dev/null
+++ b/virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-connecting-vm-to-linux-bridge"]
+= Connecting a virtual machine to a Linux bridge network
+include::_attributes/common-attributes.adoc[]
+:context: virt-connecting-vm-to-linux-bridge
+
+toc::[]
+
+By default, {VirtProductName} is installed with a single, internal pod network.
+
+You can create a Linux bridge network and attach a virtual machine (VM) to the network by performing the following steps:
+
+. xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-creating-linux-bridge-nncp_virt-connecting-vm-to-linux-bridge[Create a Linux bridge node network configuration policy (NNCP)].
+. Create a Linux bridge network attachment definition (NAD) by using the xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-creating-linux-bridge-nad-web_virt-connecting-vm-to-linux-bridge[web console] or the xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-creating-linux-bridge-nad-cli_virt-connecting-vm-to-linux-bridge[command line].
+. Configure the VM to recognize the NAD by using the xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-vm-creating-nic-web_virt-connecting-vm-to-linux-bridge[web console] or the xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-attaching-vm-secondary-network-cli_virt-connecting-vm-to-linux-bridge[command line].
+
+include::modules/virt-creating-linux-bridge-nncp.adoc[leveloffset=+1]
+
+[id="creating-linux-bridge-nad"]
+== Creating a Linux bridge NAD
+
+You can create a Linux bridge network attachment definition (NAD) by using the {product-title} web console or command line.
+
+include::modules/virt-creating-linux-bridge-nad-web.adoc[leveloffset=+2]
+
+include::modules/virt-creating-linux-bridge-nad-cli.adoc[leveloffset=+2]
+
+[id="configuring-vm-network-interface"]
+== Configuring a VM network interface
+
+You can configure a virtual machine (VM) network interface by using the {product-title} web console or command line.
+
+include::modules/virt-vm-creating-nic-web.adoc[leveloffset=+2]
+
+[discrete]
+include::modules/virt-networking-wizard-fields-web.adoc[leveloffset=+3]
+
+include::modules/virt-attaching-vm-secondary-network-cli.adoc[leveloffset=+2]
diff --git a/virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc b/virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc
new file mode 100644
index 000000000000..d39ef7734324
--- /dev/null
+++ b/virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc
@@ -0,0 +1,41 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-connecting-vm-to-ovn-secondary-network"]
+= Connecting a virtual machine to an OVN-Kubernetes secondary network
+include::_attributes/common-attributes.adoc[]
+:context: virt-connecting-vm-to-ovn-secondary-network
+
+toc::[]
+
+You can connect a virtual machine (VM) to an Open Virtual Network (OVN)-Kubernetes secondary network. The OVN-Kubernetes Container Network Interface (CNI) plug-in uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes.
+
+{VirtProductName} currently supports the flat layer 2 topology. This topology connects workloads by a cluster-wide logical switch. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.
+
+To configure an OVN-Kubernetes secondary network and attach a VM to that network, perform the following steps:
+
+. Create a network attachment definition (NAD) by using the web console or the xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#virt-creating-layer2-nad-cli_virt-connecting-vm-to-ovn-secondary-network[CLI].
+
+. Add information about the secondary network interface to the VM specification by using the web console or the xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#virt-attaching-vm-to-ovn-secondary-nw-cli_virt-connecting-vm-to-ovn-secondary-network[CLI].
+
+[id="creating-ovn-layer2-nad"]
+== Creating an OVN-Kubernetes NAD
+
+You can create an OVN-Kubernetes flat layer 2 network attachment definition (NAD) by using the {product-title} web console or the CLI.
+
+[NOTE]
+====
+Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
+====
+
+include::modules/virt-creating-layer2-nad-cli.adoc[leveloffset=+2]
+
+[id="attaching-vm-to-ovn-secondary-nw"]
+== Attaching a virtual machine to the OVN-Kubernetes secondary network
+
+You can attach a virtual machine (VM) to the OVN-Kubernetes secondary network interface by using the {product-title} web console or the CLI.
+
+include::modules/virt-attaching-vm-to-ovn-secondary-nw-cli.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-connecting-vm-to-ovn-secondary-network"]
+== Additional resources
+* xref:../../networking/multiple_networks/configuring-additional-network.adoc#configuration-ovnk-additional-networks_configuring-additional-network[Configuration for an OVN-Kubernetes additional network]
\ No newline at end of file
diff --git a/virt/vm_networking/virt-connecting-vm-to-service-mesh.adoc b/virt/vm_networking/virt-connecting-vm-to-service-mesh.adoc
new file mode 100644
index 000000000000..c7ae2e3a5b52
--- /dev/null
+++ b/virt/vm_networking/virt-connecting-vm-to-service-mesh.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-connecting-vm-to-service-mesh"]
+= Connecting a virtual machine to a service mesh
+include::_attributes/common-attributes.adoc[]
+:context: virt-connecting-vm-to-service-mesh
+
+toc::[]
+
+{VirtProductName} is now integrated with OpenShift Service Mesh. You can monitor, visualize, and control traffic between pods that run virtual machine workloads on the default pod network with IPv4.
+
+include::modules/virt-adding-vm-to-service-mesh.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-connecting-vm-to-service-mesh"]
+== Additional resources
+* xref:../../service_mesh/v2x/installing-ossm.adoc#installing-ossm[Installing the Service Mesh Operators]
+* xref:../../service_mesh/v2x/ossm-create-smcp.adoc#ossm-create-smcp[Creating the Service Mesh control plane]
+* xref:../../service_mesh/v2x/ossm-create-mesh.adoc#ossm-create-mesh[Adding projects to the Service Mesh member roll]
\ No newline at end of file
diff --git a/virt/vm_networking/virt-connecting-vm-to-sriov.adoc b/virt/vm_networking/virt-connecting-vm-to-sriov.adoc
new file mode 100644
index 000000000000..bfbd3dcdc2d5
--- /dev/null
+++ b/virt/vm_networking/virt-connecting-vm-to-sriov.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-connecting-vm-to-sriov"]
+= Connecting a virtual machine to an SR-IOV network
+include::_attributes/common-attributes.adoc[]
+:context: virt-connecting-vm-to-sriov
+
+toc::[]
+
+You can connect a virtual machine (VM) to a Single Root I/O Virtualization (SR-IOV) network by performing the following steps:
+
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#nw-sriov-configuring-device_virt-connecting-vm-to-sriov[Configuring an SR-IOV network device]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#nw-sriov-network-attachment_virt-connecting-vm-to-sriov[Configuring an SR-IOV network]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-attaching-vm-to-sriov-network_virt-connecting-vm-to-sriov[Connecting the VM to the SR-IOV network]
+
+include::modules/nw-sriov-configuring-device.adoc[leveloffset=+1]
+
+include::modules/nw-sriov-network-attachment.adoc[leveloffset=+1]
+
+include::modules/virt-attaching-vm-to-sriov-network.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-connecting-vm-to-sriov"]
+== Additional resources
+* xref:../../virt/vm_networking/virt-using-dpdk-with-sriov.adoc#virt-using-dpdk-with-sriov[Configuring DPDK workloads for improved performance]
\ No newline at end of file
diff --git a/virt/vm_networking/virt-dedicated-network-live-migration.adoc b/virt/vm_networking/virt-dedicated-network-live-migration.adoc
new file mode 100644
index 000000000000..c0e7d46ac409
--- /dev/null
+++ b/virt/vm_networking/virt-dedicated-network-live-migration.adoc
@@ -0,0 +1,18 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-dedicated-network-live-migration"]
+= Configuring a dedicated network for live migration
+include::_attributes/common-attributes.adoc[]
+:context: virt-dedicated-network-live-migration
+
+toc::[]
+
+You can configure a dedicated xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[Multus network] for live migration. A dedicated network minimizes the effects of network saturation on tenant workloads during live migration.
+
+include::modules/virt-configuring-secondary-network-vm-live-migration.adoc[leveloffset=+1]
+
+include::modules/virt-selecting-migration-network-ui.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-migrating-vm-on-secondary-network"]
+== Additional resources
+* xref:../../virt/live_migration/virt-configuring-live-migration#virt-configuring-live-migration-limits_virt-configuring-live-migration[Configuring live migration limits and timeouts]
diff --git a/virt/vm_networking/virt-exposing-vm-with-service.adoc b/virt/vm_networking/virt-exposing-vm-with-service.adoc
new file mode 100644
index 000000000000..b8f033d111a0
--- /dev/null
+++ b/virt/vm_networking/virt-exposing-vm-with-service.adoc
@@ -0,0 +1,27 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-exposing-vm-with-service"]
+= Exposing a virtual machine by using a service
+include::_attributes/common-attributes.adoc[]
+:context: virt-exposing-vm-with-service
+
+toc::[]
+
+You can expose a virtual machine within the cluster or outside the cluster by creating a `Service` object.
+
+include::modules/virt-about-services.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../networking/metallb/metallb-operator-install.adoc#metallb-operator-install[Installing the MetalLB Operator]
+* xref:../../networking/metallb/metallb-configure-services.adoc#metallb-configure-services[Configuring services to use MetalLB]
+
+include::modules/virt-dual-stack-support-services.adoc[leveloffset=+1]
+
+include::modules/virt-creating-service-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_creating-service-vm"]
+== Additional resources
+* xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#configuring-ingress-cluster-traffic-nodeport[Configuring ingress cluster traffic using a NodePort]
+* xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc#configuring-ingress-cluster-traffic-load-balancer[Configuring ingress cluster traffic using a load balancer]
+
diff --git a/virt/vm_networking/virt-hot-plugging-network-interfaces.adoc b/virt/vm_networking/virt-hot-plugging-network-interfaces.adoc
new file mode 100644
index 000000000000..41b97de87f2c
--- /dev/null
+++ b/virt/vm_networking/virt-hot-plugging-network-interfaces.adoc
@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-hot-plugging-network-interfaces"]
+= Hot plugging secondary network interfaces
+include::_attributes/common-attributes.adoc[]
+:context: virt-hot-plugging-network-interfaces
+
+toc::[]
+
+You can add or remove secondary network interfaces without stopping your virtual machine (VM). {VirtProductName} supports hot plugging and hot unplugging for Linux bridge interfaces that use the VirtIO device driver.
+
+:FeatureName: Hot plugging and hot unplugging bridge network interfaces
+include::snippets/technology-preview.adoc[]
+
+[id="virtio-limitations_virt-hot-plugging-network-interfaces"]
+== VirtIO limitations
+Each VirtIO interface uses one of the limited Peripheral Connect Interface (PCI) slots in the VM. There are a total of 32 slots available. The PCI slots are also used by other devices and must be reserved in advance, therefore slots might not be available on demand. {VirtProductName} reserves up to four slots for hot plugging interfaces. This includes any existing plugged network interfaces. For example, if your VM has two existing plugged interfaces, you can hot plug two more network interfaces.
+
+[NOTE]
+====
+The actual number of slots available for hot plugging also depends on the machine type. For example, the default PCI topology for the q35 machine type supports hot plugging one additional PCIe device. For more information on PCI topology and hot plug support, see the link:https://libvirt.org/pci-hotplug.html[libvirt documentation].
+====
+
+If you restart the VM after hot plugging an interface, that interface becomes part of the standard network interfaces.
+
+include::modules/virt-hot-plugging-bridge-network-interface-cli.adoc[leveloffset=+1]
+
+include::modules/virt-hot-unplugging-bridge-network-interface-cli.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-hot-plugging-network-interfaces"]
+== Additional resources
+
+* xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#installing-virtctl_virt-using-the-cli-tools[Installing virtctl]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#creating-linux-bridge-nad[Creating a Linux bridge network attachment definition]
\ No newline at end of file
diff --git a/virt/vm_networking/virt-networking-overview.adoc b/virt/vm_networking/virt-networking-overview.adoc
new file mode 100644
index 000000000000..bca6885a6487
--- /dev/null
+++ b/virt/vm_networking/virt-networking-overview.adoc
@@ -0,0 +1,114 @@
+:_mod-docs-content-type: ASSEMBLY                                        
+[id="virt-networking"]                            
+= Networking overview                                                
+include::_attributes/common-attributes.adoc[]                   
+:context: virt-networking-overview                         
+                                                                
+toc::[]    
+
+{VirtProductName} provides advanced networking functionality by using custom resources and plugins. Virtual machines (VMs) are integrated with {product-title} networking and its ecosystem.
+
+include::modules/virt-networking-glossary.adoc[leveloffset=+1]
+
+
+[id="default-network-config"]
+== Using the default pod network
+
+xref:../../virt/vm_networking/virt-connecting-vm-to-default-pod-network.adoc#virt-connecting-vm-to-default-pod-network[Connecting a virtual machine to the default pod network]::
+
+Each VM is connected by default to the default internal pod network. You can add or remove network interfaces by editing the VM specification.
+
+xref:../../virt/vm_networking/virt-exposing-vm-with-service.adoc#virt-exposing-vm-with-service[Exposing a virtual machine as a service]::
+
+You can expose a VM within the cluster or outside the cluster by creating a `Service` object. For on-premise clusters, you can configure a load balancing service by using the MetalLB Operator. You can xref:../../networking/metallb/metallb-operator-install.adoc#metallb-operator-install[install the MetalLB Operator] by using the {product-title} web console or the CLI.
+
+[id="secondary-network-config"]
+== Configuring VM secondary network interfaces
+
+xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[Connecting a virtual machine to a Linux bridge network]::
+
+xref:../../networking/k8s_nmstate/k8s-nmstate-about-the-k8s-nmstate-operator.adoc#k8s-nmstate-about-the-k8s-nmstate-operator[Install the Kubernetes NMState Operator] to configure Linux bridges, VLANs, and bondings for your secondary networks.
++
+You can create a Linux bridge network and attach a VM to the network by performing the following steps:
+
+. xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-creating-linux-bridge-nncp_virt-connecting-vm-to-linux-bridge[Configure a Linux bridge network device] by creating a `NodeNetworkConfigurationPolicy` custom resource definition (CRD).
+. xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#creating-linux-bridge-nad[Configure a Linux bridge network] by creating a `NetworkAttachmentDefinition` CRD.
+. xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#configuring-vm-network-interface[Connect the VM to the Linux bridge network] by including the network details in the VM configuration.
+
+xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-connecting-vm-to-sriov[Connecting a virtual machine to an SR-IOV network]::
+
+You can use Single Root I/O Virtualization (SR-IOV) network devices with additional networks on your {product-title} cluster installed on bare metal or Red Hat OpenStack Platform (RHOSP) infrastructure for applications that require high bandwidth or low latency.
++
+You must xref:../../networking/hardware_networks/installing-sriov-operator.adoc#installing-sriov-operator[install the SR-IOV Network Operator] on your cluster to manage SR-IOV network devices and network attachments.
++
+You can connect a VM to an SR-IOV network by performing the following steps:
+
+. xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#nw-sriov-configuring-device_virt-connecting-vm-to-sriov[Configure an SR-IOV network device] by creating a `SriovNetworkNodePolicy` CRD.
+. xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#nw-sriov-network-attachment_virt-connecting-vm-to-sriov[Configure an SR-IOV network] by creating an `SriovNetwork` object.
+. xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-attaching-vm-to-sriov-network_virt-connecting-vm-to-sriov[Connect the VM to the SR-IOV network] by including the network details in the VM configuration.
+
+
+xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#virt-connecting-vm-to-ovn-secondary-network[Connecting a virtual machine to an OVN-Kubernetes secondary network]::
+
+You can connect a VM to an Open Virtual Network (OVN)-Kubernetes secondary network. To configure an OVN-Kubernetes secondary network and attach a VM to that network, perform the following steps:
+
+. xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#creating-ovn-layer2-nad[Configure an OVN-Kubernetes secondary network] by creating a `NetworkAttachmentDefinition` CRD.
+
+. xref:../../virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc#attaching-vm-to-ovn-secondary-nw[Connect the VM to the OVN-Kubernetes secondary network] by adding the network details to the VM specification.
+
+xref:../../virt/vm_networking/virt-hot-plugging-network-interfaces.adoc#virt-hot-plugging-network-interfaces[Hot plugging secondary network interfaces]::
+
+You can add or remove secondary network interfaces without stopping your VM. {VirtProductName} supports hot plugging and hot unplugging for Linux bridge interfaces that use the VirtIO device driver.
+
+xref:../../virt/vm_networking/virt-using-dpdk-with-sriov.adoc#virt-using-dpdk-with-sriov[Using DPDK with SR-IOV]::
+
+The Data Plane Development Kit (DPDK) provides a set of libraries and drivers for fast packet processing. You can configure clusters and VMs to run DPDK workloads over SR-IOV networks.
+
+xref:../../virt/vm_networking/virt-dedicated-network-live-migration.adoc#virt-dedicated-network-live-migration[Configuring a dedicated network for live migration]::
+
+You can configure a dedicated xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#virt-connecting-vm-to-linux-bridge[Multus network] for live migration. A dedicated network minimizes the effects of network saturation on tenant workloads during live migration.
+
+xref:../../virt/vm_networking/virt-accessing-vm-secondary-network-fqdn.adoc#virt-accessing-vm-secondary-network-fqdn[Accessing a virtual machine by using the cluster FQDN]::
+
+You can access a VM that is attached to a secondary network interface from outside the cluster by using its fully qualified domain name (FQDN).
+
+xref:../../virt/vm_networking/virt-configuring-viewing-ips-for-vms.adoc#virt-configuring-viewing-ips-for-vms[Configuring and viewing IP addresses]::
+
+You can configure an IP address of a secondary network interface when you create a VM. The IP address is provisioned with cloud-init. You can view the IP address of a VM by using the {product-title} web console or the command line. The network information is collected by the QEMU guest agent.
+
+
+[id="service-mesh-integration"]
+== Integrating with OpenShift Service Mesh
+xref:../../virt/vm_networking/virt-connecting-vm-to-service-mesh.adoc#virt-connecting-vm-to-service-mesh[Connecting a virtual machine to a service mesh]::
+
+{VirtProductName} is integrated with OpenShift Service Mesh. You can monitor, visualize, and control traffic between pods and virtual machines.
+
+[id="managing-mac-address-pools"]
+== Managing MAC address pools
+xref:../../virt/vm_networking/virt-using-mac-address-pool-for-vms.adoc#virt-using-mac-address-pool-for-vms[Managing MAC address pools for network interfaces]::
+
+The KubeMacPool component allocates MAC addresses for VM network interfaces from a shared MAC address pool. This ensures that each network interface is assigned a unique MAC address. A virtual machine instance created from that VM retains the assigned MAC address across reboots.
+
+[id="vm-ssh-access"]
+== Configuring SSH access
+xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#virt-accessing-vm-ssh[Configuring SSH access to virtual machines]::
+
+You can configure SSH access to VMs by using the following methods:
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#using-virtctl-ssh_virt-accessing-vm-ssh[`virtctl ssh` command]
++
+You create an SSH key pair, add the public key to a VM, and connect to the VM by running the `virtctl ssh` command with the private key.
++
+You can add public SSH keys to {op-system-base-full} 9 VMs at runtime or at first boot to VMs with guest operating systems that can be configured by using a cloud-init data source.
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#virt-using-virtctl-port-forward-command_virt-accessing-vm-ssh[`virtctl port-forward` command]
++
+You add the `virtctl port-foward` command to your `.ssh/config` file and connect to the VM by using OpenSSH.
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#using-services-ssh_virt-accessing-vm-ssh[Service]
++
+You create a service, associate the service with the VM, and connect to the IP address and port exposed by the service.
+
+* xref:../../virt/virtual_machines/virt-accessing-vm-ssh.adoc#using-secondary-networks-ssh_virt-accessing-vm-ssh[Secondary network]
++
+You configure a secondary network, attach a VM to the secondary network interface, and connect to its allocated IP address.
diff --git a/virt/vm_networking/virt-using-dpdk-with-sriov.adoc b/virt/vm_networking/virt-using-dpdk-with-sriov.adoc
new file mode 100644
index 000000000000..832221dc5a48
--- /dev/null
+++ b/virt/vm_networking/virt-using-dpdk-with-sriov.adoc
@@ -0,0 +1,30 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-using-dpdk-with-sriov"]
+= Using DPDK with SR-IOV
+include::_attributes/common-attributes.adoc[]
+:context: virt-using-dpdk-with-sriov
+
+toc::[]
+
+The Data Plane Development Kit (DPDK) provides a set of libraries and drivers for fast packet processing.
+
+You can configure clusters and virtual machines (VMs) to run DPDK workloads over SR-IOV networks.
+
+include::modules/virt-configuring-cluster-dpdk.adoc[leveloffset=+1]
+
+[role="_additional-resources_configuring-cluster-dpdk"]
+.Additional resources
+* xref:../../scalability_and_performance/using-cpu-manager.adoc#using-cpu-manager[Using CPU Manager and Topology Manager]
+* xref:../../scalability_and_performance/what-huge-pages-do-and-how-they-are-consumed-by-apps.adoc#configuring-huge-pages_huge-pages[Configuring huge pages]
+* link:https://access.redhat.com/solutions/5688941[Creating a custom machine config pool]
+
+include::modules/virt-configuring-vm-project-dpdk.adoc[leveloffset=+1]
+
+[role="_additional-resources_configuring-project-dpdk"]
+.Additional resources
+* xref:../../applications/projects/working-with-projects.adoc#working-with-projects[Working with projects]
+* xref:../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-measuring-latency-vm-secondary-network_virt-running-cluster-checkups[Virtual machine latency checkup]
+* xref:../../virt/monitoring/virt-running-cluster-checkups.adoc#virt-checking-cluster-dpdk-readiness_virt-running-cluster-checkups[DPDK checkup]
+
+include::modules/virt-configuring-vm-dpdk.adoc[leveloffset=+1]
+
diff --git a/virt/vm_networking/virt-using-mac-address-pool-for-vms.adoc b/virt/vm_networking/virt-using-mac-address-pool-for-vms.adoc
new file mode 100644
index 000000000000..4e385d9a02dc
--- /dev/null
+++ b/virt/vm_networking/virt-using-mac-address-pool-for-vms.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-using-mac-address-pool-for-vms"]
+= Managing MAC address pools for network interfaces
+include::_attributes/common-attributes.adoc[]
+:context: virt-using-mac-address-pool-for-vms
+
+toc::[]
+
+The _KubeMacPool_ component allocates MAC addresses for virtual machine (VM) network interfaces from a shared MAC address pool. This ensures that each network interface is assigned a unique MAC address.
+
+A virtual machine instance created from that VM retains the assigned MAC address across reboots.
+
+[NOTE]
+====
+KubeMacPool does not handle virtual machine instances created independently from a virtual machine.
+====
+
+include::modules/virt-managing-kubemacpool-cli.adoc[leveloffset=+1]
+
diff --git a/virt/vm_networking/virt-viewing-ip-of-vm-nic.adoc b/virt/vm_networking/virt-viewing-ip-of-vm-nic.adoc
new file mode 100644
index 000000000000..345991935dc2
--- /dev/null
+++ b/virt/vm_networking/virt-viewing-ip-of-vm-nic.adoc
@@ -0,0 +1,17 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="virt-viewing-ip-of-vm-nic"]
+= Viewing virtual machine IP addresses
+include::_attributes/common-attributes.adoc[]
+:context: virt-viewing-ip-of-vm-nic
+
+toc::[]
+
+You can view the IP address of a virtual machine network interface by using the {product-title} web console or the command line.
+
+include::modules/virt-viewing-vmi-ip-cli.adoc[leveloffset=+1]
+include::modules/virt-viewing-vmi-ip-web.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_virt-viewing-ip-of-vm-nic"]
+== Additional resources
+* xref:../../virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc#virt-installing-qemu-guest-agent[Installing the QEMU guest agent]
\ No newline at end of file
diff --git a/virt/vm_templates/images b/virt/vm_templates/images
deleted file mode 120000
index 5fa6987088da..000000000000
--- a/virt/vm_templates/images
+++ /dev/null
@@ -1 +0,0 @@
-../../images
\ No newline at end of file
diff --git a/virt/vm_templates/virt-automatic-bootsource-updates.adoc b/virt/vm_templates/virt-automatic-bootsource-updates.adoc
deleted file mode 100644
index 632a756648da..000000000000
--- a/virt/vm_templates/virt-automatic-bootsource-updates.adoc
+++ /dev/null
@@ -1,36 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-automatic-bootsource-updates"]
-= Managing automatic boot source updates
-include::_attributes/common-attributes.adoc[]
-:context: virt-automatic-bootsource-updates
-
-toc::[]
-
-Manage automatic boot source updates.
-
-include::modules/virt-about-auto-bootsource-updates.adoc[leveloffset=+1]
-
-[id="enable-disable-auto-updates-all-system-boot-sources_virt-automatic-bootsource-updates"]
-== Enable or disable automatic updates for all system boot sources
-
-Control automatic updates for all system-defined boot sources by using the feature gate.
-
-include::modules/virt-managing-auto-update-all-system-boot-sources.adoc[leveloffset=+2]
-
-[id="enable-updates-custom-boot-sources_virt-automatic-bootsource-updates"]
-== Enable automatic updates for custom boot sources
-
-Ensure that your cluster has a default storage class. Then, enable automatic updates for custom boot sources.
-
-include::modules/virt-configuring-storage-class-bootsource-update.adoc[leveloffset=+2]
-
-include::modules/virt-autoupdate-custom-bootsource.adoc[leveloffset=+2]
-
-[id="disable-auto-updates-specific-boot-source_virt-automatic-bootsource-updates"]
-== Disable automatic updates for a specific boot source
-
-Disable automatic updates for individual boot sources.
-
-include::modules/virt-disable-auto-updates-single-boot-source.adoc[leveloffset=+2]
-
-include::modules/virt-verify-status-bootsource-update.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/virt/vm_templates/virt-creating-and-using-boot-sources.adoc b/virt/vm_templates/virt-creating-and-using-boot-sources.adoc
deleted file mode 100644
index 940f68442ea1..000000000000
--- a/virt/vm_templates/virt-creating-and-using-boot-sources.adoc
+++ /dev/null
@@ -1,29 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-creating-and-using-boot-sources"]
-= Creating and using boot sources
-include::_attributes/common-attributes.adoc[]
-:context: virt-creating-and-using-boot-sources
-
-toc::[]
-
-A boot source contains a bootable operating system (OS) and all of the configuration settings for the OS, such as drivers.
-
-You use a boot source to create virtual machine templates with specific configurations. These templates can be used to create any number of available virtual machines.
-
-Quick Start tours are available in the {product-title} web console to assist you in creating a custom boot source, uploading a boot source, and other tasks. Select *Quick Starts* from the *Help* menu to view the Quick Start tours.
-
-include::modules/virt-about-vms-and-boot-sources.adoc[leveloffset=+1]
-
-include::modules/virt-importing-rhel-image-boot-source-web.adoc[leveloffset=+1]
-
-include::modules/virt-adding-a-boot-source-web.adoc[leveloffset=+1]
-
-include::modules/virt-creating-a-vm-from-a-template-with-an-attached-boot-source.adoc[leveloffset=+1]
-
-[id="additional-resources_creating-and-using-boot-sources"]
-[role="_additional-resources"]
-== Additional resources
-* xref:../../virt/vm_templates/virt-creating-vm-template.adoc#virt-create-vms[Creating virtual machine templates]
-* xref:../../virt/vm_templates/virt-automatic-bootsource-updates.adoc#virt-automatic-bootsource-updates[Managing automatic boot source updates]
-
-// to-do: Boot sources should be moved to the Templates folder. It does not belong with disks. apinnick
\ No newline at end of file
diff --git a/virt/vm_templates/virt-creating-vm-template.adoc b/virt/vm_templates/virt-creating-vm-template.adoc
deleted file mode 100644
index 3b4749133758..000000000000
--- a/virt/vm_templates/virt-creating-vm-template.adoc
+++ /dev/null
@@ -1,23 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-creating-vm-template"]
-= Creating virtual machine templates
-include::_attributes/common-attributes.adoc[]
-:context: virt-creating-vm-template
-
-toc::[]
-
-include::modules/virt-about-vm-templates.adoc[leveloffset=+1]
-
-include::modules/virt-about-vms-and-boot-sources.adoc[leveloffset=+1]
-
-include::modules/virt-creating-template.adoc[leveloffset=+1]
-
-include::modules/virt-adding-a-boot-source-web.adoc[leveloffset=+1]
-
-include::modules/virt-template-fields-for-boot-source.adoc[leveloffset=+2]
-
-[id="additional-resources_creating-vm-template"]
-[role="_additional-resources"]
-== Additional resources
-* xref:../../virt/vm_templates/virt-creating-and-using-boot-sources.adoc#virt-creating-and-using-boot-sources[Creating and using boot sources]
-* xref:../../virt/virtual_machines/virtual_disks/virt-creating-data-volumes.adoc#virt-customizing-storage-profile_virt-creating-data-volumes[Customizing the storage profile]
diff --git a/virt/vm_templates/virt-dedicated-resources-vm-template.adoc b/virt/vm_templates/virt-dedicated-resources-vm-template.adoc
deleted file mode 100644
index aefc647a0c4d..000000000000
--- a/virt/vm_templates/virt-dedicated-resources-vm-template.adoc
+++ /dev/null
@@ -1,21 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-dedicated-resources-vm-template"]
-= Enabling dedicated resources for virtual machine templates
-include::_attributes/common-attributes.adoc[]
-:context: virt-dedicated-resources-vm-template
-
-toc::[]
-
-Virtual machines can have resources of a node, such as CPU,
-dedicated to them to improve performance.
-
-include::modules/virt-about-dedicated-resources.adoc[leveloffset=+1]
-
-== Prerequisites
-
-* The
-xref:../../scalability_and_performance/using-cpu-manager.adoc[CPU Manager]  must
-be configured on the node. Verify that the node has the `cpumanager` = `true`
-label before scheduling virtual machine workloads.
-
-include::modules/virt-enabling-dedicated-resources.adoc[leveloffset=+1]
diff --git a/virt/vm_templates/virt-deleting-vm-template.adoc b/virt/vm_templates/virt-deleting-vm-template.adoc
deleted file mode 100644
index 84bd68523882..000000000000
--- a/virt/vm_templates/virt-deleting-vm-template.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-deleting-vm-template"]
-= Deleting virtual machine templates
-include::_attributes/common-attributes.adoc[]
-:context: virt-deleting-vm-template
-
-toc::[]
-
-You can delete customized virtual machine templates based on Red Hat templates by using the web console.
-
-You cannot delete Red Hat templates.
-
-include::modules/virt-deleting-template-web.adoc[leveloffset=+1]
diff --git a/virt/vm_templates/virt-deploying-vm-template-to-custom-namespace.adoc b/virt/vm_templates/virt-deploying-vm-template-to-custom-namespace.adoc
deleted file mode 100644
index 30bdd2fa7d7f..000000000000
--- a/virt/vm_templates/virt-deploying-vm-template-to-custom-namespace.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-deploying-vm-template-to-custom-namespace"]
-= Deploying a virtual machine template to a custom namespace
-include::_attributes/common-attributes.adoc[]
-:context: virt-deploying-vm-template-to-custom-namespace
-
-toc::[]
-
-Red Hat provides preconfigured virtual machine templates that are installed in the `openshift` namespace. The `ssp-operator` deploys virtual machine templates to the `openshift` namespace by default. Templates in the `openshift` namespace are publicly available to all users. These templates are listed on the *Virtualization* -> *Templates* page for different operating systems.
-
-include::modules/virt-creating-custom-namespace-for-templates.adoc[leveloffset=+1]
-
-include::modules/virt-adding-templates-to-custom-namespace.adoc[leveloffset=+1]
-
-include::modules/virt-deleting-templates-from-custom-namespace.adoc[leveloffset=+1]
-
-[id="additional-resources_deploying-vm-templates-to-custom-namespace"]
-[role="_additional-resources"]
-== Additional resources
-* xref:../../virt/vm_templates/virt-creating-vm-template.adoc#virt-creating-vm-template[Creating virtual machine templates]
diff --git a/virt/vm_templates/virt-editing-vm-template.adoc b/virt/vm_templates/virt-editing-vm-template.adoc
deleted file mode 100644
index 99120f89f086..000000000000
--- a/virt/vm_templates/virt-editing-vm-template.adoc
+++ /dev/null
@@ -1,20 +0,0 @@
-:_content-type: ASSEMBLY
-[id="virt-editing-vm-template"]
-= Editing virtual machine templates
-include::_attributes/common-attributes.adoc[]
-:context: virt-editing-vm-template
-
-toc::[]
-
-You can edit a virtual machine template in the web console.
-
-[NOTE]
-====
-You cannot edit a template provided by the Red Hat Virtualization Operator. If you clone the template, you can edit it.
-====
-
-include::modules/virt-editing-vm-web.adoc[leveloffset=+1]
-
-include::modules/virt-add-nic-to-vm.adoc[leveloffset=+2]
-
-include::modules/virt-add-disk-to-vm.adoc[leveloffset=+2]
diff --git a/web_console/adding-user-preferences.adoc b/web_console/adding-user-preferences.adoc
index f8ab5f66a61c..8499cc690cc0 100644
--- a/web_console/adding-user-preferences.adoc
+++ b/web_console/adding-user-preferences.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="adding-user-preferences"]
 = Adding user preferences
 include::_attributes/common-attributes.adoc[]
diff --git a/web_console/configuring-web-console.adoc b/web_console/configuring-web-console.adoc
index 4f139a0679da..ce59d3365b67 100644
--- a/web_console/configuring-web-console.adoc
+++ b/web_console/configuring-web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-web-console"]
 = Configuring the web console in {product-title}
 include::_attributes/common-attributes.adoc[]
@@ -7,11 +7,15 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 You can modify the {product-title} web console to set a logout redirect URL
-or disable the console.
+or disable the quick start tutorials.
 
 == Prerequisites
 
 * Deploy an {product-title} cluster.
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create "consoles" resource
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/web-console-configuration.adoc[leveloffset=+1]
+// Hiding in ROSA/OSD, as dedicated-admins do not have sufficient permissions to read any cluster configuration
 include::modules/disable-quickstarts-admin-console.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/web_console/creating-quick-start-tutorials.adoc b/web_console/creating-quick-start-tutorials.adoc
index 043079e729f5..d5fb364ff7de 100644
--- a/web_console/creating-quick-start-tutorials.adoc
+++ b/web_console/creating-quick-start-tutorials.adoc
@@ -1,8 +1,17 @@
-:_content-type: ASSEMBLY
+ifndef::openshift-rosa,openshift-dedicated[]
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-quick-start-tutorials"]
 = Creating quick start tutorials in the web console
 include::_attributes/common-attributes.adoc[]
 :context: creating-quick-start-tutorials
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+:_mod-docs-content-type: ASSEMBLY
+[id="creating-quick-start-tutorials"]
+= About quick start tutorials
+include::_attributes/common-attributes.adoc[]
+:context: creating-quick-start-tutorials
+endif::openshift-rosa,openshift-dedicated[]
 
 toc::[]
 
@@ -14,6 +23,8 @@ include::modules/quick-start-user-workflow.adoc[leveloffset=+1]
 
 include::modules/quick-start-components.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create "consolequickstarts" resource 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/contributing-quick-starts.adoc[leveloffset=+1]
 
 include::modules/understanding-quick-start-elements.adoc[leveloffset=+2]
@@ -38,3 +49,4 @@ include::modules/quick-start-content-guidelines.adoc[leveloffset=+1]
 
 * For voice and tone requirements, refer to link:https://www.patternfly.org/v4/ux-writing/brand-voice-and-tone[PatternFly's brand voice and tone guidelines].
 * For other UX content guidance, refer to all areas of link:https://www.patternfly.org/v4/ux-writing/about[PatternFly's UX writing style guide].
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/web_console/customizing-the-web-console.adoc b/web_console/customizing-the-web-console.adoc
index 1735a7a12dfe..a75ccf19bae0 100644
--- a/web_console/customizing-the-web-console.adoc
+++ b/web_console/customizing-the-web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="customizing-web-console"]
 = Customizing the web console in {product-title}
 include::_attributes/common-attributes.adoc[]
@@ -13,39 +13,50 @@ corporate or government requirements.
 
 include::modules/adding-a-custom-logo.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create resource "consolelinks"
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/creating-custom-links.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot patch resource "ingresses"
 include::modules/customizing-the-web-console-URL.adoc[leveloffset=+1]
+endif::openshift-rosa,openshift-dedicated[]
 
-[id="customizing-web-console-recognize"]
-== Recognizing resource and project limits and quotas
-
-You can view a graphical representation of available resources in the *Topology* view of the web console *Developer* perspective.
-
-If a resource has a message about resource limitations or quotas being reached, a yellow border appears around the resource name. Click the resource to open a side panel to see the message. If the *Topology* view has been zoomed out, a yellow dot indicates that a message is available.
-
-If using *List View* from the *View Shortcuts* menu, resources appear as a list. The *Alerts* column indicates if a message is available. 
+// moved _Recognizing resource and project limits and quotas_ to modules/recognize-resource-limits-quotas.adoc in web-console.adoc
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create resource "secrets" in openshift-config
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/customizing-the-login-page.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create resource "consoleexternalloglinks"
 include::modules/defining-template-for-external-log-link.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create resource "consolenotifications"
 include::modules/adding-custom-notification-banners.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot patch resource "customresourcedefinitions"
 include::modules/customizing-cli-downloads.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot patch resource "customresourcedefinitions" 
 include::modules/adding-yaml-examples-to-kube-resources.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create resource "consoles"
 include::modules/odc-customizing-user-perspectives.adoc[leveloffset=+1]
 
+// Hiding in ROSA/OSD, as dedicated-admins cannot create resource "consoles"
 include::modules/odc-customizing-a-perspective-using-YAML-view.adoc[leveloffset=+2]
 
+// Hiding in ROSA/OSD, as dedicated-admins do not have sufficient permissions to read any cluster configuration
 include::modules/odc-customizing-a-perspective-using-form-view.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/odc_con_customizing-a-developer-catalog-or-its-sub-catalogs.adoc[leveloffset=+1]
 
 include::modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-yaml-view.adoc[leveloffset=+2]
 
+// Hiding in ROSA/OSD, as dedicated-admins do not have sufficient permissions to read any cluster configuration
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/odc_customizing-a-developer-catalog-or-its-sub-catalogs-using-the-form-view.adoc[leveloffset=+2]
 
-include::modules/odc_con_example-yaml-file-changes.adoc[leveloffset=+3]
\ No newline at end of file
+// Hiding in ROSA/OSD, as dedicated-admins cannot patch resource "consoles" 
+include::modules/odc_con_example-yaml-file-changes.adoc[leveloffset=+3]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/web_console/disabling-web-console.adoc b/web_console/disabling-web-console.adoc
index a5d82f5f7a4c..86cccb3dece2 100644
--- a/web_console/disabling-web-console.adoc
+++ b/web_console/disabling-web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="disabling-web-console"]
 = Disabling the web console in {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/web_console/dynamic-plugin/deploy-plugin-cluster.adoc b/web_console/dynamic-plugin/deploy-plugin-cluster.adoc
index baf50c2c95ac..f0af2733f174 100644
--- a/web_console/dynamic-plugin/deploy-plugin-cluster.adoc
+++ b/web_console/dynamic-plugin/deploy-plugin-cluster.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deploy-plugin-cluster_{context}"]
 = Deploy your plugin on a cluster
 include::_attributes/common-attributes.adoc[]
@@ -14,7 +14,9 @@ include::modules/deployment-plug-in-cluster.adoc[leveloffset=+1]
 
 include::modules/disabling-plug-in-browser.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 [id="dynamic-plugins_additional-resources"]
 == Additional resources
 * xref:../../applications/working_with_helm_charts/understanding-helm.adoc#understaning-helm[Understanding Helm]
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/web_console/dynamic-plugin/dynamic-plugin-example.adoc b/web_console/dynamic-plugin/dynamic-plugin-example.adoc
index 1222befd5e96..d8056a32d29b 100644
--- a/web_console/dynamic-plugin/dynamic-plugin-example.adoc
+++ b/web_console/dynamic-plugin/dynamic-plugin-example.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dynamic-plugin-example_{context}"]
 = Dynamic plugin example
 include::_attributes/common-attributes.adoc[]
diff --git a/web_console/dynamic-plugin/dynamic-plugins-get-started.adoc b/web_console/dynamic-plugin/dynamic-plugins-get-started.adoc
index 3a943912bba2..049cb9619b43 100644
--- a/web_console/dynamic-plugin/dynamic-plugins-get-started.adoc
+++ b/web_console/dynamic-plugin/dynamic-plugins-get-started.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="getting-started-with-dynamic-plugins_{context}"]
 = Getting started with dynamic plugins
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,6 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-To get started using the dynamic plugin, you must set up your environment to write a new {product-title} dynamic plugin. For an example of how to write a new plugin, see xref:../../web_console/dynamic-plugin/dynamic-plugin-example.html#adding-tab-to-pods-page_dynamic-plugin-example[Adding a tab to the pods page].
+To get started using the dynamic plugin, you must set up your environment to write a new {product-title} dynamic plugin. For an example of how to write a new plugin, see xref:../../web_console/dynamic-plugin/dynamic-plugin-example.adoc#adding-tab-to-pods-page_dynamic-plugin-example[Adding a tab to the pods page].
 
 include::modules/dynamic-plug-in-development.adoc[leveloffset=+1]
diff --git a/web_console/dynamic-plugin/dynamic-plugins-reference.adoc b/web_console/dynamic-plugin/dynamic-plugins-reference.adoc
index 3723ce37702d..cb787ad51e43 100644
--- a/web_console/dynamic-plugin/dynamic-plugins-reference.adoc
+++ b/web_console/dynamic-plugin/dynamic-plugins-reference.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="dynamic-plugins-reference_{context}"]
 = Dynamic plugin reference
 include::_attributes/common-attributes.adoc[]
@@ -14,6 +14,8 @@ include::modules/dynamic-plugin-api.adoc[leveloffset=+1]
 
 include::modules/troubleshooting-dynamic-plugin.adoc[leveloffset=+1]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../security/certificates/service-serving-certificate.adoc#understanding-service-serving_service-serving-certificate[Understanding service serving certificates]
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/web_console/dynamic-plugin/overview-dynamic-plugin.adoc b/web_console/dynamic-plugin/overview-dynamic-plugin.adoc
index 439be6c3ba0b..709cc0c7b0a5 100644
--- a/web_console/dynamic-plugin/overview-dynamic-plugin.adoc
+++ b/web_console/dynamic-plugin/overview-dynamic-plugin.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="overview-of-dynamic-plugins_{context}"]
 = Overview of dynamic plugins
 include::_attributes/common-attributes.adoc[]
@@ -41,9 +41,9 @@ conster Header: React.FC = () => {
 * Avoid selectors that could affect markup outside of your plugins components, such as element selectors. These are not APIs and are subject to change. Using them might break your plugin. Avoid selectors like element selectors that could affect markup outside of your plugins components.
 
 [discrete]
-== PatternFly 4 guidelines
+== PatternFly guidelines
 When creating your plugin, follow these guidelines for using PatternFly:
 
-* Use link:https://www.patternfly.org/v4/[PatternFly4] components and PatternFly CSS variables. Core PatternFly components are available through the SDK. Using PatternFly components and variables help your plugin look consistent in future console versions.
-* Make your plugin accessible by following link:https://www.patternfly.org/v4/accessibility/accessibility-fundamentals/[PatternFly's accessibility fundamentals].
+* Use link:https://www.patternfly.org/components/all-components/[PatternFly] components and PatternFly CSS variables. Core PatternFly components are available through the SDK. Using PatternFly components and variables help your plugin look consistent in future console versions.
+* Make your plugin accessible by following link:https://www.patternfly.org/accessibility/accessibility-fundamentals/[PatternFly's accessibility fundamentals].
 * Avoid using other CSS libraries such as Bootstrap or Tailwind. They can conflict with PatternFly and will not match the console look and feel.
diff --git a/web_console/using-dashboard-to-get-cluster-information.adoc b/web_console/using-dashboard-to-get-cluster-information.adoc
index ec3055ba75f7..980d936b32a3 100644
--- a/web_console/using-dashboard-to-get-cluster-information.adoc
+++ b/web_console/using-dashboard-to-get-cluster-information.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="using-dashboard-to-get-cluster-info"]
 = Using the {product-title} dashboard to get cluster information
 include::_attributes/common-attributes.adoc[]
@@ -6,11 +6,8 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Access the {product-title} dashboard, which captures high-level information
-about the cluster, by navigating to *Home* -> *Dashboards* -> *Overview* from
-the {product-title} web console.
-
-The {product-title} dashboard provides various cluster information, captured in
-individual dashboard cards.
+The {product-title} web console captures high-level information
+about the cluster.
 
 include::modules/virt-about-the-overview-dashboard.adoc[leveloffset=+1]
+include::modules/recognize-resource-limits-quotas.adoc[leveloffset=+1]
diff --git a/web_console/web-console-overview.adoc b/web_console/web-console-overview.adoc
index a0adb07b081b..d8dce8c860ea 100644
--- a/web_console/web-console-overview.adoc
+++ b/web_console/web-console-overview.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="web-console-overview"]
 = Web Console Overview
 include::_attributes/common-attributes.adoc[]
@@ -17,13 +17,22 @@ include::modules/odc-accessing-perspectives.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../welcome/learn_more_about_openshift.adoc#cluster-administrator[Learn more about Cluster Administrator]
 * xref:../getting_started/openshift-overview.adoc#for-administrators[Overview of the *Administrator* perspective]
 * xref:../applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc#odc-creating-applications-using-developer-perspective[Creating and deploying applications on {product-title} using the *Developer* perspective]
 * xref:../applications/odc-viewing-application-composition-using-topology-view.adoc#odc-viewing-application-composition-using-topology-view[Viewing the applications in your project, verifying their deployment status, and interacting with them in the *Topology* view]
+endif::openshift-rosa,openshift-dedicated[]
 * xref:../web_console/using-dashboard-to-get-cluster-information.adoc#using-dashboard-to-get-cluster-info[Viewing cluster information]
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../web_console/configuring-web-console.adoc#configuring-web-console[Configuring the web console]
+endif::openshift-rosa,openshift-dedicated[]
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../web_console/customizing-the-web-console.adoc#customizing-web-console[Customizing the web console]
+endif::openshift-rosa,openshift-dedicated[]
+ifndef::openshift-rosa,openshift-dedicated[]
+* xref:../web_console/customizing-the-web-console.adoc#customizing-web-console[About the web console]
+endif::openshift-rosa,openshift-dedicated[]
 * xref:../web_console/web_terminal/odc-using-web-terminal.adoc#odc-using-web-terminal[Using the web terminal]
 * xref:../web_console/creating-quick-start-tutorials.adoc#creating-quick-start-tutorials[Creating quick start tutorials]
-* xref:../web_console/disabling-web-console.adoc#disabling-web-console[Disabling the web console]
\ No newline at end of file
+* xref:../web_console/disabling-web-console.adoc#disabling-web-console[Disabling the web console]
diff --git a/web_console/web-console.adoc b/web_console/web-console.adoc
index 1fdabee08448..61fe552156a3 100644
--- a/web_console/web-console.adoc
+++ b/web_console/web-console.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 
 [id="web-console"]
 = Accessing the web console
@@ -24,6 +24,8 @@ include::modules/web-console-overview.adoc[leveloffset=+1]
 // include::modules/multi-cluster-about.adoc[leveloffset=+1]
 //include::modules/enabling-multi-cluster-console.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 * xref:../nodes/clusters/nodes-cluster-enabling-features.adoc[Enabling feature sets using the web console]
+endif::openshift-rosa,openshift-dedicated[]
\ No newline at end of file
diff --git a/web_console/web_terminal/configuring-web-terminal.adoc b/web_console/web_terminal/configuring-web-terminal.adoc
index 34364f6c96a8..1b3585bba05d 100644
--- a/web_console/web_terminal/configuring-web-terminal.adoc
+++ b/web_console/web_terminal/configuring-web-terminal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="configuring-web-terminal"]
 = Configuring the web terminal
 include::_attributes/common-attributes.adoc[]
@@ -9,9 +9,7 @@ toc::[]
 You can configure timeout and image settings for the web terminal, either for your current session or for all user sessions if you are a cluster administrator.
 
 include::modules/odc-configure-web-terminal-timeout-session.adoc[leveloffset=+1]
-
 include::modules/configure-web-terminal-timeout-admin.adoc[leveloffset=+1]
-
 include::modules/odc-configure-web-terminal-image-session.adoc[leveloffset=+1]
+include::modules/configure-web-terminal-image-admin.adoc[leveloffset=+1]
 
-include::modules/configure-web-terminal-image-admin.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/web_console/web_terminal/installing-web-terminal.adoc b/web_console/web_terminal/installing-web-terminal.adoc
index 0833a873690b..23bc4bec4b45 100644
--- a/web_console/web_terminal/installing-web-terminal.adoc
+++ b/web_console/web_terminal/installing-web-terminal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="installing-web-terminal"]
 = Installing the web terminal
 include::_attributes/common-attributes.adoc[]
diff --git a/web_console/web_terminal/odc-using-web-terminal.adoc b/web_console/web_terminal/odc-using-web-terminal.adoc
index d33ca0e47f5b..8691638575f3 100644
--- a/web_console/web_terminal/odc-using-web-terminal.adoc
+++ b/web_console/web_terminal/odc-using-web-terminal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="odc-using-web-terminal"]
 = Using the web terminal
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,6 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can launch an embedded command line terminal instance in the web console. This terminal instance is preinstalled with common CLI tools for interacting with the cluster, such as `oc`, `kubectl`,`odo`, `kn`, `tkn`, `helm`, `kubens`, `subctl`, and `kubectx`. It also has the context of the project you are working on and automatically logs you in using your credentials.
+You can launch an embedded command line terminal instance in the web console. This terminal instance is preinstalled with common CLI tools for interacting with the cluster, such as `oc`, `kubectl`,`odo`, `kn`, `tkn`, `helm`, and `subctl`. It also has the context of the project you are working on and automatically logs you in using your credentials.
 
 include::modules/odc-access-web-terminal.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/web_console/web_terminal/troubleshooting-web-terminal.adoc b/web_console/web_terminal/troubleshooting-web-terminal.adoc
index 96e85fbf921a..b55d5e1c0994 100644
--- a/web_console/web_terminal/troubleshooting-web-terminal.adoc
+++ b/web_console/web_terminal/troubleshooting-web-terminal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="troubleshooting-web-terminal"]
 = Troubleshooting the web terminal
 include::_attributes/common-attributes.adoc[]
diff --git a/web_console/web_terminal/uninstalling-web-terminal.adoc b/web_console/web_terminal/uninstalling-web-terminal.adoc
index 5831a0090d61..d856fce3d8e9 100644
--- a/web_console/web_terminal/uninstalling-web-terminal.adoc
+++ b/web_console/web_terminal/uninstalling-web-terminal.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="uninstalling-web-terminal"]
 = Uninstalling the web terminal
 include::_attributes/common-attributes.adoc[]
diff --git a/welcome/index.adoc b/welcome/index.adoc
index 7611bec64f5f..8829e67facaa 100644
--- a/welcome/index.adoc
+++ b/welcome/index.adoc
@@ -1,13 +1,17 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="welcome-index"]
 = {product-title} {product-version} Documentation
 include::_attributes/common-attributes.adoc[]
 :context: welcome-index
+{toc}
+{toc-title}
+
+toc::[]
 
 [.lead]
-ifndef::openshift-rosa[]
+ifndef::openshift-rosa,openshift-telco[]
 Welcome to the official {product-title} {product-version} documentation, where you can learn about {product-title} and start exploring its features.
-endif::openshift-rosa[]
+endif::openshift-rosa,openshift-telco[]
 ifdef::openshift-rosa[]
 Welcome to the official {product-title} (ROSA) documentation, where you can learn about ROSA and start exploring its features.
 To learn about ROSA, interacting with ROSA by using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services, start with xref:../rosa_architecture/rosa-understanding.adoc#rosa-understanding[the Introduction to ROSA documentation].
@@ -23,19 +27,12 @@ endif::[]
 
 ifndef::openshift-rosa[]
 
-ifndef::openshift-rosa,openshift-dedicated,openshift-dpu,microshift[]
+ifndef::openshift-rosa,openshift-dedicated,openshift-dpu,openshift-telco[]
 To navigate the {product-title} {product-version} documentation, you can use one of the following methods:
 
 * Use the left navigation bar to browse the documentation.
 * Select the task that interests you from the contents of this Welcome page.
-endif::openshift-rosa,openshift-dedicated,openshift-dpu,microshift[]
-
-ifdef::microshift[]
-To navigate the {product-title} {product-version} documentation, you can use one of the following methods:
-
-* Use the navigation bars and links to browse.
-* Select the task that interests you from the contents of this Welcome page.
-endif::microshift[]
+endif::openshift-rosa,openshift-dedicated,openshift-dpu,openshift-telco[]
 
 ifdef::openshift-dpu[]
 To navigate the {product-title} data processing unit (DPU) documentation, use the left navigation bar.
@@ -43,19 +40,22 @@ To navigate the {product-title} data processing unit (DPU) documentation, use th
 For documentation that is not DPU-specific, see the link:https://docs.openshift.com/container-platform/latest/welcome/index.html[{product-title} documentation].
 endif::[]
 
-ifdef::openshift-dedicated[]
-To navigate the {product-title} documentation, use the left navigation bar.
+ifdef::openshift-telco[]
+[.lead]
+This documentation describes the telco core and telco RAN DU reference design specifications (RDS).
 
-For documentation that is not specific to {product-title}, see the link:https://docs.openshift.com/container-platform/latest/welcome/index.html[OpenShift Container Platform documentation].
+[IMPORTANT]
+====
+This content is shared with Red Hat telco partners only.
+====
+
+For documentation that is not telco-specific, see the link:https://docs.openshift.com/container-platform/latest/welcome/index.html[OpenShift Container Platform documentation].
 endif::[]
 
-ifdef::microshift[]
-Start with xref:../microshift_getting_started/microshift-understanding.adoc#microshift-understanding[Understanding {product-title}] and xref:../microshift_install/microshift-install-rpm.adoc#microshift-install-rpm[Installing].
-Next, view the xref:../microshift_release_notes/microshift-4-14-release-notes.adoc#microshift-4-14-release-notes[release notes].
+ifdef::openshift-dedicated[]
+To navigate the {product-title} documentation, use the left navigation bar.
 
-* For information about Red Hat Device Edge, read the link:https://access.redhat.com/documentation/en-us/red_hat_device_edge/4/html/overview/device-edge-overview[Red Hat Device Edge overview].
-* For information about Red Hat Enterprise Linux for Edge, read the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/composing_installing_and_managing_rhel_for_edge_images/index[RHEL for Edge documentation].
-* For container platform documentation that is not specific to {product-title}, read the link:https://docs.openshift.com/container-platform/latest/welcome/index.html[OpenShift Container Platform documentation].
+For documentation that is not specific to {product-title}, see the link:https://docs.openshift.com/container-platform/latest/welcome/index.html[OpenShift Container Platform documentation].
 endif::[]
 
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
@@ -63,8 +63,7 @@ Start with xref:../architecture/architecture.adoc#architecture-overview-architec
 xref:../security/container_security/security-understanding.adoc#understanding-security[Security and compliance].
 ifdef::openshift-enterprise,openshift-webscale[]
 Next, view the
-xref:../release_notes/ocp-4-14-release-notes.adoc#ocp-4-14-release-notes[release notes].
-endif::[]
+xref:../release_notes/ocp-4-15-release-notes.adoc#ocp-4-15-release-notes[release notes].
 endif::[]
 
 ifdef::openshift-online,openshift-aro[]
@@ -75,43 +74,41 @@ ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 == Cluster installer activities
 Explore the following {product-title} installation tasks:
 
-- **xref:../installing/index.adoc#ocp-installation-overview[{product-title} installation overview]**: You can install {product-title} on installer-provisioned or user-provisioned infrastructure. The {product-title} installation program provides the flexibility to deploy {product-title} on a range of different platforms.
+- **xref:../installing/index.adoc#ocp-installation-overview[{product-title} installation overview]**: Depending on the platform, you can install {product-title} on installer-provisioned or user-provisioned infrastructure. The {product-title} installation program provides the flexibility to deploy {product-title} on a range of different platforms.
 
-- **xref:../installing/installing_alibaba/preparing-to-install-on-alibaba.adoc#preparing-to-install-on-alibaba[Install a cluster on Alibaba]**: You can install {product-title} on Alibaba Cloud on installer-provisioned infrastructure. This is currently a Technology Preview feature only.
+- **xref:../installing/installing_alibaba/preparing-to-install-on-alibaba.adoc#preparing-to-install-on-alibaba[Install a cluster on Alibaba]**: On Alibaba Cloud, you can install {product-title} on installer-provisioned infrastructure. This is currently a Technology Preview feature only.
 
-- **xref:../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Install a cluster on AWS]**: You have many installation options when you deploy a cluster on Amazon Web Services (AWS). You can deploy clusters with xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[default settings] or xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[custom AWS settings].
-You can also deploy a cluster on AWS infrastructure that you provisioned yourself. You can modify the provided xref:../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[AWS CloudFormation templates] to meet your needs.
+- **xref:../installing/installing_aws/preparing-to-install-on-aws.adoc#preparing-to-install-on-aws[Install a cluster on AWS]**: On AWS, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
 
-- **xref:../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[Install a cluster on Azure]**: You can deploy clusters with xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[default settings], xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[custom Azure settings], or xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[custom networking settings] in Microsoft Azure. You can also provision {product-title} into an xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[Azure Virtual Network] or use xref:../installing/installing_azure/installing-azure-user-infra.adoc#installing-azure-user-infra[Azure Resource Manager Templates] to provision your own infrastructure.
+- **xref:../installing/installing_azure/preparing-to-install-on-azure.adoc#preparing-to-install-on-azure[Install a cluster on Azure]**: On Microsoft Azure, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
 
-- **xref:../installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc#preparing-to-install-on-azure-stack-hub[Install a cluster on Azure Stack Hub]**: You can install {product-title} on Azure Stack Hub on installer-provisioned infrastructure.
+- **xref:../installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc#preparing-to-install-on-azure-stack-hub[Install a cluster on Azure Stack Hub]**: On Microsoft Azure Stack Hub, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
 
-- **xref:../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[Install a cluster on GCP]**: You can deploy clusters with xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[default settings] or xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[custom GCP settings] on Google Cloud Platform (GCP). You can also perform a GCP installation where you provision your own infrastructure.
+- **xref:../installing/installing_gcp/preparing-to-install-on-gcp.adoc#preparing-to-install-on-gcp[Install a cluster on GCP]**: On Google Cloud Platform (GCP) you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
 
 ifndef::openshift-origin[]
-- **xref:../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[Install a cluster on IBM Cloud VPC]**: You can install {product-title} on IBM Cloud VPC on installer-provisioned infrastructure.
+- **xref:../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[Install a cluster on {ibm-cloud-name}]**: You can install {product-title} on {ibm-cloud-name} on installer-provisioned infrastructure.
 
-- **xref:../installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc#preparing-to-install-on-ibm-power-vs[Install a cluster on {ibmpowerProductName} Virtual Server]**: You can install {product-title} on {ibmpowerProductName} Virtual Server on installer-provisioned infrastructure.
+- **xref:../installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc#preparing-to-install-on-ibm-power-vs[Install a cluster on {ibm-power-name} Virtual Server]**: You can install {product-title} on {ibm-power-name} Virtual Server on installer-provisioned infrastructure.
 
-- **xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install a cluster on {ibmpowerProductName}]**: You can install {product-title} on {ibmpowerProductName} on user-provisioned infrastructure.
+- **xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install a cluster on {ibm-power-name}]**: You can install {product-title} on {ibm-power-name} on user-provisioned infrastructure.
 endif::openshift-origin[]
 
-- **xref:../installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[Install a cluster on VMware vSphere]**: You can install {product-title} on supported versions of vSphere.
-
 ifndef::openshift-origin[]
-- **xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Install a cluster with z/VM on {ibmzProductName} and {linuxoneProductName}]**: You can install {product-title} with z/VM on {ibmzProductName} and {linuxoneProductName} on user-provisioned infrastructure.
+- **xref:../installing/installing_ibm_z/installing-ibm-z.adoc#installing-ibm-z[Install a cluster with z/VM on {ibm-z-name} and {ibm-linuxone-name}]**: You can install {product-title} with z/VM on {ibm-z-name} and {ibm-linuxone-name} on user-provisioned infrastructure.
 
-- **xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[Install a cluster with RHEL KVM on {ibmzProductName} and {linuxoneProductName}]**: You can install {product-title} with RHEL KVM on {ibmzProductName} and {linuxoneProductName} on user-provisioned infrastructure.
+- **xref:../installing/installing_ibm_z/installing-ibm-z-kvm.adoc#installing-ibm-z-kvm[Install a cluster with RHEL KVM on {ibm-z-name} and {ibm-linuxone-name}]**: You can install {product-title} with RHEL KVM on {ibm-z-name} and {ibm-linuxone-name} on user-provisioned infrastructure.
 endif::openshift-origin[]
 
-- **xref:../installing/installing_bare_metal_ipi/ipi-install-overview.adoc#ipi-install-overview[Install an installer-provisioned cluster on bare metal]**: You can install {product-title} on bare metal with an installer-provisioned architecture.
+- **xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[Install a cluster on VMware vSphere]**: You can install {product-title} on supported versions of vSphere.
+
+- **xref:../installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc#preparing-to-install-on-bare-metal[Install a cluster on bare metal]**: On bare metal, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure. If none of the available platform and cloud provider deployment options meet your needs, consider using the bare metal user-provisioned infrastructure route.
 
-- **xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Install a user-provisioned cluster on bare metal]**: If none of the available platform and cloud provider deployment options meet your needs, you can install {product-title} on user-provisioned, bare-metal infrastructure.
+- **xref:../installing/installing_openstack/preparing-to-install-on-openstack.adoc#preparing-to-install-on-openstack[Install a cluster on {rh-openstack-first}]**: On {rh-openstack}, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
 
-- **Install a cluster on {rh-openstack-first}**: You can install a cluster on
-xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[{rh-openstack} with customizations], with xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[network customizations], or xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[on a restricted network] on installer-provisioned infrastructure.
-+
-You can install a cluster on xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[{rh-openstack} with customizations] or xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[with network customizations] on user-provisioned infrastructure.
+- **Install a cluster on {rh-openstack-first}**: You can install a cluster on {rh-openstack} with customizations or on a restricted network on installer-provisioned infrastructure. For more information, see the following documentation:
+** xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[Installing a cluster on {rh-openstack} with customizations]
+** xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[Installing a cluster on {rh-openstack} in a restricted network]
 
 ////
 You can configure an external load balancer for
@@ -120,20 +117,18 @@ To troubleshoot OpenStack installation issues, you can
 xref:../installing/installing_openstack/installing-openstack-troubleshooting.adoc#installing-openstack-troubleshooting[view instance logs and ssh to an instance].
 ////
 
-- **Install a cluster on {rh-virtualization-first}**: You can deploy clusters on {rh-virtualization-first} with a
-xref:../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[quick install] or an
-xref:../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[install with customizations].
+== Other cluster installer activities
 
 ifndef::openshift-origin[]
-- **Install a cluster in a restricted network**: If your cluster that uses
+- **Install a cluster in a restricted network**: If your cluster uses
 user-provisioned infrastructure on
 xref:../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[AWS],
 xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[GCP],
-xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[vSphere],
-xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[{ibmzProductName} and {linuxoneProductName} with z/VM], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[{ibmzProductName} and {linuxoneProductName} with RHEL KVM], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[{ibmpowerProductName}],
+xref:../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[vSphere],
+xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[{ibm-z-name} and {ibm-linuxone-name} with z/VM], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[{ibm-z-name} and {ibm-linuxone-name} with RHEL KVM], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[{ibm-power-name}],
  or
-xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal]
-does not have full access to the internet, then mirror the {product-title} installation images by using one of the following methods and install a cluster in a restricted network.
+xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal] and the cluster
+does not have full access to the internet, you must mirror the {product-title} installation images. To do this action, use one of the following methods, so that you can install a cluster in a restricted network.
 *** xref:../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[Mirroring images for a disconnected installation]
 *** xref:../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation by using the oc-mirror plug-in]
 
@@ -155,14 +150,14 @@ endif::openshift-origin[]
 xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[AWS] or
 xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[GCP] or an existing
 xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[VNet]
-on Azure, you can install a cluster. You can install a cluster in xref:../installing/installing_gcp/installing-gcp-shared-vpc.adoc#installation-gcp-shared-vpc-prerequisites_installing-gcp-shared-vpc[Installing a cluster on GCP into a shared VPC]
+on Microsoft Azure, you can install a cluster. Also consider xref:../installing/installing_gcp/installing-gcp-shared-vpc.adoc#installation-gcp-shared-vpc-prerequisites_installing-gcp-shared-vpc[Installing a cluster on GCP into a shared VPC]
 
 - **Install a private cluster**: If your cluster does not require external
 internet access, you can install a private cluster on
 xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[AWS],
 xref:../installing/installing_azure/installing-azure-private.adoc#installing-aws-private[Azure],
 xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[GCP], or
-xref:../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[IBM Cloud VPC]. Internet access is still required to access the cloud APIs and installation media.
+xref:../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[{ibm-cloud-name}]. Internet access is still required to access the cloud APIs and installation media.
 
 - **xref:../installing/installing-troubleshooting.adoc#installing-troubleshooting[Check installation logs]**: Access installation logs to evaluate issues that occur during {product-title} installation.
 
@@ -170,36 +165,30 @@ xref:../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud
 
 - **xref:../storage/persistent_storage/persistent-storage-ocs.adoc#red-hat-openshift-data-foundation[Install Red Hat OpenShift Data Foundation]**: You can install {rh-storage-first} as an Operator to provide highly integrated and simplified persistent storage management for containers.
 
-- **xref:../installing/installing_nutanix/preparing-to-install-on-nutanix.adoc#preparing-to-install-nutanix[Install a cluster on Nutanix]**: You can install a cluster on your Nutanix instance that uses installer-provisioned infrastructure. With this type of installation, you can use the installation program to deploy a cluster on infrastructure that the installation program provisions and the cluster maintains.
-
-- **xref:../post_installation_configuration/coreos-layering.adoc#coreos-layering[Red Hat Enterprise Linux CoreOS (RHCOS) image layering]** provides a way for you to add new images on top of the base RHCOS image. This layering does not modify the base RHCOS image. Instead, the layering creates a custom layered image that includes all RHCOS functionality and adds additional functionality to specific nodes in the cluster.
+- **xref:../post_installation_configuration/coreos-layering.adoc#coreos-layering[{op-system-first} image layering]**: As a post-installation task, you can add new images on top of the base {op-system} image. This layering does not modify the base {op-system} image. Instead, the layering creates a custom layered image that includes all {op-system} functions and adds additional functions to specific nodes in the cluster.
 
 endif::[]
 
 ifndef::openshift-rosa,openshift-dedicated,openshift-dpu,microshift[]
 == Developer activities
-Develop and deploy containerized applications with {product-title}. {product-title} is a platform for developing and deploying containerized applications. {product-title} documentation helps you:
+Develop and deploy containerized applications with {product-title}. {product-title} is a platform for developing and deploying containerized applications. Read the following {product-title} documentation, so that you can better understand {product-title} functions:
 
 - **xref:../architecture/understanding-development.adoc#understanding-development[Understand {product-title} development]**: Learn the different types of containerized applications, from simple containers to advanced Kubernetes deployments and Operators.
 
 - **xref:../applications/projects/working-with-projects.adoc#working-with-projects[Work with projects]**: Create projects from the {product-title} web console or OpenShift CLI (`oc`) to organize and share the software you develop.
 
-- **xref:../applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc#odc-creating-applications-using-developer-perspective[Work with applications]**.
+- **xref:../applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc#odc-creating-applications-using-developer-perspective[Creating applications using the Developer perspective]**: Use the *Developer* perspective in the {product-title} web console to easily create and deploy applications.
 
-- **Use the xref:../web_console/web-console-overview.adoc#about-developer-perspective_web-console-overview[*Developer perspective*]** in the {product-title} web console to
-xref:../applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc#odc-creating-applications-using-developer-perspective[create and deploy applications].
+- **xref:../applications/odc-viewing-application-composition-using-topology-view.adoc#odc-viewing-application-topology_viewing-application-composition-using-topology-view[Viewing application composition using the Topology view]**: Use the *Topology* view to visually interact with your applications, monitor status, connect and group components, and modify your code base.
 
-- **Use the xref:../applications/odc-viewing-application-composition-using-topology-view.adoc#odc-viewing-application-composition-using-topology-view[*Topology*] view**
-to see your applications, monitor status, connect and group components, and modify your code base.
+- **xref:../applications/connecting_applications_to_services/understanding-service-binding-operator.adoc#understanding-service-binding-operator[Understanding Service Binding Operator]**: With the Service Binding Operator, an application developer can bind workloads with Operator-managed backing services by automatically collecting and sharing binding data with the workloads. The Service Binding Operator improves the development lifecycle with a consistent and declarative service binding method that prevents discrepancies in cluster environments.
 
-- **xref:../applications/connecting_applications_to_services/understanding-service-binding-operator.adoc#understanding-service-binding-operator[Connect your workloads to backing services]**: With the Service Binding Operator, an application developer can bind workloads with Operator-managed backing services by automatically collecting and sharing binding data with the workloads. The Service Binding Operator improves the development lifecycle with a consistent and declarative service binding method that prevents discrepancies in cluster environments.
-
-- **xref:../cicd/pipelines/understanding-openshift-pipelines.adoc#op-key-features[Create CI/CD Pipelines]**: Pipelines are serverless, cloud-native, continuous integration and continuous deployment systems that run in isolated containers.
+- **link:https://docs.openshift.com/pipelines/latest/create/creating-applications-with-cicd-pipelines.html#creating-applications-with-cicd-pipelines[Create CI/CD Pipelines]**: Pipelines are serverless, cloud-native, continuous integration and continuous deployment systems that run in isolated containers.
 Pipelines use standard Tekton custom resources to automate deployments and are designed for decentralized teams that work on microservice-based architecture.
 
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 
-- **xref:../cicd/gitops/understanding-openshift-gitops.adoc#understanding-openshift-gitops[Manage your infrastructure and application configurations]**: GitOps is a declarative way to implement continuous deployment for cloud native applications. GitOps defines infrastructure and application definitions as code. GitOps uses this code to manage multiple workspaces and clusters to simplify the creation of infrastructure and application configurations. GitOps also handles and automates complex deployments at a fast pace, which saves time during deployment and release cycles.
+- **link:https://docs.openshift.com/gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html#about-redhat-openshift-gitops[Manage your infrastructure and application configurations]**: GitOps is a declarative way to implement continuous deployment for cloud native applications. GitOps defines infrastructure and application definitions as code. GitOps uses this code to manage multiple workspaces and clusters to simplify the creation of infrastructure and application configurations. GitOps also handles and automates complex deployments at a fast pace, which saves time during deployment and release cycles.
 
 - **xref:../applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc#installing-a-helm-chart-on-an-openshift-cluster_configuring-custom-helm-chart-repositories[Deploy Helm charts]**:
 xref:../applications/working_with_helm_charts/understanding-helm.adoc#understanding-helm[Helm] is a software package manager that simplifies deployment of applications and services to {product-title} clusters. Helm uses a packaging format called _charts_. A Helm chart is a collection of files that describes the {product-title} resources.
@@ -218,19 +207,19 @@ xref:../applications/working_with_helm_charts/understanding-helm.adoc#understand
 - **xref:../operators/operator_sdk/osdk-about.adoc#osdk-about[Develop Operators]**: Operators are the preferred method for creating on-cluster applications for {product-title} {product-version}. Learn the workflow for building, testing, and deploying Operators. You can then create your own Operators based on xref:../operators/operator_sdk/ansible/osdk-ansible-support.adoc#osdk-ansible-support[Ansible] or
 xref:../operators/operator_sdk/helm/osdk-helm-support.adoc#osdk-helm-support[Helm], or configure xref:../operators/operator_sdk/osdk-monitoring-prometheus.adoc#osdk-monitoring-prometheus[built-in Prometheus monitoring] by using the Operator SDK.
 
-- **xref:../rest_api/index.adoc#api-index[REST API reference]**: Learn about {product-title} application programming interface endpoints.
+- **Reference the xref:../rest_api/index.adoc#api-index[REST API index]**: Learn about {product-title} application programming interface endpoints.
 endif::[]
 endif::[]
 
 ifdef::openshift-dedicated[]
 == Developer activities
-{product-title} is a platform for developing and deploying containerized applications. As an application developer, you can use this documentation to complete the following tasks:
+{product-title} is a platform for developing and deploying containerized applications. Read the following {product-title} documentation, so that you can better understand {product-title} functions:
 
 - *Understand {product-title} development*: Learn the different types of containerized applications, from simple containers to advanced Kubernetes deployments and Operators.
 
 - *Work with projects*: Create projects from the web console or CLI to organize and share the software you develop.
 
-- *Work with applications*: Use the Developer perspective in the {product-title} web console to easily create and deploy applications. Use the *Topology* view to visually interact with your applications, monitor status, connect and group components, and modify your code base.
+- *Work with applications*: Use the *Developer* perspective in the {product-title} web console to easily create and deploy applications. Use the *Topology* view to visually interact with your applications, monitor status, connect and group components, and modify your code base.
 
 - *Create CI/CD Pipelines*: Pipelines are serverless, cloud-native, continuous integration and continuous deployment systems that run in isolated containers. Pipelines use standard Tekton custom resources to automate deployments and are designed for decentralized teams that work on microservices-based architecture.
 
@@ -248,21 +237,15 @@ endif::[]
 ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
 == Cluster administrator activities
 
-Manage machines, provide services to users, and follow monitoring and logging reports. This documentation helps you:
+Manage machines, provide services to users, and follow monitoring and logging reports. Read the following {product-title} documentation, so that you can better understand {product-title} functions:
 
-- **xref:../architecture/architecture.adoc#architecture-overview-architecture[Understand {product-title} management]**: Learn about components
-of the {product-title} {product-version} control plane. See how {product-title} control plane and worker nodes are managed and updated through the xref:../machine_management/creating_machinesets/creating-machineset-aws.adoc#machine-api-overview_creating-machineset-aws[Machine API] and xref:../architecture/control-plane.adoc#operators-overview_control-plane[Operators].
+- **xref:../architecture/architecture.adoc#architecture-overview-architecture[Understand {product-title} management]**: Learn about components of the {product-title} {product-version} control plane. See how {product-title} control plane and compute nodes are managed and updated through the xref:../machine_management/index.adoc#machine-api-overview_overview-of-machine-management[Machine API] and xref:../architecture/control-plane.adoc#operators-overview_control-plane[Operators].
 
-- **Enable cluster capabilities that were disabled prior to installation** Cluster administrators can enable cluster capabilities that were disabled prior to installation. For more information, see xref:../post_installation_configuration/enabling-cluster-capabilities.adoc#enabling-cluster-capabilities[Enabling cluster capabilities].
+- **xref:../post_installation_configuration/enabling-cluster-capabilities.adoc#enabling-cluster-capabilities[Enable cluster capabilities]**: As a cluster administrator, you can enable cluster capabilities that were disabled prior to installation.
 
 === Manage cluster components
 
-- **Manage machines**: Manage machines in your cluster on
-xref:../machine_management/creating_machinesets/creating-machineset-aws.adoc#creating-machineset-aws[AWS],
-xref:../machine_management/creating_machinesets/creating-machineset-azure.adoc#creating-machineset-azure[Azure],
-or
-xref:../machine_management/creating_machinesets/creating-machineset-gcp.adoc#creating-machineset-gcp[GCP]
-by xref:../machine_management/deploying-machine-health-checks.adoc#deploying-machine-health-checks[deploying health checks] and xref:../machine_management/applying-autoscaling.adoc#applying-autoscaling[applying autoscaling to machines].
+- **Manage machines**: Manage xref:../machine_management/index.adoc#machine-mgmt-intro-managing-compute_overview-of-machine-management[compute] and xref:../machine_management/index.adoc#machine-mgmt-intro-managing-control-plane_overview-of-machine-management[control plane] machines in your cluster with machine sets, by xref:../machine_management/deploying-machine-health-checks.adoc#deploying-machine-health-checks[deploying health checks], and xref:../machine_management/applying-autoscaling.adoc#applying-autoscaling[applying autoscaling].
 
 - **xref:../registry/index.adoc#registry-overview[Manage container registries]**: Each {product-title} cluster includes a built-in container registry for storing its images. You can also configure a separate link:https://access.redhat.com/documentation/en-us/red_hat_quay/[Red Hat Quay] registry to use with {product-title}. The link:https://quay.io[Quay.io] website provides a public container registry that stores {product-title} containers and Operators.
 
@@ -286,7 +269,7 @@ You can xref:../storage/expanding-persistent-volumes.adoc#expanding-persistent-v
 
 - **xref:../operators/understanding/olm-understanding-operatorhub.adoc#olm-understanding-operatorhub[Manage Operators]**: Lists of Red Hat, ISV, and community Operators can be reviewed by cluster administrators and xref:../operators/admin/olm-adding-operators-to-cluster.adoc#olm-adding-operators-to-a-cluster[installed on their clusters]. After you install them, you can xref:../operators/user/olm-creating-apps-from-installed-operators.adoc#olm-creating-apps-from-installed-operators[run], xref:../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[upgrade], back up, or otherwise manage the Operator on your cluster.
 
-- **xref:../windows_containers/understanding-windows-container-workloads.html#understanding-windows-container-workloads_understanding-windows-container-workloads[Understanding Windows container workloads]**. You can use the {productwinc} feature to run Windows compute nodes in an {product-title} cluster. This is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes.
+- **xref:../windows_containers/understanding-windows-container-workloads.adoc#understanding-windows-container-workloads_understanding-windows-container-workloads[Understanding Windows container workloads]**. You can use the {productwinc} feature to run Windows compute nodes in an {product-title} cluster. This is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes.
 
 === Change cluster components
 
@@ -301,11 +284,11 @@ endif::[]
 - **xref:../scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc#scaling-cluster-monitoring-operator[Scale] and xref:../scalability_and_performance/using-node-tuning-operator.adoc#using-node-tuning-operator[tune] clusters**: Set cluster limits, tune nodes, scale cluster monitoring, and optimize networking, storage, and routes for your environment.
 
 - **Update a cluster**:
-Use the Cluster Version Operator (CVO) to upgrade your {product-title} cluster. If an update is available from the OpenShift Update Service (OSUS), you apply that cluster update from either the {product-title} xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[web console] or the xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[OpenShift CLI] (`oc`).
+Use the Cluster Version Operator (CVO) to upgrade your {product-title} cluster. If an update is available from the OpenShift Update Service (OSUS), you apply that cluster update from the {product-title} xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[web console] or the xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[OpenShift CLI] (`oc`).
 
 - **xref:../updating/updating_a_cluster/updating_disconnected_cluster/disconnected-update-osus.adoc#update-service-overview_updating-restricted-network-cluster-osus[Using the OpenShift Update Service in a disconnected environment]**: Learn about installing and managing a local OpenShift Update Service for recommending {product-title} updates in disconnected environments.
 
-- **xref:../nodes/clusters/nodes-cluster-worker-latency-profiles.adoc#nodes-cluster-worker-latency-profiles[Improving cluster stability in high latency environments by using worker latency profiles]**: If your network has latency issues, you can use one of three _worker latency profiles_ to help ensure that your control plane does not accidentally evict pods in case it cannot reach a worker node. You can configure or modify the profile at any time during the life of the cluster.
+- **xref:../nodes/clusters/nodes-cluster-worker-latency-profiles.adoc#nodes-cluster-worker-latency-profiles[Improving cluster stability in high latency environments by using worker latency profiles]**: If your network has latency issues, you can use one of three worker latency profiles to help ensure that your control plane does not accidentally evict pods in case it cannot reach a worker node. You can configure or modify the profile at any time during the life of the cluster.
 
 === Monitor the cluster
 
@@ -328,5 +311,22 @@ While cluster maintenance and host configuration is performed by the Red Hat Sit
 - *Monitor clusters*: Learn to use the Web UI to access monitoring dashboards.
 - *Manage nodes*: Learn to manage nodes, including configuring machine pools and autoscaling.
 endif::[]
+endif::openshift-enterprise,openshift-webscale,openshift-origin[]
 
 endif::openshift-rosa[]
+
+ifdef::openshift-enterprise[]
+== Hosted control plane activities
+
+* **Support for bare metal and {VirtProductName}**: Hosted control planes for {product-title} is now Generally Available on bare metal and {VirtProductName} platforms. For more information, see the following documentation:
+
+** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-configure-bm[Configuring hosted control plane clusters on bare metal]
+** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosted-control-planes-manage-kubevirt[Managing hosted control plane clusters on OpenShift Virtualization]
+
+* **Technology Preview features**: Hosted control planes remains available as a Technology Preview feature on the Amazon Web Services platform, and is now available as a Technology Preview feature on the {ibmzProductName} platform. For more information, see the following documentation:
+
+** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[Configuring the hosting cluster on AWS (Technology Preview)]
+** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-ibmz[Configuring the hosted cluster on 64-bit x86 bare metal for IBM Z compute nodes (Technology Preview)]
+
+* **link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/clusters/cluster_mce_overview#enable-or-disable-hosted-control-planes[Enabling or disabling the hosted control planes feature]**: The hosted control planes feature is now enabled by default.
+endif::openshift-enterprise[]
diff --git a/welcome/learn_more_about_openshift.adoc b/welcome/learn_more_about_openshift.adoc
index 60e12fa9e48c..1dae8ef0d94e 100644
--- a/welcome/learn_more_about_openshift.adoc
+++ b/welcome/learn_more_about_openshift.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="learn_more_about_openshift"]
 = Learn more about {product-title}
 include::_attributes/common-attributes.adoc[]
diff --git a/welcome/legal-notice.adoc b/welcome/legal-notice.adoc
index e7f80f31227c..efee3af4afc7 100644
--- a/welcome/legal-notice.adoc
+++ b/welcome/legal-notice.adoc
@@ -1,11 +1,11 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="legal-notice"]
 = Legal notice
 include::_attributes/common-attributes.adoc[]
 :context: legal-notice
 
 [.lead]
-Copyright © 2023 Red Hat, Inc.
+Copyright © 2024 Red Hat, Inc.
 
 OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).
 
diff --git a/welcome/oke_about.adoc b/welcome/oke_about.adoc
index e86f653fff7c..94f0e7f5827a 100644
--- a/welcome/oke_about.adoc
+++ b/welcome/oke_about.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 :oke: OpenShift Kubernetes Engine
 [id="oke-about"]
 = About {oke}
@@ -8,6 +8,7 @@ include::_attributes/common-attributes.adoc[]
 As of 27 April 2020, Red Hat has decided to rename Red Hat OpenShift Container Engine to Red Hat {oke}
 to better communicate what value the product offering delivers.
 
+
 image::oke-about-ocp-stack-image.png[Red Hat {oke}]
 
 Red Hat {oke} is a product offering from Red Hat that lets
@@ -61,12 +62,12 @@ and {product-title} in the following table:
 | Yes
 | Yes
 
-2+h|Metering and Cost Management SaaS Service
-|
+2+h|Cost Management SaaS Service
+| Yes
 | Yes
 
 2+h|Platform Logging
-| Yes
+|
 | Yes
 
 2+h|Developer Web Console
@@ -97,7 +98,7 @@ and {product-title} in the following table:
 |
 | Yes
 
-2+h|Embedded Component of IBM Cloud Pak and RHT MW Bundles
+2+h|Embedded Component of {ibm-cloud-name} Pak and RHT MW Bundles
 |
 | Yes
 
@@ -189,13 +190,12 @@ for this support.
 the kubevirt.io open source project.
 
 === Advanced cluster management
-{oke} is compatible with your additional purchase of {rh-rhacm-first} for Kubernetes. An {oke} subscription does not offer a cluster-wide log
-aggregation solution or support Elasticsearch, Fluentd, or Kibana based logging solutions.
-Similarly, the chargeback features found in {product-title} or the console.redhat.com
-Cost Management SaaS service are not supported with {oke}. Red Hat Service Mesh
-capabilities derived from the open source istio.io and kiali.io projects that
-offer OpenTracing observability for containerized services on {product-title} are
-not supported in {oke}.
+{oke} is compatible with your additional purchase of {rh-rhacm-first} for
+Kubernetes. An {oke} subscription does not offer a cluster-wide log aggregation
+solution or support Elasticsearch, Fluentd, or Kibana-based logging solutions.
+{SMProductName} capabilities derived from the open-source istio.io and kiali.io
+projects that offer OpenTracing observability for containerized services on
+{product-title} are not supported in {oke}.
 
 === Advanced networking
 The standard networking solutions in {product-title} are supported with an
@@ -254,7 +254,7 @@ The following table is a summary of the feature availability in {oke} and {produ
 | File Integrity Operator | Included | Included | File Integrity Operator
 | Gatekeeper Operator | Not Included - Requires separate subscription | Not Included - Requires separate subscription | Gatekeeper Operator
 | Klusterlet | Not Included - Requires separate subscription | Not Included - Requires separate subscription | N/A
-| Kube Descheduler Operator provided by Red Hat | Included | Included | Kube Descheduler Operator
+| {descheduler-operator} provided by Red Hat | Included | Included | {descheduler-operator}
 | Local Storage provided by Red Hat | Included | Included | Local Storage Operator
 | Node Feature Discovery provided by Red Hat | Included | Included | Node Feature Discovery Operator
 | Performance Profile controller | Included | Included | N/A
@@ -264,14 +264,13 @@ The following table is a summary of the feature availability in {oke} and {produ
 | Vertical Pod Autoscaler | Included | Included | Vertical Pod Autoscaler
 | Cluster Monitoring (Prometheus) | Included | Included | Cluster Monitoring
 | Device Manager (for example, GPU) | Included | Included | N/A
-| Log Forwarding (with fluentd) | Included | Included | Red Hat OpenShift Logging Operator (for log forwarding with fluentd)
+| Log Forwarding | Included | Included | Red Hat OpenShift Logging Operator
 | Telemeter and Insights Connected Experience | Included | Included | N/A
 s| Feature s| {oke} s| {product-title} s| Operator name
 | OpenShift Cloud Manager SaaS Service | Included | Included | N/A
 | OVS and OVN SDN | Included | Included | N/A
 | MetalLB | Included | Included | MetalLB Operator
 | HAProxy Ingress Controller | Included | Included | N/A
-| {rh-openstack-first} Kuryr Integration | Included | Included | N/A
 | Ingress Cluster-wide Firewall | Included | Included | N/A
 | Egress Pod and Namespace Granular Control | Included | Included | N/A
 | Ingress Non-Standard Ports | Included | Included | N/A
@@ -280,7 +279,7 @@ s| Feature s| {oke} s| {product-title} s| Operator name
 | IPv6 Single and Dual Stack | Included | Included | N/A
 | CNI Plugin ISV Compatibility | Included | Included | N/A
 | CSI Plugin ISV Compatibility | Included | Included | N/A
-| RHT and IBM middleware à la carte purchases (not included in {product-title} or {oke}) | Included | Included | N/A
+| RHT and {ibm-name} middleware à la carte purchases (not included in {product-title} or {oke}) | Included | Included | N/A
 | ISV or Partner Operator and Container Compatibility (not included in {product-title} or {oke}) | Included | Included | N/A
 | Embedded OperatorHub | Included | Included | N/A
 | Embedded Marketplace | Included | Included | N/A
@@ -289,7 +288,7 @@ s| Feature s| {oke} s| {product-title} s| Operator name
 | Embedded Registry | Included | Included | N/A
 | Helm | Included | Included | N/A
 | User Workload Monitoring | Not Included | Included | N/A
-| Metering and Cost Management SaaS Service | Not Included | Included | N/A
+| Cost Management SaaS Service | Included | Included | Cost Management Metrics Operator
 | Platform Logging | Not Included | Included | Red Hat OpenShift Logging Operator
 | OpenShift Elasticsearch Operator provided by Red Hat | Not Included | Cannot be run standalone | N/A
 | Developer Web Console | Not Included | Included | N/A
@@ -301,7 +300,7 @@ s| Feature s| {oke} s| {product-title} s| Operator name
 | Red Hat OpenShift Serverless | Not Included | Included | OpenShift Serverless Operator
 | Web Terminal provided by Red Hat | Not Included | Included | Web Terminal Operator
 | Red Hat OpenShift Pipelines Operator | Not Included | Included | OpenShift Pipelines Operator
-| Embedded Component of IBM Cloud Pak and RHT MW Bundles | Not Included | Included | N/A
+| Embedded Component of {ibm-cloud-name} Pak and RHT MW Bundles | Not Included | Included | N/A
 | Red Hat OpenShift GitOps | Not Included | Included | OpenShift GitOps
 | {openshift-dev-spaces-productname} | Not Included | Included | {openshift-dev-spaces-productname}
 | {openshift-local-productname} | Not Included | Included | N/A
@@ -312,11 +311,11 @@ s| Feature s| {oke} s| {product-title} s| Operator name
 | Metering provided by Red Hat (deprecated) | Not Included | Included | N/A
 | Migration Toolkit for Containers Operator | Not Included | Included | Migration Toolkit for Containers Operator
 | Cost management for OpenShift | Not included | Included | N/A
-| Red Hat JBoss Web Server | Not included | Included | JWS Operator
+| JBoss Web Server provided by Red Hat | Not included | Included | JWS Operator
 | Red Hat Build of Quarkus | Not included | Included | N/A
 | Kourier Ingress Controller | Not included | Included | N/A
 | RHT Middleware Bundles Sub Compatibility (not included in {product-title}) | Not included | Included | N/A
-| IBM Cloud Pak Sub Compatibility (not included in {product-title}) | Not included | Included | N/A
+| {ibm-cloud-name}  Pak Sub Compatibility (not included in {product-title}) | Not included | Included | N/A
 | OpenShift Do (`odo`) | Not included | Included | N/A
 | Source to Image and Tekton Builders | Not included | Included | N/A
 | OpenShift Serverless FaaS | Not included | Included | N/A
@@ -345,7 +344,6 @@ s| Feature s| {oke} s| {product-title} s| Operator name
 | Red Hat Integration - Service Registry Operator | Not Included - Requires separate subscription | Not Included - Requires separate subscription | Service Registry
 | API Designer provided by Red Hat | Not Included - Requires separate subscription | Not Included - Requires separate subscription | API Designer
 | JBoss EAP provided by Red Hat | Not Included - Requires separate subscription | Not Included - Requires separate subscription | JBoss EAP
-| JBoss Web Server provided by Red Hat | Not Included - Requires separate subscription | Not Included - Requires separate subscription | JBoss Web Server
 | Smart Gateway Operator | Not Included - Requires separate subscription | Not Included - Requires separate subscription | Smart Gateway Operator
 | Kubernetes NMState Operator | Included | Included | N/A
 |===
diff --git a/whats_new/deprecated-features.adoc b/whats_new/deprecated-features.adoc
index 547ab9c9898f..b318df45b991 100644
--- a/whats_new/deprecated-features.adoc
+++ b/whats_new/deprecated-features.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="deprecated-features"]
 = Deprecated features
 include::_attributes/common-attributes.adoc[]
diff --git a/whats_new/new-features.adoc b/whats_new/new-features.adoc
index 7c5405c20cce..71cac7e3e404 100644
--- a/whats_new/new-features.adoc
+++ b/whats_new/new-features.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="new-features"]
 = New features and enhancements
 include::_attributes/common-attributes.adoc[]
diff --git a/windows_containers/byoh-windows-instance.adoc b/windows_containers/byoh-windows-instance.adoc
index 282d55a22fdb..893bef92a833 100644
--- a/windows_containers/byoh-windows-instance.adoc
+++ b/windows_containers/byoh-windows-instance.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="byoh-windows-instance"]
 = Using Bring-Your-Own-Host (BYOH) Windows instances as nodes
 include::_attributes/common-attributes.adoc[]
diff --git a/windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc b/windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc
index 00cbdd94242d..aeb171c70506 100644
--- a/windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc
+++ b/windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-windows-machineset-aws"]
 = Creating a Windows machine set on AWS
 include::_attributes/common-attributes.adoc[]
@@ -14,12 +14,27 @@ You can create a Windows `MachineSet` object to serve a specific purpose in your
 * You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
 * You are using a supported Windows Server as the operating system image.
 +
-Use the following `aws` command to query valid AMI images:
+Use one of the following `aws` commands, as appropriate for your Windows Server release, to query valid AMI images:
++
+.Example Windows Server 2022 command
++
+[source,terminal]
+----
+$ aws ec2 describe-images --region <aws_region_name> --filters "Name=name,Values=Windows_Server-2022*English*Core*Base*" "Name=is-public,Values=true" --query "reverse(sort_by(Images, &CreationDate))[*].{name: Name, id: ImageId}" --output table
+----
++
+.Example Windows Server 2019 command
 +
 [source,terminal]
 ----
-$ aws ec2 describe-images --region <aws region name> --filters "Name=name,Values=Windows_Server-2019*English*Full*Containers*" "Name=is-public,Values=true" --query "reverse(sort_by(Images, &CreationDate))[*].{name: Name, id: ImageId}" --output table
+$ aws ec2 describe-images --region <aws_region_name> --filters "Name=name,Values=Windows_Server-2019*English*Core*Base*" "Name=is-public,Values=true" --query "reverse(sort_by(Images, &CreationDate))[*].{name: Name, id: ImageId}" --output table
 ----
++
+--
+where:
+
+<aws_region_name>:: Specifies the name of your AWS region.
+--
 
 include::modules/machine-api-overview.adoc[leveloffset=+1]
 include::modules/windows-machineset-aws.adoc[leveloffset=+1]
diff --git a/windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc b/windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc
index 3df4e14ca9d5..5d3703e6c5e8 100644
--- a/windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc
+++ b/windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-windows-machineset-azure"]
 = Creating a Windows machine set on Azure
 include::_attributes/common-attributes.adoc[]
@@ -12,7 +12,7 @@ You can create a Windows `MachineSet` object to serve a specific purpose in your
 == Prerequisites
 
 * You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
-* You are using a supported Windows Server as the operating system image. 
+* You are using a supported Windows Server as the operating system image.
 
 include::modules/machine-api-overview.adoc[leveloffset=+1]
 include::modules/windows-machineset-azure.adoc[leveloffset=+1]
diff --git a/windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc b/windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc
index d3f2e97b1c70..2e34751c39fd 100644
--- a/windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc
+++ b/windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-windows-machineset-gcp"]
 = Creating a Windows machine set on GCP
 include::_attributes/common-attributes.adoc[]
@@ -12,7 +12,7 @@ You can create a Windows `MachineSet` object to serve a specific purpose in your
 == Prerequisites
 
 * You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
-* You are using a supported Windows Server as the operating system image. 
+* You are using a supported Windows Server as the operating system image.
 
 include::modules/machine-api-overview.adoc[leveloffset=+1]
 include::modules/windows-machineset-gcp.adoc[leveloffset=+1]
diff --git a/windows_containers/creating_windows_machinesets/creating-windows-machineset-nutanix.adoc b/windows_containers/creating_windows_machinesets/creating-windows-machineset-nutanix.adoc
new file mode 100644
index 000000000000..f066e0419ad4
--- /dev/null
+++ b/windows_containers/creating_windows_machinesets/creating-windows-machineset-nutanix.adoc
@@ -0,0 +1,24 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="creating-windows-machineset-nutanix"]
+= Creating a Windows MachineSet object on Nutanix
+include::_attributes/common-attributes.adoc[]
+:context: creating-windows-machineset-nutanix
+
+toc::[]
+
+You can create a Windows `MachineSet` object to serve a specific purpose in your {product-title} cluster on Nutanix. For example, you might create infrastructure Windows machine sets and related machines so that you can move supporting Windows workloads to the new Windows machines.
+
+[discrete]
+== Prerequisites
+
+* You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You are using a supported Windows Server as the operating system image.
+
+include::modules/machine-api-overview.adoc[leveloffset=+1]
+include::modules/windows-machineset-nutanix.adoc[leveloffset=+1]
+include::modules/machineset-creating.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../machine_management/index.adoc#overview-of-machine-management[Overview of machine management].
diff --git a/windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc b/windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
index 42d268157711..d0b0b6ce2305 100644
--- a/windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
+++ b/windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="creating-windows-machineset-vsphere"]
 = Creating a Windows machine set on vSphere
 include::_attributes/common-attributes.adoc[]
@@ -12,7 +12,7 @@ You can create a Windows `MachineSet` object to serve a specific purpose in your
 == Prerequisites
 
 * You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
-* You are using a supported Windows Server as the operating system image. 
+* You are using a supported Windows Server as the operating system image.
 
 include::modules/machine-api-overview.adoc[leveloffset=+1]
 
@@ -28,7 +28,7 @@ include::modules/creating-the-vsphere-windows-vm-golden-image.adoc[leveloffset=+
 ==== Additional resources
 
 * xref:../../windows_containers/enabling-windows-container-workloads.adoc#configuring-secret-for-wmco_enabling-windows-container-workloads[Configuring a secret for the Windows Machine Config Operator]
-* xref:../../installing/installing_vsphere/preparing-to-install-on-vsphere.adoc#installation-vsphere-infrastructure_preparing-to-install-on-vsphere[VMware vSphere infrastructure requirements]
+* xref:../../installing/installing_vsphere/ipi/ipi-vsphere-installation-reqs.adoc#installation-vsphere-infrastructure_ipi-vsphere-installation-reqs[VMware vSphere infrastructure requirements]
 
 include::modules/enabling-internal-api-server-vsphere.adoc[leveloffset=+2]
 
diff --git a/windows_containers/disabling-windows-container-workloads.adoc b/windows_containers/disabling-windows-container-workloads.adoc
index 20ab0353e3f3..d1b3aeb4e19b 100644
--- a/windows_containers/disabling-windows-container-workloads.adoc
+++ b/windows_containers/disabling-windows-container-workloads.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="disabling-windows-container-workloads"]
 = Disabling Windows container workloads
 include::_attributes/common-attributes.adoc[]
diff --git a/windows_containers/enabling-windows-container-workloads.adoc b/windows_containers/enabling-windows-container-workloads.adoc
index 28aefd283afe..fa73dcc7420b 100644
--- a/windows_containers/enabling-windows-container-workloads.adoc
+++ b/windows_containers/enabling-windows-container-workloads.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="enabling-windows-container-workloads"]
 = Enabling Windows container workloads
 include::_attributes/common-attributes.adoc[]
@@ -28,7 +28,7 @@ Dual NIC is not supported on WMCO-managed Windows instances.
 
 [NOTE]
 ====
-Windows instances deployed by the WMCO are configured with the containerd container runtime. Because WMCO installs and manages the runtime, it is recommanded that you do not manually install containerd on nodes. 
+Windows instances deployed by the WMCO are configured with the containerd container runtime. Because WMCO installs and manages the runtime, it is recommanded that you do not manually install containerd on nodes.
 ====
 
 [role="_additional-resources"]
@@ -40,11 +40,6 @@ Windows instances deployed by the WMCO are configured with the containerd contai
 
 You can install the Windows Machine Config Operator using either the web console or OpenShift CLI (`oc`).
 
-[NOTE]
-====
-The WMCO is not supported in clusters that use a xref:../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[cluster-wide proxy] because the WMCO is not able to route traffic through the proxy connection for the workloads. 
-====
-
 include::modules/installing-wmco-using-web-console.adoc[leveloffset=+2]
 
 include::modules/installing-wmco-using-cli.adoc[leveloffset=+2]
diff --git a/windows_containers/index.adoc b/windows_containers/index.adoc
index b30b2d544aee..440fb4c86f12 100644
--- a/windows_containers/index.adoc
+++ b/windows_containers/index.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 include::_attributes/common-attributes.adoc[]
 [id="windows-container-overview"]
 = {productwinc} overview
@@ -6,13 +6,13 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-{productwinc} is a feature providing the ability to run Windows compute nodes in an {product-title} cluster. This is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With a Red Hat subscription, you can get support for running Windows workloads in {product-title}. Windows instances deployed by the WMCO are configured with the containerd container runtime. For more information, see the xref:../windows_containers/windows-containers-release-notes-6-x.adoc#windows-containers-release-notes-6-x[release notes]. 
+{productwinc} is a feature providing the ability to run Windows compute nodes in an {product-title} cluster. This is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With a Red Hat subscription, you can get support for running Windows workloads in {product-title}. Windows instances deployed by the WMCO are configured with the containerd container runtime. For more information, see the xref:../windows_containers/windows-containers-release-notes-6-x.adoc#windows-containers-release-notes-6-x[release notes].
 
 You can add Windows nodes either by creating a xref:../windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc#creating-windows-machineset-aws[compute machine set] or by specifying existing Bring-Your-Own-Host (BYOH) Window instances through a xref:../windows_containers/byoh-windows-instance.adoc#byoh-windows-instance[configuration map].
 
 [NOTE]
 ====
-Compute machine sets are not supported for bare metal or provider agnostic clusters. 
+Compute machine sets are not supported for bare metal or provider agnostic clusters.
 ====
 
 For workloads including both Linux and Windows, {product-title} allows you to deploy Windows workloads running on Windows Server containers while also providing traditional Linux workloads hosted on {op-system-first} or {op-system-base-full}. For more information, see xref:../windows_containers/understanding-windows-container-workloads.adoc#understanding-windows-container-workloads[getting started with Windows container workloads].
diff --git a/windows_containers/removing-windows-nodes.adoc b/windows_containers/removing-windows-nodes.adoc
index 78615f0b9f8c..f6997984de44 100644
--- a/windows_containers/removing-windows-nodes.adoc
+++ b/windows_containers/removing-windows-nodes.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="removing-windows-nodes"]
 = Removing Windows nodes
 include::_attributes/common-attributes.adoc[]
@@ -6,6 +6,6 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can remove a Windows node by deleting its host Windows machine. 
+You can remove a Windows node by deleting its host Windows machine.
 
 include::modules/machine-delete.adoc[leveloffset=+1]
diff --git a/windows_containers/scheduling-windows-workloads.adoc b/windows_containers/scheduling-windows-workloads.adoc
index 4eb9624b3a17..3a4e9ee5a7a0 100644
--- a/windows_containers/scheduling-windows-workloads.adoc
+++ b/windows_containers/scheduling-windows-workloads.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="scheduling-windows-workloads"]
 = Scheduling Windows container workloads
 include::_attributes/common-attributes.adoc[]
@@ -8,16 +8,11 @@ toc::[]
 
 You can schedule Windows workloads to Windows compute nodes.
 
-[NOTE]
-====
-The WMCO is not supported in clusters that use a xref:../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[cluster-wide proxy] because the WMCO is not able to route traffic through the proxy connection for the workloads. 
-====
-
 [discrete]
 == Prerequisites
 
 * You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
-* You are using a Windows container as the OS image. 
+* You are using a Windows container as the OS image.
 * You have created a Windows compute machine set.
 
 include::modules/windows-pod-placement.adoc[leveloffset=+1]
diff --git a/windows_containers/understanding-windows-container-workloads.adoc b/windows_containers/understanding-windows-container-workloads.adoc
index 25159c80c362..2889dfc95ce8 100644
--- a/windows_containers/understanding-windows-container-workloads.adoc
+++ b/windows_containers/understanding-windows-container-workloads.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="understanding-windows-container-workloads"]
 = Understanding Windows container workloads
 include::_attributes/common-attributes.adoc[]
diff --git a/windows_containers/windows-containers-release-notes-6-x.adoc b/windows_containers/windows-containers-release-notes-6-x.adoc
index c21799145949..4585e0696f95 100644
--- a/windows_containers/windows-containers-release-notes-6-x.adoc
+++ b/windows_containers/windows-containers-release-notes-6-x.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="windows-containers-release-notes-6-x"]
 = {productwinc} release notes
 include::_attributes/common-attributes.adoc[]
@@ -47,7 +47,7 @@ With this release, the WMCO updates the Windows node certificates when the kubel
 
 Because the Docker runtime is deprecated in Kubernetes 1.24, containerD is now the default runtime for WMCO-supported Windows nodes. Upon the installation of or an upgrade to WMCO 6.0.0, containerd is installed as a Windows service. The kubelet now uses containerd for image pulls instead of the Docker runtime. Users no longer need to enable the Docker-formatted container runtime or install the Docker container runtime on Bring-Your-Own-Host (BYOH) instances. You can continue to use nodes based on VM images that use Docker. containerd can run along with the Docker service.
 
-The WMCO supports a Windows golden image with or without Docker for vSphere and Bring-Your-Own-Host (BYOH) Windows instances. 
+The WMCO supports a Windows golden image with or without Docker for vSphere and Bring-Your-Own-Host (BYOH) Windows instances.
 
 include::modules/wmco-prerequisites.adoc[leveloffset=+1]
 
diff --git a/windows_containers/windows-node-upgrades.adoc b/windows_containers/windows-node-upgrades.adoc
index 85a271a1a6ff..9dedf9241029 100644
--- a/windows_containers/windows-node-upgrades.adoc
+++ b/windows_containers/windows-node-upgrades.adoc
@@ -1,4 +1,4 @@
-:_content-type: ASSEMBLY
+:_mod-docs-content-type: ASSEMBLY
 [id="windows-node-upgrades"]
 = Windows node upgrades
 include::_attributes/common-attributes.adoc[]